Get overflow checks right in BN_bin2bn. BN_bin2bn takes a size_t as it should, but it passes that into bn_wexpand which takes unsigned. Switch bn_wexpand and bn_expand to take size_t before they check bounds against INT_MAX. BIGNUM itself still uses int everywhere and we may want to audit all the arithmetic at some point. Although I suspect having bn_expand require that the number of bits fit in an int is sufficient to make everything happy, unless we're doing interesting arithmetic on the number of bits somewhere. Change-Id: Id191a4a095adb7c938cde6f5a28bee56644720c6 Reviewed-on: https://boringssl-review.googlesource.com/5680 Reviewed-by: Adam Langley <agl@google.com>

commit: 719220ec8ea71081c521e4d6fbcf11424a8a6ffa [log] [tgz]
author: David Benjamin <davidben@chromium.org> Tue Aug 11 12:05:02 2015 -0400
committer: Adam Langley <agl@google.com> Mon Aug 17 20:30:00 2015 +0000
tree: 36018c1f2146eca215bdfa32eade949a1cc5ff22
parent: 0257cffb4e5eaed6b89746c37a770eff2683becf [diff] [blame]
diff --git a/include/openssl/bn.h b/include/openssl/bn.h
index f84aba5..70c0546 100644
--- a/include/openssl/bn.h
+++ b/include/openssl/bn.h

@@ -322,7 +322,7 @@
 /* bn_wexpand ensures that |bn| has at least |words| works of space without
  * altering its value. It returns one on success or zero on allocation
  * failure. */
-OPENSSL_EXPORT BIGNUM *bn_wexpand(BIGNUM *bn, unsigned words);
+OPENSSL_EXPORT BIGNUM *bn_wexpand(BIGNUM *bn, size_t words);
 
 
 /* BIGNUM pools.
commit	719220ec8ea71081c521e4d6fbcf11424a8a6ffa	[log] [tgz]
author	David Benjamin <davidben@chromium.org>	Tue Aug 11 12:05:02 2015 -0400
committer	Adam Langley <agl@google.com>	Mon Aug 17 20:30:00 2015 +0000
tree	36018c1f2146eca215bdfa32eade949a1cc5ff22
parent	0257cffb4e5eaed6b89746c37a770eff2683becf [diff] [blame]