summaryrefslogtreecommitdiff
path: root/src/lib/libssl/src/apps/s_server.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/src/apps/s_server.c')
-rw-r--r--src/lib/libssl/src/apps/s_server.c441
1 files changed, 340 insertions, 101 deletions
diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c
index 5012ef254d..9a81418cda 100644
--- a/src/lib/libssl/src/apps/s_server.c
+++ b/src/lib/libssl/src/apps/s_server.c
@@ -56,6 +56,9 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#ifdef APPS_CRLF
60# include <assert.h>
61#endif
59#include <stdio.h> 62#include <stdio.h>
60#include <stdlib.h> 63#include <stdlib.h>
61#include <string.h> 64#include <string.h>
@@ -64,20 +67,40 @@
64#ifdef NO_STDIO 67#ifdef NO_STDIO
65#define APPS_WIN16 68#define APPS_WIN16
66#endif 69#endif
67#include "lhash.h" 70
68#include "bn.h" 71/* With IPv6, it looks like Digital has mixed up the proper order of
72 recursive header file inclusion, resulting in the compiler complaining
73 that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
74 is needed to have fileno() declared correctly... So let's define u_int */
75#if defined(VMS) && defined(__DECC) && !defined(__U_INT)
76#define __U_INT
77typedef unsigned int u_int;
78#endif
79
80#include <openssl/lhash.h>
81#include <openssl/bn.h>
69#define USE_SOCKETS 82#define USE_SOCKETS
70#include "apps.h" 83#include "apps.h"
71#include "err.h" 84#include <openssl/err.h>
72#include "pem.h" 85#include <openssl/pem.h>
73#include "x509.h" 86#include <openssl/x509.h>
74#include "ssl.h" 87#include <openssl/ssl.h>
75#include "s_apps.h" 88#include "s_apps.h"
76 89
77#ifndef NOPROTO 90#if (defined(VMS) && __VMS_VER < 70000000)
78static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export); 91/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
79static int sv_body(char *hostname, int s); 92#undef FIONBIO
80static int www_body(char *hostname, int s); 93#endif
94
95#if defined(NO_RSA) && !defined(NO_SSL2)
96#define NO_SSL2
97#endif
98
99#ifndef NO_RSA
100static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
101#endif
102static int sv_body(char *hostname, int s, unsigned char *context);
103static int www_body(char *hostname, int s, unsigned char *context);
81static void close_accept_socket(void ); 104static void close_accept_socket(void );
82static void sv_usage(void); 105static void sv_usage(void);
83static int init_ssl_connection(SSL *s); 106static int init_ssl_connection(SSL *s);
@@ -87,24 +110,13 @@ static DH *load_dh_param(void );
87static DH *get_dh512(void); 110static DH *get_dh512(void);
88#endif 111#endif
89/* static void s_server_init(void);*/ 112/* static void s_server_init(void);*/
90#else
91static RSA MS_CALLBACK *tmp_rsa_cb();
92static int sv_body();
93static int www_body();
94static void close_accept_socket();
95static void sv_usage();
96static int init_ssl_connection();
97static void print_stats();
98#ifndef NO_DH
99static DH *load_dh_param();
100static DH *get_dh512();
101#endif
102/* static void s_server_init(); */
103#endif
104
105 113
106#ifndef S_ISDIR 114#ifndef S_ISDIR
107#define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR) 115# if defined(_S_IFMT) && defined(_S_IFDIR)
116# define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR)
117# else
118# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
119# endif
108#endif 120#endif
109 121
110#ifndef NO_DH 122#ifndef NO_DH
@@ -120,7 +132,7 @@ static unsigned char dh512_g[]={
120 0x02, 132 0x02,
121 }; 133 };
122 134
123static DH *get_dh512() 135static DH *get_dh512(void)
124 { 136 {
125 DH *dh=NULL; 137 DH *dh=NULL;
126 138
@@ -136,7 +148,8 @@ static DH *get_dh512()
136/* static int load_CA(SSL_CTX *ctx, char *file);*/ 148/* static int load_CA(SSL_CTX *ctx, char *file);*/
137 149
138#undef BUFSIZZ 150#undef BUFSIZZ
139#define BUFSIZZ 8*1024 151#define BUFSIZZ 16*1024
152static int bufsize=32;
140static int accept_socket= -1; 153static int accept_socket= -1;
141 154
142#define TEST_CERT "server.pem" 155#define TEST_CERT "server.pem"
@@ -149,12 +162,16 @@ extern int verify_depth;
149 162
150static char *cipher=NULL; 163static char *cipher=NULL;
151static int s_server_verify=SSL_VERIFY_NONE; 164static int s_server_verify=SSL_VERIFY_NONE;
165static int s_server_session_id_context = 1; /* anything will do */
152static char *s_cert_file=TEST_CERT,*s_key_file=NULL; 166static char *s_cert_file=TEST_CERT,*s_key_file=NULL;
153static char *s_dcert_file=NULL,*s_dkey_file=NULL; 167static char *s_dcert_file=NULL,*s_dkey_file=NULL;
154#ifdef FIONBIO 168#ifdef FIONBIO
155static int s_nbio=0; 169static int s_nbio=0;
156#endif 170#endif
157static int s_nbio_test=0; 171static int s_nbio_test=0;
172#ifdef APPS_CRLF /* won't be #ifdef'd in next release */
173int s_crlf=0;
174#endif
158static SSL_CTX *ctx=NULL; 175static SSL_CTX *ctx=NULL;
159static int www=0; 176static int www=0;
160 177
@@ -163,7 +180,7 @@ static int s_debug=0;
163static int s_quiet=0; 180static int s_quiet=0;
164 181
165#if 0 182#if 0
166static void s_server_init() 183static void s_server_init(void)
167 { 184 {
168 cipher=NULL; 185 cipher=NULL;
169 s_server_verify=SSL_VERIFY_NONE; 186 s_server_verify=SSL_VERIFY_NONE;
@@ -184,27 +201,33 @@ static void s_server_init()
184 } 201 }
185#endif 202#endif
186 203
187static void sv_usage() 204static void sv_usage(void)
188 { 205 {
189 BIO_printf(bio_err,"usage: s_server [args ...]\n"); 206 BIO_printf(bio_err,"usage: s_server [args ...]\n");
190 BIO_printf(bio_err,"\n"); 207 BIO_printf(bio_err,"\n");
191 BIO_printf(bio_err," -accept arg - port to accept on (default is %d\n",PORT); 208 BIO_printf(bio_err," -accept arg - port to accept on (default is %d)\n",PORT);
209 BIO_printf(bio_err," -context arg - set session ID context\n");
192 BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); 210 BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
193 BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); 211 BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n");
194 BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n"); 212 BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
195 BIO_printf(bio_err," (default is %s)\n",TEST_CERT); 213 BIO_printf(bio_err," (default is %s)\n",TEST_CERT);
196 BIO_printf(bio_err," -key arg - RSA file to use, PEM format assumed, in cert file if\n"); 214 BIO_printf(bio_err," -key arg - RSA file to use, PEM format assumed, in cert file if\n");
197 BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT); 215 BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT);
216 BIO_printf(bio_err," -dcert arg - second certificate file to use (usually for DSA)\n");
217 BIO_printf(bio_err," -dkey arg - second private key file to use (usually for DSA)\n");
198#ifdef FIONBIO 218#ifdef FIONBIO
199 BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); 219 BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");
200#endif 220#endif
201 BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio\n"); 221 BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio\n");
222#ifdef APPS_CRLF
223 BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n");
224#endif
202 BIO_printf(bio_err," -debug - Print more output\n"); 225 BIO_printf(bio_err," -debug - Print more output\n");
203 BIO_printf(bio_err," -state - Print the SSL states\n"); 226 BIO_printf(bio_err," -state - Print the SSL states\n");
204 BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); 227 BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
205 BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); 228 BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
206 BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n"); 229 BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n");
207 BIO_printf(bio_err," -cipher arg - play with 'ssleay ciphers' to see what goes here\n"); 230 BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n");
208 BIO_printf(bio_err," -quiet - No server output\n"); 231 BIO_printf(bio_err," -quiet - No server output\n");
209 BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n"); 232 BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n");
210 BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n"); 233 BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n");
@@ -213,25 +236,177 @@ static void sv_usage()
213 BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n"); 236 BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n");
214 BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n"); 237 BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n");
215 BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n"); 238 BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n");
239#ifndef NO_DH
240 BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n");
241#endif
216 BIO_printf(bio_err," -bugs - Turn on SSL bug compatability\n"); 242 BIO_printf(bio_err," -bugs - Turn on SSL bug compatability\n");
217 BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n"); 243 BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n");
218 BIO_printf(bio_err," -WWW - Returns requested page from to a 'GET <path> HTTP/1.0'\n"); 244 BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
219 } 245 }
220 246
221static int local_argc=0; 247static int local_argc=0;
222static char **local_argv; 248static char **local_argv;
223static int hack=0; 249static int hack=0;
224 250
225int MAIN(argc, argv) 251#ifdef CHARSET_EBCDIC
226int argc; 252static int ebcdic_new(BIO *bi);
227char *argv[]; 253static int ebcdic_free(BIO *a);
254static int ebcdic_read(BIO *b, char *out, int outl);
255static int ebcdic_write(BIO *b, char *in, int inl);
256static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr);
257static int ebcdic_gets(BIO *bp, char *buf, int size);
258static int ebcdic_puts(BIO *bp, char *str);
259
260#define BIO_TYPE_EBCDIC_FILTER (18|0x0200)
261static BIO_METHOD methods_ebcdic=
262 {
263 BIO_TYPE_EBCDIC_FILTER,
264 "EBCDIC/ASCII filter",
265 ebcdic_write,
266 ebcdic_read,
267 ebcdic_puts,
268 ebcdic_gets,
269 ebcdic_ctrl,
270 ebcdic_new,
271 ebcdic_free,
272 };
273
274typedef struct
275{
276 size_t alloced;
277 char buff[1];
278} EBCDIC_OUTBUFF;
279
280BIO_METHOD *BIO_f_ebcdic_filter()
281{
282 return(&methods_ebcdic);
283}
284
285static int ebcdic_new(BIO *bi)
286{
287 EBCDIC_OUTBUFF *wbuf;
288
289 wbuf = (EBCDIC_OUTBUFF *)Malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
290 wbuf->alloced = 1024;
291 wbuf->buff[0] = '\0';
292
293 bi->ptr=(char *)wbuf;
294 bi->init=1;
295 bi->flags=0;
296 return(1);
297}
298
299static int ebcdic_free(BIO *a)
300{
301 if (a == NULL) return(0);
302 if (a->ptr != NULL)
303 Free(a->ptr);
304 a->ptr=NULL;
305 a->init=0;
306 a->flags=0;
307 return(1);
308}
309
310static int ebcdic_read(BIO *b, char *out, int outl)
311{
312 int ret=0;
313
314 if (out == NULL || outl == 0) return(0);
315 if (b->next_bio == NULL) return(0);
316
317 ret=BIO_read(b->next_bio,out,outl);
318 if (ret > 0)
319 ascii2ebcdic(out,out,ret);
320 return(ret);
321}
322
323static int ebcdic_write(BIO *b, char *in, int inl)
324{
325 EBCDIC_OUTBUFF *wbuf;
326 int ret=0;
327 int num;
328 unsigned char n;
329
330 if ((in == NULL) || (inl <= 0)) return(0);
331 if (b->next_bio == NULL) return(0);
332
333 wbuf=(EBCDIC_OUTBUFF *)b->ptr;
334
335 if (inl > (num = wbuf->alloced))
336 {
337 num = num + num; /* double the size */
338 if (num < inl)
339 num = inl;
340 Free((char*)wbuf);
341 wbuf=(EBCDIC_OUTBUFF *)Malloc(sizeof(EBCDIC_OUTBUFF) + num);
342
343 wbuf->alloced = num;
344 wbuf->buff[0] = '\0';
345
346 b->ptr=(char *)wbuf;
347 }
348
349 ebcdic2ascii(wbuf->buff, in, inl);
350
351 ret=BIO_write(b->next_bio, wbuf->buff, inl);
352
353 return(ret);
354}
355
356static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr)
357{
358 long ret;
359
360 if (b->next_bio == NULL) return(0);
361 switch (cmd)
362 {
363 case BIO_CTRL_DUP:
364 ret=0L;
365 break;
366 default:
367 ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
368 break;
369 }
370 return(ret);
371}
372
373static int ebcdic_gets(BIO *bp, char *buf, int size)
374{
375 int i, ret;
376 if (bp->next_bio == NULL) return(0);
377/* return(BIO_gets(bp->next_bio,buf,size));*/
378 for (i=0; i<size-1; ++i)
379 {
380 ret = ebcdic_read(bp,&buf[i],1);
381 if (ret <= 0)
382 break;
383 else if (buf[i] == '\n')
384 {
385 ++i;
386 break;
387 }
388 }
389 if (i < size)
390 buf[i] = '\0';
391 return (ret < 0 && i == 0) ? ret : i;
392}
393
394static int ebcdic_puts(BIO *bp, char *str)
395{
396 if (bp->next_bio == NULL) return(0);
397 return ebcdic_write(bp, str, strlen(str));
398}
399#endif
400
401int MAIN(int argc, char *argv[])
228 { 402 {
229 short port=PORT; 403 short port=PORT;
230 char *CApath=NULL,*CAfile=NULL; 404 char *CApath=NULL,*CAfile=NULL;
405 char *context = NULL;
231 int badop=0,bugs=0; 406 int badop=0,bugs=0;
232 int ret=1; 407 int ret=1;
233 int off=0; 408 int off=0;
234 int no_tmp_rsa=0,nocert=0; 409 int no_tmp_rsa=0,no_dhe=0,nocert=0;
235 int state=0; 410 int state=0;
236 SSL_METHOD *meth=NULL; 411 SSL_METHOD *meth=NULL;
237#ifndef NO_DH 412#ifndef NO_DH
@@ -289,6 +464,11 @@ char *argv[];
289 verify_depth=atoi(*(++argv)); 464 verify_depth=atoi(*(++argv));
290 BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth); 465 BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth);
291 } 466 }
467 else if (strcmp(*argv,"-context") == 0)
468 {
469 if (--argc < 1) goto bad;
470 context= *(++argv);
471 }
292 else if (strcmp(*argv,"-cert") == 0) 472 else if (strcmp(*argv,"-cert") == 0)
293 { 473 {
294 if (--argc < 1) goto bad; 474 if (--argc < 1) goto bad;
@@ -345,12 +525,18 @@ char *argv[];
345 { hack=1; } 525 { hack=1; }
346 else if (strcmp(*argv,"-state") == 0) 526 else if (strcmp(*argv,"-state") == 0)
347 { state=1; } 527 { state=1; }
528#ifdef APPS_CRLF
529 else if (strcmp(*argv,"-crlf") == 0)
530 { s_crlf=1; }
531#endif
348 else if (strcmp(*argv,"-quiet") == 0) 532 else if (strcmp(*argv,"-quiet") == 0)
349 { s_quiet=1; } 533 { s_quiet=1; }
350 else if (strcmp(*argv,"-bugs") == 0) 534 else if (strcmp(*argv,"-bugs") == 0)
351 { bugs=1; } 535 { bugs=1; }
352 else if (strcmp(*argv,"-no_tmp_rsa") == 0) 536 else if (strcmp(*argv,"-no_tmp_rsa") == 0)
353 { no_tmp_rsa=1; } 537 { no_tmp_rsa=1; }
538 else if (strcmp(*argv,"-no_dhe") == 0)
539 { no_dhe=1; }
354 else if (strcmp(*argv,"-www") == 0) 540 else if (strcmp(*argv,"-www") == 0)
355 { www=1; } 541 { www=1; }
356 else if (strcmp(*argv,"-WWW") == 0) 542 else if (strcmp(*argv,"-WWW") == 0)
@@ -453,21 +639,24 @@ bad:
453 } 639 }
454 640
455#ifndef NO_DH 641#ifndef NO_DH
456 /* EAY EAY EAY evil hack */ 642 if (!no_dhe)
457 dh=load_dh_param();
458 if (dh != NULL)
459 { 643 {
460 BIO_printf(bio_s_out,"Setting temp DH parameters\n"); 644 /* EAY EAY EAY evil hack */
461 } 645 dh=load_dh_param();
462 else 646 if (dh != NULL)
463 { 647 {
464 BIO_printf(bio_s_out,"Using default temp DH parameters\n"); 648 BIO_printf(bio_s_out,"Setting temp DH parameters\n");
465 dh=get_dh512(); 649 }
466 } 650 else
467 BIO_flush(bio_s_out); 651 {
652 BIO_printf(bio_s_out,"Using default temp DH parameters\n");
653 dh=get_dh512();
654 }
655 (void)BIO_flush(bio_s_out);
468 656
469 SSL_CTX_set_tmp_dh(ctx,dh); 657 SSL_CTX_set_tmp_dh(ctx,dh);
470 DH_free(dh); 658 DH_free(dh);
659 }
471#endif 660#endif
472 661
473 if (!set_cert_stuff(ctx,s_cert_file,s_key_file)) 662 if (!set_cert_stuff(ctx,s_cert_file,s_key_file))
@@ -478,6 +667,7 @@ bad:
478 goto end; 667 goto end;
479 } 668 }
480 669
670#ifndef NO_RSA
481#if 1 671#if 1
482 SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb); 672 SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
483#else 673#else
@@ -499,18 +689,21 @@ bad:
499 BIO_printf(bio_s_out,"\n"); 689 BIO_printf(bio_s_out,"\n");
500 } 690 }
501#endif 691#endif
692#endif
502 693
503 if (cipher != NULL) 694 if (cipher != NULL)
504 SSL_CTX_set_cipher_list(ctx,cipher); 695 SSL_CTX_set_cipher_list(ctx,cipher);
505 SSL_CTX_set_verify(ctx,s_server_verify,verify_callback); 696 SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
697 SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context,
698 sizeof s_server_session_id_context);
506 699
507 SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file)); 700 SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
508 701
509 BIO_printf(bio_s_out,"ACCEPT\n"); 702 BIO_printf(bio_s_out,"ACCEPT\n");
510 if (www) 703 if (www)
511 do_server(port,&accept_socket,www_body); 704 do_server(port,&accept_socket,www_body, context);
512 else 705 else
513 do_server(port,&accept_socket,sv_body); 706 do_server(port,&accept_socket,sv_body, context);
514 print_stats(bio_s_out,ctx); 707 print_stats(bio_s_out,ctx);
515 ret=0; 708 ret=0;
516end: 709end:
@@ -523,9 +716,7 @@ end:
523 EXIT(ret); 716 EXIT(ret);
524 } 717 }
525 718
526static void print_stats(bio,ssl_ctx) 719static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
527BIO *bio;
528SSL_CTX *ssl_ctx;
529 { 720 {
530 BIO_printf(bio,"%4ld items in the session cache\n", 721 BIO_printf(bio,"%4ld items in the session cache\n",
531 SSL_CTX_sess_number(ssl_ctx)); 722 SSL_CTX_sess_number(ssl_ctx));
@@ -550,9 +741,7 @@ SSL_CTX *ssl_ctx;
550 SSL_CTX_sess_get_cache_size(ssl_ctx)); 741 SSL_CTX_sess_get_cache_size(ssl_ctx));
551 } 742 }
552 743
553static int sv_body(hostname, s) 744static int sv_body(char *hostname, int s, unsigned char *context)
554char *hostname;
555int s;
556 { 745 {
557 char *buf=NULL; 746 char *buf=NULL;
558 fd_set readfds; 747 fd_set readfds;
@@ -562,7 +751,7 @@ int s;
562 SSL *con=NULL; 751 SSL *con=NULL;
563 BIO *sbio; 752 BIO *sbio;
564 753
565 if ((buf=Malloc(BUFSIZZ)) == NULL) 754 if ((buf=Malloc(bufsize)) == NULL)
566 { 755 {
567 BIO_printf(bio_err,"out of memory\n"); 756 BIO_printf(bio_err,"out of memory\n");
568 goto err; 757 goto err;
@@ -579,8 +768,12 @@ int s;
579 } 768 }
580#endif 769#endif
581 770
582 if (con == NULL) 771 if (con == NULL) {
583 con=(SSL *)SSL_new(ctx); 772 con=(SSL *)SSL_new(ctx);
773 if(context)
774 SSL_set_session_id_context(con, context,
775 strlen((char *)context));
776 }
584 SSL_clear(con); 777 SSL_clear(con);
585 778
586 sbio=BIO_new_socket(s,BIO_NOCLOSE); 779 sbio=BIO_new_socket(s,BIO_NOCLOSE);
@@ -610,11 +803,42 @@ int s;
610 FD_SET(fileno(stdin),&readfds); 803 FD_SET(fileno(stdin),&readfds);
611#endif 804#endif
612 FD_SET(s,&readfds); 805 FD_SET(s,&readfds);
613 i=select(width,&readfds,NULL,NULL,NULL); 806 /* Note: under VMS with SOCKETSHR the second parameter is
807 * currently of type (int *) whereas under other systems
808 * it is (void *) if you don't have a cast it will choke
809 * the compiler: if you do have a cast then you can either
810 * go for (int *) or (void *).
811 */
812 i=select(width,(void *)&readfds,NULL,NULL,NULL);
614 if (i <= 0) continue; 813 if (i <= 0) continue;
615 if (FD_ISSET(fileno(stdin),&readfds)) 814 if (FD_ISSET(fileno(stdin),&readfds))
616 { 815 {
617 i=read(fileno(stdin),buf,128/*BUFSIZZ*/); 816#ifdef APPS_CRLF
817 if (s_crlf)
818 {
819 int j, lf_num;
820
821 i=read(fileno(stdin), buf, bufsize/2);
822 lf_num = 0;
823 /* both loops are skipped when i <= 0 */
824 for (j = 0; j < i; j++)
825 if (buf[j] == '\n')
826 lf_num++;
827 for (j = i-1; j >= 0; j--)
828 {
829 buf[j+lf_num] = buf[j];
830 if (buf[j] == '\n')
831 {
832 lf_num--;
833 i++;
834 buf[j+lf_num] = '\r';
835 }
836 }
837 assert(lf_num == 0);
838 }
839 else
840#endif
841 i=read(fileno(stdin),buf,bufsize);
618 if (!s_quiet) 842 if (!s_quiet)
619 { 843 {
620 if ((i <= 0) || (buf[0] == 'Q')) 844 if ((i <= 0) || (buf[0] == 'Q'))
@@ -641,10 +865,10 @@ int s;
641 printf("SSL_do_handshake -> %d\n",i); 865 printf("SSL_do_handshake -> %d\n",i);
642 i=0; /*13; */ 866 i=0; /*13; */
643 continue; 867 continue;
644 strcpy(buf,"server side RE-NEGOTIATE\n"); 868 /* strcpy(buf,"server side RE-NEGOTIATE\n"); */
645 } 869 }
646 if ((buf[0] == 'R') && 870 if ((buf[0] == 'R') &&
647 ((buf[1] == '\0') || (buf[1] == '\r'))) 871 ((buf[1] == '\n') || (buf[1] == '\r')))
648 { 872 {
649 SSL_set_verify(con, 873 SSL_set_verify(con,
650 SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL); 874 SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL);
@@ -653,7 +877,7 @@ int s;
653 printf("SSL_do_handshake -> %d\n",i); 877 printf("SSL_do_handshake -> %d\n",i);
654 i=0; /* 13; */ 878 i=0; /* 13; */
655 continue; 879 continue;
656 strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n"); 880 /* strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n"); */
657 } 881 }
658 if (buf[0] == 'P') 882 if (buf[0] == 'P')
659 { 883 {
@@ -665,6 +889,9 @@ int s;
665 print_stats(bio_s_out,SSL_get_SSL_CTX(con)); 889 print_stats(bio_s_out,SSL_get_SSL_CTX(con));
666 } 890 }
667 } 891 }
892#ifdef CHARSET_EBCDIC
893 ebcdic2ascii(buf,buf,i);
894#endif
668 l=k=0; 895 l=k=0;
669 for (;;) 896 for (;;)
670 { 897 {
@@ -688,7 +915,7 @@ int s;
688 ERR_print_errors(bio_err); 915 ERR_print_errors(bio_err);
689 ret=1; 916 ret=1;
690 goto err; 917 goto err;
691 break; 918 /* break; */
692 case SSL_ERROR_ZERO_RETURN: 919 case SSL_ERROR_ZERO_RETURN:
693 BIO_printf(bio_s_out,"DONE\n"); 920 BIO_printf(bio_s_out,"DONE\n");
694 ret=1; 921 ret=1;
@@ -718,12 +945,17 @@ int s;
718 } 945 }
719 else 946 else
720 { 947 {
721 i=SSL_read(con,(char *)buf,128 /*BUFSIZZ */); 948again:
949 i=SSL_read(con,(char *)buf,bufsize);
722 switch (SSL_get_error(con,i)) 950 switch (SSL_get_error(con,i))
723 { 951 {
724 case SSL_ERROR_NONE: 952 case SSL_ERROR_NONE:
953#ifdef CHARSET_EBCDIC
954 ascii2ebcdic(buf,buf,i);
955#endif
725 write(fileno(stdout),buf, 956 write(fileno(stdout),buf,
726 (unsigned int)i); 957 (unsigned int)i);
958 if (SSL_pending(con)) goto again;
727 break; 959 break;
728 case SSL_ERROR_WANT_WRITE: 960 case SSL_ERROR_WANT_WRITE:
729 case SSL_ERROR_WANT_READ: 961 case SSL_ERROR_WANT_READ:
@@ -755,7 +987,7 @@ err:
755 BIO_printf(bio_s_out,"CONNECTION CLOSED\n"); 987 BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
756 if (buf != NULL) 988 if (buf != NULL)
757 { 989 {
758 memset(buf,0,BUFSIZZ); 990 memset(buf,0,bufsize);
759 Free(buf); 991 Free(buf);
760 } 992 }
761 if (ret >= 0) 993 if (ret >= 0)
@@ -763,7 +995,7 @@ err:
763 return(ret); 995 return(ret);
764 } 996 }
765 997
766static void close_accept_socket() 998static void close_accept_socket(void)
767 { 999 {
768 BIO_printf(bio_err,"shutdown accept socket\n"); 1000 BIO_printf(bio_err,"shutdown accept socket\n");
769 if (accept_socket >= 0) 1001 if (accept_socket >= 0)
@@ -772,11 +1004,10 @@ static void close_accept_socket()
772 } 1004 }
773 } 1005 }
774 1006
775static int init_ssl_connection(con) 1007static int init_ssl_connection(SSL *con)
776SSL *con;
777 { 1008 {
778 int i; 1009 int i;
779 char *str; 1010 const char *str;
780 X509 *peer; 1011 X509 *peer;
781 long verify_error; 1012 long verify_error;
782 MS_STATIC char buf[BUFSIZ]; 1013 MS_STATIC char buf[BUFSIZ];
@@ -820,18 +1051,22 @@ SSL *con;
820 str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); 1051 str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
821 BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); 1052 BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
822 if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n"); 1053 if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n");
1054 if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
1055 TLS1_FLAGS_TLS_PADDING_BUG)
1056 BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n");
1057
823 return(1); 1058 return(1);
824 } 1059 }
825 1060
826#ifndef NO_DH 1061#ifndef NO_DH
827static DH *load_dh_param() 1062static DH *load_dh_param(void)
828 { 1063 {
829 DH *ret=NULL; 1064 DH *ret=NULL;
830 BIO *bio; 1065 BIO *bio;
831 1066
832 if ((bio=BIO_new_file(DH_PARAM,"r")) == NULL) 1067 if ((bio=BIO_new_file(DH_PARAM,"r")) == NULL)
833 goto err; 1068 goto err;
834 ret=PEM_read_bio_DHparams(bio,NULL,NULL); 1069 ret=PEM_read_bio_DHparams(bio,NULL,NULL,NULL);
835err: 1070err:
836 if (bio != NULL) BIO_free(bio); 1071 if (bio != NULL) BIO_free(bio);
837 return(ret); 1072 return(ret);
@@ -839,9 +1074,7 @@ err:
839#endif 1074#endif
840 1075
841#if 0 1076#if 0
842static int load_CA(ctx,file) 1077static int load_CA(SSL_CTX *ctx, char *file)
843SSL_CTX *ctx;
844char *file;
845 { 1078 {
846 FILE *in; 1079 FILE *in;
847 X509 *x=NULL; 1080 X509 *x=NULL;
@@ -861,11 +1094,9 @@ char *file;
861 } 1094 }
862#endif 1095#endif
863 1096
864static int www_body(hostname, s) 1097static int www_body(char *hostname, int s, unsigned char *context)
865char *hostname;
866int s;
867 { 1098 {
868 char buf[1024]; 1099 char *buf=NULL;
869 int ret=1; 1100 int ret=1;
870 int i,j,k,blank,dot; 1101 int i,j,k,blank,dot;
871 struct stat st_buf; 1102 struct stat st_buf;
@@ -874,6 +1105,8 @@ int s;
874 BIO *io,*ssl_bio,*sbio; 1105 BIO *io,*ssl_bio,*sbio;
875 long total_bytes; 1106 long total_bytes;
876 1107
1108 buf=Malloc(bufsize);
1109 if (buf == NULL) return(0);
877 io=BIO_new(BIO_f_buffer()); 1110 io=BIO_new(BIO_f_buffer());
878 ssl_bio=BIO_new(BIO_f_ssl()); 1111 ssl_bio=BIO_new(BIO_f_ssl());
879 if ((io == NULL) || (ssl_bio == NULL)) goto err; 1112 if ((io == NULL) || (ssl_bio == NULL)) goto err;
@@ -891,9 +1124,11 @@ int s;
891#endif 1124#endif
892 1125
893 /* lets make the output buffer a reasonable size */ 1126 /* lets make the output buffer a reasonable size */
894 if (!BIO_set_write_buffer_size(io,253 /*16*1024*/)) goto err; 1127 if (!BIO_set_write_buffer_size(io,bufsize)) goto err;
895 1128
