[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Wed Apr 7 22:50:45 UTC 2021
The branch master has been updated
via 09fba0b44032c2f66d5e7e8c732869e031ce74c8 (commit)
via fd0a9ff7ef0db7441baf8626f53e37a10d22449d (commit)
via c12bf35026af94a73402eaf13f2428a9af30f1c0 (commit)
via 3bbc7b562abf4ca3221d8762fe3f749024936281 (commit)
via 48b05bb617e247a40b66c2ddd9326966000a3504 (commit)
via 1002bb9ff0e35b4195586199222f9bad77837162 (commit)
via 89f7ea045be346ecd9085804a429bb4842843344 (commit)
from 41385f2708d08155d56ce08dce494152e225069e (commit)
- Log -----------------------------------------------------------------
commit 09fba0b44032c2f66d5e7e8c732869e031ce74c8
Author: Pauli <ppzgs1 at gmail.com>
Date: Mon Mar 22 08:37:56 2021 +1000
fix coverity 1466710: resource leak
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14620)
commit fd0a9ff7ef0db7441baf8626f53e37a10d22449d
Author: Pauli <ppzgs1 at gmail.com>
Date: Fri Mar 19 14:54:40 2021 +1000
dh: fix coverity 1473238: argument cannot be negative
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14620)
commit c12bf35026af94a73402eaf13f2428a9af30f1c0
Author: Pauli <ppzgs1 at gmail.com>
Date: Fri Mar 19 14:50:43 2021 +1000
evp: fix coverity 1473631: argument cannot be negative
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14620)
commit 3bbc7b562abf4ca3221d8762fe3f749024936281
Author: Pauli <ppzgs1 at gmail.com>
Date: Fri Mar 19 14:50:28 2021 +1000
evp: fix coverity 1451509: argument cannot be negative
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14620)
commit 48b05bb617e247a40b66c2ddd9326966000a3504
Author: Pauli <ppzgs1 at gmail.com>
Date: Fri Mar 19 14:50:11 2021 +1000
evp: fix coverity 1451510: argument cannot be negative
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14620)
commit 1002bb9ff0e35b4195586199222f9bad77837162
Author: Pauli <ppzgs1 at gmail.com>
Date: Fri Mar 19 14:49:57 2021 +1000
evp: fix coverity 1472682: argument cannot be negative
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14620)
commit 89f7ea045be346ecd9085804a429bb4842843344
Author: Pauli <ppzgs1 at gmail.com>
Date: Fri Mar 19 14:49:42 2021 +1000
test: fix coverity 1473234 & 1473239: argument cannot be negative
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14620)
-----------------------------------------------------------------------
Summary of changes:
crypto/dh/dh_pmeth.c | 9 +++++----
crypto/evp/e_cast.c | 6 +++++-
crypto/evp/e_rc4.c | 6 +++++-
crypto/evp/e_rc4_hmac_md5.c | 6 +++++-
crypto/evp/evp_enc.c | 7 ++++---
providers/implementations/keymgmt/ec_kmgmt.c | 6 +++---
test/dhtest.c | 4 ++--
7 files changed, 29 insertions(+), 15 deletions(-)
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index 584a174ae2..affe40a53c 100644
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -463,10 +463,11 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
if (*keylen != dctx->kdf_outlen)
return 0;
ret = 0;
- Zlen = DH_size(dh);
- Z = OPENSSL_malloc(Zlen);
- if (Z == NULL) {
- goto err;
+ if ((Zlen = DH_size(dh)) <= 0)
+ return 0;
+ if ((Z = OPENSSL_malloc(Zlen)) == NULL) {
+ ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE);
+ return 0;
}
if (DH_compute_key_padded(Z, dhpubbn, dh) <= 0)
goto err;
diff --git a/crypto/evp/e_cast.c b/crypto/evp/e_cast.c
index 8325a5f8d2..883030224b 100644
--- a/crypto/evp/e_cast.c
+++ b/crypto/evp/e_cast.c
