Coverage Report

Created: 2024-11-21 07:03

/src/openssl/crypto/mem.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
3
 *
4
 * Licensed under the Apache License 2.0 (the "License").  You may not use
5
 * this file except in compliance with the License.  You can obtain a copy
6
 * in the file LICENSE in the source distribution or at
7
 * https://www.openssl.org/source/license.html
8
 */
9
10
#include "internal/e_os.h"
11
#include "internal/cryptlib.h"
12
#include "crypto/cryptlib.h"
13
#include <stdio.h>
14
#include <stdlib.h>
15
#include <limits.h>
16
#include <openssl/crypto.h>
17
18
/*
19
 * the following pointers may be changed as long as 'allow_customize' is set
20
 */
21
static int allow_customize = 1;
22
static CRYPTO_malloc_fn malloc_impl = CRYPTO_malloc;
23
static CRYPTO_realloc_fn realloc_impl = CRYPTO_realloc;
24
static CRYPTO_free_fn free_impl = CRYPTO_free;
25
26
#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODULE)
27
# include "internal/tsan_assist.h"
28
29
# ifdef TSAN_REQUIRES_LOCKING
30
#  define INCREMENT(x) /* empty */
31
#  define LOAD(x) 0
32
# else  /* TSAN_REQUIRES_LOCKING */
33
static TSAN_QUALIFIER int malloc_count;
34
static TSAN_QUALIFIER int realloc_count;
35
static TSAN_QUALIFIER int free_count;
36
37
#  define INCREMENT(x) tsan_counter(&(x))
38
#  define LOAD(x)      tsan_load(&x)
39
# endif /* TSAN_REQUIRES_LOCKING */
40
41
static char *md_failstring;
42
static long md_count;
43
static int md_fail_percent = 0;
44
static int md_tracefd = -1;
45
46
static void parseit(void);
47
static int shouldfail(void);
48
49
# define FAILTEST() if (shouldfail()) return NULL
50
51
#else
52
53
# define INCREMENT(x) /* empty */
54
# define FAILTEST() /* empty */
55
#endif
56
57
int CRYPTO_set_mem_functions(CRYPTO_malloc_fn malloc_fn,
58
                             CRYPTO_realloc_fn realloc_fn,
59
                             CRYPTO_free_fn free_fn)
60
4
{
61
4
    if (!allow_customize)
62
0
        return 0;
63
4
    if (malloc_fn != NULL)
64
4
        malloc_impl = malloc_fn;
65
4
    if (realloc_fn != NULL)
66
4
        realloc_impl = realloc_fn;
67
4
    if (free_fn != NULL)
68
4
        free_impl = free_fn;
69
4
    return 1;
70
4
}
71
72
void CRYPTO_get_mem_functions(CRYPTO_malloc_fn *malloc_fn,
73
                              CRYPTO_realloc_fn *realloc_fn,
74
                              CRYPTO_free_fn *free_fn)
75
0
{
76
0
    if (malloc_fn != NULL)
77
0
        *malloc_fn = malloc_impl;
78
0
    if (realloc_fn != NULL)
79
0
        *realloc_fn = realloc_impl;
80
0
    if (free_fn != NULL)
81
0
        *free_fn = free_impl;
82
0
}
83
84
#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODULE)
85
void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount)
86
{
87
    if (mcount != NULL)
88
        *mcount = LOAD(malloc_count);
89
    if (rcount != NULL)
90
        *rcount = LOAD(realloc_count);
91
    if (fcount != NULL)
92
        *fcount = LOAD(free_count);
93
}
94
95
/*
96
 * Parse a "malloc failure spec" string.  This likes like a set of fields
97
 * separated by semicolons.  Each field has a count and an optional failure
98
 * percentage.  For example:
99
 *          100@0;100@25;0@0
100
 *    or    100;100@25;0
101
 * This means 100 mallocs succeed, then next 100 fail 25% of the time, and
102
 * all remaining (count is zero) succeed.
103
 * The failure percentge can have 2 digits after the comma.  For example:
104
 *          0@0.01
105
 * This means 0.01% of all allocations will fail.
106
 */
107
static void parseit(void)
108
{
109
    char *semi = strchr(md_failstring, ';');
110
    char *atsign;
111
112
    if (semi != NULL)
113
        *semi++ = '\0';
114
115
    /* Get the count (atol will stop at the @ if there), and percentage */
116
    md_count = atol(md_failstring);
117
    atsign = strchr(md_failstring, '@');
118
    md_fail_percent = atsign == NULL ? 0 : (int)(atof(atsign + 1) * 100 + 0.5);
119
120
    if (semi != NULL)
121
        md_failstring = semi;
122
}
123
124
/*
125
 * Windows doesn't have random() and srandom(), but it has rand() and srand().
126
 * Some rand() implementations aren't good, but we're not
127
 * dealing with secure randomness here.
128
 */
129
# ifdef _WIN32
130
#  define random() rand()
131
#  define srandom(seed) srand(seed)
132
# endif
133
/*
134
 * See if the current malloc should fail.
135
 */
136
static int shouldfail(void)
137
{
138
    int roll = (int)(random() % 10000);
139
    int shoulditfail = roll < md_fail_percent;
140
# ifndef _WIN32
141
/* suppressed on Windows as POSIX-like file descriptors are non-inheritable */
142
    int len;
143
    char buff[80];
144
145
    if (md_tracefd > 0) {
146
        BIO_snprintf(buff, sizeof(buff),
147
                     "%c C%ld %%%d R%d\n",
148
                     shoulditfail ? '-' : '+', md_count, md_fail_percent, roll);
149
        len = strlen(buff);
150
        if (write(md_tracefd, buff, len) != len)
151
            perror("shouldfail write failed");
152
    }
153
# endif
154
155
    if (md_count) {
156
        /* If we used up this one, go to the next. */
157
        if (--md_count == 0)
158
            parseit();
159
    }
160
161
    return shoulditfail;
162
}
163
164
void ossl_malloc_setup_failures(void)
165
{
166
    const char *cp = getenv("OPENSSL_MALLOC_FAILURES");
167
168
    if (cp != NULL && (md_failstring = strdup(cp)) != NULL)
169
        parseit();
170
    if ((cp = getenv("OPENSSL_MALLOC_FD")) != NULL)
171
        md_tracefd = atoi(cp);
172
    if ((cp = getenv("OPENSSL_MALLOC_SEED")) != NULL)
173
        srandom(atoi(cp));
174
}
175
#endif
176
177
void *CRYPTO_malloc(size_t num, const char *file, int line)
178
4.80M
{
179
4.80M
    void *ptr;
180
181
4.80M
    INCREMENT(malloc_count);
182
4.80M
    if (malloc_impl != CRYPTO_malloc) {
183
4.80M
        ptr = malloc_impl(num, file, line);
184
4.80M
        if (ptr != NULL || num == 0)
185
4.80M
            return ptr;
186
0
        goto err;
187
4.80M
    }
188
189
0
    if (num == 0)
190
0
        return NULL;
191
192
0
    FAILTEST();
193
0
    if (allow_customize) {
194
        /*
195
         * Disallow customization after the first allocation. We only set this
196
         * if necessary to avoid a store to the same cache line on every
197
         * allocation.
198
         */
199
0
        allow_customize = 0;
200
0
    }
201
202
0
    ptr = malloc(num);
203
0
    if (ptr != NULL)
204
0
        return ptr;
205
0
 err:
206
    /*
207
     * ossl_err_get_state_int() in err.c uses CRYPTO_zalloc(num, NULL, 0) for
208
     * ERR_STATE allocation. Prevent mem alloc error loop while reporting error.
209
     */
210
0
    if (file != NULL || line != 0) {
211
0
        ERR_new();
212
0
        ERR_set_debug(file, line, NULL);
213
0
        ERR_set_error(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE, NULL);
214
0
    }
215
0
    return NULL;
216
0
}
217
218
void *CRYPTO_zalloc(size_t num, const char *file, int line)
219
3.80M
{
220
3.80M
    void *ret;
221
222
3.80M
    ret = CRYPTO_malloc(num, file, line);
223
3.80M
    if (ret != NULL)
224
3.80M
        memset(ret, 0, num);
225
226
3.80M
    return ret;
227
3.80M
}
228
229
void *CRYPTO_aligned_alloc(size_t num, size_t alignment, void **freeptr,
230
                           const char *file, int line)
231
8
{
232
8
    void *ret;
233
234
8
    *freeptr = NULL;
235
236
#if defined(OPENSSL_SMALL_FOOTPRINT)
237
    ret = freeptr = NULL;
238
    return ret;
239
#endif
240
241
    /* Allow non-malloc() allocations as long as no malloc_impl is provided. */
242
8
    if (malloc_impl == CRYPTO_malloc) {
243
0
#if defined(_BSD_SOURCE) || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L)
244
0
        if (posix_memalign(&ret, alignment, num))
245
0
            return NULL;
246
0
        *freeptr = ret;
247
0
        return ret;
248
#elif defined(_ISOC11_SOURCE)
249
        ret = *freeptr = aligned_alloc(alignment, num);
250
        return ret;
251
#endif
252
0
    }
253
254
    /* we have to do this the hard way */
255
256
    /*
257
     * Note: Windows supports an _aligned_malloc call, but we choose
258
     * not to use it here, because allocations from that function
259
     * require that they be freed via _aligned_free.  Given that
260
     * we can't differentiate plain malloc blocks from blocks obtained
261
     * via _aligned_malloc, just avoid its use entirely
262
     */
263
264
    /*
265
     * Step 1: Allocate an amount of memory that is <alignment>
266
     * bytes bigger than requested
267
     */
268
8
    *freeptr = CRYPTO_malloc(num + alignment, file, line);
269
8
    if (*freeptr == NULL)
270
0
        return NULL;
271
272
    /*
273
     * Step 2: Add <alignment - 1> bytes to the pointer
274
     * This will cross the alignment boundary that is
275
     * requested
276
     */
277
8
    ret = (void *)((char *)*freeptr + (alignment - 1));
278
279
    /*
280
     * Step 3: Use the alignment as a mask to translate the
281
     * least significant bits of the allocation at the alignment
282
     * boundary to 0.  ret now holds a pointer to the memory
283
     * buffer at the requested alignment
284
     * NOTE: It is a documented requirement that alignment be a
285
     * power of 2, which is what allows this to work
286
     */
287
8
    ret = (void *)((uintptr_t)ret & (uintptr_t)(~(alignment - 1)));
288
8
    return ret;
289
8
}
290
291
void *CRYPTO_realloc(void *str, size_t num, const char *file, int line)
292
15.4k
{
293
15.4k
    INCREMENT(realloc_count);
294
15.4k
    if (realloc_impl != CRYPTO_realloc)
295
15.4k
        return realloc_impl(str, num, file, line);
296
297
0
    if (str == NULL)
298
0
        return CRYPTO_malloc(num, file, line);
299
300
0
    if (num == 0) {
301
0
        CRYPTO_free(str, file, line);
302
0
        return NULL;
303
0
    }
304
305
0
    FAILTEST();
306
0
    return realloc(str, num);
307
0
}
308
309
void *CRYPTO_clear_realloc(void *str, size_t old_len, size_t num,
310
                           const char *file, int line)
311
55
{
312
55
    void *ret = NULL;
313
314
55
    if (str == NULL)
315
55
        return CRYPTO_malloc(num, file, line);
316
317
0
    if (num == 0) {
318
0
        CRYPTO_clear_free(str, old_len, file, line);
319
0
        return NULL;
320
0
    }
321
322
    /* Can't shrink the buffer since memcpy below copies |old_len| bytes. */
323
0
    if (num < old_len) {
324
0
        OPENSSL_cleanse((char*)str + num, old_len - num);
325
0
        return str;
326
0
    }
327
328
0
    ret = CRYPTO_malloc(num, file, line);
329
0
    if (ret != NULL) {
330
0
        memcpy(ret, str, old_len);
331
0
        CRYPTO_clear_free(str, old_len, file, line);
332
0
    }
333
0
    return ret;
334
0
}
335
336
void CRYPTO_free(void *str, const char *file, int line)
337
5.37M
{
338
5.37M
    INCREMENT(free_count);
339
5.37M
    if (free_impl != CRYPTO_free) {
340
5.37M
        free_impl(str, file, line);
341
5.37M
        return;
342
5.37M
    }
343
344
0
    free(str);
345
0
}
346
347
void CRYPTO_clear_free(void *str, size_t num, const char *file, int line)
348
2.03M
{
349
2.03M
    if (str == NULL)
350
4.00k
        return;
351
2.02M
    if (num)
352
2.02M
        OPENSSL_cleanse(str, num);
353
2.02M
    CRYPTO_free(str, file, line);
354
2.02M
}
355
356
#if !defined(OPENSSL_NO_CRYPTO_MDEBUG)
357
358
# ifndef OPENSSL_NO_DEPRECATED_3_0
359
int CRYPTO_mem_ctrl(int mode)
360
{
361
    (void)mode;
362
    return -1;
363
}
364
365
int CRYPTO_set_mem_debug(int flag)
366
{
367
    (void)flag;
368
    return -1;
369
}
370
371
int CRYPTO_mem_debug_push(const char *info, const char *file, int line)
372
{
373
    (void)info; (void)file; (void)line;
374
    return 0;
375
}
376
377
int CRYPTO_mem_debug_pop(void)
378
{
379
    return 0;
380
}
381
382
void CRYPTO_mem_debug_malloc(void *addr, size_t num, int flag,
383
                             const char *file, int line)
384
{
385
    (void)addr; (void)num; (void)flag; (void)file; (void)line;
386
}
387
388
void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num, int flag,
389
                              const char *file, int line)
390
{
391
    (void)addr1; (void)addr2; (void)num; (void)flag; (void)file; (void)line;
392
}
393
394
void CRYPTO_mem_debug_free(void *addr, int flag,
395
                           const char *file, int line)
396
{
397
    (void)addr; (void)flag; (void)file; (void)line;
398
}
399
400
int CRYPTO_mem_leaks(BIO *b)
401
{
402
    (void)b;
403
    return -1;
404
}
405
406
#  ifndef OPENSSL_NO_STDIO
407
int CRYPTO_mem_leaks_fp(FILE *fp)
408
{
409
    (void)fp;
410
    return -1;
411
}
412
#  endif
413
414
int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u),
415
                        void *u)
416
{
417
    (void)cb; (void)u;
418
    return -1;
419
}
420
421
# endif
422
423
#endif