The code path for this resource leak indicates that this is a false
positive (if you look at the callers).
Rather than ignoring the warning an extra check has been added, in case
future callers do the wrong thing.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19799)
unsigned char *entropyx = NULL, *nonceh = NULL, *T = NULL;
size_t allocsz = 0;
+ if (out == NULL)
+ return 0;
+
qlen_bits = BN_num_bits(q);
if (qlen_bits == 0)
- goto end;
+ return 0;
/* Note rlen used here is in bytes since the input values are byte arrays */
rlen = (qlen_bits + 7) / 8;
/* Use a single alloc for the buffers T, nonceh and entropyx */
T = (unsigned char *)OPENSSL_zalloc(allocsz);
if (T == NULL)
- goto end;
+ return 0;
nonceh = T + rlen;
entropyx = nonceh + rlen;