Re: [openssl.org #373] Fw: is SSL_CTX_new() thread safe (on win32) ?
yea, I think that patch should be ok. Louis Solomon www.SteelBytes.com - Original Message - From: Richard Levitte - VMS Whacker via RT [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, December 13, 2002 9:35 AM Subject: Re: [openssl.org #373] Fw: is SSL_CTX_new() thread safe (on win32) ? I can see that happening. Would the following patch help? Index: ssl/ssl_ciph.c === RCS file: /e/openssl/cvs/openssl/ssl/ssl_ciph.c,v retrieving revision 1.33.2.3 diff -u -u -r1.33.2.3 ssl_ciph.c --- ssl/ssl_ciph.c 19 Jul 2002 19:53:02 - 1.33.2.3 +++ ssl/ssl_ciph.c 12 Dec 2002 22:32:30 - @@ -751,7 +751,9 @@ */ if (rule_str == NULL) return(NULL); + CRYPTO_w_lock(CRYPTO_LOCK_SSL); if (init_ciphers) load_ciphers(); + CRYPTO_w_unlock(CRYPTO_LOCK_SSL); /* * To reduce the work to do we only want to process the compiled In message [EMAIL PROTECTED] on Mon, 2 Dec 2002 09:09:25 +0100 (MET), Louis Solomon [SteelBytes] via RT [EMAIL PROTECTED] said: rt ok, rt here's the cause I think ... rt rt SSL_CTX_new(...) rt { rt ... rt ssl_create_cipher_list(...) rt ... rt } rt rt static int init_ciphers=1; rt rt ssl_create_cipher_list(...) rt { rt ... rt if (init_ciphers) load_ciphers(); rt ... rt ssl_cipher_get_disabled() rt ... rt } rt rt load_ciphers() rt { rt init_ciphers = 0; rt ... // mark_1 rt init ssl_cipher_methods[] rt ... rt } rt rt ssl_cipher_get_disabled() rt { rt ... rt use ssl_cipher_methods[] // mark_2 rt ... rt } rt rt consider this: rt thread_1 calls SSL_CTX_new() and reaches mark_1 rt a context switch happens (thread_1 stalls, and thread_2 becomes rt active) rt thread_2 calls SSL_CTX_new() and reaches mark_2 rt rt thread_2 will be trying to read from ssl_cipher_methods which is rt uninitialised !! rt rt any one care to fix the 0.9.7 beta ? (or 0.9.6g) rt rt Louis Solomon rt www.SteelBytes.com -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #380] VC-WIN32 build issue
testing with openssl-0.9.7-stable-SNAP-20021203 ... in util/pl/VC-32.pl there is a line $lib_cflag= -D_WINDLL -D_DLL; which causes problems if the /MT option in $cflags is changed to /MT (solution is to remove the -D_DLL in this senario). since according to the help for VC7, /MD also defines _DLL the -D_DLL is unnecssary. (I think this is also the case in VC4-VC6) therefore I suggest just removing the -D_DLL permantly, so if somebody changes the /MD to /MT they dont have to spend ages working out why it doesnt link. Louis Solomon www.SteelBytes.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #383] crash bug with openssl-0.9.7-stable-SNAP-20021203 on Win32
build commands used (from a VS.NET command shell) set path=%path%;c:\cygwin\bin perl Configure VC-WIN32 threads zlib no-shared ms\do_masm.bat nmake -f ms\ntdll.mak then drop the dlls from out32dll into an existing project, and it crashes. openssl-0.9.6g compiled with exactly the same steps, works ok. test platform winxp pro sp1 dual P3/733 + 640MB VS.NET crash details when build with in debug mode (added debug to the mk1mf.pl lines in ms\do_masm.bat) file ssl_sess.c, line 681 i=tp.cache-down_load; but tp.cache == 0x ! hence the crash. call stack func SSL_CTX_flush_sessions, file ssl_sess.c, line 681 func SSL_CTX_free, file ssl_lib.c, line 1425 func SSL_free, file ssl_lib.c, line 469 how to make it crash ... hmm, good question. just using the openssl command line tool to connect to itself didnt cause it. so how am I doing it evertime ? read on ... download porttunnel from www.steelbytes.com and install it stick libeay32.dll and ssleay32.dll in the porttunnel program folder make two mappings in porttunnel with the following info mapping one: listen on 0.0.0.0:80 and redirects to 127.0.0.1:81 ssl_method_23 and cypher ALL:@STRENGTH selected in between porttunnel and server mapping two: listen on 127.0.0.1:81 and redirects to target.server.com:80 ssl_method_23 and cypher ALL:@STRENGTH selected in between client and porttunnel start porttunnel telnet to localhost:80 type a bit of crap, and it crashes everytime contact me for any other crash info requried. (happens everytime. I've re downloaded 0.9.6g and openssl-0.9.7-stable-SNAP-20021203 adn recompiled both etc, and yes 0.9.7 still crashes and 0.9.6 still doesnt) Louis Solomon www.SteelBytes.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #380] VC-WIN32 build issue
thnx Louis Solomon www.SteelBytes.com - Original Message - From: Richard Levitte via RT [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, December 05, 2002 12:37 PM Subject: [openssl.org #380] VC-WIN32 build issue OK, I've made that change. This ticket is now resolved. [[EMAIL PROTECTED] - Wed Dec 4 12:07:51 2002]: testing with openssl-0.9.7-stable-SNAP-20021203 ... in util/pl/VC-32.pl there is a line $lib_cflag= -D_WINDLL -D_DLL; which causes problems if the /MT option in $cflags is changed to /MT (solution is to remove the -D_DLL in this senario). since according to the help for VC7, /MD also defines _DLL the -D_DLL is unnecssary. (I think this is also the case in VC4-VC6) therefore I suggest just removing the -D_DLL permantly, so if somebody changes the /MD to /MT they dont have to spend ages working out why it doesnt link. Louis Solomon www.SteelBytes.com -- Richard Levitte __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #373] Fw: is SSL_CTX_new() thread safe (on win32) ?
submiting as a bug (read the whole email ...) Louis Solomon www.SteelBytes.com - Original Message - From: Louis Solomon [SteelBytes] [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, December 01, 2002 2:10 PM Subject: Re: is SSL_CTX_new() thread safe (on win32) ? ok, here's the cause I think ... SSL_CTX_new(...) { ... ssl_create_cipher_list(...) ... } static int init_ciphers=1; ssl_create_cipher_list(...) { ... if (init_ciphers) load_ciphers(); ... ssl_cipher_get_disabled() ... } load_ciphers() { init_ciphers = 0; ... // mark_1 init ssl_cipher_methods[] ... } ssl_cipher_get_disabled() { ... use ssl_cipher_methods[] // mark_2 ... } consider this: thread_1 calls SSL_CTX_new() and reaches mark_1 a context switch happens (thread_1 stalls, and thread_2 becomes active) thread_2 calls SSL_CTX_new() and reaches mark_2 thread_2 will be trying to read from ssl_cipher_methods which is uninitialised !! any one care to fix the 0.9.7 beta ? (or 0.9.6g) Louis Solomon www.SteelBytes.com - Original Message - From: Louis Solomon [SteelBytes] [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, November 30, 2002 10:30 PM Subject: Re: is SSL_CTX_new() thread safe (on win32) ? I just tested with 0.9.7 beta 4, and it still happens. any ideas ? Louis Solomon www.SteelBytes.com - Original Message - From: Louis Solomon [SteelBytes] [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 26, 2002 4:10 PM Subject: Re: is SSL_CTX_new() thread safe (on win32) ? whoops :-) there was a typo in the url, it should be http://www.steelbytes.com/temp/openssl_bug_test.zip Louis Solomon www.SteelBytes.com - Original Message - From: Louis Solomon [SteelBytes] [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, November 25, 2002 12:29 PM Subject: is SSL_CTX_new() thread safe (on win32) ? When running this test program I wrote, I _sometimes_ get an error return by SSL_CTX_new(). The error msg is: SSL routines:SSL_CTX_new:library has no ciphers Louis Solomon [EMAIL PROTECTED] source and binaries of test program avail from: http://www.steeelbytes.com/temp/openssl_bug_test.zip openssl versions tested with: 0.9.6g compiled by me (src from openssl.org) 0.9.6g binaries from bsdftpd-ssl.sc.ru 0.9.6d binaries from mod-ssl.org test enviroment: winxp pro sp1 dual P3 733Mhz + 768MB ram compiler: visual studio .net pseudo code: main_thread() { init ssl (dyanmically linked with LoadLibrary and GetProcAddress) success = 0; create a heap of worker threads wait for work threads clean up ssl if (success!=num_threads) show error else show success } worker_thread() { ssl_meth = SSLv23_method(); ssl_ctx = SSL_CTX_new(ssl_meth); if (ssl_ctx!=NULL) { SSL_CTX_free(ssl_ctx); success++; } else { log ssl error to debug output } } __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]