[tor-commits] [tor/master] Add postfork support for nss
nickm at torproject.org
nickm at torproject.org
Wed Sep 5 00:47:13 UTC 2018
commit d811ce2421dcf1684db7e34f2b5998d9f360d5fb
Author: Nick Mathewson <nickm at torproject.org>
Date: Wed Jul 11 15:36:54 2018 -0400
Add postfork support for nss
We need this in our unit tests, since otherwise NSS will notice
we've forked and start cussing us out.
I suspect we'll need a different hack for daemonizing, but this
should be enough for tinytest to work.
---
src/ext/tinytest.c | 8 ++++++++
src/lib/crypt_ops/crypto_init.c | 10 ++++++++++
src/lib/crypt_ops/crypto_init.h | 1 +
src/lib/crypt_ops/crypto_nss_mgt.c | 7 +++++++
src/lib/crypt_ops/crypto_nss_mgt.h | 2 ++
src/test/testing_common.c | 7 +++++++
6 files changed, 35 insertions(+)
diff --git a/src/ext/tinytest.c b/src/ext/tinytest.c
index 3fb1b39c7..8b2c71beb 100644
--- a/src/ext/tinytest.c
+++ b/src/ext/tinytest.c
@@ -25,6 +25,7 @@
#ifdef TINYTEST_LOCAL
#include "tinytest_local.h"
#endif
+#define TINYTEST_POSTFORK
#include <stdio.h>
#include <stdlib.h>
@@ -118,6 +119,12 @@ testcase_run_bare_(const struct testcase_t *testcase)
#ifndef NO_FORKING
+#ifdef TINYTEST_POSTFORK
+void tinytest_postfork(void);
+#else
+static void tinytest_postfork(void) { }
+#endif
+
static enum outcome
testcase_run_forked_(const struct testgroup_t *group,
const struct testcase_t *testcase)
@@ -187,6 +194,7 @@ testcase_run_forked_(const struct testgroup_t *group,
int test_r, write_r;
char b[1];
close(outcome_pipe[0]);
+ tinytest_postfork();
test_r = testcase_run_bare_(testcase);
assert(0<=(int)test_r && (int)test_r<=2);
b[0] = "NYS"[test_r];
diff --git a/src/lib/crypt_ops/crypto_init.c b/src/lib/crypt_ops/crypto_init.c
index 7f5a63219..b651474cf 100644
--- a/src/lib/crypt_ops/crypto_init.c
+++ b/src/lib/crypt_ops/crypto_init.c
@@ -127,3 +127,13 @@ crypto_global_cleanup(void)
return 0;
}
+
+/** Run operations that the crypto library requires to be happy again
+ * after forking. */
+void
+crypto_postfork(void)
+{
+#ifdef ENABLE_NSS
+ crypto_nss_postfork();
+#endif
+}
diff --git a/src/lib/crypt_ops/crypto_init.h b/src/lib/crypt_ops/crypto_init.h
index e450e2d89..3e32456b5 100644
--- a/src/lib/crypt_ops/crypto_init.h
+++ b/src/lib/crypt_ops/crypto_init.h
@@ -24,5 +24,6 @@ int crypto_global_init(int hardwareAccel,
void crypto_thread_cleanup(void);
int crypto_global_cleanup(void);
+void crypto_postfork(void);
#endif /* !defined(TOR_CRYPTO_H) */
diff --git a/src/lib/crypt_ops/crypto_nss_mgt.c b/src/lib/crypt_ops/crypto_nss_mgt.c
index 84d9f027a..6bcaeabd5 100644
--- a/src/lib/crypt_ops/crypto_nss_mgt.c
+++ b/src/lib/crypt_ops/crypto_nss_mgt.c
@@ -93,3 +93,10 @@ crypto_nss_global_cleanup(void)
{
NSS_Shutdown();
}
+
+void
+crypto_nss_postfork(void)
+{
+ crypto_nss_global_cleanup();
+ crypto_nss_early_init();
+}
diff --git a/src/lib/crypt_ops/crypto_nss_mgt.h b/src/lib/crypt_ops/crypto_nss_mgt.h
index 0e899bad0..c4c94f4d8 100644
--- a/src/lib/crypt_ops/crypto_nss_mgt.h
+++ b/src/lib/crypt_ops/crypto_nss_mgt.h
@@ -26,6 +26,8 @@ void crypto_nss_early_init(void);
int crypto_nss_late_init(void);
void crypto_nss_global_cleanup(void);
+
+void crypto_nss_postfork(void);
#endif
#endif /* !defined(TOR_CRYPTO_NSS_H) */
diff --git a/src/test/testing_common.c b/src/test/testing_common.c
index 32d7bf7f0..1611a54b6 100644
--- a/src/test/testing_common.c
+++ b/src/test/testing_common.c
@@ -223,6 +223,13 @@ an_assertion_failed(void)
tinytest_set_test_failed_();
}
+void tinytest_postfork(void);
+void
+tinytest_postfork(void)
+{
+ crypto_postfork();
+}
+
/** Main entry point for unit test code: parse the command line, and run
* some unit tests. */
int
More information about the tor-commits
mailing list