From 601d1f67d3db413eaae03175f3c03f4a5d658455 Mon Sep 17 00:00:00 2001 From: Tesfa Mael Date: Wed, 4 Jan 2023 09:28:57 -0800 Subject: [PATCH 01/12] Support rwlock --- src/crl.c | 3 +- wolfcrypt/src/wc_port.c | 91 +++++++++++++++++++++++++------------ wolfssl/wolfcrypt/wc_port.h | 6 ++- 3 files changed, 70 insertions(+), 30 deletions(-) diff --git a/src/crl.c b/src/crl.c index d7083145ff..b834cf876a 100644 --- a/src/crl.c +++ b/src/crl.c @@ -1342,13 +1342,14 @@ static int StartMonitorCRL(WOLFSSL_CRL* crl) return BAD_MUTEX_E; } +#ifndef WOLFSSL_USE_RWLOCK while (crl->setup == 0) { if (pthread_cond_wait(&crl->cond, &crl->crlLock) != 0) { ret = BAD_COND_E; break; } } - +#endif if (crl->setup < 0) ret = crl->setup; /* store setup error */ diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 0d3d1294bb..c14cc11c9d 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -1559,42 +1559,77 @@ int wolfSSL_CryptHwMutexUnLock(void) } #elif defined(WOLFSSL_PTHREADS) + #ifdef WOLFSSL_USE_RWLOCK + int wc_InitMutex(wolfSSL_Mutex* m) + { + if (pthread_rwlock_init(m, 0) == 0) + return 0; + else + return BAD_MUTEX_E; + } - int wc_InitMutex(wolfSSL_Mutex* m) - { - if (pthread_mutex_init(m, 0) == 0) - return 0; - else - return BAD_MUTEX_E; - } + int wc_FreeMutex(wolfSSL_Mutex* m) + { + if (pthread_rwlock_destroy(m) == 0) + return 0; + else + return BAD_MUTEX_E; + } - int wc_FreeMutex(wolfSSL_Mutex* m) - { - if (pthread_mutex_destroy(m) == 0) - return 0; - else - return BAD_MUTEX_E; - } + int wc_LockMutex(wolfSSL_Mutex* m) + { + if (pthread_rwlock_wrlock(m) == 0) + return 0; + else + return BAD_MUTEX_E; + } - int wc_LockMutex(wolfSSL_Mutex* m) - { - if (pthread_mutex_lock(m) == 0) - return 0; - else - return BAD_MUTEX_E; - } + + int wc_UnLockMutex(wolfSSL_Mutex* m) + { + if (pthread_rwlock_unlock(m) == 0) + return 0; + else + return BAD_MUTEX_E; + } + #else + int wc_InitMutex(wolfSSL_Mutex* m) + { + if (pthread_mutex_init(m, 0) == 0) + return 0; + else + return BAD_MUTEX_E; + } - int wc_UnLockMutex(wolfSSL_Mutex* m) - { - if (pthread_mutex_unlock(m) == 0) - return 0; - else - return BAD_MUTEX_E; - } + int wc_FreeMutex(wolfSSL_Mutex* m) + { + if (pthread_mutex_destroy(m) == 0) + return 0; + else + return BAD_MUTEX_E; + } + + int wc_LockMutex(wolfSSL_Mutex* m) + { + if (pthread_mutex_lock(m) == 0) + return 0; + else + return BAD_MUTEX_E; + } + + + int wc_UnLockMutex(wolfSSL_Mutex* m) + { + if (pthread_mutex_unlock(m) == 0) + return 0; + else + return BAD_MUTEX_E; + } + #endif #elif defined(WOLFSSL_LINUXKM) /* Linux kernel mutex routines are voids, alas. */ diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 0c8502016d..15d6ca81ce 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -228,7 +228,11 @@ typedef pthread_mutex_t wolfSSL_Mutex; int maxq_CryptHwMutexTryLock(void); #elif defined(WOLFSSL_PTHREADS) - typedef pthread_mutex_t wolfSSL_Mutex; + #ifdef WOLFSSL_USE_RWLOCK + typedef pthread_rwlock_t wolfSSL_Mutex; + #else + typedef pthread_mutex_t wolfSSL_Mutex; + #endif #elif defined(THREADX) typedef TX_MUTEX wolfSSL_Mutex; #elif defined(WOLFSSL_DEOS) From 1f88e4cacb031c6f986d2028ecd59c26acc50b63 Mon Sep 17 00:00:00 2001 From: Tesfa Mael Date: Wed, 4 Jan 2023 12:38:30 -0800 Subject: [PATCH 02/12] Fix typo, ENABLE_SESSION_CACHE_ROW_LOCK with TITAN_SESSION_CACHE --- src/ssl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 4c8bfe68c5..b5819de5dc 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -6162,8 +6162,8 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) #if defined(TITAN_SESSION_CACHE) #define SESSIONS_PER_ROW 31 #define SESSION_ROWS 64937 - #ifdef ENABLE_SESSION_CACHE_ROW_LOCK - #define ENABLE_SESSION_CACHE_ROW_LOCK + #ifndef ENABLE_SESSION_CACHE_ROW_LOCK + #define ENABLE_SESSION_CACHE_ROW_LOCK #endif #elif defined(HUGE_SESSION_CACHE) #define SESSIONS_PER_ROW 11 From 9401dd10ee1fc5e0d8cf35eda5e0800ff0ca6661 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Thu, 5 Jan 2023 19:27:17 +0100 Subject: [PATCH 03/12] Implement read lock - Use read lock for the SessionCache - Don't copy the --- src/dtls.c | 2 +- src/ssl.c | 79 +++++++++++++++++++------------------ wolfcrypt/src/wc_port.c | 13 ++++++ wolfssl/internal.h | 2 +- wolfssl/wolfcrypt/wc_port.h | 4 ++ 5 files changed, 60 insertions(+), 40 deletions(-) diff --git a/src/dtls.c b/src/dtls.c index ab8c79b9e0..55f6cd8d59 100644 --- a/src/dtls.c +++ b/src/dtls.c @@ -288,7 +288,7 @@ static int TlsSessionIdIsValid(WOLFSSL* ssl, WolfSSL_ConstVector sessionID, return 0; } #endif - ret = TlsSessionCacheGetAndLock(sessionID.elements, &sess, &sessRow); + ret = TlsSessionCacheGetAndLock(sessionID.elements, &sess, &sessRow, 1); if (ret == 0 && sess != NULL) { *isValid = 1; TlsSessionCacheUnlockRow(sessRow); diff --git a/src/ssl.c b/src/ssl.c index b5819de5dc..3315fdbf14 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -6207,12 +6207,14 