static int s_server_session_id_context = 1; /* anything will do */
static const char *s_cert_file = TEST_CERT, *s_key_file =
NULL, *s_chain_file = NULL;
+static const char *krb5svc = NULL;
+static const char *krb5tab = NULL;
#ifndef OPENSSL_NO_TLSEXT
static const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL;
#endif
if (!ret) {
BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
psk_key);
- if (bn)
- BN_free(bn);
+ BN_free(bn);
return 0;
}
if (BN_num_bytes(bn) > (int)max_psk_len) {
ebcdic_free,
};
+/* This struct is "unwarranted chumminess with the compiler." */
typedef struct {
size_t alloced;
char buff[1];
{
EBCDIC_OUTBUFF *wbuf;
- wbuf = (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
- if (!wbuf)
- return 0;
+ wbuf = app_malloc(sizeof(*wbuf) + 1024, "ebcdic wbuf");
wbuf->alloced = 1024;
wbuf->buff[0] = '\0';
{
if (a == NULL)
return (0);
- if (a->ptr != NULL)
- OPENSSL_free(a->ptr);
+ OPENSSL_free(a->ptr);
a->ptr = NULL;
a->init = 0;
a->flags = 0;
num = num + num; /* double the size */
if (num < inl)
num = inl;
- wbuf = (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num);
- if (!wbuf)
- return 0;
+ wbuf = app_malloc(sizeof(*wbuf) + num, "grow ebcdic wbuf");
OPENSSL_free(b->ptr);
wbuf->alloced = num;
static int cert_status_cb(SSL *s, void *arg)
{
tlsextstatusctx *srctx = arg;
- char *host, *port, *path;
+ char *host = NULL, *port = NULL, *path = NULL;
int use_ssl;
unsigned char *rspder = NULL;
int rspderlen;
OPENSSL_free(port);
X509_email_free(aia);
}
- if (id)
- OCSP_CERTID_free(id);
- if (req)
- OCSP_REQUEST_free(req);
- if (resp)
- OCSP_RESPONSE_free(resp);
+ OCSP_CERTID_free(id);
+ OCSP_REQUEST_free(req);
+ OCSP_RESPONSE_free(resp);
return ret;
err:
ret = SSL_TLSEXT_ERR_ALERT_FATAL;
OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
OPT_S_ENUM,
OPT_V_ENUM,
- OPT_X_ENUM
+ OPT_X_ENUM,
+ OPT_KRB5SVC, OPT_KRBTAB
} OPTION_CHOICE;
OPTIONS s_server_options[] = {
{"jpake", OPT_JPAKE, 's', "JPAKE secret to use"},
# endif
#endif
+ {"krb5svc", OPT_KRB5SVC, 's', "Kerberos service name"},
+ {"keytab", OPT_KRBTAB, '<', "Kerberos keytab file"},
#ifndef OPENSSL_NO_SRP
{"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"},
{"srpuserseed", OPT_SRPUSERSEED, 's',
break;
#ifndef OPENSSL_NO_SSL3
case OPT_SSL3:
- meth = SSLv3_client_method();
+ meth = SSLv3_server_method();
break;
#endif
case OPT_TLS1_2:
- meth = TLSv1_2_client_method();
+ meth = TLSv1_2_server_method();
break;
case OPT_TLS1_1:
- meth = TLSv1_1_client_method();
+ meth = TLSv1_1_server_method();
break;
case OPT_TLS1:
- meth = TLSv1_client_method();
+ meth = TLSv1_server_method();
break;
#ifndef OPENSSL_NO_DTLS1
case OPT_DTLS:
- meth = DTLS_client_method();
+ meth = DTLS_server_method();
socket_type = SOCK_DGRAM;
break;
case OPT_DTLS1:
- meth = DTLSv1_client_method();
+ meth = DTLSv1_server_method();
socket_type = SOCK_DGRAM;
break;
case OPT_DTLS1_2:
- meth = DTLSv1_2_client_method();
+ meth = DTLSv1_2_server_method();
socket_type = SOCK_DGRAM;
break;
case OPT_TIMEOUT:
session_id_prefix = opt_arg();
break;
case OPT_ENGINE:
- engine_id = opt_arg();
+ e = setup_engine(opt_arg(), 1);
break;
case OPT_RAND:
inrand = opt_arg();
case OPT_JPAKE:
goto opthelp;
#endif
+ case OPT_KRB5SVC:
+ krb5svc = opt_arg();
+ break;
+ case OPT_KRBTAB:
+ krb5tab = opt_arg();
+ break;
case OPT_SRTP_PROFILES:
srtp_profiles = opt_arg();
break;
}
#endif
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(engine_id, 1);
-#endif
-
if (!app_passwd(passarg, dpassarg, &pass, &dpass)) {
BIO_printf(bio_err, "Error getting password\n");
goto end;
ctx = SSL_CTX_new(meth);
if (sdebug)
- ssl_ctx_security_debug(ctx, bio_err, sdebug);
+ ssl_ctx_security_debug(ctx, sdebug);
if (ctx == NULL) {
ERR_print_errors(bio_err);
goto end;
BIO_printf(bio_s_out, "Setting secondary ctx parameters\n");
if (sdebug)
- ssl_ctx_security_debug(ctx, bio_err, sdebug);
+ ssl_ctx_security_debug(ctx, sdebug);
if (session_id_prefix) {
if (strlen(session_id_prefix) >= 32)
ret = 0;
end:
SSL_CTX_free(ctx);
- if (s_cert)
- X509_free(s_cert);
- if (crls)
- sk_X509_CRL_pop_free(crls, X509_CRL_free);
- if (s_dcert)
- X509_free(s_dcert);
+ X509_free(s_cert);
+ sk_X509_CRL_pop_free(crls, X509_CRL_free);
+ X509_free(s_dcert);
EVP_PKEY_free(s_key);
EVP_PKEY_free(s_dkey);
- if (s_chain)
- sk_X509_pop_free(s_chain, X509_free);
- if (s_dchain)
- sk_X509_pop_free(s_dchain, X509_free);
- if (pass)
- OPENSSL_free(pass);
- if (dpass)
- OPENSSL_free(dpass);
- if (vpm)
- X509_VERIFY_PARAM_free(vpm);
+ sk_X509_pop_free(s_chain, X509_free);
+ sk_X509_pop_free(s_dchain, X509_free);
+ OPENSSL_free(pass);
+ OPENSSL_free(dpass);
+ X509_VERIFY_PARAM_free(vpm);
free_sessions();
#ifndef OPENSSL_NO_TLSEXT
- if (tlscstatp.host)
- OPENSSL_free(tlscstatp.host);
- if (tlscstatp.port)
- OPENSSL_free(tlscstatp.port);
- if (tlscstatp.path)
- OPENSSL_free(tlscstatp.path);
+ OPENSSL_free(tlscstatp.host);
+ OPENSSL_free(tlscstatp.port);
+ OPENSSL_free(tlscstatp.path);
SSL_CTX_free(ctx2);
- if (s_cert2)
- X509_free(s_cert2);
+ X509_free(s_cert2);
EVP_PKEY_free(s_key2);
BIO_free(serverinfo_in);
# ifndef OPENSSL_NO_NEXTPROTONEG
- if (next_proto.data)
- OPENSSL_free(next_proto.data);
+ OPENSSL_free(next_proto.data);
# endif
- if (alpn_ctx.data)
- OPENSSL_free(alpn_ctx.data);
+ OPENSSL_free(alpn_ctx.data);
#endif
ssl_excert_free(exc);
sk_OPENSSL_STRING_free(ssl_args);
SSL_CONF_CTX_free(cctx);
-#ifndef OPENSSL_NO_JPAKE
- if (jpake_secret && psk_key)
- OPENSSL_free(psk_key);
-#endif
BIO_free(bio_s_out);
bio_s_out = NULL;
BIO_free(bio_s_msg);
struct timeval *timeoutp;
#endif
- if ((buf = OPENSSL_malloc(bufsize)) == NULL) {
- BIO_printf(bio_err, "out of memory\n");
- goto err;
- }
+ buf = app_malloc(bufsize, "server buffer");
#ifdef FIONBIO
if (s_nbio) {
unsigned long sl = 1;
SSL_free(con);
}
BIO_printf(bio_s_out, "CONNECTION CLOSED\n");
- if (buf != NULL) {
- OPENSSL_cleanse(buf, bufsize);
- OPENSSL_free(buf);
- }
+ OPENSSL_clear_free(buf, bufsize);
if (ret >= 0)
BIO_printf(bio_s_out, "ACCEPT\n");
(void)BIO_flush(bio_s_out);
}
if (s_brief)
- print_ssl_summary(bio_err, con);
+ print_ssl_summary(con);
PEM_write_bio_SSL_SESSION(bio_s_out, SSL_get_session(con));
BIO_printf(bio_s_out, "Keying material exporter:\n");
BIO_printf(bio_s_out, " Label: '%s'\n", keymatexportlabel);
BIO_printf(bio_s_out, " Length: %i bytes\n", keymatexportlen);
- exportedkeymat = OPENSSL_malloc(keymatexportlen);
- if (exportedkeymat != NULL) {
- if (!SSL_export_keying_material(con, exportedkeymat,
- keymatexportlen,
- keymatexportlabel,
- strlen(keymatexportlabel),
- NULL, 0, 0)) {
- BIO_printf(bio_s_out, " Error\n");
- } else {
- BIO_printf(bio_s_out, " Keying material: ");
- for (i = 0; i < keymatexportlen; i++)
- BIO_printf(bio_s_out, "%02X", exportedkeymat[i]);
- BIO_printf(bio_s_out, "\n");
- }
- OPENSSL_free(exportedkeymat);
+ exportedkeymat = app_malloc(keymatexportlen, "export key");
+ if (!SSL_export_keying_material(con, exportedkeymat,
+ keymatexportlen,
+ keymatexportlabel,
+ strlen(keymatexportlabel),
+ NULL, 0, 0)) {
+ BIO_printf(bio_s_out, " Error\n");
+ } else {
+ BIO_printf(bio_s_out, " Keying material: ");
+ for (i = 0; i < keymatexportlen; i++)
+ BIO_printf(bio_s_out, "%02X", exportedkeymat[i]);
+ BIO_printf(bio_s_out, "\n");
}
+ OPENSSL_free(exportedkeymat);
}
return (1);
int total_bytes = 0;
#endif
- buf = OPENSSL_malloc(bufsize);
- if (buf == NULL)
- return (0);
+ buf = app_malloc(bufsize, "server www buffer");
io = BIO_new(BIO_f_buffer());
ssl_bio = BIO_new(BIO_f_ssl());
if ((io == NULL) || (ssl_bio == NULL))
/* BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/
BIO_puts(io, "\n");
for (i = 0; i < local_argc; i++) {
- BIO_puts(io, local_argv[i]);
+ const char *myp;
+ for (myp = local_argv[i]; *myp; myp++)
+ switch (*myp) {
+ case '<':
+ BIO_puts(io, "<");
+ break;
+ case '>':
+ BIO_puts(io, ">");
+ break;
+ case '&':
+ BIO_puts(io, "&");
+ break;
+ default:
+ BIO_write(io, myp, 1);
+ break;
+ }
BIO_write(io, " ", 1);
}
BIO_puts(io, "\n");
err:
if (ret >= 0)
BIO_printf(bio_s_out, "ACCEPT\n");
- if (buf != NULL)
- OPENSSL_free(buf);
+ OPENSSL_free(buf);
BIO_free_all(io);
return (ret);
}
KSSL_CTX *kctx;
#endif
- buf = OPENSSL_malloc(bufsize);
- if (buf == NULL)
- return (0);
+ buf = app_malloc(bufsize, "server rev buffer");
io = BIO_new(BIO_f_buffer());
ssl_bio = BIO_new(BIO_f_ssl());
if ((io == NULL) || (ssl_bio == NULL))
}
}
BIO_printf(bio_err, "CONNECTION ESTABLISHED\n");
- print_ssl_summary(bio_err, con);
+ print_ssl_summary(con);
for (;;) {
i = BIO_gets(io, buf, bufsize - 1);
p--;
i--;
}
- if (!s_ign_eof && i == 5 && !strncmp(buf, "CLOSE", 5)) {
+ if (!s_ign_eof && (i == 5) && (strncmp(buf, "CLOSE", 5) == 0)) {
ret = 1;
BIO_printf(bio_err, "CONNECTION CLOSED\n");
goto end;
err:
- if (buf != NULL)
- OPENSSL_free(buf);
+ OPENSSL_free(buf);
BIO_free_all(io);
return (ret);
}
static int add_session(SSL *ssl, SSL_SESSION *session)
{
- simple_ssl_session *sess;
+ simple_ssl_session *sess = app_malloc(sizeof(*sess), "get session");
unsigned char *p;
- sess = OPENSSL_malloc(sizeof(simple_ssl_session));
- if (!sess) {
- BIO_printf(bio_err, "Out of memory adding to external cache\n");
- return 0;
- }
-
SSL_SESSION_get_id(session, &sess->idlen);
sess->derlen = i2d_SSL_SESSION(session, NULL);
if (sess->derlen < 0) {
BIO_printf(bio_err, "Error encoding session\n");
+ OPENSSL_free(sess);
return 0;
}
sess->id = BUF_memdup(SSL_SESSION_get_id(session, NULL), sess->idlen);
- sess->der = OPENSSL_malloc(sess->derlen);
- if (!sess->id || !sess->der) {
+ sess->der = app_malloc(sess->derlen, "get session buffer");
+ if (!sess->id) {
BIO_printf(bio_err, "Out of memory adding to external cache\n");
- if (sess->id)
- OPENSSL_free(sess->id);
- if (sess->der)
- OPENSSL_free(sess->der);
+ OPENSSL_free(sess->id);
+ OPENSSL_free(sess->der);
OPENSSL_free(sess);
return 0;
}
/* Assume it still works. */
if (i2d_SSL_SESSION(session, &p) != sess->derlen) {
- BIO_printf(bio_err, "Error encoding session\n");
+ BIO_printf(bio_err, "Unexpected session encoding length\n");
+ OPENSSL_free(sess->id);
+ OPENSSL_free(sess->der);
+ OPENSSL_free(sess);
return 0;
}