Commit graph

95 commits

Author SHA1 Message Date
Matt Caswell
62d876ad17 Deprecate BIO_sock_cleanup() and make it a no-op
BIO_sock_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
a5e3ac13d6 Deprecate CRYPTO_cleanup_all_ex_data() and make it a no-op
CRYPTO_cleanup_all_ex_data() should not be called expicitly - we should
leave auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
f3cd81d653 Deprecate RAND_cleanup() and make it a no-op
RAND_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
6827cb3610 Deprecate ERR_free_strings() and make it a no-op
ERR_free_strings() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
02a247e0fa Deprecate COMP_zlib_cleanup() and make it a no-op
COMP_zlib_cleanup() should not be called expicitly - we should leave
auto-deinit to clean this up instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 08:52:33 +01:00
Matt Caswell
7626fbf2ef Remove some OPENSSL_NO_ASYNC guards in init
When config'd with "no-async" the ASYNC_NULL implementation is used, so
async symbols still exist. We should still init the NULL implementation so
that when we get the async ctx it is NULL rather than undefined.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-06 14:51:42 +01:00
Matt Caswell
f9e5503412 Fix no-sock
Misc fixes for no-sock

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-21 16:33:59 +00:00
Rich Salz
3c27208fab Remove #error from include files.
Don't have #error statements in header files, but instead wrap
the contents of that file in #ifndef OPENSSL_NO_xxx
This means it is now always safe to include the header file.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-20 19:48:36 -04:00
Matt Caswell
114de5b595 Ensure that no-comp functions are flagged as such
mkdef.pl was not detecting no-comp functions. This updates the header file
so that mkdef.pl detects that no-comp applies, and the functions are marked
accordingly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-18 12:09:27 +00:00
Emilia Kasper
3ddd1d0458 Fix CRYPTO_THREAD_run_once return value checks
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-15 17:59:09 +01:00
Richard Levitte
a4d8bcf1f2 Small typo
OPENSSL_INIT_ONCE and OPENSSL_INIT_ONCE_STATIC_INIT are really
CRYPTO_ONCE and CRYPTO_ONCE_STATIC_INIT.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-15 14:06:34 +01:00
Matt Caswell
58a8fc25d7 Fix the init cleanup order
There are internal dependencies between the various cleanup functions.
This re-orders things to try and get that right.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-14 10:54:37 +00:00
Matt Caswell
b10cdcce00 Add some missing cleanup calls to de-init
OBJ_cleanup() doesn't always get called from EVP_cleanup() so needs to be
explicitly called in de-init. Also BIO_sock_cleanup() also needs to be
called.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-14 10:54:37 +00:00
Emilia Kasper
8cab4e9bc7 Fix memory leak in library deinit
ENGINE_cleanup calls CRYPTO_free_ex_data and therefore,
CRYPTO_cleanup_all_ex_data - which cleans up the method pointers - must
run after ENGINE_cleanup.

Additionally, don't needlessly initialize the EX_CALLBACKS stack during
e.g. CRYPTO_free_ex_data. The only time this is actually needed is when
reserving the first ex data index. Specifically, since sk_num returns -1
on NULL input, the rest of the code already handles a NULL method stack
correctly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-12 21:47:01 +01:00
Emilia Kasper
e4ad0763e8 Fix no-comp build
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-12 16:21:33 +01:00
Matt Caswell
773fd0bad4 Call CONF_modules_free() before ENGINE_cleanup() in auto-deinit
During auto de-init we were calling ENGINE_cleanup(), and then later
CONF_modules_free(). However the latter function can end up calling
engine code, which can lead to a use of the global_engine_lock after it
has already been freed. Therefore we should swap the calling order of
these two functions.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 13:36:57 +00:00
Richard Levitte
9749a07a1d Don't call ENGINE_cleanup when configured "no-engine"
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 12:52:50 +01:00
Matt Caswell
ae6412f3be Always call ENGINE_cleanup() in de-init
Even if we haven't loaded an engine, we might have set up the
global_engine_lock, so we should still clean up.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-09 11:04:21 +01:00
Alessandro Ghedini
8509dcc9f3 Convert ERR_STATE to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 14:11:09 +00:00
Matt Caswell
c292b105b1 Remove use of CRYPTO_LOCK_INIT in init code
Swap the use of CRYPTO_LOCK_INIT in the init code to use the new threading
API mechanism for locking.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-07 17:17:21 +00:00
Matt Caswell
a072ed0c88 Swap the init code to use the new Thread API thread locals
The init code was using its own thread local code. Now we have a central
API for it we should use that instead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-07 17:17:21 +00:00
Matt Caswell
b1f1e7aeba Swap the init code to use CRYPTO_ONCE
The init code was using its own "once" implementation. Now that we have
the new thread API we should use that instead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-07 17:17:21 +00:00
clucey
6cba4a6661 Rework based on feedback:
1. Cleaned up eventfd handling
2. Reworked socket setup code to allow other algorithms to be added in
   future
3. Fixed compile errors for static build
4. Added error to error stack in all cases of ALG_PERR/ALG_ERR
5. Called afalg_aes_128_cbc() from bind() to avoid race conditions
6. Used MAX_INFLIGHT define in io_getevents system call
7. Coding style fixes

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-07 13:36:17 +00:00
Matt Caswell
ed49f43a03 Ensure Async is deinited properly
The global thread local keys were not being deinited properly in async.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-02 17:23:42 +00:00
Matt Caswell
6bc7bad011 Fix windows thread stop code
The windows thread stop code was erroneously not just deleting the thread
local variable on thread stop, but also deleting the thread local *key*
(thus removing thread local data for *all* threads in one go!).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-18 15:27:16 +00:00
Rich Salz
1288f26fb9 RT4310: Fix varous no-XXX builds
When OPENSSL_NO_ASYNC is set, make ASYNC_{un,}block_pause() do nothing.
This prevents md_rand.c from failing to build. Probably better to do it
this way than to wrap every instance in an explicit #ifdef.

A bunch of new socket code got added to a new file crypto/bio/b_addr.c.
Make it all go away if OPENSSL_NO_SOCK is defined.

Allow configuration with no-ripemd, no-ts, no-ui
We use these for the UEFI build.

Also remove the 'Really???' comment from no-err and no-locking. We use
those too.

We need to drop the crypto/engine directory from the build too, and also
set OPENSSL_NO_ENGINE

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-17 13:33:51 -05:00
David Woodhouse
c7b7938e75 RT4315: Fix UEFI build in crypto/init.c
We don't have atexit() in the EDK2 environment. Firmware never exits.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-17 10:07:30 -05:00
Viktor Dukhovni
31305cdf9f Fixes to make no-deprecated work again
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-14 16:16:08 -05:00
Rich Salz
7253fd550c Hide OPENSSL_INIT_SETTINGS.
Make OPENSSL_INIT_SETTINGS an opaque structure.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11 08:43:46 -05:00
Rich Salz
a4625290c3 After renaming init, update errors.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-10 15:52:32 -05:00
Matt Caswell
302f75887e Attempt to log an error if init failed
If init failed we'd like to set an error code to indicate that. But if
init failed then when the error system tries to load its strings its going
to fail again. We could get into an infinite loop. Therefore we just set
a single error the first time around. After that no error is set.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 17:40:59 +00:00
Matt Caswell
0fc32b0718 The new init functions can now fail so shouldn't be void
The new init functions can fail if the library has already been stopped. We
should be able to indicate failure with a 0 return value.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 17:40:59 +00:00
Matt Caswell
8bd8221be8 Variable was declared static when it shouldn't be
The local variable tmp was declared static when it shouldn't be. This
is in the no-threads implementation, and it was immediately initialised
to something else on every invokation of the function so it doesn't break
anything...but still shouldn't be there.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-10 17:37:11 +00:00
Rich Salz
f672aee494 Rename INIT funtions, deprecate old ones.
Man, there were a lot of renamings :)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-10 09:37:03 -05:00
Rich Salz
ea7736a093 No dynamic-init fix; merge goof.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-10 08:45:22 -05:00
Rich Salz
dd27f16e9a Can't re-init after stop.
Remoce DYANMIC once-init stuff.
After the library is stopped, you can't restart it.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-10 08:27:06 -05:00
Matt Caswell
deca5df2fb If we've not been inited don't deinit
If you call an explicit deinit when we've not been inited then a seg
fault can occur. We should check that we've been inited before attempting
to deinit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 12:03:07 +00:00
Matt Caswell
1ffa8a9685 Make some global variables static
Make some global variables that are only ever accessed from one file
static.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-09 23:59:17 +00:00
Matt Caswell
b7326ea710 NULL the thread_local_inits_st pointer after use
After the final use of the thread_local_inits_st we should ensure it is
set to NULL, just in case OPENSSL_INIT_thread_stop gets called again and
it tries to use garbage.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-09 23:29:31 +00:00
Matt Caswell
35d8fa563c Updates for auto init/deinit review comments
Fixes for the auto-init/deinit code based on review comments

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09 15:12:02 +00:00
Matt Caswell
bf24111bb2 Avoid a race condition in loading config settings
A race condition can occur when sending config settings to
OPENSSL_INIT_crypto_library_start()

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09 15:11:38 +00:00
Matt Caswell
498abff0ae Add an OPENSSL_NO_AUTOERRINIT option
This option disables automatic loading of the crypto/ssl error strings in
order to keep statically linked executable file size down

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09 15:11:38 +00:00
Matt Caswell
71567a6f41 Provide a thread stop API
Add the OPENSSL_INIT_thread_stop() function.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09 15:11:38 +00:00
Matt Caswell
7b9f8f7f03 Auto init/deinit libcrypto
This builds on the previous commit to auto initialise/deinitialise
libcrypto.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09 15:11:38 +00:00
Matt Caswell
b184e3ef73 Provide framework for auto initialise/deinitialise of the library
This commit provides the basis and core code for an auto initialisation
and deinitialisation framework for libcrypto and libssl. The intention is
to remove the need (in many circumstances) to call explicit initialise and
deinitialise functions. Explicit initialisation will still be an option,
and if non-default initialisation is needed then it will be required.
Similarly for de-initialisation (although this will be a lot easier since
it will bring all de-initialisation into a single function).

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09 15:11:38 +00:00