OLD | NEW |
| (Empty) |
1 diff -burN android-openssl.orig/openssl.config android-openssl-lhash2/openssl.co
nfig | |
2 --- android-openssl.orig/openssl.config 2013-11-05 14:11:10.833326408 -0500 | |
3 +++ android-openssl-lhash2/openssl.config 2013-11-05 14:38:31.187575574 -0
500 | |
4 @@ -997,6 +997,7 @@ | |
5 fix_clang_build.patch \ | |
6 x509_hash_name_algorithm_change.patch \ | |
7 reduce_client_hello_size.patch \ | |
8 +fix_lhash_iteration.patch \ | |
9 " | |
10 | |
11 OPENSSL_PATCHES_progs_SOURCES="\ | |
12 @@ -1060,3 +1061,13 @@ | |
13 OPENSSL_PATCHES_reduce_client_hello_size_SOURCES="\ | |
14 ssl/t1_lib.c \ | |
15 " | |
16 + | |
17 +OPENSSL_PATCHES_fix_lhash_iteration_SOURCES="\ | |
18 +crypto/conf/conf_api.c | |
19 +crypto/lhash/lhash.c | |
20 +crypto/lhash/lhash.h | |
21 +crypto/objects/o_names.c | |
22 +crypto/objects/obj_dat.c | |
23 +include/openssl/lhash.h | |
24 +ssl/ssl_sess.c | |
25 +" | |
26 diff -burN android-openssl.orig/patches/fix_lhash_iteration.patch android-openss
l-lhash2/patches/fix_lhash_iteration.patch | |
27 --- android-openssl.orig/patches/fix_lhash_iteration.patch 1969-12-31 19:00
:00.000000000 -0500 | |
28 +++ android-openssl-lhash2/patches/fix_lhash_iteration.patch 2013-11-05 14:38
:15.067738011 -0500 | |
29 @@ -0,0 +1,318 @@ | |
30 +diff -burN android-openssl.orig/crypto/conf/conf_api.c android-openssl-lhash/cr
ypto/conf/conf_api.c | |
31 +--- android-openssl.orig/crypto/conf/conf_api.c 2013-02-11 10:26:04.0000
00000 -0500 | |
32 ++++ android-openssl-lhash/crypto/conf/conf_api.c 2013-11-05 14:16:49.5000
27656 -0500 | |
33 +@@ -225,9 +225,6 @@ | |
34 + { | |
35 + if (conf == NULL || conf->data == NULL) return; | |
36 + | |
37 +- lh_CONF_VALUE_down_load(conf->data)=0; /* evil thing to make | |
38 +- * sure the 'OPENSSL_free()' works as | |
39 +- * expected */ | |
40 + lh_CONF_VALUE_doall_arg(conf->data, | |
41 + LHASH_DOALL_ARG_FN(value_free_hash), | |
42 + LHASH_OF(CONF_VALUE), conf->data); | |
43 +diff -burN android-openssl.orig/crypto/lhash/lhash.c android-openssl-lhash/cryp
to/lhash/lhash.c | |
44 +--- android-openssl.orig/crypto/lhash/lhash.c 2013-02-11 10:26:04.000000000 -0
500 | |
45 ++++ android-openssl-lhash/crypto/lhash/lhash.c 2013-11-05 14:16:49.500027656 -0
500 | |
46 +@@ -94,6 +94,7 @@ | |
47 + * | |
48 + * 1.0 eay - First version | |
49 + */ | |
50 ++#include <limits.h> | |
51 + #include <stdio.h> | |
52 + #include <string.h> | |
53 + #include <stdlib.h> | |
54 +@@ -107,6 +108,113 @@ | |
55 + #define UP_LOAD (2*LH_LOAD_MULT) /* load times 256 (default 2)
*/ | |
56 + #define DOWN_LOAD (LH_LOAD_MULT) /* load times 256 (default 1) */ | |
57 + | |
58 ++/* Maximum number of nodes to guarantee the load computations don't overflow *
/ | |
59 ++#define MAX_LOAD_ITEMS (UINT_MAX / LH_LOAD_MULT) | |
60 ++ | |
61 ++/* The field 'iteration_state' is used to hold data to ensure that a hash | |
62 ++ * table is not resized during an 'insert' or 'delete' operation performed | |
63 ++ * within a lh_doall/lh_doall_arg call. | |
64 ++ * | |
65 ++ * Conceptually, this records two things: | |
66 ++ * | |
67 ++ * - A 'depth' count, which is incremented at the start of lh_doall*, | |
68 ++ * and decremented just before it returns. | |
69 ++ * | |
70 ++ * - A 'mutated' boolean flag, which is set in lh_insert() or lh_delete() | |
71 ++ * when the operation is performed with a non-0 depth. | |
72 ++ * | |
73 ++ * The following are helper macros to handle this state in a more explicit | |
74 ++ * way. | |
75 ++ */ | |
76 ++ | |
77 ++/* Reset the iteration state to its defaults. */ | |
78 ++#define LH_ITERATION_RESET(lh) do { \ | |
79 ++ (lh)->iteration_state = 0; \ | |
80 ++ } while (0) | |
81 ++ | |
82 ++/* Returns 1 if the hash table is currently being iterated on, 0 otherwise. */ | |
83 ++#define LH_ITERATION_IS_ACTIVE(lh) ((lh)->iteration_state >= 2) | |
84 ++ | |
85 ++/* Increment iteration depth. This should always be followed by a paired call | |
86 ++ * to LH_ITERATION_DECREMENT_DEPTH(). */ | |
87 ++#define LH_ITERATION_INCREMENT_DEPTH(lh) do { \ | |
88 ++ (lh)->iteration_state += 2; \ | |
89 ++ } while (0) | |
90 ++ | |
91 ++/* Decrement iteration depth. This should always be called after a paired call | |
92 ++ * to LH_ITERATION_INCREMENT_DEPTH(). */ | |
93 ++#define LH_ITERATION_DECREMENT_DEPTH(lh) do { \ | |
94 ++ (lh)->iteration_state -= 2; \ | |
95 ++ } while (0) | |
96 ++ | |
97 ++/* Return 1 if the iteration 'mutated' flag is set, 0 otherwise. */ | |
98 ++#define LH_ITERATION_IS_MUTATED(lh) (((lh)->iteration_state & 1) != 0) | |
99 ++ | |
100 ++/* Set the iteration 'mutated' flag to 1. LH_ITERATION_RESET() to reset it. */ | |
101 ++#define LH_ITERATION_SET_MUTATED(lh) do { \ | |
102 ++ (lh)->iteration_state |= 1; \ | |
103 ++ } while (0) | |
104 ++ | |
105 ++/* This macro returns 1 if the hash table should be expanded due to its curren
t | |
106 ++ * load, or 0 otherwise. The exact comparison to be performed is expressed by | |
107 ++ * the mathematical expression (where '//' denotes division over real numbers)
: | |
108 ++ * | |
109 ++ * (num_items // num_nodes) >= (up_load // LOAD_MULT) or | |
110 ++ * (num_items * LOAD_MULT // num_nodes) >= up_load. | |
111 ++ * | |
112 ++ * Given that the C language operator '/' implements integer division, i.e: | |
113 ++ * a // b == (a / b) + epsilon (with 0 <= epsilon < 1, for positive a & b
) | |
114 ++ * | |
115 ++ * This can be rewritten as: | |
116 ++ * (num_items * LOAD_MULT / num_nodes) + epsilon >= up_load | |
117 ++ * (num_items * LOAD_MULT / num_nodes) - up_load >= - epsilon | |
118 ++ * | |
119 ++ * Let's call 'A' the left-hand side of the equation above, it is an integer | |
120 ++ * and: | |
121 ++ * - If A >= 0, the expression is true for any value of epsilon. | |
122 ++ * - If A <= -1, the expression is also true for any value of epsilon. | |
123 ++ * | |
124 ++ * In other words, this is equivalent to 'A >= 0', or: | |
125 ++ * (num_items * LOAD_MULT / num_nodes) >= up_load | |
126 ++ */ | |
127 ++#define LH_SHOULD_EXPAND(lh) \ | |
128 ++ ((lh)->num_items < MAX_LOAD_ITEMS && \ | |
129 ++ (((lh)->num_items*LH_LOAD_MULT/(lh)->num_nodes) >= (lh)->up_load)) | |
130 ++ | |
131 ++/* This macro returns 1 if the hash table should be contracted due to its | |
132 ++ * current load, or 0 otherwise. Abbreviated computations are: | |
133 ++ * | |
134 ++ * (num_items // num_nodes) <= (down_load // LOAD_MULT) | |
135 ++ * (num_items * LOAD_MULT // num_nodes) <= down_load | |
136 ++ * (num_items * LOAD_MULT / num_nodes) + epsilon <= down_load | |
137 ++ * (num_items * LOAD_MULT / num_nodes) - down_load <= -epsilon | |
138 ++ * | |
139 ++ * Let's call 'B' the left-hand side of the equation above: | |
140 ++ * - If B <= -1, the expression is true for any value of epsilon. | |
141 ++ * - If B >= 1, the expression is false for any value of epsilon. | |
142 ++ * - If B == 0, the expression is true for 'epsilon == 0', and false | |
143 ++ * otherwise, which is problematic. | |
144 ++ * | |
145 ++ * To work around this problem, while keeping the code simple, just change | |
146 ++ * the initial expression to use a strict inequality, i.e.: | |
147 ++ * | |
148 ++ * (num_items // num_nodes) < (down_load // LOAD_MULT) | |
149 ++ * | |
150 ++ * Which leads to: | |
151 ++ * (num_items * LOAD_MULT / num_nodes) - down_load < -epsilon | |
152 ++ * | |
153 ++ * Then: | |
154 ++ * - If 'B <= -1', the expression is true for any value of epsilon. | |
155 ++ * - If 'B' >= 0, the expression is false for any value of epsilon, | |
156 ++ * | |
157 ++ * In other words, this is equivalent to 'B < 0', or: | |
158 ++ * (num_items * LOAD_MULT / num_nodes) < down_load | |
159 ++ */ | |
160 ++#define LH_SHOULD_CONTRACT(lh) \ | |
161 ++ (((lh)->num_nodes > MIN_NODES) && \ | |
162 ++ ((lh)->num_items < MAX_LOAD_ITEMS && \ | |
163 ++ ((lh)->num_items*LH_LOAD_MULT/(lh)->num_nodes) < (lh)->down_load)) | |
164 ++ | |
165 + static void expand(_LHASH *lh); | |
166 + static void contract(_LHASH *lh); | |
167 + static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash); | |
168 +@@ -147,6 +255,7 @@ | |
169 + ret->num_hash_comps=0; | |
170 + | |
171 + ret->error=0; | |
172 ++ LH_ITERATION_RESET(ret); | |
173 + return(ret); | |
174 + err1: | |
175 + OPENSSL_free(ret); | |
176 +@@ -183,7 +292,10 @@ | |
177 + void *ret; | |
178 + | |
179 + lh->error=0; | |
180 +- if (lh->up_load <= (lh->num_items*LH_LOAD_MULT/lh->num_nodes)) | |
181 ++ /* Do not expand the array if the table is being iterated on. */ | |
182 ++ if (LH_ITERATION_IS_ACTIVE(lh)) | |
183 ++ LH_ITERATION_SET_MUTATED(lh); | |
184 ++ else if (LH_SHOULD_EXPAND(lh)) | |
185 + expand(lh); | |
186 + | |
187 + rn=getrn(lh,data,&hash); | |
188 +@@ -238,8 +350,10 @@ | |
189 + } | |
190 + | |
191 + lh->num_items--; | |
192 +- if ((lh->num_nodes > MIN_NODES) && | |
193 +- (lh->down_load >= (lh->num_items*LH_LOAD_MULT/lh->num_nodes))) | |
194 ++ /* Do not contract the array if the table is being iterated on. */ | |
195 ++ if (LH_ITERATION_IS_ACTIVE(lh)) | |
196 ++ LH_ITERATION_SET_MUTATED(lh); | |
197 ++ else if (LH_SHOULD_CONTRACT(lh)) | |
198 + contract(lh); | |
199 + | |
200 + return(ret); | |
201 +@@ -276,6 +390,7 @@ | |
202 + if (lh == NULL) | |
203 + return; | |
204 + | |
205 ++ LH_ITERATION_INCREMENT_DEPTH(lh); | |
206 + /* reverse the order so we search from 'top to bottom' | |
207 + * We were having memory leaks otherwise */ | |
208 + for (i=lh->num_nodes-1; i>=0; i--) | |
209 +@@ -283,10 +398,7 @@ | |
210 + a=lh->b[i]; | |
211 + while (a != NULL) | |
212 + { | |
213 +- /* 28/05/91 - eay - n added so items can be deleted | |
214 +- * via lh_doall */ | |
215 +- /* 22/05/08 - ben - eh? since a is not passed, | |
