diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 85b846d9..d49a0f96 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -1,6 +1,10 @@ # Changelog All changes to this project will be documented in this file. +## [9.5.5] - 2020-05-06 + +(openssl tls) when OpenSSL is older than 1.1, register the crypto locking callback to be thread safe. Should fix lots of CI failures + ## [9.5.4] - 2020-05-04 (cobra bots) do not use a queue to store messages pending processing, let the bot handle queuing diff --git a/ixwebsocket/IXCancellationRequest.cpp b/ixwebsocket/IXCancellationRequest.cpp index dbfb9525..fc43e4f0 100644 --- a/ixwebsocket/IXCancellationRequest.cpp +++ b/ixwebsocket/IXCancellationRequest.cpp @@ -6,8 +6,8 @@ #include "IXCancellationRequest.h" -#include #include +#include namespace ix { diff --git a/ixwebsocket/IXNetSystem.h b/ixwebsocket/IXNetSystem.h index c5a5735c..465f43de 100644 --- a/ixwebsocket/IXNetSystem.h +++ b/ixwebsocket/IXNetSystem.h @@ -19,6 +19,7 @@ typedef unsigned long int nfds_t; #else #include #include +#include #include #include #include @@ -29,7 +30,6 @@ typedef unsigned long int nfds_t; #include #include #include -#include #endif namespace ix diff --git a/ixwebsocket/IXSocketOpenSSL.cpp b/ixwebsocket/IXSocketOpenSSL.cpp index 74ff2e58..b12b3124 100644 --- a/ixwebsocket/IXSocketOpenSSL.cpp +++ b/ixwebsocket/IXSocketOpenSSL.cpp @@ -85,6 +85,8 @@ namespace ix std::atomic SocketOpenSSL::_openSSLInitializationSuccessful(false); std::once_flag SocketOpenSSL::_openSSLInitFlag; + std::unique_ptr SocketOpenSSL::_openSSLMutexes = + std::make_unique(CRYPTO_num_locks()); SocketOpenSSL::SocketOpenSSL(const SocketTLSOptions& tlsOptions, int fd) : Socket(fd) @@ -106,6 +108,7 @@ namespace ix if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, nullptr)) return; #else (void) OPENSSL_config(nullptr); + CRYPTO_set_locking_callback(SocketOpenSSL::openSSLLockingCallback); #endif (void) OpenSSL_add_ssl_algorithms(); @@ -114,6 +117,21 @@ namespace ix _openSSLInitializationSuccessful = true; } + void SocketOpenSSL::openSSLLockingCallback(int mode, + int type, + const char* /*file*/, + int /*line*/) + { + if (mode & CRYPTO_LOCK) + { + _openSSLMutexes[type].lock(); + } + else + { + _openSSLMutexes[type].unlock(); + } + } + std::string SocketOpenSSL::getSSLError(int ret) { unsigned long e; diff --git a/ixwebsocket/IXSocketOpenSSL.h b/ixwebsocket/IXSocketOpenSSL.h index 46a4b260..2edab63e 100644 --- a/ixwebsocket/IXSocketOpenSSL.h +++ b/ixwebsocket/IXSocketOpenSSL.h @@ -49,6 +49,12 @@ namespace ix bool handleTLSOptions(std::string& errMsg); bool openSSLServerHandshake(std::string& errMsg); + // Required for OpenSSL < 1.1 + void openSSLLockingCallback(int mode, + int type, + const char* /*file*/, + int /*line*/); + SSL* _ssl_connection; SSL_CTX* _ssl_context; const SSL_METHOD* _ssl_method; @@ -58,6 +64,7 @@ namespace ix static std::once_flag _openSSLInitFlag; static std::atomic _openSSLInitializationSuccessful; + static std::unique_ptr _openSSLMutexes; }; } // namespace ix diff --git a/ixwebsocket/IXUdpSocket.h b/ixwebsocket/IXUdpSocket.h index 22d914a1..048f9fc2 100644 --- a/ixwebsocket/IXUdpSocket.h +++ b/ixwebsocket/IXUdpSocket.h @@ -18,7 +18,7 @@ typedef SSIZE_T ssize_t; #include "IXNetSystem.h" namespace ix -{ +{ class UdpSocket { public: diff --git a/ixwebsocket/IXWebSocketVersion.h b/ixwebsocket/IXWebSocketVersion.h index a5af61b0..99ea86c4 100644 --- a/ixwebsocket/IXWebSocketVersion.h +++ b/ixwebsocket/IXWebSocketVersion.h @@ -6,4 +6,4 @@ #pragma once -#define IX_WEBSOCKET_VERSION "9.5.4" +#define IX_WEBSOCKET_VERSION "9.5.5" diff --git a/makefile b/makefile index c20ea38d..f9fc65ca 100644 --- a/makefile +++ b/makefile @@ -148,7 +148,7 @@ test_tsan_mbedtls: (cd test ; python2.7 run.py -r) build_test_openssl: - mkdir -p build && (cd build ; cmake -DCMAKE_BUILD_TYPE=Debug -DUSE_TLS=1 -DUSE_OPEN_SSL=1 -DUSE_TEST=1 .. ; make -j 4) + mkdir -p build && (cd build ; cmake -GNinja -DCMAKE_BUILD_TYPE=Debug -DUSE_TLS=1 -DUSE_OPEN_SSL=1 -DUSE_TEST=1 .. ; ninja install) test_openssl: build_test_openssl (cd test ; python2.7 run.py -r)