summaryrefslogtreecommitdiffstats
path: root/crypto/init.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* crypto/init.c: improve destructor_key's portability.Andy Polyakov2018-08-221-8/+11
| | | | | | | | It was assumed that CRYPTO_THREAD_LOCAL is universally scalar type, which doesn't appear to hold true. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/6976)
* crypto/init.c: use destructor_key even as guard in OPENSSL_thread_stop.Andy Polyakov2018-07-251-19/+35
| | | | | | | | | Problem was that Windows threads that were terminating before libcrypto was initialized were referencing uninitialized or possibly even unrelated thread local storage index. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/6752)
* Fix memleaks in async apiBernd Edlinger2018-04-261-2/+2
| | | | | | | | Fixes: #5950 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6038)
* Ensure the thread keys are always allocated in the same orderBernd Edlinger2018-04-201-15/+42
| | | | | | | | Fixes: #5899 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5911)
* Prevent a possible recursion in ERR_get_state and fix the problem thatBernd Edlinger2018-04-041-11/+1
| | | | | | | | was pointed out in commit aef84bb4efbddfd95d042f3f5f1d362ed7d4faeb differently. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5863)
* Set error code on alloc failuresRich Salz2018-04-031-2/+3
| | | | | | | Almost all *alloc failures now set an error code. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5842)
* Include "internal/dso_conf.h" where needed and appropriateRichard Levitte2018-03-231-0/+1
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5733)
* Add dladdr() for AIXMatthias Kraft2018-03-211-0/+15
| | | | | | | | | | | | | | | | | | | | | | | Although it deviates from the actual prototype of DSO_dsobyaddr(), this is now ISO C compliant and gcc -Wpedantic accepts the code. Added DATA segment checking to catch ptrgl virtual addresses. Avoid memleaks with every AIX/dladdr() call. Removed debug-fprintf()s. Added test case for DSO_dsobyaddr(), which will eventually call dladdr(). Removed unecessary AIX ifdefs again. The implementation can only lookup function symbols, no data symbols. Added PIC-flag to aix*-cc build targets. As AIX is missing a dladdr() implementation it is currently uncertain our exit()-handlers can still be called when the application exits. After dlclose() the whole library might have been unloaded already. Signed-off-by: Matthias Kraft <makr@gmx.eu> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5668)
* Make the public and private DRBG thread localKurt Roeckx2018-03-191-0/+16
| | | | | | | | | This avoids lock contention. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5547)
* OPENSSL_cleanup: cleanup secure memoryDr. Matthias St. Pierre2018-02-131-0/+2
| | | | | | | | | | | If the global DRBGs are allocated on the secure heap, then calling CRYPTO_secure_malloc_done() inside main() will have no effect, unless OPENSSL_cleanup() has been called explicitely before that, because otherwise the DRBGs will still be allocated. So it is better to cleanup the secure heap automatically at the end of OPENSSL_cleanup(). Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5294)
* Restore clearing of init_lock after freeBenjamin Kaduk2018-01-311-0/+1
| | | | | | | | | | | | | | | | | The behavior of resetting the init_lock value to NULL after freeing it during OPENSSL_cleanup() was added as part of the global lock commits that were just reverted, but there is desire to retain this behavior for clarity. It is unclear that the library would actually remain usable in any form after OPENSSL_cleanup(), since the required re-initialization occurs under a CRYPTO_ONCE check that cannot be reset at cleanup time. That said, a NULL dereference is probably more friendly behavior in these treacherous waters than using freed memory would be. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5089)
* Revert the crypto "global lock" implementationBenjamin Kaduk2018-01-311-81/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conceptually, this is a squashed version of: Revert "Address feedback" This reverts commit 75551e07bd2339dfea06ef1d31d69929e13a4495. and Revert "Add CRYPTO_thread_glock_new" This reverts commit ed6b2c7938ec6f07b15745d4183afc276e74c6dd. But there were some intervening commits that made neither revert apply cleanly, so instead do it all as one shot. The crypto global locks were an attempt to cope with the awkward POSIX semantics for pthread_atfork(); its documentation (the "RATIONALE" section) indicates that the expected usage is to have the prefork handler lock all "global" locks, and the parent and child handlers release those locks, to ensure that forking happens with a consistent (lock) state. However, the set of functions available in the child process is limited to async-signal-safe functions, and pthread_mutex_unlock() is not on the list of async-signal-safe functions! The only synchronization primitives that are async-signal-safe are the semaphore primitives, which are not really appropriate for general-purpose usage. However, the state consistency problem that the global locks were attempting to solve is not actually a serious problem, particularly for OpenSSL. That is, we can consider four cases of forking application that might use OpenSSL: (1) Single-threaded, does not call into OpenSSL in the child (e.g., the child calls exec() immediately) For this class of process, no locking is needed at all, since there is only ever a single thread of execution and the only reentrancy is due to signal handlers (which are themselves limited to async-signal-safe operation and should not be doing much work at all). (2) Single-threaded, calls into OpenSSL after fork() The application must ensure that it does not fork() with an unexpected lock held (that is, one that would get unlocked in the parent but accidentally remain locked in the child and cause deadlock). Since OpenSSL does not expose any of its internal locks to the application and the application is single-threaded, the OpenSSL internal locks will be unlocked for the fork(), and the state will be consistent. (OpenSSL will need to reseed its PRNG in the child, but that is an orthogonal issue.) If the application makes use of locks from libcrypto, proper handling for those locks is the responsibility of the application, as for any other locking primitive that is available for application programming. (3) Multi-threaded, does not call into OpenSSL after fork() As for (1), the OpenSSL state is only relevant in the parent, so no particular fork()-related handling is needed. The internal locks are relevant, but there is no interaction with the child to consider. (4) Multi-threaded, calls into OpenSSL after fork() This is the case where the pthread_atfork() hooks to ensure that all global locks are in a known state across fork() would come into play, per the above discussion. However, these "calls into OpenSSL after fork()" are still subject to the restriction to async-signal-safe functions. Since OpenSSL uses all sorts of locking and libc functions that are not on the list of safe functions (e.g., malloc()), this case is not currently usable and is unlikely to ever be usable, independently of the locking situation. So, there is no need to go through contortions to attempt to support this case in the one small area of locking interaction with fork(). In light of the above analysis (thanks @davidben and @achernya), go back to the simpler implementation that does not need to distinguish "library-global" locks or to have complicated atfork handling for locks. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5089)
* Copyright update of more files that have changed this yearRichard Levitte2018-01-191-1/+1
| | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/5110)
* Various small build improvements on mkdef.pl, progs.pl, crypto/init.c, ↵David von Oheimb2018-01-091-1/+1
| | | | | | | | crypto/mem.c Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4994)
* Consistent formatting for sizeof(foo)Rich Salz2017-12-081-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4872)
* Fix reseeding issues of the public RAND_DRBGDr. Matthias St. Pierre2017-10-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reseeding is handled very differently by the classic RAND_METHOD API and the new RAND_DRBG api. These differences led to some problems when the new RAND_DRBG was made the default OpenSSL RNG. In particular, RAND_add() did not work as expected anymore. These issues are discussed on the thread '[openssl-dev] Plea for a new public OpenSSL RNG API' and in Pull Request #4328. This commit fixes the mentioned issues, introducing the following changes: - Replace the fixed size RAND_BYTES_BUFFER by a new RAND_POOL API which facilitates collecting entropy by the get_entropy() callback. - Don't use RAND_poll()/RAND_add() for collecting entropy from the get_entropy() callback anymore. Instead, replace RAND_poll() by RAND_POOL_acquire_entropy(). - Add a new function rand_drbg_restart() which tries to get the DRBG in an instantiated state by all means, regardless of the current state (uninstantiated, error, ...) the DRBG is in. If the caller provides entropy or additional input, it will be used for reseeding. - Restore the original documented behaviour of RAND_add() and RAND_poll() (namely to reseed the DRBG immediately) by a new implementation based on rand_drbg_restart(). - Add automatic error recovery from temporary failures of the entropy source to RAND_DRBG_generate() using the rand_drbg_restart() function. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4328)
* Address feedbackRich Salz2017-09-011-25/+35
| | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4294)
* Add CRYPTO_thread_glock_newRich Salz2017-09-011-2/+72
| | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4294)
* Move e_os.h to be the very first include.Pauli2017-08-291-1/+1
| | | | | | | | cryptilib.h is the second. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4188)
* e_os.h removal from other headers and source files.Pauli2017-08-291-0/+1
| | | | | | | | | | | | | Removed e_os.h from all bar three headers (apps/apps.h crypto/bio/bio_lcl.h and ssl/ssl_locl.h). Added e_os.h into the files that need it now. Directly reference internal/nelem.h when required. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4188)
* Don't auto-instantiate a DRBG when trying to use it and it's notKurt Roeckx2017-08-281-0/+1
| | | | | | | | | | | | | The one creating the DRBG should instantiate it, it's there that we know which parameters we should use to instantiate it. This splits the rand init in two parts to avoid a deadlock because when the global drbg is created it wands to call rand_add on the global rand method. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> GH: #4268
* Use "" not <> for internal/ includesRich Salz2017-08-221-14/+14
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4217)
* Make RAND_DRBG fork-safeRich Salz2017-08-071-0/+1
| | | | | | | | Use atfork to count child forks, and reseed DRBG when the counts don't match. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4101)
* Fix typo in files in crypto folderXiaoyin Liu2017-08-051-2/+2
| | | | | | Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Andy Polyakov <appro@openssl.org> GH: #4093
* Rename internal rand.h fileRich Salz2017-07-201-1/+1
| | | | | | | Replacement fix for #3975 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3979)
* Fix atfork flag. Avoid double-negatives :)Rich Salz2017-06-301-1/+1
| | | | | Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/3815)
* Add fork handlers, based on pthread_atforkRich Salz2017-06-291-0/+29
| | | | | | | Only for Unix platforms Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3754)
* Add the STORE moduleRichard Levitte2017-06-291-0/+2
| | | | | | | | | | | | | | | | | | This STORE module adds the following functionality: - A function OSSL_STORE_open(), OSSL_STORE_load() and OSSL_STORE_close() that accesses a URI and helps loading the supported objects (PKEYs, CERTs and CRLs for the moment) from it. - An opaque type OSSL_STORE_INFO that holds information on each loaded object. - A few functions to retrieve desired data from a OSSL_STORE_INFO reference. - Functions to register and unregister loaders for different URI schemes. This enables dynamic addition of loaders from applications or from engines. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3542)
* Add new /dev/crypto engineRichard Levitte2017-06-281-0/+17
| | | | | | | Based on cryptodev-linux Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3744)
* Remove bsd_cryptodev engineRich Salz2017-06-191-19/+0
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3699)
* Fix the fall-out in 04-test_bioprint.tBernd Edlinger2017-06-191-2/+10
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3712)
* Fix a bundle of trailing spaces in several filesPaul Yang2017-06-091-1/+1
| | | | | | | | Signed-off-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3622)
* Don't leave stale errors on queue if DSO_dsobyaddr() failsMatt Caswell2017-05-041-1/+5
| | | | | | | | | | The init code uses DSO_dsobyaddr() to leak a reference to ourselves to ensure we remain loaded until atexit() time. In some circumstances that can fail and leave stale errors on the error queue. Fixes #3372 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3383)
* Add "random malloc failure" toolingRich Salz2017-01-121-0/+3
| | | | | | | | | | | | | | | | | | | | Still needs to be documented, somehow/somewhere. The env var OPENSSL_MALLOC_FAILURES controls how often malloc/realloc should fail. It's a set of fields separated by semicolons. Each field is a count and optional percentage (separated by @) which defaults to 100. If count is zero then it lasts "forever." For example: 100;@25 means the first 100 allocations pass, then the rest have a 25% chance of failing until the program exits or crashes. If env var OPENSSL_MALLOC_FD parses as a positive integer, a record of all malloc "shouldfail" tests is written to that file descriptor. If a malloc will fail, and OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE is not set (platform specific), then a backtrace will be written to the descriptor when a malloc fails. This can be useful because a malloc may fail but not be checked, and problems will only occur later. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1252)
* Add a warning stipulating how things should be coded in ossl_init_baseRichard Levitte2016-11-151-0/+7
| | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1922)
* Stop init loopsRichard Levitte2016-11-151-1/+1
