New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TypeError exception (FFI related) when used in a multi threaded environment #1868
Comments
Thanks for the report. 0.8.2 contained a fix that was supposed to prevent this, but apparently it was incomplete. Are you able to replicate the problem if you replace |
Thank you for replying so fast. Yes, switching to openssl.backend also reproduce the same bug. It only short circuit the line 'multibackend' (obviously) and from serialization.py the trace goes directly to openssl/backend.py
|
Hmm. I'm not sure I understand how this can happen, it seems like Usually these are caused by loading the cffi library multiple times, but this doesn't look like it. If you call other functions in cryptography, do you still see this issue? |
I'm not doing many different types of crypto, so loading private key is typically the first thing I'm doing, and when this fail - there isn't a point to continue with other stuff. I'm not sure whether the exact trace, in the past I also did symmetric cryptography (using Fernet), and I had issues appearing only in Apache (as opposed to the reference wsgi server, which is single threaded). |
Are you running mod_python with multiple threads per backend process or just multiple pre-forked worker processes? |
Alex, I’ve now switched to nginx -> uwsgi, and everything is working fine. It is definitely a mod_wsgi (note: not mod_python, but mod_wsgi) only thing. Moreover, trying to repro the issue, I wrote a short sample program that would hammer the crypto simultaneously (attached) from multiple threads, but the package work just fine. I’ve also read the cryptography code, and couldn’t find anything. It appears mod_wsgi is doing something more evolving, maybe with FFI. At that point I decided to switch application server. Apache working with multiple threads in the backend, and the logs shows that mod_wsgi creates only one process (different than httpd), with multiple threads. The problem happens on a first call from a different thread. u. From: Alex Stapleton [mailto:notifications@github.com] Are you running mod_python with multiple threads per backend process or just multiple pre-forked worker processes? — import time logging.getLogger().setLevel(logging.INFO) def read_public(): def read_private(): def encrypt(msg): def decrypt(cipher): def decrypt_wrapper(cipher, result, thread_index): def single_thread_way(): def multi_thread_way(): def main(): private_pem = '''-----BEGIN RSA PRIVATE KEY----- public_pem = '''-----BEGIN PUBLIC KEY----- if name == 'main': |
This problem will possibly go away with cffi 1.0 (when using the new precompile features). Let's leave this open for now and revisit once 1.0 is out and we've upgraded cryptography to use the new code paths. |
This and #1776 definitely seem to be fixed by using master. 👍 Good work @reaperhulk and everyone else involved |
The 1.0 release (expect it in ~2 weeks) will contain this fix, so closing this. |
I'm getting the following exception:
The exception isn't deterministic, but it is guaranteed to happen after a short while. I'm running from a wsgi module within apache (mod_apache). I'm running cryptography 0.8.2
The code that I'm running is:
From logs on the calling module, I'm learning that it when it happens it is always the first time I'm calling
load_pem_private_key
from a new thread.The text was updated successfully, but these errors were encountered: