Remove SSL_TOKEN_STORE_HANDLE type

Replace it with SSL_TOKEN_STORE and make the structure opaque in the public api Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26517)
2025-01-31 08:02:34 -05:00 · 2025-01-31 08:02:34 -05:00 · e732f4456a
commit e732f4456a
parent f0e516522c
6 changed files with 30 additions and 30 deletions
--- a/doc/man3/SSL_CTX_get0_token_store.pod
+++ b/doc/man3/SSL_CTX_get0_token_store.pod
@ -7,8 +7,8 @@ SSL_CTX_get0_token_store, SSL_CTX_set1_token_store

 =head1 SYNOPSIS

- SSL_TOKEN_STORE_HANDLE *SSL_CTX_get0_token_store(SSL_CTX *ctx);
- int SSL_CTX_set1_token_store(SSL_CTX *ctx, SSL_TOKEN_STORE_HANDLE *hdl);
+ SSL_TOKEN_STORE *SSL_CTX_get0_token_store(SSL_CTX *ctx);
+ int SSL_CTX_set1_token_store(SSL_CTX *ctx, SSL_TOKEN_STORE *hdl);

 =head1 DESCRIPTION
 The QUIC protocol supports the exchange of opaque tokens which a client can use
@ -52,7 +52,7 @@ The following code snippet shows how to share a token store between separate
 B<SSL_CTX> objects

    SSL_CTX *ctx1, *ctx2;
-    SSL_TOKEN_CACHE_HANDLE *tc;
+    SSL_TOKEN_CACHE *tc;

    /*
     * token stores are generally only used for quic client contexts
--- a/include/internal/quic_ssl.h
+++ b/include/internal/quic_ssl.h
@ -37,10 +37,10 @@ typedef struct quic_token_st {
    size_t token_len;
 } QUIC_TOKEN;

-SSL_TOKEN_STORE_HANDLE *ossl_quic_new_token_store(void);
-void ossl_quic_free_token_store(SSL_TOKEN_STORE_HANDLE *hdl);
-SSL_TOKEN_STORE_HANDLE *ossl_quic_get0_token_store(SSL_CTX *ctx);
-int ossl_quic_set1_token_store(SSL_CTX *ctx, SSL_TOKEN_STORE_HANDLE *hdl);
+SSL_TOKEN_STORE *ossl_quic_new_token_store(void);
+void ossl_quic_free_token_store(SSL_TOKEN_STORE *hdl);
+SSL_TOKEN_STORE *ossl_quic_get0_token_store(SSL_CTX *ctx);
+int ossl_quic_set1_token_store(SSL_CTX *ctx, SSL_TOKEN_STORE *hdl);
 int ossl_quic_set_peer_token(SSL_CTX *ctx, BIO_ADDR *peer,
                             const uint8_t *token, size_t token_len);
 int ossl_quic_get_peer_token(SSL_CTX *ctx, BIO_ADDR *peer,
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@ -2307,9 +2307,9 @@ __owur int SSL_set1_initial_peer_addr(SSL *s, const BIO_ADDR *peer_addr);
 __owur SSL *SSL_get0_connection(SSL *s);
 __owur int SSL_is_connection(SSL *s);

-typedef void SSL_TOKEN_STORE_HANDLE;
-__owur SSL_TOKEN_STORE_HANDLE *SSL_CTX_get0_token_store(SSL_CTX *ctx);
-__owur int SSL_CTX_set1_token_store(SSL_CTX *ctx, SSL_TOKEN_STORE_HANDLE *hdl);
+typedef struct ssl_token_store_st SSL_TOKEN_STORE;
+__owur SSL_TOKEN_STORE *SSL_CTX_get0_token_store(SSL_CTX *ctx);
+__owur int SSL_CTX_set1_token_store(SSL_CTX *ctx, SSL_TOKEN_STORE *hdl);

 __owur int SSL_is_listener(SSL *ssl);
 __owur SSL *SSL_get0_listener(SSL *s);
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@ -4370,7 +4370,7 @@ err:
 SSL *ossl_quic_new_from_listener(SSL *ssl, uint64_t flags)
 {
    QCTX ctx;
-    QUIC_CONNECTION *qc;
+    QUIC_CONNECTION *qc = NULL;
    QUIC_LISTENER *ql;
    SSL_CONNECTION *sc = NULL;

@ -4394,7 +4394,8 @@ SSL *ossl_quic_new_from_listener(SSL *ssl, uint64_t flags)
     * ctx as a client, so we should allocate one now
     */
    if (ssl->ctx->tokencache == NULL)
-        ssl->ctx->tokencache = ossl_quic_new_token_store();
+        if ((ssl->ctx->tokencache = ossl_quic_new_token_store()) == NULL)
+            goto err;

    if ((qc = OPENSSL_zalloc(sizeof(*qc))) == NULL) {
        QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_CRYPTO_LIB, NULL);
@ -4634,11 +4635,11 @@ err:

 DEFINE_LHASH_OF_EX(QUIC_TOKEN);

-typedef struct ssl_token_store_st {
+struct ssl_token_store_st {
    LHASH_OF(QUIC_TOKEN) *cache;
    CRYPTO_REF_COUNT references;
    CRYPTO_MUTEX *mutex;
-} SSL_TOKEN_STORE;
+};

 static uint64_t fnv1a_hash_token(uint8_t *key, size_t len)
 {
@ -4664,7 +4665,7 @@ static int quic_token_cmp(const QUIC_TOKEN *a, const QUIC_TOKEN *b)
    return memcmp(a->hashkey, b->hashkey, a->hashkey_len);
 }

-SSL_TOKEN_STORE_HANDLE *ossl_quic_new_token_store(void)
+SSL_TOKEN_STORE *ossl_quic_new_token_store(void)
 {
    int ok = 0;
    SSL_TOKEN_STORE *newcache = OPENSSL_zalloc(sizeof(SSL_TOKEN_STORE));
@ -4690,7 +4691,7 @@ out:
        ossl_quic_free_token_store(newcache);
        newcache = NULL;
    }
-    return (SSL_TOKEN_STORE_HANDLE *)newcache;
+    return newcache;
 }

 static void free_this_token(QUIC_TOKEN *tok)
@ -4698,37 +4699,36 @@ static void free_this_token(QUIC_TOKEN *tok)
    ossl_quic_free_peer_token(tok);
 }

-void ossl_quic_free_token_store(SSL_TOKEN_STORE_HANDLE *hdl)
+void ossl_quic_free_token_store(SSL_TOKEN_STORE *hdl)
 {
    int refs;
-    SSL_TOKEN_STORE *c = (SSL_TOKEN_STORE *)hdl;

-    if (c == NULL)
+    if (hdl == NULL)
        return;

-    if (!CRYPTO_DOWN_REF(&c->references, &refs))
+    if (!CRYPTO_DOWN_REF(&hdl->references, &refs))
        return;

    if (refs > 0)
        return;

    /* last reference, we can clean up */
-    ossl_crypto_mutex_free(&c->mutex);
-    lh_QUIC_TOKEN_doall(c->cache, free_this_token);
-    lh_QUIC_TOKEN_free(c->cache);
-    OPENSSL_free(c);
+    ossl_crypto_mutex_free(&hdl->mutex);
+    lh_QUIC_TOKEN_doall(hdl->cache, free_this_token);
+    lh_QUIC_TOKEN_free(hdl->cache);
+    OPENSSL_free(hdl);
    return;
 }

-SSL_TOKEN_STORE_HANDLE *ossl_quic_get0_token_store(SSL_CTX *ctx)
+SSL_TOKEN_STORE *ossl_quic_get0_token_store(SSL_CTX *ctx)
 {
    return ctx->tokencache;
 }

-int ossl_quic_set1_token_store(SSL_CTX *ctx, SSL_TOKEN_STORE_HANDLE *hdl)
+int ossl_quic_set1_token_store(SSL_CTX *ctx, SSL_TOKEN_STORE *hdl)
 {
    SSL_TOKEN_STORE *new = hdl;
-    SSL_TOKEN_STORE_HANDLE *old = ctx->tokencache;
+    SSL_TOKEN_STORE *old = ctx->tokencache;
    int ref;

    if (!CRYPTO_UP_REF(&new->references, &ref))
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@ -7987,7 +7987,7 @@ SSL *SSL_new_from_listener(SSL *ssl, uint64_t flags)
 #endif
 }

-SSL_TOKEN_STORE_HANDLE *SSL_CTX_get0_token_store(SSL_CTX *ctx)
+SSL_TOKEN_STORE *SSL_CTX_get0_token_store(SSL_CTX *ctx)
 {
 #ifndef OPENSSL_NO_QUIC
    return ossl_quic_get0_token_store(ctx);
@ -7996,7 +7996,7 @@ SSL_TOKEN_STORE_HANDLE *SSL_CTX_get0_token_store(SSL_CTX *ctx)
 #endif
 }

-int SSL_CTX_set1_token_store(SSL_CTX *ctx, SSL_TOKEN_STORE_HANDLE *hdl)
+int SSL_CTX_set1_token_store(SSL_CTX *ctx, SSL_TOKEN_STORE *hdl)
 {
 #ifndef OPENSSL_NO_QUIC
    return ossl_quic_set1_token_store(ctx, hdl);
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@ -1201,7 +1201,7 @@ struct ssl_ctx_st {

 # ifndef OPENSSL_NO_QUIC
    uint64_t domain_flags;
-    SSL_TOKEN_STORE_HANDLE *tokencache;
+    SSL_TOKEN_STORE *tokencache;
 # endif

 # ifndef OPENSSL_NO_QLOG