From 3538c7da3d53dca70be5f507376299843046d2b7 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Wed, 27 Jan 2016 23:16:47 -0500 Subject: [PATCH] Add CRYPTO_secure_zalloc Also turn B into foo() in the pod page. Reviewed-by: Viktor Dukhovni --- crypto/mem_sec.c | 9 ++++ doc/crypto/OPENSSL_secure_malloc.pod | 65 ++++++++++++++++------------ include/openssl/crypto.h | 5 +++ util/libeay.num | 1 + 4 files changed, 53 insertions(+), 27 deletions(-) diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c index 9adc124e3..6760cf40f 100644 --- a/crypto/mem_sec.c +++ b/crypto/mem_sec.c @@ -110,6 +110,15 @@ void *CRYPTO_secure_malloc(size_t num, const char *file, int line) #endif /* IMPLEMENTED */ } +void *CRYPTO_secure_zalloc(size_t num, const char *file, int line) +{ + void *ret = CRYPTO_secure_malloc(num, file, line); + + if (ret != NULL) + memset(ret, 0, num); + return ret; +} + void CRYPTO_secure_free(void *ptr) { #ifdef IMPLEMENTED diff --git a/doc/crypto/OPENSSL_secure_malloc.pod b/doc/crypto/OPENSSL_secure_malloc.pod index 5e221e90b..a055f1dc9 100644 --- a/doc/crypto/OPENSSL_secure_malloc.pod +++ b/doc/crypto/OPENSSL_secure_malloc.pod @@ -2,8 +2,11 @@ =head1 NAME -CRYPTO_secure_malloc_init, CRYPTO_secure_malloc_done, OPENSSL_secure_malloc, -OPENSSL_secure_free, OPENSSL_secure_allocated - secure heap storage +CRYPTO_secure_malloc_init, CRYPTO_secure_malloc_initialized, +CRYPTO_secure_malloc_done, OPENSSL_secure_malloc, CRYPTO_secure_malloc, +OPENSSL_secure_zalloc, CRYPTO_secure_zalloc, OPENSSL_secure_free, +CRYPTO_secure_free, OPENSSL_secure_actual_size, OPENSSL_secure_allocated, +CYRPTO_secure_malloc_used - secure heap storage =head1 SYNOPSIS @@ -18,6 +21,9 @@ OPENSSL_secure_free, OPENSSL_secure_allocated - secure heap storage void *OPENSSL_secure_malloc(int num); void *CRYPTO_secure_malloc(int num, const char *file, int line); + void *OPENSSL_secure_zalloc(int num); + void *CRYPTO_secure_zalloc(int num, const char *file, int line); + void OPENSSL_secure_free(void* ptr); void CRYPTO_secure_free(void *ptr); @@ -40,58 +46,63 @@ If a secure heap is used, then private key B values are stored there. This protects long-term storage of private keys, but will not necessarily put all intermediate values and computations there. -B creates the secure heap, with the specified +CRYPTO_secure_malloc_init() creates the secure heap, with the specified C in bytes. The C parameter is the minimum size to allocate from the heap. Both C and C must be a power -of two. It is an error to call this after any B +of two. It is an error to call this after any OPENSSL_secure_malloc() calls have been made. -B indicates whether or not the secure +CRYPTO_secure_malloc_initialized() indicates whether or not the secure heap as been initialized and is available. -B releases the heap and makes the memory unavailable +CRYPTO_secure_malloc_done() releases the heap and makes the memory unavailable to the process. It can take noticeably long to complete. -B allocates C bytes from the heap. -If B is not called, this is equivalent to -calling B. +OPENSSL_secure_malloc() allocates C bytes from the heap. +If CRYPTO_secure_malloc_init() is not called, this is equivalent to +calling OPENSSL_malloc(). It is a macro that expands to -B and adds the B<__FILE__> and B<__LINE__> parameters. +CRYPTO_secure_malloc() and adds the C<__FILE__> and C<__LINE__> parameters. -B releases the memory at C back to the heap. +OPENSSL_secure_zalloc() and CRYPTO_secure_zalloc() are like +OPENSSL_secure_malloc() and CRYPTO_secure_malloc(), respectively, +except that they call memset() to zero the memory before returning. + +OPENSSL_secure_free() releases the memory at C back to the heap. It must be called with a value previously obtained from -B. -If B is not called, this is equivalent to -calling B. -It exists for consistency with B , and -is a macro that expands to B. +OPENSSL_secure_malloc(). +If CRYPTO_secure_malloc_init() is not called, this is equivalent to +calling OPENSSL_free(). +It exists for consistency with OPENSSL_secure_malloc() , and +is a macro that expands to CRYPTO_secure_free(). -B tells whether or not a pointer is within +OPENSSL_secure_allocated() tells whether or not a pointer is within the secure heap. -B tells the actual size allocated to the +OPENSSL_secure_actual_size() tells the actual size allocated to the pointer; implementations may allocate more space than initially requested, in order to "round up" and reduce secure heap fragmentation. -B returns the number of bytes allocated in the +CRYPTO_secure_malloc_used() returns the number of bytes allocated in the secure heap. =head1 RETURN VALUES -B returns 0 on failure, 1 if successful, +CRYPTO_secure_malloc_init() returns 0 on failure, 1 if successful, and 2 if successful but the heap could not be protected by memory mapping. -B returns 1 if the secure heap is -available (that is, if B has been called, -but B has not) or 0 if not. +CRYPTO_secure_malloc_initialized() returns 1 if the secure heap is +available (that is, if CRYPTO_secure_malloc_init() has been called, +but CRYPTO_secure_malloc_done() has not) or 0 if not. -B returns a pointer into the secure heap of -the requested size, or C if memory could not be allocated. +OPENSSL_secure_malloc() and OPENSSL_secure_zalloc() return a pointer into +the secure heap of the requested size, or C if memory could not be +allocated. -B returns 1 if the pointer is in the +CRYPTO_secure_allocated() returns 1 if the pointer is in the the secure heap, or 0 if not. -B and B +CRYPTO_secure_malloc_done() and OPENSSL_secure_free() return no values. =head1 BUGS diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index 2e2c088b1..26f6c79c8 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -312,6 +312,8 @@ int CRYPTO_mem_ctrl(int mode); CRYPTO_strndup(str, n, __FILE__, __LINE__) # define OPENSSL_secure_malloc(num) \ CRYPTO_secure_malloc(num, __FILE__, __LINE__) +# define OPENSSL_secure_zalloc(num) \ + CRYPTO_secure_zalloc(num, __FILE__, __LINE__) # define OPENSSL_secure_free(addr) \ CRYPTO_secure_free(addr) # define OPENSSL_secure_actual_size(ptr) \ @@ -337,6 +339,8 @@ int CRYPTO_mem_ctrl(int mode); CRYPTO_strndup(str, s, NULL, 0) # define OPENSSL_secure_malloc(num) \ CRYPTO_secure_malloc(num, NULL, 0) +# define OPENSSL_secure_zalloc(num) \ + CRYPTO_secure_zalloc(num, NULL, 0) # define OPENSSL_secure_free(addr) \ CRYPTO_secure_free(addr) # define OPENSSL_secure_actual_size(ptr) \ @@ -478,6 +482,7 @@ void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num, int CRYPTO_secure_malloc_init(size_t sz, int minsize); void CRYPTO_secure_malloc_done(void); void *CRYPTO_secure_malloc(size_t num, const char *file, int line); +void *CRYPTO_secure_zalloc(size_t num, const char *file, int line); void CRYPTO_secure_free(void *ptr); int CRYPTO_secure_allocated(const void *ptr); int CRYPTO_secure_malloc_initialized(void); diff --git a/util/libeay.num b/util/libeay.num index 36305725f..31f6a063c 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -4764,3 +4764,4 @@ TS_STATUS_INFO_get0_status 5158 1_1_0 EXIST::FUNCTION: OCSP_resp_get0_produced_at 5159 1_1_0 EXIST::FUNCTION: TS_STATUS_INFO_get0_failure_info 5160 1_1_0 EXIST::FUNCTION: TS_STATUS_INFO_get0_text 5161 1_1_0 EXIST::FUNCTION: +CRYPTO_secure_zalloc 5162 1_1_0 EXIST::FUNCTION: