-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
+
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECC cipher suite support in OpenSSL originally developed by
#endif
#include "s_apps.h"
#include "timeouts.h"
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
static int not_resumable_sess_cb(SSL *s, int is_forward_secure);
static int sv_body(int s, int stype, unsigned char *context);
static unsigned int split_send_fragment = 0;
static unsigned int max_pipelines = 0;
-#ifndef OPENSSL_NO_ENGINE
-static char *engine_id = NULL;
-#endif
static const char *session_id_prefix = NULL;
#ifndef OPENSSL_NO_DTLS
unsigned char *psk,
unsigned int max_psk_len)
{
- unsigned int psk_len = 0;
- int ret;
- BIGNUM *bn = NULL;
+ long key_len = 0;
+ unsigned char *key;
if (s_debug)
BIO_printf(bio_s_out, "psk_server_cb\n");
BIO_printf(bio_s_out, "PSK client identity found\n");
/* convert the PSK key to binary */
- ret = BN_hex2bn(&bn, psk_key);
- if (!ret) {
- BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
+ key = OPENSSL_hexstr2buf(psk_key, &key_len);
+ if (key == NULL) {
+ BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n",
psk_key);
- BN_free(bn);
return 0;
}
- if (BN_num_bytes(bn) > (int)max_psk_len) {
+ if (key_len > (int)max_psk_len) {
BIO_printf(bio_err,
- "psk buffer of callback is too small (%d) for key (%d)\n",
- max_psk_len, BN_num_bytes(bn));
- BN_free(bn);
+ "psk buffer of callback is too small (%d) for key (%ld)\n",
+ max_psk_len, key_len);
+ OPENSSL_free(key);
return 0;
}
- ret = BN_bn2bin(bn, psk);
- BN_free(bn);
-
- if (ret < 0)
- goto out_err;
- psk_len = (unsigned int)ret;
+ memcpy(psk, key, key_len);
+ OPENSSL_free(key);
if (s_debug)
- BIO_printf(bio_s_out, "fetched PSK len=%d\n", psk_len);
- return psk_len;
+ BIO_printf(bio_s_out, "fetched PSK len=%ld\n", key_len);
+ return key_len;
out_err:
if (s_debug)
BIO_printf(bio_err, "Error in PSK server callback\n");
async = 0;
split_send_fragment = 0;
max_pipelines = 0;
-#ifndef OPENSSL_NO_ENGINE
- engine_id = NULL;
-#endif
}
static int local_argc = 0;
static int ebcdic_puts(BIO *bp, const char *str);
# define BIO_TYPE_EBCDIC_FILTER (18|0x0200)
-static const BIO_METHOD methods_ebcdic = {
- BIO_TYPE_EBCDIC_FILTER,
- "EBCDIC/ASCII filter",
- ebcdic_write,
- ebcdic_read,
- ebcdic_puts,
- ebcdic_gets,
- ebcdic_ctrl,
- ebcdic_new,
- ebcdic_free,
-};
+static BIO_METHOD *methods_ebcdic = NULL;
/* This struct is "unwarranted chumminess with the compiler." */
typedef struct {
char buff[1];
} EBCDIC_OUTBUFF;
-const BIO_METHOD *BIO_f_ebcdic_filter()
+static const BIO_METHOD *BIO_f_ebcdic_filter()
{
- return (&methods_ebcdic);
+ if (methods_ebcdic == NULL) {
+ methods_ebcdic = BIO_meth_new(BIO_TYPE_EBCDIC_FILTER,
+ "EBCDIC/ASCII filter");
+ if ( methods_ebcdic == NULL
+ || !BIO_meth_set_write(methods_ebcdic, ebcdic_write)
