Crypto++  8.8
Free C++ class library of cryptographic schemes
secblock.h
Go to the documentation of this file.
1 // secblock.h - originally written and placed in the public domain by Wei Dai
2 
3 /// \file secblock.h
4 /// \brief Classes and functions for secure memory allocations.
5 
6 #ifndef CRYPTOPP_SECBLOCK_H
7 #define CRYPTOPP_SECBLOCK_H
8 
9 #include "config.h"
10 #include "allocate.h"
11 #include "misc.h"
12 #include "stdcpp.h"
13 
14 #if defined(CRYPTOPP_MSC_VERSION)
15 # pragma warning(push)
16 # pragma warning(disable: 4231 4275 4700)
17 # if (CRYPTOPP_MSC_VERSION >= 1400)
18 # pragma warning(disable: 6011 6386 28193)
19 # endif
20 #endif
21 
22 NAMESPACE_BEGIN(CryptoPP)
23 
24 // ************** secure memory allocation ***************
25 
26 /// \brief Base class for all allocators used by SecBlock
27 /// \tparam T the class or type
28 template<class T>
30 {
31 public:
32  typedef T value_type;
33  typedef size_t size_type;
34  typedef std::ptrdiff_t difference_type;
35  typedef T * pointer;
36  typedef const T * const_pointer;
37  typedef T & reference;
38  typedef const T & const_reference;
39 
40  pointer address(reference r) const {return (&r);}
41  const_pointer address(const_reference r) const {return (&r); }
42  void construct(pointer p, const T& val) {new (p) T(val);}
43  void destroy(pointer p) {CRYPTOPP_UNUSED(p); p->~T();}
44 
45  /// \brief Returns the maximum number of elements the allocator can provide
46  /// \details <tt>ELEMS_MAX</tt> is the maximum number of elements the
47  /// <tt>Allocator</tt> can provide. The value of <tt>ELEMS_MAX</tt> is
48  /// <tt>SIZE_MAX/sizeof(T)</tt>. <tt>std::numeric_limits</tt> was avoided
49  /// due to lack of <tt>constexpr</tt>-ness in C++03 and below.
50  /// \note In C++03 and below <tt>ELEMS_MAX</tt> is a static data member of type
51  /// <tt>size_type</tt>. In C++11 and above <tt>ELEMS_MAX</tt> is an <tt>enum</tt>
52  /// inheriting from <tt>size_type</tt>. In both cases <tt>ELEMS_MAX</tt> can be
53  /// used before objects are fully constructed, and it does not suffer the
54  /// limitations of class methods like <tt>max_size</tt>.
55  /// \sa <A HREF="http://github.com/weidai11/cryptopp/issues/346">Issue 346/CVE-2016-9939</A>
56  /// \since Crypto++ 6.0
57 #if defined(CRYPTOPP_DOXYGEN_PROCESSING)
58  static const size_type ELEMS_MAX = ...;
59 #elif defined(CRYPTOPP_MSC_VERSION) && (CRYPTOPP_MSC_VERSION <= 1400)
60  static const size_type ELEMS_MAX = (~(size_type)0)/sizeof(T);
61 #elif defined(CRYPTOPP_CXX11_STRONG_ENUM)
62  enum : size_type {ELEMS_MAX = SIZE_MAX/sizeof(T)};
63 #else
64  static const size_type ELEMS_MAX = SIZE_MAX/sizeof(T);
65 #endif
66 
67  /// \brief Returns the maximum number of elements the allocator can provide
68  /// \return the maximum number of elements the allocator can provide
69  /// \details Internally, preprocessor macros are used rather than std::numeric_limits
70  /// because the latter is not a constexpr. Some compilers, like Clang, do not
71  /// optimize it well under all circumstances. Compilers like GCC, ICC and MSVC appear
72  /// to optimize it well in either form.
73  CRYPTOPP_CONSTEXPR size_type max_size() const {return ELEMS_MAX;}
74 
75 #if defined(__SUNPRO_CC)
76  // https://github.com/weidai11/cryptopp/issues/770
77  // and https://stackoverflow.com/q/53999461/608639
78  CRYPTOPP_CONSTEXPR size_type max_size(size_type n) const {return SIZE_MAX/n;}
79 #endif
80 
81 #if defined(CRYPTOPP_CXX11_VARIADIC_TEMPLATES) || defined(CRYPTOPP_DOXYGEN_PROCESSING)
82 
83  /// \brief Constructs a new V using variadic arguments
84  /// \tparam V the type to be forwarded
85  /// \tparam Args the arguments to be forwarded
86  /// \param ptr pointer to type V
87  /// \param args variadic arguments
88  /// \details This is a C++11 feature. It is available when CRYPTOPP_CXX11_VARIADIC_TEMPLATES
89  /// is defined. The define is controlled by compiler versions detected in config.h.
90  template<typename V, typename... Args>
91  void construct(V* ptr, Args&&... args) {::new ((void*)ptr) V(std::forward<Args>(args)...);}
92 
93  /// \brief Destroys an V constructed with variadic arguments
94  /// \tparam V the type to be forwarded
95  /// \details This is a C++11 feature. It is available when CRYPTOPP_CXX11_VARIADIC_TEMPLATES
96  /// is defined. The define is controlled by compiler versions detected in config.h.
97  template<typename V>
98  void destroy(V* ptr) {if (ptr) ptr->~V();}
99 
100 #endif
101 
102 protected:
103 
104  /// \brief Verifies the allocator can satisfy a request based on size
105  /// \param size the size of the allocation, in elements
106  /// \throw InvalidArgument
107  /// \details CheckSize verifies the number of elements requested is valid.
108  /// \details If size is greater than max_size(), then InvalidArgument is thrown.
109  /// The library throws InvalidArgument if the size is too large to satisfy.
110  /// \details Internally, preprocessor macros are used rather than std::numeric_limits
111  /// because the latter is not a constexpr. Some compilers, like Clang, do not
112  /// optimize it well under all circumstances. Compilers like GCC, ICC and MSVC appear
113  /// to optimize it well in either form.
114  /// \details The <tt>sizeof(T) != 1</tt> in the condition attempts to help the
115  /// compiler optimize the check for byte types. Coverity findings for
116  /// CONSTANT_EXPRESSION_RESULT were generated without it. For byte types,
117  /// size never exceeded ELEMS_MAX but the code was not removed.
118  /// \note size is the count of elements, and not the number of bytes
119  static void CheckSize(size_t size)
120  {
121  // Squash MSC C4100 warning for size. Also see commit 42b7c4ea5673.
122  CRYPTOPP_UNUSED(size);
123  // C++ throws std::bad_alloc (C++03) or std::bad_array_new_length (C++11) here.
124  if (sizeof(T) != 1 && size > ELEMS_MAX)
125  throw InvalidArgument("AllocatorBase: requested size would cause integer overflow");
126  }
127 };
128 
129 #define CRYPTOPP_INHERIT_ALLOCATOR_TYPES(T_type) \
130  typedef typename AllocatorBase<T_type>::value_type value_type;\
131  typedef typename AllocatorBase<T_type>::size_type size_type;\
132  typedef typename AllocatorBase<T_type>::difference_type difference_type;\
133  typedef typename AllocatorBase<T_type>::pointer pointer;\
134  typedef typename AllocatorBase<T_type>::const_pointer const_pointer;\
135  typedef typename AllocatorBase<T_type>::reference reference;\
136  typedef typename AllocatorBase<T_type>::const_reference const_reference;
137 
138 /// \brief Reallocation function
139 /// \tparam T the class or type
140 /// \tparam A the class or type's allocator
141 /// \param alloc the allocator
142 /// \param oldPtr the previous allocation
143 /// \param oldSize the size of the previous allocation
144 /// \param newSize the new, requested size
145 /// \param preserve flag that indicates if the old allocation should be preserved
146 /// \note oldSize and newSize are the count of elements, and not the
147 /// number of bytes.
148 template <class T, class A>
149 typename A::pointer StandardReallocate(A& alloc, T *oldPtr, typename A::size_type oldSize, typename A::size_type newSize, bool preserve)
150 {
151  // Avoid assert on pointer in reallocate. SecBlock regularly uses NULL
152  // pointers rather returning non-NULL 0-sized pointers.
153  if (oldSize == newSize)
154  return oldPtr;
155 
156  if (preserve)
157  {
158  typename A::pointer newPtr = alloc.allocate(newSize, NULLPTR);
159  const typename A::size_type copySize = STDMIN(oldSize, newSize) * sizeof(T);
160 
161  if (oldPtr && newPtr)
162  memcpy_s(newPtr, copySize, oldPtr, copySize);
163 
164  if (oldPtr)
165  alloc.deallocate(oldPtr, oldSize);
166 
167  return newPtr;
168  }
169  else
170  {
171  if (oldPtr)
172  alloc.deallocate(oldPtr, oldSize);
173 
174  return alloc.allocate(newSize, NULLPTR);
175  }
176 }
177 
178 /// \brief Allocates a block of memory with cleanup
179 /// \tparam T class or type
180 /// \tparam T_Align16 boolean that determines whether allocations should be aligned on a 16-byte boundary
181 /// \details If T_Align16 is true, then AllocatorWithCleanup calls AlignedAllocate()
182 /// for memory allocations. If T_Align16 is false, then AllocatorWithCleanup() calls
183 /// UnalignedAllocate() for memory allocations.
