Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
10 个月 前同步成功

通知 8
Star 18
Fork 1
T
Third Party Openssl

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

切换分支/标签
  1. 26 5月, 2023 1 次提交
  3. 12 4月, 2023 2 次提交
  5. 10 8月, 2021 1 次提交
  7. 27 2月, 2020 1 次提交
  9. 05 10月, 2018 1 次提交
  11. 22 8月, 2018 1 次提交
  13. 11 5月, 2018 1 次提交
  15. 12 3月, 2018 1 次提交
  17. 04 3月, 2018 1 次提交
  19. 27 2月, 2018 1 次提交
  21. 01 2月, 2018 1 次提交
    • B
      Revert the crypto "global lock" implementation · 63ab5ea1
      Benjamin Kaduk 提交于 
      Conceptually, this is a squashed version of:

    Revert "Address feedback"

    This reverts commit 75551e07.

and

    Revert "Add CRYPTO_thread_glock_new"

    This reverts commit ed6b2c79.

But there were some intervening commits that made neither revert apply
cleanly, so instead do it all as one shot.

The crypto global locks were an attempt to cope with the awkward
POSIX semantics for pthread_atfork(); its documentation (the "RATIONALE"
section) indicates that the expected usage is to have the prefork handler
lock all "global" locks, and the parent and child handlers release those
locks, to ensure that forking happens with a consistent (lock) state.
However, the set of functions available in the child process is limited
to async-signal-safe functions, and pthread_mutex_unlock() is not on
the list of async-signal-safe functions!  The only synchronization
primitives that are async-signal-safe are the semaphore primitives,
which are not really appropriate for general-purpose usage.

However, the state consistency problem that the global locks were
attempting to solve is not actually a serious problem, particularly for
OpenSSL.  That is, we can consider four cases of forking application
that might use OpenSSL:

(1) Single-threaded, does not call into OpenSSL in the child (e.g.,
the child calls exec() immediately)

For this class of process, no locking is needed at all, since there is
only ever a single thread of execution and the only reentrancy is due to
signal handlers (which are themselves limited to async-signal-safe
operation and should not be doing much work at all).

(2) Single-threaded, calls into OpenSSL after fork()

The application must ensure that it does not fork() with an unexpected
lock held (that is, one that would get unlocked in the parent but
accidentally remain locked in the child and cause deadlock).  Since
OpenSSL does not expose any of its internal locks to the application
and the application is single-threaded, the OpenSSL internal locks
will be unlocked for the fork(), and the state will be consistent.
(OpenSSL will need to reseed its PRNG in the child, but that is
an orthogonal issue.)  If the application makes use of locks from
libcrypto, proper handling for those locks is the responsibility of
the application, as for any other locking primitive that is available
for application programming.

(3) Multi-threaded, does not call into OpenSSL after fork()

As for (1), the OpenSSL state is only relevant in the parent, so
no particular fork()-related handling is needed.  The internal locks
are relevant, but there is no interaction with the child to consider.

(4) Multi-threaded, calls into OpenSSL after fork()

This is the case where the pthread_atfork() hooks to ensure that all
global locks are in a known state across fork() would come into play,
per the above discussion.  However, these "calls into OpenSSL after
fork()" are still subject to the restriction to async-signal-safe
functions.  Since OpenSSL uses all sorts of locking and libc functions
that are not on the list of safe functions (e.g., malloc()), this
case is not currently usable and is unlikely to ever be usable,
independently of the locking situation.  So, there is no need to
go through contortions to attempt to support this case in the one small
area of locking interaction with fork().

In light of the above analysis (thanks @davidben and @achernya), go
back to the simpler implementation that does not need to distinguish
"library-global" locks or to have complicated atfork handling for locks.
Reviewed-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5089)
      63ab5ea1
  23. 21 1月, 2018 1 次提交
  25. 19 1月, 2018 1 次提交
  27. 18 1月, 2018 1 次提交
  29. 08 12月, 2017 1 次提交
  31. 01 9月, 2017 1 次提交
  33. 30 8月, 2017 1 次提交
  35. 22 8月, 2017 1 次提交
  37. 30 7月, 2017 1 次提交
  39. 01 7月, 2017 1 次提交
  41. 21 5月, 2017 1 次提交
  43. 12 5月, 2017 1 次提交
    • T
      Fix infinite loops in secure memory allocation. · 7031ddac
      Todd Short 提交于 
      Issue 1:

sh.bittable_size is a size_t but i is and int, which can result in
freelist == -1 if sh.bittable_size exceeds an int.

This seems to result in an OPENSSL_assert due to invalid allocation
size, so maybe that is "ok."

Worse, if sh.bittable_size is exactly 1<<31, then this becomes an
infinite loop (because 1<<31 is a negative int, so it can be shifted
right forever and sticks at -1).

Issue 2:

CRYPTO_secure_malloc_init() sets secure_mem_initialized=1 even when
sh_init() returns 0.

If sh_init() fails, we end up with secure_mem_initialized=1 but
sh.minsize=0. If you then call secure_malloc(), which then calls,
sh_malloc(), this then enters an infite loop since 0 << anything will
never be larger than size.

Issue 3:

That same sh_malloc loop will loop forever for a size greater
than size_t/2 because i will proceed (assuming sh.minsize=16):
i=16, 32, 64, ..., size_t/8, size_t/4, size_t/2, 0, 0, 0, 0, ....
This sequence will never be larger than "size".
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3449)
      7031ddac
  45. 06 4月, 2017 1 次提交
  47. 03 3月, 2017 1 次提交
  49. 21 2月, 2017 1 次提交
    • P
      Ensure minsize >= sizeof(SH_LIST) · 70e14ffb
      Pauli 提交于 
      The sh_add_to_list function will overwrite subsequent slots in the free list
for small allocations.  This causes a segmentation fault if the writes goes
off the end of the secure memory.  I've not investigated if this problem
can overwrite memory without the segmentation fault, but it seems likely.

This fix limits the minsize to the sizeof of the SH_LIST structure (which
also has a side effect of properly aligning the pointers).

The alternative would be to return an error if minsize is too small.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2657)
      70e14ffb
  51. 15 2月, 2017 1 次提交
  53. 18 5月, 2016 1 次提交
  55. 17 5月, 2016 1 次提交
  57. 03 5月, 2016 1 次提交
    • T
      Secure memory fixes · e8408681
      Todd Short 提交于 
      Fix some of the variables to be (s)size_t, so that more than 1GB of
secure memory can be allocated. The arena has to be a power of 2, and
2GB fails because it ends up being a negative 32-bit signed number.

The |too_late| flag is not strictly necessary; it is easy to figure
out if something is secure memory by looking at the arena. As before,
secure memory allocations will not fail, but now they can be freed
correctly. Once initialized, secure memory can still be used, even if
allocations occured before initialization.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
      e8408681
  59. 09 3月, 2016 1 次提交
  61. 23 2月, 2016 1 次提交
  63. 17 2月, 2016 2 次提交
    • D
      RT4313: Fix build for !IMPLEMENTED code path in CRYPTO_secure_free() · 6a78ae28
      David Woodhouse 提交于 
      Commit 05c7b163 ("Implement the use of heap manipulator implementions")
added 'file' and 'line' arguments to CRYPTO_free() and friends, but neglected
to fix up the !IMPLEMENTED case within CRYPTO_secure_free(). Add the missing
arguments there too.
Signed-off-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
      6a78ae28
    • R
      Implement the use of heap manipulator implementions · 05c7b163
      Richard Levitte 提交于 
      - Make use of the functions given through CRYPTO_set_mem_functions().
- CRYPTO_free(), CRYPTO_clear_free() and CRYPTO_secure_free() now receive
  __FILE__ and __LINE__.
- The API for CRYPTO_set_mem_functions() and CRYPTO_get_mem_functions()
  is slightly changed, the implementation for free() now takes a couple
  of extra arguments, taking __FILE__ and __LINE__.
- The CRYPTO_ memory functions will *always* receive __FILE__ and __LINE__
  from the corresponding OPENSSL_ macros, regardless of if crypto-mdebug
  has been enabled or not.  The reason is that if someone swaps out the
  malloc(), realloc() and free() implementations, we can't know if they
  will use them or not.
Reviewed-by: NRich Salz <rsalz@openssl.org>
      05c7b163
  65. 10 2月, 2016 1 次提交
  67. 28 1月, 2016 1 次提交
  69. 10 1月, 2016 1 次提交
  71. 08 1月, 2016 1 次提交
    • R
      mem functions cleanup · bbd86bf5
      Rich Salz 提交于 
      Only two macros CRYPTO_MDEBUG and CRYPTO_MDEBUG_ABORT to control this.
If CRYPTO_MDEBUG is not set, #ifdef out the whole debug machinery.
        (Thanks to Jakob Bohm for the suggestion!)
Make the "change wrapper functions" be the only paradigm.
Wrote documentation!
Format the 'set func' functions so their paramlists are legible.
Format some multi-line comments.
Remove ability to get/set the "memory debug" functions at runtme.
Remove MemCheck_* and CRYPTO_malloc_debug_init macros.
Add CRYPTO_mem_debug(int flag) function.
Add test/memleaktest.
Rename CRYPTO_malloc_init to OPENSSL_malloc_init; remove needless calls.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
      bbd86bf5
  73. 17 12月, 2015 2 次提交