[PATCHv2] tls_openssl: Store TLS context per-connection

Jouni Malinen j
Thu May 9 14:27:14 PDT 2013


On Fri, Apr 05, 2013 at 10:55:54AM -0700, Paul Stewart wrote:
> Store context for each tls_init() caller, so events are
> generated for the correct wpa_s instance.  The tls_global
> variable is retained for older OpenSSL implementations
> that may not have app-data for SSL_CTX.

Thanks, applied with couple of changes.

> diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
> @@ -690,17 +707,12 @@ static int tls_engine_load_dynamic_opensc(const char *opensc_so_path)
>  void * tls_init(const struct tls_config *conf)
>  {
>  	SSL_CTX *ssl;
> +	struct tls_context *context;

>  	if (tls_openssl_ref_count == 0) {
> -		tls_global = os_zalloc(sizeof(*tls_global));
> -		if (tls_global == NULL)
> +		tls_global = context = tls_context_new(conf);

> @@ -746,6 +758,13 @@ void * tls_init(const struct tls_config *conf)
> +#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA
> +	} else {
> +		/* Newer OpenSSL can store app-data per-SSL */
> +		context = tls_context_new(conf);
> +		if (context == NULL)
> +			return NULL;
> +#endif /* OPENSSL_SUPPORTS_CTX_APP_DATA */
>  	}

This seems to leave context unspecified for all tls_init() calls apart
from the first one if SSL_CTX_set_app_data() is not supported. I changed
this to default to tls_global in such case to maintain previous behavior.

> @@ -754,6 +773,9 @@ void * tls_init(const struct tls_config *conf)
>  		return NULL;

And that error path seemed to leak memory if SSL_CTX_set_app_data() is
supported, so I added os_free(context) here.

> +#ifdef OPENSSL_SUPPORTS_CTX_APP_DATA
> +	context = (struct tls_context *)SSL_CTX_get_app_data(ssl);
> +#endif

SSL_CTX_get_app_data() seems to return void*, so I removed the
unnecessary type casts.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list