[openssl] master update
tmraz at fedoraproject.org
tmraz at fedoraproject.org
Fri Apr 3 08:43:07 UTC 2020
The branch master has been updated
via 94468c775c8e23dae8549ca15b4f9e0718650b0c (commit)
via 0e8b6c97ba7ac37f5e92f6a24d128b04b5336388 (commit)
from ec4d1b8f8ce2d2ed1c378abfeffaabfda3cc7122 (commit)
- Log -----------------------------------------------------------------
commit 94468c775c8e23dae8549ca15b4f9e0718650b0c
Author: Aaron Thompson <dev at aaront.org>
Date: Tue Mar 31 07:19:16 2020 +0000
Remove an unnecessary call to BN_CTX_free.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11452)
commit 0e8b6c97ba7ac37f5e92f6a24d128b04b5336388
Author: Aaron Thompson <dev at aaront.org>
Date: Tue Mar 31 06:47:58 2020 +0000
Fix bugs in EC code introduced with FIPS changes.
a9612d6c034f47c4788c67d85651d0cd58c3faf7 introduced possible memory leaks in EC_GROUP_cmp and EC_POINTs_mul, and a possible BN_CTX_end without BN_CTX_start in ec_field_inverse_mod_ord.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11452)
-----------------------------------------------------------------------
Summary of changes:
crypto/ec/ec_check.c | 5 ++---
crypto/ec/ec_lib.c | 36 +++++++++++++++++++++---------------
2 files changed, 23 insertions(+), 18 deletions(-)
diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c
index 1283d8404f..a4cc8073de 100644
--- a/crypto/ec/ec_check.c
+++ b/crypto/ec/ec_check.c
@@ -19,12 +19,12 @@
int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only,
BN_CTX *ctx)
{
- int nid = NID_undef;
+ int nid;
BN_CTX *new_ctx = NULL;
if (group == NULL) {
ECerr(0, ERR_R_PASSED_NULL_PARAMETER);
- goto err;
+ return NID_undef;
}
if (ctx == NULL) {
@@ -39,7 +39,6 @@ int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only,
if (nid > 0 && nist_only && EC_curve_nid2nist(nid) == NULL)
nid = NID_undef;
-err:
BN_CTX_free(new_ctx);
return nid;
}
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index 078d8b35fa..5540ec1bc2 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -599,12 +599,7 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
BIGNUM *a1, *a2, *a3, *b1, *b2, *b3;
#ifndef FIPS_MODE
BN_CTX *ctx_new = NULL;
-
- if (ctx == NULL)
- ctx_new = ctx = BN_CTX_new();
#endif
- if (ctx == NULL)
- return -1;
/* compare the field types */
if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) !=
@@ -617,6 +612,13 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
if (a->meth->flags & EC_FLAGS_CUSTOM_CURVE)
return 0;
+#ifndef FIPS_MODE
+ if (ctx == NULL)
+ ctx_new = ctx = BN_CTX_new();
+#endif
+ if (ctx == NULL)
+ return -1;
+
BN_CTX_start(ctx);
a1 = BN_CTX_get(ctx);
a2 = BN_CTX_get(ctx);
@@ -1047,14 +1049,7 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
size_t i = 0;
#ifndef FIPS_MODE
BN_CTX *new_ctx = NULL;
-
- if (ctx == NULL)
- ctx = new_ctx = BN_CTX_secure_new();
#endif
- if (ctx == NULL) {
- ECerr(EC_F_EC_POINTS_MUL, ERR_R_INTERNAL_ERROR);
- return 0;
- }
if ((scalar == NULL) && (num == 0)) {
return EC_POINT_set_to_infinity(group, r);
@@ -1071,6 +1066,15 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
}
}
+#ifndef FIPS_MODE
+ if (ctx == NULL)
+ ctx = new_ctx = BN_CTX_secure_new();
+#endif
+ if (ctx == NULL) {
+ ECerr(EC_F_EC_POINTS_MUL, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
if (group->meth->mul != NULL)
ret = group->meth->mul(group, r, scalar, num, points, scalars, ctx);
else
@@ -1183,16 +1187,18 @@ static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r,
int ret = 0;
#ifndef FIPS_MODE
BN_CTX *new_ctx = NULL;
+#endif
+
+ if (group->mont_data == NULL)
+ return 0;
+#ifndef FIPS_MODE
if (ctx == NULL)
ctx = new_ctx = BN_CTX_secure_new();
#endif
if (ctx == NULL)
return 0;
- if (group->mont_data == NULL)
- goto err;
-
BN_CTX_start(ctx);
if ((e = BN_CTX_get(ctx)) == NULL)
goto err;
More information about the openssl-commits
mailing list