From 5fa0494328b78a1ce8dba983c3f8028d123a62a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Mart=C3=ADn=20Nieto?= Date: Wed, 11 Jun 2014 23:19:48 +0200 Subject: [PATCH] ssl: use locking When using in a multithreaded context, OpenSSL needs to lock, and leaves it up to application to provide said locks. We were not doing this, and it's just luck that's kept us from crashing up to now. --- src/netops.c | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/src/netops.c b/src/netops.c index 7bce159ad..ba1a329e0 100644 --- a/src/netops.c +++ b/src/netops.c @@ -35,6 +35,11 @@ #include "http_parser.h" #include "global.h" +#if defined(GIT_SSL) && defined(GIT_THREADS) +/* OpenSSL wants us to keep an array of locks */ +static git_mutex *openssl_locks; +#endif + #ifdef GIT_WIN32 static void net_set_error(const char *str) { @@ -387,6 +392,24 @@ cert_fail_name: return -1; } +#ifdef GIT_THREADS +void openssl_locking_function(int mode, int n, const char *file, int line) +{ + int lock; + + GIT_UNUSED(file); + GIT_UNUSED(line); + + lock = mode & CRYPTO_LOCK; + + if (lock) { + git_mutex_lock(&openssl_locks[n]); + } else { + git_mutex_unlock(&openssl_locks[n]); + } +} +#endif + /** * The OpenSSL init functions are not reentrant so we need to init * them under lock. @@ -409,6 +432,25 @@ static int init_ssl(void) SSL_library_init(); SSL_load_error_strings(); +#ifdef GIT_THREADS + { + int num_locks, i; + + + CRYPTO_set_locking_callback(openssl_locking_function); + + num_locks = CRYPTO_num_locks(); + openssl_locks = git__calloc(num_locks, sizeof(git_mutex)); + for (i = 0; i < num_locks; i++) { + if (git_mutex_init(&openssl_locks[i]) < 0) { + git_mutex_unlock(&git__ssl_mutex); + giterr_set(GITERR_SSL, "failed to init lock %d", i); + return -1; + } + } + } +#endif + git_atomic_set(&git__ssl_init, 1); git_mutex_unlock(&git__ssl_mutex);