OLD | NEW |
(Empty) | |
| 1 diff -burN android-openssl.orig/crypto/conf/conf_api.c android-openssl-lhash/cry
pto/conf/conf_api.c |
| 2 --- android-openssl.orig/crypto/conf/conf_api.c 2013-02-11 10:26:04.000000000 -0
500 |
| 3 +++ android-openssl-lhash/crypto/conf/conf_api.c 2013-11-05 14:16:49.5000
27656 -0500 |
| 4 @@ -225,9 +225,6 @@ |
| 5 { |
| 6 if (conf == NULL || conf->data == NULL) return; |
| 7 |
| 8 - lh_CONF_VALUE_down_load(conf->data)=0; /* evil thing to make |
| 9 - * sure the 'OPENSSL_free()' works as |
| 10 - * expected */ |
| 11 lh_CONF_VALUE_doall_arg(conf->data, |
| 12 LHASH_DOALL_ARG_FN(value_free_hash), |
| 13 LHASH_OF(CONF_VALUE), conf->data); |
| 14 diff -burN android-openssl.orig/crypto/lhash/lhash.c android-openssl-lhash/crypt
o/lhash/lhash.c |
| 15 --- android-openssl.orig/crypto/lhash/lhash.c 2013-02-11 10:26:04.000000000 -0
500 |
| 16 +++ android-openssl-lhash/crypto/lhash/lhash.c 2013-11-05 14:16:49.500027656 -0
500 |
| 17 @@ -94,6 +94,7 @@ |
| 18 * |
| 19 * 1.0 eay - First version |
| 20 */ |
| 21 +#include <limits.h> |
| 22 #include <stdio.h> |
| 23 #include <string.h> |
| 24 #include <stdlib.h> |
| 25 @@ -107,6 +108,113 @@ |
| 26 #define UP_LOAD (2*LH_LOAD_MULT) /* load times 256 (default 2)
*/ |
| 27 #define DOWN_LOAD (LH_LOAD_MULT) /* load times 256 (default 1) */ |
| 28 |
| 29 +/* Maximum number of nodes to guarantee the load computations don't overflow */ |
| 30 +#define MAX_LOAD_ITEMS (UINT_MAX / LH_LOAD_MULT) |
| 31 + |
| 32 +/* The field 'iteration_state' is used to hold data to ensure that a hash |
| 33 + * table is not resized during an 'insert' or 'delete' operation performed |
| 34 + * within a lh_doall/lh_doall_arg call. |
| 35 + * |
| 36 + * Conceptually, this records two things: |
| 37 + * |
| 38 + * - A 'depth' count, which is incremented at the start of lh_doall*, |
| 39 + * and decremented just before it returns. |
| 40 + * |
| 41 + * - A 'mutated' boolean flag, which is set in lh_insert() or lh_delete() |
| 42 + * when the operation is performed with a non-0 depth. |
| 43 + * |
| 44 + * The following are helper macros to handle this state in a more explicit |
| 45 + * way. |
| 46 + */ |
| 47 + |
| 48 +/* Reset the iteration state to its defaults. */ |
| 49 +#define LH_ITERATION_RESET(lh) do { \ |
| 50 + (lh)->iteration_state = 0; \ |
| 51 + } while (0) |
| 52 + |
| 53 +/* Returns 1 if the hash table is currently being iterated on, 0 otherwise. */ |
| 54 +#define LH_ITERATION_IS_ACTIVE(lh) ((lh)->iteration_state >= 2) |
| 55 + |
| 56 +/* Increment iteration depth. This should always be followed by a paired call |
| 57 + * to LH_ITERATION_DECREMENT_DEPTH(). */ |
| 58 +#define LH_ITERATION_INCREMENT_DEPTH(lh) do { \ |
| 59 + (lh)->iteration_state += 2; \ |
| 60 + } while (0) |
| 61 + |
| 62 +/* Decrement iteration depth. This should always be called after a paired call |
| 63 + * to LH_ITERATION_INCREMENT_DEPTH(). */ |
| 64 +#define LH_ITERATION_DECREMENT_DEPTH(lh) do { \ |
| 65 + (lh)->iteration_state -= 2; \ |
| 66 + } while (0) |
| 67 + |
| 68 +/* Return 1 if the iteration 'mutated' flag is set, 0 otherwise. */ |
| 69 +#define LH_ITERATION_IS_MUTATED(lh) (((lh)->iteration_state & 1) != 0) |
| 70 + |
| 71 +/* Set the iteration 'mutated' flag to 1. LH_ITERATION_RESET() to reset it. */ |
| 72 +#define LH_ITERATION_SET_MUTATED(lh) do { \ |
| 73 + (lh)->iteration_state |= 1; \ |
| 74 + } while (0) |
| 75 + |
| 76 +/* This macro returns 1 if the hash table should be expanded due to its current |
| 77 + * load, or 0 otherwise. The exact comparison to be performed is expressed by |
| 78 + * the mathematical expression (where '//' denotes division over real numbers): |
| 79 + * |
| 80 + * (num_items // num_nodes) >= (up_load // LOAD_MULT) or |
| 81 + * (num_items * LOAD_MULT // num_nodes) >= up_load. |
| 82 + * |
| 83 + * Given that the C language operator '/' implements integer division, i.e: |
| 84 + * a // b == (a / b) + epsilon (with 0 <= epsilon < 1, for positive a & b) |
| 85 + * |
| 86 + * This can be rewritten as: |
| 87 + * (num_items * LOAD_MULT / num_nodes) + epsilon >= up_load |
| 88 + * (num_items * LOAD_MULT / num_nodes) - up_load >= - epsilon |
| 89 + * |
| 90 + * Let's call 'A' the left-hand side of the equation above, it is an integer |
| 91 + * and: |
| 92 + * - If A >= 0, the expression is true for any value of epsilon. |
| 93 + * - If A <= -1, the expression is also true for any value of epsilon. |
| 94 + * |
| 95 + * In other words, this is equivalent to 'A >= 0', or: |
| 96 + * (num_items * LOAD_MULT / num_nodes) >= up_load |
| 97 + */ |
| 98 +#define LH_SHOULD_EXPAND(lh) \ |
| 99 + ((lh)->num_items < MAX_LOAD_ITEMS && \ |
| 100 + (((lh)->num_items*LH_LOAD_MULT/(lh)->num_nodes) >= (lh)->up_load)) |
| 101 + |
| 102 +/* This macro returns 1 if the hash table should be contracted due to its |
| 103 + * current load, or 0 otherwise. Abbreviated computations are: |
| 104 + * |
| 105 + * (num_items // num_nodes) <= (down_load // LOAD_MULT) |
| 106 + * (num_items * LOAD_MULT // num_nodes) <= down_load |
| 107 + * (num_items * LOAD_MULT / num_nodes) + epsilon <= down_load |
| 108 + * (num_items * LOAD_MULT / num_nodes) - down_load <= -epsilon |
| 109 + * |
| 110 + * Let's call 'B' the left-hand side of the equation above: |
| 111 + * - If B <= -1, the expression is true for any value of epsilon. |
| 112 + * - If B >= 1, the expression is false for any value of epsilon. |
| 113 + * - If B == 0, the expression is true for 'epsilon == 0', and false |
| 114 + * otherwise, which is problematic. |
| 115 + * |
| 116 + * To work around this problem, while keeping the code simple, just change |
| 117 + * the initial expression to use a strict inequality, i.e.: |
| 118 + * |
| 119 + * (num_items // num_nodes) < (down_load // LOAD_MULT) |
| 120 + * |
| 121 + * Which leads to: |
| 122 + * (num_items * LOAD_MULT / num_nodes) - down_load < -epsilon |
| 123 + * |
| 124 + * Then: |
| 125 + * - If 'B <= -1', the expression is true for any value of epsilon. |
| 126 + * - If 'B' >= 0, the expression is false for any value of epsilon, |
| 127 + * |
| 128 + * In other words, this is equivalent to 'B < 0', or: |
| 129 + * (num_items * LOAD_MULT / num_nodes) < down_load |
| 130 + */ |
| 131 +#define LH_SHOULD_CONTRACT(lh) \ |
| 132 + (((lh)->num_nodes > MIN_NODES) && \ |
| 133 + ((lh)->num_items < MAX_LOAD_ITEMS && \ |
| 134 + ((lh)->num_items*LH_LOAD_MULT/(lh)->num_nodes) < (lh)->down_load)) |
| 135 + |
| 136 static void expand(_LHASH *lh); |
| 137 static void contract(_LHASH *lh); |
| 138 static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash); |
| 139 @@ -147,6 +255,7 @@ |
| 140 ret->num_hash_comps=0; |
| 141 |
| 142 ret->error=0; |
| 143 + LH_ITERATION_RESET(ret); |
| 144 return(ret); |
| 145 err1: |
| 146 OPENSSL_free(ret); |
| 147 @@ -183,7 +292,10 @@ |
| 148 void *ret; |
| 149 |
| 150 lh->error=0; |
| 151 - if (lh->up_load <= (lh->num_items*LH_LOAD_MULT/lh->num_nodes)) |
| 152 + /* Do not expand the array if the table is being iterated on. */ |
| 153 + if (LH_ITERATION_IS_ACTIVE(lh)) |
| 154 + LH_ITERATION_SET_MUTATED(lh); |
| 155 + else if (LH_SHOULD_EXPAND(lh)) |
| 156 expand(lh); |
| 157 |
| 158 rn=getrn(lh,data,&hash); |
| 159 @@ -238,8 +350,10 @@ |
| 160 } |
| 161 |
| 162 lh->num_items--; |
| 163 - if ((lh->num_nodes > MIN_NODES) && |
| 164 - (lh->down_load >= (lh->num_items*LH_LOAD_MULT/lh->num_nodes))) |
| 165 + /* Do not contract the array if the table is being iterated on. */ |
| 166 + if (LH_ITERATION_IS_ACTIVE(lh)) |
| 167 + LH_ITERATION_SET_MUTATED(lh); |
| 168 + else if (LH_SHOULD_CONTRACT(lh)) |
| 169 contract(lh); |
| 170 |
| 171 return(ret); |
| 172 @@ -276,6 +390,7 @@ |
| 173 if (lh == NULL) |
| 174 return; |
| 175 |
| 176 + LH_ITERATION_INCREMENT_DEPTH(lh); |
| 177 /* reverse the order so we search from 'top to bottom' |
| 178 * We were having memory leaks otherwise */ |
| 179 for (i=lh->num_nodes-1; i>=0; i--) |
| 180 @@ -283,10 +398,7 @@ |
| 181 a=lh->b[i]; |
| 182 while (a != NULL) |
| 183 { |
| 184 - /* 28/05/91 - eay - n added so items can be deleted |
| 185 - * via lh_doall */ |
| 186 - /* 22/05/08 - ben - eh? since a is not passed, |
| 187 - * this should not be needed */ |
| 188 + /* note that 'a' can be deleted by the callback */ |
| 189 n=a->next; |
| 190 if(use_arg) |
| 191 func_arg(a->data,arg); |
| 192 @@ -295,6 +407,19 @@ |
| 193 a=n; |
| 194 } |
| 195 } |
| 196 + |
| 197 + LH_ITERATION_DECREMENT_DEPTH(lh); |
| 198 + if (!LH_ITERATION_IS_ACTIVE(lh) && LH_ITERATION_IS_MUTATED(lh)) |
| 199 + { |
| 200 + LH_ITERATION_RESET(lh); |
| 201 + /* Resize the buckets array if necessary. Each expand() or |
| 202 + * contract() call will double/halve the size of the array, |
| 203 + * respectively, so call them in a loop. */ |
| 204 + while (LH_SHOULD_EXPAND(lh)) |
| 205 + expand(lh); |
| 206 + while (LH_SHOULD_CONTRACT(lh)) |
| 207 + contract(lh); |
| 208 + } |
| 209 } |
| 210 |
| 211 void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func) |
| 212 diff -burN android-openssl.orig/crypto/lhash/lhash.h android-openssl-lhash/crypt
o/lhash/lhash.h |
| 213 --- android-openssl.orig/crypto/lhash/lhash.h 2013-02-11 10:26:04.000000000 -0
500 |
| 214 +++ android-openssl-lhash/crypto/lhash/lhash.h 2013-11-05 14:16:49.500027656 -0
500 |
| 215 @@ -163,6 +163,7 @@ |
| 216 unsigned long num_hash_comps; |
| 217 |
| 218 int error; |
| 219 + int iteration_state; |
| 220 } _LHASH; /* Do not use _LHASH directly, use LHASH_OF |
| 221 * and friends */ |
| 222 |
| 223 diff -burN android-openssl.orig/crypto/objects/o_names.c android-openssl-lhash/c
rypto/objects/o_names.c |
| 224 --- android-openssl.orig/crypto/objects/o_names.c 2013-02-11 10:26:04.0000
00000 -0500 |
| 225 +++ android-openssl-lhash/crypto/objects/o_names.c 2013-11-05 14:16:49.5000
27656 -0500 |
| 226 @@ -350,13 +350,9 @@ |
| 227 |
| 228 void OBJ_NAME_cleanup(int type) |
| 229 { |
| 230 - unsigned long down_load; |
| 231 - |
| 232 if (names_lh == NULL) return; |
| 233 |
| 234 free_type=type; |
| 235 - down_load=lh_OBJ_NAME_down_load(names_lh); |
| 236 - lh_OBJ_NAME_down_load(names_lh)=0; |
| 237 |
| 238 lh_OBJ_NAME_doall(names_lh,LHASH_DOALL_FN(names_lh_free)); |
| 239 if (type < 0) |
| 240 @@ -366,7 +362,5 @@ |
| 241 names_lh=NULL; |
| 242 name_funcs_stack = NULL; |
| 243 } |
| 244 - else |
| 245 - lh_OBJ_NAME_down_load(names_lh)=down_load; |
| 246 } |
| 247 |
| 248 diff -burN android-openssl.orig/crypto/objects/obj_dat.c android-openssl-lhash/c
rypto/objects/obj_dat.c |
| 249 --- android-openssl.orig/crypto/objects/obj_dat.c 2013-02-11 10:26:04.0000
00000 -0500 |
| 250 +++ android-openssl-lhash/crypto/objects/obj_dat.c 2013-11-05 14:16:49.5000
27656 -0500 |
| 251 @@ -227,7 +227,6 @@ |
| 252 return ; |
| 253 } |
| 254 if (added == NULL) return; |
| 255 - lh_ADDED_OBJ_down_load(added) = 0; |
| 256 lh_ADDED_OBJ_doall(added,LHASH_DOALL_FN(cleanup1)); /* zero counters */ |
| 257 lh_ADDED_OBJ_doall(added,LHASH_DOALL_FN(cleanup2)); /* set counters */ |
| 258 lh_ADDED_OBJ_doall(added,LHASH_DOALL_FN(cleanup3)); /* free objects */ |
| 259 diff -burN android-openssl.orig/include/openssl/lhash.h android-openssl-lhash/in
clude/openssl/lhash.h |
| 260 --- android-openssl.orig/include/openssl/lhash.h 2013-11-05 14:11:20.9032
23251 -0500 |
| 261 +++ android-openssl-lhash/include/openssl/lhash.h 2013-11-05 14:16:49.5000
27656 -0500 |
| 262 @@ -163,6 +163,7 @@ |
| 263 unsigned long num_hash_comps; |
| 264 |
| 265 int error; |
| 266 + int iteration_state; |
| 267 } _LHASH; /* Do not use _LHASH directly, use LHASH_OF |
| 268 * and friends */ |
| 269 |
| 270 diff -burN android-openssl.orig/include/openssl/ssl.h android-openssl-lhash/incl
ude/openssl/ssl.h |
| 271 --- android-openssl.orig/include/openssl/ssl.h 2013-11-05 14:11:21.013222124 -0
500 |
| 272 +++ android-openssl-lhash/include/openssl/ssl.h 2013-11-05 14:16:49.500027656 -0
500 |
| 273 @@ -1681,10 +1681,10 @@ |
| 274 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) |
| 275 |
| 276 /* SSL_enable_tls_channel_id either configures a TLS server to accept TLS clien
t |
| 277 - * IDs from clients, or configure a client to send TLS client IDs to server. |
| 278 + * IDs from clients, or configures a client to send TLS client IDs to server. |
| 279 * Returns 1 on success. */ |
| 280 -#define SSL_enable_tls_channel_id(s) \ |
| 281 - SSL_ctrl(s,SSL_CTRL_CHANNEL_ID,0,NULL) |
| 282 +#define SSL_enable_tls_channel_id(ssl) \ |
| 283 + SSL_ctrl(ssl,SSL_CTRL_CHANNEL_ID,0,NULL) |
| 284 /* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to |
| 285 * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on |
| 286 * success. */ |
| 287 diff -burN android-openssl.orig/ssl/ssl.h android-openssl-lhash/ssl/ssl.h |
| 288 --- android-openssl.orig/ssl/ssl.h 2013-11-05 14:11:18.363249269 -0500 |
| 289 +++ android-openssl-lhash/ssl/ssl.h 2013-11-05 14:16:49.510027563 -0500 |
| 290 @@ -1681,10 +1681,10 @@ |
| 291 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) |
| 292 |
| 293 /* SSL_enable_tls_channel_id either configures a TLS server to accept TLS clien
t |
| 294 - * IDs from clients, or configure a client to send TLS client IDs to server. |
| 295 + * IDs from clients, or configures a client to send TLS client IDs to server. |
| 296 * Returns 1 on success. */ |
| 297 -#define SSL_enable_tls_channel_id(s) \ |
| 298 - SSL_ctrl(s,SSL_CTRL_CHANNEL_ID,0,NULL) |
| 299 +#define SSL_enable_tls_channel_id(ssl) \ |
| 300 + SSL_ctrl(ssl,SSL_CTRL_CHANNEL_ID,0,NULL) |
| 301 /* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to |
| 302 * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on |
| 303 * success. */ |
| 304 diff -burN android-openssl.orig/ssl/ssl_sess.c android-openssl-lhash/ssl/ssl_ses
s.c |
| 305 --- android-openssl.orig/ssl/ssl_sess.c 2013-11-05 14:11:18.363249269 -0500 |
| 306 +++ android-openssl-lhash/ssl/ssl_sess.c 2013-11-05 14:16:49.510027563 -0
500 |
| 307 @@ -999,11 +999,8 @@ |
| 308 if (tp.cache == NULL) return; |
| 309 tp.time=t; |
| 310 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); |
| 311 - i=CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load; |
| 312 - CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=0; |
| 313 lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), |
| 314 TIMEOUT_PARAM, &tp); |
| 315 - CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=i; |
| 316 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); |
| 317 } |
| 318 |
OLD | NEW |