summaryrefslogtreecommitdiffstats
path: root/lib/utils_safe_memory.c
blob: b16136960a6c6e8ce439c1d1b7d184b74de53ac2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
/*
 * utils_safe_memory - safe memory helpers
 *
 * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
 * Copyright (C) 2009-2023 Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

#include <stdlib.h>
#include <stdbool.h>
#include <string.h>
#include <sys/mman.h>
#include "libcryptsetup.h"

struct safe_allocation {
	size_t size;
	bool locked;
	char data[0] __attribute__((aligned(8)));
};
#define OVERHEAD offsetof(struct safe_allocation, data)

/*
 * Replacement for memset(s, 0, n) on stack that can be optimized out
 * Also used in safe allocations for explicit memory wipe.
 */
void crypt_safe_memzero(void *data, size_t size)
{
	if (!data)
		return;

#ifdef HAVE_EXPLICIT_BZERO
	explicit_bzero(data, size);
#else
	volatile uint8_t *p = (volatile uint8_t *)data;

	while(size--)
		*p++ = 0;
#endif
}

/* safe allocations */
void *crypt_safe_alloc(size_t size)
{
	struct safe_allocation *alloc;

	if (!size || size > (SIZE_MAX - OVERHEAD))
		return NULL;

	alloc = malloc(size + OVERHEAD);
	if (!alloc)
		return NULL;

	crypt_safe_memzero(alloc, size + OVERHEAD);
	alloc->size = size;

	/* Ignore failure if it is over limit. */
	if (!mlock(alloc, size + OVERHEAD))
		alloc->locked = true;

	/* coverity[leaked_storage] */
	return &alloc->data;
}

void crypt_safe_free(void *data)
{
	struct safe_allocation *alloc;
	volatile size_t *s;
	void *p;

	if (!data)
		return;

	p = (char *)data - OVERHEAD;
	alloc = (struct safe_allocation *)p;

	crypt_safe_memzero(data, alloc->size);

	if (alloc->locked) {
		munlock(alloc, alloc->size + OVERHEAD);
		alloc->locked = false;
	}

	s = (volatile size_t *)&alloc->size;
	*s = 0x55aa55aa;
	free(alloc);
}

void *crypt_safe_realloc(void *data, size_t size)
{
	struct safe_allocation *alloc;
	void *new_data;
	void *p;

	new_data = crypt_safe_alloc(size);

	if (new_data && data) {

		p = (char *)data - OVERHEAD;
		alloc = (struct safe_allocation *)p;

		if (size > alloc->size)
			size = alloc->size;

		memcpy(new_data, data, size);
	}

	crypt_safe_free(data);
	return new_data;
}