[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Sun Nov 7 22:56:26 UTC 2021
The branch master has been updated
via 1b4d9967a24154f1dc00f471eb843203ec7bb7d4 (commit)
via fe4125382301201e42a3251544cda429bba0c9d7 (commit)
via 182cc644b3a3690bddfecba925486fefa421d6ec (commit)
via 73a815defe428e42ccc27fdc9d5be507f980278b (commit)
from 098f2627c8d283a518a6e6e60e7893664c7510e0 (commit)
- Log -----------------------------------------------------------------
commit 1b4d9967a24154f1dc00f471eb843203ec7bb7d4
Author: Pauli <pauli at openssl.org>
Date: Thu Nov 4 15:05:59 2021 +1000
Address Coverity 1493362 resource leak
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16962)
commit fe4125382301201e42a3251544cda429bba0c9d7
Author: Pauli <pauli at openssl.org>
Date: Thu Nov 4 12:52:00 2021 +1000
Address coverity 1493382 argument cannot be negative
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16962)
commit 182cc644b3a3690bddfecba925486fefa421d6ec
Author: Pauli <pauli at openssl.org>
Date: Thu Nov 4 12:46:58 2021 +1000
Address Coverity 1493387 Logically dead code
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16962)
commit 73a815defe428e42ccc27fdc9d5be507f980278b
Author: Pauli <pauli at openssl.org>
Date: Thu Nov 4 11:59:55 2021 +1000
Fix coverity 1493364 & 1493375: unchecked return value
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16962)
-----------------------------------------------------------------------
Summary of changes:
crypto/comp/c_zlib.c | 12 ++++++++++--
crypto/evp/e_rc5.c | 7 ++++---
crypto/evp/m_sigver.c | 4 ++--
providers/implementations/keymgmt/mac_legacy_kmgmt.c | 1 +
4 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c
index b36a562d88..9a7087e444 100644
--- a/crypto/comp/c_zlib.c
+++ b/crypto/comp/c_zlib.c
@@ -380,7 +380,11 @@ static int bio_zlib_read(BIO *b, char *out, int outl)
ERR_raise(ERR_LIB_COMP, ERR_R_MALLOC_FAILURE);
return 0;
}
- inflateInit(zin);
+ if ((ret = inflateInit(zin)) != Z_OK) {
+ ERR_raise_data(ERR_LIB_COMP, COMP_R_ZLIB_INFLATE_ERROR,
+ "zlib error: %s", zError(ret));
+ return 0;
+ }
zin->next_in = ctx->ibuf;
zin->avail_in = 0;
}
@@ -443,7 +447,11 @@ static int bio_zlib_write(BIO *b, const char *in, int inl)
}
ctx->optr = ctx->obuf;
ctx->ocount = 0;
- deflateInit(zout, ctx->comp_level);
+ if ((ret = deflateInit(zout, ctx->comp_level)) != Z_OK) {
+ ERR_raise_data(ERR_LIB_COMP, COMP_R_ZLIB_DEFLATE_ERROR,
+ "zlib error: %s", zError(ret));
+ return 0;
+ }
zout->next_out = ctx->obuf;
zout->avail_out = ctx->obufsize;
}
diff --git a/crypto/evp/e_rc5.c b/crypto/evp/e_rc5.c
index 3fb372360d..3496a70193 100644
--- a/crypto/evp/e_rc5.c
+++ b/crypto/evp/e_rc5.c
@@ -72,12 +72,13 @@ static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
- if (EVP_CIPHER_CTX_get_key_length(ctx) > 255) {
+ const int key_len = EVP_CIPHER_CTX_get_key_length(ctx);
+
+ if (key_len > 255 || key_len < 0) {
ERR_raise(ERR_LIB_EVP, EVP_R_BAD_KEY_LENGTH);
return 0;
}
- return RC5_32_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_get_key_length(ctx),
- key, data(ctx)->rounds);
+ return RC5_32_set_key(&data(ctx)->ks, key_len, key, data(ctx)->rounds);
}
#endif
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 2972734d8d..80570973dd 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -462,14 +462,14 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
sigret, siglen,
- (sigret == NULL) ? 0 : *siglen);
+ (siglen == NULL) ? 0 : *siglen);
dctx = EVP_PKEY_CTX_dup(pctx);
if (dctx == NULL)
return 0;
r = dctx->op.sig.signature->digest_sign_final(dctx->op.sig.algctx,
sigret, siglen,
- (sigret == NULL) ? 0 : *siglen);
+ (siglen == NULL) ? 0 : *siglen);
EVP_PKEY_CTX_free(dctx);
return r;
diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c b/providers/implementations/keymgmt/mac_legacy_kmgmt.c
index 63553996bd..ec34a3ee71 100644
--- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c
+++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c
@@ -508,6 +508,7 @@ static void *mac_gen(void *genctx, OSSL_CALLBACK *cb, void *cbarg)
* of this can be removed and we will only support the EVP_KDF APIs.
*/
if (!ossl_prov_cipher_copy(&key->cipher, &gctx->cipher)) {
+ ossl_mac_key_free(key);
ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
return NULL;
}
More information about the openssl-commits
mailing list