diff options
Diffstat (limited to 'src/engine')
| -rw-r--r-- | src/engine/gnump/gmp_mem.cpp | 49 | ||||
| -rw-r--r-- | src/engine/gnump/gmp_wrap.cpp | 5 | ||||
| -rw-r--r-- | src/engine/gnump/gmp_wrap.h | 2 | ||||
| -rw-r--r-- | src/engine/gnump/gnump_pk.cpp | 8 | ||||
| -rw-r--r-- | src/engine/openssl/bn_powm.cpp | 4 | ||||
| -rw-r--r-- | src/engine/openssl/bn_wrap.cpp | 30 | ||||
| -rw-r--r-- | src/engine/openssl/bn_wrap.h | 14 | ||||
| -rw-r--r-- | src/engine/openssl/ossl_bc.cpp | 6 | ||||
| -rw-r--r-- | src/engine/openssl/ossl_pk.cpp | 58 |
9 files changed, 95 insertions, 81 deletions
diff --git a/src/engine/gnump/gmp_mem.cpp b/src/engine/gnump/gmp_mem.cpp index 7cf11654d..b5a5a303e 100644 --- a/src/engine/gnump/gmp_mem.cpp +++ b/src/engine/gnump/gmp_mem.cpp @@ -7,6 +7,7 @@ #include <botan/internal/gnump_engine.h> #include <cstring> +#include <atomic> #include <gmp.h> namespace Botan { @@ -14,36 +15,44 @@ namespace Botan { namespace { /* -* Allocator used by GNU MP +* For keeping track of existing GMP_Engines and only +* resetting the memory when none are in use. */ -Allocator* gmp_alloc = 0; -size_t gmp_alloc_refcnt = 0; +std::atomic<size_t> gmp_alloc_refcnt(0); /* * Allocation Function for GNU MP */ void* gmp_malloc(size_t n) { - return gmp_alloc->allocate(n); + // Maintain alignment, mlock goes for sizeof(T) alignment + if(n % 8 == 0) + return secure_allocator<u64bit>().allocate(n / 8); + else if(n % 4 == 0) + return secure_allocator<u32bit>().allocate(n / 4); + else if(n % 2 == 0) + return secure_allocator<u16bit>().allocate(n / 2); + + return secure_allocator<byte>().allocate(n); } /* -* Reallocation Function for GNU MP +* Deallocation Function for GNU MP */ -void* gmp_realloc(void* ptr, size_t old_n, size_t new_n) +void gmp_free(void* ptr, size_t n) { - void* new_buf = gmp_alloc->allocate(new_n); - std::memcpy(new_buf, ptr, std::min(old_n, new_n)); - gmp_alloc->deallocate(ptr, old_n); - return new_buf; + secure_allocator<byte>().deallocate(static_cast<byte*>(ptr), n); } /* -* Deallocation Function for GNU MP +* Reallocation Function for GNU MP */ -void gmp_free(void* ptr, size_t n) +void* gmp_realloc(void* ptr, size_t old_n, size_t new_n) { - gmp_alloc->deallocate(ptr, n); + void* new_buf = gmp_malloc(new_n); + std::memcpy(new_buf, ptr, std::min(old_n, new_n)); + gmp_free(ptr, old_n); + return new_buf; } } @@ -53,24 +62,22 @@ void gmp_free(void* ptr, size_t n) */ GMP_Engine::GMP_Engine() { - if(gmp_alloc == 0) - { - gmp_alloc = Allocator::get(true); + /* + if(gmp_alloc_refcnt == 0) mp_set_memory_functions(gmp_malloc, gmp_realloc, gmp_free); - } - ++gmp_alloc_refcnt; + gmp_alloc_refcnt++; + */ } GMP_Engine::~GMP_Engine() { + /* --gmp_alloc_refcnt; if(gmp_alloc_refcnt == 0) - { mp_set_memory_functions(NULL, NULL, NULL); - gmp_alloc = 0; - } + */ } } diff --git a/src/engine/gnump/gmp_wrap.cpp b/src/engine/gnump/gmp_wrap.cpp index 107823ab3..22c46c7ad 100644 --- a/src/engine/gnump/gmp_wrap.cpp +++ b/src/engine/gnump/gmp_wrap.cpp @@ -87,7 +87,10 @@ BigInt GMP_MPZ::to_bigint() const { BigInt out(BigInt::Positive, (bytes() + sizeof(word) - 1) / sizeof(word)); size_t dummy = 0; - mpz_export(out.get_reg(), &dummy, -1, sizeof(word), 0, 0, value); + + auto reg = out.get_reg(); + + mpz_export(®[0], &dummy, -1, sizeof(word), 0, 0, value); if(mpz_sgn(value) < 0) out.flip_sign(); diff --git a/src/engine/gnump/gmp_wrap.h b/src/engine/gnump/gmp_wrap.h index 0a786f3ee..291d65a01 100644 --- a/src/engine/gnump/gmp_wrap.h +++ b/src/engine/gnump/gmp_wrap.h @@ -26,7 +26,7 @@ class GMP_MPZ size_t bytes() const; secure_vector<byte> to_bytes() const - { return BigInt::encode(to_bigint()); } + { return BigInt::encode_locked(to_bigint()); } GMP_MPZ& operator=(const GMP_MPZ&); diff --git a/src/engine/gnump/gnump_pk.cpp b/src/engine/gnump/gnump_pk.cpp index b2a2f9352..e9f5d29df 100644 --- a/src/engine/gnump/gnump_pk.cpp +++ b/src/engine/gnump/gnump_pk.cpp @@ -105,8 +105,8 @@ GMP_DSA_Signature_Operation::sign(const byte msg[], size_t msg_len, throw Internal_Error("GMP_DSA_Op::sign: r or s was zero"); secure_vector<byte> output(2*q_bytes); - r.encode(output, q_bytes); - s.encode(output + q_bytes, q_bytes); + r.encode(&output[0], q_bytes); + s.encode(&output[q_bytes], q_bytes); return output; } @@ -203,7 +203,7 @@ class GMP_RSA_Private_Operation : public PK_Ops::Signature, secure_vector<byte> decrypt(const byte msg[], size_t msg_len) { BigInt m(msg, msg_len); - return BigInt::encode(private_op(m)); + return BigInt::encode_locked(private_op(m)); } private: @@ -248,7 +248,7 @@ class GMP_RSA_Public_Operation : public PK_Ops::Verification, secure_vector<byte> verify_mr(const byte msg[], size_t msg_len) { BigInt m(msg, msg_len); - return BigInt::encode(public_op(m)); + return BigInt::encode_locked(public_op(m)); } private: diff --git a/src/engine/openssl/bn_powm.cpp b/src/engine/openssl/bn_powm.cpp index abf4f47c9..ac06fbe77 100644 --- a/src/engine/openssl/bn_powm.cpp +++ b/src/engine/openssl/bn_powm.cpp @@ -36,7 +36,7 @@ class OpenSSL_Modular_Exponentiator : public Modular_Exponentiator BigInt OpenSSL_Modular_Exponentiator::execute() const { OSSL_BN r; - BN_mod_exp(r.value, base.value, exp.value, mod.value, ctx.value); + BN_mod_exp(r.ptr(), base.ptr(), exp.ptr(), mod.ptr(), ctx.ptr()); return r.to_bigint(); } @@ -46,7 +46,7 @@ BigInt OpenSSL_Modular_Exponentiator::execute() const * Return the OpenSSL-based modular exponentiator */ Modular_Exponentiator* OpenSSL_Engine::mod_exp(const BigInt& n, - Power_Mod::Usage_Hints) const + Power_Mod::Usage_Hints) const { return new OpenSSL_Modular_Exponentiator(n); } diff --git a/src/engine/openssl/bn_wrap.cpp b/src/engine/openssl/bn_wrap.cpp index 0ac31f61b..0a7e42368 100644 --- a/src/engine/openssl/bn_wrap.cpp +++ b/src/engine/openssl/bn_wrap.cpp @@ -14,10 +14,10 @@ namespace Botan { */ OSSL_BN::OSSL_BN(const BigInt& in) { - value = BN_new(); - secure_vector<byte> encoding = BigInt::encode(in); + m_bn = BN_new(); + secure_vector<byte> encoding = BigInt::encode_locked(in); if(in != 0) - BN_bin2bn(encoding, encoding.size(), value); + BN_bin2bn(&encoding[0], encoding.size(), m_bn); } /* @@ -25,8 +25,8 @@ OSSL_BN::OSSL_BN(const BigInt& in) */ OSSL_BN::OSSL_BN(const byte in[], size_t length) { - value = BN_new(); - BN_bin2bn(in, length, value); + m_bn = BN_new(); + BN_bin2bn(in, length, m_bn); } /* @@ -34,7 +34,7 @@ OSSL_BN::OSSL_BN(const byte in[], size_t length) */ OSSL_BN::OSSL_BN(const OSSL_BN& other) { - value = BN_dup(other.value); + m_bn = BN_dup(other.m_bn); } /* @@ -42,7 +42,7 @@ OSSL_BN::OSSL_BN(const OSSL_BN& other) */ OSSL_BN::~OSSL_BN() { - BN_clear_free(value); + BN_clear_free(m_bn); } /* @@ -50,7 +50,7 @@ OSSL_BN::~OSSL_BN() */ OSSL_BN& OSSL_BN::operator=(const OSSL_BN& other) { - BN_copy(value, other.value); + BN_copy(m_bn, other.m_bn); return (*this); } @@ -59,7 +59,7 @@ OSSL_BN& OSSL_BN::operator=(const OSSL_BN& other) */ void OSSL_BN::encode(byte out[], size_t length) const { - BN_bn2bin(value, out + (length - bytes())); + BN_bn2bin(m_bn, out + (length - bytes())); } /* @@ -67,7 +67,7 @@ void OSSL_BN::encode(byte out[], size_t length) const */ size_t OSSL_BN::bytes() const { - return BN_num_bytes(value); + return BN_num_bytes(m_bn); } /* @@ -76,7 +76,7 @@ size_t OSSL_BN::bytes() const BigInt OSSL_BN::to_bigint() const { secure_vector<byte> out(bytes()); - BN_bn2bin(value, out); + BN_bn2bin(m_bn, &out[0]); return BigInt::decode(out); } @@ -85,7 +85,7 @@ BigInt OSSL_BN::to_bigint() const */ OSSL_BN_CTX::OSSL_BN_CTX() { - value = BN_CTX_new(); + m_ctx = BN_CTX_new(); } /* @@ -93,7 +93,7 @@ OSSL_BN_CTX::OSSL_BN_CTX() */ OSSL_BN_CTX::OSSL_BN_CTX(const OSSL_BN_CTX&) { - value = BN_CTX_new(); + m_ctx = BN_CTX_new(); } /* @@ -101,7 +101,7 @@ OSSL_BN_CTX::OSSL_BN_CTX(const OSSL_BN_CTX&) */ OSSL_BN_CTX::~OSSL_BN_CTX() { - BN_CTX_free(value); + BN_CTX_free(m_ctx); } /* @@ -109,7 +109,7 @@ OSSL_BN_CTX::~OSSL_BN_CTX() */ OSSL_BN_CTX& OSSL_BN_CTX::operator=(const OSSL_BN_CTX&) { - value = BN_CTX_new(); + m_ctx = BN_CTX_new(); return (*this); } diff --git a/src/engine/openssl/bn_wrap.h b/src/engine/openssl/bn_wrap.h index 177dbd8c7..12bcec152 100644 --- a/src/engine/openssl/bn_wrap.h +++ b/src/engine/openssl/bn_wrap.h @@ -19,14 +19,12 @@ namespace Botan { class OSSL_BN { public: - BIGNUM* value; - BigInt to_bigint() const; void encode(byte[], size_t) const; size_t bytes() const; secure_vector<byte> to_bytes() const - { return BigInt::encode(to_bigint()); } + { return BigInt::encode_locked(to_bigint()); } OSSL_BN& operator=(const OSSL_BN&); @@ -34,6 +32,10 @@ class OSSL_BN OSSL_BN(const BigInt& = 0); OSSL_BN(const byte[], size_t); ~OSSL_BN(); + + BIGNUM* ptr() const { return m_bn; } + private: + BIGNUM* m_bn; }; /** @@ -42,13 +44,15 @@ class OSSL_BN class OSSL_BN_CTX { public: - BN_CTX* value; - OSSL_BN_CTX& operator=(const OSSL_BN_CTX&); OSSL_BN_CTX(); OSSL_BN_CTX(const OSSL_BN_CTX&); ~OSSL_BN_CTX(); + + BN_CTX* ptr() const { return m_ctx; } + private: + BN_CTX* m_ctx; }; } diff --git a/src/engine/openssl/ossl_bc.cpp b/src/engine/openssl/ossl_bc.cpp index d419f56be..b3b509c36 100644 --- a/src/engine/openssl/ossl_bc.cpp +++ b/src/engine/openssl/ossl_bc.cpp @@ -123,7 +123,7 @@ void EVP_BlockCipher::decrypt_n(const byte in[], byte out[], */ void EVP_BlockCipher::key_schedule(const byte key[], size_t length) { - secure_vector<byte> full_key(key, length); + secure_vector<byte> full_key(key, key + length); if(cipher_name == "TripleDES" && length == 16) { @@ -141,8 +141,8 @@ void EVP_BlockCipher::key_schedule(const byte key[], size_t length) EVP_CIPHER_CTX_ctrl(&decrypt, EVP_CTRL_SET_RC2_KEY_BITS, length*8, 0); } - EVP_EncryptInit_ex(&encrypt, 0, 0, full_key.begin(), 0); - EVP_DecryptInit_ex(&decrypt, 0, 0, full_key.begin(), 0); + EVP_EncryptInit_ex(&encrypt, 0, 0, &full_key[0], 0); + EVP_DecryptInit_ex(&decrypt, 0, 0, &full_key[0], 0); } /* diff --git a/src/engine/openssl/ossl_pk.cpp b/src/engine/openssl/ossl_pk.cpp index 2557ec297..943204375 100644 --- a/src/engine/openssl/ossl_pk.cpp +++ b/src/engine/openssl/ossl_pk.cpp @@ -39,7 +39,7 @@ class OSSL_DH_KA_Operation : public PK_Ops::Key_Agreement secure_vector<byte> agree(const byte w[], size_t w_len) { OSSL_BN i(w, w_len), r; - BN_mod_exp(r.value, i.value, x.value, p.value, ctx.value); + BN_mod_exp(r.ptr(), i.ptr(), x.ptr(), p.ptr(), ctx.ptr()); return r.to_bytes(); } @@ -90,22 +90,22 @@ OSSL_DSA_Signature_Operation::sign(const byte msg[], size_t msg_len, OSSL_BN k(k_bn); OSSL_BN r; - BN_mod_exp(r.value, g.value, k.value, p.value, ctx.value); - BN_nnmod(r.value, r.value, q.value, ctx.value); + BN_mod_exp(r.ptr(), g.ptr(), k.ptr(), p.ptr(), ctx.ptr()); + BN_nnmod(r.ptr(), r.ptr(), q.ptr(), ctx.ptr()); - BN_mod_inverse(k.value, k.value, q.value, ctx.value); + BN_mod_inverse(k.ptr(), k.ptr(), q.ptr(), ctx.ptr()); OSSL_BN s; - BN_mul(s.value, x.value, r.value, ctx.value); - BN_add(s.value, s.value, i.value); - BN_mod_mul(s.value, s.value, k.value, q.value, ctx.value); + BN_mul(s.ptr(), x.ptr(), r.ptr(), ctx.ptr()); + BN_add(s.ptr(), s.ptr(), i.ptr()); + BN_mod_mul(s.ptr(), s.ptr(), k.ptr(), q.ptr(), ctx.ptr()); - if(BN_is_zero(r.value) || BN_is_zero(s.value)) + if(BN_is_zero(r.ptr()) || BN_is_zero(s.ptr())) throw Internal_Error("OpenSSL_DSA_Op::sign: r or s was zero"); secure_vector<byte> output(2*q_bytes); - r.encode(output, q_bytes); - s.encode(output + q_bytes, q_bytes); + r.encode(&output[0], q_bytes); + s.encode(&output[q_bytes], q_bytes); return output; } @@ -145,26 +145,26 @@ bool OSSL_DSA_Verification_Operation::verify(const byte msg[], size_t msg_len, OSSL_BN s(sig + q_bytes, q_bytes); OSSL_BN