From e2787e9f8b079612c26b9c13ba2a18b400256a5a Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Tue, 29 Mar 2022 13:48:40 +0000
Subject: [PATCH] Do not zero cofactor on ec_guess_cofactor() success

The cofactor we tried to calculate should only be zeroed if we failed
to compute it.

ok inoguchi jsing
---
 lib/libcrypto/ec/ec_lib.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/lib/libcrypto/ec/ec_lib.c b/lib/libcrypto/ec/ec_lib.c
index 45df1329ffc..455d44a9427 100644
--- a/lib/libcrypto/ec/ec_lib.c
+++ b/lib/libcrypto/ec/ec_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_lib.c,v 1.42 2022/03/29 13:44:06 tb Exp $ */
+/* $OpenBSD: ec_lib.c,v 1.43 2022/03/29 13:48:40 tb Exp $ */
 /*
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
@@ -321,10 +321,14 @@ ec_guess_cofactor(EC_GROUP *group)
 		goto err;
 
 	ret = 1;
+
  err:
 	BN_CTX_end(ctx);
 	BN_CTX_free(ctx);
-	BN_zero(&group->cofactor);
+
+	if (ret != 1)
+		BN_zero(&group->cofactor);
+
 	return ret;
 }
 
-- 
2.20.1