From: William Lallemand Date: Fri, 10 Apr 2020 08:26:27 +0000 (+0200) Subject: REORG: ssl: move some free/new functions X-Git-Tag: v2.2-dev6~16 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=82b21bbe863b0c9cbb983a989cdba8ae58fcc131;p=thirdparty%2Fhaproxy.git REORG: ssl: move some free/new functions Move crtlist_free_filters(), crtlist_dup_filters(), crtlist_free(), crtlist_new(), ssl_sock_free_ssl_conf() upper in the file. --- diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 3d5c483b84..e986554ac2 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -2898,6 +2898,37 @@ int ssl_sock_load_global_dh_param_from_file(const char *filename) } #endif +/* release ssl bind conf */ +void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf) +{ + if (conf) { +#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) + free(conf->npn_str); + conf->npn_str = NULL; +#endif +#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation + free(conf->alpn_str); + conf->alpn_str = NULL; +#endif + free(conf->ca_file); + conf->ca_file = NULL; + free(conf->ca_verify_file); + conf->ca_verify_file = NULL; + free(conf->crl_file); + conf->crl_file = NULL; + free(conf->ciphers); + conf->ciphers = NULL; +#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) + free(conf->ciphersuites); + conf->ciphersuites = NULL; +#endif + free(conf->curves); + conf->curves = NULL; + free(conf->ecdhe); + conf->ecdhe = NULL; + } +} + /* unlink a ckch_inst, free all SNIs, free the ckch_inst */ /* The caller must use the lock of the bind_conf if used with inserted SNIs */ static void ckch_inst_free(struct ckch_inst *inst) @@ -2934,6 +2965,82 @@ static struct ckch_inst *ckch_inst_new() return ckch_inst; } +/* free sni filters */ +static void crtlist_free_filters(char **args) +{ + int i; + + if (!args) + return; + + for (i = 0; args[i]; i++) + free(args[i]); + + free(args); +} + +/* Alloc and duplicate a char ** array */ +static char **crtlist_dup_filters(char **args, int fcount) +{ + char **dst; + int i; + + if (fcount == 0) + return NULL; + + dst = calloc(fcount + 1, sizeof(*dst)); + if (!dst) + return NULL; + + for (i = 0; i < fcount; i++) { + dst[i] = strdup(args[i]); + if (!dst[i]) + goto error; + } + return dst; + +error: + crtlist_free_filters(dst); + return NULL; +} + +/* Free a crtlist, from the crt_entry to the content of the ssl_conf */ +static void crtlist_free(struct crtlist *crtlist) +{ + struct crtlist_entry *entry, *s_entry; + + if (crtlist == NULL) + return; + + list_for_each_entry_safe(entry, s_entry, &crtlist->ord_entries, by_crtlist) { + crtlist_entry_free(entry); + } + ebmb_delete(&crtlist->node); + free(crtlist); +} + +/* Alloc and initialize a struct crtlist + * is the key of the ebmb_node + * initialize the list of entries to be unique (1) or not (0) + */ +static struct crtlist *crtlist_new(const char *filename, int unique) +{ + struct crtlist *newlist; + + newlist = calloc(1, sizeof(*newlist) + strlen(filename) + 1); + if (newlist == NULL) + return NULL; + + memcpy(newlist->node.key, filename, strlen(filename) + 1); + if (unique) + newlist->entries = EB_ROOT_UNIQUE; + else + newlist->entries = EB_ROOT; + + LIST_INIT(&newlist->ord_entries); + + return newlist; +} /* This function allocates a sni_ctx and adds it to the ckch_inst */ static int ckch_inst_add_cert_sni(SSL_CTX *ctx, struct ckch_inst *ckch_inst, @@ -4408,118 +4515,6 @@ static int ssl_initialize_random() return random_initialized; } -/* release ssl bind conf */ -void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf) -{ - if (conf) { -#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG) - free(conf->npn_str); - conf->npn_str = NULL; -#endif -#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation - free(conf->alpn_str); - conf->alpn_str = NULL; -#endif - free(conf->ca_file); - conf->ca_file = NULL; - free(conf->ca_verify_file); - conf->ca_verify_file = NULL; - free(conf->crl_file); - conf->crl_file = NULL; - free(conf->ciphers); - conf->ciphers = NULL; -#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) - free(conf->ciphersuites); - conf->ciphersuites = NULL; -#endif - free(conf->curves); - conf->curves = NULL; - free(conf->ecdhe); - conf->ecdhe = NULL; - } -} -/* free sni filters */ -static void crtlist_free_filters(char **args) -{ - int i; - - if (!args) - return; - - for (i = 0; args[i]; i++) - free(args[i]); - - free(args); -} - -/* Alloc and duplicate a char ** array */ -static char **crtlist_dup_filters(char **args, int fcount) -{ - char **dst; - int i; - - if (fcount == 0) - return NULL; - - dst = calloc(fcount + 1, sizeof(*dst)); - if (!dst) - return NULL; - - for (i = 0; i < fcount; i++) { - dst[i] = strdup(args[i]); - if (!dst[i]) - goto error; - } - return dst; - -error: - crtlist_free_filters(dst); - return NULL; -} - - -/* Free a crtlist, from the crt_entry to the content of the ssl_conf */ -static void crtlist_free(struct crtlist *crtlist) -{ - struct crtlist_entry *entry, *s_entry; - - if (crtlist == NULL) - return; - - list_for_each_entry_safe(entry, s_entry, &crtlist->ord_entries, by_crtlist) { - ebpt_delete(&entry->node); - LIST_DEL(&entry->by_crtlist); - crtlist_free_filters(entry->filters); - ssl_sock_free_ssl_conf(entry->ssl_conf); - free(entry->ssl_conf); - free(entry); - } - ebmb_delete(&crtlist->node); - free(crtlist); -} - -/* Alloc and initialize a struct crtlist - * is the key of the ebmb_node - * initialize the list of entries to be unique (1) or not (0) - */ -static struct crtlist *crtlist_new(const char *filename, int unique) -{ - struct crtlist *newlist; - - newlist = calloc(1, sizeof(*newlist) + strlen(filename) + 1); - if (newlist == NULL) - return NULL; - - memcpy(newlist->node.key, filename, strlen(filename) + 1); - if (unique) - newlist->entries = EB_ROOT_UNIQUE; - else - newlist->entries = EB_ROOT; - - LIST_INIT(&newlist->ord_entries); - - return newlist; -} /* This function reads a directory and stores it in a struct crtlist, each file is a crtlist_entry structure * Fill the argument with a pointer to a new crtlist struct