Folks,

I've tried a threaded server that uses openssl library under intel
thread checker, and it found a data race in OPENSSL_cleanse. I'm
unlucky to run a debug version of libcrypto.so.

Examining the code of crypto/mem_clr.c I've found that there is a
shared usage of ``cleanse_ctr'' without locking it:

>-----------------cut-------------------<

unsigned char cleanse_ctr = 0;

void OPENSSL_cleanse(void *ptr, size_t len)
{
unsigned char *p = ptr;
size_t loop = len;
while(loop--)
{
*(p++) = cleanse_ctr;
cleanse_ctr += (17 + (unsigned char)((unsigned long)p &
0xF));
}
if(memchr(ptr, cleanse_ctr, len))
cleanse_ctr += 63;
}
>-----------------cut-------------------<


If it is really called from different threads, it might have awfull
races.

Dows anybody knows smth. about this, and will be so pleasent to
describe it to me.

10x!