Extract the non-generic part of tor_tls_context_decref().

This commit is contained in:
Nick Mathewson 2018-08-12 17:54:06 -04:00
parent 96f8e19802
commit 108d9879eb
4 changed files with 42 additions and 19 deletions

View File

@ -35,6 +35,25 @@ tor_tls_context_incref(tor_tls_context_t *ctx)
++ctx->refcnt;
}
/** Remove a reference to <b>ctx</b>, and free it if it has no more
* references. */
void
tor_tls_context_decref(tor_tls_context_t *ctx)
{
tor_assert(ctx);
if (--ctx->refcnt == 0) {
tor_tls_context_impl_free(ctx->ctx);
tor_x509_cert_free(ctx->my_link_cert);
tor_x509_cert_free(ctx->my_id_cert);
tor_x509_cert_free(ctx->my_auth_cert);
crypto_pk_free(ctx->link_key);
crypto_pk_free(ctx->auth_key);
/* LCOV_EXCL_BR_START since ctx will never be NULL here */
tor_free(ctx);
/* LCOV_EXCL_BR_STOP */
}
}
/** Free all global TLS structures. */
void
tor_tls_free_all(void)

View File

@ -28,6 +28,13 @@ int tor_tls_context_init_one(tor_tls_context_t **ppcontext,
unsigned int flags,
int is_client);
#ifdef ENABLE_OPENSSL
void tor_tls_context_impl_free(struct ssl_ctx_st *);
#else
struct ssl_ctx_st; // XXXX replace
void tor_tls_context_impl_free(struct ssl_ctx_st *);
#endif
#ifdef ENABLE_OPENSSL
tor_tls_t *tor_tls_get_by_ssl(const struct ssl_st *ssl);
int tor_tls_client_is_using_v2_ciphers(const struct ssl_st *ssl);

View File

@ -85,6 +85,13 @@ tor_tls_context_init_one(tor_tls_context_t **ppcontext,
// XXXX
return -1;
}
void
tor_tls_context_impl_free(struct ssl_ctx_st *ctx)
{
(void)ctx;
// XXXX
// XXXX openssl type.
}
void
tor_tls_get_state_description(tor_tls_t *tls, char *buf, size_t sz)

View File

@ -30,6 +30,7 @@
#include "lib/crypt_ops/crypto_util.h"
#include "lib/crypt_ops/compat_openssl.h"
#include "lib/tls/x509.h"
#include "lib/tls/x509_internal.h"
/* Some versions of OpenSSL declare SSL_get_selected_srtp_profile twice in
* srtp.h. Suppress the GCC warning so we can build with -Wredundant-decl. */
@ -488,25 +489,6 @@ static const char CLIENT_CIPHER_LIST[] =
#undef CIPHER
#undef XCIPHER
/** Remove a reference to <b>ctx</b>, and free it if it has no more
* references. */
void
tor_tls_context_decref(tor_tls_context_t *ctx)
{
tor_assert(ctx);
if (--ctx->refcnt == 0) {
SSL_CTX_free(ctx->ctx);
tor_x509_cert_free(ctx->my_link_cert);
tor_x509_cert_free(ctx->my_id_cert);
tor_x509_cert_free(ctx->my_auth_cert);
crypto_pk_free(ctx->link_key);
crypto_pk_free(ctx->auth_key);
/* LCOV_EXCL_BR_START since ctx will never be NULL here */
tor_free(ctx);
/* LCOV_EXCL_BR_STOP */
}
}
/** Set *<b>link_cert_out</b> and *<b>id_cert_out</b> to the link certificate
* and ID certificate that we're currently using for our V3 in-protocol
* handshake's certificate chain. If <b>server</b> is true, provide the certs
@ -599,6 +581,14 @@ tor_tls_context_init_one(tor_tls_context_t **ppcontext,
return ((new_ctx != NULL) ? 0 : -1);
}
void
tor_tls_context_impl_free(struct ssl_ctx_st *ctx)
{
if (!ctx)
return;
SSL_CTX_free(ctx);
}
/** The group we should use for ecdhe when none was selected. */
#define NID_tor_default_ecdhe_group NID_X9_62_prime256v1