| secmemtest.c (1.1.1.2) | secmemtest.c (1.1.1.1) |
|---|---|
| 1/* | 1/* |
| 2 * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. | 2 * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. |
| 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 | 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 |
| 10#include <stdio.h> |
|
| 10#include <openssl/crypto.h> 11 | 11#include <openssl/crypto.h> 12 |
| 12#include "testutil.h" | 13#define perror_line() perror_line1(__LINE__) 14#define perror_line1(l) perror_line2(l) 15#define perror_line2(l) perror("failed " #l) |
| 13 | 16 |
| 14static int test_sec_mem(void) | 17int main(int argc, char **argv) |
| 15{ 16#if defined(OPENSSL_SYS_LINUX) || defined(OPENSSL_SYS_UNIX) | 18{ 19#if defined(OPENSSL_SYS_LINUX) || defined(OPENSSL_SYS_UNIX) |
| 17 int testresult = 0; | |
| 18 char *p = NULL, *q = NULL, *r = NULL, *s = NULL; 19 20 s = OPENSSL_secure_malloc(20); 21 /* s = non-secure 20 */ | 20 char *p = NULL, *q = NULL, *r = NULL, *s = NULL; 21 22 s = OPENSSL_secure_malloc(20); 23 /* s = non-secure 20 */ |
| 22 if (!TEST_ptr(s) 23 || !TEST_false(CRYPTO_secure_allocated(s))) 24 goto end; | 24 if (s == NULL) { 25 perror_line(); 26 return 1; 27 } 28 if (CRYPTO_secure_allocated(s)) { 29 perror_line(); 30 return 1; 31 } |
| 25 r = OPENSSL_secure_malloc(20); 26 /* r = non-secure 20, s = non-secure 20 */ | 32 r = OPENSSL_secure_malloc(20); 33 /* r = non-secure 20, s = non-secure 20 */ |
| 27 if (!TEST_ptr(r) 28 || !TEST_true(CRYPTO_secure_malloc_init(4096, 32)) 29 || !TEST_false(CRYPTO_secure_allocated(r))) 30 goto end; | 34 if (r == NULL) { 35 perror_line(); 36 return 1; 37 } 38 if (!CRYPTO_secure_malloc_init(4096, 32)) { 39 perror_line(); 40 return 1; 41 } 42 if (CRYPTO_secure_allocated(r)) { 43 perror_line(); 44 return 1; 45 } |
| 31 p = OPENSSL_secure_malloc(20); | 46 p = OPENSSL_secure_malloc(20); |
| 32 if (!TEST_ptr(p) 33 /* r = non-secure 20, p = secure 20, s = non-secure 20 */ 34 || !TEST_true(CRYPTO_secure_allocated(p)) 35 /* 20 secure -> 32-byte minimum allocation unit */ 36 || !TEST_size_t_eq(CRYPTO_secure_used(), 32)) 37 goto end; | 47 /* r = non-secure 20, p = secure 20, s = non-secure 20 */ 48 if (!CRYPTO_secure_allocated(p)) { 49 perror_line(); 50 return 1; 51 } 52 /* 20 secure -> 32-byte minimum allocaton unit */ 53 if (CRYPTO_secure_used() != 32) { 54 perror_line(); 55 return 1; 56 } |
| 38 q = OPENSSL_malloc(20); | 57 q = OPENSSL_malloc(20); |
| 39 if (!TEST_ptr(q)) 40 goto end; | |
| 41 /* r = non-secure 20, p = secure 20, q = non-secure 20, s = non-secure 20 */ | 58 /* r = non-secure 20, p = secure 20, q = non-secure 20, s = non-secure 20 */ |
| 42 if (!TEST_false(CRYPTO_secure_allocated(q))) 43 goto end; | 59 if (CRYPTO_secure_allocated(q)) { 60 perror_line(); 61 return 1; 62 } |
| 44 OPENSSL_secure_clear_free(s, 20); 45 s = OPENSSL_secure_malloc(20); | 63 OPENSSL_secure_clear_free(s, 20); 64 s = OPENSSL_secure_malloc(20); |
| 46 if (!TEST_ptr(s) 47 /* r = non-secure 20, p = secure 20, q = non-secure 20, s = secure 20 */ 48 || !TEST_true(CRYPTO_secure_allocated(s)) 49 /* 2 * 20 secure -> 64 bytes allocated */ 50 || !TEST_size_t_eq(CRYPTO_secure_used(), 64)) 51 goto end; | 65 /* r = non-secure 20, p = secure 20, q = non-secure 20, s = secure 20 */ 66 if (!CRYPTO_secure_allocated(s)) { 67 perror_line(); 68 return 1; 69 } 70 /* 2 * 20 secure -> 64 bytes allocated */ 71 if (CRYPTO_secure_used() != 64) { 72 perror_line(); 73 return 1; 74 } |
| 52 OPENSSL_secure_clear_free(p, 20); | 75 OPENSSL_secure_clear_free(p, 20); |
| 53 p = NULL; | |
| 54 /* 20 secure -> 32 bytes allocated */ | 76 /* 20 secure -> 32 bytes allocated */ |
| 55 if (!TEST_size_t_eq(CRYPTO_secure_used(), 32)) 56 goto end; | 77 if (CRYPTO_secure_used() != 32) { 78 perror_line(); 79 return 1; 80 } |
| 57 OPENSSL_free(q); | 81 OPENSSL_free(q); |
| 58 q = NULL; | |
| 59 /* should not complete, as secure memory is still allocated */ | 82 /* should not complete, as secure memory is still allocated */ |
| 60 if (!TEST_false(CRYPTO_secure_malloc_done()) 61 || !TEST_true(CRYPTO_secure_malloc_initialized())) 62 goto end; | 83 if (CRYPTO_secure_malloc_done()) { 84 perror_line(); 85 return 1; 86 } 87 if (!CRYPTO_secure_malloc_initialized()) { 88 perror_line(); 89 return 1; 90 } |
| 63 OPENSSL_secure_free(s); | 91 OPENSSL_secure_free(s); |
| 64 s = NULL; | |
| 65 /* secure memory should now be 0, so done should complete */ | 92 /* secure memory should now be 0, so done should complete */ |
| 66 if (!TEST_size_t_eq(CRYPTO_secure_used(), 0) 67 || !TEST_true(CRYPTO_secure_malloc_done()) 68 || !TEST_false(CRYPTO_secure_malloc_initialized())) 69 goto end; | 93 if (CRYPTO_secure_used() != 0) { 94 perror_line(); 95 return 1; 96 } 97 if (!CRYPTO_secure_malloc_done()) { 98 perror_line(); 99 return 1; 100 } 101 if (CRYPTO_secure_malloc_initialized()) { 102 perror_line(); 103 return 1; 104 } |
| 70 | 105 |
| 71 TEST_info("Possible infinite loop: allocate more than available"); 72 if (!TEST_true(CRYPTO_secure_malloc_init(32768, 16))) 73 goto end; 74 TEST_ptr_null(OPENSSL_secure_malloc((size_t)-1)); 75 TEST_true(CRYPTO_secure_malloc_done()); | 106 fprintf(stderr, "Possible infinite loop: allocate more than available\n"); 107 if (!CRYPTO_secure_malloc_init(32768, 16)) { 108 perror_line(); 109 return 1; 110 } 111 if (OPENSSL_secure_malloc((size_t)-1) != NULL) { 112 perror_line(); 113 return 1; 114 } 115 if (!CRYPTO_secure_malloc_done()) { 116 perror_line(); 117 return 1; 118 } |
| 76 77 /* 78 * If init fails, then initialized should be false, if not, this 79 * could cause an infinite loop secure_malloc, but we don't test it 80 */ | 119 120 /* 121 * If init fails, then initialized should be false, if not, this 122 * could cause an infinite loop secure_malloc, but we don't test it 123 */ |
| 81 if (TEST_false(CRYPTO_secure_malloc_init(16, 16)) && 82 !TEST_false(CRYPTO_secure_malloc_initialized())) { 83 TEST_true(CRYPTO_secure_malloc_done()); 84 goto end; | 124 if (!CRYPTO_secure_malloc_init(16, 16) && 125 CRYPTO_secure_malloc_initialized()) { 126 CRYPTO_secure_malloc_done(); 127 perror_line(); 128 return 1; |
