/src/openssl111/crypto/mem_sec.c

Source (jump to first uncovered line)
/*
 * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
 * Copyright 2004-2014, Akamai Technologies. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * This file is in two halves. The first half implements the public API
 * to be used by external consumers, and to be used by OpenSSL to store
 * data in a "secure arena." The second half implements the secure arena.
 * For details on that implementation, see below (look for uppercase
 * "SECURE HEAP IMPLEMENTATION").
 */
#include "e_os.h"
#include <openssl/crypto.h>

#include <string.h>

/* e_os.h defines OPENSSL_SECURE_MEMORY if secure memory can be implemented */
#ifdef OPENSSL_SECURE_MEMORY
# include <stdlib.h>
# include <assert.h>
# include <unistd.h>
# include <sys/types.h>
# include <sys/mman.h>
# if defined(OPENSSL_SYS_LINUX)
#  include <sys/syscall.h>
#  if defined(SYS_mlock2)
#   include <linux/mman.h>
#   include <errno.h>
#  endif
# endif
# if defined(__FreeBSD__)
#  define MADV_DONTDUMP MADV_NOCORE
# endif
# if !defined(MAP_CONCEAL)
#  define MAP_CONCEAL 0
# endif
# include <sys/param.h>
# include <sys/stat.h>
# include <fcntl.h>
#endif

#define CLEAR(p, s) OPENSSL_cleanse(p, s)
#ifndef PAGE_SIZE
# define PAGE_SIZE    4096
#endif
#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
# define MAP_ANON MAP_ANONYMOUS
#endif

#ifdef OPENSSL_SECURE_MEMORY
static size_t secure_mem_used;

static int secure_mem_initialized;

static CRYPTO_RWLOCK *sec_malloc_lock = NULL;

/*
 * These are the functions that must be implemented by a secure heap (sh).
 */
static int sh_init(size_t size, int minsize);
static void *sh_malloc(size_t size);
static void sh_free(void *ptr);
static void sh_done(void);
static size_t sh_actual_size(char *ptr);
static int sh_allocated(const char *ptr);
#endif

int CRYPTO_secure_malloc_init(size_t size, int minsize)
{
#ifdef OPENSSL_SECURE_MEMORY
    int ret = 0;

    if (!secure_mem_initialized) {
        sec_malloc_lock = CRYPTO_THREAD_lock_new();
        if (sec_malloc_lock == NULL)
            return 0;
        if ((ret = sh_init(size, minsize)) != 0) {
            secure_mem_initialized = 1;
        } else {
            CRYPTO_THREAD_lock_free(sec_malloc_lock);
            sec_malloc_lock = NULL;
        }
    }

    return ret;
#else
    return 0;
#endif /* OPENSSL_SECURE_MEMORY */
}

int CRYPTO_secure_malloc_done(void)
{
#ifdef OPENSSL_SECURE_MEMORY
    if (secure_mem_used == 0) {
        sh_done();
        secure_mem_initialized = 0;
        CRYPTO_THREAD_lock_free(sec_malloc_lock);
        sec_malloc_lock = NULL;
        return 1;
    }
#endif /* OPENSSL_SECURE_MEMORY */
    return 0;
}

int CRYPTO_secure_malloc_initialized(void)
{
#ifdef OPENSSL_SECURE_MEMORY
    return secure_mem_initialized;
#else
    return 0;
#endif /* OPENSSL_SECURE_MEMORY */
}

void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
{
#ifdef OPENSSL_SECURE_MEMORY
    void *ret;
    size_t actual_size;

    if (!secure_mem_initialized) {
        return CRYPTO_malloc(num, file, line);
    }
    CRYPTO_THREAD_write_lock(sec_malloc_lock);
    ret = sh_malloc(num);
    actual_size = ret ? sh_actual_size(ret) : 0;
    secure_mem_used += actual_size;
    CRYPTO_THREAD_unlock(sec_malloc_lock);
    return ret;
#else
    return CRYPTO_malloc(num, file, line);
#endif /* OPENSSL_SECURE_MEMORY */
}

void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
{
#ifdef OPENSSL_SECURE_MEMORY
    if (secure_mem_initialized)
        /* CRYPTO_secure_malloc() zeroes allocations when it is implemented */
        return CRYPTO_secure_malloc(num, file, line);
#endif
    return CRYPTO_zalloc(num, file, line);
}

void CRYPTO_secure_free(void *ptr, const char *file, int line)
{
#ifdef OPENSSL_SECURE_MEMORY
    size_t actual_size;

    if (ptr == NULL)
        return;
    if (!CRYPTO_secure_allocated(ptr)) {
        CRYPTO_free(ptr, file, line);
        return;
    }
    CRYPTO_THREAD_write_lock(sec_malloc_lock);
    actual_size = sh_actual_size(ptr);
    CLEAR(ptr, actual_size);
    secure_mem_used -= actual_size;
    sh_free(ptr);
    CRYPTO_THREAD_unlock(sec_malloc_lock);
#else
    CRYPTO_free(ptr, file, line);
#endif /* OPENSSL_SECURE_MEMORY */
}

void CRYPTO_secure_clear_free(void *ptr, size_t num,
                              const char *file, int line)
{
#ifdef OPENSSL_SECURE_MEMORY
    size_t actual_size;

