diff options
| author | Tomas Kuthan <tkuthan@gmail.com> | 2014-04-11 15:36:53 +0200 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2014-04-15 12:21:13 -0400 |
| commit | d49e9f0e14adb24e6fe129080c54a0571a39611b (patch) | |
| tree | ee21c054e3e84baaa40217914bc3abfd24fc817c | |
| parent | 3b72cefb1bbf231192a2b92c31f2c91217f7d58c (diff) | |
| download | krb5-d49e9f0e14adb24e6fe129080c54a0571a39611b.tar.gz krb5-d49e9f0e14adb24e6fe129080c54a0571a39611b.tar.xz krb5-d49e9f0e14adb24e6fe129080c54a0571a39611b.zip | |
In PKINIT, use library initializer for OpenSSL
Use a library initializer to prevent multiple threads using PKINIT
from concurently initializing OpenSSL functions. For cases where
MT-safety is not assured by registering OpenSSL locking callbacks,
this significantly lowers the odds of crashes caused by races in
OpenSSL initialization. (If OpenSSL initialization functions are
called by some other thread directly, crashes are still possible.)
[ghudson@mit.edu: simplify code changes and commit message]
ticket: 6413
| -rw-r--r-- | src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 25 |
1 files changed, 10 insertions, 15 deletions
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c index 02378134f..6133f093e 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c @@ -43,8 +43,6 @@ #include "pkinit_crypto_openssl.h" -static void openssl_init(void); - static krb5_error_code pkinit_init_pkinit_oids(pkinit_plg_crypto_context ); static void pkinit_fini_pkinit_oids(pkinit_plg_crypto_context ); @@ -423,14 +421,15 @@ unsigned char pkinit_4096_dhprime[4096/8] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; +MAKE_INIT_FUNCTION(pkinit_openssl_init); + krb5_error_code pkinit_init_plg_crypto(pkinit_plg_crypto_context *cryptoctx) { krb5_error_code retval = ENOMEM; pkinit_plg_crypto_context ctx = NULL; - /* initialize openssl routines */ - openssl_init(); + (void)CALL_INIT_FUNCTION(pkinit_openssl_init); ctx = malloc(sizeof(*ctx)); if (ctx == NULL) @@ -2921,18 +2920,14 @@ cleanup: return retval; } -static void -openssl_init() +int +pkinit_openssl_init() { - static int did_init = 0; - - if (!did_init) { - /* initialize openssl routines */ - CRYPTO_malloc_init(); - ERR_load_crypto_strings(); - OpenSSL_add_all_algorithms(); - did_init++; - } + /* Initialize OpenSSL. */ + CRYPTO_malloc_init(); + ERR_load_crypto_strings(); + OpenSSL_add_all_algorithms(); + return 0; } static krb5_error_code |