From b60cba3c5d25dcd5cea2c97193a30b730c8a0f28 Mon Sep 17 00:00:00 2001
From: Rich Salz <rsalz@akamai.com>
Date: Thu, 11 Jul 2019 15:53:59 +1000
Subject: Make allocation/free/clean available to providers

Also make OPENSSL_hexstr2buf available to providers.
EVP control functions need hexstring conversion, so move any
memory-allocating functions in o_str.c into new file mem_str.c

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8886)
---
 providers/fips/fipsprov.c | 176 ++++++++++++++++++++++++++++++++++++++++------
 1 file changed, 153 insertions(+), 23 deletions(-)

(limited to 'providers')

diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index 0f0a962..8978d1b 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -27,19 +27,35 @@
 #include "internal/provider_ctx.h"
 #include "internal/providercommon.h"
 
+extern OSSL_core_thread_start_fn *c_thread_start;
+
 /*
  * TODO(3.0): Should these be stored in the provider side provctx? Could they
  * ever be different from one init to the next? Unfortunately we can't do this
- * at the moment because c_put_error/c_add_error_vdata do not provide us with
- * the OPENSSL_CTX as a parameter.
+ * at the moment because c_put_error/c_add_error_vdata do not provide
+ * us with the OPENSSL_CTX as a parameter.
  */
 /* Functions provided by the core */
-static OSSL_core_get_param_types_fn *c_get_param_types = NULL;
-static OSSL_core_get_params_fn *c_get_params = NULL;
-extern OSSL_core_thread_start_fn *c_thread_start;
-OSSL_core_thread_start_fn *c_thread_start = NULL;
-static OSSL_core_put_error_fn *c_put_error = NULL;
-static OSSL_core_add_error_vdata_fn *c_add_error_vdata = NULL;
+static OSSL_core_get_param_types_fn *c_get_param_types;
+static OSSL_core_get_params_fn *c_get_params;
+OSSL_core_thread_start_fn *c_thread_start;
+static OSSL_core_put_error_fn *c_put_error;
+static OSSL_core_add_error_vdata_fn *c_add_error_vdata;
+static OSSL_CRYPTO_malloc_fn *c_CRYPTO_malloc;
+static OSSL_CRYPTO_zalloc_fn *c_CRYPTO_zalloc;
+static OSSL_CRYPTO_memdup_fn *c_CRYPTO_memdup;
+static OSSL_CRYPTO_strdup_fn *c_CRYPTO_strdup;
+static OSSL_CRYPTO_strndup_fn *c_CRYPTO_strndup;
+static OSSL_CRYPTO_free_fn *c_CRYPTO_free;
+static OSSL_CRYPTO_clear_free_fn *c_CRYPTO_clear_free;
+static OSSL_CRYPTO_realloc_fn *c_CRYPTO_realloc;
+static OSSL_CRYPTO_clear_realloc_fn *c_CRYPTO_clear_realloc;
+static OSSL_CRYPTO_secure_malloc_fn *c_CRYPTO_secure_malloc;
+static OSSL_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc;
+static OSSL_CRYPTO_secure_free_fn *c_CRYPTO_secure_free;
+static OSSL_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free;
+static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated;
+static OSSL_OPENSSL_hexstr2buf_fn *c_OPENSSL_hexstr2buf;
 
