------=_Part_27604_3186734.1204811943577
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

I do not know if it does or not. But, as an experienced programmer, I can
guarantee that even if it does not today, one day someone will do something
that will cause it to need it and you will start to get failures that will
take weeks to track down. Why can't people just do things right the first
time? Oh yeah, management. :P


On Thu, Mar 6, 2008 at 8:51 AM, Edward Diener
wrote:

> Bobby Krupczak wrote:
> > Hi!
> >
> >>>> The ORA Network Security with OpenSSL documents the few
> >>> stubs you need
> >>>> to in order for openssl to work with pthreads as well as windows
> >>>> threads. You can even download the example code from the net.
> >>> What is the link for the above ?
> >> http://www.oreilly.com/catalog/openssl/

> >
> > Yes, sorry I neglected to post the URL.
> >
> > The book's website is:
> >
> > http://www.opensslbook.com
> >
> > The example code also includes code for generating your own keys,
> > and certs in C so you can imbed it in your own programs. (This
> > question comes up periodically on the mailing list)
> >
> > The book is definitely worth owning.

>
> The book may be worth owning but we need an immediate solution. I did
> find the code in crypto/threads/mttest.c and do understand it, so I know
> what needs to be done.
>
> Our situation is that we are using OpenSSL from a single Windows DLL in
> a multi-threaded Web Server application. The claim has been made by
> others in my programming group that our use of OpenSSL has been in place
> in a previous release of our product without noticable problems. We have
> not implemented the equivalent code similar to mttest.c to protect
> threads, nor have we put critical sections around our own use of OpenSSL
> in the single Windows DLL to make sure only one thread uses OpenSSL at a
> time. Our use of OpenSSL in our single DLL has been strictly in calls to
> EVP_ and HMAC_ functionality, but these calls can obviously be made by
> multiple threads of the web server application "simultaneously". Have we
> just been lucky not to have experienced problems in the past, without
> thread protection, or is it possible that the calls to the cryptographic
> functions for EVP_ and HMAC_ actually do not need multi-threaded
> protection as outlined in mttest.c ? Our own DLL which uses OpenSSL has
> itself no global data structures which need protection.
>
> BTW I am entirely in favor of providing the multi-threaded protection
> outlined in mttest.c above, but I have to convince others that it is
> absolutely needed else the inertia of others will just turn away from
> this problem. So if you, as an OpenSSL expert, tell me that our use of
> EVP_ and HMAC_ cryptographic functions needs multi-threaded protection,
> else crashes could occur, I can pass this on to the other people
> involved, since I can not enforce decisions although I am a C++
> programming expert.
>
> __________________________________________________ ____________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majordomo@openssl.org
>




--
================================================== ============================
John T. Cox
e-mail vampire77@gmail.com
www http://members.iglou.com/vampire
================================================== ============================

------=_Part_27604_3186734.1204811943577
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

I do not know if it does or not. But, as an experienced programmer, I can guarantee that even if it does not today, one day someone will do something that will cause it to need it and you will start to get failures that will take weeks to track down. Why can't people just do things right the first time? Oh yeah, management. :P



On Thu, Mar 6, 2008 at 8:51 AM, Edward Diener <eldiener@tropicsoft.com> wrote:

Bobby Krupczak wrote:

> Hi!

>

>>>> The ORA Network Security with OpenSSL documents the few

>>> stubs you need

>>>> to in order for openssl to work with pthreads as well as windows

>>>> threads.  You can even download the example code from the net.

>>> What is the link for the above ?

>> http://www.oreilly.com/catalog/openssl/

>

> Yes, sorry I neglected to post the URL.

>

> The book's website is:

>

> http://www.opensslbook.com

>

> The example code also includes code for generating your own keys,

> and certs in C so you can imbed it in your own programs.  (This

> question comes up periodically on the mailing list)

>

> The book is definitely worth owning.



The book may be worth owning but we need an immediate solution. I did

find the code in crypto/threads/mttest.c and do understand it, so I know

what needs to be done.



Our situation is that we are using OpenSSL from a single Windows DLL in

a multi-threaded Web Server application. The claim has been made by

others in my programming group that our use of OpenSSL has been in place

in a previous release of our product without noticable problems. We have

not implemented the equivalent code similar to mttest.c to protect

threads, nor have we put critical sections around our own use of OpenSSL

in the single Windows DLL to make sure only one thread uses OpenSSL at a

time. Our use of OpenSSL in our single DLL has been strictly in calls to

EVP_ and HMAC_ functionality, but these calls can obviously be made by

multiple threads of the web server application "simultaneously". Have we

just been lucky not to have experienced problems in the past, without

thread protection, or is it possible that the calls to the cryptographic

functions for EVP_ and HMAC_ actually do not need multi-threaded

protection as outlined in mttest.c ? Our own DLL which uses OpenSSL has

itself no global data structures which need protection.



BTW I am entirely in favor of providing the multi-threaded protection

outlined in mttest.c above, but I have to convince others that it is

absolutely needed else the inertia of others will just turn away from

this problem. So if you, as an OpenSSL expert, tell me that our use of

EVP_ and HMAC_ cryptographic functions needs multi-threaded protection,

else crashes could occur, I can pass this on to the other people

involved, since I can not enforce decisions although I am a C++

programming expert.



__________________________________________________ ____________________

OpenSSL Project                                 http://www.openssl.org

User Support Mailing List                    penssl-users@openssl.org">openssl-users@openssl.org

Automated List Manager                           majordomo@openssl.org




--
================================================== ============================
                               John T. Cox
                         e-mail vampire77@gmail.com

                   www http://members.iglou.com/vampire
================================================== ============================


------=_Part_27604_3186734.1204811943577--
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org