OpenSSL: Fix crypto_bignum_to_bin() with padlen == 0

The earlier change to add support for BN_bn2binpad() and
BN_bn2bin_padded() broke this function for cases where no padding is
used (padlen == 0). Those would have always failed after the changes and
the function would return -1. There are no such cases in the current
hostap.git, so this did not have any real issues, but anyway, better fix
this function to match its documentation.

Fixes: 1e237903f5 ("OpenSSL: Use BN_bn2binpad() or BN_bn2bin_padded() if available")
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2019-08-03 16:28:02 +03:00
parent cb28bd52e1
commit c65168ccd2

View File

@ -1295,13 +1295,7 @@ void crypto_bignum_deinit(struct crypto_bignum *n, int clear)
int crypto_bignum_to_bin(const struct crypto_bignum *a,
u8 *buf, size_t buflen, size_t padlen)
{
#ifdef OPENSSL_IS_BORINGSSL
#else /* OPENSSL_IS_BORINGSSL */
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
#else
int num_bytes, offset;
#endif
#endif /* OPENSSL_IS_BORINGSSL */
if (TEST_FAIL())
return -1;
@ -1309,14 +1303,18 @@ int crypto_bignum_to_bin(const struct crypto_bignum *a,
if (padlen > buflen)
return -1;
if (padlen) {
#ifdef OPENSSL_IS_BORINGSSL
if (BN_bn2bin_padded(buf, padlen, (const BIGNUM *) a) == 0)
return -1;
return padlen;
if (BN_bn2bin_padded(buf, padlen, (const BIGNUM *) a) == 0)
return -1;
return padlen;
#else /* OPENSSL_IS_BORINGSSL */
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
return BN_bn2binpad((const BIGNUM *) a, buf, padlen);
#else
return BN_bn2binpad((const BIGNUM *) a, buf, padlen);
#endif
#endif
}
num_bytes = BN_num_bytes((const BIGNUM *) a);
if ((size_t) num_bytes > buflen)
return -1;
@ -1329,8 +1327,6 @@ int crypto_bignum_to_bin(const struct crypto_bignum *a,
BN_bn2bin((const BIGNUM *) a, buf + offset);
return num_bytes + offset;
#endif
#endif /* OPENSSL_IS_BORINGSSL */
}