mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-18 22:43:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

RT4351: Update doc for OPENSSL_cleanse

Browse Source 
Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Jeffrey Walton 2016-02-26 20:44:35 -05:00 committed by Rich Salz
parent 687237e93d
commit 91a61513a8
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
doc/crypto/OPENSSL_malloc.pod
View File

@ -4,7 +4,7 @@
OPENSSL_malloc_init,
OPENSSL_malloc, OPENSSL_zalloc, OPENSSL_realloc, OPENSSL_free,
OPENSSL_clear_realloc, OPENSSL_clear_free,
OPENSSL_clear_realloc, OPENSSL_clear_free, OPENSSL_cleanse
CRYPTO_malloc, CRYPTO_zalloc, CRYPTO_realloc, CRYPTO_free,
OPENSSL_strdup, OPENSSL_strndup,
OPENSSL_memdup, OPENSSL_strlcpy, OPENSSL_strlcat,
@ -84,9 +84,17 @@ OPENSSL_zalloc() calls memset() to zero the memory before returning.
OPENSSL_clear_realloc() and OPENSSL_clear_free() should be used
when the buffer at B<addr> holds sensitive information.
The old buffer is filled with arbitrary data by calling OPENSSL_cleanse()
The old buffer is filled with zero's by calling OPENSSL_cleanse()
before ultimately calling OPENSSL_free().
OPENSSL_cleanse() fills B<ptr> of size B<len> with a string of 0's.
Use OPENSSL_cleanse() with care if the memory is a mapping of a file.
If the storage controller uses write compression, then its possible
that sensitive tail bytes will survive zeroization because the block of
zeros will be compressed. If the storage controller uses wear leveling,
then the old sensitive data will not be overwritten; rather, a block of
0's will be written at a new physical location.
OPENSSL_strdup(), OPENSSL_strndup() and OPENSSL_memdup() are like the
equivalent C functions, except that memory is allocated by calling the
OPENSSL_malloc() and should be releaed by calling OPENSSL_free().