mirror of
https://github.com/openssl/openssl.git
synced 2024-11-27 05:21:51 +08:00
e8408681b3
Fix some of the variables to be (s)size_t, so that more than 1GB of secure memory can be allocated. The arena has to be a power of 2, and 2GB fails because it ends up being a negative 32-bit signed number. The |too_late| flag is not strictly necessary; it is easy to figure out if something is secure memory by looking at the arena. As before, secure memory allocations will not fail, but now they can be freed correctly. Once initialized, secure memory can still be used, even if allocations occured before initialization. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
96 lines
2.4 KiB
C
96 lines
2.4 KiB
C
|
|
#include <openssl/crypto.h>
|
|
|
|
#define perror_line() perror_line1(__LINE__)
|
|
#define perror_line1(l) perror_line2(l)
|
|
#define perror_line2(l) perror("failed " #l)
|
|
|
|
int main(int argc, char **argv)
|
|
{
|
|
#if defined(OPENSSL_SYS_LINUX) || defined(OPENSSL_SYS_UNIX)
|
|
char *p = NULL, *q = NULL, *r = NULL, *s = NULL;
|
|
|
|
r = OPENSSL_secure_malloc(20);
|
|
/* r = non-secure 20 */
|
|
if (r == NULL) {
|
|
perror_line();
|
|
return 1;
|
|
}
|
|
if (!CRYPTO_secure_malloc_init(4096, 32)) {
|
|
perror_line();
|
|
return 1;
|
|
}
|
|
if (CRYPTO_secure_allocated(r)) {
|
|
perror_line();
|
|
return 1;
|
|
}
|
|
p = OPENSSL_secure_malloc(20);
|
|
/* r = non-secure 20, p = secure 20 */
|
|
if (!CRYPTO_secure_allocated(p)) {
|
|
perror_line();
|
|
return 1;
|
|
}
|
|
/* 20 secure -> 32-byte minimum allocaton unit */
|
|
if (CRYPTO_secure_used() != 32) {
|
|
perror_line();
|
|
return 1;
|
|
}
|
|
q = OPENSSL_malloc(20);
|
|
/* r = non-secure 20, p = secure 20, q = non-secure 20 */
|
|
if (CRYPTO_secure_allocated(q)) {
|
|
perror_line();
|
|
return 1;
|
|
}
|
|
s = OPENSSL_secure_malloc(20);
|
|
/* r = non-secure 20, p = secure 20, q = non-secure 20, s = secure 20 */
|
|
if (!CRYPTO_secure_allocated(s)) {
|
|
perror_line();
|
|
return 1;
|
|
}
|
|
/* 2 * 20 secure -> 64 bytes allocated */
|
|
if (CRYPTO_secure_used() != 64) {
|
|
perror_line();
|
|
return 1;
|
|
}
|
|
OPENSSL_secure_free(p);
|
|
/* 20 secure -> 32 bytes allocated */
|
|
if (CRYPTO_secure_used() != 32) {
|
|
perror_line();
|
|
return 1;
|
|
}
|
|
OPENSSL_free(q);
|
|
/* should not complete, as secure memory is still allocated */
|
|
if (CRYPTO_secure_malloc_done()) {
|
|
perror_line();
|
|
return 1;
|
|
}
|
|
if (!CRYPTO_secure_malloc_initialized()) {
|
|
perror_line();
|
|
return 1;
|
|
}
|
|
OPENSSL_secure_free(s);
|
|
/* secure memory should now be 0, so done should complete */
|
|
if (CRYPTO_secure_used() != 0) {
|
|
perror_line();
|
|
return 1;
|
|
}
|
|
if (!CRYPTO_secure_malloc_done()) {
|
|
perror_line();
|
|
return 1;
|
|
}
|
|
if (CRYPTO_secure_malloc_initialized()) {
|
|
perror_line();
|
|
return 1;
|
|
}
|
|
/* this can complete - it was not really secure */
|
|
OPENSSL_secure_free(r);
|
|
#else
|
|
/* Should fail. */
|
|
if (CRYPTO_secure_malloc_init(4096, 32)) {
|
|
perror_line();
|
|
return 1;
|
|
}
|
|
#endif
|
|
return 0;
|
|
}
|