[tor-commits] [tor/master] Extract the non-generic part of tor_tls_context_decref().

Wed Sep 5 00:47:14 UTC 2018

commit 108d9879eb814bc06095a1819d98b1c7c9a38e88
Author: Nick Mathewson <nickm at torproject.org>
Date:   Sun Aug 12 17:54:06 2018 -0400

    Extract the non-generic part of tor_tls_context_decref().
---
 src/lib/tls/tortls.c          | 19 +++++++++++++++++++
 src/lib/tls/tortls_internal.h |  7 +++++++
 src/lib/tls/tortls_nss.c      |  7 +++++++
 src/lib/tls/tortls_openssl.c  | 28 +++++++++-------------------
 4 files changed, 42 insertions(+), 19 deletions(-)

diff --git a/src/lib/tls/tortls.c b/src/lib/tls/tortls.c
index 4b35177df..395f0148e 100644
--- a/src/lib/tls/tortls.c
+++ b/src/lib/tls/tortls.c
@@ -35,6 +35,25 @@ tor_tls_context_incref(tor_tls_context_t *ctx)
   ++ctx->refcnt;
 }
 
+/** Remove a reference to <b>ctx</b>, and free it if it has no more
+ * references. */
+void
+tor_tls_context_decref(tor_tls_context_t *ctx)
+{
+  tor_assert(ctx);
+  if (--ctx->refcnt == 0) {
+    tor_tls_context_impl_free(ctx->ctx);
+    tor_x509_cert_free(ctx->my_link_cert);
+    tor_x509_cert_free(ctx->my_id_cert);
+    tor_x509_cert_free(ctx->my_auth_cert);
+    crypto_pk_free(ctx->link_key);
+    crypto_pk_free(ctx->auth_key);
+    /* LCOV_EXCL_BR_START since ctx will never be NULL here */
+    tor_free(ctx);
+    /* LCOV_EXCL_BR_STOP */
+  }
+}
+
 /** Free all global TLS structures. */
 void
 tor_tls_free_all(void)
diff --git a/src/lib/tls/tortls_internal.h b/src/lib/tls/tortls_internal.h
index c58379e19..b997ee3e4 100644
--- a/src/lib/tls/tortls_internal.h
+++ b/src/lib/tls/tortls_internal.h
@@ -29,6 +29,13 @@ int tor_tls_context_init_one(tor_tls_context_t **ppcontext,
                              int is_client);
 
 #ifdef ENABLE_OPENSSL
+void tor_tls_context_impl_free(struct ssl_ctx_st *);
+#else
+struct ssl_ctx_st; // XXXX replace
+void tor_tls_context_impl_free(struct ssl_ctx_st *);
+#endif
+
+#ifdef ENABLE_OPENSSL
 tor_tls_t *tor_tls_get_by_ssl(const struct ssl_st *ssl);
 int tor_tls_client_is_using_v2_ciphers(const struct ssl_st *ssl);
 void tor_tls_debug_state_callback(const struct ssl_st *ssl,
diff --git a/src/lib/tls/tortls_nss.c b/src/lib/tls/tortls_nss.c
index 98fecdaf1..3ab5c753d 100644
--- a/src/lib/tls/tortls_nss.c
+++ b/src/lib/tls/tortls_nss.c
@@ -85,6 +85,13 @@ tor_tls_context_init_one(tor_tls_context_t **ppcontext,
   // XXXX
   return -1;
 }
+void
+tor_tls_context_impl_free(struct ssl_ctx_st *ctx)
+{
+  (void)ctx;
+  // XXXX
+  // XXXX openssl type.
+}
 
 void
 tor_tls_get_state_description(tor_tls_t *tls, char *buf, size_t sz)
diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c
index 333b86481..5f5431235 100644
--- a/src/lib/tls/tortls_openssl.c
+++ b/src/lib/tls/tortls_openssl.c
@@ -30,6 +30,7 @@
 #include "lib/crypt_ops/crypto_util.h"
 #include "lib/crypt_ops/compat_openssl.h"
 #include "lib/tls/x509.h"
+#include "lib/tls/x509_internal.h"
 
 /* Some versions of OpenSSL declare SSL_get_selected_srtp_profile twice in
  * srtp.h. Suppress the GCC warning so we can build with -Wredundant-decl. */
@@ -488,25 +489,6 @@ static const char CLIENT_CIPHER_LIST[] =
 #undef CIPHER
 #undef XCIPHER
 
-/** Remove a reference to <b>ctx</b>, and free it if it has no more
- * references. */
-void
-tor_tls_context_decref(tor_tls_context_t *ctx)
-{
-  tor_assert(ctx);
-  if (--ctx->refcnt == 0) {
-    SSL_CTX_free(ctx->ctx);
-    tor_x509_cert_free(ctx->my_link_cert);
-    tor_x509_cert_free(ctx->my_id_cert);
-    tor_x509_cert_free(ctx->my_auth_cert);
-    crypto_pk_free(ctx->link_key);
-    crypto_pk_free(ctx->auth_key);
-    /* LCOV_EXCL_BR_START since ctx will never be NULL here */
-    tor_free(ctx);
-    /* LCOV_EXCL_BR_STOP */
-  }
-}
-
 /** Set *<b>link_cert_out</b> and *<b>id_cert_out</b> to the link certificate
  * and ID certificate that we're currently using for our V3 in-protocol
  * handshake's certificate chain.  If <b>server</b> is true, provide the certs
@@ -599,6 +581,14 @@ tor_tls_context_init_one(tor_tls_context_t **ppcontext,
   return ((new_ctx != NULL) ? 0 : -1);
 }
 
+void
+tor_tls_context_impl_free(struct ssl_ctx_st *ctx)
+{
+  if (!ctx)
+    return;
+  SSL_CTX_free(ctx);
+}
+
 /** The group we should use for ecdhe when none was selected. */
 #define  NID_tor_default_ecdhe_group NID_X9_62_prime256v1
 



