From 54ca0d0e22b28f6fdebb1aeb3484443288e3a831 Mon Sep 17 00:00:00 2001 From: Eugene Syromiatnikov Date: Thu, 31 Jul 2025 15:21:01 +0200 Subject: [PATCH] OPENSSL_secure_malloc.pod: articulate possibly non-secure pointer being returned The semantics of OPENSSL_secure_[mz]alloc is somewhat unorthodox, as it silently return a pointer to non-secure memory if the arena is not initialised, which, while mentioned in the DESCRIPTION, is not clear from reading the pertaining part of the RETURNING VALUE section alone; explicitly state that the memory may be allocated by OPENSSL_calloc instead if the secure heap is not initialised. Signed-off-by: Eugene Syromiatnikov --- doc/man3/OPENSSL_secure_malloc.pod | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/doc/man3/OPENSSL_secure_malloc.pod b/doc/man3/OPENSSL_secure_malloc.pod index 7cba6dc782..7817be8da5 100644 --- a/doc/man3/OPENSSL_secure_malloc.pod +++ b/doc/man3/OPENSSL_secure_malloc.pod @@ -137,8 +137,9 @@ but CRYPTO_secure_malloc_done() has not been called or failed) or 0 if not. OPENSSL_secure_malloc(), CRYPTO_secure_malloc(), OPENSSL_secure_zalloc(), CRYPTO_secure_zalloc(), OPENSSL_secure_malloc_array(), CRYPTO_secure_malloc_array(), OPENSSL_secure_calloc(), and CRYPTO_secure_calloc() -return a pointer into the secure heap of the requested size, -or C if memory could not be allocated. +return a pointer into the secure heap of the requested size, if it is +initialised, a pointer returned by the underlying OPENSSL_malloc() call, +if it is not, or C on error. CRYPTO_secure_allocated() returns 1 if the pointer is in the secure heap, or 0 if not.