The following patch allows CRYPTO_thread_id() to be invoked from the FIPS module. Without this patch the thread ID can not be retrieved properly, leading to thread synchronization issues in the FIPS module. Currently there's no way to exploit this problem since CRYPTO_thread_id() isn't used within the FIPS module. However, including this patch may prevent some headaches if the FIPS module should use CRYPTO_thread_id() in the future.
diff --git a/crypto/o_init.c b/crypto/o_init.c index b7b969b..8ce85b9 100644 --- a/crypto/o_init.c +++ b/crypto/o_init.c @@ -73,6 +73,7 @@ void OPENSSL_init(void) done = 1; #ifdef OPENSSL_FIPS FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock); + FIPS_crypto_set_id_callback(CRYPTO_thread_id); FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata); FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free); RAND_init_fips(); _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev