mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

have calling thread wait for crl monitor thread to setup for simpler cleanup

Browse Source
This commit is contained in:
toddouska 2015-11-23 14:15:12 -08:00
parent 9c6b52876a
commit 32b2d7f9e4
8 changed files with 90 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
configure.ac
View File

@ -6,7 +6,7 @@
#
#
AC_INIT([wolfssl],[3.7.1],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
AC_INIT([wolfssl],[3.7.2],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
AC_CONFIG_AUX_DIR([build-aux])

16
examples/server/server.c
View File

@ -266,6 +266,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
int throughput = 0;
int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS;
int doListen = 1;
int crlFlags = 0;
int ret;
char* alpnList = NULL;
unsigned char alpn_opt = 0;
@ -309,6 +310,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
(void)minDhKeyBits;
(void)alpnList;
(void)alpn_opt;
(void)crlFlags;
#ifdef CYASSL_TIRTOS
fdOpenSession(Task_self());
@ -709,10 +711,16 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
wolfSSL_SetHsDoneCb(ssl, myHsDoneCb, NULL);
#endif
#ifdef HAVE_CRL
CyaSSL_EnableCRL(ssl, 0);
CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, CYASSL_CRL_MONITOR |
CYASSL_CRL_START_MON);
CyaSSL_SetCRL_Cb(ssl, CRL_CallBack);
#ifdef HAVE_CRL_MONITOR
crlFlags = CYASSL_CRL_MONITOR | CYASSL_CRL_START_MON;
#endif
if (CyaSSL_EnableCRL(ssl, 0) != SSL_SUCCESS)
err_sys("unable to enable CRL");
if (CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, crlFlags)
!= SSL_SUCCESS)
err_sys("unable to load CRL");
if (CyaSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS)
err_sys("unable to set CRL callback url");
#endif
#ifdef HAVE_OCSP
if (useOcsp) {

77
src/crl.c
View File

@ -55,8 +55,10 @@ int InitCRL(WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm)
crl->monitors[0].path = NULL;
crl->monitors[1].path = NULL;
#ifdef HAVE_CRL_MONITOR
crl->tid = 0;
crl->mfd = -1; /* mfd for bsd is kqueue fd, eventfd for linux */
crl->tid = 0;
crl->mfd = -1; /* mfd for bsd is kqueue fd, eventfd for linux */
crl->setup = 0; /* thread setup done predicate */
pthread_cond_init(&crl->cond, 0);
#endif
if (InitMutex(&crl->crlLock) != 0)
return BAD_MUTEX_E;
@ -120,7 +122,7 @@ void FreeCRL(WOLFSSL_CRL* crl, int dynamic)
FreeCRL_Entry(tmp);
XFREE(tmp, NULL, DYNAMIC_TYPE_CRL_ENTRY);
tmp = next;
}
}
#ifdef HAVE_CRL_MONITOR
if (crl->tid != 0) {
@ -128,10 +130,10 @@ void FreeCRL(WOLFSSL_CRL* crl, int dynamic)
if (StopMonitor(crl->mfd) == 0)
pthread_join(crl->tid, NULL);
else {
WOLFSSL_MSG("stop monitor failed, cancel instead");
pthread_cancel(crl->tid);
WOLFSSL_MSG("stop monitor failed");
}
}
pthread_cond_destroy(&crl->cond);
#endif
FreeMutex(&crl->crlLock);
if (dynamic) /* free self */
@ -324,6 +326,24 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type)
#ifdef HAVE_CRL_MONITOR
/* Signal Monitor thread is setup, save status to setup flag, 0 on success */
static int SignalSetup(WOLFSSL_CRL* crl, int status)
{
/* signal to calling thread we're setup */
if (LockMutex(&crl->crlLock) != 0) {
WOLFSSL_MSG("LockMutex crlLock failed");
return BAD_MUTEX_E;
}
crl->setup = status;
pthread_cond_signal(&crl->cond);
UnLockMutex(&crl->crlLock);
return 0;
}
/* read in new CRL entries and save new list */
static int SwapLists(WOLFSSL_CRL* crl)
{
@ -451,6 +471,7 @@ static void* DoMonitor(void* arg)
crl->mfd = kqueue();
if (crl->mfd == -1) {
WOLFSSL_MSG("kqueue failed");
SignalSetup(crl, MONITOR_SETUP_E);
return NULL;
}
@ -458,6 +479,7 @@ static void* DoMonitor(void* arg)
EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, EV_ADD, 0, 0, NULL);
if (kevent(crl->mfd, &change, 1, NULL, 0, NULL) < 0) {
WOLFSSL_MSG("kevent monitor customer event failed");
SignalSetup(crl, MONITOR_SETUP_E);
close(crl->mfd);
return NULL;
}
@ -469,6 +491,7 @@ static void* DoMonitor(void* arg)
fPEM = open(crl->monitors[0].path, XEVENT_MODE);
if (fPEM == -1) {
WOLFSSL_MSG("PEM event dir open failed");
SignalSetup(crl, MONITOR_SETUP_E);
close(crl->mfd);
return NULL;
}
@ -479,6 +502,7 @@ static void* DoMonitor(void* arg)
if (fDER == -1) {
WOLFSSL_MSG("DER event dir open failed");
close(crl->mfd);
SignalSetup(crl, MONITOR_SETUP_E);
return NULL;
}
}
@ -491,6 +515,10 @@ static void* DoMonitor(void* arg)
EV_SET(&change, fDER, EVFILT_VNODE, EV_ADD | EV_ENABLE | EV_ONESHOT,
NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_ATTRIB, 0, 0);
/* signal to calling thread we're setup */
if (SignalSetup(crl, 1) != 0)
return NULL;
for (;;) {
struct kevent event;
int numEvents = kevent(crl->mfd, &change, 1, &event, 1, NULL);
@ -571,6 +599,7 @@ static void* DoMonitor(void* arg)
crl->mfd = eventfd(0, 0); /* our custom shutdown event */
if (crl->mfd < 0) {
WOLFSSL_MSG("eventfd failed");
SignalSetup(crl, MONITOR_SETUP_E);
return NULL;
}
@ -578,6 +607,7 @@ static void* DoMonitor(void* arg)
if (notifyFd < 0) {
WOLFSSL_MSG("inotify failed");
close(crl->mfd);
SignalSetup(crl, MONITOR_SETUP_E);
return NULL;
}
@ -588,6 +618,7 @@ static void* DoMonitor(void* arg)
WOLFSSL_MSG("PEM notify add watch failed");
close(crl->mfd);
close(notifyFd);
SignalSetup(crl, MONITOR_SETUP_E);
return NULL;
}
}
@ -599,6 +630,7 @@ static void* DoMonitor(void* arg)
WOLFSSL_MSG("DER notify add watch failed");
close(crl->mfd);
close(notifyFd);
SignalSetup(crl, MONITOR_SETUP_E);
return NULL;
}
}
@ -609,6 +641,10 @@ static void* DoMonitor(void* arg)
return NULL;
#endif
/* signal to calling thread we're setup */
if (SignalSetup(crl, 1) != 0)
return NULL;
for (;;) {
fd_set readfds;
int result;
@ -666,26 +702,43 @@ static void* DoMonitor(void* arg)
/* Start Monitoring the CRL path(s) in a thread */
static int StartMonitorCRL(WOLFSSL_CRL* crl)
{
pthread_attr_t attr;
int ret = SSL_SUCCESS;
WOLFSSL_ENTER("StartMonitorCRL");
if (crl == NULL)
if (crl == NULL)
return BAD_FUNC_ARG;
if (crl->tid != 0) {
WOLFSSL_MSG("Monitor thread already running");
return MONITOR_RUNNING_E;
return ret; /* that's ok, someone already started */
}
pthread_attr_init(&attr);
if (pthread_create(&crl->tid, &attr, DoMonitor, crl) != 0) {
if (pthread_create(&crl->tid, NULL, DoMonitor, crl) != 0) {
WOLFSSL_MSG("Thread creation error");
return THREAD_CREATE_E;
}
return SSL_SUCCESS;
/* wait for setup to complete */
if (LockMutex(&crl->crlLock) != 0) {
WOLFSSL_MSG("LockMutex crlLock error");
return BAD_MUTEX_E;
}
while (crl->setup == 0)
pthread_cond_wait(&crl->cond, &crl->crlLock);
if (crl->setup < 0)
ret = crl->setup; /* store setup error */
UnLockMutex(&crl->crlLock);
if (ret < 0) {
WOLFSSL_MSG("DoMonitor setup failure");
crl->tid = 0; /* thread already done */
}
return ret;
}

4
src/internal.c
View File

@ -8626,8 +8626,8 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
case CRL_MISSING:
return "CRL missing, not loaded";
case MONITOR_RUNNING_E:
return "CRL monitor already running";
case MONITOR_SETUP_E:
return "CRL monitor setup error";
case THREAD_CREATE_E:
return "Thread creation problem";

2
support/wolfssl.pc
View File

@ -5,6 +5,6 @@ includedir=${prefix}/include
Name: wolfssl
Description: wolfssl C library.
Version: 3.7.1
Version: 3.7.2
Libs: -L${libdir} -lwolfssl
Cflags: -I${includedir}

2
wolfssl/error-ssl.h
View File

@ -94,7 +94,7 @@ enum wolfSSL_ErrorCodes {
OCSP_CERT_REVOKED = -360, /* OCSP Certificate revoked */
CRL_CERT_REVOKED = -361, /* CRL Certificate revoked */
CRL_MISSING = -362, /* CRL Not loaded */
MONITOR_RUNNING_E = -363, /* CRL Monitor already running */
MONITOR_SETUP_E = -363, /* CRL Monitor setup error */
THREAD_CREATE_E = -364, /* Thread Create Error */
OCSP_NEED_URL = -365, /* OCSP need an URL for lookup */
OCSP_CERT_UNKNOWN = -366, /* OCSP responder doesn't know */

10
wolfssl/internal.h
View File

@ -1339,12 +1339,14 @@ struct CRL_Monitor {
/* wolfSSL CRL controller */
struct WOLFSSL_CRL {
WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
CRL_Entry* crlList; /* our CRL list */
CRL_Entry* crlList; /* our CRL list */
wolfSSL_Mutex crlLock; /* CRL list lock */
CRL_Monitor monitors[2]; /* PEM and DER possible */
CRL_Monitor monitors[2]; /* PEM and DER possible */
#ifdef HAVE_CRL_MONITOR
pthread_t tid; /* monitoring thread */
int mfd; /* monitor fd, -1 if no init yet */
pthread_cond_t cond; /* condition to signal setup */
pthread_t tid; /* monitoring thread */
int mfd; /* monitor fd, -1 if no init yet */
int setup; /* thread is setup predicate */
#endif
};

4
wolfssl/version.h
View File

@ -26,8 +26,8 @@
extern "C" {
#endif
#define LIBWOLFSSL_VERSION_STRING "3.7.1"
#define LIBWOLFSSL_VERSION_HEX 0x03007001
#define LIBWOLFSSL_VERSION_STRING "3.7.2"
#define LIBWOLFSSL_VERSION_HEX 0x03007002
#ifdef __cplusplus
}