[22024] Improve `OpenSSL` lifecycle handling #5384

Mario-DL · 2024-11-05T16:32:13Z

Description

This PR fixes a crash in OpenSSL provoked when the atexit callback from openssl is triggered upon process destruction, making it to trigger a SIGSEV on an already released OpenSSL resource.

In addition, OpenSSL is now a Meyers singleton attached to RTPSDomainImpl.

In accordance with the best practices using OpenSSL and its documentation:

Initialization is done through OpenSSL_init_crypto (available in all versions along with the OPENSSL_INIT_NO_ATEXIT option) that makes atexit not being registered.
If atexit is not registered, user has to explicitly call OpenSSL_cleanup() (also, supported across versions).

@Mergifyio backport 3.1.x 3.0.x 2.14.x 2.10.x

Contributor Checklist

Commit messages follow the project guidelines.
The code follows the style guidelines of this project.
Tests that thoroughly check the new feature have been added/Regression tests checking the bug and its fix have been added; the added tests pass locally
Any new/modified methods have been properly documented using Doxygen.
Any new configuration API has an equivalent XML API (with the corresponding XSD extension)
Changes are backport compatible: they do NOT break ABI nor change library core behavior.
Changes are API compatible.
N/A New feature has been added to the versions.md file (if applicable).
N/A New feature has been documented/Current behavior is correctly described in the documentation.
Applicable backports have been included in the description.

Reviewer Checklist

The PR has a milestone assigned.
The title and description correctly express the PR's purpose.
Check contributor checklist is correct.
If this is a critical bug fix, backports to the critical-only supported branches have been requested.
Check CI results: changes do not issue any warning.
Check CI results: failing tests are unrelated with the changes.

MiguelCompany

Changes look good to me, but this will not build if openssl is not in the system

Mario-DL · 2024-11-08T07:50:05Z

Follow up of this PR will be in task 22090

Signed-off-by: Mario Dominguez <[email protected]>

…with OpenSSL initialization and destruction. Signed-off-by: Mario Dominguez <[email protected]>

… present Signed-off-by: Mario Dominguez <[email protected]>

MiguelCompany

LGTM with green CI

MiguelCompany · 2024-11-14T15:20:26Z

@Mergifyio backport 3.1.x 3.0.x

mergify · 2024-11-14T15:20:37Z

backport 3.1.x 3.0.x

✅ Backports have been created

#5403 [22024] Improve OpenSSL lifecycle handling (backport #5384) has been created for branch 3.1.x
#5404 [22024] Improve OpenSSL lifecycle handling (backport #5384) has been created for branch 3.0.x

* Refs #22024: Add BB test Signed-off-by: Mario Dominguez <[email protected]> * Refs #22024: Make OpenSSLInit Mayers singleton Signed-off-by: Mario Dominguez <[email protected]> * Refs #22024: Fix: Do not register atexit in OPenSSL. Instead, Comply with OpenSSL initialization and destruction. Signed-off-by: Mario Dominguez <[email protected]> * Refs #22024: Do not reference OpenSSLInit if security features are no present Signed-off-by: Mario Dominguez <[email protected]> --------- Signed-off-by: Mario Dominguez <[email protected]> (cherry picked from commit 44310c4)

MiguelCompany · 2024-11-14T15:25:50Z

@Mergifyio backport mergify/bp/2.14.x/pr-5386 mergify/bp/2.10.x/pr-5386

mergify · 2024-11-14T15:26:12Z

backport mergify/bp/2.14.x/pr-5386 mergify/bp/2.10.x/pr-5386

✅ Backports have been created

#5405 [22024] Improve OpenSSL lifecycle handling (backport #5384) has been created for branch mergify/bp/2.14.x/pr-5386 but encountered conflicts
#5406 [22024] Improve OpenSSL lifecycle handling (backport #5384) has been created for branch mergify/bp/2.10.x/pr-5386 but encountered conflicts

* Refs #22024: Add BB test Signed-off-by: Mario Dominguez <[email protected]> * Refs #22024: Make OpenSSLInit Mayers singleton Signed-off-by: Mario Dominguez <[email protected]> * Refs #22024: Fix: Do not register atexit in OPenSSL. Instead, Comply with OpenSSL initialization and destruction. Signed-off-by: Mario Dominguez <[email protected]> * Refs #22024: Do not reference OpenSSLInit if security features are no present Signed-off-by: Mario Dominguez <[email protected]> --------- Signed-off-by: Mario Dominguez <[email protected]> (cherry picked from commit 44310c4) # Conflicts: # src/cpp/rtps/RTPSDomainImpl.hpp

