Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[22024] Improve OpenSSL lifecycle handling (backport #5384) #5404

Open
wants to merge 1 commit into
base: 3.0.x
Choose a base branch
from

Conversation

mergify[bot]
Copy link
Contributor

@mergify mergify bot commented Nov 14, 2024

Description

This PR fixes a crash in OpenSSL provoked when the atexit callback from openssl is triggered upon process destruction, making it to trigger a SIGSEV on an already released OpenSSL resource.

In addition, OpenSSL is now a Meyers singleton attached to RTPSDomainImpl.

In accordance with the best practices using OpenSSL and its documentation:

  • Initialization is done through OpenSSL_init_crypto (available in all versions along with the OPENSSL_INIT_NO_ATEXIT option) that makes atexit not being registered.
  • If atexit is not registered, user has to explicitly call OpenSSL_cleanup() (also, supported across versions).

@Mergifyio backport 3.1.x 3.0.x 2.14.x 2.10.x

Contributor Checklist

  • Commit messages follow the project guidelines.

  • The code follows the style guidelines of this project.

  • Tests that thoroughly check the new feature have been added/Regression tests checking the bug and its fix have been added; the added tests pass locally

  • Any new/modified methods have been properly documented using Doxygen.

  • Any new configuration API has an equivalent XML API (with the corresponding XSD extension)

  • Changes are backport compatible: they do NOT break ABI nor change library core behavior.

  • Changes are API compatible.

  • N/A New feature has been added to the versions.md file (if applicable).

  • N/A New feature has been documented/Current behavior is correctly described in the documentation.

  • Applicable backports have been included in the description.

Reviewer Checklist

  • The PR has a milestone assigned.
  • The title and description correctly express the PR's purpose.
  • Check contributor checklist is correct.
  • If this is a critical bug fix, backports to the critical-only supported branches have been requested.
  • Check CI results: changes do not issue any warning.
  • Check CI results: failing tests are unrelated with the changes.

This is an automatic backport of pull request #5384 done by [Mergify](https://mergify.com).

* Refs #22024: Add BB test

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #22024: Make OpenSSLInit Mayers singleton

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #22024: Fix: Do not register atexit in OPenSSL. Instead, Comply with OpenSSL initialization and destruction.

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

* Refs #22024: Do not reference OpenSSLInit if security features are no present

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>

---------

Signed-off-by: Mario Dominguez <mariodominguez@eprosima.com>
(cherry picked from commit 44310c4)
@mergify mergify bot mentioned this pull request Nov 14, 2024
14 tasks
@MiguelCompany MiguelCompany added this to the v3.0.2 milestone Nov 14, 2024
@github-actions github-actions bot added the ci-pending PR which CI is running label Nov 14, 2024
@Mario-DL
Copy link
Member

@Mario-DL
Copy link
Member

Mario-DL commented Nov 19, 2024

I think that we would need to upgrade asio submodule to 1.31 in order to avoid the asio ssl windows compilation warning. Same for the 2.14.x and 2.10.x backports. (IDK if that would be possible)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
ci-pending PR which CI is running
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants