Hi Guys, Tickets #3705 and #3709 can be closed as they are exactly same as this one. I've sent same mail few times. Sorry for inconvenience.
Kris On 02/17/2015 10:49 PM, Krzysztof Kwiatkowski via RT wrote: > Currently SSL_CTX_set_srp_username/password functions take char* > argument for username/password value. In an application level code those > values are very often const (user provided data). In such cases, when > passing those values to OpenSSL library either dirty cast needs to be > performed to remove constness, or const value needs to be copied to > temporary location (which for SSL_CTX_set_srp_username is useless as > this function copies again username value in ssl3_ctx_ctrl function). > > In this patch I try to cleanup API, so that const values also can be > passed to functions. Please integrate if interested. > > The diff is available as PR in github: > https://github.com/openssl/openssl/pull/227 > > Operating system: ALL > Versions: ALL > > > diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c > index ab19eeb..a464199 100644 > --- a/ssl/s3_lib.c > +++ b/ssl/s3_lib.c > @@ -4007,7 +4007,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long > larg, void *parg) > SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME); > return 0; > } > - if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL) { > + if ((ctx->srp_ctx.login = (char *)parg) == NULL) { > SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR); > return 0; > } > @@ -4015,6 +4015,8 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long > larg, void *parg) > case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD: > ctx->srp_ctx.SRP_give_srp_client_pwd_callback = > srp_password_from_info_cb; > + if(ctx->srp_ctx.info != NULL) > + OPENSSL_free(ctx->srp_ctx.info); > ctx->srp_ctx.info = parg; > break; > case SSL_CTRL_SET_SRP_ARG: > diff --git a/ssl/ssl.h b/ssl/ssl.h > index 13fb053..cf0c5ab 100644 > --- a/ssl/ssl.h > +++ b/ssl/ssl.h > @@ -1545,8 +1545,8 @@ X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX > *ctx); > X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); > > # ifndef OPENSSL_NO_SRP > -int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name); > -int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password); > +int SSL_CTX_set_srp_username(SSL_CTX *ctx, const char *name); > +int SSL_CTX_set_srp_password(SSL_CTX *ctx, const char *password); > int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength); > int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, > char *(*cb) (SSL *, void *)); > @@ -1557,7 +1557,7 @@ int SSL_CTX_set_srp_username_callback(SSL_CTX > *ctx, > int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg); > > int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, > - BIGNUM *sa, BIGNUM *v, char *info); > + BIGNUM *sa, BIGNUM *v, const char *info); > int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char > *pass, > const char *grp); > > diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c > index 33d398f..a054b70 100644 > --- a/ssl/tls_srp.c > +++ b/ssl/tls_srp.c > @@ -71,6 +71,7 @@ int SSL_CTX_SRP_CTX_free(struct ssl_ctx_st *ctx) > if (ctx == NULL) > return 0; > OPENSSL_free(ctx->srp_ctx.login); > + OPENSSL_free(ctx->srp_ctx.info); > BN_free(ctx->srp_ctx.N); > BN_free(ctx->srp_ctx.g); > BN_free(ctx->srp_ctx.s); > @@ -103,6 +104,7 @@ int SSL_SRP_CTX_free(struct ssl_st *s) > if (s == NULL) > return 0; > OPENSSL_free(s->srp_ctx.login); > + OPENSSL_free(s->srp_ctx.info); > BN_free(s->srp_ctx.N); > BN_free(s->srp_ctx.g); > BN_free(s->srp_ctx.s); > @@ -156,7 +158,6 @@ int SSL_SRP_CTX_init(struct ssl_st *s) > s->srp_ctx.b = NULL; > s->srp_ctx.v = NULL; > s->srp_ctx.login = NULL; > - s->srp_ctx.info = ctx->srp_ctx.info; > s->srp_ctx.strength = ctx->srp_ctx.strength; > > if (((ctx->srp_ctx.N != NULL) && > @@ -183,11 +184,18 @@ int SSL_SRP_CTX_init(struct ssl_st *s) > SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_INTERNAL_ERROR); > goto err; > } > + if ((ctx->srp_ctx.info != NULL) && > + ((s->srp_ctx.info = BUF_strdup(ctx->srp_ctx.info)) == NULL)) { > + SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_INTERNAL_ERROR); > + goto err; > + } > + > s->srp_ctx.srp_Mask = ctx->srp_ctx.srp_Mask; > > return (1); > err: > OPENSSL_free(s->srp_ctx.login); > + OPENSSL_free(s->srp_ctx.info); > BN_free(s->srp_ctx.N); > BN_free(s->srp_ctx.g); > BN_free(s->srp_ctx.s); > @@ -289,7 +297,7 @@ int SSL_set_srp_server_param_pw(SSL *s, const char > *user, const char *pass, > } > > int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, > - BIGNUM *sa, BIGNUM *v, char *info) > + BIGNUM *sa, BIGNUM *v, const char *info) > { > if (N != NULL) { > if (s->srp_ctx.N != NULL) { > @@ -327,7 +335,12 @@ int SSL_set_srp_server_param(SSL *s, const BIGNUM > *N, const BIGNUM *g, > } else > s->srp_ctx.v = BN_dup(v); > } > - s->srp_ctx.info = info; > + if(info!=NULL) { > + if(s->srp_ctx.info != NULL ) > + OPENSSL_free(s->srp_ctx.info); > + if((s->srp_ctx.info = BUF_strdup(info)) == NULL) > + return -1; > + } > > if (!(s->srp_ctx.N) || > !(s->srp_ctx.g) || !(s->srp_ctx.s) || !(s->srp_ctx.v)) > @@ -499,14 +512,16 @@ char *SSL_get_srp_userinfo(SSL *s) > # define tls1_ctx_ctrl ssl3_ctx_ctrl > # define tls1_ctx_callback_ctrl ssl3_ctx_callback_ctrl > > -int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name) > +int SSL_CTX_set_srp_username(SSL_CTX *ctx, const char *name) > { > - return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_USERNAME, 0, > name); > + char* name_tmp = BUF_strdup(name); > + return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_USERNAME, 0, > name_tmp); > } > > -int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password) > +int SSL_CTX_set_srp_password(SSL_CTX *ctx, const char *password) > { > - return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD, 0, > password); > + char* pass_tmp = BUF_strdup(password); > + return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD, 0, > pass_tmp); > } > > int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength) > > > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
