RE: Secure storage of private (RSA) keys

Fri, 11 Apr 2014 11:09:43 -0700 

> Have you thought about mprotecting the guard pages with
> mprotect(PROT_NONE) so the application crashes in case of a stray memory 
> access?

Yes, rats.  My message implied that we do that.  And I then posted the wrong 
version of the code. :(

Here's the right version of cmm_init.

        /r$ 

--  
Principal Security Engineer
Akamai Technology
Cambridge, MA


void *
cmm_init(int size, int mem_min_unit, int overrun_bytes)
{
    int i;
    size_t pgsize = (size_t)sysconf(_SC_PAGE_SIZE);
    size_t aligned = (pgsize + size + (pgsize - 1)) & ~(pgsize - 1);

    mem_arena_size = size;
    Mem_min_unit   = mem_min_unit,
    Overrun_bytes  = overrun_bytes;
    /* make sure mem_arena_size and Mem_min_unit are powers of 2 */
    assert(mem_arena_size > 0);
    assert(mem_min_unit > 0);
    assert(0 == ((mem_arena_size-1)&mem_arena_size));
    assert(0 == ((Mem_min_unit-1)&Mem_min_unit));

    cmm_bittable_size = (mem_arena_size/Mem_min_unit) * 2;

    i = cmm_bittable_size;
    cmm_max_free_lists = -1;
    while(i) {
        i>>=1;
        cmm_max_free_lists++;
    }

    cmm_free_list = malloc(cmm_max_free_lists * sizeof(void *));
    assert(cmm_free_list);
    memset(cmm_free_list, 0, cmm_max_free_lists*sizeof(void *));

    cmm_bittable = malloc(cmm_bittable_size>>3);
    assert(cmm_bittable);
    memset(cmm_bittable, 0, cmm_bittable_size>>3);

    cmm_bitmalloc = malloc(cmm_bittable_size>>3);
    assert(cmm_bitmalloc);
    memset(cmm_bitmalloc, 0, cmm_bittable_size>>3);

    cmm_arena = mmap(NULL, pgsize + mem_arena_size + pgsize, 
PROT_READ|PROT_WRITE,
                     MAP_ANON|MAP_PRIVATE, 0, 0);
    assert(MAP_FAILED  != cmm_arena);
    mprotect(cmm_arena, pgsize, PROT_NONE);
    mprotect(cmm_arena + aligned, pgsize, PROT_NONE);
    set_bit(cmm_arena, 0, cmm_bittable);
    cmm_add_to_list(&cmm_free_list[0], cmm_arena);

    /* first bit means that table is in use, multi-arena management */
    /* SETBIT(cmm_bittable, 0); */

    return cmm_arena;
}

Reply via email to