X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=apps%2Fs_server.c;h=4c3ca792e240bdfbce507b558f364f0e8aa9f595;hp=6b6035f0ba14c8682d4cfc49723c6cafcedd48fa;hb=c0efda00e985b63717ff2087e3f2206fbabe764f;hpb=0ff2b9ac0b8b9cd62e20cd65bf4922b34f57a8c1 diff --git a/apps/s_server.c b/apps/s_server.c index 6b6035f0ba..4c3ca792e2 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -190,11 +190,7 @@ typedef unsigned int u_int; # undef FIONBIO #endif -#ifndef OPENSSL_NO_RSA -static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength); -#endif static int not_resumable_sess_cb(SSL *s, int is_forward_secure); -static void wait_for_async(SSL *s); static int sv_body(char *hostname, int s, int stype, unsigned char *context); static int www_body(char *hostname, int s, int stype, unsigned char *context); static int rev_body(char *hostname, int s, int stype, unsigned char *context); @@ -808,7 +804,7 @@ typedef enum OPTION_choice { OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_STATUS, OPT_STATUS_VERBOSE, OPT_STATUS_TIMEOUT, OPT_STATUS_URL, OPT_MSG, OPT_MSGFILE, OPT_TRACE, OPT_SECURITY_DEBUG, OPT_SECURITY_DEBUG_VERBOSE, OPT_STATE, OPT_CRLF, - OPT_QUIET, OPT_BRIEF, OPT_NO_TMP_RSA, OPT_NO_DHE, OPT_NO_ECDHE, + OPT_QUIET, OPT_BRIEF, OPT_NO_DHE, OPT_NO_ECDHE, OPT_NO_RESUME_EPHEMERAL, OPT_PSK_HINT, OPT_PSK, OPT_SRPVFILE, OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP, OPT_ASYNC, OPT_SSL3, @@ -867,7 +863,6 @@ OPTIONS s_server_options[] = { "Do not load certificates from the default certificates directory"}, {"nocert", OPT_NOCERT, '-', "Don't use any certificates (Anon-DH)"}, {"quiet", OPT_QUIET, '-', "No server output"}, - {"no_tmp_rsa", OPT_NO_TMP_RSA, '-', "Do not generate a tmp RSA key"}, {"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"}, {"tls1_1", OPT_TLS1_1, '-', "Just talk TLSv1.1"}, {"tls1", OPT_TLS1, '-', "Just talk TLSv1"}, @@ -1005,7 +1000,7 @@ int s_server_main(int argc, char *argv[]) #ifndef OPENSSL_NO_DH int no_dhe = 0; #endif - int no_tmp_rsa = 0, no_ecdhe = 0, nocert = 0, ret = 1; + int no_ecdhe = 0, nocert = 0, ret = 1; int noCApath = 0, noCAfile = 0; int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM; @@ -1296,9 +1291,6 @@ int s_server_main(int argc, char *argv[]) case OPT_BRIEF: s_quiet = s_brief = verify_quiet = 1; break; - case OPT_NO_TMP_RSA: - no_tmp_rsa = 1; - break; case OPT_NO_DHE: #ifndef OPENSSL_NO_DH no_dhe = 1; @@ -1661,7 +1653,7 @@ int s_server_main(int argc, char *argv[]) if (async) { SSL_CTX_set_mode(ctx, SSL_MODE_ASYNC); - ASYNC_init_pool(0, 0); + ASYNC_init(1, 0, 0); } #ifndef OPENSSL_NO_SRTP @@ -1825,13 +1817,6 @@ int s_server_main(int argc, char *argv[]) if (!set_cert_key_stuff(ctx, s_dcert, s_dkey, s_dchain, build_chain)) goto end; } -#ifndef OPENSSL_NO_RSA - if (!no_tmp_rsa) { - SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb); - if (ctx2) - SSL_CTX_set_tmp_rsa_callback(ctx2, tmp_rsa_cb); - } -#endif if (no_resume_ephemeral) { SSL_CTX_set_not_resumable_session_callback(ctx, @@ -1975,7 +1960,7 @@ int s_server_main(int argc, char *argv[]) BIO_free(bio_s_msg); bio_s_msg = NULL; if (async) { - ASYNC_free_pool(); + ASYNC_cleanup(1); } return (ret); } @@ -2008,21 +1993,6 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) SSL_CTX_sess_get_cache_size(ssl_ctx)); } -static void wait_for_async(SSL *s) -{ - int width, fd; - fd_set asyncfds; - - fd = SSL_get_async_wait_fd(s); - if (!fd) - return; - - width = fd + 1; - FD_ZERO(&asyncfds); - openssl_fdset(fd, &asyncfds); - select(width, (void *)&asyncfds, NULL, NULL, NULL); -} - static int sv_body(char *hostname, int s, int stype, unsigned char *context) { char *buf = NULL; @@ -2152,7 +2122,8 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context) int read_from_sslcon; read_from_terminal = 0; - read_from_sslcon = SSL_pending(con); + read_from_sslcon = SSL_pending(con) + || (async && SSL_waiting_for_async(con)); if (!read_from_sslcon) { FD_ZERO(&readfds); @@ -2348,7 +2319,13 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context) } } if (read_from_sslcon) { - if (!SSL_is_init_finished(con)) { + /* + * init_ssl_connection handles all async events itself so if we're + * waiting for async then we shouldn't go back into + * init_ssl_connection + */ + if ((!async || !SSL_waiting_for_async(con)) + && !SSL_is_init_finished(con)) { i = init_ssl_connection(con); if (i < 0) { @@ -3144,35 +3121,6 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context) return (ret); } -#ifndef OPENSSL_NO_RSA -static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength) -{ - BIGNUM *bn = NULL; - static RSA *rsa_tmp = NULL; - - if (!rsa_tmp && ((bn = BN_new()) == NULL)) - BIO_printf(bio_err, "Allocation error in generating RSA key\n"); - if (!rsa_tmp && bn) { - if (!s_quiet) { - BIO_printf(bio_err, "Generating temp (%d bit) RSA key...", - keylength); - (void)BIO_flush(bio_err); - } - if (!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) || - !RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) { - RSA_free(rsa_tmp); - rsa_tmp = NULL; - } - if (!s_quiet) { - BIO_printf(bio_err, "\n"); - (void)BIO_flush(bio_err); - } - BN_free(bn); - } - return (rsa_tmp); -} -#endif - #define MAX_SESSION_ID_ATTEMPTS 10 static int generate_session_id(const SSL *ssl, unsigned char *id, unsigned int *id_len)