From 5948a29463db4b9434c4a72ce2351d17a46334b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@isc.org>
Date: Wed, 11 Mar 2020 21:23:17 +0100
Subject: [PATCH] Stop leaking OpenSSL types and defines in the isc/safe.h

The two "functions" that isc/safe.h declared before were actually simple
defines to matching OpenSSL functions.  The downside of the approach was
enforcing all users of the libisc library to explicitly list the include
path to OpenSSL and link with -lcrypto.  By hiding the specific
implementation into the private namespace changing the defines into
simple functions, we no longer enforce this.  In the long run, this
might also allow us to switch cryptographic library implementation
without affecting the downstream users.

(cherry picked from commit ab827ab5bf7bdd65f0c672c43c3fdbe16a5e7d70)
---
 lib/isc/Makefile.in                     |  4 ++--
 lib/isc/include/isc/safe.h              |  9 +++++----
 lib/isc/safe.c                          | 24 ++++++++++++++++++++++++
 lib/isc/win32/libisc.def.in             |  2 ++
 lib/isc/win32/libisc.vcxproj.filters.in |  3 +++
 lib/isc/win32/libisc.vcxproj.in         |  1 +
 util/copyrights                         |  1 +
 7 files changed, 38 insertions(+), 6 deletions(-)
 create mode 100644 lib/isc/safe.c

diff --git a/lib/isc/Makefile.in b/lib/isc/Makefile.in
index 0fb50fa9da..94ba35d348 100644
--- a/lib/isc/Makefile.in
+++ b/lib/isc/Makefile.in
@@ -60,7 +60,7 @@ OBJS =		pk11.@O@ pk11_result.@O@ \
 		parseint.@O@ portset.@O@ queue.@O@ quota.@O@ \
 		radix.@O@ random.@O@ ratelimiter.@O@ \
 		region.@O@ regex.@O@ result.@O@ rwlock.@O@ \
-		serial.@O@ siphash.@O@ sockaddr.@O@ stats.@O@ \
+		safe.@O@ serial.@O@ siphash.@O@ sockaddr.@O@ stats.@O@ \
 		string.@O@ symtab.@O@ task.@O@ taskpool.@O@ \
 		tm.@O@ timer.@O@ version.@O@ \
 		${UNIXOBJS} ${THREADOBJS}
@@ -78,7 +78,7 @@ SRCS =		pk11.c pk11_result.c \
 		netaddr.c netscope.c nonce.c openssl_shim.c pool.c \
 		parseint.c portset.c queue.c quota.c radix.c random.c \
 		ratelimiter.c region.c regex.c result.c rwlock.c \
-		serial.c siphash.c sockaddr.c stats.c string.c \
+		safe.c serial.c siphash.c sockaddr.c stats.c string.c \
 		symtab.c task.c taskpool.c timer.c \
 		tm.c version.c
 
diff --git a/lib/isc/include/isc/safe.h b/lib/isc/include/isc/safe.h
index 7fbcd60f86..3c4784114d 100644
--- a/lib/isc/include/isc/safe.h
+++ b/lib/isc/include/isc/safe.h
@@ -16,11 +16,10 @@
 
 #include <isc/lang.h>
 
-#include <openssl/crypto.h>
-
 ISC_LANG_BEGINDECLS
 
-#define isc_safe_memequal(s1, s2, n) !CRYPTO_memcmp(s1, s2, n)
+int
+isc_safe_memequal(const void *, const void *, size_t);
 
 /*%<
  * Returns true iff. two blocks of memory are equal, otherwise
@@ -28,7 +27,9 @@ ISC_LANG_BEGINDECLS
  *
  */
 
-#define isc_safe_memwipe(ptr, len) OPENSSL_cleanse(ptr, len)
+void
+isc_safe_memwipe(void *, size_t);
+
 /*%<
  * Clear the memory of length `len` pointed to by `ptr`.
  *
diff --git a/lib/isc/safe.c b/lib/isc/safe.c
new file mode 100644
index 0000000000..91f397a95d
--- /dev/null
+++ b/lib/isc/safe.c
@@ -0,0 +1,24 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#include <openssl/crypto.h>
+
+#include <isc/safe.h>
+
+int
+isc_safe_memequal(const void *s1, const void *s2, size_t len) {
+	return (!CRYPTO_memcmp(s1, s2, len));
+}
+
+void
+isc_safe_memwipe(void *ptr, size_t len) {
+	OPENSSL_cleanse(ptr, len);
+}
diff --git a/lib/isc/win32/libisc.def.in b/lib/isc/win32/libisc.def.in
index 9fca245fd6..476d29735f 100644
--- a/lib/isc/win32/libisc.def.in
+++ b/lib/isc/win32/libisc.def.in
@@ -545,6 +545,8 @@ isc_rwlock_lock
 isc_rwlock_trylock
 isc_rwlock_tryupgrade
 isc_rwlock_unlock
+isc_safe_memequal
+isc_safe_memwipe
 isc_serial_eq
 isc_serial_ge
 isc_serial_gt
diff --git a/lib/isc/win32/libisc.vcxproj.filters.in b/lib/isc/win32/libisc.vcxproj.filters.in
index 188f0dbdb4..70007dc05c 100644
--- a/lib/isc/win32/libisc.vcxproj.filters.in
+++ b/lib/isc/win32/libisc.vcxproj.filters.in
@@ -587,6 +587,9 @@
     <ClCompile Include="..\rwlock.c">
       <Filter>Library Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="..\safe.c">
+      <Filter>Library Source Files</Filter>
+    </ClCompile>
     <ClCompile Include="..\serial.c">
       <Filter>Library Source Files</Filter>
     </ClCompile>
diff --git a/lib/isc/win32/libisc.vcxproj.in b/lib/isc/win32/libisc.vcxproj.in
index 8cb752a814..4e170c8338 100644
--- a/lib/isc/win32/libisc.vcxproj.in
+++ b/lib/isc/win32/libisc.vcxproj.in
@@ -467,6 +467,7 @@ copy InstallFiles ..\Build\Release\
     <ClCompile Include="..\region.c" />
     <ClCompile Include="..\result.c" />
     <ClCompile Include="..\rwlock.c" />
+    <ClCompile Include="..\safe.c" />
     <ClCompile Include="..\serial.c" />
     <ClCompile Include="..\siphash.c" />
     <ClCompile Include="..\sockaddr.c" />
diff --git a/util/copyrights b/util/copyrights
index 51206088c4..4848808c2f 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -2283,6 +2283,7 @@
 ./lib/isc/region.c				C	2002,2004,2005,2007,2016,2018,2019,2020
 ./lib/isc/result.c				C	1998,1999,2000,2001,2003,2004,2005,2007,2008,2012,2014,2015,2016,2017,2018,2019,2020
 ./lib/isc/rwlock.c				C	1998,1999,2000,2001,2003,2004,2005,2007,2009,2011,2012,2015,2016,2017,2018,2019,2020
+./lib/isc/safe.c				C	2020
 ./lib/isc/serial.c				C	1999,2000,2001,2004,2005,2007,2016,2018,2019,2020
 ./lib/isc/siphash.c				C	2019,2020
 ./lib/isc/sockaddr.c				C	1999,2000,2001,2002,2003,2004,2005,2006,2007,2010,2011,2012,2014,2015,2016,2017,2018,2019,2020