Commit Graph

71 Commits

Author SHA1 Message Date
Rich Salz
f7edeced4d Add "random malloc failure" tooling
Still needs to be documented, somehow/somewhere.

The env var OPENSSL_MALLOC_FAILURES controls how often malloc/realloc
should fail.  It's a set of fields separated by semicolons.  Each field
is a count and optional percentage (separated by @) which defaults to 100.
If count is zero then it lasts "forever."  For example: 100;@25 means the
first 100 allocations pass, then the rest have a 25% chance of failing
until the program exits or crashes.

If env var OPENSSL_MALLOC_FD parses as a positive integer, a record
of all malloc "shouldfail" tests is written to that file descriptor.
If a malloc will fail, and OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE is not set
(platform specific), then a backtrace will be written to the descriptor
when a malloc fails.  This can be useful because a malloc may fail but
not be checked, and problems will only occur later.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1252)
2017-01-12 11:27:27 -05:00
Richard Levitte
8aa9cf7e65 Add a warning stipulating how things should be coded in ossl_init_base
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1922)
2016-11-15 01:27:26 +01:00
Richard Levitte
b7a7f39afe Stop init loops
Under certain circumstances, the libcrypto init code would loop,
causing a deadlock.  This would typically happen if something in
ossl_init_base() caused an OpenSSL error, and the error stack routines
would recurse into the init code before the flag that ossl_init_base()
had been run was checked.

This change makes sure ossl_init_base isn't run once more of the base
is initiated.

Thanks to Dmitry Kostjuchenko for the idea.

Fixes Github issue #1899

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1922)
2016-11-15 01:27:26 +01:00
Richard Levitte
6e290a25c2 Fix the effect of no-dso in crypto/init.c
When configured no-dso, there are no DSO_{whatever} macros defined.
Therefore, before checking those, you have to check if OPENSSL_NO_DSO
is defined.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1902)
2016-11-11 10:23:26 +01:00
Matt Caswell
2b59d1beaa Implement GET_MODULE_HANDLE_EX_FLAG_PIN for windows
Rather than leaking a reference, just call GetModuleHandleEx and pin the
module on Windows.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-11-02 23:32:50 +00:00
Matt Caswell
b6d5ba1a9f Link using -znodelete
Instead of deliberately leaking a reference to ourselves, use nodelete
which does this more neatly. Only for Linux at the moment.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-11-02 23:32:50 +00:00
Matt Caswell
5836780f43 Ensure that libcrypto and libssl do not unload until the process exits
Because we use atexit() to cleanup after ourselves, this will cause a
problem if we have been dynamically loaded and then unloaded again: the
atexit() handler may no longer be there.

Most modern atexit() implementations can handle this, however there are
still difficulties if libssl gets unloaded before libcrypto, because of
the atexit() callback that libcrypto makes to libssl.

The most robust solution seems to be to ensure that libcrypto and libssl
never unload. This is done by simply deliberately leaking a dlopen()
reference to them.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-11-02 23:32:50 +00:00
jrmarino
2df7f11fad Fix support for DragonFly BSD
The __DragonFly__ macros were introduced in issue #1546 along with a
function naming fix, but it was decided they should be handled
separately.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1765)
2016-10-22 04:25:17 -04:00
Mat
a1f2b0e6e0 Do not set load_crypto_strings_inited when OPENSSL_NO_ERR is defined
Only set the load_crypto_strings_inited to 1 when err_load_crypto_strings_int was called.

This solves the following issue:
- openssl is built with no-err
- load_crypto_strings_inited is set to 1 during the OPENSSL_init_crypto call
- During the cleanup: OPENSSL_cleanup, err_free_strings_int is called because load_crypto_strings_inited == 1
- err_free_strings_int calls do_err_strings_init because it has never been called
- Now do_err_strings_init calls OPENSSL_init_crypto
- But since we are in the cleanup (stopped == 1) this results in an error:
  CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO, ERR_R_INIT_FAIL);
- which then tries to initialize everything we are trying to clean up: ERR_get_state, ossl_init_thread_start, etc
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1654)
2016-10-19 06:59:03 -04:00
Richard Levitte
8d00e30f96 Don't try to init dasync internally
Since dasync isn't installed, and is only ever used as a dynamic
engine, there's no reason to consider it for initialization when
building static engines.

