Merge pull request #1393 from pguyot/w50/fix-ssl-resource-cleanup

Fix destruction of SSL-related resources Ensure that ctr_drbg resource is held by ssl context, fixing dependency of resources and destructor chain These changes are made under both the "Apache 2.0" and the "GNU Lesser General Public License 2.1 or later" license terms (dual license). SPDX-License-Identifier: Apache-2.0 OR LGPL-2.1-or-later
atomvm · Dec 11, 2024 · 5967ad9 · 5967ad9
2 parents d0fbe57 + a01dce5
commit 5967ad9
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -20,6 +20,7 @@ might lead to a crash in certain situations.
 - Fixed generic\_unix `socket_driver` to return `{gen_tcp, closed}` when socket is closed on Linux instead of `{gen_tcp, {recv, 104}}`
 - Fixed a memory leak where modules were not properly destroyed when the global context is destroyd
 - alisp: fix support to variables that are not binaries or integers.
+- Fixed destruction of ssl-related resources
 
 ## [0.6.5] - 2024-10-15
 

diff --git a/src/libAtomVM/otp_ssl.c b/src/libAtomVM/otp_ssl.c
@@ -107,10 +107,10 @@ static void ctrdrbg_dtor(ErlNifEnv *caller_env, void *obj)
     UNUSED(caller_env);
 
     struct CtrDrbgResource *rsrc_obj = (struct CtrDrbgResource *) obj;
+    mbedtls_entropy_context *entropy_context = rsrc_obj->context.MBEDTLS_PRIVATE(p_entropy);
     // Release the drbg first
     mbedtls_ctr_drbg_free(&rsrc_obj->context);
     // Eventually release the entropy
-    mbedtls_entropy_context *entropy_context = rsrc_obj->context.MBEDTLS_PRIVATE(p_entropy);
     if (entropy_context) {
         struct EntropyContextResource *entropy_obj = CONTAINER_OF(entropy_context, struct EntropyContextResource, context);
         struct RefcBinary *entropy_refc = refc_binary_from_data(entropy_obj);
@@ -124,10 +124,10 @@ static void sslcontext_dtor(ErlNifEnv *caller_env, void *obj)
     UNUSED(caller_env);
 
     struct SSLContextResource *rsrc_obj = (struct SSLContextResource *) obj;
+    const mbedtls_ssl_config *config = rsrc_obj->context.MBEDTLS_PRIVATE(conf);
     // Free the context first
     mbedtls_ssl_free(&rsrc_obj->context);
     // Eventually release the config
-    const mbedtls_ssl_config *config = rsrc_obj->context.MBEDTLS_PRIVATE(conf);
     if (config) {
         struct SSLConfigResource *config_obj = CONTAINER_OF(config, struct SSLConfigResource, config);
         struct RefcBinary *config_refc = refc_binary_from_data(config_obj);
@@ -141,7 +141,15 @@ static void sslconfig_dtor(ErlNifEnv *caller_env, void *obj)
     UNUSED(caller_env);
 
     struct SSLConfigResource *rsrc_obj = (struct SSLConfigResource *) obj;
+    const mbedtls_ctr_drbg_context *ctr_drbg_context = rsrc_obj->config.MBEDTLS_PRIVATE(p_rng);
     mbedtls_ssl_config_free(&rsrc_obj->config);
+
+    // Eventually release the ctrdrbg
+    if (ctr_drbg_context) {
+        struct CtrDrbgResource *rng_obj = CONTAINER_OF(ctr_drbg_context, struct CtrDrbgResource, context);
+        struct RefcBinary *config_refc = refc_binary_from_data(rng_obj);
+        refc_binary_decrement_refcount(config_refc, caller_env->global);
+    }
 }
 
 static const ErlNifResourceTypeInit EntropyContextResourceTypeInit = {
@@ -476,6 +484,9 @@ static term nif_ssl_conf_rng(Context *ctx, int argc, term argv[])
     }
     struct CtrDrbgResource *ctr_drbg_obj = (struct CtrDrbgResource *) rsrc_obj_ptr;
 
+    struct RefcBinary *ctr_drbg_refc = refc_binary_from_data(ctr_drbg_obj);
+    refc_binary_increment_refcount(ctr_drbg_refc);
+
     mbedtls_ssl_conf_rng(&conf_obj->config, mbedtls_ctr_drbg_random, &ctr_drbg_obj->context);
 
     return OK_ATOM;