root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

ssl: use array memory (re)allocation routines 

Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
This commit is contained in:
Eugene Syromiatnikov 2025-07-17 10:40:15 +02:00
parent a0a7cb8a37
commit f3663ff0cf
9 changed files with 68 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ssl/priority_queue.c
View File

@ -310,12 +310,12 @@ int ossl_pqueue_reserve(OSSL_PQUEUE *pq, size_t n)
return 0;
}
h = OPENSSL_realloc(pq->heap, new_max * sizeof(*pq->heap));
h = OPENSSL_realloc_array(pq->heap, new_max, sizeof(*pq->heap));
if (h == NULL)
return 0;
pq->heap = h;
e = OPENSSL_realloc(pq->elements, new_max * sizeof(*pq->elements));
e = OPENSSL_realloc_array(pq->elements, new_max, sizeof(*pq->elements));
if (e == NULL)
return 0;
pq->elements = e;
@ -339,8 +339,8 @@ OSSL_PQUEUE *ossl_pqueue_new(int (*compare)(const void *, const void *))
pq->hmax = min_nodes;
pq->htop = 0;
pq->freelist = 0;
pq->heap = OPENSSL_malloc(sizeof(*pq->heap) * min_nodes);
pq->elements = OPENSSL_malloc(sizeof(*pq->elements) * min_nodes);
pq->heap = OPENSSL_malloc_array(min_nodes, sizeof(*pq->heap));
pq->elements = OPENSSL_malloc_array(min_nodes, sizeof(*pq->elements));
if (pq->heap == NULL || pq->elements == NULL) {
ossl_pqueue_free(pq);
return NULL;

2
ssl/record/methods/tls_common.c
View File

@ -812,7 +812,7 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
}
if (mac_size > 0) {
macbufs = OPENSSL_zalloc(sizeof(*macbufs) * num_recs);
macbufs = OPENSSL_calloc(num_recs, sizeof(*macbufs));
if (macbufs == NULL) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
return OSSL_RECORD_RETURN_FATAL;

13
ssl/ssl_cert.c
View File

@ -74,7 +74,7 @@ CERT *ssl_cert_new(size_t ssl_pkey_num)
return NULL;
ret->ssl_pkey_num = ssl_pkey_num;
ret->pkeys = OPENSSL_zalloc(ret->ssl_pkey_num * sizeof(CERT_PKEY));
ret->pkeys = OPENSSL_calloc(ret->ssl_pkey_num, sizeof(CERT_PKEY));
if (ret->pkeys == NULL) {
OPENSSL_free(ret);
return NULL;
@ -105,7 +105,7 @@ CERT *ssl_cert_dup(CERT *cert)
return NULL;
ret->ssl_pkey_num = cert->ssl_pkey_num;
ret->pkeys = OPENSSL_zalloc(ret->ssl_pkey_num * sizeof(CERT_PKEY));
ret->pkeys = OPENSSL_calloc(ret->ssl_pkey_num, sizeof(CERT_PKEY));
if (ret->pkeys == NULL) {
OPENSSL_free(ret);
return NULL;
@ -170,8 +170,8 @@ CERT *ssl_cert_dup(CERT *cert)
/* Configured sigalgs copied across */
if (cert->conf_sigalgs) {
ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen
* sizeof(*cert->conf_sigalgs));
ret->conf_sigalgs = OPENSSL_malloc_array(cert->conf_sigalgslen,
sizeof(*cert->conf_sigalgs));
if (ret->conf_sigalgs == NULL)
goto err;
memcpy(ret->conf_sigalgs, cert->conf_sigalgs,
@ -181,8 +181,9 @@ CERT *ssl_cert_dup(CERT *cert)
ret->conf_sigalgs = NULL;
if (cert->client_sigalgs) {
ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen
* sizeof(*cert->client_sigalgs));
ret->client_sigalgs =
OPENSSL_malloc_array(cert->client_sigalgslen,
sizeof(*cert->client_sigalgs));
if (ret->client_sigalgs == NULL)
goto err;
memcpy(ret->client_sigalgs, cert->client_sigalgs,

