failure and freeing up memory if a failure occurs.
PR:620
Changes between 0.9.7e and 0.9.7f [XX xxx XXXX]
+ *) Add lots of checks for memory allocation failure, error codes to indicate
+ failure and freeing up memory if a failure occurs.
+ [Nauticus Networks SSL Team <openssl@nauticusnet.com>, Steve Henson]
+
*) Add new -passin argument to dgst.
[Steve Henson]
c=(unsigned char *)OPENSSL_realloc_clean(a->data,
a->length,
w+1);
- if (c == NULL) return(0);
+ if (c == NULL)
+ {
+ ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length);
if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length);
a->data=c;
a->length=w+1;
# include <sys/types.h>
#endif
+#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/buffer.h>
#include <openssl/x509.h>
unsigned char *str,*p;
i=i2d(data,NULL);
- if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL) return(0);
+ if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL)
+ {
+ ASN1err(ASN1_F_ASN1_DIGEST,ERR_R_MALLOC_FAILURE);
+ return(0);
+ }
p=str;
i2d(data,&p);
unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);
if (!new_data)
{
- ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
+ ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
goto err;
}
ret->data=new_data;
{
if (s != NULL)
{
- ASN1_STRING_set((ASN1_STRING *)s,
- (unsigned char *)str,t.length);
+ if (!ASN1_STRING_set((ASN1_STRING *)s,
+ (unsigned char *)str,t.length))
+ return 0;
s->type=V_ASN1_GENERALIZEDTIME;
}
return(1);
if ((p == NULL) || ((size_t)s->length < len))
{
p=OPENSSL_malloc(len);
- if (p == NULL) return(NULL);
+ if (p == NULL)
+ {
+ ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_SET,
+ ERR_R_MALLOC_FAILURE);
+ return(NULL);
+ }
if (s->data != NULL)
OPENSSL_free(s->data);
s->data=(unsigned char *)p;
}
pStart = p; /* Catch the beg of Setblobs*/
- if (!(rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)))) return 0; /* In this array
-we will store the SET blobs */
+ /* In this array we will store the SET blobs */
+ rgSetBlob = (MYBLOB *)OPENSSL_malloc(sk_num(a) * sizeof(MYBLOB));
+ if (rgSetBlob == NULL)
+ {
+ ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
+ return(0);
+ }
for (i=0; i<sk_num(a); i++)
{
/* Now we have to sort the blobs. I am using a simple algo.
*Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
- if (!(pTempMem = OPENSSL_malloc(totSize))) return 0;
+ if (!(pTempMem = OPENSSL_malloc(totSize)))
+ {
+ ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
+ return(0);
+ }
/* Copy to temp mem */
p = pTempMem;
STACK *ret=NULL;
if ((a == NULL) || ((*a) == NULL))
- { if ((ret=sk_new_null()) == NULL) goto err; }
+ {
+ if ((ret=sk_new_null()) == NULL)
+ {
+ ASN1err(ASN1_F_D2I_ASN1_SET,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ }
else
ret=(*a);
{
if (s != NULL)
{
- ASN1_STRING_set((ASN1_STRING *)s,
- (unsigned char *)str,t.length);
+ if (!ASN1_STRING_set((ASN1_STRING *)s,
+ (unsigned char *)str,t.length))
+ return 0;
s->type = V_ASN1_UTCTIME;
}
return(1);
if ((p == NULL) || ((size_t)s->length < len))
{
p=OPENSSL_malloc(len);
- if (p == NULL) return(NULL);
+ if (p == NULL)
+ {
+ ASN1err(ASN1_F_ASN1_UTCTIME_SET,ERR_R_MALLOC_FAILURE);
+ return(NULL);
+ }
+ if (s->data != NULL)
if (s->data != NULL)
OPENSSL_free(s->data);
s->data=(unsigned char *)p;
#define ASN1_F_A2I_ASN1_ENUMERATED 101
#define ASN1_F_A2I_ASN1_INTEGER 102
#define ASN1_F_A2I_ASN1_STRING 103
+#define ASN1_F_ASN1_BIT_STRING_SET_BIT 176
#define ASN1_F_ASN1_CHECK_TLEN 104
#define ASN1_F_ASN1_COLLATE_PRIMITIVE 105
