if (ssl->lock == NULL)
return 0;
+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, ssl, &ssl->ex_data)) {
+ CRYPTO_THREAD_lock_free(ssl->lock);
+ ssl->lock = NULL;
+ return 0;
+ }
+
SSL_CTX_up_ref(ctx);
ssl->ctx = ctx;
ssl->defltmeth = ssl->method = method;
- if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, ssl, &ssl->ex_data))
- return 0;
-
return 1;
}
if (!ossl_ssl_init(ssl, ctx, method, SSL_TYPE_SSL_CONNECTION)) {
OPENSSL_free(s);
s = NULL;
+ ssl = NULL;
goto sslerr;
}
goto sslerr;
#endif
+ s->ssl_pkey_num = SSL_PKEY_NUM + ctx->sigalg_list_len;
return ssl;
cerr:
ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
s->wbio = NULL;
BIO_free_all(s->rbio);
s->rbio = NULL;
+ OPENSSL_free(s->s3.tmp.valid_flags);
}
void SSL_set0_rbio(SSL *s, BIO *rbio)
* (see ssl3_shutdown).
*/
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
+#ifndef OPENSSL_NO_QUIC
+ QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_SSL(s);
+
+ if (qc != NULL)
+ return ossl_quic_conn_shutdown(qc, 0, NULL, 0);
+#endif
if (sc == NULL)
return -1;
ret->session_timeout = meth->get_timeout();
ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
ret->verify_mode = SSL_VERIFY_NONE;
- if ((ret->cert = ssl_cert_new()) == NULL) {
- ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
- goto err;
- }
ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp);
if (ret->sessions == NULL) {
#endif
/* initialize cipher/digest methods table */
- if (!ssl_load_ciphers(ret))
+ if (!ssl_load_ciphers(ret)) {
+ ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
goto err;
- /* initialise sig algs */
- if (!ssl_setup_sig_algs(ret))
+ }
+
+ if (!ssl_load_groups(ret)) {
+ ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
goto err;
+ }
- if (!ssl_load_groups(ret))
+ /* load provider sigalgs */
+ if (!ssl_load_sigalgs(ret)) {
+ ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
goto err;
+ }
+
+ /* initialise sig algs */
+ if (!ssl_setup_sigalgs(ret)) {
+ ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
+ goto err;
+ }
if (!SSL_CTX_set_ciphersuites(ret, OSSL_default_ciphersuites())) {
ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
goto err;
}
+ if ((ret->cert = ssl_cert_new(SSL_PKEY_NUM + ret->sigalg_list_len)) == NULL) {
+ ERR_raise(ERR_LIB_SSL, ERR_R_SSL_LIB);
+ goto err;
+ }
+
if (!ssl_create_cipher_list(ret,
ret->tls13_ciphersuites,
&ret->cipher_list, &ret->cipher_list_by_id,
OPENSSL_free(a->group_list[j].algorithm);
}
OPENSSL_free(a->group_list);
+ for (j = 0; j < a->sigalg_list_len; j++) {
+ OPENSSL_free(a->sigalg_list[j].name);
+ OPENSSL_free(a->sigalg_list[j].sigalg_name);
+ OPENSSL_free(a->sigalg_list[j].sigalg_oid);
+ OPENSSL_free(a->sigalg_list[j].sig_name);
+ OPENSSL_free(a->sigalg_list[j].sig_oid);
+ OPENSSL_free(a->sigalg_list[j].hash_name);
+ OPENSSL_free(a->sigalg_list[j].hash_oid);
+ OPENSSL_free(a->sigalg_list[j].keytype);
+ OPENSSL_free(a->sigalg_list[j].keytype_oid);
+ }
+ OPENSSL_free(a->sigalg_list);
+ OPENSSL_free(a->ssl_cert_info);
OPENSSL_free(a->sigalg_lookup_cache);
+ OPENSSL_free(a->tls12_sigalgs);
CRYPTO_THREAD_lock_free(a->lock);
#ifdef TSAN_REQUIRES_LOCKING
QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_SSL(s);
if (qc == NULL)
- return -1;
+ return 0;
return ossl_quic_conn_set_initial_peer_addr(qc, peer_addr);
#else
- return -1;
+ return 0;
+#endif
+}
+
+int SSL_shutdown_ex(SSL *ssl, uint64_t flags,
+ const SSL_SHUTDOWN_EX_ARGS *args,
+ size_t args_len)
+{
+#ifndef OPENSSL_NO_QUIC
+ QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_SSL(ssl);
+
+ if (qc == NULL)
+ return SSL_shutdown(ssl);
+
+ return ossl_quic_conn_shutdown(qc, flags, args, args_len);
+#else
+ return SSL_shutdown(ssl);
+#endif
+}
+
+int SSL_stream_conclude(SSL *ssl, uint64_t flags)
+{
+#ifndef OPENSSL_NO_QUIC
+ QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_SSL(ssl);
+
+ if (qc == NULL)
+ return 0;
+
+ return ossl_quic_conn_stream_conclude(qc);
+#else
+ return 0;
#endif
}