diff --git a/src/common/common.c b/src/common/common.c index 44280c141..8557f9bda 100644 --- a/src/common/common.c +++ b/src/common/common.c @@ -299,12 +299,16 @@ void *OQS_MEM_checked_aligned_alloc(size_t alignment, size_t size) { OQS_API void OQS_MEM_secure_free(void *ptr, size_t len) { if (ptr != NULL) { OQS_MEM_cleanse(ptr, len); - OQS_MEM_free(ptr); // IGNORE free-check + OQS_MEM_insecure_free(ptr); // IGNORE free-check } } OQS_API void OQS_MEM_insecure_free(void *ptr) { - OQS_MEM_free(ptr); // IGNORE free-check +#if (defined(OQS_USE_OPENSSL) || defined(OQS_DLOPEN_OPENSSL)) && defined(OPENSSL_VERSION_NUMBER) + OPENSSL_free(ptr); +#else + free(ptr); +#endif } void *OQS_MEM_aligned_alloc(size_t alignment, size_t size) { diff --git a/src/common/common.h b/src/common/common.h index 65d24e8b5..5bc25ee7f 100644 --- a/src/common/common.h +++ b/src/common/common.h @@ -36,11 +36,7 @@ extern "C" { * @return A pointer to the allocated memory. */ #define OQS_MEM_malloc(size) OPENSSL_malloc(size) -/** - * Frees the allocated memory. - * @param ptr The pointer to the memory to be freed. - */ -#define OQS_MEM_free(ptr) OPENSSL_free(ptr) + /** * Allocates memory for an array of elements of a given size. * @param num_elements The number of elements to allocate. @@ -61,11 +57,7 @@ extern "C" { * @return A pointer to the allocated memory. */ #define OQS_MEM_malloc(size) malloc(size) -/** - * Frees the allocated memory. - * @param ptr The pointer to the memory to be freed. - */ -#define OQS_MEM_free(ptr) free(ptr) + /** * Allocates memory for an array of elements of a given size. * @param num_elements The number of elements to allocate. diff --git a/src/common/sha2/sha2_c.c b/src/common/sha2/sha2_c.c index 5ead4c1ee..d35d3e649 100644 --- a/src/common/sha2/sha2_c.c +++ b/src/common/sha2/sha2_c.c @@ -588,22 +588,22 @@ void oqs_sha2_sha512_inc_ctx_clone_c(sha512ctx *stateout, const sha512ctx *state /* Destroy the hash state. */ void oqs_sha2_sha224_inc_ctx_release_c(sha224ctx *state) { - OQS_MEM_free(state->ctx); // IGNORE free-check + OQS_MEM_insecure_free(state->ctx); // IGNORE free-check } /* Destroy the hash state. */ void oqs_sha2_sha256_inc_ctx_release_c(sha256ctx *state) { - OQS_MEM_free(state->ctx); // IGNORE free-check + OQS_MEM_insecure_free(state->ctx); // IGNORE free-check } /* Destroy the hash state. */ void oqs_sha2_sha384_inc_ctx_release_c(sha384ctx *state) { - OQS_MEM_free(state->ctx); // IGNORE free-check + OQS_MEM_insecure_free(state->ctx); // IGNORE free-check } /* Destroy the hash state. */ void oqs_sha2_sha512_inc_ctx_release_c(sha512ctx *state) { - OQS_MEM_free(state->ctx); // IGNORE free-check + OQS_MEM_insecure_free(state->ctx); // IGNORE free-check } void oqs_sha2_sha256_inc_blocks_c(sha256ctx *state, const uint8_t *in, size_t inblocks) { diff --git a/src/common/sha3/ossl_sha3.c b/src/common/sha3/ossl_sha3.c index 2ac3e98cb..99d6d76ba 100644 --- a/src/common/sha3/ossl_sha3.c +++ b/src/common/sha3/ossl_sha3.c @@ -201,7 +201,7 @@ static void SHA3_shake128_inc_squeeze(uint8_t *output, size_t outlen, OQS_SHA3_s uint8_t *tmp = OQS_MEM_checked_malloc(s->n_out + outlen); OSSL_FUNC(EVP_DigestFinalXOF)(clone, tmp, s->n_out + outlen); memcpy(output, tmp + s->n_out, outlen); - OQS_MEM_free(tmp); // IGNORE free-check + OQS_MEM_insecure_free(tmp); // IGNORE free-check } OSSL_FUNC(EVP_MD_CTX_free)(clone); s->n_out += outlen; @@ -211,7 +211,7 @@ static void SHA3_shake128_inc_squeeze(uint8_t *output, size_t outlen, OQS_SHA3_s static void SHA3_shake128_inc_ctx_release(OQS_SHA3_shake128_inc_ctx *state) { intrn_shake128_inc_ctx *s = (intrn_shake128_inc_ctx *)state->ctx; OSSL_FUNC(EVP_MD_CTX_free)(s->mdctx); - OQS_MEM_free(s); // IGNORE free-check + OQS_MEM_insecure_free(s); // IGNORE free-check } static void SHA3_shake128_inc_ctx_clone(OQS_SHA3_shake128_inc_ctx *dest, const OQS_SHA3_shake128_inc_ctx *src) { @@ -275,7 +275,7 @@ static void SHA3_shake256_inc_squeeze(uint8_t *output, size_t outlen, OQS_SHA3_s uint8_t *tmp = OQS_MEM_checked_malloc(s->n_out + outlen); OSSL_FUNC(EVP_DigestFinalXOF)(clone, tmp, s->n_out + outlen); memcpy(output, tmp + s->n_out, outlen); - OQS_MEM_free(tmp); // IGNORE free-check + OQS_MEM_insecure_free(tmp); // IGNORE free-check } OSSL_FUNC(EVP_MD_CTX_free)(clone); s->n_out += outlen; @@ -285,7 +285,7 @@ static void SHA3_shake256_inc_squeeze(uint8_t *output, size_t outlen, OQS_SHA3_s static void SHA3_shake256_inc_ctx_release(OQS_SHA3_shake256_inc_ctx *state) { intrn_shake256_inc_ctx *s = (intrn_shake256_inc_ctx *)state->ctx; OSSL_FUNC(EVP_MD_CTX_free)(s->mdctx); - OQS_MEM_free(s); // IGNORE free-check + OQS_MEM_insecure_free(s); // IGNORE free-check } static void SHA3_shake256_inc_ctx_clone(OQS_SHA3_shake256_inc_ctx *dest, const OQS_SHA3_shake256_inc_ctx *src) { diff --git a/src/common/sha3/ossl_sha3x4.c b/src/common/sha3/ossl_sha3x4.c index eb14a9f1f..a1a69949a 100644 --- a/src/common/sha3/ossl_sha3x4.c +++ b/src/common/sha3/ossl_sha3x4.c @@ -94,7 +94,7 @@ static void SHA3_shake128_x4_inc_squeeze(uint8_t *out0, uint8_t *out1, uint8_t * OSSL_FUNC(EVP_MD_CTX_copy_ex)(clone, s->mdctx3); OSSL_FUNC(EVP_DigestFinalXOF)(clone, tmp, s->n_out + outlen); memcpy(out3, tmp + s->n_out, outlen); - OQS_MEM_free(tmp); // IGNORE free-check + OQS_MEM_insecure_free(tmp); // IGNORE free-check } OSSL_FUNC(EVP_MD_CTX_free)(clone); s->n_out += outlen; @@ -117,7 +117,7 @@ static void SHA3_shake128_x4_inc_ctx_release(OQS_SHA3_shake128_x4_inc_ctx *state OSSL_FUNC(EVP_MD_CTX_free)(s->mdctx1); OSSL_FUNC(EVP_MD_CTX_free)(s->mdctx2); OSSL_FUNC(EVP_MD_CTX_free)(s->mdctx3); - OQS_MEM_free(s); // IGNORE free-check + OQS_MEM_insecure_free(s); // IGNORE free-check } static void SHA3_shake128_x4_inc_ctx_reset(OQS_SHA3_shake128_x4_inc_ctx *state) { @@ -215,7 +215,7 @@ static void SHA3_shake256_x4_inc_squeeze(uint8_t *out0, uint8_t *out1, uint8_t * OSSL_FUNC(EVP_MD_CTX_copy_ex)(clone, s->mdctx3); OSSL_FUNC(EVP_DigestFinalXOF)(clone, tmp, s->n_out + outlen); memcpy(out3, tmp + s->n_out, outlen); - OQS_MEM_free(tmp); // IGNORE free-check + OQS_MEM_insecure_free(tmp); // IGNORE free-check } OSSL_FUNC(EVP_MD_CTX_free)(clone); s->n_out += outlen; @@ -238,7 +238,7 @@ static void SHA3_shake256_x4_inc_ctx_release(OQS_SHA3_shake256_x4_inc_ctx *state OSSL_FUNC(EVP_MD_CTX_free)(s->mdctx1); OSSL_FUNC(EVP_MD_CTX_free)(s->mdctx2); OSSL_FUNC(EVP_MD_CTX_free)(s->mdctx3); - OQS_MEM_free(s); // IGNORE free-check + OQS_MEM_insecure_free(s); // IGNORE free-check } static void SHA3_shake256_x4_inc_ctx_reset(OQS_SHA3_shake256_x4_inc_ctx *state) { diff --git a/src/sig_stfl/lms/external/hss_alloc.c b/src/sig_stfl/lms/external/hss_alloc.c index c5043f8a8..70b5ca0a6 100644 --- a/src/sig_stfl/lms/external/hss_alloc.c +++ b/src/sig_stfl/lms/external/hss_alloc.c @@ -542,15 +542,15 @@ void hss_free_working_key(struct hss_working_key *w) { unsigned j, k; for (j=0; jsubtree[j][k]); // IGNORE free-check + OQS_MEM_insecure_free(tree->subtree[j][k]); // IGNORE free-check hss_zeroize( tree, sizeof *tree ); /* We have seeds here */ } - OQS_MEM_free(tree); // IGNORE free-check + OQS_MEM_insecure_free(tree); // IGNORE free-check } for (i=0; isigned_pk[i]); // IGNORE free-check + OQS_MEM_insecure_free(w->signed_pk[i]); // IGNORE free-check } - OQS_MEM_free(w->stack); // IGNORE free-check + OQS_MEM_insecure_free(w->stack); // IGNORE free-check hss_zeroize( w, sizeof *w ); /* We have secret information here */ - OQS_MEM_free(w); // IGNORE free-check + OQS_MEM_insecure_free(w); // IGNORE free-check } diff --git a/src/sig_stfl/lms/external/hss_generate.c b/src/sig_stfl/lms/external/hss_generate.c index f3d3f0212..44171abdc 100644 --- a/src/sig_stfl/lms/external/hss_generate.c +++ b/src/sig_stfl/lms/external/hss_generate.c @@ -796,7 +796,7 @@ bool hss_generate_working_key( #if DO_FLOATING_POINT /* Don't leak suborders on an intermediate error */ for (i=0; i<(sequence_t)count_order; i++) { - OQS_MEM_free( order[i].sub ); // IGNORE free-check + OQS_MEM_insecure_free( order[i].sub ); // IGNORE free-check } #endif info->error_code = got_error; @@ -831,7 +831,7 @@ bool hss_generate_working_key( hash_size, tree->h, I); } - OQS_MEM_free( sub ); // IGNORE free-check + OQS_MEM_insecure_free( sub ); // IGNORE free-check p_order->sub = 0; } #endif diff --git a/src/sig_stfl/lms/external/hss_keygen.c b/src/sig_stfl/lms/external/hss_keygen.c index 5d1eca28d..2f1482a29 100644 --- a/src/sig_stfl/lms/external/hss_keygen.c +++ b/src/sig_stfl/lms/external/hss_keygen.c @@ -278,7 +278,7 @@ bool hss_generate_private_key( } else { hss_zeroize( context, PRIVATE_KEY_LEN ); } - OQS_MEM_free(temp_buffer); // IGNORE free-check + OQS_MEM_insecure_free(temp_buffer); // IGNORE free-check return false; } @@ -355,7 +355,7 @@ bool hss_generate_private_key( /* Hey, what do you know -- it all worked! */ hss_zeroize( private_key, sizeof private_key ); /* Zeroize local copy of */ /* the private key */ - OQS_MEM_free(temp_buffer); // IGNORE free-check + OQS_MEM_insecure_free(temp_buffer); // IGNORE free-check return true; } #endif diff --git a/src/sig_stfl/lms/external/hss_thread_pthread.c b/src/sig_stfl/lms/external/hss_thread_pthread.c index 7ffbd2a40..741bae0c3 100644 --- a/src/sig_stfl/lms/external/hss_thread_pthread.c +++ b/src/sig_stfl/lms/external/hss_thread_pthread.c @@ -91,13 +91,13 @@ struct thread_collection *hss_thread_init(int num_thread) { col->num_thread = num_thread; if (0 != pthread_mutex_init( &col->lock, 0 )) { - OQS_MEM_free(col); // IGNORE free-check + OQS_MEM_insecure_free(col); // IGNORE free-check return 0; } if (0 != pthread_mutex_init( &col->write_lock, 0 )) { pthread_mutex_destroy( &col->lock ); - OQS_MEM_free(col); // IGNORE free-check + OQS_MEM_insecure_free(col); // IGNORE free-check return 0; } @@ -126,7 +126,7 @@ static void *worker_thread( void *arg ) { (w->function)(w->x.detail, col); /* Ok, we did that */ - OQS_MEM_free(w); // IGNORE free-check + OQS_MEM_insecure_free(w); // IGNORE free-check /* Check if there's anything else to do */ pthread_mutex_lock( &col->lock ); @@ -219,7 +219,7 @@ void hss_thread_issue_work(struct thread_collection *col, /* Hmmm, couldn't spawn it; fall back */ default: /* On error condition */ pthread_mutex_unlock( &col->lock ); - OQS_MEM_free(w); // IGNORE free-check + OQS_MEM_insecure_free(w); // IGNORE free-check function( detail, col ); return; } @@ -277,7 +277,7 @@ void hss_thread_done(struct thread_collection *col) { pthread_mutex_destroy( &col->lock ); pthread_mutex_destroy( &col->write_lock ); - OQS_MEM_free(col); // IGNORE free-check + OQS_MEM_insecure_free(col); // IGNORE free-check } void hss_thread_before_write(struct thread_collection *col) {