From 7d324d6b4a253e59f811b823131fa480dca49d94 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sat, 6 May 2017 20:59:28 +0000 Subject: Perform reference counting for tls_config. This allows tls_config_free() to be called as soon as it has been passed to the final tls_configure() call, simplifying lifetime tracking for the application. Requested some time ago by tedu@. ok beck@ --- src/lib/libtls/tls.c | 13 ++++++++++--- src/lib/libtls/tls_config.c | 7 ++++++- src/lib/libtls/tls_internal.h | 4 +++- src/lib/libtls/tls_server.c | 4 +++- 4 files changed, 22 insertions(+), 6 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c index 446f93430d..b639873df4 100644 --- a/src/lib/libtls/tls.c +++ b/src/lib/libtls/tls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls.c,v 1.61 2017/04/05 03:19:22 beck Exp $ */ +/* $OpenBSD: tls.c,v 1.62 2017/05/06 20:59:28 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -50,6 +50,8 @@ tls_init(void) if ((tls_config_default = tls_config_new()) == NULL) return (-1); + tls_config_default->refcount++; + tls_initialised = 1; return (0); @@ -230,9 +232,8 @@ tls_new(void) if ((ctx = calloc(1, sizeof(*ctx))) == NULL) return (NULL); - ctx->config = tls_config_default; - tls_reset(ctx); + tls_configure(ctx, tls_config_default); return (ctx); } @@ -243,6 +244,9 @@ tls_configure(struct tls *ctx, struct tls_config *config) if (config == NULL) config = tls_config_default; + config->refcount++; + + tls_config_free(ctx->config); ctx->config = config; if ((ctx->flags & TLS_SERVER) != 0) @@ -521,6 +525,9 @@ tls_reset(struct tls *ctx) { struct tls_sni_ctx *sni, *nsni; + tls_config_free(ctx->config); + ctx->config = NULL; + SSL_CTX_free(ctx->ssl_ctx); SSL_free(ctx->ssl_conn); X509_free(ctx->ssl_peer_cert); diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c index 3945da75ac..8f0bd70508 100644 --- a/src/lib/libtls/tls_config.c +++ b/src/lib/libtls/tls_config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_config.c,v 1.39 2017/05/02 03:59:45 deraadt Exp $ */ +/* $OpenBSD: tls_config.c,v 1.40 2017/05/06 20:59:28 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -207,6 +207,8 @@ tls_config_new(void) if ((config->keypair = tls_keypair_new()) == NULL) goto err; + config->refcount = 1; + /* * Default configuration. */ @@ -252,6 +254,9 @@ tls_config_free(struct tls_config *config) if (config == NULL) return; + if (--config->refcount > 0) + return; + for (kp = config->keypair; kp != NULL; kp = nkp) { nkp = kp->next; tls_keypair_free(kp); diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h index 0c8e8c1d21..ba007a6714 100644 --- a/src/lib/libtls/tls_internal.h +++ b/src/lib/libtls/tls_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_internal.h,v 1.58 2017/05/04 11:31:45 claudio Exp $ */ +/* $OpenBSD: tls_internal.h,v 1.59 2017/05/06 20:59:28 jsing Exp $ */ /* * Copyright (c) 2014 Jeremie Courreges-Anglas * Copyright (c) 2014 Joel Sing @@ -75,6 +75,8 @@ struct tls_ticket_key { struct tls_config { struct tls_error error; + int refcount; + char *alpn; size_t alpn_len; const char *ca_path; diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c index 39c6ca79e9..abac01ca5c 100644 --- a/src/lib/libtls/tls_server.c +++ b/src/lib/libtls/tls_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_server.c,v 1.36 2017/04/10 17:11:13 jsing Exp $ */ +/* $OpenBSD: tls_server.c,v 1.37 2017/05/06 20:59:28 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -48,6 +48,8 @@ tls_server_conn(struct tls *ctx) return (NULL); conn_ctx->flags |= TLS_SERVER_CONN; + + ctx->config->refcount++; conn_ctx->config = ctx->config; return (conn_ctx); -- cgit v1.2.3-55-g6feb