- 01 2月, 2018 4 次提交
-
-
由 Benjamin Kaduk 提交于
Conceptually, this is a squashed version of: Revert "Address feedback" This reverts commit 75551e07. and Revert "Add CRYPTO_thread_glock_new" This reverts commit ed6b2c79. But there were some intervening commits that made neither revert apply cleanly, so instead do it all as one shot. The crypto global locks were an attempt to cope with the awkward POSIX semantics for pthread_atfork(); its documentation (the "RATIONALE" section) indicates that the expected usage is to have the prefork handler lock all "global" locks, and the parent and child handlers release those locks, to ensure that forking happens with a consistent (lock) state. However, the set of functions available in the child process is limited to async-signal-safe functions, and pthread_mutex_unlock() is not on the list of async-signal-safe functions! The only synchronization primitives that are async-signal-safe are the semaphore primitives, which are not really appropriate for general-purpose usage. However, the state consistency problem that the global locks were attempting to solve is not actually a serious problem, particularly for OpenSSL. That is, we can consider four cases of forking application that might use OpenSSL: (1) Single-threaded, does not call into OpenSSL in the child (e.g., the child calls exec() immediately) For this class of process, no locking is needed at all, since there is only ever a single thread of execution and the only reentrancy is due to signal handlers (which are themselves limited to async-signal-safe operation and should not be doing much work at all). (2) Single-threaded, calls into OpenSSL after fork() The application must ensure that it does not fork() with an unexpected lock held (that is, one that would get unlocked in the parent but accidentally remain locked in the child and cause deadlock). Since OpenSSL does not expose any of its internal locks to the application and the application is single-threaded, the OpenSSL internal locks will be unlocked for the fork(), and the state will be consistent. (OpenSSL will need to reseed its PRNG in the child, but that is an orthogonal issue.) If the application makes use of locks from libcrypto, proper handling for those locks is the responsibility of the application, as for any other locking primitive that is available for application programming. (3) Multi-threaded, does not call into OpenSSL after fork() As for (1), the OpenSSL state is only relevant in the parent, so no particular fork()-related handling is needed. The internal locks are relevant, but there is no interaction with the child to consider. (4) Multi-threaded, calls into OpenSSL after fork() This is the case where the pthread_atfork() hooks to ensure that all global locks are in a known state across fork() would come into play, per the above discussion. However, these "calls into OpenSSL after fork()" are still subject to the restriction to async-signal-safe functions. Since OpenSSL uses all sorts of locking and libc functions that are not on the list of safe functions (e.g., malloc()), this case is not currently usable and is unlikely to ever be usable, independently of the locking situation. So, there is no need to go through contortions to attempt to support this case in the one small area of locking interaction with fork(). In light of the above analysis (thanks @davidben and @achernya), go back to the simpler implementation that does not need to distinguish "library-global" locks or to have complicated atfork handling for locks. Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5089)
-
由 Richard Levitte 提交于
They aren't needed if all they do is set bio->init = 1 and zero other fields that are already zeroed Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5223)
-
由 Richard Levitte 提交于
Without this, every BIO implementation is forced to have a create method, just to set bio->init = 1. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5223)
-
由 Dr. Matthias St. Pierre 提交于
Some older glibc versions require the `-lrt` linker option for resolving the reference to `clock_gettime'. Since it is not desired to add new library dependencies in version 1.1.1, the call to clock_gettime() is replaced by a call to gettimeofday() for the moment. It will be added back in version 1.2. Signed-off-by: NDr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/5199)
-
- 31 1月, 2018 4 次提交
-
-
由 Peter Meerwald-Stadler 提交于
INSTALL: Mention 'aria' algorithm for no-<alg> Signed-off-by: NPeter Meerwald-Stadler <pmeerw@pmeerw.net> Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/5215)
-
由 Richard Levitte 提交于
Fixes #5207 (another PR) Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/5210)
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5207)
-
由 Richard Levitte 提交于
Fixes #5203 Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5207)
-
- 30 1月, 2018 10 次提交
-
-
由 Matt Caswell 提交于
If a server receives an unexpected ClientHello then we may or may not accept it. Make sure all such decisions are made in the state machine and not in the record layer. This also removes a disparity between the TLS and the DTLS code. The TLS code was making this decision in the record layer, while the DTLS code was making it later. Finally it also solves a problem where a warning alert was being sent during tls_setup_handshake() and the function was returning a failure return code. This is problematic because it can be called from a transition function - which we only allow fatal errors to occur in. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5190)
-
由 Richard Levitte 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5197)
-
由 Richard Levitte 提交于
For proper escaping, we need the direct perl variable values, not a make variable reference. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5196)
-
由 Richard Levitte 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5196)
-
由 Richard Levitte 提交于
This message will ONLY be visible in OpenSSL 1.1.1, it will not show in 1.1.1a or any other release or update. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5185)
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5185)
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5185)
-
由 Richard Levitte 提交于
