remove OQS_MEM_free

Signed-off-by: Songling Han <[email protected]>

src/common/aes/aes_ossl.c

@@ -197,12 +197,12 @@ static void AES256_ECB_load_schedule(const uint8_t *key, void **schedule) {
 	ks->for_ECB = 1;
 	ks->ctx = OSSL_FUNC(EVP_CIPHER_CTX_new)();
 	if (ks->ctx == NULL) {
-		OQS_MEM_free(*schedule);
+		OQS_MEM_insecure_free(*schedule);
 		OQS_EXIT("OpenSSL: EVP_CIPHER_CTX_new failed");
 	}
 	if (OSSL_FUNC(EVP_EncryptInit_ex)(ks->ctx, oqs_aes_256_ecb(), NULL, key, NULL) != 1) {
 		OSSL_FUNC(EVP_CIPHER_CTX_free)(ks->ctx);
-		OQS_MEM_free(*schedule);
+		OQS_MEM_insecure_free(*schedule);
 		OQS_EXIT("OpenSSL: EVP_EncryptInit_ex failed");
 	}
 	OSSL_FUNC(EVP_CIPHER_CTX_set_padding)(ks->ctx, 0);
@@ -220,7 +220,7 @@ static void AES256_CTR_inc_init(const uint8_t *key, void **schedule) {
 	struct key_schedule *ks = (struct key_schedule *) *schedule;
 	EVP_CIPHER_CTX *ctr_ctx = OSSL_FUNC(EVP_CIPHER_CTX_new)();
 	if (ctr_ctx == NULL) {
-		OQS_MEM_free(*schedule);
+		OQS_MEM_insecure_free(*schedule);
 		OQS_EXIT("OpenSSL: EVP_CIPHER_CTX_new failed");
 	}
 

src/common/common.c

@@ -301,12 +301,16 @@ void *OQS_MEM_checked_aligned_alloc(size_t alignment, size_t size) {
 OQS_API void OQS_MEM_secure_free(void *ptr, size_t len) {
 	if (ptr != NULL) {
 		OQS_MEM_cleanse(ptr, len);
-		OQS_MEM_free(ptr); // IGNORE free-check
+        OQS_MEM_insecure_free(ptr); // IGNORE free-check
 	}
 }
 
 OQS_API void OQS_MEM_insecure_free(void *ptr) {
-	OQS_MEM_free(ptr); // IGNORE free-check
+#if (defined(OQS_USE_OPENSSL) || defined(OQS_DLOPEN_OPENSSL)) && defined(OPENSSL_VERSION_NUMBER)
+    OPENSSL_free(ptr);
+#else
+    free(ptr);
+#endif
 }
 
 void *OQS_MEM_aligned_alloc(size_t alignment, size_t size) {

src/common/common.h

@@ -36,11 +36,7 @@ extern "C" {
 * @return A pointer to the allocated memory.
 */
 #define OQS_MEM_malloc(size) OPENSSL_malloc(size)
-/**
- * Frees the allocated memory.
- * @param ptr The pointer to the memory to be freed.
- */
-#define OQS_MEM_free(ptr) OPENSSL_free(ptr)
+
 /**
  * Allocates memory for an array of elements of a given size.
  * @param num_elements The number of elements to allocate.
@@ -65,7 +61,7 @@ extern "C" {
  * Frees the allocated memory.
  * @param ptr The pointer to the memory to be freed.
  */
-#define OQS_MEM_free(ptr) free(ptr)
+#define OQS_MEM_insecure_free(ptr) free(ptr)
 /**
  * Allocates memory for an array of elements of a given size.
  * @param num_elements The number of elements to allocate.

src/common/sha2/sha2_c.c

@@ -588,22 +588,22 @@ void oqs_sha2_sha512_inc_ctx_clone_c(sha512ctx *stateout, const sha512ctx *state
 
 /* Destroy the hash state. */
 void oqs_sha2_sha224_inc_ctx_release_c(sha224ctx *state) {
-	OQS_MEM_free(state->ctx); // IGNORE free-check
+	OQS_MEM_insecure_free(state->ctx); // IGNORE free-check
 }
 
 /* Destroy the hash state. */
 void oqs_sha2_sha256_inc_ctx_release_c(sha256ctx *state) {
-	OQS_MEM_free(state->ctx); // IGNORE free-check
+	OQS_MEM_insecure_free(state->ctx); // IGNORE free-check
 }
 
 /* Destroy the hash state. */
 void oqs_sha2_sha384_inc_ctx_release_c(sha384ctx *state) {
-	OQS_MEM_free(state->ctx); // IGNORE free-check
+	OQS_MEM_insecure_free(state->ctx); // IGNORE free-check
 }
 
 /* Destroy the hash state. */
 void oqs_sha2_sha512_inc_ctx_release_c(sha512ctx *state) {
-	OQS_MEM_free(state->ctx); // IGNORE free-check
+	OQS_MEM_insecure_free(state->ctx); // IGNORE free-check
 }
 
 void oqs_sha2_sha256_inc_blocks_c(sha256ctx *state, const uint8_t *in, size_t inblocks) {

src/common/sha3/ossl_sha3.c

@@ -262,7 +262,7 @@ static void SHA3_shake128_inc_init(OQS_SHA3_shake128_inc_ctx *state) {
 	intrn_shake128_inc_ctx *s = (intrn_shake128_inc_ctx *)state->ctx;
 	s->mdctx = OSSL_FUNC(EVP_MD_CTX_new)();
 	if (s->mdctx == NULL) {
-		OQS_MEM_free(state->ctx);
+		OQS_MEM_insecure_free(state->ctx);
 		state->ctx = NULL;
 		return;
 	}
@@ -378,14 +378,14 @@ static void SHA3_shake256_inc_init(OQS_SHA3_shake256_inc_ctx *state) {
 	intrn_shake256_inc_ctx *s = (intrn_shake256_inc_ctx *)state->ctx;
 	s->mdctx = OSSL_FUNC(EVP_MD_CTX_new)();
 	if (s->mdctx == NULL) {
-		OQS_MEM_free(state->ctx);
+		OQS_MEM_insecure_free(state->ctx);
 		state->ctx = NULL;
 		return;
 	}
 	s->n_out = 0;
 	if (OSSL_FUNC(EVP_DigestInit_ex)(s->mdctx, oqs_shake256(), NULL) != 1) {
 		OSSL_FUNC(EVP_MD_CTX_free)(s->mdctx);
-		OQS_MEM_free(state->ctx);
+		OQS_MEM_insecure_free(state->ctx);
 		state->ctx = NULL;
 	}
 }

src/common/sha3/ossl_sha3x4.c

@@ -94,7 +94,7 @@ static void SHA3_shake128_x4_inc_squeeze(uint8_t *out0, uint8_t *out1, uint8_t *
 		OSSL_FUNC(EVP_MD_CTX_copy_ex)(clone, s->mdctx3);
 		OSSL_FUNC(EVP_DigestFinalXOF)(clone, tmp, s->n_out + outlen);
 		memcpy(out3, tmp + s->n_out, outlen);
-		OQS_MEM_free(tmp); // IGNORE free-check
+		OQS_MEM_insecure_free(tmp); // IGNORE free-check
 	}
 	OSSL_FUNC(EVP_MD_CTX_free)(clone);
 	s->n_out += outlen;
@@ -117,7 +117,7 @@ static void SHA3_shake128_x4_inc_ctx_release(OQS_SHA3_shake128_x4_inc_ctx *state
 	OSSL_FUNC(EVP_MD_CTX_free)(s->mdctx1);
 	OSSL_FUNC(EVP_MD_CTX_free)(s->mdctx2);
 	OSSL_FUNC(EVP_MD_CTX_free)(s->mdctx3);
-	OQS_MEM_free(s); // IGNORE free-check
+	OQS_MEM_insecure_free(s); // IGNORE free-check
 }
 
 static void SHA3_shake128_x4_inc_ctx_reset(OQS_SHA3_shake128_x4_inc_ctx *state) {
@@ -215,7 +215,7 @@ static void SHA3_shake256_x4_inc_squeeze(uint8_t *out0, uint8_t *out1, uint8_t *
 		OSSL_FUNC(EVP_MD_CTX_copy_ex)(clone, s->mdctx3);
 		OSSL_FUNC(EVP_DigestFinalXOF)(clone, tmp, s->n_out + outlen);
 		memcpy(out3, tmp + s->n_out, outlen);
-		OQS_MEM_free(tmp); // IGNORE free-check
+		OQS_MEM_insecure_free(tmp); // IGNORE free-check
 	}
 	OSSL_FUNC(EVP_MD_CTX_free)(clone);
 	s->n_out += outlen;
@@ -238,7 +238,7 @@ static void SHA3_shake256_x4_inc_ctx_release(OQS_SHA3_shake256_x4_inc_ctx *state
 	OSSL_FUNC(EVP_MD_CTX_free)(s->mdctx1);
 	OSSL_FUNC(EVP_MD_CTX_free)(s->mdctx2);
 	OSSL_FUNC(EVP_MD_CTX_free)(s->mdctx3);
-	OQS_MEM_free(s); // IGNORE free-check
+	OQS_MEM_insecure_free(s); // IGNORE free-check
 }
 
 static void SHA3_shake256_x4_inc_ctx_reset(OQS_SHA3_shake256_x4_inc_ctx *state) {

src/sig_stfl/lms/external/hss_alloc.c

@@ -542,15 +542,15 @@ void hss_free_working_key(struct hss_working_key *w) {
             unsigned j, k;
             for (j=0; j<MAX_SUBLEVELS; j++)
                 for (k=0; k<3; k++)
-                    OQS_MEM_free(tree->subtree[j][k]); // IGNORE free-check
+                    OQS_MEM_insecure_free(tree->subtree[j][k]); // IGNORE free-check
             hss_zeroize( tree, sizeof *tree ); /* We have seeds here */
         }
-        OQS_MEM_free(tree); // IGNORE free-check
+        OQS_MEM_insecure_free(tree); // IGNORE free-check
     }
     for (i=0; i<MAX_HSS_LEVELS-1; i++) {
-        OQS_MEM_free(w->signed_pk[i]); // IGNORE free-check
+        OQS_MEM_insecure_free(w->signed_pk[i]); // IGNORE free-check
     }
-    OQS_MEM_free(w->stack); // IGNORE free-check
+    OQS_MEM_insecure_free(w->stack); // IGNORE free-check
     hss_zeroize( w, sizeof *w ); /* We have secret information here */
-    OQS_MEM_free(w); // IGNORE free-check
+    OQS_MEM_insecure_free(w); // IGNORE free-check
 }

src/sig_stfl/lms/external/hss_generate.c

@@ -796,7 +796,7 @@ bool hss_generate_working_key(
 #if DO_FLOATING_POINT
             /* Don't leak suborders on an intermediate error */
         for (i=0; i<(sequence_t)count_order; i++) {
-            OQS_MEM_free( order[i].sub ); // IGNORE free-check
+            OQS_MEM_insecure_free( order[i].sub ); // IGNORE free-check
         }
 #endif
         info->error_code = got_error;
@@ -831,7 +831,7 @@ bool hss_generate_working_key(
                           hash_size, tree->h, I);
         }
 
-        OQS_MEM_free( sub ); // IGNORE free-check
+        OQS_MEM_insecure_free( sub ); // IGNORE free-check
         p_order->sub = 0;
     }
 #endif

src/sig_stfl/lms/external/hss_keygen.c

@@ -278,7 +278,7 @@ bool hss_generate_private_key(
         } else {
             hss_zeroize( context, PRIVATE_KEY_LEN );
         }
-        OQS_MEM_free(temp_buffer); // IGNORE free-check
+        OQS_MEM_insecure_free(temp_buffer); // IGNORE free-check
         return false;
     }
 
@@ -355,7 +355,7 @@ bool hss_generate_private_key(
     /* Hey, what do you know -- it all worked! */
     hss_zeroize( private_key, sizeof private_key ); /* Zeroize local copy of */
                                                    /* the private key */
-    OQS_MEM_free(temp_buffer); // IGNORE free-check
+    OQS_MEM_insecure_free(temp_buffer); // IGNORE free-check
     return true;
 }
 #endif

src/sig_stfl/lms/external/hss_thread_pthread.c

@@ -91,13 +91,13 @@ struct thread_collection *hss_thread_init(int num_thread) {
     col->num_thread = num_thread;
 
     if (0 != pthread_mutex_init( &col->lock, 0 )) {
-        OQS_MEM_free(col); // IGNORE free-check
+        OQS_MEM_insecure_free(col); // IGNORE free-check
         return 0;
     }
 
     if (0 != pthread_mutex_init( &col->write_lock, 0 )) {
         pthread_mutex_destroy( &col->lock );
-        OQS_MEM_free(col); // IGNORE free-check
+        OQS_MEM_insecure_free(col); // IGNORE free-check
         return 0;
     }
 
@@ -126,7 +126,7 @@ static void *worker_thread( void *arg ) {
         (w->function)(w->x.detail, col);
 
         /* Ok, we did that */
-        OQS_MEM_free(w); // IGNORE free-check
+        OQS_MEM_insecure_free(w); // IGNORE free-check
 
         /* Check if there's anything else to do */
         pthread_mutex_lock( &col->lock );
@@ -219,7 +219,7 @@ void hss_thread_issue_work(struct thread_collection *col,
                     /* Hmmm, couldn't spawn it; fall back */
                     default: /* On error condition */
                     pthread_mutex_unlock( &col->lock );
-                    OQS_MEM_free(w); // IGNORE free-check
+                    OQS_MEM_insecure_free(w); // IGNORE free-check
                     function( detail, col );
                     return;
                 }
@@ -277,7 +277,7 @@ void hss_thread_done(struct thread_collection *col) {
 
     pthread_mutex_destroy( &col->lock );
     pthread_mutex_destroy( &col->write_lock );
-    OQS_MEM_free(col);  // IGNORE free-check
+    OQS_MEM_insecure_free(col);  // IGNORE free-check
 }
 
 void hss_thread_before_write(struct thread_collection *col) {

tests/test_hash.c

@@ -79,7 +79,7 @@ static int do_sha256(void) {
 
 	if (memcmp(output, output_inc, 32) != 0) {
 		fprintf(stderr, "ERROR: Incremental API does not match main API\n");
-		OQS_MEM_free(msg);
+		OQS_MEM_insecure_free(msg);
 		return -2;
 	}
 	// hash with second state
@@ -91,7 +91,7 @@ static int do_sha256(void) {
 	}
 	if (memcmp(output, output_inc, 32) != 0) {
 		fprintf(stderr, "ERROR: Incremental API with cloned state does not match main API\n");
-		OQS_MEM_free(msg);
+		OQS_MEM_insecure_free(msg);
 		return -3;
 	}
 
@@ -103,7 +103,7 @@ static int do_sha256(void) {
 	OQS_SHA2_sha256_inc_finalize(output_inc_2, &state3, &msg[i], 0);
 	if (memcmp(output, output_inc_2, 32) != 0) {
 		fprintf(stderr, "ERROR: Non-block Incremental API with cloned state does not match main API\n");
-		OQS_MEM_free(msg);
+		OQS_MEM_insecure_free(msg);
 		return -4;
 	}
 
@@ -112,7 +112,7 @@ static int do_sha256(void) {
 	OQS_SHA2_sha256_inc_finalize(output_inc, &state6, NULL, 0);
 	if (memcmp(output, output_inc, 32) != 0) {
 		fprintf(stderr, "ERROR: Incremental API with the entire msg.\n");
-		OQS_MEM_free(msg);
+		OQS_MEM_insecure_free(msg);
 		return -3;
 	}
 
@@ -128,7 +128,7 @@ static int do_sha256(void) {
 	}
 	if (memcmp(output, output_inc_2, 32) != 0) {
 		fprintf(stderr, "ERROR: Combined block increments with non-block size failed to match main API\n");
-		OQS_MEM_free(msg);
+		OQS_MEM_insecure_free(msg);
 		return -5;
 	}
 
@@ -142,12 +142,12 @@ static int do_sha256(void) {
 	}
 	if (memcmp(output, output_inc_2, 32) != 0) {
 		fprintf(stderr, "ERROR: Combined non-block size and block increments failed to match main API\n");
-		OQS_MEM_free(msg);
+		OQS_MEM_insecure_free(msg);
 		return -5;
 	}
 	//Test inc API
 	print_hex(output, 32);
-	OQS_MEM_free(msg);
+	OQS_MEM_insecure_free(msg);
 	return 0;
 }
 
@@ -178,7 +178,7 @@ static int do_sha384(void) {
 	}
 	if (memcmp(output, output_inc, 48) != 0) {
 		fprintf(stderr, "ERROR: Incremental API does not match main API\n");
-		OQS_MEM_free(msg);
+		OQS_MEM_insecure_free(msg);
 		return -2;
 	}
 	// hash with second state
@@ -190,11 +190,11 @@ static int do_sha384(void) {
 	}
 	if (memcmp(output, output_inc, 48) != 0) {
 		fprintf(stderr, "ERROR: Incremental API with cloned state does not match main API\n");
-		OQS_MEM_free(msg);
+		OQS_MEM_insecure_free(msg);
 		return -3;
 	}
 	print_hex(output, 48);
-	OQS_MEM_free(msg);
+	OQS_MEM_insecure_free(msg);
 	return 0;
 }
 
@@ -225,7 +225,7 @@ static int do_sha512(void) {
 	}
 	if (memcmp(output, output_inc, 64) != 0) {
 		fprintf(stderr, "ERROR: Incremental API does not match main API\n");
-		OQS_MEM_free(msg);
+		OQS_MEM_insecure_free(msg);
 		return -2;
 	}
 	// hash with second state
@@ -237,11 +237,11 @@ static int do_sha512(void) {
 	}
 	if (memcmp(output, output_inc, 64) != 0) {
 		fprintf(stderr, "ERROR: Incremental API with cloned state does not match main API\n");
-		OQS_MEM_free(msg);
+		OQS_MEM_insecure_free(msg);
 		return -3;
 	}
 	print_hex(output, 64);
-	OQS_MEM_free(msg);
+	OQS_MEM_insecure_free(msg);
 	return 0;
 }
 
@@ -257,8 +257,8 @@ static int do_arbitrary_hash(void (*hash)(uint8_t *, const uint8_t *, size_t), s
 	uint8_t *output = OQS_MEM_malloc(hash_len);
 	hash(output, msg, msg_len);
 	print_hex(output, hash_len);
-	OQS_MEM_free(output);
-	OQS_MEM_free(msg);
+	OQS_MEM_insecure_free(output);
+	OQS_MEM_insecure_free(msg);
 	return 0;
 }