httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Frank <fr...@x09.de>
Subject Re: Creating a thread safe module and the problem of calling of 'CRYPTO_set_locking_callback' twice!
Date Wed, 06 Dec 2006 15:59:57 GMT
Darryl Miles wrote:
> Nick Kew wrote:
> 
>> Unless OpenSSL nomenclature is rather confusing here, an SSL_CTX
>> sounds like the kind of thing you would instantiate per-connection
>> or per-request.  Does your module act on a request or a connection?
> 
> 
> Maybe a bit of background reading and examination of reference 
> implementations would be a better help for you right now.
> [...]

I hope that comment wasn't for me?!

There might be a misunderstanding about my original posting (or we are 
drifting off):

Inside the OpenSSL library is more than SSL. :-)

I want to use OpenSSL's crypto library (for encryption). Something like:

EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init (& ctx);
EVP_EncryptInit (& ctx, EVP_bf_cbc (), key, iv);
EVP_EncryptUpdate (& ctx, outbuf, & olen, inbuff, n);
EVP_EncryptFinal (& ctx, outbuf + olen, & tlen);

Because 'EVP_CIPHER_CTX_init' is 'slow', I want to call it once! (Yes! I 
can call it for every request and then (I think) I am on the safe side, 
but I do not want this because there are MANY requests!)
So my code has to be thread safe, as Apache might be compiled with 
thread support! To make it thread safe 
http://www.openssl.org/docs/crypto/threads.html told me:

"OpenSSL can safely be used in multi-threaded applications provided that 
at least two callback functions are set."

This means the two functions 'CRYPTO_set_locking_callback' and 
'CRYPTO_set_id_callback'!

These two functions are being called from mod_ssl by the 
ssl_init_Module-function (via ssl_util_thread_setup, which creates some 
thread mutexes and calls the both functions) without testing whether 
they have already being called or not.

My question is: How does this interfere with my module? How can I ensure 
that only one of us (mod_ssl or my module) is calling these both 
functions? I cannot believe that there is no problem when my module 
creates some thread mutexes and mod_ssl does it too...


Regards,
Frank

P.S.: I still think there is need for a test routine like 
'ssl_is_thread_safe_maker_on()'.

P.P.S.: To Nick Kew: I don't agree with RĂ¼digers comment. I think 
OpenSSL is needed in the 1st edition. :-)

Mime
View raw message