diff options
| author | slontis <shane.lontis@oracle.com> | 2022-11-28 07:49:17 +1000 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2022-11-29 13:58:19 +0100 |
| commit | 450f96e965f0d5e89737755364df5933b5085639 (patch) | |
| tree | 9b2e71e8e9d884abed8bfb998b7d041d801a5352 /crypto/hpke | |
| parent | 92a25e24e6ec9735dea9ec645502cb075a5f8d24 (diff) | |
| download | openssl-new-450f96e965f0d5e89737755364df5933b5085639.tar.gz | |
Fix Coverity issues in HPKE
CID 1517043 and 1517038: (Forward NULL) - Removed redundant check that is already
done by the caller. It was complaining that it checked for ctlen == NULL
and then did a goto that used this *ctlen.
CID 1517042 and 1517041: (Forward NULL) - Similar to above for ptlen in
hpke_aead_dec()
CID 1517040: Remove unneeded logging. This gets rid of the warning
related to taking the sizeof(&)
CID 1517039: Check returned value of RAND_bytes_ex() in hpke_test
CID 1517038: Check return result of KEM_INFO_find() in
OSSL_HPKE_get_recomended_ikmelen. Even though this is a false positive,
it should not rely on the internals of other function calls.
Changed some goto's into returns to match OpenSSL coding guidelines.
Removed Raises from calls to _new which fail from malloc calls.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19774)
Diffstat (limited to 'crypto/hpke')
| -rw-r--r-- | crypto/hpke/hpke.c | 33 |
1 files changed, 13 insertions, 20 deletions
diff --git a/crypto/hpke/hpke.c b/crypto/hpke/hpke.c index 78341d358f..3e120d394e 100644 --- a/crypto/hpke/hpke.c +++ b/crypto/hpke/hpke.c @@ -155,25 +155,20 @@ static int hpke_aead_dec(OSSL_LIB_CTX *libctx, const char *propq, EVP_CIPHER *enc = NULL; const OSSL_HPKE_AEAD_INFO *aead_info = NULL; - if (pt == NULL || ptlen == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); - goto err; - } aead_info = ossl_HPKE_AEAD_INFO_find_id(suite.aead_id); if (aead_info == NULL) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); - goto err; + return 0; } taglen = aead_info->taglen; if (ctlen <= taglen || *ptlen < ctlen - taglen) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_INVALID_ARGUMENT); - goto err; + return 0; } /* Create and initialise the context */ - if ((ctx = EVP_CIPHER_CTX_new()) == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); - goto err; - } + if ((ctx = EVP_CIPHER_CTX_new()) == NULL) + return 0; + /* Initialise the encryption operation */ enc = EVP_CIPHER_fetch(libctx, aead_info->name, propq); if (enc == NULL) { @@ -260,25 +255,20 @@ static int hpke_aead_enc(OSSL_LIB_CTX *libctx, const char *propq, EVP_CIPHER *enc = NULL; unsigned char tag[16]; - if (ct == NULL || ctlen == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); - goto err; - } aead_info = ossl_HPKE_AEAD_INFO_find_id(suite.aead_id); if (aead_info == NULL) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); - goto err; + return 0; } taglen = aead_info->taglen; if (*ctlen <= taglen || ptlen > *ctlen - taglen) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_INVALID_ARGUMENT); - goto err; + return 0; } /* Create and initialise the context */ - if ((ctx = EVP_CIPHER_CTX_new()) == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); - goto err; - } + if ((ctx = EVP_CIPHER_CTX_new()) == NULL) + return 0; + /* Initialise the encryption operation. */ enc = EVP_CIPHER_fetch(libctx, aead_info->name, propq); if (enc == NULL) { @@ -1435,5 +1425,8 @@ size_t OSSL_HPKE_get_recommended_ikmelen(OSSL_HPKE_SUITE suite) if (hpke_suite_check(suite) != 1) return 0; kem_info = ossl_HPKE_KEM_INFO_find_id(suite.kem_id); + if (kem_info == NULL) + return 0; + return kem_info->Nsk; } |