Fwd: New Defects reported by Coverity Scan for Cryptopp

[Jeffrey Walton]

FYI...

We figured out how to get Windows scans from the command line using nmake.

75 or so of the findings were for memory leaks on Integer::One() and
Integer::Zero(). At least three are for Microsoft STL code.

I'm pretty sure OS X self-scan tools are broken. I have not been able
to get them to work on three different Macs.

Jeff

---------- Forwarded message ----------
From: <scan-...@coverity.com>
Date: Thu, Sep 29, 2016 at 2:49 AM
Subject: New Defects reported by Coverity Scan for Cryptopp
To: webm...@cryptopp.com

Hi,

Please find the latest report on new defect(s) introduced to Cryptopp
found with Coverity Scan.

89 new defect(s) introduced to Cryptopp found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in
the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 20 of 89 defect(s)


** CID 171280: Resource leaks (RESOURCE_LEAK)
/pubkey.cpp: 106 in
CryptoPP::TF_VerifierBase::InputSignature(CryptoPP::PK_MessageAccumulator
&, const unsigned char *, unsigned int) const()


________________________________________________________________________________________________________
*** CID 171280: Resource leaks (RESOURCE_LEAK)
/pubkey.cpp: 106 in
CryptoPP::TF_VerifierBase::InputSignature(CryptoPP::PK_MessageAccumulator
&, const unsigned char *, unsigned int) const()
100 if (MessageRepresentativeBitLength() <
encoding.MinRepresentativeBitLength(id.second,
ma.AccessHash().DigestSize()))
101 throw PK_SignatureScheme::KeyTooShort();
102
103 ma.m_representative.New(MessageRepresentativeLength());
104 Integer x =
GetTrapdoorFunctionInterface().ApplyFunction(Integer(signature,
signatureLength));
105 if (x.BitCount() > MessageRepresentativeBitLength())
>>> CID 171280: Resource leaks (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "CryptoPP::Integer::Zero()" leaks it.
106 x = Integer::Zero(); // don't return false
here to prevent timing attack
107 x.Encode(ma.m_representative, ma.m_representative.size());
108 }
109
110 bool TF_VerifierBase::VerifyAndRestart(PK_MessageAccumulator
&messageAccumulator) const
111 {

** CID 171279: (RESOURCE_LEAK)
/pubkey.h: 1181 in
CryptoPP::DL_PrivateKeyImpl<CryptoPP::DL_GroupParameters_GFP>::GenerateRandom(CryptoPP::RandomNumberGenerator
&, const CryptoPP::NameValuePairs &)()
/pubkey.h: 1181 in
CryptoPP::DL_PrivateKeyImpl<CryptoPP::DL_GroupParameters_LUC>::GenerateRandom(CryptoPP::RandomNumberGenerator
&, const CryptoPP::NameValuePairs &)()
/pubkey.h: 1181 in
CryptoPP::DL_PrivateKeyImpl<CryptoPP::DL_GroupParameters_GFP_DefaultSafePrime>::GenerateRandom(CryptoPP::RandomNumberGenerator
&, const CryptoPP::NameValuePairs &)()
/pubkey.h: 1181 in
CryptoPP::DL_PrivateKeyImpl<CryptoPP::DL_GroupParameters_LUC_DefaultSafePrime>::GenerateRandom(CryptoPP::RandomNumberGenerator
&, const CryptoPP::NameValuePairs &)()
/pubkey.h: 1181 in
CryptoPP::DL_PrivateKeyImpl<CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>>::GenerateRandom(CryptoPP::RandomNumberGenerator
&, const CryptoPP::NameValuePairs &)()
/pubkey.h: 1181 in
CryptoPP::DL_PrivateKeyImpl<CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>>::GenerateRandom(CryptoPP::RandomNumberGenerator
&, const CryptoPP::NameValuePairs &)()
/pubkey.h: 1181 in
CryptoPP::DL_PrivateKeyImpl<CryptoPP::DL_GroupParameters_DSA>::GenerateRandom(CryptoPP::RandomNumberGenerator
&, const CryptoPP::NameValuePairs &)()


