NISTZ256: don't swallow malloc errors

Reviewed-by: N Rich Salz <rsalz@openssl.org>

NISTZ256: don't swallow malloc errors
Reviewed-by: N Rich Salz <rsalz@openssl.org>
a4d5269e · Emilia Kasper · 4446044a · a4d5269e
隐藏空白更改
内联并排

Showing with 12 addition and 12 deletion

crypto/ec/ecp_nistz256.c crypto/ec/ecp_nistz256.c +12 -12

未找到文件。
--- a/crypto/ec/ecp_nistz256.c
+++ b/crypto/ec/ecp_nistz256.c
@@ -553,14 +553,14 @@ static int ecp_nistz256_bignum_to_field_elem(BN_ULONG out[P256_LIMBS],
 }

 /* r = sum(scalar[i]*point[i]) */
-static void ecp_nistz256_windowed_mul(const EC_GROUP *group,
+static int ecp_nistz256_windowed_mul(const EC_GROUP *group,
                                      P256_POINT *r,
                                      const BIGNUM **scalar,
                                      const EC_POINT **point,
                                      size_t num, BN_CTX *ctx)
 {
    size_t i;
-    int j;
+    int j, ret = 0;
    unsigned int idx;
    unsigned char (*p_str)[33] = NULL;
    const unsigned int window_size = 5;
@@ -719,6 +719,7 @@ static void ecp_nistz256_windowed_mul(const EC_GROUP *group,
        ecp_nistz256_point_add(r, r, &temp[0]);
    }

+    ret = 1;
 err:
    if (table_storage)
        OPENSSL_free(table_storage);
@@ -726,6 +727,7 @@ static void ecp_nistz256_windowed_mul(const EC_GROUP *group,
        OPENSSL_free(p_str);
    if (scalars)
        OPENSSL_free(scalars);
+    return ret;
 }

 /* Coordinates of G, for which we have precomputed tables */
@@ -1134,6 +1136,8 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group,
    const EC_PRE_COMP *pre_comp = NULL;
    const EC_POINT *generator = NULL;
    BN_CTX *new_ctx = NULL;
+    const BIGNUM **new_scalars = NULL;
+    const EC_POINT **new_points = NULL;
    unsigned int idx = 0;
    const unsigned int window_size = 7;
    const unsigned int mask = (1 << (window_size + 1)) - 1;
@@ -1298,9 +1302,6 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group,
         * Without a precomputed table for the generator, it has to be
         * handled like a normal point.
         */
-        const BIGNUM **new_scalars;
-        const EC_POINT **new_points;
-
        new_scalars = OPENSSL_malloc((num + 1) * sizeof(BIGNUM *));
        if (!new_scalars) {
            ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_MALLOC_FAILURE);
@@ -1309,7 +1310,6 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group,

        new_points = OPENSSL_malloc((num + 1) * sizeof(EC_POINT *));
        if (!new_points) {
-            OPENSSL_free(new_scalars);
            ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_MALLOC_FAILURE);
            goto err;
        }
@@ -1329,17 +1329,13 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group,
        if (p_is_infinity)
            out = &p.p;

-        ecp_nistz256_windowed_mul(group, out, scalars, points, num, ctx);
+        if (!ecp_nistz256_windowed_mul(group, out, scalars, points, num, ctx))
+            goto err;

        if (!p_is_infinity)
            ecp_nistz256_point_add(&p.p, &p.p, out);
    }

-    if (no_precomp_for_generator) {
-        OPENSSL_free(points);
-        OPENSSL_free(scalars);
-    }
-
    /* Not constant-time, but we're only operating on the public output. */
    if (!bn_set_words(r->X, p.p.X, P256_LIMBS) ||
        !bn_set_words(r->Y, p.p.Y, P256_LIMBS) ||
@@ -1354,6 +1350,10 @@ err:
    if (ctx)
        BN_CTX_end(ctx);
    BN_CTX_free(new_ctx);
+    if (new_points)
+        OPENSSL_free(new_points);
+    if (new_scalars)
+        OPENSSL_free(new_scalars);
    return ret;
 }