Fix memory leak with client auth.
[openssl.git] / ssl / t1_lib.c
index ebb6a94..31fc70e 100644 (file)
  */
 
 #include <stdio.h>
-#include <time.h>
-#include <openssl/bio.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include <openssl/ocsp.h>
-#include <openssl/o_time.h>
 #include <openssl/rand.h>
 #include "ssl_locl.h"
 
@@ -3647,6 +3644,11 @@ static int tls1_set_shared_sigalgs(SSL *s)
        TLS_SIGALGS *salgs = NULL;
        CERT *c = s->cert;
        unsigned int is_suiteb = tls1_suiteb(s);
+       if (c->shared_sigalgs)
+               {
+               OPENSSL_free(c->shared_sigalgs);
+               c->shared_sigalgs = NULL;
+               }
        /* If client use client signature algorithms if not NULL */
        if (!s->server && c->client_sigalgs && !is_suiteb)
                {
@@ -3703,6 +3705,8 @@ int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
        if (!c)
                return 0;
 
+       if (c->peer_sigalgs)
+               OPENSSL_free(c->peer_sigalgs);
        c->peer_sigalgs = OPENSSL_malloc(dsize);
        if (!c->peer_sigalgs)
                return 0;
@@ -4435,126 +4439,3 @@ int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
        }
 
 #endif
-
-/* RFC6962 Signed Certificate Timestamp List X.509 extension parser */
-int i2r_sctlist(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct,
-               BIO *out, int indent)
-       {
-       BN_ULLONG timestamp;
-       struct tm tm1;
-       time_t unix_epoch = 0;
-       unsigned char* data = oct->data;
-       char month[4];
-       unsigned short listlen, sctlen = 0, fieldlen;
-       int signhash_nid;
-
-       if (oct->length < 2)
-               return 0;
-       n2s(data, listlen);
-       if (listlen != oct->length - 2)
-               return 0;
-
-       while (listlen > 0)
-               {
-               if (listlen < 2)
-                       return 0;
-               n2s(data, sctlen);
-               listlen -= 2;
-
-               if ((sctlen < 1) || (sctlen > listlen))
-                       return 0;
-               listlen -= sctlen;
-
-               BIO_printf(out, "%*sSigned Certificate Timestamp:", indent,
-                          "");
-
-               if (*data == 0)         /* SCT v1 */
-                       {
-                       /* Fixed-length header:
-                        *              struct {
-                        * (1 byte)       Version sct_version;
-                        * (32 bytes)     LogID id;
-                        * (8 bytes)      uint64 timestamp;
-                        * (2 bytes + ?)  CtExtensions extensions;
-                        */
-                       if (sctlen < 43)
-                               return 0;
-                       sctlen -= 43;
-
-                       BIO_printf(out, "\n%*sVersion   : v1(0)", indent + 4,
-                                  "");
-
-                       BIO_printf(out, "\n%*sLog ID    : ", indent + 4, "");
-                       BIO_hex_string(out, indent + 16, 16, data + 1, 32);
-
-                       data += 33;
-                       n2l8(data, timestamp);
-                       OPENSSL_gmtime(&unix_epoch, &tm1);
-                       OPENSSL_gmtime_adj(&tm1, timestamp / 86400000,
-                                          (timestamp % 86400000) / 1000);
-                       strftime(month, 4, "%b", &tm1);
-                       BIO_printf(out, "\n%*sTimestamp : ", indent + 4, "");
-                       BIO_printf(out, "%s %2d %02d:%02d:%02d.%03u %d UTC",
-                                  month, tm1.tm_mday, tm1.tm_hour,
-                                  tm1.tm_min, tm1.tm_sec,
-                                  (unsigned int)(timestamp % 1000),
-                                  tm1.tm_year + 1900);
-
-                       n2s(data, fieldlen);
-                       if (sctlen < fieldlen)
-                               return 0;
-                       sctlen -= fieldlen;
-                       BIO_printf(out, "\n%*sExtensions: ", indent + 4, "");
-                       if (fieldlen == 0)
-                               BIO_printf(out, "none");
-                       else
-                               BIO_hex_string(out, indent + 16, 16, data,
-                                              fieldlen);
-                       data += fieldlen;
-
-                       /* digitally-signed struct header:
-                        * (1 byte) Hash algorithm
-                        * (1 byte) Signature algorithm
-                        * (2 bytes + ?) Signature
-                        */
-                       if (sctlen < 4)
-                               return 0;
-                       sctlen -= 4;
-
-                       tls1_lookup_sigalg(NULL, NULL, &signhash_nid, data);
-                       data += 2;
-                       n2s(data, fieldlen);
-                       if (sctlen != fieldlen)
-                               return 0;
-                       BIO_printf(out, "\n%*sSignature : ", indent + 4, "");
-                       BIO_printf(out, "%s", OBJ_nid2ln(signhash_nid));
-                       BIO_printf(out, "\n%*s            ", indent + 4, "");
-                       BIO_hex_string(out, indent + 16, 16, data, fieldlen);
-                       if (listlen > 0) BIO_printf(out, "\n");
-                       data += fieldlen;
-                       }
-               }
-
-       return 1;
-       }
-
-static X509V3_EXT_METHOD ext_method_ct_precert_scts =
-       {
-       NID_ct_precert_scts, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
-       0, 0, 0, 0, 0, 0, 0, 0, (X509V3_EXT_I2R)i2r_sctlist, NULL, NULL
-       };
-
-static X509V3_EXT_METHOD ext_method_ct_cert_scts =
-       {
-       NID_ct_cert_scts, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
-       0, 0, 0, 0, 0, 0, 0, 0, (X509V3_EXT_I2R)i2r_sctlist, NULL, NULL
-       };
-
-int X509V3_EXT_add_rfc6962(void)
-       {
-       if (!X509V3_EXT_add(&ext_method_ct_precert_scts))
-               return 0;
-       if (!X509V3_EXT_add(&ext_method_ct_cert_scts))
-               return 0;
-       return 1;
-       }