BN_CTX_get() can fail - consistently check its return value.

There are currently cases where the return from each call is checked,
the return from only the last call is checked and cases where it is not
checked at all (including code in bn, ec and engine).

Checking the last return value is valid as once the function fails it will
continue to return NULL. However, in order to be consistent check each
call with the same idiom. This makes it easy to verify.

Note there are still a handful of cases that do not follow the idiom -
these will be handled separately.

ok beck@ doug@

1 files changed, 12 insertions, 8 deletions

diff --git a/src/lib/libcrypto/bn/bn_sqrt.c b/src/lib/libcrypto/bn/bn_sqrt.c
index 9a59d56b3f..f94fa41094 100644
--- a/src/lib/libcrypto/bn/bn_sqrt.c
+++ b/src/lib/libcrypto/bn/bn_sqrt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_sqrt.c,v 1.5 2014/07/11 08:44:48 jsing Exp $ */
+/* $OpenBSD: bn_sqrt.c,v 1.6 2015/02/09 15:49:22 jsing Exp $ */
 /* Written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
  * and Bodo Moeller for the OpenSSL project. */
 /* ====================================================================
@@ -108,13 +108,17 @@ BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
         }
 
         BN_CTX_start(ctx);
-        A = BN_CTX_get(ctx);
-        b = BN_CTX_get(ctx);
-        q = BN_CTX_get(ctx);
-        t = BN_CTX_get(ctx);
-        x = BN_CTX_get(ctx);
-        y = BN_CTX_get(ctx);
-        if (y == NULL)
+        if ((A = BN_CTX_get(ctx)) == NULL)
+                goto end;
+        if ((b = BN_CTX_get(ctx)) == NULL)
+                goto end;
+        if ((q = BN_CTX_get(ctx)) == NULL)
+                goto end;
+        if ((t = BN_CTX_get(ctx)) == NULL)
+                goto end;
+        if ((x = BN_CTX_get(ctx)) == NULL)
+                goto end;
+        if ((y = BN_CTX_get(ctx)) == NULL)
                 goto end;
 
         if (ret == NULL)