/src/openssl30/crypto/mem_sec.c

Source (jump to first uncovered line)
/*
 * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
 * Copyright 2004-2014, Akamai Technologies. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * This file is in two halves. The first half implements the public API
 * to be used by external consumers, and to be used by OpenSSL to store
 * data in a "secure arena." The second half implements the secure arena.
 * For details on that implementation, see below (look for uppercase
 * "SECURE HEAP IMPLEMENTATION").
 */
#include "e_os.h"
#include <openssl/crypto.h>

#include <string.h>

#ifndef OPENSSL_NO_SECURE_MEMORY
# if defined(_WIN32)
#  include <windows.h>
#  if defined(WINAPI_FAMILY_PARTITION)
#   if !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP | WINAPI_PARTITION_SYSTEM)
/*
 * While VirtualLock is available under the app partition (e.g. UWP),
 * the headers do not define the API. Define it ourselves instead.
 */
WINBASEAPI
BOOL
WINAPI
VirtualLock(
    _In_ LPVOID lpAddress,
    _In_ SIZE_T dwSize
    );
#   endif
#  endif
# endif
# include <stdlib.h>
# include <assert.h>
# if defined(OPENSSL_SYS_UNIX)
#  include <unistd.h>
# endif
# include <sys/types.h>
# if defined(OPENSSL_SYS_UNIX)
#  include <sys/mman.h>
#  if defined(__FreeBSD__)
#    define MADV_DONTDUMP MADV_NOCORE
#  endif
#  if !defined(MAP_CONCEAL)
#    define MAP_CONCEAL 0
#  endif
# endif
# if defined(OPENSSL_SYS_LINUX)
#  include <sys/syscall.h>
#  if defined(SYS_mlock2)
#   include <linux/mman.h>
#   include <errno.h>
#  endif
#  include <sys/param.h>
# endif
# include <sys/stat.h>
# include <fcntl.h>
#endif

#define CLEAR(p, s) OPENSSL_cleanse(p, s)
#ifndef PAGE_SIZE
# define PAGE_SIZE    4096
#endif
#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
# define MAP_ANON MAP_ANONYMOUS
#endif

#ifndef OPENSSL_NO_SECURE_MEMORY
static size_t secure_mem_used;

static int secure_mem_initialized;

static CRYPTO_RWLOCK *sec_malloc_lock = NULL;

/*
 * These are the functions that must be implemented by a secure heap (sh).
 */
static int sh_init(size_t size, size_t minsize);
static void *sh_malloc(size_t size);
static void sh_free(void *ptr);
static void sh_done(void);
static size_t sh_actual_size(char *ptr);
static int sh_allocated(const char *ptr);
#endif

int CRYPTO_secure_malloc_init(size_t size, size_t minsize)
{
#ifndef OPENSSL_NO_SECURE_MEMORY
    int ret = 0;

    if (!secure_mem_initialized) {
        sec_malloc_lock = CRYPTO_THREAD_lock_new();
        if (sec_malloc_lock == NULL)
            return 0;
        if ((ret = sh_init(size, minsize)) != 0) {
            secure_mem_initialized = 1;
        } else {
            CRYPTO_THREAD_lock_free(sec_malloc_lock);
            sec_malloc_lock = NULL;
        }
    }

    return ret;
#else
    return 0;
#endif /* OPENSSL_NO_SECURE_MEMORY */
}

int CRYPTO_secure_malloc_done(void)
{
#ifndef OPENSSL_NO_SECURE_MEMORY
    if (secure_mem_used == 0) {
        sh_done();
        secure_mem_initialized = 0;
        CRYPTO_THREAD_lock_free(sec_malloc_lock);
        sec_malloc_lock = NULL;
        return 1;
    }
#endif /* OPENSSL_NO_SECURE_MEMORY */
    return 0;
}

int CRYPTO_secure_malloc_initialized(void)
{
#ifndef OPENSSL_NO_SECURE_MEMORY
    return secure_mem_initialized;
#else
    return 0;
#endif /* OPENSSL_NO_SECURE_MEMORY */
}

void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
{
#ifndef OPENSSL_NO_SECURE_MEMORY
    void *ret;
    size_t actual_size;

    if (!secure_mem_initialized) {
        return CRYPTO_malloc(num, file, line);
    }
    if (!CRYPTO_THREAD_write_lock(sec_malloc_lock))
        return NULL;
    ret = sh_malloc(num);
    actual_size = ret ? sh_actual_size(ret) : 0;
    secure_mem_used += actual_size;
    CRYPTO_THREAD_unlock(sec_malloc_lock);
    return ret;
#else
    return CRYPTO_malloc(num, file, line);
#endif /* OPENSSL_NO_SECURE_MEMORY */
}

void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
{
#ifndef OPENSSL_NO_SECURE_MEMORY
    if (secure_mem_initialized)
        /* CRYPTO_secure_malloc() zeroes allocations when it is implemented */
        return CRYPTO_secure_malloc(num, file, line);
#endif
    return CRYPTO_zalloc(num, file, line);
}

void CRYPTO_secure_free(void *ptr, const char *file, int line)
{
#ifndef OPENSSL_NO_SECURE_MEMORY
    size_t actual_size;

    if (ptr == NULL)
        return;
    if (!CRYPTO_secure_allocated(ptr)) {
        CRYPTO_free(ptr, file, line);
        return;
    }
    if (!CRYPTO_THREAD_write_lock(sec_malloc_lock))
        return;
    actual_size = sh_actual_size(ptr);
    CLEAR(ptr, actual_size);
    secure_mem_used -= actual_size;
    sh_free(ptr);
    CRYPTO_THREAD_unlock(sec_malloc_lock);
#else
    CRYPTO_free(ptr, file, line);
#endif /* OPENSSL_NO_SECURE_MEMORY */
}

void CRYPTO_secure_clear_free(void *ptr, size_t num,
                              const char *file, int line)
{
#ifndef OPENSSL_NO_SECURE_MEMORY
    size_t actual_size;

    if (ptr == NULL)
        return;
    if (!CRYPTO_secure_allocated(ptr)) {
        OPENSSL_cleanse(ptr, num);
        CRYPTO_free(ptr, file, line);
        return;
    }
    if (!CRYPTO_THREAD_write_lock(sec_malloc_lock))
        return;
    actual_size = sh_actual_size(ptr);
    CLEAR(ptr, actual_size);
    secure_mem_used -= actual_size;
    sh_free(ptr);
    CRYPTO_THREAD_unlock(sec_malloc_lock);
#else
    if (ptr == NULL)
        return;
    OPENSSL_cleanse(ptr, num);
    CRYPTO_free(ptr, file, line);
#endif /* OPENSSL_NO_SECURE_MEMORY */
}

int CRYPTO_secure_allocated(const void *ptr)
{
#ifndef OPENSSL_NO_SECURE_MEMORY
    if (!secure_mem_initialized)
        return 0;
    /*
     * Only read accesses to the arena take place in sh_allocated() and this
     * is only changed by the sh_init() and sh_done() calls which are not
     * locked.  Hence, it is safe to make this check without a lock too.
     */
    return sh_allocated(ptr);
#else
    return 0;
#endif /* OPENSSL_NO_SECURE_MEMORY */
}

size_t CRYPTO_secure_used(void)
{
    size_t ret = 0;

#ifndef OPENSSL_NO_SECURE_MEMORY
    if (!CRYPTO_THREAD_read_lock(sec_malloc_lock))
        return 0;

    ret = secure_mem_used;

    CRYPTO_THREAD_unlock(sec_malloc_lock);
#endif /* OPENSSL_NO_SECURE_MEMORY */
    return ret;
}

size_t CRYPTO_secure_actual_size(void *ptr)
{
#ifndef OPENSSL_NO_SECURE_MEMORY
    size_t actual_size;

    if (!CRYPTO_THREAD_write_lock(sec_malloc_lock))
        return 0;
    actual_size = sh_actual_size(ptr);
    CRYPTO_THREAD_unlock(sec_malloc_lock);
    return actual_size;
#else
    return 0;
#endif
}

/*
 * SECURE HEAP IMPLEMENTATION
 */
#ifndef OPENSSL_NO_SECURE_MEMORY


/*
 * The implementation provided here uses a fixed-sized mmap() heap,
 * which is locked into memory, not written to core files, and protected
 * on either side by an unmapped page, which will catch pointer overruns
 * (or underruns) and an attempt to read data out of the secure heap.
 * Free'd memory is zero'd or otherwise cleansed.
 *
 * This is a pretty standard buddy allocator.  We keep areas in a multiple
 * of "sh.minsize" units.  The freelist and bitmaps are kept separately,
 * so all (and only) data is kept in the mmap'd heap.
 *
 * This code assumes eight-bit bytes.  The numbers 3 and 7 are all over the
 * place.
 */

#define ONE ((size_t)1)

# define TESTBIT(t, b)  (t[(b) >> 3] &  (ONE << ((b) & 7)))
# define SETBIT(t, b)   (t[(b) >> 3] |= (ONE << ((b) & 7)))
# define CLEARBIT(t, b) (t[(b) >> 3] &= (0xFF & ~(ONE << ((b) & 7))))

#define WITHIN_ARENA(p) \
    ((char*)(p) >= sh.arena && (char*)(p) < &sh.arena[sh.arena_size])
#define WITHIN_FREELIST(p) \
    ((char*)(p) >= (char*)sh.freelist && (char*)(p) < (char*)&sh.freelist[sh.freelist_size])


typedef struct sh_list_st
{
    struct sh_list_st *next;
    struct sh_list_st **p_next;
} SH_LIST;

typedef struct sh_st
{
    char* map_result;
    size_t map_size;
    char *arena;
    size_t arena_size;
    char **freelist;
    ossl_ssize_t freelist_size;
    size_t minsize;
    unsigned char *bittable;
    unsigned char *bitmalloc;
    size_t bittable_size; /* size in bits */
} SH;

static SH sh;

static size_t sh_getlist(char *ptr)
{
    ossl_ssize_t list = sh.freelist_size - 1;
    size_t bit = (sh.arena_size + ptr - sh.arena) / sh.minsize;

    for (; bit; bit >>= 1, list--) {
        if (TESTBIT(sh.bittable, bit))
            break;
        OPENSSL_assert((bit & 1) == 0);
    }

    return list;
}


static int sh_testbit(char *ptr, int list, unsigned char *table)
{
    size_t bit;

    OPENSSL_assert(list >= 0 && list < sh.freelist_size);
    OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
    bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
    OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
    return TESTBIT(table, bit);
}

static void sh_clearbit(char *ptr, int list, unsigned char *table)
{
    size_t bit;

    OPENSSL_assert(list >= 0 && list < sh.freelist_size);
    OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
    bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
    OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
    OPENSSL_assert(TESTBIT(table, bit));
    CLEARBIT(table, bit);
}

static void sh_setbit(char *ptr, int list, unsigned char *table)
{
    size_t bit;

    OPENSSL_assert(list >= 0 && list < sh.freelist_size);
    OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
    bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
    OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
    OPENSSL_assert(!TESTBIT(table, bit));
    SETBIT(table, bit);
}

static void sh_add_to_list(char **list, char *ptr)
{
    SH_LIST *temp;

    OPENSSL_assert(WITHIN_FREELIST(list));
    OPENSSL_assert(WITHIN_ARENA(ptr));

    temp = (SH_LIST *)ptr;
    temp->next = *(SH_LIST **)list;
    OPENSSL_assert(temp->next == NULL || WITHIN_ARENA(temp->next));
    temp->p_next = (SH_LIST **)list;

    if (temp->next != NULL) {
        OPENSSL_assert((char **)temp->next->p_next == list);
        temp->next->p_next = &(temp->next);
    }

    *list = ptr;
}

static void sh_remove_from_list(char *ptr)
{
    SH_LIST *temp, *temp2;

    temp = (SH_LIST *)ptr;
    if (temp->next != NULL)
        temp->next->p_next = temp->p_next;
    *temp->p_next = temp->next;
    if (temp->next == NULL)
        return;

    temp2 = temp->next;
    OPENSSL_assert(WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next));
}


static int sh_init(size_t size, size_t minsize)
{
    int ret;
    size_t i;
    size_t pgsize;
    size_t aligned;
#if defined(_WIN32)
    DWORD flOldProtect;
    SYSTEM_INFO systemInfo;
#endif

    memset(&sh, 0, sizeof(sh));

    /* make sure size is a powers of 2 */
    OPENSSL_assert(size > 0);
    OPENSSL_assert((size & (size - 1)) == 0);
    if (size == 0 || (size & (size - 1)) != 0)
        goto err;

    if (minsize <= sizeof(SH_LIST)) {
        OPENSSL_assert(sizeof(SH_LIST) <= 65536);
        /*
         * Compute the minimum possible allocation size.
         * This must be a power of 2 and at least as large as the SH_LIST
         * structure.
         */
        minsize = sizeof(SH_LIST) - 1;
        minsize |= minsize >> 1;
        minsize |= minsize >> 2;
        if (sizeof(SH_LIST) > 16)
            minsize |= minsize >> 4;
        if (sizeof(SH_LIST) > 256)
            minsize |= minsize >> 8;
        minsize++;
    } else {
        /* make sure minsize is a powers of 2 */
          OPENSSL_assert((minsize & (minsize - 1)) == 0);
          if ((minsize & (minsize - 1)) != 0)
              goto err;
    }

    sh.arena_size = size;
    sh.minsize = minsize;
    sh.bittable_size = (sh.arena_size / sh.minsize) * 2;

    /* Prevent allocations of size 0 later on */
    if (sh.bittable_size >> 3 == 0)
        goto err;

    sh.freelist_size = -1;
    for (i = sh.bittable_size; i; i >>= 1)
        sh.freelist_size++;

    sh.freelist = OPENSSL_zalloc(sh.freelist_size * sizeof(char *));
    OPENSSL_assert(sh.freelist != NULL);
    if (sh.freelist == NULL)
        goto err;

    sh.bittable = OPENSSL_zalloc(sh.bittable_size >> 3);
    OPENSSL_assert(sh.bittable != NULL);
    if (sh.bittable == NULL)
        goto err;

    sh.bitmalloc = OPENSSL_zalloc(sh.bittable_size >> 3);
    OPENSSL_assert(sh.bitmalloc != NULL);
    if (sh.bitmalloc == NULL)
        goto err;

    /* Allocate space for heap, and two extra pages as guards */
#if defined(_SC_PAGE_SIZE) || defined (_SC_PAGESIZE)
    {
# if defined(_SC_PAGE_SIZE)
        long tmppgsize = sysconf(_SC_PAGE_SIZE);
# else
        long tmppgsize = sysconf(_SC_PAGESIZE);
# endif
        if (tmppgsize < 1)
            pgsize = PAGE_SIZE;
        else
            pgsize = (size_t)tmppgsize;
    }
#elif defined(_WIN32)
    GetSystemInfo(&systemInfo);
    pgsize = (size_t)systemInfo.dwPageSize;
#else
    pgsize = PAGE_SIZE;
#endif
    sh.map_size = pgsize + sh.arena_size + pgsize;

#if !defined(_WIN32)
# ifdef MAP_ANON
    sh.map_result = mmap(NULL, sh.map_size,
                         PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE|MAP_CONCEAL, -1, 0);
# else
    {
        int fd;

        sh.map_result = MAP_FAILED;
        if ((fd = open("/dev/zero", O_RDWR)) >= 0) {
            sh.map_result = mmap(NULL, sh.map_size,
                                 PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0);
            close(fd);
        }
    }
# endif
    if (sh.map_result == MAP_FAILED)
        goto err;
#else
    sh.map_result = VirtualAlloc(NULL, sh.map_size, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);

    if (sh.map_result == NULL)
            goto err;
#endif

    sh.arena = (char *)(sh.map_result + pgsize);
    sh_setbit(sh.arena, 0, sh.bittable);
    sh_add_to_list(&sh.freelist[0], sh.arena);

    /* Now try to add guard pages and lock into memory. */
    ret = 1;

#if !defined(_WIN32)
    /* Starting guard is already aligned from mmap. */
    if (mprotect(sh.map_result, pgsize, PROT_NONE) < 0)
        ret = 2;
#else
    if (VirtualProtect(sh.map_result, pgsize, PAGE_NOACCESS, &flOldProtect) == FALSE)
        ret = 2;
#endif

    /* Ending guard page - need to round up to page boundary */
    aligned = (pgsize + sh.arena_size + (pgsize - 1)) & ~(pgsize - 1);
#if !defined(_WIN32)
    if (mprotect(sh.map_result + aligned, pgsize, PROT_NONE) < 0)
        ret = 2;
#else
    if (VirtualProtect(sh.map_result + aligned, pgsize, PAGE_NOACCESS, &flOldProtect) == FALSE)
        ret = 2;
#endif

#if defined(OPENSSL_SYS_LINUX) && defined(MLOCK_ONFAULT) && defined(SYS_mlock2)
    if (syscall(SYS_mlock2, sh.arena, sh.arena_size, MLOCK_ONFAULT) < 0) {
        if (errno == ENOSYS) {
            if (mlock(sh.arena, sh.arena_size) < 0)
                ret = 2;
        } else {
            ret = 2;
        }
    }
#elif defined(_WIN32)
    if (VirtualLock(sh.arena, sh.arena_size) == FALSE)
        ret = 2;
#else
    if (mlock(sh.arena, sh.arena_size) < 0)
        ret = 2;
#endif
#ifdef MADV_DONTDUMP
    if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0)
        ret = 2;
#endif

    return ret;

 err:
    sh_done();
    return 0;
}

static void sh_done(void)
{
    OPENSSL_free(sh.freelist);
    OPENSSL_free(sh.bittable);
    OPENSSL_free(sh.bitmalloc);
#if !defined(_WIN32)
    if (sh.map_result != MAP_FAILED && sh.map_size)
        munmap(sh.map_result, sh.map_size);
#else
    if (sh.map_result != NULL && sh.map_size)
        VirtualFree(sh.map_result, 0, MEM_RELEASE);
#endif
    memset(&sh, 0, sizeof(sh));
}

static int sh_allocated(const char *ptr)
{
    return WITHIN_ARENA(ptr) ? 1 : 0;
}

static char *sh_find_my_buddy(char *ptr, int list)
{
    size_t bit;
    char *chunk = NULL;

    bit = (ONE << list) + (ptr - sh.arena) / (sh.arena_size >> list);
    bit ^= 1;

    if (TESTBIT(sh.bittable, bit) && !TESTBIT(sh.bitmalloc, bit))
        chunk = sh.arena + ((bit & ((ONE << list) - 1)) * (sh.arena_size >> list));

    return chunk;
}

static void *sh_malloc(size_t size)
{
    ossl_ssize_t list, slist;
    size_t i;
    char *chunk;

    if (size > sh.arena_size)
        return NULL;

    list = sh.freelist_size - 1;
    for (i = sh.minsize; i < size; i <<= 1)
        list--;
    if (list < 0)
        return NULL;

    /* try to find a larger entry to split */
    for (slist = list; slist >= 0; slist--)
        if (sh.freelist[slist] != NULL)
            break;
    if (slist < 0)
        return NULL;

    /* split larger entry */
    while (slist != list) {
        char *temp = sh.freelist[slist];

        /* remove from bigger list */
        OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
        sh_clearbit(temp, slist, sh.bittable);
        sh_remove_from_list(temp);
        OPENSSL_assert(temp != sh.freelist[slist]);

        /* done with bigger list */
        slist++;

        /* add to smaller list */
        OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
        sh_setbit(temp, slist, sh.bittable);
        sh_add_to_list(&sh.freelist[slist], temp);
        OPENSSL_assert(sh.freelist[slist] == temp);

        /* split in 2 */
        temp += sh.arena_size >> slist;
        OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
        sh_setbit(temp, slist, sh.bittable);
        sh_add_to_list(&sh.freelist[slist], temp);
        OPENSSL_assert(sh.freelist[slist] == temp);

        OPENSSL_assert(temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist));
    }

    /* peel off memory to hand back */
    chunk = sh.freelist[list];
    OPENSSL_assert(sh_testbit(chunk, list, sh.bittable));
    sh_setbit(chunk, list, sh.bitmalloc);
    sh_remove_from_list(chunk);

    OPENSSL_assert(WITHIN_ARENA(chunk));

    /* zero the free list header as a precaution against information leakage */
    memset(chunk, 0, sizeof(SH_LIST));

    return chunk;
}

static void sh_free(void *ptr)
{
    size_t list;
    void *buddy;

    if (ptr == NULL)
        return;
    OPENSSL_assert(WITHIN_ARENA(ptr));
    if (!WITHIN_ARENA(ptr))
        return;

    list = sh_getlist(ptr);
    OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
    sh_clearbit(ptr, list, sh.bitmalloc);
    sh_add_to_list(&sh.freelist[list], ptr);

    /* Try to coalesce two adjacent free areas. */
    while ((buddy = sh_find_my_buddy(ptr, list)) != NULL) {
        OPENSSL_assert(ptr == sh_find_my_buddy(buddy, list));
        OPENSSL_assert(ptr != NULL);
        OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
        sh_clearbit(ptr, list, sh.bittable);
        sh_remove_from_list(ptr);
        OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
        sh_clearbit(buddy, list, sh.bittable);
        sh_remove_from_list(buddy);

        list--;

        /* Zero the higher addressed block's free list pointers */
        memset(ptr > buddy ? ptr : buddy, 0, sizeof(SH_LIST));
        if (ptr > buddy)
            ptr = buddy;

        OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
        sh_setbit(ptr, list, sh.bittable);
        sh_add_to_list(&sh.freelist[list], ptr);
        OPENSSL_assert(sh.freelist[list] == ptr);
    }
}

static size_t sh_actual_size(char *ptr)
{
    int list;

    OPENSSL_assert(WITHIN_ARENA(ptr));
    if (!WITHIN_ARENA(ptr))
        return 0;
    list = sh_getlist(ptr);
    OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
    return sh.arena_size / (ONE << list);
}
#endif /* OPENSSL_NO_SECURE_MEMORY */

Coverage Report

Created: 2025-06-13 06:58

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
3		* Copyright 2004-2014, Akamai Technologies. All Rights Reserved.
4		*
5		* Licensed under the Apache License 2.0 (the "License"). You may not use
6		* this file except in compliance with the License. You can obtain a copy
7		* in the file LICENSE in the source distribution or at
8		* https://www.openssl.org/source/license.html
9		*/
10
11		/*
12		* This file is in two halves. The first half implements the public API
13		* to be used by external consumers, and to be used by OpenSSL to store
14		* data in a "secure arena." The second half implements the secure arena.
15		* For details on that implementation, see below (look for uppercase
16		* "SECURE HEAP IMPLEMENTATION").
17		*/
18		#include "e_os.h"
19		#include <openssl/crypto.h>
20
21		#include <string.h>
22
23		#ifndef OPENSSL_NO_SECURE_MEMORY
24		# if defined(_WIN32)
25		# include <windows.h>
26		# if defined(WINAPI_FAMILY_PARTITION)
27		# if !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP \| WINAPI_PARTITION_SYSTEM)
28		/*
29		* While VirtualLock is available under the app partition (e.g. UWP),
30		* the headers do not define the API. Define it ourselves instead.
31		*/
32		WINBASEAPI
33		BOOL
34		WINAPI
35		VirtualLock(
36		_In_ LPVOID lpAddress,
37		_In_ SIZE_T dwSize
38		);
39		# endif
40		# endif
41		# endif
42		# include <stdlib.h>
43		# include <assert.h>
44		# if defined(OPENSSL_SYS_UNIX)
45		# include <unistd.h>
46		# endif
47		# include <sys/types.h>
48		# if defined(OPENSSL_SYS_UNIX)
49		# include <sys/mman.h>
50		# if defined(__FreeBSD__)
51		# define MADV_DONTDUMP MADV_NOCORE
52		# endif
53		# if !defined(MAP_CONCEAL)
54	0	# define MAP_CONCEAL 0
55		# endif
56		# endif
57		# if defined(OPENSSL_SYS_LINUX)
58		# include <sys/syscall.h>
59		# if defined(SYS_mlock2)
60		# include <linux/mman.h>
61		# include <errno.h>
62		# endif
63		# include <sys/param.h>
64		# endif
65		# include <sys/stat.h>
66		# include <fcntl.h>
67		#endif
68
69	0	#define CLEAR(p, s) OPENSSL_cleanse(p, s)
70		#ifndef PAGE_SIZE
71	0	# define PAGE_SIZE 4096
72		#endif
73		#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
74		# define MAP_ANON MAP_ANONYMOUS
75		#endif
76
77		#ifndef OPENSSL_NO_SECURE_MEMORY
78		static size_t secure_mem_used;
79
80		static int secure_mem_initialized;
81
82		static CRYPTO_RWLOCK *sec_malloc_lock = NULL;
83
84		/*
85		* These are the functions that must be implemented by a secure heap (sh).
86		*/
87		static int sh_init(size_t size, size_t minsize);
88		static void *sh_malloc(size_t size);
89		static void sh_free(void *ptr);
90		static void sh_done(void);
91		static size_t sh_actual_size(char *ptr);
92		static int sh_allocated(const char *ptr);
93		#endif
94
95		int CRYPTO_secure_malloc_init(size_t size, size_t minsize)
96	0	{
97	0	#ifndef OPENSSL_NO_SECURE_MEMORY
98	0	int ret = 0;
99
100	0	if (!secure_mem_initialized) {
101	0	sec_malloc_lock = CRYPTO_THREAD_lock_new();
102	0	if (sec_malloc_lock == NULL)
103	0	return 0;
104	0	if ((ret = sh_init(size, minsize)) != 0) {
105	0	secure_mem_initialized = 1;
106	0	} else {
107	0	CRYPTO_THREAD_lock_free(sec_malloc_lock);
108	0	sec_malloc_lock = NULL;
109	0	}
110	0	}
111
112	0	return ret;
113		#else
114		return 0;
115		#endif /* OPENSSL_NO_SECURE_MEMORY */
116	0	}
117
118		int CRYPTO_secure_malloc_done(void)
119	133	{
120	133	#ifndef OPENSSL_NO_SECURE_MEMORY
121	133	if (secure_mem_used == 0) {
122	133	sh_done();
123	133	secure_mem_initialized = 0;
124	133	CRYPTO_THREAD_lock_free(sec_malloc_lock);
125	133	sec_malloc_lock = NULL;
126	133	return 1;
127	133	}
128	0	#endif /* OPENSSL_NO_SECURE_MEMORY */
129	0	return 0;
130	133	}
131
132		int CRYPTO_secure_malloc_initialized(void)
133	0	{
134	0	#ifndef OPENSSL_NO_SECURE_MEMORY
135	0	return secure_mem_initialized;
136		#else
137		return 0;
138		#endif /* OPENSSL_NO_SECURE_MEMORY */
139	0	}
140
141		void CRYPTO_secure_malloc(size_t num, const char file, int line)
142	119k	{
143	119k	#ifndef OPENSSL_NO_SECURE_MEMORY
144	119k	void *ret;
145	119k	size_t actual_size;
146
147	119k	if (!secure_mem_initialized) {
148	119k	return CRYPTO_malloc(num, file, line);
149	119k	}
150	0	if (!CRYPTO_THREAD_write_lock(sec_malloc_lock))
151	0	return NULL;
152	0	ret = sh_malloc(num);
153	0	actual_size = ret ? sh_actual_size(ret) : 0;
154	0	secure_mem_used += actual_size;
155	0	CRYPTO_THREAD_unlock(sec_malloc_lock);
156	0	return ret;
157		#else
158		return CRYPTO_malloc(num, file, line);
159		#endif /* OPENSSL_NO_SECURE_MEMORY */
160	0	}
161
162		void CRYPTO_secure_zalloc(size_t num, const char file, int line)
163	1.37M	{
164	1.37M	#ifndef OPENSSL_NO_SECURE_MEMORY
165	1.37M	if (secure_mem_initialized)
166		/* CRYPTO_secure_malloc() zeroes allocations when it is implemented */
167	0	return CRYPTO_secure_malloc(num, file, line);
168	1.37M	#endif
169	1.37M	return CRYPTO_zalloc(num, file, line);
170	1.37M	}
171
172		void CRYPTO_secure_free(void ptr, const char file, int line)
173	82.3k	{
174	82.3k	#ifndef OPENSSL_NO_SECURE_MEMORY
175	82.3k	size_t actual_size;
176
177	82.3k	if (ptr == NULL)
178	2.60k	return;
179	79.7k	if (!CRYPTO_secure_allocated(ptr)) {
180	79.7k	CRYPTO_free(ptr, file, line);
181	79.7k	return;
182	79.7k	}
183	0	if (!CRYPTO_THREAD_write_lock(sec_malloc_lock))
184	0	return;
185	0	actual_size = sh_actual_size(ptr);
186	0	CLEAR(ptr, actual_size);
187	0	secure_mem_used -= actual_size;
188	0	sh_free(ptr);
189	0	CRYPTO_THREAD_unlock(sec_malloc_lock);
190		#else
191		CRYPTO_free(ptr, file, line);
192		#endif /* OPENSSL_NO_SECURE_MEMORY */
193	0	}
194
195		void CRYPTO_secure_clear_free(void *ptr, size_t num,
196		const char *file, int line)
197	2.19M	{
198	2.19M	#ifndef OPENSSL_NO_SECURE_MEMORY
199	2.19M	size_t actual_size;
200
201	2.19M	if (ptr == NULL)
202	145k	return;
203	2.04M	if (!CRYPTO_secure_allocated(ptr)) {
204	2.04M	OPENSSL_cleanse(ptr, num);
205	2.04M	CRYPTO_free(ptr, file, line);
206	2.04M	return;
207	2.04M	}
208	0	if (!CRYPTO_THREAD_write_lock(sec_malloc_lock))
209	0	return;
210	0	actual_size = sh_actual_size(ptr);
211	0	CLEAR(ptr, actual_size);
212	0	secure_mem_used -= actual_size;
213	0	sh_free(ptr);
214	0	CRYPTO_THREAD_unlock(sec_malloc_lock);
215		#else
216		if (ptr == NULL)
217		return;
218		OPENSSL_cleanse(ptr, num);
219		CRYPTO_free(ptr, file, line);
220		#endif /* OPENSSL_NO_SECURE_MEMORY */
221	0	}
222
223		int CRYPTO_secure_allocated(const void *ptr)
224	2.42M	{
225	2.42M	#ifndef OPENSSL_NO_SECURE_MEMORY
226	2.42M	if (!secure_mem_initialized)
227	2.42M	return 0;
228		/*
229		* Only read accesses to the arena take place in sh_allocated() and this
230		* is only changed by the sh_init() and sh_done() calls which are not
231		* locked. Hence, it is safe to make this check without a lock too.
232		*/
233	0	return sh_allocated(ptr);
234		#else
235		return 0;
236		#endif /* OPENSSL_NO_SECURE_MEMORY */
237	2.42M	}
238
239		size_t CRYPTO_secure_used(void)
240	0	{
241	0	size_t ret = 0;
242
243	0	#ifndef OPENSSL_NO_SECURE_MEMORY
244	0	if (!CRYPTO_THREAD_read_lock(sec_malloc_lock))
245	0	return 0;
246
247	0	ret = secure_mem_used;
248
249	0	CRYPTO_THREAD_unlock(sec_malloc_lock);
250	0	#endif /* OPENSSL_NO_SECURE_MEMORY */
251	0	return ret;
252	0	}
253
254		size_t CRYPTO_secure_actual_size(void *ptr)
255	0	{
256	0	#ifndef OPENSSL_NO_SECURE_MEMORY
257	0	size_t actual_size;
258
259	0	if (!CRYPTO_THREAD_write_lock(sec_malloc_lock))
260	0	return 0;
261	0	actual_size = sh_actual_size(ptr);
262	0	CRYPTO_THREAD_unlock(sec_malloc_lock);
263	0	return actual_size;
264		#else
265		return 0;
266		#endif
267	0	}
268
269		/*
270		* SECURE HEAP IMPLEMENTATION
271		*/
272		#ifndef OPENSSL_NO_SECURE_MEMORY
273
274
275		/*
276		* The implementation provided here uses a fixed-sized mmap() heap,
277		* which is locked into memory, not written to core files, and protected
278		* on either side by an unmapped page, which will catch pointer overruns
279		* (or underruns) and an attempt to read data out of the secure heap.
280		* Free'd memory is zero'd or otherwise cleansed.
281		*
282		* This is a pretty standard buddy allocator. We keep areas in a multiple
283		* of "sh.minsize" units. The freelist and bitmaps are kept separately,
284		* so all (and only) data is kept in the mmap'd heap.
285		*
286		* This code assumes eight-bit bytes. The numbers 3 and 7 are all over the
287		* place.
288		*/
289
290	0	#define ONE ((size_t)1)
291
292	0	# define TESTBIT(t, b) (t[(b) >> 3] & (ONE << ((b) & 7)))
293	0	# define SETBIT(t, b) (t[(b) >> 3] \|= (ONE << ((b) & 7)))
294	0	# define CLEARBIT(t, b) (t[(b) >> 3] &= (0xFF & ~(ONE << ((b) & 7))))
295
296		#define WITHIN_ARENA(p) \
297	0	((char)(p) >= sh.arena && (char)(p) < &sh.arena[sh.arena_size])
298		#define WITHIN_FREELIST(p) \
299		((char)(p) >= (char)sh.freelist && (char)(p) < (char)&sh.freelist[sh.freelist_size])
300
301
302		typedef struct sh_list_st
303		{
304		struct sh_list_st *next;
305		struct sh_list_st **p_next;
306		} SH_LIST;
307
308		typedef struct sh_st
309		{
310		char* map_result;
311		size_t map_size;
312		char *arena;
313		size_t arena_size;
314		char **freelist;
315		ossl_ssize_t freelist_size;
316		size_t minsize;
317		unsigned char *bittable;
318		unsigned char *bitmalloc;
319		size_t bittable_size; /* size in bits */
320		} SH;
321
322		static SH sh;
323
324		static size_t sh_getlist(char *ptr)
325	0	{
326	0	ossl_ssize_t list = sh.freelist_size - 1;
327	0	size_t bit = (sh.arena_size + ptr - sh.arena) / sh.minsize;
328
329	0	for (; bit; bit >>= 1, list--) {
330	0	if (TESTBIT(sh.bittable, bit))
331	0	break;
332	0	OPENSSL_assert((bit & 1) == 0);
333	0	}
334
335	0	return list;
336	0	}
337
338
339		static int sh_testbit(char ptr, int list, unsigned char table)
340	0	{
341	0	size_t bit;
342
343	0	OPENSSL_assert(list >= 0 && list < sh.freelist_size);
344	0	OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
345	0	bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
346	0	OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
347	0	return TESTBIT(table, bit);
348	0	}
349
350		static void sh_clearbit(char ptr, int list, unsigned char table)
351	0	{
352	0	size_t bit;
353
354	0	OPENSSL_assert(list >= 0 && list < sh.freelist_size);
355	0	OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
356	0	bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
357	0	OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
358	0	OPENSSL_assert(TESTBIT(table, bit));
359	0	CLEARBIT(table, bit);
360	0	}
361
362		static void sh_setbit(char ptr, int list, unsigned char table)
363	0	{
364	0	size_t bit;
365
366	0	OPENSSL_assert(list >= 0 && list < sh.freelist_size);
367	0	OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
368	0	bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
369	0	OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
370	0	OPENSSL_assert(!TESTBIT(table, bit));
371	0	SETBIT(table, bit);
372	0	}
373
374		static void sh_add_to_list(char *list, char ptr)
375	0	{
376	0	SH_LIST *temp;
377
378	0	OPENSSL_assert(WITHIN_FREELIST(list));
379	0	OPENSSL_assert(WITHIN_ARENA(ptr));
380
381	0	temp = (SH_LIST *)ptr;
382	0	temp->next = (SH_LIST *)list;
383	0	OPENSSL_assert(temp->next == NULL \|\| WITHIN_ARENA(temp->next));
384	0	temp->p_next = (SH_LIST **)list;
385
386	0	if (temp->next != NULL) {
387	0	OPENSSL_assert((char **)temp->next->p_next == list);
388	0	temp->next->p_next = &(temp->next);
389	0	}
390
391	0	*list = ptr;
392	0	}
393
394		static void sh_remove_from_list(char *ptr)
395	0	{
396	0	SH_LIST temp, temp2;
397
398	0	temp = (SH_LIST *)ptr;
399	0	if (temp->next != NULL)
400	0	temp->next->p_next = temp->p_next;
401	0	*temp->p_next = temp->next;
402	0	if (temp->next == NULL)
403	0	return;
404
405	0	temp2 = temp->next;
406	0	OPENSSL_assert(WITHIN_FREELIST(temp2->p_next) \|\| WITHIN_ARENA(temp2->p_next));
407	0	}
408
409
410		static int sh_init(size_t size, size_t minsize)
411	0	{
412	0	int ret;
413	0	size_t i;
414	0	size_t pgsize;
415	0	size_t aligned;
416		#if defined(_WIN32)
417		DWORD flOldProtect;
418		SYSTEM_INFO systemInfo;
419		#endif
420
421	0	memset(&sh, 0, sizeof(sh));
422
423		/* make sure size is a powers of 2 */
424	0	OPENSSL_assert(size > 0);
425	0	OPENSSL_assert((size & (size - 1)) == 0);
426	0	if (size == 0 \|\| (size & (size - 1)) != 0)
427	0	goto err;
428
429	0	if (minsize <= sizeof(SH_LIST)) {
430	0	OPENSSL_assert(sizeof(SH_LIST) <= 65536);
431		/*
432		* Compute the minimum possible allocation size.
433		* This must be a power of 2 and at least as large as the SH_LIST
434		* structure.
435		*/
436	0	minsize = sizeof(SH_LIST) - 1;
437	0	minsize \|= minsize >> 1;
438	0	minsize \|= minsize >> 2;
439	0	if (sizeof(SH_LIST) > 16)
440	0	minsize \|= minsize >> 4;
441	0	if (sizeof(SH_LIST) > 256)
442	0	minsize \|= minsize >> 8;
443	0	minsize++;
444	0	} else {
445		/* make sure minsize is a powers of 2 */
446	0	OPENSSL_assert((minsize & (minsize - 1)) == 0);
447	0	if ((minsize & (minsize - 1)) != 0)
448	0	goto err;
449	0	}
450
451	0	sh.arena_size = size;
452	0	sh.minsize = minsize;
453	0	sh.bittable_size = (sh.arena_size / sh.minsize) * 2;
454
455		/* Prevent allocations of size 0 later on */
456	0	if (sh.bittable_size >> 3 == 0)
457	0	goto err;
458
459	0	sh.freelist_size = -1;
460	0	for (i = sh.bittable_size; i; i >>= 1)
461	0	sh.freelist_size++;
462
463	0	sh.freelist = OPENSSL_zalloc(sh.freelist_size * sizeof(char *));
464	0	OPENSSL_assert(sh.freelist != NULL);
465	0	if (sh.freelist == NULL)
466	0	goto err;
467
468	0	sh.bittable = OPENSSL_zalloc(sh.bittable_size >> 3);
469	0	OPENSSL_assert(sh.bittable != NULL);
470	0	if (sh.bittable == NULL)
471	0	goto err;
472
473	0	sh.bitmalloc = OPENSSL_zalloc(sh.bittable_size >> 3);
474	0	OPENSSL_assert(sh.bitmalloc != NULL);
475	0	if (sh.bitmalloc == NULL)
476	0	goto err;
477
478		/* Allocate space for heap, and two extra pages as guards */
479	0	#if defined(_SC_PAGE_SIZE) \|\| defined (_SC_PAGESIZE)
480	0	{
481	0	# if defined(_SC_PAGE_SIZE)
482	0	long tmppgsize = sysconf(_SC_PAGE_SIZE);
483		# else
484		long tmppgsize = sysconf(_SC_PAGESIZE);
485		# endif
486	0	if (tmppgsize < 1)
487	0	pgsize = PAGE_SIZE;
488	0	else
489	0	pgsize = (size_t)tmppgsize;
490	0	}
491		#elif defined(_WIN32)
492		GetSystemInfo(&systemInfo);
493		pgsize = (size_t)systemInfo.dwPageSize;
494		#else
495		pgsize = PAGE_SIZE;
496		#endif
497	0	sh.map_size = pgsize + sh.arena_size + pgsize;
498
499	0	#if !defined(_WIN32)
500	0	# ifdef MAP_ANON
501	0	sh.map_result = mmap(NULL, sh.map_size,
502	0	PROT_READ\|PROT_WRITE, MAP_ANON\|MAP_PRIVATE\|MAP_CONCEAL, -1, 0);
503		# else
504		{
505		int fd;
506
507		sh.map_result = MAP_FAILED;
508		if ((fd = open("/dev/zero", O_RDWR)) >= 0) {
509		sh.map_result = mmap(NULL, sh.map_size,
510		PROT_READ\|PROT_WRITE, MAP_PRIVATE, fd, 0);
511		close(fd);
512		}
513		}
514		# endif
515	0	if (sh.map_result == MAP_FAILED)
516	0	goto err;
517		#else
518		sh.map_result = VirtualAlloc(NULL, sh.map_size, MEM_COMMIT \| MEM_RESERVE, PAGE_READWRITE);
519
520		if (sh.map_result == NULL)
521		goto err;
522		#endif
523
524	0	sh.arena = (char *)(sh.map_result + pgsize);
525	0	sh_setbit(sh.arena, 0, sh.bittable);
526	0	sh_add_to_list(&sh.freelist[0], sh.arena);
527
528		/* Now try to add guard pages and lock into memory. */
529	0	ret = 1;
530
531	0	#if !defined(_WIN32)
532		/* Starting guard is already aligned from mmap. */
533	0	if (mprotect(sh.map_result, pgsize, PROT_NONE) < 0)
534	0	ret = 2;
535		#else
536		if (VirtualProtect(sh.map_result, pgsize, PAGE_NOACCESS, &flOldProtect) == FALSE)
537		ret = 2;
538		#endif
539
540		/* Ending guard page - need to round up to page boundary */
541	0	aligned = (pgsize + sh.arena_size + (pgsize - 1)) & ~(pgsize - 1);
542	0	#if !defined(_WIN32)
543	0	if (mprotect(sh.map_result + aligned, pgsize, PROT_NONE) < 0)
544	0	ret = 2;
545		#else
