diff options
| author | Todd Short <tshort@akamai.com> | 2017-05-12 16:46:39 -0400 |
|---|---|---|
| committer | Rich Salz <rsalz@openssl.org> | 2017-05-20 20:54:04 -0400 |
| commit | c8e89d58a5d44b9dd657d6d13a5a10d1d4d30733 (patch) | |
| tree | d7939a71f01523ca18ab95c31938097c99d03be9 | |
| parent | 2117a737f379166856723546eba569e8f1050891 (diff) | |
Tweak sec_mem tests
Remove assertion when mmap() fails.
Only run the 1<<31 limit test on Linux
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3455)
| -rw-r--r-- | crypto/mem_sec.c | 1 | ||||
| -rw-r--r-- | test/secmemtest.c | 25 |
2 files changed, 22 insertions, 4 deletions
diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c index 774b696057..6fc1aca1e0 100644 --- a/crypto/mem_sec.c +++ b/crypto/mem_sec.c @@ -425,7 +425,6 @@ static int sh_init(size_t size, int minsize) close(fd); } } - OPENSSL_assert(sh.map_result != MAP_FAILED); if (sh.map_result == MAP_FAILED) goto err; sh.arena = (char *)(sh.map_result + pgsize); diff --git a/test/secmemtest.c b/test/secmemtest.c index c92db50ace..e9be8f3b08 100644 --- a/test/secmemtest.c +++ b/test/secmemtest.c @@ -75,12 +75,31 @@ static int test_sec_mem(void) TEST_ptr_null(OPENSSL_secure_malloc((size_t)-1)); TEST_true(CRYPTO_secure_malloc_done()); + /*- + * There was also a possible infinite loop when the number of + * elements was 1<<31, as |int i| was set to that, which is a + * negative number. However, it requires minimum input values: + * + * CRYPTO_secure_malloc_init((size_t)1<<34, (size_t)1<<4); + * + * Which really only works on 64-bit systems, and even then the + * code attempts to allocate 16 GB secure memory arena. Linux + * can deal with this better than other Unixy OS's (e.g. MacOS) + * but we don't want to push the system too hard during a unit + * test. In addition, trying to allocate 16GB will cause the + * mlock() call to fail, so that was at least changed to no + * longer be an assert. If the reader of this comment really + * wants to make sure that infinite loop is fixed, they can + * enable the code below. + */ +# if 0 + /* This test should only be run under Linux... runner beware */ if (sizeof(size_t) > 4) { TEST_info("Possible infinite loop: 1<<31 limit"); - if (!TEST_true(CRYPTO_secure_malloc_init((size_t)1<<34, (size_t)1<<4) != 0)) - goto end; - TEST_true(CRYPTO_secure_malloc_done()); + if (TEST_true(CRYPTO_secure_malloc_init((size_t)1<<34, (size_t)1<<4) != 0)) + TEST_true(CRYPTO_secure_malloc_done()); } +# endif /* this can complete - it was not really secure */ testresult = 1; |