void
SSL_SESSION_free(SSL_SESSION *ss)
{
int i;
if (ss == NULL)
return;
i = CRYPTO_add(&ss->references, -1, CRYPTO_LOCK_SSL_SESSION);
if (i > 0)
return;
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->internal->ex_data);
explicit_bzero(ss->master_key, sizeof ss->master_key);
explicit_bzero(ss->session_id, sizeof ss->session_id);
ssl_sess_cert_free(ss->internal->sess_cert);
X509_free(ss->peer);
sk_SSL_CIPHER_free(ss->ciphers);
free(ss->tlsext_hostname);
free(ss->tlsext_tick);
free(ss->internal->tlsext_ecpointformatlist);
free(ss->internal->tlsext_supportedgroups);
freezero(ss->internal, sizeof(*ss->internal));
freezero(ss, sizeof(*ss));
}
void SSL_SESSION_free(SSL_SESSION *session) {
if (session == NULL ||
!CRYPTO_refcount_dec_and_test_zero(&session->references)) {
return;
}
CRYPTO_free_ex_data(&g_ex_data_class, session, &session->ex_data);
OPENSSL_cleanse(session->master_key, sizeof(session->master_key));
OPENSSL_cleanse(session->session_id, sizeof(session->session_id));
ssl_sess_cert_free(session->sess_cert);
X509_free(session->peer);
OPENSSL_free(session->tlsext_hostname);
OPENSSL_free(session->tlsext_tick);
OPENSSL_free(session->tlsext_signed_cert_timestamp_list);
OPENSSL_free(session->ocsp_response);
OPENSSL_free(session->psk_identity);
OPENSSL_cleanse(session, sizeof(*session));
OPENSSL_free(session);
}
void SSL_SESSION_free(SSL_SESSION *ss) {
int i;
if (ss == NULL) {
return;
}
i = CRYPTO_add(&ss->references, -1, CRYPTO_LOCK_SSL_SESSION);
if (i > 0) {
return;
}
CRYPTO_free_ex_data(&g_ex_data_class, ss, &ss->ex_data);
OPENSSL_cleanse(ss->master_key, sizeof ss->master_key);
OPENSSL_cleanse(ss->session_id, sizeof ss->session_id);
if (ss->sess_cert != NULL) {
ssl_sess_cert_free(ss->sess_cert);
}
if (ss->peer != NULL) {
X509_free(ss->peer);
}
if (ss->tlsext_hostname != NULL) {
OPENSSL_free(ss->tlsext_hostname);
}
if (ss->tlsext_tick != NULL) {
OPENSSL_free(ss->tlsext_tick);
}
if (ss->tlsext_signed_cert_timestamp_list != NULL) {
OPENSSL_free(ss->tlsext_signed_cert_timestamp_list);
}
if (ss->ocsp_response != NULL) {
OPENSSL_free(ss->ocsp_response);
}
if (ss->psk_identity != NULL) {
OPENSSL_free(ss->psk_identity);
}
OPENSSL_cleanse(ss, sizeof(*ss));
OPENSSL_free(ss);
}
/* loads in the certificate from the server */
int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data)
{
STACK_OF(X509) *sk=NULL;
EVP_PKEY *pkey=NULL;
SESS_CERT *sc=NULL;
int i;
X509 *x509=NULL;
int ret=0;
x509=d2i_X509(NULL,&data,(long)len);
if (x509 == NULL)
{
SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_X509_LIB);
goto err;
}
if ((sk=sk_X509_new_null()) == NULL || !sk_X509_push(sk,x509))
{
SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_MALLOC_FAILURE);
goto err;
}
i=ssl_verify_cert_chain(s,sk);
if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))
{
SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
goto err;
}
ERR_clear_error(); /* but we keep s->verify_result */
s->session->verify_result = s->verify_result;
/* server's cert for this session */
sc=ssl_sess_cert_new();
if (sc == NULL)
{
ret= -1;
goto err;
}
if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert);
s->session->sess_cert=sc;
sc->peer_pkeys[SSL_PKEY_RSA_ENC].x509=x509;
sc->peer_key= &(sc->peer_pkeys[SSL_PKEY_RSA_ENC]);
pkey=X509_get_pubkey(x509);
x509=NULL;
if (pkey == NULL)
{
SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY);
goto err;
}
if (pkey->type != EVP_PKEY_RSA)
{
SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_PUBLIC_KEY_NOT_RSA);
goto err;
}
if (!ssl_set_peer_cert_type(sc,SSL2_CT_X509_CERTIFICATE))
goto err;
ret=1;
err:
sk_X509_free(sk);
X509_free(x509);
EVP_PKEY_free(pkey);
return(ret);
}