#define ASN1_F_ASN1_COLLECT 106
#define ASN1_F_ASN1_D2I_BIO 107
#define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108
#define ASN1_F_ASN1_D2I_FP 109
+#define ASN1_F_ASN1_DIGEST 177
#define ASN1_F_ASN1_DO_ADB 110
#define ASN1_F_ASN1_DUP 111
#define ASN1_F_ASN1_ENUMERATED_SET 112
#define ASN1_F_ASN1_ENUMERATED_TO_BN 113
+#define ASN1_F_ASN1_GENERALIZEDTIME_SET 178
#define ASN1_F_ASN1_GET_OBJECT 114
#define ASN1_F_ASN1_HEADER_NEW 115
#define ASN1_F_ASN1_I2D_BIO 116
#define ASN1_F_ASN1_SEQ_PACK 126
#define ASN1_F_ASN1_SEQ_UNPACK 127
#define ASN1_F_ASN1_SIGN 128
+#define ASN1_F_ASN1_STRING_SET 179
#define ASN1_F_ASN1_STRING_TABLE_ADD 129
#define ASN1_F_ASN1_STRING_TYPE_NEW 130
#define ASN1_F_ASN1_TEMPLATE_D2I 131
#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134
#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135
#define ASN1_F_ASN1_UNPACK_STRING 136
+#define ASN1_F_ASN1_UTCTIME_SET 180
#define ASN1_F_ASN1_VERIFY 137
#define ASN1_F_BN_TO_ASN1_ENUMERATED 138
#define ASN1_F_BN_TO_ASN1_INTEGER 139
#define ASN1_F_D2I_X509_CINF 157
#define ASN1_F_D2I_X509_NAME 158
#define ASN1_F_D2I_X509_PKEY 159
+#define ASN1_F_I2D_ASN1_SET 181
#define ASN1_F_I2D_ASN1_TIME 160
#define ASN1_F_I2D_DSA_PUBKEY 161
#define ASN1_F_I2D_NETSCAPE_RSA 162
/* crypto/asn1/asn1_err.c */
/* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
{ERR_PACK(0,ASN1_F_A2I_ASN1_ENUMERATED,0), "a2i_ASN1_ENUMERATED"},
{ERR_PACK(0,ASN1_F_A2I_ASN1_INTEGER,0), "a2i_ASN1_INTEGER"},
{ERR_PACK(0,ASN1_F_A2I_ASN1_STRING,0), "a2i_ASN1_STRING"},
+{ERR_PACK(0,ASN1_F_ASN1_BIT_STRING_SET_BIT,0), "ASN1_BIT_STRING_set_bit"},
{ERR_PACK(0,ASN1_F_ASN1_CHECK_TLEN,0), "ASN1_CHECK_TLEN"},
{ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMITIVE,0), "ASN1_COLLATE_PRIMITIVE"},
{ERR_PACK(0,ASN1_F_ASN1_COLLECT,0), "ASN1_COLLECT"},
{ERR_PACK(0,ASN1_F_ASN1_D2I_BIO,0), "ASN1_d2i_bio"},
{ERR_PACK(0,ASN1_F_ASN1_D2I_EX_PRIMITIVE,0), "ASN1_D2I_EX_PRIMITIVE"},
{ERR_PACK(0,ASN1_F_ASN1_D2I_FP,0), "ASN1_d2i_fp"},
+{ERR_PACK(0,ASN1_F_ASN1_DIGEST,0), "ASN1_digest"},
{ERR_PACK(0,ASN1_F_ASN1_DO_ADB,0), "ASN1_DO_ADB"},
{ERR_PACK(0,ASN1_F_ASN1_DUP,0), "ASN1_dup"},
{ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_SET,0), "ASN1_ENUMERATED_set"},
{ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_TO_BN,0), "ASN1_ENUMERATED_to_BN"},
+{ERR_PACK(0,ASN1_F_ASN1_GENERALIZEDTIME_SET,0), "ASN1_GENERALIZEDTIME_set"},
{ERR_PACK(0,ASN1_F_ASN1_GET_OBJECT,0), "ASN1_get_object"},
{ERR_PACK(0,ASN1_F_ASN1_HEADER_NEW,0), "ASN1_HEADER_new"},
{ERR_PACK(0,ASN1_F_ASN1_I2D_BIO,0), "ASN1_i2d_bio"},
{ERR_PACK(0,ASN1_F_ASN1_SEQ_PACK,0), "ASN1_seq_pack"},
{ERR_PACK(0,ASN1_F_ASN1_SEQ_UNPACK,0), "ASN1_seq_unpack"},
{ERR_PACK(0,ASN1_F_ASN1_SIGN,0), "ASN1_sign"},
+{ERR_PACK(0,ASN1_F_ASN1_STRING_SET,0), "ASN1_STRING_set"},
{ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD,0), "ASN1_STRING_TABLE_add"},
{ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0), "ASN1_STRING_type_new"},
{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0), "ASN1_TEMPLATE_D2I"},
{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0), "ASN1_TYPE_get_int_octetstring"},
{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0), "ASN1_TYPE_get_octetstring"},
{ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0), "ASN1_unpack_string"},
+{ERR_PACK(0,ASN1_F_ASN1_UTCTIME_SET,0), "ASN1_UTCTIME_set"},
{ERR_PACK(0,ASN1_F_ASN1_VERIFY,0), "ASN1_verify"},
{ERR_PACK(0,ASN1_F_BN_TO_ASN1_ENUMERATED,0), "BN_to_ASN1_ENUMERATED"},
{ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0), "BN_to_ASN1_INTEGER"},
{ERR_PACK(0,ASN1_F_D2I_X509_CINF,0), "D2I_X509_CINF"},
{ERR_PACK(0,ASN1_F_D2I_X509_NAME,0), "D2I_X509_NAME"},
{ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0), "d2i_X509_PKEY"},
+{ERR_PACK(0,ASN1_F_I2D_ASN1_SET,0), "i2d_ASN1_SET"},
{ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0), "I2D_ASN1_TIME"},
{ERR_PACK(0,ASN1_F_I2D_DSA_PUBKEY,0), "i2d_DSA_PUBKEY"},
{ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0), "i2d_Netscape_RSA"},
if (str->data == NULL)
{
+ ASN1err(ASN1_F_ASN1_STRING_SET,ERR_R_MALLOC_FAILURE);
str->data=c;
return(0);
}
if ((osp=ASN1_STRING_new()) == NULL) return(0);
/* Grow the 'string' */
- ASN1_STRING_set(osp,NULL,size);
+ if (!ASN1_STRING_set(osp,NULL,size))
+ {
+ ASN1_STRING_free(osp);
+ return(0);
+ }
M_ASN1_STRING_length_set(osp, size);
p=M_ASN1_STRING_data(osp);
X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,
int saltlen)
{
- PBEPARAM *pbe;
+ PBEPARAM *pbe=NULL;
ASN1_OBJECT *al;
X509_ALGOR *algor;
- ASN1_TYPE *astype;
+ ASN1_TYPE *astype=NULL;
if (!(pbe = PBEPARAM_new ())) {
ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
- return NULL;
+ goto err;
}
if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
- ASN1_INTEGER_set (pbe->iter, iter);
+ if (!ASN1_INTEGER_set(pbe->iter, iter)) {
+ ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
if (!saltlen) saltlen = PKCS5_SALT_LEN;
if (!(pbe->salt->data = OPENSSL_malloc (saltlen))) {
ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
- return NULL;
+ goto err;
}
pbe->salt->length = saltlen;
if (salt) memcpy (pbe->salt->data, salt, saltlen);
else if (RAND_pseudo_bytes (pbe->salt->data, saltlen) < 0)
- return NULL;
+ goto err;
if (!(astype = ASN1_TYPE_new())) {
ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
- return NULL;
+ goto err;
}
astype->type = V_ASN1_SEQUENCE;
if(!ASN1_pack_string(pbe, i2d_PBEPARAM, &astype->value.sequence)) {
ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
- return NULL;
+ goto err;
}
PBEPARAM_free (pbe);
+ pbe = NULL;
al = OBJ_nid2obj(alg); /* never need to free al */
if (!(algor = X509_ALGOR_new())) {
ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
- return NULL;
+ goto err;
}
ASN1_OBJECT_free(algor->algorithm);
algor->algorithm = al;
algor->parameter = astype;
return (algor);
+err:
+ if (pbe != NULL) PBEPARAM_free(pbe);
+ if (astype != NULL) ASN1_TYPE_free(astype);
+ return NULL;
}
int bitnum;
bitnum = ASN1_BIT_STRING_num_asc(name, tbl);
if(bitnum < 0) return 0;
- if(bs) ASN1_BIT_STRING_set_bit(bs, bitnum, value);
+ if(bs) {
+ if(!ASN1_BIT_STRING_set_bit(bs, bitnum, value))
+ return 0;
+ }
return 1;
}
int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
{
- int ok=0;
- X509_PUBKEY *pk;
+ X509_PUBKEY *pk=NULL;
X509_ALGOR *a;
ASN1_OBJECT *o;
unsigned char *s,*p = NULL;
(a->parameter->type != V_ASN1_NULL))
{
ASN1_TYPE_free(a->parameter);
- a->parameter=ASN1_TYPE_new();
+ if (!(a->parameter=ASN1_TYPE_new()))
+ {
+ X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
a->parameter->type=V_ASN1_NULL;
}
}
dsa=pkey->pkey.dsa;
dsa->write_params=0;
ASN1_TYPE_free(a->parameter);
- i=i2d_DSAparams(dsa,NULL);
- if ((p=(unsigned char *)OPENSSL_malloc(i)) == NULL) goto err;
+ if ((i=i2d_DSAparams(dsa,NULL)) <= 0)
+ goto err;
+ if (!(p=(unsigned char *)OPENSSL_malloc(i)))
+ {
+ X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
pp=p;
i2d_DSAparams(dsa,&pp);
- a->parameter=ASN1_TYPE_new();
+ if (!(a->parameter=ASN1_TYPE_new()))
+ {
+ OPENSSL_free(p);
+ X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
a->parameter->type=V_ASN1_SEQUENCE;
- a->parameter->value.sequence=ASN1_STRING_new();
- ASN1_STRING_set(a->parameter->value.sequence,p,i);
+ if (!(a->parameter->value.sequence=ASN1_STRING_new()))
+ {
+ OPENSSL_free(p);
+ X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (!ASN1_STRING_set(a->parameter->value.sequence,p,i))
+ {
+ OPENSSL_free(p);
+ X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
OPENSSL_free(p);
}
else
}
p=s;
i2d_PublicKey(pkey,&p);
- if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err;
+ if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i))
+ {
+ X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ /* Set number of unused bits to zero */
/* Set number of unused bits to zero */
pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
X509_PUBKEY_free(*x);
*x=pk;
- pk=NULL;
- ok=1;
+ return 1;
err:
if (pk != NULL) X509_PUBKEY_free(pk);
- return(ok);
+ return 0;
}
EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
BN_init(&Ri);
R= &(mont->RR); /* grab RR as a temp */
- BN_copy(&(mont->N),mod); /* Set N */
+ if (!BN_copy(&(mont->N),mod)) goto err; /* Set N */
mont->N.neg = 0;
#ifdef MONT_WORD
return NULL;
}
p8->broken = broken;
- ASN1_INTEGER_set (p8->version, 0);
+ if (!ASN1_INTEGER_set(p8->version, 0)) {
+ EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+ PKCS8_PRIV_KEY_INFO_free (p8);
+ return NULL;
+ }
if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
PKCS8_PRIV_KEY_INFO_free (p8);
#ifndef OPENSSL_NO_DSA
static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
{
- ASN1_STRING *params;
- ASN1_INTEGER *prkey;
- ASN1_TYPE *ttmp;
- STACK_OF(ASN1_TYPE) *ndsa;
- unsigned char *p, *q;
+ ASN1_STRING *params = NULL;
+ ASN1_INTEGER *prkey = NULL;
+ ASN1_TYPE *ttmp = NULL;
+ STACK_OF(ASN1_TYPE) *ndsa = NULL;
+ unsigned char *p = NULL, *q;
int len;
p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
len = i2d_DSAparams (pkey->pkey.dsa, NULL);
if (!(p = OPENSSL_malloc(len))) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
- PKCS8_PRIV_KEY_INFO_free (p8);
- return 0;
+ goto err;
}
q = p;
i2d_DSAparams (pkey->pkey.dsa, &q);
- params = ASN1_STRING_new();
- ASN1_STRING_set(params, p, len);
+ if (!(params = ASN1_STRING_new())) {
+ EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (!ASN1_STRING_set(params, p, len)) {
+ EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
OPENSSL_free(p);
+ p = NULL;
/* Get private key into integer */
if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
- return 0;
+ goto err;
}
switch(p8->broken) {
if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER,
&p8->pkey->value.octet_string)) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
- M_ASN1_INTEGER_free (prkey);
- return 0;
+ goto err;
}
M_ASN1_INTEGER_free (prkey);
+ prkey = NULL;
p8->pkeyalg->parameter->value.sequence = params;
+ params = NULL;
p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
break;
case PKCS8_NS_DB:
p8->pkeyalg->parameter->value.sequence = params;
+ params = NULL;
p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
- ndsa = sk_ASN1_TYPE_new_null();
- ttmp = ASN1_TYPE_new();
- if (!(ttmp->value.integer = BN_to_ASN1_INTEGER (pkey->pkey.dsa->pub_key, NULL))) {
+ if (!(ndsa = sk_ASN1_TYPE_new_null())) {
+ EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (!(ttmp = ASN1_TYPE_new())) {
+ EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (!(ttmp->value.integer =
+ BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
- PKCS8_PRIV_KEY_INFO_free(p8);
- return 0;
+ goto err;
}
ttmp->type = V_ASN1_INTEGER;
- sk_ASN1_TYPE_push(ndsa, ttmp);
+ if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
+ EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
- ttmp = ASN1_TYPE_new();
+ if (!(ttmp = ASN1_TYPE_new())) {
+ EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
ttmp->value.integer = prkey;
+ prkey = NULL;
ttmp->type = V_ASN1_INTEGER;
- sk_ASN1_TYPE_push(ndsa, ttmp);
+ if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
+ EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ ttmp = NULL;
- p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
+ if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
+ EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
&p8->pkey->value.octet_string->data,
&p8->pkey->value.octet_string->length)) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
- sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
- M_ASN1_INTEGER_free(prkey);
- return 0;
+ goto err;
}
sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
break;
case PKCS8_EMBEDDED_PARAM:
p8->pkeyalg->parameter->type = V_ASN1_NULL;
- ndsa = sk_ASN1_TYPE_new_null();
- ttmp = ASN1_TYPE_new();
+ if (!(ndsa = sk_ASN1_TYPE_new_null())) {
+ EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (!(ttmp = ASN1_TYPE_new())) {
+ EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
ttmp->value.sequence = params;
+ params = NULL;
ttmp->type = V_ASN1_SEQUENCE;
- sk_ASN1_TYPE_push(ndsa, ttmp);
+ if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
+ EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
- ttmp = ASN1_TYPE_new();
+ if (!(ttmp = ASN1_TYPE_new())) {
+ EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
ttmp->value.integer = prkey;
+ prkey = NULL;
ttmp->type = V_ASN1_INTEGER;
- sk_ASN1_TYPE_push(ndsa, ttmp);
+ if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
+ EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ ttmp = NULL;
- p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
+ if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
+ EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
&p8->pkey->value.octet_string->data,
&p8->pkey->value.octet_string->length)) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
- sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
- M_ASN1_INTEGER_free (prkey);
- return 0;
+ goto err;
}
sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
break;
}
return 1;
+err:
+ if (p != NULL) OPENSSL_free(p);
+ if (params != NULL) ASN1_STRING_free(params);
+ if (prkey != NULL) M_ASN1_INTEGER_free(prkey);
+ if (ttmp != NULL) ASN1_TYPE_free(ttmp);
+ if (ndsa != NULL) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+ return 0;
}
#endif
#include <stdlib.h>
#include <string.h>
+#include <openssl/err.h>
#include <openssl/lhash.h>
#include <openssl/objects.h>
#include <openssl/safestack.h>
MemCheck_off();
name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS));
MemCheck_on();
- if (!name_funcs) return(0);
+ if (!name_funcs)
+ {
+ OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX,ERR_R_MALLOC_FAILURE);
+ return(0);
+ }
name_funcs->hash_func = lh_strhash;
name_funcs->cmp_func = OPENSSL_strcmp;
name_funcs->free_func = 0; /* NULL is often declared to
if (added == NULL)
if (!init_added()) return(0);
if ((o=OBJ_dup(obj)) == NULL) goto err;
- if (!(ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err;
+ if (!(ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;
if ((o->length != 0) && (obj->data != NULL))
- ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ));
+ if (!(ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;
if (o->sn != NULL)
- ao[ADDED_SNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ));
+ if (!(ao[ADDED_SNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;
if (o->ln != NULL)
- ao[ADDED_LNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ));
+ if (!(ao[ADDED_LNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;
for (i=ADDED_DATA; i<=ADDED_NID; i++)
{
ASN1_OBJECT_FLAG_DYNAMIC_DATA);
return(o->nid);
+err2:
+ OBJerr(OBJ_F_OBJ_ADD_OBJECT,ERR_R_MALLOC_FAILURE);
err:
for (i=ADDED_DATA; i<=ADDED_NID; i++)
if (ao[i] != NULL) OPENSSL_free(ao[i]);
if ((buf=(unsigned char *)OPENSSL_malloc(i)) == NULL)
{
- OBJerr(OBJ_F_OBJ_CREATE,OBJ_R_MALLOC_FAILURE);
+ OBJerr(OBJ_F_OBJ_CREATE,ERR_R_MALLOC_FAILURE);
return(0);
}
i=a2d_ASN1_OBJECT(buf,i,oid,-1);
/* crypto/objects/obj_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
#ifndef OPENSSL_NO_ERR
static ERR_STRING_DATA OBJ_str_functs[]=
{
+{ERR_PACK(0,OBJ_F_OBJ_ADD_OBJECT,0), "OBJ_add_object"},
{ERR_PACK(0,OBJ_F_OBJ_CREATE,0), "OBJ_create"},
{ERR_PACK(0,OBJ_F_OBJ_DUP,0), "OBJ_dup"},
+{ERR_PACK(0,OBJ_F_OBJ_NAME_NEW_INDEX,0), "OBJ_NAME_new_index"},
{ERR_PACK(0,OBJ_F_OBJ_NID2LN,0), "OBJ_nid2ln"},
{ERR_PACK(0,OBJ_F_OBJ_NID2OBJ,0), "OBJ_nid2obj"},
{ERR_PACK(0,OBJ_F_OBJ_NID2SN,0), "OBJ_nid2sn"},
/* Error codes for the OBJ functions. */
/* Function codes. */
+#define OBJ_F_OBJ_ADD_OBJECT 105
#define OBJ_F_OBJ_CREATE 100
#define OBJ_F_OBJ_DUP 101
+#define OBJ_F_OBJ_NAME_NEW_INDEX 106
#define OBJ_F_OBJ_NID2LN 102
#define OBJ_F_OBJ_NID2OBJ 103
#define OBJ_F_OBJ_NID2SN 104
if ((dsize=i2d(x,NULL)) < 0)
{
- PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE);
+ PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_ASN1_LIB);
dsize=0;
goto err;
}
if (!(pkcs12->authsafes->d.data =
M_ASN1_OCTET_STRING_new())) {
PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
- return NULL;
+ goto err;
}
break;
default:
- PKCS12err(PKCS12_F_PKCS12_INIT,PKCS12_R_UNSUPPORTED_PKCS12_MODE);
- PKCS12_free(pkcs12);
- return NULL;
- break;
+ PKCS12err(PKCS12_F_PKCS12_INIT,
+ PKCS12_R_UNSUPPORTED_PKCS12_MODE);
+ goto err;
}
return pkcs12;
+err:
+ if (pkcs12 != NULL) PKCS12_free(pkcs12);
+ return NULL;
}
if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
return 1;
if (!(x509 = PKCS12_certbag2x509(bag))) return 0;
- if(ckid) X509_keyid_set1(x509, ckid->data, ckid->length);
+ if(ckid)
+ {
+ if (!X509_keyid_set1(x509, ckid->data, ckid->length))
+ {
+ X509_free(x509);
+ return 0;
+ }
+ }
if(fname) {
- int len;
+ int len, r;
unsigned char *data;
len = ASN1_STRING_to_UTF8(&data, fname);
if(len > 0) {
- X509_alias_set1(x509, data, len);
+ r = X509_alias_set1(x509, data, len);
OPENSSL_free(data);
+ if (!r)
+ {
+ X509_free(x509);
+ return 0;
+ }
}
}
PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
return 0;
}
- ASN1_INTEGER_set(p12->mac->iter, iter);
+ if (!ASN1_INTEGER_set(p12->mac->iter, iter)) {
+ PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
}
if (!saltlen) saltlen = PKCS12_SALT_LEN;
p12->mac->salt->length = saltlen;
OPENSSL_free(tmp);
goto err;
}
- M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
+ if (!M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj))
+ {
+ PKCS7err(PKCS7_F_PKCS7_DATAINIT,
+ ERR_R_MALLOC_FAILURE);
+ OPENSSL_free(tmp);
+ goto err;
+ }
}
OPENSSL_free(tmp);
OPENSSL_cleanse(key, keylen);
case NID_pkcs7_signedAndEnveloped:
/* XXXXXXXXXXXXXXXX */
si_sk=p7->d.signed_and_enveloped->signer_info;
- os=M_ASN1_OCTET_STRING_new();
+ if (!(os=M_ASN1_OCTET_STRING_new()))
+ {
+ PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
p7->d.signed_and_enveloped->enc_data->enc_data=os;
break;
case NID_pkcs7_enveloped:
/* XXXXXXXXXXXXXXXX */
- os=M_ASN1_OCTET_STRING_new();
+ if (!(os=M_ASN1_OCTET_STRING_new()))
+ {
+ PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
p7->d.enveloped->enc_data->enc_data=os;
break;
case NID_pkcs7_signed:
if (!PKCS7_get_signed_attribute(si,
NID_pkcs9_signingTime))
{
- sign_time=X509_gmtime_adj(NULL,0);
+ if (!(sign_time=X509_gmtime_adj(NULL,0)))
+ {
+ PKCS7err(PKCS7_F_PKCS7_DATASIGN,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
PKCS7_add_signed_attribute(si,
NID_pkcs9_signingTime,
V_ASN1_UTCTIME,sign_time);
/* Add digest */
md_tmp=EVP_MD_CTX_md(&ctx_tmp);
EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len);
- digest=M_ASN1_OCTET_STRING_new();
- M_ASN1_OCTET_STRING_set(digest,md_data,md_len);
+ if (!(digest=M_ASN1_OCTET_STRING_new()))
+ {
+ PKCS7err(PKCS7_F_PKCS7_DATASIGN,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (!M_ASN1_OCTET_STRING_set(digest,md_data,
+ md_len))
+ {
+ PKCS7err(PKCS7_F_PKCS7_DATASIGN,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
PKCS7_add_signed_attribute(si,
NID_pkcs9_messageDigest,
V_ASN1_OCTET_STRING,digest);
p7->type=obj;
if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL)
goto err;
- ASN1_INTEGER_set(p7->d.sign->version,1);
+ if (!ASN1_INTEGER_set(p7->d.sign->version,1))
+ {
+ PKCS7_SIGNED_free(p7->d.sign);
+ p7->d.sign=NULL;
+ goto err;
+ }
break;
case NID_pkcs7_data:
p7->type=obj;
if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new())
== NULL) goto err;
ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1);
+ if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1))
+ goto err;
+ break;
p7->d.signed_and_enveloped->enc_data->content_type
= OBJ_nid2obj(NID_pkcs7_data);
break;
p7->type=obj;
if ((p7->d.enveloped=PKCS7_ENVELOPE_new())
== NULL) goto err;
- ASN1_INTEGER_set(p7->d.enveloped->version,0);
+ if (!ASN1_INTEGER_set(p7->d.enveloped->version,0))
+ goto err;
p7->d.enveloped->enc_data->content_type
= OBJ_nid2obj(NID_pkcs7_data);
break;
p7->type=obj;
if ((p7->d.encrypted=PKCS7_ENCRYPT_new())
== NULL) goto err;
- ASN1_INTEGER_set(p7->d.encrypted->version,0);
+ if (!ASN1_INTEGER_set(p7->d.encrypted->version,0))
+ goto err;
p7->d.encrypted->enc_data->content_type
= OBJ_nid2obj(NID_pkcs7_data);
break;
if (pkey->type == EVP_PKEY_DSA) is_dsa = 1;
else is_dsa = 0;
/* We now need to add another PKCS7_SIGNER_INFO entry */
- ASN1_INTEGER_set(p7i->version,1);
- X509_NAME_set(&p7i->issuer_and_serial->issuer,
- X509_get_issuer_name(x509));
+ if (!ASN1_INTEGER_set(p7i->version,1))
+ goto err;
+ if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
+ X509_get_issuer_name(x509)))
+ goto err;
/* because ASN1_INTEGER_set is used to set a 'long' we will do
* things the ugly way. */
M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
- p7i->issuer_and_serial->serial=
- M_ASN1_INTEGER_dup(X509_get_serialNumber(x509));
+ if (!(p7i->issuer_and_serial->serial=
+ M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
+ goto err;
/* lets keep the pkey around for a while */
CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
{
- ASN1_INTEGER_set(p7i->version,0);
- X509_NAME_set(&p7i->issuer_and_serial->issuer,
- X509_get_issuer_name(x509));
+ if (!ASN1_INTEGER_set(p7i->version,0))
+ return 0;
+ if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
+ X509_get_issuer_name(x509)))
+ return 0;
M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
- p7i->issuer_and_serial->serial=
- M_ASN1_INTEGER_dup(X509_get_serialNumber(x509));
+ if (!(p7i->issuer_and_serial->serial=
+ M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
+ return 0;
X509_ALGOR_free(p7i->key_enc_algor);
- p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor);
+ if (!(p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor)))
+ return 0;
CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
p7i->cert=x509;
ret=1;
err:
if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
- OPENSSL_cleanse(s,(unsigned int)siglen);
- OPENSSL_free(s);
+ if (s != NULL)
+ {
+ OPENSSL_cleanse(s,(unsigned int)siglen);
+ OPENSSL_free(s);
+ }
return(ret);
}
}
if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) {
RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
- return(0);
+ goto err;
}
i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
}
err:
if (sig != NULL) X509_SIG_free(sig);
- OPENSSL_cleanse(s,(unsigned int)siglen);
- OPENSSL_free(s);
+ if (s != NULL)
+ {
+ OPENSSL_cleanse(s,(unsigned int)siglen);
+ OPENSSL_free(s);
+ }
return(ret);
}
X509_set_subject_name(ret,X509_NAME_dup(xn));
X509_set_issuer_name(ret,X509_NAME_dup(xn));
- X509_gmtime_adj(xi->validity->notBefore,0);
- X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days);
+ if (X509_gmtime_adj(xi->validity->notBefore,0) == NULL)
+ goto err;
+ if (X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days) == NULL)
+ goto err;
X509_set_pubkey(ret,X509_REQ_get_pubkey(r));
atm.length=sizeof(buff2);
atm.data=(unsigned char *)buff2;
- X509_time_adj(&atm,-offset*60, cmp_time);
+ if (X509_time_adj(&atm,-offset*60, cmp_time) == NULL)
+ return 0;
if (ctm->type == V_ASN1_UTCTIME)
{
for(bnam = method->usr_data; bnam->lname; bnam++) {
if(!strcmp(bnam->sname, val->name) ||
!strcmp(bnam->lname, val->name) ) {
- ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1);
+ if(!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) {
+ X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
+ ERR_R_MALLOC_FAILURE);
+ M_ASN1_BIT_STRING_free(bs);
+ return NULL;
+ }
break;
}
}
{
char *tmp;
if(!ia5 || !ia5->length) return NULL;
- if (!(tmp = OPENSSL_malloc(ia5->length + 1))) return NULL;
+ if(!(tmp = OPENSSL_malloc(ia5->length + 1))) {
+ X509V3err(X509V3_F_I2S_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
memcpy(tmp, ia5->data, ia5->length);
tmp[ia5->length] = 0;
return tmp;
/* crypto/x509v3/v3err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
{ERR_PACK(0,X509V3_F_DO_EXT_I2D,0), "DO_EXT_I2D"},
{ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"},
{ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"},
+{ERR_PACK(0,X509V3_F_I2S_ASN1_IA5STRING,0), "I2S_ASN1_IA5STRING"},
{ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"},
{ERR_PACK(0,X509V3_F_I2V_AUTHORITY_INFO_ACCESS,0), "I2V_AUTHORITY_INFO_ACCESS"},
{ERR_PACK(0,X509V3_F_NOTICE_SECTION,0), "NOTICE_SECTION"},
#define X509V3_F_DO_EXT_I2D 135
#define X509V3_F_HEX_TO_STRING 111
#define X509V3_F_I2S_ASN1_ENUMERATED 121
+#define X509V3_F_I2S_ASN1_IA5STRING 142
#define X509V3_F_I2S_ASN1_INTEGER 120
#define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138
#define X509V3_F_NOTICE_SECTION 132
projects / oweals / openssl.git / commitdiff