security/nss/lib/util/secport.c@b8a032363ba2
security/nss/lib/util/secport.c
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5 /*
6 * secport.c - portability interfaces for security libraries
7 *
8 * This file abstracts out libc functionality that libsec depends on
9 *
10 * NOTE - These are not public interfaces
11 */
13 #include "seccomon.h"
14 #include "prmem.h"
15 #include "prerror.h"
16 #include "plarena.h"
17 #include "secerr.h"
18 #include "prmon.h"
19 #include "nssilock.h"
20 #include "secport.h"
21 #include "prenv.h"
23 #ifdef DEBUG
24 #define THREADMARK
25 #endif /* DEBUG */
27 #ifdef THREADMARK
28 #include "prthread.h"
29 #endif /* THREADMARK */
31 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS)
32 #include <stdlib.h>
33 #else
34 #include "wtypes.h"
35 #endif
37 #define SET_ERROR_CODE /* place holder for code to set PR error code. */
39 #ifdef THREADMARK
40 typedef struct threadmark_mark_str {
41 struct threadmark_mark_str *next;
42 void *mark;
43 } threadmark_mark;
45 #endif /* THREADMARK */
47 /* The value of this magic must change each time PORTArenaPool changes. */
48 #define ARENAPOOL_MAGIC 0xB8AC9BDF
50 typedef struct PORTArenaPool_str {
51 PLArenaPool arena;
52 PRUint32 magic;
53 PRLock * lock;
54 #ifdef THREADMARK
55 PRThread *marking_thread;
56 threadmark_mark *first_mark;
57 #endif
58 } PORTArenaPool;
61 /* count of allocation failures. */
62 unsigned long port_allocFailures;
64 /* locations for registering Unicode conversion functions.
65 * XXX is this the appropriate location? or should they be
66 * moved to client/server specific locations?
67 */
68 PORTCharConversionFunc ucs4Utf8ConvertFunc;
69 PORTCharConversionFunc ucs2Utf8ConvertFunc;
70 PORTCharConversionWSwapFunc ucs2AsciiConvertFunc;
72 /* NSPR memory allocation functions (PR_Malloc, PR_Calloc, and PR_Realloc)
73 * use the PRUint32 type for the size parameter. Before we pass a size_t or
74 * unsigned long size to these functions, we need to ensure it is <= half of
75 * the maximum PRUint32 value to avoid truncation and catch a negative size.
76 */
77 #define MAX_SIZE (PR_UINT32_MAX >> 1)
79 void *
80 PORT_Alloc(size_t bytes)
81 {
82 void *rv = NULL;
84 if (bytes <= MAX_SIZE) {
85 /* Always allocate a non-zero amount of bytes */
86 rv = PR_Malloc(bytes ? bytes : 1);
87 }
88 if (!rv) {
89 ++port_allocFailures;
90 PORT_SetError(SEC_ERROR_NO_MEMORY);
91 }
92 return rv;
93 }
95 void *
96 PORT_Realloc(void *oldptr, size_t bytes)
97 {
98 void *rv = NULL;
100 if (bytes <= MAX_SIZE) {
101 rv = PR_Realloc(oldptr, bytes);
102 }
103 if (!rv) {
104 ++port_allocFailures;
105 PORT_SetError(SEC_ERROR_NO_MEMORY);
106 }
107 return rv;
108 }
110 void *
111 PORT_ZAlloc(size_t bytes)
112 {
113 void *rv = NULL;
115 if (bytes <= MAX_SIZE) {
116 /* Always allocate a non-zero amount of bytes */
117 rv = PR_Calloc(1, bytes ? bytes : 1);
118 }
119 if (!rv) {
120 ++port_allocFailures;
121 PORT_SetError(SEC_ERROR_NO_MEMORY);
122 }
123 return rv;
124 }
126 void
127 PORT_Free(void *ptr)
128 {
129 if (ptr) {
130 PR_Free(ptr);
131 }
132 }
134 void
135 PORT_ZFree(void *ptr, size_t len)
136 {
137 if (ptr) {
138 memset(ptr, 0, len);
139 PR_Free(ptr);
140 }
141 }
143 char *
144 PORT_Strdup(const char *str)
145 {
146 size_t len = PORT_Strlen(str)+1;
147 char *newstr;
149 newstr = (char *)PORT_Alloc(len);
150 if (newstr) {
151 PORT_Memcpy(newstr, str, len);
152 }
153 return newstr;
154 }
156 void
157 PORT_SetError(int value)
158 {
159 #ifdef DEBUG_jp96085
160 PORT_Assert(value != SEC_ERROR_REUSED_ISSUER_AND_SERIAL);
161 #endif
162 PR_SetError(value, 0);
163 return;
164 }
166 int
167 PORT_GetError(void)
168 {
169 return(PR_GetError());
170 }
172 /********************* Arena code follows *****************************
173 * ArenaPools are like heaps. The memory in them consists of large blocks,
174 * called arenas, which are allocated from the/a system heap. Inside an
175 * ArenaPool, the arenas are organized as if they were in a stack. Newly
176 * allocated arenas are "pushed" on that stack. When you attempt to
177 * allocate memory from an ArenaPool, the code first looks to see if there
178 * is enough unused space in the top arena on the stack to satisfy your
179 * request, and if so, your request is satisfied from that arena.
180 * Otherwise, a new arena is allocated (or taken from NSPR's list of freed
181 * arenas) and pushed on to the stack. The new arena is always big enough
182 * to satisfy the request, and is also at least a minimum size that is
183 * established at the time that the ArenaPool is created.
184 *
185 * The ArenaMark function returns the address of a marker in the arena at
186 * the top of the arena stack. It is the address of the place in the arena
187 * on the top of the arena stack from which the next block of memory will
188 * be allocated. Each ArenaPool has its own separate stack, and hence
189 * marks are only relevant to the ArenaPool from which they are gotten.
190 * Marks may be nested. That is, a thread can get a mark, and then get
191 * another mark.
192 *
193 * It is intended that all the marks in an ArenaPool may only be owned by a
194 * single thread. In DEBUG builds, this is enforced. In non-DEBUG builds,
195 * it is not. In DEBUG builds, when a thread gets a mark from an
196 * ArenaPool, no other thread may acquire a mark in that ArenaPool while
197 * that mark exists, that is, until that mark is unmarked or released.
198 * Therefore, it is important that every mark be unmarked or released when
199 * the creating thread has no further need for exclusive ownership of the
200 * right to manage the ArenaPool.
201 *
202 * The ArenaUnmark function discards the ArenaMark at the address given,
203 * and all marks nested inside that mark (that is, acquired from that same
204 * ArenaPool while that mark existed). It is an error for a thread other
205 * than the mark's creator to try to unmark it. When a thread has unmarked
206 * all its marks from an ArenaPool, then another thread is able to set
207 * marks in that ArenaPool. ArenaUnmark does not deallocate (or "pop") any
208 * memory allocated from the ArenaPool since the mark was created.
209 *
210 * ArenaRelease "pops" the stack back to the mark, deallocating all the
211 * memory allocated from the arenas in the ArenaPool since that mark was
212 * created, and removing any arenas from the ArenaPool that have no
213 * remaining active allocations when that is done. It implicitly releases
214 * any marks nested inside the mark being explicitly released. It is the
215 * only operation, other than destroying the arenapool, that potentially
216 * reduces the number of arenas on the stack. Otherwise, the stack grows
217 * until the arenapool is destroyed, at which point all the arenas are
218 * freed or returned to a "free arena list", depending on their sizes.
219 */
220 PLArenaPool *
221 PORT_NewArena(unsigned long chunksize)
222 {
223 PORTArenaPool *pool;
225 if (chunksize > MAX_SIZE) {
226 PORT_SetError(SEC_ERROR_NO_MEMORY);
227 return NULL;
228 }
229 pool = PORT_ZNew(PORTArenaPool);
230 if (!pool) {
231 return NULL;
232 }
233 pool->magic = ARENAPOOL_MAGIC;
234 pool->lock = PZ_NewLock(nssILockArena);
235 if (!pool->lock) {
236 ++port_allocFailures;
237 PORT_Free(pool);
238 return NULL;
239 }
240 PL_InitArenaPool(&pool->arena, "security", chunksize, sizeof(double));
241 return(&pool->arena);
242 }
244 void *
245 PORT_ArenaAlloc(PLArenaPool *arena, size_t size)
246 {
247 void *p = NULL;
249 PORTArenaPool *pool = (PORTArenaPool *)arena;
251 if (size <= 0) {
252 size = 1;
253 }
255 if (size > MAX_SIZE) {
256 /* you lose. */
257 } else
258 /* Is it one of ours? Assume so and check the magic */
259 if (ARENAPOOL_MAGIC == pool->magic ) {
260 PZ_Lock(pool->lock);
261 #ifdef THREADMARK
262 /* Most likely one of ours. Is there a thread id? */
263 if (pool->marking_thread &&
264 pool->marking_thread != PR_GetCurrentThread() ) {
265 /* Another thread holds a mark in this arena */
266 PZ_Unlock(pool->lock);
267 PORT_SetError(SEC_ERROR_NO_MEMORY);
268 PORT_Assert(0);
269 return NULL;
270 } /* tid != null */
271 #endif /* THREADMARK */
272 PL_ARENA_ALLOCATE(p, arena, size);
273 PZ_Unlock(pool->lock);
274 } else {
275 PL_ARENA_ALLOCATE(p, arena, size);
276 }
278 if (!p) {
279 ++port_allocFailures;
280 PORT_SetError(SEC_ERROR_NO_MEMORY);
281 }
283 return(p);
284 }
286 void *
287 PORT_ArenaZAlloc(PLArenaPool *arena, size_t size)
288 {
289 void *p;
291 if (size <= 0)
292 size = 1;
294 p = PORT_ArenaAlloc(arena, size);
296 if (p) {
297 PORT_Memset(p, 0, size);
298 }
300 return(p);
301 }
303 /*
304 * If zero is true, zeroize the arena memory before freeing it.
305 */
306 void
307 PORT_FreeArena(PLArenaPool *arena, PRBool zero)
308 {
309 PORTArenaPool *pool = (PORTArenaPool *)arena;
310 PRLock * lock = (PRLock *)0;
311 size_t len = sizeof *arena;
312 static PRBool checkedEnv = PR_FALSE;
313 static PRBool doFreeArenaPool = PR_FALSE;
315 if (!pool)
316 return;
317 if (ARENAPOOL_MAGIC == pool->magic ) {
318 len = sizeof *pool;
319 lock = pool->lock;
320 PZ_Lock(lock);
321 }
322 if (!checkedEnv) {
323 /* no need for thread protection here */
324 doFreeArenaPool = (PR_GetEnv("NSS_DISABLE_ARENA_FREE_LIST") == NULL);
325 checkedEnv = PR_TRUE;
326 }
327 if (zero) {
328 PL_ClearArenaPool(arena, 0);
329 }
330 if (doFreeArenaPool) {
331 PL_FreeArenaPool(arena);
332 } else {
333 PL_FinishArenaPool(arena);
334 }
335 PORT_ZFree(arena, len);
336 if (lock) {
337 PZ_Unlock(lock);
338 PZ_DestroyLock(lock);
339 }
340 }
342 void *
343 PORT_ArenaGrow(PLArenaPool *arena, void *ptr, size_t oldsize, size_t newsize)
344 {
345 PORTArenaPool *pool = (PORTArenaPool *)arena;
346 PORT_Assert(newsize >= oldsize);
348 if (newsize > MAX_SIZE) {
349 PORT_SetError(SEC_ERROR_NO_MEMORY);
350 return NULL;
351 }
353 if (ARENAPOOL_MAGIC == pool->magic ) {
354 PZ_Lock(pool->lock);
355 /* Do we do a THREADMARK check here? */
356 PL_ARENA_GROW(ptr, arena, oldsize, ( newsize - oldsize ) );
357 PZ_Unlock(pool->lock);
358 } else {
359 PL_ARENA_GROW(ptr, arena, oldsize, ( newsize - oldsize ) );
360 }
362 return(ptr);
363 }
365 void *
366 PORT_ArenaMark(PLArenaPool *arena)
367 {
368 void * result;
370 PORTArenaPool *pool = (PORTArenaPool *)arena;
371 if (ARENAPOOL_MAGIC == pool->magic ) {
372 PZ_Lock(pool->lock);
373 #ifdef THREADMARK
374 {
375 threadmark_mark *tm, **pw;
376 PRThread * currentThread = PR_GetCurrentThread();
378 if (! pool->marking_thread ) {
379 /* First mark */
380 pool->marking_thread = currentThread;
381 } else if (currentThread != pool->marking_thread ) {
382 PZ_Unlock(pool->lock);
383 PORT_SetError(SEC_ERROR_NO_MEMORY);
384 PORT_Assert(0);
385 return NULL;
386 }
388 result = PL_ARENA_MARK(arena);
389 PL_ARENA_ALLOCATE(tm, arena, sizeof(threadmark_mark));
390 if (!tm) {
391 PZ_Unlock(pool->lock);
392 PORT_SetError(SEC_ERROR_NO_MEMORY);
393 return NULL;
394 }
396 tm->mark = result;
397 tm->next = (threadmark_mark *)NULL;
399 pw = &pool->first_mark;
400 while( *pw ) {
401 pw = &(*pw)->next;
402 }
404 *pw = tm;
405 }
406 #else /* THREADMARK */
407 result = PL_ARENA_MARK(arena);
408 #endif /* THREADMARK */
409 PZ_Unlock(pool->lock);
410 } else {
411 /* a "pure" NSPR arena */
412 result = PL_ARENA_MARK(arena);
413 }
414 return result;
415 }
417 /*
418 * This function accesses the internals of PLArena, which is why it needs
419 * to use the NSPR internal macro PL_MAKE_MEM_UNDEFINED before the memset
420 * calls.
421 *
422 * We should move this function to NSPR as PL_ClearArenaAfterMark or add
423 * a PL_ARENA_CLEAR_AND_RELEASE macro.
424 *
425 * TODO: remove the #ifdef PL_MAKE_MEM_UNDEFINED tests when NSPR 4.10+ is
426 * widely available.
427 */
428 static void
429 port_ArenaZeroAfterMark(PLArenaPool *arena, void *mark)
430 {
431 PLArena *a = arena->current;
432 if (a->base <= (PRUword)mark && (PRUword)mark <= a->avail) {
433 /* fast path: mark falls in the current arena */
434 #ifdef PL_MAKE_MEM_UNDEFINED
435 PL_MAKE_MEM_UNDEFINED(mark, a->avail - (PRUword)mark);
436 #endif
437 memset(mark, 0, a->avail - (PRUword)mark);
438 } else {
439 /* slow path: need to find the arena that mark falls in */
440 for (a = arena->first.next; a; a = a->next) {
441 PR_ASSERT(a->base <= a->avail && a->avail <= a->limit);
442 if (a->base <= (PRUword)mark && (PRUword)mark <= a->avail) {
443 #ifdef PL_MAKE_MEM_UNDEFINED
444 PL_MAKE_MEM_UNDEFINED(mark, a->avail - (PRUword)mark);
445 #endif
446 memset(mark, 0, a->avail - (PRUword)mark);
447 a = a->next;
448 break;
449 }
450 }
451 for (; a; a = a->next) {
452 PR_ASSERT(a->base <= a->avail && a->avail <= a->limit);
453 #ifdef PL_MAKE_MEM_UNDEFINED
454 PL_MAKE_MEM_UNDEFINED((void *)a->base, a->avail - a->base);
455 #endif
456 memset((void *)a->base, 0, a->avail - a->base);
457 }
458 }
459 }
461 static void
462 port_ArenaRelease(PLArenaPool *arena, void *mark, PRBool zero)
463 {
464 PORTArenaPool *pool = (PORTArenaPool *)arena;
465 if (ARENAPOOL_MAGIC == pool->magic ) {
466 PZ_Lock(pool->lock);
467 #ifdef THREADMARK