| 85 } 86 87 /*- 88 * There was also a possible infinite loop when the number of 89 * elements was 1<<31, as |int i| was set to that, which is a 90 * negative number. However, it requires minimum input values: 91 * 92 * CRYPTO_secure_malloc_init((size_t)1<<34, (size_t)1<<4); --- 11 unchanged lines hidden (view full) --- 104 /*- 105 * On Linux and BSD this test has a chance to complete in minimal 106 * time and with minimum side effects, because mlock is likely to 107 * fail because of RLIMIT_MEMLOCK, which is customarily [much] 108 * smaller than 16GB. In other words Linux and BSD users can be 109 * limited by virtual space alone... 110 */ 111 if (sizeof(size_t) > 4) { | 129 } 130 131 /*- 132 * There was also a possible infinite loop when the number of 133 * elements was 1<<31, as |int i| was set to that, which is a 134 * negative number. However, it requires minimum input values: 135 * 136 * CRYPTO_secure_malloc_init((size_t)1<<34, (size_t)1<<4); --- 11 unchanged lines hidden (view full) --- 148 /*- 149 * On Linux and BSD this test has a chance to complete in minimal 150 * time and with minimum side effects, because mlock is likely to 151 * fail because of RLIMIT_MEMLOCK, which is customarily [much] 152 * smaller than 16GB. In other words Linux and BSD users can be 153 * limited by virtual space alone... 154 */ 155 if (sizeof(size_t) > 4) { |
| 112 TEST_info("Possible infinite loop: 1<<31 limit"); 113 if (TEST_true(CRYPTO_secure_malloc_init((size_t)1<<34, (size_t)1<<4) != 0)) 114 TEST_true(CRYPTO_secure_malloc_done()); | 156 fprintf(stderr, "Possible infinite loop: 1<<31 limit\n"); 157 if (CRYPTO_secure_malloc_init((size_t)1<<34, (size_t)1<<4) == 0) { 158 perror_line(); 159 } else if (!CRYPTO_secure_malloc_done()) { 160 perror_line(); 161 return 1; 162 } |
| 115 } 116# endif 117 118 /* this can complete - it was not really secure */ | 163 } 164# endif 165 166 /* this can complete - it was not really secure */ |
| 119 testresult = 1; 120 end: 121 OPENSSL_secure_free(p); 122 OPENSSL_free(q); | |
| 123 OPENSSL_secure_free(r); | 167 OPENSSL_secure_free(r); |
| 124 OPENSSL_secure_free(s); 125 return testresult; | |
| 126#else 127 /* Should fail. */ | 168#else 169 /* Should fail. */ |
| 128 return TEST_false(CRYPTO_secure_malloc_init(4096, 32)); | 170 if (CRYPTO_secure_malloc_init(4096, 32)) { 171 perror_line(); 172 return 1; 173 } |
| 129#endif | 174#endif |
| 175 return 0; |
|
| 130} | 176} |
| 131 132static int test_sec_mem_clear(void) 133{ 134#if defined(OPENSSL_SYS_LINUX) || defined(OPENSSL_SYS_UNIX) 135 const int size = 64; 136 unsigned char *p = NULL; 137 int i, res = 0; 138 139 if (!TEST_true(CRYPTO_secure_malloc_init(4096, 32)) 140 || !TEST_ptr(p = OPENSSL_secure_malloc(size))) 141 goto err; 142 143 for (i = 0; i < size; i++) 144 if (!TEST_uchar_eq(p[i], 0)) 145 goto err; 146 147 for (i = 0; i < size; i++) 148 p[i] = (unsigned char)(i + ' ' + 1); 149 150 OPENSSL_secure_free(p); 151 152 /* 153 * A deliberate use after free here to verify that the memory has been 154 * cleared properly. Since secure free doesn't return the memory to 155 * libc's memory pool, it technically isn't freed. However, the header 156 * bytes have to be skipped and these consist of two pointers in the 157 * current implementation. 158 */ 159 for (i = sizeof(void *) * 2; i < size; i++) 160 if (!TEST_uchar_eq(p[i], 0)) 161 return 0; 162 163 res = 1; 164 p = NULL; 165 166err: 167 OPENSSL_secure_free(p); 168 CRYPTO_secure_malloc_done(); 169 return res; 170#else 171 return 1; 172#endif 173} 174 175int setup_tests(void) 176{ 177 ADD_TEST(test_sec_mem); 178 ADD_TEST(test_sec_mem_clear); 179 return 1; 180} | |