Re: [openssl.org #373] Fw: is SSL_CTX_new() thread safe (on win32) ?

Thu, 12 Dec 2002 14:37:00 -0800 

I can see that happening.  Would the following patch help?

Index: ssl/ssl_ciph.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/ssl_ciph.c,v
retrieving revision 1.33.2.3
diff -u -u -r1.33.2.3 ssl_ciph.c
--- ssl/ssl_ciph.c      19 Jul 2002 19:53:02 -0000      1.33.2.3
+++ ssl/ssl_ciph.c      12 Dec 2002 22:32:30 -0000
@@ -751,7 +751,9 @@
         */
        if (rule_str == NULL) return(NULL);
 
+       CRYPTO_w_lock(CRYPTO_LOCK_SSL);
        if (init_ciphers) load_ciphers();
+       CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
 
        /*
         * To reduce the work to do we only want to process the compiled


In message <[EMAIL PROTECTED]> on Mon,  2 Dec 2002 09:09:25 
+0100 (MET), "Louis Solomon [SteelBytes] via RT" <[EMAIL PROTECTED]> said:

rt> > ok,
rt> > here's the cause I think ...
rt> >
rt> > SSL_CTX_new(...)
rt> > {
rt> >     ...
rt> >     ssl_create_cipher_list(...)
rt> >     ...
rt> > }
rt> >
rt> > static int init_ciphers=1;
rt> >
rt> > ssl_create_cipher_list(...)
rt> > {
rt> >     ...
rt> >     if (init_ciphers) load_ciphers();
rt> >     ...
rt> >     ssl_cipher_get_disabled()
rt> >     ...
rt> > }
rt> >
rt> > load_ciphers()
rt> > {
rt> >     init_ciphers  = 0;
rt> >     ... // mark_1
rt> >     init ssl_cipher_methods[]
rt> >     ...
rt> > }
rt> >
rt> > ssl_cipher_get_disabled()
rt> > {
rt> >     ...
rt> >     use ssl_cipher_methods[]  // mark_2
rt> >     ...
rt> > }
rt> >
rt> > consider this:
rt> >     thread_1 calls SSL_CTX_new() and reaches mark_1
rt> >     a context switch happens (thread_1 stalls, and thread_2 becomes
rt> active)
rt> >     thread_2 calls SSL_CTX_new() and reaches mark_2
rt> >
rt> > thread_2 will be trying to read from ssl_cipher_methods which is
rt> > uninitialised !!
rt> >
rt> > any one care to fix the 0.9.7 beta ? (or 0.9.6g)
rt> >
rt> > Louis Solomon
rt> > www.SteelBytes.com

-- 
Richard Levitte   \ Spannv�gen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
                    \      SWEDEN       \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis                -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to