FIXED - CRYPTO_set_dynlock_* mystery ... (was: Engine Issue: nShield 500)

Sat, 22 Nov 2008 12:49:53 -0800 

Hi Sander,

I debugged the init process and it seems that you were right. The
disable_mutex_callbacks is set to 1 at e_chil.c:578. Definitely it
is due to initialization, at this point...

... looked into that, and... et voilas! Found the problem! The PRE
commands were wrong. Indeed the following:

        5.engine_pre = THREAD_LOCKING:1

caused the disable_mutex_callbacks to be set to 1, therefore no
callbacks were used! Ahhhh... what a nightmare! If you want to be
sure, you can set it to 0:

        5.engine_pre = THREAD_LOCKING:0

Przemek, this should solve also your problem - so you can enable
multiple threads and get rid of your 'lock' around the signing
function.

I think that the config variable should have been called:

        DISABLE_THREAD_LOCKING

because if THREAD_LOCKING is set to 1 - then the disable_mutex_callbacks
is set to 1.. which should be the contrary (developer's error ?).

Very confusing... and besides, it should give out some warning!!! Anyhow,
now the callbacks are called, and the server seems to run pretty ok
with a relatively large amount of threads (150). But I still have
to stress-test it...

Thanks to all of you who helped me - now I have a single file with
the code for OpenSSL and pthreads, both static and dynamic locks..

Shall we include it into OpenSSL ?

        void OpenSSL_pthread_init( void );

.. that would make it more usable for the average developer! :D

Later,
Max


Sander Temme wrote:


On Nov 21, 2008, at 8:50 AM, Max Pala wrote:


The problem is that they are not called by the nCipher driver - no sign
at all in the logs... :( How come they are not called ???
Can you set a breakpoint in engines/e_chil.c:581 and inspect the value of disable_mutex_callbacks? It should be 0 and if it isn't, libnfhwcrhk never learns about the existence of the locks. 

S.




--

Best Regards,

        Massimiliano Pala

--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager]  [EMAIL PROTECTED]
                                                 [EMAIL PROTECTED]

Dartmouth Computer Science Dept               Home Phone: +1 (603) 369-9332
PKI/Trust Laboratory                          Work Phone: +1 (603) 646-9179
--o------------------------------------------------------------------------

People who think they know everything are a great annoyance to those of us
who do.
                                                           -- Isaac Asimov

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to