mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 22:15:20 +00:00
Code Issues Releases Wiki Activity

Merge branch '2991-address-reported-by-coverity-in-updated-openssl-code' into 'main'

Browse Source 
Resolve "Address reports by Coverity in updated OpenSSL code"

Closes #2991

See merge request isc-projects/bind9!5547
This commit is contained in:
Mark Andrews
2021-11-01 22:37:43 +00:00
parent dfd040a5aa 7806615714
commit a174dfb462
2 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
lib/dns/openssldh_link.c
View File

@@ -1116,8 +1116,6 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
DST_RET(ISC_R_NOMEMORY); DST_RET(ISC_R_NOMEMORY);
} }
DH_clear_flags(dh, DH_FLAG_CACHE_MONT_P); DH_clear_flags(dh, DH_FLAG_CACHE_MONT_P);
key->keydata.dh = dh;
dh = NULL;
#else #else
bld = OSSL_PARAM_BLD_new(); bld = OSSL_PARAM_BLD_new();
if (bld == NULL) { if (bld == NULL) {
@@ -1155,11 +1153,11 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
} }
#if OPENSSL_VERSION_NUMBER < 0x30000000L #if OPENSSL_VERSION_NUMBER < 0x30000000L
if (DH_set0_key(key->keydata.dh, pub_key, priv_key) != 1) { if (DH_set0_key(dh, pub_key, priv_key) != 1) {
DST_RET(dst__openssl_toresult2("DH_set0_key", DST_RET(dst__openssl_toresult2("DH_set0_key",
DST_R_OPENSSLFAILURE)); DST_R_OPENSSLFAILURE));
} }
if (DH_set0_pqg(key->keydata.dh, p, NULL, g) != 1) { if (DH_set0_pqg(dh, p, NULL, g) != 1) {
DST_RET(dst__openssl_toresult2("DH_set0_pqg", DST_RET(dst__openssl_toresult2("DH_set0_pqg",
DST_R_OPENSSLFAILURE)); DST_R_OPENSSLFAILURE));
} }
@@ -1169,6 +1167,9 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
priv_key = NULL; priv_key = NULL;
p = NULL; p = NULL;
g = NULL; g = NULL;
key->keydata.dh = dh;
dh = NULL;
#else #else
if (OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub_key) != if (OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub_key) !=
1 || 1 ||

