/src/boringssl/crypto/mem.cc
Line | Count | Source (jump to first uncovered line) |
1 | | // Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. |
2 | | // |
3 | | // Licensed under the Apache License, Version 2.0 (the "License"); |
4 | | // you may not use this file except in compliance with the License. |
5 | | // You may obtain a copy of the License at |
6 | | // |
7 | | // https://www.apache.org/licenses/LICENSE-2.0 |
8 | | // |
9 | | // Unless required by applicable law or agreed to in writing, software |
10 | | // distributed under the License is distributed on an "AS IS" BASIS, |
11 | | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
12 | | // See the License for the specific language governing permissions and |
13 | | // limitations under the License. |
14 | | |
15 | | #include <openssl/mem.h> |
16 | | |
17 | | #include <assert.h> |
18 | | #include <errno.h> |
19 | | #include <limits.h> |
20 | | #include <stdarg.h> |
21 | | #include <stdio.h> |
22 | | #include <stdlib.h> |
23 | | |
24 | | #include <openssl/err.h> |
25 | | |
26 | | #if defined(OPENSSL_WINDOWS) |
27 | | #include <windows.h> |
28 | | #endif |
29 | | |
30 | | #if defined(BORINGSSL_MALLOC_FAILURE_TESTING) |
31 | | #include <errno.h> |
32 | | #include <signal.h> |
33 | | #include <unistd.h> |
34 | | #endif |
35 | | |
36 | | #include "internal.h" |
37 | | |
38 | | |
39 | 32.9M | #define OPENSSL_MALLOC_PREFIX 8 |
40 | | static_assert(OPENSSL_MALLOC_PREFIX >= sizeof(size_t), "size_t too large"); |
41 | | |
42 | | #if defined(OPENSSL_ASAN) |
43 | | extern "C" { |
44 | | void __asan_poison_memory_region(const volatile void *addr, size_t size); |
45 | | void __asan_unpoison_memory_region(const volatile void *addr, size_t size); |
46 | | } |
47 | | #else |
48 | 4.73M | static void __asan_poison_memory_region(const void *addr, size_t size) {} |
49 | 4.73M | static void __asan_unpoison_memory_region(const void *addr, size_t size) {} |
50 | | #endif |
51 | | |
52 | | // Windows doesn't really support weak symbols as of May 2019, and Clang on |
53 | | // Windows will emit strong symbols instead. See |
54 | | // https://bugs.llvm.org/show_bug.cgi?id=37598 |
55 | | // |
56 | | // EDK2 targets UEFI but builds as ELF and then translates the binary to |
57 | | // COFF(!). Thus it builds with __ELF__ defined but cannot actually cope with |
58 | | // weak symbols. |
59 | | #if !defined(__EDK2_BORINGSSL__) && defined(__ELF__) && defined(__GNUC__) |
60 | | #define WEAK_SYMBOL_FUNC(rettype, name, args) \ |
61 | | extern "C" { \ |
62 | | rettype name args __attribute__((weak)); \ |
63 | | } |
64 | | #else |
65 | | #define WEAK_SYMBOL_FUNC(rettype, name, args) \ |
66 | | static rettype(*const name) args = NULL; |
67 | | #endif |
68 | | |
69 | | #if defined(BORINGSSL_DETECT_SDALLOCX) |
70 | | // sdallocx is a sized |free| function. By passing the size (which we happen to |
71 | | // always know in BoringSSL), the malloc implementation can save work. We cannot |
72 | | // depend on |sdallocx| being available, however, so it's a weak symbol. |
73 | | // |
74 | | // This mechanism is kept opt-in because it assumes that, when |sdallocx| is |
75 | | // defined, it is part of the same allocator as |malloc|. This is usually true |
76 | | // but may break if |malloc| does not implement |sdallocx|, but some other |
77 | | // allocator with |sdallocx| is imported which does. |
78 | | WEAK_SYMBOL_FUNC(void, sdallocx, (void *ptr, size_t size, int flags)) |
79 | | #else |
80 | | static void (*const sdallocx)(void *ptr, size_t size, int flags) = NULL; |
81 | | #endif |
82 | | |
83 | | // The following three functions can be defined to override default heap |
84 | | // allocation and freeing. If defined, it is the responsibility of |
85 | | // |OPENSSL_memory_free| to zero out the memory before returning it to the |
86 | | // system. |OPENSSL_memory_free| will not be passed NULL pointers. |
87 | | // |
88 | | // WARNING: These functions are called on every allocation and free in |
89 | | // BoringSSL across the entire process. They may be called by any code in the |
90 | | // process which calls BoringSSL, including in process initializers and thread |
91 | | // destructors. When called, BoringSSL may hold pthreads locks. Any other code |
92 | | // in the process which, directly or indirectly, calls BoringSSL may be on the |
93 | | // call stack and may itself be using arbitrary synchronization primitives. |
94 | | // |
95 | | // As a result, these functions may not have the usual programming environment |
96 | | // available to most C or C++ code. In particular, they may not call into |
97 | | // BoringSSL, or any library which depends on BoringSSL. Any synchronization |
98 | | // primitives used must tolerate every other synchronization primitive linked |
99 | | // into the process, including pthreads locks. Failing to meet these constraints |
100 | | // may result in deadlocks, crashes, or memory corruption. |
101 | | WEAK_SYMBOL_FUNC(void *, OPENSSL_memory_alloc, (size_t size)) |
102 | | WEAK_SYMBOL_FUNC(void, OPENSSL_memory_free, (void *ptr)) |
103 | | WEAK_SYMBOL_FUNC(size_t, OPENSSL_memory_get_size, (void *ptr)) |
104 | | |
105 | | #if defined(BORINGSSL_MALLOC_FAILURE_TESTING) |
106 | | static CRYPTO_MUTEX malloc_failure_lock = CRYPTO_MUTEX_INIT; |
107 | | static uint64_t current_malloc_count = 0; |
108 | | static uint64_t malloc_number_to_fail = 0; |
109 | | static int malloc_failure_enabled = 0, break_on_malloc_fail = 0, |
110 | | any_malloc_failed = 0, disable_malloc_failures = 0; |
111 | | |
112 | | static void malloc_exit_handler(void) { |
113 | | CRYPTO_MUTEX_lock_read(&malloc_failure_lock); |
114 | | if (any_malloc_failed) { |
115 | | // Signal to the test driver that some allocation failed, so it knows to |
116 | | // increment the counter and continue. |
117 | | _exit(88); |
118 | | } |
119 | | CRYPTO_MUTEX_unlock_read(&malloc_failure_lock); |
120 | | } |
121 | | |
122 | | static void init_malloc_failure(void) { |
123 | | const char *env = getenv("MALLOC_NUMBER_TO_FAIL"); |
124 | | if (env != NULL && env[0] != 0) { |
125 | | char *endptr; |
126 | | malloc_number_to_fail = strtoull(env, &endptr, 10); |
127 | | if (*endptr == 0) { |
128 | | malloc_failure_enabled = 1; |
129 | | atexit(malloc_exit_handler); |
130 | | } |
131 | | } |
132 | | break_on_malloc_fail = getenv("MALLOC_BREAK_ON_FAIL") != NULL; |
133 | | } |
134 | | |
135 | | // should_fail_allocation returns one if the current allocation should fail and |
136 | | // zero otherwise. |
137 | | static int should_fail_allocation() { |
138 | | static CRYPTO_once_t once = CRYPTO_ONCE_INIT; |
139 | | CRYPTO_once(&once, init_malloc_failure); |
140 | | if (!malloc_failure_enabled || disable_malloc_failures) { |
141 | | return 0; |
142 | | } |
143 | | |
144 | | // We lock just so multi-threaded tests are still correct, but we won't test |
145 | | // every malloc exhaustively. |
146 | | CRYPTO_MUTEX_lock_write(&malloc_failure_lock); |
147 | | int should_fail = current_malloc_count == malloc_number_to_fail; |
148 | | current_malloc_count++; |
149 | | any_malloc_failed = any_malloc_failed || should_fail; |
150 | | CRYPTO_MUTEX_unlock_write(&malloc_failure_lock); |
151 | | |
152 | | if (should_fail && break_on_malloc_fail) { |
153 | | raise(SIGTRAP); |
154 | | } |
155 | | if (should_fail) { |
156 | | errno = ENOMEM; |
157 | | } |
158 | | return should_fail; |
159 | | } |
160 | | |
161 | | void OPENSSL_reset_malloc_counter_for_testing(void) { |
162 | | CRYPTO_MUTEX_lock_write(&malloc_failure_lock); |
163 | | current_malloc_count = 0; |
164 | | CRYPTO_MUTEX_unlock_write(&malloc_failure_lock); |
165 | | } |
166 | | |
167 | | void OPENSSL_disable_malloc_failures_for_testing(void) { |
168 | | CRYPTO_MUTEX_lock_write(&malloc_failure_lock); |
169 | | BSSL_CHECK(!disable_malloc_failures); |
170 | | disable_malloc_failures = 1; |
171 | | CRYPTO_MUTEX_unlock_write(&malloc_failure_lock); |
172 | | } |
173 | | |
174 | | void OPENSSL_enable_malloc_failures_for_testing(void) { |
175 | | CRYPTO_MUTEX_lock_write(&malloc_failure_lock); |
176 | | BSSL_CHECK(disable_malloc_failures); |
177 | | disable_malloc_failures = 0; |
178 | | CRYPTO_MUTEX_unlock_write(&malloc_failure_lock); |
179 | | } |
180 | | |
181 | | #else |
182 | 4.68M | static int should_fail_allocation(void) { return 0; } |
183 | | #endif |
184 | | |
185 | 4.68M | void *OPENSSL_malloc(size_t size) { |
186 | 4.68M | void *ptr = nullptr; |
187 | 4.68M | if (should_fail_allocation()) { |
188 | 0 | goto err; |
189 | 0 | } |
190 | | |
191 | 4.68M | if (OPENSSL_memory_alloc != NULL) { |
192 | 0 | assert(OPENSSL_memory_free != NULL); |
193 | 0 | assert(OPENSSL_memory_get_size != NULL); |
194 | 0 | void *ptr2 = OPENSSL_memory_alloc(size); |
195 | 0 | if (ptr2 == NULL && size != 0) { |
196 | 0 | goto err; |
197 | 0 | } |
198 | 0 | return ptr2; |
199 | 0 | } |
200 | | |
201 | 4.68M | if (size + OPENSSL_MALLOC_PREFIX < size) { |
202 | 0 | goto err; |
203 | 0 | } |
204 | | |
205 | 4.68M | ptr = malloc(size + OPENSSL_MALLOC_PREFIX); |
206 | 4.68M | if (ptr == NULL) { |
207 | 0 | goto err; |
208 | 0 | } |
209 | | |
210 | 4.68M | *(size_t *)ptr = size; |
211 | | |
212 | 4.68M | __asan_poison_memory_region(ptr, OPENSSL_MALLOC_PREFIX); |
213 | 4.68M | return ((uint8_t *)ptr) + OPENSSL_MALLOC_PREFIX; |
214 | | |
215 | 0 | err: |
216 | | // This only works because ERR does not call OPENSSL_malloc. |
