Merge pull request #2995 from gilles-peskine-arm/coverity-20200115-tls into development
diff --git a/ChangeLog b/ChangeLog
index 17d2aae..bcd88dd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,7 @@
Bugfix
* Allow loading symlinked certificates. Fixes #3005. Reported and fixed
by Jonathan Bennett <JBennett@incomsystems.biz> via #3008.
+ * Fix an unchecked call to mbedtls_md() in the x509write module.
= mbed TLS 2.20.0 branch released 2020-01-15
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index 0c3c396..7c51798 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -214,7 +214,9 @@
return( MBEDTLS_ERR_X509_FATAL_ERROR );
}
#else /* MBEDTLS_USE_PSA_CRYPTO */
- mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash );
+ ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash );
+ if( ret != 0 )
+ return( ret );
#endif
if( ( ret = mbedtls_pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len,
f_rng, p_rng ) ) != 0 )
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 8f0d3b5..c188900 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -619,6 +619,7 @@
if( fwrite( nss_keylog_line, 1, len, f ) != len )
{
ret = -1;
+ fclose( f );
goto exit;
}
diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function
index 9e56ca3..b956c0c 100644
--- a/tests/suites/host_test.function
+++ b/tests/suites/host_test.function
@@ -525,15 +525,6 @@
mbedtls_memory_buffer_alloc_init( alloc_buf, sizeof( alloc_buf ) );
#endif
- if( outcome_file_name != NULL )
- {
- outcome_file = fopen( outcome_file_name, "a" );
- if( outcome_file == NULL )
- {
- mbedtls_fprintf( stderr, "Unable to open outcome file. Continuing anyway.\n" );
- }
- }
-
/*
* The C standard doesn't guarantee that all-bits-0 is the representation
* of a NULL pointer. We do however use that in our code for initializing
@@ -555,6 +546,15 @@
return( 1 );
}
+ if( outcome_file_name != NULL )
+ {
+ outcome_file = fopen( outcome_file_name, "a" );
+ if( outcome_file == NULL )
+ {
+ mbedtls_fprintf( stderr, "Unable to open outcome file. Continuing anyway.\n" );
+ }
+ }
+
while( arg_index < argc )
{
next_arg = argv[arg_index];
@@ -607,6 +607,8 @@
{
mbedtls_fprintf( stderr, "Failed to open test file: %s\n",
test_filename );
+ if( outcome_file != NULL )
+ fclose( outcome_file );
return( 1 );
}