[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[openssl-gost] [gost-engine/engine] 5dc8f9: gost_ec_keyx: Check CTX data before it's really used

To: openssl-gost@lists.wagner.pp.ru
Subject: [openssl-gost] [gost-engine/engine] 5dc8f9: gost_ec_keyx: Check CTX data before it's really used
From: Vitalio <noreply@github.com>
Date: Sun, 09 Jan 2022 02:57:52 -0800
Approved: HtxuToaNt
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1641725872; bh=VWdyVI0q85usEDlWZhpDu0p/TyOz4hwTrVlTk/W/xxM=; h=Date:From:To:Subject:From; b=ZRzM7hWXMRsaU8OL+Ww2B43E5S3uo8F4cj6xSIkhHiPNKdKfm1Rp+u1BdVJ3Zm+GH 3sWQhTk5Z147133uAENJVRQTsXHZviSo0gAfumsCCU2UYedWTX12Xge9ekU009aeJc 8wedy4n7y5Aa8dUE8/CkCeX106SMzgmg6N/3BkH4=
List-help: <mailto:openssl-gost+help@lists.wagner.pp.ru>
List-id: <openssl-gost.lists.wagner.pp.ru>
List-post: <mailto:openssl-gost@lists.wagner.pp.ru>
List-subscribe: <mailto:openssl-gost+subscribe@lists.wagner.pp.ru>
List-unsubscribe: <mailto:openssl-gost+unsubscribe@lists.wagner.pp.ru>
List-url: <https://www.wagner.pp.ru/list-archives/openssl-gost>

  Branch: refs/heads/master
  Home:   https://github.com/gost-engine/engine
  Commit: 5dc8f91c186d88a74493c229c7afbf3eb40599a8
      https://github.com/gost-engine/engine/commit/5dc8f91c186d88a74493c229c7afbf3eb40599a8
  Author: Vitaly Chikunov <vt@altlinux.org>
  Date:   2022-01-09 (Sun, 09 Jan 2022)

  Changed paths:
    M gost_ec_keyx.c

  Log Message:
  -----------
  gost_ec_keyx: Check CTX data before it's really used

This should fix Coverity warning:

  *** CID 345243:  Null pointer dereferences  (REVERSE_INULL)
  /gost_ec_keyx.c: 681 in pkey_gost2018_decrypt()
  675        o  Q_eph is on the same curve as server public key;
  676
  677        o  Q_eph is not equal to zero point;
  678
  679        o  q * Q_eph is not equal to zero point.
  680     */
  >>>     CID 345243:  Null pointer dereferences  (REVERSE_INULL)
  >>>     Null-checking "data" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
  681         if (eph_key == NULL || priv == NULL || data == NULL) {
  682            GOSTerr(GOST_F_PKEY_GOST2018_DECRYPT,
  683                    GOST_R_ERROR_COMPUTING_EXPORT_KEYS);
  684            ret = 0;
  685            goto err;
  686         }

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Issue: #380


  Commit: eea1e27c2b49d7604df939aeefaa7f45a5519fc8
      https://github.com/gost-engine/engine/commit/eea1e27c2b49d7604df939aeefaa7f45a5519fc8
  Author: Vitaly Chikunov <vt@altlinux.org>
  Date:   2022-01-09 (Sun, 09 Jan 2022)

  Changed paths:
    M gost_prov.c

  Log Message:
  -----------
  gost_prov: Avoid access to unallocated memory

This should fix Coverity warning:

  *** CID 345245:    (UNINIT)
  /gost_prov.c: 71 in provider_ctx_new()
  65             && populate_gost_engine(ctx->e)) {
  66             ctx->core_handle = core;
  67
  68             /* Ugly hack */
  69             err_handle = ctx->proverr_handle;
  70         } else {
  >>>     CID 345245:    (UNINIT)
  >>>     Using uninitialized value "ctx->e" when calling "provider_ctx_free".
  71             provider_ctx_free(ctx);
  72             ctx = NULL;
  73         }
  74         return ctx;
  75     }

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Issue: #380


Compare: https://github.com/gost-engine/engine/compare/d47bcf34df61...eea1e27c2b49

Prev by Date: [openssl-gost] [gost-engine/engine] 4ab05f: CI: add daily Coverity scan job
Next by Date: [openssl-gost] [gost-engine/engine] da0c64: gost_prov: OPENSSL_free what is OPENSSL_zalloc'd
Previous by thread: [openssl-gost] [gost-engine/engine] 4ab05f: CI: add daily Coverity scan job
Next by thread: [openssl-gost] [gost-engine/engine] da0c64: gost_prov: OPENSSL_free what is OPENSSL_zalloc'd
Index(es):
- Date
- Thread