Re: [openssl.org #262] bug: init race in SSLv3_client_method

Tue, 03 Sep 2002 23:38:40 -0700 

> Normally application create a single SSL_CTX structure before starting
> any threads and muliple SSL structure from that SSL_CTX so that problem
> doesn't arise.

In my app, multiple threads call into the *_client_method structures because
they don't know ahead of time which transport to use.  Possibly someone
could add a note to the threads manpage that advises apps to call all the
methods below initially on a single thread.

> I suppose it should be locked though. A simple workaround is to make a
> dummy SSL_v3_client_method() call before starting any threads.

This is the same workaround I eventually came up with.

I needed to add the following calls in my single-thread "openssl setup" code
to end several race conditions:

  SSLv23_client_method();
  SSLv2_client_method();
  SSLv3_client_method();
  TLSv1_client_method();
  SSLv23_method();
  SSLv2_method();
  SSLv3_method();
  TLSv1_method();
  SSLv23_server_method();
  SSLv2_server_method();
  SSLv3_server_method();
  TLSv1_server_method();
  ssl2_get_cipher_by_char("XXX");
  ssl3_get_cipher_by_char("XXX");


I also see race conditions in crypto/rand/md_rand.c that I don't see a
workaround for.  There's an init race in ssleay_rand_bytes.  Multiple
threads can call in and end up in the initialization code if init==0.  I'm
not sure why there is a lock around "if (init)", since this lock doesn't
prevent multiple initialization.

These threads then both call RAND_seed (ssleay_rand_seed, for me) at once.
ssleay_rand_seed modifies globals without any locking, so it doesn't appear
thread safe.

ssleay_rand_bytes modifies globals (md, md_count, etc.) without locking, so
the random byte buffer can be filled from "md" while another thread is
rewriting the contents of "md".  Also, "md_count[0]++" has undefined
results.

I see that access to state_num and state_index is locked, so I'm confused
why the other globals are modified outside of locks.

Thanks for looking at this!

Patrick

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to