/src/openssl/crypto/mem_sec.c

Source (jump to first uncovered line)
/*
 * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
 * Copyright 2004-2014, Akamai Technologies. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * This file is in two halves. The first half implements the public API
 * to be used by external consumers, and to be used by OpenSSL to store
 * data in a "secure arena." The second half implements the secure arena.
 * For details on that implementation, see below (look for uppercase
 * "SECURE HEAP IMPLEMENTATION").
 */
#include "internal/e_os.h"
#include <openssl/crypto.h>
#include <openssl/err.h>

#include <string.h>

#ifndef OPENSSL_NO_SECURE_MEMORY
# if defined(_WIN32)
#  include <windows.h>
#  if defined(WINAPI_FAMILY_PARTITION)
#   if !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP | WINAPI_PARTITION_SYSTEM)
/*
 * While VirtualLock is available under the app partition (e.g. UWP),
 * the headers do not define the API. Define it ourselves instead.
 */
WINBASEAPI
BOOL
WINAPI
VirtualLock(
    _In_ LPVOID lpAddress,
    _In_ SIZE_T dwSize
    );
#   endif
#  endif
# endif
# include <stdlib.h>
# include <assert.h>
# if defined(OPENSSL_SYS_UNIX)
#  include <unistd.h>
# endif
# include <sys/types.h>
# if defined(OPENSSL_SYS_UNIX)
#  include <sys/mman.h>
#  if defined(__FreeBSD__)
#    define MADV_DONTDUMP MADV_NOCORE
#  endif
#  if !defined(MAP_CONCEAL)
#    define MAP_CONCEAL 0
#  endif
# endif
# if defined(OPENSSL_SYS_LINUX)
#  include <sys/syscall.h>
#  if defined(SYS_mlock2)
#   include <linux/mman.h>
#   include <errno.h>
#  endif
#  include <sys/param.h>
# endif
# include <sys/stat.h>
# include <fcntl.h>
#endif

#define CLEAR(p, s) OPENSSL_cleanse(p, s)
#ifndef PAGE_SIZE
# define PAGE_SIZE    4096
#endif
#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
# define MAP_ANON MAP_ANONYMOUS
#endif

#ifndef OPENSSL_NO_SECURE_MEMORY
static size_t secure_mem_used;

static int secure_mem_initialized;

static CRYPTO_RWLOCK *sec_malloc_lock = NULL;

/*
 * These are the functions that must be implemented by a secure heap (sh).
 */
static int sh_init(size_t size, size_t minsize);
static void *sh_malloc(size_t size);
static void sh_free(void *ptr);
static void sh_done(void);
static size_t sh_actual_size(char *ptr);
static int sh_allocated(const char *ptr);
#endif

int CRYPTO_secure_malloc_init(size_t size, size_t minsize)
{
#ifndef OPENSSL_NO_SECURE_MEMORY
    int ret = 0;

    if (!secure_mem_initialized) {
        sec_malloc_lock = CRYPTO_THREAD_lock_new();
        if (sec_malloc_lock == NULL)
            return 0;
        if ((ret = sh_init(size, minsize)) != 0) {
            secure_mem_initialized = 1;
        } else {
            CRYPTO_THREAD_lock_free(sec_malloc_lock);
            sec_malloc_lock = NULL;
        }
    }

    return ret;
#else
    return 0;
#endif /* OPENSSL_NO_SECURE_MEMORY */
}

int CRYPTO_secure_malloc_done(void)
{
#ifndef OPENSSL_NO_SECURE_MEMORY
    if (secure_mem_used == 0) {
        sh_done();
        secure_mem_initialized = 0;
        CRYPTO_THREAD_lock_free(sec_malloc_lock);
        sec_malloc_lock = NULL;
        return 1;
    }
#endif /* OPENSSL_NO_SECURE_MEMORY */
    return 0;
}

int CRYPTO_secure_malloc_initialized(void)
{
#ifndef OPENSSL_NO_SECURE_MEMORY
    return secure_mem_initialized;
#else
    return 0;
#endif /* OPENSSL_NO_SECURE_MEMORY */
}

void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
{
#ifndef OPENSSL_NO_SECURE_MEMORY
    void *ret = NULL;
    size_t actual_size;
    int reason = CRYPTO_R_SECURE_MALLOC_FAILURE;

    if (!secure_mem_initialized) {
        return CRYPTO_malloc(num, file, line);
    }
    if (!CRYPTO_THREAD_write_lock(sec_malloc_lock)) {
        reason = ERR_R_CRYPTO_LIB;
        goto err;
    }
    ret = sh_malloc(num);
    actual_size = ret ? sh_actual_size(ret) : 0;
    secure_mem_used += actual_size;
    CRYPTO_THREAD_unlock(sec_malloc_lock);
 err:
    if (ret == NULL && (file != NULL || line != 0)) {
        ERR_new();
        ERR_set_debug(file, line, NULL);
        ERR_set_error(ERR_LIB_CRYPTO, reason, NULL);
    }
    return ret;
#else
    return CRYPTO_malloc(num, file, line);
#endif /* OPENSSL_NO_SECURE_MEMORY */
}

void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
{
#ifndef OPENSSL_NO_SECURE_MEMORY
    if (secure_mem_initialized)
        /* CRYPTO_secure_malloc() zeroes allocations when it is implemented */
        return CRYPTO_secure_malloc(num, file, line);
#endif
    return CRYPTO_zalloc(num, file, line);
}

void CRYPTO_secure_free(void *ptr, const char *file, int line)
{
#ifndef OPENSSL_NO_SECURE_MEMORY
    size_t actual_size;

    if (ptr == NULL)
        return;
    if (!CRYPTO_secure_allocated(ptr)) {
        CRYPTO_free(ptr, file, line);
        return;
    }
    if (!CRYPTO_THREAD_write_lock(sec_malloc_lock))
        return;
    actual_size = sh_actual_size(ptr);
    CLEAR(ptr, actual_size);
    secure_mem_used -= actual_size;
    sh_free(ptr);
    CRYPTO_THREAD_unlock(sec_malloc_lock);
#else
    CRYPTO_free(ptr, file, line);
#endif /* OPENSSL_NO_SECURE_MEMORY */
}

void CRYPTO_secure_clear_free(void *ptr, size_t num,
                              const char *file, int line)
{
#ifndef OPENSSL_NO_SECURE_MEMORY
    size_t actual_size;

    if (ptr == NULL)
        return;
    if (!CRYPTO_secure_allocated(ptr)) {
        OPENSSL_cleanse(ptr, num);
        CRYPTO_free(ptr, file, line);
        return;
    }
    if (!CRYPTO_THREAD_write_lock(sec_malloc_lock))
        return;
    actual_size = sh_actual_size(ptr);
    CLEAR(ptr, actual_size);
    secure_mem_used -= actual_size;
    sh_free(ptr);
    CRYPTO_THREAD_unlock(sec_malloc_lock);
#else
    if (ptr == NULL)
        return;
    OPENSSL_cleanse(ptr, num);
    CRYPTO_free(ptr, file, line);
#endif /* OPENSSL_NO_SECURE_MEMORY */
}

int CRYPTO_secure_allocated(const void *ptr)
{
#ifndef OPENSSL_NO_SECURE_MEMORY
    if (!secure_mem_initialized)
        return 0;
    /*
     * Only read accesses to the arena take place in sh_allocated() and this
     * is only changed by the sh_init() and sh_done() calls which are not
     * locked.  Hence, it is safe to make this check without a lock too.
     */
    return sh_allocated(ptr);
#else
    return 0;
#endif /* OPENSSL_NO_SECURE_MEMORY */
}

size_t CRYPTO_secure_used(void)
{
#ifndef OPENSSL_NO_SECURE_MEMORY
    return secure_mem_used;
#else
    return 0;
#endif /* OPENSSL_NO_SECURE_MEMORY */
}

size_t CRYPTO_secure_actual_size(void *ptr)
{
#ifndef OPENSSL_NO_SECURE_MEMORY
    size_t actual_size;

    if (!CRYPTO_THREAD_write_lock(sec_malloc_lock))
        return 0;
    actual_size = sh_actual_size(ptr);
    CRYPTO_THREAD_unlock(sec_malloc_lock);
    return actual_size;
#else
    return 0;
#endif
}

/*
 * SECURE HEAP IMPLEMENTATION
 */
#ifndef OPENSSL_NO_SECURE_MEMORY


/*
 * The implementation provided here uses a fixed-sized mmap() heap,
 * which is locked into memory, not written to core files, and protected
 * on either side by an unmapped page, which will catch pointer overruns
 * (or underruns) and an attempt to read data out of the secure heap.
 * Free'd memory is zero'd or otherwise cleansed.
 *
 * This is a pretty standard buddy allocator.  We keep areas in a multiple
 * of "sh.minsize" units.  The freelist and bitmaps are kept separately,
 * so all (and only) data is kept in the mmap'd heap.
 *
 * This code assumes eight-bit bytes.  The numbers 3 and 7 are all over the
 * place.
 */

#define ONE ((size_t)1)

# define TESTBIT(t, b)  (t[(b) >> 3] &  (ONE << ((b) & 7)))
# define SETBIT(t, b)   (t[(b) >> 3] |= (ONE << ((b) & 7)))
# define CLEARBIT(t, b) (t[(b) >> 3] &= (0xFF & ~(ONE << ((b) & 7))))

#define WITHIN_ARENA(p) \
    ((char*)(p) >= sh.arena && (char*)(p) < &sh.arena[sh.arena_size])
#define WITHIN_FREELIST(p) \
    ((char*)(p) >= (char*)sh.freelist && (char*)(p) < (char*)&sh.freelist[sh.freelist_size])


typedef struct sh_list_st
{
    struct sh_list_st *next;
    struct sh_list_st **p_next;
} SH_LIST;

typedef struct sh_st
{
    char* map_result;
    size_t map_size;
    char *arena;
    size_t arena_size;
    char **freelist;
    ossl_ssize_t freelist_size;
    size_t minsize;
    unsigned char *bittable;
    unsigned char *bitmalloc;
    size_t bittable_size; /* size in bits */
} SH;

static SH sh;

static size_t sh_getlist(char *ptr)
{
    ossl_ssize_t list = sh.freelist_size - 1;
    size_t bit = (sh.arena_size + ptr - sh.arena) / sh.minsize;

    for (; bit; bit >>= 1, list--) {
        if (TESTBIT(sh.bittable, bit))
            break;
        OPENSSL_assert((bit & 1) == 0);
    }

    return list;
}


static int sh_testbit(char *ptr, int list, unsigned char *table)
{
    size_t bit;

    OPENSSL_assert(list >= 0 && list < sh.freelist_size);
    OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
    bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
    OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
    return TESTBIT(table, bit);
}

static void sh_clearbit(char *ptr, int list, unsigned char *table)
{
    size_t bit;

    OPENSSL_assert(list >= 0 && list < sh.freelist_size);
    OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
    bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
    OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
    OPENSSL_assert(TESTBIT(table, bit));
    CLEARBIT(table, bit);
}

static void sh_setbit(char *ptr, int list, unsigned char *table)
{
    size_t bit;

    OPENSSL_assert(list >= 0 && list < sh.freelist_size);
    OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
    bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
    OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
    OPENSSL_assert(!TESTBIT(table, bit));
    SETBIT(table, bit);
}

static void sh_add_to_list(char **list, char *ptr)
{
    SH_LIST *temp;

    OPENSSL_assert(WITHIN_FREELIST(list));
    OPENSSL_assert(WITHIN_ARENA(ptr));

    temp = (SH_LIST *)ptr;
    temp->next = *(SH_LIST **)list;
    OPENSSL_assert(temp->next == NULL || WITHIN_ARENA(temp->next));
    temp->p_next = (SH_LIST **)list;

    if (temp->next != NULL) {
        OPENSSL_assert((char **)temp->next->p_next == list);
        temp->next->p_next = &(temp->next);
    }

    *list = ptr;
}

static void sh_remove_from_list(char *ptr)
{
    SH_LIST *temp, *temp2;

    temp = (SH_LIST *)ptr;
    if (temp->next != NULL)
        temp->next->p_next = temp->p_next;
    *temp->p_next = temp->next;
    if (temp->next == NULL)
        return;

    temp2 = temp->next;
    OPENSSL_assert(WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next));
}


static int sh_init(size_t size, size_t minsize)
{
    int ret;
    size_t i;
    size_t pgsize;
    size_t aligned;
#if defined(_WIN32)
    DWORD flOldProtect;
    SYSTEM_INFO systemInfo;
#endif

    memset(&sh, 0, sizeof(sh));

    /* make sure size is a powers of 2 */
    OPENSSL_assert(size > 0);
    OPENSSL_assert((size & (size - 1)) == 0);
    if (size == 0 || (size & (size - 1)) != 0)
        goto err;

    if (minsize <= sizeof(SH_LIST)) {
        OPENSSL_assert(sizeof(SH_LIST) <= 65536);
        /*
         * Compute the minimum possible allocation size.
         * This must be a power of 2 and at least as large as the SH_LIST
         * structure.
         */
        minsize = sizeof(SH_LIST) - 1;
        minsize |= minsize >> 1;
        minsize |= minsize >> 2;
        if (sizeof(SH_LIST) > 16)
            minsize |= minsize >> 4;
        if (sizeof(SH_LIST) > 256)
            minsize |= minsize >> 8;
        minsize++;
    } else {
        /* make sure minsize is a powers of 2 */
          OPENSSL_assert((minsize & (minsize - 1)) == 0);
          if ((minsize & (minsize - 1)) != 0)
              goto err;
    }

    sh.arena_size = size;
    sh.minsize = minsize;
    sh.bittable_size = (sh.arena_size / sh.minsize) * 2;

    /* Prevent allocations of size 0 later on */
    if (sh.bittable_size >> 3 == 0)
        goto err;

    sh.freelist_size = -1;
    for (i = sh.bittable_size; i; i >>= 1)
        sh.freelist_size++;

    sh.freelist = OPENSSL_zalloc(sh.freelist_size * sizeof(char *));
    OPENSSL_assert(sh.freelist != NULL);
    if (sh.freelist == NULL)
        goto err;

    sh.bittable = OPENSSL_zalloc(sh.bittable_size >> 3);
    OPENSSL_assert(sh.bittable != NULL);
    if (sh.bittable == NULL)
        goto err;

    sh.bitmalloc = OPENSSL_zalloc(sh.bittable_size >> 3);
    OPENSSL_assert(sh.bitmalloc != NULL);
    if (sh.bitmalloc == NULL)
        goto err;

    /* Allocate space for heap, and two extra pages as guards */
#if defined(_SC_PAGE_SIZE) || defined (_SC_PAGESIZE)
    {
# if defined(_SC_PAGE_SIZE)
        long tmppgsize = sysconf(_SC_PAGE_SIZE);
# else
        long tmppgsize = sysconf(_SC_PAGESIZE);
# endif
        if (tmppgsize < 1)
            pgsize = PAGE_SIZE;
        else
            pgsize = (size_t)tmppgsize;
    }
#elif defined(_WIN32)
    GetSystemInfo(&systemInfo);
    pgsize = (size_t)systemInfo.dwPageSize;
#else
    pgsize = PAGE_SIZE;
#endif
    sh.map_size = pgsize + sh.arena_size + pgsize;

#if !defined(_WIN32)
# ifdef MAP_ANON
    sh.map_result = mmap(NULL, sh.map_size,
                         PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE|MAP_CONCEAL, -1, 0);
# else
    {
        int fd;

        sh.map_result = MAP_FAILED;
        if ((fd = open("/dev/zero", O_RDWR)) >= 0) {
            sh.map_result = mmap(NULL, sh.map_size,
                                 PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0);
            close(fd);
        }
    }
# endif
    if (sh.map_result == MAP_FAILED)
        goto err;
#else
    sh.map_result = VirtualAlloc(NULL, sh.map_size, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);

    if (sh.map_result == NULL)
            goto err;
#endif

    sh.arena = (char *)(sh.map_result + pgsize);
    sh_setbit(sh.arena, 0, sh.bittable);
    sh_add_to_list(&sh.freelist[0], sh.arena);

    /* Now try to add guard pages and lock into memory. */
    ret = 1;

#if !defined(_WIN32)
    /* Starting guard is already aligned from mmap. */
    if (mprotect(sh.map_result, pgsize, PROT_NONE) < 0)
        ret = 2;
#else
    if (VirtualProtect(sh.map_result, pgsize, PAGE_NOACCESS, &flOldProtect) == FALSE)
        ret = 2;
#endif

    /* Ending guard page - need to round up to page boundary */
    aligned = (pgsize + sh.arena_size + (pgsize - 1)) & ~(pgsize - 1);
#if !defined(_WIN32)
    if (mprotect(sh.map_result + aligned, pgsize, PROT_NONE) < 0)
        ret = 2;
#else
    if (VirtualProtect(sh.map_result + aligned, pgsize, PAGE_NOACCESS, &flOldProtect) == FALSE)
        ret = 2;
#endif

#if defined(OPENSSL_SYS_LINUX) && defined(MLOCK_ONFAULT) && defined(SYS_mlock2)
    if (syscall(SYS_mlock2, sh.arena, sh.arena_size, MLOCK_ONFAULT) < 0) {
        if (errno == ENOSYS) {
            if (mlock(sh.arena, sh.arena_size) < 0)
                ret = 2;
        } else {
            ret = 2;
        }
    }
#elif defined(_WIN32)
    if (VirtualLock(sh.arena, sh.arena_size) == FALSE)
        ret = 2;
#else
    if (mlock(sh.arena, sh.arena_size) < 0)
        ret = 2;
#endif
#ifdef MADV_DONTDUMP
    if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0)
        ret = 2;
#endif

    return ret;

 err:
    sh_done();
    return 0;
}

static void sh_done(void)
{
    OPENSSL_free(sh.freelist);
    OPENSSL_free(sh.bittable);
    OPENSSL_free(sh.bitmalloc);
#if !defined(_WIN32)
    if (sh.map_result != MAP_FAILED && sh.map_size)
        munmap(sh.map_result, sh.map_size);
#else
    if (sh.map_result != NULL && sh.map_size)
        VirtualFree(sh.map_result, 0, MEM_RELEASE);
#endif
    memset(&sh, 0, sizeof(sh));
}

static int sh_allocated(const char *ptr)
{
    return WITHIN_ARENA(ptr) ? 1 : 0;
}

static char *sh_find_my_buddy(char *ptr, int list)
{
    size_t bit;
    char *chunk = NULL;

    bit = (ONE << list) + (ptr - sh.arena) / (sh.arena_size >> list);
    bit ^= 1;

    if (TESTBIT(sh.bittable, bit) && !TESTBIT(sh.bitmalloc, bit))
        chunk = sh.arena + ((bit & ((ONE << list) - 1)) * (sh.arena_size >> list));

    return chunk;
}

static void *sh_malloc(size_t size)
{
    ossl_ssize_t list, slist;
    size_t i;
    char *chunk;

    if (size > sh.arena_size)
        return NULL;

    list = sh.freelist_size - 1;
    for (i = sh.minsize; i < size; i <<= 1)
        list--;
    if (list < 0)
        return NULL;

