From: Amos Jeffries Date: Fri, 4 Dec 2015 02:28:25 +0000 (-0800) Subject: Cleanup: add Security::ContextPointer as smart pointer to SSL_CTX* X-Git-Tag: SQUID_4_0_4~55 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=eacc166680d2551dde86af6b473d05ace855cd39;p=thirdparty%2Fsquid.git Cleanup: add Security::ContextPointer as smart pointer to SSL_CTX* Due to circular dependency issues between ssl/libsquidssl.la and security/libsecurity.la the code within src/ssl/ is restricted to only using Security::ContextPtr, it MUST NOT use ContextPointer Code outside of src/ssl/ should always use Security::ContextPointer when storing a reference to a context. Unfortunately some uses of SSL_CTX_Pointer and AnyP::PortCfg remain in src/ssl/support.cc for now. --- diff --git a/configure.ac b/configure.ac index 206f368619..612d26391a 100644 --- a/configure.ac +++ b/configure.ac @@ -1288,6 +1288,7 @@ AH_TEMPLATE(USE_OPENSSL,[OpenSSL support is available]) if test "x$with_openssl" = "xyes"; then AC_CHECK_HEADERS( \ openssl/bio.h \ + openssl/crypto.h \ openssl/err.h \ openssl/md5.h \ openssl/opensslv.h \ diff --git a/src/anyp/PortCfg.h b/src/anyp/PortCfg.h index 38483b9cf1..dcdcc597e2 100644 --- a/src/anyp/PortCfg.h +++ b/src/anyp/PortCfg.h @@ -78,7 +78,7 @@ public: bool generateHostCertificates; ///< dynamically make host cert for sslBump size_t dynamicCertMemCacheSize; ///< max size of generated certificates memory cache - Ssl::SSL_CTX_Pointer staticSslContext; ///< for HTTPS accelerator or static sslBump + Security::ContextPointer staticSslContext; ///< for HTTPS accelerator or static sslBump Security::CertPointer signingCert; ///< x509 certificate for signing generated certificates Ssl::EVP_PKEY_Pointer signPkey; ///< private key for sighing generated certificates Ssl::X509_STACK_Pointer certsToChain; ///< x509 certificates to send with the generated cert diff --git a/src/security/Context.h b/src/security/Context.h index 0aaa366b9c..ffb2188ba1 100644 --- a/src/security/Context.h +++ b/src/security/Context.h @@ -9,13 +9,14 @@ #ifndef SQUID_SRC_SECURITY_CONTEXT_H #define SQUID_SRC_SECURITY_CONTEXT_H +#include "security/LockingPointer.h" + #if USE_OPENSSL #if HAVE_OPENSSL_SSL_H #include #endif -#endif -#if USE_GNUTLS +#elif USE_GNUTLS #if HAVE_GNUTLS_GNUTLS_H #include #endif @@ -23,15 +24,29 @@ namespace Security { +/* IMPORTANT: + * Due to circular dependency issues between ssl/libsquidssl.la and + * security/libsecurity.la the code within src/ssl/ is restricted to + * only using Security::ContextPtr, it MUST NOT use ContextPointer + * + * Code outside of src/ssl/ should always use Security::ContextPointer + * when storing a reference to a context. + */ #if USE_OPENSSL typedef SSL_CTX* ContextPtr; +CtoCpp1(SSL_CTX_free, SSL_CTX *); +typedef LockingPointer ContextPointer; #elif USE_GNUTLS typedef gnutls_certificate_credentials_t ContextPtr; +CtoCpp1(gnutls_certificate_free_credentials, gnutls_certificate_credentials_t); +typedef Security::LockingPointer ContextPointer; #else // use void* so we can check against nullptr typedef void* ContextPtr; +typedef Security::LockingPointer ContextPointer; + #endif } // namespace Security diff --git a/src/security/LockingPointer.h b/src/security/LockingPointer.h index 49c1a297fd..74417f0d9c 100644 --- a/src/security/LockingPointer.h +++ b/src/security/LockingPointer.h @@ -11,6 +11,28 @@ #include "base/TidyPointer.h" +#if USE_OPENSSL +#if HAVE_OPENSSL_CRYPTO_H +#include +#endif + +// Macro to be used to define the C++ wrapper function of a sk_*_pop_free +// openssl family functions. The C++ function suffixed with the _free_wrapper +// extension +#define sk_free_wrapper(sk_object, argument, freefunction) \ + extern "C++" inline void sk_object ## _free_wrapper(argument a) { \ + sk_object ## _pop_free(a, freefunction); \ + } + +#endif + +// Macro to be used to define the C++ equivalent function of an extern "C" +// function. The C++ function suffixed with the _cpp extension +#define CtoCpp1(function, argument) \ + extern "C++" inline void function ## _cpp(argument a) { \ + function(a); \ + } + namespace Security { diff --git a/src/security/forward.h b/src/security/forward.h index 9286f836dc..63da965958 100644 --- a/src/security/forward.h +++ b/src/security/forward.h @@ -10,7 +10,6 @@ #define SQUID_SRC_SECURITY_FORWARD_H #include "security/Context.h" -#include "security/LockingPointer.h" #include "security/Session.h" #if USE_GNUTLS @@ -29,23 +28,6 @@ #define SSL_FLAG_VERIFY_CRL (1<<5) #define SSL_FLAG_VERIFY_CRL_ALL (1<<6) -// Macro to be used to define the C++ equivalent function of an extern "C" -// function. The C++ function suffixed with the _cpp extension -#define CtoCpp1(function, argument) \ - extern "C++" inline void function ## _cpp(argument a) { \ - function(a); \ - } - -#if USE_OPENSSL -// Macro to be used to define the C++ wrapper function of a sk_*_pop_free -// openssl family functions. The C++ function suffixed with the _free_wrapper -// extension -#define sk_free_wrapper(sk_object, argument, freefunction) \ - extern "C++" inline void sk_object ## _free_wrapper(argument a) { \ - sk_object ## _pop_free(a, freefunction); \ - } -#endif - /// Network/connection security abstraction layer namespace Security {