[thirdparty/openssl.git] / crypto / mem.c

/*
 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include "e_os.h"
#include "internal/cryptlib.h"
#include "internal/cryptlib_int.h"
#include <stdio.h>
#include <stdlib.h>
#include <limits.h>
#include <openssl/crypto.h>
#if !defined(OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE) && !defined(FIPS_MODE)
# include <execinfo.h>
#endif

/*
 * the following pointers may be changed as long as 'allow_customize' is set
 */
static int allow_customize = 1;

static void *(*malloc_impl)(size_t, const char *, int)
    = CRYPTO_malloc;
static void *(*realloc_impl)(void *, size_t, const char *, int)
    = CRYPTO_realloc;
static void (*free_impl)(void *, const char *, int)
    = CRYPTO_free;

#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODE)
# include "internal/tsan_assist.h"

static TSAN_QUALIFIER int malloc_count;
static TSAN_QUALIFIER int realloc_count;
static TSAN_QUALIFIER int free_count;

# define INCREMENT(x) tsan_counter(&(x))

static char *md_failstring;
static long md_count;
static int md_fail_percent = 0;
static int md_tracefd = -1;
static int call_malloc_debug = 1;

static void parseit(void);
static int shouldfail(void);

# define FAILTEST() if (shouldfail()) return NULL

#else
static int call_malloc_debug = 0;

# define INCREMENT(x) /* empty */
# define FAILTEST() /* empty */
#endif

int CRYPTO_set_mem_functions(
        void *(*m)(size_t, const char *, int),
        void *(*r)(void *, size_t, const char *, int),
        void (*f)(void *, const char *, int))
{
    if (!allow_customize)
        return 0;
    if (m)
        malloc_impl = m;
    if (r)
        realloc_impl = r;
    if (f)
        free_impl = f;
    return 1;
}

int CRYPTO_set_mem_debug(int flag)
{
    if (!allow_customize)
        return 0;
    call_malloc_debug = flag;
    return 1;
}

void CRYPTO_get_mem_functions(
        void *(**m)(size_t, const char *, int),
        void *(**r)(void *, size_t, const char *, int),
        void (**f)(void *, const char *, int))
{
    if (m != NULL)
        *m = malloc_impl;
    if (r != NULL)
        *r = realloc_impl;
    if (f != NULL)
        *f = free_impl;
}

#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODE)
void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount)
{
    if (mcount != NULL)
        *mcount = tsan_load(&malloc_count);
    if (rcount != NULL)
        *rcount = tsan_load(&realloc_count);
    if (fcount != NULL)
        *fcount = tsan_load(&free_count);
}

/*
 * Parse a "malloc failure spec" string.  This likes like a set of fields
 * separated by semicolons.  Each field has a count and an optional failure
 * percentage.  For example:
 *          100@0;100@25;0@0
 *    or    100;100@25;0
 * This means 100 mallocs succeed, then next 100 fail 25% of the time, and
 * all remaining (count is zero) succeed.
 */
static void parseit(void)
{
    char *semi = strchr(md_failstring, ';');
    char *atsign;

    if (semi != NULL)
        *semi++ = '\0';

    /* Get the count (atol will stop at the @ if there), and percentage */
    md_count = atol(md_failstring);
    atsign = strchr(md_failstring, '@');
    md_fail_percent = atsign == NULL ? 0 : atoi(atsign + 1);

    if (semi != NULL)
        md_failstring = semi;
}

/*
 * Windows doesn't have random(), but it has rand()
 * Some rand() implementations aren't good, but we're not
 * dealing with secure randomness here.
 */
# ifdef _WIN32
#  define random() rand()
# endif
/*
 * See if the current malloc should fail.
 */
static int shouldfail(void)
{
    int roll = (int)(random() % 100);
    int shoulditfail = roll < md_fail_percent;
# ifndef _WIN32
/* suppressed on Windows as POSIX-like file descriptors are non-inheritable */
    int len;
    char buff[80];

    if (md_tracefd > 0) {
        BIO_snprintf(buff, sizeof(buff),
                     "%c C%ld %%%d R%d\n",
                     shoulditfail ? '-' : '+', md_count, md_fail_percent, roll);
        len = strlen(buff);
        if (write(md_tracefd, buff, len) != len)
            perror("shouldfail write failed");
#  ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
        if (shoulditfail) {
            void *addrs[30];
            int num = backtrace(addrs, OSSL_NELEM(addrs));

