]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * Copyright 2004-2014, Akamai Technologies. All Rights Reserved. | |
4 | * | |
5 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
6 | * this file except in compliance with the License. You can obtain a copy | |
7 | * in the file LICENSE in the source distribution or at | |
8 | * https://www.openssl.org/source/license.html | |
9 | */ | |
10 | ||
11 | /* | |
12 | * This file is in two halves. The first half implements the public API | |
13 | * to be used by external consumers, and to be used by OpenSSL to store | |
14 | * data in a "secure arena." The second half implements the secure arena. | |
15 | * For details on that implementation, see below (look for uppercase | |
16 | * "SECURE HEAP IMPLEMENTATION"). | |
17 | */ | |
18 | #include "e_os.h" | |
19 | #include <openssl/crypto.h> | |
20 | ||
21 | #include <string.h> | |
22 | ||
23 | #ifndef OPENSSL_NO_SECURE_MEMORY | |
24 | # if defined(_WIN32) | |
25 | # include <windows.h> | |
26 | # endif | |
27 | # include <stdlib.h> | |
28 | # include <assert.h> | |
29 | # if defined(OPENSSL_SYS_UNIX) | |
30 | # include <unistd.h> | |
31 | # endif | |
32 | # include <sys/types.h> | |
33 | # if defined(OPENSSL_SYS_UNIX) | |
34 | # include <sys/mman.h> | |
35 | # if defined(__FreeBSD__) | |
36 | # define MADV_DONTDUMP MADV_NOCORE | |
37 | # endif | |
38 | # if !defined(MAP_CONCEAL) | |
39 | # define MAP_CONCEAL 0 | |
40 | # endif | |
41 | # endif | |
42 | # if defined(OPENSSL_SYS_LINUX) | |
43 | # include <sys/syscall.h> | |
44 | # if defined(SYS_mlock2) | |
45 | # include <linux/mman.h> | |
46 | # include <errno.h> | |
47 | # endif | |
48 | # include <sys/param.h> | |
49 | # endif | |
50 | # include <sys/stat.h> | |
51 | # include <fcntl.h> | |
52 | #endif | |
53 | ||
54 | #define CLEAR(p, s) OPENSSL_cleanse(p, s) | |
55 | #ifndef PAGE_SIZE | |
56 | # define PAGE_SIZE 4096 | |
57 | #endif | |
58 | #if !defined(MAP_ANON) && defined(MAP_ANONYMOUS) | |
59 | # define MAP_ANON MAP_ANONYMOUS | |
60 | #endif | |
61 | ||
62 | #ifndef OPENSSL_NO_SECURE_MEMORY | |
63 | static size_t secure_mem_used; | |
64 | ||
65 | static int secure_mem_initialized; | |
66 | ||
67 | static CRYPTO_RWLOCK *sec_malloc_lock = NULL; | |
68 | ||
69 | /* | |
70 | * These are the functions that must be implemented by a secure heap (sh). | |
71 | */ | |
72 | static int sh_init(size_t size, size_t minsize); | |
73 | static void *sh_malloc(size_t size); | |
74 | static void sh_free(void *ptr); | |
75 | static void sh_done(void); | |
76 | static size_t sh_actual_size(char *ptr); | |
77 | static int sh_allocated(const char *ptr); | |
78 | #endif | |
79 | ||
80 | int CRYPTO_secure_malloc_init(size_t size, size_t minsize) | |
81 | { | |
82 | #ifndef OPENSSL_NO_SECURE_MEMORY | |
83 | int ret = 0; | |
84 | ||
85 | if (!secure_mem_initialized) { | |
86 | sec_malloc_lock = CRYPTO_THREAD_lock_new(); | |
87 | if (sec_malloc_lock == NULL) | |
88 | return 0; | |
89 | if ((ret = sh_init(size, minsize)) != 0) { | |
90 | secure_mem_initialized = 1; | |
91 | } else { | |
92 | CRYPTO_THREAD_lock_free(sec_malloc_lock); | |
93 | sec_malloc_lock = NULL; | |
94 | } | |
95 | } | |
96 | ||
97 | return ret; | |
98 | #else | |
99 | return 0; | |
100 | #endif /* OPENSSL_NO_SECURE_MEMORY */ | |
101 | } | |
102 | ||
103 | int CRYPTO_secure_malloc_done(void) | |
104 | { | |
105 | #ifndef OPENSSL_NO_SECURE_MEMORY | |
106 | if (secure_mem_used == 0) { | |
107 | sh_done(); | |
108 | secure_mem_initialized = 0; | |
109 | CRYPTO_THREAD_lock_free(sec_malloc_lock); | |
110 | sec_malloc_lock = NULL; | |
111 | return 1; | |
112 | } | |
113 | #endif /* OPENSSL_NO_SECURE_MEMORY */ | |
114 | return 0; | |
115 | } | |
116 | ||
117 | int CRYPTO_secure_malloc_initialized(void) | |
118 | { | |
119 | #ifndef OPENSSL_NO_SECURE_MEMORY | |
120 | return secure_mem_initialized; | |
121 | #else | |
122 | return 0; | |
123 | #endif /* OPENSSL_NO_SECURE_MEMORY */ | |
124 | } | |
125 | ||
126 | void *CRYPTO_secure_malloc(size_t num, const char *file, int line) | |
127 | { | |
128 | #ifndef OPENSSL_NO_SECURE_MEMORY | |
129 | void *ret; | |
130 | size_t actual_size; | |
131 | ||
132 | if (!secure_mem_initialized) { | |
133 | return CRYPTO_malloc(num, file, line); | |
134 | } | |
135 | if (!CRYPTO_THREAD_write_lock(sec_malloc_lock)) | |
136 | return NULL; | |
137 | ret = sh_malloc(num); | |
138 | actual_size = ret ? sh_actual_size(ret) : 0; | |
139 | secure_mem_used += actual_size; | |
140 | CRYPTO_THREAD_unlock(sec_malloc_lock); | |
141 | return ret; | |
142 | #else | |
143 | return CRYPTO_malloc(num, file, line); | |
144 | #endif /* OPENSSL_NO_SECURE_MEMORY */ | |
145 | } | |
146 | ||
147 | void *CRYPTO_secure_zalloc(size_t num, const char *file, int line) | |
148 | { | |
149 | #ifndef OPENSSL_NO_SECURE_MEMORY | |
150 | if (secure_mem_initialized) | |
151 | /* CRYPTO_secure_malloc() zeroes allocations when it is implemented */ | |
152 | return CRYPTO_secure_malloc(num, file, line); | |
153 | #endif | |
154 | return CRYPTO_zalloc(num, file, line); | |
155 | } | |
156 | ||
157 | void CRYPTO_secure_free(void *ptr, const char *file, int line) | |
158 | { | |
159 | #ifndef OPENSSL_NO_SECURE_MEMORY | |
160 | size_t actual_size; | |
161 | ||
162 | if (ptr == NULL) | |
163 | return; | |
164 | if (!CRYPTO_secure_allocated(ptr)) { | |
165 | CRYPTO_free(ptr, file, line); | |
166 | return; | |
167 | } | |
168 | if (!CRYPTO_THREAD_write_lock(sec_malloc_lock)) | |
169 | return; | |
170 | actual_size = sh_actual_size(ptr); | |
171 | CLEAR(ptr, actual_size); | |
172 | secure_mem_used -= actual_size; | |
173 | sh_free(ptr); | |
174 | CRYPTO_THREAD_unlock(sec_malloc_lock); | |
175 | #else | |
176 | CRYPTO_free(ptr, file, line); | |
177 | #endif /* OPENSSL_NO_SECURE_MEMORY */ | |
178 | } | |
179 | ||
180 | void CRYPTO_secure_clear_free(void *ptr, size_t num, | |
