X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=apps%2Fs_server.c;h=5500ceadbc2f91469ebd938ccac04a80e55dd980;hp=21d2d3743e3fa071bb247c91aa0191e477587c8a;hb=a7f82a1ab2be0b9c27944430ac48ad63cc0d5e79;hpb=68dc682499ea3fe27d909c946d7abd39062d6efd diff --git a/apps/s_server.c b/apps/s_server.c index 21d2d3743e..5500ceadbc 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -228,8 +228,7 @@ static int s_server_verify = SSL_VERIFY_NONE; static int s_server_session_id_context = 1; /* anything will do */ static const char *s_cert_file = TEST_CERT, *s_key_file = NULL, *s_chain_file = NULL; -static const char *krb5svc = NULL; -static const char *krb5tab = NULL; + #ifndef OPENSSL_NO_TLSEXT static const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL; #endif @@ -315,8 +314,7 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, if (!ret) { BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n", psk_key); - if (bn) - BN_free(bn); + BN_free(bn); return 0; } if (BN_num_bytes(bn) > (int)max_psk_len) { @@ -462,7 +460,7 @@ static int ebcdic_new(BIO *bi) { EBCDIC_OUTBUFF *wbuf; - wbuf = app_malloc(sizeof(EBCDIC_OUTBUFF) + 1024, "ebcdef wbuf"); + wbuf = app_malloc(sizeof(*wbuf) + 1024, "ebcdic wbuf"); wbuf->alloced = 1024; wbuf->buff[0] = '\0'; @@ -476,8 +474,7 @@ static int ebcdic_free(BIO *a) { if (a == NULL) return (0); - if (a->ptr != NULL) - OPENSSL_free(a->ptr); + OPENSSL_free(a->ptr); a->ptr = NULL; a->init = 0; a->flags = 0; @@ -517,7 +514,7 @@ static int ebcdic_write(BIO *b, const char *in, int inl) num = num + num; /* double the size */ if (num < inl) num = inl; - wbuf = app_malloc(sizeof(EBCDIC_OUTBUFF) + num, "grow ebcdic wbuf"); + wbuf = app_malloc(sizeof(*wbuf) + num, "grow ebcdic wbuf"); OPENSSL_free(b->ptr); wbuf->alloced = num; @@ -633,7 +630,7 @@ static tlsextstatusctx tlscstatp = { NULL, NULL, NULL, 0, -1, 0 }; static int cert_status_cb(SSL *s, void *arg) { tlsextstatusctx *srctx = arg; - char *host, *port, *path; + char *host = NULL, *port = NULL, *path = NULL; int use_ssl; unsigned char *rspder = NULL; int rspderlen; @@ -726,12 +723,9 @@ static int cert_status_cb(SSL *s, void *arg) OPENSSL_free(port); X509_email_free(aia); } - if (id) - OCSP_CERTID_free(id); - if (req) - OCSP_REQUEST_free(req); - if (resp) - OCSP_RESPONSE_free(resp); + OCSP_CERTID_free(id); + OCSP_REQUEST_free(req); + OCSP_RESPONSE_free(resp); return ret; err: ret = SSL_TLSEXT_ERR_ALERT_FATAL; @@ -838,8 +832,7 @@ typedef enum OPTION_choice { OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_S_ENUM, OPT_V_ENUM, - OPT_X_ENUM, - OPT_KRB5SVC, OPT_KRBTAB + OPT_X_ENUM } OPTION_CHOICE; OPTIONS s_server_options[] = { @@ -897,8 +890,6 @@ OPTIONS s_server_options[] = { {"jpake", OPT_JPAKE, 's', "JPAKE secret to use"}, # endif #endif - {"krb5svc", OPT_KRB5SVC, 's', "Kerberos service name"}, - {"keytab", OPT_KRBTAB, '<', "Kerberos keytab file"}, #ifndef OPENSSL_NO_SRP {"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"}, {"srpuserseed", OPT_SRPUSERSEED, 's', @@ -996,7 +987,7 @@ int s_server_main(int argc, char *argv[]) ENGINE *e = NULL; EVP_PKEY *s_key = NULL, *s_dkey = NULL; SSL_CONF_CTX *cctx = NULL; - const SSL_METHOD *meth = SSLv23_server_method(); + const SSL_METHOD *meth = TLS_server_method(); SSL_EXCERT *exc = NULL; STACK_OF(OPENSSL_STRING) *ssl_args = NULL; STACK_OF(X509) *s_chain = NULL, *s_dchain = NULL; @@ -1006,7 +997,10 @@ int s_server_main(int argc, char *argv[]) char *CApath = NULL, *CAfile = NULL, *chCApath = NULL, *chCAfile = NULL; char *dhfile = NULL, *dpassarg = NULL, *dpass = NULL, *inrand = NULL; char *passarg = NULL, *pass = NULL, *vfyCApath = NULL, *vfyCAfile = NULL; - char *crl_file = NULL, *prog, *p; + char *crl_file = NULL, *prog; +#ifndef OPENSSL_NO_PSK + char *p; +#endif const