From: Amos Jeffries Date: Tue, 15 Nov 2016 06:50:00 +0000 (+1300) Subject: Bug 4599 pt2: use functor for locking in libsecurity Pointers X-Git-Tag: M-staged-PR71~373 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4103b0c1b87601434249bff7e57fc3e1e7c01aac;p=thirdparty%2Fsquid.git Bug 4599 pt2: use functor for locking in libsecurity Pointers --- diff --git a/src/security/Context.h b/src/security/Context.h index f1343c5e0c..7e4b6204a9 100644 --- a/src/security/Context.h +++ b/src/security/Context.h @@ -9,6 +9,7 @@ #ifndef SQUID_SRC_SECURITY_CONTEXT_H #define SQUID_SRC_SECURITY_CONTEXT_H +#include "security/forward.h" #include "security/LockingPointer.h" #if USE_OPENSSL @@ -26,15 +27,18 @@ namespace Security { #if USE_OPENSSL CtoCpp1(SSL_CTX_free, SSL_CTX *); -typedef LockingPointer ContextPointer; +#if defined(CRYPTO_LOCK_SSL_CTX) // OpenSSL 1.0 +inline int SSL_CTX_up_ref(SSL_CTX *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_SSL_CTX); return 0;} +#endif +typedef Security::LockingPointer > ContextPointer; #elif USE_GNUTLS CtoCpp1(gnutls_certificate_free_credentials, gnutls_certificate_credentials_t); -typedef Security::LockingPointer ContextPointer; +typedef Security::LockingPointer ContextPointer; #else // use void* so we can check against nullptr -typedef Security::LockingPointer ContextPointer; +typedef Security::LockingPointer ContextPointer; #endif diff --git a/src/security/LockingPointer.h b/src/security/LockingPointer.h index 26127b63e1..2cbb8b6955 100644 --- a/src/security/LockingPointer.h +++ b/src/security/LockingPointer.h @@ -9,6 +9,8 @@ #ifndef SQUID_SRC_SECURITY_LOCKINGPOINTER_H #define SQUID_SRC_SECURITY_LOCKINGPOINTER_H +#include "base/HardFun.h" + #if USE_OPENSSL #if HAVE_OPENSSL_CRYPTO_H #include @@ -34,6 +36,9 @@ namespace Security { +inline bool nilFunction(const void *) { return false; } +typedef HardFun NilFunctor; + /** * A shared pointer to a reference-counting Object with library-specific * absorption, locking, and unlocking implementations. The API largely @@ -44,12 +49,12 @@ namespace Security * pre-lock objects before they are fed to LockingPointer, necessitating * this resetWithoutLocking() customization hook. */ -template +template class LockingPointer { public: /// a helper label to simplify this objects API definitions below - typedef Security::LockingPointer SelfType; + typedef Security::LockingPointer SelfType; /** * Construct directly from a raw pointer. @@ -119,14 +124,10 @@ public: private: /// The lock() method increments Object's reference counter. void lock(T *t) { -#if USE_OPENSSL - if (t) - CRYPTO_add(&t->references, 1, lockId); -#elif USE_GNUTLS - // XXX: GnuTLS does not provide locking ? -#else - assert(false); -#endif + if (t) { + Locker doLock; + doLock(t); + } } /// Become a nil pointer. Decrements any pointed-to Object's reference counter diff --git a/src/security/Session.h b/src/security/Session.h index 7e5dd27f2d..0df481ffd6 100644 --- a/src/security/Session.h +++ b/src/security/Session.h @@ -9,7 +9,6 @@ #ifndef SQUID_SRC_SECURITY_SESSION_H #define SQUID_SRC_SECURITY_SESSION_H -#include "base/HardFun.h" #include "security/LockingPointer.h" #include @@ -30,7 +29,10 @@ namespace Security { #if USE_OPENSSL CtoCpp1(SSL_free, SSL *); -typedef LockingPointer SessionPointer; +#if defined(CRYPTO_LOCK_SSL) // OpenSSL 1.0 +inline int SSL_up_ref(SSL *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_SSL); return 0;} +#endif +typedef Security::LockingPointer > SessionPointer; typedef std::unique_ptr> SessionStatePointer; @@ -39,7 +41,7 @@ typedef std::unique_ptr SessionPointer; +typedef Security::LockingPointer SessionPointer; // wrapper function to get around gnutls_free being a typedef inline void squid_gnutls_free(void *d) {gnutls_free(d);} @@ -48,7 +50,7 @@ typedef std::unique_ptr SessionPointer; +typedef Security::LockingPointer SessionPointer; typedef std::unique_ptr SessionStatePointer; diff --git a/src/security/forward.h b/src/security/forward.h index 8f96b8ef47..5369968088 100644 --- a/src/security/forward.h +++ b/src/security/forward.h @@ -50,20 +50,26 @@ typedef CbDataList CertErrors; #if USE_OPENSSL CtoCpp1(X509_free, X509 *) -typedef Security::LockingPointer CertPointer; +#if defined(CRYPTO_LOCK_X509) // OpenSSL 1.0 +inline int X509_up_ref(X509 *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_X509); return 0;} +#endif +typedef Security::LockingPointer > CertPointer; #elif USE_GNUTLS CtoCpp1(gnutls_x509_crt_deinit, gnutls_x509_crt_t) -typedef Security::LockingPointer CertPointer; +typedef Security::LockingPointer CertPointer; #else typedef void * CertPointer; #endif #if USE_OPENSSL CtoCpp1(X509_CRL_free, X509_CRL *) -typedef LockingPointer CrlPointer; +#if defined(CRYPTO_LOCK_X509_CRL) // OpenSSL 1.0 +inline int X509_CRL_up_ref(X509_CRL *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_X509_CRL); return 0;} +#endif +typedef Security::LockingPointer > CrlPointer; #elif USE_GNUTLS CtoCpp1(gnutls_x509_crl_deinit, gnutls_x509_crl_t) -typedef Security::LockingPointer CrlPointer; +typedef Security::LockingPointer CrlPointer; #else typedef void *CrlPointer; #endif @@ -74,7 +80,10 @@ typedef std::list CertRevokeList; #if USE_OPENSSL CtoCpp1(DH_free, DH *); -typedef Security::LockingPointer DhePointer; +#if defined(CRYPTO_LOCK_DH) // OpenSSL 1.0 +inline int DH_up_ref(DH *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_DH); return 0;} +#endif +typedef Security::LockingPointer > DhePointer; #else typedef void *DhePointer; #endif diff --git a/src/ssl/gadgets.h b/src/ssl/gadgets.h index a663f51cf9..21b5ae2ac2 100644 --- a/src/ssl/gadgets.h +++ b/src/ssl/gadgets.h @@ -46,7 +46,10 @@ sk_dtor_wrapper(sk_X509, STACK_OF(X509) *, X509_free); typedef std::unique_ptr X509_STACK_Pointer; CtoCpp1(EVP_PKEY_free, EVP_PKEY *) -typedef Security::LockingPointer EVP_PKEY_Pointer; +#if defined(CRYPTO_LOCK_EVP_PKEY) // OpenSSL 1.0 +inline int EVP_PKEY_up_ref(EVP_PKEY *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_EVP_PKEY); return 0;} +#endif +typedef Security::LockingPointer > EVP_PKEY_Pointer; typedef std::unique_ptr> BIGNUM_Pointer;