[openssl-commits] [openssl] master update
Andy Polyakov
appro at openssl.org
Thu Apr 6 10:54:38 UTC 2017
The branch master has been updated
via 9dfc5b96874c477095f407c08141614e010a0b98 (commit)
from 5006b37b31c5a520c3065048bd8aba8cc3ff128d (commit)
- Log -----------------------------------------------------------------
commit 9dfc5b96874c477095f407c08141614e010a0b98
Author: Todd Short <tshort at akamai.com>
Date: Thu Mar 23 12:56:22 2017 -0400
Add support for MLOCK_ONFAULT to secure arena
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Andy Polyakov <appro at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3115)
-----------------------------------------------------------------------
Summary of changes:
crypto/mem_sec.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c
index 93bff90..351dec4 100644
--- a/crypto/mem_sec.c
+++ b/crypto/mem_sec.c
@@ -31,6 +31,11 @@
# include <unistd.h>
# include <sys/types.h>
# include <sys/mman.h>
+# if defined(OPENSSL_SYS_LINUX)
+# include <sys/syscall.h>
+# include <linux/mman.h>
+# include <errno.h>
+# endif
# include <sys/param.h>
# include <sys/stat.h>
# include <fcntl.h>
@@ -433,8 +438,19 @@ static int sh_init(size_t size, int minsize)
if (mprotect(sh.map_result + aligned, pgsize, PROT_NONE) < 0)
ret = 2;
+#if defined(OPENSSL_SYS_LINUX) && defined(MLOCK_ONFAULT) && defined(SYS_mlock2)
+ if (syscall(SYS_mlock2, sh.arena, sh.arena_size, MLOCK_ONFAULT) < 0) {
+ if (errno == ENOSYS) {
+ if (mlock(sh.arena, sh.arena_size) < 0)
+ ret = 2;
+ } else {
+ ret = 2;
+ }
+ }
+#else
if (mlock(sh.arena, sh.arena_size) < 0)
ret = 2;
+#endif
#ifdef MADV_DONTDUMP
if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0)
ret = 2;
More information about the openssl-commits
mailing list