Merge pull request #20 from LudovicRousseau/staging

Staging

etc/opensc.conf.in

@@ -28,6 +28,15 @@ app default {
 	#
 	# profile_dir = @pkgdatadir@;
 
+	# Paranoid memory allocation.
+	#
+	# If set to 'true', then refuse to continue when locking of non-pageable
+	# memory fails. This can cause subtle failures but is more secure when
+	# you have a swap disk.
+	# Default: false
+	#
+	# paranoid_memory = false;
+
 	# CT-API module configuration.
 	reader_driver ctapi {
 		# module /usr/local/towitoko/lib/libtowitoko.so {

src/libopensc/ctx.c

@@ -147,7 +147,7 @@ static void add_drv(struct _sc_ctx_options *opts, const char *name)
 {
 	struct _sc_driver_entry *lst;
 	int *cp, max, i;
-	
+
 	lst = opts->cdrv;
 	cp = &opts->ccount;
 	max = SC_MAX_CARD_DRIVERS;
@@ -180,6 +180,7 @@ static void set_defaults(sc_context_t *ctx, struct _sc_ctx_options *opts)
 	if (ctx->debug_file && (ctx->debug_file != stderr && ctx->debug_file != stdout))
 		fclose(ctx->debug_file);
 	ctx->debug_file = stderr;
+	ctx->paranoid_memory = 0;
 #ifdef __APPLE__
 	/* Override the default debug log for OpenSC.tokend to be different from PKCS#11.
 	 * TODO: Could be moved to OpenSC.tokend */
@@ -230,6 +231,9 @@ static int load_parameters(sc_context_t *ctx, scconf_block *block,
 	if (val)
 		sc_ctx_log_to_file(ctx, val);
 
+	ctx->paranoid_memory = scconf_get_bool (block, "paranoid-memory",
+		ctx->paranoid_memory);
+
 	val = scconf_get_str(block, "force_card_driver", NULL);
 	if (val) {
 		if (opts->forced_card_driver)
@@ -255,12 +259,12 @@ static void load_reader_driver_options(sc_context_t *ctx)
 {
 	struct sc_reader_driver *driver = ctx->reader_driver;
 	scconf_block *conf_block = NULL;
-	
+
 	driver->max_send_size = 0;
 	driver->max_recv_size = 0;
 
 	conf_block = sc_get_conf_block(ctx, "reader_driver", driver->short_name, 1);
-	
+
 	if (conf_block != NULL) {
 		driver->max_send_size = scconf_get_int(conf_block, "max_send_size", driver->max_send_size);
 		driver->max_recv_size = scconf_get_int(conf_block, "max_recv_size", driver->max_recv_size);
@@ -560,12 +564,12 @@ static void process_config_file(sc_context_t *ctx, struct _sc_ctx_options *opts)
 	}
 	blocks = scconf_find_blocks(ctx->conf, NULL, "app", ctx->app_name);
 	if (blocks[0])
-	    	ctx->conf_blocks[count++] = blocks[0];
+		ctx->conf_blocks[count++] = blocks[0];
 	free(blocks);
 	if (strcmp(ctx->app_name, "default") != 0) {
 		blocks = scconf_find_blocks(ctx->conf, NULL, "app", "default");
 		if (blocks[0])
-		    	ctx->conf_blocks[count] = blocks[0];
+			ctx->conf_blocks[count] = blocks[0];
 		free(blocks);
 	}
 	/* Above we add 2 blocks at most, but conf_blocks has 3 elements,
@@ -583,7 +587,7 @@ int sc_ctx_detect_readers(sc_context_t *ctx)
 
 	if (drv->ops->detect_readers != NULL)
 		r = drv->ops->detect_readers(ctx);
-	
+
 	sc_mutex_unlock(ctx, ctx->mutex);
 
 	return r;
@@ -642,7 +646,7 @@ int sc_context_create(sc_context_t **ctx_out, const sc_context_param_t *parm)
 		sc_release_context(ctx);
 		return SC_ERROR_OUT_OF_MEMORY;
 	}
-	
+
 	set_defaults(ctx, &opts);
 	list_init(&ctx->readers);
 	list_attributes_seeker(&ctx->readers, reader_list_seeker);
@@ -684,7 +688,7 @@ int sc_context_create(sc_context_t **ctx_out, const sc_context_param_t *parm)
 
 	load_reader_driver_options(ctx);
 	ctx->reader_driver->ops->init(ctx);
-	
+
 	load_card_drivers(ctx, &opts);
 	load_card_atrs(ctx);
 	if (opts.forced_card_driver) {
@@ -724,7 +728,7 @@ int sc_wait_for_event(sc_context_t *ctx, unsigned int event_mask, sc_reader_t **
 	SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL);
 	if (ctx->reader_driver->ops->wait_for_event != NULL)
 		return ctx->reader_driver->ops->wait_for_event(ctx, event_mask, event_reader, event, timeout, reader_states);
-		
+
 	return SC_ERROR_NOT_SUPPORTED;
 }
 

src/libopensc/opensc.h

@@ -603,6 +603,7 @@ typedef struct sc_context {
 	scconf_block *conf_blocks[3];
 	char *app_name;
 	int debug;
+	int paranoid_memory;
 
 	FILE *debug_file;
 	char *preferred_language;
@@ -1147,7 +1148,7 @@ int sc_base64_decode(const char *in, u8 *out, size_t outlen);
  * @param  len  length of the memory buffer
  */
 void sc_mem_clear(void *ptr, size_t len);
-void *sc_mem_alloc_secure(size_t len);
+void *sc_mem_alloc_secure(sc_context_t *ctx, size_t len);
 int sc_mem_reverse(unsigned char *buf, size_t len);
 
 int sc_get_cache_dir(sc_context_t *ctx, char *buf, size_t bufsize);

src/libopensc/pkcs15-pin.c

@@ -533,7 +533,7 @@ void sc_pkcs15_pincache_add(struct sc_pkcs15_card *p15card, struct sc_pkcs15_obj
 		obj = obj->next;
 	}
 
-	r = sc_pkcs15_allocate_object_content(pin_obj, pin, pinlen);
+	r = sc_pkcs15_allocate_object_content(ctx, pin_obj, pin, pinlen);
 	if (r != SC_SUCCESS)   {
 		sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Failed to allocate object content");
 		return;

src/libopensc/pkcs15.c

@@ -2033,7 +2033,8 @@ void sc_pkcs15_free_object_content(struct sc_pkcs15_object *obj)
 	obj->content.len = 0;
 }
 
-int sc_pkcs15_allocate_object_content(struct sc_pkcs15_object *obj,
+int sc_pkcs15_allocate_object_content(struct sc_context *ctx,
+		struct sc_pkcs15_object *obj,
 		const unsigned char *value, size_t len)
 {
 	unsigned char *tmp_buf;
@@ -2049,7 +2050,7 @@ int sc_pkcs15_allocate_object_content(struct sc_pkcs15_object *obj,
 	/* Need to pass by temporary variable,
 	 * because 'value' and 'content.value' pointers can be the sames.
 	 */
-	tmp_buf = (unsigned char *)sc_mem_alloc_secure(len);
+	tmp_buf = (unsigned char *)sc_mem_alloc_secure(ctx, len);
 	if (!tmp_buf)
 		return SC_ERROR_OUT_OF_MEMORY;
 

src/libopensc/pkcs15.h

@@ -812,7 +812,7 @@ int sc_pkcs15_make_absolute_path(const sc_path_t *parent, sc_path_t *child);
 void sc_pkcs15_free_object_content(struct sc_pkcs15_object *);
 
 /* Allocate and set object content */
-int sc_pkcs15_allocate_object_content(struct sc_pkcs15_object *,
+int sc_pkcs15_allocate_object_content(struct sc_context *, struct sc_pkcs15_object *,
 		const unsigned char *, size_t);
 
 struct sc_supported_algo_info *sc_pkcs15_get_supported_algo(struct sc_pkcs15_card *,

src/libopensc/sc.c

@@ -158,7 +158,7 @@ int sc_format_oid(struct sc_object_id *oid, const char *in)
 		oid->value[ii] = -1;
 
 	p = in;
-	
+
 	for (ii=0; ii < SC_MAX_OBJECT_ID_OCTETS; ii++)   {
 		oid->value[ii] = strtol(p, &q, 10);
 		if (!*q)
@@ -200,7 +200,7 @@ int sc_detect_card_presence(sc_reader_t *reader)
 	SC_FUNC_RETURN(reader->ctx, SC_LOG_DEBUG_NORMAL, r);
 }
 
-int sc_path_set(sc_path_t *path, int type, const u8 *id, size_t id_len, 
+int sc_path_set(sc_path_t *path, int type, const u8 *id, size_t id_len,
 	int idx, int count)
 {
 	if (path == NULL || id == NULL || id_len == 0 || id_len > SC_MAX_PATH_SIZE)
@@ -212,7 +212,7 @@ int sc_path_set(sc_path_t *path, int type, const u8 *id, size_t id_len,
 	path->type  = type;
 	path->index = idx;
 	path->count = count;
-	
+
 	return SC_SUCCESS;
 }
 
@@ -340,11 +340,11 @@ int sc_compare_path_prefix(const sc_path_t *prefix, const sc_path_t *path)
 
 const sc_path_t *sc_get_mf_path(void)
 {
-	static const sc_path_t mf_path = { 
-		{0x3f, 0x00, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, 2, 
-		0, 
-		0, 
-		SC_PATH_TYPE_PATH, 
+	static const sc_path_t mf_path = {
+		{0x3f, 0x00, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, 2,
+		0,
+		0,
+		SC_PATH_TYPE_PATH,
 		{{0},0}
 	};
 	return &mf_path;
@@ -687,7 +687,7 @@ int _sc_parse_atr(sc_reader_t *reader)
 	                        atr_len--;
 	                } else
 	                        tx[i] = -1;
-        	}
+		}
 	}
 	if (atr_len <= 0)
 		return 0;
@@ -698,21 +698,29 @@ int _sc_parse_atr(sc_reader_t *reader)
 	return 0;
 }
 
-void *sc_mem_alloc_secure(size_t len)
+void *sc_mem_alloc_secure(sc_context_t *ctx, size_t len)
 {
     void *pointer;
-    
+    int locked = 0;
+
     pointer = calloc(len, sizeof(unsigned char));
     if (!pointer)
         return NULL;
 #ifdef HAVE_SYS_MMAN_H
     /* TODO Windows support and mprotect too */
     /* Do not swap the memory */
-    if (mlock(pointer, len) == -1) {
-        free(pointer);
-        return NULL;
-    }
+    if (mlock(pointer, len) >= 0)
+        locked = 1;
 #endif
+    if (!locked) {
+        if (ctx->paranoid_memory) {
+            sc_do_log (ctx, 0, NULL, 0, NULL, "cannot lock memory, failing allocation because paranoid set");
+            free (pointer);
+            pointer = NULL;
+        } else {
+            sc_do_log (ctx, 0, NULL, 0, NULL, "cannot lock memory, sensitive data may be paged to disk");
+        }
+    }
     return pointer;
 }
 
@@ -744,8 +752,8 @@ int sc_mem_reverse(unsigned char *buf, size_t len)
 	return 0;
 }
 
-static int 
-sc_remote_apdu_allocate(struct sc_remote_data *rdata, 
+static int
+sc_remote_apdu_allocate(struct sc_remote_data *rdata,
 		struct sc_remote_apdu **new_rapdu)
 {
 	struct sc_remote_apdu *rapdu = NULL, *rr;
@@ -778,7 +786,7 @@ sc_remote_apdu_allocate(struct sc_remote_data *rdata,
 	return SC_SUCCESS;
 }
 
-static void 
+static void
 sc_remote_apdu_free (struct sc_remote_data *rdata)
 {
 	struct sc_remote_apdu *rapdu = NULL;
@@ -849,7 +857,7 @@ int sc_mutex_destroy(const sc_context_t *ctx, void *mutex)
 
 unsigned long sc_thread_id(const sc_context_t *ctx)
 {
-	if (ctx == NULL || ctx->thread_ctx == NULL || 
+	if (ctx == NULL || ctx->thread_ctx == NULL ||
 	    ctx->thread_ctx->thread_id == NULL)
 		return 0UL;
 	else

src/pkcs15init/pkcs15-authentic.c

@@ -580,7 +580,7 @@ authentic_pkcs15_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p
 	sdo->file = file_p_prvkey;
 	sc_log(ctx, "sdo->file:%p", sdo->file);
 
-	rv = sc_pkcs15_allocate_object_content(object, (unsigned char *)sdo, sizeof(struct sc_authentic_sdo));
+	rv = sc_pkcs15_allocate_object_content(ctx, object, (unsigned char *)sdo, sizeof(struct sc_authentic_sdo));
 	LOG_TEST_RET(ctx, rv, "Failed to allocate PrvKey SDO as object content");
 
 	LOG_FUNC_RETURN(ctx, rv);
@@ -644,7 +644,7 @@ authentic_pkcs15_generate_key(struct sc_profile *profile, sc_pkcs15_card_t *p15c
 
 	authentic_free_sdo_data(sdo);
 
-	rv = sc_pkcs15_allocate_object_content(object, pubkey->data.value, pubkey->data.len);
+	rv = sc_pkcs15_allocate_object_content(ctx, object, pubkey->data.value, pubkey->data.len);
 	LOG_TEST_RET(ctx, rv, "Failed to allocate public key as object content");
 
 	LOG_FUNC_RETURN(ctx, rv);

src/pkcs15init/pkcs15-iasecc.c

@@ -1038,7 +1038,7 @@ iasecc_pkcs15_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15c
 		LOG_TEST_RET(ctx, rv, "Cannot create key slot");
 	}
 	
-	rv = sc_pkcs15_allocate_object_content(object, (unsigned char *)sdo_prvkey, sizeof(struct iasecc_sdo));
+	rv = sc_pkcs15_allocate_object_content(ctx, object, (unsigned char *)sdo_prvkey, sizeof(struct iasecc_sdo));
 	LOG_TEST_RET(ctx, rv, "Failed to allocate PrvKey SDO as object content");
 
 	rv = iasecc_pkcs15_fix_private_key_attributes(profile, p15card, object, (struct iasecc_sdo *)object->content.value);
@@ -1135,7 +1135,7 @@ iasecc_pkcs15_generate_key(struct sc_profile *profile, sc_pkcs15_card_t *p15card
 	LOG_TEST_RET(ctx, rv, "encode private key access rules failed");
 
 	/* SDO PrvKey data replaced by public part of generated key */
-	rv = sc_pkcs15_allocate_object_content(object, pubkey->data.value, pubkey->data.len);
+	rv = sc_pkcs15_allocate_object_content(ctx, object, pubkey->data.value, pubkey->data.len);
 	LOG_TEST_RET(ctx, rv, "Failed to allocate public key as object content");
 
 	iasecc_sdo_free(card, sdo_pubkey);

src/pkcs15init/pkcs15-oberthur-awp.c

@@ -1427,7 +1427,7 @@ awp_update_df_create_prvkey(struct sc_pkcs15_card *p15card, struct sc_profile *p
 		rv = sc_pkcs15_read_certificate(p15card, cert_info, &p15cert);
 		SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'update private key' DF failed:  cannot get certificate");
 
-		rv = sc_pkcs15_allocate_object_content(cert_obj, p15cert->data, p15cert->data_len);
+		rv = sc_pkcs15_allocate_object_content(ctx, cert_obj, p15cert->data, p15cert->data_len);
 		SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'update private key' DF failed:  cannot allocate content");
 
 		rv = awp_encode_cert_info(p15card, cert_obj, &icert);