    /* try to find a larger entry to split */
    for (slist = list; slist >= 0; slist--)
        if (sh.freelist[slist] != NULL)
            break;
    if (slist < 0)
        return NULL;

    /* split larger entry */
    while (slist != list) {
        char *temp = sh.freelist[slist];

        /* remove from bigger list */
        OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
        sh_clearbit(temp, slist, sh.bittable);
        sh_remove_from_list(temp);
        OPENSSL_assert(temp != sh.freelist[slist]);

        /* done with bigger list */
        slist++;

        /* add to smaller list */
        OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
        sh_setbit(temp, slist, sh.bittable);
        sh_add_to_list(&sh.freelist[slist], temp);
        OPENSSL_assert(sh.freelist[slist] == temp);

        /* split in 2 */
        temp += sh.arena_size >> slist;
        OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
        sh_setbit(temp, slist, sh.bittable);
        sh_add_to_list(&sh.freelist[slist], temp);
        OPENSSL_assert(sh.freelist[slist] == temp);

        OPENSSL_assert(temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist));
    }

    /* peel off memory to hand back */
    chunk = sh.freelist[list];
    OPENSSL_assert(sh_testbit(chunk, list, sh.bittable));
    sh_setbit(chunk, list, sh.bitmalloc);
    sh_remove_from_list(chunk);

    OPENSSL_assert(WITHIN_ARENA(chunk));

    /* zero the free list header as a precaution against information leakage */
    memset(chunk, 0, sizeof(SH_LIST));

    return chunk;
}

static void sh_free(void *ptr)
{
    size_t list;
    void *buddy;

    if (ptr == NULL)
        return;
    OPENSSL_assert(WITHIN_ARENA(ptr));
    if (!WITHIN_ARENA(ptr))
        return;

    list = sh_getlist(ptr);
    OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
    sh_clearbit(ptr, list, sh.bitmalloc);
    sh_add_to_list(&sh.freelist[list], ptr);

    /* Try to coalesce two adjacent free areas. */
    while ((buddy = sh_find_my_buddy(ptr, list)) != NULL) {
        OPENSSL_assert(ptr == sh_find_my_buddy(buddy, list));
        OPENSSL_assert(ptr != NULL);
        OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
        sh_clearbit(ptr, list, sh.bittable);
        sh_remove_from_list(ptr);
        OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
        sh_clearbit(buddy, list, sh.bittable);
        sh_remove_from_list(buddy);

        list--;

        /* Zero the higher addressed block's free list pointers */
        memset(ptr > buddy ? ptr : buddy, 0, sizeof(SH_LIST));
        if (ptr > buddy)
            ptr = buddy;

        OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
        sh_setbit(ptr, list, sh.bittable);
        sh_add_to_list(&sh.freelist[list], ptr);
        OPENSSL_assert(sh.freelist[list] == ptr);
    }
}

static size_t sh_actual_size(char *ptr)
{
    int list;

    OPENSSL_assert(WITHIN_ARENA(ptr));
    if (!WITHIN_ARENA(ptr))
        return 0;
    list = sh_getlist(ptr);
    OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
    return sh.arena_size / (ONE << list);
}
#endif /* OPENSSL_NO_SECURE_MEMORY */

Coverage Report

Created: 2023-06-08 06:40

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
3		* Copyright 2004-2014, Akamai Technologies. All Rights Reserved.
4		*
5		* Licensed under the Apache License 2.0 (the "License"). You may not use
6		* this file except in compliance with the License. You can obtain a copy
7		* in the file LICENSE in the source distribution or at
8		* https://www.openssl.org/source/license.html
9		*/
10
11		/*
12		* This file is in two halves. The first half implements the public API
13		* to be used by external consumers, and to be used by OpenSSL to store
14		* data in a "secure arena." The second half implements the secure arena.
15		* For details on that implementation, see below (look for uppercase
16		* "SECURE HEAP IMPLEMENTATION").
17		*/
18		#include "internal/e_os.h"
19		#include <openssl/crypto.h>
20		#include <openssl/err.h>
21
22		#include <string.h>
23
24		#ifndef OPENSSL_NO_SECURE_MEMORY
25		# if defined(_WIN32)
26		# include <windows.h>
27		# if defined(WINAPI_FAMILY_PARTITION)
28		# if !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP \| WINAPI_PARTITION_SYSTEM)
29		/*
30		* While VirtualLock is available under the app partition (e.g. UWP),
31		* the headers do not define the API. Define it ourselves instead.
32		*/
33		WINBASEAPI
34		BOOL
35		WINAPI
36		VirtualLock(
37		_In_ LPVOID lpAddress,
38		_In_ SIZE_T dwSize
39		);
40		# endif
41		# endif
42		# endif
43		# include <stdlib.h>
44		# include <assert.h>
45		# if defined(OPENSSL_SYS_UNIX)
46		# include <unistd.h>
47		# endif
48		# include <sys/types.h>
49		# if defined(OPENSSL_SYS_UNIX)
50		# include <sys/mman.h>
51		# if defined(__FreeBSD__)
52		# define MADV_DONTDUMP MADV_NOCORE
53		# endif
54		# if !defined(MAP_CONCEAL)
55	0	# define MAP_CONCEAL 0
56		# endif
57		# endif
58		# if defined(OPENSSL_SYS_LINUX)
59		# include <sys/syscall.h>
60		# if defined(SYS_mlock2)
61		# include <linux/mman.h>
62		# include <errno.h>
63		# endif
64		# include <sys/param.h>
65		# endif
66		# include <sys/stat.h>
67		# include <fcntl.h>
68		#endif
69
70	0	#define CLEAR(p, s) OPENSSL_cleanse(p, s)
71		#ifndef PAGE_SIZE
72	0	# define PAGE_SIZE 4096
73		#endif
74		#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
75		# define MAP_ANON MAP_ANONYMOUS
76		#endif
77
78		#ifndef OPENSSL_NO_SECURE_MEMORY
79		static size_t secure_mem_used;
80
81		static int secure_mem_initialized;
82
83		static CRYPTO_RWLOCK *sec_malloc_lock = NULL;
84
85		/*
86		* These are the functions that must be implemented by a secure heap (sh).
87		*/
88		static int sh_init(size_t size, size_t minsize);
89		static void *sh_malloc(size_t size);
90		static void sh_free(void *ptr);
91		static void sh_done(void);
92		static size_t sh_actual_size(char *ptr);
93		static int sh_allocated(const char *ptr);
94		#endif
95
96		int CRYPTO_secure_malloc_init(size_t size, size_t minsize)
97	0	{
98	0	#ifndef OPENSSL_NO_SECURE_MEMORY
99	0	int ret = 0;
100
101	0	if (!secure_mem_initialized) {
102	0	sec_malloc_lock = CRYPTO_THREAD_lock_new();
103	0	if (sec_malloc_lock == NULL)
104	0	return 0;
105	0	if ((ret = sh_init(size, minsize)) != 0) {
106	0	secure_mem_initialized = 1;
107	0	} else {
108	0	CRYPTO_THREAD_lock_free(sec_malloc_lock);
109	0	sec_malloc_lock = NULL;
110	0	}
111	0	}
112
113	0	return ret;
114		#else
115		return 0;
116		#endif /* OPENSSL_NO_SECURE_MEMORY */
117	0	}
118
119		int CRYPTO_secure_malloc_done(void)
120	1	{
121	1	#ifndef OPENSSL_NO_SECURE_MEMORY
122	1	if (secure_mem_used == 0) {
123	1	sh_done();
124	1	secure_mem_initialized = 0;
125	1	CRYPTO_THREAD_lock_free(sec_malloc_lock);
126	1	sec_malloc_lock = NULL;
127	1	return 1;
128	1	}
129	0	#endif /* OPENSSL_NO_SECURE_MEMORY */
130	0	return 0;
131	1	}
132
133		int CRYPTO_secure_malloc_initialized(void)
134	0	{
135	0	#ifndef OPENSSL_NO_SECURE_MEMORY
136	0	return secure_mem_initialized;
137		#else
138		return 0;
139		#endif /* OPENSSL_NO_SECURE_MEMORY */
140	0	}
141
142		void CRYPTO_secure_malloc(size_t num, const char file, int line)
143	0	{
144	0	#ifndef OPENSSL_NO_SECURE_MEMORY
145	0	void *ret = NULL;
146	0	size_t actual_size;
147	0	int reason = CRYPTO_R_SECURE_MALLOC_FAILURE;
148
149	0	if (!secure_mem_initialized) {
150	0	return CRYPTO_malloc(num, file, line);
151	0	}
152	0	if (!CRYPTO_THREAD_write_lock(sec_malloc_lock)) {
153	0	reason = ERR_R_CRYPTO_LIB;
154	0	goto err;
155	0	}
156	0	ret = sh_malloc(num);
157	0	actual_size = ret ? sh_actual_size(ret) : 0;
158	0	secure_mem_used += actual_size;
159	0	CRYPTO_THREAD_unlock(sec_malloc_lock);
160	0	err:
161	0	if (ret == NULL && (file != NULL \|\| line != 0)) {
162	0	ERR_new();
163	0	ERR_set_debug(file, line, NULL);
164	0	ERR_set_error(ERR_LIB_CRYPTO, reason, NULL);
165	0	}
166	0	return ret;
167		#else
168		return CRYPTO_malloc(num, file, line);
169		#endif /* OPENSSL_NO_SECURE_MEMORY */
170	0	}
171
172		void CRYPTO_secure_zalloc(size_t num, const char file, int line)
173	0	{
174	0	#ifndef OPENSSL_NO_SECURE_MEMORY
175	0	if (secure_mem_initialized)
176		/* CRYPTO_secure_malloc() zeroes allocations when it is implemented */
177	0	return CRYPTO_secure_malloc(num, file, line);
178	0	#endif
179	0	return CRYPTO_zalloc(num, file, line);
180	0	}
181
182		void CRYPTO_secure_free(void ptr, const char file, int line)
183	0	{
184	0	#ifndef OPENSSL_NO_SECURE_MEMORY
185	0	size_t actual_size;
186
187	0	if (ptr == NULL)
188	0	return;
189	0	if (!CRYPTO_secure_allocated(ptr)) {
190	0	CRYPTO_free(ptr, file, line);
191	0	return;
192	0	}
193	0	if (!CRYPTO_THREAD_write_lock(sec_malloc_lock))
194	0	return;
195	0	actual_size = sh_actual_size(ptr);
196	0	CLEAR(ptr, actual_size);
197	0	secure_mem_used -= actual_size;
198	0	sh_free(ptr);
199	0	CRYPTO_THREAD_unlock(sec_malloc_lock);
200		#else
201		CRYPTO_free(ptr, file, line);
202		#endif /* OPENSSL_NO_SECURE_MEMORY */
203	0	}
204
205		void CRYPTO_secure_clear_free(void *ptr, size_t num,
206		const char *file, int line)
207	0	{
208	0	#ifndef OPENSSL_NO_SECURE_MEMORY
209	0	size_t actual_size;
210
211	0	if (ptr == NULL)
212	0	return;
213	0	if (!CRYPTO_secure_allocated(ptr)) {
214	0	OPENSSL_cleanse(ptr, num);
215	0	CRYPTO_free(ptr, file, line);
216	0	return;
217	0	}
218	0	if (!CRYPTO_THREAD_write_lock(sec_malloc_lock))
219	0	return;
220	0	actual_size = sh_actual_size(ptr);
221	0	CLEAR(ptr, actual_size);
222	0	secure_mem_used -= actual_size;
223	0	sh_free(ptr);
224	0	CRYPTO_THREAD_unlock(sec_malloc_lock);
225		#else
226		if (ptr == NULL)
227		return;
228		OPENSSL_cleanse(ptr, num);
229		CRYPTO_free(ptr, file, line);
230		#endif /* OPENSSL_NO_SECURE_MEMORY */
231	0	}
232
233		int CRYPTO_secure_allocated(const void *ptr)
234	0	{
235	0	#ifndef OPENSSL_NO_SECURE_MEMORY
236	0	if (!secure_mem_initialized)
237	0	return 0;
238		/*
239		* Only read accesses to the arena take place in sh_allocated() and this
240		* is only changed by the sh_init() and sh_done() calls which are not
241		* locked. Hence, it is safe to make this check without a lock too.
242		*/
243	0	return sh_allocated(ptr);
244		#else
245		return 0;
246		#endif /* OPENSSL_NO_SECURE_MEMORY */
247	0	}
248
249		size_t CRYPTO_secure_used(void)
250	0	{
251	0	#ifndef OPENSSL_NO_SECURE_MEMORY
252	0	return secure_mem_used;
253		#else
254		return 0;
255		#endif /* OPENSSL_NO_SECURE_MEMORY */
256	0	}
257
258		size_t CRYPTO_secure_actual_size(void *ptr)
259	0	{
260	0	#ifndef OPENSSL_NO_SECURE_MEMORY
261	0	size_t actual_size;
262
263	0	if (!CRYPTO_THREAD_write_lock(sec_malloc_lock))
264	0	return 0;
265	0	actual_size = sh_actual_size(ptr);
266	0	CRYPTO_THREAD_unlock(sec_malloc_lock);
267	0	return actual_size;
268		#else
269		return 0;
270		#endif
271	0	}
272
273		/*
274		* SECURE HEAP IMPLEMENTATION
275		*/
276		#ifndef OPENSSL_NO_SECURE_MEMORY
277
278
279		/*
280		* The implementation provided here uses a fixed-sized mmap() heap,
281		* which is locked into memory, not written to core files, and protected
282		* on either side by an unmapped page, which will catch pointer overruns
283		* (or underruns) and an attempt to read data out of the secure heap.
284		* Free'd memory is zero'd or otherwise cleansed.
285		*
286		* This is a pretty standard buddy allocator. We keep areas in a multiple
287		* of "sh.minsize" units. The freelist and bitmaps are kept separately,
288		* so all (and only) data is kept in the mmap'd heap.
289		*
290		* This code assumes eight-bit bytes. The numbers 3 and 7 are all over the
291		* place.
292		*/
293
294	0	#define ONE ((size_t)1)
295
296	0	# define TESTBIT(t, b) (t[(b) >> 3] & (ONE << ((b) & 7)))
297	0	# define SETBIT(t, b) (t[(b) >> 3] \|= (ONE << ((b) & 7)))
298	0	# define CLEARBIT(t, b) (t[(b) >> 3] &= (0xFF & ~(ONE << ((b) & 7))))
299
300		#define WITHIN_ARENA(p) \
301	0	((char)(p) >= sh.arena && (char)(p) < &sh.arena[sh.arena_size])
302		#define WITHIN_FREELIST(p) \
303		((char)(p) >= (char)sh.freelist && (char)(p) < (char)&sh.freelist[sh.freelist_size])
304
305
306		typedef struct sh_list_st
307		{
308		struct sh_list_st *next;
309		struct sh_list_st **p_next;
310		} SH_LIST;
311
312		typedef struct sh_st
313		{
314		char* map_result;
315		size_t map_size;
316		char *arena;
317		size_t arena_size;
318		char **freelist;
319		ossl_ssize_t freelist_size;
320		size_t minsize;
321		unsigned char *bittable;
322		unsigned char *bitmalloc;
323		size_t bittable_size; /* size in bits */
324		} SH;
325
326		static SH sh;
327
328		static size_t sh_getlist(char *ptr)
329	0	{
330	0	ossl_ssize_t list = sh.freelist_size - 1;
331	0	size_t bit = (sh.arena_size + ptr - sh.arena) / sh.minsize;
332
333	0	for (; bit; bit >>= 1, list--) {
334	0	if (TESTBIT(sh.bittable, bit))
335	0	break;
336	0	OPENSSL_assert((bit & 1) == 0);
337	0	}
338
339	0	return list;
340	0	}
341
342
343		static int sh_testbit(char ptr, int list, unsigned char table)
344	0	{
345	0	size_t bit;
346
347	0	OPENSSL_assert(list >= 0 && list < sh.freelist_size);
348	0	OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
349	0	bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
350	0	OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
351	0	return TESTBIT(table, bit);
352	0	}
353
354		static void sh_clearbit(char ptr, int list, unsigned char table)
355	0	{
356	0	size_t bit;
357
358	0	OPENSSL_assert(list >= 0 && list < sh.freelist_size);
359	0	OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
360	0	bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
361	0	OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
362	0	OPENSSL_assert(TESTBIT(table, bit));
363	0	CLEARBIT(table, bit);
364	0	}
365
366		static void sh_setbit(char ptr, int list, unsigned char table)
367	0	{
368	0	size_t bit;
369
370	0	OPENSSL_assert(list >= 0 && list < sh.freelist_size);
371	0	OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
372	0	bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
373	0	OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
374	0	OPENSSL_assert(!TESTBIT(table, bit));
375	0	SETBIT(table, bit);
376	0	}
377
378		static void sh_add_to_list(char *list, char ptr)
379	0	{
380	0	SH_LIST *temp;
381
382	0	OPENSSL_assert(WITHIN_FREELIST(list));
383	0	OPENSSL_assert(WITHIN_ARENA(ptr));
384
385	0	temp = (SH_LIST *)ptr;
386	0	temp->next = (SH_LIST *)list;
387	0	OPENSSL_assert(temp->next == NULL \|\| WITHIN_ARENA(temp->next));
388	0	temp->p_next = (SH_LIST **)list;
389
390	0	if (temp->next != NULL) {
391	0	OPENSSL_assert((char **)temp->next->p_next == list);
392	0	temp->next->p_next = &(temp->next);
393	0	}
394
395	0	*list = ptr;
396	0	}
397
398		static void sh_remove_from_list(char *ptr)
399	0	{
400	0	SH_LIST temp, temp2;
401
402	0	temp = (SH_LIST *)ptr;
403	0	if (temp->next != NULL)
404	0	temp->next->p_next = temp->p_next;
405	0	*temp->p_next = temp->next;
406	0	if (temp->next == NULL)
407	0	return;
408
409	0	temp2 = temp->next;
410	0	OPENSSL_assert(WITHIN_FREELIST(temp2->p_next) \|\| WITHIN_ARENA(temp2->p_next));
411	0	}
412
413
414		static int sh_init(size_t size, size_t minsize)
415	0	{
416	0	int ret;
417	0	size_t i;
418	0	size_t pgsize;
419	0	size_t aligned;
420		#if defined(_WIN32)
421		DWORD flOldProtect;
422		SYSTEM_INFO systemInfo;
423		#endif
424
425	0	memset(&sh, 0, sizeof(sh));
426
427		/* make sure size is a powers of 2 */
428	0	OPENSSL_assert(size > 0);
429	0	OPENSSL_assert((size & (size - 1)) == 0);
430	0	if (size == 0 \|\| (size & (size - 1)) != 0)
431	0	goto err;
432
433	0	if (minsize <= sizeof(SH_LIST)) {
434	0	OPENSSL_assert(sizeof(SH_LIST) <= 65536);
435		/*
436		* Compute the minimum possible allocation size.
437		* This must be a power of 2 and at least as large as the SH_LIST
438		* structure.
439		*/
440	0	minsize = sizeof(SH_LIST) - 1;
441	0	minsize \|= minsize >> 1;
442	0	minsize \|= minsize >> 2;
443	0	if (sizeof(SH_LIST) > 16)
444	0	minsize \|= minsize >> 4;
445	0	if (sizeof(SH_LIST) > 256)
446	0	minsize \|= minsize >> 8;
447	0	minsize++;
448	0	} else {
449		/* make sure minsize is a powers of 2 */
450	0	OPENSSL_assert((minsize & (minsize - 1)) == 0);
451	0	if ((minsize & (minsize - 1)) != 0)
452	0	goto err;
453	0	}
454
455	0	sh.arena_size = size;
456	0	sh.minsize = minsize;
457	0	sh.bittable_size = (sh.arena_size / sh.minsize) * 2;
458
459		/* Prevent allocations of size 0 later on */
460	0	if (sh.bittable_size >> 3 == 0)
461	0	goto err;
462
463	0	sh.freelist_size = -1;
464	0	for (i = sh.bittable_size; i; i >>= 1)
465	0	sh.freelist_size++;
466
467	0	sh.freelist = OPENSSL_zalloc(sh.freelist_size * sizeof(char *));
468	0	OPENSSL_assert(sh.freelist != NULL);
469	0	if (sh.freelist == NULL)
470	0	goto err;
471
472	0	sh.bittable = OPENSSL_zalloc(sh.bittable_size >> 3);
473	0	OPENSSL_assert(sh.bittable != NULL);
474	0	if (sh.bittable == NULL)
475	0	goto err;
476
477	0	sh.bitmalloc = OPENSSL_zalloc(sh.bittable_size >> 3);
478	0	OPENSSL_assert(sh.bitmalloc != NULL);
479	0	if (sh.bitmalloc == NULL)
480	0	goto err;
481
482		/* Allocate space for heap, and two extra pages as guards */
483	0	#if defined(_SC_PAGE_SIZE) \|\| defined (_SC_PAGESIZE)
484	0	{
485	0	# if defined(_SC_PAGE_SIZE)
486	0	long tmppgsize = sysconf(_SC_PAGE_SIZE);
487		# else
488		long tmppgsize = sysconf(_SC_PAGESIZE);
489		# endif
490	0	if (tmppgsize < 1)
491	0	pgsize = PAGE_SIZE;
492	0	else
493	0	pgsize = (size_t)tmppgsize;
494	0	}
495		#elif defined(_WIN32)
496		GetSystemInfo(&systemInfo);
497		pgsize = (size_t)systemInfo.dwPageSize;
498		#else
499		pgsize = PAGE_SIZE;
500		#endif
501	0	sh.map_size = pgsize + sh.arena_size + pgsize;
502
503	0	#if !defined(_WIN32)
504	0	# ifdef MAP_ANON
505	0	sh.map_result = mmap(NULL, sh.map_size,
506	0	PROT_READ\|PROT_WRITE, MAP_ANON\|MAP_PRIVATE\|MAP_CONCEAL, -1, 0);
507		# else
508		{
509		int fd;
510
511		sh.map_result = MAP_FAILED;
512		if ((fd = open("/dev/zero", O_RDWR)) >= 0) {
513		sh.map_result = mmap(NULL, sh.map_size,
514		PROT_READ\|PROT_WRITE, MAP_PRIVATE, fd, 0);
515		close(fd);
516		}
517		}
518		# endif
519	0	if (sh.map_result == MAP_FAILED)
520	0	goto err;
521		#else
522		sh.map_result = VirtualAlloc(NULL, sh.map_size, MEM_COMMIT \| MEM_RESERVE, PAGE_READWRITE);
523
524		if (sh.map_result == NULL)
525		goto err;
526		#endif
527
528	0	sh.arena = (char *)(sh.map_result + pgsize);
529	0	sh_setbit(sh.arena, 0, sh.bittable);
530	0	sh_add_to_list(&sh.freelist[0], sh.arena);
531
532		/* Now try to add guard pages and lock into memory. */
533	0	ret = 1;
534
535	0	#if !defined(_WIN32)
536		/* Starting guard is already aligned from mmap. */
537	0	if (mprotect(sh.map_result, pgsize, PROT_NONE) < 0)
538	0	ret = 2;
539		#else
540		if (VirtualProtect(sh.map_result, pgsize, PAGE_NOACCESS, &flOldProtect) == FALSE)
541		ret = 2;
542		#endif
543
544		/* Ending guard page - need to round up to page boundary */
545	0	aligned = (pgsize + sh.arena_size + (pgsize - 1)) & ~(pgsize - 1);
546	0	#if !defined(_WIN32)
547	0	if (mprotect(sh.map_result + aligned, pgsize, PROT_NONE) < 0)
548	0	ret = 2;
549		#else
