[openssl-dev] [openssl.org #3701] [PATCH] Use BUF_memdup where appropiate
Cristian Rodríguez via RT
rt at openssl.org
Fri Feb 13 14:08:13 UTC 2015
---
crypto/asn1/tasn_utl.c | 4 ++--
crypto/cms/cms_enc.c | 4 ++--
crypto/ec/ec_mult.c | 4 ++--
crypto/engine/eng_cryptodev.c | 4 ++--
crypto/evp/e_aes.c | 4 ++--
crypto/evp/evp_enc.c | 4 ++--
engines/ccgost/gost_pmeth.c | 7 +++----
ssl/s3_clnt.c | 3 +--
ssl/s3_lib.c | 4 ++--
ssl/s3_srvr.c | 3 +--
ssl/ssl_cert.c | 13 ++++++-------
ssl/ssl_lib.c | 13 +++++--------
ssl/t1_lib.c | 10 ++++------
13 files changed, 34 insertions(+), 43 deletions(-)
diff --git a/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.c
index 2e14c2f..ce1b998 100644
--- a/crypto/asn1/tasn_utl.c
+++ b/crypto/asn1/tasn_utl.c
@@ -63,6 +63,7 @@
#include <openssl/asn1t.h>
#include <openssl/objects.h>
#include <openssl/err.h>
+#include <openssl/buffer.h>
/* Utility functions for manipulating fields and offsets */
@@ -171,10 +172,9 @@ int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
if (enc->enc)
OPENSSL_free(enc->enc);
- enc->enc = OPENSSL_malloc(inlen);
+ enc->enc = BUF_memdup(in, inlen);
if (!enc->enc)
return 0;
- memcpy(enc->enc, in, inlen);
enc->len = inlen;
enc->modified = 0;
diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
index 85ae928..a2b3848 100644
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@@ -59,6 +59,7 @@
#include <openssl/err.h>
#include <openssl/cms.h>
#include <openssl/rand.h>
+#include <openssl/buffer.h>
#include "cms_lcl.h"
/* CMS EncryptedData Utilities */
@@ -216,10 +217,9 @@ int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
{
ec->cipher = cipher;
if (key) {
- ec->key = OPENSSL_malloc(keylen);
+ ec->key = BUF_memdup(key, keylen);
if (!ec->key)
return 0;
- memcpy(ec->key, key, keylen);
}
ec->keylen = keylen;
if (cipher)
diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
index 16b37db..81583a1 100644
--- a/crypto/ec/ec_mult.c
+++ b/crypto/ec/ec_mult.c
@@ -63,6 +63,7 @@
#include <string.h>
#include <openssl/err.h>
+#include <openssl/buffer.h>
#include "internal/bn_int.h"
#include "ec_lcl.h"
@@ -414,13 +415,12 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
wNAF_len[i] = tmp_len;
wNAF[i + 1] = NULL;
- wNAF[i] = OPENSSL_malloc(wNAF_len[i]);
+ wNAF[i] = BUF_memdup(pp, wNAF_len[i]);
if (wNAF[i] == NULL) {
ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
OPENSSL_free(tmp_wNAF);
goto err;
}
- memcpy(wNAF[i], pp, wNAF_len[i]);
if (wNAF_len[i] > max_len)
max_len = wNAF_len[i];
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
index 65efc81..3ccc337 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
@@ -30,6 +30,7 @@
#include <openssl/engine.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
+#include <openssl/buffer.h>
#include "../bn/bn_lcl.h"
#if (defined(__unix__) || defined(unix)) && !defined(USG) && \
@@ -939,12 +940,11 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
if (fstate->mac_len != 0) {
if (fstate->mac_data != NULL) {
- dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
+ dstate->mac_data = BUF_memdup(fstate->mac_data, fstate->mac_len);
if (dstate->mac_data == NULL) {
printf("cryptodev_digest_copy: mac_data allocation failed\n");
return (0);
}
- memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
dstate->mac_len = fstate->mac_len;
}
}
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 4fab21b..84117a0 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -58,6 +58,7 @@
# include "evp_locl.h"
# include "modes_lcl.h"
# include <openssl/rand.h>
+# include <openssl/buffer.h>
typedef struct {
union {
@@ -1353,10 +1354,9 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
if (gctx->iv == c->iv)
gctx_out->iv = out->iv;
else {
- gctx_out->iv = OPENSSL_malloc(gctx->ivlen);
+ gctx_out->iv = BUF_memdup(gctx->iv, gctx->ivlen);
if (!gctx_out->iv)
return 0;
- memcpy(gctx_out->iv, gctx->iv, gctx->ivlen);
}
return 1;
}
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 3d40b04..e9b84db 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -61,6 +61,7 @@
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/rand.h>
+#include <openssl/buffer.h>
#ifndef OPENSSL_NO_ENGINE
# include <openssl/engine.h>
#endif
