Fix Coverity 1498612 & 1503221: integer overflow

Both are the same issue and both as false positives. Annotate the line so that this is ignored. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/18012)
author: Pauli <pauli@openssl.org> 2022-04-01 09:33:17 +1100
committer: Pauli <ppzgs1@gmail.com> 2022-04-03 12:53:13 +1000
commit: 766a7d4676f08f815dd5070409e94954f4b64c6c (patch)
tree: 01770d8e022ac072d93b230c41a677a90a491343 /crypto/ec/curve448
parent: 07342bad1bf850657e1a1f21188ee9a8a75e3a19 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/crypto/ec/curve448/curve448.c b/crypto/ec/curve448/curve448.c
index 4db72cd28d..2fbeb45612 100644
--- a/crypto/ec/curve448/curve448.c
+++ b/crypto/ec/curve448/curve448.c
@@ -586,9 +586,15 @@ static int recode_wnaf(struct smvt_control *control,
             int32_t delta = odd & mask;
 
             assert(position >= 0);
-            assert(pos < 32);       /* can't fail since current & 0xFFFF != 0 */
             if (odd & (1 << (table_bits + 1)))
                 delta -= (1 << (table_bits + 1));
+            /*
+             * Coverity gets confused by the value of pos, thinking it might be
+             * 32.  This would require current & 0xFFFF to be zero which isn't
+             * possible.  Suppress this false positive, since adding a check
+             * isn't desirable.
+             */
+            /* coverity[overflow_before_widen] */
             current -= delta * (1 << pos);
             control[position].power = pos + 16 * (w - 1);
             control[position].addend = delta;
author	Pauli <pauli@openssl.org>	2022-04-01 09:33:17 +1100
committer	Pauli <ppzgs1@gmail.com>	2022-04-03 12:53:13 +1000
commit	766a7d4676f08f815dd5070409e94954f4b64c6c (patch)
tree	01770d8e022ac072d93b230c41a677a90a491343 /crypto/ec/curve448
parent	07342bad1bf850657e1a1f21188ee9a8a75e3a19 (diff)