[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
bernd.edlinger at hotmail.de
bernd.edlinger at hotmail.de
Sun Jul 30 07:22:04 UTC 2017
The branch OpenSSL_1_1_0-stable has been updated
via a08f26660e0f8d2caf9462219ffea20d9e2c74f2 (commit)
via ba8376b59ce803a512ffef30d5daace7489a3da0 (commit)
from a2ce081490891a561be40d943513458b3568fd1c (commit)
- Log -----------------------------------------------------------------
commit a08f26660e0f8d2caf9462219ffea20d9e2c74f2
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date: Sat Jul 29 21:19:07 2017 +0200
Add some test coverage for OPENSSL_secure_clear_free
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4048)
commit ba8376b59ce803a512ffef30d5daace7489a3da0
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date: Sat Jul 29 19:49:26 2017 +0200
Implement the CRYPTO_secure_clear_free function.
Use OPENSSL_secure_clear_free for secure mem BIOs
and X25519 private keys.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4048)
-----------------------------------------------------------------------
Summary of changes:
crypto/buffer/buffer.c | 4 ++--
crypto/ec/ecx_meth.c | 2 +-
crypto/mem_sec.c | 27 +++++++++++++++++++++++++++
doc/crypto/OPENSSL_secure_malloc.pod | 9 ++++++++-
include/openssl/crypto.h | 4 ++++
test/secmemtest.c | 19 +++++++++++++++----
util/libcrypto.num | 1 +
7 files changed, 58 insertions(+), 8 deletions(-)
diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c
index ad7128a..f3f8a1b 100644
--- a/crypto/buffer/buffer.c
+++ b/crypto/buffer/buffer.c
@@ -47,7 +47,7 @@ void BUF_MEM_free(BUF_MEM *a)
if (a->data != NULL) {
if (a->flags & BUF_MEM_FLAG_SECURE)
- OPENSSL_secure_free(a->data);
+ OPENSSL_secure_clear_free(a->data, a->max);
else
OPENSSL_clear_free(a->data, a->max);
}
@@ -64,7 +64,7 @@ static char *sec_alloc_realloc(BUF_MEM *str, size_t len)
if (str->data != NULL) {
if (ret != NULL) {
memcpy(ret, str->data, str->length);
- OPENSSL_secure_free(str->data);
+ OPENSSL_secure_clear_free(str->data, str->length);
str->data = NULL;
}
}
diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c
index 06e3911..018a941 100644
--- a/crypto/ec/ecx_meth.c
+++ b/crypto/ec/ecx_meth.c
@@ -212,7 +212,7 @@ static void ecx_free(EVP_PKEY *pkey)
X25519_KEY *xkey = pkey->pkey.ptr;
if (xkey)
- OPENSSL_secure_free(xkey->privkey);
+ OPENSSL_secure_clear_free(xkey->privkey, X25519_KEYLEN);
OPENSSL_free(xkey);
}
diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c
index 664b4ad..2a08b21 100644
--- a/crypto/mem_sec.c
+++ b/crypto/mem_sec.c
@@ -156,6 +156,33 @@ void CRYPTO_secure_free(void *ptr, const char *file, int line)
#endif /* IMPLEMENTED */
}
+void CRYPTO_secure_clear_free(void *ptr, size_t num,
+ const char *file, int line)
+{
+#ifdef IMPLEMENTED
+ size_t actual_size;
+
+ if (ptr == NULL)
+ return;
+ if (!CRYPTO_secure_allocated(ptr)) {
+ OPENSSL_cleanse(ptr, num);
+ CRYPTO_free(ptr, file, line);
+ return;
+ }
+ CRYPTO_THREAD_write_lock(sec_malloc_lock);
+ actual_size = sh_actual_size(ptr);
+ CLEAR(ptr, actual_size);
+ secure_mem_used -= actual_size;
+ sh_free(ptr);
+ CRYPTO_THREAD_unlock(sec_malloc_lock);
+#else
+ if (ptr == NULL)
+ return;
+ OPENSSL_cleanse(ptr, num);
+ CRYPTO_free(ptr, file, line);
+#endif /* IMPLEMENTED */
+}
+
int CRYPTO_secure_allocated(const void *ptr)
{
#ifdef IMPLEMENTED
diff --git a/doc/crypto/OPENSSL_secure_malloc.pod b/doc/crypto/OPENSSL_secure_malloc.pod
index 3f49abf..75b5b3c 100644
--- a/doc/crypto/OPENSSL_secure_malloc.pod
+++ b/doc/crypto/OPENSSL_secure_malloc.pod
@@ -27,6 +27,9 @@ CRYPTO_secure_used - secure heap storage
void OPENSSL_secure_free(void* ptr);
void CRYPTO_secure_free(void *ptr, const char *, int);
+ void OPENSSL_secure_clear_free(void* ptr, size_t num);
+ void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *, int);
+
size_t OPENSSL_secure_actual_size(const void *ptr);
int OPENSSL_secure_allocated(const void *ptr);
@@ -104,13 +107,17 @@ CRYPTO_secure_allocated() returns 1 if the pointer is in the secure heap, or 0 i
CRYPTO_secure_malloc_done() returns 1 if the secure memory area is released, or 0 if not.
-OPENSSL_secure_free() returns no values.
+OPENSSL_secure_free() and OPENSSL_secure_clear_free() return no values.
=head1 SEE ALSO
L<OPENSSL_malloc(3)>,
L<BN_new(3)>
+=head1 HISTORY
+
+OPENSSL_secure_clear_free() was added in OpenSSL 1.1.0g.
+
=head1 COPYRIGHT
Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
index 55e8020..1ba7f25 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -146,6 +146,8 @@ int CRYPTO_mem_ctrl(int mode);
CRYPTO_secure_zalloc(num, OPENSSL_FILE, OPENSSL_LINE)
# define OPENSSL_secure_free(addr) \
CRYPTO_secure_free(addr, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_secure_clear_free(addr, num) \
+ CRYPTO_secure_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE)
# define OPENSSL_secure_actual_size(ptr) \
CRYPTO_secure_actual_size(ptr)
@@ -285,6 +287,8 @@ int CRYPTO_secure_malloc_done(void);
void *CRYPTO_secure_malloc(size_t num, const char *file, int line);
void *CRYPTO_secure_zalloc(size_t num, const char *file, int line);
void CRYPTO_secure_free(void *ptr, const char *file, int line);
+void CRYPTO_secure_clear_free(void *ptr, size_t num,
+ const char *file, int line);
int CRYPTO_secure_allocated(const void *ptr);
int CRYPTO_secure_malloc_initialized(void);
size_t CRYPTO_secure_actual_size(void *ptr);
diff --git a/test/secmemtest.c b/test/secmemtest.c
index 9951f04..9405f34 100644
--- a/test/secmemtest.c
+++ b/test/secmemtest.c
@@ -19,8 +19,18 @@ int main(int argc, char **argv)
#if defined(OPENSSL_SYS_LINUX) || defined(OPENSSL_SYS_UNIX)
char *p = NULL, *q = NULL, *r = NULL, *s = NULL;
+ s = OPENSSL_secure_malloc(20);
+ /* s = non-secure 20 */
+ if (s == NULL) {
+ perror_line();
+ return 1;
+ }
+ if (CRYPTO_secure_allocated(s)) {
+ perror_line();
+ return 1;
+ }
r = OPENSSL_secure_malloc(20);
- /* r = non-secure 20 */
+ /* r = non-secure 20, s = non-secure 20 */
if (r == NULL) {
perror_line();
return 1;
@@ -34,7 +44,7 @@ int main(int argc, char **argv)
return 1;
}
p = OPENSSL_secure_malloc(20);
- /* r = non-secure 20, p = secure 20 */
+ /* r = non-secure 20, p = secure 20, s = non-secure 20 */
if (!CRYPTO_secure_allocated(p)) {
perror_line();
return 1;
@@ -45,11 +55,12 @@ int main(int argc, char **argv)
return 1;
}
q = OPENSSL_malloc(20);
- /* r = non-secure 20, p = secure 20, q = non-secure 20 */
+ /* r = non-secure 20, p = secure 20, q = non-secure 20, s = non-secure 20 */
if (CRYPTO_secure_allocated(q)) {
perror_line();
return 1;
}
+ OPENSSL_secure_clear_free(s, 20);
s = OPENSSL_secure_malloc(20);
/* r = non-secure 20, p = secure 20, q = non-secure 20, s = secure 20 */
if (!CRYPTO_secure_allocated(s)) {
@@ -61,7 +72,7 @@ int main(int argc, char **argv)
perror_line();
return 1;
}
- OPENSSL_secure_free(p);
+ OPENSSL_secure_clear_free(p, 20);
/* 20 secure -> 32 bytes allocated */
if (CRYPTO_secure_used() != 32) {
perror_line();
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 814926f..fddb49b 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4230,3 +4230,4 @@ UINT32_it 4214 1_1_0f EXIST:!EXPORT_VAR_AS_FUNCTIO
UINT32_it 4214 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
ZINT64_it 4215 1_1_0f EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ZINT64_it 4215 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CRYPTO_secure_clear_free 4315 1_1_0g EXIST::FUNCTION:
More information about the openssl-commits
mailing list