546		if (VirtualProtect(sh.map_result + aligned, pgsize, PAGE_NOACCESS, &flOldProtect) == FALSE)
547		ret = 2;
548		#endif
549
550	0	#if defined(OPENSSL_SYS_LINUX) && defined(MLOCK_ONFAULT) && defined(SYS_mlock2)
551	0	if (syscall(SYS_mlock2, sh.arena, sh.arena_size, MLOCK_ONFAULT) < 0) {
552	0	if (errno == ENOSYS) {
553	0	if (mlock(sh.arena, sh.arena_size) < 0)
554	0	ret = 2;
555	0	} else {
556	0	ret = 2;
557	0	}
558	0	}
559		#elif defined(_WIN32)
560		if (VirtualLock(sh.arena, sh.arena_size) == FALSE)
561		ret = 2;
562		#else
563		if (mlock(sh.arena, sh.arena_size) < 0)
564		ret = 2;
565		#endif
566	0	#ifdef MADV_DONTDUMP
567	0	if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0)
568	0	ret = 2;
569	0	#endif
570
571	0	return ret;
572
573	0	err:
574	0	sh_done();
575	0	return 0;
576	0	}
577
578		static void sh_done(void)
579	133	{
580	133	OPENSSL_free(sh.freelist);
581	133	OPENSSL_free(sh.bittable);
582	133	OPENSSL_free(sh.bitmalloc);
583	133	#if !defined(_WIN32)
584	133	if (sh.map_result != MAP_FAILED && sh.map_size)
585	0	munmap(sh.map_result, sh.map_size);
586		#else
587		if (sh.map_result != NULL && sh.map_size)
588		VirtualFree(sh.map_result, 0, MEM_RELEASE);
589		#endif
590	133	memset(&sh, 0, sizeof(sh));
591	133	}
592
593		static int sh_allocated(const char *ptr)
594	0	{
595	0	return WITHIN_ARENA(ptr) ? 1 : 0;
596	0	}
597
598		static char sh_find_my_buddy(char ptr, int list)
599	0	{
600	0	size_t bit;
601	0	char *chunk = NULL;
602
603	0	bit = (ONE << list) + (ptr - sh.arena) / (sh.arena_size >> list);
604	0	bit ^= 1;
605
606	0	if (TESTBIT(sh.bittable, bit) && !TESTBIT(sh.bitmalloc, bit))
607	0	chunk = sh.arena + ((bit & ((ONE << list) - 1)) * (sh.arena_size >> list));
608
609	0	return chunk;
610	0	}
611
612		static void *sh_malloc(size_t size)
613	0	{
614	0	ossl_ssize_t list, slist;
615	0	size_t i;
616	0	char *chunk;
617
618	0	if (size > sh.arena_size)
619	0	return NULL;
620
621	0	list = sh.freelist_size - 1;
622	0	for (i = sh.minsize; i < size; i <<= 1)
623	0	list--;
624	0	if (list < 0)
625	0	return NULL;
626
627		/* try to find a larger entry to split */
628	0	for (slist = list; slist >= 0; slist--)
629	0	if (sh.freelist[slist] != NULL)
630	0	break;
631	0	if (slist < 0)
632	0	return NULL;
633
634		/* split larger entry */
635	0	while (slist != list) {
636	0	char *temp = sh.freelist[slist];
637
638		/* remove from bigger list */
639	0	OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
640	0	sh_clearbit(temp, slist, sh.bittable);
641	0	sh_remove_from_list(temp);
642	0	OPENSSL_assert(temp != sh.freelist[slist]);
643
644		/* done with bigger list */
645	0	slist++;
646
647		/* add to smaller list */
648	0	OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
649	0	sh_setbit(temp, slist, sh.bittable);
650	0	sh_add_to_list(&sh.freelist[slist], temp);
651	0	OPENSSL_assert(sh.freelist[slist] == temp);
652
653		/* split in 2 */
654	0	temp += sh.arena_size >> slist;
655	0	OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
656	0	sh_setbit(temp, slist, sh.bittable);
657	0	sh_add_to_list(&sh.freelist[slist], temp);
658	0	OPENSSL_assert(sh.freelist[slist] == temp);
659
660	0	OPENSSL_assert(temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist));
661	0	}
662
663		/* peel off memory to hand back */
664	0	chunk = sh.freelist[list];
665	0	OPENSSL_assert(sh_testbit(chunk, list, sh.bittable));
666	0	sh_setbit(chunk, list, sh.bitmalloc);
667	0	sh_remove_from_list(chunk);
668
669	0	OPENSSL_assert(WITHIN_ARENA(chunk));
670
671		/* zero the free list header as a precaution against information leakage */
672	0	memset(chunk, 0, sizeof(SH_LIST));
673
674	0	return chunk;
675	0	}
676
677		static void sh_free(void *ptr)
678	0	{
679	0	size_t list;
680	0	void *buddy;
681
682	0	if (ptr == NULL)
683	0	return;
684	0	OPENSSL_assert(WITHIN_ARENA(ptr));
685	0	if (!WITHIN_ARENA(ptr))
686	0	return;
687
688	0	list = sh_getlist(ptr);
689	0	OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
690	0	sh_clearbit(ptr, list, sh.bitmalloc);
691	0	sh_add_to_list(&sh.freelist[list], ptr);
692
693		/* Try to coalesce two adjacent free areas. */
694	0	while ((buddy = sh_find_my_buddy(ptr, list)) != NULL) {
695	0	OPENSSL_assert(ptr == sh_find_my_buddy(buddy, list));
696	0	OPENSSL_assert(ptr != NULL);
697	0	OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
698	0	sh_clearbit(ptr, list, sh.bittable);
699	0	sh_remove_from_list(ptr);
700	0	OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
701	0	sh_clearbit(buddy, list, sh.bittable);
702	0	sh_remove_from_list(buddy);
703
704	0	list--;
705
706		/* Zero the higher addressed block's free list pointers */
707	0	memset(ptr > buddy ? ptr : buddy, 0, sizeof(SH_LIST));
708	0	if (ptr > buddy)
709	0	ptr = buddy;
710
711	0	OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
712	0	sh_setbit(ptr, list, sh.bittable);
713	0	sh_add_to_list(&sh.freelist[list], ptr);
714	0	OPENSSL_assert(sh.freelist[list] == ptr);
715	0	}
716	0	}
717
718		static size_t sh_actual_size(char *ptr)
719	0	{
720	0	int list;
721
722	0	OPENSSL_assert(WITHIN_ARENA(ptr));
723	0	if (!WITHIN_ARENA(ptr))
724	0	return 0;
725	0	list = sh_getlist(ptr);
726	0	OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
727	0	return sh.arena_size / (ONE << list);
728	0	}
729		#endif /* OPENSSL_NO_SECURE_MEMORY */