diff options
author | Pauli <paul.dale@oracle.com> | 2020-01-14 19:36:39 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2020-01-19 10:20:06 +1000 |
commit | ac23078b78305ba7b60d1459cf0db5df96e89d84 (patch) | |
tree | aa31103f40ca47125121661807b5059ab776cd09 /crypto/param_build.c | |
parent | a978dc3bffb63e6bfc40fe6955e8798bdffb4e7e (diff) | |
download | openssl-new-ac23078b78305ba7b60d1459cf0db5df96e89d84.tar.gz |
param_bld: add a padded BN call.
To aviod leaking size information when passing private value using the
OSSL_PARAM builder, a padded BN call is required.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10840)
Diffstat (limited to 'crypto/param_build.c')
-rw-r--r-- | crypto/param_build.c | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/crypto/param_build.c b/crypto/param_build.c index 01866b01d9..21bed31393 100644 --- a/crypto/param_build.c +++ b/crypto/param_build.c @@ -138,21 +138,30 @@ int ossl_param_bld_push_double(OSSL_PARAM_BLD *bld, const char *key, int ossl_param_bld_push_BN(OSSL_PARAM_BLD *bld, const char *key, const BIGNUM *bn) { - int sz = -1, secure = 0; + return ossl_param_bld_push_BN_pad(bld, key, bn, + bn == NULL ? 0 : BN_num_bytes(bn)); +} + +int ossl_param_bld_push_BN_pad(OSSL_PARAM_BLD *bld, const char *key, + const BIGNUM *bn, size_t sz) +{ + int n, secure = 0; OSSL_PARAM_BLD_DEF *pd; if (bn != NULL) { - sz = BN_num_bytes(bn); - if (sz < 0) { - CRYPTOerr(CRYPTO_F_OSSL_PARAM_BLD_PUSH_BN, - CRYPTO_R_ZERO_LENGTH_NUMBER); + n = BN_num_bytes(bn); + if (n < 0) { + CRYPTOerr(0, CRYPTO_R_ZERO_LENGTH_NUMBER); + return 0; + } + if (sz < (size_t)n) { + CRYPTOerr(0, CRYPTO_R_TOO_SMALL_BUFFER); return 0; } if (BN_get_flags(bn, BN_FLG_SECURE) == BN_FLG_SECURE) secure = 1; } - pd = param_push(bld, key, sz, sz >= 0 ? sz : 0, - OSSL_PARAM_UNSIGNED_INTEGER, secure); + pd = param_push(bld, key, sz, sz, OSSL_PARAM_UNSIGNED_INTEGER, secure); if (pd == NULL) return 0; pd->bn = bn; |