void Curl_polarssl_close(struct connectdata *conn, int sockindex)
{
rsa_free(&conn->ssl[sockindex].rsa);
x509_free(&conn->ssl[sockindex].clicert);
x509_free(&conn->ssl[sockindex].cacert);
x509_crl_free(&conn->ssl[sockindex].crl);
ssl_free(&conn->ssl[sockindex].ssl);
}
STATIC mp_obj_t socket_close(mp_obj_t self_in) {
mp_obj_ssl_socket_t *self = MP_OBJ_TO_PTR(self_in);
ssl_free(self->ssl_sock);
ssl_ctx_free(self->ssl_ctx);
mp_obj_t dest[2];
mp_load_method(self->sock, MP_QSTR_close, dest);
return mp_call_method_n_kw(0, 0, dest);
}
static void Curl_polarssl_close(struct connectdata *conn, int sockindex)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
rsa_free(&BACKEND->rsa);
x509_crt_free(&BACKEND->clicert);
x509_crt_free(&BACKEND->cacert);
x509_crl_free(&BACKEND->crl);
ssl_free(&BACKEND->ssl);
}
PUBLIC void sslFree(Webs *wp)
{
EstSocket *est;
est = wp->ssl;
if (est) {
ssl_free(&est->ctx);
wp->ssl = 0;
}
}
ScmObj Scm_TLSClose(ScmTLS* t)
{
#if defined(GAUCHE_USE_AXTLS)
if (t->ctx && t->conn) {
ssl_free(t->conn);
t->conn = 0;
t->in_port = t->out_port = 0;
}
#endif /*GAUCHE_USE_AXTLS*/
return SCM_TRUE;
}
~SSLContext() {
if (_ssl) {
ssl_free(_ssl);
_ssl = nullptr;
}
--_ssl_ctx_refcnt;
if (_ssl_ctx_refcnt == 0) {
ssl_ctx_free(_ssl_ctx);
}
}
/*
* This function is called to shut down the SSL layer but keep the
* socket open (CCC - Clear Command Channel)
*/
int Curl_axtls_shutdown(struct connectdata *conn, int sockindex)
{
/* Outline taken from curl_ssluse.c since functions are in axTLS compat
layer. axTLS's error set is much smaller, so a lot of error-handling
was removed.
*/
int retval = 0;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct SessionHandle *data = conn->data;
char buf[120]; /* We will use this for the OpenSSL error buffer, so it has
to be at least 120 bytes long. */
ssize_t nread;
infof(conn->data, " Curl_axtls_shutdown\n");
/* This has only been tested on the proftpd server, and the mod_tls code
sends a close notify alert without waiting for a close notify alert in
response. Thus we wait for a close notify alert from the server, but
we do not send one. Let's hope other servers do the same... */
/* axTLS compat layer does nothing for SSL_shutdown, so we do nothing too
if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE)
(void)SSL_shutdown(connssl->ssl);
*/
if(connssl->ssl) {
int what = Curl_socket_ready(conn->sock[sockindex],
CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT);
if(what > 0) {
/* Something to read, let's do it and hope that it is the close
notify alert from the server */
nread = (ssize_t)SSL_read(conn->ssl[sockindex].ssl, buf,
sizeof(buf));
if(nread < SSL_OK) {
failf(data, "close notify alert not received during shutdown");
retval = -1;
}
}
else if(0 == what) {
/* timeout */
failf(data, "SSL shutdown timeout");
}
else {
/* anything that gets here is fatally bad */
failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
retval = -1;
}
ssl_free (connssl->ssl);
connssl->ssl = NULL;
}
return retval;
}
void http_ssl_close( struct HTTP* http )
{
net_close( http->socket );
ssl_free( &http->ssl.ssl );
memset( &http->ssl.ctr_drbg, 0, sizeof( ctr_drbg_context ) );
memset( &http->ssl.entropy, 0, sizeof( entropy_context ) );
http->header->connection_state = NULL;
}
static void ssl_close( UBuffer* pbuf )
{
if( pbuf->FD > -1 )
{
ssl_free( ur_ptr(SSLExt, pbuf) );
pbuf->FD = -1;
}
memFree( pbuf->ptr.v );
//pbuf->ptr.v = 0; // Done by port_destroy().
