Fix coverity issues

CID : 1458169 RESOURCE LEAK ffc_params_generate.c - False positive, but addressed another Leak in adjacent code CID : 1458171 UNCHECKED RET apps/pkeyutl.c CID : 1458173 DEAD CODE ffc_params_generate.c CID : 1458174 RESOURCE LEAK ssl_lib.c Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/11048)
2025-02-17 14:32:04 +08:00 · 2020-02-10 11:45:27 +10:00 · 2020-02-10 11:45:27 +10:00 · 075b1f2f42
commit 075b1f2f42
parent 51994e505d
3 changed files with 12 additions and 13 deletions
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@ -556,8 +556,9 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
                    || (group = EC_KEY_get0_group(eckey)) == NULL
                    || (nid = EC_GROUP_get_curve_name(group)) == 0)
                goto end;
-            if (nid == NID_sm2)
-                EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);
+            if (nid == NID_sm2
+                    && !EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2))
+                goto end;
        }
 #endif
        *pkeysize = EVP_PKEY_size(pkey);
--- a/crypto/ffc/ffc_params_generate.c
+++ b/crypto/ffc/ffc_params_generate.c
@ -46,8 +46,6 @@ static int ffc_validate_LN(size_t L, size_t N, int type)
            return 80;
        if (L == 2048 && (N == 224 || N == 256))
            return 112;
-        if (L == 2048 && N == 256)
-            return 112;
        if (L == 3072 && N == 256)
            return 128;
    }
@ -103,13 +101,14 @@ static int generate_canonical_g(BN_CTX *ctx, BN_MONT_CTX *mont,
    EVP_MD_CTX *mctx = NULL;
    int mdsize;

-    mctx = EVP_MD_CTX_new();
-    if (mctx == NULL)
-        goto err;
-
    mdsize = EVP_MD_size(evpmd);
    if (mdsize <= 0)
-        goto err;
+        return 0;
+
+    mctx = EVP_MD_CTX_new();
+    if (mctx == NULL)
+        return 0;
+
   /*
    * A.2.3 Step (4) & (5)
    * A.2.4 Step (6) & (7)
@ -134,7 +133,7 @@ static int generate_canonical_g(BN_CTX *ctx, BN_MONT_CTX *mont,
                || !EVP_DigestFinal_ex(mctx, md, NULL)
                || (BN_bin2bn(md, mdsize, tmp) == NULL)
                || !BN_mod_exp_mont(g, tmp, e, p, ctx, mont))
-                    return 0;
+                    break; /* exit on failure */
        /*
         * A.2.3 Step (10)
         * A.2.4 Step (12)
@ -145,7 +144,6 @@ static int generate_canonical_g(BN_CTX *ctx, BN_MONT_CTX *mont,
            break; /* found g */
        }
    }
-err:
    EVP_MD_CTX_free(mctx);
    return ret;
 }
@ -743,7 +741,7 @@ err:
    if (seed != params->seed)
        OPENSSL_free(seed);
    OPENSSL_free(seed_tmp);
-    if (ctx)
+    if (ctx != NULL)
        BN_CTX_end(ctx);
    BN_CTX_free(ctx);
    BN_MONT_CTX_free(mont);
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@ -3148,7 +3148,7 @@ SSL_CTX *SSL_CTX_new_with_libctx(OPENSSL_CTX *libctx, const char *propq,

    /* initialize cipher/digest methods table */
    if (!ssl_load_ciphers(ret))
-        return 0;
+        goto err2;

    if (!SSL_CTX_set_ciphersuites(ret, OSSL_default_ciphersuites()))
        goto err;