httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Frank <>
Subject Re: Creating a thread safe module and the problem of calling of 'CRYPTO_set_locking_callback' twice!
Date Wed, 06 Dec 2006 15:59:57 GMT
Darryl Miles wrote:
> Nick Kew wrote:
>> Unless OpenSSL nomenclature is rather confusing here, an SSL_CTX
>> sounds like the kind of thing you would instantiate per-connection
>> or per-request.  Does your module act on a request or a connection?
> Maybe a bit of background reading and examination of reference 
> implementations would be a better help for you right now.
> [...]

I hope that comment wasn't for me?!

There might be a misunderstanding about my original posting (or we are 
drifting off):

Inside the OpenSSL library is more than SSL. :-)

I want to use OpenSSL's crypto library (for encryption). Something like:

EVP_CIPHER_CTX_init (& ctx);
EVP_EncryptInit (& ctx, EVP_bf_cbc (), key, iv);
EVP_EncryptUpdate (& ctx, outbuf, & olen, inbuff, n);
EVP_EncryptFinal (& ctx, outbuf + olen, & tlen);

Because 'EVP_CIPHER_CTX_init' is 'slow', I want to call it once! (Yes! I 
can call it for every request and then (I think) I am on the safe side, 
but I do not want this because there are MANY requests!)
So my code has to be thread safe, as Apache might be compiled with 
thread support! To make it thread safe told me:

"OpenSSL can safely be used in multi-threaded applications provided that 
at least two callback functions are set."

This means the two functions 'CRYPTO_set_locking_callback' and 

These two functions are being called from mod_ssl by the 
ssl_init_Module-function (via ssl_util_thread_setup, which creates some 
thread mutexes and calls the both functions) without testing whether 
they have already being called or not.

My question is: How does this interfere with my module? How can I ensure 
that only one of us (mod_ssl or my module) is calling these both 
functions? I cannot believe that there is no problem when my module 
creates some thread mutexes and mod_ssl does it too...


P.S.: I still think there is need for a test routine like 

P.P.S.: To Nick Kew: I don't agree with RĂ¼digers comment. I think 
OpenSSL is needed in the 1st edition. :-)

View raw message