[openssl-commits] [openssl] master update

matthias.st.pierre at ncp-e.com matthias.st.pierre at ncp-e.com
Tue Apr 24 07:13:16 UTC 2018


The branch master has been updated
       via  7fcdbd839c629f5419a49bf8da28c968c8140c3d (commit)
      from  d8f436f3cf771d519573460b14ece6ed01a157ff (commit)


- Log -----------------------------------------------------------------
commit 7fcdbd839c629f5419a49bf8da28c968c8140c3d
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date:   Wed Mar 28 22:32:31 2018 +0200

    X509: add more error codes on malloc or sk_TYP_push failure
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    (Merged from https://github.com/openssl/openssl/pull/5837)

-----------------------------------------------------------------------

Summary of changes:
 crypto/err/openssl.txt      | 12 ++++++++++
 crypto/x509/by_dir.c        | 42 +++++++++++++++++++++-------------
 crypto/x509/by_file.c       |  2 +-
 crypto/x509/x509_err.c      | 12 +++++++++-
 crypto/x509/x509_lu.c       | 55 ++++++++++++++++++++++++++++-----------------
 crypto/x509/x509_vfy.c      |  3 +++
 crypto/x509/x_crl.c         |  9 +++++---
 crypto/x509/x_name.c        | 28 ++++++++++++++---------
 crypto/x509/x_pubkey.c      |  2 +-
 crypto/x509/x_x509.c        |  6 +++--
 crypto/x509v3/pcy_cache.c   | 26 ++++++++++++++-------
 crypto/x509v3/pcy_data.c    |  6 ++++-
 crypto/x509v3/pcy_node.c    | 21 ++++++++++++-----
 crypto/x509v3/v3_cpols.c    |  2 +-
 crypto/x509v3/v3err.c       |  8 ++++++-
 include/openssl/x509err.h   |  8 +++++++
 include/openssl/x509v3err.h |  4 ++++
 17 files changed, 175 insertions(+), 71 deletions(-)

