/src/openssl/crypto/mem_sec.c

Source (jump to first uncovered line)
/*
 * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
 * Copyright 2004-2014, Akamai Technologies. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * This file is in two halves. The first half implements the public API
 * to be used by external consumers, and to be used by OpenSSL to store
 * data in a "secure arena." The second half implements the secure arena.
 * For details on that implementation, see below (look for uppercase
 * "SECURE HEAP IMPLEMENTATION").
 */
#include "internal/e_os.h"
#include <openssl/crypto.h>
#include <openssl/err.h>

#include <string.h>

#ifndef OPENSSL_NO_SECURE_MEMORY
# if defined(_WIN32)
#  include <windows.h>
#  if defined(WINAPI_FAMILY_PARTITION)
#   if !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP | WINAPI_PARTITION_SYSTEM)
/*
 * While VirtualLock is available under the app partition (e.g. UWP),
 * the headers do not define the API. Define it ourselves instead.
 */
WINBASEAPI
BOOL
WINAPI
VirtualLock(
    _In_ LPVOID lpAddress,
    _In_ SIZE_T dwSize
    );
#   endif
#  endif
# endif
# include <stdlib.h>
# include <assert.h>
# if defined(OPENSSL_SYS_UNIX)
#  include <unistd.h>
# endif
# include <sys/types.h>
# if defined(OPENSSL_SYS_UNIX)
#  include <sys/mman.h>
#  if defined(__FreeBSD__)
#    define MADV_DONTDUMP MADV_NOCORE
#  endif
#  if !defined(MAP_CONCEAL)
#    define MAP_CONCEAL 0
#  endif
# endif
# if defined(OPENSSL_SYS_LINUX)
#  include <sys/syscall.h>
#  if defined(SYS_mlock2)
#   include <linux/mman.h>
#   include <errno.h>
#  endif
#  include <sys/param.h>
# endif
# include <sys/stat.h>
# include <fcntl.h>
#endif
#ifndef HAVE_MADVISE
# if defined(MADV_DONTDUMP)
#  define HAVE_MADVISE 1
# else
#  define HAVE_MADVISE 0
# endif
#endif
#if HAVE_MADVISE
# undef NO_MADVISE
#else
# define NO_MADVISE
#endif

#define CLEAR(p, s) OPENSSL_cleanse(p, s)
#ifndef PAGE_SIZE
# define PAGE_SIZE    4096
#endif
#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
# define MAP_ANON MAP_ANONYMOUS
#endif

#ifndef OPENSSL_NO_SECURE_MEMORY
static size_t secure_mem_used;

static int secure_mem_initialized;

static CRYPTO_RWLOCK *sec_malloc_lock = NULL;

/*
 * These are the functions that must be implemented by a secure heap (sh).
 */
static int sh_init(size_t size, size_t minsize);
static void *sh_malloc(size_t size);
static void sh_free(void *ptr);
static void sh_done(void);
static size_t sh_actual_size(char *ptr);
static int sh_allocated(const char *ptr);
#endif

int CRYPTO_secure_malloc_init(size_t size, size_t minsize)
{
#ifndef OPENSSL_NO_SECURE_MEMORY
    int ret = 0;

    if (!secure_mem_initialized) {
        sec_malloc_lock = CRYPTO_THREAD_lock_new();
        if (sec_malloc_lock == NULL)
            return 0;
        if ((ret = sh_init(size, minsize)) != 0) {
            secure_mem_initialized = 1;
        } else {
            CRYPTO_THREAD_lock_free(sec_malloc_lock);
            sec_malloc_lock = NULL;
        }
    }

    return ret;
#else
    return 0;
#endif /* OPENSSL_NO_SECURE_MEMORY */
}

int CRYPTO_secure_malloc_done(void)
{
#ifndef OPENSSL_NO_SECURE_MEMORY
    if (secure_mem_used == 0) {
        sh_done();
        secure_mem_initialized = 0;
        CRYPTO_THREAD_lock_free(sec_malloc_lock);
        sec_malloc_lock = NULL;
        return 1;
    }
#endif /* OPENSSL_NO_SECURE_MEMORY */
    return 0;
}

int CRYPTO_secure_malloc_initialized(void)
{
#ifndef OPENSSL_NO_SECURE_MEMORY
    return secure_mem_initialized;
#else
    return 0;
#endif /* OPENSSL_NO_SECURE_MEMORY */
}

void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
{
#ifndef OPENSSL_NO_SECURE_MEMORY
    void *ret = NULL;
    size_t actual_size;
    int reason = CRYPTO_R_SECURE_MALLOC_FAILURE;

    if (!secure_mem_initialized) {
        return CRYPTO_malloc(num, file, line);
    }
    if (!CRYPTO_THREAD_write_lock(sec_malloc_lock)) {
        reason = ERR_R_CRYPTO_LIB;
        goto err;
    }
    ret = sh_malloc(num);
    actual_size = ret ? sh_actual_size(ret) : 0;
    secure_mem_used += actual_size;
    CRYPTO_THREAD_unlock(sec_malloc_lock);
 err:
    if (ret == NULL && (file != NULL || line != 0)) {
        ERR_new();
        ERR_set_debug(file, line, NULL);
        ERR_set_error(ERR_LIB_CRYPTO, reason, NULL);
    }
    return ret;
#else
    return CRYPTO_malloc(num, file, line);
#endif /* OPENSSL_NO_SECURE_MEMORY */
}

void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
{
#ifndef OPENSSL_NO_SECURE_MEMORY
    if (secure_mem_initialized)
        /* CRYPTO_secure_malloc() zeroes allocations when it is implemented */
        return CRYPTO_secure_malloc(num, file, line);
#endif
    return CRYPTO_zalloc(num, file, line);
}

void CRYPTO_secure_free(void *ptr, const char *file, int line)
{
#ifndef OPENSSL_NO_SECURE_MEMORY
    size_t actual_size;

    if (ptr == NULL)
        return;
    if (!CRYPTO_secure_allocated(ptr)) {
        CRYPTO_free(ptr, file, line);
        return;
    }
    if (!CRYPTO_THREAD_write_lock(sec_malloc_lock))
        return;
    actual_size = sh_actual_size(ptr);
    CLEAR(ptr, actual_size);
    secure_mem_used -= actual_size;
    sh_free(ptr);
    CRYPTO_THREAD_unlock(sec_malloc_lock);
#else
    CRYPTO_free(ptr, file, line);
#endif /* OPENSSL_NO_SECURE_MEMORY */
}