468 {
469 threadmark_mark **pw, *tm;
471 if (PR_GetCurrentThread() != pool->marking_thread ) {
472 PZ_Unlock(pool->lock);
473 PORT_SetError(SEC_ERROR_NO_MEMORY);
474 PORT_Assert(0);
475 return /* no error indication available */ ;
476 }
478 pw = &pool->first_mark;
479 while( *pw && (mark != (*pw)->mark) ) {
480 pw = &(*pw)->next;
481 }
483 if (! *pw ) {
484 /* bad mark */
485 PZ_Unlock(pool->lock);
486 PORT_SetError(SEC_ERROR_NO_MEMORY);
487 PORT_Assert(0);
488 return /* no error indication available */ ;
489 }
491 tm = *pw;
492 *pw = (threadmark_mark *)NULL;
494 if (zero) {
495 port_ArenaZeroAfterMark(arena, mark);
496 }
497 PL_ARENA_RELEASE(arena, mark);
499 if (! pool->first_mark ) {
500 pool->marking_thread = (PRThread *)NULL;
501 }
502 }
503 #else /* THREADMARK */
504 if (zero) {
505 port_ArenaZeroAfterMark(arena, mark);
506 }
507 PL_ARENA_RELEASE(arena, mark);
508 #endif /* THREADMARK */
509 PZ_Unlock(pool->lock);
510 } else {
511 if (zero) {
512 port_ArenaZeroAfterMark(arena, mark);
513 }
514 PL_ARENA_RELEASE(arena, mark);
515 }
516 }
518 void
519 PORT_ArenaRelease(PLArenaPool *arena, void *mark)
520 {
521 port_ArenaRelease(arena, mark, PR_FALSE);
522 }
524 /*
525 * Zeroize the arena memory before releasing it.
526 */
527 void
528 PORT_ArenaZRelease(PLArenaPool *arena, void *mark)
529 {
530 port_ArenaRelease(arena, mark, PR_TRUE);
531 }
533 void
534 PORT_ArenaUnmark(PLArenaPool *arena, void *mark)
535 {
536 #ifdef THREADMARK
537 PORTArenaPool *pool = (PORTArenaPool *)arena;
538 if (ARENAPOOL_MAGIC == pool->magic ) {
539 threadmark_mark **pw, *tm;
541 PZ_Lock(pool->lock);
543 if (PR_GetCurrentThread() != pool->marking_thread ) {
544 PZ_Unlock(pool->lock);
545 PORT_SetError(SEC_ERROR_NO_MEMORY);
546 PORT_Assert(0);
547 return /* no error indication available */ ;
548 }
550 pw = &pool->first_mark;
551 while( ((threadmark_mark *)NULL != *pw) && (mark != (*pw)->mark) ) {
552 pw = &(*pw)->next;
553 }
555 if ((threadmark_mark *)NULL == *pw ) {
556 /* bad mark */
557 PZ_Unlock(pool->lock);
558 PORT_SetError(SEC_ERROR_NO_MEMORY);
559 PORT_Assert(0);
560 return /* no error indication available */ ;
561 }
563 tm = *pw;
564 *pw = (threadmark_mark *)NULL;
566 if (! pool->first_mark ) {
567 pool->marking_thread = (PRThread *)NULL;
568 }
570 PZ_Unlock(pool->lock);
571 }
572 #endif /* THREADMARK */
573 }
575 char *
576 PORT_ArenaStrdup(PLArenaPool *arena, const char *str) {
577 int len = PORT_Strlen(str)+1;
578 char *newstr;
580 newstr = (char*)PORT_ArenaAlloc(arena,len);
581 if (newstr) {
582 PORT_Memcpy(newstr,str,len);
583 }
584 return newstr;
585 }
587 /********************** end of arena functions ***********************/
589 /****************** unicode conversion functions ***********************/
590 /*
591 * NOTE: These conversion functions all assume that the multibyte
592 * characters are going to be in NETWORK BYTE ORDER, not host byte
593 * order. This is because the only time we deal with UCS-2 and UCS-4
594 * are when the data was received from or is going to be sent out
595 * over the wire (in, e.g. certificates).
596 */
598 void
599 PORT_SetUCS4_UTF8ConversionFunction(PORTCharConversionFunc convFunc)
600 {
601 ucs4Utf8ConvertFunc = convFunc;
602 }
604 void
605 PORT_SetUCS2_ASCIIConversionFunction(PORTCharConversionWSwapFunc convFunc)
606 {
607 ucs2AsciiConvertFunc = convFunc;
608 }
610 void
611 PORT_SetUCS2_UTF8ConversionFunction(PORTCharConversionFunc convFunc)
612 {
613 ucs2Utf8ConvertFunc = convFunc;
614 }
616 PRBool
617 PORT_UCS4_UTF8Conversion(PRBool toUnicode, unsigned char *inBuf,
618 unsigned int inBufLen, unsigned char *outBuf,
619 unsigned int maxOutBufLen, unsigned int *outBufLen)
620 {
621 if(!ucs4Utf8ConvertFunc) {
622 return sec_port_ucs4_utf8_conversion_function(toUnicode,
623 inBuf, inBufLen, outBuf, maxOutBufLen, outBufLen);
624 }
626 return (*ucs4Utf8ConvertFunc)(toUnicode, inBuf, inBufLen, outBuf,
627 maxOutBufLen, outBufLen);
628 }
630 PRBool
631 PORT_UCS2_UTF8Conversion(PRBool toUnicode, unsigned char *inBuf,
632 unsigned int inBufLen, unsigned char *outBuf,
633 unsigned int maxOutBufLen, unsigned int *outBufLen)
634 {
635 if(!ucs2Utf8ConvertFunc) {
636 return sec_port_ucs2_utf8_conversion_function(toUnicode,
637 inBuf, inBufLen, outBuf, maxOutBufLen, outBufLen);
638 }
640 return (*ucs2Utf8ConvertFunc)(toUnicode, inBuf, inBufLen, outBuf,
641 maxOutBufLen, outBufLen);
642 }
644 PRBool
645 PORT_ISO88591_UTF8Conversion(const unsigned char *inBuf,
646 unsigned int inBufLen, unsigned char *outBuf,
647 unsigned int maxOutBufLen, unsigned int *outBufLen)
648 {
649 return sec_port_iso88591_utf8_conversion_function(inBuf, inBufLen,
650 outBuf, maxOutBufLen, outBufLen);
651 }
653 PRBool
654 PORT_UCS2_ASCIIConversion(PRBool toUnicode, unsigned char *inBuf,
655 unsigned int inBufLen, unsigned char *outBuf,
656 unsigned int maxOutBufLen, unsigned int *outBufLen,
657 PRBool swapBytes)
658 {
659 if(!ucs2AsciiConvertFunc) {
660 return PR_FALSE;
661 }
663 return (*ucs2AsciiConvertFunc)(toUnicode, inBuf, inBufLen, outBuf,
664 maxOutBufLen, outBufLen, swapBytes);
665 }
668 /* Portable putenv. Creates/replaces an environment variable of the form
669 * envVarName=envValue
670 */
671 int
672 NSS_PutEnv(const char * envVarName, const char * envValue)
673 {
674 SECStatus result = SECSuccess;
675 char * encoded;
676 int putEnvFailed;
677 #ifdef _WIN32
678 PRBool setOK;
680 setOK = SetEnvironmentVariable(envVarName, envValue);
681 if (!setOK) {
682 SET_ERROR_CODE
683 return SECFailure;
684 }
685 #endif
687 encoded = (char *)PORT_ZAlloc(strlen(envVarName) + 2 + strlen(envValue));
688 strcpy(encoded, envVarName);
689 strcat(encoded, "=");
690 strcat(encoded, envValue);
692 putEnvFailed = putenv(encoded); /* adopt. */
693 if (putEnvFailed) {
694 SET_ERROR_CODE
695 result = SECFailure;
696 PORT_Free(encoded);
697 }
698 return result;
699 }
701 /*
702 * Perform a constant-time compare of two memory regions. The return value is
703 * 0 if the memory regions are equal and non-zero otherwise.
704 */
705 int
706 NSS_SecureMemcmp(const void *ia, const void *ib, size_t n)
707 {
708 const unsigned char *a = (const unsigned char*) ia;
709 const unsigned char *b = (const unsigned char*) ib;
710 size_t i;
711 unsigned char r = 0;
713 for (i = 0; i < n; ++i) {
714 r |= *a++ ^ *b++;
715 }
717 return r;
718 }
