Repository: trafficserver Updated Branches: refs/heads/master 966353bc9 -> 29d72d393
TS-3554: Had to rearrange functions so the test_certlookup program would link with additional release method. Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/29d72d39 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/29d72d39 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/29d72d39 Branch: refs/heads/master Commit: 29d72d393aa31950a173e43c26f0798efdc77127 Parents: 966353b Author: shinrich <[email protected]> Authored: Tue Apr 28 15:21:58 2015 -0500 Committer: shinrich <[email protected]> Committed: Tue Apr 28 15:23:54 2015 -0500 ---------------------------------------------------------------------- iocore/net/P_SSLCertLookup.h | 3 +++ iocore/net/SSLCertLookup.cc | 39 ++++++++++++++++++++++++++++++++++++++ iocore/net/SSLUtils.cc | 40 +-------------------------------------- 3 files changed, 43 insertions(+), 39 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/29d72d39/iocore/net/P_SSLCertLookup.h ---------------------------------------------------------------------- diff --git a/iocore/net/P_SSLCertLookup.h b/iocore/net/P_SSLCertLookup.h index ebac339..b3591ec 100644 --- a/iocore/net/P_SSLCertLookup.h +++ b/iocore/net/P_SSLCertLookup.h @@ -109,4 +109,7 @@ struct SSLCertLookup : public ConfigInfo { virtual ~SSLCertLookup(); }; +void ticket_block_free(void *ptr); +ssl_ticket_key_block *ticket_block_alloc(unsigned count); + #endif /* __P_SSLCERTLOOKUP_H__ */ http://git-wip-us.apache.org/repos/asf/trafficserver/blob/29d72d39/iocore/net/SSLCertLookup.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLCertLookup.cc b/iocore/net/SSLCertLookup.cc index 2e40208..071b2db 100644 --- a/iocore/net/SSLCertLookup.cc +++ b/iocore/net/SSLCertLookup.cc @@ -133,6 +133,45 @@ private: int store(SSLCertContext const &cc); }; +// Zero out and free the heap space allocated for ticket keys to avoid leaking secrets. +// The first several bytes stores the number of keys and the rest stores the ticket keys. +void +ticket_block_free(void *ptr) +{ + if (ptr) { + ssl_ticket_key_block *key_block_ptr = (ssl_ticket_key_block *)ptr; + unsigned num_ticket_keys = key_block_ptr->num_keys; + memset(ptr, 0, sizeof(ssl_ticket_key_block) + num_ticket_keys * sizeof(ssl_ticket_key_t)); + } + ats_free(ptr); +} + +ssl_ticket_key_block * +ticket_block_alloc(unsigned count) +{ + ssl_ticket_key_block *ptr; + size_t nbytes = sizeof(ssl_ticket_key_block) + count * sizeof(ssl_ticket_key_t); + + ptr = (ssl_ticket_key_block *)ats_malloc(nbytes); + memset(ptr, 0, nbytes); + ptr->num_keys = count; + + return ptr; +} + +void +SSLCertContext::release() +{ + if (keyblock) { + ticket_block_free(keyblock); + keyblock = NULL; + } + if (ctx) { + SSL_CTX_free(ctx); + ctx = NULL; + } +} + SSLCertLookup::SSLCertLookup() : ssl_storage(new SSLContextStorage()), ssl_default(NULL), is_valid(true) { } http://git-wip-us.apache.org/repos/asf/trafficserver/blob/29d72d39/iocore/net/SSLUtils.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc index 64d98e8..76727c5 100644 --- a/iocore/net/SSLUtils.cc +++ b/iocore/net/SSLUtils.cc @@ -116,47 +116,9 @@ static int ssl_callback_session_ticket(SSL *, unsigned char *, unsigned char *, #if HAVE_OPENSSL_SESSION_TICKETS static int ssl_session_ticket_index = -1; +#endif -// Zero out and free the heap space allocated for ticket keys to avoid leaking secrets. -// The first several bytes stores the number of keys and the rest stores the ticket keys. -static void -ticket_block_free(void *ptr) -{ - if (ptr) { - ssl_ticket_key_block *key_block_ptr = (ssl_ticket_key_block *)ptr; - unsigned num_ticket_keys = key_block_ptr->num_keys; - memset(ptr, 0, sizeof(ssl_ticket_key_block) + num_ticket_keys * sizeof(ssl_ticket_key_t)); - } - ats_free(ptr); -} - -void SSLCertContext::release() -{ - if (keyblock) { - ticket_block_free(keyblock); - keyblock = NULL; - } - if (ctx) { - SSL_CTX_free(ctx); - ctx = NULL; - } -} - -static ssl_ticket_key_block * -ticket_block_alloc(unsigned count) -{ - ssl_ticket_key_block *ptr; - size_t nbytes = sizeof(ssl_ticket_key_block) + count * sizeof(ssl_ticket_key_t); - - ptr = (ssl_ticket_key_block *)ats_malloc(nbytes); - memset(ptr, 0, nbytes); - ptr->num_keys = count; - - return ptr; -} - -#endif static pthread_mutex_t *mutex_buf = NULL; static bool open_ssl_initialized = false;
