Implement the CRYPTO_secure_clear_free function. (ba8376b5) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

crypto/buffer/buffer.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -47,7 +47,7 @@ void BUF_MEM_free(BUF_MEM *a)

		if (a->data != NULL) {
		if (a->flags & BUF_MEM_FLAG_SECURE)
		OPENSSL_secure_free(a->data);
		OPENSSL_secure_clear_free(a->data, a->max);
		else
		OPENSSL_clear_free(a->data, a->max);
		}
		@@ -64,7 +64,7 @@ static char sec_alloc_realloc(BUF_MEM str, size_t len)
		if (str->data != NULL) {
		if (ret != NULL) {
		memcpy(ret, str->data, str->length);
		OPENSSL_secure_free(str->data);
		OPENSSL_secure_clear_free(str->data, str->length);
		str->data = NULL;
		}
		}

+1 −1

Original line number	Diff line number	Diff line
		@@ -212,7 +212,7 @@ static void ecx_free(EVP_PKEY *pkey)
		X25519_KEY *xkey = pkey->pkey.ptr;

		if (xkey)
		OPENSSL_secure_free(xkey->privkey);
		OPENSSL_secure_clear_free(xkey->privkey, X25519_KEYLEN);
		OPENSSL_free(xkey);
		}

+27 −0

Original line number	Diff line number	Diff line
		@@ -156,6 +156,33 @@ void CRYPTO_secure_free(void ptr, const char file, int line)
		#endif /* IMPLEMENTED */
		}

		void CRYPTO_secure_clear_free(void *ptr, size_t num,
		const char *file, int line)
		{
		#ifdef IMPLEMENTED
		size_t actual_size;

		if (ptr == NULL)
		return;
		if (!CRYPTO_secure_allocated(ptr)) {
		OPENSSL_cleanse(ptr, num);
		CRYPTO_free(ptr, file, line);
		return;
		}
		CRYPTO_THREAD_write_lock(sec_malloc_lock);
		actual_size = sh_actual_size(ptr);
		CLEAR(ptr, actual_size);
		secure_mem_used -= actual_size;
		sh_free(ptr);
		CRYPTO_THREAD_unlock(sec_malloc_lock);
		#else
		if (ptr == NULL)
		return;
		OPENSSL_cleanse(ptr, num);
		CRYPTO_free(ptr, file, line);
		#endif /* IMPLEMENTED */
		}

		int CRYPTO_secure_allocated(const void *ptr)
		{
		#ifdef IMPLEMENTED

+8 −1

Original line number	Diff line number	Diff line
		@@ -27,6 +27,9 @@ CRYPTO_secure_used - secure heap storage
		void OPENSSL_secure_free(void* ptr);
		void CRYPTO_secure_free(void ptr, const char , int);

		void OPENSSL_secure_clear_free(void* ptr, size_t num);
		void CRYPTO_secure_clear_free(void ptr, size_t num, const char , int);

		size_t OPENSSL_secure_actual_size(const void *ptr);
		int OPENSSL_secure_allocated(const void *ptr);

		@@ -104,13 +107,17 @@ CRYPTO_secure_allocated() returns 1 if the pointer is in the secure heap, or 0 i

		CRYPTO_secure_malloc_done() returns 1 if the secure memory area is released, or 0 if not.

		OPENSSL_secure_free() returns no values.
		OPENSSL_secure_free() and OPENSSL_secure_clear_free() return no values.

		=head1 SEE ALSO

		L<OPENSSL_malloc(3)>,
		L<BN_new(3)>

		=head1 HISTORY

		OPENSSL_secure_clear_free() was added in OpenSSL 1.1.0g.

		=head1 COPYRIGHT

		Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

+4 −0

Original line number	Diff line number	Diff line
		@@ -146,6 +146,8 @@ int CRYPTO_mem_ctrl(int mode);
		CRYPTO_secure_zalloc(num, OPENSSL_FILE, OPENSSL_LINE)
		# define OPENSSL_secure_free(addr) \
		CRYPTO_secure_free(addr, OPENSSL_FILE, OPENSSL_LINE)
		# define OPENSSL_secure_clear_free(addr, num) \
		CRYPTO_secure_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE)
		# define OPENSSL_secure_actual_size(ptr) \
		CRYPTO_secure_actual_size(ptr)

		@@ -285,6 +287,8 @@ int CRYPTO_secure_malloc_done(void);
		void CRYPTO_secure_malloc(size_t num, const char file, int line);
		void CRYPTO_secure_zalloc(size_t num, const char file, int line);
		void CRYPTO_secure_free(void ptr, const char file, int line);
		void CRYPTO_secure_clear_free(void *ptr, size_t num,
		const char *file, int line);
		int CRYPTO_secure_allocated(const void *ptr);
		int CRYPTO_secure_malloc_initialized(void);
		size_t CRYPTO_secure_actual_size(void *ptr);