181 | const char *file, int line) | |
182 | { | |
183 | #ifndef OPENSSL_NO_SECURE_MEMORY | |
184 | size_t actual_size; | |
185 | ||
186 | if (ptr == NULL) | |
187 | return; | |
188 | if (!CRYPTO_secure_allocated(ptr)) { | |
189 | OPENSSL_cleanse(ptr, num); | |
190 | CRYPTO_free(ptr, file, line); | |
191 | return; | |
192 | } | |
193 | if (!CRYPTO_THREAD_write_lock(sec_malloc_lock)) | |
194 | return; | |
195 | actual_size = sh_actual_size(ptr); | |
196 | CLEAR(ptr, actual_size); | |
197 | secure_mem_used -= actual_size; | |
198 | sh_free(ptr); | |
199 | CRYPTO_THREAD_unlock(sec_malloc_lock); | |
200 | #else | |
201 | if (ptr == NULL) | |
202 | return; | |
203 | OPENSSL_cleanse(ptr, num); | |
204 | CRYPTO_free(ptr, file, line); | |
205 | #endif /* OPENSSL_NO_SECURE_MEMORY */ | |
206 | } | |
207 | ||
208 | int CRYPTO_secure_allocated(const void *ptr) | |
209 | { | |
210 | #ifndef OPENSSL_NO_SECURE_MEMORY | |
211 | if (!secure_mem_initialized) | |
212 | return 0; | |
213 | /* | |
214 | * Only read accesses to the arena take place in sh_allocated() and this | |
215 | * is only changed by the sh_init() and sh_done() calls which are not | |
216 | * locked. Hence, it is safe to make this check without a lock too. | |
217 | */ | |
218 | return sh_allocated(ptr); | |
219 | #else | |
220 | return 0; | |
221 | #endif /* OPENSSL_NO_SECURE_MEMORY */ | |
222 | } | |
223 | ||
224 | size_t CRYPTO_secure_used(void) | |
225 | { | |
226 | #ifndef OPENSSL_NO_SECURE_MEMORY | |
227 | return secure_mem_used; | |
228 | #else | |
229 | return 0; | |
230 | #endif /* OPENSSL_NO_SECURE_MEMORY */ | |
231 | } | |
232 | ||
233 | size_t CRYPTO_secure_actual_size(void *ptr) | |
234 | { | |
235 | #ifndef OPENSSL_NO_SECURE_MEMORY | |
236 | size_t actual_size; | |
237 | ||
238 | if (!CRYPTO_THREAD_write_lock(sec_malloc_lock)) | |
239 | return 0; | |
240 | actual_size = sh_actual_size(ptr); | |
241 | CRYPTO_THREAD_unlock(sec_malloc_lock); | |
242 | return actual_size; | |
243 | #else | |
244 | return 0; | |
245 | #endif | |
246 | } | |
247 | ||
248 | /* | |
249 | * SECURE HEAP IMPLEMENTATION | |
250 | */ | |
251 | #ifndef OPENSSL_NO_SECURE_MEMORY | |
252 | ||
253 | ||
254 | /* | |
255 | * The implementation provided here uses a fixed-sized mmap() heap, | |
256 | * which is locked into memory, not written to core files, and protected | |
257 | * on either side by an unmapped page, which will catch pointer overruns | |
258 | * (or underruns) and an attempt to read data out of the secure heap. | |
259 | * Free'd memory is zero'd or otherwise cleansed. | |
260 | * | |
261 | * This is a pretty standard buddy allocator. We keep areas in a multiple | |
262 | * of "sh.minsize" units. The freelist and bitmaps are kept separately, | |
263 | * so all (and only) data is kept in the mmap'd heap. | |
264 | * | |
265 | * This code assumes eight-bit bytes. The numbers 3 and 7 are all over the | |
266 | * place. | |
267 | */ | |
268 | ||
269 | #define ONE ((size_t)1) | |
270 | ||
271 | # define TESTBIT(t, b) (t[(b) >> 3] & (ONE << ((b) & 7))) | |
272 | # define SETBIT(t, b) (t[(b) >> 3] |= (ONE << ((b) & 7))) | |
273 | # define CLEARBIT(t, b) (t[(b) >> 3] &= (0xFF & ~(ONE << ((b) & 7)))) | |
274 | ||
275 | #define WITHIN_ARENA(p) \ | |
276 | ((char*)(p) >= sh.arena && (char*)(p) < &sh.arena[sh.arena_size]) | |
277 | #define WITHIN_FREELIST(p) \ | |
278 | ((char*)(p) >= (char*)sh.freelist && (char*)(p) < (char*)&sh.freelist[sh.freelist_size]) | |
279 | ||
280 | ||
281 | typedef struct sh_list_st | |
282 | { | |
283 | struct sh_list_st *next; | |
284 | struct sh_list_st **p_next; | |
285 | } SH_LIST; | |
286 | ||
287 | typedef struct sh_st | |
288 | { | |
289 | char* map_result; | |
290 | size_t map_size; | |
291 | char *arena; | |
292 | size_t arena_size; | |
293 | char **freelist; | |
294 | ossl_ssize_t freelist_size; | |
295 | size_t minsize; | |
296 | unsigned char *bittable; | |
297 | unsigned char *bitmalloc; | |
298 | size_t bittable_size; /* size in bits */ | |
299 | } SH; | |
300 | ||
301 | static SH sh; | |
302 | ||
303 | static size_t sh_getlist(char *ptr) | |
304 | { | |
305 | ossl_ssize_t list = sh.freelist_size - 1; | |
306 | size_t bit = (sh.arena_size + ptr - sh.arena) / sh.minsize; | |
307 | ||
308 | for (; bit; bit >>= 1, list--) { | |
309 | if (TESTBIT(sh.bittable, bit)) | |
310 | break; | |
311 | OPENSSL_assert((bit & 1) == 0); | |
312 | } | |
313 | ||
314 | return list; | |
315 | } | |
316 | ||
317 | ||
318 | static int sh_testbit(char *ptr, int list, unsigned char *table) | |
319 | { | |
320 | size_t bit; | |
321 | ||
322 | OPENSSL_assert(list >= 0 && list < sh.freelist_size); | |
323 | OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0); | |
324 | bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list)); | |
325 | OPENSSL_assert(bit > 0 && bit < sh.bittable_size); | |
326 | return TESTBIT(table, bit); | |
327 | } | |
328 | ||
329 | static void sh_clearbit(char *ptr, int list, unsigned char *table) | |
330 | { | |
331 | size_t bit; | |
332 | ||
333 | OPENSSL_assert(list >= 0 && list < sh.freelist_size); | |
334 | OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0); | |
335 | bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list)); | |
336 | OPENSSL_assert(bit > 0 && bit < sh.bittable_size); | |
337 | OPENSSL_assert(TESTBIT(table, bit)); | |
338 | CLEARBIT(table, bit); | |
339 | } | |
340 | ||
341 | static void sh_setbit(char *ptr, int list, unsigned char *table) | |
342 | { | |
343 | size_t bit; | |
344 | ||
345 | OPENSSL_assert(list >= 0 && list < sh.freelist_size); | |
346 | OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0); | |
347 | bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list)); | |
348 | OPENSSL_assert(bit > 0 && bit < sh.bittable_size); | |
349 | OPENSSL_assert(!TESTBIT(table, bit)); | |
350 | SETBIT(table, bit); | |
351 | } | |
352 | ||
353 | static void sh_add_to_list(char **list, char *ptr) | |
354 | { | |
355 | SH_LIST *temp; | |
356 | ||
357 | OPENSSL_assert(WITHIN_FREELIST(list)); | |
358 | OPENSSL_assert(WITHIN_ARENA(ptr)); | |
359 | ||
360 | temp = (SH_LIST *)ptr; | |
361 | temp->next = *(SH_LIST **)list; | |
362 | OPENSSL_assert(temp->next == NULL || WITHIN_ARENA(temp->next)); | |
363 | temp->p_next = (SH_LIST **)list; | |
364 | ||
365 | if (temp->next != NULL) { | |
366 | OPENSSL_assert((char **)temp->next->p_next == list); | |
367 | temp->next->p_next = &(temp->next); | |
368 | } | |
369 | ||
370 | *list = ptr; | |
371 | } | |
372 | ||
373 | static void sh_remove_from_list(char *ptr) | |
374 | { | |
375 | SH_LIST *temp, *temp2; | |
376 | ||
377 | temp = (SH_LIST *)ptr; | |
378 | if (temp->next != NULL) | |
379 | temp->next->p_next = temp->p_next; | |
380 | *temp->p_next = temp->next; | |
381 | if (temp->next == NULL) | |
382 | return; | |
383 | ||
384 | temp2 = temp->next; | |
385 | OPENSSL_assert(WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)); | |
386 | } | |
387 | ||
388 | ||
389 | static int sh_init(size_t size, size_t minsize) | |
390 | { | |
391 | int ret; | |
392 | size_t i; | |
393 | size_t pgsize; | |
394 | size_t aligned; | |
395 | #if defined(_WIN32) | |
396 | DWORD flOldProtect; | |
397 | SYSTEM_INFO systemInfo; | |
398 | #endif | |
399 | ||
400 | memset(&sh, 0, sizeof(sh)); | |
401 | ||
402 | /* make sure size is a powers of 2 */ | |
403 | OPENSSL_assert(size > 0); | |
404 | OPENSSL_assert((size & (size - 1)) == 0); | |
405 | if (size == 0 || (size & (size - 1)) != 0) | |
406 | goto err; | |
407 | ||
408 | if (minsize <= sizeof(SH_LIST)) { | |
409 | OPENSSL_assert(sizeof(SH_LIST) <= 65536); | |
410 | /* | |
411 | * Compute the minimum possible allocation size. | |
412 | * This must be a power of 2 and at least as large as the SH_LIST | |
413 | * structure. | |
414 | */ | |
415 | minsize = sizeof(SH_LIST) - 1; | |
416 | minsize |= minsize >> 1; | |
417 | minsize |= minsize >> 2; | |
418 | if (sizeof(SH_LIST) > 16) | |
419 | minsize |= minsize >> 4; | |
420 | if (sizeof(SH_LIST) > 256) | |
421 | minsize |= minsize >> 8; | |
422 | minsize++; | |
423 | } else { | |
424 | /* make sure minsize is a powers of 2 */ | |
425 | OPENSSL_assert((minsize & (minsize - 1)) == 0); | |
426 | if ((minsize & (minsize - 1)) != 0) | |
427 | goto err; | |
428 | } | |
429 | ||
430 | sh.arena_size = size; | |
431 | sh.minsize = minsize; | |
432 | sh.bittable_size = (sh.arena_size / sh.minsize) * 2; | |
433 | ||
434 | /* Prevent allocations of size 0 later on */ | |
435 | if (sh.bittable_size >> 3 == 0) | |
436 | goto err; | |
437 | ||
438 | sh.freelist_size = -1; | |
439 | for (i = sh.bittable_size; i; i >>= 1) | |
440 | sh.freelist_size++; | |
441 | ||
442 | sh.freelist = OPENSSL_zalloc(sh.freelist_size * sizeof(char *)); | |
443 | OPENSSL_assert(sh.freelist != NULL); | |
444 | if (sh.freelist == NULL) | |
445 | goto err; | |
446 | ||
447 | sh.bittable = OPENSSL_zalloc(sh.bittable_size >> 3); | |
448 | OPENSSL_assert(sh.bittable != NULL); | |
449 | if (sh.bittable == NULL) | |
450 | goto err; | |
451 | ||
452 | sh.bitmalloc = OPENSSL_zalloc(sh.bittable_size >> 3); | |
453 | OPENSSL_assert(sh.bitmalloc != NULL); | |
454 | if (sh.bitmalloc == NULL) | |
455 | goto err; | |
456 | ||
457 | /* Allocate space for heap, and two extra pages as guards */ | |
458 | #if defined(_SC_PAGE_SIZE) || defined (_SC_PAGESIZE) | |
459 | { | |
460 | # if defined(_SC_PAGE_SIZE) | |
461 | long tmppgsize = sysconf(_SC_PAGE_SIZE); | |
462 | # else | |
463 | long tmppgsize = sysconf(_SC_PAGESIZE); | |
464 | # endif | |
465 | if (tmppgsize < 1) | |
466 | pgsize = PAGE_SIZE; | |
467 | else | |
468 | pgsize = (size_t)tmppgsize; | |
469 | } | |
470 | #elif defined(_WIN32) | |
471 | GetSystemInfo(&systemInfo); | |
472 | pgsize = (size_t)systemInfo.dwPageSize; | |
473 | #else | |
474 | pgsize = PAGE_SIZE; | |
475 | #endif | |
476 | sh.map_size = pgsize + sh.arena_size + pgsize; | |
477 | ||
478 | #if !defined(_WIN32) | |
479 | # ifdef MAP_ANON | |
480 | sh.map_result = mmap(NULL, sh.map_size, | |
481 | PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE|MAP_CONCEAL, -1, 0); | |
482 | # else | |
483 | { | |
484 | int fd; | |
485 | ||
486 | sh.map_result = MAP_FAILED; | |
487 | if ((fd = open("/dev/zero", O_RDWR)) >= 0) { | |
488 | sh.map_result = mmap(NULL, sh.map_size, | |
489 | PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0); | |
490 | close(fd); | |
491 | } | |
492 | } | |
493 | # endif | |
494 | if (sh.map_result == MAP_FAILED) | |
495 | goto err; | |
496 | #else | |
497 | sh.map_result = VirtualAlloc(NULL, sh.map_size, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); | |
498 | ||
499 | if (sh.map_result == NULL) | |
500 | goto err; | |
501 | #endif | |
502 | ||
503 | sh.arena = (char *)(sh.map_result + pgsize); | |
504 | sh_setbit(sh.arena, 0, sh.bittable); | |
505 | sh_add_to_list(&sh.freelist[0], sh.arena); | |
506 | ||
507 | /* Now try to add guard pages and lock into memory. */ | |
508 | ret = 1; | |
509 | ||
510 | #if !defined(_WIN32) | |
511 | /* Starting guard is already aligned from mmap. */ | |
512 | if (mprotect(sh.map_result, pgsize, PROT_NONE) < 0) | |
513 | ret = 2; | |
514 | #else | |
515 | if (VirtualProtect(sh.map_result, pgsize, PAGE_NOACCESS, &flOldProtect) == FALSE) | |
516 | ret = 2; | |
517 | #endif | |
518 | ||
519 | /* Ending guard page - need to round up to page boundary */ | |
520 | aligned = (pgsize + sh.arena_size + (pgsize - 1)) & ~(pgsize - 1); | |
521 | #if !defined(_WIN32) | |
522 | if (mprotect(sh.map_result + aligned, pgsize, PROT_NONE) < 0) | |
523 | ret = 2; | |
524 | #else | |
525 | if (VirtualProtect(sh.map_result + aligned, pgsize, PAGE_NOACCESS, &flOldProtect) == FALSE) | |
526 | ret = 2; | |
527 | #endif | |
528 | ||
529 | #if defined(OPENSSL_SYS_LINUX) && defined(MLOCK_ONFAULT) && defined(SYS_mlock2) | |
530 | if (syscall(SYS_mlock2, sh.arena, sh.arena_size, MLOCK_ONFAULT) < 0) { | |
531 | if (errno == ENOSYS) { | |
532 | if (mlock(sh.arena, sh.arena_size) < 0) | |
533 | ret = 2; | |
534 | } else { | |
535 | ret = 2; | |
536 | } | |
537 | } | |
538 | #elif defined(_WIN32) | |
539 | if (VirtualLock(sh.arena, sh.arena_size) == FALSE) | |
540 | ret = 2; | |
541 | #else | |
542 | if (mlock(sh.arena, sh.arena_size) < 0) | |
543 | ret = 2; | |
544 | #endif | |
545 | #ifdef MADV_DONTDUMP | |
546 | if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0) | |
547 | ret = 2; | |
548 | #endif | |
549 | ||
550 | return ret; | |
551 | ||
552 | err: | |
553 | sh_done(); | |
554 | return 0; | |
555 | } | |
556 | ||
557 | static void sh_done(void) | |
558 | { | |
559 | OPENSSL_free(sh.freelist); | |
560 | OPENSSL_free(sh.bittable); | |
561 | OPENSSL_free(sh.bitmalloc); | |
562 | #if !defined(_WIN32) | |
563 | if (sh.map_result != MAP_FAILED && sh.map_size) | |
564 | munmap(sh.map_result, sh.map_size); | |
565 | #else | |
566 | if (sh.map_result != NULL && sh.map_size) | |
567 | VirtualFree(sh.map_result, 0, MEM_RELEASE); | |
568 | #endif | |
569 | memset(&sh, 0, sizeof(sh)); | |
570 | } | |
571 | ||
572 | static int sh_allocated(const char *ptr) | |
573 | { | |
574 | return WITHIN_ARENA(ptr) ? 1 : 0; | |
575 | } | |
576 | ||
577 | static char *sh_find_my_buddy(char *ptr, int list) | |
578 | { | |
579 | size_t bit; | |
580 | char *chunk = NULL; | |
581 | ||
582 | bit = (ONE << list) + (ptr - sh.arena) / (sh.arena_size >> list); | |
583 | bit ^= 1; | |
584 | ||
585 | if (TESTBIT(sh.bittable, bit) && !TESTBIT(sh.bitmalloc, bit)) | |
586 | chunk = sh.arena + ((bit & ((ONE << list) - 1)) * (sh.arena_size >> list)); | |
587 | ||
588 | return chunk; | |
589 | } | |
590 | ||
591 | static void *sh_malloc(size_t size) | |
592 | { | |
593 | ossl_ssize_t list, slist; | |
594 | size_t i; | |
595 | char *chunk; | |
596 | ||
597 | if (size > sh.arena_size) | |
598 | return NULL; | |
599 | ||
600 | list = sh.freelist_size - 1; | |
601 | for (i = sh.minsize; i < size; i <<= 1) | |
602 | list--; | |
603 | if (list < 0) | |
604 | return NULL; | |
605 | ||
606 | /* try to find a larger entry to split */ | |
607 | for (slist = list; slist >= 0; slist--) | |
608 | if (sh.freelist[slist] != NULL) | |
609 | break; | |
610 | if (slist < 0) | |
611 | return NULL; | |
612 | ||
613 | /* split larger entry */ | |
614 | while (slist != list) { | |
615 | char *temp = sh.freelist[slist]; | |
616 | ||
617 | /* remove from bigger list */ | |
618 | OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc)); | |
619 | sh_clearbit(temp, slist, sh.bittable); | |
620 | sh_remove_from_list(temp); | |
621 | OPENSSL_assert(temp != sh.freelist[slist]); | |
622 | ||
623 | /* done with bigger list */ | |
624 | slist++; | |
625 | ||
626 | /* add to smaller list */ | |
627 | OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc)); | |
628 | sh_setbit(temp, slist, sh.bittable); | |
629 | sh_add_to_list(&sh.freelist[slist], temp); | |
630 | OPENSSL_assert(sh.freelist[slist] == temp); | |
631 | ||
632 | /* split in 2 */ | |
633 | temp += sh.arena_size >> slist; | |
634 | OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc)); | |
635 | sh_setbit(temp, slist, sh.bittable); | |
636 | sh_add_to_list(&sh.freelist[slist], temp); | |
637 | OPENSSL_assert(sh.freelist[slist] == temp); | |
638 | ||
639 | OPENSSL_assert(temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)); | |
640 | } | |
641 | ||
642 | /* peel off memory to hand back */ | |
643 | chunk = sh.freelist[list]; | |
644 | OPENSSL_assert(sh_testbit(chunk, list, sh.bittable)); | |
645 | sh_setbit(chunk, list, sh.bitmalloc); | |
646 | sh_remove_from_list(chunk); | |
647 | ||
648 | OPENSSL_assert(WITHIN_ARENA(chunk)); | |
649 | ||
650 | /* zero the free list header as a precaution against information leakage */ | |
651 | memset(chunk, 0, sizeof(SH_LIST)); | |
652 | ||
653 | return chunk; | |
654 | } | |
655 | ||
656 | static void sh_free(void *ptr) | |
657 | { | |
658 | size_t list; | |
659 | void *buddy; | |
660 | ||
661 | if (ptr == NULL) | |
662 | return; | |
663 | OPENSSL_assert(WITHIN_ARENA(ptr)); | |
664 | if (!WITHIN_ARENA(ptr)) | |
665 | return; | |
666 | ||
667 | list = sh_getlist(ptr); | |
668 | OPENSSL_assert(sh_testbit(ptr, list, sh.bittable)); | |
669 | sh_clearbit(ptr, list, sh.bitmalloc); | |
670 | sh_add_to_list(&sh.freelist[list], ptr); | |
671 | ||
672 | /* Try to coalesce two adjacent free areas. */ | |
673 | while ((buddy = sh_find_my_buddy(ptr, list)) != NULL) { | |
674 | OPENSSL_assert(ptr == sh_find_my_buddy(buddy, list)); | |
675 | OPENSSL_assert(ptr != NULL); | |
676 | OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc)); | |
677 | sh_clearbit(ptr, list, sh.bittable); | |
678 | sh_remove_from_list(ptr); | |
679 | OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc)); | |
680 | sh_clearbit(buddy, list, sh.bittable); | |
681 | sh_remove_from_list(buddy); | |
682 | ||
683 | list--; | |
684 | ||
685 | /* Zero the higher addressed block's free list pointers */ | |
686 | memset(ptr > buddy ? ptr : buddy, 0, sizeof(SH_LIST)); | |
687 | if (ptr > buddy) | |
688 | ptr = buddy; | |
689 | ||
690 | OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc)); | |
691 | sh_setbit(ptr, list, sh.bittable); | |
692 | sh_add_to_list(&sh.freelist[list], ptr); | |
693 | OPENSSL_assert(sh.freelist[list] == ptr); | |
694 | } | |
695 | } | |
696 | ||
697 | static size_t sh_actual_size(char *ptr) | |
698 | { | |
699 | int list; | |
700 | ||
701 | OPENSSL_assert(WITHIN_ARENA(ptr)); | |
702 | if (!WITHIN_ARENA(ptr)) | |
703 | return 0; | |
704 | list = sh_getlist(ptr); | |
705 | OPENSSL_assert(sh_testbit(ptr, list, sh.bittable)); | |
706 | return sh.arena_size / (ONE << list); | |
707 | } | |
708 | #endif /* OPENSSL_NO_SECURE_MEMORY */ |