Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding OPENSSL_secure_zalloc and BIO_s_secmem #1476

Merged
merged 16 commits into from
Apr 17, 2024
Merged

Adding OPENSSL_secure_zalloc and BIO_s_secmem #1476

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
d95e676
added secure_zalloc
smittals2 Feb 28, 2024
c95f95e
added BIO_s_secmem
smittals2 Mar 5, 2024
7a41fda
fixed bio comments
smittals2 Mar 6, 2024
e2acdce
added documentation about secure heaps
smittals2 Mar 9, 2024
b3cc6b3
marked secure malloc and zalloc as deprecated
smittals2 Mar 9, 2024
e28e210
Merge branch 'main' into secmem
smittals2 Mar 9, 2024
7df44c4
changed documentation and marked other secure heap functions as OPENS…
smittals2 Mar 12, 2024
ef6e521
Merge branch 'secmem' of github.com:smittals2/aws-lc into secmem
smittals2 Mar 12, 2024
dc7f469
added newline to end of file
smittals2 Mar 12, 2024
e17f2c2
changed comments for sec heap
smittals2 Mar 26, 2024
07466da
added more info about sec heap support in LC
smittals2 Mar 29, 2024
69a0fbf
Merge branch 'main' into secmem
justsmth Apr 5, 2024
780ec2b
removed OPENSSL_DEPRECATED
smittals2 Apr 15, 2024
37de1ac
Merge branch 'main' into secmem
smittals2 Apr 15, 2024
a39f620
changed comments to be clearer
smittals2 Apr 16, 2024
cc6154c
Merge branch 'main' into secmem
smittals2 Apr 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions crypto/bio/bio_mem.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -303,3 +303,7 @@ int BIO_set_mem_buf(BIO *bio, BUF_MEM *b, int take_ownership) {
int BIO_set_mem_eof_return(BIO *bio, int eof_value) {
return (int)BIO_ctrl(bio, BIO_C_SET_BUF_MEM_EOF_RETURN, eof_value, NULL);
}

const BIO_METHOD *BIO_s_secmem(void) {
return BIO_s_mem();
}
2 changes: 2 additions & 0 deletions crypto/mem.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -329,6 +329,8 @@ size_t CRYPTO_secure_used(void) { return 0; }

void *OPENSSL_secure_malloc(size_t size) { return OPENSSL_malloc(size); }

void *OPENSSL_secure_zalloc(size_t size) { return OPENSSL_zalloc(size); }
justsmth marked this conversation as resolved.
Show resolved Hide resolved

void OPENSSL_secure_clear_free(void *ptr, size_t len) {
OPENSSL_clear_free(ptr, len);
}
Expand Down
4 changes: 4 additions & 0 deletions include/openssl/bio.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -876,7 +876,11 @@ OPENSSL_EXPORT int BIO_meth_set_puts(BIO_METHOD *method,
// BIO_meth_get_puts returns |puts| function of |method|.
OPENSSL_EXPORT int (*BIO_meth_get_puts(const BIO_METHOD *method)) (BIO *, const char *);

// BIO_s_secmem returns the normal BIO_METHOD |BIO_s_mem|. Deprecated since AWS-LC
// does not support secure heaps.
OPENSSL_EXPORT OPENSSL_DEPRECATED const BIO_METHOD *BIO_s_secmem(void);


// General No-op Functions [Deprecated].

// BIO_set_write_buffer_size returns zero.
Expand Down
11 changes: 11 additions & 0 deletions include/openssl/mem.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -238,6 +238,14 @@ OPENSSL_EXPORT int CRYPTO_set_mem_functions(
void *(*r)(void *, size_t, const char *, int),
void (*f)(void *, const char *, int));

// OPENSSL supports the concept of secure heaps to help protect applications from pointer overruns or underruns that
// could return arbitrary data from the program's dynamic memory area where sensitive information may be stored.
// AWS-LC does not support secure heaps. The initialization functions intentionally return zero to indicate that secure
// heaps aren't supported. We return the regular malloc and zalloc versions when the secure_* counterparts are called,
// which is what OPENSSL does when secure heap is not enabled.
// If there is any interest in utilizing "secure heaps" with AWS-LC, cut us an issue at
// https://github.com/aws/aws-lc/issues/new/choose

// CRYPTO_secure_malloc_init returns zero.
OPENSSL_EXPORT int CRYPTO_secure_malloc_init(size_t size, size_t min_size);

Expand All @@ -250,6 +258,9 @@ OPENSSL_EXPORT size_t CRYPTO_secure_used(void);
// OPENSSL_secure_malloc calls |OPENSSL_malloc|.
OPENSSL_EXPORT void *OPENSSL_secure_malloc(size_t size);

// OPENSSL_secure_zalloc calls |OPENSSL_zalloc|.
OPENSSL_EXPORT void *OPENSSL_secure_zalloc(size_t size);

// OPENSSL_secure_clear_free calls |OPENSSL_clear_free|.
OPENSSL_EXPORT void OPENSSL_secure_clear_free(void *ptr, size_t len);
smittals2 marked this conversation as resolved.
Show resolved Hide resolved

Expand Down
Loading