SCRUTINICE fixes

crypto/fipsmodule/ec/ec_key.c

@@ -589,7 +589,6 @@ EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *eckey_meth) {
 
   ret = OPENSSL_zalloc(sizeof(EC_KEY_METHOD));
   if(ret == NULL) {
-    OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE);
     return NULL;
   }
 

crypto/fipsmodule/evp/p_pqdsa.c

@@ -144,6 +144,11 @@ static int pkey_pqdsa_verify_generic(EVP_PKEY_CTX *ctx, const uint8_t *sig,
   PQDSA_PKEY_CTX *dctx = ctx->data;
   const PQDSA *pqdsa = dctx->pqdsa;
 
+  if (sig == NULL) {
+    OPENSSL_PUT_ERROR(EVP, EVP_R_MISSING_PARAMETERS);
+    return 0;
+  }
+
   if (pqdsa == NULL) {
     if (ctx->pkey == NULL) {
       OPENSSL_PUT_ERROR(EVP, EVP_R_NO_PARAMETERS_SET);

crypto/fipsmodule/ml_dsa/ml_dsa_ref/sign.c

@@ -26,8 +26,12 @@ static int ml_dsa_keypair_pct(ml_dsa_params *params,
                               uint8_t *pk,
                               uint8_t *sk) {
   uint8_t signature[MLDSA87_SIGNATURE_BYTES];
-  ml_dsa_sign(params, signature, &params->bytes, NULL, 0, NULL, 0, sk);
-  return ml_dsa_verify(params, signature, params->bytes, NULL, 0, NULL, 0, pk) == 0;
+  uint8_t empty_msg[1] = {0};
+  int ret = ml_dsa_sign(params, signature, &params->bytes, empty_msg, 0, NULL, 0, sk);
+  if (ret < 0) {
+    return 0;
+  }
+  return ml_dsa_verify(params, signature, params->bytes, empty_msg, 0, NULL, 0, pk) == 0;
 }
 #endif
 

crypto/fipsmodule/pqdsa/pqdsa.c

@@ -91,11 +91,13 @@ int PQDSA_KEY_set_raw_keypair_from_seed(PQDSA_KEY *key, CBS *in) {
 
   //allocate buffers to store key pair
   uint8_t *public_key = OPENSSL_malloc(key->pqdsa->public_key_len);
-  uint8_t *private_key = OPENSSL_malloc(key->pqdsa->private_key_len);
+  if (public_key == NULL) {
+    return 0;
+  }
 
-  // check buffers are allocated
-  if (public_key == NULL || private_key == NULL) {
-    OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE);
+  uint8_t *private_key = OPENSSL_malloc(key->pqdsa->private_key_len);
+  if (private_key == NULL) {
+    OPENSSL_free(public_key);
     return 0;
   }
 
@@ -131,7 +133,6 @@ int PQDSA_KEY_set_raw_private_key(PQDSA_KEY *key, CBS *in) {
   uint8_t *public_key = OPENSSL_malloc(pk_len);
 
   if (public_key == NULL) {
-    OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);
     return 0;
   }
 

crypto/fipsmodule/rsa/rsa.c

@@ -452,7 +452,6 @@ RSA_METHOD *RSA_meth_new(const char *name, int flags) {
   RSA_METHOD *meth = OPENSSL_zalloc(sizeof(*meth));
 
   if (meth == NULL) {
-    OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE);
     return NULL;
   }