[openssl] master update

Dr. Paul Dale pauli at openssl.org
Tue Sep 10 22:29:06 UTC 2019


The branch master has been updated
       via  4a3dd6292385a23134e113a01463f9516004ae85 (commit)
       via  f20a59cb1c21e360f000e541e2e41aceca515929 (commit)
       via  d111712f6a7ae0ce37062d75fa3fa72e277e7455 (commit)
       via  64da55a64f141bb068f034ab0df34ec2a044e482 (commit)
       via  085f1d11a01e62c5abfe6486ee9dce00a808d977 (commit)
       via  6ce4ff19158273ccf3313d5ece6adbd8bda0ac4b (commit)
       via  7e56c626936f7070070cf989053dc0011a9bca9c (commit)
       via  92475712a9ca5e53913c4d1541ea9d044e183108 (commit)
      from  5840ed0cd1e6487d247efbc1a04136a41d7b3a37 (commit)


- Log -----------------------------------------------------------------
commit 4a3dd6292385a23134e113a01463f9516004ae85
Author: Pauli <paul.dale at oracle.com>
Date:   Mon Sep 9 10:14:32 2019 +1000

    Coverity 1453629 and 1453638: Error handling issues (NEGATIVE_RETURNS)
    
    Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
    (Merged from https://github.com/openssl/openssl/pull/9805)

commit f20a59cb1c21e360f000e541e2e41aceca515929
Author: Pauli <paul.dale at oracle.com>
Date:   Sun Sep 8 18:39:11 2019 +1000

    Coverity 1453634: Resource leaks (RESOURCE_LEAK)
    
    Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
    (Merged from https://github.com/openssl/openssl/pull/9805)

commit d111712f6a7ae0ce37062d75fa3fa72e277e7455
Author: Pauli <paul.dale at oracle.com>
Date:   Mon Sep 9 08:04:45 2019 +1000

    Coverity 1453633: Error handling issues (CHECKED_RETURN)
    
    Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
    (Merged from https://github.com/openssl/openssl/pull/9805)

commit 64da55a64f141bb068f034ab0df34ec2a044e482
Author: Pauli <paul.dale at oracle.com>
Date:   Sun Sep 8 18:37:13 2019 +1000

    Coverity 1453632 & 1453635: Null pointer dereferences (FORWARD_NULL)
    
    Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
    (Merged from https://github.com/openssl/openssl/pull/9805)

commit 085f1d11a01e62c5abfe6486ee9dce00a808d977
Author: Pauli <paul.dale at oracle.com>
Date:   Sun Sep 8 18:33:12 2019 +1000

    Coverity 1453630: Null pointer dereferences (FORWARD_NULL)
    
    Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
    (Merged from https://github.com/openssl/openssl/pull/9805)

commit 6ce4ff19158273ccf3313d5ece6adbd8bda0ac4b
Author: Pauli <paul.dale at oracle.com>
Date:   Sun Sep 8 18:29:58 2019 +1000

    Coverity 1453628: Null pointer dereferences (REVERSE_INULL)
    
    Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
    (Merged from https://github.com/openssl/openssl/pull/9805)

commit 7e56c626936f7070070cf989053dc0011a9bca9c
Author: Pauli <paul.dale at oracle.com>
Date:   Sun Sep 8 18:28:56 2019 +1000

    Coverity 1453627: Null pointer dereferences (REVERSE_INULL)
    
    Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
    (Merged from https://github.com/openssl/openssl/pull/9805)

commit 92475712a9ca5e53913c4d1541ea9d044e183108
Author: Pauli <paul.dale at oracle.com>
Date:   Sun Sep 8 18:25:34 2019 +1000

    Coverity 1414465: Resource leaks  (RESOURCE_LEAK)
    
    Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
    (Merged from https://github.com/openssl/openssl/pull/9805)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/kdf_lib.c              | 2 +-
 crypto/rsa/rsa_ossl.c             | 4 ++++
 providers/common/kdfs/pbkdf2.c    | 4 +++-
 providers/common/macs/gmac_prov.c | 3 ++-
 providers/common/macs/kmac_prov.c | 4 +++-
 ssl/t1_enc.c                      | 3 ++-
 test/evp_test.c                   | 9 ++++++---
 7 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/crypto/evp/kdf_lib.c b/crypto/evp/kdf_lib.c
index aa0c5e341f..dedb250988 100644
--- a/crypto/evp/kdf_lib.c
+++ b/crypto/evp/kdf_lib.c
@@ -59,7 +59,7 @@ EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src)
 {
     EVP_KDF_CTX *dst;
 
-    if (src->data == NULL || src == NULL || src->meth->dupctx == NULL)
+    if (src == NULL || src->data == NULL || src->meth->dupctx == NULL)
         return NULL;
 
     dst = OPENSSL_malloc(sizeof(*dst));
diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c
index 29bd97bd1b..5d5efdbd69 100644
--- a/crypto/rsa/rsa_ossl.c
+++ b/crypto/rsa/rsa_ossl.c
@@ -470,6 +470,8 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
             goto err;
 
     j = BN_bn2binpad(ret, buf, num);
+    if (j < 0)
+        goto err;
 
     switch (padding) {
     case RSA_PKCS1_PADDING:
@@ -569,6 +571,8 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from,
             goto err;
 
     i = BN_bn2binpad(ret, buf, num);
+    if (i < 0)
+        goto err;
 
     switch (padding) {
     case RSA_PKCS1_PADDING:
diff --git a/providers/common/kdfs/pbkdf2.c b/providers/common/kdfs/pbkdf2.c
index ce395576dd..c8480125b2 100644
--- a/providers/common/kdfs/pbkdf2.c
+++ b/providers/common/kdfs/pbkdf2.c
@@ -107,7 +107,9 @@ static void kdf_pbkdf2_init(KDF_PBKDF2 *ctx)
 
     params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
                                                  SN_sha1, 0);
-    ossl_prov_digest_load_from_params(&ctx->digest, params, provctx);
+    if (!ossl_prov_digest_load_from_params(&ctx->digest, params, provctx))
+        /* This is an error, but there is no way to indicate such directly */
+        ossl_prov_digest_reset(&ctx->digest);
     ctx->iter = PKCS5_DEFAULT_ITER;
     ctx->lower_bound_checks = KDF_PBKDF2_DEFAULT_CHECKS;
 }
diff --git a/providers/common/macs/gmac_prov.c b/providers/common/macs/gmac_prov.c
index 2da176d8b0..67f3e48407 100644
--- a/providers/common/macs/gmac_prov.c
+++ b/providers/common/macs/gmac_prov.c
@@ -174,7 +174,8 @@ static int gmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[])
     OPENSSL_CTX *provctx = PROV_LIBRARY_CONTEXT_OF(macctx->provctx);
     const OSSL_PARAM *p;
 
-   if (!ossl_prov_cipher_load_from_params(&macctx->cipher, params, provctx))
+   if (ctx == NULL
+        || !ossl_prov_cipher_load_from_params(&macctx->cipher, params, provctx))
         return 0;
 
     if (EVP_CIPHER_mode(ossl_prov_cipher_cipher(&macctx->cipher))
diff --git a/providers/common/macs/kmac_prov.c b/providers/common/macs/kmac_prov.c
index 53598418db..99bcbf7da9 100644
--- a/providers/common/macs/kmac_prov.c
+++ b/providers/common/macs/kmac_prov.c
@@ -174,8 +174,10 @@ static void *kmac_fetch_new(void *provctx, const OSSL_PARAM *params)
     if (kctx == NULL)
         return 0;
     if (!ossl_prov_digest_load_from_params(&kctx->digest, params,
-                                      PROV_LIBRARY_CONTEXT_OF(provctx)))
+                                      PROV_LIBRARY_CONTEXT_OF(provctx))) {
+        kmac_free(kctx);
         return 0;
+    }
 
     kctx->out_len = EVP_MD_size(ossl_prov_digest_md(&kctx->digest));
     return kctx;
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 4419d3f10b..6726d8fb7d 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -35,7 +35,7 @@ static int tls1_PRF(SSL *s,
     EVP_KDF *kdf;
     EVP_KDF_CTX *kctx = NULL;
     OSSL_PARAM params[8], *p = params;
-    const char *mdname = EVP_MD_name(md);
+    const char *mdname;
 
     if (md == NULL) {
         /* Should never happen */
@@ -53,6 +53,7 @@ static int tls1_PRF(SSL *s,
     EVP_KDF_free(kdf);
     if (kctx == NULL)
         goto err;
+    mdname = EVP_MD_name(md);
     *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
                                             (char *)mdname, strlen(mdname) + 1);
     *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
diff --git a/test/evp_test.c b/test/evp_test.c
index 2f7506e6e6..67a818d98d 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -2008,8 +2008,10 @@ static int kdf_test_init(EVP_TEST *t, const char *name)
     *kdata->p = OSSL_PARAM_construct_end();
 
     kdf = EVP_KDF_fetch(NULL, name, NULL);
-    if (kdf == NULL)
+    if (kdf == NULL) {
+        OPENSSL_free(kdata);
         return 0;
+    }
     kdata->ctx = EVP_KDF_CTX_new(kdf);
     EVP_KDF_free(kdf);
     if (kdata->ctx == NULL) {
@@ -2045,14 +2047,15 @@ static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx,
     if (p != NULL)
         *p++ = '\0';
 
-    rv = OSSL_PARAM_allocate_from_text(kdata->p, defs, name, p, strlen(p));
+    rv = OSSL_PARAM_allocate_from_text(kdata->p, defs, name, p,
+                                       p != NULL ? strlen(p) : 0);
     *++kdata->p = OSSL_PARAM_construct_end();
     if (!rv) {
         t->err = "KDF_PARAM_ERROR";
         OPENSSL_free(name);
         return 0;
     }
-    if (strcmp(name, "digest") == 0 && p != NULL) {
+    if (p != NULL && strcmp(name, "digest") == 0) {
         /* If p has an OID and lookup fails assume disabled algorithm */
         int nid = OBJ_sn2nid(p);
 


More information about the openssl-commits mailing list