Commit 67c408ce authored by Scott Deboy's avatar Scott Deboy Committed by Ben Laurie
Browse files

Free generated supp data after handshake completion, add comment regarding use... 

Free generated supp data after handshake completion, add comment regarding use of num_renegotiations in TLS and supp data generation callbacks
parent 5eda213e

apps/s_client.c

+18 −6
Original line number Diff line number Diff line
@@ -225,8 +225,10 @@ static int c_brief=0; 


#ifndef OPENSSL_NO_TLSEXT



static const unsigned char *most_recent_supplemental_data;

static size_t most_recent_supplemental_data_length;

static unsigned char *generated_supp_data = NULL;



static unsigned char *most_recent_supplemental_data = NULL;

static size_t most_recent_supplemental_data_length = 0;



static int server_provided_server_authz = 0;

static int server_provided_client_authz = 0;
@@ -1779,6 +1781,13 @@ SSL_set_tlsext_status_ids(con, ids); 
						"CONNECTION ESTABLISHED\n");

					print_ssl_summary(bio_err, con);

					}

				/*handshake is complete - free the generated supp data allocated in the callback */

				if (generated_supp_data)

					{

					OPENSSL_free(generated_supp_data);

					generated_supp_data = NULL;

					}



				print_stuff(bio_c_out,con,full_log);

				if (full_log > 0) full_log--;
@@ -2450,6 +2459,8 @@ static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, 
	{

	if (c_auth)

		{

		/*if auth_require_reneg flag is set, only send extensions if

		  renegotiation has occurred */

		if (!c_auth_require_reneg || (c_auth_require_reneg && SSL_num_renegotiations(s)))

			{

			*out = auth_ext_data;
@@ -2478,15 +2489,16 @@ static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, 
				     const unsigned char **out,

				     unsigned short *outlen, void *arg)

	{

	unsigned char *result;

	if (c_auth && server_provided_client_authz && server_provided_server_authz)

		{

		/*if auth_require_reneg flag is set, only send supplemental data if

		  renegotiation has occurred */

		if (!c_auth_require_reneg

		    || (c_auth_require_reneg && SSL_num_renegotiations(s)))

			{

			result = OPENSSL_malloc(10);

			memcpy(result, "5432154321", 10);

			*out = result;

			generated_supp_data = OPENSSL_malloc(10);

			memcpy(generated_supp_data, "5432154321", 10);

			*out = generated_supp_data;

			*outlen = 10;

			return 1;

			}

apps/s_server.c

+18 −6
Original line number Diff line number Diff line
@@ -229,8 +229,10 @@ static void s_server_init(void); 


static const unsigned char auth_ext_data[]={TLSEXT_AUTHZDATAFORMAT_dtcp};



static const unsigned char *most_recent_supplemental_data;

static size_t most_recent_supplemental_data_length;

static unsigned char *generated_supp_data = NULL;



static unsigned char *most_recent_supplemental_data = NULL;

static size_t most_recent_supplemental_data_length = 0;



static int client_provided_server_authz = 0;

static int client_provided_client_authz = 0;
@@ -2673,6 +2675,13 @@ static int init_ssl_connection(SSL *con) 
			i=SSL_accept(con);

		}

#endif

	/*handshake is complete - free the generated supp data allocated in the callback */

	if (generated_supp_data)

		{

        OPENSSL_free(generated_supp_data);

		generated_supp_data = NULL;

		}



	if (i <= 0)

		{

		if (BIO_sock_should_retry(i))
@@ -3583,6 +3592,8 @@ static int authz_tlsext_generate_cb(SSL *s, unsigned short ext_type, 
	{

	if (c_auth && client_provided_client_authz && client_provided_server_authz)

		{

		/*if auth_require_reneg flag is set, only send extensions if

		  renegotiation has occurred */

		if (!c_auth_require_reneg

		    || (c_auth_require_reneg && SSL_num_renegotiations(s)))

			{
@@ -3612,15 +3623,16 @@ static int auth_suppdata_generate_cb(SSL *s, unsigned short supp_data_type, 
				     const unsigned char **out,

				     unsigned short *outlen, void *arg)

	{

	unsigned char *result;

	if (c_auth && client_provided_client_authz && client_provided_server_authz)

		{

		/*if auth_require_reneg flag is set, only send supplemental data if

		  renegotiation has occurred */

		if (!c_auth_require_reneg

		    || (c_auth_require_reneg && SSL_num_renegotiations(s)))

			{

			result = OPENSSL_malloc(10);

			memcpy(result, "1234512345", 10);

			*out = result;

			generated_supp_data = OPENSSL_malloc(10);

			memcpy(generated_supp_data, "1234512345", 10);

			*out = generated_supp_data;

			*outlen = 10;

			return 1;

			}