Mario-DL added this to the v3.2.0 milestone Nov 5, 2024

Mario-DL force-pushed the feature/22024 branch from f15d463 to 83a748f Compare November 5, 2024 16:33

Mario-DL requested review from richiprosima and removed request for richiprosima November 5, 2024 16:35

github-actions bot added the ci-pending PR which CI is running label Nov 5, 2024

MiguelCompany requested changes Nov 7, 2024

View reviewed changes

Mario-DL force-pushed the feature/22024 branch from 7e26b83 to 8889271 Compare November 8, 2024 07:42

Mario-DL requested a review from MiguelCompany November 8, 2024 08:00

MiguelCompany previously approved these changes Nov 8, 2024

View reviewed changes

Mario-DL added 4 commits November 12, 2024 08:14

Refs #22024: Add BB test

88cb667

Signed-off-by: Mario Dominguez <[email protected]>

Refs #22024: Make OpenSSLInit Mayers singleton

705ddee

Signed-off-by: Mario Dominguez <[email protected]>

Refs #22024: Fix: Do not register atexit in OPenSSL. Instead, Comply …

7804d79

…with OpenSSL initialization and destruction. Signed-off-by: Mario Dominguez <[email protected]>

Refs #22024: Do not reference OpenSSLInit if security features are no…

705b6b6

… present Signed-off-by: Mario Dominguez <[email protected]>

Mario-DL dismissed MiguelCompany’s stale review via 705b6b6 November 12, 2024 07:15

Mario-DL force-pushed the feature/22024 branch from 8889271 to 705b6b6 Compare November 12, 2024 07:15

Mario-DL requested a review from MiguelCompany November 12, 2024 07:15

MiguelCompany approved these changes Nov 12, 2024

View reviewed changes

MiguelCompany merged commit 44310c4 into master Nov 14, 2024
15 of 17 checks passed

MiguelCompany deleted the feature/22024 branch November 14, 2024 10:03

mergify bot mentioned this pull request Nov 14, 2024

[22024] Improve OpenSSL lifecycle handling (backport #5384) #5403

Open

14 tasks

mergify bot mentioned this pull request Nov 14, 2024

[22024] Improve OpenSSL lifecycle handling (backport #5384) #5404

Open

14 tasks

This was referenced Nov 14, 2024

[22024] Improve OpenSSL lifecycle handling (backport #5384) #5405

Open

[22024] Improve OpenSSL lifecycle handling (backport #5384) #5406

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[22024] Improve `OpenSSL` lifecycle handling #5384

[22024] Improve `OpenSSL` lifecycle handling #5384

Mario-DL commented Nov 5, 2024 •

edited by MiguelCompany

Loading

MiguelCompany left a comment

Mario-DL commented Nov 8, 2024

MiguelCompany left a comment

MiguelCompany commented Nov 14, 2024

mergify bot commented Nov 14, 2024 •

edited

Loading

MiguelCompany commented Nov 14, 2024

mergify bot commented Nov 14, 2024 •

edited

Loading

[22024] Improve OpenSSL lifecycle handling #5384

[22024] Improve OpenSSL lifecycle handling #5384

Conversation

Mario-DL commented Nov 5, 2024 • edited by MiguelCompany Loading

Description

Contributor Checklist

Reviewer Checklist

MiguelCompany left a comment

Choose a reason for hiding this comment

Mario-DL commented Nov 8, 2024

MiguelCompany left a comment

Choose a reason for hiding this comment

MiguelCompany commented Nov 14, 2024

mergify bot commented Nov 14, 2024 • edited Loading

✅ Backports have been created

MiguelCompany commented Nov 14, 2024

mergify bot commented Nov 14, 2024 • edited Loading

✅ Backports have been created

[22024] Improve `OpenSSL` lifecycle handling #5384

[22024] Improve `OpenSSL` lifecycle handling #5384

Mario-DL commented Nov 5, 2024 •

edited by MiguelCompany

Loading

mergify bot commented Nov 14, 2024 •

edited

Loading

mergify bot commented Nov 14, 2024 •

edited

Loading