]>
Commit | Line | Data |
---|---|---|
440e5d80 | 1 | /* |
789dfc47 | 2 | * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved. |
440e5d80 RS |
3 | * |
4 | * Licensed under the OpenSSL license (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
74924dcb RS |
9 | |
10 | #include <openssl/crypto.h> | |
11 | ||
789dfc47 | 12 | #include "testutil.h" |
e8408681 | 13 | |
789dfc47 | 14 | static int test_sec_mem(void) |
74924dcb RS |
15 | { |
16 | #if defined(OPENSSL_SYS_LINUX) || defined(OPENSSL_SYS_UNIX) | |
789dfc47 | 17 | int testresult = 0; |
e8408681 | 18 | char *p = NULL, *q = NULL, *r = NULL, *s = NULL; |
74924dcb | 19 | |
e8408681 TS |
20 | r = OPENSSL_secure_malloc(20); |
21 | /* r = non-secure 20 */ | |
789dfc47 P |
22 | if (!TEST_ptr(r) |
23 | || !TEST_true(CRYPTO_secure_malloc_init(4096, 32)) | |
24 | || !TEST_false(CRYPTO_secure_allocated(r))) | |
25 | goto end; | |
74924dcb | 26 | p = OPENSSL_secure_malloc(20); |
789dfc47 P |
27 | if (!TEST_ptr(p) |
28 | /* r = non-secure 20, p = secure 20 */ | |
29 | || !TEST_true(CRYPTO_secure_allocated(p)) | |
30 | /* 20 secure -> 32-byte minimum allocaton unit */ | |
31 | || !TEST_size_t_eq(CRYPTO_secure_used(), 32)) | |
32 | goto end; | |
74924dcb | 33 | q = OPENSSL_malloc(20); |
789dfc47 P |
34 | if (!TEST_ptr(q)) |
35 | goto end; | |
e8408681 | 36 | /* r = non-secure 20, p = secure 20, q = non-secure 20 */ |
789dfc47 P |
37 | if (!TEST_false(CRYPTO_secure_allocated(q))) |
38 | goto end; | |
e8408681 | 39 | s = OPENSSL_secure_malloc(20); |
789dfc47 P |
40 | if (!TEST_ptr(s) |
41 | /* r = non-secure 20, p = secure 20, q = non-secure 20, s = secure 20 */ | |
42 | || !TEST_true(CRYPTO_secure_allocated(s)) | |
43 | /* 2 * 20 secure -> 64 bytes allocated */ | |
44 | || !TEST_size_t_eq(CRYPTO_secure_used(), 64)) | |
45 | goto end; | |
d6b55fac | 46 | OPENSSL_secure_free(p); |
789dfc47 | 47 | p = NULL; |
e8408681 | 48 | /* 20 secure -> 32 bytes allocated */ |
789dfc47 P |
49 | if (!TEST_size_t_eq(CRYPTO_secure_used(), 32)) |
50 | goto end; | |
d6b55fac | 51 | OPENSSL_free(q); |
789dfc47 | 52 | q = NULL; |
e8408681 | 53 | /* should not complete, as secure memory is still allocated */ |
789dfc47 P |
54 | if (!TEST_false(CRYPTO_secure_malloc_done()) |
55 | || !TEST_true(CRYPTO_secure_malloc_initialized())) | |
56 | goto end; | |
e8408681 | 57 | OPENSSL_secure_free(s); |
789dfc47 | 58 | s = NULL; |
e8408681 | 59 | /* secure memory should now be 0, so done should complete */ |
789dfc47 P |
60 | if (!TEST_size_t_eq(CRYPTO_secure_used(), 0) |
61 | || !TEST_true(CRYPTO_secure_malloc_done()) | |
62 | || !TEST_false(CRYPTO_secure_malloc_initialized())) | |
63 | goto end; | |
7031ddac TS |
64 | |
65 | TEST_info("Possible infinite loop: allocate more than available"); | |
66 | if (!TEST_true(CRYPTO_secure_malloc_init(32768, 16))) | |
67 | goto end; | |
68 | TEST_ptr_null(OPENSSL_secure_malloc((size_t)-1)); | |
69 | TEST_true(CRYPTO_secure_malloc_done()); | |
70 | ||
71 | TEST_info("Possible infinite loop: small arena"); | |
72 | if (!TEST_false(CRYPTO_secure_malloc_init(16, 16))) | |
73 | goto end; | |
74 | TEST_false(CRYPTO_secure_malloc_initialized()); | |
75 | TEST_ptr_null(OPENSSL_secure_malloc((size_t)-1)); | |
76 | TEST_true(CRYPTO_secure_malloc_done()); | |
77 | ||
c8e89d58 TS |
78 | /*- |
79 | * There was also a possible infinite loop when the number of | |
80 | * elements was 1<<31, as |int i| was set to that, which is a | |
81 | * negative number. However, it requires minimum input values: | |
82 | * | |
83 | * CRYPTO_secure_malloc_init((size_t)1<<34, (size_t)1<<4); | |
84 | * | |
85 | * Which really only works on 64-bit systems, and even then the | |
86 | * code attempts to allocate 16 GB secure memory arena. Linux | |
87 | * can deal with this better than other Unixy OS's (e.g. MacOS) | |
88 | * but we don't want to push the system too hard during a unit | |
89 | * test. In addition, trying to allocate 16GB will cause the | |
90 | * mlock() call to fail, so that was at least changed to no | |
91 | * longer be an assert. If the reader of this comment really | |
92 | * wants to make sure that infinite loop is fixed, they can | |
93 | * enable the code below. | |
94 | */ | |
95 | # if 0 | |
96 | /* This test should only be run under Linux... runner beware */ | |
7031ddac TS |
97 | if (sizeof(size_t) > 4) { |
98 | TEST_info("Possible infinite loop: 1<<31 limit"); | |
c8e89d58 TS |
99 | if (TEST_true(CRYPTO_secure_malloc_init((size_t)1<<34, (size_t)1<<4) != 0)) |
100 | TEST_true(CRYPTO_secure_malloc_done()); | |
7031ddac | 101 | } |
c8e89d58 | 102 | # endif |
7031ddac | 103 | |
e8408681 | 104 | /* this can complete - it was not really secure */ |
789dfc47 P |
105 | testresult = 1; |
106 | end: | |
107 | OPENSSL_secure_free(p); | |
108 | OPENSSL_free(q); | |
e8408681 | 109 | OPENSSL_secure_free(r); |
789dfc47 P |
110 | OPENSSL_secure_free(s); |
111 | return testresult; | |
74924dcb RS |
112 | #else |
113 | /* Should fail. */ | |
789dfc47 | 114 | return TEST_false(CRYPTO_secure_malloc_init(4096, 32)); |
74924dcb | 115 | #endif |
789dfc47 P |
116 | } |
117 | ||
118 | void register_tests(void) | |
119 | { | |
120 | ADD_TEST(test_sec_mem); | |
74924dcb | 121 | } |