2016-05-17 18:20:24 +00:00
|
|
|
/*
|
2017-04-10 00:05:55 +00:00
|
|
|
* Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.
|
2016-05-17 18:20:24 +00:00
|
|
|
*
|
|
|
|
* Licensed under the OpenSSL license (the "License"). You may not use
|
|
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
|
|
* in the file LICENSE in the source distribution or at
|
|
|
|
* https://www.openssl.org/source/license.html
|
|
|
|
*/
|
2015-04-24 20:39:40 +00:00
|
|
|
|
|
|
|
#include <openssl/crypto.h>
|
|
|
|
|
2017-04-10 00:05:55 +00:00
|
|
|
#include "testutil.h"
|
2016-04-11 20:03:42 +00:00
|
|
|
|
2017-04-10 00:05:55 +00:00
|
|
|
static int test_sec_mem(void)
|
2015-04-24 20:39:40 +00:00
|
|
|
{
|
|
|
|
#if defined(OPENSSL_SYS_LINUX) || defined(OPENSSL_SYS_UNIX)
|
2017-04-10 00:05:55 +00:00
|
|
|
int testresult = 0;
|
2016-04-11 20:03:42 +00:00
|
|
|
char *p = NULL, *q = NULL, *r = NULL, *s = NULL;
|
2015-04-24 20:39:40 +00:00
|
|
|
|
2017-07-29 15:47:43 +00:00
|
|
|
s = OPENSSL_secure_malloc(20);
|
|
|
|
/* s = non-secure 20 */
|
|
|
|
if (!TEST_ptr(s)
|
|
|
|
|| !TEST_false(CRYPTO_secure_allocated(s)))
|
|
|
|
goto end;
|
2016-04-11 20:03:42 +00:00
|
|
|
r = OPENSSL_secure_malloc(20);
|
2017-07-29 15:47:43 +00:00
|
|
|
/* r = non-secure 20, s = non-secure 20 */
|
2017-04-10 00:05:55 +00:00
|
|
|
if (!TEST_ptr(r)
|
|
|
|
|| !TEST_true(CRYPTO_secure_malloc_init(4096, 32))
|
|
|
|
|| !TEST_false(CRYPTO_secure_allocated(r)))
|
|
|
|
goto end;
|
2015-04-24 20:39:40 +00:00
|
|
|
p = OPENSSL_secure_malloc(20);
|
2017-04-10 00:05:55 +00:00
|
|
|
if (!TEST_ptr(p)
|
2017-07-29 15:47:43 +00:00
|
|
|
/* r = non-secure 20, p = secure 20, s = non-secure 20 */
|
2017-04-10 00:05:55 +00:00
|
|
|
|| !TEST_true(CRYPTO_secure_allocated(p))
|
2017-08-11 14:15:22 +00:00
|
|
|
/* 20 secure -> 32-byte minimum allocation unit */
|
2017-04-10 00:05:55 +00:00
|
|
|
|| !TEST_size_t_eq(CRYPTO_secure_used(), 32))
|
|
|
|
goto end;
|
2015-04-24 20:39:40 +00:00
|
|
|
q = OPENSSL_malloc(20);
|
2017-04-10 00:05:55 +00:00
|
|
|
if (!TEST_ptr(q))
|
|
|
|
goto end;
|
2017-07-29 15:47:43 +00:00
|
|
|
/* r = non-secure 20, p = secure 20, q = non-secure 20, s = non-secure 20 */
|
2017-04-10 00:05:55 +00:00
|
|
|
if (!TEST_false(CRYPTO_secure_allocated(q)))
|
|
|
|
goto end;
|
2017-07-29 15:47:43 +00:00
|
|
|
OPENSSL_secure_clear_free(s, 20);
|
2016-04-11 20:03:42 +00:00
|
|
|
s = OPENSSL_secure_malloc(20);
|
2017-04-10 00:05:55 +00:00
|
|
|
if (!TEST_ptr(s)
|
|
|
|
/* r = non-secure 20, p = secure 20, q = non-secure 20, s = secure 20 */
|
|
|
|
|| !TEST_true(CRYPTO_secure_allocated(s))
|
|
|
|
/* 2 * 20 secure -> 64 bytes allocated */
|
|
|
|
|| !TEST_size_t_eq(CRYPTO_secure_used(), 64))
|
|
|
|
goto end;
|
2017-07-29 15:47:43 +00:00
|
|
|
OPENSSL_secure_clear_free(p, 20);
|
2017-04-10 00:05:55 +00:00
|
|
|
p = NULL;
|
2016-04-11 20:03:42 +00:00
|
|
|
/* 20 secure -> 32 bytes allocated */
|
2017-04-10 00:05:55 +00:00
|
|
|
if (!TEST_size_t_eq(CRYPTO_secure_used(), 32))
|
|
|
|
goto end;
|
2016-02-17 10:03:55 +00:00
|
|
|
OPENSSL_free(q);
|
2017-04-10 00:05:55 +00:00
|
|
|
q = NULL;
|
2016-04-11 20:03:42 +00:00
|
|
|
/* should not complete, as secure memory is still allocated */
|
2017-04-10 00:05:55 +00:00
|
|
|
if (!TEST_false(CRYPTO_secure_malloc_done())
|
|
|
|
|| !TEST_true(CRYPTO_secure_malloc_initialized()))
|
|
|
|
goto end;
|
2016-04-11 20:03:42 +00:00
|
|
|
OPENSSL_secure_free(s);
|
2017-04-10 00:05:55 +00:00
|
|
|
s = NULL;
|
2016-04-11 20:03:42 +00:00
|
|
|
/* secure memory should now be 0, so done should complete */
|
2017-04-10 00:05:55 +00:00
|
|
|
if (!TEST_size_t_eq(CRYPTO_secure_used(), 0)
|
|
|
|
|| !TEST_true(CRYPTO_secure_malloc_done())
|
|
|
|
|| !TEST_false(CRYPTO_secure_malloc_initialized()))
|
|
|
|
goto end;
|
Fix infinite loops in secure memory allocation.
Issue 1:
sh.bittable_size is a size_t but i is and int, which can result in
freelist == -1 if sh.bittable_size exceeds an int.
This seems to result in an OPENSSL_assert due to invalid allocation
size, so maybe that is "ok."
Worse, if sh.bittable_size is exactly 1<<31, then this becomes an
infinite loop (because 1<<31 is a negative int, so it can be shifted
right forever and sticks at -1).
Issue 2:
CRYPTO_secure_malloc_init() sets secure_mem_initialized=1 even when
sh_init() returns 0.
If sh_init() fails, we end up with secure_mem_initialized=1 but
sh.minsize=0. If you then call secure_malloc(), which then calls,
sh_malloc(), this then enters an infite loop since 0 << anything will
never be larger than size.
Issue 3:
That same sh_malloc loop will loop forever for a size greater
than size_t/2 because i will proceed (assuming sh.minsize=16):
i=16, 32, 64, ..., size_t/8, size_t/4, size_t/2, 0, 0, 0, 0, ....
This sequence will never be larger than "size".
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3449)
2017-05-11 19:48:10 +00:00
|
|
|
|
|
|
|
TEST_info("Possible infinite loop: allocate more than available");
|
|
|
|
if (!TEST_true(CRYPTO_secure_malloc_init(32768, 16)))
|
|
|
|
goto end;
|
|
|
|
TEST_ptr_null(OPENSSL_secure_malloc((size_t)-1));
|
|
|
|
TEST_true(CRYPTO_secure_malloc_done());
|
|
|
|
|
2017-05-21 14:21:06 +00:00
|
|
|
/*
|
|
|
|
* If init fails, then initialized should be false, if not, this
|
|
|
|
* could cause an infinite loop secure_malloc, but we don't test it
|
|
|
|
*/
|
|
|
|
if (TEST_false(CRYPTO_secure_malloc_init(16, 16)) &&
|
|
|
|
!TEST_false(CRYPTO_secure_malloc_initialized())) {
|
|
|
|
TEST_true(CRYPTO_secure_malloc_done());
|
Fix infinite loops in secure memory allocation.
Issue 1:
sh.bittable_size is a size_t but i is and int, which can result in
freelist == -1 if sh.bittable_size exceeds an int.
This seems to result in an OPENSSL_assert due to invalid allocation
size, so maybe that is "ok."
Worse, if sh.bittable_size is exactly 1<<31, then this becomes an
infinite loop (because 1<<31 is a negative int, so it can be shifted
right forever and sticks at -1).
Issue 2:
CRYPTO_secure_malloc_init() sets secure_mem_initialized=1 even when
sh_init() returns 0.
If sh_init() fails, we end up with secure_mem_initialized=1 but
sh.minsize=0. If you then call secure_malloc(), which then calls,
sh_malloc(), this then enters an infite loop since 0 << anything will
never be larger than size.
Issue 3:
That same sh_malloc loop will loop forever for a size greater
than size_t/2 because i will proceed (assuming sh.minsize=16):
i=16, 32, 64, ..., size_t/8, size_t/4, size_t/2, 0, 0, 0, 0, ....
