[openssl] master update

Dr. Paul Dale pauli at openssl.org
Wed Feb 26 05:42:39 UTC 2020


The branch master has been updated
       via  a998ec0e6e12e03c0d4f922a0fe288d5e054985e (commit)
       via  50e0402c220ab7abd375802ea4264ff3ee9fc339 (commit)
      from  d27fd991107d668b3f5b96be48f5b4ccd5a6760e (commit)


- Log -----------------------------------------------------------------
commit a998ec0e6e12e03c0d4f922a0fe288d5e054985e
Author: Pauli <paul.dale at oracle.com>
Date:   Sat Feb 22 18:39:28 2020 +1000

    secmem: ignore small minsize arguments to CRYPTO_secure_malloc_init().
    
    If the user specifies a minimum allocation size that is smaller than
    the free list structure (or zero), calculate the minimum possible size rather
    than failing.
    
    Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/11149)

commit 50e0402c220ab7abd375802ea4264ff3ee9fc339
Author: Pauli <paul.dale at oracle.com>
Date:   Sat Feb 22 10:35:26 2020 +1000

    sec_mem: add note about the minimum size parameter.
    
    Add a note indicating that the minimum size parameter to
    CRYPTO_secure_malloc_init() should be small.
    
    Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/11149)

-----------------------------------------------------------------------

Summary of changes:
 crypto/mem_sec.c                   | 28 ++++++++++++++++++++++------
 doc/man3/OPENSSL_secure_malloc.pod |  6 ++++--
 2 files changed, 26 insertions(+), 8 deletions(-)

diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c
index 79362c5826..b70c0a97ca 100644
--- a/crypto/mem_sec.c
+++ b/crypto/mem_sec.c
@@ -378,17 +378,33 @@ static int sh_init(size_t size, size_t minsize)
 
     memset(&sh, 0, sizeof(sh));
 
-    /* make sure size and minsize are powers of 2 */
+    /* make sure size is a powers of 2 */
     OPENSSL_assert(size > 0);
     OPENSSL_assert((size & (size - 1)) == 0);
-    OPENSSL_assert((minsize & (minsize - 1)) == 0);
     if (size == 0 || (size & (size - 1)) != 0)
         goto err;
-    if (minsize == 0 || (minsize & (minsize - 1)) != 0)
-        goto err;
 
-    while (minsize < sizeof(SH_LIST))
-        minsize *= 2;
+    if (minsize <= sizeof(SH_LIST)) {
+        OPENSSL_assert(sizeof(SH_LIST) <= 65536);
+        /*
+         * Compute the minimum possible allocation size.
+         * This must be a power of 2 and at least as large as the SH_LIST
+         * structure.
+         */
+        minsize = sizeof(SH_LIST) - 1;
+        minsize |= minsize >> 1;
+        minsize |= minsize >> 2;
+        if (sizeof(SH_LIST) > 16)
+            minsize |= minsize >> 4;
+        if (sizeof(SH_LIST) > 256)
+            minsize |= minsize >> 8;
+        minsize++;
+    } else {
+        /* make sure minsize is a powers of 2 */
+          OPENSSL_assert((minsize & (minsize - 1)) == 0);
+          if ((minsize & (minsize - 1)) != 0)
+              goto err;
+    }
 
     sh.arena_size = size;
     sh.minsize = minsize;
diff --git a/doc/man3/OPENSSL_secure_malloc.pod b/doc/man3/OPENSSL_secure_malloc.pod
index e47dfd673a..67a34eb809 100644
--- a/doc/man3/OPENSSL_secure_malloc.pod
+++ b/doc/man3/OPENSSL_secure_malloc.pod
@@ -53,8 +53,10 @@ put all intermediate values and computations there.
 
 CRYPTO_secure_malloc_init() creates the secure heap, with the specified
 C<size> in bytes. The C<minsize> parameter is the minimum size to
-allocate from the heap. Both C<size> and C<minsize> must be a power
-of two.
+allocate from the heap or zero to use a reasonable default value.
+Both C<size> and, if specified, C<minsize> must be a power of two and
+C<minsize> should generally be small, for example 16 or 32.
+C<minsize> must be less than a quarter of C<size> in any case.
 
 CRYPTO_secure_malloc_initialized() indicates whether or not the secure
 heap as been initialized and is available.


More information about the openssl-commits mailing list