summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--apps/ca.c2
-rw-r--r--crypto/cms/cms_pwri.c3
-rw-r--r--crypto/cms/cms_sd.c2
-rw-r--r--crypto/engine/eng_cryptodev.c7
-rw-r--r--crypto/evp/evp_key.c2
-rw-r--r--crypto/jpake/jpake.c4
-rw-r--r--crypto/pem/pem_info.c6
-rw-r--r--crypto/pkcs7/pk7_doit.c2
-rw-r--r--crypto/x509v3/v3_cpols.c4
-rw-r--r--crypto/x509v3/v3_ncons.c2
-rw-r--r--engines/e_chil.c4
-rw-r--r--ssl/s3_clnt.c5
-rw-r--r--ssl/s3_srvr.c10
13 files changed, 51 insertions, 2 deletions
diff --git a/apps/ca.c b/apps/ca.c
index 7fb92854b2..0b66095b83 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -2532,6 +2532,8 @@ static int do_updatedb(CA_DB *db)
char **rrow, *a_tm_s;
a_tm = ASN1_UTCTIME_new();
+ if (a_tm == NULL)
+ return -1;
/* get actual time and make a string */
a_tm = X509_gmtime_adj(a_tm, 0);
diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
index a8322dcdf1..b91c01691f 100644
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@@ -121,6 +121,9 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
/* Setup algorithm identifier for cipher */
encalg = X509_ALGOR_new();
+ if (encalg == NULL) {
+ goto merr;
+ }
EVP_CIPHER_CTX_init(&ctx);
if (EVP_EncryptInit_ex(&ctx, kekciph, NULL, NULL, NULL) <= 0) {
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index 721ffd5afb..a41aca8e12 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -857,6 +857,8 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
} else {
const EVP_MD *md = EVP_MD_CTX_md(&mctx);
pkctx = EVP_PKEY_CTX_new(si->pkey, NULL);
+ if (pkctx == NULL)
+ goto err;
if (EVP_PKEY_verify_init(pkctx) <= 0)
goto err;
if (EVP_PKEY_CTX_set_signature_md(pkctx, md) <= 0)
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
index 926d95c0d7..8fb9c3373d 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
@@ -1292,15 +1292,18 @@ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
BN_num_bytes(dsa->q), s) == 0) {
dsaret = DSA_SIG_new();
+ if (dsaret == NULL)
+ goto err;
dsaret->r = r;
dsaret->s = s;
+ r = s = NULL;
} else {
const DSA_METHOD *meth = DSA_OpenSSL();
- BN_free(r);
- BN_free(s);
dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa);
}
err:
+ BN_free(r);
+ BN_free(s);
kop.crk_param[0].crp_p = NULL;
zapparams(&kop);
return (dsaret);
diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c
index 122bc28df5..5be9e336f9 100644
--- a/crypto/evp/evp_key.c
+++ b/crypto/evp/evp_key.c
@@ -104,6 +104,8 @@ int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,
if ((prompt == NULL) && (prompt_string[0] != '\0'))
prompt = prompt_string;
ui = UI_new();
+ if (ui == NULL)
+ return -1;
UI_add_input_string(ui, prompt, 0, buf, min,
(len >= BUFSIZ) ? BUFSIZ - 1 : len);
if (verify)
diff --git a/crypto/jpake/jpake.c b/crypto/jpake/jpake.c
index 8c38727e20..ebc0975575 100644
--- a/crypto/jpake/jpake.c
+++ b/crypto/jpake/jpake.c
@@ -219,6 +219,9 @@ static int verify_zkp(const JPAKE_STEP_PART *p, const BIGNUM *zkpg,
BIGNUM *t3 = BN_new();
int ret = 0;
+ if (h == NULL || t1 == NULL || t2 == NULL || t3 == NULL)
+ goto end;
+
zkp_hash(h, zkpg, p, ctx->p.peer_name);
/* t1 = g^b */
@@ -234,6 +237,7 @@ static int verify_zkp(const JPAKE_STEP_PART *p, const BIGNUM *zkpg,
else
JPAKEerr(JPAKE_F_VERIFY_ZKP, JPAKE_R_ZKP_VERIFY_FAILED);
+end:
/* cleanup */
BN_free(t3);
BN_free(t2);
diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c
index 68747d1625..4d736a1d07 100644
--- a/crypto/pem/pem_info.c
+++ b/crypto/pem/pem_info.c
@@ -172,6 +172,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
xi->enc_len = 0;
