#include <openssl/pem.h>
#include <openssl/x509.h>
#include <openssl/ssl.h>
+#include <openssl/engine.h>
#include "s_apps.h"
#ifdef WINDOWS
#undef FIONBIO
#endif
-#if defined(NO_RSA) && !defined(NO_SSL2)
-#define NO_SSL2
-#endif
-
#ifndef NO_RSA
static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
#endif
static int s_quiet=0;
static int hack=0;
+static char *engine_id=NULL;
#ifdef MONOLITH
static void s_server_init(void)
s_debug=0;
s_quiet=0;
hack=0;
+ engine_id=NULL;
}
#endif
#ifndef NO_DH
BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n");
#endif
- BIO_printf(bio_err," -bugs - Turn on SSL bug compatability\n");
+ BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n");
BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n");
BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
+ BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
}
static int local_argc=0;
{
EBCDIC_OUTBUFF *wbuf;
- wbuf = (EBCDIC_OUTBUFF *)Malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
+ wbuf = (EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
wbuf->alloced = 1024;
wbuf->buff[0] = '\0';
{
if (a == NULL) return(0);
if (a->ptr != NULL)
- Free(a->ptr);
+ OPENSSL_free(a->ptr);
a->ptr=NULL;
a->init=0;
a->flags=0;
num = num + num; /* double the size */
if (num < inl)
num = inl;
- Free((char*)wbuf);
- wbuf=(EBCDIC_OUTBUFF *)Malloc(sizeof(EBCDIC_OUTBUFF) + num);
+ OPENSSL_free(wbuf);
+ wbuf=(EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num);
wbuf->alloced = num;
wbuf->buff[0] = '\0';
}
#endif
+int MAIN(int, char **);
+
int MAIN(int argc, char *argv[])
{
short port=PORT;
int no_tmp_rsa=0,no_dhe=0,nocert=0;
int state=0;
SSL_METHOD *meth=NULL;
-#ifndef NO_DH
- DH *dh=NULL;
-#endif
+ ENGINE *e=NULL;
#if !defined(NO_SSL2) && !defined(NO_SSL3)
meth=SSLv23_server_method();
else if (strcmp(*argv,"-tls1") == 0)
{ meth=TLSv1_server_method(); }
#endif
+ else if (strcmp(*argv,"-engine") == 0)
+ {
+ if (--argc < 1) goto bad;
+ engine_id= *(++argv);
+ }
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
}
SSL_load_error_strings();
- SSLeay_add_ssl_algorithms();
+ OpenSSL_add_ssl_algorithms();
+
+ if (engine_id != NULL)
+ {
+ if((e = ENGINE_by_id(engine_id)) == NULL)
+ {
+ BIO_printf(bio_err,"invalid engine\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (s_debug)
+ {
+ ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
+ 0, bio_err, 0);
+ }
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+ {
+ BIO_printf(bio_err,"can't use that engine\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id);
+ ENGINE_free(e);
+ }
ctx=SSL_CTX_new(meth);
if (ctx == NULL)
#ifndef NO_DH
if (!no_dhe)
{
- dh=load_dh_param(dhfile ? dhfile : s_cert_file);
+ DH *dh=NULL;
+
+ if (dhfile)
+ dh = load_dh_param(dhfile);
+ else if (s_cert_file)
+ dh = load_dh_param(s_cert_file);
+
if (dh != NULL)
{
BIO_printf(bio_s_out,"Setting temp DH parameters\n");
#endif
if (cipher != NULL)
- SSL_CTX_set_cipher_list(ctx,cipher);
+ if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
+ BIO_printf(bio_err,"error setting cipher list\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context,
sizeof s_server_session_id_context);
struct timeval tv;
#endif
- if ((buf=Malloc(bufsize)) == NULL)
+ if ((buf=OPENSSL_malloc(bufsize)) == NULL)
{
BIO_printf(bio_err,"out of memory\n");
goto err;
#endif
if (con == NULL) {
- con=(SSL *)SSL_new(ctx);
+ con=SSL_new(ctx);
+#ifndef NO_KRB5
+ if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
+ {
+ kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC);
+ kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB);
+ }
+#endif /* NO_KRB5 */
if(context)
SSL_set_session_id_context(con, context,
strlen((char *)context));
width=s+1;
for (;;)
{
- FD_ZERO(&readfds);
+ int read_from_terminal;
+ int read_from_sslcon;
+
+ read_from_terminal = 0;
+ read_from_sslcon = SSL_pending(con);
+
+ if (!read_from_sslcon)
+ {
+ FD_ZERO(&readfds);
#ifndef WINDOWS
- FD_SET(fileno(stdin),&readfds);
+ FD_SET(fileno(stdin),&readfds);
#endif
- FD_SET(s,&readfds);
- /* Note: under VMS with SOCKETSHR the second parameter is
- * currently of type (int *) whereas under other systems
- * it is (void *) if you don't have a cast it will choke
- * the compiler: if you do have a cast then you can either
- * go for (int *) or (void *).
