diff --git a/CHANGES b/CHANGES index 2443971bba9929ddb4ec050f9328b9b6bfa394c6..feba2200e7f61c4afd57b5e1684233c477589927 100644 --- a/CHANGES +++ b/CHANGES @@ -1928,10 +1928,10 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller] *) Fix initialization code race conditions in - SSLv23_client_method(), SSLv23_server_method(), - SSLv2_client_method(), SSLv2_server_method(), - SSLv3_client_method(), SSLv3_server_method(), - TLSv1_client_method(), TLSv1_server_method(), + SSLv23_method(), SSLv23_client_method(), SSLv23_server_method(), + SSLv2_method(), SSLv2_client_method(), SSLv2_server_method(), + SSLv3_method(), SSLv3_client_method(), SSLv3_server_method(), + TLSv1_method(), TLSv1_client_method(), TLSv1_server_method(), ssl2_get_cipher_by_char(), ssl3_get_cipher_by_char(). [Patrick McCormick , Bodo Moeller] diff --git a/ssl/s23_meth.c b/ssl/s23_meth.c index 40684311db30e3421ba39fcf4f8e4a6d3986e989..f207140835f8680741db3e4ad3de83f69b1b0712 100644 --- a/ssl/s23_meth.c +++ b/ssl/s23_meth.c @@ -80,12 +80,19 @@ SSL_METHOD *SSLv23_method(void) if (init) { - memcpy((char *)&SSLv23_data,(char *)sslv23_base_method(), - sizeof(SSL_METHOD)); - SSLv23_data.ssl_connect=ssl23_connect; - SSLv23_data.ssl_accept=ssl23_accept; - SSLv23_data.get_ssl_method=ssl23_get_method; - init=0; + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + + if (init) + { + memcpy((char *)&SSLv23_data,(char *)sslv23_base_method(), + sizeof(SSL_METHOD)); + SSLv23_data.ssl_connect=ssl23_connect; + SSLv23_data.ssl_accept=ssl23_accept; + SSLv23_data.get_ssl_method=ssl23_get_method; + init=0; + } + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv23_data); } diff --git a/ssl/s2_meth.c b/ssl/s2_meth.c index d30b7179f7cfe0d74c799eab0068ff98a764ef9d..8b6cbd086e2ab7ba84886ee52a49fe0758022870 100644 --- a/ssl/s2_meth.c +++ b/ssl/s2_meth.c @@ -77,12 +77,19 @@ SSL_METHOD *SSLv2_method(void) if (init) { - memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(), - sizeof(SSL_METHOD)); - SSLv2_data.ssl_connect=ssl2_connect; - SSLv2_data.ssl_accept=ssl2_accept; - SSLv2_data.get_ssl_method=ssl2_get_method; - init=0; + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + + if (init) + { + memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(), + sizeof(SSL_METHOD)); + SSLv2_data.ssl_connect=ssl2_connect; + SSLv2_data.ssl_accept=ssl2_accept; + SSLv2_data.get_ssl_method=ssl2_get_method; + init=0; + } + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv2_data); } diff --git a/ssl/s3_meth.c b/ssl/s3_meth.c index 81bcad89c52f7f0fa1c24c3c85d1e9de4201592e..1fd7a96f87ba23ce91c57d14f428c4fb839f7122 100644 --- a/ssl/s3_meth.c +++ b/ssl/s3_meth.c @@ -76,12 +76,19 @@ SSL_METHOD *SSLv3_method(void) if (init) { - memcpy((char *)&SSLv3_data,(char *)sslv3_base_method(), - sizeof(SSL_METHOD)); - SSLv3_data.ssl_connect=ssl3_connect; - SSLv3_data.ssl_accept=ssl3_accept; - SSLv3_data.get_ssl_method=ssl3_get_method; - init=0; + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + + if (init) + { + memcpy((char *)&SSLv3_data,(char *)sslv3_base_method(), + sizeof(SSL_METHOD)); + SSLv3_data.ssl_connect=ssl3_connect; + SSLv3_data.ssl_accept=ssl3_accept; + SSLv3_data.get_ssl_method=ssl3_get_method; + init=0; + } + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } return(&SSLv3_data); } diff --git a/ssl/t1_meth.c b/ssl/t1_meth.c index 9bb36a7d1ca97cb8661480bd9d006f0d5b7c4054..fcc243f782643d5cdb3c015d90390a442562208f 100644 --- a/ssl/t1_meth.c +++ b/ssl/t1_meth.c @@ -76,13 +76,21 @@ SSL_METHOD *TLSv1_method(void) if (init) { - memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(), - sizeof(SSL_METHOD)); - TLSv1_data.ssl_connect=ssl3_connect; - TLSv1_data.ssl_accept=ssl3_accept; - TLSv1_data.get_ssl_method=tls1_get_method; - init=0; + CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD); + + if (init) + { + memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(), + sizeof(SSL_METHOD)); + TLSv1_data.ssl_connect=ssl3_connect; + TLSv1_data.ssl_accept=ssl3_accept; + TLSv1_data.get_ssl_method=tls1_get_method; + init=0; + } + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD); } + return(&TLSv1_data); }