diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c index 8a90b436d..e896ead14 100644 --- a/crypto/asn1/tasn_new.c +++ b/crypto/asn1/tasn_new.c @@ -127,11 +127,10 @@ int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { return 1; } } - *pval = OPENSSL_malloc(it->size); + *pval = OPENSSL_zalloc(it->size); if (!*pval) { goto memerr; } - OPENSSL_memset(*pval, 0, it->size); asn1_set_choice_selector(pval, -1, it); if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) { goto auxerr2; @@ -151,11 +150,10 @@ int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { return 1; } } - *pval = OPENSSL_malloc(it->size); + *pval = OPENSSL_zalloc(it->size); if (!*pval) { goto memerr; } - OPENSSL_memset(*pval, 0, it->size); asn1_refcount_set_one(pval, it); asn1_enc_init(pval, it); for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { diff --git a/crypto/base64/base64.c b/crypto/base64/base64.c index d2b1e5840..666f83269 100644 --- a/crypto/base64/base64.c +++ b/crypto/base64/base64.c @@ -121,12 +121,7 @@ int EVP_EncodedLength(size_t *out_len, size_t len) { } EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void) { - EVP_ENCODE_CTX *ret = OPENSSL_malloc(sizeof(EVP_ENCODE_CTX)); - if (ret == NULL) { - return NULL; - } - OPENSSL_memset(ret, 0, sizeof(EVP_ENCODE_CTX)); - return ret; + return OPENSSL_zalloc(sizeof(EVP_ENCODE_CTX)); } void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx) { diff --git a/crypto/bio/bio.c b/crypto/bio/bio.c index b2d956387..ed2456071 100644 --- a/crypto/bio/bio.c +++ b/crypto/bio/bio.c @@ -70,12 +70,11 @@ BIO *BIO_new(const BIO_METHOD *method) { - BIO *ret = OPENSSL_malloc(sizeof(BIO)); + BIO *ret = OPENSSL_zalloc(sizeof(BIO)); if (ret == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(BIO)); ret->method = method; ret->shutdown = 1; ret->references = 1; @@ -640,11 +639,10 @@ int BIO_get_new_index(void) { } BIO_METHOD *BIO_meth_new(int type, const char *name) { - BIO_METHOD *method = OPENSSL_malloc(sizeof(BIO_METHOD)); + BIO_METHOD *method = OPENSSL_zalloc(sizeof(BIO_METHOD)); if (method == NULL) { return NULL; } - OPENSSL_memset(method, 0, sizeof(BIO_METHOD)); method->type = type; method->name = name; return method; diff --git a/crypto/bio/connect.c b/crypto/bio/connect.c index d48d14e91..900e659bd 100644 --- a/crypto/bio/connect.c +++ b/crypto/bio/connect.c @@ -296,13 +296,10 @@ end: } static BIO_CONNECT *BIO_CONNECT_new(void) { - BIO_CONNECT *ret = OPENSSL_malloc(sizeof(BIO_CONNECT)); - + BIO_CONNECT *ret = OPENSSL_zalloc(sizeof(BIO_CONNECT)); if (ret == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(BIO_CONNECT)); - ret->state = BIO_CONN_S_BEFORE; return ret; } diff --git a/crypto/bio/pair.c b/crypto/bio/pair.c index 40711cdf9..988b4cea0 100644 --- a/crypto/bio/pair.c +++ b/crypto/bio/pair.c @@ -81,13 +81,10 @@ struct bio_bio_st { }; static int bio_new(BIO *bio) { - struct bio_bio_st *b; - - b = OPENSSL_malloc(sizeof *b); + struct bio_bio_st *b = OPENSSL_zalloc(sizeof *b); if (b == NULL) { return 0; } - OPENSSL_memset(b, 0, sizeof(struct bio_bio_st)); b->size = 17 * 1024; // enough for one TLS record (just a default) bio->ptr = b; diff --git a/crypto/buf/buf.c b/crypto/buf/buf.c index 57bf34d4b..1fe8fe612 100644 --- a/crypto/buf/buf.c +++ b/crypto/buf/buf.c @@ -64,17 +64,7 @@ #include "../internal.h" -BUF_MEM *BUF_MEM_new(void) { - BUF_MEM *ret; - - ret = OPENSSL_malloc(sizeof(BUF_MEM)); - if (ret == NULL) { - return NULL; - } - - OPENSSL_memset(ret, 0, sizeof(BUF_MEM)); - return ret; -} +BUF_MEM *BUF_MEM_new(void) { return OPENSSL_zalloc(sizeof(BUF_MEM)); } void BUF_MEM_free(BUF_MEM *buf) { if (buf == NULL) { diff --git a/crypto/conf/conf.c b/crypto/conf/conf.c index ca950d628..024fa7448 100644 --- a/crypto/conf/conf.c +++ b/crypto/conf/conf.c @@ -118,14 +118,7 @@ CONF *NCONF_new(void *method) { return conf; } -CONF_VALUE *CONF_VALUE_new(void) { - CONF_VALUE *v = OPENSSL_malloc(sizeof(CONF_VALUE)); - if (!v) { - return NULL; - } - OPENSSL_memset(v, 0, sizeof(CONF_VALUE)); - return v; -} +CONF_VALUE *CONF_VALUE_new(void) { return OPENSSL_zalloc(sizeof(CONF_VALUE)); } static void value_free_contents(CONF_VALUE *value) { OPENSSL_free(value->section); diff --git a/crypto/curve25519/spake25519.c b/crypto/curve25519/spake25519.c index c45d15a58..adbf60d58 100644 --- a/crypto/curve25519/spake25519.c +++ b/crypto/curve25519/spake25519.c @@ -272,12 +272,11 @@ static const uint8_t kSpakeMSmallPrecomp[15 * 2 * 32] = { SPAKE2_CTX *SPAKE2_CTX_new(enum spake2_role_t my_role, const uint8_t *my_name, size_t my_name_len, const uint8_t *their_name, size_t their_name_len) { - SPAKE2_CTX *ctx = OPENSSL_malloc(sizeof(SPAKE2_CTX)); + SPAKE2_CTX *ctx = OPENSSL_zalloc(sizeof(SPAKE2_CTX)); if (ctx == NULL) { return NULL; } - OPENSSL_memset(ctx, 0, sizeof(SPAKE2_CTX)); ctx->my_role = my_role; CBS my_name_cbs, their_name_cbs; diff --git a/crypto/dsa/dsa.c b/crypto/dsa/dsa.c index 5eb789488..4583dc6f4 100644 --- a/crypto/dsa/dsa.c +++ b/crypto/dsa/dsa.c @@ -88,18 +88,14 @@ static int dsa_sign_setup(const DSA *dsa, BN_CTX *ctx_in, BIGNUM **out_kinv, static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT; DSA *DSA_new(void) { - DSA *dsa = OPENSSL_malloc(sizeof(DSA)); + DSA *dsa = OPENSSL_zalloc(sizeof(DSA)); if (dsa == NULL) { return NULL; } - OPENSSL_memset(dsa, 0, sizeof(DSA)); - dsa->references = 1; - CRYPTO_MUTEX_init(&dsa->method_mont_lock); CRYPTO_new_ex_data(&dsa->ex_data); - return dsa; } @@ -533,16 +529,7 @@ err: return ok; } -DSA_SIG *DSA_SIG_new(void) { - DSA_SIG *sig; - sig = OPENSSL_malloc(sizeof(DSA_SIG)); - if (!sig) { - return NULL; - } - sig->r = NULL; - sig->s = NULL; - return sig; -} +DSA_SIG *DSA_SIG_new(void) { return OPENSSL_zalloc(sizeof(DSA_SIG)); } void DSA_SIG_free(DSA_SIG *sig) { if (!sig) { diff --git a/crypto/engine/engine.c b/crypto/engine/engine.c index 973a57c80..831d46893 100644 --- a/crypto/engine/engine.c +++ b/crypto/engine/engine.c @@ -31,15 +31,7 @@ struct engine_st { ECDSA_METHOD *ecdsa_method; }; -ENGINE *ENGINE_new(void) { - ENGINE *engine = OPENSSL_malloc(sizeof(ENGINE)); - if (engine == NULL) { - return NULL; - } - - OPENSSL_memset(engine, 0, sizeof(ENGINE)); - return engine; -} +ENGINE *ENGINE_new(void) { return OPENSSL_zalloc(sizeof(ENGINE)); } int ENGINE_free(ENGINE *engine) { // Methods are currently required to be static so are not unref'ed. diff --git a/crypto/evp/evp.c b/crypto/evp/evp.c index 37b3631db..f3f3d7e55 100644 --- a/crypto/evp/evp.c +++ b/crypto/evp/evp.c @@ -81,17 +81,13 @@ OPENSSL_DECLARE_ERROR_REASON(EVP, NOT_XOF_OR_INVALID_LENGTH) OPENSSL_DECLARE_ERROR_REASON(EVP, EMPTY_PSK) EVP_PKEY *EVP_PKEY_new(void) { - EVP_PKEY *ret; - - ret = OPENSSL_malloc(sizeof(EVP_PKEY)); + EVP_PKEY *ret = OPENSSL_zalloc(sizeof(EVP_PKEY)); if (ret == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(EVP_PKEY)); ret->type = EVP_PKEY_NONE; ret->references = 1; - return ret; } diff --git a/crypto/evp/evp_ctx.c b/crypto/evp/evp_ctx.c index 771f13f00..ea2781f0a 100644 --- a/crypto/evp/evp_ctx.c +++ b/crypto/evp/evp_ctx.c @@ -86,11 +86,10 @@ static const EVP_PKEY_METHOD *evp_pkey_meth_find(int type) { static EVP_PKEY_CTX *evp_pkey_ctx_new(EVP_PKEY *pkey, ENGINE *e, const EVP_PKEY_METHOD *pmeth) { - EVP_PKEY_CTX *ret = OPENSSL_malloc(sizeof(EVP_PKEY_CTX)); + EVP_PKEY_CTX *ret = OPENSSL_zalloc(sizeof(EVP_PKEY_CTX)); if (!ret) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(EVP_PKEY_CTX)); ret->engine = e; ret->pmeth = pmeth; @@ -156,13 +155,11 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx) { return