date:20220117

[openssl] master update

2022-01-17 Thread Dr . Paul Dale

The branch master has been updated
   via  14951ef01f9b54d804baf2fabdf0a715c630827b (commit)
   via  b461aff257e57b8ba8e72667078fdf6d5047bc91 (commit)
   via  a09a342ffb459d0913954111b7802815e9a3481a (commit)
   via  d715dbd8e566e7827ce8b2e9b6687c2bcd8a89a0 (commit)
   via  e52698f9e33d77419dca827774e5d0bc1815100d (commit)
   via  1e3317278e4890e812a032b39c7c9dc43ca01458 (commit)
  from  f242ce9817157817b19ccb303fd436fe487539b3 (commit)


- Log -
commit 14951ef01f9b54d804baf2fabdf0a715c630827b
Author: Pauli 
Date:   Mon Jan 17 16:51:03 2022 +1100

e_dasync: remove empty statement

Reviewed-by: Tim Hudson 
Reviewed-by: Bernd Edlinger 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17528)

commit b461aff257e57b8ba8e72667078fdf6d5047bc91
Author: Pauli 
Date:   Mon Jan 17 16:50:16 2022 +1100

demo: remove end of line whitespace

Reviewed-by: Tim Hudson 
Reviewed-by: Bernd Edlinger 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17528)

commit a09a342ffb459d0913954111b7802815e9a3481a
Author: Pauli 
Date:   Mon Jan 17 16:49:58 2022 +1100

speed: rework if condition to avoid empty statement

Reviewed-by: Tim Hudson 
Reviewed-by: Bernd Edlinger 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17528)

commit d715dbd8e566e7827ce8b2e9b6687c2bcd8a89a0
Author: Pauli 
Date:   Mon Jan 17 10:37:20 2022 +1100

replace ;; with ; as statement separator

Fixes #17525

Reviewed-by: Tim Hudson 
Reviewed-by: Bernd Edlinger 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17528)

commit e52698f9e33d77419dca827774e5d0bc1815100d
Author: Pauli 
Date:   Mon Jan 17 10:36:46 2022 +1100

apps/ca: replace ;; with ; as statement separator

Reviewed-by: Tim Hudson 
Reviewed-by: Bernd Edlinger 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17528)

commit 1e3317278e4890e812a032b39c7c9dc43ca01458
Author: Pauli 
Date:   Mon Jan 17 10:36:06 2022 +1100

ssl: replace ;; with ; as statement separator

Reviewed-by: Tim Hudson 
Reviewed-by: Bernd Edlinger 
Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17528)

---

Summary of changes:
 apps/ca.c| 2 +-
 apps/speed.c | 4 +---
 crypto/rsa/rsa_backend.c | 2 +-
 crypto/x509/x509_trust.c | 2 +-
 demos/digest/EVP_MD_demo.c   | 2 +-
 engines/e_dasync.c   | 1 -
 providers/implementations/keymgmt/dh_kmgmt.c | 2 +-
 ssl/ssl_rsa.c| 2 +-
 ssl/statem/statem_lib.c  | 2 +-
 ssl/t1_lib.c | 2 +-
 10 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/apps/ca.c b/apps/ca.c
index a9d6c5c1a6..271f7de9df 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1855,7 +1855,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 
*x509,
 p = "Valid";
 else
 p = "\ninvalid type, Data base error\n";
-BIO_printf(bio_err, "Type  :%s\n", p);;
+BIO_printf(bio_err, "Type  :%s\n", p);
 if (rrow[DB_type][0] == DB_TYPE_REV) {
 p = rrow[DB_exp_date];
 if (p == NULL)
diff --git a/apps/speed.c b/apps/speed.c
index 0ee7347f5b..02e7b1f9b2 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -3551,9 +3551,7 @@ static int do_multi(int multi, int size_num)
 d = atof(sstrsep(&p, sep));
 ffdh_results[k][0] += d;
 # endif /* OPENSSL_NO_DH */
-} else if (HAS_PREFIX(buf, "+H:")) {
-;
-} else {
+} else if (!HAS_PREFIX(buf, "+H:")) {
 BIO_printf(bio_err, "Unknown type '%s' from child %d\n", buf,
n);
 }
diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c
index dc397a6676..ae071f18bf 100644
--- a/crypto/rsa/rsa_backend.c
+++ b/crypto/rsa/rsa_backend.c
@@ -523,7 +523,7 @@ int ossl_rsa_pss_get_param_unverified(const RSA_PSS_PARAMS 
*pss,
 if (pss->trailerField)
 *ptrailerField = ASN1_INTEGER_get(pss->trailerField);
 else
-*ptrailerField = ossl_rsa_pss_params_30_trailerfield(&pss_params);;
+*ptrailerField = ossl_rsa_pss_params_30_trailerfield(&pss_params);
 
 return 1;
 }
diff --git a/crypto/x509/x509_trust.c b/crypto/x509/x509_trust.c
index ff578aee73..e71db0c9a1 100644
--- a/crypto/x509/x509_trust.c
+++ b/crypto/x509/x509_trust.c
@@ -166,7 +166,7 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST 
*, X509 *, int),
 if (trtable ==

[openssl] openssl-3.0 update

2022-01-17 Thread Dr . Paul Dale

The branch openssl-3.0 has been updated
   via  5f7757265bfd7ccdf1973bf09f9d72634ea70949 (commit)
  from  454358be49b55c313fe3781bc6f5f6c644787f87 (commit)


- Log -
commit 5f7757265bfd7ccdf1973bf09f9d72634ea70949
Author: Kevin Jones 
Date:   Sat Jan 15 01:38:41 2022 +

Fix mistake in ERR_peek_error_all documentation.

The `func` parameter was incorrect. It was documented as `const char *func`
instead of `const char **func`.

CLA: trivial

Reviewed-by: Richard Levitte 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17522)

(cherry picked from commit f242ce9817157817b19ccb303fd436fe487539b3)

---

Summary of changes:
 doc/man3/ERR_get_error.pod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/man3/ERR_get_error.pod b/doc/man3/ERR_get_error.pod
index 6518458907..924c650184 100644
--- a/doc/man3/ERR_get_error.pod
+++ b/doc/man3/ERR_get_error.pod
@@ -31,7 +31,7 @@ ERR_get_error_line_data, ERR_peek_error_line_data, 
ERR_peek_last_error_line_data
  const char **func,
  const char **data, int *flags);
  unsigned long ERR_peek_error_all(const char **file, int *line,
-  const char *func,
+  const char **func,
   const char **data, int *flags);
  unsigned long ERR_peek_last_error_all(const char **file, int *line,
const char *func,

[openssl] master update

2022-01-17 Thread Dr . Paul Dale

The branch master has been updated
   via  f242ce9817157817b19ccb303fd436fe487539b3 (commit)
  from  cfbb5fcf4424395a1a23751556ea12c56b80b57e (commit)


- Log -
commit f242ce9817157817b19ccb303fd436fe487539b3
Author: Kevin Jones 
Date:   Sat Jan 15 01:38:41 2022 +

Fix mistake in ERR_peek_error_all documentation.

The `func` parameter was incorrect. It was documented as `const char *func`
instead of `const char **func`.

CLA: trivial

Reviewed-by: Richard Levitte 
Reviewed-by: Paul Dale 
(Merged from https://github.com/openssl/openssl/pull/17522)

---

Summary of changes:
 doc/man3/ERR_get_error.pod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/man3/ERR_get_error.pod b/doc/man3/ERR_get_error.pod
index b5374e7652..4019bdd541 100644
--- a/doc/man3/ERR_get_error.pod
+++ b/doc/man3/ERR_get_error.pod
@@ -31,7 +31,7 @@ ERR_get_error_line_data, ERR_peek_error_line_data, 
ERR_peek_last_error_line_data
  const char **func,
  const char **data, int *flags);
  unsigned long ERR_peek_error_all(const char **file, int *line,
-  const char *func,
+  const char **func,
   const char **data, int *flags);
  unsigned long ERR_peek_last_error_all(const char **file, int *line,
const char *func,

Coverity Scan: Analysis completed for openssl/openssl

2022-01-17 Thread scan-admin



Your request for analysis of openssl/openssl has been completed 
successfully.
The results are available at 
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DzLLa_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeHrFxDqz-2FUweCw6RH5YwwVU3To43NRq7nzYTzdy6fYE9mmcZis1NI4NaLXX-2BuYvV2uYU0ljKKbnwwhdB-2BuNesMtZDdQ1x8wYJ0m12zzll6OQZG9DVQbZfnPWb7-2FXPI3Mbhp-2Bhsc1WDQIAm8Or1JoDAC82qPz88ZJ8kfZZbZufB2JaStmYikHrlyDY8KqP3wMCQ-3D