    if (ptr == NULL)
        return;
    if (!CRYPTO_secure_allocated(ptr)) {
        OPENSSL_cleanse(ptr, num);
        CRYPTO_free(ptr, file, line);
        return;
    }
    CRYPTO_THREAD_write_lock(sec_malloc_lock);
    actual_size = sh_actual_size(ptr);
    CLEAR(ptr, actual_size);
    secure_mem_used -= actual_size;
    sh_free(ptr);
    CRYPTO_THREAD_unlock(sec_malloc_lock);
#else
    if (ptr == NULL)
        return;
    OPENSSL_cleanse(ptr, num);
    CRYPTO_free(ptr, file, line);
#endif /* OPENSSL_SECURE_MEMORY */
}

int CRYPTO_secure_allocated(const void *ptr)
{
#ifdef OPENSSL_SECURE_MEMORY
    int ret;

    if (!secure_mem_initialized)
        return 0;
    CRYPTO_THREAD_write_lock(sec_malloc_lock);
    ret = sh_allocated(ptr);
    CRYPTO_THREAD_unlock(sec_malloc_lock);
    return ret;
#else
    return 0;
#endif /* OPENSSL_SECURE_MEMORY */
}

size_t CRYPTO_secure_used(void)
{
#ifdef OPENSSL_SECURE_MEMORY
    return secure_mem_used;
#else
    return 0;
#endif /* OPENSSL_SECURE_MEMORY */
}

size_t CRYPTO_secure_actual_size(void *ptr)
{
#ifdef OPENSSL_SECURE_MEMORY
    size_t actual_size;

    CRYPTO_THREAD_write_lock(sec_malloc_lock);
    actual_size = sh_actual_size(ptr);
    CRYPTO_THREAD_unlock(sec_malloc_lock);
    return actual_size;
#else
    return 0;
#endif
}
/* END OF PAGE ...

   ... START OF PAGE */

/*
 * SECURE HEAP IMPLEMENTATION
 */
#ifdef OPENSSL_SECURE_MEMORY


/*
 * The implementation provided here uses a fixed-sized mmap() heap,
 * which is locked into memory, not written to core files, and protected
 * on either side by an unmapped page, which will catch pointer overruns
 * (or underruns) and an attempt to read data out of the secure heap.
 * Free'd memory is zero'd or otherwise cleansed.
 *
 * This is a pretty standard buddy allocator.  We keep areas in a multiple
 * of "sh.minsize" units.  The freelist and bitmaps are kept separately,
 * so all (and only) data is kept in the mmap'd heap.
 *
 * This code assumes eight-bit bytes.  The numbers 3 and 7 are all over the
 * place.
 */

#define ONE ((size_t)1)

# define TESTBIT(t, b)  (t[(b) >> 3] &  (ONE << ((b) & 7)))
# define SETBIT(t, b)   (t[(b) >> 3] |= (ONE << ((b) & 7)))
# define CLEARBIT(t, b) (t[(b) >> 3] &= (0xFF & ~(ONE << ((b) & 7))))

#define WITHIN_ARENA(p) \
    ((char*)(p) >= sh.arena && (char*)(p) < &sh.arena[sh.arena_size])
#define WITHIN_FREELIST(p) \
    ((char*)(p) >= (char*)sh.freelist && (char*)(p) < (char*)&sh.freelist[sh.freelist_size])


typedef struct sh_list_st
{
    struct sh_list_st *next;
    struct sh_list_st **p_next;
} SH_LIST;

typedef struct sh_st
{
    char* map_result;
    size_t map_size;
    char *arena;
    size_t arena_size;
    char **freelist;
    ossl_ssize_t freelist_size;
    size_t minsize;
    unsigned char *bittable;
    unsigned char *bitmalloc;
    size_t bittable_size; /* size in bits */
} SH;

static SH sh;

static size_t sh_getlist(char *ptr)
{
    ossl_ssize_t list = sh.freelist_size - 1;
    size_t bit = (sh.arena_size + ptr - sh.arena) / sh.minsize;

    for (; bit; bit >>= 1, list--) {
        if (TESTBIT(sh.bittable, bit))
            break;
        OPENSSL_assert((bit & 1) == 0);
    }

    return list;
}


static int sh_testbit(char *ptr, int list, unsigned char *table)
{
    size_t bit;

    OPENSSL_assert(list >= 0 && list < sh.freelist_size);
    OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
    bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
    OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
    return TESTBIT(table, bit);
}

static void sh_clearbit(char *ptr, int list, unsigned char *table)
{
    size_t bit;

    OPENSSL_assert(list >= 0 && list < sh.freelist_size);
    OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
    bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
    OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
    OPENSSL_assert(TESTBIT(table, bit));
    CLEARBIT(table, bit);
}

static void sh_setbit(char *ptr, int list, unsigned char *table)
{
    size_t bit;

    OPENSSL_assert(list >= 0 && list < sh.freelist_size);
    OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
    bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
    OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
    OPENSSL_assert(!TESTBIT(table, bit));
    SETBIT(table, bit);
}

static void sh_add_to_list(char **list, char *ptr)
{
    SH_LIST *temp;

    OPENSSL_assert(WITHIN_FREELIST(list));
    OPENSSL_assert(WITHIN_ARENA(ptr));

    temp = (SH_LIST *)ptr;
    temp->next = *(SH_LIST **)list;
    OPENSSL_assert(temp->next == NULL || WITHIN_ARENA(temp->next));
    temp->p_next = (SH_LIST **)list;

    if (temp->next != NULL) {
        OPENSSL_assert((char **)temp->next->p_next == list);
        temp->next->p_next = &(temp->next);
    }

    *list = ptr;
}

static void sh_remove_from_list(char *ptr)
{
    SH_LIST *temp, *temp2;

    temp = (SH_LIST *)ptr;
    if (temp->next != NULL)
        temp->next->p_next = temp->p_next;
    *temp->p_next = temp->next;
    if (temp->next == NULL)
        return;

    temp2 = temp->next;
    OPENSSL_assert(WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next));
}


static int sh_init(size_t size, int minsize)
{
    int ret;
    size_t i;
    size_t pgsize;
    size_t aligned;

    memset(&sh, 0, sizeof(sh));

    /* make sure size and minsize are powers of 2 */
    OPENSSL_assert(size > 0);
    OPENSSL_assert((size & (size - 1)) == 0);
    OPENSSL_assert(minsize > 0);
    OPENSSL_assert((minsize & (minsize - 1)) == 0);
    if (size <= 0 || (size & (size - 1)) != 0)
        goto err;
    if (minsize <= 0 || (minsize & (minsize - 1)) != 0)
        goto err;

    while (minsize < (int)sizeof(SH_LIST))
        minsize *= 2;

    sh.arena_size = size;
    sh.minsize = minsize;
    sh.bittable_size = (sh.arena_size / sh.minsize) * 2;

    /* Prevent allocations of size 0 later on */
    if (sh.bittable_size >> 3 == 0)
        goto err;

    sh.freelist_size = -1;
    for (i = sh.bittable_size; i; i >>= 1)
        sh.freelist_size++;

    sh.freelist = OPENSSL_zalloc(sh.freelist_size * sizeof(char *));
    OPENSSL_assert(sh.freelist != NULL);
    if (sh.freelist == NULL)
        goto err;

    sh.bittable = OPENSSL_zalloc(sh.bittable_size >> 3);
    OPENSSL_assert(sh.bittable != NULL);
    if (sh.bittable == NULL)
        goto err;

    sh.bitmalloc = OPENSSL_zalloc(sh.bittable_size >> 3);
    OPENSSL_assert(sh.bitmalloc != NULL);
    if (sh.bitmalloc == NULL)
        goto err;

    /* Allocate space for heap, and two extra pages as guards */
#if defined(_SC_PAGE_SIZE) || defined (_SC_PAGESIZE)
    {
# if defined(_SC_PAGE_SIZE)
        long tmppgsize = sysconf(_SC_PAGE_SIZE);
# else
        long tmppgsize = sysconf(_SC_PAGESIZE);
# endif
        if (tmppgsize < 1)
            pgsize = PAGE_SIZE;
        else
            pgsize = (size_t)tmppgsize;
    }
#else
    pgsize = PAGE_SIZE;
#endif
    sh.map_size = pgsize + sh.arena_size + pgsize;
    if (1) {
#ifdef MAP_ANON
        sh.map_result = mmap(NULL, sh.map_size,
                             PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE|MAP_CONCEAL, -1, 0);
    } else {
#endif
        int fd;

        sh.map_result = MAP_FAILED;
        if ((fd = open("/dev/zero", O_RDWR)) >= 0) {
            sh.map_result = mmap(NULL, sh.map_size,
                                 PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0);
            close(fd);
        }
    }
    if (sh.map_result == MAP_FAILED)
        goto err;
    sh.arena = (char *)(sh.map_result + pgsize);
    sh_setbit(sh.arena, 0, sh.bittable);
    sh_add_to_list(&sh.freelist[0], sh.arena);

    /* Now try to add guard pages and lock into memory. */
    ret = 1;

    /* Starting guard is already aligned from mmap. */
    if (mprotect(sh.map_result, pgsize, PROT_NONE) < 0)
        ret = 2;

    /* Ending guard page - need to round up to page boundary */
    aligned = (pgsize + sh.arena_size + (pgsize - 1)) & ~(pgsize - 1);
    if (mprotect(sh.map_result + aligned, pgsize, PROT_NONE) < 0)
        ret = 2;

#if defined(OPENSSL_SYS_LINUX) && defined(MLOCK_ONFAULT) && defined(SYS_mlock2)
    if (syscall(SYS_mlock2, sh.arena, sh.arena_size, MLOCK_ONFAULT) < 0) {
        if (errno == ENOSYS) {
            if (mlock(sh.arena, sh.arena_size) < 0)
                ret = 2;
        } else {
            ret = 2;
        }
    }
#else
    if (mlock(sh.arena, sh.arena_size) < 0)
        ret = 2;
#endif
#ifdef MADV_DONTDUMP
    if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0)
        ret = 2;
#endif

    return ret;

 err:
    sh_done();
    return 0;
}

static void sh_done(void)
{
    OPENSSL_free(sh.freelist);
    OPENSSL_free(sh.bittable);
    OPENSSL_free(sh.bitmalloc);
    if (sh.map_result != MAP_FAILED && sh.map_size)
        munmap(sh.map_result, sh.map_size);
    memset(&sh, 0, sizeof(sh));
}

static int sh_allocated(const char *ptr)
{
    return WITHIN_ARENA(ptr) ? 1 : 0;
}

static char *sh_find_my_buddy(char *ptr, int list)
{
    size_t bit;
    char *chunk = NULL;

    bit = (ONE << list) + (ptr - sh.arena) / (sh.arena_size >> list);
    bit ^= 1;

    if (TESTBIT(sh.bittable, bit) && !TESTBIT(sh.bitmalloc, bit))
        chunk = sh.arena + ((bit & ((ONE << list) - 1)) * (sh.arena_size >> list));

    return chunk;
}

static void *sh_malloc(size_t size)
{
    ossl_ssize_t list, slist;
    size_t i;
    char *chunk;

    if (size > sh.arena_size)
        return NULL;

    list = sh.freelist_size - 1;
    for (i = sh.minsize; i < size; i <<= 1)
        list--;
    if (list < 0)
        return NULL;

    /* try to find a larger entry to split */
    for (slist = list; slist >= 0; slist--)
        if (sh.freelist[slist] != NULL)
            break;
    if (slist < 0)
        return NULL;

    /* split larger entry */
    while (slist != list) {
        char *temp = sh.freelist[slist];

        /* remove from bigger list */
        OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
        sh_clearbit(temp, slist, sh.bittable);
        sh_remove_from_list(temp);
        OPENSSL_assert(temp != sh.freelist[slist]);

        /* done with bigger list */
        slist++;

        /* add to smaller list */
        OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
        sh_setbit(temp, slist, sh.bittable);
        sh_add_to_list(&sh.freelist[slist], temp);
        OPENSSL_assert(sh.freelist[slist] == temp);

        /* split in 2 */
        temp += sh.arena_size >> slist;
        OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
        sh_setbit(temp, slist, sh.bittable);
        sh_add_to_list(&sh.freelist[slist], temp);
        OPENSSL_assert(sh.freelist[slist] == temp);

        OPENSSL_assert(temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist));
    }

    /* peel off memory to hand back */
    chunk = sh.freelist[list];
    OPENSSL_assert(sh_testbit(chunk, list, sh.bittable));
    sh_setbit(chunk, list, sh.bitmalloc);
    sh_remove_from_list(chunk);

    OPENSSL_assert(WITHIN_ARENA(chunk));

    /* zero the free list header as a precaution against information leakage */
    memset(chunk, 0, sizeof(SH_LIST));

    return chunk;
}

static void sh_free(void *ptr)
{
    size_t list;
    void *buddy;

    if (ptr == NULL)
        return;
    OPENSSL_assert(WITHIN_ARENA(ptr));
    if (!WITHIN_ARENA(ptr))
        return;

    list = sh_getlist(ptr);
    OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
    sh_clearbit(ptr, list, sh.bitmalloc);
    sh_add_to_list(&sh.freelist[list], ptr);

    /* Try to coalesce two adjacent free areas. */
    while ((buddy = sh_find_my_buddy(ptr, list)) != NULL) {
        OPENSSL_assert(ptr == sh_find_my_buddy(buddy, list));
        OPENSSL_assert(ptr != NULL);
        OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
        sh_clearbit(ptr, list, sh.bittable);
        sh_remove_from_list(ptr);
        OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
        sh_clearbit(buddy, list, sh.bittable);
        sh_remove_from_list(buddy);

        list--;

        /* Zero the higher addressed block's free list pointers */
        memset(ptr > buddy ? ptr : buddy, 0, sizeof(SH_LIST));
        if (ptr > buddy)
            ptr = buddy;

        OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
        sh_setbit(ptr, list, sh.bittable);
        sh_add_to_list(&sh.freelist[list], ptr);
        OPENSSL_assert(sh.freelist[list] == ptr);
    }
}

static size_t sh_actual_size(char *ptr)
{
    int list;

    OPENSSL_assert(WITHIN_ARENA(ptr));
    if (!WITHIN_ARENA(ptr))
        return 0;
    list = sh_getlist(ptr);
    OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
    return sh.arena_size / (ONE << list);
}
#endif /* OPENSSL_SECURE_MEMORY */

Coverage Report

Created: 2023-09-25 06:45

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
3		* Copyright 2004-2014, Akamai Technologies. All Rights Reserved.
4		*
5		* Licensed under the OpenSSL license (the "License"). You may not use
6		* this file except in compliance with the License. You can obtain a copy
7		* in the file LICENSE in the source distribution or at
8		* https://www.openssl.org/source/license.html
9		*/
10
11		/*
12		* This file is in two halves. The first half implements the public API
13		* to be used by external consumers, and to be used by OpenSSL to store
14		* data in a "secure arena." The second half implements the secure arena.
15		* For details on that implementation, see below (look for uppercase
16		* "SECURE HEAP IMPLEMENTATION").
17		*/
18		#include "e_os.h"
19		#include <openssl/crypto.h>
20
21		#include <string.h>
22
23		/* e_os.h defines OPENSSL_SECURE_MEMORY if secure memory can be implemented */
24		#ifdef OPENSSL_SECURE_MEMORY
25		# include <stdlib.h>
26		# include <assert.h>
27		# include <unistd.h>
28		# include <sys/types.h>
29		# include <sys/mman.h>
30		# if defined(OPENSSL_SYS_LINUX)
31		# include <sys/syscall.h>
32		# if defined(SYS_mlock2)
33		# include <linux/mman.h>
34		# include <errno.h>
35		# endif
36		# endif
37		# if defined(__FreeBSD__)
38		# define MADV_DONTDUMP MADV_NOCORE
39		# endif
40		# if !defined(MAP_CONCEAL)
41	0	# define MAP_CONCEAL 0
42		# endif
43		# include <sys/param.h>
44		# include <sys/stat.h>
45		# include <fcntl.h>
46		#endif
47
48	0	#define CLEAR(p, s) OPENSSL_cleanse(p, s)
49		#ifndef PAGE_SIZE
50	0	# define PAGE_SIZE 4096
51		#endif
52		#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
53		# define MAP_ANON MAP_ANONYMOUS
54		#endif
55
56		#ifdef OPENSSL_SECURE_MEMORY
57		static size_t secure_mem_used;
58
59		static int secure_mem_initialized;
60
61		static CRYPTO_RWLOCK *sec_malloc_lock = NULL;
62
63		/*
64		* These are the functions that must be implemented by a secure heap (sh).
65		*/
66		static int sh_init(size_t size, int minsize);
67		static void *sh_malloc(size_t size);
68		static void sh_free(void *ptr);
69		static void sh_done(void);
70		static size_t sh_actual_size(char *ptr);
71		static int sh_allocated(const char *ptr);
72		#endif
73
74		int CRYPTO_secure_malloc_init(size_t size, int minsize)
75	0	{
76	0	#ifdef OPENSSL_SECURE_MEMORY
77	0	int ret = 0;
78
79	0	if (!secure_mem_initialized) {
80	0	sec_malloc_lock = CRYPTO_THREAD_lock_new();
81	0	if (sec_malloc_lock == NULL)
82	0	return 0;
83	0	if ((ret = sh_init(size, minsize)) != 0) {
84	0	secure_mem_initialized = 1;
85	0	} else {
86	0	CRYPTO_THREAD_lock_free(sec_malloc_lock);
87	0	sec_malloc_lock = NULL;
88	0	}
89	0	}
90
91	0	return ret;
92		#else
93		return 0;
94		#endif /* OPENSSL_SECURE_MEMORY */
95	0	}
96
97		int CRYPTO_secure_malloc_done(void)
98	76	{
99	76	#ifdef OPENSSL_SECURE_MEMORY
100	76	if (secure_mem_used == 0) {
101	76	sh_done();
102	76	secure_mem_initialized = 0;
103	76	CRYPTO_THREAD_lock_free(sec_malloc_lock);
104	76	sec_malloc_lock = NULL;
105	76	return 1;
106	76	}
107	0	#endif /* OPENSSL_SECURE_MEMORY */
108	0	return 0;
109	76	}
110
111		int CRYPTO_secure_malloc_initialized(void)
112	0	{
113	0	#ifdef OPENSSL_SECURE_MEMORY
114	0	return secure_mem_initialized;
115		#else
116		return 0;
117		#endif /* OPENSSL_SECURE_MEMORY */
118	0	}
119
120		void CRYPTO_secure_malloc(size_t num, const char file, int line)
121	112k	{
122	112k	#ifdef OPENSSL_SECURE_MEMORY
123	112k	void *ret;
124	112k	size_t actual_size;
125
126	112k	if (!secure_mem_initialized) {
127	112k	return CRYPTO_malloc(num, file, line);
128	112k	}
129	0	CRYPTO_THREAD_write_lock(sec_malloc_lock);
130	0	ret = sh_malloc(num);
131	0	actual_size = ret ? sh_actual_size(ret) : 0;
132	0	secure_mem_used += actual_size;
133	0	CRYPTO_THREAD_unlock(sec_malloc_lock);
134	0	return ret;
135		#else
136		return CRYPTO_malloc(num, file, line);
137		#endif /* OPENSSL_SECURE_MEMORY */
138	112k	}
139
140		void CRYPTO_secure_zalloc(size_t num, const char file, int line)
141	730k	{
142	730k	#ifdef OPENSSL_SECURE_MEMORY
143	730k	if (secure_mem_initialized)
144		/* CRYPTO_secure_malloc() zeroes allocations when it is implemented */
145	0	return CRYPTO_secure_malloc(num, file, line);
146	730k	#endif
147	730k	return CRYPTO_zalloc(num, file, line);
148	730k	}
149
150		void CRYPTO_secure_free(void ptr, const char file, int line)
151	25.7k	{
152	25.7k	#ifdef OPENSSL_SECURE_MEMORY
153	25.7k	size_t actual_size;
154
155	25.7k	if (ptr == NULL)
156	0	return;
157	25.7k	if (!CRYPTO_secure_allocated(ptr)) {
158	25.7k	CRYPTO_free(ptr, file, line);
159	25.7k	return;
160	25.7k	}
161	0	CRYPTO_THREAD_write_lock(sec_malloc_lock);
162	0	actual_size = sh_actual_size(ptr);
163	0	CLEAR(ptr, actual_size);
164	0	secure_mem_used -= actual_size;
165	0	sh_free(ptr);
166	0	CRYPTO_THREAD_unlock(sec_malloc_lock);
167		#else
168		CRYPTO_free(ptr, file, line);
169		#endif /* OPENSSL_SECURE_MEMORY */
170	0	}
171
172		void CRYPTO_secure_clear_free(void *ptr, size_t num,
173		const char *file, int line)
174	315k	{
175	315k	#ifdef OPENSSL_SECURE_MEMORY
176	315k	size_t actual_size;
177
178	315k	if (ptr == NULL)
179	50.6k	return;
180	264k	if (!CRYPTO_secure_allocated(ptr)) {
181	264k	OPENSSL_cleanse(ptr, num);
182	264k	CRYPTO_free(ptr, file, line);
183	264k	return;
184	264k	}
185	0	CRYPTO_THREAD_write_lock(sec_malloc_lock);
186	0	actual_size = sh_actual_size(ptr);
187	0	CLEAR(ptr, actual_size);
188	0	secure_mem_used -= actual_size;
189	0	sh_free(ptr);
190	0	CRYPTO_THREAD_unlock(sec_malloc_lock);
191		#else
192		if (ptr == NULL)
193		return;
194		OPENSSL_cleanse(ptr, num);
195		CRYPTO_free(ptr, file, line);
196		#endif /* OPENSSL_SECURE_MEMORY */
197	0	}
198
199		int CRYPTO_secure_allocated(const void *ptr)
200	1.14M	{
201	1.14M	#ifdef OPENSSL_SECURE_MEMORY
202	1.14M	int ret;
203
204	1.14M	if (!secure_mem_initialized)
205	1.14M	return 0;
206	0	CRYPTO_THREAD_write_lock(sec_malloc_lock);
207	0	ret = sh_allocated(ptr);
208	0	CRYPTO_THREAD_unlock(sec_malloc_lock);
209	0	return ret;
210		#else
211		return 0;
212		#endif /* OPENSSL_SECURE_MEMORY */
213	1.14M	}
214
215		size_t CRYPTO_secure_used(void)
216	0	{
217	0	#ifdef OPENSSL_SECURE_MEMORY
218	0	return secure_mem_used;
219		#else
220		return 0;
221		#endif /* OPENSSL_SECURE_MEMORY */
222	0	}
223
224		size_t CRYPTO_secure_actual_size(void *ptr)
225	0	{
226	0	#ifdef OPENSSL_SECURE_MEMORY
227	0	size_t actual_size;
228
229	0	CRYPTO_THREAD_write_lock(sec_malloc_lock);
230	0	actual_size = sh_actual_size(ptr);
231	0	CRYPTO_THREAD_unlock(sec_malloc_lock);
232	0	return actual_size;
233		#else
234		return 0;
235		#endif
236	0	}
237		/* END OF PAGE ...
238
239		... START OF PAGE */
240
241		/*
242		* SECURE HEAP IMPLEMENTATION
243		*/
244		#ifdef OPENSSL_SECURE_MEMORY
245
246
247		/*
248		* The implementation provided here uses a fixed-sized mmap() heap,
249		* which is locked into memory, not written to core files, and protected
250		* on either side by an unmapped page, which will catch pointer overruns
251		* (or underruns) and an attempt to read data out of the secure heap.
252		* Free'd memory is zero'd or otherwise cleansed.
253		*
254		* This is a pretty standard buddy allocator. We keep areas in a multiple
255		* of "sh.minsize" units. The freelist and bitmaps are kept separately,
256		* so all (and only) data is kept in the mmap'd heap.
257		*
258		* This code assumes eight-bit bytes. The numbers 3 and 7 are all over the
259		* place.
260		*/
261
262	0	#define ONE ((size_t)1)
263
264	0	# define TESTBIT(t, b) (t[(b) >> 3] & (ONE << ((b) & 7)))
265	0	# define SETBIT(t, b) (t[(b) >> 3] \|= (ONE << ((b) & 7)))
266	0	# define CLEARBIT(t, b) (t[(b) >> 3] &= (0xFF & ~(ONE << ((b) & 7))))
267
268		#define WITHIN_ARENA(p) \
269	0	((char)(p) >= sh.arena && (char)(p) < &sh.arena[sh.arena_size])
270		#define WITHIN_FREELIST(p) \
271		((char)(p) >= (char)sh.freelist && (char)(p) < (char)&sh.freelist[sh.freelist_size])
272
273
274		typedef struct sh_list_st
275		{
276		struct sh_list_st *next;
277		struct sh_list_st **p_next;
278		} SH_LIST;
279
280		typedef struct sh_st
281		{
282		char* map_result;
283		size_t map_size;
284		char *arena;
285		size_t arena_size;
286		char **freelist;
287		ossl_ssize_t freelist_size;
288		size_t minsize;
289		unsigned char *bittable;
290		unsigned char *bitmalloc;
291		size_t bittable_size; /* size in bits */
292		} SH;
293
294		static SH sh;
295
296		static size_t sh_getlist(char *ptr)
297	0	{
298	0	ossl_ssize_t list = sh.freelist_size - 1;
299	0	size_t bit = (sh.arena_size + ptr - sh.arena) / sh.minsize;
300
301	0	for (; bit; bit >>= 1, list--) {
302	0	if (TESTBIT(sh.bittable, bit))
303	0	break;
304	0	OPENSSL_assert((bit & 1) == 0);
305	0	}
306
307	0	return list;
308	0	}
309
310
311		static int sh_testbit(char ptr, int list, unsigned char table)
312	0	{
313	0	size_t bit;
314
315	0	OPENSSL_assert(list >= 0 && list < sh.freelist_size);
316	0	OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
317	0	bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
318	0	OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
319	0	return TESTBIT(table, bit);
320	0	}
321
322		static void sh_clearbit(char ptr, int list, unsigned char table)
323	0	{
324	0	size_t bit;
325
326	0	OPENSSL_assert(list >= 0 && list < sh.freelist_size);
327	0	OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
