Free tempory data on error in ec_wNAF_mul()

The ec_wNAF_mul() function allocates some temporary storage that it
doesn't always free on an error condition.

Reviewed-by: Richard Levitte <levitte@openssl.org>

diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
index 4215dc783adbbeee9c08e40a2ad571961a5c84c4..036cdde490ba9a5f058b58a5796fb44767fce76f 100644 (file)
--- a/crypto/ec/ec_mult.c
+++ b/crypto/ec/ec_mult.c
@@ -312,6 +312,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                     numblocks = (tmp_len + blocksize - 1) / blocksize;
                     if (numblocks > pre_comp->numblocks) {
                         ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                        OPENSSL_free(tmp_wNAF);
                         goto err;
                     }
                     totalnum = num + numblocks;
@@ -326,6 +327,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                         wNAF_len[i] = blocksize;
                         if (tmp_len < blocksize) {
                             ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                            OPENSSL_free(tmp_wNAF);
                             goto err;
                         }
                         tmp_len -= blocksize;