Skip to content
Permalink
Browse files

Add secure malloc patch

  • Loading branch information
hausdorff committed Apr 12, 2014
1 parent 8746b6c commit 033f156040d1ff175591c924c2a0c1a0d75ad356
Showing with 722 additions and 17 deletions.
  1. +5 −3 crypto/Makefile
  2. +32 −0 crypto/asn1/tasn_dec.c
  3. +407 −0 crypto/buddy_allocator.c
  4. +10 −14 crypto/crypto.h
  5. +223 −0 crypto/secure_malloc.c
  6. +45 −0 crypto/secure_malloc.h
@@ -35,14 +35,16 @@ GENERAL=Makefile README crypto-lib.com install.com
LIB= $(TOP)/libcrypto.a
SHARED_LIB= libcrypto$(SHLIB_EXT)
LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c
ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c \
secure_malloc.c buddy_allocator.c
LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o \
uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o $(CPUID_OBJ)
uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o $(CPUID_OBJ) \
secure_malloc.o buddy_allocator.o

SRC= $(LIBSRC)

EXHEADER= crypto.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
ossl_typ.h
ossl_typ.h secure_malloc.h
HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h $(EXHEADER)

ALL= $(GENERAL) $(SRC) $(HEADER)
@@ -169,6 +169,11 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
int otag;
int ret = 0;
ASN1_VALUE **pchptr, *ptmpval;

int ak_is_rsa_key = 0; /* Are we parsing an RSA key? */
int ak_is_secure_field = 0; /* should this field be allocated from the secure arena? */
int ak_is_arena_active = 0; /* was the secure arena already activated? */

if (!pval)
return 0;
if (aux && aux->asn1_cb)
@@ -407,6 +412,11 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
goto auxerr;

/* Watch out for this when OpenSSL is upgraded! */
/* We have to be sure that it->sname will still be "RSA" */
if (it->sname[0] == 'R' && it->sname[1] == 'S' && it->sname[2] == 'A' && it->sname[3] == 0)
ak_is_rsa_key = 1;

/* Get each field entry */
for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)
{
@@ -445,8 +455,30 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
/* attempt to read in field, allowing each to be
* OPTIONAL */


/* Watch out for this when OpenSSL is upgraded! */
/* We have to be sure that seqtt->field_name will still be */
/* "d", "p", and "q" */
ak_is_secure_field = 0;
ak_is_arena_active = 0;
if (ak_is_rsa_key)
{
/* ak_is_rsa_key is set for public keys too */
/* however those don't have these variables */
const char *f = seqtt->field_name;
if ((f[0] == 'd' || f[0] == 'p' || f[0] == 'q') && f[1] == 0)
{
ak_is_secure_field = 1;
ak_is_arena_active = start_secure_allocation();
}
}

ret = asn1_template_ex_d2i(pseqval, &p, len,
seqtt, isopt, ctx);

if (ak_is_secure_field && !ak_is_arena_active)
stop_secure_allocation();

if (!ret)
{
errtt = seqtt;

0 comments on commit 033f156

Please sign in to comment.
You can’t perform that action at this time.