backport recent changes from the cvs head
authorNils Larsch <nils@openssl.org>
Wed, 8 Feb 2006 19:16:33 +0000 (19:16 +0000)
committerNils Larsch <nils@openssl.org>
Wed, 8 Feb 2006 19:16:33 +0000 (19:16 +0000)
19 files changed:
crypto/asn1/a_strex.c
crypto/asn1/t_pkey.c
crypto/asn1/tasn_dec.c
crypto/bio/bss_file.c
crypto/bn/bn_gf2m.c
crypto/ec/ec_asn1.c
crypto/ec/ec_lib.c
crypto/ecdsa/ecs_lib.c
crypto/err/err.c
crypto/objects/obj_lib.c
crypto/rsa/rsa_depr.c
crypto/store/str_meth.c
crypto/x509/x509_r2x.c
crypto/x509v3/pcy_tree.c
engines/e_cswift.c
engines/e_sureware.c
ssl/d1_enc.c
ssl/d1_pkt.c
ssl/s3_srvr.c

index 45fe4bd1508210973500a83d3e71bc56aa5423ef..fc743c2ad08052b70e60727b67e303f8fdf83647 100644 (file)
@@ -194,6 +194,8 @@ static int do_buf(unsigned char *buf, int buflen,
                        if(i < 0) return -1;    /* Invalid UTF8String */
                        p += i;
                        break;
+                       default:
+                       return -1;      /* invalid width */
                }
                if (p == q) orflags = CHARTYPE_LAST_ESC_2253;
                if(type & BUF_TYPE_CONVUTF8) {
@@ -356,12 +358,13 @@ static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, ASN1_STR
        }
 
        len = do_buf(str->data, str->length, type, flags, &quotes, io_ch, NULL);
-       if(outlen < 0) return -1;
+       if(len < 0) return -1;
        outlen += len;
        if(quotes) outlen += 2;
        if(!arg) return outlen;
        if(quotes && !io_ch(arg, "\"", 1)) return -1;
-       do_buf(str->data, str->length, type, flags, NULL, io_ch, arg);
+       if(do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0)
+               return -1;
        if(quotes && !io_ch(arg, "\"", 1)) return -1;
        return outlen;
 }
index f54e5df157714c9faae3aed4f81bf19cf9c3b85b..afb95d67121a0995b2f7cd3ecf29df0d92f9d0e1 100644 (file)
@@ -109,7 +109,7 @@ int RSA_print(BIO *bp, const RSA *x, int off)
        char str[128];
        const char *s;
        unsigned char *m=NULL;
-       int ret=0;
+       int ret=0, mod_len = 0;
        size_t buf_len=0, i;
 
        if (x->n)
@@ -143,27 +143,37 @@ int RSA_print(BIO *bp, const RSA *x, int off)
                goto err;
                }
 
+       if (x->n != NULL)
+               mod_len = BN_num_bits(x->n);
+
        if (x->d != NULL)
                {
                if(!BIO_indent(bp,off,128))
                   goto err;
-               if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->n))
+               if (BIO_printf(bp,"Private-Key: (%d bit)\n", mod_len)
                        <= 0) goto err;
                }
 
        if (x->d == NULL)
-               BIO_snprintf(str,sizeof str,"Modulus (%d bit):",BN_num_bits(x->n));
+               BIO_snprintf(str,sizeof str,"Modulus (%d bit):", mod_len);
        else
                BUF_strlcpy(str,"modulus:",sizeof str);
        if (!print(bp,str,x->n,m,off)) goto err;
        s=(x->d == NULL)?"Exponent:":"publicExponent:";
-       if (!print(bp,s,x->e,m,off)) goto err;
-       if (!print(bp,"privateExponent:",x->d,m,off)) goto err;
-       if (!print(bp,"prime1:",x->p,m,off)) goto err;
-       if (!print(bp,"prime2:",x->q,m,off)) goto err;
-       if (!print(bp,"exponent1:",x->dmp1,m,off)) goto err;
-       if (!print(bp,"exponent2:",x->dmq1,m,off)) goto err;
-       if (!print(bp,"coefficient:",x->iqmp,m,off)) goto err;
+       if ((x->e != NULL) && !print(bp,s,x->e,m,off))
+               goto err;
+       if ((x->d != NULL) && !print(bp,"privateExponent:",x->d,m,off))
+               goto err;
+       if ((x->p != NULL) && !print(bp,"prime1:",x->p,m,off))
+               goto err;
+       if ((x->q != NULL) && !print(bp,"prime2:",x->q,m,off))
+               goto err;
+       if ((x->dmp1 != NULL) && !print(bp,"exponent1:",x->dmp1,m,off))
+               goto err;
+       if ((x->dmq1 != NULL) && !print(bp,"exponent2:",x->dmq1,m,off))
+               goto err;
+       if ((x->iqmp != NULL) && !print(bp,"coefficient:",x->iqmp,m,off))
+               goto err;
        ret=1;
 err:
        if (m != NULL) OPENSSL_free(m);
@@ -760,8 +770,8 @@ int DSAparams_print(BIO *bp, const DSA *x)
                BN_num_bits(x->p)) <= 0)
                goto err;
        if (!print(bp,"p:",x->p,m,4)) goto err;
-       if (!print(bp,"q:",x->q,m,4)) goto err;
-       if (!print(bp,"g:",x->g,m,4)) goto err;
+       if ((x->q != NULL) && !print(bp,"q:",x->q,m,4)) goto err;
+       if ((x->g != NULL) && !print(bp,"g:",x->g,m,4)) goto err;
        ret=1;
 err:
        if (m != NULL) OPENSSL_free(m);
index eddaae6c9dc314f79f76d6bc245d644a0fd4cf6b..73dad048bea18f80dac8d1f66a214941dd290133 100644 (file)
@@ -158,7 +158,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
        const ASN1_EXTERN_FUNCS *ef;
        const ASN1_AUX *aux = it->funcs;
        ASN1_aux_cb *asn1_cb;
-       const unsigned char *p, *q;
+       const unsigned char *p = NULL, *q;
        unsigned char *wp=NULL; /* BIG FAT WARNING!  BREAKS CONST WHERE USED */
        unsigned char imphack = 0, oclass;
        char seq_eoc, seq_nolen, cst, isopt;
@@ -283,6 +283,12 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                        {
                        wp = *(unsigned char **)in;
                        imphack = *wp;
+                       if (p == NULL)
+                               {
+                               ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+                                       ERR_R_NESTED_ASN1_ERROR);
+                               goto err;
+                               }
                        *wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED)
                                                                | it->utype);
                        }
@@ -924,6 +930,8 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
                if (!*pval)
                        {
                        typ = ASN1_TYPE_new();
+                       if (typ == NULL)
+                               goto err;
                        *pval = (ASN1_VALUE *)typ;
                        }
                else
index ad4b301388106a94a8a6dfe00167ff6351725bf5..b277367da3a4e0b6fd9453997daf5142eebb20ea 100644 (file)
@@ -128,7 +128,10 @@ BIO *BIO_new_file(const char *filename, const char *mode)
                return(NULL);
                }
        if ((ret=BIO_new(BIO_s_file_internal())) == NULL)
+               {
+               fclose(file);
                return(NULL);
+               }
 
        BIO_clear_flags(ret,BIO_FLAGS_UPLINK); /* we did fopen -> we disengage UPLINK */
        BIO_set_fp(ret,file,BIO_CLOSE);
index 2af6540ff30fcbb5ac7051a8f1bafd004241f1b5..6a793857e1305f19a548674a2d69a4bb7abb3111 100644 (file)
@@ -1080,7 +1080,8 @@ int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a)
        BN_zero(a);
        for (i = 0; p[i] != 0; i++)
                {
-               BN_set_bit(a, p[i]);
+               if (BN_set_bit(a, p[i]) == 0)
+                       return 0;
                }
        BN_set_bit(a, 0);
        bn_check_top(a);
index 5693201a26a94c9e37030b15208e8c70e7760089..dec913b8addcc5c4ea589de22feaea9c0937f444 100644 (file)
@@ -837,11 +837,6 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)
 
                /* create the EC_GROUP structure */
                ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL);
-               if (ret == NULL)
-                       {
-                       ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
-                       goto err;
-                       }
                }
        else if (tmp == NID_X9_62_prime_field)
                {
@@ -860,11 +855,17 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)
                        }
                /* create the EC_GROUP structure */
                ret = EC_GROUP_new_curve_GFp(p, a, b, NULL);
-               if (ret == NULL)
-                       {
-                       ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
-                       goto err;
-                       }
+               }
+       else
+               {
+               ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD);
+               goto err;
+               }
+
+       if (ret == NULL)
+               {
+               ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
+               goto err;
                }
 
        /* extract seed (optional) */
index a987d8985d66d6810c4836ae1fbbb405ef15e8f4..5af84376c6025ecff4ad452fb26be77de0875ccb 100644 (file)
@@ -147,7 +147,7 @@ void EC_GROUP_clear_free(EC_GROUP *group)
 
        if (group->meth->group_clear_finish != 0)
                group->meth->group_clear_finish(group);
-       else if (group->meth != NULL && group->meth->group_finish != 0)
+       else if (group->meth->group_finish != 0)
                group->meth->group_finish(group);
 
        EC_EX_DATA_clear_free_all_data(&group->extra_data);
index ab96a6dc9c24cf84125152b88bc201f506bb9e90..1fb9bc9600c86434c43465578446cb27cc72fbd5 100644 (file)
@@ -206,10 +206,14 @@ int ECDSA_size(const EC_KEY *r)
        ASN1_INTEGER bs;
        BIGNUM  *order=NULL;
        unsigned char buf[4];
-       const EC_GROUP *group = EC_KEY_get0_group(r);
+       const EC_GROUP *group;
 
-       if (r == NULL || group == NULL)
+       if (r == NULL)
+               return 0;
+       group = EC_KEY_get0_group(r);
+       if (group == NULL)
                return 0;
+
        if ((order = BN_new()) == NULL) return 0;
        if (!EC_GROUP_get_order(group,order,NULL))
        {
index e0847143831aed186a86b3745f67b0aab89182dd..72e3f3a26c7c99c1f474d7b8149cbb1adedcc152 100644 (file)
@@ -1108,7 +1108,7 @@ int ERR_pop_to_mark(void)
                {
                err_clear(es,es->top);
                es->top-=1;
-               if (es->top == -1) es->top=ERR_NUM_ERRORS;
+               if (es->top == -1) es->top=ERR_NUM_ERRORS-1;
                }
                
        if (es->bottom == es->top) return 0;
index b0b0f2ff24b2d2e1acd0470ec984f62bfe965a41..706fa0b0e78cec1da503471e4800a11eba6316fc 100644 (file)
@@ -82,7 +82,8 @@ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o)
        r->data=OPENSSL_malloc(o->length);
        if (r->data == NULL)
                goto err;
-       memcpy(r->data,o->data,o->length);
+       if (o->data != NULL)
+               memcpy(r->data,o->data,o->length);
        r->length=o->length;
        r->nid=o->nid;
        r->ln=r->sn=NULL;
index c5582b996d24cdf66426aaf9127c0dd3540c6039..a859ded987a28761a6f5f455ee0b2e8df87633e6 100644 (file)
@@ -83,7 +83,8 @@ RSA *RSA_generate_key(int bits, unsigned long e_value,
        for (i=0; i<(int)sizeof(unsigned long)*8; i++)
                {
                if (e_value & (1UL<<i))
-                       BN_set_bit(e,i);
+                       if (BN_set_bit(e,i) == 0)
+                               goto err;
                }
 
        BN_GENCB_set_old(&cb, callback, cb_arg);
index 648c08d76d814867ae63ae0c6429ca11e833283f..a46de03a2600c4b5d3dff7aa55f6da832d471cf1 100644 (file)
@@ -65,8 +65,10 @@ STORE_METHOD *STORE_create_method(char *name)
        STORE_METHOD *store_method = (STORE_METHOD *)OPENSSL_malloc(sizeof(STORE_METHOD));
 
        if (store_method)
+               {
                memset(store_method, 0, sizeof(*store_method));
-       store_method->name = BUF_strdup(name);
+               store_method->name = BUF_strdup(name);
+               }
        return store_method;
        }
 
index fb8a78dabebf963fef3b61af9b391b03036320de..254a14693d99f0e1f343a8e97568a17c6c96aa5b 100644 (file)
@@ -89,8 +89,10 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
                }
 
        xn=X509_REQ_get_subject_name(r);
-       X509_set_subject_name(ret,X509_NAME_dup(xn));
-       X509_set_issuer_name(ret,X509_NAME_dup(xn));
+       if (X509_set_subject_name(ret,X509_NAME_dup(xn)) == 0)
+               goto err;
+       if (X509_set_issuer_name(ret,X509_NAME_dup(xn)) == 0)
+               goto err;
 
        if (X509_gmtime_adj(xi->validity->notBefore,0) == NULL)
                goto err;
index 62eea0c4ab1e43f613158ce918183554ecb5005a..1c68ce3352ccce0ffb4c2aefc8806f99f685b4e4 100644 (file)
@@ -631,6 +631,7 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
                break;
                }
 
+       if (!tree) goto error;
        ret = tree_evaluate(tree);
 
        if (ret <= 0)
index e67379e23e62c1c9ff6a51044c642af51d6335bb..bc6517984649850c6ccb3d32f9b3af5c44a5c909 100644 (file)
@@ -744,6 +744,12 @@ static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx
        int to_return = 0;
        const RSA_METHOD * def_rsa_method;
 
+       if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
+               {
+               CSWIFTerr(CSWIFT_F_CSWIFT_RSA_MOD_EXP,CSWIFT_R_MISSING_KEY_COMPONENTS);
+               goto err;
+               }
+
        /* Try the limits of RSA (2048 bits) */
        if(BN_num_bytes(rsa->p) > 128 ||
                BN_num_bytes(rsa->q) > 128 ||
@@ -764,11 +770,6 @@ static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx
                        return def_rsa_method->rsa_mod_exp(r0, I, rsa, ctx);
        }
 
-       if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
-               {
-               CSWIFTerr(CSWIFT_F_CSWIFT_RSA_MOD_EXP,CSWIFT_R_MISSING_KEY_COMPONENTS);
-               goto err;
-               }
        to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
                rsa->dmq1, rsa->iqmp, ctx);
 err:
index 424b82fd98f72776046d31d893a7909fd5b15573..58fa9a98ee23b7b18dfdd03ec980fb339dcaaac2 100644 (file)
@@ -976,11 +976,13 @@ static    DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *from, int flen, DSA
        if (!p_surewarehk_Dsa_Sign)
        {
                SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ENGINE_R_NOT_INITIALISED);
+               goto err;
        }
        /* extract ref to private key */
        else if (!(hptr=DSA_get_ex_data(dsa, dsaHndidx)))
        {
                SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,SUREWARE_R_MISSING_KEY_COMPONENTS);
+               goto err;
        }
        else
        {
index 42997eaee99015cead88707fe4af3955c1c52deb..cbff7495c502a45c91f27db3d9268bb849329dba 100644 (file)
@@ -146,7 +146,10 @@ int dtls1_enc(SSL *s, int send)
                                fprintf(stderr, "%s:%d: rec->data != rec->input\n",
                                        __FILE__, __LINE__);
                        else if ( EVP_CIPHER_block_size(ds->cipher) > 1)
-                               RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher));
+                               {
+                               if (!RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)))
+                                       return -1;
+                               }
                        }
                }
        else
index 892b8897088c0091eb73445f2dcb11619428b3ca..be6ee323268459a682a6da9e9f20535167064b2a 100644 (file)
@@ -197,7 +197,13 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, PQ_64BIT priority)
        memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
        memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD));
        
-       ssl3_setup_buffers(s);
+       if (!ssl3_setup_buffers(s))
+               {
+               SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
+               OPENSSL_free(rdata);
+               pitem_free(item);
+               return(0);
+               }
        
        return(1);
     }
index 1a52d1b7ff3c4047fc26d33688241b3bdd900ad5..a8c5df822c776a30da42b591426f52532c643f23 100644 (file)
@@ -2102,8 +2102,13 @@ int ssl3_get_client_key_exchange(SSL *s)
                                goto f_err;
                                }
 
-                       EC_POINT_copy(clnt_ecpoint,
-                           EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec));
+                       if (EC_POINT_copy(clnt_ecpoint,
+                           EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec)) == 0)
+                               {
+                               SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                                       ERR_R_EC_LIB);
+                               goto err;
+                               }
                         ret = 2; /* Skip certificate verify processing */
                         }
                 else