From c8a9fa6910c3cb6e9b5f8eb029eb6fc80dfc9cfe Mon Sep 17 00:00:00 2001 From: Shane Lontis Date: Tue, 19 Mar 2019 09:58:09 +1000 Subject: [PATCH] Added NULL check to BN_clear() & BN_CTX_end() Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8518) (cherry picked from commit ce1415ed2ce15305356cd028bcf7b9bc688d6d5c) --- crypto/bn/bn_ctx.c | 2 ++ crypto/bn/bn_lib.c | 2 ++ crypto/bn/bn_prime.c | 3 +-- crypto/dh/dh_check.c | 18 ++++++------------ crypto/dh/dh_gen.c | 6 ++---- crypto/dh/dh_key.c | 6 ++---- crypto/dsa/dsa_gen.c | 6 ++---- crypto/ec/ec2_smpl.c | 3 +-- crypto/ec/ec_lib.c | 3 +-- crypto/ec/ec_mult.c | 3 +-- crypto/ec/ecdh_ossl.c | 3 +-- crypto/ec/ecp_nistz256.c | 3 +-- crypto/ec/ecp_smpl.c | 6 ++---- crypto/rsa/rsa_gen.c | 3 +-- crypto/rsa/rsa_ossl.c | 12 ++++-------- crypto/rsa/rsa_x931g.c | 6 ++---- 16 files changed, 31 insertions(+), 54 deletions(-) diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c index 54b799961a..90cecea2aa 100644 --- a/crypto/bn/bn_ctx.c +++ b/crypto/bn/bn_ctx.c @@ -194,6 +194,8 @@ void BN_CTX_start(BN_CTX *ctx) void BN_CTX_end(BN_CTX *ctx) { + if (ctx == NULL) + return; CTXDBG_ENTRY("BN_CTX_end", ctx); if (ctx->err_stack) ctx->err_stack--; diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 8286b3855a..f93bbcfcc7 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -338,6 +338,8 @@ void BN_swap(BIGNUM *a, BIGNUM *b) void BN_clear(BIGNUM *a) { + if (a == NULL) + return; bn_check_top(a); if (a->d != NULL) OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax); diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index b91b31b1f3..236b711178 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -135,8 +135,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, found = 1; err: OPENSSL_free(mods); - if (ctx != NULL) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(ctx); bn_check_top(ret); return found; diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index fc45577101..52cc0eb476 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -58,10 +58,8 @@ int DH_check_params(const DH *dh, int *ret) ok = 1; err: - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } + BN_CTX_end(ctx); + BN_CTX_free(ctx); return ok; } @@ -171,10 +169,8 @@ int DH_check(const DH *dh, int *ret) } ok = 1; err: - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } + BN_CTX_end(ctx); + BN_CTX_free(ctx); return ok; } @@ -225,9 +221,7 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) ok = 1; err: - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } + BN_CTX_end(ctx); + BN_CTX_free(ctx); return ok; } diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index 59137e0f05..b115028da9 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -122,9 +122,7 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, ok = 0; } - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } + BN_CTX_end(ctx); + BN_CTX_free(ctx); return ok; } diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 4f85be7e49..182ce329bd 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -205,10 +205,8 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) ret = BN_bn2bin(tmp, key); err: - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } + BN_CTX_end(ctx); + BN_CTX_free(ctx); return ret; } diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 383d853b6d..30b20bbd88 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -292,8 +292,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, if (seed_out) memcpy(seed_out, seed, qsize); } - if (ctx) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(ctx); BN_MONT_CTX_free(mont); return ok; @@ -607,8 +606,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, OPENSSL_free(seed); if (seed_out != seed_tmp) OPENSSL_free(seed_tmp); - if (ctx) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(ctx); BN_MONT_CTX_free(mont); EVP_MD_CTX_free(mctx); diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index 0a05a7aeea..898e741fcb 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -204,8 +204,7 @@ int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group, ret = 1; err: - if (ctx != NULL) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(new_ctx); return ret; } diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index b89e3979d9..bd1d6abf93 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -1074,8 +1074,7 @@ static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r, ret = 1; err: - if (ctx != NULL) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(new_ctx); return ret; } diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index f8832e94e0..ce5796de36 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -948,8 +948,7 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) ret = 1; err: - if (ctx != NULL) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(new_ctx); EC_ec_pre_comp_free(pre_comp); if (points) { diff --git a/crypto/ec/ecdh_ossl.c b/crypto/ec/ecdh_ossl.c index 254a1dc9c2..728815a4db 100644 --- a/crypto/ec/ecdh_ossl.c +++ b/crypto/ec/ecdh_ossl.c @@ -113,8 +113,7 @@ int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen, err: EC_POINT_clear_free(tmp); - if (ctx) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(ctx); OPENSSL_free(buf); return ret; diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index aea6394169..7ad5eb627d 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -888,8 +888,7 @@ __owur static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx) ret = 1; err: - if (ctx != NULL) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(new_ctx); EC_nistz256_pre_comp_free(pre_comp); diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index f6a6cedb0a..e6e4c9d2cb 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -307,8 +307,7 @@ int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) ret = 1; err: - if (ctx != NULL) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(new_ctx); return ret; } @@ -787,8 +786,7 @@ int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, ret = 1; end: - if (ctx) /* otherwise we already called BN_CTX_end */ - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(new_ctx); return ret; } diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index 7f0a256481..c05e7beada 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -387,8 +387,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value, RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, ERR_LIB_BN); ok = 0; } - if (ctx != NULL) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(ctx); return ok; } diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c index 465134257f..0c93f13ccf 100644 --- a/crypto/rsa/rsa_ossl.c +++ b/crypto/rsa/rsa_ossl.c @@ -148,8 +148,7 @@ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, */ r = BN_bn2binpad(ret, to, num); err: - if (ctx != NULL) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(ctx); OPENSSL_clear_free(buf, num); return r; @@ -354,8 +353,7 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, */ r = BN_bn2binpad(res, to, num); err: - if (ctx != NULL) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(ctx); OPENSSL_clear_free(buf, num); return r; @@ -484,8 +482,7 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, err_clear_last_constant_time(r >= 0); err: - if (ctx != NULL) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(ctx); OPENSSL_clear_free(buf, num); return r; @@ -581,8 +578,7 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from, RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_PADDING_CHECK_FAILED); err: - if (ctx != NULL) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(ctx); OPENSSL_clear_free(buf, num); return r; diff --git a/crypto/rsa/rsa_x931g.c b/crypto/rsa/rsa_x931g.c index 15e40e8d1d..2084c53a0d 100644 --- a/crypto/rsa/rsa_x931g.c +++ b/crypto/rsa/rsa_x931g.c @@ -133,8 +133,7 @@ int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, ret = 1; err: - if (ctx) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(ctx); BN_CTX_free(ctx2); @@ -188,8 +187,7 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, ok = 1; error: - if (ctx) - BN_CTX_end(ctx); + BN_CTX_end(ctx); BN_CTX_free(ctx); if (ok) -- 2.25.1