From 1e4e4e0314e4b928f27d29a1c7ed90d13284e934 Mon Sep 17 00:00:00 2001 From: inference Date: Sun, 8 Oct 2023 08:56:52 +0100 Subject: [PATCH] Fix line lengths to conform to code style --- documentation/hardened_malloc.html | 50 ++++++++++--------- .../openssl_selfsigned_certificate_chain.html | 15 +++--- 2 files changed, 35 insertions(+), 30 deletions(-) diff --git a/documentation/hardened_malloc.html b/documentation/hardened_malloc.html index ee593f6..6cbed85 100644 --- a/documentation/hardened_malloc.html +++ b/documentation/hardened_malloc.html @@ -5,7 +5,7 @@ - + @@ -33,11 +33,12 @@

Documentation - GrapheneOS hardened_malloc

This documentation contains instructions to use GrapheneOS hardened_malloc - memory allocator as the system's default memory allocator. These instructions apply to both musl - and glibc C libraries on Unix-based and Unix-like systems. hardened_malloc can also be used - per-application and/or per-user, in which case root permissions are not required; this - documentation focuses on system-wide usage of hardened_malloc, assumes root privileges, and - assumes the compiled library will be located in a path readable by all users of the system.

+ memory allocator as the system's default memory allocator. These instructions apply to + both musl and glibc C libraries on Unix-based and Unix-like systems. hardened_malloc can + also be used per-application and/or per-user, in which case root permissions are not + required; this documentation focuses on system-wide usage of hardened_malloc, assumes + root privileges, and assumes the compiled library will be located in a path readable by + all users of the system.

For the complete hardened_malloc documentation, visit its official documentation.

This documentation is also available in portable AsciiDoc format in my @@ -57,8 +58,9 @@

Increase Permitted Amount of Memory Pages

-

Add vm.max_map_count = 1048576 to /etc/sysctl.conf - to accommodate hardened_malloc’s large amount of guard pages.

+

Add vm.max_map_count = 1048576 to + /etc/sysctl.conf to accommodate hardened_malloc’s large + amount of guard pages.

Clone hardened_malloc Source Code

@@ -71,25 +73,27 @@

Compile hardened_malloc

$ make <arguments>

-

CONFIG_N_ARENA=n can be adjusted to increase parallel - performance at the expense of memory usage, or decrease memory usage at the - expense of parallel performance, where n is an integer. Higher values - prefer parallel performance, lower values prefer lower memory usage. The number - of arenas has no impact on the security properties of hardened_malloc. +

CONFIG_N_ARENA=n can be adjusted to increase + parallel performance at the expense of memory usage, or decrease memory + usage at the expense of parallel performance, where n is an + integer. Higher values prefer parallel performance, lower values prefer + lower memory usage. The number of arenas has no impact on the security + properties of hardened_malloc.

  • Minimum number of arenas: 1
  • Maximum number of arenas: 256
-

For extra security, CONFIG_SEAL_METADATA=true can be used in - order to control whether Memory Protection Keys are used to disable access to - all writable allocator state outside of the memory allocator code. It’s - currently disabled by default due to a significant performance cost for this use - case on current generation hardware. Whether or not this feature is enabled, the - metadata is all contained within an isolated memory region with high entropy - random guard regions around it.

-

For low-memory systems, VARIANT=light can be used to compile the - light variant of hardened_malloc, which sacrifices some security for much less - memory usage.

+

For extra security, CONFIG_SEAL_METADATA=true can be + used in order to control whether Memory Protection Keys are used to + disable access to all writable allocator state outside of the memory + allocator code. It’s currently disabled by default due to a significant + performance cost for this use case on current generation hardware. + Whether or not this feature is enabled, the metadata is all contained + within an isolated memory region with high entropy random guard regions + around it.

+

For low-memory systems, VARIANT=light can be used to + compile the light variant of hardened_malloc, which sacrifices some + security for much less memory usage.

For all compile-time options, see the configuration section of hardened_malloc’s extensive official documentation.

diff --git a/documentation/openssl_selfsigned_certificate_chain.html b/documentation/openssl_selfsigned_certificate_chain.html index bfa76b9..56d8381 100644 --- a/documentation/openssl_selfsigned_certificate_chain.html +++ b/documentation/openssl_selfsigned_certificate_chain.html @@ -5,7 +5,7 @@ - + @@ -31,12 +31,13 @@

Documentation - OpenSSL Self-signed Certificate Chain

-

This documentation contains the complete set of commands to create a new OpenSSL self-signed - certificate chain with V3 subjectAltName (SAN) extensions enabled. Multiple SANs can be included - in a certificate by adding each domain as a comma-delimited string. Each key can be encrypted or - unencrypted, with multiple encryption options; AES (aes128 or aes256) - is recommended. Optional verification can also be performed between multiple levels of - certificates to ensure the chain of trust is valid.

+

This documentation contains the complete set of commands to create a new OpenSSL + self-signed certificate chain with V3 subjectAltName (SAN) extensions enabled. Multiple + SANs can be included in a certificate by adding each domain as a comma-delimited string. + Each key can be encrypted or unencrypted, with multiple encryption options; AES + (aes128 or aes256) is recommended. Optional verification can + also be performed between multiple levels of certificates to ensure the chain of trust + is valid.

This documentation is also available in portable AsciiDoc format in my documentation source code repository.