void ssl3_free(SSL *s) {
if (s == NULL || s->s3 == NULL) {
return;
}
ssl3_cleanup_key_block(s);
ssl_read_buffer_clear(s);
ssl_write_buffer_clear(s);
DH_free(s->s3->tmp.dh);
EC_KEY_free(s->s3->tmp.ecdh);
sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
OPENSSL_free(s->s3->tmp.certificate_types);
OPENSSL_free(s->s3->tmp.peer_ellipticcurvelist);
OPENSSL_free(s->s3->tmp.peer_psk_identity_hint);
DH_free(s->s3->tmp.peer_dh_tmp);
EC_KEY_free(s->s3->tmp.peer_ecdh_tmp);
ssl3_free_handshake_buffer(s);
ssl3_free_handshake_hash(s);
OPENSSL_free(s->s3->alpn_selected);
OPENSSL_cleanse(s->s3, sizeof *s->s3);
OPENSSL_free(s->s3);
s->s3 = NULL;
}
void ssl3_free(SSL *ssl) {
if (ssl == NULL || ssl->s3 == NULL) {
return;
}
ssl3_cleanup_key_block(ssl);
ssl_read_buffer_clear(ssl);
ssl_write_buffer_clear(ssl);
SSL_ECDH_CTX_cleanup(&ssl->s3->tmp.ecdh_ctx);
OPENSSL_free(ssl->s3->tmp.peer_key);
sk_X509_NAME_pop_free(ssl->s3->tmp.ca_names, X509_NAME_free);
OPENSSL_free(ssl->s3->tmp.certificate_types);
OPENSSL_free(ssl->s3->tmp.peer_ellipticcurvelist);
OPENSSL_free(ssl->s3->tmp.peer_psk_identity_hint);
ssl3_free_handshake_buffer(ssl);
ssl3_free_handshake_hash(ssl);
OPENSSL_free(ssl->s3->next_proto_negotiated);
OPENSSL_free(ssl->s3->alpn_selected);
SSL_AEAD_CTX_free(ssl->s3->aead_read_ctx);
SSL_AEAD_CTX_free(ssl->s3->aead_write_ctx);
OPENSSL_cleanse(ssl->s3, sizeof *ssl->s3);
OPENSSL_free(ssl->s3);
ssl->s3 = NULL;
}
void ssl3_free(SSL *ssl) {
if (ssl == NULL || ssl->s3 == NULL) {
return;
}
ssl3_cleanup_key_block(ssl);
ssl_read_buffer_clear(ssl);
ssl_write_buffer_clear(ssl);
SSL_ECDH_CTX_cleanup(&ssl->s3->tmp.ecdh_ctx);
OPENSSL_free(ssl->s3->tmp.peer_key);
OPENSSL_free(ssl->s3->tmp.server_params);
sk_X509_NAME_pop_free(ssl->s3->tmp.ca_names, X509_NAME_free);
OPENSSL_free(ssl->s3->tmp.certificate_types);
OPENSSL_free(ssl->s3->tmp.peer_supported_group_list);
OPENSSL_free(ssl->s3->tmp.peer_psk_identity_hint);
SSL_SESSION_free(ssl->s3->new_session);
SSL_SESSION_free(ssl->s3->established_session);
ssl3_free_handshake_buffer(ssl);
ssl3_free_handshake_hash(ssl);
ssl_handshake_free(ssl->s3->hs);
OPENSSL_free(ssl->s3->next_proto_negotiated);
OPENSSL_free(ssl->s3->alpn_selected);
SSL_AEAD_CTX_free(ssl->s3->aead_read_ctx);
SSL_AEAD_CTX_free(ssl->s3->aead_write_ctx);
OPENSSL_free(ssl->s3->pending_message);
OPENSSL_cleanse(ssl->s3, sizeof *ssl->s3);
OPENSSL_free(ssl->s3);
ssl->s3 = NULL;
}
static int dtls_write_buffer_flush(SSL *ssl) {
SSL3_BUFFER *buf = &ssl->s3->write_buffer;
if (buf->len == 0) {
return 1;
}
int ret = BIO_write(ssl->wbio, buf->buf + buf->offset, buf->len);
if (ret <= 0) {
ssl->rwstate = SSL_WRITING;
/* If the write failed, drop the write buffer anyway. Datagram transports
* can't write half a packet, so the caller is expected to retry from the
* top. */
ssl_write_buffer_clear(ssl);
return ret;
}
ssl_write_buffer_clear(ssl);
return 1;
}
static int tls_write_buffer_flush(SSL *ssl) {
SSL3_BUFFER *buf = &ssl->s3->write_buffer;
while (buf->len > 0) {
int ret = BIO_write(ssl->wbio, buf->buf + buf->offset, buf->len);
if (ret <= 0) {
ssl->rwstate = SSL_WRITING;
return ret;
}
consume_buffer(buf, (size_t)ret);
}
ssl_write_buffer_clear(ssl);
return 1;
}
static int do_dtls1_write(SSL *s, int type, const uint8_t *buf,
unsigned int len, enum dtls1_use_epoch_t use_epoch) {
/* There should never be a pending write buffer in DTLS. One can't write half
* a datagram, so the write buffer is always dropped in
* |ssl_write_buffer_flush|. */
assert(!ssl_write_buffer_is_pending(s));
/* If we have an alert to send, lets send it */
if (s->s3->alert_dispatch) {
int ret = s->method->ssl_dispatch_alert(s);
if (ret <= 0) {
return ret;
}
/* if it went, fall through and send more stuff */
}
if (len > SSL3_RT_MAX_PLAIN_LENGTH) {
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
return -1;
}
if (len == 0) {
return 0;
}
size_t max_out = len + ssl_max_seal_overhead(s);
uint8_t *out;
size_t ciphertext_len;
if (!ssl_write_buffer_init(s, &out, max_out) ||
!dtls_seal_record(s, out, &ciphertext_len, max_out, type, buf, len,
use_epoch)) {
ssl_write_buffer_clear(s);
return -1;
}
ssl_write_buffer_set_len(s, ciphertext_len);
int ret = ssl_write_buffer_flush(s);
if (ret <= 0) {
return ret;
}
return (int)len;
}
void ssl3_free(SSL *ssl) {
if (ssl == NULL || ssl->s3 == NULL) {
return;
}
ssl3_cleanup_key_block(ssl);
ssl_read_buffer_clear(ssl);
ssl_write_buffer_clear(ssl);
SSL_SESSION_free(ssl->s3->new_session);
SSL_SESSION_free(ssl->s3->established_session);
ssl3_free_handshake_buffer(ssl);
ssl3_free_handshake_hash(ssl);
ssl_handshake_free(ssl->s3->hs);
OPENSSL_free(ssl->s3->next_proto_negotiated);
OPENSSL_free(ssl->s3->alpn_selected);
SSL_AEAD_CTX_free(ssl->s3->aead_read_ctx);
SSL_AEAD_CTX_free(ssl->s3->aead_write_ctx);
OPENSSL_free(ssl->s3->pending_message);
OPENSSL_cleanse(ssl->s3, sizeof *ssl->s3);
OPENSSL_free(ssl->s3);
ssl->s3 = NULL;
}