diff options
author | Emilia Kasper <emilia@openssl.org> | 2015-04-24 15:38:24 +0200 |
---|---|---|
committer | Emilia Kasper <emilia@openssl.org> | 2015-04-24 17:47:01 +0200 |
commit | 9ed55313a71ca68ddea2c207261487954828fe31 (patch) | |
tree | 957d0dac359c75736eefba687ee08c92c37e7426 /crypto/ec | |
parent | 7238a82c8ae4dbf9043cb7c253f796615b3277a6 (diff) |
Fix error checking and memory leaks in NISTZ256 precomputation.
Thanks to Brian Smith for reporting these issues.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 53dd4ddf71ad79a64be934ca19445b1cf560adab)
Diffstat (limited to 'crypto/ec')
-rw-r--r-- | crypto/ec/ecp_nistz256.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index 911c2a6a6a..7e521d856b 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -743,6 +743,7 @@ static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx) EC_POINT *P = NULL, *T = NULL; const EC_POINT *generator; EC_PRE_COMP *pre_comp; + BN_CTX *new_ctx = NULL; int i, j, k, ret = 0; size_t w; @@ -772,7 +773,7 @@ static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx) return 0; if (ctx == NULL) { - ctx = BN_CTX_new(); + ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) goto err; } @@ -803,15 +804,19 @@ static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx) P = EC_POINT_new(group); T = EC_POINT_new(group); + if (P == NULL || T == NULL) + goto err; /* * The zero entry is implicitly infinity, and we skip it, storing other * values with -1 offset. */ - EC_POINT_copy(T, generator); + if (!EC_POINT_copy(T, generator)) + goto err; for (k = 0; k < 64; k++) { - EC_POINT_copy(P, T); + if (!EC_POINT_copy(P, T)) + goto err; for (j = 0; j < 37; j++) { /* * It would be faster to use @@ -850,6 +855,8 @@ static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx) err: if (ctx != NULL) BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + if (pre_comp) ecp_nistz256_pre_comp_free(pre_comp); if (precomp_storage) |