From b098dcae66433efc4c073ca2cc5fc64cdf8a613e Mon Sep 17 00:00:00 2001 From: Viktor Dukhovni Date: Wed, 13 Jan 2016 19:51:17 -0500 Subject: [PATCH] Fix double-free bugs in EC group precomputation state Reviewed-by: Rich Salz --- crypto/ec/ecp_nistp224.c | 1 + crypto/ec/ecp_nistp256.c | 1 + crypto/ec/ecp_nistp521.c | 1 + crypto/ec/ecp_nistz256.c | 1 + 4 files changed, 4 insertions(+) diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index c2677a85d..a2def1803 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -1560,6 +1560,7 @@ int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx) /* throw away old precomputation */ EC_nistp224_pre_comp_free(group->pre_comp.nistp224); + group->pre_comp.nistp224 = NULL; if (ctx == NULL) if ((ctx = new_ctx = BN_CTX_new()) == NULL) return 0; diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index 26c169377..11bde8a50 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -2185,6 +2185,7 @@ int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx) /* throw away old precomputation */ EC_nistp256_pre_comp_free(group->pre_comp.nistp256); + group->pre_comp.nistp256 = NULL; if (ctx == NULL) if ((ctx = new_ctx = BN_CTX_new()) == NULL) return 0; diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index 516101c18..d65651779 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -2009,6 +2009,7 @@ int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx) /* throw away old precomputation */ EC_nistp521_pre_comp_free(group->pre_comp.nistp521); + group->pre_comp.nistp521 = NULL; if (ctx == NULL) if ((ctx = new_ctx = BN_CTX_new()) == NULL) return 0; diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index 16e79299c..c25a7daf3 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -770,6 +770,7 @@ __owur static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx) /* if there is an old NISTZ256_PRE_COMP object, throw it away */ EC_nistz256_pre_comp_free(group->pre_comp.nistz256); + group->pre_comp.nistz256 = NULL; generator = EC_GROUP_get0_generator(group); if (generator == NULL) { ECerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, EC_R_UNDEFINED_GENERATOR);