- thread safe SSL crypto locks, fixes bug #33760

author: Michael Wallner <mike@php.net> 2005-10-25 14:29:07 +0000
committer: Michael Wallner <mike@php.net> 2005-10-25 14:29:07 +0000
commit: 6cb40d4c481111fd8fee3754277ae86c35b7ffb2 (patch)
tree: 317d64e8a658e2f09d6905f1b3818a602f76632c /ext/curl
parent: 21f852eeb2714242cbb8f77c205b226ac97f4d48 (diff)
download: php-git-6cb40d4c481111fd8fee3754277ae86c35b7ffb2.tar.gz
3 files changed, 183 insertions, 2 deletions
diff --git a/ext/curl/config.m4 b/ext/curl/config.m4
index 0c091cbeb2..e0ef2b388f 100644
--- a/ext/curl/config.m4
+++ b/ext/curl/config.m4
@@ -48,6 +48,38 @@ if test "$PHP_CURL" != "no"; then
   else
     AC_MSG_ERROR(cURL version 7.10.5 or later is required to compile php with cURL support)
   fi
+  
+  AC_MSG_CHECKING([for SSL support in libcurl])
+  CURL_SSL=`$CURL_CONFIG --features | $EGREP SSL`
+  if test "$CURL_SSL" == "SSL"; then
+    AC_MSG_RESULT([yes])
+    AC_DEFINE([HAVE_CURL_SSL], [1], [Have cURL with  SSL support])
+
+    AC_MSG_CHECKING([for SSL library used])
+    CURL_SSL_FLAVOUR=
+    for i in $CURL_LIBS; do
+      if test "$i" == "-lssl"; then
+        CURL_SSL_FLAVOUR="openssl"
+        AC_MSG_RESULT([openssl])
+        AC_DEFINE([HAVE_CURL_OPENSSL], [1], [Have cURL with OpenSSL support])
+        AC_CHECK_HEADERS([openssl/crypto.h])
+        break
+      elif test "$i" == "-lgnutls"; then
+        CURL_SSL_FLAVOUR="gnutls"
+        AC_MSG_RESULT([gnutls])
+        AC_DEFINE([HAVE_CURL_GNUTLS], [1], [Have cURL with GnuTLS support])
+        AC_CHECK_HEADERS([gcrypt.h])
+        break
+      fi
+    done
+    if test -z "$CURL_SSL_FLAVOUR"; then
+      AC_MSG_RESULT([unknown!])
+      AC_MSG_WARN([Could not determine the type of SSL library used!])
+      AC_MSG_WARN([Building will fail in ZTS mode!])
+    fi
+  else
+    AC_MSG_RESULT([no])
+  fi
 
   PHP_ADD_INCLUDE($CURL_DIR/include)
   PHP_EVAL_LIBLINE($CURL_LIBS, CURL_SHARED_LIBADD)
diff --git a/ext/curl/config.w32 b/ext/curl/config.w32
index c2e41ba9c7..b4444190c8 100644
--- a/ext/curl/config.w32
+++ b/ext/curl/config.w32
@@ -12,6 +12,7 @@ if (PHP_CURL != "no") {
 			CHECK_LIB("winmm.lib", "curl", PHP_CURL)) {
 		EXTENSION("curl", "interface.c multi.c streams.c");
 		AC_DEFINE('HAVE_CURL', 1, 'Have CURL library');
+		AC_DEFINE('HAVE_CURL_SSL', 1, 'Have SSL suppurt in CURL');
 		// TODO: check for curl_version_info
 		// AC_DEFINE('PHP_CURL_URL_WRAPPERS', 0, 'Use curl for URL wrappers [experimental]');
 	} else {
diff --git a/ext/curl/interface.c b/ext/curl/interface.c
index ace8a5a9f5..4c1934c505 100644
--- a/ext/curl/interface.c
+++ b/ext/curl/interface.c
@@ -44,6 +44,45 @@
 #define HttpPost curl_httppost
 #endif
 
+/* {{{ cruft for thread safe SSL crypto locks */
+#if defined(ZTS) && defined(HAVE_CURL_SSL)
+#	ifdef PHP_WIN32
+#		define PHP_CURL_NEED_SSL_TSL
+#		define PHP_CURL_NEED_OPENSSL_TSL
+#		include <openssl/crypto.h>
+#	else /* !PHP_WIN32 */
+#		if defined(HAVE_CURL_OPENSSL)
+#			if defined(HAVE_OPENSSL_CRYPTO_H)
+#				define PHP_CURL_NEED_SSL_TSL
+#				define PHP_CURL_NEED_OPENSSL_TSL
+#				include <openssl/crypto.h>
+#			else
+#				warning \
+					"libcurl was compiled with OpenSSL support, but configure could not find " \
+					"openssl/crypto.h; thus no SSL crypto locking callbacks will be set, which may " \
+					"cause random crashes on SSL requests"
+#			endif
+#		elif defined(HAVE_CURL_GNUTLS)
+#			if defined(HAVE_GCRYPT_H)
+#				define PHP_CURL_NEED_SSL_TSL
+#				define PHP_CURL_NEED_GNUTLS_TSL
+#				include <gcrypt.h>
+#			else
+#				warning \
+					"libcurl was compiled with GnuTLS support, but configure could not find " \
+					"gcrypt.h; thus no SSL crypto locking callbacks will be set, which may " \
+					"cause random crashes on SSL requests"
+#			endif
+#		else
+#			warning \
+				"libcurl was compiled with SSL support, but configure could not determine which" \
+				"library was used; thus no SSL crypto locking callbacks will be set, which may " \
+				"cause random crashes on SSL requests"
+#		endif /* HAVE_CURL_OPENSSL || HAVE_CURL_GNUTLS */
+#	endif /* PHP_WIN32 */
+#endif /* ZTS && HAVE_CURL_SSL */
+/* }}} */
+
 #define SMART_STR_PREALLOC 4096
 
 #include "ext/standard/php_smart_str.h"
@@ -55,6 +94,11 @@
 int  le_curl;
 int  le_curl_multi_handle;
 
+#ifdef PHP_CURL_NEED_SSL_TSL
+static inline void php_curl_ssl_init(void);
+static inline void php_curl_ssl_cleanup(void);
+#endif
+
 static void _php_curl_close(zend_rsrc_list_entry *rsrc TSRMLS_DC);
 
 #define SAVE_CURL_ERROR(__handle, __err) (__handle)->err.no = (int) __err;
@@ -405,6 +449,9 @@ PHP_MINIT_FUNCTION(curl)
 	REGISTER_CURL_CONSTANT(CURLFTPAUTH_TLS);
 #endif
 
+#ifdef PHP_CURL_NEED_SSL_TSL
+	php_curl_ssl_init();
+#endif
 	if (curl_global_init(CURL_GLOBAL_SSL) != CURLE_OK) {
 		return FAILURE;
 	}
@@ -442,7 +489,9 @@ PHP_MSHUTDOWN_FUNCTION(curl)
 	php_unregister_url_stream_wrapper("ldap" TSRMLS_CC);
 #endif
 	curl_global_cleanup();
-
+#ifdef PHP_CURL_NEED_SSL_TSL
+	php_curl_ssl_cleanup();
+#endif
 	return SUCCESS;
 }
 /* }}} */
@@ -1634,7 +1683,106 @@ static void _php_curl_close(zend_rsrc_list_entry *rsrc TSRMLS_DC)
 }	
 /* }}} */
 
-#endif
+#ifdef PHP_CURL_NEED_OPENSSL_TSL
+/* {{{ */
+static MUTEX_T *php_curl_openssl_tsl = NULL;
+
+static void php_curl_ssl_lock(int mode, int n, const char * file, int line)
+{
+	if (mode & CRYPTO_LOCK) {
+		tsrm_mutex_lock(php_curl_openssl_tsl[n]);
+	} else {
+		tsrm_mutex_unlock(php_curl_openssl_tsl[n]);
+	}
+}
+
+static unsigned long php_curl_ssl_id(void)
+{
+	return (unsigned long) tsrm_thread_id();
+}
+
+static inline void php_curl_ssl_init(void)
+{
+	int i, c = CRYPTO_num_locks();
+	
+	php_curl_openssl_tsl = malloc(c * sizeof(MUTEX_T));
+	
+	for (i = 0; i < c; ++i) {
+		php_curl_openssl_tsl[i] = tsrm_mutex_alloc();
+	}
+	
+	CRYPTO_set_id_callback(php_curl_ssl_id);
+	CRYPTO_set_locking_callback(php_curl_ssl_lock);
+}
+
+static inline void php_curl_ssl_cleanup(void)
+{
+	if (php_curl_openssl_tsl) {
+		int i, c = CRYPTO_num_locks();
+		
+		CRYPTO_set_id_callback(NULL);
+		CRYPTO_set_locking_callback(NULL);
+		
+		for (i = 0; i < c; ++i) {
+			tsrm_mutex_free(php_curl_openssl_tsl[i]);
+		}
+		
+		free(php_curl_openssl_tsl);
+		php_curl_openssl_tsl = NULL;
+	}
+}
+#endif /* PHP_CURL_NEED_OPENSSL_TSL */
+/* }}} */
+
+#ifdef PHP_CURL_NEED_GNUTLS_TSL
+/* {{{ */
+static int php_curl_ssl_mutex_create(void **m)
+{
+	if (*((MUTEX_T *) m) = tsrm_mutex_alloc()) {
+		return SUCCESS;
+	} else {
+		return FAILURE;
+	}
+}
+
+static int php_curl_ssl_mutex_destroy(void **m)
+{
+	tsrm_mutex_free(*((MUTEX_T *) m));
+	return SUCCESS;
+}
+
+static int php_curl_ssl_mutex_lock(void **m)
+{
+	return tsrm_mutex_lock(*((MUTEX_T *) m));
+}
+
+static int php_curl_ssl_mutex_unlock(void **m)
+{
+	return tsrm_mutex_unlock(*((MUTEX_T *) m));
+}
+
+static struct gcry_thread_cbs php_curl_gnutls_tsl = {
+	GCRY_THREAD_OPTIONS_USER,
+	NULL,
+	php_curl_ssl_mutex_create,
+	php_curl_ssl_mutex_destroy,
+	php_curl_ssl_mutex_lock,
+	php_curl_ssl_mutex_unlock
+};
+
+static inline void php_curl_ssl_init(void)
+{
+	gcry_control(GCRYCTL_SET_THREAD_CBS, &php_curl_gnutls_tsl);
+}
+
+static inline void php_curl_ssl_cleanup(void)
+{
+	return;
+}
+#endif /* PHP_CURL_NEED_GNUTLS_TSL */
+/* }}} */
+
+#endif /* HAVE_CURL */
 
 /*
  * Local variables:
author	Michael Wallner <mike@php.net>	2005-10-25 14:29:07 +0000
committer	Michael Wallner <mike@php.net>	2005-10-25 14:29:07 +0000
commit	6cb40d4c481111fd8fee3754277ae86c35b7ffb2 (patch)
tree	317d64e8a658e2f09d6905f1b3818a602f76632c /ext/curl
parent	21f852eeb2714242cbb8f77c205b226ac97f4d48 (diff)
download	php-git-6cb40d4c481111fd8fee3754277ae86c35b7ffb2.tar.gz