[openssl/openssl] 9167a4: Adapt CRYPTO_secure_malloc() like CRYPTO_malloc()

Richard Levitte noreply at github.com
Wed Oct 5 12:05:37 UTC 2022


  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: 9167a47f78159b0578bc032401ab1d66e14eecdb
      https://github.com/openssl/openssl/commit/9167a47f78159b0578bc032401ab1d66e14eecdb
  Author: Richard Levitte <levitte at openssl.org>
  Date:   2022-10-05 (Wed, 05 Oct 2022)

  Changed paths:
    M crypto/mem_sec.c

  Log Message:
  -----------
  Adapt CRYPTO_secure_malloc() like CRYPTO_malloc()

In other words, make it raise ERR_R_MALLOC_FAILURE appropriately.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19301)


  Commit: e077455e9e57ed4ee4676996b4a9aa11df6327a6
      https://github.com/openssl/openssl/commit/e077455e9e57ed4ee4676996b4a9aa11df6327a6
  Author: Richard Levitte <levitte at openssl.org>
  Date:   2022-10-05 (Wed, 05 Oct 2022)

  Changed paths:
    M crypto/asn1/a_bitstr.c
    M crypto/asn1/a_d2i_fp.c
    M crypto/asn1/a_digest.c
    M crypto/asn1/a_dup.c
    M crypto/asn1/a_i2d_fp.c
    M crypto/asn1/a_int.c
    M crypto/asn1/a_mbstr.c
    M crypto/asn1/a_object.c
    M crypto/asn1/a_sign.c
    M crypto/asn1/a_strex.c
    M crypto/asn1/a_strnid.c
    M crypto/asn1/a_time.c
    M crypto/asn1/a_verify.c
    M crypto/asn1/ameth_lib.c
    M crypto/asn1/asn1_gen.c
    M crypto/asn1/asn1_lib.c
    M crypto/asn1/asn_mime.c
    M crypto/asn1/asn_moid.c
    M crypto/asn1/asn_mstbl.c
    M crypto/asn1/asn_pack.c
    M crypto/asn1/bio_asn1.c
    M crypto/asn1/bio_ndef.c
    M crypto/asn1/f_int.c
    M crypto/asn1/f_string.c
    M crypto/asn1/p5_pbe.c
    M crypto/asn1/p5_pbev2.c
    M crypto/asn1/p5_scrypt.c
    M crypto/asn1/tasn_dec.c
    M crypto/asn1/tasn_enc.c
    M crypto/asn1/tasn_new.c
    M crypto/asn1/tasn_prn.c
    M crypto/asn1/tasn_scn.c
    M crypto/asn1/tasn_utl.c
    M crypto/asn1/x_info.c
    M crypto/asn1/x_int64.c
    M crypto/asn1/x_pkey.c
    M crypto/async/arch/async_posix.c
    M crypto/async/async.c
    M crypto/async/async_wait.c
    M crypto/bio/bf_buff.c
    M crypto/bio/bf_lbuf.c
    M crypto/bio/bf_nbio.c
    M crypto/bio/bio_addr.c
    M crypto/bio/bio_lib.c
    M crypto/bio/bio_meth.c
    M crypto/bio/bio_print.c
    M crypto/bio/bio_sock.c
    M crypto/bio/bss_acpt.c
    M crypto/bio/bss_bio.c
    M crypto/bio/bss_conn.c
    M crypto/bio/bss_dgram.c
    M crypto/bio/bss_dgram_pair.c
    M crypto/bio/bss_log.c
    M crypto/bio/bss_mem.c
    M crypto/bn/bn_blind.c
    M crypto/bn/bn_conv.c
    M crypto/bn/bn_ctx.c
    M crypto/bn/bn_gcd.c
    M crypto/bn/bn_gf2m.c
    M crypto/bn/bn_intern.c
    M crypto/bn/bn_lib.c
    M crypto/bn/bn_mod.c
    M crypto/bn/bn_mont.c
    M crypto/bn/bn_prime.c
    M crypto/bn/bn_rand.c
    M crypto/bn/bn_recp.c
    M crypto/buffer/buffer.c
    M crypto/cmac/cmac.c
    M crypto/cmp/cmp_ctx.c
    M crypto/cmp/cmp_msg.c
    M crypto/cms/cms_dd.c
    M crypto/cms/cms_enc.c
    M crypto/cms/cms_env.c
    M crypto/cms/cms_ess.c
    M crypto/cms/cms_io.c
    M crypto/cms/cms_lib.c
    M crypto/cms/cms_pwri.c
    M crypto/cms/cms_sd.c
    M crypto/cms/cms_smime.c
    M crypto/comp/c_zlib.c
    M crypto/comp/comp_lib.c
    M crypto/conf/conf_def.c
    M crypto/conf/conf_lib.c
    M crypto/conf/conf_mod.c
    M crypto/core_algorithm.c
    M crypto/ct/ct_b64.c
    M crypto/ct/ct_log.c
    M crypto/ct/ct_oct.c
    M crypto/ct/ct_policy.c
    M crypto/ct/ct_sct.c
    M crypto/ct/ct_sct_ctx.c
    M crypto/dh/dh_ameth.c
    M crypto/dh/dh_err.c
    M crypto/dh/dh_key.c
    M crypto/dh/dh_lib.c
    M crypto/dh/dh_meth.c
    M crypto/dh/dh_pmeth.c
    M crypto/dsa/dsa_ameth.c
    M crypto/dsa/dsa_backend.c
    M crypto/dsa/dsa_lib.c
    M crypto/dsa/dsa_meth.c
    M crypto/dsa/dsa_sign.c
    M crypto/dso/dso_dl.c
    M crypto/dso/dso_dlfcn.c
    M crypto/dso/dso_lib.c
    M crypto/dso/dso_vms.c
    M crypto/dso/dso_win32.c
    M crypto/ec/ec2_smpl.c
    M crypto/ec/ec_ameth.c
    M crypto/ec/ec_asn1.c
    M crypto/ec/ec_backend.c
    M crypto/ec/ec_check.c
    M crypto/ec/ec_curve.c
    M crypto/ec/ec_deprecated.c
    M crypto/ec/ec_key.c
    M crypto/ec/ec_kmeth.c
    M crypto/ec/ec_lib.c
    M crypto/ec/ec_mult.c
    M crypto/ec/ec_oct.c
    M crypto/ec/ec_pmeth.c
    M crypto/ec/ecdh_ossl.c
    M crypto/ec/ecdsa_ossl.c
    M crypto/ec/eck_prn.c
    M crypto/ec/ecp_nistp224.c
    M crypto/ec/ecp_nistp256.c
    M crypto/ec/ecp_nistp521.c
    M crypto/ec/ecp_nistz256.c
    M crypto/ec/ecp_s390x_nistp.c
    M crypto/ec/ecp_smpl.c
    M crypto/ec/ecx_backend.c
    M crypto/ec/ecx_key.c
    M crypto/ec/ecx_meth.c
    M crypto/encode_decode/decoder_lib.c
    M crypto/encode_decode/decoder_meth.c
    M crypto/encode_decode/decoder_pkey.c
    M crypto/encode_decode/encoder_lib.c
    M crypto/encode_decode/encoder_meth.c
    M crypto/encode_decode/encoder_pkey.c
    M crypto/engine/eng_dyn.c
    M crypto/engine/eng_init.c
    M crypto/engine/eng_lib.c
    M crypto/engine/eng_list.c
    M crypto/engine/eng_openssl.c
    M crypto/engine/tb_asnmth.c
    M crypto/err/openssl.txt
    M crypto/ess/ess_lib.c
    M crypto/evp/asymcipher.c
    M crypto/evp/bio_b64.c
    M crypto/evp/bio_enc.c
    M crypto/evp/bio_ok.c
    M crypto/evp/ctrl_params_translate.c
    M crypto/evp/digest.c
    M crypto/evp/e_aes.c
    M crypto/evp/e_aria.c
    M crypto/evp/evp_enc.c
    M crypto/evp/evp_fetch.c
    M crypto/evp/evp_pbe.c
    M crypto/evp/evp_pkey.c
    M crypto/evp/evp_rand.c
    M crypto/evp/exchange.c
    M crypto/evp/kdf_lib.c
    M crypto/evp/kdf_meth.c
    M crypto/evp/kem.c
    M crypto/evp/keymgmt_lib.c
    M crypto/evp/keymgmt_meth.c
    M crypto/evp/mac_lib.c
    M crypto/evp/mac_meth.c
    M crypto/evp/p_lib.c
    M crypto/evp/p_open.c
    M crypto/evp/p_seal.c
    M crypto/evp/p_sign.c
    M crypto/evp/p_verify.c
    M crypto/evp/pmeth_gn.c
    M crypto/evp/pmeth_lib.c
    M crypto/evp/signature.c
    M crypto/ex_data.c
    M crypto/init.c
    M crypto/lhash/lhash.c
    M crypto/modes/ocb128.c
    M crypto/o_fopen.c
    M crypto/o_str.c
    M crypto/objects/o_names.c
    M crypto/objects/obj_dat.c
    M crypto/objects/obj_lib.c
    M crypto/objects/obj_xref.c
    M crypto/ocsp/ocsp_vfy.c
    M crypto/ocsp/v3_ocsp.c
    M crypto/packet.c
    M crypto/param_build.c
    M crypto/params.c
    M crypto/params_dup.c
    M crypto/params_from_text.c
    M crypto/passphrase.c
    M crypto/pem/pem_info.c
    M crypto/pem/pem_lib.c
    M crypto/pem/pem_sign.c
    M crypto/pem/pvkfmt.c
    M crypto/pkcs12/p12_add.c
    M crypto/pkcs12/p12_decr.c
    M crypto/pkcs12/p12_init.c
    M crypto/pkcs12/p12_key.c
    M crypto/pkcs12/p12_kiss.c
    M crypto/pkcs12/p12_mutl.c
    M crypto/pkcs12/p12_p8e.c
    M crypto/pkcs12/p12_sbag.c
    M crypto/pkcs12/p12_utl.c
    M crypto/pkcs7/pk7_asn1.c
    M crypto/pkcs7/pk7_attr.c
    M crypto/pkcs7/pk7_doit.c
    M crypto/pkcs7/pk7_lib.c
    M crypto/pkcs7/pk7_smime.c
    M crypto/provider.c
    M crypto/provider_conf.c
    M crypto/provider_core.c
    M crypto/rand/prov_seed.c
    M crypto/rand/rand_lib.c
    M crypto/rand/rand_pool.c
    M crypto/rsa/rsa_ameth.c
    M crypto/rsa/rsa_backend.c
    M crypto/rsa/rsa_chk.c
    M crypto/rsa/rsa_crpt.c
    M crypto/rsa/rsa_lib.c
    M crypto/rsa/rsa_meth.c
    M crypto/rsa/rsa_mp.c
    M crypto/rsa/rsa_oaep.c
    M crypto/rsa/rsa_ossl.c
    M crypto/rsa/rsa_pk1.c
    M crypto/rsa/rsa_pmeth.c
    M crypto/rsa/rsa_pss.c
    M crypto/rsa/rsa_saos.c
    M crypto/rsa/rsa_sign.c
    M crypto/sm2/sm2_crypt.c
    M crypto/sm2/sm2_sign.c
    M crypto/srp/srp_vfy.c
    M crypto/stack/stack.c
    M crypto/store/store_lib.c
    M crypto/store/store_register.c
    M crypto/ts/ts_req_utils.c
    M crypto/ts/ts_rsp_sign.c
    M crypto/ts/ts_rsp_utils.c
    M crypto/ts/ts_rsp_verify.c
    M crypto/ts/ts_verify_ctx.c
    M crypto/ui/ui_lib.c
    M crypto/x509/by_dir.c
    M crypto/x509/by_file.c
    M crypto/x509/pcy_cache.c
    M crypto/x509/pcy_data.c
    M crypto/x509/pcy_node.c
    M crypto/x509/pcy_tree.c
    M crypto/x509/v3_addr.c
    M crypto/x509/v3_akid.c
    M crypto/x509/v3_asid.c
    M crypto/x509/v3_bcons.c
    M crypto/x509/v3_bitst.c
    M crypto/x509/v3_conf.c
    M crypto/x509/v3_cpols.c
    M crypto/x509/v3_crld.c
    M crypto/x509/v3_extku.c
    M crypto/x509/v3_ia5.c
    M crypto/x509/v3_info.c
    M crypto/x509/v3_ist.c
    M crypto/x509/v3_lib.c
    M crypto/x509/v3_ncons.c
    M crypto/x509/v3_pci.c
    M crypto/x509/v3_pcons.c
    M crypto/x509/v3_pmaps.c
    M crypto/x509/v3_purp.c
    M crypto/x509/v3_san.c
    M crypto/x509/v3_skid.c
    M crypto/x509/v3_sxnet.c
    M crypto/x509/v3_tlsf.c
    M crypto/x509/v3_utf8.c
    M crypto/x509/v3_utl.c
    M crypto/x509/x509_att.c
    M crypto/x509/x509_cmp.c
    M crypto/x509/x509_lu.c
    M crypto/x509/x509_meth.c
    M crypto/x509/x509_obj.c
    M crypto/x509/x509_r2x.c
    M crypto/x509/x509_req.c
    M crypto/x509/x509_trust.c
    M crypto/x509/x509_v3.c
    M crypto/x509/x509_vfy.c
    M crypto/x509/x509_vpm.c
    M crypto/x509/x509name.c
    M crypto/x509/x509spki.c
    M crypto/x509/x_crl.c
    M crypto/x509/x_name.c
    M crypto/x509/x_pubkey.c
    M crypto/x509/x_req.c
    M crypto/x509/x_x509.c
    M engines/e_capi.c
    M engines/e_dasync.c
    M engines/e_loader_attic.c
    M include/crypto/dherr.h
    M include/openssl/dherr.h
    M include/openssl/err.h.in
    M providers/common/provider_util.c
    M providers/implementations/asymciphers/rsa_enc.c
    M providers/implementations/ciphers/cipher_aes.c
    M providers/implementations/ciphers/cipher_aes_gcm_siv.c
    M providers/implementations/ciphers/cipher_aes_ocb.c
    M providers/implementations/ciphers/cipher_aes_siv.c
    M providers/implementations/ciphers/cipher_aes_xts.c
    M providers/implementations/ciphers/cipher_aria.c
    M providers/implementations/ciphers/cipher_blowfish.c
    M providers/implementations/ciphers/cipher_camellia.c
    M providers/implementations/ciphers/cipher_cast5.c
    M providers/implementations/ciphers/cipher_des.c
    M providers/implementations/ciphers/cipher_idea.c
    M providers/implementations/ciphers/cipher_rc2.c
    M providers/implementations/ciphers/cipher_rc4.c
    M providers/implementations/ciphers/cipher_rc5.c
    M providers/implementations/ciphers/cipher_seed.c
    M providers/implementations/ciphers/cipher_sm4.c
    M providers/implementations/ciphers/cipher_tdes_common.c
    M providers/implementations/encode_decode/decode_msblob2key.c
    M providers/implementations/encode_decode/encode_key2any.c
    M providers/implementations/encode_decode/encode_key2text.c
    M providers/implementations/exchange/dh_exch.c
    M providers/implementations/exchange/ecdh_exch.c
    M providers/implementations/exchange/ecx_exch.c
    M providers/implementations/kdfs/hkdf.c
    M providers/implementations/kdfs/kbkdf.c
    M providers/implementations/kdfs/krb5kdf.c
    M providers/implementations/kdfs/pbkdf1.c
    M providers/implementations/kdfs/pbkdf2.c
    M providers/implementations/kdfs/pkcs12kdf.c
    M providers/implementations/kdfs/pvkkdf.c
    M providers/implementations/kdfs/scrypt.c
    M providers/implementations/kdfs/sshkdf.c
    M providers/implementations/kdfs/sskdf.c
    M providers/implementations/kdfs/tls1_prf.c
    M providers/implementations/kdfs/x942kdf.c
    M providers/implementations/keymgmt/ec_kmgmt.c
    M providers/implementations/keymgmt/ecx_kmgmt.c
    M providers/implementations/keymgmt/mac_legacy_kmgmt.c
    M providers/implementations/macs/kmac_prov.c
    M providers/implementations/rands/drbg.c
    M providers/implementations/rands/drbg_ctr.c
    M providers/implementations/rands/drbg_hash.c
    M providers/implementations/rands/drbg_hmac.c
    M providers/implementations/rands/seed_src.c
    M providers/implementations/signature/dsa_sig.c
    M providers/implementations/signature/ecdsa_sig.c
    M providers/implementations/signature/eddsa_sig.c
    M providers/implementations/signature/mac_legacy_sig.c
    M providers/implementations/signature/rsa_sig.c
    M providers/implementations/signature/sm2_sig.c
    M providers/implementations/storemgmt/file_store.c
    M providers/implementations/storemgmt/file_store_any2obj.c
    M providers/implementations/storemgmt/winstore_store.c
    M ssl/bio_ssl.c
    M ssl/d1_lib.c
    M ssl/pqueue.c
    M ssl/priority_queue.c
    M ssl/quic/quic_record_rx_wrap.c
    M ssl/record/methods/dtls_meth.c
    M ssl/record/methods/tls1_meth.c
    M ssl/record/methods/tls_common.c
    M ssl/record/rec_layer_d1.c
    M ssl/record/ssl3_buffer.c
    M ssl/s3_enc.c
    M ssl/s3_lib.c
    M ssl/ssl_cert.c
    M ssl/ssl_ciph.c
    M ssl/ssl_lib.c
    M ssl/ssl_rsa.c
    M ssl/ssl_sess.c
    M ssl/statem/extensions.c
    M ssl/statem/extensions_clnt.c
    M ssl/statem/extensions_srvr.c
    M ssl/statem/statem_clnt.c
    M ssl/statem/statem_dtls.c
    M ssl/statem/statem_lib.c
    M ssl/statem/statem_srvr.c
    M ssl/t1_enc.c
    M ssl/t1_lib.c
    M ssl/tls13_enc.c
    M ssl/tls_srp.c

  Log Message:
  -----------
  Stop raising ERR_R_MALLOC_FAILURE in most places

Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,
there's no need to report ERR_R_MALLOC_FAILURE where they are called
directly, or when SSLfatal() and RLAYERfatal() is used, the reason
`ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`.

There were a number of places where `ERR_R_MALLOC_FAILURE` was reported
even though it was a function from a different sub-system that was
called.  Those places are changed to report ERR_R_{lib}_LIB, where
{lib} is the name of that sub-system.
Some of them are tricky to get right, as we have a lot of functions
that belong in the ASN1 sub-system, and all the `sk_` calls or from
the CRYPTO sub-system.

Some extra adaptation was necessary where there were custom OPENSSL_malloc()
wrappers, and some bugs are fixed alongside these changes.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19301)


  Commit: 79c8dcf3985a7b75eac8e53eb8652728af6c5d3d
      https://github.com/openssl/openssl/commit/79c8dcf3985a7b75eac8e53eb8652728af6c5d3d
  Author: Richard Levitte <levitte at openssl.org>
  Date:   2022-10-05 (Wed, 05 Oct 2022)

  Changed paths:
    M engines/e_capi_err.c
    M engines/e_capi_err.h
    M util/mkerr.pl

  Log Message:
  -----------
  Add {lib}_R_{lib}_LIB, for our engines and other "external" modules

Engines lacked the possibility to refer to themselves in this form:

    WHATEVERerr(WHATEVER_F_SOMETHING, WHATEVER_R_WHATEVER_LIB);

This little change makes that possible, and gets used in e_capi.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19301)


Compare: https://github.com/openssl/openssl/compare/894f2166ef2c...79c8dcf3985a


More information about the openssl-commits mailing list