[src/trunk]: src/external/bsd/wpa/dist/src/crypto OpenSSL: Use BN_bn2binpad()...

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/dd95de20f086
branches:  trunk
changeset: 458735:dd95de20f086
user:      christos <christos%NetBSD.org@localhost>
date:      Thu Aug 08 09:55:32 2019 +0000

description:
OpenSSL: Use BN_bn2binpad() or BN_bn2bin_padded() if available

This converts crypto_bignum_to_bin() to use the OpenSSL/BoringSSL
functions BN_bn2binpad()/BN_bn2bin_padded(), when available, to avoid
differences in runtime and memory access patterns depending on the
leading bytes of the BIGNUM value.

OpenSSL 1.0.2 and LibreSSL do not include such functions, so those cases
are still using the previous implementation where the BN_num_bytes()
call may result in different memory access pattern.

Signed-off-by: Jouni Malinen <jouni%codeaurora.org@localhost>
(cherry picked from commit 1e237903f5b5d3117342daf006c5878cdb45e3d3)

diffstat:

 external/bsd/wpa/dist/src/crypto/crypto_openssl.c |  16 ++++++++++++++++
 1 files changed, 16 insertions(+), 0 deletions(-)

diffs (41 lines):

diff -r e5793ab91a3b -r dd95de20f086 external/bsd/wpa/dist/src/crypto/crypto_openssl.c
--- a/external/bsd/wpa/dist/src/crypto/crypto_openssl.c Thu Aug 08 08:58:40 2019 +0000
+++ b/external/bsd/wpa/dist/src/crypto/crypto_openssl.c Thu Aug 08 09:55:32 2019 +0000
@@ -1227,7 +1227,13 @@
 int crypto_bignum_to_bin(const struct crypto_bignum *a,
                         u8 *buf, size_t buflen, size_t padlen)
 {
+#ifdef OPENSSL_IS_BORINGSSL
+#else /* OPENSSL_IS_BORINGSSL */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+#else
        int num_bytes, offset;
+#endif
+#endif /* OPENSSL_IS_BORINGSSL */
 
        if (TEST_FAIL())
                return -1;
@@ -1235,6 +1241,14 @@
        if (padlen > buflen)
                return -1;
 
+#ifdef OPENSSL_IS_BORINGSSL
+       if (BN_bn2bin_padded(buf, padlen, (const BIGNUM *) a) == 0)
+               return -1;
+       return padlen;
+#else /* OPENSSL_IS_BORINGSSL */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+       return BN_bn2binpad((const BIGNUM *) a, buf, padlen);
+#else
        num_bytes = BN_num_bytes((const BIGNUM *) a);
        if ((size_t) num_bytes > buflen)
                return -1;
@@ -1247,6 +1261,8 @@
        BN_bn2bin((const BIGNUM *) a, buf + offset);
 
        return num_bytes + offset;
+#endif
+#endif /* OPENSSL_IS_BORINGSSL */
 }