Loading ssl/s3_clnt.c +21 −21 Original line number Diff line number Diff line Loading @@ -1464,22 +1464,22 @@ int ssl3_get_key_exchange(SSL *s) } param = p = (unsigned char *)s->init_msg; if (s->session->sess_cert != NULL) { #ifndef OPENSSL_NO_RSA RSA_free(s->session->sess_cert->peer_rsa_tmp); s->session->sess_cert->peer_rsa_tmp = NULL; RSA_free(s->s3->peer_rsa_tmp); s->s3->peer_rsa_tmp = NULL; #endif #ifndef OPENSSL_NO_DH DH_free(s->session->sess_cert->peer_dh_tmp); s->session->sess_cert->peer_dh_tmp = NULL; DH_free(s->s3->peer_dh_tmp); s->s3->peer_dh_tmp = NULL; #endif #ifndef OPENSSL_NO_EC EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp); s->session->sess_cert->peer_ecdh_tmp = NULL; EC_KEY_free(s->s3->peer_ecdh_tmp); s->s3->peer_ecdh_tmp = NULL; #endif } else { if (s->session->sess_cert == NULL) s->session->sess_cert = ssl_sess_cert_new(); } /* Total length of the parameters including the length prefix */ param_len = 0; Loading Loading @@ -1711,7 +1711,7 @@ int ssl3_get_key_exchange(SSL *s) goto f_err; } s->session->sess_cert->peer_rsa_tmp = rsa; s->s3->peer_rsa_tmp = rsa; rsa = NULL; } #else /* OPENSSL_NO_RSA */ Loading Loading @@ -1806,7 +1806,7 @@ int ssl3_get_key_exchange(SSL *s) # endif /* else anonymous DH, so no certificate or pkey. */ s->session->sess_cert->peer_dh_tmp = dh; s->s3->peer_dh_tmp = dh; dh = NULL; } #endif /* !OPENSSL_NO_DH */ Loading Loading @@ -1917,7 +1917,7 @@ int ssl3_get_key_exchange(SSL *s) # endif /* else anonymous ECDH, so no certificate or pkey. */ EC_KEY_set_public_key(ecdh, srvr_ecpoint); s->session->sess_cert->peer_ecdh_tmp = ecdh; s->s3->peer_ecdh_tmp = ecdh; ecdh = NULL; BN_CTX_free(bn_ctx); bn_ctx = NULL; Loading Loading @@ -2446,8 +2446,8 @@ int ssl3_send_client_key_exchange(SSL *s) goto err; } if (s->session->sess_cert->peer_rsa_tmp != NULL) rsa = s->session->sess_cert->peer_rsa_tmp; if (s->s3->peer_rsa_tmp != NULL) rsa = s->s3->peer_rsa_tmp; else { pkey = X509_get_pubkey(s->session-> Loading Loading @@ -2504,8 +2504,8 @@ int ssl3_send_client_key_exchange(SSL *s) goto err; } if (scert->peer_dh_tmp != NULL) dh_srvr = scert->peer_dh_tmp; if (s->s3->peer_dh_tmp != NULL) dh_srvr = s->s3->peer_dh_tmp; else { /* we get them from the cert */ int idx = scert->peer_cert_type; Loading Loading @@ -2558,7 +2558,7 @@ int ssl3_send_client_key_exchange(SSL *s) */ n = DH_compute_key(pms, dh_srvr->pub_key, dh_clnt); if (scert->peer_dh_tmp == NULL) if (s->s3->peer_dh_tmp == NULL) DH_free(dh_srvr); if (n <= 0) { Loading Loading @@ -2624,8 +2624,8 @@ int ssl3_send_client_key_exchange(SSL *s) */ } if (s->session->sess_cert->peer_ecdh_tmp != NULL) { tkey = s->session->sess_cert->peer_ecdh_tmp; if (s->s3->peer_ecdh_tmp != NULL) { tkey = s->s3->peer_ecdh_tmp; } else { /* Get the Server Public Key from Cert */ srvr_pub_pkey = Loading Loading @@ -3357,10 +3357,10 @@ int ssl3_check_cert_and_algorithm(SSL *s) goto err; } #ifndef OPENSSL_NO_RSA rsa = s->session->sess_cert->peer_rsa_tmp; rsa = s->s3->peer_rsa_tmp; #endif #ifndef OPENSSL_NO_DH dh = s->session->sess_cert->peer_dh_tmp; dh = s->s3->peer_dh_tmp; #endif /* This is the passed certificate */ Loading ssl/s3_lib.c +22 −9 Original line number Diff line number Diff line Loading @@ -2894,11 +2894,17 @@ void ssl3_free(SSL *s) return; ssl3_cleanup_key_block(s); #ifndef OPENSSL_NO_RSA RSA_free(s->s3->peer_rsa_tmp); #endif #ifndef OPENSSL_NO_DH DH_free(s->s3->tmp.dh); DH_free(s->s3->peer_dh_tmp); #endif #ifndef OPENSSL_NO_EC EC_KEY_free(s->s3->tmp.ecdh); EC_KEY_free(s->s3->peer_ecdh_tmp); #endif sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); Loading Loading @@ -2929,13 +2935,22 @@ void ssl3_clear(SSL *s) OPENSSL_free(s->s3->tmp.peer_sigalgs); s->s3->tmp.peer_sigalgs = NULL; #ifndef OPENSSL_NO_RSA RSA_free(s->s3->peer_rsa_tmp); s->s3->peer_rsa_tmp = NULL; #endif #ifndef OPENSSL_NO_DH DH_free(s->s3->tmp.dh); s->s3->tmp.dh = NULL; DH_free(s->s3->peer_dh_tmp); s->s3->peer_dh_tmp = NULL; #endif #ifndef OPENSSL_NO_EC EC_KEY_free(s->s3->tmp.ecdh); s->s3->tmp.ecdh = NULL; EC_KEY_free(s->s3->peer_ecdh_tmp); s->s3->peer_ecdh_tmp = NULL; s->s3->is_probably_safari = 0; #endif /* !OPENSSL_NO_EC */ Loading Loading @@ -3330,28 +3345,26 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) if (s->server || !s->session || !s->session->sess_cert) return 0; else { SESS_CERT *sc; EVP_PKEY *ptmp; int rv = 0; sc = s->session->sess_cert; #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC) if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp && !sc->peer_ecdh_tmp) if (!s->s3->peer_rsa_tmp && !s->s3->peer_dh_tmp && !s->s3->peer_ecdh_tmp) return 0; #endif ptmp = EVP_PKEY_new(); if (!ptmp) return 0; #ifndef OPENSSL_NO_RSA else if (sc->peer_rsa_tmp) rv = EVP_PKEY_set1_RSA(ptmp, sc->peer_rsa_tmp); else if (s->s3->peer_rsa_tmp) rv = EVP_PKEY_set1_RSA(ptmp, s->s3->peer_rsa_tmp); #endif #ifndef OPENSSL_NO_DH else if (sc->peer_dh_tmp) rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp); else if (s->s3->peer_dh_tmp) rv = EVP_PKEY_set1_DH(ptmp, s->s3->peer_dh_tmp); #endif #ifndef OPENSSL_NO_EC else if (sc->peer_ecdh_tmp) rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp); else if (s->s3->peer_ecdh_tmp) rv = EVP_PKEY_set1_EC_KEY(ptmp, s->s3->peer_ecdh_tmp); #endif if (rv) { *(EVP_PKEY **)parg = ptmp; Loading ssl/ssl_cert.c +0 −10 Original line number Diff line number Diff line Loading @@ -570,16 +570,6 @@ void ssl_sess_cert_free(SESS_CERT *sc) #endif } #ifndef OPENSSL_NO_RSA RSA_free(sc->peer_rsa_tmp); #endif #ifndef OPENSSL_NO_DH DH_free(sc->peer_dh_tmp); #endif #ifndef OPENSSL_NO_EC EC_KEY_free(sc->peer_ecdh_tmp); #endif OPENSSL_free(sc); } Loading ssl/ssl_locl.h +12 −9 Original line number Diff line number Diff line Loading @@ -1340,6 +1340,18 @@ typedef struct ssl3_state_st { */ char is_probably_safari; # endif /* !OPENSSL_NO_EC */ /* For clients: peer temporary key */ # ifndef OPENSSL_NO_RSA RSA *peer_rsa_tmp; # endif # ifndef OPENSSL_NO_DH DH *peer_dh_tmp; # endif # ifndef OPENSSL_NO_EC EC_KEY *peer_ecdh_tmp; # endif } SSL3_STATE; Loading Loading @@ -1589,15 +1601,6 @@ typedef struct sess_cert_st { * Obviously we don't have the private keys of these, so maybe we * shouldn't even use the CERT_PKEY type here. */ # ifndef OPENSSL_NO_RSA RSA *peer_rsa_tmp; /* not used for SSL 2 */ # endif # ifndef OPENSSL_NO_DH DH *peer_dh_tmp; /* not used for SSL 2 */ # endif # ifndef OPENSSL_NO_EC EC_KEY *peer_ecdh_tmp; # endif int references; /* actually always 1 at the moment */ } SESS_CERT; /* Structure containing decoded values of signature algorithms extension */ Loading Loading
ssl/s3_clnt.c +21 −21 Original line number Diff line number Diff line Loading @@ -1464,22 +1464,22 @@ int ssl3_get_key_exchange(SSL *s) } param = p = (unsigned char *)s->init_msg; if (s->session->sess_cert != NULL) { #ifndef OPENSSL_NO_RSA RSA_free(s->session->sess_cert->peer_rsa_tmp); s->session->sess_cert->peer_rsa_tmp = NULL; RSA_free(s->s3->peer_rsa_tmp); s->s3->peer_rsa_tmp = NULL; #endif #ifndef OPENSSL_NO_DH DH_free(s->session->sess_cert->peer_dh_tmp); s->session->sess_cert->peer_dh_tmp = NULL; DH_free(s->s3->peer_dh_tmp); s->s3->peer_dh_tmp = NULL; #endif #ifndef OPENSSL_NO_EC EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp); s->session->sess_cert->peer_ecdh_tmp = NULL; EC_KEY_free(s->s3->peer_ecdh_tmp); s->s3->peer_ecdh_tmp = NULL; #endif } else { if (s->session->sess_cert == NULL) s->session->sess_cert = ssl_sess_cert_new(); } /* Total length of the parameters including the length prefix */ param_len = 0; Loading Loading @@ -1711,7 +1711,7 @@ int ssl3_get_key_exchange(SSL *s) goto f_err; } s->session->sess_cert->peer_rsa_tmp = rsa; s->s3->peer_rsa_tmp = rsa; rsa = NULL; } #else /* OPENSSL_NO_RSA */ Loading Loading @@ -1806,7 +1806,7 @@ int ssl3_get_key_exchange(SSL *s) # endif /* else anonymous DH, so no certificate or pkey. */ s->session->sess_cert->peer_dh_tmp = dh; s->s3->peer_dh_tmp = dh; dh = NULL; } #endif /* !OPENSSL_NO_DH */ Loading Loading @@ -1917,7 +1917,7 @@ int ssl3_get_key_exchange(SSL *s) # endif /* else anonymous ECDH, so no certificate or pkey. */ EC_KEY_set_public_key(ecdh, srvr_ecpoint); s->session->sess_cert->peer_ecdh_tmp = ecdh; s->s3->peer_ecdh_tmp = ecdh; ecdh = NULL; BN_CTX_free(bn_ctx); bn_ctx = NULL; Loading Loading @@ -2446,8 +2446,8 @@ int ssl3_send_client_key_exchange(SSL *s) goto err; } if (s->session->sess_cert->peer_rsa_tmp != NULL) rsa = s->session->sess_cert->peer_rsa_tmp; if (s->s3->peer_rsa_tmp != NULL) rsa = s->s3->peer_rsa_tmp; else { pkey = X509_get_pubkey(s->session-> Loading Loading @@ -2504,8 +2504,8 @@ int ssl3_send_client_key_exchange(SSL *s) goto err; } if (scert->peer_dh_tmp != NULL) dh_srvr = scert->peer_dh_tmp; if (s->s3->peer_dh_tmp != NULL) dh_srvr = s->s3->peer_dh_tmp; else { /* we get them from the cert */ int idx = scert->peer_cert_type; Loading Loading @@ -2558,7 +2558,7 @@ int ssl3_send_client_key_exchange(SSL *s) */ n = DH_compute_key(pms, dh_srvr->pub_key, dh_clnt); if (scert->peer_dh_tmp == NULL) if (s->s3->peer_dh_tmp == NULL) DH_free(dh_srvr); if (n <= 0) { Loading Loading @@ -2624,8 +2624,8 @@ int ssl3_send_client_key_exchange(SSL *s) */ } if (s->session->sess_cert->peer_ecdh_tmp != NULL) { tkey = s->session->sess_cert->peer_ecdh_tmp; if (s->s3->peer_ecdh_tmp != NULL) { tkey = s->s3->peer_ecdh_tmp; } else { /* Get the Server Public Key from Cert */ srvr_pub_pkey = Loading Loading @@ -3357,10 +3357,10 @@ int ssl3_check_cert_and_algorithm(SSL *s) goto err; } #ifndef OPENSSL_NO_RSA rsa = s->session->sess_cert->peer_rsa_tmp; rsa = s->s3->peer_rsa_tmp; #endif #ifndef OPENSSL_NO_DH dh = s->session->sess_cert->peer_dh_tmp; dh = s->s3->peer_dh_tmp; #endif /* This is the passed certificate */ Loading
