From d22974b7912fab889a1e3ac73373e429e8b0ed7c Mon Sep 17 00:00:00 2001 From: Benjamin Barenblat Date: Thu, 6 Aug 2015 10:15:53 -0400 Subject: Make OpenSSL usage thread-safe (closes #206) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Enable OpenSSL’s multithreading support by defining locking and thread-ID callbacks. Remove a lock obviated by this change. --- src/c/openssl.c | 40 ++++++++++++++++++++++++++++++++++++++++ src/c/urweb.c | 5 ----- 2 files changed, 40 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/c/openssl.c b/src/c/openssl.c index 1d820a34..6d018707 100644 --- a/src/c/openssl.c +++ b/src/c/openssl.c @@ -1,5 +1,6 @@ #include "config.h" +#include #include #include #include @@ -7,12 +8,17 @@ #include #include #include +#include +#include #include #include #define PASSSIZE 4 +// OpenSSL locks array. See threads(3SSL). +static pthread_mutex_t *openssl_locks; + int uw_hash_blocksize = 32; static int password[PASSSIZE]; @@ -27,7 +33,41 @@ static void random_password() { } } +// OpenSSL callbacks +static void thread_id(CRYPTO_THREADID *const result) { + CRYPTO_THREADID_set_numeric(result, pthread_self()); +} +static void lock_or_unlock(const int mode, const int type, const char *file, + const int line) { + pthread_mutex_t *const lock = &openssl_locks[type]; + if (mode & CRYPTO_LOCK) { + if (pthread_mutex_lock(lock)) { + fprintf(stderr, "Can't take lock at %s:%d\n", file, line); + exit(1); + } + } else { + if (pthread_mutex_unlock(lock)) { + fprintf(stderr, "Can't release lock at %s:%d\n", file, line); + exit(1); + } + } +} + void uw_init_crypto() { + int i; + // Set up OpenSSL. + assert(openssl_locks == NULL); + openssl_locks = malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t)); + if (!openssl_locks) { + perror("malloc"); + exit(1); + } + for (i = 0; i < CRYPTO_num_locks(); ++i) { + pthread_mutex_init(&(openssl_locks[i]), NULL); + } + CRYPTO_THREADID_set_callback(thread_id); + CRYPTO_set_locking_callback(lock_or_unlock); + // Prepare signatures. if (uw_sig_file) { int fd; diff --git a/src/c/urweb.c b/src/c/urweb.c index 1e49dae0..6d3836f1 100644 --- a/src/c/urweb.c +++ b/src/c/urweb.c @@ -167,13 +167,8 @@ void *uw_init_client_data(); void uw_free_client_data(void *); void uw_copy_client_data(void *dst, void *src); -static pthread_mutex_t rand_mutex = PTHREAD_MUTEX_INITIALIZER; - static uw_Basis_int my_rand() { - pthread_mutex_lock(&rand_mutex); int ret, r = RAND_bytes((unsigned char *)&ret, sizeof ret); - pthread_mutex_unlock(&rand_mutex); - if (r) return abs(ret); else -- cgit v1.2.3 From 98230036ecde51e20e749f8817d11215d4b74265 Mon Sep 17 00:00:00 2001 From: Adam Chlipala Date: Thu, 20 Aug 2015 15:11:40 -0400 Subject: Beautify '-h' output for web servers --- src/c/http.c | 2 +- src/settings.sml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/c/http.c b/src/c/http.c index e6c7b1af..9059746f 100644 --- a/src/c/http.c +++ b/src/c/http.c @@ -314,7 +314,7 @@ static void *worker(void *data) { } static void help(char *cmd) { - printf("Usage: %s [-p ] [-a ] [-t ] [-k] [-q] [-T SEC]\nThe '-k' option turns on HTTP keepalive.\nThe '-q' option turns off some chatter on stdout.\nThe -T option sets socket recv timeout (0 disables timeout, default is 5 sec)", cmd); + printf("Usage: %s [-p ] [-a ] [-t ] [-k] [-q] [-T SEC]\nThe '-k' option turns on HTTP keepalive.\nThe '-q' option turns off some chatter on stdout.\nThe '-T' option sets socket recv timeout (0 disables timeout, default is 5 sec).\n", cmd); } static void sigint(int signum) { diff --git a/src/settings.sml b/src/settings.sml index cd2de8a9..10a4af48 100644 --- a/src/settings.sml +++ b/src/settings.sml @@ -883,7 +883,7 @@ fun addFile {Uri, LoadFromFilename} = if path' = path then () else - ErrorMsg.error ("Two different files requested for URI " ^ Uri) + ErrorMsg.error ("Two different files requested for URI " ^ Uri ^ " ( " ^ path' ^ " vs. " ^ path ^ ")") | NONE => let val inf = BinIO.openIn path -- cgit v1.2.3 From 03f1d80a665c4de6fd83ff6dc9399dda97838efa Mon Sep 17 00:00:00 2001 From: Adam Chlipala Date: Thu, 27 Aug 2015 16:28:45 -0400 Subject: Proper error message for excessively fancy FFI signatures --- src/elaborate.sml | 12 ++++++++++++ tests/empty.ur | 0 tests/ffisub.urp | 3 +++ tests/ffisub.urs | 5 +++++ 4 files changed, 20 insertions(+) create mode 100644 tests/empty.ur create mode 100644 tests/ffisub.urp create mode 100644 tests/ffisub.urs (limited to 'src') diff --git a/src/elaborate.sml b/src/elaborate.sml index 5b18ae94..ca4e124c 100644 --- a/src/elaborate.sml +++ b/src/elaborate.sml @@ -4123,6 +4123,18 @@ and elabDecl (dAll as (d, loc), (env, denv, gs)) = val dNew = (L'.DFfiStr (x, n, sgn'), loc) in + case #1 sgn' of + L'.SgnConst sgis => + (case List.find (fn (L'.SgiConAbs _, _) => false + | (L'.SgiCon _, _) => false + | (L'.SgiDatatype _, _) => false + | (L'.SgiVal _, _) => false + | _ => true) sgis of + NONE => () + | SOME sgi => (ErrorMsg.errorAt loc "Disallowed signature item for FFI module"; + epreface ("item", p_sgn_item env sgi))) + | _ => raise Fail "FFI signature isn't SgnConst"; + Option.map (fn tm => ModDb.insert (dNew, tm)) tmo; ([dNew], (env', denv, enD gs' @ gs)) end) diff --git a/tests/empty.ur b/tests/empty.ur new file mode 100644 index 00000000..e69de29b diff --git a/tests/ffisub.urp b/tests/ffisub.urp new file mode 100644 index 00000000..b695bad1 --- /dev/null +++ b/tests/ffisub.urp @@ -0,0 +1,3 @@ +ffi ffisub + +empty diff --git a/tests/ffisub.urs b/tests/ffisub.urs new file mode 100644 index 00000000..ce245884 --- /dev/null +++ b/tests/ffisub.urs @@ -0,0 +1,5 @@ +structure S : sig + type t +end + +val x : S.t -- cgit v1.2.3