diff options
-rw-r--r-- | src/build-data/buildh.in | 8 | ||||
-rw-r--r-- | src/lib/alloc/locking_allocator/locking_allocator.cpp | 4 |
2 files changed, 9 insertions, 3 deletions
diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in index f8009cf0b..36b5f3959 100644 --- a/src/build-data/buildh.in +++ b/src/build-data/buildh.in @@ -35,7 +35,11 @@ /* How much to allocate for a buffer of no particular size */ #define BOTAN_DEFAULT_BUFFER_SIZE 1024 -/* Maximum size to allocate out of the mlock pool */ +/* Minimum and maximum sizes to allocate out of the mlock pool (bytes) + Default min is 16 as smaller values are easily bruteforceable and thus + likely not cryptographic keys. +*/ +#define BOTAN_MLOCK_ALLOCATOR_MIN_ALLOCATION 16 #define BOTAN_MLOCK_ALLOCATOR_MAX_ALLOCATION 128 /* Multiplier on a block cipher's native parallelism */ @@ -67,7 +71,7 @@ */ #define BOTAN_RNG_MAX_OUTPUT_BEFORE_RESEED 512 #define BOTAN_RNG_RESEED_POLL_BITS 128 -#define BOTAN_RNG_AUTO_RESEED_TIMEOUT std::chrono::milliseconds(20) +#define BOTAN_RNG_AUTO_RESEED_TIMEOUT std::chrono::milliseconds(10) #define BOTAN_RNG_RESEED_DEFAULT_TIMEOUT std::chrono::milliseconds(100) /* Should we use GCC-style inline assembler? */ diff --git a/src/lib/alloc/locking_allocator/locking_allocator.cpp b/src/lib/alloc/locking_allocator/locking_allocator.cpp index 4a3dd3c4c..48aec5ce4 100644 --- a/src/lib/alloc/locking_allocator/locking_allocator.cpp +++ b/src/lib/alloc/locking_allocator/locking_allocator.cpp @@ -103,7 +103,9 @@ void* mlock_allocator::allocate(size_t num_elems, size_t elem_size) if(n / elem_size != num_elems) return nullptr; // overflow! - if(n > m_poolsize || n > BOTAN_MLOCK_ALLOCATOR_MAX_ALLOCATION) + if(n > m_poolsize) + return nullptr; + if(n < BOTAN_MLOCK_ALLOCATOR_MIN_ALLOCATION || n > BOTAN_MLOCK_ALLOCATOR_MAX_ALLOCATION) return nullptr; std::lock_guard<std::mutex> lock(m_mutex); |