New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PKITS 4.10.7 and 4.10.8 hang on Windows in OpenSSL 3.0 #19643
Comments
The issue is that there is an attempt to obtain a lock which is already held. The function in question is
Using pthreads the second attempt to obtain the lock simply fails and we skip the line that sets the Under Windows it seems that attempting to obtain the lock a second time hangs. This is all just wrong and the change from 9aa4be6 is just wrong. In fact the whole setting of the The fix itself is easy - but setting "help wanted" because a test should be constructed for this. |
This reverts commit 9aa4be6. Fixes openssl#19643
It seems that in the case of USE_RWLOCK, we don't set PTHREAD_MUTEX_NORMAL or PTHREAD_MUTEX_ERRORCHECK. We probably should. |
Hmm, perhaps only in debug builds? |
In case of !USE_RWLOCK, debug builds get ERRORCHECK, other builds
NORMAL. In case of USE_RWLOCK, it seems we get DEFAULT because we don't
set it.
|
So properly reading the manpages, only for mutexs can you set the things
like recursive or not. For an rwlock it's just undefined, and seems to
depend on the architecture.
So maybe it can be useful for a debug build to not uwe rwlocks, but
instead use the mutex in error checking mode.
|
This reverts commit 9aa4be6 and removed the redundant flag setting. Fixes openssl#19643
Are you saying we lock the write-lock while already holding the read-lock ? |
It's a wrtie lock while holding a write lock. |
This reverts commit 9aa4be6 and removed the redundant flag setting. Fixes openssl#19643 Fixes LOW CVE-2022-3996
This reverts commit 9aa4be6 and removed the redundant flag setting. Fixes openssl#19643 Fixes LOW CVE-2022-3996
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #19652)
This reverts commit 9aa4be6 and removed the redundant flag setting. Fixes #19643 Fixes LOW CVE-2022-3996 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #19652) (cherry picked from commit 4d0340a)
This reverts commit 9aa4be6 and removed the redundant flag setting. Fixes #19643 Fixes LOW CVE-2022-3996 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #19652) (cherry picked from commit 4d0340a)
This reverts commit 9aa4be6 and removed the redundant flag setting. Fixes openssl#19643 Fixes LOW CVE-2022-3996 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#19652)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#19652)
Is there any ETA for releasing this fix? |
Presuming
TA.pem
is the trust anchor from PKITS, the following works fine on GNU/Linux but hangs on Windows:Similarly for the next test.
git bisect suggests the problem is 9aa4be6 so I presume the difference is something to do with the way locking works on Windows compared to pthreads.
The text was updated successfully, but these errors were encountered: