Make the threading code provider aware#9040
Make the threading code provider aware#9040mattcaswell wants to merge 10 commits intoopenssl:masterfrom
Conversation
|
Hmmm. The travis failure is annoying. A classic case of the compiler trying to be too helpful: That's because of this macro definition in FIPS_MODE: So when I do the following it gets this error: A no-op is exactly what I want in FIPS mode. Any bright ideas as to how I can get the compiler to shut up? |
The solution is probably to not try and be so smart. Don't create the macro in FIPS mode, and instead, wrap each call: #ifndef FIPS_MODE
ctx = openssl_ctx_get_concrete(ctx);
#endif |
That's what I had originally - but changed it on the suggestion of @slontis. |
|
The original comment applied to the fact that there are quite a few of these #ifdef FIPS_MODE |
9bc6074 to
04f96ff
Compare
|
I rebased this to resolve the conflict with master, and implemented @levitte's suggestion for |
|
2 fixup commits pushed addressing feedback so far. |
0746905 to
7645b8c
Compare
|
Rebased this now that #9039 went in. Ping? |
|
Fix up commit pushed. Ping @levitte. |
|
Fix up commit pushed addressing the doc feedback comment. |
5080278 to
69bae9f
Compare
|
Rebased again due to conflicts with master! Ping?? |
providers/fips/fipsprov.c
Outdated
There was a problem hiding this comment.
Side note: if we expect other providers to do the same thing, then a non-dynamic index isn't the best of ideas... this is something I was thinking of when I originally designed the OPENSSL_CTX API and internals. It's worth giving it another deeper think, methinks...
|
Updated commits pushed addressing feedback. |
This adds the ability to take an OPENSSL_CTX parameter and either return it as is (unchanged), or if it is NULL return a pointer to the default ctx.
In later commits this will allow providers to subscribe to thread stop events. We will need this in the FIPS module. We also make thread stop handling OPENSSL_CTX aware (different OPENSSL_CTXs may have different thread local data that needs cleaning up).
We're going to need some of these functions in the FIPS module, but most of the rest of the code in init.c is not needed. Therefore we split it out.
This will need to be hooked up in a later commit with an event sent to the FIPS provider informing it of thread stop events.
The RAND code needs to know about threads stopping in order to cleanup local thread data. Therefore we add a callback for libcrypto to tell providers about such events.
This adds the ability to clean up a thread on a per OPENSSL_CTX basis.
This new function works in the same way as OPENSSL_thread_stop() but for a specified OPENSSL_CTX.
b25e1fe to
37c9ab4
Compare
|
...and immediately I've rebased it again due to conflicts with master....grrrr.... |
include/openssl/core.h
Outdated
| */ | ||
| # define OSSL_PARAM_OCTET_PTR 7 | ||
|
|
||
| /* Typedef for thread stop handling callback */ |
There was a problem hiding this comment.
Considering the rest of this header file, that comment seems a bit... minimal
There was a problem hiding this comment.
Fixup pushed expanding out that comment.
|
Pushed. Thanks!! |
This adds the ability to take an OPENSSL_CTX parameter and either return it as is (unchanged), or if it is NULL return a pointer to the default ctx. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#9040)
In later commits this will allow providers to subscribe to thread stop events. We will need this in the FIPS module. We also make thread stop handling OPENSSL_CTX aware (different OPENSSL_CTXs may have different thread local data that needs cleaning up). Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#9040)
We're going to need some of these functions in the FIPS module, but most of the rest of the code in init.c is not needed. Therefore we split it out. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#9040)
This will need to be hooked up in a later commit with an event sent to the FIPS provider informing it of thread stop events. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#9040)
The RAND code needs to know about threads stopping in order to cleanup local thread data. Therefore we add a callback for libcrypto to tell providers about such events. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#9040)
This adds the ability to clean up a thread on a per OPENSSL_CTX basis. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#9040)
This new function works in the same way as OPENSSL_thread_stop() but for a specified OPENSSL_CTX. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#9040)
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from openssl#9040)
The RAND code is thread aware and stores thread local variables. In order for that to work when its running inside the FIPS module we need to make some changes to how we clean up threads so that we can delegate some of that cleanup to the providers where appropriate.
We change the thread stop handing into a publish/subscribe model to accomplish this.
(Needed in order to move the RAND code into the FIPS provider - see #9035)