typedef unsigned int u_int;
#endif
-#include <openssl/lhash.h>
#include <openssl/bn.h>
-#define USE_SOCKETS
#include "apps.h"
#include <openssl/err.h>
#include <openssl/pem.h>
#ifdef CHARSET_EBCDIC
#include <openssl/ebcdic.h>
#endif
+#include "internal/sockets.h"
static int not_resumable_sess_cb(SSL *s, int is_forward_secure);
static int sv_body(int s, int stype, int prot, unsigned char *context);
static void close_accept_socket(void);
static int init_ssl_connection(SSL *s);
static void print_stats(BIO *bp, SSL_CTX *ctx);
-static int generate_session_id(const SSL *ssl, unsigned char *id,
+static int generate_session_id(SSL *ssl, unsigned char *id,
unsigned int *id_len);
static void init_session_cache_ctx(SSL_CTX *sctx);
static void free_sessions(void);
static int early_data = 0;
static SSL_SESSION *psksess = NULL;
-#ifndef OPENSSL_NO_PSK
static char *psk_identity = "Client_identity";
char *psk_key = NULL; /* by default PSK is not used */
+#ifndef OPENSSL_NO_PSK
static unsigned int psk_server_cb(SSL *ssl, const char *identity,
unsigned char *psk,
unsigned int max_psk_len)
}
if (key_len == EVP_MD_size(EVP_sha256()))
- cipher = SSL_CIPHER_find(ssl, TLS13_AES_128_GCM_SHA256_BYTES);
- else if(key_len == EVP_MD_size(EVP_sha384()))
- cipher = SSL_CIPHER_find(ssl, TLS13_AES_256_GCM_SHA384_BYTES);
+ cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id);
+ else if (key_len == EVP_MD_size(EVP_sha384()))
+ cipher = SSL_CIPHER_find(ssl, tls13_aes256gcmsha384_id);
if (cipher == NULL) {
/* Doesn't look like a suitable TLSv1.3 key. Ignore it */
if (p->login == NULL && p->user == NULL) {
p->login = SSL_get_srp_username(s);
BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
- return (-1);
+ return -1;
}
if (p->user == NULL) {
BIO *next = BIO_next(b);
if (out == NULL || outl == 0)
- return (0);
+ return 0;
if (next == NULL)
- return (0);
+ return 0;
ret = BIO_read(next, out, outl);
if (ret > 0)
int num;
if ((in == NULL) || (inl <= 0))
- return (0);
+ return 0;
if (next == NULL)
return 0;
ret = BIO_write(next, wbuf->buff, inl);
- return (ret);
+ return ret;
}
static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
BIO *next = BIO_next(b);
if (next == NULL)
- return (0);
+ return 0;
switch (cmd) {
case BIO_CTRL_DUP:
ret = 0L;
ret = BIO_ctrl(next, cmd, num, ptr);
break;
}
- return (ret);
+ return ret;
}
static int ebcdic_gets(BIO *bp, char *buf, int size)
{
tlsextctx *p = (tlsextctx *) arg;
const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
- if (servername != NULL && p->biodebug != NULL)
- BIO_printf(p->biodebug, "Hostname in TLS extension: \"%s\"\n",
- servername);
+
+ if (servername != NULL && p->biodebug != NULL) {
+ const char *cp = servername;
+ unsigned char uc;
+
+ BIO_printf(p->biodebug, "Hostname in TLS extension: \"");
+ while ((uc = *cp++) != 0)
+ BIO_printf(p->biodebug,
+ isascii(uc) && isprint(uc) ? "%c" : "\\x%02x", uc);
+ BIO_printf(p->biodebug, "\"\n");
+ }
if (p->servername == NULL)
return SSL_TLSEXT_ERR_NOACK;
OPT_MAX_SEND_FRAG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF,
OPT_SSL3, OPT_TLS1_3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
OPT_DTLS1_2, OPT_SCTP, OPT_TIMEOUT, OPT_MTU, OPT_LISTEN,
- OPT_ID_PREFIX, OPT_RAND, OPT_SERVERNAME, OPT_SERVERNAME_FATAL,
+ OPT_ID_PREFIX, OPT_SERVERNAME, OPT_SERVERNAME_FATAL,
OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN,
OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_EARLY_DATA,
+ OPT_R_ENUM,
OPT_S_ENUM,
OPT_V_ENUM,
OPT_X_ENUM
"PEM serverinfo file for certificate"},
{"certform", OPT_CERTFORM, 'F',
"Certificate format (PEM or DER) PEM default"},
- {"key", OPT_KEY, '<',
+ {"key", OPT_KEY, 's',
"Private Key if not in -cert; default is " TEST_CERT},
{"keyform", OPT_KEYFORM, 'f',
"Key format (PEM, DER or ENGINE) PEM default"},
{"pass", OPT_PASS, 's', "Private key file pass phrase source"},
{"dcert", OPT_DCERT, '<',
"Second certificate file to use (usually for DSA)"},
+ {"dhparam", OPT_DHPARAM, '<', "DH parameters file to use"},
{"dcertform", OPT_DCERTFORM, 'F',
"Second certificate format (PEM or DER) PEM default"},
{"dkey", OPT_DKEY, '<',
{"HTTP", OPT_HTTP, '-', "Like -WWW but ./path includes HTTP headers"},
{"id_prefix", OPT_ID_PREFIX, 's',
"Generate SSL/TLS session IDs prefixed by arg"},
- {"rand", OPT_RAND, 's',
- "Load the file(s) into the random number generator"},
+ OPT_R_OPTIONS,
{"keymatexport", OPT_KEYMATEXPORT, 's',
"Export keying material using label"},
{"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
OPT_V_OPTIONS,
OPT_X_OPTIONS,
{"nbio", OPT_NBIO, '-', "Use non-blocking IO"},
-#ifndef OPENSSL_NO_PSK
{"psk_identity", OPT_PSK_IDENTITY, 's', "PSK identity to expect"},
+#ifndef OPENSSL_NO_PSK
{"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"},
- {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
#endif
+ {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
{"psk_session", OPT_PSK_SESS, '<', "File to read PSK SSL session from"},
#ifndef OPENSSL_NO_SRP
{"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"},
X509 *s_cert = NULL, *s_dcert = NULL;
X509_VERIFY_PARAM *vpm = NULL;
const char *CApath = NULL, *CAfile = NULL, *chCApath = NULL, *chCAfile = NULL;
- char *dpassarg = NULL, *dpass = NULL, *inrand = NULL;
+ char *dpassarg = NULL, *dpass = NULL;
char *passarg = NULL, *pass = NULL, *vfyCApath = NULL, *vfyCAfile = NULL;
char *crl_file = NULL, *prog;
#ifdef AF_UNIX
#ifndef OPENSSL_NO_PSK
/* by default do not send a PSK identity hint */
char *psk_identity_hint = NULL;
- char *p;
#endif
+ char *p;
#ifndef OPENSSL_NO_SRP
char *srpuserseed = NULL;
char *srp_verifier_file = NULL;
no_resume_ephemeral = 1;
break;
case OPT_PSK_IDENTITY:
-#ifndef OPENSSL_NO_PSK
psk_identity = opt_arg();
-#endif
break;
case OPT_PSK_HINT:
#ifndef OPENSSL_NO_PSK
#endif
break;
case OPT_PSK:
-#ifndef OPENSSL_NO_PSK
for (p = psk_key = opt_arg(); *p; p++) {
if (isxdigit(_UC(*p)))
continue;
BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
goto end;
}
-#endif
break;
case OPT_PSK_SESS:
psksessf = opt_arg();
case OPT_ENGINE:
engine = setup_engine(opt_arg(), 1);
break;
- case OPT_RAND:
- inrand = opt_arg();
+ case OPT_R_CASES:
+ if (!opt_rand(o))
+ goto end;
break;
case OPT_SERVERNAME:
tlsextcbp.servername = opt_arg();
}
- if (!app_RAND_load_file(NULL, 1) && inrand == NULL
- && !RAND_status()) {
- BIO_printf(bio_err,
- "warning, not much extra random data, consider using the -rand option\n");
- }
- if (inrand != NULL)
- BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
-
if (bio_s_out == NULL) {
if (s_quiet && !s_debug) {
bio_s_out = BIO_new(BIO_s_null());
ret = 0;
end:
SSL_CTX_free(ctx);
+ SSL_SESSION_free(psksess);
set_keylog_file(NULL, NULL);
X509_free(s_cert);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
#ifdef CHARSET_EBCDIC
BIO_meth_free(methods_ebcdic);
#endif
- return (ret);
+ return ret;
}
static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
BIO_printf(bio_err, "Turned on non blocking io\n");
}
+ con = SSL_new(ctx);
if (con == NULL) {
- con = SSL_new(ctx);
+ ret = -1;
+ goto err;
+ }
- if (s_tlsextdebug) {
- SSL_set_tlsext_debug_callback(con, tlsext_cb);
- SSL_set_tlsext_debug_arg(con, bio_s_out);
- }
+ if (s_tlsextdebug) {
+ SSL_set_tlsext_debug_callback(con, tlsext_cb);
+ SSL_set_tlsext_debug_arg(con, bio_s_out);
+ }
- if (context
- && !SSL_set_session_id_context(con,
- context, strlen((char *)context))) {
- BIO_printf(bio_err, "Error setting session id context\n");
- ret = -1;
- goto err;
- }
+ if (context != NULL
+ && !SSL_set_session_id_context(con, context,
+ strlen((char *)context))) {
+ BIO_printf(bio_err, "Error setting session id context\n");
+ ret = -1;
+ goto err;
}
+
if (!SSL_clear(con)) {
BIO_printf(bio_err, "Error clearing SSL connection\n");
ret = -1;
BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
# ifndef OPENSSL_NO_SCTP
- if (prot != IPPROTO_SCTP) {
+ if (prot != IPPROTO_SCTP)
+# endif
/* Turn on cookie exchange. Not necessary for SCTP */
SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE);
- }
-# endif
} else
#endif
sbio = BIO_new_socket(s, BIO_NOCLOSE);
(void)BIO_flush(bio_s_out);
}
}
- if (write_header)
- BIO_printf(bio_s_out, "No early data received\n");
- else
+ if (write_header) {
+ if (SSL_get_early_data_status(con) == SSL_EARLY_DATA_NOT_SENT)
+ BIO_printf(bio_s_out, "No early data received\n");
+ else
+ BIO_printf(bio_s_out, "Early data was rejected\n");
+ } else {
BIO_printf(bio_s_out, "\nEnd of early data\n");
+ }
if (SSL_is_init_finished(con))
print_connection_info(con);
}
if (ret >= 0)
BIO_printf(bio_s_out, "ACCEPT\n");
(void)BIO_flush(bio_s_out);
- return (ret);
+ return ret;
}
static void close_accept_socket(void)
if ((dtlslisten && i == 0)
|| (!dtlslisten && retry)) {
BIO_printf(bio_s_out, "DELAY\n");
- return (1);
+ return 1;
}
BIO_printf(bio_err, "ERROR\n");
}
/* Always print any error messages */
ERR_print_errors(bio_err);
- return (0);
+ return 0;
}
print_connection_info(con);
ret = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
err:
BIO_free(bio);
- return (ret);
+ return ret;
}
#endif
PEM_write_bio_X509(io, peer);
X509_free(peer);
peer = NULL;
- } else
+ } else {
BIO_puts(io, "no client certificate available\n");
- BIO_puts(io, "</BODY></HTML>\r\n\r\n");
+ }
+ BIO_puts(io, "</pre></BODY></HTML>\r\n\r\n");
break;
} else if ((www == 2 || www == 3)
&& (strncmp("GET /", buf, 5) == 0)) {
BIO_printf(bio_s_out, "ACCEPT\n");
OPENSSL_free(buf);
BIO_free_all(io);
- return (ret);
+ return ret;
}
static int rev_body(int s, int stype, int prot, unsigned char *context)
OPENSSL_free(buf);
BIO_free_all(io);
- return (ret);
+ return ret;
}
#define MAX_SESSION_ID_ATTEMPTS 10
-static int generate_session_id(const SSL *ssl, unsigned char *id,
+static int generate_session_id(SSL *ssl, unsigned char *id,
unsigned int *id_len)
{
unsigned int count = 0;
projects / openssl.git / blobdiff