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index be03aeb..d62968e 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1587,8 +1587,12 @@ X509V3_F_I2S_ASN1_ENUMERATED:121:i2s_ASN1_ENUMERATED
 X509V3_F_I2S_ASN1_IA5STRING:149:i2s_ASN1_IA5STRING
 X509V3_F_I2S_ASN1_INTEGER:120:i2s_ASN1_INTEGER
 X509V3_F_I2V_AUTHORITY_INFO_ACCESS:138:i2v_AUTHORITY_INFO_ACCESS
+X509V3_F_LEVEL_ADD_NODE:168:level_add_node
 X509V3_F_NOTICE_SECTION:132:notice_section
 X509V3_F_NREF_NOS:133:nref_nos
+X509V3_F_POLICY_CACHE_CREATE:169:policy_cache_create
+X509V3_F_POLICY_CACHE_NEW:170:policy_cache_new
+X509V3_F_POLICY_DATA_NEW:171:policy_data_new
 X509V3_F_POLICY_SECTION:131:policy_section
 X509V3_F_PROCESS_PCI_VALUE:150:process_pci_value
 X509V3_F_R2I_CERTPOL:130:r2i_certpol
@@ -1641,8 +1645,11 @@ X509_F_CHECK_POLICY:145:check_policy
 X509_F_DANE_I2D:107:dane_i2d
 X509_F_DIR_CTRL:102:dir_ctrl
 X509_F_GET_CERT_BY_SUBJECT:103:get_cert_by_subject
+X509_F_I2D_X509_AUX:151:i2d_X509_AUX
+X509_F_LOOKUP_CERTS_SK:152:lookup_certs_sk
 X509_F_NETSCAPE_SPKI_B64_DECODE:129:NETSCAPE_SPKI_b64_decode
 X509_F_NETSCAPE_SPKI_B64_ENCODE:130:NETSCAPE_SPKI_b64_encode
+X509_F_NEW_DIR:153:new_dir
 X509_F_X509AT_ADD1_ATTR:135:X509at_add1_attr
 X509_F_X509V3_ADD_EXT:104:X509v3_add_ext
 X509_F_X509_ATTRIBUTE_CREATE_BY_NID:136:X509_ATTRIBUTE_create_by_NID
@@ -1652,6 +1659,7 @@ X509_F_X509_ATTRIBUTE_GET0_DATA:139:X509_ATTRIBUTE_get0_data
 X509_F_X509_ATTRIBUTE_SET1_DATA:138:X509_ATTRIBUTE_set1_data
 X509_F_X509_CHECK_PRIVATE_KEY:128:X509_check_private_key
 X509_F_X509_CRL_DIFF:105:X509_CRL_diff
+X509_F_X509_CRL_METHOD_NEW:154:X509_CRL_METHOD_new
 X509_F_X509_CRL_PRINT_FP:147:X509_CRL_print_fp
 X509_F_X509_EXTENSION_CREATE_BY_NID:108:X509_EXTENSION_create_by_NID
 X509_F_X509_EXTENSION_CREATE_BY_OBJ:109:X509_EXTENSION_create_by_OBJ
@@ -1659,7 +1667,9 @@ X509_F_X509_GET_PUBKEY_PARAMETERS:110:X509_get_pubkey_parameters
 X509_F_X509_LOAD_CERT_CRL_FILE:132:X509_load_cert_crl_file
 X509_F_X509_LOAD_CERT_FILE:111:X509_load_cert_file
 X509_F_X509_LOAD_CRL_FILE:112:X509_load_crl_file
+X509_F_X509_LOOKUP_NEW:155:X509_LOOKUP_new
 X509_F_X509_NAME_ADD_ENTRY:113:X509_NAME_add_entry
+X509_F_X509_NAME_CANON:156:x509_name_canon
 X509_F_X509_NAME_ENTRY_CREATE_BY_NID:114:X509_NAME_ENTRY_create_by_NID
 X509_F_X509_NAME_ENTRY_CREATE_BY_TXT:131:X509_NAME_ENTRY_create_by_txt
 X509_F_X509_NAME_ENTRY_SET_OBJECT:115:X509_NAME_ENTRY_set_object
@@ -1676,10 +1686,12 @@ X509_F_X509_REQ_PRINT_FP:122:X509_REQ_print_fp
 X509_F_X509_REQ_TO_X509:123:X509_REQ_to_X509
 X509_F_X509_STORE_ADD_CERT:124:X509_STORE_add_cert
 X509_F_X509_STORE_ADD_CRL:125:X509_STORE_add_crl
+X509_F_X509_STORE_ADD_LOOKUP:157:X509_STORE_add_lookup
 X509_F_X509_STORE_CTX_GET1_ISSUER:146:X509_STORE_CTX_get1_issuer
 X509_F_X509_STORE_CTX_INIT:143:X509_STORE_CTX_init
 X509_F_X509_STORE_CTX_NEW:142:X509_STORE_CTX_new
 X509_F_X509_STORE_CTX_PURPOSE_INHERIT:134:X509_STORE_CTX_purpose_inherit
+X509_F_X509_STORE_NEW:158:X509_STORE_new
 X509_F_X509_TO_X509_REQ:126:X509_to_X509_REQ
 X509_F_X509_TRUST_ADD:133:X509_TRUST_add
 X509_F_X509_TRUST_SET:141:X509_TRUST_set
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index f64cf38..f213eec 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -48,7 +48,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
                                X509_NAME *name, X509_OBJECT *ret);
 static X509_LOOKUP_METHOD x509_dir_lookup = {
     "Load certs from files in a directory",
-    new_dir,                    /* new */
+    new_dir,                    /* new_item */
     free_dir,                   /* free */
     NULL,                       /* init */
     NULL,                       /* shutdown */
@@ -68,15 +68,13 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
                     char **retp)
 {
     int ret = 0;
-    BY_DIR *ld;
-    char *dir = NULL;
-
-    ld = (BY_DIR *)ctx->method_data;
+    BY_DIR *ld = (BY_DIR *)ctx->method_data;
 
     switch (cmd) {
     case X509_L_ADD_DIR:
         if (argl == X509_FILETYPE_DEFAULT) {
-            dir = (char *)getenv(X509_get_default_cert_dir_env());
+            const char *dir = getenv(X509_get_default_cert_dir_env());
+
             if (dir)
                 ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);
             else
@@ -94,23 +92,30 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
 
 static int new_dir(X509_LOOKUP *lu)
 {
-    BY_DIR *a;
+    BY_DIR *a = OPENSSL_malloc(sizeof(*a));
 
-    if ((a = OPENSSL_malloc(sizeof(*a))) == NULL)
+    if (a == NULL) {
+        X509err(X509_F_NEW_DIR, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
+
     if ((a->buffer = BUF_MEM_new()) == NULL) {
-        OPENSSL_free(a);
-        return 0;
+        X509err(X509_F_NEW_DIR, ERR_R_MALLOC_FAILURE);
+        goto err;
     }
     a->dirs = NULL;
     a->lock = CRYPTO_THREAD_lock_new();
     if (a->lock == NULL) {
         BUF_MEM_free(a->buffer);
-        OPENSSL_free(a);
-        return 0;
+        X509err(X509_F_NEW_DIR, ERR_R_MALLOC_FAILURE);
+        goto err;
     }
     lu->method_data = (char *)a;
     return 1;
+
+ err:
+    OPENSSL_free(a);
+    return 0;
 }
 
 static void by_dir_hash_free(BY_DIR_HASH *hash)
@@ -137,9 +142,8 @@ static void by_dir_entry_free(BY_DIR_ENTRY *ent)
 
 static void free_dir(X509_LOOKUP *lu)
 {
-    BY_DIR *a;
+    BY_DIR *a = (BY_DIR *)lu->method_data;
 
-    a = (BY_DIR *)lu->method_data;
     sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free);
     BUF_MEM_free(a->buffer);
     CRYPTO_THREAD_lock_free(a->lock);
@@ -162,6 +166,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
     do {
         if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0')) {
             BY_DIR_ENTRY *ent;
+
             ss = s;
             s = p + 1;
             len = p - ss;
@@ -182,8 +187,10 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
                 }
             }
             ent = OPENSSL_malloc(sizeof(*ent));
-            if (ent == NULL)
+            if (ent == NULL) {
+                X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);
                 return 0;
+            }
             ent->dir_type = type;
             ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp);
             ent->dir = OPENSSL_strndup(ss, len);
@@ -193,6 +200,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
             }
             if (!sk_BY_DIR_ENTRY_push(ctx->dirs, ent)) {
                 by_dir_entry_free(ent);
+                X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);
                 return 0;
             }
         }
@@ -244,6 +252,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
         BY_DIR_ENTRY *ent;
         int idx;
         BY_DIR_HASH htmp, *hent;
+
         ent = sk_BY_DIR_ENTRY_value(ctx->dirs, i);
         j = strlen(ent->dir) + 1 + 8 + 6 + 1 + 1;
         if (!BUF_MEM_grow(b, j)) {
@@ -340,7 +349,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
                 if (idx >= 0)
                     hent = sk_BY_DIR_HASH_value(ent->hashes, idx);
             }
-            if (!hent) {
+            if (hent == NULL) {
                 hent = OPENSSL_malloc(sizeof(*hent));
                 if (hent == NULL) {
                     CRYPTO_THREAD_unlock(ctx->lock);
@@ -353,6 +362,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
                 if (!sk_BY_DIR_HASH_push(ent->hashes, hent)) {
                     CRYPTO_THREAD_unlock(ctx->lock);
                     OPENSSL_free(hent);
+                    X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
                     ok = 0;
                     goto finish;
                 }
diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
index 52955b6..bd39ecb 100644
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@@ -21,7 +21,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
                         long argl, char **ret);
 static X509_LOOKUP_METHOD x509_file_lookup = {
     "Load file into cache",
-    NULL,                       /* new */
+    NULL,                       /* new_item */
     NULL,                       /* free */
     NULL,                       /* init */
     NULL,                       /* shutdown */
diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c
index 84c726f..7b9f505 100644
--- a/crypto/x509/x509_err.c
+++ b/crypto/x509/x509_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -24,10 +24,13 @@ static const ERR_STRING_DATA X509_str_functs[] = {
     {ERR_PACK(ERR_LIB_X509, X509_F_DIR_CTRL, 0), "dir_ctrl"},
     {ERR_PACK(ERR_LIB_X509, X509_F_GET_CERT_BY_SUBJECT, 0),
      "get_cert_by_subject"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_I2D_X509_AUX, 0), "i2d_X509_AUX"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_LOOKUP_CERTS_SK, 0), "lookup_certs_sk"},
     {ERR_PACK(ERR_LIB_X509, X509_F_NETSCAPE_SPKI_B64_DECODE, 0),
      "NETSCAPE_SPKI_b64_decode"},
     {ERR_PACK(ERR_LIB_X509, X509_F_NETSCAPE_SPKI_B64_ENCODE, 0),
      "NETSCAPE_SPKI_b64_encode"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_NEW_DIR, 0), "new_dir"},
     {ERR_PACK(ERR_LIB_X509, X509_F_X509AT_ADD1_ATTR, 0), "X509at_add1_attr"},
     {ERR_PACK(ERR_LIB_X509, X509_F_X509V3_ADD_EXT, 0), "X509v3_add_ext"},
     {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_CREATE_BY_NID, 0),
@@ -43,6 +46,8 @@ static const ERR_STRING_DATA X509_str_functs[] = {
     {ERR_PACK(ERR_LIB_X509, X509_F_X509_CHECK_PRIVATE_KEY, 0),
      "X509_check_private_key"},
     {ERR_PACK(ERR_LIB_X509, X509_F_X509_CRL_DIFF, 0), "X509_CRL_diff"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_CRL_METHOD_NEW, 0),
+     "X509_CRL_METHOD_new"},
     {ERR_PACK(ERR_LIB_X509, X509_F_X509_CRL_PRINT_FP, 0), "X509_CRL_print_fp"},
     {ERR_PACK(ERR_LIB_X509, X509_F_X509_EXTENSION_CREATE_BY_NID, 0),
      "X509_EXTENSION_create_by_NID"},
@@ -56,8 +61,10 @@ static const ERR_STRING_DATA X509_str_functs[] = {
      "X509_load_cert_file"},
     {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOAD_CRL_FILE, 0),
      "X509_load_crl_file"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOOKUP_NEW, 0), "X509_LOOKUP_new"},
     {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ADD_ENTRY, 0),
      "X509_NAME_add_entry"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_CANON, 0), "x509_name_canon"},
     {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ENTRY_CREATE_BY_NID, 0),
      "X509_NAME_ENTRY_create_by_NID"},
     {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ENTRY_CREATE_BY_TXT, 0),
@@ -81,6 +88,8 @@ static const ERR_STRING_DATA X509_str_functs[] = {
      "X509_STORE_add_cert"},
     {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_ADD_CRL, 0),
      "X509_STORE_add_crl"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_ADD_LOOKUP, 0),
+     "X509_STORE_add_lookup"},
     {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_GET1_ISSUER, 0),
      "X509_STORE_CTX_get1_issuer"},
     {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_INIT, 0),
@@ -89,6 +98,7 @@ static const ERR_STRING_DATA X509_str_functs[] = {
      "X509_STORE_CTX_new"},
     {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_PURPOSE_INHERIT, 0),
      "X509_STORE_CTX_purpose_inherit"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_NEW, 0), "X509_STORE_new"},
     {ERR_PACK(ERR_LIB_X509, X509_F_X509_TO_X509_REQ, 0), "X509_to_X509_REQ"},
     {ERR_PACK(ERR_LIB_X509, X509_F_X509_TRUST_ADD, 0), "X509_TRUST_add"},
     {ERR_PACK(ERR_LIB_X509, X509_F_X509_TRUST_SET, 0), "X509_TRUST_set"},
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index 7407005..fbeed01 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -17,14 +17,15 @@
 
