diff options
author | wiktorg <wiktorg@google.com> | 2023-06-28 06:16:08 -0700 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2023-06-28 06:17:26 -0700 |
commit | 053b5b8c4214ec379daac2cc2bf208c51cc1cd66 (patch) | |
tree | de881b38e3bafaea273d569726d673e13fe74cc3 /cc/util | |
parent | 93a05b738674b994c4a739634f33d27dcef5818d (diff) | |
download | tink-053b5b8c4214ec379daac2cc2bf208c51cc1cd66.tar.gz |
util/SecretData code cleanup
PiperOrigin-RevId: 544037037
Diffstat (limited to 'cc/util')
-rw-r--r-- | cc/util/BUILD.bazel | 2 | ||||
-rw-r--r-- | cc/util/CMakeLists.txt | 4 | ||||
-rw-r--r-- | cc/util/secret_data.h | 11 | ||||
-rw-r--r-- | cc/util/secret_data_internal.h | 57 |
4 files changed, 38 insertions, 36 deletions
diff --git a/cc/util/BUILD.bazel b/cc/util/BUILD.bazel index 55845211c..f92575e69 100644 --- a/cc/util/BUILD.bazel +++ b/cc/util/BUILD.bazel @@ -28,8 +28,10 @@ cc_library( name = "secret_data_internal", hdrs = ["secret_data_internal.h"], include_prefix = "tink/util", + visibility = ["//visibility:private"], deps = [ "@boringssl//:crypto", + "@com_google_absl//absl/base:config", "@com_google_absl//absl/base:core_headers", ], ) diff --git a/cc/util/CMakeLists.txt b/cc/util/CMakeLists.txt index c2e5ef509..c90623012 100644 --- a/cc/util/CMakeLists.txt +++ b/cc/util/CMakeLists.txt @@ -438,8 +438,8 @@ tink_cc_library( SRCS secret_data_internal.h DEPS - absl::strings - absl::base + absl::config + absl::core_headers crypto ) diff --git a/cc/util/secret_data.h b/cc/util/secret_data.h index 213b699aa..54ce23423 100644 --- a/cc/util/secret_data.h +++ b/cc/util/secret_data.h @@ -28,6 +28,17 @@ namespace crypto { namespace tink { namespace util { +namespace internal { + +template <typename T> +struct SanitizingDeleter { + void operator()(T* ptr) { + ptr->~T(); // Invoke destructor. Must do this before sanitize. + SanitizingAllocator<T>().deallocate(ptr, 1); + } +}; + +} // namespace internal // Stores secret (sensitive) data and makes sure it's marked as such and // destroyed in a safe way. diff --git a/cc/util/secret_data_internal.h b/cc/util/secret_data_internal.h index ddcacd5d0..7d88b9341 100644 --- a/cc/util/secret_data_internal.h +++ b/cc/util/secret_data_internal.h @@ -18,7 +18,8 @@ #define TINK_UTIL_SECRET_DATA_INTERNAL_H_ #include <cstddef> -#include <memory> +#include <cstdlib> +#include <limits> #include <new> #include "absl/base/attributes.h" @@ -30,15 +31,12 @@ namespace tink { namespace util { namespace internal { -// placeholder for sanitization_functions, please ignore inline void SafeZeroMemory(void* ptr, std::size_t size) { OPENSSL_cleanse(ptr, size); } template <typename T> -struct SanitizingAllocator { - typedef T value_type; - +struct SanitizingAllocatorImpl { // If aligned operator new is not supported this only supports under aligned // types. #ifndef __cpp_aligned_new @@ -47,12 +45,7 @@ struct SanitizingAllocator { "before C++17"); #endif - SanitizingAllocator() = default; - template <class U> - explicit constexpr SanitizingAllocator( - const SanitizingAllocator<U>&) noexcept {} - - ABSL_MUST_USE_RESULT T* allocate(std::size_t n) { + static T* allocate(std::size_t n) { if (n > std::numeric_limits<std::size_t>::max() / sizeof(T)) { #ifdef ABSL_HAVE_EXCEPTIONS throw std::bad_array_new_length(); @@ -62,14 +55,13 @@ struct SanitizingAllocator { } std::size_t size = n * sizeof(T); #ifdef __cpp_aligned_new - void* result = ::operator new(size, std::align_val_t(alignof(T))); + return static_cast<T*>(::operator new(size, std::align_val_t(alignof(T)))); #else - void* result = ::operator new(size); + return static_cast<T*>(::operator new(size)); #endif - return static_cast<T*>(result); } - void deallocate(T* ptr, std::size_t n) noexcept { + static void deallocate(void* ptr, std::size_t n) { SafeZeroMemory(ptr, n * sizeof(T)); #ifdef __cpp_aligned_new ::operator delete(ptr, std::align_val_t(alignof(T))); @@ -77,42 +69,39 @@ struct SanitizingAllocator { ::operator delete(ptr); #endif } - - // Allocator requirements mandate definition of eq and neq operators - bool operator==(const SanitizingAllocator&) { return true; } - bool operator!=(const SanitizingAllocator&) { return false; } }; // Specialization for malloc-like aligned storage. template <> -struct SanitizingAllocator<void> { - typedef void value_type; +struct SanitizingAllocatorImpl<void> { + static void* allocate(std::size_t n) { return std::malloc(n); } + static void deallocate(void* ptr, std::size_t n) { + SafeZeroMemory(ptr, n); + return std::free(ptr); + } +}; + +template <typename T> +struct SanitizingAllocator { + typedef T value_type; SanitizingAllocator() = default; template <class U> explicit constexpr SanitizingAllocator( const SanitizingAllocator<U>&) noexcept {} - ABSL_MUST_USE_RESULT void* allocate(std::size_t n) { return std::malloc(n); } + ABSL_MUST_USE_RESULT T* allocate(std::size_t n) { + return SanitizingAllocatorImpl<T>::allocate(n); + } - void deallocate(void* ptr, std::size_t n) noexcept { - SafeZeroMemory(ptr, n); - std::free(ptr); + void deallocate(T* ptr, std::size_t n) noexcept { + SanitizingAllocatorImpl<T>::deallocate(ptr, n); } // Allocator requirements mandate definition of eq and neq operators bool operator==(const SanitizingAllocator&) { return true; } bool operator!=(const SanitizingAllocator&) { return false; } }; -// placeholder 2 for sanitization_functions, please ignore - -template <typename T> -struct SanitizingDeleter { - void operator()(T* ptr) { - ptr->~T(); // Invoke destructor. Must do this before sanitize. - SanitizingAllocator<T>().deallocate(ptr, 1); - } -}; } // namespace internal } // namespace util |