            backtrace_symbols_fd(addrs, num, md_tracefd);
        }
#  endif
    }
# endif

    if (md_count) {
        /* If we used up this one, go to the next. */
        if (--md_count == 0)
            parseit();
    }

    return shoulditfail;
}

void ossl_malloc_setup_failures(void)
{
    const char *cp = getenv("OPENSSL_MALLOC_FAILURES");

    if (cp != NULL && (md_failstring = strdup(cp)) != NULL)
        parseit();
    if ((cp = getenv("OPENSSL_MALLOC_FD")) != NULL)
        md_tracefd = atoi(cp);
}
#endif

void *CRYPTO_malloc(size_t num, const char *file, int line)
{
    void *ret = NULL;

    INCREMENT(malloc_count);
    if (malloc_impl != NULL && malloc_impl != CRYPTO_malloc)
        return malloc_impl(num, file, line);

    if (num == 0)
        return NULL;

    FAILTEST();
    if (allow_customize) {
        /*
         * Disallow customization after the first allocation. We only set this
         * if necessary to avoid a store to the same cache line on every
         * allocation.
         */
        allow_customize = 0;
    }
#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODE)
    if (call_malloc_debug) {
        CRYPTO_mem_debug_malloc(NULL, num, 0, file, line);
        ret = malloc(num);
        CRYPTO_mem_debug_malloc(ret, num, 1, file, line);
    } else {
        ret = malloc(num);
    }
#else
    (void)(file); (void)(line);
    ret = malloc(num);
#endif

    return ret;
}

void *CRYPTO_zalloc(size_t num, const char *file, int line)
{
    void *ret = CRYPTO_malloc(num, file, line);

    FAILTEST();
    if (ret != NULL)
        memset(ret, 0, num);
    return ret;
}

void *CRYPTO_realloc(void *str, size_t num, const char *file, int line)
{
    INCREMENT(realloc_count);
    if (realloc_impl != NULL && realloc_impl != &CRYPTO_realloc)
        return realloc_impl(str, num, file, line);

    FAILTEST();
    if (str == NULL)
        return CRYPTO_malloc(num, file, line);

    if (num == 0) {
        CRYPTO_free(str, file, line);
        return NULL;
    }

#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODE)
    if (call_malloc_debug) {
        void *ret;
        CRYPTO_mem_debug_realloc(str, NULL, num, 0, file, line);
        ret = realloc(str, num);
        CRYPTO_mem_debug_realloc(str, ret, num, 1, file, line);
        return ret;
    }
#else
    (void)(file); (void)(line);
#endif
    return realloc(str, num);

}

void *CRYPTO_clear_realloc(void *str, size_t old_len, size_t num,
                           const char *file, int line)
{
    void *ret = NULL;

    if (str == NULL)
        return CRYPTO_malloc(num, file, line);

    if (num == 0) {
        CRYPTO_clear_free(str, old_len, file, line);
        return NULL;
    }

    /* Can't shrink the buffer since memcpy below copies |old_len| bytes. */
    if (num < old_len) {
        OPENSSL_cleanse((char*)str + num, old_len - num);
        return str;
    }

    ret = CRYPTO_malloc(num, file, line);
    if (ret != NULL) {
        memcpy(ret, str, old_len);
        CRYPTO_clear_free(str, old_len, file, line);
    }
    return ret;
}

void CRYPTO_free(void *str, const char *file, int line)
{
    INCREMENT(free_count);
    if (free_impl != NULL && free_impl != &CRYPTO_free) {
        free_impl(str, file, line);
        return;
    }

#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODE)
    if (call_malloc_debug) {
        CRYPTO_mem_debug_free(str, 0, file, line);
        free(str);
        CRYPTO_mem_debug_free(str, 1, file, line);
    } else {
        free(str);
    }
#else
    free(str);
#endif
}

void CRYPTO_clear_free(void *str, size_t num, const char *file, int line)
{
    if (str == NULL)
        return;
    if (num)
        OPENSSL_cleanse(str, num);
    CRYPTO_free(str, file, line);
}
Commit	Line	Data
4f22f405	1	/*
48e5119a	2	* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
d02b48c6	3	*
0e9725bc	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
4f22f405 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
d02b48c6 RE	8	*/
d02b48c6 RE	9
07016a8a P	10	#include "e_os.h"
	11	#include "internal/cryptlib.h"
	12	#include "internal/cryptlib_int.h"
d02b48c6 RE	13	#include <stdio.h>
d02b48c6 RE	14	#include <stdlib.h>
bbd86bf5	15	#include <limits.h>
458cddc1	16	#include <openssl/crypto.h>
9efa0ae0	17	#if !defined(OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE) && !defined(FIPS_MODE)
f7edeced RS	18	# include <execinfo.h>
f7edeced RS	19	#endif
d02b48c6	20
0f113f3e MC	21	/*
	22	* the following pointers may be changed as long as 'allow_customize' is set
	23	*/
bbd86bf5	24	static int allow_customize = 1;
a5435e8b	25
05c7b163	26	static void (malloc_impl)(size_t, const char *, int)
bbd86bf5	27	= CRYPTO_malloc;
05c7b163	28	static void (realloc_impl)(void , size_t, const char , int)
bbd86bf5	29	= CRYPTO_realloc;
05c7b163	30	static void (free_impl)(void , const char *, int)
bbd86bf5	31	= CRYPTO_free;
74924dcb	32
9efa0ae0	33	#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODE)
8f154985	34	# include "internal/tsan_assist.h"
0e598a3d	35
8f154985 AP	36	static TSAN_QUALIFIER int malloc_count;
	37	static TSAN_QUALIFIER int realloc_count;
	38	static TSAN_QUALIFIER int free_count;
	39
	40	# define INCREMENT(x) tsan_counter(&(x))
0e598a3d	41
f7edeced RS	42	static char *md_failstring;
f7edeced RS	43	static long md_count;
50718243	44	static int md_fail_percent = 0;
f7edeced	45	static int md_tracefd = -1;
bbd86bf5	46	static int call_malloc_debug = 1;
f7edeced RS	47
	48	static void parseit(void);
	49	static int shouldfail(void);
	50
	51	# define FAILTEST() if (shouldfail()) return NULL
	52
f3a2a044	53	#else
bbd86bf5	54	static int call_malloc_debug = 0;
f7edeced	55
0e598a3d	56	# define INCREMENT(x) /* empty */
f7edeced	57	# define FAILTEST() /* empty */
f3a2a044	58	#endif
9ac42ed8	59
bbd86bf5 RS	60	int CRYPTO_set_mem_functions(
	61	void (m)(size_t, const char *, int),
	62	void (r)(void , size_t, const char , int),
05c7b163	63	void (f)(void , const char *, int))
74924dcb	64	{
74924dcb RS	65	if (!allow_customize)
74924dcb RS	66	return 0;
bbd86bf5	67	if (m)
05c7b163	68	malloc_impl = m;
bbd86bf5	69	if (r)
05c7b163	70	realloc_impl = r;
bbd86bf5	71	if (f)
05c7b163	72	free_impl = f;
74924dcb RS	73	return 1;
	74	}
	75
bbd86bf5	76	int CRYPTO_set_mem_debug(int flag)
74924dcb RS	77	{
	78	if (!allow_customize)
	79	return 0;
bbd86bf5	80	call_malloc_debug = flag;
0f113f3e MC	81	return 1;
	82	}
	83
bbd86bf5 RS	84	void CRYPTO_get_mem_functions(
	85	void (m)(size_t, const char , int),
	86	void (r)(void , size_t, const char *, int),
05c7b163	87	void (*f)(void , const char *, int))
0f113f3e MC	88	{
0f113f3e MC	89	if (m != NULL)
05c7b163	90	*m = malloc_impl;
0f113f3e	91	if (r != NULL)
05c7b163	92	*r = realloc_impl;
74924dcb	93	if (f != NULL)
05c7b163	94	*f = free_impl;
0f113f3e	95	}
d02b48c6	96
9efa0ae0	97	#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODE)
0e598a3d RS	98	void CRYPTO_get_alloc_counts(int mcount, int rcount, int *fcount)
	99	{
	100	if (mcount != NULL)
8f154985	101	*mcount = tsan_load(&malloc_count);
0e598a3d	102	if (rcount != NULL)
8f154985	103	*rcount = tsan_load(&realloc_count);
0e598a3d	104	if (fcount != NULL)
8f154985	105	*fcount = tsan_load(&free_count);
0e598a3d RS	106	}
0e598a3d RS	107
f7edeced RS	108	/*
	109	* Parse a "malloc failure spec" string. This likes like a set of fields
	110	* separated by semicolons. Each field has a count and an optional failure
	111	* percentage. For example:
50718243 RS	112	* 100@0;100@25;0@0
50718243 RS	113	* or 100;100@25;0
f7edeced RS	114	* This means 100 mallocs succeed, then next 100 fail 25% of the time, and
	115	* all remaining (count is zero) succeed.
	116	*/
	117	static void parseit(void)
	118	{
	119	char *semi = strchr(md_failstring, ';');
	120	char *atsign;
	121
	122	if (semi != NULL)
	123	*semi++ = '\0';
	124
	125	/* Get the count (atol will stop at the @ if there), and percentage */
	126	md_count = atol(md_failstring);
	127	atsign = strchr(md_failstring, '@');
50718243	128	md_fail_percent = atsign == NULL ? 0 : atoi(atsign + 1);
f7edeced RS	129
	130	if (semi != NULL)
	131	md_failstring = semi;
	132	}
	133
afe9bba7 RL	134	/*
	135	* Windows doesn't have random(), but it has rand()
	136	* Some rand() implementations aren't good, but we're not
	137	* dealing with secure randomness here.
	138	*/
ab307dc6 DO	139	# ifdef _WIN32
	140	# define random() rand()
	141	# endif
f7edeced RS	142	/*
	143	* See if the current malloc should fail.
	144	*/
	145	static int shouldfail(void)
	146	{
	147	int roll = (int)(random() % 100);
d2b53fcd	148	int shoulditfail = roll < md_fail_percent;
ab307dc6 DO	149	# ifndef _WIN32
ab307dc6 DO	150	/* suppressed on Windows as POSIX-like file descriptors are non-inheritable */
43a0449f	151	int len;
f7edeced RS	152	char buff[80];
	153
	154	if (md_tracefd > 0) {
	155	BIO_snprintf(buff, sizeof(buff),
	156	"%c C%ld %%%d R%d\n",
d2b53fcd	157	shoulditfail ? '-' : '+', md_count, md_fail_percent, roll);
43a0449f P	158	len = strlen(buff);
	159	if (write(md_tracefd, buff, len) != len)
	160	perror("shouldfail write failed");
ab307dc6	161	# ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
d2b53fcd	162	if (shoulditfail) {
f7edeced RS	163	void *addrs[30];
	164	int num = backtrace(addrs, OSSL_NELEM(addrs));
	165
	166	backtrace_symbols_fd(addrs, num, md_tracefd);
	167	}
ab307dc6	168	# endif
f7edeced	169	}
ab307dc6	170	# endif
f7edeced RS	171
	172	if (md_count) {
	173	/* If we used up this one, go to the next. */
	174	if (--md_count == 0)
	175	parseit();
	176	}
	177
d2b53fcd	178	return shoulditfail;
f7edeced RS	179	}
	180
	181	void ossl_malloc_setup_failures(void)
	182	{
	183	const char *cp = getenv("OPENSSL_MALLOC_FAILURES");
	184
	185	if (cp != NULL && (md_failstring = strdup(cp)) != NULL)
	186	parseit();
	187	if ((cp = getenv("OPENSSL_MALLOC_FD")) != NULL)
	188	md_tracefd = atoi(cp);
	189	}
	190	#endif
	191
ff842856	192	void CRYPTO_malloc(size_t num, const char file, int line)
0f113f3e MC	193	{
	194	void *ret = NULL;
	195
0e598a3d	196	INCREMENT(malloc_count);
05c7b163 RL	197	if (malloc_impl != NULL && malloc_impl != CRYPTO_malloc)
	198	return malloc_impl(num, file, line);
	199
5e1f879a	200	if (num == 0)
0f113f3e MC	201	return NULL;
0f113f3e MC	202
f7edeced	203	FAILTEST();
41aede86	204	if (allow_customize) {
	205	/*
	206	* Disallow customization after the first allocation. We only set this
	207	* if necessary to avoid a store to the same cache line on every
	208	* allocation.
	209	*/
	210	allow_customize = 0;
	211	}
9efa0ae0	212	#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODE)
bbd86bf5 RS	213	if (call_malloc_debug) {
	214	CRYPTO_mem_debug_malloc(NULL, num, 0, file, line);
	215	ret = malloc(num);
	216	CRYPTO_mem_debug_malloc(ret, num, 1, file, line);
	217	} else {
	218	ret = malloc(num);
0f113f3e	219	}
bbd86bf5	220	#else
0e97f1e1	221	(void)(file); (void)(line);
bbd86bf5 RS	222	ret = malloc(num);
bbd86bf5 RS	223	#endif
d02b48c6	224
0f113f3e MC	225	return ret;
	226	}
	227
ff842856	228	void CRYPTO_zalloc(size_t num, const char file, int line)
b51bce94 RS	229	{
	230	void *ret = CRYPTO_malloc(num, file, line);
	231
f7edeced	232	FAILTEST();
b51bce94 RS	233	if (ret != NULL)
	234	memset(ret, 0, num);
	235	return ret;
	236	}
	237
ff842856	238	void CRYPTO_realloc(void str, size_t num, const char *file, int line)
0f113f3e	239	{
0e598a3d	240	INCREMENT(realloc_count);
05c7b163 RL	241	if (realloc_impl != NULL && realloc_impl != &CRYPTO_realloc)
	242	return realloc_impl(str, num, file, line);
	243
f7edeced	244	FAILTEST();
0f113f3e MC	245	if (str == NULL)
0f113f3e MC	246	return CRYPTO_malloc(num, file, line);
d5234c7b	247
bbd86bf5	248	if (num == 0) {
05c7b163	249	CRYPTO_free(str, file, line);
0f113f3e	250	return NULL;
bbd86bf5	251	}
d5234c7b	252
9efa0ae0	253	#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODE)
bbd86bf5 RS	254	if (call_malloc_debug) {
	255	void *ret;
	256	CRYPTO_mem_debug_realloc(str, NULL, num, 0, file, line);
	257	ret = realloc(str, num);
	258	CRYPTO_mem_debug_realloc(str, ret, num, 1, file, line);
	259	return ret;
	260	}
	261	#else
0e97f1e1	262	(void)(file); (void)(line);
bbd86bf5 RS	263	#endif
bbd86bf5 RS	264	return realloc(str, num);
9ac42ed8	265
0f113f3e	266	}
d02b48c6	267
c99de053	268	void CRYPTO_clear_realloc(void str, size_t old_len, size_t num,
ff842856	269	const char *file, int line)
0f113f3e MC	270	{
	271	void *ret = NULL;
	272
	273	if (str == NULL)
	274	return CRYPTO_malloc(num, file, line);
	275
bbd86bf5	276	if (num == 0) {
05c7b163	277	CRYPTO_clear_free(str, old_len, file, line);
0f113f3e	278	return NULL;
bbd86bf5	279	}
0f113f3e	280
bbd86bf5 RS	281	/* Can't shrink the buffer since memcpy below copies \|old_len\| bytes. */
bbd86bf5 RS	282	if (num < old_len) {
3ce2fdab	283	OPENSSL_cleanse((char*)str + num, old_len - num);
bbd86bf5 RS	284	return str;
bbd86bf5 RS	285	}
0f113f3e	286
05c7b163	287	ret = CRYPTO_malloc(num, file, line);
2ac7753c	288	if (ret != NULL) {
bbd86bf5	289	memcpy(ret, str, old_len);
2ac7753c DSH	290	CRYPTO_clear_free(str, old_len, file, line);
2ac7753c DSH	291	}
0f113f3e MC	292	return ret;
0f113f3e MC	293	}
54a656ef	294
05c7b163	295	void CRYPTO_free(void str, const char file, int line)
0f113f3e	296	{
0e598a3d	297	INCREMENT(free_count);
05c7b163 RL	298	if (free_impl != NULL && free_impl != &CRYPTO_free) {
	299	free_impl(str, file, line);
	300	return;
	301	}
	302
9efa0ae0	303	#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODE)
bbd86bf5	304	if (call_malloc_debug) {
05c7b163	305	CRYPTO_mem_debug_free(str, 0, file, line);
bbd86bf5	306	free(str);
05c7b163	307	CRYPTO_mem_debug_free(str, 1, file, line);
bbd86bf5 RS	308	} else {
	309	free(str);
	310	}
	311	#else
	312	free(str);
	313	#endif
0f113f3e	314	}
d02b48c6	315
05c7b163	316	void CRYPTO_clear_free(void str, size_t num, const char file, int line)
4b45c6e5	317	{
bbd86bf5	318	if (str == NULL)
4b45c6e5 RS	319	return;
	320	if (num)
	321	OPENSSL_cleanse(str, num);
05c7b163	322	CRYPTO_free(str, file, line);
4b45c6e5	323	}