summaryrefslogtreecommitdiffstats
path: root/lib/utils_safe_memory.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--lib/utils_safe_memory.c122
1 files changed, 122 insertions, 0 deletions
diff --git a/lib/utils_safe_memory.c b/lib/utils_safe_memory.c
new file mode 100644
index 0000000..b161369
--- /dev/null
+++ b/lib/utils_safe_memory.c
@@ -0,0 +1,122 @@
+/*
+ * utils_safe_memory - safe memory helpers
+ *
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Milan Broz
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <stdlib.h>
+#include <stdbool.h>
+#include <string.h>
+#include <sys/mman.h>
+#include "libcryptsetup.h"
+
+struct safe_allocation {
+ size_t size;
+ bool locked;
+ char data[0] __attribute__((aligned(8)));
+};
+#define OVERHEAD offsetof(struct safe_allocation, data)
+
+/*
+ * Replacement for memset(s, 0, n) on stack that can be optimized out
+ * Also used in safe allocations for explicit memory wipe.
+ */
+void crypt_safe_memzero(void *data, size_t size)
+{
+ if (!data)
+ return;
+
+#ifdef HAVE_EXPLICIT_BZERO
+ explicit_bzero(data, size);
+#else
+ volatile uint8_t *p = (volatile uint8_t *)data;
+
+ while(size--)
+ *p++ = 0;
+#endif
+}
+
+/* safe allocations */
+void *crypt_safe_alloc(size_t size)
+{
+ struct safe_allocation *alloc;
+
+ if (!size || size > (SIZE_MAX - OVERHEAD))
+ return NULL;
+
+ alloc = malloc(size + OVERHEAD);
+ if (!alloc)
+ return NULL;
+
+ crypt_safe_memzero(alloc, size + OVERHEAD);
+ alloc->size = size;
+
+ /* Ignore failure if it is over limit. */
+ if (!mlock(alloc, size + OVERHEAD))
+ alloc->locked = true;
+
+ /* coverity[leaked_storage] */
+ return &alloc->data;
+}
+
+void crypt_safe_free(void *data)
+{
+ struct safe_allocation *alloc;
+ volatile size_t *s;
+ void *p;
+
+ if (!data)
+ return;
+
+ p = (char *)data - OVERHEAD;
+ alloc = (struct safe_allocation *)p;
+
+ crypt_safe_memzero(data, alloc->size);
+
+ if (alloc->locked) {
+ munlock(alloc, alloc->size + OVERHEAD);
+ alloc->locked = false;
+ }
+
+ s = (volatile size_t *)&alloc->size;
+ *s = 0x55aa55aa;
+ free(alloc);
+}
+
+void *crypt_safe_realloc(void *data, size_t size)
+{
+ struct safe_allocation *alloc;
+ void *new_data;
+ void *p;
+
+ new_data = crypt_safe_alloc(size);
+
+ if (new_data && data) {
+
+ p = (char *)data - OVERHEAD;
+ alloc = (struct safe_allocation *)p;
+
+ if (size > alloc->size)
+ size = alloc->size;
+
+ memcpy(new_data, data, size);
+ }
+
+ crypt_safe_free(data);
+ return new_data;
+}