@@ -40,7 +40,11 @@ IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY,
static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
- CAST_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key);
+ int keylen = EVP_CIPHER_CTX_key_length(ctx);
+
+ if (keylen <= 0)
+ return 0;
+ CAST_set_key(&data(ctx)->ks, keylen, key);
return 1;
}
diff --git a/crypto/evp/e_rc4.c b/crypto/evp/e_rc4.c
index 10b83aea6d..94107c72c3 100644
--- a/crypto/evp/e_rc4.c
+++ b/crypto/evp/e_rc4.c
@@ -75,7 +75,11 @@ const EVP_CIPHER *EVP_rc4_40(void)
static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
- RC4_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key);
+ int keylen;
+
+ if ((keylen = EVP_CIPHER_CTX_key_length(ctx)) <= 0)
+ return 0;
+ RC4_set_key(&data(ctx)->ks, keylen, key);
return 1;
}
diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c
index 098aa3ee1b..8bc1da6323 100644
--- a/crypto/evp/e_rc4_hmac_md5.c
+++ b/crypto/evp/e_rc4_hmac_md5.c
@@ -46,8 +46,12 @@ static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx,
const unsigned char *iv, int enc)
{
EVP_RC4_HMAC_MD5 *key = data(ctx);
+ const int keylen = EVP_CIPHER_CTX_key_length(ctx);
- RC4_set_key(&key->ks, EVP_CIPHER_CTX_key_length(ctx), inkey);
+ if (keylen <= 0)
+ return 0;
+
+ RC4_set_key(&key->ks, keylen, inkey);
MD5_Init(&key->head); /* handy when benchmarking */
key->tail = key->head;
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 64759311c0..2e4a3227a1 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -78,6 +78,7 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
const unsigned char *iv, int enc,
const OSSL_PARAM params[])
{
+ int n;
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
ENGINE *tmpimpl = NULL;
#endif
@@ -336,9 +337,9 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
/* fall-through */
case EVP_CIPH_CBC_MODE:
-
- OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
- (int)sizeof(ctx->iv));
+ n = EVP_CIPHER_CTX_iv_length(ctx);
+ if (!ossl_assert(n >= 0 && n <= (int)sizeof(ctx->iv)))
+ return 0;
if (iv)
memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
index ed1b412225..58283ca8f0 100644
--- a/providers/implementations/keymgmt/ec_kmgmt.c
+++ b/providers/implementations/keymgmt/ec_kmgmt.c
@@ -900,13 +900,13 @@ int ec_validate(const void *keydata, int selection, int checktype)
if (!ossl_prov_is_running())
return 0;
+ if ((selection & EC_POSSIBLE_SELECTIONS) == 0)
+ return 1; /* nothing to validate */
+
ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(eck));
if (ctx == NULL)
return 0;
- if ((selection & EC_POSSIBLE_SELECTIONS) == 0)
- return 1; /* nothing to validate */
-
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
int flags = EC_KEY_get_flags(eck);
diff --git a/test/dhtest.c b/test/dhtest.c
index 189b5ae13f..b5ff81a319 100644
--- a/test/dhtest.c
+++ b/test/dhtest.c
@@ -666,12 +666,12 @@ static int rfc7919_test(void)
DH_get0_key(b, &bpub_key, NULL);
alen = DH_size(a);
- if (!TEST_ptr(abuf = OPENSSL_malloc(alen))
+ if (!TEST_int_gt(alen, 0) || !TEST_ptr(abuf = OPENSSL_malloc(alen))
|| !TEST_true((aout = DH_compute_key(abuf, bpub_key, a)) != -1))
goto err;
blen = DH_size(b);
- if (!TEST_ptr(bbuf = OPENSSL_malloc(blen))
+ if (!TEST_int_gt(blen, 0) || !TEST_ptr(bbuf = OPENSSL_malloc(blen))
|| !TEST_true((bout = DH_compute_key(bbuf, apub_key, b)) != -1))
goto err;
More information about the openssl-commits
mailing list