The branch master has been updated via c996f71bab433c5d0f75945206a8cfd422829a49 (commit) via 2f142901ca7f729a20444a541ec1cb8516954056 (commit) via 6f924bb89ecb792dc1ecaa3454086f3772ba5c74 (commit) via 9283e9bd115cac8be3cf4241c8873fc10aeebb2d (commit) via c4d02214053d34990ce28598691f3dddef6f3868 (commit) from 22f7f42433fe9deb409703d76a0c4383371e6983 (commit)
- Log ----------------------------------------------------------------- commit c996f71bab433c5d0f75945206a8cfd422829a49 Author: Pauli <paul.d...@oracle.com> Date: Fri Jul 3 10:11:33 2020 +1000 apps: remove NULL check imn release_engine since ENGINE_free also does it. Reviewed-by: Tim Hudson <t...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12309) commit 2f142901ca7f729a20444a541ec1cb8516954056 Author: Pauli <paul.d...@oracle.com> Date: Mon Jun 29 08:39:42 2020 +1000 coverity 1464983: null pointer dereference Reviewed-by: Tim Hudson <t...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12309) commit 6f924bb89ecb792dc1ecaa3454086f3772ba5c74 Author: Pauli <paul.d...@oracle.com> Date: Mon Jun 29 08:33:35 2020 +1000 coverity 1464984: Null pointer dereferences Reviewed-by: Tim Hudson <t...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12309) commit 9283e9bd115cac8be3cf4241c8873fc10aeebb2d Author: Pauli <paul.d...@oracle.com> Date: Mon Jun 29 08:29:10 2020 +1000 cmp: remove NULL check. Instead appease coverity by marking 1464986 as a false positive. Coverity is confused by the engine reference counting. Reviewed-by: Tim Hudson <t...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12309) commit c4d02214053d34990ce28598691f3dddef6f3868 Author: Pauli <paul.d...@oracle.com> Date: Mon Jun 29 08:17:25 2020 +1000 coverity: CID 1464987: USE AFTER FREE Reviewed-by: Tim Hudson <t...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12309) ----------------------------------------------------------------------- Summary of changes: apps/cmp.c | 3 +- apps/lib/apps.c | 5 +-- crypto/property/property.c | 6 +-- providers/implementations/rands/drbg.c | 2 +- providers/implementations/rands/drbg_ctr.c | 68 +++++++++++++++--------------- 5 files changed, 42 insertions(+), 42 deletions(-) diff --git a/apps/cmp.c b/apps/cmp.c index 4a6074ba58..87daa37dfa 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -3186,8 +3186,7 @@ int cmp_main(int argc, char **argv) X509_STORE_free(OSSL_CMP_CTX_get_certConf_cb_arg(cmp_ctx)); OSSL_CMP_CTX_free(cmp_ctx); X509_VERIFY_PARAM_free(vpm); - if (engine != NULL) /* workaround for Coverity false positive */ - release_engine(engine); + release_engine(engine); NCONF_free(conf); /* must not do as long as opt_... variables are used */ OSSL_CMP_log_close(); diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 6c9d62fb62..3e4cc288b1 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -1156,9 +1156,8 @@ ENGINE *setup_engine_methods(const char *id, unsigned int methods, int debug) void release_engine(ENGINE *e) { #ifndef OPENSSL_NO_ENGINE - if (e != NULL) - /* Free our "structural" reference. */ - ENGINE_free(e); + /* Free our "structural" reference. */ + ENGINE_free(e); #endif } diff --git a/crypto/property/property.c b/crypto/property/property.c index a72ccb02b4..a3b52ee44d 100644 --- a/crypto/property/property.c +++ b/crypto/property/property.c @@ -324,7 +324,7 @@ int ossl_method_store_fetch(OSSL_METHOD_STORE *store, int nid, const char *prop_query, void **method) { - OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(store->ctx); + OSSL_PROPERTY_LIST **plp; ALGORITHM *alg; IMPLEMENTATION *impl; OSSL_PROPERTY_LIST *pq = NULL, *p2 = NULL; @@ -350,9 +350,9 @@ int ossl_method_store_fetch(OSSL_METHOD_STORE *store, int nid, return 0; } - if (prop_query != NULL) { + if (prop_query != NULL) p2 = pq = ossl_parse_query(store->ctx, prop_query); - } + plp = ossl_ctx_global_properties(store->ctx); if (plp != NULL && *plp != NULL) { if (pq == NULL) { pq = *plp; diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c index c2fa99b865..3394271835 100644 --- a/providers/implementations/rands/drbg.c +++ b/providers/implementations/rands/drbg.c @@ -503,7 +503,7 @@ int PROV_DRBG_instantiate(PROV_DRBG *drbg, unsigned int strength, drbg->min_noncelen, drbg->max_noncelen)) { PROVerr(0, PROV_R_ERROR_RETRIEVING_NONCE); - OPENSSL_free(nonce); + goto end; } #ifndef PROV_RAND_GET_RANDOM_NONCE } else if (drbg->parent != NULL) { diff --git a/providers/implementations/rands/drbg_ctr.c b/providers/implementations/rands/drbg_ctr.c index f481b1bb27..48fb7ebd3d 100644 --- a/providers/implementations/rands/drbg_ctr.c +++ b/providers/implementations/rands/drbg_ctr.c @@ -530,9 +530,13 @@ static int drbg_ctr_init_lengths(PROV_DRBG *drbg) static int drbg_ctr_init(PROV_DRBG *drbg) { PROV_DRBG_CTR *ctr = (PROV_DRBG_CTR *)drbg->data; - const size_t keylen = EVP_CIPHER_key_length(ctr->cipher_ctr); + size_t keylen; - ctr->keylen = keylen; + if (ctr->cipher_ctr == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CIPHER); + return 0; + } + ctr->keylen = keylen = EVP_CIPHER_key_length(ctr->cipher_ctr); if (ctr->ctx_ecb == NULL) ctr->ctx_ecb = EVP_CIPHER_CTX_new(); if (ctr->ctx_ctr == NULL) @@ -542,39 +546,37 @@ static int drbg_ctr_init(PROV_DRBG *drbg) goto err; } - if (ctr->cipher_ctr != NULL) { - if (!EVP_CipherInit_ex(ctr->ctx_ecb, - ctr->cipher_ecb, NULL, NULL, NULL, 1) - || !EVP_CipherInit_ex(ctr->ctx_ctr, - ctr->cipher_ctr, NULL, NULL, NULL, 1)) { - ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_INITIALISE_CIPHERS); - goto err; - } + if (!EVP_CipherInit_ex(ctr->ctx_ecb, + ctr->cipher_ecb, NULL, NULL, NULL, 1) + || !EVP_CipherInit_ex(ctr->ctx_ctr, + ctr->cipher_ctr, NULL, NULL, NULL, 1)) { + ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_INITIALISE_CIPHERS); + goto err; + } - drbg->strength = keylen * 8; - drbg->seedlen = keylen + 16; + drbg->strength = keylen * 8; + drbg->seedlen = keylen + 16; - if (ctr->use_df) { - /* df initialisation */ - static const unsigned char df_key[32] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f - }; - - if (ctr->ctx_df == NULL) - ctr->ctx_df = EVP_CIPHER_CTX_new(); - if (ctr->ctx_df == NULL) { - ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); - goto err; - } - /* Set key schedule for df_key */ - if (!EVP_CipherInit_ex(ctr->ctx_df, - ctr->cipher_ecb, NULL, df_key, NULL, 1)) { - ERR_raise(ERR_LIB_PROV, PROV_R_DERIVATION_FUNCTION_INIT_FAILED); - goto err; - } + if (ctr->use_df) { + /* df initialisation */ + static const unsigned char df_key[32] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f + }; + + if (ctr->ctx_df == NULL) + ctr->ctx_df = EVP_CIPHER_CTX_new(); + if (ctr->ctx_df == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + goto err; + } + /* Set key schedule for df_key */ + if (!EVP_CipherInit_ex(ctr->ctx_df, + ctr->cipher_ecb, NULL, df_key, NULL, 1)) { + ERR_raise(ERR_LIB_PROV, PROV_R_DERIVATION_FUNCTION_INIT_FAILED); + goto err; } } return drbg_ctr_init_lengths(drbg);