crypto/mem.c

   1 /*
   2  * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include "internal/e_os.h"
  11 #include "internal/cryptlib.h"
  12 #include "crypto/cryptlib.h"
  13 #include <stdio.h>
  14 #include <stdlib.h>
  15 #include <limits.h>
  16 #include <openssl/crypto.h>
  17
  18 /*
  19  * the following pointers may be changed as long as 'allow_customize' is set
  20  */
  21 static int allow_customize = 1;
  22 static CRYPTO_malloc_fn malloc_impl = CRYPTO_malloc;
  23 static CRYPTO_realloc_fn realloc_impl = CRYPTO_realloc;
  24 static CRYPTO_free_fn free_impl = CRYPTO_free;
  25
  26 #if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODULE)
  27 # include "internal/tsan_assist.h"
  28
  29 # ifdef TSAN_REQUIRES_LOCKING
  30 #  define INCREMENT(x) /* empty */
  31 #  define LOAD(x) 0
  32 # else  /* TSAN_REQUIRES_LOCKING */
  33 static TSAN_QUALIFIER int malloc_count;
  34 static TSAN_QUALIFIER int realloc_count;
  35 static TSAN_QUALIFIER int free_count;
  36
  37 #  define INCREMENT(x) tsan_counter(&(x))
  38 #  define LOAD(x)      tsan_load(&x)
  39 # endif /* TSAN_REQUIRES_LOCKING */
  40
  41 static char *md_failstring;
  42 static long md_count;
  43 static int md_fail_percent = 0;
  44 static int md_tracefd = -1;
  45
  46 static void parseit(void);
  47 static int shouldfail(void);
  48
  49 # define FAILTEST() if (shouldfail()) return NULL
  50
  51 #else
  52
  53 # define INCREMENT(x) /* empty */
  54 # define FAILTEST() /* empty */
  55 #endif
  56
  57 int CRYPTO_set_mem_functions(CRYPTO_malloc_fn malloc_fn,
  58                              CRYPTO_realloc_fn realloc_fn,
  59                              CRYPTO_free_fn free_fn)
  60 {
  61     if (!allow_customize)
  62         return 0;
  63     if (malloc_fn != NULL)
  64         malloc_impl = malloc_fn;
  65     if (realloc_fn != NULL)
  66         realloc_impl = realloc_fn;
  67     if (free_fn != NULL)
  68         free_impl = free_fn;
  69     return 1;
  70 }
  71
  72 void CRYPTO_get_mem_functions(CRYPTO_malloc_fn *malloc_fn,
  73                               CRYPTO_realloc_fn *realloc_fn,
  74                               CRYPTO_free_fn *free_fn)
  75 {
  76     if (malloc_fn != NULL)
  77         *malloc_fn = malloc_impl;
  78     if (realloc_fn != NULL)
  79         *realloc_fn = realloc_impl;
  80     if (free_fn != NULL)
  81         *free_fn = free_impl;
  82 }
  83
  84 #if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODULE)
  85 void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount)
  86 {
  87     if (mcount != NULL)
  88         *mcount = LOAD(malloc_count);
  89     if (rcount != NULL)
  90         *rcount = LOAD(realloc_count);
  91     if (fcount != NULL)
  92         *fcount = LOAD(free_count);
  93 }
  94
  95 /*
  96  * Parse a "malloc failure spec" string.  This likes like a set of fields
  97  * separated by semicolons.  Each field has a count and an optional failure
  98  * percentage.  For example:
  99  *          100@0;100@25;0@0
 100  *    or    100;100@25;0
 101  * This means 100 mallocs succeed, then next 100 fail 25% of the time, and
 102  * all remaining (count is zero) succeed.
 103  * The failure percentge can have 2 digits after the comma.  For example:
 104  *          0@0.01
 105  * This means 0.01% of all allocations will fail.
 106  */
 107 static void parseit(void)
 108 {
 109     char *semi = strchr(md_failstring, ';');
 110     char *atsign;
 111
 112     if (semi != NULL)
 113         *semi++ = '\0';
 114
 115     /* Get the count (atol will stop at the @ if there), and percentage */
 116     md_count = atol(md_failstring);
 117     atsign = strchr(md_failstring, '@');
 118     md_fail_percent = atsign == NULL ? 0 : (int)(atof(atsign + 1) * 100 + 0.5);
 119
 120     if (semi != NULL)
 121         md_failstring = semi;
 122 }
 123
 124 /*
 125  * Windows doesn't have random() and srandom(), but it has rand() and srand().
 126  * Some rand() implementations aren't good, but we're not
 127  * dealing with secure randomness here.
 128  */
 129 # ifdef _WIN32
 130 #  define random() rand()
 131 #  define srandom(seed) srand(seed)
 132 # endif
 133 /*
 134  * See if the current malloc should fail.
 135  */
 136 static int shouldfail(void)
 137 {
 138     int roll = (int)(random() % 10000);
 139     int shoulditfail = roll < md_fail_percent;
 140 # ifndef _WIN32
 141 /* suppressed on Windows as POSIX-like file descriptors are non-inheritable */
 142     int len;
 143     char buff[80];
 144
 145     if (md_tracefd > 0) {
 146         BIO_snprintf(buff, sizeof(buff),
 147                      "%c C%ld %%%d R%d\n",
 148                      shoulditfail ? '-' : '+', md_count, md_fail_percent, roll);
 149         len = strlen(buff);
 150         if (write(md_tracefd, buff, len) != len)
 151             perror("shouldfail write failed");
 152     }
 153 # endif
 154
 155     if (md_count) {
 156         /* If we used up this one, go to the next. */
 157         if (--md_count == 0)
 158             parseit();
 159     }
 160
 161     return shoulditfail;
 162 }
 163
 164 void ossl_malloc_setup_failures(void)
 165 {
 166     const char *cp = getenv("OPENSSL_MALLOC_FAILURES");
 167
 168     if (cp != NULL && (md_failstring = strdup(cp)) != NULL)
 169         parseit();
 170     if ((cp = getenv("OPENSSL_MALLOC_FD")) != NULL)
 171         md_tracefd = atoi(cp);
 172     if ((cp = getenv("OPENSSL_MALLOC_SEED")) != NULL)
 173         srandom(atoi(cp));
 174 }
 175 #endif
 176
 177 void *CRYPTO_malloc(size_t num, const char *file, int line)
 178 {
 179     void *ptr;
 180
 181     INCREMENT(malloc_count);
 182     if (malloc_impl != CRYPTO_malloc) {
 183         ptr = malloc_impl(num, file, line);
 184         if (ptr != NULL || num == 0)
 185             return ptr;
 186         goto err;
 187     }
 188
 189     if (num == 0)
 190         return NULL;
 191
 192     FAILTEST();
 193     if (allow_customize) {
 194         /*
 195          * Disallow customization after the first allocation. We only set this
 196          * if necessary to avoid a store to the same cache line on every
 197          * allocation.
 198          */
 199         allow_customize = 0;
 200     }
 201
 202     ptr = malloc(num);
 203     if (ptr != NULL)
 204         return ptr;
 205  err:
 206     /*
 207      * ossl_err_get_state_int() in err.c uses CRYPTO_zalloc(num, NULL, 0) for
 208      * ERR_STATE allocation. Prevent mem alloc error loop while reporting error.
 209      */
 210     if (file != NULL || line != 0) {
 211         ERR_new();
 212         ERR_set_debug(file, line, NULL);
 213         ERR_set_error(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE, NULL);
 214     }
 215     return NULL;
 216 }
 217
 218 void *CRYPTO_zalloc(size_t num, const char *file, int line)
 219 {
 220     void *ret;
 221
 222     ret = CRYPTO_malloc(num, file, line);
 223     if (ret != NULL)
 224         memset(ret, 0, num);
 225
 226     return ret;
 227 }
 228
 229 void *CRYPTO_aligned_alloc(size_t num, size_t alignment, void **freeptr,
 230                            const char *file, int line)
 231 {
 232     void *ret;
 233
 234     *freeptr = NULL;
 235
 236 #if defined(OPENSSL_SMALL_FOOTPRINT)
 237     ret = freeptr = NULL;
 238     return ret;
 239 #endif
 240
 241 #if defined (_BSD_SOURCE) || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L)
 242     if (posix_memalign(&ret, alignment, num))
 243         return NULL;
 244     *freeptr = ret;
 245     return ret;
 246 #elif defined(_ISOC11_SOURCE)
 247     ret = *freeptr =  aligned_alloc(alignment, num);
 248     return ret;
 249 #else
 250     /* we have to do this the hard way */
 251
 252     /*
 253      * Note: Windows supports an _aligned_malloc call, but we choose
 254      * not to use it here, because allocations from that function
 255      * require that they be freed via _aligned_free.  Given that
 256      * we can't differentiate plain malloc blocks from blocks obtained
 257      * via _aligned_malloc, just avoid its use entirely
 258      */
 259
 260     /*
 261      * Step 1: Allocate an amount of memory that is <alignment>
 262      * bytes bigger than requested
 263      */
 264     *freeptr = malloc(num + alignment);
 265     if (*freeptr == NULL)
 266         return NULL;
 267
 268     /*
 269      * Step 2: Add <alignment - 1> bytes to the pointer
 270      * This will cross the alignment boundary that is
 271      * requested
 272      */
 273     ret = (void *)((char *)*freeptr + (alignment - 1));
 274
 275     /*
 276      * Step 3: Use the alignment as a mask to translate the
 277      * least significant bits of the allocation at the alignment
 278      * boundary to 0.  ret now holds a pointer to the memory
 279      * buffer at the requested alignment
 280      * NOTE: It is a documented requirement that alignment be a
 281      * power of 2, which is what allows this to work
 282      */
 283     ret = (void *)((uintptr_t)ret & (uintptr_t)(~(alignment - 1)));
 284     return ret;
 285 #endif
 286 }
 287
 288 void *CRYPTO_realloc(void *str, size_t num, const char *file, int line)
 289 {
 290     INCREMENT(realloc_count);
 291     if (realloc_impl != CRYPTO_realloc)
 292         return realloc_impl(str, num, file, line);
 293
 294     if (str == NULL)
 295         return CRYPTO_malloc(num, file, line);
 296
 297     if (num == 0) {
 298         CRYPTO_free(str, file, line);
 299         return NULL;
 300     }
 301
 302     FAILTEST();
 303     return realloc(str, num);
 304 }
 305
 306 void *CRYPTO_clear_realloc(void *str, size_t old_len, size_t num,
 307                            const char *file, int line)
 308 {
 309     void *ret = NULL;
 310
 311     if (str == NULL)
 312         return CRYPTO_malloc(num, file, line);
 313
 314     if (num == 0) {
 315         CRYPTO_clear_free(str, old_len, file, line);
 316         return NULL;
 317     }
 318
 319     /* Can't shrink the buffer since memcpy below copies |old_len| bytes. */
 320     if (num < old_len) {
 321         OPENSSL_cleanse((char*)str + num, old_len - num);
 322         return str;
 323     }
 324
 325     ret = CRYPTO_malloc(num, file, line);
 326     if (ret != NULL) {
 327         memcpy(ret, str, old_len);
 328         CRYPTO_clear_free(str, old_len, file, line);
 329     }
 330     return ret;
 331 }
 332
 333 void CRYPTO_free(void *str, const char *file, int line)
 334 {
 335     INCREMENT(free_count);
 336     if (free_impl != CRYPTO_free) {
 337         free_impl(str, file, line);
 338         return;
 339     }
 340
 341     free(str);
 342 }
 343
 344 void CRYPTO_clear_free(void *str, size_t num, const char *file, int line)
 345 {
 346     if (str == NULL)
 347         return;
 348     if (num)
 349         OPENSSL_cleanse(str, num);
 350     CRYPTO_free(str, file, line);
 351 }
 352
 353 #if !defined(OPENSSL_NO_CRYPTO_MDEBUG)
 354
 355 # ifndef OPENSSL_NO_DEPRECATED_3_0
 356 int CRYPTO_mem_ctrl(int mode)
 357 {
 358     (void)mode;
 359     return -1;
 360 }
 361
 362 int CRYPTO_set_mem_debug(int flag)
 363 {
 364     (void)flag;
 365     return -1;
 366 }
 367
 368 int CRYPTO_mem_debug_push(const char *info, const char *file, int line)
 369 {
 370     (void)info; (void)file; (void)line;
 371     return 0;
 372 }
 373
 374 int CRYPTO_mem_debug_pop(void)
 375 {
 376     return 0;
 377 }
 378
 379 void CRYPTO_mem_debug_malloc(void *addr, size_t num, int flag,
 380                              const char *file, int line)
 381 {
 382     (void)addr; (void)num; (void)flag; (void)file; (void)line;
 383 }
 384
 385 void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num, int flag,
 386                               const char *file, int line)
 387 {
 388     (void)addr1; (void)addr2; (void)num; (void)flag; (void)file; (void)line;
 389 }
 390
 391 void CRYPTO_mem_debug_free(void *addr, int flag,
 392                            const char *file, int line)
 393 {
 394     (void)addr; (void)flag; (void)file; (void)line;
 395 }
 396
 397 int CRYPTO_mem_leaks(BIO *b)
 398 {
 399     (void)b;
 400     return -1;
 401 }
 402
 403 #  ifndef OPENSSL_NO_STDIO
 404 int CRYPTO_mem_leaks_fp(FILE *fp)
 405 {
 406     (void)fp;
 407     return -1;
 408 }
 409 #  endif
 410
 411 int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u),
 412                         void *u)
 413 {
 414     (void)cb; (void)u;
 415     return -1;
 416 }
 417
 418 # endif
 419
 420 #endif