From c65168ccd29c0f0b841342e79c50575a00d0f60e Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 3 Aug 2019 16:28:02 +0300 Subject: [PATCH] OpenSSL: Fix crypto_bignum_to_bin() with padlen == 0 The earlier change to add support for BN_bn2binpad() and BN_bn2bin_padded() broke this function for cases where no padding is used (padlen == 0). Those would have always failed after the changes and the function would return -1. There are no such cases in the current hostap.git, so this did not have any real issues, but anyway, better fix this function to match its documentation. Fixes: 1e237903f5b5 ("OpenSSL: Use BN_bn2binpad() or BN_bn2bin_padded() if available") Signed-off-by: Jouni Malinen --- src/crypto/crypto_openssl.c | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c index fb278c2d2..aa5b9b4c7 100644 --- a/src/crypto/crypto_openssl.c +++ b/src/crypto/crypto_openssl.c @@ -1295,13 +1295,7 @@ void crypto_bignum_deinit(struct crypto_bignum *n, int clear) int crypto_bignum_to_bin(const struct crypto_bignum *a, u8 *buf, size_t buflen, size_t padlen) { -#ifdef OPENSSL_IS_BORINGSSL -#else /* OPENSSL_IS_BORINGSSL */ -#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) -#else int num_bytes, offset; -#endif -#endif /* OPENSSL_IS_BORINGSSL */ if (TEST_FAIL()) return -1; @@ -1309,14 +1303,18 @@ int crypto_bignum_to_bin(const struct crypto_bignum *a, if (padlen > buflen) return -1; + if (padlen) { #ifdef OPENSSL_IS_BORINGSSL - if (BN_bn2bin_padded(buf, padlen, (const BIGNUM *) a) == 0) - return -1; - return padlen; + if (BN_bn2bin_padded(buf, padlen, (const BIGNUM *) a) == 0) + return -1; + return padlen; #else /* OPENSSL_IS_BORINGSSL */ #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - return BN_bn2binpad((const BIGNUM *) a, buf, padlen); -#else + return BN_bn2binpad((const BIGNUM *) a, buf, padlen); +#endif +#endif + } + num_bytes = BN_num_bytes((const BIGNUM *) a); if ((size_t) num_bytes > buflen) return -1; @@ -1329,8 +1327,6 @@ int crypto_bignum_to_bin(const struct crypto_bignum *a, BN_bn2bin((const BIGNUM *) a, buf + offset); return num_bytes + offset; -#endif -#endif /* OPENSSL_IS_BORINGSSL */ } -- 2.47.3