summaryrefslogtreecommitdiffstats
path: root/test/secmemtest.c
AgeCommit message (Collapse)Author
2017-07-29Add some test coverage for OPENSSL_secure_clear_freeBernd Edlinger
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4048)
2017-05-22Fix infinite loops in secure memory allocation.Todd Short
Remove assertion when mmap() fails. Only give the 1<<31 limit test as an example. Fix the small arena test to just check for the symptom of the infinite loop (i.e. initialized set on failure), rather than the actual infinite loop. This avoids some valgrind errors. Backport of: PR #3512 commit fee423bb68869de02fceaceefbc847e98213574b PR #3510 commit a486561b691d6293a901b412172ca0c6d1ffc0dc PR #3455 commit c8e89d58a5d44b9dd657d6d13a5a10d1d4d30733 PR #3449 commit 7031ddac94d0ae616d1b0670263a9265ce672cd2 Issue 1: sh.bittable_size is a size_t but i is and int, which can result in freelist == -1 if sh.bittable_size exceeds an int. This seems to result in an OPENSSL_assert due to invalid allocation size, so maybe that is "ok." Worse, if sh.bittable_size is exactly 1<<31, then this becomes an infinite loop (because 1<<31 is a negative int, so it can be shifted right forever and sticks at -1). Issue 2: CRYPTO_secure_malloc_init() sets secure_mem_initialized=1 even when sh_init() returns 0. If sh_init() fails, we end up with secure_mem_initialized=1 but sh.minsize=0. If you then call secure_malloc(), which then calls, sh_malloc(), this then enters an infite loop since 0 << anything will never be larger than size. Issue 3: That same sh_malloc loop will loop forever for a size greater than size_t/2 because i will proceed (assuming sh.minsize=16): i=16, 32, 64, ..., size_t/8, size_t/4, size_t/2, 0, 0, 0, 0, .... This sequence will never be larger than "size". Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3453)
2016-05-17Copyright consolidation 02/10Rich Salz
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-02Secure memory fixesTodd Short
Fix some of the variables to be (s)size_t, so that more than 1GB of secure memory can be allocated. The arena has to be a power of 2, and 2GB fails because it ends up being a negative 32-bit signed number. The |too_late| flag is not strictly necessary; it is easy to figure out if something is secure memory by looking at the arena. As before, secure memory allocations will not fail, but now they can be freed correctly. Once initialized, secure memory can still be used, even if allocations occured before initialization. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-17Fixup secmemtest for the change of CRYPTO_free() and friendsRichard Levitte
Switching it to use OPENSSL_free() et al when appropriate. Reviewed-by: Matt Caswell <matt@openssl.org>
2015-06-23More secure storage of key material.Rich Salz
Add secure heap for storage of private keys (when possible). Add BIO_s_secmem(), CBIGNUM, etc. Add BIO_CTX_secure_new so all BIGNUM's in the context are secure. Contributed by Akamai Technologies under the Corporate CLA. Reviewed-by: Richard Levitte <levitte@openssl.org>
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-29 11:14:24 +0000