void CRYPTO_secure_clear_free(void *ptr, size_t num,
                              const char *file, int line)
{
#ifndef OPENSSL_NO_SECURE_MEMORY
    size_t actual_size;

    if (ptr == NULL)
        return;
    if (!CRYPTO_secure_allocated(ptr)) {
        OPENSSL_cleanse(ptr, num);
        CRYPTO_free(ptr, file, line);
        return;
    }
    if (!CRYPTO_THREAD_write_lock(sec_malloc_lock))
        return;
    actual_size = sh_actual_size(ptr);
    CLEAR(ptr, actual_size);
    secure_mem_used -= actual_size;
    sh_free(ptr);
    CRYPTO_THREAD_unlock(sec_malloc_lock);
#else
    if (ptr == NULL)
        return;
    OPENSSL_cleanse(ptr, num);
    CRYPTO_free(ptr, file, line);
#endif /* OPENSSL_NO_SECURE_MEMORY */
}

int CRYPTO_secure_allocated(const void *ptr)
{
#ifndef OPENSSL_NO_SECURE_MEMORY
    if (!secure_mem_initialized)
        return 0;
    /*
     * Only read accesses to the arena take place in sh_allocated() and this
     * is only changed by the sh_init() and sh_done() calls which are not
     * locked.  Hence, it is safe to make this check without a lock too.
     */
    return sh_allocated(ptr);
#else
    return 0;
#endif /* OPENSSL_NO_SECURE_MEMORY */
}

size_t CRYPTO_secure_used(void)
{
#ifndef OPENSSL_NO_SECURE_MEMORY
    return secure_mem_used;
#else
    return 0;
#endif /* OPENSSL_NO_SECURE_MEMORY */
}

size_t CRYPTO_secure_actual_size(void *ptr)
{
#ifndef OPENSSL_NO_SECURE_MEMORY
    size_t actual_size;

    if (!CRYPTO_THREAD_write_lock(sec_malloc_lock))
        return 0;
    actual_size = sh_actual_size(ptr);
    CRYPTO_THREAD_unlock(sec_malloc_lock);
    return actual_size;
#else
    return 0;
#endif
}

/*
 * SECURE HEAP IMPLEMENTATION
 */
#ifndef OPENSSL_NO_SECURE_MEMORY


/*
 * The implementation provided here uses a fixed-sized mmap() heap,
 * which is locked into memory, not written to core files, and protected
 * on either side by an unmapped page, which will catch pointer overruns
 * (or underruns) and an attempt to read data out of the secure heap.
 * Free'd memory is zero'd or otherwise cleansed.
 *
 * This is a pretty standard buddy allocator.  We keep areas in a multiple
 * of "sh.minsize" units.  The freelist and bitmaps are kept separately,
 * so all (and only) data is kept in the mmap'd heap.
 *
 * This code assumes eight-bit bytes.  The numbers 3 and 7 are all over the
 * place.
 */

#define ONE ((size_t)1)

# define TESTBIT(t, b)  (t[(b) >> 3] &  (ONE << ((b) & 7)))
# define SETBIT(t, b)   (t[(b) >> 3] |= (ONE << ((b) & 7)))
# define CLEARBIT(t, b) (t[(b) >> 3] &= (0xFF & ~(ONE << ((b) & 7))))

#define WITHIN_ARENA(p) \
    ((char*)(p) >= sh.arena && (char*)(p) < &sh.arena[sh.arena_size])
#define WITHIN_FREELIST(p) \
    ((char*)(p) >= (char*)sh.freelist && (char*)(p) < (char*)&sh.freelist[sh.freelist_size])


typedef struct sh_list_st
{
    struct sh_list_st *next;
    struct sh_list_st **p_next;
} SH_LIST;

typedef struct sh_st
{
    char* map_result;
    size_t map_size;
    char *arena;
    size_t arena_size;
    char **freelist;
    ossl_ssize_t freelist_size;
    size_t minsize;
    unsigned char *bittable;
    unsigned char *bitmalloc;
    size_t bittable_size; /* size in bits */
} SH;

static SH sh;

static size_t sh_getlist(char *ptr)
{
    ossl_ssize_t list = sh.freelist_size - 1;
    size_t bit = (sh.arena_size + ptr - sh.arena) / sh.minsize;

    for (; bit; bit >>= 1, list--) {
        if (TESTBIT(sh.bittable, bit))
            break;
        OPENSSL_assert((bit & 1) == 0);
    }

    return list;
}


static int sh_testbit(char *ptr, int list, unsigned char *table)
{
    size_t bit;

    OPENSSL_assert(list >= 0 && list < sh.freelist_size);
    OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
    bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
    OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
    return TESTBIT(table, bit);
}

static void sh_clearbit(char *ptr, int list, unsigned char *table)
{
    size_t bit;

    OPENSSL_assert(list >= 0 && list < sh.freelist_size);
    OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
    bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
    OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
    OPENSSL_assert(TESTBIT(table, bit));
    CLEARBIT(table, bit);
}

static void sh_setbit(char *ptr, int list, unsigned char *table)
{
    size_t bit;

    OPENSSL_assert(list >= 0 && list < sh.freelist_size);
    OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
    bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
    OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
    OPENSSL_assert(!TESTBIT(table, bit));
    SETBIT(table, bit);
}

static void sh_add_to_list(char **list, char *ptr)
{
    SH_LIST *temp;

    OPENSSL_assert(WITHIN_FREELIST(list));
    OPENSSL_assert(WITHIN_ARENA(ptr));

    temp = (SH_LIST *)ptr;
    temp->next = *(SH_LIST **)list;
    OPENSSL_assert(temp->next == NULL || WITHIN_ARENA(temp->next));
    temp->p_next = (SH_LIST **)list;

    if (temp->next != NULL) {
        OPENSSL_assert((char **)temp->next->p_next == list);
        temp->next->p_next = &(temp->next);
    }

    *list = ptr;
}

static void sh_remove_from_list(char *ptr)
{
    SH_LIST *temp, *temp2;

    temp = (SH_LIST *)ptr;
    if (temp->next != NULL)
        temp->next->p_next = temp->p_next;
    *temp->p_next = temp->next;
    if (temp->next == NULL)
        return;

    temp2 = temp->next;
    OPENSSL_assert(WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next));
}


static int sh_init(size_t size, size_t minsize)
{
    int ret;
    size_t i;
    size_t pgsize;
    size_t aligned;
#if defined(_WIN32)
    DWORD flOldProtect;
    SYSTEM_INFO systemInfo;
#endif

    memset(&sh, 0, sizeof(sh));

    /* make sure size is a powers of 2 */
    OPENSSL_assert(size > 0);
    OPENSSL_assert((size & (size - 1)) == 0);
    if (size == 0 || (size & (size - 1)) != 0)
        goto err;

    if (minsize <= sizeof(SH_LIST)) {
        OPENSSL_assert(sizeof(SH_LIST) <= 65536);
        /*
         * Compute the minimum possible allocation size.
         * This must be a power of 2 and at least as large as the SH_LIST
         * structure.
         */
        minsize = sizeof(SH_LIST) - 1;
        minsize |= minsize >> 1;
        minsize |= minsize >> 2;
        if (sizeof(SH_LIST) > 16)
            minsize |= minsize >> 4;
        if (sizeof(SH_LIST) > 256)
            minsize |= minsize >> 8;
        minsize++;
    } else {
        /* make sure minsize is a powers of 2 */
          OPENSSL_assert((minsize & (minsize - 1)) == 0);
          if ((minsize & (minsize - 1)) != 0)
              goto err;
    }

    sh.arena_size = size;
    sh.minsize = minsize;
    sh.bittable_size = (sh.arena_size / sh.minsize) * 2;

    /* Prevent allocations of size 0 later on */
    if (sh.bittable_size >> 3 == 0)
        goto err;

    sh.freelist_size = -1;
    for (i = sh.bittable_size; i; i >>= 1)
        sh.freelist_size++;

    sh.freelist = OPENSSL_zalloc(sh.freelist_size * sizeof(char *));
    OPENSSL_assert(sh.freelist != NULL);
    if (sh.freelist == NULL)
        goto err;

    sh.bittable = OPENSSL_zalloc(sh.bittable_size >> 3);
    OPENSSL_assert(sh.bittable != NULL);
    if (sh.bittable == NULL)
        goto err;

    sh.bitmalloc = OPENSSL_zalloc(sh.bittable_size >> 3);
    OPENSSL_assert(sh.bitmalloc != NULL);
    if (sh.bitmalloc == NULL)
        goto err;

    /* Allocate space for heap, and two extra pages as guards */
#if defined(_SC_PAGE_SIZE) || defined (_SC_PAGESIZE)
    {
# if defined(_SC_PAGE_SIZE)
        long tmppgsize = sysconf(_SC_PAGE_SIZE);
# else
        long tmppgsize = sysconf(_SC_PAGESIZE);
# endif
        if (tmppgsize < 1)
            pgsize = PAGE_SIZE;
        else
            pgsize = (size_t)tmppgsize;
    }
#elif defined(_WIN32)
    GetSystemInfo(&systemInfo);
    pgsize = (size_t)systemInfo.dwPageSize;
#else
    pgsize = PAGE_SIZE;
#endif
    sh.map_size = pgsize + sh.arena_size + pgsize;

#if !defined(_WIN32)
# ifdef MAP_ANON
    sh.map_result = mmap(NULL, sh.map_size,
                         PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE|MAP_CONCEAL, -1, 0);
# else
    {
        int fd;

        sh.map_result = MAP_FAILED;
        if ((fd = open("/dev/zero", O_RDWR)) >= 0) {
            sh.map_result = mmap(NULL, sh.map_size,
                                 PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0);
            close(fd);
        }
    }
# endif
    if (sh.map_result == MAP_FAILED)
        goto err;
#else
    sh.map_result = VirtualAlloc(NULL, sh.map_size, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);

    if (sh.map_result == NULL)
            goto err;
#endif

    sh.arena = (char *)(sh.map_result + pgsize);
    sh_setbit(sh.arena, 0, sh.bittable);
    sh_add_to_list(&sh.freelist[0], sh.arena);

    /* Now try to add guard pages and lock into memory. */
    ret = 1;

#if !defined(_WIN32)
    /* Starting guard is already aligned from mmap. */
    if (mprotect(sh.map_result, pgsize, PROT_NONE) < 0)
        ret = 2;
#else
    if (VirtualProtect(sh.map_result, pgsize, PAGE_NOACCESS, &flOldProtect) == FALSE)
        ret = 2;
#endif

    /* Ending guard page - need to round up to page boundary */
    aligned = (pgsize + sh.arena_size + (pgsize - 1)) & ~(pgsize - 1);
#if !defined(_WIN32)
    if (mprotect(sh.map_result + aligned, pgsize, PROT_NONE) < 0)
        ret = 2;
#else
    if (VirtualProtect(sh.map_result + aligned, pgsize, PAGE_NOACCESS, &flOldProtect) == FALSE)
        ret = 2;
#endif

#if defined(OPENSSL_SYS_LINUX) && defined(MLOCK_ONFAULT) && defined(SYS_mlock2)
    if (syscall(SYS_mlock2, sh.arena, sh.arena_size, MLOCK_ONFAULT) < 0) {
        if (errno == ENOSYS) {
            if (mlock(sh.arena, sh.arena_size) < 0)
                ret = 2;
        } else {
            ret = 2;
        }
    }
#elif defined(_WIN32)
    if (VirtualLock(sh.arena, sh.arena_size) == FALSE)
        ret = 2;
#else
    if (mlock(sh.arena, sh.arena_size) < 0)
        ret = 2;
#endif
#ifndef NO_MADVISE
    if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0)
        ret = 2;
#endif

    return ret;

 err:
    sh_done();
    return 0;
}

static void sh_done(void)
{
    OPENSSL_free(sh.freelist);
    OPENSSL_free(sh.bittable);
    OPENSSL_free(sh.bitmalloc);
#if !defined(_WIN32)
    if (sh.map_result != MAP_FAILED && sh.map_size)
        munmap(sh.map_result, sh.map_size);
#else
    if (sh.map_result != NULL && sh.map_size)
        VirtualFree(sh.map_result, 0, MEM_RELEASE);
#endif
    memset(&sh, 0, sizeof(sh));
}

static int sh_allocated(const char *ptr)
{
    return WITHIN_ARENA(ptr) ? 1 : 0;
}

static char *sh_find_my_buddy(char *ptr, int list)
{
    size_t bit;
    char *chunk = NULL;

    bit = (ONE << list) + (ptr - sh.arena) / (sh.arena_size >> list);
    bit ^= 1;

    if (TESTBIT(sh.bittable, bit) && !TESTBIT(sh.bitmalloc, bit))
        chunk = sh.arena + ((bit & ((ONE << list) - 1)) * (sh.arena_size >> list));

    return chunk;
}

static void *sh_malloc(size_t size)
{
    ossl_ssize_t list, slist;
    size_t i;
    char *chunk;

    if (size > sh.arena_size)
        return NULL;

    list = sh.freelist_size - 1;
    for (i = sh.minsize; i < size; i <<= 1)
        list--;
    if (list < 0)
        return NULL;

    /* try to find a larger entry to split */
    for (slist = list; slist >= 0; slist--)
        if (sh.freelist[slist] != NULL)
            break;
    if (slist < 0)
        return NULL;

    /* split larger entry */
    while (slist != list) {
        char *temp = sh.freelist[slist];

        /* remove from bigger list */
        OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
        sh_clearbit(temp, slist, sh.bittable);
        sh_remove_from_list(temp);
        OPENSSL_assert(temp != sh.freelist[slist]);

        /* done with bigger list */
        slist++;

        /* add to smaller list */
        OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
        sh_setbit(temp, slist, sh.bittable);
        sh_add_to_list(&sh.freelist[slist], temp);
        OPENSSL_assert(sh.freelist[slist] == temp);

        /* split in 2 */
        temp += sh.arena_size >> slist;
        OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
        sh_setbit(temp, slist, sh.bittable);
        sh_add_to_list(&sh.freelist[slist], temp);
        OPENSSL_assert(sh.freelist[slist] == temp);

        OPENSSL_assert(temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist));
    }

    /* peel off memory to hand back */
    chunk = sh.freelist[list];
    OPENSSL_assert(sh_testbit(chunk, list, sh.bittable));
    sh_setbit(chunk, list, sh.bitmalloc);
    sh_remove_from_list(chunk);

    OPENSSL_assert(WITHIN_ARENA(chunk));

    /* zero the free list header as a precaution against information leakage */
    memset(chunk, 0, sizeof(SH_LIST));

    return chunk;
}

static void sh_free(void *ptr)
{
    size_t list;
    void *buddy;

    if (ptr == NULL)
        return;
    OPENSSL_assert(WITHIN_ARENA(ptr));
    if (!WITHIN_ARENA(ptr))
        return;

    list = sh_getlist(ptr);
    OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
    sh_clearbit(ptr, list, sh.bitmalloc);
    sh_add_to_list(&sh.freelist[list], ptr);

    /* Try to coalesce two adjacent free areas. */
    while ((buddy = sh_find_my_buddy(ptr, list)) != NULL) {
        OPENSSL_assert(ptr == sh_find_my_buddy(buddy, list));
        OPENSSL_assert(ptr != NULL);
        OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
        sh_clearbit(ptr, list, sh.bittable);
        sh_remove_from_list(ptr);
        OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
        sh_clearbit(buddy, list, sh.bittable);
        sh_remove_from_list(buddy);

        list--;

        /* Zero the higher addressed block's free list pointers */
        memset(ptr > buddy ? ptr : buddy, 0, sizeof(SH_LIST));
        if (ptr > buddy)
            ptr = buddy;

        OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
        sh_setbit(ptr, list, sh.bittable);
        sh_add_to_list(&sh.freelist[list], ptr);
        OPENSSL_assert(sh.freelist[list] == ptr);
    }
}

static size_t sh_actual_size(char *ptr)
{
    int list;

    OPENSSL_assert(WITHIN_ARENA(ptr));
    if (!WITHIN_ARENA(ptr))
        return 0;
    list = sh_getlist(ptr);
    OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
    return sh.arena_size / (ONE << list);
}
#endif /* OPENSSL_NO_SECURE_MEMORY */

Coverage Report

Created: 2023-09-25 06:41

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
3		* Copyright 2004-2014, Akamai Technologies. All Rights Reserved.
4		*
5		* Licensed under the Apache License 2.0 (the "License"). You may not use
6		* this file except in compliance with the License. You can obtain a copy
7		* in the file LICENSE in the source distribution or at
8		* https://www.openssl.org/source/license.html
9		*/
10
11		/*
12		* This file is in two halves. The first half implements the public API
13		* to be used by external consumers, and to be used by OpenSSL to store
14		* data in a "secure arena." The second half implements the secure arena.
15		* For details on that implementation, see below (look for uppercase
16		* "SECURE HEAP IMPLEMENTATION").
17		*/
18		#include "internal/e_os.h"
19		#include <openssl/crypto.h>
20		#include <openssl/err.h>
21
22		#include <string.h>
23
24		#ifndef OPENSSL_NO_SECURE_MEMORY
25		# if defined(_WIN32)
26		# include <windows.h>
27		# if defined(WINAPI_FAMILY_PARTITION)
28		# if !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP \| WINAPI_PARTITION_SYSTEM)
29		/*
30		* While VirtualLock is available under the app partition (e.g. UWP),
31		* the headers do not define the API. Define it ourselves instead.
32		*/
33		WINBASEAPI
34		BOOL
35		WINAPI
36		VirtualLock(
37		_In_ LPVOID lpAddress,
38		_In_ SIZE_T dwSize
39		);
40		# endif
41		# endif
42		# endif
43		# include <stdlib.h>
44		# include <assert.h>
45		# if defined(OPENSSL_SYS_UNIX)
46		# include <unistd.h>
47		# endif
48		# include <sys/types.h>
49		# if defined(OPENSSL_SYS_UNIX)
50		# include <sys/mman.h>
51		# if defined(__FreeBSD__)
52		# define MADV_DONTDUMP MADV_NOCORE
53		# endif
54		# if !defined(MAP_CONCEAL)
55	0	# define MAP_CONCEAL 0
56		# endif
57		# endif
58		# if defined(OPENSSL_SYS_LINUX)
59		# include <sys/syscall.h>
60		# if defined(SYS_mlock2)
61		# include <linux/mman.h>
62		# include <errno.h>
63		# endif
64		# include <sys/param.h>
65		# endif
66		# include <sys/stat.h>
67		# include <fcntl.h>
68		#endif
69		#ifndef HAVE_MADVISE
70		# if defined(MADV_DONTDUMP)
71		# define HAVE_MADVISE 1
72		# else
73		# define HAVE_MADVISE 0
74		# endif
75		#endif
76		#if HAVE_MADVISE
77		# undef NO_MADVISE
78		#else
79		# define NO_MADVISE
80		#endif
81
82	0	#define CLEAR(p, s) OPENSSL_cleanse(p, s)
83		#ifndef PAGE_SIZE
84	0	# define PAGE_SIZE 4096
85		#endif
86		#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
87		# define MAP_ANON MAP_ANONYMOUS
88		#endif
89
90		#ifndef OPENSSL_NO_SECURE_MEMORY
91		static size_t secure_mem_used;
92
93		static int secure_mem_initialized;
94
95		static CRYPTO_RWLOCK *sec_malloc_lock = NULL;
96
97		/*
98		* These are the functions that must be implemented by a secure heap (sh).
99		*/
100		static int sh_init(size_t size, size_t minsize);
101		static void *sh_malloc(size_t size);
102		static void sh_free(void *ptr);
103		static void sh_done(void);
104		static size_t sh_actual_size(char *ptr);
105		static int sh_allocated(const char *ptr);
106		#endif
107
108		int CRYPTO_secure_malloc_init(size_t size, size_t minsize)
109	0	{
110	0	#ifndef OPENSSL_NO_SECURE_MEMORY
111	0	int ret = 0;
112
113	0	if (!secure_mem_initialized) {
114	0	sec_malloc_lock = CRYPTO_THREAD_lock_new();
115	0	if (sec_malloc_lock == NULL)
116	0	return 0;
117	0	if ((ret = sh_init(size, minsize)) != 0) {
118	0	secure_mem_initialized = 1;
119	0	} else {
120	0	CRYPTO_THREAD_lock_free(sec_malloc_lock);
121	0	sec_malloc_lock = NULL;
122	0	}
123	0	}
124
125	0	return ret;
126		#else
127		return 0;
128		#endif /* OPENSSL_NO_SECURE_MEMORY */
129	0	}
130
131		int CRYPTO_secure_malloc_done(void)
132	2	{
133	2	#ifndef OPENSSL_NO_SECURE_MEMORY
134	2	if (secure_mem_used == 0) {
135	2	sh_done();
136	2	secure_mem_initialized = 0;
137	2	CRYPTO_THREAD_lock_free(sec_malloc_lock);
138	2	sec_malloc_lock = NULL;
139	2	return 1;
140	2	}
141	0	#endif /* OPENSSL_NO_SECURE_MEMORY */
142	0	return 0;
143	2	}
144
145		int CRYPTO_secure_malloc_initialized(void)
146	0	{
147	0	#ifndef OPENSSL_NO_SECURE_MEMORY
148	0	return secure_mem_initialized;
149		#else
150		return 0;
151		#endif /* OPENSSL_NO_SECURE_MEMORY */
152	0	}
153
154		void CRYPTO_secure_malloc(size_t num, const char file, int line)
155	0	{
156	0	#ifndef OPENSSL_NO_SECURE_MEMORY
157	0	void *ret = NULL;
158	0	size_t actual_size;
159	0	int reason = CRYPTO_R_SECURE_MALLOC_FAILURE;
160
161	0	if (!secure_mem_initialized) {
162	0	return CRYPTO_malloc(num, file, line);
163	0	}
164	0	if (!CRYPTO_THREAD_write_lock(sec_malloc_lock)) {
165	0	reason = ERR_R_CRYPTO_LIB;
166	0	goto err;
167	0	}
168	0	ret = sh_malloc(num);
169	0	actual_size = ret ? sh_actual_size(ret) : 0;
170	0	secure_mem_used += actual_size;
171	0	CRYPTO_THREAD_unlock(sec_malloc_lock);
172	0	err:
173	0	if (ret == NULL && (file != NULL \|\| line != 0)) {
174	0	ERR_new();
175	0	ERR_set_debug(file, line, NULL);
176	0	ERR_set_error(ERR_LIB_CRYPTO, reason, NULL);
177	0	}
178	0	return ret;
179		#else
180		return CRYPTO_malloc(num, file, line);
181		#endif /* OPENSSL_NO_SECURE_MEMORY */
182	0	}
183
184		void CRYPTO_secure_zalloc(size_t num, const char file, int line)
185	0	{
186	0	#ifndef OPENSSL_NO_SECURE_MEMORY
187	0	if (secure_mem_initialized)
188		/* CRYPTO_secure_malloc() zeroes allocations when it is implemented */
189	0	return CRYPTO_secure_malloc(num, file, line);
190	0	#endif
191	0	return CRYPTO_zalloc(num, file, line);
192	0	}
193
194		void CRYPTO_secure_free(void ptr, const char file, int line)
195	0	{
196	0	#ifndef OPENSSL_NO_SECURE_MEMORY
197	0	size_t actual_size;
198
199	0	if (ptr == NULL)
200	0	return;
201	0	if (!CRYPTO_secure_allocated(ptr)) {
202	0	CRYPTO_free(ptr, file, line);
203	0	return;
204	0	}
205	0	if (!CRYPTO_THREAD_write_lock(sec_malloc_lock))
206	0	return;
207	0	actual_size = sh_actual_size(ptr);
208	0	CLEAR(ptr, actual_size);
209	0	secure_mem_used -= actual_size;
210	0	sh_free(ptr);
211	0	CRYPTO_THREAD_unlock(sec_malloc_lock);
212		#else
213		CRYPTO_free(ptr, file, line);
214		#endif /* OPENSSL_NO_SECURE_MEMORY */
215	0	}
216
217		void CRYPTO_secure_clear_free(void *ptr, size_t num,
218		const char *file, int line)
219	0	{
220	0	#ifndef OPENSSL_NO_SECURE_MEMORY
221	0	size_t actual_size;
222
223	0	if (ptr == NULL)
224	0	return;
225	0	if (!CRYPTO_secure_allocated(ptr)) {
226	0	OPENSSL_cleanse(ptr, num);
227	0	CRYPTO_free(ptr, file, line);
228	0	return;
229	0	}
230	0	if (!CRYPTO_THREAD_write_lock(sec_malloc_lock))
231	0	return;
232	0	actual_size = sh_actual_size(ptr);
233	0	CLEAR(ptr, actual_size);
234	0	secure_mem_used -= actual_size;
235	0	sh_free(ptr);
236	0	CRYPTO_THREAD_unlock(sec_malloc_lock);
237		#else
238		if (ptr == NULL)
239		return;
240		OPENSSL_cleanse(ptr, num);
241		CRYPTO_free(ptr, file, line);
242		#endif /* OPENSSL_NO_SECURE_MEMORY */
243	0	}
244
245		int CRYPTO_secure_allocated(const void *ptr)
246	0	{
247	0	#ifndef OPENSSL_NO_SECURE_MEMORY
248	0	if (!secure_mem_initialized)
249	0	return 0;
250		/*
251		* Only read accesses to the arena take place in sh_allocated() and this
252		* is only changed by the sh_init() and sh_done() calls which are not
253		* locked. Hence, it is safe to make this check without a lock too.
254		*/
255	0	return sh_allocated(ptr);
256		#else
257		return 0;
258		#endif /* OPENSSL_NO_SECURE_MEMORY */
259	0	}
260
261		size_t CRYPTO_secure_used(void)
262	0	{
263	0	#ifndef OPENSSL_NO_SECURE_MEMORY
264	0	return secure_mem_used;
265		#else
266		return 0;
267		#endif /* OPENSSL_NO_SECURE_MEMORY */
268	0	}
269
270		size_t CRYPTO_secure_actual_size(void *ptr)
271	0	{
272	0	#ifndef OPENSSL_NO_SECURE_MEMORY
273	0	size_t actual_size;
274
275	0	if (!CRYPTO_THREAD_write_lock(sec_malloc_lock))
276	0	return 0;
277	0	actual_size = sh_actual_size(ptr);
278	0	CRYPTO_THREAD_unlock(sec_malloc_lock);
279	0	return actual_size;
280		#else
281		return 0;
282		#endif
283	0	}
284
285		/*
286		* SECURE HEAP IMPLEMENTATION
287		*/
288		#ifndef OPENSSL_NO_SECURE_MEMORY
289
290
291		/*
292		* The implementation provided here uses a fixed-sized mmap() heap,
293		* which is locked into memory, not written to core files, and protected
294		* on either side by an unmapped page, which will catch pointer overruns
295		* (or underruns) and an attempt to read data out of the secure heap.
296		* Free'd memory is zero'd or otherwise cleansed.
297		*
298		* This is a pretty standard buddy allocator. We keep areas in a multiple
299		* of "sh.minsize" units. The freelist and bitmaps are kept separately,
300		* so all (and only) data is kept in the mmap'd heap.
301		*
302		* This code assumes eight-bit bytes. The numbers 3 and 7 are all over the
303		* place.
304		*/
305
306	0	#define ONE ((size_t)1)
307
308	0	# define TESTBIT(t, b) (t[(b) >> 3] & (ONE << ((b) & 7)))
309	0	# define SETBIT(t, b) (t[(b) >> 3] \|= (ONE << ((b) & 7)))
310	0	# define CLEARBIT(t, b) (t[(b) >> 3] &= (0xFF & ~(ONE << ((b) & 7))))
311
312		#define WITHIN_ARENA(p) \
313	0	((char)(p) >= sh.arena && (char)(p) < &sh.arena[sh.arena_size])
314		#define WITHIN_FREELIST(p) \
315		((char)(p) >= (char)sh.freelist && (char)(p) < (char)&sh.freelist[sh.freelist_size])
316
317
318		typedef struct sh_list_st
319		{
320		struct sh_list_st *next;
321		struct sh_list_st **p_next;
322		} SH_LIST;
323
324		typedef struct sh_st
325		{
326		char* map_result;
327		size_t map_size;
328		char *arena;
329		size_t arena_size;
330		char **freelist;
331		ossl_ssize_t freelist_size;
332		size_t minsize;
333		unsigned char *bittable;
334		unsigned char *bitmalloc;
335		size_t bittable_size; /* size in bits */
336		} SH;
337
338		static SH sh;
339
340		static size_t sh_getlist(char *ptr)
341	0	{
342	0	ossl_ssize_t list = sh.freelist_size - 1;
343	0	size_t bit = (sh.arena_size + ptr - sh.arena) / sh.minsize;
344
345	0	for (; bit; bit >>= 1, list--) {
346	0	if (TESTBIT(sh.bittable, bit))
347	0	break;
348	0	OPENSSL_assert((bit & 1) == 0);
349	0	}
350
351	0	return list;
352	0	}
353
354
355		static int sh_testbit(char ptr, int list, unsigned char table)
356	0	{
357	0	size_t bit;
358
359	0	OPENSSL_assert(list >= 0 && list < sh.freelist_size);
360	0	OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
361	0	bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
362	0	OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
363	0	return TESTBIT(table, bit);
364	0	}
365
366		static void sh_clearbit(char ptr, int list, unsigned char table)
367	0	{
368	0	size_t bit;
369
370	0	OPENSSL_assert(list >= 0 && list < sh.freelist_size);
371	0	OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
372	0	bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
373	0	OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
374	0	OPENSSL_assert(TESTBIT(table, bit));
375	0	CLEARBIT(table, bit);
376	0	}
377
378		static void sh_setbit(char ptr, int list, unsigned char table)
379	0	{
380	0	size_t bit;
381
382	0	OPENSSL_assert(list >= 0 && list < sh.freelist_size);
383	0	OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
384	0	bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
385	0	OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
386	0	OPENSSL_assert(!TESTBIT(table, bit));
387	0	SETBIT(table, bit);
388	0	}
389
390		static void sh_add_to_list(char *list, char ptr)
391	0	{
392	0	SH_LIST *temp;
393
394	0	OPENSSL_assert(WITHIN_FREELIST(list));
395	0	OPENSSL_assert(WITHIN_ARENA(ptr));
396
397	0	temp = (SH_LIST *)ptr;
398	0	temp->next = (SH_LIST *)list;
399	0	OPENSSL_assert(temp->next == NULL \|\| WITHIN_ARENA(temp->next));
400	0	temp->p_next = (SH_LIST **)list;
401
402	0	if (temp->next != NULL) {
403	0	OPENSSL_assert((char **)temp->next->p_next == list);
404	0	temp->next->p_next = &(temp->next);
405	0	}
406
407	0	*list = ptr;
408	0	}
409
410		static void sh_remove_from_list(char *ptr)
411	0	{
412	0	SH_LIST temp, temp2;
413
414	0	temp = (SH_LIST *)ptr;
415	0	if (temp->next != NULL)
416	0	temp->next->p_next = temp->p_next;
417	0	*temp->p_next = temp->next;
418	0	if (temp->next == NULL)
419	0	return;
420
421	0	temp2 = temp->next;
422	0	OPENSSL_assert(WITHIN_FREELIST(temp2->p_next) \|\| WITHIN_ARENA(temp2->p_next));
423	0	}
424
425
426		static int sh_init(size_t size, size_t minsize)
427	0	{
428	0	int ret;
429	0	size_t i;
430	0	size_t pgsize;
431	0	size_t aligned;
432		#if defined(_WIN32)
433		DWORD flOldProtect;
434		SYSTEM_INFO systemInfo;
435		#endif
436
437	0	memset(&sh, 0, sizeof(sh));
438
439		/* make sure size is a powers of 2 */
440	0	OPENSSL_assert(size > 0);
441	0	OPENSSL_assert((size & (size - 1)) == 0);
442	0	if (size == 0 \|\| (size & (size - 1)) != 0)
443	0	goto err;
444
445	0	if (minsize <= sizeof(SH_LIST)) {
446	0	OPENSSL_assert(sizeof(SH_LIST) <= 65536);
447		/*
448		* Compute the minimum possible allocation size.
449		* This must be a power of 2 and at least as large as the SH_LIST
450		* structure.
451		*/
452	0	minsize = sizeof(SH_LIST) - 1;
453	0	minsize \|= minsize >> 1;
454	0	minsize \|= minsize >> 2;
455	0	if (sizeof(SH_LIST) > 16)
456	0	minsize \|= minsize >> 4;
457	0	if (sizeof(SH_LIST) > 256)
458	0	minsize \|= minsize >> 8;
459	0	minsize++;
460	0	} else {
461		/* make sure minsize is a powers of 2 */
462	0	OPENSSL_assert((minsize & (minsize - 1)) == 0);
463	0	if ((minsize & (minsize - 1)) != 0)
464	0	goto err;
465	0	}
466
467	0	sh.arena_size = size;
468	0	sh.minsize = minsize;
469	0	sh.bittable_size = (sh.arena_size / sh.minsize) * 2;
470
471		/* Prevent allocations of size 0 later on */
472	0	if (sh.bittable_size >> 3 == 0)
473	0	goto err;
474
475	0	sh.freelist_size = -1;
476	0	for (i = sh.bittable_size; i; i >>= 1)
477	0	sh.freelist_size++;
478
479	0	sh.freelist = OPENSSL_zalloc(sh.freelist_size * sizeof(char *));
480	0	OPENSSL_assert(sh.freelist != NULL);
481	0	if (sh.freelist == NULL)
482	0	goto err;
483
484	0	sh.bittable = OPENSSL_zalloc(sh.bittable_size >> 3);
485	0	OPENSSL_assert(sh.bittable != NULL);
486	0	if (sh.bittable == NULL)
487	0	goto err;
488
489	0	sh.bitmalloc = OPENSSL_zalloc(sh.bittable_size >> 3);
490	0	OPENSSL_assert(sh.bitmalloc != NULL);
491	0	if (sh.bitmalloc == NULL)
492	0	goto err;
493
494		/* Allocate space for heap, and two extra pages as guards */
495	0	#if defined(_SC_PAGE_SIZE) \|\| defined (_SC_PAGESIZE)
496	0	{
497	0	# if defined(_SC_PAGE_SIZE)
498	0	long tmppgsize = sysconf(_SC_PAGE_SIZE);
499		# else
500		long tmppgsize = sysconf(_SC_PAGESIZE);
501		# endif
502	0	if (tmppgsize < 1)
503	0	pgsize = PAGE_SIZE;
504	0	else
505	0	pgsize = (size_t)tmppgsize;
506	0	}
507		#elif defined(_WIN32)
508		GetSystemInfo(&systemInfo);
509		pgsize = (size_t)systemInfo.dwPageSize;
510		#else
511		pgsize = PAGE_SIZE;
512		#endif
513	0	sh.map_size = pgsize + sh.arena_size + pgsize;
514
515	0	#if !defined(_WIN32)
516	0	# ifdef MAP_ANON
517	0	sh.map_result = mmap(NULL, sh.map_size,
518	0	PROT_READ\|PROT_WRITE, MAP_ANON\|MAP_PRIVATE\|MAP_CONCEAL, -1, 0);
519		# else
520		{
521		int fd;
522
523		sh.map_result = MAP_FAILED;
524		if ((fd = open("/dev/zero", O_RDWR)) >= 0) {
525		sh.map_result = mmap(NULL, sh.map_size,
526		PROT_READ\|PROT_WRITE, MAP_PRIVATE, fd, 0);
527		close(fd);
528		}
529		}
530		# endif
531	0	if (sh.map_result == MAP_FAILED)
532	0	goto err;
533		#else
534		sh.map_result = VirtualAlloc(NULL, sh.map_size, MEM_COMMIT \| MEM_RESERVE, PAGE_READWRITE);
535
536		if (sh.map_result == NULL)
537		goto err;
538		#endif
539
540	0	sh.arena = (char *)(sh.map_result + pgsize);
541	0	sh_setbit(sh.arena, 0, sh.bittable);
542	0	sh_add_to_list(&sh.freelist[0], sh.arena);
543
544		/* Now try to add guard pages and lock into memory. */
545	0	ret = 1;
546
547	0	#if !defined(_WIN32)
548		/* Starting guard is already aligned from mmap. */
549	0	if (mprotect(sh.map_result, pgsize, PROT_NONE) < 0)
550	0	ret = 2;
551		#else
552		if (VirtualProtect(sh.map_result, pgsize, PAGE_NOACCESS, &flOldProtect) == FALSE)
553		ret = 2;
554		#endif
555
556		/* Ending guard page - need to round up to page boundary */
557	0	aligned = (pgsize + sh.arena_size + (pgsize - 1)) & ~(pgsize - 1);
558	0	#if !defined(_WIN32)
559	0	if (mprotect(sh.map_result + aligned, pgsize, PROT_NONE) < 0)
560	0	ret = 2;
561		#else
562		if (VirtualProtect(sh.map_result + aligned, pgsize, PAGE_NOACCESS, &flOldProtect) == FALSE)
563		ret = 2;
564		#endif
565
566	0	#if defined(OPENSSL_SYS_LINUX) && defined(MLOCK_ONFAULT) && defined(SYS_mlock2)
567	0	if (syscall(SYS_mlock2, sh.arena, sh.arena_size, MLOCK_ONFAULT) < 0) {
568	0	if (errno == ENOSYS) {
569	0	if (mlock(sh.arena, sh.arena_size) < 0)
570	0	ret = 2;
571	0	} else {
572	0	ret = 2;
573	0	}
574	0	}
575		#elif defined(_WIN32)
576		if (VirtualLock(sh.arena, sh.arena_size) == FALSE)
577		ret = 2;
578		#else
579		if (mlock(sh.arena, sh.arena_size) < 0)
580		ret = 2;
581		#endif
582	0	#ifndef NO_MADVISE
583	0	if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0)
584	0	ret = 2;
585	0	#endif
586
587	0	return ret;
588
589	0	err:
590	0	sh_done();
591	0	return 0;
592	0	}
593
594		static void sh_done(void)
595	2	{
596	2	OPENSSL_free(sh.freelist);
597	2	OPENSSL_free(sh.bittable);
598	2	OPENSSL_free(sh.bitmalloc);
599	2	#if !defined(_WIN32)
600	2	if (sh.map_result != MAP_FAILED && sh.map_size)
601	0	munmap(sh.map_result, sh.map_size);
602		#else
603		if (sh.map_result != NULL && sh.map_size)
604		VirtualFree(sh.map_result, 0, MEM_RELEASE);
605		#endif
606	2	memset(&sh, 0, sizeof(sh));
607	2	}
608
609		static int sh_allocated(const char *ptr)
610	0	{
611	0	return WITHIN_ARENA(ptr) ? 1 : 0;
612	0	}
613
614		static char sh_find_my_buddy(char ptr, int list)
615	0	{
616	0	size_t bit;
617	0	char *chunk = NULL;
618
619	0	bit = (ONE << list) + (ptr - sh.arena) / (sh.arena_size >> list);
620	0	bit ^= 1;
621
622	0	if (TESTBIT(sh.bittable, bit) && !TESTBIT(sh.bitmalloc, bit))
623	0	chunk = sh.arena + ((bit & ((ONE << list) - 1)) * (sh.arena_size >> list));
624
625	0	return chunk;
626	0	}
627
628		static void *sh_malloc(size_t size)
629	0	{
630	0	ossl_ssize_t list, slist;
631	0	size_t i;
632	0	char *chunk;
633
634	0	if (size > sh.arena_size)
635	0	return NULL;
636
637	0	list = sh.freelist_size - 1;
638	0	for (i = sh.minsize; i < size; i <<= 1)
639	0	list--;
640	0	if (list < 0)
641	0	return NULL;
642
643		/* try to find a larger entry to split */
644	0	for (slist = list; slist >= 0; slist--)
645	0	if (sh.freelist[slist] != NULL)
646	0	break;
647	0	if (slist < 0)
648	0	return NULL;
649
650		/* split larger entry */
651	0	while (slist != list) {
652	0	char *temp = sh.freelist[slist];
653
654		/* remove from bigger list */
655	0	OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
656	0	sh_clearbit(temp, slist, sh.bittable);
657	0	sh_remove_from_list(temp);
658	0	OPENSSL_assert(temp != sh.freelist[slist]);
659
660		/* done with bigger list */
661	0	slist++;
662
663		/* add to smaller list */
664	0	OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
665	0	sh_setbit(temp, slist, sh.bittable);
666	0	sh_add_to_list(&sh.freelist[slist], temp);
667	0	OPENSSL_assert(sh.freelist[slist] == temp);
668
669		/* split in 2 */
670	0	temp += sh.arena_size >> slist;
671	0	OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
672	0	sh_setbit(temp, slist, sh.bittable);
673	0	sh_add_to_list(&sh.freelist[slist], temp);
674	0	OPENSSL_assert(sh.freelist[slist] == temp);
675
676	0	OPENSSL_assert(temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist));
677	0	}
678
679		/* peel off memory to hand back */
680	0	chunk = sh.freelist[list];
681	0	OPENSSL_assert(sh_testbit(chunk, list, sh.bittable));
682	0	sh_setbit(chunk, list, sh.bitmalloc);
683	0	sh_remove_from_list(chunk);
684
685	0	OPENSSL_assert(WITHIN_ARENA(chunk));
686
687		/* zero the free list header as a precaution against information leakage */
688	0	memset(chunk, 0, sizeof(SH_LIST));
689
690	0	return chunk;
691	0	}
692
693		static void sh_free(void *ptr)
694	0	{
695	0	size_t list;
696	0	void *buddy;
697
698	0	if (ptr == NULL)
699	0	return;
700	0	OPENSSL_assert(WITHIN_ARENA(ptr));
701	0	if (!WITHIN_ARENA(ptr))
702	0	return;
703
704	0	list = sh_getlist(ptr);
705	0	OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
706	0	sh_clearbit(ptr, list, sh.bitmalloc);
707	0	sh_add_to_list(&sh.freelist[list], ptr);
708
709		/* Try to coalesce two adjacent free areas. */
710	0	while ((buddy = sh_find_my_buddy(ptr, list)) != NULL) {
711	0	OPENSSL_assert(ptr == sh_find_my_buddy(buddy, list));
712	0	OPENSSL_assert(ptr != NULL);
713	0	OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
714	0	sh_clearbit(ptr, list, sh.bittable);
715	0	sh_remove_from_list(ptr);
716	0	OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
717	0	sh_clearbit(buddy, list, sh.bittable);
718	0	sh_remove_from_list(buddy);
719
720	0	list--;
721
722		/* Zero the higher addressed block's free list pointers */
723	0	memset(ptr > buddy ? ptr : buddy, 0, sizeof(SH_LIST));
724	0	if (ptr > buddy)
725	0	ptr = buddy;
726
727	0	OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
728	0	sh_setbit(ptr, list, sh.bittable);
729	0	sh_add_to_list(&sh.freelist[list], ptr);
730	0	OPENSSL_assert(sh.freelist[list] == ptr);
731	0	}
732	0	}
733
734		static size_t sh_actual_size(char *ptr)
735	0	{
736	0	int list;
737
738	0	OPENSSL_assert(WITHIN_ARENA(ptr));
739	0	if (!WITHIN_ARENA(ptr))
740	0	return 0;
741	0	list = sh_getlist(ptr);
742	0	OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
743	0	return sh.arena_size / (ONE << list);
744	0	}
745		#endif /* OPENSSL_NO_SECURE_MEMORY */