[Spice-devel] [PATCH 7/8] Initialise OpenSSL just once

Pavel Grunt pgrunt at redhat.com
Wed Jun 22 08:35:05 UTC 2016 

On Wed, 2016-06-22 at 03:01 -0400, Frediano Ziglio wrote:
> > 
> > 
> > Hi,
> > 
> > On Mon, 2016-06-20 at 10:15 +0100, Frediano Ziglio wrote:
> > > Avoid multiple initializations of this library.
> > imo would be nice to mention that it is about threads
> > > 
> 
> What about
> 
> 
> Avoid multiple initializations of this library.
> Also initialize using thread safe code to avoid possible race conditions.
> 
Yes, thank you

Pavel

> 
> In theory one could allocate and use different SpiceServer structures
> so it's not only a thread issue. It's a pity that in 2016 a library
> is not able to initialize itself properly in a thread safe way.
> I don't know if LibreSSL fixed this.
> 
> Frediano
> 
> > > Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
> > > ---
> > >  server/reds.c | 16 ++++++++++++----
> > >  1 file changed, 12 insertions(+), 4 deletions(-)
> > > 
> > > diff --git a/server/reds.c b/server/reds.c
> > > index 0445623..c139d8d 100644
> > > --- a/server/reds.c
> > > +++ b/server/reds.c
> > > @@ -2801,8 +2801,19 @@ static void openssl_thread_setup(void)
> > >      CRYPTO_set_locking_callback(pthreads_locking_callback);
> > >  }
> > >  
> > > +static gpointer openssl_global_init(gpointer arg)
> > the parameter can be marked as G_GNUC_UNUSED
> > > +{
> > > +    SSL_library_init();
> > > +    SSL_load_error_strings();
> > > +
> > > +    openssl_thread_setup();
> > > +
> > > +    return NULL;
> > > +}
> > > +
> > >  static int reds_init_ssl(RedsState *reds)
> > >  {
> > > +    static GOnce openssl_once = G_ONCE_INIT;
> > >  #if OPENSSL_VERSION_NUMBER >= 0x10000000L
> > >      const SSL_METHOD *ssl_method;
> > >  #else
> > > @@ -2814,8 +2825,7 @@ static int reds_init_ssl(RedsState *reds)
> > >      long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
> > >  
> > >      /* Global system initialization*/
> > > -    SSL_library_init();
> > > -    SSL_load_error_strings();
> > > +    g_once (&openssl_once, openssl_global_init, NULL);
> > extra space  ^
> > >  
> > >      /* Create our context*/
> > >      /* SSLv23_method() handles TLSv1.x in addition to SSLv2/v3 */
> > > @@ -2879,8 +2889,6 @@ static int reds_init_ssl(RedsState *reds)
> > >          }
> > >      }
> > >  
> > > -    openssl_thread_setup();
> > > -
> > >  #ifndef SSL_OP_NO_COMPRESSION
> > >      STACK *cmp_stack = SSL_COMP_get_compression_methods();
> > >      sk_zero(cmp_stack);
> > 
> > besides that ack,
> > Pavel
> > 
> >

More information about the Spice-devel mailing list