From 7de2b9c4afd90359e47d81a5fa70bcb8506fbf91 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Thu, 5 Apr 2018 15:13:55 -0400 Subject: [PATCH] Set error code if alloc returns NULL Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/5886) --- crypto/cmac/cmac.c | 6 ++++-- crypto/cpt_err.c | 10 ++++++++++ crypto/err/openssl.txt | 8 +++++++- crypto/hmac/hm_pmeth.c | 6 ++++-- crypto/modes/ocb128.c | 11 +++++++---- crypto/poly1305/poly1305_pmeth.c | 6 ++++-- crypto/siphash/siphash_pmeth.c | 6 ++++-- crypto/threads_none.c | 7 +++++-- crypto/threads_pthread.c | 14 ++++++++++---- crypto/threads_win.c | 7 +++++-- include/openssl/conferr.h | 2 +- include/openssl/cryptoerr.h | 6 ++++++ 12 files changed, 67 insertions(+), 22 deletions(-) diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c index 46e3cb7912..0c59659171 100644 --- a/crypto/cmac/cmac.c +++ b/crypto/cmac/cmac.c @@ -12,6 +12,7 @@ #include #include "internal/cryptlib.h" #include +#include struct CMAC_CTX_st { /* Cipher context to use */ @@ -46,9 +47,10 @@ CMAC_CTX *CMAC_CTX_new(void) { CMAC_CTX *ctx; - ctx = OPENSSL_malloc(sizeof(*ctx)); - if (ctx == NULL) + if ((ctx = OPENSSL_malloc(sizeof(*ctx))) == NULL) { + CRYPTOerr(CRYPTO_F_CMAC_CTX_NEW, ERR_R_MALLOC_FAILURE); return NULL; + } ctx->cctx = EVP_CIPHER_CTX_new(); if (ctx->cctx == NULL) { OPENSSL_free(ctx); diff --git a/crypto/cpt_err.c b/crypto/cpt_err.c index 43426eccab..da1004db8f 100644 --- a/crypto/cpt_err.c +++ b/crypto/cpt_err.c @@ -14,6 +14,7 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA CRYPTO_str_functs[] = { + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CMAC_CTX_NEW, 0), "CMAC_CTX_new"}, {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_DUP_EX_DATA, 0), "CRYPTO_dup_ex_data"}, {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_FREE_EX_DATA, 0), @@ -23,6 +24,10 @@ static const ERR_STRING_DATA CRYPTO_str_functs[] = { {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_MEMDUP, 0), "CRYPTO_memdup"}, {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_NEW_EX_DATA, 0), "CRYPTO_new_ex_data"}, + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_OCB128_COPY_CTX, 0), + "CRYPTO_ocb128_copy_ctx"}, + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_OCB128_INIT, 0), + "CRYPTO_ocb128_init"}, {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_SET_EX_DATA, 0), "CRYPTO_set_ex_data"}, {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_FIPS_MODE_SET, 0), "FIPS_mode_set"}, @@ -35,6 +40,11 @@ static const ERR_STRING_DATA CRYPTO_str_functs[] = { "OPENSSL_hexstr2buf"}, {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_INIT_CRYPTO, 0), "OPENSSL_init_crypto"}, + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_HMAC_INIT, 0), "pkey_hmac_init"}, + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_POLY1305_INIT, 0), + "pkey_poly1305_init"}, + {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_SIPHASH_INIT, 0), + "pkey_siphash_init"}, {0, NULL} }; diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index d1cc039b83..b238cd7967 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -335,13 +335,16 @@ CONF_F_NCONF_LOAD_BIO:110:NCONF_load_bio CONF_F_NCONF_LOAD_FP:114:NCONF_load_fp CONF_F_NCONF_NEW:111:NCONF_new CONF_F_PROCESS_INCLUDE:116:process_include -CONF_F_SSL_MODULE_INIT:122:ssl_module_init +CONF_F_SSL_MODULE_INIT:123:ssl_module_init CONF_F_STR_COPY:101:str_copy +CRYPTO_F_CMAC_CTX_NEW:120:CMAC_CTX_new CRYPTO_F_CRYPTO_DUP_EX_DATA:110:CRYPTO_dup_ex_data CRYPTO_F_CRYPTO_FREE_EX_DATA:111:CRYPTO_free_ex_data CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX:100:CRYPTO_get_ex_new_index CRYPTO_F_CRYPTO_MEMDUP:115:CRYPTO_memdup CRYPTO_F_CRYPTO_NEW_EX_DATA:112:CRYPTO_new_ex_data +CRYPTO_F_CRYPTO_OCB128_COPY_CTX:121:CRYPTO_ocb128_copy_ctx +CRYPTO_F_CRYPTO_OCB128_INIT:122:CRYPTO_ocb128_init CRYPTO_F_CRYPTO_SET_EX_DATA:102:CRYPTO_set_ex_data CRYPTO_F_FIPS_MODE_SET:109:FIPS_mode_set CRYPTO_F_GET_AND_LOCK:113:get_and_lock @@ -350,6 +353,9 @@ CRYPTO_F_OPENSSL_BUF2HEXSTR:117:OPENSSL_buf2hexstr CRYPTO_F_OPENSSL_FOPEN:119:openssl_fopen CRYPTO_F_OPENSSL_HEXSTR2BUF:118:OPENSSL_hexstr2buf CRYPTO_F_OPENSSL_INIT_CRYPTO:116:OPENSSL_init_crypto +CRYPTO_F_PKEY_HMAC_INIT:123:pkey_hmac_init +CRYPTO_F_PKEY_POLY1305_INIT:124:pkey_poly1305_init +CRYPTO_F_PKEY_SIPHASH_INIT:125:pkey_siphash_init CT_F_CTLOG_NEW:117:CTLOG_new CT_F_CTLOG_NEW_FROM_BASE64:118:CTLOG_new_from_base64 CT_F_CTLOG_NEW_FROM_CONF:119:ctlog_new_from_conf diff --git a/crypto/hmac/hm_pmeth.c b/crypto/hmac/hm_pmeth.c index 5b98477f9c..ceca6f7183 100644 --- a/crypto/hmac/hm_pmeth.c +++ b/crypto/hmac/hm_pmeth.c @@ -13,6 +13,7 @@ #include #include #include +#include #include "internal/evp_int.h" /* HMAC pkey context structure */ @@ -27,9 +28,10 @@ static int pkey_hmac_init(EVP_PKEY_CTX *ctx) { HMAC_PKEY_CTX *hctx; - hctx = OPENSSL_zalloc(sizeof(*hctx)); - if (hctx == NULL) + if ((hctx = OPENSSL_zalloc(sizeof(*hctx))) == NULL) { + CRYPTOerr(CRYPTO_F_PKEY_HMAC_INIT, ERR_R_MALLOC_FAILURE); return 0; + } hctx->ktmp.type = V_ASN1_OCTET_STRING; hctx->ctx = HMAC_CTX_new(); if (hctx->ctx == NULL) { diff --git a/crypto/modes/ocb128.c b/crypto/modes/ocb128.c index db794d0854..350c41fb01 100644 --- a/crypto/modes/ocb128.c +++ b/crypto/modes/ocb128.c @@ -9,6 +9,7 @@ #include #include +#include #include "modes_lcl.h" #ifndef OPENSSL_NO_OCB @@ -164,9 +165,10 @@ int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec, memset(ctx, 0, sizeof(*ctx)); ctx->l_index = 0; ctx->max_l_index = 5; - ctx->l = OPENSSL_malloc(ctx->max_l_index * 16); - if (ctx->l == NULL) + if ((ctx->l = OPENSSL_malloc(ctx->max_l_index * 16)) == NULL) { + CRYPTOerr(CRYPTO_F_CRYPTO_OCB128_INIT, ERR_R_MALLOC_FAILURE); return 0; + } /* * We set both the encryption and decryption key schedules - decryption @@ -210,9 +212,10 @@ int CRYPTO_ocb128_copy_ctx(OCB128_CONTEXT *dest, OCB128_CONTEXT *src, if (keydec) dest->keydec = keydec; if (src->l) { - dest->l = OPENSSL_malloc(src->max_l_index * 16); - if (dest->l == NULL) + if ((dest->l = OPENSSL_malloc(src->max_l_index * 16)) == NULL) { + CRYPTOerr(CRYPTO_F_CRYPTO_OCB128_COPY_CTX, ERR_R_MALLOC_FAILURE); return 0; + } memcpy(dest->l, src->l, (src->l_index + 1) * 16); } return 1; diff --git a/crypto/poly1305/poly1305_pmeth.c b/crypto/poly1305/poly1305_pmeth.c index 7bc6add681..1459a3266d 100644 --- a/crypto/poly1305/poly1305_pmeth.c +++ b/crypto/poly1305/poly1305_pmeth.c @@ -12,6 +12,7 @@ #include #include #include +#include #include "internal/poly1305.h" #include "poly1305_local.h" #include "internal/evp_int.h" @@ -27,9 +28,10 @@ static int pkey_poly1305_init(EVP_PKEY_CTX *ctx) { POLY1305_PKEY_CTX *pctx; - pctx = OPENSSL_zalloc(sizeof(*pctx)); - if (pctx == NULL) + if ((pctx = OPENSSL_zalloc(sizeof(*pctx))) == NULL) { + CRYPTOerr(CRYPTO_F_PKEY_POLY1305_INIT, ERR_R_MALLOC_FAILURE); return 0; + } pctx->ktmp.type = V_ASN1_OCTET_STRING; EVP_PKEY_CTX_set_data(ctx, pctx); diff --git a/crypto/siphash/siphash_pmeth.c b/crypto/siphash/siphash_pmeth.c index ae16e55878..a5211f2e96 100644 --- a/crypto/siphash/siphash_pmeth.c +++ b/crypto/siphash/siphash_pmeth.c @@ -12,6 +12,7 @@ #include #include #include +#include #include "internal/siphash.h" #include "siphash_local.h" #include "internal/evp_int.h" @@ -27,9 +28,10 @@ static int pkey_siphash_init(EVP_PKEY_CTX *ctx) { SIPHASH_PKEY_CTX *pctx; - pctx = OPENSSL_zalloc(sizeof(*pctx)); - if (pctx == NULL) + if ((pctx = OPENSSL_zalloc(sizeof(*pctx))) == NULL) { + CRYPTOerr(CRYPTO_F_PKEY_SIPHASH_INIT, ERR_R_MALLOC_FAILURE); return 0; + } pctx->ktmp.type = V_ASN1_OCTET_STRING; EVP_PKEY_CTX_set_data(ctx, pctx); diff --git a/crypto/threads_none.c b/crypto/threads_none.c index 30ed4e6999..35c985b52c 100644 --- a/crypto/threads_none.c +++ b/crypto/threads_none.c @@ -14,9 +14,12 @@ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) { - CRYPTO_RWLOCK *lock = OPENSSL_zalloc(sizeof(unsigned int)); - if (lock == NULL) + CRYPTO_RWLOCK *lock; + + if ((lock = OPENSSL_zalloc(sizeof(unsigned int))) == NULL) { + /* Don't set error, to avoid recursion blowup. */ return NULL; + } *(unsigned int *)lock = 1; diff --git a/crypto/threads_pthread.c b/crypto/threads_pthread.c index 3aeef21668..a2c1707865 100644 --- a/crypto/threads_pthread.c +++ b/crypto/threads_pthread.c @@ -19,9 +19,12 @@ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) { # ifdef USE_RWLOCK - CRYPTO_RWLOCK *lock = OPENSSL_zalloc(sizeof(pthread_rwlock_t)); - if (lock == NULL) + CRYPTO_RWLOCK *lock; + + if ((lock = OPENSSL_zalloc(sizeof(pthread_rwlock_t))) == NULL) { + /* Don't set error, to avoid recursion blowup. */ return NULL; + } if (pthread_rwlock_init(lock, NULL) != 0) { OPENSSL_free(lock); @@ -29,9 +32,12 @@ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) } # else pthread_mutexattr_t attr; - CRYPTO_RWLOCK *lock = OPENSSL_zalloc(sizeof(pthread_mutex_t)); - if (lock == NULL) + CRYPTO_RWLOCK *lock; + + if ((lock = OPENSSL_zalloc(sizeof(pthread_mutex_t))) == NULL) { + /* Don't set error, to avoid recursion blowup. */ return NULL; + } pthread_mutexattr_init(&attr); pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE); diff --git a/crypto/threads_win.c b/crypto/threads_win.c index f222aa5d03..ad4f5e151b 100644 --- a/crypto/threads_win.c +++ b/crypto/threads_win.c @@ -17,9 +17,12 @@ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) { - CRYPTO_RWLOCK *lock = OPENSSL_zalloc(sizeof(CRITICAL_SECTION)); - if (lock == NULL) + CRYPTO_RWLOCK *lock; + + if ((lock = OPENSSL_zalloc(sizeof(CRITICAL_SECTION))) == NULL) { + /* Don't set error, to avoid recursion blowup. */ return NULL; + } /* 0x400 is the spin count value suggested in the documentation */ if (!InitializeCriticalSectionAndSpinCount(lock, 0x400)) { diff --git a/include/openssl/conferr.h b/include/openssl/conferr.h index e2317d8ebb..4574636b01 100644 --- a/include/openssl/conferr.h +++ b/include/openssl/conferr.h @@ -40,7 +40,7 @@ int ERR_load_CONF_strings(void); # define CONF_F_NCONF_LOAD_FP 114 # define CONF_F_NCONF_NEW 111 # define CONF_F_PROCESS_INCLUDE 116 -# define CONF_F_SSL_MODULE_INIT 122 +# define CONF_F_SSL_MODULE_INIT 123 # define CONF_F_STR_COPY 101 /* diff --git a/include/openssl/cryptoerr.h b/include/openssl/cryptoerr.h index 63f3f0fcae..85c1952a99 100644 --- a/include/openssl/cryptoerr.h +++ b/include/openssl/cryptoerr.h @@ -19,11 +19,14 @@ int ERR_load_CRYPTO_strings(void); /* * CRYPTO function codes. */ +# define CRYPTO_F_CMAC_CTX_NEW 120 # define CRYPTO_F_CRYPTO_DUP_EX_DATA 110 # define CRYPTO_F_CRYPTO_FREE_EX_DATA 111 # define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100 # define CRYPTO_F_CRYPTO_MEMDUP 115 # define CRYPTO_F_CRYPTO_NEW_EX_DATA 112 +# define CRYPTO_F_CRYPTO_OCB128_COPY_CTX 121 +# define CRYPTO_F_CRYPTO_OCB128_INIT 122 # define CRYPTO_F_CRYPTO_SET_EX_DATA 102 # define CRYPTO_F_FIPS_MODE_SET 109 # define CRYPTO_F_GET_AND_LOCK 113 @@ -32,6 +35,9 @@ int ERR_load_CRYPTO_strings(void); # define CRYPTO_F_OPENSSL_FOPEN 119 # define CRYPTO_F_OPENSSL_HEXSTR2BUF 118 # define CRYPTO_F_OPENSSL_INIT_CRYPTO 116 +# define CRYPTO_F_PKEY_HMAC_INIT 123 +# define CRYPTO_F_PKEY_POLY1305_INIT 124 +# define CRYPTO_F_PKEY_SIPHASH_INIT 125 /* * CRYPTO reason codes. -- GitLab