xi->x_pkey = X509_PKEY_new();
+ if (xi->x_pkey == NULL)
+ goto err;
ptype = EVP_PKEY_RSA;
pp = &xi->x_pkey->dec_pkey;
if ((int)strlen(header) > 10) /* assume encrypted */
@@ -193,6 +195,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
xi->enc_len = 0;
xi->x_pkey = X509_PKEY_new();
+ if (xi->x_pkey == NULL)
+ goto err;
ptype = EVP_PKEY_DSA;
pp = &xi->x_pkey->dec_pkey;
if ((int)strlen(header) > 10) /* assume encrypted */
@@ -214,6 +218,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
xi->enc_len = 0;
xi->x_pkey = X509_PKEY_new();
+ if (xi->x_pkey == NULL)
+ goto err;
ptype = EVP_PKEY_EC;
pp = &xi->x_pkey->dec_pkey;
if ((int)strlen(header) > 10) /* assume encrypted */
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 83f3b77b29..946aaa6543 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -656,6 +656,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
bio = BIO_new_mem_buf(data_body->data, data_body->length);
else {
bio = BIO_new(BIO_s_mem());
+ if (bio == NULL)
+ goto err;
BIO_set_mem_eof_return(bio, 0);
}
if (bio == NULL)
diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c
index 0febc1b3ed..d97f6226b9 100644
--- a/crypto/x509v3/v3_cpols.c
+++ b/crypto/x509v3/v3_cpols.c
@@ -186,6 +186,10 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
goto err;
}
pol = POLICYINFO_new();
+ if (pol == NULL) {
+ X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
pol->policyid = pobj;
}
if (!sk_POLICYINFO_push(pols, pol)) {
diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c
index b97ed271e3..2855269668 100644
--- a/crypto/x509v3/v3_ncons.c
+++ b/crypto/x509v3/v3_ncons.c
@@ -132,6 +132,8 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
}
tval.value = val->value;
sub = GENERAL_SUBTREE_new();
+ if (sub == NULL)
+ goto memerr;
if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1))
goto err;
if (!*ptree)
diff --git a/engines/e_chil.c b/engines/e_chil.c
index 69d49d7d3a..72d14fe383 100644
--- a/engines/e_chil.c
+++ b/engines/e_chil.c
@@ -839,6 +839,10 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
bn_fix_top(rtmp->n);
res = EVP_PKEY_new();
+ if (res == NULL) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR);
+ goto err;
+ }
EVP_PKEY_assign_RSA(res, rtmp);
# endif
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 3911c3d5d0..a5511ac5a0 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2956,6 +2956,11 @@ int ssl3_send_client_key_exchange(SSL *s)
pkey_ctx = EVP_PKEY_CTX_new(pub_key =
X509_get_pubkey(peer_cert), NULL);
+ if (pkey_ctx == NULL) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
/*
* If we have send a certificate, and certificate key
*
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 704289a449..48c5c4a4b5 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2866,6 +2866,11 @@ int ssl3_get_client_key_exchange(SSL *s)
pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
pkey_ctx = EVP_PKEY_CTX_new(pk, NULL);
+ if (pkey_ctx == NULL) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+ goto f_err;
+ }
EVP_PKEY_decrypt_init(pkey_ctx);
/*
* If client certificate is present and is of the same type, maybe
@@ -3098,6 +3103,11 @@ int ssl3_get_cert_verify(SSL *s)
unsigned char signature[64];
int idx;
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL);
+ if (pctx == NULL) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_MALLOC_FAILURE);
+ goto f_err;
+ }
EVP_PKEY_verify_init(pctx);
if (i != 64) {
fprintf(stderr, "GOST signature length is %d", i);
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-05 17:36:19 +0000