Coverty fixes for MACs

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9700)

diff --git a/apps/list.c b/apps/list.c
index 0d93f5498f724ecfc92a20bcc8b1e96bd5e32405..46a3c290511403120ed19464e4518d51411ea1aa 100644 (file)
--- a/apps/list.c
+++ b/apps/list.c
@@ -133,8 +133,8 @@ static void collect_ciphers(EVP_CIPHER *cipher, void *stack)
 {
     STACK_OF(EVP_CIPHER) *cipher_stack = stack;
 
 {
     STACK_OF(EVP_CIPHER) *cipher_stack = stack;
 

-    sk_EVP_CIPHER_push(cipher_stack, cipher);
-    EVP_CIPHER_up_ref(cipher);
+    if (sk_EVP_CIPHER_push(cipher_stack, cipher) > 0)
+        EVP_CIPHER_up_ref(cipher);

 }
 
 static void list_ciphers(void)
 }
 
 static void list_ciphers(void)


@@ -196,8 +196,8 @@ static void collect_digests(EVP_MD *md, void *stack)
 {
     STACK_OF(EVP_MD) *digest_stack = stack;
 
 {
     STACK_OF(EVP_MD) *digest_stack = stack;
 

-    sk_EVP_MD_push(digest_stack, md);
-    EVP_MD_up_ref(md);
+    if (sk_EVP_MD_push(digest_stack, md) > 0)
+        EVP_MD_up_ref(md);

 }
 
 static void list_digests(void)
 }
 
 static void list_digests(void)


@@ -245,8 +245,8 @@ static void collect_macs(EVP_MAC *mac, void *stack)
 {
     STACK_OF(EVP_MAC) *mac_stack = stack;
 
 {
     STACK_OF(EVP_MAC) *mac_stack = stack;
 

-    sk_EVP_MAC_push(mac_stack, mac);
-    EVP_MAC_up_ref(mac);
+    if (sk_EVP_MAC_push(mac_stack, mac) > 0)
+        EVP_MAC_up_ref(mac);

 }
 
 static void list_macs(void)
 }
 
 static void list_macs(void)

diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c
index 79936a59a21b5dac6ad33d9390700d3490a6dd17..b1be991f874f96f6a291a5decb3613b193169267 100644 (file)
--- a/crypto/cmac/cmac.c
+++ b/crypto/cmac/cmac.c
@@ -87,11 +87,13 @@ void CMAC_CTX_free(CMAC_CTX *ctx)
 int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in)
 {
     int bl;
 int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in)
 {
     int bl;

+

     if (in->nlast_block == -1)
         return 0;
     if (in->nlast_block == -1)
         return 0;

+    if ((bl = EVP_CIPHER_CTX_block_size(in->cctx)) < 0)
+        return 0;

     if (!EVP_CIPHER_CTX_copy(out->cctx, in->cctx))
         return 0;
     if (!EVP_CIPHER_CTX_copy(out->cctx, in->cctx))
         return 0;

-    bl = EVP_CIPHER_CTX_block_size(in->cctx);

     memcpy(out->k1, in->k1, bl);
     memcpy(out->k2, in->k2, bl);
     memcpy(out->tbl, in->tbl, bl);
     memcpy(out->k1, in->k1, bl);
     memcpy(out->k2, in->k2, bl);
     memcpy(out->tbl, in->tbl, bl);


@@ -104,6 +106,7 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
               const EVP_CIPHER *cipher, ENGINE *impl)
 {
     static const unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH] = { 0 };
               const EVP_CIPHER *cipher, ENGINE *impl)
 {
     static const unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH] = { 0 };

+

     /* All zeros means restart */
     if (!key && !cipher && !impl && keylen == 0) {
         /* Not initialised */
     /* All zeros means restart */
     if (!key && !cipher && !impl && keylen == 0) {
         /* Not initialised */


@@ -121,13 +124,15 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
     /* Non-NULL key means initialisation complete */
     if (key) {
         int bl;
     /* Non-NULL key means initialisation complete */
     if (key) {
         int bl;

+

         if (!EVP_CIPHER_CTX_cipher(ctx->cctx))
             return 0;
         if (!EVP_CIPHER_CTX_set_key_length(ctx->cctx, keylen))
             return 0;
         if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, key, zero_iv))
             return 0;
         if (!EVP_CIPHER_CTX_cipher(ctx->cctx))
             return 0;
         if (!EVP_CIPHER_CTX_set_key_length(ctx->cctx, keylen))
             return 0;
         if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, key, zero_iv))
             return 0;

