diff options
| author | Jung-uk Kim <jkim@FreeBSD.org> | 2016-09-22 13:05:59 +0000 |
|---|---|---|
| committer | Jung-uk Kim <jkim@FreeBSD.org> | 2016-09-22 13:05:59 +0000 |
| commit | 2c14c598c3061ac2533f997352aa06a2266f44d9 (patch) | |
| tree | 470894a14935f308eeac93c6cbf6cf25632e1cb1 /crypto/bn | |
| parent | 47b11f985b9e0ff561a67e19674de6fbcf79281d (diff) | |
Notes
Diffstat (limited to 'crypto/bn')
| -rw-r--r-- | crypto/bn/bn_lib.c | 2 | ||||
| -rw-r--r-- | crypto/bn/bn_print.c | 12 | ||||
| -rw-r--r-- | crypto/bn/bn_rand.c | 10 |
3 files changed, 12 insertions, 12 deletions
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 80105fff410c..10b78f512607 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -569,7 +569,7 @@ void BN_clear(BIGNUM *a) { bn_check_top(a); if (a->d != NULL) - memset(a->d, 0, a->dmax * sizeof(a->d[0])); + OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0])); a->top = 0; a->neg = 0; } diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index bfa31efc5621..a9ff271b9ae9 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -111,6 +111,7 @@ char *BN_bn2dec(const BIGNUM *a) char *p; BIGNUM *t = NULL; BN_ULONG *bn_data = NULL, *lp; + int bn_data_num; /*- * get an upper bound for the length of the decimal integer @@ -120,9 +121,9 @@ char *BN_bn2dec(const BIGNUM *a) */ i = BN_num_bits(a) * 3; num = (i / 10 + i / 1000 + 1) + 1; - bn_data = - (BN_ULONG *)OPENSSL_malloc((num / BN_DEC_NUM + 1) * sizeof(BN_ULONG)); - buf = (char *)OPENSSL_malloc(num + 3); + bn_data_num = num / BN_DEC_NUM + 1; + bn_data = OPENSSL_malloc(bn_data_num * sizeof(BN_ULONG)); + buf = OPENSSL_malloc(num + 3); if ((buf == NULL) || (bn_data == NULL)) { BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE); goto err; @@ -140,9 +141,12 @@ char *BN_bn2dec(const BIGNUM *a) if (BN_is_negative(t)) *p++ = '-'; - i = 0; while (!BN_is_zero(t)) { + if (lp - bn_data >= bn_data_num) + goto err; *lp = BN_div_word(t, BN_DEC_CONV); + if (*lp == (BN_ULONG)-1) + goto err; lp++; } lp--; diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index f9fb2e9e45e0..2266d22b66aa 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -145,13 +145,9 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) time(&tim); RAND_add(&tim, sizeof(tim), 0.0); - if (pseudorand) { - if (RAND_pseudo_bytes(buf, bytes) == -1) - goto err; - } else { - if (RAND_bytes(buf, bytes) <= 0) - goto err; - } + /* We ignore the value of pseudorand and always call RAND_bytes */ + if (RAND_bytes(buf, bytes) <= 0) + goto err; #if 1 if (pseudorand == 2) { |