From 18b07e7fa1f73f5319bf864ccd8f43ec128e41ff Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Wed, 13 Nov 2024 16:56:39 -0600 Subject: [PATCH] rename WOLFSSL_GLOBAL to WC_THREADSHARED, and refactor mutex handling in src/sniffer.c for consistency and correctness, also adding gating on !SINGLE_THREADED for efficiency; add wc_static_assert in wolfcrypt/test/test.h to assure that WC_TEST_RET_ENC() can correctly handle all error codes. --- src/sniffer.c | 143 ++++++++++-------- src/ssl.c | 6 +- src/ssl_sess.c | 14 +- wolfcrypt/src/cryptocb.c | 2 +- .../src/port/Renesas/renesas_fspsm_util.c | 2 +- wolfcrypt/test/test.h | 2 + wolfssl/wolfcrypt/wc_port.h | 4 +- 7 files changed, 95 insertions(+), 78 deletions(-) diff --git a/src/sniffer.c b/src/sniffer.c index eed3216808..186b810b96 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -36,7 +36,6 @@ * WOLFSSL_SNIFFER_NO_RECOVERY: Do not track missed data count. */ - /* xctime */ #ifndef XCTIME #define XCTIME ctime @@ -227,8 +226,8 @@ BOOL APIENTRY DllMain( HMODULE hModule, #endif /* _WIN32 */ -static WOLFSSL_GLOBAL int TraceOn = 0; /* Trace is off by default */ -static WOLFSSL_GLOBAL XFILE TraceFile = 0; +static WC_THREADSHARED int TraceOn = 0; /* Trace is off by default */ +static WC_THREADSHARED XFILE TraceFile = 0; /* windows uses .rc table for this */ @@ -437,8 +436,10 @@ typedef struct SnifferServer { int port; /* server port */ #ifdef HAVE_SNI NamedKey* namedKeys; /* mapping of names and keys */ +#ifndef SINGLE_THREADED wolfSSL_Mutex namedKeysMutex; /* mutex for namedKey list */ #endif +#endif #if defined(WOLFSSL_SNIFFER_KEYLOGFILE) byte useKeyLogFile; /* True if session secrets are coming from a keylog file */ @@ -566,83 +567,95 @@ typedef struct SnifferSession { /* Sniffer Server List and mutex */ -static THREAD_LS_T WOLFSSL_GLOBAL SnifferServer* ServerList = NULL; -#ifndef HAVE_C___ATOMIC -static WOLFSSL_GLOBAL wolfSSL_Mutex ServerListMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(ServerListMutex); +static WC_THREADSHARED SnifferServer* ServerList = NULL; +#ifndef SINGLE_THREADED +static WC_THREADSHARED wolfSSL_Mutex ServerListMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(ServerListMutex); #endif /* Session Hash Table, mutex, and count */ -static THREAD_LS_T WOLFSSL_GLOBAL SnifferSession* SessionTable[HASH_SIZE]; -#ifndef HAVE_C___ATOMIC -static WOLFSSL_GLOBAL wolfSSL_Mutex SessionMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(SessionMutex); +static WC_THREADSHARED SnifferSession* SessionTable[HASH_SIZE]; +#ifndef SINGLE_THREADED +static WC_THREADSHARED wolfSSL_Mutex SessionMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(SessionMutex); #endif -static THREAD_LS_T WOLFSSL_GLOBAL int SessionCount = 0; +static WC_THREADSHARED int SessionCount = 0; -static WOLFSSL_GLOBAL int RecoveryEnabled = 0; /* global switch */ -static WOLFSSL_GLOBAL int MaxRecoveryMemory = -1; +static WC_THREADSHARED int RecoveryEnabled = 0; /* global switch */ +static WC_THREADSHARED int MaxRecoveryMemory = -1; /* per session max recovery memory */ #ifndef WOLFSSL_SNIFFER_NO_RECOVERY /* Recovery of missed data switches and stats */ -static WOLFSSL_GLOBAL wolfSSL_Mutex RecoveryMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(RecoveryMutex); /* for stats */ +#ifndef SINGLE_THREADED +static WC_THREADSHARED wolfSSL_Mutex RecoveryMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(RecoveryMutex); /* for stats */ +#endif /* # of sessions with missed data */ -static WOLFSSL_GLOBAL word32 MissedDataSessions = 0; +static WC_THREADSHARED word32 MissedDataSessions = 0; #endif /* Connection Info Callback */ -static WOLFSSL_GLOBAL SSLConnCb ConnectionCb; -static WOLFSSL_GLOBAL void* ConnectionCbCtx = NULL; +static WC_THREADSHARED SSLConnCb ConnectionCb; +static WC_THREADSHARED void* ConnectionCbCtx = NULL; #ifdef WOLFSSL_SNIFFER_STATS /* Sessions Statistics */ -static WOLFSSL_GLOBAL SSLStats SnifferStats; -static WOLFSSL_GLOBAL wolfSSL_Mutex StatsMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(StatsMutex); +static WC_THREADSHARED SSLStats SnifferStats; +#ifndef SINGLE_THREADED +static WC_THREADSHARED wolfSSL_Mutex StatsMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(StatsMutex); +#endif #endif #ifdef WOLFSSL_SNIFFER_KEY_CALLBACK -static WOLFSSL_GLOBAL SSLKeyCb KeyCb; -static WOLFSSL_GLOBAL void* KeyCbCtx = NULL; +static WC_THREADSHARED SSLKeyCb KeyCb; +static WC_THREADSHARED void* KeyCbCtx = NULL; #endif #ifdef WOLFSSL_SNIFFER_WATCH /* Watch Key Callback */ -static WOLFSSL_GLOBAL SSLWatchCb WatchCb; -static WOLFSSL_GLOBAL void* WatchCbCtx = NULL; +static WC_THREADSHARED SSLWatchCb WatchCb; +static WC_THREADSHARED void* WatchCbCtx = NULL; #endif #ifdef WOLFSSL_SNIFFER_STORE_DATA_CB /* Store Data Callback */ -static WOLFSSL_GLOBAL SSLStoreDataCb StoreDataCb; +static WC_THREADSHARED SSLStoreDataCb StoreDataCb; #endif #ifndef WOLFSSL_SNIFFER_NO_RECOVERY static void UpdateMissedDataSessions(void) { +#ifndef SINGLE_THREADED wc_LockMutex(&RecoveryMutex); +#endif MissedDataSessions += 1; +#ifndef SINGLE_THREADED wc_UnLockMutex(&RecoveryMutex); +#endif } #endif #ifdef WOLFSSL_SNIFFER_STATS - #ifdef HAVE_C___ATOMIC + #if defined(WOLFSSL_ATOMIC_OPS) || defined(SINGLE_THREADED) #define LOCK_STAT() WC_DO_NOTHING #define UNLOCK_STAT() WC_DO_NOTHING - #define NOLOCK_ADD_TO_STAT(x,y) ({ TraceStat(#x, y); \ - __atomic_fetch_add(&x, y, __ATOMIC_RELAXED); }) #else #define LOCK_STAT() wc_LockMutex(&StatsMutex) #define UNLOCK_STAT() wc_UnLockMutex(&StatsMutex) - #define NOLOCK_ADD_TO_STAT(x,y) ({ TraceStat(#x, y); x += y; }) #endif - #define NOLOCK_INC_STAT(x) NOLOCK_ADD_TO_STAT(x,1) - #define ADD_TO_STAT(x,y) do { LOCK_STAT(); \ - NOLOCK_ADD_TO_STAT(x,y); UNLOCK_STAT(); } while (0) - #define INC_STAT(x) do { LOCK_STAT(); \ - NOLOCK_INC_STAT(x); UNLOCK_STAT(); } while (0) + + #define ADD_TO_STAT(x,y) ({ TraceStat(#x, y); wolfSSL_Atomic_Int_FetchAdd(x, y); }) + #define INC_STAT(x) ADD_TO_STAT(x,1) + + #define ADD_TO_STAT(x,y) do { \ + LOCK_STAT(); \ + TraceStat(#x, y); \ + (void)wolfSSL_Atomic_Int_FetchAdd(x, y); \ + UNLOCK_STAT(); \ + } while (0) + + #define INC_STAT(x) ADD_TO_STAT(x, 1) #endif /* WOLFSSL_SNIFFER_STATS */ -#ifdef HAVE_C___ATOMIC +#ifdef SINGLE_THREADED #define LOCK_SESSION() WC_DO_NOTHING #define UNLOCK_SESSION() WC_DO_NOTHING #define LOCK_SERVER_LIST() WC_DO_NOTHING @@ -656,7 +669,7 @@ static void UpdateMissedDataSessions(void) #if defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_ASYNC_CRYPT) - static WOLFSSL_GLOBAL int CryptoDeviceId = INVALID_DEVID; + static WC_THREADSHARED int CryptoDeviceId = INVALID_DEVID; #endif #if defined(WOLFSSL_SNIFFER_KEYLOGFILE) @@ -682,19 +695,16 @@ static int addKeyLogSnifferServerHelper(const char* address, void ssl_InitSniffer_ex(int devId) { wolfSSL_Init(); -#ifndef WOLFSSL_MUTEX_INITIALIZER -#ifndef HAVE_C___ATOMIC +#if !defined(WOLFSSL_MUTEX_INITIALIZER) && !defined(SINGLE_THREADED) wc_InitMutex(&ServerListMutex); wc_InitMutex(&SessionMutex); -#endif #ifndef WOLFSSL_SNIFFER_NO_RECOVERY wc_InitMutex(&RecoveryMutex); #endif #ifdef WOLFSSL_SNIFFER_STATS - XMEMSET(&SnifferStats, 0, sizeof(SSLStats)); wc_InitMutex(&StatsMutex); #endif -#endif /* !WOLFSSL_MUTEX_INITIALIZER */ +#endif /* !WOLFSSL_MUTEX_INITIALIZER && !SINGLE_THREADED */ #ifdef WOLFSSL_SNIFFER_STATS XMEMSET(&SnifferStats, 0, sizeof(SSLStats)); @@ -799,10 +809,14 @@ static void FreeSnifferServer(SnifferServer* srv) { if (srv) { #ifdef HAVE_SNI +#ifndef SINGLE_THREADED wc_LockMutex(&srv->namedKeysMutex); +#endif FreeNamedKeyList(srv->namedKeys); +#ifndef SINGLE_THREADED wc_UnLockMutex(&srv->namedKeysMutex); wc_FreeMutex(&srv->namedKeysMutex); +#endif #endif wolfSSL_CTX_free(srv->ctx); } @@ -905,15 +919,16 @@ void ssl_FreeSniffer(void) #endif /* WOLFSSL_SNIFFER_KEYLOGFILE */ -#ifndef WOLFSSL_MUTEX_INITIALIZER +#if !defined(WOLFSSL_MUTEX_INITIALIZER) && !defined(SINGLE_THREADED) #ifndef WOLFSSL_SNIFFER_NO_RECOVERY wc_FreeMutex(&RecoveryMutex); #endif -#ifndef HAVE_C___ATOMIC wc_FreeMutex(&SessionMutex); wc_FreeMutex(&ServerListMutex); +#ifdef WOLFSSL_SNIFFER_STATS + wc_FreeMutex(&StatsMutex); #endif -#endif /* !WOLFSSL_MUTEX_INITIALIZER */ +#endif /* !WOLFSSL_MUTEX_INITIALIZER && !SINGLE_THREADED */ #ifdef WOLF_CRYPTO_CB #ifdef HAVE_INTEL_QA_SYNC @@ -1914,10 +1929,14 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port, } #ifdef HAVE_SNI else { +#ifndef SINGLE_THREADED wc_LockMutex(&sniffer->namedKeysMutex); +#endif namedKey->next = sniffer->namedKeys; sniffer->namedKeys = namedKey; +#ifndef SINGLE_THREADED wc_UnLockMutex(&sniffer->namedKeysMutex); +#endif } #endif @@ -3956,7 +3975,9 @@ static int LoadNamedKey(SnifferSession* session, const byte* name, word16 nameSz WOLFSSL* ssl = session->sslServer; NamedKey* namedKey; +#ifndef SINGLE_THREADED wc_LockMutex(&session->context->namedKeysMutex); +#endif namedKey = session->context->namedKeys; while (namedKey != NULL) { if (nameSz == namedKey->nameSz && @@ -3984,7 +4005,9 @@ static int LoadNamedKey(SnifferSession* session, const byte* name, word16 nameSz } namedKey = namedKey->next; } +#ifndef SINGLE_THREADED wc_UnLockMutex(&session->context->namedKeysMutex); +#endif return ret; } #endif @@ -5057,26 +5080,15 @@ static void RemoveSession(SnifferSession* session, IpInfo* ipInfo, SnifferSession* previous = 0; SnifferSession* current; word32 row = rowHint; -#ifndef HAVE_C___ATOMIC - int haveLock = 0; -#endif Trace(REMOVE_SESSION_STR); if (ipInfo && tcpInfo) row = SessionHash(ipInfo, tcpInfo); -#ifndef HAVE_C___ATOMIC - else - haveLock = 1; -#endif if (row >= HASH_SIZE) return; -#ifndef HAVE_C___ATOMIC - if (!haveLock) { - LOCK_SESSION(); - } -#endif + LOCK_SESSION(); current = SessionTable[row]; @@ -5094,11 +5106,7 @@ static void RemoveSession(SnifferSession* session, IpInfo* ipInfo, current = current->next; } -#ifndef HAVE_C___ATOMIC - if (!haveLock) { - UNLOCK_SESSION(); - } -#endif + UNLOCK_SESSION(); } @@ -6907,9 +6915,13 @@ int ssl_GetSessionStats(unsigned int* active, unsigned int* total, if (missedData) { #ifndef WOLFSSL_SNIFFER_NO_RECOVERY + #ifndef SINGLE_THREADED wc_LockMutex(&RecoveryMutex); + #endif *missedData = MissedDataSessions; + #ifndef SINGLE_THREADED wc_UnLockMutex(&RecoveryMutex); + #endif #endif } @@ -6966,9 +6978,13 @@ int ssl_SetConnectionCtx(void* ctx) * returns 0 on success, -1 on error */ int ssl_ResetStatistics(void) { +#ifndef SINGLE_THREADED wc_LockMutex(&StatsMutex); +#endif XMEMSET(&SnifferStats, 0, sizeof(SSLStats)); +#ifndef SINGLE_THREADED wc_UnLockMutex(&StatsMutex); +#endif return 0; } @@ -7234,16 +7250,15 @@ typedef struct SecretNode { #define WOLFSSL_SNIFFER_KEYLOGFILE_HASH_TABLE_SIZE HASH_SIZE #endif -static THREAD_LS_T WOLFSSL_GLOBAL -SecretNode* +static WC_THREADSHARED SecretNode* secretHashTable[WOLFSSL_SNIFFER_KEYLOGFILE_HASH_TABLE_SIZE] = {NULL}; -#ifndef HAVE_C___ATOMIC -static WOLFSSL_GLOBAL wolfSSL_Mutex secretListMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(secretListMutex); +#ifndef SINGLE_THREADED +static WC_THREADSHARED wolfSSL_Mutex secretListMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(secretListMutex); #endif static unsigned int secretHashFunction(unsigned char* clientRandom); -#ifdef HAVE_C___ATOMIC +#ifdef SINGLE_THREADED #define LOCK_SECRET_LIST() WC_DO_NOTHING #define UNLOCK_SECRET_LIST() WC_DO_NOTHING #else diff --git a/src/ssl.c b/src/ssl.c index ded632e4f6..59c423ef2d 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1032,12 +1032,12 @@ int GetEchConfigsEx(WOLFSSL_EchConfig* configs, byte* output, word32* outputLen) #endif /* prevent multiple mutex initializations */ -static volatile WOLFSSL_GLOBAL int initRefCount = 0; +static volatile WC_THREADSHARED int initRefCount = 0; /* init ref count mutex */ -static WOLFSSL_GLOBAL wolfSSL_Mutex inits_count_mutex +static WC_THREADSHARED wolfSSL_Mutex inits_count_mutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(inits_count_mutex); #ifndef WOLFSSL_MUTEX_INITIALIZER -static WOLFSSL_GLOBAL volatile int inits_count_mutex_valid = 0; +static WC_THREADSHARED volatile int inits_count_mutex_valid = 0; #endif /* Create a new WOLFSSL_CTX struct and return the pointer to created struct. diff --git a/src/ssl_sess.c b/src/ssl_sess.c index 91f2c8473f..65f14e0e48 100644 --- a/src/ssl_sess.c +++ b/src/ssl_sess.c @@ -113,10 +113,10 @@ } SessionRow; #define SIZEOF_SESSION_ROW (sizeof(WOLFSSL_SESSION) + (sizeof(int) * 2)) - static WOLFSSL_GLOBAL SessionRow SessionCache[SESSION_ROWS]; + static WC_THREADSHARED SessionRow SessionCache[SESSION_ROWS]; #if defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS) - static WOLFSSL_GLOBAL word32 PeakSessions; + static WC_THREADSHARED word32 PeakSessions; #endif #ifdef ENABLE_SESSION_CACHE_ROW_LOCK @@ -124,8 +124,8 @@ #define SESSION_ROW_WR_LOCK(row) wc_LockRwLock_Wr(&(row)->row_lock) #define SESSION_ROW_UNLOCK(row) wc_UnLockRwLock(&(row)->row_lock); #else - static WOLFSSL_GLOBAL wolfSSL_RwLock session_lock; /* SessionCache lock */ - static WOLFSSL_GLOBAL int session_lock_valid = 0; + static WC_THREADSHARED wolfSSL_RwLock session_lock; /* SessionCache lock */ + static WC_THREADSHARED int session_lock_valid = 0; #define SESSION_ROW_RD_LOCK(row) wc_LockRwLock_Rd(&session_lock) #define SESSION_ROW_WR_LOCK(row) wc_LockRwLock_Wr(&session_lock) #define SESSION_ROW_UNLOCK(row) wc_UnLockRwLock(&session_lock); @@ -176,15 +176,15 @@ ClientSession Clients[CLIENT_SESSIONS_PER_ROW]; } ClientRow; - static WOLFSSL_GLOBAL ClientRow ClientCache[CLIENT_SESSION_ROWS]; + static WC_THREADSHARED ClientRow ClientCache[CLIENT_SESSION_ROWS]; /* Client Cache */ /* uses session mutex */ /* ClientCache mutex */ - static WOLFSSL_GLOBAL wolfSSL_Mutex clisession_mutex + static WC_THREADSHARED wolfSSL_Mutex clisession_mutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(clisession_mutex); #ifndef WOLFSSL_MUTEX_INITIALIZER - static WOLFSSL_GLOBAL int clisession_mutex_valid = 0; + static WC_THREADSHARED int clisession_mutex_valid = 0; #endif #endif /* !NO_CLIENT_CACHE */ diff --git a/wolfcrypt/src/cryptocb.c b/wolfcrypt/src/cryptocb.c index 4b903ddb7a..1ecc46cadb 100644 --- a/wolfcrypt/src/cryptocb.c +++ b/wolfcrypt/src/cryptocb.c @@ -65,7 +65,7 @@ typedef struct CryptoCb { CryptoDevCallbackFunc cb; void* ctx; } CryptoCb; -static WOLFSSL_GLOBAL CryptoCb gCryptoDev[MAX_CRYPTO_DEVID_CALLBACKS]; +static WC_THREADSHARED CryptoCb gCryptoDev[MAX_CRYPTO_DEVID_CALLBACKS]; #ifdef WOLF_CRYPTO_CB_FIND static CryptoDevCallbackFind CryptoCb_FindCb = NULL; diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c index e3f1547bec..ab0082e1e6 100644 --- a/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c +++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c @@ -56,7 +56,7 @@ extern FSPSM_CONFIG gFSPSM_cfg; #endif #if defined(WOLFSSL_RENESAS_FSPSM_ECC) -WOLFSSL_GLOBAL FSPSM_ST_PKC gPKCbInfo; +WC_THREADSHARED FSPSM_ST_PKC gPKCbInfo; #endif diff --git a/wolfcrypt/test/test.h b/wolfcrypt/test/test.h index 2584b12277..773733f09e 100644 --- a/wolfcrypt/test/test.h +++ b/wolfcrypt/test/test.h @@ -58,6 +58,8 @@ int wolf_test_task(void); #define WC_TEST_RET_TAG_ERRNO 2L #define WC_TEST_RET_TAG_I 3L +wc_static_assert(-(long)MIN_CODE_E < 0x7ffL); + #define WC_TEST_RET_ENC(line, i, tag) \ ((wc_test_ret_t)(-((wc_test_ret_t)(line) + ((wc_test_ret_t)((word32)(i) & 0x7ffL) * 100000L) + ((wc_test_ret_t)(tag) << 29L)))) diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 002e9d4053..21f4c00d3d 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -1299,9 +1299,9 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); /* By default, the OCTEON's global variables are all thread local. This * tag allows them to be shared between threads. */ #include "cvmx-platform.h" - #define WOLFSSL_GLOBAL CVMX_SHARED + #define WC_THREADSHARED CVMX_SHARED #else - #define WOLFSSL_GLOBAL + #define WC_THREADSHARED #endif #ifdef WOLFSSL_DSP