Skip to content
  1. Dec 12, 2017
    • Patrick Steuer's avatar
    • Richard Levitte's avatar
      Fix leak in ERR_get_state() when OPENSSL_init_crypto() isn't called yet · 2717f2b7
      Richard Levitte authored
      
      
      If OPENSSL_init_crypto() hasn't been called yet when ERR_get_state()
      is called, it need to be called early, so the base initialization is
      done.  On some platforms (those who support DSO functionality and
      don't define OPENSSL_USE_NODELETE), that includes a call of
      ERR_set_mark(), which calls this function again.
      Furthermore, we know that ossl_init_thread_start(), which is called
      later in ERR_get_state(), calls OPENSSL_init_crypto(0, NULL), except
      that's too late.
      Here's what happens without an early call of OPENSSL_init_crypto():
      
          => ERR_get_state():
               => CRYPTO_THREAD_get_local():
               <= NULL;
               # no state is found, so it gets allocated.
               => ossl_init_thread_start():
                    => OPENSSL_init_crypto():
                         # Here, base_inited is set to 1
                         # before ERR_set_mark() call
                         => ERR_set_mark():
                              => ERR_get_state():
                                   => CRYPTO_THREAD_get_local():
                                   <= NULL;
                                   # no state is found, so it gets allocated!!!!!
                                   => ossl_init_thread_start():
                                        => OPENSSL_init_crypto():
                                             # base_inited is 1,
                                             # so no more init to be done
                                        <= 1
                                   <=
                                   => CRYPTO_thread_set_local():
                                   <=
                              <=
                         <=
                    <= 1
               <=
               => CRYPTO_thread_set_local()      # previous value removed!
          <=
      
      Result: double allocation, and we have a leak.
      
      By calling the base OPENSSL_init_crypto() early, we get this instead:
      
          => ERR_get_state():
               => OPENSSL_init_crypto():
                    # Here, base_inited is set to 1
                    # before ERR_set_mark() call
                    => ERR_set_mark():
                         => ERR_get_state():
                              => OPENSSL_init_crypto():
                                   # base_inited is 1,
                                   # so no more init to be done
                              <= 1
                              => CRYPTO_THREAD_get_local():
                              <= NULL;
                              # no state is found, so it gets allocated
                              # let's assume we got 0xDEADBEEF
                              => ossl_init_thread_start():
                                   => OPENSSL_init_crypto():
                                        # base_inited is 1,
                                        # so no more init to be done
                                   <= 1
                              <= 1
                              => CRYPTO_thread_set_local():
                              <=
                         <=
                    <=
               <= 1
               => CRYPTO_THREAD_get_local():
               <= 0xDEADBEEF
          <= 0xDEADBEEF
      
      Result: no leak.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/4913)
      
      (cherry picked from commit aef84bb4)
      2717f2b7
  2. Dec 11, 2017
  3. Dec 10, 2017
  4. Dec 08, 2017
  5. Dec 07, 2017
  6. Dec 06, 2017
  7. Dec 04, 2017
  8. Nov 30, 2017
    • Viktor Dukhovni's avatar
      Make possible variant SONAMEs and symbol versions · e6f38fb8
      Viktor Dukhovni authored
      
      
      This small change in the Unix template and shared library build
      scripts enables building "variant" shared libraries.  A "variant"
      shared library has a non-default SONAME, and non default symbol
      versions.  This makes it possible to build (say) an OpenSSL 1.1.0
      library that can coexist without conflict in the same process address
      space as the system's default OpenSSL library which may be OpenSSL
      1.0.2.
      
      Such "variant" shared libraries make it possible to link applications
      against a custom OpenSSL library installed in /opt/openssl/1.1 or
      similar location, and not risk conflict with an indirectly loaded
      OpenSSL runtime that is required by some other dependency.
      
      Variant shared libraries have been fully tested under Linux, and
      build successfully on MacOS/X producing variant DYLD names.  MacOS/X
      Darwin has no symbol versioning, but has a non-flat library namespace.
      Variant libraries may therefore support multiple OpenSSL libraries
      in the same address space also with MacOS/X, despite lack of symbol
      versions, but this has not been verified.
      
      Variant shared libraries are optional and off by default.
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      e6f38fb8
    • FdaSilvaYY's avatar
  9. Nov 27, 2017
  10. Nov 25, 2017
  11. Nov 24, 2017
  12. Nov 21, 2017
    • Richard Levitte's avatar
      Avoid unnecessary MSYS2 conversion of some arguments · 0ec3b53c
      Richard Levitte authored
      Fixes #4740
      
      The MSYS2 run-time convert arguments that look like paths when
      executing a program unless that application is linked with the MSYS
      run-time. The exact conversion rules are listed here:
      
          http://www.mingw.org/wiki/Posix_path_conversion
      
      
      
      With the built-in configurations (all having names starting with
      "mingw"), the openssl application is not linked with the MSYS2
      run-time, and therefore, it will receive possibly converted arguments
      from the process that executes it. This conversion is fine for normal
      path arguments, but it happens that some arguments to the openssl
      application get converted when they shouldn't. In one case, it's
      arguments like '-passin file:something', and in another, it's a file:
      URI (what typically happens is that URIs without an authority
      component get converted, 'cause the conversion mechanism doesn't
      recognise them as URIs).
      
      To avoid conversion where we don't want it, we simply assign
      MSYS2_ARG_CONV_EXCL a pattern to avoid specific conversions. As a
      precaution, we only do this where we obviously need it.
      
      Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/4766)
      0ec3b53c
  13. Nov 16, 2017
  14. Nov 13, 2017
  15. Nov 11, 2017
  16. Nov 10, 2017
  17. Nov 08, 2017
  18. Nov 07, 2017
  19. Nov 05, 2017
  20. Nov 03, 2017