/src/openssl36/crypto/mem.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include "internal/e_os.h" |
11 | | #include "internal/cryptlib.h" |
12 | | #include "internal/mem_alloc_utils.h" |
13 | | #include "crypto/cryptlib.h" |
14 | | #include <stdio.h> |
15 | | #include <stdlib.h> |
16 | | #include <limits.h> |
17 | | #include <openssl/crypto.h> |
18 | | |
19 | | /* |
20 | | * the following pointers may be changed as long as 'allow_customize' is set |
21 | | */ |
22 | | static int allow_customize = 1; |
23 | | static CRYPTO_malloc_fn malloc_impl = CRYPTO_malloc; |
24 | | static CRYPTO_realloc_fn realloc_impl = CRYPTO_realloc; |
25 | | static CRYPTO_free_fn free_impl = CRYPTO_free; |
26 | | |
27 | | #if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODULE) |
28 | | #include "internal/tsan_assist.h" |
29 | | |
30 | | #ifdef TSAN_REQUIRES_LOCKING |
31 | | #define INCREMENT(x) /* empty */ |
32 | | #define LOAD(x) 0 |
33 | | #else /* TSAN_REQUIRES_LOCKING */ |
34 | | static TSAN_QUALIFIER int malloc_count; |
35 | | static TSAN_QUALIFIER int realloc_count; |
36 | | static TSAN_QUALIFIER int free_count; |
37 | | |
38 | | #define INCREMENT(x) tsan_counter(&(x)) |
39 | | #define LOAD(x) tsan_load(&x) |
40 | | #endif /* TSAN_REQUIRES_LOCKING */ |
41 | | |
42 | | static char md_failbuf[CRYPTO_MEM_CHECK_MAX_FS + 1]; |
43 | | static char *md_failstring = NULL; |
44 | | static long md_count; |
45 | | static int md_fail_percent = 0; |
46 | | static int md_tracefd = -1; |
47 | | |
48 | | static void parseit(void); |
49 | | static int shouldfail(void); |
50 | | |
51 | | #define FAILTEST() \ |
52 | | if (shouldfail()) \ |
53 | | return NULL |
54 | | |
55 | | #else |
56 | | |
57 | | #define INCREMENT(x) /* empty */ |
58 | | #define FAILTEST() /* empty */ |
59 | | #endif |
60 | | |
61 | | int CRYPTO_set_mem_functions(CRYPTO_malloc_fn malloc_fn, |
62 | | CRYPTO_realloc_fn realloc_fn, |
63 | | CRYPTO_free_fn free_fn) |
64 | 0 | { |
65 | 0 | if (!allow_customize) |
66 | 0 | return 0; |
67 | 0 | if (malloc_fn != NULL) |
68 | 0 | malloc_impl = malloc_fn; |
69 | 0 | if (realloc_fn != NULL) |
70 | 0 | realloc_impl = realloc_fn; |
71 | 0 | if (free_fn != NULL) |
72 | 0 | free_impl = free_fn; |
73 | 0 | return 1; |
74 | 0 | } |
75 | | |
76 | | void CRYPTO_get_mem_functions(CRYPTO_malloc_fn *malloc_fn, |
77 | | CRYPTO_realloc_fn *realloc_fn, |
78 | | CRYPTO_free_fn *free_fn) |
79 | 0 | { |
80 | 0 | if (malloc_fn != NULL) |
81 | 0 | *malloc_fn = malloc_impl; |
82 | 0 | if (realloc_fn != NULL) |
83 | 0 | *realloc_fn = realloc_impl; |
84 | 0 | if (free_fn != NULL) |
85 | 0 | *free_fn = free_impl; |
86 | 0 | } |
87 | | |
88 | | #if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODULE) |
89 | | void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount) |
90 | | { |
91 | | if (mcount != NULL) |
92 | | *mcount = LOAD(malloc_count); |
93 | | if (rcount != NULL) |
94 | | *rcount = LOAD(realloc_count); |
95 | | if (fcount != NULL) |
96 | | *fcount = LOAD(free_count); |
97 | | } |
98 | | |
99 | | /* |
100 | | * Parse a "malloc failure spec" string. This likes like a set of fields |
101 | | * separated by semicolons. Each field has a count and an optional failure |
102 | | * percentage. For example: |
103 | | * 100@0;100@25;0@0 |
104 | | * or 100;100@25;0 |
105 | | * This means 100 mallocs succeed, then next 100 fail 25% of the time, and |
106 | | * all remaining (count is zero) succeed. |
107 | | * The failure percentge can have 2 digits after the comma. For example: |
108 | | * 0@0.01 |
109 | | * This means 0.01% of all allocations will fail. |
110 | | */ |
111 | | static void parseit(void) |
112 | | { |
113 | | char *semi = strchr(md_failstring, ';'); |
114 | | char *atsign; |
115 | | |
116 | | if (semi != NULL) |
117 | | *semi++ = '\0'; |
118 | | |
119 | | /* Get the count (atol will stop at the @ if there), and percentage */ |
120 | | md_count = atol(md_failstring); |
121 | | atsign = strchr(md_failstring, '@'); |
122 | | md_fail_percent = atsign == NULL ? 0 : (int)(atof(atsign + 1) * 100 + 0.5); |
123 | | |
124 | | if (semi != NULL) |
125 | | md_failstring = semi; |
126 | | } |
127 | | |
128 | | /* |
129 | | * Windows doesn't have random() and srandom(), but it has rand() and srand(). |
130 | | * Some rand() implementations aren't good, but we're not |
131 | | * dealing with secure randomness here. |
132 | | */ |
133 | | #ifdef _WIN32 |
134 | | #define random() rand() |
135 | | #define srandom(seed) srand(seed) |
136 | | #endif |
137 | | /* |
138 | | * See if the current malloc should fail. |
139 | | */ |
140 | | static int shouldfail(void) |
141 | | { |
142 | | int roll = (int)(random() % 10000); |
143 | | int shoulditfail = roll < md_fail_percent; |
144 | | #ifndef _WIN32 |
145 | | /* suppressed on Windows as POSIX-like file descriptors are non-inheritable */ |
146 | | int len; |
147 | | char buff[80]; |
148 | | |
149 | | if (md_tracefd > 0) { |
150 | | BIO_snprintf(buff, sizeof(buff), |
151 | | "%c C%ld %%%d R%d\n", |
152 | | shoulditfail ? '-' : '+', md_count, md_fail_percent, roll); |
153 | | len = strlen(buff); |
154 | | if (write(md_tracefd, buff, len) != len) |
155 | | perror("shouldfail write failed"); |
156 | | } |
157 | | #endif |
158 | | |
159 | | if (md_count) { |
160 | | /* If we used up this one, go to the next. */ |
161 | | if (--md_count == 0) |
162 | | parseit(); |
163 | | } |
164 | | |
165 | | return shoulditfail; |
166 | | } |
167 | | |
168 | | void ossl_malloc_setup_failures(void) |
169 | | { |
170 | | const char *cp = getenv("OPENSSL_MALLOC_FAILURES"); |
171 | | size_t cplen = 0; |
172 | | |
173 | | if (cp != NULL) { |
174 | | /* if the value is too long we'll just ignore it */ |
175 | | cplen = strlen(cp); |
176 | | if (cplen <= CRYPTO_MEM_CHECK_MAX_FS) { |
177 | | strncpy(md_failbuf, cp, CRYPTO_MEM_CHECK_MAX_FS); |
178 | | md_failstring = md_failbuf; |
179 | | parseit(); |
180 | | } |
181 | | } |
182 | | if ((cp = getenv("OPENSSL_MALLOC_FD")) != NULL) |
183 | | md_tracefd = atoi(cp); |
184 | | if ((cp = getenv("OPENSSL_MALLOC_SEED")) != NULL) |
185 | | srandom(atoi(cp)); |
186 | | } |
187 | | #endif |
188 | | |
189 | | void *CRYPTO_malloc(size_t num, const char *file, int line) |
190 | 673M | { |
191 | 673M | void *ptr; |
192 | | |
193 | 673M | INCREMENT(malloc_count); |
194 | 673M | if (malloc_impl != CRYPTO_malloc) { |
195 | 0 | ptr = malloc_impl(num, file, line); |
196 | 0 | if (ptr != NULL || num == 0) |
197 | 0 | return ptr; |
198 | 0 | goto err; |
199 | 0 | } |
200 | | |
201 | 673M | if (ossl_unlikely(num == 0)) |
202 | 91 | return NULL; |
203 | | |
204 | 673M | FAILTEST(); |
205 | 673M | if (allow_customize) { |
206 | | /* |
207 | | * Disallow customization after the first allocation. We only set this |
208 | | * if necessary to avoid a store to the same cache line on every |
209 | | * allocation. |
210 | | */ |
211 | 108 | allow_customize = 0; |
212 | 108 | } |
213 | | |
214 | 673M | ptr = malloc(num); |
215 | 673M | if (ossl_likely(ptr != NULL)) |
216 | 673M | return ptr; |
217 | 0 | err: |
218 | 0 | ossl_report_alloc_err(file, line); |
219 | 0 | return NULL; |
220 | 673M | } |
221 | | |
222 | | void *CRYPTO_zalloc(size_t num, const char *file, int line) |
223 | 776M | { |
224 | 776M | void *ret; |
225 | | |
226 | 776M | ret = CRYPTO_malloc(num, file, line); |
227 | 776M | if (ret != NULL) |
228 | 776M | memset(ret, 0, num); |
229 | | |
230 | 776M | return ret; |
231 | 776M | } |
232 | | |
233 | | void *CRYPTO_aligned_alloc(size_t num, size_t alignment, void **freeptr, |
234 | | const char *file, int line) |
235 | 140 | { |
236 | 140 | size_t alloc_bytes; |
237 | 140 | void *ret; |
238 | | |
239 | 140 | *freeptr = NULL; |
240 | | |
241 | | #if defined(OPENSSL_SMALL_FOOTPRINT) |
242 | | return NULL; |
243 | | #endif |
244 | | |
245 | | /* Ensure that alignment is a power of two */ |
246 | 140 | if (alignment == 0 || (alignment & (alignment - 1)) != 0) { |
247 | 0 | ossl_report_alloc_err_inv(file, line); |
248 | 0 | return NULL; |
249 | 0 | } |
250 | | |
251 | | /* Allow non-malloc() allocations as long as no malloc_impl is provided. */ |
252 | 140 | if (malloc_impl == CRYPTO_malloc) { |
253 | 140 | #if defined(_BSD_SOURCE) || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) |
254 | 140 | int memalign_ret; |
255 | | |
256 | | /* posix_memalign() requires alignment to be at least sizeof(void *) */ |
257 | 140 | if (alignment < sizeof(void *)) |
258 | 0 | alignment = sizeof(void *); |
259 | | |
260 | 140 | if ((memalign_ret = posix_memalign(&ret, alignment, num))) { |
261 | 0 | ret = NULL; |
262 | 0 | switch (memalign_ret) { |
263 | 0 | case EINVAL: |
264 | 0 | ossl_report_alloc_err_inv(file, line); |
265 | 0 | break; |
266 | 0 | case ENOMEM: |
267 | 0 | ossl_report_alloc_err(file, line); |
268 | 0 | break; |
269 | 0 | } |
270 | 0 | } |
271 | 140 | *freeptr = ret; |
272 | 140 | return ret; |
273 | 140 | #endif |
274 | 140 | } |
275 | | |
276 | | /* we have to do this the hard way */ |
277 | | |
278 | | /* |
279 | | * Note: Windows supports an _aligned_malloc call, but we choose |
280 | | * not to use it here, because allocations from that function |
281 | | * require that they be freed via _aligned_free. Given that |
282 | | * we can't differentiate plain malloc blocks from blocks obtained |
283 | | * via _aligned_malloc, just avoid its use entirely |
284 | | */ |
285 | | |
286 | 0 | if (ossl_unlikely(!ossl_size_add(num, alignment, &alloc_bytes, file, line))) |
287 | 0 | return NULL; |
288 | | |
289 | | /* |
290 | | * Step 1: Allocate an amount of memory that is <alignment> |
291 | | * bytes bigger than requested |
292 | | */ |
293 | 0 | *freeptr = CRYPTO_malloc(alloc_bytes, file, line); |
294 | 0 | if (*freeptr == NULL) |
295 | 0 | return NULL; |
296 | | |
297 | | /* |
298 | | * Step 2: Add <alignment - 1> bytes to the pointer |
299 | | * This will cross the alignment boundary that is |
300 | | * requested |
301 | | */ |
302 | 0 | ret = (void *)((char *)*freeptr + (alignment - 1)); |
303 | | |
304 | | /* |
305 | | * Step 3: Use the alignment as a mask to translate the |
306 | | * least significant bits of the allocation at the alignment |
307 | | * boundary to 0. ret now holds a pointer to the memory |
308 | | * buffer at the requested alignment |
309 | | * NOTE: It is a documented requirement that alignment be a |
310 | | * power of 2, which is what allows this to work |
311 | | */ |
312 | 0 | ret = (void *)((uintptr_t)ret & (uintptr_t)(~(alignment - 1))); |
313 | 0 | return ret; |
314 | 0 | } |
315 | | |
316 | | void *CRYPTO_realloc(void *str, size_t num, const char *file, int line) |
317 | 35.7M | { |
318 | 35.7M | void *ret; |
319 | | |
320 | 35.7M | INCREMENT(realloc_count); |
321 | 35.7M | if (realloc_impl != CRYPTO_realloc) { |
322 | 0 | ret = realloc_impl(str, num, file, line); |
323 | |
|
324 | 0 | if (num == 0 || ret != NULL) |
325 | 0 | return ret; |
326 | | |
327 | 0 | goto err; |
328 | 0 | } |
329 | | |
330 | 35.7M | if (str == NULL) |
331 | 30.7M | return CRYPTO_malloc(num, file, line); |
332 | | |
333 | 5.06M | if (num == 0) { |
334 | 0 | CRYPTO_free(str, file, line); |
335 | 0 | return NULL; |
336 | 0 | } |
337 | | |
338 | 5.06M | FAILTEST(); |
339 | 5.06M | ret = realloc(str, num); |
340 | | |
341 | 5.06M | err: |
342 | 5.06M | if (num != 0 && ret == NULL) |
343 | 0 | ossl_report_alloc_err(file, line); |
344 | | |
345 | 5.06M | return ret; |
346 | 5.06M | } |
347 | | |
348 | | void *CRYPTO_clear_realloc(void *str, size_t old_len, size_t num, |
349 | | const char *file, int line) |
350 | 34.7M | { |
351 | 34.7M | void *ret = NULL; |
352 | | |
353 | 34.7M | if (str == NULL) |
354 | 14.8M | return CRYPTO_malloc(num, file, line); |
355 | | |
356 | 19.8M | if (num == 0) { |
357 | 0 | CRYPTO_clear_free(str, old_len, file, line); |
358 | 0 | return NULL; |
359 | 0 | } |
360 | | |
361 | | /* Can't shrink the buffer since memcpy below copies |old_len| bytes. */ |
362 | 19.8M | if (num < old_len) { |
363 | 0 | OPENSSL_cleanse((char *)str + num, old_len - num); |
364 | 0 | return str; |
365 | 0 | } |
366 | | |
367 | 19.8M | ret = CRYPTO_malloc(num, file, line); |
368 | 19.8M | if (ret != NULL) { |
369 | 19.8M | memcpy(ret, str, old_len); |
370 | 19.8M | CRYPTO_clear_free(str, old_len, file, line); |
371 | 19.8M | } |
372 | 19.8M | return ret; |
373 | 19.8M | } |
374 | | |
375 | | void CRYPTO_free(void *str, const char *file, int line) |
376 | 5.91G | { |
377 | 5.91G | INCREMENT(free_count); |
378 | 5.91G | if (free_impl != CRYPTO_free) { |
379 | 0 | free_impl(str, file, line); |
380 | 0 | return; |
381 | 0 | } |
382 | | |
383 | 5.91G | free(str); |
384 | 5.91G | } |
385 | | |
386 | | void CRYPTO_clear_free(void *str, size_t num, const char *file, int line) |
387 | 98.5M | { |
388 | 98.5M | if (str == NULL) |
389 | 10.4M | return; |
390 | 88.0M | if (num) |
391 | 88.0M | OPENSSL_cleanse(str, num); |
392 | 88.0M | CRYPTO_free(str, file, line); |
393 | 88.0M | } |
394 | | |
395 | | #if !defined(OPENSSL_NO_CRYPTO_MDEBUG) |
396 | | |
397 | | #ifndef OPENSSL_NO_DEPRECATED_3_0 |
398 | | int CRYPTO_mem_ctrl(int mode) |
399 | | { |
400 | | (void)mode; |
401 | | return -1; |
402 | | } |
403 | | |
404 | | int CRYPTO_set_mem_debug(int flag) |
405 | | { |
406 | | (void)flag; |
407 | | return -1; |
408 | | } |
409 | | |
410 | | int CRYPTO_mem_debug_push(const char *info, const char *file, int line) |
411 | | { |
412 | | (void)info; |
413 | | (void)file; |
414 | | (void)line; |
415 | | return 0; |
416 | | } |
417 | | |
418 | | int CRYPTO_mem_debug_pop(void) |
419 | | { |
420 | | return 0; |
421 | | } |
422 | | |
423 | | void CRYPTO_mem_debug_malloc(void *addr, size_t num, int flag, |
424 | | const char *file, int line) |
425 | | { |
426 | | (void)addr; |
427 | | (void)num; |
428 | | (void)flag; |
429 | | (void)file; |
430 | | (void)line; |
431 | | } |
432 | | |
433 | | void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num, int flag, |
434 | | const char *file, int line) |
435 | | { |
436 | | (void)addr1; |
437 | | (void)addr2; |
438 | | (void)num; |
439 | | (void)flag; |
440 | | (void)file; |
441 | | (void)line; |
442 | | } |
443 | | |
444 | | void CRYPTO_mem_debug_free(void *addr, int flag, |
445 | | const char *file, int line) |
446 | | { |
447 | | (void)addr; |
448 | | (void)flag; |
449 | | (void)file; |
450 | | (void)line; |
451 | | } |
452 | | |
453 | | int CRYPTO_mem_leaks(BIO *b) |
454 | | { |
455 | | (void)b; |
456 | | return -1; |
457 | | } |
458 | | |
459 | | #ifndef OPENSSL_NO_STDIO |
460 | | int CRYPTO_mem_leaks_fp(FILE *fp) |
461 | | { |
462 | | (void)fp; |
463 | | return -1; |
464 | | } |
465 | | #endif |
466 | | |
467 | | int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u), |
468 | | void *u) |
469 | | { |
470 | | (void)cb; |
471 | | (void)u; |
472 | | return -1; |
473 | | } |
474 | | |
475 | | #endif |
476 | | |
477 | | #endif |