From c8e89d58a5d44b9dd657d6d13a5a10d1d4d30733 Mon Sep 17 00:00:00 2001 From: Todd Short Date: Fri, 12 May 2017 16:46:39 -0400 Subject: [PATCH] Tweak sec_mem tests Remove assertion when mmap() fails. Only run the 1<<31 limit test on Linux Reviewed-by: Richard Levitte Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/3455) --- crypto/mem_sec.c | 1 - test/secmemtest.c | 25 ++++++++++++++++++++++--- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c index 774b696057..6fc1aca1e0 100644 --- a/crypto/mem_sec.c +++ b/crypto/mem_sec.c @@ -425,7 +425,6 @@ static int sh_init(size_t size, int minsize) close(fd); } } - OPENSSL_assert(sh.map_result != MAP_FAILED); if (sh.map_result == MAP_FAILED) goto err; sh.arena = (char *)(sh.map_result + pgsize); diff --git a/test/secmemtest.c b/test/secmemtest.c index c92db50ace..e9be8f3b08 100644 --- a/test/secmemtest.c +++ b/test/secmemtest.c @@ -75,12 +75,31 @@ static int test_sec_mem(void) TEST_ptr_null(OPENSSL_secure_malloc((size_t)-1)); TEST_true(CRYPTO_secure_malloc_done()); + /*- + * There was also a possible infinite loop when the number of + * elements was 1<<31, as |int i| was set to that, which is a + * negative number. However, it requires minimum input values: + * + * CRYPTO_secure_malloc_init((size_t)1<<34, (size_t)1<<4); + * + * Which really only works on 64-bit systems, and even then the + * code attempts to allocate 16 GB secure memory arena. Linux + * can deal with this better than other Unixy OS's (e.g. MacOS) + * but we don't want to push the system too hard during a unit + * test. In addition, trying to allocate 16GB will cause the + * mlock() call to fail, so that was at least changed to no + * longer be an assert. If the reader of this comment really + * wants to make sure that infinite loop is fixed, they can + * enable the code below. + */ +# if 0 + /* This test should only be run under Linux... runner beware */ if (sizeof(size_t) > 4) { TEST_info("Possible infinite loop: 1<<31 limit"); - if (!TEST_true(CRYPTO_secure_malloc_init((size_t)1<<34, (size_t)1<<4) != 0)) - goto end; - TEST_true(CRYPTO_secure_malloc_done()); + if (TEST_true(CRYPTO_secure_malloc_init((size_t)1<<34, (size_t)1<<4) != 0)) + TEST_true(CRYPTO_secure_malloc_done()); } +# endif /* this can complete - it was not really secure */ testresult = 1;