diff options
author | Richard Levitte <levitte@openssl.org> | 2022-09-29 13:57:34 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2022-10-05 14:02:03 +0200 |
commit | e077455e9e57ed4ee4676996b4a9aa11df6327a6 (patch) | |
tree | edcb7412024f95fbc97c2c7a780f78ad05d586e3 /ssl/s3_lib.c | |
parent | 9167a47f78159b0578bc032401ab1d66e14eecdb (diff) |
Stop raising ERR_R_MALLOC_FAILURE in most places
Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,
there's no need to report ERR_R_MALLOC_FAILURE where they are called
directly, or when SSLfatal() and RLAYERfatal() is used, the reason
`ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`.
There were a number of places where `ERR_R_MALLOC_FAILURE` was reported
even though it was a function from a different sub-system that was
called. Those places are changed to report ERR_R_{lib}_LIB, where
{lib} is the name of that sub-system.
Some of them are tricky to get right, as we have a lot of functions
that belong in the ASN1 sub-system, and all the `sk_` calls or from
the CRYPTO sub-system.
Some extra adaptation was necessary where there were custom OPENSSL_malloc()
wrappers, and some bugs are fixed alongside these changes.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19301)
Diffstat (limited to 'ssl/s3_lib.c')
-rw-r--r-- | ssl/s3_lib.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 126ac4c2bf..190f42cd0e 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3466,7 +3466,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) } pkdh = ssl_dh_to_pkey(parg); if (pkdh == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_SSL, ERR_R_DH_LIB); return 0; } if (!SSL_set0_tmp_dh_pkey(s, pkdh)) { @@ -3814,7 +3814,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) } pkdh = ssl_dh_to_pkey(parg); if (pkdh == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_SSL, ERR_R_DH_LIB); return 0; } if (!SSL_CTX_set0_tmp_dh_pkey(ctx, pkdh)) { @@ -3983,12 +3983,12 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) case SSL_CTRL_EXTRA_CHAIN_CERT: if (ctx->extra_certs == NULL) { if ((ctx->extra_certs = sk_X509_new_null()) == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB); return 0; } } if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) { - ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB); return 0; } break; @@ -4768,7 +4768,7 @@ EVP_PKEY *ssl_generate_pkey_group(SSL_CONNECTION *s, uint16_t id) sctx->propq); if (pctx == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } if (EVP_PKEY_keygen_init(pctx) <= 0) { @@ -4878,7 +4878,7 @@ int ssl_derive(SSL_CONNECTION *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gense pms = OPENSSL_malloc(pmslen); if (pms == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); goto err; } @@ -4930,7 +4930,7 @@ int ssl_decapsulate(SSL_CONNECTION *s, EVP_PKEY *privkey, pms = OPENSSL_malloc(pmslen); if (pms == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); goto err; } @@ -4983,7 +4983,7 @@ int ssl_encapsulate(SSL_CONNECTION *s, EVP_PKEY *pubkey, pms = OPENSSL_malloc(pmslen); ct = OPENSSL_malloc(ctlen); if (pms == NULL || ct == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); goto err; } |