Use a single mutex for the certificate generation

It is fast enough so there is no need to complicate
things with up to 65536 different mutexes.

Sponsored by: Robert Klemme

diff --git a/jcc.c b/jcc.c
index a5174b3..3129bab 100644 (file)
--- a/jcc.c
+++ b/jcc.c
@@ -193,11 +193,7 @@ privoxy_mutex_t log_mutex;
 privoxy_mutex_t log_init_mutex;
 privoxy_mutex_t connection_reuse_mutex;
 
 privoxy_mutex_t log_init_mutex;
 privoxy_mutex_t connection_reuse_mutex;
 

-#ifdef LIMIT_MUTEX_NUMBER
-privoxy_mutex_t certificates_mutexes[32];
-#else
-privoxy_mutex_t certificates_mutexes[65536];
-#endif /* LIMIT_MUTEX_NUMBER */
+privoxy_mutex_t certificate_mutex;

 privoxy_mutex_t rng_mutex;
 
 #ifdef FEATURE_EXTERNAL_FILTERS
 privoxy_mutex_t rng_mutex;
 
 #ifdef FEATURE_EXTERNAL_FILTERS


@@ -4590,16 +4586,7 @@ static void initialize_mutexes(void)
     * Prepare global mutex semaphores
     */
 
     * Prepare global mutex semaphores
     */
 

-#ifdef LIMIT_MUTEX_NUMBER
-   int i = 0;
-   for (i = 0; i < 32; i++)
-#else
-   int i = 0;
-   for (i = 0; i < 65536; i++)
-#endif /* LIMIT_MUTEX_NUMBER */
-   {
-      privoxy_mutex_init(&(certificates_mutexes[i]));
-   }
+   privoxy_mutex_init(&certificate_mutex);

    privoxy_mutex_init(&rng_mutex);
 
    privoxy_mutex_init(&log_mutex);
    privoxy_mutex_init(&rng_mutex);
 
    privoxy_mutex_init(&log_mutex);

diff --git a/jcc.h b/jcc.h
index 1299c00..345658a 100644 (file)
--- a/jcc.h
+++ b/jcc.h
@@ -102,11 +102,7 @@ extern privoxy_mutex_t resolver_mutex;
 extern privoxy_mutex_t rand_mutex;
 #endif /* ndef HAVE_RANDOM */
 
 extern privoxy_mutex_t rand_mutex;
 #endif /* ndef HAVE_RANDOM */
 

-#ifdef LIMIT_MUTEX_NUMBER
-extern privoxy_mutex_t certificates_mutexes[32];
-#else
-extern privoxy_mutex_t certificates_mutexes[65536];
-#endif /* LIMIT_MUTEX_NUMBER */
+extern privoxy_mutex_t certificate_mutex;

 extern privoxy_mutex_t rng_mutex;
 
 #endif /* FEATURE_PTHREAD */
 extern privoxy_mutex_t rng_mutex;
 
 #endif /* FEATURE_PTHREAD */

diff --git a/project.h b/project.h
index 1720e76..e5b034b 100644 (file)
--- a/project.h
+++ b/project.h
@@ -347,11 +347,6 @@ struct http_request
 
 
 #ifdef FEATURE_HTTPS_INSPECTION
 
 
 #ifdef FEATURE_HTTPS_INSPECTION

-/*
- * If this macro is defined, mutexes count for generating
- * private keys is changed from 65536 to 32.
- */
-#define LIMIT_MUTEX_NUMBER

 /*
  * Struct for linked list containing certificates
  */
 /*
  * Struct for linked list containing certificates
  */

diff --git a/ssl.c b/ssl.c
index 0172b02..8d9a55a 100644 (file)
--- a/ssl.c
+++ b/ssl.c
@@ -113,7 +113,6 @@ static int file_exists(const char *path);
 static int host_to_hash(struct client_state *csp);
 static int ssl_verify_callback(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags);
 static void free_certificate_chain(struct client_state *csp);
 static int host_to_hash(struct client_state *csp);
 static int ssl_verify_callback(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags);
 static void free_certificate_chain(struct client_state *csp);

-static unsigned int get_certificate_mutex_id(struct client_state *csp);

 static unsigned long  get_certificate_serial(struct client_state *csp);
 static void free_client_ssl_structures(struct client_state *csp);
 static void free_server_ssl_structures(struct client_state *csp);
 static unsigned long  get_certificate_serial(struct client_state *csp);
 static void free_client_ssl_structures(struct client_state *csp);
 static void free_server_ssl_structures(struct client_state *csp);


@@ -437,19 +436,18 @@ extern int create_client_ssl_connection(struct client_state *csp)
     * Generating certificate for requested host. Mutex to prevent
     * certificate and key inconsistence must be locked.
     */
     * Generating certificate for requested host. Mutex to prevent
     * certificate and key inconsistence must be locked.
     */

-   unsigned int cert_mutex_id = get_certificate_mutex_id(csp);
-   privoxy_mutex_lock(&(certificates_mutexes[cert_mutex_id]));
+   privoxy_mutex_lock(&certificate_mutex);

 
    ret = generate_webpage_certificate(csp);
    if (ret < 0)
    {
       log_error(LOG_LEVEL_ERROR,
          "Generate_webpage_certificate failed: %d", ret);
 
    ret = generate_webpage_certificate(csp);
    if (ret < 0)
    {
       log_error(LOG_LEVEL_ERROR,
          "Generate_webpage_certificate failed: %d", ret);

-      privoxy_mutex_unlock(&(certificates_mutexes[cert_mutex_id]));
+      privoxy_mutex_unlock(&certificate_mutex);

       ret = -1;
       goto exit;
    }
       ret = -1;
       goto exit;
    }

-   privoxy_mutex_unlock(&(certificates_mutexes[cert_mutex_id]));
+   privoxy_mutex_unlock(&certificate_mutex);

 
    /*
     * Seed the RNG
 
    /*
     * Seed the RNG


@@ -1627,29 +1625,6 @@ static char *make_certs_path(const char *conf_dir, const char *file_name,
 }
 
 
 }
 
 

-/*********************************************************************
- *
- * Function    :  get_certificate_mutex_id
- *
- * Description :  Computes mutex id from host name hash. This hash must
- *                be already saved in csp structure
- *
- * Parameters  :
- *          1  :  csp = Current client state (buffers, headers, etc...)
- *
- * Returns     :  Mutex id for given host name
- *
- *********************************************************************/
-static unsigned int get_certificate_mutex_id(struct client_state *csp) {
-#ifdef LIMIT_MUTEX_NUMBER
-   return (unsigned int)(csp->http->hash_of_host[0] % 32);
-#else
-   return (unsigned int)(csp->http->hash_of_host[1]
-      + 256 * (int)csp->http->hash_of_host[0]);
-#endif /* LIMIT_MUTEX_NUMBER */
-}
-
-

 /*********************************************************************
  *
  * Function    :  get_certificate_serial
 /*********************************************************************
  *
  * Function    :  get_certificate_serial