kris
/
boringssl
1
0
Разклонения 0
Код Задачи 0 Заявки за сливане 0 Версии 0 Уики Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5733 Ревизии
12 Клонове
38 MiB
ИН на ревизия: e9a058315b
Клонове Маркери
${ item.name }
Create branch ${ searchTerm }
от 'e9a058315b'
${ noResults }
boringssl/crypto/mem.c

mem.c 8.1 KiB
Директен файл Normal View История

Fix some typos in license headers. These are not in upstream and were probably introduced on accident by stray vim keystrokes. Change-Id: I35f51f81fc37e75702e7d8ffc6f040ce71321b54 Reviewed-on: https://boringssl-review.googlesource.com/5490 Reviewed-by: Adam Langley <agl@google.com>
преди 9 години
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
преди 10 години
Windows build fixes. Windows doesn't have ssize_t, sadly. There's SSIZE_T, but defining an OPENSSL_SSIZE_T seems worse than just using an int. Change-Id: I09bb5aa03f96da78b619e551f92ed52ce24d9f3f Reviewed-on: https://boringssl-review.googlesource.com/1352 Reviewed-by: Adam Langley <agl@google.com>
преди 10 години
Wrap MSVC-only warning pragmas in a macro. There's a __pragma expression which allows this. Android builds us Windows with MinGW for some reason, so we actually do have to tolerate non-MSVC-compatible Windows compilers. (Clang for Windows is much more sensible than MinGW and intentionally mimicks MSVC.) MinGW doesn't understand MSVC's pragmas and warns a lot. #pragma warning is safe to suppress, so wrap those to shush them. This also lets us do away with a few ifdefs. Change-Id: I1f5a8bec4940d4b2d947c4c1cc9341bc15ec4972 Reviewed-on: https://boringssl-review.googlesource.com/8236 Reviewed-by: Adam Langley <agl@google.com>
преди 8 години
Lowercase some Windows headers. MinGW on Linux needs lowercase include files. On Windows this doesn't matter since the filesystems are case-insensitive, but building BoringSSL on Linux with MinGW has case-sensitive filesystems. Change-Id: Id9c120d819071b041341fbb978352812d6d073bc Reviewed-on: https://boringssl-review.googlesource.com/4090 Reviewed-by: Adam Langley <agl@google.com>
преди 9 години
Include intrin.h under cover of warning pragmas. intrin.h on MSVC seems to have the same problem as other MSVC headers. https://build.chromium.org/p/client.boringssl/builders/win64_small/builds/455/steps/ninja/logs/stdio Change-Id: I98e959132c2f6188727d6c432f9c85aa0a78e91e Reviewed-on: https://boringssl-review.googlesource.com/8305 Reviewed-by: Adam Langley <agl@google.com>
преди 8 години
Windows build fixes. Windows doesn't have ssize_t, sadly. There's SSIZE_T, but defining an OPENSSL_SSIZE_T seems worse than just using an int. Change-Id: I09bb5aa03f96da78b619e551f92ed52ce24d9f3f Reviewed-on: https://boringssl-review.googlesource.com/1352 Reviewed-by: Adam Langley <agl@google.com>
преди 10 години
Work around language and compiler bug in memcpy, etc. Most C standard library functions are undefined if passed NULL, even when the corresponding length is zero. This gives them (and, in turn, all functions which call them) surprising behavior on empty arrays. Some compilers will miscompile code due to this rule. See also https://www.imperialviolet.org/2016/06/26/nonnull.html Add OPENSSL_memcpy, etc., wrappers which avoid this problem. BUG=23 Change-Id: I95f42b23e92945af0e681264fffaf578e7f8465e Reviewed-on: https://boringssl-review.googlesource.com/12928 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
преди 7 години
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
преди 10 години
Zero memory in |OPENSSL_free|. Allocations by |OPENSSL_malloc| are prefixed with their length. |OPENSSL_free| zeros the allocation before calling free(), eliminating the need for a separate call to |OPENSSL_cleanse| for sensitive data. This change will be followed up by the cleanup in https://boringssl-review.googlesource.com/c/boringssl/+/19824. Change-Id: Ie272f07e9248d7d78af9aea81dacec0fdb7484c4 Reviewed-on: https://boringssl-review.googlesource.com/19544 Reviewed-by: Martin Kreichgauer <martinkr@google.com> Commit-Queue: Martin Kreichgauer <martinkr@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
преди 7 години
Tell ASan about the OPENSSL_malloc prefix. OpenSSL's BN_mul function had a single-word buffer underflow (see 576129cd72ae054d246221f111aabf42b9c6d76d). We already independently fixed this but, if we hadn't, ASan wouldn't have noticed because of OPENSSL_malloc. ASan has runtime hooks we can call to make it more accurate. Change-Id: Ifc9c3837ece2bc456c5bdc960be707d7b1759904 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/35165 Reviewed-by: Adam Langley <agl@google.com>
преди 5 години
Use sdallocx, if available, when deallocating. Providing a size hint to the allocator is substantially faster, especially as we already know/need the size for OPENSSL_cleanse. We provide a weak symbol that falls back to free when a malloc with sdallocx is not statically linked with BoringSSL. Alternatives considered: * Use dlsym(): This is prone to fail on statically linked binaries without symbols. Additionally, the extra indirection adds call overhead above and beyond the linker resolved technique we're using. * Use CMake rules to identify whether sdallocx is available: Once the library is built, we may link against a variety of malloc implementations (not all of which may have sdallocx), so we need to have a fallback when the symbol is unavailable. Change-Id: I3a78e88fac5b6e5d4712aa0347d2ba6b43046e07 Reviewed-on: https://boringssl-review.googlesource.com/31784 Reviewed-by: Chris Kennelly <ckennelly@google.com> Reviewed-by: Adam Langley <agl@google.com>
