Re: Bug in CRYPTO_get_new_dynlockid()

Mon, 09 Dec 2002 03:19:57 -0800 

At 01:28 AM 12/7/02 +0100, Richard Levitte - VMS Whacker wrote:
>In message <[EMAIL PROTECTED]> on Fri, 06
Dec 2002 16:51:37 +0000, Bertie <[EMAIL PROTECTED]> said:
>
>bertie> There is a bug in CRYPTO_get_new_dynlockid(), since the first
>bertie> time it gets called it returns -2 (not -1 as I expected) and
>bertie> when you call CRYPTO_lock (mode, -2, , ) it silently returns
>bertie> without actually locking anything because
>bertie> CRYPTO_get_dynlock_value(-2) returns NULL.
>
>Ah, looks like I misunderstood the value returned by sk_*_push() back
>when I wrote those routines.  Also, it seems like I didn't have the
>pointer filled into the slot in the stack when I found an empty slot.
>
>I'm adding a patch.  Care to try it?

The patch fixed the CRYPTO_get_new_dynlockid() bug. Maybe CRYPTO_lock could
also be made safer when called with an invalid lockid, do you think it
should assert rather silently do nothing ? 

My mod_ssl callback implementation was also broken because I was using a
global apr_pool_t variable to pass in to apr_thread_mutex_create() in my
dyn_create_callback function. This doesn't work in a multi-process,
multi-threaded environment.
It would be good for CRYPTO_set_dynlock_create_callback() to take an app
defined structure which gets returned to the caller in 
ssl_util_dyn_create_function(). So something like:

struct CRYPTO_dynlock_value *dyn_create_function(struct
CRYPTO_dynlock_context *context, const char *file, int line)
void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_context
*context, 
        struct CRYPTO_dynlock_value *(*dyn_create_function)(struct
CRYPTO_dynlock_context *context,const char *file, int line))

Then for the mod_ssl implementation, struct CRYPTO_dynlock_context would be
defined to contain the apr_pool_t variable passed in to mod_ssl in
ssl_util_thread_setup(apr_pool_t *p). 

At the moment I have mod_ssl working in worker MPM with openssl-0.9.7-beta4
and the patch in your mail, but with mod_ssl only creating one global lock
for all the dynamic locks requested by OpenSSL.

BTW: You never replied to the mail with subject "Requiring multithreaded
apps to provide dynamic locking upcalls" was this because you agreed with
it :-)

Bertie

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to