Bug 4599 pt2: use functor for locking in libsecurity Pointers

author Amos Jeffries <squid3@treenet.co.nz>

Tue, 15 Nov 2016 06:50:00 +0000 (19:50 +1300)

committer Amos Jeffries <squid3@treenet.co.nz>

Tue, 15 Nov 2016 06:50:00 +0000 (19:50 +1300)
author Amos Jeffries <squid3@treenet.co.nz>
Tue, 15 Nov 2016 06:50:00 +0000 (19:50 +1300)
committer Amos Jeffries <squid3@treenet.co.nz>
Tue, 15 Nov 2016 06:50:00 +0000 (19:50 +1300)
diff --git a/src/security/Context.h b/src/security/Context.h

index f1343c5e0c7f322d762816387970060537e38bb9..7e4b6204a9f43236af203934b1b2d63eaf288c8d 100644 (file)
--- a/src/security/Context.h
+++ b/src/security/Context.h
@@ -9,6 +9,7 @@
  #ifndef SQUID_SRC_SECURITY_CONTEXT_H
  #define SQUID_SRC_SECURITY_CONTEXT_H
  
+#include "security/forward.h"
  #include "security/LockingPointer.h"
  
  #if USE_OPENSSL
@@ -26,15 +27,18 @@ namespace Security {
  
  #if USE_OPENSSL
  CtoCpp1(SSL_CTX_free, SSL_CTX *);
-typedef LockingPointer<SSL_CTX, SSL_CTX_free_cpp, CRYPTO_LOCK_SSL_CTX> ContextPointer;
+#if defined(CRYPTO_LOCK_SSL_CTX) // OpenSSL 1.0
+inline int SSL_CTX_up_ref(SSL_CTX *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_SSL_CTX); return 0;}
+#endif
+typedef Security::LockingPointer<SSL_CTX, SSL_CTX_free_cpp, HardFun<int, SSL_CTX *, SSL_CTX_up_ref> > ContextPointer;
  
  #elif USE_GNUTLS
  CtoCpp1(gnutls_certificate_free_credentials, gnutls_certificate_credentials_t);
-typedef Security::LockingPointer<struct gnutls_certificate_credentials_st, gnutls_certificate_free_credentials_cpp, -1> ContextPointer;
+typedef Security::LockingPointer<struct gnutls_certificate_credentials_st, gnutls_certificate_free_credentials_cpp> ContextPointer;
  
  #else
  // use void* so we can check against nullptr
-typedef Security::LockingPointer<void, nullptr, -1> ContextPointer;
+typedef Security::LockingPointer<void, nullptr> ContextPointer;
  
  #endif
  
diff --git a/src/security/LockingPointer.h b/src/security/LockingPointer.h

index 26127b63e1118bf18c711624f3811220a45a9ebf..2cbb8b6955ec2842ed7042baf75c175b0ff6c881 100644 (file)
--- a/src/security/LockingPointer.h
+++ b/src/security/LockingPointer.h
@@ -9,6 +9,8 @@
  #ifndef SQUID_SRC_SECURITY_LOCKINGPOINTER_H
  #define SQUID_SRC_SECURITY_LOCKINGPOINTER_H
  
+#include "base/HardFun.h"
+
  #if USE_OPENSSL
  #if HAVE_OPENSSL_CRYPTO_H
  #include <openssl/crypto.h>
@@ -34,6 +36,9 @@
  namespace Security
  {
  
+inline bool nilFunction(const void *) { return false; }
+typedef HardFun<bool, const void *, nilFunction> NilFunctor;
+
  /**
   * A shared pointer to a reference-counting Object with library-specific
   * absorption, locking, and unlocking implementations. The API largely
@@ -44,12 +49,12 @@ namespace Security
   * pre-lock objects before they are fed to LockingPointer, necessitating
   * this resetWithoutLocking() customization hook.
   */
-template <typename T, void (*UnLocker)(T *t), int lockId>
+template <typename T, void (*UnLocker)(T *t), class Locker = NilFunctor>
  class LockingPointer
  {
  public:
      /// a helper label to simplify this objects API definitions below
-    typedef Security::LockingPointer<T, UnLocker, lockId> SelfType;
+    typedef Security::LockingPointer<T, UnLocker, Locker> SelfType;
  
      /**
       * Construct directly from a raw pointer.
@@ -119,14 +124,10 @@ public:
  private:
      /// The lock() method increments Object's reference counter.
      void lock(T *t) {
-#if USE_OPENSSL
-        if (t)
-            CRYPTO_add(&t->references, 1, lockId);
-#elif USE_GNUTLS
-        // XXX: GnuTLS does not provide locking ?
-#else
-        assert(false);
-#endif
+        if (t) {
+            Locker doLock;
+            doLock(t);
+        }
      }
  
      /// Become a nil pointer. Decrements any pointed-to Object's reference counter
diff --git a/src/security/Session.h b/src/security/Session.h

index 7e5dd27f2d0d3b93175cfe3d4735f20deb6c0933..0df481ffd60cca2201e9ad1121505da72ed3f343 100644 (file)
--- a/src/security/Session.h
+++ b/src/security/Session.h
@@ -9,7 +9,6 @@
  #ifndef SQUID_SRC_SECURITY_SESSION_H
  #define SQUID_SRC_SECURITY_SESSION_H
  
-#include "base/HardFun.h"
  #include "security/LockingPointer.h"
  
  #include <memory>
@@ -30,7 +29,10 @@ namespace Security {
  
  #if USE_OPENSSL
  CtoCpp1(SSL_free, SSL *);
-typedef LockingPointer<SSL, Security::SSL_free_cpp, CRYPTO_LOCK_SSL> SessionPointer;
+#if defined(CRYPTO_LOCK_SSL) // OpenSSL 1.0
+inline int SSL_up_ref(SSL *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_SSL); return 0;}
+#endif
+typedef Security::LockingPointer<SSL, Security::SSL_free_cpp, HardFun<int, SSL *, SSL_up_ref> > SessionPointer;
  
  typedef std::unique_ptr<SSL_SESSION, HardFun<void, SSL_SESSION*, &SSL_SESSION_free>> SessionStatePointer;
  
@@ -39,7 +41,7 @@ typedef std::unique_ptr<SSL_SESSION, HardFun<void, SSL_SESSION*, &SSL_SESSION_fr
  // objects using the gnutls_session_set_ptr()/gnutls_session_get_ptr ()
  // library functions
  CtoCpp1(gnutls_deinit, gnutls_session_t);
-typedef LockingPointer<struct gnutls_session_int, gnutls_deinit_cpp, -1> SessionPointer;
+typedef Security::LockingPointer<struct gnutls_session_int, gnutls_deinit_cpp> SessionPointer;
  
  // wrapper function to get around gnutls_free being a typedef
  inline void squid_gnutls_free(void *d) {gnutls_free(d);}
@@ -48,7 +50,7 @@ typedef std::unique_ptr<gnutls_datum_t, HardFun<void, void*, &Security::squid_gn
  #else
  // use void* so we can check against NULL
  CtoCpp1(xfree, void *);
-typedef LockingPointer<void, xfree_cpp, -1> SessionPointer;
+typedef Security::LockingPointer<void, xfree_cpp> SessionPointer;
  
  typedef std::unique_ptr<int> SessionStatePointer;
  
diff --git a/src/security/forward.h b/src/security/forward.h

index 8f96b8ef4794c9b974474be6c7d28bbfb821f009..536996808893c1a34aba5ec7465d9515faae00e9 100644 (file)
--- a/src/security/forward.h
+++ b/src/security/forward.h
@@ -50,20 +50,26 @@ typedef CbDataList<Security::CertError> CertErrors;
  
  #if USE_OPENSSL
  CtoCpp1(X509_free, X509 *)
-typedef Security::LockingPointer<X509, X509_free_cpp, CRYPTO_LOCK_X509> CertPointer;
+#if defined(CRYPTO_LOCK_X509) // OpenSSL 1.0
+inline int X509_up_ref(X509 *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_X509); return 0;}
+#endif
+typedef Security::LockingPointer<X509, X509_free_cpp, HardFun<int, X509 *, X509_up_ref> > CertPointer;
  #elif USE_GNUTLS
  CtoCpp1(gnutls_x509_crt_deinit, gnutls_x509_crt_t)
-typedef Security::LockingPointer<struct gnutls_x509_crt_int, gnutls_x509_crt_deinit, -1> CertPointer;
+typedef Security::LockingPointer<struct gnutls_x509_crt_int, gnutls_x509_crt_deinit> CertPointer;
  #else
  typedef void * CertPointer;
  #endif
  
