From 9ed55313a71ca68ddea2c207261487954828fe31 Mon Sep 17 00:00:00 2001 From: Emilia Kasper Date: Fri, 24 Apr 2015 15:38:24 +0200 Subject: [PATCH] Fix error checking and memory leaks in NISTZ256 precomputation. Thanks to Brian Smith for reporting these issues. Reviewed-by: Rich Salz (cherry picked from commit 53dd4ddf71ad79a64be934ca19445b1cf560adab) --- crypto/ec/ecp_nistz256.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index 911c2a6a6a..7e521d856b 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -743,6 +743,7 @@ static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx) EC_POINT *P = NULL, *T = NULL; const EC_POINT *generator; EC_PRE_COMP *pre_comp; + BN_CTX *new_ctx = NULL; int i, j, k, ret = 0; size_t w; @@ -772,7 +773,7 @@ static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx) return 0; if (ctx == NULL) { - ctx = BN_CTX_new(); + ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) goto err; } @@ -803,15 +804,19 @@ static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx) P = EC_POINT_new(group); T = EC_POINT_new(group); + if (P == NULL || T == NULL) + goto err; /* * The zero entry is implicitly infinity, and we skip it, storing other * values with -1 offset. */ - EC_POINT_copy(T, generator); + if (!EC_POINT_copy(T, generator)) + goto err; for (k = 0; k < 64; k++) { - EC_POINT_copy(P, T); + if (!EC_POINT_copy(P, T)) + goto err; for (j = 0; j < 37; j++) { /* * It would be faster to use @@ -850,6 +855,8 @@ static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx) err: if (ctx != NULL) BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + if (pre_comp) ecp_nistz256_pre_comp_free(pre_comp); if (precomp_storage) -- 2.25.1