Пример #1
0
void Curl_polarssl_close(struct connectdata *conn, int sockindex)
{
  rsa_free(&conn->ssl[sockindex].rsa);
  x509_free(&conn->ssl[sockindex].clicert);
  x509_free(&conn->ssl[sockindex].cacert);
  x509_crl_free(&conn->ssl[sockindex].crl);
  ssl_free(&conn->ssl[sockindex].ssl);
}
Пример #2
0
STATIC mp_obj_t socket_close(mp_obj_t self_in) {
    mp_obj_ssl_socket_t *self = MP_OBJ_TO_PTR(self_in);
    ssl_free(self->ssl_sock);
    ssl_ctx_free(self->ssl_ctx);

    mp_obj_t dest[2];
    mp_load_method(self->sock, MP_QSTR_close, dest);
    return mp_call_method_n_kw(0, 0, dest);
}
Пример #3
0
static void Curl_polarssl_close(struct connectdata *conn, int sockindex)
{
  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  rsa_free(&BACKEND->rsa);
  x509_crt_free(&BACKEND->clicert);
  x509_crt_free(&BACKEND->cacert);
  x509_crl_free(&BACKEND->crl);
  ssl_free(&BACKEND->ssl);
}
Пример #4
0
PUBLIC void sslFree(Webs *wp)
{
    EstSocket   *est;

    est = wp->ssl;
    if (est) {
        ssl_free(&est->ctx);
        wp->ssl = 0;
    }
}
Пример #5
0
ScmObj Scm_TLSClose(ScmTLS* t)
{
#if defined(GAUCHE_USE_AXTLS)
    if (t->ctx && t->conn) {
        ssl_free(t->conn);
        t->conn = 0;
        t->in_port = t->out_port = 0;
    }
#endif /*GAUCHE_USE_AXTLS*/
    return SCM_TRUE;
}
Пример #6
0
    ~SSLContext() {
        if (_ssl) {
            ssl_free(_ssl);
            _ssl = nullptr;
        }

        --_ssl_ctx_refcnt;
        if (_ssl_ctx_refcnt == 0) {
            ssl_ctx_free(_ssl_ctx);
        }
    }
Пример #7
0
/*
 * This function is called to shut down the SSL layer but keep the
 * socket open (CCC - Clear Command Channel)
 */
int Curl_axtls_shutdown(struct connectdata *conn, int sockindex)
{
  /* Outline taken from curl_ssluse.c since functions are in axTLS compat
     layer.  axTLS's error set is much smaller, so a lot of error-handling
     was removed.
   */
  int retval = 0;
  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  struct SessionHandle *data = conn->data;
  char buf[120]; /* We will use this for the OpenSSL error buffer, so it has
                    to be at least 120 bytes long. */
  ssize_t nread;

  infof(conn->data, "  Curl_axtls_shutdown\n");

  /* This has only been tested on the proftpd server, and the mod_tls code
     sends a close notify alert without waiting for a close notify alert in
     response. Thus we wait for a close notify alert from the server, but
     we do not send one. Let's hope other servers do the same... */

  /* axTLS compat layer does nothing for SSL_shutdown, so we do nothing too
  if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE)
      (void)SSL_shutdown(connssl->ssl);
  */

  if(connssl->ssl) {
    int what = Curl_socket_ready(conn->sock[sockindex],
                                 CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT);
    if(what > 0) {
      /* Something to read, let's do it and hope that it is the close
         notify alert from the server */
      nread = (ssize_t)SSL_read(conn->ssl[sockindex].ssl, buf,
                                sizeof(buf));

      if(nread < SSL_OK) {
        failf(data, "close notify alert not received during shutdown");
        retval = -1;
      }
    }
    else if(0 == what) {
      /* timeout */
      failf(data, "SSL shutdown timeout");
    }
    else {
      /* anything that gets here is fatally bad */
      failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
      retval = -1;
    }

    ssl_free (connssl->ssl);
    connssl->ssl = NULL;
  }
  return retval;
}
Пример #8
0
void http_ssl_close( struct HTTP* http )
{
	net_close( http->socket );

	ssl_free( &http->ssl.ssl );

	memset( &http->ssl.ctr_drbg, 0, sizeof( ctr_drbg_context ) );
	memset( &http->ssl.entropy, 0, sizeof( entropy_context ) );

	http->header->connection_state = NULL;
}
Пример #9
0
static void ssl_close( UBuffer* pbuf )
{
    if( pbuf->FD > -1 )
    {
        ssl_free( ur_ptr(SSLExt, pbuf) );
        pbuf->FD = -1;
    }

    memFree( pbuf->ptr.v );
    //pbuf->ptr.v = 0;      // Done by port_destroy().
}
Пример #10
0
static SQRESULT sq_ssl_ctx_server_new(HSQUIRRELVM v){
    SQ_FUNC_VARS_NO_TOP(v);
    GET_ssl_ctx_INSTANCE();
    SQ_GET_INTEGER(v, 2, client_fd);
    SSL *ssl = ssl_server_new(self, client_fd);
    SQRESULT rc = ssl_constructor(v, ssl, 1);
    if(rc == SQ_ERROR && ssl){
        ssl_free(ssl);
    }
    return rc;
}
Пример #11
0
static void free_ssl_structs(struct ssl_connect_data *connssl)
{
  if(connssl->ssl) {
    ssl_free (connssl->ssl);
    connssl->ssl = NULL;
  }
  if(connssl->ssl_ctx) {
    ssl_ctx_free(connssl->ssl_ctx);
    connssl->ssl_ctx = NULL;
  }
}
Пример #12
0
void IOBuf_destroy(IOBuf *buf)
{
    if(buf) {
        if(buf->use_ssl) {
            ssl_close_notify(&buf->ssl);
            ssl_free(&buf->ssl);
        }
        
        fdclose(buf->fd);
        h_free(buf);
    }
}
Пример #13
0
void IOBuf_destroy(IOBuf *buf)
{
    if(buf) {
        IOBuf_close(buf); // ignore return

        if(buf->use_ssl) {
            ssl_free(&buf->ssl);
        }
        
        if(buf->buf) free(buf->buf);
        free(buf);
    }
}
Пример #14
0
wiced_result_t wiced_tls_deinit_context( wiced_tls_simple_context_t* tls_context )
{
    /* Check if context is of an advanced variety. Note that the server and advanced client context are exactly the same */
    if (tls_context->context_type == WICED_TLS_ADVANCED_CONTEXT)
    {
        x509_free(&((wiced_tls_advanced_context_t*)tls_context)->certificate);
        rsa_free(&((wiced_tls_advanced_context_t*)tls_context)->key);
    }

    ssl_free( &tls_context->context);

    return WICED_SUCCESS;
}
Пример #15
0
void ms_dtls_srtp_context_destroy(MSDtlsSrtpContext *ctx) {
	/* clean polarssl contexts */
	if (ctx->rtp_dtls_context) {
		x509_crt_free( &(ctx->rtp_dtls_context->crt) );
		ssl_free( &(ctx->rtp_dtls_context->ssl) );
		ctr_drbg_free( &(ctx->rtp_dtls_context->ctr_drbg) );
		entropy_free( &(ctx->rtp_dtls_context->entropy) );
		pk_free( &(ctx->rtp_dtls_context->pkey) );
		ssl_cookie_free( &(ctx->rtp_dtls_context->cookie_ctx) );
		ms_mutex_destroy(&ctx->rtp_dtls_context->ssl_context_mutex);
		ms_free(ctx->rtp_dtls_context);
	}
	if (ctx->rtcp_dtls_context) {
		x509_crt_free( &(ctx->rtcp_dtls_context->crt) );
		ssl_free( &(ctx->rtcp_dtls_context->ssl) );
		ctr_drbg_free( &(ctx->rtcp_dtls_context->ctr_drbg) );
		entropy_free( &(ctx->rtcp_dtls_context->entropy) );
		pk_free( &(ctx->rtcp_dtls_context->pkey) );
		ssl_cookie_free( &(ctx->rtcp_dtls_context->cookie_ctx) );
		ms_mutex_destroy(&ctx->rtcp_dtls_context->ssl_context_mutex);
		ms_free(ctx->rtcp_dtls_context);
	}
	/* clean incoming buffers */
	while (ctx->rtp_incoming_buffer!=NULL) {
		DtlsRawPacket *next_packet = ctx->rtp_incoming_buffer->next;
		ms_free(ctx->rtp_incoming_buffer->data);
		ms_free(ctx->rtp_incoming_buffer);
		ctx->rtp_incoming_buffer = next_packet;
	}
	while (ctx->rtcp_incoming_buffer!=NULL) {
		DtlsRawPacket *next_packet = ctx->rtcp_incoming_buffer->next;
		ms_free(ctx->rtcp_incoming_buffer->data);
		ms_free(ctx->rtcp_incoming_buffer);
		ctx->rtcp_incoming_buffer = next_packet;
	}

	ms_free(ctx);
	ms_message("DTLS-SRTP context destroyed");
}
Пример #16
0
static SQRESULT sq_ssl_ctx_client_new(HSQUIRRELVM v){
    SQ_FUNC_VARS(v);
    GET_ssl_ctx_INSTANCE();
    SQ_GET_INTEGER(v, 2, client_fd);
    SQ_OPT_STRING(v, 3, session_id, NULL);
    SQ_OPT_INTEGER(v, 4, size, -1);
	SSL *ssl = ssl_client_new(self, client_fd, (const uint8_t *)session_id,
                           size >= 0 ? size : session_id_size, NULL);
    SQRESULT rc = ssl_constructor(v, ssl, 1);
    if(rc == SQ_ERROR && ssl){
        ssl_free(ssl);
    }
    return rc;
}
Пример #17
0
static void tls_channel_uninit(belle_sip_tls_channel_t *obj){
	belle_sip_socket_t sock = belle_sip_source_get_socket((belle_sip_source_t*)obj);
	if (sock!=(belle_sip_socket_t)-1)
		tls_channel_close(obj);
	ssl_free(&obj->sslctx);
#if POLARSSL_VERSION_NUMBER < 0x01030000
	x509_free(&obj->root_ca);
#else
	x509_crt_free(&obj->root_ca);
#endif
	if (obj->cur_debug_msg)
		belle_sip_free(obj->cur_debug_msg);
	belle_sip_object_unref(obj->verify_ctx);
}
Пример #18
0
int config_uplink_ssl_setup(struct uplink_config_t *l)
{
	l->ssl = ssl_alloc();
	
	if (ssl_create(l->ssl, (void *)l)) {
		hlog(LOG_ERR, "Uplink: Failed to create SSL context for '%s*'", l->name);
		return -1;
	}
	
	/* optional client cert for server-side validation */
	if (l->certfile && l->keyfile) {
		if (ssl_certificate(l->ssl, l->certfile, l->keyfile)) {
			hlog(LOG_ERR, "Uplink '%s': Failed to load SSL certificatess", l->name);
			ssl_free(l->ssl);
			l->ssl = NULL;
			return -1;
		}
	}
	
	/* optional server cert validation */
	if (l->cafile) {
		if (ssl_ca_certificate(l->ssl, l->cafile, 2)) {
			hlog(LOG_ERR, "Uplink '%s': Failed to load trusted SSL CA certificates", l->name);
			ssl_free(l->ssl);
			l->ssl = NULL;
			return -1;
		}
	}
	
	hlog(LOG_INFO, "Uplink %s: SSL initialized%s%s",
		l->name,
		(l->cafile) ? ", server validated" : "",
		(l->certfile) ? ", client cert loaded" : "");
		
	return 0;
}
Пример #19
0
/**
 * lm_ssl_unref
 * @ssl: an #LmSSL
 * 
 * Removes a reference from @ssl. When no more references are present
 * @ssl is freed.
 **/
void 
lm_ssl_unref (LmSSL *ssl)
{
	g_return_if_fail (ssl != NULL);
        
        ssl->ref_count --;
        
        if (ssl->ref_count == 0) {
		if (ssl->data_notify) {
			(* ssl->data_notify) (ssl->func_data);
		}
               
		ssl_free (ssl);
        }
}
Пример #20
0
static void delnet_real(struct sockifo* ifo) {
#if SSL_ENABLED
	if (ifo->state.ssl)
		ssl_free(ifo);
#endif
	if (ifo->fd >= 0)
		close(ifo->fd);
	free(ifo->sendq.data);
	free(ifo->recvq.data);
	sockets->count--;
	struct sockifo* last = &(sockets->net[sockets->count]);
	if (ifo != last) {
		memcpy(ifo, last, sizeof(struct sockifo));
	}
}
Пример #21
0
int
main(int argc, char **argv) {

	ASSERT(argc >= 1);

	if (file_exists("/dev/log/main"))
		logf_register(&logf_android_write, logf_android_new(argv[0]));
	else
		logf_register(&logf_klog_write, logf_klog_new(argv[0]));
	logf_register(&logf_file_write, stdout);

	scd_logfile_handler = logf_register(&logf_file_write, logf_file_new("/data/logs/cml-scd"));
	logf_handler_set_prio(scd_logfile_handler, LOGF_PRIO_WARN);

	event_timer_t *logfile_timer = event_timer_new(HOURS_TO_MILLISECONDS(24), EVENT_TIMER_REPEAT_FOREVER, scd_logfile_rename_cb, NULL);
	event_add_timer(logfile_timer);

	provisioning_mode();

	INFO("Starting scd ...");

	ssl_init();

	DEBUG("Try to create directory for socket if not existing");
	if (dir_mkdir_p(CMLD_SOCKET_DIR, 0755) < 0) {
		FATAL("Could not create directory for scd_control socket");
	}

	scd_control_cmld = scd_control_new(SCD_CONTROL_SOCKET);
	if (!scd_control_cmld) {
		FATAL("Could not init scd_control socket");
	}

	INFO("created control socket.");

#ifdef ANDROID
	/* trigger start of cmld */
	if (property_set("trustme.provisioning.mode", "no") != 0) {
		FATAL("Unable to set property. Cannot trigger CMLD");
	}
#endif

	event_loop();
	ssl_free();

	return 0;
}
Пример #22
0
void
tcp_close(tcpcon_t *tc)
{
#if ENABLE_POLARSSL
  if(tc->ssl != NULL) {
    ssl_close_notify(tc->ssl);
    ssl_free(tc->ssl);

    free(tc->ssl);
    free(tc->ssn);
    free(tc->hs);
  }
#endif
  htsbuf_queue_flush(&tc->spill);
  netClose(tc->fd);
  free(tc);
}
Пример #23
0
/*********************************************************************************************************
** 函数名称: __vpnClientClose
** 功能描述: VPN 客户端关闭链接并释放 ssl 相关数据结构
** 输 入  : pvpnctx                VPN 上下文
** 输 出  : ERROR
** 全局变量:
** 调用模块:
*********************************************************************************************************/
INT  __vpnClientClose (__PVPN_CONTEXT  pvpnctx)
{
    if (pvpnctx == LW_NULL) {
        return  (PX_ERROR);
    }

    ssl_close_notify(&pvpnctx->VPNCTX_sslctx);                          /*  通知 ssl 即将关闭           */

    if (pvpnctx->VPNCTX_iSocket >= 0) {
        net_close(pvpnctx->VPNCTX_iSocket);
    }
    x509_free(&pvpnctx->VPNCTX_x509certPrivate);
    x509_free(&pvpnctx->VPNCTX_x509certCA);
    rsa_free(&pvpnctx->VPNCTX_rasctx);
    ssl_free(&pvpnctx->VPNCTX_sslctx);

    return  (ERROR_NONE);
}
Пример #24
0
static int ssl_write( UThread* ut, UBuffer* port, const UCell* data )
{
    const void* buf;
    SSLExt* ext = ur_ptr(SSLExt, port);
    int len;
    int n;

    len = boron_sliceMem( ut, data, &buf );

    if( port->FD > -1 && len )
    {
retry:
        n = mbedtls_ssl_write( &ext->sc, buf, len );
        if( n < 0 )
        {
            if( n == MBEDTLS_ERR_SSL_WANT_READ ||
                    n == MBEDTLS_ERR_SSL_WANT_WRITE )
            {
                ssl_wait();
                goto retry;
            }

            // An error occured; the ssl context must not be used again.
            ssl_free( ext );
            port->FD = -1;

            return ur_error( ut, UR_ERR_ACCESS, "ssl_write %d", n );
        }
        else if( n != len )
        {
            if( n > 0 && n < len )
            {
                buf = ((const char*) buf) + n;
                len -= n;
                goto retry;
            }
            return ur_error( ut, UR_ERR_ACCESS,
                             "ssl_write only sent %d of %d bytes", n, len );
        }
    }
    return UR_OK;
}
Пример #25
0
    void connect(ClientContext* ctx, const char* hostName, uint32_t timeout_ms)
    {
        SSL_EXTENSIONS* ext = ssl_ext_new();
        ssl_ext_set_host_name(ext, hostName);
        ssl_ext_set_max_fragment_size(ext, 4096);
        s_io_ctx = ctx;
        if (_ssl) {
            ssl_free(_ssl);
        }
        _ssl = ssl_client_new(_ssl_ctx, 0, nullptr, 0, ext);
        uint32_t t = millis();

        while (millis() - t < timeout_ms && ssl_handshake_status(_ssl) != SSL_OK) {
            uint8_t* data;
            int rc = ssl_read(_ssl, &data);
            if (rc < SSL_OK) {
                break;
            }
        }
    }
Пример #26
0
    int _readAll() {
        if (!_ssl)
            return 0;

        optimistic_yield(100);

        uint8_t* data;
        int rc = ssl_read(_ssl, &data);
        if (rc <= 0) {
            if (rc < SSL_OK && rc != SSL_CLOSE_NOTIFY && rc != SSL_ERROR_CONN_LOST) {
                ssl_free(_ssl);
                _ssl = nullptr;
            }
            return 0;
        }
        DEBUGV(":wcs ra %d", rc);
        _read_ptr = data;
        _available = rc;
        return _available;
    }
CWII_IPC_HLE_Device_net_ssl::~CWII_IPC_HLE_Device_net_ssl()
{
	// Cleanup sessions
	for (WII_SSL& ssl : _SSL)
	{
		if (ssl.active)
		{
			ssl_close_notify(&ssl.ctx);
			ssl_session_free(&ssl.session);
			ssl_free(&ssl.ctx);

			x509_crt_free(&ssl.cacert);
			x509_crt_free(&ssl.clicert);

			ssl.hostname.clear();

			ssl.active = false;
		}
	}
}
Пример #28
0
void Curl_axtls_close(struct connectdata *conn, int sockindex)
{
  struct ssl_connect_data *connssl = &conn->ssl[sockindex];

  infof(conn->data, "  Curl_axtls_close\n");
  if(connssl->ssl) {
    /* line from curl_ssluse.c: (void)SSL_shutdown(connssl->ssl);
       axTLS compat layer does nothing for SSL_shutdown */

    /* The following line is from curl_ssluse.c.  There seems to be no axTLS
       equivalent.  ssl_free and ssl_ctx_free close things.
       SSL_set_connect_state(connssl->handle); */

    ssl_free (connssl->ssl);
    connssl->ssl = NULL;
  }
  if(connssl->ssl_ctx) {
    ssl_ctx_free (connssl->ssl_ctx);
    connssl->ssl_ctx = NULL;
  }
}
Пример #29
0
const bool IRCClientThread::Disconnect()
{
	dlib::auto_mutex guard(m_socketmutex);
	if(IsConnected())
	{
		#ifdef _WIN32
		closesocket(m_socket);
		#else
		close(m_socket);
		#endif
		m_socket=-1;
	}
	if(m_ssl)
	{
		ssl_free(&m_ssl->m_ssl);
		delete m_ssl;
		m_ssl=0;
	}
	m_wantdisconnect=false;
	return true;
}
Пример #30
0
void ssl_aio_stream::clear()
{
#ifdef HAS_POLARSSL
	if (ssl_)
	{
		ssl_free((ssl_context*) ssl_);
		acl_myfree(ssl_);
		ssl_ = NULL;
	}
	if (ssn_)
	{
		acl_myfree(ssn_);
		ssn_ = NULL;
	}
	if (hs_)
	{
		acl_myfree(hs_);
		hs_ = NULL;
	}
#endif
}