From b51bce942023325e727ca4225252d06c49d8f2b7 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Tue, 25 Aug 2015 13:25:58 -0400 Subject: [PATCH] Add and use OPENSSL_zalloc There are many places (nearly 50) where we malloc and then memset. Add an OPENSSL_zalloc routine to encapsulate that. (Missed one conversion; thanks Richard) Also fixes GH328 Reviewed-by: Richard Levitte --- crypto/asn1/ameth_lib.c | 5 ++--- crypto/asn1/tasn_new.c | 6 ++---- crypto/asn1/x_pkey.c | 3 +-- crypto/bio/bss_acpt.c | 4 +--- crypto/bio/bss_conn.c | 9 +-------- crypto/bio/bss_dgram.c | 19 ++++++------------- crypto/bn/bn_blind.c | 3 +-- crypto/comp/c_zlib.c | 4 +--- crypto/comp/comp_lib.c | 3 +-- crypto/dso/dso_lib.c | 3 +-- crypto/dso/dso_win32.c | 3 +-- crypto/ec/ecp_nistp224.c | 11 ++++------- crypto/ec/ecp_nistp521.c | 9 +++------ crypto/engine/eng_cryptodev.c | 3 +-- crypto/engine/eng_dyn.c | 3 +-- crypto/engine/eng_lib.c | 3 +-- crypto/evp/evp_enc.c | 3 +-- crypto/evp/pmeth_lib.c | 5 +---- crypto/mem.c | 15 +++++++++++---- crypto/pqueue/pqueue.c | 5 +---- crypto/rsa/rsa_lib.c | 2 +- crypto/rsa/rsa_pk1.c | 3 +-- crypto/sec_mem.c | 9 +++------ crypto/store/str_lib.c | 4 +--- crypto/store/str_mem.c | 3 +-- crypto/store/str_meth.c | 6 ++---- crypto/ts/ts_rsp_sign.c | 3 +-- crypto/ts/ts_verify_ctx.c | 6 ++---- crypto/ui/ui_lib.c | 6 ++---- crypto/x509/x509_vfy.c | 3 +-- crypto/x509/x509_vpm.c | 14 ++------------ crypto/x509v3/pcy_tree.c | 17 +++++------------ engines/ccgost/gost_pmeth.c | 6 ++---- include/openssl/crypto.h | 2 ++ ssl/bio_ssl.c | 3 +-- ssl/d1_both.c | 3 +-- ssl/d1_lib.c | 3 +-- ssl/s3_lib.c | 3 +-- ssl/ssl_cert.c | 7 ++----- ssl/ssl_ciph.c | 3 +-- ssl/ssl_lib.c | 10 ++-------- ssl/ssl_sess.c | 3 +-- test/ecdsatest.c | 4 +--- test/ssltest.c | 7 ++----- util/libeay.num | 1 + 45 files changed, 82 insertions(+), 168 deletions(-) diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index 8060c18b19..155de83aaa 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -283,12 +283,11 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(EVP_PKEY *pkey) EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, const char *pem_str, const char *info) { - EVP_PKEY_ASN1_METHOD *ameth; - ameth = OPENSSL_malloc(sizeof(*ameth)); + EVP_PKEY_ASN1_METHOD *ameth = OPENSSL_zalloc(sizeof(*ameth)); + if (!ameth) return NULL; - memset(ameth, 0, sizeof(*ameth)); ameth->pkey_id = id; ameth->pkey_base_id = id; ameth->pkey_flags = flags | ASN1_PKEY_DYNAMIC; diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c index f54bd9bcf1..e7ceda3c54 100644 --- a/crypto/asn1/tasn_new.c +++ b/crypto/asn1/tasn_new.c @@ -135,10 +135,9 @@ int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) return 1; } } - *pval = OPENSSL_malloc(it->size); + *pval = OPENSSL_zalloc(it->size); if (!*pval) goto memerr; - memset(*pval, 0, it->size); asn1_set_choice_selector(pval, -1, it); if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) goto auxerr; @@ -158,10 +157,9 @@ int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) return 1; } } - *pval = OPENSSL_malloc(it->size); + *pval = OPENSSL_zalloc(it->size); if (!*pval) goto memerr; - memset(*pval, 0, it->size); asn1_do_lock(pval, 0, it); asn1_enc_init(pval, it); for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { diff --git a/crypto/asn1/x_pkey.c b/crypto/asn1/x_pkey.c index afd3aab2d2..0710419596 100644 --- a/crypto/asn1/x_pkey.c +++ b/crypto/asn1/x_pkey.c @@ -66,10 +66,9 @@ X509_PKEY *X509_PKEY_new(void) { X509_PKEY *ret = NULL; - ret = OPENSSL_malloc(sizeof(*ret)); + ret = OPENSSL_zalloc(sizeof(*ret)); if (!ret) goto err; - memset(ret, 0, sizeof(*ret)); ret->version = 0; ret->enc_algor = X509_ALGOR_new(); diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c index 16a660800d..eba6e25714 100644 --- a/crypto/bio/bss_acpt.c +++ b/crypto/bio/bss_acpt.c @@ -137,10 +137,8 @@ static BIO_ACCEPT *BIO_ACCEPT_new(void) { BIO_ACCEPT *ret; - if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) + if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) return (NULL); - - memset(ret, 0, sizeof(*ret)); ret->accept_sock = INVALID_SOCKET; ret->bind_mode = BIO_BIND_NORMAL; return (ret); diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index f23adb217a..0733a29675 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -286,19 +286,12 @@ BIO_CONNECT *BIO_CONNECT_new(void) { BIO_CONNECT *ret; - if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) + if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) return (NULL); ret->state = BIO_CONN_S_BEFORE; ret->param_hostname = NULL; ret->param_port = NULL; ret->info_callback = NULL; - ret->nbio = 0; - ret->ip[0] = 0; - ret->ip[1] = 0; - ret->ip[2] = 0; - ret->ip[3] = 0; - ret->port = 0; - memset(&ret->them, 0, sizeof(ret->them)); return (ret); } diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index dabfea35c0..bbb9aca1c4 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -221,16 +221,13 @@ BIO *BIO_new_dgram(int fd, int close_flag) static int dgram_new(BIO *bi) { - bio_dgram_data *data = NULL; + bio_dgram_data *data = OPENSSL_zalloc(sizeof(*data)); - bi->init = 0; - bi->num = 0; - data = OPENSSL_malloc(sizeof(*data)); if (data == NULL) return 0; - memset(data, 0, sizeof(*data)); + bi->init = 0; + bi->num = 0; bi->ptr = data; - bi->flags = 0; return (1); } @@ -997,16 +994,13 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag) * connected socket won't use it. */ sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); - authchunks = OPENSSL_malloc(sockopt_len); + authchunks = OPENSSL_zalloc(sockopt_len); if (!authchunks) { BIO_vfree(bio); return (NULL); } - memset(authchunks, 0, sockopt_len); - ret = - getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, + ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, &sockopt_len); - if (ret < 0) { OPENSSL_free(authchunks); BIO_vfree(bio); @@ -1086,10 +1080,9 @@ static int dgram_sctp_new(BIO *bi) bi->init = 0; bi->num = 0; - data = OPENSSL_malloc(sizeof(*data)); + data = OPENSSL_zalloc(sizeof(*data)); if (data == NULL) return 0; - memset(data, 0, sizeof(*data)); # ifdef SCTP_PR_SCTP_NONE data->prinfo.pr_policy = SCTP_PR_SCTP_NONE; # endif diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c index 4ae6b09668..7ca13bb31e 100644 --- a/crypto/bn/bn_blind.c +++ b/crypto/bn/bn_blind.c @@ -137,11 +137,10 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) bn_check_top(mod); - if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) { + if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE); return (NULL); } - memset(ret, 0, sizeof(*ret)); if (A != NULL) { if ((ret->A = BN_dup(A)) == NULL) goto err; diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c index f0fc0aff9e..474751192a 100644 --- a/crypto/comp/c_zlib.c +++ b/crypto/comp/c_zlib.c @@ -91,9 +91,7 @@ static void *zlib_zalloc(void *opaque, unsigned int no, unsigned int size) { void *p; - p = OPENSSL_malloc(no * size); - if (p) - memset(p, 0, no * size); + p = OPENSSL_zalloc(no * size); return p; } diff --git a/crypto/comp/comp_lib.c b/crypto/comp/comp_lib.c index aa82376cdd..83fea93cb8 100644 --- a/crypto/comp/comp_lib.c +++ b/crypto/comp/comp_lib.c @@ -63,9 +63,8 @@ COMP_CTX *COMP_CTX_new(COMP_METHOD *meth) { COMP_CTX *ret; - if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) + if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) return (NULL); - memset(ret, 0, sizeof(*ret)); ret->meth = meth; if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { OPENSSL_free(ret); diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c index 12544b3a16..17d1732dfc 100644 --- a/crypto/dso/dso_lib.c +++ b/crypto/dso/dso_lib.c @@ -104,12 +104,11 @@ DSO *DSO_new_method(DSO_METHOD *meth) */ default_DSO_meth = DSO_METHOD_openssl(); } - ret = OPENSSL_malloc(sizeof(*ret)); + ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE); return (NULL); } - memset(ret, 0, sizeof(*ret)); ret->meth_data = sk_void_new_null(); if (ret->meth_data == NULL) { /* sk_new doesn't generate any errors so we do */ diff --git a/crypto/dso/dso_win32.c b/crypto/dso/dso_win32.c index 2da318f707..c6fec6625a 100644 --- a/crypto/dso/dso_win32.c +++ b/crypto/dso/dso_win32.c @@ -304,13 +304,12 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename, return (NULL); } - result = OPENSSL_malloc(sizeof(*result)); + result = OPENSSL_zalloc(sizeof(*result)); if (result == NULL) { DSOerr(DSO_F_WIN32_SPLITTER, ERR_R_MALLOC_FAILURE); return (NULL); } - memset(result, 0, sizeof(*result)); position = IN_DEVICE; if ((filename[0] == '\\' && filename[1] == '\\') diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index febfcab6f9..8b1deaae7b 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -1199,13 +1199,12 @@ static void batch_mul(felem x_out, felem y_out, felem z_out, static NISTP224_PRE_COMP *nistp224_pre_comp_new() { - NISTP224_PRE_COMP *ret = NULL; - ret = OPENSSL_malloc(sizeof(*ret)); + NISTP224_PRE_COMP *ret = OPENSSL_zalloc(sizeof(*ret)); + if (!ret) { ECerr(EC_F_NISTP224_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); return ret; } - memset(ret->g_pre_comp, 0, sizeof(ret->g_pre_comp)); ret->references = 1; return ret; } @@ -1457,8 +1456,8 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, */ mixed = 1; } - secrets = OPENSSL_malloc(sizeof(*secrets) * num_points); - pre_comp = OPENSSL_malloc(sizeof(*pre_comp) * num_points); + secrets = OPENSSL_zalloc(sizeof(*secrets) * num_points); + pre_comp = OPENSSL_zalloc(sizeof(*pre_comp) * num_points); if (mixed) tmp_felems = OPENSSL_malloc(sizeof(felem) * (num_points * 17 + 1)); @@ -1472,8 +1471,6 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, * we treat NULL scalars as 0, and NULL points as points at infinity, * i.e., they contribute nothing to the linear combination */ - memset(secrets, 0, sizeof(*secrets) * num_points); - memset(pre_comp, 0, sizeof(*pre_comp) * num_points); for (i = 0; i < num_points; ++i) { if (i == num) /* the generator */ diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index a5d7360bb9..febf5e94b7 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -1644,13 +1644,12 @@ const EC_METHOD *EC_GFp_nistp521_method(void) static NISTP521_PRE_COMP *nistp521_pre_comp_new() { - NISTP521_PRE_COMP *ret = OPENSSL_malloc(sizeof(*ret)); + NISTP521_PRE_COMP *ret = OPENSSL_zalloc(sizeof(*ret)); if (!ret) { ECerr(EC_F_NISTP521_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); return ret; } - memset(ret->g_pre_comp, 0, sizeof(ret->g_pre_comp)); ret->references = 1; return ret; } @@ -1902,8 +1901,8 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, */ mixed = 1; } - secrets = OPENSSL_malloc(sizeof(*secrets) * num_points); - pre_comp = OPENSSL_malloc(sizeof(*pre_comp) * num_points); + secrets = OPENSSL_zalloc(sizeof(*secrets) * num_points); + pre_comp = OPENSSL_zalloc(sizeof(*pre_comp) * num_points); if (mixed) tmp_felems = OPENSSL_malloc(sizeof(*tmp_felems) * (num_points * 17 + 1)); @@ -1917,8 +1916,6 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, * we treat NULL scalars as 0, and NULL points as points at infinity, * i.e., they contribute nothing to the linear combination */ - memset(secrets, 0, sizeof(*secrets) * num_points); - memset(pre_comp, 0, sizeof(*pre_comp) * num_points); for (i = 0; i < num_points; ++i) { if (i == num) /* diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c index 49a398964b..ca567dc67d 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c @@ -1020,10 +1020,9 @@ static int bn2crparam(const BIGNUM *a, struct crparam *crp) bits = BN_num_bits(a); bytes = BN_num_bytes(a); - b = OPENSSL_malloc(bytes); + b = OPENSSL_zalloc(bytes); if (b == NULL) return (1); - memset(b, 0, bytes); crp->crp_p = (caddr_t) b; crp->crp_nbits = bits; diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c index ae7d1d0fe8..777f44018b 100644 --- a/crypto/engine/eng_dyn.c +++ b/crypto/engine/eng_dyn.c @@ -202,13 +202,12 @@ static void dynamic_data_ctx_free_func(void *parent, void *ptr, */ static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx) { - dynamic_data_ctx *c = OPENSSL_malloc(sizeof(*c)); + dynamic_data_ctx *c = OPENSSL_zalloc(sizeof(*c)); if (!c) { ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE); return 0; } - memset(c, 0, sizeof(*c)); c->dynamic_dso = NULL; c->v_check = NULL; c->bind_engine = NULL; diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index c477c7efc5..a113ebc57c 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -66,12 +66,11 @@ ENGINE *ENGINE_new(void) { ENGINE *ret; - ret = OPENSSL_malloc(sizeof(*ret)); + ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE); return NULL; } - memset(ret, 0, sizeof(*ret)); ret->struct_ref = 1; engine_ref_debug(ret, 0, 1) CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data); diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 405cbb0c1b..7f55c4196b 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -158,12 +158,11 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ctx->cipher = cipher; if (ctx->cipher->ctx_size) { - ctx->cipher_data = OPENSSL_malloc(ctx->cipher->ctx_size); + ctx->cipher_data = OPENSSL_zalloc(ctx->cipher->ctx_size); if (!ctx->cipher_data) { EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE); return 0; } - memset(ctx->cipher_data, 0, ctx->cipher->ctx_size); } else { ctx->cipher_data = NULL; } diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 210c7fa988..f317471c6b 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -198,15 +198,12 @@ EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags) { EVP_PKEY_METHOD *pmeth; - pmeth = OPENSSL_malloc(sizeof(*pmeth)); + pmeth = OPENSSL_zalloc(sizeof(*pmeth)); if (!pmeth) return NULL; - memset(pmeth, 0, sizeof(*pmeth)); - pmeth->pkey_id = id; pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC; - pmeth->init = 0; pmeth->copy = 0; pmeth->cleanup = 0; diff --git a/crypto/mem.c b/crypto/mem.c index 8b9c8c3805..33a76d2d08 100644 --- a/crypto/mem.c +++ b/crypto/mem.c @@ -312,14 +312,21 @@ void *CRYPTO_malloc(int num, const char *file, int line) return ret; } +void *CRYPTO_zalloc(int num, const char *file, int line) +{ + void *ret = CRYPTO_malloc(num, file, line); + + if (ret != NULL) + memset(ret, 0, num); + return ret; +} + char *CRYPTO_strdup(const char *str, const char *file, int line) { char *ret = CRYPTO_malloc(strlen(str) + 1, file, line); - if (ret == NULL) - return NULL; - - strcpy(ret, str); + if (ret != NULL) + strcpy(ret, str); return ret; } diff --git a/crypto/pqueue/pqueue.c b/crypto/pqueue/pqueue.c index d10088e1f9..b6e19c7f52 100644 --- a/crypto/pqueue/pqueue.c +++ b/crypto/pqueue/pqueue.c @@ -87,11 +87,8 @@ void pitem_free(pitem *item) pqueue_s *pqueue_new() { - pqueue_s *pq = OPENSSL_malloc(sizeof(*pq)); - if (pq == NULL) - return NULL; + pqueue_s *pq = OPENSSL_zalloc(sizeof(*pq)); - memset(pq, 0, sizeof(*pq)); return pq; } diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index b28021ba88..f62fd73147 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -287,7 +287,7 @@ int RSA_memory_lock(RSA *r) j = 1; for (i = 0; i < 6; i++) j += bn_get_top(*t[i]); - if ((p = OPENSSL_malloc((off + j) * sizeof(BN_ULONG))) == NULL) { + if ((p = OPENSSL_malloc((off + j) * sizeof(*p))) == NULL) { RSAerr(RSA_F_RSA_MEMORY_LOCK, ERR_R_MALLOC_FAILURE); return (0); } diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c index 9a8145b8ce..8f8587a3ea 100644 --- a/crypto/rsa/rsa_pk1.c +++ b/crypto/rsa/rsa_pk1.c @@ -203,12 +203,11 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, if (num < 11) goto err; - em = OPENSSL_malloc(num); + em = OPENSSL_zalloc(num); if (em == NULL) { RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE); return -1; } - memset(em, 0, num); /* * Always do this zero-padding copy (even when num == flen) to avoid * leaking that information. The copy still leaks some side-channel diff --git a/crypto/sec_mem.c b/crypto/sec_mem.c index a630cbc82e..fbed8b49fc 100644 --- a/crypto/sec_mem.c +++ b/crypto/sec_mem.c @@ -314,23 +314,20 @@ static int sh_init(size_t size, int minsize) for (i = sh.bittable_size; i; i >>= 1) sh.freelist_size++; - sh.freelist = OPENSSL_malloc(sh.freelist_size * sizeof (char *)); + sh.freelist = OPENSSL_zalloc(sh.freelist_size * sizeof (char *)); OPENSSL_assert(sh.freelist != NULL); if (sh.freelist == NULL) goto err; - memset(sh.freelist, 0, sh.freelist_size * sizeof (char *)); - sh.bittable = OPENSSL_malloc(sh.bittable_size >> 3); + sh.bittable = OPENSSL_zalloc(sh.bittable_size >> 3); OPENSSL_assert(sh.bittable != NULL); if (sh.bittable == NULL) goto err; - memset(sh.bittable, 0, sh.bittable_size >> 3); - sh.bitmalloc = OPENSSL_malloc(sh.bittable_size >> 3); + sh.bitmalloc = OPENSSL_zalloc(sh.bittable_size >> 3); OPENSSL_assert(sh.bitmalloc != NULL); if (sh.bitmalloc == NULL) goto err; - memset(sh.bitmalloc, 0, sh.bittable_size >> 3); /* Allocate space for heap, and two extra pages as guards */ #ifdef _SC_PAGE_SIZE diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c index 3201da9536..55ca19da8a 100644 --- a/crypto/store/str_lib.c +++ b/crypto/store/str_lib.c @@ -1154,9 +1154,7 @@ int STORE_delete_arbitrary(STORE *s, OPENSSL_ITEM attributes[], STORE_OBJECT *STORE_OBJECT_new(void) { - STORE_OBJECT *object = OPENSSL_malloc(sizeof(*object)); - if (object) - memset(object, 0, sizeof(*object)); + STORE_OBJECT *object = OPENSSL_zalloc(sizeof(*object)); return object; } diff --git a/crypto/store/str_mem.c b/crypto/store/str_mem.c index b14e28908c..1736f7903f 100644 --- a/crypto/store/str_mem.c +++ b/crypto/store/str_mem.c @@ -244,7 +244,7 @@ static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { - struct mem_ctx_st *context = OPENSSL_malloc(sizeof(*context)); + struct mem_ctx_st *context = OPENSSL_zalloc(sizeof(*context)); void *attribute_context = NULL; STORE_ATTR_INFO *attrs = NULL; @@ -252,7 +252,6 @@ static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type, STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE); return 0; } - memset(context, 0, sizeof(*context)); attribute_context = STORE_parse_attrs_start(attributes); if (!attribute_context) { diff --git a/crypto/store/str_meth.c b/crypto/store/str_meth.c index 74878197f9..c030198841 100644 --- a/crypto/store/str_meth.c +++ b/crypto/store/str_meth.c @@ -63,12 +63,10 @@ STORE_METHOD *STORE_create_method(char *name) { - STORE_METHOD *store_method = OPENSSL_malloc(sizeof(*store_method)); + STORE_METHOD *store_method = OPENSSL_zalloc(sizeof(*store_method)); - if (store_method) { - memset(store_method, 0, sizeof(*store_method)); + if (store_method) store_method->name = BUF_strdup(name); - } return store_method; } diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index f0fc503aff..9cacec8713 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -169,11 +169,10 @@ TS_RESP_CTX *TS_RESP_CTX_new() { TS_RESP_CTX *ctx; - if ((ctx = OPENSSL_malloc(sizeof(*ctx))) == NULL) { + if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) { TSerr(TS_F_TS_RESP_CTX_NEW, ERR_R_MALLOC_FAILURE); return NULL; } - memset(ctx, 0, sizeof(*ctx)); /* Setting default callbacks. */ ctx->serial_cb = def_serial_cb; diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c index 7465e048c5..e23ae268f4 100644 --- a/crypto/ts/ts_verify_ctx.c +++ b/crypto/ts/ts_verify_ctx.c @@ -63,11 +63,9 @@ TS_VERIFY_CTX *TS_VERIFY_CTX_new(void) { - TS_VERIFY_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); + TS_VERIFY_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); - if (ctx) - memset(ctx, 0, sizeof(*ctx)); - else + if (!ctx) TSerr(TS_F_TS_VERIFY_CTX_NEW, ERR_R_MALLOC_FAILURE); return ctx; } diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c index 9ba844eacb..654d74fee8 100644 --- a/crypto/ui/ui_lib.c +++ b/crypto/ui/ui_lib.c @@ -582,12 +582,10 @@ const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth) UI_METHOD *UI_create_method(char *name) { - UI_METHOD *ui_method = OPENSSL_malloc(sizeof(*ui_method)); + UI_METHOD *ui_method = OPENSSL_zalloc(sizeof(*ui_method)); - if (ui_method) { - memset(ui_method, 0, sizeof(*ui_method)); + if (ui_method) ui_method->name = BUF_strdup(name); - } return ui_method; } diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 1376e4486b..bc48b8a334 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -2259,13 +2259,12 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, X509_STORE_CTX *X509_STORE_CTX_new(void) { - X509_STORE_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); + X509_STORE_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); if (!ctx) { X509err(X509_F_X509_STORE_CTX_NEW, ERR_R_MALLOC_FAILURE); return NULL; } - memset(ctx, 0, sizeof(*ctx)); return ctx; } diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index eedc2179a6..cf8784d5fb 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -162,24 +162,14 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) X509_VERIFY_PARAM *param; X509_VERIFY_PARAM_ID *paramid; - param = OPENSSL_malloc(sizeof(*param)); + param = OPENSSL_zalloc(sizeof(*param)); if (!param) return NULL; - memset(param, 0, sizeof(*param)); - - paramid = OPENSSL_malloc(sizeof(*paramid)); + param->id = paramid = OPENSSL_zalloc(sizeof(*paramid)); if (!paramid) { OPENSSL_free(param); return NULL; } - memset(paramid, 0, sizeof(*paramid)); - /* Exotic platforms may have non-zero bit representation of NULL */ - paramid->hosts = NULL; - paramid->peername = NULL; - paramid->email = NULL; - paramid->ip = NULL; - - param->id = paramid; x509_verify_param_zero(param); return param; } diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index 4b0ea15b6d..2a41903a72 100644 --- a/crypto/x509v3/pcy_tree.c +++ b/crypto/x509v3/pcy_tree.c @@ -217,25 +217,18 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, } /* If we get this far initialize the tree */ - tree = OPENSSL_malloc(sizeof(*tree)); - if (!tree) return 0; - - tree->flags = 0; - tree->levels = OPENSSL_malloc(sizeof(*tree->levels) * n); - tree->nlevel = 0; - tree->extra_data = NULL; - tree->auth_policies = NULL; - tree->user_policies = NULL; - + tree->levels = OPENSSL_zalloc(sizeof(*tree->levels) * n); if (!tree->levels) { OPENSSL_free(tree); return 0; } - - memset(tree->levels, 0, sizeof(*tree->levels) * n); + tree->flags = 0; + tree->extra_data = NULL; + tree->auth_policies = NULL; + tree->user_policies = NULL; tree->nlevel = n; level = tree->levels; diff --git a/engines/ccgost/gost_pmeth.c b/engines/ccgost/gost_pmeth.c index 0574d6eee4..e70e2979db 100644 --- a/engines/ccgost/gost_pmeth.c +++ b/engines/ccgost/gost_pmeth.c @@ -24,10 +24,9 @@ static int pkey_gost_init(EVP_PKEY_CTX *ctx) struct gost_pmeth_data *data; EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx); - data = OPENSSL_malloc(sizeof(*data)); + data = OPENSSL_zalloc(sizeof(*data)); if (!data) return 0; - memset(data, 0, sizeof(*data)); if (pkey && EVP_PKEY_get0(pkey)) { switch (EVP_PKEY_base_id(pkey)) { case NID_id_GostR3410_2001: @@ -309,11 +308,10 @@ static int pkey_gost_derive_init(EVP_PKEY_CTX *ctx) /* -------- PKEY_METHOD for GOST MAC algorithm --------------------*/ static int pkey_gost_mac_init(EVP_PKEY_CTX *ctx) { - struct gost_mac_pmeth_data *data = OPENSSL_malloc(sizeof(*data)); + struct gost_mac_pmeth_data *data = OPENSSL_zalloc(sizeof(*data)); if (!data) return 0; - memset(data, 0, sizeof(*data)); EVP_PKEY_CTX_set_data(ctx, data); return 1; } diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index f1ff0e02b9..56afc517b6 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -337,6 +337,7 @@ int CRYPTO_is_mem_check_on(void); # define is_MemCheck_on() CRYPTO_is_mem_check_on() # define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__) +# define OPENSSL_zalloc(num) CRYPTO_zalloc((int)num,__FILE__,__LINE__) # define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__) # define OPENSSL_realloc(addr,num) \ CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__) @@ -469,6 +470,7 @@ void CRYPTO_get_mem_debug_functions(void (**m) void (**so) (long), long (**go) (void)); void *CRYPTO_malloc(int num, const char *file, int line); +void *CRYPTO_zalloc(int num, const char *file, int line); char *CRYPTO_strdup(const char *str, const char *file, int line); void CRYPTO_free(void *ptr); void CRYPTO_clear_free(void *ptr, size_t num); diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c index aa6d623191..639b10556a 100644 --- a/ssl/bio_ssl.c +++ b/ssl/bio_ssl.c @@ -101,13 +101,12 @@ BIO_METHOD *BIO_f_ssl(void) static int ssl_new(BIO *bi) { - BIO_SSL *bs = OPENSSL_malloc(sizeof(*bs)); + BIO_SSL *bs = OPENSSL_zalloc(sizeof(*bs)); if (bs == NULL) { BIOerr(BIO_F_SSL_NEW, ERR_R_MALLOC_FAILURE); return (0); } - memset(bs, 0, sizeof(*bs)); bi->init = 0; bi->ptr = (char *)bs; bi->flags = 0; diff --git a/ssl/d1_both.c b/ssl/d1_both.c index d2f5defe14..52b7304af2 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -187,13 +187,12 @@ static hm_fragment *dtls1_hm_fragment_new(unsigned long frag_len, /* Initialize reassembly bitmask if necessary */ if (reassembly) { - bitmask = OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len)); + bitmask = OPENSSL_zalloc(RSMBLY_BITMASK_SIZE(frag_len)); if (bitmask == NULL) { OPENSSL_free(buf); OPENSSL_free(frag); return NULL; } - memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len)); } frag->reassembly = bitmask; diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index fc1887ab35..d3b582a98c 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -135,11 +135,10 @@ int dtls1_new(SSL *s) if (!ssl3_new(s)) return (0); - if ((d1 = OPENSSL_malloc(sizeof(*d1))) == NULL) { + if ((d1 = OPENSSL_zalloc(sizeof(*d1))) == NULL) { ssl3_free(s); return (0); } - memset(d1, 0, sizeof(*d1)); d1->buffered_messages = pqueue_new(); d1->sent_messages = pqueue_new(); diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 47d28e73ad..bb090efc48 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3836,9 +3836,8 @@ int ssl3_new(SSL *s) { SSL3_STATE *s3; - if ((s3 = OPENSSL_malloc(sizeof(*s3))) == NULL) + if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL) goto err; - memset(s3, 0, sizeof(*s3)); s->s3 = s3; #ifndef OPENSSL_NO_SRP diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 11839612f2..c3e2c2ed0a 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -167,13 +167,12 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void) CERT *ssl_cert_new(void) { - CERT *ret = OPENSSL_malloc(sizeof(*ret)); + CERT *ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE); return (NULL); } - memset(ret, 0, sizeof(*ret)); ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]); ret->references = 1; @@ -185,7 +184,7 @@ CERT *ssl_cert_new(void) CERT *ssl_cert_dup(CERT *cert) { - CERT *ret = OPENSSL_malloc(sizeof(*ret)); + CERT *ret = OPENSSL_zalloc(sizeof(*ret)); int i; if (ret == NULL) { @@ -193,8 +192,6 @@ CERT *ssl_cert_dup(CERT *cert) return (NULL); } - memset(ret, 0, sizeof(*ret)); - ret->key = &ret->pkeys[cert->key - cert->pkeys]; #ifndef OPENSSL_NO_RSA diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index c048fc2a8c..2dd2379819 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1038,12 +1038,11 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, curr = curr->next; } - number_uses = OPENSSL_malloc(sizeof(int) * (max_strength_bits + 1)); + number_uses = OPENSSL_zalloc(sizeof(int) * (max_strength_bits + 1)); if (!number_uses) { SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE); return (0); } - memset(number_uses, 0, sizeof(int) * (max_strength_bits + 1)); /* * Now find the strength_bits values actually used diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index fd1561e52d..b1d4771e9a 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -277,10 +277,9 @@ SSL *SSL_new(SSL_CTX *ctx) return (NULL); } - s = OPENSSL_malloc(sizeof(*s)); + s = OPENSSL_zalloc(sizeof(*s)); if (s == NULL) goto err; - memset(s, 0, sizeof(*s)); RECORD_LAYER_init(&s->rlayer, s); @@ -1684,14 +1683,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); goto err; } - ret = OPENSSL_malloc(sizeof(*ret)); + ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) goto err; - memset(ret, 0, sizeof(*ret)); - ret->method = meth; - ret->cert_store = NULL; ret->session_cache_mode = SSL_SESS_CACHE_SERVER; ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT; @@ -1706,8 +1702,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->get_session_cb = 0; ret->generate_session_id = 0; - memset(&ret->stats, 0, sizeof(ret->stats)); - ret->references = 1; ret->quiet_shutdown = 0; ret->info_callback = NULL; diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 69e6d7fea5..3e980bf5cb 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -193,12 +193,11 @@ SSL_SESSION *SSL_SESSION_new(void) { SSL_SESSION *ss; - ss = OPENSSL_malloc(sizeof(*ss)); + ss = OPENSSL_zalloc(sizeof(*ss)); if (ss == NULL) { SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE); return (0); } - memset(ss, 0, sizeof(*ss)); ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ ss->references = 1; diff --git a/test/ecdsatest.c b/test/ecdsatest.c index 377e2c5367..4b6d0444bf 100644 --- a/test/ecdsatest.c +++ b/test/ecdsatest.c @@ -440,10 +440,8 @@ int test_builtin(BIO *out) goto builtin_err; } buf_len = 2 * bn_len; - if ((raw_buf = OPENSSL_malloc(buf_len)) == NULL) + if ((raw_buf = OPENSSL_zalloc(buf_len)) == NULL) goto builtin_err; - /* Pad the bignums with leading zeroes. */ - memset(raw_buf, 0, buf_len); BN_bn2bin(ecdsa_sig->r, raw_buf + bn_len - r_len); BN_bn2bin(ecdsa_sig->s, raw_buf + buf_len - s_len); diff --git a/test/ssltest.c b/test/ssltest.c index 914419109d..adf1368020 100644 --- a/test/ssltest.c +++ b/test/ssltest.c @@ -2116,14 +2116,11 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) bufsiz = count > 40 * 1024 ? 40 * 1024 : count; - if ((cbuf = OPENSSL_malloc(bufsiz)) == NULL) + if ((cbuf = OPENSSL_zalloc(bufsiz)) == NULL) goto err; - if ((sbuf = OPENSSL_malloc(bufsiz)) == NULL) + if ((sbuf = OPENSSL_zalloc(bufsiz)) == NULL) goto err; - memset(cbuf, 0, bufsiz); - memset(sbuf, 0, bufsiz); - c_to_s = BIO_new(BIO_s_mem()); s_to_c = BIO_new(BIO_s_mem()); if ((s_to_c == NULL) || (c_to_s == NULL)) { diff --git a/util/libeay.num b/util/libeay.num index 0cf3cb7c22..6b27c9e9ed 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -4592,6 +4592,7 @@ X509_up_ref 4950 EXIST::FUNCTION: X509_REQ_get_version 4951 EXIST::FUNCTION: X509_REQ_get_subject_name 4952 EXIST::FUNCTION: X509_CRL_up_ref 4953 EXIST::FUNCTION: +CRYPTO_zalloc 4954 EXIST::FUNCTION: X509_get_extension_flags 4954 EXIST::FUNCTION: X509_get_extended_key_usage 4955 EXIST::FUNCTION: X509_get_key_usage 4956 EXIST::FUNCTION: -- 2.25.1