Fix free of garbage pointer. PR#3595

[openssl.git] / crypto / ec / ec_mult.c

diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
index f05df5332e1b5ddc4c1bab30b79b50ce5c70c8dd..334b39d86e931e10c5eebb22e5904f640f16b7e1 100644 (file)
--- a/crypto/ec/ec_mult.c
+++ b/crypto/ec/ec_mult.c
@@ -61,6 +61,8 @@
  * and contributed to the OpenSSL project.
  */
 
+#define OPENSSL_FIPSAPI
+
 #include <string.h>
 
 #include <openssl/err.h>
@@ -169,11 +171,13 @@ static void ec_pre_comp_clear_free(void *pre_)
                EC_POINT **p;
 
                for (p = pre->points; *p != NULL; p++)
+                       {
                        EC_POINT_clear_free(*p);
-               OPENSSL_cleanse(pre->points, sizeof pre->points);
+                       OPENSSL_cleanse(p, sizeof *p);
+                       }
                OPENSSL_free(pre->points);
                }
-       OPENSSL_cleanse(pre, sizeof pre);
+       OPENSSL_cleanse(pre, sizeof *pre);
        OPENSSL_free(pre);
        }
 
@@ -443,15 +447,16 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
        wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]);
        wNAF     = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); /* includes space for pivot */
        val_sub  = OPENSSL_malloc(totalnum * sizeof val_sub[0]);
-                
+
+       /* Ensure wNAF is initialised in case we end up going to err */
+       if (wNAF) wNAF[0] = NULL;       /* preliminary pivot */
+
        if (!wsize || !wNAF_len || !wNAF || !val_sub)
                {
                ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
                goto err;
                }
 
-       wNAF[0] = NULL; /* preliminary pivot */
-
        /* num_val will be the total number of temporarily precomputed points */
        num_val = 0;