f7ccba3edf
to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed version was added but it required portable code to check *both* modes to determine equality. This commit maintains the availability of both thread ID types, but deprecates the type-specific accessor APIs that invoke the callbacks - instead a single type-independent API is used. This simplifies software that calls into this interface, and should also make it less error-prone - as forgetting to call and compare *both* thread ID accessors could have led to hard-to-debug/infrequent bugs (that might only affect certain platforms or thread implementations). As the CHANGES note says, there were corresponding deprecations and replacements in the thread-related functions for BN_BLINDING and ERR too.
189 lines
6.6 KiB
Text
189 lines
6.6 KiB
Text
=pod
|
|
|
|
=head1 NAME
|
|
|
|
CRYPTO_set_locking_callback, CRYPTO_set_id_callback,
|
|
CRYPTO_set_idptr_callback, CRYPTO_num_locks,
|
|
CRYPTO_set_dynlock_create_callback, CRYPTO_set_dynlock_lock_callback,
|
|
CRYPTO_set_dynlock_destroy_callback, CRYPTO_get_new_dynlockid,
|
|
CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
#include <openssl/crypto.h>
|
|
|
|
void CRYPTO_set_locking_callback(void (*locking_function)(int mode,
|
|
int n, const char *file, int line));
|
|
|
|
void CRYPTO_set_id_callback(unsigned long (*id_function)(void));
|
|
|
|
void CRYPTO_set_idptr_callback(void *(*idptr_function)(void));
|
|
|
|
int CRYPTO_num_locks(void);
|
|
|
|
|
|
/* struct CRYPTO_dynlock_value needs to be defined by the user */
|
|
struct CRYPTO_dynlock_value;
|
|
|
|
void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *
|
|
(*dyn_create_function)(char *file, int line));
|
|
void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function)
|
|
(int mode, struct CRYPTO_dynlock_value *l,
|
|
const char *file, int line));
|
|
void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function)
|
|
(struct CRYPTO_dynlock_value *l, const char *file, int line));
|
|
|
|
int CRYPTO_get_new_dynlockid(void);
|
|
|
|
void CRYPTO_destroy_dynlockid(int i);
|
|
|
|
void CRYPTO_lock(int mode, int n, const char *file, int line);
|
|
|
|
#define CRYPTO_w_lock(type) \
|
|
CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
|
|
#define CRYPTO_w_unlock(type) \
|
|
CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
|
|
#define CRYPTO_r_lock(type) \
|
|
CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
|
|
#define CRYPTO_r_unlock(type) \
|
|
CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
|
|
#define CRYPTO_add(addr,amount,type) \
|
|
CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
OpenSSL can safely be used in multi-threaded applications provided
|
|
that at least two callback functions are set.
|
|
|
|
locking_function(int mode, int n, const char *file, int line) is
|
|
needed to perform locking on shared data structures.
|
|
(Note that OpenSSL uses a number of global data structures that
|
|
will be implicitly shared whenever multiple threads use OpenSSL.)
|
|
Multi-threaded applications will crash at random if it is not set.
|
|
|
|
locking_function() must be able to handle up to CRYPTO_num_locks()
|
|
different mutex locks. It sets the B<n>-th lock if B<mode> &
|
|
B<CRYPTO_LOCK>, and releases it otherwise.
|
|
|
|
B<file> and B<line> are the file number of the function setting the
|
|
lock. They can be useful for debugging.
|
|
|
|
id_function(void) is a function that returns a numerical thread ID,
|
|
for example pthread_self() if it returns an integer (see NOTES below).
|
|
By OpenSSL's defaults, this is not needed on Windows nor on platforms
|
|
where getpid() returns a different ID for each thread (see NOTES
|
|
below).
|
|
|
|
idptr_function(void) is a function that similarly returns a thread ID,
|
|
but of type void *. This is not needed on platforms where &errno is
|
|
different for each thread.
|
|
|
|
Additionally, OpenSSL supports dynamic locks, and sometimes, some parts
|
|
of OpenSSL need it for better performance. To enable this, the following
|
|
is required:
|
|
|
|
=over 4
|
|
|
|
=item *
|
|
Three additional callback function, dyn_create_function, dyn_lock_function
|
|
and dyn_destroy_function.
|
|
|
|
=item *
|
|
A structure defined with the data that each lock needs to handle.
