Re: OPENSSL_thread_stop() fiber local storage and questions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 19/01/2024 01:32, Matthew Ogilvie wrote:


IDEA/QUESTION 1: This is probably not a short-term change, but in the
longer term, is there any chance Open SSL may switch to Windows fiber
local storage, thereby simplifying the most common cases where users
need to call OPENSSL_thread_stop()?
I would love to find a way to get rid of OPENSSL_thread_stop() altogether. This could be one approach that would solve one of the most common scenarios where it is needed. It's definitely worth considering although it wouldn't enable us to completely get rid of it since there will still be corner cases where it would be needed. 




The biggest concern I can see is that I think this fiber local storage
idea only works on Windows Vista or later, which raises the question:
What is Open SSL's policy about supporting old versions of Windows
that Microsoft no longer supports (XP/2000)? (Perhaps it could
be a (pre-build) configure option, or auto-determined at runtime
using GetProcAddress()...)
Currently, in theory, we support XP and above. But we don't test that in our CIs at the moment, and I don't know if anyone is actually using it there. This is fairly regularly questioned and I would not be surprised if we decide to drop XP support at some point fairly soon.
But, since we would still need to retain the OPENSSL_thread_stop() function in any case (because there are corner cases that FLS would not help for), we could just make the FLS solution conditionally compiled based on what Windows version is being targetted. 




QUESTION 2: When a thread is ending, is it necessary to
call OPENSSL_thread_stop_ex() for every allocated OSSL_LIB_CTX, or
is a single call to OPENSSL_thread_stop() sufficient?


The man page says this about OPENSSL_thread_stop_ex():

The OPENSSL_thread_stop_ex() function deallocates resources associated
with the current thread for the given OSSL_LIB_CTX B<ctx>.

It says this about OPENSSL_thread_stop():
OPENSSL_thread_stop() is the same as OPENSSL_thread_stop_ex() except that the default OSSL_LIB_CTX is always used.
So, OPENSSL_thread_stop() and OPENSSL_thread_stop_ex() are both specific to an individual OSSL_LIB_CTX. If you have used multiple OSSL_LIB_CTXs on a thread, then you need to call OPENSSL_thread_stop_ex() for each of them. 


Matt
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux