Fix incorrect use of BN_CTX API

In some edge cases BN_CTX_end was being called without first calling BN_CTX_start. This creates a situation where the state of the big number allocator is corrupted and may lead to crashes. Fixes #13812 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13813)
author: Agustin Gianni <agustingianni@gmail.com> 2021-01-08 16:04:05 +0100
committer: Tomas Mraz <tmraz@fedoraproject.org> 2021-01-13 10:35:27 +0100
commit: 48116c2d0fbb1db875e2bc703c08089bf3c5c5c3 (patch)
tree: b9e4c9474bb26c9f32db06c3ffbf5ae6164b0f29 /crypto/ec
parent: 1dccccf33351a732dac3c700b2de05d34f708e33 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
index 87b9eab604..98bcab2321 100644
--- a/crypto/ec/ec_mult.c
+++ b/crypto/ec/ec_mult.c
@@ -835,6 +835,7 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
     EC_POINT **points = NULL;
     EC_PRE_COMP *pre_comp;
     int ret = 0;
+    int used_ctx = 0;
 #ifndef FIPS_MODULE
     BN_CTX *new_ctx = NULL;
 #endif
@@ -858,6 +859,7 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
         goto err;
 
     BN_CTX_start(ctx);
+    used_ctx = 1;
 
     order = EC_GROUP_get0_order(group);
     if (order == NULL)
@@ -967,7 +969,8 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
     ret = 1;
 
  err:
-    BN_CTX_end(ctx);
+    if (used_ctx)
+        BN_CTX_end(ctx);
 #ifndef FIPS_MODULE
     BN_CTX_free(new_ctx);
 #endif
author	Agustin Gianni <agustingianni@gmail.com>	2021-01-08 16:04:05 +0100
committer	Tomas Mraz <tmraz@fedoraproject.org>	2021-01-13 10:35:27 +0100
commit	48116c2d0fbb1db875e2bc703c08089bf3c5c5c3 (patch)
tree	b9e4c9474bb26c9f32db06c3ffbf5ae6164b0f29 /crypto/ec
parent	1dccccf33351a732dac3c700b2de05d34f708e33 (diff)