1 /*
2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include "internal/e_os.h"
11 #include "internal/cryptlib.h"
12 #include "crypto/cryptlib.h"
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <limits.h>
16 #include <openssl/crypto.h>
17
18 /*
19 * the following pointers may be changed as long as 'allow_customize' is set
20 */
21 static int allow_customize = 1;
22 static CRYPTO_malloc_fn malloc_impl = CRYPTO_malloc;
23 static CRYPTO_realloc_fn realloc_impl = CRYPTO_realloc;
24 static CRYPTO_free_fn free_impl = CRYPTO_free;
25
26 #if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODULE)
27 #include "internal/tsan_assist.h"
28
29 #ifdef TSAN_REQUIRES_LOCKING
30 #define INCREMENT(x) /* empty */
31 #define LOAD(x) 0
32 #else /* TSAN_REQUIRES_LOCKING */
33 static TSAN_QUALIFIER int malloc_count;
34 static TSAN_QUALIFIER int realloc_count;
35 static TSAN_QUALIFIER int free_count;
36
37 #define INCREMENT(x) tsan_counter(&(x))
38 #define LOAD(x) tsan_load(&x)
39 #endif /* TSAN_REQUIRES_LOCKING */
40
41 static char md_failbuf[CRYPTO_MEM_CHECK_MAX_FS + 1];
42 static char *md_failstring = NULL;
43 static long md_count;
44 static int md_fail_percent = 0;
45 static int md_tracefd = -1;
46
47 static void parseit(void);
48 static int shouldfail(void);
49
50 #define FAILTEST() \
51 if (shouldfail()) \
52 return NULL
53
54 #else
55
56 #define INCREMENT(x) /* empty */
57 #define FAILTEST() /* empty */
58 #endif
59
CRYPTO_set_mem_functions(CRYPTO_malloc_fn malloc_fn,CRYPTO_realloc_fn realloc_fn,CRYPTO_free_fn free_fn)60 int CRYPTO_set_mem_functions(CRYPTO_malloc_fn malloc_fn,
61 CRYPTO_realloc_fn realloc_fn,
62 CRYPTO_free_fn free_fn)
63 {
64 if (!allow_customize)
65 return 0;
66 if (malloc_fn != NULL)
67 malloc_impl = malloc_fn;
68 if (realloc_fn != NULL)
69 realloc_impl = realloc_fn;
70 if (free_fn != NULL)
71 free_impl = free_fn;
72 return 1;
73 }
74
CRYPTO_get_mem_functions(CRYPTO_malloc_fn * malloc_fn,CRYPTO_realloc_fn * realloc_fn,CRYPTO_free_fn * free_fn)75 void CRYPTO_get_mem_functions(CRYPTO_malloc_fn *malloc_fn,
76 CRYPTO_realloc_fn *realloc_fn,
77 CRYPTO_free_fn *free_fn)
78 {
79 if (malloc_fn != NULL)
80 *malloc_fn = malloc_impl;
81 if (realloc_fn != NULL)
82 *realloc_fn = realloc_impl;
83 if (free_fn != NULL)
84 *free_fn = free_impl;
85 }
86
87 #if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODULE)
CRYPTO_get_alloc_counts(int * mcount,int * rcount,int * fcount)88 void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount)
89 {
90 if (mcount != NULL)
91 *mcount = LOAD(malloc_count);
92 if (rcount != NULL)
93 *rcount = LOAD(realloc_count);
94 if (fcount != NULL)
95 *fcount = LOAD(free_count);
96 }
97
98 /*
99 * Parse a "malloc failure spec" string. This likes like a set of fields
100 * separated by semicolons. Each field has a count and an optional failure
101 * percentage. For example:
102 * 100@0;100@25;0@0
103 * or 100;100@25;0
104 * This means 100 mallocs succeed, then next 100 fail 25% of the time, and
105 * all remaining (count is zero) succeed.
106 * The failure percentge can have 2 digits after the comma. For example:
107 * 0@0.01
108 * This means 0.01% of all allocations will fail.
109 */
parseit(void)110 static void parseit(void)
111 {
112 char *semi = strchr(md_failstring, ';');
113 char *atsign;
114
115 if (semi != NULL)
116 *semi++ = '\0';
117
118 /* Get the count (atol will stop at the @ if there), and percentage */
119 md_count = atol(md_failstring);
120 atsign = strchr(md_failstring, '@');
121 md_fail_percent = atsign == NULL ? 0 : (int)(atof(atsign + 1) * 100 + 0.5);
122
123 if (semi != NULL)
124 md_failstring = semi;
125 }
126
127 /*
128 * Windows doesn't have random() and srandom(), but it has rand() and srand().
129 * Some rand() implementations aren't good, but we're not
130 * dealing with secure randomness here.
131 */
132 #ifdef _WIN32
133 #define random() rand()
134 #define srandom(seed) srand(seed)
135 #endif
136 /*
137 * See if the current malloc should fail.
138 */
shouldfail(void)139 static int shouldfail(void)
140 {
141 int roll = (int)(random() % 10000);
142 int shoulditfail = roll < md_fail_percent;
143 #ifndef _WIN32
144 /* suppressed on Windows as POSIX-like file descriptors are non-inheritable */
145 int len;
146 char buff[80];
147
148 if (md_tracefd > 0) {
149 BIO_snprintf(buff, sizeof(buff),
150 "%c C%ld %%%d R%d\n",
151 shoulditfail ? '-' : '+', md_count, md_fail_percent, roll);
152 len = strlen(buff);
153 if (write(md_tracefd, buff, len) != len)
154 perror("shouldfail write failed");
155 }
156 #endif
157
158 if (md_count) {
159 /* If we used up this one, go to the next. */
160 if (--md_count == 0)
161 parseit();
162 }
163
164 return shoulditfail;
165 }
166
ossl_malloc_setup_failures(void)167 void ossl_malloc_setup_failures(void)
168 {
169 const char *cp = getenv("OPENSSL_MALLOC_FAILURES");
170 size_t cplen = 0;
171
172 if (cp != NULL) {
173 /* if the value is too long we'll just ignore it */
174 cplen = strlen(cp);
175 if (cplen <= CRYPTO_MEM_CHECK_MAX_FS) {
176 strncpy(md_failbuf, cp, CRYPTO_MEM_CHECK_MAX_FS);
177 md_failstring = md_failbuf;
178 parseit();
179 }
180 }
181 if ((cp = getenv("OPENSSL_MALLOC_FD")) != NULL)
182 md_tracefd = atoi(cp);
183 if ((cp = getenv("OPENSSL_MALLOC_SEED")) != NULL)
184 srandom(atoi(cp));
185 }
186 #endif
187
CRYPTO_malloc(size_t num,const char * file,int line)188 void *CRYPTO_malloc(size_t num, const char *file, int line)
189 {
190 void *ptr;
191
192 INCREMENT(malloc_count);
193 if (malloc_impl != CRYPTO_malloc) {
194 ptr = malloc_impl(num, file, line);
195 if (ptr != NULL || num == 0)
196 return ptr;
197 goto err;
198 }
199
200 if (num == 0)
201 return NULL;
202
203 FAILTEST();
204 if (allow_customize) {
205 /*
206 * Disallow customization after the first allocation. We only set this
207 * if necessary to avoid a store to the same cache line on every
208 * allocation.
209 */
210 allow_customize = 0;
211 }
212
213 ptr = malloc(num);
214 if (ptr != NULL)
215 return ptr;
216 err:
217 /*
218 * ossl_err_get_state_int() in err.c uses CRYPTO_zalloc(num, NULL, 0) for
219 * ERR_STATE allocation. Prevent mem alloc error loop while reporting error.
220 */
221 if (file != NULL || line != 0) {
222 ERR_new();
223 ERR_set_debug(file, line, NULL);
224 ERR_set_error(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE, NULL);
225 }
226 return NULL;
227 }
228
CRYPTO_zalloc(size_t num,const char * file,int line)229 void *CRYPTO_zalloc(size_t num, const char *file, int line)
230 {
231 void *ret;
232
233 ret = CRYPTO_malloc(num, file, line);
234 if (ret != NULL)
235 memset(ret, 0, num);
236
237 return ret;
238 }
239
CRYPTO_aligned_alloc(size_t num,size_t alignment,void ** freeptr,const char * file,int line)240 void *CRYPTO_aligned_alloc(size_t num, size_t alignment, void **freeptr,
241 const char *file, int line)
242 {
243 void *ret;
244
245 *freeptr = NULL;
246
247 #if defined(OPENSSL_SMALL_FOOTPRINT)
248 ret = freeptr = NULL;
249 return ret;
250 #endif
251
252 /* Allow non-malloc() allocations as long as no malloc_impl is provided. */
253 if (malloc_impl == CRYPTO_malloc) {
254 #if defined(_BSD_SOURCE) || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L)
255 if (posix_memalign(&ret, alignment, num))
256 return NULL;
257 *freeptr = ret;
258 return ret;
259 #elif defined(_ISOC11_SOURCE)
260 ret = *freeptr = aligned_alloc(alignment, num);
261 return ret;
262 #endif
263 }
264
265 /* we have to do this the hard way */
266
267 /*
268 * Note: Windows supports an _aligned_malloc call, but we choose
269 * not to use it here, because allocations from that function
270 * require that they be freed via _aligned_free. Given that
271 * we can't differentiate plain malloc blocks from blocks obtained
272 * via _aligned_malloc, just avoid its use entirely
273 */
274
275 /*
276 * Step 1: Allocate an amount of memory that is <alignment>
277 * bytes bigger than requested
278 */
279 *freeptr = CRYPTO_malloc(num + alignment, file, line);
280 if (*freeptr == NULL)
281 return NULL;
282
283 /*
284 * Step 2: Add <alignment - 1> bytes to the pointer
285 * This will cross the alignment boundary that is
286 * requested
287 */
288 ret = (void *)((char *)*freeptr + (alignment - 1));
289
290 /*
291 * Step 3: Use the alignment as a mask to translate the
292 * least significant bits of the allocation at the alignment
293 * boundary to 0. ret now holds a pointer to the memory
294 * buffer at the requested alignment
295 * NOTE: It is a documented requirement that alignment be a
296 * power of 2, which is what allows this to work
297 */
298 ret = (void *)((uintptr_t)ret & (uintptr_t)(~(alignment - 1)));
299 return ret;
300 }
301
CRYPTO_realloc(void * str,size_t num,const char * file,int line)302 void *CRYPTO_realloc(void *str, size_t num, const char *file, int line)
303 {
304 INCREMENT(realloc_count);
305 if (realloc_impl != CRYPTO_realloc)
306 return realloc_impl(str, num, file, line);
307
308 if (str == NULL)
309 return CRYPTO_malloc(num, file, line);
310
311 if (num == 0) {
312 CRYPTO_free(str, file, line);
313 return NULL;
314 }
315
316 FAILTEST();
317 return realloc(str, num);
318 }
319
CRYPTO_clear_realloc(void * str,size_t old_len,size_t num,const char * file,int line)320 void *CRYPTO_clear_realloc(void *str, size_t old_len, size_t num,
321 const char *file, int line)
322 {
323 void *ret = NULL;
324
325 if (str == NULL)
326 return CRYPTO_malloc(num, file, line);
327
328 if (num == 0) {
329 CRYPTO_clear_free(str, old_len, file, line);
330 return NULL;
331 }
332
333 /* Can't shrink the buffer since memcpy below copies |old_len| bytes. */
334 if (num < old_len) {
335 OPENSSL_cleanse((char *)str + num, old_len - num);
336 return str;
337 }
338
339 ret = CRYPTO_malloc(num, file, line);
340 if (ret != NULL) {
341 memcpy(ret, str, old_len);
342 CRYPTO_clear_free(str, old_len, file, line);
343 }
344 return ret;
345 }
346
CRYPTO_free(void * str,const char * file,int line)347 void CRYPTO_free(void *str, const char *file, int line)
348 {
349 INCREMENT(free_count);
350 if (free_impl != CRYPTO_free) {
351 free_impl(str, file, line);
352 return;
353 }
354
355 free(str);
356 }
357
CRYPTO_clear_free(void * str,size_t num,const char * file,int line)358 void CRYPTO_clear_free(void *str, size_t num, const char *file, int line)
359 {
360 if (str == NULL)
361 return;
362 if (num)
363 OPENSSL_cleanse(str, num);
364 CRYPTO_free(str, file, line);
365 }
366
367 #if !defined(OPENSSL_NO_CRYPTO_MDEBUG)
368
369 #ifndef OPENSSL_NO_DEPRECATED_3_0
CRYPTO_mem_ctrl(int mode)370 int CRYPTO_mem_ctrl(int mode)
371 {
372 (void)mode;
373 return -1;
374 }
375
CRYPTO_set_mem_debug(int flag)376 int CRYPTO_set_mem_debug(int flag)
377 {
378 (void)flag;
379 return -1;
380 }
381
CRYPTO_mem_debug_push(const char * info,const char * file,int line)382 int CRYPTO_mem_debug_push(const char *info, const char *file, int line)
383 {
384 (void)info;
385 (void)file;
386 (void)line;
387 return 0;
388 }
389
CRYPTO_mem_debug_pop(void)390 int CRYPTO_mem_debug_pop(void)
391 {
392 return 0;
393 }
394
CRYPTO_mem_debug_malloc(void * addr,size_t num,int flag,const char * file,int line)395 void CRYPTO_mem_debug_malloc(void *addr, size_t num, int flag,
396 const char *file, int line)
397 {
398 (void)addr;
399 (void)num;
400 (void)flag;
401 (void)file;
402 (void)line;
403 }
404
CRYPTO_mem_debug_realloc(void * addr1,void * addr2,size_t num,int flag,const char * file,int line)405 void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num, int flag,
406 const char *file, int line)
407 {
408 (void)addr1;
409 (void)addr2;
410 (void)num;
411 (void)flag;
412 (void)file;
413 (void)line;
414 }
415
CRYPTO_mem_debug_free(void * addr,int flag,const char * file,int line)416 void CRYPTO_mem_debug_free(void *addr, int flag,
417 const char *file, int line)
418 {
419 (void)addr;
420 (void)flag;
421 (void)file;
422 (void)line;
423 }
424
CRYPTO_mem_leaks(BIO * b)425 int CRYPTO_mem_leaks(BIO *b)
426 {
427 (void)b;
428 return -1;
429 }
430
431 #ifndef OPENSSL_NO_STDIO
CRYPTO_mem_leaks_fp(FILE * fp)432 int CRYPTO_mem_leaks_fp(FILE *fp)
433 {
434 (void)fp;
435 return -1;
436 }
437 #endif
438
CRYPTO_mem_leaks_cb(int (* cb)(const char * str,size_t len,void * u),void * u)439 int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u),
440 void *u)
441 {
442 (void)cb;
443 (void)u;
444 return -1;
445 }
446
447 #endif
448
449 #endif
450