Skip to content
  1. Feb 07, 2018
  2. Feb 06, 2018
  3. Feb 05, 2018
  4. Feb 02, 2018
  5. Feb 01, 2018
  6. Jan 31, 2018
    • Richard Levitte's avatar
    • Richard Levitte's avatar
      Make test/uitest depend on the private apps support library · 0ac9e9ff
      Richard Levitte authored
      
      
      This avoids having to enumerate specific modules in apps, or to have
      to include them in libtestutil.a.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/5222)
      0ac9e9ff
    • Richard Levitte's avatar
      Apps: divide the modules in direct command modules, support library and init · d6baf09f
      Richard Levitte authored
      
      
      Most modules are direct implementations of openssl application
      sub-commands, but some constitute a support library, which can be used
      by more than one program (and is, incidently, by test/uitest).
      
      For practical purposes, we place the support library modules in a
      private, static library.
      
      Finally, there are some modules that don't have direct references in
      the rest of the apps code, but are still crucial.  See them as some
      kind of extra crt0 or similar for your platform.
      
      Inspiration from David von Oheimb
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/5222)
      d6baf09f
    • Richard Levitte's avatar
      apps: Don't include progs.h in apps.h · dab2cd68
      Richard Levitte authored
      
      
      Everything in apps includes apps.h, because that one declares apps
      internal library routines.  However, progs.h doesn't declare library
      routines, but rather the main commands and their options, and there's
      no reason why the library modules should include it.
      
      So, remove the inclusion of progs.h from apps.h and add that inclusion
      in all command source files.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/5222)
      dab2cd68
    • Andy Polyakov's avatar
      79a0e876
    • Andy Polyakov's avatar
      6b6981ef
    • Benjamin Kaduk's avatar
      Restore clearing of init_lock after free · adeb4bc7
      Benjamin Kaduk authored
      
      
      The behavior of resetting the init_lock value to NULL after
      freeing it during OPENSSL_cleanup() was added as part of the
      global lock commits that were just reverted, but there is desire
      to retain this behavior for clarity.
      
      It is unclear that the library would actually remain usable in
      any form after OPENSSL_cleanup(), since the required re-initialization
      occurs under a CRYPTO_ONCE check that cannot be reset at cleanup time.
      That said, a NULL dereference is probably more friendly behavior
      in these treacherous waters than using freed memory would be.
      
      Reviewed-by: default avatarKurt Roeckx <kurt@roeckx.be>
      Reviewed-by: default avatarMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
      (Merged from https://github.com/openssl/openssl/pull/5089)
      adeb4bc7
    • Benjamin Kaduk's avatar
      Revert the crypto "global lock" implementation · 63ab5ea1
      Benjamin Kaduk authored
      Conceptually, this is a squashed version of:
      
          Revert "Address feedback"
      
          This reverts commit 75551e07.
      
      and
      
          Revert "Add CRYPTO_thread_glock_new"
      
          This reverts commit ed6b2c79
      
      .
      
      But there were some intervening commits that made neither revert apply
      cleanly, so instead do it all as one shot.
      
      The crypto global locks were an attempt to cope with the awkward
      POSIX semantics for pthread_atfork(); its documentation (the "RATIONALE"
      section) indicates that the expected usage is to have the prefork handler
      lock all "global" locks, and the parent and child handlers release those
      locks, to ensure that forking happens with a consistent (lock) state.
      However, the set of functions available in the child process is limited
      to async-signal-safe functions, and pthread_mutex_unlock() is not on
      the list of async-signal-safe functions!  The only synchronization
      primitives that are async-signal-safe are the semaphore primitives,
      which are not really appropriate for general-purpose usage.
      
      However, the state consistency problem that the global locks were
      attempting to solve is not actually a serious problem, particularly for
      OpenSSL.  That is, we can consider four cases of forking application
      that might use OpenSSL:
      
      (1) Single-threaded, does not call into OpenSSL in the child (e.g.,
      the child calls exec() immediately)
      
      For this class of process, no locking is needed at all, since there is
      only ever a single thread of execution and the only reentrancy is due to
      signal handlers (which are themselves limited to async-signal-safe
      operation and should not be doing much work at all).
      
      (2) Single-threaded, calls into OpenSSL after fork()
      
      The application must ensure that it does not fork() with an unexpected
      lock held (that is, one that would get unlocked in the parent but
      accidentally remain locked in the child and cause deadlock).  Since
      OpenSSL does not expose any of its internal locks to the application
      and the application is single-threaded, the OpenSSL internal locks
      will be unlocked for the fork(), and the state will be consistent.
      (OpenSSL will need to reseed its PRNG in the child, but that is
      an orthogonal issue.)  If the application makes use of locks from
      libcrypto, proper handling for those locks is the responsibility of
      the application, as for any other locking primitive that is available
      for application programming.
      
      (3) Multi-threaded, does not call into OpenSSL after fork()
      
      As for (1), the OpenSSL state is only relevant in the parent, so
      no particular fork()-related handling is needed.  The internal locks
      are relevant, but there is no interaction with the child to consider.
      
      (4) Multi-threaded, calls into OpenSSL after fork()
      
      This is the case where the pthread_atfork() hooks to ensure that all
      global locks are in a known state across fork() would come into play,
      per the above discussion.  However, these "calls into OpenSSL after
      fork()" are still subject to the restriction to async-signal-safe
      functions.  Since OpenSSL uses all sorts of locking and libc functions
      that are not on the list of safe functions (e.g., malloc()), this
      case is not currently usable and is unlikely to ever be usable,
      independently of the locking situation.  So, there is no need to
      go through contortions to attempt to support this case in the one small
      area of locking interaction with fork().
      
      In light of the above analysis (thanks @davidben and @achernya), go
      back to the simpler implementation that does not need to distinguish
      "library-global" locks or to have complicated atfork handling for locks.
      
      Reviewed-by: default avatarKurt Roeckx <kurt@roeckx.be>
      Reviewed-by: default avatarMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
      (Merged from https://github.com/openssl/openssl/pull/5089)
      63ab5ea1