Skip to content

Commit

Permalink
Add SSL_CTX_dup API
Browse files Browse the repository at this point in the history
  • Loading branch information
wbeck10p committed Oct 13, 2023
1 parent eaee176 commit f2d3718
Show file tree
Hide file tree
Showing 33 changed files with 837 additions and 577 deletions.
7 changes: 6 additions & 1 deletion doc/man3/SSL_CTX_new.pod
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
=head1 NAME

TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method,
SSL_CTX_new, SSL_CTX_new_ex, SSL_CTX_up_ref, SSLv3_method,
SSL_CTX_new, SSL_CTX_new_ex, SSL_CTX_dup, SSL_CTX_up_ref, SSLv3_method,
SSLv3_server_method, SSLv3_client_method, TLSv1_method, TLSv1_server_method,
TLSv1_client_method, TLSv1_1_method, TLSv1_1_server_method,
TLSv1_1_client_method, TLS_method, TLS_server_method, TLS_client_method,
Expand All @@ -21,6 +21,8 @@ functions
SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
const SSL_METHOD *method);
SSL_CTX *SSL_CTX_new(const SSL_METHOD *method);
SSL_CTX *SSL_CTX_dup(OSSL_LIB_CTX *libctx, SSL_CTX *source,
const char *propq, const SSL_METHOD *meth);
int SSL_CTX_up_ref(SSL_CTX *ctx);

const SSL_METHOD *TLS_method(void);
Expand Down Expand Up @@ -88,6 +90,9 @@ parameters may be NULL.
SSL_CTX_new() does the same as SSL_CTX_new_ex() except that the default
library context is used and no property query string is specified.

SSL_CTX_dup() creates a new SSL_CTX object and uses the current configuration from
an existing SSL_CTX.

An B<SSL_CTX> object is reference counted. Creating an B<SSL_CTX> object for the
first time increments the reference count. Freeing the B<SSL_CTX> (using
SSL_CTX_free) decrements it. When the reference count drops to zero, any memory
Expand Down
2 changes: 2 additions & 0 deletions include/openssl/ssl.h.in
Original file line number Diff line number Diff line change
Expand Up @@ -1560,6 +1560,8 @@ __owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
__owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
__owur SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
const SSL_METHOD *meth);
__owur SSL_CTX *SSL_CTX_dup(OSSL_LIB_CTX *libctx, SSL_CTX *source,
const char *propq, const SSL_METHOD *meth);
int SSL_CTX_up_ref(SSL_CTX *ctx);
void SSL_CTX_free(SSL_CTX *);
__owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
Expand Down
1 change: 1 addition & 0 deletions include/openssl/types.h
Original file line number Diff line number Diff line change
Expand Up @@ -186,6 +186,7 @@ typedef struct ui_method_st UI_METHOD;
typedef struct engine_st ENGINE;
typedef struct ssl_st SSL;
typedef struct ssl_ctx_st SSL_CTX;
typedef struct ssl_ctx_cnf_st SSL_CTX_CNF;

typedef struct comp_ctx_st COMP_CTX;
typedef struct comp_method_st COMP_METHOD;
Expand Down
8 changes: 4 additions & 4 deletions ssl/d1_lib.c
Original file line number Diff line number Diff line change
Expand Up @@ -618,13 +618,13 @@ int DTLSv1_listen(SSL *ssl, BIO_ADDR *client)
/*
* We have a cookie, so lets check it.
*/
if (ssl->ctx->app_verify_cookie_cb == NULL) {
if (ssl->ctx->cnf->app_verify_cookie_cb == NULL) {
ERR_raise(ERR_LIB_SSL, SSL_R_NO_VERIFY_COOKIE_CALLBACK);
/* This is fatal */
ret = -1;
goto end;
}
if (ssl->ctx->app_verify_cookie_cb(ssl, PACKET_data(&cookiepkt),
if (ssl->ctx->cnf->app_verify_cookie_cb(ssl, PACKET_data(&cookiepkt),
(unsigned int)PACKET_remaining(&cookiepkt)) == 0) {
/*
* We treat invalid cookies in the same was as no cookie as
Expand All @@ -649,8 +649,8 @@ int DTLSv1_listen(SSL *ssl, BIO_ADDR *client)
*/

/* Generate the cookie */
if (ssl->ctx->app_gen_cookie_cb == NULL ||
ssl->ctx->app_gen_cookie_cb(ssl, cookie, &cookielen) == 0 ||
if (ssl->ctx->cnf->app_gen_cookie_cb == NULL ||
ssl->ctx->cnf->app_gen_cookie_cb(ssl, cookie, &cookielen) == 0 ||
cookielen > 255) {
ERR_raise(ERR_LIB_SSL, SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
/* This is fatal */
Expand Down
4 changes: 2 additions & 2 deletions ssl/d1_msg.c
Original file line number Diff line number Diff line change
Expand Up @@ -67,8 +67,8 @@ int dtls1_dispatch_alert(SSL *ssl)

if (s->info_callback != NULL)
cb = s->info_callback;
else if (ssl->ctx->info_callback != NULL)
cb = ssl->ctx->info_callback;
else if (ssl->ctx->cnf->info_callback != NULL)
cb = ssl->ctx->cnf->info_callback;

if (cb != NULL) {
j = (s->s3.send_alert[0] << 8) | s->s3.send_alert[1];
Expand Down
2 changes: 1 addition & 1 deletion ssl/d1_srtp.c
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,7 @@ static int ssl_ctx_make_profiles(const char *profiles_string,

int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles)
{
if (IS_QUIC_METHOD(ctx->method))
if (IS_QUIC_METHOD(ctx->cnf->method))
return 1;

return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles);
Expand Down
10 changes: 5 additions & 5 deletions ssl/quic/quic_impl.c
Original file line number Diff line number Diff line change
Expand Up @@ -387,7 +387,7 @@ SSL *ossl_quic_new(SSL_CTX *ctx)

