From f90bc6c5cb9ca4d97730ff63e6d34fd94047893e Mon Sep 17 00:00:00 2001
From: Rich Salz <rsalz@openssl.org>
Date: Tue, 24 Apr 2018 12:41:45 -0400
Subject: [PATCH] Add missing malloc-return-null instance

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6071)
---
 crypto/err/openssl.txt    | 1 +
 crypto/x509/x509_err.c    | 2 ++
 crypto/x509/x509_vpm.c    | 9 ++++-----
 include/openssl/x509err.h | 1 +
 4 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index d62968e0ff..1b547eab0f 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1696,6 +1696,7 @@ X509_F_X509_TO_X509_REQ:126:X509_to_X509_REQ
 X509_F_X509_TRUST_ADD:133:X509_TRUST_add
 X509_F_X509_TRUST_SET:141:X509_TRUST_set
 X509_F_X509_VERIFY_CERT:127:X509_verify_cert
+X509_F_X509_VERIFY_PARAM_NEW:159:X509_VERIFY_PARAM_new
 
 #Reason codes
 ASN1_R_ADDING_OBJECT:171:adding object
diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c
index 7b9f505507..5027df4cb2 100644
--- a/crypto/x509/x509_err.c
+++ b/crypto/x509/x509_err.c
@@ -103,6 +103,8 @@ static const ERR_STRING_DATA X509_str_functs[] = {
     {ERR_PACK(ERR_LIB_X509, X509_F_X509_TRUST_ADD, 0), "X509_TRUST_add"},
     {ERR_PACK(ERR_LIB_X509, X509_F_X509_TRUST_SET, 0), "X509_TRUST_set"},
     {ERR_PACK(ERR_LIB_X509, X509_F_X509_VERIFY_CERT, 0), "X509_verify_cert"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_VERIFY_PARAM_NEW, 0),
+     "X509_VERIFY_PARAM_new"},
     {0, NULL}
 };
 
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 033ec423bc..fa51990912 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -84,13 +84,12 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
     X509_VERIFY_PARAM *param;
 
     param = OPENSSL_zalloc(sizeof(*param));
-    if (param == NULL)
+    if (param == NULL) {
+        X509err(X509_F_X509_VERIFY_PARAM_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
     param->trust = X509_TRUST_DEFAULT;
-    /*
-     * param->inh_flags = X509_VP_FLAG_DEFAULT;
-     */
-    param->inh_flags = 0;
+    /* param->inh_flags = X509_VP_FLAG_DEFAULT; */
     param->depth = -1;
     param->auth_level = -1; /* -1 means unset, 0 is explicit */
     return param;
diff --git a/include/openssl/x509err.h b/include/openssl/x509err.h
index 4faeffa329..15a0d75618 100644
--- a/include/openssl/x509err.h
+++ b/include/openssl/x509err.h
@@ -78,6 +78,7 @@ int ERR_load_X509_strings(void);
 # define X509_F_X509_TRUST_ADD                            133
 # define X509_F_X509_TRUST_SET                            141
 # define X509_F_X509_VERIFY_CERT                          127
+# define X509_F_X509_VERIFY_PARAM_NEW                     159
 
 /*
  * X509 reason codes.
-- 
2.25.1