diff options
author | Willem Sparreboom <w.sparreboom@offspark.com> | 2013-01-28 18:31:22 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2013-02-15 23:30:20 +0100 |
commit | c35a10483d409578aa96230ca8962cea84011b97 (patch) | |
tree | 11c0caa2217bc039247e60d8766605be960608d7 | |
parent | db3f3c14f234e48127347cd06456f4419ed9a8e4 (diff) |
PolarSSL: pthread support for entropy
Added pthread support for polarssl entropy if --enable-threaded-resolver
config flag is set and pthread.h can be found.
-rw-r--r-- | lib/Makefile.inc | 28 | ||||
-rw-r--r-- | lib/polarssl.c | 74 | ||||
-rw-r--r-- | lib/polarssl.h | 9 | ||||
-rwxr-xr-x | lib/polarsslthreadlock.c | 121 | ||||
-rwxr-xr-x | lib/polarsslthreadlock.h | 34 |
5 files changed, 249 insertions, 17 deletions
diff --git a/lib/Makefile.inc b/lib/Makefile.inc index 5b73865aa..96b32280a 100644 --- a/lib/Makefile.inc +++ b/lib/Makefile.inc @@ -20,12 +20,12 @@ CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c \ qssl.c rawstr.c curl_addrinfo.c socks_gssapi.c socks_sspi.c \ curl_sspi.c slist.c nonblock.c curl_memrchr.c imap.c pop3.c smtp.c \ pingpong.c rtsp.c curl_threads.c warnless.c hmac.c polarssl.c \ - curl_rtmp.c openldap.c curl_gethostname.c gopher.c axtls.c \ - idn_win32.c http_negotiate_sspi.c cyassl.c http_proxy.c non-ascii.c \ - asyn-ares.c asyn-thread.c curl_gssapi.c curl_ntlm.c curl_ntlm_wb.c \ - curl_ntlm_core.c curl_ntlm_msgs.c curl_sasl.c curl_schannel.c \ - curl_multibyte.c curl_darwinssl.c hostcheck.c \ - bundles.c conncache.c + polarsslthreadlock.c curl_rtmp.c openldap.c curl_gethostname.c \ + gopher.c axtls.c idn_win32.c http_negotiate_sspi.c cyassl.c \ + http_proxy.c non-ascii.c asyn-ares.c asyn-thread.c curl_gssapi.c \ + curl_ntlm.c curl_ntlm_wb.c curl_ntlm_core.c curl_ntlm_msgs.c \ + curl_sasl.c curl_schannel.c curl_multibyte.c curl_darwinssl.c \ + hostcheck.c bundles.c conncache.c HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h \ progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h \ @@ -36,12 +36,12 @@ HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h \ curl_md5.h http_digest.h http_negotiate.h inet_pton.h amigaos.h \ strtoofft.h strerror.h inet_ntop.h curlx.h curl_memory.h curl_setup.h \ transfer.h select.h easyif.h multiif.h parsedate.h sslgen.h gtls.h \ - tftp.h sockaddr.h splay.h strdup.h socks.h ssh.h nssg.h \ - curl_base64.h rawstr.h curl_addrinfo.h curl_sspi.h slist.h nonblock.h \ + tftp.h sockaddr.h splay.h strdup.h socks.h ssh.h nssg.h curl_base64.h \ + rawstr.h curl_addrinfo.h curl_sspi.h slist.h nonblock.h \ curl_memrchr.h imap.h pop3.h smtp.h pingpong.h rtsp.h curl_threads.h \ - warnless.h curl_hmac.h polarssl.h curl_rtmp.h curl_gethostname.h \ - gopher.h axtls.h cyassl.h http_proxy.h non-ascii.h asyn.h curl_ntlm.h \ - curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h curl_ntlm_msgs.h \ - curl_sasl.h curl_schannel.h curl_multibyte.h curl_darwinssl.h \ - hostcheck.h bundles.h conncache.h curl_setup_once.h multihandle.h \ - setup-vms.h + warnless.h curl_hmac.h polarssl.h polarsslthreadlock.h curl_rtmp.h \ + curl_gethostname.h gopher.h axtls.h cyassl.h http_proxy.h non-ascii.h \ + asyn.h curl_ntlm.h curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h \ + curl_ntlm_msgs.h curl_sasl.h curl_schannel.h curl_multibyte.h \ + curl_darwinssl.h hostcheck.h bundles.h conncache.h curl_setup_once.h \ + multihandle.h setup-vms.h diff --git a/lib/polarssl.c b/lib/polarssl.c index 