More secure storage of key material.

Add secure heap for storage of private keys (when possible). Add BIO_s_secmem(), CBIGNUM, etc. Add BIO_CTX_secure_new so all BIGNUM's in the context are secure. Contributed by Akamai Technologies under the Corporate CLA. Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Rich Salz <rsalz@akamai.com> 2015-04-24 16:39:40 -0400
committer: Rich Salz <rsalz@openssl.org> 2015-06-23 17:09:35 -0400
commit: 74924dcb3802640d7e2ae2e80ca6515d0a53de7a (patch)
tree: 6de4138b01d5f649bdaa32d858bd5fa20e9ad4b6 /test/secmemtest.c
parent: ce7e647bc2c328404b1e3cdac6211773afdefe07 (diff)
1 files changed, 34 insertions, 0 deletions
diff --git a/test/secmemtest.c b/test/secmemtest.c
new file mode 100644
index 0000000000..0ec3b92571
--- /dev/null
+++ b/test/secmemtest.c
@@ -0,0 +1,34 @@
+
+#include <openssl/crypto.h>
+
+int main(int argc, char **argv)
+{
+#if defined(OPENSSL_SYS_LINUX) || defined(OPENSSL_SYS_UNIX)
+    char *p = NULL, *q = NULL;
+
+    if (!CRYPTO_secure_malloc_init(4096, 32)) {
+        perror("failed");
+        return 1;
+    }
+    p = OPENSSL_secure_malloc(20);
+    if (!CRYPTO_secure_allocated(p)) {
+        perror("failed 1");
+        return 1;
+    }
+    q = OPENSSL_malloc(20);
+    if (CRYPTO_secure_allocated(q)) {
+        perror("failed 1");
+        return 1;
+    }
+    CRYPTO_secure_free(p);
+    CRYPTO_free(q);
+    CRYPTO_secure_malloc_done();
+#else
+    /* Should fail. */
+    if (CRYPTO_secure_malloc_init(4096, 32)) {
+        perror("failed");
+        return 1;
+    }
+#endif
+    return 0;
+}
author	Rich Salz <rsalz@akamai.com>	2015-04-24 16:39:40 -0400
committer	Rich Salz <rsalz@openssl.org>	2015-06-23 17:09:35 -0400
commit	74924dcb3802640d7e2ae2e80ca6515d0a53de7a (patch)
tree	6de4138b01d5f649bdaa32d858bd5fa20e9ad4b6 /test/secmemtest.c
parent	ce7e647bc2c328404b1e3cdac6211773afdefe07 (diff)