217 | 0 | OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE); |
218 | 0 | return NULL; |
219 | 4.68M | } |
220 | | |
221 | 1.84M | void *OPENSSL_zalloc(size_t size) { |
222 | 1.84M | void *ret = OPENSSL_malloc(size); |
223 | 1.84M | if (ret != NULL) { |
224 | 1.84M | OPENSSL_memset(ret, 0, size); |
225 | 1.84M | } |
226 | 1.84M | return ret; |
227 | 1.84M | } |
228 | | |
229 | 558k | void *OPENSSL_calloc(size_t num, size_t size) { |
230 | 558k | if (size != 0 && num > SIZE_MAX / size) { |
231 | 0 | OPENSSL_PUT_ERROR(CRYPTO, ERR_R_OVERFLOW); |
232 | 0 | return NULL; |
233 | 0 | } |
234 | | |
235 | 558k | return OPENSSL_zalloc(num * size); |
236 | 558k | } |
237 | | |
238 | 7.35M | void OPENSSL_free(void *orig_ptr) { |
239 | 7.35M | if (orig_ptr == NULL) { |
240 | 2.67M | return; |
241 | 2.67M | } |
242 | | |
243 | 4.68M | if (OPENSSL_memory_free != NULL) { |
244 | 0 | OPENSSL_memory_free(orig_ptr); |
245 | 0 | return; |
246 | 0 | } |
247 | | |
248 | 4.68M | void *ptr = ((uint8_t *)orig_ptr) - OPENSSL_MALLOC_PREFIX; |
249 | 4.68M | __asan_unpoison_memory_region(ptr, OPENSSL_MALLOC_PREFIX); |
250 | | |
251 | 4.68M | size_t size = *(size_t *)ptr; |
252 | 4.68M | OPENSSL_cleanse(ptr, size + OPENSSL_MALLOC_PREFIX); |
253 | | |
254 | | // ASan knows to intercept malloc and free, but not sdallocx. |
255 | | #if defined(OPENSSL_ASAN) |
256 | | (void)sdallocx; |
257 | | free(ptr); |
258 | | #else |
259 | 4.68M | if (sdallocx) { |
260 | 0 | sdallocx(ptr, size + OPENSSL_MALLOC_PREFIX, 0 /* flags */); |
261 | 4.68M | } else { |
262 | 4.68M | free(ptr); |
263 | 4.68M | } |
264 | 4.68M | #endif |
265 | 4.68M | } |
266 | | |
267 | 115k | void *OPENSSL_realloc(void *orig_ptr, size_t new_size) { |
268 | 115k | if (orig_ptr == NULL) { |
269 | 63.1k | return OPENSSL_malloc(new_size); |
270 | 63.1k | } |
271 | | |
272 | 52.5k | size_t old_size; |
273 | 52.5k | if (OPENSSL_memory_get_size != NULL) { |
274 | 0 | old_size = OPENSSL_memory_get_size(orig_ptr); |
275 | 52.5k | } else { |
276 | 52.5k | void *ptr = ((uint8_t *)orig_ptr) - OPENSSL_MALLOC_PREFIX; |
277 | 52.5k | __asan_unpoison_memory_region(ptr, OPENSSL_MALLOC_PREFIX); |
278 | 52.5k | old_size = *(size_t *)ptr; |
279 | 52.5k | __asan_poison_memory_region(ptr, OPENSSL_MALLOC_PREFIX); |
280 | 52.5k | } |
281 | | |
282 | 52.5k | void *ret = OPENSSL_malloc(new_size); |
283 | 52.5k | if (ret == NULL) { |
284 | 0 | return NULL; |
285 | 0 | } |
286 | | |
287 | 52.5k | size_t to_copy = new_size; |
288 | 52.5k | if (old_size < to_copy) { |
289 | 52.5k | to_copy = old_size; |
290 | 52.5k | } |
291 | | |
292 | 52.5k | memcpy(ret, orig_ptr, to_copy); |
293 | 52.5k | OPENSSL_free(orig_ptr); |
294 | | |
295 | 52.5k | return ret; |
296 | 52.5k | } |
297 | | |
298 | 4.96M | void OPENSSL_cleanse(void *ptr, size_t len) { |
299 | | #if defined(OPENSSL_WINDOWS) |
300 | | SecureZeroMemory(ptr, len); |
301 | | #else |
302 | 4.96M | OPENSSL_memset(ptr, 0, len); |
303 | | |
304 | 4.96M | #if !defined(OPENSSL_NO_ASM) |
305 | | /* As best as we can tell, this is sufficient to break any optimisations that |
306 | | might try to eliminate "superfluous" memsets. If there's an easy way to |
307 | | detect memset_s, it would be better to use that. */ |
308 | 4.96M | __asm__ __volatile__("" : : "r"(ptr) : "memory"); |
309 | 4.96M | #endif |
310 | 4.96M | #endif // !OPENSSL_NO_ASM |
311 | 4.96M | } |
312 | | |
313 | 0 | void OPENSSL_clear_free(void *ptr, size_t unused) { OPENSSL_free(ptr); } |
314 | | |
315 | 0 | int CRYPTO_secure_malloc_init(size_t size, size_t min_size) { return 0; } |
316 | | |
317 | 0 | int CRYPTO_secure_malloc_initialized(void) { return 0; } |
318 | | |
319 | 0 | size_t CRYPTO_secure_used(void) { return 0; } |
320 | | |
321 | 0 | void *OPENSSL_secure_malloc(size_t size) { return OPENSSL_malloc(size); } |
322 | | |
323 | 0 | void OPENSSL_secure_clear_free(void *ptr, size_t len) { |
324 | 0 | OPENSSL_clear_free(ptr, len); |
325 | 0 | } |
326 | | |
327 | 16.0k | int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) { |
328 | 16.0k | const uint8_t *a = reinterpret_cast<const uint8_t *>(in_a); |
329 | 16.0k | const uint8_t *b = reinterpret_cast<const uint8_t *>(in_b); |
330 | 16.0k | uint8_t x = 0; |
331 | | |
332 | 330k | for (size_t i = 0; i < len; i++) { |
333 | 314k | x |= a[i] ^ b[i]; |
334 | 314k | } |
335 | | |
336 | 16.0k | return x; |
337 | 16.0k | } |
338 | | |
339 | 0 | uint32_t OPENSSL_hash32(const void *ptr, size_t len) { |
340 | | // These are the FNV-1a parameters for 32 bits. |
341 | 0 | static const uint32_t kPrime = 16777619u; |
342 | 0 | static const uint32_t kOffsetBasis = 2166136261u; |
343 | |
|
344 | 0 | const uint8_t *in = reinterpret_cast<const uint8_t *>(ptr); |
345 | 0 | uint32_t h = kOffsetBasis; |
346 | |
|
347 | 0 | for (size_t i = 0; i < len; i++) { |
348 | 0 | h ^= in[i]; |
349 | 0 | h *= kPrime; |
350 | 0 | } |
351 | |
|
352 | 0 | return h; |
353 | 0 | } |
354 | | |
355 | 0 | uint32_t OPENSSL_strhash(const char *s) { return OPENSSL_hash32(s, strlen(s)); } |
356 | | |
357 | 725 | size_t OPENSSL_strnlen(const char *s, size_t len) { |
358 | 5.67k | for (size_t i = 0; i < len; i++) { |
359 | 4.94k | if (s[i] == 0) { |
360 | 0 | return i; |
361 | 0 | } |
362 | 4.94k | } |
363 | | |
364 | 725 | return len; |
365 | 725 | } |
366 | | |
367 | 5.06k | char *OPENSSL_strdup(const char *s) { |
368 | 5.06k | if (s == NULL) { |
369 | 0 | return NULL; |
370 | 0 | } |
371 | | // Copy the NUL terminator. |
372 | 5.06k | return reinterpret_cast<char *>(OPENSSL_memdup(s, strlen(s) + 1)); |
373 | 5.06k | } |
374 | | |
375 | 26 | int OPENSSL_isalpha(int c) { |
376 | 26 | return (c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z'); |
377 | 26 | } |
378 | | |
379 | 619k | int OPENSSL_isdigit(int c) { return c >= '0' && c <= '9'; } |
380 | | |
381 | 0 | int OPENSSL_isxdigit(int c) { |
382 | 0 | return OPENSSL_isdigit(c) || (c >= 'a' && c <= 'f') || (c >= 'A' && c <= 'F'); |
383 | 0 | } |
384 | | |
385 | 0 | int OPENSSL_fromxdigit(uint8_t *out, int c) { |
386 | 0 | if (OPENSSL_isdigit(c)) { |
387 | 0 | *out = c - '0'; |
388 | 0 | return 1; |
389 | 0 | } |
390 | 0 | if ('a' <= c && c <= 'f') { |
391 | 0 | *out = c - 'a' + 10; |
392 | 0 | return 1; |
393 | 0 | } |
394 | 0 | if ('A' <= c && c <= 'F') { |
395 | 0 | *out = c - 'A' + 10; |
396 | 0 | return 1; |
397 | 0 | } |
398 | 0 | return 0; |
399 | 0 | } |
400 | | |
401 | 26 | int OPENSSL_isalnum(int c) { return OPENSSL_isalpha(c) || OPENSSL_isdigit(c); } |
402 | | |
403 | 893k | int OPENSSL_tolower(int c) { |
404 | 893k | if (c >= 'A' && c <= 'Z') { |
405 | 194k | return c + ('a' - 'A'); |
406 | 194k | } |
407 | 699k | return c; |
408 | 893k | } |
409 | | |
410 | 1.23M | int OPENSSL_isspace(int c) { |
411 | 1.23M | return c == '\t' || c == '\n' || c == '\v' || c == '\f' || c == '\r' || |
412 | 1.23M | c == ' '; |
413 | 1.23M | } |
414 | | |
415 | 0 | int OPENSSL_strcasecmp(const char *a, const char *b) { |
416 | 0 | for (size_t i = 0;; i++) { |
417 | 0 | const int aa = OPENSSL_tolower(a[i]); |
418 | 0 | const int bb = OPENSSL_tolower(b[i]); |
419 | |
|
420 | 0 | if (aa < bb) { |
421 | 0 | return -1; |
422 | 0 | } else if (aa > bb) { |
423 | 0 | return 1; |
424 | 0 | } else if (aa == 0) { |
425 | 0 | return 0; |
426 | 0 | } |
427 | 0 | } |
428 | 0 | } |
429 | | |
430 | 0 | int OPENSSL_strncasecmp(const char *a, const char *b, size_t n) { |
431 | 0 | for (size_t i = 0; i < n; i++) { |
432 | 0 | const int aa = OPENSSL_tolower(a[i]); |
433 | 0 | const int bb = OPENSSL_tolower(b[i]); |
434 | |
|
435 | 0 | if (aa < bb) { |
436 | 0 | return -1; |
437 | 0 | } else if (aa > bb) { |
438 | 0 | return 1; |
439 | 0 | } else if (aa == 0) { |
440 | 0 | return 0; |
441 | 0 | } |
442 | 0 | } |
443 | | |
444 | 0 | return 0; |
445 | 0 | } |
446 | | |
447 | 0 | int BIO_snprintf(char *buf, size_t n, const char *format, ...) { |
448 | 0 | va_list args; |
449 | 0 | va_start(args, format); |
450 | 0 | int ret = BIO_vsnprintf(buf, n, format, args); |
451 | 0 | va_end(args); |
452 | 0 | return ret; |
453 | 0 | } |
454 | | |
455 | 0 | int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) { |
456 | 0 | return vsnprintf(buf, n, format, args); |
457 | 0 | } |
458 | | |
459 | | int OPENSSL_vasprintf_internal(char **str, const char *format, va_list args, |
460 | 231 | int system_malloc) { |
461 | 231 | void *(*allocate)(size_t) = system_malloc ? malloc : OPENSSL_malloc; |
462 | 231 | void (*deallocate)(void *) = system_malloc ? free : OPENSSL_free; |
463 | 231 | void *(*reallocate)(void *, size_t) = |
464 | 231 | system_malloc ? realloc : OPENSSL_realloc; |
465 | 231 | char *candidate = NULL; |
466 | 231 | size_t candidate_len = 64; // TODO(bbe) what's the best initial size? |
467 | 231 | int ret; |
468 | | |
469 | 231 | if ((candidate = reinterpret_cast<char *>(allocate(candidate_len))) == NULL) { |
470 | 0 | goto err; |
471 | 0 | } |
472 | 231 | va_list args_copy; |
473 | 231 | va_copy(args_copy, args); |
474 | 231 | ret = vsnprintf(candidate, candidate_len, format, args_copy); |
475 | 231 | va_end(args_copy); |
476 | 231 | if (ret < 0) { |
477 | 0 | goto err; |
478 | 0 | } |
479 | 231 | if ((size_t)ret >= candidate_len) { |
480 | | // Too big to fit in allocation. |
481 | 0 | char *tmp; |
482 | |
|
483 | 0 | candidate_len = (size_t)ret + 1; |
484 | 0 | if ((tmp = reinterpret_cast<char *>( |
485 | 0 | reallocate(candidate, candidate_len))) == NULL) { |
486 | 0 | goto err; |
487 | 0 | } |
488 | 0 | candidate = tmp; |
489 | 0 | ret = vsnprintf(candidate, candidate_len, format, args); |
490 | 0 | } |
491 | | // At this point this should not happen unless vsnprintf is insane. |
492 | 231 | if (ret < 0 || (size_t)ret >= candidate_len) { |
493 | 0 | goto err; |
494 | 0 | } |
495 | 231 | *str = candidate; |
496 | 231 | return ret; |
497 | | |
498 | 0 | err: |
499 | 0 | deallocate(candidate); |
500 | 0 | *str = NULL; |
501 | 0 | errno = ENOMEM; |
502 | 0 | return -1; |
503 | 231 | } |
504 | | |
505 | 0 | int OPENSSL_vasprintf(char **str, const char *format, va_list args) { |
506 | 0 | return OPENSSL_vasprintf_internal(str, format, args, /*system_malloc=*/0); |
507 | 0 | } |
508 | | |
509 | 0 | int OPENSSL_asprintf(char **str, const char *format, ...) { |
510 | 0 | va_list args; |
511 | 0 | va_start(args, format); |
512 | 0 | int ret = OPENSSL_vasprintf(str, format, args); |
513 | 0 | va_end(args); |
514 | 0 | return ret; |
515 | 0 | } |
516 | | |
517 | 725 | char *OPENSSL_strndup(const char *str, size_t size) { |
518 | 725 | size = OPENSSL_strnlen(str, size); |
519 | | |
520 | 725 | size_t alloc_size = size + 1; |
521 | 725 | if (alloc_size < size) { |
522 | | // overflow |
523 | 0 | OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE); |
524 | 0 | return NULL; |
525 | 0 | } |
526 | 725 | char *ret = reinterpret_cast<char *>(OPENSSL_malloc(alloc_size)); |
527 | 725 | if (ret == NULL) { |
528 | 0 | return NULL; |
529 | 0 | } |
530 | | |
531 | 725 | OPENSSL_memcpy(ret, str, size); |
532 | 725 | ret[size] = '\0'; |
533 | 725 | return ret; |
534 | 725 | } |
535 | | |
536 | 6.93k | size_t OPENSSL_strlcpy(char *dst, const char *src, size_t dst_size) { |
537 | 6.93k | size_t l = 0; |
538 | | |
539 | 59.8k | for (; dst_size > 1 && *src; dst_size--) { |
540 | 52.9k | *dst++ = *src++; |
541 | 52.9k | l++; |
542 | 52.9k | } |
543 | | |
544 | 6.93k | if (dst_size) { |
545 | 6.93k | *dst = 0; |
546 | 6.93k | } |
547 | | |
548 | 6.93k | return l + strlen(src); |
549 | 6.93k | } |
550 | | |
551 | 6.93k | size_t OPENSSL_strlcat(char *dst, const char *src, size_t dst_size) { |
552 | 6.93k | size_t l = 0; |
553 | 70.8k | for (; dst_size > 0 && *dst; dst_size--, dst++) { |
554 | 63.8k | l++; |
555 | 63.8k | } |
556 | 6.93k | return l + OPENSSL_strlcpy(dst, src, dst_size); |
557 | 6.93k | } |
558 | | |
559 | 522k | void *OPENSSL_memdup(const void *data, size_t size) { |
560 | 522k | if (size == 0) { |
561 | 780 | return NULL; |
562 | 780 | } |
563 | | |
564 | 521k | void *ret = OPENSSL_malloc(size); |
565 | 521k | if (ret == NULL) { |
566 | 0 | return NULL; |
567 | 0 | } |
568 | | |
569 | 521k | OPENSSL_memcpy(ret, data, size); |
570 | 521k | return ret; |
571 | 521k | } |
572 | | |
573 | 0 | void *CRYPTO_malloc(size_t size, const char *file, int line) { |
574 | 0 | return OPENSSL_malloc(size); |
575 | 0 | } |
576 | | |
577 | 0 | void *CRYPTO_realloc(void *ptr, size_t new_size, const char *file, int line) { |
578 | 0 | return OPENSSL_realloc(ptr, new_size); |
579 | 0 | } |
580 | | |
581 | 0 | void CRYPTO_free(void *ptr, const char *file, int line) { OPENSSL_free(ptr); } |