提交 a0e7c8ee 编写于 作者: D Dr. Stephen Henson

Add lots of checks for memory allocation failure, error codes to indicate

failure and freeing up memory if a failure occurs.

PR:620
上级 a8e00b17
......@@ -745,6 +745,10 @@
Changes between 0.9.7e and 0.9.7f [XX xxx XXXX]
*) Add lots of checks for memory allocation failure, error codes to indicate
failure and freeing up memory if a failure occurs.
[Nauticus Networks SSL Team <openssl@nauticusnet.com>, Steve Henson]
*) Add new -passin argument to dgst.
[Steve Henson]
......
......@@ -195,7 +195,12 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
c=(unsigned char *)OPENSSL_realloc_clean(a->data,
a->length,
w+1);
if (c == NULL) return(0);
if (c == NULL)
{
ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT,ERR_R_MALLOC_FAILURE);
return 0;
}
if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length);
if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length);
a->data=c;
a->length=w+1;
......
......@@ -65,6 +65,7 @@
# include <sys/types.h>
#endif
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/buffer.h>
#include <openssl/x509.h>
......@@ -78,7 +79,11 @@ int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
unsigned char *str,*p;
i=i2d(data,NULL);
if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL) return(0);
if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL)
{
ASN1err(ASN1_F_ASN1_DIGEST,ERR_R_MALLOC_FAILURE);
return(0);
}
p=str;
i2d(data,&p);
......
......@@ -158,7 +158,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);
if (!new_data)
{
ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
goto err;
}
ret->data=new_data;
......
......@@ -192,8 +192,9 @@ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
{
if (s != NULL)
{
ASN1_STRING_set((ASN1_STRING *)s,
(unsigned char *)str,t.length);
if (!ASN1_STRING_set((ASN1_STRING *)s,
(unsigned char *)str,t.length))
return 0;
s->type=V_ASN1_GENERALIZEDTIME;
}
return(1);
......@@ -223,7 +224,12 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
if ((p == NULL) || ((size_t)s->length < len))
{
p=OPENSSL_malloc(len);
if (p == NULL) return(NULL);
if (p == NULL)
{
ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_SET,
ERR_R_MALLOC_FAILURE);
return(NULL);
}
if (s->data != NULL)
OPENSSL_free(s->data);
s->data=(unsigned char *)p;
......
......@@ -118,8 +118,13 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag,
}
pStart = p; /* Catch the beg of Setblobs*/
if (!(rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)))) return 0; /* In this array
we will store the SET blobs */
/* In this array we will store the SET blobs */
rgSetBlob = (MYBLOB *)OPENSSL_malloc(sk_num(a) * sizeof(MYBLOB));
if (rgSetBlob == NULL)
{
ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
return(0);
}
for (i=0; i<sk_num(a); i++)
{
......@@ -135,7 +140,11 @@ SetBlob
/* Now we have to sort the blobs. I am using a simple algo.
*Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
if (!(pTempMem = OPENSSL_malloc(totSize))) return 0;
if (!(pTempMem = OPENSSL_malloc(totSize)))
{
ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
return(0);
}
/* Copy to temp mem */
p = pTempMem;
......@@ -160,7 +169,13 @@ STACK *d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length,
STACK *ret=NULL;
if ((a == NULL) || ((*a) == NULL))
{ if ((ret=sk_new_null()) == NULL) goto err; }
{
if ((ret=sk_new_null()) == NULL)
{
ASN1err(ASN1_F_D2I_ASN1_SET,ERR_R_MALLOC_FAILURE);
goto err;
}
}
else
ret=(*a);
......
......@@ -173,8 +173,9 @@ int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str)
{
if (s != NULL)
{
ASN1_STRING_set((ASN1_STRING *)s,
(unsigned char *)str,t.length);
if (!ASN1_STRING_set((ASN1_STRING *)s,
(unsigned char *)str,t.length))
return 0;
s->type = V_ASN1_UTCTIME;
}
return(1);
......@@ -203,7 +204,12 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
if ((p == NULL) || ((size_t)s->length < len))
{
p=OPENSSL_malloc(len);
if (p == NULL) return(NULL);
if (p == NULL)
{
ASN1err(ASN1_F_ASN1_UTCTIME_SET,ERR_R_MALLOC_FAILURE);
return(NULL);
}
if (s->data != NULL)
if (s->data != NULL)
OPENSSL_free(s->data);
s->data=(unsigned char *)p;
......
......@@ -993,6 +993,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_F_A2I_ASN1_INTEGER 102
#define ASN1_F_A2I_ASN1_STRING 103
#define ASN1_F_APPEND_TAG 176
#define ASN1_F_ASN1_BIT_STRING_SET_BIT 183
#define ASN1_F_ASN1_CB 177
#define ASN1_F_ASN1_CHECK_TLEN 104
#define ASN1_F_ASN1_COLLATE_PRIMITIVE 105
......@@ -1000,10 +1001,12 @@ void ERR_load_ASN1_strings(void);
#define ASN1_F_ASN1_D2I_BIO 107
#define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108
#define ASN1_F_ASN1_D2I_FP 109
#define ASN1_F_ASN1_DIGEST 184
#define ASN1_F_ASN1_DO_ADB 110
#define ASN1_F_ASN1_DUP 111
#define ASN1_F_ASN1_ENUMERATED_SET 112
#define ASN1_F_ASN1_ENUMERATED_TO_BN 113
#define ASN1_F_ASN1_GENERALIZEDTIME_SET 185
#define ASN1_F_ASN1_GENERATE_V3 178
#define ASN1_F_ASN1_GET_OBJECT 114
#define ASN1_F_ASN1_HEADER_NEW 115
......@@ -1021,6 +1024,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_F_ASN1_SEQ_UNPACK 127
#define ASN1_F_ASN1_SIGN 128
#define ASN1_F_ASN1_STR2TYPE 179
#define ASN1_F_ASN1_STRING_SET 186
#define ASN1_F_ASN1_STRING_TABLE_ADD 129
#define ASN1_F_ASN1_STRING_TYPE_NEW 130
#define ASN1_F_ASN1_TEMPLATE_D2I 131
......@@ -1030,6 +1034,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134
#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135
#define ASN1_F_ASN1_UNPACK_STRING 136
#define ASN1_F_ASN1_UTCTIME_SET 187
#define ASN1_F_ASN1_VERIFY 137
#define ASN1_F_BITSTR_CB 180
#define ASN1_F_BN_TO_ASN1_ENUMERATED 138
......@@ -1054,6 +1059,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_F_D2I_X509_CINF 157
#define ASN1_F_D2I_X509_NAME 158
#define ASN1_F_D2I_X509_PKEY 159
#define ASN1_F_I2D_ASN1_SET 188
#define ASN1_F_I2D_ASN1_TIME 160
#define ASN1_F_I2D_DSA_PUBKEY 161
#define ASN1_F_I2D_EC_PUBKEY 181
......
/* crypto/asn1/asn1_err.c */
/* ====================================================================
* Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
......@@ -71,6 +71,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
{ERR_PACK(0,ASN1_F_A2I_ASN1_INTEGER,0), "a2i_ASN1_INTEGER"},
{ERR_PACK(0,ASN1_F_A2I_ASN1_STRING,0), "a2i_ASN1_STRING"},
{ERR_PACK(0,ASN1_F_APPEND_TAG,0), "APPEND_TAG"},
{ERR_PACK(0,ASN1_F_ASN1_BIT_STRING_SET_BIT,0), "ASN1_BIT_STRING_set_bit"},
{ERR_PACK(0,ASN1_F_ASN1_CB,0), "ASN1_CB"},
{ERR_PACK(0,ASN1_F_ASN1_CHECK_TLEN,0), "ASN1_CHECK_TLEN"},
{ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMITIVE,0), "ASN1_COLLATE_PRIMITIVE"},
......@@ -78,10 +79,12 @@ static ERR_STRING_DATA ASN1_str_functs[]=
{ERR_PACK(0,ASN1_F_ASN1_D2I_BIO,0), "ASN1_d2i_bio"},
{ERR_PACK(0,ASN1_F_ASN1_D2I_EX_PRIMITIVE,0), "ASN1_D2I_EX_PRIMITIVE"},
{ERR_PACK(0,ASN1_F_ASN1_D2I_FP,0), "ASN1_d2i_fp"},
{ERR_PACK(0,ASN1_F_ASN1_DIGEST,0), "ASN1_digest"},
{ERR_PACK(0,ASN1_F_ASN1_DO_ADB,0), "ASN1_DO_ADB"},
{ERR_PACK(0,ASN1_F_ASN1_DUP,0), "ASN1_dup"},
{ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_SET,0), "ASN1_ENUMERATED_set"},
{ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_TO_BN,0), "ASN1_ENUMERATED_to_BN"},
{ERR_PACK(0,ASN1_F_ASN1_GENERALIZEDTIME_SET,0), "ASN1_GENERALIZEDTIME_set"},
{ERR_PACK(0,ASN1_F_ASN1_GENERATE_V3,0), "ASN1_generate_v3"},
{ERR_PACK(0,ASN1_F_ASN1_GET_OBJECT,0), "ASN1_get_object"},
{ERR_PACK(0,ASN1_F_ASN1_HEADER_NEW,0), "ASN1_HEADER_new"},
......@@ -99,6 +102,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
{ERR_PACK(0,ASN1_F_ASN1_SEQ_UNPACK,0), "ASN1_seq_unpack"},
{ERR_PACK(0,ASN1_F_ASN1_SIGN,0), "ASN1_sign"},
{ERR_PACK(0,ASN1_F_ASN1_STR2TYPE,0), "ASN1_STR2TYPE"},
{ERR_PACK(0,ASN1_F_ASN1_STRING_SET,0), "ASN1_STRING_set"},
{ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD,0), "ASN1_STRING_TABLE_add"},
{ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0), "ASN1_STRING_type_new"},
{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0), "ASN1_TEMPLATE_D2I"},
......@@ -108,6 +112,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0), "ASN1_TYPE_get_int_octetstring"},
{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0), "ASN1_TYPE_get_octetstring"},
{ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0), "ASN1_unpack_string"},
{ERR_PACK(0,ASN1_F_ASN1_UTCTIME_SET,0), "ASN1_UTCTIME_set"},
{ERR_PACK(0,ASN1_F_ASN1_VERIFY,0), "ASN1_verify"},
{ERR_PACK(0,ASN1_F_BITSTR_CB,0), "BITSTR_CB"},
{ERR_PACK(0,ASN1_F_BN_TO_ASN1_ENUMERATED,0), "BN_to_ASN1_ENUMERATED"},
......@@ -132,6 +137,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
{ERR_PACK(0,ASN1_F_D2I_X509_CINF,0), "D2I_X509_CINF"},
{ERR_PACK(0,ASN1_F_D2I_X509_NAME,0), "D2I_X509_NAME"},
{ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0), "d2i_X509_PKEY"},
{ERR_PACK(0,ASN1_F_I2D_ASN1_SET,0), "i2d_ASN1_SET"},
{ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0), "I2D_ASN1_TIME"},
{ERR_PACK(0,ASN1_F_I2D_DSA_PUBKEY,0), "i2d_DSA_PUBKEY"},
{ERR_PACK(0,ASN1_F_I2D_EC_PUBKEY,0), "i2d_EC_PUBKEY"},
......
......@@ -378,6 +378,7 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
if (str->data == NULL)
{
ASN1err(ASN1_F_ASN1_STRING_SET,ERR_R_MALLOC_FAILURE);
str->data=c;
return(0);
}
......
......@@ -115,7 +115,11 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
if ((osp=ASN1_STRING_new()) == NULL) return(0);
/* Grow the 'string' */
ASN1_STRING_set(osp,NULL,size);
if (!ASN1_STRING_set(osp,NULL,size))
{
ASN1_STRING_free(osp);
return(0);
}
M_ASN1_STRING_length_set(osp, size);
p=M_ASN1_STRING_data(osp);
......
......@@ -76,47 +76,55 @@ IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM)
X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,
int saltlen)
{
PBEPARAM *pbe;
PBEPARAM *pbe=NULL;
ASN1_OBJECT *al;
X509_ALGOR *algor;
ASN1_TYPE *astype;
ASN1_TYPE *astype=NULL;
if (!(pbe = PBEPARAM_new ())) {
ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
return NULL;
goto err;
}
if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
ASN1_INTEGER_set (pbe->iter, iter);
if (!ASN1_INTEGER_set(pbe->iter, iter)) {
ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
goto err;
}
if (!saltlen) saltlen = PKCS5_SALT_LEN;
if (!(pbe->salt->data = OPENSSL_malloc (saltlen))) {
ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
return NULL;
goto err;
}
pbe->salt->length = saltlen;
if (salt) memcpy (pbe->salt->data, salt, saltlen);
else if (RAND_pseudo_bytes (pbe->salt->data, saltlen) < 0)
return NULL;
goto err;
if (!(astype = ASN1_TYPE_new())) {
ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
return NULL;
goto err;
}
astype->type = V_ASN1_SEQUENCE;
if(!ASN1_pack_string(pbe, i2d_PBEPARAM, &astype->value.sequence)) {
ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
return NULL;
goto err;
}
PBEPARAM_free (pbe);
pbe = NULL;
al = OBJ_nid2obj(alg); /* never need to free al */
if (!(algor = X509_ALGOR_new())) {
ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
return NULL;
goto err;
}
ASN1_OBJECT_free(algor->algorithm);
algor->algorithm = al;
algor->parameter = astype;
return (algor);
err:
if (pbe != NULL) PBEPARAM_free(pbe);
if (astype != NULL) ASN1_TYPE_free(astype);
return NULL;
}
......@@ -84,7 +84,10 @@ int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
int bitnum;
bitnum = ASN1_BIT_STRING_num_asc(name, tbl);
if(bitnum < 0) return 0;
if(bs) ASN1_BIT_STRING_set_bit(bs, bitnum, value);
if(bs) {
if(!ASN1_BIT_STRING_set_bit(bs, bitnum, value))
return 0;
}
return 1;
}
......
......@@ -83,8 +83,7 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY)
int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
{
int ok=0;
X509_PUBKEY *pk;
X509_PUBKEY *pk=NULL;
X509_ALGOR *a;
ASN1_OBJECT *o;
unsigned char *s,*p = NULL;
......@@ -107,7 +106,11 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
(a->parameter->type != V_ASN1_NULL))
{
ASN1_TYPE_free(a->parameter);
a->parameter=ASN1_TYPE_new();
if (!(a->parameter=ASN1_TYPE_new()))
{
X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
goto err;
}
a->parameter->type=V_ASN1_NULL;
}
}
......@@ -120,14 +123,34 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
dsa=pkey->pkey.dsa;
dsa->write_params=0;
ASN1_TYPE_free(a->parameter);
i=i2d_DSAparams(dsa,NULL);
if ((p=(unsigned char *)OPENSSL_malloc(i)) == NULL) goto err;
if ((i=i2d_DSAparams(dsa,NULL)) <= 0)
goto err;
if (!(p=(unsigned char *)OPENSSL_malloc(i)))
{
X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
goto err;
}
pp=p;
i2d_DSAparams(dsa,&pp);
a->parameter=ASN1_TYPE_new();
if (!(a->parameter=ASN1_TYPE_new()))
{
OPENSSL_free(p);
X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
goto err;
}
a->parameter->type=V_ASN1_SEQUENCE;
a->parameter->value.sequence=ASN1_STRING_new();
ASN1_STRING_set(a->parameter->value.sequence,p,i);
if (!(a->parameter->value.sequence=ASN1_STRING_new()))
{
OPENSSL_free(p);
X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
goto err;
}
if (!ASN1_STRING_set(a->parameter->value.sequence,p,i))
{
OPENSSL_free(p);
X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
goto err;
}
OPENSSL_free(p);
}
#endif
......@@ -199,7 +222,12 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
}
p=s;
i2d_PublicKey(pkey,&p);
if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err;
if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i))
{
X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
goto err;
}
/* Set number of unused bits to zero */
/* Set number of unused bits to zero */
pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
......@@ -215,12 +243,11 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
X509_PUBKEY_free(*x);
*x=pk;
pk=NULL;
ok=1;
return 1;
err:
if (pk != NULL) X509_PUBKEY_free(pk);
return(ok);
return 0;
}
EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
......
......@@ -277,7 +277,7 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
BN_CTX_start(ctx);
if((Ri = BN_CTX_get(ctx)) == NULL) goto err;
R= &(mont->RR); /* grab RR as a temp */
BN_copy(&(mont->N),mod); /* Set N */
if (!BN_copy(&(mont->N),mod)) goto err; /* Set N */
mont->N.neg = 0;
#ifdef MONT_WORD
......
......@@ -341,7 +341,11 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
return NULL;
}
p8->broken = broken;
ASN1_INTEGER_set (p8->version, 0);
if (!ASN1_INTEGER_set(p8->version, 0)) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
PKCS8_PRIV_KEY_INFO_free (p8);
return NULL;
}
if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
PKCS8_PRIV_KEY_INFO_free (p8);
......@@ -418,29 +422,35 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
#ifndef OPENSSL_NO_DSA
static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
{
ASN1_STRING *params;
ASN1_INTEGER *prkey;
ASN1_TYPE *ttmp;
STACK_OF(ASN1_TYPE) *ndsa;
unsigned char *p, *q;
ASN1_STRING *params = NULL;
ASN1_INTEGER *prkey = NULL;
ASN1_TYPE *ttmp = NULL;
STACK_OF(ASN1_TYPE) *ndsa = NULL;
unsigned char *p = NULL, *q;
int len;
p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
len = i2d_DSAparams (pkey->pkey.dsa, NULL);
if (!(p = OPENSSL_malloc(len))) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
PKCS8_PRIV_KEY_INFO_free (p8);
return 0;
goto err;
}
q = p;
i2d_DSAparams (pkey->pkey.dsa, &q);
params = ASN1_STRING_new();
ASN1_STRING_set(params, p, len);
if (!(params = ASN1_STRING_new())) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
goto err;
}
if (!ASN1_STRING_set(params, p, len)) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
goto err;
}
OPENSSL_free(p);
p = NULL;
/* Get private key into integer */
if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
return 0;
goto err;
}
switch(p8->broken) {
......@@ -451,12 +461,13 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER,
&p8->pkey->value.octet_string)) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
M_ASN1_INTEGER_free (prkey);
return 0;
goto err;
}
M_ASN1_INTEGER_free (prkey);
prkey = NULL;
p8->pkeyalg->parameter->value.sequence = params;
params = NULL;
p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
break;
......@@ -464,32 +475,51 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
case PKCS8_NS_DB:
p8->pkeyalg->parameter->value.sequence = params;
params = NULL;
p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
ndsa = sk_ASN1_TYPE_new_null();