________________________________________________________________________________________________________
*** CID 171279: (RESOURCE_LEAK)
/pubkey.h: 1181 in
CryptoPP::DL_PrivateKeyImpl<CryptoPP::DL_GroupParameters_GFP>::GenerateRandom(CryptoPP::RandomNumberGenerator
&, const CryptoPP::NameValuePairs &)()
1175
1176 void GenerateRandom(RandomNumberGenerator &rng, const
NameValuePairs &params)
1177 {
1178 if
(!params.GetThisObject(this->AccessGroupParameters()))
1179
this->AccessGroupParameters().GenerateRandom(rng, params);
1180 // std::pair<const byte *, int> seed;
>>> CID 171279: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "CryptoPP::Integer::One()" leaks it.
1181 Integer x(rng, Integer::One(),
GetAbstractGroupParameters().GetMaxExponent());
1182 // Integer::ANY, Integer::Zero(), Integer::One(),
1183 //
params.GetValue("DeterministicKeyGenerationSeed", seed) ? &seed :
NULL);
1184 SetPrivateExponent(x);
1185 }
1186
/pubkey.h: 1181 in
CryptoPP::DL_PrivateKeyImpl<CryptoPP::DL_GroupParameters_LUC>::GenerateRandom(CryptoPP::RandomNumberGenerator
&, const CryptoPP::NameValuePairs &)()
1175
1176 void GenerateRandom(RandomNumberGenerator &rng, const
NameValuePairs &params)
1177 {
1178 if
(!params.GetThisObject(this->AccessGroupParameters()))
1179
this->AccessGroupParameters().GenerateRandom(rng, params);
1180 // std::pair<const byte *, int> seed;
>>> CID 171279: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "CryptoPP::Integer::One()" leaks it.
1181 Integer x(rng, Integer::One(),
GetAbstractGroupParameters().GetMaxExponent());
1182 // Integer::ANY, Integer::Zero(), Integer::One(),
1183 //
params.GetValue("DeterministicKeyGenerationSeed", seed) ? &seed :
NULL);
1184 SetPrivateExponent(x);
1185 }
1186
/pubkey.h: 1181 in
CryptoPP::DL_PrivateKeyImpl<CryptoPP::DL_GroupParameters_GFP_DefaultSafePrime>::GenerateRandom(CryptoPP::RandomNumberGenerator
&, const CryptoPP::NameValuePairs &)()
1175
1176 void GenerateRandom(RandomNumberGenerator &rng, const
NameValuePairs &params)
1177 {
1178 if
(!params.GetThisObject(this->AccessGroupParameters()))
1179
this->AccessGroupParameters().GenerateRandom(rng, params);
1180 // std::pair<const byte *, int> seed;
>>> CID 171279: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "CryptoPP::Integer::One()" leaks it.
1181 Integer x(rng, Integer::One(),
GetAbstractGroupParameters().GetMaxExponent());
1182 // Integer::ANY, Integer::Zero(), Integer::One(),
1183 //
params.GetValue("DeterministicKeyGenerationSeed", seed) ? &seed :
NULL);
1184 SetPrivateExponent(x);
1185 }
1186
/pubkey.h: 1181 in
CryptoPP::DL_PrivateKeyImpl<CryptoPP::DL_GroupParameters_LUC_DefaultSafePrime>::GenerateRandom(CryptoPP::RandomNumberGenerator
&, const CryptoPP::NameValuePairs &)()
1175
1176 void GenerateRandom(RandomNumberGenerator &rng, const
NameValuePairs &params)
1177 {
1178 if
(!params.GetThisObject(this->AccessGroupParameters()))
1179
this->AccessGroupParameters().GenerateRandom(rng, params);
1180 // std::pair<const byte *, int> seed;
>>> CID 171279: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "CryptoPP::Integer::One()" leaks it.
1181 Integer x(rng, Integer::One(),
GetAbstractGroupParameters().GetMaxExponent());
1182 // Integer::ANY, Integer::Zero(), Integer::One(),
1183 //
params.GetValue("DeterministicKeyGenerationSeed", seed) ? &seed :
NULL);
1184 SetPrivateExponent(x);
1185 }
1186
/pubkey.h: 1181 in
CryptoPP::DL_PrivateKeyImpl<CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>>::GenerateRandom(CryptoPP::RandomNumberGenerator
&, const CryptoPP::NameValuePairs &)()
1175
1176 void GenerateRandom(RandomNumberGenerator &rng, const
NameValuePairs &params)
1177 {
1178 if
(!params.GetThisObject(this->AccessGroupParameters()))
1179
this->AccessGroupParameters().GenerateRandom(rng, params);
1180 // std::pair<const byte *, int> seed;
>>> CID 171279: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "CryptoPP::Integer::One()" leaks it.
1181 Integer x(rng, Integer::One(),
GetAbstractGroupParameters().GetMaxExponent());
1182 // Integer::ANY, Integer::Zero(), Integer::One(),
1183 //
params.GetValue("DeterministicKeyGenerationSeed", seed) ? &seed :
NULL);
1184 SetPrivateExponent(x);
1185 }
1186
/pubkey.h: 1181 in
CryptoPP::DL_PrivateKeyImpl<CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>>::GenerateRandom(CryptoPP::RandomNumberGenerator
&, const CryptoPP::NameValuePairs &)()
1175
1176 void GenerateRandom(RandomNumberGenerator &rng, const
NameValuePairs &params)
1177 {
1178 if
(!params.GetThisObject(this->AccessGroupParameters()))
1179
this->AccessGroupParameters().GenerateRandom(rng, params);
1180 // std::pair<const byte *, int> seed;
>>> CID 171279: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "CryptoPP::Integer::One()" leaks it.
1181 Integer x(rng, Integer::One(),
GetAbstractGroupParameters().GetMaxExponent());
1182 // Integer::ANY, Integer::Zero(), Integer::One(),
1183 //
params.GetValue("DeterministicKeyGenerationSeed", seed) ? &seed :
NULL);
1184 SetPrivateExponent(x);
1185 }
1186
/pubkey.h: 1181 in
CryptoPP::DL_PrivateKeyImpl<CryptoPP::DL_GroupParameters_DSA>::GenerateRandom(CryptoPP::RandomNumberGenerator
&, const CryptoPP::NameValuePairs &)()
1175
1176 void GenerateRandom(RandomNumberGenerator &rng, const
NameValuePairs &params)
1177 {
1178 if
(!params.GetThisObject(this->AccessGroupParameters()))
1179
this->AccessGroupParameters().GenerateRandom(rng, params);
1180 // std::pair<const byte *, int> seed;
>>> CID 171279: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "CryptoPP::Integer::One()" leaks it.
1181 Integer x(rng, Integer::One(),
GetAbstractGroupParameters().GetMaxExponent());
1182 // Integer::ANY, Integer::Zero(), Integer::One(),
1183 //
params.GetValue("DeterministicKeyGenerationSeed", seed) ? &seed :
NULL);
1184 SetPrivateExponent(x);
1185 }
1186