550		if (VirtualProtect(sh.map_result + aligned, pgsize, PAGE_NOACCESS, &flOldProtect) == FALSE)
551		ret = 2;
552		#endif
553
554	0	#if defined(OPENSSL_SYS_LINUX) && defined(MLOCK_ONFAULT) && defined(SYS_mlock2)
555	0	if (syscall(SYS_mlock2, sh.arena, sh.arena_size, MLOCK_ONFAULT) < 0) {
556	0	if (errno == ENOSYS) {
557	0	if (mlock(sh.arena, sh.arena_size) < 0)
558	0	ret = 2;
559	0	} else {
560	0	ret = 2;
561	0	}
562	0	}
563		#elif defined(_WIN32)
564		if (VirtualLock(sh.arena, sh.arena_size) == FALSE)
565		ret = 2;
566		#else
567		if (mlock(sh.arena, sh.arena_size) < 0)
568		ret = 2;
569		#endif
570	0	#ifdef MADV_DONTDUMP
571	0	if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0)
572	0	ret = 2;
573	0	#endif
574
575	0	return ret;
576
577	0	err:
578	0	sh_done();
579	0	return 0;
580	0	}
581
582		static void sh_done(void)
583	1	{
584	1	OPENSSL_free(sh.freelist);
585	1	OPENSSL_free(sh.bittable);
586	1	OPENSSL_free(sh.bitmalloc);
587	1	#if !defined(_WIN32)
588	1	if (sh.map_result != MAP_FAILED && sh.map_size)
589	0	munmap(sh.map_result, sh.map_size);
590		#else
591		if (sh.map_result != NULL && sh.map_size)
592		VirtualFree(sh.map_result, 0, MEM_RELEASE);
593		#endif
594	1	memset(&sh, 0, sizeof(sh));
595	1	}
596
597		static int sh_allocated(const char *ptr)
598	0	{
599	0	return WITHIN_ARENA(ptr) ? 1 : 0;
600	0	}
601
602		static char sh_find_my_buddy(char ptr, int list)
603	0	{
604	0	size_t bit;
605	0	char *chunk = NULL;
606
607	0	bit = (ONE << list) + (ptr - sh.arena) / (sh.arena_size >> list);
608	0	bit ^= 1;
609
610	0	if (TESTBIT(sh.bittable, bit) && !TESTBIT(sh.bitmalloc, bit))
611	0	chunk = sh.arena + ((bit & ((ONE << list) - 1)) * (sh.arena_size >> list));
612
613	0	return chunk;
614	0	}
615
616		static void *sh_malloc(size_t size)
617	0	{
618	0	ossl_ssize_t list, slist;
619	0	size_t i;
620	0	char *chunk;
621
622	0	if (size > sh.arena_size)
623	0	return NULL;
624
625	0	list = sh.freelist_size - 1;
626	0	for (i = sh.minsize; i < size; i <<= 1)
627	0	list--;
628	0	if (list < 0)
629	0	return NULL;
630
631		/* try to find a larger entry to split */
632	0	for (slist = list; slist >= 0; slist--)
633	0	if (sh.freelist[slist] != NULL)
634	0	break;
635	0	if (slist < 0)
636	0	return NULL;
637
638		/* split larger entry */
639	0	while (slist != list) {
640	0	char *temp = sh.freelist[slist];
641
642		/* remove from bigger list */
643	0	OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
644	0	sh_clearbit(temp, slist, sh.bittable);
645	0	sh_remove_from_list(temp);
646	0	OPENSSL_assert(temp != sh.freelist[slist]);
647
648		/* done with bigger list */
649	0	slist++;
650
651		/* add to smaller list */
652	0	OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
653	0	sh_setbit(temp, slist, sh.bittable);
654	0	sh_add_to_list(&sh.freelist[slist], temp);
655	0	OPENSSL_assert(sh.freelist[slist] == temp);
656
657		/* split in 2 */
658	0	temp += sh.arena_size >> slist;
659	0	OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
660	0	sh_setbit(temp, slist, sh.bittable);
661	0	sh_add_to_list(&sh.freelist[slist], temp);
662	0	OPENSSL_assert(sh.freelist[slist] == temp);
663
664	0	OPENSSL_assert(temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist));
665	0	}
666
667		/* peel off memory to hand back */
668	0	chunk = sh.freelist[list];
669	0	OPENSSL_assert(sh_testbit(chunk, list, sh.bittable));
670	0	sh_setbit(chunk, list, sh.bitmalloc);
671	0	sh_remove_from_list(chunk);
672
673	0	OPENSSL_assert(WITHIN_ARENA(chunk));
674
675		/* zero the free list header as a precaution against information leakage */
676	0	memset(chunk, 0, sizeof(SH_LIST));
677
678	0	return chunk;
679	0	}
680
681		static void sh_free(void *ptr)
682	0	{
683	0	size_t list;
684	0	void *buddy;
685
686	0	if (ptr == NULL)
687	0	return;
688	0	OPENSSL_assert(WITHIN_ARENA(ptr));
689	0	if (!WITHIN_ARENA(ptr))
690	0	return;
691
692	0	list = sh_getlist(ptr);
693	0	OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
694	0	sh_clearbit(ptr, list, sh.bitmalloc);
695	0	sh_add_to_list(&sh.freelist[list], ptr);
696
697		/* Try to coalesce two adjacent free areas. */
698	0	while ((buddy = sh_find_my_buddy(ptr, list)) != NULL) {
699	0	OPENSSL_assert(ptr == sh_find_my_buddy(buddy, list));
700	0	OPENSSL_assert(ptr != NULL);
701	0	OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
702	0	sh_clearbit(ptr, list, sh.bittable);
703	0	sh_remove_from_list(ptr);
704	0	OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
705	0	sh_clearbit(buddy, list, sh.bittable);
706	0	sh_remove_from_list(buddy);
707
708	0	list--;
709
710		/* Zero the higher addressed block's free list pointers */
711	0	memset(ptr > buddy ? ptr : buddy, 0, sizeof(SH_LIST));
712	0	if (ptr > buddy)
713	0	ptr = buddy;
714
715	0	OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
716	0	sh_setbit(ptr, list, sh.bittable);
717	0	sh_add_to_list(&sh.freelist[list], ptr);
718	0	OPENSSL_assert(sh.freelist[list] == ptr);
719	0	}
720	0	}
721
722		static size_t sh_actual_size(char *ptr)
723	0	{
724	0	int list;
725
726	0	OPENSSL_assert(WITHIN_ARENA(ptr));
727	0	if (!WITHIN_ARENA(ptr))
728	0	return 0;
729	0	list = sh_getlist(ptr);
730	0	OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
731	0	return sh.arena_size / (ONE << list);
732	0	}
733		#endif /* OPENSSL_NO_SECURE_MEMORY */