Remove dependency on apr by using c++11 / c++14 features

[normanmaurer]

Motivation:

We had some limited use of apr left in our tcnative fork which complicated the deployment. This apr usages can be replaced by using c++.

Modification:

Remove the dependency on apr by using c++11 / c++14 features

Result:

No apr dependeny

[normanmaurer]

not 100 % done yet. Will ask for review once I am done

[nmittler]

@normanmaurer looks great! Just a few nits

[nmittler]

remove?

[normanmaurer]

Looking for a good way to call these again. So stay tuned

[nmittler]

remove?

[normanmaurer]

Looking for a good way to call these again. So stay tuned

[nmittler]

Is this needed? Was it previously brought in by another header?

[normanmaurer]

yep was brought it by another header before.

[normanmaurer]

@nmittler @Scottmitch PTAL... it compiles here and on my linux / windows vm. Need to update the g++ version on the ci.

[nmittler]

Looks great! Goodbye APR! :)

[normanmaurer]

@trustin PTAL as well.

[Scottmitch]

should we just have a single method which does both cleanups? the ssl_init_cleanup method is also called in the initialize above, but initialize also calls ssl_thread_setup so it seems like we should cleanup both anyways. It also is awkward to split the cleanup amongst 2 methods in this way.

[normanmaurer]

sure can do

[Scottmitch]

plz fix the alignment for the variable names so they line up with the other variable names like before this change.

[Scottmitch]

consider removing the temp variable.

also consider passing a ** as a parameter so you can always set *atomic = NULL; in these methods.

[Scottmitch]

this comment applies to all the cpp files.

[normanmaurer]

good idea

[Scottmitch]

consider just using calloc instead of OPENSSL_malloc. IIUC OpenSSL is not aware of this variable and therefore we don't need to use OpenSSL allocation.

[Scottmitch]

also make sure you use free instead of OPENSSL_free

[normanmaurer]

sounds good... this way we can also remove the memset

[Scottmitch]

can we fix this now ... just make this function void?

[normanmaurer]

like said before I wanted to do the pr without api breakage to make it easier to consume for now.

[Scottmitch]

Doing a followup PR is fine but the return value is not used in Netty. I don't think this will break anything.

[Scottmitch]

c++11 -> c++14

[normanmaurer]

+1

[Scottmitch]

we have lock_rw, lock_reader, and lock_writer. Consider being consistent/complete with the naming:

• lock_reader_writer, lock_reader, and lock_writer
• lock_rw, lock_r, and lock_w

Also consider making the file name consistent if you go with the more verbose names.

[normanmaurer]

+1

[Scottmitch]

consider declaring and initializing this variable in the same statement.

[Scottmitch]

it doesn't look like this method takes ownership of the memory [1]. We should take more care to free this memory, and if we set it check if there already exists something and free it.

[1] https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/crypto/cryptlib.c#L376

[Scottmitch]

also be sure to use the ssl_dyn_destroy_function (should be accessible via CRYPTO_get_dynlock_destroy_callback) on the result of CRYPTO_get_dynlock_create_callback.

[normanmaurer]

hmm why would this be needed if we not malloc the callbacks before?

[Scottmitch]

can you clarify? previously a apr_palloc was used to allocate the CRYPTO_dynlock_value structure. This PR uses OPENSSL_malloc instead of the apr_palloc method. Either way there is dynamic memory being allocated. I'm not sure where/if it was freed before, but unless you find that OpenSSL is taking ownership in this situation (just setting the variable to NULL) then we need to ensure this dynamic memory is cleaned up before we lose the reference to it.

[Scottmitch]

is the cast necessary? can we just make the type char* in the structure definition if the const is confusing things?

[normanmaurer]

let me see if this works.

[normanmaurer]

Doh brain fart ... you are right let me fix it

…

Am 28.03.2017 um 19:52 schrieb Scott Mitchell ***@***.***>: @Scottmitch commented on this pull request. In openssl-dynamic/src/main/c/ssl.c: > { - UNREFERENCED(data); CRYPTO_set_locking_callback(NULL); CRYPTO_THREADID_set_callback(NULL); CRYPTO_set_dynlock_create_callback(NULL); can you clarify? previously a apr_palloc was used to allocate the CRYPTO_dynlock_value structure. This PR uses OPENSSL_malloc instead of the apr_palloc method. Either way there is dynamic memory being allocated. I'm not sure where/if it was freed before, but unless you find that OpenSSL is taking ownership in this situation (just setting the variable to NULL) then we need to ensure this dynamic memory is cleaned up before we lose the reference to it. — You are receiving this because you were assigned. Reply to this email directly, view it on GitHub, or mute the thread.

[normanmaurer]

Good point. Let me change it

…

Am 28.03.2017 um 19:55 schrieb Scott Mitchell ***@***.***>: @Scottmitch commented on this pull request. In openssl-dynamic/src/main/c/sslcontext.c: > @@ -317,7 +328,10 @@ TCN_IMPLEMENT_CALL(jint, SSLContext, free)(TCN_STDARGS, jlong ctx) UNREFERENCED_STDARGS; TCN_ASSERT(ctx != 0); - return ssl_context_cleanup(c); + ssl_context_cleanup(c); + + // TODO: Fix me Doing a followup PR is fine but the return value is not used in Netty. I don't think this will break anything. — You are receiving this because you were assigned. Reply to this email directly, view it on GitHub, or mute the thread.

[Scottmitch]

#255 (comment)

consider declaring and initializing this variable in the same statement.

[Scottmitch]

#255 (comment)

Can you provide a link as to where the previous callback is freed if we just set the callback to NULL? When I looked at OpenSSL src it seemed like this created a memory leak.

[normanmaurer]

it is not yet, will do today (and it was not freed before in tcnative as well)

[normanmaurer]

Actually I think all is good now. Please ping me once you are awake and we can talk about it in more detail if you have doubts. Maybe I am just missing something but from my look into the source etc its just fine now

[Scottmitch]

I didn't track it all the way down but found that there are links to the callbacks retained in the engines ... so ENGINE_cleanup maybe the place where these callbacks are used to clean stuff up. my concern was we were missing a call which notifies OpenSSL to use these callbacks. @davidben - can you shed some light on this situation?

[Scottmitch]

#255 (comment)

it looks like this can just be void because we throw an exception upon failure anyways.

[Scottmitch]

looks like the method return type was changed in the java header, but not here ... seems like there will be a mismatch

[normanmaurer]

yeah... noe done yet.

[Scottmitch]

can you combine tcn_ssl_unload and ssl_init_cleanup? seems unnecessary to have a function which only calls a single function?

[normanmaurer]

+1

[Scottmitch]

&(c->ticket_keys_new) -> &c->ticket_keys_new ? The parens shouldn't be necessary, right?

[normanmaurer]

right

[Scottmitch]

IIRC in C++ it is ambiguous if you try to use () for the no argument constructor without the new keyword ... new may make the situation unambiguous but consider dropping the () which may be more C++ish.

http://stackoverflow.com/a/2318731

[Scottmitch]

#255 (comment)

why not std::unique_lock?

[Scottmitch]

also consider removing the temp variable so you don't have to worry about auto or types:

return (tcn_lock_w_t) new std::lock_guard<std::shared_timed_mutex>(*((std::shared_timed_mutex*) lock));

[Scottmitch]

consider removing the temp variable so you don't have to worry about auto or types:

return (tcn_lock_r_t) new std::shared_lock<std::shared_timed_mutex>(*((std::shared_timed_mutex*) lock));

[Scottmitch]

you may want to be sure you include the cpp headers if you are in cpp, and the c headers if you are in c. They may define types differently or have different behaviors.

