src: verify that released DataPointers aren't on secure heap

jasnell · jasnell · commit a1aed38ec75c · 2025-03-05T14:09:01.000-08:00
The ByteSource does not currently know how to free a DataPointer
allocated on the secure heap, so just verify.

DataPointers on the secure heap are not something that users can
allocate on their own. Their use is rare. Eventually ByteSource
is going to be refactored around ncrypto APIs so these additional
checks should be temporary.
diff --git a/deps/ncrypto/ncrypto.h b/deps/ncrypto/ncrypto.h
@@ -473,6 +473,8 @@ class DataPointer final {
     };
   }
 
+  bool isSecure() const { return secure_; }
+
  private:
   void* data_ = nullptr;
   size_t len_ = 0;
diff --git a/src/crypto/crypto_dh.cc b/src/crypto/crypto_dh.cc
@@ -55,11 +55,17 @@ void DiffieHellman::MemoryInfo(MemoryTracker* tracker) const {
 
 namespace {
 MaybeLocal<Value> DataPointerToBuffer(Environment* env, DataPointer&& data) {
+  struct Flag {
+    bool secure;
+  };
   auto backing = ArrayBuffer::NewBackingStore(
       data.get(),
       data.size(),
-      [](void* data, size_t len, void* ptr) { DataPointer free_me(data, len); },
-      nullptr);
+      [](void* data, size_t len, void* ptr) {
+        std::unique_ptr<Flag> flag(static_cast<Flag*>(ptr));
+        DataPointer free_me(data, len, flag->secure);
+      },
+      new Flag { data.isSecure() });
   data.release();
 
   auto ab = ArrayBuffer::New(env->isolate(), std::move(backing));
@@ -482,6 +488,7 @@ ByteSource StatelessDiffieHellmanThreadsafe(const EVPKeyPointer& our_key,
                                             const EVPKeyPointer& their_key) {
   auto dp = DHPointer::stateless(our_key, their_key);
   if (!dp) return {};
+  DCHECK(!dp.isSecure());
 
   return ByteSource::Allocated(dp.release());
 }
diff --git a/src/crypto/crypto_ec.cc b/src/crypto/crypto_ec.cc
@@ -449,6 +449,7 @@ bool ECDHBitsTraits::DeriveBits(Environment* env,
 
       auto data = ctx.derive();
       if (!data) return false;
+      DCHECK(!data.isSecure());
 
       *out = ByteSource::Allocated(data.release());
       break;
@@ -572,12 +573,14 @@ WebCryptoKeyExportStatus EC_Raw_Export(const KeyObjectData& key_data,
       case kKeyTypePrivate: {
         auto data = m_pkey.rawPrivateKey();
         if (!data) return WebCryptoKeyExportStatus::INVALID_KEY_TYPE;
+        DCHECK(!data.isSecure());
         *out = ByteSource::Allocated(data.release());
         break;
       }
       case kKeyTypePublic: {
         auto data = m_pkey.rawPublicKey();
         if (!data) return WebCryptoKeyExportStatus::INVALID_KEY_TYPE;
+        DCHECK(!data.isSecure());
         *out = ByteSource::Allocated(data.release());
         break;
       }
diff --git a/src/crypto/crypto_hash.cc b/src/crypto/crypto_hash.cc
@@ -405,6 +405,7 @@ void Hash::HashDigest(const FunctionCallbackInfo<Value>& args) {
     if (!data) [[unlikely]] {
       return ThrowCryptoError(env, ERR_get_error());
     }
+    DCHECK(!data.isSecure());
 
     hash->digest_ = ByteSource::Allocated(data.release());
   }
@@ -504,6 +505,7 @@ bool HashTraits::DeriveBits(
     if (!data) [[unlikely]]
       return false;
 
+    DCHECK(!data.isSecure());
     *out = ByteSource::Allocated(data.release());
   }
 
diff --git a/src/crypto/crypto_hkdf.cc b/src/crypto/crypto_hkdf.cc
@@ -117,6 +117,7 @@ bool HKDFTraits::DeriveBits(
                           params.length);
   if (!dp) return false;
 
+  DCHECK(!data.isSecure());
   *out = ByteSource::Allocated(dp.release());
   return true;
 }
diff --git a/src/crypto/crypto_hmac.cc b/src/crypto/crypto_hmac.cc
@@ -258,6 +258,7 @@ bool HmacTraits::DeriveBits(
   if (!buf) [[unlikely]]
     return false;
 
+  DCHECK(!buf.isSecure());
   *out = ByteSource::Allocated(buf.release());
 
   return true;
diff --git a/src/crypto/crypto_pbkdf2.cc b/src/crypto/crypto_pbkdf2.cc
@@ -126,6 +126,7 @@ bool PBKDF2Traits::DeriveBits(Environment* env,
                             params.length);
 
   if (!dp) return false;
+  DCHECK(!dp.isSecure());
   *out = ByteSource::Allocated(dp.release());
   return true;
 }
diff --git a/src/crypto/crypto_rsa.cc b/src/crypto/crypto_rsa.cc
@@ -204,6 +204,7 @@ WebCryptoCipherStatus RSA_Cipher(Environment* env,
 
   auto data = cipher(m_pkey, nparams, in);
   if (!data) return WebCryptoCipherStatus::FAILED;
+  DCHECK(!data.isSecure());
 
   *out = ByteSource::Allocated(data.release());
   return WebCryptoCipherStatus::OK;
diff --git a/src/crypto/crypto_scrypt.cc b/src/crypto/crypto_scrypt.cc
@@ -140,6 +140,7 @@ bool ScryptTraits::DeriveBits(
       params.length);
 
   if (!dp) return false;
+  DCHECK(!dp.isSecure());
   *out = ByteSource::Allocated(dp.release());
   return true;
 }
diff --git a/src/crypto/crypto_sig.cc b/src/crypto/crypto_sig.cc
@@ -682,13 +682,15 @@ bool SignTraits::DeriveBits(
           crypto::CheckThrow(env, SignBase::Error::PrivateKey);
           return false;
         }
+        DCHECK(!data.isSecure());
         *out = ByteSource::Allocated(data.release());
       } else {
         auto data = context.sign(params.data);
         if (!data) [[unlikely]] {
           crypto::CheckThrow(env, SignBase::Error::PrivateKey);
           return false;
         }
+        DCHECK(!data.isSecure());
         auto bs = ByteSource::Allocated(data.release());
 
         if (UseP1363Encoding(key, params.dsa_encoding)) {
diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
@@ -652,6 +652,7 @@ void SecureBuffer(const FunctionCallbackInfo<Value>& args) {
   uint32_t len = args[0].As<Uint32>()->Value();
 
   auto data = DataPointer::SecureAlloc(len);
+  CHECK(data.isSecure());
   if (!data) {
     return THROW_ERR_OPERATION_FAILED(env, "Allocation failed");
   }

Original file line number	Diff line number	Diff line change
`@@ -473,6 +473,8 @@ class DataPointer final {`
`473`	`473`	`};`
`474`	`474`	`}`
`475`	`475`
	`476`	`+ bool isSecure() const { return secure_; }`
	`477`	`+`
`476`	`478`	`private:`
`477`	`479`	`void* data_ = nullptr;`
`478`	`480`	`size_t len_ = 0;`
Original file line number	Diff line number	Diff line change
`@@ -405,6 +405,7 @@ void Hash::HashDigest(const FunctionCallbackInfo<Value>& args) {`
`405`	`405`	`if (!data) [[unlikely]] {`
`406`	`406`	`return ThrowCryptoError(env, ERR_get_error());`
`407`	`407`	`}`
	`408`	`+ DCHECK(!data.isSecure());`
`408`	`409`
`409`	`410`	`hash->digest_ = ByteSource::Allocated(data.release());`
`410`	`411`	`}`
`@@ -504,6 +505,7 @@ bool HashTraits::DeriveBits(`
`504`	`505`	`if (!data) [[unlikely]]`
`505`	`506`	`return false;`
`506`	`507`
	`508`	`+ DCHECK(!data.isSecure());`
`507`	`509`	`*out = ByteSource::Allocated(data.release());`
`508`	`510`	`}`
`509`	`511`
Original file line number	Diff line number	Diff line change
`@@ -117,6 +117,7 @@ bool HKDFTraits::DeriveBits(`
`117`	`117`	`params.length);`
`118`	`118`	`if (!dp) return false;`
`119`	`119`
	`120`	`+ DCHECK(!data.isSecure());`
`120`	`121`	`*out = ByteSource::Allocated(dp.release());`
`121`	`122`	`return true;`
`122`	`123`	`}`
Original file line number	Diff line number	Diff line change
`@@ -126,6 +126,7 @@ bool PBKDF2Traits::DeriveBits(Environment* env,`
`126`	`126`	`params.length);`
`127`	`127`
`128`	`128`	`if (!dp) return false;`
	`129`	`+ DCHECK(!dp.isSecure());`
`129`	`130`	`*out = ByteSource::Allocated(dp.release());`
`130`	`131`	`return true;`
`131`	`132`	`}`
Original file line number	Diff line number	Diff line change
`@@ -140,6 +140,7 @@ bool ScryptTraits::DeriveBits(`
`140`	`140`	`params.length);`
`141`	`141`
`142`	`142`	`if (!dp) return false;`
	`143`	`+ DCHECK(!dp.isSecure());`
`143`	`144`	`*out = ByteSource::Allocated(dp.release());`
`144`	`145`	`return true;`
`145`	`146`	`}`