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) #endif #ifdef ENABLE_SESSION_CACHE_ROW_LOCK - #define SESSION_ROW_LOCK(row) wc_LockMutex(&(row)->row_mutex) + #define SESSION_ROW_RD_LOCK(row) wc_RD_Lock(&(row)->row_mutex) + #define SESSION_ROW_WR_LOCK(row) wc_LockMutex(&(row)->row_mutex) #define SESSION_ROW_UNLOCK(row) wc_UnLockMutex(&(row)->row_mutex); #else static WOLFSSL_GLOBAL wolfSSL_Mutex session_mutex; /* SessionCache mutex */ static WOLFSSL_GLOBAL int session_mutex_valid = 0; - #define SESSION_ROW_LOCK(row) wc_LockMutex(&session_mutex) + #define SESSION_ROW_RD_LOCK(row) wc_RD_Lock(&session_mutex) + #define SESSION_ROW_WR_LOCK(row) wc_LockMutex(&session_mutex) #define SESSION_ROW_UNLOCK(row) wc_UnLockMutex(&session_mutex); #endif @@ -11531,7 +11533,7 @@ int wolfSSL_memsave_session_cache(void* mem, int sz) #endif for (i = 0; i < cache_header.rows; ++i) { #ifdef ENABLE_SESSION_CACHE_ROW_LOCK - if (SESSION_ROW_LOCK(&SessionCache[i]) != 0) { + if (SESSION_ROW_RD_LOCK(&SessionCache[i]) != 0) { WOLFSSL_MSG("Session row cache mutex lock failed"); return BAD_MUTEX_E; } @@ -11593,7 +11595,7 @@ int wolfSSL_memrestore_session_cache(const void* mem, int sz) #endif for (i = 0; i < cache_header.rows; ++i) { #ifdef ENABLE_SESSION_CACHE_ROW_LOCK - if (SESSION_ROW_LOCK(&SessionCache[i]) != 0) { + if (SESSION_ROW_WR_LOCK(&SessionCache[i]) != 0) { WOLFSSL_MSG("Session row cache mutex lock failed"); return BAD_MUTEX_E; } @@ -11664,7 +11666,7 @@ int wolfSSL_save_session_cache(const char *fname) /* session cache */ for (i = 0; i < cache_header.rows; ++i) { #ifdef ENABLE_SESSION_CACHE_ROW_LOCK - if (SESSION_ROW_LOCK(&SessionCache[i]) != 0) { + if (SESSION_ROW_RD_LOCK(&SessionCache[i]) != 0) { WOLFSSL_MSG("Session row cache mutex lock failed"); XFCLOSE(file); return BAD_MUTEX_E; @@ -11751,7 +11753,7 @@ int wolfSSL_restore_session_cache(const char *fname) /* session cache */ for (i = 0; i < cache_header.rows; ++i) { #ifdef ENABLE_SESSION_CACHE_ROW_LOCK - if (SESSION_ROW_LOCK(&SessionCache[i]) != 0) { + if (SESSION_ROW_WR_LOCK(&SessionCache[i]) != 0) { WOLFSSL_MSG("Session row cache mutex lock failed"); XFCLOSE(file); return BAD_MUTEX_E; @@ -14431,7 +14433,7 @@ WOLFSSL_SESSION* wolfSSL_GetSessionClient(WOLFSSL* ssl, const byte* id, int len) /* lock row */ sessRow = &SessionCache[clSess[idx].serverRow]; - if (SESSION_ROW_LOCK(sessRow) != 0) { + if (SESSION_ROW_RD_LOCK(sessRow) != 0) { WOLFSSL_MSG("Session cache row lock failure"); break; } @@ -14520,7 +14522,7 @@ void TlsSessionCacheUnlockRow(word32 row) } int TlsSessionCacheGetAndLock(const byte *id, WOLFSSL_SESSION **sess, - word32 *lockedRow) + word32 *lockedRow, byte readOnly) { SessionRow *sessRow; WOLFSSL_SESSION *s; @@ -14534,7 +14536,11 @@ int TlsSessionCacheGetAndLock(const byte *id, WOLFSSL_SESSION **sess, if (error != 0) return error; sessRow = &SessionCache[row]; - if (SESSION_ROW_LOCK(sessRow) != 0) + if (readOnly) + error = SESSION_ROW_RD_LOCK(sessRow); + else + error = SESSION_ROW_WR_LOCK(sessRow); + if (error != 0) return FATAL_ERROR; /* start from most recently used */ @@ -14579,9 +14585,6 @@ int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output) byte preallocNonceUsed = 0; #endif /* WOLFSSL_TLS13 */ byte tmpBufSet = 0; -#endif -#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) - WOLFSSL_X509* peer = NULL; #endif byte bogusID[ID_LEN]; byte bogusIDSz = 0; @@ -14709,7 +14712,7 @@ int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output) /* init to avoid clang static analyzer false positive */ row = 0; - error = TlsSessionCacheGetAndLock(id, &sess, &row); + error = TlsSessionCacheGetAndLock(id, &sess, &row, 1); error = (error == 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; if (error != WOLFSSL_SUCCESS || sess == NULL) { WOLFSSL_MSG("Get Session from cache failed"); @@ -14749,13 +14752,6 @@ int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output) } if (error == WOLFSSL_SUCCESS) { -#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) - /* We don't want the peer member. We will free it at the end. */ - if (sess->peer != NULL) { - peer = sess->peer; - sess->peer = NULL; - } -#endif #if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13) error = wolfSSL_DupSessionEx(sess, output, 1, preallocNonce, &preallocNonceLen, &preallocNonceUsed); @@ -14845,12 +14841,6 @@ int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output) XFREE(preallocNonce, output->heap, DYNAMIC_TYPE_SESSION_TICK); #endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/ -#endif - -#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) - if (peer != NULL) { - wolfSSL_X509_free(peer); - } #endif return error; @@ -14890,7 +14880,7 @@ int wolfSSL_SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session) if (session->type == WOLFSSL_SESSION_TYPE_CACHE) { if (session->cacheRow < SESSION_ROWS) { sessRow = &SessionCache[session->cacheRow]; - if (SESSION_ROW_LOCK(sessRow) != 0) { + if (SESSION_ROW_RD_LOCK(sessRow) != 0) { WOLFSSL_MSG("Session row lock failed"); return WOLFSSL_FAILURE; } @@ -15097,7 +15087,7 @@ WOLFSSL_SESSION* ClientSessionToSession(const WOLFSSL_SESSION* session) if (error == 0) { /* Lock row */ sessRow = &SessionCache[clientSession->serverRow]; - error = SESSION_ROW_LOCK(sessRow); + error = SESSION_ROW_RD_LOCK(sessRow); if (error != 0) { WOLFSSL_MSG("Session cache row lock failure"); sessRow = NULL; @@ -15149,7 +15139,8 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession, SessionRow* sessRow = NULL; word32 idx = 0; #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) - WOLFSSL_X509* peer = NULL; + WOLFSSL_X509* cachePeer = NULL; + WOLFSSL_X509* addPeer = NULL; #endif #ifdef HAVE_SESSION_TICKET byte* cacheTicBuff = NULL; @@ -15229,7 +15220,7 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession, } sessRow = &SessionCache[row]; - if (SESSION_ROW_LOCK(sessRow) != 0) { + if (SESSION_ROW_WR_LOCK(sessRow) != 0) { #ifdef HAVE_SESSION_TICKET XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK); #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKE_NONCE_MALLOC) @@ -15275,7 +15266,7 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession, #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) /* Save the peer field to free after unlocking the row */ if (cacheSession->peer != NULL) - peer = cacheSession->peer; + cachePeer = cacheSession->peer; cacheSession->peer = NULL; #endif #ifdef HAVE_SESSION_TICKET @@ -15314,6 +15305,11 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession, sizeof(x509_buffer) * cacheSession->chain.count); } #endif /* SESSION_CERTS */ +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) + /* Don't copy the peer cert into cache */ + addPeer = addSession->peer; + addSession->peer = NULL; +#endif cacheSession->heap = NULL; /* Copy data into the cache object */ #if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13) && \ @@ -15325,6 +15321,9 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession, ret = wolfSSL_DupSession(addSession, cacheSession, 1) == WOLFSSL_FAILURE; #endif /* HAVE_SESSION_TICKET && WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/ +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) + addSession->peer = addPeer; +#endif if (ret == 0) { /* Increment the totalCount and the nextIdx */ @@ -15392,9 +15391,9 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession, #endif #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) - if (peer != NULL) { - wolfSSL_X509_free(peer); - peer = NULL; /* Make sure not use after this point */ + if (cachePeer != NULL) { + wolfSSL_X509_free(cachePeer); + cachePeer = NULL; /* Make sure not use after this point */ } #endif @@ -15578,7 +15577,7 @@ int wolfSSL_GetSessionAtIndex(int idx, WOLFSSL_SESSION* session) } sessRow = &SessionCache[row]; - if (SESSION_ROW_LOCK(sessRow) != 0) { + if (SESSION_ROW_RD_LOCK(sessRow) != 0) { return BAD_MUTEX_E; } @@ -15661,7 +15660,7 @@ static int get_locked_session_stats(word32* active, word32* total, word32* peak) for (i = 0; i < SESSION_ROWS; i++) { SessionRow* row = &SessionCache[i]; #ifdef ENABLE_SESSION_CACHE_ROW_LOCK - if (SESSION_ROW_LOCK(row) != 0) { + if (SESSION_ROW_RD_LOCK(row) != 0) { WOLFSSL_MSG("Session row cache mutex lock failed"); return BAD_MUTEX_E; } @@ -32352,7 +32351,11 @@ static void SESSION_ex_data_cache_update(WOLFSSL_SESSION* session, int idx, } sessRow = &SessionCache[row]; - if (SESSION_ROW_LOCK(sessRow) != 0) { + if (get) + error = SESSION_ROW_RD_LOCK(sessRow); + else + error = SESSION_ROW_WR_LOCK(sessRow); + if (error != 0) { WOLFSSL_MSG("Session row lock failed"); return; } @@ -34202,7 +34205,7 @@ int wolfSSL_SSL_CTX_remove_session(WOLFSSL_CTX *ctx, WOLFSSL_SESSION *s) } sessRow = &SessionCache[row]; - if (SESSION_ROW_LOCK(sessRow) != 0) { + if (SESSION_ROW_WR_LOCK(sessRow) != 0) { WOLFSSL_MSG("Session row lock failed"); return BAD_MUTEX_E; } diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index c14cc11c9d..17cb468a26 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -1586,6 +1586,13 @@ int wolfSSL_CryptHwMutexUnLock(void) return BAD_MUTEX_E; } + int wc_RD_Lock(wolfSSL_Mutex* m) + { + if (pthread_rwlock_rdlock(m) == 0) + return 0; + else + return BAD_MUTEX_E; + } int wc_UnLockMutex(wolfSSL_Mutex* m) { @@ -2581,6 +2588,12 @@ int wolfSSL_CryptHwMutexUnLock(void) #warning No mutex handling defined #endif +#ifndef WOLFSSL_USE_RWLOCK + int wc_RD_Lock(wolfSSL_Mutex* m) + { + return wc_LockMutex(m); + } +#endif #ifndef NO_ASN_TIME #if defined(_WIN32_WCE) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 91739be758..8511217fc3 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -3999,7 +3999,7 @@ WOLFSSL_LOCAL WOLFSSL_SESSION* ClientSessionToSession(const WOLFSSL_SESSION* session); WOLFSSL_LOCAL void TlsSessionCacheUnlockRow(word32 