cryptodev_digest_update: don't leak original state->mac_data if realloc fails

[oweals/openssl.git] / crypto / bn / bn_lib.c

diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 72da0735fd83ada70265c1dac87fba13fd931321..efa77999ff5148b11d60de93a34bab9793a1cd8f 100644 (file)
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -324,6 +324,15 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
                BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);
                return(NULL);
                }
+#ifdef PURIFY
+       /* Valgrind complains in BN_consttime_swap because we process the whole
+        * array even if it's not initialised yet. This doesn't matter in that
+        * function - what's important is constant time operation (we're not
+        * actually going to use the data)
+       */
+       memset(a, 0, sizeof(BN_ULONG)*words);
+#endif
+
 #if 1
        B=b->d;
        /* Check if the previous number needs to be copied */
@@ -880,3 +889,28 @@ void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
        }
 #undef BN_CONSTTIME_SWAP
 }
+
+/* Bits of security, see SP800-57 */
+
+int BN_security_bits(int L, int N)
+       {
+       int secbits, bits;
+       if (L >= 15360)
+               secbits = 256;
+       else if (L >= 7690)
+               secbits = 192;
+       else if (L >= 3072)
+               secbits = 128;
+       else if (L >= 2048)
+               secbits = 112;
+       else if (L >= 1024)
+               secbits = 80;
+       else
+               return 0;
+       if (N == -1)
+               return secbits;
+       bits = N / 2;
+       if (bits < 80)
+               return 0;
+       return bits >= secbits ? secbits : bits;
+       }