Fix multiple OpenSSL vulnerabilities.

[FreeBSD/releng/9.3.git] / secure / lib / libcrypto / man / threads.3

.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
.    \" fudge factors for nroff and troff
.if n \{\
.    ds #H 0
.    ds #V .8m
.    ds #F .3m
.    ds #[ \f1
.    ds #] \fP
.\}
.if t \{\
.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
.    ds #V .6m
.    ds #F 0
.    ds #[ \&
.    ds #] \&
.\}
.    \" simple accents for nroff and troff
.if n \{\
.    ds ' \&
.    ds ` \&
.    ds ^ \&
.    ds , \&
.    ds ~ ~
.    ds /
.\}
.if t \{\
.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
.    \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
.    \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
.    \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
.    ds : e
.    ds 8 ss
.    ds o a
.    ds d- d\h'-1'\(ga
.    ds D- D\h'-1'\(hy
.    ds th \o'bp'
.    ds Th \o'LP'
.    ds ae ae
.    ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "threads 3"
.TH threads 3 "2015-12-03" "0.9.8zh" "OpenSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
CRYPTO_set_locking_callback, CRYPTO_set_id_callback, CRYPTO_num_locks,
CRYPTO_set_dynlock_create_callback, CRYPTO_set_dynlock_lock_callback,
CRYPTO_set_dynlock_destroy_callback, CRYPTO_get_new_dynlockid,
CRYPTO_destroy_dynlockid, CRYPTO_lock \- OpenSSL thread support
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/crypto.h>
\&
\& void CRYPTO_set_locking_callback(void (*locking_function)(int mode,
\&        int n, const char *file, int line));
\&
\& void CRYPTO_set_id_callback(unsigned long (*id_function)(void));
\&
\& int CRYPTO_num_locks(void);
\&
\&
\& /* struct CRYPTO_dynlock_value needs to be defined by the user */
\& struct CRYPTO_dynlock_value;
\&
\& void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *
\&        (*dyn_create_function)(char *file, int line));
\& void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function)
\&        (int mode, struct CRYPTO_dynlock_value *l,
\&        const char *file, int line));
\& void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function)
\&        (struct CRYPTO_dynlock_value *l, const char *file, int line));
\&
\& int CRYPTO_get_new_dynlockid(void);
\&
\& void CRYPTO_destroy_dynlockid(int i);
\&
\& void CRYPTO_lock(int mode, int n, const char *file, int line);
\&
\& #define CRYPTO_w_lock(type)    \e
\&        CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,_\|_FILE_\|_,_\|_LINE_\|_)
\& #define CRYPTO_w_unlock(type)  \e
\&        CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,_\|_FILE_\|_,_\|_LINE_\|_)
\& #define CRYPTO_r_lock(type)    \e
\&        CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,_\|_FILE_\|_,_\|_LINE_\|_)
\& #define CRYPTO_r_unlock(type)  \e
\&        CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,_\|_FILE_\|_,_\|_LINE_\|_)
\& #define CRYPTO_add(addr,amount,type)   \e
\&        CRYPTO_add_lock(addr,amount,type,_\|_FILE_\|_,_\|_LINE_\|_)
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
OpenSSL can safely be used in multi-threaded applications provided
that at least two callback functions are set.
.PP
locking_function(int mode, int n, const char *file, int line) is
needed to perform locking on shared data structures. 
(Note that OpenSSL uses a number of global data structures that
will be implicitly shared whenever multiple threads use OpenSSL.)
Multi-threaded applications will crash at random if it is not set.
.PP
\&\fIlocking_function()\fR must be able to handle up to \fICRYPTO_num_locks()\fR
different mutex locks. It sets the \fBn\fR\-th lock if \fBmode\fR &
\&\fB\s-1CRYPTO_LOCK\s0\fR, and releases it otherwise.
.PP
\&\fBfile\fR and \fBline\fR are the file number of the function setting the
lock. They can be useful for debugging.
.PP
id_function(void) is a function that returns a thread \s-1ID,\s0 for example
\&\fIpthread_self()\fR if it returns an integer (see \s-1NOTES\s0 below).  It isn't
needed on Windows nor on platforms where \fIgetpid()\fR returns a different
\&\s-1ID\s0 for each thread (see \s-1NOTES\s0 below).
