diff options
| author | Richard Levitte <levitte@openssl.org> | 2022-09-29 13:57:34 +0200 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2022-10-05 14:02:03 +0200 |
| commit | e077455e9e57ed4ee4676996b4a9aa11df6327a6 (patch) | |
| tree | edcb7412024f95fbc97c2c7a780f78ad05d586e3 /ssl/statem | |
| parent | 9167a47f78159b0578bc032401ab1d66e14eecdb (diff) | |
Stop raising ERR_R_MALLOC_FAILURE in most places
Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and
at least handle the file name and line number they are called from,
there's no need to report ERR_R_MALLOC_FAILURE where they are called
directly, or when SSLfatal() and RLAYERfatal() is used, the reason
`ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`.
There were a number of places where `ERR_R_MALLOC_FAILURE` was reported
even though it was a function from a different sub-system that was
called. Those places are changed to report ERR_R_{lib}_LIB, where
{lib} is the name of that sub-system.
Some of them are tricky to get right, as we have a lot of functions
that belong in the ASN1 sub-system, and all the `sk_` calls or from
the CRYPTO sub-system.
Some extra adaptation was necessary where there were custom OPENSSL_malloc()
wrappers, and some bugs are fixed alongside these changes.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19301)
Diffstat (limited to 'ssl/statem')
| -rw-r--r-- | ssl/statem/extensions.c | 2 | ||||
| -rw-r--r-- | ssl/statem/extensions_clnt.c | 4 | ||||
| -rw-r--r-- | ssl/statem/extensions_srvr.c | 8 | ||||
| -rw-r--r-- | ssl/statem/statem_clnt.c | 37 | ||||
| -rw-r--r-- | ssl/statem/statem_dtls.c | 6 | ||||
| -rw-r--r-- | ssl/statem/statem_lib.c | 16 | ||||
| -rw-r--r-- | ssl/statem/statem_srvr.c | 34 |
7 files changed, 52 insertions, 55 deletions
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index ebb766db05..6dc21ad42f 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -589,7 +589,7 @@ int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet, num_exts = OSSL_NELEM(ext_defs) + (exts != NULL ? exts->meths_count : 0); raw_extensions = OPENSSL_zalloc(num_exts * sizeof(*raw_extensions)); if (raw_extensions == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); return 0; } diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 0695664c97..19f6561b17 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -1489,7 +1489,7 @@ int tls_parse_stoc_sct(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, s->ext.scts = OPENSSL_malloc(size); if (s->ext.scts == NULL) { s->ext.scts_len = 0; - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); return 0; } if (!PACKET_copy_bytes(pkt, s->ext.scts, size)) { @@ -1859,7 +1859,7 @@ int tls_parse_stoc_key_share(SSL_CONNECTION *s, PACKET *pkt, SSL_SESSION *new_sess; if ((new_sess = ssl_session_dup(s->session, 0)) == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_SSL_LIB); return 0; } SSL_SESSION_free(s->session); diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 413ee5a1dc..4f7321fd20 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -342,7 +342,7 @@ int tls_parse_ctos_status_request(SSL_CONNECTION *s, PACKET *pkt, if (PACKET_remaining(&responder_id_list) > 0) { s->ext.ocsp.ids = sk_OCSP_RESPID_new_null(); if (s->ext.ocsp.ids == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); return 0; } } else { @@ -732,7 +732,7 @@ int tls_parse_ctos_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, if (hctx == NULL || pkey == NULL) { EVP_MD_CTX_free(hctx); EVP_PKEY_free(pkey); - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); return 0; } @@ -1655,7 +1655,7 @@ EXT_RETURN tls_construct_stoc_key_share(SSL_CONNECTION *s, WPACKET *pkt, /* Regular KEX */ skey = ssl_generate_pkey(s, ckey); if (skey == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_SSL_LIB); return EXT_RETURN_FAIL; } @@ -1820,7 +1820,7 @@ EXT_RETURN tls_construct_stoc_cookie(SSL_CONNECTION *s, WPACKET *pkt, s->session_ctx->ext.cookie_hmac_key, sizeof(s->session_ctx->ext.cookie_hmac_key)); if (hctx == NULL || pkey == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 40bc5e88fa..d07c45879c 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1802,7 +1802,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL_CONNECTION *s, SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); if ((s->session->peer_chain = sk_X509_new_null()) == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); goto err; } @@ -1824,8 +1824,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL_CONNECTION *s, certstart = certbytes; x = X509_new_ex(sctx->libctx, sctx->propq); if (x == NULL) { - SSLfatal(s, SSL_AD_DECODE_ERROR, ERR_R_MALLOC_FAILURE); - ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_DECODE_ERROR, ERR_R_ASN1_LIB); goto err; } if (d2i_X509(&x, (const unsigned char **)&certbytes, @@ -1861,7 +1860,7 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL_CONNECTION *s, } if (!sk_X509_push(s->session->peer_chain, x)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); goto err; } x = NULL; @@ -2298,7 +2297,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL_CONNECTION *s, PACKET *pkt) md_ctx = EVP_MD_CTX_new(); if (md_ctx == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } @@ -2443,7 +2442,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL_CONNECTION *s, return MSG_PROCESS_ERROR; } if (!tls1_process_sigalgs(s)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_SSL_LIB); return MSG_PROCESS_ERROR; } } @@ -2527,7 +2526,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL_CONNECTION *s, * one */ if ((new_sess = ssl_session_dup(s->session, 0)) == 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_SSL_LIB); goto err; } @@ -2554,7 +2553,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL_CONNECTION *s, s->session->ext.tick = OPENSSL_malloc(ticklen); if (s->session->ext.tick == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); goto err; } if (!PACKET_copy_bytes(pkt, s->session->ext.tick, ticklen)) { @@ -2678,7 +2677,7 @@ int tls_process_cert_status_body(SSL_CONNECTION *s, PACKET *pkt) s->ext.ocsp.resp = OPENSSL_malloc(resplen); if (s->ext.ocsp.resp == NULL) { s->ext.ocsp.resp_len = 0; - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); return 0; } s->ext.ocsp.resp_len = resplen; @@ -2824,7 +2823,7 @@ static int tls_construct_cke_psk_preamble(SSL_CONNECTION *s, WPACKET *pkt) tmppsk = OPENSSL_memdup(psk, psklen); tmpidentity = OPENSSL_strdup(identity); if (tmppsk == NULL || tmpidentity == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); goto err; } @@ -2883,14 +2882,14 @@ static int tls_construct_cke_rsa(SSL_CONNECTION *s, WPACKET *pkt) pmslen = SSL_MAX_MASTER_KEY_LENGTH; pms = OPENSSL_malloc(pmslen); if (pms == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); return 0; } pms[0] = s->client_version >> 8; pms[1] = s->client_version & 0xff; if (RAND_bytes_ex(sctx->libctx, pms + 2, pmslen - 2, 0) <= 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_RAND_LIB); goto err; } @@ -3015,7 +3014,7 @@ static int tls_construct_cke_ecdhe(SSL_CONNECTION *s, WPACKET *pkt) ckey = ssl_generate_pkey(s, skey); if (ckey == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_SSL_LIB); goto err; } @@ -3076,7 +3075,7 @@ static int tls_construct_cke_gost(SSL_CONNECTION *s, WPACKET *pkt) X509_get0_pubkey(peer_cert), sctx->propq); if (pkey_ctx == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); return 0; } /* @@ -3089,7 +3088,7 @@ static int tls_construct_cke_gost(SSL_CONNECTION *s, WPACKET *pkt) pmslen = 32; pms = OPENSSL_malloc(pmslen); if (pms == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); goto err; } @@ -3221,7 +3220,7 @@ static int tls_construct_cke_gost18(SSL_CONNECTION *s, WPACKET *pkt) pmslen = 32; pms = OPENSSL_malloc(pmslen); if (pms == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); goto err; } @@ -3242,7 +3241,7 @@ static int tls_construct_cke_gost18(SSL_CONNECTION *s, WPACKET *pkt) X509_get0_pubkey(peer_cert), sctx->propq); if (pkey_ctx == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } @@ -3307,7 +3306,7 @@ static int tls_construct_cke_srp(SSL_CONNECTION *s, WPACKET *pkt) OPENSSL_free(s->session->srp_username); s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login); if (s->session->srp_username == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); return 0; } @@ -3389,7 +3388,7 @@ int tls_client_key_exchange_post_work(SSL_CONNECTION *s) #endif if (pms == NULL && !(s->s3.tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_PASSED_INVALID_ARGUMENT); goto err; } if (!ssl_generate_master_secret(s, pms, pmslen, 1)) { diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c index d83e7404cb..93c49011a2 100644 --- a/ssl/statem/statem_dtls.c +++ b/ssl/statem/statem_dtls.c @@ -61,14 +61,11 @@ static hm_fragment *dtls1_hm_fragment_new(size_t frag_len, int reassembly) unsigned char *buf = NULL; unsigned char *bitmask = NULL; - if ((frag = OPENSSL_malloc(sizeof(*frag))) == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); + if ((frag = OPENSSL_malloc(sizeof(*frag))) == NULL) return NULL; - } if (frag_len) { if ((buf = OPENSSL_malloc(frag_len)) == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); OPENSSL_free(frag); return NULL; } @@ -81,7 +78,6 @@ static hm_fragment *dtls1_hm_fragment_new(size_t frag_len, int reassembly) if (reassembly) { bitmask = OPENSSL_zalloc(RSMBLY_BITMASK_SIZE(frag_len)); if (bitmask == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); OPENSSL_free(buf); OPENSSL_free(frag); return NULL; diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 86b30b47da..07939ee960 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -294,7 +294,7 @@ CON_FUNC_RETURN tls_construct_cert_verify(SSL_CONNECTION *s, WPACKET *pkt) mctx = EVP_MD_CTX_new(); if (mctx == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } @@ -413,7 +413,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, PACKET *pkt) SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); if (mctx == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } @@ -501,10 +501,8 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, PACKET *pkt) if (pktype == NID_id_GostR3410_2001 || pktype == NID_id_GostR3410_2012_256 || pktype == NID_id_GostR3410_2012_512) { - if ((gost_data = OPENSSL_malloc(len)) == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + if ((gost_data = OPENSSL_malloc(len)) == NULL) goto err; - } BUF_reverse(gost_data, data, len); data = gost_data; } @@ -969,7 +967,7 @@ static int ssl_add_cert_chain(SSL_CONNECTION *s, WPACKET *pkt, CERT_PKEY *cpk) sctx->propq); if (xs_ctx == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_X509_LIB); return 0; } if (!X509_STORE_CTX_init(xs_ctx, chain_store, x, NULL)) { @@ -2310,7 +2308,7 @@ int parse_ca_names(SSL_CONNECTION *s, PACKET *pkt) PACKET cadns; if (ca_sk == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); goto err; } /* get the CA RDNs */ @@ -2340,7 +2338,7 @@ int parse_ca_names(SSL_CONNECTION *s, PACKET *pkt) } if (!sk_X509_NAME_push(ca_sk, xn)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); goto err; } xn = NULL; @@ -2418,7 +2416,7 @@ size_t construct_key_exchange_tbs(SSL_CONNECTION *s, unsigned char **ptbs, unsigned char *tbs = OPENSSL_malloc(tbslen); if (tbs == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); return 0; } memcpy(tbs, s->s3.client_random, SSL3_RANDOM_SIZE); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index e56ccfd553..bc4a6a362f 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2466,7 +2466,7 @@ CON_FUNC_RETURN tls_construct_server_key_exchange(SSL_CONNECTION *s, } if (md_ctx == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } @@ -2871,7 +2871,7 @@ static int tls_process_cke_psk_preamble(SSL_CONNECTION *s, PACKET *pkt) if (s->s3.tmp.psk == NULL) { s->s3.tmp.psklen = 0; - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); return 0; } @@ -2916,13 +2916,13 @@ static int tls_process_cke_rsa(SSL_CONNECTION *s, PACKET *pkt) outlen = SSL_MAX_MASTER_KEY_LENGTH; rsa_decrypt = OPENSSL_malloc(outlen); if (rsa_decrypt == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); return 0; } ctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, rsa, sctx->propq); if (ctx == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } @@ -3112,7 +3112,7 @@ static int tls_process_cke_srp(SSL_CONNECTION *s, PACKET *pkt) OPENSSL_free(s->session->srp_username); s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login); if (s->session->srp_username == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); return 0; } @@ -3162,7 +3162,7 @@ static int tls_process_cke_gost(SSL_CONNECTION *s, PACKET *pkt) pkey_ctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, pk, sctx->propq); if (pkey_ctx == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); return 0; } if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0) { @@ -3267,7 +3267,7 @@ static int tls_process_cke_gost18(SSL_CONNECTION *s, PACKET *pkt) pkey_ctx = EVP_PKEY_CTX_new_from_pkey(sctx->libctx, pk, sctx->propq); if (pkey_ctx == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); goto err; } if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0) { @@ -3467,7 +3467,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL_CONNECTION *s, s->rlayer.rrlmethod->set_plain_alerts(s->rlayer.rrl, 0); if ((sk = sk_X509_new_null()) == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); goto err; } @@ -3497,7 +3497,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL_CONNECTION *s, certstart = certbytes; x = X509_new_ex(sctx->libctx, sctx->propq); if (x == NULL) { - SSLfatal(s, SSL_AD_DECODE_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_DECODE_ERROR, ERR_R_X509_LIB); goto err; } if (d2i_X509(&x, (const unsigned char **)&certbytes, l) == NULL) { @@ -3531,7 +3531,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL_CONNECTION *s, } if (!sk_X509_push(sk, x)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); goto err; } x = NULL; @@ -3582,7 +3582,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL_CONNECTION *s, if (s->post_handshake_auth == SSL_PHA_REQUESTED) { if ((new_sess = ssl_session_dup(s->session, 0)) == 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_SSL_LIB); goto err; } @@ -3735,14 +3735,18 @@ static CON_FUNC_RETURN construct_stateless_ticket(SSL_CONNECTION *s, } senc = OPENSSL_malloc(slen_full); if (senc == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); goto err; } ctx = EVP_CIPHER_CTX_new(); + if (ctx == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); + goto err; + } hctx = ssl_hmac_new(tctx); - if (ctx == NULL || hctx == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + if (hctx == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_SSL_LIB); goto err; } @@ -4017,7 +4021,7 @@ CON_FUNC_RETURN tls_construct_new_session_ticket(SSL_CONNECTION *s, WPACKET *pkt OPENSSL_memdup(s->s3.alpn_selected, s->s3.alpn_selected_len); if (s->session->ext.alpn_selected == NULL) { s->session->ext.alpn_selected_len = 0; - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); goto err; } s->session->ext.alpn_selected_len = s->s3.alpn_selected_len; |