/src/openssl/crypto/mem_sec.c

Source (jump to first uncovered line)
/*
 * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
 * Copyright 2004-2014, Akamai Technologies. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * This file is in two halves. The first half implements the public API
 * to be used by external consumers, and to be used by OpenSSL to store
 * data in a "secure arena." The second half implements the secure arena.
 * For details on that implementation, see below (look for uppercase
 * "SECURE HEAP IMPLEMENTATION").
 */
#include "e_os.h"
#include <openssl/crypto.h>

#include <string.h>

/* e_os.h defines OPENSSL_SECURE_MEMORY if secure memory can be implemented */
#ifdef OPENSSL_SECURE_MEMORY
# include <stdlib.h>
# include <assert.h>
# include <unistd.h>
# include <sys/types.h>
# include <sys/mman.h>
# if defined(OPENSSL_SYS_LINUX)
#  include <sys/syscall.h>
#  if defined(SYS_mlock2)
#   include <linux/mman.h>
#   include <errno.h>
#  endif
#  include <sys/param.h>
# endif
# include <sys/stat.h>
# include <fcntl.h>
#endif

#define CLEAR(p, s) OPENSSL_cleanse(p, s)
#ifndef PAGE_SIZE
# define PAGE_SIZE    4096
#endif
#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
# define MAP_ANON MAP_ANONYMOUS
#endif

#ifdef OPENSSL_SECURE_MEMORY
static size_t secure_mem_used;

static int secure_mem_initialized;

static CRYPTO_RWLOCK *sec_malloc_lock = NULL;

/*
 * These are the functions that must be implemented by a secure heap (sh).
 */
static int sh_init(size_t size, size_t minsize);
static void *sh_malloc(size_t size);
static void sh_free(void *ptr);
static void sh_done(void);
static size_t sh_actual_size(char *ptr);
static int sh_allocated(const char *ptr);
#endif

int CRYPTO_secure_malloc_init(size_t size, size_t minsize)
{
#ifdef OPENSSL_SECURE_MEMORY
    int ret = 0;

    if (!secure_mem_initialized) {
        sec_malloc_lock = CRYPTO_THREAD_lock_new();
        if (sec_malloc_lock == NULL)
            return 0;
        if ((ret = sh_init(size, minsize)) != 0) {
            secure_mem_initialized = 1;
        } else {
            CRYPTO_THREAD_lock_free(sec_malloc_lock);
            sec_malloc_lock = NULL;
        }
    }

    return ret;
#else
    return 0;
#endif /* OPENSSL_SECURE_MEMORY */
}

int CRYPTO_secure_malloc_done(void)
{
#ifdef OPENSSL_SECURE_MEMORY
    if (secure_mem_used == 0) {
        sh_done();
        secure_mem_initialized = 0;
        CRYPTO_THREAD_lock_free(sec_malloc_lock);
        sec_malloc_lock = NULL;
        return 1;
    }
#endif /* OPENSSL_SECURE_MEMORY */
    return 0;
}

int CRYPTO_secure_malloc_initialized(void)
{
#ifdef OPENSSL_SECURE_MEMORY
    return secure_mem_initialized;
#else
    return 0;
#endif /* OPENSSL_SECURE_MEMORY */
}

void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
{
#ifdef OPENSSL_SECURE_MEMORY
    void *ret;
    size_t actual_size;

    if (!secure_mem_initialized) {
        return CRYPTO_malloc(num, file, line);
    }
    CRYPTO_THREAD_write_lock(sec_malloc_lock);
    ret = sh_malloc(num);
    actual_size = ret ? sh_actual_size(ret) : 0;
    secure_mem_used += actual_size;
    CRYPTO_THREAD_unlock(sec_malloc_lock);
    return ret;
#else
    return CRYPTO_malloc(num, file, line);
#endif /* OPENSSL_SECURE_MEMORY */
}

void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
{
#ifdef OPENSSL_SECURE_MEMORY
    if (secure_mem_initialized)
        /* CRYPTO_secure_malloc() zeroes allocations when it is implemented */
        return CRYPTO_secure_malloc(num, file, line);
#endif
    return CRYPTO_zalloc(num, file, line);
}

void CRYPTO_secure_free(void *ptr, const char *file, int line)
{
#ifdef OPENSSL_SECURE_MEMORY
    size_t actual_size;

    if (ptr == NULL)
        return;
    if (!CRYPTO_secure_allocated(ptr)) {
        CRYPTO_free(ptr, file, line);
        return;
    }
    CRYPTO_THREAD_write_lock(sec_malloc_lock);
    actual_size = sh_actual_size(ptr);
    CLEAR(ptr, actual_size);
    secure_mem_used -= actual_size;
    sh_free(ptr);
    CRYPTO_THREAD_unlock(sec_malloc_lock);
#else
    CRYPTO_free(ptr, file, line);
#endif /* OPENSSL_SECURE_MEMORY */
}

void CRYPTO_secure_clear_free(void *ptr, size_t num,
                              const char *file, int line)
{
#ifdef OPENSSL_SECURE_MEMORY
    size_t actual_size;

    if (ptr == NULL)
        return;
    if (!CRYPTO_secure_allocated(ptr)) {
        OPENSSL_cleanse(ptr, num);
        CRYPTO_free(ptr, file, line);
        return;
    }
    CRYPTO_THREAD_write_lock(sec_malloc_lock);
    actual_size = sh_actual_size(ptr);
    CLEAR(ptr, actual_size);
    secure_mem_used -= actual_size;
    sh_free(ptr);
    CRYPTO_THREAD_unlock(sec_malloc_lock);
#else
    if (ptr == NULL)
        return;
    OPENSSL_cleanse(ptr, num);
    CRYPTO_free(ptr, file, line);
#endif /* OPENSSL_SECURE_MEMORY */
}

