From: Aaron Thompson <dev@aaront.org>
Date: Tue, 31 Mar 2020 06:47:58 +0000 (+0000)
Subject: Fix bugs in EC code introduced with FIPS changes.
X-Git-Tag: openssl-3.0.0-alpha1~165
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=0e8b6c97ba7ac37f5e92f6a24d128b04b5336388;hp=ec4d1b8f8ce2d2ed1c378abfeffaabfda3cc7122

Fix bugs in EC code introduced with FIPS changes.

a9612d6c034f47c4788c67d85651d0cd58c3faf7 introduced possible memory leaks in EC_GROUP_cmp and EC_POINTs_mul, and a possible BN_CTX_end without BN_CTX_start in ec_field_inverse_mod_ord.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11452)
---

diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index 078d8b35fa..5540ec1bc2 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -599,12 +599,7 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
     BIGNUM *a1, *a2, *a3, *b1, *b2, *b3;
 #ifndef FIPS_MODE
     BN_CTX *ctx_new = NULL;
-
-    if (ctx == NULL)
-        ctx_new = ctx = BN_CTX_new();
 #endif
-    if (ctx == NULL)
-        return -1;
 
     /* compare the field types */
     if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) !=
@@ -617,6 +612,13 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
     if (a->meth->flags & EC_FLAGS_CUSTOM_CURVE)
         return 0;
 
+#ifndef FIPS_MODE
+    if (ctx == NULL)
+        ctx_new = ctx = BN_CTX_new();
+#endif
+    if (ctx == NULL)
+        return -1;
+
     BN_CTX_start(ctx);
     a1 = BN_CTX_get(ctx);
     a2 = BN_CTX_get(ctx);
@@ -1047,14 +1049,7 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
     size_t i = 0;
 #ifndef FIPS_MODE
     BN_CTX *new_ctx = NULL;
-
-    if (ctx == NULL)
-        ctx = new_ctx = BN_CTX_secure_new();
 #endif
-    if (ctx == NULL) {
-        ECerr(EC_F_EC_POINTS_MUL, ERR_R_INTERNAL_ERROR);
-        return 0;
-    }
 
     if ((scalar == NULL) && (num == 0)) {
         return EC_POINT_set_to_infinity(group, r);
@@ -1071,6 +1066,15 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
         }
     }
 
+#ifndef FIPS_MODE
+    if (ctx == NULL)
+        ctx = new_ctx = BN_CTX_secure_new();
+#endif
+    if (ctx == NULL) {
+        ECerr(EC_F_EC_POINTS_MUL, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
     if (group->meth->mul != NULL)
         ret = group->meth->mul(group, r, scalar, num, points, scalars, ctx);
     else
@@ -1183,16 +1187,18 @@ static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r,
     int ret = 0;
 #ifndef FIPS_MODE
     BN_CTX *new_ctx = NULL;
+#endif
+
+    if (group->mont_data == NULL)
+        return 0;
 
+#ifndef FIPS_MODE
     if (ctx == NULL)
         ctx = new_ctx = BN_CTX_secure_new();
 #endif
     if (ctx == NULL)
         return 0;
 
-    if (group->mont_data == NULL)
-        goto err;
-
     BN_CTX_start(ctx);
     if ((e = BN_CTX_get(ctx)) == NULL)
         goto err;