diff options
| author | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-01-06 15:14:54 +0100 |
|---|---|---|
| committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-01-06 15:14:54 +0100 |
| commit | cc6a935ce54b573c1efd7533aff00e7bf0a9959c (patch) | |
| tree | c8ad266edb7ea1e7b93aaaaa98847cf662373668 /security/nss/lib/freebl/mpi/mpi.c | |
| parent | d129c900c9f943adb69c1fb20ba1a029fdd95cff (diff) | |
| parent | 9f4afc2552a67cc675b8b8af2ecb8ebc04a473a7 (diff) | |
| download | UXP-cc6a935ce54b573c1efd7533aff00e7bf0a9959c.tar UXP-cc6a935ce54b573c1efd7533aff00e7bf0a9959c.tar.gz UXP-cc6a935ce54b573c1efd7533aff00e7bf0a9959c.tar.lz UXP-cc6a935ce54b573c1efd7533aff00e7bf0a9959c.tar.xz UXP-cc6a935ce54b573c1efd7533aff00e7bf0a9959c.zip | |
Merge branch 'master' into Pale_Moon-release
# Conflicts:
# application/palemoon/components/feeds/FeedWriter.js
# application/palemoon/config/version.txt
# security/manager/ssl/nsSTSPreloadList.errors
# security/manager/ssl/nsSTSPreloadList.inc
Diffstat (limited to 'security/nss/lib/freebl/mpi/mpi.c')
| -rw-r--r-- | security/nss/lib/freebl/mpi/mpi.c | 61 |
1 files changed, 42 insertions, 19 deletions
diff --git a/security/nss/lib/freebl/mpi/mpi.c b/security/nss/lib/freebl/mpi/mpi.c index 8c893fb5f..401eac51d 100644 --- a/security/nss/lib/freebl/mpi/mpi.c +++ b/security/nss/lib/freebl/mpi/mpi.c @@ -4775,38 +4775,61 @@ mp_to_signed_octets(const mp_int *mp, unsigned char *str, mp_size maxlen) /* }}} */ /* {{{ mp_to_fixlen_octets(mp, str) */ -/* output a buffer of big endian octets exactly as long as requested. */ +/* output a buffer of big endian octets exactly as long as requested. + constant time on the value of mp. */ mp_err mp_to_fixlen_octets(const mp_int *mp, unsigned char *str, mp_size length) { - int ix, pos = 0; + int ix, jx; unsigned int bytes; - ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG); - - bytes = mp_unsigned_octet_size(mp); - ARGCHK(bytes <= length, MP_BADARG); + ARGCHK(mp != NULL, MP_BADARG); + ARGCHK(str != NULL, MP_BADARG); + ARGCHK(!SIGN(mp), MP_BADARG); + ARGCHK(length > 0, MP_BADARG); + + /* Constant time on the value of mp. Don't use mp_unsigned_octet_size. */ + bytes = USED(mp) * MP_DIGIT_SIZE; + + /* If the output is shorter than the native size of mp, then check that any + * bytes not written have zero values. This check isn't constant time on + * the assumption that timing-sensitive callers can guarantee that mp fits + * in the allocated space. */ + ix = USED(mp) - 1; + if (bytes > length) { + unsigned int zeros = bytes - length; + + while (zeros >= MP_DIGIT_SIZE) { + ARGCHK(DIGIT(mp, ix) == 0, MP_BADARG); + zeros -= MP_DIGIT_SIZE; + ix--; + } - /* place any needed leading zeros */ - for (; length > bytes; --length) { - *str++ = 0; + if (zeros > 0) { + mp_digit d = DIGIT(mp, ix); + mp_digit m = ~0ULL << ((MP_DIGIT_SIZE - zeros) * CHAR_BIT); + ARGCHK((d & m) == 0, MP_BADARG); + for (jx = MP_DIGIT_SIZE - zeros - 1; jx >= 0; jx--) { + *str++ = d >> (jx * CHAR_BIT); + } + ix--; + } + } else if (bytes < length) { + /* Place any needed leading zeros. */ + unsigned int zeros = length - bytes; + memset(str, 0, zeros); + str += zeros; } - /* Iterate over each digit... */ - for (ix = USED(mp) - 1; ix >= 0; ix--) { + /* Iterate over each whole digit... */ + for (; ix >= 0; ix--) { mp_digit d = DIGIT(mp, ix); - int jx; /* Unpack digit bytes, high order first */ - for (jx = sizeof(mp_digit) - 1; jx >= 0; jx--) { - unsigned char x = (unsigned char)(d >> (jx * CHAR_BIT)); - if (!pos && !x) /* suppress leading zeros */ - continue; - str[pos++] = x; + for (jx = MP_DIGIT_SIZE - 1; jx >= 0; jx--) { + *str++ = d >> (jx * CHAR_BIT); } } - if (!pos) - str[pos++] = 0; return MP_OKAY; } /* end mp_to_fixlen_octets() */ /* }}} */ |