From d873fdce8c0f766ae04ec8b5987f13dd992d2b96 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Thu, 1 Dec 2022 02:58:31 +0000
Subject: BN_one() can fail, check its return value.

ok tb@
---
 src/lib/libcrypto/bn/bn_gcd.c        | 11 +++++++----
 src/lib/libcrypto/gost/gostr341001.c | 14 +++++++++-----
 2 files changed, 16 insertions(+), 9 deletions(-)

(limited to 'src')

diff --git a/src/lib/libcrypto/bn/bn_gcd.c b/src/lib/libcrypto/bn/bn_gcd.c
index 4661b35571..f3a23701b1 100644
--- a/src/lib/libcrypto/bn/bn_gcd.c
+++ b/src/lib/libcrypto/bn/bn_gcd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_gcd.c,v 1.18 2022/11/26 16:08:51 tb Exp $ */
+/* $OpenBSD: bn_gcd.c,v 1.19 2022/12/01 02:58:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -277,7 +277,8 @@ BN_mod_inverse_internal(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, BN_CTX *ct
 	if (R == NULL)
 		goto err;
 
-	BN_one(X);
+	if (!BN_one(X))
+		goto err;
 	BN_zero(Y);
 	if (BN_copy(B, a) == NULL)
 		goto err;
@@ -591,7 +592,8 @@ BN_mod_inverse_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n,
 	if (R == NULL)
 		goto err;
 
-	BN_one(X);
+	if (!BN_one(X))
+		goto err;
 	BN_zero(Y);
 	if (BN_copy(B, a) == NULL)
 		goto err;
@@ -755,7 +757,8 @@ BN_gcd_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n,
 	if ((T = BN_CTX_get(ctx)) == NULL)
 		goto err;
 
-	BN_one(X);
+	if (!BN_one(X))
+		goto err;
 	BN_zero(Y);
 	if (BN_copy(B, a) == NULL)
 		goto err;
diff --git a/src/lib/libcrypto/gost/gostr341001.c b/src/lib/libcrypto/gost/gostr341001.c
index 13f053dae8..79fddb11b0 100644
--- a/src/lib/libcrypto/gost/gostr341001.c
+++ b/src/lib/libcrypto/gost/gostr341001.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gostr341001.c,v 1.10 2022/11/26 16:08:53 tb Exp $ */
+/* $OpenBSD: gostr341001.c,v 1.11 2022/12/01 02:58:31 jsing Exp $ */
 /*
  * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
  * Copyright (c) 2005-2006 Cryptocom LTD
@@ -178,8 +178,10 @@ gost2001_do_sign(BIGNUM *md, GOST_KEY *eckey)
 		goto err;
 	if (BN_mod_ct(e, md, order, ctx) == 0)
 		goto err;
-	if (BN_is_zero(e))
-		BN_one(e);
+	if (BN_is_zero(e)) {
+		if (!BN_one(e))
+			goto err;
+	}
 	if ((k = BN_CTX_get(ctx)) == NULL)
 		goto err;
 	if ((X = BN_CTX_get(ctx)) == NULL)
@@ -289,8 +291,10 @@ gost2001_do_verify(BIGNUM *md, ECDSA_SIG *sig, GOST_KEY *ec)
 
 	if (BN_mod_ct(e, md, order, ctx) == 0)
 		goto err;
-	if (BN_is_zero(e))
-		BN_one(e);
+	if (BN_is_zero(e)) {
+		if (!BN_one(e))
+			goto err;
+	}
 	if ((v = BN_mod_inverse_ct(v, e, order, ctx)) == NULL)
 		goto err;
 	if (BN_mod_mul(z1, sig->s, v, order, ctx) == 0)
-- 
cgit v1.2.3-55-g6feb