diff options
34 files changed, 368 insertions, 121 deletions
@@ -745,6 +745,10 @@ Changes between 0.9.7e and 0.9.7f [XX xxx XXXX] + *) Add lots of checks for memory allocation failure, error codes to indicate + failure and freeing up memory if a failure occurs. + [Nauticus Networks SSL Team <openssl@nauticusnet.com>, Steve Henson] + *) Add new -passin argument to dgst. [Steve Henson] diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c index c1d3c28210..931cc5969e 100644 --- a/crypto/asn1/a_bitstr.c +++ b/crypto/asn1/a_bitstr.c @@ -195,7 +195,12 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) c=(unsigned char *)OPENSSL_realloc_clean(a->data, a->length, w+1); - if (c == NULL) return(0); + if (c == NULL) + { + ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT,ERR_R_MALLOC_FAILURE); + return 0; + } + if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length); if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length); a->data=c; a->length=w+1; diff --git a/crypto/asn1/a_digest.c b/crypto/asn1/a_digest.c index 4931e222a0..7182e9fa5d 100644 --- a/crypto/asn1/a_digest.c +++ b/crypto/asn1/a_digest.c @@ -65,6 +65,7 @@ # include <sys/types.h> #endif +#include <openssl/err.h> #include <openssl/evp.h> #include <openssl/buffer.h> #include <openssl/x509.h> @@ -78,7 +79,11 @@ int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data, unsigned char *str,*p; i=i2d(data,NULL); - if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL) return(0); + if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL) + { + ASN1err(ASN1_F_ASN1_DIGEST,ERR_R_MALLOC_FAILURE); + return(0); + } p=str; i2d(data,&p); diff --git a/crypto/asn1/a_enum.c b/crypto/asn1/a_enum.c index 49f9e994be..af9fb9b39e 100644 --- a/crypto/asn1/a_enum.c +++ b/crypto/asn1/a_enum.c @@ -158,7 +158,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai) unsigned char *new_data=OPENSSL_realloc(ret->data, len+4); if (!new_data) { - ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); + ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE); goto err; } ret->data=new_data; diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c index ea8d7b96c8..def79062a5 100644 --- a/crypto/asn1/a_gentm.c +++ b/crypto/asn1/a_gentm.c @@ -192,8 +192,9 @@ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str) { if (s != NULL) { - ASN1_STRING_set((ASN1_STRING *)s, - (unsigned char *)str,t.length); + if (!ASN1_STRING_set((ASN1_STRING *)s, + (unsigned char *)str,t.length)) + return 0; s->type=V_ASN1_GENERALIZEDTIME; } return(1); @@ -223,7 +224,12 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, if ((p == NULL) || ((size_t)s->length < len)) { p=OPENSSL_malloc(len); - if (p == NULL) return(NULL); + if (p == NULL) + { + ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_SET, + ERR_R_MALLOC_FAILURE); + return(NULL); + } if (s->data != NULL) OPENSSL_free(s->data); s->data=(unsigned char *)p; diff --git a/crypto/asn1/a_set.c b/crypto/asn1/a_set.c index f37408a311..3c8d3d5629 100644 --- a/crypto/asn1/a_set.c +++ b/crypto/asn1/a_set.c @@ -118,8 +118,13 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag, } pStart = p; /* Catch the beg of Setblobs*/ - if (!(rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)))) return 0; /* In this array -we will store the SET blobs */ + /* In this array we will store the SET blobs */ + rgSetBlob = (MYBLOB *)OPENSSL_malloc(sk_num(a) * sizeof(MYBLOB)); + if (rgSetBlob == NULL) + { + ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE); + return(0); + } for (i=0; i<sk_num(a); i++) { @@ -135,7 +140,11 @@ SetBlob /* Now we have to sort the blobs. I am using a simple algo. *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/ qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp); - if (!(pTempMem = OPENSSL_malloc(totSize))) return 0; + if (!(pTempMem = OPENSSL_malloc(totSize))) + { + ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE); + return(0); + } /* Copy to temp mem */ p = pTempMem; @@ -160,7 +169,13 @@ STACK *d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length, STACK *ret=NULL; if ((a == NULL) || ((*a) == NULL)) - { if ((ret=sk_new_null()) == NULL) goto err; } + { + if ((ret=sk_new_null()) == NULL) + { + ASN1err(ASN1_F_D2I_ASN1_SET,ERR_R_MALLOC_FAILURE); + goto err; + } + } else ret=(*a); diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c index fea6590322..efebc63a02 100644 --- a/crypto/asn1/a_utctm.c +++ b/crypto/asn1/a_utctm.c @@ -173,8 +173,9 @@ int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str) { if (s != NULL) { - ASN1_STRING_set((ASN1_STRING *)s, - (unsigned char *)str,t.length); + if (!ASN1_STRING_set((ASN1_STRING *)s, + (unsigned char *)str,t.length)) + return 0; s->type = V_ASN1_UTCTIME; } return(1); @@ -203,7 +204,12 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) if ((p == NULL) || ((size_t)s->length < len)) { p=OPENSSL_malloc(len); - if (p == NULL) return(NULL); + if (p == NULL) + { + ASN1err(ASN1_F_ASN1_UTCTIME_SET,ERR_R_MALLOC_FAILURE); + return(NULL); + } + if (s->data != NULL) if (s->data != NULL) OPENSSL_free(s->data); s->data=(unsigned char *)p; diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 0df0f47621..aad3dcb23d 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -993,6 +993,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_A2I_ASN1_INTEGER 102 #define ASN1_F_A2I_ASN1_STRING 103 #define ASN1_F_APPEND_TAG 176 +#define ASN1_F_ASN1_BIT_STRING_SET_BIT 183 #define ASN1_F_ASN1_CB 177 #define ASN1_F_ASN1_CHECK_TLEN 104 #define ASN1_F_ASN1_COLLATE_PRIMITIVE 105 @@ -1000,10 +1001,12 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_ASN1_D2I_BIO 107 #define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108 #define ASN1_F_ASN1_D2I_FP 109 +#define ASN1_F_ASN1_DIGEST 184 #define ASN1_F_ASN1_DO_ADB 110 #define ASN1_F_ASN1_DUP 111 #define ASN1_F_ASN1_ENUMERATED_SET 112 #define ASN1_F_ASN1_ENUMERATED_TO_BN 113 +#define ASN1_F_ASN1_GENERALIZEDTIME_SET 185 #define ASN1_F_ASN1_GENERATE_V3 178 #define ASN1_F_ASN1_GET_OBJECT 114 #define ASN1_F_ASN1_HEADER_NEW 115 @@ -1021,6 +1024,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_ASN1_SEQ_UNPACK 127 #define ASN1_F_ASN1_SIGN 128 #define ASN1_F_ASN1_STR2TYPE 179 +#define ASN1_F_ASN1_STRING_SET 186 #define ASN1_F_ASN1_STRING_TABLE_ADD 129 #define ASN1_F_ASN1_STRING_TYPE_NEW 130 #define ASN1_F_ASN1_TEMPLATE_D2I 131 @@ -1030,6 +1034,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 #define ASN1_F_ASN1_UNPACK_STRING 136 +#define ASN1_F_ASN1_UTCTIME_SET 187 #define ASN1_F_ASN1_VERIFY 137 #define ASN1_F_BITSTR_CB 180 #define ASN1_F_BN_TO_ASN1_ENUMERATED 138 @@ -1054,6 +1059,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_D2I_X509_CINF 157 #define ASN1_F_D2I_X509_NAME 158 #define ASN1_F_D2I_X509_PKEY 159 +#define ASN1_F_I2D_ASN1_SET 188 #define ASN1_F_I2D_ASN1_TIME 160 #define ASN1_F_I2D_DSA_PUBKEY 161 #define ASN1_F_I2D_EC_PUBKEY 181 diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index d83ed65cdb..daffbf2140 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -1,6 +1,6 @@ /* crypto/asn1/asn1_err.c */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -71,6 +71,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_A2I_ASN1_INTEGER,0), "a2i_ASN1_INTEGER"}, {ERR_PACK(0,ASN1_F_A2I_ASN1_STRING,0), "a2i_ASN1_STRING"}, {ERR_PACK(0,ASN1_F_APPEND_TAG,0), "APPEND_TAG"}, +{ERR_PACK(0,ASN1_F_ASN1_BIT_STRING_SET_BIT,0), "ASN1_BIT_STRING_set_bit"}, {ERR_PACK(0,ASN1_F_ASN1_CB,0), "ASN1_CB"}, {ERR_PACK(0,ASN1_F_ASN1_CHECK_TLEN,0), "ASN1_CHECK_TLEN"}, {ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMITIVE,0), "ASN1_COLLATE_PRIMITIVE"}, @@ -78,10 +79,12 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_ASN1_D2I_BIO,0), "ASN1_d2i_bio"}, {ERR_PACK(0,ASN1_F_ASN1_D2I_EX_PRIMITIVE,0), "ASN1_D2I_EX_PRIMITIVE"}, {ERR_PACK(0,ASN1_F_ASN1_D2I_FP,0), "ASN1_d2i_fp"}, +{ERR_PACK(0,ASN1_F_ASN1_DIGEST,0), "ASN1_digest"}, {ERR_PACK(0,ASN1_F_ASN1_DO_ADB,0), "ASN1_DO_ADB"}, {ERR_PACK(0,ASN1_F_ASN1_DUP,0), "ASN1_dup"}, {ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_SET,0), "ASN1_ENUMERATED_set"}, {ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_TO_BN,0), "ASN1_ENUMERATED_to_BN"}, +{ERR_PACK(0,ASN1_F_ASN1_GENERALIZEDTIME_SET,0), "ASN1_GENERALIZEDTIME_set"}, {ERR_PACK(0,ASN1_F_ASN1_GENERATE_V3,0), "ASN1_generate_v3"}, {ERR_PACK(0,ASN1_F_ASN1_GET_OBJECT,0), "ASN1_get_object"}, {ERR_PACK(0,ASN1_F_ASN1_HEADER_NEW,0), "ASN1_HEADER_new"}, @@ -99,6 +102,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_ASN1_SEQ_UNPACK,0), "ASN1_seq_unpack"}, {ERR_PACK(0,ASN1_F_ASN1_SIGN,0), "ASN1_sign"}, {ERR_PACK(0,ASN1_F_ASN1_STR2TYPE,0), "ASN1_STR2TYPE"}, +{ERR_PACK(0,ASN1_F_ASN1_STRING_SET,0), "ASN1_STRING_set"}, {ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD,0), "ASN1_STRING_TABLE_add"}, {ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0), "ASN1_STRING_type_new"}, {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0), "ASN1_TEMPLATE_D2I"}, @@ -108,6 +112,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0), "ASN1_TYPE_get_int_octetstring"}, {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0), "ASN1_TYPE_get_octetstring"}, {ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0), "ASN1_unpack_string"}, +{ERR_PACK(0,ASN1_F_ASN1_UTCTIME_SET,0), "ASN1_UTCTIME_set"}, {ERR_PACK(0,ASN1_F_ASN1_VERIFY,0), "ASN1_verify"}, {ERR_PACK(0,ASN1_F_BITSTR_CB,0), "BITSTR_CB"}, {ERR_PACK(0,ASN1_F_BN_TO_ASN1_ENUMERATED,0), "BN_to_ASN1_ENUMERATED"}, @@ -132,6 +137,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_D2I_X509_CINF,0), "D2I_X509_CINF"}, {ERR_PACK(0,ASN1_F_D2I_X509_NAME,0), "D2I_X509_NAME"}, {ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0), "d2i_X509_PKEY"}, +{ERR_PACK(0,ASN1_F_I2D_ASN1_SET,0), "i2d_ASN1_SET"}, {ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0), "I2D_ASN1_TIME"}, {ERR_PACK(0,ASN1_F_I2D_DSA_PUBKEY,0), "i2d_DSA_PUBKEY"}, {ERR_PACK(0,ASN1_F_I2D_EC_PUBKEY,0), "i2d_EC_PUBKEY"}, diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 504e612a85..bb94257cee 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -378,6 +378,7 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) if (str->data == NULL) { + ASN1err(ASN1_F_ASN1_STRING_SET,ERR_R_MALLOC_FAILURE); str->data=c; return(0); } diff --git a/crypto/asn1/evp_asn1.c b/crypto/asn1/evp_asn1.c index 162b37bc38..f3d9804860 100644 --- a/crypto/asn1/evp_asn1.c +++ b/crypto/asn1/evp_asn1.c @@ -115,7 +115,11 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data, if ((osp=ASN1_STRING_new()) == NULL) return(0); /* Grow the 'string' */ - ASN1_STRING_set(osp,NULL,size); + if (!ASN1_STRING_set(osp,NULL,size)) + { + ASN1_STRING_free(osp); + return(0); + } M_ASN1_STRING_length_set(osp, size); p=M_ASN1_STRING_data(osp); diff --git a/crypto/asn1/p5_pbe.c b/crypto/asn1/p5_pbe.c index 891150638e..ec788267e0 100644 --- a/crypto/asn1/p5_pbe.c +++ b/crypto/asn1/p5_pbe.c @@ -76,47 +76,55 @@ IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM) X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen) { - PBEPARAM *pbe; + PBEPARAM *pbe=NULL; ASN1_OBJECT *al; X509_ALGOR *algor; - ASN1_TYPE *astype; + ASN1_TYPE *astype=NULL; if (!(pbe = PBEPARAM_new ())) { ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); - return NULL; + goto err; } if(iter <= 0) iter = PKCS5_DEFAULT_ITER; - ASN1_INTEGER_set (pbe->iter, iter); + if (!ASN1_INTEGER_set(pbe->iter, iter)) { + ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); + goto err; + } if (!saltlen) saltlen = PKCS5_SALT_LEN; if (!(pbe->salt->data = OPENSSL_malloc (saltlen))) { ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); - return NULL; + goto err; } pbe->salt->length = saltlen; if (salt) memcpy (pbe->salt->data, salt, saltlen); else if (RAND_pseudo_bytes (pbe->salt->data, saltlen) < 0) - return NULL; + goto err; if (!(astype = ASN1_TYPE_new())) { ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); - return NULL; + goto err; } astype->type = V_ASN1_SEQUENCE; if(!ASN1_pack_string(pbe, i2d_PBEPARAM, &astype->value.sequence)) { ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); - return NULL; + goto err; } PBEPARAM_free (pbe); + pbe = NULL; al = OBJ_nid2obj(alg); /* never need to free al */ if (!(algor = X509_ALGOR_new())) { ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); - return NULL; + goto err; } ASN1_OBJECT_free(algor->algorithm); algor->algorithm = al; algor->parameter = astype; return (algor); +err: + if (pbe != NULL) PBEPARAM_free(pbe); + if (astype != NULL) ASN1_TYPE_free(astype); + return NULL; } diff --git a/crypto/asn1/t_bitst.c b/crypto/asn1/t_bitst.c index 8ee789f082..397332d9b8 100644 --- a/crypto/asn1/t_bitst.c +++ b/crypto/asn1/t_bitst.c @@ -84,7 +84,10 @@ int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value, int bitnum; bitnum = ASN1_BIT_STRING_num_asc(name, tbl); if(bitnum < 0) return 0; - if(bs) ASN1_BIT_STRING_set_bit(bs, bitnum, value); + if(bs) { + if(!ASN1_BIT_STRING_set_bit(bs, bitnum, value)) + return 0; + } return 1; } diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c index 10b87def32..f631d2c68c 100644 --- a/crypto/asn1/x_pubkey.c +++ b/crypto/asn1/x_pubkey.c @@ -83,8 +83,7 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY) int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) { - int ok=0; - X509_PUBKEY *pk; + X509_PUBKEY *pk=NULL; X509_ALGOR *a; ASN1_OBJECT *o; unsigned char *s,*p = NULL; @@ -107,7 +106,11 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) (a->parameter->type != V_ASN1_NULL)) { ASN1_TYPE_free(a->parameter); - a->parameter=ASN1_TYPE_new(); + if (!(a->parameter=ASN1_TYPE_new())) + { + X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); + goto err; + } a->parameter->type=V_ASN1_NULL; } } @@ -120,14 +123,34 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) dsa=pkey->pkey.dsa; dsa->write_params=0; ASN1_TYPE_free(a->parameter); - i=i2d_DSAparams(dsa,NULL); - if ((p=(unsigned char *)OPENSSL_malloc(i)) == NULL) goto err; + if ((i=i2d_DSAparams(dsa,NULL)) <= 0) + goto err; + if (!(p=(unsigned char *)OPENSSL_malloc(i))) + { + X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); + goto err; + } pp=p; i2d_DSAparams(dsa,&pp); - a->parameter=ASN1_TYPE_new(); + if (!(a->parameter=ASN1_TYPE_new())) + { + OPENSSL_free(p); + X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); + goto err; + } a->parameter->type=V_ASN1_SEQUENCE; - a->parameter->value.sequence=ASN1_STRING_new(); - ASN1_STRING_set(a->parameter->value.sequence,p,i); + if (!(a->parameter->value.sequence=ASN1_STRING_new())) + { + OPENSSL_free(p); + X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); + goto err; + } + if (!ASN1_STRING_set(a->parameter->value.sequence,p,i)) + { + OPENSSL_free(p); + X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); + goto err; + } OPENSSL_free(p); } #endif @@ -199,7 +222,12 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) } p=s; i2d_PublicKey(pkey,&p); - if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err; + if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) + { + X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); + goto err; + } + /* Set number of unused bits to zero */ /* Set number of unused bits to zero */ pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT; @@ -215,12 +243,11 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) X509_PUBKEY_free(*x); *x=pk; - pk=NULL; - ok=1; + return 1; err: if (pk != NULL) X509_PUBKEY_free(pk); - return(ok); + return 0; } EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index 287392db0f..61416483cb 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -277,7 +277,7 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) BN_CTX_start(ctx); if((Ri = BN_CTX_get(ctx)) == NULL) goto err; R= &(mont->RR); /* grab RR as a temp */ - BN_copy(&(mont->N),mod); /* Set N */ + if (!BN_copy(&(mont->N),mod)) goto err; /* Set N */ mont->N.neg = 0; #ifdef MONT_WORD diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c index e81b810dea..e752c2073a 100644 --- a/crypto/evp/evp_pkey.c +++ b/crypto/evp/evp_pkey.c @@ -341,7 +341,11 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) return NULL; } p8->broken = broken; - ASN1_INTEGER_set (p8->version, 0); + if (!ASN1_INTEGER_set(p8->version, 0)) { + EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + PKCS8_PRIV_KEY_INFO_free (p8); + return NULL; + } if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) { EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); PKCS8_PRIV_KEY_INFO_free (p8); @@ -418,29 +422,35 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken) #ifndef OPENSSL_NO_DSA static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) { - ASN1_STRING *params; - ASN1_INTEGER *prkey; - ASN1_TYPE *ttmp; - STACK_OF(ASN1_TYPE) *ndsa; - unsigned char *p, *q; + ASN1_STRING *params = NULL; + ASN1_INTEGER *prkey = NULL; + ASN1_TYPE *ttmp = NULL; + STACK_OF(ASN1_TYPE) *ndsa = NULL; + unsigned char *p = NULL, *q; int len; p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa); len = i2d_DSAparams (pkey->pkey.dsa, NULL); if (!(p = OPENSSL_malloc(len))) { EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - PKCS8_PRIV_KEY_INFO_free (p8); - return 0; + goto err; } q = p; i2d_DSAparams (pkey->pkey.dsa, &q); - params = ASN1_STRING_new(); - ASN1_STRING_set(params, p, len); + if (!(params = ASN1_STRING_new())) { + EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } + if (!ASN1_STRING_set(params, p, len)) { + EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } OPENSSL_free(p); + p = NULL; /* Get private key into integer */ if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) { EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); - return 0; + goto err; } switch(p8->broken) { @@ -451,12 +461,13 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER, &p8->pkey->value.octet_string)) { EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - M_ASN1_INTEGER_free (prkey); - return 0; + goto err; } M_ASN1_INTEGER_free (prkey); + prkey = NULL; p8->pkeyalg->parameter->value.sequence = params; + params = NULL; p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; break; @@ -464,32 +475,51 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) case PKCS8_NS_DB: p8->pkeyalg->parameter->value.sequence = params; + params = NULL; p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; - ndsa = sk_ASN1_TYPE_new_null(); - ttmp = ASN1_TYPE_new(); - if (!(ttmp->value.integer = BN_to_ASN1_INTEGER (pkey->pkey.dsa->pub_key, NULL))) { + if (!(ndsa = sk_ASN1_TYPE_new_null())) { + EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } + if (!(ttmp = ASN1_TYPE_new())) { + EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } + if (!