@@ -623,12 +624,11 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
memcpy(out, in, sizeof *out);
if (in->cipher_data && in->cipher->ctx_size) {
- out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
+ out->cipher_data = BUF_memdup(in->cipher_data, in->cipher->ctx_size);
if (!out->cipher_data) {
EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE);
return 0;
}
- memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
}
if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
diff --git a/engines/ccgost/gost_pmeth.c b/engines/ccgost/gost_pmeth.c
index f1220e8..6ff8f1d 100644
--- a/engines/ccgost/gost_pmeth.c
+++ b/engines/ccgost/gost_pmeth.c
@@ -12,6 +12,7 @@
#include <openssl/ec.h>
#include <openssl/err.h>
#include <openssl/x509v3.h> /* For string_to_hex */
+#include <openssl/buffer.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
@@ -106,12 +107,11 @@ static int pkey_gost_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
pctx->sign_param_nid = (int)p1;
return 1;
case EVP_PKEY_CTRL_SET_IV:
- pctx->shared_ukm = OPENSSL_malloc((int)p1);
+ pctx->shared_ukm = BUF_memdup(p2, (int)p1);
if (pctx->shared_ukm == NULL) {
GOSTerr(GOST_F_PKEY_GOST_CTRL, ERR_R_MALLOC_FAILURE);
return 0;
}
- memcpy(pctx->shared_ukm, p2, (int)p1);
return 1;
case EVP_PKEY_CTRL_PEER_KEY:
if (p1 == 0 || p1 == 1) /* call from EVP_PKEY_derive_set_peer */
@@ -531,10 +531,9 @@ static int pkey_gost_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
GOSTerr(GOST_F_PKEY_GOST_MAC_KEYGEN, GOST_R_MAC_KEY_NOT_SET);
return 0;
}
- keydata = OPENSSL_malloc(32);
+ keydata = BUF_memdup(data->key, 32);
if (keydata == NULL)
return 0;
- memcpy(keydata, data->key, 32);
EVP_PKEY_assign(pkey, NID_id_Gost28147_89_MAC, keydata);
return 1;
}
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 1e437b2..51f95dc 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2173,12 +2173,11 @@ int ssl3_get_new_session_ticket(SSL *s)
OPENSSL_free(s->session->tlsext_tick);
s->session->tlsext_ticklen = 0;
}
- s->session->tlsext_tick = OPENSSL_malloc(ticklen);
+ s->session->tlsext_tick = BUF_memdup(p, ticklen);
if (!s->session->tlsext_tick) {
SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
goto err;
}
- memcpy(s->session->tlsext_tick, p, ticklen);
s->session->tlsext_ticklen = ticklen;
/*
* There are two ways to detect a resumed ticket session. One is to set
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index ab19eeb..9bf8867 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -156,6 +156,7 @@
#ifndef OPENSSL_NO_DH
# include <openssl/dh.h>
#endif
+#include <openssl/buffer.h>
const char ssl3_version_str[] = "SSLv3" OPENSSL_VERSION_PTEXT;
@@ -4460,10 +4461,9 @@ static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
return 1;
if (len > 0xff)
return 0;
- c->ctypes = OPENSSL_malloc(len);
+ c->ctypes = BUF_memdup(p, len);
if (!c->ctypes)
return 0;
- memcpy(c->ctypes, p, len);
c->ctype_num = len;
return 1;
}
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 8819fed..ca6a0b0 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -3519,12 +3519,11 @@ int ssl3_get_next_proto(SSL *s)
if (proto_len + padding_len + 2 != s->init_num)
return 0;
- s->next_proto_negotiated = OPENSSL_malloc(proto_len);
+ s->next_proto_negotiated = BUF_memdup(p + 1, proto_len);
if (!s->next_proto_negotiated) {
SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, ERR_R_MALLOC_FAILURE);
return 0;
}
- memcpy(s->next_proto_negotiated, p + 1, proto_len);
s->next_proto_negotiated_len = proto_len;
return 1;
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 9742599..3116c9e 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -132,6 +132,7 @@
# include <openssl/dh.h>
#endif
#include <openssl/bn.h>
+#include <openssl/buffer.h>
#include "ssl_locl.h"
static int ssl_security_default_callback(SSL *s, SSL_CTX *ctx, int op,
@@ -324,20 +325,19 @@ CERT *ssl_cert_dup(CERT *cert)
/* Configured sigalgs however we copy across */
if (cert->conf_sigalgs) {
- ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen);
+ ret->conf_sigalgs = BUF_memdup(cert->conf_sigalgs,
+ cert->conf_sigalgslen);
if (!ret->conf_sigalgs)
goto err;
- memcpy(ret->conf_sigalgs, cert->conf_sigalgs, cert->conf_sigalgslen);
ret->conf_sigalgslen = cert->conf_sigalgslen;
} else
ret->conf_sigalgs = NULL;
if (cert->client_sigalgs) {
- ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen);
+ ret->client_sigalgs = BUF_memdup(cert->client_sigalgs,
+ cert->client_sigalgslen);
if (!ret->client_sigalgs)
goto err;
- memcpy(ret->client_sigalgs, cert->client_sigalgs,
- cert->client_sigalgslen);
ret->client_sigalgslen = cert->client_sigalgslen;
} else
ret->client_sigalgs = NULL;
@@ -345,10 +345,9 @@ CERT *ssl_cert_dup(CERT *cert)
ret->shared_sigalgs = NULL;
/* Copy any custom client certificate types */
if (cert->ctypes) {
- ret->ctypes = OPENSSL_malloc(cert->ctype_num);
+ ret->ctypes = BUF_memdup(cert->ctypes, cert->ctype_num);
if (!ret->ctypes)
goto err;
- memcpy(ret->ctypes, cert->ctypes, cert->ctype_num);
ret->ctype_num = cert->ctype_num;
}
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index c535a42..7f672cb 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -159,6 +159,7 @@
#ifndef OPENSSL_NO_ENGINE
# include <openssl/engine.h>
#endif
+#include <openssl/buffer.h>
const char *SSL_version_str = OPENSSL_VERSION_TEXT;
@@ -362,12 +363,10 @@ SSL *SSL_new(SSL_CTX *ctx)
# endif
if (s->ctx->alpn_client_proto_list) {
- s->alpn_client_proto_list =
- OPENSSL_malloc(s->ctx->alpn_client_proto_list_len);
+ s->alpn_client_proto_list = BUF_memdup(s->ctx->alpn_client_proto_list,
+ s->ctx->alpn_client_proto_list_len);
if (s->alpn_client_proto_list == NULL)
goto err;
- memcpy(s->alpn_client_proto_list, s->ctx->alpn_client_proto_list,
- s->ctx->alpn_client_proto_list_len);
s->alpn_client_proto_list_len = s->ctx->alpn_client_proto_list_len;
}
#endif
@@ -1742,10 +1741,9 @@ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
if (ctx->alpn_client_proto_list)
OPENSSL_free(ctx->alpn_client_proto_list);
- ctx->alpn_client_proto_list = OPENSSL_malloc(protos_len);
+ ctx->alpn_client_proto_list = BUF_memdup(protos, protos_len);
if (!ctx->alpn_client_proto_list)
return 1;
- memcpy(ctx->alpn_client_proto_list, protos, protos_len);
ctx->alpn_client_proto_list_len = protos_len;
return 0;
@@ -1762,10 +1760,9 @@ int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
if (ssl->alpn_client_proto_list)
OPENSSL_free(ssl->alpn_client_proto_list);
- ssl->alpn_client_proto_list = OPENSSL_malloc(protos_len);
+ ssl->alpn_client_proto_list = BUF_memdup(protos, protos_len);
if (!ssl->alpn_client_proto_list)
return 1;
- memcpy(ssl->alpn_client_proto_list, protos, protos_len);
ssl->alpn_client_proto_list_len = protos_len;
return 0;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index c91b761..02da497 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -119,6 +119,7 @@
# include <openssl/dh.h>
# include <openssl/bn.h>
#endif
+#include <openssl/buffer.h>
#include "ssl_locl.h"
const char tls1_version_str[] = "TLSv1" OPENSSL_VERSION_PTEXT;
@@ -1765,12 +1766,11 @@ static int tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data,
if (r == SSL_TLSEXT_ERR_OK) {
if (s->s3->alpn_selected)
OPENSSL_free(s->s3->alpn_selected);
- s->s3->alpn_selected = OPENSSL_malloc(selected_len);
+ s->s3->alpn_selected = BUF_memdup(selected, selected_len);
if (!s->s3->alpn_selected) {
*al = SSL_AD_INTERNAL_ERROR;
return -1;
}
- memcpy(s->s3->alpn_selected, selected, selected_len);
s->s3->alpn_selected_len = selected_len;
}
return 0;
@@ -2494,12 +2494,11 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p,
*al = TLS1_AD_INTERNAL_ERROR;
return 0;
}
- s->next_proto_negotiated = OPENSSL_malloc(selected_len);
+ s->next_proto_negotiated = BUF_memdup(selected, selected_len);
if (!s->next_proto_negotiated) {
*al = TLS1_AD_INTERNAL_ERROR;
return 0;
}
- memcpy(s->next_proto_negotiated, selected, selected_len);
s->next_proto_negotiated_len = selected_len;
s->s3->next_proto_neg_seen = 1;
}
@@ -2537,12 +2536,11 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p,
}
if (s->s3->alpn_selected)
OPENSSL_free(s->s3->alpn_selected);
- s->s3->alpn_selected = OPENSSL_malloc(len);
+ s->s3->alpn_selected = BUF_memdup(data + 3, len);
if (!s->s3->alpn_selected) {
*al = TLS1_AD_INTERNAL_ERROR;
return 0;
}
- memcpy(s->s3->alpn_selected, data + 3, len);
s->s3->alpn_selected_len = len;
}
# ifndef OPENSSL_NO_HEARTBEATS
--
2.2.2
More information about the openssl-dev
mailing list