[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Wed Feb 26 05:42:39 UTC 2020
The branch master has been updated
via a998ec0e6e12e03c0d4f922a0fe288d5e054985e (commit)
via 50e0402c220ab7abd375802ea4264ff3ee9fc339 (commit)
from d27fd991107d668b3f5b96be48f5b4ccd5a6760e (commit)
- Log -----------------------------------------------------------------
commit a998ec0e6e12e03c0d4f922a0fe288d5e054985e
Author: Pauli <paul.dale at oracle.com>
Date: Sat Feb 22 18:39:28 2020 +1000
secmem: ignore small minsize arguments to CRYPTO_secure_malloc_init().
If the user specifies a minimum allocation size that is smaller than
the free list structure (or zero), calculate the minimum possible size rather
than failing.
Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11149)
commit 50e0402c220ab7abd375802ea4264ff3ee9fc339
Author: Pauli <paul.dale at oracle.com>
Date: Sat Feb 22 10:35:26 2020 +1000
sec_mem: add note about the minimum size parameter.
Add a note indicating that the minimum size parameter to
CRYPTO_secure_malloc_init() should be small.
Reviewed-by: Viktor Dukhovni <viktor at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11149)
-----------------------------------------------------------------------
Summary of changes:
crypto/mem_sec.c | 28 ++++++++++++++++++++++------
doc/man3/OPENSSL_secure_malloc.pod | 6 ++++--
2 files changed, 26 insertions(+), 8 deletions(-)
diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c
index 79362c5826..b70c0a97ca 100644
--- a/crypto/mem_sec.c
+++ b/crypto/mem_sec.c
@@ -378,17 +378,33 @@ static int sh_init(size_t size, size_t minsize)
memset(&sh, 0, sizeof(sh));
- /* make sure size and minsize are powers of 2 */
+ /* make sure size is a powers of 2 */
OPENSSL_assert(size > 0);
OPENSSL_assert((size & (size - 1)) == 0);
- OPENSSL_assert((minsize & (minsize - 1)) == 0);
if (size == 0 || (size & (size - 1)) != 0)
goto err;
- if (minsize == 0 || (minsize & (minsize - 1)) != 0)
- goto err;
- while (minsize < sizeof(SH_LIST))
- minsize *= 2;
+ if (minsize <= sizeof(SH_LIST)) {
+ OPENSSL_assert(sizeof(SH_LIST) <= 65536);
+ /*
+ * Compute the minimum possible allocation size.
+ * This must be a power of 2 and at least as large as the SH_LIST
+ * structure.
+ */
+ minsize = sizeof(SH_LIST) - 1;
+ minsize |= minsize >> 1;
+ minsize |= minsize >> 2;
+ if (sizeof(SH_LIST) > 16)
+ minsize |= minsize >> 4;
+ if (sizeof(SH_LIST) > 256)
+ minsize |= minsize >> 8;
+ minsize++;
+ } else {
+ /* make sure minsize is a powers of 2 */
+ OPENSSL_assert((minsize & (minsize - 1)) == 0);
+ if ((minsize & (minsize - 1)) != 0)
+ goto err;
+ }
sh.arena_size = size;
sh.minsize = minsize;
diff --git a/doc/man3/OPENSSL_secure_malloc.pod b/doc/man3/OPENSSL_secure_malloc.pod
index e47dfd673a..67a34eb809 100644
--- a/doc/man3/OPENSSL_secure_malloc.pod
+++ b/doc/man3/OPENSSL_secure_malloc.pod
@@ -53,8 +53,10 @@ put all intermediate values and computations there.
CRYPTO_secure_malloc_init() creates the secure heap, with the specified
C<size> in bytes. The C<minsize> parameter is the minimum size to
-allocate from the heap. Both C<size> and C<minsize> must be a power
-of two.
+allocate from the heap or zero to use a reasonable default value.
+Both C<size> and, if specified, C<minsize> must be a power of two and
+C<minsize> should generally be small, for example 16 or 32.
+C<minsize> must be less than a quarter of C<size> in any case.
CRYPTO_secure_malloc_initialized() indicates whether or not the secure
heap as been initialized and is available.
More information about the openssl-commits
mailing list