diff options
author | Pauli <paul.dale@oracle.com> | 2018-08-22 10:04:27 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2018-08-23 11:12:44 +1000 |
commit | 837017b4748d587912d9d218894644d6ca86721f (patch) | |
tree | afca3cea34ec1205407a443f59c3980d963e36da /test | |
parent | 8255fd0f4f86fa4202962d4b27185c0d96f21d75 (diff) |
Zero memory in CRYPTO_secure_malloc.
This commit destroys the free list pointers which would otherwise be
present in the returned memory blocks. This in turn helps prevent
information leakage from the secure memory area.
Note: CRYPTO_secure_malloc is not guaranteed to return zeroed memory:
before the secure memory system is initialised or if it isn't implemented.
[manual merge of #7011]
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7026)
Diffstat (limited to 'test')
-rw-r--r-- | test/secmemtest.c | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/test/secmemtest.c b/test/secmemtest.c index 9405f348ab..6077216b9b 100644 --- a/test/secmemtest.c +++ b/test/secmemtest.c @@ -18,6 +18,8 @@ int main(int argc, char **argv) { #if defined(OPENSSL_SYS_LINUX) || defined(OPENSSL_SYS_UNIX) char *p = NULL, *q = NULL, *r = NULL, *s = NULL; + int i; + const int size = 64; s = OPENSSL_secure_malloc(20); /* s = non-secure 20 */ @@ -128,6 +130,48 @@ int main(int argc, char **argv) return 1; } + if (!CRYPTO_secure_malloc_init(32768, 16)) { + perror_line(); + return 1; + } + + /* + * Verify that secure memory gets zeroed properly. + */ + if ((p = OPENSSL_secure_malloc(size)) == NULL) { + perror_line(); + return 1; + } + for (i = 0; i < size; i++) + if (p[i] != 0) { + perror_line(); + fprintf(stderr, "iteration %d\n", i); + return 1; + } + + for (i = 0; i < size; i++) + p[i] = (unsigned char)(i + ' ' + 1); + OPENSSL_secure_free(p); + + /* + * A deliberate use after free here to verify that the memory has been + * cleared properly. Since secure free doesn't return the memory to + * libc's memory pool, it technically isn't freed. However, the header + * bytes have to be skipped and these consist of two pointers in the + * current implementation. + */ + for (i = sizeof(void *) * 2; i < size; i++) + if (p[i] != 0) { + perror_line(); + fprintf(stderr, "iteration %d\n", i); + return 1; + } + + if (!CRYPTO_secure_malloc_done()) { + perror_line(); + return 1; + } + /*- * There was also a possible infinite loop when the number of * elements was 1<<31, as |int i| was set to that, which is a |