commit 8a1542fc41b43bdcd67cd341c1d332d2e05e2340
author David Benjamin <davidben@google.com> Tue Sep 06 12:40:08 2022 -0400
committer Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> Tue Sep 06 19:12:23 2022 +0000
tree ce7fc82db6250702fbdf4abb1e726bb2243e244a
parent c990cf1834aa2bc8418ed8060f16559f4c265dc3

Stub out the OpenSSL secure heap.

OpenSSL added a separate "secure heap" to allocate some data in a
different heap. We don't implement this, so just act as if initializing
it always fails. Node now expects these functions to be available.

Change-Id: I4c57c807c51681b16ec3a60e9674583b193358c4
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/54309
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>

crypto/fipsmodule/bn/bn.c

diff --git a/crypto/fipsmodule/bn/bn.c b/crypto/fipsmodule/bn/bn.c
index 006e3eb..f2e3b7b 100644
--- a/crypto/fipsmodule/bn/bn.c
+++ b/crypto/fipsmodule/bn/bn.c
@@ -81,6 +81,8 @@
   return bn;
 }
 
+BIGNUM *BN_secure_new(void) { return BN_new(); }
+
 void BN_init(BIGNUM *bn) {
   OPENSSL_memset(bn, 0, sizeof(BIGNUM));
 }

crypto/mem.c

diff --git a/crypto/mem.c b/crypto/mem.c
index c90bb16..af20318 100644
--- a/crypto/mem.c
+++ b/crypto/mem.c
@@ -243,6 +243,18 @@
   OPENSSL_free(ptr);
 }
 
+int CRYPTO_secure_malloc_init(size_t size, size_t min_size) { return 0; }
+
+int CRYPTO_secure_malloc_initialized(void) { return 0; }
+
+size_t CRYPTO_secure_used(void) { return 0; }
+
+void *OPENSSL_secure_malloc(size_t size) { return OPENSSL_malloc(size); }
+
+void OPENSSL_secure_clear_free(void *ptr, size_t len) {
+  OPENSSL_clear_free(ptr, len);
+}
+
 int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) {
   const uint8_t *a = in_a;
   const uint8_t *b = in_b;

include/openssl/bn.h

diff --git a/include/openssl/bn.h b/include/openssl/bn.h
index 9abccaf..3a721fe 100644
--- a/include/openssl/bn.h
+++ b/include/openssl/bn.h
@@ -967,6 +967,9 @@
 // conservative.)
 #define BN_prime_checks BN_prime_checks_for_validation
 
+// BN_secure_new calls |BN_new|.
+OPENSSL_EXPORT BIGNUM *BN_secure_new(void);
+
 
 // Private functions
 

include/openssl/mem.h

diff --git a/include/openssl/mem.h b/include/openssl/mem.h
index 476299a..f07698d 100644
--- a/include/openssl/mem.h
+++ b/include/openssl/mem.h
@@ -164,6 +164,21 @@
 // allocations on free, but we define |OPENSSL_clear_free| for compatibility.
 OPENSSL_EXPORT void OPENSSL_clear_free(void *ptr, size_t len);
 
+// CRYPTO_secure_malloc_init returns zero.
+OPENSSL_EXPORT int CRYPTO_secure_malloc_init(size_t size, size_t min_size);
+
+// CRYPTO_secure_malloc_initialized returns zero.
+OPENSSL_EXPORT int CRYPTO_secure_malloc_initialized(void);
+
+// CRYPTO_secure_used returns zero.
+OPENSSL_EXPORT size_t CRYPTO_secure_used(void);
+
+// OPENSSL_secure_malloc calls |OPENSSL_malloc|.
+OPENSSL_EXPORT void *OPENSSL_secure_malloc(size_t size);
+
+// OPENSSL_secure_clear_free calls |OPENSSL_clear_free|.
+OPENSSL_EXPORT void OPENSSL_secure_clear_free(void *ptr, size_t len);
+
 
 #if defined(__cplusplus)
 }  // extern C