From c31e8fbb7389d99d16c47f40cdd96f772229c57d Mon Sep 17 00:00:00 2001 From: Sander Temme Date: Thu, 21 Aug 2008 04:20:21 +0000 Subject: [PATCH] Implement dynamic mutex callbacks for the benefit of OpenSSL. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@687550 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 + modules/ssl/ssl_engine_init.c | 3 + modules/ssl/ssl_private.h | 10 +++ modules/ssl/ssl_util.c | 114 ++++++++++++++++++++++++++++++++++ 4 files changed, 130 insertions(+) diff --git a/CHANGES b/CHANGES index 3a387680ad..c1be181d4d 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,9 @@ Changes with Apache 2.3.0 [ When backported to 2.2.x, remove entry from this file ] + *) mod_ssl: implement dynamic mutex callbacks for the benefit of + OpenSSL. [Sander Temme] + *) mod_proxy_http: Introduce environment variable proxy-initial-not-pooled to avoid reusing pooled connections if the client connection is an initial connection. PR 37770. [Ruediger Pluem] diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index df68601cc3..7c58e365f1 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -321,6 +321,9 @@ void ssl_init_Engine(server_rec *s, apr_pool_t *p) ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); ssl_die(); } + ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, + "Init: loaded Crypto Device API `%s'", + mc->szCryptoDevice); ENGINE_free(e); } diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h index 1bbbcb2ab9..cc7697b007 100644 --- a/modules/ssl/ssl_private.h +++ b/modules/ssl/ssl_private.h @@ -462,6 +462,16 @@ typedef struct { const char *szUserName; } SSLDirConfigRec; +/** + * Dynamic lock structure + */ +struct CRYPTO_dynlock_value { + apr_pool_t *pool; + const char* file; + int line; + apr_thread_mutex_t *mutex; +}; + /** * function prototypes */ diff --git a/modules/ssl/ssl_util.c b/modules/ssl/ssl_util.c index 7659404d09..2692eae59a 100644 --- a/modules/ssl/ssl_util.c +++ b/modules/ssl/ssl_util.c @@ -351,6 +351,106 @@ static void ssl_util_thr_lock(int mode, int type, } } +/* Global reference to the pool passed into ssl_util_thread_setup() */ +apr_pool_t *dynlockpool = NULL; + +/* + * Dynamic lock creation callback + */ +static struct CRYPTO_dynlock_value *ssl_dyn_create_function(const char *file, + int line) +{ + struct CRYPTO_dynlock_value *value; + apr_pool_t *p; + apr_status_t rv; + + /* + * We need a pool to allocate our mutex. Since we can't clear + * allocated memory from a pool, create a subpool that we can blow + * away in the destruction callback. + */ + rv = apr_pool_create(&p, dynlockpool); + if (rv != APR_SUCCESS) { + ap_log_perror(file, line, APLOG_ERR, rv, dynlockpool, + "Failed to create subpool for dynamic lock"); + return NULL; + } + + ap_log_perror(file, line, APLOG_DEBUG, 0, p, + "Creating dynamic lock"); + + value = (struct CRYPTO_dynlock_value *)apr_palloc(p, + sizeof(struct CRYPTO_dynlock_value)); + if (!value) { + ap_log_perror(file, line, APLOG_ERR, 0, p, + "Failed to allocate dynamic lock structure"); + return NULL; + } + + value->pool = p; + /* Keep our own copy of the place from which we were created, + using our own pool. */ + value->file = apr_pstrdup(p, file); + value->line = line; + rv = apr_thread_mutex_create(&(value->mutex), APR_THREAD_MUTEX_DEFAULT, + p); + if (rv != APR_SUCCESS) { + ap_log_perror(file, line, APLOG_ERR, rv, p, + "Failed to create thread mutex for dynamic lock"); + apr_pool_destroy(p); + return NULL; + } + return value; +} + +/* + * Dynamic locking and unlocking function + */ + +static void ssl_dyn_lock_function(int mode, struct CRYPTO_dynlock_value *l, + const char *file, int line) +{ + apr_status_t rv; + + if (mode & CRYPTO_LOCK) { + ap_log_perror(file, line, APLOG_DEBUG, 0, l->pool, + "Acquiring mutex %s:%d", l->file, l->line); + rv = apr_thread_mutex_lock(l->mutex); + ap_log_perror(file, line, APLOG_DEBUG, rv, l->pool, + "Mutex %s:%d acquired!", l->file, l->line); + } + else { + ap_log_perror(file, line, APLOG_DEBUG, 0, l->pool, + "Releasing mutex %s:%d", l->file, l->line); + rv = apr_thread_mutex_unlock(l->mutex); + ap_log_perror(file, line, APLOG_DEBUG, rv, l->pool, + "Mutex %s:%d released!", l->file, l->line); + } +} + +/* + * Dynamic lock destruction callback + */ +static void ssl_dyn_destroy_function(struct CRYPTO_dynlock_value *l, + const char *file, int line) +{ + apr_status_t rv; + + ap_log_perror(file, line, APLOG_DEBUG, 0, l->pool, + "Destroying dynamic lock %s:%d", l->file, l->line); + rv = apr_thread_mutex_destroy(l->mutex); + if (rv != APR_SUCCESS) { + ap_log_perror(file, line, APLOG_ERR, rv, l->pool, + "Failed to destroy mutex for dynamic lock %s:%d", + l->file, l->line); + } + + /* Trust that whomever owned the CRYPTO_dynlock_value we were + * passed has no future use for it... + */ + apr_pool_destroy(l->pool); +} + static unsigned long ssl_util_thr_id(void) { /* OpenSSL needs this to return an unsigned long. On OS/390, the pthread @@ -373,6 +473,12 @@ static apr_status_t ssl_util_thread_cleanup(void *data) { CRYPTO_set_locking_callback(NULL); CRYPTO_set_id_callback(NULL); + + CRYPTO_set_dynlock_create_callback(NULL); + CRYPTO_set_dynlock_lock_callback(NULL); + CRYPTO_set_dynlock_destroy_callback(NULL); + + dynlockpool = NULL; /* Let the registered mutex cleanups do their own thing */ @@ -393,6 +499,14 @@ void ssl_util_thread_setup(apr_pool_t *p) CRYPTO_set_id_callback(ssl_util_thr_id); CRYPTO_set_locking_callback(ssl_util_thr_lock); + + /* Set up dynamic locking scaffolding for OpenSSL to use at its + * convenience. + */ + dynlockpool = p; + CRYPTO_set_dynlock_create_callback(ssl_dyn_create_function); + CRYPTO_set_dynlock_lock_callback(ssl_dyn_lock_function); + CRYPTO_set_dynlock_destroy_callback(ssl_dyn_destroy_function); apr_pool_cleanup_register(p, NULL, ssl_util_thread_cleanup, apr_pool_cleanup_null); -- 2.40.0