More secure storage of key material.

Add secure heap for storage of private keys (when possible).
Add BIO_s_secmem(), CBIGNUM, etc.
Add BIO_CTX_secure_new so all BIGNUM's in the context are secure.
Contributed by Akamai Technologies under the Corporate CLA.

Reviewed-by: Richard Levitte <levitte@openssl.org>

1 files changed, 72 insertions, 1 deletions

diff --git a/crypto/mem.c b/crypto/mem.c
index b98e44fc5a..56c3585865 100644
--- a/crypto/mem.c
+++ b/crypto/mem.c
@@ -94,6 +94,15 @@ static void *(*realloc_ex_func) (void *, size_t, const char *file, int line)
 
 static void (*free_func) (void *) = free;
 
+static void *(*malloc_secure_func)(size_t) = malloc;
+static void *default_malloc_secure_ex(size_t num, const char *file, int line)
+{
+    return malloc_secure_func(num);
+}
+static void *(*malloc_secure_ex_func)(size_t, const char *file, int line)
+    = default_malloc_secure_ex;
+static void (*free_secure_func)(void *) = free;
+
 static void *(*malloc_locked_func) (size_t) = malloc;
 static void *default_malloc_locked_ex(size_t num, const char *file, int line)
 {
@@ -145,6 +154,11 @@ int CRYPTO_set_mem_functions(void *(*m) (size_t), void *(*r) (void *, size_t),
     realloc_func = r;
     realloc_ex_func = default_realloc_ex;
     free_func = f;
+    /* If user wants to intercept the secure or locked functions, do it
+     * after the basic functions. */
+    malloc_secure_func = m;
+    malloc_secure_ex_func = default_malloc_secure_ex;
+    free_secure_func = f;
     malloc_locked_func = m;
     malloc_locked_ex_func = default_malloc_locked_ex;
     free_locked_func = f;
@@ -164,6 +178,44 @@ int CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
     realloc_func = 0;
     realloc_ex_func = r;
     free_func = f;
+    malloc_secure_func = 0;
+    malloc_secure_ex_func = m;
+    free_secure_func = f;
+    malloc_locked_func = 0;
+    malloc_locked_ex_func = m;
+    free_locked_func = f;
+    return 1;
+}
+
+int CRYPTO_set_secure_mem_functions(void *(*m)(size_t), void (*f)(void *))
+{
+    /* Dummy call just to ensure OPENSSL_init() gets linked in */
+    OPENSSL_init();
+    if (!allow_customize)
+        return 0;
+    if ((m == 0) || (f == 0))
+        return 0;
+    malloc_secure_func = m;
+    malloc_secure_ex_func = default_malloc_secure_ex;
+    free_secure_func = f;
+    /* If user wants to intercept the locked functions, do it after
+     * the secure functions. */
+    malloc_locked_func = m;
+    malloc_locked_ex_func = default_malloc_secure_ex;
+    free_locked_func = f;
+    return 1;
+}
+
+int CRYPTO_set_secure_mem_ex_functions(void *(*m)(size_t, const char *, int),
+                                       void (*f)(void *))
+{
+    if (!allow_customize)
+        return 0;
+    if ((m == NULL) || (f == NULL))
+        return 0;
+    malloc_secure_func = 0;
+    malloc_secure_ex_func = m;
+    free_secure_func = f;
     malloc_locked_func = 0;
     malloc_locked_ex_func = m;
     free_locked_func = f;
@@ -191,7 +243,7 @@ int CRYPTO_set_locked_mem_ex_functions(void *(*m) (size_t, const char *, int),
         return 0;
     malloc_locked_func = 0;
     malloc_locked_ex_func = m;
-    free_func = f;
+    free_locked_func = f;
     return 1;
 }
 
@@ -236,6 +288,25 @@ void CRYPTO_get_mem_ex_functions(void *(**m) (size_t, const char *, int),
         *f = free_func;
 }
 
+void CRYPTO_get_secure_mem_functions(void *(**m)(size_t), void (**f)(void *))
+{
+    if (m != NULL)
+        *m = (malloc_secure_ex_func == default_malloc_secure_ex) ?
+            malloc_secure_func : 0;
+    if (f != NULL)
+        *f=free_secure_func;
+	}
+
+void CRYPTO_get_secure_mem_ex_functions(void *(**m)(size_t,const char *,int),
+                                        void (**f)(void *))
+{
+    if (m != NULL)
+        *m = (malloc_secure_ex_func != default_malloc_secure_ex) ?
+            malloc_secure_ex_func : 0;
+    if (f != NULL)
+        *f=free_secure_func;
+}
+
 void CRYPTO_get_locked_mem_functions(void *(**m) (size_t),
                                      void (**f) (void *))
 {