+ || !BIO_meth_set_read(methods_ebcdic, ebcdic_read)
+ || !BIO_meth_set_puts(methods_ebcdic, ebcdic_puts)
+ || !BIO_meth_set_gets(methods_ebcdic, ebcdic_gets)
+ || !BIO_meth_set_ctrl(methods_ebcdic, ebcdic_ctrl)
+ || !BIO_meth_set_create(methods_ebcdic, ebcdic_new)
+ || !BIO_meth_set_destroy(methods_ebcdic, ebcdic_free))
+ return NULL;
+ }
+ return methods_ebcdic;
}
static int ebcdic_new(BIO *bi)
wbuf->alloced = 1024;
wbuf->buff[0] = '\0';
- bi->ptr = (char *)wbuf;
- bi->init = 1;
- bi->flags = 0;
- return (1);
+ BIO_set_data(bi, wbuf);
+ BIO_set_init(bi, 1);
+ return 1;
}
static int ebcdic_free(BIO *a)
{
+ EBCDIC_OUTBUFF *wbuf;
+
if (a == NULL)
- return (0);
- OPENSSL_free(a->ptr);
- a->ptr = NULL;
- a->init = 0;
- a->flags = 0;
- return (1);
+ return 0;
+ wbuf = BIO_get_data(a);
+ OPENSSL_free(wbuf);
+ BIO_set_data(a, NULL);
+ BIO_set_init(a, 0);
+
+ return 1;
}
static int ebcdic_read(BIO *b, char *out, int outl)
{
int ret = 0;
+ BIO *next = BIO_next(b);
if (out == NULL || outl == 0)
return (0);
- if (b->next_bio == NULL)
+ if (next == NULL)
return (0);
- ret = BIO_read(b->next_bio, out, outl);
+ ret = BIO_read(next, out, outl);
if (ret > 0)
ascii2ebcdic(out, out, ret);
- return (ret);
+ return ret;
}
static int ebcdic_write(BIO *b, const char *in, int inl)
{
EBCDIC_OUTBUFF *wbuf;
+ BIO *next = BIO_next(b);
int ret = 0;
int num;
- unsigned char n;
if ((in == NULL) || (inl <= 0))
return (0);
- if (b->next_bio == NULL)
- return (0);
+ if (next == NULL)
+ return 0;
- wbuf = (EBCDIC_OUTBUFF *) b->ptr;
+ wbuf = (EBCDIC_OUTBUFF *) BIO_get_data(b);
if (inl > (num = wbuf->alloced)) {
num = num + num; /* double the size */
if (num < inl)
num = inl;
+ OPENSSL_free(wbuf);
wbuf = app_malloc(sizeof(*wbuf) + num, "grow ebcdic wbuf");
- OPENSSL_free(b->ptr);
wbuf->alloced = num;
wbuf->buff[0] = '\0';
- b->ptr = (char *)wbuf;
+ BIO_set_data(b, wbuf);
}
ebcdic2ascii(wbuf->buff, in, inl);
- ret = BIO_write(b->next_bio, wbuf->buff, inl);
+ ret = BIO_write(next, wbuf->buff, inl);
return (ret);
}
static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
{
long ret;
+ BIO *next = BIO_next(b);
- if (b->next_bio == NULL)
+ if (next == NULL)
return (0);
switch (cmd) {
case BIO_CTRL_DUP:
ret = 0L;
break;
default:
- ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ ret = BIO_ctrl(next, cmd, num, ptr);
break;
}
return (ret);
static int ebcdic_gets(BIO *bp, char *buf, int size)
{
int i, ret = 0;
- if (bp->next_bio == NULL)
- return (0);
+ BIO *next = BIO_next(bp);
+
+ if (next == NULL)
+ return 0;
/* return(BIO_gets(bp->next_bio,buf,size));*/
for (i = 0; i < size - 1; ++i) {
ret = ebcdic_read(bp, &buf[i], 1);
static int ebcdic_puts(BIO *bp, const char *str)
{
- if (bp->next_bio == NULL)
- return (0);
+ if (BIO_next(bp) == NULL)
+ return 0;
return ebcdic_write(bp, str, strlen(str));
}
#endif
int rspderlen;
