Make OpenSSL usage thread-safe

OpenSSL can randomly segfault unless we register a callback function
to do locking.

https://www.openssl.org/docs/manmaster/crypto/threads.html
This commit is contained in:
Eelco Dolstra 2016-02-22 14:49:15 +01:00
parent d361901bfe
commit 840056af04
3 changed files with 26 additions and 4 deletions

View file

@ -6,6 +6,8 @@ libmain_DIR := $(d)
libmain_SOURCES := $(wildcard $(d)/*.cc) libmain_SOURCES := $(wildcard $(d)/*.cc)
libutil_LDFLAGS = $(OPENSSL_LIBS)
libmain_LIBS = libstore libutil libformat libmain_LIBS = libstore libutil libformat
libmain_ALLOW_UNDEFINED = 1 libmain_ALLOW_UNDEFINED = 1

View file

@ -5,10 +5,11 @@
#include "store-api.hh" #include "store-api.hh"
#include "util.hh" #include "util.hh"
#include <iostream> #include <algorithm>
#include <cctype> #include <cctype>
#include <exception> #include <exception>
#include <algorithm> #include <iostream>
#include <mutex>
#include <cstdlib> #include <cstdlib>
#include <sys/time.h> #include <sys/time.h>
@ -16,7 +17,7 @@
#include <unistd.h> #include <unistd.h>
#include <signal.h> #include <signal.h>
extern char * * environ; #include <openssl/crypto.h>
namespace nix { namespace nix {
@ -103,7 +104,18 @@ string getArg(const string & opt,
} }
void detectStackOverflow(); /* OpenSSL is not thread-safe by default - it will randomly crash
unless the user supplies a mutex locking function. So let's do
that. */
static std::vector<std::mutex> opensslLocks;
static void opensslLockCallback(int mode, int type, const char * file, int line)
{
if (mode & CRYPTO_LOCK)
opensslLocks[type].lock();
else
opensslLocks[type].unlock();
}
void initNix() void initNix()
@ -119,6 +131,10 @@ void initNix()
if (getEnv("IN_SYSTEMD") == "1") if (getEnv("IN_SYSTEMD") == "1")
logType = ltSystemd; logType = ltSystemd;
/* Initialise OpenSSL locking. */
opensslLocks = std::vector<std::mutex>(CRYPTO_num_locks());
CRYPTO_set_locking_callback(opensslLockCallback);
settings.processEnvironment(); settings.processEnvironment();
settings.loadConfFile(); settings.loadConfFile();

View file

@ -101,4 +101,8 @@ struct PrintFreed
}; };
/* Install a SIGSEGV handler to detect stack overflows. */
void detectStackOverflow();
} }