Commit Graph

14339 Commits

Author SHA1 Message Date
Matt Caswell
9920a58eb2 Fix the error code for SSL_get_async_wait_fd()
0 is a valid file descriptor so SSL_get_async_wait_fd should instead return
-1 on error.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:34:35 +00:00
Matt Caswell
bc8857bf70 More async documentation
Document the libssl and command line application aspects of async.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:34:35 +00:00
Matt Caswell
636ca4ff64 Normalise ASYNC naming
Tidied up the naming of functions and structures to be consistent

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:34:35 +00:00
Matt Caswell
134b28f883 Fix windows compilation warnings
Fix some warnings in the async code when compiling on windows.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:34:35 +00:00
Matt Caswell
9f078e1961 Optimise ASYNC_CTX handling
Don't recreate a new ASYNC_CTX every time we call ASYNC_start_job() - the
same one can be used for the life of the thread. Instead we only free it
up when we call ASYNC_free_pool().

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:34:35 +00:00
Matt Caswell
7240557b7d Fix ASYNC null implementation
The ASYNC null implementation has not kept pace with the rest of the async
development and so was failing to compile.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:34:35 +00:00
Matt Caswell
5705e05037 Add ASYNC tests
Add a suite of tests for the ASYNC_* functions

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:34:35 +00:00
Matt Caswell
44a27ac282 Remove ASYNC_in_job()
The ASYNC_in_job() function is redundant. The same effect can be achieved by
using ASYNC_get_current_job().

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:34:34 +00:00
Matt Caswell
c00793da99 Document async capabilities
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:34:34 +00:00
Matt Caswell
4f70d04593 make update
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:34:34 +00:00
Matt Caswell
d63de0ebff Implement windows async pool and notify support
Port the async pool and notify code to windows.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:33:46 +00:00
Matt Caswell
5e6f9775a9 Fix pools for s_client
s_client was not freeing up the async pool if async mode was enabled.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:33:46 +00:00
Matt Caswell
64c07bd2d8 Fix s_server bug
If an async event occurs during a renegotiation in SSL_read then s_server
was looping around, detecting we were in init and calling
init_ssl_connection instead of re-calling SSL_read.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:33:46 +00:00
Matt Caswell
0ff2b9ac0b Implement local thread pools
Implement the ASYNC_JOB as a local thread pool. Remove the API support
for global pools.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:33:46 +00:00
Matt Caswell
f4da39d200 Initial Async notify code changes
Initial API implemented for notifying applications that an ASYNC_JOB
has completed. Currently only s_server is using this. The Dummy Async
engine "cheats" in that it notifies that it has completed *before* it
pauses the job. A normal async engine would not do that.

Only the posix version of this has been implemented so far, so it will
probably fail to compile on Windows at the moment.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:33:46 +00:00
Matt Caswell
252d6d3aa6 Add ASYNC_JOB pools
It is expensive to create the ASYNC_JOB objects due to the "makecontext"
call. This change adds support for pools of ASYNC_JOB objects so that we
don't have to create a new ASYNC_JOB every time we want to use one.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:33:46 +00:00
Matt Caswell
7070e5ca2f Use longjmp at setjmp where possible
Where we can we should use longjmp and setjmp in preference to swapcontext/
setcontext as they seem to be more performant.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:33:05 +00:00
Matt Caswell
4cfa6204e8 Fix s_server -WWW with -async
The s_server option -WWW was not async aware, and therefore was not
handling SSL_ERROR_WANT_ASYNC conditions. This commit fixes that.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:32:18 +00:00
Matt Caswell
826760945d Async clean ups
Removed the function ASYNC_job_is_waiting() as it was redundant. The only
time user code has a handle on a job is when one is waiting, so all they
need to do is check whether the job is NULL. Also did some cleanups to
make sure the job really is NULL after it has been freed!

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:32:18 +00:00
Matt Caswell
06754949e4 Increase stack size
Some assembler code puts a lot of stuff on the stack, so up the stack size.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:32:18 +00:00
Matt Caswell
9ec1e03194 Add null async implementation
Create a "null" async implementation for platforms that lack support. This
just does nothing when called and therefore performs synchronously.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:32:18 +00:00
Matt Caswell
5010830495 Async port to windows
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:32:18 +00:00
Matt Caswell
38148a234c Various windows build fixes to prepare for windows port
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:31:42 +00:00
Matt Caswell
7e25dd6da1 Add s_server and s_client async support
A new -async option is added which activates SSL_MODE_ASYNC. Also
SSL_WANT_ASYNC errors are handled appropriately.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:31:42 +00:00
Matt Caswell
07bbc92ccb Make libssl async aware
The following entry points have been made async aware:
SSL_accept
SSL_read
SSL_write

Also added is a new mode - SSL_MODE_ASYNC. Calling the above functions with
the async mode enabled will initiate a new async job. If an async pause is
encountered whilst executing the job (such as for example if using SHA1/RSA
with the Dummy Async engine), then the above functions return with
SSL_WANT_ASYNC. Calling the functions again (with exactly the same args
as per non-blocking IO), will resume the job where it left off.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:31:42 +00:00
Matt Caswell
a14e9ff713 Add the Dummy Async engine (dasync)
This engine is for developers of async aware applications. It simulates
asynchronous activity with external hardware. This initial version supports
SHA1 and RSA. Certain operations using those algorithms have async job
"pauses" in them - using the new libcrypto async capability.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:31:42 +00:00
Matt Caswell
a3667c316a Add async sub-library to libcrypto
Provides support for running asynchronous jobs. Currently this is completely
stand alone. Future commits will integrate this into libssl and s_server/
s_client. An asynchronous capable engine will be required to see any benefit
from this capability.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:31:04 +00:00
Matt Caswell
757d14905e Add pthread support
The forthcoming async code needs to use pthread thread local variables. This
updates the various Configurations to add the necessary flags. In many cases
this is an educated guess as I don't have access to most of these
environments! There is likely to be some tweaking needed.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-11-20 23:19:16 +00:00
Matt Caswell
ba4f1331e3 Fix uninitialised variable
The al variable could be uninitialised in an error path.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:15:53 +00:00
Kurt Roeckx
32c748140f BN_sub: document that r might be the same as a or b
Reviewed-by: Rich Salz <rsalz@akamai.com>

RT #4100, MR #1264
2015-11-20 22:29:57 +01:00
Pascal Cuoq
9f6795e7d2 BN_usub: Don't copy when r and a the same
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@akamai.com>

RT #4100, MR #1264
2015-11-20 22:29:53 +01:00
Dr. Stephen Henson
1786086b05 make update
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-11-20 16:52:20 +00:00
Matt Caswell
5f3d93e4a3 Ensure all EVP calls have their returns checked where appropriate
There are lots of calls to EVP functions from within libssl There were
various places where we should probably check the return value but don't.
This adds these checks.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-11-20 15:47:02 +00:00
Dr. Stephen Henson
2cc7acd273 Use better defaults for TSA.
Use SHA256 for TSA and setted permitted digests to a sensible value.

Based on PR#4141

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-11-20 13:40:53 +00:00
Dr. Stephen Henson
e20b472751 Add support for signer_digest option in TS.
Based on PR#2145

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-11-20 13:40:53 +00:00
Dr. Stephen Henson
fa49924659 Make GOST ciphersuites require TLSv1
PR#4141

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-11-19 14:35:39 +00:00
Andy Polyakov
ce24d2ed23 aes/asm/vpaes-ppc.pl: eliminate overhung stores in misaligned cases.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-11-18 11:56:21 +01:00
Andy Polyakov
0ee05b736a e_os.h: bump minimal _WIN32_WINNT.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-11-18 11:50:40 +01:00
Rich Salz
bf1605518a Rename RSA_eay_xxx to rsa_ossl_xxx
Final part of flushing out SSLEay API's.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-11-17 17:14:28 -05:00
Richard Levitte
a22c01244b make update
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-11-17 15:17:36 +01:00
Matt Caswell
9ae720b4dc Check error return from sysconf in secure memory code
We use the sysconf function to provide details about the page size in the
secure memory code. This function can return -1 on error so we should check
for this before proceeding.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-11-17 11:23:51 +00:00
Matt Caswell
ae4d0c8d22 Add comment explaining why we don't check a return value
A call to X509_verify_cert() is used to build a chain of certs for the
server to send back to the client. It isn't *actually* used for verifying
the cert at all - just building the chain. Therefore the return value is
ignored.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-11-17 11:21:17 +00:00
Matt Caswell
d73ca3efa7 Remove an NULL ptr deref in an error path
The |passwd| variable in the code can be NULL if it goes to the err label.
Therefore we cannot call strlen on it without first checking that it is non
NULL.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-11-17 11:17:37 +00:00
Andy Polyakov
e4693b4e2a bn/asm/ppc64-mont.pl: adapt for little-endian.
The problem remained unnoticed so far, because it's never called by default.
You have to craft OPENSSL_ppccap environment variable to trigger the problem.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-11-16 13:40:41 +01:00
Andy Polyakov
27186da715 crypto/sec_mem.c: fix anonymous mmap on legacy systems.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-11-16 13:15:00 +01:00
Andy Polyakov
9d0e4dc635 bn/asm/s390x.S: improve performance on z196 and z13 by up to 26%. [even z10 is couple percent faster]. Triggered by RT#4128, but solves the problem by real modulo-scheduling.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-16 13:10:45 +01:00
Andy Polyakov
a5fd24d19b aesni-sha256-x86_64.pl: fix crash on AMD Jaguar.
It was also found that stich performs suboptimally on AMD Jaguar, hence
execution is limited to XOP-capable and Intel processors.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-11-16 13:06:10 +01:00
Viktor Dukhovni
39e46af6bb Explicit OpenSSL_version_num() implementation prototype
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-11-15 00:02:57 -05:00
Dr. Stephen Henson
ff7fbfd550 Document new functions
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-11-14 00:13:08 +00:00
Dr. Stephen Henson
699f163524 Use accessors for X509_print_ex().
Print certificate details using accessor functions.

Since X509_CERT_AUX_print is only used in one place and can't
be used by applications (it uses an internal X509_CERT_AUX structure)
this has been removed and replaced by a function X509_aux_print which
takes an X509 pointer instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-11-14 00:13:08 +00:00