Address non-FP coverity nits

Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26765)
2025-04-06 20:20:50 +08:00 · 2025-02-15 15:57:48 +11:00 · 2025-02-15 15:57:48 +11:00 · afc64c240f
commit afc64c240f
parent fc00d9b7b1
6 changed files with 18 additions and 15 deletions
--- a/apps/dgst.c
+++ b/apps/dgst.c
@ -711,7 +711,7 @@ static int do_fp_oneshot_sign(BIO *out, EVP_MD_CTX *ctx, BIO *in, int sep, int b
    buflen = bio_to_mem(&buf, maxlen, in);
    if (buflen <= 0) {
        BIO_printf(bio_err, "Read error in %s\n", file);
-        goto end;
+        return ret;
    }
    if (sigin != NULL) {
        res = EVP_DigestVerify(ctx, sigin, siglen, buf, buflen);
--- a/crypto/ml_kem/ml_kem.c
+++ b/crypto/ml_kem/ml_kem.c
@ -1821,8 +1821,7 @@ int ossl_ml_kem_genkey(uint8_t *pubenc, size_t publen, ML_KEM_KEY *key)
        return 0;
    vinfo = key->vinfo;

-    if ((pubenc != NULL && publen != vinfo->pubkey_bytes)
-        || (mdctx = EVP_MD_CTX_new()) == NULL)
+    if (pubenc != NULL && publen != vinfo->pubkey_bytes)
        return 0;

    if (ossl_ml_kem_have_seed(key)) {
@ -1834,6 +1833,9 @@ int ossl_ml_kem_genkey(uint8_t *pubenc, size_t publen, ML_KEM_KEY *key)
        return 0;
    }

+    if ((mdctx = EVP_MD_CTX_new()) == NULL)
+        return 0;
+
    /*
     * Data derived from (d, z) defaults secret, and to avoid side-channel
     * leaks should not influence control flow.
@ -1872,14 +1874,14 @@ int ossl_ml_kem_encap_seed(uint8_t *ctext, size_t clen,
    EVP_MD_CTX *mdctx;
    int ret = 0;

-    if (!ossl_ml_kem_have_pubkey(key))
+    if (key == NULL || !ossl_ml_kem_have_pubkey(key))
        return 0;
    vinfo = key->vinfo;

    if (ctext == NULL || clen != vinfo->ctext_bytes
        || shared_secret == NULL || slen != ML_KEM_SHARED_SECRET_BYTES
        || entropy == NULL || elen != ML_KEM_RANDOM_BYTES
-        || key == NULL || (mdctx = EVP_MD_CTX_new()) == NULL)
+        || (mdctx = EVP_MD_CTX_new()) == NULL)
        return 0;
    /*
     * Data derived from the encap entropy defaults secret, and to avoid
@ -1953,8 +1955,8 @@ int ossl_ml_kem_decap(uint8_t *shared_secret, size_t slen,
    if (shared_secret == NULL || slen != ML_KEM_SHARED_SECRET_BYTES
        || ctext == NULL || clen != vinfo->ctext_bytes
        || (mdctx = EVP_MD_CTX_new()) == NULL) {
-        RAND_bytes_ex(key->libctx, shared_secret,
-                      ML_KEM_SHARED_SECRET_BYTES, vinfo->secbits);
+        (void)RAND_bytes_ex(key->libctx, shared_secret,
+                            ML_KEM_SHARED_SECRET_BYTES, vinfo->secbits);
        return 0;
    }
 #if defined(OPENSSL_CONSTANT_TIME_VALIDATION)
--- a/providers/implementations/keymgmt/ml_kem_kmgmt.c
+++ b/providers/implementations/keymgmt/ml_kem_kmgmt.c
@ -690,13 +690,14 @@ static void *ml_kem_gen(void *vgctx, OSSL_CALLBACK *osslcb, void *cbarg)
    PROV_ML_KEM_GEN_CTX *gctx = vgctx;
    ML_KEM_KEY *key;
    uint8_t *nopub = NULL;
-    uint8_t *seed = gctx->seed;
+    uint8_t *seed;
    int genok = 0;

    if (gctx == NULL
        || (gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) ==
            OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
        return NULL;
+    seed = gctx->seed;
    key = ml_kem_new(gctx->provctx, gctx->propq, gctx->evp_type);
    if (key == NULL)
        return NULL;
--- a/providers/implementations/keymgmt/mlx_kmgmt.c
+++ b/providers/implementations/keymgmt/mlx_kmgmt.c
@ -687,7 +687,7 @@ static void *mlx_kem_gen(void *vgctx, OSSL_CALLBACK *osslcb, void *cbarg)
 {
    PROV_ML_KEM_GEN_CTX *gctx = vgctx;
    MLX_KEY *key;
-    char *propq = gctx->propq;
+    char *propq;

    if (gctx == NULL
        || (gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) ==
@ -695,6 +695,7 @@ static void *mlx_kem_gen(void *vgctx, OSSL_CALLBACK *osslcb, void *cbarg)
        return NULL;

    /* Lose ownership of propq */
+    propq = gctx->propq;
    gctx->propq = NULL;
    if ((key = mlx_kem_key_new(gctx->evp_type, gctx->libctx, propq)) == NULL)
        return NULL;
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@ -999,11 +999,10 @@ int tls1_get0_implemented_groups(int min_proto_version, int max_proto_version,
    int ret = 0;
    size_t ix;

-    if ((collect = sk_TLS_GROUP_IX_new(tls_group_ix_cmp)) == NULL)
-        return 0;
-
    if (grps == NULL || out == NULL)
        return 0;
+    if ((collect = sk_TLS_GROUP_IX_new(tls_group_ix_cmp)) == NULL)
+        return 0;
    for (ix = 0; ix < num; ++ix, ++grps) {
        if (grps->mintls > 0 && max_proto_version > 0
             && grps->mintls > max_proto_version)
@ -1030,7 +1029,7 @@ int tls1_get0_implemented_groups(int min_proto_version, int max_proto_version,
        if (sk_OPENSSL_CSTRING_push(out, gix->grp->tlsname) <= 0)
            goto end;
    }
-    return 1;
+    ret = 1;

  end:
    sk_TLS_GROUP_IX_pop_free(collect, free_wrapper);
--- a/test/ml_dsa_test.c
+++ b/test/ml_dsa_test.c
@ -43,8 +43,8 @@ static EVP_PKEY *do_gen_key(const char *alg,
            || !TEST_int_eq(EVP_PKEY_keygen_init(ctx), 1)
            || !TEST_int_eq(EVP_PKEY_CTX_set_params(ctx, params), 1)
            || !TEST_int_eq(EVP_PKEY_generate(ctx, &pkey), 1))
-        goto err;
-err:
+        pkey = NULL;
+
    EVP_PKEY_CTX_free(ctx);
    return pkey;
 }