Commit 1992c761 authored by Nick Mathewson's avatar Nick Mathewson 🥄
Browse files

Split tls modules and their tests into openssl and generic.

Also, add a stubbed-out nss version of the modules.  The tests won't
pass with NSS yet since the NSS modules don't do anything.

This is a good patch to read with --color-moved.
parent 91c1e88b
......@@ -10,6 +10,16 @@ src_lib_libtor_tls_a_SOURCES = \
src/lib/tls/tortls.c \
src/lib/tls/x509.c
if USE_NSS
src_lib_libtor_tls_a_SOURCES += \
src/lib/tls/tortls_nss.c \
src/lib/tls/x509_nss.c
else
src_lib_libtor_tls_a_SOURCES += \
src/lib/tls/tortls_openssl.c \
src/lib/tls/x509_openssl.c
endif
src_lib_libtor_tls_a_CFLAGS = $(AM_CFLAGS) $(TOR_CFLAGS_CRYPTLIB)
src_lib_libtor_tls_testing_a_SOURCES = \
......@@ -22,4 +32,6 @@ noinst_HEADERS += \
src/lib/tls/ciphers.inc \
src/lib/tls/buffers_tls.h \
src/lib/tls/tortls.h \
src/lib/tls/tortls_internal.h \
src/lib/tls/tortls_st.h \
src/lib/tls/x509.h
......@@ -3,146 +3,13 @@
* Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
* \file tortls.c
* \brief Wrapper functions to present a consistent interface to
* TLS, SSL, and X.509 functions from OpenSSL.
**/
/* (Unlike other tor functions, these
* are prefixed with tor_ in order to avoid conflicting with OpenSSL
* functions and variables.)
*/
#include "orconfig.h"
#define TORTLS_PRIVATE
#define TORTLS_OPENSSL_PRIVATE
#ifdef _WIN32 /*wrkard for dtls1.h >= 0.9.8m of "#include <winsock.h>"*/
#include <winsock2.h>
#include <ws2tcpip.h>
#endif
#include "lib/crypt_ops/crypto_cipher.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_dh.h"
#include "lib/crypt_ops/crypto_util.h"
#include "lib/crypt_ops/compat_openssl.h"
#include "lib/tls/x509.h"
/* Some versions of OpenSSL declare SSL_get_selected_srtp_profile twice in
* srtp.h. Suppress the GCC warning so we can build with -Wredundant-decl. */
DISABLE_GCC_WARNING(redundant-decls)
#include <openssl/opensslv.h>
#ifdef OPENSSL_NO_EC
#error "We require OpenSSL with ECC support"
#endif
#include <openssl/ssl.h>
#include <openssl/ssl3.h>
#include <openssl/err.h>
#include <openssl/tls1.h>
#include <openssl/asn1.h>
#include <openssl/bio.h>
#include <openssl/bn.h>
#include <openssl/rsa.h>
ENABLE_GCC_WARNING(redundant-decls)
#include "lib/tls/tortls.h"
#include "lib/tls/tortls_st.h"
#include "lib/log/log.h"
#include "lib/tls/tortls_internal.h"
#include "lib/log/util_bug.h"
#include "lib/container/smartlist.h"
#include "lib/string/compat_string.h"
#include "lib/string/printf.h"
#include "lib/net/socket.h"
#include "lib/intmath/cmp.h"
#include "lib/ctime/di_ops.h"
#include "lib/encoding/time_fmt.h"
#include <stdlib.h>
#include <string.h>
#include "lib/arch/bytes.h"
/* Copied from or.h */
#define LEGAL_NICKNAME_CHARACTERS \
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
/** How long do identity certificates live? (sec) */
#define IDENTITY_CERT_LIFETIME (365*24*60*60)
#define ADDR(tls) (((tls) && (tls)->address) ? tls->address : "peer")
#if OPENSSL_VERSION_NUMBER < OPENSSL_V(1,0,0,'f')
/* This is a version of OpenSSL before 1.0.0f. It does not have
* the CVE-2011-4576 fix, and as such it can't use RELEASE_BUFFERS and
* SSL3 safely at the same time.
*/
#define DISABLE_SSL3_HANDSHAKE
#endif /* OPENSSL_VERSION_NUMBER < OPENSSL_V(1,0,0,'f') */
/* We redefine these so that we can run correctly even if the vendor gives us
* a version of OpenSSL that does not match its header files. (Apple: I am
* looking at you.)
*/
#ifndef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L
#endif
#ifndef SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
#define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0010
#endif
/** Return values for tor_tls_classify_client_ciphers.
*
* @{
*/
/** An error occurred when examining the client ciphers */
#define CIPHERS_ERR -1
/** The client cipher list indicates that a v1 handshake was in use. */
#define CIPHERS_V1 1
/** The client cipher list indicates that the client is using the v2 or the
* v3 handshake, but that it is (probably!) lying about what ciphers it
* supports */
#define CIPHERS_V2 2
/** The client cipher list indicates that the client is using the v2 or the
* v3 handshake, and that it is telling the truth about what ciphers it
* supports */
#define CIPHERS_UNRESTRICTED 3
/** @} */
/** The ex_data index in which we store a pointer to an SSL object's
* corresponding tor_tls_t object. */
STATIC int tor_tls_object_ex_data_index = -1;
/** Helper: Allocate tor_tls_object_ex_data_index. */
STATIC void
tor_tls_allocate_tor_tls_object_ex_data_index(void)
{
if (tor_tls_object_ex_data_index == -1) {
tor_tls_object_ex_data_index =
SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
tor_assert(tor_tls_object_ex_data_index != -1);
}
}
/** Helper: given a SSL* pointer, return the tor_tls_t object using that
* pointer. */
STATIC tor_tls_t *
tor_tls_get_by_ssl(const SSL *ssl)
{
tor_tls_t *result = SSL_get_ex_data(ssl, tor_tls_object_ex_data_index);
if (result)
tor_assert(result->magic == TOR_TLS_MAGIC);
return result;
}
static void tor_tls_context_decref(tor_tls_context_t *ctx);
static void tor_tls_context_incref(tor_tls_context_t *ctx);
/** Global TLS contexts. We keep them here because nobody else needs
* to touch them.
......@@ -152,126 +19,37 @@ STATIC tor_tls_context_t *server_tls_context = NULL;
STATIC tor_tls_context_t *client_tls_context = NULL;
/**@}*/
/** True iff tor_tls_init() has been called. */
static int tls_library_is_initialized = 0;
/* Module-internal error codes. */
#define TOR_TLS_SYSCALL_ (MIN_TOR_TLS_ERROR_VAL_ - 2)
#define TOR_TLS_ZERORETURN_ (MIN_TOR_TLS_ERROR_VAL_ - 1)
/** Write a description of the current state of <b>tls</b> into the
* <b>sz</b>-byte buffer at <b>buf</b>. */
void
tor_tls_get_state_description(tor_tls_t *tls, char *buf, size_t sz)
/**
* Return the appropriate TLS context.
*/
tor_tls_context_t *
tor_tls_context_get(int is_server)
{
const char *ssl_state;
const char *tortls_state;
if (PREDICT_UNLIKELY(!tls || !tls->ssl)) {
strlcpy(buf, "(No SSL object)", sz);
return;
}
ssl_state = SSL_state_string_long(tls->ssl);
switch (tls->state) {
#define CASE(st) case TOR_TLS_ST_##st: tortls_state = " in "#st ; break
CASE(HANDSHAKE);
CASE(OPEN);
CASE(GOTCLOSE);
CASE(SENTCLOSE);
CASE(CLOSED);
CASE(RENEGOTIATE);
#undef CASE
case TOR_TLS_ST_BUFFEREVENT:
tortls_state = "";
break;
default:
tortls_state = " in unknown TLS state";
break;
}
tor_snprintf(buf, sz, "%s%s", ssl_state, tortls_state);
return is_server ? server_tls_context : client_tls_context;
}
/** Log a single error <b>err</b> as returned by ERR_get_error(), which was
* received while performing an operation <b>doing</b> on <b>tls</b>. Log
* the message at <b>severity</b>, in log domain <b>domain</b>. */
/** Increase the reference count of <b>ctx</b>. */
void
tor_tls_log_one_error(tor_tls_t *tls, unsigned long err,
int severity, int domain, const char *doing)
tor_tls_context_incref(tor_tls_context_t *ctx)
{
const char *state = NULL, *addr;
const char *msg, *lib, *func;
state = (tls && tls->ssl)?SSL_state_string_long(tls->ssl):"---";
addr = tls ? tls->address : NULL;
/* Some errors are known-benign, meaning they are the fault of the other
* side of the connection. The caller doesn't know this, so override the
* priority for those cases. */
switch (ERR_GET_REASON(err)) {
case SSL_R_HTTP_REQUEST:
case SSL_R_HTTPS_PROXY_REQUEST:
case SSL_R_RECORD_LENGTH_MISMATCH:
#ifndef OPENSSL_1_1_API
case SSL_R_RECORD_TOO_LARGE:
#endif
case SSL_R_UNKNOWN_PROTOCOL:
case SSL_R_UNSUPPORTED_PROTOCOL:
severity = LOG_INFO;
break;
default:
break;
}
msg = (const char*)ERR_reason_error_string(err);
lib = (const char*)ERR_lib_error_string(err);
func = (const char*)ERR_func_error_string(err);
if (!msg) msg = "(null)";
if (!lib) lib = "(null)";
if (!func) func = "(null)";
if (doing) {
tor_log(severity, domain, "TLS error while %s%s%s: %s (in %s:%s:%s)",
doing, addr?" with ":"", addr?addr:"",
msg, lib, func, state);
} else {
tor_log(severity, domain, "TLS error%s%s: %s (in %s:%s:%s)",
addr?" with ":"", addr?addr:"",
msg, lib, func, state);
}
++ctx->refcnt;
}
/** Log all pending tls errors at level <b>severity</b> in log domain
* <b>domain</b>. Use <b>doing</b> to describe our current activities.
*/
/** Free all global TLS structures. */
void
tls_log_errors(tor_tls_t *tls, int severity, int domain, const char *doing)
tor_tls_free_all(void)
{
unsigned long err;
check_no_tls_errors();
while ((err = ERR_get_error()) != 0) {
tor_tls_log_one_error(tls, err, severity, domain, doing);
if (server_tls_context) {
tor_tls_context_t *ctx = server_tls_context;
server_tls_context = NULL;
tor_tls_context_decref(ctx);
}
}
/** Convert an errno (or a WSAerrno on windows) into a TOR_TLS_* error
* code. */
STATIC int
tor_errno_to_tls_error(int e)
{
switch (e) {
case SOCK_ERRNO(ECONNRESET): // most common
return TOR_TLS_ERROR_CONNRESET;
case SOCK_ERRNO(ETIMEDOUT):
return TOR_TLS_ERROR_TIMEOUT;
case SOCK_ERRNO(EHOSTUNREACH):
case SOCK_ERRNO(ENETUNREACH):
return TOR_TLS_ERROR_NO_ROUTE;
case SOCK_ERRNO(ECONNREFUSED):
return TOR_TLS_ERROR_CONNREFUSED; // least common
default:
return TOR_TLS_ERROR_MISC;
if (client_tls_context) {
tor_tls_context_t *ctx = client_tls_context;
client_tls_context = NULL;
tor_tls_context_decref(ctx);
}
}
......@@ -295,331 +73,6 @@ tor_tls_err_to_string(int err)
}
}
#define CATCH_SYSCALL 1
#define CATCH_ZERO 2
/** Given a TLS object and the result of an SSL_* call, use
* SSL_get_error to determine whether an error has occurred, and if so
* which one. Return one of TOR_TLS_{DONE|WANTREAD|WANTWRITE|ERROR}.
* If extra&CATCH_SYSCALL is true, return TOR_TLS_SYSCALL_ instead of
* reporting syscall errors. If extra&CATCH_ZERO is true, return
* TOR_TLS_ZERORETURN_ instead of reporting zero-return errors.
*
* If an error has occurred, log it at level <b>severity</b> and describe the
* current action as <b>doing</b>.
*/
STATIC int
tor_tls_get_error(tor_tls_t *tls, int r, int extra,
const char *doing, int severity, int domain)
{
int err = SSL_get_error(tls->ssl, r);
int tor_error = TOR_TLS_ERROR_MISC;
switch (err) {
case SSL_ERROR_NONE:
return TOR_TLS_DONE;
case SSL_ERROR_WANT_READ:
return TOR_TLS_WANTREAD;
case SSL_ERROR_WANT_WRITE:
return TOR_TLS_WANTWRITE;
case SSL_ERROR_SYSCALL:
if (extra&CATCH_SYSCALL)
return TOR_TLS_SYSCALL_;
if (r == 0) {
tor_log(severity, LD_NET, "TLS error: unexpected close while %s (%s)",
doing, SSL_state_string_long(tls->ssl));
tor_error = TOR_TLS_ERROR_IO;
} else {
int e = tor_socket_errno(tls->socket);
tor_log(severity, LD_NET,
"TLS error: <syscall error while %s> (errno=%d: %s; state=%s)",
doing, e, tor_socket_strerror(e),
SSL_state_string_long(tls->ssl));
tor_error = tor_errno_to_tls_error(e);
}
tls_log_errors(tls, severity, domain, doing);
return tor_error;
case SSL_ERROR_ZERO_RETURN:
if (extra&CATCH_ZERO)
return TOR_TLS_ZERORETURN_;
tor_log(severity, LD_NET, "TLS connection closed while %s in state %s",
doing, SSL_state_string_long(tls->ssl));
tls_log_errors(tls, severity, domain, doing);
return TOR_TLS_CLOSE;
default:
tls_log_errors(tls, severity, domain, doing);
return TOR_TLS_ERROR_MISC;
}
}
/** Initialize OpenSSL, unless it has already been initialized.
*/
void
tor_tls_init(void)
{
check_no_tls_errors();
if (!tls_library_is_initialized) {
#ifdef OPENSSL_1_1_API
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
#else
SSL_library_init();
SSL_load_error_strings();
#endif
#if (SIZEOF_VOID_P >= 8 && \
OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1))
long version = OpenSSL_version_num();
/* LCOV_EXCL_START : we can't test these lines on the same machine */
if (version >= OPENSSL_V_SERIES(1,0,1)) {
/* Warn if we could *almost* be running with much faster ECDH.
If we're built for a 64-bit target, using OpenSSL 1.0.1, but we
don't have one of the built-in __uint128-based speedups, we are
just one build operation away from an accelerated handshake.
(We could be looking at OPENSSL_NO_EC_NISTP_64_GCC_128 instead of
doing this test, but that gives compile-time options, not runtime
behavior.)
*/
EC_KEY *key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
const EC_GROUP *g = key ? EC_KEY_get0_group(key) : NULL;
const EC_METHOD *m = g ? EC_GROUP_method_of(g) : NULL;
const int warn = (m == EC_GFp_simple_method() ||
m == EC_GFp_mont_method() ||
m == EC_GFp_nist_method());
EC_KEY_free(key);
if (warn)
log_notice(LD_GENERAL, "We were built to run on a 64-bit CPU, with "
"OpenSSL 1.0.1 or later, but with a version of OpenSSL "
"that apparently lacks accelerated support for the NIST "
"P-224 and P-256 groups. Building openssl with such "
"support (using the enable-ec_nistp_64_gcc_128 option "
"when configuring it) would make ECDH much faster.");
}
/* LCOV_EXCL_STOP */
#endif /* (SIZEOF_VOID_P >= 8 && ... */
tor_tls_allocate_tor_tls_object_ex_data_index();
tls_library_is_initialized = 1;
}
}
/** Free all global TLS structures. */
void
tor_tls_free_all(void)
{
check_no_tls_errors();
if (server_tls_context) {
tor_tls_context_t *ctx = server_tls_context;
server_tls_context = NULL;
tor_tls_context_decref(ctx);
}
if (client_tls_context) {
tor_tls_context_t *ctx = client_tls_context;
client_tls_context = NULL;
tor_tls_context_decref(ctx);
}
}
/** We need to give OpenSSL a callback to verify certificates. This is
* it: We always accept peer certs and complete the handshake. We
* don't validate them until later.
*/
STATIC int
always_accept_verify_cb(int preverify_ok,
X509_STORE_CTX *x509_ctx)
{
(void) preverify_ok;
(void) x509_ctx;
return 1;
}
/** List of ciphers that servers should select from when the client might be
* claiming extra unsupported ciphers in order to avoid fingerprinting. */
static const char SERVER_CIPHER_LIST[] =
#ifdef TLS1_3_TXT_AES_128_GCM_SHA256
/* This one can never actually get selected, since if the client lists it,
* we will assume that the client is honest, and not use this list.
* Nonetheless we list it if it's available, so that the server doesn't
* conclude that it has no valid ciphers if it's running with TLS1.3.
*/
TLS1_3_TXT_AES_128_GCM_SHA256 ":"
#endif
TLS1_TXT_DHE_RSA_WITH_AES_256_SHA ":"
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA;
/** List of ciphers that servers should select from when we actually have
* our choice of what cipher to use. */
static const char UNRESTRICTED_SERVER_CIPHER_LIST[] =
/* Here are the TLS 1.3 ciphers we like, in the order we prefer. */
#ifdef TLS1_3_TXT_AES_256_GCM_SHA384
TLS1_3_TXT_AES_256_GCM_SHA384 ":"
#endif
#ifdef TLS1_3_TXT_CHACHA20_POLY1305_SHA256
TLS1_3_TXT_CHACHA20_POLY1305_SHA256 ":"
#endif
#ifdef TLS1_3_TXT_AES_128_GCM_SHA256
TLS1_3_TXT_AES_128_GCM_SHA256 ":"
#endif
#ifdef TLS1_3_TXT_AES_128_CCM_SHA256
TLS1_3_TXT_AES_128_CCM_SHA256 ":"
#endif
/* This list is autogenerated with the gen_server_ciphers.py script;
* don't hand-edit it. */
#ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ":"
#endif
#ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ":"
#endif
#ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384
TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 ":"
#endif
#ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256
TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 ":"
#endif
#ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA ":"
#endif
#ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA ":"
#endif
#ifdef TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 ":"
#endif
#ifdef TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 ":"
#endif
#ifdef TLS1_TXT_DHE_RSA_WITH_AES_256_CCM
TLS1_TXT_DHE_RSA_WITH_AES_256_CCM ":"
#endif
#ifdef TLS1_TXT_DHE_RSA_WITH_AES_128_CCM
TLS1_TXT_DHE_RSA_WITH_AES_128_CCM ":"
#endif
#ifdef TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256
TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 ":"
#endif
#ifdef TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 ":"
#endif
/* Required */
TLS1_TXT_DHE_RSA_WITH_AES_256_SHA ":"
/* Required */
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA ":"
#ifdef TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305
TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 ":"
#endif
#ifdef TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305
TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305
#endif
;
/* Note: to set up your own private testing network with link crypto
* disabled, set your Tors' cipher list to
* (SSL3_TXT_RSA_NULL_SHA). If you do this, you won't be able to communicate
* with any of the "real" Tors, though. */
#define CIPHER(id, name) name ":"
#define XCIPHER(id, name)
/** List of ciphers that clients should advertise, omitting items that
* our OpenSSL doesn't know about. */
static const char CLIENT_CIPHER_LIST[] =
#include "ciphers.inc"
/* Tell it not to use SSLv2 ciphers, so that it can select an SSLv3 version
* of any cipher we say. */
"!SSLv2"
;
#undef CIPHER
#undef XCIPHER
/** Remove a reference to <b>ctx</b>, and free it if it has no more
* references. */
static void
tor_tls_context_decref(tor_tls_context_t *ctx)
{
tor_assert(ctx);
if (--ctx->refcnt == 0) {
SSL_CTX_free(ctx->ctx);
tor_x509_cert_free(ctx->my_link_cert);
tor_x509_cert_free(ctx->my_id_cert);
tor_x509_cert_free(ctx->my_auth_cert);
crypto_pk_free(ctx->link_key);
crypto_pk_free(ctx->auth_key);
/* LCOV_EXCL_BR_START since ctx will never be NULL here */
tor_free(ctx);
/* LCOV_EXCL_BR_STOP */
}
}
/** Set *<b>link_cert_out</b> and *<b>id_cert_out</b> to the link certificate
* and ID certificate that we're currently using for our V3 in-protocol
* handshake's certificate chain. If <b>server</b> is true, provide the certs
* that we use in server mode (auth, ID); otherwise, provide the certs that we
* use in client mode. (link, ID) */
int
tor_tls_get_my_certs(int server,
const tor_x509_cert_t **link_cert_out,
const tor_x509_cert_t **id_cert_out)
{
tor_tls_context_t *ctx = server ? server_tls_context : client_tls_context;
if (! ctx)
return -1;
if (link_cert_out)
*link_cert_out = server ? ctx->my_link_cert : ctx->my_auth_cert;
if (id_cert_out)
*id_cert_out = ctx->my_id_cert;
return 0;
}
/**
* Return the authentication key that we use to authenticate ourselves as a
* client in the V3 in-protocol handshake.
*/
crypto_pk_t *
tor_tls_get_my_client_auth_key(void)
{
if (! client_tls_context)
return NULL;
return client_tls_context->auth_key;
}
/** Return true iff the other side of <b>tls</b> has authenticated to us, and
* the key certified in <b>cert</b> is the same as the key they used to do it.
*/
MOCK_IMPL(int,
tor_tls_cert_matches_key,(const tor_tls_t *tls, const tor_x509_cert_t *cert))
{
X509 *peercert = SSL_get_peer_certificate(tls->ssl);
EVP_PKEY *link_key = NULL, *cert_key = NULL;
int result;
if (!peercert)
return 0;
link_key = X509_get_pubkey(peercert);
cert_key = X509_get_pubkey((X509 *)tor_x509_cert_get_impl(cert));
result = link_key && cert_key && EVP_PKEY_cmp(cert_key, link_key) == 1;
X509_free(peercert);
if (link_key)
EVP_PKEY_free(link_key);
if (cert_key)
EVP_PKEY_free(cert_key);
return result;