openssl_init in multithreaded programs

Wed Jun 10 12:05:28 EDT 2015

Hello,

I'm using a multithreaded program that performs krb5 calls.

I'm getting segfaults when krb5 calls 
pkinit_init_plg_crypto->openssl_init->OPENSSL_add_all_algorithms_noconf.

openssl_init in pkinit_crypto_openssl.c has the following code:

static void
openssl_init() {
     static int did_init = 0;

     if (!did_init) {
         /* initialize openssl routines */
         CRYPTO_malloc_init();
         ERR_load_crypto_strings();
         OpenSSL_add_all_algorithms();
         did_init++;
     }
}

The static did_init is incremented _after_ the calls to OpenSSL. This 
enlarges the time interval between the test and the set of did_init. 
Several threads may slip through this time window and they cause the 
segfault when they call the OpenSSL functions concurrently.

Is this a bug in krb5? Or should I use the exclusion mechanisms of 
OpenSSL (https://www.openssl.org/docs/crypto/threads.html) before 
calling any krb5 function?

Thank you,
Sorin
_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.