 typedef struct fips_global_st {
     const OSSL_PROVIDER *prov;
@@ -299,24 +315,66 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider,
         case OSSL_FUNC_CORE_ADD_ERROR_VDATA:
             c_add_error_vdata = OSSL_get_core_add_error_vdata(in);
             break;
-        /* Just ignore anything we don't understand */
+        case OSSL_FUNC_CRYPTO_MALLOC:
+            c_CRYPTO_malloc = OSSL_get_CRYPTO_malloc(in);
+            break;
+        case OSSL_FUNC_CRYPTO_ZALLOC:
+            c_CRYPTO_zalloc = OSSL_get_CRYPTO_zalloc(in);
+            break;
+        case OSSL_FUNC_CRYPTO_MEMDUP:
+            c_CRYPTO_memdup = OSSL_get_CRYPTO_memdup(in);
+            break;
+        case OSSL_FUNC_CRYPTO_STRDUP:
+            c_CRYPTO_strdup = OSSL_get_CRYPTO_strdup(in);
+            break;
+        case OSSL_FUNC_CRYPTO_STRNDUP:
+            c_CRYPTO_strndup = OSSL_get_CRYPTO_strndup(in);
+            break;
+        case OSSL_FUNC_CRYPTO_FREE:
+            c_CRYPTO_free = OSSL_get_CRYPTO_free(in);
+            break;
+        case OSSL_FUNC_CRYPTO_CLEAR_FREE:
+            c_CRYPTO_clear_free = OSSL_get_CRYPTO_clear_free(in);
+            break;
+        case OSSL_FUNC_CRYPTO_REALLOC:
+            c_CRYPTO_realloc = OSSL_get_CRYPTO_realloc(in);
+            break;
+        case OSSL_FUNC_CRYPTO_CLEAR_REALLOC:
+            c_CRYPTO_clear_realloc = OSSL_get_CRYPTO_clear_realloc(in);
+            break;
+        case OSSL_FUNC_CRYPTO_SECURE_MALLOC:
+            c_CRYPTO_secure_malloc = OSSL_get_CRYPTO_secure_malloc(in);
+            break;
+        case OSSL_FUNC_CRYPTO_SECURE_ZALLOC:
+            c_CRYPTO_secure_zalloc = OSSL_get_CRYPTO_secure_zalloc(in);
+            break;
+        case OSSL_FUNC_CRYPTO_SECURE_FREE:
+            c_CRYPTO_secure_free = OSSL_get_CRYPTO_secure_free(in);
+            break;
+        case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE:
+            c_CRYPTO_secure_clear_free = OSSL_get_CRYPTO_secure_clear_free(in);
+            break;
+        case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED:
+            c_CRYPTO_secure_allocated = OSSL_get_CRYPTO_secure_allocated(in);
+            break;
+        case OSSL_FUNC_OPENSSL_HEXSTR2BUF:
+            c_OPENSSL_hexstr2buf = OSSL_get_OPENSSL_hexstr2buf(in);
+            break;
         default:
+            /* Just ignore anything we don't understand */
             break;
         }
     }
 
-    ctx = OPENSSL_CTX_new();
-    if (ctx == NULL)
+    /*  Create a context. */
+    if ((ctx = OPENSSL_CTX_new()) == NULL)
         return 0;
-
-    fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
-                                &fips_prov_ossl_ctx_method);
-
-    if (fgbl == NULL)
-        goto err;
-
+    if ((fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
+                                     &fips_prov_ossl_ctx_method)) == NULL) {
+        OPENSSL_CTX_free(ctx);
+        return 0;
+    }
     fgbl->prov = provider;
-
     *out = fips_dispatch_table;
     *provctx = ctx;
 
@@ -331,10 +389,6 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider,
     }
 
     return 1;
-
- err:
-    OPENSSL_CTX_free(ctx);
-    return 0;
 }
 
 /*
@@ -413,3 +467,79 @@ const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx)
 
     return fgbl->prov;
 }
+
+void *CRYPTO_malloc(size_t num, const char *file, int line)
+{
+    return c_CRYPTO_malloc(num, file, line);
+}
+
+void *CRYPTO_zalloc(size_t num, const char *file, int line)
+{
+    return c_CRYPTO_zalloc(num, file, line);
+}
+
+void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line)
+{
+    return c_CRYPTO_memdup(str, siz, file, line);
+}
+
+char *CRYPTO_strdup(const char *str, const char *file, int line)
+{
+    return c_CRYPTO_strdup(str, file, line);
+}
+
+char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line)
+{
+    return c_CRYPTO_strndup(str, s, file, line);
+}
+
+void CRYPTO_free(void *ptr, const char *file, int line)
+{
+    c_CRYPTO_free(ptr, file, line);
+}
+
+void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line)
+{
+    c_CRYPTO_clear_free(ptr, num, file, line);
+}
+
+void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line)
+{
+    return c_CRYPTO_realloc(addr, num, file, line);
+}
+
+void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num,
+                           const char *file, int line)
+{
+    return c_CRYPTO_clear_realloc(addr, old_num, num, file, line);
+}
+
+void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
+{
+    return c_CRYPTO_secure_malloc(num, file, line);
+}
+
+void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
+{
+    return c_CRYPTO_secure_zalloc(num, file, line);
+}
+
+void CRYPTO_secure_free(void *ptr, const char *file, int line)
+{
+    c_CRYPTO_secure_free(ptr, file, line);
+}
+
+void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line)
+{
+    c_CRYPTO_secure_clear_free(ptr, num, file, line);
+}
+
+unsigned char *OPENSSL_hexstr2buf(const char *str, long *len)
+{
+    return c_OPENSSL_hexstr2buf(str, len);
+}
+
+int CRYPTO_secure_allocated(const void *ptr)
+{
+    return c_CRYPTO_secure_allocated(ptr);
+}
-- 
cgit v1.1