- */
+ FD_SET(s,&readfds);
+ /* Note: under VMS with SOCKETSHR the second parameter is
+ * currently of type (int *) whereas under other systems
+ * it is (void *) if you don't have a cast it will choke
+ * the compiler: if you do have a cast then you can either
+ * go for (int *) or (void *).
+ */
#ifdef WINDOWS
- /* Under Windows we can't select on stdin: only
- * on sockets. As a workaround we timeout the select every
- * second and check for any keypress. In a proper Windows
- * application we wouldn't do this because it is inefficient.
- */
- tv.tv_sec = 1;
- tv.tv_usec = 0;
- i=select(width,(void *)&readfds,NULL,NULL,&tv);
- if((i < 0) || (!i && !_kbhit() ) )continue;
- if(_kbhit())
+ /* Under Windows we can't select on stdin: only
+ * on sockets. As a workaround we timeout the select every
+ * second and check for any keypress. In a proper Windows
+ * application we wouldn't do this because it is inefficient.
+ */
+ tv.tv_sec = 1;
+ tv.tv_usec = 0;
+ i=select(width,(void *)&readfds,NULL,NULL,&tv);
+ if((i < 0) || (!i && !_kbhit() ) )continue;
+ if(_kbhit())
+ read_from_terminal = 1;
#else
- i=select(width,(void *)&readfds,NULL,NULL,NULL);
- if (i <= 0) continue;
- if (FD_ISSET(fileno(stdin),&readfds))
+ i=select(width,(void *)&readfds,NULL,NULL,NULL);
+ if (i <= 0) continue;
+ if (FD_ISSET(fileno(stdin),&readfds))
+ read_from_terminal = 1;
#endif
+ if (FD_ISSET(s,&readfds))
+ read_from_sslcon = 1;
+ }
+ if (read_from_terminal)
{
if (s_crlf)
{
if (i <= 0) break;
}
}
- if (FD_ISSET(s,&readfds))
+ if (read_from_sslcon)
{
if (!SSL_is_init_finished(con))
{
if (buf != NULL)
{
memset(buf,0,bufsize);
- Free(buf);
+ OPENSSL_free(buf);
}
if (ret >= 0)
BIO_printf(bio_s_out,"ACCEPT\n");
BIO *io,*ssl_bio,*sbio;
long total_bytes;
- buf=Malloc(bufsize);
+ buf=OPENSSL_malloc(bufsize);
if (buf == NULL) return(0);
io=BIO_new(BIO_f_buffer());
ssl_bio=BIO_new(BIO_f_ssl());
/* lets make the output buffer a reasonable size */
if (!BIO_set_write_buffer_size(io,bufsize)) goto err;
- if ((con=(SSL *)SSL_new(ctx)) == NULL) goto err;
+ if ((con=SSL_new(ctx)) == NULL) goto err;
if(context) SSL_set_session_id_context(con, context,
strlen((char *)context));
/* make sure we re-use sessions */
SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
#else
- /* This kills performace */
+ /* This kills performance */
/* SSL_shutdown(con); A shutdown gets sent in the
* BIO_free_all(io) procession */
#endif
if (ret >= 0)
BIO_printf(bio_s_out,"ACCEPT\n");
- if (buf != NULL) Free(buf);
+ if (buf != NULL) OPENSSL_free(buf);
if (io != NULL) BIO_free_all(io);
/* if (ssl_bio != NULL) BIO_free(ssl_bio);*/
return(ret);
projects / openssl.git / blobdiff