char *unix_path = NULL; #ifndef NO_SYS_UN_H int unlink_unix_path = 0; @@ -1055,6 +1049,18 @@ int s_server_main(int argc, char *argv[]) prog = opt_init(argc, argv, s_server_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { +#ifdef OPENSSL_NO_PSK + case OPT_PSK_HINT: + case OPT_PSK: +#endif +#ifdef OPENSSL_NO_DTLS1 + case OPT_DTLS: + case OPT_DTLS1: + case OPT_DTLS1_2: + case OPT_TIMEOUT: + case OPT_MTU: + case OPT_CHAIN: +#endif case OPT_EOF: case OPT_ERR: opthelp: @@ -1326,6 +1332,10 @@ int s_server_main(int argc, char *argv[]) srpuserseed = opt_arg(); meth = TLSv1_server_method(); break; +#else + case OPT_SRPVFILE: + case OPT_SRPUSERSEED: + break; #endif case OPT_REV: rev = 1; @@ -1341,29 +1351,29 @@ int s_server_main(int argc, char *argv[]) break; #ifndef OPENSSL_NO_SSL3 case OPT_SSL3: - meth = SSLv3_client_method(); + meth = SSLv3_server_method(); break; #endif case OPT_TLS1_2: - meth = TLSv1_2_client_method(); + meth = TLSv1_2_server_method(); break; case OPT_TLS1_1: - meth = TLSv1_1_client_method(); + meth = TLSv1_1_server_method(); break; case OPT_TLS1: - meth = TLSv1_client_method(); + meth = TLSv1_server_method(); break; #ifndef OPENSSL_NO_DTLS1 case OPT_DTLS: - meth = DTLS_client_method(); + meth = DTLS_server_method(); socket_type = SOCK_DGRAM; break; case OPT_DTLS1: - meth = DTLSv1_client_method(); + meth = DTLSv1_server_method(); socket_type = SOCK_DGRAM; break; case OPT_DTLS1_2: - meth = DTLSv1_2_client_method(); + meth = DTLSv1_2_server_method(); socket_type = SOCK_DGRAM; break; case OPT_TIMEOUT: @@ -1415,12 +1425,6 @@ int s_server_main(int argc, char *argv[]) case OPT_JPAKE: goto opthelp; #endif - case OPT_KRB5SVC: - krb5svc = opt_arg(); - break; - case OPT_KRBTAB: - krb5tab = opt_arg(); - break; case OPT_SRTP_PROFILES: srtp_profiles = opt_arg(); break; @@ -1929,38 +1933,26 @@ int s_server_main(int argc, char *argv[]) EVP_PKEY_free(s_dkey); sk_X509_pop_free(s_chain, X509_free); sk_X509_pop_free(s_dchain, X509_free); - if (pass) - OPENSSL_free(pass); - if (dpass) - OPENSSL_free(dpass); + OPENSSL_free(pass); + OPENSSL_free(dpass); X509_VERIFY_PARAM_free(vpm); free_sessions(); #ifndef OPENSSL_NO_TLSEXT - if (tlscstatp.host) - OPENSSL_free(tlscstatp.host); - if (tlscstatp.port) - OPENSSL_free(tlscstatp.port); - if (tlscstatp.path) - OPENSSL_free(tlscstatp.path); - if (ctx2 != NULL) + OPENSSL_free(tlscstatp.host); + OPENSSL_free(tlscstatp.port); + OPENSSL_free(tlscstatp.path); SSL_CTX_free(ctx2); X509_free(s_cert2); EVP_PKEY_free(s_key2); BIO_free(serverinfo_in); # ifndef OPENSSL_NO_NEXTPROTONEG - if (next_proto.data) - OPENSSL_free(next_proto.data); + OPENSSL_free(next_proto.data); # endif - if (alpn_ctx.data) - OPENSSL_free(alpn_ctx.data); + OPENSSL_free(alpn_ctx.data); #endif ssl_excert_free(exc); sk_OPENSSL_STRING_free(ssl_args); SSL_CONF_CTX_free(cctx); -#ifndef OPENSSL_NO_JPAKE - if (jpake_secret && psk_key) - OPENSSL_free(psk_key); -#endif BIO_free(bio_s_out); bio_s_out = NULL; BIO_free(bio_s_msg); @@ -2005,9 +1997,6 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context) unsigned long l; SSL *con = NULL; BIO *sbio; -#ifndef OPENSSL_NO_KRB5 - KSSL_CTX *kctx; -#endif struct timeval timeout; #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) struct timeval tv; @@ -2039,15 +2028,6 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context) SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp); } #endif -#ifndef OPENSSL_NO_KRB5 - if ((kctx = kssl_ctx_new()) != NULL) { - SSL_set0_kssl_ctx(con, kctx); - kssl_ctx_setstring(kctx, KSSL_SERVICE, - krb5svc ? krb5svc : KRB5SVC); - if (krb5tab) - kssl_ctx_setstring(kctx, KSSL_KEYTAB, krb5tab); - } -#endif /* OPENSSL_NO_KRB5 */ if (context && !SSL_set_session_id_context(con, context, strlen((char *)context))) { @@ -2325,8 +2305,10 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context) ret = 1; goto err; } - l += k; - i -= k; + if (k > 0) { + l += k; + i -= k; + } if (i <= 0) break; } @@ -2395,10 +2377,7 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context) SSL_free(con); } BIO_printf(bio_s_out, "CONNECTION CLOSED\n"); - if (buf != NULL) { - OPENSSL_cleanse(buf, bufsize); - OPENSSL_free(buf); - } + OPENSSL_clear_free(buf, bufsize); if (ret >= 0) BIO_printf(bio_s_out, "ACCEPT\n"); (void)BIO_flush(bio_s_out); @@ -2420,9 +2399,6 @@ static int init_ssl_connection(SSL *con) X509 *peer; long verify_error; char buf[BUFSIZ]; -#ifndef OPENSSL_NO_KRB5 - char *client_princ; -#endif #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) const unsigned char *next_proto_neg; unsigned next_proto_neg_len; @@ -2523,13 +2499,6 @@ static int init_ssl_connection(SSL *con) if (SSL_ctrl(con, SSL_CTRL_GET_FLAGS, 0, NULL) & TLS1_FLAGS_TLS_PADDING_BUG) BIO_printf(bio_s_out, "Peer has incorrect TLSv1 block padding\n"); -#ifndef OPENSSL_NO_KRB5 - client_princ = kssl_ctx_get0_client_princ(SSL_get0_kssl_ctx(con)); - if (client_princ != NULL) { - BIO_printf(bio_s_out, "Kerberos peer principal is %s\n", - client_princ); - } -#endif /* OPENSSL_NO_KRB5 */ BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); if (keymatexportlabel != NULL) { @@ -2578,9 +2547,6 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context) SSL *con; const SSL_CIPHER *c; BIO *io, *ssl_bio, *sbio; -#ifndef OPENSSL_NO_KRB5 - KSSL_CTX *kctx; -#endif #ifdef RENEG int total_bytes = 0; #endif @@ -2614,12 +2580,6 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context) SSL_set_tlsext_debug_arg(con, bio_s_out); } #endif -#ifndef OPENSSL_NO_KRB5 - if ((kctx = kssl_ctx_new()) != NULL) { - kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC); - kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB); - } -#endif /* OPENSSL_NO_KRB5 */ if (context && !SSL_set_session_id_context(con, context, strlen((char *)context))) goto err; @@ -2935,8 +2895,7 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context) err: if (ret >= 0) BIO_printf(bio_s_out, "ACCEPT\n"); - if (buf != NULL) - OPENSSL_free(buf); + OPENSSL_free(buf); BIO_free_all(io); return (ret); } @@ -2948,9 +2907,6 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context) int ret = 1; SSL *con; BIO *io, *ssl_bio, *sbio; -#ifndef OPENSSL_NO_KRB5 - KSSL_CTX *kctx; -#endif buf = app_malloc(bufsize, "server rev buffer"); io = BIO_new(BIO_f_buffer()); @@ -2970,12 +2926,6 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context) SSL_set_tlsext_debug_arg(con, bio_s_out); } #endif -#ifndef OPENSSL_NO_KRB5 - if ((kctx = kssl_ctx_new()) != NULL) { - kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC); - kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB); - } -#endif /* OPENSSL_NO_KRB5 */ if (context && !SSL_set_session_id_context(con, context, strlen((char *)context))) { ERR_print_errors(bio_err); @@ -3046,7 +2996,7 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context) p--; i--; } - if (!s_ign_eof && i == 5 && !strncmp(buf, "CLOSE", 5)) { + if (!s_ign_eof && (i == 5) && (strncmp(buf, "CLOSE", 5) == 0)) { ret = 1; BIO_printf(bio_err, "CONNECTION CLOSED\n"); goto end; @@ -3069,8 +3019,7 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context) err: - if (buf != NULL) - OPENSSL_free(buf); + OPENSSL_free(buf); BIO_free_all(io); return (ret); } @@ -3149,7 +3098,7 @@ static simple_ssl_session *first = NULL; static int add_session(SSL *ssl, SSL_SESSION *session) { - simple_ssl_session *sess = app_malloc(sizeof *sess, "get session"); + simple_ssl_session *sess = app_malloc(sizeof(*sess), "get session"); unsigned char *p; SSL_SESSION_get_id(session, &sess->idlen);