diff options
| author | Nicola Tuveri <nic.tuv@gmail.com> | 2020-05-22 19:50:17 +0300 |
|---|---|---|
| committer | Nicola Tuveri <nic.tuv@gmail.com> | 2020-05-24 20:13:31 +0300 |
| commit | 9c47a3386d6733512b72f5fab43bffba6a1fe72b (patch) | |
| tree | fbc8403992c69fc74cc5518ecfd7a18986cd32b6 /crypto/ec | |
| parent | 6e15b81c340e8124e45a92a2dbcd923c2ba4e79f (diff) | |
Fix coverity issues in EC after #11807
This should fix 2 issues detected by Coverity and introduced with
https://github.com/openssl/openssl/pull/11807
- CID 1463577: Memory - corruptions (ARRAY_VS_SINGLETON)
- CID 1463573: Memory - corruptions (ARRAY_VS_SINGLETON)
In practice the tests seem to show that they both aren't real issues,
yet I believe this small change should appease the scanner and at the
same time improve clarity for the reader.
Here is the original report:
```
** CID 1463577: Memory - corruptions (ARRAY_VS_SINGLETON)
________________________________________________________________________________________________________
*** CID 1463577: Memory - corruptions (ARRAY_VS_SINGLETON)
/crypto/ec/ec_lib.c: 1123 in EC_POINT_mul()
1117
1118 if (group->meth->mul != NULL)
1119 ret = group->meth->mul(group, r, g_scalar, point != NULL
1120 && p_scalar != NULL, &point, &p_scalar, ctx);
1121 else
1122 /* use default */
CID 1463577: Memory - corruptions (ARRAY_VS_SINGLETON)
Passing "&point" to function "ec_wNAF_mul" which uses it as an array. This might corrupt or misinterpret adjacent memory locations.
1123 ret = ec_wNAF_mul(group, r, g_scalar, point != NULL
1124 && p_scalar != NULL, &point, &p_scalar, ctx);
1125
1126 #ifndef FIPS_MODULE
1127 BN_CTX_free(new_ctx);
1128 #endif
** CID 1463573: Memory - corruptions (ARRAY_VS_SINGLETON)
________________________________________________________________________________________________________
*** CID 1463573: Memory - corruptions (ARRAY_VS_SINGLETON)
/crypto/ec/ec_lib.c: 1123 in EC_POINT_mul()
1117
1118 if (group->meth->mul != NULL)
1119 ret = group->meth->mul(group, r, g_scalar, point != NULL
1120 && p_scalar != NULL, &point, &p_scalar, ctx);
1121 else
1122 /* use default */
CID 1463573: Memory - corruptions (ARRAY_VS_SINGLETON)
Passing "&p_scalar" to function "ec_wNAF_mul" which uses it as an array. This might corrupt or misinterpret adjacent memory locations.
1123 ret = ec_wNAF_mul(group, r, g_scalar, point != NULL
1124 && p_scalar != NULL, &point, &p_scalar, ctx);
1125
1126 #ifndef FIPS_MODULE
1127 BN_CTX_free(new_ctx);
1128 #endif
```
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11919)
Diffstat (limited to 'crypto/ec')
| -rw-r--r-- | crypto/ec/ec_lib.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 4d88b28a98..1b2ddc2b44 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -1095,6 +1095,7 @@ int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx) { int ret = 0; + size_t num; #ifndef FIPS_MODULE BN_CTX *new_ctx = NULL; #endif @@ -1117,13 +1118,12 @@ int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, return 0; } + num = (point != NULL && p_scalar != NULL) ? 1 : 0; if (group->meth->mul != NULL) - ret = group->meth->mul(group, r, g_scalar, point != NULL - && p_scalar != NULL, &point, &p_scalar, ctx); + ret = group->meth->mul(group, r, g_scalar, num, &point, &p_scalar, ctx); else /* use default */ - ret = ec_wNAF_mul(group, r, g_scalar, point != NULL - && p_scalar != NULL, &point, &p_scalar, ctx); + ret = ec_wNAF_mul(group, r, g_scalar, num, &point, &p_scalar, ctx); #ifndef FIPS_MODULE BN_CTX_free(new_ctx); |