commit 108d9879eb814bc06095a1819d98b1c7c9a38e88 Author: Nick Mathewson nickm@torproject.org Date: Sun Aug 12 17:54:06 2018 -0400

Extract the non-generic part of tor_tls_context_decref(). --- src/lib/tls/tortls.c | 19 +++++++++++++++++++ src/lib/tls/tortls_internal.h | 7 +++++++ src/lib/tls/tortls_nss.c | 7 +++++++ src/lib/tls/tortls_openssl.c | 28 +++++++++------------------- 4 files changed, 42 insertions(+), 19 deletions(-)

diff --git a/src/lib/tls/tortls.c b/src/lib/tls/tortls.c index 4b35177df..395f0148e 100644 --- a/src/lib/tls/tortls.c +++ b/src/lib/tls/tortls.c @@ -35,6 +35,25 @@ tor_tls_context_incref(tor_tls_context_t *ctx) ++ctx->refcnt; }

+/** Remove a reference to <b>ctx</b>, and free it if it has no more + * references. */ +void +tor_tls_context_decref(tor_tls_context_t *ctx) +{ + tor_assert(ctx); + if (--ctx->refcnt == 0) { + tor_tls_context_impl_free(ctx->ctx); + tor_x509_cert_free(ctx->my_link_cert); + tor_x509_cert_free(ctx->my_id_cert); + tor_x509_cert_free(ctx->my_auth_cert); + crypto_pk_free(ctx->link_key); + crypto_pk_free(ctx->auth_key); + /* LCOV_EXCL_BR_START since ctx will never be NULL here */ + tor_free(ctx); + /* LCOV_EXCL_BR_STOP */ + } +} + /** Free all global TLS structures. */ void tor_tls_free_all(void) diff --git a/src/lib/tls/tortls_internal.h b/src/lib/tls/tortls_internal.h index c58379e19..b997ee3e4 100644 --- a/src/lib/tls/tortls_internal.h +++ b/src/lib/tls/tortls_internal.h @@ -29,6 +29,13 @@ int tor_tls_context_init_one(tor_tls_context_t **ppcontext, int is_client);

#ifdef ENABLE_OPENSSL +void tor_tls_context_impl_free(struct ssl_ctx_st *); +#else +struct ssl_ctx_st; // XXXX replace +void tor_tls_context_impl_free(struct ssl_ctx_st *); +#endif + +#ifdef ENABLE_OPENSSL tor_tls_t *tor_tls_get_by_ssl(const struct ssl_st *ssl); int tor_tls_client_is_using_v2_ciphers(const struct ssl_st *ssl); void tor_tls_debug_state_callback(const struct ssl_st *ssl, diff --git a/src/lib/tls/tortls_nss.c b/src/lib/tls/tortls_nss.c index 98fecdaf1..3ab5c753d 100644 --- a/src/lib/tls/tortls_nss.c +++ b/src/lib/tls/tortls_nss.c @@ -85,6 +85,13 @@ tor_tls_context_init_one(tor_tls_context_t **ppcontext, // XXXX return -1; } +void +tor_tls_context_impl_free(struct ssl_ctx_st *ctx) +{ + (void)ctx; + // XXXX + // XXXX openssl type. +}

void tor_tls_get_state_description(tor_tls_t *tls, char *buf, size_t sz) diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c index 333b86481..5f5431235 100644 --- a/src/lib/tls/tortls_openssl.c +++ b/src/lib/tls/tortls_openssl.c @@ -30,6 +30,7 @@ #include "lib/crypt_ops/crypto_util.h" #include "lib/crypt_ops/compat_openssl.h" #include "lib/tls/x509.h" +#include "lib/tls/x509_internal.h"

/* Some versions of OpenSSL declare SSL_get_selected_srtp_profile twice in * srtp.h. Suppress the GCC warning so we can build with -Wredundant-decl. */ @@ -488,25 +489,6 @@ static const char CLIENT_CIPHER_LIST[] = #undef CIPHER #undef XCIPHER

-/** Remove a reference to <b>ctx</b>, and free it if it has no more - * references. */ -void -tor_tls_context_decref(tor_tls_context_t *ctx) -{ - tor_assert(ctx); - if (--ctx->refcnt == 0) { - SSL_CTX_free(ctx->ctx); - tor_x509_cert_free(ctx->my_link_cert); - tor_x509_cert_free(ctx->my_id_cert); - tor_x509_cert_free(ctx->my_auth_cert); - crypto_pk_free(ctx->link_key); - crypto_pk_free(ctx->auth_key); - /* LCOV_EXCL_BR_START since ctx will never be NULL here */ - tor_free(ctx); - /* LCOV_EXCL_BR_STOP */ - } -} - /** Set *<b>link_cert_out</b> and *<b>id_cert_out</b> to the link certificate * and ID certificate that we're currently using for our V3 in-protocol * handshake's certificate chain. If <b>server</b> is true, provide the certs @@ -599,6 +581,14 @@ tor_tls_context_init_one(tor_tls_context_t **ppcontext, return ((new_ctx != NULL) ? 0 : -1); }

+void +tor_tls_context_impl_free(struct ssl_ctx_st *ctx) +{ + if (!ctx) + return; + SSL_CTX_free(ctx); +} + /** The group we should use for ecdhe when none was selected. */ #define NID_tor_default_ecdhe_group NID_X9_62_prime256v1