Fix for CVE-2014-0076

[openssl.git] / crypto / bn / bn.h

diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h
index 65202ae9f2d6436f028c583b5245411c780b07cf..2cb23c175dfbaf82bb300a14cbc10137a480b6a8 100644 (file)
--- a/crypto/bn/bn.h
+++ b/crypto/bn/bn.h
@@ -129,8 +129,8 @@
 #ifndef OPENSSL_NO_FP_API
 #include <stdio.h> /* FILE */
 #endif
-#include <openssl/crypto.h>
 #include <openssl/ossl_typ.h>
+#include <openssl/crypto.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -253,6 +253,24 @@ extern "C" {
 #define BN_HEX_FMT2    "%08X"
 #endif
 
+/* 2011-02-22 SMS.
+ * In various places, a size_t variable or a type cast to size_t was
+ * used to perform integer-only operations on pointers.  This failed on
+ * VMS with 64-bit pointers (CC /POINTER_SIZE = 64) because size_t is
+ * still only 32 bits.  What's needed in these cases is an integer type
+ * with the same size as a pointer, which size_t is not certain to be. 
+ * The only fix here is VMS-specific.
+ */
+#if defined(OPENSSL_SYS_VMS)
+# if __INITIAL_POINTER_SIZE == 64
+#  define PTR_SIZE_INT long long
+# else /* __INITIAL_POINTER_SIZE == 64 */
+#  define PTR_SIZE_INT int
+# endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+#else /* defined(OPENSSL_SYS_VMS) */
+# define PTR_SIZE_INT size_t
+#endif /* defined(OPENSSL_SYS_VMS) [else] */
+
 #define BN_DEFAULT_BITS        1280
 
 #define BN_FLG_MALLOCED                0x01
@@ -416,8 +434,8 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx);
 void   BN_CTX_end(BN_CTX *ctx);
 int     BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
 int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
-int    BN_rand_range(BIGNUM *rnd, BIGNUM *range);
-int    BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
+int    BN_rand_range(BIGNUM *rnd, const BIGNUM *range);
+int    BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range);
 int    BN_num_bits(const BIGNUM *a);
 int    BN_num_bits_word(BN_ULONG);
 BIGNUM *BN_new(void);
@@ -520,6 +538,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret,
 BIGNUM *BN_mod_sqrt(BIGNUM *ret,
        const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
 
+void   BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
+
 /* Deprecated versions */
 #ifndef OPENSSL_NO_DEPRECATED
 BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
@@ -569,8 +589,7 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *);
 unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
 void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
 #endif
-void BN_BLINDING_set_thread(BN_BLINDING *);
-int BN_BLINDING_cmp_thread(const BN_BLINDING *, const CRYPTO_THREADID *);
+CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *);
 unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
 void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
 BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
@@ -742,21 +761,32 @@ int RAND_pseudo_bytes(unsigned char *buf,int num);
 
 #define bn_fix_top(a)          bn_check_top(a)
 
+#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
+#define bn_wcheck_size(bn, words) \
+       do { \
+               const BIGNUM *_bnum2 = (bn); \
+               assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
+       } while(0)
+
 #else /* !BN_DEBUG */
 
 #define bn_pollute(a)
 #define bn_check_top(a)
 #define bn_fix_top(a)          bn_correct_top(a)
+#define bn_check_size(bn, bits)
+#define bn_wcheck_size(bn, words)
 
 #endif
 
 #define bn_correct_top(a) \
         { \
         BN_ULONG *ftl; \
-       if ((a)->top > 0) \
+       int tmp_top = (a)->top; \
+       if (tmp_top > 0) \
                { \
-               for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \
-               if (*(ftl--)) break; \
+               for (ftl= &((a)->d[tmp_top-1]); tmp_top > 0; tmp_top--) \
+                       if (*(ftl--)) break; \
+               (a)->top = tmp_top; \
                } \
        bn_pollute(a); \
        }