really fix race conditions

Submitted by: "Patrick McCormick" <patrick@tellme.com> PR: 262 PR: 291

really fix race conditions
Submitted by: "Patrick McCormick" <patrick@tellme.com> PR: 262 PR: 291
b8565a9a · Bodo Möller · 94960c84 · b8565a9a · b8565a9a · b8565a9a
11 changed file
--- a/CHANGES
+++ b/CHANGES
@@ -1931,7 +1931,9 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
        SSLv23_client_method(),   SSLv23_server_method(),
        SSLv2_client_method(),    SSLv2_server_method(),
        SSLv3_client_method(),    SSLv3_server_method(),
-        TLSv1_client_method(),    TLSv1_server_method().
+        TLSv1_client_method(),    TLSv1_server_method(),
+        ssl2_get_cipher_by_char(),
+        ssl3_get_cipher_by_char().
     [Patrick McCormick <patrick@tellme.com>, Bodo Moeller]

  *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after

--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -89,11 +89,14 @@ SSL_METHOD *SSLv23_client_method(void)
 		{
 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);

+		if (init)
+			{
 			memcpy((char *)&SSLv23_client_data,
 				(char *)sslv23_base_method(),sizeof(SSL_METHOD));
 			SSLv23_client_data.ssl_connect=ssl23_connect;
 			SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
 			init=0;
+			}

 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}

--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -141,11 +141,14 @@ SSL_METHOD *SSLv23_server_method(void)
 		{
 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);

+		if (init)
+			{
 			memcpy((char *)&SSLv23_server_data,
 				(char *)sslv23_base_method(),sizeof(SSL_METHOD));
 			SSLv23_server_data.ssl_accept=ssl23_accept;
 			SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
 			init=0;
+			}

 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}

--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -147,11 +147,14 @@ SSL_METHOD *SSLv2_client_method(void)
 		{
 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);

+		if (init)
+			{
 			memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(),
 				sizeof(SSL_METHOD));
 			SSLv2_client_data.ssl_connect=ssl2_connect;
 			SSLv2_client_data.get_ssl_method=ssl2_get_client_method;
 			init=0;
+			}

 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}

--- a/ssl/s2_lib.c
+++ b/ssl/s2_lib.c
@@ -377,17 +377,21 @@ SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
 		{
 		CRYPTO_w_lock(CRYPTO_LOCK_SSL);

+		if (init)
+			{
 			for (i=0; i<SSL2_NUM_CIPHERS; i++)
 				sorted[i]= &(ssl2_ciphers[i]);

-		qsort(  (char *)sorted,
+			qsort((char *)sorted,
 				SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
 				FP_ICC ssl_cipher_ptr_id_cmp);

-		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
 			init=0;
 			}
 			
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+		}
+
 	id=0x02000000L|((unsigned long)p[0]<<16L)|
 		((unsigned long)p[1]<<8L)|(unsigned long)p[2];
 	c.id=id;

--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -147,11 +147,14 @@ SSL_METHOD *SSLv2_server_method(void)
 		{
 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);

+		if (init)
+			{
 			memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(),
 				sizeof(SSL_METHOD));
 			SSLv2_server_data.ssl_accept=ssl2_accept;
 			SSLv2_server_data.get_ssl_method=ssl2_get_server_method;
 			init=0;
+			}

 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}

--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -180,11 +180,14 @@ SSL_METHOD *SSLv3_client_method(void)
 		{
 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);

+		if (init)
+			{
 			memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
 				sizeof(SSL_METHOD));
 			SSLv3_client_data.ssl_connect=ssl3_connect;
 			SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
 			init=0;
+			}

 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}

--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -1819,18 +1819,21 @@ SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
 		{
 		CRYPTO_w_lock(CRYPTO_LOCK_SSL);

+		if (init)
+			{
 			for (i=0; i<SSL3_NUM_CIPHERS; i++)
 				sorted[i]= &(ssl3_ciphers[i]);

-		qsort(	(char *)sorted,
+			qsort(sorted,
 				SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
 				FP_ICC ssl_cipher_ptr_id_cmp);

-		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
-
 			init=0;
 			}
 		
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+		}
+
 	id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
 	c.id=id;
 	cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp,

--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -183,11 +183,14 @@ SSL_METHOD *SSLv3_server_method(void)
 		{
 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);

+		if (init)
+			{
 			memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
 				sizeof(SSL_METHOD));
 			SSLv3_server_data.ssl_accept=ssl3_accept;
 			SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
 			init=0;
+			}
 			
 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}

--- a/ssl/t1_clnt.c
+++ b/ssl/t1_clnt.c
@@ -81,11 +81,14 @@ SSL_METHOD *TLSv1_client_method(void)
 		{
 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);

+		if (init)
+			{
 			memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(),
 				sizeof(SSL_METHOD));
 			TLSv1_client_data.ssl_connect=ssl3_connect;
 			TLSv1_client_data.get_ssl_method=tls1_get_client_method;
 			init=0;
+			}
 		
 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}

--- a/ssl/t1_srvr.c
+++ b/ssl/t1_srvr.c
@@ -82,11 +82,14 @@ SSL_METHOD *TLSv1_server_method(void)
 		{
 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);

+		if (init)
+			{
 			memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(),
 				sizeof(SSL_METHOD));
 			TLSv1_server_data.ssl_accept=ssl3_accept;
 			TLSv1_server_data.get_ssl_method=tls1_get_server_method;
 			init=0;
+			}
 			
 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}