[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Sun Jul 5 03:21:55 UTC 2020
The branch master has been updated
via c996f71bab433c5d0f75945206a8cfd422829a49 (commit)
via 2f142901ca7f729a20444a541ec1cb8516954056 (commit)
via 6f924bb89ecb792dc1ecaa3454086f3772ba5c74 (commit)
via 9283e9bd115cac8be3cf4241c8873fc10aeebb2d (commit)
via c4d02214053d34990ce28598691f3dddef6f3868 (commit)
from 22f7f42433fe9deb409703d76a0c4383371e6983 (commit)
- Log -----------------------------------------------------------------
commit c996f71bab433c5d0f75945206a8cfd422829a49
Author: Pauli <paul.dale at oracle.com>
Date: Fri Jul 3 10:11:33 2020 +1000
apps: remove NULL check imn release_engine since ENGINE_free also does it.
Reviewed-by: Tim Hudson <tjh at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12309)
commit 2f142901ca7f729a20444a541ec1cb8516954056
Author: Pauli <paul.dale at oracle.com>
Date: Mon Jun 29 08:39:42 2020 +1000
coverity 1464983: null pointer dereference
Reviewed-by: Tim Hudson <tjh at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12309)
commit 6f924bb89ecb792dc1ecaa3454086f3772ba5c74
Author: Pauli <paul.dale at oracle.com>
Date: Mon Jun 29 08:33:35 2020 +1000
coverity 1464984: Null pointer dereferences
Reviewed-by: Tim Hudson <tjh at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12309)
commit 9283e9bd115cac8be3cf4241c8873fc10aeebb2d
Author: Pauli <paul.dale at oracle.com>
Date: Mon Jun 29 08:29:10 2020 +1000
cmp: remove NULL check.
Instead appease coverity by marking 1464986 as a false positive.
Coverity is confused by the engine reference counting.
Reviewed-by: Tim Hudson <tjh at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12309)
commit c4d02214053d34990ce28598691f3dddef6f3868
Author: Pauli <paul.dale at oracle.com>
Date: Mon Jun 29 08:17:25 2020 +1000
coverity: CID 1464987: USE AFTER FREE
Reviewed-by: Tim Hudson <tjh at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12309)
-----------------------------------------------------------------------
Summary of changes:
apps/cmp.c | 3 +-
apps/lib/apps.c | 5 +--
crypto/property/property.c | 6 +--
providers/implementations/rands/drbg.c | 2 +-
providers/implementations/rands/drbg_ctr.c | 68 +++++++++++++++---------------
5 files changed, 42 insertions(+), 42 deletions(-)
diff --git a/apps/cmp.c b/apps/cmp.c
index 4a6074ba58..87daa37dfa 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -3186,8 +3186,7 @@ int cmp_main(int argc, char **argv)
X509_STORE_free(OSSL_CMP_CTX_get_certConf_cb_arg(cmp_ctx));
OSSL_CMP_CTX_free(cmp_ctx);
X509_VERIFY_PARAM_free(vpm);
- if (engine != NULL) /* workaround for Coverity false positive */
- release_engine(engine);
+ release_engine(engine);
NCONF_free(conf); /* must not do as long as opt_... variables are used */
OSSL_CMP_log_close();
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 6c9d62fb62..3e4cc288b1 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -1156,9 +1156,8 @@ ENGINE *setup_engine_methods(const char *id, unsigned int methods, int debug)
void release_engine(ENGINE *e)
{
#ifndef OPENSSL_NO_ENGINE
- if (e != NULL)
- /* Free our "structural" reference. */
- ENGINE_free(e);
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
#endif
}
diff --git a/crypto/property/property.c b/crypto/property/property.c
index a72ccb02b4..a3b52ee44d 100644
--- a/crypto/property/property.c
+++ b/crypto/property/property.c
@@ -324,7 +324,7 @@ int ossl_method_store_fetch(OSSL_METHOD_STORE *store, int nid,
const char *prop_query,
void **method)
{
- OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(store->ctx);
+ OSSL_PROPERTY_LIST **plp;
ALGORITHM *alg;
IMPLEMENTATION *impl;
OSSL_PROPERTY_LIST *pq = NULL, *p2 = NULL;
@@ -350,9 +350,9 @@ int ossl_method_store_fetch(OSSL_METHOD_STORE *store, int nid,
return 0;
}
- if (prop_query != NULL) {
+ if (prop_query != NULL)
p2 = pq = ossl_parse_query(store->ctx, prop_query);
- }
+ plp = ossl_ctx_global_properties(store->ctx);
if (plp != NULL && *plp != NULL) {
if (pq == NULL) {
pq = *plp;
diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c
index c2fa99b865..3394271835 100644
--- a/providers/implementations/rands/drbg.c
+++ b/providers/implementations/rands/drbg.c
@@ -503,7 +503,7 @@ int PROV_DRBG_instantiate(PROV_DRBG *drbg, unsigned int strength,
drbg->min_noncelen,
drbg->max_noncelen)) {
PROVerr(0, PROV_R_ERROR_RETRIEVING_NONCE);
- OPENSSL_free(nonce);
+ goto end;
}
#ifndef PROV_RAND_GET_RANDOM_NONCE
} else if (drbg->parent != NULL) {
diff --git a/providers/implementations/rands/drbg_ctr.c b/providers/implementations/rands/drbg_ctr.c
index f481b1bb27..48fb7ebd3d 100644
--- a/providers/implementations/rands/drbg_ctr.c
+++ b/providers/implementations/rands/drbg_ctr.c
@@ -530,9 +530,13 @@ static int drbg_ctr_init_lengths(PROV_DRBG *drbg)
static int drbg_ctr_init(PROV_DRBG *drbg)
{
PROV_DRBG_CTR *ctr = (PROV_DRBG_CTR *)drbg->data;
- const size_t keylen = EVP_CIPHER_key_length(ctr->cipher_ctr);
+ size_t keylen;
- ctr->keylen = keylen;
+ if (ctr->cipher_ctr == NULL) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CIPHER);
+ return 0;
+ }
+ ctr->keylen = keylen = EVP_CIPHER_key_length(ctr->cipher_ctr);
if (ctr->ctx_ecb == NULL)
ctr->ctx_ecb = EVP_CIPHER_CTX_new();
if (ctr->ctx_ctr == NULL)
@@ -542,39 +546,37 @@ static int drbg_ctr_init(PROV_DRBG *drbg)
goto err;
}
- if (ctr->cipher_ctr != NULL) {
- if (!EVP_CipherInit_ex(ctr->ctx_ecb,
- ctr->cipher_ecb, NULL, NULL, NULL, 1)
- || !EVP_CipherInit_ex(ctr->ctx_ctr,
- ctr->cipher_ctr, NULL, NULL, NULL, 1)) {
- ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_INITIALISE_CIPHERS);
- goto err;
- }
+ if (!EVP_CipherInit_ex(ctr->ctx_ecb,
+ ctr->cipher_ecb, NULL, NULL, NULL, 1)
+ || !EVP_CipherInit_ex(ctr->ctx_ctr,
+ ctr->cipher_ctr, NULL, NULL, NULL, 1)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_INITIALISE_CIPHERS);
+ goto err;
+ }
- drbg->strength = keylen * 8;
- drbg->seedlen = keylen + 16;
+ drbg->strength = keylen * 8;
+ drbg->seedlen = keylen + 16;
- if (ctr->use_df) {
- /* df initialisation */
- static const unsigned char df_key[32] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
- };
-
- if (ctr->ctx_df == NULL)
- ctr->ctx_df = EVP_CIPHER_CTX_new();
- if (ctr->ctx_df == NULL) {
- ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- /* Set key schedule for df_key */
- if (!EVP_CipherInit_ex(ctr->ctx_df,
- ctr->cipher_ecb, NULL, df_key, NULL, 1)) {
- ERR_raise(ERR_LIB_PROV, PROV_R_DERIVATION_FUNCTION_INIT_FAILED);
- goto err;
- }
+ if (ctr->use_df) {
+ /* df initialisation */
+ static const unsigned char df_key[32] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
+ };
+
+ if (ctr->ctx_df == NULL)
+ ctr->ctx_df = EVP_CIPHER_CTX_new();
+ if (ctr->ctx_df == NULL) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ /* Set key schedule for df_key */
+ if (!EVP_CipherInit_ex(ctr->ctx_df,
+ ctr->cipher_ecb, NULL, df_key, NULL, 1)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_DERIVATION_FUNCTION_INIT_FAILED);
+ goto err;
}
}
return drbg_ctr_init_lengths(drbg);
More information about the openssl-commits
mailing list