1 | =pod
|
---|
2 |
|
---|
3 | =head1 NAME
|
---|
4 |
|
---|
5 | CRYPTO_secure_malloc_init, CRYPTO_secure_malloc_initialized,
|
---|
6 | CRYPTO_secure_malloc_done, OPENSSL_secure_malloc, CRYPTO_secure_malloc,
|
---|
7 | OPENSSL_secure_zalloc, CRYPTO_secure_zalloc, OPENSSL_secure_free,
|
---|
8 | CRYPTO_secure_free, OPENSSL_secure_clear_free,
|
---|
9 | CRYPTO_secure_clear_free, OPENSSL_secure_actual_size,
|
---|
10 | CRYPTO_secure_allocated,
|
---|
11 | CRYPTO_secure_used - secure heap storage
|
---|
12 |
|
---|
13 | =head1 SYNOPSIS
|
---|
14 |
|
---|
15 | #include <openssl/crypto.h>
|
---|
16 |
|
---|
17 | int CRYPTO_secure_malloc_init(size_t size, size_t minsize);
|
---|
18 |
|
---|
19 | int CRYPTO_secure_malloc_initialized();
|
---|
20 |
|
---|
21 | int CRYPTO_secure_malloc_done();
|
---|
22 |
|
---|
23 | void *OPENSSL_secure_malloc(size_t num);
|
---|
24 | void *CRYPTO_secure_malloc(size_t num, const char *file, int line);
|
---|
25 |
|
---|
26 | void *OPENSSL_secure_zalloc(size_t num);
|
---|
27 | void *CRYPTO_secure_zalloc(size_t num, const char *file, int line);
|
---|
28 |
|
---|
29 | void OPENSSL_secure_free(void* ptr);
|
---|
30 | void CRYPTO_secure_free(void *ptr, const char *, int);
|
---|
31 |
|
---|
32 | void OPENSSL_secure_clear_free(void* ptr, size_t num);
|
---|
33 | void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *, int);
|
---|
34 |
|
---|
35 | size_t OPENSSL_secure_actual_size(const void *ptr);
|
---|
36 |
|
---|
37 | int CRYPTO_secure_allocated(const void *ptr);
|
---|
38 | size_t CRYPTO_secure_used();
|
---|
39 |
|
---|
40 | =head1 DESCRIPTION
|
---|
41 |
|
---|
42 | In order to help protect applications (particularly long-running servers)
|
---|
43 | from pointer overruns or underruns that could return arbitrary data from
|
---|
44 | the program's dynamic memory area, where keys and other sensitive
|
---|
45 | information might be stored, OpenSSL supports the concept of a "secure heap."
|
---|
46 | The level and type of security guarantees depend on the operating system.
|
---|
47 | It is a good idea to review the code and see if it addresses your
|
---|
48 | threat model and concerns.
|
---|
49 |
|
---|
50 | If a secure heap is used, then private key B<BIGNUM> values are stored there.
|
---|
51 | This protects long-term storage of private keys, but will not necessarily
|
---|
52 | put all intermediate values and computations there.
|
---|
53 |
|
---|
54 | CRYPTO_secure_malloc_init() creates the secure heap, with the specified
|
---|
55 | C<size> in bytes. The C<minsize> parameter is the minimum size to
|
---|
56 | allocate from the heap or zero to use a reasonable default value.
|
---|
57 | Both C<size> and, if specified, C<minsize> must be a power of two and
|
---|
58 | C<minsize> should generally be small, for example 16 or 32.
|
---|
59 | C<minsize> must be less than a quarter of C<size> in any case.
|
---|
60 |
|
---|
61 | CRYPTO_secure_malloc_initialized() indicates whether or not the secure
|
---|
62 | heap as been initialized and is available.
|
---|
63 |
|
---|
64 | CRYPTO_secure_malloc_done() releases the heap and makes the memory unavailable
|
---|
65 | to the process if all secure memory has been freed.
|
---|
66 | It can take noticeably long to complete.
|
---|
67 |
|
---|
68 | OPENSSL_secure_malloc() allocates C<num> bytes from the heap.
|
---|
69 | If CRYPTO_secure_malloc_init() is not called, this is equivalent to
|
---|
70 | calling OPENSSL_malloc().
|
---|
71 | It is a macro that expands to
|
---|
72 | CRYPTO_secure_malloc() and adds the C<__FILE__> and C<__LINE__> parameters.
