Coverage Report

Created: 2026-07-16 06:59

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
/src/openssl/crypto/mem_sec.c
Line
Count
Source
1
/*
2
 * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
3
 * Copyright 2004-2014, Akamai Technologies. All Rights Reserved.
4
 *
5
 * Licensed under the Apache License 2.0 (the "License").  You may not use
6
 * this file except in compliance with the License.  You can obtain a copy
7
 * in the file LICENSE in the source distribution or at
8
 * https://www.openssl.org/source/license.html
9
 */
10
11
/*
12
 * This file is in two halves. The first half implements the public API
13
 * to be used by external consumers, and to be used by OpenSSL to store
14
 * data in a "secure arena." The second half implements the secure arena.
15
 * For details on that implementation, see below (look for uppercase
16
 * "SECURE HEAP IMPLEMENTATION").
17
 */
18
#include "internal/e_os.h"
19
#include <openssl/crypto.h>
20
#include <openssl/err.h>
21
22
#include <string.h>
23
24
#ifndef OPENSSL_NO_SECURE_MEMORY
25
#if defined(_WIN32)
26
#if defined(WINAPI_FAMILY_PARTITION)
27
#if !defined(WINAPI_PARTITION_SYSTEM)
28
#define WINAPI_PARTITION_SYSTEM 0
29
#endif
30
#if !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP | WINAPI_PARTITION_SYSTEM)
31
/*
32
 * While VirtualLock is available under the app partition (e.g. UWP),
33
 * the headers do not define the API. Define it ourselves instead.
34
 */
35
WINBASEAPI
36
BOOL
37
    WINAPI
38
    VirtualLock(
39
        _In_ LPVOID lpAddress,
40
        _In_ SIZE_T dwSize);
41
#endif
42
#endif
43
#endif
44
#include <stdlib.h>
45
#include <assert.h>
46
#if defined(OPENSSL_SYS_UNIX)
47
#include <unistd.h>
48
#endif
49
#include <sys/types.h>
50
#if defined(OPENSSL_SYS_UNIX)
51
#include <sys/mman.h>
52
#if defined(__FreeBSD__)
53
#define MADV_DONTDUMP MADV_NOCORE
54
#endif
55
#if !defined(MAP_CONCEAL)
56
0
#define MAP_CONCEAL 0
57
#endif
58
#endif
59
#if defined(OPENSSL_SYS_LINUX)
60
#include <sys/syscall.h>
61
#if defined(SYS_mlock2)
62
#include <linux/mman.h>
63
#include <errno.h>
64
#endif
65
#include <sys/param.h>
66
#endif
67
#include <sys/stat.h>
68
#include <fcntl.h>
69
#endif
70
#ifndef HAVE_MADVISE
71
#if defined(MADV_DONTDUMP)
72
#define HAVE_MADVISE 1
73
#else
74
#define HAVE_MADVISE 0
75
#endif
76
#endif
77
#if HAVE_MADVISE
78
#undef NO_MADVISE
79
#else
80
#define NO_MADVISE
81
#endif
82
83
0
#define CLEAR(p, s) OPENSSL_cleanse(p, s)
84
#ifndef PAGE_SIZE
85
0
#define PAGE_SIZE 4096
86
#endif
87
#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
88
#define MAP_ANON MAP_ANONYMOUS
89
#endif
90
91
#ifndef OPENSSL_NO_SECURE_MEMORY
92
static size_t secure_mem_used;
93
94
static int secure_mem_initialized;
95
96
static CRYPTO_RWLOCK *sec_malloc_lock = NULL;
97
98
/*
99
 * These are the functions that must be implemented by a secure heap (sh).
100
 */
101
static int sh_init(size_t size, size_t minsize);
102
static void *sh_malloc(size_t size);
103
static void sh_free(void *ptr);
104
static void sh_done(void);
105
static size_t sh_actual_size(char *ptr);
106
static int sh_allocated(const char *ptr);
107
#endif
108
109
int CRYPTO_secure_malloc_init(size_t size, size_t minsize)
110
0
{
111
0
#ifndef OPENSSL_NO_SECURE_MEMORY
112
0
    int ret = 0;
113
114
0
    if (!secure_mem_initialized) {
115
0
        sec_malloc_lock = CRYPTO_THREAD_lock_new();
116
0
        if (sec_malloc_lock == NULL)
117
0
            return 0;
118
0
        if ((ret = sh_init(size, minsize)) != 0) {
119
0
            secure_mem_initialized = 1;
120
0
        } else {
121
0
            CRYPTO_THREAD_lock_free(sec_malloc_lock);
122
0
            sec_malloc_lock = NULL;
123
0
        }
124
0
    }
125
126
0
    return ret;
127
#else
128
    return 0;
129
#endif /* OPENSSL_NO_SECURE_MEMORY */
130
0
}
131
132
int CRYPTO_secure_malloc_done(void)
133
0
{
134
0
#ifndef OPENSSL_NO_SECURE_MEMORY
135
0
    if (secure_mem_used == 0) {
136
0
        sh_done();
137
0
        secure_mem_initialized = 0;
138
0
        CRYPTO_THREAD_lock_free(sec_malloc_lock);
139
0
        sec_malloc_lock = NULL;
140
0
        return 1;
141
0
    }
142
0
#endif /* OPENSSL_NO_SECURE_MEMORY */
143
0
    return 0;
144
0
}
145
146
int CRYPTO_secure_malloc_initialized(void)
147
0
{
148
0
#ifndef OPENSSL_NO_SECURE_MEMORY
149
0
    return secure_mem_initialized;
150
#else
151
    return 0;
152
#endif /* OPENSSL_NO_SECURE_MEMORY */
153
0
}
154
155
void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
156
0
{
157
0
#ifndef OPENSSL_NO_SECURE_MEMORY
158
0
    void *ret = NULL;
159
0
    size_t actual_size;
160
0
    int reason = CRYPTO_R_SECURE_MALLOC_FAILURE;
161
162
0
    if (!secure_mem_initialized) {
163
0
        return CRYPTO_malloc(num, file, line);
164
0
    }
165
0
    if (!CRYPTO_THREAD_write_lock(sec_malloc_lock)) {
166
0
        reason = ERR_R_CRYPTO_LIB;
167
0
        goto err;
168
0
    }
169
0
    ret = sh_malloc(num);
170
0
    actual_size = ret ? sh_actual_size(ret) : 0;
171
0
    secure_mem_used += actual_size;
172
0
    CRYPTO_THREAD_unlock(sec_malloc_lock);
173
0
err:
174
0
    if (ret == NULL && (file != NULL || line != 0)) {
175
0
        ERR_new();
176
0
        ERR_set_debug(file, line, NULL);
177
0
        ERR_set_error(ERR_LIB_CRYPTO, reason, NULL);
178
0
    }
179
0
    return ret;
180
#else
181
    return CRYPTO_malloc(num, file, line);
182
#endif /* OPENSSL_NO_SECURE_MEMORY */
183
0
}
184
185
void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
186
0
{
187
0
#ifndef OPENSSL_NO_SECURE_MEMORY
188
0
    if (secure_mem_initialized)
189
        /* CRYPTO_secure_malloc() zeroes allocations when it is implemented */
190
0
        return CRYPTO_secure_malloc(num, file, line);
191
0
#endif
192
0
    return CRYPTO_zalloc(num, file, line);
193
0
}
194
195
void CRYPTO_secure_free(void *ptr, const char *file, int line)
196
0
{
197
0
#ifndef OPENSSL_NO_SECURE_MEMORY
198
0
    size_t actual_size;
199
200
0
    if (ptr == NULL)
201
0
        return;
202
0
    if (!CRYPTO_secure_allocated(ptr)) {
203
0
        CRYPTO_free(ptr, file, line);
204
0
        return;
205
0
    }
206
0
    if (!CRYPTO_THREAD_write_lock(sec_malloc_lock))
207
0
        return;
208
0
    actual_size = sh_actual_size(ptr);
209
0
    CLEAR(ptr, actual_size);
210
0
    secure_mem_used -= actual_size;
211
0
    sh_free(ptr);
212
0
    CRYPTO_THREAD_unlock(sec_malloc_lock);
213
#else
214
    CRYPTO_free(ptr, file, line);
215
#endif /* OPENSSL_NO_SECURE_MEMORY */
216
0
}
217
218
void CRYPTO_secure_clear_free(void *ptr, size_t num,
219
    const char *file, int line)
220
0
{
221
0
#ifndef OPENSSL_NO_SECURE_MEMORY
222
0
    size_t actual_size;
223
224
0
    if (ptr == NULL)
225
0
        return;
226
0
    if (!CRYPTO_secure_allocated(ptr)) {
227
0
        OPENSSL_cleanse(ptr, num);
228
0
        CRYPTO_free(ptr, file, line);
229
0
        return;
230
0
    }
231
0
    if (!CRYPTO_THREAD_write_lock(sec_malloc_lock))
232
0
        return;
233
0
    actual_size = sh_actual_size(ptr);
234
0
    CLEAR(ptr, actual_size);
235
0
    secure_mem_used -= actual_size;
236
0
    sh_free(ptr);
237
0
    CRYPTO_THREAD_unlock(sec_malloc_lock);
238
#else
239
    if (ptr == NULL)
240
        return;
241
    OPENSSL_cleanse(ptr, num);
242
    CRYPTO_free(ptr, file, line);
243
#endif /* OPENSSL_NO_SECURE_MEMORY */
244
0
}
245
246
int CRYPTO_secure_allocated(const void *ptr)
247
0
{
248
0
#ifndef OPENSSL_NO_SECURE_MEMORY
249
0
    if (!secure_mem_initialized)
250
0
        return 0;
251
    /*
252
     * Only read accesses to the arena take place in sh_allocated() and this
253
     * is only changed by the sh_init() and sh_done() calls which are not
254
     * locked.  Hence, it is safe to make this check without a lock too.
255
     */
256
0
    return sh_allocated(ptr);
257
#else
258
    return 0;
259
#endif /* OPENSSL_NO_SECURE_MEMORY */
260
0
}
261
262
size_t CRYPTO_secure_used(void)
263
0
{
264
0
    size_t ret = 0;
265
266
0
#ifndef OPENSSL_NO_SECURE_MEMORY
267
0
    if (!secure_mem_initialized)
268
0
        return 0;
269
0
    if (!CRYPTO_THREAD_read_lock(sec_malloc_lock))
270
0
        return 0;
271
272
0
    ret = secure_mem_used;
273
274
0
    CRYPTO_THREAD_unlock(sec_malloc_lock);
275
0
#endif /* OPENSSL_NO_SECURE_MEMORY */
276
0
    return ret;
277
0
}
278
279
size_t CRYPTO_secure_actual_size(void *ptr)
280
0
{
281
0
#ifndef OPENSSL_NO_SECURE_MEMORY
282
0
    size_t actual_size;
283
284
0
    if (!secure_mem_initialized)
285
0
        return 0;
286
0
    if (!CRYPTO_THREAD_read_lock(sec_malloc_lock))
287
0
        return 0;
288
0
    actual_size = sh_actual_size(ptr);
289
0
    CRYPTO_THREAD_unlock(sec_malloc_lock);
290
0
    return actual_size;
291
#else
292
    return 0;
293
#endif
294
0
}
295
296
/*
297
 * SECURE HEAP IMPLEMENTATION
298
 */
299
#ifndef OPENSSL_NO_SECURE_MEMORY
300
301
/*
302
 * The implementation provided here uses a fixed-sized mmap() heap,
303
 * which is locked into memory, not written to core files, and protected
304
 * on either side by an unmapped page, which will catch pointer overruns
305
 * (or underruns) and an attempt to read data out of the secure heap.
306
 * Free'd memory is zero'd or otherwise cleansed.
307
 *
308
 * This is a pretty standard buddy allocator.  We keep areas in a multiple
309
 * of "sh.minsize" units.  The freelist and bitmaps are kept separately,
310
 * so all (and only) data is kept in the mmap'd heap.
311
 *
312
 * This code assumes eight-bit bytes.  The numbers 3 and 7 are all over the
313
 * place.
314
 */
315
316
0
#define ONE ((size_t)1)
317
318
0
#define TESTBIT(t, b) (t[(b) >> 3] & (ONE << ((b) & 7)))
319
0
#define SETBIT(t, b) (t[(b) >> 3] |= (ONE << ((b) & 7)))
320
0
#define CLEARBIT(t, b) (t[(b) >> 3] &= (0xFF & ~(ONE << ((b) & 7))))
321
322
#define WITHIN_ARENA(p) \
323
0
    ((char *)(p) >= sh.arena && (char *)(p) < &sh.arena[sh.arena_size])
324
#define WITHIN_FREELIST(p) \
325
    ((char *)(p) >= (char *)sh.freelist && (char *)(p) < (char *)&sh.freelist[sh.freelist_size])
326
327
typedef struct sh_list_st {
328
    struct sh_list_st *next;
329
    struct sh_list_st **p_next;
330
} SH_LIST;
331
332
typedef struct sh_st {
333
    char *map_result;
334
    size_t map_size;
335
    char *arena;
336
    size_t arena_size;
337
    char **freelist;
338
    ossl_ssize_t freelist_size;
339
    size_t minsize;
340
    unsigned char *bittable;
341
    unsigned char *bitmalloc;
342
    size_t bittable_size; /* size in bits */
343
} SH;
344
345
static SH sh;
346
347
static size_t sh_getlist(char *ptr)
348
0
{
349
0
    ossl_ssize_t list = sh.freelist_size - 1;
350
0
    size_t bit = (sh.arena_size + ptr - sh.arena) / sh.minsize;
351
352
0
    for (; bit; bit >>= 1, list--) {
353
0
        if (TESTBIT(sh.bittable, bit))
354
0
            break;
355
0
        OPENSSL_assert((bit & 1) == 0);
356
0
    }
357
358
0
    return list;
359
0
}
360
361
static int sh_testbit(char *ptr, int list, unsigned char *table)
362
0
{
363
0
    size_t bit;
364
365
0
    OPENSSL_assert(list >= 0 && list < sh.freelist_size);
366
0
    OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
367
0
    bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
368
0
    OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
369
0
    return TESTBIT(table, bit);
370
0
}
371
372
static void sh_clearbit(char *ptr, int list, unsigned char *table)
373
0
{
374
0
    size_t bit;
375
376
0
    OPENSSL_assert(list >= 0 && list < sh.freelist_size);
377
0
    OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
378
0
    bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
379
0
    OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
380
0
    OPENSSL_assert(TESTBIT(table, bit));
381
0
    CLEARBIT(table, bit);
382
0
}
383
384
static void sh_setbit(char *ptr, int list, unsigned char *table)
385
0
{
386
0
    size_t bit;
387
388
0
    OPENSSL_assert(list >= 0 && list < sh.freelist_size);
389
0
    OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
390
0
    bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
391
0
    OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
392
0
    OPENSSL_assert(!TESTBIT(table, bit));
393
0
    SETBIT(table, bit);
394
0
}
395
396
static void sh_add_to_list(char **list, char *ptr)
397
0
{
398
0
    SH_LIST *temp;
399
400
0
    OPENSSL_assert(WITHIN_FREELIST(list));
401
0
    OPENSSL_assert(WITHIN_ARENA(ptr));
402
403
0
    temp = (SH_LIST *)ptr;
404
0
    temp->next = *(SH_LIST **)list;
405
0
    OPENSSL_assert(temp->next == NULL || WITHIN_ARENA(temp->next));
406
0
    temp->p_next = (SH_LIST **)list;
407
408
0
    if (temp->next != NULL) {
409
0
        OPENSSL_assert((char **)temp->next->p_next == list);
410
0
        temp->next->p_next = &(temp->next);
411
0
    }
412
413
0
    *list = ptr;
414
0
}
415
416
static void sh_remove_from_list(char *ptr)
417
0
{
418
0
    SH_LIST *temp, *temp2;
419
420
0
    temp = (SH_LIST *)ptr;
421
0
    if (temp->next != NULL)
422
0
        temp->next->p_next = temp->p_next;
423
0
    *temp->p_next = temp->next;
424
0
    if (temp->next == NULL)
425
0
        return;
426
427
0
    temp2 = temp->next;
428
0
    OPENSSL_assert(WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next));
429
0
}
430
431
static int sh_init(size_t size, size_t minsize)
432
0
{
433
0
    int ret;
434
0
    size_t i;
435
0
    size_t pgsize;
436
0
    size_t aligned;
437
#if defined(_WIN32)
438
    DWORD flOldProtect;
439
    SYSTEM_INFO systemInfo;
440
#endif
441
442
0
    memset(&sh, 0, sizeof(sh));
443
444
    /* make sure size is a powers of 2 */
445
0
    OPENSSL_assert(size > 0);
446
0
    OPENSSL_assert((size & (size - 1)) == 0);
447
0
    if (size == 0 || (size & (size - 1)) != 0)
448
0
        goto err;
449
450
0
    if (minsize <= sizeof(SH_LIST)) {
451
0
        OPENSSL_assert(sizeof(SH_LIST) <= 65536);
452
        /*
453
         * Compute the minimum possible allocation size.
454
         * This must be a power of 2 and at least as large as the SH_LIST
455
         * structure.
456
         */
457
0
        minsize = sizeof(SH_LIST) - 1;
458
0
        minsize |= minsize >> 1;
459
0
        minsize |= minsize >> 2;
460
0
        if (sizeof(SH_LIST) > 16)
461
0
            minsize |= minsize >> 4;
462
0
        if (sizeof(SH_LIST) > 256)
463
0
            minsize |= minsize >> 8;
464
0
        minsize++;
465
0
    } else {
466
        /* make sure minsize is a powers of 2 */
467
0
        OPENSSL_assert((minsize & (minsize - 1)) == 0);
468
0
        if ((minsize & (minsize - 1)) != 0)
469
0
            goto err;
470
0
    }
471
472
0
    sh.arena_size = size;
473
0
    sh.minsize = minsize;
474
0
    sh.bittable_size = (sh.arena_size / sh.minsize) * 2;
475
476
    /* Prevent allocations of size 0 later on */
477
0
    if (sh.bittable_size >> 3 == 0)
478
0
        goto err;
479
480
0
    sh.freelist_size = -1;
481
0
    for (i = sh.bittable_size; i; i >>= 1)
482
0
        sh.freelist_size++;
483
484
0
    sh.freelist = OPENSSL_calloc(sh.freelist_size, sizeof(char *));
485
0
    OPENSSL_assert(sh.freelist != NULL);
486
0
    if (sh.freelist == NULL)
487
0
        goto err;
488
489
0
    sh.bittable = OPENSSL_zalloc(sh.bittable_size >> 3);
490
0
    OPENSSL_assert(sh.bittable != NULL);
491
0
    if (sh.bittable == NULL)
492
0
        goto err;
493
494
0
    sh.bitmalloc = OPENSSL_zalloc(sh.bittable_size >> 3);
495
0
    OPENSSL_assert(sh.bitmalloc != NULL);
496
0
    if (sh.bitmalloc == NULL)
497
0
        goto err;
498
499
    /* Allocate space for heap, and two extra pages as guards */
500
0
#if defined(_SC_PAGE_SIZE) || defined(_SC_PAGESIZE)
501
0
    {
502
0
#if defined(_SC_PAGE_SIZE)
503
0
        long tmppgsize = sysconf(_SC_PAGE_SIZE);
504
#else
505
        long tmppgsize = sysconf(_SC_PAGESIZE);
506
#endif
507
0
        if (tmppgsize < 1)
508
0
            pgsize = PAGE_SIZE;
509
0
        else
510
0
            pgsize = (size_t)tmppgsize;
511
0
    }
512
#elif defined(_WIN32)
513
    GetSystemInfo(&systemInfo);
514
    pgsize = (size_t)systemInfo.dwPageSize;
515
#else
516
    pgsize = PAGE_SIZE;
517
#endif
518
0
    sh.map_size = pgsize + sh.arena_size + pgsize;
519
520
0
#if !defined(_WIN32)
521
0
#ifdef MAP_ANON
522
0
    sh.map_result = mmap(NULL, sh.map_size,
523
0
        PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_CONCEAL, -1, 0);
524
#else
525
    {
526
        int fd;
527
528
        sh.map_result = MAP_FAILED;
529
        if ((fd = open("/dev/zero", O_RDWR)) >= 0) {
530
            sh.map_result = mmap(NULL, sh.map_size,
531
                PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
532
            close(fd);
533
        }
534
    }
535
#endif
536
0
    if (sh.map_result == MAP_FAILED)
537
0
        goto err;
538
#else
539
    sh.map_result = VirtualAlloc(NULL, sh.map_size, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
540
541
    if (sh.map_result == NULL)
542
        goto err;
543
#endif
544
545
0
    sh.arena = (char *)(sh.map_result + pgsize);
546
0
    sh_setbit(sh.arena, 0, sh.bittable);
547
0
    sh_add_to_list(&sh.freelist[0], sh.arena);
548
549
    /* Now try to add guard pages and lock into memory. */
550
0
    ret = 1;
551
552
0
#if !defined(_WIN32)
553
    /* Starting guard is already aligned from mmap. */
554
0
    if (mprotect(sh.map_result, pgsize, PROT_NONE) < 0)
555
0
        ret = 2;
556
#else
557
    if (VirtualProtect(sh.map_result, pgsize, PAGE_NOACCESS, &flOldProtect) == FALSE)
558
        ret = 2;
559
#endif
560
561
    /* Ending guard page - need to round up to page boundary */
562
0
    aligned = (pgsize + sh.arena_size + (pgsize - 1)) & ~(pgsize - 1);
563
0
#if !defined(_WIN32)
564
0
    if (mprotect(sh.map_result + aligned, pgsize, PROT_NONE) < 0)
565
0
        ret = 2;
566
#else
567
    if (VirtualProtect(sh.map_result + aligned, pgsize, PAGE_NOACCESS, &flOldProtect) == FALSE)
568
        ret = 2;
569
#endif
570
571
0
#if defined(OPENSSL_SYS_LINUX) && defined(MLOCK_ONFAULT) && defined(SYS_mlock2)
572
0
    if (syscall(SYS_mlock2, sh.arena, sh.arena_size, MLOCK_ONFAULT) < 0) {
573
0
        if (errno == ENOSYS) {
574
0
            if (mlock(sh.arena, sh.arena_size) < 0)
575
0
                ret = 2;
576
0
        } else {
577
0
            ret = 2;
578
0
        }
579
0
    }
580
#elif defined(_WIN32)
581
    if (VirtualLock(sh.arena, sh.arena_size) == FALSE)
582
        ret = 2;
583
#else
584
    if (mlock(sh.arena, sh.arena_size) < 0)
585
        ret = 2;
586
#endif
587
0
#ifndef NO_MADVISE
588
0
    if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0)
589
0
        ret = 2;
590
0
#endif
591
592
0
    return ret;
593
594
0
err:
595
0
    sh_done();
596
0
    return 0;
597
0
}
598
599
static void sh_done(void)
600
0
{
601
0
    OPENSSL_free(sh.freelist);
602
0
    OPENSSL_free(sh.bittable);
603
0
    OPENSSL_free(sh.bitmalloc);
604
0
#if !defined(_WIN32)
605
0
    if (sh.map_result != MAP_FAILED && sh.map_size)
606
0
        munmap(sh.map_result, sh.map_size);
607
#else
608
    if (sh.map_result != NULL && sh.map_size)
609
        VirtualFree(sh.map_result, 0, MEM_RELEASE);
610
#endif
611
0
    memset(&sh, 0, sizeof(sh));
612
0
}
613
614
static int sh_allocated(const char *ptr)
615
0
{
616
0
    return WITHIN_ARENA(ptr) ? 1 : 0;
617
0
}
618
619
static char *sh_find_my_buddy(char *ptr, int list)
620
0
{
621
0
    size_t bit;
622
0
    char *chunk = NULL;
623
624
0
    bit = (ONE << list) + (ptr - sh.arena) / (sh.arena_size >> list);
625
0
    bit ^= 1;
626
627
0
    if (TESTBIT(sh.bittable, bit) && !TESTBIT(sh.bitmalloc, bit))
628
0
        chunk = sh.arena + ((bit & ((ONE << list) - 1)) * (sh.arena_size >> list));
629
630
0
    return chunk;
631
0
}
632
633
static void *sh_malloc(size_t size)
634
0
{
635
0
    ossl_ssize_t list, slist;
636
0
    size_t i;
637
0
    char *chunk;
638
639
0
    if (size > sh.arena_size)
640
0
        return NULL;
641
642
0
    list = sh.freelist_size - 1;
643
0
    for (i = sh.minsize; i < size; i <<= 1)
644
0
        list--;
645
0
    if (list < 0)
646
0
        return NULL;
647
648
    /* try to find a larger entry to split */
649
0
    for (slist = list; slist >= 0; slist--)
650
0
        if (sh.freelist[slist] != NULL)
651
0
            break;
652
0
    if (slist < 0)
653
0
        return NULL;
654
655
    /* split larger entry */
656
0
    while (slist != list) {
657
0
        char *temp = sh.freelist[slist];
658
659
        /* remove from bigger list */
660
0
        OPENSSL_assert(!sh_testbit(temp, (int)slist, sh.bitmalloc));
661
0
        sh_clearbit(temp, (int)slist, sh.bittable);
662
0
        sh_remove_from_list(temp);
663
0
        OPENSSL_assert(temp != sh.freelist[slist]);
664
665
        /* done with bigger list */
666
0
        slist++;
667
668
        /* add to smaller list */
669
0
        OPENSSL_assert(!sh_testbit(temp, (int)slist, sh.bitmalloc));
670
0
        sh_setbit(temp, (int)slist, sh.bittable);
671
0
        sh_add_to_list(&sh.freelist[slist], temp);
672
0
        OPENSSL_assert(sh.freelist[slist] == temp);
673
674
        /* split in 2 */
675
0
        temp += sh.arena_size >> slist;
676
0
        OPENSSL_assert(!sh_testbit(temp, (int)slist, sh.bitmalloc));
677
0
        sh_setbit(temp, (int)slist, sh.bittable);
678
0
        sh_add_to_list(&sh.freelist[slist], temp);
679
0
        OPENSSL_assert(sh.freelist[slist] == temp);
680
681
0
        OPENSSL_assert(temp - (sh.arena_size >> slist) == sh_find_my_buddy(temp, (int)slist));
682
0
    }
683
684
    /* peel off memory to hand back */
685
0
    chunk = sh.freelist[list];
686
0
    OPENSSL_assert(sh_testbit(chunk, (int)list, sh.bittable));
687
0
    sh_setbit(chunk, (int)list, sh.bitmalloc);
688
0
    sh_remove_from_list(chunk);
689
690
0
    OPENSSL_assert(WITHIN_ARENA(chunk));
691
692
    /* zero the free list header as a precaution against information leakage */
693
0
    memset(chunk, 0, sizeof(SH_LIST));
694
695
0
    return chunk;
696
0
}
697
698
static void sh_free(void *ptr)
699
0
{
700
0
    size_t list;
701
0
    void *buddy;
702
703
0
    if (ptr == NULL)
704
0
        return;
705
0
    OPENSSL_assert(WITHIN_ARENA(ptr));
706
0
    if (!WITHIN_ARENA(ptr))
707
0
        return;
708
709
0
    list = sh_getlist(ptr);
710
0
    OPENSSL_assert(sh_testbit(ptr, (int)list, sh.bittable));
711
0
    sh_clearbit(ptr, (int)list, sh.bitmalloc);
712
0
    sh_add_to_list(&sh.freelist[list], ptr);
713
714
    /* Try to coalesce two adjacent free areas. */
715
0
    while ((buddy = sh_find_my_buddy(ptr, (int)list)) != NULL) {
716
0
        OPENSSL_assert(ptr == sh_find_my_buddy(buddy, (int)list));
717
0
        OPENSSL_assert(ptr != NULL);
718
0
        OPENSSL_assert(!sh_testbit(ptr, (int)list, sh.bitmalloc));
719
0
        sh_clearbit(ptr, (int)list, sh.bittable);
720
0
        sh_remove_from_list(ptr);
721
0
        OPENSSL_assert(!sh_testbit(ptr, (int)list, sh.bitmalloc));
722
0
        sh_clearbit(buddy, (int)list, sh.bittable);
723
0
        sh_remove_from_list(buddy);
724
725
0
        list--;
726
727
        /* Zero the higher addressed block's free list pointers */
728
0
        memset(ptr > buddy ? ptr : buddy, 0, sizeof(SH_LIST));
729
0
        if (ptr > buddy)
730
0
            ptr = buddy;
731
732
0
        OPENSSL_assert(!sh_testbit(ptr, (int)list, sh.bitmalloc));
733
0
        sh_setbit(ptr, (int)list, sh.bittable);
734
0
        sh_add_to_list(&sh.freelist[list], ptr);
735
0
        OPENSSL_assert(sh.freelist[list] == ptr);
736
0
    }
737
0
}
738
739
static size_t sh_actual_size(char *ptr)
740
0
{
741
0
    int list;
742
743
0
    OPENSSL_assert(WITHIN_ARENA(ptr));
744
0
    if (!WITHIN_ARENA(ptr))
745
0
        return 0;
746
0
    list = (int)sh_getlist(ptr);
747
0
    OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
748
0
    return sh.arena_size / (ONE << list);
749
0
}
750
#endif /* OPENSSL_NO_SECURE_MEMORY */