6
ssl/ssl_ciph.c
View File

@ -948,7 +948,7 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
curr = curr->next;
}
number_uses = OPENSSL_zalloc(sizeof(int) * (max_strength_bits + 1));
number_uses = OPENSSL_calloc(max_strength_bits + 1, sizeof(int));
if (number_uses == NULL)
return 0;
@ -1475,7 +1475,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
num_of_ciphers = ssl_method->num_ciphers();
if (num_of_ciphers > 0) {
co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
co_list = OPENSSL_malloc_array(num_of_ciphers, sizeof(*co_list));
if (co_list == NULL)
return NULL; /* Failure */
}
@ -1586,7 +1586,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
*/
num_of_group_aliases = OSSL_NELEM(cipher_aliases);
num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
ca_list = OPENSSL_malloc_array(num_of_alias_max, sizeof(*ca_list));
if (ca_list == NULL) {
OPENSSL_free(co_list);
return NULL; /* Failure */

12
ssl/ssl_lib.c
View File

@ -124,8 +124,8 @@ static int dane_ctx_enable(struct dane_ctx_st *dctx)
if (dctx->mdevp != NULL)
return 1;
mdevp = OPENSSL_zalloc(n * sizeof(*mdevp));
mdord = OPENSSL_zalloc(n * sizeof(*mdord));
mdevp = OPENSSL_calloc(n, sizeof(*mdevp));
mdord = OPENSSL_calloc(n, sizeof(*mdord));
if (mdord == NULL || mdevp == NULL) {
OPENSSL_free(mdord);
@ -232,12 +232,12 @@ static int dane_mtype_set(struct dane_ctx_st *dctx,
uint8_t *mdord;
int n = ((int)mtype) + 1;
mdevp = OPENSSL_realloc(dctx->mdevp, n * sizeof(*mdevp));
mdevp = OPENSSL_realloc_array(dctx->mdevp, n, sizeof(*mdevp));
if (mdevp == NULL)
return -1;
dctx->mdevp = mdevp;
mdord = OPENSSL_realloc(dctx->mdord, n * sizeof(*mdord));
mdord = OPENSSL_realloc_array(dctx->mdord, n, sizeof(*mdord));
if (mdord == NULL)
return -1;
dctx->mdord = mdord;
@ -6899,7 +6899,7 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
*outlen = 0;
return 1;
}
if ((present = OPENSSL_malloc(sizeof(*present) * num)) == NULL)
if ((present = OPENSSL_malloc_array(num, sizeof(*present))) == NULL)
return 0;
for (i = 0; i < sc->clienthello->pre_proc_exts_len; i++) {
ext = sc->clienthello->pre_proc_exts + i;
@ -7145,7 +7145,7 @@ int ssl_cache_cipherlist(SSL_CONNECTION *s, PACKET *cipher_suites, int sslv2form
* slightly over allocate because we won't store those. But that isn't a
* problem.
*/
raw = OPENSSL_malloc(numciphers * TLS_CIPHER_LEN);
raw = OPENSSL_malloc_array(numciphers, TLS_CIPHER_LEN);
s->s3.tmp.ciphers_raw = raw;
if (raw == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);

2
ssl/statem/extensions.c
View File

@ -627,7 +627,7 @@ int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet,
custom_ext_init(&s->cert->custext);
num_exts = OSSL_NELEM(ext_defs) + (exts != NULL ? exts->meths_count : 0);
raw_extensions = OPENSSL_zalloc(num_exts * sizeof(*raw_extensions));
raw_extensions = OPENSSL_calloc(num_exts, sizeof(*raw_extensions));
if (raw_extensions == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB);
return 0;

17
ssl/statem/extensions_srvr.c
View File

@ -664,12 +664,14 @@ static KS_EXTRACTION_RESULT extract_keyshares(SSL_CONNECTION *s, PACKET *key_sha
unsigned int group_id = 0;
/* Prepare memory to hold the extracted key share groups and related pubkeys */
*keyshares_arr = OPENSSL_malloc(*keyshares_max * sizeof(**keyshares_arr));
*keyshares_arr = OPENSSL_malloc_array(*keyshares_max,
sizeof(**keyshares_arr));
if (*keyshares_arr == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto failure;
}
*encoded_pubkey_arr = OPENSSL_malloc(*keyshares_max * sizeof(**encoded_pubkey_arr));
*encoded_pubkey_arr = OPENSSL_malloc_array(*keyshares_max,
sizeof(**encoded_pubkey_arr));
if (*encoded_pubkey_arr == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto failure;
@ -750,16 +752,17 @@ static KS_EXTRACTION_RESULT extract_keyshares(SSL_CONNECTION *s, PACKET *key_sha
if (*keyshares_cnt == *keyshares_max) {
PACKET *tmp_pkt;
uint16_t *tmp =
OPENSSL_realloc(*keyshares_arr,
(*keyshares_max + GROUPLIST_INCREMENT) * sizeof(**keyshares_arr));
OPENSSL_realloc_array(*keyshares_arr,
*keyshares_max + GROUPLIST_INCREMENT,
sizeof(**keyshares_arr));
if (tmp == NULL)
goto failure;
*keyshares_arr = tmp;
tmp_pkt =
OPENSSL_realloc(*encoded_pubkey_arr,
(*keyshares_max + GROUPLIST_INCREMENT) *
sizeof(**encoded_pubkey_arr));
OPENSSL_realloc_array(*encoded_pubkey_arr,
*keyshares_max + GROUPLIST_INCREMENT,
sizeof(**encoded_pubkey_arr));
if (tmp_pkt == NULL)
goto failure;
*encoded_pubkey_arr = tmp_pkt;

2
ssl/statem/statem_clnt.c
View File

@ -2601,7 +2601,7 @@ MSG_PROCESS_RETURN tls_process_certificate_request(SSL_CONNECTION *s,
if (s->s3.tmp.valid_flags != NULL)
memset(s->s3.tmp.valid_flags, 0, s->ssl_pkey_num * sizeof(uint32_t));
else
s->s3.tmp.valid_flags = OPENSSL_zalloc(s->ssl_pkey_num * sizeof(uint32_t));
s->s3.tmp.valid_flags = OPENSSL_calloc(s->ssl_pkey_num, sizeof(uint32_t));
/* Give up for good if allocation didn't work */
if (s->s3.tmp.valid_flags == NULL)

67
ssl/t1_lib.c
View File

@ -239,13 +239,13 @@ static int add_provider_groups(const OSSL_PARAM params[], void *data)
TLS_GROUP_INFO *tmp = NULL;
if (ctx->group_list_max_len == 0)
tmp = OPENSSL_malloc(sizeof(TLS_GROUP_INFO)
* TLS_GROUP_LIST_MALLOC_BLOCK_SIZE);
tmp = OPENSSL_malloc_array(TLS_GROUP_LIST_MALLOC_BLOCK_SIZE,
sizeof(TLS_GROUP_INFO));
else
tmp = OPENSSL_realloc(ctx->group_list,
(ctx->group_list_max_len
+ TLS_GROUP_LIST_MALLOC_BLOCK_SIZE)
* sizeof(TLS_GROUP_INFO));
tmp = OPENSSL_realloc_array(ctx->group_list,
ctx->group_list_max_len
+ TLS_GROUP_LIST_MALLOC_BLOCK_SIZE,
sizeof(TLS_GROUP_INFO));
if (tmp == NULL)
return 0;
ctx->group_list = tmp;
@ -389,13 +389,13 @@ static int add_provider_sigalgs(const OSSL_PARAM params[], void *data)
TLS_SIGALG_INFO *tmp = NULL;
if (ctx->sigalg_list_max_len == 0)
tmp = OPENSSL_malloc(sizeof(TLS_SIGALG_INFO)
* TLS_SIGALG_LIST_MALLOC_BLOCK_SIZE);
tmp = OPENSSL_malloc_array(TLS_SIGALG_LIST_MALLOC_BLOCK_SIZE,
sizeof(TLS_SIGALG_INFO));
else
tmp = OPENSSL_realloc(ctx->sigalg_list,
(ctx->sigalg_list_max_len
+ TLS_SIGALG_LIST_MALLOC_BLOCK_SIZE)
* sizeof(TLS_SIGALG_INFO));
tmp = OPENSSL_realloc_array(ctx->sigalg_list,
ctx->sigalg_list_max_len
+ TLS_SIGALG_LIST_MALLOC_BLOCK_SIZE,
sizeof(TLS_SIGALG_INFO));
if (tmp == NULL)
return 0;
ctx->sigalg_list = tmp;
@ -688,7 +688,7 @@ int ssl_load_sigalgs(SSL_CTX *ctx)
/* now populate ctx->ssl_cert_info */
if (ctx->sigalg_list_len > 0) {
OPENSSL_free(ctx->ssl_cert_info);
ctx->ssl_cert_info = OPENSSL_zalloc(sizeof(lu) * ctx->sigalg_list_len);
ctx->ssl_cert_info = OPENSSL_calloc(ctx->sigalg_list_len, sizeof(lu));
if (ctx->ssl_cert_info == NULL)
return 0;
for(i = 0; i < ctx->sigalg_list_len; i++) {
@ -1099,11 +1099,11 @@ int tls1_set_groups(uint16_t **grpext, size_t *grpextlen,
ERR_raise(ERR_LIB_SSL, SSL_R_BAD_LENGTH);
return 0;
}
if ((glist = OPENSSL_malloc(ngroups * sizeof(*glist))) == NULL)
if ((glist = OPENSSL_malloc_array(ngroups, sizeof(*glist))) == NULL)
goto err;
if ((kslist = OPENSSL_malloc(1 * sizeof(*kslist))) == NULL)
if ((kslist = OPENSSL_malloc_array(1, sizeof(*kslist))) == NULL)
goto err;
if ((tpllist = OPENSSL_malloc(1 * sizeof(*tpllist))) == NULL)
if ((tpllist = OPENSSL_malloc_array(1, sizeof(*tpllist))) == NULL)
goto err;
for (i = 0; i < ngroups; i++) {
unsigned long idmask;
@ -1386,8 +1386,9 @@ static int gid_cb(const char *elem, int len, void *arg)
/* Memory management in case more groups are present compared to initial allocation */
if (garg->gidcnt == garg->gidmax) {
uint16_t *tmp =
OPENSSL_realloc(garg->gid_arr,
(garg->gidmax + GROUPLIST_INCREMENT) * sizeof(*garg->gid_arr));
OPENSSL_realloc_array(garg->gid_arr,
garg->gidmax + GROUPLIST_INCREMENT,
sizeof(*garg->gid_arr));
if (tmp == NULL)
return 0;
@ -1398,8 +1399,9 @@ static int gid_cb(const char *elem, int len, void *arg)
/* Memory management for key share groups */
if (garg->ksidcnt == garg->ksidmax) {
uint16_t *tmp =
OPENSSL_realloc(garg->ksid_arr,
(garg->ksidmax + GROUPLIST_INCREMENT) * sizeof(*garg->ksid_arr));
OPENSSL_realloc_array(garg->ksid_arr,
garg->ksidmax + GROUPLIST_INCREMENT,
sizeof(*garg->ksid_arr));
if (tmp == NULL)
return 0;
@ -1543,8 +1545,9 @@ static int tuple_cb(const char *tuple, int len, void *arg)
/* Memory management for tuples */
if (garg->tplcnt == garg->tplmax) {
size_t *tmp =
OPENSSL_realloc(garg->tuplcnt_arr,
(garg->tplmax + GROUPLIST_INCREMENT) * sizeof(*garg->tuplcnt_arr));
OPENSSL_realloc_array(garg->tuplcnt_arr,
garg->tplmax + GROUPLIST_INCREMENT,
sizeof(*garg->tuplcnt_arr));
if (tmp == NULL)
return 0;
@ -1612,14 +1615,14 @@ int tls1_set_groups_list(SSL_CTX *ctx,
gcb.ctx = ctx;
/* Prepare initial chunks of memory for groups, tuples and keyshares groupIDs */
gcb.gid_arr = OPENSSL_malloc(gcb.gidmax * sizeof(*gcb.gid_arr));
gcb.gid_arr = OPENSSL_malloc_array(gcb.gidmax, sizeof(*gcb.gid_arr));
if (gcb.gid_arr == NULL)
goto end;
gcb.tuplcnt_arr = OPENSSL_malloc(gcb.tplmax * sizeof(*gcb.tuplcnt_arr));
gcb.tuplcnt_arr = OPENSSL_malloc_array(gcb.tplmax, sizeof(*gcb.tuplcnt_arr));
if (gcb.tuplcnt_arr == NULL)
goto end;
gcb.tuplcnt_arr[0] = 0;
gcb.ksid_arr = OPENSSL_malloc(gcb.ksidmax * sizeof(*gcb.ksid_arr));
gcb.ksid_arr = OPENSSL_malloc_array(gcb.ksidmax, sizeof(*gcb.ksid_arr));
if (gcb.ksid_arr == NULL)
goto end;
@ -2194,11 +2197,11 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
sigalgs_len = OSSL_NELEM(sigalg_lookup_tbl) + ctx->sigalg_list_len;
cache = OPENSSL_zalloc(sizeof(const SIGALG_LOOKUP) * sigalgs_len);
cache = OPENSSL_calloc(sigalgs_len, sizeof(const SIGALG_LOOKUP));
if (cache == NULL || tmpkey == NULL)
goto err;
tls12_sigalgs_list = OPENSSL_zalloc(sizeof(uint16_t) * sigalgs_len);
tls12_sigalgs_list = OPENSSL_calloc(sigalgs_len, sizeof(uint16_t));
if (tls12_sigalgs_list == NULL)
goto err;
@ -2956,7 +2959,7 @@ int tls1_set_server_sigalgs(SSL_CONNECTION *s)
if (s->s3.tmp.valid_flags)
memset(s->s3.tmp.valid_flags, 0, s->ssl_pkey_num * sizeof(uint32_t));
else
s->s3.tmp.valid_flags = OPENSSL_zalloc(s->ssl_pkey_num * sizeof(uint32_t));
s->s3.tmp.valid_flags = OPENSSL_calloc(s->ssl_pkey_num, sizeof(uint32_t));
if (s->s3.tmp.valid_flags == NULL)
return 0;
/*
@ -3529,7 +3532,7 @@ static int tls1_set_shared_sigalgs(SSL_CONNECTION *s)
}
nmatch = tls12_shared_sigalgs(s, NULL, pref, preflen, allow, allowlen);
if (nmatch) {
if ((salgs = OPENSSL_malloc(nmatch * sizeof(*salgs))) == NULL)
if ((salgs = OPENSSL_malloc_array(nmatch, sizeof(*salgs))) == NULL)
return 0;
nmatch = tls12_shared_sigalgs(s, salgs, pref, preflen, allow, allowlen);
} else {
@ -3554,7 +3557,7 @@ int tls1_save_u16(PACKET *pkt, uint16_t **pdest, size_t *pdestlen)
size >>= 1;
if ((buf = OPENSSL_malloc(size * sizeof(*buf))) == NULL)
if ((buf = OPENSSL_malloc_array(size, sizeof(*buf))) == NULL)
return 0;
for (i = 0; i < size && PACKET_get_net_2(pkt, &stmp); i++)
buf[i] = stmp;
@ -3846,7 +3849,7 @@ int tls1_set_raw_sigalgs(CERT *c, const uint16_t *psigs, size_t salglen,
{
uint16_t *sigalgs;
if ((sigalgs = OPENSSL_malloc(salglen * sizeof(*sigalgs))) == NULL)
if ((sigalgs = OPENSSL_malloc_array(salglen, sizeof(*sigalgs))) == NULL)
return 0;
memcpy(sigalgs, psigs, salglen * sizeof(*sigalgs));
@ -3870,7 +3873,7 @@ int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen, int client)
if (salglen & 1)
return 0;
if ((sigalgs = OPENSSL_malloc((salglen / 2) * sizeof(*sigalgs))) == NULL)
if ((sigalgs = OPENSSL_malloc_array(salglen / 2, sizeof(*sigalgs))) == NULL)
return 0;
for (i = 0, sptr = sigalgs; i < salglen; i += 2) {
size_t j;