From: tb Date: Tue, 29 Mar 2022 13:48:40 +0000 (+0000) Subject: Do not zero cofactor on ec_guess_cofactor() success X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=e2787e9f8b079612c26b9c13ba2a18b400256a5a;p=openbsd Do not zero cofactor on ec_guess_cofactor() success The cofactor we tried to calculate should only be zeroed if we failed to compute it. ok inoguchi jsing --- diff --git a/lib/libcrypto/ec/ec_lib.c b/lib/libcrypto/ec/ec_lib.c index 45df1329ffc..455d44a9427 100644 --- a/lib/libcrypto/ec/ec_lib.c +++ b/lib/libcrypto/ec/ec_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_lib.c,v 1.42 2022/03/29 13:44:06 tb Exp $ */ +/* $OpenBSD: ec_lib.c,v 1.43 2022/03/29 13:48:40 tb Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -321,10 +321,14 @@ ec_guess_cofactor(EC_GROUP *group) goto err; ret = 1; + err: BN_CTX_end(ctx); BN_CTX_free(ctx); - BN_zero(&group->cofactor); + + if (ret != 1) + BN_zero(&group->cofactor); + return ret; }