add multithread reentrancy protection

3 files changed, 165 insertions, 4 deletions

diff --git a/debian/changelog b/debian/changelog
index 4d5e440..8ace2cc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+liblua-openssl (20141231-0) unstable; urgency=low
+
+  * Add multi-threaded re-entrancy protection, including explicitly
+    synchronizing OpenSSL initialization because OpenSSL doesn't appear to
+    use its own locking callbacks from initialization routines.
+
+ -- William Ahern <william@25thandClement.com>  Fri, 31 Jan 2014 14:27:30 -0800
+
 liblua-openssl (20131209-1) unstable; urgency=low
 
   * Initial release after splitting from cqueues project.
diff --git a/src/GNUmakefile b/src/GNUmakefile
index fcf79a6..a0c2f00 100644
--- a/src/GNUmakefile
+++ b/src/GNUmakefile
@@ -29,7 +29,7 @@ ifeq ($(CC_$(d)), sunpro)
 CPPFLAGS_$(d) += -DOPENSSL_NO_EC
 endif
 
-LDFLAGS_$(d) += -lssl -lcrypto
+LDFLAGS_$(d) += -lssl -lcrypto -lpthread -ldl
 
 #
 # C O M P I L A T I O N  R U L E S
diff --git a/src/openssl.c b/src/openssl.c
index c8af43d..64bbba4 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -1,7 +1,7 @@
 /* ==========================================================================
  * openssl.c - Lua OpenSSL
  * --------------------------------------------------------------------------
- * Copyright (c) 2012  William Ahern
+ * Copyright (c) 2012-2014  William Ahern
  *
  * Permission is hereby granted, free of charge, to any person obtaining a
  * copy of this software and associated documentation files (the
@@ -39,6 +39,10 @@
 #include <netinet/in.h> /* struct in_addr struct in6_addr */
 #include <arpa/inet.h>  /* inet_pton(3) */
 
+#include <pthread.h>    /* pthread_mutex_init(3) pthread_mutex_lock(3) pthread_mutex_unlock(3) */
+
+#include <dlfcn.h>      /* dladdr(3) dlopen(3) */
+
 #include <openssl/err.h>
 #include <openssl/bn.h>
 #include <openssl/asn1.h>
@@ -74,6 +78,13 @@
 #define CIPHER_CLASS     "EVP_CIPHER_CTX" /* not a pointer */
 
 
+#if __GNUC__
+#define NOTUSED __attribute__((unused))
+#else
+#define NOTUSED
+#endif
+
+
 #define countof(a) (sizeof (a) / sizeof *(a))
 #define endof(a) (&(a)[countof(a)])
 
@@ -3906,9 +3917,151 @@ int luaopen__openssl_rand(lua_State *L) {
 } /* luaopen__openssl_rand() */
 
 
+/*
+ * Multithread Reentrancy Protection
+ *
+ * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+
+static struct {
+        pthread_mutex_t *lock;
+        int nlock;
+
+        void *dlref;
+} mt_state;
+
+
+static void mt_lock(int mode, int type, const char *file NOTUSED, int line NOTUSED) {
+        if (mode & CRYPTO_LOCK)
+                pthread_mutex_lock(&mt_state.lock[type]);
+        else
+                pthread_mutex_unlock(&mt_state.lock[type]);
+} /* mt_lock() */
+
+
+/*
+ * Sources include Google and especially the Wine Project. See get_unix_tid
+ * at http://source.winehq.org/git/wine.git/?a=blob;f=dlls/ntdll/server.c.
+ */
+#if __FreeBSD__
+#include <sys/thr.h> /* thr_self(2) */
+#elif __NetBSD__
+#include <lwp.h> /* _lwp_self(2) */
+#endif
+
+static unsigned long mt_gettid(void) {
+#if __APPLE__
+        return pthread_mach_thread_np(pthread_self());
+#elif __DragonFly__
+        return lwp_gettid();
+#elif  __FreeBSD__
+        long id;
+
+        thr_self(&id);
+
+        return id;
+#elif __NetBSD__
+        return _lwp_self();
+#else
+        /*
+         * pthread_t is an integer on Solaris and Linux, and a unique pointer
+         * on OpenBSD.
+         */
+        return (unsigned long)pthread_self();
+#endif
+} /* mt_gettid() */
+
+
+static int mt_init(void) {
+        static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
+        int bound = 0, error = 0;
+
+        pthread_mutex_lock(&mutex);
+
+        if (!CRYPTO_get_locking_callback()) {
+                if (!mt_state.lock) {
+                        int i;
+
+                        mt_state.nlock = CRYPTO_num_locks();
+                
+                        if (!(mt_state.lock = malloc(mt_state.nlock * sizeof *mt_state.lock))) {
+                                error = errno;
+                                goto leave;
+                        }
+
+                        for (i = 0; i < mt_state.nlock; i++) {
+                                pthread_mutex_init(&mt_state.lock[i], NULL);
+                        }
+                }
+
+                CRYPTO_set_locking_callback(&mt_lock);
+                bound = 1;
+        }
+
+        if (!CRYPTO_get_id_callback()) {
+                CRYPTO_set_id_callback(&mt_gettid);
+                bound = 1;
+        }
+
+        /*
+         * Prevent loader from unlinking us if we've registered a callback
+         * with OpenSSL by taking another reference to ourselves.
+         */
+        if (bound && !mt_state.dlref) {
+                Dl_info info;
+
+                if (!dladdr(&luaopen__openssl_rand, &info)) {
+                        error = -1;
+                        goto leave;
+                }
+
+                if (!(mt_state.dlref = dlopen(info.dli_fname, RTLD_NOW|RTLD_LOCAL))) {
+                        error = -1;
+                        goto leave;
+                }
+        }
+
+leave:
+        pthread_mutex_unlock(&mutex);
+
+        return error;
+} /* mt_init() */
+
+
 static void initall(lua_State *L) {
-        ERR_load_crypto_strings();
-        OpenSSL_add_all_algorithms();
+        static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
+        static int initssl;
+        int error;
+
+        if ((error = mt_init())) {
+                if (error == -1) {
+                        luaL_error(L, "openssl.init: %s", dlerror());
+                } else {
+                        char why[256];
+
+                        if (0 != strerror_r(error, why, sizeof why) || *why == '\0')
+                                luaL_error(L, "openssl.init: Unknown error: %d", error);
+
+                        luaL_error(L, "openssl.init: %s", why);
+                }
+        }
+
+        pthread_mutex_lock(&mutex);
+
+        if (!initssl) {
+                initssl = 1;
+
+                SSL_load_error_strings();
+                SSL_library_init();
+                OpenSSL_add_all_algorithms();
+
+                /*
+                 * TODO: Figure out a way to detect whether OpenSSL has
+                 * already been configured.
+                 */
+                OPENSSL_config(NULL);
+        }
+
+        pthread_mutex_unlock(&mutex);
 
         addclass(L, BIGNUM_CLASS, bn_methods, bn_metatable);
         addclass(L, PUBKEY_CLASS, pk_methods, pk_metatable);