Plug SSL object leaks in doConnection().

Move SSL_new/SSL_free up into benchmark() to restrict the responsibility for the SSL object to a single scope. Make doConnection() return an int, openssl-style. Some miscellaneous cleanup, too. Discussed with tb, jsing, and jca. Basic idea from jsing, lots of patch input from tb. ok deraadt on an earlier version ok tb jsing
author: cheloha <> 2018-08-18 16:51:33 +0000
committer: cheloha <> 2018-08-18 16:51:33 +0000
commit: 83f2b9b68121e0c76fbc778d117a4ad419f55325 (patch)
tree: c2c29ee8f90fe023fea074d37f905b3962fd9848 /src/usr.bin
parent: d6a8b0acaadc0a7746d7127fd00ce6548200c135 (diff)
download: openbsd-83f2b9b68121e0c76fbc778d117a4ad419f55325.tar.gz
openbsd-83f2b9b68121e0c76fbc778d117a4ad419f55325.tar.bz2
openbsd-83f2b9b68121e0c76fbc778d117a4ad419f55325.zip
1 files changed, 22 insertions, 32 deletions
diff --git a/src/usr.bin/openssl/s_time.c b/src/usr.bin/openssl/s_time.c
index ef96fd59a7..735e73f78c 100644
--- a/src/usr.bin/openssl/s_time.c
+++ b/src/usr.bin/openssl/s_time.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_time.c,v 1.26 2018/08/14 15:25:04 cheloha Exp $ */
+/* $OpenBSD: s_time.c,v 1.27 2018/08/18 16:51:33 cheloha Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -90,7 +90,7 @@
 extern int verify_depth;
 static void s_time_usage(void);
-static SSL *doConnection(SSL * scon);
+static int doConnection(SSL *);
 static int benchmark(int);
 static SSL_CTX *tm_ctx = NULL;
@@ -345,42 +345,28 @@ s_time_main(int argc, char **argv)
 /***********************************************************************
 * doConnection - make a connection
 * Args:
- *              scon    = earlier ssl connection for session id, or NULL
+ *              scon    = SSL connection
 * Returns:
- *              SSL *   = the connection pointer.
+ *              1 on success, 0 on error
 */
-static SSL *
+static int
-doConnection(SSL * scon)
+doConnection(SSL *scon)
 {
        struct pollfd pfd[1];
-        SSL *serverCon;
        BIO *conn;
        long verify_error;
        int i;
        if ((conn = BIO_new(BIO_s_connect())) == NULL)
-                return (NULL);
+                return 0;
-/*      BIO_set_conn_port(conn,port);*/
        BIO_set_conn_hostname(conn, s_time_config.host);
+        SSL_set_connect_state(scon);
-        if (scon == NULL)
+        SSL_set_bio(scon, conn, conn);
-                serverCon = SSL_new(tm_ctx);
-        else {
-                serverCon = scon;
-                SSL_set_connect_state(serverCon);
-        }
-        SSL_set_bio(serverCon, conn, conn);
-        /* ok, lets connect */
        for (;;) {
-                i = SSL_connect(serverCon);
+                i = SSL_connect(scon);
                if (BIO_sock_should_retry(i)) {
                        BIO_printf(bio_err, "DELAY\n");
+                        pfd[0].fd = SSL_get_fd(scon);
-                        i = SSL_get_fd(serverCon);
-                        pfd[0].fd = i;
                        pfd[0].events = POLLIN;
                        poll(pfd, 1, -1);
                        continue;
@@ -389,17 +375,15 @@ doConnection(SSL * scon)
        }
        if (i <= 0) {
                BIO_printf(bio_err, "ERROR\n");
-                verify_error = SSL_get_verify_result(serverCon);
+                verify_error = SSL_get_verify_result(scon);
                if (verify_error != X509_V_OK)
                        BIO_printf(bio_err, "verify error:%s\n",
                            X509_verify_cert_error_string(verify_error));
                else
                        ERR_print_errors(bio_err);
-                if (scon == NULL)
+                return 0;
-                        SSL_free(serverCon);
-                return NULL;
        }
-        return serverCon;
+        return 1;
 }
 static int
@@ -415,7 +399,9 @@ benchmark(int reuse_session)
        if (reuse_session) {
                /* Get an SSL object so we can reuse the session id */
-                if ((scon = doConnection(NULL)) == NULL) {
+                if ((scon = SSL_new(tm_ctx)) == NULL)
+                        goto end;
+                if (!doConnection(scon)) {
                        fprintf(stderr, "Unable to get connection\n");
                        goto end;
                }
@@ -448,7 +434,11 @@ benchmark(int reuse_session)
        for (;;) {
                if (finishtime < time(NULL))
                        break;
-                if ((scon = doConnection(reuse_session ? scon : NULL)) == NULL)
+                if (scon == NULL) {
+                        if ((scon = SSL_new(tm_ctx)) == NULL)
+                                goto end;
+                }
+                if (!doConnection(scon))
                        goto end;
                if (s_time_config.www_path != NULL) {
author	cheloha <>	2018-08-18 16:51:33 +0000
committer	cheloha <>	2018-08-18 16:51:33 +0000
commit	83f2b9b68121e0c76fbc778d117a4ad419f55325 (patch)
tree	c2c29ee8f90fe023fea074d37f905b3962fd9848 /src/usr.bin
parent	d6a8b0acaadc0a7746d7127fd00ce6548200c135 (diff)
download	openbsd-83f2b9b68121e0c76fbc778d117a4ad419f55325.tar.gz openbsd-83f2b9b68121e0c76fbc778d117a4ad419f55325.tar.bz2 openbsd-83f2b9b68121e0c76fbc778d117a4ad419f55325.zip

diff --git a/src/usr.bin/openssl/s_time.c b/src/usr.bin/openssl/s_time.c index ef96fd59a7..735e73f78c 100644 --- a/src/usr.bin/openssl/s_time.c +++ b/src/usr.bin/openssl/s_time.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s_time.c,v 1.26 2018/08/14 15:25:04 cheloha Exp $ */	1	/* $OpenBSD: s_time.c,v 1.27 2018/08/18 16:51:33 cheloha Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -90,7 +90,7 @@
90	extern int verify_depth;	90	extern int verify_depth;
91		91
92	static void s_time_usage(void);	92	static void s_time_usage(void);
93	static SSL doConnection(SSL scon);	93	static int doConnection(SSL *);
94	static int benchmark(int);	94	static int benchmark(int);
95		95
96	static SSL_CTX *tm_ctx = NULL;	96	static SSL_CTX *tm_ctx = NULL;
@@ -345,42 +345,28 @@ s_time_main(int argc, char **argv)
345	/***********************************************************************	345	/***********************************************************************
346	* doConnection - make a connection	346	* doConnection - make a connection
347	* Args:	347	* Args:
348	* scon = earlier ssl connection for session id, or NULL	348	* scon = SSL connection
349	* Returns:	349	* Returns:
350	* SSL * = the connection pointer.	350	* 1 on success, 0 on error
351	*/	351	*/
352	static SSL *	352	static int
353	doConnection(SSL * scon)	353	doConnection(SSL *scon)
354	{	354	{
355	struct pollfd pfd[1];	355	struct pollfd pfd[1];
356	SSL *serverCon;
357	BIO *conn;	356	BIO *conn;
358	long verify_error;	357	long verify_error;
359	int i;	358	int i;
360		359
361	if ((conn = BIO_new(BIO_s_connect())) == NULL)	360	if ((conn = BIO_new(BIO_s_connect())) == NULL)
362	return (NULL);	361	return 0;
363
364	/* BIO_set_conn_port(conn,port);*/
365	BIO_set_conn_hostname(conn, s_time_config.host);	362	BIO_set_conn_hostname(conn, s_time_config.host);
366		363	SSL_set_connect_state(scon);
367	if (scon == NULL)	364	SSL_set_bio(scon, conn, conn);
368	serverCon = SSL_new(tm_ctx);
369	else {
370	serverCon = scon;
371	SSL_set_connect_state(serverCon);
372	}
373
374	SSL_set_bio(serverCon, conn, conn);
375
376	/* ok, lets connect */
377	for (;;) {	365	for (;;) {
378	i = SSL_connect(serverCon);	366	i = SSL_connect(scon);
379	if (BIO_sock_should_retry(i)) {	367	if (BIO_sock_should_retry(i)) {
380	BIO_printf(bio_err, "DELAY\n");	368	BIO_printf(bio_err, "DELAY\n");
381		369	pfd[0].fd = SSL_get_fd(scon);
382	i = SSL_get_fd(serverCon);
383	pfd[0].fd = i;
384	pfd[0].events = POLLIN;	370	pfd[0].events = POLLIN;
385	poll(pfd, 1, -1);	371	poll(pfd, 1, -1);
386	continue;	372	continue;
@@ -389,17 +375,15 @@ doConnection(SSL * scon)
389	}	375	}
390	if (i <= 0) {	376	if (i <= 0) {
391	BIO_printf(bio_err, "ERROR\n");	377	BIO_printf(bio_err, "ERROR\n");
392	verify_error = SSL_get_verify_result(serverCon);	378	verify_error = SSL_get_verify_result(scon);
393	if (verify_error != X509_V_OK)	379	if (verify_error != X509_V_OK)
394	BIO_printf(bio_err, "verify error:%s\n",	380	BIO_printf(bio_err, "verify error:%s\n",
395	X509_verify_cert_error_string(verify_error));	381	X509_verify_cert_error_string(verify_error));
396	else	382	else
397	ERR_print_errors(bio_err);	383	ERR_print_errors(bio_err);
398	if (scon == NULL)	384	return 0;
399	SSL_free(serverCon);
400	return NULL;
401	}	385	}
402	return serverCon;	386	return 1;
403	}	387	}
404		388
405	static int	389	static int
@@ -415,7 +399,9 @@ benchmark(int reuse_session)
415		399
416	if (reuse_session) {	400	if (reuse_session) {
417	/* Get an SSL object so we can reuse the session id */	401	/* Get an SSL object so we can reuse the session id */
418	if ((scon = doConnection(NULL)) == NULL) {	402	if ((scon = SSL_new(tm_ctx)) == NULL)
		403	goto end;
		404	if (!doConnection(scon)) {
419	fprintf(stderr, "Unable to get connection\n");	405	fprintf(stderr, "Unable to get connection\n");
420	goto end;	406	goto end;
421	}	407	}
@@ -448,7 +434,11 @@ benchmark(int reuse_session)
448	for (;;) {	434	for (;;) {
449	if (finishtime < time(NULL))	435	if (finishtime < time(NULL))
450	break;	436	break;
451	if ((scon = doConnection(reuse_session ? scon : NULL)) == NULL)	437	if (scon == NULL) {
		438	if ((scon = SSL_new(tm_ctx)) == NULL)
		439	goto end;
		440	}
		441	if (!doConnection(scon))
452	goto end;	442	goto end;
453		443
454	if (s_time_config.www_path != NULL) {	444	if (s_time_config.www_path != NULL) {