[openssl] master update

Dr. Paul Dale pauli at openssl.org
Sun Nov 7 22:56:26 UTC 2021


The branch master has been updated
       via  1b4d9967a24154f1dc00f471eb843203ec7bb7d4 (commit)
       via  fe4125382301201e42a3251544cda429bba0c9d7 (commit)
       via  182cc644b3a3690bddfecba925486fefa421d6ec (commit)
       via  73a815defe428e42ccc27fdc9d5be507f980278b (commit)
      from  098f2627c8d283a518a6e6e60e7893664c7510e0 (commit)


- Log -----------------------------------------------------------------
commit 1b4d9967a24154f1dc00f471eb843203ec7bb7d4
Author: Pauli <pauli at openssl.org>
Date:   Thu Nov 4 15:05:59 2021 +1000

    Address Coverity 1493362 resource leak
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16962)

commit fe4125382301201e42a3251544cda429bba0c9d7
Author: Pauli <pauli at openssl.org>
Date:   Thu Nov 4 12:52:00 2021 +1000

    Address coverity 1493382 argument cannot be negative
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16962)

commit 182cc644b3a3690bddfecba925486fefa421d6ec
Author: Pauli <pauli at openssl.org>
Date:   Thu Nov 4 12:46:58 2021 +1000

    Address Coverity 1493387 Logically dead code
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16962)

commit 73a815defe428e42ccc27fdc9d5be507f980278b
Author: Pauli <pauli at openssl.org>
Date:   Thu Nov 4 11:59:55 2021 +1000

    Fix coverity 1493364 & 1493375: unchecked return value
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16962)

-----------------------------------------------------------------------

Summary of changes:
 crypto/comp/c_zlib.c                                 | 12 ++++++++++--
 crypto/evp/e_rc5.c                                   |  7 ++++---
 crypto/evp/m_sigver.c                                |  4 ++--
 providers/implementations/keymgmt/mac_legacy_kmgmt.c |  1 +
 4 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c
index b36a562d88..9a7087e444 100644
--- a/crypto/comp/c_zlib.c
+++ b/crypto/comp/c_zlib.c
@@ -380,7 +380,11 @@ static int bio_zlib_read(BIO *b, char *out, int outl)
             ERR_raise(ERR_LIB_COMP, ERR_R_MALLOC_FAILURE);
             return 0;
         }
-        inflateInit(zin);
+        if ((ret = inflateInit(zin)) != Z_OK) {
+            ERR_raise_data(ERR_LIB_COMP, COMP_R_ZLIB_INFLATE_ERROR,
+                           "zlib error: %s", zError(ret));
+            return 0;
+        }
         zin->next_in = ctx->ibuf;
         zin->avail_in = 0;
     }
@@ -443,7 +447,11 @@ static int bio_zlib_write(BIO *b, const char *in, int inl)
         }
         ctx->optr = ctx->obuf;
         ctx->ocount = 0;
-        deflateInit(zout, ctx->comp_level);
+        if ((ret = deflateInit(zout, ctx->comp_level)) != Z_OK) {
+            ERR_raise_data(ERR_LIB_COMP, COMP_R_ZLIB_DEFLATE_ERROR,
+                           "zlib error: %s", zError(ret));
+            return 0;
+        }
         zout->next_out = ctx->obuf;
         zout->avail_out = ctx->obufsize;
     }
diff --git a/crypto/evp/e_rc5.c b/crypto/evp/e_rc5.c
index 3fb372360d..3496a70193 100644
--- a/crypto/evp/e_rc5.c
+++ b/crypto/evp/e_rc5.c
@@ -72,12 +72,13 @@ static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                                const unsigned char *iv, int enc)
 {
-    if (EVP_CIPHER_CTX_get_key_length(ctx) > 255) {
+    const int key_len = EVP_CIPHER_CTX_get_key_length(ctx);
+
+    if (key_len > 255 || key_len < 0) {
         ERR_raise(ERR_LIB_EVP, EVP_R_BAD_KEY_LENGTH);
         return 0;
     }
-    return RC5_32_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_get_key_length(ctx),
-                          key, data(ctx)->rounds);
+    return RC5_32_set_key(&data(ctx)->ks, key_len, key, data(ctx)->rounds);
 }
 
 #endif
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 2972734d8d..80570973dd 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -462,14 +462,14 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
     if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
         return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
                                                          sigret, siglen,
-                                                         (sigret == NULL) ? 0 : *siglen);
+                                                         (siglen == NULL) ? 0 : *siglen);
     dctx = EVP_PKEY_CTX_dup(pctx);
     if (dctx == NULL)
         return 0;
 
     r = dctx->op.sig.signature->digest_sign_final(dctx->op.sig.algctx,
                                                   sigret, siglen,
-                                                  (sigret == NULL) ? 0 : *siglen);
+                                                  (siglen == NULL) ? 0 : *siglen);
     EVP_PKEY_CTX_free(dctx);
     return r;
 
diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c b/providers/implementations/keymgmt/mac_legacy_kmgmt.c
index 63553996bd..ec34a3ee71 100644
--- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c
+++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c
@@ -508,6 +508,7 @@ static void *mac_gen(void *genctx, OSSL_CALLBACK *cb, void *cbarg)
      * of this can be removed and we will only support the EVP_KDF APIs.
      */
     if (!ossl_prov_cipher_copy(&key->cipher, &gctx->cipher)) {
+        ossl_mac_key_free(key);
         ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
         return NULL;
     }


More information about the openssl-commits mailing list