projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
crypto/sm2/sm2_sign.c: ensure UINT16_MAX is properly defined
[openssl.git]
/
crypto
/
mem_sec.c
diff --git
a/crypto/mem_sec.c
b/crypto/mem_sec.c
index 87c19a1395497283f07f27adc8cdd9e3fc0c391b..c4190bed33482e9a7f22935a9e9d863729654e62 100644
(file)
--- a/
crypto/mem_sec.c
+++ b/
crypto/mem_sec.c
@@
-1,5
+1,5
@@
/*
/*
- * Copyright 2015-201
7
The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-201
8
The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2004-2014, Akamai Technologies. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* Copyright 2004-2014, Akamai Technologies. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
@@
-21,8
+21,10
@@
#include <string.h>
/* e_os.h includes unistd.h, which defines _POSIX_VERSION */
#include <string.h>
/* e_os.h includes unistd.h, which defines _POSIX_VERSION */
-#if defined(OPENSSL_SYS_UNIX) \
- && defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L
+#if !defined(OPENSSL_NO_SECURE_MEMORY) && defined(OPENSSL_SYS_UNIX) \
+ && ( (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L) \
+ || defined(__sun) || defined(__hpux) || defined(__sgi) \
+ || defined(__osf__) )
# define IMPLEMENTED
# include <stdlib.h>
# include <assert.h>
# define IMPLEMENTED
# include <stdlib.h>
# include <assert.h>
@@
-31,8
+33,10
@@
# include <sys/mman.h>
# if defined(OPENSSL_SYS_LINUX)
# include <sys/syscall.h>
# include <sys/mman.h>
# if defined(OPENSSL_SYS_LINUX)
# include <sys/syscall.h>
-# include <linux/mman.h>
-# include <errno.h>
+# if defined(SYS_mlock2)
+# include <linux/mman.h>
+# include <errno.h>
+# endif
# endif
# include <sys/param.h>
# include <sys/stat.h>
# endif
# include <sys/param.h>
# include <sys/stat.h>
@@
-43,6
+47,9
@@
#ifndef PAGE_SIZE
# define PAGE_SIZE 4096
#endif
#ifndef PAGE_SIZE
# define PAGE_SIZE 4096
#endif
+#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
+# define MAP_ANON MAP_ANONYMOUS
+#endif
#ifdef IMPLEMENTED
static size_t secure_mem_used;
#ifdef IMPLEMENTED
static size_t secure_mem_used;
@@
-68,7
+75,7
@@
int CRYPTO_secure_malloc_init(size_t size, int minsize)
int ret = 0;
if (!secure_mem_initialized) {
int ret = 0;
if (!secure_mem_initialized) {
- sec_malloc_lock = CRYPTO_THREAD_
glock_new("sec_malloc"
);
+ sec_malloc_lock = CRYPTO_THREAD_
lock_new(
);
if (sec_malloc_lock == NULL)
return 0;
if ((ret = sh_init(size, minsize)) != 0) {
if (sec_malloc_lock == NULL)
return 0;
if ((ret = sh_init(size, minsize)) != 0) {
@@
-85,7
+92,7
@@
int CRYPTO_secure_malloc_init(size_t size, int minsize)
#endif /* IMPLEMENTED */
}
#endif /* IMPLEMENTED */
}
-int CRYPTO_secure_malloc_done()
+int CRYPTO_secure_malloc_done(
void
)
{
#ifdef IMPLEMENTED
if (secure_mem_used == 0) {
{
#ifdef IMPLEMENTED
if (secure_mem_used == 0) {
@@
-99,7
+106,7
@@
int CRYPTO_secure_malloc_done()
return 0;
}
return 0;
}
-int CRYPTO_secure_malloc_initialized()
+int CRYPTO_secure_malloc_initialized(
void
)
{
#ifdef IMPLEMENTED
return secure_mem_initialized;
{
#ifdef IMPLEMENTED
return secure_mem_initialized;
@@
-130,11
+137,12
@@
void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
{
void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
{
- void *ret = CRYPTO_secure_malloc(num, file, line);
-
- if (ret != NULL)
- memset(ret, 0, num);
- return ret;
+#ifdef IMPLEMENTED
+ if (secure_mem_initialized)
+ /* CRYPTO_secure_malloc() zeroes allocations when it is implemented */
+ return CRYPTO_secure_malloc(num, file, line);
+#endif
+ return CRYPTO_zalloc(num, file, line);
}
void CRYPTO_secure_free(void *ptr, const char *file, int line)
}
void CRYPTO_secure_free(void *ptr, const char *file, int line)
@@
-202,7
+210,7
@@
int CRYPTO_secure_allocated(const void *ptr)
#endif /* IMPLEMENTED */
}
#endif /* IMPLEMENTED */
}
-size_t CRYPTO_secure_used()
+size_t CRYPTO_secure_used(
void
)
{
#ifdef IMPLEMENTED
return secure_mem_used;
{
#ifdef IMPLEMENTED
return secure_mem_used;
@@
-493,7
+501,7
@@
static int sh_init(size_t size, int minsize)
return 0;
}
return 0;
}
-static void sh_done()
+static void sh_done(
void
)
{
OPENSSL_free(sh.freelist);
OPENSSL_free(sh.bittable);
{
OPENSSL_free(sh.freelist);
OPENSSL_free(sh.bittable);
@@
-581,6
+589,9
@@
static void *sh_malloc(size_t size)
OPENSSL_assert(WITHIN_ARENA(chunk));
OPENSSL_assert(WITHIN_ARENA(chunk));
+ /* zero the free list header as a precaution against information leakage */
+ memset(chunk, 0, sizeof(SH_LIST));
+
return chunk;
}
return chunk;
}
@@
-613,6
+624,8
@@
static void sh_free(void *ptr)
list--;
list--;
+ /* Zero the higher addressed block's free list pointers */
+ memset(ptr > buddy ? ptr : buddy, 0, sizeof(SH_LIST));
if (ptr > buddy)
ptr = buddy;
if (ptr > buddy)
ptr = buddy;