yggdrasil/ring
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Work around language and compiler bug in memcpy, etc.

Browse Source 
Most C standard library functions are undefined if passed NULL, even
when the corresponding length is zero. This gives them (and, in turn,
all functions which call them) surprising behavior on empty arrays.
Some compilers will miscompile code due to this rule. See also
https://www.imperialviolet.org/2016/06/26/nonnull.html

Add OPENSSL_memcpy, etc., wrappers which avoid this problem.

BUG=23

Change-Id: I95f42b23e92945af0e681264fffaf578e7f8465e
Reviewed-on: https://boringssl-review.googlesource.com/12928
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2016-12-13 01:07:13 -05:00 committed by Adam Langley
parent 56cadc3daf
commit 17cf2cb1d2
188 changed files with 1084 additions and 755 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
STYLE.md
View File

@ -45,6 +45,16 @@ not
Rather than `malloc()` and `free()`, use the wrappers `OPENSSL_malloc()` Rather than `malloc()` and `free()`, use the wrappers `OPENSSL_malloc()`
and `OPENSSL_free()`. Use the standard C `assert()` function freely. and `OPENSSL_free()`. Use the standard C `assert()` function freely.
Use the following wrappers, found in `crypto/internal.h` instead of the
corresponding C standard library functions. They behave the same but avoid
confusing undefined behavior.
* `OPENSSL_memchr`
* `OPENSSL_memcmp`
* `OPENSSL_memcpy`
* `OPENSSL_memmove`
* `OPENSSL_memset`
For new constants, prefer enums when the values are sequential and typed For new constants, prefer enums when the values are sequential and typed
constants for flags. If adding values to an existing set of `#define`s, constants for flags. If adding values to an existing set of `#define`s,
continue with `#define`. continue with `#define`.

9
crypto/aes/aes_test.cc
View File

@ -21,6 +21,7 @@
#include <openssl/aes.h> #include <openssl/aes.h>
#include <openssl/crypto.h> #include <openssl/crypto.h>
#include "../internal.h"
#include "../test/file_test.h" #include "../test/file_test.h"
@ -54,7 +55,7 @@ static bool TestRaw(FileTest *t) {
} }
// Test in-place encryption. // Test in-place encryption.
memcpy(block, plaintext.data(), AES_BLOCK_SIZE); OPENSSL_memcpy(block, plaintext.data(), AES_BLOCK_SIZE);
AES_encrypt(block, block, &aes_key); AES_encrypt(block, block, &aes_key);
if (!t->ExpectBytesEqual(block, AES_BLOCK_SIZE, ciphertext.data(), if (!t->ExpectBytesEqual(block, AES_BLOCK_SIZE, ciphertext.data(),
ciphertext.size())) { ciphertext.size())) {
@ -76,7 +77,7 @@ static bool TestRaw(FileTest *t) {
} }
// Test in-place decryption. // Test in-place decryption.
memcpy(block, ciphertext.data(), AES_BLOCK_SIZE); OPENSSL_memcpy(block, ciphertext.data(), AES_BLOCK_SIZE);
AES_decrypt(block, block, &aes_key); AES_decrypt(block, block, &aes_key);
if (!t->ExpectBytesEqual(block, AES_BLOCK_SIZE, plaintext.data(), if (!t->ExpectBytesEqual(block, AES_BLOCK_SIZE, plaintext.data(),
plaintext.size())) { plaintext.size())) {
@ -123,7 +124,7 @@ static bool TestKeyWrap(FileTest *t) {
return false; return false;
} }
memset(buf.get(), 0, ciphertext.size()); OPENSSL_memset(buf.get(), 0, ciphertext.size());
if (AES_wrap_key(&aes_key, kDefaultIV, buf.get(), plaintext.data(), if (AES_wrap_key(&aes_key, kDefaultIV, buf.get(), plaintext.data(),
plaintext.size()) != static_cast<int>(ciphertext.size()) || plaintext.size()) != static_cast<int>(ciphertext.size()) ||
!t->ExpectBytesEqual(buf.get(), ciphertext.size(), ciphertext.data(), !t->ExpectBytesEqual(buf.get(), ciphertext.size(), ciphertext.data(),
@ -146,7 +147,7 @@ static bool TestKeyWrap(FileTest *t) {
return false; return false;
} }
memset(buf.get(), 0, plaintext.size()); OPENSSL_memset(buf.get(), 0, plaintext.size());
if (AES_unwrap_key(&aes_key, kDefaultIV, buf.get(), ciphertext.data(), if (AES_unwrap_key(&aes_key, kDefaultIV, buf.get(), ciphertext.data(),
ciphertext.size()) != static_cast<int>(plaintext.size()) || ciphertext.size()) != static_cast<int>(plaintext.size()) ||
!t->ExpectBytesEqual(buf.get(), plaintext.size(), plaintext.data(), !t->ExpectBytesEqual(buf.get(), plaintext.size(), plaintext.data(),

20
crypto/aes/key_wrap.c
View File

@ -53,6 +53,8 @@
#include <openssl/mem.h> #include <openssl/mem.h>
#include "../internal.h"
/* kDefaultIV is the default IV value given in RFC 3394, 2.2.3.1. */ /* kDefaultIV is the default IV value given in RFC 3394, 2.2.3.1. */
static const uint8_t kDefaultIV[] = { static const uint8_t kDefaultIV[] = {
@ -73,15 +75,15 @@ int AES_wrap_key(const AES_KEY *key, const uint8_t *iv, uint8_t *out,
iv = kDefaultIV; iv = kDefaultIV;
} }
memmove(out + 8, in, in_len); OPENSSL_memmove(out + 8, in, in_len);
uint8_t A[AES_BLOCK_SIZE]; uint8_t A[AES_BLOCK_SIZE];
memcpy(A, iv, 8); OPENSSL_memcpy(A, iv, 8);
size_t n = in_len / 8; size_t n = in_len / 8;
for (unsigned j = 0; j < kBound; j++) { for (unsigned j = 0; j < kBound; j++) {
for (size_t i = 1; i <= n; i++) { for (size_t i = 1; i <= n; i++) {
memcpy(A + 8, out + 8 * i, 8); OPENSSL_memcpy(A + 8, out + 8 * i, 8);
AES_encrypt(A, A, key); AES_encrypt(A, A, key);
uint32_t t = (uint32_t)(n * j + i); uint32_t t = (uint32_t)(n * j + i);
@ -89,11 +91,11 @@ int AES_wrap_key(const AES_KEY *key, const uint8_t *iv, uint8_t *out,
A[6] ^= (t >> 8) & 0xff; A[6] ^= (t >> 8) & 0xff;
A[5] ^= (t >> 16) & 0xff; A[5] ^= (t >> 16) & 0xff;
A[4] ^= (t >> 24) & 0xff; A[4] ^= (t >> 24) & 0xff;
memcpy(out + 8 * i, A + 8, 8); OPENSSL_memcpy(out + 8 * i, A + 8, 8);
} }
} }
memcpy(out, A, 8); OPENSSL_memcpy(out, A, 8);
return (int)in_len + 8; return (int)in_len + 8;
} }
@ -110,8 +112,8 @@ int AES_unwrap_key(const AES_KEY *key, const uint8_t *iv, uint8_t *out,
} }
uint8_t A[AES_BLOCK_SIZE]; uint8_t A[AES_BLOCK_SIZE];
memcpy(A, in, 8); OPENSSL_memcpy(A, in, 8);
memmove(out, in + 8, in_len - 8); OPENSSL_memmove(out, in + 8, in_len - 8);
size_t n = (in_len / 8) - 1; size_t n = (in_len / 8) - 1;
@ -122,9 +124,9 @@ int AES_unwrap_key(const AES_KEY *key, const uint8_t *iv, uint8_t *out,
A[6] ^= (t >> 8) & 0xff; A[6] ^= (t >> 8) & 0xff;
A[5] ^= (t >> 16) & 0xff; A[5] ^= (t >> 16) & 0xff;
A[4] ^= (t >> 24) & 0xff; A[4] ^= (t >> 24) & 0xff;
memcpy(A + 8, out + 8 * (i - 1), 8); OPENSSL_memcpy(A + 8, out + 8 * (i - 1), 8);
AES_decrypt(A, A, key); AES_decrypt(A, A, key);
memcpy(out + 8 * (i - 1), A + 8, 8); OPENSSL_memcpy(out + 8 * (i - 1), A + 8, 8);
} }
} }

9
crypto/asn1/a_bitstr.c
View File

@ -61,6 +61,9 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/mem.h> #include <openssl/mem.h>
#include "../internal.h"
int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len) int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
{ {
return M_ASN1_BIT_STRING_set(x, d, len); return M_ASN1_BIT_STRING_set(x, d, len);
@ -115,7 +118,7 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
*(p++) = (unsigned char)bits; *(p++) = (unsigned char)bits;
d = a->data; d = a->data;
memcpy(p, d, len); OPENSSL_memcpy(p, d, len);
p += len; p += len;
if (len > 0) if (len > 0)
p[-1] &= (0xff << bits); p[-1] &= (0xff << bits);
@ -162,7 +165,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
goto err; goto err;
} }
memcpy(s, p, (int)len); OPENSSL_memcpy(s, p, (int)len);
s[len - 1] &= (0xff << padding); s[len - 1] &= (0xff << padding);
p += len; p += len;
} else } else
@ -215,7 +218,7 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
return 0; return 0;
} }
if (w + 1 - a->length > 0) if (w + 1 - a->length > 0)
memset(c + a->length, 0, w + 1 - a->length); OPENSSL_memset(c + a->length, 0, w + 1 - a->length);
a->data = c; a->data = c;
a->length = w + 1; a->length = w + 1;
} }

5
crypto/asn1/a_enum.c
View File

@ -61,6 +61,9 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/mem.h> #include <openssl/mem.h>
#include "../internal.h"
/* /*
* Code for ENUMERATED type: identical to INTEGER apart from a different tag. * Code for ENUMERATED type: identical to INTEGER apart from a different tag.
* for comments on encoding see a_int.c * for comments on encoding see a_int.c
@ -79,7 +82,7 @@ int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
OPENSSL_free(a->data); OPENSSL_free(a->data);
if ((a->data = if ((a->data =
(unsigned char *)OPENSSL_malloc(sizeof(long) + 1)) != NULL) (unsigned char *)OPENSSL_malloc(sizeof(long) + 1)) != NULL)
memset((char *)a->data, 0, sizeof(long) + 1); OPENSSL_memset((char *)a->data, 0, sizeof(long) + 1);
} }
if (a->data == NULL) { if (a->data == NULL) {
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);

11
crypto/asn1/a_int.c
View File

@ -61,6 +61,9 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/mem.h> #include <openssl/mem.h>
#include "../internal.h"
ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x) ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x)
{ {
return M_ASN1_INTEGER_dup(x); return M_ASN1_INTEGER_dup(x);
@ -157,7 +160,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
if (a->length == 0) if (a->length == 0)
*(p++) = 0; *(p++) = 0;
else if (!neg) else if (!neg)
memcpy(p, a->data, (unsigned int)a->length); OPENSSL_memcpy(p, a->data, (unsigned int)a->length);
else { else {
/* Begin at the end of the encoding */ /* Begin at the end of the encoding */
n = a->data + a->length - 1; n = a->data + a->length - 1;
@ -254,7 +257,7 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
p++; p++;
len--; len--;
} }
memcpy(s, p, (int)len); OPENSSL_memcpy(s, p, (int)len);
} }
if (ret->data != NULL) if (ret->data != NULL)
@ -322,7 +325,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
p++; p++;
len--; len--;
} }
memcpy(s, p, (int)len); OPENSSL_memcpy(s, p, (int)len);
p += len; p += len;
} }
@ -354,7 +357,7 @@ int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
OPENSSL_free(a->data); OPENSSL_free(a->data);
if ((a->data = if ((a->data =
(unsigned char *)OPENSSL_malloc(sizeof(long) + 1)) != NULL) (unsigned char *)OPENSSL_malloc(sizeof(long) + 1)) != NULL)
memset((char *)a->data, 0, sizeof(long) + 1); OPENSSL_memset((char *)a->data, 0, sizeof(long) + 1);
} }
if (a->data == NULL) { if (a->data == NULL) {
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);

7
crypto/asn1/a_object.c
View File

@ -63,6 +63,9 @@
#include <openssl/mem.h> #include <openssl/mem.h>
#include <openssl/obj.h> #include <openssl/obj.h>
#include "../internal.h"
int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp) int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
{ {
unsigned char *p; unsigned char *p;
@ -77,7 +80,7 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
p = *pp; p = *pp;
ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL); ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
memcpy(p, a->data, a->length); OPENSSL_memcpy(p, a->data, a->length);
p += a->length; p += a->length;
*pp = p; *pp = p;
@ -321,7 +324,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
} }
ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA; ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA;
} }
memcpy(data, p, length); OPENSSL_memcpy(data, p, length);
/* reattach data to object, after which it remains const */ /* reattach data to object, after which it remains const */
ret->data = data; ret->data = data;
ret->length = length; ret->length = length;

2
crypto/asn1/a_utctm.c
View File

@ -270,7 +270,7 @@ time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)
struct tm tm; struct tm tm;
int offset; int offset;
memset(&tm, '\0', sizeof tm); OPENSSL_memset(&tm, '\0', sizeof tm);
# define g2(p) (((p)[0]-'0')*10+(p)[1]-'0') # define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
tm.tm_year = g2(s->data); tm.tm_year = g2(s->data);

7
crypto/asn1/asn1_lib.c
View File

@ -63,6 +63,9 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/mem.h> #include <openssl/mem.h>
#include "../internal.h"
/* Cross-module errors from crypto/x509/i2d_pr.c. */ /* Cross-module errors from crypto/x509/i2d_pr.c. */
OPENSSL_DECLARE_ERROR_REASON(ASN1, UNSUPPORTED_PUBLIC_KEY_TYPE) OPENSSL_DECLARE_ERROR_REASON(ASN1, UNSUPPORTED_PUBLIC_KEY_TYPE)
@ -401,7 +404,7 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
} }
str->length = len; str->length = len;
if (data != NULL) { if (data != NULL) {
memcpy(str->data, data, len); OPENSSL_memcpy(str->data, data, len);
/* an allowance for strings :-) */ /* an allowance for strings :-) */
str->data[len] = '\0'; str->data[len] = '\0';
} }
@ -452,7 +455,7 @@ int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
i = (a->length - b->length); i = (a->length - b->length);
if (i == 0) { if (i == 0) {
i = memcmp(a->data, b->data, a->length); i = OPENSSL_memcmp(a->data, b->data, a->length);
if (i == 0) if (i == 0)
return (a->type - b->type); return (a->type - b->type);
else else

2
crypto/asn1/tasn_dec.c
View File

@ -1108,7 +1108,7 @@ static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen)
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
return 0; return 0;
} }
memcpy(buf->data + len, *p, plen); OPENSSL_memcpy(buf->data + len, *p, plen);
} }
*p += plen; *p += plen;
return 1; return 1;

9
crypto/asn1/tasn_enc.c
View File

@ -62,6 +62,9 @@
#include <openssl/asn1t.h> #include <openssl/asn1t.h>
#include <openssl/mem.h> #include <openssl/mem.h>
#include "../internal.h"
static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
const ASN1_ITEM *it, int tag, int aclass); const ASN1_ITEM *it, int tag, int aclass);
static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
@ -415,7 +418,7 @@ static int der_cmp(const void *a, const void *b)
const DER_ENC *d1 = a, *d2 = b; const DER_ENC *d1 = a, *d2 = b;
int cmplen, i; int cmplen, i;
cmplen = (d1->length < d2->length) ? d1->length : d2->length; cmplen = (d1->length < d2->length) ? d1->length : d2->length;
i = memcmp(d1->data, d2->data, cmplen); i = OPENSSL_memcmp(d1->data, d2->data, cmplen);
if (i) if (i)
return i; return i;
return d1->length - d2->length; return d1->length - d2->length;
@ -470,7 +473,7 @@ static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
/* Output sorted DER encoding */ /* Output sorted DER encoding */
p = *out; p = *out;
for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) { for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
memcpy(p, tder->data, tder->length); OPENSSL_memcpy(p, tder->data, tder->length);
p += tder->length; p += tder->length;
} }
*out = p; *out = p;
@ -660,6 +663,6 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
} }
if (cout && len) if (cout && len)
memcpy(cout, cont, len); OPENSSL_memcpy(cout, cont, len);
return len; return len;
} }

7
crypto/asn1/tasn_new.c
View File

@ -63,6 +63,9 @@
#include <openssl/mem.h> #include <openssl/mem.h>
#include <openssl/obj.h> #include <openssl/obj.h>
#include "../internal.h"
static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
int combine); int combine);
static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
@ -153,7 +156,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
*pval = OPENSSL_malloc(it->size); *pval = OPENSSL_malloc(it->size);
if (!*pval) if (!*pval)
goto memerr; goto memerr;
memset(*pval, 0, it->size); OPENSSL_memset(*pval, 0, it->size);
} }
asn1_set_choice_selector(pval, -1, it); asn1_set_choice_selector(pval, -1, it);
if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
@ -178,7 +181,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
*pval = OPENSSL_malloc(it->size); *pval = OPENSSL_malloc(it->size);
if (!*pval) if (!*pval)
goto memerr; goto memerr;
memset(*pval, 0, it->size); OPENSSL_memset(*pval, 0, it->size);
asn1_refcount_set_one(pval, it); asn1_refcount_set_one(pval, it);
asn1_enc_init(pval, it); asn1_enc_init(pval, it);
} }

4
crypto/asn1/tasn_utl.c
View File

@ -178,7 +178,7 @@ int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
if (!enc->enc) { if (!enc->enc) {
return 0; return 0;
} }
memcpy(enc->enc, in, inlen); OPENSSL_memcpy(enc->enc, in, inlen);
} }
enc->len = inlen; enc->len = inlen;
@ -195,7 +195,7 @@ int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
return 0; return 0;
} }
if (out) { if (out) {
memcpy(*out, enc->enc, enc->len); OPENSSL_memcpy(*out, enc->enc, enc->len);
*out += enc->len; *out += enc->len;
} }
if (len) { if (len) {

7
crypto/asn1/x_long.c
View File

@ -63,6 +63,9 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/mem.h> #include <openssl/mem.h>
#include "../internal.h"
/* /*
* Custom primitive type for long handling. This converts between an * Custom primitive type for long handling. This converts between an
* ASN1_INTEGER and a long directly. * ASN1_INTEGER and a long directly.
@ -117,7 +120,7 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
char *cp = (char *)pval; char *cp = (char *)pval;
/* use memcpy, because we may not be long aligned */ /* use memcpy, because we may not be long aligned */
memcpy(&ltmp, cp, sizeof(long)); OPENSSL_memcpy(&ltmp, cp, sizeof(long));
if (ltmp == it->size) if (ltmp == it->size)
return -1; return -1;
@ -186,7 +189,7 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
OPENSSL_PUT_ERROR(ASN1, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); OPENSSL_PUT_ERROR(ASN1, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
return 0; return 0;
} }
memcpy(cp, &ltmp, sizeof(long)); OPENSSL_memcpy(cp, &ltmp, sizeof(long));
return 1; return 1;
} }

12
crypto/base64/base64.c
View File

@ -62,6 +62,8 @@
#include <openssl/type_check.h> #include <openssl/type_check.h>
#include "../internal.h"
/* Encoding. */ /* Encoding. */
@ -95,7 +97,7 @@ int EVP_EncodedLength(size_t *out_len, size_t len) {
} }
void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) { void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) {
memset(ctx, 0, sizeof(EVP_ENCODE_CTX)); OPENSSL_memset(ctx, 0, sizeof(EVP_ENCODE_CTX));
} }
void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, uint8_t *out, int *out_len, void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, uint8_t *out, int *out_len,
@ -110,14 +112,14 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, uint8_t *out, int *out_len,
assert(ctx->data_used < sizeof(ctx->data)); assert(ctx->data_used < sizeof(ctx->data));
if (sizeof(ctx->data) - ctx->data_used > in_len) { if (sizeof(ctx->data) - ctx->data_used > in_len) {
memcpy(&ctx->data[ctx->data_used], in, in_len); OPENSSL_memcpy(&ctx->data[ctx->data_used], in, in_len);
ctx->data_used += (unsigned)in_len; ctx->data_used += (unsigned)in_len;
return; return;
} }
if (ctx->data_used != 0) { if (ctx->data_used != 0) {
const size_t todo = sizeof(ctx->data) - ctx->data_used; const size_t todo = sizeof(ctx->data) - ctx->data_used;
memcpy(&ctx->data[ctx->data_used], in, todo); OPENSSL_memcpy(&ctx->data[ctx->data_used], in, todo);
in += todo; in += todo;
in_len -= todo; in_len -= todo;
@ -149,7 +151,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, uint8_t *out, int *out_len,
} }
if (in_len != 0) { if (in_len != 0) {
memcpy(ctx->data, in, in_len); OPENSSL_memcpy(ctx->data, in, in_len);
} }
ctx->data_used = (unsigned)in_len; ctx->data_used = (unsigned)in_len;
@ -224,7 +226,7 @@ int EVP_DecodedLength(size_t *out_len, size_t len) {
} }
void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) { void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) {
memset(ctx, 0, sizeof(EVP_ENCODE_CTX)); OPENSSL_memset(ctx, 0, sizeof(EVP_ENCODE_CTX));
} }
/* kBase64ASCIIToBinData maps characters (c < 128) to their base64 value, or /* kBase64ASCIIToBinData maps characters (c < 128) to their base64 value, or

14
crypto/base64/base64_test.cc
View File

@ -136,7 +136,7 @@ static bool TestEncodeBlock() {
std::string encoded(RemoveNewlines(t->encoded)); std::string encoded(RemoveNewlines(t->encoded));
if (len != encoded.size() || if (len != encoded.size() ||
memcmp(out, encoded.data(), len) != 0) { OPENSSL_memcmp(out, encoded.data(), len) != 0) {
fprintf(stderr, "encode(\"%s\") = \"%.*s\", want \"%s\"\n", fprintf(stderr, "encode(\"%s\") = \"%.*s\", want \"%s\"\n",
t->decoded, (int)len, (const char*)out, encoded.c_str()); t->decoded, (int)len, (const char*)out, encoded.c_str());
return false; return false;
@ -178,7 +178,7 @@ static bool TestDecodeBase64() {
} }
if (len != strlen(t->decoded) || if (len != strlen(t->decoded) ||
memcmp(out, t->decoded, len) != 0) { OPENSSL_memcmp(out, t->decoded, len) != 0) {
fprintf(stderr, "decode(\"%s\") = \"%.*s\", want \"%s\"\n", fprintf(stderr, "decode(\"%s\") = \"%.*s\", want \"%s\"\n",
encoded.c_str(), (int)len, (const char*)out, t->decoded); encoded.c_str(), (int)len, (const char*)out, t->decoded);
return false; return false;
@ -217,7 +217,7 @@ static bool TestDecodeBlock() {
ret -= 3 - (expected_len % 3); ret -= 3 - (expected_len % 3);
} }
if (static_cast<size_t>(ret) != strlen(t->decoded) || if (static_cast<size_t>(ret) != strlen(t->decoded) ||
memcmp(out, t->decoded, ret) != 0) { OPENSSL_memcmp(out, t->decoded, ret) != 0) {
fprintf(stderr, "decode(\"%s\") = \"%.*s\", want \"%s\"\n", fprintf(stderr, "decode(\"%s\") = \"%.*s\", want \"%s\"\n",
t->encoded, ret, (const char*)out, t->decoded); t->encoded, ret, (const char*)out, t->decoded);
return false; return false;
@ -258,7 +258,8 @@ static bool TestEncodeDecode() {
EVP_EncodeFinal(&ctx, out + total, &out_len); EVP_EncodeFinal(&ctx, out + total, &out_len);
total += out_len; total += out_len;
if (total != strlen(t->encoded) || memcmp(out, t->encoded, total) != 0) { if (total != strlen(t->encoded) ||
OPENSSL_memcmp(out, t->encoded, total) != 0) {
fprintf(stderr, "#%u: EVP_EncodeUpdate produced different output: '%s' (%u)\n", fprintf(stderr, "#%u: EVP_EncodeUpdate produced different output: '%s' (%u)\n",
test_num, out, static_cast<unsigned>(total)); test_num, out, static_cast<unsigned>(total));
return false; return false;
@ -287,7 +288,8 @@ static bool TestEncodeDecode() {
fprintf(stderr, "#%u: EVP_DecodeUpdate failed\n", test_num); fprintf(stderr, "#%u: EVP_DecodeUpdate failed\n", test_num);
return false; return false;
} }
if (total != decoded_len || memcmp(out, t->decoded, decoded_len)) { if (total != decoded_len ||
OPENSSL_memcmp(out, t->decoded, decoded_len)) {
fprintf(stderr, "#%u: EVP_DecodeUpdate produced incorrect output\n", fprintf(stderr, "#%u: EVP_DecodeUpdate produced incorrect output\n",
test_num); test_num);
return false; return false;
@ -368,7 +370,7 @@ static bool TestDecodeUpdateStreaming() {
out_len += bytes_written; out_len += bytes_written;
if (out_len != strlen(t->decoded) || if (out_len != strlen(t->decoded) ||
memcmp(out.data(), t->decoded, out_len) != 0) { OPENSSL_memcmp(out.data(), t->decoded, out_len) != 0) {
fprintf(stderr, "#%u: incorrect output\n", test_num); fprintf(stderr, "#%u: incorrect output\n", test_num);
return 0; return 0;
} }

6
crypto/bio/bio.c
View File

@ -75,7 +75,7 @@ BIO *BIO_new(const BIO_METHOD *method) {
return NULL; return NULL;
} }
memset(ret, 0, sizeof(BIO)); OPENSSL_memset(ret, 0, sizeof(BIO));
ret->method = method; ret->method = method;
ret->shutdown = 1; ret->shutdown = 1;
ret->references = 1; ret->references = 1;
@ -488,7 +488,7 @@ static int bio_read_all(BIO *bio, uint8_t **out, size_t *out_len,
if (*out == NULL) { if (*out == NULL) {
return 0; return 0;
} }
memcpy(*out, prefix, prefix_len); OPENSSL_memcpy(*out, prefix, prefix_len);
size_t done = prefix_len; size_t done = prefix_len;
for (;;) { for (;;) {
@ -595,7 +595,7 @@ int BIO_read_asn1(BIO *bio, uint8_t **out, size_t *out_len, size_t max_len) {
if (*out == NULL) { if (*out == NULL) {
return 0; return 0;
} }
memcpy(*out, header, header_len); OPENSSL_memcpy(*out, header, header_len);
if (BIO_read(bio, (*out) + header_len, len - header_len) != if (BIO_read(bio, (*out) + header_len, len - header_len) !=
(int) (len - header_len)) { (int) (len - header_len)) {
OPENSSL_free(*out); OPENSSL_free(*out);

10
crypto/bio/bio_mem.c
View File

@ -63,6 +63,8 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/mem.h> #include <openssl/mem.h>
#include "../internal.h"
BIO *BIO_new_mem_buf(const void *buf, int len) { BIO *BIO_new_mem_buf(const void *buf, int len) {
BIO *ret; BIO *ret;
@ -144,12 +146,12 @@ static int mem_read(BIO *bio, char *out, int outl) {
} }
if (ret > 0) { if (ret > 0) {
memcpy(out, b->data, ret); OPENSSL_memcpy(out, b->data, ret);
b->length -= ret; b->length -= ret;
if (bio->flags & BIO_FLAGS_MEM_RDONLY) { if (bio->flags & BIO_FLAGS_MEM_RDONLY) {
b->data += ret; b->data += ret;
} else { } else {
memmove(b->data, &b->data[ret], b->length); OPENSSL_memmove(b->data, &b->data[ret], b->length);
} }
} else if (b->length == 0) { } else if (b->length == 0) {
ret = bio->num; ret = bio->num;
@ -180,7 +182,7 @@ static int mem_write(BIO *bio, const char *in, int inl) {
if (BUF_MEM_grow_clean(b, blen + inl) != ((size_t) blen) + inl) { if (BUF_MEM_grow_clean(b, blen + inl) != ((size_t) blen) + inl) {
goto err; goto err;
} }
memcpy(&b->data[blen], in, inl); OPENSSL_memcpy(&b->data[blen], in, inl);
ret = inl; ret = inl;
err: err:
@ -240,7 +242,7 @@ static long mem_ctrl(BIO *bio, int cmd, long num, void *ptr) {
b->data -= b->max - b->length; b->data -= b->max - b->length;
b->length = b->max; b->length = b->max;
} else { } else {
memset(b->data, 0, b->max); OPENSSL_memset(b->data, 0, b->max);
b->length = 0; b->length = 0;
} }
} }

36
crypto/bio/bio_test.cc
View File

@ -79,7 +79,7 @@ static bool TestSocketConnect() {
ScopedSocket listening_sock_closer(listening_sock); ScopedSocket listening_sock_closer(listening_sock);
struct sockaddr_in sin; struct sockaddr_in sin;
memset(&sin, 0, sizeof(sin)); OPENSSL_memset(&sin, 0, sizeof(sin));
sin.sin_family = AF_INET; sin.sin_family = AF_INET;
if (!inet_pton(AF_INET, "127.0.0.1", &sin.sin_addr)) { if (!inet_pton(AF_INET, "127.0.0.1", &sin.sin_addr)) {
PrintSocketError("inet_pton"); PrintSocketError("inet_pton");
@ -128,7 +128,7 @@ static bool TestSocketConnect() {
PrintSocketError("read"); PrintSocketError("read");
return false; return false;
} }
if (memcmp(buf, kTestMessage, sizeof(kTestMessage))) { if (OPENSSL_memcmp(buf, kTestMessage, sizeof(kTestMessage))) {
return false; return false;
} }
@ -152,7 +152,7 @@ static bool TestPrintf() {
fprintf(stderr, "Bad test string length\n"); fprintf(stderr, "Bad test string length\n");
return false; return false;
} }
memset(string, 'a', sizeof(string)); OPENSSL_memset(string, 'a', sizeof(string));
string[kLengths[i]] = '\0'; string[kLengths[i]] = '\0';
int ret = BIO_printf(bio.get(), "test %s", string); int ret = BIO_printf(bio.get(), "test %s", string);
@ -198,8 +198,8 @@ static bool ReadASN1(bool should_succeed, const uint8_t *data, size_t data_len,
return false; return false;
} }
if (should_succeed && if (should_succeed && (out_len != expected_len ||
(out_len != expected_len || memcmp(data, out, expected_len) != 0)) { OPENSSL_memcmp(data, out, expected_len) != 0)) {
return false; return false;
} }
@ -227,8 +227,8 @@ static bool TestASN1() {
if (!large) { if (!large) {
return false; return false;
} }
memset(large.get() + sizeof(kLargePrefix), 0, kLargePayloadLen); OPENSSL_memset(large.get() + sizeof(kLargePrefix), 0, kLargePayloadLen);
memcpy(large.get(), kLargePrefix, sizeof(kLargePrefix)); OPENSSL_memcpy(large.get(), kLargePrefix, sizeof(kLargePrefix));
if (!ReadASN1(true, large.get(), sizeof(kLargePrefix) + kLargePayloadLen, if (!ReadASN1(true, large.get(), sizeof(kLargePrefix) + kLargePayloadLen,
sizeof(kLargePrefix) + kLargePayloadLen, sizeof(kLargePrefix) + kLargePayloadLen,
@ -245,7 +245,7 @@ static bool TestASN1() {
} }
static const uint8_t kIndefPrefix[] = {0x30, 0x80}; static const uint8_t kIndefPrefix[] = {0x30, 0x80};
memcpy(large.get(), kIndefPrefix, sizeof(kIndefPrefix)); OPENSSL_memcpy(large.get(), kIndefPrefix, sizeof(kIndefPrefix));
if (!ReadASN1(true, large.get(), sizeof(kLargePrefix) + kLargePayloadLen, if (!ReadASN1(true, large.get(), sizeof(kLargePrefix) + kLargePayloadLen,
sizeof(kLargePrefix) + kLargePayloadLen, sizeof(kLargePrefix) + kLargePayloadLen,
kLargePayloadLen*2)) { kLargePayloadLen*2)) {
@ -287,7 +287,7 @@ static bool TestPair() {
if (BIO_write(bio1, "12345", 5) != 5 || if (BIO_write(bio1, "12345", 5) != 5 ||
BIO_ctrl_get_write_guarantee(bio1) != 5 || BIO_ctrl_get_write_guarantee(bio1) != 5 ||
BIO_read(bio2, buf, sizeof(buf)) != 5 || BIO_read(bio2, buf, sizeof(buf)) != 5 ||
memcmp(buf, "12345", 5) != 0 || OPENSSL_memcmp(buf, "12345", 5) != 0 ||
BIO_ctrl_get_write_guarantee(bio1) != 10) { BIO_ctrl_get_write_guarantee(bio1) != 10) {
return false; return false;
} }
@ -298,7 +298,7 @@ static bool TestPair() {
BIO_write(bio1, "z", 1) != -1 || BIO_write(bio1, "z", 1) != -1 ||
!BIO_should_write(bio1) || !BIO_should_write(bio1) ||
BIO_read(bio2, buf, sizeof(buf)) != 10 || BIO_read(bio2, buf, sizeof(buf)) != 10 ||
memcmp(buf, "1234567890", 10) != 0 || OPENSSL_memcmp(buf, "1234567890", 10) != 0 ||
BIO_ctrl_get_write_guarantee(bio1) != 10) { BIO_ctrl_get_write_guarantee(bio1) != 10) {
return false; return false;
} }
@ -323,10 +323,10 @@ static bool TestPair() {
BIO_write(bio1, "67890___", 8) != 5 || BIO_write(bio1, "67890___", 8) != 5 ||
BIO_ctrl_get_write_guarantee(bio1) != 0 || BIO_ctrl_get_write_guarantee(bio1) != 0 ||
BIO_read(bio2, buf, 3) != 3 || BIO_read(bio2, buf, 3) != 3 ||
memcmp(buf, "123", 3) != 0 || OPENSSL_memcmp(buf, "123", 3) != 0 ||
BIO_ctrl_get_write_guarantee(bio1) != 3 || BIO_ctrl_get_write_guarantee(bio1) != 3 ||
BIO_read(bio2, buf, sizeof(buf)) != 7 || BIO_read(bio2, buf, sizeof(buf)) != 7 ||
memcmp(buf, "4567890", 7) != 0 || OPENSSL_memcmp(buf, "4567890", 7) != 0 ||
BIO_ctrl_get_write_guarantee(bio1) != 10) { BIO_ctrl_get_write_guarantee(bio1) != 10) {
return false; return false;
} }
@ -341,12 +341,12 @@ static bool TestPair() {
if (BIO_write(bio1, "abcdefgh", 8) != 8 || if (BIO_write(bio1, "abcdefgh", 8) != 8 ||
BIO_ctrl_get_write_guarantee(bio1) != 2 || BIO_ctrl_get_write_guarantee(bio1) != 2 ||
BIO_read(bio2, buf, 3) != 3 || BIO_read(bio2, buf, 3) != 3 ||
memcmp(buf, "abc", 3) != 0 || OPENSSL_memcmp(buf, "abc", 3) != 0 ||
BIO_ctrl_get_write_guarantee(bio1) != 5 || BIO_ctrl_get_write_guarantee(bio1) != 5 ||
BIO_write(bio1, "ijklm___", 8) != 5 || BIO_write(bio1, "ijklm___", 8) != 5 ||
BIO_ctrl_get_write_guarantee(bio1) != 0 || BIO_ctrl_get_write_guarantee(bio1) != 0 ||
BIO_read(bio2, buf, sizeof(buf)) != 10 || BIO_read(bio2, buf, sizeof(buf)) != 10 ||
memcmp(buf, "defghijklm", 10) != 0 || OPENSSL_memcmp(buf, "defghijklm", 10) != 0 ||
BIO_ctrl_get_write_guarantee(bio1) != 10) { BIO_ctrl_get_write_guarantee(bio1) != 10) {
return false; return false;
} }
@ -355,9 +355,9 @@ static bool TestPair() {
if (BIO_write(bio1, "12345", 5) != 5 || if (BIO_write(bio1, "12345", 5) != 5 ||
BIO_write(bio2, "67890", 5) != 5 || BIO_write(bio2, "67890", 5) != 5 ||
BIO_read(bio2, buf, sizeof(buf)) != 5 || BIO_read(bio2, buf, sizeof(buf)) != 5 ||
memcmp(buf, "12345", 5) != 0 || OPENSSL_memcmp(buf, "12345", 5) != 0 ||
BIO_read(bio1, buf, sizeof(buf)) != 5 || BIO_read(bio1, buf, sizeof(buf)) != 5 ||
memcmp(buf, "67890", 5) != 0) { OPENSSL_memcmp(buf, "67890", 5) != 0) {
return false; return false;
} }
@ -365,7 +365,7 @@ static bool TestPair() {
if (BIO_write(bio1, "12345", 5) != 5 || if (BIO_write(bio1, "12345", 5) != 5 ||
!BIO_shutdown_wr(bio1) || !BIO_shutdown_wr(bio1) ||
BIO_read(bio2, buf, sizeof(buf)) != 5 || BIO_read(bio2, buf, sizeof(buf)) != 5 ||
memcmp(buf, "12345", 5) != 0 || OPENSSL_memcmp(buf, "12345", 5) != 0 ||
BIO_read(bio2, buf, sizeof(buf)) != 0) { BIO_read(bio2, buf, sizeof(buf)) != 0) {
return false; return false;
} }
@ -385,7 +385,7 @@ static bool TestPair() {
// The other end is still functional. // The other end is still functional.
if (BIO_write(bio2, "12345", 5) != 5 || if (BIO_write(bio2, "12345", 5) != 5 ||
BIO_read(bio1, buf, sizeof(buf)) != 5 || BIO_read(bio1, buf, sizeof(buf)) != 5 ||
memcmp(buf, "12345", 5) != 0) { OPENSSL_memcmp(buf, "12345", 5) != 0) {
return false; return false;
} }
} }

10
crypto/bio/buffer.c
View File

@ -62,6 +62,8 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/mem.h> #include <openssl/mem.h>
#include "../internal.h"
#define DEFAULT_BUFFER_SIZE 4096 #define DEFAULT_BUFFER_SIZE 4096
@ -94,7 +96,7 @@ static int buffer_new(BIO *bio) {
if (ctx == NULL) { if (ctx == NULL) {
return 0; return 0;
} }
memset(ctx, 0, sizeof(BIO_F_BUFFER_CTX)); OPENSSL_memset(ctx, 0, sizeof(BIO_F_BUFFER_CTX));
ctx->ibuf = OPENSSL_malloc(DEFAULT_BUFFER_SIZE); ctx->ibuf = OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
if (ctx->ibuf == NULL) { if (ctx->ibuf == NULL) {
@ -158,7 +160,7 @@ static int buffer_read(BIO *bio, char *out, int outl) {
if (i > outl) { if (i > outl) {
i = outl; i = outl;
} }
memcpy(out, &ctx->ibuf[ctx->ibuf_off], i); OPENSSL_memcpy(out, &ctx->ibuf[ctx->ibuf_off], i);
ctx->ibuf_off += i; ctx->ibuf_off += i;
ctx->ibuf_len -= i; ctx->ibuf_len -= i;
num += i; num += i;
@ -222,7 +224,7 @@ static int buffer_write(BIO *b, const char *in, int inl) {
i = ctx->obuf_size - (ctx->obuf_off + ctx->obuf_len); i = ctx->obuf_size - (ctx->obuf_off + ctx->obuf_len);
/* add to buffer and return */ /* add to buffer and return */
if (i >= inl) { if (i >= inl) {
memcpy(&ctx->obuf[ctx->obuf_off + ctx->obuf_len], in, inl); OPENSSL_memcpy(&ctx->obuf[ctx->obuf_off + ctx->obuf_len], in, inl);
ctx->obuf_len += inl; ctx->obuf_len += inl;
return num + inl; return num + inl;
} }
@ -230,7 +232,7 @@ static int buffer_write(BIO *b, const char *in, int inl) {
/* stuff already in buffer, so add to it first, then flush */ /* stuff already in buffer, so add to it first, then flush */
if (ctx->obuf_len != 0) { if (ctx->obuf_len != 0) {
if (i > 0) { if (i > 0) {
memcpy(&ctx->obuf[ctx->obuf_off + ctx->obuf_len], in, i); OPENSSL_memcpy(&ctx->obuf[ctx->obuf_off + ctx->obuf_len], in, i);
in += i; in += i;
inl -= i; inl -= i;
num += i; num += i;

3
crypto/bio/connect.c
View File

@ -77,6 +77,7 @@ OPENSSL_MSVC_PRAGMA(warning(pop))
#include <openssl/mem.h> #include <openssl/mem.h>
#include "internal.h" #include "internal.h"
#include "../internal.h"
enum { enum {
@ -298,7 +299,7 @@ static BIO_CONNECT *BIO_CONNECT_new(void) {
if (ret == NULL) { if (ret == NULL) {
return NULL; return NULL;
} }
memset(ret, 0, sizeof(BIO_CONNECT)); OPENSSL_memset(ret, 0, sizeof(BIO_CONNECT));
ret->state = BIO_CONN_S_BEFORE; ret->state = BIO_CONN_S_BEFORE;
return ret; return ret;

6
crypto/bio/hexdump.c
View File

@ -59,6 +59,8 @@
#include <limits.h> #include <limits.h>
#include <string.h> #include <string.h>
#include "../internal.h"
/* hexdump_ctx contains the state of a hexdump. */ /* hexdump_ctx contains the state of a hexdump. */
struct hexdump_ctx { struct hexdump_ctx {
@ -154,7 +156,7 @@ static int finish(struct hexdump_ctx *ctx) {
return 1; return 1;
} }
memset(buf, ' ', 4); OPENSSL_memset(buf, ' ', 4);
buf[4] = '|'; buf[4] = '|';
for (; ctx->used < 16; ctx->used++) { for (; ctx->used < 16; ctx->used++) {
@ -179,7 +181,7 @@ static int finish(struct hexdump_ctx *ctx) {
int BIO_hexdump(BIO *bio, const uint8_t *data, size_t len, unsigned indent) { int BIO_hexdump(BIO *bio, const uint8_t *data, size_t len, unsigned indent) {
struct hexdump_ctx ctx; struct hexdump_ctx ctx;
memset(&ctx, 0, sizeof(ctx)); OPENSSL_memset(&ctx, 0, sizeof(ctx));
ctx.bio = bio; ctx.bio = bio;
ctx.indent = indent; ctx.indent = indent;

8
crypto/bio/pair.c
View File

@ -59,6 +59,8 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/mem.h> #include <openssl/mem.h>
#include "../internal.h"
struct bio_bio_st { struct bio_bio_st {
BIO *peer; /* NULL if buf == NULL. BIO *peer; /* NULL if buf == NULL.
@ -86,7 +88,7 @@ static int bio_new(BIO *bio) {
if (b == NULL) { if (b == NULL) {
return 0; return 0;
} }
memset(b, 0, sizeof(struct bio_bio_st)); OPENSSL_memset(b, 0, sizeof(struct bio_bio_st));
b->size = 17 * 1024; /* enough for one TLS record (just a default) */ b->size = 17 * 1024; /* enough for one TLS record (just a default) */
bio->ptr = b; bio->ptr = b;
@ -207,7 +209,7 @@ static int bio_read(BIO *bio, char *buf, int size_) {
} }
assert(peer_b->offset + chunk <= peer_b->size); assert(peer_b->offset + chunk <= peer_b->size);
memcpy(buf, peer_b->buf + peer_b->offset, chunk); OPENSSL_memcpy(buf, peer_b->buf + peer_b->offset, chunk);
peer_b->len -= chunk; peer_b->len -= chunk;
if (peer_b->len) { if (peer_b->len) {
@ -287,7 +289,7 @@ static int bio_write(BIO *bio, const char *buf, int num_) {
chunk = b->size - write_offset; chunk = b->size - write_offset;
} }
memcpy(b->buf + write_offset, buf, chunk); OPENSSL_memcpy(b->buf + write_offset, buf, chunk);
b->len += chunk; b->len += chunk;

7
crypto/bio/socket_helper.c
View File

@ -33,6 +33,7 @@ OPENSSL_MSVC_PRAGMA(warning(pop))
#endif #endif
#include "internal.h" #include "internal.h"
#include "../internal.h"
int bio_ip_and_port_to_socket_and_addr(int *out_sock, int bio_ip_and_port_to_socket_and_addr(int *out_sock,
@ -45,7 +46,7 @@ int bio_ip_and_port_to_socket_and_addr(int *out_sock,
*out_sock = -1; *out_sock = -1;
memset(&hint, 0, sizeof(hint)); OPENSSL_memset(&hint, 0, sizeof(hint));
hint.ai_family = AF_UNSPEC; hint.ai_family = AF_UNSPEC;
hint.ai_socktype = SOCK_STREAM; hint.ai_socktype = SOCK_STREAM;
@ -62,8 +63,8 @@ int bio_ip_and_port_to_socket_and_addr(int *out_sock,
if ((size_t) cur->ai_addrlen > sizeof(struct sockaddr_storage)) { if ((size_t) cur->ai_addrlen > sizeof(struct sockaddr_storage)) {
continue; continue;
} }
memset(out_addr, 0, sizeof(struct sockaddr_storage)); OPENSSL_memset(out_addr, 0, sizeof(struct sockaddr_storage));
memcpy(out_addr, cur->ai_addr, cur->ai_addrlen); OPENSSL_memcpy(out_addr, cur->ai_addr, cur->ai_addrlen);
*out_addr_length = cur->ai_addrlen; *out_addr_length = cur->ai_addrlen;
*out_sock = socket(cur->ai_family, cur->ai_socktype, cur->ai_protocol); *out_sock = socket(cur->ai_family, cur->ai_socktype, cur->ai_protocol);

2
crypto/bn/add.c
View File

@ -314,7 +314,7 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) {
} }
if (dif > 0 && rp != ap) { if (dif > 0 && rp != ap) {
memcpy(rp, ap, sizeof(*rp) * dif); OPENSSL_memcpy(rp, ap, sizeof(*rp) * dif);
} }
r->top = max; r->top = max;

14
crypto/bn/bn.c
View File

@ -73,14 +73,14 @@ BIGNUM *BN_new(void) {
return NULL; return NULL;
} }
memset(bn, 0, sizeof(BIGNUM)); OPENSSL_memset(bn, 0, sizeof(BIGNUM));
bn->flags = BN_FLG_MALLOCED; bn->flags = BN_FLG_MALLOCED;
return bn; return bn;
} }
void BN_init(BIGNUM *bn) { void BN_init(BIGNUM *bn) {
memset(bn, 0, sizeof(BIGNUM)); OPENSSL_memset(bn, 0, sizeof(BIGNUM));
} }
void BN_free(BIGNUM *bn) { void BN_free(BIGNUM *bn) {
@ -149,7 +149,7 @@ BIGNUM *BN_copy(BIGNUM *dest, const BIGNUM *src) {
return NULL; return NULL;
} }
memcpy(dest->d, src->d, sizeof(src->d[0]) * src->top); OPENSSL_memcpy(dest->d, src->d, sizeof(src->d[0]) * src->top);
dest->top = src->top; dest->top = src->top;
dest->neg = src->neg; dest->neg = src->neg;
@ -158,7 +158,7 @@ BIGNUM *BN_copy(BIGNUM *dest, const BIGNUM *src) {
void BN_clear(BIGNUM *bn) { void BN_clear(BIGNUM *bn) {
if (bn->d != NULL) { if (bn->d != NULL) {
memset(bn->d, 0, bn->dmax * sizeof(bn->d[0])); OPENSSL_memset(bn->d, 0, bn->dmax * sizeof(bn->d[0]));
} }
bn->top = 0; bn->top = 0;
@ -173,7 +173,7 @@ const BIGNUM *BN_value_one(void) {
} }
void BN_with_flags(BIGNUM *out, const BIGNUM *in, int flags) { void BN_with_flags(BIGNUM *out, const BIGNUM *in, int flags) {
memcpy(out, in, sizeof(BIGNUM)); OPENSSL_memcpy(out, in, sizeof(BIGNUM));
out->flags &= ~BN_FLG_MALLOCED; out->flags &= ~BN_FLG_MALLOCED;
out->flags |= BN_FLG_STATIC_DATA | flags; out->flags |= BN_FLG_STATIC_DATA | flags;
} }
@ -292,7 +292,7 @@ int bn_set_words(BIGNUM *bn, const BN_ULONG *words, size_t num) {
if (bn_wexpand(bn, num) == NULL) { if (bn_wexpand(bn, num) == NULL) {
return 0; return 0;
} }
memmove(bn->d, words, num * sizeof(BN_ULONG)); OPENSSL_memmove(bn->d, words, num * sizeof(BN_ULONG));
/* |bn_wexpand| verified that |num| isn't too large. */ /* |bn_wexpand| verified that |num| isn't too large. */
bn->top = (int)num; bn->top = (int)num;
bn_correct_top(bn); bn_correct_top(bn);
@ -335,7 +335,7 @@ BIGNUM *bn_wexpand(BIGNUM *bn, size_t words) {
return NULL; return NULL;
} }
memcpy(a, bn->d, sizeof(BN_ULONG) * bn->top); OPENSSL_memcpy(a, bn->d, sizeof(BN_ULONG) * bn->top);
OPENSSL_free(bn->d); OPENSSL_free(bn->d);
bn->d = a; bn->d = a;

20
crypto/bn/bn_test.cc
View File

@ -680,7 +680,7 @@ static bool RunTest(FileTest *t, void *arg) {
static bool TestBN2BinPadded(BN_CTX *ctx) { static bool TestBN2BinPadded(BN_CTX *ctx) {
uint8_t zeros[256], out[256], reference[128]; uint8_t zeros[256], out[256], reference[128];
memset(zeros, 0, sizeof(zeros)); OPENSSL_memset(zeros, 0, sizeof(zeros));
// Test edge case at 0. // Test edge case at 0.
bssl::UniquePtr<BIGNUM> n(BN_new()); bssl::UniquePtr<BIGNUM> n(BN_new());
@ -689,13 +689,13 @@ static bool TestBN2BinPadded(BN_CTX *ctx) {
"BN_bn2bin_padded failed to encode 0 in an empty buffer.\n"); "BN_bn2bin_padded failed to encode 0 in an empty buffer.\n");
return false; return false;
} }
memset(out, -1, sizeof(out)); OPENSSL_memset(out, -1, sizeof(out));
if (!BN_bn2bin_padded(out, sizeof(out), n.get())) { if (!BN_bn2bin_padded(out, sizeof(out), n.get())) {
fprintf(stderr, fprintf(stderr,
"BN_bn2bin_padded failed to encode 0 in a non-empty buffer.\n"); "BN_bn2bin_padded failed to encode 0 in a non-empty buffer.\n");
return false; return false;
} }
if (memcmp(zeros, out, sizeof(out))) { if (OPENSSL_memcmp(zeros, out, sizeof(out))) {
fprintf(stderr, "BN_bn2bin_padded did not zero buffer.\n"); fprintf(stderr, "BN_bn2bin_padded did not zero buffer.\n");
return false; return false;
} }
@ -724,20 +724,21 @@ static bool TestBN2BinPadded(BN_CTX *ctx) {
} }
// Exactly right size should encode. // Exactly right size should encode.
if (!BN_bn2bin_padded(out, bytes, n.get()) || if (!BN_bn2bin_padded(out, bytes, n.get()) ||
memcmp(out, reference, bytes) != 0) { OPENSSL_memcmp(out, reference, bytes) != 0) {
fprintf(stderr, "BN_bn2bin_padded gave a bad result.\n"); fprintf(stderr, "BN_bn2bin_padded gave a bad result.\n");
return false; return false;
} }
// Pad up one byte extra. // Pad up one byte extra.
if (!BN_bn2bin_padded(out, bytes + 1, n.get()) || if (!BN_bn2bin_padded(out, bytes + 1, n.get()) ||
memcmp(out + 1, reference, bytes) || memcmp(out, zeros, 1)) { OPENSSL_memcmp(out + 1, reference, bytes) ||
OPENSSL_memcmp(out, zeros, 1)) {
fprintf(stderr, "BN_bn2bin_padded gave a bad result.\n"); fprintf(stderr, "BN_bn2bin_padded gave a bad result.\n");
return false; return false;
} }
// Pad up to 256. // Pad up to 256.
if (!BN_bn2bin_padded(out, sizeof(out), n.get()) || if (!BN_bn2bin_padded(out, sizeof(out), n.get()) ||
memcmp(out + sizeof(out) - bytes, reference, bytes) || OPENSSL_memcmp(out + sizeof(out) - bytes, reference, bytes) ||
memcmp(out, zeros, sizeof(out) - bytes)) { OPENSSL_memcmp(out, zeros, sizeof(out) - bytes)) {
fprintf(stderr, "BN_bn2bin_padded gave a bad result.\n"); fprintf(stderr, "BN_bn2bin_padded gave a bad result.\n");
return false; return false;
} }
@ -922,7 +923,7 @@ static bool TestMPI() {
} }
if (mpi_len != test.mpi_len || if (mpi_len != test.mpi_len ||
memcmp(test.mpi, scratch, mpi_len) != 0) { OPENSSL_memcmp(test.mpi, scratch, mpi_len) != 0) {
fprintf(stderr, "MPI test #%u failed:\n", (unsigned)i); fprintf(stderr, "MPI test #%u failed:\n", (unsigned)i);
hexdump(stderr, "Expected: ", test.mpi, test.mpi_len); hexdump(stderr, "Expected: ", test.mpi, test.mpi_len);
hexdump(stderr, "Got: ", scratch, mpi_len); hexdump(stderr, "Got: ", scratch, mpi_len);
@ -1062,7 +1063,8 @@ static bool TestASN1() {
} }
bssl::UniquePtr<uint8_t> delete_der(der); bssl::UniquePtr<uint8_t> delete_der(der);
if (der_len != test.der_len || if (der_len != test.der_len ||
memcmp(der, reinterpret_cast<const uint8_t*>(test.der), der_len) != 0) { OPENSSL_memcmp(der, reinterpret_cast<const uint8_t *>(test.der),
der_len) != 0) {
fprintf(stderr, "Bad serialization.\n"); fprintf(stderr, "Bad serialization.\n");
return false; return false;
} }

4
crypto/bn/convert.c
View File

@ -162,7 +162,7 @@ static BN_ULONG read_word_padded(const BIGNUM *in, size_t i) {
int BN_bn2bin_padded(uint8_t *out, size_t len, const BIGNUM *in) { int BN_bn2bin_padded(uint8_t *out, size_t len, const BIGNUM *in) {
/* Special case for |in| = 0. Just branch as the probability is negligible. */ /* Special case for |in| = 0. Just branch as the probability is negligible. */
if (BN_is_zero(in)) { if (BN_is_zero(in)) {
memset(out, 0, len); OPENSSL_memset(out, 0, len);
return 1; return 1;
} }
@ -532,7 +532,7 @@ size_t BN_bn2mpi(const BIGNUM *in, uint8_t *out) {
/* If we cannot represent the number then we emit zero as the interface /* If we cannot represent the number then we emit zero as the interface
* doesn't allow an error to be signalled. */ * doesn't allow an error to be signalled. */
if (out) { if (out) {
memset(out, 0, 4); OPENSSL_memset(out, 0, 4);
} }
return 4; return 4;
} }

4
crypto/bn/ctx.c
View File

@ -59,6 +59,8 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/mem.h> #include <openssl/mem.h>
#include "../internal.h"
/* How many bignums are in each "pool item"; */ /* How many bignums are in each "pool item"; */
#define BN_CTX_POOL_SIZE 16 #define BN_CTX_POOL_SIZE 16
@ -218,7 +220,7 @@ static int BN_STACK_push(BN_STACK *st, unsigned int idx) {
return 0; return 0;
} }
if (st->depth) { if (st->depth) {
memcpy(newitems, st->indexes, st->depth * sizeof(unsigned int)); OPENSSL_memcpy(newitems, st->indexes, st->depth * sizeof(unsigned int));
} }
OPENSSL_free(st->indexes); OPENSSL_free(st->indexes);
st->indexes = newitems; st->indexes = newitems;

2
crypto/bn/exponentiation.c
View File

@ -961,7 +961,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
} }
powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree); powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);
memset(powerbuf, 0, powerbufLen); OPENSSL_memset(powerbuf, 0, powerbufLen);
#ifdef alloca #ifdef alloca
if (powerbufLen < 3072) { if (powerbufLen < 3072) {

4
crypto/bn/montgomery.c
View File

@ -132,7 +132,7 @@ BN_MONT_CTX *BN_MONT_CTX_new(void) {
return NULL; return NULL;
} }
memset(ret, 0, sizeof(BN_MONT_CTX)); OPENSSL_memset(ret, 0, sizeof(BN_MONT_CTX));
BN_init(&ret->RR); BN_init(&ret->RR);
BN_init(&ret->N); BN_init(&ret->N);
@ -281,7 +281,7 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r,
/* clear the top words of T */ /* clear the top words of T */
if (max > r->top) { if (max > r->top) {
memset(&rp[r->top], 0, (max - r->top) * sizeof(BN_ULONG)); OPENSSL_memset(&rp[r->top], 0, (max - r->top) * sizeof(BN_ULONG));
} }
r->top = max; r->top = max;

20
crypto/bn/mul.c
View File

@ -312,7 +312,8 @@ static void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) { if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) {
bn_mul_normal(r, a, n2 + dna, b, n2 + dnb); bn_mul_normal(r, a, n2 + dna, b, n2 + dnb);
if ((dna + dnb) < 0) { if ((dna + dnb) < 0) {
memset(&r[2 * n2 + dna + dnb], 0, sizeof(BN_ULONG) * -(dna + dnb)); OPENSSL_memset(&r[2 * n2 + dna + dnb], 0,
sizeof(BN_ULONG) * -(dna + dnb));
} }
return; return;
} }
@ -358,7 +359,7 @@ static void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
if (!zero) { if (!zero) {
bn_mul_comba4(&(t[n2]), t, &(t[n])); bn_mul_comba4(&(t[n2]), t, &(t[n]));
} else { } else {
memset(&(t[n2]), 0, 8 * sizeof(BN_ULONG)); OPENSSL_memset(&(t[n2]), 0, 8 * sizeof(BN_ULONG));
} }
bn_mul_comba4(r, a, b); bn_mul_comba4(r, a, b);
@ -368,7 +369,7 @@ static void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
if (!zero) { if (!zero) {
bn_mul_comba8(&(t[n2]), t, &(t[n])); bn_mul_comba8(&(t[n2]), t, &(t[n]));
} else { } else {
memset(&(t[n2]), 0, 16 * sizeof(BN_ULONG)); OPENSSL_memset(&(t[n2]), 0, 16 * sizeof(BN_ULONG));
} }
bn_mul_comba8(r, a, b); bn_mul_comba8(r, a, b);
@ -378,7 +379,7 @@ static void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
if (!zero) { if (!zero) {
bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p); bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p);
} else { } else {
memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG)); OPENSSL_memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG));
} }
bn_mul_recursive(r, a, b, n, 0, 0, p); bn_mul_recursive(r, a, b, n, 0, 0, p);
bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), n, dna, dnb, p); bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), n, dna, dnb, p);
@ -473,7 +474,7 @@ static void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
bn_mul_comba8(&(t[n2]), t, &(t[n])); bn_mul_comba8(&(t[n2]), t, &(t[n]));
bn_mul_comba8(r, a, b); bn_mul_comba8(r, a, b);
bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb); bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb);
memset(&(r[n2 + tna + tnb]), 0, sizeof(BN_ULONG) * (n2 - tna - tnb)); OPENSSL_memset(&(r[n2 + tna + tnb]), 0, sizeof(BN_ULONG) * (n2 - tna - tnb));
} else { } else {
p = &(t[n2 * 2]); p = &(t[n2 * 2]);
bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p); bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p);
@ -489,14 +490,15 @@ static void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
if (j == 0) { if (j == 0) {
bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), i, tna - i, tnb - i, p); bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), i, tna - i, tnb - i, p);
memset(&(r[n2 + i * 2]), 0, sizeof(BN_ULONG) * (n2 - i * 2)); OPENSSL_memset(&(r[n2 + i * 2]), 0, sizeof(BN_ULONG) * (n2 - i * 2));
} else if (j > 0) { } else if (j > 0) {
/* eg, n == 16, i == 8 and tn == 11 */ /* eg, n == 16, i == 8 and tn == 11 */
bn_mul_part_recursive(&(r[n2]), &(a[n]), &(b[n]), i, tna - i, tnb - i, p); bn_mul_part_recursive(&(r[n2]), &(a[n]), &(b[n]), i, tna - i, tnb - i, p);
memset(&(r[n2 + tna + tnb]), 0, sizeof(BN_ULONG) * (n2 - tna - tnb)); OPENSSL_memset(&(r[n2 + tna + tnb]), 0,
sizeof(BN_ULONG) * (n2 - tna - tnb));
} else { } else {
/* (j < 0) eg, n == 16, i == 8 and tn == 5 */ /* (j < 0) eg, n == 16, i == 8 and tn == 5 */
memset(&(r[n2]), 0, sizeof(BN_ULONG) * n2); OPENSSL_memset(&(r[n2]), 0, sizeof(BN_ULONG) * n2);
if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL && if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL &&
tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) { tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) {
bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb); bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb);
@ -735,7 +737,7 @@ static void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t
if (!zero) { if (!zero) {
bn_sqr_recursive(&(t[n2]), t, n, p); bn_sqr_recursive(&(t[n2]), t, n, p);
} else { } else {
memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG)); OPENSSL_memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG));
} }
bn_sqr_recursive(r, a, n, p); bn_sqr_recursive(r, a, n, p);
bn_sqr_recursive(&(r[n2]), &(a[n]), n, p); bn_sqr_recursive(&(r[n2]), &(a[n]), n, p);

9
crypto/bn/random.c
View File

@ -115,6 +115,9 @@
#include <openssl/rand.h> #include <openssl/rand.h>
#include <openssl/sha.h> #include <openssl/sha.h>
#include "../internal.h"
int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) { int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) {
uint8_t *buf = NULL; uint8_t *buf = NULL;
int ret = 0, bit, bytes, mask; int ret = 0, bit, bytes, mask;
@ -298,8 +301,8 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, const BIGNUM *priv,
OPENSSL_PUT_ERROR(BN, BN_R_PRIVATE_KEY_TOO_LARGE); OPENSSL_PUT_ERROR(BN, BN_R_PRIVATE_KEY_TOO_LARGE);
goto err; goto err;
} }
memcpy(private_bytes, priv->d, todo); OPENSSL_memcpy(private_bytes, priv->d, todo);
memset(private_bytes + todo, 0, sizeof(private_bytes) - todo); OPENSSL_memset(private_bytes + todo, 0, sizeof(private_bytes) - todo);
for (attempt = 0;; attempt++) { for (attempt = 0;; attempt++) {
for (done = 0; done < num_k_bytes;) { for (done = 0; done < num_k_bytes;) {
@ -318,7 +321,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, const BIGNUM *priv,
if (todo > SHA512_DIGEST_LENGTH) { if (todo > SHA512_DIGEST_LENGTH) {
todo = SHA512_DIGEST_LENGTH; todo = SHA512_DIGEST_LENGTH;
} }
memcpy(k_bytes + done, digest, todo); OPENSSL_memcpy(k_bytes + done, digest, todo);
done += todo; done += todo;
} }

2
crypto/bn/shift.c
View File

@ -94,7 +94,7 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) {
t[nw + i] = (l << lb) & BN_MASK2; t[nw + i] = (l << lb) & BN_MASK2;
} }
} }
memset(t, 0, nw * sizeof(t[0])); OPENSSL_memset(t, 0, nw * sizeof(t[0]));
r->top = a->top + nw + 1; r->top = a->top + nw + 1;
bn_correct_top(r); bn_correct_top(r);

10
crypto/buf/buf.c
View File

@ -61,6 +61,8 @@
#include <openssl/mem.h> #include <openssl/mem.h>
#include <openssl/err.h> #include <openssl/err.h>
#include "../internal.h"
BUF_MEM *BUF_MEM_new(void) { BUF_MEM *BUF_MEM_new(void) {
BUF_MEM *ret; BUF_MEM *ret;
@ -71,7 +73,7 @@ BUF_MEM *BUF_MEM_new(void) {
return NULL; return NULL;
} }
memset(ret, 0, sizeof(BUF_MEM)); OPENSSL_memset(ret, 0, sizeof(BUF_MEM));
return ret; return ret;
} }
@ -137,7 +139,7 @@ static size_t buf_mem_grow(BUF_MEM *buf, size_t len, int clean) {
return 0; return 0;
} }
if (buf->length < len) { if (buf->length < len) {
memset(&buf->data[buf->length], 0, len - buf->length); OPENSSL_memset(&buf->data[buf->length], 0, len - buf->length);
} }
buf->length = len; buf->length = len;
return len; return len;
@ -193,7 +195,7 @@ char *BUF_strndup(const char *buf, size_t size) {
return NULL; return NULL;
} }
memcpy(ret, buf, size); OPENSSL_memcpy(ret, buf, size);
ret[size] = '\0'; ret[size] = '\0';
return ret; return ret;
} }
@ -234,6 +236,6 @@ void *BUF_memdup(const void *data, size_t dst_size) {
return NULL; return NULL;
} }
memcpy(ret, data, dst_size); OPENSSL_memcpy(ret, data, dst_size);
return ret; return ret;
} }

3
crypto/bytestring/asn1_compat.c
View File

@ -22,6 +22,7 @@
#include <openssl/mem.h> #include <openssl/mem.h>
#include "internal.h" #include "internal.h"
#include "../internal.h"
int CBB_finish_i2d(CBB *cbb, uint8_t **outp) { int CBB_finish_i2d(CBB *cbb, uint8_t **outp) {
@ -42,7 +43,7 @@ int CBB_finish_i2d(CBB *cbb, uint8_t **outp) {
*outp = der; *outp = der;
der = NULL; der = NULL;
} else { } else {
memcpy(*outp, der, der_len); OPENSSL_memcpy(*outp, der, der_len);
*outp += der_len; *outp += der_len;
} }
} }

3
crypto/bytestring/ber.c
View File

@ -18,6 +18,7 @@
#include <string.h> #include <string.h>
#include "internal.h" #include "internal.h"
#include "../internal.h"
/* kMaxDepth is a just a sanity limit. The code should be such that the length /* kMaxDepth is a just a sanity limit. The code should be such that the length
@ -100,7 +101,7 @@ static int cbs_find_ber(const CBS *orig_in, char *ber_found, unsigned depth) {
* |CBS_get_any_ber_asn1_element|, indicate an "end of contents" (EOC) value. */ * |CBS_get_any_ber_asn1_element|, indicate an "end of contents" (EOC) value. */
static char is_eoc(size_t header_len, CBS *contents) { static char is_eoc(size_t header_len, CBS *contents) {
return header_len == 2 && CBS_len(contents) == 2 && return header_len == 2 && CBS_len(contents) == 2 &&
memcmp(CBS_data(contents), "\x00\x00", 2) == 0; OPENSSL_memcmp(CBS_data(contents), "\x00\x00", 2) == 0;
} }
/* cbs_convert_ber reads BER data from |in| and writes DER data to |out|. If /* cbs_convert_ber reads BER data from |in| and writes DER data to |out|. If

44
crypto/bytestring/bytestring_test.cc
View File

@ -132,7 +132,7 @@ static bool TestGetASN1() {
} }
if (!CBS_get_asn1(&data, &contents, 0x30) || if (!CBS_get_asn1(&data, &contents, 0x30) ||
CBS_len(&contents) != 2 || CBS_len(&contents) != 2 ||
memcmp(CBS_data(&contents), "\x01\x02", 2) != 0) { OPENSSL_memcmp(CBS_data(&contents), "\x01\x02", 2) != 0) {
return false; return false;
} }
@ -193,7 +193,7 @@ static bool TestGetASN1() {
!CBS_get_optional_asn1(&data, &contents, &present, 0xa1) || !CBS_get_optional_asn1(&data, &contents, &present, 0xa1) ||
!present || !present ||
CBS_len(&contents) != 3 || CBS_len(&contents) != 3 ||
memcmp(CBS_data(&contents), "\x04\x01\x01", 3) != 0) { OPENSSL_memcmp(CBS_data(&contents), "\x04\x01\x01", 3) != 0) {
return false; return false;
} }
@ -235,7 +235,7 @@ static bool TestGetASN1() {
if (!CBS_get_any_asn1(&data, &contents, &tag) || if (!CBS_get_any_asn1(&data, &contents, &tag) ||
tag != CBS_ASN1_SEQUENCE || tag != CBS_ASN1_SEQUENCE ||
CBS_len(&contents) != 2 || CBS_len(&contents) != 2 ||
memcmp(CBS_data(&contents), "\x01\x02", 2) != 0) { OPENSSL_memcmp(CBS_data(&contents), "\x01\x02", 2) != 0) {
return false; return false;
} }
@ -245,7 +245,7 @@ static bool TestGetASN1() {
tag != CBS_ASN1_SEQUENCE || tag != CBS_ASN1_SEQUENCE ||
header_len != 2 || header_len != 2 ||
CBS_len(&contents) != 4 || CBS_len(&contents) != 4 ||
memcmp(CBS_data(&contents), "\x30\x02\x01\x02", 2) != 0) { OPENSSL_memcmp(CBS_data(&contents), "\x30\x02\x01\x02", 2) != 0) {
return false; return false;
} }
@ -312,7 +312,8 @@ static bool TestCBBBasic() {
} }
bssl::UniquePtr<uint8_t> scoper(buf); bssl::UniquePtr<uint8_t> scoper(buf);
return buf_len == sizeof(kExpected) && memcmp(buf, kExpected, buf_len) == 0; return buf_len == sizeof(kExpected) &&
OPENSSL_memcmp(buf, kExpected, buf_len) == 0;
} }
static bool TestCBBFixed() { static bool TestCBBFixed() {
@ -396,7 +397,8 @@ static bool TestCBBPrefixed() {
} }
bssl::UniquePtr<uint8_t> scoper(buf); bssl::UniquePtr<uint8_t> scoper(buf);
return buf_len == sizeof(kExpected) && memcmp(buf, kExpected, buf_len) == 0; return buf_len == sizeof(kExpected) &&
OPENSSL_memcmp(buf, kExpected, buf_len) == 0;
} }
static bool TestCBBDiscardChild() { static bool TestCBBDiscardChild() {
@ -445,7 +447,8 @@ static bool TestCBBDiscardChild() {
0, 0, 3, 0xdd, 0xdd, 0xdd, 0, 0, 3, 0xdd, 0xdd, 0xdd,
1, 0xff, 1, 0xff,
}; };
return buf_len == sizeof(kExpected) && memcmp(buf, kExpected, buf_len) == 0; return buf_len == sizeof(kExpected) &&
OPENSSL_memcmp(buf, kExpected, buf_len) == 0;
} }
static bool TestCBBMisuse() { static bool TestCBBMisuse() {
@ -484,7 +487,7 @@ static bool TestCBBMisuse() {
bssl::UniquePtr<uint8_t> scoper(buf); bssl::UniquePtr<uint8_t> scoper(buf);
if (buf_len != 3 || if (buf_len != 3 ||
memcmp(buf, "\x01\x01\x02", 3) != 0) { OPENSSL_memcmp(buf, "\x01\x01\x02", 3) != 0) {
return false; return false;
} }
return true; return true;
@ -507,7 +510,8 @@ static bool TestCBBASN1() {
} }
bssl::UniquePtr<uint8_t> scoper(buf); bssl::UniquePtr<uint8_t> scoper(buf);
if (buf_len != sizeof(kExpected) || memcmp(buf, kExpected, buf_len) != 0) { if (buf_len != sizeof(kExpected) ||
OPENSSL_memcmp(buf, kExpected, buf_len) != 0) {
return false; return false;
} }
@ -525,8 +529,8 @@ static bool TestCBBASN1() {
scoper.reset(buf); scoper.reset(buf);
if (buf_len != 3 + 130 || if (buf_len != 3 + 130 ||
memcmp(buf, "\x30\x81\x82", 3) != 0 || OPENSSL_memcmp(buf, "\x30\x81\x82", 3) != 0 ||
memcmp(buf + 3, test_data.data(), 130) != 0) { OPENSSL_memcmp(buf + 3, test_data.data(), 130) != 0) {
return false; return false;
} }
@ -542,8 +546,8 @@ static bool TestCBBASN1() {
scoper.reset(buf); scoper.reset(buf);
if (buf_len != 4 + 1000 || if (buf_len != 4 + 1000 ||
memcmp(buf, "\x30\x82\x03\xe8", 4) != 0 || OPENSSL_memcmp(buf, "\x30\x82\x03\xe8", 4) != 0 ||
memcmp(buf + 4, test_data.data(), 1000)) { OPENSSL_memcmp(buf + 4, test_data.data(), 1000)) {
return false; return false;
} }
@ -560,8 +564,9 @@ static bool TestCBBASN1() {
scoper.reset(buf); scoper.reset(buf);
if (buf_len != 5 + 5 + 100000 || if (buf_len != 5 + 5 + 100000 ||
memcmp(buf, "\x30\x83\x01\x86\xa5\x30\x83\x01\x86\xa0", 10) != 0 || OPENSSL_memcmp(buf, "\x30\x83\x01\x86\xa5\x30\x83\x01\x86\xa0", 10) !=
memcmp(buf + 10, test_data.data(), 100000)) { 0 ||
OPENSSL_memcmp(buf + 10, test_data.data(), 100000)) {
return false; return false;
} }
@ -584,7 +589,7 @@ static bool DoBerConvert(const char *name,
if (out == NULL) { if (out == NULL) {
if (ber_len != der_len || if (ber_len != der_len ||
memcmp(der_expected, ber, ber_len) != 0) { OPENSSL_memcmp(der_expected, ber, ber_len) != 0) {
fprintf(stderr, "%s: incorrect unconverted result.\n", name); fprintf(stderr, "%s: incorrect unconverted result.\n", name);
return false; return false;
} }
@ -593,7 +598,7 @@ static bool DoBerConvert(const char *name,
} }
if (out_len != der_len || if (out_len != der_len ||
memcmp(out, der_expected, der_len) != 0) { OPENSSL_memcmp(out, der_expected, der_len) != 0) {
fprintf(stderr, "%s: incorrect converted result.\n", name); fprintf(stderr, "%s: incorrect converted result.\n", name);
return false; return false;
} }
@ -702,7 +707,7 @@ static bool TestImplicitString() {
} }
if (ok && (CBS_len(&out) != test.out_len || if (ok && (CBS_len(&out) != test.out_len ||
memcmp(CBS_data(&out), test.out, test.out_len) != 0)) { OPENSSL_memcmp(CBS_data(&out), test.out, test.out_len) != 0)) {
fprintf(stderr, "CBS_get_asn1_implicit_string gave the wrong output\n"); fprintf(stderr, "CBS_get_asn1_implicit_string gave the wrong output\n");
return false; return false;
} }
@ -772,7 +777,8 @@ static bool TestASN1Uint64() {
return false; return false;
} }
bssl::UniquePtr<uint8_t> scoper(out); bssl::UniquePtr<uint8_t> scoper(out);
if (len != test->encoding_len || memcmp(out, test->encoding, len) != 0) { if (len != test->encoding_len ||
OPENSSL_memcmp(out, test->encoding, len) != 0) {
return false; return false;
} }
} }

16
crypto/bytestring/cbb.c
View File

@ -19,9 +19,11 @@
#include <openssl/mem.h> #include <openssl/mem.h>
#include "../internal.h"
void CBB_zero(CBB *cbb) { void CBB_zero(CBB *cbb) {
memset(cbb, 0, sizeof(CBB)); OPENSSL_memset(cbb, 0, sizeof(CBB));
} }
static int cbb_init(CBB *cbb, uint8_t *buf, size_t cap) { static int cbb_init(CBB *cbb, uint8_t *buf, size_t cap) {
@ -252,8 +254,8 @@ int CBB_flush(CBB *cbb) {
if (!cbb_buffer_add(cbb->base, NULL, extra_bytes)) { if (!cbb_buffer_add(cbb->base, NULL, extra_bytes)) {
goto err; goto err;
} }
memmove(cbb->base->buf + child_start + extra_bytes, OPENSSL_memmove(cbb->base->buf + child_start + extra_bytes,
cbb->base->buf + child_start, len); cbb->base->buf + child_start, len);
} }
cbb->base->buf[cbb->child->offset++] = initial_length_byte; cbb->base->buf[cbb->child->offset++] = initial_length_byte;
cbb->child->pending_len_len = len_len - 1; cbb->child->pending_len_len = len_len - 1;
@ -303,8 +305,8 @@ static int cbb_add_length_prefixed(CBB *cbb, CBB *out_contents,
return 0; return 0;
} }
memset(prefix_bytes, 0, len_len); OPENSSL_memset(prefix_bytes, 0, len_len);
memset(out_contents, 0, sizeof(CBB)); OPENSSL_memset(out_contents, 0, sizeof(CBB));
out_contents->base = cbb->base; out_contents->base = cbb->base;
cbb->child = out_contents; cbb->child = out_contents;
cbb->child->offset = offset; cbb->child->offset = offset;
@ -346,7 +348,7 @@ int CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned tag) {
return 0; return 0;
} }
memset(out_contents, 0, sizeof(CBB)); OPENSSL_memset(out_contents, 0, sizeof(CBB));
out_contents->base = cbb->base; out_contents->base = cbb->base;
cbb->child = out_contents; cbb->child = out_contents;
cbb->child->offset = offset; cbb->child->offset = offset;
@ -363,7 +365,7 @@ int CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len) {
!cbb_buffer_add(cbb->base, &dest, len)) { !cbb_buffer_add(cbb->base, &dest, len)) {
return 0; return 0;
} }
memcpy(dest, data, len); OPENSSL_memcpy(dest, data, len);
return 1; return 1;
} }

5
crypto/bytestring/cbs.c
View File

@ -20,6 +20,7 @@
#include <string.h> #include <string.h>
#include "internal.h" #include "internal.h"
#include "../internal.h"
void CBS_init(CBS *cbs, const uint8_t *data, size_t len) { void CBS_init(CBS *cbs, const uint8_t *data, size_t len) {
@ -76,7 +77,7 @@ int CBS_strdup(const CBS *cbs, char **out_ptr) {
} }
int CBS_contains_zero_byte(const CBS *cbs) { int CBS_contains_zero_byte(const CBS *cbs) {
return memchr(cbs->data, 0, cbs->len) != NULL; return OPENSSL_memchr(cbs->data, 0, cbs->len) != NULL;
} }
int CBS_mem_equal(const CBS *cbs, const uint8_t *data, size_t len) { int CBS_mem_equal(const CBS *cbs, const uint8_t *data, size_t len) {
@ -150,7 +151,7 @@ int CBS_copy_bytes(CBS *cbs, uint8_t *out, size_t len) {
if (!cbs_get(cbs, &v, len)) { if (!cbs_get(cbs, &v, len)) {
return 0; return 0;
} }
memcpy(out, v, len); OPENSSL_memcpy(out, v, len);
return 1; return 1;
} }

2
crypto/chacha/chacha.c
View File

@ -96,7 +96,7 @@ static void chacha_core(uint8_t output[64], const uint32_t input[16]) {
uint32_t x[16]; uint32_t x[16];
int i; int i;
memcpy(x, input, sizeof(uint32_t) * 16); OPENSSL_memcpy(x, input, sizeof(uint32_t) * 16);
for (i = 20; i > 0; i -= 2) { for (i = 20; i > 0; i -= 2) {
QUARTERROUND(0, 4, 8, 12) QUARTERROUND(0, 4, 8, 12)
QUARTERROUND(1, 5, 9, 13) QUARTERROUND(1, 5, 9, 13)

8
crypto/chacha/chacha_test.cc
View File

@ -21,6 +21,8 @@
#include <openssl/crypto.h> #include <openssl/crypto.h>
#include <openssl/chacha.h> #include <openssl/chacha.h>
#include "../internal.h"
static const uint8_t kKey[32] = { static const uint8_t kKey[32] = {
0x98, 0xbe, 0xf1, 0x46, 0x9b, 0xe7, 0x26, 0x98, 0x37, 0xa4, 0x5b, 0x98, 0xbe, 0xf1, 0x46, 0x9b, 0xe7, 0x26, 0x98, 0x37, 0xa4, 0x5b,
@ -217,15 +219,15 @@ static_assert(sizeof(kInput) == sizeof(kOutput),
static bool TestChaCha20(size_t len) { static bool TestChaCha20(size_t len) {
std::unique_ptr<uint8_t[]> buf(new uint8_t[len]); std::unique_ptr<uint8_t[]> buf(new uint8_t[len]);
CRYPTO_chacha_20(buf.get(), kInput, len, kKey, kNonce, kCounter); CRYPTO_chacha_20(buf.get(), kInput, len, kKey, kNonce, kCounter);
if (memcmp(buf.get(), kOutput, len) != 0) { if (OPENSSL_memcmp(buf.get(), kOutput, len) != 0) {
fprintf(stderr, "Mismatch at length %zu.\n", len); fprintf(stderr, "Mismatch at length %zu.\n", len);
return false; return false;
} }
// Test in-place. // Test in-place.
memcpy(buf.get(), kInput, len); OPENSSL_memcpy(buf.get(), kInput, len);
CRYPTO_chacha_20(buf.get(), buf.get(), len, kKey, kNonce, kCounter); CRYPTO_chacha_20(buf.get(), buf.get(), len, kKey, kNonce, kCounter);
if (memcmp(buf.get(), kOutput, len) != 0) { if (OPENSSL_memcmp(buf.get(), kOutput, len) != 0) {
fprintf(stderr, "Mismatch at length %zu, in-place.\n", len); fprintf(stderr, "Mismatch at length %zu, in-place.\n", len);
return false; return false;
} }

6
crypto/cipher/aead.c
View File

@ -32,7 +32,7 @@ size_t EVP_AEAD_max_overhead(const EVP_AEAD *aead) { return aead->overhead; }
size_t EVP_AEAD_max_tag_len(const EVP_AEAD *aead) { return aead->max_tag_len; } size_t EVP_AEAD_max_tag_len(const EVP_AEAD *aead) { return aead->max_tag_len; }
void EVP_AEAD_CTX_zero(EVP_AEAD_CTX *ctx) { void EVP_AEAD_CTX_zero(EVP_AEAD_CTX *ctx) {
memset(ctx, 0, sizeof(EVP_AEAD_CTX)); OPENSSL_memset(ctx, 0, sizeof(EVP_AEAD_CTX));
} }
int EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead, int EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead,
@ -116,7 +116,7 @@ int EVP_AEAD_CTX_seal(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len,
error: error:
/* In the event of an error, clear the output buffer so that a caller /* In the event of an error, clear the output buffer so that a caller
* that doesn't check the return value doesn't send raw data. */ * that doesn't check the return value doesn't send raw data. */
memset(out, 0, max_out_len); OPENSSL_memset(out, 0, max_out_len);
*out_len = 0; *out_len = 0;
return 0; return 0;
} }
@ -139,7 +139,7 @@ error:
/* In the event of an error, clear the output buffer so that a caller /* In the event of an error, clear the output buffer so that a caller
* that doesn't check the return value doesn't try and process bad * that doesn't check the return value doesn't try and process bad
* data. */ * data. */
memset(out, 0, max_out_len); OPENSSL_memset(out, 0, max_out_len);
*out_len = 0; *out_len = 0;
return 0; return 0;
} }

19
crypto/cipher/aead_test.cc
View File

@ -21,6 +21,7 @@
#include <openssl/crypto.h> #include <openssl/crypto.h>
#include <openssl/err.h> #include <openssl/err.h>
#include "../internal.h"
#include "../test/file_test.h" #include "../test/file_test.h"
@ -86,8 +87,8 @@ static bool TestAEAD(FileTest *t, void *arg) {
} }
} else { } else {
out.resize(ct.size() + tag.size()); out.resize(ct.size() + tag.size());
memcpy(out.data(), ct.data(), ct.size()); OPENSSL_memcpy(out.data(), ct.data(), ct.size());
memcpy(out.data() + ct.size(), tag.data(), tag.size()); OPENSSL_memcpy(out.data() + ct.size(), tag.data(), tag.size());
} }
// The "stateful" AEADs for implementing pre-AEAD cipher suites need to be // The "stateful" AEADs for implementing pre-AEAD cipher suites need to be
@ -170,7 +171,7 @@ static int TestCleanupAfterInitFailure(const EVP_AEAD *aead) {
EVP_AEAD_CTX ctx; EVP_AEAD_CTX ctx;
uint8_t key[128]; uint8_t key[128];
memset(key, 0, sizeof(key)); OPENSSL_memset(key, 0, sizeof(key));
const size_t key_len = EVP_AEAD_key_length(aead); const size_t key_len = EVP_AEAD_key_length(aead);
if (key_len > sizeof(key)) { if (key_len > sizeof(key)) {
fprintf(stderr, "Key length of AEAD too long.\n"); fprintf(stderr, "Key length of AEAD too long.\n");
@ -239,7 +240,7 @@ static bool TestWithAliasedBuffers(const EVP_AEAD *aead) {
uint8_t *out1 = buffer.data(); uint8_t *out1 = buffer.data();
uint8_t *out2 = buffer.data() + 2; uint8_t *out2 = buffer.data() + 2;
memcpy(in, kPlaintext, sizeof(kPlaintext)); OPENSSL_memcpy(in, kPlaintext, sizeof(kPlaintext));
size_t out_len; size_t out_len;
if (EVP_AEAD_CTX_seal(ctx.get(), out1, &out_len, if (EVP_AEAD_CTX_seal(ctx.get(), out1, &out_len,
sizeof(kPlaintext) + max_overhead, nonce.data(), sizeof(kPlaintext) + max_overhead, nonce.data(),
@ -252,7 +253,7 @@ static bool TestWithAliasedBuffers(const EVP_AEAD *aead) {
} }
ERR_clear_error(); ERR_clear_error();
memcpy(in, valid_encryption.data(), valid_encryption_len); OPENSSL_memcpy(in, valid_encryption.data(), valid_encryption_len);
if (EVP_AEAD_CTX_open(ctx.get(), out1, &out_len, valid_encryption_len, if (EVP_AEAD_CTX_open(ctx.get(), out1, &out_len, valid_encryption_len,
nonce.data(), nonce_len, in, valid_encryption_len, nonce.data(), nonce_len, in, valid_encryption_len,
nullptr, 0) || nullptr, 0) ||
@ -265,7 +266,7 @@ static bool TestWithAliasedBuffers(const EVP_AEAD *aead) {
ERR_clear_error(); ERR_clear_error();
// Test with out == in, which we expect to work. // Test with out == in, which we expect to work.
memcpy(in, kPlaintext, sizeof(kPlaintext)); OPENSSL_memcpy(in, kPlaintext, sizeof(kPlaintext));
if (!EVP_AEAD_CTX_seal(ctx.get(), in, &out_len, if (!EVP_AEAD_CTX_seal(ctx.get(), in, &out_len,
sizeof(kPlaintext) + max_overhead, nonce.data(), sizeof(kPlaintext) + max_overhead, nonce.data(),
@ -275,12 +276,12 @@ static bool TestWithAliasedBuffers(const EVP_AEAD *aead) {
} }
if (out_len != valid_encryption_len || if (out_len != valid_encryption_len ||
memcmp(in, valid_encryption.data(), out_len) != 0) { OPENSSL_memcmp(in, valid_encryption.data(), out_len) != 0) {
fprintf(stderr, "EVP_AEAD_CTX_seal produced bad output in-place.\n"); fprintf(stderr, "EVP_AEAD_CTX_seal produced bad output in-place.\n");
return false; return false;
} }
memcpy(in, valid_encryption.data(), valid_encryption_len); OPENSSL_memcpy(in, valid_encryption.data(), valid_encryption_len);
if (!EVP_AEAD_CTX_open(ctx.get(), in, &out_len, valid_encryption_len, if (!EVP_AEAD_CTX_open(ctx.get(), in, &out_len, valid_encryption_len,
nonce.data(), nonce_len, in, valid_encryption_len, nonce.data(), nonce_len, in, valid_encryption_len,
nullptr, 0)) { nullptr, 0)) {
@ -289,7 +290,7 @@ static bool TestWithAliasedBuffers(const EVP_AEAD *aead) {
} }
if (out_len != sizeof(kPlaintext) || if (out_len != sizeof(kPlaintext) ||
memcmp(in, kPlaintext, out_len) != 0) { OPENSSL_memcmp(in, kPlaintext, out_len) != 0) {
fprintf(stderr, "EVP_AEAD_CTX_open produced bad output in-place.\n"); fprintf(stderr, "EVP_AEAD_CTX_open produced bad output in-place.\n");
return false; return false;
} }

25
crypto/cipher/cipher.c
View File

@ -64,6 +64,7 @@
#include <openssl/nid.h> #include <openssl/nid.h>
#include "internal.h" #include "internal.h"
#include "../internal.h"
const EVP_CIPHER *EVP_get_cipherbynid(int nid) { const EVP_CIPHER *EVP_get_cipherbynid(int nid) {
@ -88,7 +89,7 @@ const EVP_CIPHER *EVP_get_cipherbynid(int nid) {
} }
void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) { void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) {
memset(ctx, 0, sizeof(EVP_CIPHER_CTX)); OPENSSL_memset(ctx, 0, sizeof(EVP_CIPHER_CTX));
} }
EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) { EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) {
@ -108,7 +109,7 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) {
} }
OPENSSL_free(c->cipher_data); OPENSSL_free(c->cipher_data);
memset(c, 0, sizeof(EVP_CIPHER_CTX)); OPENSSL_memset(c, 0, sizeof(EVP_CIPHER_CTX));
return 1; return 1;
} }
@ -126,7 +127,7 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) {
} }
EVP_CIPHER_CTX_cleanup(out); EVP_CIPHER_CTX_cleanup(out);
memcpy(out, in, sizeof(EVP_CIPHER_CTX)); OPENSSL_memcpy(out, in, sizeof(EVP_CIPHER_CTX));
if (in->cipher_data && in->cipher->ctx_size) { if (in->cipher_data && in->cipher->ctx_size) {
out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size); out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
@ -134,7 +135,7 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) {
OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE); OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE);
return 0; return 0;
} }
memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size); OPENSSL_memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
} }
if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) { if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) {
@ -210,9 +211,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
case EVP_CIPH_CBC_MODE: case EVP_CIPH_CBC_MODE:
assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof(ctx->iv)); assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof(ctx->iv));
if (iv) { if (iv) {
memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); OPENSSL_memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
} }
memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); OPENSSL_memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
break; break;
case EVP_CIPH_CTR_MODE: case EVP_CIPH_CTR_MODE:
@ -220,7 +221,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
ctx->num = 0; ctx->num = 0;
/* Don't reuse IV for CTR mode */ /* Don't reuse IV for CTR mode */
if (iv) { if (iv) {
memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx)); OPENSSL_memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
} }
break; break;
@ -285,13 +286,13 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len,
assert(bl <= (int)sizeof(ctx->buf)); assert(bl <= (int)sizeof(ctx->buf));
if (i != 0) { if (i != 0) {
if (bl - i > in_len) { if (bl - i > in_len) {
memcpy(&ctx->buf[i], in, in_len); OPENSSL_memcpy(&ctx->buf[i], in, in_len);
ctx->buf_len += in_len; ctx->buf_len += in_len;
*out_len = 0; *out_len = 0;
return 1; return 1;
} else { } else {
j = bl - i; j = bl - i;
memcpy(&ctx->buf[i], in, j); OPENSSL_memcpy(&ctx->buf[i], in, j);
if (!ctx->cipher->cipher(ctx, out, ctx->buf, bl)) { if (!ctx->cipher->cipher(ctx, out, ctx->buf, bl)) {
return 0; return 0;
} }
@ -314,7 +315,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len,
} }
if (i != 0) { if (i != 0) {
memcpy(ctx->buf, &in[in_len], i); OPENSSL_memcpy(ctx->buf, &in[in_len], i);
} }
ctx->buf_len = i; ctx->buf_len = i;
return 1; return 1;
@ -393,7 +394,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len,
assert(b <= sizeof(ctx->final)); assert(b <= sizeof(ctx->final));
if (ctx->final_used) { if (ctx->final_used) {
memcpy(out, ctx->final, b); OPENSSL_memcpy(out, ctx->final, b);
out += b; out += b;
fix_len = 1; fix_len = 1;
} else { } else {
@ -409,7 +410,7 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len,
if (b > 1 && !ctx->buf_len) { if (b > 1 && !ctx->buf_len) {
*out_len -= b; *out_len -= b;
ctx->final_used = 1; ctx->final_used = 1;
memcpy(ctx->final, &out[*out_len], b); OPENSSL_memcpy(ctx->final, &out[*out_len], b);
} else { } else {
ctx->final_used = 0; ctx->final_used = 0;
} }

56
crypto/cipher/e_aes.c
View File

@ -479,7 +479,7 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
if (gctx->key_set) { if (gctx->key_set) {
CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, iv, gctx->ivlen); CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, iv, gctx->ivlen);
} else { } else {
memcpy(gctx->iv, iv, gctx->ivlen); OPENSSL_memcpy(gctx->iv, iv, gctx->ivlen);
} }
gctx->iv_set = 1; gctx->iv_set = 1;
gctx->iv_gen = 0; gctx->iv_gen = 0;
@ -545,7 +545,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) {
if (arg <= 0 || arg > 16 || c->encrypt) { if (arg <= 0 || arg > 16 || c->encrypt) {
return 0; return 0;
} }
memcpy(c->buf, ptr, arg); OPENSSL_memcpy(c->buf, ptr, arg);
gctx->taglen = arg; gctx->taglen = arg;
return 1; return 1;
@ -553,13 +553,13 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) {
if (arg <= 0 || arg > 16 || !c->encrypt || gctx->taglen < 0) { if (arg <= 0 || arg > 16 || !c->encrypt || gctx->taglen < 0) {
return 0; return 0;
} }
memcpy(ptr, c->buf, arg); OPENSSL_memcpy(ptr, c->buf, arg);
return 1; return 1;
case EVP_CTRL_GCM_SET_IV_FIXED: case EVP_CTRL_GCM_SET_IV_FIXED:
/* Special case: -1 length restores whole IV */ /* Special case: -1 length restores whole IV */
if (arg == -1) { if (arg == -1) {
memcpy(gctx->iv, ptr, gctx->ivlen); OPENSSL_memcpy(gctx->iv, ptr, gctx->ivlen);
gctx->iv_gen = 1; gctx->iv_gen = 1;
return 1; return 1;
} }
@ -569,7 +569,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) {
return 0; return 0;
} }
if (arg) { if (arg) {
memcpy(gctx->iv, ptr, arg); OPENSSL_memcpy(gctx->iv, ptr, arg);
} }
if (c->encrypt && !RAND_bytes(gctx->iv + arg, gctx->ivlen - arg)) { if (c->encrypt && !RAND_bytes(gctx->iv + arg, gctx->ivlen - arg)) {
return 0; return 0;
@ -585,7 +585,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) {
if (arg <= 0 || arg > gctx->ivlen) { if (arg <= 0 || arg > gctx->ivlen) {
arg = gctx->ivlen; arg = gctx->ivlen;
} }
memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg); OPENSSL_memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg);
/* Invocation field will be at least 8 bytes in size and /* Invocation field will be at least 8 bytes in size and
* so no need to check wrap around or increment more than * so no need to check wrap around or increment more than
* last 8 bytes. */ * last 8 bytes. */
@ -597,7 +597,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) {
if (gctx->iv_gen == 0 || gctx->key_set == 0 || c->encrypt) { if (gctx->iv_gen == 0 || gctx->key_set == 0 || c->encrypt) {
return 0; return 0;
} }
memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg); OPENSSL_memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, gctx->iv, gctx->ivlen); CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, gctx->iv, gctx->ivlen);
gctx->iv_set = 1; gctx->iv_set = 1;
return 1; return 1;
@ -612,7 +612,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) {
if (!gctx_out->iv) { if (!gctx_out->iv) {
return 0; return 0;
} }
memcpy(gctx_out->iv, gctx->iv, gctx->ivlen); OPENSSL_memcpy(gctx_out->iv, gctx->iv, gctx->ivlen);
} }
return 1; return 1;
} }
@ -860,7 +860,7 @@ static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
if (gctx->key_set) { if (gctx->key_set) {
CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, iv, gctx->ivlen); CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, iv, gctx->ivlen);
} else { } else {
memcpy(gctx->iv, iv, gctx->ivlen); OPENSSL_memcpy(gctx->iv, iv, gctx->ivlen);
} }
gctx->iv_set = 1; gctx->iv_set = 1;
gctx->iv_gen = 0; gctx->iv_gen = 0;
@ -1073,7 +1073,7 @@ static int aead_aes_gcm_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,
const AES_KEY *key = &gcm_ctx->ks.ks; const AES_KEY *key = &gcm_ctx->ks.ks;
memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm)); OPENSSL_memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm));
CRYPTO_gcm128_setiv(&gcm, key, nonce, nonce_len); CRYPTO_gcm128_setiv(&gcm, key, nonce, nonce_len);
if (ad_len > 0 && !CRYPTO_gcm128_aad(&gcm, ad, ad_len)) { if (ad_len > 0 && !CRYPTO_gcm128_aad(&gcm, ad, ad_len)) {
@ -1120,7 +1120,7 @@ static int aead_aes_gcm_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
const AES_KEY *key = &gcm_ctx->ks.ks; const AES_KEY *key = &gcm_ctx->ks.ks;
memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm)); OPENSSL_memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm));
CRYPTO_gcm128_setiv(&gcm, key, nonce, nonce_len); CRYPTO_gcm128_setiv(&gcm, key, nonce, nonce_len);
if (!CRYPTO_gcm128_aad(&gcm, ad, ad_len)) { if (!CRYPTO_gcm128_aad(&gcm, ad, ad_len)) {
@ -1198,8 +1198,8 @@ static void hmac_init(SHA256_CTX *out_inner, SHA256_CTX *out_outer,
const uint8_t hmac_key[32]) { const uint8_t hmac_key[32]) {
static const size_t hmac_key_len = 32; static const size_t hmac_key_len = 32;
uint8_t block[SHA256_CBLOCK]; uint8_t block[SHA256_CBLOCK];
memcpy(block, hmac_key, hmac_key_len); OPENSSL_memcpy(block, hmac_key, hmac_key_len);
memset(block + hmac_key_len, 0x36, sizeof(block) - hmac_key_len); OPENSSL_memset(block + hmac_key_len, 0x36, sizeof(block) - hmac_key_len);
unsigned i; unsigned i;
for (i = 0; i < hmac_key_len; i++) { for (i = 0; i < hmac_key_len; i++) {
@ -1209,7 +1209,7 @@ static void hmac_init(SHA256_CTX *out_inner, SHA256_CTX *out_outer,
SHA256_Init(out_inner); SHA256_Init(out_inner);
SHA256_Update(out_inner, block, sizeof(block)); SHA256_Update(out_inner, block, sizeof(block));
memset(block + hmac_key_len, 0x5c, sizeof(block) - hmac_key_len); OPENSSL_memset(block + hmac_key_len, 0x5c, sizeof(block) - hmac_key_len);
for (i = 0; i < hmac_key_len; i++) { for (i = 0; i < hmac_key_len; i++) {
block[i] ^= (0x36 ^ 0x5c); block[i] ^= (0x36 ^ 0x5c);
} }
@ -1284,7 +1284,7 @@ static void hmac_calculate(uint8_t out[SHA256_DIGEST_LENGTH],
const uint8_t *nonce, const uint8_t *ciphertext, const uint8_t *nonce, const uint8_t *ciphertext,
size_t ciphertext_len) { size_t ciphertext_len) {
SHA256_CTX sha256; SHA256_CTX sha256;
memcpy(&sha256, inner_init_state, sizeof(sha256)); OPENSSL_memcpy(&sha256, inner_init_state, sizeof(sha256));
hmac_update_uint64(&sha256, ad_len); hmac_update_uint64(&sha256, ad_len);
hmac_update_uint64(&sha256, ciphertext_len); hmac_update_uint64(&sha256, ciphertext_len);
SHA256_Update(&sha256, nonce, EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN); SHA256_Update(&sha256, nonce, EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN);
@ -1297,7 +1297,7 @@ static void hmac_calculate(uint8_t out[SHA256_DIGEST_LENGTH],
SHA256_CBLOCK)) % SHA256_CBLOCK)) %
SHA256_CBLOCK; SHA256_CBLOCK;
uint8_t padding[SHA256_CBLOCK]; uint8_t padding[SHA256_CBLOCK];
memset(padding, 0, num_padding); OPENSSL_memset(padding, 0, num_padding);
SHA256_Update(&sha256, padding, num_padding); SHA256_Update(&sha256, padding, num_padding);
SHA256_Update(&sha256, ciphertext, ciphertext_len); SHA256_Update(&sha256, ciphertext, ciphertext_len);
@ -1305,7 +1305,7 @@ static void hmac_calculate(uint8_t out[SHA256_DIGEST_LENGTH],
uint8_t inner_digest[SHA256_DIGEST_LENGTH]; uint8_t inner_digest[SHA256_DIGEST_LENGTH];
SHA256_Final(inner_digest, &sha256); SHA256_Final(inner_digest, &sha256);
memcpy(&sha256, outer_init_state, sizeof(sha256)); OPENSSL_memcpy(&sha256, outer_init_state, sizeof(sha256));
SHA256_Update(&sha256, inner_digest, sizeof(inner_digest)); SHA256_Update(&sha256, inner_digest, sizeof(inner_digest));
SHA256_Final(out, &sha256); SHA256_Final(out, &sha256);
} }
@ -1317,11 +1317,11 @@ static void aead_aes_ctr_hmac_sha256_crypt(
* bytes is pointless. However, |CRYPTO_ctr128_encrypt| requires it. */ * bytes is pointless. However, |CRYPTO_ctr128_encrypt| requires it. */
uint8_t partial_block_buffer[AES_BLOCK_SIZE]; uint8_t partial_block_buffer[AES_BLOCK_SIZE];
unsigned partial_block_offset = 0; unsigned partial_block_offset = 0;
memset(partial_block_buffer, 0, sizeof(partial_block_buffer)); OPENSSL_memset(partial_block_buffer, 0, sizeof(partial_block_buffer));
uint8_t counter[AES_BLOCK_SIZE]; uint8_t counter[AES_BLOCK_SIZE];
memcpy(counter, nonce, EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN); OPENSSL_memcpy(counter, nonce, EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN);
memset(counter + EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN, 0, 4); OPENSSL_memset(counter + EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN, 0, 4);
if (aes_ctx->ctr) { if (aes_ctx->ctr) {
CRYPTO_ctr128_encrypt_ctr32(in, out, len, &aes_ctx->ks.ks, counter, CRYPTO_ctr128_encrypt_ctr32(in, out, len, &aes_ctx->ks.ks, counter,
@ -1364,7 +1364,7 @@ static int aead_aes_ctr_hmac_sha256_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,
uint8_t hmac_result[SHA256_DIGEST_LENGTH]; uint8_t hmac_result[SHA256_DIGEST_LENGTH];
hmac_calculate(hmac_result, &aes_ctx->inner_init_state, hmac_calculate(hmac_result, &aes_ctx->inner_init_state,
&aes_ctx->outer_init_state, ad, ad_len, nonce, out, in_len); &aes_ctx->outer_init_state, ad, ad_len, nonce, out, in_len);
memcpy(out + in_len, hmac_result, aes_ctx->tag_len); OPENSSL_memcpy(out + in_len, hmac_result, aes_ctx->tag_len);
*out_len = in_len + aes_ctx->tag_len; *out_len = in_len + aes_ctx->tag_len;
return 1; return 1;
@ -1482,7 +1482,7 @@ static int aead_aes_gcm_siv_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
if (gcm_siv_ctx == NULL) { if (gcm_siv_ctx == NULL) {
return 0; return 0;
} }
memset(gcm_siv_ctx, 0, sizeof(struct aead_aes_gcm_siv_ctx)); OPENSSL_memset(gcm_siv_ctx, 0, sizeof(struct aead_aes_gcm_siv_ctx));
if (aesni_capable()) { if (aesni_capable()) {
aesni_set_encrypt_key(key, key_len * 8, &gcm_siv_ctx->ks.ks); aesni_set_encrypt_key(key, key_len * 8, &gcm_siv_ctx->ks.ks);
@ -1525,7 +1525,7 @@ static void gcm_siv_crypt(uint8_t *out, const uint8_t *in, size_t in_len,
uint8_t c[16]; uint8_t c[16];
} counter; } counter;
memcpy(counter.c, initial_counter, AES_BLOCK_SIZE); OPENSSL_memcpy(counter.c, initial_counter, AES_BLOCK_SIZE);
counter.c[15] |= 0x80; counter.c[15] |= 0x80;
for (size_t done = 0; done < in_len;) { for (size_t done = 0; done < in_len;) {
@ -1558,15 +1558,15 @@ static void gcm_siv_polyval(uint8_t out_tag[16], const uint8_t *in,
uint8_t scratch[16]; uint8_t scratch[16];
if (ad_len & 15) { if (ad_len & 15) {
memset(scratch, 0, sizeof(scratch)); OPENSSL_memset(scratch, 0, sizeof(scratch));
memcpy(scratch, &ad[ad_len & ~15], ad_len & 15); OPENSSL_memcpy(scratch, &ad[ad_len & ~15], ad_len & 15);
CRYPTO_POLYVAL_update_blocks(&polyval_ctx, scratch, sizeof(scratch)); CRYPTO_POLYVAL_update_blocks(&polyval_ctx, scratch, sizeof(scratch));
} }
CRYPTO_POLYVAL_update_blocks(&polyval_ctx, in, in_len & ~15); CRYPTO_POLYVAL_update_blocks(&polyval_ctx, in, in_len & ~15);
if (in_len & 15) { if (in_len & 15) {
memset(scratch, 0, sizeof(scratch)); OPENSSL_memset(scratch, 0, sizeof(scratch));
memcpy(scratch, &in[in_len & ~15], in_len & 15); OPENSSL_memcpy(scratch, &in[in_len & ~15], in_len & 15);
CRYPTO_POLYVAL_update_blocks(&polyval_ctx, scratch, sizeof(scratch)); CRYPTO_POLYVAL_update_blocks(&polyval_ctx, scratch, sizeof(scratch));
} }
@ -1655,7 +1655,7 @@ static int aead_aes_gcm_siv_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,
gcm_siv_crypt(out, in, in_len, tag, keys.enc_block, &keys.enc_key.ks); gcm_siv_crypt(out, in, in_len, tag, keys.enc_block, &keys.enc_key.ks);
memcpy(&out[in_len], tag, EVP_AEAD_AES_GCM_SIV_TAG_LEN); OPENSSL_memcpy(&out[in_len], tag, EVP_AEAD_AES_GCM_SIV_TAG_LEN);
*out_len = in_len + EVP_AEAD_AES_GCM_SIV_TAG_LEN; *out_len = in_len + EVP_AEAD_AES_GCM_SIV_TAG_LEN;
return 1; return 1;

14
crypto/cipher/e_chacha20poly1305.c
View File

@ -55,7 +55,7 @@ static int aead_chacha20_poly1305_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
return 0; return 0;
} }
memcpy(c20_ctx->key, key, key_len); OPENSSL_memcpy(c20_ctx->key, key, key_len);
c20_ctx->tag_len = tag_len; c20_ctx->tag_len = tag_len;
ctx->aead_state = c20_ctx; ctx->aead_state = c20_ctx;
@ -94,7 +94,7 @@ static void aead_poly1305(aead_poly1305_update update,
size_t ad_len, const uint8_t *ciphertext, size_t ad_len, const uint8_t *ciphertext,
size_t ciphertext_len) { size_t ciphertext_len) {
alignas(16) uint8_t poly1305_key[32]; alignas(16) uint8_t poly1305_key[32];
memset(poly1305_key, 0, sizeof(poly1305_key)); OPENSSL_memset(poly1305_key, 0, sizeof(poly1305_key));
CRYPTO_chacha_20(poly1305_key, poly1305_key, sizeof(poly1305_key), CRYPTO_chacha_20(poly1305_key, poly1305_key, sizeof(poly1305_key),
c20_ctx->key, nonce, 0); c20_ctx->key, nonce, 0);
poly1305_state ctx; poly1305_state ctx;
@ -137,7 +137,7 @@ static int seal_impl(aead_poly1305_update poly1305_update,
alignas(16) uint8_t tag[POLY1305_TAG_LEN]; alignas(16) uint8_t tag[POLY1305_TAG_LEN];
aead_poly1305(poly1305_update, tag, c20_ctx, nonce, ad, ad_len, out, in_len); aead_poly1305(poly1305_update, tag, c20_ctx, nonce, ad, ad_len, out, in_len);
memcpy(out + in_len, tag, c20_ctx->tag_len); OPENSSL_memcpy(out + in_len, tag, c20_ctx->tag_len);
*out_len = in_len + c20_ctx->tag_len; *out_len = in_len + c20_ctx->tag_len;
return 1; return 1;
} }
@ -261,8 +261,8 @@ static int aead_chacha20_poly1305_old_seal(
return 0; return 0;
} }
uint8_t nonce_96[12]; uint8_t nonce_96[12];
memset(nonce_96, 0, 4); OPENSSL_memset(nonce_96, 0, 4);
memcpy(nonce_96 + 4, nonce, 8); OPENSSL_memcpy(nonce_96 + 4, nonce, 8);
return seal_impl(poly1305_update_old, ctx, out, out_len, max_out_len, return seal_impl(poly1305_update_old, ctx, out, out_len, max_out_len,
nonce_96, in, in_len, ad, ad_len); nonce_96, in, in_len, ad, ad_len);
} }
@ -276,8 +276,8 @@ static int aead_chacha20_poly1305_old_open(
return 0; return 0;
} }
uint8_t nonce_96[12]; uint8_t nonce_96[12];
memset(nonce_96, 0, 4); OPENSSL_memset(nonce_96, 0, 4);
memcpy(nonce_96 + 4, nonce, 8); OPENSSL_memcpy(nonce_96 + 4, nonce, 8);
return open_impl(poly1305_update_old, ctx, out, out_len, max_out_len, return open_impl(poly1305_update_old, ctx, out, out_len, max_out_len,
nonce_96, in, in_len, ad, ad_len); nonce_96, in, in_len, ad, ad_len);
} }

3
crypto/cipher/e_null.c
View File

@ -60,6 +60,7 @@
#include <openssl/nid.h> #include <openssl/nid.h>
#include "../internal.h"
#include "internal.h" #include "internal.h"
@ -71,7 +72,7 @@ static int null_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
static int null_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, static int null_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out,
const uint8_t *in, size_t in_len) { const uint8_t *in, size_t in_len) {
if (in != out) { if (in != out) {
memcpy(out, in, in_len); OPENSSL_memcpy(out, in, in_len);
} }
return 1; return 1;
} }

7
crypto/cipher/e_ssl3.c
View File

@ -25,6 +25,7 @@
#include <openssl/sha.h> #include <openssl/sha.h>
#include "internal.h" #include "internal.h"
#include "../internal.h"
typedef struct { typedef struct {
@ -49,7 +50,7 @@ static int ssl3_mac(AEAD_SSL3_CTX *ssl3_ctx, uint8_t *out, unsigned *out_len,
uint8_t pad[48]; uint8_t pad[48];
uint8_t tmp[EVP_MAX_MD_SIZE]; uint8_t tmp[EVP_MAX_MD_SIZE];
memset(pad, 0x36, pad_len); OPENSSL_memset(pad, 0x36, pad_len);
if (!EVP_MD_CTX_copy_ex(&md_ctx, &ssl3_ctx->md_ctx) || if (!EVP_MD_CTX_copy_ex(&md_ctx, &ssl3_ctx->md_ctx) ||
!EVP_DigestUpdate(&md_ctx, pad, pad_len) || !EVP_DigestUpdate(&md_ctx, pad, pad_len) ||
!EVP_DigestUpdate(&md_ctx, ad, ad_len) || !EVP_DigestUpdate(&md_ctx, ad, ad_len) ||
@ -60,7 +61,7 @@ static int ssl3_mac(AEAD_SSL3_CTX *ssl3_ctx, uint8_t *out, unsigned *out_len,
return 0; return 0;
} }
memset(pad, 0x5c, pad_len); OPENSSL_memset(pad, 0x5c, pad_len);
if (!EVP_MD_CTX_copy_ex(&md_ctx, &ssl3_ctx->md_ctx) || if (!EVP_MD_CTX_copy_ex(&md_ctx, &ssl3_ctx->md_ctx) ||
!EVP_DigestUpdate(&md_ctx, pad, pad_len) || !EVP_DigestUpdate(&md_ctx, pad, pad_len) ||
!EVP_DigestUpdate(&md_ctx, tmp, md_size) || !EVP_DigestUpdate(&md_ctx, tmp, md_size) ||
@ -188,7 +189,7 @@ static int aead_ssl3_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,
/* Compute padding and feed that into the cipher. */ /* Compute padding and feed that into the cipher. */
uint8_t padding[256]; uint8_t padding[256];
unsigned padding_len = block_size - ((in_len + mac_len) % block_size); unsigned padding_len = block_size - ((in_len + mac_len) % block_size);
memset(padding, 0, padding_len - 1); OPENSSL_memset(padding, 0, padding_len - 1);
padding[padding_len - 1] = padding_len - 1; padding[padding_len - 1] = padding_len - 1;
if (!EVP_EncryptUpdate(&ssl3_ctx->cipher_ctx, out + total, &len, padding, if (!EVP_EncryptUpdate(&ssl3_ctx->cipher_ctx, out + total, &len, padding,
(int)padding_len)) { (int)padding_len)) {

6
crypto/cipher/e_tls.c
View File

@ -80,7 +80,7 @@ static int aead_tls_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len,
EVP_CIPHER_CTX_init(&tls_ctx->cipher_ctx); EVP_CIPHER_CTX_init(&tls_ctx->cipher_ctx);
HMAC_CTX_init(&tls_ctx->hmac_ctx); HMAC_CTX_init(&tls_ctx->hmac_ctx);
assert(mac_key_len <= EVP_MAX_MD_SIZE); assert(mac_key_len <= EVP_MAX_MD_SIZE);
memcpy(tls_ctx->mac_key, key, mac_key_len); OPENSSL_memcpy(tls_ctx->mac_key, key, mac_key_len);
tls_ctx->mac_key_len = (uint8_t)mac_key_len; tls_ctx->mac_key_len = (uint8_t)mac_key_len;
tls_ctx->implicit_iv = implicit_iv; tls_ctx->implicit_iv = implicit_iv;
@ -182,7 +182,7 @@ static int aead_tls_seal(const EVP_AEAD_CTX *ctx, uint8_t *out,
/* Compute padding and feed that into the cipher. */ /* Compute padding and feed that into the cipher. */
uint8_t padding[256]; uint8_t padding[256];
unsigned padding_len = block_size - ((in_len + mac_len) % block_size); unsigned padding_len = block_size - ((in_len + mac_len) % block_size);
memset(padding, padding_len - 1, padding_len); OPENSSL_memset(padding, padding_len - 1, padding_len);
if (!EVP_EncryptUpdate(&tls_ctx->cipher_ctx, out + total, &len, padding, if (!EVP_EncryptUpdate(&tls_ctx->cipher_ctx, out + total, &len, padding,
(int)padding_len)) { (int)padding_len)) {
return 0; return 0;
@ -288,7 +288,7 @@ static int aead_tls_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
/* To allow for CBC mode which changes cipher length, |ad| doesn't include the /* To allow for CBC mode which changes cipher length, |ad| doesn't include the
* length for legacy ciphers. */ * length for legacy ciphers. */
uint8_t ad_fixed[13]; uint8_t ad_fixed[13];
memcpy(ad_fixed, ad, 11); OPENSSL_memcpy(ad_fixed, ad, 11);
ad_fixed[11] = (uint8_t)(data_len >> 8); ad_fixed[11] = (uint8_t)(data_len >> 8);
ad_fixed[12] = (uint8_t)(data_len & 0xff); ad_fixed[12] = (uint8_t)(data_len & 0xff);
ad_len += 2; ad_len += 2;

16
crypto/cipher/tls_cbc.c
View File

@ -148,7 +148,7 @@ void EVP_tls_cbc_copy_mac(uint8_t *out, unsigned md_size,
unsigned rotate_offset = 0; unsigned rotate_offset = 0;
uint8_t mac_started = 0; uint8_t mac_started = 0;
memset(rotated_mac, 0, md_size); OPENSSL_memset(rotated_mac, 0, md_size);
for (unsigned i = scan_start, j = 0; i < orig_len; i++, j++) { for (unsigned i = scan_start, j = 0; i < orig_len; i++, j++) {
if (j >= md_size) { if (j >= md_size) {
j -= md_size; j -= md_size;
@ -184,7 +184,7 @@ void EVP_tls_cbc_copy_mac(uint8_t *out, unsigned md_size,
rotated_mac_tmp = tmp; rotated_mac_tmp = tmp;
} }
memcpy(out, rotated_mac, md_size); OPENSSL_memcpy(out, rotated_mac, md_size);
} }
/* u32toBE serialises an unsigned, 32-bit number (n) as four bytes at (p) in /* u32toBE serialises an unsigned, 32-bit number (n) as four bytes at (p) in
@ -382,16 +382,16 @@ int EVP_tls_cbc_digest_record(const EVP_MD *md, uint8_t *md_out,
/* Compute the initial HMAC block. */ /* Compute the initial HMAC block. */
bits += 8 * md_block_size; bits += 8 * md_block_size;
memset(hmac_pad, 0, md_block_size); OPENSSL_memset(hmac_pad, 0, md_block_size);
assert(mac_secret_length <= sizeof(hmac_pad)); assert(mac_secret_length <= sizeof(hmac_pad));
memcpy(hmac_pad, mac_secret, mac_secret_length); OPENSSL_memcpy(hmac_pad, mac_secret, mac_secret_length);
for (i = 0; i < md_block_size; i++) { for (i = 0; i < md_block_size; i++) {
hmac_pad[i] ^= 0x36; hmac_pad[i] ^= 0x36;
} }
md_transform(md_state.c, hmac_pad); md_transform(md_state.c, hmac_pad);
memset(length_bytes, 0, md_length_size - 4); OPENSSL_memset(length_bytes, 0, md_length_size - 4);
length_bytes[md_length_size - 4] = (uint8_t)(bits >> 24); length_bytes[md_length_size - 4] = (uint8_t)(bits >> 24);
length_bytes[md_length_size - 3] = (uint8_t)(bits >> 16); length_bytes[md_length_size - 3] = (uint8_t)(bits >> 16);
length_bytes[md_length_size - 2] = (uint8_t)(bits >> 8); length_bytes[md_length_size - 2] = (uint8_t)(bits >> 8);
@ -399,15 +399,15 @@ int EVP_tls_cbc_digest_record(const EVP_MD *md, uint8_t *md_out,
if (k > 0) { if (k > 0) {
/* k is a multiple of md_block_size. */ /* k is a multiple of md_block_size. */
memcpy(first_block, header, 13); OPENSSL_memcpy(first_block, header, 13);
memcpy(first_block + 13, data, md_block_size - 13); OPENSSL_memcpy(first_block + 13, data, md_block_size - 13);
md_transform(md_state.c, first_block); md_transform(md_state.c, first_block);
for (i = 1; i < k / md_block_size; i++) { for (i = 1; i < k / md_block_size; i++) {
md_transform(md_state.c, data + md_block_size * i - 13); md_transform(md_state.c, data + md_block_size * i - 13);
} }
} }
memset(mac_out, 0, sizeof(mac_out)); OPENSSL_memset(mac_out, 0, sizeof(mac_out));
/* We now process the final hash blocks. For each block, we construct /* We now process the final hash blocks. For each block, we construct
* it in constant time. If the |i==index_a| then we'll include the 0x80 * it in constant time. If the |i==index_a| then we'll include the 0x80

10
crypto/cmac/cmac.c
View File

@ -55,6 +55,8 @@
#include <openssl/cipher.h> #include <openssl/cipher.h>
#include <openssl/mem.h> #include <openssl/mem.h>
#include "../internal.h"
struct cmac_ctx_st { struct cmac_ctx_st {
EVP_CIPHER_CTX cipher_ctx; EVP_CIPHER_CTX cipher_ctx;
@ -176,7 +178,7 @@ int CMAC_Update(CMAC_CTX *ctx, const uint8_t *in, size_t in_len) {
todo = in_len; todo = in_len;
} }
memcpy(ctx->block + ctx->block_used, in, todo); OPENSSL_memcpy(ctx->block + ctx->block_used, in, todo);
in += todo; in += todo;
in_len -= todo; in_len -= todo;
ctx->block_used += todo; ctx->block_used += todo;
@ -206,7 +208,7 @@ int CMAC_Update(CMAC_CTX *ctx, const uint8_t *in, size_t in_len) {
in_len -= AES_BLOCK_SIZE; in_len -= AES_BLOCK_SIZE;
} }
memcpy(ctx->block, in, in_len); OPENSSL_memcpy(ctx->block, in, in_len);
ctx->block_used = in_len; ctx->block_used = in_len;
return 1; return 1;
@ -224,8 +226,8 @@ int CMAC_Final(CMAC_CTX *ctx, uint8_t *out, size_t *out_len) {
/* If the last block is incomplete, terminate it with a single 'one' bit /* If the last block is incomplete, terminate it with a single 'one' bit
* followed by zeros. */ * followed by zeros. */
ctx->block[ctx->block_used] = 0x80; ctx->block[ctx->block_used] = 0x80;
memset(ctx->block + ctx->block_used + 1, 0, OPENSSL_memset(ctx->block + ctx->block_used + 1, 0,
AES_BLOCK_SIZE - (ctx->block_used + 1)); AES_BLOCK_SIZE - (ctx->block_used + 1));
mask = ctx->k2; mask = ctx->k2;
} }

7
crypto/conf/conf.c
View File

@ -66,6 +66,7 @@
#include "conf_def.h" #include "conf_def.h"
#include "internal.h" #include "internal.h"
#include "../internal.h"
static uint32_t conf_value_hash(const CONF_VALUE *v) { static uint32_t conf_value_hash(const CONF_VALUE *v) {
@ -118,7 +119,7 @@ CONF_VALUE *CONF_VALUE_new(void) {
OPENSSL_PUT_ERROR(CONF, ERR_R_MALLOC_FAILURE); OPENSSL_PUT_ERROR(CONF, ERR_R_MALLOC_FAILURE);
return NULL; return NULL;
} }
memset(v, 0, sizeof(CONF_VALUE)); OPENSSL_memset(v, 0, sizeof(CONF_VALUE));
return v; return v;
} }
@ -353,7 +354,7 @@ err:
static CONF_VALUE *get_section(const CONF *conf, const char *section) { static CONF_VALUE *get_section(const CONF *conf, const char *section) {
CONF_VALUE template; CONF_VALUE template;
memset(&template, 0, sizeof(template)); OPENSSL_memset(&template, 0, sizeof(template));
template.section = (char *) section; template.section = (char *) section;
return lh_CONF_VALUE_retrieve(conf->data, &template); return lh_CONF_VALUE_retrieve(conf->data, &template);
} }
@ -370,7 +371,7 @@ const char *NCONF_get_string(const CONF *conf, const char *section,
const char *name) { const char *name) {
CONF_VALUE template, *value; CONF_VALUE template, *value;
memset(&template, 0, sizeof(template)); OPENSSL_memset(&template, 0, sizeof(template));
template.section = (char *) section; template.section = (char *) section;
template.name = (char *) name; template.name = (char *) name;
value = lh_CONF_VALUE_retrieve(conf->data, &template); value = lh_CONF_VALUE_retrieve(conf->data, &template);

4
crypto/cpu-arm-linux.c
View File

@ -161,7 +161,7 @@ typedef struct {
static int STRING_PIECE_equals(const STRING_PIECE *a, const char *b) { static int STRING_PIECE_equals(const STRING_PIECE *a, const char *b) {
size_t b_len = strlen(b); size_t b_len = strlen(b);
return a->len == b_len && memcmp(a->data, b, b_len) == 0; return a->len == b_len && OPENSSL_memcmp(a->data, b, b_len) == 0;
} }
/* STRING_PIECE_split finds the first occurence of |sep| in |in| and, if found, /* STRING_PIECE_split finds the first occurence of |sep| in |in| and, if found,
@ -169,7 +169,7 @@ static int STRING_PIECE_equals(const STRING_PIECE *a, const char *b) {
* returns one if |sep| was found and zero otherwise. */ * returns one if |sep| was found and zero otherwise. */
static int STRING_PIECE_split(STRING_PIECE *out_left, STRING_PIECE *out_right, static int STRING_PIECE_split(STRING_PIECE *out_left, STRING_PIECE *out_right,
const STRING_PIECE *in, char sep) { const STRING_PIECE *in, char sep) {
const char *p = memchr(in->data, sep, in->len); const char *p = OPENSSL_memchr(in->data, sep, in->len);
if (p == NULL) { if (p == NULL) {
return 0; return 0;
} }

21
crypto/curve25519/curve25519.c
View File

@ -29,6 +29,7 @@
#include <openssl/sha.h> #include <openssl/sha.h>
#include "internal.h" #include "internal.h"
#include "../internal.h"
static const int64_t kBottom25Bits = INT64_C(0x1ffffff); static const int64_t kBottom25Bits = INT64_C(0x1ffffff);
@ -204,15 +205,15 @@ static void fe_tobytes(uint8_t *s, const fe h) {
/* h = f */ /* h = f */
static void fe_copy(fe h, const fe f) { static void fe_copy(fe h, const fe f) {
memmove(h, f, sizeof(int32_t) * 10); OPENSSL_memmove(h, f, sizeof(int32_t) * 10);
} }
/* h = 0 */ /* h = 0 */
static void fe_0(fe h) { memset(h, 0, sizeof(int32_t) * 10); } static void fe_0(fe h) { OPENSSL_memset(h, 0, sizeof(int32_t) * 10); }
/* h = 1 */ /* h = 1 */
static void fe_1(fe h) { static void fe_1(fe h) {
memset(h, 0, sizeof(int32_t) * 10); OPENSSL_memset(h, 0, sizeof(int32_t) * 10);
h[0] = 1; h[0] = 1;
} }
@ -4662,11 +4663,11 @@ int ED25519_verify(const uint8_t *message, size_t message_len,
fe_neg(A.T, A.T); fe_neg(A.T, A.T);
uint8_t pkcopy[32]; uint8_t pkcopy[32];
memcpy(pkcopy, public_key, 32); OPENSSL_memcpy(pkcopy, public_key, 32);
uint8_t rcopy[32]; uint8_t rcopy[32];
memcpy(rcopy, signature, 32); OPENSSL_memcpy(rcopy, signature, 32);
uint8_t scopy[32]; uint8_t scopy[32];
memcpy(scopy, signature + 32, 32); OPENSSL_memcpy(scopy, signature + 32, 32);
SHA512_CTX hash_ctx; SHA512_CTX hash_ctx;
SHA512_Init(&hash_ctx); SHA512_Init(&hash_ctx);
@ -4701,8 +4702,8 @@ void ED25519_keypair_from_seed(uint8_t out_public_key[32],
x25519_ge_scalarmult_base(&A, az); x25519_ge_scalarmult_base(&A, az);
ge_p3_tobytes(out_public_key, &A); ge_p3_tobytes(out_public_key, &A);
memcpy(out_private_key, seed, 32); OPENSSL_memcpy(out_private_key, seed, 32);
memcpy(out_private_key + 32, out_public_key, 32); OPENSSL_memcpy(out_private_key + 32, out_public_key, 32);
} }
@ -4800,7 +4801,7 @@ static void x25519_scalar_mult_generic(uint8_t out[32],
fe x1, x2, z2, x3, z3, tmp0, tmp1; fe x1, x2, z2, x3, z3, tmp0, tmp1;
uint8_t e[32]; uint8_t e[32];
memcpy(e, scalar, 32); OPENSSL_memcpy(e, scalar, 32);
e[0] &= 248; e[0] &= 248;
e[31] &= 127; e[31] &= 127;
e[31] |= 64; e[31] |= 64;
@ -4916,7 +4917,7 @@ void X25519_public_from_private(uint8_t out_public_value[32],
#endif #endif
uint8_t e[32]; uint8_t e[32];
memcpy(e, private_key, 32); OPENSSL_memcpy(e, private_key, 32);
e[0] &= 248; e[0] &= 248;
e[31] &= 127; e[31] &= 127;
e[31] |= 64; e[31] |= 64;

7
crypto/curve25519/ed25519_test.cc
View File

@ -17,6 +17,7 @@
#include <openssl/curve25519.h> #include <openssl/curve25519.h>
#include "../internal.h"
#include "../test/file_test.h" #include "../test/file_test.h"
@ -58,13 +59,13 @@ static bool TestKeypairFromSeed() {
ED25519_keypair(public_key1, private_key1); ED25519_keypair(public_key1, private_key1);
uint8_t seed[32]; uint8_t seed[32];
memcpy(seed, private_key1, sizeof(seed)); OPENSSL_memcpy(seed, private_key1, sizeof(seed));
uint8_t public_key2[32], private_key2[64]; uint8_t public_key2[32], private_key2[64];
ED25519_keypair_from_seed(public_key2, private_key2, seed); ED25519_keypair_from_seed(public_key2, private_key2, seed);
if (memcmp(public_key1, public_key2, sizeof(public_key1)) != 0 || if (OPENSSL_memcmp(public_key1, public_key2, sizeof(public_key1)) != 0 ||
memcmp(private_key1, private_key2, sizeof(private_key1)) != 0) { OPENSSL_memcmp(private_key1, private_key2, sizeof(private_key1)) != 0) {
fprintf(stderr, "TestKeypairFromSeed: resulting keypairs did not match.\n"); fprintf(stderr, "TestKeypairFromSeed: resulting keypairs did not match.\n");
return false; return false;
} }

13
crypto/curve25519/spake25519.c
View File

@ -22,6 +22,7 @@
#include <openssl/sha.h> #include <openssl/sha.h>
#include "internal.h" #include "internal.h"
#include "../internal.h"
/* The following precomputation tables are for the following /* The following precomputation tables are for the following
@ -291,7 +292,7 @@ SPAKE2_CTX *SPAKE2_CTX_new(enum spake2_role_t my_role,
return NULL; return NULL;
} }
memset(ctx, 0, sizeof(SPAKE2_CTX)); OPENSSL_memset(ctx, 0, sizeof(SPAKE2_CTX));
ctx->my_role = my_role; ctx->my_role = my_role;
CBS my_name_cbs, their_name_cbs; CBS my_name_cbs, their_name_cbs;
@ -346,7 +347,7 @@ int SPAKE2_generate_msg(SPAKE2_CTX *ctx, uint8_t *out, size_t *out_len,
/* Multiply by the cofactor (eight) so that we'll clear it when operating on /* Multiply by the cofactor (eight) so that we'll clear it when operating on
* the peer's point later in the protocol. */ * the peer's point later in the protocol. */
left_shift_3(private_tmp); left_shift_3(private_tmp);
memcpy(ctx->private_key, private_tmp, sizeof(ctx->private_key)); OPENSSL_memcpy(ctx->private_key, private_tmp, sizeof(ctx->private_key));
ge_p3 P; ge_p3 P;
x25519_ge_scalarmult_base(&P, ctx->private_key); x25519_ge_scalarmult_base(&P, ctx->private_key);
@ -354,9 +355,9 @@ int SPAKE2_generate_msg(SPAKE2_CTX *ctx, uint8_t *out, size_t *out_len,
/* mask = h(password) * <N or M>. */ /* mask = h(password) * <N or M>. */
uint8_t password_tmp[SHA512_DIGEST_LENGTH]; uint8_t password_tmp[SHA512_DIGEST_LENGTH];
SHA512(password, password_len, password_tmp); SHA512(password, password_len, password_tmp);
memcpy(ctx->password_hash, password_tmp, sizeof(ctx->password_hash)); OPENSSL_memcpy(ctx->password_hash, password_tmp, sizeof(ctx->password_hash));
x25519_sc_reduce(password_tmp); x25519_sc_reduce(password_tmp);
memcpy(ctx->password_scalar, password_tmp, sizeof(ctx->password_scalar)); OPENSSL_memcpy(ctx->password_scalar, password_tmp, sizeof(ctx->password_scalar));
ge_p3 mask; ge_p3 mask;
x25519_ge_scalarmult_small_precomp(&mask, ctx->password_scalar, x25519_ge_scalarmult_small_precomp(&mask, ctx->password_scalar,
@ -375,7 +376,7 @@ int SPAKE2_generate_msg(SPAKE2_CTX *ctx, uint8_t *out, size_t *out_len,
x25519_ge_p1p1_to_p2(&Pstar_proj, &Pstar); x25519_ge_p1p1_to_p2(&Pstar_proj, &Pstar);
x25519_ge_tobytes(ctx->my_msg, &Pstar_proj); x25519_ge_tobytes(ctx->my_msg, &Pstar_proj);
memcpy(out, ctx->my_msg, sizeof(ctx->my_msg)); OPENSSL_memcpy(out, ctx->my_msg, sizeof(ctx->my_msg));
*out_len = sizeof(ctx->my_msg); *out_len = sizeof(ctx->my_msg);
ctx->state = spake2_state_msg_generated; ctx->state = spake2_state_msg_generated;
@ -456,7 +457,7 @@ int SPAKE2_process_msg(SPAKE2_CTX *ctx, uint8_t *out_key, size_t *out_key_len,
if (to_copy > sizeof(key)) { if (to_copy > sizeof(key)) {
to_copy = sizeof(key); to_copy = sizeof(key);
} }
memcpy(out_key, key, to_copy); OPENSSL_memcpy(out_key, key, to_copy);
*out_key_len = to_copy; *out_key_len = to_copy;
ctx->state = spake2_state_key_generated; ctx->state = spake2_state_key_generated;

4
crypto/curve25519/spake25519_test.cc
View File

@ -20,6 +20,8 @@
#include <openssl/curve25519.h> #include <openssl/curve25519.h>
#include "../internal.h"
struct SPAKE2Run { struct SPAKE2Run {
bool Run() { bool Run() {
@ -71,7 +73,7 @@ struct SPAKE2Run {
} }
key_matches_ = (alice_key_len == bob_key_len && key_matches_ = (alice_key_len == bob_key_len &&
memcmp(alice_key, bob_key, alice_key_len) == 0); OPENSSL_memcmp(alice_key, bob_key, alice_key_len) == 0);
return true; return true;
} }

3
crypto/curve25519/x25519-x86_64.c
View File

@ -23,6 +23,7 @@
#include <string.h> #include <string.h>
#include "../internal.h"
#include "internal.h" #include "internal.h"
@ -228,7 +229,7 @@ static void mladder(fe25519 *xr, fe25519 *zr, const uint8_t s[32]) {
void x25519_x86_64(uint8_t out[32], const uint8_t scalar[32], void x25519_x86_64(uint8_t out[32], const uint8_t scalar[32],
const uint8_t point[32]) { const uint8_t point[32]) {
uint8_t e[32]; uint8_t e[32];
memcpy(e, scalar, sizeof(e)); OPENSSL_memcpy(e, scalar, sizeof(e));
e[0] &= 248; e[0] &= 248;
e[31] &= 127; e[31] &= 127;

14
crypto/curve25519/x25519_test.cc
View File

@ -18,6 +18,8 @@
#include <openssl/curve25519.h> #include <openssl/curve25519.h>
#include "../internal.h"
static bool TestX25519() { static bool TestX25519() {
/* Taken from https://tools.ietf.org/html/rfc7748#section-5.2 */ /* Taken from https://tools.ietf.org/html/rfc7748#section-5.2 */
@ -40,7 +42,7 @@ static bool TestX25519() {
0x4d, 0xf2, 0x8d, 0x08, 0x4f, 0x32, 0xec, 0xcf, 0x03, 0x49, 0x1c, 0x4d, 0xf2, 0x8d, 0x08, 0x4f, 0x32, 0xec, 0xcf, 0x03, 0x49, 0x1c,
0x71, 0xf7, 0x54, 0xb4, 0x07, 0x55, 0x77, 0xa2, 0x85, 0x52, 0x71, 0xf7, 0x54, 0xb4, 0x07, 0x55, 0x77, 0xa2, 0x85, 0x52,
}; };
if (memcmp(kExpected1, out, sizeof(out)) != 0) { if (OPENSSL_memcmp(kExpected1, out, sizeof(out)) != 0) {
fprintf(stderr, "X25519 test one failed.\n"); fprintf(stderr, "X25519 test one failed.\n");
return false; return false;
} }
@ -63,7 +65,7 @@ static bool TestX25519() {
0x5c, 0xb4, 0xb8, 0x73, 0xf8, 0x8b, 0x59, 0x5a, 0x68, 0x79, 0x9f, 0x5c, 0xb4, 0xb8, 0x73, 0xf8, 0x8b, 0x59, 0x5a, 0x68, 0x79, 0x9f,
0xa1, 0x52, 0xe6, 0xf8, 0xf7, 0x64, 0x7a, 0xac, 0x79, 0x57, 0xa1, 0x52, 0xe6, 0xf8, 0xf7, 0x64, 0x7a, 0xac, 0x79, 0x57,
}; };
if (memcmp(kExpected2, out, sizeof(out)) != 0) { if (OPENSSL_memcmp(kExpected2, out, sizeof(out)) != 0) {
fprintf(stderr, "X25519 test two failed.\n"); fprintf(stderr, "X25519 test two failed.\n");
return false; return false;
} }
@ -79,7 +81,7 @@ static bool TestX25519SmallOrder() {
}; };
uint8_t out[32], private_key[32]; uint8_t out[32], private_key[32];
memset(private_key, 0x11, sizeof(private_key)); OPENSSL_memset(private_key, 0x11, sizeof(private_key));
if (X25519(out, private_key, kSmallOrderPoint)) { if (X25519(out, private_key, kSmallOrderPoint)) {
fprintf(stderr, "X25519 returned success with a small-order input.\n"); fprintf(stderr, "X25519 returned success with a small-order input.\n");
@ -96,8 +98,8 @@ static bool TestX25519Iterated() {
unsigned i; unsigned i;
for (i = 0; i < 1000; i++) { for (i = 0; i < 1000; i++) {
X25519(out, scalar, point); X25519(out, scalar, point);
memcpy(point, scalar, sizeof(point)); OPENSSL_memcpy(point, scalar, sizeof(point));
memcpy(scalar, out, sizeof(scalar)); OPENSSL_memcpy(scalar, out, sizeof(scalar));
} }
static const uint8_t kExpected[32] = { static const uint8_t kExpected[32] = {
@ -106,7 +108,7 @@ static bool TestX25519Iterated() {
0xe3, 0x87, 0x5f, 0x2e, 0xb9, 0x4d, 0x99, 0x53, 0x2c, 0x51, 0xe3, 0x87, 0x5f, 0x2e, 0xb9, 0x4d, 0x99, 0x53, 0x2c, 0x51,
}; };
if (memcmp(kExpected, scalar, sizeof(kExpected)) != 0) { if (OPENSSL_memcmp(kExpected, scalar, sizeof(kExpected)) != 0) {
fprintf(stderr, "Iterated X25519 test failed\n"); fprintf(stderr, "Iterated X25519 test failed\n");
return false; return false;
} }

2
crypto/dh/dh.c
View File

@ -79,7 +79,7 @@ DH *DH_new(void) {
return NULL; return NULL;
} }
memset(dh, 0, sizeof(DH)); OPENSSL_memset(dh, 0, sizeof(DH));
CRYPTO_MUTEX_init(&dh->method_mont_p_lock); CRYPTO_MUTEX_init(&dh->method_mont_p_lock);

14
crypto/dh/dh_test.cc
View File

@ -68,6 +68,8 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/mem.h> #include <openssl/mem.h>
#include "../internal.h"
static bool RunBasicTests(); static bool RunBasicTests();
static bool RunRFC5114Tests(); static bool RunRFC5114Tests();
@ -470,9 +472,9 @@ static bool RunRFC5114Tests() {
} }
if (static_cast<size_t>(ret1) != td->Z_len || if (static_cast<size_t>(ret1) != td->Z_len ||
memcmp(Z1.data(), td->Z, td->Z_len) != 0 || OPENSSL_memcmp(Z1.data(), td->Z, td->Z_len) != 0 ||
static_cast<size_t>(ret2) != td->Z_len || static_cast<size_t>(ret2) != td->Z_len ||
memcmp(Z2.data(), td->Z, td->Z_len) != 0) { OPENSSL_memcmp(Z2.data(), td->Z, td->Z_len) != 0) {
fprintf(stderr, "Test failed RFC5114 set %u\n", i + 1); fprintf(stderr, "Test failed RFC5114 set %u\n", i + 1);
return false; return false;
} }
@ -576,7 +578,8 @@ static bool TestASN1() {
return false; return false;
} }
bssl::UniquePtr<uint8_t> free_der(der); bssl::UniquePtr<uint8_t> free_der(der);
if (der_len != sizeof(kParams) || memcmp(der, kParams, der_len) != 0) { if (der_len != sizeof(kParams) ||
OPENSSL_memcmp(der, kParams, der_len) != 0) {
return false; return false;
} }
@ -618,7 +621,8 @@ static bool TestASN1() {
return false; return false;
} }
bssl::UniquePtr<uint8_t> free_der2(der); bssl::UniquePtr<uint8_t> free_der2(der);
if (der_len != sizeof(kParamsDSA) || memcmp(der, kParamsDSA, der_len) != 0) { if (der_len != sizeof(kParamsDSA) ||
OPENSSL_memcmp(der, kParamsDSA, der_len) != 0) {
return false; return false;
} }
@ -653,7 +657,7 @@ static bool TestRFC3526() {
uint8_t buffer[sizeof(kPrime1536)]; uint8_t buffer[sizeof(kPrime1536)];
if (BN_num_bytes(bn.get()) != sizeof(kPrime1536) || if (BN_num_bytes(bn.get()) != sizeof(kPrime1536) ||
BN_bn2bin(bn.get(), buffer) != sizeof(kPrime1536) || BN_bn2bin(bn.get(), buffer) != sizeof(kPrime1536) ||
memcmp(buffer, kPrime1536, sizeof(kPrime1536)) != 0) { OPENSSL_memcmp(buffer, kPrime1536, sizeof(kPrime1536)) != 0) {
fprintf(stderr, "1536-bit MODP prime did not match.\n"); fprintf(stderr, "1536-bit MODP prime did not match.\n");
return false; return false;
} }

7
crypto/digest/digest.c
View File

@ -63,6 +63,7 @@
#include <openssl/mem.h> #include <openssl/mem.h>
#include "internal.h" #include "internal.h"
#include "../internal.h"
int EVP_MD_type(const EVP_MD *md) { return md->type; } int EVP_MD_type(const EVP_MD *md) { return md->type; }
@ -74,7 +75,9 @@ size_t EVP_MD_size(const EVP_MD *md) { return md->md_size; }
size_t EVP_MD_block_size(const EVP_MD *md) { return md->block_size; } size_t EVP_MD_block_size(const EVP_MD *md) { return md->block_size; }
void EVP_MD_CTX_init(EVP_MD_CTX *ctx) { memset(ctx, 0, sizeof(EVP_MD_CTX)); } void EVP_MD_CTX_init(EVP_MD_CTX *ctx) {
OPENSSL_memset(ctx, 0, sizeof(EVP_MD_CTX));
}
EVP_MD_CTX *EVP_MD_CTX_create(void) { EVP_MD_CTX *EVP_MD_CTX_create(void) {
EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(EVP_MD_CTX)); EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(EVP_MD_CTX));
@ -140,7 +143,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) {
return 0; return 0;
} }
} }
memcpy(out->md_data, in->md_data, in->digest->ctx_size); OPENSSL_memcpy(out->md_data, in->md_data, in->digest->ctx_size);
} }
assert(in->pctx == NULL || in->pctx_ops != NULL); assert(in->pctx == NULL || in->pctx_ops != NULL);

16
crypto/digest/md32_common.h
View File

@ -53,6 +53,8 @@
#include <assert.h> #include <assert.h>
#include "../internal.h"
#if defined(__cplusplus) #if defined(__cplusplus)
extern "C" { extern "C" {
#endif #endif
@ -194,16 +196,16 @@ int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len) {
size_t n = c->num; size_t n = c->num;
if (n != 0) { if (n != 0) {
if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) { if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) {
memcpy(c->data + n, data, HASH_CBLOCK - n); OPENSSL_memcpy(c->data + n, data, HASH_CBLOCK - n);
HASH_BLOCK_DATA_ORDER(c->h, c->data, 1); HASH_BLOCK_DATA_ORDER(c->h, c->data, 1);
n = HASH_CBLOCK - n; n = HASH_CBLOCK - n;
data += n; data += n;
len -= n; len -= n;
c->num = 0; c->num = 0;
/* Keep |c->data| zeroed when unused. */ /* Keep |c->data| zeroed when unused. */
memset(c->data, 0, HASH_CBLOCK); OPENSSL_memset(c->data, 0, HASH_CBLOCK);
} else { } else {
memcpy(c->data + n, data, len); OPENSSL_memcpy(c->data + n, data, len);
c->num += (unsigned)len; c->num += (unsigned)len;
return 1; return 1;
} }
@ -219,7 +221,7 @@ int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len) {
if (len != 0) { if (len != 0) {
c->num = (unsigned)len; c->num = (unsigned)len;
memcpy(c->data, data, len); OPENSSL_memcpy(c->data, data, len);
} }
return 1; return 1;
} }
@ -240,11 +242,11 @@ int HASH_FINAL(uint8_t *md, HASH_CTX *c) {
/* Fill the block with zeros if there isn't room for a 64-bit length. */ /* Fill the block with zeros if there isn't room for a 64-bit length. */
if (n > (HASH_CBLOCK - 8)) { if (n > (HASH_CBLOCK - 8)) {
memset(c->data + n, 0, HASH_CBLOCK - n); OPENSSL_memset(c->data + n, 0, HASH_CBLOCK - n);
n = 0; n = 0;
HASH_BLOCK_DATA_ORDER(c->h, c->data, 1); HASH_BLOCK_DATA_ORDER(c->h, c->data, 1);
} }
memset(c->data + n, 0, HASH_CBLOCK - 8 - n); OPENSSL_memset(c->data + n, 0, HASH_CBLOCK - 8 - n);
/* Append a 64-bit length to the block and process it. */ /* Append a 64-bit length to the block and process it. */
uint8_t *p = c->data + HASH_CBLOCK - 8; uint8_t *p = c->data + HASH_CBLOCK - 8;
@ -258,7 +260,7 @@ int HASH_FINAL(uint8_t *md, HASH_CTX *c) {
assert(p == c->data + HASH_CBLOCK); assert(p == c->data + HASH_CBLOCK);
HASH_BLOCK_DATA_ORDER(c->h, c->data, 1); HASH_BLOCK_DATA_ORDER(c->h, c->data, 1);
c->num = 0; c->num = 0;
memset(c->data, 0, HASH_CBLOCK); OPENSSL_memset(c->data, 0, HASH_CBLOCK);
HASH_MAKE_STRING(c, md); HASH_MAKE_STRING(c, md);
return 1; return 1;

11
crypto/dsa/dsa.c
View File

@ -90,7 +90,7 @@ DSA *DSA_new(void) {
return NULL; return NULL;
} }
memset(dsa, 0, sizeof(DSA)); OPENSSL_memset(dsa, 0, sizeof(DSA));
dsa->references = 1; dsa->references = 1;
@ -188,7 +188,7 @@ int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in,
/* Only consume as much seed as is expected. */ /* Only consume as much seed as is expected. */
seed_len = qsize; seed_len = qsize;
} }
memcpy(seed, seed_in, seed_len); OPENSSL_memcpy(seed, seed_in, seed_len);
} }
ctx = BN_CTX_new(); ctx = BN_CTX_new();
@ -232,8 +232,8 @@ int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in,
/* If we come back through, use random seed next time. */ /* If we come back through, use random seed next time. */
seed_in = NULL; seed_in = NULL;
} }
memcpy(buf, seed, qsize); OPENSSL_memcpy(buf, seed, qsize);
memcpy(buf2, seed, qsize); OPENSSL_memcpy(buf2, seed, qsize);
/* precompute "SEED + 1" for step 7: */ /* precompute "SEED + 1" for step 7: */
for (i = qsize - 1; i < qsize; i--) { for (i = qsize - 1; i < qsize; i--) {
buf[i]++; buf[i]++;
@ -763,7 +763,8 @@ int DSA_check_signature(int *out_valid, const uint8_t *digest,
/* Ensure that the signature uses DER and doesn't have trailing garbage. */ /* Ensure that the signature uses DER and doesn't have trailing garbage. */
int der_len = i2d_DSA_SIG(s, &der); int der_len = i2d_DSA_SIG(s, &der);
if (der_len < 0 || (size_t)der_len != sig_len || memcmp(sig, der, sig_len)) { if (der_len < 0 || (size_t)der_len != sig_len ||
OPENSSL_memcmp(sig, der, sig_len)) {
goto err; goto err;
} }

8
crypto/dsa/dsa_test.c
View File

@ -65,6 +65,8 @@
#include <openssl/crypto.h> #include <openssl/crypto.h>
#include <openssl/err.h> #include <openssl/err.h>
#include "../internal.h"
static int dsa_cb(int p, int n, BN_GENCB *arg); static int dsa_cb(int p, int n, BN_GENCB *arg);
@ -217,21 +219,21 @@ static int test_generate(FILE *out) {
i = BN_bn2bin(dsa->q, buf); i = BN_bn2bin(dsa->q, buf);
j = sizeof(fips_q); j = sizeof(fips_q);
if (i != j || memcmp(buf, fips_q, i) != 0) { if (i != j || OPENSSL_memcmp(buf, fips_q, i) != 0) {
fprintf(stderr, "q value is wrong\n"); fprintf(stderr, "q value is wrong\n");
goto end; goto end;
} }
i = BN_bn2bin(dsa->p, buf); i = BN_bn2bin(dsa->p, buf);
j = sizeof(fips_p); j = sizeof(fips_p);
if (i != j || memcmp(buf, fips_p, i) != 0) { if (i != j || OPENSSL_memcmp(buf, fips_p, i) != 0) {
fprintf(stderr, "p value is wrong\n"); fprintf(stderr, "p value is wrong\n");
goto end; goto end;
} }
i = BN_bn2bin(dsa->g, buf); i = BN_bn2bin(dsa->g, buf);
j = sizeof(fips_g); j = sizeof(fips_g);
if (i != j || memcmp(buf, fips_g, i) != 0) { if (i != j || OPENSSL_memcmp(buf, fips_g, i) != 0) {
fprintf(stderr, "g value is wrong\n"); fprintf(stderr, "g value is wrong\n");
goto end; goto end;
} }

2
crypto/ec/ec.c
View File

@ -350,7 +350,7 @@ EC_GROUP *ec_group_new(const EC_METHOD *meth) {
OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE); OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE);
return NULL; return NULL;
} }
memset(ret, 0, sizeof(EC_GROUP)); OPENSSL_memset(ret, 0, sizeof(EC_GROUP));
ret->meth = meth; ret->meth = meth;
BN_init(&ret->order); BN_init(&ret->order);

5
crypto/ec/ec_asn1.c
View File

@ -64,6 +64,7 @@
#include "internal.h" #include "internal.h"
#include "../bytestring/internal.h" #include "../bytestring/internal.h"
#include "../internal.h"
static const uint8_t kParametersTag = static const uint8_t kParametersTag =
@ -271,7 +272,7 @@ static int parse_explicit_prime_curve(CBS *in, CBS *out_prime, CBS *out_a,
!CBS_get_asn1(&params, &field_id, CBS_ASN1_SEQUENCE) || !CBS_get_asn1(&params, &field_id, CBS_ASN1_SEQUENCE) ||
!CBS_get_asn1(&field_id, &field_type, CBS_ASN1_OBJECT) || !CBS_get_asn1(&field_id, &field_type, CBS_ASN1_OBJECT) ||
CBS_len(&field_type) != sizeof(kPrimeField) || CBS_len(&field_type) != sizeof(kPrimeField) ||
memcmp(CBS_data(&field_type), kPrimeField, sizeof(kPrimeField)) != 0 || OPENSSL_memcmp(CBS_data(&field_type), kPrimeField, sizeof(kPrimeField)) != 0 ||
!CBS_get_asn1(&field_id, out_prime, CBS_ASN1_INTEGER) || !CBS_get_asn1(&field_id, out_prime, CBS_ASN1_INTEGER) ||
!is_unsigned_integer(out_prime) || !is_unsigned_integer(out_prime) ||
CBS_len(&field_id) != 0 || CBS_len(&field_id) != 0 ||
@ -335,7 +336,7 @@ EC_GROUP *EC_KEY_parse_curve_name(CBS *cbs) {
for (i = 0; OPENSSL_built_in_curves[i].nid != NID_undef; i++) { for (i = 0; OPENSSL_built_in_curves[i].nid != NID_undef; i++) {
const struct built_in_curve *curve = &OPENSSL_built_in_curves[i]; const struct built_in_curve *curve = &OPENSSL_built_in_curves[i];
if (CBS_len(&named_curve) == curve->oid_len && if (CBS_len(&named_curve) == curve->oid_len &&
memcmp(CBS_data(&named_curve), curve->oid, curve->oid_len) == 0) { OPENSSL_memcmp(CBS_data(&named_curve), curve->oid, curve->oid_len) == 0) {
return EC_GROUP_new_by_curve_name(curve->nid); return EC_GROUP_new_by_curve_name(curve->nid);
} }
} }

2
crypto/ec/ec_key.c
View File

@ -91,7 +91,7 @@ EC_KEY *EC_KEY_new_method(const ENGINE *engine) {
return NULL; return NULL;
} }
memset(ret, 0, sizeof(EC_KEY)); OPENSSL_memset(ret, 0, sizeof(EC_KEY));
if (engine) { if (engine) {
ret->ecdsa_meth = ENGINE_get_ECDSA_method(engine); ret->ecdsa_meth = ENGINE_get_ECDSA_method(engine);

16
crypto/ec/p224-64.c
View File

@ -211,7 +211,7 @@ static void flip_endian(u8 *out, const u8 *in, size_t len) {
static int BN_to_felem(felem out, const BIGNUM *bn) { static int BN_to_felem(felem out, const BIGNUM *bn) {
/* BN_bn2bin eats leading zeroes */ /* BN_bn2bin eats leading zeroes */
felem_bytearray b_out; felem_bytearray b_out;
memset(b_out, 0, sizeof(b_out)); OPENSSL_memset(b_out, 0, sizeof(b_out));
size_t num_bytes = BN_num_bytes(bn); size_t num_bytes = BN_num_bytes(bn);
if (num_bytes > sizeof(b_out) || if (num_bytes > sizeof(b_out) ||
BN_is_negative(bn)) { BN_is_negative(bn)) {
@ -860,7 +860,7 @@ static void point_add(felem x3, felem y3, felem z3, const felem x1,
static void select_point(const u64 idx, size_t size, static void select_point(const u64 idx, size_t size,
const felem pre_comp[/*size*/][3], felem out[3]) { const felem pre_comp[/*size*/][3], felem out[3]) {
limb *outlimbs = &out[0][0]; limb *outlimbs = &out[0][0];
memset(outlimbs, 0, 3 * sizeof(felem)); OPENSSL_memset(outlimbs, 0, 3 * sizeof(felem));
for (size_t i = 0; i < size; i++) { for (size_t i = 0; i < size; i++) {
const limb *inlimbs = &pre_comp[i][0][0]; const limb *inlimbs = &pre_comp[i][0][0];
@ -898,7 +898,7 @@ static void batch_mul(felem x_out, felem y_out, felem z_out,
u8 sign, digit; u8 sign, digit;
/* set nq to the point at infinity */ /* set nq to the point at infinity */
memset(nq, 0, 3 * sizeof(felem)); OPENSSL_memset(nq, 0, 3 * sizeof(felem));
/* Loop over all scalars msb-to-lsb, interleaving additions /* Loop over all scalars msb-to-lsb, interleaving additions
* of multiples of the generator (two in each of the last 28 rounds) * of multiples of the generator (two in each of the last 28 rounds)
@ -925,7 +925,7 @@ static void batch_mul(felem x_out, felem y_out, felem z_out,
point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], 1 /* mixed */, point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], 1 /* mixed */,
tmp[0], tmp[1], tmp[2]); tmp[0], tmp[1], tmp[2]);
} else { } else {
memcpy(nq, tmp, 3 * sizeof(felem)); OPENSSL_memcpy(nq, tmp, 3 * sizeof(felem));
skip = 0; skip = 0;
} }
@ -962,7 +962,7 @@ static void batch_mul(felem x_out, felem y_out, felem z_out,
point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], 0 /* mixed */, point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], 0 /* mixed */,
tmp[0], tmp[1], tmp[2]); tmp[0], tmp[1], tmp[2]);
} else { } else {
memcpy(nq, tmp, 3 * sizeof(felem)); OPENSSL_memcpy(nq, tmp, 3 * sizeof(felem));
skip = 0; skip = 0;
} }
} }
@ -1074,8 +1074,8 @@ static int ec_GFp_nistp224_points_mul(const EC_GROUP *group,
/* we treat NULL scalars as 0, and NULL points as points at infinity, /* we treat NULL scalars as 0, and NULL points as points at infinity,
* i.e., they contribute nothing to the linear combination */ * i.e., they contribute nothing to the linear combination */
memset(secrets, 0, num_points * sizeof(felem_bytearray)); OPENSSL_memset(secrets, 0, num_points * sizeof(felem_bytearray));
memset(pre_comp, 0, num_points * 17 * 3 * sizeof(felem)); OPENSSL_memset(pre_comp, 0, num_points * 17 * 3 * sizeof(felem));
for (size_t i = 0; i < num_points; ++i) { for (size_t i = 0; i < num_points; ++i) {
if (i == num) { if (i == num) {
/* the generator */ /* the generator */
@ -1131,7 +1131,7 @@ static int ec_GFp_nistp224_points_mul(const EC_GROUP *group,
} }
if (g_scalar != NULL) { if (g_scalar != NULL) {
memset(g_secret, 0, sizeof(g_secret)); OPENSSL_memset(g_secret, 0, sizeof(g_secret));
size_t num_bytes; size_t num_bytes;
/* reduce g_scalar to 0 <= g_scalar < 2^224 */ /* reduce g_scalar to 0 <= g_scalar < 2^224 */
if (BN_num_bits(g_scalar) > 224 || BN_is_negative(g_scalar)) { if (BN_num_bits(g_scalar) > 224 || BN_is_negative(g_scalar)) {

12
crypto/ec/p256-64.c
View File

@ -108,7 +108,7 @@ static int BN_to_felem(felem out, const BIGNUM *bn) {
felem_bytearray b_out; felem_bytearray b_out;
/* BN_bn2bin eats leading zeroes */ /* BN_bn2bin eats leading zeroes */
memset(b_out, 0, sizeof(b_out)); OPENSSL_memset(b_out, 0, sizeof(b_out));
size_t num_bytes = BN_num_bytes(bn); size_t num_bytes = BN_num_bytes(bn);
if (num_bytes > sizeof(b_out)) { if (num_bytes > sizeof(b_out)) {
OPENSSL_PUT_ERROR(EC, EC_R_BIGNUM_OUT_OF_RANGE); OPENSSL_PUT_ERROR(EC, EC_R_BIGNUM_OUT_OF_RANGE);
@ -1402,7 +1402,7 @@ static void select_point(const u64 idx, size_t size,
const smallfelem pre_comp[/*size*/][3], const smallfelem pre_comp[/*size*/][3],
smallfelem out[3]) { smallfelem out[3]) {
u64 *outlimbs = &out[0][0]; u64 *outlimbs = &out[0][0];
memset(outlimbs, 0, 3 * sizeof(smallfelem)); OPENSSL_memset(outlimbs, 0, 3 * sizeof(smallfelem));
for (size_t i = 0; i < size; i++) { for (size_t i = 0; i < size; i++) {
const u64 *inlimbs = (const u64 *)&pre_comp[i][0][0]; const u64 *inlimbs = (const u64 *)&pre_comp[i][0][0];
@ -1441,7 +1441,7 @@ static void batch_mul(felem x_out, felem y_out, felem z_out,
u8 sign, digit; u8 sign, digit;
/* set nq to the point at infinity */ /* set nq to the point at infinity */
memset(nq, 0, 3 * sizeof(felem)); OPENSSL_memset(nq, 0, 3 * sizeof(felem));
/* Loop over all scalars msb-to-lsb, interleaving additions of multiples /* Loop over all scalars msb-to-lsb, interleaving additions of multiples
* of the generator (two in each of the last 32 rounds) and additions of * of the generator (two in each of the last 32 rounds) and additions of
@ -1632,8 +1632,8 @@ static int ec_GFp_nistp256_points_mul(const EC_GROUP *group,
/* we treat NULL scalars as 0, and NULL points as points at infinity, /* we treat NULL scalars as 0, and NULL points as points at infinity,
* i.e., they contribute nothing to the linear combination. */ * i.e., they contribute nothing to the linear combination. */
memset(secrets, 0, num_points * sizeof(felem_bytearray)); OPENSSL_memset(secrets, 0, num_points * sizeof(felem_bytearray));
memset(pre_comp, 0, num_points * 17 * 3 * sizeof(smallfelem)); OPENSSL_memset(pre_comp, 0, num_points * 17 * 3 * sizeof(smallfelem));
for (size_t i = 0; i < num_points; ++i) { for (size_t i = 0; i < num_points; ++i) {
if (i == num) { if (i == num) {
/* we didn't have a valid precomputation, so we pick the generator. */ /* we didn't have a valid precomputation, so we pick the generator. */
@ -1688,7 +1688,7 @@ static int ec_GFp_nistp256_points_mul(const EC_GROUP *group,
if (g_scalar != NULL) { if (g_scalar != NULL) {
size_t num_bytes; size_t num_bytes;
memset(g_secret, 0, sizeof(g_secret)); OPENSSL_memset(g_secret, 0, sizeof(g_secret));
/* reduce g_scalar to 0 <= g_scalar < 2^256 */ /* reduce g_scalar to 0 <= g_scalar < 2^256 */
if (BN_num_bits(g_scalar) > 256 || BN_is_negative(g_scalar)) { if (BN_num_bits(g_scalar) > 256 || BN_is_negative(g_scalar)) {
/* this is an unusual input, and we don't guarantee /* this is an unusual input, and we don't guarantee

6
crypto/ec/p256-x86_64.c
View File

@ -208,8 +208,8 @@ static int ecp_nistz256_bignum_to_field_elem(BN_ULONG out[P256_LIMBS],
return 0; return 0;
} }
memset(out, 0, sizeof(BN_ULONG) * P256_LIMBS); OPENSSL_memset(out, 0, sizeof(BN_ULONG) * P256_LIMBS);
memcpy(out, in->d, sizeof(BN_ULONG) * in->top); OPENSSL_memcpy(out, in->d, sizeof(BN_ULONG) * in->top);
return 1; return 1;
} }
@ -441,7 +441,7 @@ static int ecp_nistz256_points_mul(
/* Convert |p| from affine to Jacobian coordinates. We set Z to zero if |p| /* Convert |p| from affine to Jacobian coordinates. We set Z to zero if |p|
* is infinity and |ONE| otherwise. |p| was computed from the table, so it * is infinity and |ONE| otherwise. |p| was computed from the table, so it
* is infinity iff |wvalue >> 1| is zero. */ * is infinity iff |wvalue >> 1| is zero. */
memset(p.p.Z, 0, sizeof(p.p.Z)); OPENSSL_memset(p.p.Z, 0, sizeof(p.p.Z));
copy_conditional(p.p.Z, ONE, is_not_zero(wvalue >> 1)); copy_conditional(p.p.Z, ONE, is_not_zero(wvalue >> 1));
for (i = 1; i < 37; i++) { for (i = 1; i < 37; i++) {

68
crypto/ec/p256-x86_64_test.cc
View File

@ -38,9 +38,9 @@ static bool TestSelectW5() {
// Fill a table with some garbage input. // Fill a table with some garbage input.
P256_POINT table[16]; P256_POINT table[16];
for (size_t i = 0; i < 16; i++) { for (size_t i = 0; i < 16; i++) {
memset(table[i].X, 3 * i, sizeof(table[i].X)); OPENSSL_memset(table[i].X, 3 * i, sizeof(table[i].X));
memset(table[i].Y, 3 * i + 1, sizeof(table[i].Y)); OPENSSL_memset(table[i].Y, 3 * i + 1, sizeof(table[i].Y));
memset(table[i].Z, 3 * i + 2, sizeof(table[i].Z)); OPENSSL_memset(table[i].Z, 3 * i + 2, sizeof(table[i].Z));
} }
for (int i = 0; i <= 16; i++) { for (int i = 0; i <= 16; i++) {
@ -49,12 +49,12 @@ static bool TestSelectW5() {
P256_POINT expected; P256_POINT expected;
if (i == 0) { if (i == 0) {
memset(&expected, 0, sizeof(expected)); OPENSSL_memset(&expected, 0, sizeof(expected));
} else { } else {
expected = table[i-1]; expected = table[i-1];
} }
if (memcmp(&val, &expected, sizeof(P256_POINT)) != 0) { if (OPENSSL_memcmp(&val, &expected, sizeof(P256_POINT)) != 0) {
fprintf(stderr, "ecp_nistz256_select_w5(%d) gave the wrong value.\n", i); fprintf(stderr, "ecp_nistz256_select_w5(%d) gave the wrong value.\n", i);
return false; return false;
} }
@ -67,8 +67,8 @@ static bool TestSelectW7() {
// Fill a table with some garbage input. // Fill a table with some garbage input.
P256_POINT_AFFINE table[64]; P256_POINT_AFFINE table[64];
for (size_t i = 0; i < 64; i++) { for (size_t i = 0; i < 64; i++) {
memset(table[i].X, 2 * i, sizeof(table[i].X)); OPENSSL_memset(table[i].X, 2 * i, sizeof(table[i].X));
memset(table[i].Y, 2 * i + 1, sizeof(table[i].Y)); OPENSSL_memset(table[i].Y, 2 * i + 1, sizeof(table[i].Y));
} }
for (int i = 0; i <= 64; i++) { for (int i = 0; i <= 64; i++) {
@ -77,12 +77,12 @@ static bool TestSelectW7() {
P256_POINT_AFFINE expected; P256_POINT_AFFINE expected;
if (i == 0) { if (i == 0) {
memset(&expected, 0, sizeof(expected)); OPENSSL_memset(&expected, 0, sizeof(expected));
} else { } else {
expected = table[i-1]; expected = table[i-1];
} }
if (memcmp(&val, &expected, sizeof(P256_POINT_AFFINE)) != 0) { if (OPENSSL_memcmp(&val, &expected, sizeof(P256_POINT_AFFINE)) != 0) {
fprintf(stderr, "ecp_nistz256_select_w7(%d) gave the wrong value.\n", i); fprintf(stderr, "ecp_nistz256_select_w7(%d) gave the wrong value.\n", i);
return false; return false;
} }
@ -105,7 +105,7 @@ static bool GetFieldElement(FileTest *t, BN_ULONG out[P256_LIMBS],
// |byte| contains bytes in big-endian while |out| should contain |BN_ULONG|s // |byte| contains bytes in big-endian while |out| should contain |BN_ULONG|s
// in little-endian. // in little-endian.
memset(out, 0, P256_LIMBS * sizeof(BN_ULONG)); OPENSSL_memset(out, 0, P256_LIMBS * sizeof(BN_ULONG));
for (size_t i = 0; i < bytes.size(); i++) { for (size_t i = 0; i < bytes.size(); i++) {
out[P256_LIMBS - 1 - (i / BN_BYTES)] <<= 8; out[P256_LIMBS - 1 - (i / BN_BYTES)] <<= 8;
out[P256_LIMBS - 1 - (i / BN_BYTES)] |= bytes[i]; out[P256_LIMBS - 1 - (i / BN_BYTES)] |= bytes[i];
@ -127,7 +127,7 @@ static std::string FieldElementToString(const BN_ULONG a[P256_LIMBS]) {
static bool ExpectFieldElementsEqual(FileTest *t, const char *message, static bool ExpectFieldElementsEqual(FileTest *t, const char *message,
const BN_ULONG expected[P256_LIMBS], const BN_ULONG expected[P256_LIMBS],
const BN_ULONG actual[P256_LIMBS]) { const BN_ULONG actual[P256_LIMBS]) {
if (memcmp(expected, actual, sizeof(BN_ULONG) * P256_LIMBS) == 0) { if (OPENSSL_memcmp(expected, actual, sizeof(BN_ULONG) * P256_LIMBS) == 0) {
return true; return true;
} }
@ -160,7 +160,7 @@ static bool PointToAffine(P256_POINT_AFFINE *out, const P256_POINT *in) {
return false; return false;
} }
memset(out, 0, sizeof(P256_POINT_AFFINE)); OPENSSL_memset(out, 0, sizeof(P256_POINT_AFFINE));
if (BN_is_zero(z.get())) { if (BN_is_zero(z.get())) {
// The point at infinity is represented as (0, 0). // The point at infinity is represented as (0, 0).
@ -189,8 +189,8 @@ static bool PointToAffine(P256_POINT_AFFINE *out, const P256_POINT *in) {
return false; return false;
} }
memcpy(out->X, x->d, sizeof(BN_ULONG) * x->top); OPENSSL_memcpy(out->X, x->d, sizeof(BN_ULONG) * x->top);
memcpy(out->Y, y->d, sizeof(BN_ULONG) * y->top); OPENSSL_memcpy(out->Y, y->d, sizeof(BN_ULONG) * y->top);
return true; return true;
} }
@ -209,7 +209,7 @@ static bool ExpectPointsEqual(FileTest *t, const char *message,
return false; return false;
} }
if (memcmp(expected, &affine, sizeof(P256_POINT_AFFINE)) != 0) { if (OPENSSL_memcmp(expected, &affine, sizeof(P256_POINT_AFFINE)) != 0) {
t->PrintLine("%s", message); t->PrintLine("%s", message);
t->PrintLine("Expected: (%s, %s)", t->PrintLine("Expected: (%s, %s)",
FieldElementToString(expected->X).c_str(), FieldElementToString(expected->X).c_str(),
@ -237,7 +237,7 @@ static bool TestNegate(FileTest *t) {
return false; return false;
} }
memcpy(ret, a, sizeof(ret)); OPENSSL_memcpy(ret, a, sizeof(ret));
ecp_nistz256_neg(ret, ret); ecp_nistz256_neg(ret, ret);
if (!ExpectFieldElementsEqual( if (!ExpectFieldElementsEqual(
t, "In-place ecp_nistz256_neg(A) was incorrect.", b, ret)) { t, "In-place ecp_nistz256_neg(A) was incorrect.", b, ret)) {
@ -251,7 +251,7 @@ static bool TestNegate(FileTest *t) {
return false; return false;
} }
memcpy(ret, b, sizeof(ret)); OPENSSL_memcpy(ret, b, sizeof(ret));
ecp_nistz256_neg(ret, ret); ecp_nistz256_neg(ret, ret);
if (!ExpectFieldElementsEqual( if (!ExpectFieldElementsEqual(
t, "In-place ecp_nistz256_neg(B) was incorrect.", a, ret)) { t, "In-place ecp_nistz256_neg(B) was incorrect.", a, ret)) {
@ -282,42 +282,42 @@ static bool TestMulMont(FileTest *t) {
return false; return false;
} }
memcpy(ret, a, sizeof(ret)); OPENSSL_memcpy(ret, a, sizeof(ret));
ecp_nistz256_mul_mont(ret, ret, b); ecp_nistz256_mul_mont(ret, ret, b);
if (!ExpectFieldElementsEqual( if (!ExpectFieldElementsEqual(
t, "ecp_nistz256_mul_mont(ret = A, B) was incorrect.", result, ret)) { t, "ecp_nistz256_mul_mont(ret = A, B) was incorrect.", result, ret)) {
return false; return false;
} }
memcpy(ret, a, sizeof(ret)); OPENSSL_memcpy(ret, a, sizeof(ret));
ecp_nistz256_mul_mont(ret, b, ret); ecp_nistz256_mul_mont(ret, b, ret);
if (!ExpectFieldElementsEqual( if (!ExpectFieldElementsEqual(
t, "ecp_nistz256_mul_mont(B, ret = A) was incorrect.", result, ret)) { t, "ecp_nistz256_mul_mont(B, ret = A) was incorrect.", result, ret)) {
return false; return false;
} }
memcpy(ret, b, sizeof(ret)); OPENSSL_memcpy(ret, b, sizeof(ret));
ecp_nistz256_mul_mont(ret, a, ret); ecp_nistz256_mul_mont(ret, a, ret);
if (!ExpectFieldElementsEqual( if (!ExpectFieldElementsEqual(
t, "ecp_nistz256_mul_mont(A, ret = B) was incorrect.", result, ret)) { t, "ecp_nistz256_mul_mont(A, ret = B) was incorrect.", result, ret)) {
return false; return false;
} }
memcpy(ret, b, sizeof(ret)); OPENSSL_memcpy(ret, b, sizeof(ret));
ecp_nistz256_mul_mont(ret, ret, a); ecp_nistz256_mul_mont(ret, ret, a);
if (!ExpectFieldElementsEqual( if (!ExpectFieldElementsEqual(
t, "ecp_nistz256_mul_mont(ret = B, A) was incorrect.", result, ret)) { t, "ecp_nistz256_mul_mont(ret = B, A) was incorrect.", result, ret)) {
return false; return false;
} }
if (memcmp(a, b, sizeof(a)) == 0) { if (OPENSSL_memcmp(a, b, sizeof(a)) == 0) {
ecp_nistz256_sqr_mont(ret, a); ecp_nistz256_sqr_mont(ret, a);
if (!ExpectFieldElementsEqual(t, "ecp_nistz256_sqr_mont(A) was incorrect.", if (!ExpectFieldElementsEqual(t, "ecp_nistz256_sqr_mont(A) was incorrect.",
result, ret)) { result, ret)) {
return false; return false;
} }
memcpy(ret, a, sizeof(ret)); OPENSSL_memcpy(ret, a, sizeof(ret));
ecp_nistz256_sqr_mont(ret, ret); ecp_nistz256_sqr_mont(ret, ret);
if (!ExpectFieldElementsEqual( if (!ExpectFieldElementsEqual(
t, "ecp_nistz256_sqr_mont(ret = A) was incorrect.", result, ret)) { t, "ecp_nistz256_sqr_mont(ret = A) was incorrect.", result, ret)) {
@ -342,7 +342,7 @@ static bool TestFromMont(FileTest *t) {
return false; return false;
} }
memcpy(ret, a, sizeof(ret)); OPENSSL_memcpy(ret, a, sizeof(ret));
ecp_nistz256_from_mont(ret, ret); ecp_nistz256_from_mont(ret, ret);
if (!ExpectFieldElementsEqual( if (!ExpectFieldElementsEqual(
t, "ecp_nistz256_from_mont(ret = A) was incorrect.", result, ret)) { t, "ecp_nistz256_from_mont(ret = A) was incorrect.", result, ret)) {
@ -379,28 +379,28 @@ static bool TestPointAdd(FileTest *t) {
return false; return false;
} }
memcpy(&ret, &a, sizeof(ret)); OPENSSL_memcpy(&ret, &a, sizeof(ret));
ecp_nistz256_point_add(&ret, &ret, &b); ecp_nistz256_point_add(&ret, &ret, &b);
if (!ExpectPointsEqual(t, "ecp_nistz256_point_add(ret = A, B) was incorrect.", if (!ExpectPointsEqual(t, "ecp_nistz256_point_add(ret = A, B) was incorrect.",
&result, &ret)) { &result, &ret)) {
return false; return false;
} }
memcpy(&ret, &a, sizeof(ret)); OPENSSL_memcpy(&ret, &a, sizeof(ret));
ecp_nistz256_point_add(&ret, &b, &ret); ecp_nistz256_point_add(&ret, &b, &ret);
if (!ExpectPointsEqual(t, "ecp_nistz256_point_add(B, ret = A) was incorrect.", if (!ExpectPointsEqual(t, "ecp_nistz256_point_add(B, ret = A) was incorrect.",
&result, &ret)) { &result, &ret)) {
return false; return false;
} }
memcpy(&ret, &b, sizeof(ret)); OPENSSL_memcpy(&ret, &b, sizeof(ret));
ecp_nistz256_point_add(&ret, &a, &ret); ecp_nistz256_point_add(&ret, &a, &ret);
if (!ExpectPointsEqual(t, "ecp_nistz256_point_add(ret = A, B) was incorrect.", if (!ExpectPointsEqual(t, "ecp_nistz256_point_add(ret = A, B) was incorrect.",
&result, &ret)) { &result, &ret)) {
return false; return false;
} }
memcpy(&ret, &b, sizeof(ret)); OPENSSL_memcpy(&ret, &b, sizeof(ret));
ecp_nistz256_point_add(&ret, &ret, &a); ecp_nistz256_point_add(&ret, &ret, &a);
if (!ExpectPointsEqual(t, "ecp_nistz256_point_add(ret = B, A) was incorrect.", if (!ExpectPointsEqual(t, "ecp_nistz256_point_add(ret = B, A) was incorrect.",
&result, &ret)) { &result, &ret)) {
@ -408,7 +408,7 @@ static bool TestPointAdd(FileTest *t) {
} }
P256_POINT_AFFINE a_affine, b_affine, infinity; P256_POINT_AFFINE a_affine, b_affine, infinity;
memset(&infinity, 0, sizeof(infinity)); OPENSSL_memset(&infinity, 0, sizeof(infinity));
if (!PointToAffine(&a_affine, &a) || if (!PointToAffine(&a_affine, &a) ||
!PointToAffine(&b_affine, &b)) { !PointToAffine(&b_affine, &b)) {
return false; return false;
@ -416,8 +416,8 @@ static bool TestPointAdd(FileTest *t) {
// ecp_nistz256_point_add_affine does not work when a == b unless doubling the // ecp_nistz256_point_add_affine does not work when a == b unless doubling the
// point at infinity. // point at infinity.
if (memcmp(&a_affine, &b_affine, sizeof(a_affine)) != 0 || if (OPENSSL_memcmp(&a_affine, &b_affine, sizeof(a_affine)) != 0 ||
memcmp(&a_affine, &infinity, sizeof(a_affine)) == 0) { OPENSSL_memcmp(&a_affine, &infinity, sizeof(a_affine)) == 0) {
ecp_nistz256_point_add_affine(&ret, &a, &b_affine); ecp_nistz256_point_add_affine(&ret, &a, &b_affine);
if (!ExpectPointsEqual(t, if (!ExpectPointsEqual(t,
"ecp_nistz256_point_add_affine(A, B) was incorrect.", "ecp_nistz256_point_add_affine(A, B) was incorrect.",
@ -425,7 +425,7 @@ static bool TestPointAdd(FileTest *t) {
return false; return false;
} }
memcpy(&ret, &a, sizeof(ret)); OPENSSL_memcpy(&ret, &a, sizeof(ret));
ecp_nistz256_point_add_affine(&ret, &ret, &b_affine); ecp_nistz256_point_add_affine(&ret, &ret, &b_affine);
if (!ExpectPointsEqual( if (!ExpectPointsEqual(
t, "ecp_nistz256_point_add_affine(ret = A, B) was incorrect.", t, "ecp_nistz256_point_add_affine(ret = A, B) was incorrect.",
@ -440,7 +440,7 @@ static bool TestPointAdd(FileTest *t) {
return false; return false;
} }
memcpy(&ret, &b, sizeof(ret)); OPENSSL_memcpy(&ret, &b, sizeof(ret));
ecp_nistz256_point_add_affine(&ret, &ret, &a_affine); ecp_nistz256_point_add_affine(&ret, &ret, &a_affine);
if (!ExpectPointsEqual( if (!ExpectPointsEqual(
t, "ecp_nistz256_point_add_affine(ret = B, A) was incorrect.", t, "ecp_nistz256_point_add_affine(ret = B, A) was incorrect.",
@ -449,7 +449,7 @@ static bool TestPointAdd(FileTest *t) {
} }
} }
if (memcmp(&a, &b, sizeof(a)) == 0) { if (OPENSSL_memcmp(&a, &b, sizeof(a)) == 0) {
ecp_nistz256_point_double(&ret, &a); ecp_nistz256_point_double(&ret, &a);
if (!ExpectPointsEqual(t, "ecp_nistz256_point_double(A) was incorrect.", if (!ExpectPointsEqual(t, "ecp_nistz256_point_double(A) was incorrect.",
&result, &ret)) { &result, &ret)) {

3
crypto/ec/simple.c
View File

@ -74,6 +74,7 @@
#include <openssl/mem.h> #include <openssl/mem.h>
#include "internal.h" #include "internal.h"
#include "../internal.h"
/* Most method functions in this file are designed to work with non-trivial /* Most method functions in this file are designed to work with non-trivial
@ -988,7 +989,7 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num,
if (prod_Z == NULL) { if (prod_Z == NULL) {
goto err; goto err;
} }
memset(prod_Z, 0, num * sizeof(prod_Z[0])); OPENSSL_memset(prod_Z, 0, num * sizeof(prod_Z[0]));
for (size_t i = 0; i < num; i++) { for (size_t i = 0; i < num; i++) {
prod_Z[i] = BN_new(); prod_Z[i] = BN_new();
if (prod_Z[i] == NULL) { if (prod_Z[i] == NULL) {

4
crypto/ecdh/ecdh.c
View File

@ -74,6 +74,8 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/mem.h> #include <openssl/mem.h>
#include "../internal.h"
int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
const EC_KEY *priv_key, const EC_KEY *priv_key,
@ -140,7 +142,7 @@ int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
if (buflen < outlen) { if (buflen < outlen) {
outlen = buflen; outlen = buflen;
} }
memcpy(out, buf, outlen); OPENSSL_memcpy(out, buf, outlen);
} }
if (outlen > INT_MAX) { if (outlen > INT_MAX) {

3
crypto/ecdsa/ecdsa.c
View File

@ -61,6 +61,7 @@
#include <openssl/mem.h> #include <openssl/mem.h>
#include "../ec/internal.h" #include "../ec/internal.h"
#include "../internal.h"
int ECDSA_sign(int type, const uint8_t *digest, size_t digest_len, uint8_t *sig, int ECDSA_sign(int type, const uint8_t *digest, size_t digest_len, uint8_t *sig,
@ -88,7 +89,7 @@ int ECDSA_verify(int type, const uint8_t *digest, size_t digest_len,
/* Defend against potential laxness in the DER parser. */ /* Defend against potential laxness in the DER parser. */
size_t der_len; size_t der_len;
if (!ECDSA_SIG_to_bytes(&der, &der_len, s) || if (!ECDSA_SIG_to_bytes(&der, &der_len, s) ||
der_len != sig_len || memcmp(sig, der, sig_len) != 0) { der_len != sig_len || OPENSSL_memcmp(sig, der, sig_len) != 0) {
/* This should never happen. crypto/bytestring is strictly DER. */ /* This should never happen. crypto/bytestring is strictly DER. */
OPENSSL_PUT_ERROR(ECDSA, ERR_R_INTERNAL_ERROR); OPENSSL_PUT_ERROR(ECDSA, ERR_R_INTERNAL_ERROR);
goto err; goto err;

4
crypto/engine/engine.c
View File

@ -23,6 +23,8 @@
#include <openssl/rsa.h> #include <openssl/rsa.h>
#include <openssl/thread.h> #include <openssl/thread.h>
#include "../internal.h"
struct engine_st { struct engine_st {
RSA_METHOD *rsa_method; RSA_METHOD *rsa_method;
@ -35,7 +37,7 @@ ENGINE *ENGINE_new(void) {
return NULL; return NULL;
} }
memset(engine, 0, sizeof(ENGINE)); OPENSSL_memset(engine, 0, sizeof(ENGINE));
return engine; return engine;
} }

10
crypto/err/err.c
View File

@ -141,7 +141,7 @@ static void err_clear_data(struct err_error_st *error) {
/* err_clear clears the given queued error. */ /* err_clear clears the given queued error. */
static void err_clear(struct err_error_st *error) { static void err_clear(struct err_error_st *error) {
err_clear_data(error); err_clear_data(error);
memset(error, 0, sizeof(struct err_error_st)); OPENSSL_memset(error, 0, sizeof(struct err_error_st));
} }
/* global_next_library contains the next custom library value to return. */ /* global_next_library contains the next custom library value to return. */
@ -175,7 +175,7 @@ static ERR_STATE *err_get_state(void) {
if (state == NULL) { if (state == NULL) {
return NULL; return NULL;
} }
memset(state, 0, sizeof(ERR_STATE)); OPENSSL_memset(state, 0, sizeof(ERR_STATE));
if (!CRYPTO_set_thread_local(OPENSSL_THREAD_LOCAL_ERR, state, if (!CRYPTO_set_thread_local(OPENSSL_THREAD_LOCAL_ERR, state,
err_state_free)) { err_state_free)) {
return NULL; return NULL;
@ -349,7 +349,7 @@ char *ERR_error_string(uint32_t packed_error, char *ret) {
#if !defined(NDEBUG) #if !defined(NDEBUG)
/* This is aimed to help catch callers who don't provide /* This is aimed to help catch callers who don't provide
* |ERR_ERROR_STRING_BUF_LEN| bytes of space. */ * |ERR_ERROR_STRING_BUF_LEN| bytes of space. */
memset(ret, 0, ERR_ERROR_STRING_BUF_LEN); OPENSSL_memset(ret, 0, ERR_ERROR_STRING_BUF_LEN);
#endif #endif
ERR_error_string_n(packed_error, ret, ERR_ERROR_STRING_BUF_LEN); ERR_error_string_n(packed_error, ret, ERR_ERROR_STRING_BUF_LEN);
@ -407,7 +407,7 @@ void ERR_error_string_n(uint32_t packed_error, char *buf, size_t len) {
* terminating 0). If we're setting this colon, then all whole of the * terminating 0). If we're setting this colon, then all whole of the
* rest of the string must be colons in order to have the correct * rest of the string must be colons in order to have the correct
* number. */ * number. */
memset(last_pos, ':', num_colons - i); OPENSSL_memset(last_pos, ':', num_colons - i);
break; break;
} }
@ -675,7 +675,7 @@ static void err_add_error_vdata(unsigned num, va_list args) {
buf = new_buf; buf = new_buf;
} }
memcpy(buf + len, substr, substr_len); OPENSSL_memcpy(buf + len, substr, substr_len);
len = new_len; len = new_len;
} }

2
crypto/evp/evp.c
View File

@ -80,7 +80,7 @@ EVP_PKEY *EVP_PKEY_new(void) {
return NULL; return NULL;
} }
memset(ret, 0, sizeof(EVP_PKEY)); OPENSSL_memset(ret, 0, sizeof(EVP_PKEY));
ret->type = EVP_PKEY_NONE; ret->type = EVP_PKEY_NONE;
ret->references = 1; ret->references = 1;

2
crypto/evp/evp_asn1.c
View File

@ -84,7 +84,7 @@ static int parse_key_type(CBS *cbs, int *out_type) {
for (i = 0; i < OPENSSL_ARRAY_SIZE(kASN1Methods); i++) { for (i = 0; i < OPENSSL_ARRAY_SIZE(kASN1Methods); i++) {
const EVP_PKEY_ASN1_METHOD *method = kASN1Methods[i]; const EVP_PKEY_ASN1_METHOD *method = kASN1Methods[i];
if (CBS_len(&oid) == method->oid_len && if (CBS_len(&oid) == method->oid_len &&
memcmp(CBS_data(&oid), method->oid, method->oid_len) == 0) { OPENSSL_memcmp(CBS_data(&oid), method->oid, method->oid_len) == 0) {
*out_type = method->pkey_id; *out_type = method->pkey_id;
return 1; return 1;
} }

5
crypto/evp/evp_ctx.c
View File

@ -61,6 +61,7 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/mem.h> #include <openssl/mem.h>
#include "../internal.h"
#include "internal.h" #include "internal.h"
@ -105,7 +106,7 @@ static EVP_PKEY_CTX *evp_pkey_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) {
OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE); OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);
return NULL; return NULL;
} }
memset(ret, 0, sizeof(EVP_PKEY_CTX)); OPENSSL_memset(ret, 0, sizeof(EVP_PKEY_CTX));
ret->engine = e; ret->engine = e;
ret->pmeth = pmeth; ret->pmeth = pmeth;
@ -159,7 +160,7 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) {
return NULL; return NULL;
} }
memset(rctx, 0, sizeof(EVP_PKEY_CTX)); OPENSSL_memset(rctx, 0, sizeof(EVP_PKEY_CTX));
rctx->pmeth = pctx->pmeth; rctx->pmeth = pctx->pmeth;
rctx->engine = pctx->engine; rctx->engine = pctx->engine;

4
crypto/evp/evp_extra_test.cc
View File

@ -27,6 +27,8 @@
#include <openssl/pkcs8.h> #include <openssl/pkcs8.h>
#include <openssl/rsa.h> #include <openssl/rsa.h>
#include "../internal.h"
// kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you // kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
// should never use this key anywhere but in an example. // should never use this key anywhere but in an example.
@ -469,7 +471,7 @@ static bool TestVerifyRecover() {
return false; return false;
} }
if (memcmp(recovered.data(), kDummyHash, sizeof(kDummyHash)) != 0) { if (OPENSSL_memcmp(recovered.data(), kDummyHash, sizeof(kDummyHash)) != 0) {
fprintf(stderr, "verify_recover got wrong value.\n"); fprintf(stderr, "verify_recover got wrong value.\n");
ERR_print_errors_fp(stderr); ERR_print_errors_fp(stderr);
return false; return false;

3
crypto/evp/p_ec.c
View File

@ -70,6 +70,7 @@
#include "internal.h" #include "internal.h"
#include "../ec/internal.h" #include "../ec/internal.h"
#include "../internal.h"
typedef struct { typedef struct {
@ -84,7 +85,7 @@ static int pkey_ec_init(EVP_PKEY_CTX *ctx) {
if (!dctx) { if (!dctx) {
return 0; return 0;
} }
memset(dctx, 0, sizeof(EC_PKEY_CTX)); OPENSSL_memset(dctx, 0, sizeof(EC_PKEY_CTX));
ctx->data = dctx; ctx->data = dctx;

7
crypto/evp/p_rsa.c
View File

@ -67,6 +67,7 @@
#include <openssl/nid.h> #include <openssl/nid.h>
#include <openssl/rsa.h> #include <openssl/rsa.h>
#include "../internal.h"
#include "../rsa/internal.h" #include "../rsa/internal.h"
#include "internal.h" #include "internal.h"
@ -97,7 +98,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx) {
if (!rctx) { if (!rctx) {
return 0; return 0;
} }
memset(rctx, 0, sizeof(RSA_PKEY_CTX)); OPENSSL_memset(rctx, 0, sizeof(RSA_PKEY_CTX));
rctx->nbits = 2048; rctx->nbits = 2048;
rctx->pad_mode = RSA_PKCS1_PADDING; rctx->pad_mode = RSA_PKCS1_PADDING;
@ -289,7 +290,7 @@ static int pkey_rsa_verify_recover(EVP_PKEY_CTX *ctx, uint8_t *out,
return 0; return 0;
} }
*out_len = ret; *out_len = ret;
memcpy(out, rctx->tbuf, *out_len); OPENSSL_memcpy(out, rctx->tbuf, *out_len);
return 1; return 1;
} }
@ -329,7 +330,7 @@ static int pkey_rsa_verify_recover(EVP_PKEY_CTX *ctx, uint8_t *out,
} }
if (out != NULL) { if (out != NULL) {
memcpy(out, rctx->tbuf + asn1_prefix_len, result_len); OPENSSL_memcpy(out, rctx->tbuf + asn1_prefix_len, result_len);
} }
*out_len = result_len; *out_len = result_len;

4
crypto/evp/pbkdf.c
View File

@ -59,6 +59,8 @@
#include <openssl/hmac.h> #include <openssl/hmac.h>
#include "../internal.h"
int PKCS5_PBKDF2_HMAC(const char *password, size_t password_len, int PKCS5_PBKDF2_HMAC(const char *password, size_t password_len,
const uint8_t *salt, size_t salt_len, unsigned iterations, const uint8_t *salt, size_t salt_len, unsigned iterations,
@ -101,7 +103,7 @@ int PKCS5_PBKDF2_HMAC(const char *password, size_t password_len,
return 0; return 0;
} }
HMAC_CTX_cleanup(&hctx); HMAC_CTX_cleanup(&hctx);
memcpy(p, digest_tmp, cplen); OPENSSL_memcpy(p, digest_tmp, cplen);
for (j = 1; j < iterations; j++) { for (j = 1; j < iterations; j++) {
if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) {
HMAC_CTX_cleanup(&hctx_tpl); HMAC_CTX_cleanup(&hctx_tpl);

4
crypto/evp/pbkdf_test.cc
View File

@ -20,6 +20,8 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/evp.h> #include <openssl/evp.h>
#include "../internal.h"
// Prints out the data buffer as a sequence of hex bytes. // Prints out the data buffer as a sequence of hex bytes.
static void PrintDataHex(const void *data, size_t len) { static void PrintDataHex(const void *data, size_t len) {
@ -49,7 +51,7 @@ static bool TestPBKDF2(const void *password, size_t password_len,
return false; return false;
} }
if (memcmp(key, expected_key, key_len) != 0) { if (OPENSSL_memcmp(key, expected_key, key_len) != 0) {
fprintf(stderr, "Resulting key material does not match expectation\n"); fprintf(stderr, "Resulting key material does not match expectation\n");
fprintf(stderr, "Expected:\n "); fprintf(stderr, "Expected:\n ");
PrintDataHex(expected_key, key_len); PrintDataHex(expected_key, key_len);

4
crypto/hkdf/hkdf.c
View File

@ -20,6 +20,8 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/hmac.h> #include <openssl/hmac.h>
#include "../internal.h"
int HKDF(uint8_t *out_key, size_t out_len, const EVP_MD *digest, int HKDF(uint8_t *out_key, size_t out_len, const EVP_MD *digest,
const uint8_t *secret, size_t secret_len, const uint8_t *salt, const uint8_t *secret, size_t secret_len, const uint8_t *salt,
@ -95,7 +97,7 @@ int HKDF_expand(uint8_t *out_key, size_t out_len, const EVP_MD *digest,
if (done + todo > out_len) { if (done + todo > out_len) {
todo = out_len - done; todo = out_len - done;
} }
memcpy(out_key + done, previous, todo); OPENSSL_memcpy(out_key + done, previous, todo);
done += todo; done += todo;
} }

6
crypto/hkdf/hkdf_test.c
View File

@ -262,7 +262,7 @@ int main(void) {
return 1; return 1;
} }
if (prk_len != test->prk_len || if (prk_len != test->prk_len ||
memcmp(prk, test->prk, test->prk_len) != 0) { OPENSSL_memcmp(prk, test->prk, test->prk_len) != 0) {
fprintf(stderr, "%zu: Resulting PRK does not match test vector\n", i); fprintf(stderr, "%zu: Resulting PRK does not match test vector\n", i);
return 1; return 1;
} }
@ -272,7 +272,7 @@ int main(void) {
ERR_print_errors_fp(stderr); ERR_print_errors_fp(stderr);
return 1; return 1;
} }
if (memcmp(buf, test->out, test->out_len) != 0) { if (OPENSSL_memcmp(buf, test->out, test->out_len) != 0) {
fprintf(stderr, fprintf(stderr,
"%zu: Resulting key material does not match test vector\n", i); "%zu: Resulting key material does not match test vector\n", i);
return 1; return 1;
@ -284,7 +284,7 @@ int main(void) {
ERR_print_errors_fp(stderr); ERR_print_errors_fp(stderr);
return 1; return 1;
} }
if (memcmp(buf, test->out, test->out_len) != 0) { if (OPENSSL_memcmp(buf, test->out, test->out_len) != 0) {
fprintf(stderr, fprintf(stderr,
"%zu: Resulting key material does not match test vector\n", i); "%zu: Resulting key material does not match test vector\n", i);
return 1; return 1;

6
crypto/hmac/hmac.c
View File

@ -62,6 +62,8 @@
#include <openssl/digest.h> #include <openssl/digest.h>
#include <openssl/mem.h> #include <openssl/mem.h>
#include "../internal.h"
uint8_t *HMAC(const EVP_MD *evp_md, const void *key, size_t key_len, uint8_t *HMAC(const EVP_MD *evp_md, const void *key, size_t key_len,
const uint8_t *data, size_t data_len, uint8_t *out, const uint8_t *data, size_t data_len, uint8_t *out,
@ -130,12 +132,12 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, size_t key_len,
} }
} else { } else {
assert(key_len <= sizeof(key_block)); assert(key_len <= sizeof(key_block));
memcpy(key_block, key, key_len); OPENSSL_memcpy(key_block, key, key_len);
key_block_len = (unsigned)key_len; key_block_len = (unsigned)key_len;
} }
/* Keys are then padded with zeros. */ /* Keys are then padded with zeros. */
if (key_block_len != EVP_MAX_MD_BLOCK_SIZE) { if (key_block_len != EVP_MAX_MD_BLOCK_SIZE) {
memset(&key_block[key_block_len], 0, sizeof(key_block) - key_block_len); OPENSSL_memset(&key_block[key_block_len], 0, sizeof(key_block) - key_block_len);
} }
for (size_t i = 0; i < EVP_MAX_MD_BLOCK_SIZE; i++) { for (size_t i = 0; i < EVP_MAX_MD_BLOCK_SIZE; i++) {

82
crypto/internal.h
View File

@ -112,6 +112,8 @@
#include <openssl/ex_data.h> #include <openssl/ex_data.h>
#include <openssl/thread.h> #include <openssl/thread.h>
#include <string.h>
#if defined(_MSC_VER) #if defined(_MSC_VER)
#if !defined(__cplusplus) || _MSC_VER < 1900 #if !defined(__cplusplus) || _MSC_VER < 1900
#define alignas(x) __declspec(align(x)) #define alignas(x) __declspec(align(x))
@ -520,6 +522,86 @@ OPENSSL_EXPORT void CRYPTO_free_ex_data(CRYPTO_EX_DATA_CLASS *ex_data_class,
void *obj, CRYPTO_EX_DATA *ad); void *obj, CRYPTO_EX_DATA *ad);
/* Language bug workarounds.
*
* Most C standard library functions are undefined if passed NULL, even when the
* corresponding length is zero. This gives them (and, in turn, all functions
* which call them) surprising behavior on empty arrays. Some compilers will
* miscompile code due to this rule. See also
* https://www.imperialviolet.org/2016/06/26/nonnull.html
*
* If building BoringSSL itself, replace C standard library functions with more
* well-behaved versions. Due to some C++ toolchains defining versions of these
* functions under namespaces, this is limited to our C files.
*
* Note |OPENSSL_memcmp| is a different function from |CRYPTO_memcmp|. */
/* C++ defines |memchr| as a const-correct overload. */
#if defined(__cplusplus)
extern "C++" {
static inline const void *OPENSSL_memchr(const void *s, int c, size_t n) {
if (n == 0) {
return NULL;
}
return memchr(s, c, n);
}
static inline void *OPENSSL_memchr(void *s, int c, size_t n) {
if (n == 0) {
return NULL;
}
return memchr(s, c, n);
}
} /* extern "C++" */
#else /* __cplusplus */
static inline void *OPENSSL_memchr(const void *s, int c, size_t n) {
if (n == 0) {
return NULL;
}
return memchr(s, c, n);
}
#endif /* __cplusplus */
static inline int OPENSSL_memcmp(const void *s1, const void *s2, size_t n) {
if (n == 0) {
return 0;
}
return memcmp(s1, s2, n);
}
static inline void *OPENSSL_memcpy(void *dst, const void *src, size_t n) {
if (n == 0) {
return dst;
}
return memcpy(dst, src, n);
}
static inline void *OPENSSL_memmove(void *dst, const void *src, size_t n) {
if (n == 0) {
return dst;
}
return memmove(dst, src, n);
}
static inline void *OPENSSL_memset(void *dst, int c, size_t n) {
if (n == 0) {
return dst;
}
return memset(dst, c, n);
}
#if defined(__cplusplus) #if defined(__cplusplus)
} /* extern C */ } /* extern C */
#endif #endif

9
crypto/lhash/lhash.c
View File

@ -62,6 +62,9 @@
#include <openssl/mem.h> #include <openssl/mem.h>
#include "../internal.h"
/* kMinNumBuckets is the minimum size of the buckets array in an |_LHASH|. */ /* kMinNumBuckets is the minimum size of the buckets array in an |_LHASH|. */
static const size_t kMinNumBuckets = 16; static const size_t kMinNumBuckets = 16;
@ -77,7 +80,7 @@ _LHASH *lh_new(lhash_hash_func hash, lhash_cmp_func comp) {
if (ret == NULL) { if (ret == NULL) {
return NULL; return NULL;
} }
memset(ret, 0, sizeof(_LHASH)); OPENSSL_memset(ret, 0, sizeof(_LHASH));
ret->num_buckets = kMinNumBuckets; ret->num_buckets = kMinNumBuckets;
ret->buckets = OPENSSL_malloc(sizeof(LHASH_ITEM *) * ret->num_buckets); ret->buckets = OPENSSL_malloc(sizeof(LHASH_ITEM *) * ret->num_buckets);
@ -85,7 +88,7 @@ _LHASH *lh_new(lhash_hash_func hash, lhash_cmp_func comp) {
OPENSSL_free(ret); OPENSSL_free(ret);
return NULL; return NULL;
} }
memset(ret->buckets, 0, sizeof(LHASH_ITEM *) * ret->num_buckets); OPENSSL_memset(ret->buckets, 0, sizeof(LHASH_ITEM *) * ret->num_buckets);
ret->comp = comp; ret->comp = comp;
if (ret->comp == NULL) { if (ret->comp == NULL) {
@ -173,7 +176,7 @@ static void lh_rebucket(_LHASH *lh, const size_t new_num_buckets) {
if (new_buckets == NULL) { if (new_buckets == NULL) {
return; return;
} }
memset(new_buckets, 0, alloc_size); OPENSSL_memset(new_buckets, 0, alloc_size);
for (i = 0; i < lh->num_buckets; i++) { for (i = 0; i < lh->num_buckets; i++) {
for (cur = lh->buckets[i]; cur != NULL; cur = next) { for (cur = lh->buckets[i]; cur != NULL; cur = next) {

4
crypto/md4/md4.c
View File

@ -59,6 +59,8 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include "../internal.h"
uint8_t *MD4(const uint8_t *data, size_t len, uint8_t *out) { uint8_t *MD4(const uint8_t *data, size_t len, uint8_t *out) {
MD4_CTX ctx; MD4_CTX ctx;
@ -72,7 +74,7 @@ uint8_t *MD4(const uint8_t *data, size_t len, uint8_t *out) {
/* Implemented from RFC1186 The MD4 Message-Digest Algorithm. */ /* Implemented from RFC1186 The MD4 Message-Digest Algorithm. */
int MD4_Init(MD4_CTX *md4) { int MD4_Init(MD4_CTX *md4) {
memset(md4, 0, sizeof(MD4_CTX)); OPENSSL_memset(md4, 0, sizeof(MD4_CTX));
md4->h[0] = 0x67452301UL; md4->h[0] = 0x67452301UL;
md4->h[1] = 0xefcdab89UL; md4->h[1] = 0xefcdab89UL;
md4->h[2] = 0x98badcfeUL; md4->h[2] = 0x98badcfeUL;

4
crypto/md5/md5.c
View File

@ -60,6 +60,8 @@
#include <openssl/mem.h> #include <openssl/mem.h>
#include "../internal.h"
uint8_t *MD5(const uint8_t *data, size_t len, uint8_t *out) { uint8_t *MD5(const uint8_t *data, size_t len, uint8_t *out) {
MD5_CTX ctx; MD5_CTX ctx;
@ -78,7 +80,7 @@ uint8_t *MD5(const uint8_t *data, size_t len, uint8_t *out) {
} }
int MD5_Init(MD5_CTX *md5) { int MD5_Init(MD5_CTX *md5) {
memset(md5, 0, sizeof(MD5_CTX)); OPENSSL_memset(md5, 0, sizeof(MD5_CTX));
md5->h[0] = 0x67452301UL; md5->h[0] = 0x67452301UL;
md5->h[1] = 0xefcdab89UL; md5->h[1] = 0xefcdab89UL;
md5->h[2] = 0x98badcfeUL; md5->h[2] = 0x98badcfeUL;

6
crypto/mem.c
View File

@ -73,6 +73,8 @@ OPENSSL_MSVC_PRAGMA(warning(pop))
#include <strings.h> #include <strings.h>
#endif #endif
#include "internal.h"
void *OPENSSL_realloc_clean(void *ptr, size_t old_size, size_t new_size) { void *OPENSSL_realloc_clean(void *ptr, size_t old_size, size_t new_size) {
if (ptr == NULL) { if (ptr == NULL) {
@ -94,7 +96,7 @@ void *OPENSSL_realloc_clean(void *ptr, size_t old_size, size_t new_size) {
return NULL; return NULL;
} }
memcpy(ret, ptr, old_size); OPENSSL_memcpy(ret, ptr, old_size);
OPENSSL_cleanse(ptr, old_size); OPENSSL_cleanse(ptr, old_size);
OPENSSL_free(ptr); OPENSSL_free(ptr);
return ret; return ret;
@ -104,7 +106,7 @@ void OPENSSL_cleanse(void *ptr, size_t len) {
#if defined(OPENSSL_WINDOWS) #if defined(OPENSSL_WINDOWS)
SecureZeroMemory(ptr, len); SecureZeroMemory(ptr, len);
#else #else
memset(ptr, 0, len); OPENSSL_memset(ptr, 0, len);
#if !defined(OPENSSL_NO_ASM) #if !defined(OPENSSL_NO_ASM)
/* As best as we can tell, this is sufficient to break any optimisations that /* As best as we can tell, this is sufficient to break any optimisations that

4
crypto/modes/cbc.c
View File

@ -103,7 +103,7 @@ void CRYPTO_cbc128_encrypt(const uint8_t *in, uint8_t *out, size_t len,
out += 16; out += 16;
} }
memcpy(ivec, iv, 16); OPENSSL_memcpy(ivec, iv, 16);
} }
void CRYPTO_cbc128_decrypt(const uint8_t *in, uint8_t *out, size_t len, void CRYPTO_cbc128_decrypt(const uint8_t *in, uint8_t *out, size_t len,
@ -154,7 +154,7 @@ void CRYPTO_cbc128_decrypt(const uint8_t *in, uint8_t *out, size_t len,
out += 16; out += 16;
} }
} }
memcpy(ivec, iv, 16); OPENSSL_memcpy(ivec, iv, 16);
} else { } else {
/* |out| is less than two blocks behind |in|. Decrypting an input block /* |out| is less than two blocks behind |in|. Decrypting an input block
* directly to |out| would overwrite a ciphertext block before it is used as * directly to |out| would overwrite a ciphertext block before it is used as

4
crypto/modes/cfb.c
View File

@ -167,7 +167,7 @@ static void cfbr_encrypt_block(const uint8_t *in, uint8_t *out, unsigned nbits,
} }
/* fill in the first half of the new IV with the current IV */ /* fill in the first half of the new IV with the current IV */
memcpy(ovec, ivec, 16); OPENSSL_memcpy(ovec, ivec, 16);
/* construct the new IV */ /* construct the new IV */
(*block)(ivec, ivec, key); (*block)(ivec, ivec, key);
num = (nbits + 7) / 8; num = (nbits + 7) / 8;
@ -186,7 +186,7 @@ static void cfbr_encrypt_block(const uint8_t *in, uint8_t *out, unsigned nbits,
rem = nbits % 8; rem = nbits % 8;
num = nbits / 8; num = nbits / 8;
if (rem == 0) { if (rem == 0) {
memcpy(ivec, ovec + num, 16); OPENSSL_memcpy(ivec, ovec + num, 16);
} else { } else {
for (n = 0; n < 16; ++n) { for (n = 0; n < 16; ++n) {
ivec[n] = ovec[n + num] << rem | ovec[n + num + 1] >> (8 - rem); ivec[n] = ovec[n + num] << rem | ovec[n + num + 1] >> (8 - rem);

2
crypto/modes/ctr.c
View File

@ -202,7 +202,7 @@ void CRYPTO_ctr128_encrypt_ctr32(const uint8_t *in, uint8_t *out,
in += blocks; in += blocks;
} }
if (len) { if (len) {
memset(ecount_buf, 0, 16); OPENSSL_memset(ecount_buf, 0, 16);
(*func)(ecount_buf, ecount_buf, 1, key, ivec); (*func)(ecount_buf, ecount_buf, 1, key, ivec);
++ctr32; ++ctr32;
PUTU32(ivec + 12, ctr32); PUTU32(ivec + 12, ctr32);

11
crypto/modes/gcm.c
View File

@ -363,7 +363,7 @@ void CRYPTO_ghash_init(gmult_func *out_mult, ghash_func *out_hash,
uint8_t c[16]; uint8_t c[16];
} H; } H;
memcpy(H.c, gcm_key, 16); OPENSSL_memcpy(H.c, gcm_key, 16);
/* H is stored in host byte order */ /* H is stored in host byte order */
H.u[0] = CRYPTO_bswap8(H.u[0]); H.u[0] = CRYPTO_bswap8(H.u[0]);
@ -426,11 +426,11 @@ void CRYPTO_ghash_init(gmult_func *out_mult, ghash_func *out_hash,
void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, const void *aes_key, void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, const void *aes_key,
block128_f block) { block128_f block) {
memset(ctx, 0, sizeof(*ctx)); OPENSSL_memset(ctx, 0, sizeof(*ctx));
ctx->block = block; ctx->block = block;
uint8_t gcm_key[16]; uint8_t gcm_key[16];
memset(gcm_key, 0, sizeof(gcm_key)); OPENSSL_memset(gcm_key, 0, sizeof(gcm_key));
(*block)(gcm_key, gcm_key, aes_key); (*block)(gcm_key, gcm_key, aes_key);
CRYPTO_ghash_init(&ctx->gmult, &ctx->ghash, ctx->Htable, gcm_key); CRYPTO_ghash_init(&ctx->gmult, &ctx->ghash, ctx->Htable, gcm_key);
@ -453,7 +453,7 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const void *key,
ctx->mres = 0; ctx->mres = 0;
if (len == 12) { if (len == 12) {
memcpy(ctx->Yi.c, iv, 12); OPENSSL_memcpy(ctx->Yi.c, iv, 12);
ctx->Yi.c[15] = 1; ctx->Yi.c[15] = 1;
ctr = 1; ctr = 1;
} else { } else {
@ -1060,7 +1060,8 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const uint8_t *tag, size_t len) {
void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len) { void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len) {
CRYPTO_gcm128_finish(ctx, NULL, 0); CRYPTO_gcm128_finish(ctx, NULL, 0);
memcpy(tag, ctx->Xi.c, len <= sizeof(ctx->Xi.c) ? len : sizeof(ctx->Xi.c)); OPENSSL_memcpy(tag, ctx->Xi.c,
len <= sizeof(ctx->Xi.c) ? len : sizeof(ctx->Xi.c));
} }
#if defined(OPENSSL_X86) || defined(OPENSSL_X86_64) #if defined(OPENSSL_X86) || defined(OPENSSL_X86_64)

8
crypto/modes/gcm_test.cc
View File

@ -350,7 +350,7 @@ static int run_test_case(unsigned test_num, const struct test_case *test) {
CRYPTO_gcm128_init(&ctx, &aes_key, (block128_f) AES_encrypt); CRYPTO_gcm128_init(&ctx, &aes_key, (block128_f) AES_encrypt);
CRYPTO_gcm128_setiv(&ctx, &aes_key, nonce, nonce_len); CRYPTO_gcm128_setiv(&ctx, &aes_key, nonce, nonce_len);
memset(out, 0, plaintext_len); OPENSSL_memset(out, 0, plaintext_len);
if (additional_data) { if (additional_data) {
CRYPTO_gcm128_aad(&ctx, additional_data, additional_data_len); CRYPTO_gcm128_aad(&ctx, additional_data, additional_data_len);
} }
@ -358,7 +358,7 @@ static int run_test_case(unsigned test_num, const struct test_case *test) {
CRYPTO_gcm128_encrypt(&ctx, &aes_key, plaintext, out, plaintext_len); CRYPTO_gcm128_encrypt(&ctx, &aes_key, plaintext, out, plaintext_len);
} }
if (!CRYPTO_gcm128_finish(&ctx, tag, tag_len) || if (!CRYPTO_gcm128_finish(&ctx, tag, tag_len) ||
(ciphertext && memcmp(out, ciphertext, plaintext_len) != 0)) { (ciphertext && OPENSSL_memcmp(out, ciphertext, plaintext_len) != 0)) {
fprintf(stderr, "%u: encrypt failed.\n", test_num); fprintf(stderr, "%u: encrypt failed.\n", test_num);
hexdump(stderr, "got :", out, plaintext_len); hexdump(stderr, "got :", out, plaintext_len);
hexdump(stderr, "want:", ciphertext, plaintext_len); hexdump(stderr, "want:", ciphertext, plaintext_len);
@ -366,7 +366,7 @@ static int run_test_case(unsigned test_num, const struct test_case *test) {
} }
CRYPTO_gcm128_setiv(&ctx, &aes_key, nonce, nonce_len); CRYPTO_gcm128_setiv(&ctx, &aes_key, nonce, nonce_len);
memset(out, 0, plaintext_len); OPENSSL_memset(out, 0, plaintext_len);
if (additional_data) { if (additional_data) {
CRYPTO_gcm128_aad(&ctx, additional_data, additional_data_len); CRYPTO_gcm128_aad(&ctx, additional_data, additional_data_len);
} }
@ -377,7 +377,7 @@ static int run_test_case(unsigned test_num, const struct test_case *test) {
fprintf(stderr, "%u: decrypt failed.\n", test_num); fprintf(stderr, "%u: decrypt failed.\n", test_num);
goto out; goto out;
} }
if (plaintext && memcmp(out, plaintext, plaintext_len)) { if (plaintext && OPENSSL_memcmp(out, plaintext, plaintext_len)) {
fprintf(stderr, "%u: plaintext doesn't match.\n", test_num); fprintf(stderr, "%u: plaintext doesn't match.\n", test_num);
goto out; goto out;
} }

6
crypto/modes/internal.h
View File

@ -53,6 +53,8 @@
#include <string.h> #include <string.h>
#include "../internal.h"
#if defined(__cplusplus) #if defined(__cplusplus)
extern "C" { extern "C" {
#endif #endif
@ -100,13 +102,13 @@ static inline uint64_t CRYPTO_bswap8(uint64_t x) {
static inline uint32_t GETU32(const void *in) { static inline uint32_t GETU32(const void *in) {
uint32_t v; uint32_t v;
memcpy(&v, in, sizeof(v)); OPENSSL_memcpy(&v, in, sizeof(v));
return CRYPTO_bswap4(v); return CRYPTO_bswap4(v);
} }
static inline void PUTU32(void *out, uint32_t v) { static inline void PUTU32(void *out, uint32_t v) {
v = CRYPTO_bswap4(v); v = CRYPTO_bswap4(v);
memcpy(out, &v, sizeof(v)); OPENSSL_memcpy(out, &v, sizeof(v));
} }
static inline uint32_t GETU32_aligned(const void *in) { static inline uint32_t GETU32_aligned(const void *in) {

Some files were not shown because too many files have changed in this diff Show More