From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Tue, 13 Jun 2017 20:34:30 +0000 (+0200)
Subject: Fix possible crash in X931 code.
X-Git-Tag: OpenSSL_1_1_0g~174
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=48dd11a8c100988caf5c5a2fe5b66db6e86a83f4;p=openssl

Fix possible crash in X931 code.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3675)
(cherry picked from commit 5419dadd4bd1f7abbfa23326ca766d2c143f257c)
---

diff --git a/crypto/bn/bn_x931p.c b/crypto/bn/bn_x931p.c
index 40734cb2f6..8bfbcac6a4 100644
--- a/crypto/bn/bn_x931p.c
+++ b/crypto/bn/bn_x931p.c
@@ -178,6 +178,8 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
 
     BN_CTX_start(ctx);
     t = BN_CTX_get(ctx);
+    if (t == NULL)
+        goto err;
 
     for (i = 0; i < 1000; i++) {
         if (!BN_rand(Xq, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY))
@@ -216,10 +218,12 @@ int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
     int ret = 0;
 
     BN_CTX_start(ctx);
-    if (!Xp1)
+    if (Xp1 == NULL)
         Xp1 = BN_CTX_get(ctx);
-    if (!Xp2)
+    if (Xp2 == NULL)
         Xp2 = BN_CTX_get(ctx);
+    if (Xp1 == NULL || Xp2 == NULL)
+        goto error;
 
     if (!BN_rand(Xp1, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
         goto error;
diff --git a/crypto/rsa/rsa_x931g.c b/crypto/rsa/rsa_x931g.c
index 9dd993fbc0..877ee2219c 100644
--- a/crypto/rsa/rsa_x931g.c
+++ b/crypto/rsa/rsa_x931g.c
@@ -153,6 +153,8 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e,
     BN_CTX_start(ctx);
     Xp = BN_CTX_get(ctx);
     Xq = BN_CTX_get(ctx);
+    if (Xq == NULL)
+        goto error;
     if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx))
         goto error;