On Thu, 16 Nov 2000, Peter Gutmann wrote:
> Richard Levitte - VMS Whacker <[EMAIL PROTECTED]> writes:
>
> >One might wonder what the importance of this is, until you realise that a
> >realloc() most often has the same cost as malloc() and a free() put together,
> >especially when we you have growing things, like a BIGNUM with a data area the
> >doubles in size :-).
>
> realloc() is *not* functionally equivalent to malloc()+free() in this instance.
> This was a problem with the SSLeay-era bignum code (which AFAIK Eric fixed
> after I pointed it out), that calling realloc() in the code will leave lots of
> copies of private keys and other sensitive data lying around in memory. The
> bignum code should never call the libc realloc(), but should instead use a safe
> realloc which does a malloc(), a memcpy(), a memset() to zero of the original
> data, and then a free().
This can be done quite straightforwardly and without changes to the code;
the malloc, realloc, and free calls used throughout OpenSSl can be
overriden by way of the CRYPTO_set_mem_functions() function. If protection
of the host environment is required rather than just protection of
communications, then the replacement reallloc() could simply piggy-back on
top of malloc/memcpy/memset as you suggest. This requires of course that
the malloc() replacement keeps a record of memory (and sizes) allocated,
but the other benefit that comes with that is that you can have the free()
replacement automatically sanitise memory in whatever way you choose.
Or you could even implement a new heap completely :-) The point is, you
can pick functions for whatever security, speed, auditing, and debugging
purposes you require. The rest of the library (including of course the
BIGNUM code) doesn't need to be changed for this to happen. Of course, the
BIGNUM code probably needs to be changed for a variety of other reasons,
but that's a different story entirely ... <grin>
Cheers,
Geoff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
