diff options
author | Agustin Gianni <agustingianni@gmail.com> | 2021-01-08 16:04:05 +0100 |
---|---|---|
committer | Tomas Mraz <tmraz@fedoraproject.org> | 2021-01-13 10:35:27 +0100 |
commit | 48116c2d0fbb1db875e2bc703c08089bf3c5c5c3 (patch) | |
tree | b9e4c9474bb26c9f32db06c3ffbf5ae6164b0f29 /crypto/bn/bn_sqrt.c | |
parent | 1dccccf33351a732dac3c700b2de05d34f708e33 (diff) |
Fix incorrect use of BN_CTX API
In some edge cases BN_CTX_end was being called without first calling
BN_CTX_start. This creates a situation where the state of the big
number allocator is corrupted and may lead to crashes.
Fixes #13812
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13813)
Diffstat (limited to 'crypto/bn/bn_sqrt.c')
-rw-r--r-- | crypto/bn/bn_sqrt.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c index e323a7f7ab..e0b21ab575 100644 --- a/crypto/bn/bn_sqrt.c +++ b/crypto/bn/bn_sqrt.c @@ -22,6 +22,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) int r; BIGNUM *A, *b, *q, *t, *x, *y; int e, i, j; + int used_ctx = 0; if (!BN_is_odd(p) || BN_abs_is_word(p, 1)) { if (BN_abs_is_word(p, 2)) { @@ -57,6 +58,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) } BN_CTX_start(ctx); + used_ctx = 1; A = BN_CTX_get(ctx); b = BN_CTX_get(ctx); q = BN_CTX_get(ctx); @@ -353,7 +355,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) BN_clear_free(ret); ret = NULL; } - BN_CTX_end(ctx); + if (used_ctx) + BN_CTX_end(ctx); bn_check_top(ret); return ret; } |