Skip to content

Prevent data race between SSL handshake and data read #4418

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Prevent data race between SSL handshake and data read #4418

wants to merge 1 commit into from

Conversation

sauwming
Copy link
Member

@sauwming sauwming commented May 2, 2025

It is reported that a data race between SSL handshake and data read can cause handshake failure.

29-04 08:54:01,736 (7f6f3effd700)(1) [DEBUG] sip.cpp        :83   :LOC : ssock_on_accept_complete (nil) 1
29-04 08:54:01,738 (7f6f3effd700)(1) [WARN ]              SSL-TRACE  SSL - Create 0x7f6f05a6d320 0x7f6f05a50290 )
29-04 08:54:01,738 (7f6f3effd700)(1) [WARN ]              SSL-TRACE  SSL - On_Data_Accept 0x7f6f05a6d320 0x7f6f05a50290 )
29-04 08:54:01,738 (7f6f3effd700)(1) [WARN ]              SSL-TRACE  SSL - HS-Start 0x7f6f05a6d320 0x7f6f05a50290 )
29-04 08:54:01,738 (7f6f3e7fc700)(7) [DEBUG] sip.cpp        :83   :LOC : ssock_on_data_read 0x7f6f05a6d320 2
29-04 08:54:01,738 (7f6f3e7fc700)(7) [WARN ]              SSL-TRACE !SSL - On_Data_Read-1 0x7f6f05a6d320 0x7f6f05a50290 )
29-04 08:54:01,738 (7f6f3effd700)(1) [WARN ]              SSL-TRACE  SSL - HS-End 0x7f6f05a6d320 0x7f6f05a50290 )
29-04 08:54:01,738 (7f6f3effd700)(1) [WARN ]              SSL-TRACE !SSL - HS-Error 0x7f6f05a6d320 0x7f6f05a50290 )
29-04 08:54:01,738 (7f6f3effd700)(1) [NOTE ]                    SSL  BIO error, SSL_ERROR_SYSCALL (Handshake): errno: <0> <Success> len: 0
29-04 08:54:01,738 (7f6f3e7fc700)(7) [WARN ]              SSL-TRACE !SSL - HS-Start 0x7f6f05a6d320 0x7f6f05a50290 )
29-04 08:54:01,738 (7f6f3effd700)(1) [WARN ]      ssl0x7f6f05a51190 !Handshake failed on [...:5061](http://...:5061/) in accepting [...:60137](http://...:60137/): DH lib
29-04 08:54:01,741 (7f6f3e7fc700)(7) [WARN ]              SSL-TRACE !SSL - HS-End 0x7f6f05a6d320 0x7f6f05a50290 )
29-04 08:54:01,741 (7f6f3e7fc700)(7) [DEBUG] sip.cpp        :89   :ULOC: ssock_on_data_read 0x7f6f05a6d320 1
29-04 08:54:01,741 (7f6f3effd700)(1) [DEBUG] sip.cpp        :89   :ULOC: ssock_on_accept_complete 0x7f6f05a6d320 0

Note that although the issue is only reported on OpenSSL, the fix is done in the common SSL implementation. But this should be fine since the additional locking proposed in this patch is quite cheap (in other words, there's not much performance penalty since it only happens once at the start of the handshake).

@sauwming sauwming requested a review from nanangizz May 2, 2025 07:16
@sauwming sauwming self-assigned this May 2, 2025
@sauwming sauwming added this to the release-2.16 milestone May 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nanangizz nanangizz nanangizz approved these changes

Assignees

@sauwming sauwming

Labels
component: pjlib type: bug
Projects
None yet
Milestone
release-2.16
Development

Successfully merging this pull request may close these issues.
2 participants
@sauwming @nanangizz