[openssl] master update

tmraz at fedoraproject.org tmraz at fedoraproject.org
Wed Nov 4 16:03:51 UTC 2020 

The branch master has been updated
       via  9750b4d39c610bac89fde009c3b22147eee0249c (commit)
      from  23fb3661cf914eb6a0776abec629b0e3e5976b7f (commit)


- Log -----------------------------------------------------------------
commit 9750b4d39c610bac89fde009c3b22147eee0249c
Author: Randall S. Becker <rsbecker at nexbridge.com>
Date:   Thu Oct 29 10:17:25 2020 -0500

    Moved OPENSSL_fork_prepare,_parent,_child from init.c to threads_pthread.c.
    
    These methods should ultimately be deprecated. The move is to insulate
    non-UNIX platforms from these undefined symbols.
    
    CLA: Permission is granted by the author to the OpenSSL team to use
    these modifications.
    
    Fixes #13273
    
    Signed-off-by: Randall S. Becker <rsbecker at nexbridge.com>
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13276)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md                        |  9 +++++++++
 crypto/init.c                     | 25 -------------------------
 crypto/threads_pthread.c          | 21 +++++++++++++++++++++
 doc/man3/OPENSSL_fork_prepare.pod |  9 ++++++++-
 include/openssl/crypto.h.in       |  8 +++++---
 util/libcrypto.num                |  6 +++---
 6 files changed, 46 insertions(+), 32 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index dc3e837474..e9e9bc13c3 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1246,6 +1246,15 @@ OpenSSL 3.0
 
    *David von Oheimb*
 
+ * Deprecated pthread fork support methods. These were unused so no
+   replacement is required.
+
+   - OPENSSL_fork_prepare()
+   - OPENSSL_fork_parent()
+   - OPENSSL_fork_child()
+
+   *Randall S. Becker*
+
 OpenSSL 1.1.1
 -------------
 
diff --git a/crypto/init.c b/crypto/init.c
index cfd4eab9ed..f7c7d59f55 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -666,28 +666,3 @@ int OPENSSL_atexit(void (*handler)(void))
     return 1;
 }
 
-#ifdef OPENSSL_SYS_UNIX
-/*
- * The following three functions are for OpenSSL developers.  This is
- * where we set/reset state across fork (called via pthread_atfork when
- * it exists, or manually by the application when it doesn't).
- *
- * WARNING!  If you put code in either OPENSSL_fork_parent or
- * OPENSSL_fork_child, you MUST MAKE SURE that they are async-signal-
- * safe.  See this link, for example:
- *      http://man7.org/linux/man-pages/man7/signal-safety.7.html
- */
-
-void OPENSSL_fork_prepare(void)
-{
-}
-
-void OPENSSL_fork_parent(void)
-{
-}
-
-void OPENSSL_fork_child(void)
-{
-    /* TODO(3.0): Inform all providers about a fork event */
-}
-#endif
diff --git a/crypto/threads_pthread.c b/crypto/threads_pthread.c
index a2735332b8..d7cac6566a 100644
--- a/crypto/threads_pthread.c
+++ b/crypto/threads_pthread.c
@@ -7,6 +7,9 @@
  * https://www.openssl.org/source/license.html
  */
 
+/* We need to use the OPENSSL_fork_*() deprecated APIs */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
 #include <openssl/crypto.h>
 #include "internal/cryptlib.h"
 
@@ -196,12 +199,30 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock)
 
 # ifndef FIPS_MODULE
 #  ifdef OPENSSL_SYS_UNIX
+
+#   ifndef OPENSSL_NO_DEPRECATED_3_0
+
+void OPENSSL_fork_prepare(void)
+{
+}
+
+void OPENSSL_fork_parent(void)
+{
+}
+
+void OPENSSL_fork_child(void)
+{
+}
+
+#   endif
 static pthread_once_t fork_once_control = PTHREAD_ONCE_INIT;
 
 static void fork_once_func(void)
 {
+#   ifndef OPENSSL_NO_DEPRECATED_3_0
     pthread_atfork(OPENSSL_fork_prepare,
                    OPENSSL_fork_parent, OPENSSL_fork_child);
+#   endif
 }
 #  endif
 
diff --git a/doc/man3/OPENSSL_fork_prepare.pod b/doc/man3/OPENSSL_fork_prepare.pod
index d028a55bce..b011c6a63d 100644
--- a/doc/man3/OPENSSL_fork_prepare.pod
+++ b/doc/man3/OPENSSL_fork_prepare.pod
@@ -11,12 +11,19 @@ OPENSSL_fork_child
 
  #include <openssl/crypto.h>
 
+Deprecated since OpenSSL 3.0.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
  void OPENSSL_fork_prepare(void);
  void OPENSSL_fork_parent(void);
  void OPENSSL_fork_child(void);
 
 =head1 DESCRIPTION
 
+These methods are currently unused, and as such, no replacement methods are
+required or planned.
+
 OpenSSL has state that should be reset when a process forks. For example,
 the entropy pool used to generate random numbers (and therefore encryption
 keys) should not be shared across multiple programs.
@@ -53,7 +60,7 @@ These functions were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/include/openssl/crypto.h.in b/include/openssl/crypto.h.in
index b84712f227..1036da9a2b 100644
--- a/include/openssl/crypto.h.in
+++ b/include/openssl/crypto.h.in
@@ -389,9 +389,11 @@ int OPENSSL_isservice(void);
 
 void OPENSSL_init(void);
 # ifdef OPENSSL_SYS_UNIX
-void OPENSSL_fork_prepare(void);
-void OPENSSL_fork_parent(void);
-void OPENSSL_fork_child(void);
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0 void OPENSSL_fork_prepare(void);
+OSSL_DEPRECATEDIN_3_0 void OPENSSL_fork_parent(void);
+OSSL_DEPRECATEDIN_3_0 void OPENSSL_fork_child(void);
+#  endif
 # endif
 
 struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 3573058dc9..9437e30e85 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4195,9 +4195,9 @@ OSSL_STORE_INFO_set0_NAME_description   4284	3_0_0	EXIST::FUNCTION:
 OSSL_STORE_INFO_get1_NAME_description   4285	3_0_0	EXIST::FUNCTION:
 OSSL_STORE_do_all_loaders               4286	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
 OSSL_STORE_LOADER_get0_engine           4287	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
-OPENSSL_fork_prepare                    4288	3_0_0	EXIST:UNIX:FUNCTION:
-OPENSSL_fork_parent                     4289	3_0_0	EXIST:UNIX:FUNCTION:
-OPENSSL_fork_child                      4290	3_0_0	EXIST:UNIX:FUNCTION:
+OPENSSL_fork_prepare                    4288	3_0_0	EXIST:UNIX:FUNCTION:DEPRECATEDIN_3_0
+OPENSSL_fork_parent                     4289	3_0_0	EXIST:UNIX:FUNCTION:DEPRECATEDIN_3_0
+OPENSSL_fork_child                      4290	3_0_0	EXIST:UNIX:FUNCTION:DEPRECATEDIN_3_0
 EVP_sha3_224                            4304	3_0_0	EXIST::FUNCTION:
 EVP_sha3_256                            4305	3_0_0	EXIST::FUNCTION:
 EVP_sha3_384                            4306	3_0_0	EXIST::FUNCTION:

More information about the openssl-commits mailing list