-        bl = EVP_CIPHER_CTX_block_size(ctx->cctx);
+        if ((bl = EVP_CIPHER_CTX_block_size(ctx->cctx)) < 0)
+            return 0;

         if (!EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl))
             return 0;
         make_kn(ctx->k1, ctx->tbl, bl);
         if (!EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl))
             return 0;
         make_kn(ctx->k1, ctx->tbl, bl);


@@ -146,15 +151,18 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
 int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
 {
     const unsigned char *data = in;
 int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
 {
     const unsigned char *data = in;

-    size_t bl;
+    int bl;
+

     if (ctx->nlast_block == -1)
         return 0;
     if (dlen == 0)
         return 1;
     if (ctx->nlast_block == -1)
         return 0;
     if (dlen == 0)
         return 1;

-    bl = EVP_CIPHER_CTX_block_size(ctx->cctx);
+    if ((bl = EVP_CIPHER_CTX_block_size(ctx->cctx)) < 0)
+        return 0;

     /* Copy into partial block if we need to */
     if (ctx->nlast_block > 0) {
         size_t nleft;
     /* Copy into partial block if we need to */
     if (ctx->nlast_block > 0) {
         size_t nleft;

+

         nleft = bl - ctx->nlast_block;
         if (dlen < nleft)
             nleft = dlen;
         nleft = bl - ctx->nlast_block;
         if (dlen < nleft)
             nleft = dlen;


@@ -170,7 +178,7 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
             return 0;
     }
     /* Encrypt all but one of the complete blocks left */
             return 0;
     }
     /* Encrypt all but one of the complete blocks left */

-    while (dlen > bl) {
+    while (dlen > (size_t)bl) {

         if (!EVP_Cipher(ctx->cctx, ctx->tbl, data, bl))
             return 0;
         dlen -= bl;
         if (!EVP_Cipher(ctx->cctx, ctx->tbl, data, bl))
             return 0;
         dlen -= bl;


@@ -186,9 +194,11 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
 int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
 {
     int i, bl, lb;
 int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
 {
     int i, bl, lb;

+

     if (ctx->nlast_block == -1)
         return 0;
     if (ctx->nlast_block == -1)
         return 0;

-    bl = EVP_CIPHER_CTX_block_size(ctx->cctx);
+    if ((bl = EVP_CIPHER_CTX_block_size(ctx->cctx)) < 0)
+        return 0;

     *poutlen = (size_t)bl;
     if (!out)
         return 1;
     *poutlen = (size_t)bl;
     if (!out)
         return 1;

diff --git a/providers/common/macs/cmac_prov.c b/providers/common/macs/cmac_prov.c
index 64ecba2b37f7fdc3bcb9901962401e1756ae6010..693423130dd59ff0c6792bd2662b151aacee8d85 100644 (file)
--- a/providers/common/macs/cmac_prov.c
+++ b/providers/common/macs/cmac_prov.c
@@ -66,8 +66,9 @@ static void *cmac_new(void *provctx)
         || (macctx->ctx = CMAC_CTX_new()) == NULL) {
         OPENSSL_free(macctx);
         macctx = NULL;
         || (macctx->ctx = CMAC_CTX_new()) == NULL) {
         OPENSSL_free(macctx);
         macctx = NULL;

+    } else {
+        macctx->provctx = provctx;

     }
     }

-    macctx->provctx = provctx;

 
     return macctx;
 }
 
     return macctx;
 }

diff --git a/test/evp_test.c b/test/evp_test.c
index 17b9fc0dfb1ddb9e02d3751601a47703c84d6872..fd50c713546dff453e5b6c306b8b72ef30246a50 100644 (file)
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -1228,9 +1228,11 @@ static int mac_test_run_mac(EVP_TEST *t)
         if (tmpval != NULL)
             *tmpval++ = '\0';
 
         if (tmpval != NULL)
             *tmpval++ = '\0';
 

-        if (!OSSL_PARAM_allocate_from_text(&params[params_n], defined_params,
-                                           tmpkey, tmpval,
-                                           strlen(tmpval))) {
+        if (tmpval == NULL
+            || !OSSL_PARAM_allocate_from_text(&params[params_n],
+                                              defined_params,
+                                              tmpkey, tmpval,
+                                              strlen(tmpval))) {

             OPENSSL_free(tmpkey);
             t->err = "MAC_PARAM_ERROR";
             goto err;
             OPENSSL_free(tmpkey);
             t->err = "MAC_PARAM_ERROR";
             goto err;