Build ID: 431112

Analysis Summary:
   New defects found: 0
   Defects eliminated: 0

[openssl] openssl-3.0 update

2022-01-17 Thread tomas

The branch openssl-3.0 has been updated
   via  454358be49b55c313fe3781bc6f5f6c644787f87 (commit)
  from  67397a6aeda3383bdc7c7165d8c0efe9423cc7a9 (commit)


- Log -
commit 454358be49b55c313fe3781bc6f5f6c644787f87
Author: Tomas Mraz 
Date:   Thu Jan 13 18:07:08 2022 +0100

bn_ppc.c: Fix build failure on AIX with XLC/XLCLANG

These compilers define _ARCH_PPC64 for 32 bit builds
so we cannot depend solely on this define to identify
32 bit build.

Fixes #17087

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17497)

(cherry picked from commit cfbb5fcf4424395a1a23751556ea12c56b80b57e)

---

Summary of changes:
 crypto/bn/bn_ppc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/bn/bn_ppc.c b/crypto/bn/bn_ppc.c
index 05c0c4cb92..5424c25d47 100644
--- a/crypto/bn/bn_ppc.c
+++ b/crypto/bn/bn_ppc.c
@@ -40,7 +40,7 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const 
BN_ULONG *bp,
  * no opportunity to figure it out...
  */
 
-#if defined(_ARCH_PPC64)
+#if defined(_ARCH_PPC64) && !defined(__ILP32__)
 if (num == 6) {
 if (OPENSSL_ppccap_P & PPC_MADD300)
 return bn_mul_mont_300_fixed_n6(rp, ap, bp, np, n0, num);

[openssl] master update

2022-01-17 Thread tomas

The branch master has been updated
   via  cfbb5fcf4424395a1a23751556ea12c56b80b57e (commit)
  from  59d3fd1cc8c938daa6384783a7e5847d6f5201f7 (commit)


- Log -
commit cfbb5fcf4424395a1a23751556ea12c56b80b57e
Author: Tomas Mraz 
Date:   Thu Jan 13 18:07:08 2022 +0100

bn_ppc.c: Fix build failure on AIX with XLC/XLCLANG

These compilers define _ARCH_PPC64 for 32 bit builds
so we cannot depend solely on this define to identify
32 bit build.

Fixes #17087

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17497)

---

Summary of changes:
 crypto/bn/bn_ppc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/bn/bn_ppc.c b/crypto/bn/bn_ppc.c
index 05c0c4cb92..5424c25d47 100644
--- a/crypto/bn/bn_ppc.c
+++ b/crypto/bn/bn_ppc.c
@@ -40,7 +40,7 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const 
BN_ULONG *bp,
  * no opportunity to figure it out...
  */
 
-#if defined(_ARCH_PPC64)
+#if defined(_ARCH_PPC64) && !defined(__ILP32__)
 if (num == 6) {
 if (OPENSSL_ppccap_P & PPC_MADD300)
 return bn_mul_mont_300_fixed_n6(rp, ap, bp, np, n0, num);

[openssl] openssl-3.0 update

2022-01-17 Thread tomas

The branch openssl-3.0 has been updated
   via  67397a6aeda3383bdc7c7165d8c0efe9423cc7a9 (commit)
  from  8bb90f43aa732efb9530edc2ab3767b228d5d9da (commit)


- Log -
commit 67397a6aeda3383bdc7c7165d8c0efe9423cc7a9
Author: Tomas Mraz 
Date:   Thu Jan 13 19:02:31 2022 +0100

dhtest: Add testcase for EVP_PKEY_CTX_set_dh_nid

And a negative testcase for EVP_PKEY_CTX_set_dhx_rfc5114

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17498)

(cherry picked from commit 59d3fd1cc8c938daa6384783a7e5847d6f5201f7)