}
static SQRESULT sq_ssl_ctx_server_new(HSQUIRRELVM v){
SQ_FUNC_VARS_NO_TOP(v);
GET_ssl_ctx_INSTANCE();
SQ_GET_INTEGER(v, 2, client_fd);
SSL *ssl = ssl_server_new(self, client_fd);
SQRESULT rc = ssl_constructor(v, ssl, 1);
if(rc == SQ_ERROR && ssl){
ssl_free(ssl);
}
return rc;
}
static void free_ssl_structs(struct ssl_connect_data *connssl)
{
if(connssl->ssl) {
ssl_free (connssl->ssl);
connssl->ssl = NULL;
}
if(connssl->ssl_ctx) {
ssl_ctx_free(connssl->ssl_ctx);
connssl->ssl_ctx = NULL;
}
}
void IOBuf_destroy(IOBuf *buf)
{
if(buf) {
if(buf->use_ssl) {
ssl_close_notify(&buf->ssl);
ssl_free(&buf->ssl);
}
fdclose(buf->fd);
h_free(buf);
}
}
void IOBuf_destroy(IOBuf *buf)
{
if(buf) {
IOBuf_close(buf); // ignore return
if(buf->use_ssl) {
ssl_free(&buf->ssl);
}
if(buf->buf) free(buf->buf);
free(buf);
}
}
wiced_result_t wiced_tls_deinit_context( wiced_tls_simple_context_t* tls_context )
{
/* Check if context is of an advanced variety. Note that the server and advanced client context are exactly the same */
if (tls_context->context_type == WICED_TLS_ADVANCED_CONTEXT)
{
x509_free(&((wiced_tls_advanced_context_t*)tls_context)->certificate);
rsa_free(&((wiced_tls_advanced_context_t*)tls_context)->key);
}
ssl_free( &tls_context->context);
return WICED_SUCCESS;
}
void ms_dtls_srtp_context_destroy(MSDtlsSrtpContext *ctx) {
/* clean polarssl contexts */
if (ctx->rtp_dtls_context) {
x509_crt_free( &(ctx->rtp_dtls_context->crt) );
ssl_free( &(ctx->rtp_dtls_context->ssl) );
ctr_drbg_free( &(ctx->rtp_dtls_context->ctr_drbg) );
entropy_free( &(ctx->rtp_dtls_context->entropy) );
pk_free( &(ctx->rtp_dtls_context->pkey) );
ssl_cookie_free( &(ctx->rtp_dtls_context->cookie_ctx) );
ms_mutex_destroy(&ctx->rtp_dtls_context->ssl_context_mutex);
ms_free(ctx->rtp_dtls_context);
}
if (ctx->rtcp_dtls_context) {
x509_crt_free( &(ctx->rtcp_dtls_context->crt) );
ssl_free( &(ctx->rtcp_dtls_context->ssl) );
ctr_drbg_free( &(ctx->rtcp_dtls_context->ctr_drbg) );
entropy_free( &(ctx->rtcp_dtls_context->entropy) );
pk_free( &(ctx->rtcp_dtls_context->pkey) );
ssl_cookie_free( &(ctx->rtcp_dtls_context->cookie_ctx) );
ms_mutex_destroy(&ctx->rtcp_dtls_context->ssl_context_mutex);
ms_free(ctx->rtcp_dtls_context);
}
/* clean incoming buffers */
while (ctx->rtp_incoming_buffer!=NULL) {
DtlsRawPacket *next_packet = ctx->rtp_incoming_buffer->next;
ms_free(ctx->rtp_incoming_buffer->data);
ms_free(ctx->rtp_incoming_buffer);
ctx->rtp_incoming_buffer = next_packet;
}
while (ctx->rtcp_incoming_buffer!=NULL) {
DtlsRawPacket *next_packet = ctx->rtcp_incoming_buffer->next;
ms_free(ctx->rtcp_incoming_buffer->data);
ms_free(ctx->rtcp_incoming_buffer);
ctx->rtcp_incoming_buffer = next_packet;
}
ms_free(ctx);
ms_message("DTLS-SRTP context destroyed");
}
static SQRESULT sq_ssl_ctx_client_new(HSQUIRRELVM v){
SQ_FUNC_VARS(v);
GET_ssl_ctx_INSTANCE();
SQ_GET_INTEGER(v, 2, client_fd);
SQ_OPT_STRING(v, 3, session_id, NULL);
SQ_OPT_INTEGER(v, 4, size, -1);
SSL *ssl = ssl_client_new(self, client_fd, (const uint8_t *)session_id,
size >= 0 ? size : session_id_size, NULL);
SQRESULT rc = ssl_constructor(v, ssl, 1);
if(rc == SQ_ERROR && ssl){
ssl_free(ssl);
}
return rc;
}
static void tls_channel_uninit(belle_sip_tls_channel_t *obj){
belle_sip_socket_t sock = belle_sip_source_get_socket((belle_sip_source_t*)obj);
if (sock!=(belle_sip_socket_t)-1)
tls_channel_close(obj);
ssl_free(&obj->sslctx);
#if POLARSSL_VERSION_NUMBER < 0x01030000
x509_free(&obj->root_ca);
#else
x509_crt_free(&obj->root_ca);
#endif
if (obj->cur_debug_msg)
belle_sip_free(obj->cur_debug_msg);
belle_sip_object_unref(obj->verify_ctx);
}
int config_uplink_ssl_setup(struct uplink_config_t *l)
{
l->ssl = ssl_alloc();
if (ssl_create(l->ssl, (void *)l)) {
hlog(LOG_ERR, "Uplink: Failed to create SSL context for '%s*'", l->name);
return -1;
}
/* optional client cert for server-side validation */
if (l->certfile && l->keyfile) {
if (ssl_certificate(l->ssl, l->certfile, l->keyfile)) {
hlog(LOG_ERR, "Uplink '%s': Failed to load SSL certificatess", l->name);
ssl_free(l->ssl);
l->ssl = NULL;
return -1;
}
}
/* optional server cert validation */
if (l->cafile) {
if (ssl_ca_certificate(l->ssl, l->cafile, 2)) {
hlog(LOG_ERR, "Uplink '%s': Failed to load trusted SSL CA certificates", l->name);
ssl_free(l->ssl);
l->ssl = NULL;
return -1;
}
}
hlog(LOG_INFO, "Uplink %s: SSL initialized%s%s",
l->name,
(l->cafile) ? ", server validated" : "",
(l->certfile) ? ", client cert loaded" : "");
return 0;
}
/**
* lm_ssl_unref
* @ssl: an #LmSSL
*
* Removes a reference from @ssl. When no more references are present
* @ssl is freed.
**/
void
lm_ssl_unref (LmSSL *ssl)
{
g_return_if_fail (ssl != NULL);
ssl->ref_count --;
if (ssl->ref_count == 0) {
if (ssl->data_notify) {
(* ssl->data_notify) (ssl->func_data);
}
ssl_free (ssl);
}
}
static void delnet_real(struct sockifo* ifo) {
#if SSL_ENABLED
if (ifo->state.ssl)
ssl_free(ifo);
#endif
if (ifo->fd >= 0)
close(ifo->fd);
free(ifo->sendq.data);
free(ifo->recvq.data);
sockets->count--;
struct sockifo* last = &(sockets->net[sockets->count]);
if (ifo != last) {
memcpy(ifo, last, sizeof(struct sockifo));
}
}
int
main(int argc, char **argv) {
ASSERT(argc >= 1);
if (file_exists("/dev/log/main"))
logf_register(&logf_android_write, logf_android_new(argv[0]));
else
logf_register(&logf_klog_write, logf_klog_new(argv[0]));
logf_register(&logf_file_write, stdout);
scd_logfile_handler = logf_register(&logf_file_write, logf_file_new("/data/logs/cml-scd"));
logf_handler_set_prio(scd_logfile_handler, LOGF_PRIO_WARN);
event_timer_t *logfile_timer = event_timer_new(HOURS_TO_MILLISECONDS(24), EVENT_TIMER_REPEAT_FOREVER, scd_logfile_rename_cb, NULL);
event_add_timer(logfile_timer);
provisioning_mode();
INFO("Starting scd ...");
ssl_init();
DEBUG("Try to create directory for socket if not existing");
if (dir_mkdir_p(CMLD_SOCKET_DIR, 0755) < 0) {
FATAL("Could not create directory for scd_control socket");
}
scd_control_cmld = scd_control_new(SCD_CONTROL_SOCKET);
if (!scd_control_cmld) {
FATAL("Could not init scd_control socket");
}
INFO("created control socket.");
#ifdef ANDROID
/* trigger start of cmld */
if (property_set("trustme.provisioning.mode", "no") != 0) {
FATAL("Unable to set property. Cannot trigger CMLD");
}
#endif
event_loop();
ssl_free();
return 0;
}
void
tcp_close(tcpcon_t *tc)
{
#if ENABLE_POLARSSL
if(tc->ssl != NULL) {
ssl_close_notify(tc->ssl);
ssl_free(tc->ssl);
free(tc->ssl);
free(tc->ssn);
free(tc->hs);
}
#endif
htsbuf_queue_flush(&tc->spill);
netClose(tc->fd);
free(tc);
}
/*********************************************************************************************************
** 函数名称: __vpnClientClose
** 功能描述: VPN 客户端关闭链接并释放 ssl 相关数据结构
** 输 入 : pvpnctx VPN 上下文
** 输 出 : ERROR
** 全局变量:
** 调用模块:
*********************************************************************************************************/
INT __vpnClientClose (__PVPN_CONTEXT pvpnctx)
{
if (pvpnctx == LW_NULL) {
return (PX_ERROR);
}
ssl_close_notify(&pvpnctx->VPNCTX_sslctx); /* 通知 ssl 即将关闭 */
if (pvpnctx->VPNCTX_iSocket >= 0) {
net_close(pvpnctx->VPNCTX_iSocket);
}
x509_free(&pvpnctx->VPNCTX_x509certPrivate);
x509_free(&pvpnctx->VPNCTX_x509certCA);
rsa_free(&pvpnctx->VPNCTX_rasctx);
ssl_free(&pvpnctx->VPNCTX_sslctx);
return (ERROR_NONE);
}
static int ssl_write( UThread* ut, UBuffer* port, const UCell* data )
{
const void* buf;
SSLExt* ext = ur_ptr(SSLExt, port);
int len;
int n;
len = boron_sliceMem( ut, data, &buf );
if( port->FD > -1 && len )
{
retry:
n = mbedtls_ssl_write( &ext->sc, buf, len );
if( n < 0 )
{
if( n == MBEDTLS_ERR_SSL_WANT_READ ||
n == MBEDTLS_ERR_SSL_WANT_WRITE )
{
ssl_wait();
goto retry;
}
// An error occured; the ssl context must not be used again.
ssl_free( ext );
port->FD = -1;
return ur_error( ut, UR_ERR_ACCESS, "ssl_write %d", n );
}
else if( n != len )
{
if( n > 0 && n < len )
{
buf = ((const char*) buf) + n;
len -= n;
goto retry;
}
return ur_error( ut, UR_ERR_ACCESS,
"ssl_write only sent %d of %d bytes", n, len );
}
}
return UR_OK;
}
void connect(ClientContext* ctx, const char* hostName, uint32_t timeout_ms)
{
SSL_EXTENSIONS* ext = ssl_ext_new();
ssl_ext_set_host_name(ext, hostName);
ssl_ext_set_max_fragment_size(ext, 4096);
s_io_ctx = ctx;
if (_ssl) {
ssl_free(_ssl);
}
_ssl = ssl_client_new(_ssl_ctx, 0, nullptr, 0, ext);
uint32_t t = millis();
while (millis() - t < timeout_ms && ssl_handshake_status(_ssl) != SSL_OK) {
uint8_t* data;
int rc = ssl_read(_ssl, &data);
if (rc < SSL_OK) {
break;
}
}
}
int _readAll() {
if (!_ssl)
return 0;
optimistic_yield(100);
uint8_t* data;
int rc = ssl_read(_ssl, &data);
if (rc <= 0) {
if (rc < SSL_OK && rc != SSL_CLOSE_NOTIFY && rc != SSL_ERROR_CONN_LOST) {
ssl_free(_ssl);
_ssl = nullptr;
}
return 0;
}
DEBUGV(":wcs ra %d", rc);
_read_ptr = data;
_available = rc;
return _available;
}
CWII_IPC_HLE_Device_net_ssl::~CWII_IPC_HLE_Device_net_ssl()
{
// Cleanup sessions
for (WII_SSL& ssl : _SSL)
{
if (ssl.active)
{
ssl_close_notify(&ssl.ctx);
ssl_session_free(&ssl.session);
ssl_free(&ssl.ctx);
x509_crt_free(&ssl.cacert);
x509_crt_free(&ssl.clicert);
ssl.hostname.clear();
ssl.active = false;
}
}
}
void Curl_axtls_close(struct connectdata *conn, int sockindex)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
infof(conn->data, " Curl_axtls_close\n");
if(connssl->ssl) {
/* line from curl_ssluse.c: (void)SSL_shutdown(connssl->ssl);
axTLS compat layer does nothing for SSL_shutdown */
/* The following line is from curl_ssluse.c. There seems to be no axTLS
equivalent. ssl_free and ssl_ctx_free close things.
SSL_set_connect_state(connssl->handle); */
ssl_free (connssl->ssl);
connssl->ssl = NULL;
}
if(connssl->ssl_ctx) {
ssl_ctx_free (connssl->ssl_ctx);
connssl->ssl_ctx = NULL;
}
}
const bool IRCClientThread::Disconnect()
{
dlib::auto_mutex guard(m_socketmutex);
if(IsConnected())
{
#ifdef _WIN32
closesocket(m_socket);
#else
close(m_socket);
#endif
m_socket=-1;
}
if(m_ssl)
{
ssl_free(&m_ssl->m_ssl);
delete m_ssl;
m_ssl=0;
}
m_wantdisconnect=false;
return true;
}
void ssl_aio_stream::clear()
{
#ifdef HAS_POLARSSL
if (ssl_)
{
ssl_free((ssl_context*) ssl_);
acl_myfree(ssl_);
ssl_ = NULL;
}
if (ssn_)
{
acl_myfree(ssn_);
ssn_ = NULL;
}
if (hs_)
{
acl_myfree(hs_);
hs_ = NULL;
}
#endif
}