int CRYPTO_secure_allocated(const void *ptr)
{
#ifdef OPENSSL_SECURE_MEMORY
    int ret;

    if (!secure_mem_initialized)
        return 0;
    CRYPTO_THREAD_write_lock(sec_malloc_lock);
    ret = sh_allocated(ptr);
    CRYPTO_THREAD_unlock(sec_malloc_lock);
    return ret;
#else
    return 0;
#endif /* OPENSSL_SECURE_MEMORY */
}

size_t CRYPTO_secure_used(void)
{
#ifdef OPENSSL_SECURE_MEMORY
    return secure_mem_used;
#else
    return 0;
#endif /* OPENSSL_SECURE_MEMORY */
}

size_t CRYPTO_secure_actual_size(void *ptr)
{
#ifdef OPENSSL_SECURE_MEMORY
    size_t actual_size;

    CRYPTO_THREAD_write_lock(sec_malloc_lock);
    actual_size = sh_actual_size(ptr);
    CRYPTO_THREAD_unlock(sec_malloc_lock);
    return actual_size;
#else
    return 0;
#endif
}
/* END OF PAGE ...

   ... START OF PAGE */

/*
 * SECURE HEAP IMPLEMENTATION
 */
#ifdef OPENSSL_SECURE_MEMORY


/*
 * The implementation provided here uses a fixed-sized mmap() heap,
 * which is locked into memory, not written to core files, and protected
 * on either side by an unmapped page, which will catch pointer overruns
 * (or underruns) and an attempt to read data out of the secure heap.
 * Free'd memory is zero'd or otherwise cleansed.
 *
 * This is a pretty standard buddy allocator.  We keep areas in a multiple
 * of "sh.minsize" units.  The freelist and bitmaps are kept separately,
 * so all (and only) data is kept in the mmap'd heap.
 *
 * This code assumes eight-bit bytes.  The numbers 3 and 7 are all over the
 * place.
 */

#define ONE ((size_t)1)

# define TESTBIT(t, b)  (t[(b) >> 3] &  (ONE << ((b) & 7)))
# define SETBIT(t, b)   (t[(b) >> 3] |= (ONE << ((b) & 7)))
# define CLEARBIT(t, b) (t[(b) >> 3] &= (0xFF & ~(ONE << ((b) & 7))))

#define WITHIN_ARENA(p) \
    ((char*)(p) >= sh.arena && (char*)(p) < &sh.arena[sh.arena_size])
#define WITHIN_FREELIST(p) \
    ((char*)(p) >= (char*)sh.freelist && (char*)(p) < (char*)&sh.freelist[sh.freelist_size])


typedef struct sh_list_st
{
    struct sh_list_st *next;
    struct sh_list_st **p_next;
} SH_LIST;

typedef struct sh_st
{
    char* map_result;
    size_t map_size;
    char *arena;
    size_t arena_size;
    char **freelist;
    ossl_ssize_t freelist_size;
    size_t minsize;
    unsigned char *bittable;
    unsigned char *bitmalloc;
    size_t bittable_size; /* size in bits */
} SH;

static SH sh;

static size_t sh_getlist(char *ptr)
{
    ossl_ssize_t list = sh.freelist_size - 1;
    size_t bit = (sh.arena_size + ptr - sh.arena) / sh.minsize;

    for (; bit; bit >>= 1, list--) {
        if (TESTBIT(sh.bittable, bit))
            break;
        OPENSSL_assert((bit & 1) == 0);
    }

    return list;
}


static int sh_testbit(char *ptr, int list, unsigned char *table)
{
    size_t bit;

    OPENSSL_assert(list >= 0 && list < sh.freelist_size);
    OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
    bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
    OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
    return TESTBIT(table, bit);
}

static void sh_clearbit(char *ptr, int list, unsigned char *table)
{
    size_t bit;

    OPENSSL_assert(list >= 0 && list < sh.freelist_size);
    OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
    bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
    OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
    OPENSSL_assert(TESTBIT(table, bit));
    CLEARBIT(table, bit);
}

static void sh_setbit(char *ptr, int list, unsigned char *table)
{
    size_t bit;

    OPENSSL_assert(list >= 0 && list < sh.freelist_size);
    OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
    bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
    OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
    OPENSSL_assert(!TESTBIT(table, bit));
    SETBIT(table, bit);
}

static void sh_add_to_list(char **list, char *ptr)
{
    SH_LIST *temp;

    OPENSSL_assert(WITHIN_FREELIST(list));
    OPENSSL_assert(WITHIN_ARENA(ptr));

    temp = (SH_LIST *)ptr;
    temp->next = *(SH_LIST **)list;
    OPENSSL_assert(temp->next == NULL || WITHIN_ARENA(temp->next));
    temp->p_next = (SH_LIST **)list;

    if (temp->next != NULL) {
        OPENSSL_assert((char **)temp->next->p_next == list);
        temp->next->p_next = &(temp->next);
    }

    *list = ptr;
}

static void sh_remove_from_list(char *ptr)
{
    SH_LIST *temp, *temp2;

    temp = (SH_LIST *)ptr;
    if (temp->next != NULL)
        temp->next->p_next = temp->p_next;
    *temp->p_next = temp->next;
    if (temp->next == NULL)
        return;

    temp2 = temp->next;
    OPENSSL_assert(WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next));
}


static int sh_init(size_t size, size_t minsize)
{
    int ret;
    size_t i;
    size_t pgsize;
    size_t aligned;

    memset(&sh, 0, sizeof(sh));

    /* make sure size and minsize are powers of 2 */
    OPENSSL_assert(size > 0);
    OPENSSL_assert((size & (size - 1)) == 0);
    OPENSSL_assert((minsize & (minsize - 1)) == 0);
    if (size <= 0 || (size & (size - 1)) != 0)
        goto err;
    if (minsize == 0 || (minsize & (minsize - 1)) != 0)
        goto err;

    while (minsize < (int)sizeof(SH_LIST))
        minsize *= 2;

    sh.arena_size = size;
    sh.minsize = minsize;
    sh.bittable_size = (sh.arena_size / sh.minsize) * 2;

    /* Prevent allocations of size 0 later on */
    if (sh.bittable_size >> 3 == 0)
        goto err;

    sh.freelist_size = -1;
    for (i = sh.bittable_size; i; i >>= 1)
        sh.freelist_size++;

    sh.freelist = OPENSSL_zalloc(sh.freelist_size * sizeof(char *));
    OPENSSL_assert(sh.freelist != NULL);
    if (sh.freelist == NULL)
        goto err;

    sh.bittable = OPENSSL_zalloc(sh.bittable_size >> 3);
    OPENSSL_assert(sh.bittable != NULL);
    if (sh.bittable == NULL)
        goto err;

    sh.bitmalloc = OPENSSL_zalloc(sh.bittable_size >> 3);
    OPENSSL_assert(sh.bitmalloc != NULL);
    if (sh.bitmalloc == NULL)
        goto err;

    /* Allocate space for heap, and two extra pages as guards */
#if defined(_SC_PAGE_SIZE) || defined (_SC_PAGESIZE)
    {
# if defined(_SC_PAGE_SIZE)
        long tmppgsize = sysconf(_SC_PAGE_SIZE);
# else
        long tmppgsize = sysconf(_SC_PAGESIZE);
# endif
        if (tmppgsize < 1)
            pgsize = PAGE_SIZE;
        else
            pgsize = (size_t)tmppgsize;
    }
#else
    pgsize = PAGE_SIZE;
#endif
    sh.map_size = pgsize + sh.arena_size + pgsize;
    if (1) {
#ifdef MAP_ANON
        sh.map_result = mmap(NULL, sh.map_size,
                             PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, -1, 0);
    } else {
#endif
        int fd;

        sh.map_result = MAP_FAILED;
        if ((fd = open("/dev/zero", O_RDWR)) >= 0) {
            sh.map_result = mmap(NULL, sh.map_size,
                                 PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0);
            close(fd);
        }
    }
    if (sh.map_result == MAP_FAILED)
        goto err;
    sh.arena = (char *)(sh.map_result + pgsize);
    sh_setbit(sh.arena, 0, sh.bittable);
    sh_add_to_list(&sh.freelist[0], sh.arena);

    /* Now try to add guard pages and lock into memory. */
    ret = 1;

    /* Starting guard is already aligned from mmap. */
    if (mprotect(sh.map_result, pgsize, PROT_NONE) < 0)
        ret = 2;

    /* Ending guard page - need to round up to page boundary */
    aligned = (pgsize + sh.arena_size + (pgsize - 1)) & ~(pgsize - 1);
    if (mprotect(sh.map_result + aligned, pgsize, PROT_NONE) < 0)
        ret = 2;

#if defined(OPENSSL_SYS_LINUX) && defined(MLOCK_ONFAULT) && defined(SYS_mlock2)
    if (syscall(SYS_mlock2, sh.arena, sh.arena_size, MLOCK_ONFAULT) < 0) {
        if (errno == ENOSYS) {
            if (mlock(sh.arena, sh.arena_size) < 0)
                ret = 2;
        } else {
            ret = 2;
        }
    }
#else
    if (mlock(sh.arena, sh.arena_size) < 0)
        ret = 2;
#endif
#ifdef MADV_DONTDUMP
    if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0)
        ret = 2;
#endif

    return ret;

 err:
    sh_done();
    return 0;
}

static void sh_done(void)
{
    OPENSSL_free(sh.freelist);
    OPENSSL_free(sh.bittable);
    OPENSSL_free(sh.bitmalloc);
    if (sh.map_result != NULL && sh.map_size)
        munmap(sh.map_result, sh.map_size);
    memset(&sh, 0, sizeof(sh));
}

static int sh_allocated(const char *ptr)
{
    return WITHIN_ARENA(ptr) ? 1 : 0;
}

static char *sh_find_my_buddy(char *ptr, int list)
{
    size_t bit;
    char *chunk = NULL;

    bit = (ONE << list) + (ptr - sh.arena) / (sh.arena_size >> list);
    bit ^= 1;

    if (TESTBIT(sh.bittable, bit) && !TESTBIT(sh.bitmalloc, bit))
        chunk = sh.arena + ((bit & ((ONE << list) - 1)) * (sh.arena_size >> list));

    return chunk;
}

static void *sh_malloc(size_t size)
{
    ossl_ssize_t list, slist;
    size_t i;
    char *chunk;

    if (size > sh.arena_size)
        return NULL;

    list = sh.freelist_size - 1;
    for (i = sh.minsize; i < size; i <<= 1)
        list--;
    if (list < 0)
        return NULL;

