ssl3_get_server_hello not threadsafe(?)

Tue, 18 Nov 2008 00:29:36 -0800 

Hi,
I've a simple program (used as a stress tool) that creates a number of threads, and uses a shared SSL_CTX to create an SSL object for each thread. My understanding of the threading model is that this fits with the intended thread-safety model of the library. 


Sporadically, I get "SSL_R_WRONG_CIPHER_RETURNED" errors as the threads 
attempt to establish their SSL layers. I think I've tracked this down to 
a lack of thread safety in ssl3_get_server_hello: From 
openssl-SNAP-20081117, ssl/s3_clnt.c, line 848:

>        sk=ssl_get_ciphers_by_id(s);
>        i=sk_SSL_CIPHER_find(sk,c);


The first line returns either the "cipher_list_by_id" field of the SSL 
structure, or, if null, it's context's equivalent field. For my case, 
the context's cipherlist is returned. So, sk_SSL_CIPHER_find() is 
invoked on the stack that's shared by all threads.



The implementation of sk_SSL_CIPHER_find is a macro that ends up 
invoking "sk_find", in turn invoking "internal_find". This ends up 
calling sk_sort() before doing a binary search of the stack.



This means that sk_sort can be invoked from different threads 
simultaneously without any lock protection. A quick analysis of the 
SSL_CTX structure at the point that I get my "wrong cipher returned" 
error shows that the "sorted" field of the stack is indeed set, but when 
running through the list of ciphers, I see that the ID fields are 
mostly, but not completely, sorted.


So, am I missing something or is this indeed a bug?


Assuming its a bug, I'm not familiar enough with OpenSSL to be sure what 
the best fix is: I would imagine ensuring that the stack is sorted in 
SSL_CTX_new and other places that change the SSL_CTXs cipher list would 
be the minimal required change that wouldn't involve locking the SSL_CTX 
for each operation. It might make sense to have ssl_create_cipher_list() 
always sort the stack it intends to return after setting its comparison 
function, if not doing so is just delaying the inevitable most of the 
time anyhow.



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]














    











					Reply via email to