Add OPENSSL_cleanse() to help cleanse memory and avoid certain compiler

and linker optimizations.
PR: 343

5 files changed, 98 insertions, 3 deletions

diff --git a/crypto/Makefile.ssl b/crypto/Makefile.ssl
index 574fd7286b..061211dbd4 100644
--- a/crypto/Makefile.ssl
+++ b/crypto/Makefile.ssl
@@ -36,8 +36,8 @@ GENERAL=Makefile README crypto-lib.com install.com
 
 LIB= $(TOP)/libcrypto.a
 SHARED_LIB= libcrypto$(SHLIB_EXT)
-LIBSRC=	cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c
-LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o
+LIBSRC=	cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c
+LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o
 
 SRC= $(LIBSRC)
 
@@ -193,6 +193,10 @@ mem.o: ../include/openssl/err.h ../include/openssl/lhash.h
 mem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 mem.o: ../include/openssl/safestack.h ../include/openssl/stack.h
 mem.o: ../include/openssl/symhacks.h cryptlib.h mem.c
+mem_clr.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+mem_clr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mem_clr.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+mem_clr.o: ../include/openssl/symhacks.h mem_clr.c
 mem_dbg.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
 mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h
diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com
index 5d42b2b6a0..ced978cf14 100644
--- a/crypto/crypto-lib.com
+++ b/crypto/crypto-lib.com
@@ -158,7 +158,7 @@ $!
 $ APPS_DES = "DES/DES,CBC3_ENC"
 $ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE"
 $
-$ LIB_ = "cryptlib,mem,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time"
+$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time"
 $ LIB_MD2 = "md2_dgst,md2_one"
 $ LIB_MD4 = "md4_dgst,md4_one"
 $ LIB_MD5 = "md5_dgst,md5_one"
diff --git a/crypto/crypto.h b/crypto/crypto.h
index d1d2400d87..4027b4306c 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -454,6 +454,8 @@ void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,
 			   int line);
 void *CRYPTO_remalloc(void *addr,int num, const char *file, int line);
 
+void OPENSSL_cleanse(void *ptr, size_t len);
+
 void CRYPTO_set_mem_debug_options(long bits);
 long CRYPTO_get_mem_debug_options(void);
 
diff --git a/crypto/mem.c b/crypto/mem.c
index 03d2569bce..46a00697ce 100644
--- a/crypto/mem.c
+++ b/crypto/mem.c
@@ -250,6 +250,7 @@ void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
 void *CRYPTO_malloc_locked(int num, const char *file, int line)
 	{
 	void *ret = NULL;
+	extern unsigned char cleanse_ctr;
 
 	allow_customize = 0;
 	if (malloc_debug_func != NULL)
@@ -264,6 +265,12 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line)
 	if (malloc_debug_func != NULL)
 		malloc_debug_func(ret, num, file, line, 1);
 
+        /* Create a dependency on the value of 'cleanse_ctr' so our memory
+         * sanitisation function can't be optimised out. NB: We only do
+         * this for >2Kb so the overhead doesn't bother us. */
+        if(ret && (num > 2048))
+		((unsigned char *)ret)[0] = cleanse_ctr;
+
 	return ret;
 	}
 
@@ -282,6 +289,7 @@ void CRYPTO_free_locked(void *str)
 void *CRYPTO_malloc(int num, const char *file, int line)
 	{
 	void *ret = NULL;
+	extern unsigned char cleanse_ctr;
 
 	allow_customize = 0;
 	if (malloc_debug_func != NULL)
@@ -296,6 +304,12 @@ void *CRYPTO_malloc(int num, const char *file, int line)
 	if (malloc_debug_func != NULL)
 		malloc_debug_func(ret, num, file, line, 1);
 
+        /* Create a dependency on the value of 'cleanse_ctr' so our memory
+         * sanitisation function can't be optimised out. NB: We only do
+         * this for >2Kb so the overhead doesn't bother us. */
+        if(ret && (num > 2048))
+                ((unsigned char *)ret)[0] = cleanse_ctr;
+
 	return ret;
 	}
 
diff --git a/crypto/mem_clr.c b/crypto/mem_clr.c
new file mode 100644
index 0000000000..0b72966cfa
--- /dev/null
+++ b/crypto/mem_clr.c
@@ -0,0 +1,75 @@
+/* crypto/mem_clr.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2002.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/crypto.h>
+
+unsigned char cleanse_ctr = 0;
+
+void OPENSSL_cleanse(void *ptr, size_t len)
+	{
+	unsigned char *p = ptr;
+	size_t loop = len;
+	while(loop--)
+		{
+		*(p++) = cleanse_ctr;
+		cleanse_ctr += (17 + (((unsigned char *)&p)[sizeof(unsigned char *)-1] & 0xF));
+		}
+	if(memchr(ptr, cleanse_ctr, len))
+		cleanse_ctr += 63;
+	}