FIPS-2022-11-02: thread-local using system allocator #1401
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This includes an internal version which allows a flag to specify the use of system malloc, or OPENSSL_malloc - this in turn allows us to use this function in the ERR family of functions and allow for ERR to not call OPENSSL_malloc with a circular dependency. Bug: 564 Change-Id: Ifd02d062fda9695cddbb0dbef2e1c1db0802a486 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/57005 Auto-Submit: Bob Beck <bbe@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: Bob Beck <bbe@google.com> (cherry picked from commit 350f8547cf2101669684ebdb99b49b11fff5e217) AWS-LC: Only took header files and changes around OPENSSL_vasprintf_internal
This will let us call ERR and thread_local from OPENSSL_malloc without creating a circular dependency. We also make ERR_get_error_line_data add ERR_FLAG_MALLOCED to the returned flags value, since some projects appear to be making assumptions about it being there. Bug: 564 Update-Note: Any recent documentation (in all OpenSSL forks) for the ERR functions cautions against freeing the returned ERR "data" strings, as freeing them is handled by the error library. This change can make an existing double free bug more obvious by being more likely to cause a crash with the double free. Change-Id: Ie30bd3aee0b506473988b90675c48510969db31a Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/57045 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: Bob Beck <bbe@google.com> Auto-Submit: Bob Beck <bbe@google.com> (cherry picked from commit fc524c161e8640e017b0d838f76e75dc49181e34)
darylmartin100
approved these changes
Jan 12, 2024
skmcgrail
approved these changes
Jan 12, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issues:
P111627750
Description of changes:
Call-outs:
mem.cfor cherry-pick of Add OPENSSL_asprintf and friends for asprintf(3) functionality, I only only took the added headers and changes aroundOPENSSL_vasprintf_internalTesting:
Tests pass locally
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.