From: Niels Dossche <niels.dossche@ugent.be>
Date: Mon, 8 Dec 2025 14:17:56 +0000 (+0100)
Subject: Fix memory leak in error path of ec_gen_init()
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ded359acea83f38e5c21089b9834491b90ec2fb1;p=thirdparty%2Fopenssl.git

Fix memory leak in error path of ec_gen_init()

ec_gen_set_params() can fail after some big numbers have already been
copied over. Those need to be cleaned to avoid a memory leak on failure.
This can be done with ec_gen_cleanup(), which is also consistent in how
the ecx_gen code does it.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29335)

(cherry picked from commit 26d138af724961c5f30263c15ae8137d4f86645b)
---

diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
index fb7576ffdbf..cc55c146d38 100644
--- a/providers/implementations/keymgmt/ec_kmgmt.c
+++ b/providers/implementations/keymgmt/ec_kmgmt.c
@@ -985,7 +985,7 @@ static void *ec_gen_init(void *provctx, int selection,
         gctx->ecdh_mode = 0;
         OSSL_FIPS_IND_INIT(gctx)
         if (!ec_gen_set_params(gctx, params)) {
-            OPENSSL_free(gctx);
+            ec_gen_cleanup(gctx);
             gctx = NULL;
         }
     }