1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.] */
56
57 #include <openssl/mem.h>
58
59 #include <assert.h>
60 #include <stdarg.h>
61 #include <stdio.h>
62
63 #include <openssl/err.h>
64
65 #if defined(OPENSSL_WINDOWS)
66 OPENSSL_MSVC_PRAGMA(warning(push, 3))
67 #include <windows.h>
68 OPENSSL_MSVC_PRAGMA(warning(pop))
69 #endif
70
71 #include "internal.h"
72
73
74 #define OPENSSL_MALLOC_PREFIX 8
75 OPENSSL_STATIC_ASSERT(OPENSSL_MALLOC_PREFIX >= sizeof(size_t),
76 "size_t too large");
77
78 #if defined(OPENSSL_ASAN)
79 void __asan_poison_memory_region(const volatile void *addr, size_t size);
80 void __asan_unpoison_memory_region(const volatile void *addr, size_t size);
81 #else
__asan_poison_memory_region(const void * addr,size_t size)82 static void __asan_poison_memory_region(const void *addr, size_t size) {}
__asan_unpoison_memory_region(const void * addr,size_t size)83 static void __asan_unpoison_memory_region(const void *addr, size_t size) {}
84 #endif
85
86 // Windows doesn't really support weak symbols as of May 2019, and Clang on
87 // Windows will emit strong symbols instead. See
88 // https://bugs.llvm.org/show_bug.cgi?id=37598
89 #if defined(__ELF__) && defined(__GNUC__)
90 #define WEAK_SYMBOL_FUNC(rettype, name, args) \
91 rettype name args __attribute__((weak));
92 #else
93 #define WEAK_SYMBOL_FUNC(rettype, name, args) static rettype(*name) args = NULL;
94 #endif
95
96 // sdallocx is a sized |free| function. By passing the size (which we happen to
97 // always know in BoringSSL), the malloc implementation can save work. We cannot
98 // depend on |sdallocx| being available, however, so it's a weak symbol.
99 //
100 // This will always be safe, but will only be overridden if the malloc
101 // implementation is statically linked with BoringSSL. So, if |sdallocx| is
102 // provided in, say, libc.so, we still won't use it because that's dynamically
103 // linked. This isn't an ideal result, but its helps in some cases.
104 WEAK_SYMBOL_FUNC(void, sdallocx, (void *ptr, size_t size, int flags));
105
106 // The following three functions can be defined to override default heap
107 // allocation and freeing. If defined, it is the responsibility of
108 // |OPENSSL_memory_free| to zero out the memory before returning it to the
109 // system. |OPENSSL_memory_free| will not be passed NULL pointers.
110 //
111 // WARNING: These functions are called on every allocation and free in
112 // BoringSSL across the entire process. They may be called by any code in the
113 // process which calls BoringSSL, including in process initializers and thread
114 // destructors. When called, BoringSSL may hold pthreads locks. Any other code
115 // in the process which, directly or indirectly, calls BoringSSL may be on the
116 // call stack and may itself be using arbitrary synchronization primitives.
117 //
118 // As a result, these functions may not have the usual programming environment
119 // available to most C or C++ code. In particular, they may not call into
120 // BoringSSL, or any library which depends on BoringSSL. Any synchronization
121 // primitives used must tolerate every other synchronization primitive linked
122 // into the process, including pthreads locks. Failing to meet these constraints
123 // may result in deadlocks, crashes, or memory corruption.
124 WEAK_SYMBOL_FUNC(void*, OPENSSL_memory_alloc, (size_t size));
125 WEAK_SYMBOL_FUNC(void, OPENSSL_memory_free, (void *ptr));
126 WEAK_SYMBOL_FUNC(size_t, OPENSSL_memory_get_size, (void *ptr));
127
128 // kBoringSSLBinaryTag is a distinctive byte sequence to identify binaries that
129 // are linking in BoringSSL and, roughly, what version they are using.
130 static const uint8_t kBoringSSLBinaryTag[18] = {
131 // 16 bytes of magic tag.
132 0x8c, 0x62, 0x20, 0x0b, 0xd2, 0xa0, 0x72, 0x58,
133 0x44, 0xa8, 0x96, 0x69, 0xad, 0x55, 0x7e, 0xec,
134 // Current source iteration. Incremented ~monthly.
135 3, 0,
136 };
137
OPENSSL_malloc(size_t size)138 void *OPENSSL_malloc(size_t size) {
139 if (OPENSSL_memory_alloc != NULL) {
140 assert(OPENSSL_memory_free != NULL);
141 assert(OPENSSL_memory_get_size != NULL);
142 return OPENSSL_memory_alloc(size);
143 }
144
145 if (size + OPENSSL_MALLOC_PREFIX < size) {
146 // |OPENSSL_malloc| is a central function in BoringSSL thus a reference to
147 // |kBoringSSLBinaryTag| is created here so that the tag isn't discarded by
148 // the linker. The following is sufficient to stop GCC, Clang, and MSVC
149 // optimising away the reference at the time of writing. Since this
150 // probably results in an actual memory reference, it is put in this very
151 // rare code path.
152 uint8_t unused = *(volatile uint8_t *)kBoringSSLBinaryTag;
153 (void) unused;
154 return NULL;
155 }
156
157 void *ptr = malloc(size + OPENSSL_MALLOC_PREFIX);
158 if (ptr == NULL) {
159 return NULL;
160 }
161
162 *(size_t *)ptr = size;
163
164 __asan_poison_memory_region(ptr, OPENSSL_MALLOC_PREFIX);
165 return ((uint8_t *)ptr) + OPENSSL_MALLOC_PREFIX;
166 }
167
OPENSSL_free(void * orig_ptr)168 void OPENSSL_free(void *orig_ptr) {
169 if (orig_ptr == NULL) {
170 return;
171 }
172
173 if (OPENSSL_memory_free != NULL) {
174 OPENSSL_memory_free(orig_ptr);
175 return;
176 }
177
178 void *ptr = ((uint8_t *)orig_ptr) - OPENSSL_MALLOC_PREFIX;
179 __asan_unpoison_memory_region(ptr, OPENSSL_MALLOC_PREFIX);
180
181 size_t size = *(size_t *)ptr;
182 OPENSSL_cleanse(ptr, size + OPENSSL_MALLOC_PREFIX);
183
184 // ASan knows to intercept malloc and free, but not sdallocx.
185 #if defined(OPENSSL_ASAN)
186 free(ptr);
187 #else
188 if (sdallocx) {
189 sdallocx(ptr, size + OPENSSL_MALLOC_PREFIX, 0 /* flags */);
190 } else {
191 free(ptr);
192 }
193 #endif
194 }
195
OPENSSL_realloc(void * orig_ptr,size_t new_size)196 void *OPENSSL_realloc(void *orig_ptr, size_t new_size) {
197 if (orig_ptr == NULL) {
198 return OPENSSL_malloc(new_size);
199 }
200
201 size_t old_size;
202 if (OPENSSL_memory_get_size != NULL) {
203 old_size = OPENSSL_memory_get_size(orig_ptr);
204 } else {
205 void *ptr = ((uint8_t *)orig_ptr) - OPENSSL_MALLOC_PREFIX;
206 __asan_unpoison_memory_region(ptr, OPENSSL_MALLOC_PREFIX);
207 old_size = *(size_t *)ptr;
208 __asan_poison_memory_region(ptr, OPENSSL_MALLOC_PREFIX);
209 }
210
211 void *ret = OPENSSL_malloc(new_size);
212 if (ret == NULL) {
213 return NULL;
214 }
215
216 size_t to_copy = new_size;
217 if (old_size < to_copy) {
218 to_copy = old_size;
219 }
220
221 memcpy(ret, orig_ptr, to_copy);
222 OPENSSL_free(orig_ptr);
223
224 return ret;
225 }
226
OPENSSL_cleanse(void * ptr,size_t len)227 void OPENSSL_cleanse(void *ptr, size_t len) {
228 #if defined(OPENSSL_WINDOWS)
229 SecureZeroMemory(ptr, len);
230 #else
231 OPENSSL_memset(ptr, 0, len);
232
233 #if !defined(OPENSSL_NO_ASM)
234 /* As best as we can tell, this is sufficient to break any optimisations that
235 might try to eliminate "superfluous" memsets. If there's an easy way to
236 detect memset_s, it would be better to use that. */
237 __asm__ __volatile__("" : : "r"(ptr) : "memory");
238 #endif
239 #endif // !OPENSSL_NO_ASM
240 }
241
OPENSSL_clear_free(void * ptr,size_t unused)242 void OPENSSL_clear_free(void *ptr, size_t unused) {
243 OPENSSL_free(ptr);
244 }
245
CRYPTO_memcmp(const void * in_a,const void * in_b,size_t len)246 int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) {
247 const uint8_t *a = in_a;
248 const uint8_t *b = in_b;
249 uint8_t x = 0;
250
251 for (size_t i = 0; i < len; i++) {
252 x |= a[i] ^ b[i];
253 }
254
255 return x;
256 }
257
OPENSSL_hash32(const void * ptr,size_t len)258 uint32_t OPENSSL_hash32(const void *ptr, size_t len) {
259 // These are the FNV-1a parameters for 32 bits.
260 static const uint32_t kPrime = 16777619u;
261 static const uint32_t kOffsetBasis = 2166136261u;
262
263 const uint8_t *in = ptr;
264 uint32_t h = kOffsetBasis;
265
266 for (size_t i = 0; i < len; i++) {
267 h ^= in[i];
268 h *= kPrime;
269 }
270
271 return h;
272 }
273
OPENSSL_strhash(const char * s)274 uint32_t OPENSSL_strhash(const char *s) { return OPENSSL_hash32(s, strlen(s)); }
275
OPENSSL_strnlen(const char * s,size_t len)276 size_t OPENSSL_strnlen(const char *s, size_t len) {
277 for (size_t i = 0; i < len; i++) {
278 if (s[i] == 0) {
279 return i;
280 }
281 }
282
283 return len;
284 }
285
OPENSSL_strdup(const char * s)286 char *OPENSSL_strdup(const char *s) {
287 if (s == NULL) {
288 return NULL;
289 }
290 const size_t len = strlen(s) + 1;
291 char *ret = OPENSSL_malloc(len);
292 if (ret == NULL) {
293 return NULL;
294 }
295 OPENSSL_memcpy(ret, s, len);
296 return ret;
297 }
298
OPENSSL_tolower(int c)299 int OPENSSL_tolower(int c) {
300 if (c >= 'A' && c <= 'Z') {
301 return c + ('a' - 'A');
302 }
303 return c;
304 }
305
OPENSSL_strcasecmp(const char * a,const char * b)306 int OPENSSL_strcasecmp(const char *a, const char *b) {
307 for (size_t i = 0;; i++) {
308 const int aa = OPENSSL_tolower(a[i]);
309 const int bb = OPENSSL_tolower(b[i]);
310
311 if (aa < bb) {
312 return -1;
313 } else if (aa > bb) {
314 return 1;
315 } else if (aa == 0) {
316 return 0;
317 }
318 }
319 }
320
OPENSSL_strncasecmp(const char * a,const char * b,size_t n)321 int OPENSSL_strncasecmp(const char *a, const char *b, size_t n) {
322 for (size_t i = 0; i < n; i++) {
323 const int aa = OPENSSL_tolower(a[i]);
324 const int bb = OPENSSL_tolower(b[i]);
325
326 if (aa < bb) {
327 return -1;
328 } else if (aa > bb) {
329 return 1;
330 } else if (aa == 0) {
331 return 0;
332 }
333 }
334
335 return 0;
336 }
337
BIO_snprintf(char * buf,size_t n,const char * format,...)338 int BIO_snprintf(char *buf, size_t n, const char *format, ...) {
339 va_list args;
340 va_start(args, format);
341 int ret = BIO_vsnprintf(buf, n, format, args);
342 va_end(args);
343 return ret;
344 }
345
BIO_vsnprintf(char * buf,size_t n,const char * format,va_list args)346 int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) {
347 return vsnprintf(buf, n, format, args);
348 }
349
OPENSSL_strndup(const char * str,size_t size)350 char *OPENSSL_strndup(const char *str, size_t size) {
351 size = OPENSSL_strnlen(str, size);
352
353 size_t alloc_size = size + 1;
354 if (alloc_size < size) {
355 // overflow
356 OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE);
357 return NULL;
358 }
359 char *ret = OPENSSL_malloc(alloc_size);
360 if (ret == NULL) {
361 OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE);
362 return NULL;
363 }
364
365 OPENSSL_memcpy(ret, str, size);
366 ret[size] = '\0';
367 return ret;
368 }
369
OPENSSL_strlcpy(char * dst,const char * src,size_t dst_size)370 size_t OPENSSL_strlcpy(char *dst, const char *src, size_t dst_size) {
371 size_t l = 0;
372
373 for (; dst_size > 1 && *src; dst_size--) {
374 *dst++ = *src++;
375 l++;
376 }
377
378 if (dst_size) {
379 *dst = 0;
380 }
381
382 return l + strlen(src);
383 }
384
OPENSSL_strlcat(char * dst,const char * src,size_t dst_size)385 size_t OPENSSL_strlcat(char *dst, const char *src, size_t dst_size) {
386 size_t l = 0;
387 for (; dst_size > 0 && *dst; dst_size--, dst++) {
388 l++;
389 }
390 return l + OPENSSL_strlcpy(dst, src, dst_size);
391 }
392
OPENSSL_memdup(const void * data,size_t size)393 void *OPENSSL_memdup(const void *data, size_t size) {
394 if (size == 0) {
395 return NULL;
396 }
397
398 void *ret = OPENSSL_malloc(size);
399 if (ret == NULL) {
400 OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE);
401 return NULL;
402 }
403
404 OPENSSL_memcpy(ret, data, size);
405 return ret;
406 }
407
CRYPTO_malloc(size_t size,const char * file,int line)408 void *CRYPTO_malloc(size_t size, const char *file, int line) {
409 return OPENSSL_malloc(size);
410 }
411
CRYPTO_realloc(void * ptr,size_t new_size,const char * file,int line)412 void *CRYPTO_realloc(void *ptr, size_t new_size, const char *file, int line) {
413 return OPENSSL_realloc(ptr, new_size);
414 }
415
CRYPTO_free(void * ptr,const char * file,int line)416 void CRYPTO_free(void *ptr, const char *file, int line) { OPENSSL_free(ptr); }
417