diff --git a/configure.ac b/configure.ac index 11c5bd149..a4ccb5ce0 100644 --- a/configure.ac +++ b/configure.ac @@ -6,7 +6,7 @@ # # -AC_INIT([wolfssl],[3.7.1],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) +AC_INIT([wolfssl],[3.7.2],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) diff --git a/examples/server/server.c b/examples/server/server.c index 1808240a8..20c53ab45 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -266,6 +266,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) int throughput = 0; int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS; int doListen = 1; + int crlFlags = 0; int ret; char* alpnList = NULL; unsigned char alpn_opt = 0; @@ -309,6 +310,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) (void)minDhKeyBits; (void)alpnList; (void)alpn_opt; + (void)crlFlags; #ifdef CYASSL_TIRTOS fdOpenSession(Task_self()); @@ -709,10 +711,16 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) wolfSSL_SetHsDoneCb(ssl, myHsDoneCb, NULL); #endif #ifdef HAVE_CRL - CyaSSL_EnableCRL(ssl, 0); - CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, CYASSL_CRL_MONITOR | - CYASSL_CRL_START_MON); - CyaSSL_SetCRL_Cb(ssl, CRL_CallBack); +#ifdef HAVE_CRL_MONITOR + crlFlags = CYASSL_CRL_MONITOR | CYASSL_CRL_START_MON; +#endif + if (CyaSSL_EnableCRL(ssl, 0) != SSL_SUCCESS) + err_sys("unable to enable CRL"); + if (CyaSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, crlFlags) + != SSL_SUCCESS) + err_sys("unable to load CRL"); + if (CyaSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS) + err_sys("unable to set CRL callback url"); #endif #ifdef HAVE_OCSP if (useOcsp) { diff --git a/src/crl.c b/src/crl.c index 51bff821a..244a686f7 100644 --- a/src/crl.c +++ b/src/crl.c @@ -55,8 +55,10 @@ int InitCRL(WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm) crl->monitors[0].path = NULL; crl->monitors[1].path = NULL; #ifdef HAVE_CRL_MONITOR - crl->tid = 0; - crl->mfd = -1; /* mfd for bsd is kqueue fd, eventfd for linux */ + crl->tid = 0; + crl->mfd = -1; /* mfd for bsd is kqueue fd, eventfd for linux */ + crl->setup = 0; /* thread setup done predicate */ + pthread_cond_init(&crl->cond, 0); #endif if (InitMutex(&crl->crlLock) != 0) return BAD_MUTEX_E; @@ -120,7 +122,7 @@ void FreeCRL(WOLFSSL_CRL* crl, int dynamic) FreeCRL_Entry(tmp); XFREE(tmp, NULL, DYNAMIC_TYPE_CRL_ENTRY); tmp = next; - } + } #ifdef HAVE_CRL_MONITOR if (crl->tid != 0) { @@ -128,10 +130,10 @@ void FreeCRL(WOLFSSL_CRL* crl, int dynamic) if (StopMonitor(crl->mfd) == 0) pthread_join(crl->tid, NULL); else { - WOLFSSL_MSG("stop monitor failed, cancel instead"); - pthread_cancel(crl->tid); + WOLFSSL_MSG("stop monitor failed"); } } + pthread_cond_destroy(&crl->cond); #endif FreeMutex(&crl->crlLock); if (dynamic) /* free self */ @@ -324,6 +326,24 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type) #ifdef HAVE_CRL_MONITOR +/* Signal Monitor thread is setup, save status to setup flag, 0 on success */ +static int SignalSetup(WOLFSSL_CRL* crl, int status) +{ + /* signal to calling thread we're setup */ + if (LockMutex(&crl->crlLock) != 0) { + WOLFSSL_MSG("LockMutex crlLock failed"); + return BAD_MUTEX_E; + } + + crl->setup = status; + pthread_cond_signal(&crl->cond); + + UnLockMutex(&crl->crlLock); + + return 0; +} + + /* read in new CRL entries and save new list */ static int SwapLists(WOLFSSL_CRL* crl) { @@ -451,6 +471,7 @@ static void* DoMonitor(void* arg) crl->mfd = kqueue(); if (crl->mfd == -1) { WOLFSSL_MSG("kqueue failed"); + SignalSetup(crl, MONITOR_SETUP_E); return NULL; } @@ -458,6 +479,7 @@ static void* DoMonitor(void* arg) EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, EV_ADD, 0, 0, NULL); if (kevent(crl->mfd, &change, 1, NULL, 0, NULL) < 0) { WOLFSSL_MSG("kevent monitor customer event failed"); + SignalSetup(crl, MONITOR_SETUP_E); close(crl->mfd); return NULL; } @@ -469,6 +491,7 @@ static void* DoMonitor(void* arg) fPEM = open(crl->monitors[0].path, XEVENT_MODE); if (fPEM == -1) { WOLFSSL_MSG("PEM event dir open failed"); + SignalSetup(crl, MONITOR_SETUP_E); close(crl->mfd); return NULL; } @@ -479,6 +502,7 @@ static void* DoMonitor(void* arg) if (fDER == -1) { WOLFSSL_MSG("DER event dir open failed"); close(crl->mfd); + SignalSetup(crl, MONITOR_SETUP_E); return NULL; } } @@ -491,6 +515,10 @@ static void* DoMonitor(void* arg) EV_SET(&change, fDER, EVFILT_VNODE, EV_ADD | EV_ENABLE | EV_ONESHOT, NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_ATTRIB, 0, 0); + /* signal to calling thread we're setup */ + if (SignalSetup(crl, 1) != 0) + return NULL; + for (;;) { struct kevent event; int numEvents = kevent(crl->mfd, &change, 1, &event, 1, NULL); @@ -571,6 +599,7 @@ static void* DoMonitor(void* arg) crl->mfd = eventfd(0, 0); /* our custom shutdown event */ if (crl->mfd < 0) { WOLFSSL_MSG("eventfd failed"); + SignalSetup(crl, MONITOR_SETUP_E); return NULL; } @@ -578,6 +607,7 @@ static void* DoMonitor(void* arg) if (notifyFd < 0) { WOLFSSL_MSG("inotify failed"); close(crl->mfd); + SignalSetup(crl, MONITOR_SETUP_E); return NULL; } @@ -588,6 +618,7 @@ static void* DoMonitor(void* arg) WOLFSSL_MSG("PEM notify add watch failed"); close(crl->mfd); close(notifyFd); + SignalSetup(crl, MONITOR_SETUP_E); return NULL; } } @@ -599,6 +630,7 @@ static void* DoMonitor(void* arg) WOLFSSL_MSG("DER notify add watch failed"); close(crl->mfd); close(notifyFd); + SignalSetup(crl, MONITOR_SETUP_E); return NULL; } } @@ -609,6 +641,10 @@ static void* DoMonitor(void* arg) return NULL; #endif + /* signal to calling thread we're setup */ + if (SignalSetup(crl, 1) != 0) + return NULL; + for (;;) { fd_set readfds; int result; @@ -666,26 +702,43 @@ static void* DoMonitor(void* arg) /* Start Monitoring the CRL path(s) in a thread */ static int StartMonitorCRL(WOLFSSL_CRL* crl) { - pthread_attr_t attr; + int ret = SSL_SUCCESS; WOLFSSL_ENTER("StartMonitorCRL"); - if (crl == NULL) + if (crl == NULL) return BAD_FUNC_ARG; if (crl->tid != 0) { WOLFSSL_MSG("Monitor thread already running"); - return MONITOR_RUNNING_E; + return ret; /* that's ok, someone already started */ } - pthread_attr_init(&attr); - - if (pthread_create(&crl->tid, &attr, DoMonitor, crl) != 0) { + if (pthread_create(&crl->tid, NULL, DoMonitor, crl) != 