void ssl3_free(SSL *s) { if (s == NULL || s->s3 == NULL) { return; } ssl3_cleanup_key_block(s); ssl_read_buffer_clear(s); ssl_write_buffer_clear(s); DH_free(s->s3->tmp.dh); EC_KEY_free(s->s3->tmp.ecdh); sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); OPENSSL_free(s->s3->tmp.certificate_types); OPENSSL_free(s->s3->tmp.peer_ellipticcurvelist); OPENSSL_free(s->s3->tmp.peer_psk_identity_hint); DH_free(s->s3->tmp.peer_dh_tmp); EC_KEY_free(s->s3->tmp.peer_ecdh_tmp); ssl3_free_handshake_buffer(s); ssl3_free_handshake_hash(s); OPENSSL_free(s->s3->alpn_selected); OPENSSL_cleanse(s->s3, sizeof *s->s3); OPENSSL_free(s->s3); s->s3 = NULL; }
void ssl3_free(SSL *ssl) { if (ssl == NULL || ssl->s3 == NULL) { return; } ssl3_cleanup_key_block(ssl); ssl_read_buffer_clear(ssl); ssl_write_buffer_clear(ssl); SSL_ECDH_CTX_cleanup(&ssl->s3->tmp.ecdh_ctx); OPENSSL_free(ssl->s3->tmp.peer_key); sk_X509_NAME_pop_free(ssl->s3->tmp.ca_names, X509_NAME_free); OPENSSL_free(ssl->s3->tmp.certificate_types); OPENSSL_free(ssl->s3->tmp.peer_ellipticcurvelist); OPENSSL_free(ssl->s3->tmp.peer_psk_identity_hint); ssl3_free_handshake_buffer(ssl); ssl3_free_handshake_hash(ssl); OPENSSL_free(ssl->s3->next_proto_negotiated); OPENSSL_free(ssl->s3->alpn_selected); SSL_AEAD_CTX_free(ssl->s3->aead_read_ctx); SSL_AEAD_CTX_free(ssl->s3->aead_write_ctx); OPENSSL_cleanse(ssl->s3, sizeof *ssl->s3); OPENSSL_free(ssl->s3); ssl->s3 = NULL; }
void ssl3_free(SSL *ssl) { if (ssl == NULL || ssl->s3 == NULL) { return; } ssl3_cleanup_key_block(ssl); ssl_read_buffer_clear(ssl); ssl_write_buffer_clear(ssl); SSL_ECDH_CTX_cleanup(&ssl->s3->tmp.ecdh_ctx); OPENSSL_free(ssl->s3->tmp.peer_key); OPENSSL_free(ssl->s3->tmp.server_params); sk_X509_NAME_pop_free(ssl->s3->tmp.ca_names, X509_NAME_free); OPENSSL_free(ssl->s3->tmp.certificate_types); OPENSSL_free(ssl->s3->tmp.peer_supported_group_list); OPENSSL_free(ssl->s3->tmp.peer_psk_identity_hint); SSL_SESSION_free(ssl->s3->new_session); SSL_SESSION_free(ssl->s3->established_session); ssl3_free_handshake_buffer(ssl); ssl3_free_handshake_hash(ssl); ssl_handshake_free(ssl->s3->hs); OPENSSL_free(ssl->s3->next_proto_negotiated); OPENSSL_free(ssl->s3->alpn_selected); SSL_AEAD_CTX_free(ssl->s3->aead_read_ctx); SSL_AEAD_CTX_free(ssl->s3->aead_write_ctx); OPENSSL_free(ssl->s3->pending_message); OPENSSL_cleanse(ssl->s3, sizeof *ssl->s3); OPENSSL_free(ssl->s3); ssl->s3 = NULL; }
/* dtls1_get_record reads a new input record. On success, it places it in * |ssl->s3->rrec| and returns one. Otherwise it returns <= 0 on error or if * more data is needed. */ static int dtls1_get_record(SSL *ssl) { again: /* Read a new packet if there is no unconsumed one. */ if (ssl_read_buffer_len(ssl) == 0) { int ret = ssl_read_buffer_extend_to(ssl, 0 /* unused */); if (ret <= 0) { return ret; } } assert(ssl_read_buffer_len(ssl) > 0); /* Ensure the packet is large enough to decrypt in-place. */ if (ssl_read_buffer_len(ssl) < ssl_record_prefix_len(ssl)) { ssl_read_buffer_clear(ssl); goto again; } uint8_t *out = ssl_read_buffer(ssl) + ssl_record_prefix_len(ssl); size_t max_out = ssl_read_buffer_len(ssl) - ssl_record_prefix_len(ssl); uint8_t type, alert; size_t len, consumed; switch (dtls_open_record(ssl, &type, out, &len, &consumed, &alert, max_out, ssl_read_buffer(ssl), ssl_read_buffer_len(ssl))) { case ssl_open_record_success: ssl_read_buffer_consume(ssl, consumed); if (len > 0xffff) { OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW); return -1; } SSL3_RECORD *rr = &ssl->s3->rrec; rr->type = type; rr->length = (uint16_t)len; rr->data = out; return 1; case ssl_open_record_discard: ssl_read_buffer_consume(ssl, consumed); goto again; case ssl_open_record_error: ssl3_send_alert(ssl, SSL3_AL_FATAL, alert); return -1; case ssl_open_record_partial: /* Impossible in DTLS. */ break; } assert(0); OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); return -1; }
void ssl3_free(SSL *ssl) { if (ssl == NULL || ssl->s3 == NULL) { return; } ssl3_cleanup_key_block(ssl); ssl_read_buffer_clear(ssl); ssl_write_buffer_clear(ssl); SSL_SESSION_free(ssl->s3->new_session); SSL_SESSION_free(ssl->s3->established_session); ssl3_free_handshake_buffer(ssl); ssl3_free_handshake_hash(ssl); ssl_handshake_free(ssl->s3->hs); OPENSSL_free(ssl->s3->next_proto_negotiated); OPENSSL_free(ssl->s3->alpn_selected); SSL_AEAD_CTX_free(ssl->s3->aead_read_ctx); SSL_AEAD_CTX_free(ssl->s3->aead_write_ctx); OPENSSL_free(ssl->s3->pending_message); OPENSSL_cleanse(ssl->s3, sizeof *ssl->s3); OPENSSL_free(ssl->s3); ssl->s3 = NULL; }
void ssl_read_buffer_discard(SSL *ssl) { if (ssl->s3->read_buffer.len == 0) { ssl_read_buffer_clear(ssl); } }