aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/build-data/buildh.in8
-rw-r--r--src/lib/alloc/locking_allocator/locking_allocator.cpp4
2 files changed, 9 insertions, 3 deletions
diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in
index f8009cf0b..36b5f3959 100644
--- a/src/build-data/buildh.in
+++ b/src/build-data/buildh.in
@@ -35,7 +35,11 @@
/* How much to allocate for a buffer of no particular size */
#define BOTAN_DEFAULT_BUFFER_SIZE 1024
-/* Maximum size to allocate out of the mlock pool */
+/* Minimum and maximum sizes to allocate out of the mlock pool (bytes)
+ Default min is 16 as smaller values are easily bruteforceable and thus
+ likely not cryptographic keys.
+*/
+#define BOTAN_MLOCK_ALLOCATOR_MIN_ALLOCATION 16
#define BOTAN_MLOCK_ALLOCATOR_MAX_ALLOCATION 128
/* Multiplier on a block cipher's native parallelism */
@@ -67,7 +71,7 @@
*/
#define BOTAN_RNG_MAX_OUTPUT_BEFORE_RESEED 512
#define BOTAN_RNG_RESEED_POLL_BITS 128
-#define BOTAN_RNG_AUTO_RESEED_TIMEOUT std::chrono::milliseconds(20)
+#define BOTAN_RNG_AUTO_RESEED_TIMEOUT std::chrono::milliseconds(10)
#define BOTAN_RNG_RESEED_DEFAULT_TIMEOUT std::chrono::milliseconds(100)
/* Should we use GCC-style inline assembler? */
diff --git a/src/lib/alloc/locking_allocator/locking_allocator.cpp b/src/lib/alloc/locking_allocator/locking_allocator.cpp
index 4a3dd3c4c..48aec5ce4 100644
--- a/src/lib/alloc/locking_allocator/locking_allocator.cpp
+++ b/src/lib/alloc/locking_allocator/locking_allocator.cpp
@@ -103,7 +103,9 @@ void* mlock_allocator::allocate(size_t num_elems, size_t elem_size)
if(n / elem_size != num_elems)
return nullptr; // overflow!
- if(n > m_poolsize || n > BOTAN_MLOCK_ALLOCATOR_MAX_ALLOCATION)
+ if(n > m_poolsize)
+ return nullptr;
+ if(n < BOTAN_MLOCK_ALLOCATOR_MIN_ALLOCATION || n > BOTAN_MLOCK_ALLOCATOR_MAX_ALLOCATION)
return nullptr;
std::lock_guard<std::mutex> lock(m_mutex);