delta/libgit2.git/src/streams/openssl.c, branch ethomson/test_https github.com: libgit2/libgit2.git openssl: lazily load libraries when dynamically loading 2021-08-24T20:23:46+00:00 Edward Thomson ethomson@edwardthomson.com 2021-08-24T19:53:10+00:00 9fce506ce358f51d5556d39e68ab507202da48c3 Defer dlopen until it's needed when dynamically loading OpenSSL libraries. 
Defer dlopen until it's needed when dynamically loading OpenSSL
libraries.
openssl: dynamically load libssl and symbols (optionally) 2021-08-24T18:09:10+00:00 Edward Thomson ethomson@edwardthomson.com 2021-08-11T00:30:38+00:00 0903cac1d08817e87c556f5a3e6ec881be86c7f2 Provide an interface around OpenSSL to dynamically load the libraries and symbols, so that users can distribute a libgit2 library that is not linked directly against OpenSSL. This enables users to target multiple distributions with a single binary. This mechanism is optional and disabled by default. Configure cmake with -DUSE_HTTPS=OpenSSL-Dynamic to use it. 
Provide an interface around OpenSSL to dynamically load the libraries
and symbols, so that users can distribute a libgit2 library that is not
linked directly against OpenSSL.  This enables users to target multiple
distributions with a single binary.

This mechanism is optional and disabled by default.  Configure cmake
with -DUSE_HTTPS=OpenSSL-Dynamic to use it.
openssl: separate legacy api 2021-08-24T18:09:10+00:00 Edward Thomson ethomson@edwardthomson.com 2021-08-11T01:41:05+00:00 150eddd9425c060d617915d1989bde8532aeb5a2 Refactor the OpenSSL stream implementation so that the legacy code is better abstracted. This will enable future development. 
Refactor the OpenSSL stream implementation so that the legacy code is better
abstracted.  This will enable future development.
openssl: don't fail when we can't customize allocators 2021-08-21T12:06:51+00:00 Edward Thomson ethomson@edwardthomson.com 2021-08-19T20:49:41+00:00 1903cfef0b318c861bd29f03c783815b1349cf6d During valgrind runs, we try to swap out the OpenSSL allocators for our own. This allows us to avoid some unnecessary warnings about usage. Unfortunately, many builds of OpenSSL do not allow you to swap allocators; for example FIPS builds and the builds running in CentOS. Try to swap the allocators, but do not fail when they cannot be customized. 
During valgrind runs, we try to swap out the OpenSSL allocators for our
own.  This allows us to avoid some unnecessary warnings about usage.
Unfortunately, many builds of OpenSSL do not allow you to swap
allocators; for example FIPS builds and the builds running in CentOS.

Try to swap the allocators, but do not fail when they cannot be
customized.
streams: use GIT_ASSERT 2020-11-27T11:09:21+00:00 Edward Thomson ethomson@edwardthomson.com 2020-11-21T23:52:39+00:00 07a3c9928aa36cfd6f02d500222ed6cb22eeeed1 






runtime: move init/shutdown into the "runtime"
2020-10-11T19:13:04+00:00

Edward Thomson
ethomson@edwardthomson.com

2020-05-15T10:47:09+00:00

e316b0d3d64eb8f65f4109c1565d929b29e1d33a

Provide a mechanism for system components to register for initialization
and shutdown of the libgit2 runtime.





Provide a mechanism for system components to register for initialization
and shutdown of the libgit2 runtime.







settings: localize global data
2020-10-11T13:43:35+00:00

Edward Thomson
ethomson@edwardthomson.com

2020-05-13T09:39:33+00:00

6554b40e42df831d7fc9c623d34b2738227dd8a2

Move the settings global data teardown into its own separate function,
instead of intermingled with the global state.





Move the settings global data teardown into its own separate function,
instead of intermingled with the global state.







streams: openssl: fix memleak due to us not free'ing certs
2020-05-15T15:54:40+00:00

Patrick Steinhardt
ps@pks.im

2020-05-15T15:46:24+00:00

b43a9e6657120fdfb3d01e603aac4c006de98477

When creating a `git_cert` from the OpenSSL X509 certificate of a given
stream, we do not call `X509_free()` on the certificate, leading to a
memory leak as soon as the certificate is requested e.g. by the
certificate check callback.

Fix the issue by properly calling `X509_free()`.





When creating a `git_cert` from the OpenSSL X509 certificate of a given
stream, we do not call `X509_free()` on the certificate, leading to a
memory leak as soon as the certificate is requested e.g. by the
certificate check callback.

Fix the issue by properly calling `X509_free()`.







Merge pull request #5391 from pks-t/pks/coverity-fixes
2020-02-19T11:14:16+00:00

Patrick Steinhardt
ps@pks.im

2020-02-19T11:14:16+00:00

8aa04a37d180240edb68db4267a0895ce38e9fc3

Coverity fixes




Coverity fixes






streams: openssl: switch approach to silence Valgrind errors
2020-02-11T11:01:54+00:00

Patrick Steinhardt
ps@pks.im

2020-02-11T09:37:32+00:00

0119e57df028d2eb9ed6f80aa859bb4ed976bb2b

As OpenSSL loves using uninitialized bytes as another source of entropy,
we need to mark them as defined so that Valgrind won't complain about
use of these bytes. Traditionally, we've been using the macro
`VALGRIND_MAKE_MEM_DEFINED` provided by Valgrind, but starting with
OpenSSL 1.1 the code doesn't compile anymore due to `struct SSL` having
become opaque. As such, we also can't set it as defined anymore, as we
have no way of knowing its size.

Let's change gears instead by just swapping out the allocator functions
of OpenSSL with our own ones. The twist is that instead of calling
`malloc`, we just call `calloc` to have the bytes initialized
automatically. Next to soothing Valgrind, this approach has the benefit
of being completely agnostic of the memory sanitizer and is neatly
contained at a single place.

Note that we shouldn't do this for non-Valgrind builds. As we cannot
set up memory functions for a given SSL context, only, we need to swap
them at a global context. Furthermore, as it's possible to call
`OPENSSL_set_mem_functions` once only, we'd prevent users of libgit2 to
set up their own allocators.





As OpenSSL loves using uninitialized bytes as another source of entropy,
we need to mark them as defined so that Valgrind won't complain about
use of these bytes. Traditionally, we've been using the macro
`VALGRIND_MAKE_MEM_DEFINED` provided by Valgrind, but starting with
OpenSSL 1.1 the code doesn't compile anymore due to `struct SSL` having
become opaque. As such, we also can't set it as defined anymore, as we
have no way of knowing its size.

Let's change gears instead by just swapping out the allocator functions
of OpenSSL with our own ones. The twist is that instead of calling
`malloc`, we just call `calloc` to have the bytes initialized
automatically. Next to soothing Valgrind, this approach has the benefit
of being completely agnostic of the memory sanitizer and is neatly
contained at a single place.

Note that we shouldn't do this for non-Valgrind builds. As we cannot
set up memory functions for a given SSL context, only, we need to swap
them at a global context. Furthermore, as it's possible to call
`OPENSSL_set_mem_functions` once only, we'd prevent users of libgit2 to
set up their own allocators.