| OLD | NEW |
|---|
| (Empty) |
| 1 diff -burN android-openssl.orig/openssl.config android-openssl-lhash2/openssl.co
nfig | |
| 2 --- android-openssl.orig/openssl.config 2013-11-05 14:11:10.833326408 -0500 | |
| 3 +++ android-openssl-lhash2/openssl.config 2013-11-05 14:38:31.187575574 -0
500 | |
| 4 @@ -997,6 +997,7 @@ | |
| 5 fix_clang_build.patch \ | |
| 6 x509_hash_name_algorithm_change.patch \ | |
| 7 reduce_client_hello_size.patch \ | |
| 8 +fix_lhash_iteration.patch \ | |
| 9 " | |
| 10 | |
| 11 OPENSSL_PATCHES_progs_SOURCES="\ | |
| 12 @@ -1060,3 +1061,13 @@ | |
| 13 OPENSSL_PATCHES_reduce_client_hello_size_SOURCES="\ | |
| 14 ssl/t1_lib.c \ | |
| 15 " | |
| 16 + | |
| 17 +OPENSSL_PATCHES_fix_lhash_iteration_SOURCES="\ | |
| 18 +crypto/conf/conf_api.c | |
| 19 +crypto/lhash/lhash.c | |
| 20 +crypto/lhash/lhash.h | |
| 21 +crypto/objects/o_names.c | |
| 22 +crypto/objects/obj_dat.c | |
| 23 +include/openssl/lhash.h | |
| 24 +ssl/ssl_sess.c | |
| 25 +" | |
| 26 diff -burN android-openssl.orig/patches/fix_lhash_iteration.patch android-openss
l-lhash2/patches/fix_lhash_iteration.patch | |
| 27 --- android-openssl.orig/patches/fix_lhash_iteration.patch 1969-12-31 19:00
:00.000000000 -0500 | |
| 28 +++ android-openssl-lhash2/patches/fix_lhash_iteration.patch 2013-11-05 14:38
:15.067738011 -0500 | |
| 29 @@ -0,0 +1,318 @@ | |
| 30 +diff -burN android-openssl.orig/crypto/conf/conf_api.c android-openssl-lhash/cr
ypto/conf/conf_api.c | |
| 31 +--- android-openssl.orig/crypto/conf/conf_api.c 2013-02-11 10:26:04.0000
00000 -0500 | |
| 32 ++++ android-openssl-lhash/crypto/conf/conf_api.c 2013-11-05 14:16:49.5000
27656 -0500 | |
| 33 +@@ -225,9 +225,6 @@ | |
| 34 + { | |
| 35 + if (conf == NULL || conf->data == NULL) return; | |
| 36 + | |
| 37 +- lh_CONF_VALUE_down_load(conf->data)=0; /* evil thing to make | |
| 38 +- * sure the 'OPENSSL_free()' works as | |
| 39 +- * expected */ | |
| 40 + lh_CONF_VALUE_doall_arg(conf->data, | |
| 41 + LHASH_DOALL_ARG_FN(value_free_hash), | |
| 42 + LHASH_OF(CONF_VALUE), conf->data); | |
| 43 +diff -burN android-openssl.orig/crypto/lhash/lhash.c android-openssl-lhash/cryp
to/lhash/lhash.c | |
| 44 +--- android-openssl.orig/crypto/lhash/lhash.c 2013-02-11 10:26:04.000000000 -0
500 | |
| 45 ++++ android-openssl-lhash/crypto/lhash/lhash.c 2013-11-05 14:16:49.500027656 -0
500 | |
| 46 +@@ -94,6 +94,7 @@ | |
| 47 + * | |
| 48 + * 1.0 eay - First version | |
| 49 + */ | |
| 50 ++#include <limits.h> | |
| 51 + #include <stdio.h> | |
| 52 + #include <string.h> | |
| 53 + #include <stdlib.h> | |
| 54 +@@ -107,6 +108,113 @@ | |
| 55 + #define UP_LOAD (2*LH_LOAD_MULT) /* load times 256 (default 2)
*/ | |
| 56 + #define DOWN_LOAD (LH_LOAD_MULT) /* load times 256 (default 1) */ | |
| 57 + | |
| 58 ++/* Maximum number of nodes to guarantee the load computations don't overflow *
