diff options
Diffstat (limited to 'src/libsodium/include/sodium/utils.h')
-rw-r--r-- | src/libsodium/include/sodium/utils.h | 57 |
1 files changed, 54 insertions, 3 deletions
diff --git a/src/libsodium/include/sodium/utils.h b/src/libsodium/include/sodium/utils.h index 817919b..1ac78eb 100644 --- a/src/libsodium/include/sodium/utils.h +++ b/src/libsodium/include/sodium/utils.h @@ -16,12 +16,14 @@ extern "C" { # define _SODIUM_C99(X) X #endif -unsigned char *_sodium_alignedcalloc(unsigned char ** const unaligned_p, - const size_t len); - SODIUM_EXPORT void sodium_memzero(void * const pnt, const size_t len); +/* WARNING: sodium_memcmp() must be used to verify if two secret keys + * are equal, in constant time. + * It returns 0 if the keys are equal, and -1 if they differ. + * This function is not designed for lexicographical comparisons. + */ SODIUM_EXPORT int sodium_memcmp(const void * const b1_, const void * const b2_, size_t len); @@ -41,6 +43,55 @@ int sodium_mlock(void * const addr, const size_t len); SODIUM_EXPORT int sodium_munlock(void * const addr, const size_t len); +/* WARNING: sodium_malloc() and sodium_allocarray() are not general-purpose + * allocation functions. + * + * They return a pointer to a region filled with 0xd0 bytes, immediately + * followed by a guard page. + * As a result, accessing a single byte after the requested allocation size + * will intentionally trigger a segmentation fault. + * + * A canary and an additional guard page placed before the beginning of the + * region may also kill the process if a buffer underflow is detected. + * + * The memory layout is: + * [unprotected region size (read only)][guard page (no access)][unprotected pages (read/write)][guard page (no access)] + * With the layout of the unprotected pages being: + * [optional padding][16-bytes canary][user region] + * + * However: + * - These functions are significantly slower than standard functions + * - Each allocation requires 3 or 4 additional pages + * - The returned address will not be aligned if the allocation size is not + * a multiple of the required alignment. For this reason, these functions + * are designed to store data, such as secret keys and messages. + * They should not be used to store pointers mixed with other types + * in portable code unless extreme care is taken to ensure correct + * pointers alignment. + */ + +SODIUM_EXPORT +void *sodium_malloc(const size_t size); + +SODIUM_EXPORT +void *sodium_allocarray(size_t count, size_t size); + +SODIUM_EXPORT +void sodium_free(void *ptr); + +SODIUM_EXPORT +int sodium_mprotect_noaccess(void *ptr); + +SODIUM_EXPORT +int sodium_mprotect_readonly(void *ptr); + +SODIUM_EXPORT +int sodium_mprotect_readwrite(void *ptr); + +/* -------- */ + +int _sodium_alloc_init(void); + #ifdef __cplusplus } #endif |