wolfSSL: Fix crypto_ec_point_compute_y_sqr() error case processing

The result (y2) was cleared and freed in error cases, but the pointer
itself was not cleared to NULL, so the error path would have returned a
pointer to freed memory. Fix this by properly clearing the return value
in error cases. In addition, simplify the function to avoid tracking
success case separately.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
index f9dc1bfdfe8c17d6ddcbe38398568a7702e816bc..afe00f1084f7464bdbb054995f850576f652e2ab 100644 (file)
--- a/src/crypto/crypto_wolfssl.c
+++ b/src/crypto/crypto_wolfssl.c
@@ -1650,34 +1650,22 @@ struct crypto_bignum *
 crypto_ec_point_compute_y_sqr(struct crypto_ec *e,
                              const struct crypto_bignum *x)
 {
-       mp_int *y2 = NULL;
-       mp_int t;
-       int calced = 0;
+       mp_int *y2, t;
 
        if (TEST_FAIL())
                return NULL;
 
-       if (mp_init(&t) != MP_OKAY)
-               return NULL;
-
        y2 = (mp_int *) crypto_bignum_init();
-       if (!y2)
-               goto done;
-
-       if (mp_sqrmod((mp_int *) x, &e->prime, y2) != 0 ||
+       if (!y2 ||
+           mp_init(&t) != MP_OKAY ||
+           mp_sqrmod((mp_int *) x, &e->prime, y2) != 0 ||
            mp_mulmod((mp_int *) x, y2, &e->prime, y2) != 0 ||
            mp_mulmod((mp_int *) x, &e->a, &e->prime, &t) != 0 ||
            mp_addmod(y2, &t, &e->prime, y2) != 0 ||
-           mp_addmod(y2, &e->b, &e->prime, y2) != 0)
-               goto done;
-
-       calced = 1;
-done:
-       if (!calced) {
-               if (y2) {
-                       mp_clear(y2);
-                       os_free(y2);
-               }
+           mp_addmod(y2, &e->b, &e->prime, y2) != 0) {
+               mp_clear(y2);
+               os_free(y2);
+               y2 = NULL;
        }
 
        mp_clear(&t);