aboutsummaryrefslogtreecommitdiffstats
path: root/src/engine
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-06-07 23:58:28 +0000
committerlloyd <[email protected]>2012-06-07 23:58:28 +0000
commit1ca43e0c8caba8b2517122b46e83bf4ca5d79005 (patch)
treea1365d38c763cfd66844f7ad29f1f19ce05d15cd /src/engine
parent8a7eb1f73c503b289a6f4bc56f5ebef806c9d4e6 (diff)
Update cms, cvc, zlib, bzip2, openssl, and gnump modules for the new
allocator interface. The compression filters now just use malloc/free with a memset. Add a new info.txt field <warning>, like comment but warns. Use for CMS which is pretty broken (doesn't even compile anymore), and for TLS.
Diffstat (limited to 'src/engine')
-rw-r--r--src/engine/gnump/gmp_mem.cpp49
-rw-r--r--src/engine/gnump/gmp_wrap.cpp5
-rw-r--r--src/engine/gnump/gmp_wrap.h2
-rw-r--r--src/engine/gnump/gnump_pk.cpp8
-rw-r--r--src/engine/openssl/bn_powm.cpp4
-rw-r--r--src/engine/openssl/bn_wrap.cpp30
-rw-r--r--src/engine/openssl/bn_wrap.h14
-rw-r--r--src/engine/openssl/ossl_bc.cpp6
-rw-r--r--src/engine/openssl/ossl_pk.cpp58
9 files changed, 95 insertions, 81 deletions
diff --git a/src/engine/gnump/gmp_mem.cpp b/src/engine/gnump/gmp_mem.cpp
index 7cf11654d..b5a5a303e 100644
--- a/src/engine/gnump/gmp_mem.cpp
+++ b/src/engine/gnump/gmp_mem.cpp
@@ -7,6 +7,7 @@
#include <botan/internal/gnump_engine.h>
#include <cstring>
+#include <atomic>
#include <gmp.h>
namespace Botan {
@@ -14,36 +15,44 @@ namespace Botan {
namespace {
/*
-* Allocator used by GNU MP
+* For keeping track of existing GMP_Engines and only
+* resetting the memory when none are in use.
*/
-Allocator* gmp_alloc = 0;
-size_t gmp_alloc_refcnt = 0;
+std::atomic<size_t> gmp_alloc_refcnt(0);
/*
* Allocation Function for GNU MP
*/
void* gmp_malloc(size_t n)
{
- return gmp_alloc->allocate(n);
+ // Maintain alignment, mlock goes for sizeof(T) alignment
+ if(n % 8 == 0)
+ return secure_allocator<u64bit>().allocate(n / 8);
+ else if(n % 4 == 0)
+ return secure_allocator<u32bit>().allocate(n / 4);
+ else if(n % 2 == 0)
+ return secure_allocator<u16bit>().allocate(n / 2);
+
+ return secure_allocator<byte>().allocate(n);
}
/*
-* Reallocation Function for GNU MP
+* Deallocation Function for GNU MP
*/
-void* gmp_realloc(void* ptr, size_t old_n, size_t new_n)
+void gmp_free(void* ptr, size_t n)
{
- void* new_buf = gmp_alloc->allocate(new_n);
- std::memcpy(new_buf, ptr, std::min(old_n, new_n));
- gmp_alloc->deallocate(ptr, old_n);
- return new_buf;
+ secure_allocator<byte>().deallocate(static_cast<byte*>(ptr), n);
}
/*
-* Deallocation Function for GNU MP
+* Reallocation Function for GNU MP
*/
-void gmp_free(void* ptr, size_t n)
+void* gmp_realloc(void* ptr, size_t old_n, size_t new_n)
{
- gmp_alloc->deallocate(ptr, n);
+ void* new_buf = gmp_malloc(new_n);
+ std::memcpy(new_buf, ptr, std::min(old_n, new_n));
+ gmp_free(ptr, old_n);
+ return new_buf;
}
}
@@ -53,24 +62,22 @@ void gmp_free(void* ptr, size_t n)
*/
GMP_Engine::GMP_Engine()
{
- if(gmp_alloc == 0)
- {
- gmp_alloc = Allocator::get(true);
+ /*
+ if(gmp_alloc_refcnt == 0)
mp_set_memory_functions(gmp_malloc, gmp_realloc, gmp_free);
- }
- ++gmp_alloc_refcnt;
+ gmp_alloc_refcnt++;
+ */
}
GMP_Engine::~GMP_Engine()
{
+ /*
--gmp_alloc_refcnt;
if(gmp_alloc_refcnt == 0)
- {
mp_set_memory_functions(NULL, NULL, NULL);
- gmp_alloc = 0;
- }
+ */
}
}
diff --git a/src/engine/gnump/gmp_wrap.cpp b/src/engine/gnump/gmp_wrap.cpp
index 107823ab3..22c46c7ad 100644
--- a/src/engine/gnump/gmp_wrap.cpp
+++ b/src/engine/gnump/gmp_wrap.cpp
@@ -87,7 +87,10 @@ BigInt GMP_MPZ::to_bigint() const
{
BigInt out(BigInt::Positive, (bytes() + sizeof(word) - 1) / sizeof(word));
size_t dummy = 0;
- mpz_export(out.get_reg(), &dummy, -1, sizeof(word), 0, 0, value);
+
+ auto reg = out.get_reg();
+
+ mpz_export(&reg[0], &dummy, -1, sizeof(word), 0, 0, value);
if(mpz_sgn(value) < 0)
out.flip_sign();
diff --git a/src/engine/gnump/gmp_wrap.h b/src/engine/gnump/gmp_wrap.h
index 0a786f3ee..291d65a01 100644
--- a/src/engine/gnump/gmp_wrap.h
+++ b/src/engine/gnump/gmp_wrap.h
@@ -26,7 +26,7 @@ class GMP_MPZ
size_t bytes() const;
secure_vector<byte> to_bytes() const
- { return BigInt::encode(to_bigint()); }
+ { return BigInt::encode_locked(to_bigint()); }
GMP_MPZ& operator=(const GMP_MPZ&);
diff --git a/src/engine/gnump/gnump_pk.cpp b/src/engine/gnump/gnump_pk.cpp
index b2a2f9352..e9f5d29df 100644
--- a/src/engine/gnump/gnump_pk.cpp
+++ b/src/engine/gnump/gnump_pk.cpp
@@ -105,8 +105,8 @@ GMP_DSA_Signature_Operation::sign(const byte msg[], size_t msg_len,
throw Internal_Error("GMP_DSA_Op::sign: r or s was zero");
secure_vector<byte> output(2*q_bytes);
- r.encode(output, q_bytes);
- s.encode(output + q_bytes, q_bytes);
+ r.encode(&output[0], q_bytes);
+ s.encode(&output[q_bytes], q_bytes);
return output;
}
@@ -203,7 +203,7 @@ class GMP_RSA_Private_Operation : public PK_Ops::Signature,
secure_vector<byte> decrypt(const byte msg[], size_t msg_len)
{
BigInt m(msg, msg_len);
- return BigInt::encode(private_op(m));
+ return BigInt::encode_locked(private_op(m));
}
private:
@@ -248,7 +248,7 @@ class GMP_RSA_Public_Operation : public PK_Ops::Verification,
secure_vector<byte> verify_mr(const byte msg[], size_t msg_len)
{
BigInt m(msg, msg_len);
- return BigInt::encode(public_op(m));
+ return BigInt::encode_locked(public_op(m));
}
private:
diff --git a/src/engine/openssl/bn_powm.cpp b/src/engine/openssl/bn_powm.cpp
index abf4f47c9..ac06fbe77 100644
--- a/src/engine/openssl/bn_powm.cpp
+++ b/src/engine/openssl/bn_powm.cpp
@@ -36,7 +36,7 @@ class OpenSSL_Modular_Exponentiator : public Modular_Exponentiator
BigInt OpenSSL_Modular_Exponentiator::execute() const
{
OSSL_BN r;
- BN_mod_exp(r.value, base.value, exp.value, mod.value, ctx.value);
+ BN_mod_exp(r.ptr(), base.ptr(), exp.ptr(), mod.ptr(), ctx.ptr());
return r.to_bigint();
}
@@ -46,7 +46,7 @@ BigInt OpenSSL_Modular_Exponentiator::execute() const
* Return the OpenSSL-based modular exponentiator
*/
Modular_Exponentiator* OpenSSL_Engine::mod_exp(const BigInt& n,
