BN_POOL_get() can return NULL when OPENSSL_malloc() fails: https://github.com/openssl/openssl/blob/984d6c6052169bcae8010de33f7796e455536d61/crypto/bn/bn_ctx.c#L365-L366
This causes BN_CTX_get() to return NULL: https://github.com/openssl/openssl/blob/984d6c6052169bcae8010de33f7796e455536d61/crypto/bn/bn_ctx.c#L287 In the function dsa_builtin_paramgen, the value returned by BN_CTX_get is not tested before calling BN_lshift which is then called with first argument NULL: https://github.com/openssl/openssl/blob/310115448188415e270bb0bef958c7c130939838/crypto/dsa/dsa_gen.c#L162 This causes a null pointer dereference in BN_lshift(), but it seems the correct fix would be to check the value of test after calling BN_CTX_get() at line 160: https://github.com/openssl/openssl/blob/310115448188415e270bb0bef958c7c130939838/crypto/dsa/dsa_gen.c#L160 ____________________________ It seems that another instance of the same problem in the file dsa_gen.c exists and is more subtle: r0 may be NULL. However BN_bin2bn() accepts NULL as third argument, in which case it tries to allocate a new BN. r0 remains NULL throughout this call: https://github.com/openssl/openssl/blob/310115448188415e270bb0bef958c7c130939838/crypto/dsa/dsa_gen.c#L247 IF THE CALL TO BN_bin2bn at line 247 SUCCEEDS, then r0 (still NULL) is passed to BN_lshift at line 249: https://github.com/openssl/openssl/blob/310115448188415e270bb0bef958c7c130939838/crypto/dsa/dsa_gen.c#L249 Extrapolating, it looks like it would be a good idea to guard all the calls to BN_CTX_get at lines 153-160: https://github.com/openssl/openssl/blob/310115448188415e270bb0bef958c7c130939838/crypto/dsa/dsa_gen.c#L153-L160 _______________________________________________ openssl-bugs-mod mailing list openssl-bugs-...@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev