Gitiles
Code Review Sign In
192.168.1.100 / T106_DC / db4f43f0150836941f56a4d2e2923f7182328607 / . / ap / lib / libssl / openssl-1.1.1o / crypto / mem_sec.c
blob: 222c786cbaeff0e798a57a42fc429cc70bed913f [file] [log] [blame]
lh9ed821d2023-04-07 01:36:19 -0700[diff] [blame]1/*
2 * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright 2004-2014, Akamai Technologies. All Rights Reserved.
4 *
5 * Licensed under the OpenSSL license (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
9 */
10
11/*
12 * This file is in two halves. The first half implements the public API
13 * to be used by external consumers, and to be used by OpenSSL to store
14 * data in a "secure arena." The second half implements the secure arena.
15 * For details on that implementation, see below (look for uppercase
16 * "SECURE HEAP IMPLEMENTATION").
17 */
18#include "e_os.h"
19#include <openssl/crypto.h>
20
21#include <string.h>
22
23/* e_os.h defines OPENSSL_SECURE_MEMORY if secure memory can be implemented */
24#ifdef OPENSSL_SECURE_MEMORY
25# include <stdlib.h>
26# include <assert.h>
27# include <unistd.h>
28# include <sys/types.h>
29# include <sys/mman.h>
30# if defined(OPENSSL_SYS_LINUX)
31# include <sys/syscall.h>
32# if defined(SYS_mlock2)
33# include <linux/mman.h>
34# include <errno.h>
35# endif
36# endif
37# if defined(__FreeBSD__)
38# define MADV_DONTDUMP MADV_NOCORE
39# endif
40# if !defined(MAP_CONCEAL)
41# define MAP_CONCEAL 0
42# endif
43# include <sys/param.h>
44# include <sys/stat.h>
45# include <fcntl.h>
46#endif
47
48#define CLEAR(p, s) OPENSSL_cleanse(p, s)
49#ifndef PAGE_SIZE
50# define PAGE_SIZE 4096
51#endif
52#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
53# define MAP_ANON MAP_ANONYMOUS
54#endif
55
56#ifdef OPENSSL_SECURE_MEMORY
57static size_t secure_mem_used;
58
59static int secure_mem_initialized;
60
61static CRYPTO_RWLOCK *sec_malloc_lock = NULL;
62
63/*
64 * These are the functions that must be implemented by a secure heap (sh).
65 */
66static int sh_init(size_t size, int minsize);
67static void *sh_malloc(size_t size);
68static void sh_free(void *ptr);
69static void sh_done(void);
70static size_t sh_actual_size(char *ptr);
71static int sh_allocated(const char *ptr);
72#endif
73
74int CRYPTO_secure_malloc_init(size_t size, int minsize)
75{
76#ifdef OPENSSL_SECURE_MEMORY
77 int ret = 0;
78
79 if (!secure_mem_initialized) {
80 sec_malloc_lock = CRYPTO_THREAD_lock_new();
81 if (sec_malloc_lock == NULL)
82 return 0;
83 if ((ret = sh_init(size, minsize)) != 0) {
84 secure_mem_initialized = 1;
85 } else {
86 CRYPTO_THREAD_lock_free(sec_malloc_lock);
87 sec_malloc_lock = NULL;
88 }
89 }
90
91 return ret;
92#else
93 return 0;
94#endif /* OPENSSL_SECURE_MEMORY */
95}
96
97int CRYPTO_secure_malloc_done(void)
98{
99#ifdef OPENSSL_SECURE_MEMORY
100 if (secure_mem_used == 0) {
101 sh_done();
102 secure_mem_initialized = 0;
103 CRYPTO_THREAD_lock_free(sec_malloc_lock);
104 sec_malloc_lock = NULL;
105 return 1;
106 }
107#endif /* OPENSSL_SECURE_MEMORY */
108 return 0;
109}
110
111int CRYPTO_secure_malloc_initialized(void)
112{
113#ifdef OPENSSL_SECURE_MEMORY
114 return secure_mem_initialized;
115#else
116 return 0;
117#endif /* OPENSSL_SECURE_MEMORY */
118}
119
120void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
121{
122#ifdef OPENSSL_SECURE_MEMORY
123 void *ret;
124 size_t actual_size;
125
126 if (!secure_mem_initialized) {
127 return CRYPTO_malloc(num, file, line);
128 }
129 CRYPTO_THREAD_write_lock(sec_malloc_lock);
130 ret = sh_malloc(num);
131 actual_size = ret ? sh_actual_size(ret) : 0;
132 secure_mem_used += actual_size;
133 CRYPTO_THREAD_unlock(sec_malloc_lock);
134 return ret;
135#else
136 return CRYPTO_malloc(num, file, line);
137#endif /* OPENSSL_SECURE_MEMORY */
138}
139
140void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
141{
142#ifdef OPENSSL_SECURE_MEMORY
143 if (secure_mem_initialized)
144 /* CRYPTO_secure_malloc() zeroes allocations when it is implemented */
145 return CRYPTO_secure_malloc(num, file, line);
146#endif
147 return CRYPTO_zalloc(num, file, line);
148}
149
150void CRYPTO_secure_free(void *ptr, const char *file, int line)
151{
152#ifdef OPENSSL_SECURE_MEMORY
153 size_t actual_size;
154
155 if (ptr == NULL)
156 return;
157 if (!CRYPTO_secure_allocated(ptr)) {
158 CRYPTO_free(ptr, file, line);
159 return;
160 }
161 CRYPTO_THREAD_write_lock(sec_malloc_lock);
162 actual_size = sh_actual_size(ptr);
163 CLEAR(ptr, actual_size);
164 secure_mem_used -= actual_size;
165 sh_free(ptr);
166 CRYPTO_THREAD_unlock(sec_malloc_lock);
167#else
168 CRYPTO_free(ptr, file, line);
169#endif /* OPENSSL_SECURE_MEMORY */
170}
171
172void CRYPTO_secure_clear_free(void *ptr, size_t num,
173 const char *file, int line)
174{
175#ifdef OPENSSL_SECURE_MEMORY
176 size_t actual_size;
177
178 if (ptr == NULL)
179 return;
180 if (!CRYPTO_secure_allocated(ptr)) {
181 OPENSSL_cleanse(ptr, num);
182 CRYPTO_free(ptr, file, line);
183 return;
184 }
185 CRYPTO_THREAD_write_lock(sec_malloc_lock);
186 actual_size = sh_actual_size(ptr);
187 CLEAR(ptr, actual_size);
188 secure_mem_used -= actual_size;
189 sh_free(ptr);
190 CRYPTO_THREAD_unlock(sec_malloc_lock);
191#else
192 if (ptr == NULL)
193 return;
194 OPENSSL_cleanse(ptr, num);
195 CRYPTO_free(ptr, file, line);
196#endif /* OPENSSL_SECURE_MEMORY */
197}
198
199int CRYPTO_secure_allocated(const void *ptr)
200{
201#ifdef OPENSSL_SECURE_MEMORY
202 int ret;
203
204 if (!secure_mem_initialized)
205 return 0;
206 CRYPTO_THREAD_write_lock(sec_malloc_lock);
207 ret = sh_allocated(ptr);
208 CRYPTO_THREAD_unlock(sec_malloc_lock);
209 return ret;
210#else
211 return 0;
212#endif /* OPENSSL_SECURE_MEMORY */
213}
214
215size_t CRYPTO_secure_used(void)
216{
217#ifdef OPENSSL_SECURE_MEMORY
218 return secure_mem_used;
219#else
220 return 0;
221#endif /* OPENSSL_SECURE_MEMORY */
222}
223
224size_t CRYPTO_secure_actual_size(void *ptr)
225{
226#ifdef OPENSSL_SECURE_MEMORY
227 size_t actual_size;
228
229 CRYPTO_THREAD_write_lock(sec_malloc_lock);
230 actual_size = sh_actual_size(ptr);
231 CRYPTO_THREAD_unlock(sec_malloc_lock);
232 return actual_size;
233#else
234 return 0;
235#endif
236}
237/* END OF PAGE ...
238
239 ... START OF PAGE */
240
241/*
242 * SECURE HEAP IMPLEMENTATION
243 */
244#ifdef OPENSSL_SECURE_MEMORY
245
246
247/*
248 * The implementation provided here uses a fixed-sized mmap() heap,
249 * which is locked into memory, not written to core files, and protected
250 * on either side by an unmapped page, which will catch pointer overruns
251 * (or underruns) and an attempt to read data out of the secure heap.
252 * Free'd memory is zero'd or otherwise cleansed.
253 *
254 * This is a pretty standard buddy allocator. We keep areas in a multiple
255 * of "sh.minsize" units. The freelist and bitmaps are kept separately,
256 * so all (and only) data is kept in the mmap'd heap.