** CID 171278: (RESOURCE_LEAK)
/integer.cpp: 3509 in
CryptoPP::Integer::GenerateRandomNoThrow(CryptoPP::RandomNumberGenerator
&, const CryptoPP::NameValuePairs &)()
/integer.cpp: 3522 in
CryptoPP::Integer::GenerateRandomNoThrow(CryptoPP::RandomNumberGenerator
&, const CryptoPP::NameValuePairs &)()
/integer.cpp: 3560 in
CryptoPP::Integer::GenerateRandomNoThrow(CryptoPP::RandomNumberGenerator
&, const CryptoPP::NameValuePairs &)()


________________________________________________________________________________________________________
*** CID 171278: (RESOURCE_LEAK)
/integer.cpp: 3509 in
CryptoPP::Integer::GenerateRandomNoThrow(CryptoPP::RandomNumberGenerator
&, const CryptoPP::NameValuePairs &)()
3503 word32 m_counter;
3504 SecByteBlock m_counterAndSeed;
3505 };
3506
3507 bool Integer::GenerateRandomNoThrow(RandomNumberGenerator
&i_rng, const NameValuePairs &params)
3508 {
>>> CID 171278: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "CryptoPP::Integer::Zero()" leaks it.
3509 Integer min = params.GetValueWithDefault("Min",
Integer::Zero());
3510 Integer max;
3511 if (!params.GetValue("Max", max))
3512 {
3513 int bitLength;
3514 if (params.GetIntValue("BitLength", bitLength))
/integer.cpp: 3522 in
CryptoPP::Integer::GenerateRandomNoThrow(CryptoPP::RandomNumberGenerator
&, const CryptoPP::NameValuePairs &)()
3516 else
3517 throw InvalidArgument("Integer:
missing Max argument");
3518 }
3519 if (min > max)
3520 throw InvalidArgument("Integer: Min must be no
greater than Max");
3521
>>> CID 171278: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "CryptoPP::Integer::Zero()" leaks it.
3522 Integer equiv =
params.GetValueWithDefault("EquivalentTo", Integer::Zero());
3523 Integer mod = params.GetValueWithDefault("Mod", Integer::One());
3524
3525 if (equiv.IsNegative() || equiv >= mod)
3526 throw InvalidArgument("Integer: invalid
EquivalentTo and/or Mod argument");
3527
/integer.cpp: 3560 in
CryptoPP::Integer::GenerateRandomNoThrow(CryptoPP::RandomNumberGenerator
&, const CryptoPP::NameValuePairs &)()
3554 Randomize(rng, min, max);
3555 else
3556 {
3557 Integer min1 = min + (equiv-min)%mod;
3558 if (max < min1)
3559 return false;
>>> CID 171278: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "CryptoPP::Integer::Zero()" leaks it.
3560 Randomize(rng, Zero(), (max -
min1) / mod);
3561 *this *= mod;
3562 *this += min1;
3563 }
3564 return true;
3565

** CID 171277: Resource leaks (RESOURCE_LEAK)
/integer.cpp: 3727 in CryptoPP::Integer::operator --()()


________________________________________________________________________________________________________
*** CID 171277: Resource leaks (RESOURCE_LEAK)
/integer.cpp: 3727 in CryptoPP::Integer::operator --()()
3721 reg[reg.size()/2]=1;
3722 }
3723 }
3724 else
3725 {
3726 if (Decrement(reg, reg.size()))
>>> CID 171277: Resource leaks (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "CryptoPP::Integer::One()" leaks it.
3727 *this = -One();
3728 }
3729 return *this;
3730 }
3731
3732 void PositiveAdd(Integer &sum, const Integer &a, const Integer& b)

** CID 171276: Resource leaks (RESOURCE_LEAK)
/pubkey.h: 1916 in
CryptoPP::DL_SimpleKeyAgreementDomainBase<CryptoPP::Integer>::GeneratePrivateKey(CryptoPP::RandomNumberGenerator
&, unsigned char *) const()


________________________________________________________________________________________________________
*** CID 171276: Resource leaks (RESOURCE_LEAK)
/pubkey.h: 1916 in
CryptoPP::DL_SimpleKeyAgreementDomainBase<CryptoPP::Integer>::GeneratePrivateKey(CryptoPP::RandomNumberGenerator
&, unsigned char *) const()
1910 unsigned int AgreedValueLength() const {return
GetAbstractGroupParameters().GetEncodedElementSize(false);}
1911 unsigned int PrivateKeyLength() const {return
GetAbstractGroupParameters().GetSubgroupOrder().ByteCount();}
1912 unsigned int PublicKeyLength() const {return
GetAbstractGroupParameters().GetEncodedElementSize(true);}
1913
1914 void GeneratePrivateKey(RandomNumberGenerator &rng,
byte *privateKey) const
1915 {
>>> CID 171276: Resource leaks (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "CryptoPP::Integer::One()" leaks it.
1916 Integer x(rng, Integer::One(),
GetAbstractGroupParameters().GetMaxExponent());
1917 x.Encode(privateKey, PrivateKeyLength());
1918 }
1919
1920 void GeneratePublicKey(RandomNumberGenerator &rng,
const byte *privateKey, byte *publicKey) const
1921 {

** CID 171275: Low impact quality (MISSING_MOVE_ASSIGNMENT)
/ec2n.h: 22 in ()


________________________________________________________________________________________________________
*** CID 171275: Low impact quality (MISSING_MOVE_ASSIGNMENT)
/ec2n.h: 22 in ()
16 #include "smartptr.h"
17 #include "pubkey.h"
18
19 NAMESPACE_BEGIN(CryptoPP)
20
21 //! Elliptic Curve Point
>>> CID 171275: Low impact quality (MISSING_MOVE_ASSIGNMENT)
>>> Class "CryptoPP::EC2NPoint" may benefit from adding a move assignment operator. See other events which show the copy assignment operator being applied to rvalue(s), where a move assignment may be faster.
22 struct CRYPTOPP_DLL EC2NPoint
23 {
24 EC2NPoint() : identity(true) {}
25 EC2NPoint(const PolynomialMod2 &x, const PolynomialMod2 &y)
26 : identity(false), x(x), y(y) {}
27

** CID 171274: Resource leaks (RESOURCE_LEAK)
/esign.cpp: 63 in
CryptoPP::ESIGNFunction::Validate(CryptoPP::RandomNumberGenerator &,
unsigned int) const()


________________________________________________________________________________________________________
*** CID 171274: Resource leaks (RESOURCE_LEAK)
/esign.cpp: 63 in
CryptoPP::ESIGNFunction::Validate(CryptoPP::RandomNumberGenerator &,
unsigned int) const()
57 }
58
59 bool ESIGNFunction::Validate(RandomNumberGenerator& rng,
unsigned int level) const
60 {
61 CRYPTOPP_UNUSED(rng), CRYPTOPP_UNUSED(level);
62 bool pass = true;
>>> CID 171274: Resource leaks (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "CryptoPP::Integer::One()" leaks it.
63 pass = pass && m_n > Integer::One() && m_n.IsOdd();
64 pass = pass && m_e >= 8 && m_e < m_n;
65 return pass;
66 }
67
68 bool ESIGNFunction::GetVoidValue(const char *name, const
std::type_info &valueType, void *pValue) const

** CID 171273: Resource leaks (RESOURCE_LEAK)
/rw.cpp: 77 in CryptoPP::RWFunction::Validate(CryptoPP::RandomNumberGenerator
&, unsigned int) const()


________________________________________________________________________________________________________
*** CID 171273: Resource leaks (RESOURCE_LEAK)
/rw.cpp: 77 in CryptoPP::RWFunction::Validate(CryptoPP::RandomNumberGenerator
&, unsigned int) const()
71 }
72
73 bool RWFunction::Validate(RandomNumberGenerator &rng, unsigned
int level) const
74 {
75 CRYPTOPP_UNUSED(rng), CRYPTOPP_UNUSED(level);
76 bool pass = true;
>>> CID 171273: Resource leaks (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "CryptoPP::Integer::One()" leaks it.
77 pass = pass && m_n > Integer::One() && m_n%8 == 5;
78 return pass;
79 }
80
81 bool RWFunction::GetVoidValue(const char *name, const
std::type_info &valueType, void *pValue) const
82 {

** CID 171272: (RESOURCE_LEAK)
/integer.cpp: 3523 in
CryptoPP::Integer::GenerateRandomNoThrow(CryptoPP::RandomNumberGenerator
&, const CryptoPP::NameValuePairs &)()
/integer.cpp: 3553 in
CryptoPP::Integer::GenerateRandomNoThrow(CryptoPP::RandomNumberGenerator
&, const CryptoPP::NameValuePairs &)()


________________________________________________________________________________________________________
*** CID 171272: (RESOURCE_LEAK)
/integer.cpp: 3523 in
CryptoPP::Integer::GenerateRandomNoThrow(CryptoPP::RandomNumberGenerator
&, const CryptoPP::NameValuePairs &)()
3517 throw InvalidArgument("Integer:
missing Max argument");
3518 }
3519 if (min > max)
3520 throw InvalidArgument("Integer: Min must be no
greater than Max");
3521
3522 Integer equiv =
params.GetValueWithDefault("EquivalentTo", Integer::Zero());
>>> CID 171272: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "CryptoPP::Integer::One()" leaks it.
3523 Integer mod = params.GetValueWithDefault("Mod", Integer::One());
3524
3525 if (equiv.IsNegative() || equiv >= mod)
3526 throw InvalidArgument("Integer: invalid
EquivalentTo and/or Mod argument");
3527
3528 Integer::RandomNumberType rnType =
params.GetValueWithDefault("RandomNumberType", Integer::ANY);
/integer.cpp: 3553 in
CryptoPP::Integer::GenerateRandomNoThrow(CryptoPP::RandomNumberGenerator
&, const CryptoPP::NameValuePairs &)()
3547 }
3548 RandomNumberGenerator &rng = kdf2Rng.get() ?
(RandomNumberGenerator &)*kdf2Rng : i_rng;
3549
3550 switch (rnType)
3551 {
3552 case ANY:
>>> CID 171272: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "CryptoPP::Integer::One()" leaks it.
3553 if (mod == One())
3554 Randomize(rng, min, max);
3555 else
3556 {
3557 Integer min1 = min + (equiv-min)%mod;
3558 if (max < min1)

** CID 171271: (RESOURCE_LEAK)
/nbtheory.cpp: 542 in
CryptoPP::MaurerProvablePrime(CryptoPP::RandomNumberGenerator &,
unsigned int)()
/nbtheory.cpp: 546 in
CryptoPP::MaurerProvablePrime(CryptoPP::RandomNumberGenerator &,
unsigned int)()


________________________________________________________________________________________________________
*** CID 171271: (RESOURCE_LEAK)
/nbtheory.cpp: 542 in
CryptoPP::MaurerProvablePrime(CryptoPP::RandomNumberGenerator &,
unsigned int)()
536 Integer I = Integer::Power2(bits-2)/q;
537 Integer I2 = I << 1;
538 unsigned int trialDivisorBound = (unsigned
int)STDMIN((unsigned long)primeTable[primeTableSize-1], (unsigned
long)bits*bits/c_opt);
539 bool success = false;
540 while (!success)
541 {
>>> CID 171271: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "CryptoPP::Integer::Zero()" leaks it.
542 p.Randomize(rng, I, I2, Integer::ANY);
543 p *= q; p <<= 1; ++p;
544 if (!TrialDivision(p, trialDivisorBound))
545 {
546 a.Randomize(rng, 2, p-1, Integer::ANY);
547 b = a_exp_b_mod_c(a, (p-1)/q, p);
/nbtheory.cpp: 546 in
CryptoPP::MaurerProvablePrime(CryptoPP::RandomNumberGenerator &,
unsigned int)()
540 while (!success)
541 {
542 p.Randomize(rng, I, I2, Integer::ANY);
543 p *= q; p <<= 1; ++p;
544 if (!TrialDivision(p, trialDivisorBound))
545 {
>>> CID 171271: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "CryptoPP::Integer::Zero()" leaks it.
546 a.Randomize(rng, 2, p-1, Integer::ANY);
547 b = a_exp_b_mod_c(a, (p-1)/q, p);
548 success = (GCD(b-1, p) == 1)
&& (a_exp_b_mod_c(b, q, p) == 1);
549 }
550 }
551 }

** CID 171270: Resource leaks (RESOURCE_LEAK)
/integer.cpp: 4241 in CryptoPP::Integer::InverseMod(const
CryptoPP::Integer&) const()


