[openssl] master update

tomas at openssl.org tomas at openssl.org
Mon Oct 4 08:56:15 UTC 2021


The branch master has been updated
       via  34901b0c39ed8fe7ddb81de4ad9fc0a7b2c45a0d (commit)
       via  2342d9b650ed3dafd65b7edadbe805e04a4966ba (commit)
       via  dce910af3bb135bd6d7c5a4cc512043b3ad4acc1 (commit)
      from  19e277dd19f2897f6a7b7eb236abe46655e575bf (commit)


- Log -----------------------------------------------------------------
commit 34901b0c39ed8fe7ddb81de4ad9fc0a7b2c45a0d
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Thu Sep 30 11:12:49 2021 +0200

    BIO_f_ssl.pod: Make clear where an SSL BIOs are expected as an argument
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16688)

commit 2342d9b650ed3dafd65b7edadbe805e04a4966ba
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Wed Sep 29 10:46:23 2021 +0200

    apps/lib/s_socket.c: Fix mem leak on host name in init_client()
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16688)

commit dce910af3bb135bd6d7c5a4cc512043b3ad4acc1
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Mon Sep 27 14:22:40 2021 +0200

    Fix ssl_free() and thus BIO_free() to respect BIO_NOCLOSE
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16688)

-----------------------------------------------------------------------

Summary of changes:
 apps/lib/s_socket.c    |  5 ++++-
 doc/man3/BIO_f_ssl.pod | 19 +++++++++----------
 ssl/bio_ssl.c          |  7 +++----
 3 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/apps/lib/s_socket.c b/apps/lib/s_socket.c
index 1dd30ac724..4e262e681d 100644
--- a/apps/lib/s_socket.c
+++ b/apps/lib/s_socket.c
@@ -82,6 +82,7 @@ int init_client(int *sock, const char *host, const char *port,
     BIO_ADDRINFO *bindaddr = NULL;
     const BIO_ADDRINFO *ai = NULL;
     const BIO_ADDRINFO *bi = NULL;
+    char *hostname = NULL;
     int found = 0;
     int ret;
 
@@ -172,7 +173,9 @@ int init_client(int *sock, const char *host, const char *port,
         break;
     }
 
-    BIO_printf(bio_out, "Connecting to %s\n", BIO_ADDR_hostname_string(BIO_ADDRINFO_address(ai), 1));
+    hostname = BIO_ADDR_hostname_string(BIO_ADDRINFO_address(ai), 1);
+    BIO_printf(bio_out, "Connecting to %s\n", hostname);
+    OPENSSL_free(hostname);
 
     if (*sock == INVALID_SOCKET) {
         if (bindaddr != NULL && !found) {
diff --git a/doc/man3/BIO_f_ssl.pod b/doc/man3/BIO_f_ssl.pod
index 36ddf705d2..c6dc53c105 100644
--- a/doc/man3/BIO_f_ssl.pod
+++ b/doc/man3/BIO_f_ssl.pod
@@ -54,26 +54,26 @@ The SSL BIO is then reset to the initial accept or connect state.
 If the close flag is set when an SSL BIO is freed then the internal
 SSL structure is also freed using SSL_free().
 
-BIO_set_ssl() sets the internal SSL pointer of BIO B<b> to B<ssl> using
+BIO_set_ssl() sets the internal SSL pointer of SSL BIO B<b> to B<ssl> using
 the close flag B<c>.
 
-BIO_get_ssl() retrieves the SSL pointer of BIO B<b>, it can then be
+BIO_get_ssl() retrieves the SSL pointer of SSL BIO B<b>, it can then be
 manipulated using the standard SSL library functions.
 
 BIO_set_ssl_mode() sets the SSL BIO mode to B<client>. If B<client>
 is 1 client mode is set. If B<client> is 0 server mode is set.
 
-BIO_set_ssl_renegotiate_bytes() sets the renegotiate byte count
+BIO_set_ssl_renegotiate_bytes() sets the renegotiate byte count of SSL BIO B<b>
 to B<num>. When set after every B<num> bytes of I/O (read and write)
 the SSL session is automatically renegotiated. B<num> must be at
 least 512 bytes.
 
-BIO_set_ssl_renegotiate_timeout() sets the renegotiate timeout to
-B<seconds>. When the renegotiate timeout elapses the session is
-automatically renegotiated.
+BIO_set_ssl_renegotiate_timeout() sets the renegotiate timeout of SSL BIO B<b>
+to B<seconds>.
+When the renegotiate timeout elapses the session is automatically renegotiated.
 
 BIO_get_num_renegotiates() returns the total number of session
-renegotiations due to I/O or timeout.
+renegotiations due to I/O or timeout of SSL BIO B<b>.
 
 BIO_new_ssl() allocates an SSL BIO using SSL_CTX B<ctx> and using
 client mode if B<client> is non zero.
@@ -82,8 +82,7 @@ BIO_new_ssl_connect() creates a new BIO chain consisting of an
 SSL BIO (using B<ctx>) followed by a connect BIO.
 
 BIO_new_buffer_ssl_connect() creates a new BIO chain consisting
-of a buffering BIO, an SSL BIO (using B<ctx>) and a connect
-BIO.
+of a buffering BIO, an SSL BIO (using B<ctx>), and a connect BIO.
 
 BIO_ssl_copy_session_id() copies an SSL session id between
 BIO chains B<from> and B<to>. It does this by locating the
@@ -96,7 +95,7 @@ chain and calling SSL_shutdown() on its internal SSL
 pointer.
 
 BIO_do_handshake() attempts to complete an SSL handshake on the
--supplied BIO and establish the SSL connection.
+supplied BIO and establish the SSL connection.
 For non-SSL BIOs the connection is done typically at TCP level.
 If domain name resolution yields multiple IP addresses all of them are tried
 after connect() failures.
diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c
index 43747785f0..401178f0c2 100644
--- a/ssl/bio_ssl.c
+++ b/ssl/bio_ssl.c
@@ -76,13 +76,12 @@ static int ssl_free(BIO *a)
     if (a == NULL)
         return 0;
     bs = BIO_get_data(a);
-    if (bs->ssl != NULL)
-        SSL_shutdown(bs->ssl);
     if (BIO_get_shutdown(a)) {
+        if (bs->ssl != NULL)
+            SSL_shutdown(bs->ssl);
         if (BIO_get_init(a))
             SSL_free(bs->ssl);
-        /* Clear all flags */
-        BIO_clear_flags(a, ~0);
+        BIO_clear_flags(a, ~0); /* Clear all flags */
         BIO_set_init(a, 0);
     }
     OPENSSL_free(bs);


More information about the openssl-commits mailing list