]>
Commit | Line | Data |
---|---|---|
4f22f405 | 1 | /* |
da1c088f | 2 | * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. |
d02b48c6 | 3 | * |
0e9725bc | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
4f22f405 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
d02b48c6 RE |
8 | */ |
9 | ||
d5f9166b | 10 | #include "internal/e_os.h" |
07016a8a | 11 | #include "internal/cryptlib.h" |
25f2138b | 12 | #include "crypto/cryptlib.h" |
d02b48c6 RE |
13 | #include <stdio.h> |
14 | #include <stdlib.h> | |
bbd86bf5 | 15 | #include <limits.h> |
458cddc1 | 16 | #include <openssl/crypto.h> |
d02b48c6 | 17 | |
0f113f3e MC |
18 | /* |
19 | * the following pointers may be changed as long as 'allow_customize' is set | |
20 | */ | |
bbd86bf5 | 21 | static int allow_customize = 1; |
f4dcc09b DG |
22 | static CRYPTO_malloc_fn malloc_impl = CRYPTO_malloc; |
23 | static CRYPTO_realloc_fn realloc_impl = CRYPTO_realloc; | |
24 | static CRYPTO_free_fn free_impl = CRYPTO_free; | |
74924dcb | 25 | |
f844f9eb | 26 | #if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODULE) |
8f154985 | 27 | # include "internal/tsan_assist.h" |
0e598a3d | 28 | |
5c41cee2 P |
29 | # ifdef TSAN_REQUIRES_LOCKING |
30 | # define INCREMENT(x) /* empty */ | |
31 | # define LOAD(x) 0 | |
32 | # else /* TSAN_REQUIRES_LOCKING */ | |
8f154985 AP |
33 | static TSAN_QUALIFIER int malloc_count; |
34 | static TSAN_QUALIFIER int realloc_count; | |
35 | static TSAN_QUALIFIER int free_count; | |
36 | ||
5c41cee2 P |
37 | # define INCREMENT(x) tsan_counter(&(x)) |
38 | # define LOAD(x) tsan_load(&x) | |
39 | # endif /* TSAN_REQUIRES_LOCKING */ | |
0e598a3d | 40 | |
f7edeced RS |
41 | static char *md_failstring; |
42 | static long md_count; | |
50718243 | 43 | static int md_fail_percent = 0; |
f7edeced | 44 | static int md_tracefd = -1; |
f7edeced RS |
45 | |
46 | static void parseit(void); | |
47 | static int shouldfail(void); | |
48 | ||
49 | # define FAILTEST() if (shouldfail()) return NULL | |
50 | ||
f3a2a044 | 51 | #else |
f7edeced | 52 | |
0e598a3d | 53 | # define INCREMENT(x) /* empty */ |
f7edeced | 54 | # define FAILTEST() /* empty */ |
f3a2a044 | 55 | #endif |
9ac42ed8 | 56 | |
f4dcc09b DG |
57 | int CRYPTO_set_mem_functions(CRYPTO_malloc_fn malloc_fn, |
58 | CRYPTO_realloc_fn realloc_fn, | |
59 | CRYPTO_free_fn free_fn) | |
74924dcb | 60 | { |
74924dcb RS |
61 | if (!allow_customize) |
62 | return 0; | |
f4dcc09b DG |
63 | if (malloc_fn != NULL) |
64 | malloc_impl = malloc_fn; | |
65 | if (realloc_fn != NULL) | |
66 | realloc_impl = realloc_fn; | |
67 | if (free_fn != NULL) | |
68 | free_impl = free_fn; | |
74924dcb RS |
69 | return 1; |
70 | } | |
71 | ||
f4dcc09b DG |
72 | void CRYPTO_get_mem_functions(CRYPTO_malloc_fn *malloc_fn, |
73 | CRYPTO_realloc_fn *realloc_fn, | |
74 | CRYPTO_free_fn *free_fn) | |
0f113f3e | 75 | { |
f4dcc09b DG |
76 | if (malloc_fn != NULL) |
77 | *malloc_fn = malloc_impl; | |
78 | if (realloc_fn != NULL) | |
