Remove superfluous NULL checks. Add Andy's BN_FLG comment.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6009)
Billy Brumley authored 6 years ago
Matt Caswell committed 6 years ago
| 742 | 742 |
a->neg ^= t;
|
| 743 | 743 |
b->neg ^= t;
|
| 744 | 744 |
|
| 745 | |
/*
|
| 746 | |
* cannot just arbitrarily swap flags.
|
| 747 | |
* The way a->d is allocated etc.
|
| 748 | |
* BN_FLG_MALLOCED, BN_FLG_STATIC_DATA, ...
|
|
745 |
/*-
|
|
746 |
* Idea behind BN_FLG_STATIC_DATA is actually to
|
|
747 |
* indicate that data may not be written to.
|
|
748 |
* Intention is actually to treat it as it's
|
|
749 |
* read-only data, and some (if not most) of it does
|
|
750 |
* reside in read-only segment. In other words
|
|
751 |
* observation of BN_FLG_STATIC_DATA in
|
|
752 |
* BN_consttime_swap should be treated as fatal
|
|
753 |
* condition. It would either cause SEGV or
|
|
754 |
* effectively cause data corruption.
|
|
755 |
* BN_FLG_MALLOCED refers to BN structure itself,
|
|
756 |
* and hence must be preserved. Remaining flags are
|
|
757 |
* BN_FLG_CONSTIME and BN_FLG_SECURE. Latter must be
|
|
758 |
* preserved, because it determines how x->d was
|
|
759 |
* allocated and hence how to free it. This leaves
|
|
760 |
* BN_FLG_CONSTTIME that one can do something about.
|
|
761 |
* To summarize it's sufficient to mask and swap
|
|
762 |
* BN_FLG_CONSTTIME alone. BN_FLG_STATIC_DATA should
|
|
763 |
* be treated as fatal.
|
| 749 | 764 |
*/
|
| 750 | |
t = (a->flags ^ b->flags) & condition & BN_FLG_CONSTTIME;
|
|
765 |
t = ((a->flags ^ b->flags) & BN_FLG_CONSTTIME) & condition;
|
| 751 | 766 |
a->flags ^= t;
|
| 752 | 767 |
b->flags ^= t;
|
| 753 | 768 |
|
| 141 | 141 |
if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL)
|
| 142 | 142 |
goto err;
|
| 143 | 143 |
|
| 144 | |
if ((group->order == NULL) || (group->field == NULL))
|
| 145 | |
goto err;
|
| 146 | |
|
| 147 | 144 |
order_bits = BN_num_bits(group->order);
|
| 148 | 145 |
|
| 149 | 146 |
s = EC_POINT_new(group);
|
|
| 151 | 148 |
goto err;
|
| 152 | 149 |
|
| 153 | 150 |
if (point == NULL) {
|
| 154 | |
if (group->generator == NULL)
|
| 155 | |
goto err;
|
| 156 | 151 |
if (!EC_POINT_copy(s, group->generator))
|
| 157 | 152 |
goto err;
|
| 158 | 153 |
} else {
|