summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBrent Cook <bcook@cvs.openbsd.org>2016-03-12 21:44:12 +0000
committerBrent Cook <bcook@cvs.openbsd.org>2016-03-12 21:44:12 +0000
commitda5942f11c556b822debe8132cce4c556791f8c4 (patch)
treef656270d4511949fccb35622f1648fa48ac3d3a8
parentb79ee23e66b1285c71ac7b0db7df12fa6700e5d9 (diff)
Add error handling to the remaining calls to bn_wexpand().
Noticed by pascal-cuoq from Github: https://github.com/libressl-portable/openbsd/issues/56 ok beck@
-rw-r--r--lib/libcrypto/bn/bn_gf2m.c11
-rw-r--r--lib/libcrypto/ec/ec2_mult.c28
2 files changed, 23 insertions, 16 deletions
diff --git a/lib/libcrypto/bn/bn_gf2m.c b/lib/libcrypto/bn/bn_gf2m.c
index 40c1a942200..d83ae291ec9 100644
--- a/lib/libcrypto/bn/bn_gf2m.c
+++ b/lib/libcrypto/bn/bn_gf2m.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_gf2m.c,v 1.20 2015/06/11 15:55:28 jsing Exp $ */
+/* $OpenBSD: bn_gf2m.c,v 1.21 2016/03/12 21:44:11 bcook Exp $ */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
@@ -702,18 +702,21 @@ BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
top = p->top;
BN_ULONG *udp, *bdp, *vdp, *cdp;
- bn_wexpand(u, top);
+ if (!bn_wexpand(u, top))
+ goto err;
udp = u->d;
for (i = u->top; i < top; i++)
udp[i] = 0;
u->top = top;
- bn_wexpand(b, top);
+ if (!bn_wexpand(b, top))
+ goto err;
bdp = b->d;
bdp[0] = 1;
for (i = 1; i < top; i++)
bdp[i] = 0;
b->top = top;
- bn_wexpand(c, top);
+ if (!bn_wexpand(c, top))
+ goto err;
cdp = c->d;
for (i = 0; i < top; i++)
cdp[i] = 0;
diff --git a/lib/libcrypto/ec/ec2_mult.c b/lib/libcrypto/ec/ec2_mult.c
index 8f0091efe1c..3812611702b 100644
--- a/lib/libcrypto/ec/ec2_mult.c
+++ b/lib/libcrypto/ec/ec2_mult.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec2_mult.c,v 1.7 2015/02/09 15:49:22 jsing Exp $ */
+/* $OpenBSD: ec2_mult.c,v 1.8 2016/03/12 21:44:11 bcook Exp $ */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
@@ -83,7 +83,7 @@
* GF(2^m) without precomputation" (CHES '99, LNCS 1717).
* modified to not require precomputation of c=b^{2^{m-1}}.
*/
-static int
+static int
gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, BN_CTX *ctx)
{
BIGNUM *t1;
@@ -122,7 +122,7 @@ err:
* Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over
* GF(2^m) without precomputation" (CHES '99, LNCS 1717).
*/
-static int
+static int
gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, BIGNUM *z1,
const BIGNUM *x2, const BIGNUM *z2, BN_CTX *ctx)
{
@@ -169,7 +169,7 @@ err:
* 1 if return value should be the point at infinity
* 2 otherwise
*/
-static int
+static int
gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIGNUM *x1,
BIGNUM *z1, BIGNUM *x2, BIGNUM *z2, BN_CTX *ctx)
{
@@ -258,7 +258,7 @@ err:
* To protect against side-channel attack the function uses constant time swap,
* avoiding conditional branches.
*/
-static int
+static int
ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r,
const BIGNUM *scalar, const EC_POINT *point, BN_CTX *ctx)
{
@@ -289,10 +289,14 @@ ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r,
x2 = &r->X;
z2 = &r->Y;
- bn_wexpand(x1, group->field.top);
- bn_wexpand(z1, group->field.top);
- bn_wexpand(x2, group->field.top);
- bn_wexpand(z2, group->field.top);
+ if (!bn_wexpand(x1, group->field.top))
+ goto err;
+ if (!bn_wexpand(z1, group->field.top))
+ goto err;
+ if (!bn_wexpand(x2, group->field.top))
+ goto err;
+ if (!bn_wexpand(z2, group->field.top))
+ goto err;
if (!BN_GF2m_mod_arr(x1, &point->X, group->poly))
goto err; /* x1 = x */
@@ -362,7 +366,7 @@ err:
* scalar*group->generator + scalars[0]*points[0] + ... + scalars[num-1]*points[num-1]
* gracefully ignoring NULL scalar values.
*/
-int
+int
ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx)
{
@@ -431,13 +435,13 @@ err:
/* Precomputation for point multiplication: fall back to wNAF methods
* because ec_GF2m_simple_mul() uses ec_wNAF_mul() if appropriate */
-int
+int
ec_GF2m_precompute_mult(EC_GROUP * group, BN_CTX * ctx)
{
return ec_wNAF_precompute_mult(group, ctx);
}
-int
+int
ec_GF2m_have_precompute_mult(const EC_GROUP * group)
{
return ec_wNAF_have_precompute_mult(group);