From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sun, 17 Mar 2019 16:28:24 +0000 (+0100)
Subject: Clear the point S before freeing in ec_scalar_mul_ladder
X-Git-Tag: OpenSSL_1_1_1c~98
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=202f7c56597eb6f57eba1ea31503a734e5fbf930;p=oweals%2Fopenssl.git

Clear the point S before freeing in ec_scalar_mul_ladder

The secret point R can be recovered from S using the equation R = S - P.
The X and Z coordinates should be sufficient for that.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8504)

(cherry picked from commit 8a74bb5c7becbd7492f4445b852602c3e88ba143)
---

diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
index 0e0a5e1394..f8832e94e0 100644
--- a/crypto/ec/ec_mult.c
+++ b/crypto/ec/ec_mult.c
@@ -378,7 +378,7 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r,
 
  err:
     EC_POINT_free(p);
-    EC_POINT_free(s);
+    EC_POINT_clear_free(s);
     BN_CTX_end(ctx);
 
     return ret;