mem_sec.c 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658
  1. /*
  2. * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright 2004-2014, Akamai Technologies. All Rights Reserved.
  4. *
  5. * Licensed under the Apache License 2.0 (the "License"). You may not use
  6. * this file except in compliance with the License. You can obtain a copy
  7. * in the file LICENSE in the source distribution or at
  8. * https://www.openssl.org/source/license.html
  9. */
  10. /*
  11. * This file is in two halves. The first half implements the public API
  12. * to be used by external consumers, and to be used by OpenSSL to store
  13. * data in a "secure arena." The second half implements the secure arena.
  14. * For details on that implementation, see below (look for uppercase
  15. * "SECURE HEAP IMPLEMENTATION").
  16. */
  17. #include "e_os.h"
  18. #include <openssl/crypto.h>
  19. #include <string.h>
  20. #ifndef OPENSSL_NO_SECURE_MEMORY
  21. # include <stdlib.h>
  22. # include <assert.h>
  23. # include <unistd.h>
  24. # include <sys/types.h>
  25. # include <sys/mman.h>
  26. # if defined(OPENSSL_SYS_LINUX)
  27. # include <sys/syscall.h>
  28. # if defined(SYS_mlock2)
  29. # include <linux/mman.h>
  30. # include <errno.h>
  31. # endif
  32. # include <sys/param.h>
  33. # endif
  34. # include <sys/stat.h>
  35. # include <fcntl.h>
  36. #endif
  37. #define CLEAR(p, s) OPENSSL_cleanse(p, s)
  38. #ifndef PAGE_SIZE
  39. # define PAGE_SIZE 4096
  40. #endif
  41. #if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
  42. # define MAP_ANON MAP_ANONYMOUS
  43. #endif
  44. #ifndef OPENSSL_NO_SECURE_MEMORY
  45. static size_t secure_mem_used;
  46. static int secure_mem_initialized;
  47. static CRYPTO_RWLOCK *sec_malloc_lock = NULL;
  48. /*
  49. * These are the functions that must be implemented by a secure heap (sh).
  50. */
  51. static int sh_init(size_t size, size_t minsize);
  52. static void *sh_malloc(size_t size);
  53. static void sh_free(void *ptr);
  54. static void sh_done(void);
  55. static size_t sh_actual_size(char *ptr);
  56. static int sh_allocated(const char *ptr);
  57. #endif
  58. int CRYPTO_secure_malloc_init(size_t size, size_t minsize)
  59. {
  60. #ifndef OPENSSL_NO_SECURE_MEMORY
  61. int ret = 0;
  62. if (!secure_mem_initialized) {
  63. sec_malloc_lock = CRYPTO_THREAD_lock_new();
  64. if (sec_malloc_lock == NULL)
  65. return 0;
  66. if ((ret = sh_init(size, minsize)) != 0) {
  67. secure_mem_initialized = 1;
  68. } else {
  69. CRYPTO_THREAD_lock_free(sec_malloc_lock);
  70. sec_malloc_lock = NULL;
  71. }
  72. }
  73. return ret;
  74. #else
  75. return 0;
  76. #endif /* OPENSSL_NO_SECURE_MEMORY */
  77. }
  78. int CRYPTO_secure_malloc_done(void)
  79. {
  80. #ifndef OPENSSL_NO_SECURE_MEMORY
  81. if (secure_mem_used == 0) {
  82. sh_done();
  83. secure_mem_initialized = 0;
  84. CRYPTO_THREAD_lock_free(sec_malloc_lock);
  85. sec_malloc_lock = NULL;
  86. return 1;
  87. }
  88. #endif /* OPENSSL_NO_SECURE_MEMORY */
  89. return 0;
  90. }
  91. int CRYPTO_secure_malloc_initialized(void)
  92. {
  93. #ifndef OPENSSL_NO_SECURE_MEMORY
  94. return secure_mem_initialized;
  95. #else
  96. return 0;
  97. #endif /* OPENSSL_NO_SECURE_MEMORY */
  98. }
  99. void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
  100. {
  101. #ifndef OPENSSL_NO_SECURE_MEMORY
  102. void *ret;
  103. size_t actual_size;
  104. if (!secure_mem_initialized) {
  105. return CRYPTO_malloc(num, file, line);
  106. }
  107. CRYPTO_THREAD_write_lock(sec_malloc_lock);
  108. ret = sh_malloc(num);
  109. actual_size = ret ? sh_actual_size(ret) : 0;
  110. secure_mem_used += actual_size;
  111. CRYPTO_THREAD_unlock(sec_malloc_lock);
  112. return ret;
  113. #else
  114. return CRYPTO_malloc(num, file, line);
  115. #endif /* OPENSSL_NO_SECURE_MEMORY */
  116. }
  117. void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
  118. {
  119. #ifndef OPENSSL_NO_SECURE_MEMORY
  120. if (secure_mem_initialized)
  121. /* CRYPTO_secure_malloc() zeroes allocations when it is implemented */
  122. return CRYPTO_secure_malloc(num, file, line);
  123. #endif
  124. return CRYPTO_zalloc(num, file, line);
  125. }
  126. void CRYPTO_secure_free(void *ptr, const char *file, int line)
  127. {
  128. #ifndef OPENSSL_NO_SECURE_MEMORY
  129. size_t actual_size;
  130. if (ptr == NULL)
  131. return;
  132. if (!CRYPTO_secure_allocated(ptr)) {
  133. CRYPTO_free(ptr, file, line);
  134. return;
  135. }
  136. CRYPTO_THREAD_write_lock(sec_malloc_lock);
  137. actual_size = sh_actual_size(ptr);
  138. CLEAR(ptr, actual_size);
  139. secure_mem_used -= actual_size;
  140. sh_free(ptr);
  141. CRYPTO_THREAD_unlock(sec_malloc_lock);
  142. #else
  143. CRYPTO_free(ptr, file, line);
  144. #endif /* OPENSSL_NO_SECURE_MEMORY */
  145. }
  146. void CRYPTO_secure_clear_free(void *ptr, size_t num,
  147. const char *file, int line)
  148. {
  149. #ifndef OPENSSL_NO_SECURE_MEMORY
  150. size_t actual_size;
  151. if (ptr == NULL)
  152. return;
  153. if (!CRYPTO_secure_allocated(ptr)) {
  154. OPENSSL_cleanse(ptr, num);
  155. CRYPTO_free(ptr, file, line);
  156. return;
  157. }
  158. CRYPTO_THREAD_write_lock(sec_malloc_lock);
  159. actual_size = sh_actual_size(ptr);
  160. CLEAR(ptr, actual_size);
  161. secure_mem_used -= actual_size;
  162. sh_free(ptr);
  163. CRYPTO_THREAD_unlock(sec_malloc_lock);
  164. #else
  165. if (ptr == NULL)
  166. return;
  167. OPENSSL_cleanse(ptr, num);
  168. CRYPTO_free(ptr, file, line);
  169. #endif /* OPENSSL_NO_SECURE_MEMORY */
  170. }
  171. int CRYPTO_secure_allocated(const void *ptr)
  172. {
  173. #ifndef OPENSSL_NO_SECURE_MEMORY
  174. int ret;
  175. if (!secure_mem_initialized)
  176. return 0;
  177. CRYPTO_THREAD_write_lock(sec_malloc_lock);
  178. ret = sh_allocated(ptr);
  179. CRYPTO_THREAD_unlock(sec_malloc_lock);
  180. return ret;
  181. #else
  182. return 0;
  183. #endif /* OPENSSL_NO_SECURE_MEMORY */
  184. }
  185. size_t CRYPTO_secure_used(void)
  186. {
  187. #ifndef OPENSSL_NO_SECURE_MEMORY
  188. return secure_mem_used;
  189. #else
  190. return 0;
  191. #endif /* OPENSSL_NO_SECURE_MEMORY */
  192. }
  193. size_t CRYPTO_secure_actual_size(void *ptr)
  194. {
  195. #ifndef OPENSSL_NO_SECURE_MEMORY
  196. size_t actual_size;
  197. CRYPTO_THREAD_write_lock(sec_malloc_lock);
  198. actual_size = sh_actual_size(ptr);
  199. CRYPTO_THREAD_unlock(sec_malloc_lock);
  200. return actual_size;
  201. #else
  202. return 0;
  203. #endif
  204. }
  205. /*
  206. * SECURE HEAP IMPLEMENTATION
  207. */
  208. #ifndef OPENSSL_NO_SECURE_MEMORY
  209. /*
  210. * The implementation provided here uses a fixed-sized mmap() heap,
  211. * which is locked into memory, not written to core files, and protected
  212. * on either side by an unmapped page, which will catch pointer overruns
  213. * (or underruns) and an attempt to read data out of the secure heap.
  214. * Free'd memory is zero'd or otherwise cleansed.
  215. *
  216. * This is a pretty standard buddy allocator. We keep areas in a multiple
  217. * of "sh.minsize" units. The freelist and bitmaps are kept separately,
  218. * so all (and only) data is kept in the mmap'd heap.
  219. *
  220. * This code assumes eight-bit bytes. The numbers 3 and 7 are all over the
  221. * place.
  222. */
  223. #define ONE ((size_t)1)
  224. # define TESTBIT(t, b) (t[(b) >> 3] & (ONE << ((b) & 7)))
  225. # define SETBIT(t, b) (t[(b) >> 3] |= (ONE << ((b) & 7)))
  226. # define CLEARBIT(t, b) (t[(b) >> 3] &= (0xFF & ~(ONE << ((b) & 7))))
  227. #define WITHIN_ARENA(p) \
  228. ((char*)(p) >= sh.arena && (char*)(p) < &sh.arena[sh.arena_size])
  229. #define WITHIN_FREELIST(p) \
  230. ((char*)(p) >= (char*)sh.freelist && (char*)(p) < (char*)&sh.freelist[sh.freelist_size])
  231. typedef struct sh_list_st
  232. {
  233. struct sh_list_st *next;
  234. struct sh_list_st **p_next;
  235. } SH_LIST;
  236. typedef struct sh_st
  237. {
  238. char* map_result;
  239. size_t map_size;
  240. char *arena;
  241. size_t arena_size;
  242. char **freelist;
  243. ossl_ssize_t freelist_size;
  244. size_t minsize;
  245. unsigned char *bittable;
  246. unsigned char *bitmalloc;
  247. size_t bittable_size; /* size in bits */
  248. } SH;
  249. static SH sh;
  250. static size_t sh_getlist(char *ptr)
  251. {
  252. ossl_ssize_t list = sh.freelist_size - 1;
  253. size_t bit = (sh.arena_size + ptr - sh.arena) / sh.minsize;
  254. for (; bit; bit >>= 1, list--) {
  255. if (TESTBIT(sh.bittable, bit))
  256. break;
  257. OPENSSL_assert((bit & 1) == 0);
  258. }
  259. return list;
  260. }
  261. static int sh_testbit(char *ptr, int list, unsigned char *table)
  262. {
  263. size_t bit;
  264. OPENSSL_assert(list >= 0 && list < sh.freelist_size);
  265. OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
  266. bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
  267. OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
  268. return TESTBIT(table, bit);
  269. }
  270. static void sh_clearbit(char *ptr, int list, unsigned char *table)
  271. {
  272. size_t bit;
  273. OPENSSL_assert(list >= 0 && list < sh.freelist_size);
  274. OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
  275. bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
  276. OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
  277. OPENSSL_assert(TESTBIT(table, bit));
  278. CLEARBIT(table, bit);
  279. }
  280. static void sh_setbit(char *ptr, int list, unsigned char *table)
  281. {
  282. size_t bit;
  283. OPENSSL_assert(list >= 0 && list < sh.freelist_size);
  284. OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
  285. bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
  286. OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
  287. OPENSSL_assert(!TESTBIT(table, bit));
  288. SETBIT(table, bit);
  289. }
  290. static void sh_add_to_list(char **list, char *ptr)
  291. {
  292. SH_LIST *temp;
  293. OPENSSL_assert(WITHIN_FREELIST(list));
  294. OPENSSL_assert(WITHIN_ARENA(ptr));
  295. temp = (SH_LIST *)ptr;
  296. temp->next = *(SH_LIST **)list;
  297. OPENSSL_assert(temp->next == NULL || WITHIN_ARENA(temp->next));
  298. temp->p_next = (SH_LIST **)list;
  299. if (temp->next != NULL) {
  300. OPENSSL_assert((char **)temp->next->p_next == list);
  301. temp->next->p_next = &(temp->next);
  302. }
  303. *list = ptr;
  304. }
  305. static void sh_remove_from_list(char *ptr)
  306. {
  307. SH_LIST *temp, *temp2;
  308. temp = (SH_LIST *)ptr;
  309. if (temp->next != NULL)
  310. temp->next->p_next = temp->p_next;
  311. *temp->p_next = temp->next;
  312. if (temp->next == NULL)
  313. return;
  314. temp2 = temp->next;
  315. OPENSSL_assert(WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next));
  316. }
  317. static int sh_init(size_t size, size_t minsize)
  318. {
  319. int ret;
  320. size_t i;
  321. size_t pgsize;
  322. size_t aligned;
  323. memset(&sh, 0, sizeof(sh));
  324. /* make sure size is a powers of 2 */
  325. OPENSSL_assert(size > 0);
  326. OPENSSL_assert((size & (size - 1)) == 0);
  327. if (size == 0 || (size & (size - 1)) != 0)
  328. goto err;
  329. if (minsize <= sizeof(SH_LIST)) {
  330. OPENSSL_assert(sizeof(SH_LIST) <= 65536);
  331. /*
  332. * Compute the minimum possible allocation size.
  333. * This must be a power of 2 and at least as large as the SH_LIST
  334. * structure.
  335. */
  336. minsize = sizeof(SH_LIST) - 1;
  337. minsize |= minsize >> 1;
  338. minsize |= minsize >> 2;
  339. if (sizeof(SH_LIST) > 16)
  340. minsize |= minsize >> 4;
  341. if (sizeof(SH_LIST) > 256)
  342. minsize |= minsize >> 8;
  343. minsize++;
  344. } else {
  345. /* make sure minsize is a powers of 2 */
  346. OPENSSL_assert((minsize & (minsize - 1)) == 0);
  347. if ((minsize & (minsize - 1)) != 0)
  348. goto err;
  349. }
  350. sh.arena_size = size;
  351. sh.minsize = minsize;
  352. sh.bittable_size = (sh.arena_size / sh.minsize) * 2;
  353. /* Prevent allocations of size 0 later on */
  354. if (sh.bittable_size >> 3 == 0)
  355. goto err;
  356. sh.freelist_size = -1;
  357. for (i = sh.bittable_size; i; i >>= 1)
  358. sh.freelist_size++;
  359. sh.freelist = OPENSSL_zalloc(sh.freelist_size * sizeof(char *));
  360. OPENSSL_assert(sh.freelist != NULL);
  361. if (sh.freelist == NULL)
  362. goto err;
  363. sh.bittable = OPENSSL_zalloc(sh.bittable_size >> 3);
  364. OPENSSL_assert(sh.bittable != NULL);
  365. if (sh.bittable == NULL)
  366. goto err;
  367. sh.bitmalloc = OPENSSL_zalloc(sh.bittable_size >> 3);
  368. OPENSSL_assert(sh.bitmalloc != NULL);
  369. if (sh.bitmalloc == NULL)
  370. goto err;
  371. /* Allocate space for heap, and two extra pages as guards */
  372. #if defined(_SC_PAGE_SIZE) || defined (_SC_PAGESIZE)
  373. {
  374. # if defined(_SC_PAGE_SIZE)
  375. long tmppgsize = sysconf(_SC_PAGE_SIZE);
  376. # else
  377. long tmppgsize = sysconf(_SC_PAGESIZE);
  378. # endif
  379. if (tmppgsize < 1)
  380. pgsize = PAGE_SIZE;
  381. else
  382. pgsize = (size_t)tmppgsize;
  383. }
  384. #else
  385. pgsize = PAGE_SIZE;
  386. #endif
  387. sh.map_size = pgsize + sh.arena_size + pgsize;
  388. #ifdef MAP_ANON
  389. sh.map_result = mmap(NULL, sh.map_size,
  390. PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, -1, 0);
  391. #else
  392. {
  393. int fd;
  394. sh.map_result = MAP_FAILED;
  395. if ((fd = open("/dev/zero", O_RDWR)) >= 0) {
  396. sh.map_result = mmap(NULL, sh.map_size,
  397. PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0);
  398. close(fd);
  399. }
  400. }
  401. #endif
  402. if (sh.map_result == MAP_FAILED)
  403. goto err;
  404. sh.arena = (char *)(sh.map_result + pgsize);
  405. sh_setbit(sh.arena, 0, sh.bittable);
  406. sh_add_to_list(&sh.freelist[0], sh.arena);
  407. /* Now try to add guard pages and lock into memory. */
  408. ret = 1;
  409. /* Starting guard is already aligned from mmap. */
  410. if (mprotect(sh.map_result, pgsize, PROT_NONE) < 0)
  411. ret = 2;
  412. /* Ending guard page - need to round up to page boundary */
  413. aligned = (pgsize + sh.arena_size + (pgsize - 1)) & ~(pgsize - 1);
  414. if (mprotect(sh.map_result + aligned, pgsize, PROT_NONE) < 0)
  415. ret = 2;
  416. #if defined(OPENSSL_SYS_LINUX) && defined(MLOCK_ONFAULT) && defined(SYS_mlock2)
  417. if (syscall(SYS_mlock2, sh.arena, sh.arena_size, MLOCK_ONFAULT) < 0) {
  418. if (errno == ENOSYS) {
  419. if (mlock(sh.arena, sh.arena_size) < 0)
  420. ret = 2;
  421. } else {
  422. ret = 2;
  423. }
  424. }
  425. #else
  426. if (mlock(sh.arena, sh.arena_size) < 0)
  427. ret = 2;
  428. #endif
  429. #ifdef MADV_DONTDUMP
  430. if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0)
  431. ret = 2;
  432. #endif
  433. return ret;
  434. err:
  435. sh_done();
  436. return 0;
  437. }
  438. static void sh_done(void)
  439. {
  440. OPENSSL_free(sh.freelist);
  441. OPENSSL_free(sh.bittable);
  442. OPENSSL_free(sh.bitmalloc);
  443. if (sh.map_result != MAP_FAILED && sh.map_size)
  444. munmap(sh.map_result, sh.map_size);
  445. memset(&sh, 0, sizeof(sh));
  446. }
  447. static int sh_allocated(const char *ptr)
  448. {
  449. return WITHIN_ARENA(ptr) ? 1 : 0;
  450. }
  451. static char *sh_find_my_buddy(char *ptr, int list)
  452. {
  453. size_t bit;
  454. char *chunk = NULL;
  455. bit = (ONE << list) + (ptr - sh.arena) / (sh.arena_size >> list);
  456. bit ^= 1;
  457. if (TESTBIT(sh.bittable, bit) && !TESTBIT(sh.bitmalloc, bit))
  458. chunk = sh.arena + ((bit & ((ONE << list) - 1)) * (sh.arena_size >> list));
  459. return chunk;
  460. }
  461. static void *sh_malloc(size_t size)
  462. {
  463. ossl_ssize_t list, slist;
  464. size_t i;
  465. char *chunk;
  466. if (size > sh.arena_size)
  467. return NULL;
  468. list = sh.freelist_size - 1;
  469. for (i = sh.minsize; i < size; i <<= 1)
  470. list--;
  471. if (list < 0)
  472. return NULL;
  473. /* try to find a larger entry to split */
  474. for (slist = list; slist >= 0; slist--)
  475. if (sh.freelist[slist] != NULL)
  476. break;
  477. if (slist < 0)
  478. return NULL;
  479. /* split larger entry */
  480. while (slist != list) {
  481. char *temp = sh.freelist[slist];
  482. /* remove from bigger list */
  483. OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
  484. sh_clearbit(temp, slist, sh.bittable);
  485. sh_remove_from_list(temp);
  486. OPENSSL_assert(temp != sh.freelist[slist]);
  487. /* done with bigger list */
  488. slist++;
  489. /* add to smaller list */
  490. OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
  491. sh_setbit(temp, slist, sh.bittable);
  492. sh_add_to_list(&sh.freelist[slist], temp);
  493. OPENSSL_assert(sh.freelist[slist] == temp);
  494. /* split in 2 */
  495. temp += sh.arena_size >> slist;
  496. OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
  497. sh_setbit(temp, slist, sh.bittable);
  498. sh_add_to_list(&sh.freelist[slist], temp);
  499. OPENSSL_assert(sh.freelist[slist] == temp);
  500. OPENSSL_assert(temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist));
  501. }
  502. /* peel off memory to hand back */
  503. chunk = sh.freelist[list];
  504. OPENSSL_assert(sh_testbit(chunk, list, sh.bittable));
  505. sh_setbit(chunk, list, sh.bitmalloc);
  506. sh_remove_from_list(chunk);
  507. OPENSSL_assert(WITHIN_ARENA(chunk));
  508. /* zero the free list header as a precaution against information leakage */
  509. memset(chunk, 0, sizeof(SH_LIST));
  510. return chunk;
  511. }
  512. static void sh_free(void *ptr)
  513. {
  514. size_t list;
  515. void *buddy;
  516. if (ptr == NULL)
  517. return;
  518. OPENSSL_assert(WITHIN_ARENA(ptr));
  519. if (!WITHIN_ARENA(ptr))
  520. return;
  521. list = sh_getlist(ptr);
  522. OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
  523. sh_clearbit(ptr, list, sh.bitmalloc);
  524. sh_add_to_list(&sh.freelist[list], ptr);
  525. /* Try to coalesce two adjacent free areas. */
  526. while ((buddy = sh_find_my_buddy(ptr, list)) != NULL) {
  527. OPENSSL_assert(ptr == sh_find_my_buddy(buddy, list));
  528. OPENSSL_assert(ptr != NULL);
  529. OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
  530. sh_clearbit(ptr, list, sh.bittable);
  531. sh_remove_from_list(ptr);
  532. OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
  533. sh_clearbit(buddy, list, sh.bittable);
  534. sh_remove_from_list(buddy);
  535. list--;
  536. /* Zero the higher addressed block's free list pointers */
  537. memset(ptr > buddy ? ptr : buddy, 0, sizeof(SH_LIST));
  538. if (ptr > buddy)
  539. ptr = buddy;
  540. OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
  541. sh_setbit(ptr, list, sh.bittable);
  542. sh_add_to_list(&sh.freelist[list], ptr);
  543. OPENSSL_assert(sh.freelist[list] == ptr);
  544. }
  545. }
  546. static size_t sh_actual_size(char *ptr)
  547. {
  548. int list;
  549. OPENSSL_assert(WITHIN_ARENA(ptr));
  550. if (!WITHIN_ARENA(ptr))
  551. return 0;
  552. list = sh_getlist(ptr);
  553. OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
  554. return sh.arena_size / (ONE << list);
  555. }
  556. #endif /* OPENSSL_NO_SECURE_MEMORY */