From d95e676a90c8bf1e60deccbd1311ec8489c5f977 Mon Sep 17 00:00:00 2001 From: Shubham Mittal Date: Tue, 27 Feb 2024 16:56:34 -0800 Subject: [PATCH 01/11] added secure_zalloc --- crypto/mem.c | 2 ++ include/openssl/mem.h | 3 +++ 2 files changed, 5 insertions(+) diff --git a/crypto/mem.c b/crypto/mem.c index 2b0085a5c7..02799f8fbc 100644 --- a/crypto/mem.c +++ b/crypto/mem.c @@ -329,6 +329,8 @@ size_t CRYPTO_secure_used(void) { return 0; } void *OPENSSL_secure_malloc(size_t size) { return OPENSSL_malloc(size); } +void *OPENSSL_secure_zalloc(size_t size) { return OPENSSL_zalloc(size); } + void OPENSSL_secure_clear_free(void *ptr, size_t len) { OPENSSL_clear_free(ptr, len); } diff --git a/include/openssl/mem.h b/include/openssl/mem.h index ce99bec509..b3f201845f 100644 --- a/include/openssl/mem.h +++ b/include/openssl/mem.h @@ -250,6 +250,9 @@ OPENSSL_EXPORT size_t CRYPTO_secure_used(void); // OPENSSL_secure_malloc calls |OPENSSL_malloc|. OPENSSL_EXPORT void *OPENSSL_secure_malloc(size_t size); +// OPENSSL_secure_zalloc calls |OPENSSL_zalloc|. +OPENSSL_EXPORT void *OPENSSL_secure_zalloc(size_t size); + // OPENSSL_secure_clear_free calls |OPENSSL_clear_free|. OPENSSL_EXPORT void OPENSSL_secure_clear_free(void *ptr, size_t len); From c95f95eeef29dc83034c68aaa200377a7481edfd Mon Sep 17 00:00:00 2001 From: Shubham Mittal Date: Mon, 4 Mar 2024 19:08:35 -0800 Subject: [PATCH 02/11] added BIO_s_secmem --- crypto/bio/bio_mem.c | 5 +++++ include/openssl/bio.h | 3 +++ 2 files changed, 8 insertions(+) diff --git a/crypto/bio/bio_mem.c b/crypto/bio/bio_mem.c index 1751e2156a..5852b32d49 100644 --- a/crypto/bio/bio_mem.c +++ b/crypto/bio/bio_mem.c @@ -303,3 +303,8 @@ int BIO_set_mem_buf(BIO *bio, BUF_MEM *b, int take_ownership) { int BIO_set_mem_eof_return(BIO *bio, int eof_value) { return (int)BIO_ctrl(bio, BIO_C_SET_BUF_MEM_EOF_RETURN, eof_value, NULL); } + +// What should retval be for deprecated no-op? Null? +const BIO_METHOD *BIO_s_secmem(void) { + return BIO_s_mem(); +} \ No newline at end of file diff --git a/include/openssl/bio.h b/include/openssl/bio.h index d140b9b029..64e5383b00 100644 --- a/include/openssl/bio.h +++ b/include/openssl/bio.h @@ -447,6 +447,9 @@ OPENSSL_EXPORT int BIO_set_mem_buf(BIO *bio, BUF_MEM *b, int take_ownership); // default is -1 so that additional data can be written once exhausted. OPENSSL_EXPORT int BIO_set_mem_eof_return(BIO *bio, int eof_value); +// no-op function from OPENSSL for nodejs compatibility +OPENSSL_EXPORT OPENSSL_DEPRECATED const BIO_METHOD *BIO_s_secmem(void); + // BIO close flags. // From 7a41fda879339eacd0b5172dbec12a8b820265d6 Mon Sep 17 00:00:00 2001 From: Shubham Mittal Date: Tue, 5 Mar 2024 18:11:56 -0800 Subject: [PATCH 03/11] fixed bio comments --- crypto/bio/bio_mem.c | 1 - include/openssl/bio.h | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/crypto/bio/bio_mem.c b/crypto/bio/bio_mem.c index 5852b32d49..5486445081 100644 --- a/crypto/bio/bio_mem.c +++ b/crypto/bio/bio_mem.c @@ -304,7 +304,6 @@ int BIO_set_mem_eof_return(BIO *bio, int eof_value) { return (int)BIO_ctrl(bio, BIO_C_SET_BUF_MEM_EOF_RETURN, eof_value, NULL); } -// What should retval be for deprecated no-op? Null? const BIO_METHOD *BIO_s_secmem(void) { return BIO_s_mem(); } \ No newline at end of file diff --git a/include/openssl/bio.h b/include/openssl/bio.h index 64e5383b00..75dcb3f828 100644 --- a/include/openssl/bio.h +++ b/include/openssl/bio.h @@ -447,10 +447,10 @@ OPENSSL_EXPORT int BIO_set_mem_buf(BIO *bio, BUF_MEM *b, int take_ownership); // default is -1 so that additional data can be written once exhausted. OPENSSL_EXPORT int BIO_set_mem_eof_return(BIO *bio, int eof_value); -// no-op function from OPENSSL for nodejs compatibility +// Returns the normal BIO_METHOD |BIO_s_mem|. Deprecated since AWS-LC does not +// support secure heaps. OPENSSL_EXPORT OPENSSL_DEPRECATED const BIO_METHOD *BIO_s_secmem(void); - // BIO close flags. // // These can be used as symbolic arguments when a "close flag" is passed to a From e2acdce14bf55aa391c1ca2a4bcce31841827981 Mon Sep 17 00:00:00 2001 From: Shubham Mittal Date: Fri, 8 Mar 2024 16:58:27 -0800 Subject: [PATCH 04/11] added documentation about secure heaps --- include/openssl/mem.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/openssl/mem.h b/include/openssl/mem.h index b3f201845f..06fdc88bf1 100644 --- a/include/openssl/mem.h +++ b/include/openssl/mem.h @@ -247,6 +247,11 @@ OPENSSL_EXPORT int CRYPTO_secure_malloc_initialized(void); // CRYPTO_secure_used returns zero. OPENSSL_EXPORT size_t CRYPTO_secure_used(void); +// OPENSSL supports the concept of secure heaps to help protect applications from pointer overruns or underruns that +// could return arbitrary data from the program's dynamic memory area where sensitive information may be stored. +// AWS-LC does not support secure heaps. Therefore, |OPENSSL_secure_malloc| and |OPENSSL_secure_zalloc| are +// implemented as wrappers around their normal counterparts. + // OPENSSL_secure_malloc calls |OPENSSL_malloc|. OPENSSL_EXPORT void *OPENSSL_secure_malloc(size_t size); From b3cc6b39b219da235eb483ac4347164711dcabad Mon Sep 17 00:00:00 2001 From: Shubham Mittal Date: Fri, 8 Mar 2024 17:01:46 -0800 Subject: [PATCH 05/11] marked secure malloc and zalloc as deprecated --- include/openssl/mem.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/openssl/mem.h b/include/openssl/mem.h index 06fdc88bf1..3af7131a40 100644 --- a/include/openssl/mem.h +++ b/include/openssl/mem.h @@ -253,10 +253,10 @@ OPENSSL_EXPORT size_t CRYPTO_secure_used(void); // implemented as wrappers around their normal counterparts. // OPENSSL_secure_malloc calls |OPENSSL_malloc|. -OPENSSL_EXPORT void *OPENSSL_secure_malloc(size_t size); +OPENSSL_EXPORT OPENSSL_DEPRECATED void *OPENSSL_secure_malloc(size_t size); // OPENSSL_secure_zalloc calls |OPENSSL_zalloc|. -OPENSSL_EXPORT void *OPENSSL_secure_zalloc(size_t size); +OPENSSL_EXPORT OPENSSL_DEPRECATED void *OPENSSL_secure_zalloc(size_t size); // OPENSSL_secure_clear_free calls |OPENSSL_clear_free|. OPENSSL_EXPORT void OPENSSL_secure_clear_free(void *ptr, size_t len); From 7df44c4a700e45d7c1ff067283f9b816beb49ce9 Mon Sep 17 00:00:00 2001 From: Shubham Mittal Date: Mon, 11 Mar 2024 20:07:31 -0700 Subject: [PATCH 06/11] changed documentation and marked other secure heap functions as OPENSSL_DEPRECATED --- include/openssl/bio.h | 7 ++++--- include/openssl/mem.h | 8 ++++---- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/include/openssl/bio.h b/include/openssl/bio.h index 75dcb3f828..ad4e6c2058 100644 --- a/include/openssl/bio.h +++ b/include/openssl/bio.h @@ -447,9 +447,6 @@ OPENSSL_EXPORT int BIO_set_mem_buf(BIO *bio, BUF_MEM *b, int take_ownership); // default is -1 so that additional data can be written once exhausted. OPENSSL_EXPORT int BIO_set_mem_eof_return(BIO *bio, int eof_value); -// Returns the normal BIO_METHOD |BIO_s_mem|. Deprecated since AWS-LC does not -// support secure heaps. -OPENSSL_EXPORT OPENSSL_DEPRECATED const BIO_METHOD *BIO_s_secmem(void); // BIO close flags. // @@ -882,6 +879,10 @@ OPENSSL_EXPORT int BIO_meth_set_puts(BIO_METHOD *method, // BIO_meth_get_puts returns |puts| function of |method|. OPENSSL_EXPORT int (*BIO_meth_get_puts(const BIO_METHOD *method)) (BIO *, const char *); +// BIO_s_secmem returns the normal BIO_METHOD |BIO_s_mem|. Deprecated since AWS-LC +// does not support secure heaps. +OPENSSL_EXPORT OPENSSL_DEPRECATED const BIO_METHOD *BIO_s_secmem(void); + // Private functions #define BIO_FLAGS_READ 0x01 diff --git a/include/openssl/mem.h b/include/openssl/mem.h index 3af7131a40..62f71fcf0a 100644 --- a/include/openssl/mem.h +++ b/include/openssl/mem.h @@ -239,13 +239,13 @@ OPENSSL_EXPORT int CRYPTO_set_mem_functions( void (*f)(void *, const char *, int)); // CRYPTO_secure_malloc_init returns zero. -OPENSSL_EXPORT int CRYPTO_secure_malloc_init(size_t size, size_t min_size); +OPENSSL_EXPORT OPENSSL_DEPRECATED int CRYPTO_secure_malloc_init(size_t size, size_t min_size); // CRYPTO_secure_malloc_initialized returns zero. -OPENSSL_EXPORT int CRYPTO_secure_malloc_initialized(void); +OPENSSL_EXPORT OPENSSL_DEPRECATED int CRYPTO_secure_malloc_initialized(void); // CRYPTO_secure_used returns zero. -OPENSSL_EXPORT size_t CRYPTO_secure_used(void); +OPENSSL_EXPORT OPENSSL_DEPRECATED size_t CRYPTO_secure_used(void); // OPENSSL supports the concept of secure heaps to help protect applications from pointer overruns or underruns that // could return arbitrary data from the program's dynamic memory area where sensitive information may be stored. @@ -259,7 +259,7 @@ OPENSSL_EXPORT OPENSSL_DEPRECATED void *OPENSSL_secure_malloc(size_t size); OPENSSL_EXPORT OPENSSL_DEPRECATED void *OPENSSL_secure_zalloc(size_t size); // OPENSSL_secure_clear_free calls |OPENSSL_clear_free|. -OPENSSL_EXPORT void OPENSSL_secure_clear_free(void *ptr, size_t len); +OPENSSL_EXPORT OPENSSL_DEPRECATED void OPENSSL_secure_clear_free(void *ptr, size_t len); #if defined(__cplusplus) From dc7f4696c622db744c00aa17f8a6b9ae9be1cc51 Mon Sep 17 00:00:00 2001 From: Shubham Mittal Date: Tue, 12 Mar 2024 13:33:53 -0700 Subject: [PATCH 07/11] added newline to end of file --- crypto/bio/bio_mem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/bio/bio_mem.c b/crypto/bio/bio_mem.c index 5486445081..f4c01d1dff 100644 --- a/crypto/bio/bio_mem.c +++ b/crypto/bio/bio_mem.c @@ -306,4 +306,4 @@ int BIO_set_mem_eof_return(BIO *bio, int eof_value) { const BIO_METHOD *BIO_s_secmem(void) { return BIO_s_mem(); -} \ No newline at end of file +} From e17f2c2fa4900387ce80b12a075fb6ca74b366ea Mon Sep 17 00:00:00 2001 From: Shubham Mittal Date: Tue, 26 Mar 2024 16:46:21 -0700 Subject: [PATCH 08/11] changed comments for sec heap --- include/openssl/mem.h | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/include/openssl/mem.h b/include/openssl/mem.h index 62f71fcf0a..664d265a42 100644 --- a/include/openssl/mem.h +++ b/include/openssl/mem.h @@ -238,6 +238,10 @@ OPENSSL_EXPORT int CRYPTO_set_mem_functions( void *(*r)(void *, size_t, const char *, int), void (*f)(void *, const char *, int)); +// OPENSSL supports the concept of secure heaps to help protect applications from pointer overruns or underruns that +// could return arbitrary data from the program's dynamic memory area where sensitive information may be stored. +// AWS-LC does not support secure heaps. Therefore, the following functions are marked as deprecated. + // CRYPTO_secure_malloc_init returns zero. OPENSSL_EXPORT OPENSSL_DEPRECATED int CRYPTO_secure_malloc_init(size_t size, size_t min_size); @@ -247,11 +251,6 @@ OPENSSL_EXPORT OPENSSL_DEPRECATED int CRYPTO_secure_malloc_initialized(void); // CRYPTO_secure_used returns zero. OPENSSL_EXPORT OPENSSL_DEPRECATED size_t CRYPTO_secure_used(void); -// OPENSSL supports the concept of secure heaps to help protect applications from pointer overruns or underruns that -// could return arbitrary data from the program's dynamic memory area where sensitive information may be stored. -// AWS-LC does not support secure heaps. Therefore, |OPENSSL_secure_malloc| and |OPENSSL_secure_zalloc| are -// implemented as wrappers around their normal counterparts. - // OPENSSL_secure_malloc calls |OPENSSL_malloc|. OPENSSL_EXPORT OPENSSL_DEPRECATED void *OPENSSL_secure_malloc(size_t size); From 07466da01671644ee03383c13f77b4d95587d776 Mon Sep 17 00:00:00 2001 From: Shubham Mittal Date: Thu, 28 Mar 2024 19:37:14 -0700 Subject: [PATCH 09/11] added more info about sec heap support in LC --- include/openssl/mem.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/include/openssl/mem.h b/include/openssl/mem.h index 664d265a42..6b3267902c 100644 --- a/include/openssl/mem.h +++ b/include/openssl/mem.h @@ -240,7 +240,11 @@ OPENSSL_EXPORT int CRYPTO_set_mem_functions( // OPENSSL supports the concept of secure heaps to help protect applications from pointer overruns or underruns that // could return arbitrary data from the program's dynamic memory area where sensitive information may be stored. -// AWS-LC does not support secure heaps. Therefore, the following functions are marked as deprecated. +// AWS-LC does not support secure heaps. Therefore, the following functions are marked as +// deprecated. The initialization functions intentionally return zero to indicate that secure +// heaps aren't supported. +// If there is any interest in utilizing "secure heaps" with AWS-LC, cut us an issue at +// https://github.com/aws/aws-lc/issues/new/choose // CRYPTO_secure_malloc_init returns zero. OPENSSL_EXPORT OPENSSL_DEPRECATED int CRYPTO_secure_malloc_init(size_t size, size_t min_size); From 780ec2bd4711975b0d5a999f496cb5a36ddf0fdc Mon Sep 17 00:00:00 2001 From: Shubham Mittal Date: Mon, 15 Apr 2024 16:16:00 -0700 Subject: [PATCH 10/11] removed OPENSSL_DEPRECATED --- include/openssl/mem.h | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/include/openssl/mem.h b/include/openssl/mem.h index 6b3267902c..dd6b67ecd5 100644 --- a/include/openssl/mem.h +++ b/include/openssl/mem.h @@ -240,29 +240,28 @@ OPENSSL_EXPORT int CRYPTO_set_mem_functions( // OPENSSL supports the concept of secure heaps to help protect applications from pointer overruns or underruns that // could return arbitrary data from the program's dynamic memory area where sensitive information may be stored. -// AWS-LC does not support secure heaps. Therefore, the following functions are marked as -// deprecated. The initialization functions intentionally return zero to indicate that secure +// AWS-LC does not support secure heaps. The initialization functions intentionally return zero to indicate that secure // heaps aren't supported. // If there is any interest in utilizing "secure heaps" with AWS-LC, cut us an issue at // https://github.com/aws/aws-lc/issues/new/choose // CRYPTO_secure_malloc_init returns zero. -OPENSSL_EXPORT OPENSSL_DEPRECATED int CRYPTO_secure_malloc_init(size_t size, size_t min_size); +OPENSSL_EXPORT int CRYPTO_secure_malloc_init(size_t size, size_t min_size); // CRYPTO_secure_malloc_initialized returns zero. -OPENSSL_EXPORT OPENSSL_DEPRECATED int CRYPTO_secure_malloc_initialized(void); +OPENSSL_EXPORT int CRYPTO_secure_malloc_initialized(void); // CRYPTO_secure_used returns zero. -OPENSSL_EXPORT OPENSSL_DEPRECATED size_t CRYPTO_secure_used(void); +OPENSSL_EXPORT size_t CRYPTO_secure_used(void); // OPENSSL_secure_malloc calls |OPENSSL_malloc|. -OPENSSL_EXPORT OPENSSL_DEPRECATED void *OPENSSL_secure_malloc(size_t size); +OPENSSL_EXPORT void *OPENSSL_secure_malloc(size_t size); // OPENSSL_secure_zalloc calls |OPENSSL_zalloc|. -OPENSSL_EXPORT OPENSSL_DEPRECATED void *OPENSSL_secure_zalloc(size_t size); +OPENSSL_EXPORT void *OPENSSL_secure_zalloc(size_t size); // OPENSSL_secure_clear_free calls |OPENSSL_clear_free|. -OPENSSL_EXPORT OPENSSL_DEPRECATED void OPENSSL_secure_clear_free(void *ptr, size_t len); +OPENSSL_EXPORT void OPENSSL_secure_clear_free(void *ptr, size_t len); #if defined(__cplusplus) From a39f6201c49c4326849639af1b719d5b8aa217e4 Mon Sep 17 00:00:00 2001 From: Shubham Mittal Date: Tue, 16 Apr 2024 11:31:26 -0700 Subject: [PATCH 11/11] changed comments to be clearer --- include/openssl/mem.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/openssl/mem.h b/include/openssl/mem.h index dd6b67ecd5..4092066bc6 100644 --- a/include/openssl/mem.h +++ b/include/openssl/mem.h @@ -241,7 +241,8 @@ OPENSSL_EXPORT int CRYPTO_set_mem_functions( // OPENSSL supports the concept of secure heaps to help protect applications from pointer overruns or underruns that // could return arbitrary data from the program's dynamic memory area where sensitive information may be stored. // AWS-LC does not support secure heaps. The initialization functions intentionally return zero to indicate that secure -// heaps aren't supported. +// heaps aren't supported. We return the regular malloc and zalloc versions when the secure_* counterparts are called, +// which is what OPENSSL does when secure heap is not enabled. // If there is any interest in utilizing "secure heaps" with AWS-LC, cut us an issue at // https://github.com/aws/aws-lc/issues/new/choose