Update of linux-ppc. Contributed by MATSUURA Takanori

[openssl.git] / apps / s_server.c

diff --git a/apps/s_server.c b/apps/s_server.c
index af19b89227a0140454d32afe88d66cb58dab46ce..1a9ce281c3bf63ef07d6ce42ade15b206164aad6 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -83,6 +83,7 @@ typedef unsigned int u_int;
 #include <openssl/pem.h>
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
+#include <openssl/engine.h>
 #include "s_apps.h"
 
 #ifdef WINDOWS
@@ -176,6 +177,7 @@ static int s_debug=0;
 static int s_quiet=0;
 
 static int hack=0;
+static char *engine_id=NULL;
 
 #ifdef MONOLITH
 static void s_server_init(void)
@@ -198,6 +200,7 @@ static void s_server_init(void)
        s_debug=0;
        s_quiet=0;
        hack=0;
+       engine_id=NULL;
        }
 #endif
 
@@ -228,6 +231,7 @@ static void sv_usage(void)
        BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
        BIO_printf(bio_err," -nocert       - Don't use any certificates (Anon-DH)\n");
        BIO_printf(bio_err," -cipher arg   - play with 'openssl ciphers' to see what goes here\n");
+       BIO_printf(bio_err," -serverpref   - Use server's cipher preferences\n");
        BIO_printf(bio_err," -quiet        - No server output\n");
        BIO_printf(bio_err," -no_tmp_rsa   - Do not generate a tmp RSA key\n");
        BIO_printf(bio_err," -ssl2         - Just talk SSLv2\n");
@@ -242,6 +246,7 @@ static void sv_usage(void)
        BIO_printf(bio_err," -bugs         - Turn on SSL bug compatibility\n");
        BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
        BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
+       BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
        }
 
 static int local_argc=0;
@@ -285,7 +290,7 @@ static int ebcdic_new(BIO *bi)
 {
        EBCDIC_OUTBUFF *wbuf;
 
-       wbuf = (EBCDIC_OUTBUFF *)Malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
+       wbuf = (EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
        wbuf->alloced = 1024;
        wbuf->buff[0] = '\0';
 
@@ -299,7 +304,7 @@ static int ebcdic_free(BIO *a)
 {
        if (a == NULL) return(0);
        if (a->ptr != NULL)
-               Free(a->ptr);
+               OPENSSL_free(a->ptr);
        a->ptr=NULL;
        a->init=0;
        a->flags=0;
@@ -336,8 +341,8 @@ static int ebcdic_write(BIO *b, char *in, int inl)
                num = num + num;  /* double the size */
                if (num < inl)
                        num = inl;
-               Free(wbuf);
-               wbuf=(EBCDIC_OUTBUFF *)Malloc(sizeof(EBCDIC_OUTBUFF) + num);
+               OPENSSL_free(wbuf);
+               wbuf=(EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num);
 
                wbuf->alloced = num;
                wbuf->buff[0] = '\0';
@@ -411,9 +416,7 @@ int MAIN(int argc, char *argv[])
        int no_tmp_rsa=0,no_dhe=0,nocert=0;
        int state=0;
        SSL_METHOD *meth=NULL;
-#ifndef NO_DH
-       DH *dh=NULL;
-#endif
+       ENGINE *e=NULL;
 
 #if !defined(NO_SSL2) && !defined(NO_SSL3)
        meth=SSLv23_server_method();
@@ -506,6 +509,8 @@ int MAIN(int argc, char *argv[])
                        if (--argc < 1) goto bad;
                        CApath= *(++argv);
                        }
+               else if (strcmp(*argv,"-serverpref") == 0)
+                       { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }
                else if (strcmp(*argv,"-cipher") == 0)
                        {
                        if (--argc < 1) goto bad;
@@ -565,6 +570,11 @@ int MAIN(int argc, char *argv[])
                else if (strcmp(*argv,"-tls1") == 0)
                        { meth=TLSv1_server_method(); }
 #endif
+               else if (strcmp(*argv,"-engine") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       engine_id= *(++argv);
+                       }
                else
                        {
                        BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -609,6 +619,29 @@ bad:
        SSL_load_error_strings();
        OpenSSL_add_ssl_algorithms();
 
+       if (engine_id != NULL)
+               {
+               if((e = ENGINE_by_id(engine_id)) == NULL)
+                       {
+                       BIO_printf(bio_err,"invalid engine\n");
+                       ERR_print_errors(bio_err);
+                       goto end;
+                       }
+               if (s_debug)
+                       {
+                       ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
+                               0, bio_err, 0);
+                       }
+               if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+                       {
+                       BIO_printf(bio_err,"can't use that engine\n");
+                       ERR_print_errors(bio_err);
+                       goto end;
+                       }
+               BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
+               ENGINE_free(e);
+               }
+
        ctx=SSL_CTX_new(meth);
        if (ctx == NULL)
                {
@@ -649,7 +682,13 @@ bad:
 #ifndef NO_DH
        if (!no_dhe)
                {
-               dh=load_dh_param(dhfile ? dhfile : s_cert_file);
+               DH *dh=NULL;
+
+               if (dhfile)
+                       dh = load_dh_param(dhfile);
+               else if (s_cert_file)
+                       dh = load_dh_param(s_cert_file);
+
                if (dh != NULL)
                        {
                        BIO_printf(bio_s_out,"Setting temp DH parameters\n");
@@ -766,7 +805,7 @@ static int sv_body(char *hostname, int s, unsigned char *context)
        struct timeval tv;
 #endif
 
-       if ((buf=Malloc(bufsize)) == NULL)
+       if ((buf=OPENSSL_malloc(bufsize)) == NULL)
                {
                BIO_printf(bio_err,"out of memory\n");
                goto err;
@@ -785,6 +824,13 @@ static int sv_body(char *hostname, int s, unsigned char *context)
 
        if (con == NULL) {
                con=SSL_new(ctx);
+#ifndef NO_KRB5
+               if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
+                        {
+                        kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC);
+                        kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB);
+                        }
+#endif /* NO_KRB5 */
                if(context)
                      SSL_set_session_id_context(con, context,
                                                 strlen((char *)context));
@@ -1028,7 +1074,7 @@ err:
        if (buf != NULL)
                {
                memset(buf,0,bufsize);
-               Free(buf);
+               OPENSSL_free(buf);
                }
        if (ret >= 0)
                BIO_printf(bio_s_out,"ACCEPT\n");
@@ -1145,7 +1191,7 @@ static int www_body(char *hostname, int s, unsigned char *context)
        BIO *io,*ssl_bio,*sbio;
        long total_bytes;
 
-       buf=Malloc(bufsize);
+       buf=OPENSSL_malloc(bufsize);
        if (buf == NULL) return(0);
        io=BIO_new(BIO_f_buffer());
        ssl_bio=BIO_new(BIO_f_ssl());
@@ -1474,7 +1520,7 @@ err:
        if (ret >= 0)
                BIO_printf(bio_s_out,"ACCEPT\n");
 
-       if (buf != NULL) Free(buf);
+       if (buf != NULL) OPENSSL_free(buf);
        if (io != NULL) BIO_free_all(io);
 /*     if (ssl_bio != NULL) BIO_free(ssl_bio);*/
        return(ret);