ttmp = ASN1_TYPE_new();
if (!(ttmp->value.integer = BN_to_ASN1_INTEGER (pkey->pkey.dsa->pub_key, NULL))) {
if (!(ndsa = sk_ASN1_TYPE_new_null())) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
goto err;
}
if (!(ttmp = ASN1_TYPE_new())) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
goto err;
}
if (!(ttmp->value.integer =
BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
PKCS8_PRIV_KEY_INFO_free(p8);
return 0;
goto err;
}
ttmp->type = V_ASN1_INTEGER;
sk_ASN1_TYPE_push(ndsa, ttmp);
if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
goto err;
}
ttmp = ASN1_TYPE_new();
if (!(ttmp = ASN1_TYPE_new())) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
goto err;
}
ttmp->value.integer = prkey;
prkey = NULL;
ttmp->type = V_ASN1_INTEGER;
sk_ASN1_TYPE_push(ndsa, ttmp);
if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
goto err;
}
ttmp = NULL;
p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
goto err;
}
if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
&p8->pkey->value.octet_string->data,
&p8->pkey->value.octet_string->length)) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
M_ASN1_INTEGER_free(prkey);
return 0;
goto err;
}
sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
break;
......@@ -497,32 +527,58 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
case PKCS8_EMBEDDED_PARAM:
p8->pkeyalg->parameter->type = V_ASN1_NULL;
ndsa = sk_ASN1_TYPE_new_null();
ttmp = ASN1_TYPE_new();
if (!(ndsa = sk_ASN1_TYPE_new_null())) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
goto err;
}
if (!(ttmp = ASN1_TYPE_new())) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
goto err;
}
ttmp->value.sequence = params;
params = NULL;
ttmp->type = V_ASN1_SEQUENCE;
sk_ASN1_TYPE_push(ndsa, ttmp);
if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
goto err;
}
ttmp = ASN1_TYPE_new();
if (!(ttmp = ASN1_TYPE_new())) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
goto err;
}
ttmp->value.integer = prkey;
prkey = NULL;
ttmp->type = V_ASN1_INTEGER;
sk_ASN1_TYPE_push(ndsa, ttmp);
if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
goto err;
}
ttmp = NULL;
p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
goto err;
}
if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
&p8->pkey->value.octet_string->data,
&p8->pkey->value.octet_string->length)) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
M_ASN1_INTEGER_free (prkey);
return 0;
goto err;
}
sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
break;
}
return 1;
err:
if (p != NULL) OPENSSL_free(p);
if (params != NULL) ASN1_STRING_free(params);
if (prkey != NULL) M_ASN1_INTEGER_free(prkey);
if (ttmp != NULL) ASN1_TYPE_free(ttmp);
if (ndsa != NULL) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
return 0;
}
#endif
......
......@@ -2,6 +2,7 @@
#include <stdlib.h>
#include <string.h>
#include <openssl/err.h>
#include <openssl/lhash.h>
#include <openssl/objects.h>
#include <openssl/safestack.h>
......@@ -80,7 +81,11 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
MemCheck_off();
name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS));
MemCheck_on();
if (!name_funcs) return(0);
if (!name_funcs)
{
OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX,ERR_R_MALLOC_FAILURE);
return(0);
}
name_funcs->hash_func = lh_strhash;
name_funcs->cmp_func = OPENSSL_strcmp;
name_funcs->free_func = 0; /* NULL is often declared to
......
......@@ -236,13 +236,13 @@ int OBJ_add_object(const ASN1_OBJECT *obj)
if (added == NULL)
if (!init_added()) return(0);
if ((o=OBJ_dup(obj)) == NULL) goto err;
if (!(ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err;
if (!(ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;
if ((o->length != 0) && (obj->data != NULL))
ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ));
if (!(ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;
if (o->sn != NULL)
ao[ADDED_SNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ));
if (!(ao[ADDED_SNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;
if (o->ln != NULL)
ao[ADDED_LNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ));
if (!(ao[ADDED_LNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;
for (i=ADDED_DATA; i<=ADDED_NID; i++)
{
......@@ -260,6 +260,8 @@ int OBJ_add_object(const ASN1_OBJECT *obj)
ASN1_OBJECT_FLAG_DYNAMIC_DATA);
return(o->nid);
err2:
OBJerr(OBJ_F_OBJ_ADD_OBJECT,ERR_R_MALLOC_FAILURE);
err:
for (i=ADDED_DATA; i<=ADDED_NID; i++)
if (ao[i] != NULL) OPENSSL_free(ao[i]);
......@@ -669,7 +671,7 @@ int OBJ_create(const char *oid, const char *sn, const char *ln)
if ((buf=(unsigned char *)OPENSSL_malloc(i)) == NULL)
{
OBJerr(OBJ_F_OBJ_CREATE,OBJ_R_MALLOC_FAILURE);
OBJerr(OBJ_F_OBJ_CREATE,ERR_R_MALLOC_FAILURE);
return(0);
}
i=a2d_ASN1_OBJECT(buf,i,oid,-1);
......
/* crypto/objects/obj_err.c */
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
......@@ -66,8 +66,10 @@
#ifndef OPENSSL_NO_ERR
static ERR_STRING_DATA OBJ_str_functs[]=
{
{ERR_PACK(0,OBJ_F_OBJ_ADD_OBJECT,0), "OBJ_add_object"},
{ERR_PACK(0,OBJ_F_OBJ_CREATE,0), "OBJ_create"},
{ERR_PACK(0,OBJ_F_OBJ_DUP,0), "OBJ_dup"},
{ERR_PACK(0,OBJ_F_OBJ_NAME_NEW_INDEX,0), "OBJ_NAME_new_index"},
{ERR_PACK(0,OBJ_F_OBJ_NID2LN,0), "OBJ_nid2ln"},
{ERR_PACK(0,OBJ_F_OBJ_NID2OBJ,0), "OBJ_nid2obj"},
{ERR_PACK(0,OBJ_F_OBJ_NID2SN,0), "OBJ_nid2sn"},
......
......@@ -1031,8 +1031,10 @@ void ERR_load_OBJ_strings(void);
/* Error codes for the OBJ functions. */
/* Function codes. */
#define OBJ_F_OBJ_ADD_OBJECT 105
#define OBJ_F_OBJ_CREATE 100
#define OBJ_F_OBJ_DUP 101
#define OBJ_F_OBJ_NAME_NEW_INDEX 106
#define OBJ_F_OBJ_NID2LN 102
#define OBJ_F_OBJ_NID2OBJ 103
#define OBJ_F_OBJ_NID2SN 104
......
......@@ -303,7 +303,7 @@ int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
if ((dsize=i2d(x,NULL)) < 0)
{
PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE);
PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_ASN1_LIB);
dsize=0;
goto err;
}
......
......@@ -76,15 +76,17 @@ PKCS12 *PKCS12_init (int mode)
if (!(pkcs12->authsafes->d.data =
M_ASN1_OCTET_STRING_new())) {
PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
return NULL;
goto err;
}
break;
default:
PKCS12err(PKCS12_F_PKCS12_INIT,PKCS12_R_UNSUPPORTED_PKCS12_MODE);
PKCS12_free(pkcs12);
return NULL;
break;
PKCS12err(PKCS12_F_PKCS12_INIT,
PKCS12_R_UNSUPPORTED_PKCS12_MODE);
goto err;
}
return pkcs12;
err:
if (pkcs12 != NULL) PKCS12_free(pkcs12);
return NULL;
}
......@@ -249,14 +249,26 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
return 1;
if (!(x509 = PKCS12_certbag2x509(bag))) return 0;
if(ckid) X509_keyid_set1(x509, ckid->data, ckid->length);
if(ckid)
{
if (!X509_keyid_set1(x509, ckid->data, ckid->length))
{
X509_free(x509);
return 0;
}
}
if(fname) {
int len;
int len, r;
unsigned char *data;
len = ASN1_STRING_to_UTF8(&data, fname);
if(len > 0) {
X509_alias_set1(x509, data, len);
r = X509_alias_set1(x509, data, len);
OPENSSL_free(data);
if (!r)
{
X509_free(x509);
return 0;
}
}
}
......
......@@ -148,7 +148,10 @@ int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
return 0;
}
ASN1_INTEGER_set(p12->mac->iter, iter);
if (!ASN1_INTEGER_set(p12->mac->iter, iter)) {
PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
return 0;
}
}
if (!saltlen) saltlen = PKCS12_SALT_LEN;
p12->mac->salt->length = saltlen;
......