  #if USE_OPENSSL
  CtoCpp1(X509_CRL_free, X509_CRL *)
-typedef LockingPointer<X509_CRL, X509_CRL_free_cpp, CRYPTO_LOCK_X509_CRL> CrlPointer;
+#if defined(CRYPTO_LOCK_X509_CRL) // OpenSSL 1.0
+inline int X509_CRL_up_ref(X509_CRL *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_X509_CRL); return 0;}
+#endif
+typedef Security::LockingPointer<X509_CRL, X509_CRL_free_cpp, HardFun<int, X509_CRL *, X509_CRL_up_ref> > CrlPointer;
  #elif USE_GNUTLS
  CtoCpp1(gnutls_x509_crl_deinit, gnutls_x509_crl_t)
-typedef Security::LockingPointer<struct gnutls_x509_crl_int, gnutls_x509_crl_deinit, -1> CrlPointer;
+typedef Security::LockingPointer<struct gnutls_x509_crl_int, gnutls_x509_crl_deinit> CrlPointer;
  #else
  typedef void *CrlPointer;
  #endif
@@ -74,7 +80,10 @@ typedef std::list<Security::CrlPointer> CertRevokeList;
  
  #if USE_OPENSSL
  CtoCpp1(DH_free, DH *);
-typedef Security::LockingPointer<DH, DH_free_cpp, CRYPTO_LOCK_DH> DhePointer;
+#if defined(CRYPTO_LOCK_DH) // OpenSSL 1.0
+inline int DH_up_ref(DH *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_DH); return 0;}
+#endif
+typedef Security::LockingPointer<DH, DH_free_cpp, HardFun<int, DH *, DH_up_ref> > DhePointer;
  #else
  typedef void *DhePointer;
  #endif
diff --git a/src/ssl/gadgets.h b/src/ssl/gadgets.h

index a663f51cf959666167e9c018468d87f208a9519e..21b5ae2ac23fdf6e21fdf9459df9c443be4a34ed 100644 (file)
--- a/src/ssl/gadgets.h
+++ b/src/ssl/gadgets.h
@@ -46,7 +46,10 @@ sk_dtor_wrapper(sk_X509, STACK_OF(X509) *, X509_free);
  typedef std::unique_ptr<STACK_OF(X509), sk_X509_free_wrapper> X509_STACK_Pointer;
  
  CtoCpp1(EVP_PKEY_free, EVP_PKEY *)
-typedef Security::LockingPointer<EVP_PKEY, EVP_PKEY_free_cpp, CRYPTO_LOCK_EVP_PKEY> EVP_PKEY_Pointer;
+#if defined(CRYPTO_LOCK_EVP_PKEY) // OpenSSL 1.0
+inline int EVP_PKEY_up_ref(EVP_PKEY *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_EVP_PKEY); return 0;}
+#endif
+typedef Security::LockingPointer<EVP_PKEY, EVP_PKEY_free_cpp, HardFun<int, EVP_PKEY *, EVP_PKEY_up_ref> > EVP_PKEY_Pointer;
  
  typedef std::unique_ptr<BIGNUM, HardFun<void, BIGNUM*, &BN_free>> BIGNUM_Pointer;
author	Amos Jeffries <squid3@treenet.co.nz>
	Tue, 15 Nov 2016 06:50:00 +0000 (19:50 +1300)
committer	Amos Jeffries <squid3@treenet.co.nz>
	Tue, 15 Nov 2016 06:50:00 +0000 (19:50 +1300)
src/security/Context.h		patch \| blob \| blame \| history
src/security/LockingPointer.h		patch \| blob \| blame \| history
src/security/Session.h		patch \| blob \| blame \| history
src/security/forward.h		patch \| blob \| blame \| history
src/ssl/gadgets.h		patch \| blob \| blame \| history