X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=doc%2Fman3%2FOPENSSL_secure_malloc.pod;h=67a34eb809d095ade4c295d77ebc8f897fd2acb9;hp=3f49abf6fc33b504cbd769e88619286dbd423966;hb=50e0402c220ab7abd375802ea4264ff3ee9fc339;hpb=ef3f621ed572fefe768f26989c16264496d24f69 diff --git a/doc/man3/OPENSSL_secure_malloc.pod b/doc/man3/OPENSSL_secure_malloc.pod index 3f49abf6fc..67a34eb809 100644 --- a/doc/man3/OPENSSL_secure_malloc.pod +++ b/doc/man3/OPENSSL_secure_malloc.pod @@ -5,14 +5,16 @@ CRYPTO_secure_malloc_init, CRYPTO_secure_malloc_initialized, CRYPTO_secure_malloc_done, OPENSSL_secure_malloc, CRYPTO_secure_malloc, OPENSSL_secure_zalloc, CRYPTO_secure_zalloc, OPENSSL_secure_free, -CRYPTO_secure_free, OPENSSL_secure_actual_size, OPENSSL_secure_allocated, +CRYPTO_secure_free, OPENSSL_secure_clear_free, +CRYPTO_secure_clear_free, OPENSSL_secure_actual_size, +CRYPTO_secure_allocated, CRYPTO_secure_used - secure heap storage =head1 SYNOPSIS #include - int CRYPTO_secure_malloc_init(size_t size, int minsize); + int CRYPTO_secure_malloc_init(size_t size, size_t minsize); int CRYPTO_secure_malloc_initialized(); @@ -27,9 +29,12 @@ CRYPTO_secure_used - secure heap storage void OPENSSL_secure_free(void* ptr); void CRYPTO_secure_free(void *ptr, const char *, int); + void OPENSSL_secure_clear_free(void* ptr, size_t num); + void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *, int); + size_t OPENSSL_secure_actual_size(const void *ptr); - int OPENSSL_secure_allocated(const void *ptr); + int CRYPTO_secure_allocated(const void *ptr); size_t CRYPTO_secure_used(); =head1 DESCRIPTION @@ -48,8 +53,10 @@ put all intermediate values and computations there. CRYPTO_secure_malloc_init() creates the secure heap, with the specified C in bytes. The C parameter is the minimum size to -allocate from the heap. Both C and C must be a power -of two. +allocate from the heap or zero to use a reasonable default value. +Both C and, if specified, C must be a power of two and +C should generally be small, for example 16 or 32. +C must be less than a quarter of C in any case. CRYPTO_secure_malloc_initialized() indicates whether or not the secure heap as been initialized and is available. @@ -77,12 +84,18 @@ It exists for consistency with OPENSSL_secure_malloc() , and is a macro that expands to CRYPTO_secure_free() and adds the C<__FILE__> and C<__LINE__> parameters.. -OPENSSL_secure_allocated() tells whether or not a pointer is within -the secure heap. +OPENSSL_secure_clear_free() is similar to OPENSSL_secure_free() except +that it has an additional C parameter which is used to clear +the memory if it was not allocated from the secure heap. +If CRYPTO_secure_malloc_init() is not called, this is equivalent to +calling OPENSSL_clear_free(). + OPENSSL_secure_actual_size() tells the actual size allocated to the pointer; implementations may allocate more space than initially requested, in order to "round up" and reduce secure heap fragmentation. +OPENSSL_secure_allocated() tells if a pointer is allocated in the secure heap. + CRYPTO_secure_used() returns the number of bytes allocated in the secure heap. @@ -104,18 +117,25 @@ CRYPTO_secure_allocated() returns 1 if the pointer is in the secure heap, or 0 i CRYPTO_secure_malloc_done() returns 1 if the secure memory area is released, or 0 if not. -OPENSSL_secure_free() returns no values. +OPENSSL_secure_free() and OPENSSL_secure_clear_free() return no values. =head1 SEE ALSO L, L +=head1 HISTORY + +The OPENSSL_secure_clear_free() function was added in OpenSSL 1.1.0g. + +The second argument to CRYPTO_secure_malloc_init() was changed from an B to +a B in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -Licensed under the OpenSSL license (the "License"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at L.