[openssl] master update
tomas at openssl.org
tomas at openssl.org
Tue Mar 30 16:58:03 UTC 2021
The branch master has been updated
via d1a57d873b0e8a09370010f5f632c3f10c7cf9fc (commit)
via 92b3e62fdd5c85101998affe2260ac845cf09ba4 (commit)
via ec3dd97019b7ec95b77d50b6f81c8d32d58d9bbf (commit)
via d0ea0eb331176bf5882e31c8cf2538af16ef76cb (commit)
via 03915534851daef6232c514cf1a8ea3158a7704e (commit)
from 2db9bef264ba39e173d6b6a3a800595e15eef31b (commit)
- Log -----------------------------------------------------------------
commit d1a57d873b0e8a09370010f5f632c3f10c7cf9fc
Author: Pauli <pauli at openssl.org>
Date: Mon Mar 29 12:37:43 2021 +1000
apps: fix coverity 1474463, 1474465 & 1474467: resource leaks
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14716)
commit 92b3e62fdd5c85101998affe2260ac845cf09ba4
Author: Pauli <pauli at openssl.org>
Date: Mon Mar 29 12:33:02 2021 +1000
test: fix coverity 1474468: resource leak
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14716)
commit ec3dd97019b7ec95b77d50b6f81c8d32d58d9bbf
Author: Pauli <pauli at openssl.org>
Date: Mon Mar 29 12:30:40 2021 +1000
evp: fix coverity 1474469: negative return
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14716)
commit d0ea0eb331176bf5882e31c8cf2538af16ef76cb
Author: Pauli <pauli at openssl.org>
Date: Mon Mar 29 12:29:10 2021 +1000
x509: fix coverity 1474470: NULL pointer dereference
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14716)
commit 03915534851daef6232c514cf1a8ea3158a7704e
Author: Pauli <pauli at openssl.org>
Date: Mon Mar 29 12:28:10 2021 +1000
x509: fix coverity 1474471: NULL pointer dereference
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14716)
-----------------------------------------------------------------------
Summary of changes:
apps/speed.c | 7 ++++---
crypto/evp/evp_pkey.c | 6 +++---
crypto/x509/x509_att.c | 2 +-
crypto/x509/x_all.c | 7 +++++--
test/bad_dtls_test.c | 14 ++++++--------
5 files changed, 19 insertions(+), 17 deletions(-)
diff --git a/apps/speed.c b/apps/speed.c
index 0bd566e846..727341a1e6 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -3603,8 +3603,8 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
const int *mblengths = mblengths_list;
int j, count, keylen, num = OSSL_NELEM(mblengths_list);
const char *alg_name;
- unsigned char *inp, *out, *key, no_key[32], no_iv[16];
- EVP_CIPHER_CTX *ctx;
+ unsigned char *inp = NULL, *out = NULL, *key, no_key[32], no_iv[16];
+ EVP_CIPHER_CTX *ctx = NULL;
double d = 0.0;
if (lengths_single) {
@@ -3621,7 +3621,7 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
if ((keylen = EVP_CIPHER_CTX_key_length(ctx)) < 0) {
BIO_printf(bio_err, "Impossible negative key length: %d\n", keylen);
- return;
+ goto err;
}
key = app_malloc(keylen, "evp_cipher key");
if (!EVP_CIPHER_CTX_rand_key(ctx, key))
@@ -3710,6 +3710,7 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
fprintf(stdout, "\n");
}
+ err:
OPENSSL_free(inp);
OPENSSL_free(out);
EVP_CIPHER_CTX_free(ctx);
diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c
index 7aafd76822..35de85cffd 100644
--- a/crypto/evp/evp_pkey.c
+++ b/crypto/evp/evp_pkey.c
@@ -73,8 +73,9 @@ EVP_PKEY *EVP_PKCS82PKEY_ex(const PKCS8_PRIV_KEY_INFO *p8, OSSL_LIB_CTX *libctx,
size_t len;
OSSL_DECODER_CTX *dctx = NULL;
- if ((encoded_len = i2d_PKCS8_PRIV_KEY_INFO(p8, &encoded_data)) <= 0)
- goto end;
+ if ((encoded_len = i2d_PKCS8_PRIV_KEY_INFO(p8, &encoded_data)) <= 0
+ || encoded_data == NULL)
+ return NULL;
p8_data = encoded_data;
len = encoded_len;
@@ -85,7 +86,6 @@ EVP_PKEY *EVP_PKCS82PKEY_ex(const PKCS8_PRIV_KEY_INFO *p8, OSSL_LIB_CTX *libctx,
/* try legacy */
pkey = evp_pkcs82pkey_legacy(p8, libctx, propq);
- end:
OPENSSL_clear_free(encoded_data, encoded_len);
OSSL_DECODER_CTX_free(dctx);
return pkey;
diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c
index 52cad9a047..e7ed189958 100644
--- a/crypto/x509/x509_att.c
+++ b/crypto/x509/x509_att.c
@@ -79,7 +79,7 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
if (x == NULL) {
ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
- goto err2;
+ return NULL;
}
if (*x == NULL) {
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index c5e0c0b1ec..042425456c 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -434,8 +434,11 @@ ASN1_OCTET_STRING *X509_digest_sig(const X509 *cert)
int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
unsigned char *md, unsigned int *len)
{
- if (type != NULL
- && EVP_MD_is_a(type, SN_sha1)
+ if (type == NULL) {
+ ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if (EVP_MD_is_a(type, SN_sha1)
&& (data->flags & EXFLAG_SET) != 0
&& (data->flags & EXFLAG_NO_FINGERPRINT) == 0) {
/* Asking for SHA1; always computed in CRL d2i. */
diff --git a/test/bad_dtls_test.c b/test/bad_dtls_test.c
index d60daa447f..48cf45bae6 100644
--- a/test/bad_dtls_test.c
+++ b/test/bad_dtls_test.c
@@ -281,8 +281,8 @@ static int send_record(BIO *rbio, unsigned char type, uint64_t seqnr,
static unsigned char seq[6] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
static unsigned char ver[2] = { 0x01, 0x00 }; /* DTLS1_BAD_VER */
unsigned char lenbytes[2];
- EVP_MAC *hmac;
- EVP_MAC_CTX *ctx;
+ EVP_MAC *hmac = NULL;
+ EVP_MAC_CTX *ctx = NULL;
EVP_CIPHER_CTX *enc_ctx = NULL;
unsigned char iv[16];
unsigned char pad;
@@ -306,12 +306,9 @@ static int send_record(BIO *rbio, unsigned char type, uint64_t seqnr,
memcpy(enc, msg, len);
/* Append HMAC to data */
- if ((hmac = EVP_MAC_fetch(NULL, "HMAC", NULL)) == NULL)
- return 0;
- ctx = EVP_MAC_CTX_new(hmac);
- EVP_MAC_free(hmac);
- if (ctx == NULL)
- return 0;
+ if (!TEST_ptr(hmac = EVP_MAC_fetch(NULL, "HMAC", NULL))
+ || !TEST_ptr(ctx = EVP_MAC_CTX_new(hmac)))
+ goto end;
params[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
"SHA1", 0);
params[1] = OSSL_PARAM_construct_end();
@@ -354,6 +351,7 @@ static int send_record(BIO *rbio, unsigned char type, uint64_t seqnr,
BIO_write(rbio, enc, len);
ret = 1;
end:
+ EVP_MAC_free(hmac);
EVP_MAC_CTX_free(ctx);
EVP_CIPHER_CTX_free(enc_ctx);
OPENSSL_free(enc);
More information about the openssl-commits
mailing list