crypto/mem_sec.c

   1 /*
   2  * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
   3  * Copyright 2004-2014, Akamai Technologies. All Rights Reserved.
   4  *
   5  * Licensed under the Apache License 2.0 (the "License").  You may not use
   6  * this file except in compliance with the License.  You can obtain a copy
   7  * in the file LICENSE in the source distribution or at
   8  * https://www.openssl.org/source/license.html
   9  */
  10
  11 /*
  12  * This file is in two halves. The first half implements the public API
  13  * to be used by external consumers, and to be used by OpenSSL to store
  14  * data in a "secure arena." The second half implements the secure arena.
  15  * For details on that implementation, see below (look for uppercase
  16  * "SECURE HEAP IMPLEMENTATION").
  17  */
  18 #include "internal/e_os.h"
  19 #include <openssl/crypto.h>
  20 #include <openssl/err.h>
  21
  22 #include <string.h>
  23
  24 #ifndef OPENSSL_NO_SECURE_MEMORY
  25 # if defined(_WIN32)
  26 #  include <windows.h>
  27 #  if defined(WINAPI_FAMILY_PARTITION)
  28 #   if !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP | WINAPI_PARTITION_SYSTEM)
  29 /*
  30  * While VirtualLock is available under the app partition (e.g. UWP),
  31  * the headers do not define the API. Define it ourselves instead.
  32  */
  33 WINBASEAPI
  34 BOOL
  35 WINAPI
  36 VirtualLock(
  37     _In_ LPVOID lpAddress,
  38     _In_ SIZE_T dwSize
  39     );
  40 #   endif
  41 #  endif
  42 # endif
  43 # include <stdlib.h>
  44 # include <assert.h>
  45 # if defined(OPENSSL_SYS_UNIX)
  46 #  include <unistd.h>
  47 # endif
  48 # include <sys/types.h>
  49 # if defined(OPENSSL_SYS_UNIX)
  50 #  include <sys/mman.h>
  51 #  if defined(__FreeBSD__)
  52 #    define MADV_DONTDUMP MADV_NOCORE
  53 #  endif
  54 #  if !defined(MAP_CONCEAL)
  55 #    define MAP_CONCEAL 0
  56 #  endif
  57 # endif
  58 # if defined(OPENSSL_SYS_LINUX)
  59 #  include <sys/syscall.h>
  60 #  if defined(SYS_mlock2)
  61 #   include <linux/mman.h>
  62 #   include <errno.h>
  63 #  endif
  64 #  include <sys/param.h>
  65 # endif
  66 # include <sys/stat.h>
  67 # include <fcntl.h>
  68 #endif
  69 #ifndef HAVE_MADVISE
  70 # if defined(MADV_DONTDUMP)
  71 #  define HAVE_MADVISE 1
  72 # else
  73 #  define HAVE_MADVISE 0
  74 # endif
  75 #endif
  76 #if HAVE_MADVISE
  77 # undef NO_MADVISE
  78 #else
  79 # define NO_MADVISE
  80 #endif
  81
  82 #define CLEAR(p, s) OPENSSL_cleanse(p, s)
  83 #ifndef PAGE_SIZE
  84 # define PAGE_SIZE    4096
  85 #endif
  86 #if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
  87 # define MAP_ANON MAP_ANONYMOUS
  88 #endif
  89
  90 #ifndef OPENSSL_NO_SECURE_MEMORY
  91 static size_t secure_mem_used;
  92
  93 static int secure_mem_initialized;
  94
  95 static CRYPTO_RWLOCK *sec_malloc_lock = NULL;
  96
  97 /*
  98  * These are the functions that must be implemented by a secure heap (sh).
  99  */
 100 static int sh_init(size_t size, size_t minsize);
 101 static void *sh_malloc(size_t size);
 102 static void sh_free(void *ptr);
 103 static void sh_done(void);
 104 static size_t sh_actual_size(char *ptr);
 105 static int sh_allocated(const char *ptr);
 106 #endif
 107
 108 int CRYPTO_secure_malloc_init(size_t size, size_t minsize)
 109 {
 110 #ifndef OPENSSL_NO_SECURE_MEMORY
 111     int ret = 0;
 112
 113     if (!secure_mem_initialized) {
 114         sec_malloc_lock = CRYPTO_THREAD_lock_new();
 115         if (sec_malloc_lock == NULL)
 116             return 0;
 117         if ((ret = sh_init(size, minsize)) != 0) {
 118             secure_mem_initialized = 1;
 119         } else {
 120             CRYPTO_THREAD_lock_free(sec_malloc_lock);
 121             sec_malloc_lock = NULL;
 122         }
 123     }
 124
 125     return ret;
 126 #else
 127     return 0;
 128 #endif /* OPENSSL_NO_SECURE_MEMORY */
 129 }
 130
 131 int CRYPTO_secure_malloc_done(void)
 132 {
 133 #ifndef OPENSSL_NO_SECURE_MEMORY
 134     if (secure_mem_used == 0) {
 135         sh_done();
 136         secure_mem_initialized = 0;
 137         CRYPTO_THREAD_lock_free(sec_malloc_lock);
 138         sec_malloc_lock = NULL;
 139         return 1;
 140     }
 141 #endif /* OPENSSL_NO_SECURE_MEMORY */
 142     return 0;
 143 }
 144
 145 int CRYPTO_secure_malloc_initialized(void)
 146 {
 147 #ifndef OPENSSL_NO_SECURE_MEMORY
 148     return secure_mem_initialized;
 149 #else
 150     return 0;
 151 #endif /* OPENSSL_NO_SECURE_MEMORY */
 152 }
 153
 154 void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
 155 {
 156 #ifndef OPENSSL_NO_SECURE_MEMORY
 157     void *ret = NULL;
 158     size_t actual_size;
 159     int reason = CRYPTO_R_SECURE_MALLOC_FAILURE;
 160
 161     if (!secure_mem_initialized) {
 162         return CRYPTO_malloc(num, file, line);
 163     }
 164     if (!CRYPTO_THREAD_write_lock(sec_malloc_lock)) {
 165         reason = ERR_R_CRYPTO_LIB;
 166         goto err;
 167     }
 168     ret = sh_malloc(num);
 169     actual_size = ret ? sh_actual_size(ret) : 0;
 170     secure_mem_used += actual_size;
 171     CRYPTO_THREAD_unlock(sec_malloc_lock);
 172  err:
 173     if (ret == NULL && (file != NULL || line != 0)) {
 174         ERR_new();
 175         ERR_set_debug(file, line, NULL);
 176         ERR_set_error(ERR_LIB_CRYPTO, reason, NULL);
 177     }
 178     return ret;
 179 #else
 180     return CRYPTO_malloc(num, file, line);
 181 #endif /* OPENSSL_NO_SECURE_MEMORY */
 182 }
 183
 184 void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
 185 {
 186 #ifndef OPENSSL_NO_SECURE_MEMORY
 187     if (secure_mem_initialized)
 188         /* CRYPTO_secure_malloc() zeroes allocations when it is implemented */
 189         return CRYPTO_secure_malloc(num, file, line);
 190 #endif
 191     return CRYPTO_zalloc(num, file, line);
 192 }
 193
 194 void CRYPTO_secure_free(void *ptr, const char *file, int line)
 195 {
 196 #ifndef OPENSSL_NO_SECURE_MEMORY
 197     size_t actual_size;
 198
 199     if (ptr == NULL)
 200         return;
 201     if (!CRYPTO_secure_allocated(ptr)) {
 202         CRYPTO_free(ptr, file, line);
 203         return;
 204     }
 205     if (!CRYPTO_THREAD_write_lock(sec_malloc_lock))
 206         return;
 207     actual_size = sh_actual_size(ptr);
 208     CLEAR(ptr, actual_size);
 209     secure_mem_used -= actual_size;
 210     sh_free(ptr);
 211     CRYPTO_THREAD_unlock(sec_malloc_lock);
 212 #else
 213     CRYPTO_free(ptr, file, line);
 214 #endif /* OPENSSL_NO_SECURE_MEMORY */
 215 }
 216
 217 void CRYPTO_secure_clear_free(void *ptr, size_t num,
 218                               const char *file, int line)
 219 {
 220 #ifndef OPENSSL_NO_SECURE_MEMORY
 221     size_t actual_size;
 222
 223     if (ptr == NULL)
 224         return;
 225     if (!CRYPTO_secure_allocated(ptr)) {
 226         OPENSSL_cleanse(ptr, num);
 227         CRYPTO_free(ptr, file, line);
 228         return;
 229     }
 230     if (!CRYPTO_THREAD_write_lock(sec_malloc_lock))
 231         return;
 232     actual_size = sh_actual_size(ptr);
 233     CLEAR(ptr, actual_size);
 234     secure_mem_used -= actual_size;
 235     sh_free(ptr);
 236     CRYPTO_THREAD_unlock(sec_malloc_lock);
 237 #else
 238     if (ptr == NULL)
 239         return;
 240     OPENSSL_cleanse(ptr, num);
 241     CRYPTO_free(ptr, file, line);
 242 #endif /* OPENSSL_NO_SECURE_MEMORY */
 243 }
 244
 245 int CRYPTO_secure_allocated(const void *ptr)
 246 {
 247 #ifndef OPENSSL_NO_SECURE_MEMORY
 248     if (!secure_mem_initialized)
 249         return 0;
 250     /*
 251      * Only read accesses to the arena take place in sh_allocated() and this
 252      * is only changed by the sh_init() and sh_done() calls which are not
 253      * locked.  Hence, it is safe to make this check without a lock too.
 254      */
 255     return sh_allocated(ptr);
 256 #else
 257     return 0;
 258 #endif /* OPENSSL_NO_SECURE_MEMORY */
 259 }
 260
 261 size_t CRYPTO_secure_used(void)
 262 {
 263     size_t ret = 0;
 264
 265 #ifndef OPENSSL_NO_SECURE_MEMORY
 266     if (!CRYPTO_THREAD_read_lock(sec_malloc_lock))
 267         return 0;
 268
 269     ret = secure_mem_used;
 270
 271     CRYPTO_THREAD_unlock(sec_malloc_lock);
 272 #endif /* OPENSSL_NO_SECURE_MEMORY */
 273     return ret;
 274 }
 275
 276 size_t CRYPTO_secure_actual_size(void *ptr)
 277 {
 278 #ifndef OPENSSL_NO_SECURE_MEMORY
 279     size_t actual_size;
 280
 281     if (!CRYPTO_THREAD_write_lock(sec_malloc_lock))
 282         return 0;
 283     actual_size = sh_actual_size(ptr);
 284     CRYPTO_THREAD_unlock(sec_malloc_lock);
 285     return actual_size;
 286 #else
 287     return 0;
 288 #endif
 289 }
 290
 291 /*
 292  * SECURE HEAP IMPLEMENTATION
 293  */
 294 #ifndef OPENSSL_NO_SECURE_MEMORY
 295
 296
 297 /*
 298  * The implementation provided here uses a fixed-sized mmap() heap,
 299  * which is locked into memory, not written to core files, and protected
 300  * on either side by an unmapped page, which will catch pointer overruns
 301  * (or underruns) and an attempt to read data out of the secure heap.
 302  * Free'd memory is zero'd or otherwise cleansed.
 303  *
 304  * This is a pretty standard buddy allocator.  We keep areas in a multiple
 305  * of "sh.minsize" units.  The freelist and bitmaps are kept separately,
 306  * so all (and only) data is kept in the mmap'd heap.
 307  *
 308  * This code assumes eight-bit bytes.  The numbers 3 and 7 are all over the
 309  * place.
 310  */
 311
 312 #define ONE ((size_t)1)
 313
 314 # define TESTBIT(t, b)  (t[(b) >> 3] &  (ONE << ((b) & 7)))
 315 # define SETBIT(t, b)   (t[(b) >> 3] |= (ONE << ((b) & 7)))
 316 # define CLEARBIT(t, b) (t[(b) >> 3] &= (0xFF & ~(ONE << ((b) & 7))))
 317
 318 #define WITHIN_ARENA(p) \
 319     ((char*)(p) >= sh.arena && (char*)(p) < &sh.arena[sh.arena_size])
 320 #define WITHIN_FREELIST(p) \
 321     ((char*)(p) >= (char*)sh.freelist && (char*)(p) < (char*)&sh.freelist[sh.freelist_size])
 322
 323
 324 typedef struct sh_list_st
 325 {
 326     struct sh_list_st *next;
 327     struct sh_list_st **p_next;
 328 } SH_LIST;
 329
 330 typedef struct sh_st
 331 {
 332     char* map_result;
 333     size_t map_size;
 334     char *arena;
 335     size_t arena_size;
 336     char **freelist;
 337     ossl_ssize_t freelist_size;
 338     size_t minsize;
 339     unsigned char *bittable;
 340     unsigned char *bitmalloc;
 341     size_t bittable_size; /* size in bits */
 342 } SH;
 343
 344 static SH sh;
 345
 346 static size_t sh_getlist(char *ptr)
 347 {
 348     ossl_ssize_t list = sh.freelist_size - 1;
 349     size_t bit = (sh.arena_size + ptr - sh.arena) / sh.minsize;
 350
 351     for (; bit; bit >>= 1, list--) {
 352         if (TESTBIT(sh.bittable, bit))
 353             break;
 354         OPENSSL_assert((bit & 1) == 0);
 355     }
 356
 357     return list;
 358 }
 359
 360
 361 static int sh_testbit(char *ptr, int list, unsigned char *table)
 362 {
 363     size_t bit;
 364
 365     OPENSSL_assert(list >= 0 && list < sh.freelist_size);
 366     OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
 367     bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
 368     OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
 369     return TESTBIT(table, bit);
 370 }
 371
 372 static void sh_clearbit(char *ptr, int list, unsigned char *table)
 373 {
 374     size_t bit;
 375
 376     OPENSSL_assert(list >= 0 && list < sh.freelist_size);
 377     OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
 378     bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
 379     OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
 380     OPENSSL_assert(TESTBIT(table, bit));
 381     CLEARBIT(table, bit);
 382 }
 383
 384 static void sh_setbit(char *ptr, int list, unsigned char *table)
 385 {
 386     size_t bit;
 387
 388     OPENSSL_assert(list >= 0 && list < sh.freelist_size);
 389     OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
 390     bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
 391     OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
 392     OPENSSL_assert(!TESTBIT(table, bit));
 393     SETBIT(table, bit);
 394 }
 395
 396 static void sh_add_to_list(char **list, char *ptr)
 397 {
 398     SH_LIST *temp;
 399
 400     OPENSSL_assert(WITHIN_FREELIST(list));
 401     OPENSSL_assert(WITHIN_ARENA(ptr));
 402
 403     temp = (SH_LIST *)ptr;
 404     temp->next = *(SH_LIST **)list;
 405     OPENSSL_assert(temp->next == NULL || WITHIN_ARENA(temp->next));
 406     temp->p_next = (SH_LIST **)list;
 407
 408     if (temp->next != NULL) {
 409         OPENSSL_assert((char **)temp->next->p_next == list);
 410         temp->next->p_next = &(temp->next);
 411     }
 412
 413     *list = ptr;
 414 }
 415
 416 static void sh_remove_from_list(char *ptr)
 417 {
 418     SH_LIST *temp, *temp2;
 419
 420     temp = (SH_LIST *)ptr;
 421     if (temp->next != NULL)
 422         temp->next->p_next = temp->p_next;
 423     *temp->p_next = temp->next;
 424     if (temp->next == NULL)
 425         return;
 426
 427     temp2 = temp->next;
 428     OPENSSL_assert(WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next));
 429 }
 430
 431
 432 static int sh_init(size_t size, size_t minsize)
 433 {
 434     int ret;
 435     size_t i;
 436     size_t pgsize;
 437     size_t aligned;
 438 #if defined(_WIN32)
 439     DWORD flOldProtect;
 440     SYSTEM_INFO systemInfo;
 441 #endif
 442
 443     memset(&sh, 0, sizeof(sh));
 444
 445     /* make sure size is a powers of 2 */
 446     OPENSSL_assert(size > 0);
 447     OPENSSL_assert((size & (size - 1)) == 0);
 448     if (size == 0 || (size & (size - 1)) != 0)
 449         goto err;
 450
 451     if (minsize <= sizeof(SH_LIST)) {
 452         OPENSSL_assert(sizeof(SH_LIST) <= 65536);
 453         /*
 454          * Compute the minimum possible allocation size.
 455          * This must be a power of 2 and at least as large as the SH_LIST
 456          * structure.
 457          */
 458         minsize = sizeof(SH_LIST) - 1;
 459         minsize |= minsize >> 1;
 460         minsize |= minsize >> 2;
 461         if (sizeof(SH_LIST) > 16)
 462             minsize |= minsize >> 4;
 463         if (sizeof(SH_LIST) > 256)
 464             minsize |= minsize >> 8;
 465         minsize++;
 466     } else {
 467         /* make sure minsize is a powers of 2 */
 468           OPENSSL_assert((minsize & (minsize - 1)) == 0);
 469           if ((minsize & (minsize - 1)) != 0)
 470               goto err;
 471     }
 472
 473     sh.arena_size = size;
 474     sh.minsize = minsize;
 475     sh.bittable_size = (sh.arena_size / sh.minsize) * 2;
 476
 477     /* Prevent allocations of size 0 later on */
 478     if (sh.bittable_size >> 3 == 0)
 479         goto err;
 480
 481     sh.freelist_size = -1;
 482     for (i = sh.bittable_size; i; i >>= 1)
 483         sh.freelist_size++;
 484
 485     sh.freelist = OPENSSL_zalloc(sh.freelist_size * sizeof(char *));
 486     OPENSSL_assert(sh.freelist != NULL);
 487     if (sh.freelist == NULL)
 488         goto err;
 489
 490     sh.bittable = OPENSSL_zalloc(sh.bittable_size >> 3);
 491     OPENSSL_assert(sh.bittable != NULL);
 492     if (sh.bittable == NULL)
 493         goto err;
 494
 495     sh.bitmalloc = OPENSSL_zalloc(sh.bittable_size >> 3);
 496     OPENSSL_assert(sh.bitmalloc != NULL);
 497     if (sh.bitmalloc == NULL)
 498         goto err;
 499
 500     /* Allocate space for heap, and two extra pages as guards */
 501 #if defined(_SC_PAGE_SIZE) || defined (_SC_PAGESIZE)
 502     {
 503 # if defined(_SC_PAGE_SIZE)
 504         long tmppgsize = sysconf(_SC_PAGE_SIZE);
 505 # else
 506         long tmppgsize = sysconf(_SC_PAGESIZE);
 507 # endif
 508         if (tmppgsize < 1)
 509             pgsize = PAGE_SIZE;
 510         else
 511             pgsize = (size_t)tmppgsize;
 512     }
 513 #elif defined(_WIN32)
 514     GetSystemInfo(&systemInfo);
 515     pgsize = (size_t)systemInfo.dwPageSize;
 516 #else
 517     pgsize = PAGE_SIZE;
 518 #endif
 519     sh.map_size = pgsize + sh.arena_size + pgsize;
 520
 521 #if !defined(_WIN32)
 522 # ifdef MAP_ANON
 523     sh.map_result = mmap(NULL, sh.map_size,
 524                          PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE|MAP_CONCEAL, -1, 0);
 525 # else
 526     {
 527         int fd;
 528
 529         sh.map_result = MAP_FAILED;
 530         if ((fd = open("/dev/zero", O_RDWR)) >= 0) {
 531             sh.map_result = mmap(NULL, sh.map_size,
 532                                  PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0);
 533             close(fd);
 534         }
 535     }
 536 # endif
 537     if (sh.map_result == MAP_FAILED)
 538         goto err;
 539 #else
 540     sh.map_result = VirtualAlloc(NULL, sh.map_size, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
 541
 542     if (sh.map_result == NULL)
 543             goto err;
 544 #endif
 545
 546     sh.arena = (char *)(sh.map_result + pgsize);
 547     sh_setbit(sh.arena, 0, sh.bittable);
 548     sh_add_to_list(&sh.freelist[0], sh.arena);
 549
 550     /* Now try to add guard pages and lock into memory. */
 551     ret = 1;
 552
 553 #if !defined(_WIN32)
 554     /* Starting guard is already aligned from mmap. */
 555     if (mprotect(sh.map_result, pgsize, PROT_NONE) < 0)
 556         ret = 2;
 557 #else
 558     if (VirtualProtect(sh.map_result, pgsize, PAGE_NOACCESS, &flOldProtect) == FALSE)
 559         ret = 2;
 560 #endif
 561
 562     /* Ending guard page - need to round up to page boundary */
 563     aligned = (pgsize + sh.arena_size + (pgsize - 1)) & ~(pgsize - 1);
 564 #if !defined(_WIN32)
 565     if (mprotect(sh.map_result + aligned, pgsize, PROT_NONE) < 0)
 566         ret = 2;
 567 #else
 568     if (VirtualProtect(sh.map_result + aligned, pgsize, PAGE_NOACCESS, &flOldProtect) == FALSE)
 569         ret = 2;
 570 #endif
 571
 572 #if defined(OPENSSL_SYS_LINUX) && defined(MLOCK_ONFAULT) && defined(SYS_mlock2)
 573     if (syscall(SYS_mlock2, sh.arena, sh.arena_size, MLOCK_ONFAULT) < 0) {
 574         if (errno == ENOSYS) {
 575             if (mlock(sh.arena, sh.arena_size) < 0)
 576                 ret = 2;
 577         } else {
 578             ret = 2;
 579         }
 580     }
 581 #elif defined(_WIN32)
 582     if (VirtualLock(sh.arena, sh.arena_size) == FALSE)
 583         ret = 2;
 584 #else
 585     if (mlock(sh.arena, sh.arena_size) < 0)
 586         ret = 2;
 587 #endif
 588 #ifndef NO_MADVISE
 589     if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0)
 590         ret = 2;
 591 #endif
 592
 593     return ret;
 594
 595  err:
 596     sh_done();
 597     return 0;
 598 }
 599
 600 static void sh_done(void)
 601 {
 602     OPENSSL_free(sh.freelist);
 603     OPENSSL_free(sh.bittable);
 604     OPENSSL_free(sh.bitmalloc);
 605 #if !defined(_WIN32)
 606     if (sh.map_result != MAP_FAILED && sh.map_size)
 607         munmap(sh.map_result, sh.map_size);
 608 #else
 609     if (sh.map_result != NULL && sh.map_size)
 610         VirtualFree(sh.map_result, 0, MEM_RELEASE);
 611 #endif
 612     memset(&sh, 0, sizeof(sh));
 613 }
 614
 615 static int sh_allocated(const char *ptr)
 616 {
 617     return WITHIN_ARENA(ptr) ? 1 : 0;
 618 }
 619
 620 static char *sh_find_my_buddy(char *ptr, int list)
 621 {
 622     size_t bit;
 623     char *chunk = NULL;
 624
 625     bit = (ONE << list) + (ptr - sh.arena) / (sh.arena_size >> list);
 626     bit ^= 1;
 627
 628     if (TESTBIT(sh.bittable, bit) && !TESTBIT(sh.bitmalloc, bit))
 629         chunk = sh.arena + ((bit & ((ONE << list) - 1)) * (sh.arena_size >> list));
 630
 631     return chunk;
 632 }
 633
 634 static void *sh_malloc(size_t size)
 635 {
 636     ossl_ssize_t list, slist;
 637     size_t i;
 638     char *chunk;
 639
 640     if (size > sh.arena_size)
 641         return NULL;
 642
 643     list = sh.freelist_size - 1;
 644     for (i = sh.minsize; i < size; i <<= 1)
 645         list--;
 646     if (list < 0)
 647         return NULL;
 648
 649     /* try to find a larger entry to split */
 650     for (slist = list; slist >= 0; slist--)
 651         if (sh.freelist[slist] != NULL)
 652             break;
 653     if (slist < 0)
 654         return NULL;
 655
 656     /* split larger entry */
 657     while (slist != list) {
 658         char *temp = sh.freelist[slist];
 659
 660         /* remove from bigger list */
 661         OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
 662         sh_clearbit(temp, slist, sh.bittable);
 663         sh_remove_from_list(temp);
 664         OPENSSL_assert(temp != sh.freelist[slist]);
 665
 666         /* done with bigger list */
 667         slist++;
 668
 669         /* add to smaller list */
 670         OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
 671         sh_setbit(temp, slist, sh.bittable);
 672         sh_add_to_list(&sh.freelist[slist], temp);
 673         OPENSSL_assert(sh.freelist[slist] == temp);
 674
 675         /* split in 2 */
 676         temp += sh.arena_size >> slist;
 677         OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
 678         sh_setbit(temp, slist, sh.bittable);
 679         sh_add_to_list(&sh.freelist[slist], temp);
 680         OPENSSL_assert(sh.freelist[slist] == temp);
 681
 682         OPENSSL_assert(temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist));
 683     }
 684
 685     /* peel off memory to hand back */
 686     chunk = sh.freelist[list];
 687     OPENSSL_assert(sh_testbit(chunk, list, sh.bittable));
 688     sh_setbit(chunk, list, sh.bitmalloc);
 689     sh_remove_from_list(chunk);
 690
 691     OPENSSL_assert(WITHIN_ARENA(chunk));
 692
 693     /* zero the free list header as a precaution against information leakage */
 694     memset(chunk, 0, sizeof(SH_LIST));
 695
 696     return chunk;
 697 }
 698
 699 static void sh_free(void *ptr)
 700 {
 701     size_t list;
 702     void *buddy;
 703
 704     if (ptr == NULL)
 705         return;
 706     OPENSSL_assert(WITHIN_ARENA(ptr));
 707     if (!WITHIN_ARENA(ptr))
 708         return;
 709
 710     list = sh_getlist(ptr);
 711     OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
 712     sh_clearbit(ptr, list, sh.bitmalloc);
 713     sh_add_to_list(&sh.freelist[list], ptr);
 714
 715     /* Try to coalesce two adjacent free areas. */
 716     while ((buddy = sh_find_my_buddy(ptr, list)) != NULL) {
 717         OPENSSL_assert(ptr == sh_find_my_buddy(buddy, list));
 718         OPENSSL_assert(ptr != NULL);
 719         OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
 720         sh_clearbit(ptr, list, sh.bittable);
 721         sh_remove_from_list(ptr);
 722         OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
 723         sh_clearbit(buddy, list, sh.bittable);
 724         sh_remove_from_list(buddy);
 725
 726         list--;
 727
 728         /* Zero the higher addressed block's free list pointers */
 729         memset(ptr > buddy ? ptr : buddy, 0, sizeof(SH_LIST));
 730         if (ptr > buddy)
 731             ptr = buddy;
 732
 733         OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
 734         sh_setbit(ptr, list, sh.bittable);
 735         sh_add_to_list(&sh.freelist[list], ptr);
 736         OPENSSL_assert(sh.freelist[list] == ptr);
 737     }
 738 }
 739
 740 static size_t sh_actual_size(char *ptr)
 741 {
 742     int list;
 743
 744     OPENSSL_assert(WITHIN_ARENA(ptr));
 745     if (!WITHIN_ARENA(ptr))
 746         return 0;
 747     list = sh_getlist(ptr);
 748     OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
 749     return sh.arena_size / (ONE << list);
 750 }
 751 #endif /* OPENSSL_NO_SECURE_MEMORY */