Allocate whole page(s) for each sc_mem_secure_alloc #3281

dgalling · 2024-12-02T16:27:18Z

sc_mem_secure_alloc uses calloc to allocate memory, but then uses mlock to try to lock the allocated memory. calloc may not necessarily return a page-aligned pointer, even if we request a whole page of memory.

Instead of relying on the libc allocator behavior, we directly call mmap (VirtualAlloc on Windows) to ensure we get whole page(s) to ourselves for sc_mem_secure_alloc.

Fixes #3267

Checklist

Documentation is added or updated
New files have a LGPL 2.1 license statement
PKCS#11 module is tested
Windows minidriver is tested
macOS tokend is tested

sc_mem_secure_alloc uses calloc to allocate memory, but then uses mlock to try to lock the allocated memory. calloc may not necessarily return a page-aligned pointer, even if we request a whole page of memory. Instead of relying on the libc allocator behavior, we directly call mmap (VirtualAlloc on Windows) to ensure we get whole page(s) to ourselves for sc_mem_secure_alloc. Fixes OpenSC#3267

frankmorgner

Looks great! Thanks again for the bugfix.

frankmorgner · 2024-12-03T08:57:58Z

please just check the code style: the opening curly bracket should go into the line of the if

frankmorgner · 2024-12-03T08:58:13Z

https://github.com/OpenSC/OpenSC/actions/runs/12123642629/job/33836613737?pr=3281

This will crash applications, which, for example are importing a private key as reported here OpenSC#3269 (comment)

dgalling · 2024-12-09T18:40:28Z

I cherry-picked 92f53e6 to this branch because it doesn't make sense to merge this PR without your changes there.

The oseid and openpgp tests now pass on my machine under both valgrind and my custom heap debugger, and it looks like all of the tests are happy in CI as well.

Also, the PKCS11/SC is working on my machine in the Chromium browser with no crashes so far.

Nice job on the fixes to the PKCS15 allocation, I did not think it would be such a clean patch. One further question I had here was whether you wanted me to contribute my heap tracking code. It would allow you to detect cases where a memory block is allocated with the libc allocator and then freed with the secure_free (but not vice versa without overriding the libc free). There is of course some performance cost, but it might be worth it to allow the library to crash instead of corrupting the heap. Just a thought, definitely not a blocker for this PR.

frankmorgner · 2024-12-11T08:55:12Z

Thanks for your help and the excellent analysis!

New in 0.26.1; 2025-01-14 General improvements Align allocations of sc_mem_secure_alloc (OpenSC/OpenSC#3281) Fix -O3 gcc optimization failure on amd64 and ppc64el (OpenSC/OpenSC#3299) pkcs11-spy Avoid crash while spying C_GetInterface() (OpenSC/OpenSC#3275) TCOS Fix reading certificate (OpenSC/OpenSC#3296) New in 0.26.0; 2024-11-13 Security CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init (OpenSC/OpenSC#3225) CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc (OpenSC/OpenSC#3225) CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc (OpenSC/OpenSC#3225) CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init (OpenSC/OpenSC#3225) CVE-2024-45619: Incorrect handling length of buffers or files in libopensc (OpenSC/OpenSC#3225) CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init (OpenSC/OpenSC#3225) CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key (OpenSC/OpenSC#3219) General improvements Fix reselection of DF after error in PKCSOpenSC/OpenSC#15 layer (OpenSC/OpenSC#3067) Unify OpenSSL logging throughout code (OpenSC/OpenSC#2922) Extend the p11test to support kryoptic (OpenSC/OpenSC#3141) Fix for error in PCSC reconnection (OpenSC/OpenSC#3150) Fixed various issues reported by OSS-Fuzz and Coverity in drivers, PKCS#11 and PKCS#15 layer PKCS#15 Documentation for PKCS#15 profile files (OpenSC/OpenSC#3132) minidriver Support PinCacheAlwaysPrompt usable for PIV cards (OpenSC/OpenSC#3167) pkcs11-tool Show URI when listing token information (OpenSC/OpenSC#3125) and objects (OpenSC/OpenSC#3130) Do not limit size of objects to 5000 bytes (OpenSC/OpenSC#3174) Add support for AES CMAC (OpenSC/OpenSC#3184) Add support for AES GCM encryption (OpenSC/OpenSC#3195) Add support for RSA OAEP encryption (OpenSC/OpenSC#3175) Add support for HKDF (OpenSC/OpenSC#3193) Implement better support for wrapping and unwrapping (OpenSC/OpenSC#3198) Add support for EdDSA sign and verify (OpenSC/OpenSC#2979) pkcs15-crypt Fix PKCS#1 encoding function to correctly detect padding type (OpenSC/OpenSC#3075) piv-tool Fix RSA key generation (OpenSC/OpenSC#3158) Avoid possible state change when matching unknown card (OpenSC/OpenSC#3112) sc-hsm-tool Cleanse buffer with plaintext key share (OpenSC/OpenSC#3226) pkcs11-register Fix pkcs11-register defaults on macOS and Windows (OpenSC/OpenSC#3053) IDPrime Fix identification of IDPrime 840 cards (OpenSC/OpenSC#3146) Fix container mapping for IDPrime 940 cards (OpenSC/OpenSC#3220) Reorder ATRs for matching cards (OpenSC/OpenSC#3154) OpenPGP Fix state tracking after erasing card (OpenSC/OpenSC#3024) Belpic Disable Applet V1.8 (OpenSC/OpenSC#3109) MICARDO Deactivate driver (OpenSC/OpenSC#3152) SmartCard-HSM Fix signing with secp521r1 signature (OpenSC/OpenSC#3157) eOI Set model via sc_card_ctl function (OpenSC/OpenSC#3189) Rutoken increase the minimum PIN size to support Rutoken ECP BIO (OpenSC/OpenSC#3208) JPKI Adjust parameters for public key in PKCS#15 emulator (OpenSC/OpenSC#3182) D-Trust Add support for ECDSA signatures and ECDH key agreement for D-Trust Signatures Cards 4.1/4.4 (OpenSC/OpenSC#3240, OpenSC/OpenSC#openwrt#3248) Signed-off-by: Daniel Golle <[email protected]>

New in 0.26.1; 2025-01-14 General improvements Align allocations of sc_mem_secure_alloc (OpenSC/OpenSC#3281) Fix -O3 gcc optimization failure on amd64 and ppc64el (OpenSC/OpenSC#3299) pkcs11-spy Avoid crash while spying C_GetInterface() (OpenSC/OpenSC#3275) TCOS Fix reading certificate (OpenSC/OpenSC#3296) New in 0.26.0; 2024-11-13 Security CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init (OpenSC/OpenSC#3225) CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc (OpenSC/OpenSC#3225) CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc (OpenSC/OpenSC#3225) CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init (OpenSC/OpenSC#3225) CVE-2024-45619: Incorrect handling length of buffers or files in libopensc (OpenSC/OpenSC#3225) CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init (OpenSC/OpenSC#3225) CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key (OpenSC/OpenSC#3219) General improvements Fix reselection of DF after error in PKCSOpenSC/OpenSC#15 layer (OpenSC/OpenSC#3067) Unify OpenSSL logging throughout code (OpenSC/OpenSC#2922) Extend the p11test to support kryoptic (OpenSC/OpenSC#3141) Fix for error in PCSC reconnection (OpenSC/OpenSC#3150) Fixed various issues reported by OSS-Fuzz and Coverity in drivers, PKCS#11 and PKCS#15 layer PKCS#15 Documentation for PKCS#15 profile files (OpenSC/OpenSC#3132) minidriver Support PinCacheAlwaysPrompt usable for PIV cards (OpenSC/OpenSC#3167) pkcs11-tool Show URI when listing token information (OpenSC/OpenSC#3125) and objects (OpenSC/OpenSC#3130) Do not limit size of objects to 5000 bytes (OpenSC/OpenSC#3174) Add support for AES CMAC (OpenSC/OpenSC#3184) Add support for AES GCM encryption (OpenSC/OpenSC#3195) Add support for RSA OAEP encryption (OpenSC/OpenSC#3175) Add support for HKDF (OpenSC/OpenSC#3193) Implement better support for wrapping and unwrapping (OpenSC/OpenSC#3198) Add support for EdDSA sign and verify (OpenSC/OpenSC#2979) pkcs15-crypt Fix PKCS#1 encoding function to correctly detect padding type (OpenSC/OpenSC#3075) piv-tool Fix RSA key generation (OpenSC/OpenSC#3158) Avoid possible state change when matching unknown card (OpenSC/OpenSC#3112) sc-hsm-tool Cleanse buffer with plaintext key share (OpenSC/OpenSC#3226) pkcs11-register Fix pkcs11-register defaults on macOS and Windows (OpenSC/OpenSC#3053) IDPrime Fix identification of IDPrime 840 cards (OpenSC/OpenSC#3146) Fix container mapping for IDPrime 940 cards (OpenSC/OpenSC#3220) Reorder ATRs for matching cards (OpenSC/OpenSC#3154) OpenPGP Fix state tracking after erasing card (OpenSC/OpenSC#3024) Belpic Disable Applet V1.8 (OpenSC/OpenSC#3109) MICARDO Deactivate driver (OpenSC/OpenSC#3152) SmartCard-HSM Fix signing with secp521r1 signature (OpenSC/OpenSC#3157) eOI Set model via sc_card_ctl function (OpenSC/OpenSC#3189) Rutoken increase the minimum PIN size to support Rutoken ECP BIO (OpenSC/OpenSC#3208) JPKI Adjust parameters for public key in PKCS#15 emulator (OpenSC/OpenSC#3182) D-Trust Add support for ECDSA signatures and ECDH key agreement for D-Trust Signatures Cards 4.1/4.4 (OpenSC/OpenSC#3240, OpenSC/OpenSC##3248) Signed-off-by: Daniel Golle <[email protected]>

