Get overflow checks right in BN_bin2bn. BN_bin2bn takes a size_t as it should, but it passes that into bn_wexpand which takes unsigned. Switch bn_wexpand and bn_expand to take size_t before they check bounds against INT_MAX. BIGNUM itself still uses int everywhere and we may want to audit all the arithmetic at some point. Although I suspect having bn_expand require that the number of bits fit in an int is sufficient to make everything happy, unless we're doing interesting arithmetic on the number of bits somewhere. Change-Id: Id191a4a095adb7c938cde6f5a28bee56644720c6 Reviewed-on: https://boringssl-review.googlesource.com/5680 Reviewed-by: Adam Langley <agl@google.com>

commit: 719220ec8ea71081c521e4d6fbcf11424a8a6ffa [log] [tgz]
author: David Benjamin <davidben@chromium.org> Tue Aug 11 12:05:02 2015 -0400
committer: Adam Langley <agl@google.com> Mon Aug 17 20:30:00 2015 +0000
tree: 36018c1f2146eca215bdfa32eade949a1cc5ff22
parent: 0257cffb4e5eaed6b89746c37a770eff2683becf [diff] [blame]
diff --git a/crypto/bn/internal.h b/crypto/bn/internal.h
index 2674b3c..0d0eb44 100644
--- a/crypto/bn/internal.h
+++ b/crypto/bn/internal.h

@@ -136,9 +136,9 @@
 extern "C" {
 #endif
 
-/* bn_expand acts the same as |BN_wexpand|, but takes a number of bits rather
+/* bn_expand acts the same as |bn_wexpand|, but takes a number of bits rather
  * than a number of words. */
-BIGNUM *bn_expand(BIGNUM *bn, unsigned bits);
+BIGNUM *bn_expand(BIGNUM *bn, size_t bits);
 
 #if defined(OPENSSL_64_BIT)
commit	719220ec8ea71081c521e4d6fbcf11424a8a6ffa	[log] [tgz]
author	David Benjamin <davidben@chromium.org>	Tue Aug 11 12:05:02 2015 -0400
committer	Adam Langley <agl@google.com>	Mon Aug 17 20:30:00 2015 +0000
tree	36018c1f2146eca215bdfa32eade949a1cc5ff22
parent	0257cffb4e5eaed6b89746c37a770eff2683becf [diff] [blame]