......@@ -263,7 +263,13 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
OPENSSL_free(tmp);
goto err;
}
M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
if (!M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj))
{
PKCS7err(PKCS7_F_PKCS7_DATAINIT,
ERR_R_MALLOC_FAILURE);
OPENSSL_free(tmp);
goto err;
}
}
OPENSSL_free(tmp);
OPENSSL_cleanse(key, keylen);
......@@ -559,12 +565,20 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
case NID_pkcs7_signedAndEnveloped:
/* XXXXXXXXXXXXXXXX */
si_sk=p7->d.signed_and_enveloped->signer_info;
os=M_ASN1_OCTET_STRING_new();
if (!(os=M_ASN1_OCTET_STRING_new()))
{
PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_MALLOC_FAILURE);
goto err;
}
p7->d.signed_and_enveloped->enc_data->enc_data=os;
break;
case NID_pkcs7_enveloped:
/* XXXXXXXXXXXXXXXX */
os=M_ASN1_OCTET_STRING_new();
if (!(os=M_ASN1_OCTET_STRING_new()))
{
PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_MALLOC_FAILURE);
goto err;
}
p7->d.enveloped->enc_data->enc_data=os;
break;
case NID_pkcs7_signed:
......@@ -635,7 +649,12 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
if (!PKCS7_get_signed_attribute(si,
NID_pkcs9_signingTime))
{
sign_time=X509_gmtime_adj(NULL,0);
if (!(sign_time=X509_gmtime_adj(NULL,0)))
{
PKCS7err(PKCS7_F_PKCS7_DATASIGN,
ERR_R_MALLOC_FAILURE);
goto err;
}
PKCS7_add_signed_attribute(si,
NID_pkcs9_signingTime,
V_ASN1_UTCTIME,sign_time);
......@@ -644,8 +663,19 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
/* Add digest */
md_tmp=EVP_MD_CTX_md(&ctx_tmp);
EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len);
digest=M_ASN1_OCTET_STRING_new();
M_ASN1_OCTET_STRING_set(digest,md_data,md_len);
if (!(digest=M_ASN1_OCTET_STRING_new()))
{
PKCS7err(PKCS7_F_PKCS7_DATASIGN,
ERR_R_MALLOC_FAILURE);
goto err;
}
if (!M_ASN1_OCTET_STRING_set(digest,md_data,
md_len))
{
PKCS7err(PKCS7_F_PKCS7_DATASIGN,
ERR_R_MALLOC_FAILURE);
goto err;
}
PKCS7_add_signed_attribute(si,
NID_pkcs9_messageDigest,
V_ASN1_OCTET_STRING,digest);
......
......@@ -168,7 +168,12 @@ int PKCS7_set_type(PKCS7 *p7, int type)
p7->type=obj;
if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL)
goto err;
ASN1_INTEGER_set(p7->d.sign->version,1);
if (!ASN1_INTEGER_set(p7->d.sign->version,1))
{
PKCS7_SIGNED_free(p7->d.sign);
p7->d.sign=NULL;
goto err;
}
break;
case NID_pkcs7_data:
p7->type=obj;
......@@ -180,6 +185,9 @@ int PKCS7_set_type(PKCS7 *p7, int type)
if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new())
== NULL) goto err;
ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1);
if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1))
goto err;
break;
p7->d.signed_and_enveloped->enc_data->content_type
= OBJ_nid2obj(NID_pkcs7_data);
break;
......@@ -187,7 +195,8 @@ int PKCS7_set_type(PKCS7 *p7, int type)
p7->type=obj;
if ((p7->d.enveloped=PKCS7_ENVELOPE_new())
== NULL) goto err;
ASN1_INTEGER_set(p7->d.enveloped->version,0);
if (!ASN1_INTEGER_set(p7->d.enveloped->version,0))
goto err;
p7->d.enveloped->enc_data->content_type
= OBJ_nid2obj(NID_pkcs7_data);
break;
......@@ -195,7 +204,8 @@ int PKCS7_set_type(PKCS7 *p7, int type)
p7->type=obj;
if ((p7->d.encrypted=PKCS7_ENCRYPT_new())
== NULL) goto err;
ASN1_INTEGER_set(p7->d.encrypted->version,0);
if (!ASN1_INTEGER_set(p7->d.encrypted->version,0))
goto err;
p7->d.encrypted->enc_data->content_type
= OBJ_nid2obj(NID_pkcs7_data);
break;
......@@ -204,7 +214,8 @@ int PKCS7_set_type(PKCS7 *p7, int type)
p7->type=obj;
if ((p7->d.digest=PKCS7_DIGEST_new())
== NULL) goto err;
ASN1_INTEGER_set(p7->d.digest->version,0);
if (!ASN1_INTEGER_set(p7->d.digest->version,0))
goto err;
break;
default:
PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
......@@ -338,15 +349,18 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
else
is_dsa = 0;
/* We now need to add another PKCS7_SIGNER_INFO entry */
ASN1_INTEGER_set(p7i->version,1);
X509_NAME_set(&p7i->issuer_and_serial->issuer,
X509_get_issuer_name(x509));
if (!ASN1_INTEGER_set(p7i->version,1))
goto err;
if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
X509_get_issuer_name(x509)))
goto err;
/* because ASN1_INTEGER_set is used to set a 'long' we will do
* things the ugly way. */
M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
p7i->issuer_and_serial->serial=
M_ASN1_INTEGER_dup(X509_get_serialNumber(x509));
if (!(p7i->issuer_and_serial->serial=
M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
goto err;
/* lets keep the pkey around for a while */
CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
......@@ -483,16 +497,20 @@ int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
{
ASN1_INTEGER_set(p7i->version,0);
X509_NAME_set(&p7i->issuer_and_serial->issuer,
X509_get_issuer_name(x509));
if (!ASN1_INTEGER_set(p7i->version,0))
return 0;
if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
X509_get_issuer_name(x509)))
return 0;
M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
p7i->issuer_and_serial->serial=
M_ASN1_INTEGER_dup(X509_get_serialNumber(x509));
if (!(p7i->issuer_and_serial->serial=
M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
return 0;
X509_ALGOR_free(p7i->key_enc_algor);
p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor);
if (!(p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor)))
return 0;
CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
p7i->cert=x509;
......
