void SSL_SESSION_free(SSL_SESSION *ss) { int i; if (ss == NULL) return; i = CRYPTO_add(&ss->references, -1, CRYPTO_LOCK_SSL_SESSION); if (i > 0) return; CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->internal->ex_data); explicit_bzero(ss->master_key, sizeof ss->master_key); explicit_bzero(ss->session_id, sizeof ss->session_id); ssl_sess_cert_free(ss->internal->sess_cert); X509_free(ss->peer); sk_SSL_CIPHER_free(ss->ciphers); free(ss->tlsext_hostname); free(ss->tlsext_tick); free(ss->internal->tlsext_ecpointformatlist); free(ss->internal->tlsext_supportedgroups); freezero(ss->internal, sizeof(*ss->internal)); freezero(ss, sizeof(*ss)); }
void SSL_SESSION_free(SSL_SESSION *session) { if (session == NULL || !CRYPTO_refcount_dec_and_test_zero(&session->references)) { return; } CRYPTO_free_ex_data(&g_ex_data_class, session, &session->ex_data); OPENSSL_cleanse(session->master_key, sizeof(session->master_key)); OPENSSL_cleanse(session->session_id, sizeof(session->session_id)); ssl_sess_cert_free(session->sess_cert); X509_free(session->peer); OPENSSL_free(session->tlsext_hostname); OPENSSL_free(session->tlsext_tick); OPENSSL_free(session->tlsext_signed_cert_timestamp_list); OPENSSL_free(session->ocsp_response); OPENSSL_free(session->psk_identity); OPENSSL_cleanse(session, sizeof(*session)); OPENSSL_free(session); }
void SSL_SESSION_free(SSL_SESSION *ss) { int i; if (ss == NULL) { return; } i = CRYPTO_add(&ss->references, -1, CRYPTO_LOCK_SSL_SESSION); if (i > 0) { return; } CRYPTO_free_ex_data(&g_ex_data_class, ss, &ss->ex_data); OPENSSL_cleanse(ss->master_key, sizeof ss->master_key); OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); if (ss->sess_cert != NULL) { ssl_sess_cert_free(ss->sess_cert); } if (ss->peer != NULL) { X509_free(ss->peer); } if (ss->tlsext_hostname != NULL) { OPENSSL_free(ss->tlsext_hostname); } if (ss->tlsext_tick != NULL) { OPENSSL_free(ss->tlsext_tick); } if (ss->tlsext_signed_cert_timestamp_list != NULL) { OPENSSL_free(ss->tlsext_signed_cert_timestamp_list); } if (ss->ocsp_response != NULL) { OPENSSL_free(ss->ocsp_response); } if (ss->psk_identity != NULL) { OPENSSL_free(ss->psk_identity); } OPENSSL_cleanse(ss, sizeof(*ss)); OPENSSL_free(ss); }
/* loads in the certificate from the server */ int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data) { STACK_OF(X509) *sk=NULL; EVP_PKEY *pkey=NULL; SESS_CERT *sc=NULL; int i; X509 *x509=NULL; int ret=0; x509=d2i_X509(NULL,&data,(long)len); if (x509 == NULL) { SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_X509_LIB); goto err; } if ((sk=sk_X509_new_null()) == NULL || !sk_X509_push(sk,x509)) { SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_MALLOC_FAILURE); goto err; } i=ssl_verify_cert_chain(s,sk); if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)) { SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); goto err; } ERR_clear_error(); /* but we keep s->verify_result */ s->session->verify_result = s->verify_result; /* server's cert for this session */ sc=ssl_sess_cert_new(); if (sc == NULL) { ret= -1; goto err; } if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert); s->session->sess_cert=sc; sc->peer_pkeys[SSL_PKEY_RSA_ENC].x509=x509; sc->peer_key= &(sc->peer_pkeys[SSL_PKEY_RSA_ENC]); pkey=X509_get_pubkey(x509); x509=NULL; if (pkey == NULL) { SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY); goto err; } if (pkey->type != EVP_PKEY_RSA) { SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_PUBLIC_KEY_NOT_RSA); goto err; } if (!ssl_set_peer_cert_type(sc,SSL2_CT_X509_CERTIFICATE)) goto err; ret=1; err: sk_X509_free(sk); X509_free(x509); EVP_PKEY_free(pkey); return(ret); }