Attila Bukor has posted comments on this change. ( http://gerrit.cloudera.org:8080/16659 )
Change subject: Add lock before verifying signature ...................................................................... Patch Set 7: (2 comments) http://gerrit.cloudera.org:8080/#/c/16659/6//COMMIT_MSG Commit Message: http://gerrit.cloudera.org:8080/#/c/16659/6//COMMIT_MSG@21 PS6, Line 21: OpenSSL locking callbacks are : properly registered too > Since this issue happens so far only in FIPS-enabled OpenSSL library build, fips.h is not exposed as part of the public API so unfortunately, I can't call these directly. Are you suggesting that the problem might be that FIPS mode is initialized, and thus OPENSSL_init() is called before the callbacks are registered? http://gerrit.cloudera.org:8080/#/c/16659/3/src/kudu/security/tls_handshake.cc File src/kudu/security/tls_handshake.cc: http://gerrit.cloudera.org:8080/#/c/16659/3/src/kudu/security/tls_handshake.cc@101 PS3, Line 101: DCHECK(n == recv.size() || (n == -1 && recv.empty())); : DCHECK_EQ(BIO_ctrl_pending(rbio), recv.size()); : > I think output/input parameters is only a part of the picture since there i BIO_write() and BIO_read() use a memory-based BIO. From what I gather, the actual RW from/to the socket is done in ServerNegotiation and ClientNegotiation code, and TlsHandshake doesn't even have access to the underlying sockets. I also did a manual test while I ran "kudu table list" on a remote single-master cluster in lldb, set a breakpoint to L104 and monitored traffic on port 7051 in tcpdump. I then stepped through the end of this function where the lock would go out of scope and didn't see any network traffic. -- To view, visit http://gerrit.cloudera.org:8080/16659 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ifafc7dcf91db910123276b657515e410bb7f6fcd Gerrit-Change-Number: 16659 Gerrit-PatchSet: 7 Gerrit-Owner: Attila Bukor <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: Grant Henke <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Tidy Bot (241) Gerrit-Reviewer: Wenzhe Zhou <[email protected]> Gerrit-Comment-Date: Thu, 29 Oct 2020 07:40:58 +0000 Gerrit-HasComments: Yes
