那些年遇到的坑openssl线程安全问题
#5 0x00000000005a9fed in CRYPTO_free ()
No symbol table info available.
#6 0x00000000005d60f5 in engine_pkey_meths_free ()
No symbol table info available.
#7 0x00000000005d2d34 in engine_free_util ()
No symbol table info available.
#8 0x00000000005d3bfb in ENGINE_finish ()
No symbol table info available.
#9 0x0000000000598eeb in ssl_create_cipher_list ()
No symbol table info available.
#10 0x000000000058f04e in SSL_CTX_set_cipher_list ()
No symbol table info available.
#11 0x000000000055f3a4 in ossl_connect_step1 ()
No symbol table info available.
#12 0x00000000005605f3 in ossl_connect_common ()
No symbol table info available.
#13 0x0000000000530a16 in Curl_ssl_connect_nonblocking ()
No symbol table info available.
#14 0x0000000000536212 in https_connecting ()
No symbol table info available.
#15 0x0000000000537a13 in Curl_http_connect ()
No symbol table info available.
#16 0x000000000051fedb in multi_runsingle ()
No symbol table info available.
#17 0x0000000000520e33 in curl_multi_perform ()
No symbol table info available.
#18 0x000000000051b79b in curl_easy_perform ()
No symbol table info available.
在crash的时候发现是在第三方库libcurl中,第三方库引用了openssl,crash的地方应该是在openssl的库里面;
coredump中有如下的信息:
CRYPTO_free ()
errstr = 0x7fc7c47497a0 "double free or corruption (!prev)"
出现这个问题应该是因为并发导致重复释放。
在libcurl的官方文档中有针对于libcurl使用https的例子:
https://curl.haxx.se/libcurl/c/threaded-ssl.html
在例子中可以看到,使用libcurl去下载https的时候,在初始化过程中,必须要调用openssl的API进行静态锁的初始化,也就是说libcurl使用openssl的时候需要加锁;如果没有加锁,会导致并发的问题;
我们查看libcurl的文档发现:
https://curl.haxx.se/libcurl/c/threadsafe.html
OpenSSL 1.1.0+ “can be safely used in multi-threaded applications provided that support for the underlying OS threading API is built-in.” In that case the engine is used by libcurl in a way that is fully thread-safe.
在使用openssl 1.1.0版本及以上版本已经可以线程安全使用了,不需要初始化的时候init openssl的锁了;