- Power_Mod::Usage_Hints) const
+ Power_Mod::Usage_Hints) const
{
return new OpenSSL_Modular_Exponentiator(n);
}
diff --git a/src/engine/openssl/bn_wrap.cpp b/src/engine/openssl/bn_wrap.cpp
index 0ac31f61b..0a7e42368 100644
--- a/src/engine/openssl/bn_wrap.cpp
+++ b/src/engine/openssl/bn_wrap.cpp
@@ -14,10 +14,10 @@ namespace Botan {
*/
OSSL_BN::OSSL_BN(const BigInt& in)
{
- value = BN_new();
- secure_vector<byte> encoding = BigInt::encode(in);
+ m_bn = BN_new();
+ secure_vector<byte> encoding = BigInt::encode_locked(in);
if(in != 0)
- BN_bin2bn(encoding, encoding.size(), value);
+ BN_bin2bn(&encoding[0], encoding.size(), m_bn);
}
/*
@@ -25,8 +25,8 @@ OSSL_BN::OSSL_BN(const BigInt& in)
*/
OSSL_BN::OSSL_BN(const byte in[], size_t length)
{
- value = BN_new();
- BN_bin2bn(in, length, value);
+ m_bn = BN_new();
+ BN_bin2bn(in, length, m_bn);
}
/*
@@ -34,7 +34,7 @@ OSSL_BN::OSSL_BN(const byte in[], size_t length)
*/
OSSL_BN::OSSL_BN(const OSSL_BN& other)
{
- value = BN_dup(other.value);
+ m_bn = BN_dup(other.m_bn);
}
/*
@@ -42,7 +42,7 @@ OSSL_BN::OSSL_BN(const OSSL_BN& other)
*/
OSSL_BN::~OSSL_BN()
{
- BN_clear_free(value);
+ BN_clear_free(m_bn);
}
/*
@@ -50,7 +50,7 @@ OSSL_BN::~OSSL_BN()
*/
OSSL_BN& OSSL_BN::operator=(const OSSL_BN& other)
{
- BN_copy(value, other.value);
+ BN_copy(m_bn, other.m_bn);
return (*this);
}
@@ -59,7 +59,7 @@ OSSL_BN& OSSL_BN::operator=(const OSSL_BN& other)
*/
void OSSL_BN::encode(byte out[], size_t length) const
{
- BN_bn2bin(value, out + (length - bytes()));
+ BN_bn2bin(m_bn, out + (length - bytes()));
}
/*
@@ -67,7 +67,7 @@ void OSSL_BN::encode(byte out[], size_t length) const
*/
size_t OSSL_BN::bytes() const
{
- return BN_num_bytes(value);
+ return BN_num_bytes(m_bn);
}
/*
@@ -76,7 +76,7 @@ size_t OSSL_BN::bytes() const
BigInt OSSL_BN::to_bigint() const
{
secure_vector<byte> out(bytes());
- BN_bn2bin(value, out);
+ BN_bn2bin(m_bn, &out[0]);
return BigInt::decode(out);
}
@@ -85,7 +85,7 @@ BigInt OSSL_BN::to_bigint() const
*/
OSSL_BN_CTX::OSSL_BN_CTX()
{
- value = BN_CTX_new();
+ m_ctx = BN_CTX_new();
}
/*
@@ -93,7 +93,7 @@ OSSL_BN_CTX::OSSL_BN_CTX()
*/
OSSL_BN_CTX::OSSL_BN_CTX(const OSSL_BN_CTX&)
{
- value = BN_CTX_new();
+ m_ctx = BN_CTX_new();
}
/*
@@ -101,7 +101,7 @@ OSSL_BN_CTX::OSSL_BN_CTX(const OSSL_BN_CTX&)
*/
OSSL_BN_CTX::~OSSL_BN_CTX()
{
- BN_CTX_free(value);
+ BN_CTX_free(m_ctx);
}
/*
@@ -109,7 +109,7 @@ OSSL_BN_CTX::~OSSL_BN_CTX()
*/
OSSL_BN_CTX& OSSL_BN_CTX::operator=(const OSSL_BN_CTX&)
{
- value = BN_CTX_new();
+ m_ctx = BN_CTX_new();
return (*this);
}
diff --git a/src/engine/openssl/bn_wrap.h b/src/engine/openssl/bn_wrap.h
index 177dbd8c7..12bcec152 100644
--- a/src/engine/openssl/bn_wrap.h
+++ b/src/engine/openssl/bn_wrap.h
@@ -19,14 +19,12 @@ namespace Botan {
class OSSL_BN
{
public:
- BIGNUM* value;
-
BigInt to_bigint() const;
void encode(byte[], size_t) const;
size_t bytes() const;
secure_vector<byte> to_bytes() const
- { return BigInt::encode(to_bigint()); }
+ { return BigInt::encode_locked(to_bigint()); }
OSSL_BN& operator=(const OSSL_BN&);
@@ -34,6 +32,10 @@ class OSSL_BN
OSSL_BN(const BigInt& = 0);
OSSL_BN(const byte[], size_t);
~OSSL_BN();
+
+ BIGNUM* ptr() const { return m_bn; }
+ private:
+ BIGNUM* m_bn;
};
/**
@@ -42,13 +44,15 @@ class OSSL_BN
class OSSL_BN_CTX
{
public:
- BN_CTX* value;
-
OSSL_BN_CTX& operator=(const OSSL_BN_CTX&);
OSSL_BN_CTX();
OSSL_BN_CTX(const OSSL_BN_CTX&);
~OSSL_BN_CTX();
+
+ BN_CTX* ptr() const { return m_ctx; }
+ private:
+ BN_CTX* m_ctx;
};
}
diff --git a/src/engine/openssl/ossl_bc.cpp b/src/engine/openssl/ossl_bc.cpp
index d419f56be..b3b509c36 100644
--- a/src/engine/openssl/ossl_bc.cpp
+++ b/src/engine/openssl/ossl_bc.cpp
@@ -123,7 +123,7 @@ void EVP_BlockCipher::decrypt_n(const byte in[], byte out[],
*/
void EVP_BlockCipher::key_schedule(const byte key[], size_t length)
{
- secure_vector<byte> full_key(key, length);
+ secure_vector<byte> full_key(key, key + length);
if(cipher_name == "TripleDES" && length == 16)
{
@@ -141,8 +141,8 @@ void EVP_BlockCipher::key_schedule(const byte key[], size_t length)
EVP_CIPHER_CTX_ctrl(&decrypt, EVP_CTRL_SET_RC2_KEY_BITS, length*8, 0);
}
- EVP_EncryptInit_ex(&encrypt, 0, 0, full_key.begin(), 0);
- EVP_DecryptInit_ex(&decrypt, 0, 0, full_key.begin(), 0);
+ EVP_EncryptInit_ex(&encrypt, 0, 0, &full_key[0], 0);
+ EVP_DecryptInit_ex(&decrypt, 0, 0, &full_key[0], 0);
}
/*
diff --git a/src/engine/openssl/ossl_pk.cpp b/src/engine/openssl/ossl_pk.cpp
index 2557ec297..943204375 100644
--- a/src/engine/openssl/ossl_pk.cpp
+++ b/src/engine/openssl/ossl_pk.cpp
@@ -39,7 +39,7 @@ class OSSL_DH_KA_Operation : public PK_Ops::Key_Agreement
secure_vector<byte> agree(const byte w[], size_t w_len)
{
OSSL_BN i(w, w_len), r;
- BN_mod_exp(r.value, i.value, x.value, p.value, ctx.value);
+ BN_mod_exp(r.ptr(), i.ptr(), x.ptr(), p.ptr(), ctx.ptr());
return r.to_bytes();
}
@@ -90,22 +90,22 @@ OSSL_DSA_Signature_Operation::sign(const byte msg[], size_t msg_len,
OSSL_BN k(k_bn);
OSSL_BN r;
- BN_mod_exp(r.value, g.value, k.value, p.value, ctx.value);
- BN_nnmod(r.value, r.value, q.value, ctx.value);
+ BN_mod_exp(r.ptr(), g.ptr(), k.ptr(), p.ptr(), ctx.ptr());
+ BN_nnmod(r.ptr(), r.ptr(), q.ptr(), ctx.ptr());
- BN_mod_inverse(k.value, k.value, q.value, ctx.value);
+ BN_mod_inverse(k.ptr(), k.ptr(), q.ptr(), ctx.ptr());
OSSL_BN s;
- BN_mul(s.value, x.value, r.value, ctx.value);
- BN_add(s.value, s.value, i.value);
- BN_mod_mul(s.value, s.value, k.value, q.value, ctx.value);
+ BN_mul(s.ptr(), x.ptr(), r.ptr(), ctx.ptr());
+ BN_add(s.ptr(), s.ptr(), i.ptr());
+ BN_mod_mul(s.ptr(), s.ptr(), k.ptr(), q.ptr(), ctx.ptr());
- if(BN_is_zero(r.value) || BN_is_zero(s.value))
+ if(BN_is_zero(r.ptr()) || BN_is_zero(s.ptr()))
throw Internal_Error("OpenSSL_DSA_Op::sign: r or s was zero");
secure_vector<byte> output(2*q_bytes);
- r.encode(output, q_bytes);
- s.encode(output + q_bytes, q_bytes);
+ r.encode(&output[0], q_bytes);
+ s.encode(&output[q_bytes], q_bytes);
return output;
}
@@ -145,26 +145,26 @@ bool OSSL_DSA_Verification_Operation::verify(const byte msg[], size_t msg_len,
OSSL_BN s(sig + q_bytes, q_bytes);
OSSL_BN i(msg, msg_len);
- if(BN_is_zero(r.value) || BN_cmp(r.value, q.value) >= 0)
+ if(BN_is_zero(r.ptr()) || BN_cmp(r.ptr(), q.ptr()) >= 0)
return false;
- if(BN_is_zero(s.value) || BN_cmp(s.value, q.value) >= 0)
+ if(BN_is_zero(s.ptr()) || BN_cmp(s.ptr(), q.ptr()) >= 0)
return false;
- if(BN_mod_inverse(s.value, s.value, q.value, ctx.value) == 0)
+ if(BN_mod_inverse(s.ptr(), s.ptr(), q.ptr(), ctx.ptr()) == 0)
return false;
OSSL_BN si;
- BN_mod_mul(si.value, s.value, i.value, q.value, ctx.value);
- BN_mod_exp(si.value, g.value, si.value, p.value, ctx.value);
+ BN_mod_mul(si.ptr(), s.ptr(), i.ptr(), q.ptr(), ctx.ptr());
+ BN_mod_exp(si.ptr(), g.ptr(), si.ptr(), p.ptr(), ctx.ptr());
OSSL_BN sr;
- BN_mod_mul(sr.value, s.value, r.value, q.value, ctx.value);
- BN_mod_exp(sr.value, y.value, sr.value, p.value, ctx.value);
+ BN_mod_mul(sr.ptr(), s.ptr(), r.ptr(), q.ptr(), ctx.ptr());
+ BN_mod_exp(sr.ptr(), y.ptr(), sr.ptr(), p.ptr(), ctx.ptr());
- BN_mod_mul(si.value, si.value, sr.value, p.value, ctx.value);
- BN_nnmod(si.value, si.value, q.value, ctx.value);
+ BN_mod_mul(si.ptr(), si.ptr(), sr.ptr(), p.ptr(), ctx.ptr());
+ BN_nnmod(si.ptr(), si.ptr(), q.ptr(), ctx.ptr());
- if(BN_cmp(si.value, r.value) == 0)
+ if(BN_cmp(si.ptr(), r.ptr()) == 0)
return true;
return false;
@@ -202,7 +202,7 @@ class OSSL_RSA_Private_Operation : public PK_Ops::Signature,
secure_vector<byte> decrypt(const byte msg[], size_t msg_len)
{
BigInt m(msg, msg_len);
- return BigInt::encode(private_op(m));
+ return BigInt::encode_locked(private_op(m));
}
private:
@@ -217,12 +217,12 @@ BigInt OSSL_RSA_Private_Operation::private_op(const BigInt& m) const
{
OSSL_BN j1, j2, h(m);
- BN_mod_exp(j1.value, h.value, d1.value, p.value, ctx.value);
- BN_mod_exp(j2.value, h.value, d2.value, q.value, ctx.value);
- BN_sub(h.value, j1.value, j2.value);
- BN_mod_mul(h.value, h.value, c.value, p.value, ctx.value);
- BN_mul(h.value, h.value, q.value, ctx.value);
- BN_add(h.value, h.value, j2.value);
+ BN_mod_exp(j1.ptr(), h.ptr(), d1.ptr(), p.ptr(), ctx.ptr());
+ BN_mod_exp(j2.ptr(), h.ptr(), d2.ptr(), q.ptr(), ctx.ptr());
+ BN_sub(h.ptr(), j1.ptr(), j2.ptr());
+ BN_mod_mul(h.ptr(), h.ptr(), c.ptr(), p.ptr(), ctx.ptr());
+ BN_mul(h.ptr(), h.ptr(), q.ptr(), ctx.ptr());
+ BN_add(h.ptr(), h.ptr(), j2.ptr());
return h.to_bigint();
}
@@ -247,7 +247,7 @@ class OSSL_RSA_Public_Operation : public PK_Ops::Verification,
secure_vector<byte> verify_mr(const byte msg[], size_t msg_len)
{
BigInt m(msg, msg_len);
- return BigInt::encode(public_op(m));
+ return BigInt::encode_locked(public_op(m));
}
private:
@@ -257,7 +257,7 @@ class OSSL_RSA_Public_Operation : public PK_Ops::Verification,
throw Invalid_Argument("RSA public op - input is too large");
OSSL_BN m_bn(m), r;
- BN_mod_exp(r.value, m_bn.value, e.value, mod.value, ctx.value);
+ BN_mod_exp(r.ptr(), m_bn.ptr(), e.ptr(), mod.ptr(), ctx.ptr());
return r.to_bigint();
}