From: Bodo Möller <bodo@openssl.org>
Date: Thu, 26 Aug 2010 12:10:57 +0000 (+0000)
Subject: ECC library bugfixes.
X-Git-Tag: OpenSSL_1_0_1-beta1~478
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=82281ce47d0c27a6030a863156f9e2c68a8bf018;p=oweals%2Fopenssl.git

ECC library bugfixes.

Submitted by: Emilia Kapser (Google)
---

diff --git a/CHANGES b/CHANGES
index 3f0afe02d9..0760a1bd68 100644
--- a/CHANGES
+++ b/CHANGES
@@ -875,6 +875,18 @@
   *) Change 'Configure' script to enable Camellia by default.
      [NTT]
   
+ Changes between 0.9.8o and 0.9.8p [xx XXX xxxx]
+
+  *) ec2_GF2m_simple_mul bugfix: compute correct result if the output EC_POINT
+     is also one of the inputs.
+     [Emilia Käsper <emilia.kasper@esat.kuleuven.be> (Google)]
+
+  *) Don't repeatedly append PBE algorithms to table if they already exist.
+     Sort table on each new add. This effectively makes the table read only
+     after all algorithms are added and subsequent calls to PKCS12_pbe_add
+     etc are non-op.
+     [Steve Henson]
+
  Changes between 0.9.8n and 0.9.8o [01 Jun 2010]
 
   [NB: OpenSSL 0.9.8o and later 0.9.8 patch levels were released after
diff --git a/crypto/ec/ec2_mult.c b/crypto/ec/ec2_mult.c
index ab631a50a2..e12b9b284a 100644
--- a/crypto/ec/ec2_mult.c
+++ b/crypto/ec/ec2_mult.c
@@ -319,6 +319,7 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
 	int ret = 0;
 	size_t i;
 	EC_POINT *p=NULL;
+	EC_POINT *acc = NULL;
 
 	if (ctx == NULL)
 		{
@@ -338,15 +339,16 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
 		}
 
 	if ((p = EC_POINT_new(group)) == NULL) goto err;
+	if ((acc = EC_POINT_new(group)) == NULL) goto err;
 
-	if (!EC_POINT_set_to_infinity(group, r)) goto err;
+	if (!EC_POINT_set_to_infinity(group, acc)) goto err;
 
 	if (scalar)
 		{
 		if (!ec_GF2m_montgomery_point_multiply(group, p, scalar, group->generator, ctx)) goto err;
-		if (BN_is_negative(scalar)) 
+		if (BN_is_negative(scalar))
 			if (!group->meth->invert(group, p, ctx)) goto err;
-		if (!group->meth->add(group, r, r, p, ctx)) goto err;
+		if (!group->meth->add(group, acc, acc, p, ctx)) goto err;
 		}
 
 	for (i = 0; i < num; i++)
@@ -354,13 +356,16 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
 		if (!ec_GF2m_montgomery_point_multiply(group, p, scalars[i], points[i], ctx)) goto err;
 		if (BN_is_negative(scalars[i]))
 			if (!group->meth->invert(group, p, ctx)) goto err;
-		if (!group->meth->add(group, r, r, p, ctx)) goto err;
+		if (!group->meth->add(group, acc, acc, p, ctx)) goto err;
 		}
 
+	if (!EC_POINT_copy(r, acc)) goto err;
+
 	ret = 1;
 
   err:
 	if (p) EC_POINT_free(p);
+	if (acc) EC_POINT_free(acc);
 	if (new_ctx != NULL)
 		BN_CTX_free(new_ctx);
 	return ret;
diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
index f05df5332e..19f21675fb 100644
--- a/crypto/ec/ec_mult.c
+++ b/crypto/ec/ec_mult.c
@@ -169,11 +169,13 @@ static void ec_pre_comp_clear_free(void *pre_)
 		EC_POINT **p;
 
 		for (p = pre->points; *p != NULL; p++)
+			{
 			EC_POINT_clear_free(*p);
-		OPENSSL_cleanse(pre->points, sizeof pre->points);
+			OPENSSL_cleanse(p, sizeof *p);
+			}
 		OPENSSL_free(pre->points);
 		}
-	OPENSSL_cleanse(pre, sizeof pre);
+	OPENSSL_cleanse(pre, sizeof *pre);
 	OPENSSL_free(pre);
 	}