summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/bn/bn_exp.c
diff options
context:
space:
mode:
authorjsing <>2015-02-09 15:49:22 +0000
committerjsing <>2015-02-09 15:49:22 +0000
commit16f790d01f7a6fc6c94e2a033a67b80c8ec5291c (patch)
treed924c624d5eb949a9e7e395dc99d92616e911ce9 /src/lib/libcrypto/bn/bn_exp.c
parent42f7780549de5b7b5e3e7943cfef87e0e41970fc (diff)
downloadopenbsd-16f790d01f7a6fc6c94e2a033a67b80c8ec5291c.tar.gz
openbsd-16f790d01f7a6fc6c94e2a033a67b80c8ec5291c.tar.bz2
openbsd-16f790d01f7a6fc6c94e2a033a67b80c8ec5291c.zip
BN_CTX_get() can fail - consistently check its return value.
There are currently cases where the return from each call is checked, the return from only the last call is checked and cases where it is not checked at all (including code in bn, ec and engine). Checking the last return value is valid as once the function fails it will continue to return NULL. However, in order to be consistent check each call with the same idiom. This makes it easy to verify. Note there are still a handful of cases that do not follow the idiom - these will be handled separately. ok beck@ doug@
Diffstat (limited to 'src/lib/libcrypto/bn/bn_exp.c')
-rw-r--r--src/lib/libcrypto/bn/bn_exp.c32
1 files changed, 17 insertions, 15 deletions
diff --git a/src/lib/libcrypto/bn/bn_exp.c b/src/lib/libcrypto/bn/bn_exp.c
index 1aa5503dae..eecab5163b 100644
--- a/src/lib/libcrypto/bn/bn_exp.c
+++ b/src/lib/libcrypto/bn/bn_exp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: bn_exp.c,v 1.19 2014/07/11 15:01:49 miod Exp $ */ 1/* $OpenBSD: bn_exp.c,v 1.20 2015/02/09 15:49:22 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -272,9 +272,9 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
272 } 272 }
273 273
274 BN_CTX_start(ctx); 274 BN_CTX_start(ctx);
275 aa = BN_CTX_get(ctx); 275 if ((aa = BN_CTX_get(ctx)) == NULL)
276 val[0] = BN_CTX_get(ctx); 276 goto err;
277 if (!aa || !val[0]) 277 if ((val[0] = BN_CTX_get(ctx)) == NULL)
278 goto err; 278 goto err;
279 279
280 BN_RECP_CTX_init(&recp); 280 BN_RECP_CTX_init(&recp);
@@ -408,10 +408,11 @@ BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
408 } 408 }
409 409
410 BN_CTX_start(ctx); 410 BN_CTX_start(ctx);
411 d = BN_CTX_get(ctx); 411 if ((d = BN_CTX_get(ctx)) == NULL)
412 r = BN_CTX_get(ctx); 412 goto err;
413 val[0] = BN_CTX_get(ctx); 413 if ((r = BN_CTX_get(ctx)) == NULL)
414 if (!d || !r || !val[0]) 414 goto err;
415 if ((val[0] = BN_CTX_get(ctx)) == NULL)
415 goto err; 416 goto err;
416 417
417 /* If this is not done, things will break in the montgomery 418 /* If this is not done, things will break in the montgomery
@@ -885,10 +886,11 @@ BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, const BIGNUM *m,
885 } 886 }
886 887
887 BN_CTX_start(ctx); 888 BN_CTX_start(ctx);
888 d = BN_CTX_get(ctx); 889 if ((d = BN_CTX_get(ctx)) == NULL)
889 r = BN_CTX_get(ctx); 890 goto err;
890 t = BN_CTX_get(ctx); 891 if ((r = BN_CTX_get(ctx)) == NULL)
891 if (d == NULL || r == NULL || t == NULL) 892 goto err;
893 if ((t = BN_CTX_get(ctx)) == NULL)
892 goto err; 894 goto err;
893 895
894 if (in_mont != NULL) 896 if (in_mont != NULL)
@@ -1003,9 +1005,9 @@ BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
1003 } 1005 }
1004 1006
1005 BN_CTX_start(ctx); 1007 BN_CTX_start(ctx);
1006 d = BN_CTX_get(ctx); 1008 if ((d = BN_CTX_get(ctx)) == NULL)
1007 val[0] = BN_CTX_get(ctx); 1009 goto err;
1008 if (!d || !val[0]) 1010 if ((val[0] = BN_CTX_get(ctx)) == NULL)
1009 goto err; 1011 goto err;
1010 1012
1011 if (!BN_nnmod(val[0],a,m,ctx)) 1013 if (!BN_nnmod(val[0],a,m,ctx))
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-13 07:25:43 +0000