The branch master has been updated via a998ec0e6e12e03c0d4f922a0fe288d5e054985e (commit) via 50e0402c220ab7abd375802ea4264ff3ee9fc339 (commit) from d27fd991107d668b3f5b96be48f5b4ccd5a6760e (commit)
- Log ----------------------------------------------------------------- commit a998ec0e6e12e03c0d4f922a0fe288d5e054985e Author: Pauli <paul.d...@oracle.com> Date: Sat Feb 22 18:39:28 2020 +1000 secmem: ignore small minsize arguments to CRYPTO_secure_malloc_init(). If the user specifies a minimum allocation size that is smaller than the free list structure (or zero), calculate the minimum possible size rather than failing. Reviewed-by: Viktor Dukhovni <vik...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11149) commit 50e0402c220ab7abd375802ea4264ff3ee9fc339 Author: Pauli <paul.d...@oracle.com> Date: Sat Feb 22 10:35:26 2020 +1000 sec_mem: add note about the minimum size parameter. Add a note indicating that the minimum size parameter to CRYPTO_secure_malloc_init() should be small. Reviewed-by: Viktor Dukhovni <vik...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11149) ----------------------------------------------------------------------- Summary of changes: crypto/mem_sec.c | 28 ++++++++++++++++++++++------ doc/man3/OPENSSL_secure_malloc.pod | 6 ++++-- 2 files changed, 26 insertions(+), 8 deletions(-) diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c index 79362c5826..b70c0a97ca 100644 --- a/crypto/mem_sec.c +++ b/crypto/mem_sec.c @@ -378,17 +378,33 @@ static int sh_init(size_t size, size_t minsize) memset(&sh, 0, sizeof(sh)); - /* make sure size and minsize are powers of 2 */ + /* make sure size is a powers of 2 */ OPENSSL_assert(size > 0); OPENSSL_assert((size & (size - 1)) == 0); - OPENSSL_assert((minsize & (minsize - 1)) == 0); if (size == 0 || (size & (size - 1)) != 0) goto err; - if (minsize == 0 || (minsize & (minsize - 1)) != 0) - goto err; - while (minsize < sizeof(SH_LIST)) - minsize *= 2; + if (minsize <= sizeof(SH_LIST)) { + OPENSSL_assert(sizeof(SH_LIST) <= 65536); + /* + * Compute the minimum possible allocation size. + * This must be a power of 2 and at least as large as the SH_LIST + * structure. + */ + minsize = sizeof(SH_LIST) - 1; + minsize |= minsize >> 1; + minsize |= minsize >> 2; + if (sizeof(SH_LIST) > 16) + minsize |= minsize >> 4; + if (sizeof(SH_LIST) > 256) + minsize |= minsize >> 8; + minsize++; + } else { + /* make sure minsize is a powers of 2 */ + OPENSSL_assert((minsize & (minsize - 1)) == 0); + if ((minsize & (minsize - 1)) != 0) + goto err; + } sh.arena_size = size; sh.minsize = minsize; diff --git a/doc/man3/OPENSSL_secure_malloc.pod b/doc/man3/OPENSSL_secure_malloc.pod index e47dfd673a..67a34eb809 100644 --- a/doc/man3/OPENSSL_secure_malloc.pod +++ b/doc/man3/OPENSSL_secure_malloc.pod @@ -53,8 +53,10 @@ put all intermediate values and computations there. CRYPTO_secure_malloc_init() creates the secure heap, with the specified C<size> in bytes. The C<minsize> parameter is the minimum size to -allocate from the heap. Both C<size> and C<minsize> must be a power -of two. +allocate from the heap or zero to use a reasonable default value. +Both C<size> and, if specified, C<minsize> must be a power of two and +C<minsize> should generally be small, for example 16 or 32. +C<minsize> must be less than a quarter of C<size> in any case. CRYPTO_secure_malloc_initialized() indicates whether or not the secure heap as been initialized and is available.