<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Apr 26, 2015 at 10:37 PM, Brian Smith <span dir="ltr"><<a href="mailto:brian@briansmith.org" target="_blank">brian@briansmith.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><span class="">On Fri, Apr 24, 2015 at 5:54 AM, Emilia Käsper <span dir="ltr"><<a href="mailto:emilia@openssl.org" target="_blank">emilia@openssl.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">commit c028254b12 fixes 1., 2. and 3. (also applied to 1.0.2).<div>commit 53dd4ddf71 fixes 5 and some of 4.</div><div><br></div><div>Still ploughing my way through the rest of error checking.</div><div> <br></div></div></blockquote><div><br></div></span><div>Great.</div><div><br></div><div>I want to call your attention to one particularly non-obvious failure to handle errors correctly:</div><div><br></div><div><div>static void ecp_nistz256_windowed_mul([...], P256_POINT *r, [...])</div><div>{<br></div><div> [...]</div><div><br></div><div> if ((num * 16 + 6) > OPENSSL_MALLOC_MAX_NELEMS(P256_POINT)<br></div><div> || (table_storage =</div><div> OPENSSL_malloc((num * 16 + 5) * sizeof(P256_POINT) + 64)) == NULL</div><div> || (p_str =</div><div> OPENSSL_malloc(num * 33 * sizeof(unsigned char))) == NULL</div><div> || (scalars = OPENSSL_malloc(num * sizeof(BIGNUM *))) == NULL) {</div><div> ECerr(EC_F_ECP_NISTZ256_WINDOWED_MUL, ERR_R_MALLOC_FAILURE);</div><div> goto err;</div><div> }</div><div> </div><div> [...]</div><div><br></div></div><div>err:</div><div> [...]</div><div>}</div><div><br></div><div>ecp_nistz256_windowed_mul checks for errors, but it doesn't report the fact that an error occurred to the caller, because it has return type |void|. And, the caller doesn't check that ecp_nistz256_windowed_mul failed; it can't because of the void return type.</div></div></div></div></blockquote><div><br></div><div>Thanks again, I would have missed that!</div><div><br></div><div>I hope I got it all now. Scroll past commit 5956b110e3 (master) or 07977739f0 (1.0.2) for all the changes.</div><div><br></div><div>Cheers,</div><div>Emilia</div><div><br></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div><br></div><div>Cheers,</div><div>Brian</div><div><br></div></div></div></div>
<br>_______________________________________________<br>
openssl-dev mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-dev" target="_blank">https://mta.openssl.org/mailman/listinfo/openssl-dev</a><br>
<br></blockquote></div><br></div></div>