mike Wed Nov 2 10:03:37 2005 EDT
Modified files: (Branch: PHP_4_4)
/php-src NEWS
/php-src/ext/curl config.m4 curl.c
Log:
- MFH: thread safe SSL crypto locks, fixes bug #33760
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.920.2.64&r2=1.1247.2.920.2.65&ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.64 php-src/NEWS:1.1247.2.920.2.65
--- php-src/NEWS:1.1247.2.920.2.64 Mon Oct 31 18:47:24 2005
+++ php-src/NEWS Wed Nov 2 10:03:33 2005
@@ -4,6 +4,8 @@
- Missing safe_mode/open_basedir check in cURL extension. (Ilia)
- Fixed bug #34996 (ImageTrueColorToPalette() crashes when ncolors is
zero). (Tony)
+- Fixed bug #33760 (cURL needs to implement CRYPTO_callback functions to
prevent
+ locking). (Mike)
31 Oct 2005, Version 4.4.1
- Added missing safe_mode checks for image* functions and cURL. (Ilia)
http://cvs.php.net/diff.php/php-src/ext/curl/config.m4?r1=1.20.2.2&r2=1.20.2.2.2.1&ty=u
Index: php-src/ext/curl/config.m4
diff -u php-src/ext/curl/config.m4:1.20.2.2
php-src/ext/curl/config.m4:1.20.2.2.2.1
--- php-src/ext/curl/config.m4:1.20.2.2 Wed Feb 9 11:23:49 2005
+++ php-src/ext/curl/config.m4 Wed Nov 2 10:03:36 2005
@@ -1,5 +1,5 @@
dnl
-dnl $Id: config.m4,v 1.20.2.2 2005/02/09 16:23:49 rasmus Exp $
+dnl $Id: config.m4,v 1.20.2.2.2.1 2005/11/02 15:03:36 mike Exp $
dnl
PHP_ARG_WITH(curl, for CURL support,
@@ -48,6 +48,38 @@
else
AC_MSG_ERROR(cURL version 7.9.8 or later is required to compile php with
cURL support)
fi
+
+ AC_MSG_CHECKING([for SSL support in libcurl])
+ CURL_SSL=`$CURL_CONFIG --features | $EGREP SSL`
+ if test "$CURL_SSL" == "SSL"; then
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([HAVE_CURL_SSL], [1], [Have cURL with SSL support])
+
+ AC_MSG_CHECKING([for SSL library used])
+ CURL_SSL_FLAVOUR=
+ for i in $CURL_LIBS; do
+ if test "$i" == "-lssl"; then
+ CURL_SSL_FLAVOUR="openssl"
+ AC_MSG_RESULT([openssl])
+ AC_DEFINE([HAVE_CURL_OPENSSL], [1], [Have cURL with OpenSSL support])
+ AC_CHECK_HEADERS([openssl/crypto.h])
+ break
+ elif test "$i" == "-lgnutls"; then
+ CURL_SSL_FLAVOUR="gnutls"
+ AC_MSG_RESULT([gnutls])
+ AC_DEFINE([HAVE_CURL_GNUTLS], [1], [Have cURL with GnuTLS support])
+ AC_CHECK_HEADERS([gcrypt.h])
+ break
+ fi
+ done
+ if test -z "$CURL_SSL_FLAVOUR"; then
+ AC_MSG_RESULT([unknown!])
+ AC_MSG_WARN([Could not determine the type of SSL library used!])
+ AC_MSG_WARN([Building will fail in ZTS mode!])
+ fi
+ else
+ AC_MSG_RESULT([no])
+ fi
PHP_ADD_INCLUDE($CURL_DIR/include)
PHP_EVAL_LIBLINE($CURL_LIBS, CURL_SHARED_LIBADD)
http://cvs.php.net/diff.php/php-src/ext/curl/curl.c?r1=1.124.2.30.2.4&r2=1.124.2.30.2.5&ty=u
Index: php-src/ext/curl/curl.c
diff -u php-src/ext/curl/curl.c:1.124.2.30.2.4
php-src/ext/curl/curl.c:1.124.2.30.2.5
--- php-src/ext/curl/curl.c:1.124.2.30.2.4 Mon Oct 31 18:47:21 2005
+++ php-src/ext/curl/curl.c Wed Nov 2 10:03:36 2005
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: curl.c,v 1.124.2.30.2.4 2005/10/31 23:47:21 iliaa Exp $ */
+/* $Id: curl.c,v 1.124.2.30.2.5 2005/11/02 15:03:36 mike Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -45,6 +45,45 @@
#define HttpPost curl_httppost
#endif
+/* {{{ cruft for thread safe SSL crypto locks */
+#if defined(ZTS) && defined(HAVE_CURL_SSL)
+# ifdef PHP_WIN32
+# define PHP_CURL_NEED_SSL_TSL
+# define PHP_CURL_NEED_OPENSSL_TSL
+# include <openssl/crypto.h>
+# else /* !PHP_WIN32 */
+# if defined(HAVE_CURL_OPENSSL)
+# if defined(HAVE_OPENSSL_CRYPTO_H)
+# define PHP_CURL_NEED_SSL_TSL
+# define PHP_CURL_NEED_OPENSSL_TSL
+# include <openssl/crypto.h>
+# else
+# warning \
+ "libcurl was compiled with OpenSSL support, but configure could not find
" \
+ "openssl/crypto.h; thus no SSL crypto locking callbacks will be set,
which may " \
+ "cause random crashes on SSL requests"
+# endif
+# elif defined(HAVE_CURL_GNUTLS)
