1 From ee34d8cfbd0fbf7ba7429531d4bee1c43b074d8b Mon Sep 17 00:00:00 2001
2 From: Jouni Malinen <jouni@codeaurora.org>
3 Date: Thu, 25 Apr 2019 19:23:05 +0300
4 Subject: [PATCH 3/6] OpenSSL: Use BN_bn2binpad() or BN_bn2bin_padded() if
7 This converts crypto_bignum_to_bin() to use the OpenSSL/BoringSSL
8 functions BN_bn2binpad()/BN_bn2bin_padded(), when available, to avoid
9 differences in runtime and memory access patterns depending on the
10 leading bytes of the BIGNUM value.
12 OpenSSL 1.0.2 and LibreSSL do not include such functions, so those cases
13 are still using the previous implementation where the BN_num_bytes()
14 call may result in different memory access pattern.
16 Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
17 (cherry picked from commit 1e237903f5b5d3117342daf006c5878cdb45e3d3)
19 src/crypto/crypto_openssl.c | 16 ++++++++++++++++
20 1 file changed, 16 insertions(+)
22 --- a/src/crypto/crypto_openssl.c
23 +++ b/src/crypto/crypto_openssl.c
24 @@ -1295,7 +1295,13 @@ void crypto_bignum_deinit(struct crypto_
25 int crypto_bignum_to_bin(const struct crypto_bignum *a,
26 u8 *buf, size_t buflen, size_t padlen)
28 +#ifdef OPENSSL_IS_BORINGSSL
29 +#else /* OPENSSL_IS_BORINGSSL */
30 +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
32 int num_bytes, offset;
34 +#endif /* OPENSSL_IS_BORINGSSL */
38 @@ -1303,6 +1309,14 @@ int crypto_bignum_to_bin(const struct cr
42 +#ifdef OPENSSL_IS_BORINGSSL
43 + if (BN_bn2bin_padded(buf, padlen, (const BIGNUM *) a) == 0)
46 +#else /* OPENSSL_IS_BORINGSSL */
47 +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
48 + return BN_bn2binpad((const BIGNUM *) a, buf, padlen);
50 num_bytes = BN_num_bytes((const BIGNUM *) a);
51 if ((size_t) num_bytes > buflen)
53 @@ -1315,6 +1329,8 @@ int crypto_bignum_to_bin(const struct cr
54 BN_bn2bin((const BIGNUM *) a, buf + offset);
56 return num_bytes + offset;
58 +#endif /* OPENSSL_IS_BORINGSSL */