......@@ -140,8 +140,11 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype,
ret=1;
err:
if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
OPENSSL_cleanse(s,(unsigned int)siglen);
OPENSSL_free(s);
if (s != NULL)
{
OPENSSL_cleanse(s,(unsigned int)siglen);
OPENSSL_free(s);
}
return(ret);
}
......@@ -169,7 +169,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
}
if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) {
RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
return(0);
goto err;
}
i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
......@@ -222,8 +222,11 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
}
err:
if (sig != NULL) X509_SIG_free(sig);
OPENSSL_cleanse(s,(unsigned int)siglen);
OPENSSL_free(s);
if (s != NULL)
{
OPENSSL_cleanse(s,(unsigned int)siglen);
OPENSSL_free(s);
}
return(ret);
}
......@@ -92,8 +92,10 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
X509_set_subject_name(ret,X509_NAME_dup(xn));
X509_set_issuer_name(ret,X509_NAME_dup(xn));
X509_gmtime_adj(xi->validity->notBefore,0);
X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days);
if (X509_gmtime_adj(xi->validity->notBefore,0) == NULL)
goto err;
if (X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days) == NULL)
goto err;
X509_set_pubkey(ret,X509_REQ_get_pubkey(r));
......
......@@ -1054,7 +1054,8 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
atm.length=sizeof(buff2);
atm.data=(unsigned char *)buff2;
X509_time_adj(&atm,-offset*60, cmp_time);
if (X509_time_adj(&atm,-offset*60, cmp_time) == NULL)
return 0;
if (ctm->type == V_ASN1_UTCTIME)
{
......
......@@ -118,7 +118,12 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
for(bnam = method->usr_data; bnam->lname; bnam++) {
if(!strcmp(bnam->sname, val->name) ||
!strcmp(bnam->lname, val->name) ) {
ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1);
if(!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) {
X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
ERR_R_MALLOC_FAILURE);
M_ASN1_BIT_STRING_free(bs);
return NULL;
}
break;
}
}
......
......@@ -82,7 +82,10 @@ static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
{
char *tmp;
if(!ia5 || !ia5->length) return NULL;
if (!(tmp = OPENSSL_malloc(ia5->length + 1))) return NULL;
if(!(tmp = OPENSSL_malloc(ia5->length + 1))) {
X509V3err(X509V3_F_I2S_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE);
return NULL;
}
memcpy(tmp, ia5->data, ia5->length);
tmp[ia5->length] = 0;
return tmp;
......
......@@ -74,6 +74,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
{ERR_PACK(0,X509V3_F_DO_I2V_NAME_CONSTRAINTS,0), "DO_I2V_NAME_CONSTRAINTS"},
{ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"},
{ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"},
{ERR_PACK(0,X509V3_F_I2S_ASN1_IA5STRING,0), "I2S_ASN1_IA5STRING"},
{ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"},
{ERR_PACK(0,X509V3_F_I2V_AUTHORITY_INFO_ACCESS,0), "I2V_AUTHORITY_INFO_ACCESS"},
{ERR_PACK(0,X509V3_F_NOTICE_SECTION,0), "NOTICE_SECTION"},
......@@ -92,7 +93,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ASC,0), "SXNET_get_id_asc"},
{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ULONG,0), "SXNET_get_id_ulong"},
{ERR_PACK(0,X509V3_F_V2I_ACCESS_DESCRIPTION,0), "V2I_ACCESS_DESCRIPTION"},
{ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0), "V2I_ASN1_BIT_STRING"},
{ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0), "v2i_ASN1_BIT_STRING"},
{ERR_PACK(0,X509V3_F_V2I_AUTHORITY_KEYID,0), "V2I_AUTHORITY_KEYID"},
{ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0), "V2I_BASIC_CONSTRAINTS"},
{ERR_PACK(0,X509V3_F_V2I_CRLD,0), "V2I_CRLD"},
......
......@@ -624,6 +624,7 @@ void ERR_load_X509V3_strings(void);
#define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148
#define X509V3_F_HEX_TO_STRING 111
#define X509V3_F_I2S_ASN1_ENUMERATED 121
#define X509V3_F_I2S_ASN1_IA5STRING 149
#define X509V3_F_I2S_ASN1_INTEGER 120
#define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138
#define X509V3_F_NOTICE_SECTION 132
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册