184 /// \details Template parameter T_Align16 is effectively controlled by cryptlib.h and mirrors
185 /// CRYPTOPP_BOOL_ALIGN16. CRYPTOPP_BOOL_ALIGN16 is often used as the template parameter.
186 template <class T, bool T_Align16 = false>
188 {
189 public:
190  CRYPTOPP_INHERIT_ALLOCATOR_TYPES(T)
191 
192  /// \brief Allocates a block of memory
193  /// \param ptr the size of the allocation
194  /// \param size the size of the allocation, in elements
195  /// \return a memory block
196  /// \throw InvalidArgument
197  /// \details allocate() first checks the size of the request. If it is non-0
198  /// and less than max_size(), then an attempt is made to fulfill the request
199  /// using either AlignedAllocate() or UnalignedAllocate(). AlignedAllocate() is
200  /// used if T_Align16 is true. UnalignedAllocate() used if T_Align16 is false.
201  /// \details This is the C++ *Placement New* operator. ptr is not used, and the
202  /// function asserts in Debug builds if ptr is non-NULL.
203  /// \sa CallNewHandler() for the methods used to recover from a failed
204  /// allocation attempt.
205  /// \note size is the count of elements, and not the number of bytes
206  pointer allocate(size_type size, const void *ptr = NULLPTR)
207  {
208  CRYPTOPP_UNUSED(ptr); CRYPTOPP_ASSERT(ptr == NULLPTR);
209  this->CheckSize(size);
210  if (size == 0)
211  return NULLPTR;
212 
213 #if CRYPTOPP_BOOL_ALIGN16
214  if (T_Align16)
215  return reinterpret_cast<pointer>(AlignedAllocate(size*sizeof(T)));
216 #endif
217 
218  return reinterpret_cast<pointer>(UnalignedAllocate(size*sizeof(T)));
219  }
220 
221  /// \brief Deallocates a block of memory
222  /// \param ptr the pointer for the allocation
223  /// \param size the size of the allocation, in elements
224  /// \details Internally, SecureWipeArray() is called before deallocating the
225  /// memory. Once the memory block is wiped or zeroized, AlignedDeallocate()
226  /// or UnalignedDeallocate() is called.
227  /// \details AlignedDeallocate() is used if T_Align16 is true.
228  /// UnalignedDeallocate() used if T_Align16 is false.
229  void deallocate(void *ptr, size_type size)
230  {
231  // Avoid assert on pointer in deallocate. SecBlock regularly uses NULL
232  // pointers rather returning non-NULL 0-sized pointers.
233  if (ptr)
234  {
235  SecureWipeArray(reinterpret_cast<pointer>(ptr), size);
236 
237 #if CRYPTOPP_BOOL_ALIGN16
238  if (T_Align16)
239  return AlignedDeallocate(ptr);
240 #endif
241 
242  UnalignedDeallocate(ptr);
243  }
244  }
245 
246  /// \brief Reallocates a block of memory
247  /// \param oldPtr the previous allocation
248  /// \param oldSize the size of the previous allocation
249  /// \param newSize the new, requested size
250  /// \param preserve flag that indicates if the old allocation should be preserved
251  /// \return pointer to the new memory block
252  /// \details Internally, reallocate() calls StandardReallocate().
253  /// \details If preserve is true, then index 0 is used to begin copying the
254  /// old memory block to the new one. If the block grows, then the old array
255  /// is copied in its entirety. If the block shrinks, then only newSize
256  /// elements are copied from the old block to the new one.
257  /// \note oldSize and newSize are the count of elements, and not the
258  /// number of bytes.
259  pointer reallocate(T *oldPtr, size_type oldSize, size_type newSize, bool preserve)
260  {
261  CRYPTOPP_ASSERT((oldPtr && oldSize) || !(oldPtr || oldSize));
262  return StandardReallocate(*this, oldPtr, oldSize, newSize, preserve);
263  }
264 
265  /// \brief Template class member Rebind
266  /// \tparam V bound class or type
267  /// \details Rebind allows a container class to allocate a different type of object
268  /// to store elements. For example, a std::list will allocate std::list_node to
269  /// store elements in the list.
270  /// \details VS.NET STL enforces the policy of "All STL-compliant allocators
271  /// have to provide a template class member called rebind".
272  template <class V> struct rebind { typedef AllocatorWithCleanup<V, T_Align16> other; };
273 #if (CRYPTOPP_MSC_VERSION >= 1500)
275  template <class V, bool A> AllocatorWithCleanup(const AllocatorWithCleanup<V, A> &) {}
276 #endif
277 };
278 
283 #if defined(CRYPTOPP_WORD128_AVAILABLE)
285 #endif
286 #if CRYPTOPP_BOOL_X86
288 #endif
289 
290 /// \brief NULL allocator
291 /// \tparam T class or type
292 /// \details A NullAllocator is useful for fixed-size, stack based allocations
293 /// (i.e., static arrays used by FixedSizeAllocatorWithCleanup).
294 /// \details A NullAllocator always returns 0 for max_size(), and always returns
295 /// NULL for allocation requests. Though the allocator does not allocate at
296 /// runtime, it does perform a secure wipe or zeroization during cleanup.
297 template <class T>
298 class NullAllocator : public AllocatorBase<T>
299 {
300 public:
301  //LCOV_EXCL_START
302  CRYPTOPP_INHERIT_ALLOCATOR_TYPES(T)
303 
304  // TODO: should this return NULL or throw bad_alloc? Non-Windows C++ standard
305  // libraries always throw. And late mode Windows throws. Early model Windows
306  // (circa VC++ 6.0) returned NULL.
307  pointer allocate(size_type n, const void* unused = NULLPTR)
308  {
309  CRYPTOPP_UNUSED(n); CRYPTOPP_UNUSED(unused);
310  CRYPTOPP_ASSERT(false); return NULLPTR;
311  }
312 
313  void deallocate(void *p, size_type n)
314  {
315  CRYPTOPP_UNUSED(p); CRYPTOPP_UNUSED(n);
316  CRYPTOPP_ASSERT(false);
317  }
318 
319  CRYPTOPP_CONSTEXPR size_type max_size() const {return 0;}
320  //LCOV_EXCL_STOP
321 };
322 
323 /// \brief Static secure memory block with cleanup
324 /// \tparam T class or type
325 /// \tparam S fixed-size of the stack-based memory block, in elements
326 /// \tparam T_Align16 boolean that determines whether allocations should
327 /// be aligned on a 16-byte boundary
328 /// \details FixedSizeAllocatorWithCleanup provides a fixed-size, stack-
329 /// based allocation at compile time. The class can grow its memory
330 /// block at runtime if a suitable allocator is available. If size
331 /// grows beyond S and a suitable allocator is available, then the
332 /// statically allocated array is obsoleted.
333 /// \note This allocator can't be used with standard collections because
334 /// they require that all objects of the same allocator type are equivalent.
335 template <class T, size_t S, class A = NullAllocator<T>, bool T_Align16 = false>
337 {
338  // The body of FixedSizeAllocatorWithCleanup is provided in the two
339  // partial specializations that follow. The two specializations
340  // pivot on the boolean template parameter T_Align16.
341 };
342 
343 /// \brief Static secure memory block with cleanup
344 /// \tparam T class or type
345 /// \tparam S fixed-size of the stack-based memory block, in elements
346 /// \details FixedSizeAllocatorWithCleanup provides a fixed-size, stack-
347 /// based allocation at compile time. The class can grow its memory
348 /// block at runtime if a suitable allocator is available. If size
349 /// grows beyond S and a suitable allocator is available, then the
350 /// statically allocated array is obsoleted.
351 /// \note This allocator can't be used with standard collections because
352 /// they require that all objects of the same allocator type are equivalent.
353 template <class T, size_t S, class A>
354 class FixedSizeAllocatorWithCleanup<T, S, A, true> : public AllocatorBase<T>
355 {
356 public:
357  CRYPTOPP_INHERIT_ALLOCATOR_TYPES(T)
358 
359  /// \brief Constructs a FixedSizeAllocatorWithCleanup
360  FixedSizeAllocatorWithCleanup() : m_allocated(false) {}
361 
362  /// \brief Allocates a block of memory
363  /// \param size the count elements in the memory block
364  /// \details FixedSizeAllocatorWithCleanup provides a fixed-size, stack-based
365  /// allocation at compile time. If size is less than or equal to
366  /// <tt>S</tt>, then a pointer to the static array is returned.
