diff options
author | Rich Salz <rsalz@openssl.org> | 2016-11-15 18:54:28 -0500 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2016-11-15 19:03:18 -0500 |
commit | d18afb5bf29dc3b81b5f7a9eda2abde35041a441 (patch) | |
tree | 9c66c5792423c82d4710445ca21352042e8a0f42 /crypto/ec | |
parent | 18ad46297dcd44c1ac6c9f7f2f966e19c4d45e91 (diff) |
Check return value of some BN functions.
Factorise multiple bn_get_top(group->field) calls
Add missing checks on some conditional BN_copy return value
Add missing checks on some BN_copy return value
Add missing checks on a few bn_wexpand return value
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1626)
(cherry picked from commit 78e09b53a40729f5e99829ccc733b592bd22fea1)
Diffstat (limited to 'crypto/ec')
-rw-r--r-- | crypto/ec/ec2_mult.c | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/crypto/ec/ec2_mult.c b/crypto/ec/ec2_mult.c index d253eba51b..e4a1ec5737 100644 --- a/crypto/ec/ec2_mult.c +++ b/crypto/ec/ec2_mult.c @@ -223,7 +223,7 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, BN_CTX *ctx) { BIGNUM *x1, *x2, *z1, *z2; - int ret = 0, i; + int ret = 0, i, group_top; BN_ULONG mask, word; if (r == point) { @@ -253,10 +253,12 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, x2 = r->X; z2 = r->Y; - bn_wexpand(x1, bn_get_top(group->field)); - bn_wexpand(z1, bn_get_top(group->field)); - bn_wexpand(x2, bn_get_top(group->field)); - bn_wexpand(z2, bn_get_top(group->field)); + group_top = bn_get_top(group->field); + if (bn_wexpand(x1, group_top) == NULL + || bn_wexpand(z1, group_top) == NULL + || bn_wexpand(x2, group_top) == NULL + || bn_wexpand(z2, group_top) == NULL) + goto err; if (!BN_GF2m_mod_arr(x1, point->X, group->poly)) goto err; /* x1 = x */ @@ -285,14 +287,14 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, for (; i >= 0; i--) { word = bn_get_words(scalar)[i]; while (mask) { - BN_consttime_swap(word & mask, x1, x2, bn_get_top(group->field)); - BN_consttime_swap(word & mask, z1, z2, bn_get_top(group->field)); + BN_consttime_swap(word & mask, x1, x2, group_top); + BN_consttime_swap(word & mask, z1, z2, group_top); if (!gf2m_Madd(group, point->X, x2, z2, x1, z1, ctx)) goto err; if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; - BN_consttime_swap(word & mask, x1, x2, bn_get_top(group->field)); - BN_consttime_swap(word & mask, z1, z2, bn_get_top(group->field)); + BN_consttime_swap(word & mask, x1, x2, group_top); + BN_consttime_swap(word & mask, z1, z2, group_top); mask >>= 1; } mask = BN_TBIT; |