From 546813aa543b70ea35440e5411e90cf9bb704dcd Mon Sep 17 00:00:00 2001
From: bcook <bcook@openbsd.org>
Date: Thu, 7 Jul 2016 11:53:12 +0000
Subject: [PATCH] call BN_init on temporaries to avoid use-before-set warnings

ok beck@
---
 lib/libcrypto/dh/dh_key.c            |  3 ++-
 lib/libcrypto/rsa/rsa_crpt.c         |  3 ++-
 lib/libcrypto/rsa/rsa_eay.c          | 11 ++++++++++-
 lib/libssl/src/crypto/dh/dh_key.c    |  3 ++-
 lib/libssl/src/crypto/rsa/rsa_crpt.c |  3 ++-
 lib/libssl/src/crypto/rsa/rsa_eay.c  | 11 ++++++++++-
 6 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/lib/libcrypto/dh/dh_key.c b/lib/libcrypto/dh/dh_key.c
index 25e8968ef59..6eb1365bf64 100644
--- a/lib/libcrypto/dh/dh_key.c
+++ b/lib/libcrypto/dh/dh_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_key.c,v 1.24 2016/06/30 02:02:06 bcook Exp $ */
+/* $OpenBSD: dh_key.c,v 1.25 2016/07/07 11:53:12 bcook Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -149,6 +149,7 @@ generate_key(DH *dh)
 	{
 		BIGNUM prk;
 
+		BN_init(&prk);
 		BN_with_flags(&prk, priv_key, BN_FLG_CONSTTIME);
 
 		if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, &prk, dh->p, ctx,
diff --git a/lib/libcrypto/rsa/rsa_crpt.c b/lib/libcrypto/rsa/rsa_crpt.c
index b50e4a4a6fc..ccb677c12b0 100644
--- a/lib/libcrypto/rsa/rsa_crpt.c
+++ b/lib/libcrypto/rsa/rsa_crpt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_crpt.c,v 1.15 2016/06/30 02:02:06 bcook Exp $ */
+/* $OpenBSD: rsa_crpt.c,v 1.16 2016/07/07 11:53:12 bcook Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -192,6 +192,7 @@ RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
 	} else
 		e = rsa->e;
 
+	BN_init(&n);
 	BN_with_flags(&n, rsa->n, BN_FLG_CONSTTIME);
 
 	ret = BN_BLINDING_create_param(NULL, e, &n, ctx, rsa->meth->bn_mod_exp,
diff --git a/lib/libcrypto/rsa/rsa_eay.c b/lib/libcrypto/rsa/rsa_eay.c
index 6edfd7e5fdc..2facd1c6f6a 100644
--- a/lib/libcrypto/rsa/rsa_eay.c
+++ b/lib/libcrypto/rsa/rsa_eay.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_eay.c,v 1.41 2016/06/30 02:02:06 bcook Exp $ */
+/* $OpenBSD: rsa_eay.c,v 1.42 2016/07/07 11:53:12 bcook Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -432,6 +432,7 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
 	} else {
 		BIGNUM d;
 
+		BN_init(&d);
 		BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME);
 
 		if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
@@ -556,6 +557,7 @@ RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
 	} else {
 		BIGNUM d;
 
+		BN_init(&d);
 		BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME);
 
 		if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
@@ -742,6 +744,8 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
 		 * Make sure BN_mod_inverse in Montgomery intialization uses the
 		 * BN_FLG_CONSTTIME flag
 		 */
+		BN_init(&p);
+		BN_init(&q);
 		BN_with_flags(&p, rsa->p, BN_FLG_CONSTTIME);
 		BN_with_flags(&q, rsa->q, BN_FLG_CONSTTIME);
 
@@ -761,12 +765,14 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
 			goto err;
 
 	/* compute I mod q */
+	BN_init(&c);
 	BN_with_flags(&c, I, BN_FLG_CONSTTIME);
 
 	if (!BN_mod(r1, &c, rsa->q, ctx))
 		goto err;
 
 	/* compute r1^dmq1 mod q */
+	BN_init(&dmq1);
 	BN_with_flags(&dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
 
 	if (!rsa->meth->bn_mod_exp(m1, r1, &dmq1, rsa->q, ctx,
@@ -780,6 +786,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
 		goto err;
 
 	/* compute r1^dmp1 mod p */
+	BN_init(&dmp1);
 	BN_with_flags(&dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
 
 	if (!rsa->meth->bn_mod_exp(r0, r1, &dmp1, rsa->p, ctx,
@@ -801,6 +808,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
 		goto err;
 
 	/* Turn BN_FLG_CONSTTIME flag on before division operation */
+	BN_init(&pr1);
 	BN_with_flags(&pr1, r1, BN_FLG_CONSTTIME);
 
 	if (!BN_mod(r0, &pr1, rsa->p, ctx))
@@ -847,6 +855,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
 			 */
 			BIGNUM d;
 
+			BN_init(&d);
 			BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME);
 
 			if (!rsa->meth->bn_mod_exp(r0, I, &d, rsa->n, ctx,
diff --git a/lib/libssl/src/crypto/dh/dh_key.c b/lib/libssl/src/crypto/dh/dh_key.c
index 25e8968ef59..6eb1365bf64 100644
--- a/lib/libssl/src/crypto/dh/dh_key.c
+++ b/lib/libssl/src/crypto/dh/dh_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_key.c,v 1.24 2016/06/30 02:02:06 bcook Exp $ */
+/* $OpenBSD: dh_key.c,v 1.25 2016/07/07 11:53:12 bcook Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -149,6 +149,7 @@ generate_key(DH *dh)
 	{
 		BIGNUM prk;
 
+		BN_init(&prk);
 		BN_with_flags(&prk, priv_key, BN_FLG_CONSTTIME);
 
 		if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, &prk, dh->p, ctx,
diff --git a/lib/libssl/src/crypto/rsa/rsa_crpt.c b/lib/libssl/src/crypto/rsa/rsa_crpt.c
index b50e4a4a6fc..ccb677c12b0 100644
--- a/lib/libssl/src/crypto/rsa/rsa_crpt.c
+++ b/lib/libssl/src/crypto/rsa/rsa_crpt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_crpt.c,v 1.15 2016/06/30 02:02:06 bcook Exp $ */
+/* $OpenBSD: rsa_crpt.c,v 1.16 2016/07/07 11:53:12 bcook Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -192,6 +192,7 @@ RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
 	} else
 		e = rsa->e;
 
+	BN_init(&n);
 	BN_with_flags(&n, rsa->n, BN_FLG_CONSTTIME);
 
 	ret = BN_BLINDING_create_param(NULL, e, &n, ctx, rsa->meth->bn_mod_exp,
diff --git a/lib/libssl/src/crypto/rsa/rsa_eay.c b/lib/libssl/src/crypto/rsa/rsa_eay.c
index 6edfd7e5fdc..2facd1c6f6a 100644
--- a/lib/libssl/src/crypto/rsa/rsa_eay.c
+++ b/lib/libssl/src/crypto/rsa/rsa_eay.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_eay.c,v 1.41 2016/06/30 02:02:06 bcook Exp $ */
+/* $OpenBSD: rsa_eay.c,v 1.42 2016/07/07 11:53:12 bcook Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -432,6 +432,7 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
 	} else {
 		BIGNUM d;
 
+		BN_init(&d);
 		BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME);
 
 		if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
@@ -556,6 +557,7 @@ RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
 	} else {
 		BIGNUM d;
 
+		BN_init(&d);
 		BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME);
 
 		if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
@@ -742,6 +744,8 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
 		 * Make sure BN_mod_inverse in Montgomery intialization uses the
 		 * BN_FLG_CONSTTIME flag
 		 */
+		BN_init(&p);
+		BN_init(&q);
 		BN_with_flags(&p, rsa->p, BN_FLG_CONSTTIME);
 		BN_with_flags(&q, rsa->q, BN_FLG_CONSTTIME);
 
@@ -761,12 +765,14 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
 			goto err;
 
 	/* compute I mod q */
+	BN_init(&c);
 	BN_with_flags(&c, I, BN_FLG_CONSTTIME);
 
 	if (!BN_mod(r1, &c, rsa->q, ctx))
 		goto err;
 
 	/* compute r1^dmq1 mod q */
+	BN_init(&dmq1);
 	BN_with_flags(&dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
 
 	if (!rsa->meth->bn_mod_exp(m1, r1, &dmq1, rsa->q, ctx,
@@ -780,6 +786,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
 		goto err;
 
 	/* compute r1^dmp1 mod p */
+	BN_init(&dmp1);
 	BN_with_flags(&dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
 
 	if (!rsa->meth->bn_mod_exp(r0, r1, &dmp1, rsa->p, ctx,
@@ -801,6 +808,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
 		goto err;
 
 	/* Turn BN_FLG_CONSTTIME flag on before division operation */
+	BN_init(&pr1);
 	BN_with_flags(&pr1, r1, BN_FLG_CONSTTIME);
 
 	if (!BN_mod(r0, &pr1, rsa->p, ctx))
@@ -847,6 +855,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
 			 */
 			BIGNUM d;
 
+			BN_init(&d);
 			BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME);
 
 			if (!rsa->meth->bn_mod_exp(r0, I, &d, rsa->n, ctx,
-- 
2.20.1