---

Summary of changes:
 test/dhtest.c | 28 
 1 file changed, 28 insertions(+)

diff --git a/test/dhtest.c b/test/dhtest.c
index 71c95b186f..ce94999f7d 100644
--- a/test/dhtest.c
+++ b/test/dhtest.c
@@ -744,6 +744,33 @@ static int dh_rfc5114_fix_nid_test(void)
 /* Tested function is called here */
 if (!TEST_int_eq(EVP_PKEY_CTX_set_dhx_rfc5114(paramgen_ctx, 3), 1))
 goto err;
+/* Negative test */
+if (!TEST_int_eq(EVP_PKEY_CTX_set_dhx_rfc5114(paramgen_ctx, 99), 0))
+goto err;
+/* If we're still running then the test passed. */
+ok = 1;
+err:
+EVP_PKEY_CTX_free(paramgen_ctx);
+return ok;
+}
+
+static int dh_set_dh_nid_test(void)
+{
+int ok = 0;
+EVP_PKEY_CTX *paramgen_ctx;
+
+/* Run the test. Success is any time the test does not cause a SIGSEGV 
interrupt */
+paramgen_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DH, 0);
+if (!TEST_ptr(paramgen_ctx))
+goto err;
+if (!TEST_int_eq(EVP_PKEY_paramgen_init(paramgen_ctx), 1))
+goto err;
+/* Tested function is called here */
+if (!TEST_int_eq(EVP_PKEY_CTX_set_dh_nid(paramgen_ctx, NID_ffdhe2048), 1))
+goto err;
+/* Negative test */
+if (!TEST_int_eq(EVP_PKEY_CTX_set_dh_nid(paramgen_ctx, NID_secp521r1), 0))
+goto err;
 /* If we're still running then the test passed. */
 ok = 1;
 err:
@@ -898,6 +925,7 @@ int setup_tests(void)
 ADD_TEST(dh_get_nid);
 ADD_TEST(dh_load_pkcs3_namedgroup_privlen_test);
 ADD_TEST(dh_rfc5114_fix_nid_test);
+ADD_TEST(dh_set_dh_nid_test);
 #endif
 return 1;
 }

[openssl] master update

2022-01-17 Thread tomas

The branch master has been updated
   via  59d3fd1cc8c938daa6384783a7e5847d6f5201f7 (commit)
   via  3b53f88c008d288e86d2bbdc0c4e2d16c29fcee8 (commit)
   via  f58bb2dd00c3004552c5c1e8d0f2c1390c004cf8 (commit)
  from  144316d276adf5b8172316f7bc20b372b8e31ac8 (commit)


- Log -
commit 59d3fd1cc8c938daa6384783a7e5847d6f5201f7
Author: Tomas Mraz 
Date:   Thu Jan 13 19:02:31 2022 +0100

dhtest: Add testcase for EVP_PKEY_CTX_set_dh_nid

And a negative testcase for EVP_PKEY_CTX_set_dhx_rfc5114

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17498)

commit 3b53f88c008d288e86d2bbdc0c4e2d16c29fcee8
Author: Tomas Mraz 
Date:   Thu Jan 13 19:01:33 2022 +0100

Do not call ossl_ffc_name_to_dh_named_group with NULL argument

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17498)

commit f58bb2dd00c3004552c5c1e8d0f2c1390c004cf8
Author: Tomas Mraz 
Date:   Thu Jan 13 19:00:13 2022 +0100

Properly return error on EVP_PKEY_CTX_set_dh_nid and 
EVP_PKEY_CTX_set_dhx_rfc5114

Fixes #17485

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17498)

---

Summary of changes:
 crypto/evp/ctrl_params_translate.c   | 23 +--
 crypto/ffc/ffc_backend.c |  1 +
 providers/implementations/keymgmt/dh_kmgmt.c |  1 +
 test/dhtest.c| 28 
 4 files changed, 47 insertions(+), 6 deletions(-)

diff --git a/crypto/evp/ctrl_params_translate.c 
b/crypto/evp/ctrl_params_translate.c
index c4589f1416..2deb1d9b47 100644
--- a/crypto/evp/ctrl_params_translate.c
+++ b/crypto/evp/ctrl_params_translate.c
@@ -1004,8 +1004,11 @@ static int fix_dh_nid(enum state state,
 return 0;
 
 if (state == PRE_CTRL_TO_PARAMS) {
-ctx->p2 = (char *)ossl_ffc_named_group_get_name
-(ossl_ffc_uid_to_dh_named_group(ctx->p1));
+if ((ctx->p2 = (char *)ossl_ffc_named_group_get_name
+ (ossl_ffc_uid_to_dh_named_group(ctx->p1))) == NULL) {
+ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE);
+return 0;
+}
 ctx->p1 = 0;
 }
 
@@ -1028,16 +1031,24 @@ static int fix_dh_nid5114(enum state state,
 
 switch (state) {
 case PRE_CTRL_TO_PARAMS:
-ctx->p2 = (char *)ossl_ffc_named_group_get_name
-(ossl_ffc_uid_to_dh_named_group(ctx->p1));
+if ((ctx->p2 = (char *)ossl_ffc_named_group_get_name
+ (ossl_ffc_uid_to_dh_named_group(ctx->p1))) == NULL) {
+ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE);
+return 0;
+}
+
 ctx->p1 = 0;
 break;
 
 case PRE_CTRL_STR_TO_PARAMS:
 if (ctx->p2 == NULL)
 return 0;
-ctx->p2 = (char *)ossl_ffc_named_group_get_name
-(ossl_ffc_uid_to_dh_named_group(atoi(ctx->p2)));
+if ((ctx->p2 = (char *)ossl_ffc_named_group_get_name
+ (ossl_ffc_uid_to_dh_named_group(atoi(ctx->p2 == NULL) {
+ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE);
+return 0;
+}
+
 ctx->p1 = 0;
 break;
 
diff --git a/crypto/ffc/ffc_backend.c b/crypto/ffc/ffc_backend.c
index b227186934..b387f966cc 100644
--- a/crypto/ffc/ffc_backend.c
+++ b/crypto/ffc/ffc_backend.c
@@ -37,6 +37,7 @@ int ossl_ffc_params_fromdata(FFC_PARAMS *ffc, const 
OSSL_PARAM params[])
 const DH_NAMED_GROUP *group = NULL;
 
 if (prm->data_type != OSSL_PARAM_UTF8_STRING
+|| prm->data == NULL
 || (group = ossl_ffc_name_to_dh_named_group(prm->data)) == NULL
 || !ossl_ffc_named_group_set_pqg(ffc, group))
 #endif
diff --git a/providers/implementations/keymgmt/dh_kmgmt.c 
b/providers/implementations/keymgmt/dh_kmgmt.c
index 98eb882e3f..ab8ef3ac52 100644
--- a/providers/implementations/keymgmt/dh_kmgmt.c
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
@@ -532,6 +532,7 @@ static int dh_gen_common_set_params(void *genctx, const 
OSSL_PARAM params[])
 const DH_NAMED_GROUP *group = NULL;
 
 if (p->data_type != OSSL_PARAM_UTF8_STRING
+|| p->data == NULL
 || (group = ossl_ffc_name_to_dh_named_group(p->data)) == NULL
 || ((gctx->group_nid =
  ossl_ffc_named_group_get_uid(group)) == NID_undef)) {
diff --git a/test/dhtest.c b/test/dhtest.c
index c24bae4a82..3973a4b79d 100644
--- a/test/dhtest.c
+++ b/test/dhtest.c
@@ -744,6 +744,33 @@ static int dh_rfc5114_fix_nid_test(void)
 /* Tested function is called here */
 if (!TEST_int_eq(EVP_PKEY_CTX_set_dhx_rfc5114(paramgen_ctx, 3), 1))
 goto err;
+/* Negative test */
+if (!TEST_int_eq(EVP_PKEY_CTX_set_dhx_rfc5114(paramgen_ctx, 99), 0))
+goto err;
+/* If we're still

[openssl] openssl-3.0 update

2022-01-17 Thread tomas

The branch openssl-3.0 has been updated
   via  8bb90f43aa732efb9530edc2ab3767b228d5d9da (commit)
   via  554addd65b6ce9ee0b8f1d6c4115ef192d693f4f (commit)
  from  ba4f941b081897747e8432296cd14bebafc97920 (commit)


- Log -
commit 8bb90f43aa732efb9530edc2ab3767b228d5d9da
Author: Tomas Mraz 
Date:   Thu Jan 13 19:01:33 2022 +0100

Do not call ossl_ffc_name_to_dh_named_group with NULL argument

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17498)

(cherry picked from commit 3b53f88c008d288e86d2bbdc0c4e2d16c29fcee8)

commit 554addd65b6ce9ee0b8f1d6c4115ef192d693f4f
Author: Tomas Mraz 
Date:   Thu Jan 13 19:00:13 2022 +0100