This sequence will never be larger than "size".
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3449)
2017-05-11 19:48:10 +00:00
|
|
|
goto end;
|
2017-05-21 14:21:06 +00:00
|
|
|
}
|
Fix infinite loops in secure memory allocation.
Issue 1:
sh.bittable_size is a size_t but i is and int, which can result in
freelist == -1 if sh.bittable_size exceeds an int.
This seems to result in an OPENSSL_assert due to invalid allocation
size, so maybe that is "ok."
Worse, if sh.bittable_size is exactly 1<<31, then this becomes an
infinite loop (because 1<<31 is a negative int, so it can be shifted
right forever and sticks at -1).
Issue 2:
CRYPTO_secure_malloc_init() sets secure_mem_initialized=1 even when
sh_init() returns 0.
If sh_init() fails, we end up with secure_mem_initialized=1 but
sh.minsize=0. If you then call secure_malloc(), which then calls,
sh_malloc(), this then enters an infite loop since 0 << anything will
never be larger than size.
Issue 3:
That same sh_malloc loop will loop forever for a size greater
than size_t/2 because i will proceed (assuming sh.minsize=16):
i=16, 32, 64, ..., size_t/8, size_t/4, size_t/2, 0, 0, 0, 0, ....
This sequence will never be larger than "size".
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3449)
2017-05-11 19:48:10 +00:00
|
|
|
|
2017-05-12 20:46:39 +00:00
|
|
|
/*-
|
|
|
|
* There was also a possible infinite loop when the number of
|
|
|
|
* elements was 1<<31, as |int i| was set to that, which is a
|
|
|
|
* negative number. However, it requires minimum input values:
|
|
|
|
*
|
|
|
|
* CRYPTO_secure_malloc_init((size_t)1<<34, (size_t)1<<4);
|
|
|
|
*
|
2017-05-21 09:16:34 +00:00
|
|
|
* Which really only works on 64-bit systems, since it took 16 GB
|
|
|
|
* secure memory arena to trigger the problem. It naturally takes
|
|
|
|
* corresponding amount of available virtual and physical memory
|
|
|
|
* for test to be feasible/representative. Since we can't assume
|
|
|
|
* that every system is equipped with that much memory, the test
|
|
|
|
* remains disabled. If the reader of this comment really wants
|
|
|
|
* to make sure that infinite loop is fixed, they can enable the
|
|
|
|
* code below.
|
2017-05-12 20:46:39 +00:00
|
|
|
*/
|
|
|
|
# if 0
|
2017-05-21 09:16:34 +00:00
|
|
|
/*-
|
|
|
|
* On Linux and BSD this test has a chance to complete in minimal
|
|
|
|
* time and with minimum side effects, because mlock is likely to
|
|
|
|
* fail because of RLIMIT_MEMLOCK, which is customarily [much]
|
|
|
|
* smaller than 16GB. In other words Linux and BSD users can be
|
|
|
|
* limited by virtual space alone...
|
|
|
|
*/
|
Fix infinite loops in secure memory allocation.
Issue 1:
sh.bittable_size is a size_t but i is and int, which can result in
freelist == -1 if sh.bittable_size exceeds an int.
This seems to result in an OPENSSL_assert due to invalid allocation
size, so maybe that is "ok."
Worse, if sh.bittable_size is exactly 1<<31, then this becomes an
infinite loop (because 1<<31 is a negative int, so it can be shifted
right forever and sticks at -1).
Issue 2:
CRYPTO_secure_malloc_init() sets secure_mem_initialized=1 even when
sh_init() returns 0.
If sh_init() fails, we end up with secure_mem_initialized=1 but
sh.minsize=0. If you then call secure_malloc(), which then calls,
sh_malloc(), this then enters an infite loop since 0 << anything will
never be larger than size.
Issue 3:
That same sh_malloc loop will loop forever for a size greater
than size_t/2 because i will proceed (assuming sh.minsize=16):
i=16, 32, 64, ..., size_t/8, size_t/4, size_t/2, 0, 0, 0, 0, ....
This sequence will never be larger than "size".
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3449)
2017-05-11 19:48:10 +00:00
|
|
|
if (sizeof(size_t) > 4) {
|
|
|
|
TEST_info("Possible infinite loop: 1<<31 limit");
|
2017-05-12 20:46:39 +00:00
|
|
|
if (TEST_true(CRYPTO_secure_malloc_init((size_t)1<<34, (size_t)1<<4) != 0))
|
|
|
|
TEST_true(CRYPTO_secure_malloc_done());
|
Fix infinite loops in secure memory allocation.
Issue 1:
sh.bittable_size is a size_t but i is and int, which can result in
freelist == -1 if sh.bittable_size exceeds an int.
This seems to result in an OPENSSL_assert due to invalid allocation
size, so maybe that is "ok."
Worse, if sh.bittable_size is exactly 1<<31, then this becomes an
infinite loop (because 1<<31 is a negative int, so it can be shifted
right forever and sticks at -1).
Issue 2:
CRYPTO_secure_malloc_init() sets secure_mem_initialized=1 even when
sh_init() returns 0.
If sh_init() fails, we end up with secure_mem_initialized=1 but
sh.minsize=0. If you then call secure_malloc(), which then calls,
sh_malloc(), this then enters an infite loop since 0 << anything will
never be larger than size.
Issue 3:
That same sh_malloc loop will loop forever for a size greater
than size_t/2 because i will proceed (assuming sh.minsize=16):
i=16, 32, 64, ..., size_t/8, size_t/4, size_t/2, 0, 0, 0, 0, ....
This sequence will never be larger than "size".
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3449)
2017-05-11 19:48:10 +00:00
|
|
|
}
|
2017-05-12 20:46:39 +00:00
|
|
|
# endif
|
2017-05-21 14:21:06 +00:00
|
|
|
|
2016-04-11 20:03:42 +00:00
|
|
|
/* this can complete - it was not really secure */
|
2017-04-10 00:05:55 +00:00
|
|
|
testresult = 1;
|
|
|
|
end:
|
|
|
|
OPENSSL_secure_free(p);
|
|
|
|
OPENSSL_free(q);
|
2016-04-11 20:03:42 +00:00
|
|
|
OPENSSL_secure_free(r);
|
2017-04-10 00:05:55 +00:00
|
|
|
OPENSSL_secure_free(s);
|
|
|
|
return testresult;
|
2015-04-24 20:39:40 +00:00
|
|
|
#else
|
|
|
|
/* Should fail. */
|
2017-04-10 00:05:55 +00:00
|
|
|
return TEST_false(CRYPTO_secure_malloc_init(4096, 32));
|
2015-04-24 20:39:40 +00:00
|
|
|
#endif
|
2017-04-10 00:05:55 +00:00
|
|
|
}
|
|
|
|
|
2018-08-21 23:20:18 +00:00
|
|
|
static int test_sec_mem_clear(void)
|
|
|
|
{
|
|
|
|
#if defined(OPENSSL_SYS_LINUX) || defined(OPENSSL_SYS_UNIX)
|
|
|
|
const int size = 64;
|
|
|
|
unsigned char *p = NULL;
|
|
|
|
int i, res = 0;
|
|
|
|
|
|
|
|
if (!TEST_true(CRYPTO_secure_malloc_init(4096, 32))
|
|
|
|
|| !TEST_ptr(p = OPENSSL_secure_malloc(size)))
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
for (i = 0; i < size; i++)
|
|
|
|
if (!TEST_uchar_eq(p[i], 0))
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
for (i = 0; i < size; i++)
|
|
|
|
p[i] = (unsigned char)(i + ' ' + 1);
|
|
|
|
|
|
|
|
OPENSSL_secure_free(p);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* A deliberate use after free here to verify that the memory has been
|
|
|
|
* cleared properly. Since secure free doesn't return the memory to
|
|
|
|
* libc's memory pool, it technically isn't freed. However, the header
|
|
|
|
* bytes have to be skipped and these consist of two pointers in the
|
|
|
|
* current implementation.
|
|
|
|
*/
|
|
|
|
for (i = sizeof(void *) * 2; i < size; i++)
|
|
|
|
if (!TEST_uchar_eq(p[i], 0))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
res = 1;
|
|
|
|
p = NULL;
|
|
|
|
|
|
|
|
err:
|
|
|
|
OPENSSL_secure_free(p);
|
|
|
|
CRYPTO_secure_malloc_done();
|
|
|
|
return res;
|
|
|
|
#else
|
|
|
|
return 1;
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
2017-07-18 01:48:27 +00:00
|
|
|
int setup_tests(void)
|
2017-04-10 00:05:55 +00:00
|
|
|
{
|
|
|
|
ADD_TEST(test_sec_mem);
|
2018-08-21 23:20:18 +00:00
|
|
|
ADD_TEST(test_sec_mem_clear);
|
2017-07-18 01:48:27 +00:00
|
|
|
return 1;
|
2015-04-24 20:39:40 +00:00
|
|
|
}
|