10
lib/dns/opensslrsa_link.c
View File

@@ -811,7 +811,7 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) {
if (key->external) { if (key->external) {
priv.nelements = 0; priv.nelements = 0;
DST_RET(dst__privstruct_writefile(key, &priv, directory)); return (dst__privstruct_writefile(key, &priv, directory));
} }
pkey = key->keydata.pkey; pkey = key->keydata.pkey;
@@ -855,6 +855,7 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) {
if (d != NULL) { if (d != NULL) {
priv.elements[i].tag = TAG_RSA_PRIVATEEXPONENT; priv.elements[i].tag = TAG_RSA_PRIVATEEXPONENT;
priv.elements[i].length = BN_num_bytes(d); priv.elements[i].length = BN_num_bytes(d);
INSIST(i < ARRAY_SIZE(bufs));
bufs[i] = isc_mem_get(key->mctx, priv.elements[i].length); bufs[i] = isc_mem_get(key->mctx, priv.elements[i].length);
BN_bn2bin(d, bufs[i]); BN_bn2bin(d, bufs[i]);
priv.elements[i].data = bufs[i]; priv.elements[i].data = bufs[i];
@@ -864,6 +865,7 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) {
if (p != NULL) { if (p != NULL) {
priv.elements[i].tag = TAG_RSA_PRIME1; priv.elements[i].tag = TAG_RSA_PRIME1;
priv.elements[i].length = BN_num_bytes(p); priv.elements[i].length = BN_num_bytes(p);
INSIST(i < ARRAY_SIZE(bufs));
bufs[i] = isc_mem_get(key->mctx, priv.elements[i].length); bufs[i] = isc_mem_get(key->mctx, priv.elements[i].length);
BN_bn2bin(p, bufs[i]); BN_bn2bin(p, bufs[i]);
priv.elements[i].data = bufs[i]; priv.elements[i].data = bufs[i];
@@ -873,6 +875,7 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) {
if (q != NULL) { if (q != NULL) {
priv.elements[i].tag = TAG_RSA_PRIME2; priv.elements[i].tag = TAG_RSA_PRIME2;
priv.elements[i].length = BN_num_bytes(q); priv.elements[i].length = BN_num_bytes(q);
INSIST(i < ARRAY_SIZE(bufs));
bufs[i] = isc_mem_get(key->mctx, priv.elements[i].length); bufs[i] = isc_mem_get(key->mctx, priv.elements[i].length);
BN_bn2bin(q, bufs[i]); BN_bn2bin(q, bufs[i]);
priv.elements[i].data = bufs[i]; priv.elements[i].data = bufs[i];
@@ -882,6 +885,7 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) {
if (dmp1 != NULL) { if (dmp1 != NULL) {
priv.elements[i].tag = TAG_RSA_EXPONENT1; priv.elements[i].tag = TAG_RSA_EXPONENT1;
priv.elements[i].length = BN_num_bytes(dmp1); priv.elements[i].length = BN_num_bytes(dmp1);
INSIST(i < ARRAY_SIZE(bufs));
bufs[i] = isc_mem_get(key->mctx, priv.elements[i].length); bufs[i] = isc_mem_get(key->mctx, priv.elements[i].length);
BN_bn2bin(dmp1, bufs[i]); BN_bn2bin(dmp1, bufs[i]);
priv.elements[i].data = bufs[i]; priv.elements[i].data = bufs[i];
@@ -891,6 +895,7 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) {
if (dmq1 != NULL) { if (dmq1 != NULL) {
priv.elements[i].tag = TAG_RSA_EXPONENT2; priv.elements[i].tag = TAG_RSA_EXPONENT2;
priv.elements[i].length = BN_num_bytes(dmq1); priv.elements[i].length = BN_num_bytes(dmq1);
INSIST(i < ARRAY_SIZE(bufs));
bufs[i] = isc_mem_get(key->mctx, priv.elements[i].length); bufs[i] = isc_mem_get(key->mctx, priv.elements[i].length);
BN_bn2bin(dmq1, bufs[i]); BN_bn2bin(dmq1, bufs[i]);
priv.elements[i].data = bufs[i]; priv.elements[i].data = bufs[i];
@@ -900,6 +905,7 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) {
if (iqmp != NULL) { if (iqmp != NULL) {
priv.elements[i].tag = TAG_RSA_COEFFICIENT; priv.elements[i].tag = TAG_RSA_COEFFICIENT;
priv.elements[i].length = BN_num_bytes(iqmp); priv.elements[i].length = BN_num_bytes(iqmp);
INSIST(i < ARRAY_SIZE(bufs));
bufs[i] = isc_mem_get(key->mctx, priv.elements[i].length); bufs[i] = isc_mem_get(key->mctx, priv.elements[i].length);
BN_bn2bin(iqmp, bufs[i]); BN_bn2bin(iqmp, bufs[i]);
priv.elements[i].data = bufs[i]; priv.elements[i].data = bufs[i];
@@ -926,7 +932,7 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) {
ret = dst__privstruct_writefile(key, &priv, directory); ret = dst__privstruct_writefile(key, &priv, directory);
err: err:
while (i--) { for (i = 0; i < ARRAY_SIZE(bufs); i++) {
if (bufs[i] != NULL) { if (bufs[i] != NULL) {
isc_mem_put(key->mctx, bufs[i], isc_mem_put(key->mctx, bufs[i],
priv.elements[i].length); priv.elements[i].length);