Merge pull request #7230 from yossigo/tls-crypto-locks

TLS: Add crypto locks for older OpenSSL support.
2020-05-14 18:14:49 +02:00 · 2020-05-14 18:14:49 +02:00 · 112e19a59c
commit 112e19a59c
parent 67a4fb912f 450f0d7248
1 changed files with 45 additions and 0 deletions
--- a/src/tls.c
+++ b/src/tls.c
@ -93,11 +93,56 @@ static int parseProtocolsConfig(const char *str) {
 * served to the reader yet. */
 static list *pending_list = NULL;

+/**
+ * OpenSSL global initialization and locking handling callbacks.
+ * Note that this is only required for OpenSSL < 1.1.0.
+ */
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define USE_CRYPTO_LOCKS
+#endif
+
+#ifdef USE_CRYPTO_LOCKS
+
+static pthread_mutex_t *openssl_locks;
+
+static void sslLockingCallback(int mode, int lock_id, const char *f, int line) {
+    pthread_mutex_t *mt = openssl_locks + lock_id;
+
+    if (mode & CRYPTO_LOCK) {
+        pthread_mutex_lock(mt);
+    } else {
+        pthread_mutex_unlock(mt);
+    }
+
+    (void)f;
+    (void)line;
+}
+
+static void initCryptoLocks(void) {
+    unsigned i, nlocks;
+    if (CRYPTO_get_locking_callback() != NULL) {
+        /* Someone already set the callback before us. Don't destroy it! */
+        return;
+    }
+    nlocks = CRYPTO_num_locks();
+    openssl_locks = zmalloc(sizeof(*openssl_locks) * nlocks);
+    for (i = 0; i < nlocks; i++) {
+        pthread_mutex_init(openssl_locks + i, NULL);
+    }
+    CRYPTO_set_locking_callback(sslLockingCallback);
+}
+#endif /* USE_CRYPTO_LOCKS */
+
 void tlsInit(void) {
    ERR_load_crypto_strings();
    SSL_load_error_strings();
    SSL_library_init();

+#ifdef USE_CRYPTO_LOCKS
+    initCryptoLocks();
+#endif
+
    if (!RAND_poll()) {
        serverLog(LL_WARNING, "OpenSSL: Failed to seed random number generator.");
    }