Locking issues.

4 files changed, 35 insertions, 10 deletions

diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
index 9de60fd528..8634c078d8 100644
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -133,11 +133,11 @@ int CRYPTO_get_new_lockid(char *name)
 	char *str;
 	int i;
 
+#if defined(WIN32) || defined(WIN16)
 	/* A hack to make Visual C++ 5.0 work correctly when linking as
 	 * a DLL using /MT. Without this, the application cannot use
 	 * and floating point printf's.
 	 * It also seems to be needed for Visual C 1.5 (win16) */
-#if defined(WIN32) || defined(WIN16)
 	SSLeay_MSVC5_hack=(double)name[0]*(double)name[1];
 #endif
 
diff --git a/crypto/ex_data.c b/crypto/ex_data.c
index 35ea2c2982..3898c33f86 100644
--- a/crypto/ex_data.c
+++ b/crypto/ex_data.c
@@ -1,4 +1,17 @@
 /* crypto/ex_data.c */
+
+/*
+ * This is not thread-safe, nor can it be changed to become thread-safe
+ * without changing various function prototypes and using a lot of locking.
+ * Luckily, it's not really used anywhere except in ssl_verify_cert_chain
+ * via SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c), where
+ * new_func, dup_func, and free_func all are 0.
+ *
+ * Any multi-threaded application crazy enough to use ex_data for its own
+ * purposes had better make sure that SSL_get_ex_data_X509_STORE_CTX_idx
+ * is called once before multiple threads are created.
+ */
+
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c
index 9ed8184e45..a6c70e431a 100644
--- a/crypto/mem_dbg.c
+++ b/crypto/mem_dbg.c
@@ -678,7 +678,15 @@ void CRYPTO_mem_leaks(BIO *b)
 		 * void_fn_to_char kludge in CRYPTO_mem_leaks_cb.
 		 * Otherwise the code police will come and get us.)
 		 */
+		int old_mh_mode;
+
 		CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+
+		/* avoid deadlock when lh_free() uses CRYPTO_dbg_free(),
+		 * which uses CRYPTO_is_mem_check_on */
+		old_mh_mode = mh_mode;
+		mh_mode = CRYPTO_MEM_CHECK_OFF;
+
 		if (mh != NULL)
 			{
 			lh_free(mh);
@@ -692,6 +700,8 @@ void CRYPTO_mem_leaks(BIO *b)
 				amih = NULL;
 				}
 			}
+
+		mh_mode = old_mh_mode;
 		CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
 		}
 	MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 0f4110cc64..32515cbcc4 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -80,10 +80,7 @@ const char *X509_version="X.509" OPENSSL_VERSION_PTEXT;
 
 static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_ctx_method=NULL;
 static int x509_store_ctx_num=0;
-#if 0
-static int x509_store_num=1;
-static STACK *x509_store_method=NULL;
-#endif
+
 
 static int null_callback(int ok, X509_STORE_CTX *e)
 	{
@@ -702,12 +699,17 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
 
 int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-        {
-        x509_store_ctx_num++;
-        return CRYPTO_get_ex_new_index(x509_store_ctx_num-1,
+	{
+	/* This function is (usually) called only once, by
+	 * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c).
+	 * That function uses locking, so we don't (usually)
+	 * have to worry about locking here. For the whole cruel
+	 * truth, see crypto/ex_data.c */
+	x509_store_ctx_num++;
+	return CRYPTO_get_ex_new_index(x509_store_ctx_num-1,
 		&x509_store_ctx_method,
-                argl,argp,new_func,dup_func,free_func);
-        }
+		argl,argp,new_func,dup_func,free_func);
+	}
 
 int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
 	{