[openssl-dev] ecp_nistz256 correctness/constant-timedness
Brian Smith
brian at briansmith.org
Sun Apr 26 20:37:42 UTC 2015
On Fri, Apr 24, 2015 at 5:54 AM, Emilia Käsper <emilia at openssl.org> wrote:
> commit c028254b12 fixes 1., 2. and 3. (also applied to 1.0.2).
> commit 53dd4ddf71 fixes 5 and some of 4.
>
> Still ploughing my way through the rest of error checking.
>
>
Great.
I want to call your attention to one particularly non-obvious failure to
handle errors correctly:
static void ecp_nistz256_windowed_mul([...], P256_POINT *r, [...])
{
[...]
if ((num * 16 + 6) > OPENSSL_MALLOC_MAX_NELEMS(P256_POINT)
|| (table_storage =
OPENSSL_malloc((num * 16 + 5) * sizeof(P256_POINT) + 64)) ==
NULL
|| (p_str =
OPENSSL_malloc(num * 33 * sizeof(unsigned char))) == NULL
|| (scalars = OPENSSL_malloc(num * sizeof(BIGNUM *))) == NULL) {
ECerr(EC_F_ECP_NISTZ256_WINDOWED_MUL, ERR_R_MALLOC_FAILURE);
goto err;
}
[...]
err:
[...]
}
ecp_nistz256_windowed_mul checks for errors, but it doesn't report the fact
that an error occurred to the caller, because it has return type |void|.
And, the caller doesn't check that ecp_nistz256_windowed_mul failed; it
can't because of the void return type.
Cheers,
Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150426/275a9f92/attachment.html>
More information about the openssl-dev
mailing list