Fix RSA_X931_derive_ex

In the RSA_X931_derive_ex a call to BN_CTX_new is made. This can return
NULL on error. However the return value is not tested until *after* it is
derefed! Also at the top of the function a test is made to ensure that
|rsa| is not NULL. If it is we go to the "err" label. Unfortunately the
error handling code deref's rsa.

Reviewed-by: Rich Salz <rsalz@openssl.org>

1 files changed, 4 insertions, 5 deletions

diff --git a/crypto/rsa/rsa_x931g.c b/crypto/rsa/rsa_x931g.c
index 74bf197e37..5991615784 100644
--- a/crypto/rsa/rsa_x931g.c
+++ b/crypto/rsa/rsa_x931g.c
@@ -72,14 +72,15 @@ int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1,
 {
     BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL;
     BN_CTX *ctx = NULL, *ctx2 = NULL;
+    int ret = 0;
 
     if (!rsa)
         goto err;
 
     ctx = BN_CTX_new();
-    BN_CTX_start(ctx);
     if (!ctx)
         goto err;
+    BN_CTX_start(ctx);
 
     r0 = BN_CTX_get(ctx);
     r1 = BN_CTX_get(ctx);
@@ -176,6 +177,7 @@ int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1,
     /* calculate inverse of q mod p */
     rsa->iqmp = BN_mod_inverse(NULL, rsa->q, rsa->p, ctx2);
 
+    ret = 1;
  err:
     if (ctx) {
         BN_CTX_end(ctx);
@@ -183,11 +185,8 @@ int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1,
     }
     if (ctx2)
         BN_CTX_free(ctx2);
-    /* If this is set all calls successful */
-    if (rsa->iqmp != NULL)
-        return 1;
 
-    return 0;
+    return ret;
 
 }