Switch blinding indices to size_t.
The indices do fit in unsigned, but we're not taking any advantage of
this because of struct padding, and the RSA structure is not that
memory-sensitive.
Bug: 516
Change-Id: I678e20fcd6f6fa8f69eaef1f4108fa94194b6ee7
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55270
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/crypto/fipsmodule/rsa/rsa_impl.c b/crypto/fipsmodule/rsa/rsa_impl.c
index 2bef70d..3a069ec 100644
--- a/crypto/fipsmodule/rsa/rsa_impl.c
+++ b/crypto/fipsmodule/rsa/rsa_impl.c
@@ -365,7 +365,7 @@
//
// On success, the index of the assigned BN_BLINDING is written to
// |*index_used| and must be passed to |rsa_blinding_release| when finished.
-static BN_BLINDING *rsa_blinding_get(RSA *rsa, unsigned *index_used,
+static BN_BLINDING *rsa_blinding_get(RSA *rsa, size_t *index_used,
BN_CTX *ctx) {
assert(ctx != NULL);
assert(rsa->mont_n != NULL);
@@ -376,7 +376,7 @@
// Wipe the blinding cache on |fork|.
if (rsa->blinding_fork_generation != fork_generation) {
- for (unsigned i = 0; i < rsa->num_blindings; i++) {
+ for (size_t i = 0; i < rsa->num_blindings; i++) {
// The inuse flag must be zero unless we were forked from a
// multi-threaded process, in which case calling back into BoringSSL is
// forbidden.
@@ -407,7 +407,7 @@
// Double the length of the cache.
static_assert(MAX_BLINDINGS_PER_RSA < UINT_MAX / 2,
"MAX_BLINDINGS_PER_RSA too large");
- unsigned new_num_blindings = rsa->num_blindings * 2;
+ size_t new_num_blindings = rsa->num_blindings * 2;
if (new_num_blindings == 0) {
new_num_blindings = 1;
}
@@ -416,8 +416,6 @@
}
assert(new_num_blindings > rsa->num_blindings);
- static_assert(MAX_BLINDINGS_PER_RSA < UINT_MAX / sizeof(BN_BLINDING *),
- "MAX_BLINDINGS_PER_RSA too large");
BN_BLINDING **new_blindings =
OPENSSL_malloc(sizeof(BN_BLINDING *) * new_num_blindings);
uint8_t *new_blindings_inuse = OPENSSL_malloc(new_num_blindings);
@@ -429,10 +427,10 @@
sizeof(BN_BLINDING *) * rsa->num_blindings);
OPENSSL_memcpy(new_blindings_inuse, rsa->blindings_inuse, rsa->num_blindings);
- for (unsigned i = rsa->num_blindings; i < new_num_blindings; i++) {
+ for (size_t i = rsa->num_blindings; i < new_num_blindings; i++) {
new_blindings[i] = BN_BLINDING_new();
if (new_blindings[i] == NULL) {
- for (unsigned j = rsa->num_blindings; j < i; j++) {
+ for (size_t j = rsa->num_blindings; j < i; j++) {
BN_BLINDING_free(new_blindings[j]);
}
goto err;
@@ -466,7 +464,7 @@
// rsa_blinding_release marks the cached BN_BLINDING at the given index as free
// for other threads to use.
static void rsa_blinding_release(RSA *rsa, BN_BLINDING *blinding,
- unsigned blinding_index) {
+ size_t blinding_index) {
if (blinding_index == MAX_BLINDINGS_PER_RSA) {
// This blinding wasn't cached.
BN_BLINDING_free(blinding);
@@ -707,7 +705,7 @@
BIGNUM *f, *result;
BN_CTX *ctx = NULL;
- unsigned blinding_index = 0;
+ size_t blinding_index = 0;
BN_BLINDING *blinding = NULL;
int ret = 0;
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index 15ce1c7..a1c03cd 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -775,7 +775,7 @@
// num_blindings contains the size of the |blindings| and |blindings_inuse|
// arrays. This member and the |blindings_inuse| array are protected by
// |lock|.
- unsigned num_blindings;
+ size_t num_blindings;
// blindings is an array of BN_BLINDING structures that can be reserved by a
// thread by locking |lock| and changing the corresponding element in
// |blindings_inuse| from 0 to 1.
