mirror of
https://github.com/gnustep/libs-base.git
synced 2025-04-23 00:41:02 +00:00
Thread safety for openssl
git-svn-id: svn+ssh://svn.gna.org/svn/gnustep/libs/base/trunk@29664 72102866-910b-0410-8b05-ffd578937521
This commit is contained in:
Richard Frith-MacDonald
parent
6a1ff80510
commit
dc0c550db8
4 changed files with 155 additions and 9 deletions
|
|
@ -1,3 +1,9 @@
|
|||
2010-02-18 Richard Frith-Macdonald <rfm@gnu.org>
|
||||
|
||||
* SSL/configure.ac: Check for latest thread ID callback
|
||||
* SSL/configure: regenerate
|
||||
* SSL/GSSSLHandle.m: Add thread-safety support callbacks.
|
||||
|
||||
2010-02-18 Richard Frith-Macdonald <rfm@gnu.org>
|
||||
|
||||
* Source/GNUmakefile:
|
||||
|
|
|
|||
|
|
@ -48,17 +48,20 @@
|
|||
#include <openssl/ssl.h>
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/crypto.h>
|
||||
#undef id
|
||||
|
||||
#include <Foundation/NSDebug.h>
|
||||
#include <Foundation/NSFileHandle.h>
|
||||
#include <Foundation/NSFileManager.h>
|
||||
#include <Foundation/NSNotification.h>
|
||||
#include <Foundation/NSProcessInfo.h>
|
||||
#include <Foundation/NSUserDefaults.h>
|
||||
#import "Foundation/NSDebug.h"
|
||||
#import "Foundation/NSFileHandle.h"
|
||||
#import "Foundation/NSFileManager.h"
|
||||
#import "Foundation/NSLock.h"
|
||||
#import "Foundation/NSNotification.h"
|
||||
#import "Foundation/NSProcessInfo.h"
|
||||
#import "Foundation/NSThread.h"
|
||||
#import "Foundation/NSUserDefaults.h"
|
||||
|
||||
#include <GNUstepBase/GSFileHandle.h>
|
||||
#include "GSPrivate.h"
|
||||
#import "GNUstepBase/GSFileHandle.h"
|
||||
#import "GSPrivate.h"
|
||||
|
||||
#if defined(__MINGW32__)
|
||||
#include <winsock2.h>
|
||||
|
|
@ -112,6 +115,36 @@ sslError(int err)
|
|||
}
|
||||
|
||||
|
||||
static NSLock **locks = 0;
|
||||
|
||||
static void
|
||||
locking_function(int mode, int n, const char *file, int line)
|
||||
{
|
||||
if (mode & CRYPTO_LOCK)
|
||||
{
|
||||
[locks[n] lock];
|
||||
}
|
||||
else
|
||||
{
|
||||
[locks[n] unlock];
|
||||
}
|
||||
}
|
||||
|
||||
#if defined(HAVE_CRYPTO_THREADID_SET_CALLBACK)
|
||||
static void
|
||||
threadid_function(CRYPTO_THREADID *ref)
|
||||
{
|
||||
CRYPTO_THREADID_set_pointer(ref, GSCurrentThread());
|
||||
}
|
||||
#else
|
||||
static unsigned long
|
||||
threadid_function()
|
||||
{
|
||||
return (unsigned long) GSCurrentThread();
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
@interface GSSSLHandle : GSFileHandle
|
||||
{
|
||||
SSL_CTX *ctx;
|
||||
|
|
@ -141,9 +174,23 @@ static BOOL permitSSLv2 = NO;
|
|||
if (self == [GSSSLHandle class])
|
||||
{
|
||||
NSUserDefaults *defs;
|
||||
unsigned count;
|
||||
|
||||
SSL_library_init();
|
||||
|
||||
count = CRYPTO_num_locks();
|
||||
locks = (NSLock**)malloc(count * sizeof(NSLock*));
|
||||
while (count-- > 0)
|
||||
{
|
||||
locks[count] = [NSLock new];
|
||||
}
|
||||
CRYPTO_set_locking_callback(locking_function);
|
||||
#if defined(HAVE_CRYPTO_THREADID_SET_CALLBACK)
|
||||
CRYPTO_THREADID_set_callback(threadid_function);
|
||||
#else
|
||||
CRYPTO_set_id_callback(threadid_function);
|
||||
#endif
|
||||
|
||||
/*
|
||||
* If there is no /dev/urandom for ssl to use, we must seed the
|
||||
* random number generator ourselves.
|
||||
|
|
|
|||
91
SSL/configure
vendored
91
SSL/configure
vendored
|
|
@ -3635,6 +3635,97 @@ fi
|
|||
if test $ac_cv_lib_ssl_ssl2_clear = yes; then
|
||||
ssl_ok=yes
|
||||
fi
|
||||
echo "$as_me:$LINENO: checking for CRYPTO_THREADID_set_callback" >&5
|
||||
echo $ECHO_N "checking for CRYPTO_THREADID_set_callback... $ECHO_C" >&6
|
||||
if test "${ac_cv_func_CRYPTO_THREADID_set_callback+set}" = set; then
|
||||
echo $ECHO_N "(cached) $ECHO_C" >&6
|
||||
else
|
||||
cat >conftest.$ac_ext <<_ACEOF
|
||||
/* confdefs.h. */
|
||||
_ACEOF
|
||||
cat confdefs.h >>conftest.$ac_ext
|
||||
cat >>conftest.$ac_ext <<_ACEOF
|
||||
/* end confdefs.h. */
|
||||
/* Define CRYPTO_THREADID_set_callback to an innocuous variant, in case <limits.h> declares CRYPTO_THREADID_set_callback.
