diff options
| author | Richard Levitte <levitte@openssl.org> | 2022-09-29 13:57:34 +0200 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2022-10-05 14:02:03 +0200 |
| commit | e077455e9e57ed4ee4676996b4a9aa11df6327a6 (patch) | |
| tree | edcb7412024f95fbc97c2c7a780f78ad05d586e3 /ssl/ssl_ciph.c | |
| parent | 9167a47f78159b0578bc032401ab1d66e14eecdb (diff) | |
Stop raising ERR_R_MALLOC_FAILURE in most places
Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,
there's no need to report ERR_R_MALLOC_FAILURE where they are called
directly, or when SSLfatal() and RLAYERfatal() is used, the reason
`ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`.
There were a number of places where `ERR_R_MALLOC_FAILURE` was reported
even though it was a function from a different sub-system that was
called. Those places are changed to report ERR_R_{lib}_LIB, where
{lib} is the name of that sub-system.
Some of them are tricky to get right, as we have a lot of functions
that belong in the ASN1 sub-system, and all the `sk_` calls or from
the CRYPTO sub-system.
Some extra adaptation was necessary where there were custom OPENSSL_malloc()
wrappers, and some bugs are fixed alongside these changes.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19301)
Diffstat (limited to 'ssl/ssl_ciph.c')
| -rw-r--r-- | ssl/ssl_ciph.c | 19 |
1 files changed, 5 insertions, 14 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 31d8acc102..2ffad7008c 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -965,10 +965,8 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, } number_uses = OPENSSL_zalloc(sizeof(int) * (max_strength_bits + 1)); - if (number_uses == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); + if (number_uses == NULL) return 0; - } /* * Now find the strength_bits values actually used @@ -1495,10 +1493,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, num_of_ciphers = ssl_method->num_ciphers(); co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers); - if (co_list == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); + if (co_list == NULL) return NULL; /* Failure */ - } ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mkey, disabled_auth, disabled_enc, @@ -1609,7 +1605,6 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx, ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max); if (ca_list == NULL) { OPENSSL_free(co_list); - ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); return NULL; /* Failure */ } ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, @@ -1711,10 +1706,8 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) if (buf == NULL) { len = 128; - if ((buf = OPENSSL_malloc(len)) == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); + if ((buf = OPENSSL_malloc(len)) == NULL) return NULL; - } } else if (len < 128) { return NULL; } @@ -2056,10 +2049,8 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) } comp = OPENSSL_malloc(sizeof(*comp)); - if (comp == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); + if (comp == NULL) return 1; - } comp->id = id; comp->method = cm; @@ -2071,7 +2062,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) } if (ssl_comp_methods == NULL || !sk_SSL_COMP_push(ssl_comp_methods, comp)) { OPENSSL_free(comp); - ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB); return 1; } return 0; |