    /* try to find a larger entry to split */
    for (slist = list; slist >= 0; slist--)
        if (sh.freelist[slist] != NULL)
            break;
    if (slist < 0)
        return NULL;

    /* split larger entry */
    while (slist != list) {
        char *temp = sh.freelist[slist];

        /* remove from bigger list */
        OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
        sh_clearbit(temp, slist, sh.bittable);
        sh_remove_from_list(temp);
        OPENSSL_assert(temp != sh.freelist[slist]);

        /* done with bigger list */
        slist++;

        /* add to smaller list */
        OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
        sh_setbit(temp, slist, sh.bittable);
        sh_add_to_list(&sh.freelist[slist], temp);
        OPENSSL_assert(sh.freelist[slist] == temp);

        /* split in 2 */
        temp += sh.arena_size >> slist;
        OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
        sh_setbit(temp, slist, sh.bittable);
        sh_add_to_list(&sh.freelist[slist], temp);
        OPENSSL_assert(sh.freelist[slist] == temp);

        OPENSSL_assert(temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist));
    }

    /* peel off memory to hand back */
    chunk = sh.freelist[list];
    OPENSSL_assert(sh_testbit(chunk, list, sh.bittable));
    sh_setbit(chunk, list, sh.bitmalloc);
    sh_remove_from_list(chunk);

    OPENSSL_assert(WITHIN_ARENA(chunk));

    /* zero the free list header as a precaution against information leakage */
    memset(chunk, 0, sizeof(SH_LIST));

    return chunk;
}

static void sh_free(void *ptr)
{
    size_t list;
    void *buddy;

    if (ptr == NULL)
        return;
    OPENSSL_assert(WITHIN_ARENA(ptr));
    if (!WITHIN_ARENA(ptr))
        return;

    list = sh_getlist(ptr);
    OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
    sh_clearbit(ptr, list, sh.bitmalloc);
    sh_add_to_list(&sh.freelist[list], ptr);

    /* Try to coalesce two adjacent free areas. */
    while ((buddy = sh_find_my_buddy(ptr, list)) != NULL) {
        OPENSSL_assert(ptr == sh_find_my_buddy(buddy, list));
        OPENSSL_assert(ptr != NULL);
        OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
        sh_clearbit(ptr, list, sh.bittable);
        sh_remove_from_list(ptr);
        OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
        sh_clearbit(buddy, list, sh.bittable);
        sh_remove_from_list(buddy);

        list--;

        /* Zero the higher addressed block's free list pointers */
        memset(ptr > buddy ? ptr : buddy, 0, sizeof(SH_LIST));
        if (ptr > buddy)
            ptr = buddy;

        OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
        sh_setbit(ptr, list, sh.bittable);
        sh_add_to_list(&sh.freelist[list], ptr);
        OPENSSL_assert(sh.freelist[list] == ptr);
    }
}

static size_t sh_actual_size(char *ptr)
{
    int list;

    OPENSSL_assert(WITHIN_ARENA(ptr));
    if (!WITHIN_ARENA(ptr))
        return 0;
    list = sh_getlist(ptr);
    OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
    return sh.arena_size / (ONE << list);
}
#endif /* OPENSSL_SECURE_MEMORY */

