void OPENSSL_VPROC_FUNC(void) {}
#endif
-
-static void clear_ciphers(SSL_CONNECTION *s)
+static int clear_record_layer(SSL_CONNECTION *s)
{
- /* clear the current cipher */
- ssl_clear_cipher_ctx(s);
- ssl_clear_hash_ctx(&s->read_hash);
- ssl_clear_hash_ctx(&s->write_hash);
+ int ret;
+
+ /* We try and reset both record layers even if one fails */
+
+ ret = ssl_set_new_record_layer(s,
+ SSL_CONNECTION_IS_DTLS(s) ? DTLS_ANY_VERSION
+ : TLS_ANY_VERSION,
+ OSSL_RECORD_DIRECTION_READ,
+ OSSL_RECORD_PROTECTION_LEVEL_NONE,
+ NULL, 0, NULL, 0, NULL, 0, NULL, 0,
+ NID_undef, NULL, NULL);
+
+ ret &= ssl_set_new_record_layer(s,
+ SSL_CONNECTION_IS_DTLS(s) ? DTLS_ANY_VERSION
+ : TLS_ANY_VERSION,
+ OSSL_RECORD_DIRECTION_WRITE,
+ OSSL_RECORD_PROTECTION_LEVEL_NONE,
+ NULL, 0, NULL, 0, NULL, 0, NULL, 0,
+ NID_undef, NULL, NULL);
+ /* SSLfatal already called in the event of failure */
+ return ret;
}
int SSL_clear(SSL *s)
BUF_MEM_free(sc->init_buf);
sc->init_buf = NULL;
- clear_ciphers(sc);
sc->first_packet = 0;
sc->key_update = SSL_KEY_UPDATE_NONE;
BIO_free(sc->rlayer.rrlnext);
sc->rlayer.rrlnext = NULL;
- if (!ssl_set_new_record_layer(sc,
- SSL_CONNECTION_IS_DTLS(sc) ? DTLS_ANY_VERSION : TLS_ANY_VERSION,
- OSSL_RECORD_DIRECTION_READ,
- OSSL_RECORD_PROTECTION_LEVEL_NONE,
- NULL, 0, NULL, 0, NULL, 0, NULL, 0,
- NID_undef, NULL, NULL)) {
- /* SSLfatal already called */
+ if (!clear_record_layer(sc))
return 0;
- }
- if (!ssl_set_new_record_layer(sc,
- SSL_CONNECTION_IS_DTLS(sc) ? DTLS_ANY_VERSION : TLS_ANY_VERSION,
- OSSL_RECORD_DIRECTION_WRITE,
- OSSL_RECORD_PROTECTION_LEVEL_NONE,
- NULL, 0, NULL, 0, NULL, 0, NULL, 0,
- NID_undef, NULL, NULL)) {
- /* SSLfatal already called */
- return 0;
- }
return 1;
}
SSL_SESSION_free(s->psksession);
OPENSSL_free(s->psksession_id);
- clear_ciphers(s);
-
ssl_cert_free(s->cert);
OPENSSL_free(s->shared_sigalgs);
/* Free up if allocated */
}
/* If we have an alert to send, lets send it */
- if (sc->s3.alert_dispatch) {
+ if (sc->s3.alert_dispatch > 0) {
ret = (ossl_ssize_t)s->method->ssl_dispatch_alert(s);
if (ret <= 0) {
/* SSLfatal() already called if appropriate */
sc->shutdown = 0;
ossl_statem_clear(sc);
sc->handshake_func = s->method->ssl_accept;
- clear_ciphers(sc);
+ /* Ignore return value. Its a void public API function */
+ clear_record_layer(sc);
}
void SSL_set_connect_state(SSL *s)
sc->shutdown = 0;
ossl_statem_clear(sc);
sc->handshake_func = s->method->ssl_connect;
- clear_ciphers(sc);
+ /* Ignore return value. Its a void public API function */
+ clear_record_layer(sc);
}
int ssl_undefined_function(SSL *s)
return NULL;
}
-void ssl_clear_cipher_ctx(SSL_CONNECTION *s)
-{
- if (s->enc_read_ctx != NULL) {
- EVP_CIPHER_CTX_free(s->enc_read_ctx);
- s->enc_read_ctx = NULL;
- }
- if (s->enc_write_ctx != NULL) {
- EVP_CIPHER_CTX_free(s->enc_write_ctx);
- s->enc_write_ctx = NULL;
- }
-#ifndef OPENSSL_NO_COMP
- COMP_CTX_free(s->expand);
- s->expand = NULL;
- COMP_CTX_free(s->compress);
- s->compress = NULL;
-#endif
-}
-
X509 *SSL_get_certificate(const SSL *s)
{
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
return ctx->num_tickets;
}
-/*
- * Allocates new EVP_MD_CTX and sets pointer to it into given pointer
- * variable, freeing EVP_MD_CTX previously stored in that variable, if any.
- * If EVP_MD pointer is passed, initializes ctx with this |md|.
- * Returns the newly allocated ctx;
- */
-
-EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
-{
- ssl_clear_hash_ctx(hash);
- *hash = EVP_MD_CTX_new();
- if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) {
- EVP_MD_CTX_free(*hash);
- *hash = NULL;
- return NULL;
- }
- return *hash;
-}
-
-void ssl_clear_hash_ctx(EVP_MD_CTX **hash)
-{
-
- EVP_MD_CTX_free(*hash);
- *hash = NULL;
-}
-
/* Retrieve handshake hashes */
int ssl_handshake_hash(SSL_CONNECTION *s,
unsigned char *out, size_t outlen,
}
}
- while (sk_SCT_num(src) > 0) {
- sct = sk_SCT_pop(src);
+ while ((sct = sk_SCT_pop(src)) != NULL) {
if (SCT_set_source(sct, origin) != 1)
goto err;
rl = &sc->rlayer;
- if (RECORD_LAYER_read_pending(rl) || RECORD_LAYER_write_pending(rl))
- return 0;
-
- RECORD_LAYER_release(rl);
- return 1;
+ return rl->rrlmethod->free_buffers(rl->rrl)
+ && rl->wrlmethod->free_buffers(rl->wrl);
}
int SSL_alloc_buffers(SSL *ssl)
{
+ RECORD_LAYER *rl;
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
if (sc == NULL)
return 0;
- /* TODO(RECLAYER): Need a way to make this happen in the record layer */
- return 1;
+ rl = &sc->rlayer;
+
+ return rl->rrlmethod->alloc_buffers(rl->rrl)
+ && rl->wrlmethod->alloc_buffers(rl->wrl);
}
void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb)