Don't leak memory on error in BN_generate_prime_ex

In BN_generate_prime_ex() we do some sanity checks first and return
with an error if they fail. We should do that *before* allocating any
resources to avoid a memory leak.

Reviewed-by: Richard Levitte <levitte@openssl.org>

diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
index a5887d96a8532b859796d1cf7723ebac1e6c949e..e8eafbc34dc825abd12db80e0315c5a69b66adbe 100644 (file)
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -208,9 +208,6 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
     prime_t *mods = NULL;
     int checks = BN_prime_checks_for_size(bits);
 
-    mods = OPENSSL_zalloc(sizeof(*mods) * NUMPRIMES);
-    if (mods == NULL)
-        goto err;
     if (bits < 2) {
         /* There are no prime numbers this small. */
         BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL);
@@ -221,6 +218,10 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
         return 0;
     }
 
+    mods = OPENSSL_zalloc(sizeof(*mods) * NUMPRIMES);
+    if (mods == NULL)
+        goto err;
+
     ctx = BN_CTX_new();
     if (ctx == NULL)
         goto err;