X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=apps%2Fs_server.c;h=9b5106d02fd5986d5942734e3557997fd9b25928;hp=bbe44f79a4732e87d3fb13a18f704d6af27ea469;hb=1fb6b0bf3e895c6b30f9c95a23284f93e4fa19b0;hpb=c2f9648d5dd78a856d01533281dae7ba5fa53d52 diff --git a/apps/s_server.c b/apps/s_server.c index bbe44f79a4..9b5106d02f 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -37,6 +37,7 @@ typedef unsigned int u_int; #include #include "apps.h" +#include "progs.h" #include #include #include @@ -207,14 +208,10 @@ static int psk_find_session_cb(SSL *ssl, const unsigned char *identity, return 0; } - if (key_len == EVP_MD_size(EVP_sha256())) - cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id); - else if (key_len == EVP_MD_size(EVP_sha384())) - cipher = SSL_CIPHER_find(ssl, tls13_aes256gcmsha384_id); - + /* We default to SHA256 */ + cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id); if (cipher == NULL) { - /* Doesn't look like a suitable TLSv1.3 key. Ignore it */ - OPENSSL_free(key); + BIO_printf(bio_err, "Error finding suitable ciphersuite\n"); return 0; } @@ -239,6 +236,7 @@ typedef struct srpsrvparm_st { SRP_VBASE *vb; SRP_user_pwd *user; } srpsrvparm; +static srpsrvparm srp_callback_parm; /* * This callback pretends to require some asynchronous logic in order to @@ -725,13 +723,6 @@ static int not_resumable_sess_cb(SSL *s, int is_forward_secure) return is_forward_secure; } -#ifndef OPENSSL_NO_SRP -static srpsrvparm srp_callback_parm; -#endif -#ifndef OPENSSL_NO_SRTP -static char *srtp_profiles = NULL; -#endif - typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ENGINE, OPT_4, OPT_6, OPT_ACCEPT, OPT_PORT, OPT_UNIX, OPT_UNLINK, OPT_NACCEPT, @@ -1027,6 +1018,7 @@ int s_server_main(int argc, char *argv[]) char *srpuserseed = NULL; char *srp_verifier_file = NULL; #endif + char *srtp_profiles = NULL; int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0; int s_server_verify = SSL_VERIFY_NONE; int s_server_session_id_context = 1; /* anything will do */ @@ -1532,9 +1524,7 @@ int s_server_main(int argc, char *argv[]) alpn_in = opt_arg(); break; case OPT_SRTP_PROFILES: -#ifndef OPENSSL_NO_SRTP srtp_profiles = opt_arg(); -#endif break; case OPT_KEYMATEXPORT: keymatexportlabel = opt_arg(); @@ -1569,6 +1559,8 @@ int s_server_main(int argc, char *argv[]) break; case OPT_EARLY_DATA: early_data = 1; + if (max_early_data == -1) + max_early_data = SSL3_RT_MAX_PLAIN_LENGTH; break; } } @@ -1756,6 +1748,10 @@ int s_server_main(int argc, char *argv[]) } if (sdebug) ssl_ctx_security_debug(ctx, sdebug); + + if (!config_ctx(cctx, ssl_args, ctx)) + goto end; + if (ssl_config) { if (SSL_CTX_config(ctx, ssl_config) == 0) { BIO_printf(bio_err, "Error using configuration \"%s\"\n", @@ -1764,9 +1760,11 @@ int s_server_main(int argc, char *argv[]) goto end; } } - if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0) + if (min_version != 0 + && SSL_CTX_set_min_proto_version(ctx, min_version) == 0) goto end; - if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0) + if (max_version != 0 + && SSL_CTX_set_max_proto_version(ctx, max_version) == 0) goto end; if (session_id_prefix) { @@ -1842,8 +1840,6 @@ int s_server_main(int argc, char *argv[]) } ssl_ctx_add_crls(ctx, crls, 0); - if (!config_ctx(cctx, ssl_args, ctx)) - goto end; if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile, crls, crl_download)) { @@ -2039,6 +2035,10 @@ int s_server_main(int argc, char *argv[]) SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback); SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback); + /* Set TLS1.3 cookie generation and verification callbacks */ + SSL_CTX_set_stateless_cookie_generate_cb(ctx, generate_stateless_cookie_callback); + SSL_CTX_set_stateless_cookie_verify_cb(ctx, verify_stateless_cookie_callback); + if (ctx2 != NULL) { SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback); if (!SSL_CTX_set_session_id_context(ctx2, @@ -2479,9 +2479,6 @@ static int sv_body(int s, int stype, int prot, unsigned char *context) printf("SSL_do_handshake -> %d\n", i); i = 0; /* 13; */ continue; - /* - * strcpy(buf,"server side RE-NEGOTIATE\n"); - */ } if ((buf[0] == 'R') && ((buf[1] == '\n') || (buf[1] == '\r'))) { SSL_set_verify(con, @@ -2492,10 +2489,6 @@ static int sv_body(int s, int stype, int prot, unsigned char *context) printf("SSL_do_handshake -> %d\n", i); i = 0; /* 13; */ continue; - /* - * strcpy(buf,"server side RE-NEGOTIATE asking for client - * cert\n"); - */ } if ((buf[0] == 'K' || buf[0] == 'k') && ((buf[1] == '\n') || (buf[1] == '\r'))) { @@ -2506,10 +2499,19 @@ static int sv_body(int s, int stype, int prot, unsigned char *context) printf("SSL_do_handshake -> %d\n", i); i = 0; continue; - /* - * strcpy(buf,"server side RE-NEGOTIATE asking for client - * cert\n"); - */ + } + if (buf[0] == 'c' && ((buf[1] == '\n') || (buf[1] == '\r'))) { + SSL_set_verify(con, SSL_VERIFY_PEER, NULL); + i = SSL_verify_client_post_handshake(con); + if (i == 0) { + printf("Failed to initiate request\n"); + ERR_print_errors(bio_err); + } else { + i = SSL_do_handshake(con); + printf("SSL_do_handshake -> %d\n", i); + i = 0; + } + continue; } if (buf[0] == 'P') { static const char *str = "Lets print some clear text\n";