security: turn BSecurity_GlobalInit into BSecurity_GlobalInitThreadSafe

client/client.c

@@ -441,9 +441,11 @@ int main (int argc, char *argv[])
     }
     
     // init BSecurity
-    if (!BSecurity_GlobalInit(BThreadWorkDispatcher_UsingThreads(&twd))) {
-        BLog(BLOG_ERROR, "BSecurity_GlobalInit failed");
-        goto fail2b;
+    if (BThreadWorkDispatcher_UsingThreads(&twd)) {
+        if (!BSecurity_GlobalInitThreadSafe()) {
+            BLog(BLOG_ERROR, "BSecurity_GlobalInitThreadSafe failed");
+            goto fail2b;
+        }
     }
     
     if (options.ssl) {
@@ -622,7 +624,9 @@ fail3:
         ASSERT_FORCE(PR_Cleanup() == PR_SUCCESS)
         PL_ArenaFinish();
     }
-    BSecurity_GlobalFree();
+    if (BThreadWorkDispatcher_UsingThreads(&twd)) {
+        BSecurity_GlobalFreeThreadSafe();
+    }
 fail2b:
     BThreadWorkDispatcher_Free(&twd);
 fail2a:

security/BSecurity.c

@@ -34,7 +34,6 @@
 #include <security/BSecurity.h>
 
 int bsecurity_initialized = 0;
-int bsecurity_use_threads;
 
 #ifdef BADVPN_THREADWORK_USE_PTHREAD
 pthread_mutex_t *bsecurity_locks;
@@ -46,7 +45,6 @@ int bsecurity_num_locks;
 static unsigned long id_callback (void)
 {
     ASSERT(bsecurity_initialized)
-    ASSERT(bsecurity_use_threads)
     
     return (unsigned long)pthread_self();
 }
@@ -54,7 +52,6 @@ static unsigned long id_callback (void)
 static void locking_callback (int mode, int type, const char *file, int line)
 {
     ASSERT(bsecurity_initialized)
-    ASSERT(bsecurity_use_threads)
     ASSERT(type >= 0)
     ASSERT(type < bsecurity_num_locks)
     
@@ -67,44 +64,37 @@ static void locking_callback (int mode, int type, const char *file, int line)
 
 #endif
 
-int BSecurity_GlobalInit (int use_threads)
+int BSecurity_GlobalInitThreadSafe (void)
 {
-    ASSERT(use_threads == 0 || use_threads == 1)
     ASSERT(!bsecurity_initialized)
     
     #ifdef BADVPN_THREADWORK_USE_PTHREAD
     
-    if (use_threads) {
-        // get number of locks
-        int num_locks = CRYPTO_num_locks();
-        ASSERT_FORCE(num_locks >= 0)
-        
-        // alloc locks array
-        if (!(bsecurity_locks = BAllocArray(num_locks, sizeof(bsecurity_locks[0])))) {
-            goto fail0;
-        }
-        
-        // init locks
-        bsecurity_num_locks = 0;
-        for (int i = 0; i < num_locks; i++) {
-            if (pthread_mutex_init(&bsecurity_locks[i], NULL) != 0) {
-                goto fail1;
-            }
-            bsecurity_num_locks++;
+    // get number of locks
+    int num_locks = CRYPTO_num_locks();
+    ASSERT_FORCE(num_locks >= 0)
+    
+    // alloc locks array
+    if (!(bsecurity_locks = BAllocArray(num_locks, sizeof(bsecurity_locks[0])))) {
+        goto fail0;
+    }
+    
+    // init locks
+    bsecurity_num_locks = 0;
+    for (int i = 0; i < num_locks; i++) {
+        if (pthread_mutex_init(&bsecurity_locks[i], NULL) != 0) {
+            goto fail1;
         }
+        bsecurity_num_locks++;
     }
     
     #endif
     
     bsecurity_initialized = 1;
-    bsecurity_use_threads = use_threads;
     
     #ifdef BADVPN_THREADWORK_USE_PTHREAD
-    // set callbacks
-    if (use_threads) {
-        CRYPTO_set_id_callback(id_callback);
-        CRYPTO_set_locking_callback(locking_callback);
-    }
+    CRYPTO_set_id_callback(id_callback);
+    CRYPTO_set_locking_callback(locking_callback);
     #endif
     
     return 1;
@@ -121,35 +111,32 @@ fail0:
     #endif
 }
 
-void BSecurity_GlobalFree (void)
+void BSecurity_GlobalFreeThreadSafe (void)
 {
     ASSERT(bsecurity_initialized)
     
     #ifdef BADVPN_THREADWORK_USE_PTHREAD
     
-    if (bsecurity_use_threads) {
-        // remove callbacks
-        CRYPTO_set_locking_callback(NULL);
-        CRYPTO_set_id_callback(NULL);
-        
-        // free locks
-        while (bsecurity_num_locks > 0) {
-            ASSERT_FORCE(pthread_mutex_destroy(&bsecurity_locks[bsecurity_num_locks - 1]) == 0)
-            bsecurity_num_locks--;
-        }
-        
-        // free locks array
-        BFree(bsecurity_locks);
+    // remove callbacks
+    CRYPTO_set_locking_callback(NULL);
+    CRYPTO_set_id_callback(NULL);
+    
+    // free locks
+    while (bsecurity_num_locks > 0) {
+        ASSERT_FORCE(pthread_mutex_destroy(&bsecurity_locks[bsecurity_num_locks - 1]) == 0)
+        bsecurity_num_locks--;
     }
     
+    // free locks array
+    BFree(bsecurity_locks);
+    
     #endif
     
     bsecurity_initialized = 0;
 }
 
-void BSecurity_GlobalAssert (int need_threads)
+void BSecurity_GlobalAssertThreadSafe (int thread_safe)
 {
-    ASSERT(need_threads == 0 || need_threads == 1)
-    ASSERT(bsecurity_initialized)
-    ASSERT(!(need_threads) || bsecurity_use_threads)
+    ASSERT(thread_safe == 0 || thread_safe == 1)
+    ASSERT(!(thread_safe) || bsecurity_initialized)
 }

security/BSecurity.h

@@ -28,28 +28,26 @@
 #define BADVPN_SECURITY_BSECURITY_H
 
 /**
- * Initializes security functions.
- * Security must not be initialized.
+ * Initializes thread safety for security functions.
+ * Thread safety must not be initialized.
  * 
- * @param use_threads whether the application may call security functions
- *                    from different threads. Must be 0 or 1.
  * @return 1 on success, 0 on failure
  */
-int BSecurity_GlobalInit (int use_threads);
+int BSecurity_GlobalInitThreadSafe (void);
 
 /**
- * Deinitializes security functions.
- * Security must be initialized.
+ * Deinitializes thread safety for security functions.
+ * Thread safety must be initialized.
  */
-void BSecurity_GlobalFree (void);
+void BSecurity_GlobalFreeThreadSafe (void);
 
 /**
- * Asserts that {@link BSecurity_GlobalInit} was done, and that it was
- * done with use_threads=1 if need_threads=1.
+ * Asserts that {@link BSecurity_GlobalInitThreadSafe} was done,
+ * if thread_safe=1.
  * 
- * @param need_threads whether the application may call security functions
- *                     from different threads. Must be 0 or 1.
+ * @param thread_safe whether thread safety is to be asserted.
+ *                    Must be 0 or 1.
  */
-void BSecurity_GlobalAssert (int need_threads);
+void BSecurity_GlobalAssertThreadSafe (int thread_safe);
 
 #endif