From: Fabian Keil <fk@fabiankeil.de>
Date: Wed, 26 Feb 2020 09:02:11 +0000 (+0100)
Subject: Use a single mutex for the certificate generation
X-Git-Tag: v_3_0_29~473
X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=commitdiff_plain;h=bce0c44ff68888e53be6e0f986cb46c39ce8e3a5

Use a single mutex for the certificate generation

It is fast enough so there is no need to complicate
things with up to 65536 different mutexes.

Sponsored by: Robert Klemme
---

diff --git a/jcc.c b/jcc.c
index a5174b30..3129bab4 100644
--- a/jcc.c
+++ b/jcc.c
@@ -193,11 +193,7 @@ privoxy_mutex_t log_mutex;
 privoxy_mutex_t log_init_mutex;
 privoxy_mutex_t connection_reuse_mutex;
 
-#ifdef LIMIT_MUTEX_NUMBER
-privoxy_mutex_t certificates_mutexes[32];
-#else
-privoxy_mutex_t certificates_mutexes[65536];
-#endif /* LIMIT_MUTEX_NUMBER */
+privoxy_mutex_t certificate_mutex;
 privoxy_mutex_t rng_mutex;
 
 #ifdef FEATURE_EXTERNAL_FILTERS
@@ -4590,16 +4586,7 @@ static void initialize_mutexes(void)
     * Prepare global mutex semaphores
     */
 
-#ifdef LIMIT_MUTEX_NUMBER
-   int i = 0;
-   for (i = 0; i < 32; i++)
-#else
-   int i = 0;
-   for (i = 0; i < 65536; i++)
-#endif /* LIMIT_MUTEX_NUMBER */
-   {
-      privoxy_mutex_init(&(certificates_mutexes[i]));
-   }
+   privoxy_mutex_init(&certificate_mutex);
    privoxy_mutex_init(&rng_mutex);
 
    privoxy_mutex_init(&log_mutex);
diff --git a/jcc.h b/jcc.h
index 1299c00e..345658a2 100644
--- a/jcc.h
+++ b/jcc.h
@@ -102,11 +102,7 @@ extern privoxy_mutex_t resolver_mutex;
 extern privoxy_mutex_t rand_mutex;
 #endif /* ndef HAVE_RANDOM */
 
-#ifdef LIMIT_MUTEX_NUMBER
-extern privoxy_mutex_t certificates_mutexes[32];
-#else
-extern privoxy_mutex_t certificates_mutexes[65536];
-#endif /* LIMIT_MUTEX_NUMBER */
+extern privoxy_mutex_t certificate_mutex;
 extern privoxy_mutex_t rng_mutex;
 
 #endif /* FEATURE_PTHREAD */
diff --git a/project.h b/project.h
index 1720e768..e5b034bf 100644
--- a/project.h
+++ b/project.h
@@ -347,11 +347,6 @@ struct http_request
 
 
 #ifdef FEATURE_HTTPS_INSPECTION
-/*
- * If this macro is defined, mutexes count for generating
- * private keys is changed from 65536 to 32.
- */
-#define LIMIT_MUTEX_NUMBER
 /*
  * Struct for linked list containing certificates
  */
diff --git a/ssl.c b/ssl.c
index 0172b02a..8d9a55ac 100644
--- a/ssl.c
+++ b/ssl.c
@@ -113,7 +113,6 @@ static int file_exists(const char *path);
 static int host_to_hash(struct client_state *csp);
 static int ssl_verify_callback(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags);
 static void free_certificate_chain(struct client_state *csp);
-static unsigned int get_certificate_mutex_id(struct client_state *csp);
 static unsigned long  get_certificate_serial(struct client_state *csp);
 static void free_client_ssl_structures(struct client_state *csp);
 static void free_server_ssl_structures(struct client_state *csp);
@@ -437,19 +436,18 @@ extern int create_client_ssl_connection(struct client_state *csp)
     * Generating certificate for requested host. Mutex to prevent
     * certificate and key inconsistence must be locked.
     */
-   unsigned int cert_mutex_id = get_certificate_mutex_id(csp);
-   privoxy_mutex_lock(&(certificates_mutexes[cert_mutex_id]));
+   privoxy_mutex_lock(&certificate_mutex);
 
    ret = generate_webpage_certificate(csp);
    if (ret < 0)
    {
       log_error(LOG_LEVEL_ERROR,
          "Generate_webpage_certificate failed: %d", ret);
-      privoxy_mutex_unlock(&(certificates_mutexes[cert_mutex_id]));
+      privoxy_mutex_unlock(&certificate_mutex);
       ret = -1;
       goto exit;
    }
-   privoxy_mutex_unlock(&(certificates_mutexes[cert_mutex_id]));
+   privoxy_mutex_unlock(&certificate_mutex);
 
    /*
     * Seed the RNG
@@ -1627,29 +1625,6 @@ static char *make_certs_path(const char *conf_dir, const char *file_name,
 }
 
 
-/*********************************************************************
- *
- * Function    :  get_certificate_mutex_id
- *
- * Description :  Computes mutex id from host name hash. This hash must
- *                be already saved in csp structure
- *
- * Parameters  :
- *          1  :  csp = Current client state (buffers, headers, etc...)
- *
- * Returns     :  Mutex id for given host name
- *
- *********************************************************************/
-static unsigned int get_certificate_mutex_id(struct client_state *csp) {
-#ifdef LIMIT_MUTEX_NUMBER
-   return (unsigned int)(csp->http->hash_of_host[0] % 32);
-#else
-   return (unsigned int)(csp->http->hash_of_host[1]
-      + 256 * (int)csp->http->hash_of_host[0]);
-#endif /* LIMIT_MUTEX_NUMBER */
-}
-
-
 /*********************************************************************
  *
  * Function    :  get_certificate_serial