diff options
| author | David Benjamin <davidben@chromium.org> | 2015-02-11 09:17:18 +0300 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2015-02-12 02:14:04 +0300 |
| commit | 9ab14e00d5f9a1c9847137f1d6f776e18f59048b (patch) | |
| tree | 964acd8953118a55c0ef4e7e8a879844fb5a4f6f /crypto | |
| parent | 3673be7cb6611b373b9b1200999827a9b8df37a1 (diff) | |
Add in missing curly braces part 2.
ECC code.
Change-Id: I1a960620edbb30e10dcbab0e8053a1deb9db3262
Reviewed-on: https://boringssl-review.googlesource.com/3402
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/ec/ec.c | 24 | ||||
| -rw-r--r-- | crypto/ec/ec_key.c | 24 | ||||
| -rw-r--r-- | crypto/ec/ec_montgomery.c | 32 | ||||
| -rw-r--r-- | crypto/ec/oct.c | 31 | ||||
| -rw-r--r-- | crypto/ec/simple.c | 607 | ||||
| -rw-r--r-- | crypto/ec/wnaf.c | 148 | ||||
| -rw-r--r-- | crypto/ecdh/ecdh.c | 12 | ||||
| -rw-r--r-- | crypto/ecdsa/ecdsa.c | 27 | ||||
| -rw-r--r-- | crypto/ecdsa/ecdsa_test.c | 14 |
9 files changed, 515 insertions, 404 deletions
diff --git a/crypto/ec/ec.c b/crypto/ec/ec.c index f9d8dc5b..30f93461 100644 --- a/crypto/ec/ec.c +++ b/crypto/ec/ec.c @@ -357,22 +357,30 @@ err: EC_GROUP_free(group); group = NULL; } - if (P) + if (P) { EC_POINT_free(P); - if (ctx) + } + if (ctx) { BN_CTX_free(ctx); - if (p) + } + if (p) { BN_free(p); - if (a) + } + if (a) { BN_free(a); - if (b) + } + if (b) { BN_free(b); - if (order) + } + if (order) { BN_free(order); - if (x) + } + if (x) { BN_free(x); - if (y) + } + if (y) { BN_free(y); + } return group; } diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index c8f06248..7f4ffe6b 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -371,10 +371,12 @@ int EC_KEY_check_key(const EC_KEY *eckey) { ok = 1; err: - if (ctx != NULL) + if (ctx != NULL) { BN_CTX_free(ctx); - if (point != NULL) + } + if (point != NULL) { EC_POINT_free(point); + } return ok; } @@ -425,10 +427,12 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, ok = 1; err: - if (ctx) + if (ctx) { BN_CTX_free(ctx); - if (point) + } + if (point) { EC_POINT_free(point); + } return ok; } @@ -489,14 +493,18 @@ int EC_KEY_generate_key(EC_KEY *eckey) { ok = 1; err: - if (order) + if (order) { BN_free(order); - if (pub_key != NULL && eckey->pub_key == NULL) + } + if (pub_key != NULL && eckey->pub_key == NULL) { EC_POINT_free(pub_key); - if (priv_key != NULL && eckey->priv_key == NULL) + } + if (priv_key != NULL && eckey->priv_key == NULL) { BN_free(priv_key); - if (ctx != NULL) + } + if (ctx != NULL) { BN_CTX_free(ctx); + } return ok; } diff --git a/crypto/ec/ec_montgomery.c b/crypto/ec/ec_montgomery.c index ab04556a..b1c6fe89 100644 --- a/crypto/ec/ec_montgomery.c +++ b/crypto/ec/ec_montgomery.c @@ -160,20 +160,24 @@ int ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src) { dest->field_data2 = NULL; } - if (!ec_GFp_simple_group_copy(dest, src)) + if (!ec_GFp_simple_group_copy(dest, src)) { return 0; + } if (src->field_data1 != NULL) { dest->field_data1 = BN_MONT_CTX_new(); - if (dest->field_data1 == NULL) + if (dest->field_data1 == NULL) { return 0; - if (!BN_MONT_CTX_copy(dest->field_data1, src->field_data1)) + } + if (!BN_MONT_CTX_copy(dest->field_data1, src->field_data1)) { goto err; + } } if (src->field_data2 != NULL) { dest->field_data2 = BN_dup(src->field_data2); - if (dest->field_data2 == NULL) + if (dest->field_data2 == NULL) { goto err; + } } return 1; @@ -204,22 +208,23 @@ int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { return 0; + } } mont = BN_MONT_CTX_new(); - if (mont == NULL) + if (mont == NULL) { goto err; + } if (!BN_MONT_CTX_set(mont, p, ctx)) { OPENSSL_PUT_ERROR(EC, ec_GFp_mont_group_set_curve, ERR_R_BN_LIB); goto err; } one = BN_new(); - if (one == NULL) - goto err; - if (!BN_to_montgomery(one, BN_value_one(), mont, ctx)) + if (one == NULL || !BN_to_montgomery(one, BN_value_one(), mont, ctx)) { goto err; + } group->field_data1 = mont; mont = NULL; @@ -236,10 +241,12 @@ int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, } err: - if (new_ctx != NULL) + if (new_ctx != NULL) { BN_CTX_free(new_ctx); - if (mont != NULL) + } + if (mont != NULL) { BN_MONT_CTX_free(mont); + } return ret; } @@ -290,7 +297,8 @@ int ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, return 0; } - if (!BN_copy(r, group->field_data2)) + if (!BN_copy(r, group->field_data2)) { return 0; + } return 1; } diff --git a/crypto/ec/oct.c b/crypto/ec/oct.c index c4729efc..1cb7c2f0 100644 --- a/crypto/ec/oct.c +++ b/crypto/ec/oct.c @@ -227,40 +227,46 @@ static int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { return 0; + } } BN_CTX_start(ctx); x = BN_CTX_get(ctx); y = BN_CTX_get(ctx); - if (y == NULL) + if (y == NULL) { goto err; + } - if (!BN_bin2bn(buf + 1, field_len, x)) + if (!BN_bin2bn(buf + 1, field_len, x)) { goto err; + } if (BN_ucmp(x, &group->field) >= 0) { OPENSSL_PUT_ERROR(EC, ec_GFp_simple_oct2point, EC_R_INVALID_ENCODING); goto err; } if (form == POINT_CONVERSION_COMPRESSED) { - if (!EC_POINT_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx)) + if (!EC_POINT_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx)) { goto err; + } } else { - if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) + if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) { goto err; + } if (BN_ucmp(y, &group->field) >= 0) { OPENSSL_PUT_ERROR(EC, ec_GFp_simple_oct2point, EC_R_INVALID_ENCODING); goto err; } - if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) + if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) { goto err; + } } - if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */ - { + /* test required by X9.62 */ + if (!EC_POINT_is_on_curve(group, point, ctx)) { OPENSSL_PUT_ERROR(EC, ec_GFp_simple_oct2point, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } @@ -269,8 +275,9 @@ static int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, err: BN_CTX_end(ctx); - if (new_ctx != NULL) + if (new_ctx != NULL) { BN_CTX_free(new_ctx); + } return ret; } @@ -441,15 +448,17 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, goto err; } - if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) + if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) { goto err; + } ret = 1; err: BN_CTX_end(ctx); - if (new_ctx != NULL) + if (new_ctx != NULL) { BN_CTX_free(new_ctx); + } return ret; } diff --git a/crypto/ec/simple.c b/crypto/ec/simple.c index b3f96fa8..24781195 100644 --- a/crypto/ec/simple.c +++ b/crypto/ec/simple.c @@ -178,47 +178,57 @@ int ec_GFp_simple_group_set_curve(EC_GROUP *group, const BIGNUM *p, if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { return 0; + } } BN_CTX_start(ctx); tmp_a = BN_CTX_get(ctx); - if (tmp_a == NULL) + if (tmp_a == NULL) { goto err; + } /* group->field */ - if (!BN_copy(&group->field, p)) + if (!BN_copy(&group->field, p)) { goto err; + } BN_set_negative(&group->field, 0); /* group->a */ - if (!BN_nnmod(tmp_a, a, p, ctx)) + if (!BN_nnmod(tmp_a, a, p, ctx)) { goto err; + } if (group->meth->field_encode) { - if (!group->meth->field_encode(group, &group->a, tmp_a, ctx)) + if (!group->meth->field_encode(group, &group->a, tmp_a, ctx)) { goto err; - } else if (!BN_copy(&group->a, tmp_a)) + } + } else if (!BN_copy(&group->a, tmp_a)) { goto err; + } /* group->b */ - if (!BN_nnmod(&group->b, b, p, ctx)) + if (!BN_nnmod(&group->b, b, p, ctx)) { goto err; - if (group->meth->field_encode) - if (!group->meth->field_encode(group, &group->b, &group->b, ctx)) - goto err; + } + if (group->meth->field_encode && + !group->meth->field_encode(group, &group->b, &group->b, ctx)) { + goto err; + } /* group->a_is_minus3 */ - if (!BN_add_word(tmp_a, 3)) + if (!BN_add_word(tmp_a, 3)) { goto err; + } group->a_is_minus3 = (0 == BN_cmp(tmp_a, &group->field)); ret = 1; err: BN_CTX_end(ctx); - if (new_ctx != NULL) + if (new_ctx != NULL) { BN_CTX_free(new_ctx); + } return ret; } @@ -227,34 +237,30 @@ int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, int ret = 0; BN_CTX *new_ctx = NULL; - if (p != NULL) { - if (!BN_copy(p, &group->field)) - return 0; + if (p != NULL && !BN_copy(p, &group->field)) { + return 0; } if (a != NULL || b != NULL) { if (group->meth->field_decode) { if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { return 0; + } } - if (a != NULL) { - if (!group->meth->field_decode(group, a, &group->a, ctx)) - goto err; + if (a != NULL && !group->meth->field_decode(group, a, &group->a, ctx)) { + goto err; } - if (b != NULL) { - if (!group->meth->field_decode(group, b, &group->b, ctx)) - goto err; + if (b != NULL && !group->meth->field_decode(group, b, &group->b, ctx)) { + goto err; } } else { - if (a != NULL) { - if (!BN_copy(a, &group->a)) - goto err; + if (a != NULL && !BN_copy(a, &group->a)) { + goto err; } - if (b != NULL) { - if (!BN_copy(b, &group->b)) - goto err; + if (b != NULL && !BN_copy(b, &group->b)) { + goto err; } } } @@ -262,8 +268,9 @@ int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, ret = 1; err: - if (new_ctx) + if (new_ctx) { BN_CTX_free(new_ctx); + } return ret; } @@ -291,54 +298,56 @@ int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) { tmp_1 = BN_CTX_get(ctx); tmp_2 = BN_CTX_get(ctx); order = BN_CTX_get(ctx); - if (order == NULL) + if (order == NULL) { goto err; + } if (group->meth->field_decode) { - if (!group->meth->field_decode(group, a, &group->a, ctx)) - goto err; - if (!group->meth->field_decode(group, b, &group->b, ctx)) + if (!group->meth->field_decode(group, a, &group->a, ctx) || + !group->meth->field_decode(group, b, &group->b, ctx)) { goto err; + } } else { - if (!BN_copy(a, &group->a)) - goto err; - if (!BN_copy(b, &group->b)) + if (!BN_copy(a, &group->a) || !BN_copy(b, &group->b)) { goto err; + } } /* check the discriminant: * y^2 = x^3 + a*x + b is an elliptic curve <=> 4*a^3 + 27*b^2 != 0 (mod p) * 0 =< a, b < p */ if (BN_is_zero(a)) { - if (BN_is_zero(b)) + if (BN_is_zero(b)) { goto err; + } } else if (!BN_is_zero(b)) { - if (!BN_mod_sqr(tmp_1, a, p, ctx)) - goto err; - if (!BN_mod_mul(tmp_2, tmp_1, a, p, ctx)) - goto err; - if (!BN_lshift(tmp_1, tmp_2, 2)) + if (!BN_mod_sqr(tmp_1, a, p, ctx) || + !BN_mod_mul(tmp_2, tmp_1, a, p, ctx) || + !BN_lshift(tmp_1, tmp_2, 2)) { goto err; + } /* tmp_1 = 4*a^3 */ - if (!BN_mod_sqr(tmp_2, b, p, ctx)) - goto err; - if (!BN_mul_word(tmp_2, 27)) + if (!BN_mod_sqr(tmp_2, b, p, ctx) || + !BN_mul_word(tmp_2, 27)) { goto err; + } /* tmp_2 = 27*b^2 */ - if (!BN_mod_add(a, tmp_1, tmp_2, p, ctx)) - goto err; - if (BN_is_zero(a)) + if (!BN_mod_add(a, tmp_1, tmp_2, p, ctx) || + BN_is_zero(a)) { goto err; + } } ret = 1; err: - if (ctx != NULL) + if (ctx != NULL) { BN_CTX_end(ctx); - if (new_ctx != NULL) + } + if (new_ctx != NULL) { BN_CTX_free(new_ctx); + } return ret; } @@ -365,12 +374,11 @@ void ec_GFp_simple_point_clear_finish(EC_POINT *point) { } int ec_GFp_simple_point_copy(EC_POINT *dest, const EC_POINT *src) { - if (!BN_copy(&dest->X, &src->X)) - return 0; - if (!BN_copy(&dest->Y, &src->Y)) - return 0; - if (!BN_copy(&dest->Z, &src->Z)) + if (!BN_copy(&dest->X, &src->X) || + !BN_copy(&dest->Y, &src->Y) || + !BN_copy(&dest->Z, &src->Z)) { return 0; + } dest->Z_is_one = src->Z_is_one; return 1; @@ -391,41 +399,45 @@ int ec_GFp_simple_set_Jprojective_coordinates_GFp( if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { return 0; + } } if (x != NULL) { - if (!BN_nnmod(&point->X, x, &group->field, ctx)) + if (!BN_nnmod(&point->X, x, &group->field, ctx)) { + goto err; + } + if (group->meth->field_encode && + !group->meth->field_encode(group, &point->X, &point->X, ctx)) { goto err; - if (group->meth->field_encode) { - if (!group->meth->field_encode(group, &point->X, &point->X, ctx)) - goto err; } } if (y != NULL) { - if (!BN_nnmod(&point->Y, y, &group->field, ctx)) + if (!BN_nnmod(&point->Y, y, &group->field, ctx)) { + goto err; + } + if (group->meth->field_encode && + !group->meth->field_encode(group, &point->Y, &point->Y, ctx)) { goto err; - if (group->meth->field_encode) { - if (!group->meth->field_encode(group, &point->Y, &point->Y, ctx)) - goto err; } } if (z != NULL) { int Z_is_one; - if (!BN_nnmod(&point->Z, z, &group->field, ctx)) + if (!BN_nnmod(&point->Z, z, &group->field, ctx)) { goto err; + } Z_is_one = BN_is_one(&point->Z); if (group->meth->field_encode) { if (Z_is_one && (group->meth->field_set_to_one != 0)) { - if (!group->meth->field_set_to_one(group, &point->Z, ctx)) - goto err; - } else { - if (!group->meth->field_encode(group, &point->Z, &point->Z, ctx)) + if (!group->meth->field_set_to_one(group, &point->Z, ctx)) { goto err; + } + } else if (!group->meth->field_encode(group, &point->Z, &point->Z, ctx)) { + goto err; } } point->Z_is_one = Z_is_one; @@ -434,8 +446,9 @@ int ec_GFp_simple_set_Jprojective_coordinates_GFp( ret = 1; err: - if (new_ctx != NULL) + if (new_ctx != NULL) { BN_CTX_free(new_ctx); + } return ret; } @@ -449,42 +462,38 @@ int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group, if (group->meth->field_decode != 0) { if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { return 0; + } } - if (x != NULL) { - if (!group->meth->field_decode(group, x, &point->X, ctx)) - goto err; + if (x != NULL && !group->meth->field_decode(group, x, &point->X, ctx)) { + goto err; } - if (y != NULL) { - if (!group->meth->field_decode(group, y, &point->Y, ctx)) - goto err; + if (y != NULL && !group->meth->field_decode(group, y, &point->Y, ctx)) { + goto err; } - if (z != NULL) { - if (!group->meth->field_decode(group, z, &point->Z, ctx)) - goto err; + if (z != NULL && !group->meth->field_decode(group, z, &point->Z, ctx)) { + goto err; } } else { - if (x != NULL) { - if (!BN_copy(x, &point->X)) - goto err; + if (x != NULL && !BN_copy(x, &point->X)) { + goto err; } - if (y != NULL) { - if (!BN_copy(y, &point->Y)) - goto err; + if (y != NULL && !BN_copy(y, &point->Y)) { + goto err; } - if (z != NULL) { - if (!BN_copy(z, &point->Z)) - goto err; + if (z != NULL && !BN_copy(z, &point->Z)) { + goto err; } } ret = 1; err: - if (new_ctx != NULL) + if (new_ctx != NULL) { BN_CTX_free(new_ctx); + } return ret; } @@ -518,8 +527,9 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { return 0; + } } BN_CTX_start(ctx); @@ -527,14 +537,16 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, Z_1 = BN_CTX_get(ctx); Z_2 = BN_CTX_get(ctx); Z_3 = BN_CTX_get(ctx); - if (Z_3 == NULL) + if (Z_3 == NULL) { goto err; + } /* transform (X, Y, Z) into (x, y) := (X/Z^2, Y/Z^3) */ if (group->meth->field_decode) { - if (!group->meth->field_decode(group, Z, &point->Z, ctx)) + if (!group->meth->field_decode(group, Z, &point->Z, ctx)) { goto err; + } Z_ = Z; } else { Z_ = &point->Z; @@ -542,22 +554,18 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, if (BN_is_one(Z_)) { if (group->meth->field_decode) { - if (x != NULL) { - if (!group->meth->field_decode(group, x, &point->X, ctx)) - goto err; + if (x != NULL && !group->meth->field_decode(group, x, &point->X, ctx)) { + goto err; } - if (y != NULL) { - if (!group->meth->field_decode(group, y, &point->Y, ctx)) - goto err; + if (y != NULL && !group->meth->field_decode(group, y, &point->Y, ctx)) { + goto err; } } else { - if (x != NULL) { - if (!BN_copy(x, &point->X)) - goto err; + if (x != NULL && !BN_copy(x, &point->X)) { + goto err; } - if (y != NULL) { - if (!BN_copy(y, &point->Y)) - goto err; + if (y != NULL && !BN_copy(y, &point->Y)) { + goto err; } } } else { @@ -569,34 +577,34 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, if (group->meth->field_encode == 0) { /* field_sqr works on standard representation */ - if (!group->meth->field_sqr(group, Z_2, Z_1, ctx)) - goto err; - } else { - if (!BN_mod_sqr(Z_2, Z_1, &group->field, ctx)) + if (!group->meth->field_sqr(group, Z_2, Z_1, ctx)) { goto err; + } + } else if (!BN_mod_sqr(Z_2, Z_1, &group->field, ctx)) { + goto err; } - if (x != NULL) { - /* in the Montgomery case, field_mul will cancel out Montgomery factor in - * X: */ - if (!group->meth->field_mul(group, x, &point->X, Z_2, ctx)) - goto err; + /* in the Montgomery case, field_mul will cancel out Montgomery factor in + * X: */ + if (x != NULL && !group->meth->field_mul(group, x, &point->X, Z_2, ctx)) { + goto err; } if (y != NULL) { if (group->meth->field_encode == 0) { /* field_mul works on standard representation */ - if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx)) - goto err; - } else { - if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx)) + if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx)) { goto err; + } + } else if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx)) { + goto err; } /* in the Montgomery case, field_mul will cancel out Montgomery factor in * Y: */ - if (!group->meth->field_mul(group, y, &point->Y, Z_3, ctx)) + if (!group->meth->field_mul(group, y, &point->Y, Z_3, ctx)) { goto err; + } } } @@ -604,8 +612,9 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, err: BN_CTX_end(ctx); - if (new_ctx != NULL) + if (new_ctx != NULL) { BN_CTX_free(new_ctx); + } return ret; } @@ -619,12 +628,15 @@ int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6; int ret = 0; - if (a == b) + if (a == b) { return EC_POINT_dbl(group, r, a, ctx); - if (EC_POINT_is_at_infinity(group, a)) + } + if (EC_POINT_is_at_infinity(group, a)) { return EC_POINT_copy(r, b); - if (EC_POINT_is_at_infinity(group, b)) + } + if (EC_POINT_is_at_infinity(group, b)) { return EC_POINT_copy(r, a); + } field_mul = group->meth->field_mul; field_sqr = group->meth->field_sqr; @@ -632,8 +644,9 @@ int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { return 0; + } } BN_CTX_start(ctx); @@ -644,8 +657,9 @@ int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, n4 = BN_CTX_get(ctx); n5 = BN_CTX_get(ctx); n6 = BN_CTX_get(ctx); - if (n6 == NULL) + if (n6 == NULL) { goto end; + } /* Note that in this function we must not read components of 'a' or 'b' * once we have written the corresponding components of 'r'. @@ -654,53 +668,51 @@ int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, /* n1, n2 */ if (b->Z_is_one) { - if (!BN_copy(n1, &a->X)) - goto end; - if (!BN_copy(n2, &a->Y)) + if (!BN_copy(n1, &a->X) || !BN_copy(n2, &a->Y)) { goto end; + } /* n1 = X_a */ /* n2 = Y_a */ } else { - if (!field_sqr(group, n0, &b->Z, ctx)) - goto end; - if (!field_mul(group, n1, &a->X, n0, ctx)) + if (!field_sqr(group, n0, &b->Z, ctx) || + !field_mul(group, n1, &a->X, n0, ctx)) { goto end; + } /* n1 = X_a * Z_b^2 */ - if (!field_mul(group, n0, n0, &b->Z, ctx)) - goto end; - if (!field_mul(group, n2, &a->Y, n0, ctx)) + if (!field_mul(group, n0, n0, &b->Z, ctx) || + !field_mul(group, n2, &a->Y, n0, ctx)) { goto end; + } /* n2 = Y_a * Z_b^3 */ } /* n3, n4 */ if (a->Z_is_one) { - if (!BN_copy(n3, &b->X)) - goto end; - if (!BN_copy(n4, &b->Y)) + if (!BN_copy(n3, &b->X) || !BN_copy(n4, &b->Y)) { goto end; + } /* n3 = X_b */ /* n4 = Y_b */ } else { - if (!field_sqr(group, n0, &a->Z, ctx)) - goto end; - if (!field_mul(group, n3, &b->X, n0, ctx)) + if (!field_sqr(group, n0, &a->Z, ctx) || + !field_mul(group, n3, &b->X, n0, ctx)) { goto end; + } /* n3 = X_b * Z_a^2 */ - if (!field_mul(group, n0, n0, &a->Z, ctx)) - goto end; - if (!field_mul(group, n4, &b->Y, n0, ctx)) + if (!field_mul(group, n0, n0, &a->Z, ctx) || + !field_mul(group, n4, &b->Y, n0, ctx)) { goto end; + } /* n4 = Y_b * Z_a^3 */ } /* n5, n6 */ - if (!BN_mod_sub_quick(n5, n1, n3, p)) - goto end; - if (!BN_mod_sub_quick(n6, n2, n4, p)) + if (!BN_mod_sub_quick(n5, n1, n3, p) || + !BN_mod_sub_quick(n6, n2, n4, p)) { goto end; + } /* n5 = n1 - n3 */ /* n6 = n2 - n4 */ @@ -721,76 +733,81 @@ int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, } /* 'n7', 'n8' */ - if (!BN_mod_add_quick(n1, n1, n3, p)) - goto end; - if (!BN_mod_add_quick(n2, n2, n4, p)) + if (!BN_mod_add_quick(n1, n1, n3, p) || + !BN_mod_add_quick(n2, n2, n4, p)) { goto end; + } /* 'n7' = n1 + n3 */ /* 'n8' = n2 + n4 */ /* Z_r */ if (a->Z_is_one && b->Z_is_one) { - if (!BN_copy(&r->Z, n5)) + if (!BN_copy(&r->Z, n5)) { goto end; + } } else { if (a->Z_is_one) { - if (!BN_copy(n0, &b->Z)) + if (!BN_copy(n0, &b->Z)) { goto end; + } } else if (b->Z_is_one) { - if (!BN_copy(n0, &a->Z)) - goto end; - } else { - if (!field_mul(group, n0, &a->Z, &b->Z, ctx)) + if (!BN_copy(n0, &a->Z)) { goto end; + } + } else if (!field_mul(group, n0, &a->Z, &b->Z, ctx)) { + goto end; } - if (!field_mul(group, &r->Z, n0, n5, ctx)) + if (!field_mul(group, &r->Z, n0, n5, ctx)) { goto end; + } } r->Z_is_one = 0; /* Z_r = Z_a * Z_b * n5 */ /* X_r */ - if (!field_sqr(group, n0, n6, ctx)) - goto end; - if (!field_sqr(group, n4, n5, ctx)) - goto end; - if (!field_mul(group, n3, n1, n4, ctx)) - goto end; - if (!BN_mod_sub_quick(&r->X, n0, n3, p)) + if (!field_sqr(group, n0, n6, ctx) || + !field_sqr(group, n4, n5, ctx) || + !field_mul(group, n3, n1, n4, ctx) || + !BN_mod_sub_quick(&r->X, n0, n3, p)) { goto end; + } /* X_r = n6^2 - n5^2 * 'n7' */ /* 'n9' */ - if (!BN_mod_lshift1_quick(n0, &r->X, p)) - goto end; - if (!BN_mod_sub_quick(n0, n3, n0, p)) + if (!BN_mod_lshift1_quick(n0, &r->X, p) || + !BN_mod_sub_quick(n0, n3, n0, p)) { goto end; + } /* n9 = n5^2 * 'n7' - 2 * X_r */ /* Y_r */ - if (!field_mul(group, n0, n0, n6, ctx)) - goto end; - if (!field_mul(group, n5, n4, n5, ctx)) + if (!field_mul(group, n0, n0, n6, ctx) || + !field_mul(group, n5, n4, n5, ctx)) { goto end; /* now n5 is n5^3 */ - if (!field_mul(group, n1, n2, n5, ctx)) + } + if (!field_mul(group, n1, n2, n5, ctx) || + !BN_mod_sub_quick(n0, n0, n1, p)) { goto end; - if (!BN_mod_sub_quick(n0, n0, n1, p)) + } + if (BN_is_odd(n0) && !BN_add(n0, n0, p)) { goto end; - if (BN_is_odd(n0)) - if (!BN_add(n0, n0, p)) - goto end; + } /* now 0 <= n0 < 2*p, and n0 is even */ - if (!BN_rshift1(&r->Y, n0)) + if (!BN_rshift1(&r->Y, n0)) { goto end; + } /* Y_r = (n6 * 'n9' - 'n8' * 'n5^3') / 2 */ ret = 1; end: - if (ctx) /* otherwise we already called BN_CTX_end */ + if (ctx) { + /* otherwise we already called BN_CTX_end */ BN_CTX_end(ctx); - if (new_ctx != NULL) + } + if (new_ctx != NULL) { BN_CTX_free(new_ctx); + } return ret; } @@ -816,8 +833,9 @@ int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { return 0; + } } BN_CTX_start(ctx); @@ -825,8 +843,9 @@ int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, n1 = BN_CTX_get(ctx); n2 = BN_CTX_get(ctx); n3 = BN_CTX_get(ctx); - if (n3 == NULL) + if (n3 == NULL) { goto err; + } /* Note that in this function we must not read components of 'a' * once we have written the corresponding components of 'r'. @@ -835,108 +854,97 @@ int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, /* n1 */ if (a->Z_is_one) { - if (!field_sqr(group, n0, &a->X, ctx)) - goto err; - if (!BN_mod_lshift1_quick(n1, n0, p)) - goto err; - if (!BN_mod_add_quick(n0, n0, n1, p)) - goto err; - if (!BN_mod_add_quick(n1, n0, &group->a, p)) + if (!field_sqr(group, n0, &a->X, ctx) || + !BN_mod_lshift1_quick(n1, n0, p) || + !BN_mod_add_quick(n0, n0, n1, p) || + !BN_mod_add_quick(n1, n0, &group->a, p)) { goto err; + } /* n1 = 3 * X_a^2 + a_curve */ } else if (group->a_is_minus3) { - if (!field_sqr(group, n1, &a->Z, ctx)) - goto err; - if (!BN_mod_add_quick(n0, &a->X, n1, p)) - goto err; - if (!BN_mod_sub_quick(n2, &a->X, n1, p)) - goto err; - if (!field_mul(group, n1, n0, n2, ctx)) - goto err; - if (!BN_mod_lshift1_quick(n0, n1, p)) - goto err; - if (!BN_mod_add_quick(n1, n0, n1, p)) + if (!field_sqr(group, n1, &a->Z, ctx) || + !BN_mod_add_quick(n0, &a->X, n1, p) || + !BN_mod_sub_quick(n2, &a->X, n1, p) || + !field_mul(group, n1, n0, n2, ctx) || + !BN_mod_lshift1_quick(n0, n1, p) || + !BN_mod_add_quick(n1, n0, n1, p)) { goto err; + } /* n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2) * = 3 * X_a^2 - 3 * Z_a^4 */ } else { - if (!field_sqr(group, n0, &a->X, ctx)) - goto err; - if (!BN_mod_lshift1_quick(n1, n0, p)) - goto err; - if (!BN_mod_add_quick(n0, n0, n1, p)) - goto err; - if (!field_sqr(group, n1, &a->Z, ctx)) - goto err; - if (!field_sqr(group, n1, n1, ctx)) - goto err; - if (!field_mul(group, n1, n1, &group->a, ctx)) - goto err; - if (!BN_mod_add_quick(n1, n1, n0, p)) + if (!field_sqr(group, n0, &a->X, ctx) || + !BN_mod_lshift1_quick(n1, n0, p) || + !BN_mod_add_quick(n0, n0, n1, p) || + !field_sqr(group, n1, &a->Z, ctx) || + !field_sqr(group, n1, n1, ctx) || + !field_mul(group, n1, n1, &group->a, ctx) || + !BN_mod_add_quick(n1, n1, n0, p)) { goto err; + } /* n1 = 3 * X_a^2 + a_curve * Z_a^4 */ } /* Z_r */ if (a->Z_is_one) { - if (!BN_copy(n0, &a->Y)) - goto err; - } else { - if (!field_mul(group, n0, &a->Y, &a->Z, ctx)) + if (!BN_copy(n0, &a->Y)) { goto err; + } + } else if (!field_mul(group, n0, &a->Y, &a->Z, ctx)) { + goto err; } - if (!BN_mod_lshift1_quick(&r->Z, n0, p)) + if (!BN_mod_lshift1_quick(&r->Z, n0, p)) { goto err; + } r->Z_is_one = 0; /* Z_r = 2 * Y_a * Z_a */ /* n2 */ - if (!field_sqr(group, n3, &a->Y, ctx)) - goto err; - if (!field_mul(group, n2, &a->X, n3, ctx)) - goto err; - if (!BN_mod_lshift_quick(n2, n2, 2, p)) + if (!field_sqr(group, n3, &a->Y, ctx) || + !field_mul(group, n2, &a->X, n3, ctx) || + !BN_mod_lshift_quick(n2, n2, 2, p)) { goto err; + } /* n2 = 4 * X_a * Y_a^2 */ /* X_r */ - if (!BN_mod_lshift1_quick(n0, n2, p)) - goto err; - if (!field_sqr(group, &r->X, n1, ctx)) - goto err; - if (!BN_mod_sub_quick(&r->X, &r->X, n0, p)) + if (!BN_mod_lshift1_quick(n0, n2, p) || + !field_sqr(group, &r->X, n1, ctx) || + !BN_mod_sub_quick(&r->X, &r->X, n0, p)) { goto err; + } /* X_r = n1^2 - 2 * n2 */ /* n3 */ - if (!field_sqr(group, n0, n3, ctx)) - goto err; - if (!BN_mod_lshift_quick(n3, n0, 3, p)) + if (!field_sqr(group, n0, n3, ctx) || + !BN_mod_lshift_quick(n3, n0, 3, p)) { goto err; + } /* n3 = 8 * Y_a^4 */ /* Y_r */ - if (!BN_mod_sub_quick(n0, n2, &r->X, p)) - goto err; - if (!field_mul(group, n0, n1, n0, ctx)) - goto err; - if (!BN_mod_sub_quick(&r->Y, n0, n3, p)) + if (!BN_mod_sub_quick(n0, n2, &r->X, p) || + !field_mul(group, n0, n1, n0, ctx) || + !BN_mod_sub_quick(&r->Y, n0, n3, p)) { goto err; + } /* Y_r = n1 * (n2 - X_r) - n3 */ ret = 1; err: BN_CTX_end(ctx); - if (new_ctx != NULL) + if (new_ctx != NULL) { BN_CTX_free(new_ctx); + } return ret; } int ec_GFp_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) { - if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y)) + if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y)) { /* point is its own inverse */ return 1; + } return BN_usub(&point->Y, &group->field, &point->Y); } @@ -955,8 +963,9 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BIGNUM *rh, *tmp, *Z4, *Z6; int ret = -1; - if (EC_POINT_is_at_infinity(group, point)) + if (EC_POINT_is_at_infinity(group, point)) { return 1; + } field_mul = group->meth->field_mul; field_sqr = group->meth->field_sqr; @@ -964,8 +973,9 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { return -1; + } } BN_CTX_start(ctx); @@ -973,8 +983,9 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, tmp = BN_CTX_get(ctx); Z4 = BN_CTX_get(ctx); Z6 = BN_CTX_get(ctx); - if (Z6 == NULL) + if (Z6 == NULL) { goto err; + } /* We have a curve defined by a Weierstrass equation * y^2 = x^3 + a*x + b. @@ -987,64 +998,64 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, */ /* rh := X^2 */ - if (!field_sqr(group, rh, &point->X, ctx)) + if (!field_sqr(group, rh, &point->X, ctx)) { goto err; + } if (!point->Z_is_one) { - if (!field_sqr(group, tmp, &point->Z, ctx)) - goto err; - if (!field_sqr(group, Z4, tmp, ctx)) - goto err; - if (!field_mul(group, Z6, Z4, tmp, ctx)) + if (!field_sqr(group, tmp, &point->Z, ctx) || + !field_sqr(group, Z4, tmp, ctx) || + !field_mul(group, Z6, Z4, tmp, ctx)) { goto err; + } /* rh := (rh + a*Z^4)*X */ if (group->a_is_minus3) { - if (!BN_mod_lshift1_quick(tmp, Z4, p)) - goto err; - if (!BN_mod_add_quick(tmp, tmp, Z4, p)) - goto err; - if (!BN_mod_sub_quick(rh, rh, tmp, p)) - goto err; - if (!field_mul(group, rh, rh, &point->X, ctx)) + if (!BN_mod_lshift1_quick(tmp, Z4, p) || + !BN_mod_add_quick(tmp, tmp, Z4, p) || + !BN_mod_sub_quick(rh, rh, tmp, p) || + !field_mul(group, rh, rh, &point->X, ctx)) { goto err; + } } else { - if (!field_mul(group, tmp, Z4, &group->a, ctx)) - goto err; - if (!BN_mod_add_quick(rh, rh, tmp, p)) - goto err; - if (!field_mul(group, rh, rh, &point->X, ctx)) + if (!field_mul(group, tmp, Z4, &group->a, ctx) || + !BN_mod_add_quick(rh, rh, tmp, p) || + !field_mul(group, rh, rh, &point->X, ctx)) { goto err; + } } /* rh := rh + b*Z^6 */ - if (!field_mul(group, tmp, &group->b, Z6, ctx)) - goto err; - if (!BN_mod_add_quick(rh, rh, tmp, p)) + if (!field_mul(group, tmp, &group->b, Z6, ctx) || + !BN_mod_add_quick(rh, rh, tmp, p)) { goto err; + } } else { /* point->Z_is_one */ /* rh := (rh + a)*X */ - if (!BN_mod_add_quick(rh, rh, &group->a, p)) - goto err; - if (!field_mul(group, rh, rh, &point->X, ctx)) + if (!BN_mod_add_quick(rh, rh, &group->a, p) || + !field_mul(group, rh, rh, &point->X, ctx)) { goto err; + } /* rh := rh + b */ - if (!BN_mod_add_quick(rh, rh, &group->b, p)) + if (!BN_mod_add_quick(rh, rh, &group->b, p)) { goto err; + } } /* 'lh' := Y^2 */ - if (!field_sqr(group, tmp, &point->Y, ctx)) + if (!field_sqr(group, tmp, &point->Y, ctx)) { goto err; + } ret = (0 == BN_ucmp(tmp, rh)); err: BN_CTX_end(ctx); - if (new_ctx != NULL) + if (new_ctx != NULL) { BN_CTX_free(new_ctx); + } return ret; } @@ -1068,8 +1079,9 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, return EC_POINT_is_at_infinity(group, b) ? 0 : 1; } - if (EC_POINT_is_at_infinity(group, b)) + if (EC_POINT_is_at_infinity(group, b)) { return 1; + } if (a->Z_is_one && b->Z_is_one) { return ((BN_cmp(&a->X, &b->X) == 0) && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1; @@ -1080,8 +1092,9 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { return -1; + } } BN_CTX_start(ctx); @@ -1089,8 +1102,9 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, tmp2 = BN_CTX_get(ctx); Za23 = BN_CTX_get(ctx); Zb23 = BN_CTX_get(ctx); - if (Zb23 == NULL) + if (Zb23 == NULL) { goto end; + } /* We have to decide whether * (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3), @@ -1099,21 +1113,23 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, */ if (!b->Z_is_one) { - if (!field_sqr(group, Zb23, &b->Z, ctx)) - goto end; - if (!field_mul(group, tmp1, &a->X, Zb23, ctx)) + if (!field_sqr(group, Zb23, &b->Z, ctx) || + !field_mul(group, tmp1, &a->X, Zb23, ctx)) { goto end; + } tmp1_ = tmp1; - } else + } else { tmp1_ = &a->X; + } if (!a->Z_is_one) { - if (!field_sqr(group, Za23, &a->Z, ctx)) - goto end; - if (!field_mul(group, tmp2, &b->X, Za23, ctx)) + if (!field_sqr(group, Za23, &a->Z, ctx) || + !field_mul(group, tmp2, &b->X, Za23, ctx)) { goto end; + } tmp2_ = tmp2; - } else + } else { tmp2_ = &b->X; + } /* compare X_a*Z_b^2 with X_b*Z_a^2 */ if (BN_cmp(tmp1_, tmp2_) != 0) { @@ -1123,21 +1139,23 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, if (!b->Z_is_one) { - if (!field_mul(group, Zb23, Zb23, &b->Z, ctx)) - goto end; - if (!field_mul(group, tmp1, &a->Y, Zb23, ctx)) + if (!field_mul(group, Zb23, Zb23, &b->Z, ctx) || + !field_mul(group, tmp1, &a->Y, Zb23, ctx)) { goto end; + } /* tmp1_ = tmp1 */ - } else + } else { tmp1_ = &a->Y; + } if (!a->Z_is_one) { - if (!field_mul(group, Za23, Za23, &a->Z, ctx)) - goto end; - if (!field_mul(group, tmp2, &b->Y, Za23, ctx)) + if (!field_mul(group, Za23, Za23, &a->Z, ctx) || + !field_mul(group, tmp2, &b->Y, Za23, ctx)) { goto end; + } /* tmp2_ = tmp2 */ - } else + } else { tmp2_ = &b->Y; + } /* compare Y_a*Z_b^3 with Y_b*Z_a^3 */ if (BN_cmp(tmp1_, tmp2_) != 0) { @@ -1150,8 +1168,9 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, end: BN_CTX_end(ctx); - if (new_ctx != NULL) + if (new_ctx != NULL) { BN_CTX_free(new_ctx); + } return ret; } @@ -1161,25 +1180,28 @@ int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BIGNUM *x, *y; int ret = 0; - if (point->Z_is_one || EC_POINT_is_at_infinity(group, point)) + if (point->Z_is_one || EC_POINT_is_at_infinity(group, point)) { return 1; + } if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { return 0; + } } BN_CTX_start(ctx); x = BN_CTX_get(ctx); y = BN_CTX_get(ctx); - if (y == NULL) + if (y == NULL) { goto err; + } - if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) - goto err; - if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) + if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx) || + !EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) { goto err; + } if (!point->Z_is_one) { OPENSSL_PUT_ERROR(EC, ec_GFp_simple_make_affine, ERR_R_INTERNAL_ERROR); goto err; @@ -1189,8 +1211,9 @@ int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, err: BN_CTX_end(ctx); - if (new_ctx != NULL) + if (new_ctx != NULL) { BN_CTX_free(new_ctx); + } return ret; } diff --git a/crypto/ec/wnaf.c b/crypto/ec/wnaf.c index 9016328e..3b95babe 100644 --- a/crypto/ec/wnaf.c +++ b/crypto/ec/wnaf.c @@ -97,8 +97,9 @@ typedef struct ec_pre_comp_st { static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group) { EC_PRE_COMP *ret = NULL; - if (!group) + if (!group) { return NULL; + } ret = (EC_PRE_COMP *)OPENSSL_malloc(sizeof(EC_PRE_COMP)); if (!ret) { @@ -272,8 +273,9 @@ err: OPENSSL_free(r); r = NULL; } - if (ok) + if (ok) { *ret_len = len; + } return r; } @@ -341,8 +343,9 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { goto err; + } } if (scalar != NULL) { @@ -365,8 +368,9 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, numblocks = (BN_num_bits(scalar) / blocksize) + 1; /* we cannot use more blocks than we have precomputation for */ - if (numblocks > pre_comp->numblocks) + if (numblocks > pre_comp->numblocks) { numblocks = pre_comp->numblocks; + } pre_points_per_block = (size_t)1 << (pre_comp->w - 1); @@ -413,10 +417,12 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, wNAF[i + 1] = NULL; /* make sure we always have a pivot */ wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i]); - if (wNAF[i] == NULL) + if (wNAF[i] == NULL) { goto err; - if (wNAF_len[i] > max_len) + } + if (wNAF_len[i] > max_len) { max_len = wNAF_len[i]; + } } if (numblocks) { @@ -440,8 +446,9 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, /* use the window size for which we have precomputation */ wsize[num] = pre_comp->w; tmp_wNAF = compute_wNAF(scalar, wsize[num], &tmp_len); - if (!tmp_wNAF) + if (!tmp_wNAF) { goto err; + } if (tmp_len <= max_len) { /* One of the other wNAFs is at least as long @@ -484,10 +491,11 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, goto err; } tmp_len -= blocksize; - } else + } else { /* last block gets whatever is left * (this could be more or less than 'blocksize'!) */ wNAF_len[i] = tmp_len; + } wNAF[i + 1] = NULL; wNAF[i] = OPENSSL_malloc(wNAF_len[i]); @@ -497,8 +505,9 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, goto err; } memcpy(wNAF[i], pp, wNAF_len[i]); - if (wNAF_len[i] > max_len) + if (wNAF_len[i] > max_len) { max_len = wNAF_len[i]; + } if (*tmp_points == NULL) { OPENSSL_PUT_ERROR(EC, ec_wNAF_mul, ERR_R_INTERNAL_ERROR); @@ -531,8 +540,9 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, val_sub[i] = v; for (j = 0; j < ((size_t)1 << (wsize[i] - 1)); j++) { *v = EC_POINT_new(group); - if (*v == NULL) + if (*v == NULL) { goto err; + } v++; } } @@ -541,8 +551,9 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, goto err; } - if (!(tmp = EC_POINT_new(group))) + if (!(tmp = EC_POINT_new(group))) { goto err; + } /* prepare precomputed values: * val_sub[i][0] := points[i] @@ -552,34 +563,36 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, */ for (i = 0; i < num + num_scalar; i++) { if (i < num) { - if (!EC_POINT_copy(val_sub[i][0], points[i])) - goto err; - } else { - if (!EC_POINT_copy(val_sub[i][0], generator)) + if (!EC_POINT_copy(val_sub[i][0], points[i])) { goto err; + } + } else if (!EC_POINT_copy(val_sub[i][0], generator)) { + goto err; } if (wsize[i] > 1) { - if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx)) + if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx)) { goto err; + } for (j = 1; j < ((size_t)1 << (wsize[i] - 1)); j++) { - if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) + if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) { goto err; + } } } } #if 1 /* optional; EC_window_bits_for_scalar_size assumes we do this step */ - if (!EC_POINTs_make_affine(group, num_val, val, ctx)) + if (!EC_POINTs_make_affine(group, num_val, val, ctx)) { goto err; + } #endif r_is_at_infinity = 1; for (k = max_len - 1; k >= 0; k--) { - if (!r_is_at_infinity) { - if (!EC_POINT_dbl(group, r, r, ctx)) - goto err; + if (!r_is_at_infinity && !EC_POINT_dbl(group, r, r, ctx)) { + goto err; } for (i = 0; i < totalnum; i++) { @@ -590,13 +603,13 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, if (digit) { is_neg = digit < 0; - if (is_neg) + if (is_neg) { digit = -digit; + } if (is_neg != r_is_inverted) { - if (!r_is_at_infinity) { - if (!EC_POINT_invert(group, r, ctx)) - goto err; + if (!r_is_at_infinity && !EC_POINT_invert(group, r, ctx)) { + goto err; } r_is_inverted = !r_is_inverted; } @@ -604,12 +617,14 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, /* digit > 0 */ if (r_is_at_infinity) { - if (!EC_POINT_copy(r, val_sub[i][digit >> 1])) + if (!EC_POINT_copy(r, val_sub[i][digit >> 1])) { goto err; + } r_is_at_infinity = 0; } else { - if (!EC_POINT_add(group, r, r, val_sub[i][digit >> 1], ctx)) + if (!EC_POINT_add(group, r, r, val_sub[i][digit >> 1], ctx)) { goto err; + } } } } @@ -617,36 +632,41 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, } if (r_is_at_infinity) { - if (!EC_POINT_set_to_infinity(group, r)) + if (!EC_POINT_set_to_infinity(group, r)) { goto err; - } else { - if (r_is_inverted) - if (!EC_POINT_invert(group, r, ctx)) - goto err; + } + } else if (r_is_inverted && !EC_POINT_invert(group, r, ctx)) { + goto err; } ret = 1; err: - if (new_ctx != NULL) + if (new_ctx != NULL) { BN_CTX_free(new_ctx); - if (tmp != NULL) + } + if (tmp != NULL) { EC_POINT_free(tmp); - if (wsize != NULL) + } + if (wsize != NULL) { OPENSSL_free(wsize); - if (wNAF_len != NULL) + } + if (wNAF_len != NULL) { OPENSSL_free(wNAF_len); + } if (wNAF != NULL) { signed char **w; - for (w = wNAF; *w != NULL; w++) + for (w = wNAF; *w != NULL; w++) { OPENSSL_free(*w); + } OPENSSL_free(wNAF); } if (val != NULL) { - for (v = val; *v != NULL; v++) + for (v = val; *v != NULL; v++) { EC_POINT_clear_free(*v); + } OPENSSL_free(val); } @@ -695,8 +715,10 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) { group->pre_comp = NULL; } - if ((pre_comp = ec_pre_comp_new(group)) == NULL) + pre_comp = ec_pre_comp_new(group); + if (pre_comp == NULL) { return 0; + } generator = EC_GROUP_get0_generator(group); if (generator == NULL) { @@ -706,17 +728,20 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) { if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) + if (ctx == NULL) { goto err; + } } BN_CTX_start(ctx); order = BN_CTX_get(ctx); - if (order == NULL) + if (order == NULL) { goto err; + } - if (!EC_GROUP_get_order(group, order, ctx)) + if (!EC_GROUP_get_order(group, order, ctx)) { goto err; + } if (BN_is_zero(order)) { OPENSSL_PUT_ERROR(EC, ec_wNAF_precompute_mult, EC_R_UNKNOWN_ORDER); goto err; @@ -764,23 +789,27 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) { goto err; } - if (!EC_POINT_copy(base, generator)) + if (!EC_POINT_copy(base, generator)) { goto err; + } /* do the precomputation */ for (i = 0; i < numblocks; i++) { size_t j; - if (!EC_POINT_dbl(group, tmp_point, base, ctx)) + if (!EC_POINT_dbl(group, tmp_point, base, ctx)) { goto err; + } - if (!EC_POINT_copy(*var++, base)) + if (!EC_POINT_copy(*var++, base)) { goto err; + } for (j = 1; j < pre_points_per_block; j++, var++) { /* calculate odd multiples of the current base point */ - if (!EC_POINT_add(group, *var, tmp_point, *(var - 1), ctx)) + if (!EC_POINT_add(group, *var, tmp_point, *(var - 1), ctx)) { goto err; + } } if (i < numblocks - 1) { @@ -792,17 +821,20 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) { goto err; } - if (!EC_POINT_dbl(group, base, tmp_point, ctx)) + if (!EC_POINT_dbl(group, base, tmp_point, ctx)) { goto err; + } for (k = 2; k < blocksize; k++) { - if (!EC_POINT_dbl(group, base, base, ctx)) + if (!EC_POINT_dbl(group, base, base, ctx)) { goto err; + } } } } - if (!EC_POINTs_make_affine(group, num, points, ctx)) + if (!EC_POINTs_make_affine(group, num, points, ctx)) { goto err; + } pre_comp->group = group; pre_comp->blocksize = blocksize; @@ -818,23 +850,29 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) { ret = 1; err: - if (ctx != NULL) + if (ctx != NULL) { BN_CTX_end(ctx); - if (new_ctx != NULL) + } + if (new_ctx != NULL) { BN_CTX_free(new_ctx); - if (pre_comp) + } + if (pre_comp) { ec_pre_comp_free(pre_comp); + } if (points) { EC_POINT **p; - for (p = points; *p != NULL; p++) + for (p = points; *p != NULL; p++) { EC_POINT_free(*p); + } OPENSSL_free(points); } - if (tmp_point) + if (tmp_point) { EC_POINT_free(tmp_point); - if (base) + } + if (base) { EC_POINT_free(base); + } return ret; } diff --git a/crypto/ecdh/ecdh.c b/crypto/ecdh/ecdh.c index d4497f17..a011bab0 100644 --- a/crypto/ecdh/ecdh.c +++ b/crypto/ecdh/ecdh.c @@ -145,13 +145,17 @@ int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, } err: - if (tmp) + if (tmp) { EC_POINT_free(tmp); - if (ctx) + } + if (ctx) { BN_CTX_end(ctx); - if (ctx) + } + if (ctx) { BN_CTX_free(ctx); - if (buf) + } + if (buf) { OPENSSL_free(buf); + } return ret; } diff --git a/crypto/ecdsa/ecdsa.c b/crypto/ecdsa/ecdsa.c index d389799f..ab6a5a0f 100644 --- a/crypto/ecdsa/ecdsa.c +++ b/crypto/ecdsa/ecdsa.c @@ -355,14 +355,18 @@ err: BN_clear_free(r); } } - if (ctx_in == NULL) + if (ctx_in == NULL) { BN_CTX_free(ctx); - if (order != NULL) + } + if (order != NULL) { BN_free(order); - if (tmp_point != NULL) + } + if (tmp_point != NULL) { EC_POINT_free(tmp_point); - if (X) + } + if (X) { BN_clear_free(X); + } return ret; } @@ -461,16 +465,21 @@ err: ECDSA_SIG_free(ret); ret = NULL; } - if (ctx) + if (ctx) { BN_CTX_free(ctx); - if (m) + } + if (m) { BN_clear_free(m); - if (tmp) + } + if (tmp) { BN_clear_free(tmp); - if (order) + } + if (order) { BN_free(order); - if (kinv) + } + if (kinv) { BN_clear_free(kinv); + } return ret; } diff --git a/crypto/ecdsa/ecdsa_test.c b/crypto/ecdsa/ecdsa_test.c index d48f9c3d..d307ab84 100644 --- a/crypto/ecdsa/ecdsa_test.c +++ b/crypto/ecdsa/ecdsa_test.c @@ -308,21 +308,25 @@ int main(void) { out = BIO_new_fp(stdout, BIO_NOCLOSE); - if (!test_builtin(out)) + if (!test_builtin(out)) { goto err; + } ret = 0; err: - if (ret) + if (ret) { BIO_printf(out, "\nECDSA test failed\n"); - else + } else { BIO_printf(out, "\nPASS\n"); - if (ret) + } + if (ret) { BIO_print_errors(out); + } - if (out != NULL) + if (out != NULL) { BIO_free(out); + } return ret; } |