ssl/s3_lib.c +22 −9 Original line number Diff line number Diff line Loading @@ -2894,11 +2894,17 @@ void ssl3_free(SSL *s) return; ssl3_cleanup_key_block(s); #ifndef OPENSSL_NO_RSA RSA_free(s->s3->peer_rsa_tmp); #endif #ifndef OPENSSL_NO_DH DH_free(s->s3->tmp.dh); DH_free(s->s3->peer_dh_tmp); #endif #ifndef OPENSSL_NO_EC EC_KEY_free(s->s3->tmp.ecdh); EC_KEY_free(s->s3->peer_ecdh_tmp); #endif sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); Loading Loading @@ -2929,13 +2935,22 @@ void ssl3_clear(SSL *s) OPENSSL_free(s->s3->tmp.peer_sigalgs); s->s3->tmp.peer_sigalgs = NULL; #ifndef OPENSSL_NO_RSA RSA_free(s->s3->peer_rsa_tmp); s->s3->peer_rsa_tmp = NULL; #endif #ifndef OPENSSL_NO_DH DH_free(s->s3->tmp.dh); s->s3->tmp.dh = NULL; DH_free(s->s3->peer_dh_tmp); s->s3->peer_dh_tmp = NULL; #endif #ifndef OPENSSL_NO_EC EC_KEY_free(s->s3->tmp.ecdh); s->s3->tmp.ecdh = NULL; EC_KEY_free(s->s3->peer_ecdh_tmp); s->s3->peer_ecdh_tmp = NULL; s->s3->is_probably_safari = 0; #endif /* !OPENSSL_NO_EC */ Loading Loading @@ -3330,28 +3345,26 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) if (s->server || !s->session || !s->session->sess_cert) return 0; else { SESS_CERT *sc; EVP_PKEY *ptmp; int rv = 0; sc = s->session->sess_cert; #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC) if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp && !sc->peer_ecdh_tmp) if (!s->s3->peer_rsa_tmp && !s->s3->peer_dh_tmp && !s->s3->peer_ecdh_tmp) return 0; #endif ptmp = EVP_PKEY_new(); if (!ptmp) return 0; #ifndef OPENSSL_NO_RSA else if (sc->peer_rsa_tmp) rv = EVP_PKEY_set1_RSA(ptmp, sc->peer_rsa_tmp); else if (s->s3->peer_rsa_tmp) rv = EVP_PKEY_set1_RSA(ptmp, s->s3->peer_rsa_tmp); #endif #ifndef OPENSSL_NO_DH else if (sc->peer_dh_tmp) rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp); else if (s->s3->peer_dh_tmp) rv = EVP_PKEY_set1_DH(ptmp, s->s3->peer_dh_tmp); #endif #ifndef OPENSSL_NO_EC else if (sc->peer_ecdh_tmp) rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp); else if (s->s3->peer_ecdh_tmp) rv = EVP_PKEY_set1_EC_KEY(ptmp, s->s3->peer_ecdh_tmp); #endif if (rv) { *(EVP_PKEY **)parg = ptmp; Loading
ssl/ssl_cert.c +0 −10 Original line number Diff line number Diff line Loading @@ -570,16 +570,6 @@ void ssl_sess_cert_free(SESS_CERT *sc) #endif } #ifndef OPENSSL_NO_RSA RSA_free(sc->peer_rsa_tmp); #endif #ifndef OPENSSL_NO_DH DH_free(sc->peer_dh_tmp); #endif #ifndef OPENSSL_NO_EC EC_KEY_free(sc->peer_ecdh_tmp); #endif OPENSSL_free(sc); } Loading
ssl/ssl_locl.h +12 −9 Original line number Diff line number Diff line Loading @@ -1340,6 +1340,18 @@ typedef struct ssl3_state_st { */ char is_probably_safari; # endif /* !OPENSSL_NO_EC */ /* For clients: peer temporary key */ # ifndef OPENSSL_NO_RSA RSA *peer_rsa_tmp; # endif # ifndef OPENSSL_NO_DH DH *peer_dh_tmp; # endif # ifndef OPENSSL_NO_EC EC_KEY *peer_ecdh_tmp; # endif } SSL3_STATE; Loading Loading @@ -1589,15 +1601,6 @@ typedef struct sess_cert_st { * Obviously we don't have the private keys of these, so maybe we * shouldn't even use the CERT_PKEY type here. */ # ifndef OPENSSL_NO_RSA RSA *peer_rsa_tmp; /* not used for SSL 2 */ # endif # ifndef OPENSSL_NO_DH DH *peer_dh_tmp; /* not used for SSL 2 */ # endif # ifndef OPENSSL_NO_EC EC_KEY *peer_ecdh_tmp; # endif int references; /* actually always 1 at the moment */ } SESS_CERT; /* Structure containing decoded values of signature algorithms extension */ Loading
Richard Levitte <levitte@openssl.org>Richard Levitte <levitte@openssl.org>