Report is relevant for 0.9.8n, 1.0.0 appears to have similar problems
but hasn't been tested.
In crypto/objects/o_names.c the following globals are used without locking:
names_lh
names_type_num
name_funcs_stack
similarily in crypto/evp/evp_pbe.c
pbe_algs
The result of this is that API calls such as
OpenSSL_add_all_algorithms()
are not MT-safe even when locking callbacks have been set.
Here's how to reproduce on OpenSolaris:
# cat /tmp/mt.c
#include <pthread.h>
#include <openssl/evp.h>
#define _REENTRANT
#define NUM_THREADS 4
static pthread_rwlock_t *lock_cs;
unsigned long CRYPTO_pthreads_thread_id(void)
{
return (pthread_self());
}
void CRYPTO_thread_cleanup(void)
{
int i;
CRYPTO_set_locking_callback(NULL);
for (i=0; i<CRYPTO_num_locks(); i++)
{
pthread_rwlock_destroy(&(lock_cs[i]));
}
OPENSSL_free(lock_cs);
}
void CRYPTO_pthreads_locking_callback(int mode, int type, char *file,
int line)
{
if (mode & CRYPTO_LOCK)
{
if (type & CRYPTO_READ)
pthread_rwlock_rdlock(&(lock_cs[type]));
else
pthread_rwlock_wrlock(&(lock_cs[type]));
}
else
pthread_rwlock_unlock(&(lock_cs[type]));
}
void CRYPTO_thread_setup(void)
{
int i;
int ret;
lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_rwlock_t));
if (lock_cs == NULL)
{
fprintf(stderr, "Failed to allocate memory for locks\n");
exit(EXIT_FAILURE);
}
for (i=0; i<CRYPTO_num_locks(); i++)
{
ret = pthread_rwlock_init(&(lock_cs[i]), NULL);
if (ret != 0)
{
fprintf(stderr, "Failed to initialize mutex (%d)\n",
ret);
exit(EXIT_FAILURE);
}
}
CRYPTO_set_id_callback((unsigned long (*)())CRYPTO_pthreads_thread_id);
CRYPTO_set_locking_callback((void
(*)())CRYPTO_pthreads_locking_callback);
}
void foo() {
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
}
int main() {
int i;
pthread_t tid[NUM_THREADS];
CRYPTO_thread_setup();
for (i = 0; i < NUM_THREADS; i++)
pthread_create(&tid[i], NULL, (void *(*)(void *))foo,
NULL);
for (i = 0; i < NUM_THREADS; i++)
pthread_join(tid[i], NULL);
CRYPTO_thread_cleanup();
return(0);
}
# gcc /tmp/mt.c -lcrypto -lpthread -o /tmp/mt
# LD_PRELOAD=libumem.so.1 UMEM_DEBUG=default /tmp/mt
zsh: IOT instruction (core dumped) LD_PRELOAD=libumem.so.1
UMEM_DEBUG=default /tmp/mt
# pstack /var/cores/mt*
core '/var/cores/mt.19846.core' of 19846: /tmp/mt
----------------- lwp# 1 / thread# 1 --------------------
fed50d05 __lwp_wait (2, 8047c9c, 80507a7, fed47b07) + 15
fed47b5c _thrp_join (2, 0, 0, 1) + 63
fed47cf6 pthread_join (2, 0, 8051425, 0) + 2e
080514a8 main (1, 8047d50, 8047d58, 80510c6, 8051510, 0) + 71
08051127 _start (1, 8047e14, 0, 8047e1c, 8047e26, 8047e39) + 83
----------------- lwp# 2 / thread# 2 --------------------
fed43a41 mutex_lock_impl (806bb48, 0, 0, 0, feb20200, fedde000) + e9
fed43bf8 mutex_lock (806bb48, 0, fec2ee18, fe52b51e) + 10
fe52b539 umem_slab_alloc (806ba90, 0, fec2ee58, fe52c418) + 29
fe52c4c9 umem_cache_alloc (806ba90, 0, 806b710, fe52c8f6) + e5
fe52c9b5 umem_alloc (1c, 0, fec2eed8, fe5296e6) + cd
fe529702 malloc (14, fef1a9cc, c1, fee51ad0, 10) + 2a
fee51ae7 default_malloc_ex (14, fef1a9ac, 7d, fee522a2) + 23
fee52300 CRYPTO_malloc (14, fef1a9ac, 7d, feea9466) + 6c
feea9480 sk_new (feeb7fb0, fef39000, fec2ef88, feeb7fda) + 24
feeb7ffb EVP_PBE_alg_add (90, fef49a80, fef4a398, feef7118) + 2b
feef7063 PKCS12_PBE_add (8051430, fef39000, fec2efb8, feeb5705,
fec2efc8, fedde000) + 2f
feeb5cca OpenSSL_add_all_ciphers (fec2efc8, fedde000, fec2efc8,
8051435, fe000, fedde000) + 5b2
feeb5705 OPENSSL_add_all_algorithms_noconf (fe000, fedde000, fec2efe8,
fed4b923, 0, fedde000) + 1d
08051435 foo (0, fedde000, fec2efe8, fed4b8ce) + 10
fed4b923 _thrp_setup (feb20200) + 9b
fed4bbb0 _lwp_start (feb20200, 0, 0, 0, 0, 0)
----------------- lwp# 3 / thread# 3 --------------------
fed42590 mutex_trylock_adaptive (fe54b888, 1, 0, fed43966) + 140
fed43a9f mutex_lock_impl (fe54b888, 0, 0, e, 0, fe549000) + 147
fed43bf8 mutex_lock (fe54b888, fedde000, feb1db28, fe529b59) + 10
fe529b71 umem_log_enter (feb1db40, feb1db57, feb1db40, fe529c1c) + 25
fe529c5e umem_error_enter (feb1db40, fff, fe5367f4, feb1eb74) + 4e
fe529efb umem_vprintf (fe5367f4, feb1eb74, 0, fe529f1c) + 57
fe529f32 umem_printf (fe5367f4, fee1fa33, 26, 1) + 22
fe52a00a print_sym (fee51b16) + 92
fe5278a7 print_stacktrace (0, fe549000, feb1ee38, fe529a44, fe536708,
fe54dc60) + a3
fe5279b3 umem_err_recoverable (fe536708, fe54dc60, 8093c48, fe536730) + 3f
fe529a44 process_free (8093c48, 0, feb1ee5c, fe529a96) + e4
fe529abe realloc (8093c48, 200, 1789, fee51afc, fe536ff4) + 36
fee51b16 default_realloc_ex (8093c48, 200, fef1a9c4, 13f) + 26
fee523a7 CRYPTO_realloc (8093c48, 200, fef1a9c4, 13f) + 5b
feea9f52 expand (8086f08, fef39000, bf, feea9c9d) + 56
feea9cc7 lh_insert (8086f08, 80f8a40, bf, fee54eca) + 37
fee54f3e OBJ_NAME_add (fef1c338, 8002, fef1c32c) + 82
feeb5ca7 OpenSSL_add_all_ciphers (feb1efc8, fedde000, feb1efc8,
8051435, fe000, fedde000) + 58f
feeb5705 OPENSSL_add_all_algorithms_noconf (fe000, fedde000, feb1efe8,
fed4b923, 0, fedde000) + 1d
08051435 foo (0, fedde000, feb1efe8, fed4b8ce) + 10
fed4b923 _thrp_setup (feb20a00) + 9b
fed4bbb0 _lwp_start (feb20a00, 0, 0, 0, 0, 0)
----------------- lwp# 4 / thread# 4 --------------------
fed43afc mutex_lock_impl (fede24c0, 0, 0, 0, 0, 0) + 1a4
fed43bf8 mutex_lock (fede24c0, 0, 0, fed49616) + 10
fed4966f _ti_bind_guard (3, 0, 0, fefca670) + 67
fefca6b6 rt_bind_guard (3, 0, 0, fefd2742) + 52
fefd2760 enter (0, 0, 0, fefdc405) + 28
fefdc420 elf_bndr (fefa0c08, 38, fe5277e9) + 2c
fefc2054 elf_rtbndr (38, fe5277e9, 6, 0, fea1fdf8, fe5277b8) + 14
fefa0c08 ???????? (0)
fe5279c3 umem_err_recoverable (fe536708, fe54dc60, 8093c48, fe536730) + 4f
fe529a44 process_free (8093c48, 0, fea1fe5c, fe529a96) + e4
fe529abe realloc (8093c48, 200, 1789, fee51afc, fe536ff4) + 36
fee51b16 default_realloc_ex (8093c48, 200, fef1a9c4, 13f) + 26
fee523a7 CRYPTO_realloc (8093c48, 200, fef1a9c4, 13f) + 5b
feea9f52 expand (8086f08, fef39000, bf, feea9c9d) + 56
feea9cc7 lh_insert (8086f08, 80f8a18, bf, fee54eca) + 37
fee54f3e OBJ_NAME_add (fef1c338, 8002, fef1c32c) + 82
feeb5ca7 OpenSSL_add_all_ciphers (8, fedde000, fea1ffc8, 8051435,
fe000, fedde000) + 58f
feeb5705 OPENSSL_add_all_algorithms_noconf (fe000, fedde000, fea1ffe8,
fed4b923, 0, fedde000) + 1d
08051435 foo (0, fedde000, fea1ffe8, fed4b8ce) + 10
fed4b923 _thrp_setup (feb21200) + 9b
fed4bbb0 _lwp_start (feb21200, 0, 0, 0, 0, 0)
----------------- lwp# 5 / thread# 5 --------------------
fed50cb5 _lwp_kill (5, 6, fe920e78, fecf8dce) + 15
fecf8dda raise (6, fe549000, fe920ea8, fe5277b8) + 22
fe5277da umem_do_abort (18) + 2e
fe5279c3 umem_err_recoverable (fe536708, fe54dc68, 80ece40, fe536730) + 4f
fe529a44 process_free (80ece40, 1, 0, feea9cdc) + e4
fe529a7a free (80ece40, 1, 0, fee524f2) + 1a
fee52522 CRYPTO_free (80ece40, 80ee060, bf, fee54eca) + 3a
fee54f8c OBJ_NAME_add (fef14b44, 2, fef4a030, feeb1902) + d0
feeb1922 EVP_add_cipher (fef4a030, fef39000, fe920fa8, feeb5a46) + 2a
feeb5a4f OpenSSL_add_all_ciphers (8, fedde000, fe920fc8, 8051435,
fe000, fedde000) + 337
feeb5705 OPENSSL_add_all_algorithms_noconf (fe000, fedde000, fe920fe8,
fed4b923, 0, fedde000) + 1d
08051435 foo (0, fedde000, fe920fe8, fed4b8ce) + 10
fed4b923 _thrp_setup (feb21a00) + 9b
fed4bbb0 _lwp_start (feb21a00, 0, 0, 0, 0, 0)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
