mirror of
https://git.freebsd.org/ports.git
synced 2025-05-05 16:07:38 -04:00
68a0d94c1a
resources after initial BN_bin2bn() calls for `p' and `g'; just utilize the original code and call BN_free() after initializing `a' if anything had failed.
111 lines
3 KiB
C
111 lines
3 KiB
C
--- modules/mod_authen/SS5Supa.c.orig 2011-08-26 12:28:01 UTC
|
|
+++ modules/mod_authen/SS5Supa.c
|
|
@@ -188,6 +188,7 @@ static unsigned char * ss5_secure_dh_compute_key (int
|
|
|
|
DH * ss = DH_new();
|
|
BIGNUM * a = NULL;
|
|
+ BIGNUM *p, *g;
|
|
int len = 1;
|
|
unsigned char * public_key = NULL;
|
|
uint32_t len_key = 0;
|
|
@@ -205,41 +206,75 @@ static unsigned char * ss5_secure_dh_compute_key (int
|
|
else
|
|
pid=(UINT)pthread_self();
|
|
|
|
- ss->p = BN_bin2bn ((pippo->p), pippo->lenp, NULL);
|
|
- ss->g = BN_bin2bn ((pippo->g), pippo->leng, NULL);
|
|
+ p = BN_bin2bn ((pippo->p), pippo->lenp, NULL);
|
|
+ g = BN_bin2bn ((pippo->g), pippo->leng, NULL);
|
|
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
|
|
+ DH_set0_pqg(ss, p, NULL, g);
|
|
+#else
|
|
+ ss->p = p;
|
|
+ ss->g = g;
|
|
+#endif
|
|
a = BN_bin2bn ((pippo->a), pippo->lena, NULL);
|
|
- if (!a || !ss->p || !ss->g){
|
|
+ if (!a || !p || !g) {
|
|
if( VERBOSE() ) {
|
|
snprintf(logString,256 - 1,"[%u] [VERB] ss5_secure_dh_compute_key - Error when compute a, p, g",pid);
|
|
LOGUPDATE()
|
|
}
|
|
+ BN_free(a);
|
|
+ BN_free(g);
|
|
+ BN_free(p);
|
|
+ DH_free(ss);
|
|
return NULL;
|
|
}
|
|
do {
|
|
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
|
|
+ if (DH_get0_pub_key(ss)) {
|
|
+ BN_free(DH_get0_pub_key(ss));
|
|
+ BN_free(DH_get0_priv_key(ss));
|
|
+#else
|
|
if (ss->pub_key){
|
|
BN_free(ss->pub_key);
|
|
BN_free(ss->priv_key);
|
|
+#endif
|
|
}
|
|
if ( DH_generate_key(ss) == 0){
|
|
if( VERBOSE() ) {
|
|
snprintf(logString,256 - 1,"[%u] [VERB] ss5_secure_dh_compute_key - Error when compute the keys",pid);
|
|
LOGUPDATE()
|
|
}
|
|
+ BN_free(a);
|
|
+ BN_free(g);
|
|
+ BN_free(p);
|
|
+ DH_free(ss);
|
|
return NULL;
|
|
}
|
|
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
|
|
+ } while (BN_is_negative(DH_get0_pub_key(ss)));
|
|
+
|
|
+ len_key = BN_num_bytes(DH_get0_pub_key(ss));
|
|
+#else
|
|
}while(ss->pub_key->neg);
|
|
|
|
len_key = BN_num_bytes(ss->pub_key);
|
|
+#endif
|
|
public_key = malloc(len_key);
|
|
if (!public_key){
|
|
if( VERBOSE() ) {
|
|
snprintf(logString,256 - 1,"[%u] [VERB] ss5_secure_dh_compute_key - malloc error",pid);
|
|
LOGUPDATE()
|
|
}
|
|
+ BN_free(a);
|
|
+ BN_free(g);
|
|
+ BN_free(p);
|
|
+ DH_free(ss);
|
|
return NULL;
|
|
}
|
|
|
|
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
|
|
+ BN_bn2bin (DH_get0_pub_key(ss), public_key);
|
|
+#else
|
|
BN_bn2bin (ss->pub_key, public_key);
|
|
+#endif
|
|
ss5_create_dh_response(s, public_key, len_key);
|
|
#if 0
|
|
printf("B computed: len is %d\n",len_key);
|
|
@@ -256,6 +291,10 @@ static unsigned char * ss5_secure_dh_compute_key (int
|
|
snprintf(logString,256 - 1,"[%u] [VERB] ss5_secure_dh_compute_key - malloc error",pid);
|
|
LOGUPDATE()
|
|
}
|
|
+ BN_free(a);
|
|
+ BN_free(g);
|
|
+ BN_free(p);
|
|
+ DH_free(ss);
|
|
return NULL;
|
|
}
|
|
bzero(session_key, DH_size (ss));
|
|
@@ -266,6 +305,10 @@ static unsigned char * ss5_secure_dh_compute_key (int
|
|
printf("%02x ", session_key[len]);
|
|
printf("\n");
|
|
#endif
|
|
+ BN_free(a);
|
|
+ BN_free(g);
|
|
+ BN_free(p);
|
|
+ DH_free(ss);
|
|
return session_key;
|
|
}
|
|
|