[openssl] master update

bernd.edlinger at hotmail.de bernd.edlinger at hotmail.de
Tue Apr 7 11:21:56 UTC 2020


The branch master has been updated
       via  1eb9b54af7e00fa12196411964ce742ea8677766 (commit)
      from  d803930448476c3a6c50904b1cfb5ef20433652f (commit)


- Log -----------------------------------------------------------------
commit 1eb9b54af7e00fa12196411964ce742ea8677766
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date:   Mon Apr 6 10:41:36 2020 +0200

    Fix the error handling in EC_POINTs_mul
    
    This was pointed out by a false-positive
    -fsanitizer warning ;-)
    
    However from the cryptographical POV the
    code is wrong:
    A point R^0 on the wrong curve
    is infinity on the wrong curve.
    
    [extended tests]
    
    Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
    (Merged from https://github.com/openssl/openssl/pull/11475)

-----------------------------------------------------------------------

Summary of changes:
 crypto/ec/ec_lib.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index 5540ec1bc2..f90d833914 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -1051,14 +1051,14 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
     BN_CTX *new_ctx = NULL;
 #endif
 
-    if ((scalar == NULL) && (num == 0)) {
-        return EC_POINT_set_to_infinity(group, r);
-    }
-
     if (!ec_point_is_compat(r, group)) {
         ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
         return 0;
     }
+
+    if (scalar == NULL && num == 0)
+        return EC_POINT_set_to_infinity(group, r);
+
     for (i = 0; i < num; i++) {
         if (!ec_point_is_compat(points[i], group)) {
             ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);


More information about the openssl-commits mailing list