dgalling mentioned this pull request Dec 2, 2024

sc_mem_secure_alloc/free leave unaligned allocations locked in memory #3267

Closed

frankmorgner approved these changes Dec 3, 2024

View reviewed changes

frankmorgner mentioned this pull request Dec 3, 2024

sc_mem_secure_alloc: only lock requested length #3269

Closed

5 tasks

dgalling and others added 2 commits December 9, 2024 10:53

Fix code style violations

c5037da

fixed usage of free() on data that was created with sc_mem_secure_alloc

137d49d

This will crash applications, which, for example are importing a private key as reported here OpenSC#3269 (comment)

dgalling marked this pull request as ready for review December 9, 2024 17:02

frankmorgner merged commit 3e90fd0 into OpenSC:master Dec 11, 2024
53 checks passed

frankmorgner mentioned this pull request Dec 11, 2024

fixed usage of free() on data that was created with sc_mem_secure_alloc #3282

Closed

5 tasks

xhanulik mentioned this pull request Jan 13, 2025

OpenSC 0.26.1 #3305

Closed

guylamar2006 mentioned this pull request Mar 6, 2025

opensc: 0.26.0 -> 0.26.1 NixOS/nixpkgs#387681

Merged

13 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Allocate whole page(s) for each sc_mem_secure_alloc #3281

Allocate whole page(s) for each sc_mem_secure_alloc #3281

Uh oh!

dgalling commented Dec 2, 2024

Uh oh!

frankmorgner left a comment

Uh oh!

frankmorgner commented Dec 3, 2024

Uh oh!

frankmorgner commented Dec 3, 2024

Uh oh!

dgalling commented Dec 9, 2024

Uh oh!

Uh oh!

frankmorgner commented Dec 11, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Allocate whole page(s) for each sc_mem_secure_alloc #3281

Allocate whole page(s) for each sc_mem_secure_alloc #3281

Uh oh!

Conversation

dgalling commented Dec 2, 2024

Checklist

Uh oh!

frankmorgner left a comment

Choose a reason for hiding this comment

Uh oh!

frankmorgner commented Dec 3, 2024

Uh oh!

frankmorgner commented Dec 3, 2024

Uh oh!

dgalling commented Dec 9, 2024

Uh oh!

Uh oh!

frankmorgner commented Dec 11, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants