From d356dc561925ec9cecc58a69e2280c18a49ec41a Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 10 Jun 2016 16:51:39 +0100 Subject: [PATCH] Add some missing return value checks Some misc return value checks Reviewed-by: Rich Salz --- crypto/bn/bn_prime.c | 8 +++++--- crypto/bn/bn_print.c | 5 +++-- crypto/evp/e_rc2.c | 9 +++++---- crypto/pkcs7/pk7_doit.c | 3 ++- ssl/s3_enc.c | 5 ++++- 5 files changed, 19 insertions(+), 11 deletions(-) diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index bdfa558a7e..81c2391ef8 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -340,7 +340,8 @@ int bn_probable_prime_dh_coprime(BIGNUM *rnd, int bits, BN_CTX *ctx) if ((offset_count = BN_CTX_get(ctx)) == NULL) goto err; - BN_add_word(offset_count, prime_offset_count); + if (!BN_add_word(offset_count, prime_offset_count)) + goto err; loop: if (!BN_rand(rnd, bits - prime_multiplier_bits, 0, 1)) @@ -350,8 +351,9 @@ int bn_probable_prime_dh_coprime(BIGNUM *rnd, int bits, BN_CTX *ctx) if (!BN_rand_range(offset_index, offset_count)) goto err; - BN_mul_word(rnd, prime_multiplier); - BN_add_word(rnd, prime_offsets[BN_get_word(offset_index)]); + if (!BN_mul_word(rnd, prime_multiplier) + || !BN_add_word(rnd, prime_offsets[BN_get_word(offset_index)])) + goto err; /* we now have a random number 'rand' to test. */ diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index 78589dba5b..8672c7e3b3 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -241,8 +241,9 @@ int BN_dec2bn(BIGNUM **bn, const char *a) l += *a - '0'; a++; if (++j == BN_DEC_NUM) { - BN_mul_word(ret, BN_DEC_CONV); - BN_add_word(ret, l); + if (!BN_mul_word(ret, BN_DEC_CONV) + || !BN_add_word(ret, l)) + goto err; l = 0; j = 0; } diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c index 8286424bb5..ed10bb3324 100644 --- a/crypto/evp/e_rc2.c +++ b/crypto/evp/e_rc2.c @@ -130,16 +130,17 @@ static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) OPENSSL_assert(l <= sizeof(iv)); i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l); if (i != (int)l) - return (-1); + return -1; key_bits = rc2_magic_to_meth((int)num); if (!key_bits) - return (-1); + return -1; if (i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1)) return -1; EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); - EVP_CIPHER_CTX_set_key_length(c, key_bits / 8); + if (EVP_CIPHER_CTX_set_key_length(c, key_bits / 8) <= 0) + return -1; } - return (i); + return i; } static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 1333e4df4d..24022416d2 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -775,7 +775,8 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) goto err; if (!EVP_DigestFinal_ex(mdc, md_data, &md_len)) goto err; - ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); + if (!ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len)) + goto err; } if (!PKCS7_is_detached(p7)) { diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index f7089bd6fb..b6de38d90b 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -415,7 +415,10 @@ int ssl3_final_finish_mac(SSL *s, const char *sender, int len, unsigned char *p) SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_MALLOC_FAILURE); return 0; } - EVP_MD_CTX_copy_ex(ctx, s->s3->handshake_dgst); + if (!EVP_MD_CTX_copy_ex(ctx, s->s3->handshake_dgst)) { + SSLerr(SSL_F_SSL3_FINAL_FINISH_MAC, ERR_R_INTERNAL_ERROR); + return 0; + } ret = EVP_MD_CTX_size(ctx); if (ret < 0) {