09bd95ac0..db1380e20 100644 --- a/lib/polarssl.c +++ b/lib/polarssl.c @@ -67,12 +67,51 @@ #include "select.h" #include "rawstr.h" +/* apply threading? */ +#if defined(USE_THREADS_POSIX) +#define THREADING_SUPPORT +#include "polarsslthreadlock.h" +#endif /* USE_THREADS_POSIX */ + #define _MPRINTF_REPLACE /* use our functions only */ #include <curl/mprintf.h> #include "curl_memory.h" /* The last #include file should be: */ #include "memdebug.h" +#if defined(THREADING_SUPPORT) && POLARSSL_VERSION_NUMBER>0x01010000 +static entropy_context entropy; + +static int entropy_init_initialized = 0; + +/* start of entropy_init_mutex() */ +static void entropy_init_mutex(entropy_context *ctx) +{ + /* lock 0 = entropy_init_mutex() */ + polarsslthreadlock_lock_function(0); + if(entropy_init_initialized == 0) + { + entropy_init(ctx); + entropy_init_initialized = 1; + } + polarsslthreadlock_unlock_function(0); +} +/* end of entropy_init_mutex() */ + +/* start of entropy_func_mutex() */ +static int entropy_func_mutex(void *data, unsigned char *output, size_t len) +{ + int ret; + /* lock 1 = entropy_func_mutex() */ + polarsslthreadlock_lock_function(1); + ret = entropy_func(data, output, len); + polarsslthreadlock_unlock_function(1); + + return ret; +} +/* end of entropy_func_mutex() */ + +#endif /* THREADING_SUPPORT && POLARSSL_VERSION_NUMBER>0x01010000 */ /* Define this to enable lots of debugging for PolarSSL */ #undef POLARSSL_DEBUG @@ -128,6 +167,18 @@ polarssl_connect_step1(struct connectdata *conn, #if POLARSSL_VERSION_NUMBER<0x01010000 havege_init(&connssl->hs); #else +#ifdef THREADING_SUPPORT + entropy_init_mutex(&entropy); + + if((ret = ctr_drbg_init(&connssl->ctr_drbg, entropy_func_mutex, &entropy, + connssl->ssn.id, connssl->ssn.length)) != 0) + { +#ifdef POLARSSL_ERROR_C + error_strerror(ret, errorbuf, sizeof(errorbuf)); +#endif /* POLARSSL_ERROR_C */ + failf(data, "Failed - PolarSSL: ctr_drbg_init returned (-0x%04X) %s\n", -ret, errorbuf); + } +#else entropy_init(&connssl->entropy); if((ret = ctr_drbg_init(&connssl->ctr_drbg, entropy_func, &connssl->entropy, @@ -138,6 +189,7 @@ polarssl_connect_step1(struct connectdata *conn, #endif /* POLARSSL_ERROR_C */ failf(data, "Failed - PolarSSL: ctr_drbg_init returned (-0x%04X) %s\n", -ret, errorbuf); } +#endif /* THREADING_SUPPORT */ #endif /* POLARSSL_VERSION_NUMBER<0x01010000 */ /* Load the trusted CA */ @@ -637,4 +689,24 @@ Curl_polarssl_connect(struct connectdata *conn, return CURLE_OK; } -#endif +/* + * return 0 error initializing SSL + * return 1 SSL initialized successfully + */ +int polarssl_init(void) +{ +#ifdef THREADING_SUPPORT + return polarsslthreadlock_thread_setup(); +#else /* THREADING_SUPPORT */ + return 1; +#endif /* THREADING_SUPPORT */ +} + +void polarssl_cleanup(void) +{ +#ifdef THREADING_SUPPORT + polarsslthreadlock_thread_cleanup(); +#endif /* THREADING_SUPPORT */ +} + +#endif /* USE_POLARSSL */ diff --git a/lib/polarssl.h b/lib/polarssl.h index 12b3db28c..af3b28b89 100644 --- a/lib/polarssl.h +++ b/lib/polarssl.h @@ -25,6 +25,11 @@ #ifdef USE_POLARSSL +/* Called on first use PolarSSL, setup threading if supported */ +int polarssl_init(void); +void polarssl_cleanup(void); + + CURLcode Curl_polarssl_connect(struct connectdata *conn, int sockindex); CURLcode Curl_polarssl_connect_nonblocking(struct connectdata *conn, @@ -43,8 +48,8 @@ size_t Curl_polarssl_version(char *buffer, size_t size); int Curl_polarssl_shutdown(struct connectdata *conn, int sockindex); /* API setup for PolarSSL */ -#define curlssl_init() (1) -#define curlssl_cleanup() Curl_nop_stmt +#define curlssl_init() polarssl_init() +#define curlssl_cleanup() polarssl_cleanup() #define curlssl_connect Curl_polarssl_connect #define curlssl_connect_nonblocking Curl_polarssl_connect_nonblocking #define curlssl_session_free(x) Curl_polarssl_session_free(x) diff --git a/lib/polarsslthreadlock.c b/lib/polarsslthreadlock.c new file mode 100755 index 000000000..fc9c11f88 --- /dev/null +++ b/lib/polarsslthreadlock.c @@ -0,0 +1,121 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 2010, 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com> + * Copyright (C) 2012, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +#include <stdio.h> +#include "curl_setup.h" + +#ifdef USE_POLARSSL + +#if defined(USE_THREADS_POSIX) +#ifdef HAVE_PTHREAD_H +#include <pthread.h> +#define MUTEX_TYPE pthread_mutex_t +#endif /* HAVE_PTHREAD_H */ +#endif /* USE_THREADS_POSIX */ + +#include "polarsslthreadlock.h" + +/* number of thread locks */ +#define NUMT 2 + +/* This array will store all of the mutexes available to PolarSSL. */ +static MUTEX_TYPE *mutex_buf = NULL; + +int polarsslthreadlock_thread_setup(void) +{ + int i; + int ret; + + mutex_buf = malloc(NUMT * sizeof(MUTEX_TYPE)); + if (!mutex_buf) + return 0; /* error, no number of threads defined */ + +#ifdef HAVE_PTHREAD_H + for (i = 0; i < NUMT; i++) + { + ret = pthread_mutex_init(&mutex_buf[i], NULL); + if(ret) + return 0; /* pthread_mutex_init failed */ + } +#endif /* HAVE_PTHREAD_H */ + + return 1; /* OK */ +} + +int polarsslthreadlock_thread_cleanup(void) +{ + int i; + int ret; + + if (!mutex_buf) + return 0; /* error, no threads locks defined */ + +#ifdef HAVE_PTHREAD_H + for (i = 0; i < NUMT; i++) + { + ret = pthread_mutex_destroy(&mutex_buf[i]); + if(ret) + return 0; /* pthread_mutex_destroy failed */ + } +#endif /* HAVE_PTHREAD_H */ + free(mutex_buf); + mutex_buf = NULL; + + return 1; /* OK */ +} + +int polarsslthreadlock_lock_function(int n) +{ + int ret; +#ifdef HAVE_PTHREAD_H + if(n < NUMT) + { + ret = pthread_mutex_lock(&mutex_buf[n]); + if(ret) + { + DEBUGF(fprintf(stderr, "Error: pthread_mutex_lock failed\n")); + return 0; /* pthread_mutex_lock failed */ + } + } +#endif /* HAVE_PTHREAD_H */ + return 1; /* OK */ +} + +int polarsslthreadlock_unlock_function(int n) +{ + int ret; +#ifdef HAVE_PTHREAD_H + if(n < NUMT) + { + ret = pthread_mutex_unlock(&mutex_buf[n]); + if(ret) + { + DEBUGF(fprintf(stderr, "Error: pthread_mutex_unlock failed\n")); + return 0; /* pthread_mutex_unlock failed */ + } + } +#endif /* HAVE_PTHREAD_H */ + return 1; /* OK */ +} + +#endif /* USE_POLARSSL */ diff --git a/lib/polarsslthreadlock.h b/lib/polarsslthreadlock.h new file mode 100755 index 000000000..c7932222c --- /dev/null +++ b/lib/polarsslthreadlock.h @@ -0,0 +1,34 @@ +#ifndef HEADER_CURL_POLARSSLTHREADLOCK_H +#define HEADER_CURL_POLARSSLTHREADLOCK_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 2010, Hoi-Ho Chan, <hoiho.chan@gmail.com> + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ +#include "curl_setup.h" + +#ifdef USE_POLARSSL + +int polarsslthreadlock_thread_setup(void); +int polarsslthreadlock_thread_cleanup(void); +int polarsslthreadlock_lock_function(int n); +int polarsslthreadlock_unlock_function(int n); + +#endif /* USE_POLARSSL */ +#endif /* HEADER_CURL_POLARSSLTHREADLOCK_H */ |