[openssl] OpenSSL_1_0_2-stable update

bernd.edlinger at hotmail.de bernd.edlinger at hotmail.de
Mon Mar 18 21:50:15 UTC 2019


The branch OpenSSL_1_0_2-stable has been updated
       via  94eb7d07c0c14bf18bd3a4e4d6c1ef1e6633d447 (commit)
      from  dbf71ae457dfa5632518612b58efccd40f528f26 (commit)


- Log -----------------------------------------------------------------
commit 94eb7d07c0c14bf18bd3a4e4d6c1ef1e6633d447
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date:   Sun Mar 17 17:28:24 2019 +0100

    Clear the point S before freeing in ec_mul_consttime
    
    The secret point R can be recovered from S using the equation R = S - P.
    The X and Z coordinates should be sufficient for that.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/8505)
    
    (cherry picked from commit 502b871ad4eacc96a31f89d9a9470ca2858da998)

-----------------------------------------------------------------------

Summary of changes:
 crypto/ec/ec_mult.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
index da71526..fce8882 100644
--- a/crypto/ec/ec_mult.c
+++ b/crypto/ec/ec_mult.c
@@ -519,7 +519,7 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r,
     ret = 1;
 
  err:
-    EC_POINT_free(s);
+    EC_POINT_clear_free(s);
     BN_CTX_end(ctx);
     BN_CTX_free(new_ctx);
 


More information about the openssl-commits mailing list