1 /*
2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include "internal/e_os.h"
11 #include "internal/cryptlib.h"
12 #include "crypto/cryptlib.h"
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <limits.h>
16 #include <openssl/crypto.h>
17
18 /*
19 * the following pointers may be changed as long as 'allow_customize' is set
20 */
21 static int allow_customize = 1;
22 static CRYPTO_malloc_fn malloc_impl = CRYPTO_malloc;
23 static CRYPTO_realloc_fn realloc_impl = CRYPTO_realloc;
24 static CRYPTO_free_fn free_impl = CRYPTO_free;
25
26 #if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODULE)
27 # include "internal/tsan_assist.h"
28
29 # ifdef TSAN_REQUIRES_LOCKING
30 # define INCREMENT(x) /* empty */
31 # define LOAD(x) 0
32 # else /* TSAN_REQUIRES_LOCKING */
33 static TSAN_QUALIFIER int malloc_count;
34 static TSAN_QUALIFIER int realloc_count;
35 static TSAN_QUALIFIER int free_count;
36
37 # define INCREMENT(x) tsan_counter(&(x))
38 # define LOAD(x) tsan_load(&x)
39 # endif /* TSAN_REQUIRES_LOCKING */
40
41 static char *md_failstring;
42 static long md_count;
43 static int md_fail_percent = 0;
44 static int md_tracefd = -1;
45
46 static void parseit(void);
47 static int shouldfail(void);
48
49 # define FAILTEST() if (shouldfail()) return NULL
50
51 #else
52
53 # define INCREMENT(x) /* empty */
54 # define FAILTEST() /* empty */
55 #endif
56
CRYPTO_set_mem_functions(CRYPTO_malloc_fn malloc_fn,CRYPTO_realloc_fn realloc_fn,CRYPTO_free_fn free_fn)57 int CRYPTO_set_mem_functions(CRYPTO_malloc_fn malloc_fn,
58 CRYPTO_realloc_fn realloc_fn,
59 CRYPTO_free_fn free_fn)
60 {
61 if (!allow_customize)
62 return 0;
63 if (malloc_fn != NULL)
64 malloc_impl = malloc_fn;
65 if (realloc_fn != NULL)
66 realloc_impl = realloc_fn;
67 if (free_fn != NULL)
68 free_impl = free_fn;
69 return 1;
70 }
71
CRYPTO_get_mem_functions(CRYPTO_malloc_fn * malloc_fn,CRYPTO_realloc_fn * realloc_fn,CRYPTO_free_fn * free_fn)72 void CRYPTO_get_mem_functions(CRYPTO_malloc_fn *malloc_fn,
73 CRYPTO_realloc_fn *realloc_fn,
74 CRYPTO_free_fn *free_fn)
75 {
76 if (malloc_fn != NULL)
77 *malloc_fn = malloc_impl;
78 if (realloc_fn != NULL)
79 *realloc_fn = realloc_impl;
80 if (free_fn != NULL)
81 *free_fn = free_impl;
82 }
83
84 #if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODULE)
CRYPTO_get_alloc_counts(int * mcount,int * rcount,int * fcount)85 void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount)
86 {
87 if (mcount != NULL)
88 *mcount = LOAD(malloc_count);
89 if (rcount != NULL)
90 *rcount = LOAD(realloc_count);
91 if (fcount != NULL)
92 *fcount = LOAD(free_count);
93 }
94
95 /*
96 * Parse a "malloc failure spec" string. This likes like a set of fields
97 * separated by semicolons. Each field has a count and an optional failure
98 * percentage. For example:
99 * 100@0;100@25;0@0
100 * or 100;100@25;0
101 * This means 100 mallocs succeed, then next 100 fail 25% of the time, and
102 * all remaining (count is zero) succeed.
103 * The failure percentge can have 2 digits after the comma. For example:
104 * 0@0.01
105 * This means 0.01% of all allocations will fail.
106 */
parseit(void)107 static void parseit(void)
108 {
109 char *semi = strchr(md_failstring, ';');
110 char *atsign;
111
112 if (semi != NULL)
113 *semi++ = '\0';
114
115 /* Get the count (atol will stop at the @ if there), and percentage */
116 md_count = atol(md_failstring);
117 atsign = strchr(md_failstring, '@');
118 md_fail_percent = atsign == NULL ? 0 : (int)(atof(atsign + 1) * 100 + 0.5);
119
120 if (semi != NULL)
121 md_failstring = semi;
122 }
123
124 /*
125 * Windows doesn't have random() and srandom(), but it has rand() and srand().
126 * Some rand() implementations aren't good, but we're not
127 * dealing with secure randomness here.
128 */
129 # ifdef _WIN32
130 # define random() rand()
131 # define srandom(seed) srand(seed)
132 # endif
133 /*
134 * See if the current malloc should fail.
135 */
shouldfail(void)136 static int shouldfail(void)
137 {
138 int roll = (int)(random() % 10000);
139 int shoulditfail = roll < md_fail_percent;
140 # ifndef _WIN32
141 /* suppressed on Windows as POSIX-like file descriptors are non-inheritable */
142 int len;
143 char buff[80];
144
145 if (md_tracefd > 0) {
146 BIO_snprintf(buff, sizeof(buff),
147 "%c C%ld %%%d R%d\n",
148 shoulditfail ? '-' : '+', md_count, md_fail_percent, roll);
149 len = strlen(buff);
150 if (write(md_tracefd, buff, len) != len)
151 perror("shouldfail write failed");
152 }
153 # endif
154
155 if (md_count) {
156 /* If we used up this one, go to the next. */
157 if (--md_count == 0)
158 parseit();
159 }
160
161 return shoulditfail;
162 }
163
ossl_malloc_setup_failures(void)164 void ossl_malloc_setup_failures(void)
165 {
166 const char *cp = getenv("OPENSSL_MALLOC_FAILURES");
167
168 if (cp != NULL && (md_failstring = strdup(cp)) != NULL)
169 parseit();
170 if ((cp = getenv("OPENSSL_MALLOC_FD")) != NULL)
171 md_tracefd = atoi(cp);
172 if ((cp = getenv("OPENSSL_MALLOC_SEED")) != NULL)
173 srandom(atoi(cp));
174 }
175 #endif
176
CRYPTO_malloc(size_t num,const char * file,int line)177 void *CRYPTO_malloc(size_t num, const char *file, int line)
178 {
179 void *ptr;
180
181 INCREMENT(malloc_count);
182 if (malloc_impl != CRYPTO_malloc) {
183 ptr = malloc_impl(num, file, line);
184 if (ptr != NULL || num == 0)
185 return ptr;
186 goto err;
187 }
188
189 if (num == 0)
190 return NULL;
191
192 FAILTEST();
193 if (allow_customize) {
194 /*
195 * Disallow customization after the first allocation. We only set this
196 * if necessary to avoid a store to the same cache line on every
197 * allocation.
198 */
199 allow_customize = 0;
200 }
201
202 ptr = malloc(num);
203 if (ptr != NULL)
204 return ptr;
205 err:
206 /*
207 * ossl_err_get_state_int() in err.c uses CRYPTO_zalloc(num, NULL, 0) for
208 * ERR_STATE allocation. Prevent mem alloc error loop while reporting error.
209 */
210 if (file != NULL || line != 0) {
211 ERR_new();
212 ERR_set_debug(file, line, NULL);
213 ERR_set_error(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE, NULL);
214 }
215 return NULL;
216 }
217
CRYPTO_zalloc(size_t num,const char * file,int line)218 void *CRYPTO_zalloc(size_t num, const char *file, int line)
219 {
220 void *ret;
221
222 ret = CRYPTO_malloc(num, file, line);
223 if (ret != NULL)
224 memset(ret, 0, num);
225
226 return ret;
227 }
228
CRYPTO_aligned_alloc(size_t num,size_t alignment,void ** freeptr,const char * file,int line)229 void *CRYPTO_aligned_alloc(size_t num, size_t alignment, void **freeptr,
230 const char *file, int line)
231 {
232 void *ret;
233
234 *freeptr = NULL;
235
236 #if defined(OPENSSL_SMALL_FOOTPRINT)
237 ret = freeptr = NULL;
238 return ret;
239 #endif
240
241 /* Allow non-malloc() allocations as long as no malloc_impl is provided. */
242 if (malloc_impl == CRYPTO_malloc) {
243 #if defined(_BSD_SOURCE) || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L)
244 if (posix_memalign(&ret, alignment, num))
245 return NULL;
246 *freeptr = ret;
247 return ret;
248 #elif defined(_ISOC11_SOURCE)
249 ret = *freeptr = aligned_alloc(alignment, num);
250 return ret;
251 #endif
252 }
253
254 /* we have to do this the hard way */
255
256 /*
257 * Note: Windows supports an _aligned_malloc call, but we choose
258 * not to use it here, because allocations from that function
259 * require that they be freed via _aligned_free. Given that
260 * we can't differentiate plain malloc blocks from blocks obtained
261 * via _aligned_malloc, just avoid its use entirely
262 */
263
264 /*
265 * Step 1: Allocate an amount of memory that is <alignment>
266 * bytes bigger than requested
267 */
268 *freeptr = CRYPTO_malloc(num + alignment, file, line);
269 if (*freeptr == NULL)
270 return NULL;
271
272 /*
273 * Step 2: Add <alignment - 1> bytes to the pointer
274 * This will cross the alignment boundary that is
275 * requested
276 */
277 ret = (void *)((char *)*freeptr + (alignment - 1));
278
279 /*
280 * Step 3: Use the alignment as a mask to translate the
281 * least significant bits of the allocation at the alignment
282 * boundary to 0. ret now holds a pointer to the memory
283 * buffer at the requested alignment
284 * NOTE: It is a documented requirement that alignment be a
285 * power of 2, which is what allows this to work
286 */
287 ret = (void *)((uintptr_t)ret & (uintptr_t)(~(alignment - 1)));
288 return ret;
289 }
290
CRYPTO_realloc(void * str,size_t num,const char * file,int line)291 void *CRYPTO_realloc(void *str, size_t num, const char *file, int line)
292 {
293 INCREMENT(realloc_count);
294 if (realloc_impl != CRYPTO_realloc)
295 return realloc_impl(str, num, file, line);
296
297 if (str == NULL)
298 return CRYPTO_malloc(num, file, line);
299
300 if (num == 0) {
301 CRYPTO_free(str, file, line);
302 return NULL;
303 }
304
305 FAILTEST();
306 return realloc(str, num);
307 }
308
CRYPTO_clear_realloc(void * str,size_t old_len,size_t num,const char * file,int line)309 void *CRYPTO_clear_realloc(void *str, size_t old_len, size_t num,
310 const char *file, int line)
311 {
312 void *ret = NULL;
313
314 if (str == NULL)
315 return CRYPTO_malloc(num, file, line);
316
317 if (num == 0) {
318 CRYPTO_clear_free(str, old_len, file, line);
319 return NULL;
320 }
321
322 /* Can't shrink the buffer since memcpy below copies |old_len| bytes. */
323 if (num < old_len) {
324 OPENSSL_cleanse((char*)str + num, old_len - num);
325 return str;
326 }
327
328 ret = CRYPTO_malloc(num, file, line);
329 if (ret != NULL) {
330 memcpy(ret, str, old_len);
331 CRYPTO_clear_free(str, old_len, file, line);
332 }
333 return ret;
334 }
335
CRYPTO_free(void * str,const char * file,int line)336 void CRYPTO_free(void *str, const char *file, int line)
337 {
338 INCREMENT(free_count);
339 if (free_impl != CRYPTO_free) {
340 free_impl(str, file, line);
341 return;
342 }
343
344 free(str);
345 }
346
CRYPTO_clear_free(void * str,size_t num,const char * file,int line)347 void CRYPTO_clear_free(void *str, size_t num, const char *file, int line)
348 {
349 if (str == NULL)
350 return;
351 if (num)
352 OPENSSL_cleanse(str, num);
353 CRYPTO_free(str, file, line);
354 }
355
356 #if !defined(OPENSSL_NO_CRYPTO_MDEBUG)
357
358 # ifndef OPENSSL_NO_DEPRECATED_3_0
CRYPTO_mem_ctrl(int mode)359 int CRYPTO_mem_ctrl(int mode)
360 {
361 (void)mode;
362 return -1;
363 }
364
CRYPTO_set_mem_debug(int flag)365 int CRYPTO_set_mem_debug(int flag)
366 {
367 (void)flag;
368 return -1;
369 }
370
CRYPTO_mem_debug_push(const char * info,const char * file,int line)371 int CRYPTO_mem_debug_push(const char *info, const char *file, int line)
372 {
373 (void)info; (void)file; (void)line;
374 return 0;
375 }
376
CRYPTO_mem_debug_pop(void)377 int CRYPTO_mem_debug_pop(void)
378 {
379 return 0;
380 }
381
CRYPTO_mem_debug_malloc(void * addr,size_t num,int flag,const char * file,int line)382 void CRYPTO_mem_debug_malloc(void *addr, size_t num, int flag,
383 const char *file, int line)
384 {
385 (void)addr; (void)num; (void)flag; (void)file; (void)line;
386 }
387
CRYPTO_mem_debug_realloc(void * addr1,void * addr2,size_t num,int flag,const char * file,int line)388 void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num, int flag,
389 const char *file, int line)
390 {
391 (void)addr1; (void)addr2; (void)num; (void)flag; (void)file; (void)line;
392 }
393
CRYPTO_mem_debug_free(void * addr,int flag,const char * file,int line)394 void CRYPTO_mem_debug_free(void *addr, int flag,
395 const char *file, int line)
396 {
397 (void)addr; (void)flag; (void)file; (void)line;
398 }
399
CRYPTO_mem_leaks(BIO * b)400 int CRYPTO_mem_leaks(BIO *b)
401 {
402 (void)b;
403 return -1;
404 }
405
406 # ifndef OPENSSL_NO_STDIO
CRYPTO_mem_leaks_fp(FILE * fp)407 int CRYPTO_mem_leaks_fp(FILE *fp)
408 {
409 (void)fp;
410 return -1;
411 }
412 # endif
413
CRYPTO_mem_leaks_cb(int (* cb)(const char * str,size_t len,void * u),void * u)414 int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u),
415 void *u)
416 {
417 (void)cb; (void)u;
418 return -1;
419 }
420
421 # endif
422
423 #endif
424
