diff options
| author | Pauli <ppzgs1@gmail.com> | 2022-01-13 12:19:23 +1100 |
|---|---|---|
| committer | Pauli <ppzgs1@gmail.com> | 2022-01-19 21:51:47 +1100 |
| commit | acce055778ecbf72e06a254b3a9bf2a2907e5170 (patch) | |
| tree | 9e3cb9f0f33b9bc76206129c0883886001b63d33 /ssl/ssl_lib.c | |
| parent | ed16b0fc282d29f755e656043e8a70553ef7bea5 (diff) | |
ssl: better support TSAN operations
For platforms that do not have native TSAN support, locking needs to be used
instead. This adds the locking.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17489)
Diffstat (limited to 'ssl/ssl_lib.c')
| -rw-r--r-- | ssl/ssl_lib.c | 47 |
1 files changed, 35 insertions, 12 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 20fe8bc786..655eac0b7c 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2451,6 +2451,17 @@ LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx) return ctx->sessions; } +static int ssl_tsan_load(SSL_CTX *ctx, TSAN_QUALIFIER int *stat) +{ + int res = 0; + + if (ssl_tsan_lock(ctx)) { + res = tsan_load(stat); + ssl_tsan_unlock(ctx); + } + return res; +} + long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { long l; @@ -2506,27 +2517,27 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) case SSL_CTRL_SESS_NUMBER: return lh_SSL_SESSION_num_items(ctx->sessions); case SSL_CTRL_SESS_CONNECT: - return tsan_load(&ctx->stats.sess_connect); + return ssl_tsan_load(ctx, &ctx->stats.sess_connect); case SSL_CTRL_SESS_CONNECT_GOOD: - return tsan_load(&ctx->stats.sess_connect_good); + return ssl_tsan_load(ctx, &ctx->stats.sess_connect_good); case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: - return tsan_load(&ctx->stats.sess_connect_renegotiate); + return ssl_tsan_load(ctx, &ctx->stats.sess_connect_renegotiate); case SSL_CTRL_SESS_ACCEPT: - return tsan_load(&ctx->stats.sess_accept); + return ssl_tsan_load(ctx, &ctx->stats.sess_accept); case SSL_CTRL_SESS_ACCEPT_GOOD: - return tsan_load(&ctx->stats.sess_accept_good); + return ssl_tsan_load(ctx, &ctx->stats.sess_accept_good); case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: - return tsan_load(&ctx->stats.sess_accept_renegotiate); + return ssl_tsan_load(ctx, &ctx->stats.sess_accept_renegotiate); case SSL_CTRL_SESS_HIT: - return tsan_load(&ctx->stats.sess_hit); + return ssl_tsan_load(ctx, &ctx->stats.sess_hit); case SSL_CTRL_SESS_CB_HIT: - return tsan_load(&ctx->stats.sess_cb_hit); + return ssl_tsan_load(ctx, &ctx->stats.sess_cb_hit); case SSL_CTRL_SESS_MISSES: - return tsan_load(&ctx->stats.sess_miss); + return ssl_tsan_load(ctx, &ctx->stats.sess_miss); case SSL_CTRL_SESS_TIMEOUTS: - return tsan_load(&ctx->stats.sess_timeout); + return ssl_tsan_load(ctx, &ctx->stats.sess_timeout); case SSL_CTRL_SESS_CACHE_FULL: - return tsan_load(&ctx->stats.sess_cache_full); + return ssl_tsan_load(ctx, &ctx->stats.sess_cache_full); case SSL_CTRL_MODE: return (ctx->mode |= larg); case SSL_CTRL_CLEAR_MODE: @@ -3199,6 +3210,14 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, return NULL; } +#ifdef TSAN_REQUIRES_LOCKING + ret->tsan_lock = CRYPTO_THREAD_lock_new(); + if (ret->tsan_lock == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); + goto err; + } +#endif + ret->libctx = libctx; if (propq != NULL) { ret->propq = OPENSSL_strdup(propq); @@ -3465,6 +3484,9 @@ void SSL_CTX_free(SSL_CTX *a) OPENSSL_free(a->sigalg_lookup_cache); CRYPTO_THREAD_lock_free(a->lock); +#ifdef TSAN_REQUIRES_LOCKING + CRYPTO_THREAD_lock_free(a->tsan_lock); +#endif OPENSSL_free(a->propq); @@ -3733,11 +3755,12 @@ void ssl_update_cache(SSL *s, int mode) /* auto flush every 255 connections */ if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) { TSAN_QUALIFIER int *stat; + if (mode & SSL_SESS_CACHE_CLIENT) stat = &s->session_ctx->stats.sess_connect_good; else stat = &s->session_ctx->stats.sess_accept_good; - if ((tsan_load(stat) & 0xff) == 0xff) + if ((ssl_tsan_load(s->session_ctx, stat) & 0xff) == 0xff) SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL)); } } |