[#1823] replace malloc/calloc/strdup/free with openssl allocator (#1926)

* [#1823] replace malloc/calloc/strdup/free with openssl allocator Signed-off-by: Songling Han <[email protected]> * [#1823] update memory allocator for copy_from_upstream Signed-off-by: Songling Han <[email protected]> * [#1823] Use OpenSSL Memory Allocator for BIKE, FrodoKEM, and NTRUPrime Signed-off-by: Songling Han <[email protected]> * [#1823] Add Comments for Doxygen Signed-off-by: Songling Han <[email protected]> * include openssl/crypto.h and resolve conflict varible for ntru Signed-off-by: Songling Han <[email protected]> * Add openssl version check to fix build error Signed-off-by: Songling Han <[email protected]> * Fix build for OQS_DLOPEN_OPENSSL Signed-off-by: Songling Han <[email protected]> * remove OQS_MEM_free Signed-off-by: Songling Han <[email protected]> * Add allocator check in tests/test_code_conventions.py Signed-off-by: Songling Han <[email protected]> * Add IGNORE memory-check Signed-off-by: Songling Han <[email protected]> * Delect checked allocation functions Signed-off-by: Songling Han <[email protected]> * Revert back p_param to p for sntrup Signed-off-by: Songling Han <[email protected]> * Add allocator check for '.c', '.h', '.fragment' Signed-off-by: Songling Han <[email protected]> * Add NULL for previous checked allocation Signed-off-by: Songling Han <[email protected]> * Add fprintf error for abort cases Signed-off-by: Songling Han <[email protected]> * use OQS_EXIT_IF_NULLPTR for checked malloc cases Signed-off-by: Songling Han <[email protected]> --------- Signed-off-by: Songling Han <[email protected]>
open-quantum-safe · Oct 19, 2024 · 1d92135 · 1d92135
1 parent 0310631
commit 1d92135
Show file tree

Hide file tree

Showing 119 changed files with 579 additions and 528 deletions.
diff --git a/scripts/copy_from_upstream/src/kem/family/kem_scheme.c b/scripts/copy_from_upstream/src/kem/family/kem_scheme.c
@@ -11,7 +11,7 @@
 {% endif %}
 OQS_KEM *OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_new(void) {
 
-	OQS_KEM *kem = malloc(sizeof(OQS_KEM));
+	OQS_KEM *kem = OQS_MEM_malloc(sizeof(OQS_KEM));
 	if (kem == NULL) {
 		return NULL;
 	}
@@ -42,7 +42,7 @@ OQS_KEM *OQS_KEM_{{ family }}_{{ scheme['scheme'] }}_new(void) {
 /** Alias */
 OQS_KEM *OQS_KEM_{{ family }}_{{ scheme['alias_scheme'] }}_new(void) {
 
-	OQS_KEM *kem = malloc(sizeof(OQS_KEM));
+	OQS_KEM *kem = OQS_MEM_malloc(sizeof(OQS_KEM));
 	if (kem == NULL) {
 		return NULL;
 	}

diff --git a/scripts/copy_from_upstream/src/sig/family/sig_scheme.c b/scripts/copy_from_upstream/src/sig/family/sig_scheme.c
@@ -11,7 +11,7 @@
 {% endif %}
 OQS_SIG *OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_new(void) {
 
-	OQS_SIG *sig = malloc(sizeof(OQS_SIG));
+	OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG));
 	if (sig == NULL) {
 		return NULL;
 	}
@@ -41,7 +41,7 @@ OQS_SIG *OQS_SIG_{{ family }}_{{ scheme['scheme'] }}_new(void) {
 /** Alias */
 OQS_SIG *OQS_SIG_{{ family }}_{{ scheme['alias_scheme'] }}_new(void) {
 
-	OQS_SIG *sig = malloc(sizeof(OQS_SIG));
+	OQS_SIG *sig = OQS_MEM_malloc(sizeof(OQS_SIG));
 	if (sig == NULL) {
 		return NULL;
 	}

diff --git a/scripts/copy_from_upstream/tests/kat_sig.c/combine_message_signature.fragment b/scripts/copy_from_upstream/tests/kat_sig.c/combine_message_signature.fragment
@@ -3,7 +3,7 @@
 {%- if scheme['signed_msg_order'] == 'sig_then_msg' %}
 		// signed_msg = signature || msg
 		*signed_msg_len = signature_len + msg_len;
-		*signed_msg = malloc(*signed_msg_len);
+		*signed_msg = OQS_MEM_malloc(*signed_msg_len);
 		if (*signed_msg == NULL) {
 			return OQS_ERROR;
 		}
@@ -13,7 +13,7 @@
 {%- elif scheme['signed_msg_order'] == 'msg_then_sig' %}
 		// signed_msg = msg || signature
 		*signed_msg_len = msg_len + signature_len;
-		*signed_msg = malloc(*signed_msg_len);
+		*signed_msg = OQS_MEM_malloc(*signed_msg_len);
 		if (*signed_msg == NULL) {
 			return OQS_ERROR;
 		}
@@ -24,7 +24,7 @@
 		// signed_msg = sig_len (2 bytes, big endian) || nonce (40 bytes) || msg || 0x29 || sig
 		const uint16_t signature_len_uint16 = (uint16_t)signature_len;
 		*signed_msg_len = 2 + signature_len_uint16 + msg_len;
-		*signed_msg = malloc(*signed_msg_len);
+		*signed_msg = OQS_MEM_malloc(*signed_msg_len);
 		if (*signed_msg == NULL) {
 			return OQS_ERROR;
 		}
@@ -44,7 +44,7 @@
 		// signed_msg = sig_len (2 bytes, big endian) || nonce (40 bytes) || msg || 0x2A || sig
 		const uint16_t signature_len_uint16 = (uint16_t)signature_len;
 		*signed_msg_len = 2 + signature_len + msg_len;
-		*signed_msg = malloc(*signed_msg_len);
+		*signed_msg = OQS_MEM_malloc(*signed_msg_len);
 		if (*signed_msg == NULL) {
 			return OQS_ERROR;
 		}

diff --git a/src/common/aes/aes128_ni.c b/src/common/aes/aes128_ni.c
@@ -49,7 +49,7 @@ static inline void aes128ni_setkey_encrypt(const unsigned char *key, __m128i rke
 }
 
 void oqs_aes128_load_schedule_ni(const uint8_t *key, void **_schedule) {
-	*_schedule = malloc(sizeof(aes128ctx));
+	*_schedule = OQS_MEM_malloc(sizeof(aes128ctx));
 	OQS_EXIT_IF_NULLPTR(*_schedule, "AES");
 	assert(*_schedule != NULL);
 	__m128i *schedule = ((aes128ctx *) *_schedule)->sk_exp;

diff --git a/src/common/aes/aes256_ni.c b/src/common/aes/aes256_ni.c
@@ -76,7 +76,7 @@ static inline void aes256ni_setkey_encrypt(const unsigned char *key, __m128i rke
 }
 
 void oqs_aes256_load_schedule_ni(const uint8_t *key, void **_schedule) {
-	*_schedule = malloc(sizeof(aes256ctx));
+	*_schedule = OQS_MEM_malloc(sizeof(aes256ctx));
 	OQS_EXIT_IF_NULLPTR(*_schedule, "AES");
 	assert(*_schedule != NULL);
 	__m128i *schedule = ((aes256ctx *) *_schedule)->sk_exp;

diff --git a/src/common/aes/aes_c.c b/src/common/aes/aes_c.c
@@ -676,7 +676,7 @@ static void aes_ctr(unsigned char *out, size_t outlen, const unsigned char *iv,
 }
 
 void oqs_aes128_load_schedule_c(const uint8_t *key, void **_schedule) {
-	*_schedule = malloc(sizeof(aes128ctx));
+	*_schedule = OQS_MEM_malloc(sizeof(aes128ctx));
 	OQS_EXIT_IF_NULLPTR(*_schedule, "AES");
 	aes128ctx *ctx = (aes128ctx *) *_schedule;
 	uint64_t skey[22];
@@ -685,7 +685,7 @@ void oqs_aes128_load_schedule_c(const uint8_t *key, void **_schedule) {
 }
 
 void oqs_aes256_load_schedule_c(const uint8_t *key, void **_schedule) {
-	*_schedule = malloc(sizeof(aes256ctx));
+	*_schedule = OQS_MEM_malloc(sizeof(aes256ctx));
 	OQS_EXIT_IF_NULLPTR(*_schedule, "AES");
 	aes256ctx *ctx = (aes256ctx *) *_schedule;
 	uint64_t skey[30];
@@ -719,7 +719,7 @@ static void aes_keysched_no_bitslice(uint32_t *skey, const unsigned char *key, u
 }
 
 void oqs_aes256_load_schedule_no_bitslice(const uint8_t *key, void **_schedule) {
-	*_schedule = malloc(sizeof(aes256ctx_nobitslice));
+	*_schedule = OQS_MEM_malloc(sizeof(aes256ctx_nobitslice));
 	assert(*_schedule != NULL);
 	uint32_t *schedule = ((aes256ctx_nobitslice *) *_schedule)->sk_exp;
 	aes_keysched_no_bitslice(schedule, (const unsigned char *) key, 32);
@@ -752,7 +752,7 @@ void oqs_aes256_load_iv_u64_c(uint64_t iv, void *schedule) {
 }
 
 void oqs_aes128_load_schedule_no_bitslice(const uint8_t *key, void **_schedule) {
-	*_schedule = malloc(44 * sizeof(int));
+	*_schedule = OQS_MEM_malloc(44 * sizeof(int));
 	assert(*_schedule != NULL);
 	uint32_t *schedule = (uint32_t *) *_schedule;
 	aes_keysched_no_bitslice(schedule, (const unsigned char *) key, 16);

diff --git a/src/common/aes/aes_ossl.c b/src/common/aes/aes_ossl.c
@@ -28,7 +28,7 @@ static inline void br_enc64be(unsigned char *dst, uint64_t x) {
 }
 
 static void AES128_ECB_load_schedule(const uint8_t *key, void **schedule) {
-	*schedule = malloc(sizeof(struct key_schedule));
+	*schedule = OQS_MEM_malloc(sizeof(struct key_schedule));
 	OQS_EXIT_IF_NULLPTR(*schedule, "OpenSSL");
 	struct key_schedule *ks = (struct key_schedule *) *schedule;
 	ks->for_ECB = 1;
@@ -93,7 +93,7 @@ static void AES128_CTR_inc_stream_iv(const uint8_t *iv, size_t iv_len, const voi
 }
 
 static void AES128_CTR_inc_init(const uint8_t *key, void **schedule) {
-	*schedule = malloc(sizeof(struct key_schedule));
+	*schedule = OQS_MEM_malloc(sizeof(struct key_schedule));
 	OQS_EXIT_IF_NULLPTR(*schedule, "OpenSSL");
 
 	struct key_schedule *ks = (struct key_schedule *) *schedule;
@@ -128,7 +128,7 @@ static void AES128_CTR_inc_ivu64(uint64_t iv, void *schedule) {
 }
 
 static void AES256_ECB_load_schedule(const uint8_t *key, void **schedule) {
-	*schedule = malloc(sizeof(struct key_schedule));
+	*schedule = OQS_MEM_malloc(sizeof(struct key_schedule));
 	OQS_EXIT_IF_NULLPTR(*schedule, "OpenSSL");
 	struct key_schedule *ks = (struct key_schedule *) *schedule;
 	ks->for_ECB = 1;
@@ -139,7 +139,7 @@ static void AES256_ECB_load_schedule(const uint8_t *key, void **schedule) {
 }
 
 static void AES256_CTR_inc_init(const uint8_t *key, void **schedule) {
-	*schedule = malloc(sizeof(struct key_schedule));
+	*schedule = OQS_MEM_malloc(sizeof(struct key_schedule));
 	OQS_EXIT_IF_NULLPTR(*schedule, "OpenSSL");
 
 	struct key_schedule *ks = (struct key_schedule *) *schedule;

diff --git a/src/common/common.c b/src/common/common.c
@@ -13,6 +13,7 @@
 #include <stdlib.h>
 #include <stddef.h>
 #include <string.h>
+#include <stddef.h>
 
 #if defined(OQS_DIST_BUILD) && defined(OQS_USE_PTHREADS)
 #include <pthread.h>
@@ -257,6 +258,9 @@ OQS_API int OQS_MEM_secure_bcmp(const void *a, const void *b, size_t len) {
 }
 
 OQS_API void OQS_MEM_cleanse(void *ptr, size_t len) {
+	if (ptr == NULL) {
+		return;
+	}
 #if defined(OQS_USE_OPENSSL)
 	OSSL_FUNC(OPENSSL_cleanse)(ptr, len);
 #elif defined(_WIN32)
@@ -276,39 +280,44 @@ OQS_API void OQS_MEM_cleanse(void *ptr, size_t len) {
 #endif
 }
 
-void *OQS_MEM_checked_malloc(size_t len) {
-	void *ptr = malloc(len);
-	if (ptr == NULL) {
-		fprintf(stderr, "Memory allocation failed\n");
-		abort();
-	}
-
-	return ptr;
-}
-
-void *OQS_MEM_checked_aligned_alloc(size_t alignment, size_t size) {
-	void *ptr = OQS_MEM_aligned_alloc(alignment, size);
-	if (ptr == NULL) {
-		fprintf(stderr, "Memory allocation failed\n");
-		abort();
-	}
-
-	return ptr;
-}
-
 OQS_API void OQS_MEM_secure_free(void *ptr, size_t len) {
 	if (ptr != NULL) {
 		OQS_MEM_cleanse(ptr, len);
-		free(ptr); // IGNORE free-check
+		OQS_MEM_insecure_free(ptr);
 	}
 }
 
 OQS_API void OQS_MEM_insecure_free(void *ptr) {
-	free(ptr); // IGNORE free-check
+#if (defined(OQS_USE_OPENSSL) || defined(OQS_DLOPEN_OPENSSL)) && defined(OPENSSL_VERSION_NUMBER)
+	OPENSSL_free(ptr);
+#else
+	free(ptr); // IGNORE memory-check
+#endif
 }
 
 void *OQS_MEM_aligned_alloc(size_t alignment, size_t size) {
-#if defined(OQS_HAVE_ALIGNED_ALLOC) // glibc and other implementations providing aligned_alloc
+#if defined(OQS_USE_OPENSSL)
+	// Use OpenSSL's memory allocation functions
+	if (!size) {
+		return NULL;
+	}
+	const size_t offset = alignment - 1 + sizeof(uint8_t);
+	uint8_t *buffer = OPENSSL_malloc(size + offset);
+	if (!buffer) {
+		return NULL;
+	}
+	uint8_t *ptr = (uint8_t *)(((uintptr_t)(buffer) + offset) & ~(alignment - 1));
+	ptrdiff_t diff = ptr - buffer;
+	if (diff > UINT8_MAX) {
+		// Free and return NULL if alignment is too large
+		OPENSSL_free(buffer);
+		errno = EINVAL;
+		return NULL;
+	}
+	// Store the difference so that the free function can use it
+	ptr[-1] = (uint8_t)diff;
+	return ptr;
+#elif defined(OQS_HAVE_ALIGNED_ALLOC) // glibc and other implementations providing aligned_alloc
 	return aligned_alloc(alignment, size);
 #else
 	// Check alignment (power of 2, and >= sizeof(void*)) and size (multiple of alignment)
@@ -347,7 +356,7 @@ void *OQS_MEM_aligned_alloc(size_t alignment, size_t size) {
 	//            |
 	//       diff = ptr - buffer
 	const size_t offset = alignment - 1 + sizeof(uint8_t);
-	uint8_t *buffer = malloc(size + offset);
+	uint8_t *buffer = malloc(size + offset); // IGNORE memory-check
 	if (!buffer) {
 		return NULL;
 	}
@@ -357,7 +366,7 @@ void *OQS_MEM_aligned_alloc(size_t alignment, size_t size) {
 	ptrdiff_t diff = ptr - buffer;
 	if (diff > UINT8_MAX) {
 		// This should never happen in our code, but just to be safe
-		free(buffer); // IGNORE free-check
+		free(buffer); // IGNORE memory-check
 		errno = EINVAL;
 		return NULL;
 	}
@@ -370,18 +379,23 @@ void *OQS_MEM_aligned_alloc(size_t alignment, size_t size) {
 }
 
 void OQS_MEM_aligned_free(void *ptr) {
-#if defined(OQS_HAVE_ALIGNED_ALLOC) || defined(OQS_HAVE_POSIX_MEMALIGN) || defined(OQS_HAVE_MEMALIGN)
-	free(ptr); // IGNORE free-check
+	if (ptr == NULL) {
+		return;
+	}
+#if defined(OQS_USE_OPENSSL)
+	// Use OpenSSL's free function
+	uint8_t *u8ptr = ptr;
+	OPENSSL_free(u8ptr - u8ptr[-1]);
+#elif defined(OQS_HAVE_ALIGNED_ALLOC) || defined(OQS_HAVE_POSIX_MEMALIGN) || defined(OQS_HAVE_MEMALIGN)
+	free(ptr); // IGNORE memory-check
 #elif defined(__MINGW32__) || defined(__MINGW64__)
 	__mingw_aligned_free(ptr);
 #elif defined(_MSC_VER)
 	_aligned_free(ptr);
 #else
-	if (ptr) {
-		// Reconstruct the pointer returned from malloc using the difference
-		// stored one byte ahead of ptr.
-		uint8_t *u8ptr = ptr;
-		free(u8ptr - u8ptr[-1]); // IGNORE free-check
-	}
+	// Reconstruct the pointer returned from malloc using the difference
+	// stored one byte ahead of ptr.
+	uint8_t *u8ptr = ptr;
+	free(u8ptr - u8ptr[-1]); // IGNORE memory-check
 #endif
 }