static void x509_verify_param_zero(X509_VERIFY_PARAM *param) { if (!param) return; param->name = NULL; param->purpose = 0; param->trust = X509_TRUST_DEFAULT; /* * param->inh_flags = X509_VP_FLAG_DEFAULT; */ param->inh_flags = 0; param->flags = 0; param->depth = -1; param->auth_level = -1; /* -1 means unset, 0 is explicit */ sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); param->policies = NULL; sk_OPENSSL_STRING_pop_free(param->hosts, str_free); param->hosts = NULL; OPENSSL_free(param->peername); param->peername = NULL; OPENSSL_free(param->email); param->email = NULL; param->emaillen = 0; OPENSSL_free(param->ip); param->ip = NULL; param->iplen = 0; }
void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) { if (param == NULL) return; sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); sk_OPENSSL_STRING_pop_free(param->hosts, str_free); OPENSSL_free(param->peername); OPENSSL_free(param->email); OPENSSL_free(param->ip); OPENSSL_free(param); }
/* * Because our ex_data element may or may not get allocated depending on * whether a "first-use" occurs before the ENGINE is freed, we have a memory * leak problem to solve. We can't declare a "new" handler for the ex_data as * we don't want a dynamic_data_ctx in *all* ENGINE structures of all types * (this is a bug in the design of CRYPTO_EX_DATA). As such, we just declare * a "free" handler and that will get called if an ENGINE is being destroyed * and there was an ex_data element corresponding to our context type. */ static void dynamic_data_ctx_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp) { if (ptr) { dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr; DSO_free(ctx->dynamic_dso); OPENSSL_free(ctx->DYNAMIC_LIBNAME); OPENSSL_free(ctx->engine_id); sk_OPENSSL_STRING_pop_free(ctx->dirs, int_free_str); OPENSSL_free(ctx); } }
static int int_x509_param_set_hosts(X509_VERIFY_PARAM *vpm, int mode, const char *name, size_t namelen) { char *copy; /* * Refuse names with embedded NUL bytes, except perhaps as final byte. * XXX: Do we need to push an error onto the error stack? */ if (namelen == 0 || name == NULL) namelen = name ? strlen(name) : 0; else if (name && memchr(name, '\0', namelen > 1 ? namelen - 1 : namelen)) return 0; if (namelen > 0 && name[namelen - 1] == '\0') --namelen; if (mode == SET_HOST) { sk_OPENSSL_STRING_pop_free(vpm->hosts, str_free); vpm->hosts = NULL; } if (name == NULL || namelen == 0) return 1; copy = OPENSSL_strndup(name, namelen); if (copy == NULL) return 0; if (vpm->hosts == NULL && (vpm->hosts = sk_OPENSSL_STRING_new_null()) == NULL) { OPENSSL_free(copy); return 0; } if (!sk_OPENSSL_STRING_push(vpm->hosts, copy)) { OPENSSL_free(copy); if (sk_OPENSSL_STRING_num(vpm->hosts) == 0) { sk_OPENSSL_STRING_free(vpm->hosts); vpm->hosts = NULL; } return 0; } return 1; }
int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, const X509_VERIFY_PARAM *src) { unsigned long inh_flags; int to_default, to_overwrite; if (!src) return 1; inh_flags = dest->inh_flags | src->inh_flags; if (inh_flags & X509_VP_FLAG_ONCE) dest->inh_flags = 0; if (inh_flags & X509_VP_FLAG_LOCKED) return 1; if (inh_flags & X509_VP_FLAG_DEFAULT) to_default = 1; else to_default = 0; if (inh_flags & X509_VP_FLAG_OVERWRITE) to_overwrite = 1; else to_overwrite = 0; x509_verify_param_copy(purpose, 0); x509_verify_param_copy(trust, X509_TRUST_DEFAULT); x509_verify_param_copy(depth, -1); x509_verify_param_copy(auth_level, -1); /* If overwrite or check time not set, copy across */ if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME)) { dest->check_time = src->check_time; dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME; /* Don't need to copy flag: that is done below */ } if (inh_flags & X509_VP_FLAG_RESET_FLAGS) dest->flags = 0; dest->flags |= src->flags; if (test_x509_verify_param_copy(policies, NULL)) { if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies)) return 0; } /* Copy the host flags if and only if we're copying the host list */ if (test_x509_verify_param_copy(hosts, NULL)) { sk_OPENSSL_STRING_pop_free(dest->hosts, str_free); dest->hosts = NULL; if (src->hosts) { dest->hosts = sk_OPENSSL_STRING_deep_copy(src->hosts, str_copy, str_free); if (dest->hosts == NULL) return 0; dest->hostflags = src->hostflags; } } if (test_x509_verify_param_copy(email, NULL)) { if (!X509_VERIFY_PARAM_set1_email(dest, src->email, src->emaillen)) return 0; } if (test_x509_verify_param_copy(ip, NULL)) { if (!X509_VERIFY_PARAM_set1_ip(dest, src->ip, src->iplen)) return 0; } return 1; }
static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent) { static const int line_wrap = 78; int num; int ret = 0; char *name = NULL; char *desc = NULL; int flags; int xpos = 0; STACK_OF(OPENSSL_STRING) *cmds = NULL; if(!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) || ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE, 0, NULL, NULL)) <= 0)) { #if 0 BIO_printf(bio_out, "%s<no control commands>\n", indent); #endif return 1; } cmds = sk_OPENSSL_STRING_new_null(); if(!cmds) goto err; do { int len; /* Get the command input flags */ if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL)) < 0) goto err; if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) { /* Get the command name */ if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num, NULL, NULL)) <= 0) goto err; if((name = OPENSSL_malloc(len + 1)) == NULL) goto err; if(ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name, NULL) <= 0) goto err; /* Get the command description */ if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num, NULL, NULL)) < 0) goto err; if(len > 0) { if((desc = OPENSSL_malloc(len + 1)) == NULL) goto err; if(ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc, NULL) <= 0) goto err; } /* Now decide on the output */ if(xpos == 0) /* Do an indent */ xpos = BIO_puts(bio_out, indent); else /* Otherwise prepend a ", " */ xpos += BIO_printf(bio_out, ", "); if(verbose == 1) { /* We're just listing names, comma-delimited */ if((xpos > (int)strlen(indent)) && (xpos + (int)strlen(name) > line_wrap)) { BIO_printf(bio_out, "\n"); xpos = BIO_puts(bio_out, indent); } xpos += BIO_printf(bio_out, "%s", name); } else { /* We're listing names plus descriptions */ BIO_printf(bio_out, "%s: %s\n", name, (desc == NULL) ? "<no description>" : desc); /* ... and sometimes input flags */ if((verbose >= 3) && !util_flags(bio_out, flags, indent)) goto err; xpos = 0; } } OPENSSL_free(name); name = NULL; if(desc) { OPENSSL_free(desc); desc = NULL; } /* Move to the next command */ num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE, num, NULL, NULL); } while(num > 0); if(xpos > 0) BIO_printf(bio_out, "\n"); ret = 1; err: if(cmds) sk_OPENSSL_STRING_pop_free(cmds, identity); if(name) OPENSSL_free(name); if(desc) OPENSSL_free(desc); return ret; }