[openssl-dev] [openssl.org #3752] Patch to fix thread ID support from FIPS module
John Foley via RT
rt at openssl.org
Mon Mar 16 18:21:08 UTC 2015
The following patch allows CRYPTO_thread_id() to be invoked from the
FIPS module. Without this patch the thread ID can not be retrieved
properly, leading to thread synchronization issues in the FIPS module.
Currently there's no way to exploit this problem since
CRYPTO_thread_id() isn't used within the FIPS module. However,
including this patch may prevent some headaches if the FIPS module
should use CRYPTO_thread_id() in the future.
diff --git a/crypto/o_init.c b/crypto/o_init.c
index b7b969b..8ce85b9 100644
--- a/crypto/o_init.c
+++ b/crypto/o_init.c
@@ -73,6 +73,7 @@ void OPENSSL_init(void)
done = 1;
#ifdef OPENSSL_FIPS
FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock);
+ FIPS_crypto_set_id_callback(CRYPTO_thread_id);
FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata);
FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free);
RAND_init_fips();
More information about the openssl-dev
mailing list