make JPAKE work again, fix memory leaks

2024-11-21 01:15:20 +08:00 · 2012-12-29 23:38:20 +00:00 · 2012-12-29 23:38:20 +00:00 · b252cf0d98
commit b252cf0d98
parent a4c4a7d5ca
5 changed files with 44 additions and 22 deletions
--- a/apps/apps.c
+++ b/apps/apps.c
@ -2864,6 +2864,9 @@ void jpake_client_auth(BIO *out, BIO *conn, const char *secret)

 	BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");

+	if (psk_key)
+		OPENSSL_free(psk_key);
+
 	psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));

 	BIO_pop(bconn);
@ -2893,6 +2896,9 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret)

 	BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");

+	if (psk_key)
+		OPENSSL_free(psk_key);
+
 	psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));

 	BIO_pop(bconn);
--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@ -196,7 +196,7 @@ void print_ssl_summary(BIO *bio, SSL *s);
 int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx,
 			int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr);
 int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
-				STACK_OF(OPENSSL_STRING) *str, int no_ecdhe);
+		STACK_OF(OPENSSL_STRING) *str, int no_ecdhe, int no_jpake);
 int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download);
 int ssl_load_stores(SSL_CTX *ctx,
 			const char *vfyCApath, const char *vfyCAfile,
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@ -1619,7 +1619,7 @@ int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx,
 	}

 int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
-				STACK_OF(OPENSSL_STRING) *str, int no_ecdhe)
+		STACK_OF(OPENSSL_STRING) *str, int no_ecdhe, int no_jpake)
 	{
 	int i;
 	SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
@ -1632,6 +1632,13 @@ int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
 		 */
 		if (!no_ecdhe && !strcmp(param, "-named_curve"))
 			no_ecdhe = 1;
+#ifndef OPENSSL_NO_JPAKE
+		if (!no_jpake && !strcmp(param, "-cipher"))
+			{
+			BIO_puts(err, "JPAKE sets cipher to PSK\n");
+			return 0;
+			}
+#endif
 		if (SSL_CONF_cmd(cctx, param, value) <= 0)
 			{
 			BIO_printf(err, "Error with command: \"%s %s\"\n",
@ -1653,6 +1660,17 @@ int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
 			return 0;
 			}
 		}
+#ifndef OPENSSL_NO_JPAKE
+	if (!no_jpake)
+		{
+		if (SSL_CONF_cmd(cctx, "-cipher", "PSK") <= 0)
+			{
+			BIO_puts(err, "Error setting cipher to PSK\n");
+			ERR_print_errors(err);
+			return 0;
+			}
+		}
+#endif
 	return 1;
 	}

--- a/apps/s_client.c
+++ b/apps/s_client.c
@ -622,7 +622,10 @@ int MAIN(int argc, char **argv)
 	int enable_timeouts = 0 ;
 	long socket_mtu = 0;
 #ifndef OPENSSL_NO_JPAKE
-	char *jpake_secret = NULL;
+static char *jpake_secret = NULL;
+#define no_jpake !jpake_secret
+#else
+#define no_jpake 1
 #endif
 #ifndef OPENSSL_NO_SRP
 	char * srppass = NULL;
@ -1052,13 +1055,6 @@ bad:
 			}
 		psk_identity = "JPAKE";
 		}
-
-	if (cipher)
-		{
-		BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
-		goto end;
-		}
-	cipher = "PSK";
 #endif

 	OpenSSL_add_ssl_algorithms();
@ -1203,7 +1199,7 @@ bad:
 	if (vpm)
 		SSL_CTX_set1_param(ctx, vpm);

-	if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, 1))
+	if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, 1, no_jpake))
 		{
 		ERR_print_errors(bio_err);
 		goto end;
@ -2032,6 +2028,10 @@ end:
 		sk_OPENSSL_STRING_free(ssl_args);
 	if (cctx)
 		SSL_CONF_CTX_free(cctx);
+#ifndef OPENSSL_NO_JPAKE
+	if (jpake_secret && psk_key)
+		OPENSSL_free(psk_key);
+#endif
 	if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
 	if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
 	if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
--- a/apps/s_server.c
+++ b/apps/s_server.c
@ -938,6 +938,9 @@ int MAIN(int, char **);

 #ifndef OPENSSL_NO_JPAKE
 static char *jpake_secret = NULL;
+#define no_jpake !jpake_secret
+#else
+#define no_jpake 1
 #endif
 #ifndef OPENSSL_NO_SRP
 	static srpsrvparm srp_callback_parm;
@ -1465,14 +1468,7 @@ bad:
 			goto end;
 			}
 		psk_identity = "JPAKE";
-		if (cipher)
-			{
-			BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
-			goto end;
-			}
-		cipher = "PSK";
 		}
-
 #endif

 	SSL_load_error_strings();
@ -1719,8 +1715,7 @@ bad:
 		SSL_CTX_set1_param(ctx, vpm);

 	ssl_ctx_add_crls(ctx, crls, 0);
-
-	if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, no_ecdhe))
+	if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, no_ecdhe, no_jpake))
 		goto end;

 	if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile,
@ -1788,8 +1783,7 @@ bad:
 			SSL_CTX_set1_param(ctx2, vpm);

 		ssl_ctx_add_crls(ctx2, crls, 0);
-
-		if (!args_ssl_call(ctx2, bio_err, cctx, ssl_args, no_ecdhe))
+		if (!args_ssl_call(ctx2, bio_err, cctx, ssl_args, no_ecdhe, no_jpake))
 			goto end;
 		}

@ -2033,6 +2027,10 @@ end:
 		sk_OPENSSL_STRING_free(ssl_args);
 	if (cctx)
 		SSL_CONF_CTX_free(cctx);
+#ifndef OPENSSL_NO_JPAKE
+	if (jpake_secret && psk_key)
+		OPENSSL_free(psk_key);
+#endif
 	if (bio_s_out != NULL)
 		{
        	BIO_free(bio_s_out);