Coverage Report

Created: 2024-05-15 07:16

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
3		* Copyright 2004-2014, Akamai Technologies. All Rights Reserved.
4		*
5		* Licensed under the Apache License 2.0 (the "License"). You may not use
6		* this file except in compliance with the License. You can obtain a copy
7		* in the file LICENSE in the source distribution or at
8		* https://www.openssl.org/source/license.html
9		*/
10
11		/*
12		* This file is in two halves. The first half implements the public API
13		* to be used by external consumers, and to be used by OpenSSL to store
14		* data in a "secure arena." The second half implements the secure arena.
15		* For details on that implementation, see below (look for uppercase
16		* "SECURE HEAP IMPLEMENTATION").
17		*/
18		#include "e_os.h"
19		#include <openssl/crypto.h>
20
21		#include <string.h>
22
23		/* e_os.h defines OPENSSL_SECURE_MEMORY if secure memory can be implemented */
24		#ifdef OPENSSL_SECURE_MEMORY
25		# include <stdlib.h>
26		# include <assert.h>
27		# include <unistd.h>
28		# include <sys/types.h>
29		# include <sys/mman.h>
30		# if defined(OPENSSL_SYS_LINUX)
31		# include <sys/syscall.h>
32		# if defined(SYS_mlock2)
33		# include <linux/mman.h>
34		# include <errno.h>
35		# endif
36		# include <sys/param.h>
37		# endif
38		# include <sys/stat.h>
39		# include <fcntl.h>
40		#endif
41
42	0	#define CLEAR(p, s) OPENSSL_cleanse(p, s)
43		#ifndef PAGE_SIZE
44	0	# define PAGE_SIZE 4096
45		#endif
46		#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
47		# define MAP_ANON MAP_ANONYMOUS
48		#endif
49
50		#ifdef OPENSSL_SECURE_MEMORY
51		static size_t secure_mem_used;
52
53		static int secure_mem_initialized;
54
55		static CRYPTO_RWLOCK *sec_malloc_lock = NULL;
56
57		/*
58		* These are the functions that must be implemented by a secure heap (sh).
59		*/
60		static int sh_init(size_t size, size_t minsize);
61		static void *sh_malloc(size_t size);
62		static void sh_free(void *ptr);
63		static void sh_done(void);
64		static size_t sh_actual_size(char *ptr);
65		static int sh_allocated(const char *ptr);
66		#endif
67
68		int CRYPTO_secure_malloc_init(size_t size, size_t minsize)
69	0	{
70	0	#ifdef OPENSSL_SECURE_MEMORY
71	0	int ret = 0;
72
73	0	if (!secure_mem_initialized) {
74	0	sec_malloc_lock = CRYPTO_THREAD_lock_new();
75	0	if (sec_malloc_lock == NULL)
76	0	return 0;
77	0	if ((ret = sh_init(size, minsize)) != 0) {
78	0	secure_mem_initialized = 1;
79	0	} else {
80	0	CRYPTO_THREAD_lock_free(sec_malloc_lock);
81	0	sec_malloc_lock = NULL;
82	0	}
83	0	}
84
85	0	return ret;
86		#else
87		return 0;
88		#endif /* OPENSSL_SECURE_MEMORY */
89	0	}
90
91		int CRYPTO_secure_malloc_done(void)
92	1.86k	{
93	1.86k	#ifdef OPENSSL_SECURE_MEMORY
94	1.86k	if (secure_mem_used == 0) {
95	1.86k	sh_done();
96	1.86k	secure_mem_initialized = 0;
97	1.86k	CRYPTO_THREAD_lock_free(sec_malloc_lock);
98	1.86k	sec_malloc_lock = NULL;
99	1.86k	return 1;
100	1.86k	}
101	0	#endif /* OPENSSL_SECURE_MEMORY */
102	0	return 0;
103	1.86k	}
104
105		int CRYPTO_secure_malloc_initialized(void)
106	0	{
107	0	#ifdef OPENSSL_SECURE_MEMORY
108	0	return secure_mem_initialized;
109		#else
110		return 0;
111		#endif /* OPENSSL_SECURE_MEMORY */
112	0	}
113
114		void CRYPTO_secure_malloc(size_t num, const char file, int line)
115	0	{
116	0	#ifdef OPENSSL_SECURE_MEMORY
117	0	void *ret;
118	0	size_t actual_size;
119
120	0	if (!secure_mem_initialized) {
121	0	return CRYPTO_malloc(num, file, line);
122	0	}
123	0	CRYPTO_THREAD_write_lock(sec_malloc_lock);
124	0	ret = sh_malloc(num);
125	0	actual_size = ret ? sh_actual_size(ret) : 0;
126	0	secure_mem_used += actual_size;
127	0	CRYPTO_THREAD_unlock(sec_malloc_lock);
128	0	return ret;
129		#else
130		return CRYPTO_malloc(num, file, line);
131		#endif /* OPENSSL_SECURE_MEMORY */
132	0	}
133
134		void CRYPTO_secure_zalloc(size_t num, const char file, int line)
135	0	{
136	0	#ifdef OPENSSL_SECURE_MEMORY
137	0	if (secure_mem_initialized)
138		/* CRYPTO_secure_malloc() zeroes allocations when it is implemented */
139	0	return CRYPTO_secure_malloc(num, file, line);
140	0	#endif
141	0	return CRYPTO_zalloc(num, file, line);
142	0	}
143
144		void CRYPTO_secure_free(void ptr, const char file, int line)
145	0	{
146	0	#ifdef OPENSSL_SECURE_MEMORY
147	0	size_t actual_size;
148
149	0	if (ptr == NULL)
150	0	return;
151	0	if (!CRYPTO_secure_allocated(ptr)) {
152	0	CRYPTO_free(ptr, file, line);
153	0	return;
154	0	}
155	0	CRYPTO_THREAD_write_lock(sec_malloc_lock);
156	0	actual_size = sh_actual_size(ptr);
157	0	CLEAR(ptr, actual_size);
158	0	secure_mem_used -= actual_size;
159	0	sh_free(ptr);
160	0	CRYPTO_THREAD_unlock(sec_malloc_lock);
161		#else
162		CRYPTO_free(ptr, file, line);
163		#endif /* OPENSSL_SECURE_MEMORY */
164	0	}
165
166		void CRYPTO_secure_clear_free(void *ptr, size_t num,
167		const char *file, int line)
168	120	{
169	120	#ifdef OPENSSL_SECURE_MEMORY
170	120	size_t actual_size;
171
172	120	if (ptr == NULL)
173	120	return;
174	0	if (!CRYPTO_secure_allocated(ptr)) {
175	0	OPENSSL_cleanse(ptr, num);
176	0	CRYPTO_free(ptr, file, line);
177	0	return;
178	0	}
179	0	CRYPTO_THREAD_write_lock(sec_malloc_lock);
180	0	actual_size = sh_actual_size(ptr);
181	0	CLEAR(ptr, actual_size);
182	0	secure_mem_used -= actual_size;
183	0	sh_free(ptr);
184	0	CRYPTO_THREAD_unlock(sec_malloc_lock);
185		#else
186		if (ptr == NULL)
187		return;
188		OPENSSL_cleanse(ptr, num);
189		CRYPTO_free(ptr, file, line);
190		#endif /* OPENSSL_SECURE_MEMORY */
191	0	}
192
193		int CRYPTO_secure_allocated(const void *ptr)
194	0	{
195	0	#ifdef OPENSSL_SECURE_MEMORY
196	0	int ret;
197
198	0	if (!secure_mem_initialized)
199	0	return 0;
200	0	CRYPTO_THREAD_write_lock(sec_malloc_lock);
201	0	ret = sh_allocated(ptr);
202	0	CRYPTO_THREAD_unlock(sec_malloc_lock);
203	0	return ret;
204		#else
205		return 0;
206		#endif /* OPENSSL_SECURE_MEMORY */
207	0	}
208
209		size_t CRYPTO_secure_used(void)
210	0	{
211	0	#ifdef OPENSSL_SECURE_MEMORY
212	0	return secure_mem_used;
213		#else
214		return 0;
215		#endif /* OPENSSL_SECURE_MEMORY */
216	0	}
217
218		size_t CRYPTO_secure_actual_size(void *ptr)
219	0	{
220	0	#ifdef OPENSSL_SECURE_MEMORY
221	0	size_t actual_size;
222
223	0	CRYPTO_THREAD_write_lock(sec_malloc_lock);
224	0	actual_size = sh_actual_size(ptr);
225	0	CRYPTO_THREAD_unlock(sec_malloc_lock);
226	0	return actual_size;
227		#else
228		return 0;
229		#endif
230	0	}
231		/* END OF PAGE ...
232
233		... START OF PAGE */
234
235		/*
236		* SECURE HEAP IMPLEMENTATION
237		*/
238		#ifdef OPENSSL_SECURE_MEMORY
239
240
241		/*
242		* The implementation provided here uses a fixed-sized mmap() heap,
243		* which is locked into memory, not written to core files, and protected
244		* on either side by an unmapped page, which will catch pointer overruns
245		* (or underruns) and an attempt to read data out of the secure heap.
246		* Free'd memory is zero'd or otherwise cleansed.
247		*
248		* This is a pretty standard buddy allocator. We keep areas in a multiple
249		* of "sh.minsize" units. The freelist and bitmaps are kept separately,
250		* so all (and only) data is kept in the mmap'd heap.
251		*
252		* This code assumes eight-bit bytes. The numbers 3 and 7 are all over the
253		* place.
254		*/
255
256	0	#define ONE ((size_t)1)
257
258	0	# define TESTBIT(t, b) (t[(b) >> 3] & (ONE << ((b) & 7)))
259	0	# define SETBIT(t, b) (t[(b) >> 3] \|= (ONE << ((b) & 7)))
260	0	# define CLEARBIT(t, b) (t[(b) >> 3] &= (0xFF & ~(ONE << ((b) & 7))))
261
262		#define WITHIN_ARENA(p) \
263	0	((char)(p) >= sh.arena && (char)(p) < &sh.arena[sh.arena_size])
264		#define WITHIN_FREELIST(p) \
265		((char)(p) >= (char)sh.freelist && (char)(p) < (char)&sh.freelist[sh.freelist_size])
266
267
268		typedef struct sh_list_st
269		{
270		struct sh_list_st *next;
271		struct sh_list_st **p_next;
272		} SH_LIST;
273
274		typedef struct sh_st
275		{
276		char* map_result;
277		size_t map_size;
278		char *arena;
279		size_t arena_size;
280		char **freelist;
281		ossl_ssize_t freelist_size;
282		size_t minsize;
283		unsigned char *bittable;
284		unsigned char *bitmalloc;
285		size_t bittable_size; /* size in bits */
286		} SH;
287
288		static SH sh;
289
290		static size_t sh_getlist(char *ptr)
291	0	{
292	0	ossl_ssize_t list = sh.freelist_size - 1;
293	0	size_t bit = (sh.arena_size + ptr - sh.arena) / sh.minsize;
294
295	0	for (; bit; bit >>= 1, list--) {
296	0	if (TESTBIT(sh.bittable, bit))
297	0	break;
298	0	OPENSSL_assert((bit & 1) == 0);
299	0	}
300
301	0	return list;
302	0	}
303
304
305		static int sh_testbit(char ptr, int list, unsigned char table)
306	0	{
307	0	size_t bit;
308
309	0	OPENSSL_assert(list >= 0 && list < sh.freelist_size);
310	0	OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
311	0	bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
312	0	OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
313	0	return TESTBIT(table, bit);
314	0	}
315
316		static void sh_clearbit(char ptr, int list, unsigned char table)
317	0	{
318	0	size_t bit;
319
320	0	OPENSSL_assert(list >= 0 && list < sh.freelist_size);
321	0	OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
322	0	bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
323	0	OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
324	0	OPENSSL_assert(TESTBIT(table, bit));
325	0	CLEARBIT(table, bit);
326	0	}
327
328		static void sh_setbit(char ptr, int list, unsigned char table)
329	0	{
330	0	size_t bit;
331
332	0	OPENSSL_assert(list >= 0 && list < sh.freelist_size);
333	0	OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
334	0	bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
335	0	OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
336	0	OPENSSL_assert(!TESTBIT(table, bit));
337	0	SETBIT(table, bit);
338	0	}
339
340		static void sh_add_to_list(char *list, char ptr)
341	0	{
342	0	SH_LIST *temp;
343
344	0	OPENSSL_assert(WITHIN_FREELIST(list));
345	0	OPENSSL_assert(WITHIN_ARENA(ptr));
346
347	0	temp = (SH_LIST *)ptr;
348	0	temp->next = (SH_LIST *)list;
349	0	OPENSSL_assert(temp->next == NULL \|\| WITHIN_ARENA(temp->next));
350	0	temp->p_next = (SH_LIST **)list;
351
352	0	if (temp->next != NULL) {
353	0	OPENSSL_assert((char **)temp->next->p_next == list);
354	0	temp->next->p_next = &(temp->next);
355	0	}
356
357	0	*list = ptr;
358	0	}
359
360		static void sh_remove_from_list(char *ptr)
361	0	{
362	0	SH_LIST temp, temp2;
363
364	0	temp = (SH_LIST *)ptr;
365	0	if (temp->next != NULL)
366	0	temp->next->p_next = temp->p_next;
367	0	*temp->p_next = temp->next;
368	0	if (temp->next == NULL)
369	0	return;
370
371	0	temp2 = temp->next;
372	0	OPENSSL_assert(WITHIN_FREELIST(temp2->p_next) \|\| WITHIN_ARENA(temp2->p_next));
373	0	}
374
375
376		static int sh_init(size_t size, size_t minsize)
377	0	{
378	0	int ret;
379	0	size_t i;
380	0	size_t pgsize;
381	0	size_t aligned;
382
383	0	memset(&sh, 0, sizeof(sh));
384
385		/* make sure size and minsize are powers of 2 */
386	0	OPENSSL_assert(size > 0);
387	0	OPENSSL_assert((size & (size - 1)) == 0);
388	0	OPENSSL_assert((minsize & (minsize - 1)) == 0);
389	0	if (size <= 0 \|\| (size & (size - 1)) != 0)
390	0	goto err;
391	0	if (minsize == 0 \|\| (minsize & (minsize - 1)) != 0)
392	0	goto err;
393
394	0	while (minsize < (int)sizeof(SH_LIST))
395	0	minsize *= 2;
396
397	0	sh.arena_size = size;
398	0	sh.minsize = minsize;
399	0	sh.bittable_size = (sh.arena_size / sh.minsize) * 2;
400
401		/* Prevent allocations of size 0 later on */
402	0	if (sh.bittable_size >> 3 == 0)
403	0	goto err;
404
405	0	sh.freelist_size = -1;
406	0	for (i = sh.bittable_size; i; i >>= 1)
407	0	sh.freelist_size++;
408
409	0	sh.freelist = OPENSSL_zalloc(sh.freelist_size * sizeof(char *));
410	0	OPENSSL_assert(sh.freelist != NULL);
411	0	if (sh.freelist == NULL)
412	0	goto err;
413
414	0	sh.bittable = OPENSSL_zalloc(sh.bittable_size >> 3);
415	0	OPENSSL_assert(sh.bittable != NULL);
416	0	if (sh.bittable == NULL)
417	0	goto err;
418
419	0	sh.bitmalloc = OPENSSL_zalloc(sh.bittable_size >> 3);
420	0	OPENSSL_assert(sh.bitmalloc != NULL);
421	0	if (sh.bitmalloc == NULL)
422	0	goto err;
423
424		/* Allocate space for heap, and two extra pages as guards */
425	0	#if defined(_SC_PAGE_SIZE) \|\| defined (_SC_PAGESIZE)
426	0	{
427	0	# if defined(_SC_PAGE_SIZE)
428	0	long tmppgsize = sysconf(_SC_PAGE_SIZE);
429		# else
430		long tmppgsize = sysconf(_SC_PAGESIZE);
431		# endif
432	0	if (tmppgsize < 1)
433	0	pgsize = PAGE_SIZE;
434	0	else
435	0	pgsize = (size_t)tmppgsize;
436	0	}
437		#else
438		pgsize = PAGE_SIZE;
439		#endif
440	0	sh.map_size = pgsize + sh.arena_size + pgsize;
441	0	if (1) {
442	0	#ifdef MAP_ANON
443	0	sh.map_result = mmap(NULL, sh.map_size,
444	0	PROT_READ\|PROT_WRITE, MAP_ANON\|MAP_PRIVATE, -1, 0);
445	0	} else {
446	0	#endif
447	0	int fd;
448
449	0	sh.map_result = MAP_FAILED;
450	0	if ((fd = open("/dev/zero", O_RDWR)) >= 0) {
451	0	sh.map_result = mmap(NULL, sh.map_size,
452	0	PROT_READ\|PROT_WRITE, MAP_PRIVATE, fd, 0);
453	0	close(fd);
454	0	}
455	0	}
456	0	if (sh.map_result == MAP_FAILED)
457	0	goto err;
458	0	sh.arena = (char *)(sh.map_result + pgsize);
459	0	sh_setbit(sh.arena, 0, sh.bittable);
460	0	sh_add_to_list(&sh.freelist[0], sh.arena);
461
462		/* Now try to add guard pages and lock into memory. */
463	0	ret = 1;
464
465		/* Starting guard is already aligned from mmap. */
466	0	if (mprotect(sh.map_result, pgsize, PROT_NONE) < 0)
467	0	ret = 2;
468
469		/* Ending guard page - need to round up to page boundary */
470	0	aligned = (pgsize + sh.arena_size + (pgsize - 1)) & ~(pgsize - 1);
471	0	if (mprotect(sh.map_result + aligned, pgsize, PROT_NONE) < 0)
472	0	ret = 2;
473
474	0	#if defined(OPENSSL_SYS_LINUX) && defined(MLOCK_ONFAULT) && defined(SYS_mlock2)
475	0	if (syscall(SYS_mlock2, sh.arena, sh.arena_size, MLOCK_ONFAULT) < 0) {
476	0	if (errno == ENOSYS) {
477	0	if (mlock(sh.arena, sh.arena_size) < 0)
478	0	ret = 2;
479	0	} else {
480	0	ret = 2;
481	0	}
482	0	}
483		#else
484		if (mlock(sh.arena, sh.arena_size) < 0)
485		ret = 2;
486		#endif
487	0	#ifdef MADV_DONTDUMP
488	0	if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0)
489	0	ret = 2;
490	0	#endif
491
492	0	return ret;
493
494	0	err:
495	0	sh_done();
496	0	return 0;
497	0	}
498
499		static void sh_done(void)
500	1.86k	{
501	1.86k	OPENSSL_free(sh.freelist);
502	1.86k	OPENSSL_free(sh.bittable);
503	1.86k	OPENSSL_free(sh.bitmalloc);
504	1.86k	if (sh.map_result != NULL && sh.map_size)
505	0	munmap(sh.map_result, sh.map_size);
506	1.86k	memset(&sh, 0, sizeof(sh));
507	1.86k	}
508
509		static int sh_allocated(const char *ptr)
510	0	{
511	0	return WITHIN_ARENA(ptr) ? 1 : 0;
512	0	}
513
514		static char sh_find_my_buddy(char ptr, int list)
515	0	{
516	0	size_t bit;
517	0	char *chunk = NULL;
518
519	0	bit = (ONE << list) + (ptr - sh.arena) / (sh.arena_size >> list);
520	0	bit ^= 1;
521
522	0	if (TESTBIT(sh.bittable, bit) && !TESTBIT(sh.bitmalloc, bit))
523	0	chunk = sh.arena + ((bit & ((ONE << list) - 1)) * (sh.arena_size >> list));
524
525	0	return chunk;
526	0	}
527
528		static void *sh_malloc(size_t size)
529	0	{
530	0	ossl_ssize_t list, slist;
531	0	size_t i;
532	0	char *chunk;
533
534	0	if (size > sh.arena_size)
535	0	return NULL;
536
537	0	list = sh.freelist_size - 1;
538	0	for (i = sh.minsize; i < size; i <<= 1)
539	0	list--;
540	0	if (list < 0)
541	0	return NULL;
542
543		/* try to find a larger entry to split */
544	0	for (slist = list; slist >= 0; slist--)
545	0	if (sh.freelist[slist] != NULL)
546	0	break;
547	0	if (slist < 0)
548	0	return NULL;
549
550		/* split larger entry */
551	0	while (slist != list) {
552	0	char *temp = sh.freelist[slist];
553
554		/* remove from bigger list */
555	0	OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
556	0	sh_clearbit(temp, slist, sh.bittable);
557	0	sh_remove_from_list(temp);
558	0	OPENSSL_assert(temp != sh.freelist[slist]);
559
560		/* done with bigger list */
561	0	slist++;
562
563		/* add to smaller list */
564	0	OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
565	0	sh_setbit(temp, slist, sh.bittable);
566	0	sh_add_to_list(&sh.freelist[slist], temp);
567	0	OPENSSL_assert(sh.freelist[slist] == temp);
568
569		/* split in 2 */
570	0	temp += sh.arena_size >> slist;
571	0	OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
572	0	sh_setbit(temp, slist, sh.bittable);
573	0	sh_add_to_list(&sh.freelist[slist], temp);
574	0	OPENSSL_assert(sh.freelist[slist] == temp);
575
576	0	OPENSSL_assert(temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist));
577	0	}
578
579		/* peel off memory to hand back */
580	0	chunk = sh.freelist[list];
581	0	OPENSSL_assert(sh_testbit(chunk, list, sh.bittable));
582	0	sh_setbit(chunk, list, sh.bitmalloc);
583	0	sh_remove_from_list(chunk);
584
585	0	OPENSSL_assert(WITHIN_ARENA(chunk));
586
587		/* zero the free list header as a precaution against information leakage */
588	0	memset(chunk, 0, sizeof(SH_LIST));
589
590	0	return chunk;
591	0	}
592
593		static void sh_free(void *ptr)
594	0	{
595	0	size_t list;
596	0	void *buddy;
597
598	0	if (ptr == NULL)
599	0	return;
600	0	OPENSSL_assert(WITHIN_ARENA(ptr));
601	0	if (!WITHIN_ARENA(ptr))
602	0	return;
603
604	0	list = sh_getlist(ptr);
605	0	OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
606	0	sh_clearbit(ptr, list, sh.bitmalloc);
607	0	sh_add_to_list(&sh.freelist[list], ptr);
608
609		/* Try to coalesce two adjacent free areas. */
610	0	while ((buddy = sh_find_my_buddy(ptr, list)) != NULL) {
611	0	OPENSSL_assert(ptr == sh_find_my_buddy(buddy, list));
612	0	OPENSSL_assert(ptr != NULL);
613	0	OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
614	0	sh_clearbit(ptr, list, sh.bittable);
615	0	sh_remove_from_list(ptr);
616	0	OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
617	0	sh_clearbit(buddy, list, sh.bittable);
618	0	sh_remove_from_list(buddy);
619
620	0	list--;
621
622		/* Zero the higher addressed block's free list pointers */
623	0	memset(ptr > buddy ? ptr : buddy, 0, sizeof(SH_LIST));
624	0	if (ptr > buddy)
625	0	ptr = buddy;
626
627	0	OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
628	0	sh_setbit(ptr, list, sh.bittable);
629	0	sh_add_to_list(&sh.freelist[list], ptr);
630	0	OPENSSL_assert(sh.freelist[list] == ptr);
631	0	}
632	0	}
633
634		static size_t sh_actual_size(char *ptr)
635	0	{
636	0	int list;
637
638	0	OPENSSL_assert(WITHIN_ARENA(ptr));
639	0	if (!WITHIN_ARENA(ptr))
640	0	return 0;
641	0	list = sh_getlist(ptr);
642	0	OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
643	0	return sh.arena_size / (ONE << list);
644	0	}
645		#endif /* OPENSSL_SECURE_MEMORY */