diff options
| author | Andy Polyakov <appro@openssl.org> | 2018-07-16 18:17:44 +0200 |
|---|---|---|
| committer | Andy Polyakov <appro@openssl.org> | 2018-08-10 21:08:15 +0200 |
| commit | df6b67becc1f41c2eeee7e20ff10b5ec42ced58b (patch) | |
| tree | f1a8bc67c407b0a900a7fd87c355459a36a7123b /crypto | |
| parent | 6412738be390dd9bf680cef89f22e4c810ab065f (diff) | |
bn/bn_lib.c address Coverity nit in bn2binpad.
It was false positive, but one can as well view it as readability issue.
Switch even to unsigned indices because % BN_BYTES takes 4-6 instructions
with signed dividend vs. 1 (one) with unsigned.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6889)
(cherry picked from commit 83e034379fa3f6f0d308ec75fbcb137e26154aec)
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/bn/bn_lib.c | 23 |
1 files changed, 11 insertions, 12 deletions
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 4ed037d176..03bd8cd183 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -616,28 +616,27 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) /* ignore negative */ static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) { - int i, j, top; + int n; + size_t i, inc, lasti, j; BN_ULONG l; - i = BN_num_bytes(a); + n = BN_num_bytes(a); if (tolen == -1) - tolen = i; - else if (tolen < i) + tolen = n; + else if (tolen < n) return -1; - if (i == 0) { + if (n == 0) { OPENSSL_cleanse(to, tolen); return tolen; } - top = a->top * BN_BYTES; - for (i = 0, j = tolen; j > 0; i++) { - unsigned int mask; - - mask = constant_time_lt(i, top); - i -= 1 & ~mask; /* stay on top limb */ + lasti = n - 1; + for (i = 0, inc = 1, j = tolen; j > 0;) { l = a->d[i / BN_BYTES]; - to[--j] = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask); + to[--j] = (unsigned char)(l >> (8 * (i % BN_BYTES)) & (0 - inc)); + inc = (i - lasti) >> (8 * sizeof(i) - 1); + i += inc; /* stay on top limb */ } return tolen; |