[PATCHv2] tls_openssl: Store TLS context per-connection
Jouni Malinen
j at w1.fi
Thu May 9 17:27:14 EDT 2013
On Fri, Apr 05, 2013 at 10:55:54AM -0700, Paul Stewart wrote:
> Store context for each tls_init() caller, so events are
> generated for the correct wpa_s instance. The tls_global
> variable is retained for older OpenSSL implementations
> that may not have app-data for SSL_CTX.
Thanks, applied with couple of changes.
> diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
> @@ -690,17 +707,12 @@ static int tls_engine_load_dynamic_opensc(const char *opensc_so_path)
> void * tls_init(const struct tls_config *conf)
> {
> SSL_CTX *ssl;
> + struct tls_context *context;
> if (tls_openssl_ref_count == 0) {
> - tls_global = os_zalloc(sizeof(*tls_global));
> - if (tls_global == NULL)
> + tls_global = context = tls_context_new(conf);
> @@ -746,6 +758,13 @@ void * tls_init(const struct tls_config *conf)
> +#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA
> + } else {
> + /* Newer OpenSSL can store app-data per-SSL */
> + context = tls_context_new(conf);
> + if (context == NULL)
> + return NULL;
> +#endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */
> }
This seems to leave context unspecified for all tls_init() calls apart
from the first one if SSL_CTX_set_app_data() is not supported. I changed
this to default to tls_global in such case to maintain previous behavior.
> @@ -754,6 +773,9 @@ void * tls_init(const struct tls_config *conf)
> return NULL;
And that error path seemed to leak memory if SSL_CTX_set_app_data() is
supported, so I added os_free(context) here.
> +#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA
> + context = (struct tls_context *)SSL_CTX_get_app_data(ssl);
> +#endif
SSL_CTX_get_app_data() seems to return void*, so I removed the
unnecessary type casts.
--
Jouni Malinen PGP id EFC895FA
More information about the HostAP
mailing list