1 | /* |
2 | * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. |
3 | * Copyright 2004-2014, Akamai Technologies. All Rights Reserved. |
4 | * |
5 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
6 | * this file except in compliance with the License. You can obtain a copy |
7 | * in the file LICENSE in the source distribution or at |
8 | * https://www.openssl.org/source/license.html |
9 | */ |
10 | |
11 | /* |
12 | * This file is in two halves. The first half implements the public API |
13 | * to be used by external consumers, and to be used by OpenSSL to store |
14 | * data in a "secure arena." The second half implements the secure arena. |
15 | * For details on that implementation, see below (look for uppercase |
16 | * "SECURE HEAP IMPLEMENTATION"). |
17 | */ |
18 | #include "e_os.h" |
19 | #include <openssl/crypto.h> |
20 | |
21 | #include <string.h> |
22 | |
23 | /* e_os.h defines OPENSSL_SECURE_MEMORY if secure memory can be implemented */ |
24 | #ifdef OPENSSL_SECURE_MEMORY |
25 | # include <stdlib.h> |
26 | # include <assert.h> |
27 | # include <unistd.h> |
28 | # include <sys/types.h> |
29 | # include <sys/mman.h> |
30 | # if defined(OPENSSL_SYS_LINUX) |
31 | # include <sys/syscall.h> |
32 | # if defined(SYS_mlock2) |
33 | # include <linux/mman.h> |
34 | # include <errno.h> |
35 | # endif |
36 | # include <sys/param.h> |
37 | # endif |
38 | # include <sys/stat.h> |
39 | # include <fcntl.h> |
40 | #endif |
41 | |
42 | #define CLEAR(p, s) OPENSSL_cleanse(p, s) |
43 | #ifndef PAGE_SIZE |
44 | # define PAGE_SIZE 4096 |
45 | #endif |
46 | #if !defined(MAP_ANON) && defined(MAP_ANONYMOUS) |
47 | # define MAP_ANON MAP_ANONYMOUS |
48 | #endif |
49 | |
50 | #ifdef OPENSSL_SECURE_MEMORY |
51 | static size_t secure_mem_used; |
52 | |
53 | static int secure_mem_initialized; |
54 | |
55 | static CRYPTO_RWLOCK *sec_malloc_lock = NULL; |
56 | |
57 | /* |
58 | * These are the functions that must be implemented by a secure heap (sh). |
59 | */ |
60 | static int sh_init(size_t size, int minsize); |
61 | static void *sh_malloc(size_t size); |
62 | static void sh_free(void *ptr); |
63 | static void sh_done(void); |
64 | static size_t sh_actual_size(char *ptr); |
65 | static int sh_allocated(const char *ptr); |
66 | #endif |
67 | |
68 | int CRYPTO_secure_malloc_init(size_t size, int minsize) |
69 | { |
70 | #ifdef OPENSSL_SECURE_MEMORY |
71 | int ret = 0; |
72 | |
73 | if (!secure_mem_initialized) { |
74 | sec_malloc_lock = CRYPTO_THREAD_lock_new(); |
75 | if (sec_malloc_lock == NULL) |
76 | return 0; |
77 | if ((ret = sh_init(size, minsize)) != 0) { |
78 | secure_mem_initialized = 1; |
79 | } else { |
80 | CRYPTO_THREAD_lock_free(sec_malloc_lock); |
81 | sec_malloc_lock = NULL; |
82 | } |
83 | } |
84 | |
85 | return ret; |
86 | #else |
87 | return 0; |
88 | #endif /* OPENSSL_SECURE_MEMORY */ |
89 | } |
90 | |
91 | int CRYPTO_secure_malloc_done(void) |
92 | { |
93 | #ifdef OPENSSL_SECURE_MEMORY |
94 | if (secure_mem_used == 0) { |
95 | sh_done(); |
96 | secure_mem_initialized = 0; |
97 | CRYPTO_THREAD_lock_free(sec_malloc_lock); |
98 | sec_malloc_lock = NULL; |
99 | return 1; |
100 | } |
101 | #endif /* OPENSSL_SECURE_MEMORY */ |
102 | return 0; |
103 | } |
104 | |
105 | int CRYPTO_secure_malloc_initialized(void) |
106 | { |
107 | #ifdef OPENSSL_SECURE_MEMORY |
108 | return secure_mem_initialized; |
109 | #else |
110 | return 0; |
111 | #endif /* OPENSSL_SECURE_MEMORY */ |
112 | } |
113 | |
114 | void *CRYPTO_secure_malloc(size_t num, const char *file, int line) |
115 | { |
116 | #ifdef OPENSSL_SECURE_MEMORY |
117 | void *ret; |
118 | size_t actual_size; |
119 | |
120 | if (!secure_mem_initialized) { |
121 | return CRYPTO_malloc(num, file, line); |
122 | } |
123 | CRYPTO_THREAD_write_lock(sec_malloc_lock); |
124 | ret = sh_malloc(num); |
125 | actual_size = ret ? sh_actual_size(ret) : 0; |
126 | secure_mem_used += actual_size; |
127 | CRYPTO_THREAD_unlock(sec_malloc_lock); |
128 | return ret; |
129 | #else |
130 | return CRYPTO_malloc(num, file, line); |
131 | #endif /* OPENSSL_SECURE_MEMORY */ |
132 | } |
133 | |
134 | void *CRYPTO_secure_zalloc(size_t num, const char *file, int line) |
135 | { |
136 | #ifdef OPENSSL_SECURE_MEMORY |
137 | if (secure_mem_initialized) |
138 | /* CRYPTO_secure_malloc() zeroes allocations when it is implemented */ |
139 | return CRYPTO_secure_malloc(num, file, line); |
140 | #endif |
141 | return CRYPTO_zalloc(num, file, line); |
142 | } |
143 | |
144 | void CRYPTO_secure_free(void *ptr, const char *file, int line) |
145 | { |
146 | #ifdef OPENSSL_SECURE_MEMORY |
147 | size_t actual_size; |
148 | |
149 | if (ptr == NULL) |
150 | return; |
151 | if (!CRYPTO_secure_allocated(ptr)) { |
152 | CRYPTO_free(ptr, file, line); |
153 | return; |
154 | } |
155 | CRYPTO_THREAD_write_lock(sec_malloc_lock); |
156 | actual_size = sh_actual_size(ptr); |
157 | CLEAR(ptr, actual_size); |
158 | secure_mem_used -= actual_size; |
159 | sh_free(ptr); |
160 | CRYPTO_THREAD_unlock(sec_malloc_lock); |
161 | #else |
162 | CRYPTO_free(ptr, file, line); |
163 | #endif /* OPENSSL_SECURE_MEMORY */ |
164 | } |
165 | |
166 | void CRYPTO_secure_clear_free(void *ptr, size_t num, |
167 | const char *file, int line) |
168 | { |
169 | #ifdef OPENSSL_SECURE_MEMORY |
170 | size_t actual_size; |
171 | |
172 | if (ptr == NULL) |
173 | return; |
174 | if (!CRYPTO_secure_allocated(ptr)) { |
175 | OPENSSL_cleanse(ptr, num); |
176 | CRYPTO_free(ptr, file, line); |
177 | return; |
178 | } |
179 | CRYPTO_THREAD_write_lock(sec_malloc_lock); |
180 | actual_size = sh_actual_size(ptr); |
181 | CLEAR(ptr, actual_size); |
182 | secure_mem_used -= actual_size; |
183 | sh_free(ptr); |
184 | CRYPTO_THREAD_unlock(sec_malloc_lock); |
185 | #else |
186 | if (ptr == NULL) |
187 | return; |
188 | OPENSSL_cleanse(ptr, num); |
189 | CRYPTO_free(ptr, file, line); |
190 | #endif /* OPENSSL_SECURE_MEMORY */ |
191 | } |
192 | |
193 | int CRYPTO_secure_allocated(const void *ptr) |
194 | { |
195 | #ifdef OPENSSL_SECURE_MEMORY |
196 | int ret; |
197 | |
198 | if (!secure_mem_initialized) |
199 | return 0; |
200 | CRYPTO_THREAD_write_lock(sec_malloc_lock); |
201 | ret = sh_allocated(ptr); |
202 | CRYPTO_THREAD_unlock(sec_malloc_lock); |
203 | return ret; |
204 | #else |
205 | return 0; |
206 | #endif /* OPENSSL_SECURE_MEMORY */ |
207 | } |
208 | |
209 | size_t CRYPTO_secure_used(void) |
210 | { |
211 | #ifdef OPENSSL_SECURE_MEMORY |
212 | return secure_mem_used; |
213 | #else |
214 | return 0; |
215 | #endif /* OPENSSL_SECURE_MEMORY */ |
216 | } |
217 | |
218 | size_t CRYPTO_secure_actual_size(void *ptr) |
219 | { |
220 | #ifdef OPENSSL_SECURE_MEMORY |
221 | size_t actual_size; |
222 | |
223 | CRYPTO_THREAD_write_lock(sec_malloc_lock); |
224 | actual_size = sh_actual_size(ptr); |
225 | CRYPTO_THREAD_unlock(sec_malloc_lock); |
226 | return actual_size; |
227 | #else |
228 | return 0; |
229 | #endif |
230 | } |
231 | /* END OF PAGE ... |
232 | |
233 | ... START OF PAGE */ |
234 | |
235 | /* |
236 | * SECURE HEAP IMPLEMENTATION |
237 | */ |
238 | #ifdef OPENSSL_SECURE_MEMORY |
239 | |
240 | |
241 | /* |
242 | * The implementation provided here uses a fixed-sized mmap() heap, |
243 | * which is locked into memory, not written to core files, and protected |
244 | * on either side by an unmapped page, which will catch pointer overruns |
245 | * (or underruns) and an attempt to read data out of the secure heap. |
246 | * Free'd memory is zero'd or otherwise cleansed. |
247 | * |
248 | * This is a pretty standard buddy allocator. We keep areas in a multiple |
249 | * of "sh.minsize" units. The freelist and bitmaps are kept separately, |
250 | * so all (and only) data is kept in the mmap'd heap. |
251 | * |
252 | * This code assumes eight-bit bytes. The numbers 3 and 7 are all over the |
253 | * place. |
254 | */ |
255 | |
256 | #define ONE ((size_t)1) |
257 | |
258 | # define TESTBIT(t, b) (t[(b) >> 3] & (ONE << ((b) & 7))) |
259 | # define SETBIT(t, b) (t[(b) >> 3] |= (ONE << ((b) & 7))) |
260 | # define CLEARBIT(t, b) (t[(b) >> 3] &= (0xFF & ~(ONE << ((b) & 7)))) |
261 | |
262 | #define WITHIN_ARENA(p) \ |
263 | ((char*)(p) >= sh.arena && (char*)(p) < &sh.arena[sh.arena_size]) |
264 | #define WITHIN_FREELIST(p) \ |
265 | ((char*)(p) >= (char*)sh.freelist && (char*)(p) < (char*)&sh.freelist[sh.freelist_size]) |
266 | |
267 | |
268 | typedef struct sh_list_st |
269 | { |
270 | struct sh_list_st *next; |
271 | struct sh_list_st **p_next; |
272 | } SH_LIST; |
273 | |
274 | typedef struct sh_st |
275 | { |
276 | char* map_result; |
277 | size_t map_size; |
278 | char *arena; |
279 | size_t arena_size; |
280 | char **freelist; |
281 | ossl_ssize_t freelist_size; |
282 | size_t minsize; |
283 | unsigned char *bittable; |
284 | unsigned char *bitmalloc; |
285 | size_t bittable_size; /* size in bits */ |
286 | } SH; |
287 | |
288 | static SH sh; |
289 | |
290 | static size_t sh_getlist(char *ptr) |
291 | { |
292 | ossl_ssize_t list = sh.freelist_size - 1; |
293 | size_t bit = (sh.arena_size + ptr - sh.arena) / sh.minsize; |
294 | |
295 | for (; bit; bit >>= 1, list--) { |
296 | if (TESTBIT(sh.bittable, bit)) |
297 | break; |
298 | OPENSSL_assert((bit & 1) == 0); |
299 | } |
300 | |
301 | return list; |
302 | } |
303 | |
304 | |
305 | static int sh_testbit(char *ptr, int list, unsigned char *table) |
306 | { |
307 | size_t bit; |
308 | |
309 | OPENSSL_assert(list >= 0 && list < sh.freelist_size); |
310 | OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0); |
311 | bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list)); |
312 | OPENSSL_assert(bit > 0 && bit < sh.bittable_size); |
313 | return TESTBIT(table, bit); |
314 | } |
315 | |
316 | static void sh_clearbit(char *ptr, int list, unsigned char *table) |
317 | { |
318 | size_t bit; |
319 | |
320 | OPENSSL_assert(list >= 0 && list < sh.freelist_size); |
321 | OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0); |
322 | bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list)); |
323 | OPENSSL_assert(bit > 0 && bit < sh.bittable_size); |
324 | OPENSSL_assert(TESTBIT(table, bit)); |
325 | CLEARBIT(table, bit); |
326 | } |
327 | |
328 | static void sh_setbit(char *ptr, int list, unsigned char *table) |
329 | { |
330 | size_t bit; |
331 | |
332 | OPENSSL_assert(list >= 0 && list < sh.freelist_size); |
333 | OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0); |
334 | bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list)); |
335 | OPENSSL_assert(bit > 0 && bit < sh.bittable_size); |
336 | OPENSSL_assert(!TESTBIT(table, bit)); |
337 | SETBIT(table, bit); |
338 | } |
339 | |
340 | static void sh_add_to_list(char **list, char *ptr) |
341 | { |
342 | SH_LIST *temp; |
343 | |
344 | OPENSSL_assert(WITHIN_FREELIST(list)); |
345 | OPENSSL_assert(WITHIN_ARENA(ptr)); |
346 | |
347 | temp = (SH_LIST *)ptr; |
348 | temp->next = *(SH_LIST **)list; |
349 | OPENSSL_assert(temp->next == NULL || WITHIN_ARENA(temp->next)); |
350 | temp->p_next = (SH_LIST **)list; |
351 | |
352 | if (temp->next != NULL) { |
353 | OPENSSL_assert((char **)temp->next->p_next == list); |
354 | temp->next->p_next = &(temp->next); |
355 | } |
356 | |
357 | *list = ptr; |
358 | } |
359 | |
360 | static void sh_remove_from_list(char *ptr) |
361 | { |
362 | SH_LIST *temp, *temp2; |
363 | |
364 | temp = (SH_LIST *)ptr; |
365 | if (temp->next != NULL) |
366 | temp->next->p_next = temp->p_next; |
367 | *temp->p_next = temp->next; |
368 | if (temp->next == NULL) |
369 | return; |
370 | |
371 | temp2 = temp->next; |
372 | OPENSSL_assert(WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)); |
373 | } |
374 | |
375 | |
376 | static int sh_init(size_t size, int minsize) |
377 | { |
378 | int ret; |
379 | size_t i; |
380 | size_t pgsize; |
381 | size_t aligned; |
382 | |
383 | memset(&sh, 0, sizeof(sh)); |
384 | |
385 | /* make sure size and minsize are powers of 2 */ |
386 | OPENSSL_assert(size > 0); |
387 | OPENSSL_assert((size & (size - 1)) == 0); |
388 | OPENSSL_assert(minsize > 0); |
389 | OPENSSL_assert((minsize & (minsize - 1)) == 0); |
390 | if (size <= 0 || (size & (size - 1)) != 0) |
391 | goto err; |
392 | if (minsize <= 0 || (minsize & (minsize - 1)) != 0) |
393 | goto err; |
394 | |
395 | while (minsize < (int)sizeof(SH_LIST)) |
396 | minsize *= 2; |
397 | |
398 | sh.arena_size = size; |
399 | sh.minsize = minsize; |
400 | sh.bittable_size = (sh.arena_size / sh.minsize) * 2; |
401 | |
402 | /* Prevent allocations of size 0 later on */ |
403 | if (sh.bittable_size >> 3 == 0) |
404 | goto err; |
405 | |
406 | sh.freelist_size = -1; |
407 | for (i = sh.bittable_size; i; i >>= 1) |
408 | sh.freelist_size++; |
409 | |
410 | sh.freelist = OPENSSL_zalloc(sh.freelist_size * sizeof(char *)); |
411 | OPENSSL_assert(sh.freelist != NULL); |
412 | if (sh.freelist == NULL) |
413 | goto err; |
414 | |
415 | sh.bittable = OPENSSL_zalloc(sh.bittable_size >> 3); |
416 | OPENSSL_assert(sh.bittable != NULL); |
417 | if (sh.bittable == NULL) |
418 | goto err; |
419 | |
420 | sh.bitmalloc = OPENSSL_zalloc(sh.bittable_size >> 3); |
421 | OPENSSL_assert(sh.bitmalloc != NULL); |
422 | if (sh.bitmalloc == NULL) |
423 | goto err; |
424 | |
425 | /* Allocate space for heap, and two extra pages as guards */ |
426 | #if defined(_SC_PAGE_SIZE) || defined (_SC_PAGESIZE) |
427 | { |
428 | # if defined(_SC_PAGE_SIZE) |
429 | long tmppgsize = sysconf(_SC_PAGE_SIZE); |
430 | # else |
431 | long tmppgsize = sysconf(_SC_PAGESIZE); |
432 | # endif |
