Re: [openssl.org #373] Fw: is SSL_CTX_new() thread safe (on win32) ?
yea, I think that patch should be ok.
Louis Solomon
www.SteelBytes.com
- Original Message -
From: Richard Levitte - VMS Whacker via RT [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, December 13, 2002 9:35 AM
Subject: Re: [openssl.org #373] Fw: is SSL_CTX_new() thread safe (on win32)
?
I can see that happening. Would the following patch help?
Index: ssl/ssl_ciph.c
===
RCS file: /e/openssl/cvs/openssl/ssl/ssl_ciph.c,v
retrieving revision 1.33.2.3
diff -u -u -r1.33.2.3 ssl_ciph.c
--- ssl/ssl_ciph.c 19 Jul 2002 19:53:02 - 1.33.2.3
+++ ssl/ssl_ciph.c 12 Dec 2002 22:32:30 -
@@ -751,7 +751,9 @@
*/
if (rule_str == NULL) return(NULL);
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL);
if (init_ciphers) load_ciphers();
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
/*
* To reduce the work to do we only want to process the compiled
In message [EMAIL PROTECTED] on Mon, 2 Dec 2002
09:09:25 +0100 (MET), Louis Solomon [SteelBytes] via RT [EMAIL PROTECTED]
said:
rt ok,
rt here's the cause I think ...
rt
rt SSL_CTX_new(...)
rt {
rt ...
rt ssl_create_cipher_list(...)
rt ...
rt }
rt
rt static int init_ciphers=1;
rt
rt ssl_create_cipher_list(...)
rt {
rt ...
rt if (init_ciphers) load_ciphers();
rt ...
rt ssl_cipher_get_disabled()
rt ...
rt }
rt
rt load_ciphers()
rt {
rt init_ciphers = 0;
rt ... // mark_1
rt init ssl_cipher_methods[]
rt ...
rt }
rt
rt ssl_cipher_get_disabled()
rt {
rt ...
rt use ssl_cipher_methods[] // mark_2
rt ...
rt }
rt
rt consider this:
rt thread_1 calls SSL_CTX_new() and reaches mark_1
rt a context switch happens (thread_1 stalls, and thread_2 becomes
rt active)
rt thread_2 calls SSL_CTX_new() and reaches mark_2
rt
rt thread_2 will be trying to read from ssl_cipher_methods which is
rt uninitialised !!
rt
rt any one care to fix the 0.9.7 beta ? (or 0.9.6g)
rt
rt Louis Solomon
rt www.SteelBytes.com
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Unsolicited commercial email is subject to an archival fee of $400.
See http://www.stacken.kth.se/~levitte/mail/ for more info.
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
[openssl.org #380] VC-WIN32 build issue
testing with openssl-0.9.7-stable-SNAP-20021203 ... in util/pl/VC-32.pl there is a line $lib_cflag= -D_WINDLL -D_DLL; which causes problems if the /MT option in $cflags is changed to /MT (solution is to remove the -D_DLL in this senario). since according to the help for VC7, /MD also defines _DLL the -D_DLL is unnecssary. (I think this is also the case in VC4-VC6) therefore I suggest just removing the -D_DLL permantly, so if somebody changes the /MD to /MT they dont have to spend ages working out why it doesnt link. Louis Solomon www.SteelBytes.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #383] crash bug with openssl-0.9.7-stable-SNAP-20021203 on Win32
build commands used (from a VS.NET command shell) set path=%path%;c:\cygwin\bin perl Configure VC-WIN32 threads zlib no-shared ms\do_masm.bat nmake -f ms\ntdll.mak then drop the dlls from out32dll into an existing project, and it crashes. openssl-0.9.6g compiled with exactly the same steps, works ok. test platform winxp pro sp1 dual P3/733 + 640MB VS.NET crash details when build with in debug mode (added debug to the mk1mf.pl lines in ms\do_masm.bat) file ssl_sess.c, line 681 i=tp.cache-down_load; but tp.cache == 0x ! hence the crash. call stack func SSL_CTX_flush_sessions, file ssl_sess.c, line 681 func SSL_CTX_free, file ssl_lib.c, line 1425 func SSL_free, file ssl_lib.c, line 469 how to make it crash ... hmm, good question. just using the openssl command line tool to connect to itself didnt cause it. so how am I doing it evertime ? read on ... download porttunnel from www.steelbytes.com and install it stick libeay32.dll and ssleay32.dll in the porttunnel program folder make two mappings in porttunnel with the following info mapping one: listen on 0.0.0.0:80 and redirects to 127.0.0.1:81 ssl_method_23 and cypher ALL:@STRENGTH selected in between porttunnel and server mapping two: listen on 127.0.0.1:81 and redirects to target.server.com:80 ssl_method_23 and cypher ALL:@STRENGTH selected in between client and porttunnel start porttunnel telnet to localhost:80 type a bit of crap, and it crashes everytime contact me for any other crash info requried. (happens everytime. I've re downloaded 0.9.6g and openssl-0.9.7-stable-SNAP-20021203 adn recompiled both etc, and yes 0.9.7 still crashes and 0.9.6 still doesnt) Louis Solomon www.SteelBytes.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #380] VC-WIN32 build issue
thnx Louis Solomon www.SteelBytes.com - Original Message - From: Richard Levitte via RT [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, December 05, 2002 12:37 PM Subject: [openssl.org #380] VC-WIN32 build issue OK, I've made that change. This ticket is now resolved. [[EMAIL PROTECTED] - Wed Dec 4 12:07:51 2002]: testing with openssl-0.9.7-stable-SNAP-20021203 ... in util/pl/VC-32.pl there is a line $lib_cflag= -D_WINDLL -D_DLL; which causes problems if the /MT option in $cflags is changed to /MT (solution is to remove the -D_DLL in this senario). since according to the help for VC7, /MD also defines _DLL the -D_DLL is unnecssary. (I think this is also the case in VC4-VC6) therefore I suggest just removing the -D_DLL permantly, so if somebody changes the /MD to /MT they dont have to spend ages working out why it doesnt link. Louis Solomon www.SteelBytes.com -- Richard Levitte __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #373] Fw: is SSL_CTX_new() thread safe (on win32) ?
submiting as a bug (read the whole email ...)
Louis Solomon
www.SteelBytes.com
- Original Message -
From: Louis Solomon [SteelBytes] [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, December 01, 2002 2:10 PM
Subject: Re: is SSL_CTX_new() thread safe (on win32) ?
ok,
here's the cause I think ...
SSL_CTX_new(...)
{
...
ssl_create_cipher_list(...)
...
}
static int init_ciphers=1;
ssl_create_cipher_list(...)
{
...
if (init_ciphers) load_ciphers();
...
ssl_cipher_get_disabled()
...
}
load_ciphers()
{
init_ciphers = 0;
... // mark_1
init ssl_cipher_methods[]
...
}
ssl_cipher_get_disabled()
{
...
use ssl_cipher_methods[] // mark_2
...
}
consider this:
thread_1 calls SSL_CTX_new() and reaches mark_1
a context switch happens (thread_1 stalls, and thread_2 becomes
active)
thread_2 calls SSL_CTX_new() and reaches mark_2
thread_2 will be trying to read from ssl_cipher_methods which is
uninitialised !!
any one care to fix the 0.9.7 beta ? (or 0.9.6g)
Louis Solomon
www.SteelBytes.com
- Original Message -
From: Louis Solomon [SteelBytes] [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, November 30, 2002 10:30 PM
Subject: Re: is SSL_CTX_new() thread safe (on win32) ?
I just tested with 0.9.7 beta 4, and it still happens.
any ideas ?
Louis Solomon
www.SteelBytes.com
- Original Message -
From: Louis Solomon [SteelBytes] [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, November 26, 2002 4:10 PM
Subject: Re: is SSL_CTX_new() thread safe (on win32) ?
whoops :-) there was a typo in the url, it should be
http://www.steelbytes.com/temp/openssl_bug_test.zip
Louis Solomon
www.SteelBytes.com
- Original Message -
From: Louis Solomon [SteelBytes] [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, November 25, 2002 12:29 PM
Subject: is SSL_CTX_new() thread safe (on win32) ?
When running this test program I wrote, I _sometimes_ get
an error return by SSL_CTX_new(). The error msg is:
SSL routines:SSL_CTX_new:library has no ciphers
Louis Solomon
[EMAIL PROTECTED]
source and binaries of test program avail from:
http://www.steeelbytes.com/temp/openssl_bug_test.zip
openssl versions tested with:
0.9.6g compiled by me (src from openssl.org)
0.9.6g binaries from bsdftpd-ssl.sc.ru
0.9.6d binaries from mod-ssl.org
test enviroment:
winxp pro sp1
dual P3 733Mhz + 768MB ram
compiler:
visual studio .net
pseudo code:
main_thread()
{
init ssl (dyanmically linked with LoadLibrary and
GetProcAddress)
success = 0;
create a heap of worker threads
wait for work threads
clean up ssl
if (success!=num_threads)
show error
else
show success
}
worker_thread()
{
ssl_meth = SSLv23_method();
ssl_ctx = SSL_CTX_new(ssl_meth);
if (ssl_ctx!=NULL)
{
SSL_CTX_free(ssl_ctx);
success++;
}
else
{
log ssl error to debug output
}
}
__
OpenSSL Project
http://www.openssl.org
User Support Mailing List
[EMAIL PROTECTED]
Automated List Manager
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
