From 0748cdc7f1775deac6b5bc0d583c7caa219a16b8 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Lutz=20J=C3=A4nicke?= <jaenicke@openssl.org>
Date: Wed, 15 Jan 2003 14:56:47 +0000
Subject: [PATCH] Fix initialization sequence to prevent freeing of unitialized
 objects. Submitted by: Nils Larsch <nla@trustcenter.de>

PR: 459
---
 CHANGES               |  6 ++++++
 crypto/dsa/dsa_ossl.c | 13 +++++++++----
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/CHANGES b/CHANGES
index 85bd963ae9..863a975a88 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@
 
  Changes between 0.9.7 and 0.9.7a  [XX xxx 2003]
 
+  *) DSA routines: under certain error conditions uninitialized BN objects
+     could be freed. Solution: make sure initialization is performed early
+     enough. (Reported and fix supplied by Ivan D Nestlerode <nestler@MIT.EDU>,
+     Nils Larsch <nla@trustcenter.de> via PR#459)
+     [Lutz Jaenicke]
+
   *) Another fix for SSLv2 session ID handling: the session ID was incorrectly
      checked on reconnect on the client side, therefore session resumption
      could still fail with a "ssl session id is different" error. This
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index 37dd5fc994..11da570ddb 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -106,13 +106,15 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 	int i,reason=ERR_R_BN_LIB;
 	DSA_SIG *ret=NULL;
 
+	BN_init(&m);
+	BN_init(&xr);
+
 	if (!dsa->p || !dsa->q || !dsa->g)
 		{
 		reason=DSA_R_MISSING_PARAMETERS;
 		goto err;
 		}
-	BN_init(&m);
-	BN_init(&xr);
+
 	s=BN_new();
 	if (s == NULL) goto err;
 
@@ -178,6 +180,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 		DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
 		return 0;
 		}
+
+	BN_init(&k);
+
 	if (ctx_in == NULL)
 		{
 		if ((ctx=BN_CTX_new()) == NULL) goto err;
@@ -185,7 +190,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 	else
 		ctx=ctx_in;
 
-	BN_init(&k);
 	if ((r=BN_new()) == NULL) goto err;
 	kinv=NULL;
 
@@ -241,11 +245,12 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
 		return -1;
 		}
 
-	if ((ctx=BN_CTX_new()) == NULL) goto err;
 	BN_init(&u1);
 	BN_init(&u2);
 	BN_init(&t1);
 
+	if ((ctx=BN_CTX_new()) == NULL) goto err;
+
 	if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
 		{
 		ret = 0;
-- 
2.25.1