From ad14e8e5085936bb495d15f4e0a1b653460ae4dd Mon Sep 17 00:00:00 2001
From: Shane Lontis <shane.lontis@oracle.com>
Date: Tue, 4 Jun 2019 11:32:58 +1000
Subject: [PATCH] Coverity fixes

covID 1445689 Resource leak (in error path)
covID 1445318 Resource leak (in test - minor)
covID 1443705 Unchecked return value (Needed if CRYPTO_atomic_add() was used)
covID 1443691 Resource leak (in app - minor)

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9071)
---
 apps/verify.c          | 11 ++++++++++-
 crypto/provider_core.c |  3 ++-
 ssl/tls13_enc.c        |  1 +
 test/enginetest.c      |  2 +-
 4 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/apps/verify.c b/apps/verify.c
index 3767972a5e..fd407646f5 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -169,11 +169,20 @@ int verify_main(int argc, char **argv)
             v_verbose = 1;
             break;
         case OPT_SM2ID:
-            /* we assume the input is not a hex string */
+            if (sm2_id != NULL) {
+                BIO_printf(bio_err,
+                           "Use one of the options 'sm2-hex-id' or 'sm2-id' \n");
+                goto end;
+            }
             sm2_id = (unsigned char *)opt_arg();
             sm2_idlen = strlen((const char *)sm2_id);
             break;
         case OPT_SM2HEXID:
+            if (sm2_id != NULL) {
+                BIO_printf(bio_err,
+                           "Use one of the options 'sm2-hex-id' or 'sm2-id' \n");
+                goto end;
+            }
             /* try to parse the input as hex string first */
             sm2_free = 1;
             sm2_id = OPENSSL_hexstr2buf(opt_arg(), (long *)&sm2_idlen);
diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index 837f4b5daf..bcf6aa9eb1 100644
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -194,7 +194,8 @@ int ossl_provider_upref(OSSL_PROVIDER *prov)
 {
     int ref = 0;
 
-    CRYPTO_UP_REF(&prov->refcnt, &ref, prov->refcnt_lock);
+    if (CRYPTO_UP_REF(&prov->refcnt, &ref, prov->refcnt_lock) <= 0)
+        return 0;
     return ref;
 }
 
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index b0fc4b296d..9bc34c1b85 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -170,6 +170,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md,
     if (!ossl_assert(mdleni >= 0)) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET,
                  ERR_R_INTERNAL_ERROR);
+        EVP_KDF_CTX_free(kctx);
         return 0;
     }
     mdlen = (size_t)mdleni;
diff --git a/test/enginetest.c b/test/enginetest.c
index 4836cbe92f..b4d117efa2 100644
--- a/test/enginetest.c
+++ b/test/enginetest.c
@@ -279,7 +279,7 @@ static int test_redirect(void)
      * Try setting test key engine. Both should fail because the
      * engine has no public key methods.
      */
-    if (!TEST_ptr_null(EVP_PKEY_CTX_new(pkey, e))
+    if (!TEST_ptr_null(ctx = EVP_PKEY_CTX_new(pkey, e))
             || !TEST_int_le(EVP_PKEY_set1_engine(pkey, e), 0))
         goto err;
 
-- 
2.39.2