Fix double-free bugs in EC group precomputation state

author Viktor Dukhovni <openssl-users@dukhovni.org>

Thu, 14 Jan 2016 00:51:17 +0000 (19:51 -0500)

committer Viktor Dukhovni <openssl-users@dukhovni.org>

Thu, 14 Jan 2016 00:58:57 +0000 (19:58 -0500)
author Viktor Dukhovni <openssl-users@dukhovni.org>
Thu, 14 Jan 2016 00:51:17 +0000 (19:51 -0500)
committer Viktor Dukhovni <openssl-users@dukhovni.org>
Thu, 14 Jan 2016 00:58:57 +0000 (19:58 -0500)
diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c

index c2677a85d5be816b1ea60ea0d46d249752cb908b..a2def18031c26104d2be240f343ae5a180c76184 100644 (file)
--- a/crypto/ec/ecp_nistp224.c
+++ b/crypto/ec/ecp_nistp224.c
@@ -1560,6 +1560,7 @@ int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
  
      /* throw away old precomputation */
      EC_nistp224_pre_comp_free(group->pre_comp.nistp224);
+    group->pre_comp.nistp224 = NULL;
      if (ctx == NULL)
          if ((ctx = new_ctx = BN_CTX_new()) == NULL)
              return 0;
diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c

index 26c16937782fd8cc248a04cb5733b672942902ea..11bde8a50f4b5bc92b8482b4162374d1a8ea023e 100644 (file)
--- a/crypto/ec/ecp_nistp256.c
+++ b/crypto/ec/ecp_nistp256.c
@@ -2185,6 +2185,7 @@ int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
  
      /* throw away old precomputation */
      EC_nistp256_pre_comp_free(group->pre_comp.nistp256);
+    group->pre_comp.nistp256 = NULL;
      if (ctx == NULL)
          if ((ctx = new_ctx = BN_CTX_new()) == NULL)
              return 0;
diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c

index 516101c1867883d2fc10be1efa7a98414e4dc619..d6565177914601770dac29ca0575662e2aa198a0 100644 (file)
--- a/crypto/ec/ecp_nistp521.c
+++ b/crypto/ec/ecp_nistp521.c
@@ -2009,6 +2009,7 @@ int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
  
      /* throw away old precomputation */
      EC_nistp521_pre_comp_free(group->pre_comp.nistp521);
+    group->pre_comp.nistp521 = NULL;
      if (ctx == NULL)
          if ((ctx = new_ctx = BN_CTX_new()) == NULL)
              return 0;
diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c

index 16e79299c9944c9b3962ced0afaa7ef24690e120..c25a7daf3cea419da397ca1bbdd91b00c4539664 100644 (file)
--- a/crypto/ec/ecp_nistz256.c
+++ b/crypto/ec/ecp_nistz256.c
@@ -770,6 +770,7 @@ __owur static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)
  
      /* if there is an old NISTZ256_PRE_COMP object, throw it away */
      EC_nistz256_pre_comp_free(group->pre_comp.nistz256);
+    group->pre_comp.nistz256 = NULL;
      generator = EC_GROUP_get0_generator(group);
      if (generator == NULL) {
          ECerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, EC_R_UNDEFINED_GENERATOR);
author	Viktor Dukhovni <openssl-users@dukhovni.org>
	Thu, 14 Jan 2016 00:51:17 +0000 (19:51 -0500)
committer	Viktor Dukhovni <openssl-users@dukhovni.org>
	Thu, 14 Jan 2016 00:58:57 +0000 (19:58 -0500)
crypto/ec/ecp_nistp224.c		patch \| blob \| history
crypto/ec/ecp_nistp256.c		patch \| blob \| history
crypto/ec/ecp_nistp521.c		patch \| blob \| history
crypto/ec/ecp_nistz256.c		patch \| blob \| history