[openssl-dev] [openssl.org #3701] [PATCH] Use BUF_memdup where appropiate

Cristian Rodríguez via RT rt at openssl.org
Fri Feb 13 14:08:13 UTC 2015


---
 crypto/asn1/tasn_utl.c        |  4 ++--
 crypto/cms/cms_enc.c          |  4 ++--
 crypto/ec/ec_mult.c           |  4 ++--
 crypto/engine/eng_cryptodev.c |  4 ++--
 crypto/evp/e_aes.c            |  4 ++--
 crypto/evp/evp_enc.c          |  4 ++--
 engines/ccgost/gost_pmeth.c   |  7 +++----
 ssl/s3_clnt.c                 |  3 +--
 ssl/s3_lib.c                  |  4 ++--
 ssl/s3_srvr.c                 |  3 +--
 ssl/ssl_cert.c                | 13 ++++++-------
 ssl/ssl_lib.c                 | 13 +++++--------
 ssl/t1_lib.c                  | 10 ++++------
 13 files changed, 34 insertions(+), 43 deletions(-)

diff --git a/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.c
index 2e14c2f..ce1b998 100644
--- a/crypto/asn1/tasn_utl.c
+++ b/crypto/asn1/tasn_utl.c
@@ -63,6 +63,7 @@
 #include <openssl/asn1t.h>
 #include <openssl/objects.h>
 #include <openssl/err.h>
+#include <openssl/buffer.h>
 
 /* Utility functions for manipulating fields and offsets */
 
@@ -171,10 +172,9 @@ int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
 
     if (enc->enc)
         OPENSSL_free(enc->enc);
-    enc->enc = OPENSSL_malloc(inlen);
+    enc->enc = BUF_memdup(in, inlen);
     if (!enc->enc)
         return 0;
-    memcpy(enc->enc, in, inlen);
     enc->len = inlen;
     enc->modified = 0;
 
diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
index 85ae928..a2b3848 100644
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@@ -59,6 +59,7 @@
 #include <openssl/err.h>
 #include <openssl/cms.h>
 #include <openssl/rand.h>
+#include <openssl/buffer.h>
 #include "cms_lcl.h"
 
 /* CMS EncryptedData Utilities */
@@ -216,10 +217,9 @@ int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
 {
     ec->cipher = cipher;
     if (key) {
-        ec->key = OPENSSL_malloc(keylen);
+        ec->key = BUF_memdup(key, keylen);
         if (!ec->key)
             return 0;
-        memcpy(ec->key, key, keylen);
     }
     ec->keylen = keylen;
     if (cipher)
diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
index 16b37db..81583a1 100644
--- a/crypto/ec/ec_mult.c
+++ b/crypto/ec/ec_mult.c
@@ -63,6 +63,7 @@
 
 #include <string.h>
 #include <openssl/err.h>
+#include <openssl/buffer.h>
 
 #include "internal/bn_int.h"
 #include "ec_lcl.h"
@@ -414,13 +415,12 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                         wNAF_len[i] = tmp_len;
 
                     wNAF[i + 1] = NULL;
-                    wNAF[i] = OPENSSL_malloc(wNAF_len[i]);
+                    wNAF[i] = BUF_memdup(pp, wNAF_len[i]);
                     if (wNAF[i] == NULL) {
                         ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
                         OPENSSL_free(tmp_wNAF);
                         goto err;
                     }
-                    memcpy(wNAF[i], pp, wNAF_len[i]);
                     if (wNAF_len[i] > max_len)
                         max_len = wNAF_len[i];
 
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
index 65efc81..3ccc337 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
@@ -30,6 +30,7 @@
 #include <openssl/engine.h>
 #include <openssl/evp.h>
 #include <openssl/bn.h>
+#include <openssl/buffer.h>
 #include "../bn/bn_lcl.h"
 
 #if (defined(__unix__) || defined(unix)) && !defined(USG) && \
@@ -939,12 +940,11 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
 
     if (fstate->mac_len != 0) {
         if (fstate->mac_data != NULL) {
-            dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
+            dstate->mac_data = BUF_memdup(fstate->mac_data, fstate->mac_len);
             if (dstate->mac_data == NULL) {
                 printf("cryptodev_digest_copy: mac_data allocation failed\n");
                 return (0);
             }
-            memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
             dstate->mac_len = fstate->mac_len;
         }
     }
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 4fab21b..84117a0 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -58,6 +58,7 @@
 # include "evp_locl.h"
 # include "modes_lcl.h"
 # include <openssl/rand.h>
+# include <openssl/buffer.h>
 
 typedef struct {
     union {
@@ -1353,10 +1354,9 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
             if (gctx->iv == c->iv)
                 gctx_out->iv = out->iv;
             else {
-                gctx_out->iv = OPENSSL_malloc(gctx->ivlen);
+                gctx_out->iv = BUF_memdup(gctx->iv, gctx->ivlen);
                 if (!gctx_out->iv)
                     return 0;
-                memcpy(gctx_out->iv, gctx->iv, gctx->ivlen);
             }
             return 1;
         }
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 3d40b04..e9b84db 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -61,6 +61,7 @@
 #include <openssl/evp.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
+#include <openssl/buffer.h>
 #ifndef OPENSSL_NO_ENGINE
 # include <openssl/engine.h>
 #endif
@@ -623,12 +624,11 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
     memcpy(out, in, sizeof *out);
 
     if (in->cipher_data && in->cipher->ctx_size) {
-        out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
+        out->cipher_data = BUF_memdup(in->cipher_data, in->cipher->ctx_size);
         if (!out->cipher_data) {
             EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE);
             return 0;
         }
-        memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
     }
 
     if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
diff --git a/engines/ccgost/gost_pmeth.c b/engines/ccgost/gost_pmeth.c
index f1220e8..6ff8f1d 100644
--- a/engines/ccgost/gost_pmeth.c
+++ b/engines/ccgost/gost_pmeth.c
@@ -12,6 +12,7 @@
 #include <openssl/ec.h>
 #include <openssl/err.h>
 #include <openssl/x509v3.h>     /* For string_to_hex */
+#include <openssl/buffer.h>
 #include <stdlib.h>
 #include <string.h>
 #include <ctype.h>
@@ -106,12 +107,11 @@ static int pkey_gost_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         pctx->sign_param_nid = (int)p1;
         return 1;
     case EVP_PKEY_CTRL_SET_IV:
-        pctx->shared_ukm = OPENSSL_malloc((int)p1);
+        pctx->shared_ukm = BUF_memdup(p2, (int)p1);
         if (pctx->shared_ukm == NULL) {
             GOSTerr(GOST_F_PKEY_GOST_CTRL, ERR_R_MALLOC_FAILURE);
             return 0;
         }
-        memcpy(pctx->shared_ukm, p2, (int)p1);
         return 1;
     case EVP_PKEY_CTRL_PEER_KEY:
         if (p1 == 0 || p1 == 1) /* call from EVP_PKEY_derive_set_peer */
@@ -531,10 +531,9 @@ static int pkey_gost_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
         GOSTerr(GOST_F_PKEY_GOST_MAC_KEYGEN, GOST_R_MAC_KEY_NOT_SET);
         return 0;
     }
-    keydata = OPENSSL_malloc(32);
+    keydata = BUF_memdup(data->key, 32);
     if (keydata == NULL)
         return 0;
-    memcpy(keydata, data->key, 32);
     EVP_PKEY_assign(pkey, NID_id_Gost28147_89_MAC, keydata);
     return 1;
 }
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 1e437b2..51f95dc 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2173,12 +2173,11 @@ int ssl3_get_new_session_ticket(SSL *s)
         OPENSSL_free(s->session->tlsext_tick);
         s->session->tlsext_ticklen = 0;
     }
-    s->session->tlsext_tick = OPENSSL_malloc(ticklen);
+    s->session->tlsext_tick = BUF_memdup(p, ticklen);
     if (!s->session->tlsext_tick) {
         SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
         goto err;
     }
-    memcpy(s->session->tlsext_tick, p, ticklen);
     s->session->tlsext_ticklen = ticklen;
     /*
      * There are two ways to detect a resumed ticket session. One is to set
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index ab19eeb..9bf8867 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -156,6 +156,7 @@
 #ifndef OPENSSL_NO_DH
 # include <openssl/dh.h>
 #endif
+#include <openssl/buffer.h>
 
 const char ssl3_version_str[] = "SSLv3" OPENSSL_VERSION_PTEXT;
 
@@ -4460,10 +4461,9 @@ static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
         return 1;
     if (len > 0xff)
         return 0;
-    c->ctypes = OPENSSL_malloc(len);
+    c->ctypes = BUF_memdup(p, len);
     if (!c->ctypes)
         return 0;
-    memcpy(c->ctypes, p, len);
     c->ctype_num = len;
     return 1;
 }
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 8819fed..ca6a0b0 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -3519,12 +3519,11 @@ int ssl3_get_next_proto(SSL *s)
     if (proto_len + padding_len + 2 != s->init_num)
         return 0;
 
-    s->next_proto_negotiated = OPENSSL_malloc(proto_len);
+    s->next_proto_negotiated = BUF_memdup(p + 1, proto_len);
     if (!s->next_proto_negotiated) {
         SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, ERR_R_MALLOC_FAILURE);
         return 0;
     }
-    memcpy(s->next_proto_negotiated, p + 1, proto_len);
     s->next_proto_negotiated_len = proto_len;
 
     return 1;
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 9742599..3116c9e 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -132,6 +132,7 @@
 # include <openssl/dh.h>
 #endif
 #include <openssl/bn.h>
+#include <openssl/buffer.h>
 #include "ssl_locl.h"
 
 static int ssl_security_default_callback(SSL *s, SSL_CTX *ctx, int op,
@@ -324,20 +325,19 @@ CERT *ssl_cert_dup(CERT *cert)
     /* Configured sigalgs however we copy across */
 
     if (cert->conf_sigalgs) {
-        ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen);
+        ret->conf_sigalgs = BUF_memdup(cert->conf_sigalgs,
+                                       cert->conf_sigalgslen);
         if (!ret->conf_sigalgs)
             goto err;
-        memcpy(ret->conf_sigalgs, cert->conf_sigalgs, cert->conf_sigalgslen);
         ret->conf_sigalgslen = cert->conf_sigalgslen;
     } else
         ret->conf_sigalgs = NULL;
 
     if (cert->client_sigalgs) {
-        ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen);
+        ret->client_sigalgs = BUF_memdup(cert->client_sigalgs,
+                                         cert->client_sigalgslen);
         if (!ret->client_sigalgs)
             goto err;
-        memcpy(ret->client_sigalgs, cert->client_sigalgs,
-               cert->client_sigalgslen);
         ret->client_sigalgslen = cert->client_sigalgslen;
     } else
         ret->client_sigalgs = NULL;
@@ -345,10 +345,9 @@ CERT *ssl_cert_dup(CERT *cert)
     ret->shared_sigalgs = NULL;
     /* Copy any custom client certificate types */
     if (cert->ctypes) {
-        ret->ctypes = OPENSSL_malloc(cert->ctype_num);
+        ret->ctypes = BUF_memdup(cert->ctypes, cert->ctype_num);
         if (!ret->ctypes)
             goto err;
-        memcpy(ret->ctypes, cert->ctypes, cert->ctype_num);
         ret->ctype_num = cert->ctype_num;
     }
 
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index c535a42..7f672cb 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -159,6 +159,7 @@
 #ifndef OPENSSL_NO_ENGINE
 # include <openssl/engine.h>
 #endif
+#include <openssl/buffer.h>
 
 const char *SSL_version_str = OPENSSL_VERSION_TEXT;
 
