mem_sec.c 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732
  1. /*
  2. * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright 2004-2014, Akamai Technologies. All Rights Reserved.
  4. *
  5. * Licensed under the Apache License 2.0 (the "License"). You may not use
  6. * this file except in compliance with the License. You can obtain a copy
  7. * in the file LICENSE in the source distribution or at
  8. * https://www.openssl.org/source/license.html
  9. */
  10. /*
  11. * This file is in two halves. The first half implements the public API
  12. * to be used by external consumers, and to be used by OpenSSL to store
  13. * data in a "secure arena." The second half implements the secure arena.
  14. * For details on that implementation, see below (look for uppercase
  15. * "SECURE HEAP IMPLEMENTATION").
  16. */
  17. #include "internal/e_os.h"
  18. #include <openssl/crypto.h>
  19. #include <openssl/err.h>
  20. #include <string.h>
  21. #ifndef OPENSSL_NO_SECURE_MEMORY
  22. # if defined(_WIN32)
  23. # include <windows.h>
  24. # if defined(WINAPI_FAMILY_PARTITION) \
  25. && !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP | WINAPI_PARTITION_SYSTEM)
  26. /*
  27. * While VirtualLock is available under the app partition (e.g. UWP),
  28. * the headers do not define the API. Define it ourselves instead.
  29. */
  30. WINBASEAPI
  31. BOOL
  32. WINAPI
  33. VirtualLock(
  34. _In_ LPVOID lpAddress,
  35. _In_ SIZE_T dwSize
  36. );
  37. # endif
  38. # endif
  39. # include <stdlib.h>
  40. # include <assert.h>
  41. # if defined(OPENSSL_SYS_UNIX)
  42. # include <unistd.h>
  43. # endif
  44. # include <sys/types.h>
  45. # if defined(OPENSSL_SYS_UNIX)
  46. # include <sys/mman.h>
  47. # if defined(__FreeBSD__)
  48. # define MADV_DONTDUMP MADV_NOCORE
  49. # endif
  50. # if !defined(MAP_CONCEAL)
  51. # define MAP_CONCEAL 0
  52. # endif
  53. # endif
  54. # if defined(OPENSSL_SYS_LINUX)
  55. # include <sys/syscall.h>
  56. # if defined(SYS_mlock2)
  57. # include <linux/mman.h>
  58. # include <errno.h>
  59. # endif
  60. # include <sys/param.h>
  61. # endif
  62. # include <sys/stat.h>
  63. # include <fcntl.h>
  64. #endif
  65. #define CLEAR(p, s) OPENSSL_cleanse(p, s)
  66. #ifndef PAGE_SIZE
  67. # define PAGE_SIZE 4096
  68. #endif
  69. #if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
  70. # define MAP_ANON MAP_ANONYMOUS
  71. #endif
  72. #ifndef OPENSSL_NO_SECURE_MEMORY
  73. static size_t secure_mem_used;
  74. static int secure_mem_initialized;
  75. static CRYPTO_RWLOCK *sec_malloc_lock = NULL;
  76. /*
  77. * These are the functions that must be implemented by a secure heap (sh).
  78. */
  79. static int sh_init(size_t size, size_t minsize);
  80. static void *sh_malloc(size_t size);
  81. static void sh_free(void *ptr);
  82. static void sh_done(void);
  83. static size_t sh_actual_size(char *ptr);
  84. static int sh_allocated(const char *ptr);
  85. #endif
  86. int CRYPTO_secure_malloc_init(size_t size, size_t minsize)
  87. {
  88. #ifndef OPENSSL_NO_SECURE_MEMORY
  89. int ret = 0;
  90. if (!secure_mem_initialized) {
  91. sec_malloc_lock = CRYPTO_THREAD_lock_new();
  92. if (sec_malloc_lock == NULL)
  93. return 0;
  94. if ((ret = sh_init(size, minsize)) != 0) {
  95. secure_mem_initialized = 1;
  96. } else {
  97. CRYPTO_THREAD_lock_free(sec_malloc_lock);
  98. sec_malloc_lock = NULL;
  99. }
  100. }
  101. return ret;
  102. #else
  103. return 0;
  104. #endif /* OPENSSL_NO_SECURE_MEMORY */
  105. }
  106. int CRYPTO_secure_malloc_done(void)
  107. {
  108. #ifndef OPENSSL_NO_SECURE_MEMORY
  109. if (secure_mem_used == 0) {
  110. sh_done();
  111. secure_mem_initialized = 0;
  112. CRYPTO_THREAD_lock_free(sec_malloc_lock);
  113. sec_malloc_lock = NULL;
  114. return 1;
  115. }
  116. #endif /* OPENSSL_NO_SECURE_MEMORY */
  117. return 0;
  118. }
  119. int CRYPTO_secure_malloc_initialized(void)
  120. {
  121. #ifndef OPENSSL_NO_SECURE_MEMORY
  122. return secure_mem_initialized;
  123. #else
  124. return 0;
  125. #endif /* OPENSSL_NO_SECURE_MEMORY */
  126. }
  127. void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
  128. {
  129. #ifndef OPENSSL_NO_SECURE_MEMORY
  130. void *ret = NULL;
  131. size_t actual_size;
  132. int reason = CRYPTO_R_SECURE_MALLOC_FAILURE;
  133. if (!secure_mem_initialized) {
  134. return CRYPTO_malloc(num, file, line);
  135. }
  136. if (!CRYPTO_THREAD_write_lock(sec_malloc_lock)) {
  137. reason = ERR_R_CRYPTO_LIB;
  138. goto err;
  139. }
  140. ret = sh_malloc(num);
  141. actual_size = ret ? sh_actual_size(ret) : 0;
  142. secure_mem_used += actual_size;
  143. CRYPTO_THREAD_unlock(sec_malloc_lock);
  144. err:
  145. if (ret == NULL && (file != NULL || line != 0)) {
  146. ERR_new();
  147. ERR_set_debug(file, line, NULL);
  148. ERR_set_error(ERR_LIB_CRYPTO, reason, NULL);
  149. }
  150. return ret;
  151. #else
  152. return CRYPTO_malloc(num, file, line);
  153. #endif /* OPENSSL_NO_SECURE_MEMORY */
  154. }
  155. void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
  156. {
  157. #ifndef OPENSSL_NO_SECURE_MEMORY
  158. if (secure_mem_initialized)
  159. /* CRYPTO_secure_malloc() zeroes allocations when it is implemented */
  160. return CRYPTO_secure_malloc(num, file, line);
  161. #endif
  162. return CRYPTO_zalloc(num, file, line);
  163. }
  164. void CRYPTO_secure_free(void *ptr, const char *file, int line)
  165. {
  166. #ifndef OPENSSL_NO_SECURE_MEMORY
  167. size_t actual_size;
  168. if (ptr == NULL)
  169. return;
  170. if (!CRYPTO_secure_allocated(ptr)) {
  171. CRYPTO_free(ptr, file, line);
  172. return;
  173. }
  174. if (!CRYPTO_THREAD_write_lock(sec_malloc_lock))
  175. return;
  176. actual_size = sh_actual_size(ptr);
  177. CLEAR(ptr, actual_size);
  178. secure_mem_used -= actual_size;
  179. sh_free(ptr);
  180. CRYPTO_THREAD_unlock(sec_malloc_lock);
  181. #else
  182. CRYPTO_free(ptr, file, line);
  183. #endif /* OPENSSL_NO_SECURE_MEMORY */
  184. }
  185. void CRYPTO_secure_clear_free(void *ptr, size_t num,
  186. const char *file, int line)
  187. {
  188. #ifndef OPENSSL_NO_SECURE_MEMORY
  189. size_t actual_size;
  190. if (ptr == NULL)
  191. return;
  192. if (!CRYPTO_secure_allocated(ptr)) {
  193. OPENSSL_cleanse(ptr, num);
  194. CRYPTO_free(ptr, file, line);
  195. return;
  196. }
  197. if (!CRYPTO_THREAD_write_lock(sec_malloc_lock))
  198. return;
  199. actual_size = sh_actual_size(ptr);
  200. CLEAR(ptr, actual_size);
  201. secure_mem_used -= actual_size;
  202. sh_free(ptr);
  203. CRYPTO_THREAD_unlock(sec_malloc_lock);
  204. #else
  205. if (ptr == NULL)
  206. return;
  207. OPENSSL_cleanse(ptr, num);
  208. CRYPTO_free(ptr, file, line);
  209. #endif /* OPENSSL_NO_SECURE_MEMORY */
  210. }
  211. int CRYPTO_secure_allocated(const void *ptr)
  212. {
  213. #ifndef OPENSSL_NO_SECURE_MEMORY
  214. if (!secure_mem_initialized)
  215. return 0;
  216. /*
  217. * Only read accesses to the arena take place in sh_allocated() and this
  218. * is only changed by the sh_init() and sh_done() calls which are not
  219. * locked. Hence, it is safe to make this check without a lock too.
  220. */
  221. return sh_allocated(ptr);
  222. #else
  223. return 0;
  224. #endif /* OPENSSL_NO_SECURE_MEMORY */
  225. }
  226. size_t CRYPTO_secure_used(void)
  227. {
  228. #ifndef OPENSSL_NO_SECURE_MEMORY
  229. return secure_mem_used;
  230. #else
  231. return 0;
  232. #endif /* OPENSSL_NO_SECURE_MEMORY */
  233. }
  234. size_t CRYPTO_secure_actual_size(void *ptr)
  235. {
  236. #ifndef OPENSSL_NO_SECURE_MEMORY
  237. size_t actual_size;
  238. if (!CRYPTO_THREAD_write_lock(sec_malloc_lock))
  239. return 0;
  240. actual_size = sh_actual_size(ptr);
  241. CRYPTO_THREAD_unlock(sec_malloc_lock);
  242. return actual_size;
  243. #else
  244. return 0;
  245. #endif
  246. }
  247. /*
  248. * SECURE HEAP IMPLEMENTATION
  249. */
  250. #ifndef OPENSSL_NO_SECURE_MEMORY
  251. /*
  252. * The implementation provided here uses a fixed-sized mmap() heap,
  253. * which is locked into memory, not written to core files, and protected
  254. * on either side by an unmapped page, which will catch pointer overruns
  255. * (or underruns) and an attempt to read data out of the secure heap.
  256. * Free'd memory is zero'd or otherwise cleansed.
  257. *
  258. * This is a pretty standard buddy allocator. We keep areas in a multiple
  259. * of "sh.minsize" units. The freelist and bitmaps are kept separately,
  260. * so all (and only) data is kept in the mmap'd heap.
  261. *
  262. * This code assumes eight-bit bytes. The numbers 3 and 7 are all over the
  263. * place.
  264. */
  265. #define ONE ((size_t)1)
  266. # define TESTBIT(t, b) (t[(b) >> 3] & (ONE << ((b) & 7)))
  267. # define SETBIT(t, b) (t[(b) >> 3] |= (ONE << ((b) & 7)))
  268. # define CLEARBIT(t, b) (t[(b) >> 3] &= (0xFF & ~(ONE << ((b) & 7))))
  269. #define WITHIN_ARENA(p) \
  270. ((char*)(p) >= sh.arena && (char*)(p) < &sh.arena[sh.arena_size])
  271. #define WITHIN_FREELIST(p) \
  272. ((char*)(p) >= (char*)sh.freelist && (char*)(p) < (char*)&sh.freelist[sh.freelist_size])
  273. typedef struct sh_list_st
  274. {
  275. struct sh_list_st *next;
  276. struct sh_list_st **p_next;
  277. } SH_LIST;
  278. typedef struct sh_st
  279. {
  280. char* map_result;
  281. size_t map_size;
  282. char *arena;
  283. size_t arena_size;
  284. char **freelist;
  285. ossl_ssize_t freelist_size;
  286. size_t minsize;
  287. unsigned char *bittable;
  288. unsigned char *bitmalloc;
  289. size_t bittable_size; /* size in bits */
  290. } SH;
  291. static SH sh;
  292. static size_t sh_getlist(char *ptr)
  293. {
  294. ossl_ssize_t list = sh.freelist_size - 1;
  295. size_t bit = (sh.arena_size + ptr - sh.arena) / sh.minsize;
  296. for (; bit; bit >>= 1, list--) {
  297. if (TESTBIT(sh.bittable, bit))
  298. break;
  299. OPENSSL_assert((bit & 1) == 0);
  300. }
  301. return list;
  302. }
  303. static int sh_testbit(char *ptr, int list, unsigned char *table)
  304. {
  305. size_t bit;
  306. OPENSSL_assert(list >= 0 && list < sh.freelist_size);
  307. OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
  308. bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
  309. OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
  310. return TESTBIT(table, bit);
  311. }
  312. static void sh_clearbit(char *ptr, int list, unsigned char *table)
  313. {
  314. size_t bit;
  315. OPENSSL_assert(list >= 0 && list < sh.freelist_size);
  316. OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
  317. bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
  318. OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
  319. OPENSSL_assert(TESTBIT(table, bit));
  320. CLEARBIT(table, bit);
  321. }
  322. static void sh_setbit(char *ptr, int list, unsigned char *table)
  323. {
  324. size_t bit;
  325. OPENSSL_assert(list >= 0 && list < sh.freelist_size);
  326. OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
  327. bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
  328. OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
  329. OPENSSL_assert(!TESTBIT(table, bit));
  330. SETBIT(table, bit);
  331. }
  332. static void sh_add_to_list(char **list, char *ptr)
  333. {
  334. SH_LIST *temp;
  335. OPENSSL_assert(WITHIN_FREELIST(list));
  336. OPENSSL_assert(WITHIN_ARENA(ptr));
  337. temp = (SH_LIST *)ptr;
  338. temp->next = *(SH_LIST **)list;
  339. OPENSSL_assert(temp->next == NULL || WITHIN_ARENA(temp->next));
  340. temp->p_next = (SH_LIST **)list;
  341. if (temp->next != NULL) {
  342. OPENSSL_assert((char **)temp->next->p_next == list);
  343. temp->next->p_next = &(temp->next);
  344. }
  345. *list = ptr;
  346. }
  347. static void sh_remove_from_list(char *ptr)
  348. {
  349. SH_LIST *temp, *temp2;
  350. temp = (SH_LIST *)ptr;
  351. if (temp->next != NULL)
  352. temp->next->p_next = temp->p_next;
  353. *temp->p_next = temp->next;
  354. if (temp->next == NULL)
  355. return;
  356. temp2 = temp->next;
  357. OPENSSL_assert(WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next));
  358. }
  359. static int sh_init(size_t size, size_t minsize)
  360. {
  361. int ret;
  362. size_t i;
  363. size_t pgsize;
  364. size_t aligned;
  365. #if defined(_WIN32)
  366. DWORD flOldProtect;
  367. SYSTEM_INFO systemInfo;
  368. #endif
  369. memset(&sh, 0, sizeof(sh));
  370. /* make sure size is a powers of 2 */
  371. OPENSSL_assert(size > 0);
  372. OPENSSL_assert((size & (size - 1)) == 0);
  373. if (size == 0 || (size & (size - 1)) != 0)
  374. goto err;
  375. if (minsize <= sizeof(SH_LIST)) {
  376. OPENSSL_assert(sizeof(SH_LIST) <= 65536);
  377. /*
  378. * Compute the minimum possible allocation size.
  379. * This must be a power of 2 and at least as large as the SH_LIST
  380. * structure.
  381. */
  382. minsize = sizeof(SH_LIST) - 1;
  383. minsize |= minsize >> 1;
  384. minsize |= minsize >> 2;
  385. if (sizeof(SH_LIST) > 16)
  386. minsize |= minsize >> 4;
  387. if (sizeof(SH_LIST) > 256)
  388. minsize |= minsize >> 8;
  389. minsize++;
  390. } else {
  391. /* make sure minsize is a powers of 2 */
  392. OPENSSL_assert((minsize & (minsize - 1)) == 0);
  393. if ((minsize & (minsize - 1)) != 0)
  394. goto err;
  395. }
  396. sh.arena_size = size;
  397. sh.minsize = minsize;
  398. sh.bittable_size = (sh.arena_size / sh.minsize) * 2;
  399. /* Prevent allocations of size 0 later on */
  400. if (sh.bittable_size >> 3 == 0)
  401. goto err;
  402. sh.freelist_size = -1;
  403. for (i = sh.bittable_size; i; i >>= 1)
  404. sh.freelist_size++;
  405. sh.freelist = OPENSSL_zalloc(sh.freelist_size * sizeof(char *));
  406. OPENSSL_assert(sh.freelist != NULL);
  407. if (sh.freelist == NULL)
  408. goto err;
  409. sh.bittable = OPENSSL_zalloc(sh.bittable_size >> 3);
  410. OPENSSL_assert(sh.bittable != NULL);
  411. if (sh.bittable == NULL)
  412. goto err;
  413. sh.bitmalloc = OPENSSL_zalloc(sh.bittable_size >> 3);
  414. OPENSSL_assert(sh.bitmalloc != NULL);
  415. if (sh.bitmalloc == NULL)
  416. goto err;
  417. /* Allocate space for heap, and two extra pages as guards */
  418. #if defined(_SC_PAGE_SIZE) || defined (_SC_PAGESIZE)
  419. {
  420. # if defined(_SC_PAGE_SIZE)
  421. long tmppgsize = sysconf(_SC_PAGE_SIZE);
  422. # else
  423. long tmppgsize = sysconf(_SC_PAGESIZE);
  424. # endif
  425. if (tmppgsize < 1)
  426. pgsize = PAGE_SIZE;
  427. else
  428. pgsize = (size_t)tmppgsize;
  429. }
  430. #elif defined(_WIN32)
  431. GetSystemInfo(&systemInfo);
  432. pgsize = (size_t)systemInfo.dwPageSize;
  433. #else
  434. pgsize = PAGE_SIZE;
  435. #endif
  436. sh.map_size = pgsize + sh.arena_size + pgsize;
  437. #if !defined(_WIN32)
  438. # ifdef MAP_ANON
  439. sh.map_result = mmap(NULL, sh.map_size,
  440. PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE|MAP_CONCEAL, -1, 0);
  441. # else
  442. {
  443. int fd;
  444. sh.map_result = MAP_FAILED;
  445. if ((fd = open("/dev/zero", O_RDWR)) >= 0) {
  446. sh.map_result = mmap(NULL, sh.map_size,
  447. PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0);
  448. close(fd);
  449. }
  450. }
  451. # endif
  452. if (sh.map_result == MAP_FAILED)
  453. goto err;
  454. #else
  455. sh.map_result = VirtualAlloc(NULL, sh.map_size, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
  456. if (sh.map_result == NULL)
  457. goto err;
  458. #endif
  459. sh.arena = (char *)(sh.map_result + pgsize);
  460. sh_setbit(sh.arena, 0, sh.bittable);
  461. sh_add_to_list(&sh.freelist[0], sh.arena);
  462. /* Now try to add guard pages and lock into memory. */
  463. ret = 1;
  464. #if !defined(_WIN32)
  465. /* Starting guard is already aligned from mmap. */
  466. if (mprotect(sh.map_result, pgsize, PROT_NONE) < 0)
  467. ret = 2;
  468. #else
  469. if (VirtualProtect(sh.map_result, pgsize, PAGE_NOACCESS, &flOldProtect) == FALSE)
  470. ret = 2;
  471. #endif
  472. /* Ending guard page - need to round up to page boundary */
  473. aligned = (pgsize + sh.arena_size + (pgsize - 1)) & ~(pgsize - 1);
  474. #if !defined(_WIN32)
  475. if (mprotect(sh.map_result + aligned, pgsize, PROT_NONE) < 0)
  476. ret = 2;
  477. #else
  478. if (VirtualProtect(sh.map_result + aligned, pgsize, PAGE_NOACCESS, &flOldProtect) == FALSE)
  479. ret = 2;
  480. #endif
  481. #if defined(OPENSSL_SYS_LINUX) && defined(MLOCK_ONFAULT) && defined(SYS_mlock2)
  482. if (syscall(SYS_mlock2, sh.arena, sh.arena_size, MLOCK_ONFAULT) < 0) {
  483. if (errno == ENOSYS) {
  484. if (mlock(sh.arena, sh.arena_size) < 0)
  485. ret = 2;
  486. } else {
  487. ret = 2;
  488. }
  489. }
  490. #elif defined(_WIN32)
  491. if (VirtualLock(sh.arena, sh.arena_size) == FALSE)
  492. ret = 2;
  493. #else
  494. if (mlock(sh.arena, sh.arena_size) < 0)
  495. ret = 2;
  496. #endif
  497. #ifdef MADV_DONTDUMP
  498. if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0)
  499. ret = 2;
  500. #endif
  501. return ret;
  502. err:
  503. sh_done();
  504. return 0;
  505. }
  506. static void sh_done(void)
  507. {
  508. OPENSSL_free(sh.freelist);
  509. OPENSSL_free(sh.bittable);
  510. OPENSSL_free(sh.bitmalloc);
  511. #if !defined(_WIN32)
  512. if (sh.map_result != MAP_FAILED && sh.map_size)
  513. munmap(sh.map_result, sh.map_size);
  514. #else
  515. if (sh.map_result != NULL && sh.map_size)
  516. VirtualFree(sh.map_result, 0, MEM_RELEASE);
  517. #endif
  518. memset(&sh, 0, sizeof(sh));
  519. }
  520. static int sh_allocated(const char *ptr)
  521. {
  522. return WITHIN_ARENA(ptr) ? 1 : 0;
  523. }
  524. static char *sh_find_my_buddy(char *ptr, int list)
  525. {
  526. size_t bit;
  527. char *chunk = NULL;
  528. bit = (ONE << list) + (ptr - sh.arena) / (sh.arena_size >> list);
  529. bit ^= 1;
  530. if (TESTBIT(sh.bittable, bit) && !TESTBIT(sh.bitmalloc, bit))
  531. chunk = sh.arena + ((bit & ((ONE << list) - 1)) * (sh.arena_size >> list));
  532. return chunk;
  533. }
  534. static void *sh_malloc(size_t size)
  535. {
  536. ossl_ssize_t list, slist;
  537. size_t i;
  538. char *chunk;
  539. if (size > sh.arena_size)
  540. return NULL;
  541. list = sh.freelist_size - 1;
  542. for (i = sh.minsize; i < size; i <<= 1)
  543. list--;
  544. if (list < 0)
  545. return NULL;
  546. /* try to find a larger entry to split */
  547. for (slist = list; slist >= 0; slist--)
  548. if (sh.freelist[slist] != NULL)
  549. break;
  550. if (slist < 0)
  551. return NULL;
  552. /* split larger entry */
  553. while (slist != list) {
  554. char *temp = sh.freelist[slist];
  555. /* remove from bigger list */
  556. OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
  557. sh_clearbit(temp, slist, sh.bittable);
  558. sh_remove_from_list(temp);
  559. OPENSSL_assert(temp != sh.freelist[slist]);
  560. /* done with bigger list */
  561. slist++;
  562. /* add to smaller list */
  563. OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
  564. sh_setbit(temp, slist, sh.bittable);
  565. sh_add_to_list(&sh.freelist[slist], temp);
  566. OPENSSL_assert(sh.freelist[slist] == temp);
  567. /* split in 2 */
  568. temp += sh.arena_size >> slist;
  569. OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
  570. sh_setbit(temp, slist, sh.bittable);
  571. sh_add_to_list(&sh.freelist[slist], temp);
  572. OPENSSL_assert(sh.freelist[slist] == temp);
  573. OPENSSL_assert(temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist));
  574. }
  575. /* peel off memory to hand back */
  576. chunk = sh.freelist[list];
  577. OPENSSL_assert(sh_testbit(chunk, list, sh.bittable));
  578. sh_setbit(chunk, list, sh.bitmalloc);
  579. sh_remove_from_list(chunk);
  580. OPENSSL_assert(WITHIN_ARENA(chunk));
  581. /* zero the free list header as a precaution against information leakage */
  582. memset(chunk, 0, sizeof(SH_LIST));
  583. return chunk;
  584. }
  585. static void sh_free(void *ptr)
  586. {
  587. size_t list;
  588. void *buddy;
  589. if (ptr == NULL)
  590. return;
  591. OPENSSL_assert(WITHIN_ARENA(ptr));
  592. if (!WITHIN_ARENA(ptr))
  593. return;
  594. list = sh_getlist(ptr);
  595. OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
  596. sh_clearbit(ptr, list, sh.bitmalloc);
  597. sh_add_to_list(&sh.freelist[list], ptr);
  598. /* Try to coalesce two adjacent free areas. */
  599. while ((buddy = sh_find_my_buddy(ptr, list)) != NULL) {
  600. OPENSSL_assert(ptr == sh_find_my_buddy(buddy, list));
  601. OPENSSL_assert(ptr != NULL);
  602. OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
  603. sh_clearbit(ptr, list, sh.bittable);
  604. sh_remove_from_list(ptr);
  605. OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
  606. sh_clearbit(buddy, list, sh.bittable);
  607. sh_remove_from_list(buddy);
  608. list--;
  609. /* Zero the higher addressed block's free list pointers */
  610. memset(ptr > buddy ? ptr : buddy, 0, sizeof(SH_LIST));
  611. if (ptr > buddy)
  612. ptr = buddy;
  613. OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
  614. sh_setbit(ptr, list, sh.bittable);
  615. sh_add_to_list(&sh.freelist[list], ptr);
  616. OPENSSL_assert(sh.freelist[list] == ptr);
  617. }
  618. }
  619. static size_t sh_actual_size(char *ptr)
  620. {
  621. int list;
  622. OPENSSL_assert(WITHIN_ARENA(ptr));
  623. if (!WITHIN_ARENA(ptr))
  624. return 0;
  625. list = sh_getlist(ptr);
  626. OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
  627. return sh.arena_size / (ONE << list);
  628. }
  629. #endif /* OPENSSL_NO_SECURE_MEMORY */