[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Thu Jan 12 20:08:46 UTC 2017
The branch master has been updated
via a68d8c7b77a3d46d591b89cfd0ecd2a2242e4613 (commit)
via f7edeced4d8d3f650c5ee32f20ba7165da4e3067 (commit)
from 329f2f4a428b0acb7a579869a13f6cd6bf0a3551 (commit)
- Log -----------------------------------------------------------------
commit a68d8c7b77a3d46d591b89cfd0ecd2a2242e4613
Author: Rich Salz <rsalz at openssl.org>
Date: Thu Jan 12 12:22:12 2017 -0500
Add documentation
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1252)
commit f7edeced4d8d3f650c5ee32f20ba7165da4e3067
Author: Rich Salz <rsalz at openssl.org>
Date: Fri Jul 8 13:40:08 2016 -0400
Add "random malloc failure" tooling
Still needs to be documented, somehow/somewhere.
The env var OPENSSL_MALLOC_FAILURES controls how often malloc/realloc
should fail. It's a set of fields separated by semicolons. Each field
is a count and optional percentage (separated by @) which defaults to 100.
If count is zero then it lasts "forever." For example: 100;@25 means the
first 100 allocations pass, then the rest have a 25% chance of failing
until the program exits or crashes.
If env var OPENSSL_MALLOC_FD parses as a positive integer, a record
of all malloc "shouldfail" tests is written to that file descriptor.
If a malloc will fail, and OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE is not set
(platform specific), then a backtrace will be written to the descriptor
when a malloc fails. This can be useful because a malloc may fail but
not be checked, and problems will only occur later.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1252)
-----------------------------------------------------------------------
Summary of changes:
crypto/include/internal/cryptlib_int.h | 1 +
crypto/init.c | 3 ++
crypto/mem.c | 89 ++++++++++++++++++++++++++++++++++
doc/man3/OPENSSL_malloc.pod | 32 +++++++++++-
4 files changed, 124 insertions(+), 1 deletion(-)
diff --git a/crypto/include/internal/cryptlib_int.h b/crypto/include/internal/cryptlib_int.h
index 8e2a719..60241d1 100644
--- a/crypto/include/internal/cryptlib_int.h
+++ b/crypto/include/internal/cryptlib_int.h
@@ -29,3 +29,4 @@ int ossl_init_thread_start(uint64_t opts);
# define OPENSSL_INIT_THREAD_ASYNC 0x01
# define OPENSSL_INIT_THREAD_ERR_STATE 0x02
+void ossl_malloc_setup_failures(void);
diff --git a/crypto/init.c b/crypto/init.c
index 3f91119..8036654 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -68,6 +68,9 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_base)
#ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ossl_init_base: Setting up stop handlers\n");
#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+ ossl_malloc_setup_failures();
+#endif
/*
* We use a dummy thread local key here. We use the destructor to detect
* when the thread is going to stop (where that feature is available)
diff --git a/crypto/mem.c b/crypto/mem.c
index 02aa43a..2e8a00c 100644
--- a/crypto/mem.c
+++ b/crypto/mem.c
@@ -12,6 +12,10 @@
#include <limits.h>
#include <openssl/crypto.h>
#include "internal/cryptlib.h"
+#include "internal/cryptlib_int.h"
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+# include <execinfo.h>
+#endif
/*
* the following pointers may be changed as long as 'allow_customize' is set
@@ -26,9 +30,21 @@ static void (*free_impl)(void *, const char *, int)
= CRYPTO_free;
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+static char *md_failstring;
+static long md_count;
+static int md_percent = 100;
+static int md_tracefd = -1;
static int call_malloc_debug = 1;
+
+static void parseit(void);
+static int shouldfail(void);
+
+# define FAILTEST() if (shouldfail()) return NULL
+
#else
static int call_malloc_debug = 0;
+
+# define FAILTEST() /* empty */
#endif
int CRYPTO_set_mem_functions(
@@ -68,6 +84,76 @@ void CRYPTO_get_mem_functions(
*f = free_impl;
}
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+/*
+ * Parse a "malloc failure spec" string. This likes like a set of fields
+ * separated by semicolons. Each field has a count and an optional failure
+ * percentage. For example:
+ * 100;100 at 25;@100
+ * This means 100 mallocs succeed, then next 100 fail 25% of the time, and
+ * all remaining (count is zero) succeed.
+ */
+static void parseit(void)
+{
+ char *semi = strchr(md_failstring, ';');
+ char *atsign;
+
+ if (semi != NULL)
+ *semi++ = '\0';
+
+ /* Get the count (atol will stop at the @ if there), and percentage */
+ md_count = atol(md_failstring);
+ atsign = strchr(md_failstring, '@');
+ md_percent = atsign == NULL ? 100 : atoi(atsign + 1);
+
+ if (semi != NULL)
+ md_failstring = semi;
+}
+
+/*
+ * See if the current malloc should fail.
+ */
+static int shouldfail(void)
+{
+ int roll = (int)(random() % 100);
+ int shouldfail = roll > md_percent;
+ char buff[80];
+
+ if (md_tracefd > 0) {
+ BIO_snprintf(buff, sizeof(buff),
+ "%c C%ld %%%d R%d\n",
+ shouldfail ? '-' : '+', md_count, md_percent, roll);
+ write(md_tracefd, buff, strlen(buff));
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+ if (shouldfail) {
+ void *addrs[30];
+ int num = backtrace(addrs, OSSL_NELEM(addrs));
+
+ backtrace_symbols_fd(addrs, num, md_tracefd);
+ }
+#endif
+ }
+
+ if (md_count) {
+ /* If we used up this one, go to the next. */
+ if (--md_count == 0)
+ parseit();
+ }
+
+ return shouldfail;
+}
+
+void ossl_malloc_setup_failures(void)
+{
+ const char *cp = getenv("OPENSSL_MALLOC_FAILURES");
+
+ if (cp != NULL && (md_failstring = strdup(cp)) != NULL)
+ parseit();
+ if ((cp = getenv("OPENSSL_MALLOC_FD")) != NULL)
+ md_tracefd = atoi(cp);
+}
+#endif
+
void *CRYPTO_malloc(size_t num, const char *file, int line)
{
void *ret = NULL;
@@ -78,6 +164,7 @@ void *CRYPTO_malloc(size_t num, const char *file, int line)
if (num <= 0)
return NULL;
+ FAILTEST();
allow_customize = 0;
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
if (call_malloc_debug) {
@@ -99,6 +186,7 @@ void *CRYPTO_zalloc(size_t num, const char *file, int line)
{
void *ret = CRYPTO_malloc(num, file, line);
+ FAILTEST();
if (ret != NULL)
memset(ret, 0, num);
return ret;
@@ -109,6 +197,7 @@ void *CRYPTO_realloc(void *str, size_t num, const char *file, int line)
if (realloc_impl != NULL && realloc_impl != &CRYPTO_realloc)
return realloc_impl(str, num, file, line);
+ FAILTEST();
if (str == NULL)
return CRYPTO_malloc(num, file, line);
diff --git a/doc/man3/OPENSSL_malloc.pod b/doc/man3/OPENSSL_malloc.pod
index 2104f43..4b55f31 100644
--- a/doc/man3/OPENSSL_malloc.pod
+++ b/doc/man3/OPENSSL_malloc.pod
@@ -15,7 +15,10 @@ CRYPTO_mem_debug_push, CRYPTO_mem_debug_pop,
CRYPTO_clear_realloc, CRYPTO_clear_free,
CRYPTO_get_mem_functions, CRYPTO_set_mem_functions,
CRYPTO_set_mem_debug, CRYPTO_mem_ctrl,
-CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp - Memory allocation functions
+CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp
+OPENSSL_MALLOC_FAILURES,
+OPENSSL_MALLOC_FD
+- Memory allocation functions
=head1 SYNOPSIS
@@ -60,6 +63,9 @@ CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp - Memory allocation functions
int CRYPTO_set_mem_debug(int onoff)
+ env OPENSSL_MALLOC_FAILURES=... <application>
+ env OPENSSL_MALLOC_FD=... <application>
+
int CRYPTO_mem_ctrl(int mode);
int OPENSSL_mem_debug_push(const char *info)
@@ -140,6 +146,30 @@ any effect, is must be called before any of the allocation functions
(e.g., CRYPTO_malloc()) are called, and is therefore normally one of the
first lines of main() in an application.
+If the library is built with the C<crypto-mdebug> option, then two additional
+environment variables can be used for testing failure handling. The variable
+B<OPENSSL_MALLOC_FAILURES> controls how often allocations should fail.
+It is a set of fields separated by semicolons, which each field is a count
+(defaulting to zero) and an optional atsign and percentage (defaulting
+to 100). If the count is zero, then it lasts forever. For example,
+C<100;@25> means the first 100 allocations pass, then all other allocations
+(until the program exits or crashes) have the rest have a 25% chance of
+failing.
+
+If the variable B<OPENSSL_MALLOC_FD> is parsed as a positive integer, then
+it is taken as an open file descriptor, and a record of all allocations is
+written to that descriptor. If an allocation will fail, and the platform
+supports it, then a backtrace will be written to the descriptor. This can
+be useful because a malloc may fail but not be checked, and problems will
+only occur later. The following example in classic shell syntax shows how
+to use this (will not work on all platforms):
+
+ OPENSSL_MALLOC_FAILURES='200;@10'
+ export OPENSSL_MALLOC_FAILURES
+ OPENSSL_MALLOC_FD=3
+ export OPENSSL_MALLOC_FD
+ ...app invocation... 3>/tmp/log$$
+
CRYPTO_mem_ctrl() provides fine-grained control of memory leak tracking.
To enable tracking call CRYPTO_mem_ctrl() with a B<mode> argument of
the B<CRYPTO_MEM_CHECK_ON>.
More information about the openssl-commits
mailing list