Coverity Scan: Analysis completed for openssl/openssl

2022-02-14 Thread scan-admin 


Your request for analysis of openssl/openssl has been completed 
successfully.
The results are available at 
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3D2j2K_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFV-2B3lxShA6IsIgHT-2B7YXebmrWw3ya6fasz77J-2FrWpxgL7mnNMW9ZtOzyzhiJ5U-2FuzQ9xt8sPnWw1y-2BCDCbmKihWADnPgxBAD0sUnHboB8uoLKKwIDR5-2F5ZMyzBtDC6WaZctakY7O9Y5luNoICErFwJoHRIn-2FmJJIUl2jrNXY-2BmmRIqRgeK58qsxM3bctCGPgw-3D

Build ID: 437458

Analysis Summary:
   New defects found: 0
   Defects eliminated: 0

[openssl] master update

2022-02-14 Thread tomas 
The branch master has been updated
   via  065121ff198a84106023013420dedd57ac4ff53a (commit)
  from  c920020f0bb13f0d2bf0fcad5c7ee63458b633b4 (commit)


- Log -
commit 065121ff198a84106023013420dedd57ac4ff53a
Author: Armin Fuerst 
Date:   Fri Feb 4 20:35:54 2022 +0100

Add tests for do_updatedb

Fixes #13944

Moved "opt_printf_stderr" out of apps.c to avoid duplicate definition in 
tests.

Added function "asn1_string_to_time_t" including tests.

Reviewed-by: Matt Caswell 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17645)

---

Summary of changes:
 apps/ca.c|   9 +-
 apps/include/apps.h  |   4 +-
 apps/lib/apps.c  |  14 +-
 os-dep/haiku.h => apps/lib/apps_opt_printf.c |  18 ++-
 apps/lib/build.info  |   2 +-
 crypto/asn1/a_time.c |  40 +-
 include/crypto/asn1.h|   4 +-
 test/asn1_time_test.c|  65 -
 test/build.info  |  12 +-
 test/ca_internals_test.c |  93 +
 test/recipes/80-test_ca_internals.t  | 165 +++
 test/recipes/80-test_ca_internals_data/index.txt |   4 +
 12 files changed, 403 insertions(+), 27 deletions(-)
 copy os-dep/haiku.h => apps/lib/apps_opt_printf.c (52%)
 create mode 100644 test/ca_internals_test.c
 create mode 100644 test/recipes/80-test_ca_internals.t
 create mode 100644 test/recipes/80-test_ca_internals_data/index.txt

diff --git a/apps/ca.c b/apps/ca.c
index 8de58288ba..454c218d98 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -129,7 +129,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
CONF *conf, unsigned long certopt, unsigned long nameopt,
int default_op, int ext_copy, int selfsign, unsigned long 
dateopt);
 static int get_certificate_status(const char *ser_status, CA_DB *db);
-static int do_updatedb(CA_DB *db);
 static int check_time_format(const char *str);
 static int do_revoke(X509 *x509, CA_DB *db, REVINFO_TYPE rev_type,
  const char *extval);
@@ -755,7 +754,7 @@ end_of_options:
 if (verbose)
 BIO_printf(bio_err, "Updating %s ...\n", dbfile);
 
-i = do_updatedb(db);
+i = do_updatedb(db, NULL);
 if (i == -1) {
 BIO_printf(bio_err, "Malloc failure\n");
 goto end;
@@ -2290,7 +2289,7 @@ static int get_certificate_status(const char *serial, 
CA_DB *db)
 return ok;
 }
 
-static int do_updatedb(CA_DB *db)
+int do_updatedb(CA_DB *db, time_t *now)
 {
 ASN1_TIME *a_tm = NULL;
 int i, cnt = 0;
@@ -2301,7 +2300,7 @@ static int do_updatedb(CA_DB *db)
 return -1;
 
 /* get actual time */
-if (X509_gmtime_adj(a_tm, 0) == NULL) {
+if (X509_time_adj(a_tm, 0, now) == NULL) {
 ASN1_TIME_free(a_tm);
 return -1;
 }
diff --git a/apps/include/apps.h b/apps/include/apps.h
index 28c2bbdad2..c567ed5664 100644
--- a/apps/include/apps.h
+++ b/apps/include/apps.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -221,6 +221,8 @@ typedef struct ca_db_st {
 # endif
 } CA_DB;
 
+extern int do_updatedb(CA_DB *db, time_t *now);
+
 void app_bail_out(char *fmt, ...);
 void *app_malloc(size_t sz, const char *what);
 BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai);
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 77edc1d936..021371201b 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -3247,18 +3247,6 @@ void make_uppercase(char *string)
 string[i] = toupper((unsigned char)string[i]);
 }
 
-/* This function is defined here due to visibility of bio_err */
-int opt_printf_stderr(const char *fmt, ...)
-{
-va_list ap;
-int ret;
-
-

[openssl] openssl-3.0 update

2022-02-14 Thread tomas 
The branch openssl-3.0 has been updated
   via  3948abaf4458aac66bf47546874d0fb5a73a78a0 (commit)
  from  88177b8092fb592508bb3798a05025c8bf341cc3 (commit)


- Log -
commit 3948abaf4458aac66bf47546874d0fb5a73a78a0
Author: Jiasheng Jiang 
Date:   Mon Feb 7 19:13:43 2022 +0800

dh_exch.c: Add check for OPENSSL_strdup

Since the OPENSSL_strdup() may return NULL if allocation
fails, it should be better to check the return value.

Signed-off-by: Jiasheng Jiang 

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17651)

(cherry picked from commit c920020f0bb13f0d2bf0fcad5c7ee63458b633b4)

---

Summary of changes:
 providers/implementations/exchange/dh_exch.c | 20 
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/providers/implementations/exchange/dh_exch.c 
b/providers/implementations/exchange/dh_exch.c
index cd92f26957..3cfb580687 100644
--- a/providers/implementations/exchange/dh_exch.c
+++ b/providers/implementations/exchange/dh_exch.c
@@ -292,7 +292,12 @@ static void *dh_dupctx(void *vpdhctx)
 if (dstctx->kdf_ukm == NULL)
 goto err;
 }
-dstctx->kdf_cekalg = OPENSSL_strdup(srcctx->kdf_cekalg);
+
+if (srcctx->kdf_cekalg != NULL) {
+dstctx->kdf_cekalg = OPENSSL_strdup(srcctx->kdf_cekalg);
+if (dstctx->kdf_cekalg == NULL)
+goto err;
+}
 
 return dstctx;
 err:
@@ -389,9 +394,16 @@ static int dh_set_ctx_params(void *vpdhctx, const 
OSSL_PARAM params[])
 p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_CEK_ALG);
 if (p != NULL) {
 str = name;
-if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(name)))
-return 0;
-pdhctx->kdf_cekalg = OPENSSL_strdup(name);
+
+OPENSSL_free(pdhctx->kdf_cekalg);
+pdhctx->kdf_cekalg = NULL;
+if (p->data != NULL && p->data_size != 0) {
+if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(name)))
+return 0;
+pdhctx->kdf_cekalg = OPENSSL_strdup(name);
+if (pdhctx->kdf_cekalg == NULL)
+return 0;
+}
 }
 return 1;
 }

[openssl] master update

2022-02-14 Thread tomas 
The branch master has been updated
   via  c920020f0bb13f0d2bf0fcad5c7ee63458b633b4 (commit)
  from  7585073892af9cffd28b7b5872c2b102b99af807 (commit)


- Log -
commit c920020f0bb13f0d2bf0fcad5c7ee63458b633b4
Author: Jiasheng Jiang 
Date:   Mon Feb 7 19:13:43 2022 +0800

dh_exch.c: Add check for OPENSSL_strdup

Since the OPENSSL_strdup() may return NULL if allocation
fails, it should be better to check the return value.

Signed-off-by: Jiasheng Jiang 

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17651)

---

Summary of changes:
 providers/implementations/exchange/dh_exch.c | 20 
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/providers/implementations/exchange/dh_exch.c 
b/providers/implementations/exchange/dh_exch.c
index b0dd6b3591..55780b0a68 100644
--- a/providers/implementations/exchange/dh_exch.c
+++ b/providers/implementations/exchange/dh_exch.c
@@ -292,7 +292,12 @@ static void *dh_dupctx(void *vpdhctx)
 if (dstctx->kdf_ukm == NULL)
 goto err;
 }
-dstctx->kdf_cekalg = OPENSSL_strdup(srcctx->kdf_cekalg);
+
+if (srcctx->kdf_cekalg != NULL) {
+dstctx->kdf_cekalg = OPENSSL_strdup(srcctx->kdf_cekalg);
+if (dstctx->kdf_cekalg == NULL)
+goto err;
+}
 
 return dstctx;
 err:
@@ -390,9 +395,16 @@ static int dh_set_ctx_params(void *vpdhctx, const 
OSSL_PARAM params[])
 p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_CEK_ALG);
 if (p != NULL) {
 str = name;
-if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(name)))
-return 0;
-pdhctx->kdf_cekalg = OPENSSL_strdup(name);
+
+OPENSSL_free(pdhctx->kdf_cekalg);
+pdhctx->kdf_cekalg = NULL;
+if (p->data != NULL && p->data_size != 0) {
+if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(name)))
+return 0;
+pdhctx->kdf_cekalg = OPENSSL_strdup(name);
+if (pdhctx->kdf_cekalg == NULL)
+return 0;
+}
 }
 return 1;
 }

[openssl] openssl-3.0 update

2022-02-14 Thread tomas 
The branch openssl-3.0 has been updated
   via  88177b8092fb592508bb3798a05025c8bf341cc3 (commit)
  from  e2387e6bd4ee69e0702d1a489045b72632b91e48 (commit)


- Log -
commit 88177b8092fb592508bb3798a05025c8bf341cc3
Author: Tomas Mraz 
Date:   Fri Feb 11 09:44:52 2022 +0100

Apply the correct Apache v2 license

There were still a few files mentioning the old OpenSSL license.

Fixes #17684

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17686)

(cherry picked from commit 7585073892af9cffd28b7b5872c2b102b99af807)

---

Summary of changes:
 crypto/ec/asm/ecp_nistp521-ppc64.pl | 4 ++--
 doc/man1/openssl-cmp.pod.in | 4 ++--
 test/dane-cross.in  | 4 ++--
 test/recipes/03-test_internal_sm3.t | 4 ++--
 test/sm3_internal_test.c| 2 +-
 5 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/crypto/ec/asm/ecp_nistp521-ppc64.pl 
b/crypto/ec/asm/ecp_nistp521-ppc64.pl
index e97d803d26..4260e24a1f 100755
--- a/crypto/ec/asm/ecp_nistp521-ppc64.pl
+++ b/crypto/ec/asm/ecp_nistp521-ppc64.pl
@@ -1,7 +1,7 @@
 #! /usr/bin/env perl
-# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
 #
-# Licensed under the OpenSSL license (the "License").  You may not use
+# Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html
diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in
index a1d80dad40..0c2762f0a0 100644
--- a/doc/man1/openssl-cmp.pod.in
+++ b/doc/man1/openssl-cmp.pod.in
@@ -1231,9 +1231,9 @@ The B<-engine option> was deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved.
 
-Licensed under the OpenSSL license (the "License").  You may not use
+Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
 in the file LICENSE in the source distribution or at
 L.
diff --git a/test/dane-cross.in b/test/dane-cross.in
index 81252a110e..63c37fbf33 100644
--- a/test/dane-cross.in
+++ b/test/dane-cross.in
@@ -1,6 +1,6 @@
-# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
 #
-# Licensed under the OpenSSL license (the "License").  You may not use
+# Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html
diff --git a/test/recipes/03-test_internal_sm3.t 
b/test/recipes/03-test_internal_sm3.t
index 9cda58d66e..574a7c4121 100644
--- a/test/recipes/03-test_internal_sm3.t
+++ b/test/recipes/03-test_internal_sm3.t
@@ -1,8 +1,8 @@
 #! /usr/bin/env perl
-# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
 # Copyright 2021 [UnionTech](https://www.uniontech.com). All Rights Reserved.
 #
-# Licensed under the OpenSSL license (the "License").  You may not use
+# Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html
diff --git a/test/sm3_internal_test.c b/test/sm3_internal_test.c
index 1497f8476f..7680d0242e 100644
--- a/test/sm3_internal_test.c
+++ b/test/sm3_internal_test.c
@@ -2,7 +2,7 @@
  * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright 2021 UnionTech. All Rights Reserved.
  *
- * Licensed under the Apche License 2.0 (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html

[openssl] master update

2022-02-14 Thread tomas 
The branch master has been updated
   via  7585073892af9cffd28b7b5872c2b102b99af807 (commit)
  from  79cda38cff834224fb9d86dc7433b4f60688ce49 (commit)


- Log -
commit 7585073892af9cffd28b7b5872c2b102b99af807
Author: Tomas Mraz 
Date:   Fri Feb 11 09:44:52 2022 +0100

Apply the correct Apache v2 license

There were still a few files mentioning the old OpenSSL license.

Fixes #17684

Reviewed-by: Matt Caswell 
(Merged from https://github.com/openssl/openssl/pull/17686)

---

Summary of changes:
 crypto/ec/asm/ecp_nistp521-ppc64.pl | 4 ++--
 doc/man1/openssl-cmp.pod.in | 4 ++--
 test/dane-cross.in  | 4 ++--
 test/recipes/03-test_internal_sm3.t | 4 ++--
 test/sm3_internal_test.c| 2 +-
 5 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/crypto/ec/asm/ecp_nistp521-ppc64.pl 
b/crypto/ec/asm/ecp_nistp521-ppc64.pl
index e97d803d26..4260e24a1f 100755
--- a/crypto/ec/asm/ecp_nistp521-ppc64.pl
+++ b/crypto/ec/asm/ecp_nistp521-ppc64.pl
@@ -1,7 +1,7 @@
 #! /usr/bin/env perl
-# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
 #
-# Licensed under the OpenSSL license (the "License").  You may not use
+# Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html
diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in
index 3bae43cc35..705baf1dd6 100644
--- a/doc/man1/openssl-cmp.pod.in
+++ b/doc/man1/openssl-cmp.pod.in
@@ -1239,9 +1239,9 @@ The B<-engine option> was deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved.
 
-Licensed under the OpenSSL license (the "License").  You may not use
+Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
 in the file LICENSE in the source distribution or at
 L.
diff --git a/test/dane-cross.in b/test/dane-cross.in
index 81252a110e..63c37fbf33 100644
--- a/test/dane-cross.in
+++ b/test/dane-cross.in
@@ -1,6 +1,6 @@
-# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
 #
-# Licensed under the OpenSSL license (the "License").  You may not use
+# Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html
diff --git a/test/recipes/03-test_internal_sm3.t 
b/test/recipes/03-test_internal_sm3.t
index 9cda58d66e..574a7c4121 100644
--- a/test/recipes/03-test_internal_sm3.t
+++ b/test/recipes/03-test_internal_sm3.t
@@ -1,8 +1,8 @@
 #! /usr/bin/env perl
-# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
 # Copyright 2021 [UnionTech](https://www.uniontech.com). All Rights Reserved.
 #
-# Licensed under the OpenSSL license (the "License").  You may not use
+# Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html
diff --git a/test/sm3_internal_test.c b/test/sm3_internal_test.c
index 1497f8476f..7680d0242e 100644
--- a/test/sm3_internal_test.c
+++ b/test/sm3_internal_test.c
@@ -2,7 +2,7 @@
  * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright 2021 UnionTech. All Rights Reserved.
  *
- * Licensed under the Apche License 2.0 (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html

[openssl] openssl-3.0 update

2022-02-14 Thread tomas 
The branch openssl-3.0 has been updated
   via  e2387e6bd4ee69e0702d1a489045b72632b91e48 (commit)
  from  cfbcfe86c2ccdd308fc6fa3d3245dd6eb5774b0e (commit)


- Log -
commit e2387e6bd4ee69e0702d1a489045b72632b91e48
Author: Jiasheng Jiang 
Date:   Thu Feb 10 11:21:47 2022 +0800

openssl rehash: add check for OPENSSL_strdup

As the potential failure of the memory allocation,
it should be better to check the return value of
OPENSSL_strdup() and return error if fails.
Also, we need to restore the 'ep' to be NULL if fails.

Signed-off-by: Jiasheng Jiang 

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17676)

(cherry picked from commit 79cda38cff834224fb9d86dc7433b4f60688ce49)

---

Summary of changes:
 apps/rehash.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/apps/rehash.c b/apps/rehash.c
index 7fe01de11c..ae91654fe9 100644
--- a/apps/rehash.c
+++ b/apps/rehash.c
@@ -168,6 +168,12 @@ static int add_entry(enum Type type, unsigned int hash, 
const char *filename,
 *ep = nilhentry;
 ep->old_id = ~0;
 ep->filename = OPENSSL_strdup(filename);
+if (ep->filename == NULL) {
+OPENSSL_free(ep);
+ep = NULL;
+BIO_printf(bio_err, "out of memory\n");
+return 1;
+}
 if (bp->last_entry)
 bp->last_entry->next = ep;
 if (bp->first_entry == NULL)

[openssl] master update

2022-02-14 Thread tomas 
The branch master has been updated
   via  79cda38cff834224fb9d86dc7433b4f60688ce49 (commit)
  from  bb2fb5d7cc6c4abc888c3fd6df4366b6dfde25a6 (commit)


- Log -
commit 79cda38cff834224fb9d86dc7433b4f60688ce49
Author: Jiasheng Jiang 
Date:   Thu Feb 10 11:21:47 2022 +0800

openssl rehash: add check for OPENSSL_strdup

As the potential failure of the memory allocation,
it should be better to check the return value of
OPENSSL_strdup() and return error if fails.
Also, we need to restore the 'ep' to be NULL if fails.

Signed-off-by: Jiasheng Jiang 

Reviewed-by: Paul Dale 
Reviewed-by: Tomas Mraz 
(Merged from https://github.com/openssl/openssl/pull/17676)

---

Summary of changes:
 apps/rehash.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/apps/rehash.c b/apps/rehash.c
index e0cdc9bc62..e0b7954607 100644
--- a/apps/rehash.c
+++ b/apps/rehash.c
@@ -168,6 +168,12 @@ static int add_entry(enum Type type, unsigned int hash, 
const char *filename,
 *ep = nilhentry;
 ep->old_id = ~0;
 ep->filename = OPENSSL_strdup(filename);
+if (ep->filename == NULL) {
+OPENSSL_free(ep);
+ep = NULL;
+BIO_printf(bio_err, "out of memory\n");
+return 1;
+}
 if (bp->last_entry)
 bp->last_entry->next = ep;
 if (bp->first_entry == NULL)