| 1 | =pod
|
|---|
| 2 |
|
|---|
| 3 | =head1 NAME
|
|---|
| 4 |
|
|---|
| 5 | CRYPTO_THREAD_run_once,
|
|---|
| 6 | CRYPTO_THREAD_lock_new, CRYPTO_THREAD_read_lock, CRYPTO_THREAD_write_lock,
|
|---|
| 7 | CRYPTO_THREAD_unlock, CRYPTO_THREAD_lock_free,
|
|---|
| 8 | CRYPTO_atomic_add, CRYPTO_atomic_or, CRYPTO_atomic_load,
|
|---|
| 9 | CRYPTO_atomic_load_int,
|
|---|
| 10 | OSSL_set_max_threads, OSSL_get_max_threads,
|
|---|
| 11 | OSSL_get_thread_support_flags, OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL,
|
|---|
| 12 | OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN - OpenSSL thread support
|
|---|
| 13 |
|
|---|
| 14 | =head1 SYNOPSIS
|
|---|
| 15 |
|
|---|
| 16 | #include <openssl/crypto.h>
|
|---|
| 17 |
|
|---|
| 18 | CRYPTO_ONCE CRYPTO_ONCE_STATIC_INIT;
|
|---|
| 19 | int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void));
|
|---|
| 20 |
|
|---|
| 21 | CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void);
|
|---|
| 22 | int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock);
|
|---|
| 23 | int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock);
|
|---|
| 24 | int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock);
|
|---|
| 25 | void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock);
|
|---|
| 26 |
|
|---|
| 27 | int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
|
|---|
| 28 | int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
|
|---|
| 29 | CRYPTO_RWLOCK *lock);
|
|---|
| 30 | int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock);
|
|---|
| 31 | int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock);
|
|---|
| 32 |
|
|---|
| 33 | int OSSL_set_max_threads(OSSL_LIB_CTX *ctx, uint64_t max_threads);
|
|---|
| 34 | uint64_t OSSL_get_max_threads(OSSL_LIB_CTX *ctx);
|
|---|
| 35 | uint32_t OSSL_get_thread_support_flags(void);
|
|---|
| 36 |
|
|---|
| 37 | #define OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL
|
|---|
| 38 | #define OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN
|
|---|
| 39 |
|
|---|
| 40 | =head1 DESCRIPTION
|
|---|
| 41 |
|
|---|
| 42 | OpenSSL can be safely used in multi-threaded applications provided that
|
|---|
| 43 | support for the underlying OS threading API is built-in. Currently, OpenSSL
|
|---|
| 44 | supports the pthread and Windows APIs. OpenSSL can also be built without
|
|---|
| 45 | any multi-threading support, for example on platforms that don't provide
|
|---|
| 46 | any threading support or that provide a threading API that is not yet
|
|---|
| 47 | supported by OpenSSL.
|
|---|
| 48 |
|
|---|
| 49 | The following multi-threading function are provided:
|
|---|
| 50 |
|
|---|
| 51 | =over 2
|
|---|
| 52 |
|
|---|
| 53 | =item *
|
|---|
| 54 |
|
|---|
| 55 | CRYPTO_THREAD_run_once() can be used to perform one-time initialization.
|
|---|
| 56 | The I<once> argument must be a pointer to a static object of type
|
|---|
| 57 | B<CRYPTO_ONCE> that was statically initialized to the value
|
|---|
| 58 | B<CRYPTO_ONCE_STATIC_INIT>.
|
|---|
| 59 | The I<init> argument is a pointer to a function that performs the desired
|
|---|
| 60 | exactly once initialization.
|
|---|
| 61 | In particular, this can be used to allocate locks in a thread-safe manner,
|
|---|
| 62 | which can then be used with the locking functions below.
|
|---|
| 63 |
|
|---|
| 64 | =item *
|
|---|
| 65 |
|
|---|
| 66 | CRYPTO_THREAD_lock_new() allocates, initializes and returns a new read/write
|
|---|
| 67 | lock.
|
|---|
| 68 |
|
|---|
| 69 | =item *
|
|---|
| 70 |
|
|---|
| 71 | CRYPTO_THREAD_read_lock() locks the provided I<lock> for reading.
|
|---|
| 72 |
|
|---|
| 73 | =item *
|
|---|
| 74 |
|
|---|
| 75 | CRYPTO_THREAD_write_lock() locks the provided I<lock> for writing.
|
|---|
| 76 |
|
|---|
| 77 | =item *
|
|---|
| 78 |
|
|---|
| 79 | CRYPTO_THREAD_unlock() unlocks the previously locked I<lock>.
|
|---|
| 80 |
|
|---|
| 81 | =item *
|
|---|
| 82 |
|
|---|
| 83 | CRYPTO_THREAD_lock_free() frees the provided I<lock>.
|
|---|
| 84 | If the argument is NULL, nothing is done.
|
|---|
| 85 |
|
|---|
| 86 | =item *
|
|---|
| 87 |
|
|---|
| 88 | CRYPTO_atomic_add() atomically adds I<amount> to I<*val> and returns the
|
|---|
| 89 | result of the operation in I<*ret>. I<lock> will be locked, unless atomic
|
|---|
| 90 | operations are supported on the specific platform. Because of this, if a
|
|---|
| 91 | variable is modified by CRYPTO_atomic_add() then CRYPTO_atomic_add() must
|
|---|
| 92 | be the only way that the variable is modified. If atomic operations are not
|
|---|
| 93 | supported and I<lock> is NULL, then the function will fail.
|
|---|
| 94 |
|
|---|
| 95 | =item *
|
|---|
| 96 |
|
|---|
| 97 | CRYPTO_atomic_or() performs an atomic bitwise or of I<op> and I<*val> and stores
|
|---|
| 98 | the result back in I<*val>. It also returns the result of the operation in
|
|---|
| 99 | I<*ret>. I<lock> will be locked, unless atomic operations are supported on the
|
|---|
| 100 | specific platform. Because of this, if a variable is modified by
|
|---|
| 101 | CRYPTO_atomic_or() or read by CRYPTO_atomic_load() then CRYPTO_atomic_or() must
|
|---|
| 102 | be the only way that the variable is modified. If atomic operations are not
|
|---|
| 103 | supported and I<lock> is NULL, then the function will fail.
|
|---|
| 104 |
|
|---|
| 105 | =item *
|
|---|
| 106 |
|
|---|
| 107 | CRYPTO_atomic_load() atomically loads the contents of I<*val> into I<*ret>.
|
|---|
| 108 | I<lock> will be locked, unless atomic operations are supported on the specific
|
|---|
| 109 | platform. Because of this, if a variable is modified by CRYPTO_atomic_or() or
|
|---|
| 110 | read by CRYPTO_atomic_load() then CRYPTO_atomic_load() must be the only way that
|
|---|
| 111 | the variable is read. If atomic operations are not supported and I<lock> is
|
|---|
| 112 | NULL, then the function will fail.
|
|---|
| 113 |
|
|---|
| 114 | =item *
|
|---|
| 115 |
|
|---|
| 116 | CRYPTO_atomic_load_int() works identically to CRYPTO_atomic_load() but operates
|
|---|
| 117 | on an I<int> value instead of a I<uint64_t> value.
|
|---|
| 118 |
|
|---|
| 119 | =item *
|
|---|
| 120 |
|
|---|
| 121 | OSSL_set_max_threads() sets the maximum number of threads to be used by the
|
|---|
| 122 | thread pool. If the argument is 0, thread pooling is disabled. OpenSSL will
|
|---|
| 123 | not create any threads and existing threads in the thread pool will be torn
|
|---|
| 124 | down. The maximum thread count is a limit, not a target. Threads will not be
|
|---|
| 125 | spawned unless (and until) there is demand. Thread polling is disabled by
|
|---|
| 126 | default. To enable threading you must call OSSL_set_max_threads() explicitly.
|
|---|
| 127 | Under no circumstances is this done for you.
|
|---|
| 128 |
|
|---|
| 129 | =item *
|
|---|
| 130 |
|
|---|
| 131 | OSSL_get_thread_support_flags() determines what thread pool functionality
|
|---|
| 132 | OpenSSL is compiled with and is able to support in the current run time
|
|---|
| 133 | environment. B<OSSL_THREAD_SUPPORT_FLAG_THREAD_POOL> indicates that the base
|
|---|
| 134 | thread pool functionality is available, and
|
|---|
| 135 | B<OSSL_THREAD_SUPPORT_FLAG_DEFAULT_SPAWN> indicates that the default thread pool
|
|---|
| 136 | model is available. The default thread pool model is currently the only model
|
|---|
| 137 | available, therefore both of these flags must be set for thread pool
|
|---|
| 138 | functionality to be used.
|
|---|
| 139 |
|
|---|
| 140 | =back
|
|---|
| 141 |
|
|---|
| 142 | =head1 RETURN VALUES
|
|---|
| 143 |
|
|---|
| 144 | CRYPTO_THREAD_run_once() returns 1 on success, or 0 on error.
|
|---|
| 145 |
|
|---|
| 146 | CRYPTO_THREAD_lock_new() returns the allocated lock, or NULL on error.
|
|---|
| 147 |
|
|---|
| 148 | CRYPTO_THREAD_lock_free() returns no value.
|
|---|
| 149 |
|
|---|
| 150 | OSSL_set_max_threads() returns 1 on success and 0 on failure. Returns failure
|
|---|
| 151 | if OpenSSL-managed thread pooling is not supported (for example, if it is not
|
|---|
| 152 | supported on the current platform, or because OpenSSL is not built with the
|
|---|
| 153 | necessary support).
|
|---|
| 154 |
|
|---|
| 155 | OSSL_get_max_threads() returns the maximum number of threads currently allowed
|
|---|
| 156 | to be used by the thread pool. If thread pooling is disabled or not available,
|
|---|
| 157 | returns 0.
|
|---|
| 158 |
|
|---|
| 159 | OSSL_get_thread_support_flags() returns zero or more B<OSSL_THREAD_SUPPORT_FLAG>
|
|---|
| 160 | values.
|
|---|
| 161 |
|
|---|
| 162 | The other functions return 1 on success, or 0 on error.
|
|---|
| 163 |
|
|---|
| 164 | =head1 NOTES
|
|---|
| 165 |
|
|---|
| 166 | On Windows platforms the CRYPTO_THREAD_* types and functions in the
|
|---|
| 167 | F<< <openssl/crypto.h> >> header are dependent on some of the types
|
|---|
| 168 | customarily made available by including F<< <windows.h> >>. The application
|
|---|
| 169 | developer is likely to require control over when the latter is included,
|
|---|
| 170 | commonly as one of the first included headers. Therefore, it is defined as an
|
|---|
| 171 | application developer's responsibility to include F<< <windows.h> >> prior to
|
|---|
| 172 | F<< <openssl/crypto.h> >> where use of CRYPTO_THREAD_* types and functions is
|
|---|
| 173 | required.
|
|---|
| 174 |
|
|---|
| 175 | =head1 EXAMPLES
|
|---|
| 176 |
|
|---|
| 177 | You can find out if OpenSSL was configured with thread support:
|
|---|
| 178 |
|
|---|
| 179 | #include <openssl/opensslconf.h>
|
|---|
| 180 | #if defined(OPENSSL_THREADS)
|
|---|
| 181 | /* thread support enabled */
|
|---|
| 182 | #else
|
|---|
| 183 | /* no thread support */
|
|---|
| 184 | #endif
|
|---|
| 185 |
|
|---|
| 186 | This example safely initializes and uses a lock.
|
|---|
| 187 |
|
|---|
| 188 | #ifdef _WIN32
|
|---|
| 189 | # include <windows.h>
|
|---|
| 190 | #endif
|
|---|
| 191 | #include <openssl/crypto.h>
|
|---|
| 192 |
|
|---|
| 193 | static CRYPTO_ONCE once = CRYPTO_ONCE_STATIC_INIT;
|
|---|
| 194 | static CRYPTO_RWLOCK *lock;
|
|---|
| 195 |
|
|---|
| 196 | static void myinit(void)
|
|---|
| 197 | {
|
|---|
| 198 | lock = CRYPTO_THREAD_lock_new();
|
|---|
| 199 | }
|
|---|
| 200 |
|
|---|
| 201 | static int mylock(void)
|
|---|
| 202 | {
|
|---|
| 203 | if (!CRYPTO_THREAD_run_once(&once, void init) || lock == NULL)
|
|---|
| 204 | return 0;
|
|---|
| 205 | return CRYPTO_THREAD_write_lock(lock);
|
|---|
| 206 | }
|
|---|
| 207 |
|
|---|
| 208 | static int myunlock(void)
|
|---|
| 209 | {
|
|---|
| 210 | return CRYPTO_THREAD_unlock(lock);
|
|---|
| 211 | }
|
|---|
| 212 |
|
|---|
| 213 | int serialized(void)
|
|---|
| 214 | {
|
|---|
| 215 | int ret = 0;
|
|---|
| 216 |
|
|---|
| 217 | if (!mylock()) {
|
|---|
| 218 | /* Do not unlock unless the lock was successfully acquired. */
|
|---|
| 219 | return 0;
|
|---|
| 220 | }
|
|---|
| 221 |
|
|---|
| 222 | /* Your code here, do not return without releasing the lock! */
|
|---|
| 223 | ret = ... ;
|
|---|
| 224 | myunlock();
|
|---|
| 225 | return ret;
|
|---|
| 226 | }
|
|---|
| 227 |
|
|---|
| 228 | Finalization of locks is an advanced topic, not covered in this example.
|
|---|
| 229 | This can only be done at process exit or when a dynamically loaded library is
|
|---|
| 230 | no longer in use and is unloaded.
|
|---|
| 231 | The simplest solution is to just "leak" the lock in applications and not
|
|---|
| 232 | repeatedly load/unload shared libraries that allocate locks.
|
|---|
| 233 |
|
|---|
| 234 | =head1 SEE ALSO
|
|---|
| 235 |
|
|---|
| 236 | L<crypto(7)>, L<openssl-threads(7)>.
|
|---|
| 237 |
|
|---|
| 238 | =head1 COPYRIGHT
|
|---|
| 239 |
|
|---|
| 240 | Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
|---|
| 241 |
|
|---|
| 242 | Licensed under the Apache License 2.0 (the "License"). You may not use
|
|---|
| 243 | this file except in compliance with the License. You can obtain a copy
|
|---|
| 244 | in the file LICENSE in the source distribution or at
|
|---|
| 245 | L<https://www.openssl.org/source/license.html>.
|
|---|
| 246 |
|
|---|
| 247 | =cut
|
|---|
