From 230ab8adb281aabc2d0ebf41ade5f2ec7f11e020 Mon Sep 17 00:00:00 2001 From: Peter Hartmann Date: Fri, 9 Jul 2010 10:11:13 +0200 Subject: Revert "SSL backend: load libraries for certificates only once" This reverts commit f2187e31de13a6ab8631a9067487dab555f7c2e7. Reviewed-by: Markus Goetz --- src/network/ssl/qsslsocket.cpp | 6 ++--- src/network/ssl/qsslsocket_openssl.cpp | 42 ++++++++++++++++------------------ src/network/ssl/qsslsocket_p.h | 11 +++++---- 3 files changed, 29 insertions(+), 30 deletions(-) diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp index 809e8aa..f85fa84 100644 --- a/src/network/ssl/qsslsocket.cpp +++ b/src/network/ssl/qsslsocket.cpp @@ -1849,7 +1849,7 @@ QList QSslSocketPrivate::defaultCiphers() */ QList QSslSocketPrivate::supportedCiphers() { - QSslSocketPrivate::ensureCertsAndCiphersLoaded(); + QSslSocketPrivate::ensureInitialized(); QMutexLocker locker(&globalData()->mutex); return globalData()->supportedCiphers; } @@ -1879,7 +1879,7 @@ void QSslSocketPrivate::setDefaultSupportedCiphers(const QList &ciph */ QList QSslSocketPrivate::defaultCaCertificates() { - QSslSocketPrivate::ensureCertsAndCiphersLoaded(); + QSslSocketPrivate::ensureInitialized(); QMutexLocker locker(&globalData()->mutex); return globalData()->config->caCertificates; } @@ -1962,7 +1962,7 @@ void QSslConfigurationPrivate::setDefaultConfiguration(const QSslConfiguration & */ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPrivate *ptr) { - QSslSocketPrivate::ensureCertsAndCiphersLoaded(); + QSslSocketPrivate::ensureInitialized(); QMutexLocker locker(&globalData()->mutex); const QSslConfigurationPrivate *global = globalData()->config.constData(); diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index b602b29..d7088ee 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -74,9 +74,8 @@ QT_BEGIN_NAMESPACE -bool QSslSocketPrivate::s_initialized = false; -QBasicAtomicInt QSslSocketPrivate::s_CertsAndCiphersLoaded; -Q_GLOBAL_STATIC(QMutex, s_CertsAndCiphersLoadedMutex); +bool QSslSocketPrivate::s_libraryLoaded = false; +bool QSslSocketPrivate::s_loadedCiphersAndCerts = false; // Useful defines #define SSL_ERRORSTR() QString::fromLocal8Bit(q_ERR_error_string(q_ERR_get_error(), NULL)) @@ -171,7 +170,7 @@ QSslSocketBackendPrivate::QSslSocketBackendPrivate() session(0) { // Calls SSL_library_init(). - ensureCertsAndCiphersLoaded(); + ensureInitialized(); } QSslSocketBackendPrivate::~QSslSocketBackendPrivate() @@ -422,18 +421,18 @@ void QSslSocketPrivate::deinitialize() bool QSslSocketPrivate::supportsSsl() { - return ensureInitialized(); + return ensureLibraryLoaded(); } -bool QSslSocketPrivate::ensureInitialized() +bool QSslSocketPrivate::ensureLibraryLoaded() { if (!q_resolveOpenSslSymbols()) return false; // Check if the library itself needs to be initialized. QMutexLocker locker(openssl_locks()->initLock()); - if (!s_initialized) { - s_initialized = true; + if (!s_libraryLoaded) { + s_libraryLoaded = true; // Initialize OpenSSL. q_CRYPTO_set_id_callback(id_function); @@ -474,6 +473,16 @@ bool QSslSocketPrivate::ensureInitialized() return true; } +void QSslSocketPrivate::ensureCiphersAndCertsLoaded() +{ + if (s_loadedCiphersAndCerts) + return; + s_loadedCiphersAndCerts = true; + + resetDefaultCiphers(); + setDefaultCaCertificates(systemCaCertificates()); +} + /*! \internal @@ -481,18 +490,13 @@ bool QSslSocketPrivate::ensureInitialized() been initialized. */ -void QSslSocketPrivate::ensureCertsAndCiphersLoaded() +void QSslSocketPrivate::ensureInitialized() { - // use double-checked locking to speed