Fix incorrect return check of BN_bn2binpad #16942

PeiweiHu · 2021-11-01T07:02:11Z

Checklist

documentation is added or updated
tests are added or updated

crypto/ec/ec_deprecated.c

kroeckx · 2021-11-01T08:46:15Z

test/acvp_test.c

@@ -71,7 +71,7 @@ static int pkey_get_bn_bytes(EVP_PKEY *pkey, const char *name,
    buf = OPENSSL_zalloc(sz);
    if (buf == NULL)
        goto err;
-    if (!BN_bn2binpad(bn, buf, sz))
+    if (BN_bn2binpad(bn, buf, sz) <= 0)


Same problem here

I changed to <= according to reutrn values check in /test/acvp_test.c:229, 231, 570, 572. There are a lot. Do we need to change them all?

And /crypto/ec/ec_curve.c: 3404

Same problem here

Hmm, @kroeckx but what the returned 0 indicates? A 0 byte sized number does not look like a number. Perhaps 0 cannot be returned at all? A zero BIGNUM should be encoded as a single zero byte, shouldn't it? So the return value should be 1.

It's hard to see how a zero could be returned.

We should nonetheless try to be consistent in the return code handling.

In #16943, the code invoking BN_bn2nativepad has a consistent handling way. As for BN_bn2binpad, == -1, <0, and <=0 can be found in codebase. Maybe it's better to unify them.

Agreed, they should be unified. Not necessary for this PR IMO.

kroeckx · 2021-11-01T08:46:44Z

test/ecdsatest.c

@@ -46,7 +46,7 @@ static int fbytes(unsigned char *buf, size_t num, ossl_unused const char *name,
        || !TEST_true(BN_hex2bn(&tmp, numbers[fbytes_counter]))
        /* tmp might need leading zeros so pad it out */
        || !TEST_int_le(BN_num_bytes(tmp), num)
-        || !TEST_true(BN_bn2binpad(tmp, buf, num)))
+        || !TEST_int_gt(BN_bn2binpad(tmp, buf, num), 0))


Same problem here

kroeckx · 2021-11-01T12:26:47Z

Hmm, @kroeckx but what the returned 0 indicates? A 0 byte sized number does not look like a number. Perhaps 0 cannot be returned at all? A zero BIGNUM should be encoded as a single zero byte, shouldn't it? So the return value should be 1.

I guess you only get 0 back when the number is 0 and the size that is passed is 0, which seems unlikely. So <= 0 is fine.

paulidale · 2021-11-02T02:25:48Z

test/acvp_test.c

@@ -71,7 +71,7 @@ static int pkey_get_bn_bytes(EVP_PKEY *pkey, const char *name,
    buf = OPENSSL_zalloc(sz);
    if (buf == NULL)
        goto err;
-    if (!BN_bn2binpad(bn, buf, sz))
+    if (BN_bn2binpad(bn, buf, sz) <= 0)


It's hard to see how a zero could be returned.

We should nonetheless try to be consistent in the return code handling.

openssl-machine · 2021-11-05T22:00:15Z

This pull request is ready to merge

Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #16942)

Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #16942) (cherry picked from commit 098f262)

paulidale · 2021-11-07T22:54:47Z

Merged to master and 3.0. Thanks for the fix.

Fix incorrect return check of BN_bn2binpad

7aaadc6

kroeckx reviewed Nov 1, 2021

View reviewed changes

crypto/ec/ec_deprecated.c Outdated Show resolved Hide resolved

=0 is valid

63dccef

kroeckx reviewed Nov 1, 2021

View reviewed changes

paulidale approved these changes Nov 2, 2021

View reviewed changes

paulidale added approval: review pending This pull request needs review by a committer branch: master Merge to master branch branch: 3.0 Merge to openssl-3.0 branch labels Nov 2, 2021

kroeckx approved these changes Nov 4, 2021

View reviewed changes

kroeckx added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Nov 4, 2021

t8m added the triaged: bug The issue/pr is/fixes a bug label Nov 5, 2021

openssl-machine removed the approval: done This pull request has the required number of approvals label Nov 5, 2021

openssl-machine added the approval: ready to merge The 24 hour grace period has passed, ready to merge label Nov 5, 2021

openssl-machine pushed a commit that referenced this pull request Nov 7, 2021

Fix incorrect return check of BN_bn2binpad

098f262

Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #16942)

openssl-machine pushed a commit that referenced this pull request Nov 7, 2021

Fix incorrect return check of BN_bn2binpad

d8e8309

Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from #16942) (cherry picked from commit 098f262)

paulidale closed this Nov 7, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix incorrect return check of BN_bn2binpad #16942

Fix incorrect return check of BN_bn2binpad #16942

PeiweiHu commented Nov 1, 2021

kroeckx Nov 1, 2021

PeiweiHu Nov 1, 2021

PeiweiHu Nov 1, 2021

t8m Nov 1, 2021

paulidale Nov 2, 2021

PeiweiHu Nov 2, 2021 •

edited

paulidale Nov 2, 2021

kroeckx Nov 1, 2021

kroeckx commented Nov 1, 2021 via email

paulidale Nov 2, 2021

openssl-machine commented Nov 5, 2021

paulidale commented Nov 7, 2021

Fix incorrect return check of BN_bn2binpad #16942

Fix incorrect return check of BN_bn2binpad #16942

Conversation

PeiweiHu commented Nov 1, 2021

Checklist

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

PeiweiHu Nov 2, 2021 • edited

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

kroeckx commented Nov 1, 2021 via email

Choose a reason for hiding this comment

openssl-machine commented Nov 5, 2021

paulidale commented Nov 7, 2021

PeiweiHu Nov 2, 2021 •

edited