| | | | | | | | | | | | | | | | | Under certain circumstances, the libcrypto init code would loop, causing a deadlock. This would typically happen if something in ossl_init_base() caused an OpenSSL error, and the error stack routines would recurse into the init code before the flag that ossl_init_base() had been run was checked. This change makes sure ossl_init_base isn't run once more of the base is initiated. Thanks to Dmitry Kostjuchenko for the idea. Fixes Github issue #1899 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1922)
* Fix the effect of no-dso in crypto/init.cRichard Levitte2016-11-111-2/+2
| | | | | | | | When configured no-dso, there are no DSO_{whatever} macros defined. Therefore, before checking those, you have to check if OPENSSL_NO_DSO is defined. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1902)
* Implement GET_MODULE_HANDLE_EX_FLAG_PIN for windowsMatt Caswell2016-11-031-8/+43
| | | | | | | Rather than leaking a reference, just call GetModuleHandleEx and pin the module on Windows. Reviewed-by: Tim Hudson <tjh@openssl.org>
* Link using -znodeleteMatt Caswell2016-11-031-1/+5
| | | | | | | Instead of deliberately leaking a reference to ourselves, use nodelete which does this more neatly. Only for Linux at the moment. Reviewed-by: Tim Hudson <tjh@openssl.org>
* Ensure that libcrypto and libssl do not unload until the process exitsMatt Caswell2016-11-031-0/+31
| | | | | | | | | | | | | | | | Because we use atexit() to cleanup after ourselves, this will cause a problem if we have been dynamically loaded and then unloaded again: the atexit() handler may no longer be there. Most modern atexit() implementations can handle this, however there are still difficulties if libssl gets unloaded before libcrypto, because of the atexit() callback that libcrypto makes to libssl. The most robust solution seems to be to ensure that libcrypto and libssl never unload. This is done by simply deliberately leaking a dlopen() reference to them. Reviewed-by: Tim Hudson <tjh@openssl.org>
* Fix support for DragonFly BSDjrmarino2016-10-221-2/+2
| | | | | | | | | The __DragonFly__ macros were introduced in issue #1546 along with a function naming fix, but it was decided they should be handled separately. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1765)
* Do not set load_crypto_strings_inited when OPENSSL_NO_ERR is definedMat2016-10-191-1/+1
| | | | | | | | | | | | | | | | Only set the load_crypto_strings_inited to 1 when err_load_crypto_strings_int was called. This solves the following issue: - openssl is built with no-err - load_crypto_strings_inited is set to 1 during the OPENSSL_init_crypto call - During the cleanup: OPENSSL_cleanup, err_free_strings_int is called because load_crypto_strings_inited == 1 - err_free_strings_int calls do_err_strings_init because it has never been called - Now do_err_strings_init calls OPENSSL_init_crypto - But since we are in the cleanup (stopped == 1) this results in an error: CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO, ERR_R_INIT_FAIL); - which then tries to initialize everything we are trying to clean up: ERR_get_state, ossl_init_thread_start, etc Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1654)
* Don't try to init dasync internallyRichard Levitte2016-08-171-14/+1
| | | | | | | | Since dasync isn't installed, and is only ever used as a dynamic engine, there's no reason to consider it for initialization when building static engines. Reviewed-by: Ben Laurie <ben@openssl.org>
* Check for errors allocating the error strings.Kurt Roeckx2016-07-201-2/+3
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #1330
* Change all our uses of CRYPTO_THREAD_run_once to use RUN_ONCE insteadRichard Levitte2016-07-191-49/+61
| | | | | | | That way, we have a way to check if the init function was successful or not. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* Stop using and deprecate ENGINE_setup_bsd_cryptodevRichard Levitte2016-07-051-10/+0
| | | | | | | The calls we made to it were redundant, as the same initialization is done later in OPENSSL_init_crypto() anyway. Reviewed-by: Rich Salz <rsalz@openssl.org>
* RT4562: Fix misleading doc on OPENSSL_configRich Salz2016-06-141-4/+4
| | | | | | Also changed the code to use "appname" not "filename" Reviewed-by: Matt Caswell <matt@openssl.org>
* Copyright consolidation 08/10Rich Salz2016-05-171-53/+5
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fold threads.h into crypto.h making API publicViktor Dukhovni2016-05-161-1/+0
| | | | | | Document thread-safe lock creation Reviewed-by: Richard Levitte <levitte@openssl.org>
* Restore the ERR_remove_thread_state() API and make it a no-opRichard Levitte2016-05-101-2/+2
| | | | | | | | | | | The ERR_remove_thread_state() API is restored to take a pointer argument, but does nothing more. ERR_remove_state() is also made into a no-op. Both functions are deprecated and users are recommended to use OPENSSL_thread_stop() instead. Documentation is changed to reflect this. Reviewed-by: Matt Caswell <matt@openssl.org>