static int s_server_session_id_context = 1; /* anything will do */
static const char *s_cert_file = TEST_CERT, *s_key_file =
NULL, *s_chain_file = NULL;
+static const char *krb5svc = NULL;
+static const char *krb5tab = NULL;
#ifndef OPENSSL_NO_TLSEXT
static const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL;
#endif
ebcdic_free,
};
+/* This struct is "unwarranted chumminess with the compiler." */
typedef struct {
size_t alloced;
char buff[1];
{
EBCDIC_OUTBUFF *wbuf;
- wbuf = (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
- if (!wbuf)
- return 0;
+ wbuf = app_malloc(sizeof(EBCDIC_OUTBUFF) + 1024, "ebcdef wbuf");
wbuf->alloced = 1024;
wbuf->buff[0] = '\0';
num = num + num; /* double the size */
if (num < inl)
num = inl;
- wbuf = (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num);
- if (!wbuf)
- return 0;
+ wbuf = app_malloc(sizeof(EBCDIC_OUTBUFF) + num, "grow ebcdic wbuf");
OPENSSL_free(b->ptr);
wbuf->alloced = num;
OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
OPT_S_ENUM,
OPT_V_ENUM,
- OPT_X_ENUM
+ OPT_X_ENUM,
+ OPT_KRB5SVC, OPT_KRBTAB
} OPTION_CHOICE;
OPTIONS s_server_options[] = {
{"jpake", OPT_JPAKE, 's', "JPAKE secret to use"},
# endif
#endif
+ {"krb5svc", OPT_KRB5SVC, 's', "Kerberos service name"},
+ {"keytab", OPT_KRBTAB, '<', "Kerberos keytab file"},
#ifndef OPENSSL_NO_SRP
{"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"},
{"srpuserseed", OPT_SRPUSERSEED, 's',
case OPT_JPAKE:
goto opthelp;
#endif
+ case OPT_KRB5SVC:
+ krb5svc = opt_arg();
+ break;
+ case OPT_KRBTAB:
+ krb5tab = opt_arg();
+ break;
case OPT_SRTP_PROFILES:
srtp_profiles = opt_arg();
break;
ctx = SSL_CTX_new(meth);
if (sdebug)
- ssl_ctx_security_debug(ctx, bio_err, sdebug);
+ ssl_ctx_security_debug(ctx, sdebug);
if (ctx == NULL) {
ERR_print_errors(bio_err);
goto end;
BIO_printf(bio_s_out, "Setting secondary ctx parameters\n");
if (sdebug)
- ssl_ctx_security_debug(ctx, bio_err, sdebug);
+ ssl_ctx_security_debug(ctx, sdebug);
if (session_id_prefix) {
if (strlen(session_id_prefix) >= 32)
ret = 0;
end:
SSL_CTX_free(ctx);
- if (s_cert)
- X509_free(s_cert);
- if (crls)
- sk_X509_CRL_pop_free(crls, X509_CRL_free);
- if (s_dcert)
- X509_free(s_dcert);
+ X509_free(s_cert);
+ sk_X509_CRL_pop_free(crls, X509_CRL_free);
+ X509_free(s_dcert);
EVP_PKEY_free(s_key);
EVP_PKEY_free(s_dkey);
- if (s_chain)
- sk_X509_pop_free(s_chain, X509_free);
- if (s_dchain)
- sk_X509_pop_free(s_dchain, X509_free);
+ sk_X509_pop_free(s_chain, X509_free);
+ sk_X509_pop_free(s_dchain, X509_free);
if (pass)
OPENSSL_free(pass);
if (dpass)
OPENSSL_free(dpass);
- if (vpm)
- X509_VERIFY_PARAM_free(vpm);
+ X509_VERIFY_PARAM_free(vpm);
free_sessions();
#ifndef OPENSSL_NO_TLSEXT
if (tlscstatp.host)
OPENSSL_free(tlscstatp.port);
if (tlscstatp.path)
OPENSSL_free(tlscstatp.path);
+ if (ctx2 != NULL)
SSL_CTX_free(ctx2);
- if (s_cert2)
- X509_free(s_cert2);
+ X509_free(s_cert2);
EVP_PKEY_free(s_key2);
BIO_free(serverinfo_in);
# ifndef OPENSSL_NO_NEXTPROTONEG
struct timeval *timeoutp;
#endif
- if ((buf = OPENSSL_malloc(bufsize)) == NULL) {
- BIO_printf(bio_err, "out of memory\n");
- goto err;
- }
+ buf = app_malloc(bufsize, "server buffer");
#ifdef FIONBIO
if (s_nbio) {
unsigned long sl = 1;
}
if (s_brief)
- print_ssl_summary(bio_err, con);
+ print_ssl_summary(con);
PEM_write_bio_SSL_SESSION(bio_s_out, SSL_get_session(con));
BIO_printf(bio_s_out, "Keying material exporter:\n");
BIO_printf(bio_s_out, " Label: '%s'\n", keymatexportlabel);
BIO_printf(bio_s_out, " Length: %i bytes\n", keymatexportlen);
- exportedkeymat = OPENSSL_malloc(keymatexportlen);
- if (exportedkeymat != NULL) {
- if (!SSL_export_keying_material(con, exportedkeymat,
- keymatexportlen,
- keymatexportlabel,
- strlen(keymatexportlabel),
- NULL, 0, 0)) {
- BIO_printf(bio_s_out, " Error\n");
- } else {
- BIO_printf(bio_s_out, " Keying material: ");
- for (i = 0; i < keymatexportlen; i++)
- BIO_printf(bio_s_out, "%02X", exportedkeymat[i]);
- BIO_printf(bio_s_out, "\n");
- }
- OPENSSL_free(exportedkeymat);
+ exportedkeymat = app_malloc(keymatexportlen, "export key");
+ if (!SSL_export_keying_material(con, exportedkeymat,
+ keymatexportlen,
+ keymatexportlabel,
+ strlen(keymatexportlabel),
+ NULL, 0, 0)) {
+ BIO_printf(bio_s_out, " Error\n");
+ } else {
+ BIO_printf(bio_s_out, " Keying material: ");
+ for (i = 0; i < keymatexportlen; i++)
+ BIO_printf(bio_s_out, "%02X", exportedkeymat[i]);
+ BIO_printf(bio_s_out, "\n");
}
+ OPENSSL_free(exportedkeymat);
}
return (1);
int total_bytes = 0;
#endif
- buf = OPENSSL_malloc(bufsize);
- if (buf == NULL)
- return (0);
+ buf = app_malloc(bufsize, "server www buffer");
io = BIO_new(BIO_f_buffer());
ssl_bio = BIO_new(BIO_f_ssl());
if ((io == NULL) || (ssl_bio == NULL))
KSSL_CTX *kctx;
#endif
- buf = OPENSSL_malloc(bufsize);
- if (buf == NULL)
- return (0);
+ buf = app_malloc(bufsize, "server rev buffer");
io = BIO_new(BIO_f_buffer());
ssl_bio = BIO_new(BIO_f_ssl());
if ((io == NULL) || (ssl_bio == NULL))
}
}
BIO_printf(bio_err, "CONNECTION ESTABLISHED\n");
- print_ssl_summary(bio_err, con);
+ print_ssl_summary(con);
for (;;) {
i = BIO_gets(io, buf, bufsize - 1);
static int add_session(SSL *ssl, SSL_SESSION *session)
{
- simple_ssl_session *sess;
+ simple_ssl_session *sess = app_malloc(sizeof *sess, "get session");
unsigned char *p;
- sess = OPENSSL_malloc(sizeof(simple_ssl_session));
- if (!sess) {
- BIO_printf(bio_err, "Out of memory adding to external cache\n");
- return 0;
- }
-
SSL_SESSION_get_id(session, &sess->idlen);
sess->derlen = i2d_SSL_SESSION(session, NULL);
if (sess->derlen < 0) {
}
sess->id = BUF_memdup(SSL_SESSION_get_id(session, NULL), sess->idlen);
- sess->der = OPENSSL_malloc(sess->derlen);
- if (!sess->id || !sess->der) {
+ sess->der = app_malloc(sess->derlen, "get session buffer");
+ if (!sess->id) {
BIO_printf(bio_err, "Out of memory adding to external cache\n");
OPENSSL_free(sess->id);
OPENSSL_free(sess->der);
/* Assume it still works. */
if (i2d_SSL_SESSION(session, &p) != sess->derlen) {
- BIO_printf(bio_err, "Re-encoding session strangeness\n");
+ BIO_printf(bio_err, "Unexpected session encoding length\n");
OPENSSL_free(sess->id);
OPENSSL_free(sess->der);
OPENSSL_free(sess);