Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 4bdb6e43fa285df88d57ce3b79f3711097328d28^! / . / ssl / ssl_lib.c
commit4bdb6e43fa285df88d57ce3b79f3711097328d28[log] [tgz]
authorAdam Langley <alangley@gmail.com>Fri May 15 15:29:21 2015 -0700
committerAdam Langley <agl@google.com>Wed May 20 19:18:13 2015 +0000
treed2533a32138c1004fb084a87bd8bfefe1309eb8a
parent03163f3a115e5305adf5410e7092a65b6e6d534d [diff] [blame]
Remove remaining calls to the old lock functions.

|SSL_CTX| and |X509_STORE| have grown their own locks. Several static
locks have been added to hack around not being able to use a
|CRYPTO_once_t| in public headers. Lastly, support for calling
|SSL_CTX_set_generate_session_id| concurrently with active connections
has been removed. No other property of an |SSL_CTX| works like that.

Change-Id: Iff5fe3ee3fdd6ea9c9daee96f850b107ad8a6bca
Reviewed-on: https://boringssl-review.googlesource.com/4775
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index c4f4a29..d0c52b6 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c

@@ -396,9 +396,7 @@
 }
 
 int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) {
-  CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
   ctx->generate_session_id = cb;
-  CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
   return 1;
 }
 
@@ -424,9 +422,9 @@
   r.session_id_length = id_len;
   memcpy(r.session_id, id, id_len);
 
-  CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
+  CRYPTO_MUTEX_lock_read(&ssl->ctx->lock);
   p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
-  CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
+  CRYPTO_MUTEX_unlock(&ssl->ctx->lock);
   return p != NULL;
 }
 
@@ -1650,6 +1648,8 @@
 
   ret->method = meth->method;
 
+  CRYPTO_MUTEX_init(&ret->lock);
+
   ret->cert_store = NULL;
   ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
   ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
@@ -1774,6 +1774,7 @@
 
   CRYPTO_free_ex_data(&g_ex_data_class_ssl_ctx, ctx, &ctx->ex_data);
 
+  CRYPTO_MUTEX_cleanup(&ctx->lock);
   lh_SSL_SESSION_free(ctx->sessions);
   X509_STORE_free(ctx->cert_store);
   ssl_cipher_preference_list_free(ctx->cipher_list);
@@ -1996,13 +1997,13 @@
       (ctx->session_cache_mode & mode) == mode) {
     /* Automatically flush the internal session cache every 255 connections. */
     int flush_cache = 0;
-    CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+    CRYPTO_MUTEX_lock_write(&ctx->lock);
     ctx->handshakes_since_cache_flush++;
     if (ctx->handshakes_since_cache_flush >= 255) {
       flush_cache = 1;
       ctx->handshakes_since_cache_flush = 0;
     }
-    CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+    CRYPTO_MUTEX_unlock(&ctx->lock);
 
     if (flush_cache) {
       SSL_CTX_flush_sessions(ctx, (unsigned long)time(NULL));
@@ -2624,9 +2625,9 @@
     return 0;
   }
 
-  CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+  CRYPTO_MUTEX_lock_write(&ctx->lock);
   ret = BIO_write(bio, out, out_len) >= 0 && BIO_flush(bio);
-  CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+  CRYPTO_MUTEX_unlock(&ctx->lock);
 
   OPENSSL_free(out);
   return ret;
@@ -2664,9 +2665,9 @@
     return 0;
   }
 
-  CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+  CRYPTO_MUTEX_lock_write(&ctx->lock);
   ret = BIO_write(bio, out, out_len) >= 0 && BIO_flush(bio);
-  CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+  CRYPTO_MUTEX_unlock(&ctx->lock);
 
   OPENSSL_free(out);
   return ret;