diff options
author | William Ahern <william@25thandClement.com> | 2014-01-31 14:41:53 -0800 |
---|---|---|
committer | William Ahern <william@25thandClement.com> | 2014-01-31 14:41:53 -0800 |
commit | 331bc576f5bf394bcc006a8cb7766062dabdfe9c (patch) | |
tree | 519cfa9cce121d1c4182ca249c07a57e40d7c97a /src | |
parent | 864c08cc3e75442443d3492cf3084b704ef5af70 (diff) | |
download | luaossl-331bc576f5bf394bcc006a8cb7766062dabdfe9c.tar.gz luaossl-331bc576f5bf394bcc006a8cb7766062dabdfe9c.tar.bz2 luaossl-331bc576f5bf394bcc006a8cb7766062dabdfe9c.zip |
add multithread reentrancy protection
Diffstat (limited to 'src')
-rw-r--r-- | src/GNUmakefile | 2 | ||||
-rw-r--r-- | src/openssl.c | 159 |
2 files changed, 157 insertions, 4 deletions
diff --git a/src/GNUmakefile b/src/GNUmakefile index fcf79a6..a0c2f00 100644 --- a/src/GNUmakefile +++ b/src/GNUmakefile @@ -29,7 +29,7 @@ ifeq ($(CC_$(d)), sunpro) CPPFLAGS_$(d) += -DOPENSSL_NO_EC endif -LDFLAGS_$(d) += -lssl -lcrypto +LDFLAGS_$(d) += -lssl -lcrypto -lpthread -ldl # # C O M P I L A T I O N R U L E S diff --git a/src/openssl.c b/src/openssl.c index c8af43d..64bbba4 100644 --- a/src/openssl.c +++ b/src/openssl.c @@ -1,7 +1,7 @@ /* ========================================================================== * openssl.c - Lua OpenSSL * -------------------------------------------------------------------------- - * Copyright (c) 2012 William Ahern + * Copyright (c) 2012-2014 William Ahern * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -39,6 +39,10 @@ #include <netinet/in.h> /* struct in_addr struct in6_addr */ #include <arpa/inet.h> /* inet_pton(3) */ +#include <pthread.h> /* pthread_mutex_init(3) pthread_mutex_lock(3) pthread_mutex_unlock(3) */ + +#include <dlfcn.h> /* dladdr(3) dlopen(3) */ + #include <openssl/err.h> #include <openssl/bn.h> #include <openssl/asn1.h> @@ -74,6 +78,13 @@ #define CIPHER_CLASS "EVP_CIPHER_CTX" /* not a pointer */ +#if __GNUC__ +#define NOTUSED __attribute__((unused)) +#else +#define NOTUSED +#endif + + #define countof(a) (sizeof (a) / sizeof *(a)) #define endof(a) (&(a)[countof(a)]) @@ -3906,9 +3917,151 @@ int luaopen__openssl_rand(lua_State *L) { } /* luaopen__openssl_rand() */ +/* + * Multithread Reentrancy Protection + * + * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ + +static struct { + pthread_mutex_t *lock; + int nlock; + + void *dlref; +} mt_state; + + +static void mt_lock(int mode, int type, const char *file NOTUSED, int line NOTUSED) { + if (mode & CRYPTO_LOCK) + pthread_mutex_lock(&mt_state.lock[type]); + else + pthread_mutex_unlock(&mt_state.lock[type]); +} /* mt_lock() */ + + +/* + * Sources include Google and especially the Wine Project. See get_unix_tid + * at http://source.winehq.org/git/wine.git/?a=blob;f=dlls/ntdll/server.c. + */ +#if __FreeBSD__ +#include <sys/thr.h> /* thr_self(2) */ +#elif __NetBSD__ +#include <lwp.h> /* _lwp_self(2) */ +#endif + +static unsigned long mt_gettid(void) { +#if __APPLE__ + return pthread_mach_thread_np(pthread_self()); +#elif __DragonFly__ + return lwp_gettid(); +#elif __FreeBSD__ + long id; + + thr_self(&id); + + return id; +#elif __NetBSD__ + return _lwp_self(); +#else + /* + * pthread_t is an integer on Solaris and Linux, and a unique pointer + * on OpenBSD. + */ + return (unsigned long)pthread_self(); +#endif +} /* mt_gettid() */ + + +static int mt_init(void) { + static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; + int bound = 0, error = 0; + + pthread_mutex_lock(&mutex); + + if (!CRYPTO_get_locking_callback()) { + if (!mt_state.lock) { + int i; + + mt_state.nlock = CRYPTO_num_locks(); + + if (!(mt_state.lock = malloc(mt_state.nlock * sizeof *mt_state.lock))) { + error = errno; + goto leave; + } + + for (i = 0; i < mt_state.nlock; i++) { + pthread_mutex_init(&mt_state.lock[i], NULL); + } + } + + CRYPTO_set_locking_callback(&mt_lock); + bound = 1; + } + + if (!CRYPTO_get_id_callback()) { + CRYPTO_set_id_callback(&mt_gettid); + bound = 1; + } + + /* + * Prevent loader from unlinking us if we've registered a callback + * with OpenSSL by taking another reference to ourselves. + */ + if (bound && !mt_state.dlref) { + Dl_info info; + + if (!dladdr(&luaopen__openssl_rand, &info)) { + error = -1; + goto leave; + } + + if (!(mt_state.dlref = dlopen(info.dli_fname, RTLD_NOW|RTLD_LOCAL))) { + error = -1; + goto leave; + } + } + +leave: + pthread_mutex_unlock(&mutex); + + return error; +} /* mt_init() */ + + static void initall(lua_State *L) { - ERR_load_crypto_strings(); - OpenSSL_add_all_algorithms(); + static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; + static int initssl; + int error; + + if ((error = mt_init())) { + if (error == -1) { + luaL_error(L, "openssl.init: %s", dlerror()); + } else { + char why[256]; + + if (0 != strerror_r(error, why, sizeof why) || *why == '\0') + luaL_error(L, "openssl.init: Unknown error: %d", error); + + luaL_error(L, "openssl.init: %s", why); + } + } + + pthread_mutex_lock(&mutex); + + if (!initssl) { + initssl = 1; + + SSL_load_error_strings(); + SSL_library_init(); + OpenSSL_add_all_algorithms(); + + /* + * TODO: Figure out a way to detect whether OpenSSL has + * already been configured. + */ + OPENSSL_config(NULL); + } + + pthread_mutex_unlock(&mutex); addclass(L, BIGNUM_CLASS, bn_methods, bn_metatable); addclass(L, PUBKEY_CLASS, pk_methods, pk_metatable); |