X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=apps%2Fs_server.c;h=1a9ce281c3bf63ef07d6ce42ade15b206164aad6;hp=af19b89227a0140454d32afe88d66cb58dab46ce;hb=2afbd6fa08328c9de13bcd81776fe45ec3532b4c;hpb=a2a0158959e597188c10fbfeaf61888b2df2e587 diff --git a/apps/s_server.c b/apps/s_server.c index af19b89227..1a9ce281c3 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -83,6 +83,7 @@ typedef unsigned int u_int; #include #include #include +#include #include "s_apps.h" #ifdef WINDOWS @@ -176,6 +177,7 @@ static int s_debug=0; static int s_quiet=0; static int hack=0; +static char *engine_id=NULL; #ifdef MONOLITH static void s_server_init(void) @@ -198,6 +200,7 @@ static void s_server_init(void) s_debug=0; s_quiet=0; hack=0; + engine_id=NULL; } #endif @@ -228,6 +231,7 @@ static void sv_usage(void) BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n"); BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n"); + BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n"); BIO_printf(bio_err," -quiet - No server output\n"); BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n"); BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n"); @@ -242,6 +246,7 @@ static void sv_usage(void) BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n"); BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n"); BIO_printf(bio_err," -WWW - Respond to a 'GET / HTTP/1.0' with file ./\n"); + BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); } static int local_argc=0; @@ -285,7 +290,7 @@ static int ebcdic_new(BIO *bi) { EBCDIC_OUTBUFF *wbuf; - wbuf = (EBCDIC_OUTBUFF *)Malloc(sizeof(EBCDIC_OUTBUFF) + 1024); + wbuf = (EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024); wbuf->alloced = 1024; wbuf->buff[0] = '\0'; @@ -299,7 +304,7 @@ static int ebcdic_free(BIO *a) { if (a == NULL) return(0); if (a->ptr != NULL) - Free(a->ptr); + OPENSSL_free(a->ptr); a->ptr=NULL; a->init=0; a->flags=0; @@ -336,8 +341,8 @@ static int ebcdic_write(BIO *b, char *in, int inl) num = num + num; /* double the size */ if (num < inl) num = inl; - Free(wbuf); - wbuf=(EBCDIC_OUTBUFF *)Malloc(sizeof(EBCDIC_OUTBUFF) + num); + OPENSSL_free(wbuf); + wbuf=(EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num); wbuf->alloced = num; wbuf->buff[0] = '\0'; @@ -411,9 +416,7 @@ int MAIN(int argc, char *argv[]) int no_tmp_rsa=0,no_dhe=0,nocert=0; int state=0; SSL_METHOD *meth=NULL; -#ifndef NO_DH - DH *dh=NULL; -#endif + ENGINE *e=NULL; #if !defined(NO_SSL2) && !defined(NO_SSL3) meth=SSLv23_server_method(); @@ -506,6 +509,8 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; CApath= *(++argv); } + else if (strcmp(*argv,"-serverpref") == 0) + { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; } else if (strcmp(*argv,"-cipher") == 0) { if (--argc < 1) goto bad; @@ -565,6 +570,11 @@ int MAIN(int argc, char *argv[]) else if (strcmp(*argv,"-tls1") == 0) { meth=TLSv1_server_method(); } #endif + else if (strcmp(*argv,"-engine") == 0) + { + if (--argc < 1) goto bad; + engine_id= *(++argv); + } else { BIO_printf(bio_err,"unknown option %s\n",*argv); @@ -609,6 +619,29 @@ bad: SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); + if (engine_id != NULL) + { + if((e = ENGINE_by_id(engine_id)) == NULL) + { + BIO_printf(bio_err,"invalid engine\n"); + ERR_print_errors(bio_err); + goto end; + } + if (s_debug) + { + ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, + 0, bio_err, 0); + } + if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) + { + BIO_printf(bio_err,"can't use that engine\n"); + ERR_print_errors(bio_err); + goto end; + } + BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id); + ENGINE_free(e); + } + ctx=SSL_CTX_new(meth); if (ctx == NULL) { @@ -649,7 +682,13 @@ bad: #ifndef NO_DH if (!no_dhe) { - dh=load_dh_param(dhfile ? dhfile : s_cert_file); + DH *dh=NULL; + + if (dhfile) + dh = load_dh_param(dhfile); + else if (s_cert_file) + dh = load_dh_param(s_cert_file); + if (dh != NULL) { BIO_printf(bio_s_out,"Setting temp DH parameters\n"); @@ -766,7 +805,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) struct timeval tv; #endif - if ((buf=Malloc(bufsize)) == NULL) + if ((buf=OPENSSL_malloc(bufsize)) == NULL) { BIO_printf(bio_err,"out of memory\n"); goto err; @@ -785,6 +824,13 @@ static int sv_body(char *hostname, int s, unsigned char *context) if (con == NULL) { con=SSL_new(ctx); +#ifndef NO_KRB5 + if ((con->kssl_ctx = kssl_ctx_new()) != NULL) + { + kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC); + kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB); + } +#endif /* NO_KRB5 */ if(context) SSL_set_session_id_context(con, context, strlen((char *)context)); @@ -1028,7 +1074,7 @@ err: if (buf != NULL) { memset(buf,0,bufsize); - Free(buf); + OPENSSL_free(buf); } if (ret >= 0) BIO_printf(bio_s_out,"ACCEPT\n"); @@ -1145,7 +1191,7 @@ static int www_body(char *hostname, int s, unsigned char *context) BIO *io,*ssl_bio,*sbio; long total_bytes; - buf=Malloc(bufsize); + buf=OPENSSL_malloc(bufsize); if (buf == NULL) return(0); io=BIO_new(BIO_f_buffer()); ssl_bio=BIO_new(BIO_f_ssl()); @@ -1474,7 +1520,7 @@ err: if (ret >= 0) BIO_printf(bio_s_out,"ACCEPT\n"); - if (buf != NULL) Free(buf); + if (buf != NULL) OPENSSL_free(buf); if (io != NULL) BIO_free_all(io); /* if (ssl_bio != NULL) BIO_free(ssl_bio);*/ return(ret);