433 | if (tmppgsize < 1) |
434 | pgsize = PAGE_SIZE; |
435 | else |
436 | pgsize = (size_t)tmppgsize; |
437 | } |
438 | #else |
439 | pgsize = PAGE_SIZE; |
440 | #endif |
441 | sh.map_size = pgsize + sh.arena_size + pgsize; |
442 | if (1) { |
443 | #ifdef MAP_ANON |
444 | sh.map_result = mmap(NULL, sh.map_size, |
445 | PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, -1, 0); |
446 | } else { |
447 | #endif |
448 | int fd; |
449 | |
450 | sh.map_result = MAP_FAILED; |
451 | if ((fd = open("/dev/zero" , O_RDWR)) >= 0) { |
452 | sh.map_result = mmap(NULL, sh.map_size, |
453 | PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0); |
454 | close(fd); |
455 | } |
456 | } |
457 | if (sh.map_result == MAP_FAILED) |
458 | goto err; |
459 | sh.arena = (char *)(sh.map_result + pgsize); |
460 | sh_setbit(sh.arena, 0, sh.bittable); |
461 | sh_add_to_list(&sh.freelist[0], sh.arena); |
462 | |
463 | /* Now try to add guard pages and lock into memory. */ |
464 | ret = 1; |
465 | |
466 | /* Starting guard is already aligned from mmap. */ |
467 | if (mprotect(sh.map_result, pgsize, PROT_NONE) < 0) |
468 | ret = 2; |
469 | |
470 | /* Ending guard page - need to round up to page boundary */ |
471 | aligned = (pgsize + sh.arena_size + (pgsize - 1)) & ~(pgsize - 1); |
472 | if (mprotect(sh.map_result + aligned, pgsize, PROT_NONE) < 0) |
473 | ret = 2; |
474 | |
475 | #if defined(OPENSSL_SYS_LINUX) && defined(MLOCK_ONFAULT) && defined(SYS_mlock2) |
476 | if (syscall(SYS_mlock2, sh.arena, sh.arena_size, MLOCK_ONFAULT) < 0) { |
477 | if (errno == ENOSYS) { |
478 | if (mlock(sh.arena, sh.arena_size) < 0) |
479 | ret = 2; |
480 | } else { |
481 | ret = 2; |
482 | } |
483 | } |
484 | #else |
485 | if (mlock(sh.arena, sh.arena_size) < 0) |
486 | ret = 2; |
487 | #endif |
488 | #ifdef MADV_DONTDUMP |
489 | if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0) |
490 | ret = 2; |
491 | #endif |
492 | |
493 | return ret; |
494 | |
495 | err: |
496 | sh_done(); |
497 | return 0; |
498 | } |
499 | |
500 | static void sh_done(void) |
501 | { |
502 | OPENSSL_free(sh.freelist); |
503 | OPENSSL_free(sh.bittable); |
504 | OPENSSL_free(sh.bitmalloc); |
505 | if (sh.map_result != NULL && sh.map_size) |
506 | munmap(sh.map_result, sh.map_size); |
507 | memset(&sh, 0, sizeof(sh)); |
508 | } |
509 | |
510 | static int sh_allocated(const char *ptr) |
511 | { |
512 | return WITHIN_ARENA(ptr) ? 1 : 0; |
513 | } |
514 | |
515 | static char *sh_find_my_buddy(char *ptr, int list) |
516 | { |
517 | size_t bit; |
518 | char *chunk = NULL; |
519 | |
520 | bit = (ONE << list) + (ptr - sh.arena) / (sh.arena_size >> list); |
521 | bit ^= 1; |
522 | |
523 | if (TESTBIT(sh.bittable, bit) && !TESTBIT(sh.bitmalloc, bit)) |
524 | chunk = sh.arena + ((bit & ((ONE << list) - 1)) * (sh.arena_size >> list)); |
525 | |
526 | return chunk; |
527 | } |
528 | |
529 | static void *sh_malloc(size_t size) |
530 | { |
531 | ossl_ssize_t list, slist; |
532 | size_t i; |
533 | char *chunk; |
534 | |
535 | if (size > sh.arena_size) |
536 | return NULL; |
537 | |
538 | list = sh.freelist_size - 1; |
539 | for (i = sh.minsize; i < size; i <<= 1) |
540 | list--; |
541 | if (list < 0) |
542 | return NULL; |
543 | |
544 | /* try to find a larger entry to split */ |
545 | for (slist = list; slist >= 0; slist--) |
546 | if (sh.freelist[slist] != NULL) |
547 | break; |