/ | |
| 59 ++#define MAX_LOAD_ITEMS (UINT_MAX / LH_LOAD_MULT) | |
| 60 ++ | |
| 61 ++/* The field 'iteration_state' is used to hold data to ensure that a hash | |
| 62 ++ * table is not resized during an 'insert' or 'delete' operation performed | |
| 63 ++ * within a lh_doall/lh_doall_arg call. | |
| 64 ++ * | |
| 65 ++ * Conceptually, this records two things: | |
| 66 ++ * | |
| 67 ++ * - A 'depth' count, which is incremented at the start of lh_doall*, | |
| 68 ++ * and decremented just before it returns. | |
| 69 ++ * | |
| 70 ++ * - A 'mutated' boolean flag, which is set in lh_insert() or lh_delete() | |
| 71 ++ * when the operation is performed with a non-0 depth. | |
| 72 ++ * | |
| 73 ++ * The following are helper macros to handle this state in a more explicit | |
| 74 ++ * way. | |
| 75 ++ */ | |
| 76 ++ | |
| 77 ++/* Reset the iteration state to its defaults. */ | |
| 78 ++#define LH_ITERATION_RESET(lh) do { \ | |
| 79 ++ (lh)->iteration_state = 0; \ | |
| 80 ++ } while (0) | |
| 81 ++ | |
| 82 ++/* Returns 1 if the hash table is currently being iterated on, 0 otherwise. */ | |
| 83 ++#define LH_ITERATION_IS_ACTIVE(lh) ((lh)->iteration_state >= 2) | |
| 84 ++ | |
| 85 ++/* Increment iteration depth. This should always be followed by a paired call | |
| 86 ++ * to LH_ITERATION_DECREMENT_DEPTH(). */ | |
| 87 ++#define LH_ITERATION_INCREMENT_DEPTH(lh) do { \ | |
| 88 ++ (lh)->iteration_state += 2; \ | |
| 89 ++ } while (0) | |
| 90 ++ | |
| 91 ++/* Decrement iteration depth. This should always be called after a paired call | |
| 92 ++ * to LH_ITERATION_INCREMENT_DEPTH(). */ | |
| 93 ++#define LH_ITERATION_DECREMENT_DEPTH(lh) do { \ | |
| 94 ++ (lh)->iteration_state -= 2; \ | |
| 95 ++ } while (0) | |
| 96 ++ | |
| 97 ++/* Return 1 if the iteration 'mutated' flag is set, 0 otherwise. */ | |
| 98 ++#define LH_ITERATION_IS_MUTATED(lh) (((lh)->iteration_state & 1) != 0) | |
| 99 ++ | |
| 100 ++/* Set the iteration 'mutated' flag to 1. LH_ITERATION_RESET() to reset it. */ | |
| 101 ++#define LH_ITERATION_SET_MUTATED(lh) do { \ | |
| 102 ++ (lh)->iteration_state |= 1; \ | |
| 103 ++ } while (0) | |
| 104 ++ | |
| 105 ++/* This macro returns 1 if the hash table should be expanded due to its curren
t | |
| 106 ++ * load, or 0 otherwise. The exact comparison to be performed is expressed by | |
| 107 ++ * the mathematical expression (where '//' denotes division over real numbers)
: | |
| 108 ++ * | |
| 109 ++ * (num_items // num_nodes) >= (up_load // LOAD_MULT) or | |
| 110 ++ * (num_items * LOAD_MULT // num_nodes) >= up_load. | |
| 111 ++ * | |
| 112 ++ * Given that the C language operator '/' implements integer division, i.e: | |
| 113 ++ * a // b == (a / b) + epsilon (with 0 <= epsilon < 1, for positive a & b
) | |
| 114 ++ * | |
| 115 ++ * This can be rewritten as: | |
