From: Bernd Edlinger Date: Mon, 6 Apr 2020 08:41:36 +0000 (+0200) Subject: Fix the error handling in EC_POINTs_mul X-Git-Tag: openssl-3.0.0-alpha1~148 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=1eb9b54af7e00fa12196411964ce742ea8677766;p=oweals%2Fopenssl.git Fix the error handling in EC_POINTs_mul This was pointed out by a false-positive -fsanitizer warning ;-) However from the cryptographical POV the code is wrong: A point R^0 on the wrong curve is infinity on the wrong curve. [extended tests] Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/11475) --- diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 5540ec1bc2..f90d833914 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -1051,14 +1051,14 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, BN_CTX *new_ctx = NULL; #endif - if ((scalar == NULL) && (num == 0)) { - return EC_POINT_set_to_infinity(group, r); - } - if (!ec_point_is_compat(r, group)) { ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); return 0; } + + if (scalar == NULL && num == 0) + return EC_POINT_set_to_infinity(group, r); + for (i = 0; i < num; i++) { if (!ec_point_is_compat(points[i], group)) { ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);