/* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ /* * secport.c - portability interfaces for security libraries * * This file abstracts out libc functionality that libsec depends on * * NOTE - These are not public interfaces */ #include "seccomon.h" #include "prmem.h" #include "prerror.h" #include "plarena.h" #include "secerr.h" #include "prmon.h" #include "nssilock.h" #include "secport.h" #include "prenv.h" #ifdef DEBUG #define THREADMARK #endif /* DEBUG */ #ifdef THREADMARK #include "prthread.h" #endif /* THREADMARK */ #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS) #include #else #include "wtypes.h" #endif #define SET_ERROR_CODE /* place holder for code to set PR error code. */ #ifdef THREADMARK typedef struct threadmark_mark_str { struct threadmark_mark_str *next; void *mark; } threadmark_mark; #endif /* THREADMARK */ /* The value of this magic must change each time PORTArenaPool changes. */ #define ARENAPOOL_MAGIC 0xB8AC9BDF typedef struct PORTArenaPool_str { PLArenaPool arena; PRUint32 magic; PRLock * lock; #ifdef THREADMARK PRThread *marking_thread; threadmark_mark *first_mark; #endif } PORTArenaPool; /* count of allocation failures. */ unsigned long port_allocFailures; /* locations for registering Unicode conversion functions. * XXX is this the appropriate location? or should they be * moved to client/server specific locations? */ PORTCharConversionFunc ucs4Utf8ConvertFunc; PORTCharConversionFunc ucs2Utf8ConvertFunc; PORTCharConversionWSwapFunc ucs2AsciiConvertFunc; /* NSPR memory allocation functions (PR_Malloc, PR_Calloc, and PR_Realloc) * use the PRUint32 type for the size parameter. Before we pass a size_t or * unsigned long size to these functions, we need to ensure it is <= half of * the maximum PRUint32 value to avoid truncation and catch a negative size. */ #define MAX_SIZE (PR_UINT32_MAX >> 1) void * PORT_Alloc(size_t bytes) { void *rv = NULL; if (bytes <= MAX_SIZE) { /* Always allocate a non-zero amount of bytes */ rv = PR_Malloc(bytes ? bytes : 1); } if (!rv) { ++port_allocFailures; PORT_SetError(SEC_ERROR_NO_MEMORY); } return rv; } void * PORT_Realloc(void *oldptr, size_t bytes) { void *rv = NULL; if (bytes <= MAX_SIZE) { rv = PR_Realloc(oldptr, bytes); } if (!rv) { ++port_allocFailures; PORT_SetError(SEC_ERROR_NO_MEMORY); } return rv; } void * PORT_ZAlloc(size_t bytes) { void *rv = NULL; if (bytes <= MAX_SIZE) { /* Always allocate a non-zero amount of bytes */ rv = PR_Calloc(1, bytes ? bytes : 1); } if (!rv) { ++port_allocFailures; PORT_SetError(SEC_ERROR_NO_MEMORY); } return rv; } void PORT_Free(void *ptr) { if (ptr) { PR_Free(ptr); } } void PORT_ZFree(void *ptr, size_t len) { if (ptr) { memset(ptr, 0, len); PR_Free(ptr); } } char * PORT_Strdup(const char *str) { size_t len = PORT_Strlen(str)+1; char *newstr; newstr = (char *)PORT_Alloc(len); if (newstr) { PORT_Memcpy(newstr, str, len); } return newstr; } void PORT_SetError(int value) { #ifdef DEBUG_jp96085 PORT_Assert(value != SEC_ERROR_REUSED_ISSUER_AND_SERIAL); #endif PR_SetError(value, 0); return; } int PORT_GetError(void) { return(PR_GetError()); } /********************* Arena code follows ***************************** * ArenaPools are like heaps. The memory in them consists of large blocks, * called arenas, which are allocated from the/a system heap. Inside an * ArenaPool, the arenas are organized as if they were in a stack. Newly * allocated arenas are "pushed" on that stack. When you attempt to * allocate memory from an ArenaPool, the code first looks to see if there * is enough unused space in the top arena on the stack to satisfy your * request, and if so, your request is satisfied from that arena. * Otherwise, a new arena is allocated (or taken from NSPR's list of freed * arenas) and pushed on to the stack. The new arena is always big enough * to satisfy the request, and is also at least a minimum size that is * established at the time that the ArenaPool is created. * * The ArenaMark function returns the address of a marker in the arena at * the top of the arena stack. It is the address of the place in the arena * on the top of the arena stack from which the next block of memory will * be allocated. Each ArenaPool has its own separate stack, and hence * marks are only relevant to the ArenaPool from which they are gotten. * Marks may be nested. That is, a thread can get a mark, and then get * another mark. * * It is intended that all the marks in an ArenaPool may only be owned by a * single thread. In DEBUG builds, this is enforced. In non-DEBUG builds, * it is not. In DEBUG builds, when a thread gets a mark from an * ArenaPool, no other thread may acquire a mark in that ArenaPool while * that mark exists, that is, until that mark is unmarked or released. * Therefore, it is important that every mark be unmarked or released when * the creating thread has no further need for exclusive ownership of the * right to manage the ArenaPool. * * The ArenaUnmark function discards the ArenaMark at the address given, * and all marks nested inside that mark (that is, acquired from that same * ArenaPool while that mark existed). It is an error for a thread other * than the mark's creator to try to unmark it. When a thread has unmarked * all its marks from an ArenaPool, then another thread is able to set * marks in that ArenaPool. ArenaUnmark does not deallocate (or "pop") any * memory allocated from the ArenaPool since the mark was created. * * ArenaRelease "pops" the stack back to the mark, deallocating all the * memory allocated from the arenas in the ArenaPool since that mark was * created, and removing any arenas from the ArenaPool that have no * remaining active allocations when that is done. It implicitly releases * any marks nested inside the mark being explicitly released. It is the * only operation, other than destroying the arenapool, that potentially * reduces the number of arenas on the stack. Otherwise, the stack grows * until the arenapool is destroyed, at which point all the arenas are * freed or returned to a "free arena list", depending on their sizes. */ PLArenaPool * PORT_NewArena(unsigned long chunksize) { PORTArenaPool *pool; if (chunksize > MAX_SIZE) { PORT_SetError(SEC_ERROR_NO_MEMORY); return NULL; } pool = PORT_ZNew(PORTArenaPool); if (!pool) { return NULL; } pool->magic = ARENAPOOL_MAGIC; pool->lock = PZ_NewLock(nssILockArena); if (!pool->lock) { ++port_allocFailures; PORT_Free(pool); return NULL; } PL_InitArenaPool(&pool->arena, "security", chunksize, sizeof(double)); return(&pool->arena); } void * PORT_ArenaAlloc(PLArenaPool *arena, size_t size) { void *p = NULL; PORTArenaPool *pool = (PORTArenaPool *)arena; if (size <= 0) { size = 1; } if (size > MAX_SIZE) { /* you lose. */ } else /* Is it one of ours? Assume so and check the magic */ if (ARENAPOOL_MAGIC == pool->magic ) { PZ_Lock(pool->lock); #ifdef THREADMARK /* Most likely one of ours. Is there a thread id? */ if (pool->marking_thread && pool->marking_thread != PR_GetCurrentThread() ) { /* Another thread holds a mark in this arena */ PZ_Unlock(pool->lock); PORT_SetError(SEC_ERROR_NO_MEMORY); PORT_Assert(0); return NULL; } /* tid != null */ #endif /* THREADMARK */ PL_ARENA_ALLOCATE(p, arena, size); PZ_Unlock(pool->lock); } else { PL_ARENA_ALLOCATE(p, arena, size); } if (!p) { ++port_allocFailures; PORT_SetError(SEC_ERROR_NO_MEMORY); } return(p); } void * PORT_ArenaZAlloc(PLArenaPool *arena, size_t size) { void *p; if (size <= 0) size = 1; p = PORT_ArenaAlloc(arena, size); if (p) { PORT_Memset(p, 0, size); } return(p); } /* * If zero is true, zeroize the arena memory before freeing it. */ void PORT_FreeArena(PLArenaPool *arena, PRBool zero) { PORTArenaPool *pool = (PORTArenaPool *)arena; PRLock * lock = (PRLock *)0; size_t len = sizeof *arena; static PRBool checkedEnv = PR_FALSE; static PRBool doFreeArenaPool = PR_FALSE; if (!pool) return; if (ARENAPOOL_MAGIC == pool->magic ) { len = sizeof *pool; lock = pool->lock; PZ_Lock(lock); } if (!checkedEnv) { /* no need for thread protection here */ doFreeArenaPool = (PR_GetEnv("NSS_DISABLE_ARENA_FREE_LIST") == NULL); checkedEnv = PR_TRUE; } if (zero) { PL_ClearArenaPool(arena, 0); } if (doFreeArenaPool) { PL_FreeArenaPool(arena); } else { PL_FinishArenaPool(arena); } PORT_ZFree(arena, len); if (lock) { PZ_Unlock(lock); PZ_DestroyLock(lock); } } void * PORT_ArenaGrow(PLArenaPool *arena, void *ptr, size_t oldsize, size_t newsize) { PORTArenaPool *pool = (PORTArenaPool *)arena; PORT_Assert(newsize >= oldsize); if (newsize > MAX_SIZE) { PORT_SetError(SEC_ERROR_NO_MEMORY); return NULL; } if (ARENAPOOL_MAGIC == pool->magic ) { PZ_Lock(pool->lock); /* Do we do a THREADMARK check here? */ PL_ARENA_GROW(ptr, arena, oldsize, ( newsize - oldsize ) ); PZ_Unlock(pool->lock); } else { PL_ARENA_GROW(ptr, arena, oldsize, ( newsize - oldsize ) ); } return(ptr); } void * PORT_ArenaMark(PLArenaPool *arena) { void * result; PORTArenaPool *pool = (PORTArenaPool *)arena; if (ARENAPOOL_MAGIC == pool->magic ) { PZ_Lock(pool->lock); #ifdef THREADMARK { threadmark_mark *tm, **pw; PRThread * currentThread = PR_GetCurrentThread(); if (! pool->marking_thread ) { /* First mark */ pool->marking_thread = currentThread; } else if (currentThread != pool->marking_thread ) { PZ_Unlock(pool->lock); PORT_SetError(SEC_ERROR_NO_MEMORY); PORT_Assert(0); return NULL; } result = PL_ARENA_MARK(arena); PL_ARENA_ALLOCATE(tm, arena, sizeof(threadmark_mark)); if (!tm) { PZ_Unlock(pool->lock); PORT_SetError(SEC_ERROR_NO_MEMORY); return NULL; } tm->mark = result; tm->next = (threadmark_mark *)NULL; pw = &pool->first_mark; while( *pw ) { pw = &(*pw)->next; } *pw = tm; } #else /* THREADMARK */ result = PL_ARENA_MARK(arena); #endif /* THREADMARK */ PZ_Unlock(pool->lock); } else { /* a "pure" NSPR arena */ result = PL_ARENA_MARK(arena); } return result; } /* * This function accesses the internals of PLArena, which is why it needs * to use the NSPR internal macro PL_MAKE_MEM_UNDEFINED before the memset * calls. * * We should move this function to NSPR as PL_ClearArenaAfterMark or add * a PL_ARENA_CLEAR_AND_RELEASE macro. * * TODO: remove the #ifdef PL_MAKE_MEM_UNDEFINED tests when NSPR 4.10+ is * widely available. */ static void port_ArenaZeroAfterMark(PLArenaPool *arena, void *mark) { PLArena *a = arena->current; if (a->base <= (PRUword)mark && (PRUword)mark <= a->avail) { /* fast path: mark falls in the current arena */ #ifdef PL_MAKE_MEM_UNDEFINED PL_MAKE_MEM_UNDEFINED(mark, a->avail - (PRUword)mark); #endif memset(mark, 0, a->avail - (PRUword)mark); } else { /* slow path: need to find the arena that mark falls in */ for (a = arena->first.next; a; a = a->next) { PR_ASSERT(a->base <= a->avail && a->avail <= a->limit); if (a->base <= (PRUword)mark && (PRUword)mark <= a->avail) { #ifdef PL_MAKE_MEM_UNDEFINED PL_MAKE_MEM_UNDEFINED(mark, a->avail - (PRUword)mark); #endif memset(mark, 0, a->avail - (PRUword)mark); a = a->next; break; } } for (; a; a = a->next) { PR_ASSERT(a->base <= a->avail && a->avail <= a->limit); #ifdef PL_MAKE_MEM_UNDEFINED PL_MAKE_MEM_UNDEFINED((void *)a->base, a->avail - a->base); #endif memset((void *)a->base, 0, a->avail - a->base); } } } static void port_ArenaRelease(PLArenaPool *arena, void *mark, PRBool zero) { PORTArenaPool *pool = (PORTArenaPool *)arena; if (ARENAPOOL_MAGIC == pool->magic ) { PZ_Lock(pool->lock); #ifdef THREADMARK { threadmark_mark **pw, *tm; if (PR_GetCurrentThread() != pool->marking_thread ) { PZ_Unlock(pool->lock); PORT_SetError(SEC_ERROR_NO_MEMORY); PORT_Assert(0); return /* no error indication available */ ; } pw = &pool->first_mark; while( *pw && (mark != (*pw)->mark) ) { pw = &(*pw)->next; } if (! *pw ) { /* bad mark */ PZ_Unlock(pool->lock); PORT_SetError(SEC_ERROR_NO_MEMORY); PORT_Assert(0); return /* no error indication available */ ; } tm = *pw; *pw = (threadmark_mark *)NULL; if (zero) { port_ArenaZeroAfterMark(arena, mark); } PL_ARENA_RELEASE(arena, mark); if (! pool->first_mark ) { pool->marking_thread = (PRThread *)NULL; } } #else /* THREADMARK */ if (zero) { port_ArenaZeroAfterMark(arena, mark); } PL_ARENA_RELEASE(arena, mark); #endif /* THREADMARK */ PZ_Unlock(pool->lock); } else { if (zero) { port_ArenaZeroAfterMark(arena, mark); } PL_ARENA_RELEASE(arena, mark); } } void PORT_ArenaRelease(PLArenaPool *arena, void *mark) { port_ArenaRelease(arena, mark, PR_FALSE); } /* * Zeroize the arena memory before releasing it. */ void PORT_ArenaZRelease(PLArenaPool *arena, void *mark) { port_ArenaRelease(arena, mark, PR_TRUE); } void PORT_ArenaUnmark(PLArenaPool *arena, void *mark) { #ifdef THREADMARK PORTArenaPool *pool = (PORTArenaPool *)arena; if (ARENAPOOL_MAGIC == pool->magic ) { threadmark_mark **pw, *tm; PZ_Lock(pool->lock); if (PR_GetCurrentThread() != pool->marking_thread ) { PZ_Unlock(pool->lock); PORT_SetError(SEC_ERROR_NO_MEMORY); PORT_Assert(0); return /* no error indication available */ ; } pw = &pool->first_mark; while( ((threadmark_mark *)NULL != *pw) && (mark != (*pw)->mark) ) { pw = &(*pw)->next; } if ((threadmark_mark *)NULL == *pw ) { /* bad mark */ PZ_Unlock(pool->lock); PORT_SetError(SEC_ERROR_NO_MEMORY); PORT_Assert(0); return /* no error indication available */ ; } tm = *pw; *pw = (threadmark_mark *)NULL; if (! pool->first_mark ) { pool->marking_thread = (PRThread *)NULL; } PZ_Unlock(pool->lock); } #endif /* THREADMARK */ } char * PORT_ArenaStrdup(PLArenaPool *arena, const char *str) { int len = PORT_Strlen(str)+1; char *newstr; newstr = (char*)PORT_ArenaAlloc(arena,len); if (newstr) { PORT_Memcpy(newstr,str,len); } return newstr; } /********************** end of arena functions ***********************/ /****************** unicode conversion functions ***********************/ /* * NOTE: These conversion functions all assume that the multibyte * characters are going to be in NETWORK BYTE ORDER, not host byte * order. This is because the only time we deal with UCS-2 and UCS-4 * are when the data was received from or is going to be sent out * over the wire (in, e.g. certificates). */ void PORT_SetUCS4_UTF8ConversionFunction(PORTCharConversionFunc convFunc) { ucs4Utf8ConvertFunc = convFunc; } void PORT_SetUCS2_ASCIIConversionFunction(PORTCharConversionWSwapFunc convFunc) { ucs2AsciiConvertFunc = convFunc; } void PORT_SetUCS2_UTF8ConversionFunction(PORTCharConversionFunc convFunc) { ucs2Utf8ConvertFunc = convFunc; } PRBool PORT_UCS4_UTF8Conversion(PRBool toUnicode, unsigned char *inBuf, unsigned int inBufLen, unsigned char *outBuf, unsigned int maxOutBufLen, unsigned int *outBufLen) { if(!ucs4Utf8ConvertFunc) { return sec_port_ucs4_utf8_conversion_function(toUnicode, inBuf, inBufLen, outBuf, maxOutBufLen, outBufLen); } return (*ucs4Utf8ConvertFunc)(toUnicode, inBuf, inBufLen, outBuf, maxOutBufLen, outBufLen); } PRBool PORT_UCS2_UTF8Conversion(PRBool toUnicode, unsigned char *inBuf, unsigned int inBufLen, unsigned char *outBuf, unsigned int maxOutBufLen, unsigned int *outBufLen) { if(!ucs2Utf8ConvertFunc) { return sec_port_ucs2_utf8_conversion_function(toUnicode, inBuf, inBufLen, outBuf, maxOutBufLen, outBufLen); } return (*ucs2Utf8ConvertFunc)(toUnicode, inBuf, inBufLen, outBuf, maxOutBufLen, outBufLen); } PRBool PORT_ISO88591_UTF8Conversion(const unsigned char *inBuf, unsigned int inBufLen, unsigned char *outBuf, unsigned int maxOutBufLen, unsigned int *outBufLen) { return sec_port_iso88591_utf8_conversion_function(inBuf, inBufLen, outBuf, maxOutBufLen, outBufLen); } PRBool PORT_UCS2_ASCIIConversion(PRBool toUnicode, unsigned char *inBuf, unsigned int inBufLen, unsigned char *outBuf, unsigned int maxOutBufLen, unsigned int *outBufLen, PRBool swapBytes) { if(!ucs2AsciiConvertFunc) { return PR_FALSE; } return (*ucs2AsciiConvertFunc)(toUnicode, inBuf, inBufLen, outBuf, maxOutBufLen, outBufLen, swapBytes); } /* Portable putenv. Creates/replaces an environment variable of the form * envVarName=envValue */ int NSS_PutEnv(const char * envVarName, const char * envValue) { SECStatus result = SECSuccess; char * encoded; int putEnvFailed; #ifdef _WIN32 PRBool setOK; setOK = SetEnvironmentVariable(envVarName, envValue); if (!setOK) { SET_ERROR_CODE return SECFailure; } #endif encoded = (char *)PORT_ZAlloc(strlen(envVarName) + 2 + strlen(envValue)); strcpy(encoded, envVarName); strcat(encoded, "="); strcat(encoded, envValue); putEnvFailed = putenv(encoded); /* adopt. */ if (putEnvFailed) { SET_ERROR_CODE result = SECFailure; PORT_Free(encoded); } return result; } /* * Perform a constant-time compare of two memory regions. The return value is * 0 if the memory regions are equal and non-zero otherwise. */ int NSS_SecureMemcmp(const void *ia, const void *ib, size_t n) { const unsigned char *a = (const unsigned char*) ia; const unsigned char *b = (const unsigned char*) ib; size_t i; unsigned char r = 0; for (i = 0; i < n; ++i) { r |= *a++ ^ *b++; } return r; }