openssl not thread-safe: any alternatives?

2003-02-24 Thread Folkert van Heusden 
Hi,

I found out (yes, the rought way) that openssl is not
thread-safe: 2 threads doing encryption & decryption
concurrent goes horribly wrong.
So, my questions are:
- am I doing something and IS openssl threadsafe?
- is there an alternative for openssl doing which also
  does the key-exchange for me?


Folkert
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: openssl not thread-safe: any alternatives?

2003-02-24 Thread Richard Levitte - VMS Whacker 
In message <[EMAIL PROTECTED]> on Mon, 24 Feb 2003 20:13:31 +0100, "Folkert van 
Heusden" <[EMAIL PROTECTED]> said:

folkert> I found out (yes, the rought way) that openssl is not
folkert> thread-safe: 2 threads doing encryption & decryption
folkert> concurrent goes horribly wrong.
folkert> So, my questions are:
folkert> - am I doing something and IS openssl threadsafe?
folkert> - is there an alternative for openssl doing which also
folkert>   does the key-exchange for me?

Exactly what did you do?  If you're trying to use the same SSL* in two
threads, it's quite true that you're screwed.


-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
[EMAIL PROTECTED]  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
\  SWEDEN   \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See  for more info.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: openssl not thread-safe: any alternatives?

2003-02-24 Thread David Schwartz 
On Mon, 24 Feb 2003 20:13:31 +0100, Folkert van Heusden wrote:
>Hi,

>I found out (yes, the rought way) that openssl is not
>thread-safe: 2 threads doing encryption & decryption
>concurrent goes horribly wrong.

Two threads accessing the same connection at the same time won't
work. Otherwise, OpenSSL is thread safe.

>So, my questions are:
>- am I doing something and IS openssl threadsafe?
>- is there an alternative for openssl doing which also
>does the key-exchange for me?

Just implement your own per-connection mutex and you won't have any
problems.

DS


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: openssl not thread-safe: any alternatives?

2003-02-24 Thread Folkert van Heusden 
folkert> I found out (yes, the rought way) that openssl is not
folkert> thread-safe: 2 threads doing encryption & decryption
folkert> concurrent goes horribly wrong.
folkert> So, my questions are:
folkert> - am I doing something and IS openssl threadsafe?
folkert> - is there an alternative for openssl doing which also
folkert>   does the key-exchange for me?
> Exactly what did you do?  If you're trying to use the same SSL* in two
> threads, it's quite true that you're screwed.

Yep, that's what I'm doing.
I have one socket over which I want to send and receive at the same
time.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: openssl not thread-safe: any alternatives?

2003-02-24 Thread Folkert van Heusden 
>So, my questions are:
>- am I doing something and IS openssl threadsafe?
>- is there an alternative for openssl doing which also
>does the key-exchange for me?
YOU> Just implement your own per-connection mutex and you won't
YOU> have any problems.

Nope, won't work either!
I had something like:

send:
pthread_mutex_lock(&lock);
send
unlock();

and for receive:
pthread_mutex_lock(&lock);
receive
unlock();

well, you get my point.
And strangely enough, the connection gets aborted: sometimes
the next SSL_read and sometimes the next SSL_write fails
with error 1 (not sure if it was one, cannot check right now).

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: openssl not thread-safe: any alternatives?

2003-02-24 Thread Jeffrey Altman 




Are you using the mutex locks with blocking or non-blocking sockets?
Using mutex locks with non-blocking sockets most definitely works.


Folkert van Heusden wrote:

  
So, my questions are:
- am I doing something and IS openssl threadsafe?
- is there an alternative for openssl doing which also
does the key-exchange for me?

  
  YOU> Just implement your own per-connection mutex and you won't
YOU> have any problems.

Nope, won't work either!
I had something like:

send:
	pthread_mutex_lock(&lock);
	send
	unlock();

and for receive:
	pthread_mutex_lock(&lock);
	receive
	unlock();

well, you get my point.
And strangely enough, the connection gets aborted: sometimes
the next SSL_read and sometimes the next SSL_write fails
with error 1 (not sure if it was one, cannot check right now).

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: openssl not thread-safe: any alternatives?

2003-02-24 Thread David Schwartz 
On Mon, 24 Feb 2003 21:31:38 +0100, Folkert van Heusden wrote:

>Nope, won't work either!
>I had something like:
>
>send:
>pthread_mutex_lock(&lock);
>send
>unlock();
>
>and for receive:
>pthread_mutex_lock(&lock);
>receive
>unlock();
>
>well, you get my point.
>And strangely enough, the connection gets aborted: sometimes
>the next SSL_read and sometimes the next SSL_write fails
>with error 1 (not sure if it was one, cannot check right now).

I can't imagine why that wouldn't work. You do realize that you
can't use blocking sockets with this approach -- blocking while
holding a mutex is bad news.

DS


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]