Cleanup code

wbeck10 · Oct 12, 2023 · 0e5113a · 0e5113a
1 parent 8746905
commit 0e5113a
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 30 deletions.
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
@@ -1561,7 +1561,7 @@ __owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
 __owur SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
                                const SSL_METHOD *meth);
 __owur SSL_CTX *SSL_CTX_dup(OSSL_LIB_CTX *libctx, SSL_CTX *source,
-                            const char *propq);
+                            const char *propq, const SSL_METHOD *meth);
 int SSL_CTX_up_ref(SSL_CTX *ctx);
 void SSL_CTX_free(SSL_CTX *);
 __owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
@@ -3827,24 +3827,31 @@ SSL_CTX *SSL_CTX_dup(OSSL_LIB_CTX *libctx, SSL_CTX *source,
                      const char *propq, const SSL_METHOD *meth)
 {
     SSL_CTX *ret = NULL;
+
     if (source == NULL)
         goto exit;
+
     ret = SSL_CTX_new_ex(libctx, propq, meth);
     if (ret) {
         if (meth != NULL)
             ret->cnf->method = meth;
-        if (ret->cnf->cipher_list)
+        else
+            ret->cnf->method = source->cnf->method;
+        if (source->cnf->cipher_list) {
             sk_SSL_CIPHER_free(ret->cnf->cipher_list);
-        ret->cnf->cipher_list = sk_SSL_CIPHER_dup(source->cnf->cipher_list);
-        if (ret->cnf->cipher_list_by_id)
+            ret->cnf->cipher_list = sk_SSL_CIPHER_dup(source->cnf->cipher_list);
+        }
+        if (source->cnf->cipher_list_by_id) {
             sk_SSL_CIPHER_free(ret->cnf->cipher_list_by_id);
-        ret->cnf->cipher_list_by_id = sk_SSL_CIPHER_dup(source->cnf->cipher_list_by_id);
-        if (ret->cnf->tls13_ciphersuites)
+            ret->cnf->cipher_list_by_id = sk_SSL_CIPHER_dup(source->cnf->cipher_list_by_id);
+        }
+        if (source->cnf->tls13_ciphersuites) {
             sk_SSL_CIPHER_free(ret->cnf->tls13_ciphersuites);
-        ret->cnf->tls13_ciphersuites = sk_SSL_CIPHER_dup(source->cnf->tls13_ciphersuites);
+            ret->cnf->tls13_ciphersuites = sk_SSL_CIPHER_dup(source->cnf->tls13_ciphersuites);
+        }
         SSL_CTX_set1_cert_store(ret, source->cnf->cert_store);
         ret->cnf->session_cache_size = source->cnf->session_cache_size;
-        ret->cnf->session_timeout = source->cnf->session_timeout;
+        ret->cnf->session_timeout.t = source->cnf->session_timeout.t;
         ret->cnf->session_cache_mode = source->cnf->session_cache_mode;
         ret->cnf->new_session_cb = source->cnf->new_session_cb;
         ret->cnf->remove_session_cb = source->cnf->remove_session_cb;
@@ -3859,52 +3866,49 @@ SSL_CTX *SSL_CTX_dup(OSSL_LIB_CTX *libctx, SSL_CTX *source,
         ret->cnf->gen_stateless_cookie_cb = source->cnf->gen_stateless_cookie_cb;
         ret->cnf->verify_stateless_cookie_cb = source->cnf->verify_stateless_cookie_cb;
         ret->cnf->ex_data.ctx = source->cnf->ex_data.ctx;
-        if (ret->cnf->ex_data.sk) {
+        if (source->cnf->ex_data.sk != NULL) {
             sk_void_free(ret->cnf->ex_data.sk);
-            ret->cnf->ex_data.sk = NULL;
+            ret->cnf->ex_data.sk = sk_void_dup(source->cnf->ex_data.sk);
         }
-        ret->cnf->ex_data.sk = sk_void_dup(source->cnf->ex_data.sk);
-        if (ret->cnf->extra_certs) {
+        if (source->cnf->extra_certs != NULL) {
             sk_X509_free(ret->cnf->extra_certs);
-            ret->cnf->extra_certs = NULL;
+            ret->cnf->extra_certs = sk_X509_dup(source->cnf->extra_certs);
         }
-        ret->cnf->extra_certs = sk_X509_dup(source->cnf->extra_certs);
         ret->cnf->info_callback = source->cnf->info_callback;
-        if (ret->cnf->ca_names) {
+        if (source->cnf->ca_names != NULL) {
             sk_X509_NAME_free(ret->cnf->ca_names);
-            ret->cnf->ca_names = NULL;
+            ret->cnf->ca_names = sk_X509_NAME_dup(source->cnf->ca_names);
         }
-        ret->cnf->ca_names = sk_X509_NAME_dup(source->cnf->ca_names);
-
-        if (ret->cnf->client_ca_names) {
+        if (source->cnf->client_ca_names != NULL) {
             sk_X509_NAME_free(ret->cnf->client_ca_names);
-            ret->cnf->client_ca_names = NULL;
+            ret->cnf->client_ca_names = sk_X509_NAME_dup(source->cnf->client_ca_names);
         }
-        ret->cnf->client_ca_names = sk_X509_NAME_dup(source->cnf->client_ca_names);
-
         ret->cnf->options = source->cnf->options;
         ret->cnf->mode = source->cnf->mode;
         ret->cnf->min_proto_version = source->cnf->min_proto_version;
         ret->cnf->max_proto_version = source->cnf->max_proto_version;
         ret->cnf->max_cert_list = source->cnf->max_cert_list;
-        if (ret->cnf->cert) {
+        if (source->cnf->cert) {
             ssl_cert_free(ret->cnf->cert);
-            ret->cnf->cert = NULL;
+            ret->cnf->cert = ssl_cert_dup(source->cnf->cert);
         }
-        ret->cnf->cert = ssl_cert_dup(source->cnf->cert);
-
         ret->cnf->read_ahead = source->cnf->read_ahead;
         ret->cnf->msg_callback = source->cnf->msg_callback;
         ret->cnf->msg_callback_arg = source->cnf->msg_callback_arg;
         ret->cnf->verify_mode = source->cnf->verify_mode;
         ret->cnf->sid_ctx_length = source->cnf->sid_ctx_length;
-        memcpy(ret->cnf->sid_ctx, source->cnf->sid_ctx, sizeof(source->cnf->sid_ctx_length));
+        if (source->cnf->sid_ctx != NULL) {
+            OPENSSL_free(ret->cnf->sid_ctx);
+            memcpy(ret->cnf->sid_ctx, source->cnf->sid_ctx, sizeof(source->cnf->sid_ctx_length));
+        }
         ret->cnf->default_verify_callback = source->cnf->default_verify_callback;
         ret->cnf->generate_session_id = source->cnf->generate_session_id;
         X509_VERIFY_PARAM_inherit(ret->cnf->param, source->cnf->param);
         ret->cnf->quiet_shutdown = source->cnf->quiet_shutdown;
+# ifndef OPENSSL_NO_CT
         ret->cnf->ct_validation_callback = source->cnf->ct_validation_callback;
         ret->cnf->ct_validation_callback_arg = source->cnf->ct_validation_callback_arg;
+#endif
         ret->cnf->split_send_fragment = source->cnf->split_send_fragment;
         ret->cnf->max_send_fragment = source->cnf->max_send_fragment;
         ret->cnf->max_pipelines = source->cnf->max_pipelines;
@@ -3919,31 +3923,38 @@ SSL_CTX *SSL_CTX_dup(OSSL_LIB_CTX *libctx, SSL_CTX *source,
         /* Duplicate ext structure */
         ret->cnf->ext.servername_cb = source->cnf->ext.servername_cb;
         ret->cnf->ext.servername_arg = source->cnf->ext.servername_arg;
-
-
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+        /* Callback to support customisation of ticket key setting */
+        ret->cnf->ext.ticket_key_cb = source->cnf->ext.ticket_key_cb;
+#endif
+        ret->cnf->ext.ticket_key_evp_cb = source->cnf->ext.ticket_key_evp_cb;
         ret->cnf->ext.status_cb = source->cnf->ext.status_cb;
         ret->cnf->ext.status_arg = source->cnf->ext.status_arg;
         ret->cnf->ext.status_type = source->cnf->ext.status_type;
         ret->cnf->ext.max_fragment_len_mode = source->cnf->ext.max_fragment_len_mode;
         ret->cnf->ext.ecpointformats_len = source->cnf->ext.ecpointformats_len;
         if (source->cnf->ext.ecpointformats != NULL) {
+            OPENSSL_free(ret->cnf->ext.ecpointformats);
             ret->cnf->ext.ecpointformats = OPENSSL_memdup(source->cnf->ext.ecpointformats,
                                                           source->cnf->ext.ecpointformats_len);
         }
         ret->cnf->ext.supportedgroups_len = source->cnf->ext.supportedgroups_len;
         if (source->cnf->ext.supportedgroups != NULL) {
+            OPENSSL_free(ret->cnf->ext.supportedgroups);
             ret->cnf->ext.supportedgroups = OPENSSL_memdup(source->cnf->ext.supportedgroups,
                                                            source->cnf->ext.supportedgroups_len);
         }
         ret->cnf->ext.supported_groups_default_len = source->cnf->ext.supported_groups_default_len;
         if (source->cnf->ext.supported_groups_default != NULL) {
+            OPENSSL_free(ret->cnf->ext.supported_groups_default);
             ret->cnf->ext.supported_groups_default = OPENSSL_memdup(source->cnf->ext.supported_groups_default,
                                                                     source->cnf->ext.supported_groups_default_len);
         }
         ret->cnf->ext.alpn_select_cb = source->cnf->ext.alpn_select_cb;
         ret->cnf->ext.alpn_select_cb_arg = source->cnf->ext.alpn_select_cb_arg;
         ret->cnf->ext.alpn_len = source->cnf->ext.alpn_len;
         if (source->cnf->ext.alpn != NULL) {
+            OPENSSL_free(ret->cnf->ext.alpn);
             ret->cnf->ext.alpn = OPENSSL_memdup(source->cnf->ext.alpn,
                                                 source->cnf->ext.alpn_len);
         }
@@ -3959,7 +3970,6 @@ SSL_CTX *SSL_CTX_dup(OSSL_LIB_CTX *libctx, SSL_CTX *source,
 # endif
         ret->cnf->psk_find_session_cb = source->cnf->psk_find_session_cb;
         ret->cnf->psk_use_session_cb = source->cnf->psk_use_session_cb;
-
         ret->cnf->not_resumable_session_cb = source->cnf->not_resumable_session_cb;
         ret->cnf->keylog_callback = source->cnf->keylog_callback;
         ret->cnf->max_early_data = source->cnf->max_early_data;

diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
@@ -813,6 +813,7 @@ struct ssl_ctx_cnf_st {
 
     /* TLSv1.3 specific ciphersuites */
     STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
+
     struct x509_store_st /* X509_STORE */ *cert_store;
 
     /*
-Original file line number
+Diff line change
@@ Expand Up / @@ -813,6 +813,7 @@ struct ssl_ctx_cnf_st { @@
         /* TLSv1.3 specific ciphersuites */
         STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
         struct x509_store_st /* X509_STORE */ *cert_store;
         /*
@@ Expand Down @@