From 34b167625af50a13b8414e11814a795457cb17b0 Mon Sep 17 00:00:00 2001 From: Pauli Date: Wed, 5 Feb 2020 09:09:29 +1000 Subject: [PATCH] Make minimum size for secure memory a size_t. The minimum size argument to CRYPTO_secure_malloc_init() was an int but ought to be a size_t since it is a size. From an API perspective, this is a change. However, the minimum size is verified as being a positive power of two and it will typically be a small constant. Reviewed-by: David von Oheimb (Merged from #11003) --- crypto/mem_sec.c | 9 ++++----- doc/man3/OPENSSL_secure_malloc.pod | 5 ++++- include/openssl/crypto.h | 2 +- test/secmemtest.c | 4 ++-- 4 files changed, 11 insertions(+), 9 deletions(-) diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c index 65d32f3c41..6aca27370e 100644 --- a/crypto/mem_sec.c +++ b/crypto/mem_sec.c @@ -57,7 +57,7 @@ static CRYPTO_RWLOCK *sec_malloc_lock = NULL; /* * These are the functions that must be implemented by a secure heap (sh). */ -static int sh_init(size_t size, int minsize); +static int sh_init(size_t size, size_t minsize); static void *sh_malloc(size_t size); static void sh_free(void *ptr); static void sh_done(void); @@ -65,7 +65,7 @@ static size_t sh_actual_size(char *ptr); static int sh_allocated(const char *ptr); #endif -int CRYPTO_secure_malloc_init(size_t size, int minsize) +int CRYPTO_secure_malloc_init(size_t size, size_t minsize) { #ifdef OPENSSL_SECURE_MEMORY int ret = 0; @@ -373,7 +373,7 @@ static void sh_remove_from_list(char *ptr) } -static int sh_init(size_t size, int minsize) +static int sh_init(size_t size, size_t minsize) { int ret; size_t i; @@ -385,11 +385,10 @@ static int sh_init(size_t size, int minsize) /* make sure size and minsize are powers of 2 */ OPENSSL_assert(size > 0); OPENSSL_assert((size & (size - 1)) == 0); - OPENSSL_assert(minsize > 0); OPENSSL_assert((minsize & (minsize - 1)) == 0); if (size <= 0 || (size & (size - 1)) != 0) goto err; - if (minsize <= 0 || (minsize & (minsize - 1)) != 0) + if (minsize == 0 || (minsize & (minsize - 1)) != 0) goto err; while (minsize < (int)sizeof(SH_LIST)) diff --git a/doc/man3/OPENSSL_secure_malloc.pod b/doc/man3/OPENSSL_secure_malloc.pod index 9c70d39338..e47dfd673a 100644 --- a/doc/man3/OPENSSL_secure_malloc.pod +++ b/doc/man3/OPENSSL_secure_malloc.pod @@ -14,7 +14,7 @@ CRYPTO_secure_used - secure heap storage #include - int CRYPTO_secure_malloc_init(size_t size, int minsize); + int CRYPTO_secure_malloc_init(size_t size, size_t minsize); int CRYPTO_secure_malloc_initialized(); @@ -126,6 +126,9 @@ L The OPENSSL_secure_clear_free() function was added in OpenSSL 1.1.0g. +The second argument to CRYPTO_secure_malloc_init() was changed from an B to +a B in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index f2f66a3f0e..e44dc1b838 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -317,7 +317,7 @@ void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line); void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num, const char *file, int line); -int CRYPTO_secure_malloc_init(size_t sz, int minsize); +int CRYPTO_secure_malloc_init(size_t sz, size_t minsize); int CRYPTO_secure_malloc_done(void); void *CRYPTO_secure_malloc(size_t num, const char *file, int line); void *CRYPTO_secure_zalloc(size_t num, const char *file, int line); diff --git a/test/secmemtest.c b/test/secmemtest.c index abee4178a8..edd88b1535 100644 --- a/test/secmemtest.c +++ b/test/secmemtest.c @@ -92,7 +92,7 @@ static int test_sec_mem(void) * elements was 1<<31, as |int i| was set to that, which is a * negative number. However, it requires minimum input values: * - * CRYPTO_secure_malloc_init((size_t)1<<34, (size_t)1<<4); + * CRYPTO_secure_malloc_init((size_t)1<<34, 1<<4); * * Which really only works on 64-bit systems, since it took 16 GB * secure memory arena to trigger the problem. It naturally takes @@ -113,7 +113,7 @@ static int test_sec_mem(void) */ if (sizeof(size_t) > 4) { TEST_info("Possible infinite loop: 1<<31 limit"); - if (TEST_true(CRYPTO_secure_malloc_init((size_t)1<<34, (size_t)1<<4) != 0)) + if (TEST_true(CRYPTO_secure_malloc_init((size_t)1<<34, 1<<4) != 0)) TEST_true(CRYPTO_secure_malloc_done()); } # endif -- 2.25.1