From a3fda9f992be4d37903342e51be1a8e97bd814a5 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Thu, 21 May 2020 10:49:26 +0200 Subject: [PATCH] nts: free client cert credentials when not used Destroy the client cert credentials when destroying the last NKC instance instead of NKC_Finalise(). This allows the client to reload the trusted cert file between NTS-KE sessions. --- main.c | 3 --- nts_ke_client.c | 30 ++++++++++-------------------- nts_ke_client.h | 4 ---- stubs.c | 10 ---------- test/unit/nts_ke_client.c | 2 -- 5 files changed, 10 insertions(+), 39 deletions(-) diff --git a/main.c b/main.c index 5701d41..48a1948 100644 --- a/main.c +++ b/main.c @@ -38,7 +38,6 @@ #include "ntp_signd.h" #include "ntp_sources.h" #include "ntp_core.h" -#include "nts_ke_client.h" #include "nts_ke_server.h" #include "nts_ntp_server.h" #include "socket.h" @@ -114,7 +113,6 @@ MAI_CleanupAndExit(void) TMC_Finalise(); MNL_Finalise(); CLG_Finalise(); - NKC_Finalise(); NKS_Finalise(); NNS_Finalise(); NSD_Finalise(); @@ -589,7 +587,6 @@ int main NSD_Initialise(); NNS_Initialise(); NKS_Initialise(scfilter_level); - NKC_Initialise(); CLG_Initialise(); MNL_Initialise(); TMC_Initialise(); diff --git a/nts_ke_client.c b/nts_ke_client.c index 58c3f31..f37d768 100644 --- a/nts_ke_client.c +++ b/nts_ke_client.c @@ -58,7 +58,8 @@ struct NKC_Instance_Record { /* ================================================== */ -static void *client_credentials; +static void *client_credentials = NULL; +static int client_credentials_refs = 0; /* ================================================== */ @@ -256,23 +257,6 @@ handle_message(void *arg) /* ================================================== */ -void -NKC_Initialise(void) -{ - client_credentials = NULL; -} - -/* ================================================== */ - -void -NKC_Finalise(void) -{ - if (client_credentials) - NKSN_DestroyCertCredentials(client_credentials); -} - -/* ================================================== */ - NKC_Instance NKC_CreateInstance(IPSockAddr *address, const char *name) { @@ -287,10 +271,10 @@ NKC_CreateInstance(IPSockAddr *address, const char *name) inst->destroying = 0; inst->got_response = 0; - /* Create the credentials with the first client instance and share them - with other instances */ + /* Share the credentials with other client instances */ if (!client_credentials) client_credentials = NKSN_CreateCertCredentials(NULL, NULL, CNF_GetNtsTrustedCertFile()); + client_credentials_refs++; return inst; } @@ -310,6 +294,12 @@ NKC_DestroyInstance(NKC_Instance inst) Free(inst->name); Free(inst); + + client_credentials_refs--; + if (client_credentials_refs <= 0 && client_credentials) { + NKSN_DestroyCertCredentials(client_credentials); + client_credentials = NULL; + } } /* ================================================== */ diff --git a/nts_ke_client.h b/nts_ke_client.h index b800ac2..9738b10 100644 --- a/nts_ke_client.h +++ b/nts_ke_client.h @@ -32,10 +32,6 @@ typedef struct NKC_Instance_Record *NKC_Instance; -/* Init and fini functions */ -extern void NKC_Initialise(void); -extern void NKC_Finalise(void); - /* Create a client NTS-KE instance */ extern NKC_Instance NKC_CreateInstance(IPSockAddr *address, const char *name); diff --git a/stubs.c b/stubs.c index e011995..dece36f 100644 --- a/stubs.c +++ b/stubs.c @@ -536,16 +536,6 @@ NNC_GetReport(NNC_Instance inst, RPT_AuthReport *report) { } -void -NKC_Initialise(void) -{ -} - -void -NKC_Finalise(void) -{ -} - void NKS_Initialise(int scfilter_level) { diff --git a/test/unit/nts_ke_client.c b/test/unit/nts_ke_client.c index 80d5232..99161a8 100644 --- a/test/unit/nts_ke_client.c +++ b/test/unit/nts_ke_client.c @@ -112,7 +112,6 @@ test_unit(void) CNF_ParseLine(NULL, i + 1, conf[i]); LCL_Initialise(); - NKC_Initialise(); SCK_GetLoopbackIPAddress(AF_INET, &addr.ip_addr); addr.port = 0; @@ -129,7 +128,6 @@ test_unit(void) NKC_DestroyInstance(inst); - NKC_Finalise(); LCL_Finalise(); CNF_Finalise(); }