257 *
258 * This code assumes eight-bit bytes. The numbers 3 and 7 are all over the
259 * place.
260 */
261
262#define ONE ((size_t)1)
263
264# define TESTBIT(t, b) (t[(b) >> 3] & (ONE << ((b) & 7)))
265# define SETBIT(t, b) (t[(b) >> 3] |= (ONE << ((b) & 7)))
266# define CLEARBIT(t, b) (t[(b) >> 3] &= (0xFF & ~(ONE << ((b) & 7))))
267
268#define WITHIN_ARENA(p) \
269 ((char*)(p) >= sh.arena && (char*)(p) < &sh.arena[sh.arena_size])
270#define WITHIN_FREELIST(p) \
271 ((char*)(p) >= (char*)sh.freelist && (char*)(p) < (char*)&sh.freelist[sh.freelist_size])
272
273
274typedef struct sh_list_st
275{
276 struct sh_list_st *next;
277 struct sh_list_st **p_next;
278} SH_LIST;
279
280typedef struct sh_st
281{
282 char* map_result;
283 size_t map_size;
284 char *arena;
285 size_t arena_size;
286 char **freelist;
287 ossl_ssize_t freelist_size;
288 size_t minsize;
289 unsigned char *bittable;
290 unsigned char *bitmalloc;
291 size_t bittable_size; /* size in bits */
292} SH;
293
294static SH sh;
295
296static size_t sh_getlist(char *ptr)
297{
298 ossl_ssize_t list = sh.freelist_size - 1;
299 size_t bit = (sh.arena_size + ptr - sh.arena) / sh.minsize;
300
301 for (; bit; bit >>= 1, list--) {
302 if (TESTBIT(sh.bittable, bit))
303 break;
304 OPENSSL_assert((bit & 1) == 0);
305 }
306
307 return list;
308}
309
310
311static int sh_testbit(char *ptr, int list, unsigned char *table)
312{
313 size_t bit;
314
315 OPENSSL_assert(list >= 0 && list < sh.freelist_size);
316 OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
317 bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
318 OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
319 return TESTBIT(table, bit);
320}
321
322static void sh_clearbit(char *ptr, int list, unsigned char *table)
323{
324 size_t bit;
325
326 OPENSSL_assert(list >= 0 && list < sh.freelist_size);
327 OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
328 bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
329 OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
330 OPENSSL_assert(TESTBIT(table, bit));
331 CLEARBIT(table, bit);
332}
333
334static void sh_setbit(char *ptr, int list, unsigned char *table)
335{
336 size_t bit;
337
338 OPENSSL_assert(list >= 0 && list < sh.freelist_size);
339 OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
340 bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
341 OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
342 OPENSSL_assert(!TESTBIT(table, bit));
343 SETBIT(table, bit);
344}
345
346static void sh_add_to_list(char **list, char *ptr)
347{
348 SH_LIST *temp;
349
350 OPENSSL_assert(WITHIN_FREELIST(list));
351 OPENSSL_assert(WITHIN_ARENA(ptr));
352
353 temp = (SH_LIST *)ptr;
354 temp->next = *(SH_LIST **)list;
355 OPENSSL_assert(temp->next == NULL || WITHIN_ARENA(temp->next));
356 temp->p_next = (SH_LIST **)list;
357
358 if (temp->next != NULL) {
359 OPENSSL_assert((char **)temp->next->p_next == list);
360 temp->next->p_next = &(temp->next);
361 }
362
363 *list = ptr;
364}
365
366static void sh_remove_from_list(char *ptr)
367{
368 SH_LIST *temp, *temp2;
369
370 temp = (SH_LIST *)ptr;
371 if (temp->next != NULL)
372 temp->next->p_next = temp->p_next;
373 *temp->p_next = temp->next;
374 if (temp->next == NULL)
375 return;
376
377 temp2 = temp->next;
378 OPENSSL_assert(WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next));
379}
380
381
382static int sh_init(size_t size, int minsize)
383{
384 int ret;
385 size_t i;
386 size_t pgsize;
387 size_t aligned;
388
389 memset(&sh, 0, sizeof(sh));
390
391 /* make sure size and minsize are powers of 2 */
392 OPENSSL_assert(size > 0);
393 OPENSSL_assert((size & (size - 1)) == 0);
394 OPENSSL_assert(minsize > 0);
395 OPENSSL_assert((minsize & (minsize - 1)) == 0);
396 if (size <= 0 || (size & (size - 1)) != 0)
397 goto err;
398 if (minsize <= 0 || (minsize & (minsize - 1)) != 0)
399 goto err;
400
401 while (minsize < (int)sizeof(SH_LIST))
402 minsize *= 2;
403
404 sh.arena_size = size;
405 sh.minsize = minsize;
406 sh.bittable_size = (sh.arena_size / sh.minsize) * 2;
407
408 /* Prevent allocations of size 0 later on */
409 if (sh.bittable_size >> 3 == 0)
410 goto err;
411
412 sh.freelist_size = -1;
413 for (i = sh.bittable_size; i; i >>= 1)
414 sh.freelist_size++;
415
416 sh.freelist = OPENSSL_zalloc(sh.freelist_size * sizeof(char *));
417 OPENSSL_assert(sh.freelist != NULL);
418 if (sh.freelist == NULL)
419 goto err;
420
421 sh.bittable = OPENSSL_zalloc(sh.bittable_size >> 3);
422 OPENSSL_assert(sh.bittable != NULL);
423 if (sh.bittable == NULL)
424 goto err;
425
426 sh.bitmalloc = OPENSSL_zalloc(sh.bittable_size >> 3);
427 OPENSSL_assert(sh.bitmalloc != NULL);
428 if (sh.bitmalloc == NULL)
429 goto err;
430
431 /* Allocate space for heap, and two extra pages as guards */
432#if defined(_SC_PAGE_SIZE) || defined (_SC_PAGESIZE)
433 {
434# if defined(_SC_PAGE_SIZE)
435 long tmppgsize = sysconf(_SC_PAGE_SIZE);
436# else
437 long tmppgsize = sysconf(_SC_PAGESIZE);
438# endif
439 if (tmppgsize < 1)
440 pgsize = PAGE_SIZE;
441 else
442 pgsize = (size_t)tmppgsize;
443 }
444#else
445 pgsize = PAGE_SIZE;
446#endif
447 sh.map_size = pgsize + sh.arena_size + pgsize;
448 if (1) {
449#ifdef MAP_ANON
450 sh.map_result = mmap(NULL, sh.map_size,
451 PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE|MAP_CONCEAL, -1, 0);
452 } else {
453#endif
454 int fd;
455
456 sh.map_result = MAP_FAILED;
457 if ((fd = open("/dev/zero", O_RDWR)) >= 0) {
458 sh.map_result = mmap(NULL, sh.map_size,
459 PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0);
460 close(fd);
461 }
462 }
463 if (sh.map_result == MAP_FAILED)
464 goto err;
465 sh.arena = (char *)(sh.map_result + pgsize);
466 sh_setbit(sh.arena, 0, sh.bittable);
467 sh_add_to_list(&sh.freelist[0], sh.arena);
468
469 /* Now try to add guard pages and lock into memory. */
470 ret = 1;
471
472 /* Starting guard is already aligned from mmap. */
473 if (mprotect(sh.map_result, pgsize, PROT_NONE) < 0)
474 ret = 2;
475
476 /* Ending guard page - need to round up to page boundary */
477 aligned = (pgsize + sh.arena_size + (pgsize - 1)) & ~(pgsize - 1);
478 if (mprotect(sh.map_result + aligned, pgsize, PROT_NONE) < 0)
479 ret = 2;
480
481#if defined(OPENSSL_SYS_LINUX) && defined(MLOCK_ONFAULT) && defined(SYS_mlock2)
482 if (syscall(SYS_mlock2, sh.arena, sh.arena_size, MLOCK_ONFAULT) < 0) {
483 if (errno == ENOSYS) {
484 if (mlock(sh.arena, sh.arena_size) < 0)
485 ret = 2;
486 } else {
487 ret = 2;
488 }
489 }
490#else
491 if (mlock(sh.arena, sh.arena_size) < 0)
492 ret = 2;
493#endif
494#ifdef MADV_DONTDUMP
495 if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0)
496 ret = 2;
497#endif
498
499 return ret;
500
501 err:
502 sh_done();
503 return 0;
504}
505
506static void sh_done(void)
507{
508 OPENSSL_free(sh.freelist);
509 OPENSSL_free(sh.bittable);
510 OPENSSL_free(sh.bitmalloc);
511 if (sh.map_result != MAP_FAILED && sh.map_size)
512 munmap(sh.map_result, sh.map_size);
513 memset(&sh, 0, sizeof(sh));
514}
515
516static int sh_allocated(const char *ptr)
517{
518 return WITHIN_ARENA(ptr) ? 1 : 0;
519}
520
521static char *sh_find_my_buddy(char *ptr, int list)
522{
523 size_t bit;
524 char *chunk = NULL;
525
526 bit = (ONE << list) + (ptr - sh.arena) / (sh.arena_size >> list);
527 bit ^= 1;
528
529 if (TESTBIT(sh.bittable, bit) && !TESTBIT(sh.bitmalloc, bit))
530 chunk = sh.arena + ((bit & ((ONE << list) - 1)) * (sh.arena_size >> list));
531
532 return chunk;
533}
534
535static void *sh_malloc(size_t size)
536{
537 ossl_ssize_t list, slist;
538 size_t i;
539 char *chunk;
540
541 if (size > sh.arena_size)
542 return NULL;
543
544 list = sh.freelist_size - 1;
545 for (i = sh.minsize; i < size; i <<= 1)
546 list--;
547 if (list < 0)
548 return NULL;
549
550 /* try to find a larger entry to split */
551 for (slist = list; slist >= 0; slist--)
552 if (sh.freelist[slist] != NULL)
553 break;
554 if (slist < 0)
555 return NULL;
556
557 /* split larger entry */
558 while (slist != list) {
559 char *temp = sh.freelist[slist];
560
561 /* remove from bigger list */
562 OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
563 sh_clearbit(temp, slist, sh.bittable);
564 sh_remove_from_list(temp);
565 OPENSSL_assert(temp != sh.freelist[slist]);
566
567 /* done with bigger list */
568 slist++;
569
570 /* add to smaller list */
571 OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
572 sh_setbit(temp, slist, sh.bittable);
573 sh_add_to_list(&sh.freelist[slist], temp);
574 OPENSSL_assert(sh.freelist[slist] == temp);
575
576 /* split in 2 */
577 temp += sh.arena_size >> slist;
578 OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
579 sh_setbit(temp, slist, sh.bittable);
580 sh_add_to_list(&sh.freelist[slist], temp);
581 OPENSSL_assert(sh.freelist[slist] == temp);
582
583 OPENSSL_assert(temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist));
584 }
585
586 /* peel off memory to hand back */
587 chunk = sh.freelist[list];
588 OPENSSL_assert(sh_testbit(chunk, list, sh.bittable));
589 sh_setbit(chunk, list, sh.bitmalloc);
590 sh_remove_from_list(chunk);
591
592 OPENSSL_assert(WITHIN_ARENA(chunk));
593
594 /* zero the free list header as a precaution against information leakage */
595 memset(chunk, 0, sizeof(SH_LIST));
596
597 return chunk;
598}
599
600static void sh_free(void *ptr)
601{
602 size_t list;
603 void *buddy;
604
605 if (ptr == NULL)
606 return;
607 OPENSSL_assert(WITHIN_ARENA(ptr));
608 if (!WITHIN_ARENA(ptr))
609 return;
610
611 list = sh_getlist(ptr);
612 OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
613 sh_clearbit(ptr, list, sh.bitmalloc);
614 sh_add_to_list(&sh.freelist[list], ptr);
615
616 /* Try to coalesce two adjacent free areas. */
617 while ((buddy = sh_find_my_buddy(ptr, list)) != NULL) {
618 OPENSSL_assert(ptr == sh_find_my_buddy(buddy, list));
619 OPENSSL_assert(ptr != NULL);
620 OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
621 sh_clearbit(ptr, list, sh.bittable);
622 sh_remove_from_list(ptr);
623 OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
624 sh_clearbit(buddy, list, sh.bittable);
625 sh_remove_from_list(buddy);
626
627 list--;
628
629 /* Zero the higher addressed block's free list pointers */
630 memset(ptr > buddy ? ptr : buddy, 0, sizeof(SH_LIST));
631 if (ptr > buddy)
632 ptr = buddy;
633
634 OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
635 sh_setbit(ptr, list, sh.bittable);
636 sh_add_to_list(&sh.freelist[list], ptr);
637 OPENSSL_assert(sh.freelist[list] == ptr);
638 }
639}
640
641static size_t sh_actual_size(char *ptr)
642{
643 int list;
644
645 OPENSSL_assert(WITHIN_ARENA(ptr));
646 if (!WITHIN_ARENA(ptr))
647 return 0;
648 list = sh_getlist(ptr);
649 OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
650 return sh.arena_size / (ONE << list);
651}
652#endif /* OPENSSL_SECURE_MEMORY */