Avoid calling BN_CTX_end() on a context that wasn't started.

In dsa_builtin_paramgen(), if BN_MONT_CTX_new() fails, the BN_CTX_new()
call above it will have allocated a ctx without calling BN_CTX_start() on
it.  The error handling calls BN_CTX_end() when ctx is allocated.

Move the BN_MONT_CTX_new() call up so it will fail first without splitting
up the BN_CTX_new() and BN_CTX_start().

tweak + ok miod@, ok bcook@

1 files changed, 4 insertions, 4 deletions

diff --git a/lib/libssl/src/crypto/dsa/dsa_gen.c b/lib/libssl/src/crypto/dsa/dsa_gen.c
index c1664d5f8aa..73ae4853493 100644
--- a/lib/libssl/src/crypto/dsa/dsa_gen.c
+++ b/lib/libssl/src/crypto/dsa/dsa_gen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_gen.c,v 1.19 2015/02/15 08:48:24 miod Exp $ */
+/* $OpenBSD: dsa_gen.c,v 1.20 2015/02/15 22:29:02 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -139,13 +139,13 @@ dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, const EVP_MD *evpmd,
 	if (seed_in != NULL)
 		memcpy(seed, seed_in, seed_len);
 
-	if ((ctx=BN_CTX_new()) == NULL)
-		goto err;
-
 	if ((mont=BN_MONT_CTX_new()) == NULL)
 		goto err;
 
+	if ((ctx=BN_CTX_new()) == NULL)
+		goto err;
 	BN_CTX_start(ctx);
+
 	if ((r0 = BN_CTX_get(ctx)) == NULL)
 		goto err;
 	if ((g = BN_CTX_get(ctx)) == NULL)