преди 6 години
Zero memory in |OPENSSL_free|. Allocations by |OPENSSL_malloc| are prefixed with their length. |OPENSSL_free| zeros the allocation before calling free(), eliminating the need for a separate call to |OPENSSL_cleanse| for sensitive data. This change will be followed up by the cleanup in https://boringssl-review.googlesource.com/c/boringssl/+/19824. Change-Id: Ie272f07e9248d7d78af9aea81dacec0fdb7484c4 Reviewed-on: https://boringssl-review.googlesource.com/19544 Reviewed-by: Martin Kreichgauer <martinkr@google.com> Commit-Queue: Martin Kreichgauer <martinkr@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
преди 7 години
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
преди 10 години
Zero memory in |OPENSSL_free|. Allocations by |OPENSSL_malloc| are prefixed with their length. |OPENSSL_free| zeros the allocation before calling free(), eliminating the need for a separate call to |OPENSSL_cleanse| for sensitive data. This change will be followed up by the cleanup in https://boringssl-review.googlesource.com/c/boringssl/+/19824. Change-Id: Ie272f07e9248d7d78af9aea81dacec0fdb7484c4 Reviewed-on: https://boringssl-review.googlesource.com/19544 Reviewed-by: Martin Kreichgauer <martinkr@google.com> Commit-Queue: Martin Kreichgauer <martinkr@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
преди 7 години
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
преди 10 години
Zero memory in |OPENSSL_free|. Allocations by |OPENSSL_malloc| are prefixed with their length. |OPENSSL_free| zeros the allocation before calling free(), eliminating the need for a separate call to |OPENSSL_cleanse| for sensitive data. This change will be followed up by the cleanup in https://boringssl-review.googlesource.com/c/boringssl/+/19824. Change-Id: Ie272f07e9248d7d78af9aea81dacec0fdb7484c4 Reviewed-on: https://boringssl-review.googlesource.com/19544 Reviewed-by: Martin Kreichgauer <martinkr@google.com> Commit-Queue: Martin Kreichgauer <martinkr@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
преди 7 години
Tell ASan about the OPENSSL_malloc prefix. OpenSSL's BN_mul function had a single-word buffer underflow (see 576129cd72ae054d246221f111aabf42b9c6d76d). We already independently fixed this but, if we hadn't, ASan wouldn't have noticed because of OPENSSL_malloc. ASan has runtime hooks we can call to make it more accurate. Change-Id: Ifc9c3837ece2bc456c5bdc960be707d7b1759904 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/35165 Reviewed-by: Adam Langley <agl@google.com>
преди 5 години
Zero memory in |OPENSSL_free|. Allocations by |OPENSSL_malloc| are prefixed with their length. |OPENSSL_free| zeros the allocation before calling free(), eliminating the need for a separate call to |OPENSSL_cleanse| for sensitive data. This change will be followed up by the cleanup in https://boringssl-review.googlesource.com/c/boringssl/+/19824. Change-Id: Ie272f07e9248d7d78af9aea81dacec0fdb7484c4 Reviewed-on: https://boringssl-review.googlesource.com/19544 Reviewed-by: Martin Kreichgauer <martinkr@google.com> Commit-Queue: Martin Kreichgauer <martinkr@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
преди 7 години
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
преди 10 години
Zero memory in |OPENSSL_free|. Allocations by |OPENSSL_malloc| are prefixed with their length. |OPENSSL_free| zeros the allocation before calling free(), eliminating the need for a separate call to |OPENSSL_cleanse| for sensitive data. This change will be followed up by the cleanup in https://boringssl-review.googlesource.com/c/boringssl/+/19824. Change-Id: Ie272f07e9248d7d78af9aea81dacec0fdb7484c4 Reviewed-on: https://boringssl-review.googlesource.com/19544 Reviewed-by: Martin Kreichgauer <martinkr@google.com> Commit-Queue: Martin Kreichgauer <martinkr@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
преди 7 години
Tell ASan about the OPENSSL_malloc prefix. OpenSSL's BN_mul function had a single-word buffer underflow (see 576129cd72ae054d246221f111aabf42b9c6d76d). We already independently fixed this but, if we hadn't, ASan wouldn't have noticed because of OPENSSL_malloc. ASan has runtime hooks we can call to make it more accurate. Change-Id: Ifc9c3837ece2bc456c5bdc960be707d7b1759904 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/35165 Reviewed-by: Adam Langley <agl@google.com>
преди 5 години
Zero memory in |OPENSSL_free|. Allocations by |OPENSSL_malloc| are prefixed with their length. |OPENSSL_free| zeros the allocation before calling free(), eliminating the need for a separate call to |OPENSSL_cleanse| for sensitive data. This change will be followed up by the cleanup in https://boringssl-review.googlesource.com/c/boringssl/+/19824. Change-Id: Ie272f07e9248d7d78af9aea81dacec0fdb7484c4 Reviewed-on: https://boringssl-review.googlesource.com/19544 Reviewed-by: Martin Kreichgauer <martinkr@google.com> Commit-Queue: Martin Kreichgauer <martinkr@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