up this function - if (s_CertsAndCiphersLoaded) + if (!supportsSsl()) return; - QMutexLocker locker(s_CertsAndCiphersLoadedMutex()); - if (s_CertsAndCiphersLoaded) - return; + ensureCiphersAndCertsLoaded(); - if (!supportsSsl()) - return; //load symbols needed to receive certificates from system store #if defined(Q_OS_MAC) QLibrary securityLib("/System/Library/Frameworks/Security.framework/Versions/Current/Security"); @@ -528,12 +532,6 @@ void QSslSocketPrivate::ensureCertsAndCiphersLoaded() qWarning("could not load crypt32 library"); // should never happen } #endif - resetDefaultCiphers(); - setDefaultCaCertificates(systemCaCertificates()); - // we need to make sure that s_CertsAndCiphersLoaded is executed after the library loading above - // (the compiler/processor might reorder instructions otherwise) - if (!s_CertsAndCiphersLoaded.testAndSetRelease(0, 1)) - Q_ASSERT_X(false, "certificate store", "certificate store has already been initialized!"); } /*! diff --git a/src/network/ssl/qsslsocket_p.h b/src/network/ssl/qsslsocket_p.h index b474175..72b3ef7 100644 --- a/src/network/ssl/qsslsocket_p.h +++ b/src/network/ssl/qsslsocket_p.h @@ -63,7 +63,6 @@ #include #include -#include QT_BEGIN_NAMESPACE @@ -114,8 +113,7 @@ public: QString verificationPeerName; static bool supportsSsl(); - static bool ensureInitialized(); - static void ensureCertsAndCiphersLoaded(); + static void ensureInitialized(); static void deinitialize(); static QList defaultCiphers(); static QList supportedCiphers(); @@ -163,8 +161,11 @@ public: virtual QSslCipher sessionCipher() const = 0; private: - static bool s_initialized; - static QBasicAtomicInt s_CertsAndCiphersLoaded; + static bool ensureLibraryLoaded(); + static void ensureCiphersAndCertsLoaded(); + + static bool s_libraryLoaded; + static bool s_loadedCiphersAndCerts; }; QT_END_NAMESPACE -- cgit v0.12 From b1a52a071e3741d46df5c45423c6654d517ac4c2 Mon Sep 17 00:00:00 2001 From: Peter Hartmann Date: Fri, 9 Jul 2010 10:44:59 +0200 Subject: SSL library loading: load system libs only once ... and make the loading thread-safe. The global methods for loading the OpenSSL libraries and the system libraries are accessed from within different QSslSocket and QSslConfiguration instances, so they need to be thread-safe. Reviewed-by: Markus Goetz --- src/network/ssl/qsslsocket_openssl.cpp | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index d7088ee..b537582 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -475,27 +475,12 @@ bool QSslSocketPrivate::ensureLibraryLoaded() void QSslSocketPrivate::ensureCiphersAndCertsLoaded() { + QMutexLocker locker(openssl_locks()->initLock()); if (s_loadedCiphersAndCerts) return; s_loadedCiphersAndCerts = true; resetDefaultCiphers(); - setDefaultCaCertificates(systemCaCertificates()); -} - -/*! - \internal - - Declared static in QSslSocketPrivate, makes sure the SSL libraries have - been initialized. -*/ - -void QSslSocketPrivate::ensureInitialized() -{ - if (!supportsSsl()) - return; - - ensureCiphersAndCertsLoaded(); //load symbols needed to receive certificates from system store #if defined(Q_OS_MAC) @@ -532,6 +517,22 @@ void QSslSocketPrivate::ensureInitialized() qWarning("could not load crypt32 library"); // should never happen } #endif + setDefaultCaCertificates(systemCaCertificates()); +} + +/*! + \internal + + Declared static in QSslSocketPrivate, makes sure the SSL libraries have + been initialized. +*/ + +void QSslSocketPrivate::ensureInitialized() +{ + if (!supportsSsl()) + return; + + ensureCiphersAndCertsLoaded(); } /*! -- cgit v0.12