367  /// \details The class can grow its memory block at runtime if a suitable
368  /// allocator is available. If size grows beyond S and a suitable
369  /// allocator is available, then the statically allocated array is
370  /// obsoleted. If a suitable allocator is not available, as with a
371  /// NullAllocator, then the function returns NULL and a runtime error
372  /// eventually occurs.
373  /// \sa reallocate(), SecBlockWithHint
374  pointer allocate(size_type size)
375  {
376  CRYPTOPP_ASSERT(IsAlignedOn(m_array, 8));
377 
378  if (size <= S && !m_allocated)
379  {
380  m_allocated = true;
381  return GetAlignedArray();
382  }
383  else
384  return m_fallbackAllocator.allocate(size);
385  }
386 
387  /// \brief Allocates a block of memory
388  /// \param size the count elements in the memory block
389  /// \param hint an unused hint
390  /// \details FixedSizeAllocatorWithCleanup provides a fixed-size, stack-
391  /// based allocation at compile time. If size is less than or equal to
392  /// S, then a pointer to the static array is returned.
393  /// \details The class can grow its memory block at runtime if a suitable
394  /// allocator is available. If size grows beyond S and a suitable
395  /// allocator is available, then the statically allocated array is
396  /// obsoleted. If a suitable allocator is not available, as with a
397  /// NullAllocator, then the function returns NULL and a runtime error
398  /// eventually occurs.
399  /// \sa reallocate(), SecBlockWithHint
400  pointer allocate(size_type size, const void *hint)
401  {
402  CRYPTOPP_ASSERT(IsAlignedOn(m_array, 8));
403 
404  if (size <= S && !m_allocated)
405  {
406  m_allocated = true;
407  return GetAlignedArray();
408  }
409  else
410  return m_fallbackAllocator.allocate(size, hint);
411  }
412 
413  /// \brief Deallocates a block of memory
414  /// \param ptr a pointer to the memory block to deallocate
415  /// \param size the count elements in the memory block
416  /// \details The memory block is wiped or zeroized before deallocation.
417  /// If the statically allocated memory block is active, then no
418  /// additional actions are taken after the wipe.
419  /// \details If a dynamic memory block is active, then the pointer and
420  /// size are passed to the allocator for deallocation.
421  void deallocate(void *ptr, size_type size)
422  {
423  // Avoid assert on pointer in deallocate. SecBlock regularly uses NULL
424  // pointers rather returning non-NULL 0-sized pointers.
425  if (ptr == GetAlignedArray())
426  {
427  // If the m_allocated assert fires then the bit twiddling for
428  // GetAlignedArray() is probably incorrect for the platform.
429  // Be sure to check CRYPTOPP_ALIGN_DATA(8). The platform may
430  // not have a way to declaratively align data to 8.
431  CRYPTOPP_ASSERT(size <= S);
432  CRYPTOPP_ASSERT(m_allocated);
433  m_allocated = false;
434  SecureWipeArray(reinterpret_cast<pointer>(ptr), size);
435  }
436  else
437  {
438  if (ptr)
439  m_fallbackAllocator.deallocate(ptr, size);
440  }
441  }
442 
443  /// \brief Reallocates a block of memory
444  /// \param oldPtr the previous allocation
445  /// \param oldSize the size of the previous allocation
446  /// \param newSize the new, requested size
447  /// \param preserve flag that indicates if the old allocation should
448  /// be preserved
449  /// \return pointer to the new memory block
450  /// \details FixedSizeAllocatorWithCleanup provides a fixed-size, stack-
451  /// based allocation at compile time. If size is less than or equal to
452  /// S, then a pointer to the static array is returned.
453  /// \details The class can grow its memory block at runtime if a suitable
454  /// allocator is available. If size grows beyond S and a suitable
455  /// allocator is available, then the statically allocated array is
456  /// obsoleted. If a suitable allocator is not available, as with a
457  /// NullAllocator, then the function returns NULL and a runtime error
458  /// eventually occurs.
459  /// \note size is the count of elements, and not the number of bytes.
460  /// \sa reallocate(), SecBlockWithHint
461  pointer reallocate(pointer oldPtr, size_type oldSize, size_type newSize, bool preserve)
462  {
463  if (oldPtr == GetAlignedArray() && newSize <= S)
464  {
465  CRYPTOPP_ASSERT(oldSize <= S);
466  if (oldSize > newSize)
467  SecureWipeArray(oldPtr+newSize, oldSize-newSize);
468  return oldPtr;
469  }
470 
471  pointer newPtr = allocate(newSize, NULLPTR);
472  if (preserve && newSize)
473  {
474  const size_type copySize = STDMIN(oldSize, newSize);
475  if (newPtr && oldPtr) // GCC analyzer warning
476  memcpy_s(newPtr, sizeof(T)*newSize, oldPtr, sizeof(T)*copySize);
477  }
478  deallocate(oldPtr, oldSize);
479  return newPtr;
480  }
481 
482  CRYPTOPP_CONSTEXPR size_type max_size() const
483  {
484  return STDMAX(m_fallbackAllocator.max_size(), S);
485  }
486 
487 private:
488 
489 #if CRYPTOPP_BOOL_ALIGN16
490 
491  // There be demons here... We cannot use CRYPTOPP_ALIGN_DATA(16)
492  // because linkers on 32-bit machines and some 64-bit machines
493  // align the stack to 8-bytes or less, and not 16-bytes as
494  // requested. We can only count on a smaller alignment. All
495  // toolchains tested appear to honor CRYPTOPP_ALIGN_DATA(8). Also
496  // see http://stackoverflow.com/a/1468656/608639.
497  //
498  // The 16-byte alignment is achieved by padding the requested
499  // size with extra elements so we have at least 8-bytes of slack
500  // to work with. Then the array pointer is moved to achieve a
501  // 16-byte alignment.
502  //
503  // The additional 8-bytes introduces a small secondary issue.
504  // The secondary issue is, a large T results in 0 = 8/sizeof(T).
505  // The library is OK but users may hit it. So we need to guard
506  // for a large T, and that is what the enum and PAD achieves.
507  T* GetAlignedArray() {
508 
509  // m_array is aligned on 8 byte boundaries due to
510  // CRYPTOPP_ALIGN_DATA(8). If m_array%16 is 0, then the buffer
511  // is 16-byte aligned and nothing needs to be done. if
512  // m_array%16 is 8, then the buffer is not 16-byte aligned and
513  // we need to add 8. 8 has that nice symmetric property.
514  //
515  // If we needed to use CRYPTOPP_ALIGN_DATA(4) due to toolchain
516  // limitations, then the calculation would be slightly more
517  // costly: ptr = m_array + (16 - (m_array % 16)) % 16;
518  CRYPTOPP_ASSERT(IsAlignedOn(m_array, 8));
519  int off = reinterpret_cast<uintptr_t>(m_array) % 16;
520  byte* ptr = reinterpret_cast<byte*>(m_array) + off;
521 
522  // Verify the 16-byte alignment. This is the point
523  // of these extra gyrations.
524  CRYPTOPP_ASSERT(IsAlignedOn(ptr, 16));
525  // Verify the lower bound. This is Issue 982/988.
527  reinterpret_cast<uintptr_t>(ptr) >=
528  reinterpret_cast<uintptr_t>(m_array)
529  );
530  // Verify the upper bound. Allocated array with
531  // pad is large enough.
533  reinterpret_cast<uintptr_t>(ptr+S*sizeof(T)) <=
534  reinterpret_cast<uintptr_t>(m_array+(S+PAD))
535  );
536 
537  // void* to silence Clang warnings
538  return reinterpret_cast<T*>(
539  static_cast<void*>(ptr)
540  );
541  }
542 
543  // PAD is elements, not bytes, and rounded up to ensure no overflow.
544  enum { Q = sizeof(T), PAD = (Q >= 8) ? 1 : (Q >= 4) ? 2 : (Q >= 2) ? 4 : 8 };
545  // enum { Q = sizeof(T), PAD = (Q >= 16) ? 1 : (Q >= 8) ? 2 : (Q >= 4) ? 4 : (Q >= 2) ? 8 : 16 };
546  CRYPTOPP_ALIGN_DATA(8) T m_array[S+PAD];
547 
548 #else
549 
550  // CRYPTOPP_BOOL_ALIGN16 is 0. If we are here then the user
551  // probably compiled with CRYPTOPP_DISABLE_ASM. Normally we
552  // would use the natural alignment of T. The problem we are
553  // having is, some toolchains are changing the boundary for
554  // 64-bit arrays. 64-bit elements require 8-byte alignment,
555  // but the toolchain is laying the array out on a 4 byte
556  // boundary. See GH #992 for mystery alignment,
557  // https://github.com/weidai11/cryptopp/issues/992
558  T* GetAlignedArray() {return m_array;}
559  CRYPTOPP_ALIGN_DATA(8) T m_array[S];
560 
561 #endif
562 
563  A m_fallbackAllocator;
564  bool m_allocated;
565 };
566 
567 /// \brief Static secure memory block with cleanup
568 /// \tparam T class or type
569 /// \tparam S fixed-size of the stack-based memory block, in elements
570 /// \details FixedSizeAllocatorWithCleanup provides a fixed-size, stack-
571 /// based allocation at compile time. The class can grow its memory
572 /// block at runtime if a suitable allocator is available. If size
573 /// grows beyond S and a suitable allocator is available, then the
574 /// statically allocated array is obsoleted.
575 /// \note This allocator can't be used with standard collections because
576 /// they require that all objects of the same allocator type are equivalent.
577 template <class T, size_t S, class A>
578 class FixedSizeAllocatorWithCleanup<T, S, A, false> : public AllocatorBase<T>
579 {
580 public:
581  CRYPTOPP_INHERIT_ALLOCATOR_TYPES(T)
582 
583  /// \brief Constructs a FixedSizeAllocatorWithCleanup
584  FixedSizeAllocatorWithCleanup() : m_allocated(false) {}
585 
586  /// \brief Allocates a block of memory
587  /// \param size the count elements in the memory block
588  /// \details FixedSizeAllocatorWithCleanup provides a fixed-size, stack-based
589  /// allocation at compile time. If size is less than or equal to
590  /// <tt>S</tt>, then a pointer to the static array is returned.
591  /// \details The class can grow its memory block at runtime if a suitable
592  /// allocator is available. If size grows beyond S and a suitable
593  /// allocator is available, then the statically allocated array is
594  /// obsoleted. If a suitable allocator is not available, as with a
595  /// NullAllocator, then the function returns NULL and a runtime error
596  /// eventually occurs.
597  /// \sa reallocate(), SecBlockWithHint
598  pointer allocate(size_type size)
599  {
600  CRYPTOPP_ASSERT(IsAlignedOn(m_array, 8));
601 
602  if (size <= S && !m_allocated)
603  {
604  m_allocated = true;
605  return GetAlignedArray();
606  }
607  else
608  return m_fallbackAllocator.allocate(size);
609  }
610 
611  /// \brief Allocates a block of memory
612  /// \param size the count elements in the memory block
613  /// \param hint an unused hint
614  /// \details FixedSizeAllocatorWithCleanup provides a fixed-size, stack-
615  /// based allocation at compile time. If size is less than or equal to
616  /// S, then a pointer to the static array is returned.
617  /// \details The class can grow its memory block at runtime if a suitable
618  /// allocator is available. If size grows beyond S and a suitable
619  /// allocator is available, then the statically allocated array is
620  /// obsoleted. If a suitable allocator is not available, as with a
621  /// NullAllocator, then the function returns NULL and a runtime error
622  /// eventually occurs.
623  /// \sa reallocate(), SecBlockWithHint
624  pointer allocate(size_type size, const void *hint)
625  {
626  if (size <= S && !m_allocated)
627  {
628  m_allocated = true;
629  return GetAlignedArray();
630  }
631  else
632  return m_fallbackAllocator.allocate(size, hint);
633  }
634 
635  /// \brief Deallocates a block of memory
636  /// \param ptr a pointer to the memory block to deallocate
637  /// \param size the count elements in the memory block
638  /// \details The memory block is wiped or zeroized before deallocation.
639  /// If the statically allocated memory block is active, then no
640  /// additional actions are taken after the wipe.
641  /// \details If a dynamic memory block is active, then the pointer and
642  /// size are passed to the allocator for deallocation.
643  void deallocate(void *ptr, size_type size)
644  {
645  // Avoid assert on pointer in deallocate. SecBlock regularly uses NULL
646  // pointers rather returning non-NULL 0-sized pointers.
647  if (ptr == GetAlignedArray())
648  {
649  // If the m_allocated assert fires then
650  // something overwrote the flag.
651  CRYPTOPP_ASSERT(size <= S);
652  CRYPTOPP_ASSERT(m_allocated);
653  m_allocated = false;
654  SecureWipeArray((pointer)ptr, size);
655  }
656  else
657  {
658  if (ptr)
659  m_fallbackAllocator.deallocate(ptr, size);
660  m_allocated = false;
661  }
662  }
663 
664  /// \brief Reallocates a block of memory
665  /// \param oldPtr the previous allocation
666  /// \param oldSize the size of the previous allocation
667  /// \param newSize the new, requested size
668  /// \param preserve flag that indicates if the old allocation should
669  /// be preserved
670  /// \return pointer to the new memory block
671  /// \details FixedSizeAllocatorWithCleanup provides a fixed-size, stack-
672  /// based allocation at compile time. If size is less than or equal to
673  /// S, then a pointer to the static array is returned.
674  /// \details The class can grow its memory block at runtime if a suitable
675  /// allocator is available. If size grows beyond S and a suitable
676  /// allocator is available, then the statically allocated array is
677  /// obsoleted. If a suitable allocator is not available, as with a
678  /// NullAllocator, then the function returns NULL and a runtime error
679  /// eventually occurs.
680  /// \note size is the count of elements, and not the number of bytes.
681  /// \sa reallocate(), SecBlockWithHint
682  pointer reallocate(pointer oldPtr, size_type oldSize, size_type newSize, bool preserve)
683  {
684  if (oldPtr == GetAlignedArray() && newSize <= S)
685  {
686  CRYPTOPP_ASSERT(oldSize <= S);
687  if (oldSize > newSize)
688  SecureWipeArray(oldPtr+newSize, oldSize-newSize);
689  return oldPtr;
690  }
691 
692  pointer newPtr = allocate(newSize, NULLPTR);
693  if (preserve && newSize)
694  {
695  const size_type copySize = STDMIN(oldSize, newSize);
696  if (newPtr && oldPtr) // GCC analyzer warning
697  memcpy_s(newPtr, sizeof(T)*newSize, oldPtr, sizeof(T)*copySize);
698  }
699  deallocate(oldPtr, oldSize);
700  return newPtr;
701  }
702 
703  CRYPTOPP_CONSTEXPR size_type max_size() const
704  {
705  return STDMAX(m_fallbackAllocator.max_size(), S);
706  }
707 
708 private:
709 
710  // T_Align16 is false. Normally we would use the natural
711  // alignment of T. The problem we are having is, some toolchains
712  // are changing the boundary for 64-bit arrays. 64-bit elements
713  // require 8-byte alignment, but the toolchain is laying the array
714  // out on a 4 byte boundary. See GH #992 for mystery alignment,
715  // https://github.com/weidai11/cryptopp/issues/992
716  T* GetAlignedArray() {return m_array;}
717  CRYPTOPP_ALIGN_DATA(8) T m_array[S];
718 
719  A m_fallbackAllocator;
720  bool m_allocated;
721 };
722 
723 /// \brief Secure memory block with allocator and cleanup
724 /// \tparam T a class or type
725 /// \tparam A AllocatorWithCleanup derived class for allocation and cleanup
726 /// \sa <A HREF="https://www.cryptopp.com/wiki/SecBlock">SecBlock</A>
727 /// on the Crypto++ wiki.
728 /// \since Crypto++ 2.0
729 template <class T, class A = AllocatorWithCleanup<T> >
730 class SecBlock
731 {
732 public:
733  typedef typename A::value_type value_type;
734  typedef typename A::pointer iterator;
735  typedef typename A::const_pointer const_iterator;
736  typedef typename A::size_type size_type;
737 
738  /// \brief Returns the maximum number of elements the block can hold
739  /// \details <tt>ELEMS_MAX</tt> is the maximum number of elements the
740  /// <tt>SecBlock</tt> can hold. The value of <tt>ELEMS_MAX</tt> is
741  /// <tt>SIZE_MAX/sizeof(T)</tt>. <tt>std::numeric_limits</tt> was avoided
742  /// due to lack of <tt>constexpr</tt>-ness in C++03 and below.
743  /// \note In C++03 and below <tt>ELEMS_MAX</tt> is a static data member of type
744  /// <tt>size_type</tt>. In C++11 and above <tt>ELEMS_MAX</tt> is an <tt>enum</tt>
745  /// inheriting from <tt>size_type</tt>. In both cases <tt>ELEMS_MAX</tt> can be
746  /// used before objects are fully constructed, and it does not suffer the
747  /// limitations of class methods like <tt>max_size</tt>.
748  /// \sa <A HREF="http://github.com/weidai11/cryptopp/issues/346">Issue 346/CVE-2016-9939</A>
749  /// \since Crypto++ 6.0
750 #if defined(CRYPTOPP_DOXYGEN_PROCESSING)
751  static const size_type ELEMS_MAX = ...;
752 #elif defined(CRYPTOPP_MSC_VERSION) && (CRYPTOPP_MSC_VERSION <= 1400)
753  static const size_type ELEMS_MAX = (~(size_type)0)/sizeof(T);
754 #elif defined(CRYPTOPP_CXX11_STRONG_ENUM)
755  enum : size_type {ELEMS_MAX = A::ELEMS_MAX};
756 #else
757  static const size_type ELEMS_MAX = SIZE_MAX/sizeof(T);
758 #endif
759 
760  /// \brief Construct a SecBlock with space for size elements.
761  /// \param size the size of the allocation, in elements
762  /// \throw std::bad_alloc
763  /// \details The elements are not initialized.
764  /// \since Crypto++ 2.0
765  /// \note size is the count of elements, and not the number of bytes
766  explicit SecBlock(size_type size=0)
767  : m_mark(ELEMS_MAX), m_size(size), m_ptr(m_alloc.allocate(size, NULLPTR)) { }
768 
769  /// \brief Copy construct a SecBlock from another SecBlock
770  /// \param t the other SecBlock
771  /// \throw std::bad_alloc
772  /// \since Crypto++ 2.0
774  : m_mark(t.m_mark), m_size(t.m_size), m_ptr(m_alloc.allocate(t.m_size, NULLPTR)) {
775  CRYPTOPP_ASSERT((!t.m_ptr && !m_size) || (t.m_ptr && m_size));
776  if (m_ptr && t.m_ptr)
777  memcpy_s(m_ptr, m_size*sizeof(T), t.m_ptr, t.m_size*sizeof(T));
778  }
779 
780  /// \brief Construct a SecBlock from an array of elements.
781  /// \param ptr a pointer to an array of T
782  /// \param len the number of elements in the memory block
783  /// \throw std::bad_alloc
784  /// \details If <tt>ptr!=NULL</tt> and <tt>len!=0</tt>, then the block is initialized from the pointer
785  /// <tt>ptr</tt>. If <tt>ptr==NULL</tt> and <tt>len!=0</tt>, then the block is initialized to 0.
786  /// Otherwise, the block is empty and not initialized.
787  /// \since Crypto++ 2.0
788  /// \note size is the count of elements, and not the number of bytes
789  SecBlock(const T *ptr, size_type len)
790  : m_mark(ELEMS_MAX), m_size(len), m_ptr(m_alloc.allocate(len, NULLPTR)) {
791  CRYPTOPP_ASSERT((!m_ptr && !m_size) || (m_ptr && m_size));
792  if (m_ptr && ptr)
793  memcpy_s(m_ptr, m_size*sizeof(T), ptr, len*sizeof(T));
794  else if (m_ptr && m_size)
795  std::memset(m_ptr, 0, m_size*sizeof(T));
796  }
797 
798  ~SecBlock()
799  {m_alloc.deallocate(m_ptr, STDMIN(m_size, m_mark));}
800 
801 #ifdef __BORLANDC__
802  /// \brief Cast operator
803  /// \return block pointer cast to non-const <tt>T *</tt>
804  /// \since Crypto++ 2.0
805  operator T *() const
806  {return (T*)m_ptr;}
807 #else
808  /// \brief Cast operator
809  /// \return block pointer cast to <tt>const void *</tt>
810  /// \since Crypto++ 2.0
811  operator const void *() const
812  {return m_ptr;}
813 
814  /// \brief Cast operator
815  /// \return block pointer cast to non-const <tt>void *</tt>
816  /// \since Crypto++ 2.0
817  operator void *()
818  {return m_ptr;}
819 
820  /// \brief Cast operator
821  /// \return block pointer cast to <tt>const T *</tt>
822  /// \since Crypto++ 2.0
823  operator const T *() const
824  {return m_ptr;}
825 
826  /// \brief Cast operator
827  /// \return block pointer cast to non-const <tt>T *</tt>
828  /// \since Crypto++ 2.0
829  operator T *()
830  {return m_ptr;}
831 #endif
832 
833  /// \brief Provides an iterator pointing to the first element in the memory block
834  /// \return iterator pointing to the first element in the memory block
835  /// \since Crypto++ 2.0
836  iterator begin()
837  {return m_ptr;}
838  /// \brief Provides a constant iterator pointing to the first element in the memory block
839  /// \return constant iterator pointing to the first element in the memory block
840  /// \since Crypto++ 2.0
841  const_iterator begin() const
842  {return m_ptr;}
843  /// \brief Provides an iterator pointing beyond the last element in the memory block
844  /// \return iterator pointing beyond the last element in the memory block
845  /// \since Crypto++ 2.0
846  iterator end()
847  {return m_ptr+m_size;}
848  /// \brief Provides a constant iterator pointing beyond the last element in the memory block
849  /// \return constant iterator pointing beyond the last element in the memory block
850  /// \since Crypto++ 2.0
851  const_iterator end() const
852  {return m_ptr+m_size;}
853 
854  /// \brief Provides a pointer to the first element in the memory block
855  /// \return pointer to the first element in the memory block
856  /// \since Crypto++ 2.0
857  typename A::pointer data() {return m_ptr;}
858  /// \brief Provides a pointer to the first element in the memory block
859  /// \return constant pointer to the first element in the memory block
860  /// \since Crypto++ 2.0
861  typename A::const_pointer data() const {return m_ptr;}
862 
863  /// \brief Provides the count of elements in the SecBlock
864  /// \return number of elements in the memory block
865  /// \note the return value is the count of elements, and not the number of bytes
866  /// \since Crypto++ 2.0
867  size_type size() const {return m_size;}
868  /// \brief Determines if the SecBlock is empty
869  /// \return true if number of elements in the memory block is 0, false otherwise
870  /// \since Crypto++ 2.0
871  bool empty() const {return m_size == 0;}
872 
873  /// \brief Provides a byte pointer to the first element in the memory block
874  /// \return byte pointer to the first element in the memory block
875  /// \since Crypto++ 2.0
876  byte * BytePtr() {return (byte *)m_ptr;}
877  /// \brief Return a byte pointer to the first element in the memory block
878  /// \return constant byte pointer to the first element in the memory block
879  /// \since Crypto++ 2.0
880  const byte * BytePtr() const {return (const byte *)m_ptr;}
881  /// \brief Provides the number of bytes in the SecBlock
882  /// \return the number of bytes in the memory block
883  /// \note the return value is the number of bytes, and not count of elements.
884  /// \since Crypto++ 2.0
885  size_type SizeInBytes() const {return m_size*sizeof(T);}
886 
887  /// \brief Set contents and size from an array
888  /// \param ptr a pointer to an array of T
889  /// \param len the number of elements in the memory block
890  /// \details The array pointed to by <tt>ptr</tt> must be distinct
891  /// from this SecBlock because Assign() calls New() and then std::memcpy().
892  /// The call to New() will invalidate all pointers and iterators, like
893  /// the pointer returned from data().
894  /// \details If the memory block is reduced in size, then the reclaimed
895  /// memory is set to 0. If an assignment occurs, then Assign() resets
896  /// the element count after the previous block is zeroized.
897  /// \since Crypto++ 2.0
898  void Assign(const T *ptr, size_type len)
899  {
900  New(len);
901  if (m_ptr && ptr) // GCC analyzer warning
902  memcpy_s(m_ptr, m_size*sizeof(T), ptr, len*sizeof(T));
903  m_mark = ELEMS_MAX;
904  }
905 
906  /// \brief Set contents from a value
907  /// \param count the number of values to copy
908  /// \param value the value, repeated count times
909  /// \details If the memory block is reduced in size, then the reclaimed
910  /// memory is set to 0. If an assignment occurs, then Assign() resets
911  /// the element count after the previous block is zeroized.
912  /// \since Crypto++ 6.0
913  void Assign(size_type count, T value)
914  {
915  New(count);
916  for (size_t i=0; i<count; ++i)
917  m_ptr[i] = value;
918  m_mark = ELEMS_MAX;
919  }
920 
921  /// \brief Copy contents from another SecBlock
922  /// \param t the other SecBlock
923  /// \details Assign checks for self assignment.
924  /// \details If the memory block is reduced in size, then the reclaimed
925  /// memory is set to 0. If an assignment occurs, then Assign() resets
926  /// the element count after the previous block is zeroized.
927  /// \since Crypto++ 2.0
928  void Assign(const SecBlock<T, A> &t)
929  {
930  if (this != &t)
931  {
932  New(t.m_size);
933  if (m_ptr && t.m_ptr) // GCC analyzer warning
934  memcpy_s(m_ptr, m_size*sizeof(T), t, t.m_size*sizeof(T));
935  }
936  m_mark = ELEMS_MAX;
937  }
938 
939  /// \brief Append contents from an array
940  /// \param ptr a pointer to an array of T
941  /// \param len the number of elements in the memory block
942  /// \throw InvalidArgument if resulting size would overflow
943  /// \details The array pointed to by <tt>ptr</tt> must be distinct
944  /// from this SecBlock because Append() calls Grow() and then std::memcpy().
945  /// The call to Grow() will invalidate all pointers and iterators, like
946  /// the pointer returned from data().
947  /// \details Append() may be less efficient than a ByteQueue because
948  /// Append() must Grow() the internal array and then copy elements.
949  /// The ByteQueue can copy elements without growing.
950  /// \sa ByteQueue
951  /// \since Crypto++ 8.6
952  void Append(const T *ptr, size_type len)
953  {
954  if (ELEMS_MAX - m_size < len)
955  throw InvalidArgument("SecBlock: buffer overflow");
956 
957  const size_type oldSize = m_size;
958  Grow(m_size+len);
959  if (m_ptr && ptr) // GCC analyzer warning
960  memcpy_s(m_ptr+oldSize, (m_size-oldSize)*sizeof(T), ptr, len*sizeof(T));
961  m_mark = ELEMS_MAX;
962  }
963 
964  /// \brief Append contents from another SecBlock
965  /// \param t the other SecBlock
966  /// \throw InvalidArgument if resulting size would overflow
967  /// \details Internally, this SecBlock calls Grow() and then appends t.
968  /// \details Append() may be less efficient than a ByteQueue because
969  /// Append() must Grow() the internal array and then copy elements.
970  /// The ByteQueue can copy elements without growing.
971  /// \sa ByteQueue
972  /// \since Crypto++ 8.6
973  void Append(const SecBlock<T, A> &t)
974  {
975  if (ELEMS_MAX - m_size < t.m_size)
976  throw InvalidArgument("SecBlock: buffer overflow");
977 
978  const size_type oldSize = m_size;
979  if (this != &t) // s += t
980  {
981  Grow(m_size+t.m_size);
982  if (m_ptr && t.m_ptr) // GCC analyzer warning
983  memcpy_s(m_ptr+oldSize, (m_size-oldSize)*sizeof(T), t.m_ptr, t.m_size*sizeof(T));
984  }
985  else // t += t
986  {
987  Grow(m_size*2);
988  if (m_ptr) // GCC analyzer warning
989  memmove_s(m_ptr+oldSize, (m_size-oldSize)*sizeof(T), m_ptr, oldSize*sizeof(T));
990  }
991  m_mark = ELEMS_MAX;
992  }
993 
994  /// \brief Append contents from a value
995  /// \param count the number of values to copy
996  /// \param value the value, repeated count times
997  /// \throw InvalidArgument if resulting size would overflow
998  /// \details Internally, this SecBlock calls Grow() and then appends value.
999  /// \details Append() may be less efficient than a ByteQueue because
1000  /// Append() must Grow() the internal array and then copy elements.
1001  /// The ByteQueue can copy elements without growing.
1002  /// \sa ByteQueue
1003  /// \since Crypto++ 8.6
1004  void Append(size_type count, T value)
1005  {
1006  if (ELEMS_MAX - m_size < count)
1007  throw InvalidArgument("SecBlock: buffer overflow");
1008 
1009  const size_type oldSize = m_size;
1010  Grow(m_size+count);
1011  for (size_t i=oldSize; i<oldSize+count; ++i)
1012  m_ptr[i] = value;
1013  m_mark = ELEMS_MAX;
1014  }
1015 
1016  /// \brief Sets the number of elements to zeroize
1017  /// \param count the number of elements
1018  /// \details SetMark is a remediation for Issue 346/CVE-2016-9939 while
1019  /// preserving the streaming interface. The <tt>count</tt> controls the number of
1020  /// elements zeroized, which can be less than <tt>size</tt> or 0.
1021  /// \details An internal variable, <tt>m_mark</tt>, is initialized to the maximum number
1022  /// of elements. The maximum number of elements is <tt>ELEMS_MAX</tt>. Deallocation
1023  /// triggers a zeroization, and the number of elements zeroized is
1024  /// <tt>STDMIN(m_size, m_mark)</tt>. After zeroization, the memory is returned to the
1025  /// system.
1026  /// \details The ASN.1 decoder uses SetMark() to set the element count to 0
1027  /// before throwing an exception. In this case, the attacker provides a large
1028  /// BER encoded length (say 64MB) but only a small number of content octets
1029  /// (say 16). If the allocator zeroized all 64MB, then a transient DoS could
1030  /// occur as CPU cycles are spent zeroizing uninitialized memory.
1031  /// \details Generally speaking, any operation which changes the size of the SecBlock
1032  /// results in the mark being reset to <tt>ELEMS_MAX</tt>. In particular, if Assign(),
1033  /// New(), Grow(), CleanNew(), CleanGrow() are called, then the count is reset to
1034  /// <tt>ELEMS_MAX</tt>. The list is not exhaustive.
1035  /// \since Crypto++ 6.0
1036  /// \sa <A HREF="http://github.com/weidai11/cryptopp/issues/346">Issue 346/CVE-2016-9939</A>
1037  void SetMark(size_t count) {m_mark = count;}
1038 
1039  /// \brief Assign contents from another SecBlock
1040  /// \param t the other SecBlock
1041  /// \return reference to this SecBlock
1042  /// \details Internally, operator=() calls Assign().
1043  /// \details If the memory block is reduced in size, then the reclaimed
1044  /// memory is set to 0. If an assignment occurs, then Assign() resets
1045  /// the element count after the previous block is zeroized.
1046  /// \since Crypto++ 2.0
1048  {
1049  // Assign guards for self-assignment
1050  Assign(t);
1051  return *this;
1052  }
1053 
1054  /// \brief Append contents from another SecBlock
1055  /// \param t the other SecBlock
1056  /// \return reference to this SecBlock
1057  /// \details Internally, operator+=() calls Append().
1058  /// \since Crypto++ 2.0
1060  {
1061  // Append guards for overflow
1062  Append(t);
1063  return *this;
1064  }
1065 
1066  /// \brief Construct a SecBlock from this and another SecBlock
1067  /// \param t the other SecBlock
1068  /// \return a newly constructed SecBlock that is a concatenation of this
1069  /// and t.
1070  /// \details Internally, a new SecBlock is created from this and a
1071  /// concatenation of t.
1072  /// \since Crypto++ 2.0
1074  {
1075  CRYPTOPP_ASSERT((!m_ptr && !m_size) || (m_ptr && m_size));
1076  CRYPTOPP_ASSERT((!t.m_ptr && !t.m_size) || (t.m_ptr && t.m_size));
1077  if(!t.m_size) return SecBlock(*this);
1078 
1079  SecBlock<T, A> result(m_size+t.m_size);
1080  if (m_size)
1081  memcpy_s(result.m_ptr, result.m_size*sizeof(T), m_ptr, m_size*sizeof(T));
1082  if (result.m_ptr && t.m_ptr) // GCC analyzer warning
1083  memcpy_s(result.m_ptr+m_size, (result.m_size-m_size)*sizeof(T), t.m_ptr, t.m_size*sizeof(T));
1084  return result;
1085  }
1086 
1087  /// \brief Bitwise compare two SecBlocks
1088  /// \param t the other SecBlock
1089  /// \return true if the size and bits are equal, false otherwise
1090  /// \details Uses a constant time compare if the arrays are equal size.
1091  /// The constant time compare is VerifyBufsEqual() found in
1092  /// <tt>misc.h</tt>.
1093  /// \sa operator!=()
1094  /// \since Crypto++ 2.0
1095  bool operator==(const SecBlock<T, A> &t) const
1096  {
1097  return m_size == t.m_size && VerifyBufsEqual(
1098  reinterpret_cast<const byte*>(m_ptr),
1099  reinterpret_cast<const byte*>(t.m_ptr), m_size*sizeof(T));
1100  }
1101 
1102  /// \brief Bitwise compare two SecBlocks
1103  /// \param t the other SecBlock
1104  /// \return true if the size and bits are equal, false otherwise
1105  /// \details Uses a constant time compare if the arrays are equal size.
1106  /// The constant time compare is VerifyBufsEqual() found in
1107  /// <tt>misc.h</tt>.
1108  /// \details Internally, operator!=() returns the inverse of operator==().
1109  /// \sa operator==()
1110  /// \since Crypto++ 2.0
1111  bool operator!=(const SecBlock<T, A> &t) const
1112  {
1113  return !operator==(t);
1114  }
1115 
1116  /// \brief Change size without preserving contents
1117  /// \param newSize the new size of the memory block
1118  /// \details Old content is not preserved. If the memory block is
1119  /// reduced in size, then the reclaimed content is set to 0. If the
1120  /// memory block grows in size, then the new memory is initialized
1121  /// to 0. New() resets the element count after the previous block
1122  /// is zeroized.
1123  /// \details Internally, this SecBlock calls reallocate().
