From a03f81f4ead24c234dc26e388d86a352685f3948 Mon Sep 17 00:00:00 2001
From: Rich Salz <rsalz@openssl.org>
Date: Fri, 19 Aug 2016 10:31:03 -0400
Subject: Fix NULL-return checks in 1.0.2

RT4386: Add sanity checks for BN_new()
RT4384: Missing Sanity Checks for RSA_new_method()
RT4384: Missing Sanity Check plus potential NULL pointer deref
RT4382: Missing Sanity Check(s) for BUF_strdup()
RT4380: Missing Sanity Checks for EVP_PKEY_new()
RT4377: Prevent potential NULL pointer dereference
RT4375: Missing sanity checks for OPENSSL_malloc()
RT4374: Potential for NULL pointer dereferences
RT4371: Missing Sanity Check for malloc()
RT4370: Potential for NULL pointer dereferences

Also expand tabs, make update, typo fix (rsalz)
Minor tweak by Paul Dale.
Some minor internal review feedback.

Reviewed-by: Richard Levitte <levitte@openssl.org>
---
 crypto/evp/openbsd_hw.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

(limited to 'crypto/evp/openbsd_hw.c')

diff --git a/crypto/evp/openbsd_hw.c b/crypto/evp/openbsd_hw.c
index 75d12e2330..07decf2674 100644
--- a/crypto/evp/openbsd_hw.c
+++ b/crypto/evp/openbsd_hw.c
@@ -133,6 +133,10 @@ static int dev_crypto_init_key(EVP_CIPHER_CTX *ctx, int cipher,
         return 0;
 
     CDATA(ctx)->key = OPENSSL_malloc(MAX_HW_KEY);
+    if (CDATA(ctx)->key == NULL {
+        err("CDATA(ctx)->key memory allocation failed");
+        return 0;
+    }
 
     assert(ctx->cipher->iv_len <= MAX_HW_IV);
 
@@ -186,6 +190,11 @@ static int dev_crypto_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
             if (((unsigned long)in & 3) || cinl != inl) {
                 cin = OPENSSL_malloc(cinl);
+                if (cin == NULL) {
+                    err("cin - memory allocation failed");
+                    abort();
+                    return 0;
+                }
                 memcpy(cin, in, inl);
                 cryp.src = cin;
             }
@@ -334,6 +343,11 @@ static int do_digest(int ses, unsigned char *md, const void *data, int len)
             char *dcopy;
 
             dcopy = OPENSSL_malloc(len);
+            if (dcopy == NULL) {
+                err("dcopy - memory allocation failed");
+                abort();
+                return 0;
+            }
             memcpy(dcopy, data, len);
             cryp.src = dcopy;
             cryp.dst = cryp.src; // FIXME!!!
@@ -364,6 +378,10 @@ static int dev_crypto_md5_update(EVP_MD_CTX *ctx, const void *data,
         return do_digest(md_data->sess.ses, md_data->md, data, len);
 
     md_data->data = OPENSSL_realloc(md_data->data, md_data->len + len);
+    if (md_data->data == NULL) {
+        err("DEV_CRYPTO_MD5_UPDATE: unable to allocate memory");
+        abort();
+    }
     memcpy(md_data->data + md_data->len, data, len);
     md_data->len += len;
 
@@ -397,6 +415,10 @@ static int dev_crypto_md5_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
     assert(from->digest->flags & EVP_MD_FLAG_ONESHOT);
 
     to_md->data = OPENSSL_malloc(from_md->len);
+    if (to_md->data == NULL) {
+        err("DEV_CRYPTO_MD5_COPY: unable to allocate memory");
+        abort();
+    }
     memcpy(to_md->data, from_md->data, from_md->len);
 
     return 1;
-- 
cgit v1.2.3