|
---|
73 |
|
---|
74 | OPENSSL_secure_zalloc() and CRYPTO_secure_zalloc() are like
|
---|
75 | OPENSSL_secure_malloc() and CRYPTO_secure_malloc(), respectively,
|
---|
76 | except that they call memset() to zero the memory before returning.
|
---|
77 |
|
---|
78 | OPENSSL_secure_free() releases the memory at C<ptr> back to the heap.
|
---|
79 | It must be called with a value previously obtained from
|
---|
80 | OPENSSL_secure_malloc().
|
---|
81 | If CRYPTO_secure_malloc_init() is not called, this is equivalent to
|
---|
82 | calling OPENSSL_free().
|
---|
83 | It exists for consistency with OPENSSL_secure_malloc() , and
|
---|
84 | is a macro that expands to CRYPTO_secure_free() and adds the C<__FILE__>
|
---|
85 | and C<__LINE__> parameters..
|
---|
86 |
|
---|
87 | OPENSSL_secure_clear_free() is similar to OPENSSL_secure_free() except
|
---|
88 | that it has an additional C<num> parameter which is used to clear
|
---|
89 | the memory if it was not allocated from the secure heap.
|
---|
90 | If CRYPTO_secure_malloc_init() is not called, this is equivalent to
|
---|
91 | calling OPENSSL_clear_free().
|
---|
92 |
|
---|
93 | OPENSSL_secure_actual_size() tells the actual size allocated to the
|
---|
94 | pointer; implementations may allocate more space than initially
|
---|
95 | requested, in order to "round up" and reduce secure heap fragmentation.
|
---|
96 |
|
---|
97 | OPENSSL_secure_allocated() tells if a pointer is allocated in the secure heap.
|
---|
98 |
|
---|
99 | CRYPTO_secure_used() returns the number of bytes allocated in the
|
---|
100 | secure heap.
|
---|
101 |
|
---|
102 | =head1 RETURN VALUES
|
---|
103 |
|
---|
104 | CRYPTO_secure_malloc_init() returns 0 on failure, 1 if successful,
|
---|
105 | and 2 if successful but the heap could not be protected by memory
|
---|
106 | mapping.
|
---|
107 |
|
---|
108 | CRYPTO_secure_malloc_initialized() returns 1 if the secure heap is
|
---|
109 | available (that is, if CRYPTO_secure_malloc_init() has been called,
|
---|
110 | but CRYPTO_secure_malloc_done() has not been called or failed) or 0 if not.
|
---|
111 |
|
---|
112 | OPENSSL_secure_malloc() and OPENSSL_secure_zalloc() return a pointer into
|
---|
113 | the secure heap of the requested size, or C<NULL> if memory could not be
|
---|
114 | allocated.
|
---|
115 |
|
---|
116 | CRYPTO_secure_allocated() returns 1 if the pointer is in the secure heap, or 0 if not.
|
---|
117 |
|
---|
118 | CRYPTO_secure_malloc_done() returns 1 if the secure memory area is released, or 0 if not.
|
---|
119 |
|
---|
120 | OPENSSL_secure_free() and OPENSSL_secure_clear_free() return no values.
|
---|
121 |
|
---|
122 | =head1 SEE ALSO
|
---|
123 |
|
---|
124 | L<OPENSSL_malloc(3)>,
|
---|
125 | L<BN_new(3)>
|
---|
126 |
|
---|
127 | =head1 HISTORY
|
---|
128 |
|
---|
129 | The OPENSSL_secure_clear_free() function was added in OpenSSL 1.1.0g.
|
---|
130 |
|
---|
131 | The second argument to CRYPTO_secure_malloc_init() was changed from an B<int> to
|
---|
132 | a B<size_t> in OpenSSL 3.0.
|
---|
133 |
|
---|
134 | =head1 COPYRIGHT
|
---|
135 |
|
---|
136 | Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
|
---|
137 |
|
---|
138 | Licensed under the Apache License 2.0 (the "License"). You may not use
|
---|
139 | this file except in compliance with the License. You can obtain a copy
|
---|
140 | in the file LICENSE in the source distribution or at
|
---|
141 | L<https://www.openssl.org/source/license.html>.
|
---|
142 |
|
---|
143 | =cut
|
---|