[openssl] master update

Dr. Paul Dale pauli at openssl.org
Tue Mar 23 23:41:07 UTC 2021 

The branch master has been updated
       via  218e1263c4f2ac014859bcd6b72d0e66a3f75d95 (commit)
       via  9d8c53ed164f325a28bee657b09cf4b30d62a08f (commit)
      from  9ca269af63a5772d3e9c28c4e4893fafb306202e (commit)


- Log -----------------------------------------------------------------
commit 218e1263c4f2ac014859bcd6b72d0e66a3f75d95
Author: Pauli <ppzgs1 at gmail.com>
Date:   Mon Mar 22 09:05:40 2021 +1000

    ec_keymgmt: fix coverity 1474427: resource leak
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14637)

commit 9d8c53ed164f325a28bee657b09cf4b30d62a08f
Author: Pauli <ppzgs1 at gmail.com>
Date:   Mon Mar 22 08:47:58 2021 +1000

    dh: fix coverty 1474423: resource leak
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14637)

-----------------------------------------------------------------------

Summary of changes:
 crypto/dh/dh_backend.c                       | 1 +
 providers/implementations/keymgmt/ec_kmgmt.c | 6 +++---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c
index 8da830f9d8..97f5271a5a 100644
--- a/crypto/dh/dh_backend.c
+++ b/crypto/dh/dh_backend.c
@@ -161,6 +161,7 @@ DH *ossl_dh_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf,
     if ((privkey_bn = BN_secure_new()) == NULL
         || !ASN1_INTEGER_to_BN(privkey, privkey_bn)) {
         ERR_raise(ERR_LIB_DH, DH_R_BN_ERROR);
+        BN_clear_free(privkey_bn);
         goto dherr;
     }
     if (!DH_set0_key(dh, NULL, privkey_bn))
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
index 2ba21dfb39..b8aa518a08 100644
--- a/providers/implementations/keymgmt/ec_kmgmt.c
+++ b/providers/implementations/keymgmt/ec_kmgmt.c
@@ -847,13 +847,13 @@ int sm2_validate(const void *keydata, int selection, int checktype)
     if (!ossl_prov_is_running())
         return 0;
 
+    if ((selection & EC_POSSIBLE_SELECTIONS) == 0)
+        return 1; /* nothing to validate */
+
     ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(eck));
     if  (ctx == NULL)
         return 0;
 
-    if ((selection & EC_POSSIBLE_SELECTIONS) == 0)
-        return 1; /* nothing to validate */
-
     if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
         ok = ok && EC_GROUP_check(EC_KEY_get0_group(eck), ctx);

More information about the openssl-commits mailing list