Re: FW: multithreaded crypto functions

Thu, 15 Jun 2000 13:03:57 -0700 

Electric Fence is one, though I haven't used it myself. I am not sure if it
is as good/better/worse than purify.

Arun.

-----Original Message-----
From: Richard Dykiel <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, June 15, 2000 12:45 PM
Subject: RE: FW: multithreaded crypto functions


>Steve, thanks.
>I'd be interested if someone knows any tool capable of detecting memory
>leaks on Linux that I could use on an Openssl app; apparently Purify
doesn't
>have a Linux version.
>
>Some precisions below:
>
>> > > My application calls directly the following functions in OpenSSL:
>> > >
>> > > * EVP_CipherInit/Update/Final, etc..
>> > > * PEM_read_PrivateKey, PEM_read_X509, etc...
>> > >
>> > > In a multithreaded context, do these calls need to be
>> > > encapsulated by calls
>> > > to CRYPTO_lock? I happen to have transient failures:
>> > >
>> > > * EVP_DecryptFinal: Bad Decrypt
>> > > * PEM_do_header: Bad Decrypt
>> > >
>>
>> What do you mean by "in a multithreaded context"?
>>
>Multithreaded app, each thread calling the openssl functions I mention
>above.
>
>> If each thread has its own EVP_CIPHER_CTX structure there are no known
>> issues which could cause problems, that doesn't mean there aren't any
>> though!
>>
>In the function I wrote and I'm suspecting, the EVP_CIPHER_CTX structure is
>allocated on the stack.
>
>> If however you are sharing an EVP_CIPHER_CTX between threads then that
>> may well cause problems, but such a thing isn't likely to be
>> thread safe
>> unless you carefully synchronise operations.
>>
>Not the case.
>
>> Hmmm PEM_do_header....
>>
>> Nothing obvious in there, unless you are using the old (broken)
>> technique of passing pass phrases via global variables instead of the
>> extra parameter.
>>
>I'm reading a private key file as follows:
>        if ((pkey = PEM_read_PrivateKey(fpk, NULL, sx_P7PasswordCb, NULL))
>== NULL)
>

>            rc=LMSECPRIVLOAD;
>            break;
>        }
>sx_P7PasswordCb doesn't use static variables, but uses the EVP_Cipher.. to
>decrypt a passphrase stored in a file.
>
>______________________________________________________________________
>OpenSSL Project                                 http://www.openssl.org
>User Support Mailing List                    [EMAIL PROTECTED]
>Automated List Manager                           [EMAIL PROTECTED]
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to