From: Alex Rousskov Date: Tue, 29 Aug 2017 17:35:44 +0000 (-0600) Subject: Fixed build and Ssl::BIO_new_SBuf() broken/added by 5107d2c (#53) X-Git-Tag: M-staged-PR71~54 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=64e6422528551228d71b4088e2f24caf343060ce;p=thirdparty%2Fsquid.git Fixed build and Ssl::BIO_new_SBuf() broken/added by 5107d2c (#53) Fixed BIO_new_SBuf() compilation with OpenSSL v1.1 (and others that HAVE_LIBCRYPTO_BIO_METH_NEW). Do not leak the BIO object allocated in Ssl::InRamCertificateDbKey(). Throw instead of returning nil from Ssl::BIO_new_SBuf(). Polished BIO_new_SBuf() description to better reflect reality. --- diff --git a/src/ssl/support.cc b/src/ssl/support.cc index e80ea89362..99b73f2ef6 100644 --- a/src/ssl/support.cc +++ b/src/ssl/support.cc @@ -1391,8 +1391,8 @@ void Ssl::InRamCertificateDbKey(const Ssl::CertificateProperties &certProperties key.append(certProperties.signHash ? EVP_MD_name(certProperties.signHash) : "-"); if (certProperties.mimicCert) { - BIO *bio = BIO_new_SBuf(&key); - ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bio, (ASN1_VALUE *)certProperties.mimicCert.get()); + Ssl::BIO_Pointer bio(BIO_new_SBuf(&key)); + ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bio.get(), (ASN1_VALUE *)certProperties.mimicCert.get()); } } @@ -1416,6 +1416,7 @@ int bio_sbuf_write(BIO* bio, const char* data, int len) { SBuf *buf = static_cast(BIO_get_data(bio)); + // TODO: Convert exceptions into BIO errors buf->append(data, len); return len; } @@ -1423,6 +1424,7 @@ bio_sbuf_write(BIO* bio, const char* data, int len) int bio_sbuf_puts(BIO* bio, const char* data) { + // TODO: use bio_sbuf_write() instead SBuf *buf = static_cast(BIO_get_data(bio)); size_t oldLen = buf->length(); buf->append(data); @@ -1434,6 +1436,7 @@ bio_sbuf_ctrl(BIO* bio, int cmd, long num, void* ptr) { SBuf *buf = static_cast(BIO_get_data(bio)); switch (cmd) { case BIO_CTRL_RESET: + // TODO: Convert exceptions into BIO errors buf->clear(); return 1; case BIO_CTRL_FLUSH: @@ -1443,28 +1446,10 @@ bio_sbuf_ctrl(BIO* bio, int cmd, long num, void* ptr) { } } - -#if HAVE_LIBCRYPTO_BIO_METH_NEW -static BIO_METHOD *BioSBufMethods = nullptr; -#else -static BIO_METHOD BioSBufMethods = { - BIO_TYPE_MEM, - "Squid SBuf", - bio_sbuf_write, - nullptr, - bio_sbuf_puts, - nullptr, - bio_sbuf_ctrl, - bio_sbuf_create, - bio_sbuf_destroy, - NULL, - -}; -#endif - BIO *Ssl::BIO_new_SBuf(SBuf *buf) { #if HAVE_LIBCRYPTO_BIO_METH_NEW + static BIO_METHOD *BioSBufMethods = nullptr; if (!BioSBufMethods) { BioSBufMethods = BIO_meth_new(BIO_TYPE_MEM, "Squid-SBuf"); BIO_meth_set_write(BioSBufMethods, bio_sbuf_write); @@ -1476,10 +1461,21 @@ BIO *Ssl::BIO_new_SBuf(SBuf *buf) BIO_meth_set_destroy(BioSBufMethods, bio_sbuf_destroy); } #else - BIO *bio = BIO_new(&BioSBufMethods); + static BIO_METHOD *BioSBufMethods = new BIO_METHOD({ + BIO_TYPE_MEM, + "Squid SBuf", + bio_sbuf_write, + nullptr, + bio_sbuf_puts, + nullptr, + bio_sbuf_ctrl, + bio_sbuf_create, + bio_sbuf_destroy, + NULL + }); #endif - if (!bio) - return nullptr; + BIO *bio = BIO_new(BioSBufMethods); + Must(bio); BIO_set_data(bio, buf); BIO_set_init(bio, 1); return bio; diff --git a/src/ssl/support.h b/src/ssl/support.h index b28322daf1..ecbd21c674 100644 --- a/src/ssl/support.h +++ b/src/ssl/support.h @@ -330,7 +330,8 @@ void InRamCertificateDbKey(const Ssl::CertificateProperties &certProperties, SBu /** \ingroup ServerProtocolSSLAPI - Generates an OpenSSL BIO for writting to an SBuf object + Creates and returns an OpenSSL BIO object for writing to `buf` (or throws). + TODO: Add support for reading from `buf`. */ BIO *BIO_new_SBuf(SBuf *buf); } //namespace Ssl