Properly return error on EVP_PKEY_CTX_set_dh_nid and 
EVP_PKEY_CTX_set_dhx_rfc5114

Fixes #17485

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17498)

(cherry picked from commit f58bb2dd00c3004552c5c1e8d0f2c1390c004cf8)

---

Summary of changes:
 crypto/evp/ctrl_params_translate.c   | 23 +--
 crypto/ffc/ffc_backend.c |  1 +
 providers/implementations/keymgmt/dh_kmgmt.c |  1 +
 3 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/crypto/evp/ctrl_params_translate.c 
b/crypto/evp/ctrl_params_translate.c
index f6a2d1d0f8..3dd3e8f995 100644
--- a/crypto/evp/ctrl_params_translate.c
+++ b/crypto/evp/ctrl_params_translate.c
@@ -1004,8 +1004,11 @@ static int fix_dh_nid(enum state state,
 return 0;
 
 if (state == PRE_CTRL_TO_PARAMS) {
-ctx->p2 = (char *)ossl_ffc_named_group_get_name
-(ossl_ffc_uid_to_dh_named_group(ctx->p1));
+if ((ctx->p2 = (char *)ossl_ffc_named_group_get_name
+ (ossl_ffc_uid_to_dh_named_group(ctx->p1))) == NULL) {
+ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE);
+return 0;
+}
 ctx->p1 = 0;
 }
 
@@ -1028,16 +1031,24 @@ static int fix_dh_nid5114(enum state state,
 
 switch (state) {
 case PRE_CTRL_TO_PARAMS:
-ctx->p2 = (char *)ossl_ffc_named_group_get_name
-(ossl_ffc_uid_to_dh_named_group(ctx->p1));
+if ((ctx->p2 = (char *)ossl_ffc_named_group_get_name
+ (ossl_ffc_uid_to_dh_named_group(ctx->p1))) == NULL) {
+ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE);
+return 0;
+}
+
 ctx->p1 = 0;
 break;
 
 case PRE_CTRL_STR_TO_PARAMS:
 if (ctx->p2 == NULL)
 return 0;
-ctx->p2 = (char *)ossl_ffc_named_group_get_name
-(ossl_ffc_uid_to_dh_named_group(atoi(ctx->p2)));
+if ((ctx->p2 = (char *)ossl_ffc_named_group_get_name
+ (ossl_ffc_uid_to_dh_named_group(atoi(ctx->p2 == NULL) {
+ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE);
+return 0;
+}
+
 ctx->p1 = 0;
 break;
 
diff --git a/crypto/ffc/ffc_backend.c b/crypto/ffc/ffc_backend.c
index b227186934..b387f966cc 100644
--- a/crypto/ffc/ffc_backend.c
+++ b/crypto/ffc/ffc_backend.c
@@ -37,6 +37,7 @@ int ossl_ffc_params_fromdata(FFC_PARAMS *ffc, const 
OSSL_PARAM params[])
 const DH_NAMED_GROUP *group = NULL;
 
 if (prm->data_type != OSSL_PARAM_UTF8_STRING
+|| prm->data == NULL
 || (group = ossl_ffc_name_to_dh_named_group(prm->data)) == NULL
 || !ossl_ffc_named_group_set_pqg(ffc, group))
 #endif
diff --git a/providers/implementations/keymgmt/dh_kmgmt.c 
b/providers/implementations/keymgmt/dh_kmgmt.c
index 98eb882e3f..ab8ef3ac52 100644
--- a/providers/implementations/keymgmt/dh_kmgmt.c
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
@@ -532,6 +532,7 @@ static int dh_gen_common_set_params(void *genctx, const 
OSSL_PARAM params[])
 const DH_NAMED_GROUP *group = NULL;
 
 if (p->data_type != OSSL_PARAM_UTF8_STRING
+|| p->data == NULL
 || (group = ossl_ffc_name_to_dh_named_group(p->data)) == NULL
 || ((gctx->group_nid =
  ossl_ffc_named_group_get_uid(group)) == NID_undef)) {

[openssl] master update

[openssl] openssl-3.0 update

[openssl] master update

Coverity Scan: Analysis completed for openssl/openssl

[openssl] openssl-3.0 update

[openssl] master update

[openssl] openssl-3.0 update

[openssl] master update

[openssl] openssl-3.0 update

9 matches

Site Navigation

Mail list logo

Footer information