Make OpenSSL usage thread-safe
OpenSSL can randomly segfault unless we register a callback function to do locking. https://www.openssl.org/docs/manmaster/crypto/threads.html
This commit is contained in:
parent
d361901bfe
commit
840056af04
|
@ -6,6 +6,8 @@ libmain_DIR := $(d)
|
||||||
|
|
||||||
libmain_SOURCES := $(wildcard $(d)/*.cc)
|
libmain_SOURCES := $(wildcard $(d)/*.cc)
|
||||||
|
|
||||||
|
libutil_LDFLAGS = $(OPENSSL_LIBS)
|
||||||
|
|
||||||
libmain_LIBS = libstore libutil libformat
|
libmain_LIBS = libstore libutil libformat
|
||||||
|
|
||||||
libmain_ALLOW_UNDEFINED = 1
|
libmain_ALLOW_UNDEFINED = 1
|
||||||
|
|
|
@ -5,10 +5,11 @@
|
||||||
#include "store-api.hh"
|
#include "store-api.hh"
|
||||||
#include "util.hh"
|
#include "util.hh"
|
||||||
|
|
||||||
#include <iostream>
|
#include <algorithm>
|
||||||
#include <cctype>
|
#include <cctype>
|
||||||
#include <exception>
|
#include <exception>
|
||||||
#include <algorithm>
|
#include <iostream>
|
||||||
|
#include <mutex>
|
||||||
|
|
||||||
#include <cstdlib>
|
#include <cstdlib>
|
||||||
#include <sys/time.h>
|
#include <sys/time.h>
|
||||||
|
@ -16,7 +17,7 @@
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
#include <signal.h>
|
#include <signal.h>
|
||||||
|
|
||||||
extern char * * environ;
|
#include <openssl/crypto.h>
|
||||||
|
|
||||||
|
|
||||||
namespace nix {
|
namespace nix {
|
||||||
|
@ -103,7 +104,18 @@ string getArg(const string & opt,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void detectStackOverflow();
|
/* OpenSSL is not thread-safe by default - it will randomly crash
|
||||||
|
unless the user supplies a mutex locking function. So let's do
|
||||||
|
that. */
|
||||||
|
static std::vector<std::mutex> opensslLocks;
|
||||||
|
|
||||||
|
static void opensslLockCallback(int mode, int type, const char * file, int line)
|
||||||
|
{
|
||||||
|
if (mode & CRYPTO_LOCK)
|
||||||
|
opensslLocks[type].lock();
|
||||||
|
else
|
||||||
|
opensslLocks[type].unlock();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
void initNix()
|
void initNix()
|
||||||
|
@ -119,6 +131,10 @@ void initNix()
|
||||||
if (getEnv("IN_SYSTEMD") == "1")
|
if (getEnv("IN_SYSTEMD") == "1")
|
||||||
logType = ltSystemd;
|
logType = ltSystemd;
|
||||||
|
|
||||||
|
/* Initialise OpenSSL locking. */
|
||||||
|
opensslLocks = std::vector<std::mutex>(CRYPTO_num_locks());
|
||||||
|
CRYPTO_set_locking_callback(opensslLockCallback);
|
||||||
|
|
||||||
settings.processEnvironment();
|
settings.processEnvironment();
|
||||||
settings.loadConfFile();
|
settings.loadConfFile();
|
||||||
|
|
||||||
|
|
|
@ -101,4 +101,8 @@ struct PrintFreed
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/* Install a SIGSEGV handler to detect stack overflows. */
|
||||||
|
void detectStackOverflow();
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue