[openssl] master update
shane.lontis at oracle.com
shane.lontis at oracle.com
Thu Feb 13 21:30:14 UTC 2020
The branch master has been updated
via 075b1f2f42c9ab1f5c80078cad70de0216748b6d (commit)
from 51994e505dbb1cd0dd76869ec962e2948b77b585 (commit)
- Log -----------------------------------------------------------------
commit 075b1f2f42c9ab1f5c80078cad70de0216748b6d
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Mon Feb 10 11:45:27 2020 +1000
Fix coverity issues
CID : 1458169 RESOURCE LEAK ffc_params_generate.c - False positive, but addressed another Leak in adjacent code
CID : 1458171 UNCHECKED RET apps/pkeyutl.c
CID : 1458173 DEAD CODE ffc_params_generate.c
CID : 1458174 RESOURCE LEAK ssl_lib.c
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/11048)
-----------------------------------------------------------------------
Summary of changes:
apps/pkeyutl.c | 5 +++--
crypto/ffc/ffc_params_generate.c | 16 +++++++---------
ssl/ssl_lib.c | 2 +-
3 files changed, 11 insertions(+), 12 deletions(-)
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index a8cd2a0e3e..5bc436576d 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -556,8 +556,9 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
|| (group = EC_KEY_get0_group(eckey)) == NULL
|| (nid = EC_GROUP_get_curve_name(group)) == 0)
goto end;
- if (nid == NID_sm2)
- EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);
+ if (nid == NID_sm2
+ && !EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2))
+ goto end;
}
#endif
*pkeysize = EVP_PKEY_size(pkey);
diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c
index c32c33e8b8..54d5c58e09 100644
--- a/crypto/ffc/ffc_params_generate.c
+++ b/crypto/ffc/ffc_params_generate.c
@@ -46,8 +46,6 @@ static int ffc_validate_LN(size_t L, size_t N, int type)
return 80;
if (L == 2048 && (N == 224 || N == 256))
return 112;
- if (L == 2048 && N == 256)
- return 112;
if (L == 3072 && N == 256)
return 128;
}
@@ -103,13 +101,14 @@ static int generate_canonical_g(BN_CTX *ctx, BN_MONT_CTX *mont,
EVP_MD_CTX *mctx = NULL;
int mdsize;
+ mdsize = EVP_MD_size(evpmd);
+ if (mdsize <= 0)
+ return 0;
+
mctx = EVP_MD_CTX_new();
if (mctx == NULL)
- goto err;
+ return 0;
- mdsize = EVP_MD_size(evpmd);
- if (mdsize <= 0)
- goto err;
/*
* A.2.3 Step (4) & (5)
* A.2.4 Step (6) & (7)
@@ -134,7 +133,7 @@ static int generate_canonical_g(BN_CTX *ctx, BN_MONT_CTX *mont,
|| !EVP_DigestFinal_ex(mctx, md, NULL)
|| (BN_bin2bn(md, mdsize, tmp) == NULL)
|| !BN_mod_exp_mont(g, tmp, e, p, ctx, mont))
- return 0;
+ break; /* exit on failure */
/*
* A.2.3 Step (10)
* A.2.4 Step (12)
@@ -145,7 +144,6 @@ static int generate_canonical_g(BN_CTX *ctx, BN_MONT_CTX *mont,
break; /* found g */
}
}
-err:
EVP_MD_CTX_free(mctx);
return ret;
}
@@ -743,7 +741,7 @@ err:
if (seed != params->seed)
OPENSSL_free(seed);
OPENSSL_free(seed_tmp);
- if (ctx)
+ if (ctx != NULL)
BN_CTX_end(ctx);
BN_CTX_free(ctx);
BN_MONT_CTX_free(mont);
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 23101954ec..a1c3987962 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3148,7 +3148,7 @@ SSL_CTX *SSL_CTX_new_with_libctx(OPENSSL_CTX *libctx, const char *propq,
/* initialize cipher/digest methods table */
if (!ssl_load_ciphers(ret))
- return 0;
+ goto err2;
if (!SSL_CTX_set_ciphersuites(ret, OSSL_default_ciphersuites()))
goto err;
More information about the openssl-commits
mailing list