mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-17 14:32:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add support for MLOCK_ONFAULT to secure arena

Browse Source 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3115)
This commit is contained in:
Todd Short 2017-03-23 12:56:22 -04:00 committed by Andy Polyakov
parent 5006b37b31
commit 9dfc5b9687
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
crypto/mem_sec.c
View File

@ -31,6 +31,11 @@
# include <unistd.h>
# include <sys/types.h>
# include <sys/mman.h>
# if defined(OPENSSL_SYS_LINUX)
# include <sys/syscall.h>
# include <linux/mman.h>
# include <errno.h>
# endif
# include <sys/param.h>
# include <sys/stat.h>
# include <fcntl.h>
@ -433,8 +438,19 @@ static int sh_init(size_t size, int minsize)
if (mprotect(sh.map_result + aligned, pgsize, PROT_NONE) < 0)
ret = 2;
#if defined(OPENSSL_SYS_LINUX) && defined(MLOCK_ONFAULT) && defined(SYS_mlock2)
if (syscall(SYS_mlock2, sh.arena, sh.arena_size, MLOCK_ONFAULT) < 0) {
if (errno == ENOSYS) {
if (mlock(sh.arena, sh.arena_size) < 0)
ret = 2;
} else {
ret = 2;
}
}
#else
if (mlock(sh.arena, sh.arena_size) < 0)
ret = 2;
#endif
#ifdef MADV_DONTDUMP
if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0)
ret = 2;