| Age | Commit message (Collapse) | Author |
|---|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1922)
(cherry picked from commit 8aa9cf7e655ae1e41f283fbf16dcc810970058a0)
|
|
Under certain circumstances, the libcrypto init code would loop,
causing a deadlock. This would typically happen if something in
ossl_init_base() caused an OpenSSL error, and the error stack routines
would recurse into the init code before the flag that ossl_init_base()
had been run was checked.
This change makes sure ossl_init_base isn't run once more of the base
is initiated.
Thanks to Dmitry Kostjuchenko for the idea.
Fixes Github issue #1899
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1922)
(cherry picked from commit b7a7f39afeb4748b4c25dbccb8951711b8b70eaf)
|
|
When configured no-dso, there are no DSO_{whatever} macros defined.
Therefore, before checking those, you have to check if OPENSSL_NO_DSO
is defined.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1902)
(cherry picked from commit 6e290a25c2cbdc26119c0866c20d9292f9e64dd8)
|
|
Rather than leaking a reference, just call GetModuleHandleEx and pin the
module on Windows.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 2b59d1beaad43d9cf8eb916a437db63bc8ce1d3a)
|
|
Instead of deliberately leaking a reference to ourselves, use nodelete
which does this more neatly. Only for Linux at the moment.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit b6d5ba1a9f004d637acac18ae3519fe063b6b5e1)
|
|
Because we use atexit() to cleanup after ourselves, this will cause a
problem if we have been dynamically loaded and then unloaded again: the
atexit() handler may no longer be there.
Most modern atexit() implementations can handle this, however there are
still difficulties if libssl gets unloaded before libcrypto, because of
the atexit() callback that libcrypto makes to libssl.
The most robust solution seems to be to ensure that libcrypto and libssl
never unload. This is done by simply deliberately leaking a dlopen()
reference to them.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 5836780f436e03be231ff245f04f2f9f2f0ede91)
|
|
Only set the load_crypto_strings_inited to 1 when err_load_crypto_strings_int was called.
This solves the following issue:
- openssl is built with no-err
- load_crypto_strings_inited is set to 1 during the OPENSSL_init_crypto call
- During the cleanup: OPENSSL_cleanup, err_free_strings_int is called because load_crypto_strings_inited == 1
- err_free_strings_int calls do_err_strings_init because it has never been called
- Now do_err_strings_init calls OPENSSL_init_crypto
- But since we are in the cleanup (stopped == 1) this results in an error:
CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO, ERR_R_INIT_FAIL);
- which then tries to initialize everything we are trying to clean up: ERR_get_state, ossl_init_thread_start, etc
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1654)
(cherry picked from commit a1f2b0e6e07a53c0ae2c81cba319b90e54210cd6)
|
|
Since dasync isn't installed, and is only ever used as a dynamic
engine, there's no reason to consider it for initialization when
building static engines.
Reviewed-by: Ben Laurie <ben@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #1330
|
|
That way, we have a way to check if the init function was successful
or not.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
|
The calls we made to it were redundant, as the same initialization is
done later in OPENSSL_init_crypto() anyway.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Also changed the code to use "appname" not "filename"
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Document thread-safe lock creation
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
The ERR_remove_thread_state() API is restored to take a pointer
argument, but does nothing more. ERR_remove_state() is also made into
a no-op. Both functions are deprecated and users are recommended to
use OPENSSL_thread_stop() instead.
Documentation is changed to reflect this.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Some locks were not being properly cleaned up during close down.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
The check_defer() function was used to ensure that EVP_cleanup() was always
called before OBJ_cleanup(). The new cleanup code ensures this so it is
no longer needed.
Remove obj_cleanup() call in OID config module: it is not needed
any more either.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Don't expose purely libcrypto internal symbols, even to libssl.
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
There is a preference for suffixes to indicate that a function is internal
rather than prefixes. Note: the suffix is only required to disambiguate
internal functions and public symbols with the same name (but different
case)
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
There was a lot of naming inconsistency, so we try and standardise on
one form.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
CONF_modules_free() should not be called expicitly - we should leave
auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
ENGINE_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
OBJ_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
EVP_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
BIO_sock_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
CRYPTO_cleanup_all_ex_data() should not be called expicitly - we should
leave auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
RAND_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
ERR_free_strings() should not be called expicitly - we should leave
auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
COMP_zlib_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
When config'd with "no-async" the ASYNC_NULL implementation is used, so
async symbols still exist. We should still init the NULL implementation so
that when we get the async ctx it is NULL rather than undefined.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Misc fixes for no-sock
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Don't have #error statements in header files, but instead wrap
the contents of that file in #ifndef OPENSSL_NO_xxx
This means it is now always safe to include the header file.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
mkdef.pl was not detecting no-comp functions. This updates the header file
so that mkdef.pl detects that no-comp applies, and the functions are marked
accordingly.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
OPENSSL_INIT_ONCE and OPENSSL_INIT_ONCE_STATIC_INIT are really
CRYPTO_ONCE and CRYPTO_ONCE_STATIC_INIT.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
There are internal dependencies between the various cleanup functions.
This re-orders things to try and get that right.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
OBJ_cleanup() doesn't always get called from EVP_cleanup() so needs to be
explicitly called in de-init. Also BIO_sock_cleanup() also needs to be
called.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
ENGINE_cleanup calls CRYPTO_free_ex_data and therefore,
CRYPTO_cleanup_all_ex_data - which cleans up the method pointers - must
run after ENGINE_cleanup.
Additionally, don't needlessly initialize the EX_CALLBACKS stack during
e.g. CRYPTO_free_ex_data. The only time this is actually needed is when
reserving the first ex data index. Specifically, since sk_num returns -1
on NULL input, the rest of the code already handles a NULL method stack
correctly.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
During auto de-init we were calling ENGINE_cleanup(), and then later
CONF_modules_free(). However the latter function can end up calling
engine code, which can lead to a use of the global_engine_lock after it
has already been freed. Therefore we should swap the calling order of
these two functions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Even if we haven't loaded an engine, we might have set up the
global_engine_lock, so we should still clean up.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Swap the use of CRYPTO_LOCK_INIT in the init code to use the new threading
API mechanism for locking.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
The init code was using its own thread local code. Now we have a central
API for it we should use that instead.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
The init code was using its own "once" implementation. Now that we have
the new thread API we should use that instead.
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
1. Cleaned up eventfd handling
2. Reworked socket setup code to allow other algorithms to be added in
future
3. Fixed compile errors for static build
4. Added error to error stack in all cases of ALG_PERR/ALG_ERR
5. Called afalg_aes_128_cbc() from bind() to avoid race conditions
6. Used MAX_INFLIGHT define in io_getevents system call
7. Coding style fixes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
The global thread local keys were not being deinited properly in async.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
The windows thread stop code was erroneously not just deleting the thread
local variable on thread stop, but also deleting the thread local *key*
(thus removing thread local data for *all* threads in one go!).
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
When OPENSSL_NO_ASYNC is set, make ASYNC_{un,}block_pause() do nothing.
This prevents md_rand.c from failing to build. Probably better to do it
this way than to wrap every instance in an explicit #ifdef.
A bunch of new socket code got added to a new file crypto/bio/b_addr.c.
Make it all go away if OPENSSL_NO_SOCK is defined.
Allow configuration with no-ripemd, no-ts, no-ui
We use these for the UEFI build.
Also remove the 'Really???' comment from no-err and no-locking. We use
those too.
We need to drop the crypto/engine directory from the build too, and also
set OPENSSL_NO_ENGINE
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
