RE: Static global - bug? (Re: Two valgrind warnings in OpenSSL -possible bug???)

Thu, 24 Jan 2008 00:00:26 -0800 

On Mon, 2008-01-21 at 17:34 -0800, David Schwartz wrote:
> > On Sun, 2008-01-20 at 11:59 -0800, David Schwartz wrote:
> 
> > > Most definitely not. At a minimum, the definition of things
> > > like 'errno' and
> > > 'malloc' might be different between a multithreaded build and a
> > > non-multithreaded build. There is no supported way to combine
> > > multithreaded
> > > code and code that was not compiled to be multithreaded.
> 
> > > It may happen to work, but that's a lousy way to make security-sensitive
> > > software.
> 
> > Definitely not true on gcc+glibc
> 
> Umm, definitely true.
> 
> > - there is no difference between
> > multithreaded and non-multithreaded _compilation_ (surely not for errno
> > and malloc).
> 
> Really? So 'errno' refers to a process global in both cases?! (Note that I
> said the "definition", not the implementation.)
Maybe we didn't understand each other - I don't say, that glibc without
multithread support and with it is the same. I say that linking single
threaded library which is simply reentrant but doesn't use any locking
itself to a multithreaded app is 100% safe thing to do. Of course the
glibc itself is a different piece of code - the code of things like
malloc and errno will be definitely different when glibc is compiled
without any support for threads and locking. And I am all the time
talking about dynamic linking to glibc and not static.

So IMO what Paul Sheer is doing - disabling all locking in OpenSSL given
that there won't be any static and/or global variables in the OpenSSL
code called is 100% safe thing if the threads do not share any data
manipulated within the OpenSSL library.

As locking can be pretty expensive in terms of CPU cycles it is
desirable to allow using OpenSSL this way so to remove all static and/or
global variables in its code or at least isolate them and allow using
OpenSSL code without them being touched.
-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to