79 | *realloc_fn = realloc_impl; | |
80 | if (free_fn != NULL) | |
81 | *free_fn = free_impl; | |
0f113f3e | 82 | } |
d02b48c6 | 83 | |
f844f9eb | 84 | #if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODULE) |
0e598a3d RS |
85 | void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount) |
86 | { | |
87 | if (mcount != NULL) | |
5c41cee2 | 88 | *mcount = LOAD(malloc_count); |
0e598a3d | 89 | if (rcount != NULL) |
5c41cee2 | 90 | *rcount = LOAD(realloc_count); |
0e598a3d | 91 | if (fcount != NULL) |
5c41cee2 | 92 | *fcount = LOAD(free_count); |
0e598a3d RS |
93 | } |
94 | ||
f7edeced RS |
95 | /* |
96 | * Parse a "malloc failure spec" string. This likes like a set of fields | |
97 | * separated by semicolons. Each field has a count and an optional failure | |
98 | * percentage. For example: | |
50718243 RS |
99 | * 100@0;100@25;0@0 |
100 | * or 100;100@25;0 | |
f7edeced RS |
101 | * This means 100 mallocs succeed, then next 100 fail 25% of the time, and |
102 | * all remaining (count is zero) succeed. | |
3df5736c BE |
103 | * The failure percentge can have 2 digits after the comma. For example: |
104 | * 0@0.01 | |
105 | * This means 0.01% of all allocations will fail. | |
f7edeced RS |
106 | */ |
107 | static void parseit(void) | |
108 | { | |
109 | char *semi = strchr(md_failstring, ';'); | |
110 | char *atsign; | |
111 | ||
112 | if (semi != NULL) | |
113 | *semi++ = '\0'; | |
114 | ||
115 | /* Get the count (atol will stop at the @ if there), and percentage */ | |
116 | md_count = atol(md_failstring); | |
117 | atsign = strchr(md_failstring, '@'); | |
3df5736c | 118 | md_fail_percent = atsign == NULL ? 0 : (int)(atof(atsign + 1) * 100 + 0.5); |
f7edeced RS |
119 | |
120 | if (semi != NULL) | |
121 | md_failstring = semi; | |
122 | } | |
123 | ||
afe9bba7 | 124 | /* |
3b107b86 | 125 | * Windows doesn't have random() and srandom(), but it has rand() and srand(). |
afe9bba7 RL |
126 | * Some rand() implementations aren't good, but we're not |
127 | * dealing with secure randomness here. | |
128 | */ | |
ab307dc6 DO |
129 | # ifdef _WIN32 |
130 | # define random() rand() | |
3b107b86 | 131 | # define srandom(seed) srand(seed) |
ab307dc6 | 132 | # endif |
f7edeced RS |
133 | /* |
134 | * See if the current malloc should fail. | |
135 | */ | |
136 | static int shouldfail(void) | |
137 | { | |
3df5736c | 138 | int roll = (int)(random() % 10000); |
d2b53fcd | 139 | int shoulditfail = roll < md_fail_percent; |
ab307dc6 DO |
140 | # ifndef _WIN32 |
141 | /* suppressed on Windows as POSIX-like file descriptors are non-inheritable */ | |
43a0449f | 142 | int len; |
f7edeced RS |
143 | char buff[80]; |
144 | ||
145 | if (md_tracefd > 0) { | |
146 | BIO_snprintf(buff, sizeof(buff), | |
147 | "%c C%ld %%%d R%d\n", | |
d2b53fcd | 148 | shoulditfail ? '-' : '+', md_count, md_fail_percent, roll); |
43a0449f P |
149 | len = strlen(buff); |
150 | if (write(md_tracefd, buff, len) != len) | |