1124  /// \sa New(), CleanNew(), Grow(), CleanGrow(), resize()
1125  /// \since Crypto++ 2.0
1126  void New(size_type newSize)
1127  {
1128  m_ptr = m_alloc.reallocate(m_ptr, m_size, newSize, false);
1129  m_size = newSize;
1130  m_mark = ELEMS_MAX;
1131  }
1132 
1133  /// \brief Change size without preserving contents
1134  /// \param newSize the new size of the memory block
1135  /// \details Old content is not preserved. If the memory block is
1136  /// reduced in size, then the reclaimed content is set to 0. If the
1137  /// memory block grows in size, then the new memory is initialized
1138  /// to 0. CleanNew() resets the element count after the previous
1139  /// block is zeroized.
1140  /// \details Internally, this SecBlock calls New().
1141  /// \sa New(), CleanNew(), Grow(), CleanGrow(), resize()
1142  /// \since Crypto++ 2.0
1143  void CleanNew(size_type newSize)
1144  {
1145  New(newSize);
1146  if (m_ptr) {memset_z(m_ptr, 0, m_size*sizeof(T));}
1147  m_mark = ELEMS_MAX;
1148  }
1149 
1150  /// \brief Change size and preserve contents
1151  /// \param newSize the new size of the memory block
1152  /// \details Old content is preserved. New content is not initialized.
1153  /// \details Internally, this SecBlock calls reallocate() when size must
1154  /// increase. If the size does not increase, then CleanGrow() does not
1155  /// take action. If the size must change, then use resize(). CleanGrow()
1156  /// resets the element count after the previous block is zeroized.
1157  /// \sa New(), CleanNew(), Grow(), CleanGrow(), resize()
1158  /// \sa New(), CleanNew(), Grow(), CleanGrow(), resize()
1159  /// \since Crypto++ 2.0
1160  void Grow(size_type newSize)
1161  {
1162  if (newSize > m_size)
1163  {
1164  m_ptr = m_alloc.reallocate(m_ptr, m_size, newSize, true);
1165  m_size = newSize;
1166  }
1167  m_mark = ELEMS_MAX;
1168  }
1169 
1170  /// \brief Change size and preserve contents
1171  /// \param newSize the new size of the memory block
1172  /// \details Old content is preserved. New content is initialized to 0.
1173  /// \details Internally, this SecBlock calls reallocate() when size must
1174  /// increase. If the size does not increase, then CleanGrow() does not
1175  /// take action. If the size must change, then use resize(). CleanGrow()
1176  /// resets the element count after the previous block is zeroized.
1177  /// \sa New(), CleanNew(), Grow(), CleanGrow(), resize()
1178  /// \since Crypto++ 2.0
1179  void CleanGrow(size_type newSize)
1180  {
1181  if (newSize > m_size)
1182  {
1183  m_ptr = m_alloc.reallocate(m_ptr, m_size, newSize, true);
1184  memset_z(m_ptr+m_size, 0, (newSize-m_size)*sizeof(T));
1185  m_size = newSize;
1186  }
1187  m_mark = ELEMS_MAX;
1188  }
1189 
1190  /// \brief Change size and preserve contents
1191  /// \param newSize the new size of the memory block
1192  /// \details Old content is preserved. If the memory block grows in size, then
1193  /// new memory is not initialized. resize() resets the element count after
1194  /// the previous block is zeroized.
1195  /// \details Internally, this SecBlock calls reallocate().
1196  /// \sa New(), CleanNew(), Grow(), CleanGrow(), resize()
1197  /// \since Crypto++ 2.0
1198  void resize(size_type newSize)
1199  {
1200  m_ptr = m_alloc.reallocate(m_ptr, m_size, newSize, true);
1201  m_size = newSize;
1202  m_mark = ELEMS_MAX;
1203  }
1204 
1205  /// \brief Swap contents with another SecBlock
1206  /// \param b the other SecBlock
1207  /// \details Internally, std::swap() is called on m_alloc, m_size and m_ptr.
1208  /// \since Crypto++ 2.0
1210  {
1211  // Swap must occur on the allocator in case its FixedSize that spilled into the heap.
1212  std::swap(m_alloc, b.m_alloc);
1213  std::swap(m_mark, b.m_mark);
1214  std::swap(m_size, b.m_size);
1215  std::swap(m_ptr, b.m_ptr);
1216  }
1217 
1218 protected:
1219  A m_alloc;
1220  size_type m_mark, m_size;
1221  T *m_ptr;
1222 };
1223 
1224 #ifdef CRYPTOPP_DOXYGEN_PROCESSING
1225 /// \brief \ref SecBlock "SecBlock<byte>" typedef.
1226 class SecByteBlock : public SecBlock<byte> {};
1227 /// \brief \ref SecBlock "SecBlock<word>" typedef.
1228 class SecWordBlock : public SecBlock<word> {};
1229 /// \brief SecBlock using \ref AllocatorWithCleanup "AllocatorWithCleanup<byte, true>" typedef
1230 class AlignedSecByteBlock : public SecBlock<byte, AllocatorWithCleanup<byte, true> > {};
1231 #else
1235 #endif
1236 
1237 // No need for move semantics on derived class *if* the class does not add any
1238 // data members; see http://stackoverflow.com/q/31755703, and Rule of {0|3|5}.
1239 
1240 /// \brief Fixed size stack-based SecBlock
1241 /// \tparam T class or type
1242 /// \tparam S fixed-size of the stack-based memory block, in elements
1243 /// \tparam A AllocatorBase derived class for allocation and cleanup
1244 template <class T, unsigned int S, class A = FixedSizeAllocatorWithCleanup<T, S> >
1245 class FixedSizeSecBlock : public SecBlock<T, A>
1246 {
1247 public:
1248  /// \brief Construct a FixedSizeSecBlock
1249  explicit FixedSizeSecBlock() : SecBlock<T, A>(S) {}
1250 };
1251 
1252 /// \brief Fixed size stack-based SecBlock with 16-byte alignment
1253 /// \tparam T class or type
1254 /// \tparam S fixed-size of the stack-based memory block, in elements
1255 /// \tparam T_Align16 boolean that determines whether allocations should be
1256 /// aligned on a 16-byte boundary
1257 template <class T, unsigned int S, bool T_Align16 = true>
1258 class FixedSizeAlignedSecBlock : public FixedSizeSecBlock<T, S, FixedSizeAllocatorWithCleanup<T, S, NullAllocator<T>, T_Align16> >
1259 {
1260 };
1261 
1262 /// \brief Stack-based SecBlock that grows into the heap
1263 /// \tparam T class or type
1264 /// \tparam S fixed-size of the stack-based memory block, in elements
1265 /// \tparam A AllocatorBase derived class for allocation and cleanup
1266 template <class T, unsigned int S, class A = FixedSizeAllocatorWithCleanup<T, S, AllocatorWithCleanup<T> > >
1267 class SecBlockWithHint : public SecBlock<T, A>
1268 {
1269 public:
1270  /// construct a SecBlockWithHint with a count of elements
1271  explicit SecBlockWithHint(size_t size) : SecBlock<T, A>(size) {}
1272 };
1273 
1274 template<class T, bool A, class V, bool B>
1275 inline bool operator==(const CryptoPP::AllocatorWithCleanup<T, A>&, const CryptoPP::AllocatorWithCleanup<V, B>&) {return (true);}
1276 template<class T, bool A, class V, bool B>
1277 inline bool operator!=(const CryptoPP::AllocatorWithCleanup<T, A>&, const CryptoPP::AllocatorWithCleanup<V, B>&) {return (false);}
1278 
1279 NAMESPACE_END
1280 
1281 NAMESPACE_BEGIN(std)
1282 
1283 /// \brief Swap two SecBlocks
1284 /// \tparam T class or type
1285 /// \tparam A AllocatorBase derived class for allocation and cleanup
1286 /// \param a the first SecBlock
1287 /// \param b the second SecBlock
1288 template <class T, class A>
1289 inline void swap(CryptoPP::SecBlock<T, A> &a, CryptoPP::SecBlock<T, A> &b)
1290 {
1291  a.swap(b);
1292 }
1293 
1294 #if defined(_STLP_DONT_SUPPORT_REBIND_MEMBER_TEMPLATE) || (defined(_STLPORT_VERSION) && !defined(_STLP_MEMBER_TEMPLATE_CLASSES))
1295 // working for STLport 5.1.3 and MSVC 6 SP5
1296 template <class _Tp1, class _Tp2>
1297 inline CryptoPP::AllocatorWithCleanup<_Tp2>&
1298 __stl_alloc_rebind(CryptoPP::AllocatorWithCleanup<_Tp1>& __a, const _Tp2*)
1299 {
1300  return (CryptoPP::AllocatorWithCleanup<_Tp2>&)(__a);
1301 }
1302 #endif
1303 
1304 NAMESPACE_END
1305 
1306 #if defined(CRYPTOPP_MSC_VERSION)
1307 # pragma warning(pop)
1308 #endif
1309 
1310 #endif
Functions for allocating aligned buffers.