________________________________________________________________________________________________________
*** CID 171270: Resource leaks (RESOURCE_LEAK)
/integer.cpp: 4241 in CryptoPP::Integer::InverseMod(const
CryptoPP::Integer&) const()
4235 return Modulo(m).InverseMod(m);
4236
4237 if (m.IsEven())
4238 {
4239 if (!m || IsEven())
4240 return Zero(); // no inverse
>>> CID 171270: Resource leaks (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "CryptoPP::Integer::One()" leaks it.
4241 if (*this == One())
4242 return One();
4243
4244 Integer u = m.Modulo(*this).InverseMod(*this);
4245 return !u ? Zero() : (m*(*this-u)+1)/(*this);
4246 }

** CID 171269: Resource leaks (RESOURCE_LEAK)
/rw.cpp: 68 in CryptoPP::RWFunction::ApplyFunction(const
CryptoPP::Integer &) const()


________________________________________________________________________________________________________
*** CID 171269: Resource leaks (RESOURCE_LEAK)
/rw.cpp: 68 in CryptoPP::RWFunction::ApplyFunction(const
CryptoPP::Integer &) const()
62 case r4+8:
63 out.Negate();
64 out += m_n;
65 out <<= 1;
66 break;
67 default:
>>> CID 171269: Resource leaks (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "CryptoPP::Integer::Zero()" leaks it.
68 out = Integer::Zero();
69 }
70 return out;
71 }
72
73 bool RWFunction::Validate(RandomNumberGenerator &rng, unsigned
int level) const

** CID 171268: Low impact quality (MISSING_MOVE_ASSIGNMENT)
/pubkey.h: 572 in ()


________________________________________________________________________________________________________
*** CID 171268: Low impact quality (MISSING_MOVE_ASSIGNMENT)
/pubkey.h: 572 in ()
566 {
567 typedef T4 HashFunction;
568 };
569
570 //! _
571 template <class BASE, class SCHEME_OPTIONS, class KEY_CLASS>
>>> CID 171268: Low impact quality (MISSING_MOVE_ASSIGNMENT)
>>> Class "CryptoPP::TF_ObjectImplBase<CryptoPP::TF_VerifierBase, CryptoPP::TF_SignatureSchemeOptions<CryptoPP::TF_SS<CryptoPP::P1363_EMSA5, CryptoPP::SHA1, CryptoPP::ESIGN_Keys, int>, CryptoPP::ESIGN_Keys, CryptoPP::EMSA5Pad<CryptoPP::P1363_MGF1>, CryptoPP::SHA1>, CryptoPP::ESIGNFunction>" may benefit from adding a move assignment operator. See other events which show the copy assignment operator being applied to rvalue(s), where a move assignment may be faster.
572 class CRYPTOPP_NO_VTABLE TF_ObjectImplBase : public
AlgorithmImpl<BASE, typename SCHEME_OPTIONS::AlgorithmInfo>
573 {
574 public:
575 typedef SCHEME_OPTIONS SchemeOptions;
576 typedef KEY_CLASS KeyClass;
577

** CID 171267: (RESOURCE_LEAK)
/luc.cpp: 76 in
CryptoPP::LUCFunction::Validate(CryptoPP::RandomNumberGenerator &,
unsigned int) const()
/luc.cpp: 77 in
CryptoPP::LUCFunction::Validate(CryptoPP::RandomNumberGenerator &,
unsigned int) const()


________________________________________________________________________________________________________
*** CID 171267: (RESOURCE_LEAK)
/luc.cpp: 76 in
CryptoPP::LUCFunction::Validate(CryptoPP::RandomNumberGenerator &,
unsigned int) const()
70 }
71
72 bool LUCFunction::Validate(RandomNumberGenerator &rng, unsigned
int level) const
73 {
74 CRYPTOPP_UNUSED(rng), CRYPTOPP_UNUSED(level);
75 bool pass = true;
>>> CID 171267: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "CryptoPP::Integer::One()" leaks it.
76 pass = pass && m_n > Integer::One() && m_n.IsOdd();
77 pass = pass && m_e > Integer::One() && m_e.IsOdd() && m_e < m_n;
78 return pass;
79 }
80
81 bool LUCFunction::GetVoidValue(const char *name, const
std::type_info &valueType, void *pValue) const
/luc.cpp: 77 in
CryptoPP::LUCFunction::Validate(CryptoPP::RandomNumberGenerator &,
unsigned int) const()
71
72 bool LUCFunction::Validate(RandomNumberGenerator &rng, unsigned
int level) const
73 {
74 CRYPTOPP_UNUSED(rng), CRYPTOPP_UNUSED(level);
75 bool pass = true;
76 pass = pass && m_n > Integer::One() && m_n.IsOdd();
>>> CID 171267: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "CryptoPP::Integer::One()" leaks it.
77 pass = pass && m_e > Integer::One() && m_e.IsOdd() && m_e < m_n;
78 return pass;
79 }
80
81 bool LUCFunction::GetVoidValue(const char *name, const
std::type_info &valueType, void *pValue) const
82 {