преди 7 години
Use sdallocx, if available, when deallocating. Providing a size hint to the allocator is substantially faster, especially as we already know/need the size for OPENSSL_cleanse. We provide a weak symbol that falls back to free when a malloc with sdallocx is not statically linked with BoringSSL. Alternatives considered: * Use dlsym(): This is prone to fail on statically linked binaries without symbols. Additionally, the extra indirection adds call overhead above and beyond the linker resolved technique we're using. * Use CMake rules to identify whether sdallocx is available: Once the library is built, we may link against a variety of malloc implementations (not all of which may have sdallocx), so we need to have a fallback when the symbol is unavailable. Change-Id: I3a78e88fac5b6e5d4712aa0347d2ba6b43046e07 Reviewed-on: https://boringssl-review.googlesource.com/31784 Reviewed-by: Chris Kennelly <ckennelly@google.com> Reviewed-by: Adam Langley <agl@google.com>
преди 6 години
Zero memory in |OPENSSL_free|. Allocations by |OPENSSL_malloc| are prefixed with their length. |OPENSSL_free| zeros the allocation before calling free(), eliminating the need for a separate call to |OPENSSL_cleanse| for sensitive data. This change will be followed up by the cleanup in https://boringssl-review.googlesource.com/c/boringssl/+/19824. Change-Id: Ie272f07e9248d7d78af9aea81dacec0fdb7484c4 Reviewed-on: https://boringssl-review.googlesource.com/19544 Reviewed-by: Martin Kreichgauer <martinkr@google.com> Commit-Queue: Martin Kreichgauer <martinkr@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
преди 7 години
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
преди 10 години
Zero memory in |OPENSSL_free|. Allocations by |OPENSSL_malloc| are prefixed with their length. |OPENSSL_free| zeros the allocation before calling free(), eliminating the need for a separate call to |OPENSSL_cleanse| for sensitive data. This change will be followed up by the cleanup in https://boringssl-review.googlesource.com/c/boringssl/+/19824. Change-Id: Ie272f07e9248d7d78af9aea81dacec0fdb7484c4 Reviewed-on: https://boringssl-review.googlesource.com/19544 Reviewed-by: Martin Kreichgauer <martinkr@google.com> Commit-Queue: Martin Kreichgauer <martinkr@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
преди 7 години
Tell ASan about the OPENSSL_malloc prefix. OpenSSL's BN_mul function had a single-word buffer underflow (see 576129cd72ae054d246221f111aabf42b9c6d76d). We already independently fixed this but, if we hadn't, ASan wouldn't have noticed because of OPENSSL_malloc. ASan has runtime hooks we can call to make it more accurate. Change-Id: Ifc9c3837ece2bc456c5bdc960be707d7b1759904 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/35165 Reviewed-by: Adam Langley <agl@google.com>
преди 5 години
Zero memory in |OPENSSL_free|. Allocations by |OPENSSL_malloc| are prefixed with their length. |OPENSSL_free| zeros the allocation before calling free(), eliminating the need for a separate call to |OPENSSL_cleanse| for sensitive data. This change will be followed up by the cleanup in https://boringssl-review.googlesource.com/c/boringssl/+/19824. Change-Id: Ie272f07e9248d7d78af9aea81dacec0fdb7484c4 Reviewed-on: https://boringssl-review.googlesource.com/19544 Reviewed-by: Martin Kreichgauer <martinkr@google.com> Commit-Queue: Martin Kreichgauer <martinkr@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
преди 7 години
Tell ASan about the OPENSSL_malloc prefix. OpenSSL's BN_mul function had a single-word buffer underflow (see 576129cd72ae054d246221f111aabf42b9c6d76d). We already independently fixed this but, if we hadn't, ASan wouldn't have noticed because of OPENSSL_malloc. ASan has runtime hooks we can call to make it more accurate. Change-Id: Ifc9c3837ece2bc456c5bdc960be707d7b1759904 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/35165 Reviewed-by: Adam Langley <agl@google.com>
преди 5 години
Zero memory in |OPENSSL_free|. Allocations by |OPENSSL_malloc| are prefixed with their length. |OPENSSL_free| zeros the allocation before calling free(), eliminating the need for a separate call to |OPENSSL_cleanse| for sensitive data. This change will be followed up by the cleanup in https://boringssl-review.googlesource.com/c/boringssl/+/19824. Change-Id: Ie272f07e9248d7d78af9aea81dacec0fdb7484c4 Reviewed-on: https://boringssl-review.googlesource.com/19544 Reviewed-by: Martin Kreichgauer <martinkr@google.com> Commit-Queue: Martin Kreichgauer <martinkr@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
преди 7 години