@@ -362,12 +363,10 @@ SSL *SSL_new(SSL_CTX *ctx)
 # endif
 
     if (s->ctx->alpn_client_proto_list) {
-        s->alpn_client_proto_list =
-            OPENSSL_malloc(s->ctx->alpn_client_proto_list_len);
+        s->alpn_client_proto_list = BUF_memdup(s->ctx->alpn_client_proto_list,
+                                               s->ctx->alpn_client_proto_list_len);
         if (s->alpn_client_proto_list == NULL)
             goto err;
-        memcpy(s->alpn_client_proto_list, s->ctx->alpn_client_proto_list,
-               s->ctx->alpn_client_proto_list_len);
         s->alpn_client_proto_list_len = s->ctx->alpn_client_proto_list_len;
     }
 #endif
@@ -1742,10 +1741,9 @@ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
     if (ctx->alpn_client_proto_list)
         OPENSSL_free(ctx->alpn_client_proto_list);
 
-    ctx->alpn_client_proto_list = OPENSSL_malloc(protos_len);
+    ctx->alpn_client_proto_list = BUF_memdup(protos, protos_len);
     if (!ctx->alpn_client_proto_list)
         return 1;
-    memcpy(ctx->alpn_client_proto_list, protos, protos_len);
     ctx->alpn_client_proto_list_len = protos_len;
 
     return 0;
@@ -1762,10 +1760,9 @@ int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
     if (ssl->alpn_client_proto_list)
         OPENSSL_free(ssl->alpn_client_proto_list);
 
-    ssl->alpn_client_proto_list = OPENSSL_malloc(protos_len);
+    ssl->alpn_client_proto_list = BUF_memdup(protos, protos_len);
     if (!ssl->alpn_client_proto_list)
         return 1;
-    memcpy(ssl->alpn_client_proto_list, protos, protos_len);
     ssl->alpn_client_proto_list_len = protos_len;
 
     return 0;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index c91b761..02da497 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -119,6 +119,7 @@
 # include <openssl/dh.h>
 # include <openssl/bn.h>
 #endif
+#include <openssl/buffer.h>
 #include "ssl_locl.h"
 
 const char tls1_version_str[] = "TLSv1" OPENSSL_VERSION_PTEXT;
@@ -1765,12 +1766,11 @@ static int tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data,
     if (r == SSL_TLSEXT_ERR_OK) {
         if (s->s3->alpn_selected)
             OPENSSL_free(s->s3->alpn_selected);
-        s->s3->alpn_selected = OPENSSL_malloc(selected_len);
+        s->s3->alpn_selected = BUF_memdup(selected, selected_len);
         if (!s->s3->alpn_selected) {
             *al = SSL_AD_INTERNAL_ERROR;
             return -1;
         }
-        memcpy(s->s3->alpn_selected, selected, selected_len);
         s->s3->alpn_selected_len = selected_len;
     }
     return 0;
@@ -2494,12 +2494,11 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p,
                 *al = TLS1_AD_INTERNAL_ERROR;
                 return 0;
             }
-            s->next_proto_negotiated = OPENSSL_malloc(selected_len);
+            s->next_proto_negotiated = BUF_memdup(selected, selected_len);
             if (!s->next_proto_negotiated) {
                 *al = TLS1_AD_INTERNAL_ERROR;
                 return 0;
             }
-            memcpy(s->next_proto_negotiated, selected, selected_len);
             s->next_proto_negotiated_len = selected_len;
             s->s3->next_proto_neg_seen = 1;
         }
@@ -2537,12 +2536,11 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p,
             }
             if (s->s3->alpn_selected)
                 OPENSSL_free(s->s3->alpn_selected);
-            s->s3->alpn_selected = OPENSSL_malloc(len);
+            s->s3->alpn_selected = BUF_memdup(data + 3, len);
             if (!s->s3->alpn_selected) {
                 *al = TLS1_AD_INTERNAL_ERROR;
                 return 0;
             }
-            memcpy(s->s3->alpn_selected, data + 3, len);
             s->s3->alpn_selected_len = len;
         }
 # ifndef OPENSSL_NO_HEARTBEATS
-- 
2.2.2




More information about the openssl-dev mailing list