Tree - source-git/openssl - CentOS Git server

source-git / openssl

Blame test/secmemtest.c

Blob History Raw

Packit Service	084de1	`/*`
Packit Service	084de1	`* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.`
Packit Service	084de1	`*`
Packit Service	084de1	`* Licensed under the OpenSSL license (the "License"). You may not use`
Packit Service	084de1	`* this file except in compliance with the License. You can obtain a copy`
Packit Service	084de1	`* in the file LICENSE in the source distribution or at`
Packit Service	084de1	`* https://www.openssl.org/source/license.html`
Packit Service	084de1	`*/`
Packit Service	084de1
Packit Service	084de1	`#include <openssl/crypto.h>`
Packit Service	084de1
Packit Service	084de1	`#include "testutil.h"`
Packit Service	084de1	`#include "../e_os.h"`
Packit Service	084de1
Packit Service	084de1	`static int test_sec_mem(void)`
Packit Service	084de1	`{`
Packit Service	084de1	`#ifdef OPENSSL_SECURE_MEMORY`
Packit Service	084de1	`int testresult = 0;`
Packit Service	084de1	`char p = NULL, q = NULL, r = NULL, s = NULL;`
Packit Service	084de1
Packit Service	084de1	`TEST_info("Secure memory is implemented.");`
Packit Service	084de1
Packit Service	084de1	`s = OPENSSL_secure_malloc(20);`
Packit Service	084de1	`/* s = non-secure 20 */`
Packit Service	084de1	`if (!TEST_ptr(s)`
Packit Service	084de1	`\|\| !TEST_false(CRYPTO_secure_allocated(s)))`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`r = OPENSSL_secure_malloc(20);`
Packit Service	084de1	`/* r = non-secure 20, s = non-secure 20 */`
Packit Service	084de1	`if (!TEST_ptr(r)`
Packit Service	084de1	`\|\| !TEST_true(CRYPTO_secure_malloc_init(4096, 32))`
Packit Service	084de1	`\|\| !TEST_false(CRYPTO_secure_allocated(r)))`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`p = OPENSSL_secure_malloc(20);`
Packit Service	084de1	`if (!TEST_ptr(p)`
Packit Service	084de1	`/* r = non-secure 20, p = secure 20, s = non-secure 20 */`
Packit Service	084de1	`\|\| !TEST_true(CRYPTO_secure_allocated(p))`
Packit Service	084de1	`/* 20 secure -> 32-byte minimum allocation unit */`
Packit Service	084de1	`\|\| !TEST_size_t_eq(CRYPTO_secure_used(), 32))`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`q = OPENSSL_malloc(20);`
Packit Service	084de1	`if (!TEST_ptr(q))`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`/* r = non-secure 20, p = secure 20, q = non-secure 20, s = non-secure 20 */`
Packit Service	084de1	`if (!TEST_false(CRYPTO_secure_allocated(q)))`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`OPENSSL_secure_clear_free(s, 20);`
Packit Service	084de1	`s = OPENSSL_secure_malloc(20);`
Packit Service	084de1	`if (!TEST_ptr(s)`
Packit Service	084de1	`/* r = non-secure 20, p = secure 20, q = non-secure 20, s = secure 20 */`
Packit Service	084de1	`\|\| !TEST_true(CRYPTO_secure_allocated(s))`
Packit Service	084de1	`/* 2 * 20 secure -> 64 bytes allocated */`
Packit Service	084de1	`\|\| !TEST_size_t_eq(CRYPTO_secure_used(), 64))`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`OPENSSL_secure_clear_free(p, 20);`
Packit Service	084de1	`p = NULL;`
Packit Service	084de1	`/* 20 secure -> 32 bytes allocated */`
Packit Service	084de1	`if (!TEST_size_t_eq(CRYPTO_secure_used(), 32))`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`OPENSSL_free(q);`
Packit Service	084de1	`q = NULL;`
Packit Service	084de1	`/* should not complete, as secure memory is still allocated */`
Packit Service	084de1	`if (!TEST_false(CRYPTO_secure_malloc_done())`
Packit Service	084de1	`\|\| !TEST_true(CRYPTO_secure_malloc_initialized()))`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`OPENSSL_secure_free(s);`
Packit Service	084de1	`s = NULL;`
Packit Service	084de1	`/* secure memory should now be 0, so done should complete */`
Packit Service	084de1	`if (!TEST_size_t_eq(CRYPTO_secure_used(), 0)`
Packit Service	084de1	`\|\| !TEST_true(CRYPTO_secure_malloc_done())`
Packit Service	084de1	`\|\| !TEST_false(CRYPTO_secure_malloc_initialized()))`
Packit Service	084de1	`goto end;`
Packit Service	084de1
Packit Service	084de1	`TEST_info("Possible infinite loop: allocate more than available");`
Packit Service	084de1	`if (!TEST_true(CRYPTO_secure_malloc_init(32768, 16)))`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`TEST_ptr_null(OPENSSL_secure_malloc((size_t)-1));`
Packit Service	084de1	`TEST_true(CRYPTO_secure_malloc_done());`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* If init fails, then initialized should be false, if not, this`
Packit Service	084de1	`* could cause an infinite loop secure_malloc, but we don't test it`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (TEST_false(CRYPTO_secure_malloc_init(16, 16)) &&`
Packit Service	084de1	`!TEST_false(CRYPTO_secure_malloc_initialized())) {`
Packit Service	084de1	`TEST_true(CRYPTO_secure_malloc_done());`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/*-`
Packit Service	084de1	`* There was also a possible infinite loop when the number of`
Packit Service	084de1	`* elements was 1<<31, as \|int i\| was set to that, which is a`
Packit Service	084de1	`* negative number. However, it requires minimum input values:`
Packit Service	084de1	`*`
Packit Service	084de1	`* CRYPTO_secure_malloc_init((size_t)1<<34, (size_t)1<<4);`
Packit Service	084de1	`*`
Packit Service	084de1	`* Which really only works on 64-bit systems, since it took 16 GB`
Packit Service	084de1	`* secure memory arena to trigger the problem. It naturally takes`
Packit Service	084de1	`* corresponding amount of available virtual and physical memory`
Packit Service	084de1	`* for test to be feasible/representative. Since we can't assume`
Packit Service	084de1	`* that every system is equipped with that much memory, the test`
Packit Service	084de1	`* remains disabled. If the reader of this comment really wants`
Packit Service	084de1	`* to make sure that infinite loop is fixed, they can enable the`
Packit Service	084de1	`* code below.`
Packit Service	084de1	`*/`
Packit Service	084de1	`# if 0`
Packit Service	084de1	`/*-`
Packit Service	084de1	`* On Linux and BSD this test has a chance to complete in minimal`
Packit Service	084de1	`* time and with minimum side effects, because mlock is likely to`
Packit Service	084de1	`* fail because of RLIMIT_MEMLOCK, which is customarily [much]`
Packit Service	084de1	`* smaller than 16GB. In other words Linux and BSD users can be`
Packit Service	084de1	`* limited by virtual space alone...`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (sizeof(size_t) > 4) {`
Packit Service	084de1	`TEST_info("Possible infinite loop: 1<<31 limit");`
Packit Service	084de1	`if (TEST_true(CRYPTO_secure_malloc_init((size_t)1<<34, (size_t)1<<4) != 0))`
Packit Service	084de1	`TEST_true(CRYPTO_secure_malloc_done());`
Packit Service	084de1	`}`
Packit Service	084de1	`# endif`
Packit Service	084de1
Packit Service	084de1	`/* this can complete - it was not really secure */`
Packit Service	084de1	`testresult = 1;`
Packit Service	084de1	`end:`
Packit Service	084de1	`OPENSSL_secure_free(p);`
Packit Service	084de1	`OPENSSL_free(q);`
Packit Service	084de1	`OPENSSL_secure_free(r);`
Packit Service	084de1	`OPENSSL_secure_free(s);`
Packit Service	084de1	`return testresult;`
Packit Service	084de1	`#else`
Packit Service	084de1	`TEST_info("Secure memory is not implemented.");`
Packit Service	084de1	`/* Should fail. */`
Packit Service	084de1	`return TEST_false(CRYPTO_secure_malloc_init(4096, 32));`
Packit Service	084de1	`#endif`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`static int test_sec_mem_clear(void)`
Packit Service	084de1	`{`
Packit Service	084de1	`#ifdef OPENSSL_SECURE_MEMORY`
Packit Service	084de1	`const int size = 64;`
Packit Service	084de1	`unsigned char *p = NULL;`
Packit Service	084de1	`int i, res = 0;`
Packit Service	084de1
Packit Service	084de1	`if (!TEST_true(CRYPTO_secure_malloc_init(4096, 32))`
Packit Service	084de1	`\|\| !TEST_ptr(p = OPENSSL_secure_malloc(size)))`
Packit Service	084de1	`goto err;`
Packit Service	084de1
Packit Service	084de1	`for (i = 0; i < size; i++)`
Packit Service	084de1	`if (!TEST_uchar_eq(p[i], 0))`
Packit Service	084de1	`goto err;`
Packit Service	084de1
Packit Service	084de1	`for (i = 0; i < size; i++)`
Packit Service	084de1	`p[i] = (unsigned char)(i + ' ' + 1);`
Packit Service	084de1
Packit Service	084de1	`OPENSSL_secure_free(p);`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* A deliberate use after free here to verify that the memory has been`
Packit Service	084de1	`* cleared properly. Since secure free doesn't return the memory to`
Packit Service	084de1	`* libc's memory pool, it technically isn't freed. However, the header`
Packit Service	084de1	`* bytes have to be skipped and these consist of two pointers in the`
Packit Service	084de1	`* current implementation.`
Packit Service	084de1	`*/`
Packit Service	084de1	`for (i = sizeof(void ) 2; i < size; i++)`
Packit Service	084de1	`if (!TEST_uchar_eq(p[i], 0))`
Packit Service	084de1	`return 0;`
Packit Service	084de1
Packit Service	084de1	`res = 1;`
Packit Service	084de1	`p = NULL;`
Packit Service	084de1	`err:`
Packit Service	084de1	`OPENSSL_secure_free(p);`
Packit Service	084de1	`CRYPTO_secure_malloc_done();`
Packit Service	084de1	`return res;`
Packit Service	084de1	`#else`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`#endif`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`int setup_tests(void)`
Packit Service	084de1	`{`
Packit Service	084de1	`ADD_TEST(test_sec_mem);`
Packit Service	084de1	`ADD_TEST(test_sec_mem_clear);`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`

source-git / openssl

Source Code

Blame test/secmemtest.c