diff options
author | Geoff Thorpe <geoff@openssl.org> | 2008-03-28 02:49:43 +0000 |
---|---|---|
committer | Geoff Thorpe <geoff@openssl.org> | 2008-03-28 02:49:43 +0000 |
commit | f7ccba3edf9f1f02d7bd3b019d7bc96f25a95718 (patch) | |
tree | 734b39872b1b8c3cee1db78ed5eb7e3214d6a0a7 /doc | |
parent | eb77ebe26c5228a9a9688b33901e79968789b980 (diff) | |
download | openssl-f7ccba3edf9f1f02d7bd3b019d7bc96f25a95718.tar.gz |
There was a need to support thread ID types that couldn't be reliably cast
to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used. This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/crypto/BN_BLINDING_new.pod | 31 | ||||
-rw-r--r-- | doc/crypto/bn.pod | 6 | ||||
-rw-r--r-- | doc/crypto/threads.pod | 8 |
3 files changed, 31 insertions, 14 deletions
diff --git a/doc/crypto/BN_BLINDING_new.pod b/doc/crypto/BN_BLINDING_new.pod index 7b087f7288..fbb5be770e 100644 --- a/doc/crypto/BN_BLINDING_new.pod +++ b/doc/crypto/BN_BLINDING_new.pod @@ -4,7 +4,7 @@ BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert, BN_BLINDING_invert, BN_BLINDING_convert_ex, BN_BLINDING_invert_ex, -BN_BLINDING_get_thread_id, BN_BLINDING_set_thread_id, BN_BLINDING_get_flags, +BN_BLINDING_set_thread, BN_BLINDING_cmp_thread, BN_BLINDING_get_flags, BN_BLINDING_set_flags, BN_BLINDING_create_param - blinding related BIGNUM functions. @@ -22,8 +22,10 @@ functions. BN_CTX *ctx); int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx); - unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *); - void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long); + + void BN_BLINDING_set_thread(BN_BLINDING *); + int BN_BLINDING_cmp_thread(const BN_BLINDING *, + const CRYPTO_THREADID *); unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, @@ -54,11 +56,10 @@ BN_BLINDING_convert() and BN_BLINDING_invert() are wrapper functions for BN_BLINDING_convert_ex() and BN_BLINDING_invert_ex() with B<r> set to NULL. -BN_BLINDING_set_thread_id() and BN_BLINDING_get_thread_id() -set and get the "thread id" value of the B<BN_BLINDING> structure, -a field provided to users of B<BN_BLINDING> structure to help them -provide proper locking if needed for multi-threaded use. The -"thread id" of a newly allocated B<BN_BLINDING> structure is zero. +BN_BLINDING_set_thread() and BN_BLINDING_cmp_thread() +set and compare the "thread id" of the B<BN_BLINDING> structure, +allowing users of the B<BN_BLINDING> structure to +provide proper locking if needed for multi-threaded use. BN_BLINDING_get_flags() returns the BN_BLINDING flags. Currently there are two supported flags: B<BN_BLINDING_NO_UPDATE> and @@ -85,6 +86,12 @@ success and 0 if an error occured. BN_BLINDING_get_thread_id() returns the thread id (a B<unsigned long> value) or 0 if not set. +BN_BLINDING_cmp_thread() returns 0 if the thread id associated with the +B<BN_BLINDING> structure equals the provided thread id (which can be +obtained by CRYPTO_THREADID_set()), otherwise it returns -1 or +1 +to indicate the thread ids are different (if the target architecture +supports ordering of thread ids, this follows the traditional "cmp" +semantics of memcmp() or strcmp()). BN_BLINDING_get_flags() returns the currently set B<BN_BLINDING> flags (a B<unsigned long> value). @@ -102,6 +109,14 @@ BN_BLINDING_convert_ex, BN_BLINDIND_invert_ex, BN_BLINDING_get_thread_id, BN_BLINDING_set_thread_id, BN_BLINDING_set_flags, BN_BLINDING_get_flags and BN_BLINDING_create_param were first introduced in OpenSSL 0.9.8 +BN_BLINDING_get_thread_idptr, BN_BLINDING_set_thread_idptr were first +introduced in OpenSSL 0.9.9 + +BN_BLINDING_get_thread_id, BN_BLINDING_set_thread_id, +BN_BLINDING_get_thread_idptr, BN_BLINDING_set_thread_idptr were all +deprecated in favour of BN_BLINDING_set_thread, BN_BLINDING_cmp_thread +which were introduced in OpenSSL 0.9.9 + =head1 AUTHOR Nils Larsch for the OpenSSL project (http://www.openssl.org). diff --git a/doc/crypto/bn.pod b/doc/crypto/bn.pod index cd2f8e50c6..213cba1c41 100644 --- a/doc/crypto/bn.pod +++ b/doc/crypto/bn.pod @@ -131,8 +131,10 @@ bn - multiprecision integer arithmetics BN_CTX *ctx); int BN_BLINDING_invert_ex(BIGNUM *n,const BIGNUM *r,BN_BLINDING *b, BN_CTX *ctx); - unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *); - void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long); + void BN_BLINDING_set_thread(BN_BLINDING *); + int BN_BLINDING_cmp_thread(const BN_BLINDING *, + const CRYPTO_THREADID *); + unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, diff --git a/doc/crypto/threads.pod b/doc/crypto/threads.pod index 230cbe890b..76bd10c500 100644 --- a/doc/crypto/threads.pod +++ b/doc/crypto/threads.pod @@ -76,9 +76,7 @@ below). idptr_function(void) is a function that similarly returns a thread ID, but of type void *. This is not needed on platforms where &errno is -different for each thread. OpenSSL assumes that it is in the same -thread iff both the numerical and the pointer thread ID agree, so it -suffices to define one of these two callback functions appropriately. +different for each thread. Additionally, OpenSSL supports dynamic locks, and sometimes, some parts of OpenSSL need it for better performance. To enable this, the following @@ -166,7 +164,9 @@ There is still the issue of platforms where pthread_self() returns something other than an integer. It is for cases like this that CRYPTO_set_idptr_callback() comes in handy. (E.g., call malloc(1) once in each thread, and have idptr_function() return a pointer to -this object.) +this object.) Note that if neither id_function() or idptr_function() +are provided, OpenSSL will use (&errno) as a fallback (as this +usually returns a unique address for each thread). =head1 EXAMPLES |