From 075b1f2f42c9ab1f5c80078cad70de0216748b6d Mon Sep 17 00:00:00 2001 From: Shane Lontis Date: Mon, 10 Feb 2020 11:45:27 +1000 Subject: [PATCH] Fix coverity issues CID : 1458169 RESOURCE LEAK ffc_params_generate.c - False positive, but addressed another Leak in adjacent code CID : 1458171 UNCHECKED RET apps/pkeyutl.c CID : 1458173 DEAD CODE ffc_params_generate.c CID : 1458174 RESOURCE LEAK ssl_lib.c Reviewed-by: Richard Levitte Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/11048) --- apps/pkeyutl.c | 5 +++-- crypto/ffc/ffc_params_generate.c | 16 +++++++--------- ssl/ssl_lib.c | 2 +- 3 files changed, 11 insertions(+), 12 deletions(-) diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index a8cd2a0e3e..5bc436576d 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -556,8 +556,9 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, || (group = EC_KEY_get0_group(eckey)) == NULL || (nid = EC_GROUP_get_curve_name(group)) == 0) goto end; - if (nid == NID_sm2) - EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); + if (nid == NID_sm2 + && !EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)) + goto end; } #endif *pkeysize = EVP_PKEY_size(pkey); diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c index c32c33e8b8..54d5c58e09 100644 --- a/crypto/ffc/ffc_params_generate.c +++ b/crypto/ffc/ffc_params_generate.c @@ -46,8 +46,6 @@ static int ffc_validate_LN(size_t L, size_t N, int type) return 80; if (L == 2048 && (N == 224 || N == 256)) return 112; - if (L == 2048 && N == 256) - return 112; if (L == 3072 && N == 256) return 128; } @@ -103,13 +101,14 @@ static int generate_canonical_g(BN_CTX *ctx, BN_MONT_CTX *mont, EVP_MD_CTX *mctx = NULL; int mdsize; + mdsize = EVP_MD_size(evpmd); + if (mdsize <= 0) + return 0; + mctx = EVP_MD_CTX_new(); if (mctx == NULL) - goto err; + return 0; - mdsize = EVP_MD_size(evpmd); - if (mdsize <= 0) - goto err; /* * A.2.3 Step (4) & (5) * A.2.4 Step (6) & (7) @@ -134,7 +133,7 @@ static int generate_canonical_g(BN_CTX *ctx, BN_MONT_CTX *mont, || !EVP_DigestFinal_ex(mctx, md, NULL) || (BN_bin2bn(md, mdsize, tmp) == NULL) || !BN_mod_exp_mont(g, tmp, e, p, ctx, mont)) - return 0; + break; /* exit on failure */ /* * A.2.3 Step (10) * A.2.4 Step (12) @@ -145,7 +144,6 @@ static int generate_canonical_g(BN_CTX *ctx, BN_MONT_CTX *mont, break; /* found g */ } } -err: EVP_MD_CTX_free(mctx); return ret; } @@ -743,7 +741,7 @@ err: if (seed != params->seed) OPENSSL_free(seed); OPENSSL_free(seed_tmp); - if (ctx) + if (ctx != NULL) BN_CTX_end(ctx); BN_CTX_free(ctx); BN_MONT_CTX_free(mont); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 23101954ec..a1c3987962 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3148,7 +3148,7 @@ SSL_CTX *SSL_CTX_new_with_libctx(OPENSSL_CTX *libctx, const char *propq, /* initialize cipher/digest methods table */ if (!ssl_load_ciphers(ret)) - return 0; + goto err2; if (!SSL_CTX_set_ciphersuites(ret, OSSL_default_ciphersuites())) goto err; -- 2.25.1