From 5d7ed3724694e344c1cc33b150bd7ede5d20c895 Mon Sep 17 00:00:00 2001
From: Frank Morgner <frankmorgner@gmail.com>
Date: Tue, 30 Jan 2018 09:58:09 +0100
Subject: [PATCH] Removed configuration option `paranoid-memory`

Don't pretend that we're capable of performing memory locking. The
implementation of that, `sc_mem_alloc_secure()` (also removed), was
almost unused anyway.
---
 etc/opensc.conf.in              |  9 ---------
 src/libopensc/ctx.c             |  4 ----
 src/libopensc/libopensc.exports |  1 -
 src/libopensc/opensc.h          |  2 +-
 src/libopensc/pkcs15.c          |  2 +-
 src/libopensc/sc.c              | 32 --------------------------------
 src/pkcs11/misc.c               |  2 +-
 7 files changed, 3 insertions(+), 49 deletions(-)

diff --git a/etc/opensc.conf.in b/etc/opensc.conf.in
index a1d9d8fc..9a150a4e 100644
--- a/etc/opensc.conf.in
+++ b/etc/opensc.conf.in
@@ -36,15 +36,6 @@ app default {
 	#
 	# profile_dir = @PROFILE_DIR@;
 
-	# Paranoid memory allocation.
-	#
-	# If set to 'true', then refuse to continue when locking of non-pageable
-	# memory fails. This can cause subtle failures but is more secure when
-	# you have a swap disk.
-	# Default: false
-	#
-	# paranoid_memory = false;
-
 	# Dsiable pop-ups of built-in GUI
 	#
 	# Default: false
diff --git a/src/libopensc/ctx.c b/src/libopensc/ctx.c
index eb8892b2..63d501de 100644
--- a/src/libopensc/ctx.c
+++ b/src/libopensc/ctx.c
@@ -367,10 +367,6 @@ load_parameters(sc_context_t *ctx, scconf_block *block, struct _sc_ctx_options *
 		sc_ctx_log_to_file(ctx, NULL);
 	}
 
-	if (scconf_get_bool (block, "paranoid-memory",
-				ctx->flags & SC_CTX_FLAG_PARANOID_MEMORY))
-		ctx->flags |= SC_CTX_FLAG_PARANOID_MEMORY;
-
 	if (scconf_get_bool (block, "disable_popups",
 				ctx->flags & SC_CTX_FLAG_DISABLE_POPUPS))
 		ctx->flags |= SC_CTX_FLAG_DISABLE_POPUPS;
diff --git a/src/libopensc/libopensc.exports b/src/libopensc/libopensc.exports
index 44ef5619..2daea3e2 100644
--- a/src/libopensc/libopensc.exports
+++ b/src/libopensc/libopensc.exports
@@ -130,7 +130,6 @@ sc_list_files
 sc_lock
 sc_logout
 sc_make_cache_dir
-sc_mem_alloc_secure
 sc_mem_clear
 sc_mem_reverse
 sc_match_atr_block
diff --git a/src/libopensc/opensc.h b/src/libopensc/opensc.h
index c31e8fff..bc256dce 100644
--- a/src/libopensc/opensc.h
+++ b/src/libopensc/opensc.h
@@ -688,6 +688,7 @@ typedef struct {
  * calling sc_disconnect_card.
  */
 #define SC_CTX_FLAG_TERMINATE				0x00000001
+/** removed in 0.18.0 and later */
 #define SC_CTX_FLAG_PARANOID_MEMORY			0x00000002
 #define SC_CTX_FLAG_DEBUG_MEMORY			0x00000004
 #define SC_CTX_FLAG_ENABLE_DEFAULT_DRIVER	0x00000008
@@ -1324,7 +1325,6 @@ int sc_base64_decode(const char *in, u8 *out, size_t outlen);
  * @param  len  length of the memory buffer
  */
 void sc_mem_clear(void *ptr, size_t len);
-void *sc_mem_alloc_secure(sc_context_t *ctx, size_t len);
 int sc_mem_reverse(unsigned char *buf, size_t len);
 
 int sc_get_cache_dir(sc_context_t *ctx, char *buf, size_t bufsize);
diff --git a/src/libopensc/pkcs15.c b/src/libopensc/pkcs15.c
index 892d4244..d6db6a30 100644
--- a/src/libopensc/pkcs15.c
+++ b/src/libopensc/pkcs15.c
@@ -2569,7 +2569,7 @@ sc_pkcs15_allocate_object_content(struct sc_context *ctx, struct sc_pkcs15_objec
 	/* Need to pass by temporary variable,
 	 * because 'value' and 'content.value' pointers can be the sames.
 	 */
-	tmp_buf = (unsigned char *)sc_mem_alloc_secure(ctx, len);
+	tmp_buf = calloc(sizeof *tmp_buf, len);
 	if (!tmp_buf)
 		return SC_ERROR_OUT_OF_MEMORY;
 
diff --git a/src/libopensc/sc.c b/src/libopensc/sc.c
index 6c40839e..389a2c2d 100644
--- a/src/libopensc/sc.c
+++ b/src/libopensc/sc.c
@@ -826,40 +826,8 @@ int _sc_parse_atr(sc_reader_t *reader)
 	return SC_SUCCESS;
 }
 
-void *sc_mem_alloc_secure(sc_context_t *ctx, size_t len)
-{
-    void *pointer;
-    int locked = 0;
-
-    pointer = calloc(len, sizeof(unsigned char));
-    if (!pointer)
-	return NULL;
-#ifdef HAVE_SYS_MMAN_H
-    /* TODO mprotect */
-    /* Do not swap the memory */
-    if (mlock(pointer, len) >= 0)
-	locked = 1;
-#endif
-#ifdef _WIN32
-	/* Do not swap the memory */
-	if (VirtualLock(pointer, len) != 0)
-		locked = 1;
-#endif
-    if (!locked) {
-	if (ctx->flags & SC_CTX_FLAG_PARANOID_MEMORY) {
-	    sc_do_log (ctx, 0, NULL, 0, NULL, "cannot lock memory, failing allocation because paranoid set");
-	    free (pointer);
-	    pointer = NULL;
-	} else {
-	    sc_do_log (ctx, 0, NULL, 0, NULL, "cannot lock memory, sensitive data may be paged to disk");
-	}
-    }
-    return pointer;
-}
-
 void sc_mem_clear(void *ptr, size_t len)
 {
-	/* FIXME: Bug in 1.0.0-beta series crashes with 0 length */
 	if (len > 0)   {
 #ifdef ENABLE_OPENSSL
 		OPENSSL_cleanse(ptr, len);
diff --git a/src/pkcs11/misc.c b/src/pkcs11/misc.c
index 3847885e..17ab2cdd 100644
--- a/src/pkcs11/misc.c
+++ b/src/pkcs11/misc.c
@@ -187,7 +187,7 @@ CK_RV push_login_state(struct sc_pkcs11_slot *slot,
 	}
 
 	if (pPin && ulPinLen) {
-		login->pPin = sc_mem_alloc_secure(context, (sizeof *pPin)*ulPinLen);
+		login->pPin = calloc((sizeof *pPin), ulPinLen);
 		if (login->pPin == NULL) {
 			goto err;
 		}