From 7b131de2bb2be8582c6dfc50bdd3cbc49e1a08be Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Wed, 15 Jan 2020 14:09:54 +0100 Subject: [PATCH 1/1] PROV: Add support for error queue marks and implement in FIPS module This propagates ERR_set_mark(), and ERR_clear_last_mark() and ERR_pop_to_mark() for provider use. Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/10803) --- crypto/provider_core.c | 23 ++++++++++++++++++ include/openssl/core_numbers.h | 43 ++++++++++++++++++++-------------- providers/fips/fipsprov.c | 27 +++++++++++++++++++++ 3 files changed, 75 insertions(+), 18 deletions(-) diff --git a/crypto/provider_core.c b/crypto/provider_core.c index 2f2d69a0c3..cac325407f 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -774,6 +774,9 @@ static OSSL_core_get_library_context_fn core_get_libctx; static OSSL_core_new_error_fn core_new_error; static OSSL_core_set_error_debug_fn core_set_error_debug; static OSSL_core_vset_error_fn core_vset_error; +static OSSL_core_set_error_mark_fn core_set_error_mark; +static OSSL_core_clear_last_error_mark_fn core_clear_last_error_mark; +static OSSL_core_pop_error_to_mark_fn core_pop_error_to_mark; #endif static const OSSL_PARAM *core_gettable_params(const OSSL_PROVIDER *prov) @@ -857,6 +860,21 @@ static void core_vset_error(const OSSL_PROVIDER *prov, ERR_vset_error(prov->error_lib, (int)reason, fmt, args); } } + +static int core_set_error_mark(const OSSL_PROVIDER *prov) +{ + return ERR_set_mark(); +} + +static int core_clear_last_error_mark(const OSSL_PROVIDER *prov) +{ + return ERR_clear_last_mark(); +} + +static int core_pop_error_to_mark(const OSSL_PROVIDER *prov) +{ + return ERR_pop_to_mark(); +} #endif /* @@ -872,6 +890,11 @@ static const OSSL_DISPATCH core_dispatch_[] = { { OSSL_FUNC_CORE_NEW_ERROR, (void (*)(void))core_new_error }, { OSSL_FUNC_CORE_SET_ERROR_DEBUG, (void (*)(void))core_set_error_debug }, { OSSL_FUNC_CORE_VSET_ERROR, (void (*)(void))core_vset_error }, + { OSSL_FUNC_CORE_SET_ERROR_MARK, (void (*)(void))core_set_error_mark }, + { OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK, + (void (*)(void))core_clear_last_error_mark }, + { OSSL_FUNC_CORE_POP_ERROR_TO_MARK, + (void (*)(void))core_pop_error_to_mark }, { OSSL_FUNC_BIO_NEW_FILE, (void (*)(void))BIO_new_file }, { OSSL_FUNC_BIO_NEW_MEMBUF, (void (*)(void))BIO_new_mem_buf }, { OSSL_FUNC_BIO_READ_EX, (void (*)(void))BIO_read_ex }, diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index 5019ef5fa8..3aa35a0ade 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -80,53 +80,60 @@ OSSL_CORE_MAKE_FUNC(void,core_set_error_debug, OSSL_CORE_MAKE_FUNC(void,core_vset_error, (const OSSL_PROVIDER *prov, uint32_t reason, const char *fmt, va_list args)) +# define OSSL_FUNC_CORE_SET_ERROR_MARK 8 +OSSL_CORE_MAKE_FUNC(int, core_set_error_mark, (const OSSL_PROVIDER *prov)) +# define OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK 9 +OSSL_CORE_MAKE_FUNC(int, core_clear_last_error_mark, + (const OSSL_PROVIDER *prov)) +# define OSSL_FUNC_CORE_POP_ERROR_TO_MARK 10 +OSSL_CORE_MAKE_FUNC(int, core_pop_error_to_mark, (const OSSL_PROVIDER *prov)) /* Memory allocation, freeing, clearing. */ -#define OSSL_FUNC_CRYPTO_MALLOC 10 +#define OSSL_FUNC_CRYPTO_MALLOC 20 OSSL_CORE_MAKE_FUNC(void *, CRYPTO_malloc, (size_t num, const char *file, int line)) -#define OSSL_FUNC_CRYPTO_ZALLOC 11 +#define OSSL_FUNC_CRYPTO_ZALLOC 21 OSSL_CORE_MAKE_FUNC(void *, CRYPTO_zalloc, (size_t num, const char *file, int line)) -#define OSSL_FUNC_CRYPTO_FREE 12 +#define OSSL_FUNC_CRYPTO_FREE 22 OSSL_CORE_MAKE_FUNC(void, CRYPTO_free, (void *ptr, const char *file, int line)) -#define OSSL_FUNC_CRYPTO_CLEAR_FREE 13 +#define OSSL_FUNC_CRYPTO_CLEAR_FREE 23 OSSL_CORE_MAKE_FUNC(void, CRYPTO_clear_free, (void *ptr, size_t num, const char *file, int line)) -#define OSSL_FUNC_CRYPTO_REALLOC 14 +#define OSSL_FUNC_CRYPTO_REALLOC 24 OSSL_CORE_MAKE_FUNC(void *, CRYPTO_realloc, (void *addr, size_t num, const char *file, int line)) -#define OSSL_FUNC_CRYPTO_CLEAR_REALLOC 15 +#define OSSL_FUNC_CRYPTO_CLEAR_REALLOC 25 OSSL_CORE_MAKE_FUNC(void *, CRYPTO_clear_realloc, (void *addr, size_t old_num, size_t num, const char *file, int line)) -#define OSSL_FUNC_CRYPTO_SECURE_MALLOC 16 +#define OSSL_FUNC_CRYPTO_SECURE_MALLOC 26 OSSL_CORE_MAKE_FUNC(void *, CRYPTO_secure_malloc, (size_t num, const char *file, int line)) -#define OSSL_FUNC_CRYPTO_SECURE_ZALLOC 17 +#define OSSL_FUNC_CRYPTO_SECURE_ZALLOC 27 OSSL_CORE_MAKE_FUNC(void *, CRYPTO_secure_zalloc, (size_t num, const char *file, int line)) -#define OSSL_FUNC_CRYPTO_SECURE_FREE 18 +#define OSSL_FUNC_CRYPTO_SECURE_FREE 28 OSSL_CORE_MAKE_FUNC(void, CRYPTO_secure_free, (void *ptr, const char *file, int line)) -#define OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE 19 +#define OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE 29 OSSL_CORE_MAKE_FUNC(void, CRYPTO_secure_clear_free, (void *ptr, size_t num, const char *file, int line)) -#define OSSL_FUNC_CRYPTO_SECURE_ALLOCATED 20 +#define OSSL_FUNC_CRYPTO_SECURE_ALLOCATED 30 OSSL_CORE_MAKE_FUNC(int, CRYPTO_secure_allocated, (const void *ptr)) -#define OSSL_FUNC_OPENSSL_CLEANSE 21 +#define OSSL_FUNC_OPENSSL_CLEANSE 31 OSSL_CORE_MAKE_FUNC(void, OPENSSL_cleanse, (void *ptr, size_t len)) /* Bio functions provided by the core */ -#define OSSL_FUNC_BIO_NEW_FILE 23 -#define OSSL_FUNC_BIO_NEW_MEMBUF 24 -#define OSSL_FUNC_BIO_READ_EX 25 -#define OSSL_FUNC_BIO_FREE 26 -#define OSSL_FUNC_BIO_VPRINTF 27 +#define OSSL_FUNC_BIO_NEW_FILE 40 +#define OSSL_FUNC_BIO_NEW_MEMBUF 41 +#define OSSL_FUNC_BIO_READ_EX 42 +#define OSSL_FUNC_BIO_FREE 43 +#define OSSL_FUNC_BIO_VPRINTF 44 OSSL_CORE_MAKE_FUNC(BIO *, BIO_new_file, (const char *filename, const char *mode)) OSSL_CORE_MAKE_FUNC(BIO *, BIO_new_membuf, (const void *buf, int len)) @@ -136,7 +143,7 @@ OSSL_CORE_MAKE_FUNC(int, BIO_free, (BIO *bio)) OSSL_CORE_MAKE_FUNC(int, BIO_vprintf, (BIO *bio, const char *format, va_list args)) -#define OSSL_FUNC_SELF_TEST_CB 28 +#define OSSL_FUNC_SELF_TEST_CB 100 OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CTX *ctx, OSSL_CALLBACK **cb, void **cbarg)) diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index cf4181dd2a..eeb1b1e1cf 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -54,6 +54,9 @@ OSSL_core_thread_start_fn *c_thread_start; static OSSL_core_new_error_fn *c_new_error; static OSSL_core_set_error_debug_fn *c_set_error_debug; static OSSL_core_vset_error_fn *c_vset_error; +static OSSL_core_set_error_mark_fn *c_set_error_mark; +static OSSL_core_clear_last_error_mark_fn *c_clear_last_error_mark; +static OSSL_core_pop_error_to_mark_fn *c_pop_error_to_mark; static OSSL_CRYPTO_malloc_fn *c_CRYPTO_malloc; static OSSL_CRYPTO_zalloc_fn *c_CRYPTO_zalloc; static OSSL_CRYPTO_free_fn *c_CRYPTO_free; @@ -675,6 +678,15 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider, case OSSL_FUNC_CORE_VSET_ERROR: c_vset_error = OSSL_get_core_vset_error(in); break; + case OSSL_FUNC_CORE_SET_ERROR_MARK: + c_set_error_mark = OSSL_get_core_set_error_mark(in); + break; + case OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK: + c_clear_last_error_mark = OSSL_get_core_clear_last_error_mark(in); + break; + case OSSL_FUNC_CORE_POP_ERROR_TO_MARK: + c_pop_error_to_mark = OSSL_get_core_pop_error_to_mark(in); + break; case OSSL_FUNC_CRYPTO_MALLOC: c_CRYPTO_malloc = OSSL_get_CRYPTO_malloc(in); break; @@ -839,6 +851,21 @@ void ERR_vset_error(int lib, int reason, const char *fmt, va_list args) c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args); } +int ERR_set_mark(void) +{ + return c_set_error_mark(NULL); +} + +int ERR_clear_last_mark(void) +{ + return c_clear_last_error_mark(NULL); +} + +int ERR_pop_to_mark(void) +{ + return c_pop_error_to_mark(NULL); +} + const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx) { FIPS_GLOBAL *fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX, -- 2.34.1