diff options
Diffstat (limited to 'src/lib/libcrypto/ec/ec_mult.c')
| -rw-r--r-- | src/lib/libcrypto/ec/ec_mult.c | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/src/lib/libcrypto/ec/ec_mult.c b/src/lib/libcrypto/ec/ec_mult.c index 2ba173ef36..f05df5332e 100644 --- a/src/lib/libcrypto/ec/ec_mult.c +++ b/src/lib/libcrypto/ec/ec_mult.c | |||
| @@ -224,6 +224,12 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) | |||
| 224 | sign = -1; | 224 | sign = -1; |
| 225 | } | 225 | } |
| 226 | 226 | ||
| 227 | if (scalar->d == NULL || scalar->top == 0) | ||
| 228 | { | ||
| 229 | ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); | ||
| 230 | goto err; | ||
| 231 | } | ||
| 232 | |||
| 227 | len = BN_num_bits(scalar); | 233 | len = BN_num_bits(scalar); |
| 228 | r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer than binary representation | 234 | r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer than binary representation |
| 229 | * (*ret_len will be set to the actual length, i.e. at most | 235 | * (*ret_len will be set to the actual length, i.e. at most |
| @@ -233,12 +239,6 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) | |||
| 233 | ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE); | 239 | ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE); |
| 234 | goto err; | 240 | goto err; |
| 235 | } | 241 | } |
| 236 | |||
| 237 | if (scalar->d == NULL || scalar->top == 0) | ||
| 238 | { | ||
| 239 | ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); | ||
| 240 | goto err; | ||
| 241 | } | ||
| 242 | window_val = scalar->d[0] & mask; | 242 | window_val = scalar->d[0] & mask; |
| 243 | j = 0; | 243 | j = 0; |
| 244 | while ((window_val != 0) || (j + w + 1 < len)) /* if j+w+1 >= len, window_val will not increase */ | 244 | while ((window_val != 0) || (j + w + 1 < len)) /* if j+w+1 >= len, window_val will not increase */ |
| @@ -419,7 +419,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, | |||
| 419 | if (numblocks > pre_comp->numblocks) | 419 | if (numblocks > pre_comp->numblocks) |
| 420 | numblocks = pre_comp->numblocks; | 420 | numblocks = pre_comp->numblocks; |
| 421 | 421 | ||
| 422 | pre_points_per_block = 1u << (pre_comp->w - 1); | 422 | pre_points_per_block = (size_t)1 << (pre_comp->w - 1); |
| 423 | 423 | ||
| 424 | /* check that pre_comp looks sane */ | 424 | /* check that pre_comp looks sane */ |
| 425 | if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) | 425 | if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) |
| @@ -461,7 +461,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, | |||
| 461 | 461 | ||
| 462 | bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar); | 462 | bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar); |
| 463 | wsize[i] = EC_window_bits_for_scalar_size(bits); | 463 | wsize[i] = EC_window_bits_for_scalar_size(bits); |
| 464 | num_val += 1u << (wsize[i] - 1); | 464 | num_val += (size_t)1 << (wsize[i] - 1); |
| 465 | wNAF[i + 1] = NULL; /* make sure we always have a pivot */ | 465 | wNAF[i + 1] = NULL; /* make sure we always have a pivot */ |
| 466 | wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i]); | 466 | wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i]); |
| 467 | if (wNAF[i] == NULL) | 467 | if (wNAF[i] == NULL) |
| @@ -600,7 +600,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, | |||
| 600 | for (i = 0; i < num + num_scalar; i++) | 600 | for (i = 0; i < num + num_scalar; i++) |
| 601 | { | 601 | { |
| 602 | val_sub[i] = v; | 602 | val_sub[i] = v; |
| 603 | for (j = 0; j < (1u << (wsize[i] - 1)); j++) | 603 | for (j = 0; j < ((size_t)1 << (wsize[i] - 1)); j++) |
| 604 | { | 604 | { |
| 605 | *v = EC_POINT_new(group); | 605 | *v = EC_POINT_new(group); |
| 606 | if (*v == NULL) goto err; | 606 | if (*v == NULL) goto err; |
| @@ -636,7 +636,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, | |||
| 636 | if (wsize[i] > 1) | 636 | if (wsize[i] > 1) |
| 637 | { | 637 | { |
| 638 | if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx)) goto err; | 638 | if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx)) goto err; |
| 639 | for (j = 1; j < (1u << (wsize[i] - 1)); j++) | 639 | for (j = 1; j < ((size_t)1 << (wsize[i] - 1)); j++) |
| 640 | { | 640 | { |
| 641 | if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) goto err; | 641 | if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) goto err; |
| 642 | } | 642 | } |
| @@ -820,7 +820,7 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) | |||
| 820 | 820 | ||
| 821 | numblocks = (bits + blocksize - 1) / blocksize; /* max. number of blocks to use for wNAF splitting */ | 821 | numblocks = (bits + blocksize - 1) / blocksize; /* max. number of blocks to use for wNAF splitting */ |
| 822 | 822 | ||
| 823 | pre_points_per_block = 1u << (w - 1); | 823 | pre_points_per_block = (size_t)1 << (w - 1); |
| 824 | num = pre_points_per_block * numblocks; /* number of points to compute and store */ | 824 | num = pre_points_per_block * numblocks; /* number of points to compute and store */ |
| 825 | 825 | ||
| 826 | points = OPENSSL_malloc(sizeof (EC_POINT*)*(num + 1)); | 826 | points = OPENSSL_malloc(sizeof (EC_POINT*)*(num + 1)); |