Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add atexit configuration option to control using atexit() in libcrypto at build-time. #23394

Closed
wants to merge 1 commit into from
Closed

Add atexit configuration option to control using atexit() in libcrypto at build-time. #23394

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/workflows/run-checker-daily.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ jobs:
no-asan,
no-asm,
no-async,
no-atexit,
no-autoalginit,
no-autoerrinit,
no-autoload-config,
Expand Down
7 changes: 7 additions & 0 deletions CHANGES.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,13 @@ OpenSSL 3.3

*Hugo Landau*

* New atexit configuration switch, which controls whether the OPENSSL_cleanup
is registered when libcrypto is unloaded. This is turned off on NonStop
configurations because of loader differences on that platform compared to
Linux.

*Randall S. Becker*

OpenSSL 3.2
-----------

Expand Down
22 changes: 14 additions & 8 deletions Configurations/50-nonstop.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@
shared_extension => ".so",
ex_libs => add('-lrld'),
enable => ['egd'],
# Not currently inherited
disable => ['atexit'],
dso_scheme => 'DLFCN',
sys_id => 'TANDEM',
},
Expand Down Expand Up @@ -178,7 +180,7 @@
'nonstop-archenv-x86_64-oss',
'nonstop-ilp32',
'nonstop-efloat-x86_64' ],
disable => ['threads'],
disable => ['threads','atexit'],
},
'nonstop-nsx_put' => {
inherit_from => [ 'nonstop-common',
Expand All @@ -188,6 +190,7 @@
'nonstop-model-put' ],
multilib => '-put',
multibin => '-put',
disable => ['atexit'],
},
'nonstop-nsx_64' => {
inherit_from => [ 'nonstop-common',
Expand All @@ -196,7 +199,7 @@
'nonstop-efloat-x86_64' ],
multilib => '64',
multibin => '64',
disable => ['threads'],
disable => ['threads','atexit'],
},
'nonstop-nsx_64_put' => {
inherit_from => [ 'nonstop-common',
Expand All @@ -206,18 +209,19 @@
'nonstop-model-put' ],
multilib => '64-put',
multibin => '64-put',
disable => ['atexit'],
},
'nonstop-nsx_g' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-guardian',
'nonstop-ilp32', 'nonstop-nfloat-x86_64' ],
disable => ['threads'],
disable => ['threads','atexit'],
},
'nonstop-nsx_g_tandem' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-guardian',
'nonstop-ilp32', 'nonstop-tfloat-x86_64' ],
disable => ['threads'],
disable => ['threads','atexit'],
},
'nonstop-nsv' => {
inherit_from => [ 'nonstop-nsx' ],
Expand All @@ -227,7 +231,7 @@
'nonstop-archenv-itanium-oss',
'nonstop-ilp32',
'nonstop-efloat-itanium' ],
disable => ['threads'],
disable => ['threads','atexit'],
},
'nonstop-nse_put' => {
inherit_from => [ 'nonstop-common',
Expand All @@ -237,6 +241,7 @@
'nonstop-model-put' ],
multilib => '-put',
multibin => '-put',
disable => ['atexit'],
},
'nonstop-nse_64' => {
inherit_from => [ 'nonstop-common',
Expand All @@ -245,7 +250,7 @@
'nonstop-efloat-itanium' ],
multilib => '64',
multibin => '64',
disable => ['threads'],
disable => ['threads','atexit'],
},
'nonstop-nse_64_put' => {
inherit_from => [ 'nonstop-common',
Expand All @@ -255,17 +260,18 @@
'nonstop-model-put' ],
multilib => '64-put',
multibin => '64-put',
disable => ['atexit'],
},
'nonstop-nse_g' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-itanium-guardian',
'nonstop-ilp32', 'nonstop-nfloat-itanium' ],
disable => ['threads'],
disable => ['threads','atexit'],
},

'nonstop-nse_g_tandem' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-itanium-guardian',
'nonstop-ilp32', 'nonstop-tfloat-itanium' ],
disable => ['threads'],
disable => ['threads','atexit'],
},
3 changes: 2 additions & 1 deletion Configure
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -420,6 +420,7 @@ my @disablables = (
"asan",
"asm",
"async",
"atexit",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This new option should additionally be documented in the INSTALL.md file since it applies to all platforms. I think it also justifies a CHANGES.md entry.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will be there on the next push.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updates done. Thank you for your feedback.

"autoalginit",
"autoerrinit",
"autoload-config",
Expand Down Expand Up @@ -596,7 +597,7 @@ our %disabled = ( # "what" => "comment"
my @disable_cascades = (
# "what" => [ "cascade", ... ]
"bulk" => [ "shared", "dso",
"aria", "async", "autoload-config",
"aria", "async", "atexit", "autoload-config",
"blake2", "bf", "camellia", "cast", "chacha",
"cmac", "cms", "cmp", "comp", "ct",
"des", "dgram", "dh", "dsa",
Expand Down
13 changes: 11 additions & 2 deletions INSTALL.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ issues and other details, please read one of these:
* [Notes for Windows platforms](NOTES-WINDOWS.md)
* [Notes for the DOS platform with DJGPP](NOTES-DJGPP.md)
* [Notes for the OpenVMS platform](NOTES-VMS.md)
* [Notes for the HPE NonStop platform](NOTES-NONSTOP.md)
* [Notes on Perl](NOTES-PERL.md)
* [Notes on Valgrind](NOTES-VALGRIND.md)

Expand Down Expand Up @@ -141,7 +142,7 @@ Use the following commands to configure, build and test OpenSSL.
The testing is optional, but recommended if you intend to install
OpenSSL for production use.

### Unix / Linux / macOS
### Unix / Linux / macOS / NonStop

$ ./Configure
$ make
Expand Down Expand Up @@ -198,7 +199,7 @@ the global search path for system libraries.
Finally, if you plan on using the FIPS module, you need to read the
[Post-installation Notes](#post-installation-notes) further down.

### Unix / Linux / macOS
### Unix / Linux / macOS / NonStop

Depending on your distribution, you need to run the following command as
root user or prepend `sudo` to the command:
Expand Down Expand Up @@ -600,6 +601,14 @@ be used even with this option.

Do not build support for async operations.

### no-atexit

Do not use `atexit()` in libcrypto builds.

`atexit()` has varied semantics between platforms and can cause SIGSEGV in some
circumstances. This options disables the atexit registration of OPENSSL_cleanup.
By default, NonStop configurations use `no-atexit`.

### no-autoalginit

Don't automatically load all supported ciphers and digests.
Expand Down
8 changes: 7 additions & 1 deletion NOTES-NONSTOP.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,13 @@ relating to `atexit()` processing when a shared library is unloaded and when
the program terminates. This limitation applies to all OpenSSL shared library
components.

A resolution to this situation is under investigation.
A control has been added as of 3.3.x to disable calls to `atexit()` within the
`libcrypto` builds (specifically in `crypto/init.c`). This switch can be
controlled using `disable-atexit` or `enable-atexit`, and is disabled by default
for NonStop builds. If you need to have `atexit()` functionality, set
`enabled-atexit` when configuring OpenSSL to enable the `atexit()` call to
register `OPENSSL_cleanup()` automatically. Preferably, you can explicitly call
`OPENSSL_cleanup()` from your application.

About Prefix and OpenSSLDir
---------------------------
Expand Down
12 changes: 7 additions & 5 deletions crypto/init.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,17 +97,19 @@ static int win32atexit(void)

DEFINE_RUN_ONCE_STATIC(ossl_init_register_atexit)
{
#ifdef OPENSSL_INIT_DEBUG
#ifndef OPENSSL_NO_ATEXIT
# ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ossl_init_register_atexit()\n");
#endif
#ifndef OPENSSL_SYS_UEFI
# if defined(_WIN32) && !defined(__BORLANDC__)
# endif
# ifndef OPENSSL_SYS_UEFI
# if defined(_WIN32) && !defined(__BORLANDC__)
/* We use _onexit() in preference because it gets called on DLL unload */
if (_onexit(win32atexit) == NULL)
return 0;
# else
# else
if (atexit(OPENSSL_cleanup) != 0)
return 0;
# endif
# endif
#endif

Expand Down