151 | perror("shouldfail write failed"); | |
f7edeced | 152 | } |
ab307dc6 | 153 | # endif |
f7edeced RS |
154 | |
155 | if (md_count) { | |
156 | /* If we used up this one, go to the next. */ | |
157 | if (--md_count == 0) | |
158 | parseit(); | |
159 | } | |
160 | ||
d2b53fcd | 161 | return shoulditfail; |
f7edeced RS |
162 | } |
163 | ||
164 | void ossl_malloc_setup_failures(void) | |
165 | { | |
166 | const char *cp = getenv("OPENSSL_MALLOC_FAILURES"); | |
167 | ||
168 | if (cp != NULL && (md_failstring = strdup(cp)) != NULL) | |
169 | parseit(); | |
170 | if ((cp = getenv("OPENSSL_MALLOC_FD")) != NULL) | |
171 | md_tracefd = atoi(cp); | |
3df5736c BE |
172 | if ((cp = getenv("OPENSSL_MALLOC_SEED")) != NULL) |
173 | srandom(atoi(cp)); | |
f7edeced RS |
174 | } |
175 | #endif | |
176 | ||
ff842856 | 177 | void *CRYPTO_malloc(size_t num, const char *file, int line) |
0f113f3e | 178 | { |
5639ee79 DDO |
179 | void *ptr; |
180 | ||
0e598a3d | 181 | INCREMENT(malloc_count); |
5639ee79 DDO |
182 | if (malloc_impl != CRYPTO_malloc) { |
183 | ptr = malloc_impl(num, file, line); | |
184 | if (ptr != NULL || num == 0) | |
185 | return ptr; | |
186 | goto err; | |
187 | } | |
05c7b163 | 188 | |
5e1f879a | 189 | if (num == 0) |
0f113f3e MC |
190 | return NULL; |
191 | ||
f7edeced | 192 | FAILTEST(); |
41aede86 | 193 | if (allow_customize) { |
194 | /* | |
195 | * Disallow customization after the first allocation. We only set this | |
196 | * if necessary to avoid a store to the same cache line on every | |
197 | * allocation. | |
198 | */ | |
199 | allow_customize = 0; | |
200 | } | |
d02b48c6 | 201 | |
5639ee79 DDO |
202 | ptr = malloc(num); |
203 | if (ptr != NULL) | |
204 | return ptr; | |
205 | err: | |
206 | /* | |
207 | * ossl_err_get_state_int() in err.c uses CRYPTO_zalloc(num, NULL, 0) for | |
208 | * ERR_STATE allocation. Prevent mem alloc error loop while reporting error. | |
209 | */ | |
210 | if (file != NULL || line != 0) { | |
211 | ERR_new(); | |
212 | ERR_set_debug(file, line, NULL); | |
213 | ERR_set_error(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE, NULL); | |
214 | } | |
215 | return NULL; | |
0f113f3e MC |
216 | } |
217 | ||
ff842856 | 218 | void *CRYPTO_zalloc(size_t num, const char *file, int line) |
b51bce94 | 219 | { |
f4dcc09b | 220 | void *ret; |
b51bce94 | 221 | |
f4dcc09b | 222 | ret = CRYPTO_malloc(num, file, line); |
b51bce94 RS |
223 | if (ret != NULL) |
224 | memset(ret, 0, num); | |
f4dcc09b | 225 | |
b51bce94 RS |
226 | return ret; |
227 | } | |
228 | ||
cc4ea5e0 NH |
229 | void *CRYPTO_aligned_alloc(size_t num, size_t alignment, void **freeptr, |
230 | const char *file, int line) | |
231 | { | |
232 | void *ret; | |
233 | ||
234 | *freeptr = NULL; | |
235 | ||
236 | #if defined(OPENSSL_SMALL_FOOTPRINT) | |
237 | ret = freeptr = NULL; | |
238 | return ret; | |
239 | #endif | |
240 | ||
241 | #if defined (_BSD_SOURCE) || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) | |
242 | if (posix_memalign(&ret, alignment, num)) | |
243 | return NULL; | |
244 | *freeptr = ret; | |
245 | return ret; | |
246 | #elif defined(_ISOC11_SOURCE) | |
247 | ret = *freeptr = aligned_alloc(alignment, num); | |
248 | return ret; | |
249 | #else | |
250 | /* we have to do this the hard way */ | |
251 | ||
252 | /* | |
253 | * Note: Windows supports an _aligned_malloc call, but we choose | |
254 | * not to use it here, because allocations from that function | |
255 | * require that they be freed via _aligned_free. Given that | |
256 | * we can't differentiate plain malloc blocks from blocks obtained | |
257 | * via _aligned_malloc, just avoid its use entirely | |
258 | */ | |
259 | ||
260 | /* | |
261 | * Step 1: Allocate an amount of memory that is <alignment> | |
262 | * bytes bigger than requested | |
263 | */ | |
264 | *freeptr = malloc(num + alignment); | |
265 | if (*freeptr == NULL) | |
266 | return NULL; | |
267 | ||
268 | /* | |
269 | * Step 2: Add <alignment - 1> bytes to the pointer | |
270 | * This will cross the alignment boundary that is | |
271 | * requested | |
272 | */ | |
273 | ret = (void *)((char *)*freeptr + (alignment - 1)); | |
274 | ||
275 | /* | |
276 | * Step 3: Use the alignment as a mask to translate the | |
277 | * least significant bits of the allocation at the alignment | |
278 | * boundary to 0. ret now holds a pointer to the memory | |
279 | * buffer at the requested alignment | |
280 | * NOTE: It is a documented requirement that alignment be a | |
281 | * power of 2, which is what allows this to work | |
282 | */ | |
283 | ret = (void *)((uintptr_t)ret & (uintptr_t)(~(alignment - 1))); | |
284 | return ret; | |
285 | #endif | |
286 | } | |
287 | ||
ff842856 | 288 | void *CRYPTO_realloc(void *str, size_t num, const char *file, int line) |
0f113f3e | 289 | { |
0e598a3d | 290 | INCREMENT(realloc_count); |
f4dcc09b | 291 | if (realloc_impl != CRYPTO_realloc) |
05c7b163 RL |
292 | return realloc_impl(str, num, file, line); |
293 | ||
0f113f3e MC |
294 | if (str == NULL) |
295 | return CRYPTO_malloc(num, file, line); | |
d5234c7b | 296 | |
bbd86bf5 | 297 | if (num == 0) { |
05c7b163 | 298 | CRYPTO_free(str, file, line); |
0f113f3e | 299 | return NULL; |
bbd86bf5 | 300 | } |
d5234c7b | 301 | |
e2cf38d5 | 302 | FAILTEST(); |
bbd86bf5 | 303 | return realloc(str, num); |
0f113f3e | 304 | } |
d02b48c6 | 305 | |
c99de053 | 306 | void *CRYPTO_clear_realloc(void *str, size_t old_len, size_t num, |
ff842856 | 307 | const char *file, int line) |
0f113f3e MC |
308 | { |
309 | void *ret = NULL; | |
310 | ||
311 | if (str == NULL) | |
312 | return CRYPTO_malloc(num, file, line); | |
313 | ||
bbd86bf5 | 314 | if (num == 0) { |
05c7b163 | 315 | CRYPTO_clear_free(str, old_len, file, line); |
0f113f3e | 316 | return NULL; |
bbd86bf5 | 317 | } |
0f113f3e | 318 | |
bbd86bf5 RS |
319 | /* Can't shrink the buffer since memcpy below copies |old_len| bytes. */ |
320 | if (num < old_len) { | |
3ce2fdab | 321 | OPENSSL_cleanse((char*)str + num, old_len - num); |
bbd86bf5 RS |
322 | return str; |
323 | } | |
0f113f3e | 324 | |
05c7b163 | 325 | ret = CRYPTO_malloc(num, file, line); |
2ac7753c | 326 | if (ret != NULL) { |
bbd86bf5 | 327 | memcpy(ret, str, old_len); |
2ac7753c DSH |
328 | CRYPTO_clear_free(str, old_len, file, line); |
329 | } | |
0f113f3e MC |
330 | return ret; |
331 | } | |
54a656ef | 332 | |
05c7b163 | 333 | void CRYPTO_free(void *str, const char *file, int line) |
0f113f3e | 334 | { |
0e598a3d | 335 | INCREMENT(free_count); |
f4dcc09b | 336 | if (free_impl != CRYPTO_free) { |
05c7b163 RL |
337 | free_impl(str, file, line); |
338 | return; | |
339 | } | |
340 | ||
bbd86bf5 | 341 | free(str); |
0f113f3e | 342 | } |
d02b48c6 | 343 | |
05c7b163 | 344 | void CRYPTO_clear_free(void *str, size_t num, const char *file, int line) |
4b45c6e5 | 345 | { |
bbd86bf5 | 346 | if (str == NULL) |
4b45c6e5 RS |
347 | return; |
348 | if (num) | |
349 | OPENSSL_cleanse(str, num); | |
05c7b163 | 350 | CRYPTO_free(str, file, line); |
4b45c6e5 | 351 | } |
742ccab3 RS |
352 | |
353 | #if !defined(OPENSSL_NO_CRYPTO_MDEBUG) | |
354 | ||
355 | # ifndef OPENSSL_NO_DEPRECATED_3_0 | |
356 | int CRYPTO_mem_ctrl(int mode) | |
357 | { | |
358 | (void)mode; | |
359 | return -1; | |
360 | } | |
361 | ||
362 | int CRYPTO_set_mem_debug(int flag) | |
363 | { | |
364 | (void)flag; | |
365 | return -1; | |
366 | } | |
367 | ||
368 | int CRYPTO_mem_debug_push(const char *info, const char *file, int line) | |
369 | { | |
370 | (void)info; (void)file; (void)line; | |
f8684542 | 371 | return 0; |
742ccab3 RS |
372 | } |
373 | ||
374 | int CRYPTO_mem_debug_pop(void) | |
375 | { | |
f8684542 | 376 | return 0; |
742ccab3 RS |
377 | } |
378 | ||
f64f2622 RS |
379 | void CRYPTO_mem_debug_malloc(void *addr, size_t num, int flag, |
380 | const char *file, int line) | |
381 | { | |
382 | (void)addr; (void)num; (void)flag; (void)file; (void)line; | |
383 | } | |
384 | ||
385 | void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num, int flag, | |
386 | const char *file, int line) | |
387 | { | |
388 | (void)addr1; (void)addr2; (void)num; (void)flag; (void)file; (void)line; | |
389 | } | |
390 | ||
391 | void CRYPTO_mem_debug_free(void *addr, int flag, | |
392 | const char *file, int line) | |
393 | { | |
394 | (void)addr; (void)flag; (void)file; (void)line; | |
395 | } | |
396 | ||
742ccab3 RS |
397 | int CRYPTO_mem_leaks(BIO *b) |
398 | { | |
399 | (void)b; | |
400 | return -1; | |
401 | } | |
402 | ||
403 | # ifndef OPENSSL_NO_STDIO | |
404 | int CRYPTO_mem_leaks_fp(FILE *fp) | |
405 | { | |
406 | (void)fp; | |
407 | return -1; | |
408 | } | |
409 | # endif | |
410 | ||
411 | int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u), | |
412 | void *u) | |
413 | { | |
414 | (void)cb; (void)u; | |
415 | return -1; | |
416 | } | |
417 | ||
418 | # endif | |
419 | ||
420 | #endif |