[openssl/openssl] 25a51c: add cmp_thunk function to ossl_bsearch
0 views
Skip to first unread message
Neil Horman
1:18 PM (10 hours ago) 1:18 PM
to openssl...@openssl.org
Branch: refs/heads/master
Home: https://github.com/openssl/openssl
Commit: 25a51c5cacbe7b1d1aadb3037a96bdfd09faaf45
https://github.com/openssl/openssl/commit/25a51c5cacbe7b1d1aadb3037a96bdfd09faaf45
Author: Neil Horman <nho...@openssl.org>
Date: 2026-02-07 (Sat, 07 Feb 2026)
Changed paths:
M crypto/bsearch.c
M crypto/objects/obj_dat.c
M crypto/property/property_query.c
M crypto/stack/stack.c
M include/internal/cryptlib.h
Log Message:
-----------
add cmp_thunk function to ossl_bsearch
Add the initial groundwork to allow for the use of a thunking function
with bsearch. Normally our comparison function signature doesn't match
the type of the pointer we call it through, leading to ubsan errors,
this lets those signatures match and gives us a place to do the proper
casting
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Nikola Pajkovsky <nik...@openssl.org>
MergeDate: Sat Feb 7 18:11:11 2026
(Merged from https://github.com/openssl/openssl/pull/29640)
Commit: e94e75d23eb36e6d75aaa52c7efdbf273628381e
https://github.com/openssl/openssl/commit/e94e75d23eb36e6d75aaa52c7efdbf273628381e
Author: Neil Horman <nho...@openssl.org>
Date: 2026-02-07 (Sat, 07 Feb 2026)
Changed paths:
M crypto/stack/stack.c
M include/openssl/safestack.h.in
M include/openssl/stack.h
M util/libcrypto.num
M util/perl/OpenSSL/stackhash.pm
Log Message:
-----------
add a compare thunk function to the STACK of macros
Now that ossl_bsearch is capable of using a thunking function, lets
create a thunking function to use for the STACK_OF macros.
The problem we're addressing is one that gives rise to ubsan issues.
clang-16 forward have a ubsan test that confirms that the target symbol
that we call through a pointer matches the type of the pointer itself.
for instance
int foo(void *a, void *b)
{
...
}
int (*fooptr)(char *ac, int *bc) = foo;
fooptr(&charval, &intval);
is strictly speaking in C undefined behavior (even though in normal
operation this works as expected). Newer compilers are strict about
this however, as several security frameworks operate with an expectation
that this constraint is met.
See https://github.com/openssl/openssl/issues/22896#issuecomment-1837266357
for details.
So we need to create a thunking function. The sole purpose of this
thunking function is to accept the "real" comparison function for the
STACK_OF macros, along with the two items to compare of the type that
they are passed as from the calling function, and do the convervsion of
both the comparison function and the data pointers to the types that the
real comparison function expects
So we:
1) Modify the DEFINE_STACK_OF macros to create this thunking function
2) Add an OPENSSL_sk_set_cmp_thunks api to set the comparison function
3) modify the requisite places in the stack code to use the thunking
function when available
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Nikola Pajkovsky <nik...@openssl.org>
MergeDate: Sat Feb 7 18:11:14 2026
(Merged from https://github.com/openssl/openssl/pull/29640)
Commit: cca14ca0464128bd47eddbe48b5ce8bd95790c67
https://github.com/openssl/openssl/commit/cca14ca0464128bd47eddbe48b5ce8bd95790c67
Author: Neil Horman <nho...@openssl.org>
Date: 2026-02-07 (Sat, 07 Feb 2026)
Changed paths:
M doc/man3/DEFINE_STACK_OF.pod
Log Message:
-----------
Add docs for OPENSSL_sk_set_cmp_thunks()
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Nikola Pajkovsky <nik...@openssl.org>
MergeDate: Sat Feb 7 18:11:16 2026
(Merged from https://github.com/openssl/openssl/pull/29640)
Commit: cfa5eb176bdbf8e059260d84860237ccdfa1eac4
https://github.com/openssl/openssl/commit/cfa5eb176bdbf8e059260d84860237ccdfa1eac4
Author: Neil Horman <nho...@openssl.org>
Date: 2026-02-07 (Sat, 07 Feb 2026)
Changed paths:
M CHANGES.md
M NEWS.md
Log Message:
-----------
Add NEWS/CHANGES for new OPENSSL_sk_set_cmp_thunks() api
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Nikola Pajkovsky <nik...@openssl.org>
MergeDate: Sat Feb 7 18:11:19 2026
(Merged from https://github.com/openssl/openssl/pull/29640)
Commit: c38481a84460cdc9fa9036cd2dd1538a82f21bda
https://github.com/openssl/openssl/commit/c38481a84460cdc9fa9036cd2dd1538a82f21bda
Author: Neil Horman <nho...@openssl.org>
Date: 2026-02-07 (Sat, 07 Feb 2026)
Changed paths:
M crypto/stack/stack.c
Log Message:
-----------
wrap use of cmp_thunk for STACK_OF up in a macro
Based on suggestion from pauli here:
https://github.com/openssl/openssl/pull/29640#discussion_r2692068679
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Nikola Pajkovsky <nik...@openssl.org>
MergeDate: Sat Feb 7 18:11:22 2026
(Merged from https://github.com/openssl/openssl/pull/29640)
Compare: https://github.com/openssl/openssl/compare/be54bba64033...c38481a84460
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Home: https://github.com/openssl/openssl
Commit: 25a51c5cacbe7b1d1aadb3037a96bdfd09faaf45
https://github.com/openssl/openssl/commit/25a51c5cacbe7b1d1aadb3037a96bdfd09faaf45
Author: Neil Horman <nho...@openssl.org>
Date: 2026-02-07 (Sat, 07 Feb 2026)
Changed paths:
M crypto/bsearch.c
M crypto/objects/obj_dat.c
M crypto/property/property_query.c
M crypto/stack/stack.c
M include/internal/cryptlib.h
Log Message:
-----------
add cmp_thunk function to ossl_bsearch
Add the initial groundwork to allow for the use of a thunking function
with bsearch. Normally our comparison function signature doesn't match
the type of the pointer we call it through, leading to ubsan errors,
this lets those signatures match and gives us a place to do the proper
casting
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Nikola Pajkovsky <nik...@openssl.org>
MergeDate: Sat Feb 7 18:11:11 2026
(Merged from https://github.com/openssl/openssl/pull/29640)
Commit: e94e75d23eb36e6d75aaa52c7efdbf273628381e
https://github.com/openssl/openssl/commit/e94e75d23eb36e6d75aaa52c7efdbf273628381e
Author: Neil Horman <nho...@openssl.org>
Date: 2026-02-07 (Sat, 07 Feb 2026)
Changed paths:
M crypto/stack/stack.c
M include/openssl/safestack.h.in
M include/openssl/stack.h
M util/libcrypto.num
M util/perl/OpenSSL/stackhash.pm
Log Message:
-----------
add a compare thunk function to the STACK of macros
Now that ossl_bsearch is capable of using a thunking function, lets
create a thunking function to use for the STACK_OF macros.
The problem we're addressing is one that gives rise to ubsan issues.
clang-16 forward have a ubsan test that confirms that the target symbol
that we call through a pointer matches the type of the pointer itself.
for instance
int foo(void *a, void *b)
{
...
}
int (*fooptr)(char *ac, int *bc) = foo;
fooptr(&charval, &intval);
is strictly speaking in C undefined behavior (even though in normal
operation this works as expected). Newer compilers are strict about
this however, as several security frameworks operate with an expectation
that this constraint is met.
See https://github.com/openssl/openssl/issues/22896#issuecomment-1837266357
for details.
So we need to create a thunking function. The sole purpose of this
thunking function is to accept the "real" comparison function for the
STACK_OF macros, along with the two items to compare of the type that
they are passed as from the calling function, and do the convervsion of
both the comparison function and the data pointers to the types that the
real comparison function expects
So we:
1) Modify the DEFINE_STACK_OF macros to create this thunking function
2) Add an OPENSSL_sk_set_cmp_thunks api to set the comparison function
3) modify the requisite places in the stack code to use the thunking
function when available
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Nikola Pajkovsky <nik...@openssl.org>
MergeDate: Sat Feb 7 18:11:14 2026
(Merged from https://github.com/openssl/openssl/pull/29640)
Commit: cca14ca0464128bd47eddbe48b5ce8bd95790c67
https://github.com/openssl/openssl/commit/cca14ca0464128bd47eddbe48b5ce8bd95790c67
Author: Neil Horman <nho...@openssl.org>
Date: 2026-02-07 (Sat, 07 Feb 2026)
Changed paths:
M doc/man3/DEFINE_STACK_OF.pod
Log Message:
-----------
Add docs for OPENSSL_sk_set_cmp_thunks()
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Nikola Pajkovsky <nik...@openssl.org>
MergeDate: Sat Feb 7 18:11:16 2026
(Merged from https://github.com/openssl/openssl/pull/29640)
Commit: cfa5eb176bdbf8e059260d84860237ccdfa1eac4
https://github.com/openssl/openssl/commit/cfa5eb176bdbf8e059260d84860237ccdfa1eac4
Author: Neil Horman <nho...@openssl.org>
Date: 2026-02-07 (Sat, 07 Feb 2026)
Changed paths:
M CHANGES.md
M NEWS.md
Log Message:
-----------
Add NEWS/CHANGES for new OPENSSL_sk_set_cmp_thunks() api
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Nikola Pajkovsky <nik...@openssl.org>
MergeDate: Sat Feb 7 18:11:19 2026
(Merged from https://github.com/openssl/openssl/pull/29640)
Commit: c38481a84460cdc9fa9036cd2dd1538a82f21bda
https://github.com/openssl/openssl/commit/c38481a84460cdc9fa9036cd2dd1538a82f21bda
Author: Neil Horman <nho...@openssl.org>
Date: 2026-02-07 (Sat, 07 Feb 2026)
Changed paths:
M crypto/stack/stack.c
Log Message:
-----------
wrap use of cmp_thunk for STACK_OF up in a macro
Based on suggestion from pauli here:
https://github.com/openssl/openssl/pull/29640#discussion_r2692068679
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Nikola Pajkovsky <nik...@openssl.org>
MergeDate: Sat Feb 7 18:11:22 2026
(Merged from https://github.com/openssl/openssl/pull/29640)
Compare: https://github.com/openssl/openssl/compare/be54bba64033...c38481a84460
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Reply all
Reply to author
Forward
0 new messages