|
||||
For example, HP-UX 11i <limits.h> declares gettimeofday. */
|
||||
#define CRYPTO_THREADID_set_callback innocuous_CRYPTO_THREADID_set_callback
|
||||
|
||||
/* System header to define __stub macros and hopefully few prototypes,
|
||||
which can conflict with char CRYPTO_THREADID_set_callback (); below.
|
||||
Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
|
||||
<limits.h> exists even on freestanding compilers. */
|
||||
|
||||
#ifdef __STDC__
|
||||
# include <limits.h>
|
||||
#else
|
||||
# include <assert.h>
|
||||
#endif
|
||||
|
||||
#undef CRYPTO_THREADID_set_callback
|
||||
|
||||
/* Override any gcc2 internal prototype to avoid an error. */
|
||||
#ifdef __cplusplus
|
||||
extern "C"
|
||||
{
|
||||
#endif
|
||||
/* We use char because int might match the return type of a gcc2
|
||||
builtin and then its argument prototype would still apply. */
|
||||
char CRYPTO_THREADID_set_callback ();
|
||||
/* The GNU C library defines this for functions which it implements
|
||||
to always fail with ENOSYS. Some functions are actually named
|
||||
something starting with __ and the normal name is an alias. */
|
||||
#if defined (__stub_CRYPTO_THREADID_set_callback) || defined (__stub___CRYPTO_THREADID_set_callback)
|
||||
choke me
|
||||
#else
|
||||
char (*f) () = CRYPTO_THREADID_set_callback;
|
||||
#endif
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
int
|
||||
main ()
|
||||
{
|
||||
return f != CRYPTO_THREADID_set_callback;
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
_ACEOF
|
||||
rm -f conftest.$ac_objext conftest$ac_exeext
|
||||
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
|
||||
(eval $ac_link) 2>conftest.er1
|
||||
ac_status=$?
|
||||
grep -v '^ *+' conftest.er1 >conftest.err
|
||||
rm -f conftest.er1
|
||||
cat conftest.err >&5
|
||||
echo "$as_me:$LINENO: \$? = $ac_status" >&5
|
||||
(exit $ac_status); } &&
|
||||
{ ac_try='test -z "$ac_c_werror_flag"
|
||||
|| test ! -s conftest.err'
|
||||
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
|
||||
(eval $ac_try) 2>&5
|
||||
ac_status=$?
|
||||
echo "$as_me:$LINENO: \$? = $ac_status" >&5
|
||||
(exit $ac_status); }; } &&
|
||||
{ ac_try='test -s conftest$ac_exeext'
|
||||
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
|
||||
(eval $ac_try) 2>&5
|
||||
ac_status=$?
|
||||
echo "$as_me:$LINENO: \$? = $ac_status" >&5
|
||||
(exit $ac_status); }; }; then
|
||||
ac_cv_func_CRYPTO_THREADID_set_callback=yes
|
||||
else
|
||||
echo "$as_me: failed program was:" >&5
|
||||
sed 's/^/| /' conftest.$ac_ext >&5
|
||||
|
||||
ac_cv_func_CRYPTO_THREADID_set_callback=no
|
||||
fi
|
||||
rm -f conftest.err conftest.$ac_objext \
|
||||
conftest$ac_exeext conftest.$ac_ext
|
||||
fi
|
||||
echo "$as_me:$LINENO: result: $ac_cv_func_CRYPTO_THREADID_set_callback" >&5
|
||||
echo "${ECHO_T}$ac_cv_func_CRYPTO_THREADID_set_callback" >&6
|
||||
|
||||
fi
|
||||
fi
|
||||
if test $ssl_ok = no; then
|
||||
|
|
|
|||
|
|
@ -19,7 +19,8 @@
|
|||
#
|
||||
# You should have received a copy of the GNU Lesser General Public
|
||||
# License along with this library; if not, write to the Free
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111 USA
|
||||
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
||||
# Boston, MA 02111 USA
|
||||
AC_INIT
|
||||
AC_CONFIG_SRCDIR([GSSSLHandle.m])
|
||||
|
||||
|
|
@ -165,6 +166,7 @@ if test $enable_openssl = yes; then
|
|||
if test $ac_cv_lib_ssl_ssl2_clear = yes; then
|
||||
ssl_ok=yes
|
||||
fi
|
||||
AC_CHECK_FUNC(CRYPTO_THREADID_set_callback)
|
||||
fi
|
||||
fi
|
||||
if test $ssl_ok = no; then
|
||||
|
|
|
|||
Loading…
Reference in a new issue