2 * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include <openssl/crypto.h>
13 #define perror_line() perror_line1(__LINE__)
14 #define perror_line1(l) perror_line2(l)
15 #define perror_line2(l) perror("failed " #l)
17 int main(int argc, char **argv)
19 #if defined(OPENSSL_SYS_LINUX) || defined(OPENSSL_SYS_UNIX)
20 char *p = NULL, *q = NULL, *r = NULL, *s = NULL;
22 s = OPENSSL_secure_malloc(20);
23 /* s = non-secure 20 */
28 if (CRYPTO_secure_allocated(s)) {
32 r = OPENSSL_secure_malloc(20);
33 /* r = non-secure 20, s = non-secure 20 */
38 if (!CRYPTO_secure_malloc_init(4096, 32)) {
42 if (CRYPTO_secure_allocated(r)) {
46 p = OPENSSL_secure_malloc(20);
47 /* r = non-secure 20, p = secure 20, s = non-secure 20 */
48 if (!CRYPTO_secure_allocated(p)) {
52 /* 20 secure -> 32-byte minimum allocaton unit */
53 if (CRYPTO_secure_used() != 32) {
57 q = OPENSSL_malloc(20);
58 /* r = non-secure 20, p = secure 20, q = non-secure 20, s = non-secure 20 */
59 if (CRYPTO_secure_allocated(q)) {
63 OPENSSL_secure_clear_free(s, 20);
64 s = OPENSSL_secure_malloc(20);
65 /* r = non-secure 20, p = secure 20, q = non-secure 20, s = secure 20 */
66 if (!CRYPTO_secure_allocated(s)) {
70 /* 2 * 20 secure -> 64 bytes allocated */
71 if (CRYPTO_secure_used() != 64) {
75 OPENSSL_secure_clear_free(p, 20);
76 /* 20 secure -> 32 bytes allocated */
77 if (CRYPTO_secure_used() != 32) {
82 /* should not complete, as secure memory is still allocated */
83 if (CRYPTO_secure_malloc_done()) {
87 if (!CRYPTO_secure_malloc_initialized()) {
91 OPENSSL_secure_free(s);
92 /* secure memory should now be 0, so done should complete */
93 if (CRYPTO_secure_used() != 0) {
97 if (!CRYPTO_secure_malloc_done()) {
101 if (CRYPTO_secure_malloc_initialized()) {
106 fprintf(stderr, "Possible infinite loop: allocate more than available\n");
107 if (!CRYPTO_secure_malloc_init(32768, 16)) {
111 if (OPENSSL_secure_malloc((size_t)-1) != NULL) {
115 if (!CRYPTO_secure_malloc_done()) {
121 * If init fails, then initialized should be false, if not, this
122 * could cause an infinite loop secure_malloc, but we don't test it
124 if (!CRYPTO_secure_malloc_init(16, 16) &&
125 CRYPTO_secure_malloc_initialized()) {
126 CRYPTO_secure_malloc_done();
132 * There was also a possible infinite loop when the number of
133 * elements was 1<<31, as |int i| was set to that, which is a
134 * negative number. However, it requires minimum input values:
136 * CRYPTO_secure_malloc_init((size_t)1<<34, (size_t)1<<4);
138 * Which really only works on 64-bit systems, since it took 16 GB
139 * secure memory arena to trigger the problem. It naturally takes
140 * corresponding amount of available virtual and physical memory
141 * for test to be feasible/representative. Since we can't assume
142 * that every system is equipped with that much memory, the test
143 * remains disabled. If the reader of this comment really wants
144 * to make sure that infinite loop is fixed, they can enable the
149 * On Linux and BSD this test has a chance to complete in minimal
150 * time and with minimum side effects, because mlock is likely to
151 * fail because of RLIMIT_MEMLOCK, which is customarily [much]
152 * smaller than 16GB. In other words Linux and BSD users can be
153 * limited by virtual space alone...
155 if (sizeof(size_t) > 4) {
156 fprintf(stderr, "Possible infinite loop: 1<<31 limit\n");
157 if (CRYPTO_secure_malloc_init((size_t)1<<34, (size_t)1<<4) == 0) {
159 } else if (!CRYPTO_secure_malloc_done()) {
166 /* this can complete - it was not really secure */
167 OPENSSL_secure_free(r);
170 if (CRYPTO_secure_malloc_init(4096, 32)) {