generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

make JPAKE work again, fix memory leaks

Browse Source
This commit is contained in:
Dr. Stephen Henson 2012-12-29 23:38:20 +00:00
parent a4c4a7d5ca
commit b252cf0d98
5 changed files with 44 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apps/apps.c
View File

@ -2864,6 +2864,9 @@ void jpake_client_auth(BIO *out, BIO *conn, const char *secret)
BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n"); BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
if (psk_key)
OPENSSL_free(psk_key);
psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx)); psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
BIO_pop(bconn); BIO_pop(bconn);
@ -2893,6 +2896,9 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n"); BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
if (psk_key)
OPENSSL_free(psk_key);
psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx)); psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
BIO_pop(bconn); BIO_pop(bconn);

2
apps/s_apps.h
View File

@ -196,7 +196,7 @@ void print_ssl_summary(BIO *bio, SSL *s);
int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx, int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx,
int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr); int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr);
int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx, int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
STACK_OF(OPENSSL_STRING) *str, int no_ecdhe); STACK_OF(OPENSSL_STRING) *str, int no_ecdhe, int no_jpake);
int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download); int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download);
int ssl_load_stores(SSL_CTX *ctx, int ssl_load_stores(SSL_CTX *ctx,
const char *vfyCApath, const char *vfyCAfile, const char *vfyCApath, const char *vfyCAfile,

20
apps/s_cb.c
View File

@ -1619,7 +1619,7 @@ int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx,
} }
int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx, int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
STACK_OF(OPENSSL_STRING) *str, int no_ecdhe) STACK_OF(OPENSSL_STRING) *str, int no_ecdhe, int no_jpake)
{ {
int i; int i;
SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
@ -1632,6 +1632,13 @@ int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
*/ */
if (!no_ecdhe && !strcmp(param, "-named_curve")) if (!no_ecdhe && !strcmp(param, "-named_curve"))
no_ecdhe = 1; no_ecdhe = 1;
#ifndef OPENSSL_NO_JPAKE
if (!no_jpake && !strcmp(param, "-cipher"))
{
BIO_puts(err, "JPAKE sets cipher to PSK\n");
return 0;
}
#endif
if (SSL_CONF_cmd(cctx, param, value) <= 0) if (SSL_CONF_cmd(cctx, param, value) <= 0)
{ {
BIO_printf(err, "Error with command: \"%s %s\"\n", BIO_printf(err, "Error with command: \"%s %s\"\n",
@ -1653,6 +1660,17 @@ int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
return 0; return 0;
} }
} }
#ifndef OPENSSL_NO_JPAKE
if (!no_jpake)
{
if (SSL_CONF_cmd(cctx, "-cipher", "PSK") <= 0)
{
BIO_puts(err, "Error setting cipher to PSK\n");
ERR_print_errors(err);
return 0;
}
}
#endif
return 1; return 1;
} }

18
apps/s_client.c
View File

@ -622,7 +622,10 @@ int MAIN(int argc, char **argv)
int enable_timeouts = 0 ; int enable_timeouts = 0 ;
long socket_mtu = 0; long socket_mtu = 0;
#ifndef OPENSSL_NO_JPAKE #ifndef OPENSSL_NO_JPAKE
char *jpake_secret = NULL; static char *jpake_secret = NULL;
#define no_jpake !jpake_secret
#else
#define no_jpake 1
#endif #endif
#ifndef OPENSSL_NO_SRP #ifndef OPENSSL_NO_SRP
char * srppass = NULL; char * srppass = NULL;
@ -1052,13 +1055,6 @@ bad:
} }
psk_identity = "JPAKE"; psk_identity = "JPAKE";
} }
if (cipher)
{
BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
goto end;
}
cipher = "PSK";
#endif #endif
OpenSSL_add_ssl_algorithms(); OpenSSL_add_ssl_algorithms();
@ -1203,7 +1199,7 @@ bad:
if (vpm) if (vpm)
SSL_CTX_set1_param(ctx, vpm); SSL_CTX_set1_param(ctx, vpm);
if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, 1)) if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, 1, no_jpake))
{ {
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
goto end; goto end;
@ -2032,6 +2028,10 @@ end:
sk_OPENSSL_STRING_free(ssl_args); sk_OPENSSL_STRING_free(ssl_args);
if (cctx) if (cctx)
SSL_CONF_CTX_free(cctx); SSL_CONF_CTX_free(cctx);
#ifndef OPENSSL_NO_JPAKE
if (jpake_secret && psk_key)
OPENSSL_free(psk_key);
#endif
if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); } if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); } if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); } if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }

20
apps/s_server.c
View File

@ -938,6 +938,9 @@ int MAIN(int, char **);
#ifndef OPENSSL_NO_JPAKE #ifndef OPENSSL_NO_JPAKE
static char *jpake_secret = NULL; static char *jpake_secret = NULL;
#define no_jpake !jpake_secret
#else
#define no_jpake 1
#endif #endif
#ifndef OPENSSL_NO_SRP #ifndef OPENSSL_NO_SRP
static srpsrvparm srp_callback_parm; static srpsrvparm srp_callback_parm;
@ -1465,14 +1468,7 @@ bad:
goto end; goto end;
} }
psk_identity = "JPAKE"; psk_identity = "JPAKE";
if (cipher)
{
BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
goto end;
}
cipher = "PSK";
} }
#endif #endif
SSL_load_error_strings(); SSL_load_error_strings();
@ -1719,8 +1715,7 @@ bad:
SSL_CTX_set1_param(ctx, vpm); SSL_CTX_set1_param(ctx, vpm);
ssl_ctx_add_crls(ctx, crls, 0); ssl_ctx_add_crls(ctx, crls, 0);
if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, no_ecdhe, no_jpake))
if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, no_ecdhe))
goto end; goto end;
if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile, if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile,
@ -1788,8 +1783,7 @@ bad:
SSL_CTX_set1_param(ctx2, vpm); SSL_CTX_set1_param(ctx2, vpm);
ssl_ctx_add_crls(ctx2, crls, 0); ssl_ctx_add_crls(ctx2, crls, 0);
if (!args_ssl_call(ctx2, bio_err, cctx, ssl_args, no_ecdhe, no_jpake))
if (!args_ssl_call(ctx2, bio_err, cctx, ssl_args, no_ecdhe))
goto end; goto end;
} }
@ -2033,6 +2027,10 @@ end:
sk_OPENSSL_STRING_free(ssl_args); sk_OPENSSL_STRING_free(ssl_args);
if (cctx) if (cctx)
SSL_CONF_CTX_free(cctx); SSL_CONF_CTX_free(cctx);
#ifndef OPENSSL_NO_JPAKE
if (jpake_secret && psk_key)
OPENSSL_free(psk_key);
#endif
if (bio_s_out != NULL) if (bio_s_out != NULL)
{ {
BIO_free(bio_s_out); BIO_free(bio_s_out);