Copilot commented on code in PR #13284:
URL: https://github.com/apache/trafficserver/pull/13284#discussion_r3424197791
##########
src/iocore/net/TLSCertCompression.cc:
##########
@@ -97,8 +97,105 @@ find_algorithm(std::string const &name)
} // end anonymous namespace
#endif
+#if HAVE_SSL_CTX_ADD_CERT_COMPRESSION_ALG
+static int cert_compress_cache_index = -1;
+
+static void
+cert_compress_cache_free_cb(void * /* parent */, void *ptr, CRYPTO_EX_DATA *
/* ad */, int /* idx */, long /* argl */,
+ void * /* argp */)
+{
+ auto *cache = static_cast<CertCompressionCache *>(ptr);
+ if (cache) {
+ for (auto &slot : cache->slots) {
+ delete slot.live.load(std::memory_order_acquire);
+ delete slot.retired.load(std::memory_order_acquire);
+ }
+ delete cache;
+ }
+}
+
+void
+cert_compress_cache_init()
+{
+ if (cert_compress_cache_index != -1) {
+ return;
+ }
+ cert_compress_cache_index = SSL_CTX_get_ex_new_index(0, nullptr, nullptr,
nullptr, cert_compress_cache_free_cb);
+}
+
+CertCompressionCache *
+cert_compress_cache_get(SSL_CTX *ctx)
+{
+ if (cert_compress_cache_index < 0) {
+ return nullptr;
+ }
+ return static_cast<CertCompressionCache *>(SSL_CTX_get_ex_data(ctx,
cert_compress_cache_index));
+}
+
+static void
+cert_compress_cache_attach(SSL_CTX *ctx)
+{
+ if (cert_compress_cache_index < 0) {
+ return;
+ }
+ auto *cache = new CertCompressionCache();
+ SSL_CTX_set_ex_data(ctx, cert_compress_cache_index, cache);
+}
Review Comment:
cert_compress_cache_attach() allocates a CertCompressionCache but ignores
the return value of SSL_CTX_set_ex_data(). If SSL_CTX_set_ex_data() fails, the
newly allocated cache is leaked (and the caller thinks caching is enabled).
Please handle failure by deleting the allocation (and optionally leaving
caching disabled for that ctx).
##########
src/iocore/net/TLSCertCompression_zstd.cc:
##########
@@ -28,9 +28,25 @@
#include <zstd.h>
int
-compression_func_zstd(SSL * /* ssl */, CBB *out, const uint8_t *in, size_t
in_len)
+compression_func_zstd(SSL *ssl, CBB *out, const uint8_t *in, size_t in_len)
{
- // TODO Need a cache mechanism inside this function for better performance.
+ auto *cache = cert_compress_cache_get(SSL_get_SSL_CTX(ssl));
+
+ if (cache) {
+ auto const *entry =
cache->slots[CERT_COMPRESS_ALG_ZSTD].live.load(std::memory_order_acquire);
+ if (entry) {
+ uint8_t *buf;
+ if (CBB_reserve(out, &buf, entry->bytes.size()) != 1) {
+ Metrics::Counter::increment(ssl_rsb.cert_compress_zstd_failure);
+ return 0;
+ }
+ memcpy(buf, entry->bytes.data(), entry->bytes.size());
Review Comment:
This code calls memcpy() but the file does not include <cstring>. Relying on
indirect includes for standard library declarations is non-portable and can
break builds on some platforms / standard library implementations.
##########
src/iocore/net/TLSCertCompression_zlib.cc:
##########
@@ -28,9 +28,25 @@
#include <zlib.h>
int
-compression_func_zlib(SSL * /* ssl */, CBB *out, const uint8_t *in, size_t
in_len)
+compression_func_zlib(SSL *ssl, CBB *out, const uint8_t *in, size_t in_len)
{
- // TODO Need a cache mechanism inside this function for better performance.
+ auto *cache = cert_compress_cache_get(SSL_get_SSL_CTX(ssl));
+
+ if (cache) {
+ auto const *entry =
cache->slots[CERT_COMPRESS_ALG_ZLIB].live.load(std::memory_order_acquire);
+ if (entry) {
+ uint8_t *buf;
+ if (CBB_reserve(out, &buf, entry->bytes.size()) != 1) {
+ Metrics::Counter::increment(ssl_rsb.cert_compress_zlib_failure);
+ return 0;
+ }
+ memcpy(buf, entry->bytes.data(), entry->bytes.size());
Review Comment:
This code calls memcpy() but the file does not include <cstring>. Relying on
indirect includes for standard library declarations is non-portable and can
break builds on some platforms / standard library implementations.
##########
src/iocore/net/TLSCertCompression_brotli.cc:
##########
@@ -29,9 +29,25 @@
#include <brotli/encode.h>
int
-compression_func_brotli(SSL * /* ssl */, CBB *out, const uint8_t *in, size_t
in_len)
+compression_func_brotli(SSL *ssl, CBB *out, const uint8_t *in, size_t in_len)
{
- // TODO Need a cache mechanism inside this function for better performance.
+ auto *cache = cert_compress_cache_get(SSL_get_SSL_CTX(ssl));
+
+ if (cache) {
+ auto const *entry =
cache->slots[CERT_COMPRESS_ALG_BROTLI].live.load(std::memory_order_acquire);
+ if (entry) {
+ uint8_t *buf;
+ if (CBB_reserve(out, &buf, entry->bytes.size()) != 1) {
+ Metrics::Counter::increment(ssl_rsb.cert_compress_brotli_failure);
+ return 0;
+ }
+ memcpy(buf, entry->bytes.data(), entry->bytes.size());
Review Comment:
This code calls memcpy() but the file does not include <cstring>. Relying on
indirect includes for standard library declarations is non-portable and can
break builds on some platforms / standard library implementations.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]