BN_CTX_get() can fail - consistently check its return value.

There are currently cases where the return from each call is checked,
the return from only the last call is checked and cases where it is not
checked at all (including code in bn, ec and engine).

Checking the last return value is valid as once the function fails it will
continue to return NULL. However, in order to be consistent check each
call with the same idiom. This makes it easy to verify.

Note there are still a handful of cases that do not follow the idiom -
these will be handled separately.

ok beck@ doug@

8 files changed, 165 insertions, 127 deletions

diff --git a/src/lib/libcrypto/ec/ec2_mult.c b/src/lib/libcrypto/ec/ec2_mult.c
index dd113907be..8f0091efe1 100644
--- a/src/lib/libcrypto/ec/ec2_mult.c
+++ b/src/lib/libcrypto/ec/ec2_mult.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec2_mult.c,v 1.6 2015/02/08 22:25:03 miod Exp $ */
+/* $OpenBSD: ec2_mult.c,v 1.7 2015/02/09 15:49:22 jsing Exp $ */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  *
@@ -91,8 +91,7 @@ gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, BN_CTX *ctx)
 
         /* Since Mdouble is static we can guarantee that ctx != NULL. */
         BN_CTX_start(ctx);
-        t1 = BN_CTX_get(ctx);
-        if (t1 == NULL)
+        if ((t1 = BN_CTX_get(ctx)) == NULL)
                 goto err;
 
         if (!group->meth->field_sqr(group, x, x, ctx))
@@ -132,9 +131,9 @@ gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, BIGNUM *z1,
 
         /* Since Madd is static we can guarantee that ctx != NULL. */
         BN_CTX_start(ctx);
-        t1 = BN_CTX_get(ctx);
-        t2 = BN_CTX_get(ctx);
-        if (t2 == NULL)
+        if ((t1 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((t2 = BN_CTX_get(ctx)) == NULL)
                 goto err;
 
         if (!BN_copy(t1, x))
@@ -191,10 +190,11 @@ gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIGNUM *x1,
         }
         /* Since Mxy is static we can guarantee that ctx != NULL. */
         BN_CTX_start(ctx);
-        t3 = BN_CTX_get(ctx);
-        t4 = BN_CTX_get(ctx);
-        t5 = BN_CTX_get(ctx);
-        if (t5 == NULL)
+        if ((t3 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((t4 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((t5 = BN_CTX_get(ctx)) == NULL)
                 goto err;
 
         if (!BN_one(t5))
@@ -281,9 +281,9 @@ ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r,
 
         /* Since point_multiply is static we can guarantee that ctx != NULL. */
         BN_CTX_start(ctx);
-        x1 = BN_CTX_get(ctx);
-        z1 = BN_CTX_get(ctx);
-        if (z1 == NULL)
+        if ((x1 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((z1 = BN_CTX_get(ctx)) == NULL)
                 goto err;
 
         x2 = &r->X;
diff --git a/src/lib/libcrypto/ec/ec2_oct.c b/src/lib/libcrypto/ec/ec2_oct.c
index c45d9c2219..72690b1bc7 100644
--- a/src/lib/libcrypto/ec/ec2_oct.c
+++ b/src/lib/libcrypto/ec/ec2_oct.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec2_oct.c,v 1.6 2015/02/08 22:25:03 miod Exp $ */
+/* $OpenBSD: ec2_oct.c,v 1.7 2015/02/09 15:49:22 jsing Exp $ */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  *
@@ -109,11 +109,13 @@ ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point
         y_bit = (y_bit != 0) ? 1 : 0;
 
         BN_CTX_start(ctx);
-        tmp = BN_CTX_get(ctx);
-        x = BN_CTX_get(ctx);
-        y = BN_CTX_get(ctx);
-        z = BN_CTX_get(ctx);
-        if (z == NULL)
+        if ((tmp = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((x = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((y = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((z = BN_CTX_get(ctx)) == NULL)
                 goto err;
 
         if (!BN_GF2m_mod_arr(x, x_, group->poly))
@@ -212,10 +214,11 @@ ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
                 }
                 BN_CTX_start(ctx);
                 used_ctx = 1;
-                x = BN_CTX_get(ctx);
-                y = BN_CTX_get(ctx);
-                yxi = BN_CTX_get(ctx);
-                if (yxi == NULL)
+                if ((x = BN_CTX_get(ctx)) == NULL)
+                        goto err;
+                if ((y = BN_CTX_get(ctx)) == NULL)
+                        goto err;
+                if ((yxi = BN_CTX_get(ctx)) == NULL)
                         goto err;
 
                 if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx))
@@ -329,10 +332,11 @@ ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
                         return 0;
         }
         BN_CTX_start(ctx);
-        x = BN_CTX_get(ctx);
-        y = BN_CTX_get(ctx);
-        yxi = BN_CTX_get(ctx);
-        if (yxi == NULL)
+        if ((x = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((y = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((yxi = BN_CTX_get(ctx)) == NULL)
                 goto err;
 
         if (!BN_bin2bn(buf + 1, field_len, x))
diff --git a/src/lib/libcrypto/ec/ec2_smpl.c b/src/lib/libcrypto/ec/ec2_smpl.c
index b9c066c5c1..43f0afd5ae 100644
--- a/src/lib/libcrypto/ec/ec2_smpl.c
+++ b/src/lib/libcrypto/ec/ec2_smpl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec2_smpl.c,v 1.13 2015/02/08 22:25:03 miod Exp $ */
+/* $OpenBSD: ec2_smpl.c,v 1.14 2015/02/09 15:49:22 jsing Exp $ */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  *
@@ -291,8 +291,7 @@ ec_GF2m_simple_group_check_discriminant(const EC_GROUP * group, BN_CTX * ctx)
                 }
         }
         BN_CTX_start(ctx);
-        b = BN_CTX_get(ctx);
-        if (b == NULL)
+        if ((b = BN_CTX_get(ctx)) == NULL)
                 goto err;
 
         if (!BN_GF2m_mod_arr(b, &group->b, group->poly))
@@ -464,15 +463,21 @@ ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
                         return 0;
         }
         BN_CTX_start(ctx);
-        x0 = BN_CTX_get(ctx);
-        y0 = BN_CTX_get(ctx);
-        x1 = BN_CTX_get(ctx);
-        y1 = BN_CTX_get(ctx);
-        x2 = BN_CTX_get(ctx);
-        y2 = BN_CTX_get(ctx);
-        s = BN_CTX_get(ctx);
-        t = BN_CTX_get(ctx);
-        if (t == NULL)
+        if ((x0 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((y0 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((x1 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((y1 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((x2 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((y2 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((s = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((t = BN_CTX_get(ctx)) == NULL)
                 goto err;
 
         if (a->Z_is_one) {
@@ -611,9 +616,9 @@ ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX
                         return -1;
         }
         BN_CTX_start(ctx);
-        y2 = BN_CTX_get(ctx);
-        lh = BN_CTX_get(ctx);
-        if (lh == NULL)
+        if ((y2 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((lh = BN_CTX_get(ctx)) == NULL)
                 goto err;
 
         /*
@@ -651,7 +656,8 @@ err:
  *   1   not equal
  */
 int 
-ec_GF2m_simple_cmp(const EC_GROUP * group, const EC_POINT * a, const EC_POINT * b, BN_CTX * ctx)
+ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
+    const EC_POINT *b, BN_CTX *ctx)
 {
         BIGNUM *aX, *aY, *bX, *bY;
         BN_CTX *new_ctx = NULL;
@@ -672,11 +678,13 @@ ec_GF2m_simple_cmp(const EC_GROUP * group, const EC_POINT * a, const EC_POINT *
                         return -1;
         }
         BN_CTX_start(ctx);
-        aX = BN_CTX_get(ctx);
-        aY = BN_CTX_get(ctx);
-        bX = BN_CTX_get(ctx);
-        bY = BN_CTX_get(ctx);
-        if (bY == NULL)
+        if ((aX = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((aY = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((bX = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((bY = BN_CTX_get(ctx)) == NULL)
                 goto err;
 
         if (!EC_POINT_get_affine_coordinates_GF2m(group, a, aX, aY, ctx))
@@ -710,9 +718,9 @@ ec_GF2m_simple_make_affine(const EC_GROUP * group, EC_POINT * point, BN_CTX * ct
                         return 0;
         }
         BN_CTX_start(ctx);
-        x = BN_CTX_get(ctx);
-        y = BN_CTX_get(ctx);
-        if (y == NULL)
+        if ((x = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((y = BN_CTX_get(ctx)) == NULL)
                 goto err;
 
         if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx))
diff --git a/src/lib/libcrypto/ec/ec_key.c b/src/lib/libcrypto/ec/ec_key.c
index f9904b4ee9..45192c3231 100644
--- a/src/lib/libcrypto/ec/ec_key.c
+++ b/src/lib/libcrypto/ec/ec_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_key.c,v 1.10 2015/02/08 22:25:03 miod Exp $ */
+/* $OpenBSD: ec_key.c,v 1.11 2015/02/09 15:49:22 jsing Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project.
  */
@@ -359,8 +359,11 @@ EC_KEY_set_public_key_affine_coordinates(EC_KEY * key, BIGNUM * x, BIGNUM * y)
         if (tmp_nid == NID_X9_62_characteristic_two_field)
                 is_char_two = 1;
 
-        tx = BN_CTX_get(ctx);
-        ty = BN_CTX_get(ctx);
+        if ((tx = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((ty = BN_CTX_get(ctx)) == NULL)
+                goto err;
+
 #ifndef OPENSSL_NO_EC2M
         if (is_char_two) {
                 if (!EC_POINT_set_affine_coordinates_GF2m(key->group, point,
diff --git a/src/lib/libcrypto/ec/ec_lib.c b/src/lib/libcrypto/ec/ec_lib.c
index 47ccc614d1..8cf0f2241e 100644
--- a/src/lib/libcrypto/ec/ec_lib.c
+++ b/src/lib/libcrypto/ec/ec_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_lib.c,v 1.15 2014/07/12 16:03:37 miod Exp $ */
+/* $OpenBSD: ec_lib.c,v 1.16 2015/02/09 15:49:22 jsing Exp $ */
 /*
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
@@ -497,18 +497,19 @@ EC_GROUP_cmp(const EC_GROUP * a, const EC_GROUP * b, BN_CTX * ctx)
                 return -1;
 
         BN_CTX_start(ctx);
-        a1 = BN_CTX_get(ctx);
-        a2 = BN_CTX_get(ctx);
-        a3 = BN_CTX_get(ctx);
-        b1 = BN_CTX_get(ctx);
-        b2 = BN_CTX_get(ctx);
-        b3 = BN_CTX_get(ctx);
-        if (!b3) {
-                BN_CTX_end(ctx);
-                if (ctx_new)
-                        BN_CTX_free(ctx);
-                return -1;
-        }
+        if ((a1 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((a2 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((a3 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((b1 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((b2 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((b3 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+
         /*
          * XXX This approach assumes that the external representation of
          * curves over the same field type is the same.
@@ -544,6 +545,12 @@ EC_GROUP_cmp(const EC_GROUP * a, const EC_GROUP * b, BN_CTX * ctx)
                 BN_CTX_free(ctx);
 
         return r;
+
+err:
+        BN_CTX_end(ctx);
+        if (ctx_new)
+                BN_CTX_free(ctx);
+        return -1;
 }
 
 
diff --git a/src/lib/libcrypto/ec/ec_mult.c b/src/lib/libcrypto/ec/ec_mult.c
index 9e3aee13a2..e711413598 100644
--- a/src/lib/libcrypto/ec/ec_mult.c
+++ b/src/lib/libcrypto/ec/ec_mult.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_mult.c,v 1.16 2015/02/07 13:19:15 doug Exp $ */
+/* $OpenBSD: ec_mult.c,v 1.17 2015/02/09 15:49:22 jsing Exp $ */
 /*
  * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project.
  */
@@ -753,8 +753,7 @@ ec_wNAF_precompute_mult(EC_GROUP * group, BN_CTX * ctx)
                         goto err;
         }
         BN_CTX_start(ctx);
-        order = BN_CTX_get(ctx);
-        if (order == NULL)
+        if ((order = BN_CTX_get(ctx)) == NULL)
                 goto err;
 
         if (!EC_GROUP_get_order(group, order, ctx))
diff --git a/src/lib/libcrypto/ec/ecp_oct.c b/src/lib/libcrypto/ec/ecp_oct.c
index abc31e6382..994f0b08b1 100644
--- a/src/lib/libcrypto/ec/ecp_oct.c
+++ b/src/lib/libcrypto/ec/ecp_oct.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecp_oct.c,v 1.6 2015/02/08 22:25:03 miod Exp $ */
+/* $OpenBSD: ecp_oct.c,v 1.7 2015/02/09 15:49:22 jsing Exp $ */
 /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
  * for the OpenSSL project.
  * Includes code written by Bodo Moeller for the OpenSSL project.
@@ -67,8 +67,8 @@
 #include "ec_lcl.h"
 
 int 
-ec_GFp_simple_set_compressed_coordinates(const EC_GROUP * group, EC_POINT * point,
-    const BIGNUM * x_, int y_bit, BN_CTX * ctx)
+ec_GFp_simple_set_compressed_coordinates(const EC_GROUP * group,
+    EC_POINT * point, const BIGNUM * x_, int y_bit, BN_CTX * ctx)
 {
         BN_CTX *new_ctx = NULL;
         BIGNUM *tmp1, *tmp2, *x, *y;
@@ -85,11 +85,13 @@ ec_GFp_simple_set_compressed_coordinates(const EC_GROUP * group, EC_POINT * poin
         y_bit = (y_bit != 0);
 
         BN_CTX_start(ctx);
-        tmp1 = BN_CTX_get(ctx);
-        tmp2 = BN_CTX_get(ctx);
-        x = BN_CTX_get(ctx);
-        y = BN_CTX_get(ctx);
-        if (y == NULL)
+        if ((tmp1 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((tmp2 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((x = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((y = BN_CTX_get(ctx)) == NULL)
                 goto err;
 
         /*
@@ -239,9 +241,9 @@ ec_GFp_simple_point2oct(const EC_GROUP * group, const EC_POINT * point, point_co
                 }
                 BN_CTX_start(ctx);
                 used_ctx = 1;
-                x = BN_CTX_get(ctx);
-                y = BN_CTX_get(ctx);
-                if (y == NULL)
+                if ((x = BN_CTX_get(ctx)) == NULL)
+                        goto err;
+                if ((y = BN_CTX_get(ctx)) == NULL)
                         goto err;
 
                 if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx))
@@ -348,9 +350,9 @@ ec_GFp_simple_oct2point(const EC_GROUP * group, EC_POINT * point,
                         return 0;
         }
         BN_CTX_start(ctx);
-        x = BN_CTX_get(ctx);
-        y = BN_CTX_get(ctx);
-        if (y == NULL)
+        if ((x = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((y = BN_CTX_get(ctx)) == NULL)
                 goto err;
 
         if (!BN_bin2bn(buf + 1, field_len, x))
diff --git a/src/lib/libcrypto/ec/ecp_smpl.c b/src/lib/libcrypto/ec/ecp_smpl.c
index 7b3bb2364d..f6db4dc9b1 100644
--- a/src/lib/libcrypto/ec/ecp_smpl.c
+++ b/src/lib/libcrypto/ec/ecp_smpl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecp_smpl.c,v 1.14 2015/02/08 22:25:03 miod Exp $ */
+/* $OpenBSD: ecp_smpl.c,v 1.15 2015/02/09 15:49:22 jsing Exp $ */
 /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
  * for the OpenSSL project.
  * Includes code written by Bodo Moeller for the OpenSSL project.
@@ -188,8 +188,7 @@ ec_GFp_simple_group_set_curve(EC_GROUP * group,
                         return 0;
         }
         BN_CTX_start(ctx);
-        tmp_a = BN_CTX_get(ctx);
-        if (tmp_a == NULL)
+        if ((tmp_a = BN_CTX_get(ctx)) == NULL)
                 goto err;
 
         /* group->field */
@@ -294,12 +293,15 @@ ec_GFp_simple_group_check_discriminant(const EC_GROUP * group, BN_CTX * ctx)
                 }
         }
         BN_CTX_start(ctx);
-        a = BN_CTX_get(ctx);
-        b = BN_CTX_get(ctx);
-        tmp_1 = BN_CTX_get(ctx);
-        tmp_2 = BN_CTX_get(ctx);
-        order = BN_CTX_get(ctx);
-        if (order == NULL)
+        if ((a = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((b = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((tmp_1 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((tmp_2 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((order = BN_CTX_get(ctx)) == NULL)
                 goto err;
 
         if (group->meth->field_decode) {
@@ -539,11 +541,13 @@ ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP * group, const EC_POIN
                         return 0;
         }
         BN_CTX_start(ctx);
-        Z = BN_CTX_get(ctx);
-        Z_1 = BN_CTX_get(ctx);
-        Z_2 = BN_CTX_get(ctx);
-        Z_3 = BN_CTX_get(ctx);
-        if (Z_3 == NULL)
+        if ((Z = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((Z_1 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((Z_2 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((Z_3 = BN_CTX_get(ctx)) == NULL)
                 goto err;
 
         /* transform  (X, Y, Z)  into  (x, y) := (X/Z^2, Y/Z^3) */
@@ -652,14 +656,19 @@ ec_GFp_simple_add(const EC_GROUP * group, EC_POINT * r, const EC_POINT * a, cons
                         return 0;
         }
         BN_CTX_start(ctx);
-        n0 = BN_CTX_get(ctx);
-        n1 = BN_CTX_get(ctx);
-        n2 = BN_CTX_get(ctx);
-        n3 = BN_CTX_get(ctx);
-        n4 = BN_CTX_get(ctx);
-        n5 = BN_CTX_get(ctx);
-        n6 = BN_CTX_get(ctx);
-        if (n6 == NULL)
+        if ((n0 = BN_CTX_get(ctx)) == NULL)
+                goto end;
+        if ((n1 = BN_CTX_get(ctx)) == NULL)
+                goto end;
+        if ((n2 = BN_CTX_get(ctx)) == NULL)
+                goto end;
+        if ((n3 = BN_CTX_get(ctx)) == NULL)
+                goto end;
+        if ((n4 = BN_CTX_get(ctx)) == NULL)
+                goto end;
+        if ((n5 = BN_CTX_get(ctx)) == NULL)
+                goto end;
+        if ((n6 = BN_CTX_get(ctx)) == NULL)
                 goto end;
 
         /*
@@ -834,11 +843,13 @@ ec_GFp_simple_dbl(const EC_GROUP * group, EC_POINT * r, const EC_POINT * a, BN_C
                         return 0;
         }
         BN_CTX_start(ctx);
-        n0 = BN_CTX_get(ctx);
-        n1 = BN_CTX_get(ctx);
-        n2 = BN_CTX_get(ctx);
-        n3 = BN_CTX_get(ctx);
-        if (n3 == NULL)
+        if ((n0 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((n1 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((n2 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((n3 = BN_CTX_get(ctx)) == NULL)
                 goto err;
 
         /*
@@ -990,11 +1001,13 @@ ec_GFp_simple_is_on_curve(const EC_GROUP * group, const EC_POINT * point, BN_CTX
                         return -1;
         }
         BN_CTX_start(ctx);
-        rh = BN_CTX_get(ctx);
-        tmp = BN_CTX_get(ctx);
-        Z4 = BN_CTX_get(ctx);
-        Z6 = BN_CTX_get(ctx);
-        if (Z6 == NULL)
+        if ((rh = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((tmp = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((Z4 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((Z6 = BN_CTX_get(ctx)) == NULL)
                 goto err;
 
         /*
@@ -1101,11 +1114,13 @@ ec_GFp_simple_cmp(const EC_GROUP * group, const EC_POINT * a, const EC_POINT * b
                         return -1;
         }
         BN_CTX_start(ctx);
-        tmp1 = BN_CTX_get(ctx);
-        tmp2 = BN_CTX_get(ctx);
-        Za23 = BN_CTX_get(ctx);
-        Zb23 = BN_CTX_get(ctx);
-        if (Zb23 == NULL)
+        if ((tmp1 = BN_CTX_get(ctx)) == NULL)
+                goto end;
+        if ((tmp2 = BN_CTX_get(ctx)) == NULL)
+                goto end;
+        if ((Za23 = BN_CTX_get(ctx)) == NULL)
+                goto end;
+        if ((Zb23 = BN_CTX_get(ctx)) == NULL)
                 goto end;
 
         /*
@@ -1184,9 +1199,9 @@ ec_GFp_simple_make_affine(const EC_GROUP * group, EC_POINT * point, BN_CTX * ctx
                         return 0;
         }
         BN_CTX_start(ctx);
-        x = BN_CTX_get(ctx);
-        y = BN_CTX_get(ctx);
-        if (y == NULL)
+        if ((x = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((y = BN_CTX_get(ctx)) == NULL)
                 goto err;
 
         if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx))
@@ -1225,9 +1240,9 @@ ec_GFp_simple_points_make_affine(const EC_GROUP * group, size_t num, EC_POINT *
                         return 0;
         }
         BN_CTX_start(ctx);
-        tmp0 = BN_CTX_get(ctx);
-        tmp1 = BN_CTX_get(ctx);
-        if (tmp0 == NULL || tmp1 == NULL)
+        if ((tmp0 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((tmp1 = BN_CTX_get(ctx)) == NULL)
                 goto err;
 
         /*