/* Initialise the QUIC_CONNECTION's stub header. */
ssl_base = &qc->ssl;
if (!ossl_ssl_init(ssl_base, ctx, ctx->method, SSL_TYPE_QUIC_CONNECTION)) {
if (!ossl_ssl_init(ssl_base, ctx, ctx->cnf->method, SSL_TYPE_QUIC_CONNECTION)) {
ssl_base = NULL;
QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
goto err;
Expand Down Expand Up @@ -422,8 +422,8 @@ SSL *ossl_quic_new(SSL_CTX *ctx)
qc->as_server_state = qc->as_server;

qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI;
qc->default_ssl_mode = qc->ssl.ctx->mode;
qc->default_ssl_options = qc->ssl.ctx->options & OSSL_QUIC_PERMITTED_OPTIONS;
qc->default_ssl_mode = qc->ssl.ctx->cnf->mode;
qc->default_ssl_options = qc->ssl.ctx->cnf->options & OSSL_QUIC_PERMITTED_OPTIONS;
qc->desires_blocking = 1;
qc->blocking = 0;
qc->incoming_stream_policy = SSL_INCOMING_STREAM_POLICY_AUTO;
Expand All @@ -432,8 +432,8 @@ SSL *ossl_quic_new(SSL_CTX *ctx)
if (!create_channel(qc))
goto err;

ossl_quic_channel_set_msg_callback(qc->ch, ctx->msg_callback, ssl_base);
ossl_quic_channel_set_msg_callback_arg(qc->ch, ctx->msg_callback_arg);
ossl_quic_channel_set_msg_callback(qc->ch, ctx->cnf->msg_callback, ssl_base);
ossl_quic_channel_set_msg_callback_arg(qc->ch, ctx->cnf->msg_callback_arg);

qc_update_reject_policy(qc);

Expand Down
2 changes: 1 addition & 1 deletion ssl/quic/quic_local.h
Original file line number Diff line number Diff line change
Expand Up @@ -246,7 +246,7 @@ int ossl_quic_trace(int write_p, int version, int content_type,
# define IS_QUIC_METHOD(m) \
((m) == OSSL_QUIC_client_method() || \
(m) == OSSL_QUIC_client_thread_method())
# define IS_QUIC_CTX(ctx) IS_QUIC_METHOD((ctx)->method)
# define IS_QUIC_CTX(ctx) IS_QUIC_METHOD((ctx)->cnf->method)

# define QUIC_CONNECTION_FROM_SSL_int(ssl, c) \
((ssl) == NULL ? NULL \
Expand Down
2 changes: 1 addition & 1 deletion ssl/quic/quic_tls.c
Original file line number Diff line number Diff line change
Expand Up @@ -739,7 +739,7 @@ int ossl_quic_tls_tick(QUIC_TLS *qtls)

/* ALPN is a requirement for QUIC and must be set */
if (qtls->args.is_server) {
if (sctx->ext.alpn_select_cb == NULL)
if (sctx->cnf->ext.alpn_select_cb == NULL)
return RAISE_INTERNAL_ERROR(qtls);
} else {
if (sc->ext.alpn == NULL || sc->ext.alpn_len == 0)
Expand Down
4 changes: 2 additions & 2 deletions ssl/record/rec_layer_d1.c
Original file line number Diff line number Diff line change
Expand Up @@ -397,8 +397,8 @@ int dtls1_read_bytes(SSL *s, uint8_t type, uint8_t *recvd_type,

if (sc->info_callback != NULL)
cb = sc->info_callback;
else if (s->ctx->info_callback != NULL)
cb = s->ctx->info_callback;
else if (s->ctx->cnf->info_callback != NULL)
cb = s->ctx->cnf->info_callback;

if (cb != NULL) {
j = (alert_level << 8) | alert_descr;
Expand Down
6 changes: 3 additions & 3 deletions ssl/record/rec_layer_s3.c
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,7 @@ size_t ssl3_pending(const SSL *s)

void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len)
{
ctx->default_read_buf_len = len;
ctx->cnf->default_read_buf_len = len;
}

void SSL_set_default_read_buffer_len(SSL *s, size_t len)
Expand Down Expand Up @@ -820,8 +820,8 @@ int ssl3_read_bytes(SSL *ssl, uint8_t type, uint8_t *recvd_type,

if (s->info_callback != NULL)
cb = s->info_callback;
else if (ssl->ctx->info_callback != NULL)
cb = ssl->ctx->info_callback;
else if (ssl->ctx->cnf->info_callback != NULL)
cb = ssl->ctx->cnf->info_callback;

if (cb != NULL) {
j = (alert_level << 8) | alert_descr;
Expand Down
Loading

0 comments on commit f2d3718

Please sign in to comment.