Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secure usage of Emscripten heap #495

Merged
merged 8 commits into from
Jul 11, 2019
Merged

Secure usage of Emscripten heap #495

merged 8 commits into from
Jul 11, 2019

Commits on Jul 9, 2019

  1. Heap utilities 

    Provide some wrapper functions to hide all the intricacies of dealing
with Emscrpten heap. We should use these functions instead of calling
C directly.

Note that they ensure that allocated memory is zeroed out before use
as well as after use. This makes it easier to debug initialization
issues, and reduces the likelyhood of sensitive data leakage through
Emscripten heap.
    @ilammy
    ilammy committed Jul 9, 2019
    Configuration menu
    Copy the full SHA
    a550382 View commit details
    Browse the repository at this point in the history

  2. Use heap securely in key generation 

    Instead of calling malloc() and free() directly, use our new helpers
to deal with passing byte arrays between JavaScript and Emscripten.
    @ilammy
    ilammy committed Jul 9, 2019
    Configuration menu
    Copy the full SHA
    03caffa View commit details
    Browse the repository at this point in the history

  3. Merge branch 'master' into wasm-zeroization

    @ilammy
    ilammy committed Jul 9, 2019
    Configuration menu
    Copy the full SHA
    22a25ca View commit details
    Browse the repository at this point in the history

  4. Use heap securely in Secure Cell 

    Instead of calling malloc() and free() directly, use our new helpers
to deal with passing byte arrays between JavaScript and Emscripten.
    @ilammy
    ilammy committed Jul 9, 2019
    Configuration menu
    Copy the full SHA
    b4719ef View commit details
    Browse the repository at this point in the history

  5. Use heap securely in Secure Message 

    Instead of calling malloc() and free() directly, use our new helpers
to deal with passing byte arrays between JavaScript and Emscripten.
    @ilammy
    ilammy committed Jul 9, 2019
    Configuration menu
    Copy the full SHA
    5a16bce View commit details
    Browse the repository at this point in the history

  6. Use heap securely in Secure Comparator 

    Instead of calling malloc() and free() directly, use our new helpers
to deal with passing byte arrays between JavaScript and Emscripten.
    @ilammy
    ilammy committed Jul 9, 2019
    Configuration menu
    Copy the full SHA
    927aca7 View commit details
    Browse the repository at this point in the history

  7. Use heap securely in Secure Session 

    Instead of calling malloc() and free() directly, use our new helpers
to deal with passing byte arrays between JavaScript and Emscripten.
    @ilammy
    ilammy committed Jul 9, 2019
    Configuration menu
    Copy the full SHA
    3fb6bd7 View commit details
    Browse the repository at this point in the history

Commits on Jul 10, 2019

  1. Avoid NULL dereference 

    heapAlloc: if malloc() fails then do not zero out the result

heapFree: make this function a no-op to allow its usage in failure
paths where the pointer is null (e.g., returned by failed heapAlloc)

We use a weird check "!!buffer" because JavaScript has weird ideas
about what is null and what is zero. malloc() results are generally
checked with "!ptr" so we invert this check.
    @ilammy
    ilammy committed Jul 10, 2019
    Configuration menu
    Copy the full SHA
    f8dd4e7 View commit details
    Browse the repository at this point in the history