The branch master has been updated via c89799605b833f769ce4cfd879bb291f49b133be (commit) via 8aca4bfe8213402c80abc06fe25121461f79128d (commit) from 777182a0c77ee374e43b94546f49b25f37945c0e (commit)
- Log ----------------------------------------------------------------- commit c89799605b833f769ce4cfd879bb291f49b133be Author: Cesar Pereida Garcia <cesar.pereidagar...@tut.fi> Date: Mon Oct 21 14:53:51 2019 +0300 Enable runtime testing of no-deprecated builds in Travis Reviewed-by: Nicola Tuveri <nic....@gmail.com> Reviewed-by: Richard Levitte <levi...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10232) commit 8aca4bfe8213402c80abc06fe25121461f79128d Author: Cesar Pereida Garcia <cesar.pereidagar...@tut.fi> Date: Mon Oct 21 14:41:01 2019 +0300 Update control logic for BN_gcd PR https://github.com/openssl/openssl/pull/10122 introduced changes to the BN_gcd function and the control logic inside it accessed `g->d[0]` irrespective of `g->top`. When BN_add is called, in case the result is zero, `BN_zero` is called. The latter behaves differently depending on the API compatibility level flag: normally `g->d[0]` is cleared but in `no-deprecated` builds only `g->top` is set to zero. This commit uses bitwise logic to ensure that `g` is treated as zero if `g->top` is zero, irrespective of `g->d[0]`. Co-authored-by: Nicola Tuveri <nic....@gmail.com> Reviewed-by: Nicola Tuveri <nic....@gmail.com> Reviewed-by: Richard Levitte <levi...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10232) ----------------------------------------------------------------------- Summary of changes: .travis.yml | 2 +- crypto/bn/bn_gcd.c | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 9b655d84c8..9f616c7e00 100644 --- a/.travis.yml +++ b/.travis.yml @@ -46,7 +46,7 @@ matrix: - os: linux dist: trusty compiler: clang - env: CONFIG_OPTS="--strict-warnings -D__NO_STRING_INLINES no-deprecated" BUILDONLY="yes" + env: CONFIG_OPTS="--strict-warnings -D__NO_STRING_INLINES no-deprecated" - os: linux dist: bionic compiler: clang diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c index fbefe4ab6a..bed9fca4d9 100644 --- a/crypto/bn/bn_gcd.c +++ b/crypto/bn/bn_gcd.c @@ -593,7 +593,9 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) for (i = 0; i < m; i++) { /* conditionally flip signs if delta is positive and g is odd */ - cond = (-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1; + cond = (-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1 + /* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */ + & (~((g->top - 1) >> (sizeof(g->top) * 8 - 1))); delta = (-cond & -delta) | ((cond - 1) & delta); r->neg ^= cond; /* swap */ @@ -603,7 +605,10 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) delta++; if (!BN_add(temp, g, r)) goto err; - BN_consttime_swap(g->d[0] & 1, g, temp, top); + BN_consttime_swap(g->d[0] & 1 /* g is odd */ + /* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */ + & (~((g->top - 1) >> (sizeof(g->top) * 8 - 1))), + g, temp, top); if (!BN_rshift1(g, g)) goto err; }