aboutsummaryrefslogtreecommitdiffstats
path: root/engines
diff options
context:
space:
mode:
Diffstat (limited to 'engines')
-rw-r--r--engines/ccgost/gost2001.c10
-rw-r--r--engines/ccgost/gost2001_keyx.c2
-rw-r--r--engines/ccgost/gost94_keyx.c2
-rw-r--r--engines/ccgost/gost_ameth.c14
-rw-r--r--engines/ccgost/gost_pmeth.c4
-rw-r--r--engines/e_4758cca.c8
-rw-r--r--engines/e_aep.c3
-rw-r--r--engines/e_capi.c13
-rw-r--r--engines/e_chil.c35
9 files changed, 83 insertions, 8 deletions
diff --git a/engines/ccgost/gost2001.c b/engines/ccgost/gost2001.c
index 9536295430d0..881d0d3c9097 100644
--- a/engines/ccgost/gost2001.c
+++ b/engines/ccgost/gost2001.c
@@ -434,8 +434,16 @@ int gost2001_compute_public(EC_KEY *ec)
int gost2001_keygen(EC_KEY *ec)
{
BIGNUM *order = BN_new(), *d = BN_new();
- const EC_GROUP *group = EC_KEY_get0_group(ec);
+ const EC_GROUP *group = NULL;
+
+ if (order == NULL || d == NULL) {
+ GOSTerr(GOST_F_GOST2001_KEYGEN, ERR_R_MALLOC_FAILURE);
+ BN_free(d);
+ BN_free(order);
+ return 0;
+ }
+ group = EC_KEY_get0_group(ec);
if(!group || !EC_GROUP_get_order(group, order, NULL)) {
GOSTerr(GOST_F_GOST2001_KEYGEN, ERR_R_INTERNAL_ERROR);
BN_free(d);
diff --git a/engines/ccgost/gost2001_keyx.c b/engines/ccgost/gost2001_keyx.c
index db1bdc18fd76..ac7862eab550 100644
--- a/engines/ccgost/gost2001_keyx.c
+++ b/engines/ccgost/gost2001_keyx.c
@@ -147,6 +147,8 @@ int pkey_GOST01cp_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out,
key_is_ephemeral = 1;
if (out) {
sec_key = EVP_PKEY_new();
+ if (sec_key == NULL)
+ goto err;
EVP_PKEY_assign(sec_key, EVP_PKEY_base_id(pubk), EC_KEY_new());
EVP_PKEY_copy_parameters(sec_key, pubk);
if (!gost2001_keygen(EVP_PKEY_get0(sec_key))) {
diff --git a/engines/ccgost/gost94_keyx.c b/engines/ccgost/gost94_keyx.c
index ce57f17cbf32..3532bfff3e96 100644
--- a/engines/ccgost/gost94_keyx.c
+++ b/engines/ccgost/gost94_keyx.c
@@ -126,6 +126,8 @@ int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
key_is_ephemeral = 1;
if (out) {
mykey = EVP_PKEY_new();
+ if (!mykey)
+ goto memerr;
EVP_PKEY_assign(mykey, EVP_PKEY_base_id(pubk), DSA_new());
EVP_PKEY_copy_parameters(mykey, pubk);
if (!gost_sign_keygen(EVP_PKEY_get0(mykey))) {
diff --git a/engines/ccgost/gost_ameth.c b/engines/ccgost/gost_ameth.c
index b7c5354c1ae2..8283f192f4aa 100644
--- a/engines/ccgost/gost_ameth.c
+++ b/engines/ccgost/gost_ameth.c
@@ -617,6 +617,10 @@ static int pub_decode_gost94(EVP_PKEY *pk, X509_PUBKEY *pub)
return 0;
}
databuf = OPENSSL_malloc(octet->length);
+ if (databuf == NULL) {
+ GOSTerr(GOST_F_PUB_DECODE_GOST94, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
for (i = 0, j = octet->length - 1; i < octet->length; i++, j--) {
databuf[j] = octet->data[i];
}
@@ -646,6 +650,8 @@ static int pub_encode_gost94(X509_PUBKEY *pub, const EVP_PKEY *pk)
}
data_len = BN_num_bytes(dsa->pub_key);
databuf = OPENSSL_malloc(data_len);
+ if (databuf == NULL)
+ return 0;
BN_bn2bin(dsa->pub_key, databuf);
octet = ASN1_OCTET_STRING_new();
ASN1_STRING_set(octet, NULL, data_len);
@@ -686,6 +692,10 @@ static int pub_decode_gost01(EVP_PKEY *pk, X509_PUBKEY *pub)
return 0;
}
databuf = OPENSSL_malloc(octet->length);
+ if (databuf == NULL) {
+ GOSTerr(GOST_F_PUB_DECODE_GOST01, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
for (i = 0, j = octet->length - 1; i < octet->length; i++, j--) {
databuf[j] = octet->data[i];
}
@@ -760,6 +770,10 @@ static int pub_encode_gost01(X509_PUBKEY *pub, const EVP_PKEY *pk)
data_len = 2 * BN_num_bytes(order);
BN_free(order);
databuf = OPENSSL_malloc(data_len);
+ if (databuf == NULL) {
+ GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
memset(databuf, 0, data_len);
store_bignum(X, databuf + data_len / 2, data_len / 2);
diff --git a/engines/ccgost/gost_pmeth.c b/engines/ccgost/gost_pmeth.c
index 4a79a85cfc62..696829253b62 100644
--- a/engines/ccgost/gost_pmeth.c
+++ b/engines/ccgost/gost_pmeth.c
@@ -107,6 +107,8 @@ static int pkey_gost_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
return 1;
case EVP_PKEY_CTRL_SET_IV:
pctx->shared_ukm = OPENSSL_malloc((int)p1);
+ if (pctx->shared_ukm == NULL)
+ return 0;
memcpy(pctx->shared_ukm, p2, (int)p1);
return 1;
case EVP_PKEY_CTRL_PEER_KEY:
@@ -533,6 +535,8 @@ static int pkey_gost_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
return 0;
}
keydata = OPENSSL_malloc(32);
+ if (keydata == NULL)
+ return 0;
memcpy(keydata, data->key, 32);
EVP_PKEY_assign(pkey, NID_id_Gost28147_89_MAC, keydata);
return 1;
diff --git a/engines/e_4758cca.c b/engines/e_4758cca.c
index 5f771986cfae..60ba4abcdfaf 100644
--- a/engines/e_4758cca.c
+++ b/engines/e_4758cca.c
@@ -463,6 +463,10 @@ static EVP_PKEY *ibm_4758_load_privkey(ENGINE *e, const char *key_id,
(*(long *)keyToken) = keyTokenLength;
rtmp = RSA_new_method(e);
+ if (rtmp == NULL) {
+ CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
@@ -535,6 +539,10 @@ static EVP_PKEY *ibm_4758_load_pubkey(ENGINE *e, const char *key_id,
(*(long *)keyToken) = keyTokenLength;
rtmp = RSA_new_method(e);
+ if (rtmp == NULL) {
+ CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
diff --git a/engines/e_aep.c b/engines/e_aep.c
index 9bfda76a927d..4e97d29497e7 100644
--- a/engines/e_aep.c
+++ b/engines/e_aep.c
@@ -1137,7 +1137,8 @@ static AEP_RV ConvertAEPBigNum(void *ArbBigNum, AEP_U32 BigNumSize,
/*
* Expand the result bn so that it can hold our big num. Size is in bits
*/
- bn_expand(bn, (int)(BigNumSize << 3));
+ if (bn_expand(bn, (int)(BigNumSize << 3)) == NULL)
+ return AEP_R_HOST_MEMORY;
# ifdef SIXTY_FOUR_BIT_LONG
bn->top = BigNumSize >> 3;
diff --git a/engines/e_capi.c b/engines/e_capi.c
index 6e524633f3f0..8c08872bfdf4 100644
--- a/engines/e_capi.c
+++ b/engines/e_capi.c
@@ -1106,6 +1106,10 @@ static int capi_get_provname(CAPI_CTX * ctx, LPSTR * pname, DWORD * ptype,
name = alloca(len);
else
name = OPENSSL_malloc(len);
+ if (name == NULL) {
+ CAPIerr(CAPI_F_CAPI_GET_PROVNAME, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
if (!CryptEnumProviders(idx, NULL, 0, ptype, name, &len)) {
err = GetLastError();
if (err == ERROR_NO_MORE_ITEMS)
@@ -1286,6 +1290,10 @@ char *capi_cert_get_fname(CAPI_CTX * ctx, PCCERT_CONTEXT cert)
(cert, CERT_FRIENDLY_NAME_PROP_ID, NULL, &dlen))
return NULL;
wfname = OPENSSL_malloc(dlen);
+ if (wfname == NULL) {
+ CAPIerr(CAPI_F_CAPI_CERT_GET_FNAME, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
if (CertGetCertificateContextProperty
(cert, CERT_FRIENDLY_NAME_PROP_ID, wfname, &dlen)) {
char *fname = wide_to_asc(wfname);
@@ -1436,6 +1444,11 @@ static CAPI_KEY *capi_get_key(CAPI_CTX * ctx, const TCHAR *contname,
CAPI_KEY *key;
DWORD dwFlags = 0;
key = OPENSSL_malloc(sizeof(CAPI_KEY));
+ if (key == NULL) {
+ CAPIerr(CAPI_F_CAPI_GET_KEY, ERR_R_MALLOC_FAILURE);
+ capi_addlasterror();
+ goto err;
+ }
if (sizeof(TCHAR) == sizeof(char))
CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n",
contname, provname, ptype);
diff --git a/engines/e_chil.c b/engines/e_chil.c
index 5dfab5134527..d5e4cb67c440 100644
--- a/engines/e_chil.c
+++ b/engines/e_chil.c
@@ -810,9 +810,17 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
# endif
# ifndef OPENSSL_NO_RSA
rtmp = RSA_new_method(eng);
+ if (rtmp == NULL) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
RSA_set_ex_data(rtmp, hndidx_rsa, (char *)hptr);
rtmp->e = BN_new();
rtmp->n = BN_new();
+ if (rtmp->e == NULL || rtmp->n == NULL) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
rtmp->flags |= RSA_FLAG_EXT_PKEY;
MPI2BN(rtmp->e, e);
MPI2BN(rtmp->n, n);
@@ -823,8 +831,14 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
goto err;
}
- bn_expand2(rtmp->e, e.size / sizeof(BN_ULONG));
- bn_expand2(rtmp->n, n.size / sizeof(BN_ULONG));
+ if (bn_expand2(rtmp->e, e.size / sizeof(BN_ULONG)) == NULL) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (bn_expand2(rtmp->n, n.size / sizeof(BN_ULONG)) == NULL) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
MPI2BN(rtmp->e, e);
MPI2BN(rtmp->n, n);
@@ -923,7 +937,10 @@ static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
goto err;
}
/* Prepare the params */
- bn_expand2(r, m->top); /* Check for error !! */
+ if (bn_expand2(r, m->top) == NULL) { /* Check for error !! */
+ HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
BN2MPI(m_a, a);
BN2MPI(m_p, p);
BN2MPI(m_n, m);
@@ -989,7 +1006,10 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa,
}
/* Prepare the params */
- bn_expand2(r, rsa->n->top); /* Check for error !! */
+ if (bn_expand2(r, rsa->n->top) == NULL) { /* Check for error !! */
+ HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
BN2MPI(m_a, I);
MPI2BN(r, m_r);
@@ -1026,7 +1046,10 @@ static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa,
}
/* Prepare the params */
- bn_expand2(r, rsa->n->top); /* Check for error !! */
+ if (bn_expand2(r, rsa->n->top) == NULL) { /* Check for error !! */
+ HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
BN2MPI(m_a, I);
BN2MPI(m_p, rsa->p);
BN2MPI(m_q, rsa->q);
@@ -1272,7 +1295,7 @@ static int hwcrhk_insert_card(const char *prompt_info,
ui = UI_new_method(ui_method);
if (ui) {
- char answer;
+ char answer = '\0';
char buf[BUFSIZ];
/*
* Despite what the documentation says wrong_info can be an empty