delta/libgit2.git/src/streams/openssl.c, branch master

streams: use GIT_ASSERT

2020-11-27T11:09:21+00:00

runtime: move init/shutdown into the "runtime"

2020-10-11T19:13:04+00:00

Provide a mechanism for system components to register for initialization
and shutdown of the libgit2 runtime.

settings: localize global data

2020-10-11T13:43:35+00:00

Move the settings global data teardown into its own separate function,
instead of intermingled with the global state.

streams: openssl: fix memleak due to us not free'ing certs

2020-05-15T15:54:40+00:00

When creating a `git_cert` from the OpenSSL X509 certificate of a given
stream, we do not call `X509_free()` on the certificate, leading to a
memory leak as soon as the certificate is requested e.g. by the
certificate check callback.

Fix the issue by properly calling `X509_free()`.

Merge pull request #5391 from pks-t/pks/coverity-fixes

2020-02-19T11:14:16+00:00

Coverity fixes

streams: openssl: switch approach to silence Valgrind errors

2020-02-11T11:01:54+00:00

As OpenSSL loves using uninitialized bytes as another source of entropy,
we need to mark them as defined so that Valgrind won't complain about
use of these bytes. Traditionally, we've been using the macro
`VALGRIND_MAKE_MEM_DEFINED` provided by Valgrind, but starting with
OpenSSL 1.1 the code doesn't compile anymore due to `struct SSL` having
become opaque. As such, we also can't set it as defined anymore, as we
have no way of knowing its size.

Let's change gears instead by just swapping out the allocator functions
of OpenSSL with our own ones. The twist is that instead of calling
`malloc`, we just call `calloc` to have the bytes initialized
automatically. Next to soothing Valgrind, this approach has the benefit
of being completely agnostic of the memory sanitizer and is neatly
contained at a single place.

Note that we shouldn't do this for non-Valgrind builds. As we cannot
set up memory functions for a given SSL context, only, we need to swap
them at a global context. Furthermore, as it's possible to call
`OPENSSL_set_mem_functions` once only, we'd prevent users of libgit2 to
set up their own allocators.

streams: openssl: ignore return value of `git_mutex_lock`

2020-02-07T12:08:23+00:00

OpenSSL pre-v1.1 required us to set up a locking function to properly
support multithreading. The locking function signature cannot return any
error codes, and as a result we can't do anything if `git_mutex_lock`
fails. To silence static analysis tools, let's just explicitly ignore
its return value by casting it to `void`.

valgrind: add valgrind hints in OpenSSL

2019-11-24T06:29:38+00:00

Provide usage hints to valgrind.  We trust the data coming back from
OpenSSL to have been properly initialized.  (And if it has not, it's an
OpenSSL bug, not a libgit2 bug.)

We previously took the `VALGRIND` option to CMake as a hint to disable
mmap.  Remove that; it's broken.  Now use it to pass on the `VALGRIND`
definition so that sources can provide valgrind hints.

valgrind: add suppressions for undefined use

2019-11-24T06:29:38+00:00

valgrind will warn that OpenSSL will use undefined data in connect/read
when talking to certain other TLS stacks.  Thankfully, this only seems
to occur when gcc is the compiler, so hopefully valgrind is just
misunderstanding an optimization.  Regardless, suppress this warning.

openssl: fix potential size overflow when writing data

2019-01-31T13:47:42+00:00

Our `openssl_write` function calls `SSL_write` by passing in both `data`
and `len` arguments directly. Thing is, our `len` parameter is of type
`size_t` and theirs is of type `int`. We thus need to clamp our length
to be at most `INT_MAX`.