diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-08-26 10:29:59 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-08-26 10:29:59 +0000 |
| commit | ef9d2cfde6b877081c468c6d550b1e48866e9ed0 (patch) | |
| tree | 06a2d35c73bfee9212c3dda128d56c3f07608948 /libssl.cc | |
| parent | Adding upstream version 1.9.5. (diff) | |
| download | dnsdist-upstream.tar.xz dnsdist-upstream.zip | |
Adding upstream version 1.9.6.upstream/1.9.6upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'libssl.cc')
| -rw-r--r-- | libssl.cc | 23 |
1 files changed, 23 insertions, 0 deletions
@@ -12,9 +12,11 @@ #include <pthread.h> #include <openssl/conf.h> +#if OPENSSL_VERSION_MAJOR < 3 || !defined(HAVE_TLS_PROVIDERS) #ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> #endif +#endif #include <openssl/err.h> #ifndef DISABLE_OCSP_STAPLING #include <openssl/ocsp.h> @@ -42,6 +44,7 @@ #undef CERT #include "misc.hh" +#include "tcpiohandler.hh" #if (OPENSSL_VERSION_NUMBER < 0x1010000fL || (defined LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2090100fL) /* OpenSSL < 1.1.0 needs support for threading/locking in the calling application. */ @@ -631,6 +634,13 @@ OpenSSLTLSTicketKeysRing::~OpenSSLTLSTicketKeysRing() = default; void OpenSSLTLSTicketKeysRing::addKey(std::shared_ptr<OpenSSLTLSTicketKey>&& newKey) { d_ticketKeys.write_lock()->push_front(std::move(newKey)); + if (TLSCtx::hasTicketsKeyAddedHook()) { + auto key = d_ticketKeys.read_lock()->front(); + auto keyContent = key->content(); + TLSCtx::getTicketsKeyAddedHook()(keyContent); + // fills mem with 0's + OPENSSL_cleanse(keyContent.data(), keyContent.size()); + } } std::shared_ptr<OpenSSLTLSTicketKey> OpenSSLTLSTicketKeysRing::getEncryptionKey() @@ -737,6 +747,19 @@ bool OpenSSLTLSTicketKey::nameMatches(const unsigned char name[TLS_TICKETS_KEY_N return (memcmp(d_name, name, sizeof(d_name)) == 0); } +std::string OpenSSLTLSTicketKey::content() const +{ + std::string result{}; + result.reserve(TLS_TICKETS_KEY_NAME_SIZE + TLS_TICKETS_CIPHER_KEY_SIZE + TLS_TICKETS_MAC_KEY_SIZE); + // NOLINTBEGIN(cppcoreguidelines-pro-type-reinterpret-cast) + result.append(reinterpret_cast<const char*>(d_name), TLS_TICKETS_KEY_NAME_SIZE); + result.append(reinterpret_cast<const char*>(d_cipherKey), TLS_TICKETS_CIPHER_KEY_SIZE); + result.append(reinterpret_cast<const char*>(d_hmacKey), TLS_TICKETS_MAC_KEY_SIZE); + // NOLINTEND(cppcoreguidelines-pro-type-reinterpret-cast) + + return result; +} + #if OPENSSL_VERSION_MAJOR >= 3 static const std::string sha256KeyName{"sha256"}; #endif |