make JPAKE work again, fix memory leaks

diff --git a/apps/apps.c b/apps/apps.c
index 984582111c6a7bf858b93bf9e66062c8e1606c36..15f2069c95c694f4877d6ec3efcd12281be6d286 100644 (file)
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2864,6 +2864,9 @@ void jpake_client_auth(BIO *out, BIO *conn, const char *secret)
 
        BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
 
+       if (psk_key)
+               OPENSSL_free(psk_key);
+
        psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
 
        BIO_pop(bconn);
@@ -2893,6 +2896,9 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
 
        BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
 
+       if (psk_key)
+               OPENSSL_free(psk_key);
+
        psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
 
        BIO_pop(bconn);

diff --git a/apps/s_apps.h b/apps/s_apps.h
index 83526eca301c19650bdc50a54c25a27e7ba09774..be985280c99ec14a8af163166ae9b3bf270ce268 100644 (file)
--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@@ -196,7 +196,7 @@ void print_ssl_summary(BIO *bio, SSL *s);
 int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx,
                        int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr);
 int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
-                               STACK_OF(OPENSSL_STRING) *str, int no_ecdhe);
+               STACK_OF(OPENSSL_STRING) *str, int no_ecdhe, int no_jpake);
 int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download);
 int ssl_load_stores(SSL_CTX *ctx,
                        const char *vfyCApath, const char *vfyCAfile,

diff --git a/apps/s_cb.c b/apps/s_cb.c
index 96bc5dba5acdd0bbf623e6740650bf3650d1ae2e..65c3dae0a29b0f1f8068df7cc4c762a7840db8ad 100644 (file)
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -1619,7 +1619,7 @@ int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx,
        }
 
 int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
-                               STACK_OF(OPENSSL_STRING) *str, int no_ecdhe)
+               STACK_OF(OPENSSL_STRING) *str, int no_ecdhe, int no_jpake)
        {
        int i;
        SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
@@ -1632,6 +1632,13 @@ int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
                 */
                if (!no_ecdhe && !strcmp(param, "-named_curve"))
                        no_ecdhe = 1;
+#ifndef OPENSSL_NO_JPAKE
+               if (!no_jpake && !strcmp(param, "-cipher"))
+                       {
+                       BIO_puts(err, "JPAKE sets cipher to PSK\n");
+                       return 0;
+                       }
+#endif
                if (SSL_CONF_cmd(cctx, param, value) <= 0)
                        {
                        BIO_printf(err, "Error with command: \"%s %s\"\n",
@@ -1653,6 +1660,17 @@ int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
                        return 0;
                        }
                }
+#ifndef OPENSSL_NO_JPAKE
+       if (!no_jpake)
+               {
+               if (SSL_CONF_cmd(cctx, "-cipher", "PSK") <= 0)
+                       {
+                       BIO_puts(err, "Error setting cipher to PSK\n");
+                       ERR_print_errors(err);
+                       return 0;
+                       }
+               }
+#endif
        return 1;
        }
 

diff --git a/apps/s_client.c b/apps/s_client.c
index 5edede4633185be747f4e510652ba1269182a93e..841395db16bcee0e8de923a1ee81dc87f2d3cfa4 100644 (file)
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -622,7 +622,10 @@ int MAIN(int argc, char **argv)
        int enable_timeouts = 0 ;
        long socket_mtu = 0;
 #ifndef OPENSSL_NO_JPAKE
-       char *jpake_secret = NULL;
+static char *jpake_secret = NULL;
+#define no_jpake !jpake_secret
+#else
+#define no_jpake 1
 #endif
 #ifndef OPENSSL_NO_SRP
        char * srppass = NULL;
@@ -1052,13 +1055,6 @@ bad:
                        }
                psk_identity = "JPAKE";
                }
-
-       if (cipher)
-               {
-               BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
-               goto end;
-               }
-       cipher = "PSK";
 #endif
 
        OpenSSL_add_ssl_algorithms();
@@ -1203,7 +1199,7 @@ bad:
        if (vpm)
                SSL_CTX_set1_param(ctx, vpm);
 
-       if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, 1))
+       if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, 1, no_jpake))
                {
                ERR_print_errors(bio_err);
                goto end;
@@ -2032,6 +2028,10 @@ end:
                sk_OPENSSL_STRING_free(ssl_args);
        if (cctx)
                SSL_CONF_CTX_free(cctx);
+#ifndef OPENSSL_NO_JPAKE
+       if (jpake_secret && psk_key)
+               OPENSSL_free(psk_key);
+#endif
        if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
        if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
        if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }

diff --git a/apps/s_server.c b/apps/s_server.c
index f0ec4dbc09a52f56863b5ade8d500dbdb0d0a483..7cb9a08da51f23da8964b7ae6b0c9164e1ea177b 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -938,6 +938,9 @@ int MAIN(int, char **);
 
 #ifndef OPENSSL_NO_JPAKE
 static char *jpake_secret = NULL;
+#define no_jpake !jpake_secret
+#else
+#define no_jpake 1
 #endif
 #ifndef OPENSSL_NO_SRP
        static srpsrvparm srp_callback_parm;
@@ -1465,14 +1468,7 @@ bad:
                        goto end;
                        }
                psk_identity = "JPAKE";
-               if (cipher)
-                       {
-                       BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
-                       goto end;
-                       }
-               cipher = "PSK";
                }
-
 #endif
 
        SSL_load_error_strings();
@@ -1719,8 +1715,7 @@ bad:
                SSL_CTX_set1_param(ctx, vpm);
 
        ssl_ctx_add_crls(ctx, crls, 0);
-
-       if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, no_ecdhe))
+       if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, no_ecdhe, no_jpake))
                goto end;
 
        if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile,
@@ -1788,8 +1783,7 @@ bad:
                        SSL_CTX_set1_param(ctx2, vpm);
 
                ssl_ctx_add_crls(ctx2, crls, 0);
-
-               if (!args_ssl_call(ctx2, bio_err, cctx, ssl_args, no_ecdhe))
+               if (!args_ssl_call(ctx2, bio_err, cctx, ssl_args, no_ecdhe, no_jpake))
                        goto end;
                }
 
@@ -2033,6 +2027,10 @@ end:
                sk_OPENSSL_STRING_free(ssl_args);
        if (cctx)
                SSL_CONF_CTX_free(cctx);
+#ifndef OPENSSL_NO_JPAKE
+       if (jpake_secret && psk_key)
+               OPENSSL_free(psk_key);
+#endif
        if (bio_s_out != NULL)
                {
                BIO_free(bio_s_out);