** CID 171266: Resource leaks (RESOURCE_LEAK)
/gfpcrypt.cpp: 138 in
CryptoPP::DL_GroupParameters_IntegerBased::ValidateGroup(CryptoPP::RandomNumberGenerator
&, unsigned int) const()


________________________________________________________________________________________________________
*** CID 171266: Resource leaks (RESOURCE_LEAK)
/gfpcrypt.cpp: 138 in
CryptoPP::DL_GroupParameters_IntegerBased::ValidateGroup(CryptoPP::RandomNumberGenerator
&, unsigned int) const()
132
133 bool pass = true;
134 pass = pass && p > Integer::One() && p.IsOdd();
135 pass = pass && q > Integer::One() && q.IsOdd();
136
137 if (level >= 1)
>>> CID 171266: Resource leaks (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "CryptoPP::Integer::Zero()" leaks it.
138 pass = pass && GetCofactor() > Integer::One()
&& GetGroupOrder() % q == Integer::Zero();
139 if (level >= 2)
140 pass = pass && VerifyPrime(rng, q, level-2) &&
VerifyPrime(rng, p, level-2);
141
142 return pass;
143 }

** CID 171265: Low impact quality (MISSING_MOVE_ASSIGNMENT)
/ecp.h: 20 in ()


________________________________________________________________________________________________________
*** CID 171265: Low impact quality (MISSING_MOVE_ASSIGNMENT)
/ecp.h: 20 in ()
14 #include "smartptr.h"
15 #include "pubkey.h"
16
17 NAMESPACE_BEGIN(CryptoPP)
18
19 //! Elliptical Curve Point
>>> CID 171265: Low impact quality (MISSING_MOVE_ASSIGNMENT)
>>> Class "CryptoPP::ECPPoint" may benefit from adding a move assignment operator. See other events which show the copy assignment operator being applied to rvalue(s), where a move assignment may be faster.
20 struct CRYPTOPP_DLL ECPPoint
21 {
22 ECPPoint() : identity(true) {}
23 ECPPoint(const Integer &x, const Integer &y)
24 : identity(false), x(x), y(y) {}
25

** CID 171264: Low impact quality (MISSING_MOVE_ASSIGNMENT)
/pubkey.h: 105 in ()


________________________________________________________________________________________________________
*** CID 171264: Low impact quality (MISSING_MOVE_ASSIGNMENT)
/pubkey.h: 105 in ()
99 //! \class RandomizedTrapdoorFunction
100 //! \brief Applies the trapdoor function, using random data if required
101 //! \details \p ApplyFunction() is the foundation for
encrypting a message under a public key.
102 //! Derived classes will override it at some point.
103 //! \sa TrapdoorFunctionBounds(),
RandomizedTrapdoorFunction(), TrapdoorFunction(),
104 //! RandomizedTrapdoorFunctionInverse() and TrapdoorFunctionInverse()
>>> CID 171264: Low impact quality (MISSING_MOVE_ASSIGNMENT)
>>> Class "CryptoPP::RandomizedTrapdoorFunction" may benefit from adding a move assignment operator. See other events which show the copy assignment operator being applied to rvalue(s), where a move assignment may be faster.
105 class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE
RandomizedTrapdoorFunction : public TrapdoorFunctionBounds
106 {
107 public:
108 #ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
109 virtual ~RandomizedTrapdoorFunction() { }
110 #endif

** CID 171263: (RESOURCE_LEAK)
/integer.cpp: 3213 in CryptoPP::StringToInteger<wchar_t>(const T1 *,
CryptoPP::ByteOrder)()
/integer.cpp: 3213 in CryptoPP::StringToInteger<char>(const T1 *,
CryptoPP::ByteOrder)()


________________________________________________________________________________________________________
*** CID 171263: (RESOURCE_LEAK)
/integer.cpp: 3213 in CryptoPP::StringToInteger<wchar_t>(const T1 *,
CryptoPP::ByteOrder)()
3207 }
3208 }
3209 else if (radix == 16 && order == LITTLE_ENDIAN_ORDER)
3210 {
3211 // Nibble high, low and count
3212 unsigned int nh = 0, nl = 0, nc = 0;
>>> CID 171263: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "CryptoPP::Integer::One()" leaks it.
3213 Integer position(Integer::One());
3214
3215 for (unsigned int i=0; i<length; i++)
3216 {
3217 int digit, ch = static_cast<int>(str[i]);
3218
/integer.cpp: 3213 in CryptoPP::StringToInteger<char>(const T1 *,
CryptoPP::ByteOrder)()
3207 }
3208 }
3209 else if (radix == 16 && order == LITTLE_ENDIAN_ORDER)
3210 {
3211 // Nibble high, low and count
3212 unsigned int nh = 0, nl = 0, nc = 0;
>>> CID 171263: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "CryptoPP::Integer::One()" leaks it.
3213 Integer position(Integer::One());
3214
3215 for (unsigned int i=0; i<length; i++)
3216 {
3217 int digit, ch = static_cast<int>(str[i]);
3218

** CID 171262: (RESOURCE_LEAK)
/eccrypto.cpp: 499 in
CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::AssignFrom(const
CryptoPP::NameValuePairs &)()
/eccrypto.cpp: 499 in
CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>::AssignFrom(const
CryptoPP::NameValuePairs &)()


________________________________________________________________________________________________________
*** CID 171262: (RESOURCE_LEAK)
/eccrypto.cpp: 499 in
CryptoPP::DL_GroupParameters_EC<CryptoPP::ECP>::AssignFrom(const
CryptoPP::NameValuePairs &)()
493 Point G;
494 Integer n;
495
496
source.GetRequiredParameter("DL_GroupParameters_EC<EC>",
Name::Curve(), ec);
497
source.GetRequiredParameter("DL_GroupParameters_EC<EC>",
Name::SubgroupGenerator(), G);
498
source.GetRequiredParameter("DL_GroupParameters_EC<EC>",
Name::SubgroupOrder(), n);
>>> CID 171262: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "CryptoPP::Integer::Zero()" leaks it.
499 Integer k =
source.GetValueWithDefault(Name::Cofactor(), Integer::Zero());
500
501 Initialize(ec, G, n, k);
502 }
503 }
504
/eccrypto.cpp: 499 in
CryptoPP::DL_GroupParameters_EC<CryptoPP::EC2N>::AssignFrom(const
CryptoPP::NameValuePairs &)()
493 Point G;
494 Integer n;
495
496
source.GetRequiredParameter("DL_GroupParameters_EC<EC>",
Name::Curve(), ec);
497
source.GetRequiredParameter("DL_GroupParameters_EC<EC>",
Name::SubgroupGenerator(), G);
498
source.GetRequiredParameter("DL_GroupParameters_EC<EC>",
Name::SubgroupOrder(), n);
>>> CID 171262: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "CryptoPP::Integer::Zero()" leaks it.
499 Integer k =
source.GetValueWithDefault(Name::Cofactor(), Integer::Zero());
500
501 Initialize(ec, G, n, k);
502 }
503 }
504

** CID 171261: Resource leaks (RESOURCE_LEAK)
/nbtheory.cpp: 821 in CryptoPP::Lucas(const CryptoPP::Integer &, const
CryptoPP::Integer &, const CryptoPP::Integer &)()


________________________________________________________________________________________________________
*** CID 171261: Resource leaks (RESOURCE_LEAK)
/nbtheory.cpp: 821 in CryptoPP::Lucas(const CryptoPP::Integer &, const
CryptoPP::Integer &, const CryptoPP::Integer &)()
815 {
816 unsigned i = e.BitCount();
817 if (i==0)
818 return Integer::Two();
819
820 MontgomeryRepresentation m(n);
>>> CID 171261: Resource leaks (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "CryptoPP::Integer::Two()" leaks it.
821 Integer p=m.ConvertIn(pIn%n), two=m.ConvertIn(Integer::Two());
822 Integer v=p, v1=m.Subtract(m.Square(p), two);
823
824 i--;
825 while (i--)
826 {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVdnYQMGA7SsScSrNyVa5ApxivS82-2Fj2G1beWVoIdy6g-3D-3D_Q7QzZ7iXo-2FBXM79C9lXioIEFwFf94JwOslZnckW5VaeEd-2FIwjQvJLGaeiCAy2Riq2t6HXYhh42biB6qe0gXizVQUV94RZLuVnYWNEpLIIsiHYLfJUiyYXKLYy9WGtxJACnbFNgi2R3dP-2F-2Fnj4BICusOOVcEcrxu16R-2BXallVn9qlgMDAzK6MIuSt2V0nJCJZzhoxoVoIiRzS-2BpczRj-2BjklFlZVn-2FRiU9vHue4VishR4-3D

To manage Coverity Scan email notifications for
"webm...@cryptopp.com", click
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4CXLNPK1M7hXpumClmWuCSHG-2B2Y5bsVtwbGjQUYWAAHbcdcHpqFAd3PfbD2n3RCBPd6cW3fgaMMD5p8WHPvm07JjJgjN9fM5jVe-2BNGsB3Crc-3D_Q7QzZ7iXo-2FBXM79C9lXioIEFwFf94JwOslZnckW5VaeEd-2FIwjQvJLGaeiCAy2Riqs0b-2BVB2Nk-2FWQv1ObjWRfxb1CC5S7UfNUzwQ4Q7q0NHfJOBi1upVw4orRHTC-2F2ljVzpweuD1xvGtXl98jTBvscvnPebjWoFf1HUXZipczSKOYE1HJU9a2dVqt6ipxD6Lxl6ey31bvwXiLkMzNFkqHGHNiUL38s-2Feo2KTj-2Bw6IoLo-3D