From f7ccba3edf9f1f02d7bd3b019d7bc96f25a95718 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Fri, 28 Mar 2008 02:49:43 +0000 Subject: There was a need to support thread ID types that couldn't be reliably cast to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed version was added but it required portable code to check *both* modes to determine equality. This commit maintains the availability of both thread ID types, but deprecates the type-specific accessor APIs that invoke the callbacks - instead a single type-independent API is used. This simplifies software that calls into this interface, and should also make it less error-prone - as forgetting to call and compare *both* thread ID accessors could have led to hard-to-debug/infrequent bugs (that might only affect certain platforms or thread implementations). As the CHANGES note says, there were corresponding deprecations and replacements in the thread-related functions for BN_BLINDING and ERR too. --- doc/crypto/BN_BLINDING_new.pod | 31 +++++++++++++++++++++++-------- doc/crypto/bn.pod | 6 ++++-- doc/crypto/threads.pod | 8 ++++---- 3 files changed, 31 insertions(+), 14 deletions(-) (limited to 'doc') diff --git a/doc/crypto/BN_BLINDING_new.pod b/doc/crypto/BN_BLINDING_new.pod index 7b087f7288..fbb5be770e 100644 --- a/doc/crypto/BN_BLINDING_new.pod +++ b/doc/crypto/BN_BLINDING_new.pod @@ -4,7 +4,7 @@ BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert, BN_BLINDING_invert, BN_BLINDING_convert_ex, BN_BLINDING_invert_ex, -BN_BLINDING_get_thread_id, BN_BLINDING_set_thread_id, BN_BLINDING_get_flags, +BN_BLINDING_set_thread, BN_BLINDING_cmp_thread, BN_BLINDING_get_flags, BN_BLINDING_set_flags, BN_BLINDING_create_param - blinding related BIGNUM functions. @@ -22,8 +22,10 @@ functions. BN_CTX *ctx); int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx); - unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *); - void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long); + + void BN_BLINDING_set_thread(BN_BLINDING *); + int BN_BLINDING_cmp_thread(const BN_BLINDING *, + const CRYPTO_THREADID *); unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, @@ -54,11 +56,10 @@ BN_BLINDING_convert() and BN_BLINDING_invert() are wrapper functions for BN_BLINDING_convert_ex() and BN_BLINDING_invert_ex() with B set to NULL. -BN_BLINDING_set_thread_id() and BN_BLINDING_get_thread_id() -set and get the "thread id" value of the B structure, -a field provided to users of B structure to help them -provide proper locking if needed for multi-threaded use. The -"thread id" of a newly allocated B structure is zero. +BN_BLINDING_set_thread() and BN_BLINDING_cmp_thread() +set and compare the "thread id" of the B structure, +allowing users of the B structure to +provide proper locking if needed for multi-threaded use. BN_BLINDING_get_flags() returns the BN_BLINDING flags. Currently there are two supported flags: B and @@ -85,6 +86,12 @@ success and 0 if an error occured. BN_BLINDING_get_thread_id() returns the thread id (a B value) or 0 if not set. +BN_BLINDING_cmp_thread() returns 0 if the thread id associated with the +B structure equals the provided thread id (which can be +obtained by CRYPTO_THREADID_set()), otherwise it returns -1 or +1 +to indicate the thread ids are different (if the target architecture +supports ordering of thread ids, this follows the traditional "cmp" +semantics of memcmp() or strcmp()). BN_BLINDING_get_flags() returns the currently set B flags (a B value). @@ -102,6 +109,14 @@ BN_BLINDING_convert_ex, BN_BLINDIND_invert_ex, BN_BLINDING_get_thread_id, BN_BLINDING_set_thread_id, BN_BLINDING_set_flags, BN_BLINDING_get_flags and BN_BLINDING_create_param were first introduced in OpenSSL 0.9.8 +BN_BLINDING_get_thread_idptr, BN_BLINDING_set_thread_idptr were first +introduced in OpenSSL 0.9.9 + +BN_BLINDING_get_thread_id, BN_BLINDING_set_thread_id, +BN_BLINDING_get_thread_idptr, BN_BLINDING_set_thread_idptr were all +deprecated in favour of BN_BLINDING_set_thread, BN_BLINDING_cmp_thread +which were introduced in OpenSSL 0.9.9 + =head1 AUTHOR Nils Larsch for the OpenSSL project (http://www.openssl.org). diff --git a/doc/crypto/bn.pod b/doc/crypto/bn.pod index cd2f8e50c6..213cba1c41 100644 --- a/doc/crypto/bn.pod +++ b/doc/crypto/bn.pod @@ -131,8 +131,10 @@ bn - multiprecision integer arithmetics BN_CTX *ctx); int BN_BLINDING_invert_ex(BIGNUM *n,const BIGNUM *r,BN_BLINDING *b, BN_CTX *ctx); - unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *); - void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long); + void BN_BLINDING_set_thread(BN_BLINDING *); + int BN_BLINDING_cmp_thread(const BN_BLINDING *, + const CRYPTO_THREADID *); + unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, diff --git a/doc/crypto/threads.pod b/doc/crypto/threads.pod index 230cbe890b..76bd10c500 100644 --- a/doc/crypto/threads.pod +++ b/doc/crypto/threads.pod @@ -76,9 +76,7 @@ below). idptr_function(void) is a function that similarly returns a thread ID, but of type void *. This is not needed on platforms where &errno is -different for each thread. OpenSSL assumes that it is in the same -thread iff both the numerical and the pointer thread ID agree, so it -suffices to define one of these two callback functions appropriately. +different for each thread. Additionally, OpenSSL supports dynamic locks, and sometimes, some parts of OpenSSL need it for better performance. To enable this, the following @@ -166,7 +164,9 @@ There is still the issue of platforms where pthread_self() returns something other than an integer. It is for cases like this that CRYPTO_set_idptr_callback() comes in handy. (E.g., call malloc(1) once in each thread, and have idptr_function() return a pointer to -this object.) +this object.) Note that if neither id_function() or idptr_function() +are provided, OpenSSL will use (&errno) as a fallback (as this +usually returns a unique address for each thread). =head1 EXAMPLES -- cgit v1.2.3