Commit 78e09b53 authored by Rich Salz's avatar Rich Salz
Browse files

Check return value of some BN functions. 



Factorise multiple bn_get_top(group->field) calls
Add missing checks on some conditional BN_copy return value
Add missing checks on some BN_copy return value
Add missing checks on a few bn_wexpand return value

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1626)
parent dfc3ffe5

crypto/bn/bn_exp.c

+3 −2
Original line number Diff line number Diff line
@@ -78,8 +78,9 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) 
                goto err;

        }

    }

    if (r != rr)

        BN_copy(r, rr);

    if (r != rr && BN_copy(r, rr) == NULL)

        goto err;



    ret = 1;

 err:

    BN_CTX_end(ctx);

crypto/bn/bn_mul.c

+3 −2
Original line number Diff line number Diff line
@@ -970,8 +970,9 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) 
 end:

#endif

    bn_correct_top(rr);

    if (r != rr)

        BN_copy(r, rr);

    if (r != rr && BN_copy(r, rr) == NULL)

        goto err;



    ret = 1;

 err:

    bn_check_top(r);

crypto/bn/bn_prime.c

+2 −1
Original line number Diff line number Diff line
@@ -240,7 +240,8 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, 
        BIGNUM *t;

        if ((t = BN_CTX_get(ctx)) == NULL)

            goto err;

        BN_copy(t, a);

        if (BN_copy(t, a) == NULL)

            goto err;

        t->neg = 0;

        A = t;

    } else

crypto/bn/bn_sqr.c

+3 −2
Original line number Diff line number Diff line
@@ -90,8 +90,9 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) 
        rr->top = max - 1;

    else

        rr->top = max;

    if (rr != r)

        BN_copy(r, rr);

    if (r != rr && BN_copy(r, rr) == NULL)

        goto err;



    ret = 1;

 err:

    bn_check_top(rr);

crypto/ec/ec2_mult.c

+11 −9
Original line number Diff line number Diff line
@@ -223,7 +223,7 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, 
                                             BN_CTX *ctx)

{

    BIGNUM *x1, *x2, *z1, *z2;

    int ret = 0, i;

    int ret = 0, i, group_top;

    BN_ULONG mask, word;



    if (r == point) {
@@ -253,10 +253,12 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, 
    x2 = r->X;

    z2 = r->Y;



    bn_wexpand(x1, bn_get_top(group->field));

    bn_wexpand(z1, bn_get_top(group->field));

    bn_wexpand(x2, bn_get_top(group->field));

    bn_wexpand(z2, bn_get_top(group->field));

    group_top = bn_get_top(group->field);

    if (bn_wexpand(x1, group_top) == NULL

        || bn_wexpand(z1, group_top) == NULL

        || bn_wexpand(x2, group_top) == NULL

        || bn_wexpand(z2, group_top) == NULL)

        goto err;



    if (!BN_GF2m_mod_arr(x1, point->X, group->poly))

        goto err;               /* x1 = x */
@@ -285,14 +287,14 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, 
    for (; i >= 0; i--) {

        word = bn_get_words(scalar)[i];

        while (mask) {

            BN_consttime_swap(word & mask, x1, x2, bn_get_top(group->field));

            BN_consttime_swap(word & mask, z1, z2, bn_get_top(group->field));

            BN_consttime_swap(word & mask, x1, x2, group_top);

            BN_consttime_swap(word & mask, z1, z2, group_top);

            if (!gf2m_Madd(group, point->X, x2, z2, x1, z1, ctx))

                goto err;

            if (!gf2m_Mdouble(group, x1, z1, ctx))

                goto err;

            BN_consttime_swap(word & mask, x1, x2, bn_get_top(group->field));

            BN_consttime_swap(word & mask, z1, z2, bn_get_top(group->field));

            BN_consttime_swap(word & mask, x1, x2, group_top);

            BN_consttime_swap(word & mask, z1, z2, group_top);

            mask >>= 1;

        }

        mask = BN_TBIT;