From 075b1f2f42c9ab1f5c80078cad70de0216748b6d Mon Sep 17 00:00:00 2001
From: Shane Lontis <shane.lontis@oracle.com>
Date: Mon, 10 Feb 2020 11:45:27 +1000
Subject: [PATCH] Fix coverity issues

CID : 1458169 RESOURCE LEAK ffc_params_generate.c - False positive, but addressed another Leak in adjacent code
CID : 1458171 UNCHECKED RET apps/pkeyutl.c
CID : 1458173 DEAD CODE ffc_params_generate.c
CID : 1458174 RESOURCE LEAK ssl_lib.c

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/11048)
---
 apps/pkeyutl.c                   |  5 +++--
 crypto/ffc/ffc_params_generate.c | 16 +++++++---------
 ssl/ssl_lib.c                    |  2 +-
 3 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index a8cd2a0e3e..5bc436576d 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -556,8 +556,9 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
                     || (group = EC_KEY_get0_group(eckey)) == NULL
                     || (nid = EC_GROUP_get_curve_name(group)) == 0)
                 goto end;
-            if (nid == NID_sm2)
-                EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);
+            if (nid == NID_sm2
+                    && !EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2))
+                goto end;
         }
 #endif
         *pkeysize = EVP_PKEY_size(pkey);
diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c
index c32c33e8b8..54d5c58e09 100644
--- a/crypto/ffc/ffc_params_generate.c
+++ b/crypto/ffc/ffc_params_generate.c
@@ -46,8 +46,6 @@ static int ffc_validate_LN(size_t L, size_t N, int type)
             return 80;
         if (L == 2048 && (N == 224 || N == 256))
             return 112;
-        if (L == 2048 && N == 256)
-            return 112;
         if (L == 3072 && N == 256)
             return 128;
     }
@@ -103,13 +101,14 @@ static int generate_canonical_g(BN_CTX *ctx, BN_MONT_CTX *mont,
     EVP_MD_CTX *mctx = NULL;
     int mdsize;
 
+    mdsize = EVP_MD_size(evpmd);
+    if (mdsize <= 0)
+        return 0;
+
     mctx = EVP_MD_CTX_new();
     if (mctx == NULL)
-        goto err;
+        return 0;
 
-    mdsize = EVP_MD_size(evpmd);
-    if (mdsize <= 0)
-        goto err;
    /*
     * A.2.3 Step (4) & (5)
     * A.2.4 Step (6) & (7)
@@ -134,7 +133,7 @@ static int generate_canonical_g(BN_CTX *ctx, BN_MONT_CTX *mont,
                 || !EVP_DigestFinal_ex(mctx, md, NULL)
                 || (BN_bin2bn(md, mdsize, tmp) == NULL)
                 || !BN_mod_exp_mont(g, tmp, e, p, ctx, mont))
-                    return 0;
+                    break; /* exit on failure */
         /*
          * A.2.3 Step (10)
          * A.2.4 Step (12)
@@ -145,7 +144,6 @@ static int generate_canonical_g(BN_CTX *ctx, BN_MONT_CTX *mont,
             break; /* found g */
         }
     }
-err:
     EVP_MD_CTX_free(mctx);
     return ret;
 }
@@ -743,7 +741,7 @@ err:
     if (seed != params->seed)
         OPENSSL_free(seed);
     OPENSSL_free(seed_tmp);
-    if (ctx)
+    if (ctx != NULL)
         BN_CTX_end(ctx);
     BN_CTX_free(ctx);
     BN_MONT_CTX_free(mont);
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 23101954ec..a1c3987962 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3148,7 +3148,7 @@ SSL_CTX *SSL_CTX_new_with_libctx(OPENSSL_CTX *libctx, const char *propq,
 
     /* initialize cipher/digest methods table */
     if (!ssl_load_ciphers(ret))
-        return 0;
+        goto err2;
 
     if (!SSL_CTX_set_ciphersuites(ret, OSSL_default_ciphersuites()))
         goto err;
-- 
2.34.1