Revival of ERR_free_state_table / alt solution

I'm writing a browser and a library that use OpenSSL for cryptography
support.  I want to best be able to fully cleanup state when my
plugin/library is unloaded, however it seems to me that it's not
possible to clear out all thread-associated error state since I'm not
managing the threads accessing my code.

Example:
  Thread A - loads plugin
  Thread B - access plugin code (note: thread-safe)
       plugin code raises OpenSSL error... cleans out error stack
after reporting
  Thread A - unloads plugin, tries to cleanup OpenSSL

Thread B's actual state is not freed since it is unknown to the plugin
code whether a given thread is "done" accessing code.  In thread A
during shutdown, it only knows about thread A and the need to clean
it's state.

One option would be to keep around a hash-set of threads that have
ever accessed the plugin code, but that's expensive, not to mention a
duplication of what OpenSSL's separate error hashmap does.


Looking at the old messages on the mailing list, there was a patch for
NetWare that introduced: `ERR_free_state_table`... however it was
never included since it was discussed that "proper applications
shouldn't need it".... however that doesn't account for plugins that
do not manage threads aside from locking access to resources...

I have tested the patch re-created for the 1.0.0 OpenSSL tree and it
seems to work perfectly.  Attached is that patch... I know, OpenSSL
1.0.0 is in feature-freeze state... but this should be useful to
others.  Let me know if there's any other requirements if this patch
were to possibly be included in the future (1.0.0a?)

Are there any alternate solutions?  I tried looking at the following
possible options:
 * ERR_get_err_state_table()+ ERR_release_err_state_table()
   .. but that does no freeing, it just decrements reference count...
 * ERR_get_err_state_table + manually killing all ERR_STATE's ... then
destroying table ... but that results in int_thread_hash pointing to
dead memory...
--
Thomas Harning Jr.

Sorry for any duplicates... I was in the process of joining the list
and sending and got out-of-order on some things...

I'm writing a browser and a library that use OpenSSL for cryptography
support.  I want to best be able to fully cleanup state when my
plugin/library is unloaded, however it seems to me that it's not
possible to clear out all thread-associated error state since I'm not
managing the threads accessing my code.

Example:
 Thread A - loads plugin
 Thread B - access plugin code (note: thread-safe)
      plugin code raises OpenSSL error... cleans out error stack
after reporting
 Thread A - unloads plugin, tries to cleanup OpenSSL

Thread B's actual state is not freed since it is unknown to the plugin
code whether a given thread is "done" accessing code.  In thread A
during shutdown, it only knows about thread A and the need to clean
it's state.

One option would be to keep around a hash-set of threads that have
ever accessed the plugin code, but that's expensive, not to mention a
duplication of what OpenSSL's separate error hashmap does.


Looking at the old messages on the mailing list, there was a patch for
NetWare that introduced: `ERR_free_state_table`... however it was
never included since it was discussed that "proper applications
shouldn't need it".... however that doesn't account for plugins that
do not manage threads aside from locking access to resources...

I have tested the patch re-created for the 1.0.0 OpenSSL tree and it
seems to work perfectly.  Attached is that patch... I know, OpenSSL
1.0.0 is in feature-freeze state... but this should be useful to
others.  Let me know if there's any other requirements if this patch
were to possibly be included in the future (1.0.0a?)

Are there any alternate solutions?  I tried looking at the following
possible options:
 * ERR_get_err_state_table()+ ERR_release_err_state_table()
  .. but that does no freeing, it just decrements reference count...
 * ERR_get_err_state_table + manually killing all ERR_STATE's ... then
destroying table ... but that results in int_thread_hash pointing to
dead memory...

--
Thomas Harning Jr.

On Wed, Oct 7, 2009 at 11:05 AM, Thomas Harning Jr.
<thomas.harning@...> wrote:
> I'm writing a browser and a library that use OpenSSL for cryptography
(correction - browser plugin)

Has anyone reviewed this or have any comments to make?  I'd love to
know of a better mechanism than patching OpenSSL each time we need a
build of it (not frequently, but its nice to have an official
solution)


--
Thomas Harning Jr.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@...
Automated List Manager                           majordomo@...

On Oct 7, 2009, at 8:19 AM, Thomas Harning Jr. wrote:
I may be completely clueless here, but since no one else has replied:  
does ERR_remove_thread_state(NULL) (previously ERR_remove_state(0)) do  
what you need? You'd need to call it in thread B, and as a result  
you'd end up creating and destroying the thread state each time you  
get invoked, but...


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@...
Automated List Manager                           majordomo@...