From 45f33e931e554ae97413395258efc61c185a8508 Mon Sep 17 00:00:00 2001
From: doug <>
Date: Sun, 15 Feb 2015 22:29:02 +0000
Subject: Avoid calling BN_CTX_end() on a context that wasn't started.

In dsa_builtin_paramgen(), if BN_MONT_CTX_new() fails, the BN_CTX_new()
call above it will have allocated a ctx without calling BN_CTX_start() on
it.  The error handling calls BN_CTX_end() when ctx is allocated.

Move the BN_MONT_CTX_new() call up so it will fail first without splitting
up the BN_CTX_new() and BN_CTX_start().

tweak + ok miod@, ok bcook@
---
 src/lib/libcrypto/dsa/dsa_gen.c         | 8 ++++----
 src/lib/libssl/src/crypto/dsa/dsa_gen.c | 8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c
index c1664d5f8a..73ae485349 100644
--- a/src/lib/libcrypto/dsa/dsa_gen.c
+++ b/src/lib/libcrypto/dsa/dsa_gen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_gen.c,v 1.19 2015/02/15 08:48:24 miod Exp $ */
+/* $OpenBSD: dsa_gen.c,v 1.20 2015/02/15 22:29:02 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -139,13 +139,13 @@ dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, const EVP_MD *evpmd,
 	if (seed_in != NULL)
 		memcpy(seed, seed_in, seed_len);
 
-	if ((ctx=BN_CTX_new()) == NULL)
-		goto err;
-
 	if ((mont=BN_MONT_CTX_new()) == NULL)
 		goto err;
 
+	if ((ctx=BN_CTX_new()) == NULL)
+		goto err;
 	BN_CTX_start(ctx);
+
 	if ((r0 = BN_CTX_get(ctx)) == NULL)
 		goto err;
 	if ((g = BN_CTX_get(ctx)) == NULL)
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_gen.c b/src/lib/libssl/src/crypto/dsa/dsa_gen.c
index c1664d5f8a..73ae485349 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_gen.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_gen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_gen.c,v 1.19 2015/02/15 08:48:24 miod Exp $ */
+/* $OpenBSD: dsa_gen.c,v 1.20 2015/02/15 22:29:02 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -139,13 +139,13 @@ dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, const EVP_MD *evpmd,
 	if (seed_in != NULL)
 		memcpy(seed, seed_in, seed_len);
 
-	if ((ctx=BN_CTX_new()) == NULL)
-		goto err;
-
 	if ((mont=BN_MONT_CTX_new()) == NULL)
 		goto err;
 
+	if ((ctx=BN_CTX_new()) == NULL)
+		goto err;
 	BN_CTX_start(ctx);
+
 	if ((r0 = BN_CTX_get(ctx)) == NULL)
 		goto err;
 	if ((g = BN_CTX_get(ctx)) == NULL)
-- 
cgit v1.2.3-55-g6feb