[Spice-devel] [PATCH 7/8] Initialise OpenSSL just once
Frediano Ziglio
fziglio at redhat.com
Wed Jun 22 07:01:37 UTC 2016
>
> Hi,
>
> On Mon, 2016-06-20 at 10:15 +0100, Frediano Ziglio wrote:
> > Avoid multiple initializations of this library.
> imo would be nice to mention that it is about threads
> >
What about
Avoid multiple initializations of this library.
Also initialize using thread safe code to avoid possible race conditions.
In theory one could allocate and use different SpiceServer structures
so it's not only a thread issue. It's a pity that in 2016 a library
is not able to initialize itself properly in a thread safe way.
I don't know if LibreSSL fixed this.
Frediano
> > Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
> > ---
> > server/reds.c | 16 ++++++++++++----
> > 1 file changed, 12 insertions(+), 4 deletions(-)
> >
> > diff --git a/server/reds.c b/server/reds.c
> > index 0445623..c139d8d 100644
> > --- a/server/reds.c
> > +++ b/server/reds.c
> > @@ -2801,8 +2801,19 @@ static void openssl_thread_setup(void)
> > CRYPTO_set_locking_callback(pthreads_locking_callback);
> > }
> >
> > +static gpointer openssl_global_init(gpointer arg)
> the parameter can be marked as G_GNUC_UNUSED
> > +{
> > + SSL_library_init();
> > + SSL_load_error_strings();
> > +
> > + openssl_thread_setup();
> > +
> > + return NULL;
> > +}
> > +
> > static int reds_init_ssl(RedsState *reds)
> > {
> > + static GOnce openssl_once = G_ONCE_INIT;
> > #if OPENSSL_VERSION_NUMBER >= 0x10000000L
> > const SSL_METHOD *ssl_method;
> > #else
> > @@ -2814,8 +2825,7 @@ static int reds_init_ssl(RedsState *reds)
> > long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
> >
> > /* Global system initialization*/
> > - SSL_library_init();
> > - SSL_load_error_strings();
> > + g_once (&openssl_once, openssl_global_init, NULL);
> extra space ^
> >
> > /* Create our context*/
> > /* SSLv23_method() handles TLSv1.x in addition to SSLv2/v3 */
> > @@ -2879,8 +2889,6 @@ static int reds_init_ssl(RedsState *reds)
> > }
> > }
> >
> > - openssl_thread_setup();
> > -
> > #ifndef SSL_OP_NO_COMPRESSION
> > STACK *cmp_stack = SSL_COMP_get_compression_methods();
> > sk_zero(cmp_stack);
>
> besides that ack,
> Pavel
>
>
More information about the Spice-devel
mailing list