void ssl_cert_free(CERT *c) { int i; if (c == NULL) return; CRYPTO_DOWN_REF(&c->references, &i, c->lock); REF_PRINT_COUNT("CERT", c); if (i > 0) return; REF_ASSERT_ISNT(i < 0); #ifndef OPENSSL_NO_DH EVP_PKEY_free(c->dh_tmp); #endif ssl_cert_clear_certs(c); OPENSSL_free(c->conf_sigalgs); OPENSSL_free(c->client_sigalgs); OPENSSL_free(c->shared_sigalgs); OPENSSL_free(c->ctype); X509_STORE_free(c->verify_store); X509_STORE_free(c->chain_store); custom_exts_free(&c->cli_ext); custom_exts_free(&c->srv_ext); #ifndef OPENSSL_NO_PSK OPENSSL_free(c->psk_identity_hint); #endif CRYPTO_THREAD_lock_free(c->lock); OPENSSL_free(c); }
void ssl_cert_free(CERT *c) { int i; if (c == NULL) return; i = CRYPTO_add(&c->references, -1, CRYPTO_LOCK_SSL_CERT); #ifdef REF_PRINT REF_PRINT("CERT", c); #endif if (i > 0) return; #ifdef REF_CHECK if (i < 0) { fprintf(stderr, "ssl_cert_free, bad reference count\n"); abort(); /* ok */ } #endif #ifndef OPENSSL_NO_RSA RSA_free(c->rsa_tmp); #endif #ifndef OPENSSL_NO_DH DH_free(c->dh_tmp); #endif #ifndef OPENSSL_NO_EC EC_KEY_free(c->ecdh_tmp); #endif ssl_cert_clear_certs(c); if (c->peer_sigalgs) OPENSSL_free(c->peer_sigalgs); if (c->conf_sigalgs) OPENSSL_free(c->conf_sigalgs); if (c->client_sigalgs) OPENSSL_free(c->client_sigalgs); if (c->shared_sigalgs) OPENSSL_free(c->shared_sigalgs); if (c->ctypes) OPENSSL_free(c->ctypes); if (c->verify_store) X509_STORE_free(c->verify_store); if (c->chain_store) X509_STORE_free(c->chain_store); if (c->ciphers_raw) OPENSSL_free(c->ciphers_raw); #ifndef OPENSSL_NO_TLSEXT custom_exts_free(&c->cli_ext); custom_exts_free(&c->srv_ext); #endif if (c->pms) { OPENSSL_cleanse(c->pms, c->pmslen); OPENSSL_free(c->pms); c->pms = NULL; } OPENSSL_free(c); }
void ssl_cert_free(CERT *c) { int i; if (c == NULL) return; i = CRYPTO_add(&c->references, -1, CRYPTO_LOCK_SSL_CERT); #ifdef REF_PRINT REF_PRINT("CERT", c); #endif if (i > 0) return; #ifdef REF_CHECK if (i < 0) { fprintf(stderr, "ssl_cert_free, bad reference count\n"); abort(); /* ok */ } #endif #ifndef OPENSSL_NO_DH DH_free(c->dh_tmp); #endif ssl_cert_clear_certs(c); OPENSSL_free(c->conf_sigalgs); OPENSSL_free(c->client_sigalgs); OPENSSL_free(c->shared_sigalgs); OPENSSL_free(c->ctypes); X509_STORE_free(c->verify_store); X509_STORE_free(c->chain_store); custom_exts_free(&c->cli_ext); custom_exts_free(&c->srv_ext); #ifndef OPENSSL_NO_PSK OPENSSL_free(c->psk_identity_hint); #endif OPENSSL_free(c); }
/* Copy table of custom extensions */ int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src) { size_t i; int err = 0; if (src->meths_count > 0) { dst->meths = OPENSSL_memdup(src->meths, sizeof(*src->meths) * src->meths_count); if (dst->meths == NULL) return 0; dst->meths_count = src->meths_count; for (i = 0; i < src->meths_count; i++) { custom_ext_method *methsrc = src->meths + i; custom_ext_method *methdst = dst->meths + i; if (methsrc->add_cb != custom_ext_add_old_cb_wrap) continue; /* * We have found an old style API wrapper. We need to copy the * arguments too. */ if (err) { methdst->add_arg = NULL; methdst->parse_arg = NULL; continue; } methdst->add_arg = OPENSSL_memdup(methsrc->add_arg, sizeof(custom_ext_add_cb_wrap)); methdst->parse_arg = OPENSSL_memdup(methsrc->parse_arg, sizeof(custom_ext_parse_cb_wrap)); if (methdst->add_arg == NULL || methdst->parse_arg == NULL) err = 1; } } if (err) { custom_exts_free(dst); return 0; } return 1; }
CERT *ssl_cert_dup(CERT *cert) { CERT *ret; int i; ret = (CERT *)OPENSSL_malloc(sizeof(CERT)); if (ret == NULL) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); return (NULL); } memset(ret, 0, sizeof(CERT)); ret->references = 1; ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]]; /* * or ret->key = ret->pkeys + (cert->key - cert->pkeys), if you find that * more readable */ ret->valid = cert->valid; ret->mask_k = cert->mask_k; ret->mask_a = cert->mask_a; ret->export_mask_k = cert->export_mask_k; ret->export_mask_a = cert->export_mask_a; #ifndef OPENSSL_NO_RSA if (cert->rsa_tmp != NULL) { RSA_up_ref(cert->rsa_tmp); ret->rsa_tmp = cert->rsa_tmp; } ret->rsa_tmp_cb = cert->rsa_tmp_cb; #endif #ifndef OPENSSL_NO_DH if (cert->dh_tmp != NULL) { ret->dh_tmp = DHparams_dup(cert->dh_tmp); if (ret->dh_tmp == NULL) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB); goto err; } if (cert->dh_tmp->priv_key) { BIGNUM *b = BN_dup(cert->dh_tmp->priv_key); if (!b) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); goto err; } ret->dh_tmp->priv_key = b; } if (cert->dh_tmp->pub_key) { BIGNUM *b = BN_dup(cert->dh_tmp->pub_key); if (!b) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); goto err; } ret->dh_tmp->pub_key = b; } } ret->dh_tmp_cb = cert->dh_tmp_cb; #endif #ifndef OPENSSL_NO_ECDH if (cert->ecdh_tmp) { ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp); if (ret->ecdh_tmp == NULL) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB); goto err; } } ret->ecdh_tmp_cb = cert->ecdh_tmp_cb; ret->ecdh_tmp_auto = cert->ecdh_tmp_auto; #endif for (i = 0; i < SSL_PKEY_NUM; i++) { CERT_PKEY *cpk = cert->pkeys + i; CERT_PKEY *rpk = ret->pkeys + i; if (cpk->x509 != NULL) { rpk->x509 = cpk->x509; CRYPTO_add(&rpk->x509->references, 1, CRYPTO_LOCK_X509); } if (cpk->privatekey != NULL) { rpk->privatekey = cpk->privatekey; CRYPTO_add(&cpk->privatekey->references, 1, CRYPTO_LOCK_EVP_PKEY); } if (cpk->chain) { rpk->chain = X509_chain_up_ref(cpk->chain); if (!rpk->chain) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); goto err; } } rpk->valid_flags = 0; #ifndef OPENSSL_NO_TLSEXT if (cert->pkeys[i].serverinfo != NULL) { /* Just copy everything. */ ret->pkeys[i].serverinfo = OPENSSL_malloc(cert->pkeys[i].serverinfo_length); if (ret->pkeys[i].serverinfo == NULL) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); return NULL; } ret->pkeys[i].serverinfo_length = cert->pkeys[i].serverinfo_length; memcpy(ret->pkeys[i].serverinfo, cert->pkeys[i].serverinfo, cert->pkeys[i].serverinfo_length); } #endif } /* * Set digests to defaults. NB: we don't copy existing values as they * will be set during handshake. */ ssl_cert_set_default_md(ret); /* Peer sigalgs set to NULL as we get these from handshake too */ ret->peer_sigalgs = NULL; ret->peer_sigalgslen = 0; /* Configured sigalgs however we copy across */ if (cert->conf_sigalgs) { ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen); if (!ret->conf_sigalgs) goto err; memcpy(ret->conf_sigalgs, cert->conf_sigalgs, cert->conf_sigalgslen); ret->conf_sigalgslen = cert->conf_sigalgslen; } else ret->conf_sigalgs = NULL; if (cert->client_sigalgs) { ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen); if (!ret->client_sigalgs) goto err; memcpy(ret->client_sigalgs, cert->client_sigalgs, cert->client_sigalgslen); ret->client_sigalgslen = cert->client_sigalgslen; } else ret->client_sigalgs = NULL; /* Shared sigalgs also NULL */ ret->shared_sigalgs = NULL; /* Copy any custom client certificate types */ if (cert->ctypes) { ret->ctypes = OPENSSL_malloc(cert->ctype_num); if (!ret->ctypes) goto err; memcpy(ret->ctypes, cert->ctypes, cert->ctype_num); ret->ctype_num = cert->ctype_num; } ret->cert_flags = cert->cert_flags; ret->cert_cb = cert->cert_cb; ret->cert_cb_arg = cert->cert_cb_arg; if (cert->verify_store) { CRYPTO_add(&cert->verify_store->references, 1, CRYPTO_LOCK_X509_STORE); ret->verify_store = cert->verify_store; } if (cert->chain_store) { CRYPTO_add(&cert->chain_store->references, 1, CRYPTO_LOCK_X509_STORE); ret->chain_store = cert->chain_store; } ret->ciphers_raw = NULL; #ifndef OPENSSL_NO_TLSEXT if (!custom_exts_copy(&ret->cli_ext, &cert->cli_ext)) goto err; if (!custom_exts_copy(&ret->srv_ext, &cert->srv_ext)) goto err; #endif return (ret); #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH) err: #endif #ifndef OPENSSL_NO_RSA if (ret->rsa_tmp != NULL) RSA_free(ret->rsa_tmp); #endif #ifndef OPENSSL_NO_DH if (ret->dh_tmp != NULL) DH_free(ret->dh_tmp); #endif #ifndef OPENSSL_NO_ECDH if (ret->ecdh_tmp != NULL) EC_KEY_free(ret->ecdh_tmp); #endif #ifndef OPENSSL_NO_TLSEXT custom_exts_free(&ret->cli_ext); custom_exts_free(&ret->srv_ext); #endif ssl_cert_clear_certs(ret); return NULL; }