From: doug <doug@openbsd.org>
Date: Wed, 29 Apr 2015 00:11:12 +0000 (+0000)
Subject: Add missing BN_CTX_end() calls.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=4c1eb2eb8ae201872995093439778e3716b9504a;p=openbsd

Add missing BN_CTX_end() calls.

After calling BN_CTX_start(), there must be a BN_CTX_end() before
returning.  There were missing BN_CTX_end() calls in error paths.  One diff
chunk was simply removing redundant code related to this.

ok deraadt@
---

diff --git a/lib/libcrypto/bn/bn_gf2m.c b/lib/libcrypto/bn/bn_gf2m.c
index e84729bdadd..e1537d53793 100644
--- a/lib/libcrypto/bn/bn_gf2m.c
+++ b/lib/libcrypto/bn/bn_gf2m.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_gf2m.c,v 1.18 2015/02/10 09:50:12 miod Exp $ */
+/* $OpenBSD: bn_gf2m.c,v 1.19 2015/04/29 00:11:12 doug Exp $ */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  *
@@ -576,7 +576,7 @@ BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], BN_CTX *ctx)
 	bn_check_top(a);
 	BN_CTX_start(ctx);
 	if ((s = BN_CTX_get(ctx)) == NULL)
-		return 0;
+		goto err;
 	if (!bn_wexpand(s, 2 * a->top))
 		goto err;
 
diff --git a/lib/libcrypto/bn/bn_recp.c b/lib/libcrypto/bn/bn_recp.c
index 7b31fe0adf2..b0bd0aa4dfe 100644
--- a/lib/libcrypto/bn/bn_recp.c
+++ b/lib/libcrypto/bn/bn_recp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_recp.c,v 1.12 2015/03/21 08:05:20 doug Exp $ */
+/* $OpenBSD: bn_recp.c,v 1.13 2015/04/29 00:11:12 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -161,8 +161,10 @@ BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp,
 
 	if (BN_ucmp(m, &(recp->N)) < 0) {
 		BN_zero(d);
-		if (!BN_copy(r, m))
+		if (!BN_copy(r, m)) {
+			BN_CTX_end(ctx);
 			return 0;
+		}
 		BN_CTX_end(ctx);
 		return (1);
 	}
diff --git a/lib/libcrypto/bn/bn_x931p.c b/lib/libcrypto/bn/bn_x931p.c
index 13abd5923c3..1948bc8e717 100644
--- a/lib/libcrypto/bn/bn_x931p.c
+++ b/lib/libcrypto/bn/bn_x931p.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_x931p.c,v 1.7 2015/02/14 15:07:54 jsing Exp $ */
+/* $OpenBSD: bn_x931p.c,v 1.8 2015/04/29 00:11:12 doug Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2005.
  */
@@ -202,6 +202,7 @@ BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
 {
 	BIGNUM *t;
 	int i;
+	int ret = 0;
 
 	/* Number of bits for each prime is of the form
 	 * 512+128s for s = 0, 1, ...
@@ -218,23 +219,24 @@ BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
 
 	BN_CTX_start(ctx);
 	if ((t = BN_CTX_get(ctx)) == NULL)
-		return 0;
+		goto err;
 
 	for (i = 0; i < 1000; i++) {
 		if (!BN_rand(Xq, nbits, 1, 0))
-			return 0;
+			goto err;
 		/* Check that |Xp - Xq| > 2^(nbits - 100) */
 		BN_sub(t, Xp, Xq);
 		if (BN_num_bits(t) > (nbits - 100))
 			break;
 	}
 
-	BN_CTX_end(ctx);
-
 	if (i < 1000)
-		return 1;
+		ret = 1;
 
-	return 0;
+err:
+	BN_CTX_end(ctx);
+
+	return ret;
 }
 
 /* Generate primes using X9.31 algorithm. Of the values p, p1, p2, Xp1
diff --git a/lib/libcrypto/ec/ec_lib.c b/lib/libcrypto/ec/ec_lib.c
index 8cf0f2241ee..d36c2c2e6e2 100644
--- a/lib/libcrypto/ec/ec_lib.c
+++ b/lib/libcrypto/ec/ec_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_lib.c,v 1.16 2015/02/09 15:49:22 jsing Exp $ */
+/* $OpenBSD: ec_lib.c,v 1.17 2015/04/29 00:11:12 doug Exp $ */
 /*
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
@@ -531,12 +531,8 @@ EC_GROUP_cmp(const EC_GROUP * a, const EC_GROUP * b, BN_CTX * ctx)
 		if (!EC_GROUP_get_order(a, a1, ctx) ||
 		    !EC_GROUP_get_order(b, b1, ctx) ||
 		    !EC_GROUP_get_cofactor(a, a2, ctx) ||
-		    !EC_GROUP_get_cofactor(b, b2, ctx)) {
-			BN_CTX_end(ctx);
-			if (ctx_new)
-				BN_CTX_free(ctx);
-			return -1;
-		}
+		    !EC_GROUP_get_cofactor(b, b2, ctx))
+			goto err;
 		if (BN_cmp(a1, b1) || BN_cmp(a2, b2))
 			r = 1;
 	}
diff --git a/lib/libssl/src/crypto/bn/bn_gf2m.c b/lib/libssl/src/crypto/bn/bn_gf2m.c
index e84729bdadd..e1537d53793 100644
--- a/lib/libssl/src/crypto/bn/bn_gf2m.c
+++ b/lib/libssl/src/crypto/bn/bn_gf2m.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_gf2m.c,v 1.18 2015/02/10 09:50:12 miod Exp $ */
+/* $OpenBSD: bn_gf2m.c,v 1.19 2015/04/29 00:11:12 doug Exp $ */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  *
@@ -576,7 +576,7 @@ BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], BN_CTX *ctx)
 	bn_check_top(a);
 	BN_CTX_start(ctx);
 	if ((s = BN_CTX_get(ctx)) == NULL)
-		return 0;
+		goto err;
 	if (!bn_wexpand(s, 2 * a->top))
 		goto err;
 
diff --git a/lib/libssl/src/crypto/bn/bn_recp.c b/lib/libssl/src/crypto/bn/bn_recp.c
index 7b31fe0adf2..b0bd0aa4dfe 100644
--- a/lib/libssl/src/crypto/bn/bn_recp.c
+++ b/lib/libssl/src/crypto/bn/bn_recp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_recp.c,v 1.12 2015/03/21 08:05:20 doug Exp $ */
+/* $OpenBSD: bn_recp.c,v 1.13 2015/04/29 00:11:12 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -161,8 +161,10 @@ BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp,
 
 	if (BN_ucmp(m, &(recp->N)) < 0) {
 		BN_zero(d);
-		if (!BN_copy(r, m))
+		if (!BN_copy(r, m)) {
+			BN_CTX_end(ctx);
 			return 0;
+		}
 		BN_CTX_end(ctx);
 		return (1);
 	}
diff --git a/lib/libssl/src/crypto/bn/bn_x931p.c b/lib/libssl/src/crypto/bn/bn_x931p.c
index 13abd5923c3..1948bc8e717 100644
--- a/lib/libssl/src/crypto/bn/bn_x931p.c
+++ b/lib/libssl/src/crypto/bn/bn_x931p.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_x931p.c,v 1.7 2015/02/14 15:07:54 jsing Exp $ */
+/* $OpenBSD: bn_x931p.c,v 1.8 2015/04/29 00:11:12 doug Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2005.
  */
@@ -202,6 +202,7 @@ BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
 {
 	BIGNUM *t;
 	int i;
+	int ret = 0;
 
 	/* Number of bits for each prime is of the form
 	 * 512+128s for s = 0, 1, ...
@@ -218,23 +219,24 @@ BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
 
 	BN_CTX_start(ctx);
 	if ((t = BN_CTX_get(ctx)) == NULL)
-		return 0;
+		goto err;
 
 	for (i = 0; i < 1000; i++) {
 		if (!BN_rand(Xq, nbits, 1, 0))
-			return 0;
+			goto err;
 		/* Check that |Xp - Xq| > 2^(nbits - 100) */
 		BN_sub(t, Xp, Xq);
 		if (BN_num_bits(t) > (nbits - 100))
 			break;
 	}
 
-	BN_CTX_end(ctx);
-
 	if (i < 1000)
-		return 1;
+		ret = 1;
 
-	return 0;
+err:
+	BN_CTX_end(ctx);
+
+	return ret;
 }
 
 /* Generate primes using X9.31 algorithm. Of the values p, p1, p2, Xp1
diff --git a/lib/libssl/src/crypto/ec/ec_lib.c b/lib/libssl/src/crypto/ec/ec_lib.c
index 8cf0f2241ee..d36c2c2e6e2 100644
--- a/lib/libssl/src/crypto/ec/ec_lib.c
+++ b/lib/libssl/src/crypto/ec/ec_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_lib.c,v 1.16 2015/02/09 15:49:22 jsing Exp $ */
+/* $OpenBSD: ec_lib.c,v 1.17 2015/04/29 00:11:12 doug Exp $ */
 /*
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
@@ -531,12 +531,8 @@ EC_GROUP_cmp(const EC_GROUP * a, const EC_GROUP * b, BN_CTX * ctx)
 		if (!EC_GROUP_get_order(a, a1, ctx) ||
 		    !EC_GROUP_get_order(b, b1, ctx) ||
 		    !EC_GROUP_get_cofactor(a, a2, ctx) ||
-		    !EC_GROUP_get_cofactor(b, b2, ctx)) {
-			BN_CTX_end(ctx);
-			if (ctx_new)
-				BN_CTX_free(ctx);
-			return -1;
-		}
+		    !EC_GROUP_get_cofactor(b, b2, ctx))
+			goto err;
 		if (BN_cmp(a1, b1) || BN_cmp(a2, b2))
 			r = 1;
 	}