X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=apps%2Fs_server.c;h=d545546f29d0d3bf01a75850f6278ff4f7fad014;hb=1e3d16b0a62a9523b44cfcd65abc5998949ed9ab;hp=3e1e1ae68685e44acb13b4e03155eec4f15456c1;hpb=6ddbb4cd92ad8c9ebf874e5d9920c122696b7477;p=openssl.git diff --git a/apps/s_server.c b/apps/s_server.c index 3e1e1ae686..d545546f29 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -146,9 +146,6 @@ static int async = 0; static unsigned int split_send_fragment = 0; static unsigned int max_pipelines = 0; -#ifndef OPENSSL_NO_ENGINE -static char *engine_id = NULL; -#endif static const char *session_id_prefix = NULL; #ifndef OPENSSL_NO_DTLS @@ -169,9 +166,8 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, unsigned char *psk, unsigned int max_psk_len) { - unsigned int psk_len = 0; - int ret; - BIGNUM *bn = NULL; + long key_len = 0; + unsigned char *key; if (s_debug) BIO_printf(bio_s_out, "psk_server_cb\n"); @@ -193,31 +189,26 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, BIO_printf(bio_s_out, "PSK client identity found\n"); /* convert the PSK key to binary */ - ret = BN_hex2bn(&bn, psk_key); - if (!ret) { - BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n", + key = OPENSSL_hexstr2buf(psk_key, &key_len); + if (key == NULL) { + BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n", psk_key); - BN_free(bn); return 0; } - if (BN_num_bytes(bn) > (int)max_psk_len) { + if (key_len > (int)max_psk_len) { BIO_printf(bio_err, - "psk buffer of callback is too small (%d) for key (%d)\n", - max_psk_len, BN_num_bytes(bn)); - BN_free(bn); + "psk buffer of callback is too small (%d) for key (%ld)\n", + max_psk_len, key_len); + OPENSSL_free(key); return 0; } - ret = BN_bn2bin(bn, psk); - BN_free(bn); - - if (ret < 0) - goto out_err; - psk_len = (unsigned int)ret; + memcpy(psk, key, key_len); + OPENSSL_free(key); if (s_debug) - BIO_printf(bio_s_out, "fetched PSK len=%d\n", psk_len); - return psk_len; + BIO_printf(bio_s_out, "fetched PSK len=%ld\n", key_len); + return key_len; out_err: if (s_debug) BIO_printf(bio_err, "Error in PSK server callback\n"); @@ -305,9 +296,6 @@ static void s_server_init(void) async = 0; split_send_fragment = 0; max_pipelines = 0; -#ifndef OPENSSL_NO_ENGINE - engine_id = NULL; -#endif } static int local_argc = 0; @@ -582,13 +570,13 @@ static int cert_status_cb(SSL *s, void *arg) BIO_puts(bio_err, "cert_status: Can't retrieve issuer certificate.\n"); goto done; } - req = OCSP_REQUEST_new(); - if (req == NULL) - goto err; id = OCSP_cert_to_id(NULL, x, X509_OBJECT_get0_X509(obj)); X509_OBJECT_free(obj); if (!id) goto err; + req = OCSP_REQUEST_new(); + if (req == NULL) + goto err; if (!OCSP_request_add0_id(req, id)) goto err; id = NULL; @@ -919,12 +907,16 @@ OPTIONS s_server_options[] = { #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif - {NULL} + {NULL, OPT_EOF, 0, NULL} }; +#define IS_PROT_FLAG(o) \ + (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \ + || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2) + int s_server_main(int argc, char *argv[]) { - ENGINE *e = NULL; + ENGINE *engine = NULL; EVP_PKEY *s_key = NULL, *s_dkey = NULL; SSL_CONF_CTX *cctx = NULL; const SSL_METHOD *meth = TLS_server_method(); @@ -982,7 +974,7 @@ int s_server_main(int argc, char *argv[]) char *srpuserseed = NULL; char *srp_verifier_file = NULL; #endif - int min_version = 0, max_version = 0; + int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0; local_argc = argc; local_argv = argv; @@ -996,6 +988,17 @@ int s_server_main(int argc, char *argv[]) prog = opt_init(argc, argv, s_server_options); while ((o = opt_next()) != OPT_EOF) { + if (IS_PROT_FLAG(o) && ++prot_opt > 1) { + BIO_printf(bio_err, "Cannot supply multiple protocol flags\n"); + goto end; + } + if (IS_NO_PROT_FLAG(o)) + no_prot_opt++; + if (prot_opt == 1 && no_prot_opt) { + BIO_printf(bio_err, "Cannot supply both a protocol flag and " + "\"-no_\"\n"); + goto end; + } switch (o) { case OPT_EOF: case OPT_ERR: @@ -1396,7 +1399,7 @@ int s_server_main(int argc, char *argv[]) session_id_prefix = opt_arg(); break; case OPT_ENGINE: - e = setup_engine(opt_arg(), 1); + engine = setup_engine(opt_arg(), 1); break; case OPT_RAND: inrand = opt_arg(); @@ -1502,7 +1505,7 @@ int s_server_main(int argc, char *argv[]) goto end; if (nocert == 0) { - s_key = load_key(s_key_file, s_key_format, 0, pass, e, + s_key = load_key(s_key_file, s_key_format, 0, pass, engine, "server certificate private key file"); if (!s_key) { ERR_print_errors(bio_err); @@ -1523,7 +1526,7 @@ int s_server_main(int argc, char *argv[]) } if (tlsextcbp.servername) { - s_key2 = load_key(s_key_file2, s_key_format, 0, pass, e, + s_key2 = load_key(s_key_file2, s_key_format, 0, pass, engine, "second server certificate private key file"); if (!s_key2) { ERR_print_errors(bio_err); @@ -1582,7 +1585,7 @@ int s_server_main(int argc, char *argv[]) s_dkey_file = s_dcert_file; s_dkey = load_key(s_dkey_file, s_dkey_format, - 0, dpass, e, "second certificate private key file"); + 0, dpass, engine, "second certificate private key file"); if (!s_dkey) { ERR_print_errors(bio_err); goto end; @@ -1766,9 +1769,10 @@ int s_server_main(int argc, char *argv[]) if (async) SSL_CTX_set_mode(ctx2, SSL_MODE_ASYNC); - if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) || - (!SSL_CTX_set_default_verify_paths(ctx2))) { + if (!ctx_set_verify_locations(ctx2, CAfile, CApath, noCAfile, + noCApath)) { ERR_print_errors(bio_err); + goto end; } if (vpmtouched && !SSL_CTX_set1_param(ctx2, vpm)) { BIO_printf(bio_err, "Error setting verify params\n"); @@ -2172,10 +2176,10 @@ static int sv_body(int s, int stype, unsigned char *context) tv.tv_sec = 1; tv.tv_usec = 0; i = select(width, (void *)&readfds, NULL, NULL, &tv); - if ((i < 0) || (!i && !_kbhit())) - continue; - if (_kbhit()) + if (has_stdin_waiting()) read_from_terminal = 1; + if ((i < 0) || (!i && !read_from_terminal)) + continue; #else if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_get_timeout(con, &timeout)) @@ -2314,12 +2318,14 @@ static int sv_body(int s, int stype, unsigned char *context) break; case SSL_ERROR_WANT_ASYNC: BIO_printf(bio_s_out, "Write BLOCK (Async)\n"); + (void)BIO_flush(bio_s_out); wait_for_async(con); break; case SSL_ERROR_WANT_WRITE: case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_X509_LOOKUP: BIO_printf(bio_s_out, "Write BLOCK\n"); + (void)BIO_flush(bio_s_out); break; case SSL_ERROR_WANT_ASYNC_JOB: /* @@ -2388,16 +2394,19 @@ static int sv_body(int s, int stype, unsigned char *context) ascii2ebcdic(buf, buf, i); #endif raw_write_stdout(buf, (unsigned int)i); + (void)BIO_flush(bio_s_out); if (SSL_has_pending(con)) goto again; break; case SSL_ERROR_WANT_ASYNC: BIO_printf(bio_s_out, "Read BLOCK (Async)\n"); + (void)BIO_flush(bio_s_out); wait_for_async(con); break; case SSL_ERROR_WANT_WRITE: case SSL_ERROR_WANT_READ: BIO_printf(bio_s_out, "Read BLOCK\n"); + (void)BIO_flush(bio_s_out); break; case SSL_ERROR_WANT_ASYNC_JOB: /* @@ -2453,6 +2462,7 @@ static int init_ssl_connection(SSL *con) unsigned next_proto_neg_len; #endif unsigned char *exportedkeymat; + int retry = 0; #ifndef OPENSSL_NO_DTLS if(dtlslisten) { @@ -2480,6 +2490,8 @@ static int init_ssl_connection(SSL *con) BIO_ADDR_free(client); dtlslisten = 0; i = SSL_accept(con); + } else { + BIO_ADDR_free(client); } } else #endif @@ -2487,6 +2499,8 @@ static int init_ssl_connection(SSL *con) do { i = SSL_accept(con); + if (i <= 0) + retry = BIO_sock_should_retry(i); #ifdef CERT_CB_TEST_RETRY { while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP @@ -2494,6 +2508,8 @@ static int init_ssl_connection(SSL *con) BIO_printf(bio_err, "LOOKUP from certificate callback during accept\n"); i = SSL_accept(con); + if (i <= 0) + retry = BIO_sock_should_retry(i); } } #endif @@ -2512,13 +2528,15 @@ static int init_ssl_connection(SSL *con) else BIO_printf(bio_s_out, "LOOKUP not successful\n"); i = SSL_accept(con); + if (i <= 0) + retry = BIO_sock_should_retry(i); } #endif } while (i < 0 && SSL_waiting_for_async(con)); if (i <= 0) { if ((dtlslisten && i == 0) - || (!dtlslisten && BIO_sock_should_retry(i))) { + || (!dtlslisten && retry)) { BIO_printf(bio_s_out, "DELAY\n"); return (1); } @@ -2604,6 +2622,7 @@ static int init_ssl_connection(SSL *con) OPENSSL_free(exportedkeymat); } + (void)BIO_flush(bio_s_out); return (1); } @@ -3300,4 +3319,4 @@ static void free_sessions(void) first = NULL; } -#endif +#endif /* OPENSSL_NO_SOCK */