lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20201008055818.GB9813@gondor.apana.org.au>
Date:   Thu, 8 Oct 2020 16:58:18 +1100
From:   Herbert Xu <herbert@...dor.apana.org.au>
To:     "Gustavo A. R. Silva" <gustavoars@...nel.org>
Cc:     Tianjia Zhang <tianjia.zhang@...ux.alibaba.com>,
        Xufeng Zhang <yunbo.xufeng@...ux.alibaba.com>,
        linux-kernel@...r.kernel.org,
        Linux Crypto Mailing List <linux-crypto@...r.kernel.org>
Subject: [PATCH] lib/mpi: Remove unused scalar_copied

On Mon, Sep 28, 2020 at 01:24:38PM -0500, Gustavo A. R. Silva wrote:
> 
> I'm reporting the following bug detected by Coverity:
> 
> The _scalar_copied_ variable is set to 0 at
> 
> lib/mpi/ec.c:1255:
> 1255                 int scalar_copied = 0;
> 
> and it is never updated before reaching the code below:
> 
> lib/mpi/ec.c:1317
> 1317                 if (scalar_copied)                                                         
> 1318                         mpi_free(scalar);
> 
> This code was introduced by commit d58bb7e55a8a ("lib/mpi: Introduce ec
> implementation to MPI library")
> 
> Any ideas on what's the right solution for this?

I think it should be removed.

---8<---
The scalar_copied variable is not as the scalar is never copied
in that block.  This patch removes it.

Fixes: d58bb7e55a8a ("lib/mpi: Introduce ec implementation to...")
Reported-by: Gustavo A. R. Silva <gustavoars@...nel.org>
Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au>

diff --git a/lib/mpi/ec.c b/lib/mpi/ec.c
index c21470122dfc..40f5908e57a4 100644
--- a/lib/mpi/ec.c
+++ b/lib/mpi/ec.c
@@ -1252,7 +1252,6 @@ void mpi_ec_mul_point(MPI_POINT result,
 		MPI_POINT q1, q2, prd, sum;
 		unsigned long sw;
 		mpi_size_t rsize;
-		int scalar_copied = 0;
 
 		/* Compute scalar point multiplication with Montgomery Ladder.
 		 * Note that we don't use Y-coordinate in the points at all.
@@ -1314,8 +1313,6 @@ void mpi_ec_mul_point(MPI_POINT result,
 		point_free(&p2);
 		point_free(&p1_);
 		point_free(&p2_);
-		if (scalar_copied)
-			mpi_free(scalar);
 		return;
 	}
 
-- 
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