From 4dcff55c75f911ea190b57b94d9540f80a961a4f Mon Sep 17 00:00:00 2001 From: Pauli Date: Mon, 27 Apr 2020 08:33:27 +1000 Subject: [PATCH] coverity 1462549 Dereference before null check Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11651) --- crypto/err/openssl.txt | 1 + crypto/evp/evp_err.c | 1 + crypto/evp/pkey_mac.c | 21 +++++++++++++-------- include/openssl/evperr.h | 2 ++ 4 files changed, 17 insertions(+), 8 deletions(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 122542f6b6..4978ce7a8c 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2559,6 +2559,7 @@ EVP_R_NO_KEYMGMT_AVAILABLE:199:no keymgmt available EVP_R_NO_KEYMGMT_PRESENT:196:no keymgmt present EVP_R_NO_KEY_SET:154:no key set EVP_R_NO_OPERATION_SET:149:no operation set +EVP_R_NULL_MAC_PKEY_CTX:208:null mac pkey ctx EVP_R_ONLY_ONESHOT_SUPPORTED:177:only oneshot supported EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\ operation not supported for this keytype diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 3f2b814f18..5b7b4b586c 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -114,6 +114,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_KEYMGMT_PRESENT), "no keymgmt present"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_KEY_SET), "no key set"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_OPERATION_SET), "no operation set"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NULL_MAC_PKEY_CTX), "null mac pkey ctx"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ONLY_ONESHOT_SUPPORTED), "only oneshot supported"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), diff --git a/crypto/evp/pkey_mac.c b/crypto/evp/pkey_mac.c index bfd8cd630d..56231e3938 100644 --- a/crypto/evp/pkey_mac.c +++ b/crypto/evp/pkey_mac.c @@ -493,13 +493,24 @@ static int pkey_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) } static int pkey_mac_ctrl_str(EVP_PKEY_CTX *ctx, - const char *type, const char *value) + const char *type, const char *value) { MAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx); - const EVP_MAC *mac = EVP_MAC_CTX_mac(hctx->ctx); + const EVP_MAC *mac; OSSL_PARAM params[2]; int ok = 0; + if (hctx == NULL) { + EVPerr(0, EVP_R_NULL_MAC_PKEY_CTX); + return 0; + } + if (hctx->ctx == NULL) { + /* This actually means the fetch failed during the init call */ + EVPerr(0, EVP_R_FETCH_FAILED); + return 0; + } + mac = EVP_MAC_CTX_mac(hctx->ctx); + /* * Translation of some control names that are equivalent to a single * parameter name. @@ -520,12 +531,6 @@ static int pkey_mac_ctrl_str(EVP_PKEY_CTX *ctx, return 0; params[1] = OSSL_PARAM_construct_end(); - if (hctx->ctx == NULL) { - /* This actually means the fetch failed during the init call */ - EVPerr(0, EVP_R_FETCH_FAILED); - return 0; - } - ok = EVP_MAC_CTX_set_params(hctx->ctx, params); OPENSSL_free(params[0].data); return ok; diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index 9290cfff94..b8799a6f43 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -10,6 +10,7 @@ #ifndef OPENSSL_EVPERR_H # define OPENSSL_EVPERR_H +# pragma once # include # include @@ -223,6 +224,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_NO_KEYMGMT_PRESENT 196 # define EVP_R_NO_KEY_SET 154 # define EVP_R_NO_OPERATION_SET 149 +# define EVP_R_NULL_MAC_PKEY_CTX 208 # define EVP_R_ONLY_ONESHOT_SUPPORTED 177 # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 # define EVP_R_OPERATON_NOT_INITIALIZED 151 -- 2.25.1