/* stdmem.c  -	private memory allocator
 * Copyright (C) 1998, 2000, 2002, 2005, 2008 Free Software Foundation, Inc.
 *
 * This file is part of Libgcrypt.
 *
 * Libgcrypt is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Lesser general Public License as
 * published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * Libgcrypt is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this program; if not, see <http://www.gnu.org/licenses/>.
 */

/*
 * Description of the layered memory management in Libgcrypt:
 *
 *                                  [User]
 *                                    |
 *                                    |
 *                                   \ /
 *                   global.c: [MM entrance points]   -----> [user callbacks]
 *                               |          |    
 *                               |          |    
 *                              \ /        \ /
 *
 *      stdmem.c: [non-secure handlers] [secure handlers]
 *
 *                               |         |
 *                               |         |
 *                              \ /       \ /
 *
 *                  stdmem.c: [ memory guard ]
 *
 *                               |         |
 *                               |         |
 *                              \ /       \ /
 *
 *           libc: [ MM functions ]     secmem.c: [ secure MM functions]
 */

#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdarg.h>

#include "g10lib.h"
#include "stdmem.h"
#include "secmem.h"



#define MAGIC_NOR_BYTE 0x55
#define MAGIC_SEC_BYTE 0xcc
#define MAGIC_END_BYTE 0xaa

#if SIZEOF_UNSIGNED_LONG == 8
#define EXTRA_ALIGN 4
#else
#define EXTRA_ALIGN 0
#endif


static int use_m_guard = 0;

/****************
 * Warning: Never use this function after any of the functions
 * here have been used.
 */
void
_gcry_private_enable_m_guard (void)
{
  use_m_guard = 1;
}


/*
 * Allocate memory of size n.
 * Return NULL if we are out of memory.
 */
void *
_gcry_private_malloc (size_t n)
{
  if (!n) 
    return NULL; /* Allocating 0 bytes is undefined - we better return
                    an error to detect such coding errors.  */
  if (use_m_guard) 
    {
      char *p;
      
      if ( !(p = malloc (n + EXTRA_ALIGN+5)) )
        return NULL;
      ((byte*)p)[EXTRA_ALIGN+0] = n;
      ((byte*)p)[EXTRA_ALIGN+1] = n >> 8 ;
      ((byte*)p)[EXTRA_ALIGN+2] = n >> 16 ;
      ((byte*)p)[EXTRA_ALIGN+3] = MAGIC_NOR_BYTE;
      p[4+EXTRA_ALIGN+n] = MAGIC_END_BYTE;
      return p+EXTRA_ALIGN+4;
    }
  else 
    {
      return malloc( n );
    }
}


/*
 * Allocate memory of size N from the secure memory pool.  Return NULL
 * if we are out of memory.
 */
void *
_gcry_private_malloc_secure (size_t n)
{
  if (!n) 
    return NULL; /* Allocating 0 bytes is undefined - better return an
                    error to detect such coding errors.  */
  if (use_m_guard) 
    {
      char *p;
      
      if ( !(p = _gcry_secmem_malloc (n +EXTRA_ALIGN+ 5)) )
        return NULL;
      ((byte*)p)[EXTRA_ALIGN+0] = n;
      ((byte*)p)[EXTRA_ALIGN+1] = n >> 8 ;
      ((byte*)p)[EXTRA_ALIGN+2] = n >> 16 ;
      ((byte*)p)[EXTRA_ALIGN+3] = MAGIC_SEC_BYTE;
      p[4+EXTRA_ALIGN+n] = MAGIC_END_BYTE;
      return p+EXTRA_ALIGN+4;
    }
  else
    {
      return _gcry_secmem_malloc( n );
    }
}


/*
 * Realloc and clear the old space
 * Return NULL if there is not enough memory.
 */
void *
_gcry_private_realloc ( void *a, size_t n )
{
  if (use_m_guard)
    {
      unsigned char *p = a;
      char *b;
      size_t len;
      
      if (!a)
        return _gcry_private_malloc(n);
        
      _gcry_private_check_heap(p);
      len  = p[-4];
      len |= p[-3] << 8;
      len |= p[-2] << 16;
      if ( len >= n ) /* We don't shrink for now. */
        return a;
      if (p[-1] == MAGIC_SEC_BYTE)
        b = _gcry_private_malloc_secure(n);
      else
        b = _gcry_private_malloc(n);
      if (!b)
        return NULL;
      memcpy (b, a, len);
      memset (b+len, 0, n-len);
      _gcry_private_free (p);
      return b;
    }
  else if ( _gcry_private_is_secure(a) )
    {
      return _gcry_secmem_realloc( a, n );
    }
  else
    {
      return realloc( a, n );
    }
}


void
_gcry_private_check_heap (const void *a)
{
  if (use_m_guard)
    {
      const byte *p = a;
      size_t len;
      
      if (!p)
        return;
      
      if ( !(p[-1] == MAGIC_NOR_BYTE || p[-1] == MAGIC_SEC_BYTE) )
        _gcry_log_fatal ("memory at %p corrupted (underflow=%02x)\n", p, p[-1]);
      len  = p[-4];
      len |= p[-3] << 8;
      len |= p[-2] << 16;
      if ( p[len] != MAGIC_END_BYTE )
        _gcry_log_fatal ("memory at %p corrupted (overflow=%02x)\n", p, p[-1]);
    }
}


/*
 * Free a memory block allocated by this or the secmem module
 */
void
_gcry_private_free (void *a)
{
  unsigned char *p = a;

  if (!p)
    return;
  if (use_m_guard )
    {
      _gcry_private_check_heap(p);
      if ( _gcry_private_is_secure(a) )
        _gcry_secmem_free(p-EXTRA_ALIGN-4);
      else
        {
          free(p-EXTRA_ALIGN-4);
	}
    }
  else if ( _gcry_private_is_secure(a) )
    _gcry_secmem_free(p);
  else
    free(p);
}