Merge GH #1231 Hide secure_allocator allocate in a function

author: Jack Lloyd <[email protected]> 2017-09-30 10:12:55 -0400
committer: Jack Lloyd <[email protected]> 2017-09-30 10:12:55 -0400
commit: fc72e3565d8c35d904cf82b529b7d8099638266f (patch)
tree: b5fde5087e3215bf0202340f752ab8c0130bc0d7 /src
parent: 107d053ca604af44e782f76314604d871737874b (diff)
parent: 623eb4985c15f79ac8855fbc6e62d6c06daa7a0d (diff)
5 files changed, 55 insertions, 22 deletions
diff --git a/src/lib/base/secmem.h b/src/lib/base/secmem.h
index eddf37c71..80dc69c14 100644
--- a/src/lib/base/secmem.h
+++ b/src/lib/base/secmem.h
@@ -15,10 +15,6 @@
 #include <deque>
 #include <type_traits>
 
-#if defined(BOTAN_HAS_LOCKING_ALLOCATOR)
-  #include <botan/locking_allocator.h>
-#endif
-
 namespace Botan {
 
 template<typename T>
@@ -56,26 +52,12 @@ class secure_allocator
 
       T* allocate(std::size_t n)
          {
-#if defined(BOTAN_HAS_LOCKING_ALLOCATOR)
-         if(T* p = static_cast<T*>(mlock_allocator::instance().allocate(n, sizeof(T))))
-            return p;
-#endif
-
-         T* p = new T[n];
-         clear_mem(p, n);
-         return p;
+         return static_cast<T*>(allocate_memory(n, sizeof(T)));
          }
 
       void deallocate(T* p, std::size_t n)
          {
-         secure_scrub_memory(p, sizeof(T)*n);
-
-#if defined(BOTAN_HAS_LOCKING_ALLOCATOR)
-         if(mlock_allocator::instance().deallocate(p, n, sizeof(T)))
-            return;
-#endif
-
-         delete [] p;
+         deallocate_memory(p, n, sizeof(T));
          }
    };
 
diff --git a/src/lib/utils/locking_allocator/locking_allocator.cpp b/src/lib/utils/locking_allocator/locking_allocator.cpp
index 880f3add8..f36fa9130 100644
--- a/src/lib/utils/locking_allocator/locking_allocator.cpp
+++ b/src/lib/utils/locking_allocator/locking_allocator.cpp
@@ -116,7 +116,7 @@ void* mlock_allocator::allocate(size_t num_elems, size_t elem_size)
    return nullptr;
    }
 
-bool mlock_allocator::deallocate(void* p, size_t num_elems, size_t elem_size)
+bool mlock_allocator::deallocate(void* p, size_t num_elems, size_t elem_size) BOTAN_NOEXCEPT
    {
    if(!m_pool)
       return false;
diff --git a/src/lib/utils/locking_allocator/locking_allocator.h b/src/lib/utils/locking_allocator/locking_allocator.h
index 8e38129e2..e9299c120 100644
--- a/src/lib/utils/locking_allocator/locking_allocator.h
+++ b/src/lib/utils/locking_allocator/locking_allocator.h
@@ -21,7 +21,7 @@ class BOTAN_PUBLIC_API(2,0) mlock_allocator final
 
       void* allocate(size_t num_elems, size_t elem_size);
 
-      bool deallocate(void* p, size_t num_elems, size_t elem_size);
+      bool deallocate(void* p, size_t num_elems, size_t elem_size) BOTAN_NOEXCEPT;
 
       mlock_allocator(const mlock_allocator&) = delete;
 
diff --git a/src/lib/utils/mem_ops.cpp b/src/lib/utils/mem_ops.cpp
index 45de24cb8..9018979de 100644
--- a/src/lib/utils/mem_ops.cpp
+++ b/src/lib/utils/mem_ops.cpp
@@ -5,9 +5,42 @@
 */
 
 #include <botan/mem_ops.h>
+#include <cstdlib>
+
+#if defined(BOTAN_HAS_LOCKING_ALLOCATOR)
+  #include <botan/locking_allocator.h>
+#endif
 
 namespace Botan {
 
+void* allocate_memory(size_t elems, size_t elem_size)
+   {
+#if defined(BOTAN_HAS_LOCKING_ALLOCATOR)
+   if(void* p = mlock_allocator::instance().allocate(elems, elem_size))
+      return p;
+#endif
+
+   void* ptr = std::calloc(elems, elem_size);
+   if(!ptr)
+      throw std::bad_alloc();
+   return ptr;
+   }
+
+void deallocate_memory(void* p, size_t elems, size_t elem_size)
+   {
+   if(p == nullptr)
+      return;
+
+   secure_scrub_memory(p, elems * elem_size);
+
+#if defined(BOTAN_HAS_LOCKING_ALLOCATOR)
+   if(mlock_allocator::instance().deallocate(p, elems, elem_size))
+      return;
+#endif
+
+   std::free(p);
+   }
+
 bool constant_time_compare(const uint8_t x[],
                            const uint8_t y[],
                            size_t len)
diff --git a/src/lib/utils/mem_ops.h b/src/lib/utils/mem_ops.h
index 328196000..4b03b23d2 100644
--- a/src/lib/utils/mem_ops.h
+++ b/src/lib/utils/mem_ops.h
@@ -15,6 +15,24 @@
 namespace Botan {
 
 /**
+* Allocate a memory buffer by some method. This should only be used for
+* primitive types (uint8_t, uint32_t, etc).
+*
+* @param elems the number of elements
+* @param elem_size the size of each element
+* @return pointer to allocated and zeroed memory, or throw std::bad_alloc on failure
+*/
+BOTAN_PUBLIC_API(2,3) void* allocate_memory(size_t elems, size_t elem_size);
+
+/**
+* Free a pointer returned by allocate_memory
+* @param p the pointer returned by allocate_memory
+* @param elems the number of elements, as passed to allocate_memory
+* @param elem_size the size of each element, as passed to allocate_memory
+*/
+BOTAN_PUBLIC_API(2,3) void deallocate_memory(void* p, size_t elems, size_t elem_size);
+
+/**
 * Scrub memory contents in a way that a compiler should not elide,
 * using some system specific technique. Note that this function might
 * not zero the memory (for example, in some hypothetical
author	Jack Lloyd <[email protected]>	2017-09-30 10:12:55 -0400
committer	Jack Lloyd <[email protected]>	2017-09-30 10:12:55 -0400
commit	fc72e3565d8c35d904cf82b529b7d8099638266f (patch)
tree	b5fde5087e3215bf0202340f752ab8c0130bc0d7 /src
parent	107d053ca604af44e782f76314604d871737874b (diff)
parent	623eb4985c15f79ac8855fbc6e62d6c06daa7a0d (diff)