Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
10 个月 前同步成功

通知 8
Star 18
Fork 1
T
Third Party Openssl

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

切换分支/标签
  1. 26 5月, 2023 1 次提交
  3. 12 4月, 2023 2 次提交
  5. 10 8月, 2021 1 次提交
  7. 31 3月, 2020 1 次提交
  9. 20 3月, 2020 1 次提交
  11. 27 2月, 2020 1 次提交
  13. 28 9月, 2019 1 次提交
    • D
      Reorganize private crypto header files · 0c994d54
      Dr. Matthias St. Pierre 提交于 
      Currently, there are two different directories which contain internal
header files of libcrypto which are meant to be shared internally:

While header files in 'include/internal' are intended to be shared
between libcrypto and libssl, the files in 'crypto/include/internal'
are intended to be shared inside libcrypto only.

To make things complicated, the include search path is set up in such
a way that the directive #include "internal/file.h" could refer to
a file in either of these two directoroes. This makes it necessary
in some cases to add a '_int.h' suffix to some files to resolve this
ambiguity:

  #include "internal/file.h"      # located in 'include/internal'
  #include "internal/file_int.h"  # located in 'crypto/include/internal'

This commit moves the private crypto headers from

  'crypto/include/internal'  to  'include/crypto'

As a result, the include directives become unambiguous

  #include "internal/file.h"       # located in 'include/internal'
  #include "crypto/file.h"         # located in 'include/crypto'

hence the superfluous '_int.h' suffixes can be stripped.

The files 'store_int.h' and 'store.h' need to be treated specially;
they are joined into a single file.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9681)
      0c994d54
  15. 20 4月, 2018 1 次提交
  17. 13 2月, 2018 1 次提交
  19. 01 2月, 2018 1 次提交
    • B
      Revert the crypto "global lock" implementation · 63ab5ea1
      Benjamin Kaduk 提交于 
      Conceptually, this is a squashed version of:

    Revert "Address feedback"

    This reverts commit 75551e07.

and

    Revert "Add CRYPTO_thread_glock_new"

    This reverts commit ed6b2c79.

But there were some intervening commits that made neither revert apply
cleanly, so instead do it all as one shot.

The crypto global locks were an attempt to cope with the awkward
POSIX semantics for pthread_atfork(); its documentation (the "RATIONALE"
section) indicates that the expected usage is to have the prefork handler
lock all "global" locks, and the parent and child handlers release those
locks, to ensure that forking happens with a consistent (lock) state.
However, the set of functions available in the child process is limited
to async-signal-safe functions, and pthread_mutex_unlock() is not on
the list of async-signal-safe functions!  The only synchronization
primitives that are async-signal-safe are the semaphore primitives,
which are not really appropriate for general-purpose usage.

However, the state consistency problem that the global locks were
attempting to solve is not actually a serious problem, particularly for
OpenSSL.  That is, we can consider four cases of forking application
that might use OpenSSL:

(1) Single-threaded, does not call into OpenSSL in the child (e.g.,
the child calls exec() immediately)

For this class of process, no locking is needed at all, since there is
only ever a single thread of execution and the only reentrancy is due to
signal handlers (which are themselves limited to async-signal-safe
operation and should not be doing much work at all).

(2) Single-threaded, calls into OpenSSL after fork()

The application must ensure that it does not fork() with an unexpected
lock held (that is, one that would get unlocked in the parent but
accidentally remain locked in the child and cause deadlock).  Since
OpenSSL does not expose any of its internal locks to the application
and the application is single-threaded, the OpenSSL internal locks
will be unlocked for the fork(), and the state will be consistent.
(OpenSSL will need to reseed its PRNG in the child, but that is
an orthogonal issue.)  If the application makes use of locks from
libcrypto, proper handling for those locks is the responsibility of
the application, as for any other locking primitive that is available
for application programming.

(3) Multi-threaded, does not call into OpenSSL after fork()

As for (1), the OpenSSL state is only relevant in the parent, so
no particular fork()-related handling is needed.  The internal locks
are relevant, but there is no interaction with the child to consider.

(4) Multi-threaded, calls into OpenSSL after fork()

This is the case where the pthread_atfork() hooks to ensure that all
global locks are in a known state across fork() would come into play,
per the above discussion.  However, these "calls into OpenSSL after
fork()" are still subject to the restriction to async-signal-safe
functions.  Since OpenSSL uses all sorts of locking and libc functions
that are not on the list of safe functions (e.g., malloc()), this
case is not currently usable and is unlikely to ever be usable,
independently of the locking situation.  So, there is no need to
go through contortions to attempt to support this case in the one small
area of locking interaction with fork().

In light of the above analysis (thanks @davidben and @achernya), go
back to the simpler implementation that does not need to distinguish
"library-global" locks or to have complicated atfork handling for locks.
Reviewed-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5089)
      63ab5ea1
  21. 29 9月, 2017 1 次提交
  23. 01 9月, 2017 1 次提交
  25. 03 6月, 2017 1 次提交
  27. 20 3月, 2017 1 次提交
  29. 04 2月, 2017 1 次提交
  31. 08 9月, 2016 1 次提交
    • M
      Fix mem leaks during auto-deinit · 135648bc
      Matt Caswell 提交于 
      Certain functions are automatically called during auto-deinit in order
to deallocate resources. However, if we have never entered a function which
marks lib crypto as inited then they never get called. This can happen if
the user only ever makes use of a small sub-set of functions that don't hit
the auto-init code.

This commit ensures all such resources deallocated by these functions also
init libcrypto when they are initially allocated.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NBen Laurie <ben@openssl.org>
      135648bc
  33. 01 8月, 2016 1 次提交
  35. 20 7月, 2016 1 次提交
  37. 18 5月, 2016 1 次提交
  39. 17 5月, 2016 1 次提交
  41. 15 4月, 2016 1 次提交
    • M
      Fix ex_data locks issue · 1ee7b8b9
      Matt Caswell 提交于 
      Travis identified a problem with freeing the ex_data locks which wasn't
quite right in ff234405. Trying to fix it identified a further problem:
the ex_data locks are cleaned up by OPENSSL_cleanup(), which is called
explicitly by CRYPTO_mem_leaks(), but then later the BIO passed to
CRYPTO_mem_leaks() is freed. An attempt is then made to use the ex_data
lock already freed.
Reviewed-by: NTim Hudson <tjh@openssl.org>
      1ee7b8b9
  43. 14 4月, 2016 1 次提交
  45. 13 4月, 2016 3 次提交
  47. 23 3月, 2016 1 次提交
  49. 13 3月, 2016 2 次提交
  51. 08 3月, 2016 1 次提交
  53. 06 2月, 2016 1 次提交
  55. 08 1月, 2016 2 次提交
  57. 02 12月, 2015 1 次提交
  59. 10 11月, 2015 1 次提交
  61. 20 7月, 2015 1 次提交
    • R
      Rewrite crypto/ex_data · 7e5363ab
      Rich Salz 提交于 
      Removed ability to set ex_data impl at runtime.  This removed these
three functions:
    const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void);
    int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i);
    int CRYPTO_ex_data_new_class(void);
It is no longer possible to change the ex_data implementation at
runtime.  (Luckily those functions were never documented :)

Also removed the ability to add new exdata "classes."  We don't believe
this received much (if any) use, since you can't add it to OpenSSL objects,
and there are probably better (native) methods for developers to add
their own extensible data, if they really need that.

Replaced the internal hash table (of per-"class" stacks) with a simple
indexed array.  Reserved an index for "app" application.

Each API used to take the lock twice; now it only locks once.

Use local stack storage for function pointers, rather than malloc,
if possible (i.e., number of ex_data items is under a dozen).

Make CRYPTO_EX_DATA_FUNCS opaque/internal.

Also fixes RT3710; index zero is reserved.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
      7e5363ab
  63. 14 5月, 2015 1 次提交
  65. 05 5月, 2015 1 次提交
    • R
      Use safer sizeof variant in malloc · b4faea50
      Rich Salz 提交于 
      For a local variable:
        TYPE *p;
Allocations like this are "risky":
        p = OPENSSL_malloc(sizeof(TYPE));
if the type of p changes, and the malloc call isn't updated, you
could get memory corruption.  Instead do this:
        p = OPENSSL_malloc(sizeof(*p));
Also fixed a few memset() calls that I noticed while doing this.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
      b4faea50
  67. 02 5月, 2015 1 次提交
    • R
      free NULL cleanup -- coda · 25aaa98a
      Rich Salz 提交于 
      After the finale, the "real" final part. :)  Do a recursive grep with
"-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are
an "if NULL" check that can be removed.
Reviewed-by: NTim Hudson <tjh@openssl.org>
      25aaa98a
  69. 01 5月, 2015 1 次提交