1/* 2 * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. 3 * Copyright 2004-2014, Akamai Technologies. All Rights Reserved. 4 * 5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 * this file except in compliance with the License. You can obtain a copy 7 * in the file LICENSE in the source distribution or at 8 * https://www.openssl.org/source/license.html 9 */ 10 11/* 12 * This file is in two halves. The first half implements the public API 13 * to be used by external consumers, and to be used by OpenSSL to store 14 * data in a "secure arena." The second half implements the secure arena. 15 * For details on that implementation, see below (look for uppercase 16 * "SECURE HEAP IMPLEMENTATION"). 17 */ 18#include "e_os.h" 19#include <openssl/crypto.h> 20 21#include <string.h> 22 23#ifndef OPENSSL_NO_SECURE_MEMORY 24# if defined(_WIN32) 25# include <windows.h> 26# if defined(WINAPI_FAMILY_PARTITION) 27# if !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP | WINAPI_PARTITION_SYSTEM) 28/* 29 * While VirtualLock is available under the app partition (e.g. UWP), 30 * the headers do not define the API. Define it ourselves instead. 31 */ 32WINBASEAPI 33BOOL 34WINAPI 35VirtualLock( 36 _In_ LPVOID lpAddress, 37 _In_ SIZE_T dwSize 38 ); 39# endif 40# endif 41# endif 42# include <stdlib.h> 43# include <assert.h> 44# if defined(OPENSSL_SYS_UNIX) 45# include <unistd.h> 46# endif 47# include <sys/types.h> 48# if defined(OPENSSL_SYS_UNIX) 49# include <sys/mman.h> 50# if defined(__FreeBSD__) 51# define MADV_DONTDUMP MADV_NOCORE 52# endif 53# if !defined(MAP_CONCEAL) 54# define MAP_CONCEAL 0 55# endif 56# endif 57# if defined(OPENSSL_SYS_LINUX) 58# include <sys/syscall.h> 59# if defined(SYS_mlock2) 60# include <linux/mman.h> 61# include <errno.h> 62# endif 63# include <sys/param.h> 64# endif 65# include <sys/stat.h> 66# include <fcntl.h> 67#endif 68 69#define CLEAR(p, s) OPENSSL_cleanse(p, s) 70#ifndef PAGE_SIZE 71# define PAGE_SIZE 4096 72#endif 73#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS) 74# define MAP_ANON MAP_ANONYMOUS 75#endif 76 77#ifndef OPENSSL_NO_SECURE_MEMORY 78static size_t secure_mem_used; 79 80static int secure_mem_initialized; 81 82static CRYPTO_RWLOCK *sec_malloc_lock = NULL; 83 84/* 85 * These are the functions that must be implemented by a secure heap (sh). 86 */ 87static int sh_init(size_t size, size_t minsize); 88static void *sh_malloc(size_t size); 89static void sh_free(void *ptr); 90static void sh_done(void); 91static size_t sh_actual_size(char *ptr); 92static int sh_allocated(const char *ptr); 93#endif 94 95int CRYPTO_secure_malloc_init(size_t size, size_t minsize) 96{ 97#ifndef OPENSSL_NO_SECURE_MEMORY 98 int ret = 0; 99 100 if (!secure_mem_initialized) { 101 sec_malloc_lock = CRYPTO_THREAD_lock_new(); 102 if (sec_malloc_lock == NULL) 103 return 0; 104 if ((ret = sh_init(size, minsize)) != 0) { 105 secure_mem_initialized = 1; 106 } else { 107 CRYPTO_THREAD_lock_free(sec_malloc_lock); 108 sec_malloc_lock = NULL; 109 } 110 } 111 112 return ret; 113#else 114 return 0; 115#endif /* OPENSSL_NO_SECURE_MEMORY */ 116} 117 118int CRYPTO_secure_malloc_done(void) 119{ 120#ifndef OPENSSL_NO_SECURE_MEMORY 121 if (secure_mem_used == 0) { 122 sh_done(); 123 secure_mem_initialized = 0; 124 CRYPTO_THREAD_lock_free(sec_malloc_lock); 125 sec_malloc_lock = NULL; 126 return 1; 127 } 128#endif /* OPENSSL_NO_SECURE_MEMORY */ 129 return 0; 130} 131 132int CRYPTO_secure_malloc_initialized(void) 133{ 134#ifndef OPENSSL_NO_SECURE_MEMORY 135 return secure_mem_initialized; 136#else 137 return 0; 138#endif /* OPENSSL_NO_SECURE_MEMORY */ 139} 140 141void *CRYPTO_secure_malloc(size_t num, const char *file, int line) 142{ 143#ifndef OPENSSL_NO_SECURE_MEMORY 144 void *ret; 145 size_t actual_size; 146 147 if (!secure_mem_initialized) { 148 return CRYPTO_malloc(num, file, line); 149 } 150 if (!CRYPTO_THREAD_write_lock(sec_malloc_lock)) 151 return NULL; 152 ret = sh_malloc(num); 153 actual_size = ret ? sh_actual_size(ret) : 0; 154 secure_mem_used += actual_size; 155 CRYPTO_THREAD_unlock(sec_malloc_lock); 156 return ret; 157#else 158 return CRYPTO_malloc(num, file, line); 159#endif /* OPENSSL_NO_SECURE_MEMORY */ 160} 161 162void *CRYPTO_secure_zalloc(size_t num, const char *file, int line) 163{ 164#ifndef OPENSSL_NO_SECURE_MEMORY 165 if (secure_mem_initialized) 166 /* CRYPTO_secure_malloc() zeroes allocations when it is implemented */ 167 return CRYPTO_secure_malloc(num, file, line); 168#endif 169 return CRYPTO_zalloc(num, file, line); 170} 171 172void CRYPTO_secure_free(void *ptr, const char *file, int line) 173{ 174#ifndef OPENSSL_NO_SECURE_MEMORY 175 size_t actual_size; 176 177 if (ptr == NULL) 178 return; 179 if (!CRYPTO_secure_allocated(ptr)) { 180 CRYPTO_free(ptr, file, line); 181 return; 182 } 183 if (!CRYPTO_THREAD_write_lock(sec_malloc_lock)) 184 return; 185 actual_size = sh_actual_size(ptr); 186 CLEAR(ptr, actual_size); 187 secure_mem_used -= actual_size; 188 sh_free(ptr); 189 CRYPTO_THREAD_unlock(sec_malloc_lock); 190#else 191 CRYPTO_free(ptr, file, line); 192#endif /* OPENSSL_NO_SECURE_MEMORY */ 193} 194 195void CRYPTO_secure_clear_free(void *ptr, size_t num, 196 const char *file, int line) 197{ 198#ifndef OPENSSL_NO_SECURE_MEMORY 199 size_t actual_size; 200 201 if (ptr == NULL) 202 return; 203 if (!CRYPTO_secure_allocated(ptr)) { 204 OPENSSL_cleanse(ptr, num); 205 CRYPTO_free(ptr, file, line); 206 return; 207 } 208 if (!CRYPTO_THREAD_write_lock(sec_malloc_lock)) 209 return; 210 actual_size = sh_actual_size(ptr); 211 CLEAR(ptr, actual_size); 212 secure_mem_used -= actual_size; 213 sh_free(ptr); 214 CRYPTO_THREAD_unlock(sec_malloc_lock); 215#else 216 if (ptr == NULL) 217 return; 218 OPENSSL_cleanse(ptr, num); 219 CRYPTO_free(ptr, file, line); 220#endif /* OPENSSL_NO_SECURE_MEMORY */ 221} 222 223int CRYPTO_secure_allocated(const void *ptr) 224{ 225#ifndef OPENSSL_NO_SECURE_MEMORY 226 if (!secure_mem_initialized) 227 return 0; 228 /* 229 * Only read accesses to the arena take place in sh_allocated() and this 230 * is only changed by the sh_init() and sh_done() calls which are not 231 * locked. Hence, it is safe to make this check without a lock too. 232 */ 233 return sh_allocated(ptr); 234#else 235 return 0; 236#endif /* OPENSSL_NO_SECURE_MEMORY */ 237} 238 239size_t CRYPTO_secure_used(void) 240{ 241 size_t ret = 0; 242 243#ifndef OPENSSL_NO_SECURE_MEMORY 244 if (!CRYPTO_THREAD_read_lock(sec_malloc_lock)) 245 return 0; 246 247 ret = secure_mem_used; 248 249 CRYPTO_THREAD_unlock(sec_malloc_lock); 250#endif /* OPENSSL_NO_SECURE_MEMORY */ 251 return ret; 252} 253 254size_t CRYPTO_secure_actual_size(void *ptr) 255{ 256#ifndef OPENSSL_NO_SECURE_MEMORY 257 size_t actual_size; 258 259 if (!CRYPTO_THREAD_write_lock(sec_malloc_lock)) 260 return 0; 261 actual_size = sh_actual_size(ptr); 262 CRYPTO_THREAD_unlock(sec_malloc_lock); 263 return actual_size; 264#else 265 return 0; 266#endif 267} 268 269/* 270 * SECURE HEAP IMPLEMENTATION 271 */ 272#ifndef OPENSSL_NO_SECURE_MEMORY 273 274 275/* 276 * The implementation provided here uses a fixed-sized mmap() heap, 277 * which is locked into memory, not written to core files, and protected 278 * on either side by an unmapped page, which will catch pointer overruns 279 * (or underruns) and an attempt to read data out of the secure heap. 280 * Free'd memory is zero'd or otherwise cleansed. 281 * 282 * This is a pretty standard buddy allocator. We keep areas in a multiple 283 * of "sh.minsize" units. The freelist and bitmaps are kept separately, 284 * so all (and only) data is kept in the mmap'd heap. 285 * 286 * This code assumes eight-bit bytes. The numbers 3 and 7 are all over the 287 * place. 288 */ 289 290#define ONE ((size_t)1) 291 292# define TESTBIT(t, b) (t[(b) >> 3] & (ONE << ((b) & 7))) 293# define SETBIT(t, b) (t[(b) >> 3] |= (ONE << ((b) & 7))) 294# define CLEARBIT(t, b) (t[(b) >> 3] &= (0xFF & ~(ONE << ((b) & 7)))) 295 296#define WITHIN_ARENA(p) \ 297 ((char*)(p) >= sh.arena && (char*)(p) < &sh.arena[sh.arena_size]) 298#define WITHIN_FREELIST(p) \ 299 ((char*)(p) >= (char*)sh.freelist && (char*)(p) < (char*)&sh.freelist[sh.freelist_size]) 300 301 302typedef struct sh_list_st 303{ 304 struct sh_list_st *next; 305 struct sh_list_st **p_next; 306} SH_LIST; 307 308typedef struct sh_st 309{ 310 char* map_result; 311 size_t map_size; 312 char *arena; 313 size_t arena_size; 314 char **freelist; 315 ossl_ssize_t freelist_size; 316 size_t minsize; 317 unsigned char *bittable; 318 unsigned char *bitmalloc; 319 size_t bittable_size; /* size in bits */ 320} SH; 321 322static SH sh; 323 324static size_t sh_getlist(char *ptr) 325{ 326 ossl_ssize_t list = sh.freelist_size - 1; 327 size_t bit = (sh.arena_size + ptr - sh.arena) / sh.minsize; 328 329 for (; bit; bit >>= 1, list--) { 330 if (TESTBIT(sh.bittable, bit)) 331 break; 332 OPENSSL_assert((bit & 1) == 0); 333 } 334 335 return list; 336} 337 338 339static int sh_testbit(char *ptr, int list, unsigned char *table) 340{ 341 size_t bit; 342 343 OPENSSL_assert(list >= 0 && list < sh.freelist_size); 344 OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0); 345 bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list)); 346 OPENSSL_assert(bit > 0 && bit < sh.bittable_size); 347 return TESTBIT(table, bit); 348} 349 350static void sh_clearbit(char *ptr, int list, unsigned char *table) 351{ 352 size_t bit; 353 354 OPENSSL_assert(list >= 0 && list < sh.freelist_size); 355 OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0); 356 bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list)); 357 OPENSSL_assert(bit > 0 && bit < sh.bittable_size); 358 OPENSSL_assert(TESTBIT(table, bit)); 359 CLEARBIT(table, bit); 360} 361 362static void sh_setbit(char *ptr, int list, unsigned char *table) 363{ 364 size_t bit; 365 366 OPENSSL_assert(list >= 0 && list < sh.freelist_size); 367 OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0); 368 bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list)); 369 OPENSSL_assert(bit > 0 && bit < sh.bittable_size); 370 OPENSSL_assert(!TESTBIT(table, bit)); 371 SETBIT(table, bit); 372} 373 374static void sh_add_to_list(char **list, char *ptr) 375{ 376 SH_LIST *temp; 377 378 OPENSSL_assert(WITHIN_FREELIST(list)); 379 OPENSSL_assert(WITHIN_ARENA(ptr)); 380 381 temp = (SH_LIST *)ptr; 382 temp->next = *(SH_LIST **)list; 383 OPENSSL_assert(temp->next == NULL || WITHIN_ARENA(temp->next)); 384 temp->p_next = (SH_LIST **)list; 385 386 if (temp->next != NULL) { 387 OPENSSL_assert((char **)temp->next->p_next == list); 388 temp->next->p_next = &(temp->next); 389 } 390 391 *list = ptr; 392} 393 394static void sh_remove_from_list(char *ptr) 395{ 396 SH_LIST *temp, *temp2; 397 398 temp = (SH_LIST *)ptr; 399 if (temp->next != NULL) 400 temp->next->p_next = temp->p_next; 401 *temp->p_next = temp->next; 402 if (temp->next == NULL) 403 return; 404 405 temp2 = temp->next; 406 OPENSSL_assert(WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)); 407} 408 409 410static int sh_init(size_t size, size_t minsize) 411{ 412 int ret; 413 size_t i; 414 size_t pgsize; 415 size_t aligned; 416#if defined(_WIN32) 417 DWORD flOldProtect; 418 SYSTEM_INFO systemInfo; 419#endif 420 421 memset(&sh, 0, sizeof(sh)); 422 423 /* make sure size is a powers of 2 */ 424 OPENSSL_assert(size > 0); 425 OPENSSL_assert((size & (size - 1)) == 0); 426 if (size == 0 || (size & (size - 1)) != 0) 427 goto err; 428 429 if (minsize <= sizeof(SH_LIST)) { 430 OPENSSL_assert(sizeof(SH_LIST) <= 65536); 431 /* 432 * Compute the minimum possible allocation size. 433 * This must be a power of 2 and at least as large as the SH_LIST 434 * structure. 435 */ 436 minsize = sizeof(SH_LIST) - 1; 437 minsize |= minsize >> 1; 438 minsize |= minsize >> 2; 439 if (sizeof(SH_LIST) > 16) 440 minsize |= minsize >> 4; 441 if (sizeof(SH_LIST) > 256) 442 minsize |= minsize >> 8; 443 minsize++; 444 } else { 445 /* make sure minsize is a powers of 2 */ 446 OPENSSL_assert((minsize & (minsize - 1)) == 0); 447 if ((minsize & (minsize - 1)) != 0) 448 goto err; 449 } 450 451 sh.arena_size = size; 452 sh.minsize = minsize; 453 sh.bittable_size = (sh.arena_size / sh.minsize) * 2; 454 455 /* Prevent allocations of size 0 later on */ 456 if (sh.bittable_size >> 3 == 0) 457 goto err; 458 459 sh.freelist_size = -1; 460 for (i = sh.bittable_size; i; i >>= 1) 461 sh.freelist_size++; 462 463 sh.freelist = OPENSSL_zalloc(sh.freelist_size * sizeof(char *)); 464 OPENSSL_assert(sh.freelist != NULL); 465 if (sh.freelist == NULL) 466 goto err; 467 468 sh.bittable = OPENSSL_zalloc(sh.bittable_size >> 3); 469 OPENSSL_assert(sh.bittable != NULL); 470 if (sh.bittable == NULL) 471 goto err; 472 473 sh.bitmalloc = OPENSSL_zalloc(sh.bittable_size >> 3); 474 OPENSSL_assert(sh.bitmalloc != NULL); 475 if (sh.bitmalloc == NULL) 476 goto err; 477 478 /* Allocate space for heap, and two extra pages as guards */ 479#if defined(_SC_PAGE_SIZE) || defined (_SC_PAGESIZE) 480 { 481# if defined(_SC_PAGE_SIZE) 482 long tmppgsize = sysconf(_SC_PAGE_SIZE); 483# else 484 long tmppgsize = sysconf(_SC_PAGESIZE); 485# endif 486 if (tmppgsize < 1) 487 pgsize = PAGE_SIZE; 488 else 489 pgsize = (size_t)tmppgsize; 490 } 491#elif defined(_WIN32) 492 GetSystemInfo(&systemInfo); 493 pgsize = (size_t)systemInfo.dwPageSize; 494#else 495 pgsize = PAGE_SIZE; 496#endif 497 sh.map_size = pgsize + sh.arena_size + pgsize; 498 499#if !defined(_WIN32) 500# ifdef MAP_ANON 501 sh.map_result = mmap(NULL, sh.map_size, 502 PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE|MAP_CONCEAL, -1, 0); 503# else 504 { 505 int fd; 506 507 sh.map_result = MAP_FAILED; 508 if ((fd = open("/dev/zero", O_RDWR)) >= 0) { 509 sh.map_result = mmap(NULL, sh.map_size, 510 PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0); 511 close(fd); 512 } 513 } 514# endif 515 if (sh.map_result == MAP_FAILED) 516 goto err; 517#else 518 sh.map_result = VirtualAlloc(NULL, sh.map_size, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); 519 520 if (sh.map_result == NULL) 521 goto err; 522#endif 523 524 sh.arena = (char *)(sh.map_result + pgsize); 525 sh_setbit(sh.arena, 0, sh.bittable); 526 sh_add_to_list(&sh.freelist[0], sh.arena); 527 528 /* Now try to add guard pages and lock into memory. */ 529 ret = 1; 530 531#if !defined(_WIN32) 532 /* Starting guard is already aligned from mmap. */ 533 if (mprotect(sh.map_result, pgsize, PROT_NONE) < 0) 534 ret = 2; 535#else 536 if (VirtualProtect(sh.map_result, pgsize, PAGE_NOACCESS, &flOldProtect) == FALSE) 537 ret = 2; 538#endif 539 540 /* Ending guard page - need to round up to page boundary */ 541 aligned = (pgsize + sh.arena_size + (pgsize - 1)) & ~(pgsize - 1); 542#if !defined(_WIN32) 543 if (mprotect(sh.map_result + aligned, pgsize, PROT_NONE) < 0) 544 ret = 2; 545#else 546 if (VirtualProtect(sh.map_result + aligned, pgsize, PAGE_NOACCESS, &flOldProtect) == FALSE) 547 ret = 2; 548#endif 549 550#if defined(OPENSSL_SYS_LINUX) && defined(MLOCK_ONFAULT) && defined(SYS_mlock2) 551 if (syscall(SYS_mlock2, sh.arena, sh.arena_size, MLOCK_ONFAULT) < 0) { 552 if (errno == ENOSYS) { 553 if (mlock(sh.arena, sh.arena_size) < 0) 554 ret = 2; 555 } else { 556 ret = 2; 557 } 558 } 559#elif defined(_WIN32) 560 if (VirtualLock(sh.arena, sh.arena_size) == FALSE) 561 ret = 2; 562#else 563 if (mlock(sh.arena, sh.arena_size) < 0) 564 ret = 2; 565#endif 566#ifdef MADV_DONTDUMP 567 if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0) 568 ret = 2; 569#endif 570 571 return ret; 572 573 err: 574 sh_done(); 575 return 0; 576} 577 578static void sh_done(void) 579{ 580 OPENSSL_free(sh.freelist); 581 OPENSSL_free(sh.bittable); 582 OPENSSL_free(sh.bitmalloc); 583#if !defined(_WIN32) 584 if (sh.map_result != MAP_FAILED && sh.map_size) 585 munmap(sh.map_result, sh.map_size); 586#else 587 if (sh.map_result != NULL && sh.map_size) 588 VirtualFree(sh.map_result, 0, MEM_RELEASE); 589#endif 590 memset(&sh, 0, sizeof(sh)); 591} 592 593static int sh_allocated(const char *ptr) 594{ 595 return WITHIN_ARENA(ptr) ? 1 : 0; 596} 597 598static char *sh_find_my_buddy(char *ptr, int list) 599{ 600 size_t bit; 601 char *chunk = NULL; 602 603 bit = (ONE << list) + (ptr - sh.arena) / (sh.arena_size >> list); 604 bit ^= 1; 605 606 if (TESTBIT(sh.bittable, bit) && !TESTBIT(sh.bitmalloc, bit)) 607 chunk = sh.arena + ((bit & ((ONE << list) - 1)) * (sh.arena_size >> list)); 608 609 return chunk; 610} 611 612static void *sh_malloc(size_t size) 613{ 614 ossl_ssize_t list, slist; 615 size_t i; 616 char *chunk; 617 618 if (size > sh.arena_size) 619 return NULL; 620 621 list = sh.freelist_size - 1; 622 for (i = sh.minsize; i < size; i <<= 1) 623 list--; 624 if (list < 0) 625 return NULL; 626 627 /* try to find a larger entry to split */ 628 for (slist = list; slist >= 0; slist--) 629 if (sh.freelist[slist] != NULL) 630 break; 631 if (slist < 0) 632 return NULL; 633 634 /* split larger entry */ 635 while (slist != list) { 636 char *temp = sh.freelist[slist]; 637 638 /* remove from bigger list */ 639 OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc)); 640 sh_clearbit(temp, slist, sh.bittable); 641 sh_remove_from_list(temp); 642 OPENSSL_assert(temp != sh.freelist[slist]); 643 644 /* done with bigger list */ 645 slist++; 646 647 /* add to smaller list */ 648 OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc)); 649 sh_setbit(temp, slist, sh.bittable); 650 sh_add_to_list(&sh.freelist[slist], temp); 651 OPENSSL_assert(sh.freelist[slist] == temp); 652 653 /* split in 2 */ 654 temp += sh.arena_size >> slist; 655 OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc)); 656 sh_setbit(temp, slist, sh.bittable); 657 sh_add_to_list(&sh.freelist[slist], temp); 658 OPENSSL_assert(sh.freelist[slist] == temp); 659 660 OPENSSL_assert(temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)); 661 } 662 663 /* peel off memory to hand back */ 664 chunk = sh.freelist[list]; 665 OPENSSL_assert(sh_testbit(chunk, list, sh.bittable)); 666 sh_setbit(chunk, list, sh.bitmalloc); 667 sh_remove_from_list(chunk); 668 669 OPENSSL_assert(WITHIN_ARENA(chunk)); 670 671 /* zero the free list header as a precaution against information leakage */ 672 memset(chunk, 0, sizeof(SH_LIST)); 673 674 return chunk; 675} 676 677static void sh_free(void *ptr) 678{ 679 size_t list; 680 void *buddy; 681 682 if (ptr == NULL) 683 return; 684 OPENSSL_assert(WITHIN_ARENA(ptr)); 685 if (!WITHIN_ARENA(ptr)) 686 return; 687 688 list = sh_getlist(ptr); 689 OPENSSL_assert(sh_testbit(ptr, list, sh.bittable)); 690 sh_clearbit(ptr, list, sh.bitmalloc); 691 sh_add_to_list(&sh.freelist[list], ptr); 692 693 /* Try to coalesce two adjacent free areas. */ 694 while ((buddy = sh_find_my_buddy(ptr, list)) != NULL) { 695 OPENSSL_assert(ptr == sh_find_my_buddy(buddy, list)); 696 OPENSSL_assert(ptr != NULL); 697 OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc)); 698 sh_clearbit(ptr, list, sh.bittable); 699 sh_remove_from_list(ptr); 700 OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc)); 701 sh_clearbit(buddy, list, sh.bittable); 702 sh_remove_from_list(buddy); 703 704 list--; 705 706 /* Zero the higher addressed block's free list pointers */ 707 memset(ptr > buddy ? ptr : buddy, 0, sizeof(SH_LIST)); 708 if (ptr > buddy) 709 ptr = buddy; 710 711 OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc)); 712 sh_setbit(ptr, list, sh.bittable); 713 sh_add_to_list(&sh.freelist[list], ptr); 714 OPENSSL_assert(sh.freelist[list] == ptr); 715 } 716} 717 718static size_t sh_actual_size(char *ptr) 719{ 720 int list; 721 722 OPENSSL_assert(WITHIN_ARENA(ptr)); 723 if (!WITHIN_ARENA(ptr)) 724 return 0; 725 list = sh_getlist(ptr); 726 OPENSSL_assert(sh_testbit(ptr, list, sh.bittable)); 727 return sh.arena_size / (ONE << list); 728} 729#endif /* OPENSSL_NO_SECURE_MEMORY */ 730