i(msg, msg_len); - if(BN_is_zero(r.value) || BN_cmp(r.value, q.value) >= 0) + if(BN_is_zero(r.ptr()) || BN_cmp(r.ptr(), q.ptr()) >= 0) return false; - if(BN_is_zero(s.value) || BN_cmp(s.value, q.value) >= 0) + if(BN_is_zero(s.ptr()) || BN_cmp(s.ptr(), q.ptr()) >= 0) return false; - if(BN_mod_inverse(s.value, s.value, q.value, ctx.value) == 0) + if(BN_mod_inverse(s.ptr(), s.ptr(), q.ptr(), ctx.ptr()) == 0) return false; OSSL_BN si; - BN_mod_mul(si.value, s.value, i.value, q.value, ctx.value); - BN_mod_exp(si.value, g.value, si.value, p.value, ctx.value); + BN_mod_mul(si.ptr(), s.ptr(), i.ptr(), q.ptr(), ctx.ptr()); + BN_mod_exp(si.ptr(), g.ptr(), si.ptr(), p.ptr(), ctx.ptr()); OSSL_BN sr; - BN_mod_mul(sr.value, s.value, r.value, q.value, ctx.value); - BN_mod_exp(sr.value, y.value, sr.value, p.value, ctx.value); + BN_mod_mul(sr.ptr(), s.ptr(), r.ptr(), q.ptr(), ctx.ptr()); + BN_mod_exp(sr.ptr(), y.ptr(), sr.ptr(), p.ptr(), ctx.ptr()); - BN_mod_mul(si.value, si.value, sr.value, p.value, ctx.value); - BN_nnmod(si.value, si.value, q.value, ctx.value); + BN_mod_mul(si.ptr(), si.ptr(), sr.ptr(), p.ptr(), ctx.ptr()); + BN_nnmod(si.ptr(), si.ptr(), q.ptr(), ctx.ptr()); - if(BN_cmp(si.value, r.value) == 0) + if(BN_cmp(si.ptr(), r.ptr()) == 0) return true; return false; @@ -202,7 +202,7 @@ class OSSL_RSA_Private_Operation : public PK_Ops::Signature, secure_vector<byte> decrypt(const byte msg[], size_t msg_len) { BigInt m(msg, msg_len); - return BigInt::encode(private_op(m)); + return BigInt::encode_locked(private_op(m)); } private: @@ -217,12 +217,12 @@ BigInt OSSL_RSA_Private_Operation::private_op(const BigInt& m) const { OSSL_BN j1, j2, h(m); - BN_mod_exp(j1.value, h.value, d1.value, p.value, ctx.value); - BN_mod_exp(j2.value, h.value, d2.value, q.value, ctx.value); - BN_sub(h.value, j1.value, j2.value); - BN_mod_mul(h.value, h.value, c.value, p.value, ctx.value); - BN_mul(h.value, h.value, q.value, ctx.value); - BN_add(h.value, h.value, j2.value); + BN_mod_exp(j1.ptr(), h.ptr(), d1.ptr(), p.ptr(), ctx.ptr()); + BN_mod_exp(j2.ptr(), h.ptr(), d2.ptr(), q.ptr(), ctx.ptr()); + BN_sub(h.ptr(), j1.ptr(), j2.ptr()); + BN_mod_mul(h.ptr(), h.ptr(), c.ptr(), p.ptr(), ctx.ptr()); + BN_mul(h.ptr(), h.ptr(), q.ptr(), ctx.ptr()); + BN_add(h.ptr(), h.ptr(), j2.ptr()); return h.to_bigint(); } @@ -247,7 +247,7 @@ class OSSL_RSA_Public_Operation : public PK_Ops::Verification, secure_vector<byte> verify_mr(const byte msg[], size_t msg_len) { BigInt m(msg, msg_len); - return BigInt::encode(public_op(m)); + return BigInt::encode_locked(public_op(m)); } private: @@ -257,7 +257,7 @@ class OSSL_RSA_Public_Operation : public PK_Ops::Verification, throw Invalid_Argument("RSA public op - input is too large"); OSSL_BN m_bn(m), r; - BN_mod_exp(r.value, m_bn.value, e.value, mod.value, ctx.value); + BN_mod_exp(r.ptr(), m_bn.ptr(), e.ptr(), mod.ptr(), ctx.ptr()); return r.to_bigint(); } |