NULL; } - EVP_PKEY_CTX *ret = OPENSSL_malloc(sizeof(EVP_PKEY_CTX)); + EVP_PKEY_CTX *ret = OPENSSL_zalloc(sizeof(EVP_PKEY_CTX)); if (!ret) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(EVP_PKEY_CTX)); - ret->pmeth = ctx->pmeth; ret->engine = ctx->engine; ret->operation = ctx->operation; diff --git a/crypto/evp/p_ec.c b/crypto/evp/p_ec.c index ed89cc380..0e4349f05 100644 --- a/crypto/evp/p_ec.c +++ b/crypto/evp/p_ec.c @@ -80,15 +80,12 @@ typedef struct { static int pkey_ec_init(EVP_PKEY_CTX *ctx) { - EC_PKEY_CTX *dctx; - dctx = OPENSSL_malloc(sizeof(EC_PKEY_CTX)); + EC_PKEY_CTX *dctx = OPENSSL_zalloc(sizeof(EC_PKEY_CTX)); if (!dctx) { return 0; } - OPENSSL_memset(dctx, 0, sizeof(EC_PKEY_CTX)); ctx->data = dctx; - return 1; } diff --git a/crypto/evp/p_hkdf.c b/crypto/evp/p_hkdf.c index 0d7ede82c..d9cbfc7cf 100644 --- a/crypto/evp/p_hkdf.c +++ b/crypto/evp/p_hkdf.c @@ -35,12 +35,11 @@ typedef struct { } HKDF_PKEY_CTX; static int pkey_hkdf_init(EVP_PKEY_CTX *ctx) { - HKDF_PKEY_CTX *hctx = OPENSSL_malloc(sizeof(HKDF_PKEY_CTX)); + HKDF_PKEY_CTX *hctx = OPENSSL_zalloc(sizeof(HKDF_PKEY_CTX)); if (hctx == NULL) { return 0; } - OPENSSL_memset(hctx, 0, sizeof(HKDF_PKEY_CTX)); if (!CBB_init(&hctx->info, 0)) { OPENSSL_free(hctx); return 0; diff --git a/crypto/evp/p_rsa.c b/crypto/evp/p_rsa.c index 15eb1efbd..3bdd85d68 100644 --- a/crypto/evp/p_rsa.c +++ b/crypto/evp/p_rsa.c @@ -97,12 +97,10 @@ typedef struct { } RSA_OAEP_LABEL_PARAMS; static int pkey_rsa_init(EVP_PKEY_CTX *ctx) { - RSA_PKEY_CTX *rctx; - rctx = OPENSSL_malloc(sizeof(RSA_PKEY_CTX)); + RSA_PKEY_CTX *rctx = OPENSSL_zalloc(sizeof(RSA_PKEY_CTX)); if (!rctx) { return 0; } - OPENSSL_memset(rctx, 0, sizeof(RSA_PKEY_CTX)); rctx->nbits = 2048; rctx->pad_mode = RSA_PKCS1_PADDING; diff --git a/crypto/fipsmodule/bn/prime.c b/crypto/fipsmodule/bn/prime.c index 2d2ab6937..fb3076831 100644 --- a/crypto/fipsmodule/bn/prime.c +++ b/crypto/fipsmodule/bn/prime.c @@ -359,14 +359,7 @@ static int probable_prime_dh(BIGNUM *rnd, int bits, const BIGNUM *add, static int probable_prime_dh_safe(BIGNUM *rnd, int bits, const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); -BN_GENCB *BN_GENCB_new(void) { - BN_GENCB *callback = OPENSSL_malloc(sizeof(BN_GENCB)); - if (callback == NULL) { - return NULL; - } - OPENSSL_memset(callback, 0, sizeof(BN_GENCB)); - return callback; -} +BN_GENCB *BN_GENCB_new(void) { return OPENSSL_zalloc(sizeof(BN_GENCB)); } void BN_GENCB_free(BN_GENCB *callback) { OPENSSL_free(callback); } diff --git a/crypto/fipsmodule/cipher/cipher.c b/crypto/fipsmodule/cipher/cipher.c index bff7996a5..7ce3c20c2 100644 --- a/crypto/fipsmodule/cipher/cipher.c +++ b/crypto/fipsmodule/cipher/cipher.c @@ -113,12 +113,11 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) { OPENSSL_memcpy(out, in, sizeof(EVP_CIPHER_CTX)); if (in->cipher_data && in->cipher->ctx_size) { - out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size); + out->cipher_data = OPENSSL_memdup(in->cipher_data, in->cipher->ctx_size); if (!out->cipher_data) { out->cipher = NULL; return 0; } - OPENSSL_memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size); } if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) { diff --git a/crypto/fipsmodule/dh/dh.c b/crypto/fipsmodule/dh/dh.c index a20b6d11d..d57b0935f 100644 --- a/crypto/fipsmodule/dh/dh.c +++ b/crypto/fipsmodule/dh/dh.c @@ -71,17 +71,13 @@ DH *DH_new(void) { - DH *dh = OPENSSL_malloc(sizeof(DH)); + DH *dh = OPENSSL_zalloc(sizeof(DH)); if (dh == NULL) { return NULL; } - OPENSSL_memset(dh, 0, sizeof(DH)); - CRYPTO_MUTEX_init(&dh->method_mont_p_lock); - dh->references = 1; - return dh; } diff --git a/crypto/fipsmodule/ec/ec.c b/crypto/fipsmodule/ec/ec.c index 00587a1f2..0ae566a9a 100644 --- a/crypto/fipsmodule/ec/ec.c +++ b/crypto/fipsmodule/ec/ec.c @@ -250,11 +250,10 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, goto err; } - ret = OPENSSL_malloc(sizeof(EC_GROUP)); + ret = OPENSSL_zalloc(sizeof(EC_GROUP)); if (ret == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(EC_GROUP)); ret->references = 1; ret->meth = EC_GFp_mont_method(); bn_mont_ctx_init(&ret->field); diff --git a/crypto/fipsmodule/ec/ec_key.c b/crypto/fipsmodule/ec/ec_key.c index 90a4404cd..a48671a2b 100644 --- a/crypto/fipsmodule/ec/ec_key.c +++ b/crypto/fipsmodule/ec/ec_key.c @@ -86,12 +86,11 @@ DEFINE_STATIC_EX_DATA_CLASS(g_ec_ex_data_class) static EC_WRAPPED_SCALAR *ec_wrapped_scalar_new(const EC_GROUP *group) { - EC_WRAPPED_SCALAR *wrapped = OPENSSL_malloc(sizeof(EC_WRAPPED_SCALAR)); + EC_WRAPPED_SCALAR *wrapped = OPENSSL_zalloc(sizeof(EC_WRAPPED_SCALAR)); if (wrapped == NULL) { return NULL; } - OPENSSL_memset(wrapped, 0, sizeof(EC_WRAPPED_SCALAR)); wrapped->bignum.d = wrapped->scalar.words; wrapped->bignum.width = group->order.N.width; wrapped->bignum.dmax = group->order.N.width; @@ -106,13 +105,11 @@ static void ec_wrapped_scalar_free(EC_WRAPPED_SCALAR *scalar) { EC_KEY *EC_KEY_new(void) { return EC_KEY_new_method(NULL); } EC_KEY *EC_KEY_new_method(const ENGINE *engine) { - EC_KEY *ret = OPENSSL_malloc(sizeof(EC_KEY)); + EC_KEY *ret = OPENSSL_zalloc(sizeof(EC_KEY)); if (ret == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(EC_KEY)); - if (engine) { ret->ecdsa_meth = ENGINE_get_ECDSA_method(engine); } diff --git a/crypto/fipsmodule/rsa/blinding.c b/crypto/fipsmodule/rsa/blinding.c index c4cfcc231..8838ad8fa 100644 --- a/crypto/fipsmodule/rsa/blinding.c +++ b/crypto/fipsmodule/rsa/blinding.c @@ -130,11 +130,10 @@ static int bn_blinding_create_param(BN_BLINDING *b, const BIGNUM *e, const BN_MONT_CTX *mont, BN_CTX *ctx); BN_BLINDING *BN_BLINDING_new(void) { - BN_BLINDING *ret = OPENSSL_malloc(sizeof(BN_BLINDING)); + BN_BLINDING *ret = OPENSSL_zalloc(sizeof(BN_BLINDING)); if (ret == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(BN_BLINDING)); ret->A = BN_new(); if (ret->A == NULL) { diff --git a/crypto/fipsmodule/rsa/rsa.c b/crypto/fipsmodule/rsa/rsa.c index 77ab6c6e7..8babba182 100644 --- a/crypto/fipsmodule/rsa/rsa.c +++ b/crypto/fipsmodule/rsa/rsa.c @@ -206,13 +206,11 @@ RSA *RSA_new_private_key_large_e(const BIGNUM *n, const BIGNUM *e, RSA *RSA_new(void) { return RSA_new_method(NULL); } RSA *RSA_new_method(const ENGINE *engine) { - RSA *rsa = OPENSSL_malloc(sizeof(RSA)); + RSA *rsa = OPENSSL_zalloc(sizeof(RSA)); if (rsa == NULL) { return NULL; } - OPENSSL_memset(rsa, 0, sizeof(RSA)); - if (engine) { rsa->meth = ENGINE_get_RSA_method(engine); } diff --git a/crypto/fipsmodule/self_check/fips.c b/crypto/fipsmodule/self_check/fips.c index ce0395764..c3515ea9e 100644 --- a/crypto/fipsmodule/self_check/fips.c +++ b/crypto/fipsmodule/self_check/fips.c @@ -94,12 +94,11 @@ void boringssl_fips_inc_counter(enum fips_counter_t counter) { CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_FIPS_COUNTERS); if (!array) { const size_t num_bytes = sizeof(size_t) * (fips_counter_max + 1); - array = OPENSSL_malloc(num_bytes); + array = OPENSSL_zalloc(num_bytes); if (!array) { return; } - OPENSSL_memset(array, 0, num_bytes); if (!CRYPTO_set_thread_local(OPENSSL_THREAD_LOCAL_FIPS_COUNTERS, array, OPENSSL_free)) { // |OPENSSL_free| has already been called by |CRYPTO_set_thread_local|. diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c index 4a95a2e67..8e20c88d4 100644 --- a/crypto/lhash/lhash.c +++ b/crypto/lhash/lhash.c @@ -104,19 +104,17 @@ struct lhash_st { }; _LHASH *OPENSSL_lh_new(lhash_hash_func hash, lhash_cmp_func comp) { - _LHASH *ret = OPENSSL_malloc(sizeof(_LHASH)); + _LHASH *ret = OPENSSL_zalloc(sizeof(_LHASH)); if (ret == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(_LHASH)); ret->num_buckets = kMinNumBuckets; - ret->buckets = OPENSSL_malloc(sizeof(LHASH_ITEM *) * ret->num_buckets); + ret->buckets = OPENSSL_zalloc(sizeof(LHASH_ITEM *) * ret->num_buckets); if (ret->buckets == NULL) { OPENSSL_free(ret); return NULL; } - OPENSSL_memset(ret->buckets, 0, sizeof(LHASH_ITEM *) * ret->num_buckets); ret->comp = comp; ret->hash = hash; @@ -214,11 +212,10 @@ static void lh_rebucket(_LHASH *lh, const size_t new_num_buckets) { return; } - new_buckets = OPENSSL_malloc(alloc_size); + new_buckets = OPENSSL_zalloc(alloc_size); if (new_buckets == NULL) { return; } - OPENSSL_memset(new_buckets, 0, alloc_size); for (i = 0; i < lh->num_buckets; i++) { for (cur = lh->buckets[i]; cur != NULL; cur = next) { diff --git a/crypto/mem.c b/crypto/mem.c index 89832fce5..b17267fc3 100644 --- a/crypto/mem.c +++ b/crypto/mem.c @@ -267,6 +267,14 @@ void *OPENSSL_malloc(size_t size) { return NULL; } +void *OPENSSL_zalloc(size_t size) { + void *ret = OPENSSL_malloc(size); + if (ret != NULL) { + OPENSSL_memset(ret, 0, size); + } + return ret; +} + void OPENSSL_free(void *orig_ptr) { if (orig_ptr == NULL) { return; diff --git a/crypto/obj/obj.c b/crypto/obj/obj.c index 9be373057..651993365 100644 --- a/crypto/obj/obj.c +++ b/crypto/obj/obj.c @@ -115,16 +115,12 @@ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) { } r->ln = r->sn = NULL; - data = OPENSSL_malloc(o->length); - if (data == NULL) { + // once data is attached to an object, it remains const + r->data = OPENSSL_memdup(o->data, o->length); + if (o->length != 0 && r->data == NULL) { goto err; } - if (o->data != NULL) { - OPENSSL_memcpy(data, o->data, o->length); - } - // once data is attached to an object, it remains const - r->data = data; r->length = o->length; r->nid = o->nid; diff --git a/crypto/pkcs7/pkcs7_x509.c b/crypto/pkcs7/pkcs7_x509.c index fd71bd7b3..7b10f6f23 100644 --- a/crypto/pkcs7/pkcs7_x509.c +++ b/crypto/pkcs7/pkcs7_x509.c @@ -237,11 +237,10 @@ int PKCS7_bundle_CRLs(CBB *out, const STACK_OF(X509_CRL) *crls) { } static PKCS7 *pkcs7_new(CBS *cbs) { - PKCS7 *ret = OPENSSL_malloc(sizeof(PKCS7)); + PKCS7 *ret = OPENSSL_zalloc(sizeof(PKCS7)); if (ret == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(PKCS7)); ret->type = OBJ_nid2obj(NID_pkcs7_signed); ret->d.sign = OPENSSL_malloc(sizeof(PKCS7_SIGNED)); if (ret->d.sign == NULL) { @@ -326,11 +325,10 @@ int i2d_PKCS7(const PKCS7 *p7, uint8_t **out) { } if (*out == NULL) { - *out = OPENSSL_malloc(p7->ber_len); + *out = OPENSSL_memdup(p7->ber_bytes, p7->ber_len); if (*out == NULL) { return -1; } - OPENSSL_memcpy(*out, p7->ber_bytes, p7->ber_len); } else { OPENSSL_memcpy(*out, p7->ber_bytes, p7->ber_len); *out += p7->ber_len; diff --git a/crypto/pkcs8/pkcs8_x509.c b/crypto/pkcs8/pkcs8_x509.c index 92bdb9d17..2d0bf088a 100644 --- a/crypto/pkcs8/pkcs8_x509.c +++ b/crypto/pkcs8/pkcs8_x509.c @@ -741,26 +741,22 @@ struct pkcs12_st { PKCS12 *d2i_PKCS12(PKCS12 **out_p12, const uint8_t **ber_bytes, size_t ber_len) { - PKCS12 *p12; - - p12 = OPENSSL_malloc(sizeof(PKCS12)); + PKCS12 *p12 = OPENSSL_malloc(sizeof(PKCS12)); if (!p12) { return NULL; } - p12->ber_bytes = OPENSSL_malloc(ber_len); + p12->ber_bytes = OPENSSL_memdup(*ber_bytes, ber_len); if (!p12->ber_bytes) { OPENSSL_free(p12); return NULL; } - OPENSSL_memcpy(p12->ber_bytes, *ber_bytes, ber_len); p12->ber_len = ber_len; *ber_bytes += ber_len; if (out_p12) { PKCS12_free(*out_p12); - *out_p12 = p12; } @@ -843,11 +839,10 @@ int i2d_PKCS12(const PKCS12 *p12, uint8_t **out) { } if (*out == NULL) { - *out = OPENSSL_malloc(p12->ber_len); + *out = OPENSSL_memdup(p12->ber_bytes, p12->ber_len); if (*out == NULL) { return -1; } - OPENSSL_memcpy(*out, p12->ber_bytes, p12->ber_len); } else { OPENSSL_memcpy(*out, p12->ber_bytes, p12->ber_len); *out += p12->ber_len; diff --git a/crypto/pool/pool.c b/crypto/pool/pool.c index e889f521d..fc048409e 100644 --- a/crypto/pool/pool.c +++ b/crypto/pool/pool.c @@ -42,12 +42,11 @@ static int CRYPTO_BUFFER_cmp(const CRYPTO_BUFFER *a, const CRYPTO_BUFFER *b) { } CRYPTO_BUFFER_POOL* CRYPTO_BUFFER_POOL_new(void) { - CRYPTO_BUFFER_POOL *pool = OPENSSL_malloc(sizeof(CRYPTO_BUFFER_POOL)); + CRYPTO_BUFFER_POOL *pool = OPENSSL_zalloc(sizeof(CRYPTO_BUFFER_POOL)); if (pool == NULL) { return NULL; } - OPENSSL_memset(pool, 0, sizeof(CRYPTO_BUFFER_POOL)); pool->bufs = lh_CRYPTO_BUFFER_new(CRYPTO_BUFFER_hash, CRYPTO_BUFFER_cmp); if (pool->bufs == NULL) { OPENSSL_free(pool); @@ -109,11 +108,10 @@ static CRYPTO_BUFFER *crypto_buffer_new(const uint8_t *data, size_t len, } } - CRYPTO_BUFFER *const buf = OPENSSL_malloc(sizeof(CRYPTO_BUFFER)); + CRYPTO_BUFFER *const buf = OPENSSL_zalloc(sizeof(CRYPTO_BUFFER)); if (buf == NULL) { return NULL; } - OPENSSL_memset(buf, 0, sizeof(CRYPTO_BUFFER)); if (data_is_static) { buf->data = (uint8_t *)data; @@ -170,11 +168,10 @@ CRYPTO_BUFFER *CRYPTO_BUFFER_new(const uint8_t *data, size_t len, } CRYPTO_BUFFER *CRYPTO_BUFFER_alloc(uint8_t **out_data, size_t len) { - CRYPTO_BUFFER *const buf = OPENSSL_malloc(sizeof(CRYPTO_BUFFER)); + CRYPTO_BUFFER *const buf = OPENSSL_zalloc(sizeof(CRYPTO_BUFFER)); if (buf == NULL) { return NULL; } - OPENSSL_memset(buf, 0, sizeof(CRYPTO_BUFFER)); buf->data = OPENSSL_malloc(len); if (len != 0 && buf->data == NULL) { diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c index a326eb785..269959e86 100644 --- a/crypto/stack/stack.c +++ b/crypto/stack/stack.c @@ -84,19 +84,16 @@ struct stack_st { static const size_t kMinSize = 4; OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_cmp_func comp) { - OPENSSL_STACK *ret = OPENSSL_malloc(sizeof(OPENSSL_STACK)); + OPENSSL_STACK *ret = OPENSSL_zalloc(sizeof(OPENSSL_STACK)); if (ret == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(OPENSSL_STACK)); - ret->data = OPENSSL_malloc(sizeof(void *) * kMinSize); + ret->data = OPENSSL_zalloc(sizeof(void *) * kMinSize); if (ret->data == NULL) { goto err; } - OPENSSL_memset(ret->data, 0, sizeof(void *) * kMinSize); - ret->comp = comp; ret->num_alloc = kMinSize; @@ -370,19 +367,17 @@ OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *sk) { return NULL; } - OPENSSL_STACK *ret = OPENSSL_malloc(sizeof(OPENSSL_STACK)); + OPENSSL_STACK *ret = OPENSSL_zalloc(sizeof(OPENSSL_STACK)); if (ret == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(OPENSSL_STACK)); - ret->data = OPENSSL_malloc(sizeof(void *) * sk->num_alloc); + ret->data = OPENSSL_memdup(sk->data, sizeof(void *) * sk->num_alloc); if (ret->data == NULL) { goto err; } ret->num = sk->num; - OPENSSL_memcpy(ret->data, sk->data, sizeof(void *) * sk->num); ret->sorted = sk->sorted; ret->num_alloc = sk->num_alloc; ret->comp = sk->comp; diff --git a/crypto/trust_token/trust_token.c b/crypto/trust_token/trust_token.c index 93172c37c..521e7adc0 100644 --- a/crypto/trust_token/trust_token.c +++ b/crypto/trust_token/trust_token.c @@ -118,11 +118,10 @@ void TRUST_TOKEN_PRETOKEN_free(TRUST_TOKEN_PRETOKEN *pretoken) { } TRUST_TOKEN *TRUST_TOKEN_new(const uint8_t *data, size_t len) { - TRUST_TOKEN *ret = OPENSSL_malloc(sizeof(TRUST_TOKEN)); + TRUST_TOKEN *ret = OPENSSL_zalloc(sizeof(TRUST_TOKEN)); if (ret == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(TRUST_TOKEN)); ret->data = OPENSSL_memdup(data, len); if (len != 0 && ret->data == NULL) { OPENSSL_free(ret); @@ -205,11 +204,10 @@ TRUST_TOKEN_CLIENT *TRUST_TOKEN_CLIENT_new(const TRUST_TOKEN_METHOD *method, return NULL; } - TRUST_TOKEN_CLIENT *ret = OPENSSL_malloc(sizeof(TRUST_TOKEN_CLIENT)); + TRUST_TOKEN_CLIENT *ret = OPENSSL_zalloc(sizeof(TRUST_TOKEN_CLIENT)); if (ret == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(TRUST_TOKEN_CLIENT)); ret->method = method; ret->max_batchsize = (uint16_t)max_batchsize; return ret; @@ -446,11 +444,10 @@ TRUST_TOKEN_ISSUER *TRUST_TOKEN_ISSUER_new(const TRUST_TOKEN_METHOD *method, return NULL; } - TRUST_TOKEN_ISSUER *ret = OPENSSL_malloc(sizeof(TRUST_TOKEN_ISSUER)); + TRUST_TOKEN_ISSUER *ret = OPENSSL_zalloc(sizeof(TRUST_TOKEN_ISSUER)); if (ret == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(TRUST_TOKEN_ISSUER)); ret->method = method; ret->max_batchsize = (uint16_t)max_batchsize; return ret; diff --git a/crypto/x509/policy.c b/crypto/x509/policy.c index b0c27126c..ce9959997 100644 --- a/crypto/x509/policy.c +++ b/crypto/x509/policy.c @@ -107,11 +107,10 @@ static void x509_policy_node_free(X509_POLICY_NODE *node) { static X509_POLICY_NODE *x509_policy_node_new(const ASN1_OBJECT *policy) { assert(!is_any_policy(policy)); - X509_POLICY_NODE *node = OPENSSL_malloc(sizeof(X509_POLICY_NODE)); + X509_POLICY_NODE *node = OPENSSL_zalloc(sizeof(X509_POLICY_NODE)); if (node == NULL) { return NULL; } - OPENSSL_memset(node, 0, sizeof(X509_POLICY_NODE)); node->policy = OBJ_dup(policy); node->parent_policies = sk_ASN1_OBJECT_new_null(); if (node->policy == NULL || node->parent_policies == NULL) { @@ -134,11 +133,10 @@ static void x509_policy_level_free(X509_POLICY_LEVEL *level) { } static X509_POLICY_LEVEL *x509_policy_level_new(void) { - X509_POLICY_LEVEL *level = OPENSSL_malloc(sizeof(X509_POLICY_LEVEL)); + X509_POLICY_LEVEL *level = OPENSSL_zalloc(sizeof(X509_POLICY_LEVEL)); if (level == NULL) { return NULL; } - OPENSSL_memset(level, 0, sizeof(X509_POLICY_LEVEL)); level->nodes = sk_X509_POLICY_NODE_new(x509_policy_node_cmp); if (level->nodes == NULL) { x509_policy_level_free(level); diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index c1389cc2c..814f0ce9b 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -164,10 +164,9 @@ static int x509_object_cmp_sk(const X509_OBJECT *const *a, X509_STORE *X509_STORE_new(void) { X509_STORE *ret; - if ((ret = (X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL) { + if ((ret = (X509_STORE *)OPENSSL_zalloc(sizeof(X509_STORE))) == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(*ret)); CRYPTO_MUTEX_init(&ret->objs_lock); ret->objs = sk_X509_OBJECT_new(x509_object_cmp_sk); if (ret->objs == NULL) { diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 583b4a050..c13437d0c 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -156,12 +156,10 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param) { } X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) { - X509_VERIFY_PARAM *param; - param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM)); + X509_VERIFY_PARAM *param = OPENSSL_zalloc(sizeof(X509_VERIFY_PARAM)); if (!param) { return NULL; } - OPENSSL_memset(param, 0, sizeof(X509_VERIFY_PARAM)); x509_verify_param_zero(param); return param; } diff --git a/crypto/x509/x_pkey.c b/crypto/x509/x_pkey.c index d48ecd111..33a9aa91d 100644 --- a/crypto/x509/x_pkey.c +++ b/crypto/x509/x_pkey.c @@ -67,11 +67,10 @@ X509_PKEY *X509_PKEY_new(void) { - X509_PKEY *ret = OPENSSL_malloc(sizeof(X509_PKEY)); + X509_PKEY *ret = OPENSSL_zalloc(sizeof(X509_PKEY)); if (ret == NULL) { goto err; } - OPENSSL_memset(ret, 0, sizeof(X509_PKEY)); ret->enc_algor = X509_ALGOR_new(); if (ret->enc_algor == NULL) { diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c index 31dbebe15..37a11c6d9 100644 --- a/crypto/x509/x_x509.c +++ b/crypto/x509/x_x509.c @@ -92,11 +92,10 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_CINF) // x509_new_null returns a new |X509| object where the |cert_info|, |sig_alg|, // and |signature| fields are not yet filled in. static X509 *x509_new_null(void) { - X509 *ret = OPENSSL_malloc(sizeof(X509)); + X509 *ret = OPENSSL_zalloc(sizeof(X509)); if (ret == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(X509)); ret->references = 1; ret->ex_pathlen = -1; diff --git a/decrepit/bio/base64_bio.c b/decrepit/bio/base64_bio.c index eb87186fa..35218971e 100644 --- a/decrepit/bio/base64_bio.c +++ b/decrepit/bio/base64_bio.c @@ -89,15 +89,11 @@ typedef struct b64_struct { } BIO_B64_CTX; static int b64_new(BIO *bio) { - BIO_B64_CTX *ctx; - - ctx = OPENSSL_malloc(sizeof(*ctx)); + BIO_B64_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx == NULL) { return 0; } - OPENSSL_memset(ctx, 0, sizeof(*ctx)); - ctx->cont = 1; ctx->start = 1; diff --git a/include/openssl/mem.h b/include/openssl/mem.h index 8da1dd67e..cbbb11f01 100644 --- a/include/openssl/mem.h +++ b/include/openssl/mem.h @@ -81,6 +81,10 @@ extern "C" { // the case of a malloc failure, prior to returning NULL |OPENSSL_malloc| will // push |ERR_R_MALLOC_FAILURE| onto the openssl error stack. OPENSSL_EXPORT void *OPENSSL_malloc(size_t size); + +// OPENSSL_zalloc behaves like |OPENSSL_malloc| except it also initializes the +// resulting memory to zero. +OPENSSL_EXPORT void *OPENSSL_zalloc(size_t size); #endif // !_BORINGSSL_PROHIBIT_OPENSSL_MALLOC // OPENSSL_free does nothing if |ptr| is NULL. Otherwise it zeros out the diff --git a/ssl/d1_both.cc b/ssl/d1_both.cc index 55c92fad8..b910b96d9 100644 --- a/ssl/d1_both.cc +++ b/ssl/d1_both.cc @@ -184,11 +184,10 @@ static UniquePtr dtls1_hm_fragment_new( return nullptr; } size_t bitmask_len = (msg_hdr->msg_len + 7) / 8; - frag->reassembly = (uint8_t *)OPENSSL_malloc(bitmask_len); + frag->reassembly = (uint8_t *)OPENSSL_zalloc(bitmask_len); if (frag->reassembly == NULL) { return nullptr; } - OPENSSL_memset(frag->reassembly, 0, bitmask_len); } return frag; diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc index b97680d1f..fc3d4c3f3 100644 --- a/ssl/ssl_test.cc +++ b/ssl/ssl_test.cc @@ -4725,8 +4725,8 @@ enum ssl_test_ticket_aead_failure_mode { }; struct ssl_test_ticket_aead_state { - unsigned retry_count; - ssl_test_ticket_aead_failure_mode failure_mode; + unsigned retry_count = 0; + ssl_test_ticket_aead_failure_mode failure_mode = ssl_test_ticket_aead_ok; }; static int ssl_test_ticket_aead_ex_index_dup(CRYPTO_EX_DATA *to, @@ -4739,12 +4739,7 @@ static int ssl_test_ticket_aead_ex_index_dup(CRYPTO_EX_DATA *to, static void ssl_test_ticket_aead_ex_index_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int index, long argl, void *argp) { - auto state = reinterpret_cast(ptr); - if (state == nullptr) { - return; - } - - OPENSSL_free(state); + delete reinterpret_cast(ptr); } static CRYPTO_once_t g_ssl_test_ticket_aead_ex_index_once = CRYPTO_ONCE_INIT; @@ -4835,10 +4830,7 @@ static void ConnectClientAndServerWithTicketMethod( SSL_set_connect_state(client.get()); SSL_set_accept_state(server.get()); - auto state = reinterpret_cast( - OPENSSL_malloc(sizeof(ssl_test_ticket_aead_state))); - ASSERT_TRUE(state); - OPENSSL_memset(state, 0, sizeof(ssl_test_ticket_aead_state)); + auto state = new ssl_test_ticket_aead_state; state->retry_count = retry_count; state->failure_mode = failure_mode; diff --git a/ssl/test/async_bio.cc b/ssl/test/async_bio.cc index 9eae290f1..1c9859afe 100644 --- a/ssl/test/async_bio.cc +++ b/ssl/test/async_bio.cc @@ -108,11 +108,10 @@ static long AsyncCtrl(BIO *bio, int cmd, long num, void *ptr) { } static int AsyncNew(BIO *bio) { - AsyncBio *a = (AsyncBio *)OPENSSL_malloc(sizeof(*a)); + AsyncBio *a = (AsyncBio *)OPENSSL_zalloc(sizeof(*a)); if (a == NULL) { return 0; } - OPENSSL_memset(a, 0, sizeof(*a)); a->enforce_write_quota = true; bio->init = 1; bio->ptr = (char *)a;