summaryrefslogtreecommitdiffstats
path: root/crypto/buffer
diff options
context:
space:
mode:
authorRich Salz <rsalz@akamai.com>2015-04-24 22:39:40 +0200
committerRich Salz <rsalz@openssl.org>2015-06-23 23:09:35 +0200
commit74924dcb3802640d7e2ae2e80ca6515d0a53de7a (patch)
tree6de4138b01d5f649bdaa32d858bd5fa20e9ad4b6 /crypto/buffer
parentAdd $! to errors, use script basename. (diff)
downloadopenssl-74924dcb3802640d7e2ae2e80ca6515d0a53de7a.tar.xz
openssl-74924dcb3802640d7e2ae2e80ca6515d0a53de7a.zip
More secure storage of key material.
Add secure heap for storage of private keys (when possible). Add BIO_s_secmem(), CBIGNUM, etc. Add BIO_CTX_secure_new so all BIGNUM's in the context are secure. Contributed by Akamai Technologies under the Corporate CLA. Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'crypto/buffer')
-rw-r--r--crypto/buffer/buffer.c42
1 files changed, 39 insertions, 3 deletions
diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c
index 2beacce6d7..5ee11f4c70 100644
--- a/crypto/buffer/buffer.c
+++ b/crypto/buffer/buffer.c
@@ -67,6 +67,16 @@
*/
#define LIMIT_BEFORE_EXPANSION 0x5ffffffc
+BUF_MEM *BUF_MEM_new_ex(unsigned long flags)
+{
+ BUF_MEM *ret;
+
+ ret = BUF_MEM_new();
+ if (ret != NULL)
+ ret->flags = flags;
+ return (ret);
+}
+
BUF_MEM *BUF_MEM_new(void)
{
BUF_MEM *ret;
@@ -76,6 +86,7 @@ BUF_MEM *BUF_MEM_new(void)
BUFerr(BUF_F_BUF_MEM_NEW, ERR_R_MALLOC_FAILURE);
return (NULL);
}
+ ret->flags = 0;
ret->length = 0;
ret->max = 0;
ret->data = NULL;
@@ -88,11 +99,30 @@ void BUF_MEM_free(BUF_MEM *a)
return;
if (a->data != NULL) {
- OPENSSL_clear_free(a->data, a->max);
+ memset(a->data, 0, (unsigned int)a->max);
+ if (a->flags & BUF_MEM_FLAG_SECURE)
+ OPENSSL_secure_free(a->data);
+ else
+ OPENSSL_clear_free(a->data, a->max);
}
OPENSSL_free(a);
}
+/* Allocate a block of secure memory; copy over old data if there
+ * was any, and then free it. */
+static char *sec_alloc_realloc(BUF_MEM *str, size_t len)
+{
+ char *ret;
+
+ ret = OPENSSL_secure_malloc(len);
+ if (str->data != NULL) {
+ if (ret != NULL)
+ memcpy(ret, str->data, str->length);
+ OPENSSL_secure_free(str->data);
+ }
+ return (ret);
+}
+
size_t BUF_MEM_grow(BUF_MEM *str, size_t len)
{
char *ret;
@@ -113,7 +143,10 @@ size_t BUF_MEM_grow(BUF_MEM *str, size_t len)
return 0;
}
n = (len + 3) / 3 * 4;
- ret = OPENSSL_realloc(str->data, n);
+ if ((str->flags & BUF_MEM_FLAG_SECURE))
+ ret = sec_alloc_realloc(str, n);
+ else
+ ret = OPENSSL_realloc(str->data, n);
if (ret == NULL) {
BUFerr(BUF_F_BUF_MEM_GROW, ERR_R_MALLOC_FAILURE);
len = 0;
@@ -147,7 +180,10 @@ size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
return 0;
}
n = (len + 3) / 3 * 4;
- ret = OPENSSL_realloc_clean(str->data, str->max, n);
+ if ((str->flags & BUF_MEM_FLAG_SECURE))
+ ret = sec_alloc_realloc(str, n);
+ else
+ ret = OPENSSL_realloc_clean(str->data, str->max, n);
if (ret == NULL) {
BUFerr(BUF_F_BUF_MEM_GROW_CLEAN, ERR_R_MALLOC_FAILURE);
len = 0;