sync with OpenBSD -current

lib/libcrypto/bn/bn_convert.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_convert.c,v 1.18 2024/04/16 13:14:46 jsing Exp $ */
+/* $OpenBSD: bn_convert.c,v 1.21 2024/04/17 21:55:43 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -154,7 +154,7 @@ BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
 LCRYPTO_ALIAS(BN_bn2binpad);
 
 static int
-bn_bin2bn_cbs(BIGNUM **bnp, CBS *cbs)
+bn_bin2bn_cbs(BIGNUM **bnp, CBS *cbs, int lebin)
 {
 	BIGNUM *bn = NULL;
 	BN_ULONG w;
@@ -173,8 +173,13 @@ bn_bin2bn_cbs(BIGNUM **bnp, CBS *cbs)
 	w = 0;
 
 	while (CBS_len(cbs) > 0) {
-		if (!CBS_get_last_u8(cbs, &v))
-			goto err;
+		if (lebin) {
+			if (!CBS_get_u8(cbs, &v))
+				goto err;
+		} else {
+			if (!CBS_get_last_u8(cbs, &v))
+				goto err;
+		}
 
 		w |= (BN_ULONG)v << b;
 		b += 8;
@@ -212,7 +217,7 @@ BN_bin2bn(const unsigned char *d, int len, BIGNUM *bn)
 
 	CBS_init(&cbs, d, len);
 
-	if (!bn_bin2bn_cbs(&bn, &cbs))
+	if (!bn_bin2bn_cbs(&bn, &cbs, 0))
 		return NULL;
 
 	return bn;
@@ -230,56 +235,19 @@ BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen)
 LCRYPTO_ALIAS(BN_bn2lebinpad);
 
 BIGNUM *
-BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret)
+BN_lebin2bn(const unsigned char *d, int len, BIGNUM *bn)
 {
-	unsigned int i, m, n;
-	BN_ULONG l;
-	BIGNUM *bn = NULL;
+	CBS cbs;
 
-	if (ret == NULL)
-		ret = bn = BN_new();
-	if (ret == NULL)
+	if (len < 0)
 		return NULL;
 
+	CBS_init(&cbs, d, len);
 
-	s += len;
-	/* Skip trailing zeroes. */
-	for (; len > 0 && s[-1] == 0; s--, len--)
-		continue;
-
-	n = len;
-	if (n == 0) {
-		ret->top = 0;
-		return ret;
-	}
-
-	i = ((n - 1) / BN_BYTES) + 1;
-	m = (n - 1) % BN_BYTES;
-	if (!bn_wexpand(ret, (int)i)) {
-		BN_free(bn);
+	if (!bn_bin2bn_cbs(&bn, &cbs, 1))
 		return NULL;
-	}
 
-	ret->top = i;
-	ret->neg = 0;
-	l = 0;
-	while (n-- > 0) {
-		s--;
-		l = (l << 8L) | *s;
-		if (m-- == 0) {
-			ret->d[--i] = l;
-			l = 0;
-			m = BN_BYTES - 1;
-		}
-	}
-
-	/*
-	 * need to call this due to clear byte at top if avoiding having the
-	 * top bit set (-ve number)
-	 */
-	bn_correct_top(ret);
-
-	return ret;
+	return bn;
 }
 LCRYPTO_ALIAS(BN_lebin2bn);
 
@@ -752,45 +720,41 @@ BN_bn2mpi(const BIGNUM *a, unsigned char *d)
 LCRYPTO_ALIAS(BN_bn2mpi);
 
 BIGNUM *
-BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain)
+BN_mpi2bn(const unsigned char *d, int n, BIGNUM *bn_in)
 {
-	BIGNUM *a = ain;
-	long len;
+	BIGNUM *bn = bn_in;
+	uint32_t mpi_len;
+	uint8_t v;
 	int neg = 0;
+	CBS cbs;
 
-	if (n < 4) {
+	if (n < 0)
+		return NULL;
+
+	CBS_init(&cbs, d, n);
+
+	if (!CBS_get_u32(&cbs, &mpi_len)) {
 		BNerror(BN_R_INVALID_LENGTH);
-		return (NULL);
+		return NULL;
 	}
-	len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) |
-	    (int)d[3];
-	if ((len + 4) != n) {
+	if (CBS_len(&cbs) != mpi_len) {
 		BNerror(BN_R_ENCODING_ERROR);
-		return (NULL);
+		return NULL;
+	}
+	if (CBS_len(&cbs) > 0) {
+		if (!CBS_peek_u8(&cbs, &v))
+			return NULL;
+		neg = (v >> 7) & 1;
 	}
 
-	if (a == NULL)
-		a = BN_new();
-	if (a == NULL)
-		return (NULL);
+	if (!bn_bin2bn_cbs(&bn, &cbs, 0))
+		return NULL;
 
-	if (len == 0) {
-		a->neg = 0;
-		a->top = 0;
-		return (a);
-	}
-	d += 4;
-	if ((*d) & 0x80)
-		neg = 1;
-	if (BN_bin2bn(d, (int)len, a) == NULL) {
-		if (ain == NULL)
-			BN_free(a);
-		return (NULL);
-	}
-	BN_set_negative(a, neg);
-	if (neg) {
-		BN_clear_bit(a, BN_num_bits(a) - 1);
-	}
-	return (a);
+	if (neg)
+		BN_clear_bit(bn, BN_num_bits(bn) - 1);
+
+	BN_set_negative(bn, neg);
+
+	return bn;
 }
 LCRYPTO_ALIAS(BN_mpi2bn);