On Thursday 02. April 2009 10:27:30 Marc Haisenko wrote: > > This should work. I'm wondering if I understood what you meant by "The > > problem is that locking is not done if the IDs are same." ... If the IDs > > are the same, that means you're in the same thread, period!! If that's > > not the case, then the problem is that your thread-id callback isn't set > > up correctly. For threading support to work correctly, you need to > > provide hooks in order to make openssl compatible with your thread model > > (pthreads or otherwise). For 0.9.8, the APIs include; > > > > void CRYPTO_set_locking_callback(void (*func)(int mode,int type, > > const char *file,int line)); > > void CRYPTO_set_id_callback(unsigned long (*func)(void)); > > I know that the id_callback by default uses "getpid" which is correct in > OpenSER's case... but you may be correct, OpenSER is not setting the > locking callback and that by defaults means no locking is done. > > /me bangs head against table > > I'll try to set that up and run it through our load test.
Just a little load thinking... my patch *seems* to fix the blinding issue. All the patch does is to make sure that once the thread/process id's are different locking is *always* done and rsa->mt_blinding is always used. But since locking seems to be a NOP in our case this may not fix our problem. Yet it seems to as we have no more Bad Record MACs since I have introduced the patch. I don't get why... Anyway, I'll do the locking implementation in OpenSER and report back in a few days. -- Marc Haisenko Team Leader and Senior Developer Comdasys AG Rüdesheimer Str. 7 80686 München Germany Tel.: +49 (0)89 548 433 321 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
