diff options
| author | Rich Salz <rsalz@akamai.com> | 2015-04-24 16:39:40 -0400 |
|---|---|---|
| committer | Rich Salz <rsalz@openssl.org> | 2015-06-23 17:09:35 -0400 |
| commit | 74924dcb3802640d7e2ae2e80ca6515d0a53de7a (patch) | |
| tree | 6de4138b01d5f649bdaa32d858bd5fa20e9ad4b6 /crypto/buffer | |
| parent | ce7e647bc2c328404b1e3cdac6211773afdefe07 (diff) | |
More secure storage of key material.
Add secure heap for storage of private keys (when possible).
Add BIO_s_secmem(), CBIGNUM, etc.
Add BIO_CTX_secure_new so all BIGNUM's in the context are secure.
Contributed by Akamai Technologies under the Corporate CLA.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'crypto/buffer')
| -rw-r--r-- | crypto/buffer/buffer.c | 42 |
1 files changed, 39 insertions, 3 deletions
diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c index 2beacce6d7..5ee11f4c70 100644 --- a/crypto/buffer/buffer.c +++ b/crypto/buffer/buffer.c @@ -67,6 +67,16 @@ */ #define LIMIT_BEFORE_EXPANSION 0x5ffffffc +BUF_MEM *BUF_MEM_new_ex(unsigned long flags) +{ + BUF_MEM *ret; + + ret = BUF_MEM_new(); + if (ret != NULL) + ret->flags = flags; + return (ret); +} + BUF_MEM *BUF_MEM_new(void) { BUF_MEM *ret; @@ -76,6 +86,7 @@ BUF_MEM *BUF_MEM_new(void) BUFerr(BUF_F_BUF_MEM_NEW, ERR_R_MALLOC_FAILURE); return (NULL); } + ret->flags = 0; ret->length = 0; ret->max = 0; ret->data = NULL; @@ -88,11 +99,30 @@ void BUF_MEM_free(BUF_MEM *a) return; if (a->data != NULL) { - OPENSSL_clear_free(a->data, a->max); + memset(a->data, 0, (unsigned int)a->max); + if (a->flags & BUF_MEM_FLAG_SECURE) + OPENSSL_secure_free(a->data); + else + OPENSSL_clear_free(a->data, a->max); } OPENSSL_free(a); } +/* Allocate a block of secure memory; copy over old data if there + * was any, and then free it. */ +static char *sec_alloc_realloc(BUF_MEM *str, size_t len) +{ + char *ret; + + ret = OPENSSL_secure_malloc(len); + if (str->data != NULL) { + if (ret != NULL) + memcpy(ret, str->data, str->length); + OPENSSL_secure_free(str->data); + } + return (ret); +} + size_t BUF_MEM_grow(BUF_MEM *str, size_t len) { char *ret; @@ -113,7 +143,10 @@ size_t BUF_MEM_grow(BUF_MEM *str, size_t len) return 0; } n = (len + 3) / 3 * 4; - ret = OPENSSL_realloc(str->data, n); + if ((str->flags & BUF_MEM_FLAG_SECURE)) + ret = sec_alloc_realloc(str, n); + else + ret = OPENSSL_realloc(str->data, n); if (ret == NULL) { BUFerr(BUF_F_BUF_MEM_GROW, ERR_R_MALLOC_FAILURE); len = 0; @@ -147,7 +180,10 @@ size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len) return 0; } n = (len + 3) / 3 * 4; - ret = OPENSSL_realloc_clean(str->data, str->max, n); + if ((str->flags & BUF_MEM_FLAG_SECURE)) + ret = sec_alloc_realloc(str, n); + else + ret = OPENSSL_realloc_clean(str->data, str->max, n); if (ret == NULL) { BUFerr(BUF_F_BUF_MEM_GROW_CLEAN, ERR_R_MALLOC_FAILURE); len = 0; |