1 // Copyright 2020 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ///////////////////////////////////////////////////////////////////////////////
16
17 #ifndef TINK_UTIL_SECRET_DATA_INTERNAL_H_
18 #define TINK_UTIL_SECRET_DATA_INTERNAL_H_
19
20 #include <cstddef>
21 #include <cstdlib>
22 #include <limits>
23 #include <new>
24
25 #include "absl/base/attributes.h"
26 #include "absl/base/config.h"
27 #include "openssl/crypto.h"
28
29 namespace crypto {
30 namespace tink {
31 namespace util {
32 namespace internal {
33
SafeZeroMemory(void * ptr,std::size_t size)34 inline void SafeZeroMemory(void* ptr, std::size_t size) {
35 OPENSSL_cleanse(ptr, size);
36 }
37
38 template <typename T>
39 struct SanitizingAllocatorImpl {
40 // If aligned operator new is not supported this only supports under aligned
41 // types.
42 #ifndef __cpp_aligned_new
43 static_assert(alignof(T) <= alignof(std::max_align_t),
44 "SanitizingAllocator<T> only supports fundamental alignment "
45 "before C++17");
46 #endif
47
allocateSanitizingAllocatorImpl48 static T* allocate(std::size_t n) {
49 if (n > std::numeric_limits<std::size_t>::max() / sizeof(T)) {
50 #ifdef ABSL_HAVE_EXCEPTIONS
51 throw std::bad_array_new_length();
52 #else
53 std::abort();
54 #endif
55 }
56 std::size_t size = n * sizeof(T);
57 #ifdef __cpp_aligned_new
58 return static_cast<T*>(::operator new(size, std::align_val_t(alignof(T))));
59 #else
60 return static_cast<T*>(::operator new(size));
61 #endif
62 }
63
deallocateSanitizingAllocatorImpl64 static void deallocate(void* ptr, std::size_t n) {
65 SafeZeroMemory(ptr, n * sizeof(T));
66 #ifdef __cpp_aligned_new
67 ::operator delete(ptr, std::align_val_t(alignof(T)));
68 #else
69 ::operator delete(ptr);
70 #endif
71 }
72 };
73
74 // Specialization for malloc-like aligned storage.
75 template <>
76 struct SanitizingAllocatorImpl<void> {
77 static void* allocate(std::size_t n) { return std::malloc(n); }
78 static void deallocate(void* ptr, std::size_t n) {
79 SafeZeroMemory(ptr, n);
80 return std::free(ptr);
81 }
82 };
83
84 template <typename T>
85 struct SanitizingAllocator {
86 typedef T value_type;
87
88 SanitizingAllocator() = default;
89 template <class U>
90 explicit constexpr SanitizingAllocator(
91 const SanitizingAllocator<U>&) noexcept {}
92
93 ABSL_MUST_USE_RESULT T* allocate(std::size_t n) {
94 return SanitizingAllocatorImpl<T>::allocate(n);
95 }
96
97 void deallocate(T* ptr, std::size_t n) noexcept {
98 SanitizingAllocatorImpl<T>::deallocate(ptr, n);
99 }
100
101 // Allocator requirements mandate definition of eq and neq operators
102 bool operator==(const SanitizingAllocator&) { return true; }
103 bool operator!=(const SanitizingAllocator&) { return false; }
104 };
105
106 } // namespace internal
107 } // namespace util
108 } // namespace tink
109 } // namespace crypto
110
111 #endif // TINK_UTIL_SECRET_DATA_INTERNAL_H_
112