|
|
|
|
=back
|
|
|
|
struct CRYPTO_dynlock_value has to be defined to contain whatever structure
|
|
is needed to handle locks.
|
|
|
|
dyn_create_function(const char *file, int line) is needed to create a
|
|
lock. Multi-threaded applications might crash at random if it is not set.
|
|
|
|
dyn_lock_function(int mode, CRYPTO_dynlock *l, const char *file, int line)
|
|
is needed to perform locking off dynamic lock numbered n. Multi-threaded
|
|
applications might crash at random if it is not set.
|
|
|
|
dyn_destroy_function(CRYPTO_dynlock *l, const char *file, int line) is
|
|
needed to destroy the lock l. Multi-threaded applications might crash at
|
|
random if it is not set.
|
|
|
|
CRYPTO_get_new_dynlockid() is used to create locks. It will call
|
|
dyn_create_function for the actual creation.
|
|
|
|
CRYPTO_destroy_dynlockid() is used to destroy locks. It will call
|
|
dyn_destroy_function for the actual destruction.
|
|
|
|
CRYPTO_lock() is used to lock and unlock the locks. mode is a bitfield
|
|
describing what should be done with the lock. n is the number of the
|
|
lock as returned from CRYPTO_get_new_dynlockid(). mode can be combined
|
|
from the following values. These values are pairwise exclusive, with
|
|
undefined behaviour if misused (for example, CRYPTO_READ and CRYPTO_WRITE
|
|
should not be used together):
|
|
|
|
CRYPTO_LOCK 0x01
|
|
CRYPTO_UNLOCK 0x02
|
|
CRYPTO_READ 0x04
|
|
CRYPTO_WRITE 0x08
|
|
|
|
=head1 RETURN VALUES
|
|
|
|
CRYPTO_num_locks() returns the required number of locks.
|
|
|
|
CRYPTO_get_new_dynlockid() returns the index to the newly created lock.
|
|
|
|
The other functions return no values.
|
|
|
|
=head1 NOTES
|
|
|
|
You can find out if OpenSSL was configured with thread support:
|
|
|
|
#define OPENSSL_THREAD_DEFINES
|
|
#include <openssl/opensslconf.h>
|
|
#if defined(OPENSSL_THREADS)
|
|
// thread support enabled
|
|
#else
|
|
// no thread support
|
|
#endif
|
|
|
|
Also, dynamic locks are currently not used internally by OpenSSL, but
|
|
may do so in the future.
|
|
|
|
Defining id_function(void) has it's own issues. Generally speaking,
|
|
pthread_self() should be used, even on platforms where getpid() gives
|
|
different answers in each thread, since that may depend on the machine
|
|
the program is run on, not the machine where the program is being
|
|
compiled. For instance, Red Hat 8 Linux and earlier used
|
|
LinuxThreads, whose getpid() returns a different value for each
|
|
thread. Red Hat 9 Linux and later use NPTL, which is
|
|
Posix-conformant, and has a getpid() that returns the same value for
|
|
all threads in a process. A program compiled on Red Hat 8 and run on
|
|
Red Hat 9 will therefore see getpid() returning the same value for
|
|
all threads.
|
|
|
|
There is still the issue of platforms where pthread_self() returns
|
|
something other than an integer. It is for cases like this that
|
|
CRYPTO_set_idptr_callback() comes in handy. (E.g., call malloc(1)
|
|
once in each thread, and have idptr_function() return a pointer to
|
|
this object.) Note that if neither id_function() or idptr_function()
|
|
are provided, OpenSSL will use (&errno) as a fallback (as this
|
|
usually returns a unique address for each thread).
|
|
|
|
=head1 EXAMPLES
|
|
|
|
B<crypto/threads/mttest.c> shows examples of the callback functions on
|
|
Solaris, Irix and Win32.
|
|
|
|
=head1 HISTORY
|
|
|
|
CRYPTO_set_locking_callback() and CRYPTO_set_id_callback() are
|
|
available in all versions of SSLeay and OpenSSL.
|
|
CRYPTO_num_locks() was added in OpenSSL 0.9.4.
|
|
All functions dealing with dynamic locks were added in OpenSSL 0.9.5b-dev.
|
|
|
|
CRYPTO_set_idptr_callback() was added in OpenSSL 0.9.9.
|
|
|
|
=head1 SEE ALSO
|
|
|
|
L<crypto(3)|crypto(3)>
|
|
|
|
=cut
|