mirror of
https://gitlab.com/cryptsetup/cryptsetup.git
synced 2025-12-05 16:00:05 +01:00
122 lines
2.3 KiB
C
122 lines
2.3 KiB
C
// SPDX-License-Identifier: GPL-2.0-or-later
|
|
/*
|
|
* utils_safe_memory - safe memory helpers
|
|
*
|
|
* Copyright (C) 2009-2025 Red Hat, Inc. All rights reserved.
|
|
* Copyright (C) 2009-2025 Milan Broz
|
|
*/
|
|
|
|
#include <string.h>
|
|
#include <sys/mman.h>
|
|
#include "internal.h"
|
|
|
|
struct safe_allocation {
|
|
size_t size;
|
|
bool locked;
|
|
char data[0] __attribute__((aligned(8)));
|
|
};
|
|
#define OVERHEAD offsetof(struct safe_allocation, data)
|
|
|
|
/*
|
|
* Replacement for memset(s, 0, n) on stack that can be optimized out
|
|
* Also used in safe allocations for explicit memory wipe.
|
|
*/
|
|
void crypt_safe_memzero(void *data, size_t size)
|
|
{
|
|
if (!data)
|
|
return;
|
|
|
|
return crypt_backend_memzero(data, size);
|
|
}
|
|
|
|
/* Memcpy helper to avoid spilling sensitive data through additional registers */
|
|
void *crypt_safe_memcpy(void *dst, const void *src, size_t size)
|
|
{
|
|
if (!dst || !src)
|
|
return NULL;
|
|
|
|
return crypt_backend_memcpy(dst, src, size);
|
|
}
|
|
|
|
/* safe allocations */
|
|
void *crypt_safe_alloc(size_t size)
|
|
{
|
|
struct safe_allocation *alloc;
|
|
|
|
if (!size || size > (SIZE_MAX - OVERHEAD))
|
|
return NULL;
|
|
|
|
alloc = malloc(size + OVERHEAD);
|
|
if (!alloc)
|
|
return NULL;
|
|
|
|
crypt_backend_memzero(alloc, size + OVERHEAD);
|
|
alloc->size = size;
|
|
|
|
/* Ignore failure if it is over limit. */
|
|
if (!mlock(alloc, size + OVERHEAD))
|
|
alloc->locked = true;
|
|
|
|
/* coverity[leaked_storage] */
|
|
return &alloc->data;
|
|
}
|
|
|
|
void crypt_safe_free(void *data)
|
|
{
|
|
struct safe_allocation *alloc;
|
|
volatile size_t *s;
|
|
void *p;
|
|
|
|
if (!data)
|
|
return;
|
|
|
|
p = (char *)data - OVERHEAD;
|
|
alloc = (struct safe_allocation *)p;
|
|
|
|
crypt_backend_memzero(data, alloc->size);
|
|
|
|
if (alloc->locked) {
|
|
munlock(alloc, alloc->size + OVERHEAD);
|
|
alloc->locked = false;
|
|
}
|
|
|
|
s = (volatile size_t *)&alloc->size;
|
|
*s = 0x55aa55aa;
|
|
free(alloc);
|
|
}
|
|
|
|
void *crypt_safe_realloc(void *data, size_t size)
|
|
{
|
|
struct safe_allocation *alloc;
|
|
void *new_data;
|
|
void *p;
|
|
|
|
new_data = crypt_safe_alloc(size);
|
|
|
|
if (new_data && data) {
|
|
|
|
p = (char *)data - OVERHEAD;
|
|
alloc = (struct safe_allocation *)p;
|
|
|
|
if (size > alloc->size)
|
|
size = alloc->size;
|
|
|
|
crypt_backend_memcpy(new_data, data, size);
|
|
}
|
|
|
|
crypt_safe_free(data);
|
|
return new_data;
|
|
}
|
|
|
|
size_t crypt_safe_alloc_size(const void *data)
|
|
{
|
|
const void *p;
|
|
|
|
if (!data)
|
|
return 0;
|
|
|
|
p = (const char *)data - OVERHEAD;
|
|
|
|
return ((const struct safe_allocation *)p)->size;
|
|
}
|