5b33effa72
BoringSSL depends on the platform's locking APIs to make internal global state thread-safe, including the PRNG. On some single-threaded embedded platforms, locking APIs may not exist, so this dependency may be disabled with a build flag. Doing so means the consumer promises the library will never be used in any multi-threaded address space. It causes BoringSSL to be globally thread-unsafe. Setting it inappropriately will subtly and unpredictably corrupt memory and leak secret keys. Unfortunately, folks sometimes misinterpreted OPENSSL_NO_THREADS as skipping an internal thread pool or disabling an optionally extra-thread-safe mode. This is not and has never been the case. Rename it to OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED to clarify what this option does. Update-Note: As a first step, this CL makes both OPENSSL_NO_THREADS and OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED work. A later CL will remove the old name, so migrate callers after or at the same time as picking up this CL. Change-Id: Ibe4964ae43eb7a52f08fd966fccb330c0cc11a8c Reviewed-on: https://boringssl-review.googlesource.com/32084 Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
80 lines
2.4 KiB
C++
80 lines
2.4 KiB
C++
/* Copyright (c) 2015, Google Inc.
|
|
*
|
|
* Permission to use, copy, modify, and/or distribute this software for any
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
* copyright notice and this permission notice appear in all copies.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
|
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
|
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
|
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
|
|
|
#include "internal.h"
|
|
|
|
#include <gtest/gtest.h>
|
|
|
|
#if defined(OPENSSL_THREADS)
|
|
#include <thread>
|
|
#endif
|
|
|
|
|
|
TEST(RefCountTest, Basic) {
|
|
CRYPTO_refcount_t count = 0;
|
|
|
|
CRYPTO_refcount_inc(&count);
|
|
EXPECT_EQ(1u, count);
|
|
|
|
EXPECT_TRUE(CRYPTO_refcount_dec_and_test_zero(&count));
|
|
EXPECT_EQ(0u, count);
|
|
|
|
count = CRYPTO_REFCOUNT_MAX;
|
|
CRYPTO_refcount_inc(&count);
|
|
EXPECT_EQ(CRYPTO_REFCOUNT_MAX, count)
|
|
<< "Count did not saturate correctly when incrementing.";
|
|
EXPECT_FALSE(CRYPTO_refcount_dec_and_test_zero(&count));
|
|
EXPECT_EQ(CRYPTO_REFCOUNT_MAX, count)
|
|
<< "Count did not saturate correctly when decrementing.";
|
|
|
|
count = 2;
|
|
EXPECT_FALSE(CRYPTO_refcount_dec_and_test_zero(&count));
|
|
EXPECT_EQ(1u, count);
|
|
}
|
|
|
|
#if defined(OPENSSL_THREADS)
|
|
// This test is primarily intended to run under ThreadSanitizer.
|
|
TEST(RefCountTest, Threads) {
|
|
CRYPTO_refcount_t count = 0;
|
|
|
|
// Race two increments.
|
|
{
|
|
std::thread thread([&] { CRYPTO_refcount_inc(&count); });
|
|
CRYPTO_refcount_inc(&count);
|
|
thread.join();
|
|
EXPECT_EQ(2u, count);
|
|
}
|
|
|
|
// Race an increment with a decrement.
|
|
{
|
|
std::thread thread([&] { CRYPTO_refcount_inc(&count); });
|
|
EXPECT_FALSE(CRYPTO_refcount_dec_and_test_zero(&count));
|
|
thread.join();
|
|
EXPECT_EQ(2u, count);
|
|
}
|
|
|
|
// Race two decrements.
|
|
{
|
|
bool thread_saw_zero;
|
|
std::thread thread(
|
|
[&] { thread_saw_zero = CRYPTO_refcount_dec_and_test_zero(&count); });
|
|
bool saw_zero = CRYPTO_refcount_dec_and_test_zero(&count);
|
|
thread.join();
|
|
EXPECT_EQ(0u, count);
|
|
// Exactly one thread should see zero.
|
|
EXPECT_NE(saw_zero, thread_saw_zero);
|
|
}
|
|
}
|
|
#endif
|