 X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
 {
-    X509_LOOKUP *ret;
+    X509_LOOKUP *ret = OPENSSL_zalloc(sizeof(*ret));
 
-    ret = OPENSSL_zalloc(sizeof(*ret));
-    if (ret == NULL)
+    if (ret == NULL) {
+        X509err(X509_F_X509_LOOKUP_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
 
     ret->method = method;
-    if ((method->new_item != NULL) && !method->new_item(ret)) {
+    if (method->new_item != NULL && method->new_item(ret) == 0) {
         OPENSSL_free(ret);
         return NULL;
     }
@@ -141,25 +142,36 @@ static int x509_object_cmp(const X509_OBJECT *const *a,
 
 X509_STORE *X509_STORE_new(void)
 {
-    X509_STORE *ret;
+    X509_STORE *ret = OPENSSL_zalloc(sizeof(*ret));
 
-    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
+    if (ret == NULL) {
+        X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
-    if ((ret->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL)
+    }
+    if ((ret->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL) {
+        X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
         goto err;
+    }
     ret->cache = 1;
-    if ((ret->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL)
+    if ((ret->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL) {
+        X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
         goto err;
+    }
 
-    if ((ret->param = X509_VERIFY_PARAM_new()) == NULL)
+    if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) {
+        X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
         goto err;
-
-    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data))
+    }
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) {
+        X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
         goto err;
+    }
 
     ret->lock = CRYPTO_THREAD_lock_new();
-    if (ret->lock == NULL)
+    if (ret->lock == NULL) {
+        X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
         goto err;
+    }
 
     ret->references = 1;
     return ret;
@@ -228,17 +240,18 @@ X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
     }
     /* a new one */
     lu = X509_LOOKUP_new(m);
-    if (lu == NULL)
+    if (lu == NULL) {
+        X509err(X509_F_X509_STORE_ADD_LOOKUP, ERR_R_MALLOC_FAILURE);
         return NULL;
-    else {
-        lu->store_ctx = v;
-        if (sk_X509_LOOKUP_push(v->get_cert_methods, lu))
-            return lu;
-        else {
-            X509_LOOKUP_free(lu);
-            return NULL;
-        }
     }
+
+    lu->store_ctx = v;
+    if (sk_X509_LOOKUP_push(v->get_cert_methods, lu))
+        return lu;
+    /* malloc failed */
+    X509err(X509_F_X509_STORE_ADD_LOOKUP, ERR_R_MALLOC_FAILURE);
+    X509_LOOKUP_free(lu);
+    return NULL;
 }
 
 X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs,
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 9ebda1b..fd8ecfa 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -366,6 +366,7 @@ static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm)
     STACK_OF(X509) *sk = NULL;
     X509 *x;
     int i;
+
     for (i = 0; i < sk_X509_num(ctx->other_ctx); i++) {
         x = sk_X509_value(ctx->other_ctx, i);
         if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) {
@@ -373,6 +374,8 @@ static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm)
                 sk = sk_X509_new_null();
             if (sk == NULL || sk_X509_push(sk, x) == 0) {
                 sk_X509_pop_free(sk, X509_free);
+                X509err(X509_F_LOOKUP_CERTS_SK, ERR_R_MALLOC_FAILURE);
+                ctx->error = X509_V_ERR_OUT_OF_MEM;
                 return NULL;
             }
             X509_up_ref(x);
diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c
index dbed850..5098b5f 100644
--- a/crypto/x509/x_crl.c
+++ b/crypto/x509/x_crl.c
@@ -309,6 +309,7 @@ static int X509_REVOKED_cmp(const X509_REVOKED *const *a,
 int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
 {
     X509_CRL_INFO *inf;
+
     inf = &crl->crl;
     if (inf->revoked == NULL)
         inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
@@ -429,10 +430,12 @@ X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl),
                                      int (*crl_verify) (X509_CRL *crl,
                                                         EVP_PKEY *pk))
 {
-    X509_CRL_METHOD *m;
-    m = OPENSSL_malloc(sizeof(*m));
-    if (m == NULL)
+    X509_CRL_METHOD *m = OPENSSL_malloc(sizeof(*m));
+
+    if (m == NULL) {
+        X509err(X509_F_X509_CRL_METHOD_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
     m->crl_init = crl_init;
     m->crl_free = crl_free;
     m->crl_lookup = crl_lookup;
diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c
index d36a9d3..a30b5e1 100644
--- a/crypto/x509/x_name.c
+++ b/crypto/x509/x_name.c
@@ -300,7 +300,7 @@ static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
 static int x509_name_canon(X509_NAME *a)
 {
     unsigned char *p;
-    STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL;
+    STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname;
     STACK_OF(X509_NAME_ENTRY) *entries = NULL;
     X509_NAME_ENTRY *entry, *tmpentry = NULL;
     int i, set = -1, ret = 0, len;
@@ -313,44 +313,53 @@ static int x509_name_canon(X509_NAME *a)
         return 1;
     }
     intname = sk_STACK_OF_X509_NAME_ENTRY_new_null();
-    if (!intname)
+    if (intname == NULL) {
+        X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);
         goto err;
+    }
     for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
         entry = sk_X509_NAME_ENTRY_value(a->entries, i);
         if (entry->set != set) {
             entries = sk_X509_NAME_ENTRY_new_null();
-            if (!entries)
+            if (entries == NULL)
                 goto err;
             if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) {
                 sk_X509_NAME_ENTRY_free(entries);
+                X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);
                 goto err;
             }
             set = entry->set;
         }
         tmpentry = X509_NAME_ENTRY_new();
-        if (tmpentry == NULL)
+        if (tmpentry == NULL) {
+            X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);
             goto err;
+        }
         tmpentry->object = OBJ_dup(entry->object);
-        if (tmpentry->object == NULL)
+        if (tmpentry->object == NULL) {
+            X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);
             goto err;
+        }
         if (!asn1_string_canon(tmpentry->value, entry->value))
             goto err;
-        if (!sk_X509_NAME_ENTRY_push(entries, tmpentry))
+        if (!sk_X509_NAME_ENTRY_push(entries, tmpentry)) {
+            X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);
             goto err;
+        }
         tmpentry = NULL;
     }
 