548 | if (slist < 0) |
549 | return NULL; |
550 | |
551 | /* split larger entry */ |
552 | while (slist != list) { |
553 | char *temp = sh.freelist[slist]; |
554 | |
555 | /* remove from bigger list */ |
556 | OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc)); |
557 | sh_clearbit(temp, slist, sh.bittable); |
558 | sh_remove_from_list(temp); |
559 | OPENSSL_assert(temp != sh.freelist[slist]); |
560 | |
561 | /* done with bigger list */ |
562 | slist++; |
563 | |
564 | /* add to smaller list */ |
565 | OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc)); |
566 | sh_setbit(temp, slist, sh.bittable); |
567 | sh_add_to_list(&sh.freelist[slist], temp); |
568 | OPENSSL_assert(sh.freelist[slist] == temp); |
569 | |
570 | /* split in 2 */ |
571 | temp += sh.arena_size >> slist; |
572 | OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc)); |
573 | sh_setbit(temp, slist, sh.bittable); |
574 | sh_add_to_list(&sh.freelist[slist], temp); |
575 | OPENSSL_assert(sh.freelist[slist] == temp); |
576 | |
577 | OPENSSL_assert(temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)); |
578 | } |
579 | |
580 | /* peel off memory to hand back */ |
581 | chunk = sh.freelist[list]; |
582 | OPENSSL_assert(sh_testbit(chunk, list, sh.bittable)); |
583 | sh_setbit(chunk, list, sh.bitmalloc); |
584 | sh_remove_from_list(chunk); |
585 | |
586 | OPENSSL_assert(WITHIN_ARENA(chunk)); |
587 | |
588 | /* zero the free list header as a precaution against information leakage */ |
589 | memset(chunk, 0, sizeof(SH_LIST)); |
590 | |
591 | return chunk; |
592 | } |
593 | |
594 | static void sh_free(void *ptr) |
595 | { |
596 | size_t list; |
597 | void *buddy; |
598 | |
599 | if (ptr == NULL) |
600 | return; |
601 | OPENSSL_assert(WITHIN_ARENA(ptr)); |
602 | if (!WITHIN_ARENA(ptr)) |
603 | return; |
604 | |
605 | list = sh_getlist(ptr); |
606 | OPENSSL_assert(sh_testbit(ptr, list, sh.bittable)); |
607 | sh_clearbit(ptr, list, sh.bitmalloc); |
608 | sh_add_to_list(&sh.freelist[list], ptr); |
609 | |
610 | /* Try to coalesce two adjacent free areas. */ |
611 | while ((buddy = sh_find_my_buddy(ptr, list)) != NULL) { |
612 | OPENSSL_assert(ptr == sh_find_my_buddy(buddy, list)); |
613 | OPENSSL_assert(ptr != NULL); |
614 | OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc)); |
615 | sh_clearbit(ptr, list, sh.bittable); |
616 | sh_remove_from_list(ptr); |
617 | OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc)); |
618 | sh_clearbit(buddy, list, sh.bittable); |
619 | sh_remove_from_list(buddy); |
620 | |
621 | list--; |
622 | |
623 | /* Zero the higher addressed block's free list pointers */ |
624 | memset(ptr > buddy ? ptr : buddy, 0, sizeof(SH_LIST)); |
625 | if (ptr > buddy) |
626 | ptr = buddy; |
627 | |
628 | OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc)); |
629 | sh_setbit(ptr, list, sh.bittable); |
630 | sh_add_to_list(&sh.freelist[list], ptr); |
631 | OPENSSL_assert(sh.freelist[list] == ptr); |
632 | } |
633 | } |
634 | |
635 | static size_t sh_actual_size(char *ptr) |
636 | { |
637 | int list; |
638 | |
639 | OPENSSL_assert(WITHIN_ARENA(ptr)); |
640 | if (!WITHIN_ARENA(ptr)) |
641 | return 0; |
642 | list = sh_getlist(ptr); |
643 | OPENSSL_assert(sh_testbit(ptr, list, sh.bittable)); |
644 | return sh.arena_size / (ONE << list); |
645 | } |
646 | #endif /* OPENSSL_SECURE_MEMORY */ |
647 | |