From: Dmitry Belyavskiy Date: Mon, 17 Feb 2025 10:16:34 +0000 (+0100) Subject: Fix coverity issues X-Git-Tag: openssl-3.5.0-alpha1~170 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=83ced5e6b1f19a3196b464d0a10f8dc44633df1e;p=thirdparty%2Fopenssl.git Fix coverity issues Fixes coverity issues 1642964, 1642965, 1642966, 1642968, 1642969 Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz Reviewed-by: Tom Cosgrove (Merged from https://github.com/openssl/openssl/pull/26793) --- diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 30ce835b839..44189604bd1 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -580,11 +580,14 @@ static int evp_cipher_init_skey_internal(EVP_CIPHER_CTX *ctx, /* We have a data managed via key management, using the new callbacks */ if (enc) { if (ctx->cipher->einit_skey == NULL) { - /* Attempt fallback for providers that do not support SKEYs */ - const unsigned char *keydata; - size_t keylen; + /* + * When skey is NULL, it's a multiple-step init as the current API does. + * Otherwise we try to fallback for providers that do not support SKEYs. + */ + const unsigned char *keydata = NULL; + size_t keylen = 0; - if (!EVP_SKEY_get_raw_key(skey, &keydata, &keylen)) { + if (skey != NULL && !EVP_SKEY_get_raw_key(skey, &keydata, &keylen)) { ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); return 0; } @@ -592,16 +595,20 @@ static int evp_cipher_init_skey_internal(EVP_CIPHER_CTX *ctx, ret = ctx->cipher->einit(ctx->algctx, keydata, keylen, iv, iv_len, params); } else { - ret = ctx->cipher->einit_skey(ctx->algctx, skey->keydata, + ret = ctx->cipher->einit_skey(ctx->algctx, + skey == NULL ? NULL : skey->keydata, iv, iv_len, params); } } else { if (ctx->cipher->dinit_skey == NULL) { - /* Attempt fallback for providers that do not support SKEYs */ - const unsigned char *keydata; - size_t keylen; + /* + * When skey is NULL, it's a multiple-step init as the current API does. + * Otherwise we try to fallback for providers that do not support SKEYs. + */ + const unsigned char *keydata = NULL; + size_t keylen = 0; - if (!EVP_SKEY_get_raw_key(skey, &keydata, &keylen)) { + if (skey != NULL && !EVP_SKEY_get_raw_key(skey, &keydata, &keylen)) { ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); return 0; } @@ -609,7 +616,8 @@ static int evp_cipher_init_skey_internal(EVP_CIPHER_CTX *ctx, ret = ctx->cipher->dinit(ctx->algctx, keydata, keylen, iv, iv_len, params); } else { - ret = ctx->cipher->dinit_skey(ctx->algctx, skey->keydata, + ret = ctx->cipher->dinit_skey(ctx->algctx, + skey == NULL ? NULL : skey->keydata, iv, iv_len, params); } } diff --git a/providers/implementations/skeymgmt/generic.c b/providers/implementations/skeymgmt/generic.c index 13338350885..b41bf8e12dc 100644 --- a/providers/implementations/skeymgmt/generic.c +++ b/providers/implementations/skeymgmt/generic.c @@ -45,6 +45,9 @@ void *generic_import(void *provctx, int selection, const OSSL_PARAM params[]) return NULL; generic = OPENSSL_zalloc(sizeof(PROV_SKEY)); + if (generic == NULL) + return NULL; + generic->libctx = libctx; generic->type = SKEY_TYPE_GENERIC; diff --git a/test/fake_cipherprov.c b/test/fake_cipherprov.c index c9c038b17b3..4a321d75b3b 100644 --- a/test/fake_cipherprov.c +++ b/test/fake_cipherprov.c @@ -168,9 +168,9 @@ static int fake_cipher(void *vctx, unsigned char *out, size_t *outl, PROV_CIPHER_FAKE_CTX *ctx = (PROV_CIPHER_FAKE_CTX *)vctx; size_t i; - if (outsize < inl) + if (out == NULL || outsize < inl) return 0; - if (out != NULL && in != out) + if (in != out) memcpy(out, in, inl); for (i = 0; i < inl; i++) out[i] ^= ctx->key[i % FAKE_KEY_LEN];