(ttmp->value.integer = + BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) { EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); - PKCS8_PRIV_KEY_INFO_free(p8); - return 0; + goto err; } ttmp->type = V_ASN1_INTEGER; - sk_ASN1_TYPE_push(ndsa, ttmp); + if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { + EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } - ttmp = ASN1_TYPE_new(); + if (!(ttmp = ASN1_TYPE_new())) { + EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } ttmp->value.integer = prkey; + prkey = NULL; ttmp->type = V_ASN1_INTEGER; - sk_ASN1_TYPE_push(ndsa, ttmp); + if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { + EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } + ttmp = NULL; - p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); + if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { + EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, &p8->pkey->value.octet_string->data, &p8->pkey->value.octet_string->length)) { EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); - M_ASN1_INTEGER_free(prkey); - return 0; + goto err; } sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); break; @@ -497,32 +527,58 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) case PKCS8_EMBEDDED_PARAM: p8->pkeyalg->parameter->type = V_ASN1_NULL; - ndsa = sk_ASN1_TYPE_new_null(); - ttmp = ASN1_TYPE_new(); + if (!(ndsa = sk_ASN1_TYPE_new_null())) { + EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } + if (!(ttmp = ASN1_TYPE_new())) { + EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } ttmp->value.sequence = params; + params = NULL; ttmp->type = V_ASN1_SEQUENCE; - sk_ASN1_TYPE_push(ndsa, ttmp); + if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { + EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } - ttmp = ASN1_TYPE_new(); + if (!(ttmp = ASN1_TYPE_new())) { + EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } ttmp->value.integer = prkey; + prkey = NULL; ttmp->type = V_ASN1_INTEGER; - sk_ASN1_TYPE_push(ndsa, ttmp); + if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { + EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } + ttmp = NULL; - p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); + if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { + EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + goto err; + } if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, &p8->pkey->value.octet_string->data, &p8->pkey->value.octet_string->length)) { EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); - M_ASN1_INTEGER_free (prkey); - return 0; + goto err; } sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); break; } return 1; +err: + if (p != NULL) OPENSSL_free(p); + if (params != NULL) ASN1_STRING_free(params); + if (prkey != NULL) M_ASN1_INTEGER_free(prkey); + if (ttmp != NULL) ASN1_TYPE_free(ttmp); + if (ndsa != NULL) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); + return 0; } #endif diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c index b4453b4a98..28c9370ca3 100644 --- a/crypto/objects/o_names.c +++ b/crypto/objects/o_names.c @@ -2,6 +2,7 @@ #include <stdlib.h> #include <string.h> +#include <openssl/err.h> #include <openssl/lhash.h> #include <openssl/objects.h> #include <openssl/safestack.h> @@ -80,7 +81,11 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *), MemCheck_off(); name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS)); MemCheck_on(); - if (!name_funcs) return(0); + if (!name_funcs) + { + OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX,ERR_R_MALLOC_FAILURE); + return(0); + } name_funcs->hash_func = lh_strhash; name_funcs->cmp_func = OPENSSL_strcmp; name_funcs->free_func = 0; /* NULL is often declared to diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index dbff4e075f..15f813a489 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -236,13 +236,13 @@ int OBJ_add_object(const ASN1_OBJECT *obj) if (added == NULL) |