Re: [PATCH 7/8] Initialise OpenSSL just once

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> 
> Hi,
> 
> On Mon, 2016-06-20 at 10:15 +0100, Frediano Ziglio wrote:
> > Avoid multiple initializations of this library.
> imo would be nice to mention that it is about threads
> >

What about


Avoid multiple initializations of this library.
Also initialize using thread safe code to avoid possible race conditions.


In theory one could allocate and use different SpiceServer structures
so it's not only a thread issue. It's a pity that in 2016 a library
is not able to initialize itself properly in a thread safe way.
I don't know if LibreSSL fixed this.

Frediano

> > Signed-off-by: Frediano Ziglio <fziglio@xxxxxxxxxx>
> > ---
> >  server/reds.c | 16 ++++++++++++----
> >  1 file changed, 12 insertions(+), 4 deletions(-)
> > 
> > diff --git a/server/reds.c b/server/reds.c
> > index 0445623..c139d8d 100644
> > --- a/server/reds.c
> > +++ b/server/reds.c
> > @@ -2801,8 +2801,19 @@ static void openssl_thread_setup(void)
> >      CRYPTO_set_locking_callback(pthreads_locking_callback);
> >  }
> >  
> > +static gpointer openssl_global_init(gpointer arg)
> the parameter can be marked as G_GNUC_UNUSED
> > +{
> > +    SSL_library_init();
> > +    SSL_load_error_strings();
> > +
> > +    openssl_thread_setup();
> > +
> > +    return NULL;
> > +}
> > +
> >  static int reds_init_ssl(RedsState *reds)
> >  {
> > +    static GOnce openssl_once = G_ONCE_INIT;
> >  #if OPENSSL_VERSION_NUMBER >= 0x10000000L
> >      const SSL_METHOD *ssl_method;
> >  #else
> > @@ -2814,8 +2825,7 @@ static int reds_init_ssl(RedsState *reds)
> >      long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
> >  
> >      /* Global system initialization*/
> > -    SSL_library_init();
> > -    SSL_load_error_strings();
> > +    g_once (&openssl_once, openssl_global_init, NULL);
> extra space  ^
> >  
> >      /* Create our context*/
> >      /* SSLv23_method() handles TLSv1.x in addition to SSLv2/v3 */
> > @@ -2879,8 +2889,6 @@ static int reds_init_ssl(RedsState *reds)
> >          }
> >      }
> >  
> > -    openssl_thread_setup();
> > -
> >  #ifndef SSL_OP_NO_COMPRESSION
> >      STACK *cmp_stack = SSL_COMP_get_compression_methods();
> >      sk_zero(cmp_stack);
> 
> besides that ack,
> Pavel
> 
> 
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel
[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]