STACK_OF(OPENSSL_STRING) *aia = NULL;
X509 *x = NULL;
- X509_STORE_CTX inctx;
- X509_OBJECT obj;
+ X509_STORE_CTX *inctx = NULL;
+ X509_OBJECT *obj;
OCSP_REQUEST *req = NULL;
OCSP_RESPONSE *resp = NULL;
OCSP_CERTID *id = NULL;
use_ssl = srctx->use_ssl;
}
- if (!X509_STORE_CTX_init(&inctx,
+ inctx = X509_STORE_CTX_new();
+ if (inctx == NULL)
+ goto err;
+ if (!X509_STORE_CTX_init(inctx,
SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)),
NULL, NULL))
goto err;
- if (X509_STORE_get_by_subject(&inctx, X509_LU_X509,
- X509_get_issuer_name(x), &obj) <= 0) {
+ obj = X509_STORE_CTX_get_obj_by_subject(inctx, X509_LU_X509,
+ X509_get_issuer_name(x));
+ if (obj == NULL) {
BIO_puts(bio_err, "cert_status: Can't retrieve issuer certificate.\n");
- X509_STORE_CTX_cleanup(&inctx);
goto done;
}
+ id = OCSP_cert_to_id(NULL, x, X509_OBJECT_get0_X509(obj));
+ X509_OBJECT_free(obj);
+ if (!id)
+ goto err;
req = OCSP_REQUEST_new();
if (req == NULL)
goto err;
- id = OCSP_cert_to_id(NULL, x, obj.data.x509);
- X509_free(obj.data.x509);
- X509_STORE_CTX_cleanup(&inctx);
- if (!id)
- goto err;
if (!OCSP_request_add0_id(req, id))
goto err;
id = NULL;
OCSP_RESPONSE_print(bio_err, resp, 2);
}
ret = SSL_TLSEXT_ERR_OK;
+ goto done;
+
+ err:
+ ret = SSL_TLSEXT_ERR_ALERT_FATAL;
done:
if (ret != SSL_TLSEXT_ERR_OK)
ERR_print_errors(bio_err);
OCSP_CERTID_free(id);
OCSP_REQUEST_free(req);
OCSP_RESPONSE_free(resp);
+ X509_STORE_CTX_free(inctx);
return ret;
- err:
- ret = SSL_TLSEXT_ERR_ALERT_FATAL;
- goto done;
}
#endif
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
- {NULL}
+ {NULL, OPT_EOF, 0, NULL}
};
int s_server_main(int argc, char *argv[])
{
- ENGINE *e = NULL;
+ ENGINE *engine = NULL;
EVP_PKEY *s_key = NULL, *s_dkey = NULL;
SSL_CONF_CTX *cctx = NULL;
const SSL_METHOD *meth = TLS_server_method();
session_id_prefix = opt_arg();
break;
case OPT_ENGINE:
- e = setup_engine(opt_arg(), 1);
+ engine = setup_engine(opt_arg(), 1);
break;
case OPT_RAND:
inrand = opt_arg();
goto end;
if (nocert == 0) {
- s_key = load_key(s_key_file, s_key_format, 0, pass, e,
+ s_key = load_key(s_key_file, s_key_format, 0, pass, engine,
"server certificate private key file");
if (!s_key) {
ERR_print_errors(bio_err);
}
if (tlsextcbp.servername) {
- s_key2 = load_key(s_key_file2, s_key_format, 0, pass, e,
+ s_key2 = load_key(s_key_file2, s_key_format, 0, pass, engine,
"second server certificate private key file");
if (!s_key2) {
ERR_print_errors(bio_err);
s_dkey_file = s_dcert_file;
s_dkey = load_key(s_dkey_file, s_dkey_format,
- 0, dpass, e, "second certificate private key file");
+ 0, dpass, engine, "second certificate private key file");
if (!s_dkey) {
ERR_print_errors(bio_err);
goto end;
if (async)
SSL_CTX_set_mode(ctx2, SSL_MODE_ASYNC);
- if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) ||
- (!SSL_CTX_set_default_verify_paths(ctx2))) {
+ if (!ctx_set_verify_locations(ctx2, CAfile, CApath, noCAfile,
+ noCApath)) {
ERR_print_errors(bio_err);
+ goto end;
}
if (vpmtouched && !SSL_CTX_set1_param(ctx2, vpm)) {
BIO_printf(bio_err, "Error setting verify params\n");
bio_s_out = NULL;
BIO_free(bio_s_msg);
bio_s_msg = NULL;
+#ifdef CHARSET_EBCDIC
+ BIO_meth_free(methods_ebcdic);
+#endif
return (ret);
}
tv.tv_sec = 1;
tv.tv_usec = 0;
i = select(width, (void *)&readfds, NULL, NULL, &tv);
- if ((i < 0) || (!i && !_kbhit()))
- continue;
- if (_kbhit())
+ if (has_stdin_waiting())
read_from_terminal = 1;
+ if ((i < 0) || (!i && !read_from_terminal))
+ continue;
#else
if ((SSL_version(con) == DTLS1_VERSION) &&
DTLSv1_get_timeout(con, &timeout))
break;
case SSL_ERROR_WANT_ASYNC:
BIO_printf(bio_s_out, "Write BLOCK (Async)\n");
+ (void)BIO_flush(bio_s_out);
wait_for_async(con);
break;
case SSL_ERROR_WANT_WRITE:
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_X509_LOOKUP:
BIO_printf(bio_s_out, "Write BLOCK\n");
+ (void)BIO_flush(bio_s_out);
break;
+ case SSL_ERROR_WANT_ASYNC_JOB:
+ /*
+ * This shouldn't ever happen in s_server. Treat as an error
+ */
case SSL_ERROR_SYSCALL:
case SSL_ERROR_SSL:
BIO_printf(bio_s_out, "ERROR\n");
ascii2ebcdic(buf, buf, i);
#endif
raw_write_stdout(buf, (unsigned int)i);
+ (void)BIO_flush(bio_s_out);
if (SSL_has_pending(con))
goto again;
break;
case SSL_ERROR_WANT_ASYNC:
BIO_printf(bio_s_out, "Read BLOCK (Async)\n");
+ (void)BIO_flush(bio_s_out);
wait_for_async(con);
break;
case SSL_ERROR_WANT_WRITE:
case SSL_ERROR_WANT_READ:
BIO_printf(bio_s_out, "Read BLOCK\n");
+ (void)BIO_flush(bio_s_out);
break;
+ case SSL_ERROR_WANT_ASYNC_JOB:
+ /*
+ * This shouldn't ever happen in s_server. Treat as an error
+ */
case SSL_ERROR_SYSCALL:
case SSL_ERROR_SSL:
BIO_printf(bio_s_out, "ERROR\n");
unsigned next_proto_neg_len;
#endif
unsigned char *exportedkeymat;
+ int retry = 0;
#ifndef OPENSSL_NO_DTLS
if(dtlslisten) {
BIO_ADDR_free(client);
dtlslisten = 0;
i = SSL_accept(con);
+ } else {
+ BIO_ADDR_free(client);
}
} else
#endif
do {
i = SSL_accept(con);
+ if (i <= 0)
+ retry = BIO_sock_should_retry(i);
#ifdef CERT_CB_TEST_RETRY
{
while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP
BIO_printf(bio_err,
"LOOKUP from certificate callback during accept\n");
i = SSL_accept(con);
+ if (i <= 0)
+ retry = BIO_sock_should_retry(i);
}
}
#endif
else
BIO_printf(bio_s_out, "LOOKUP not successful\n");
i = SSL_accept(con);
+ if (i <= 0)
+ retry = BIO_sock_should_retry(i);
}
#endif
} while (i < 0 && SSL_waiting_for_async(con));
if (i <= 0) {
if ((dtlslisten && i == 0)
- || (!dtlslisten && BIO_sock_should_retry(i))) {
+ || (!dtlslisten && retry)) {
BIO_printf(bio_s_out, "DELAY\n");
return (1);
}
OPENSSL_free(exportedkeymat);
}
+ (void)BIO_flush(bio_s_out);
return (1);
}
first = NULL;
}
-#endif
+#endif /* OPENSSL_NO_SOCK */