Breaking news: 1998 has come and gone. Last month's canary for loop did not die in the coal mine of decrepit toolchains. Make a note of this in STYLE.md so we know to start breeding more of them. We can indeed declare index variables like it's 1999. I haven't bothered to convert all of our for loops because that will be tedious, but we can do it as we touch the code. Or if someone feels really really bored. BUG=47 Change-Id: Ib76c0767c1b509e825eac66f8c2e3ee2134e2493 Reviewed-on: https://boringssl-review.googlesource.com/8740 Reviewed-by: Adam Langley <agl@google.com>
преди 8 години
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
преди 10 години
Zero memory in |OPENSSL_free|. Allocations by |OPENSSL_malloc| are prefixed with their length. |OPENSSL_free| zeros the allocation before calling free(), eliminating the need for a separate call to |OPENSSL_cleanse| for sensitive data. This change will be followed up by the cleanup in https://boringssl-review.googlesource.com/c/boringssl/+/19824. Change-Id: Ie272f07e9248d7d78af9aea81dacec0fdb7484c4 Reviewed-on: https://boringssl-review.googlesource.com/19544 Reviewed-by: Martin Kreichgauer <martinkr@google.com> Commit-Queue: Martin Kreichgauer <martinkr@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
преди 7 години
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
преди 10 години
Use asm directives to protect OPENSSL_cleanse. Compilers have a bad habit of removing "superfluous" memset calls that are trying to zero memory. For example, when memset()ing a buffer and then free()ing it, the compiler might decide that the memset is unobservable and thus can be removed. Previously we tried to stop this by a) implementing memset in assembly on x86 and b) putting the function in its own file for other platforms. This change removes those tricks in favour of using asm directives to scare the compiler away. As best as our compiler folks can tell, this is sufficient and will continue to be so. Change-Id: I40e0a62c3043038bafd8c63a91814a75a3c59269 Reviewed-on: https://boringssl-review.googlesource.com/1339 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
преди 10 години
Windows build fixes. Windows doesn't have ssize_t, sadly. There's SSIZE_T, but defining an OPENSSL_SSIZE_T seems worse than just using an int. Change-Id: I09bb5aa03f96da78b619e551f92ed52ce24d9f3f Reviewed-on: https://boringssl-review.googlesource.com/1352 Reviewed-by: Adam Langley <agl@google.com>
преди 10 години
Fix some indentation. Change-Id: I3507be754b489a99a04c0dea888cb1f3652e68c3 Reviewed-on: https://boringssl-review.googlesource.com/6854 Reviewed-by: Adam Langley <alangley@gmail.com>
преди 8 години
Windows build fixes. Windows doesn't have ssize_t, sadly. There's SSIZE_T, but defining an OPENSSL_SSIZE_T seems worse than just using an int. Change-Id: I09bb5aa03f96da78b619e551f92ed52ce24d9f3f Reviewed-on: https://boringssl-review.googlesource.com/1352 Reviewed-by: Adam Langley <agl@google.com>
преди 10 години
Work around language and compiler bug in memcpy, etc. Most C standard library functions are undefined if passed NULL, even when the corresponding length is zero. This gives them (and, in turn, all functions which call them) surprising behavior on empty arrays. Some compilers will miscompile code due to this rule. See also https://www.imperialviolet.org/2016/06/26/nonnull.html Add OPENSSL_memcpy, etc., wrappers which avoid this problem. BUG=23 Change-Id: I95f42b23e92945af0e681264fffaf578e7f8465e Reviewed-on: https://boringssl-review.googlesource.com/12928 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
преди 7 години
Use asm directives to protect OPENSSL_cleanse. Compilers have a bad habit of removing "superfluous" memset calls that are trying to zero memory. For example, when memset()ing a buffer and then free()ing it, the compiler might decide that the memset is unobservable and thus can be removed. Previously we tried to stop this by a) implementing memset in assembly on x86 and b) putting the function in its own file for other platforms. This change removes those tricks in favour of using asm directives to scare the compiler away. As best as our compiler folks can tell, this is sufficient and will continue to be so. Change-Id: I40e0a62c3043038bafd8c63a91814a75a3c59269 Reviewed-on: https://boringssl-review.googlesource.com/1339 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
преди 10 години
Fix build for PNaCl. PNaCl builds BoringSSL with OPENSSL_NO_ASM, but the new OPENSSL_cleanse was using inline assembly anyway. It appears that even though the inline asm was empty, it still breaks the PNaCl build: disallowed: inline assembly: call void asm sideeffect "", "r,~{memory}"(i8* %.asptr319), !dbg !96986 With this change, we don't have any compiler scarecrows for OPENSSL_cleanse any longer when using OPENSSL_NO_ASM :( Maybe, one day, we'll get memset_s in our base platform. Change-Id: Ia359f6bcc2000be18a6f15de10fc683452151741 Reviewed-on: https://boringssl-review.googlesource.com/1353 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
преди 10 години
Use asm directives to protect OPENSSL_cleanse. Compilers have a bad habit of removing "superfluous" memset calls that are trying to zero memory. For example, when memset()ing a buffer and then free()ing it, the compiler might decide that the memset is unobservable and thus can be removed. Previously we tried to stop this by a) implementing memset in assembly on x86 and b) putting the function in its own file for other platforms. This change removes those tricks in favour of using asm directives to scare the compiler away. As best as our compiler folks can tell, this is sufficient and will continue to be so. Change-Id: I40e0a62c3043038bafd8c63a91814a75a3c59269 Reviewed-on: https://boringssl-review.googlesource.com/1339 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
преди 10 години
Run the comment converter on libcrypto. crypto/{asn1,x509,x509v3,pem} were skipped as they are still OpenSSL style. Change-Id: I3cd9a60e1cb483a981aca325041f3fbce294247c Reviewed-on: https://boringssl-review.googlesource.com/19504 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
преди 7 години
Use asm directives to protect OPENSSL_cleanse. Compilers have a bad habit of removing "superfluous" memset calls that are trying to zero memory. For example, when memset()ing a buffer and then free()ing it, the compiler might decide that the memset is unobservable and thus can be removed. Previously we tried to stop this by a) implementing memset in assembly on x86 and b) putting the function in its own file for other platforms. This change removes those tricks in favour of using asm directives to scare the compiler away. As best as our compiler folks can tell, this is sufficient and will continue to be so. Change-Id: I40e0a62c3043038bafd8c63a91814a75a3c59269 Reviewed-on: https://boringssl-review.googlesource.com/1339 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
преди 10 години
silence unused variable warnings when using OPENSSL_clear_free e.g. here: https://github.com/nodejs/node/blob/adbe3b837e8a2285238ec0fcba89c20882eb4cdb/src/node_crypto.cc#L3439 Change-Id: I2d43a3439d6a56c8eee3636b3c1f5ba615b233ba Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/35144 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com>
преди 5 години
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
преди 10 години
Use one C99-style for loop. Switch one for loop to the new spelling as a canary. All our compilers seem to support it fine, except GCC needs to be told to build with -std=c99. (And, upon doing so, it'll require _XOPEN_SOURCE=700 for pthread_rwlock_t.) We'll let this sit for a bit until it's gotten into downstreams without issue and then open the floodgates. BUG=47 Change-Id: I1c69d4b2df8206e0b55f30aa59b5874d82fca893 Reviewed-on: https://boringssl-review.googlesource.com/8235 Reviewed-by: Adam Langley <agl@google.com>
преди 8 години
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
преди 10 години
Run the comment converter on libcrypto. crypto/{asn1,x509,x509v3,pem} were skipped as they are still OpenSSL style. Change-Id: I3cd9a60e1cb483a981aca325041f3fbce294247c Reviewed-on: https://boringssl-review.googlesource.com/19504 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
преди 7 години
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
преди 10 години
Breaking news: 1998 has come and gone. Last month's canary for loop did not die in the coal mine of decrepit toolchains. Make a note of this in STYLE.md so we know to start breeding more of them. We can indeed declare index variables like it's 1999. I haven't bothered to convert all of our for loops because that will be tedious, but we can do it as we touch the code. Or if someone feels really really bored. BUG=47 Change-Id: Ib76c0767c1b509e825eac66f8c2e3ee2134e2493 Reviewed-on: https://boringssl-review.googlesource.com/8740 Reviewed-by: Adam Langley <agl@google.com>
преди 8 години
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
преди 10 години
psk_client_callback, 128-byte id bug. Fix a bug in handling of 128 byte long PSK identity in psk_client_callback. OpenSSL supports PSK identities of up to (and including) 128 bytes in length. PSK identity is obtained via the psk_client_callback, implementors of which are expected to provide a NULL-terminated identity. However, the callback is invoked with only 128 bytes of storage thus making it impossible to return a 128 byte long identity and the required additional NULL byte. This CL fixes the issue by passing in a 129 byte long buffer into the psk_client_callback. As a safety precaution, this CL also zeroes out the buffer before passing it into the callback, uses strnlen for obtaining the length of the identity returned by the callback, and aborts the handshake if the identity (without the NULL terminator) is longer than 128 bytes.
преди 10 години
Breaking news: 1998 has come and gone. Last month's canary for loop did not die in the coal mine of decrepit toolchains. Make a note of this in STYLE.md so we know to start breeding more of them. We can indeed declare index variables like it's 1999. I haven't bothered to convert all of our for loops because that will be tedious, but we can do it as we touch the code. Or if someone feels really really bored. BUG=47 Change-Id: Ib76c0767c1b509e825eac66f8c2e3ee2134e2493 Reviewed-on: https://boringssl-review.googlesource.com/8740 Reviewed-by: Adam Langley <agl@google.com>
преди 8 години
psk_client_callback, 128-byte id bug. Fix a bug in handling of 128 byte long PSK identity in psk_client_callback. OpenSSL supports PSK identities of up to (and including) 128 bytes in length. PSK identity is obtained via the psk_client_callback, implementors of which are expected to provide a NULL-terminated identity. However, the callback is invoked with only 128 bytes of storage thus making it impossible to return a 128 byte long identity and the required additional NULL byte. This CL fixes the issue by passing in a 129 byte long buffer into the psk_client_callback. As a safety precaution, this CL also zeroes out the buffer before passing it into the callback, uses strnlen for obtaining the length of the identity returned by the callback, and aborts the handshake if the identity (without the NULL terminator) is longer than 128 bytes.
преди 10 години
Zero memory in |OPENSSL_free|. Allocations by |OPENSSL_malloc| are prefixed with their length. |OPENSSL_free| zeros the allocation before calling free(), eliminating the need for a separate call to |OPENSSL_cleanse| for sensitive data. This change will be followed up by the cleanup in https://boringssl-review.googlesource.com/c/boringssl/+/19824. Change-Id: Ie272f07e9248d7d78af9aea81dacec0fdb7484c4 Reviewed-on: https://boringssl-review.googlesource.com/19544 Reviewed-by: Martin Kreichgauer <martinkr@google.com> Commit-Queue: Martin Kreichgauer <martinkr@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
преди 7 години
Use functions that do not depend on the current locale. X.509 functions and the like should not vary their behaviour based on the configured locale, but tolower(3), strcasecmp(3) and strncasecmp(3) change behaviour based on that. For example, with tr_TR.utf8, 'I' is not the upper-case version of 'i'. Change-Id: I896a285767ae0c22e6ce06b9908331c625e90af2 Reviewed-on: https://boringssl-review.googlesource.com/18412 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
преди 7 години
Add OPENSSL_str[n]casecmp Windows has different names for these functions and also doesn't have the strings.h header in which they appear. This change adds tiny wrapper functions for Windows.
преди 10 години
Use functions that do not depend on the current locale. X.509 functions and the like should not vary their behaviour based on the configured locale, but tolower(3), strcasecmp(3) and strncasecmp(3) change behaviour based on that. For example, with tr_TR.utf8, 'I' is not the upper-case version of 'i'. Change-Id: I896a285767ae0c22e6ce06b9908331c625e90af2 Reviewed-on: https://boringssl-review.googlesource.com/18412 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
преди 7 години
Add OPENSSL_str[n]casecmp Windows has different names for these functions and also doesn't have the strings.h header in which they appear. This change adds tiny wrapper functions for Windows.
преди 10 години
Use functions that do not depend on the current locale. X.509 functions and the like should not vary their behaviour based on the configured locale, but tolower(3), strcasecmp(3) and strncasecmp(3) change behaviour based on that. For example, with tr_TR.utf8, 'I' is not the upper-case version of 'i'. Change-Id: I896a285767ae0c22e6ce06b9908331c625e90af2 Reviewed-on: https://boringssl-review.googlesource.com/18412 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
преди 7 години
Add OPENSSL_str[n]casecmp Windows has different names for these functions and also doesn't have the strings.h header in which they appear. This change adds tiny wrapper functions for Windows.
преди 10 години
Use functions that do not depend on the current locale. X.509 functions and the like should not vary their behaviour based on the configured locale, but tolower(3), strcasecmp(3) and strncasecmp(3) change behaviour based on that. For example, with tr_TR.utf8, 'I' is not the upper-case version of 'i'. Change-Id: I896a285767ae0c22e6ce06b9908331c625e90af2 Reviewed-on: https://boringssl-review.googlesource.com/18412 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
преди 7 години
Add OPENSSL_str[n]casecmp Windows has different names for these functions and also doesn't have the strings.h header in which they appear. This change adds tiny wrapper functions for Windows.
преди 10 години
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
преди 10 години
Breaking news: 1998 has come and gone. Last month's canary for loop did not die in the coal mine of decrepit toolchains. Make a note of this in STYLE.md so we know to start breeding more of them. We can indeed declare index variables like it's 1999. I haven't bothered to convert all of our for loops because that will be tedious, but we can do it as we touch the code. Or if someone feels really really bored. BUG=47 Change-Id: Ib76c0767c1b509e825eac66f8c2e3ee2134e2493 Reviewed-on: https://boringssl-review.googlesource.com/8740 Reviewed-by: Adam Langley <agl@google.com>
преди 8 години
Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
преди 10 години
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269 
  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.] */

  56. 

  57. #include <openssl/mem.h>

  58. 

  59. #include <assert.h>

  60. #include <stdarg.h>

  61. #include <stdio.h>

  62. 

  63. #if defined(OPENSSL_WINDOWS)

  64. OPENSSL_MSVC_PRAGMA(warning(push, 3))

  65. #include <windows.h>

  66. OPENSSL_MSVC_PRAGMA(warning(pop))

  67. #endif

  68. 

  69. #include "internal.h"

  70. 

  71. 

  72. #define OPENSSL_MALLOC_PREFIX 8

  73. 

  74. #if defined(OPENSSL_ASAN)

  75. void __asan_poison_memory_region(const volatile void *addr, size_t size);

  76. void __asan_unpoison_memory_region(const volatile void *addr, size_t size);

  77. #else

  78. static void __asan_poison_memory_region(const void *addr, size_t size) {}

  79. static void __asan_unpoison_memory_region(const void *addr, size_t size) {}

  80. #endif

  81. 

  82. #if defined(__GNUC__) || defined(__clang__)

  83. // sdallocx is a sized |free| function. By passing the size (which we happen to

  84. // always know in BoringSSL), the malloc implementation can save work. We cannot

  85. // depend on |sdallocx| being available so we declare a wrapper that falls back

  86. // to |free| as a weak symbol.

  87. //

  88. // This will always be safe, but will only be overridden if the malloc

  89. // implementation is statically linked with BoringSSL. So, if |sdallocx| is

  90. // provided in, say, libc.so, we still won't use it because that's dynamically

  91. // linked. This isn't an ideal result, but its helps in some cases.

  92. void sdallocx(void *ptr, size_t size, int flags);

  93. 

  94. __attribute((weak, noinline))

  95. #else

  96. static

  97. #endif

  98. void sdallocx(void *ptr, size_t size, int flags) {

  99.   free(ptr);

  100. }

  101. 

  102. void *OPENSSL_malloc(size_t size) {

  103.   void *ptr = malloc(size + OPENSSL_MALLOC_PREFIX);

  104.   if (ptr == NULL) {

  105.     return NULL;

  106.   }

  107. 

  108.   *(size_t *)ptr = size;

  109. 

  110.   __asan_poison_memory_region(ptr, OPENSSL_MALLOC_PREFIX);

  111.   return ((uint8_t *)ptr) + OPENSSL_MALLOC_PREFIX;

  112. }

  113. 

  114. void OPENSSL_free(void *orig_ptr) {

  115.   if (orig_ptr == NULL) {

  116.     return;

  117.   }

  118. 

  119.   void *ptr = ((uint8_t *)orig_ptr) - OPENSSL_MALLOC_PREFIX;

  120.   __asan_unpoison_memory_region(ptr, OPENSSL_MALLOC_PREFIX);

  121. 

  122.   size_t size = *(size_t *)ptr;

  123.   OPENSSL_cleanse(ptr, size + OPENSSL_MALLOC_PREFIX);

  124.   sdallocx(ptr, size + OPENSSL_MALLOC_PREFIX, 0 /* flags */);

  125. }

  126. 

  127. void *OPENSSL_realloc(void *orig_ptr, size_t new_size) {

  128.   if (orig_ptr == NULL) {

  129.     return OPENSSL_malloc(new_size);

  130.   }

  131. 

  132.   void *ptr = ((uint8_t *)orig_ptr) - OPENSSL_MALLOC_PREFIX;

  133.   __asan_unpoison_memory_region(ptr, OPENSSL_MALLOC_PREFIX);

  134.   size_t old_size = *(size_t *)ptr;

  135.   __asan_poison_memory_region(ptr, OPENSSL_MALLOC_PREFIX);

  136. 

  137.   void *ret = OPENSSL_malloc(new_size);

  138.   if (ret == NULL) {

  139.     return NULL;

  140.   }

  141. 

  142.   size_t to_copy = new_size;

  143.   if (old_size < to_copy) {

  144.     to_copy = old_size;

  145.   }

  146. 

  147.   memcpy(ret, orig_ptr, to_copy);

  148.   OPENSSL_free(orig_ptr);

  149. 

  150.   return ret;

  151. }

  152. 

  153. void OPENSSL_cleanse(void *ptr, size_t len) {

  154. #if defined(OPENSSL_WINDOWS)

  155.   SecureZeroMemory(ptr, len);

  156. #else

  157.   OPENSSL_memset(ptr, 0, len);

  158. 

  159. #if !defined(OPENSSL_NO_ASM)

  160.   /* As best as we can tell, this is sufficient to break any optimisations that

  161.      might try to eliminate "superfluous" memsets. If there's an easy way to

  162.      detect memset_s, it would be better to use that. */

  163.   __asm__ __volatile__("" : : "r"(ptr) : "memory");

  164. #endif

  165. #endif  // !OPENSSL_NO_ASM

  166. }

  167. 

  168. void OPENSSL_clear_free(void *ptr, size_t unused) {

  169.   OPENSSL_free(ptr);

  170. }

  171. 

  172. int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) {

  173.   const uint8_t *a = in_a;

  174.   const uint8_t *b = in_b;

  175.   uint8_t x = 0;

  176. 

  177.   for (size_t i = 0; i < len; i++) {

  178.     x |= a[i] ^ b[i];

  179.   }

  180. 

  181.   return x;

  182. }

  183. 

  184. uint32_t OPENSSL_hash32(const void *ptr, size_t len) {

  185.   // These are the FNV-1a parameters for 32 bits.

  186.   static const uint32_t kPrime = 16777619u;

  187.   static const uint32_t kOffsetBasis = 2166136261u;

  188. 

  189.   const uint8_t *in = ptr;

  190.   uint32_t h = kOffsetBasis;

  191. 

  192.   for (size_t i = 0; i < len; i++) {

  193.     h ^= in[i];

  194.     h *= kPrime;

  195.   }

  196. 

  197.   return h;

  198. }

  199. 

  200. size_t OPENSSL_strnlen(const char *s, size_t len) {

  201.   for (size_t i = 0; i < len; i++) {

  202.     if (s[i] == 0) {

  203.       return i;

  204.     }

  205.   }

  206. 

  207.   return len;

  208. }

  209. 

  210. char *OPENSSL_strdup(const char *s) {

  211.   const size_t len = strlen(s) + 1;

  212.   char *ret = OPENSSL_malloc(len);

  213.   if (ret == NULL) {

  214.     return NULL;

  215.   }

  216.   OPENSSL_memcpy(ret, s, len);

  217.   return ret;

  218. }

  219. 

  220. int OPENSSL_tolower(int c) {

  221.   if (c >= 'A' && c <= 'Z') {

  222.     return c + ('a' - 'A');

  223.   }

  224.   return c;

  225. }

  226. 

  227. int OPENSSL_strcasecmp(const char *a, const char *b) {

  228.   for (size_t i = 0;; i++) {

  229.     const int aa = OPENSSL_tolower(a[i]);

  230.     const int bb = OPENSSL_tolower(b[i]);

  231. 

  232.     if (aa < bb) {

  233.       return -1;

  234.     } else if (aa > bb) {

  235.       return 1;

  236.     } else if (aa == 0) {

  237.       return 0;

  238.     }

  239.   }

  240. }

  241. 

  242. int OPENSSL_strncasecmp(const char *a, const char *b, size_t n) {

  243.   for (size_t i = 0; i < n; i++) {

  244.     const int aa = OPENSSL_tolower(a[i]);

  245.     const int bb = OPENSSL_tolower(b[i]);

  246. 

  247.     if (aa < bb) {

  248.       return -1;

  249.     } else if (aa > bb) {

  250.       return 1;

  251.     } else if (aa == 0) {

  252.       return 0;

  253.     }

  254.   }

  255. 

  256.   return 0;

  257. }

  258. 

  259. int BIO_snprintf(char *buf, size_t n, const char *format, ...) {

  260.   va_list args;

  261.   va_start(args, format);

  262.   int ret = BIO_vsnprintf(buf, n, format, args);

  263.   va_end(args);

  264.   return ret;

  265. }

  266. 

  267. int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) {

  268.   return vsnprintf(buf, n, format, args);

  269. }