Shut up a clang-analyzer warning

The function appears to be safe, since grow() is called with sensible
arguments in previous functions.  Ideally Clang would be clever enough to
realise this.  Even if N has size MBEDTLS_MPI_MAX_LIMBS, which will
cause the grow to fail, the affected lines in montmul won't be reached.
Having this sanity check can hardly hurt though.
This commit is contained in:
Nicholas Wilson 2016-04-13 11:44:29 +01:00
parent 6eaf3659ea
commit 2cc69fffcf

View file

@ -1542,12 +1542,15 @@ static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N )
/* /*
* Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36) * Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36)
*/ */
static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm, static int mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm,
const mbedtls_mpi *T ) const mbedtls_mpi *T )
{ {
size_t i, n, m; size_t i, n, m;
mbedtls_mpi_uint u0, u1, *d; mbedtls_mpi_uint u0, u1, *d;
if( T->n < N->n + 1 || T->p == NULL )
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
memset( T->p, 0, T->n * ciL ); memset( T->p, 0, T->n * ciL );
d = T->p; d = T->p;
@ -1575,12 +1578,14 @@ static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi
else else
/* prevent timing attacks */ /* prevent timing attacks */
mpi_sub_hlp( n, A->p, T->p ); mpi_sub_hlp( n, A->p, T->p );
return( 0 );
} }
/* /*
* Montgomery reduction: A = A * R^-1 mod N * Montgomery reduction: A = A * R^-1 mod N
*/ */
static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T ) static int mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T )
{ {
mbedtls_mpi_uint z = 1; mbedtls_mpi_uint z = 1;
mbedtls_mpi U; mbedtls_mpi U;
@ -1588,7 +1593,7 @@ static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint
U.n = U.s = (int) z; U.n = U.s = (int) z;
U.p = &z; U.p = &z;
mpi_montmul( A, &U, N, mm, T ); return( mpi_montmul( A, &U, N, mm, T ) );
} }
/* /*
@ -1665,13 +1670,13 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
else else
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[1], A ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[1], A ) );
mpi_montmul( &W[1], &RR, N, mm, &T ); MBEDTLS_MPI_CHK( mpi_montmul( &W[1], &RR, N, mm, &T ) );
/* /*
* X = R^2 * R^-1 mod N = R mod N * X = R^2 * R^-1 mod N = R mod N
*/ */
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &RR ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &RR ) );
mpi_montred( X, N, mm, &T ); MBEDTLS_MPI_CHK( mpi_montred( X, N, mm, &T ) );
if( wsize > 1 ) if( wsize > 1 )
{ {
@ -1684,7 +1689,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[j], &W[1] ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[j], &W[1] ) );
for( i = 0; i < wsize - 1; i++ ) for( i = 0; i < wsize - 1; i++ )
mpi_montmul( &W[j], &W[j], N, mm, &T ); MBEDTLS_MPI_CHK( mpi_montmul( &W[j], &W[j], N, mm, &T ) );
/* /*
* W[i] = W[i - 1] * W[1] * W[i] = W[i - 1] * W[1]
@ -1694,7 +1699,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[i], N->n + 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[i], N->n + 1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[i], &W[i - 1] ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[i], &W[i - 1] ) );
mpi_montmul( &W[i], &W[1], N, mm, &T ); MBEDTLS_MPI_CHK( mpi_montmul( &W[i], &W[1], N, mm, &T ) );
} }
} }
@ -1731,7 +1736,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
/* /*
* out of window, square X * out of window, square X
*/ */
mpi_montmul( X, X, N, mm, &T ); MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) );
continue; continue;
} }
@ -1749,12 +1754,12 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
* X = X^wsize R^-1 mod N * X = X^wsize R^-1 mod N
*/ */
for( i = 0; i < wsize; i++ ) for( i = 0; i < wsize; i++ )
mpi_montmul( X, X, N, mm, &T ); MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) );
/* /*
* X = X * W[wbits] R^-1 mod N * X = X * W[wbits] R^-1 mod N
*/ */
mpi_montmul( X, &W[wbits], N, mm, &T ); MBEDTLS_MPI_CHK( mpi_montmul( X, &W[wbits], N, mm, &T ) );
state--; state--;
nbits = 0; nbits = 0;
@ -1767,18 +1772,18 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
*/ */
for( i = 0; i < nbits; i++ ) for( i = 0; i < nbits; i++ )
{ {
mpi_montmul( X, X, N, mm, &T ); MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) );
wbits <<= 1; wbits <<= 1;
if( ( wbits & ( one << wsize ) ) != 0 ) if( ( wbits & ( one << wsize ) ) != 0 )
mpi_montmul( X, &W[1], N, mm, &T ); MBEDTLS_MPI_CHK( mpi_montmul( X, &W[1], N, mm, &T ) );
} }
/* /*
* X = A^E * R * R^-1 mod N = A^E mod N * X = A^E * R * R^-1 mod N = A^E mod N
*/ */
mpi_montred( X, N, mm, &T ); MBEDTLS_MPI_CHK( mpi_montred( X, N, mm, &T ) );
if( neg ) if( neg )
{ {