tor

The Tor anonymity network
git clone https://git.dasho.dev/tor.git
Log | Files | Refs | README | LICENSE
commit 5a6b3d06f472a3e049c84ba687157d7115b0aecd
parent b66a183f0bca81a34208b0c34d08d38c40ac66fd
Author: Nick Mathewson <nickm@torproject.org>
Date:   Sun, 27 Apr 2025 10:47:45 -0400

Remove NEW_THREAD_API

Every supported OpenSSL version and fork has the modern API.

Diffstat:

Msrc/lib/crypt_ops/crypto_openssl_mgt.c | 71-----------------------------------------------------------------------


Msrc/lib/crypt_ops/crypto_openssl_mgt.h | 15---------------


2 files changed, 0 insertions(+), 86 deletions(-)

diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.c b/src/lib/crypt_ops/crypto_openssl_mgt.c
@@ -45,19 +45,8 @@ ENABLE_GCC_WARNING("-Wredundant-decls")
 #define DISABLE_ENGINES
 #endif
 
-#ifndef NEW_THREAD_API
-/** A number of preallocated mutexes for use by OpenSSL. */
-static tor_mutex_t **openssl_mutexes_ = NULL;
-/** How many mutexes have we allocated for use by OpenSSL? */
-static int n_openssl_mutexes_ = 0;
-#endif /* !defined(NEW_THREAD_API) */
-
 /** Declare STATIC functions */
 STATIC char * parse_openssl_version_str(const char *raw_version);
-#ifndef NEW_THREAD_API
-STATIC void openssl_locking_cb_(int mode, int n, const char *file, int line);
-STATIC void tor_set_openssl_thread_id(CRYPTO_THREADID *threadid);
-#endif
 
 /** Log all pending crypto errors at level <b>severity</b>.  Use
  * <b>doing</b> to describe our current activities.
@@ -142,46 +131,11 @@ crypto_openssl_get_header_version_str(void)
 #endif
 #endif /* !defined(COCCI) */
 
-#ifndef NEW_THREAD_API
-/** Helper: OpenSSL uses this callback to manipulate mutexes. */
-STATIC void
-openssl_locking_cb_(int mode, int n, const char *file, int line)
-{
-  (void)file;
-  (void)line;
-  if (!openssl_mutexes_)
-    /* This is not a really good fix for the
-     * "release-freed-lock-from-separate-thread-on-shutdown" problem, but
-     * it can't hurt. */
-    return;
-  if (mode & CRYPTO_LOCK)
-    tor_mutex_acquire(openssl_mutexes_[n]);
-  else
-    tor_mutex_release(openssl_mutexes_[n]);
-}
-
-STATIC void
-tor_set_openssl_thread_id(CRYPTO_THREADID *threadid)
-{
-  CRYPTO_THREADID_set_numeric(threadid, tor_get_thread_id());
-}
-#endif /* !defined(NEW_THREAD_API) */
-
 /** Helper: Construct mutexes, and set callbacks to help OpenSSL handle being
  * multithreaded. Returns 0. */
 static int
 setup_openssl_threading(void)
 {
-#ifndef NEW_THREAD_API
-  int i;
-  int n = CRYPTO_num_locks();
-  n_openssl_mutexes_ = n;
-  openssl_mutexes_ = tor_calloc(n, sizeof(tor_mutex_t *));
-  for (i=0; i < n; ++i)
-    openssl_mutexes_[i] = tor_mutex_new();
-  CRYPTO_set_locking_callback(openssl_locking_cb_);
-  CRYPTO_THREADID_set_callback(tor_set_openssl_thread_id);
-#endif /* !defined(NEW_THREAD_API) */
   return 0;
 }
 
@@ -191,24 +145,6 @@ crypto_openssl_free_all(void)
 {
   tor_free(crypto_openssl_version_str);
   tor_free(crypto_openssl_header_version_str);
-
-  /* Destroying a locked mutex is undefined behaviour. This mutex may be
-   * locked, because multiple threads can access it. But we need to destroy
-   * it, otherwise re-initialisation will trigger undefined behaviour.
-   * See #31735 for details. */
-#ifndef NEW_THREAD_API
-  if (n_openssl_mutexes_) {
-    int n = n_openssl_mutexes_;
-    tor_mutex_t **ms = openssl_mutexes_;
-    int i;
-    openssl_mutexes_ = NULL;
-    n_openssl_mutexes_ = 0;
-    for (i=0;i<n;++i) {
-      tor_mutex_free(ms[i]);
-    }
-    tor_free(ms);
-  }
-#endif /* !defined(NEW_THREAD_API) */
 }
 
 /** Perform early (pre-configuration) initialization tasks for OpenSSL. */
@@ -394,19 +330,12 @@ crypto_openssl_late_init(int useAccel, const char *accelName,
 void
 crypto_openssl_thread_cleanup(void)
 {
-#ifndef NEW_THREAD_API
-  ERR_remove_thread_state(NULL);
-#endif
 }
 
 /** Clean up global resources held by openssl. */
 void
 crypto_openssl_global_cleanup(void)
 {
-#ifndef NEW_THREAD_API
-  ERR_remove_thread_state(NULL);
-#endif
-
   CONF_modules_unload(1);
 
   crypto_openssl_free_all();
diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.h b/src/lib/crypt_ops/crypto_openssl_mgt.h
@@ -49,21 +49,6 @@
 #define OPENSSL_V_SERIES(a,b,c) \
   OPENSSL_VER((a),(b),(c),0,0)
 
-#if OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5)
-/* OpenSSL as of 1.1.0pre4 has an "new" thread API, which doesn't require
- * setting up various callbacks.
- *
- * OpenSSL 1.1.0pre4 has a messed up `ERR_remove_thread_state()` prototype,
- * while the previous one was restored in pre5, and the function made a no-op
- * (along with a deprecated annotation, which produces a compiler warning).
- *
- * While it is possible to support all three versions of the thread API,
- * a version that existed only for one snapshot pre-release is kind of
- * pointless, so let's not.
- */
-#define NEW_THREAD_API
-#endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5) && ... */
-
 void crypto_openssl_log_errors(int severity, const char *doing);
 
 /* global openssl state */