From bfda2e0d85fcc521544920b7bbe45c87b425ae90 Mon Sep 17 00:00:00 2001
From: Pauli <ppzgs1@gmail.com>
Date: Wed, 24 Nov 2021 11:38:51 +1000
Subject: [PATCH] Fix Coverity 1494385 logically dead code.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17123)

(cherry picked from commit 23effeb81fbcdc436b1e871e7fff34456d6bfbaf with
manual corrections)
---
 crypto/bn/rsaz_exp_x2.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/crypto/bn/rsaz_exp_x2.c b/crypto/bn/rsaz_exp_x2.c
index b7d11180f82..15db0c1f05a 100644
--- a/crypto/bn/rsaz_exp_x2.c
+++ b/crypto/bn/rsaz_exp_x2.c
@@ -14,6 +14,7 @@
  */
 
 #include <openssl/opensslconf.h>
+#include <openssl/crypto.h>
 #include "rsaz_exp.h"
 
 #ifndef RSAZ_ENABLED
@@ -310,14 +311,23 @@ static void RSAZ_exp52x20_x2_256(BN_ULONG *out,          /* [2][20] */
 
     /* Exponentiation */
     {
-        int rem = BITSIZE_MODULUS % EXP_WIN_SIZE;
-        int delta = rem ? rem : EXP_WIN_SIZE;
+        const int rem = BITSIZE_MODULUS % EXP_WIN_SIZE;
         BN_ULONG table_idx_mask = EXP_WIN_MASK;
 
-        int exp_bit_no = BITSIZE_MODULUS - delta;
+        int exp_bit_no = BITSIZE_MODULUS - rem;
         int exp_chunk_no = exp_bit_no / 64;
         int exp_chunk_shift = exp_bit_no % 64;
 
+        /*
+         * If rem == 0, then
+         *      exp_bit_no = modulus_bitsize - exp_win_size
+         * However, this isn't possible because rem is { 1024, 1536, 2048 } % 5
+         * which is { 4, 1, 3 } respectively.
+         *
+         * If this assertion ever fails the fix above is easy.
+         */
+        OPENSSL_assert(rem != 0);
+
         /* Process 1-st exp window - just init result */
         BN_ULONG red_table_idx_0 = expz[0][exp_chunk_no];
         BN_ULONG red_table_idx_1 = expz[1][exp_chunk_no];
-- 
2.47.2