Re: [openssl-dev] About multi-thread unsafe for APIs defined in crypto/objects/obj_dat.c

2018-01-24 Thread Yun Jiang 
Thanks!

But we are providing SDK to our customers to retrieve extension from the 
certificates downloaded from Internet. We have no idea what OID will be used by 
the SDK users. Only SDK users will know what OID will be expected in a 
certificate.

OpenSSL should provide API to retrieve extension by OID.

Yun

From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Salz, 
Rich via openssl-dev
Sent: 24 January 2018 14:40
To: openssl-dev@openssl.org
Subject: Re: [openssl-dev] About multi-thread unsafe for APIs defined in 
crypto/objects/obj_dat.c

Create the OID at your program startup and store the NID in a global variable.

From: Yun Jiang <yun.ji...@realvnc.com<mailto:yun.ji...@realvnc.com>>
Reply-To: openssl-dev <openssl-dev@openssl.org<mailto:openssl-dev@openssl.org>>
Date: Wednesday, January 24, 2018 at 7:38 AM
To: openssl-dev <openssl-dev@openssl.org<mailto:openssl-dev@openssl.org>>
Subject: Re: [openssl-dev] About multi-thread unsafe for APIs defined in 
crypto/objects/obj_dat.c

Thanks!

The problem is that I need to get a customized certificate extension based on 
an OID. Until now, I cannot find a solution without dynamically calling 
OBJ_create(OID, NULL. NULL).


Yun



From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Peter 
Waltenberg
Sent: 24 January 2018 01:23
To: Salz, Rich <rs...@akamai.com<mailto:rs...@akamai.com>>; 
openssl-dev@openssl.org<mailto:openssl-dev@openssl.org>
Subject: Re: [openssl-dev] About multi-thread unsafe for APIs defined in 
crypto/objects/obj_dat.c

It's also not that much of a problem in practice..
If you are using those API's you are adding new crypto. methods. Doing that 
after threading has started is not going to give good results with or without 
locking.

Peter




From:"Salz, Rich via openssl-dev" 
<openssl-dev@openssl.org<mailto:openssl-dev@openssl.org>>
To:"openssl-dev@openssl.org<mailto:openssl-dev@openssl.org>" 
<openssl-dev@openssl.org<mailto:openssl-dev@openssl.org>>
Date:24/01/2018 11:19
Subject:Re: [openssl-dev] About multi-thread unsafe for APIs defined in 
crypto/objects/obj_dat.c
Sent by:"openssl-dev" 
<openssl-dev-boun...@openssl.org<mailto:openssl-dev-boun...@openssl.org>>



  *   OpenSSL APIs, which makes the following OpenSSL documentation statement 
invalid 
(https://www.openssl.org/docs/man1.0.2/crypto/threads.html<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.openssl.org_docs_man1.0.2_crypto_threads.html=DwMFAw=96ZbZZcaMF4w0F4jpN6LZg=4LM0GbR0h9Fvx86FtsKI-w=ZS_kRxGa4vj0O6wqfY-6q7kwVT0WiIMkFqw1XWHym4o=GK3QtuXP-8j_1nbRihxeJGLAIYXt1BNIyh3WHP6EJlY=>)


  *   "OpenSSL can safely be used in multi-threaded applications provided that 
at least two callback functions are set, locking_function and threadid_func."


  *   Is there any planning to fix this issue?


Well, the most likely fix is to make the “safely” wording be more vague, which 
I doubt you’ll like.  But I doubt anyone on the team has much interest in 
fixing 1.0.2 locking issues.--
openssl-dev mailing list
To unsubscribe: 
https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Ddev=DwICAg=jf_iaSHvJObTbx-siA1ZOg=K53ZTnW2gq2IjM1tbpz7kYoHgvTfJ_aR8s4bK_o2xzY=xEO93f-eFk98ZtSS2VW5oQoqCSoxBFAun8n0dZayTrs=9NZPKi5lqIGH6Jq4RqlHOiKqzuqUqZQMEQvpBr3aKsw=


-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] About multi-thread unsafe for APIs defined in crypto/objects/obj_dat.c

2018-01-24 Thread Yun Jiang 
Thanks!

The problem is that I need to get a customized certificate extension based on 
an OID. Until now, I cannot find a solution without dynamically calling 
OBJ_create(OID, NULL. NULL).


Yun



From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Peter 
Waltenberg
Sent: 24 January 2018 01:23
To: Salz, Rich ; openssl-dev@openssl.org
Subject: Re: [openssl-dev] About multi-thread unsafe for APIs defined in 
crypto/objects/obj_dat.c

It's also not that much of a problem in practice..
If you are using those API's you are adding new crypto. methods. Doing that 
after threading has started is not going to give good results with or without 
locking.

Peter




From:"Salz, Rich via openssl-dev" 
>
To:"openssl-dev@openssl.org" 
>
Date:24/01/2018 11:19
Subject:Re: [openssl-dev] About multi-thread unsafe for APIs defined in 
crypto/objects/obj_dat.c
Sent by:"openssl-dev" 
>



  *   OpenSSL APIs, which makes the following OpenSSL documentation statement 
invalid 
(https://www.openssl.org/docs/man1.0.2/crypto/threads.html)


  *   "OpenSSL can safely be used in multi-threaded applications provided that 
at least two callback functions are set, locking_function and threadid_func."


  *   Is there any planning to fix this issue?


Well, the most likely fix is to make the “safely” wording be more vague, which 
I doubt you’ll like.  But I doubt anyone on the team has much interest in 
fixing 1.0.2 locking issues.--
openssl-dev mailing list
To unsubscribe: 
https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Ddev=DwICAg=jf_iaSHvJObTbx-siA1ZOg=K53ZTnW2gq2IjM1tbpz7kYoHgvTfJ_aR8s4bK_o2xzY=xEO93f-eFk98ZtSS2VW5oQoqCSoxBFAun8n0dZayTrs=9NZPKi5lqIGH6Jq4RqlHOiKqzuqUqZQMEQvpBr3aKsw=


-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] About multi-thread unsafe for APIs defined in crypto/objects/obj_dat.c

2018-01-24 Thread Yun Jiang 
Thanks! Is this issue fixed in 1.1.0?

Yun

From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Salz, 
Rich via openssl-dev
Sent: 24 January 2018 01:19
To: openssl-dev@openssl.org
Subject: Re: [openssl-dev] About multi-thread unsafe for APIs defined in 
crypto/objects/obj_dat.c

Ø  OpenSSL APIs, which makes the following OpenSSL documentation statement 
invalid 
(https://www.openssl.org/docs/man1.0.2/crypto/threads.html)


Ø  "OpenSSL can safely be used in multi-threaded applications provided that at 
least two callback functions are set, locking_function and threadid_func."


Ø  Is there any planning to fix this issue?





Well, the most likely fix is to make the “safely” wording be more vague, which 
I doubt you’ll like.  But I doubt anyone on the team has much interest in 
fixing 1.0.2 locking issues.
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] About multi-thread unsafe for APIs defined in crypto/objects/obj_dat.c

2018-01-23 Thread Yun Jiang 
The APIs defined in the file crypto/objects/obj_dat.c share some static global 
variables defined in the file without locking, which makes the APIs in this 
file not multi-thread safe even if the locking callbacks are set. In addition, 
the APIs in this file are also used by the other OpenSSL APIs, which makes the 
following OpenSSL documentation statement invalid 
(https://www.openssl.org/docs/man1.0.2/crypto/threads.html)


"OpenSSL can safely be used in multi-threaded applications provided that at 
least two callback functions are set, locking_function and threadid_func."


Is there any planning to fix this issue?


-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev