diff options
| -rw-r--r-- | src/lib/libtls/tls.c | 13 | ||||
| -rw-r--r-- | src/lib/libtls/tls_config.c | 7 | ||||
| -rw-r--r-- | src/lib/libtls/tls_internal.h | 4 | ||||
| -rw-r--r-- | src/lib/libtls/tls_server.c | 4 |
4 files changed, 22 insertions, 6 deletions
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c index 446f93430d..b639873df4 100644 --- a/src/lib/libtls/tls.c +++ b/src/lib/libtls/tls.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls.c,v 1.61 2017/04/05 03:19:22 beck Exp $ */ | 1 | /* $OpenBSD: tls.c,v 1.62 2017/05/06 20:59:28 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -50,6 +50,8 @@ tls_init(void) | |||
| 50 | if ((tls_config_default = tls_config_new()) == NULL) | 50 | if ((tls_config_default = tls_config_new()) == NULL) |
| 51 | return (-1); | 51 | return (-1); |
| 52 | 52 | ||
| 53 | tls_config_default->refcount++; | ||
| 54 | |||
| 53 | tls_initialised = 1; | 55 | tls_initialised = 1; |
| 54 | 56 | ||
| 55 | return (0); | 57 | return (0); |
| @@ -230,9 +232,8 @@ tls_new(void) | |||
| 230 | if ((ctx = calloc(1, sizeof(*ctx))) == NULL) | 232 | if ((ctx = calloc(1, sizeof(*ctx))) == NULL) |
| 231 | return (NULL); | 233 | return (NULL); |
| 232 | 234 | ||
| 233 | ctx->config = tls_config_default; | ||
| 234 | |||
| 235 | tls_reset(ctx); | 235 | tls_reset(ctx); |
| 236 | tls_configure(ctx, tls_config_default); | ||
| 236 | 237 | ||
| 237 | return (ctx); | 238 | return (ctx); |
| 238 | } | 239 | } |
| @@ -243,6 +244,9 @@ tls_configure(struct tls *ctx, struct tls_config *config) | |||
| 243 | if (config == NULL) | 244 | if (config == NULL) |
| 244 | config = tls_config_default; | 245 | config = tls_config_default; |
| 245 | 246 | ||
| 247 | config->refcount++; | ||
| 248 | |||
| 249 | tls_config_free(ctx->config); | ||
| 246 | ctx->config = config; | 250 | ctx->config = config; |
| 247 | 251 | ||
| 248 | if ((ctx->flags & TLS_SERVER) != 0) | 252 | if ((ctx->flags & TLS_SERVER) != 0) |
| @@ -521,6 +525,9 @@ tls_reset(struct tls *ctx) | |||
| 521 | { | 525 | { |
| 522 | struct tls_sni_ctx *sni, *nsni; | 526 | struct tls_sni_ctx *sni, *nsni; |
| 523 | 527 | ||
| 528 | tls_config_free(ctx->config); | ||
| 529 | ctx->config = NULL; | ||
| 530 | |||
| 524 | SSL_CTX_free(ctx->ssl_ctx); | 531 | SSL_CTX_free(ctx->ssl_ctx); |
| 525 | SSL_free(ctx->ssl_conn); | 532 | SSL_free(ctx->ssl_conn); |
| 526 | X509_free(ctx->ssl_peer_cert); | 533 | X509_free(ctx->ssl_peer_cert); |
diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c index 3945da75ac..8f0bd70508 100644 --- a/src/lib/libtls/tls_config.c +++ b/src/lib/libtls/tls_config.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls_config.c,v 1.39 2017/05/02 03:59:45 deraadt Exp $ */ | 1 | /* $OpenBSD: tls_config.c,v 1.40 2017/05/06 20:59:28 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -207,6 +207,8 @@ tls_config_new(void) | |||
| 207 | if ((config->keypair = tls_keypair_new()) == NULL) | 207 | if ((config->keypair = tls_keypair_new()) == NULL) |
| 208 | goto err; | 208 | goto err; |
| 209 | 209 | ||
| 210 | config->refcount = 1; | ||
| 211 | |||
| 210 | /* | 212 | /* |
| 211 | * Default configuration. | 213 | * Default configuration. |
| 212 | */ | 214 | */ |
| @@ -252,6 +254,9 @@ tls_config_free(struct tls_config *config) | |||
| 252 | if (config == NULL) | 254 | if (config == NULL) |
| 253 | return; | 255 | return; |
| 254 | 256 | ||
| 257 | if (--config->refcount > 0) | ||
| 258 | return; | ||
| 259 | |||
| 255 | for (kp = config->keypair; kp != NULL; kp = nkp) { | 260 | for (kp = config->keypair; kp != NULL; kp = nkp) { |
| 256 | nkp = kp->next; | 261 | nkp = kp->next; |
| 257 | tls_keypair_free(kp); | 262 | tls_keypair_free(kp); |
diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h index 0c8e8c1d21..ba007a6714 100644 --- a/src/lib/libtls/tls_internal.h +++ b/src/lib/libtls/tls_internal.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls_internal.h,v 1.58 2017/05/04 11:31:45 claudio Exp $ */ | 1 | /* $OpenBSD: tls_internal.h,v 1.59 2017/05/06 20:59:28 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> | 3 | * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> |
| 4 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 4 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| @@ -75,6 +75,8 @@ struct tls_ticket_key { | |||
| 75 | struct tls_config { | 75 | struct tls_config { |
| 76 | struct tls_error error; | 76 | struct tls_error error; |
| 77 | 77 | ||
| 78 | int refcount; | ||
| 79 | |||
| 78 | char *alpn; | 80 | char *alpn; |
| 79 | size_t alpn_len; | 81 | size_t alpn_len; |
| 80 | const char *ca_path; | 82 | const char *ca_path; |
diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c index 39c6ca79e9..abac01ca5c 100644 --- a/src/lib/libtls/tls_server.c +++ b/src/lib/libtls/tls_server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls_server.c,v 1.36 2017/04/10 17:11:13 jsing Exp $ */ | 1 | /* $OpenBSD: tls_server.c,v 1.37 2017/05/06 20:59:28 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -48,6 +48,8 @@ tls_server_conn(struct tls *ctx) | |||
| 48 | return (NULL); | 48 | return (NULL); |
| 49 | 49 | ||
| 50 | conn_ctx->flags |= TLS_SERVER_CONN; | 50 | conn_ctx->flags |= TLS_SERVER_CONN; |
| 51 | |||
| 52 | ctx->config->refcount++; | ||
| 51 | conn_ctx->config = ctx->config; | 53 | conn_ctx->config = ctx->config; |
| 52 | 54 | ||
| 53 | return (conn_ctx); | 55 | return (conn_ctx); |