summaryrefslogtreecommitdiff
path: root/src/lib/libssl/src/apps/s_server.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/src/apps/s_server.c')
-rw-r--r--src/lib/libssl/src/apps/s_server.c103
1 files changed, 1 insertions, 102 deletions
diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c
index 45c4f5fa9c..802150a29a 100644
--- a/src/lib/libssl/src/apps/s_server.c
+++ b/src/lib/libssl/src/apps/s_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s_server.c,v 1.57 2014/07/10 08:59:15 bcook Exp $ */ 1/* $OpenBSD: s_server.c,v 1.58 2014/07/11 09:24:44 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -280,68 +280,6 @@ static int cert_chain = 0;
280#endif 280#endif
281 281
282 282
283#ifndef OPENSSL_NO_PSK
284static char *psk_identity = "Client_identity";
285char *psk_key = NULL; /* by default PSK is not used */
286
287static unsigned int
288psk_server_cb(SSL * ssl, const char *identity,
289 unsigned char *psk, unsigned int max_psk_len)
290{
291 unsigned int psk_len = 0;
292 int ret;
293 BIGNUM *bn = NULL;
294
295 if (s_debug)
296 BIO_printf(bio_s_out, "psk_server_cb\n");
297 if (!identity) {
298 BIO_printf(bio_err, "Error: client did not send PSK identity\n");
299 goto out_err;
300 }
301 if (s_debug)
302 BIO_printf(bio_s_out, "identity_len=%d identity=%s\n",
303 identity ? (int) strlen(identity) : 0, identity);
304
305 /* here we could lookup the given identity e.g. from a database */
306 if (strcmp(identity, psk_identity) != 0) {
307 BIO_printf(bio_s_out, "PSK error: client identity not found"
308 " (got '%s' expected '%s')\n", identity,
309 psk_identity);
310 goto out_err;
311 }
312 if (s_debug)
313 BIO_printf(bio_s_out, "PSK client identity found\n");
314
315 /* convert the PSK key to binary */
316 ret = BN_hex2bn(&bn, psk_key);
317 if (!ret) {
318 BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n", psk_key);
319 if (bn)
320 BN_free(bn);
321 return 0;
322 }
323 if (BN_num_bytes(bn) > (int) max_psk_len) {
324 BIO_printf(bio_err, "psk buffer of callback is too small (%d) for key (%d)\n",
325 max_psk_len, BN_num_bytes(bn));
326 BN_free(bn);
327 return 0;
328 }
329 ret = BN_bn2bin(bn, psk);
330 BN_free(bn);
331
332 if (ret < 0)
333 goto out_err;
334 psk_len = (unsigned int) ret;
335
336 if (s_debug)
337 BIO_printf(bio_s_out, "fetched PSK len=%d\n", psk_len);
338 return psk_len;
339out_err:
340 if (s_debug)
341 BIO_printf(bio_err, "Error in PSK server callback\n");
342 return 0;
343}
344#endif
345 283
346 284
347static void 285static void
@@ -418,10 +356,6 @@ sv_usage(void)
418 BIO_printf(bio_err, " -serverpref - Use server's cipher preferences\n"); 356 BIO_printf(bio_err, " -serverpref - Use server's cipher preferences\n");
419 BIO_printf(bio_err, " -quiet - Inhibit printing of session and certificate information\n"); 357 BIO_printf(bio_err, " -quiet - Inhibit printing of session and certificate information\n");
420 BIO_printf(bio_err, " -no_tmp_rsa - Do not generate a tmp RSA key\n"); 358 BIO_printf(bio_err, " -no_tmp_rsa - Do not generate a tmp RSA key\n");
421#ifndef OPENSSL_NO_PSK
422 BIO_printf(bio_err, " -psk_hint arg - PSK identity hint to use\n");
423 BIO_printf(bio_err, " -psk arg - PSK in hex (without 0x)\n");
424#endif
425 BIO_printf(bio_err, " -ssl3 - Just talk SSLv3\n"); 359 BIO_printf(bio_err, " -ssl3 - Just talk SSLv3\n");
426 BIO_printf(bio_err, " -tls1_2 - Just talk TLSv1.2\n"); 360 BIO_printf(bio_err, " -tls1_2 - Just talk TLSv1.2\n");
427 BIO_printf(bio_err, " -tls1_1 - Just talk TLSv1.1\n"); 361 BIO_printf(bio_err, " -tls1_1 - Just talk TLSv1.1\n");
@@ -699,10 +633,6 @@ s_server_main(int argc, char *argv[])
699 tlsextnextprotoctx next_proto; 633 tlsextnextprotoctx next_proto;
700#endif 634#endif
701#endif 635#endif
702#ifndef OPENSSL_NO_PSK
703 /* by default do not send a PSK identity hint */
704 static char *psk_identity_hint = NULL;
705#endif
706 meth = SSLv23_server_method(); 636 meth = SSLv23_server_method();
707 637
708 local_argc = argc; 638 local_argc = argc;
@@ -882,25 +812,6 @@ s_server_main(int argc, char *argv[])
882 } else if (strcmp(*argv, "-no_ecdhe") == 0) { 812 } else if (strcmp(*argv, "-no_ecdhe") == 0) {
883 no_ecdhe = 1; 813 no_ecdhe = 1;
884 } 814 }
885#ifndef OPENSSL_NO_PSK
886 else if (strcmp(*argv, "-psk_hint") == 0) {
887 if (--argc < 1)
888 goto bad;
889 psk_identity_hint = *(++argv);
890 } else if (strcmp(*argv, "-psk") == 0) {
891 size_t i;
892
893 if (--argc < 1)
894 goto bad;
895 psk_key = *(++argv);
896 for (i = 0; i < strlen(psk_key); i++) {
897 if (isxdigit((unsigned char) psk_key[i]))
898 continue;
899 BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
900 goto bad;
901 }
902 }
903#endif
904 else if (strcmp(*argv, "-www") == 0) { 815 else if (strcmp(*argv, "-www") == 0) {
905 www = 1; 816 www = 1;
906 } else if (strcmp(*argv, "-WWW") == 0) { 817 } else if (strcmp(*argv, "-WWW") == 0) {
@@ -1328,18 +1239,6 @@ bad:
1328#endif 1239#endif
1329 } 1240 }
1330 1241
1331#ifndef OPENSSL_NO_PSK
1332 if (psk_key != NULL) {
1333 if (s_debug)
1334 BIO_printf(bio_s_out, "PSK key given, setting server callback\n");
1335 SSL_CTX_set_psk_server_callback(ctx, psk_server_cb);
1336 }
1337 if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) {
1338 BIO_printf(bio_err, "error setting PSK identity hint to context\n");
1339 ERR_print_errors(bio_err);
1340 goto end;
1341 }
1342#endif
1343 1242
1344 if (cipher != NULL) { 1243 if (cipher != NULL) {
1345 if (!SSL_CTX_set_cipher_list(ctx, cipher)) { 1244 if (!SSL_CTX_set_cipher_list(ctx, cipher)) {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-07 22:18:06 +0000