1=pod
2
3=head1 NAME
4
5CRYPTO_secure_malloc_init, CRYPTO_secure_malloc_initialized,
6CRYPTO_secure_malloc_done, OPENSSL_secure_malloc, CRYPTO_secure_malloc,
7OPENSSL_secure_zalloc, CRYPTO_secure_zalloc, OPENSSL_secure_malloc_array,
8CRYPTO_secure_malloc_array, OPENSSL_secure_calloc, CRYPTO_secure_calloc,
9OPENSSL_secure_free, CRYPTO_secure_free, OPENSSL_secure_clear_free,
10CRYPTO_secure_clear_free, OPENSSL_secure_actual_size,
11CRYPTO_secure_allocated,
12CRYPTO_secure_used - secure heap storage
13
14=head1 SYNOPSIS
15
16 #include <openssl/crypto.h>
17
18 int CRYPTO_secure_malloc_init(size_t size, size_t minsize);
19
20 int CRYPTO_secure_malloc_initialized();
21
22 int CRYPTO_secure_malloc_done();
23
24 void *OPENSSL_secure_malloc(size_t num);
25 void *CRYPTO_secure_malloc(size_t num, const char *file, int line);
26
27 void *OPENSSL_secure_zalloc(size_t num);
28 void *CRYPTO_secure_zalloc(size_t num, const char *file, int line);
29
30 void *OPENSSL_secure_malloc_array(size_t num, size_t size);
31 void *CRYPTO_secure_malloc_array(size_t num, size_t size,
32                                  const char *file, int line);
33
34 void *OPENSSL_secure_calloc(size_t num, size_t size);
35 void *CRYPTO_secure_calloc(size_t num, size_t size,
36                            const char *file, int line);
37
38 void OPENSSL_secure_free(void* ptr);
39 void CRYPTO_secure_free(void *ptr, const char *, int);
40
41 void OPENSSL_secure_clear_free(void* ptr, size_t num);
42 void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *, int);
43
44 size_t OPENSSL_secure_actual_size(const void *ptr);
45
46 int CRYPTO_secure_allocated(const void *ptr);
47 size_t CRYPTO_secure_used();
48
49=head1 DESCRIPTION
50
51In order to help protect applications (particularly long-running servers)
52from pointer overruns or underruns that could return arbitrary data from
53the program's dynamic memory area, where keys and other sensitive
54information might be stored, OpenSSL supports the concept of a "secure heap."
55The level and type of security guarantees depend on the operating system.
56It is a good idea to review the code and see if it addresses your
57threat model and concerns. It should be noted that the secure heap
58uses a single read/write lock, and therefore any operations
59that involve allocation or freeing of secure heap memory are serialised,
60blocking other threads. With that in mind, highly concurrent applications
61should enable the secure heap with caution and be aware of the performance
62implications for multi-threaded code.
63
64If a secure heap is used, then private key B<BIGNUM> values are stored there.
65This protects long-term storage of private keys, but will not necessarily
66put all intermediate values and computations there.
67
68CRYPTO_secure_malloc_init() creates the secure heap, with the specified
69C<size> in bytes. The C<minsize> parameter is the minimum size to
70allocate from the heap or zero to use a reasonable default value.
71Both C<size> and, if specified, C<minsize> must be a power of two and
72C<minsize> should generally be small, for example 16 or 32.
73C<minsize> must be less than a quarter of C<size> in any case.
74
75CRYPTO_secure_malloc_initialized() indicates whether or not the secure
76heap as been initialized and is available.
77
78CRYPTO_secure_malloc_done() releases the heap and makes the memory unavailable
79to the process if all secure memory has been freed.
80It can take noticeably long to complete.
81
82OPENSSL_secure_malloc() allocates C<num> bytes from the heap.
83If CRYPTO_secure_malloc_init() is not called, this is equivalent to
84calling OPENSSL_malloc().
85It is a macro that expands to
86CRYPTO_secure_malloc() and adds the C<__FILE__> and C<__LINE__> parameters.
87
88OPENSSL_secure_zalloc() and CRYPTO_secure_zalloc() are like
89OPENSSL_secure_malloc() and CRYPTO_secure_malloc(), respectively,
90except that they call memset() to zero the memory before returning.
91
92OPENSSL_secure_malloc_array(), CRYPTO_secure_malloc_array(),
93OPENSSL_secure_calloc(), and CRYPTO_secure_calloc() are variants
94of OPENSSL_secure_malloc(), CRYPTO_secure_malloc(),
95OPENSSL_secure_zalloc(), and CRYPTO_secure_zalloc(), respectively, that accept
96an additional parameter, B<size>, which enables memory allocation
97operations for an array of B<num> members B<size> bytes each;
98these functions return an error if multiplication of B<num> and B<size>
99leads to an integer overflow, thus preventing allocations of an incorrect size.
100
101OPENSSL_secure_free() releases the memory at C<ptr> back to the heap.
102It must be called with a value previously obtained from
103OPENSSL_secure_malloc().
104If CRYPTO_secure_malloc_init() is not called, this is equivalent to
105calling OPENSSL_free().
106It exists for consistency with OPENSSL_secure_malloc() , and
107is a macro that expands to CRYPTO_secure_free() and adds the C<__FILE__>
108and C<__LINE__> parameters..  If the argument to OPENSSL_secure_free()
109is NULL, nothing is done.
110
111OPENSSL_secure_clear_free() is similar to OPENSSL_secure_free() except
112that it has an additional C<num> parameter which is used to clear
113the memory if it was not allocated from the secure heap.
114If CRYPTO_secure_malloc_init() is not called, this is equivalent to
115calling OPENSSL_clear_free(). If the argument to OPENSSL_secure_clear_free()
116is NULL, nothing is done.
117
118OPENSSL_secure_actual_size() tells the actual size allocated to the
119pointer; implementations may allocate more space than initially
120requested, in order to "round up" and reduce secure heap fragmentation.
121
122OPENSSL_secure_allocated() tells if a pointer is allocated in the secure heap.
123
124CRYPTO_secure_used() returns the number of bytes allocated in the
125secure heap.
126
127=head1 RETURN VALUES
128
129CRYPTO_secure_malloc_init() returns 0 on failure, 1 if successful,
130and 2 if successful but the heap could not be protected by memory
131mapping.
132
133CRYPTO_secure_malloc_initialized() returns 1 if the secure heap is
134available (that is, if CRYPTO_secure_malloc_init() has been called,
135but CRYPTO_secure_malloc_done() has not been called or failed) or 0 if not.
136
137OPENSSL_secure_malloc(), CRYPTO_secure_malloc(), OPENSSL_secure_zalloc(),
138CRYPTO_secure_zalloc(), OPENSSL_secure_malloc_array(),
139CRYPTO_secure_malloc_array(), OPENSSL_secure_calloc(), and CRYPTO_secure_calloc()
140return a pointer into the secure heap of the requested size, if it is
141initialised, a pointer returned by the underlying OPENSSL_malloc() call,
142if it is not, or C<NULL> on error.
143
144CRYPTO_secure_allocated() returns 1 if the pointer is in the secure heap, or 0 if not.
145
146CRYPTO_secure_malloc_done() returns 1 if the secure memory area is released, or 0 if not.
147
148OPENSSL_secure_free() and OPENSSL_secure_clear_free() return no values.
149
150=head1 SEE ALSO
151
152L<OPENSSL_malloc(3)>,
153L<BN_new(3)>
154
155=head1 HISTORY
156
157The OPENSSL_secure_clear_free() function was added in OpenSSL 1.1.0g.
158
159The second argument to CRYPTO_secure_malloc_init() was changed from an B<int> to
160a B<size_t> in OpenSSL 3.0.
161
162The OPENSSL_secure_malloc_array(), CRYPTO_secure_malloc_array(),
163OPENSSL_secure_calloc(), and CRYPTO_secure_calloc() functions were added
164in OpenSSL 3.6.
165
166=head1 COPYRIGHT
167
168Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
169
170Licensed under the Apache License 2.0 (the "License").  You may not use
171this file except in compliance with the License.  You can obtain a copy
172in the file LICENSE in the source distribution or at
173L<https://www.openssl.org/source/license.html>.
174
175=cut
176