[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-cvs
Subject: [CVS] OpenSSL: OpenSSL_1_0_2-stable: openssl/apps/ apps.c s_apps.h s_c...
From: "Dr. Stephen Henson" <steve () openssl ! org>
Date: 2012-12-29 23:58:44
Message-ID: 20121229235844.981F8134B4 () master ! openssl ! org
[Download RAW message or body]
OpenSSL CVS Repository
http://cvs.openssl.org/
____________________________________________________________________________
Server: cvs.openssl.org Name: Dr. Stephen Henson
Root: /v/openssl/cvs Email: steve@openssl.org
Module: openssl Date: 30-Dec-2012 00:58:44
Branch: OpenSSL_1_0_2-stable Handle: 2012122923584301
Modified files: (Branch: OpenSSL_1_0_2-stable)
openssl/apps apps.c s_apps.h s_cb.c s_client.c s_server.c
Log:
make JPAKE work again, fix memory leaks
Summary:
Revision Changes Path
1.133.2.11.2.6.2.8+6 -0 openssl/apps/apps.c
1.21.2.1.4.11+1 -1 openssl/apps/s_apps.h
1.27.2.8.2.5.2.17+19 -1 openssl/apps/s_cb.c
1.123.2.6.2.15.2.19+9 -8 openssl/apps/s_client.c
1.136.2.15.2.18.2.23+9 -9 openssl/apps/s_server.c
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openssl/apps/apps.c
============================================================================
$ cvs diff -u -r1.133.2.11.2.6.2.7 -r1.133.2.11.2.6.2.8 apps.c
--- openssl/apps/apps.c 26 Dec 2012 16:57:39 -0000 1.133.2.11.2.6.2.7
+++ openssl/apps/apps.c 29 Dec 2012 23:58:43 -0000 1.133.2.11.2.6.2.8
@@ -2726,6 +2726,9 @@
BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
+ if (psk_key)
+ OPENSSL_free(psk_key);
+
psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
BIO_pop(bconn);
@@ -2755,6 +2758,9 @@
BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
+ if (psk_key)
+ OPENSSL_free(psk_key);
+
psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
BIO_pop(bconn);
@@ .
patch -p0 <<'@@ .'
Index: openssl/apps/s_apps.h
============================================================================
$ cvs diff -u -r1.21.2.1.4.10 -r1.21.2.1.4.11 s_apps.h
--- openssl/apps/s_apps.h 29 Dec 2012 14:16:41 -0000 1.21.2.1.4.10
+++ openssl/apps/s_apps.h 29 Dec 2012 23:58:43 -0000 1.21.2.1.4.11
@@ -195,5 +195,5 @@
int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx,
int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr);
int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
- STACK_OF(OPENSSL_STRING) *str, int no_ecdhe);
+ STACK_OF(OPENSSL_STRING) *str, int no_ecdhe, int no_jpake);
#endif
@@ .
patch -p0 <<'@@ .'
Index: openssl/apps/s_cb.c
============================================================================
$ cvs diff -u -r1.27.2.8.2.5.2.16 -r1.27.2.8.2.5.2.17 s_cb.c
--- openssl/apps/s_cb.c 29 Dec 2012 14:16:41 -0000 1.27.2.8.2.5.2.16
+++ openssl/apps/s_cb.c 29 Dec 2012 23:58:43 -0000 1.27.2.8.2.5.2.17
@@ -1545,7 +1545,7 @@
}
int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
- STACK_OF(OPENSSL_STRING) *str, int no_ecdhe)
+ STACK_OF(OPENSSL_STRING) *str, int no_ecdhe, int no_jpake)
{
int i;
SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
@@ -1558,6 +1558,13 @@
*/
if (!no_ecdhe && !strcmp(param, "-named_curve"))
no_ecdhe = 1;
+#ifndef OPENSSL_NO_JPAKE
+ if (!no_jpake && !strcmp(param, "-cipher"))
+ {
+ BIO_puts(err, "JPAKE sets cipher to PSK\n");
+ return 0;
+ }
+#endif
if (SSL_CONF_cmd(cctx, param, value) <= 0)
{
BIO_printf(err, "Error with command: \"%s %s\"\n",
@@ -1579,5 +1586,16 @@
return 0;
}
}
+#ifndef OPENSSL_NO_JPAKE
+ if (!no_jpake)
+ {
+ if (SSL_CONF_cmd(cctx, "-cipher", "PSK") <= 0)
+ {
+ BIO_puts(err, "Error setting cipher to PSK\n");
+ ERR_print_errors(err);
+ return 0;
+ }
+ }
+#endif
return 1;
}
@@ .
patch -p0 <<'@@ .'
Index: openssl/apps/s_client.c
============================================================================
$ cvs diff -u -r1.123.2.6.2.15.2.18 -r1.123.2.6.2.15.2.19 s_client.c
--- openssl/apps/s_client.c 29 Dec 2012 14:16:41 -0000 1.123.2.6.2.15.2.18
+++ openssl/apps/s_client.c 29 Dec 2012 23:58:44 -0000 1.123.2.6.2.15.2.19
@@ -618,7 +618,10 @@
int enable_timeouts = 0 ;
long socket_mtu = 0;
#ifndef OPENSSL_NO_JPAKE
- char *jpake_secret = NULL;
+static char *jpake_secret = NULL;
+#define no_jpake !jpake_secret
+#else
+#define no_jpake 1
#endif
#ifndef OPENSSL_NO_SRP
char * srppass = NULL;
@@ -997,12 +1000,6 @@
goto end;
}
psk_identity = "JPAKE";
- if (cipher)
- {
- BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
- goto end;
- }
- cipher = "PSK";
}
#endif
@@ -1120,7 +1117,7 @@
if (vpm)
SSL_CTX_set1_param(ctx, vpm);
- if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, 1))
+ if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, 1, no_jpake))
{
ERR_print_errors(bio_err);
goto end;
@@ -1932,6 +1929,10 @@
sk_OPENSSL_STRING_free(ssl_args);
if (cctx)
SSL_CONF_CTX_free(cctx);
+#ifndef OPENSSL_NO_JPAKE
+ if (jpake_secret && psk_key)
+ OPENSSL_free(psk_key);
+#endif
if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
@@ .
patch -p0 <<'@@ .'
Index: openssl/apps/s_server.c
============================================================================
$ cvs diff -u -r1.136.2.15.2.18.2.22 -r1.136.2.15.2.18.2.23 s_server.c
--- openssl/apps/s_server.c 29 Dec 2012 14:16:41 -0000 1.136.2.15.2.18.2.22
+++ openssl/apps/s_server.c 29 Dec 2012 23:58:44 -0000 1.136.2.15.2.18.2.23
@@ -930,6 +930,9 @@
#ifndef OPENSSL_NO_JPAKE
static char *jpake_secret = NULL;
+#define no_jpake !jpake_secret
+#else
+#define no_jpake 1
#endif
#ifndef OPENSSL_NO_SRP
static srpsrvparm srp_callback_parm;
@@ -1417,14 +1420,7 @@
goto end;
}
psk_identity = "JPAKE";
- if (cipher)
- {
- BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
- goto end;
- }
- cipher = "PSK";
}
-
#endif
SSL_load_error_strings();
@@ -1648,7 +1644,7 @@
if (vpm)
SSL_CTX_set1_param(ctx, vpm);
- if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, no_ecdhe))
+ if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, no_ecdhe, no_jpake))
goto end;
if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile))
@@ -1712,7 +1708,7 @@
if (vpm)
SSL_CTX_set1_param(ctx2, vpm);
- if (!args_ssl_call(ctx2, bio_err, cctx, ssl_args, no_ecdhe))
+ if (!args_ssl_call(ctx2, bio_err, cctx, ssl_args, no_ecdhe, no_jpake))
goto end;
}
@@ -2011,6 +2007,10 @@
sk_OPENSSL_STRING_free(ssl_args);
if (cctx)
SSL_CONF_CTX_free(cctx);
+#ifndef OPENSSL_NO_JPAKE
+ if (jpake_secret && psk_key)
+ OPENSSL_free(psk_key);
+#endif
if (bio_s_out != NULL)
{
BIO_free(bio_s_out);
@@ .
______________________________________________________________________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List openssl-cvs@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic