add libcrypto multithreading support infrastructure

I would have thought that for our usecase (we only ever access a copy of an md ctx in a single thread) we do not need this, but due to strange error output on CentOS 7.2.1511 libcrypto 1.0.1e, add it to be on the safe side: - Debug "vauth_sig.valid() failed%00" - Debug "crypto 139880179115568:error:04091068:lib(4):func(145):reason(104):rsa_sign.c:287:%0a%00" The interesting bit is the %00 at the end of both lines

add libcrypto multithreading support infrastructure
I would have thought that for our usecase (we only ever access a copy of an md ctx in a single thread) we do not need this, but due to strange error output on CentOS 7.2.1511 libcrypto 1.0.1e, add it to be on the safe side: - Debug "vauth_sig.valid() failed%00" - Debug "crypto 139880179115568:error:04091068:lib(4):func(145):reason(104):rsa_sign.c:287:%0a%00" The interesting bit is the %00 at the end of both lines
663ee568 · Nils Goroll · cca1990d · 663ee568
Commit 663ee568 authored Aug 29, 2018 by Nils Goroll
Hide whitespace changes
Inline Side-by-side

Showing with 75 additions and 0 deletions

vmod_crypto.c src/vmod_crypto.c +75 -0

No files found.
--- a/src/vmod_crypto.c
+++ b/src/vmod_crypto.c
@@ -28,6 +28,13 @@

 #include "config.h"

+#define OPENSSL_THREAD_DEFINES
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_THREADS
+#error "Need thread support in libcrypto"
+#endif
+
+
 #include <string.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -39,18 +46,86 @@

 #include "md.h"

+/*
+ * ------------------------------------------------------------
+ * libcryto housekeeping
+ *
+ * XXX unclear how this works if another vmod was to use libcrypto also
+ *     - namespace it?
+ */
+
+
+static unsigned long
+crypto_thread_id(void)
+{
+	return ((unsigned long)pthread_self());
+}
+
+static pthread_mutex_t *crypto_locks = NULL;
+static size_t crypto_locks_n = 0;
+
+static void
+crypto_lock(int mode, int n, const char *file, int line)
+{
+	(void) file;
+	(void) line;
+
+	AN(crypto_locks);
+	assert(n < crypto_locks_n);
+
+	if (mode & CRYPTO_LOCK)
+		pthread_mutex_lock(&crypto_locks[n]);
+	else
+		pthread_mutex_unlock(&crypto_locks[n]);
+}
+
 static __attribute__((constructor)) void
 init(void)
 {
+	size_t i, n;
+
 	md_init();
+
+	n = CRYPTO_num_locks();
+	crypto_locks = calloc(n, sizeof(pthread_mutex_t));
+	AN(crypto_locks);
+	crypto_locks_n = n;
+
+	for (i = 0; i < n; i++)
+		pthread_mutex_init(&crypto_locks[i], NULL);
+
+	CRYPTO_set_id_callback(crypto_thread_id);
+	CRYPTO_set_locking_callback(crypto_lock);
+
+	// deprecated in newer OpenSSL/libressl
 	OpenSSL_add_all_algorithms();
 }

 static __attribute__((destructor)) void
 fini(void)
 {
+	size_t i;

+	AN(crypto_locks);
+
+	EVP_cleanup();
+
+	CRYPTO_set_id_callback(NULL);
+	CRYPTO_set_locking_callback(NULL);
+
+	for (i = 0; i < crypto_locks_n; i++)
+		pthread_mutex_destroy(&crypto_locks[i]);
+
+	free(TRUST_ME(crypto_locks));
+	crypto_locks = NULL;
+	crypto_locks_n = 0;
 }
+
+/*
+ * ------------------------------------------------------------
+ * libcryto housekeeping
+ */
+
 #ifndef HAVE_EVP_MD_CTX_FREE
 #define EVP_MD_CTX_free(x) EVP_MD_CTX_destroy(x)
 #define EVP_MD_CTX_new() EVP_MD_CTX_create()