0) { WOLFSSL_MSG("Thread creation error"); return THREAD_CREATE_E; } - return SSL_SUCCESS; + /* wait for setup to complete */ + if (LockMutex(&crl->crlLock) != 0) { + WOLFSSL_MSG("LockMutex crlLock error"); + return BAD_MUTEX_E; + } + + while (crl->setup == 0) + pthread_cond_wait(&crl->cond, &crl->crlLock); + + if (crl->setup < 0) + ret = crl->setup; /* store setup error */ + + UnLockMutex(&crl->crlLock); + + if (ret < 0) { + WOLFSSL_MSG("DoMonitor setup failure"); + crl->tid = 0; /* thread already done */ + } + + return ret; } diff --git a/src/internal.c b/src/internal.c index 31a7d943f..2487af3b7 100644 --- a/src/internal.c +++ b/src/internal.c @@ -8626,8 +8626,8 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) case CRL_MISSING: return "CRL missing, not loaded"; - case MONITOR_RUNNING_E: - return "CRL monitor already running"; + case MONITOR_SETUP_E: + return "CRL monitor setup error"; case THREAD_CREATE_E: return "Thread creation problem"; diff --git a/support/wolfssl.pc b/support/wolfssl.pc index 8e2be0eab..ac202dc30 100644 --- a/support/wolfssl.pc +++ b/support/wolfssl.pc @@ -5,6 +5,6 @@ includedir=${prefix}/include Name: wolfssl Description: wolfssl C library. -Version: 3.7.1 +Version: 3.7.2 Libs: -L${libdir} -lwolfssl Cflags: -I${includedir} diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h index bfccee9cd..5ebd28cd3 100644 --- a/wolfssl/error-ssl.h +++ b/wolfssl/error-ssl.h @@ -94,7 +94,7 @@ enum wolfSSL_ErrorCodes { OCSP_CERT_REVOKED = -360, /* OCSP Certificate revoked */ CRL_CERT_REVOKED = -361, /* CRL Certificate revoked */ CRL_MISSING = -362, /* CRL Not loaded */ - MONITOR_RUNNING_E = -363, /* CRL Monitor already running */ + MONITOR_SETUP_E = -363, /* CRL Monitor setup error */ THREAD_CREATE_E = -364, /* Thread Create Error */ OCSP_NEED_URL = -365, /* OCSP need an URL for lookup */ OCSP_CERT_UNKNOWN = -366, /* OCSP responder doesn't know */ diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 76f7f108a..c688843cb 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1339,12 +1339,14 @@ struct CRL_Monitor { /* wolfSSL CRL controller */ struct WOLFSSL_CRL { WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */ - CRL_Entry* crlList; /* our CRL list */ + CRL_Entry* crlList; /* our CRL list */ wolfSSL_Mutex crlLock; /* CRL list lock */ - CRL_Monitor monitors[2]; /* PEM and DER possible */ + CRL_Monitor monitors[2]; /* PEM and DER possible */ #ifdef HAVE_CRL_MONITOR - pthread_t tid; /* monitoring thread */ - int mfd; /* monitor fd, -1 if no init yet */ + pthread_cond_t cond; /* condition to signal setup */ + pthread_t tid; /* monitoring thread */ + int mfd; /* monitor fd, -1 if no init yet */ + int setup; /* thread is setup predicate */ #endif }; diff --git a/wolfssl/version.h b/wolfssl/version.h index 0a963865f..cd01ec856 100644 --- a/wolfssl/version.h +++ b/wolfssl/version.h @@ -26,8 +26,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "3.7.1" -#define LIBWOLFSSL_VERSION_HEX 0x03007001 +#define LIBWOLFSSL_VERSION_STRING "3.7.2" +#define LIBWOLFSSL_VERSION_HEX 0x03007002 #ifdef __cplusplus }