View | Details | Raw Unified | Return to bug 40189 | Differences between
and this patch

Collapse All | Expand All

(-)a/crypto/bn/bn.h (-2 / +12 lines)
 Lines 125-130    Link Here 
125
#ifndef HEADER_BN_H
125
#ifndef HEADER_BN_H
126
# define HEADER_BN_H
126
# define HEADER_BN_H
127
127
128
# include <limits.h>
128
# include <openssl/e_os2.h>
129
# include <openssl/e_os2.h>
129
# ifndef OPENSSL_NO_FP_API
130
# ifndef OPENSSL_NO_FP_API
130
#  include <stdio.h>            /* FILE */
131
#  include <stdio.h>            /* FILE */
 Lines 739-746   const BIGNUM *BN_get0_nist_prime_521(void); Link Here 
739
740
740
/* library internal functions */
741
/* library internal functions */
741
742
742
# define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
743
# define bn_expand(a,bits) \
743
        (a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))
744
    ( \
745
        bits > (INT_MAX - BN_BITS2 + 1) ? \
746
            NULL \
747
        : \
748
            (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) ? \
749
                (a) \
750
            : \
751
                bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2) \
752
    )
753
744
# define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
754
# define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
745
BIGNUM *bn_expand2(BIGNUM *a, int words);
755
BIGNUM *bn_expand2(BIGNUM *a, int words);
746
# ifndef OPENSSL_NO_DEPRECATED
756
# ifndef OPENSSL_NO_DEPRECATED
(-)a/crypto/bn/bn_print.c (-4 / +13 lines)
 Lines 58-63    Link Here 
58
58
59
#include <stdio.h>
59
#include <stdio.h>
60
#include <ctype.h>
60
#include <ctype.h>
61
#include <limits.h>
61
#include "cryptlib.h"
62
#include "cryptlib.h"
62
#include <openssl/buffer.h>
63
#include <openssl/buffer.h>
63
#include "bn_lcl.h"
64
#include "bn_lcl.h"
 Lines 189-195   int BN_hex2bn(BIGNUM **bn, const char *a) Link Here 
189
        a++;
190
        a++;
190
    }
191
    }
191
192
192
    for (i = 0; isxdigit((unsigned char)a[i]); i++) ;
193
    for (i = 0; i <= (INT_MAX/4) && isxdigit((unsigned char)a[i]); i++)
194
        continue;
195
196
    if (i > INT_MAX/4)
197
        goto err;
193
198
194
    num = i + neg;
199
    num = i + neg;
195
    if (bn == NULL)
200
    if (bn == NULL)
 Lines 204-210   int BN_hex2bn(BIGNUM **bn, const char *a) Link Here 
204
        BN_zero(ret);
209
        BN_zero(ret);
205
    }
210
    }
206
211
207
    /* i is the number of hex digests; */
212
    /* i is the number of hex digits */
208
    if (bn_expand(ret, i * 4) == NULL)
213
    if (bn_expand(ret, i * 4) == NULL)
209
        goto err;
214
        goto err;
210
215
 Lines 260-266   int BN_dec2bn(BIGNUM **bn, const char *a) Link Here 
260
        a++;
265
        a++;
261
    }
266
    }
262
267
263
    for (i = 0; isdigit((unsigned char)a[i]); i++) ;
268
    for (i = 0; i <= (INT_MAX/4) && isdigit((unsigned char)a[i]); i++)
269
        continue;
270
271
    if (i > INT_MAX/4)
272
        goto err;
264
273
265
    num = i + neg;
274
    num = i + neg;
266
    if (bn == NULL)
275
    if (bn == NULL)
 Lines 278-284   int BN_dec2bn(BIGNUM **bn, const char *a) Link Here 
278
        BN_zero(ret);
287
        BN_zero(ret);
279
    }
288
    }
280
289
281
    /* i is the number of digests, a bit of an over expand; */
290
    /* i is the number of digits, a bit of an over expand */
282
    if (bn_expand(ret, i * 4) == NULL)
291
    if (bn_expand(ret, i * 4) == NULL)
283
        goto err;
292
        goto err;
284
293

Return to bug 40189