[openssl] master update

Dr. Paul Dale pauli at openssl.org
Tue Feb 4 23:11:30 UTC 2020


The branch master has been updated
       via  34b167625af50a13b8414e11814a795457cb17b0 (commit)
      from  e3b1ccad694aabfffbde68c56fb8d44c011f98b1 (commit)


- Log -----------------------------------------------------------------
commit 34b167625af50a13b8414e11814a795457cb17b0
Author: Pauli <paul.dale at oracle.com>
Date:   Wed Feb 5 09:09:29 2020 +1000

    Make minimum size for secure memory a size_t.
    
    The minimum size argument to CRYPTO_secure_malloc_init() was an int but ought
    to be a size_t since it is a size.
    
    From an API perspective, this is a change.  However, the minimum size is
    verified as being a positive power of two and it will typically be a small
    constant.
    
    Reviewed-by: David von Oheimb <david.von.oheimb at siemens.com>
    (Merged from #11003)

-----------------------------------------------------------------------

Summary of changes:
 crypto/mem_sec.c                   | 9 ++++-----
 doc/man3/OPENSSL_secure_malloc.pod | 5 ++++-
 include/openssl/crypto.h           | 2 +-
 test/secmemtest.c                  | 4 ++--
 4 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c
index 65d32f3c41..6aca27370e 100644
--- a/crypto/mem_sec.c
+++ b/crypto/mem_sec.c
@@ -57,7 +57,7 @@ static CRYPTO_RWLOCK *sec_malloc_lock = NULL;
 /*
  * These are the functions that must be implemented by a secure heap (sh).
  */
-static int sh_init(size_t size, int minsize);
+static int sh_init(size_t size, size_t minsize);
 static void *sh_malloc(size_t size);
 static void sh_free(void *ptr);
 static void sh_done(void);
@@ -65,7 +65,7 @@ static size_t sh_actual_size(char *ptr);
 static int sh_allocated(const char *ptr);
 #endif
 
-int CRYPTO_secure_malloc_init(size_t size, int minsize)
+int CRYPTO_secure_malloc_init(size_t size, size_t minsize)
 {
 #ifdef OPENSSL_SECURE_MEMORY
     int ret = 0;
@@ -373,7 +373,7 @@ static void sh_remove_from_list(char *ptr)
 }
 
 
-static int sh_init(size_t size, int minsize)
+static int sh_init(size_t size, size_t minsize)
 {
     int ret;
     size_t i;
@@ -385,11 +385,10 @@ static int sh_init(size_t size, int minsize)
     /* make sure size and minsize are powers of 2 */
     OPENSSL_assert(size > 0);
     OPENSSL_assert((size & (size - 1)) == 0);
-    OPENSSL_assert(minsize > 0);
     OPENSSL_assert((minsize & (minsize - 1)) == 0);
     if (size <= 0 || (size & (size - 1)) != 0)
         goto err;
-    if (minsize <= 0 || (minsize & (minsize - 1)) != 0)
+    if (minsize == 0 || (minsize & (minsize - 1)) != 0)
         goto err;
 
     while (minsize < (int)sizeof(SH_LIST))
diff --git a/doc/man3/OPENSSL_secure_malloc.pod b/doc/man3/OPENSSL_secure_malloc.pod
index 9c70d39338..e47dfd673a 100644
--- a/doc/man3/OPENSSL_secure_malloc.pod
+++ b/doc/man3/OPENSSL_secure_malloc.pod
@@ -14,7 +14,7 @@ CRYPTO_secure_used - secure heap storage
 
  #include <openssl/crypto.h>
 
- int CRYPTO_secure_malloc_init(size_t size, int minsize);
+ int CRYPTO_secure_malloc_init(size_t size, size_t minsize);
 
  int CRYPTO_secure_malloc_initialized();
 
@@ -126,6 +126,9 @@ L<BN_new(3)>
 
 The OPENSSL_secure_clear_free() function was added in OpenSSL 1.1.0g.
 
+The second argument to CRYPTO_secure_malloc_init() was changed from an B<int> to
+a B<size_t> in OpenSSL 3.0.
+
 =head1 COPYRIGHT
 
 Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
index f2f66a3f0e..e44dc1b838 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -317,7 +317,7 @@ void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line);
 void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num,
                            const char *file, int line);
 
-int CRYPTO_secure_malloc_init(size_t sz, int minsize);
+int CRYPTO_secure_malloc_init(size_t sz, size_t minsize);
 int CRYPTO_secure_malloc_done(void);
 void *CRYPTO_secure_malloc(size_t num, const char *file, int line);
 void *CRYPTO_secure_zalloc(size_t num, const char *file, int line);
diff --git a/test/secmemtest.c b/test/secmemtest.c
index abee4178a8..edd88b1535 100644
--- a/test/secmemtest.c
+++ b/test/secmemtest.c
@@ -92,7 +92,7 @@ static int test_sec_mem(void)
      * elements was 1<<31, as |int i| was set to that, which is a
      * negative number. However, it requires minimum input values:
      *
-     * CRYPTO_secure_malloc_init((size_t)1<<34, (size_t)1<<4);
+     * CRYPTO_secure_malloc_init((size_t)1<<34, 1<<4);
      *
      * Which really only works on 64-bit systems, since it took 16 GB
      * secure memory arena to trigger the problem. It naturally takes
@@ -113,7 +113,7 @@ static int test_sec_mem(void)
      */
     if (sizeof(size_t) > 4) {
         TEST_info("Possible infinite loop: 1<<31 limit");
-        if (TEST_true(CRYPTO_secure_malloc_init((size_t)1<<34, (size_t)1<<4) != 0))
+        if (TEST_true(CRYPTO_secure_malloc_init((size_t)1<<34, 1<<4) != 0))
             TEST_true(CRYPTO_secure_malloc_done());
     }
 # endif


More information about the openssl-commits mailing list