allow specifying the size of OpenSSL secure memory
... and set it for builds where we're linking OpenSSL statically (i.e. Windows and macOS) fixes https://github.com/OpenSC/OpenSC/issues/1515
This commit is contained in:
parent
eddea6f3c2
commit
027ccad439
|
@ -61,6 +61,7 @@ if ! test -e ${BUILDPATH}/target/$PREFIX/lib/pkgconfig; then
|
||||||
--sysconfdir=$PREFIX/etc \
|
--sysconfdir=$PREFIX/etc \
|
||||||
--enable-cvcdir=$PREFIX/etc/cvc \
|
--enable-cvcdir=$PREFIX/etc/cvc \
|
||||||
--enable-x509dir=$PREFIX/etc/x509 \
|
--enable-x509dir=$PREFIX/etc/x509 \
|
||||||
|
--enable-openssl-secure-malloc=65536 \
|
||||||
--disable-dependency-tracking \
|
--disable-dependency-tracking \
|
||||||
--enable-shared \
|
--enable-shared \
|
||||||
--enable-static \
|
--enable-static \
|
||||||
|
|
|
@ -41,6 +41,7 @@ install:
|
||||||
$env:ARTIFACT="${env:ARTIFACT}-Light"
|
$env:ARTIFACT="${env:ARTIFACT}-Light"
|
||||||
} Else {
|
} Else {
|
||||||
$env:NMAKE_EXTRA="OPENSSL_DEF=/DENABLE_OPENSSL ${env:NMAKE_EXTRA}"
|
$env:NMAKE_EXTRA="OPENSSL_DEF=/DENABLE_OPENSSL ${env:NMAKE_EXTRA}"
|
||||||
|
$env:NMAKE_EXTRA="OPENSSL_EXTRA_CFLAGS=/DOPENSSL_SECURE_MALLOC_SIZE=65536 ${env:NMAKE_EXTRA}"
|
||||||
If (!(Test-Path C:\zlib )) {
|
If (!(Test-Path C:\zlib )) {
|
||||||
appveyor DownloadFile "https://github.com/madler/zlib/archive/v${env:ZLIB_VER_DOT}.zip" -FileName zlib.zip
|
appveyor DownloadFile "https://github.com/madler/zlib/archive/v${env:ZLIB_VER_DOT}.zip" -FileName zlib.zip
|
||||||
7z x zlib.zip -oC:\
|
7z x zlib.zip -oC:\
|
||||||
|
|
10
configure.ac
10
configure.ac
|
@ -172,11 +172,18 @@ AC_ARG_ENABLE(
|
||||||
|
|
||||||
AC_ARG_ENABLE(
|
AC_ARG_ENABLE(
|
||||||
[openssl],
|
[openssl],
|
||||||
[AS_HELP_STRING([--enable-openssl],[enable openssl linkage @<:@detect@:>@])],
|
[AS_HELP_STRING([--enable-openssl],[enable OpenSSL linkage @<:@detect@:>@])],
|
||||||
,
|
,
|
||||||
[enable_openssl="detect"]
|
[enable_openssl="detect"]
|
||||||
)
|
)
|
||||||
|
|
||||||
|
AC_ARG_ENABLE([openssl-secure-malloc],
|
||||||
|
[AC_HELP_STRING([--openssl-secure-malloc=<SIZE_IN_BYTES>],
|
||||||
|
[Enable OpenSSL secure memory by specifying its size in bytes, must be a power of 2 @<:@disabled@:>@])],
|
||||||
|
[], [enable_openssl_secure_malloc=no])
|
||||||
|
AS_IF([test $enable_openssl_secure_malloc != no],
|
||||||
|
[AC_DEFINE_UNQUOTED([OPENSSL_SECURE_MALLOC_SIZE],[$enable_openssl_secure_malloc],[Size of OpenSSL secure memory in bytes, must be a power of 2])])
|
||||||
|
|
||||||
AC_ARG_ENABLE(
|
AC_ARG_ENABLE(
|
||||||
[openpace],
|
[openpace],
|
||||||
[AS_HELP_STRING([--enable-openpace],[enable OpenPACE linkage @<:@detect@:>@])],
|
[AS_HELP_STRING([--enable-openpace],[enable OpenPACE linkage @<:@detect@:>@])],
|
||||||
|
@ -1115,6 +1122,7 @@ thread locking support: ${enable_thread_locking}
|
||||||
zlib support: ${enable_zlib}
|
zlib support: ${enable_zlib}
|
||||||
readline support: ${enable_readline}
|
readline support: ${enable_readline}
|
||||||
OpenSSL support: ${enable_openssl}
|
OpenSSL support: ${enable_openssl}
|
||||||
|
OpenSSL secure memory: ${enable_openssl_secure_malloc}
|
||||||
PC/SC support: ${enable_pcsc}
|
PC/SC support: ${enable_pcsc}
|
||||||
CryptoTokenKit support: ${enable_cryptotokenkit}
|
CryptoTokenKit support: ${enable_cryptotokenkit}
|
||||||
OpenCT support: ${enable_openct}
|
OpenCT support: ${enable_openct}
|
||||||
|
|
|
@ -833,10 +833,9 @@ int sc_context_create(sc_context_t **ctx_out, const sc_context_param_t *parm)
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef ENABLE_OPENSSL
|
#if defined(ENABLE_OPENSSL) && defined(OPENSSL_SECURE_MALLOC_SIZE)
|
||||||
if (!CRYPTO_secure_malloc_initialized()) {
|
if (!CRYPTO_secure_malloc_initialized()) {
|
||||||
/* XXX What's a reasonable amount of secure heap? */
|
CRYPTO_secure_malloc_init(OPENSSL_SECURE_MALLOC_SIZE, OPENSSL_SECURE_MALLOC_SIZE/8);
|
||||||
CRYPTO_secure_malloc_init(4096, 32);
|
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
|
@ -6999,6 +6999,9 @@ BOOL APIENTRY DllMain( HINSTANCE hinstDLL,
|
||||||
break;
|
break;
|
||||||
case DLL_PROCESS_DETACH:
|
case DLL_PROCESS_DETACH:
|
||||||
sc_notify_close();
|
sc_notify_close();
|
||||||
|
#if defined(ENABLE_OPENSSL) && defined(OPENSSL_SECURE_MALLOC_SIZE)
|
||||||
|
CRYPTO_secure_malloc_done();
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
return TRUE;
|
return TRUE;
|
||||||
|
|
Loading…
Reference in New Issue