Commits on Feb 9, 2021

1. src: add mutex to ManagedEVPPKey class …

   This commit introduces a mutex field on the ManagedEVPPKey class
   intended to be used when multiple threads require access to an OpenSSL
   EVP_PKEY object. The motivation for this came from the work being done
   to upgrade Node.js to OpenSSL 3.0.
   
   OpenSSL objects, like EVP_PKEY, are not thread safe (see refs for
   details). In versions prior to OpenSSL 3.0 this was not noticeable and
   did not cause any issues (like incorrect logic or crashes), but with
   OpenSSL 3.0 this does cause issues if access to an EVP_PKEY instance is
   required from multiple threads without locking.
   
   In OpenSSL 3.0 when the evp_pkey_downgrade function is called, which
   downgrades an EVP_PKEY instance to a legacy version, it will clear all
   the fields of EVP_PKEY struct except the lock (nodejs#13374). But this also
   means that keymgmt and keydata will also be cleared, which other parts
   of the code base depends on, and those calls will either fail to export
   the key (returning null) or crash due to a segment fault.
   
   This same code works with OpenSSL 1.1.1 without locking and I think this
   is because there is no downgrade being done in OpenSSL 1.1.1. But even
   so, as far as I can tell there are no guarantees that these object are
   thread safe in 1.1.1 either and should be protected with a lock.
   
   Refs:
   openssl/openssl#13374
   openssl/openssl#2165)
   https://www.openssl.org/blog/blog/2017/02/21/threads

   

   danbev committed Feb 9, 2021
   Configuration menu

   • View commit details
   • Copy full SHA for c675689
   • Browse repository at this point

   Copy the full SHA

   c675689 View commit details

   Browse the repository at this point in the history