Rewrite BN_bn2mpi() using CBB.

The content is effectively a u32 length prefixed field, so use CBB_add_u32_length_prefixed(). Use BN_bn2binpad() rather than manually padding if we need to extend and use sensible variable names so that the code becomes more readable. Note that since CBB can fail we now need to be able to indicate failure. This means that BN_bn2mpi() can now return -1 when it would not have previously (correct callers will check that BN_bn2mpi() returns a positive length). ok tb@
author: jsing <> 2024-06-22 16:33:00 +0000
committer: jsing <> 2024-06-22 16:33:00 +0000
commit: 9e2d9b677cb77ea4d6a866fc0c09c9352843e319 (patch)
tree: 7ea187e7cc01db66a27e1bacaa1a64b22a2ad4f6
parent: b5b93f3e56996c0034f98d6244c49b48e309478a (diff)
download: openbsd-9e2d9b677cb77ea4d6a866fc0c09c9352843e319.tar.gz
openbsd-9e2d9b677cb77ea4d6a866fc0c09c9352843e319.tar.bz2
openbsd-9e2d9b677cb77ea4d6a866fc0c09c9352843e319.zip
1 files changed, 35 insertions, 24 deletions
diff --git a/src/lib/libcrypto/bn/bn_convert.c b/src/lib/libcrypto/bn/bn_convert.c
index d509a86c08..d38747e017 100644
--- a/src/lib/libcrypto/bn/bn_convert.c
+++ b/src/lib/libcrypto/bn/bn_convert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_convert.c,v 1.21 2024/04/17 21:55:43 tb Exp $ */
+/* $OpenBSD: bn_convert.c,v 1.22 2024/06/22 16:33:00 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -690,32 +690,43 @@ BN_hex2bn(BIGNUM **bnp, const char *s)
 LCRYPTO_ALIAS(BN_hex2bn);
 int
-BN_bn2mpi(const BIGNUM *a, unsigned char *d)
+BN_bn2mpi(const BIGNUM *bn, unsigned char *d)
 {
-        int bits;
+        uint8_t *out_bin;
-        int num = 0;
+        size_t out_len, out_bin_len;
-        int ext = 0;
+        int bits, bytes;
-        long l;
+        int extend;
+        CBB cbb, cbb_bin;
-        bits = BN_num_bits(a);
-        num = (bits + 7) / 8;
+        bits = BN_num_bits(bn);
-        if (bits > 0) {
+        bytes = (bits + 7) / 8;
-                ext = ((bits & 0x07) == 0);
+        extend = (bits != 0) && (bits % 8 == 0);
-        }
+        out_bin_len = extend + bytes;
+        out_len = 4 + out_bin_len;
        if (d == NULL)
-                return (num + 4 + ext);
+                return out_len;
-        l = num + ext;
+        if (!CBB_init_fixed(&cbb, d, out_len))
-        d[0] = (unsigned char)(l >> 24) & 0xff;
+                goto err;
-        d[1] = (unsigned char)(l >> 16) & 0xff;
+        if (!CBB_add_u32_length_prefixed(&cbb, &cbb_bin))
-        d[2] = (unsigned char)(l >> 8) & 0xff;
+                goto err;
-        d[3] = (unsigned char)(l) & 0xff;
+        if (!CBB_add_space(&cbb_bin, &out_bin, out_bin_len))
-        if (ext)
+                goto err;
-                d[4] = 0;
+        if (BN_bn2binpad(bn, out_bin, out_bin_len) != out_bin_len)
-        num = BN_bn2bin(a, &(d[4 + ext]));
+                goto err;
-        if (a->neg)
+        if (!CBB_finish(&cbb, NULL, NULL))
+                goto err;
+        if (bn->neg)
                d[4] |= 0x80;
-        return (num + 4 + ext);
+        return out_len;
+ err:
+        CBB_cleanup(&cbb);
+        return -1;
 }
 LCRYPTO_ALIAS(BN_bn2mpi);
author	jsing <>	2024-06-22 16:33:00 +0000
committer	jsing <>	2024-06-22 16:33:00 +0000
commit	9e2d9b677cb77ea4d6a866fc0c09c9352843e319 (patch)
tree	7ea187e7cc01db66a27e1bacaa1a64b22a2ad4f6
parent	b5b93f3e56996c0034f98d6244c49b48e309478a (diff)
download	openbsd-9e2d9b677cb77ea4d6a866fc0c09c9352843e319.tar.gz openbsd-9e2d9b677cb77ea4d6a866fc0c09c9352843e319.tar.bz2 openbsd-9e2d9b677cb77ea4d6a866fc0c09c9352843e319.zip

diff --git a/src/lib/libcrypto/bn/bn_convert.c b/src/lib/libcrypto/bn/bn_convert.c index d509a86c08..d38747e017 100644 --- a/src/lib/libcrypto/bn/bn_convert.c +++ b/src/lib/libcrypto/bn/bn_convert.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: bn_convert.c,v 1.21 2024/04/17 21:55:43 tb Exp $ */	1	/* $OpenBSD: bn_convert.c,v 1.22 2024/06/22 16:33:00 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -690,32 +690,43 @@ BN_hex2bn(BIGNUM *bnp, const char s)
690	LCRYPTO_ALIAS(BN_hex2bn);	690	LCRYPTO_ALIAS(BN_hex2bn);
691		691
692	int	692	int
693	BN_bn2mpi(const BIGNUM a, unsigned char d)	693	BN_bn2mpi(const BIGNUM bn, unsigned char d)
694	{	694	{
695	int bits;	695	uint8_t *out_bin;
696	int num = 0;	696	size_t out_len, out_bin_len;
697	int ext = 0;	697	int bits, bytes;
698	long l;	698	int extend;
699		699	CBB cbb, cbb_bin;
700	bits = BN_num_bits(a);	700
701	num = (bits + 7) / 8;	701	bits = BN_num_bits(bn);
702	if (bits > 0) {	702	bytes = (bits + 7) / 8;
703	ext = ((bits & 0x07) == 0);	703	extend = (bits != 0) && (bits % 8 == 0);
704	}	704	out_bin_len = extend + bytes;
		705	out_len = 4 + out_bin_len;
		706
705	if (d == NULL)	707	if (d == NULL)
706	return (num + 4 + ext);	708	return out_len;
707		709
708	l = num + ext;	710	if (!CBB_init_fixed(&cbb, d, out_len))
709	d[0] = (unsigned char)(l >> 24) & 0xff;	711	goto err;
710	d[1] = (unsigned char)(l >> 16) & 0xff;	712	if (!CBB_add_u32_length_prefixed(&cbb, &cbb_bin))
711	d[2] = (unsigned char)(l >> 8) & 0xff;	713	goto err;
712	d[3] = (unsigned char)(l) & 0xff;	714	if (!CBB_add_space(&cbb_bin, &out_bin, out_bin_len))
713	if (ext)	715	goto err;
714	d[4] = 0;	716	if (BN_bn2binpad(bn, out_bin, out_bin_len) != out_bin_len)
715	num = BN_bn2bin(a, &(d[4 + ext]));	717	goto err;
716	if (a->neg)	718	if (!CBB_finish(&cbb, NULL, NULL))
		719	goto err;
		720
		721	if (bn->neg)
717	d[4] \|= 0x80;	722	d[4] \|= 0x80;
718	return (num + 4 + ext);	723
		724	return out_len;
		725
		726	err:
		727	CBB_cleanup(&cbb);
		728
		729	return -1;
719	}	730	}
720	LCRYPTO_ALIAS(BN_bn2mpi);	731	LCRYPTO_ALIAS(BN_bn2mpi);
721		732