diff options
| author | David Benjamin <davidben@google.com> | 2016-03-02 01:35:47 +0300 |
|---|---|---|
| committer | David Benjamin <davidben@google.com> | 2016-03-26 07:54:44 +0300 |
| commit | 054e151b16be6ada891ee8fd71915088dda30886 (patch) | |
| tree | aac89f08e31fb55354b8c31aabc5051a96db65f9 /include/openssl/crypto.h | |
| parent | dc6c1b83819cb3788c60dd669241adc6752a4604 (diff) | |
Rewrite ARM feature detection.
This removes the thread-unsafe SIGILL-based detection and the
multi-consumer-hostile CRYPTO_set_NEON_capable API. (Changing
OPENSSL_armcap_P after initialization is likely to cause problems.)
The right way to detect ARM features on Linux is getauxval. On aarch64,
we should be able to rely on this, so use it straight. Split this out
into its own file. The #ifdefs in the old cpu-arm.c meant it shared all
but no code with its arm counterpart anyway.
Unfortunately, various versions of Android have different missing APIs, so, on
arm, we need a series of workarounds. Previously, we used a SIGILL fallback
based on OpenSSL's logic, but this is inherently not thread-safe. (SIGILL also
does not tell us if the OS knows how to save and restore NEON state.) Instead,
base the behavior on Android NDK's cpu-features library, what Chromium
currently uses with CRYPTO_set_NEON_capable:
- Android before API level 20 does not provide getauxval. Where missing,
we can read from /proc/self/auxv.
- On some versions of Android, /proc/self/auxv is also not readable, so
use /proc/cpuinfo's Features line.
- Linux only advertises optional features in /proc/cpuinfo. ARMv8 makes NEON
mandatory, so /proc/cpuinfo can't be used without additional effort.
Finally, we must blacklist a particular chip because the NEON unit is broken
(https://crbug.com/341598).
Unfortunately, this means CRYPTO_library_init now depends on /proc being
available, which will require some care with Chromium's sandbox. The
simplest solution is to just call CRYPTO_library_init before entering
the sandbox.
It's worth noting that Chromium's current EnsureOpenSSLInit function already
depends on /proc/cpuinfo to detect the broken CPU, by way of base::CPU.
android_getCpuFeatures also interally depends on it. We were already relying on
both of those being stateful and primed prior to entering the sandbox.
BUG=chromium:589200
Change-Id: Ic5d1c341aab5a614eb129d8aa5ada2809edd6af8
Reviewed-on: https://boringssl-review.googlesource.com/7506
Reviewed-by: David Benjamin <davidben@google.com>
Diffstat (limited to 'include/openssl/crypto.h')
| -rw-r--r-- | include/openssl/crypto.h | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index 0d4e345e..51e10286 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -36,7 +36,10 @@ extern "C" { /* CRYPTO_library_init initializes the crypto library. It must be called if the * library is built with BORINGSSL_NO_STATIC_INITIALIZER. Otherwise, it does - * nothing and a static initializer is used instead. */ + * nothing and a static initializer is used instead. + * + * On some ARM configurations, this function may require filesystem access and + * should be called before entering a sandbox. */ OPENSSL_EXPORT void CRYPTO_library_init(void); |