From bc8c3e1cd8691e6c8e6fe208377ee0d0e408af73 Mon Sep 17 00:00:00 2001 From: Shane Lontis Date: Tue, 11 Aug 2020 17:50:13 +1000 Subject: [PATCH] Fix coverity CID #1452770 - Dereference before NULL check in CRYPTO_siv128_init() Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/12628) --- crypto/modes/siv128.c | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/crypto/modes/siv128.c b/crypto/modes/siv128.c index 27e29c3cc61..aa924efae7e 100644 --- a/crypto/modes/siv128.c +++ b/crypto/modes/siv128.c @@ -168,13 +168,10 @@ int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen, size_t out_len = SIV_LEN; EVP_MAC_CTX *mac_ctx = NULL; OSSL_PARAM params[3]; - const char *cbc_name = EVP_CIPHER_name(cbc); + const char *cbc_name; - params[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, - (char *)cbc_name, 0); - params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, - (void *)key, klen); - params[2] = OSSL_PARAM_construct_end(); + if (ctx == NULL) + return 0; memset(&ctx->d, 0, sizeof(ctx->d)); EVP_CIPHER_CTX_free(ctx->cipher_ctx); @@ -184,8 +181,17 @@ int CRYPTO_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen, ctx->cipher_ctx = NULL; ctx->mac_ctx_init = NULL; - if (key == NULL || cbc == NULL || ctr == NULL - || (ctx->cipher_ctx = EVP_CIPHER_CTX_new()) == NULL + if (key == NULL || cbc == NULL || ctr == NULL) + return 0; + + cbc_name = EVP_CIPHER_name(cbc); + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, + (char *)cbc_name, 0); + params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, + (void *)key, klen); + params[2] = OSSL_PARAM_construct_end(); + + if ((ctx->cipher_ctx = EVP_CIPHER_CTX_new()) == NULL || (ctx->mac = EVP_MAC_fetch(libctx, OSSL_MAC_NAME_CMAC, propq)) == NULL || (ctx->mac_ctx_init = EVP_MAC_CTX_new(ctx->mac)) == NULL -- 2.47.2