Reviewed-by: Ben Laurie <ben@openssl.org>
2016-08-17 21:34:42 +02:00
Kurt Roeckx
69588edbaa Check for errors allocating the error strings.
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #1330
2016-07-20 19:20:53 +02:00
Richard Levitte
c2e4e5d248 Change all our uses of CRYPTO_THREAD_run_once to use RUN_ONCE instead
That way, we have a way to check if the init function was successful
or not.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-07-19 23:49:54 +02:00
Richard Levitte
5534c16a87 Stop using and deprecate ENGINE_setup_bsd_cryptodev
The calls we made to it were redundant, as the same initialization is
done later in OPENSSL_init_crypto() anyway.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-05 23:52:09 +02:00
Rich Salz
cda3ae5bd0 RT4562: Fix misleading doc on OPENSSL_config
Also changed the code to use "appname" not "filename"

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-14 12:30:37 -04:00
Rich Salz
2039c421b0 Copyright consolidation 08/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 14:51:34 -04:00
Viktor Dukhovni
5c4328f04f Fold threads.h into crypto.h making API public
Document thread-safe lock creation

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-16 12:16:26 -04:00
Richard Levitte
21e001747d Restore the ERR_remove_thread_state() API and make it a no-op
The ERR_remove_thread_state() API is restored to take a pointer
argument, but does nothing more.  ERR_remove_state() is also made into
a no-op.  Both functions are deprecated and users are recommended to
use OPENSSL_thread_stop() instead.

Documentation is changed to reflect this.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-10 11:31:05 +02:00
Matt Caswell
ff2344052b Ensure all locks are properly cleaned up
Some locks were not being properly cleaned up during close down.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-14 13:19:04 +01:00
Dr. Stephen Henson
a535fe12f6 Remove check_defer()
The check_defer() function was used to ensure that EVP_cleanup() was always
called before OBJ_cleanup(). The new cleanup code ensures this so it is
no longer needed.

Remove obj_cleanup() call in OID config module: it is not needed
any more either.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-13 15:05:07 +01:00
Richard Levitte
13524b112e Move a declaration that's private to libcrypto
Don't expose purely libcrypto internal symbols, even to libssl.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-13 15:23:47 +02:00
Matt Caswell
b3599dbb6a Rename int_*() functions to *_int()
There is a preference for suffixes to indicate that a function is internal
rather than prefixes. Note: the suffix is only required to disambiguate
internal functions and public symbols with the same name (but different
case)

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:59:03 +01:00
Matt Caswell
342c21cd8b Rename lots of *_intern or *_internal function to int_*
There was a lot of naming inconsistency, so we try and standardise on
one form.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:34 +01:00
Matt Caswell
cbf6959fe8 Deprecate CONF_modules_free() and make it a no-op
CONF_modules_free() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
6d4fb1d59e Deprecate ENGINE_cleanup() and make it a no-op
ENGINE_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
7b8cc9b345 Deprecate OBJ_cleanup() and make it a no-op
OBJ_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
22c84afa77 Deprecate EVP_cleanup() and make it a no-op
EVP_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
62d876ad17 Deprecate BIO_sock_cleanup() and make it a no-op
BIO_sock_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
a5e3ac13d6 Deprecate CRYPTO_cleanup_all_ex_data() and make it a no-op
CRYPTO_cleanup_all_ex_data() should not be called expicitly - we should
leave auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
f3cd81d653 Deprecate RAND_cleanup() and make it a no-op
RAND_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
6827cb3610 Deprecate ERR_free_strings() and make it a no-op
ERR_free_strings() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
02a247e0fa Deprecate COMP_zlib_cleanup() and make it a no-op
COMP_zlib_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
7626fbf2ef Remove some OPENSSL_NO_ASYNC guards in init
When config'd with "no-async" the ASYNC_NULL implementation is used, so
async symbols still exist. We should still init the NULL implementation so
that when we get the async ctx it is NULL rather than undefined.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-06 14:51:42 +01:00
Matt Caswell
f9e5503412 Fix no-sock
Misc fixes for no-sock

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-21 16:33:59 +00:00
Rich Salz
3c27208fab Remove #error from include files.
Don't have #error statements in header files, but instead wrap
the contents of that file in #ifndef OPENSSL_NO_xxx
This means it is now always safe to include the header file.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-20 19:48:36 -04:00
Matt Caswell
114de5b595 Ensure that no-comp functions are flagged as such
mkdef.pl was not detecting no-comp functions. This updates the header file
so that mkdef.pl detects that no-comp applies, and the functions are marked
accordingly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-18 12:09:27 +00:00
Emilia Kasper
3ddd1d0458 Fix CRYPTO_THREAD_run_once return value checks
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-15 17:59:09 +01:00
Richard Levitte
a4d8bcf1f2 Small typo
OPENSSL_INIT_ONCE and OPENSSL_INIT_ONCE_STATIC_INIT are really
CRYPTO_ONCE and CRYPTO_ONCE_STATIC_INIT.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-15 14:06:34 +01:00
Matt Caswell
58a8fc25d7 Fix the init cleanup order
There are internal dependencies between the various cleanup functions.
This re-orders things to try and get that right.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-14 10:54:37 +00:00
Matt Caswell
b10cdcce00 Add some missing cleanup calls to de-init
OBJ_cleanup() doesn't always get called from EVP_cleanup() so needs to be
explicitly called in de-init. Also BIO_sock_cleanup() also needs to be
called.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-14 10:54:37 +00:00
Emilia Kasper
8cab4e9bc7 Fix memory leak in library deinit
ENGINE_cleanup calls CRYPTO_free_ex_data and therefore,
CRYPTO_cleanup_all_ex_data - which cleans up the method pointers - must
run after ENGINE_cleanup.

Additionally, don't needlessly initialize the EX_CALLBACKS stack during
e.g. CRYPTO_free_ex_data. The only time this is actually needed is when
reserving the first ex data index. Specifically, since sk_num returns -1
on NULL input, the rest of the code already handles a NULL method stack
correctly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-12 21:47:01 +01:00
Emilia Kasper
e4ad0763e8 Fix no-comp build
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-12 16:21:33 +01:00
Matt Caswell
773fd0bad4 Call CONF_modules_free() before ENGINE_cleanup() in auto-deinit
During auto de-init we were calling ENGINE_cleanup(), and then later
CONF_modules_free(). However the latter function can end up calling
engine code, which can lead to a use of the global_engine_lock after it
has already been freed. Therefore we should swap the calling order of
these two functions.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 13:36:57 +00:00
Richard Levitte
9749a07a1d Don't call ENGINE_cleanup when configured "no-engine"
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 12:52:50 +01:00
Matt Caswell
ae6412f3be Always call ENGINE_cleanup() in de-init
Even if we haven't loaded an engine, we might have set up the
global_engine_lock, so we should still clean up.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-09 11:04:21 +01:00
Alessandro Ghedini
8509dcc9f3 Convert ERR_STATE to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 14:11:09 +00:00
Matt Caswell
c292b105b1 Remove use of CRYPTO_LOCK_INIT in init code
Swap the use of CRYPTO_LOCK_INIT in the init code to use the new threading
API mechanism for locking.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-07 17:17:21 +00:00
Matt Caswell
a072ed0c88 Swap the init code to use the new Thread API thread locals
The init code was using its own thread local code. Now we have a central
API for it we should use that instead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-07 17:17:21 +00:00
Matt Caswell
b1f1e7aeba Swap the init code to use CRYPTO_ONCE
The init code was using its own "once" implementation. Now that we have
the new thread API we should use that instead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-07 17:17:21 +00:00
clucey
6cba4a6661 Rework based on feedback:
1. Cleaned up eventfd handling
2. Reworked socket setup code to allow other algorithms to be added in
   future
3. Fixed compile errors for static build
4. Added error to error stack in all cases of ALG_PERR/ALG_ERR
5. Called afalg_aes_128_cbc() from bind() to avoid race conditions
6. Used MAX_INFLIGHT define in io_getevents system call
7. Coding style fixes

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-07 13:36:17 +00:00
Matt Caswell
ed49f43a03 Ensure Async is deinited properly
The global thread local keys were not being deinited properly in async.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-02 17:23:42 +00:00