commit d811ce2421dcf1684db7e34f2b5998d9f360d5fb Author: Nick Mathewson nickm@torproject.org Date: Wed Jul 11 15:36:54 2018 -0400
Add postfork support for nss
We need this in our unit tests, since otherwise NSS will notice we've forked and start cussing us out.
I suspect we'll need a different hack for daemonizing, but this should be enough for tinytest to work. --- src/ext/tinytest.c | 8 ++++++++ src/lib/crypt_ops/crypto_init.c | 10 ++++++++++ src/lib/crypt_ops/crypto_init.h | 1 + src/lib/crypt_ops/crypto_nss_mgt.c | 7 +++++++ src/lib/crypt_ops/crypto_nss_mgt.h | 2 ++ src/test/testing_common.c | 7 +++++++ 6 files changed, 35 insertions(+)
diff --git a/src/ext/tinytest.c b/src/ext/tinytest.c index 3fb1b39c7..8b2c71beb 100644 --- a/src/ext/tinytest.c +++ b/src/ext/tinytest.c @@ -25,6 +25,7 @@ #ifdef TINYTEST_LOCAL #include "tinytest_local.h" #endif +#define TINYTEST_POSTFORK
#include <stdio.h> #include <stdlib.h> @@ -118,6 +119,12 @@ testcase_run_bare_(const struct testcase_t *testcase)
#ifndef NO_FORKING
+#ifdef TINYTEST_POSTFORK +void tinytest_postfork(void); +#else +static void tinytest_postfork(void) { } +#endif + static enum outcome testcase_run_forked_(const struct testgroup_t *group, const struct testcase_t *testcase) @@ -187,6 +194,7 @@ testcase_run_forked_(const struct testgroup_t *group, int test_r, write_r; char b[1]; close(outcome_pipe[0]); + tinytest_postfork(); test_r = testcase_run_bare_(testcase); assert(0<=(int)test_r && (int)test_r<=2); b[0] = "NYS"[test_r]; diff --git a/src/lib/crypt_ops/crypto_init.c b/src/lib/crypt_ops/crypto_init.c index 7f5a63219..b651474cf 100644 --- a/src/lib/crypt_ops/crypto_init.c +++ b/src/lib/crypt_ops/crypto_init.c @@ -127,3 +127,13 @@ crypto_global_cleanup(void)
return 0; } + +/** Run operations that the crypto library requires to be happy again + * after forking. */ +void +crypto_postfork(void) +{ +#ifdef ENABLE_NSS + crypto_nss_postfork(); +#endif +} diff --git a/src/lib/crypt_ops/crypto_init.h b/src/lib/crypt_ops/crypto_init.h index e450e2d89..3e32456b5 100644 --- a/src/lib/crypt_ops/crypto_init.h +++ b/src/lib/crypt_ops/crypto_init.h @@ -24,5 +24,6 @@ int crypto_global_init(int hardwareAccel,
void crypto_thread_cleanup(void); int crypto_global_cleanup(void); +void crypto_postfork(void);
#endif /* !defined(TOR_CRYPTO_H) */ diff --git a/src/lib/crypt_ops/crypto_nss_mgt.c b/src/lib/crypt_ops/crypto_nss_mgt.c index 84d9f027a..6bcaeabd5 100644 --- a/src/lib/crypt_ops/crypto_nss_mgt.c +++ b/src/lib/crypt_ops/crypto_nss_mgt.c @@ -93,3 +93,10 @@ crypto_nss_global_cleanup(void) { NSS_Shutdown(); } + +void +crypto_nss_postfork(void) +{ + crypto_nss_global_cleanup(); + crypto_nss_early_init(); +} diff --git a/src/lib/crypt_ops/crypto_nss_mgt.h b/src/lib/crypt_ops/crypto_nss_mgt.h index 0e899bad0..c4c94f4d8 100644 --- a/src/lib/crypt_ops/crypto_nss_mgt.h +++ b/src/lib/crypt_ops/crypto_nss_mgt.h @@ -26,6 +26,8 @@ void crypto_nss_early_init(void); int crypto_nss_late_init(void);
void crypto_nss_global_cleanup(void); + +void crypto_nss_postfork(void); #endif
#endif /* !defined(TOR_CRYPTO_NSS_H) */ diff --git a/src/test/testing_common.c b/src/test/testing_common.c index 32d7bf7f0..1611a54b6 100644 --- a/src/test/testing_common.c +++ b/src/test/testing_common.c @@ -223,6 +223,13 @@ an_assertion_failed(void) tinytest_set_test_failed_(); }
+void tinytest_postfork(void); +void +tinytest_postfork(void) +{ + crypto_postfork(); +} + /** Main entry point for unit test code: parse the command line, and run * some unit tests. */ int