1. 11 Feb, 2020 1 commit
    • streams: openssl: switch approach to silence Valgrind errors · 0119e57d
      As OpenSSL loves using uninitialized bytes as another source of entropy,
      we need to mark them as defined so that Valgrind won't complain about
      use of these bytes. Traditionally, we've been using the macro
      `VALGRIND_MAKE_MEM_DEFINED` provided by Valgrind, but starting with
      OpenSSL 1.1 the code doesn't compile anymore due to `struct SSL` having
      become opaque. As such, we also can't set it as defined anymore, as we
      have no way of knowing its size.
      
      Let's change gears instead by just swapping out the allocator functions
      of OpenSSL with our own ones. The twist is that instead of calling
      `malloc`, we just call `calloc` to have the bytes initialized
      automatically. Next to soothing Valgrind, this approach has the benefit
      of being completely agnostic of the memory sanitizer and is neatly
      contained at a single place.
      
      Note that we shouldn't do this for non-Valgrind builds. As we cannot
      set up memory functions for a given SSL context, only, we need to swap
      them at a global context. Furthermore, as it's possible to call
      `OPENSSL_set_mem_functions` once only, we'd prevent users of libgit2 to
      set up their own allocators.
      Patrick Steinhardt committed
  2. 07 Feb, 2020 1 commit
  3. 24 Nov, 2019 2 commits
    • valgrind: add valgrind hints in OpenSSL · cb77423f
      Provide usage hints to valgrind.  We trust the data coming back from
      OpenSSL to have been properly initialized.  (And if it has not, it's an
      OpenSSL bug, not a libgit2 bug.)
      
      We previously took the `VALGRIND` option to CMake as a hint to disable
      mmap.  Remove that; it's broken.  Now use it to pass on the `VALGRIND`
      definition so that sources can provide valgrind hints.
      Edward Thomson committed
    • valgrind: add suppressions for undefined use · 2ad3eb3e
      valgrind will warn that OpenSSL will use undefined data in connect/read
      when talking to certain other TLS stacks.  Thankfully, this only seems
      to occur when gcc is the compiler, so hopefully valgrind is just
      misunderstanding an optimization.  Regardless, suppress this warning.
      Edward Thomson committed
  4. 23 Jun, 2019 1 commit
  5. 31 Jan, 2019 6 commits
    • mbedtls: fix potential size overflow when reading or writing data · 0ceac0d0
      The mbedtls library uses a callback mechanism to allow downstream users
      to plug in their own receive and send functions. We implement `bio_read`
      and `bio_write` functions, which simply wrap the `git_stream_read` and
      `git_stream_write` functions, respectively.
      
      The problem arises due to the return value of the callback functions:
      mbedtls expects us to return an `int` containing the actual number of
      bytes that were read or written. But this is in fact completely
      misdesigned, as callers are allowed to pass in a buffer with length
      `SIZE_MAX`. We thus may be unable to represent the number of bytes
      written via the return value.
      
      Fix this by only ever reading or writing at most `INT_MAX` bytes.
      Patrick Steinhardt committed
    • mbedtls: make global variables static · 75918aba
      The mbedtls stream implementation makes use of some global variables
      which are not marked as `static`, even though they're only used in this
      compilation unit. Fix this and remove a duplicate declaration.
      Patrick Steinhardt committed
    • openssl: fix potential size overflow when writing data · 657197e6
      Our `openssl_write` function calls `SSL_write` by passing in both `data`
      and `len` arguments directly. Thing is, our `len` parameter is of type
      `size_t` and theirs is of type `int`. We thus need to clamp our length
      to be at most `INT_MAX`.
      Patrick Steinhardt committed
    • streams: handle short writes only in generic stream · 7613086d
      Now that the function `git_stream__write_full` exists and callers of
      `git_stream_write` have been adjusted, we can lift logic for short
      writes out of the stream implementations. Instead, this is now handled
      either by `git_stream__write_full` or by callers of `git_stream_write`
      directly.
      Patrick Steinhardt committed
    • streams: fix callers potentially only writing partial data · 5265b31c
      Similar to the write(3) function, implementations of `git_stream_write`
      do not guarantee that all bytes are written. Instead, they return the
      number of bytes that actually have been written, which may be smaller
      than the total number of bytes. Furthermore, due to an interface design
      issue, we cannot ever write more than `SSIZE_MAX` bytes at once, as
      otherwise we cannot represent the number of bytes written to the caller.
      
      Unfortunately, no caller of `git_stream_write` ever checks the return
      value, except to verify that no error occurred. Due to this, they are
      susceptible to the case where only partial data has been written.
      
      Fix this by introducing a new function `git_stream__write_full`. In
      contrast to `git_stream_write`, it will always return either success or
      failure, without returning the number of bytes written. Thus, it is able
      to write all `SIZE_MAX` bytes and loop around `git_stream_write` until
      all data has been written. Adjust all callers except the BIO callbacks
      in our mbedtls and OpenSSL streams, which already do the right thing and
      require the amount of bytes written.
      Patrick Steinhardt committed
    • streams: make file-local functions static · 193e7ce9
      The callback functions that implement the `git_stream` structure are
      only used inside of their respective implementation files, but they are
      not marked as `static`. Fix this.
      Patrick Steinhardt committed
  6. 25 Jan, 2019 2 commits
    • streams: don't write more than SSIZE_MAX · f1986a23
      Our streams implementation takes a `size_t` that indicates the length of
      the data buffer to be written, and returns an `ssize_t` that indicates
      the length that _was_ written.  Clearly no such implementation can write
      more than `SSIZE_MAX` bytes.  Ensure that each TLS stream implementation
      does not try to write more than `SSIZE_MAX` bytes (or smaller; if the
      given implementation takes a smaller size).
      Edward Thomson committed
    • deprecation: don't use deprecated stream cb · e09f0c10
      Avoid the deprecated `git_stream_cb` typedef since we want to compile
      the library without deprecated functions or types.  Instead, we can
      unroll the alias to its actual type.
      Edward Thomson committed
  7. 24 Jan, 2019 1 commit
  8. 22 Jan, 2019 1 commit
  9. 06 Jan, 2019 1 commit
    • Fix a bunch of warnings · 7b453e7e
      This change fixes a bunch of warnings that were discovered by compiling
      with `clang -target=i386-pc-linux-gnu`. It turned out that the
      intrinsics were not necessarily being used in all platforms! Especially
      in GCC, since it does not support __has_builtin.
      
      Some more warnings were gleaned from the Windows build, but I stopped
      when I saw that some third-party dependencies (e.g. zlib) have warnings
      of their own, so we might never be able to enable -Werror there.
      lhchavez committed
  10. 28 Nov, 2018 5 commits
    • stream registration: take an enum type · 02bb39f4
      Accept an enum (`git_stream_t`) during custom stream registration that
      indicates whether the registration structure should be used for standard
      (non-TLS) streams or TLS streams.
      Edward Thomson committed
    • stream: provide generic registration API · df2cc108
      Update the new stream registration API to be `git_stream_register`
      which takes a registration structure and a TLS boolean.  This allows
      callers to register non-TLS streams as well as TLS streams.
      
      Provide `git_stream_register_tls` that takes just the init callback for
      backward compatibliity.
      Edward Thomson committed
    • http: remove cURL · 21142c5a
      We previously used cURL to support HTTP proxies.  Now that we've added
      this support natively, we can remove the curl dependency.
      Edward Thomson committed
    • streams: remove unused tls functions · 2878ad08
      The implementations of git_openssl_stream_new and
      git_mbedtls_stream_new have callers protected by #ifdefs and
      are never called unless compiled in.  There's no need for a
      dummy implementation.  Remove them.
      Edward Thomson committed
    • tls: introduce a wrap function · 43b592ac
      Introduce `git_tls_stream_wrap` which will take an existing `stream`
      with an already connected socket and begin speaking TLS on top of it.
      This is useful if you've built a connection to a proxy server and you
      wish to begin CONNECT over it to tunnel a TLS connection.
      
      Also update the pluggable TLS stream layer so that it can accept a
      registration structure that provides an `init` and `wrap` function,
      instead of a single initialization function.
      Edward Thomson committed
  11. 01 Nov, 2018 2 commits
  12. 18 Oct, 2018 1 commit
  13. 25 Sep, 2018 1 commit
  14. 26 Jul, 2018 1 commit
    • mbedtls: remove unused variable "cacert" · d4198d4d
      In commit 382ed1e8 (mbedtls: load default CA certificates, 2018-03-29),
      the function `git_mbedtls_stream_global_init` was refactored to call out
      to `git_mbedtls__set_cert_location` instead of setting up the
      certificates itself. The conversion forgot to remove the now-unused
      "cacert" variable, which is now only getting declared to be free'd at
      the end of the function. Remove it.
      Patrick Steinhardt committed
  15. 21 Jul, 2018 4 commits
  16. 13 Jul, 2018 1 commit
    • mbedtls: fix `inline` being used in mbedtls headers · d19381e2
      The mbedtls headers make direct use of the `inline` attribute to
      instruct the compiler to inline functions. As this function is not C90
      compliant, this can cause the compiler to error as soon as any of these
      files is included and the `-std=c90` flag is being added.
      
      The mbedtls headers declaring functions as inline always have a prelude
      which define `inline` as a macro in case it is not yet defined. Thus, we
      can easily replace their define with our own define, which simply copies
      the logic of our own `GIT_INLINE` macro.
      Patrick Steinhardt committed
  17. 06 Jul, 2018 1 commit
  18. 25 Jun, 2018 1 commit
  19. 30 May, 2018 1 commit
  20. 04 May, 2018 1 commit
    • streams: openssl: fix bogus warning on unused parameter · ba5e39ac
      Our provided callback function `threadid_cb(CRYPTO_THREADID
      *threadid)` sets up a unique thread ID by asking pthread for the
      current thread ID.  Since openssl version 1.1,
      `CRYPTO_THREADID_set_numeric` is simply a no-op macro, leaving
      the `threadid` argument unused after the preprocessor has
      processed the macro. GCC does not account for that situation and
      will thus complain about `threadid` being unused.
      
      Silence this warning by using `GIT_UNUSED(threadid)`.
      Patrick Steinhardt committed
  21. 30 Apr, 2018 1 commit
  22. 11 Apr, 2018 4 commits