At 01:28 AM 12/7/02 +0100, Richard Levitte - VMS Whacker wrote: >In message <[EMAIL PROTECTED]> on Fri, 06 Dec 2002 16:51:37 +0000, Bertie <[EMAIL PROTECTED]> said: > >bertie> There is a bug in CRYPTO_get_new_dynlockid(), since the first >bertie> time it gets called it returns -2 (not -1 as I expected) and >bertie> when you call CRYPTO_lock (mode, -2, , ) it silently returns >bertie> without actually locking anything because >bertie> CRYPTO_get_dynlock_value(-2) returns NULL. > >Ah, looks like I misunderstood the value returned by sk_*_push() back >when I wrote those routines. Also, it seems like I didn't have the >pointer filled into the slot in the stack when I found an empty slot. > >I'm adding a patch. Care to try it?
The patch fixed the CRYPTO_get_new_dynlockid() bug. Maybe CRYPTO_lock could also be made safer when called with an invalid lockid, do you think it should assert rather silently do nothing ? My mod_ssl callback implementation was also broken because I was using a global apr_pool_t variable to pass in to apr_thread_mutex_create() in my dyn_create_callback function. This doesn't work in a multi-process, multi-threaded environment. It would be good for CRYPTO_set_dynlock_create_callback() to take an app defined structure which gets returned to the caller in ssl_util_dyn_create_function(). So something like: struct CRYPTO_dynlock_value *dyn_create_function(struct CRYPTO_dynlock_context *context, const char *file, int line) void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_context *context, struct CRYPTO_dynlock_value *(*dyn_create_function)(struct CRYPTO_dynlock_context *context,const char *file, int line)) Then for the mod_ssl implementation, struct CRYPTO_dynlock_context would be defined to contain the apr_pool_t variable passed in to mod_ssl in ssl_util_thread_setup(apr_pool_t *p). At the moment I have mod_ssl working in worker MPM with openssl-0.9.7-beta4 and the patch in your mail, but with mod_ssl only creating one global lock for all the dynamic locks requested by OpenSSL. BTW: You never replied to the mail with subject "Requiring multithreaded apps to provide dynamic locking upcalls" was this because you agreed with it :-) Bertie ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]