On Thu, 2006-12-07 at 18:41 +, Darryl Miles wrote:
Maybe there is some (small) re-design of the Apache code needed?
Agreed, something needs to be added. I'm saying there is no need to
make it specific to OpenSSL. Serializing the initialization can be made
generic such that these
William A. Rowe, Jr. wrote:
Darryl Miles wrote:
Your thinking is correct there is a problem. Those OpenSSL functions
are not documented in my man page but exist in the library. Yes there
is a read-test-write race window by using those APIs alone.
Nope. This is set when the server process
Klaus Wagner wrote:
On Thu, 2006-12-07 at 18:41 +, Darryl Miles wrote:
Maybe there is some (small) re-design of the Apache code needed?
Agreed, something needs to be added. I'm saying there is no need to
make it specific to OpenSSL. Serializing the initialization can be made
generic
Frank wrote:
Joe Orton wrote:
On Wed, Dec 06, 2006 at 06:20:55PM +, Darryl Miles wrote:
[...]
Is there an API to get the current value ?
Yes, CRYPTO_get_locking_callback/CRYPTO_get_id_callback.
[...]
I already know that this functions exists. But what if my module gets
inited before
Frank wrote:
Joe Orton wrote:
Yes, CRYPTO_get_locking_callback/CRYPTO_get_id_callback.
[...]
I already know that this functions exists. But what if my module gets
inited before mod_ssl, which doesn't use the get-functions to determine
that something is already there? I was in the hope to
William A. Rowe, Jr. wrote:
Nick Kew wrote:
[...]
Is OpenSSL not thread-safe?
An SSL_CTX can't be cross-threaded. If the scope of use of that CTX is
restricted to one thread at a time, then yes, OpenSSL has been threadsafe
for a very very long time.
You mean if I were able to create one
Frank wrote:
Nick Kew wrote:
[...]
My chapter 4 discusses thread-safety and external libraries.
But I know nothing about OpenSSL, and I suspect you might be
seeing a problem where none exists.
When the library opens I will take a look at it, but I suspect that your
book will not help me in
Frank wrote:
William A. Rowe, Jr. wrote:
Nick Kew wrote:
[...]
An SSL_CTX can't be cross-threaded. If the scope of use of that CTX is
restricted to one thread at a time, then yes, OpenSSL has been threadsafe
for a very very long time.
You mean if I were able to create one SSL_CTX for every
On Wed, 06 Dec 2006 09:42:04 +0100
Frank [EMAIL PROTECTED] wrote:
William A. Rowe, Jr. wrote:
Nick Kew wrote:
[...]
Is OpenSSL not thread-safe?
An SSL_CTX can't be cross-threaded. If the scope of use of that
CTX is restricted to one thread at a time, then yes, OpenSSL has
been
On Wed, 06 Dec 2006 10:22:22 +0100
Frank [EMAIL PROTECTED] wrote:
Your book will be available in March/April 2007, but I prefer to find
a solution somewhat earlier. :-)
Someone's being very cautious with dates there. I've just finished
proofreading, and am under instructions that any changes
-Ursprüngliche Nachricht-
Von: Nick Kew
Gesendet: Mittwoch, 6. Dezember 2006 15:06
An: dev@httpd.apache.org
Betreff: Re: Creating a thread safe module and the problem of
calling of 'CRYPTO_set_locking_callback' twice!
OpenSSL is just one of thousands of libraries a module
Nick Kew wrote:
Unless OpenSSL nomenclature is rather confusing here, an SSL_CTX
sounds like the kind of thing you would instantiate per-connection
or per-request. Does your module act on a request or a connection?
Maybe a bit of background reading and examination of reference
Darryl Miles wrote:
Nick Kew wrote:
Unless OpenSSL nomenclature is rather confusing here, an SSL_CTX
sounds like the kind of thing you would instantiate per-connection
or per-request. Does your module act on a request or a connection?
Maybe a bit of background reading and examination of
On 12/6/06, Frank [EMAIL PROTECTED] wrote:
My question is: How does this interfere with my module? How can I ensure
that only one of us (mod_ssl or my module) is calling these both
functions? I cannot believe that there is no problem when my module
You just can't. I wish there was a better
Justin Erenkrantz wrote:
On 12/6/06, Frank [EMAIL PROTECTED] wrote:
My question is: How does this interfere with my module? How can I ensure
that only one of us (mod_ssl or my module) is calling these both
functions? I cannot believe that there is no problem when my module
You just can't.
On Wed, Dec 06, 2006 at 09:15:15AM -0800, Paul Querna wrote:
Justin Erenkrantz wrote:
On 12/6/06, Frank [EMAIL PROTECTED] wrote:
My question is: How does this interfere with my module? How can I ensure
that only one of us (mod_ssl or my module) is calling these both
functions? I cannot
Frank wrote:
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init ( ctx);
EVP_EncryptInit ( ctx, EVP_bf_cbc (), key, iv);
EVP_EncryptUpdate ( ctx, outbuf, olen, inbuff, n);
EVP_EncryptFinal ( ctx, outbuf + olen, tlen);
Because 'EVP_CIPHER_CTX_init' is 'slow', I want to call it once! (Yes! I
can call it
Joe Orton wrote:
What I do with OpenSSL in neon is to check that the existing callback is
NULL before registering a new callback; and likewise to check that the
ID callback is the one neon previously registered before un-registering
it later. If everybody did that it would be relatively safe.
On Wed, Dec 06, 2006 at 06:20:55PM +, Darryl Miles wrote:
Joe Orton wrote:
What I do with OpenSSL in neon is to check that the existing callback is
NULL before registering a new callback; and likewise to check that the
ID callback is the one neon previously registered before
Darryl Miles wrote:
Frank wrote:
William A. Rowe, Jr. wrote:
Nick Kew wrote:
[...]
An SSL_CTX can't be cross-threaded. If the scope of use of that CTX is
restricted to one thread at a time, then yes, OpenSSL has been
threadsafe
for a very very long time.
You mean if I were able to
Joe Orton wrote:
On Wed, Dec 06, 2006 at 06:20:55PM +, Darryl Miles wrote:
[...]
Is there an API to get the current value ?
Yes, CRYPTO_get_locking_callback/CRYPTO_get_id_callback.
[...]
I already know that this functions exists. But what if my module gets
inited before mod_ssl, which
Hi,
I am developing a module (using OpenSSL) for apache 2.2.3 and wonder how
to make it thread safe.
That module uses EVP_EncryptUpdate (and friends) so I have to use
'CRYPTO_set_id_callback' and 'CRYPTO_set_locking_callback' to make the
code thread safe. But I am not sure what will happen
On Tue, 05 Dec 2006 21:45:48 +0100
Frank [EMAIL PROTECTED] wrote:
Hi,
I am developing a module (using OpenSSL) for apache 2.2.3 and wonder
how to make it thread safe.
Is OpenSSL not thread-safe?
If it's not, how does mod_ssl deal with it? And if it is, where's
the problem?
So my question
Nick Kew wrote:
On Tue, 05 Dec 2006 21:45:48 +0100
Frank [EMAIL PROTECTED] wrote:
Hi,
I am developing a module (using OpenSSL) for apache 2.2.3 and wonder
how to make it thread safe.
Is OpenSSL not thread-safe?
An SSL_CTX can't be cross-threaded. If the scope of use of that CTX is
Nick Kew wrote:
On Tue, 05 Dec 2006 21:45:48 +0100
Frank [EMAIL PROTECTED] wrote:
Hi,
I am developing a module (using OpenSSL) for apache 2.2.3 and wonder
how to make it thread safe.
Is OpenSSL not thread-safe?
Yes and no. http://www.openssl.org/docs/crypto/threads.html says:
OpenSSL
25 matches
Mail list logo