diff options
| author | jsing <> | 2021-03-17 18:08:32 +0000 |
|---|---|---|
| committer | jsing <> | 2021-03-17 18:08:32 +0000 |
| commit | 33e40798fafaeb74fde2f89747b63bfd5dc04557 (patch) | |
| tree | 4009074b3e330a781c67b90419e631a63ddf8425 /src/usr.bin/openssl/s_server.c | |
| parent | cddcd5cde94ff4ca3671b74a73798712062403a9 (diff) | |
| download | openbsd-33e40798fafaeb74fde2f89747b63bfd5dc04557.tar.gz openbsd-33e40798fafaeb74fde2f89747b63bfd5dc04557.tar.bz2 openbsd-33e40798fafaeb74fde2f89747b63bfd5dc04557.zip | |
Add DTLSv1.2 support to openssl(1) s_client/s_server.
ok inoguchi@ tb@
Diffstat (limited to 'src/usr.bin/openssl/s_server.c')
| -rw-r--r-- | src/usr.bin/openssl/s_server.c | 74 |
1 files changed, 57 insertions, 17 deletions
diff --git a/src/usr.bin/openssl/s_server.c b/src/usr.bin/openssl/s_server.c index 4d4bed60ac..6009b584bf 100644 --- a/src/usr.bin/openssl/s_server.c +++ b/src/usr.bin/openssl/s_server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s_server.c,v 1.44 2020/10/02 15:43:48 tb Exp $ */ | 1 | /* $OpenBSD: s_server.c,v 1.45 2021/03/17 18:08:32 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -239,7 +239,7 @@ static struct { | |||
| 239 | int bugs; | 239 | int bugs; |
| 240 | char *CAfile; | 240 | char *CAfile; |
| 241 | char *CApath; | 241 | char *CApath; |
| 242 | #ifndef OPENSSL_NO_DTLS1 | 242 | #ifndef OPENSSL_NO_DTLS |
| 243 | int cert_chain; | 243 | int cert_chain; |
| 244 | #endif | 244 | #endif |
| 245 | char *cert_file; | 245 | char *cert_file; |
| @@ -315,7 +315,7 @@ s_server_opt_keymatexportlen(char *arg) | |||
| 315 | return (0); | 315 | return (0); |
| 316 | } | 316 | } |
| 317 | 317 | ||
| 318 | #ifndef OPENSSL_NO_DTLS1 | 318 | #ifndef OPENSSL_NO_DTLS |
| 319 | static int | 319 | static int |
| 320 | s_server_opt_mtu(char *arg) | 320 | s_server_opt_mtu(char *arg) |
| 321 | { | 321 | { |
| @@ -328,9 +328,11 @@ s_server_opt_mtu(char *arg) | |||
| 328 | } | 328 | } |
| 329 | return (0); | 329 | return (0); |
| 330 | } | 330 | } |
| 331 | #endif | ||
| 331 | 332 | ||
| 333 | #ifndef OPENSSL_NO_DTLS | ||
| 332 | static int | 334 | static int |
| 333 | s_server_protocol_version_dtls1(void) | 335 | s_server_opt_protocol_version_dtls(void) |
| 334 | { | 336 | { |
| 335 | s_server_config.meth = DTLS_server_method(); | 337 | s_server_config.meth = DTLS_server_method(); |
| 336 | s_server_config.socket_type = SOCK_DGRAM; | 338 | s_server_config.socket_type = SOCK_DGRAM; |
| @@ -338,6 +340,30 @@ s_server_protocol_version_dtls1(void) | |||
| 338 | } | 340 | } |
| 339 | #endif | 341 | #endif |
| 340 | 342 | ||
| 343 | #ifndef OPENSSL_NO_DTLS1 | ||
| 344 | static int | ||
| 345 | s_server_opt_protocol_version_dtls1(void) | ||
| 346 | { | ||
| 347 | s_server_config.meth = DTLS_server_method(); | ||
| 348 | s_server_config.min_version = DTLS1_VERSION; | ||
| 349 | s_server_config.max_version = DTLS1_VERSION; | ||
| 350 | s_server_config.socket_type = SOCK_DGRAM; | ||
| 351 | return (0); | ||
| 352 | } | ||
| 353 | #endif | ||
| 354 | |||
| 355 | #ifndef OPENSSL_NO_DTLS1_2 | ||
| 356 | static int | ||
| 357 | s_server_opt_protocol_version_dtls1_2(void) | ||
| 358 | { | ||
| 359 | s_server_config.meth = DTLS_server_method(); | ||
| 360 | s_server_config.min_version = DTLS1_2_VERSION; | ||
| 361 | s_server_config.max_version = DTLS1_2_VERSION; | ||
| 362 | s_server_config.socket_type = SOCK_DGRAM; | ||
| 363 | return (0); | ||
| 364 | } | ||
| 365 | #endif | ||
| 366 | |||
| 341 | static int | 367 | static int |
| 342 | s_server_protocol_version_tls1(void) | 368 | s_server_protocol_version_tls1(void) |
| 343 | { | 369 | { |
| @@ -538,7 +564,7 @@ static const struct option s_server_options[] = { | |||
| 538 | .type = OPTION_ARG_FORMAT, | 564 | .type = OPTION_ARG_FORMAT, |
| 539 | .opt.value = &s_server_config.cert_format, | 565 | .opt.value = &s_server_config.cert_format, |
| 540 | }, | 566 | }, |
| 541 | #ifndef OPENSSL_NO_DTLS1 | 567 | #ifndef OPENSSL_NO_DTLS |
| 542 | { | 568 | { |
| 543 | .name = "chain", | 569 | .name = "chain", |
| 544 | .type = OPTION_FLAG, | 570 | .type = OPTION_FLAG, |
| @@ -613,12 +639,28 @@ static const struct option s_server_options[] = { | |||
| 613 | .type = OPTION_ARG, | 639 | .type = OPTION_ARG, |
| 614 | .opt.arg = &s_server_config.dpassarg, | 640 | .opt.arg = &s_server_config.dpassarg, |
| 615 | }, | 641 | }, |
| 642 | #ifndef OPENSSL_NO_DTLS | ||
| 643 | { | ||
| 644 | .name = "dtls", | ||
| 645 | .desc = "Use any version of DTLS", | ||
| 646 | .type = OPTION_FUNC, | ||
| 647 | .opt.func = s_server_opt_protocol_version_dtls, | ||
| 648 | }, | ||
| 649 | #endif | ||
| 616 | #ifndef OPENSSL_NO_DTLS1 | 650 | #ifndef OPENSSL_NO_DTLS1 |
| 617 | { | 651 | { |
| 618 | .name = "dtls1", | 652 | .name = "dtls1", |
| 619 | .desc = "Just talk DTLSv1", | 653 | .desc = "Just use DTLSv1", |
| 620 | .type = OPTION_FUNC, | 654 | .type = OPTION_FUNC, |
| 621 | .opt.func = s_server_protocol_version_dtls1, | 655 | .opt.func = s_server_opt_protocol_version_dtls1, |
| 656 | }, | ||
| 657 | #endif | ||
| 658 | #ifndef OPENSSL_NO_DTLS1_2 | ||
| 659 | { | ||
| 660 | .name = "dtls1_2", | ||
| 661 | .desc = "Just use DTLSv1.2", | ||
| 662 | .type = OPTION_FUNC, | ||
| 663 | .opt.func = s_server_opt_protocol_version_dtls1_2, | ||
| 622 | }, | 664 | }, |
| 623 | #endif | 665 | #endif |
| 624 | { | 666 | { |
| @@ -689,7 +731,7 @@ static const struct option s_server_options[] = { | |||
| 689 | .type = OPTION_FLAG, | 731 | .type = OPTION_FLAG, |
| 690 | .opt.flag = &s_server_config.msg, | 732 | .opt.flag = &s_server_config.msg, |
| 691 | }, | 733 | }, |
| 692 | #ifndef OPENSSL_NO_DTLS1 | 734 | #ifndef OPENSSL_NO_DTLS |
| 693 | { | 735 | { |
| 694 | .name = "mtu", | 736 | .name = "mtu", |
| 695 | .argname = "mtu", | 737 | .argname = "mtu", |
| @@ -876,7 +918,7 @@ static const struct option s_server_options[] = { | |||
| 876 | .type = OPTION_FUNC, | 918 | .type = OPTION_FUNC, |
| 877 | .opt.func = s_server_opt_status_verbose, | 919 | .opt.func = s_server_opt_status_verbose, |
| 878 | }, | 920 | }, |
| 879 | #ifndef OPENSSL_NO_DTLS1 | 921 | #ifndef OPENSSL_NO_DTLS |
| 880 | { | 922 | { |
| 881 | .name = "timeout", | 923 | .name = "timeout", |
| 882 | .desc = "Enable timeouts", | 924 | .desc = "Enable timeouts", |
| @@ -1000,7 +1042,7 @@ sv_usage(void) | |||
| 1000 | " [-context id] [-crl_check] [-crl_check_all] [-crlf]\n" | 1042 | " [-context id] [-crl_check] [-crl_check_all] [-crlf]\n" |
| 1001 | " [-dcert file] [-dcertform der | pem] [-debug]\n" | 1043 | " [-dcert file] [-dcertform der | pem] [-debug]\n" |
| 1002 | " [-dhparam file] [-dkey file] [-dkeyform der | pem]\n" | 1044 | " [-dhparam file] [-dkey file] [-dkeyform der | pem]\n" |
| 1003 | " [-dpass arg] [-dtls1] [-groups list] [-HTTP]\n" | 1045 | " [-dpass arg] [-dtls] [-dtls1] [-dtls1_2] [-groups list] [-HTTP]\n" |
| 1004 | " [-id_prefix arg] [-key keyfile] [-key2 keyfile]\n" | 1046 | " [-id_prefix arg] [-key keyfile] [-key2 keyfile]\n" |
| 1005 | " [-keyform der | pem] [-keymatexport label]\n" | 1047 | " [-keyform der | pem] [-keymatexport label]\n" |
| 1006 | " [-keymatexportlen len] [-msg] [-mtu mtu]\n" | 1048 | " [-keymatexportlen len] [-msg] [-mtu mtu]\n" |
| @@ -1535,8 +1577,7 @@ sv_body(char *hostname, int s, unsigned char *context) | |||
| 1535 | } | 1577 | } |
| 1536 | SSL_clear(con); | 1578 | SSL_clear(con); |
| 1537 | 1579 | ||
| 1538 | if (SSL_version(con) == DTLS1_VERSION) { | 1580 | if (SSL_is_dtls(con)) { |
| 1539 | |||
| 1540 | sbio = BIO_new_dgram(s, BIO_NOCLOSE); | 1581 | sbio = BIO_new_dgram(s, BIO_NOCLOSE); |
| 1541 | 1582 | ||
| 1542 | if (s_server_config.enable_timeouts) { | 1583 | if (s_server_config.enable_timeouts) { |
| @@ -1602,7 +1643,7 @@ sv_body(char *hostname, int s, unsigned char *context) | |||
| 1602 | pfd[1].fd = s; | 1643 | pfd[1].fd = s; |
| 1603 | pfd[1].events = POLLIN; | 1644 | pfd[1].events = POLLIN; |
| 1604 | 1645 | ||
| 1605 | if ((SSL_version(con) == DTLS1_VERSION) && | 1646 | if (SSL_is_dtls(con) && |
| 1606 | DTLSv1_get_timeout(con, &timeout)) | 1647 | DTLSv1_get_timeout(con, &timeout)) |
| 1607 | ptimeout = timeout.tv_sec * 1000 + | 1648 | ptimeout = timeout.tv_sec * 1000 + |
| 1608 | timeout.tv_usec / 1000; | 1649 | timeout.tv_usec / 1000; |
| @@ -1611,10 +1652,9 @@ sv_body(char *hostname, int s, unsigned char *context) | |||
| 1611 | 1652 | ||
| 1612 | i = poll(pfd, 2, ptimeout); | 1653 | i = poll(pfd, 2, ptimeout); |
| 1613 | 1654 | ||
| 1614 | if ((SSL_version(con) == DTLS1_VERSION) && | 1655 | if (SSL_is_dtls(con) && |
| 1615 | DTLSv1_handle_timeout(con) > 0) { | 1656 | DTLSv1_handle_timeout(con) > 0) |
| 1616 | BIO_printf(bio_err, "TIMEOUT occured\n"); | 1657 | BIO_printf(bio_err, "TIMEOUT occured\n"); |
| 1617 | } | ||
| 1618 | if (i <= 0) | 1658 | if (i <= 0) |
| 1619 | continue; | 1659 | continue; |
| 1620 | if (pfd[0].revents) { | 1660 | if (pfd[0].revents) { |
| @@ -1660,7 +1700,7 @@ sv_body(char *hostname, int s, unsigned char *context) | |||
| 1660 | } | 1700 | } |
| 1661 | if ((i <= 0) || (buf[0] == 'q')) { | 1701 | if ((i <= 0) || (buf[0] == 'q')) { |
| 1662 | BIO_printf(bio_s_out, "DONE\n"); | 1702 | BIO_printf(bio_s_out, "DONE\n"); |
| 1663 | if (SSL_version(con) != DTLS1_VERSION) { | 1703 | if (!SSL_is_dtls(con)) { |
| 1664 | shutdown(s, SHUT_RD); | 1704 | shutdown(s, SHUT_RD); |
| 1665 | close(s); | 1705 | close(s); |
| 1666 | } | 1706 | } |