216 +- * this should not be needed */ | |
217 ++ /* note that 'a' can be deleted by the callback */ | |
218 + n=a->next; | |
219 + if(use_arg) | |
220 + func_arg(a->data,arg); | |
221 +@@ -295,6 +407,19 @@ | |
222 + a=n; | |
223 + } | |
224 + } | |
225 ++ | |
226 ++ LH_ITERATION_DECREMENT_DEPTH(lh); | |
227 ++ if (!LH_ITERATION_IS_ACTIVE(lh) && LH_ITERATION_IS_MUTATED(lh)) | |
228 ++ { | |
229 ++ LH_ITERATION_RESET(lh); | |
230 ++ /* Resize the buckets array if necessary. Each expand() or | |
231 ++ * contract() call will double/halve the size of the array, | |
232 ++ * respectively, so call them in a loop. */ | |
233 ++ while (LH_SHOULD_EXPAND(lh)) | |
234 ++ expand(lh); | |
235 ++ while (LH_SHOULD_CONTRACT(lh)) | |
236 ++ contract(lh); | |
237 ++ } | |
238 + } | |
239 + | |
240 + void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func) | |
241 +diff -burN android-openssl.orig/crypto/lhash/lhash.h android-openssl-lhash/cryp
to/lhash/lhash.h | |
242 +--- android-openssl.orig/crypto/lhash/lhash.h 2013-02-11 10:26:04.000000000 -0
500 | |
243 ++++ android-openssl-lhash/crypto/lhash/lhash.h 2013-11-05 14:16:49.500027656 -0
500 | |
244 +@@ -163,6 +163,7 @@ | |
245 + unsigned long num_hash_comps; | |
246 + | |
247 + int error; | |
248 ++ int iteration_state; | |
249 + } _LHASH; /* Do not use _LHASH directly, use LHASH_OF | |
250 + * and friends */ | |
251 + | |
252 +diff -burN android-openssl.orig/crypto/objects/o_names.c android-openssl-lhash/
crypto/objects/o_names.c | |
253 +--- android-openssl.orig/crypto/objects/o_names.c 2013-02-11 10:26:04.0000
00000 -0500 | |
254 ++++ android-openssl-lhash/crypto/objects/o_names.c 2013-11-05 14:16:49.5000
27656 -0500 | |
255 +@@ -350,13 +350,9 @@ | |
256 + | |
257 + void OBJ_NAME_cleanup(int type) | |
258 + { | |
259 +- unsigned long down_load; | |
260 +- | |
261 + if (names_lh == NULL) return; | |
262 + | |
263 + free_type=type; | |
264 +- down_load=lh_OBJ_NAME_down_load(names_lh); | |
265 +- lh_OBJ_NAME_down_load(names_lh)=0; | |
266 + | |
267 + lh_OBJ_NAME_doall(names_lh,LHASH_DOALL_FN(names_lh_free)); | |
268 + if (type < 0) | |
269 +@@ -366,7 +362,5 @@ | |
270 + names_lh=NULL; | |
271 + name_funcs_stack = NULL; | |
272 + } | |
273 +- else | |
274 +- lh_OBJ_NAME_down_load(names_lh)=down_load; | |
275 + } | |
276 + | |
277 +diff -burN android-openssl.orig/crypto/objects/obj_dat.c android-openssl-lhash/
crypto/objects/obj_dat.c | |
278 +--- android-openssl.orig/crypto/objects/obj_dat.c 2013-02-11 10:26:04.0000
00000 -0500 | |
279 ++++ android-openssl-lhash/crypto/objects/obj_dat.c 2013-11-05 14:16:49.5000
27656 -0500 | |
280 +@@ -227,7 +227,6 @@ | |
281 + return ; | |
282 + } | |
283 + if (added == NULL) return; | |
284 +- lh_ADDED_OBJ_down_load(added) = 0; | |
285 + lh_ADDED_OBJ_doall(added,LHASH_DOALL_FN(cleanup1)); /* zero counters */ | |
286 + lh_ADDED_OBJ_doall(added,LHASH_DOALL_FN(cleanup2)); /* set counters */ | |
287 + lh_ADDED_OBJ_doall(added,LHASH_DOALL_FN(cleanup3)); /* free objects */ | |
288 +diff -burN android-openssl.orig/include/openssl/lhash.h android-openssl-lhash/i
nclude/openssl/lhash.h | |
289 +--- android-openssl.orig/include/openssl/lhash.h 2013-11-05 14:11:20.9032
23251 -0500 | |
290 ++++ android-openssl-lhash/include/openssl/lhash.h 2013-11-05 14:16:49.5000
27656 -0500 | |
291 +@@ -163,6 +163,7 @@ | |
292 + unsigned long num_hash_comps; | |
293 + | |
294 + int error; | |
295 ++ int iteration_state; | |
296 + } _LHASH; /* Do not use _LHASH directly, use LHASH_OF | |
297 + * and friends */ | |
298 + | |
299 +diff -burN android-openssl.orig/include/openssl/ssl.h android-openssl-lhash/inc
lude/openssl/ssl.h | |
300 +--- android-openssl.orig/include/openssl/ssl.h 2013-11-05 14:11:21.013222124 -0
500 | |
301 ++++ android-openssl-lhash/include/openssl/ssl.h 2013-11-05 14:16:49.5000
27656 -0500 | |
302 +@@ -1681,10 +1681,10 @@ | |
303 + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) | |
304 + | |
305 + /* SSL_enable_tls_channel_id either configures a TLS server to accept TLS clie
nt | |
306 +- * IDs from clients, or configure a client to send TLS client IDs to server. | |
307 ++ * IDs from clients, or configures a client to send TLS client IDs to server. | |
308 + * Returns 1 on success. */ | |
309 +-#define SSL_enable_tls_channel_id(s) \ | |
310 +- SSL_ctrl(s,SSL_CTRL_CHANNEL_ID,0,NULL) | |
311 ++#define SSL_enable_tls_channel_id(ssl) \ | |
312 ++ SSL_ctrl(ssl,SSL_CTRL_CHANNEL_ID,0,NULL) | |
313 + /* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to | |
314 + * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on | |
315 + * success. */ | |
316 +diff -burN android-openssl.orig/ssl/ssl.h android-openssl-lhash/ssl/ssl.h | |
317 +--- android-openssl.orig/ssl/ssl.h 2013-11-05 14:11:18.363249269 -0500 | |
318 ++++ android-openssl-lhash/ssl/ssl.h 2013-11-05 14:16:49.510027563 -0500 | |
319 +@@ -1681,10 +1681,10 @@ | |
320 + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) | |
321 + | |
322 + /* SSL_enable_tls_channel_id either configures a TLS server to accept TLS clie
nt | |
323 +- * IDs from clients, or configure a client to send TLS client IDs to server. | |
324 ++ * IDs from clients, or configures a client to send TLS client IDs to server. | |
325 + * Returns 1 on success. */ | |
326 +-#define SSL_enable_tls_channel_id(s) \ | |
327 +- SSL_ctrl(s,SSL_CTRL_CHANNEL_ID,0,NULL) | |
328 ++#define SSL_enable_tls_channel_id(ssl) \ | |
329 ++ SSL_ctrl(ssl,SSL_CTRL_CHANNEL_ID,0,NULL) | |
330 + /* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to | |
331 + * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on | |
332 + * success. */ | |
333 +diff -burN android-openssl.orig/ssl/ssl_sess.c android-openssl-lhash/ssl/ssl_se
ss.c | |
334 +--- android-openssl.orig/ssl/ssl_sess.c 2013-11-05 14:11:18.363249269 -0
500 | |
335 ++++ android-openssl-lhash/ssl/ssl_sess.c 2013-11-05 14:16:49.510027563 -0
500 | |
336 +@@ -999,11 +999,8 @@ | |
337 + if (tp.cache == NULL) return; | |
338 + tp.time=t; | |
339 + CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | |
340 +- i=CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load; | |
341 +- CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=0; | |
342 + lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), | |
343 + TIMEOUT_PARAM, &tp); | |
344 +- CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=i; | |
345 + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | |
346 + } | |
347 + | |
OLD | NEW |