OpenSSL and multithreaded programs

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

OpenSSL and multithreaded programs

Chris Dodd-2

Is the OpenSSL library supposed to be at all reentrant?  I've had odd
problems (intermittent errors) when trying to use OpenSSL in a multithreaded
program (multiple threads each dealing with independent SSL connections),
and have apparently solved them by creating a single global mutex and
wrapping a mutex acquire around every call into the library.  Is
this kind of locking expected to be needed?

Chris Dodd
[hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: OpenSSL and multithreaded programs

J. J. Farrell
> From: Chris Dodd
>
> Is the OpenSSL library supposed to be at all reentrant?  I've had odd
> problems (intermittent errors) when trying to use OpenSSL in
> a multithreaded
> program (multiple threads each dealing with independent SSL
> connections),
> and have apparently solved them by creating a single global mutex and
> wrapping a mutex acquire around every call into the library.  Is
> this kind of locking expected to be needed?

http://lmgtfy.com/?q=openssl+locking______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL and multithreaded programs

JoelKatz
In reply to this post by Chris Dodd-2
On 5/5/2011 10:01 AM, Chris Dodd wrote:


> Is the OpenSSL library supposed to be at all reentrant? I've had odd
> problems (intermittent errors) when trying to use OpenSSL in a
> multithreaded
> program (multiple threads each dealing with independent SSL connections),
> and have apparently solved them by creating a single global mutex and
> wrapping a mutex acquire around every call into the library. Is
> this kind of locking expected to be needed?

This should not be needed so long as you follow two rules:

1) You must properly set the multi-threaded locking callback.

2) You must not attempt to access the same object directly from two
threads at the same time. For example, you cannot call SSL_read and
SSL_write concurrently on the same SSL object.

DS

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: OpenSSL and multithreaded programs

mclellan, dave
In reply to this post by Chris Dodd-2
We use OpenSSL in a highly multi-threaded application and don't have problems.   There are some locking callbacks that you should be using.   Look up these:  

  CRYPTO_set_id_callback();
  CRYPTO_set_locking_callback();
  CRYPTO_set_dynlock_create_callback();
  CRYPTO_set_dynlock_lock_callback();
  CRYPTO_set_dynlock_destroy_callback();

Dave.

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Chris Dodd
Sent: Thursday, May 05, 2011 1:01 PM
To: [hidden email]
Subject: OpenSSL and multithreaded programs


Is the OpenSSL library supposed to be at all reentrant?  I've had odd
problems (intermittent errors) when trying to use OpenSSL in a multithreaded
program (multiple threads each dealing with independent SSL connections),
and have apparently solved them by creating a single global mutex and
wrapping a mutex acquire around every call into the library.  Is
this kind of locking expected to be needed?

Chris Dodd
[hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]