Added NULL check to BN_clear() & BN_CTX_end()

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8518)

(cherry picked from commit ce1415ed2ce15305356cd028bcf7b9bc688d6d5c)

diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c
index 54b799961aa43cb1fe89de3258dde33fa00aada6..90cecea2aa5d28ad1b84f9fa52418d85b327860f 100644 (file)
--- a/crypto/bn/bn_ctx.c
+++ b/crypto/bn/bn_ctx.c
@@ -194,6 +194,8 @@ void BN_CTX_start(BN_CTX *ctx)
 
 void BN_CTX_end(BN_CTX *ctx)
 {
+    if (ctx == NULL)
+        return;
     CTXDBG_ENTRY("BN_CTX_end", ctx);
     if (ctx->err_stack)
         ctx->err_stack--;

diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 8286b3855a2cb38d6ff0ccc44cbd5597fa31b1f1..f93bbcfcc71f7f9fb91e0bf7ac4085fba02f46b2 100644 (file)
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -338,6 +338,8 @@ void BN_swap(BIGNUM *a, BIGNUM *b)
 
 void BN_clear(BIGNUM *a)
 {
+    if (a == NULL)
+        return;
     bn_check_top(a);
     if (a->d != NULL)
         OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax);

diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
index b91b31b1f304d2e75445d72244becc03b3094cb3..236b71117834115d76ec87e4f5f90a5abe7257bd 100644 (file)
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -135,8 +135,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
     found = 1;
  err:
     OPENSSL_free(mods);
-    if (ctx != NULL)
-        BN_CTX_end(ctx);
+    BN_CTX_end(ctx);
     BN_CTX_free(ctx);
     bn_check_top(ret);
     return found;

diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
index fc45577101d03e08b3564bb20936e34c39677a8d..52cc0eb47609d4d79487feb1042d2024e6558ca7 100644 (file)
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -58,10 +58,8 @@ int DH_check_params(const DH *dh, int *ret)
 
     ok = 1;
  err:
-    if (ctx != NULL) {
-        BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
-    }
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
     return ok;
 }
 
@@ -171,10 +169,8 @@ int DH_check(const DH *dh, int *ret)
     }
     ok = 1;
  err:
-    if (ctx != NULL) {
-        BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
-    }
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
     return ok;
 }
 
@@ -225,9 +221,7 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
 
     ok = 1;
  err:
-    if (ctx != NULL) {
-        BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
-    }
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
     return ok;
 }

diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c
index 59137e0f05aa4b90dca0075d50a31a18634544ab..b115028da9f577791e66e4c61223d05e70b1b6b5 100644 (file)
--- a/crypto/dh/dh_gen.c
+++ b/crypto/dh/dh_gen.c
@@ -122,9 +122,7 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
         ok = 0;
     }
 
-    if (ctx != NULL) {
-        BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
-    }
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
     return ok;
 }

diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 4f85be7e49bdf53be479b46a5c7cf355754f6469..182ce329bd3435b4c241880c445c9429c792e775 100644 (file)
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -205,10 +205,8 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 
     ret = BN_bn2bin(tmp, key);
  err:
-    if (ctx != NULL) {
-        BN_CTX_end(ctx);
-        BN_CTX_free(ctx);
-    }
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
     return ret;
 }
 

diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 383d853b6d37307be26a3dd5d15277cff79d0db4..30b20bbd881c35ccf0b0b3344128182c34361857 100644 (file)
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -292,8 +292,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
         if (seed_out)
             memcpy(seed_out, seed, qsize);
     }
-    if (ctx)
-        BN_CTX_end(ctx);
+    BN_CTX_end(ctx);
     BN_CTX_free(ctx);
     BN_MONT_CTX_free(mont);
     return ok;
@@ -607,8 +606,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
     OPENSSL_free(seed);
     if (seed_out != seed_tmp)
         OPENSSL_free(seed_tmp);
-    if (ctx)
-        BN_CTX_end(ctx);
+    BN_CTX_end(ctx);
     BN_CTX_free(ctx);
     BN_MONT_CTX_free(mont);
     EVP_MD_CTX_free(mctx);

diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c
index 0a05a7aeea61c66e774122f05c44b78cdc168f63..898e741fcb97ed1c6fd00768773670c4b38d02a8 100644 (file)
--- a/crypto/ec/ec2_smpl.c
+++ b/crypto/ec/ec2_smpl.c
@@ -204,8 +204,7 @@ int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group,
     ret = 1;
 
  err:
-    if (ctx != NULL)
-        BN_CTX_end(ctx);
+    BN_CTX_end(ctx);
     BN_CTX_free(new_ctx);
     return ret;
 }

diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index b89e3979d9dcb73a5e702e7c3b582a38f33b06ba..bd1d6abf93d2884c2df609423057a69ef796406c 100644 (file)
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -1074,8 +1074,7 @@ static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r,
     ret = 1;
 
  err:
-    if (ctx != NULL)
-        BN_CTX_end(ctx);
+    BN_CTX_end(ctx);
     BN_CTX_free(new_ctx);
     return ret;
 }

diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
index f8832e94e0f2e22be1436b07668b94f0f0d8abbd..ce5796de366b3988108d14a311bda53796ae19d3 100644 (file)
--- a/crypto/ec/ec_mult.c
+++ b/crypto/ec/ec_mult.c
@@ -948,8 +948,7 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
     ret = 1;
 
  err:
-    if (ctx != NULL)
-        BN_CTX_end(ctx);
+    BN_CTX_end(ctx);
     BN_CTX_free(new_ctx);
     EC_ec_pre_comp_free(pre_comp);
     if (points) {

diff --git a/crypto/ec/ecdh_ossl.c b/crypto/ec/ecdh_ossl.c
index 254a1dc9c27fddfa48f965f9d992bf8289cb6854..728815a4dbe9a2fa163357c625d4eb76e3fc8f44 100644 (file)
--- a/crypto/ec/ecdh_ossl.c
+++ b/crypto/ec/ecdh_ossl.c
@@ -113,8 +113,7 @@ int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen,
 
  err:
     EC_POINT_clear_free(tmp);
-    if (ctx)
-        BN_CTX_end(ctx);
+    BN_CTX_end(ctx);
     BN_CTX_free(ctx);
     OPENSSL_free(buf);
     return ret;

diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c
index aea6394169ce9b69b858504c267e7bb2a9ad6edd..7ad5eb627de12969f83fedd2b55f448f5accbfed 100644 (file)
--- a/crypto/ec/ecp_nistz256.c
+++ b/crypto/ec/ecp_nistz256.c
@@ -888,8 +888,7 @@ __owur static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)
     ret = 1;
 
  err:
-    if (ctx != NULL)
-        BN_CTX_end(ctx);
+    BN_CTX_end(ctx);
     BN_CTX_free(new_ctx);
 
     EC_nistz256_pre_comp_free(pre_comp);

diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c
index f6a6cedb0ae36a5ea19937b91e7d08a5b70bdfc6..e6e4c9d2cbb76e051ec0e441c02b9fd96dbc804b 100644 (file)
--- a/crypto/ec/ecp_smpl.c
+++ b/crypto/ec/ecp_smpl.c
@@ -307,8 +307,7 @@ int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
     ret = 1;
 
  err:
-    if (ctx != NULL)
-        BN_CTX_end(ctx);
+    BN_CTX_end(ctx);
     BN_CTX_free(new_ctx);
     return ret;
 }
@@ -787,8 +786,7 @@ int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
     ret = 1;
 
  end:
-    if (ctx)                    /* otherwise we already called BN_CTX_end */
-        BN_CTX_end(ctx);
+    BN_CTX_end(ctx);
     BN_CTX_free(new_ctx);
     return ret;
 }

diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index 7f0a25648140c4e89d0497bdc5c105fd7002b6c2..c05e7beadafc046fe6a9fd1d720b6a2f387088b9 100644 (file)
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -387,8 +387,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value,
         RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, ERR_LIB_BN);
         ok = 0;
     }
-    if (ctx != NULL)
-        BN_CTX_end(ctx);
+    BN_CTX_end(ctx);
     BN_CTX_free(ctx);
     return ok;
 }

diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c
index 465134257fcc7d5ecd8e9c5d0690a03bb40e4c0c..0c93f13ccf469c3e7a6b5d0d10ae1cb8c009448d 100644 (file)
--- a/crypto/rsa/rsa_ossl.c
+++ b/crypto/rsa/rsa_ossl.c
@@ -148,8 +148,7 @@ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
      */
     r = BN_bn2binpad(ret, to, num);
  err:
-    if (ctx != NULL)
-        BN_CTX_end(ctx);
+    BN_CTX_end(ctx);
     BN_CTX_free(ctx);
     OPENSSL_clear_free(buf, num);
     return r;
@@ -354,8 +353,7 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
      */
     r = BN_bn2binpad(res, to, num);
  err:
-    if (ctx != NULL)
-        BN_CTX_end(ctx);
+    BN_CTX_end(ctx);
     BN_CTX_free(ctx);
     OPENSSL_clear_free(buf, num);
     return r;
@@ -484,8 +482,7 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
     err_clear_last_constant_time(r >= 0);
 
  err:
-    if (ctx != NULL)
-        BN_CTX_end(ctx);
+    BN_CTX_end(ctx);
     BN_CTX_free(ctx);
     OPENSSL_clear_free(buf, num);
     return r;
@@ -581,8 +578,7 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from,
         RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
 
  err:
-    if (ctx != NULL)
-        BN_CTX_end(ctx);
+    BN_CTX_end(ctx);
     BN_CTX_free(ctx);
     OPENSSL_clear_free(buf, num);
     return r;

diff --git a/crypto/rsa/rsa_x931g.c b/crypto/rsa/rsa_x931g.c
index 15e40e8d1dd733cdc65c2ada8658e821bcd18f16..2084c53a0d05f0e4079bd6ead7cb71c8a066a711 100644 (file)
--- a/crypto/rsa/rsa_x931g.c
+++ b/crypto/rsa/rsa_x931g.c
@@ -133,8 +133,7 @@ int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1,
 
     ret = 1;
  err:
-    if (ctx)
-        BN_CTX_end(ctx);
+    BN_CTX_end(ctx);
     BN_CTX_free(ctx);
     BN_CTX_free(ctx2);
 
@@ -188,8 +187,7 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e,
     ok = 1;
 
  error:
-    if (ctx)
-        BN_CTX_end(ctx);
+    BN_CTX_end(ctx);
     BN_CTX_free(ctx);
 
     if (ok)