There was an error-handling path testing the wrong variable; an
inappropriate call to ec_point_free in decodepoint() (in fact, that
function always gets passed a pointer to an ec_point structure that's
not a dynamically allocated block at all or not in its own right, so
we should have just cleared its contents without freeing the structure
itself); a missing return on an error path which would have caused the
same structure to be freed a second time; and two missing freebn in
ecdsa_sign.
Patch due to Tim Kosse.
}
XmZ2 = modsub(a->x, Z2, a->curve->p);
freebn(Z2);
- if (!XpZ2) {
+ if (!XmZ2) {
freebn(S);
freebn(XpZ2);
return NULL;
/* Verify the point is on the curve */
if (!ec_point_verify(point)) {
- ec_point_free(point);
+ freebn(point->x);
+ point->x = NULL;
+ freebn(point->y);
+ point->y = NULL;
return 0;
}
/* Private key doesn't make the public key on the given curve */
ecdsa_freekey(ec);
ec_point_free(publicKey);
+ return NULL;
}
ec_point_free(publicKey);
for (i = slen; i--;)
*p++ = bignum_byte(s, i);
+ freebn(r);
+ freebn(s);
+
return buf;
}