Startseite Erkunden Hilfe
Anmelden
OWEALs
/
openssl
Mirror von git://git.openssl.org/openssl.git
2
0
Fork 0
Dateien Issues 1 Wiki
Struktur: 6594baf645
Branches Tags
openssl
/
doc
/
man7
/
openssl-threads.pod

openssl-threads.pod 4.4 KB
Verlauf Originalformat

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105 
  1. =pod
    2. 

  2. 

  3. =head1 NAME
    4. 

  4. 

  5. openssl-threads - Overview of thread safety in OpenSSL
    6. 

  6. 

  7. =head1 DESCRIPTION
    8. 

  8. 

  9. In this man page, we use the term B<thread-safe> to indicate that an
    10. 

  10. object or function can be used by multiple threads at the same time.
    11. 

  11. 

  12. OpenSSL can be built with or without threads support. The most important
    13. 

  13. use of this support is so that OpenSSL itself can use a single consistent
    14. 

  14. API, as shown in L<CRYPTO_THREAD_run_once(3)/EXAMPLES>.
    15. 

  15. Multi-platform applications can also use this API.
    16. 

  16. 

  17. In particular, being configured for threads support does not imply that
    18. 

  18. all OpenSSL objects are thread-safe.
    19. 

  19. To emphasize: I<most objects are not safe for simultaneous use>.
    20. 

  20. Exceptions to this should be documented on the specific manual pages, and
    21. 

  21. some general high-level guidance is given here.
    22. 

  22. 

  23. One major use of the OpenSSL thread API is to implement reference counting.
    24. 

  24. Many objects within OpenSSL are reference-counted, so resources are not
    25. 

  25. released, until the last reference is removed.
    26. 

  26. References are often increased automatically (such as when an B<X509>
    27. 

  27. certificate object is added into an B<X509_STORE> trust store).
    28. 

  28. There is often an B<I<object>_up_ref>() function that can be used to increase
    29. 

  29. the reference count.
    30. 

  30. Failure to match B<I<object>_up_ref>() calls with the right number of
    31. 

  31. B<I<object>_free>() calls is a common source of memory leaks when a program
    32. 

  32. exits.
    33. 

  33. 

  34. Many objects have set and get API's to set attributes in the object.
    35. 

  35. A C<set0> passes ownership from the caller to the object and a
    36. 

  36. C<get0> returns a pointer but the attribute ownership
    37. 

  37. remains with the object and a reference to it is returned.
    38. 

  38. A C<set1> or C<get1> function does not change the ownership, but instead
    39. 

  39. updates the attribute's reference count so that the object is shared
    40. 

  40. between the caller and the object; the caller must free the returned
    41. 

  41. attribute when finished.
    42. 

  42. Functions that involve attributes that have reference counts themselves,
    43. 

  43. but are named with just C<set> or C<get> are historical; and the documentation
    44. 

  44. must state how the references are handled.
    45. 

  45. Get methods are often thread-safe as long as the ownership requirements are
    46. 

  46. met and shared objects are not modified.
    47. 

  47. Set methods, or modifying shared objects, are generally not thread-safe
    48. 

  48. as discussed below.
    49. 

  49. 

  50. Objects are thread-safe
    51. 

  51. as long as the API's being invoked don't modify the object; in this
    52. 

  52. case the parameter is usually marked in the API as C<const>.
    53. 

  53. Not all parameters are marked this way.
    54. 

  54. Note that a C<const> declaration does not mean immutable; for example
    55. 

  55. L<X509_cmp(3)> takes pointers to C<const> objects, but the implementation
    56. 

  56. uses a C cast to remove that so it can lock objects, generate and cache
    57. 

  57. a DER encoding, and so on.
    58. 

  58. 

  59. Another instance of thread-safety is when updates to an object's
    60. 

  60. internal state, such as cached values, are done with locks.
    61. 

  61. One example of this is the reference counting API's described above.
    62. 

  62. 

  63. In all cases, however, it is generally not safe for one thread to
    64. 

  64. mutate an object, such as setting elements of a private or public key,
    65. 

  65. while another thread is using that object, such as verifying a signature.
    66. 

  66. 

  67. The same API's can usually be used simultaneously on different objects
    68. 

  68. without interference.
    69. 

  69. For example, two threads can calculate a signature using two different
    70. 

  70. B<EVP_PKEY_CTX> objects.
    71. 

  71. 

  72. For implicit global state or singletons, thread-safety depends on the facility.
    73. 

  73. The L<CRYPTO_secure_malloc(3)> and related API's have their own lock,
    74. 

  74. while L<CRYPTO_malloc(3)> assumes the underlying platform allocation
    75. 

  75. will do any necessary locking.
    76. 

  76. Some API's, such as L<NCONF_load(3)> and related do no locking at all;
    77. 

  77. this can be considered a bug.
    78. 

  78. 

  79. A separate, although related, issue is modifying "factory" objects
    80. 

  80. when other objects have been created from that.
    81. 

  81. For example, an B<SSL_CTX> object created by L<SSL_CTX_new(3)> is used
    82. 

  82. to create per-connection B<SSL> objects by calling L<SSL_new(3)>.
    83. 

  83. In this specific case, and probably for factory methods in general, it is
    84. 

  84. not safe to modify the factory object after it has been used to create
    85. 

  85. other objects.
    86. 

  86. 

  87. =head1 SEE ALSO
    88. 

  88. 

  89. CRYPTO_THREAD_run_once(3),
    90. 

  90. local system threads documentation.
    91. 

  91. 

  92. =head1 BUGS
    93. 

  93. 

  94. This page is admittedly very incomplete.
    95. 

  95. 

  96. =head1 COPYRIGHT
    97. 

  97. 

  98. Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
    99. 

  99. 

  100. Licensed under the Apache License 2.0 (the "License").  You may not use
    101. 

  101. this file except in compliance with the License.  You can obtain a copy
    102. 

  102. in the file LICENSE in the source distribution or at
    103. 

  103. L<https://www.openssl.org/source/license.html>.
    104. 

  104. 

  105. =cut
    106.