328	0	bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
329	0	OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
330	0	OPENSSL_assert(TESTBIT(table, bit));
331	0	CLEARBIT(table, bit);
332	0	}
333
334		static void sh_setbit(char ptr, int list, unsigned char table)
335	0	{
336	0	size_t bit;
337
338	0	OPENSSL_assert(list >= 0 && list < sh.freelist_size);
339	0	OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
340	0	bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
341	0	OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
342	0	OPENSSL_assert(!TESTBIT(table, bit));
343	0	SETBIT(table, bit);
344	0	}
345
346		static void sh_add_to_list(char *list, char ptr)
347	0	{
348	0	SH_LIST *temp;
349
350	0	OPENSSL_assert(WITHIN_FREELIST(list));
351	0	OPENSSL_assert(WITHIN_ARENA(ptr));
352
353	0	temp = (SH_LIST *)ptr;
354	0	temp->next = (SH_LIST *)list;
355	0	OPENSSL_assert(temp->next == NULL \|\| WITHIN_ARENA(temp->next));
356	0	temp->p_next = (SH_LIST **)list;
357
358	0	if (temp->next != NULL) {
359	0	OPENSSL_assert((char **)temp->next->p_next == list);
360	0	temp->next->p_next = &(temp->next);
361	0	}
362
363	0	*list = ptr;
364	0	}
365
366		static void sh_remove_from_list(char *ptr)
367	0	{
368	0	SH_LIST temp, temp2;
369
370	0	temp = (SH_LIST *)ptr;
371	0	if (temp->next != NULL)
372	0	temp->next->p_next = temp->p_next;
373	0	*temp->p_next = temp->next;
374	0	if (temp->next == NULL)
375	0	return;
376
377	0	temp2 = temp->next;
378	0	OPENSSL_assert(WITHIN_FREELIST(temp2->p_next) \|\| WITHIN_ARENA(temp2->p_next));
379	0	}
380
381
382		static int sh_init(size_t size, int minsize)
383	0	{
384	0	int ret;
385	0	size_t i;
386	0	size_t pgsize;
387	0	size_t aligned;
388
389	0	memset(&sh, 0, sizeof(sh));
390
391		/* make sure size and minsize are powers of 2 */
392	0	OPENSSL_assert(size > 0);
393	0	OPENSSL_assert((size & (size - 1)) == 0);
394	0	OPENSSL_assert(minsize > 0);
395	0	OPENSSL_assert((minsize & (minsize - 1)) == 0);
396	0	if (size <= 0 \|\| (size & (size - 1)) != 0)
397	0	goto err;
398	0	if (minsize <= 0 \|\| (minsize & (minsize - 1)) != 0)
399	0	goto err;
400
401	0	while (minsize < (int)sizeof(SH_LIST))
402	0	minsize *= 2;
403
404	0	sh.arena_size = size;
405	0	sh.minsize = minsize;
406	0	sh.bittable_size = (sh.arena_size / sh.minsize) * 2;
407
408		/* Prevent allocations of size 0 later on */
409	0	if (sh.bittable_size >> 3 == 0)
410	0	goto err;
411
412	0	sh.freelist_size = -1;
413	0	for (i = sh.bittable_size; i; i >>= 1)
414	0	sh.freelist_size++;
415
416	0	sh.freelist = OPENSSL_zalloc(sh.freelist_size * sizeof(char *));
417	0	OPENSSL_assert(sh.freelist != NULL);
418	0	if (sh.freelist == NULL)
419	0	goto err;
420
421	0	sh.bittable = OPENSSL_zalloc(sh.bittable_size >> 3);
422	0	OPENSSL_assert(sh.bittable != NULL);
423	0	if (sh.bittable == NULL)
424	0	goto err;
425
426	0	sh.bitmalloc = OPENSSL_zalloc(sh.bittable_size >> 3);
427	0	OPENSSL_assert(sh.bitmalloc != NULL);
428	0	if (sh.bitmalloc == NULL)
429	0	goto err;
430
431		/* Allocate space for heap, and two extra pages as guards */
432	0	#if defined(_SC_PAGE_SIZE) \|\| defined (_SC_PAGESIZE)
433	0	{
434	0	# if defined(_SC_PAGE_SIZE)
435	0	long tmppgsize = sysconf(_SC_PAGE_SIZE);
436		# else
437		long tmppgsize = sysconf(_SC_PAGESIZE);
438		# endif
439	0	if (tmppgsize < 1)
440	0	pgsize = PAGE_SIZE;
441	0	else
442	0	pgsize = (size_t)tmppgsize;
443	0	}
444		#else
445		pgsize = PAGE_SIZE;
446		#endif
447	0	sh.map_size = pgsize + sh.arena_size + pgsize;
448	0	if (1) {
449	0	#ifdef MAP_ANON
450	0	sh.map_result = mmap(NULL, sh.map_size,
451	0	PROT_READ\|PROT_WRITE, MAP_ANON\|MAP_PRIVATE\|MAP_CONCEAL, -1, 0);
452	0	} else {
453	0	#endif
454	0	int fd;
455
456	0	sh.map_result = MAP_FAILED;
457	0	if ((fd = open("/dev/zero", O_RDWR)) >= 0) {
458	0	sh.map_result = mmap(NULL, sh.map_size,
459	0	PROT_READ\|PROT_WRITE, MAP_PRIVATE, fd, 0);
460	0	close(fd);
461	0	}
462	0	}
463	0	if (sh.map_result == MAP_FAILED)
464	0	goto err;
465	0	sh.arena = (char *)(sh.map_result + pgsize);
466	0	sh_setbit(sh.arena, 0, sh.bittable);
467	0	sh_add_to_list(&sh.freelist[0], sh.arena);
468
469		/* Now try to add guard pages and lock into memory. */
470	0	ret = 1;
471
472		/* Starting guard is already aligned from mmap. */
473	0	if (mprotect(sh.map_result, pgsize, PROT_NONE) < 0)
474	0	ret = 2;
475
476		/* Ending guard page - need to round up to page boundary */
477	0	aligned = (pgsize + sh.arena_size + (pgsize - 1)) & ~(pgsize - 1);
478	0	if (mprotect(sh.map_result + aligned, pgsize, PROT_NONE) < 0)
479	0	ret = 2;
480
481	0	#if defined(OPENSSL_SYS_LINUX) && defined(MLOCK_ONFAULT) && defined(SYS_mlock2)
482	0	if (syscall(SYS_mlock2, sh.arena, sh.arena_size, MLOCK_ONFAULT) < 0) {
483	0	if (errno == ENOSYS) {
484	0	if (mlock(sh.arena, sh.arena_size) < 0)
485	0	ret = 2;
486	0	} else {
487	0	ret = 2;
488	0	}
489	0	}
490		#else
491		if (mlock(sh.arena, sh.arena_size) < 0)
492		ret = 2;
493		#endif
494	0	#ifdef MADV_DONTDUMP
495	0	if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0)
496	0	ret = 2;
497	0	#endif
498
499	0	return ret;
500
501	0	err:
502	0	sh_done();
503	0	return 0;
504	0	}
505
506		static void sh_done(void)
507	76	{
508	76	OPENSSL_free(sh.freelist);
509	76	OPENSSL_free(sh.bittable);
510	76	OPENSSL_free(sh.bitmalloc);
511	76	if (sh.map_result != MAP_FAILED && sh.map_size)
512	0	munmap(sh.map_result, sh.map_size);
513	76	memset(&sh, 0, sizeof(sh));
514	76	}
515
516		static int sh_allocated(const char *ptr)
517	0	{
518	0	return WITHIN_ARENA(ptr) ? 1 : 0;
519	0	}
520
521		static char sh_find_my_buddy(char ptr, int list)
522	0	{
523	0	size_t bit;
524	0	char *chunk = NULL;
525
526	0	bit = (ONE << list) + (ptr - sh.arena) / (sh.arena_size >> list);
527	0	bit ^= 1;
528
529	0	if (TESTBIT(sh.bittable, bit) && !TESTBIT(sh.bitmalloc, bit))
530	0	chunk = sh.arena + ((bit & ((ONE << list) - 1)) * (sh.arena_size >> list));
531
532	0	return chunk;
533	0	}
534
535		static void *sh_malloc(size_t size)
536	0	{
537	0	ossl_ssize_t list, slist;
538	0	size_t i;
539	0	char *chunk;
540
541	0	if (size > sh.arena_size)
542	0	return NULL;
543
544	0	list = sh.freelist_size - 1;
545	0	for (i = sh.minsize; i < size; i <<= 1)
546	0	list--;
547	0	if (list < 0)
548	0	return NULL;
549
550		/* try to find a larger entry to split */
551	0	for (slist = list; slist >= 0; slist--)
552	0	if (sh.freelist[slist] != NULL)
553	0	break;
554	0	if (slist < 0)
555	0	return NULL;
556
557		/* split larger entry */
558	0	while (slist != list) {
559	0	char *temp = sh.freelist[slist];
560
561		/* remove from bigger list */
562	0	OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
563	0	sh_clearbit(temp, slist, sh.bittable);
564	0	sh_remove_from_list(temp);
565	0	OPENSSL_assert(temp != sh.freelist[slist]);
566
567		/* done with bigger list */
568	0	slist++;
569
570		/* add to smaller list */
571	0	OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
572	0	sh_setbit(temp, slist, sh.bittable);
573	0	sh_add_to_list(&sh.freelist[slist], temp);
574	0	OPENSSL_assert(sh.freelist[slist] == temp);
575
576		/* split in 2 */
577	0	temp += sh.arena_size >> slist;
578	0	OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
579	0	sh_setbit(temp, slist, sh.bittable);
580	0	sh_add_to_list(&sh.freelist[slist], temp);
581	0	OPENSSL_assert(sh.freelist[slist] == temp);
582
583	0	OPENSSL_assert(temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist));
584	0	}
585
586		/* peel off memory to hand back */
587	0	chunk = sh.freelist[list];
588	0	OPENSSL_assert(sh_testbit(chunk, list, sh.bittable));
589	0	sh_setbit(chunk, list, sh.bitmalloc);
590	0	sh_remove_from_list(chunk);
591
592	0	OPENSSL_assert(WITHIN_ARENA(chunk));
593
594		/* zero the free list header as a precaution against information leakage */
595	0	memset(chunk, 0, sizeof(SH_LIST));
596
597	0	return chunk;
598	0	}
599
600		static void sh_free(void *ptr)
601	0	{
602	0	size_t list;
603	0	void *buddy;
604
605	0	if (ptr == NULL)
606	0	return;
607	0	OPENSSL_assert(WITHIN_ARENA(ptr));
608	0	if (!WITHIN_ARENA(ptr))
609	0	return;
610
611	0	list = sh_getlist(ptr);
612	0	OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
613	0	sh_clearbit(ptr, list, sh.bitmalloc);
614	0	sh_add_to_list(&sh.freelist[list], ptr);
615
616		/* Try to coalesce two adjacent free areas. */
617	0	while ((buddy = sh_find_my_buddy(ptr, list)) != NULL) {
618	0	OPENSSL_assert(ptr == sh_find_my_buddy(buddy, list));
619	0	OPENSSL_assert(ptr != NULL);
620	0	OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
621	0	sh_clearbit(ptr, list, sh.bittable);
622	0	sh_remove_from_list(ptr);
623	0	OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
624	0	sh_clearbit(buddy, list, sh.bittable);
625	0	sh_remove_from_list(buddy);
626
627	0	list--;
628
629		/* Zero the higher addressed block's free list pointers */
630	0	memset(ptr > buddy ? ptr : buddy, 0, sizeof(SH_LIST));
631	0	if (ptr > buddy)
632	0	ptr = buddy;
633
634	0	OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
635	0	sh_setbit(ptr, list, sh.bittable);
636	0	sh_add_to_list(&sh.freelist[list], ptr);
637	0	OPENSSL_assert(sh.freelist[list] == ptr);
638	0	}
639	0	}
640
641		static size_t sh_actual_size(char *ptr)
642	0	{
643	0	int list;
644
645	0	OPENSSL_assert(WITHIN_ARENA(ptr));
646	0	if (!WITHIN_ARENA(ptr))
647	0	return 0;
648	0	list = sh_getlist(ptr);
649	0	OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
650	0	return sh.arena_size / (ONE << list);
651	0	}
652		#endif /* OPENSSL_SECURE_MEMORY */