Skip to content

Commit

Permalink
src: make minor improvements to SecureBuffer
Browse files Browse the repository at this point in the history
Remove an unnecessary static_cast<char*>().

Use OPENSSL_secure_zalloc() instead of OPENSSL_secure_malloc() +
memset().

Update the comment describing the function which predates support for
OpenSSL's secure heap.

PR-URL: nodejs/node#44302
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
  • Loading branch information
tniessen authored and guangwong committed Jan 3, 2023
1 parent e95069b commit b893ed5
Showing 1 changed file with 4 additions and 5 deletions.
9 changes: 4 additions & 5 deletions src/crypto/crypto_util.cc
Original file line number Diff line number Diff line change
Expand Up @@ -689,22 +689,21 @@ CryptoJobMode GetCryptoJobMode(v8::Local<v8::Value> args) {
}

namespace {
// SecureBuffer uses openssl to allocate a Uint8Array using
// OPENSSL_secure_malloc. Because we do not yet actually
// make use of secure heap, this has the same semantics as
// SecureBuffer uses OPENSSL_secure_malloc to allocate a Uint8Array.
// Without --secure-heap, OpenSSL's secure heap is disabled,
// in which case this has the same semantics as
// using OPENSSL_malloc. However, if the secure heap is
// initialized, SecureBuffer will automatically use it.
void SecureBuffer(const FunctionCallbackInfo<Value>& args) {
CHECK(args[0]->IsUint32());
Environment* env = Environment::GetCurrent(args);
uint32_t len = args[0].As<Uint32>()->Value();
char* data = static_cast<char*>(OPENSSL_secure_malloc(len));
void* data = OPENSSL_secure_zalloc(len);
if (data == nullptr) {
// There's no memory available for the allocation.
// Return nothing.
return;
}
memset(data, 0, len);
std::shared_ptr<BackingStore> store =
ArrayBuffer::NewBackingStore(
data,
Expand Down

0 comments on commit b893ed5

Please sign in to comment.