(openssl tls) when OpenSSL is older than 1.1, register the crypto locking callback to be thread safe. Should fix lots of CI failures

docs/CHANGELOG.md

@@ -1,6 +1,10 @@
 # Changelog
 All changes to this project will be documented in this file.
 
+## [9.5.5] - 2020-05-06
+
+(openssl tls) when OpenSSL is older than 1.1, register the crypto locking callback to be thread safe. Should fix lots of CI failures
+
 ## [9.5.4] - 2020-05-04
 
 (cobra bots) do not use a queue to store messages pending processing, let the bot handle queuing

ixwebsocket/IXCancellationRequest.cpp

@@ -6,8 +6,8 @@
 
 #include "IXCancellationRequest.h"
 
-#include <chrono>
 #include <cassert>
+#include <chrono>
 
 namespace ix
 {

ixwebsocket/IXNetSystem.h

@@ -19,6 +19,7 @@ typedef unsigned long int nfds_t;
 #else
 #include <arpa/inet.h>
 #include <errno.h>
+#include <fcntl.h>
 #include <netdb.h>
 #include <netinet/in.h>
 #include <netinet/ip.h>
@@ -29,7 +30,6 @@ typedef unsigned long int nfds_t;
 #include <sys/stat.h>
 #include <sys/time.h>
 #include <unistd.h>
-#include <fcntl.h>
 #endif
 
 namespace ix

ixwebsocket/IXSocketOpenSSL.cpp

@@ -85,6 +85,8 @@ namespace ix
 
     std::atomic<bool> SocketOpenSSL::_openSSLInitializationSuccessful(false);
     std::once_flag SocketOpenSSL::_openSSLInitFlag;
+    std::unique_ptr<std::mutex[]> SocketOpenSSL::_openSSLMutexes =
+        std::make_unique<std::mutex[]>(CRYPTO_num_locks());
 
     SocketOpenSSL::SocketOpenSSL(const SocketTLSOptions& tlsOptions, int fd)
         : Socket(fd)
@@ -106,6 +108,7 @@ namespace ix
         if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, nullptr)) return;
 #else
         (void) OPENSSL_config(nullptr);
+        CRYPTO_set_locking_callback(SocketOpenSSL::openSSLLockingCallback);
 #endif
 
         (void) OpenSSL_add_ssl_algorithms();
@@ -114,6 +117,21 @@ namespace ix
         _openSSLInitializationSuccessful = true;
     }
 
+    void SocketOpenSSL::openSSLLockingCallback(int mode,
+                                               int type,
+                                               const char* /*file*/,
+                                               int /*line*/)
+    {
+        if (mode & CRYPTO_LOCK)
+        {
+            _openSSLMutexes[type].lock();
+        }
+        else
+        {
+            _openSSLMutexes[type].unlock();
+        }
+    }
+
     std::string SocketOpenSSL::getSSLError(int ret)
     {
         unsigned long e;

ixwebsocket/IXSocketOpenSSL.h

@@ -49,6 +49,12 @@ namespace ix
         bool handleTLSOptions(std::string& errMsg);
         bool openSSLServerHandshake(std::string& errMsg);
 
+        // Required for OpenSSL < 1.1
+        void openSSLLockingCallback(int mode,
+                                    int type,
+                                    const char* /*file*/,
+                                    int /*line*/);
+
         SSL* _ssl_connection;
         SSL_CTX* _ssl_context;
         const SSL_METHOD* _ssl_method;
@@ -58,6 +64,7 @@ namespace ix
 
         static std::once_flag _openSSLInitFlag;
         static std::atomic<bool> _openSSLInitializationSuccessful;
+        static std::unique_ptr<std::mutex[]> _openSSLMutexes;
     };
 
 } // namespace ix

ixwebsocket/IXUdpSocket.h

@@ -18,7 +18,7 @@ typedef SSIZE_T ssize_t;
 #include "IXNetSystem.h"
 
 namespace ix
-{    
+{
     class UdpSocket
     {
     public:

ixwebsocket/IXWebSocketVersion.h

@@ -6,4 +6,4 @@
 
 #pragma once
 
-#define IX_WEBSOCKET_VERSION "9.5.4"
+#define IX_WEBSOCKET_VERSION "9.5.5"

makefile

@@ -148,7 +148,7 @@ test_tsan_mbedtls:
 	(cd test ; python2.7 run.py -r)
 
 build_test_openssl:
-	mkdir -p build && (cd build ; cmake -DCMAKE_BUILD_TYPE=Debug -DUSE_TLS=1 -DUSE_OPEN_SSL=1 -DUSE_TEST=1 .. ; make -j 4)
+	mkdir -p build && (cd build ; cmake -GNinja -DCMAKE_BUILD_TYPE=Debug -DUSE_TLS=1 -DUSE_OPEN_SSL=1 -DUSE_TEST=1 .. ; ninja install)
 
 test_openssl: build_test_openssl
 	(cd test ; python2.7 run.py -r)