mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-03 08:05:21 +00:00
Code Issues Releases Wiki Activity

Add isc_tlsctx_attach()

Browse Source 
The implementation is done on top of the reference counting
functionality found in OpenSSL/LibreSSL, which allows for avoiding
wrapping the object.

Adding this function allows using reference counting for TLS contexts
in BIND 9's codebase.
This commit is contained in:
Artem Boldariev
2022-02-22 17:07:57 +02:00
parent 09dccf29b4
commit a7a482c1b1
5 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
configure.ac
View File

@@ -651,6 +651,7 @@ AC_CHECK_FUNCS([SSL_CTX_set_min_proto_version])
AC_CHECK_FUNCS([SSL_CTX_up_ref])
AC_CHECK_FUNCS([SSL_read_ex SSL_peek_ex SSL_write_ex])
AC_CHECK_FUNCS([SSL_CTX_set1_cert_store X509_STORE_up_ref])
AC_CHECK_FUNCS([SSL_CTX_up_ref])
#
# Check for algorithm support in OpenSSL

11
lib/isc/include/isc/tls.h
View File

@@ -32,6 +32,17 @@ isc_tlsctx_free(isc_tlsctx_t **ctpx);
*\li 'ctxp' != NULL and '*ctxp' != NULL.
*/
void
isc_tlsctx_attach(isc_tlsctx_t *src, isc_tlsctx_t **ptarget);
/*%<
* Attach to the TLS context.
*
* Requires:
*\li 'src' != NULL;
*\li 'ptarget' != NULL;
*\li '*ptarget' == NULL.
*/
isc_result_t
isc_tlsctx_createserver(const char *keyfile, const char *certfile,
isc_tlsctx_t **ctxp);

7
lib/isc/openssl_shim.c
View File

@@ -189,3 +189,10 @@ SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store) {
}
#endif /* !HAVE_SSL_CTX_SET1_CERT_STORE */
#if !HAVE_SSL_CTX_UP_REF
int
SSL_CTX_up_ref(SSL_CTX *ctx) {
return (CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX) > 0);
}
#endif /* !HAVE_SSL_CTX_UP_REF */

5
lib/isc/openssl_shim.h
View File

@@ -130,3 +130,8 @@ X509_STORE_up_ref(X509_STORE *v);
void
SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store);
#endif /* !HAVE_SSL_CTX_SET1_CERT_STORE */
#if !HAVE_SSL_CTX_UP_REF
int
SSL_CTX_up_ref(SSL_CTX *store);
#endif /* !HAVE_SSL_CTX_UP_REF */

10
lib/isc/tls.c
View File

@@ -188,6 +188,16 @@ isc_tlsctx_free(isc_tlsctx_t **ctxp) {
SSL_CTX_free(ctx);
}
void
isc_tlsctx_attach(isc_tlsctx_t *src, isc_tlsctx_t **ptarget) {
REQUIRE(src != NULL);
REQUIRE(ptarget != NULL && *ptarget == NULL);
RUNTIME_CHECK(SSL_CTX_up_ref(src) == 1);
*ptarget = src;
}
#if HAVE_SSL_CTX_SET_KEYLOG_CALLBACK
/*
* Callback invoked by the SSL library whenever a new TLS pre-master secret