| // Copyright 2020 Google LLC |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| // |
| /////////////////////////////////////////////////////////////////////////////// |
| |
| #ifndef TINK_UTIL_SECRET_DATA_INTERNAL_H_ |
| #define TINK_UTIL_SECRET_DATA_INTERNAL_H_ |
| |
| #include <cstddef> |
| #include <cstdlib> |
| #include <limits> |
| #include <new> |
| |
| #include "absl/base/attributes.h" |
| #include "absl/base/config.h" |
| #include "openssl/crypto.h" |
| |
| namespace crypto { |
| namespace tink { |
| namespace util { |
| namespace internal { |
| |
| inline void SafeZeroMemory(void* ptr, std::size_t size) { |
| OPENSSL_cleanse(ptr, size); |
| } |
| |
| template <typename T> |
| struct SanitizingAllocatorImpl { |
| // If aligned operator new is not supported this only supports under aligned |
| // types. |
| #ifndef __cpp_aligned_new |
| static_assert(alignof(T) <= alignof(std::max_align_t), |
| "SanitizingAllocator<T> only supports fundamental alignment " |
| "before C++17"); |
| #endif |
| |
| static T* allocate(std::size_t n) { |
| if (n > std::numeric_limits<std::size_t>::max() / sizeof(T)) { |
| #ifdef ABSL_HAVE_EXCEPTIONS |
| throw std::bad_array_new_length(); |
| #else |
| std::abort(); |
| #endif |
| } |
| std::size_t size = n * sizeof(T); |
| #ifdef __cpp_aligned_new |
| return static_cast<T*>(::operator new(size, std::align_val_t(alignof(T)))); |
| #else |
| return static_cast<T*>(::operator new(size)); |
| #endif |
| } |
| |
| static void deallocate(void* ptr, std::size_t n) { |
| SafeZeroMemory(ptr, n * sizeof(T)); |
| #ifdef __cpp_aligned_new |
| ::operator delete(ptr, std::align_val_t(alignof(T))); |
| #else |
| ::operator delete(ptr); |
| #endif |
| } |
| }; |
| |
| // Specialization for malloc-like aligned storage. |
| template <> |
| struct SanitizingAllocatorImpl<void> { |
| static void* allocate(std::size_t n) { return std::malloc(n); } |
| static void deallocate(void* ptr, std::size_t n) { |
| SafeZeroMemory(ptr, n); |
| return std::free(ptr); |
| } |
| }; |
| |
| template <typename T> |
| struct SanitizingAllocator { |
| typedef T value_type; |
| |
| SanitizingAllocator() = default; |
| template <class U> |
| explicit constexpr SanitizingAllocator( |
| const SanitizingAllocator<U>&) noexcept {} |
| |
| ABSL_MUST_USE_RESULT T* allocate(std::size_t n) { |
| return SanitizingAllocatorImpl<T>::allocate(n); |
| } |
| |
| void deallocate(T* ptr, std::size_t n) noexcept { |
| SanitizingAllocatorImpl<T>::deallocate(ptr, n); |
| } |
| |
| // Allocator requirements mandate definition of eq and neq operators |
| bool operator==(const SanitizingAllocator&) { return true; } |
| bool operator!=(const SanitizingAllocator&) { return false; } |
| }; |
| |
| } // namespace internal |
| } // namespace util |
| } // namespace tink |
| } // namespace crypto |
| |
| #endif // TINK_UTIL_SECRET_DATA_INTERNAL_H_ |
