}
/*
- * 2s complement negate, part 1
+ * 2's complement negate, part 1
*
* BN_bn2nativepad puts the absolute value of the number in the
* buffer, i.e. if it's negative, we need to deal with it. We do
}
buf_bits = (size_t)BN_num_bits(*tmpbn);
+
+ /*
+ * Compensate for cases where the most significant bit in
+ * the resulting OSSL_PARAM buffer will be set after the
+ * BN_bn2nativepad() call, as the implied sign may not be
+ * correct after the second part of the 2's complement
+ * negation has been performed.
+ * We fix these cases by extending the buffer by one byte
+ * (8 bits), which will give some padding. The second part
+ * of the 2's complement negation will do the rest.
+ */
+ if (p->data_type == OSSL_PARAM_INTEGER && buf_bits % 8 == 0)
+ buf_bits += 8;
+
*buf_n = (buf_bits + 7) / 8;
/*
* range checking if a size is specified.
*/
if (p->data_size > 0) {
- if (buf_bits > p->data_size * 8
- || (p->data_type == OSSL_PARAM_INTEGER
- && buf_bits == p->data_size * 8)) {
+ if (buf_bits > p->data_size * 8) {
ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_SMALL_BUFFER);
/* Since this is a different error, we don't break */
return 0;
BN_bn2nativepad(tmpbn, buf, buf_n);
/*
- * 2s complement negate, part two.
+ * 2's complement negation, part two.
*
* Because we did the first part on the BIGNUM itself, we can just
* invert all the bytes here and be done with it.