From: Fabian Keil Date: Wed, 26 Feb 2020 09:02:11 +0000 (+0100) Subject: Use a single mutex for the certificate generation X-Git-Tag: v_3_0_29~473 X-Git-Url: http://www.privoxy.org/gitweb/%22https:/@user-manual@@actions-help-prefix@HANDLE-AS-EMPTY-DOCUMENT?a=commitdiff_plain;h=bce0c44ff68888e53be6e0f986cb46c39ce8e3a5;p=privoxy.git Use a single mutex for the certificate generation It is fast enough so there is no need to complicate things with up to 65536 different mutexes. Sponsored by: Robert Klemme --- diff --git a/jcc.c b/jcc.c index a5174b30..3129bab4 100644 --- a/jcc.c +++ b/jcc.c @@ -193,11 +193,7 @@ privoxy_mutex_t log_mutex; privoxy_mutex_t log_init_mutex; privoxy_mutex_t connection_reuse_mutex; -#ifdef LIMIT_MUTEX_NUMBER -privoxy_mutex_t certificates_mutexes[32]; -#else -privoxy_mutex_t certificates_mutexes[65536]; -#endif /* LIMIT_MUTEX_NUMBER */ +privoxy_mutex_t certificate_mutex; privoxy_mutex_t rng_mutex; #ifdef FEATURE_EXTERNAL_FILTERS @@ -4590,16 +4586,7 @@ static void initialize_mutexes(void) * Prepare global mutex semaphores */ -#ifdef LIMIT_MUTEX_NUMBER - int i = 0; - for (i = 0; i < 32; i++) -#else - int i = 0; - for (i = 0; i < 65536; i++) -#endif /* LIMIT_MUTEX_NUMBER */ - { - privoxy_mutex_init(&(certificates_mutexes[i])); - } + privoxy_mutex_init(&certificate_mutex); privoxy_mutex_init(&rng_mutex); privoxy_mutex_init(&log_mutex); diff --git a/jcc.h b/jcc.h index 1299c00e..345658a2 100644 --- a/jcc.h +++ b/jcc.h @@ -102,11 +102,7 @@ extern privoxy_mutex_t resolver_mutex; extern privoxy_mutex_t rand_mutex; #endif /* ndef HAVE_RANDOM */ -#ifdef LIMIT_MUTEX_NUMBER -extern privoxy_mutex_t certificates_mutexes[32]; -#else -extern privoxy_mutex_t certificates_mutexes[65536]; -#endif /* LIMIT_MUTEX_NUMBER */ +extern privoxy_mutex_t certificate_mutex; extern privoxy_mutex_t rng_mutex; #endif /* FEATURE_PTHREAD */ diff --git a/project.h b/project.h index 1720e768..e5b034bf 100644 --- a/project.h +++ b/project.h @@ -347,11 +347,6 @@ struct http_request #ifdef FEATURE_HTTPS_INSPECTION -/* - * If this macro is defined, mutexes count for generating - * private keys is changed from 65536 to 32. - */ -#define LIMIT_MUTEX_NUMBER /* * Struct for linked list containing certificates */ diff --git a/ssl.c b/ssl.c index 0172b02a..8d9a55ac 100644 --- a/ssl.c +++ b/ssl.c @@ -113,7 +113,6 @@ static int file_exists(const char *path); static int host_to_hash(struct client_state *csp); static int ssl_verify_callback(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags); static void free_certificate_chain(struct client_state *csp); -static unsigned int get_certificate_mutex_id(struct client_state *csp); static unsigned long get_certificate_serial(struct client_state *csp); static void free_client_ssl_structures(struct client_state *csp); static void free_server_ssl_structures(struct client_state *csp); @@ -437,19 +436,18 @@ extern int create_client_ssl_connection(struct client_state *csp) * Generating certificate for requested host. Mutex to prevent * certificate and key inconsistence must be locked. */ - unsigned int cert_mutex_id = get_certificate_mutex_id(csp); - privoxy_mutex_lock(&(certificates_mutexes[cert_mutex_id])); + privoxy_mutex_lock(&certificate_mutex); ret = generate_webpage_certificate(csp); if (ret < 0) { log_error(LOG_LEVEL_ERROR, "Generate_webpage_certificate failed: %d", ret); - privoxy_mutex_unlock(&(certificates_mutexes[cert_mutex_id])); + privoxy_mutex_unlock(&certificate_mutex); ret = -1; goto exit; } - privoxy_mutex_unlock(&(certificates_mutexes[cert_mutex_id])); + privoxy_mutex_unlock(&certificate_mutex); /* * Seed the RNG @@ -1627,29 +1625,6 @@ static char *make_certs_path(const char *conf_dir, const char *file_name, } -/********************************************************************* - * - * Function : get_certificate_mutex_id - * - * Description : Computes mutex id from host name hash. This hash must - * be already saved in csp structure - * - * Parameters : - * 1 : csp = Current client state (buffers, headers, etc...) - * - * Returns : Mutex id for given host name - * - *********************************************************************/ -static unsigned int get_certificate_mutex_id(struct client_state *csp) { -#ifdef LIMIT_MUTEX_NUMBER - return (unsigned int)(csp->http->hash_of_host[0] % 32); -#else - return (unsigned int)(csp->http->hash_of_host[1] - + 256 * (int)csp->http->hash_of_host[0]); -#endif /* LIMIT_MUTEX_NUMBER */ -} - - /********************************************************************* * * Function : get_certificate_serial