Move zeroing from bn_expand_internal() to bn_expand2() so that it (12593e6f) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

crypto/bn/bn_lib.c

+22 −12

Original line number	Diff line number	Diff line
		@@ -363,17 +363,6 @@ static BN_ULONG bn_expand_internal(const BIGNUM b, int words)
		}
		}

		/* Now need to zero any data between b->top and b->max */
		/* XXX Why? */

		A= &(a[b->top]);
		for (i=(words - b->top)>>3; i>0; i--,A+=8)
		{
		A[0]=0; A[1]=0; A[2]=0; A[3]=0;
		A[4]=0; A[5]=0; A[6]=0; A[7]=0;
		}
		for (i=(words - b->top)&7; i>0; i--,A++)
		A[0]=0;
		#else
		memset(A,0,sizeof(BN_ULONG)*(words+1));
		memcpy(A,b->d,sizeof(b->d[0])*b->top);
		@@ -397,6 +386,12 @@ BIGNUM bn_dup_expand(const BIGNUM b, int words)
		{
		BIGNUM *r = NULL;

		/* This function does not work if
		* words <= b->dmax && top < words
		* because BN_dup() does not preserve 'dmax'!
		* (But bn_dup_expand() is not used anywhere yet.)
		*/

		if (words > b->dmax)
		{
		BN_ULONG *a = bn_expand_internal(b, words);
		@@ -429,12 +424,16 @@ BIGNUM bn_dup_expand(const BIGNUM b, int words)
		}

		/* This is an internal function that should not be used in applications.
		* It ensures that 'b' has enough room for a 'words' word number number.
		* It ensures that 'b' has enough room for a 'words' word number
		* and initialises the unused part of b->d with leading zeros.
		* It is mostly used by the various BIGNUM routines. If there is an error,
		* NULL is returned. If not, 'b' is returned. */

		BIGNUM bn_expand2(BIGNUM b, int words)
		{
		BN_ULONG *A;
		int i;

		if (words > b->dmax)
		{
		BN_ULONG *a = bn_expand_internal(b, words);
		@@ -449,6 +448,17 @@ BIGNUM bn_expand2(BIGNUM b, int words)
		else
		b = NULL;
		}

		/* NB: bn_wexpand() calls this only if the BIGNUM really has to grow */
		A = &(b->d[b->top]);
		for (i=(words - b->top)>>3; i>0; i--,A+=8)
		{
		A[0]=0; A[1]=0; A[2]=0; A[3]=0;
		A[4]=0; A[5]=0; A[6]=0; A[7]=0;
		}
		for (i=(words - b->top)&7; i>0; i--,A++)
		A[0]=0;

		return b;
		}