/*
- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
+#include <openssl/trace.h>
#include "internal/cryptlib.h"
-#include "bn_lcl.h"
+#include "bn_local.h"
/*-
* TODO list
int too_many;
/* Flags. */
int flags;
+ /* The library context */
+ OPENSSL_CTX *libctx;
};
-/* Enable this to find BN_CTX bugs */
-#ifdef BN_CTX_DEBUG
-static const char *ctxdbg_cur = NULL;
-static void ctxdbg(BN_CTX *ctx)
+#ifndef FIPS_MODE
+/* Debugging functionality */
+static void ctxdbg(BIO *channel, const char *text, BN_CTX *ctx)
{
unsigned int bnidx = 0, fpidx = 0;
BN_POOL_ITEM *item = ctx->pool.head;
BN_STACK *stack = &ctx->stack;
- fprintf(stderr, "(%16p): ", ctx);
+
+ BIO_printf(channel, "%s\n", text);
+ BIO_printf(channel, " (%16p): ", (void*)ctx);
while (bnidx < ctx->used) {
- fprintf(stderr, "%03x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax);
+ BIO_printf(channel, "%03x ",
+ item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax);
if (!(bnidx % BN_CTX_POOL_SIZE))
item = item->next;
}
- fprintf(stderr, "\n");
+ BIO_printf(channel, "\n");
bnidx = 0;
- fprintf(stderr, " : ");
+ BIO_printf(channel, " %16s : ", "");
while (fpidx < stack->depth) {
while (bnidx++ < stack->indexes[fpidx])
- fprintf(stderr, " ");
- fprintf(stderr, "^^^ ");
+ BIO_printf(channel, " ");
+ BIO_printf(channel, "^^^ ");
bnidx++;
fpidx++;
}
- fprintf(stderr, "\n");
+ BIO_printf(channel, "\n");
}
-# define CTXDBG_ENTRY(str, ctx) do { \
- ctxdbg_cur = (str); \
- fprintf(stderr,"Starting %s\n", ctxdbg_cur); \
- ctxdbg(ctx); \
- } while(0)
-# define CTXDBG_EXIT(ctx) do { \
- fprintf(stderr,"Ending %s\n", ctxdbg_cur); \
- ctxdbg(ctx); \
- } while(0)
-# define CTXDBG_RET(ctx,ret)
+# define CTXDBG(str, ctx) \
+ OSSL_TRACE_BEGIN(BN_CTX) { \
+ ctxdbg(trc_out, str, ctx); \
+ } OSSL_TRACE_END(BN_CTX)
#else
-# define CTXDBG_ENTRY(str, ctx)
-# define CTXDBG_EXIT(ctx)
-# define CTXDBG_RET(ctx,ret)
-#endif
+/* TODO(3.0): Consider if we want to do this in FIPS mode */
+# define CTXDBG(str, ctx) do {} while(0)
+#endif /* FIPS_MODE */
-
-BN_CTX *BN_CTX_new(void)
+BN_CTX *BN_CTX_new_ex(OPENSSL_CTX *ctx)
{
BN_CTX *ret;
if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
- BNerr(BN_F_BN_CTX_NEW, ERR_R_MALLOC_FAILURE);
+ BNerr(BN_F_BN_CTX_NEW_EX, ERR_R_MALLOC_FAILURE);
return NULL;
}
/* Initialise the structure */
BN_POOL_init(&ret->pool);
BN_STACK_init(&ret->stack);
+ ret->libctx = ctx;
return ret;
}
-BN_CTX *BN_CTX_secure_new(void)
+#ifndef FIPS_MODE
+BN_CTX *BN_CTX_new(void)
+{
+ return BN_CTX_new_ex(NULL);
+}
+#endif
+
+BN_CTX *BN_CTX_secure_new_ex(OPENSSL_CTX *ctx)
{
- BN_CTX *ret = BN_CTX_new();
+ BN_CTX *ret = BN_CTX_new_ex(ctx);
if (ret != NULL)
ret->flags = BN_FLG_SECURE;
return ret;
}
+#ifndef FIPS_MODE
+BN_CTX *BN_CTX_secure_new(void)
+{
+ return BN_CTX_secure_new_ex(NULL);
+}
+#endif
+
void BN_CTX_free(BN_CTX *ctx)
{
if (ctx == NULL)
return;
-#ifdef BN_CTX_DEBUG
- {
+#ifndef FIPS_MODE
+ OSSL_TRACE_BEGIN(BN_CTX) {
BN_POOL_ITEM *pool = ctx->pool.head;
- fprintf(stderr, "BN_CTX_free, stack-size=%d, pool-bignums=%d\n",
- ctx->stack.size, ctx->pool.size);
- fprintf(stderr, "dmaxs: ");
+ BIO_printf(trc_out,
+ "BN_CTX_free(): stack-size=%d, pool-bignums=%d\n",
+ ctx->stack.size, ctx->pool.size);
+ BIO_printf(trc_out, " dmaxs: ");
while (pool) {
unsigned loop = 0;
while (loop < BN_CTX_POOL_SIZE)
- fprintf(stderr, "%02x ", pool->vals[loop++].dmax);
+ BIO_printf(trc_out, "%02x ", pool->vals[loop++].dmax);
pool = pool->next;
}
- fprintf(stderr, "\n");
- }
+ BIO_printf(trc_out, "\n");
+ } OSSL_TRACE_END(BN_CTX);
#endif
BN_STACK_finish(&ctx->stack);
BN_POOL_finish(&ctx->pool);
void BN_CTX_start(BN_CTX *ctx)
{
- CTXDBG_ENTRY("BN_CTX_start", ctx);
+ CTXDBG("ENTER BN_CTX_start()", ctx);
/* If we're already overflowing ... */
if (ctx->err_stack || ctx->too_many)
ctx->err_stack++;
BNerr(BN_F_BN_CTX_START, BN_R_TOO_MANY_TEMPORARY_VARIABLES);
ctx->err_stack++;
}
- CTXDBG_EXIT(ctx);
+ CTXDBG("LEAVE BN_CTX_start()", ctx);
}
void BN_CTX_end(BN_CTX *ctx)
{
- CTXDBG_ENTRY("BN_CTX_end", ctx);
+ if (ctx == NULL)
+ return;
+ CTXDBG("ENTER BN_CTX_end()", ctx);
if (ctx->err_stack)
ctx->err_stack--;
else {
/* Unjam "too_many" in case "get" had failed */
ctx->too_many = 0;
}
- CTXDBG_EXIT(ctx);
+ CTXDBG("LEAVE BN_CTX_end()", ctx);
}
BIGNUM *BN_CTX_get(BN_CTX *ctx)
{
BIGNUM *ret;
- CTXDBG_ENTRY("BN_CTX_get", ctx);
+ CTXDBG("ENTER BN_CTX_get()", ctx);
if (ctx->err_stack || ctx->too_many)
return NULL;
if ((ret = BN_POOL_get(&ctx->pool, ctx->flags)) == NULL) {
}
/* OK, make sure the returned bignum is "zero" */
BN_zero(ret);
+ /* clear BN_FLG_CONSTTIME if leaked from previous frames */
+ ret->flags &= (~BN_FLG_CONSTTIME);
ctx->used++;
- CTXDBG_RET(ctx, ret);
+ CTXDBG("LEAVE BN_CTX_get()", ctx);
return ret;
}
+OPENSSL_CTX *bn_get_lib_ctx(BN_CTX *ctx)
+{
+ if (ctx == NULL)
+ return NULL;
+ return ctx->libctx;
+}
+
/************/
/* BN_STACK */
/************/
/* Need to expand */
unsigned int newsize =
st->size ? (st->size * 3 / 2) : BN_CTX_START_FRAMES;
- unsigned int *newitems = OPENSSL_malloc(sizeof(*newitems) * newsize);
- if (newitems == NULL)
+ unsigned int *newitems;
+
+ if ((newitems = OPENSSL_malloc(sizeof(*newitems) * newsize)) == NULL) {
+ BNerr(BN_F_BN_STACK_PUSH, ERR_R_MALLOC_FAILURE);
return 0;
+ }
if (st->depth)
memcpy(newitems, st->indexes, sizeof(*newitems) * st->depth);
OPENSSL_free(st->indexes);
/* Full; allocate a new pool item and link it in. */
if (p->used == p->size) {
- BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(*item));
- if (item == NULL)
+ BN_POOL_ITEM *item;
+
+ if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) {
+ BNerr(BN_F_BN_POOL_GET, ERR_R_MALLOC_FAILURE);
return NULL;
+ }
for (loop = 0, bn = item->vals; loop++ < BN_CTX_POOL_SIZE; bn++) {
bn_init(bn);
if ((flag & BN_FLG_SECURE) != 0)