row); WOLFSSL_LOCAL int TlsSessionCacheGetAndLock(const byte *id, - WOLFSSL_SESSION **sess, word32 *lockedRow); + WOLFSSL_SESSION **sess, word32 *lockedRow, byte readOnly); /* WOLFSSL_API to test it in tests/api.c */ WOLFSSL_API int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output); WOLFSSL_LOCAL int wolfSSL_SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session); diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 15d6ca81ce..2123d241a5 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -176,6 +176,9 @@ #else #define WOLFSSL_PTHREADS #include + #ifndef WOLFSSL_NO_RWLOCK + #define WOLFSSL_USE_RWLOCK + #endif #endif #endif #endif @@ -385,6 +388,7 @@ WOLFSSL_API wolfSSL_Mutex* wc_InitAndAllocMutex(void); WOLFSSL_API int wc_FreeMutex(wolfSSL_Mutex* m); WOLFSSL_API int wc_LockMutex(wolfSSL_Mutex* m); WOLFSSL_API int wc_UnLockMutex(wolfSSL_Mutex* m); +WOLFSSL_API int wc_RD_Lock(wolfSSL_Mutex* m); #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) /* dynamically set which mutex to use. unlock / lock is controlled by flag */ typedef void (mutex_cb)(int flag, int type, const char* file, int line); From cc298e4fcbca1eb8741f3d309401eded82360c50 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Mon, 16 Jan 2023 18:41:23 +0100 Subject: [PATCH 04/12] TLS 1.3: Don't push ticket to cache if we don't retrieve from it --- src/tls13.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tls13.c b/src/tls13.c index e2bf92ba36..1f25a86cf4 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -10272,7 +10272,7 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl) ssl->options.haveSessionId = 1; -#ifndef NO_SESSION_CACHE +#if !defined(NO_SESSION_CACHE) && defined(WOLFSSL_TICKET_HAVE_ID) AddSession(ssl); #endif From 37c9729999947e46fb097ed891aad4034bf210a7 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Tue, 17 Jan 2023 17:03:34 +0100 Subject: [PATCH 05/12] Detect rwlock support with PTHREAD_RWLOCK_INITIALIZER --- wolfssl/wolfcrypt/wc_port.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 2123d241a5..85943e9061 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -176,7 +176,11 @@ #else #define WOLFSSL_PTHREADS #include - #ifndef WOLFSSL_NO_RWLOCK + /* Use PTHREAD_RWLOCK_INITIALIZER to detect if rwlocks are + * supported in this pthreads lib. */ + #if !defined(WOLFSSL_NO_RWLOCK) && \ + defined(PTHREAD_RWLOCK_INITIALIZER) + #undef WOLFSSL_USE_RWLOCK #define WOLFSSL_USE_RWLOCK #endif #endif From 375d906b2f68cee1cd0597e38a56fd9f3d2cd25a Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 18 Jan 2023 16:30:27 +0100 Subject: [PATCH 06/12] Implement explicit rwlocks - Mutex's still necessary for signals. Implement explicit rwlocks and we can migrate critical mutexs to rwlocks when necessary. --- src/crl.c | 2 - src/ssl.c | 60 ++++++++++++------------ wolfcrypt/src/wc_port.c | 93 +++++++++++++++++++++++-------------- wolfssl/internal.h | 4 ++ wolfssl/wolfcrypt/wc_port.h | 16 +++++-- 5 files changed, 103 insertions(+), 72 deletions(-) diff --git a/src/crl.c b/src/crl.c index b834cf876a..dc7b41f300 100644 --- a/src/crl.c +++ b/src/crl.c @@ -1342,14 +1342,12 @@ static int StartMonitorCRL(WOLFSSL_CRL* crl) return BAD_MUTEX_E; } -#ifndef WOLFSSL_USE_RWLOCK while (crl->setup == 0) { if (pthread_cond_wait(&crl->cond, &crl->crlLock) != 0) { ret = BAD_COND_E; break; } } -#endif if (crl->setup < 0) ret = crl->setup; /* store setup error */ diff --git a/src/ssl.c b/src/ssl.c index 3315fdbf14..3b14274ee1 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -6194,8 +6194,8 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) #ifdef ENABLE_SESSION_CACHE_ROW_LOCK /* not included in import/export */ - wolfSSL_Mutex row_mutex; - int mutex_valid; + wolfSSL_RwLock row_lock; + int lock_valid; #endif } SessionRow; #define SIZEOF_SESSION_ROW (sizeof(WOLFSSL_SESSION) + (sizeof(int) * 2)) @@ -6207,15 +6207,15 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) #endif #ifdef ENABLE_SESSION_CACHE_ROW_LOCK - #define SESSION_ROW_RD_LOCK(row) wc_RD_Lock(&(row)->row_mutex) - #define SESSION_ROW_WR_LOCK(row) wc_LockMutex(&(row)->row_mutex) - #define SESSION_ROW_UNLOCK(row) wc_UnLockMutex(&(row)->row_mutex); + #define SESSION_ROW_RD_LOCK(row) wc_LockRwLock_Rd(&(row)->row_lock) + #define SESSION_ROW_WR_LOCK(row) wc_LockRwLock_Wr(&(row)->row_lock) + #define SESSION_ROW_UNLOCK(row) wc_UnLockRwLock(&(row)->row_lock); #else - static WOLFSSL_GLOBAL wolfSSL_Mutex session_mutex; /* SessionCache mutex */ - static WOLFSSL_GLOBAL int session_mutex_valid = 0; - #define SESSION_ROW_RD_LOCK(row) wc_RD_Lock(&session_mutex) - #define SESSION_ROW_WR_LOCK(row) wc_LockMutex(&session_mutex) - #define SESSION_ROW_UNLOCK(row) wc_UnLockMutex(&session_mutex); + static WOLFSSL_GLOBAL wolfSSL_RwLock session_lock; /* SessionCache lock */ + static WOLFSSL_GLOBAL int session_lock_valid = 0; + #define SESSION_ROW_RD_LOCK(row) wc_LockRwLock_Rd(&session_lock) + #define SESSION_ROW_WR_LOCK(row) wc_LockRwLock_Wr(&session_lock) + #define SESSION_ROW_UNLOCK(row) wc_UnLockRwLock(&session_lock); #endif #if !defined(NO_SESSION_CACHE_REF) && defined(NO_CLIENT_CACHE) @@ -6344,25 +6344,25 @@ int wolfSSL_Init(void) #ifndef NO_SESSION_CACHE #ifdef ENABLE_SESSION_CACHE_ROW_LOCK for (i = 0; i < SESSION_ROWS; ++i) { - SessionCache[i].mutex_valid = 0; + SessionCache[i].lock_valid = 0; } for (i = 0; (ret == WOLFSSL_SUCCESS) && (i < SESSION_ROWS); ++i) { - if (wc_InitMutex(&SessionCache[i].row_mutex) != 0) { + if (wc_InitRwLock(&SessionCache[i].row_lock) != 0) { WOLFSSL_MSG("Bad Init Mutex session"); ret = BAD_MUTEX_E; } else { - SessionCache[i].mutex_valid = 1; + SessionCache[i].lock_valid = 1; } } #else if (ret == WOLFSSL_SUCCESS) { - if (wc_InitMutex(&session_mutex) != 0) { + if (wc_InitRwLock(&session_lock) != 0) { WOLFSSL_MSG("Bad Init Mutex session"); ret = BAD_MUTEX_E; } else { - session_mutex_valid = 1; + session_lock_valid = 1; } } #endif @@ -11526,7 +11526,7 @@ int wolfSSL_memsave_session_cache(void* mem, int sz) XMEMCPY(mem, &cache_header, sizeof(cache_header)); #ifndef ENABLE_SESSION_CACHE_ROW_LOCK - if (wc_LockMutex(&session_mutex) != 0) { + if (SESSION_ROW_RD_LOCK(row) != 0) { WOLFSSL_MSG("Session cache mutex lock failed"); return BAD_MUTEX_E; } @@ -11545,7 +11545,7 @@ int wolfSSL_memsave_session_cache(void* mem, int sz) #endif } #ifndef ENABLE_SESSION_CACHE_ROW_LOCK - wc_UnLockMutex(&session_mutex); + SESSION_ROW_UNLOCK(row); #endif #ifndef NO_CLIENT_CACHE @@ -11588,7 +11588,7 @@ int wolfSSL_memrestore_session_cache(const void* mem, int sz) } #ifndef ENABLE_SESSION_CACHE_ROW_LOCK - if (wc_LockMutex(&session_mutex) != 0) { + if (SESSION_ROW_WR_LOCK(&SessionCache[0]) != 0) { WOLFSSL_MSG("Session cache mutex lock failed"); return BAD_MUTEX_E; } @@ -11607,7 +11607,7 @@ int wolfSSL_memrestore_session_cache(const void* mem, int sz) #endif } #ifndef ENABLE_SESSION_CACHE_ROW_LOCK - wc_UnLockMutex(&session_mutex); + SESSION_ROW_UNLOCK(&SessionCache[0]); #endif #ifndef NO_CLIENT_CACHE @@ -11657,7 +11657,7 @@ int wolfSSL_save_session_cache(const char *fname) } #ifndef ENABLE_SESSION_CACHE_ROW_LOCK - if (wc_LockMutex(&session_mutex) != 0) { + if (SESSION_ROW_RD_LOCK(&SessionCache[0]) != 0) { WOLFSSL_MSG("Session cache mutex lock failed"); XFCLOSE(file); return BAD_MUTEX_E; @@ -11684,7 +11684,7 @@ int wolfSSL_save_session_cache(const char *fname) } } #ifndef ENABLE_SESSION_CACHE_ROW_LOCK - wc_UnLockMutex(&session_mutex); + SESSION_ROW_UNLOCK(&SessionCache[0]); #endif #ifndef NO_CLIENT_CACHE @@ -11744,7 +11744,7 @@ int wolfSSL_restore_session_cache(const char *fname) } #ifndef ENABLE_SESSION_CACHE_ROW_LOCK - if (wc_LockMutex(&session_mutex) != 0) { + if (SESSION_ROW_WR_LOCK(&SessionCache[0]) != 0) { WOLFSSL_MSG("Session cache mutex lock failed"); XFCLOSE(file); return BAD_MUTEX_E; @@ -11772,7 +11772,7 @@ int wolfSSL_restore_session_cache(const char *fname) } } #ifndef ENABLE_SESSION_CACHE_ROW_LOCK - wc_UnLockMutex(&session_mutex); + SESSION_ROW_UNLOCK(&SessionCache[0]); #endif #ifndef NO_CLIENT_CACHE @@ -14209,19 +14209,19 @@ int wolfSSL_Cleanup(void) #ifndef NO_SESSION_CACHE #ifdef ENABLE_SESSION_CACHE_ROW_LOCK for (i = 0; i < SESSION_ROWS; ++i) { - if ((SessionCache[i].mutex_valid == 1) && - (wc_FreeMutex(&SessionCache[i].row_mutex) != 0)) { + if ((SessionCache[i].lock_valid == 1) && + (wc_FreeRwLock(&SessionCache[i].row_lock) != 0)) { if (ret == WOLFSSL_SUCCESS) ret = BAD_MUTEX_E; } - SessionCache[i].mutex_valid = 0; + SessionCache[i].lock_valid = 0; } #else - if ((session_mutex_valid == 1) && (wc_FreeMutex(&session_mutex) != 0)) { + if ((session_lock_valid == 1) && (wc_UnLockRwLock(&session_lock) != 0)) { if (ret == WOLFSSL_SUCCESS) ret = BAD_MUTEX_E; } - session_mutex_valid = 0; + session_lock_valid = 0; #endif #ifndef NO_CLIENT_CACHE if ((clisession_mutex_valid == 1) && @@ -15655,7 +15655,7 @@ static int get_locked_session_stats(word32* active, word32* total, word32* peak) WOLFSSL_ENTER("get_locked_session_stats"); #ifndef ENABLE_SESSION_CACHE_ROW_LOCK - wc_LockMutex(&session_mutex); + SESSION_ROW_RD_LOCK(&SessionCache[0]); #endif for (i = 0; i < SESSION_ROWS; i++) { SessionRow* row = &SessionCache[i]; @@ -15694,7 +15694,7 @@ static int get_locked_session_stats(word32* active, word32* total, word32* peak) #endif } #ifndef ENABLE_SESSION_CACHE_ROW_LOCK - wc_UnLockMutex(&session_mutex); + SESSION_ROW_UNLOCK(&SessionCache[0]); #endif if (active) { diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 17cb468a26..89736db5bf 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -1560,7 +1560,7 @@ int wolfSSL_CryptHwMutexUnLock(void) #elif defined(WOLFSSL_PTHREADS) #ifdef WOLFSSL_USE_RWLOCK - int wc_InitMutex(wolfSSL_Mutex* m) + int wc_InitRwLock(wolfSSL_RwLock* m) { if (pthread_rwlock_init(m, 0) == 0) return 0; @@ -1569,7 +1569,7 @@ int