From: slontis <shane.lontis@oracle.com>
Date: Thu, 1 Dec 2022 01:34:14 +0000 (+1000)
Subject: Address coverity issue CID 1517105
X-Git-Tag: openssl-3.2.0-alpha1~1577
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5e42118de2c8001b3b5fa0cae138950d5b2e1cf1;p=thirdparty%2Fopenssl.git

Address coverity issue CID 1517105

The code path for this resource leak indicates that this is a false
positive (if you look at the callers).
Rather than ignoring the warning an extra check has been added, in case
future callers do the wrong thing.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19799)
---

diff --git a/crypto/deterministic_nonce.c b/crypto/deterministic_nonce.c
index cd28cce513c..6b78777b424 100644
--- a/crypto/deterministic_nonce.c
+++ b/crypto/deterministic_nonce.c
@@ -158,9 +158,12 @@ int ossl_gen_deterministic_nonce_rfc6979(BIGNUM *out, const BIGNUM *q,
     unsigned char *entropyx = NULL, *nonceh = NULL, *T = NULL;
     size_t allocsz = 0;
 
+    if (out == NULL)
+        return 0;
+
     qlen_bits = BN_num_bits(q);
     if (qlen_bits == 0)
-        goto end;
+        return 0;
 
     /* Note rlen used here is in bytes since the input values are byte arrays */
     rlen = (qlen_bits + 7) / 8;
@@ -169,7 +172,7 @@ int ossl_gen_deterministic_nonce_rfc6979(BIGNUM *out, const BIGNUM *q,
     /* Use a single alloc for the buffers T, nonceh and entropyx */
     T = (unsigned char *)OPENSSL_zalloc(allocsz);
     if (T == NULL)
-        goto end;
+        return 0;
     nonceh = T + rlen;
     entropyx = nonceh + rlen;