Fix dsaparam -genkey with DER outform

[openssl.git] / ssl / ssl_cert.c

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 93a1eb941ab942e6aa84d19425d9437c1d2e2318..363d2b2d60448431e6e9c3549026fa98fe18b063 100644 (file)
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -227,6 +227,7 @@ CERT *ssl_cert_dup(CERT *cert)
 
     memset(ret, 0, sizeof(CERT));
 
+    ret->references = 1;
     ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
     /*
      * or ret->key = ret->pkeys + (cert->key - cert->pkeys), if you find that
@@ -314,7 +315,7 @@ CERT *ssl_cert_dup(CERT *cert)
                 OPENSSL_malloc(cert->pkeys[i].serverinfo_length);
             if (ret->pkeys[i].serverinfo == NULL) {
                 SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
-                return NULL;
+                goto err;
             }
             ret->pkeys[i].serverinfo_length =
                 cert->pkeys[i].serverinfo_length;
@@ -325,7 +326,6 @@ CERT *ssl_cert_dup(CERT *cert)
 #endif
     }
 
-    ret->references = 1;
     /*
      * Set digests to defaults. NB: we don't copy existing values as they
      * will be set during handshake.
@@ -392,9 +392,7 @@ CERT *ssl_cert_dup(CERT *cert)
 
     return (ret);
 
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
  err:
-#endif
 #ifndef OPENSSL_NO_RSA
     if (ret->rsa_tmp != NULL)
         RSA_free(ret->rsa_tmp);
@@ -414,6 +412,7 @@ CERT *ssl_cert_dup(CERT *cert)
 #endif
 
     ssl_cert_clear_certs(ret);
+    OPENSSL_free(ret);
 
     return NULL;
 }
@@ -504,6 +503,8 @@ void ssl_cert_free(CERT *c)
 #ifndef OPENSSL_NO_TLSEXT
     custom_exts_free(&c->cli_ext);
     custom_exts_free(&c->srv_ext);
+    if (c->alpn_proposed)
+        OPENSSL_free(c->alpn_proposed);
 #endif
     OPENSSL_free(c);
 }
@@ -635,13 +636,13 @@ SESS_CERT *ssl_sess_cert_new(void)
 {
     SESS_CERT *ret;
 
-    ret = OPENSSL_malloc(sizeof *ret);
+    ret = OPENSSL_malloc(sizeof(*ret));
     if (ret == NULL) {
         SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
 
-    memset(ret, 0, sizeof *ret);
+    memset(ret, 0, sizeof(*ret));
     ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]);
     ret->references = 1;
 
@@ -1017,15 +1018,15 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
         char buf[1024];
         int r;
 
-        if (strlen(dir) + strlen(filename) + 2 > sizeof buf) {
+        if (strlen(dir) + strlen(filename) + 2 > sizeof(buf)) {
             SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,
                    SSL_R_PATH_TOO_LONG);
             goto err;
         }
 #ifdef OPENSSL_SYS_VMS
-        r = BIO_snprintf(buf, sizeof buf, "%s%s", dir, filename);
+        r = BIO_snprintf(buf, sizeof(buf), "%s%s", dir, filename);
 #else
-        r = BIO_snprintf(buf, sizeof buf, "%s/%s", dir, filename);
+        r = BIO_snprintf(buf, sizeof(buf), "%s/%s", dir, filename);
 #endif
         if (r <= 0 || r >= (int)sizeof(buf))
             goto err;
@@ -1057,13 +1058,18 @@ static int ssl_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
     unsigned char *p;
 
     n = i2d_X509(x, NULL);
-    if (!BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) {
+    if (n < 0 || !BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) {
         SSLerr(SSL_F_SSL_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
         return 0;
     }
     p = (unsigned char *)&(buf->data[*l]);
     l2n3(n, p);
-    i2d_X509(x, &p);
+    n = i2d_X509(x, &p);
+    if (n < 0) {
+        /* Shouldn't happen */
+        SSLerr(SSL_F_SSL_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
+        return 0;
+    }
     *l += n + 3;
 
     return 1;