.PP
Additionally, OpenSSL supports dynamic locks, and sometimes, some parts
of OpenSSL need it for better performance.  To enable this, the following
is required:
.IP "\(bu" 4
Three additional callback function, dyn_create_function, dyn_lock_function
and dyn_destroy_function.
.IP "\(bu" 4
A structure defined with the data that each lock needs to handle.
.PP
struct CRYPTO_dynlock_value has to be defined to contain whatever structure
is needed to handle locks.
.PP
dyn_create_function(const char *file, int line) is needed to create a
lock.  Multi-threaded applications might crash at random if it is not set.
.PP
dyn_lock_function(int mode, CRYPTO_dynlock *l, const char *file, int line)
is needed to perform locking off dynamic lock numbered n. Multi-threaded
applications might crash at random if it is not set.
.PP
dyn_destroy_function(CRYPTO_dynlock *l, const char *file, int line) is
needed to destroy the lock l. Multi-threaded applications might crash at
random if it is not set.
.PP
\&\fICRYPTO_get_new_dynlockid()\fR is used to create locks.  It will call
dyn_create_function for the actual creation.
.PP
\&\fICRYPTO_destroy_dynlockid()\fR is used to destroy locks.  It will call
dyn_destroy_function for the actual destruction.
.PP
\&\fICRYPTO_lock()\fR is used to lock and unlock the locks.  mode is a bitfield
describing what should be done with the lock.  n is the number of the
lock as returned from \fICRYPTO_get_new_dynlockid()\fR.  mode can be combined
from the following values.  These values are pairwise exclusive, with
undefined behaviour if misused (for example, \s-1CRYPTO_READ\s0 and \s-1CRYPTO_WRITE\s0
should not be used together):
.PP
.Vb 4
\&        CRYPTO_LOCK     0x01
\&        CRYPTO_UNLOCK   0x02
\&        CRYPTO_READ     0x04
\&        CRYPTO_WRITE    0x08
.Ve
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fICRYPTO_num_locks()\fR returns the required number of locks.
.PP
\&\fICRYPTO_get_new_dynlockid()\fR returns the index to the newly created lock.
.PP
The other functions return no values.
.SH "NOTES"
.IX Header "NOTES"
You can find out if OpenSSL was configured with thread support:
.PP
.Vb 7
\& #define OPENSSL_THREAD_DEFINES
\& #include <openssl/opensslconf.h>
\& #if defined(OPENSSL_THREADS)
\&   // thread support enabled
\& #else
\&   // no thread support
\& #endif
.Ve
.PP
Also, dynamic locks are currently not used internally by OpenSSL, but
may do so in the future.
.PP
Defining id_function(void) has it's own issues.  Generally speaking,
\&\fIpthread_self()\fR should be used, even on platforms where \fIgetpid()\fR gives
different answers in each thread, since that may depend on the machine
the program is run on, not the machine where the program is being
compiled.  For instance, Red Hat 8 Linux and earlier used
LinuxThreads, whose \fIgetpid()\fR returns a different value for each
thread.  Red Hat 9 Linux and later use \s-1NPTL,\s0 which is
Posix-conformant, and has a \fIgetpid()\fR that returns the same value for
all threads in a process.  A program compiled on Red Hat 8 and run on
Red Hat 9 will therefore see \fIgetpid()\fR returning the same value for
all threads.
.PP
There is still the issue of platforms where \fIpthread_self()\fR returns
something other than an integer.  This is a bit unusual, and this
manual has no cookbook solution for that case.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
\&\fBcrypto/threads/mttest.c\fR shows examples of the callback functions on
Solaris, Irix and Win32.
.SH "HISTORY"
.IX Header "HISTORY"
\&\fICRYPTO_set_locking_callback()\fR and \fICRYPTO_set_id_callback()\fR are
available in all versions of SSLeay and OpenSSL.
\&\fICRYPTO_num_locks()\fR was added in OpenSSL 0.9.4.
All functions dealing with dynamic locks were added in OpenSSL 0.9.5b\-dev.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIcrypto\fR\|(3)