1. 28 9月, 2019 1 次提交
  2. 13 8月, 2019 2 次提交
  3. 11 6月, 2019 1 次提交
  4. 10 6月, 2019 1 次提交
  5. 04 4月, 2019 1 次提交
  6. 26 2月, 2019 1 次提交
  7. 25 1月, 2019 1 次提交
  8. 20 4月, 2018 1 次提交
  9. 10 4月, 2018 1 次提交
  10. 03 4月, 2018 1 次提交
  11. 13 2月, 2018 1 次提交
  12. 01 2月, 2018 1 次提交
    • B
      Revert the crypto "global lock" implementation · 63ab5ea1
      Benjamin Kaduk 提交于
      Conceptually, this is a squashed version of:
      
          Revert "Address feedback"
      
          This reverts commit 75551e07.
      
      and
      
          Revert "Add CRYPTO_thread_glock_new"
      
          This reverts commit ed6b2c79.
      
      But there were some intervening commits that made neither revert apply
      cleanly, so instead do it all as one shot.
      
      The crypto global locks were an attempt to cope with the awkward
      POSIX semantics for pthread_atfork(); its documentation (the "RATIONALE"
      section) indicates that the expected usage is to have the prefork handler
      lock all "global" locks, and the parent and child handlers release those
      locks, to ensure that forking happens with a consistent (lock) state.
      However, the set of functions available in the child process is limited
      to async-signal-safe functions, and pthread_mutex_unlock() is not on
      the list of async-signal-safe functions!  The only synchronization
      primitives that are async-signal-safe are the semaphore primitives,
      which are not really appropriate for general-purpose usage.
      
      However, the state consistency problem that the global locks were
      attempting to solve is not actually a serious problem, particularly for
      OpenSSL.  That is, we can consider four cases of forking application
      that might use OpenSSL:
      
      (1) Single-threaded, does not call into OpenSSL in the child (e.g.,
      the child calls exec() immediately)
      
      For this class of process, no locking is needed at all, since there is
      only ever a single thread of execution and the only reentrancy is due to
      signal handlers (which are themselves limited to async-signal-safe
      operation and should not be doing much work at all).
      
      (2) Single-threaded, calls into OpenSSL after fork()
      
      The application must ensure that it does not fork() with an unexpected
      lock held (that is, one that would get unlocked in the parent but
      accidentally remain locked in the child and cause deadlock).  Since
      OpenSSL does not expose any of its internal locks to the application
      and the application is single-threaded, the OpenSSL internal locks
      will be unlocked for the fork(), and the state will be consistent.
      (OpenSSL will need to reseed its PRNG in the child, but that is
      an orthogonal issue.)  If the application makes use of locks from
      libcrypto, proper handling for those locks is the responsibility of
      the application, as for any other locking primitive that is available
      for application programming.
      
      (3) Multi-threaded, does not call into OpenSSL after fork()
      
      As for (1), the OpenSSL state is only relevant in the parent, so
      no particular fork()-related handling is needed.  The internal locks
      are relevant, but there is no interaction with the child to consider.
      
      (4) Multi-threaded, calls into OpenSSL after fork()
      
      This is the case where the pthread_atfork() hooks to ensure that all
      global locks are in a known state across fork() would come into play,
      per the above discussion.  However, these "calls into OpenSSL after
      fork()" are still subject to the restriction to async-signal-safe
      functions.  Since OpenSSL uses all sorts of locking and libc functions
      that are not on the list of safe functions (e.g., malloc()), this
      case is not currently usable and is unlikely to ever be usable,
      independently of the locking situation.  So, there is no need to
      go through contortions to attempt to support this case in the one small
      area of locking interaction with fork().
      
      In light of the above analysis (thanks @davidben and @achernya), go
      back to the simpler implementation that does not need to distinguish
      "library-global" locks or to have complicated atfork handling for locks.
      Reviewed-by: NKurt Roeckx <kurt@roeckx.be>
      Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
      (Merged from https://github.com/openssl/openssl/pull/5089)
      63ab5ea1
  13. 08 12月, 2017 1 次提交
  14. 13 11月, 2017 1 次提交
  15. 01 9月, 2017 1 次提交
  16. 31 8月, 2017 1 次提交
  17. 22 8月, 2017 2 次提交
  18. 21 8月, 2017 2 次提交
  19. 25 4月, 2017 3 次提交
  20. 29 3月, 2017 1 次提交
  21. 02 3月, 2017 1 次提交
    • A
      bio/b_addr.c: omit private hstrerror. · 3e49ee23
      Andy Polyakov 提交于
      Private hstrerror was introduced to address linking problem on HP-UX,
      but truth be told conemporary systems, HP-UX included, wouldn't come
      to that call, they would use getaddrinfo and gai_strerror, while
      gethostbyname and h_errno are there to serve legacy systems. Since
      legacy systems are naturally disappearing breed, we can as well just
      let user interpret number.
      
      GH#2816
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      3e49ee23
  22. 16 12月, 2016 1 次提交
  23. 08 9月, 2016 1 次提交
    • M
      Fix mem leaks during auto-deinit · 135648bc
      Matt Caswell 提交于
      Certain functions are automatically called during auto-deinit in order
      to deallocate resources. However, if we have never entered a function which
      marks lib crypto as inited then they never get called. This can happen if
      the user only ever makes use of a small sub-set of functions that don't hit
      the auto-init code.
      
      This commit ensures all such resources deallocated by these functions also
      init libcrypto when they are initially allocated.
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      Reviewed-by: NBen Laurie <ben@openssl.org>
      135648bc
  24. 22 8月, 2016 1 次提交
  25. 20 8月, 2016 1 次提交
  26. 20 7月, 2016 1 次提交
  27. 29 6月, 2016 1 次提交
  28. 18 6月, 2016 1 次提交
  29. 18 5月, 2016 2 次提交
  30. 17 5月, 2016 1 次提交
  31. 09 5月, 2016 1 次提交
  32. 29 4月, 2016 2 次提交
  33. 14 4月, 2016 1 次提交