Fix coverity issues

CID : 1458169 RESOURCE LEAK ffc_params_generate.c - False positive, but addressed another Leak in adjacent code
CID : 1458171 UNCHECKED RET apps/pkeyutl.c
CID : 1458173 DEAD CODE ffc_params_generate.c
CID : 1458174 RESOURCE LEAK ssl_lib.c

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/11048)

diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index a8cd2a0e3e66df530eff78645b8ff0b8d99e1dd9..5bc436576d9e1474977b760207c84bba01d76aab 100644 (file)
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -556,8 +556,9 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
                     || (group = EC_KEY_get0_group(eckey)) == NULL
                     || (nid = EC_GROUP_get_curve_name(group)) == 0)
                 goto end;
-            if (nid == NID_sm2)
-                EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);
+            if (nid == NID_sm2
+                    && !EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2))
+                goto end;
         }
 #endif
         *pkeysize = EVP_PKEY_size(pkey);

diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c
index c32c33e8b8b47221b228065a3434a23f4e4d2404..54d5c58e090a8fbd41ffdad56fc1b3342bebaf4b 100644 (file)
--- a/crypto/ffc/ffc_params_generate.c
+++ b/crypto/ffc/ffc_params_generate.c
@@ -46,8 +46,6 @@ static int ffc_validate_LN(size_t L, size_t N, int type)
             return 80;
         if (L == 2048 && (N == 224 || N == 256))
             return 112;
-        if (L == 2048 && N == 256)
-            return 112;
         if (L == 3072 && N == 256)
             return 128;
     }
@@ -103,13 +101,14 @@ static int generate_canonical_g(BN_CTX *ctx, BN_MONT_CTX *mont,
     EVP_MD_CTX *mctx = NULL;
     int mdsize;
 
+    mdsize = EVP_MD_size(evpmd);
+    if (mdsize <= 0)
+        return 0;
+
     mctx = EVP_MD_CTX_new();
     if (mctx == NULL)
-        goto err;
+        return 0;
 
-    mdsize = EVP_MD_size(evpmd);
-    if (mdsize <= 0)
-        goto err;
    /*
     * A.2.3 Step (4) & (5)
     * A.2.4 Step (6) & (7)
@@ -134,7 +133,7 @@ static int generate_canonical_g(BN_CTX *ctx, BN_MONT_CTX *mont,
                 || !EVP_DigestFinal_ex(mctx, md, NULL)
                 || (BN_bin2bn(md, mdsize, tmp) == NULL)
                 || !BN_mod_exp_mont(g, tmp, e, p, ctx, mont))
-                    return 0;
+                    break; /* exit on failure */
         /*
          * A.2.3 Step (10)
          * A.2.4 Step (12)
@@ -145,7 +144,6 @@ static int generate_canonical_g(BN_CTX *ctx, BN_MONT_CTX *mont,
             break; /* found g */
         }
     }
-err:
     EVP_MD_CTX_free(mctx);
     return ret;
 }
@@ -743,7 +741,7 @@ err:
     if (seed != params->seed)
         OPENSSL_free(seed);
     OPENSSL_free(seed_tmp);
-    if (ctx)
+    if (ctx != NULL)
         BN_CTX_end(ctx);
     BN_CTX_free(ctx);
     BN_MONT_CTX_free(mont);

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 23101954ec2ca7524ab99702beb9a93e5f10ed20..a1c398796248fe51029b484794e538ed89eebd06 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3148,7 +3148,7 @@ SSL_CTX *SSL_CTX_new_with_libctx(OPENSSL_CTX *libctx, const char *propq,
 
     /* initialize cipher/digest methods table */
     if (!ssl_load_ciphers(ret))
-        return 0;
+        goto err2;
 
     if (!SSL_CTX_set_ciphersuites(ret, OSSL_default_ciphersuites()))
         goto err;