|
2613fbb2
|
2018-10-18T11:58:14
|
|
global: replace remaining use of `git__strtol32`
Replace remaining uses of the `git__strtol32` function. While these uses
are all safe as the strings were either sanitized or from a trusted
source, we want to remove `git__strtol32` altogether to avoid future
misuse.
|
|
21496c30
|
2018-03-30T00:20:23
|
|
stransport: fix a warning on iOS
"warning: values of type 'OSStatus' should not be used as format arguments; add an explicit cast to 'int' instead [-Wformat]"
|
|
d4198d4d
|
2018-07-26T12:11:34
|
|
mbedtls: remove unused variable "cacert"
In commit 382ed1e87 (mbedtls: load default CA certificates, 2018-03-29),
the function `git_mbedtls_stream_global_init` was refactored to call out
to `git_mbedtls__set_cert_location` instead of setting up the
certificates itself. The conversion forgot to remove the now-unused
"cacert" variable, which is now only getting declared to be free'd at
the end of the function. Remove it.
|
|
2fabb622
|
2018-07-21T01:36:46
|
|
mbedtls: free stream on shutdown
|
|
9e002cd5
|
2018-07-21T01:11:58
|
|
mbedtls: make ciphers_list a static array
Instead of allocating the ciphers_list, make it a static array. This
prevents us from leaking it or having to manage its memory.
|
|
4e62d26f
|
2018-07-21T00:45:24
|
|
mbedtls: free ciphers_list
|
|
defa9709
|
2018-07-21T00:41:38
|
|
mbedtls: check allocations
|
|
d19381e2
|
2018-06-25T14:57:07
|
|
mbedtls: fix `inline` being used in mbedtls headers
The mbedtls headers make direct use of the `inline` attribute to
instruct the compiler to inline functions. As this function is not C90
compliant, this can cause the compiler to error as soon as any of these
files is included and the `-std=c90` flag is being added.
The mbedtls headers declaring functions as inline always have a prelude
which define `inline` as a macro in case it is not yet defined. Thus, we
can easily replace their define with our own define, which simply copies
the logic of our own `GIT_INLINE` macro.
|
|
75395c87
|
2018-06-29T13:35:14
|
|
streams: report OpenSSL errors if global init fails
In case when the global initialization of the OpenSSL stream fails, the
user is left without any hint as to what went wrong as we do not provide
any error message at all. This commit refactors the init function to
have a common error path, which now also sets an error message including
the error string provided by OpenSSL.
|
|
05d89e72
|
2018-06-25T17:30:04
|
|
streams: openssl: Handle error in SSL_CTX_new
SIGSEGV otherwise...
|
|
b1cab70b
|
2018-05-30T02:15:09
|
|
streams: openssl: add missing check on OPENSSL_LEGACY_API
The `CRYPTO_THREADID` type is no longer available in OpenSSL ≥ 1.1.0 with deprecated features disabled, and causes build failures. Since the `threadid_cb()` function is only ever called by `git_openssl_set_locking()` when `defined(OPENSSL_LEGACY_API)`, only define it then.
|
|
ba5e39ac
|
2018-05-04T15:25:11
|
|
streams: openssl: fix bogus warning on unused parameter
Our provided callback function `threadid_cb(CRYPTO_THREADID
*threadid)` sets up a unique thread ID by asking pthread for the
current thread ID. Since openssl version 1.1,
`CRYPTO_THREADID_set_numeric` is simply a no-op macro, leaving
the `threadid` argument unused after the preprocessor has
processed the macro. GCC does not account for that situation and
will thus complain about `threadid` being unused.
Silence this warning by using `GIT_UNUSED(threadid)`.
|
|
26a09a93
|
2018-04-30T21:34:36
|
|
Merge pull request #4608 from pks-t/pks/openssl-api-cleanup
OpenSSL legacy API cleanups
|
|
173a0375
|
2018-02-08T23:50:14
|
|
openssl: remove leftover #ifdef
This is the "OpenSSL available" global init function after all
|
|
b3e0280d
|
2018-03-29T22:14:11
|
|
mbedtls: display error codes as hex for consistency with mbedTLS docs
Remaining parts of https://github.com/JuliaLang/julia/blob/8d47a314537779c8fb86642c54925613628a91b0/deps/patches/libgit2-mbedtls-fixup.patch
|
|
382ed1e8
|
2018-03-29T22:14:09
|
|
mbedtls: load default CA certificates
|
|
1edde0bc
|
2018-03-29T22:14:08
|
|
mbedtls: use mbedTLS certificate verification
Taken from https://github.com/JuliaLang/julia/blob/8d47a314537779c8fb86642c54925613628a91b0/deps/patches/libgit2-mbedtls-verify.patch, with some modifications.
|
|
4165bb7f
|
2018-03-29T22:14:06
|
|
mbedtls: use our own certificate validation
Otherwise REQUIRED means that `git_stream_certificate` will always error.
We're doing the mbedtls check in verify_server_cert though.
|
|
ec79b0fd
|
2018-03-29T22:14:04
|
|
mbedtls: fix libgit2 hanging due to incomplete writes
|
|
2419cccd
|
2018-03-29T22:14:02
|
|
mbedtls: default cipher list support
|
|
60e1ad92
|
2018-03-29T22:14:01
|
|
mbedtls: add global initialization
|
|
1a1875f3
|
2018-03-29T22:13:58
|
|
mbedtls: proper certificate verification
|
|
ca3b2234
|
2018-03-29T22:13:56
|
|
mbedtls: initial support
|
|
dd9de88a
|
2018-04-03T11:57:45
|
|
streams: openssl: provide `OPENSSL_init_ssl` for legacy API
In order to further avoid using ifdef's in our code flow, provide the
function `OPENSSL_init_ssl` in case we are using the legacy OpenSSL API.
|
|
ede63b99
|
2018-04-03T11:45:00
|
|
streams: openssl: unify version checks into single define
By now, we have several locations where we are checking the version of
OpenSSL to determine whether we can use the new "modern" API or need to
use the pre-1.1 legacy API. As we have multiple implementations of
OpenSSL with the rather recent libressl implementation, these checks
need to honor versions of both implementations, which is rather tedious.
Instead, we can just check once for the correct versions and define
`OPENSSL_LEGACY_API` in case we cannot use the modern API.
|
|
2505cbfc
|
2018-04-03T11:40:39
|
|
streams: openssl: move OpenSSL compat layer into implementation
OpenSSL version 1.1 has broken its API in quite a few ways. To avoid
having to use ifdef's everywhere, we have implemented the BIO functions
added in version 1.1 ourselves in case we are using the legacy API. We
were implementing them in the header file, though, which doesn't make a
lot of sense, since these functions are only ever being used the the
openssl stream implementation.
Move these functions to the implementation file and mark them static.
|
|
7490d449
|
2018-04-02T20:00:07
|
|
Fix build with LibreSSL 2.7
LibreSSL 2.7 adds OpenSSL 1.1 API
Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>
|
|
2022b004
|
2018-02-28T12:06:59
|
|
curl: explicitly initialize and cleanup global curl state
Our curl-based streams make use of the easy curl interface. This
interface automatically initializes and de-initializes the global curl
state by calling out to `curl_global_init` and `curl_global_cleanup`.
Thus, all global state will be repeatedly re-initialized when creating
multiple curl streams in succession. Despite being inefficient, this is
not thread-safe due to `curl_global_init` being not thread-safe itself.
Thus a multi-threaded programing handling multiple curl streams at the
same time is inherently racy.
Fix the issue by globally initializing and cleaning up curl's state.
|
|
84f03b3a
|
2018-02-16T10:48:55
|
|
streams: openssl: fix use of uninitialized variable
When verifying the server certificate, we do try to make sure that the
hostname actually matches the certificate alternative names. In cases
where the host is either an IPv4 or IPv6 address, we have to compare the
binary representations of the hostname with the declared IP address of
the certificate. We only do that comparison in case we were successfully
able to parse the hostname as an IP, which would always result in the
memory region being initialized. Still, GCC 6.4.0 was complaining about
usage of non-initialized memory.
Fix the issue by simply asserting that `addr` needs to be initialized.
This shuts up the GCC warning.
|
|
a223bae5
|
2018-01-03T14:57:25
|
|
Merge pull request #4437 from pks-t/pks/openssl-hash-errors
hash: openssl: check return values of SHA1_* functions
|
|
ba56f781
|
2018-01-03T12:54:42
|
|
streams: openssl: fix thread-safety for OpenSSL error messages
The function `ERR_error_string` can be invoked without providing a
buffer, in which case OpenSSL will simply return a string printed into a
static buffer. Obviously and as documented in ERR_error_string(3), this
is not thread-safe at all. As libgit2 is a library, though, it is easily
possible that other threads may be using OpenSSL at the same time, which
might lead to clobbered error strings.
Fix the issue by instead using a stack-allocated buffer. According to
the documentation, the caller has to provide a buffer of at least 256
bytes of size. While we do so, make sure that the buffer will never get
overflown by switching to `ERR_error_string_n` to specify the buffer's
size.
|
|
8be2a790
|
2017-12-05T23:21:05
|
|
openssl: free the peer certificate
Per SSL_get_peer_certificate docs:
```
The reference count of the X509 object is incremented by one, so that it will not be destroyed when the session containing the peer certificate is freed. The X509 object must be explicitly freed using X509_free().
```
|
|
2518eb81
|
2017-11-24T14:04:10
|
|
openssl: merge all the exit paths of verify_server_cert
This makes it easier to cleanup allocated resources on exit.
|
|
1b2e83a9
|
2017-12-13T00:19:41
|
|
stransport: provide error message on trust failures
Fixes #4440
|
|
2d2e70f8
|
2017-11-30T18:10:28
|
|
openssl: fix thread-safety on non-glibc POSIX systems
While the OpenSSL library provides all means to work safely in a
multi-threaded application, we fail to do so correctly. Quoting from
crypto_lock(3):
OpenSSL can safely be used in multi-threaded applications provided
that at least two callback functions are set, locking_function and
threadid_func.
We do in fact provide the means to set up the locking function via
`git_openssl_set_locking()`, where we initialize a set of locks by using
the POSIX threads API and set the correct callback function to lock and
unlock them.
But what we do not do is setting the `threadid_func` callback. This
function is being used to correctly locate thread-local data of the
OpenSSL library and should thus return per-thread identifiers. Digging
deeper into OpenSSL's documentation, the library does provide a fallback
in case that locking function is not provided by the user. On Windows
and BeOS we should be safe, as it simply "uses the system's default
thread identifying API". On other platforms though OpenSSL will fall
back to using the address of `errno`, assuming it is thread-local.
While this assumption holds true for glibc-based systems, POSIX in fact
does not specify whether it is thread-local or not. Quoting from
errno(3p):
It is unspecified whether errno is a macro or an identifier declared
with external linkage.
And in fact, with musl there is at least one libc implementation which
simply declares `errno` as a simple `int` without being thread-local. On
those systems, the fallback threadid function of OpenSSL will not be
thread-safe.
Fix this by setting up our own callback for this setting. As users of
libgit2 may want to set it themselves, we obviously cannot always set
that function on initialization. But as we already set up primitives for
threading in `git_openssl_set_locking()`, this function becomes the
obvious choice where to implement the additional setup.
|
|
22317057
|
2017-03-21T00:36:32
|
|
https: Prevent OpenSSL from namespace-leaking
|
|
e9369856
|
2017-03-21T00:25:15
|
|
stream: Gather streams to src/streams
|