+# if defined(HAVE_GCRYPT_H)
+# define PHP_CURL_NEED_SSL_TSL
+# define PHP_CURL_NEED_GNUTLS_TSL
+# include <gcrypt.h>
+# else
+# warning \
+ "libcurl was compiled with GnuTLS support, but configure could not find "
\
+ "gcrypt.h; thus no SSL crypto locking callbacks will be set, which may " \
+ "cause random crashes on SSL requests"
+# endif
+# else
+# warning \
+ "libcurl was compiled with SSL support, but configure could not determine
which" \
+ "library was used; thus no SSL crypto locking callbacks will be set, which
may " \
+ "cause random crashes on SSL requests"
+# endif /* HAVE_CURL_OPENSSL || HAVE_CURL_GNUTLS */
+# endif /* PHP_WIN32 */
+#endif /* ZTS && HAVE_CURL_SSL */
+/* }}} */
+
#define SMART_STR_PREALLOC 4096
#include "ext/standard/php_smart_str.h"
@@ -56,6 +95,11 @@
static int le_curl;
#define le_curl_name "cURL handle"
+#ifdef PHP_CURL_NEED_SSL_TSL
+static inline void php_curl_ssl_init(void);
+static inline void php_curl_ssl_cleanup(void);
+#endif
+
static void _php_curl_close(zend_rsrc_list_entry *rsrc TSRMLS_DC);
#define SAVE_CURL_ERROR(__handle, __err) (__handle)->err.no = (int) __err;
@@ -364,6 +408,9 @@
REGISTER_CURL_CONSTANT(CURL_HTTP_VERSION_1_0);
REGISTER_CURL_CONSTANT(CURL_HTTP_VERSION_1_1);
+#ifdef PHP_CURL_NEED_SSL_TSL
+ php_curl_ssl_init();
+#endif
if (curl_global_init(CURL_GLOBAL_SSL) != CURLE_OK) {
return FAILURE;
@@ -391,7 +438,9 @@
php_unregister_url_stream_wrapper("ldap" TSRMLS_CC);
#endif
curl_global_cleanup();
-
+#ifdef PHP_CURL_NEED_SSL_TSL
+ php_curl_ssl_cleanup();
+#endif
return SUCCESS;
}
/* }}} */
@@ -1389,7 +1438,106 @@
}
/* }}} */
-#endif
+#ifdef PHP_CURL_NEED_OPENSSL_TSL
+/* {{{ */
+static MUTEX_T *php_curl_openssl_tsl = NULL;
+
+static void php_curl_ssl_lock(int mode, int n, const char * file, int line)
+{
+ if (mode & CRYPTO_LOCK) {
+ tsrm_mutex_lock(php_curl_openssl_tsl[n]);
+ } else {
+ tsrm_mutex_unlock(php_curl_openssl_tsl[n]);
+ }
+}
+
+static unsigned long php_curl_ssl_id(void)
+{
+ return (unsigned long) tsrm_thread_id();
+}
+
+static inline void php_curl_ssl_init(void)
+{
+ int i, c = CRYPTO_num_locks();
+
+ php_curl_openssl_tsl = malloc(c * sizeof(MUTEX_T));
+
+ for (i = 0; i < c; ++i) {
+ php_curl_openssl_tsl[i] = tsrm_mutex_alloc();
+ }
+
+ CRYPTO_set_id_callback(php_curl_ssl_id);
+ CRYPTO_set_locking_callback(php_curl_ssl_lock);
+}
+
+static inline void php_curl_ssl_cleanup(void)
+{
+ if (php_curl_openssl_tsl) {
+ int i, c = CRYPTO_num_locks();
+
+ CRYPTO_set_id_callback(NULL);
+ CRYPTO_set_locking_callback(NULL);
+
+ for (i = 0; i < c; ++i) {
+ tsrm_mutex_free(php_curl_openssl_tsl[i]);
+ }
+
+ free(php_curl_openssl_tsl);
+ php_curl_openssl_tsl = NULL;
+ }
+}
+#endif /* PHP_CURL_NEED_OPENSSL_TSL */
+/* }}} */
+
+#ifdef PHP_CURL_NEED_GNUTLS_TSL
+/* {{{ */
+static int php_curl_ssl_mutex_create(void **m)
+{
+ if (*((MUTEX_T *) m) = tsrm_mutex_alloc()) {
+ return SUCCESS;
+ } else {
+ return FAILURE;
+ }
+}
+
+static int php_curl_ssl_mutex_destroy(void **m)
+{
+ tsrm_mutex_free(*((MUTEX_T *) m));
+ return SUCCESS;
+}
+
+static int php_curl_ssl_mutex_lock(void **m)
+{
+ return tsrm_mutex_lock(*((MUTEX_T *) m));
+}
+
+static int php_curl_ssl_mutex_unlock(void **m)
+{
+ return tsrm_mutex_unlock(*((MUTEX_T *) m));
+}
+
+static struct gcry_thread_cbs php_curl_gnutls_tsl = {
+ GCRY_THREAD_OPTIONS_USER,
+ NULL,
+ php_curl_ssl_mutex_create,
+ php_curl_ssl_mutex_destroy,
+ php_curl_ssl_mutex_lock,
+ php_curl_ssl_mutex_unlock
+};
+
+static inline void php_curl_ssl_init(void)
+{
+ gcry_control(GCRYCTL_SET_THREAD_CBS, &php_curl_gnutls_tsl);
+}
+
+static inline void php_curl_ssl_cleanup(void)
+{
+ return;
+}
+#endif /* PHP_CURL_NEED_GNUTLS_TSL */
+/* }}} */
+
+#endif /* HAVE_CURL */
/*
* Local variables:
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