wolfSSL_CryptHwMutexUnLock(void) } - int wc_FreeMutex(wolfSSL_Mutex* m) + int wc_FreeRwLock(wolfSSL_RwLock* m) { if (pthread_rwlock_destroy(m) == 0) return 0; @@ -1578,7 +1578,7 @@ int wolfSSL_CryptHwMutexUnLock(void) } - int wc_LockMutex(wolfSSL_Mutex* m) + int wc_LockRwLock_Wr(wolfSSL_RwLock* m) { if (pthread_rwlock_wrlock(m) == 0) return 0; @@ -1586,7 +1586,7 @@ int wolfSSL_CryptHwMutexUnLock(void) return BAD_MUTEX_E; } - int wc_RD_Lock(wolfSSL_Mutex* m) + int wc_LockRwLock_Rd(wolfSSL_RwLock* m) { if (pthread_rwlock_rdlock(m) == 0) return 0; @@ -1594,49 +1594,48 @@ int wolfSSL_CryptHwMutexUnLock(void) return BAD_MUTEX_E; } - int wc_UnLockMutex(wolfSSL_Mutex* m) + int wc_UnLockRwLock(wolfSSL_RwLock* m) { if (pthread_rwlock_unlock(m) == 0) return 0; else return BAD_MUTEX_E; } - #else - int wc_InitMutex(wolfSSL_Mutex* m) - { - if (pthread_mutex_init(m, 0) == 0) - return 0; - else - return BAD_MUTEX_E; - } + #endif + int wc_InitMutex(wolfSSL_Mutex* m) + { + if (pthread_mutex_init(m, 0) == 0) + return 0; + else + return BAD_MUTEX_E; + } - int wc_FreeMutex(wolfSSL_Mutex* m) - { - if (pthread_mutex_destroy(m) == 0) - return 0; - else - return BAD_MUTEX_E; - } + int wc_FreeMutex(wolfSSL_Mutex* m) + { + if (pthread_mutex_destroy(m) == 0) + return 0; + else + return BAD_MUTEX_E; + } - int wc_LockMutex(wolfSSL_Mutex* m) - { - if (pthread_mutex_lock(m) == 0) - return 0; - else - return BAD_MUTEX_E; - } + int wc_LockMutex(wolfSSL_Mutex* m) + { + if (pthread_mutex_lock(m) == 0) + return 0; + else + return BAD_MUTEX_E; + } - int wc_UnLockMutex(wolfSSL_Mutex* m) - { - if (pthread_mutex_unlock(m) == 0) - return 0; - else - return BAD_MUTEX_E; - } - #endif + int wc_UnLockMutex(wolfSSL_Mutex* m) + { + if (pthread_mutex_unlock(m) == 0) + return 0; + else + return BAD_MUTEX_E; + } #elif defined(WOLFSSL_LINUXKM) /* Linux kernel mutex routines are voids, alas. */ @@ -2589,10 +2588,32 @@ int wolfSSL_CryptHwMutexUnLock(void) #endif #ifndef WOLFSSL_USE_RWLOCK - int wc_RD_Lock(wolfSSL_Mutex* m) + int wc_InitRwLock(wolfSSL_RwLock* m) + { + return wc_InitMutex(m); + } + + + int wc_FreeRwLock(wolfSSL_RwLock* m) + { + return wc_FreeMutex(m); + } + + + int wc_LockRwLock_Wr(wolfSSL_RwLock* m) { return wc_LockMutex(m); } + + int wc_LockRwLock_Rd(wolfSSL_RwLock* m) + { + return wc_LockMutex(m); + } + + int wc_UnLockRwLock(wolfSSL_RwLock* m) + { + return wc_UnLockMutex(m); + } #endif #ifndef NO_ASN_TIME diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 8511217fc3..23a0d23a11 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2295,6 +2295,10 @@ struct WOLFSSL_CRL { wolfSSL_Mutex crlLock; /* CRL list lock */ CRL_Monitor monitors[2]; /* PEM and DER possible */ #ifdef HAVE_CRL_MONITOR +#ifdef WOLFSSL_USE_RWLOCK + pthread_mutex_t condLock; /* Has to be a mutex for not rwlock + * pthread_cond_wait API */ +#endif pthread_cond_t cond; /* condition to signal setup */ pthread_t tid; /* monitoring thread */ int mfd; /* monitor fd, -1 if no init yet */ diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 85943e9061..f4b61cd5e4 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -236,10 +236,9 @@ int maxq_CryptHwMutexTryLock(void); #elif defined(WOLFSSL_PTHREADS) #ifdef WOLFSSL_USE_RWLOCK - typedef pthread_rwlock_t wolfSSL_Mutex; - #else - typedef pthread_mutex_t wolfSSL_Mutex; + typedef pthread_rwlock_t wolfSSL_RwLock; #endif + typedef pthread_mutex_t wolfSSL_Mutex; #elif defined(THREADX) typedef TX_MUTEX wolfSSL_Mutex; #elif defined(WOLFSSL_DEOS) @@ -295,7 +294,11 @@ #else #error Need a mutex type in multithreaded mode #endif /* USE_WINDOWS_API */ + #endif /* SINGLE_THREADED */ +#ifndef WOLFSSL_USE_RWLOCK + typedef wolfSSL_Mutex wolfSSL_RwLock; +#endif /* Reference counting. */ typedef struct wolfSSL_Ref { @@ -392,7 +395,12 @@ WOLFSSL_API wolfSSL_Mutex* wc_InitAndAllocMutex(void); WOLFSSL_API int wc_FreeMutex(wolfSSL_Mutex* m); WOLFSSL_API int wc_LockMutex(wolfSSL_Mutex* m); WOLFSSL_API int wc_UnLockMutex(wolfSSL_Mutex* m); -WOLFSSL_API int wc_RD_Lock(wolfSSL_Mutex* m); +/* RwLock functions. Fallback to Mutex when not implemented explicitly. */ +WOLFSSL_API int wc_InitRwLock(wolfSSL_RwLock* m); +WOLFSSL_API int wc_FreeRwLock(wolfSSL_RwLock* m); +WOLFSSL_API int wc_LockRwLock_Wr(wolfSSL_RwLock* m); +WOLFSSL_API int wc_LockRwLock_Rd(wolfSSL_RwLock* m); +WOLFSSL_API int wc_UnLockRwLock(wolfSSL_RwLock* m); #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) /* dynamically set which mutex to use. unlock / lock is controlled by flag */ typedef void (mutex_cb)(int flag, int type, const char* file, int line); From cd0dc44b16f531f8f17551ccd555cfcc84ca1579 Mon Sep 17 00:00:00 2001 From: Tesfa Mael Date: Wed, 18 Jan 2023 16:12:37 -0800 Subject: [PATCH 07/12] Remove WOLFSSL_USE_RWLOCK guard around mutex condLock --- wolfssl/internal.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 23a0d23a11..796e698a93 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2295,10 +2295,8 @@ struct WOLFSSL_CRL { wolfSSL_Mutex crlLock; /* CRL list lock */ CRL_Monitor monitors[2]; /* PEM and DER possible */ #ifdef HAVE_CRL_MONITOR -#ifdef WOLFSSL_USE_RWLOCK pthread_mutex_t condLock; /* Has to be a mutex for not rwlock * pthread_cond_wait API */ -#endif pthread_cond_t cond; /* condition to signal setup */ pthread_t tid; /* monitoring thread */ int mfd; /* monitor fd, -1 if no init yet */ From b58fc5956086e06df2a572368409e7f6eff79ca2 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Thu, 19 Jan 2023 10:17:49 +0100 Subject: [PATCH 08/12] condLock not necessary after all --- wolfssl/internal.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 796e698a93..8511217fc3 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2295,8 +2295,6 @@ struct WOLFSSL_CRL { wolfSSL_Mutex crlLock; /* CRL list lock */ CRL_Monitor monitors[2]; /* PEM and DER possible */ #ifdef HAVE_CRL_MONITOR - pthread_mutex_t condLock; /* Has to be a mutex for not rwlock - * pthread_cond_wait API */ pthread_cond_t cond; /* condition to signal setup */ pthread_t tid; /* monitoring thread */ int mfd; /* monitor fd, -1 if no init yet */ From 260381a5c348f3673f8e4c013ed01eeef3191cfc Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Thu, 19 Jan 2023 13:00:18 +0100 Subject: [PATCH 09/12] Use configure.ac to check for pthread_rwlock_destroy support --- configure.ac | 1 + wolfssl/wolfcrypt/wc_port.h | 10 +++++++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 76c595aeb1..6dae62269c 100644 --- a/configure.ac +++ b/configure.ac @@ -1109,6 +1109,7 @@ AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xno" ],[ AS_CASE([$PTHREAD_CFLAGS],[-Qunused-arguments*],[PTHREAD_CFLAGS="-Xcompiler $PTHREAD_CFLAGS"]) AM_CFLAGS="$AM_CFLAGS $PTHREAD_CFLAGS" LIBS="$LIBS $PTHREAD_LIBS" + AC_CHECK_FUNCS([pthread_rwlock_destroy]) ],[ ENABLED_SINGLETHREADED=yes ]) diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index f4b61cd5e4..c974020391 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -175,11 +175,15 @@ /* definitions are in linuxkm/linuxkm_wc_port.h */ #else #define WOLFSSL_PTHREADS + #ifdef HAVE_CONFIG_H + /* Need to pull in config.h to get access to + * HAVE_PTHREAD_RWLOCK_DESTROY */ + #include + #undef HAVE_CONFIG_H + #endif #include - /* Use PTHREAD_RWLOCK_INITIALIZER to detect if rwlocks are - * supported in this pthreads lib. */ #if !defined(WOLFSSL_NO_RWLOCK) && \ - defined(PTHREAD_RWLOCK_INITIALIZER) + defined(HAVE_PTHREAD_RWLOCK_DESTROY) #undef WOLFSSL_USE_RWLOCK #define WOLFSSL_USE_RWLOCK #endif From 5db2eb352a3b7c6fdd3ace6c37e12e542675d710 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Fri, 20 Jan 2023 11:37:48 +0100 Subject: [PATCH 10/12] Can't include config.h in wc_port.h as that breaks make distcheck --- configure.ac | 4 +++- wolfcrypt/src/wc_port.c | 2 +- wolfssl/wolfcrypt/wc_port.h | 13 +------------ 3 files changed, 5 insertions(+), 14 deletions(-) diff --git a/configure.ac b/configure.ac index 6dae62269c..90cfe352a1 100644 --- a/configure.ac +++ b/configure.ac @@ -1109,7 +1109,9 @@ AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xno" ],[ AS_CASE([$PTHREAD_CFLAGS],[-Qunused-arguments*],[PTHREAD_CFLAGS="-Xcompiler $PTHREAD_CFLAGS"]) AM_CFLAGS="$AM_CFLAGS $PTHREAD_CFLAGS" LIBS="$LIBS $PTHREAD_LIBS" - AC_CHECK_FUNCS([pthread_rwlock_destroy]) + AC_CHECK_FUNC([pthread_rwlock_destroy], [ + AC_DEFINE([WOLFSSL_USE_RWLOCK], [1], [Define if you have a rwlock implementations]) + ]) ],[ ENABLED_SINGLETHREADED=yes ]) diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 89736db5bf..06829faebf 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -2587,7 +2587,7 @@ int wolfSSL_CryptHwMutexUnLock(void) #warning No mutex handling defined #endif -#ifndef WOLFSSL_USE_RWLOCK +#if !defined(WOLFSSL_USE_RWLOCK) || defined(SINGLE_THREADED) int wc_InitRwLock(wolfSSL_RwLock* m) { return wc_InitMutex(m); diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index c974020391..7e5f1a4d6c 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -175,18 +175,7 @@ /* definitions are in linuxkm/linuxkm_wc_port.h */ #else #define WOLFSSL_PTHREADS - #ifdef HAVE_CONFIG_H - /* Need to pull in config.h to get access to - * HAVE_PTHREAD_RWLOCK_DESTROY */ - #include - #undef HAVE_CONFIG_H - #endif #include - #if !defined(WOLFSSL_NO_RWLOCK) && \ - defined(HAVE_PTHREAD_RWLOCK_DESTROY) - #undef WOLFSSL_USE_RWLOCK - #define WOLFSSL_USE_RWLOCK - #endif #endif #endif #endif @@ -300,7 +289,7 @@ #endif /* USE_WINDOWS_API */ #endif /* SINGLE_THREADED */ -#ifndef WOLFSSL_USE_RWLOCK +#if !defined(WOLFSSL_USE_RWLOCK) || defined(SINGLE_THREADED) typedef wolfSSL_Mutex wolfSSL_RwLock; #endif From 929c43870b8c68657c9713645a8a3d7d24ce1cfe Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Fri, 3 Feb 2023 15:18:09 +0100 Subject: [PATCH 11/12] Check for pthread_rwlock_t to determine if rwlock is available --- configure.ac | 4 +--- wolfssl/wolfcrypt/wc_port.h | 4 ++++ 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 90cfe352a1..6b4a93339a 100644 --- a/configure.ac +++ b/configure.ac @@ -1109,9 +1109,7 @@ AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xno" ],[ AS_CASE([$PTHREAD_CFLAGS],[-Qunused-arguments*],[PTHREAD_CFLAGS="-Xcompiler $PTHREAD_CFLAGS"]) AM_CFLAGS="$AM_CFLAGS $PTHREAD_CFLAGS" LIBS="$LIBS $PTHREAD_LIBS" - AC_CHECK_FUNC([pthread_rwlock_destroy], [ - AC_DEFINE([WOLFSSL_USE_RWLOCK], [1], [Define if you have a rwlock implementations]) - ]) + AC_CHECK_TYPES([pthread_rwlock_t]) ],[ ENABLED_SINGLETHREADED=yes ]) diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 7e5f1a4d6c..5036590f2b 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -175,6 +175,10 @@ /* definitions are in linuxkm/linuxkm_wc_port.h */ #else #define WOLFSSL_PTHREADS + #ifdef HAVE_PTHREAD_RWLOCK_T + #undef WOLFSSL_USE_RWLOCK + #define WOLFSSL_USE_RWLOCK + #endif #include #endif #endif From 99d9852ea8594639f817f7f1f3d5a796192d3ac1 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Fri, 10 Feb 2023 10:00:20 +0100 Subject: [PATCH 12/12] Code review --- src/ssl.c | 20 ++++++++++++++++++-- src/tls13.c | 3 +++ wolfcrypt/src/wc_port.c | 6 ++---- 3 files changed, 23 insertions(+), 6 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 3b14274ee1..3a68f5e5ae 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -6209,13 +6209,13 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) #ifdef ENABLE_SESSION_CACHE_ROW_LOCK #define SESSION_ROW_RD_LOCK(row) wc_LockRwLock_Rd(&(row)->row_lock) #define SESSION_ROW_WR_LOCK(row) wc_LockRwLock_Wr(&(row)->row_lock) - #define SESSION_ROW_UNLOCK(row) wc_UnLockRwLock(&(row)->row_lock); + #define SESSION_ROW_UNLOCK(row) wc_UnLockRwLock(&(row)->row_lock); #else static WOLFSSL_GLOBAL wolfSSL_RwLock session_lock; /* SessionCache lock */ static WOLFSSL_GLOBAL int session_lock_valid = 0; #define SESSION_ROW_RD_LOCK(row) wc_LockRwLock_Rd(&session_lock) #define SESSION_ROW_WR_LOCK(row) wc_LockRwLock_Wr(&session_lock) - #define SESSION_ROW_UNLOCK(row) wc_UnLockRwLock(&session_lock); + #define SESSION_ROW_UNLOCK(row) wc_UnLockRwLock(&session_lock); #endif #if !defined(NO_SESSION_CACHE_REF) && defined(NO_CLIENT_CACHE) @@ -14585,6 +14585,9 @@ int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output) byte preallocNonceUsed = 0; #endif /* WOLFSSL_TLS13 */ byte tmpBufSet = 0; +#endif +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) + WOLFSSL_X509* peer = NULL; #endif byte bogusID[ID_LEN]; byte bogusIDSz = 0; @@ -14752,6 +14755,13 @@ int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output) } if (error == WOLFSSL_SUCCESS) { +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) + /* We don't want the peer member. We will free it at the end. */ + if (sess->peer != NULL) { + peer = sess->peer; + sess->peer = NULL; + } +#endif #if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13) error = wolfSSL_DupSessionEx(sess, output, 1, preallocNonce, &preallocNonceLen, &preallocNonceUsed); @@ -14841,6 +14851,12 @@ int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output) XFREE(preallocNonce, output->heap, DYNAMIC_TYPE_SESSION_TICK); #endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/ +#endif + +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) + if (peer != NULL) { + wolfSSL_X509_free(peer); + } #endif return error; diff --git a/src/tls13.c b/src/tls13.c index 1f25a86cf4..a7567d5138 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -10272,6 +10272,9 @@ static int SendTls13NewSessionTicket(WOLFSSL* ssl) ssl->options.haveSessionId = 1; + /* Only add to cache when suppport built in and when the ticket contains + * an ID. Otherwise we have no way to actually retrieve the ticket from the + * cache. */ #if !defined(NO_SESSION_CACHE) && defined(WOLFSSL_TICKET_HAVE_ID) AddSession(ssl); #endif diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 06829faebf..77cdb1f347 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -1559,6 +1559,7 @@ int wolfSSL_CryptHwMutexUnLock(void) } #elif defined(WOLFSSL_PTHREADS) + #ifdef WOLFSSL_USE_RWLOCK int wc_InitRwLock(wolfSSL_RwLock* m) { @@ -1568,7 +1569,6 @@ int wolfSSL_CryptHwMutexUnLock(void) return BAD_MUTEX_E; } - int wc_FreeRwLock(wolfSSL_RwLock* m) { if (pthread_rwlock_destroy(m) == 0) @@ -1577,7 +1577,6 @@ int wolfSSL_CryptHwMutexUnLock(void) return BAD_MUTEX_E; } - int wc_LockRwLock_Wr(wolfSSL_RwLock* m) { if (pthread_rwlock_wrlock(m) == 0) @@ -1602,6 +1601,7 @@ int wolfSSL_CryptHwMutexUnLock(void) return BAD_MUTEX_E; } #endif + int wc_InitMutex(wolfSSL_Mutex* m) { if (pthread_mutex_init(m, 0) == 0) @@ -2593,13 +2593,11 @@ int wolfSSL_CryptHwMutexUnLock(void) return wc_InitMutex(m); } - int wc_FreeRwLock(wolfSSL_RwLock* m) { return wc_FreeMutex(m); } - int wc_LockRwLock_Wr(wolfSSL_RwLock* m) { return wc_LockMutex(m);