The following patch allows CRYPTO_thread_id() to be invoked from the
FIPS module. Without this patch the thread ID can not be retrieved
properly, leading to thread synchronization issues in the FIPS module.
Currently there's no way to exploit this problem since
CRYPTO_thread_id() isn't used within the FIPS module. However,
including this patch may prevent some headaches if the FIPS module
should use CRYPTO_thread_id() in the future.
diff --git a/crypto/o_init.c b/crypto/o_init.c
index b7b969b..8ce85b9 100644
--- a/crypto/o_init.c
+++ b/crypto/o_init.c
@@ -73,6 +73,7 @@ void OPENSSL_init(void)
done = 1;
#ifdef OPENSSL_FIPS
FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock);
+ FIPS_crypto_set_id_callback(CRYPTO_thread_id);
FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata);
FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free);
RAND_init_fips();
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