The additional possibility is: perl configdata.pm --options Display the features, both enabled and disabled, and display defined macro and skipped directories where applicable. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5185)
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5185)
-
由 Richard Levitte 提交于
The "make variable" information displayed by Configure was selective and incomplete, and possibly undesirable (too verbose). Instead, we make configdata.pm and have the user run it to get the information they desire, and also make it possible to have it perform a reconfiguration. Possibilities so far: perl configdata.pm --dump Displays everything (i.e. the combined output from --command-line, --environment, --make-variables and --build-parameters. perl configdata.pm --command-line Displays the config command line. perl configdata.pm --envirnoment Displays the recorded environment variables. perl configdata.pm --make-variables Displays the configured "make variables". perl configdata.pm --build-parameters Displays the build file and the template files to create it. perl configdata.pm --reconfigure Re-runs the configuration with the recorded environment variables. --verbose can be used to have --reconfigure be a bit more verbose. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5185)
-
- 29 1月, 2018 6 次提交
-
-
由 Richard Levitte 提交于
It's already in opensslconf.h, which is included where this is relevant. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5188)
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5188)
-
由 Richard Levitte 提交于
Thank you Beat Bolli for notifying us Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5189)
-
由 Richard Levitte 提交于
The rehash test broke the test if run by root. Instead, just skip the check that requires non-root to be worth it. Fixes #4387 Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5184)
-
由 Kurt Roeckx 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/4752)
-
由 nickthetait 提交于
Fixes: #5130 Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5178)
-
- 28 1月, 2018 11 次提交
-
-
由 Richard Levitte 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5181)
-
由 Richard Levitte 提交于
C++ flags got the same config target value as C flags, but then nothing else happened while C flags get all kinds of stuff added to them (especially when --strict-warnings is used). Now, C++ flags get the exact same treatment as C flags. However, this only happens when a C++ compiler is specified, to avoid confusing messages about added C++ flags. Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5181)
-
由 Richard Levitte 提交于
vc_wince_info()->{defines} was left around, when it should be vc_wince_info()->{cppflags} Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5182)
-
由 Richard Levitte 提交于
Most of all, this change preserves casing a bit better Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5180)
-
由 Steve Linsell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5166)
-
由 Richard Levitte 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5177)
-
由 Richard Levitte 提交于
There were a small number that inherited no BASE, the now inherit BASE_unix. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5177)
-
由 Richard Levitte 提交于
Ideally, each config target should inherit a base to get their platform specific defaults. Unfortunately, that is currently not the case, so we duplicate the Unixly defaults from the BASE_unix template into the DEFAULT template. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5177)
-
由 Richard Levitte 提交于
Default values belong in the DEFAULT config target template, in Configurations/00-base-templates.conf. This isn't a complete move, but takes care of the most blatant examples. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5177)
-
由 Richard Levitte 提交于
Support the following "make variables": AR (GNU compatible) ARFLAGS (GNU Compatible) AS (GNU Compatible) ASFLAGS (GNU Compatible) CC (GNU Compatible) CFLAGS (GNU Compatible) CXX (GNU Compatible) CXXFLAGS (GNU Compatible) CPP (GNU Compatible) CPPFLAGS (GNU Compatible) CPPDEFINES List of CPP macro definitions. Alternative for -D CPPINCLUDES List of CPP inclusion directories. Alternative for -I HASHBANGPERL Perl invocation to be inserted after '#!' in public perl scripts. LDFLAGS (GNU Compatible) LDLIBS (GNU Compatible) RANLIB Program to generate library archive index RC Program to manipulate Windows resources RCFLAGS Flags for $(RC) RM (GNU Compatible) Setting one of these overrides the corresponding data from our config targets. However, flags given directly on the configuration command line are additional, and are therefore added to the flags coming from one of the variables above or the config target. Fixes #2420 Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5177)
-
由 Richard Levitte 提交于
C preprocessor flags get separated from C flags, which has the advantage that we don't get loads of macro definitions and inclusion directory specs when linking shared libraries, DSOs and programs. This is a step to add support for "make variables" when configuring. Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5177)
-
- 27 1月, 2018 1 次提交
-
-
由 Bernd Edlinger 提交于
Reviewed-by: NRich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5173)
-
- 26 1月, 2018 4 次提交
-
-
由 Benjamin Kaduk 提交于
Make the sigalg name in comments reflect one that actually exists in the draft standard. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5174)
-
由 Benjamin Kaduk 提交于
The latest TLS 1.3 draft split the RSA-PSS signature schemes into two versions that indicate the OID of the RSA key being used. This forced us to rename the preprocessor defines for the sigalg values, and the ssl-trace code was not adopted to match, since it was not enabled int the default build. Belatedly update the ssl_sigalg_tbl in the trace code to match. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5174)
-
由 Benjamin Kaduk 提交于
The check for a duplicate value was reading one entry past where it was supposed to, getting an uninitialized value. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5172)
-
由 Benjamin Kaduk 提交于
We don't need to send this extension in normal operation since we are our own X.509 library, but add some test cases that force the extension to be sent and exercise our code to process the extension. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5068)
-