     /* Finally generate encoding */
-
     len = i2d_name_canon(intname, NULL);
     if (len < 0)
         goto err;
     a->canon_enclen = len;
 
     p = OPENSSL_malloc(a->canon_enclen);
-
-    if (p == NULL)
+    if (p == NULL) {
+        X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);
         goto err;
+    }
 
     a->canon_enc = p;
 
@@ -359,7 +368,6 @@ static int x509_name_canon(X509_NAME *a)
     ret = 1;
 
  err:
-
     X509_NAME_ENTRY_free(tmpentry);
     sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,
                                          local_sk_X509_NAME_ENTRY_pop_free);
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
index 73977cd..8616297 100644
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -101,7 +101,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 
 
 static int x509_pubkey_decode(EVP_PKEY **ppkey, X509_PUBKEY *key)
-    {
+{
     EVP_PKEY *pkey = EVP_PKEY_new();
 
     if (pkey == NULL) {
diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c
index c28fdda..cf71180 100644
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@@ -189,8 +189,10 @@ int i2d_X509_AUX(X509 *a, unsigned char **pp)
 
     /* Allocate requisite combined storage */
     *pp = tmp = OPENSSL_malloc(length);
-    if (tmp == NULL)
-        return -1; /* Push error onto error stack? */
+    if (tmp == NULL) {
+        X509err(X509_F_I2D_X509_AUX, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
 
     /* Encode, but keep *pp at the originally malloced pointer */
     length = i2d_x509_aux_internal(a, &tmp);
diff --git a/crypto/x509v3/pcy_cache.c b/crypto/x509v3/pcy_cache.c
index a9ee30a..0f506ac 100644
--- a/crypto/x509v3/pcy_cache.c
+++ b/crypto/x509v3/pcy_cache.c
@@ -26,21 +26,25 @@ static int policy_cache_set_int(long *out, ASN1_INTEGER *value);
 static int policy_cache_create(X509 *x,
                                CERTIFICATEPOLICIES *policies, int crit)
 {
-    int i;
-    int ret = 0;
+    int i, ret = 0;
     X509_POLICY_CACHE *cache = x->policy_cache;
     X509_POLICY_DATA *data = NULL;
     POLICYINFO *policy;
+
     if (sk_POLICYINFO_num(policies) == 0)
         goto bad_policy;
     cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp);
-    if (cache->data == NULL)
-        goto bad_policy;
+    if (cache->data == NULL) {
+        X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE);
+        goto just_cleanup;
+    }
     for (i = 0; i < sk_POLICYINFO_num(policies); i++) {
         policy = sk_POLICYINFO_value(policies, i);
         data = policy_data_new(policy, NULL, crit);
-        if (data == NULL)
-            goto bad_policy;
+        if (data == NULL) {
+            X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE);
+            goto just_cleanup;
+        }
         /*
          * Duplicate policy OIDs are illegal: reject if matches found.
          */
@@ -53,15 +57,19 @@ static int policy_cache_create(X509 *x,
         } else if (sk_X509_POLICY_DATA_find(cache->data, data) != -1) {
             ret = -1;
             goto bad_policy;
-        } else if (!sk_X509_POLICY_DATA_push(cache->data, data))
+        } else if (!sk_X509_POLICY_DATA_push(cache->data, data)) {
+            X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE);
             goto bad_policy;
+        }
         data = NULL;
     }
     ret = 1;
+
  bad_policy:
     if (ret == -1)
         x->ex_flags |= EXFLAG_INVALID_POLICY;
     policy_data_free(data);
+ just_cleanup:
     sk_POLICYINFO_pop_free(policies, POLICYINFO_free);
     if (ret <= 0) {
         sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
@@ -82,8 +90,10 @@ static int policy_cache_new(X509 *x)
     if (x->policy_cache != NULL)
         return 1;
     cache = OPENSSL_malloc(sizeof(*cache));
-    if (cache == NULL)
+    if (cache == NULL) {
+        X509V3err(X509V3_F_POLICY_CACHE_NEW, ERR_R_MALLOC_FAILURE);
         return 0;
+    }
     cache->anyPolicy = NULL;
     cache->data = NULL;
     cache->any_skip = -1;
diff --git a/crypto/x509v3/pcy_data.c b/crypto/x509v3/pcy_data.c
index 757b101..7b75a6d 100644
--- a/crypto/x509v3/pcy_data.c
+++ b/crypto/x509v3/pcy_data.c
@@ -40,6 +40,7 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy,
 {
     X509_POLICY_DATA *ret;
     ASN1_OBJECT *id;
+
     if (policy == NULL && cid == NULL)
         return NULL;
     if (cid) {
@@ -49,12 +50,15 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy,
     } else
         id = NULL;
     ret = OPENSSL_zalloc(sizeof(*ret));
-    if (ret == NULL)
+    if (ret == NULL) {
+        X509V3err(X509V3_F_POLICY_DATA_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
     ret->expected_policy_set = sk_ASN1_OBJECT_new_null();
     if (ret->expected_policy_set == NULL) {
         OPENSSL_free(ret);
         ASN1_OBJECT_free(id);
+        X509V3err(X509V3_F_POLICY_DATA_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
 
diff --git a/crypto/x509v3/pcy_node.c b/crypto/x509v3/pcy_node.c
index 80443bf..f739373 100644
--- a/crypto/x509v3/pcy_node.c
+++ b/crypto/x509v3/pcy_node.c
@@ -10,6 +10,7 @@
 #include <openssl/asn1.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
+#include <openssl/err.h>
 
 #include "pcy_int.h"
 
@@ -66,8 +67,10 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
     X509_POLICY_NODE *node;
 
     node = OPENSSL_zalloc(sizeof(*node));
-    if (node == NULL)
+    if (node == NULL) {
+        X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
         return NULL;
+    }
     node->data = data;
     node->parent = parent;
     if (level) {
@@ -79,20 +82,28 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
 
             if (level->nodes == NULL)
                 level->nodes = policy_node_cmp_new();
-            if (level->nodes == NULL)
+            if (level->nodes == NULL) {
+                X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
                 goto node_error;
-            if (!sk_X509_POLICY_NODE_push(level->nodes, node))
+            }
+            if (!sk_X509_POLICY_NODE_push(level->nodes, node)) {
+                X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
                 goto node_error;
+            }
         }
     }
 
     if (tree) {
         if (tree->extra_data == NULL)
             tree->extra_data = sk_X509_POLICY_DATA_new_null();
-        if (tree->extra_data == NULL)
+        if (tree->extra_data == NULL){
+            X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
             goto node_error;
-        if (!sk_X509_POLICY_DATA_push(tree->extra_data, data))
+        }
+        if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) {
+            X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
             goto node_error;
+        }
     }
 
     if (parent)
diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c
index 51fbb1f..518a0f2 100644
--- a/crypto/x509v3/v3_cpols.c
+++ b/crypto/x509v3/v3_cpols.c
@@ -144,8 +144,8 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
             }
             pol = POLICYINFO_new();
             if (pol == NULL) {
-                X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
                 ASN1_OBJECT_free(pobj);
+                X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
                 goto err;
             }
             pol->policyid = pobj;
diff --git a/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c
index 6f30ba3..d1b0308 100644
--- a/crypto/x509v3/v3err.c
+++ b/crypto/x509v3/v3err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -39,8 +39,14 @@ static const ERR_STRING_DATA X509V3_str_functs[] = {
      "i2s_ASN1_INTEGER"},
     {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2V_AUTHORITY_INFO_ACCESS, 0),
      "i2v_AUTHORITY_INFO_ACCESS"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_LEVEL_ADD_NODE, 0), "level_add_node"},
     {ERR_PACK(ERR_LIB_X509V3, X509V3_F_NOTICE_SECTION, 0), "notice_section"},
     {ERR_PACK(ERR_LIB_X509V3, X509V3_F_NREF_NOS, 0), "nref_nos"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_CACHE_CREATE, 0),
+     "policy_cache_create"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_CACHE_NEW, 0),
+     "policy_cache_new"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_DATA_NEW, 0), "policy_data_new"},
     {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_SECTION, 0), "policy_section"},
     {ERR_PACK(ERR_LIB_X509V3, X509V3_F_PROCESS_PCI_VALUE, 0),
      "process_pci_value"},
diff --git a/include/openssl/x509err.h b/include/openssl/x509err.h
index 08692a5..4faeffa 100644
--- a/include/openssl/x509err.h
+++ b/include/openssl/x509err.h
@@ -27,8 +27,11 @@ int ERR_load_X509_strings(void);
 # define X509_F_DANE_I2D                                  107
 # define X509_F_DIR_CTRL                                  102
 # define X509_F_GET_CERT_BY_SUBJECT                       103
+# define X509_F_I2D_X509_AUX                              151
+# define X509_F_LOOKUP_CERTS_SK                           152
 # define X509_F_NETSCAPE_SPKI_B64_DECODE                  129
 # define X509_F_NETSCAPE_SPKI_B64_ENCODE                  130
+# define X509_F_NEW_DIR                                   153
 # define X509_F_X509AT_ADD1_ATTR                          135
 # define X509_F_X509V3_ADD_EXT                            104
 # define X509_F_X509_ATTRIBUTE_CREATE_BY_NID              136
@@ -38,6 +41,7 @@ int ERR_load_X509_strings(void);
 # define X509_F_X509_ATTRIBUTE_SET1_DATA                  138
 # define X509_F_X509_CHECK_PRIVATE_KEY                    128
 # define X509_F_X509_CRL_DIFF                             105
+# define X509_F_X509_CRL_METHOD_NEW                       154
 # define X509_F_X509_CRL_PRINT_FP                         147
 # define X509_F_X509_EXTENSION_CREATE_BY_NID              108
 # define X509_F_X509_EXTENSION_CREATE_BY_OBJ              109
@@ -45,7 +49,9 @@ int ERR_load_X509_strings(void);
 # define X509_F_X509_LOAD_CERT_CRL_FILE                   132
 # define X509_F_X509_LOAD_CERT_FILE                       111
 # define X509_F_X509_LOAD_CRL_FILE                        112
+# define X509_F_X509_LOOKUP_NEW                           155
 # define X509_F_X509_NAME_ADD_ENTRY                       113
+# define X509_F_X509_NAME_CANON                           156
 # define X509_F_X509_NAME_ENTRY_CREATE_BY_NID             114
 # define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT             131
 # define X509_F_X509_NAME_ENTRY_SET_OBJECT                115
@@ -62,10 +68,12 @@ int ERR_load_X509_strings(void);
 # define X509_F_X509_REQ_TO_X509                          123
 # define X509_F_X509_STORE_ADD_CERT                       124
 # define X509_F_X509_STORE_ADD_CRL                        125
+# define X509_F_X509_STORE_ADD_LOOKUP                     157
 # define X509_F_X509_STORE_CTX_GET1_ISSUER                146
 # define X509_F_X509_STORE_CTX_INIT                       143
 # define X509_F_X509_STORE_CTX_NEW                        142
 # define X509_F_X509_STORE_CTX_PURPOSE_INHERIT            134
+# define X509_F_X509_STORE_NEW                            158
 # define X509_F_X509_TO_X509_REQ                          126
 # define X509_F_X509_TRUST_ADD                            133
 # define X509_F_X509_TRUST_SET                            141
diff --git a/include/openssl/x509v3err.h b/include/openssl/x509v3err.h
index e8308ef..f961339 100644
--- a/include/openssl/x509v3err.h
+++ b/include/openssl/x509v3err.h
@@ -34,8 +34,12 @@ int ERR_load_X509V3_strings(void);
 # define X509V3_F_I2S_ASN1_IA5STRING                      149
 # define X509V3_F_I2S_ASN1_INTEGER                        120
 # define X509V3_F_I2V_AUTHORITY_INFO_ACCESS               138
+# define X509V3_F_LEVEL_ADD_NODE                          168
 # define X509V3_F_NOTICE_SECTION                          132
 # define X509V3_F_NREF_NOS                                133
+# define X509V3_F_POLICY_CACHE_CREATE                     169
+# define X509V3_F_POLICY_CACHE_NEW                        170
+# define X509V3_F_POLICY_DATA_NEW                         171
 # define X509V3_F_POLICY_SECTION                          131
 # define X509V3_F_PROCESS_PCI_VALUE                       150
 # define X509V3_F_R2I_CERTPOL                             130


More information about the openssl-commits mailing list