From c1f3e590ba79edc644586eb786a2788f17d15d21 Mon Sep 17 00:00:00 2001 From: Bob Chen Date: Sun, 31 Mar 2024 15:45:02 +0800 Subject: [PATCH] openssl not use locking after 1.1.0 --- CMakeLists.txt | 5 +++++ fs/httpfs/httpfs_v2.cpp | 4 ++-- net/kernel_socket.cpp | 1 + net/security-context/tls-stream.cpp | 12 ++++++++++-- 4 files changed, 18 insertions(+), 4 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 1f40faf8..5249f30a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -20,6 +20,8 @@ set(PHOTON_CXX_STANDARD "14" CACHE STRING "C++ standard") option(PHOTON_BUILD_TESTING "enable build testing" OFF) option(PHOTON_ENABLE_URING "enable io_uring function" OFF) option(PHOTON_ENABLE_FUSE "enable fuse function" OFF) +option(PHOTON_GLOBAL_INIT_OPENSSL "Turn this off if any of your third-party libs inits old-version OpenSSL as well, +because Photon will register coroutine locks for crypto. But don't bother if you have latest OpenSSL >= 1.1.0" ON) option(PHOTON_ENABLE_SASL "enable sasl" OFF) option(PHOTON_ENABLE_MIMIC_VDSO "enable mimic vdso" OFF) option(PHOTON_ENABLE_FSTACK_DPDK "Use f-stack + DPDK as the event engine" OFF) @@ -213,6 +215,9 @@ target_include_directories(photon_obj PRIVATE include ${OPENSSL_INCLUDE_DIRS} ${ ${ZLIB_INCLUDE_DIRS} ${CURL_INCLUDE_DIRS} ) target_compile_definitions(photon_obj PRIVATE _FILE_OFFSET_BITS=64 FUSE_USE_VERSION=29) +if (PHOTON_GLOBAL_INIT_OPENSSL) + target_compile_definitions(photon_obj PRIVATE PHOTON_GLOBAL_INIT_OPENSSL) +endif () if (PHOTON_ENABLE_URING) target_include_directories(photon_obj PRIVATE ${URING_INCLUDE_DIRS}) target_compile_definitions(photon_obj PRIVATE PHOTON_URING=on) diff --git a/fs/httpfs/httpfs_v2.cpp b/fs/httpfs/httpfs_v2.cpp index d20e1f54..950a141b 100644 --- a/fs/httpfs/httpfs_v2.cpp +++ b/fs/httpfs/httpfs_v2.cpp @@ -281,9 +281,9 @@ IFileSystem* new_httpfs_v2(bool default_https, uint64_t conn_timeout, client, client_ownership); } -IFile* new_httpfile_v2(const char* url, HttpFs_v2* httpfs, uint64_t conn_timeout, +IFile* new_httpfile_v2(const char* url, IFileSystem* httpfs, uint64_t conn_timeout, uint64_t stat_timeout) { - return new HttpFile_v2(url, httpfs, conn_timeout, stat_timeout); + return new HttpFile_v2(url, (HttpFs_v2*) httpfs, conn_timeout, stat_timeout); } } // namespace fs } diff --git a/net/kernel_socket.cpp b/net/kernel_socket.cpp index 35db6d37..e8beb811 100644 --- a/net/kernel_socket.cpp +++ b/net/kernel_socket.cpp @@ -139,6 +139,7 @@ class KernelSocketStream : public SocketStreamBase { return (Object*) (uint64_t) fd; } int close() final { + if (fd < 0) return 0; get_vcpu()->master_event_engine->wait_for_fd(fd, 0, -1UL); auto ret = ::close(fd); fd = -1; diff --git a/net/security-context/tls-stream.cpp b/net/security-context/tls-stream.cpp index eb3c3fed..b3871427 100644 --- a/net/security-context/tls-stream.cpp +++ b/net/security-context/tls-stream.cpp @@ -76,17 +76,21 @@ class GlobalSSLContext : public Singleton { OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); OpenSSL_add_all_algorithms(); +#if OPENSSL_VERSION_NUMBER < 0x10100000L mtx.clear(); for (int i = 0; i < CRYPTO_num_locks(); i++) { mtx.emplace_back(std::make_unique()); } - CRYPTO_set_id_callback(&GlobalSSLContext ::threadid_callback); + CRYPTO_set_id_callback(&GlobalSSLContext::threadid_callback); CRYPTO_set_locking_callback(&GlobalSSLContext::lock_callback); +#endif } ~GlobalSSLContext() { +#if OPENSSL_VERSION_NUMBER < 0x10100000L CRYPTO_set_id_callback(NULL); CRYPTO_set_locking_callback(NULL); +#endif } }; @@ -172,7 +176,11 @@ class TLSContextImpl : public TLSContext { } }; -void __OpenSSLGlobalInit() { (void)GlobalSSLContext::getInstance(); } +void __OpenSSLGlobalInit() { +#ifdef PHOTON_GLOBAL_INIT_OPENSSL + (void)GlobalSSLContext::getInstance(); +#endif +} TLSContext* new_tls_context(const char* cert_str, const char* key_str, const char* passphrase, TLSVersion version) {