[28311] in CVS-changelog-for-Kerberos-V5
krb5 commit: In PKINIT, use library initializer for OpenSSL
daemon@ATHENA.MIT.EDU (Greg Hudson)
Tue Apr 15 13:01:17 2014
Date: Tue, 15 Apr 2014 13:01:12 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201404151701.s3FH1CbX018565@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/d49e9f0e14adb24e6fe129080c54a0571a39611b
commit d49e9f0e14adb24e6fe129080c54a0571a39611b
Author: Tomas Kuthan <tkuthan@gmail.com>
Date: Fri Apr 11 15:36:53 2014 +0200
In PKINIT, use library initializer for OpenSSL
Use a library initializer to prevent multiple threads using PKINIT
from concurently initializing OpenSSL functions. For cases where
MT-safety is not assured by registering OpenSSL locking callbacks,
this significantly lowers the odds of crashes caused by races in
OpenSSL initialization. (If OpenSSL initialization functions are
called by some other thread directly, crashes are still possible.)
[ghudson@mit.edu: simplify code changes and commit message]
ticket: 6413
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 25 ++++++++------------
1 files changed, 10 insertions(+), 15 deletions(-)
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index 0237813..6133f09 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -43,8 +43,6 @@
#include "pkinit_crypto_openssl.h"
-static void openssl_init(void);
-
static krb5_error_code pkinit_init_pkinit_oids(pkinit_plg_crypto_context );
static void pkinit_fini_pkinit_oids(pkinit_plg_crypto_context );
@@ -423,14 +421,15 @@ unsigned char pkinit_4096_dhprime[4096/8] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};
+MAKE_INIT_FUNCTION(pkinit_openssl_init);
+
krb5_error_code
pkinit_init_plg_crypto(pkinit_plg_crypto_context *cryptoctx)
{
krb5_error_code retval = ENOMEM;
pkinit_plg_crypto_context ctx = NULL;
- /* initialize openssl routines */
- openssl_init();
+ (void)CALL_INIT_FUNCTION(pkinit_openssl_init);
ctx = malloc(sizeof(*ctx));
if (ctx == NULL)
@@ -2921,18 +2920,14 @@ cleanup:
return retval;
}
-static void
-openssl_init()
+int
+pkinit_openssl_init()
{
- static int did_init = 0;
-
- if (!did_init) {
- /* initialize openssl routines */
- CRYPTO_malloc_init();
- ERR_load_crypto_strings();
- OpenSSL_add_all_algorithms();
- did_init++;
- }
+ /* Initialize OpenSSL. */
+ CRYPTO_malloc_init();
+ ERR_load_crypto_strings();
+ OpenSSL_add_all_algorithms();
+ return 0;
}
static krb5_error_code
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
