Stop leaking OpenSSL types and defines in the isc/safe.h

The two "functions" that isc/safe.h declared before were actually simple
defines to matching OpenSSL functions.  The downside of the approach was
enforcing all users of the libisc library to explicitly list the include
path to OpenSSL and link with -lcrypto.  By hiding the specific
implementation into the private namespace changing the defines into
simple functions, we no longer enforce this.  In the long run, this
might also allow us to switch cryptographic library implementation
without affecting the downstream users.

diff --git a/lib/isc/Makefile.in b/lib/isc/Makefile.in
index abbaecb052e5b960cd88dad9e494cd034ab66647..1b6b4466cddadf728907c017aa9b310f1b29ce13 100644 (file)
--- a/lib/isc/Makefile.in
+++ b/lib/isc/Makefile.in
@@ -60,7 +60,7 @@ OBJS =                pk11.@O@ pk11_result.@O@ \
                parseint.@O@ portset.@O@ queue.@O@ quota.@O@ \
                radix.@O@ random.@O@ ratelimiter.@O@ \
                region.@O@ regex.@O@ result.@O@ rwlock.@O@ \
-               serial.@O@ siphash.@O@ sockaddr.@O@ stats.@O@ \
+               safe.@O@ serial.@O@ siphash.@O@ sockaddr.@O@ stats.@O@ \
                string.@O@ symtab.@O@ task.@O@ taskpool.@O@ \
                tm.@O@ timer.@O@ version.@O@ \
                ${UNIXOBJS} ${THREADOBJS}
@@ -77,7 +77,7 @@ SRCS =                pk11.c pk11_result.c \
                netaddr.c netscope.c nonce.c openssl_shim.c pool.c \
                parseint.c portset.c queue.c quota.c radix.c random.c \
                ratelimiter.c region.c regex.c result.c rwlock.c \
-               serial.c siphash.c sockaddr.c stats.c string.c \
+               safe.c serial.c siphash.c sockaddr.c stats.c string.c \
                symtab.c task.c taskpool.c timer.c \
                tm.c version.c
 

diff --git a/lib/isc/include/isc/safe.h b/lib/isc/include/isc/safe.h
index 7fbcd60f86a22dcab75facba329ea6683e1fa2bb..3c4784114dd28992d66ec953cce351fccb66694d 100644 (file)
--- a/lib/isc/include/isc/safe.h
+++ b/lib/isc/include/isc/safe.h
@@ -16,11 +16,10 @@
 
 #include <isc/lang.h>
 
-#include <openssl/crypto.h>
-
 ISC_LANG_BEGINDECLS
 
-#define isc_safe_memequal(s1, s2, n) !CRYPTO_memcmp(s1, s2, n)
+int
+isc_safe_memequal(const void *, const void *, size_t);
 
 /*%<
  * Returns true iff. two blocks of memory are equal, otherwise
@@ -28,7 +27,9 @@ ISC_LANG_BEGINDECLS
  *
  */
 
-#define isc_safe_memwipe(ptr, len) OPENSSL_cleanse(ptr, len)
+void
+isc_safe_memwipe(void *, size_t);
+
 /*%<
  * Clear the memory of length `len` pointed to by `ptr`.
  *

diff --git a/lib/isc/safe.c b/lib/isc/safe.c
new file mode 100644 (file)
index 0000000..91f397a
--- /dev/null
+++ b/lib/isc/safe.c
@@ -0,0 +1,24 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#include <openssl/crypto.h>
+
+#include <isc/safe.h>
+
+int
+isc_safe_memequal(const void *s1, const void *s2, size_t len) {
+       return (!CRYPTO_memcmp(s1, s2, len));
+}
+
+void
+isc_safe_memwipe(void *ptr, size_t len) {
+       OPENSSL_cleanse(ptr, len);
+}

diff --git a/lib/isc/win32/libisc.def.in b/lib/isc/win32/libisc.def.in
index cab49519a0cd778f178fe4819ba6d9f3793d7b94..155966177732587ef724606bf0be805300b83bf2 100644 (file)
--- a/lib/isc/win32/libisc.def.in
+++ b/lib/isc/win32/libisc.def.in
@@ -541,6 +541,8 @@ isc_rwlock_lock
 isc_rwlock_trylock
 isc_rwlock_tryupgrade
 isc_rwlock_unlock
+isc_safe_memequal
+isc_safe_memwipe
 isc_serial_eq
 isc_serial_ge
 isc_serial_gt

diff --git a/lib/isc/win32/libisc.vcxproj.filters.in b/lib/isc/win32/libisc.vcxproj.filters.in
index 7a4d86b34e5bc155046ee6332e2d70e93a5fc46d..5e8d0b40bd0005aeec5edec93423523a6aeaa0a3 100644 (file)
--- a/lib/isc/win32/libisc.vcxproj.filters.in
+++ b/lib/isc/win32/libisc.vcxproj.filters.in
@@ -584,6 +584,9 @@
     <ClCompile Include="..\rwlock.c">
       <Filter>Library Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="..\safe.c">
+      <Filter>Library Source Files</Filter>
+    </ClCompile>
     <ClCompile Include="..\serial.c">
       <Filter>Library Source Files</Filter>
     </ClCompile>

diff --git a/lib/isc/win32/libisc.vcxproj.in b/lib/isc/win32/libisc.vcxproj.in
index b7079bbf6c96ca0220877c0f4f083705b895664e..5267abfe4d24b0c2ec70d38b62dafe4ebd491738 100644 (file)
--- a/lib/isc/win32/libisc.vcxproj.in
+++ b/lib/isc/win32/libisc.vcxproj.in
@@ -464,6 +464,7 @@ copy InstallFiles ..\Build\Release\
     <ClCompile Include="..\region.c" />
     <ClCompile Include="..\result.c" />
     <ClCompile Include="..\rwlock.c" />
+    <ClCompile Include="..\safe.c" />
     <ClCompile Include="..\serial.c" />
     <ClCompile Include="..\siphash.c" />
     <ClCompile Include="..\sockaddr.c" />

diff --git a/util/copyrights b/util/copyrights
index 25d4c852ac4ffb89d4d835c7c5e53ce5adfa539b..766615d0a3fcfaa01082af4d190c02171787403c 100644 (file)
--- a/util/copyrights
+++ b/util/copyrights
@@ -2284,6 +2284,7 @@
 ./lib/isc/region.c                             C       2002,2004,2005,2007,2016,2018,2019,2020
 ./lib/isc/result.c                             C       1998,1999,2000,2001,2003,2004,2005,2007,2008,2012,2014,2015,2016,2017,2018,2019,2020
 ./lib/isc/rwlock.c                             C       1998,1999,2000,2001,2003,2004,2005,2007,2009,2011,2012,2015,2016,2017,2018,2019,2020
+./lib/isc/safe.c                               C       2020
 ./lib/isc/serial.c                             C       1999,2000,2001,2004,2005,2007,2016,2018,2019,2020
 ./lib/isc/siphash.c                            C       2019,2020
 ./lib/isc/sockaddr.c                           C       1999,2000,2001,2002,2003,2004,2005,2006,2007,2010,2011,2012,2014,2015,2016,2017,2018,2019,2020