diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2020-04-06 10:41:36 +0200 |
---|---|---|
committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2020-04-07 13:22:44 +0200 |
commit | 5dc91f44a90b72f5c0a79ab9a19d0f2fa0bbac1f (patch) | |
tree | 7cd0ff4211e05549454c6c07846c4c08db1849a2 /crypto | |
parent | f9f2e609db4de8d1f2022189a99c8277c3f6289d (diff) |
Fix the error handling in EC_POINTs_mul
This was pointed out by a false-positive
-fsanitizer warning ;-)
However from the cryptographical POV the
code is wrong:
A point R^0 on the wrong curve
is infinity on the wrong curve.
[extended tests]
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11475)
(cherry picked from commit 1eb9b54af7e00fa12196411964ce742ea8677766)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/ec/ec_lib.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 3554ada827..22b00e203d 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -1007,14 +1007,14 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t i = 0; BN_CTX *new_ctx = NULL; - if ((scalar == NULL) && (num == 0)) { - return EC_POINT_set_to_infinity(group, r); - } - if (!ec_point_is_compat(r, group)) { ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); return 0; } + + if (scalar == NULL && num == 0) + return EC_POINT_set_to_infinity(group, r); + for (i = 0; i < num; i++) { if (!ec_point_is_compat(points[i], group)) { ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); |