#ifdef __cplusplus
#include <cstddef>
extern "C" {
#else
#include <stddef.h>
#endif // __cplusplus

[Scottmitch]

you may want to be sure you include the cpp headers if you are in cpp, and the c headers if you are in c. They may define types differently or have different behaviors.

#ifdef __cplusplus
#include <cstdint>
extern "C" {
#else
#include <stdint.h>
#endif // __cplusplus

[Scottmitch]

some small cleanup ... and just the memory management question left then lgtm.

[Scottmitch]

#255 (comment)

consider declaring and initializing this variable in the same statement.

struct CRYPTO_dynlock_value* value = (struct CRYPTO_dynlock_value*) malloc(sizeof(struct CRYPTO_dynlock_value));

[Scottmitch]

lets hold off on this change and just rebase when #258 is merged

[normanmaurer]

+1

[Scottmitch]

I didn't track it all the way down but found that there are links to the callbacks retained in the engines ... so ENGINE_cleanup maybe the place where these callbacks are used to clean stuff up. my concern was we were missing a call which notifies OpenSSL to use these callbacks. @davidben - can you shed some light on this situation?

[Scottmitch]

&(c->ticket_keys_lock) -> &c->ticket_keys_lock

[Scottmitch]

kill the extra new line

[trustin]

Way to go!

[trustin]

How about appending the version number and the minimum required version number?

[trustin]

Perhaps should we static-link libgcc and libstdc++? -static-libgcc -static-libstdc++
Also, we may eventually want to link against musl or uClibc instead of GLIBC so our binary works on more distros. http://stackoverflow.com/a/26306630

[normanmaurer]

I think we not want to do any static linking in our dynamic build. Not sure about the "-static" ones tho. @Scottmitch @nmittler WDYT ?

[trustin]

I'm not sure if the situation has changed, but I had an impression that libstdc++ has worse backward ABI compatibility historically. Maybe I'm completely wrong, though.

[Scottmitch]

Lets handle this as a followup PR if it becomes an issue or is known to improve things.

[Scottmitch]

few more comments then lgtm

[Scottmitch]

just use bool?

[Scottmitch]

(not introduce by this PR, but while we are here) r is an integer type ... lets use it like an integer: r != 0

[Scottmitch]

nit: kill line

[Scottmitch]

nit: kill line

[Scottmitch]

@normanmaurer - are you planning on pulling this in?

[normanmaurer]

Yes just wanted to do a few more tests

…

Am 07.05.2017 um 00:31 schrieb Scott Mitchell ***@***.***>: @normanmaurer - are you planning on pulling this in? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

[normanmaurer]

@Scottmitch PTAL again.. rebased on latest master and should are ready to get pulled in.

[normanmaurer]

After @Scottmitch mentioned to me that centos 6 glibc may not support c++14 I checked in more detail and found out it even not support c++11 . So I guess we will need to life with apr ...

@Scottmitch WDYT ?

[Scottmitch]

do we need to consider concurrency/visibility for ssl_initialized? can we just remove ssl_initialized and consider it a programing error if initialized is called multiple times (can this happen in Netty)?

[Scottmitch]

is this correct? ticket_keys is of type tcn_ssl_ticket_key_t but this is assigning it to a new atomic uint32 of type void*, right?

[Scottmitch]

Was the intention that this should be ticket_keys_new and ticket_keys should be initialized in some other way? It is freed above using OPENSSL_free.

[Scottmitch]

@normanmaurer - I would like to still remove APR ... we should investigate building a glibc shared library, either publish these instructions or the library, and have folks on older distributions depend upon this instead of apr. Newer distributions which have glibc that support c++14 (eventually every one over time) will require not additional dependency. The statically compiled artifacts may be a bit more tricky due to licensing of glibc.

[kvc-code]

How does this affect the ability to build against musl C library on Alpine? At present we at least have the ability to build for ourselves on Alpine but sounds like this change may lock that out as well.

[normanmaurer]

Let me close this for now