Fix error return value in SRP functions

The functions SRP_Calc_client_key() and SRP_Calc_server_key() were
incorrectly returning a valid pointer in the event of error.

Issue reported by Yuan Jochen Kang

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 308ff28673)

crypto/srp/srp_lib.c

@@ -159,8 +159,7 @@ BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b,
     if (u == NULL || A == NULL || v == NULL || b == NULL || N == NULL)
         return NULL;
 
-    if ((bn_ctx = BN_CTX_new()) == NULL ||
-        (tmp = BN_new()) == NULL || (S = BN_new()) == NULL)
+    if ((bn_ctx = BN_CTX_new()) == NULL || (tmp = BN_new()) == NULL)
         goto err;
 
     /* S = (A*v**u) ** b */
@@ -169,8 +168,12 @@ BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b,
         goto err;
     if (!BN_mod_mul(tmp, A, tmp, N, bn_ctx))
         goto err;
-    if (!BN_mod_exp(S, tmp, b, N, bn_ctx))
-        goto err;
+
+    S = BN_new();
+    if (S != NULL && !BN_mod_exp(S, tmp, b, N, bn_ctx)) {
+        BN_free(S);
+        S = NULL;
+    }
  err:
     BN_CTX_free(bn_ctx);
     BN_clear_free(tmp);
@@ -267,7 +270,7 @@ BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x,
 
     if ((tmp = BN_new()) == NULL ||
         (tmp2 = BN_new()) == NULL ||
-        (tmp3 = BN_new()) == NULL || (K = BN_new()) == NULL)
+        (tmp3 = BN_new()) == NULL)
         goto err;
 
     if (!BN_mod_exp(tmp, g, x, N, bn_ctx))
@@ -283,8 +286,11 @@ BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x,
         goto err;
     if (!BN_add(tmp2, a, tmp3))
         goto err;
-    if (!BN_mod_exp(K, tmp, tmp2, N, bn_ctx))
-        goto err;
+    K = BN_new();
+    if (K != NULL && !BN_mod_exp(K, tmp, tmp2, N, bn_ctx)) {
+        BN_free(K);
+        K = NULL;
+    }
 
  err:
     BN_CTX_free(bn_ctx);