| 116 ++ * (num_items * LOAD_MULT / num_nodes) + epsilon >= up_load | |
| 117 ++ * (num_items * LOAD_MULT / num_nodes) - up_load >= - epsilon | |
| 118 ++ * | |
| 119 ++ * Let's call 'A' the left-hand side of the equation above, it is an integer | |
| 120 ++ * and: | |
| 121 ++ * - If A >= 0, the expression is true for any value of epsilon. | |
| 122 ++ * - If A <= -1, the expression is also true for any value of epsilon. | |
| 123 ++ * | |
| 124 ++ * In other words, this is equivalent to 'A >= 0', or: | |
| 125 ++ * (num_items * LOAD_MULT / num_nodes) >= up_load | |
| 126 ++ */ | |
| 127 ++#define LH_SHOULD_EXPAND(lh) \ | |
| 128 ++ ((lh)->num_items < MAX_LOAD_ITEMS && \ | |
| 129 ++ (((lh)->num_items*LH_LOAD_MULT/(lh)->num_nodes) >= (lh)->up_load)) | |
| 130 ++ | |
| 131 ++/* This macro returns 1 if the hash table should be contracted due to its | |
| 132 ++ * current load, or 0 otherwise. Abbreviated computations are: | |
| 133 ++ * | |
| 134 ++ * (num_items // num_nodes) <= (down_load // LOAD_MULT) | |
| 135 ++ * (num_items * LOAD_MULT // num_nodes) <= down_load | |
| 136 ++ * (num_items * LOAD_MULT / num_nodes) + epsilon <= down_load | |
| 137 ++ * (num_items * LOAD_MULT / num_nodes) - down_load <= -epsilon | |
| 138 ++ * | |
| 139 ++ * Let's call 'B' the left-hand side of the equation above: | |
| 140 ++ * - If B <= -1, the expression is true for any value of epsilon. | |
| 141 ++ * - If B >= 1, the expression is false for any value of epsilon. | |
| 142 ++ * - If B == 0, the expression is true for 'epsilon == 0', and false | |
| 143 ++ * otherwise, which is problematic. | |
| 144 ++ * | |
| 145 ++ * To work around this problem, while keeping the code simple, just change | |
| 146 ++ * the initial expression to use a strict inequality, i.e.: | |
| 147 ++ * | |
| 148 ++ * (num_items // num_nodes) < (down_load // LOAD_MULT) | |
| 149 ++ * | |
| 150 ++ * Which leads to: | |
| 151 ++ * (num_items * LOAD_MULT / num_nodes) - down_load < -epsilon | |
| 152 ++ * | |
| 153 ++ * Then: | |
| 154 ++ * - If 'B <= -1', the expression is true for any value of epsilon. | |
| 155 ++ * - If 'B' >= 0, the expression is false for any value of epsilon, | |
| 156 ++ * | |
| 157 ++ * In other words, this is equivalent to 'B < 0', or: | |
| 158 ++ * (num_items * LOAD_MULT / num_nodes) < down_load | |
| 159 ++ */ | |
| 160 ++#define LH_SHOULD_CONTRACT(lh) \ | |
| 161 ++ (((lh)->num_nodes > MIN_NODES) && \ | |
| 162 ++ ((lh)->num_items < MAX_LOAD_ITEMS && \ | |
| 163 ++ ((lh)->num_items*LH_LOAD_MULT/(lh)->num_nodes) < (lh)->down_load)) | |
| 164 ++ | |
| 165 + static void expand(_LHASH *lh); | |
| 166 + static void contract(_LHASH *lh); | |
| 167 + static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash); | |
| 168 +@@ -147,6 +255,7 @@ | |
| 169 + ret->num_hash_comps=0; | |
| 170 + | |
| 171 + ret->error=0; | |
| 172 ++ LH_ITERATION_RESET(ret); | |
| 173 + return(ret); | |
| 174 + err1: | |
| 175 + OPENSSL_free(ret); | |
| 176 +@@ -183,7 +292,10 @@ | |
| 177 + void *ret; | |
| 178 + | |
| 179 + lh->error=0; | |
| 180 +- if (lh->up_load <= (lh->num_items*LH_LOAD_MULT/lh->num_nodes)) | |
| 181 ++ /* Do not expand the array if the table is being iterated on. */ | |
| 182 ++ if (LH_ITERATION_IS_ACTIVE(lh)) | |
| 183 ++ LH_ITERATION_SET_MUTATED(lh); | |
| 184 ++ else if (LH_SHOULD_EXPAND(lh)) | |
| 185 + expand(lh); | |
| 186 + | |
| 187 + rn=getrn(lh,data,&hash); | |
| 188 +@@ -238,8 +350,10 @@ | |
| 189 + } | |
| 190 + | |
| 191 + lh->num_items--; | |
| 192 +- if ((lh->num_nodes > MIN_NODES) && | |
| 193 +- (lh->down_load >= (lh->num_items*LH_LOAD_MULT/lh->num_nodes))) | |
| 194 ++ /* Do not contract the array if the table is being iterated on. */ | |
| 195 ++ if (LH_ITERATION_IS_ACTIVE(lh)) | |
| 196 ++ LH_ITERATION_SET_MUTATED(lh); | |
| 197 ++ else if (LH_SHOULD_CONTRACT(lh)) | |
| 198 + contract(lh); | |
| 199 + | |
| 200 + return(ret); | |
| 201 +@@ -276,6 +390,7 @@ | |
| 202 + if (lh == NULL) | |
| 203 + return; | |
| 204 + | |
| 205 ++ LH_ITERATION_INCREMENT_DEPTH(lh); | |
| 206 + /* reverse the order so we search from 'top to bottom' | |
| 207 + * We were having memory leaks otherwise */ | |
| 208 + for (i=lh->num_nodes-1; i>=0; i--) | |
| 209 +@@ -283,10 +398,7 @@ | |
| 210 + a=lh->b[i]; | |
| 211 + while (a != NULL) | |
| 212 + { | |
| 213 +- /* 28/05/91 - eay - n added so items can be deleted | |
| 214 +- * via lh_doall */ | |
| 215 +- /* 22/05/08 - ben - eh? since a is not passed, | |
| 216 +- * this should not be needed */ | |
| 217 ++ /* note that 'a' can be deleted by the callback */ | |
| 218 + n=a->next; | |
| 219 + if(use_arg) | |
| 220 + func_arg(a->data,arg); | |
| 221 +@@ -295,6 +407,19 @@ | |
| 222 + a=n; | |
| 223 + } | |
| 224 + } | |
| 225 ++ | |
| 226 ++ LH_ITERATION_DECREMENT_DEPTH(lh); | |
| 227 ++ if (!LH_ITERATION_IS_ACTIVE(lh) && LH_ITERATION_IS_MUTATED(lh)) | |
| 228 ++ { | |
| 229 ++ LH_ITERATION_RESET(lh); | |
| 230 ++ /* Resize the buckets array if necessary. Each expand() or | |
| 231 ++ * contract() call will double/halve the size of the array, | |
| 232 ++ * respectively, so call them in a loop. */ | |
| 233 ++ while (LH_SHOULD_EXPAND(lh)) | |
| 234 ++ expand(lh); | |
| 235 ++ while (LH_SHOULD_CONTRACT(lh)) | |
| 236 ++ contract(lh); | |
| 237 ++ } | |
| 238 + } | |
| 239 + | |
| 240 + void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func) | |
| 241 +diff -burN android-openssl.orig/crypto/lhash/lhash.h android-openssl-lhash/cryp
to/lhash/lhash.h | |
| 242 +--- android-openssl.orig/crypto/lhash/lhash.h 2013-02-11 10:26:04.000000000 -0
500 | |
| 243 ++++ android-openssl-lhash/crypto/lhash/lhash.h 2013-11-05 14:16:49.500027656 -0
500 | |
| 244 +@@ -163,6 +163,7 @@ | |
| 245 + unsigned long num_hash_comps; | |
| 246 + | |
| 247 + int error; | |
| 248 ++ int iteration_state; | |
| 249 + } _LHASH; /* Do not use _LHASH directly, use LHASH_OF | |
| 250 + * and friends */ | |
| 251 + | |
| 252 +diff -burN android-openssl.orig/crypto/objects/o_names.c android-openssl-lhash/
crypto/objects/o_names.c | |
| 253 +--- android-openssl.orig/crypto/objects/o_names.c 2013-02-11 10:26:04.0000
00000 -0500 | |
| 254 ++++ android-openssl-lhash/crypto/objects/o_names.c 2013-11-05 14:16:49.5000
27656 -0500 | |
| 255 +@@ -350,13 +350,9 @@ | |
| 256 + | |
| 257 + void OBJ_NAME_cleanup(int type) | |
| 258 + { | |
| 259 +- unsigned long down_load; | |
| 260 +- | |
| 261 + if (names_lh == NULL) return; | |
| 262 + | |
| 263 + free_type=type; | |
| 264 +- down_load=lh_OBJ_NAME_down_load(names_lh); | |
| 265 +- lh_OBJ_NAME_down_load(names_lh)=0; | |
| 266 + | |
| 267 + lh_OBJ_NAME_doall(names_lh,LHASH_DOALL_FN(names_lh_free)); | |
| 268 + if (type < 0) | |
| 269 +@@ -366,7 +362,5 @@ | |
| 270 + names_lh=NULL; | |
| 271 + name_funcs_stack = NULL; | |
| 272 + } | |
| 273 +- else | |
| 274 +- lh_OBJ_NAME_down_load(names_lh)=down_load; | |
| 275 + } | |
| 276 + | |
| 277 +diff -burN android-openssl.orig/crypto/objects/obj_dat.c android-openssl-lhash/
crypto/objects/obj_dat.c | |
| 278 +--- android-openssl.orig/crypto/objects/obj_dat.c 2013-02-11 10:26:04.0000
00000 -0500 | |
| 279 ++++ android-openssl-lhash/crypto/objects/obj_dat.c 2013-11-05 14:16:49.5000
27656 -0500 | |
| 280 +@@ -227,7 +227,6 @@ | |
| 281 + return ; | |
| 282 + } | |
| 283 + if (added == NULL) return; | |
| 284 +- lh_ADDED_OBJ_down_load(added) = 0; | |
| 285 + lh_ADDED_OBJ_doall(added,LHASH_DOALL_FN(cleanup1)); /* zero counters */ | |
| 286 + lh_ADDED_OBJ_doall(added,LHASH_DOALL_FN(cleanup2)); /* set counters */ | |
| 287 + lh_ADDED_OBJ_doall(added,LHASH_DOALL_FN(cleanup3)); /* free objects */ | |
| 288 +diff -burN android-openssl.orig/include/openssl/lhash.h android-openssl-lhash/i
nclude/openssl/lhash.h | |
| 289 +--- android-openssl.orig/include/openssl/lhash.h 2013-11-05 14:11:20.9032
23251 -0500 | |
| 290 ++++ android-openssl-lhash/include/openssl/lhash.h 2013-11-05 14:16:49.5000
27656 -0500 | |
| 291 +@@ -163,6 +163,7 @@ | |
| 292 + unsigned long num_hash_comps; | |
| 293 + | |
| 294 + int error; | |
| 295 ++ int iteration_state; | |
| 296 + } _LHASH; /* Do not use _LHASH directly, use LHASH_OF | |
| 297 + * and friends */ | |
| 298 + | |
| 299 +diff -burN android-openssl.orig/include/openssl/ssl.h android-openssl-lhash/inc
lude/openssl/ssl.h | |
| 300 +--- android-openssl.orig/include/openssl/ssl.h 2013-11-05 14:11:21.013222124 -0
500 | |
| 301 ++++ android-openssl-lhash/include/openssl/ssl.h 2013-11-05 14:16:49.5000
27656 -0500 | |
| 302 +@@ -1681,10 +1681,10 @@ | |
| 303 + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) | |
| 304 + | |
| 305 + /* SSL_enable_tls_channel_id either configures a TLS server to accept TLS clie
nt | |
| 306 +- * IDs from clients, or configure a client to send TLS client IDs to server. | |
| 307 ++ * IDs from clients, or configures a client to send TLS client IDs to server. | |
| 308 + * Returns 1 on success. */ | |
| 309 +-#define SSL_enable_tls_channel_id(s) \ | |
| 310 +- SSL_ctrl(s,SSL_CTRL_CHANNEL_ID,0,NULL) | |
| 311 ++#define SSL_enable_tls_channel_id(ssl) \ | |
| 312 ++ SSL_ctrl(ssl,SSL_CTRL_CHANNEL_ID,0,NULL) | |
| 313 + /* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to | |
| 314 + * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on | |
| 315 + * success. */ | |
| 316 +diff -burN android-openssl.orig/ssl/ssl.h android-openssl-lhash/ssl/ssl.h | |
| 317 +--- android-openssl.orig/ssl/ssl.h 2013-11-05 14:11:18.363249269 -0500 | |
| 318 ++++ android-openssl-lhash/ssl/ssl.h 2013-11-05 14:16:49.510027563 -0500 | |
| 319 +@@ -1681,10 +1681,10 @@ | |
| 320 + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) | |
| 321 + | |
| 322 + /* SSL_enable_tls_channel_id either configures a TLS server to accept TLS clie
nt | |
| 323 +- * IDs from clients, or configure a client to send TLS client IDs to server. | |
| 324 ++ * IDs from clients, or configures a client to send TLS client IDs to server. | |
| 325 + * Returns 1 on success. */ | |
| 326 +-#define SSL_enable_tls_channel_id(s) \ | |
| 327 +- SSL_ctrl(s,SSL_CTRL_CHANNEL_ID,0,NULL) | |
| 328 ++#define SSL_enable_tls_channel_id(ssl) \ | |
| 329 ++ SSL_ctrl(ssl,SSL_CTRL_CHANNEL_ID,0,NULL) | |
| 330 + /* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to | |
| 331 + * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on | |
| 332 + * success. */ | |
| 333 +diff -burN android-openssl.orig/ssl/ssl_sess.c android-openssl-lhash/ssl/ssl_se
ss.c | |
| 334 +--- android-openssl.orig/ssl/ssl_sess.c 2013-11-05 14:11:18.363249269 -0
500 | |
| 335 ++++ android-openssl-lhash/ssl/ssl_sess.c 2013-11-05 14:16:49.510027563 -0
500 | |
| 336 +@@ -999,11 +999,8 @@ | |
| 337 + if (tp.cache == NULL) return; | |
| 338 + tp.time=t; | |
| 339 + CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | |
| 340 +- i=CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load; | |
| 341 +- CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=0; | |
| 342 + lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), | |
| 343 + TIMEOUT_PARAM, &tp); | |
| 344 +- CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=i; | |
| 345 + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | |
| 346 + } | |
| 347 + | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2072073002:
Delete bundled copy of OpenSSL and replace with README. (Closed)
Base URL: https://chromium.googlesource.com/chromium/deps/openssl@master