CRYPTOPP_DLL void AlignedDeallocate(void *ptr)
Frees a buffer allocated with AlignedAllocate.
CRYPTOPP_DLL void * UnalignedAllocate(size_t size)
Allocates a buffer.
CRYPTOPP_DLL void UnalignedDeallocate(void *ptr)
Frees a buffer allocated with UnalignedAllocate.
CRYPTOPP_DLL void * AlignedAllocate(size_t size)
Allocates a buffer on 16-byte boundary.
bool operator==(const OID &lhs, const OID &rhs)
Compare two OIDs for equality.
bool operator!=(const OID &lhs, const OID &rhs)
Compare two OIDs for inequality.
SecBlock using AllocatorWithCleanup<byte, true> typedef.
Definition: secblock.h:1230
Base class for all allocators used by SecBlock.
Definition: secblock.h:30
void construct(V *ptr, Args &&... args)
Constructs a new V using variadic arguments.
Definition: secblock.h:91
static const size_type ELEMS_MAX
Returns the maximum number of elements the allocator can provide.
Definition: secblock.h:58
size_type max_size() const
Returns the maximum number of elements the allocator can provide.
Definition: secblock.h:73
void destroy(V *ptr)
Destroys an V constructed with variadic arguments.
Definition: secblock.h:98
Allocates a block of memory with cleanup.
Definition: secblock.h:188
pointer allocate(size_type size, const void *ptr=NULL)
Allocates a block of memory.
Definition: secblock.h:206
pointer reallocate(T *oldPtr, size_type oldSize, size_type newSize, bool preserve)
Reallocates a block of memory.
Definition: secblock.h:259
void deallocate(void *ptr, size_type size)
Deallocates a block of memory.
Definition: secblock.h:229
Fixed size stack-based SecBlock with 16-byte alignment.
Definition: secblock.h:1259
void deallocate(void *ptr, size_type size)
Deallocates a block of memory.
Definition: secblock.h:643
pointer allocate(size_type size)
Allocates a block of memory.
Definition: secblock.h:598
pointer reallocate(pointer oldPtr, size_type oldSize, size_type newSize, bool preserve)
Reallocates a block of memory.
Definition: secblock.h:682
pointer allocate(size_type size, const void *hint)
Allocates a block of memory.
Definition: secblock.h:624
pointer reallocate(pointer oldPtr, size_type oldSize, size_type newSize, bool preserve)
Reallocates a block of memory.
Definition: secblock.h:461
pointer allocate(size_type size, const void *hint)
Allocates a block of memory.
Definition: secblock.h:400
void deallocate(void *ptr, size_type size)
Deallocates a block of memory.
Definition: secblock.h:421
pointer allocate(size_type size)
Allocates a block of memory.
Definition: secblock.h:374
Static secure memory block with cleanup.
Definition: secblock.h:337
Fixed size stack-based SecBlock.
Definition: secblock.h:1246
FixedSizeSecBlock()
Construct a FixedSizeSecBlock.
Definition: secblock.h:1249
An invalid argument was detected.
Definition: cryptlib.h:208
NULL allocator.
Definition: secblock.h:299
Secure memory block with allocator and cleanup.
Definition: secblock.h:731
void Assign(size_type count, T value)
Set contents from a value.
Definition: secblock.h:913
iterator begin()
Provides an iterator pointing to the first element in the memory block.
Definition: secblock.h:836
const_iterator begin() const
Provides a constant iterator pointing to the first element in the memory block.
Definition: secblock.h:841
void Append(const T *ptr, size_type len)
Append contents from an array.
Definition: secblock.h:952
iterator end()
Provides an iterator pointing beyond the last element in the memory block.
Definition: secblock.h:846
SecBlock(const SecBlock< T, A > &t)
Copy construct a SecBlock from another SecBlock.
Definition: secblock.h:773
void CleanNew(size_type newSize)
Change size without preserving contents.
Definition: secblock.h:1143
void Assign(const SecBlock< T, A > &t)
Copy contents from another SecBlock.
Definition: secblock.h:928
void swap(SecBlock< T, A > &b)
Swap contents with another SecBlock.
Definition: secblock.h:1209
SecBlock(size_type size=0)
Construct a SecBlock with space for size elements.
Definition: secblock.h:766
A::pointer data()
Provides a pointer to the first element in the memory block.
Definition: secblock.h:857
SecBlock< T, A > operator+(const SecBlock< T, A > &t)
Construct a SecBlock from this and another SecBlock.
Definition: secblock.h:1073
void CleanGrow(size_type newSize)
Change size and preserve contents.
Definition: secblock.h:1179
byte * BytePtr()
Provides a byte pointer to the first element in the memory block.
Definition: secblock.h:876
const byte * BytePtr() const
Return a byte pointer to the first element in the memory block.
Definition: secblock.h:880
bool operator!=(const SecBlock< T, A > &t) const
Bitwise compare two SecBlocks.
Definition: secblock.h:1111
SecBlock(const T *ptr, size_type len)
Construct a SecBlock from an array of elements.
Definition: secblock.h:789
void Append(size_type count, T value)
Append contents from a value.
Definition: secblock.h:1004
bool operator==(const SecBlock< T, A > &t) const
Bitwise compare two SecBlocks.
Definition: secblock.h:1095
void Grow(size_type newSize)
Change size and preserve contents.
Definition: secblock.h:1160
void New(size_type newSize)
Change size without preserving contents.
Definition: secblock.h:1126
size_type SizeInBytes() const
Provides the number of bytes in the SecBlock.
Definition: secblock.h:885
void Append(const SecBlock< T, A > &t)
Append contents from another SecBlock.
Definition: secblock.h:973
void SetMark(size_t count)
Sets the number of elements to zeroize.
Definition: secblock.h:1037
void Assign(const T *ptr, size_type len)
Set contents and size from an array.
Definition: secblock.h:898
const_iterator end() const
Provides a constant iterator pointing beyond the last element in the memory block.
Definition: secblock.h:851
A::const_pointer data() const
Provides a pointer to the first element in the memory block.
Definition: secblock.h:861
bool empty() const
Determines if the SecBlock is empty.
Definition: secblock.h:871
SecBlock< T, A > & operator+=(const SecBlock< T, A > &t)
Append contents from another SecBlock.
Definition: secblock.h:1059
SecBlock< T, A > & operator=(const SecBlock< T, A > &t)
Assign contents from another SecBlock.
Definition: secblock.h:1047
size_type size() const
Provides the count of elements in the SecBlock.
Definition: secblock.h:867
void resize(size_type newSize)
Change size and preserve contents.
Definition: secblock.h:1198
Stack-based SecBlock that grows into the heap.
Definition: secblock.h:1268
SecBlockWithHint(size_t size)
construct a SecBlockWithHint with a count of elements
Definition: secblock.h:1271
SecBlock<byte> typedef.
Definition: secblock.h:1226
SecBlock<word> typedef.
Definition: secblock.h:1228
Library configuration file.
#define CRYPTOPP_DLL_TEMPLATE_CLASS
Instantiate templates in a dynamic library.
Definition: config_dll.h:72
Utility functions for the Crypto++ library.
void * memset_z(void *ptr, int val, size_t num)
Memory block initializer.
Definition: misc.h:640
#define SIZE_MAX
The maximum value of a machine word.
Definition: misc.h:120
void SecureWipeArray(T *buf, size_t n)
Sets each element of an array to 0.
Definition: misc.h:1700
void memcpy_s(void *dest, size_t sizeInBytes, const void *src, size_t count)
Bounds checking replacement for memcpy()
Definition: misc.h:527
bool IsAlignedOn(const void *ptr, unsigned int alignment)
Determines whether ptr is aligned to a minimum value.
Definition: misc.h:1436
const T & STDMIN(const T &a, const T &b)
Replacement function for std::min.
Definition: misc.h:657
void memmove_s(void *dest, size_t sizeInBytes, const void *src, size_t count)
Bounds checking replacement for memmove()
Definition: misc.h:573
const T & STDMAX(const T &a, const T &b)
Replacement function for std::max.
Definition: misc.h:668
CRYPTOPP_DLL bool VerifyBufsEqual(const byte *buf1, const byte *buf2, size_t count)
Performs a near constant-time comparison of two equally sized buffers.
Crypto++ library namespace.
A::pointer StandardReallocate(A &alloc, T *oldPtr, typename A::size_type oldSize, typename A::size_type newSize, bool preserve)
Reallocation function.
Definition: secblock.h:149
void swap(::SecBlock< T, A > &a, ::SecBlock< T, A > &b)
Swap two SecBlocks.
Definition: secblock.h:1289
Common C++ header files.
Template class member Rebind.
Definition: secblock.h:272
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
Definition: trap.h:68