From f4bbc2a3607d543693e5dcfb7eeafb4625e955b6 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Thu, 6 Aug 2015 10:42:27 -0400 Subject: [PATCH] Improve error checking of some |BN_CTX_get| callers. The documentation for |BN_CTX_get| states: "Once |BN_CTX_get| has returned NULL, all future calls will also return NULL until |BN_CTX_end| is called." Some code takes advantage of that guarantee by only checking the return value of the last call to |BN_CTX_get| in a series of calls. That is correct and the most efficient way of doing it. However, that pattern is inconsistent with most of the other uses of |BN_CTX_get|. Also, static analysis tools like Coverity cannot understand that pattern. This commit removes the instances of that pattern that Coverity complained about when scanning *ring*. Change-Id: Ie36d0223ea1caee460c7979547cf5bfd5fb16f93 Reviewed-on: https://boringssl-review.googlesource.com/5611 Reviewed-by: Adam Langley --- crypto/ec/oct.c | 2 +- crypto/ec/simple.c | 2 +- crypto/ecdsa/ecdsa.c | 2 +- crypto/rsa/rsa_impl.c | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/ec/oct.c b/crypto/ec/oct.c index b0519b63..cb50e172 100644 --- a/crypto/ec/oct.c +++ b/crypto/ec/oct.c @@ -231,7 +231,7 @@ static int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, BN_CTX_start(ctx); x = BN_CTX_get(ctx); y = BN_CTX_get(ctx); - if (y == NULL) { + if (x == NULL || y == NULL) { goto err; } diff --git a/crypto/ec/simple.c b/crypto/ec/simple.c index 3659dba9..c62199c1 100644 --- a/crypto/ec/simple.c +++ b/crypto/ec/simple.c @@ -524,7 +524,7 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, Z_1 = BN_CTX_get(ctx); Z_2 = BN_CTX_get(ctx); Z_3 = BN_CTX_get(ctx); - if (Z_3 == NULL) { + if (Z == NULL || Z_1 == NULL || Z_2 == NULL || Z_3 == NULL) { goto err; } diff --git a/crypto/ecdsa/ecdsa.c b/crypto/ecdsa/ecdsa.c index 1d1fc367..8403d60e 100644 --- a/crypto/ecdsa/ecdsa.c +++ b/crypto/ecdsa/ecdsa.c @@ -172,7 +172,7 @@ int ECDSA_do_verify(const uint8_t *digest, size_t digest_len, u2 = BN_CTX_get(ctx); m = BN_CTX_get(ctx); X = BN_CTX_get(ctx); - if (!X) { + if (order == NULL || u1 == NULL || u2 == NULL || m == NULL || X == NULL) { OPENSSL_PUT_ERROR(ECDSA, ERR_R_BN_LIB); goto err; } diff --git a/crypto/rsa/rsa_impl.c b/crypto/rsa/rsa_impl.c index d24f152c..e1dcaf35 100644 --- a/crypto/rsa/rsa_impl.c +++ b/crypto/rsa/rsa_impl.c @@ -840,7 +840,7 @@ static int keygen_multiprime(RSA *rsa, int bits, int num_primes, r1 = BN_CTX_get(ctx); r2 = BN_CTX_get(ctx); r3 = BN_CTX_get(ctx); - if (r3 == NULL) { + if (r0 == NULL || r1 == NULL || r2 == NULL || r3 == NULL) { goto err; }