896 if ((con=(SSL *)SSL_new(ctx)) == NULL) goto err; 1129 if ((con=(SSL *)SSL_new(ctx)) == NULL) goto err;
1130 if(context) SSL_set_session_id_context(con, context,
1131 strlen((char *)context));
897 1132
898 sbio=BIO_new_socket(s,BIO_NOCLOSE); 1133 sbio=BIO_new_socket(s,BIO_NOCLOSE);
899 if (s_nbio_test) 1134 if (s_nbio_test)
@@ -909,6 +1144,9 @@ int s;
909 /* SSL_set_fd(con,s); */ 1144 /* SSL_set_fd(con,s); */
910 BIO_set_ssl(ssl_bio,con,BIO_CLOSE); 1145 BIO_set_ssl(ssl_bio,con,BIO_CLOSE);
911 BIO_push(io,ssl_bio); 1146 BIO_push(io,ssl_bio);
1147#ifdef CHARSET_EBCDIC
1148 io = BIO_push(BIO_new(BIO_f_ebcdic_filter()),io);
1149#endif
912 1150
913 if (s_debug) 1151 if (s_debug)
914 { 1152 {
@@ -937,14 +1175,14 @@ int s;
937 case SSL_ERROR_ZERO_RETURN: 1175 case SSL_ERROR_ZERO_RETURN:
938 ret=1; 1176 ret=1;
939 goto err; 1177 goto err;
940 break; 1178 /* break; */
941 } 1179 }
942 1180
943 SSL_renegotiate(con); 1181 SSL_renegotiate(con);
944 SSL_write(con,NULL,0); 1182 SSL_write(con,NULL,0);
945 } 1183 }
946 1184
947 i=BIO_gets(io,buf,sizeof(buf)-1); 1185 i=BIO_gets(io,buf,bufsize-1);
948 if (i < 0) /* error */ 1186 if (i < 0) /* error */
949 { 1187 {
950 if (!BIO_should_retry(io)) 1188 if (!BIO_should_retry(io))
@@ -974,11 +1212,11 @@ int s;
974 { 1212 {
975 char *p; 1213 char *p;
976 X509 *peer; 1214 X509 *peer;
977 STACK *sk; 1215 STACK_OF(SSL_CIPHER) *sk;
978 static char *space=" "; 1216 static char *space=" ";
979 1217
980 BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); 1218 BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
981 BIO_puts(io,"<HTML><BODY BGCOLOR=ffffff>\n"); 1219 BIO_puts(io,"<HTML><BODY BGCOLOR=\"#ffffff\">\n");
982 BIO_puts(io,"<pre>\n"); 1220 BIO_puts(io,"<pre>\n");
983/* BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/ 1221/* BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/
984 BIO_puts(io,"\n"); 1222 BIO_puts(io,"\n");
@@ -993,10 +1231,10 @@ int s;
993 * be done */ 1231 * be done */
994 BIO_printf(io,"Ciphers supported in s_server binary\n"); 1232 BIO_printf(io,"Ciphers supported in s_server binary\n");
995 sk=SSL_get_ciphers(con); 1233 sk=SSL_get_ciphers(con);
996 j=sk_num(sk); 1234 j=sk_SSL_CIPHER_num(sk);
997 for (i=0; i<j; i++) 1235 for (i=0; i<j; i++)
998 { 1236 {
999 c=(SSL_CIPHER *)sk_value(sk,i); 1237 c=sk_SSL_CIPHER_value(sk,i);
1000 BIO_printf(io,"%-11s:%-25s", 1238 BIO_printf(io,"%-11s:%-25s",
1001 SSL_CIPHER_get_version(c), 1239 SSL_CIPHER_get_version(c),
1002 SSL_CIPHER_get_name(c)); 1240 SSL_CIPHER_get_name(c));
@@ -1004,7 +1242,7 @@ int s;
1004 BIO_puts(io,"\n"); 1242 BIO_puts(io,"\n");
1005 } 1243 }
1006 BIO_puts(io,"\n"); 1244 BIO_puts(io,"\n");
1007 p=SSL_get_shared_ciphers(con,buf,sizeof(buf)); 1245 p=SSL_get_shared_ciphers(con,buf,bufsize);
1008 if (p != NULL) 1246 if (p != NULL)
1009 { 1247 {
1010 BIO_printf(io,"---\nCiphers common between both SSL end points:\n"); 1248 BIO_printf(io,"---\nCiphers common between both SSL end points:\n");
@@ -1050,7 +1288,7 @@ int s;
1050 BIO_puts(io,"</BODY></HTML>\r\n\r\n"); 1288 BIO_puts(io,"</BODY></HTML>\r\n\r\n");
1051 break; 1289 break;
1052 } 1290 }
1053 else if ((www == 2) && (strncmp("GET ",buf,4) == 0)) 1291 else if ((www == 2) && (strncmp("GET /",buf,5) == 0))
1054 { 1292 {
1055 BIO *file; 1293 BIO *file;
1056 char *p,*e; 1294 char *p,*e;
@@ -1129,9 +1367,10 @@ int s;
1129 total_bytes=0; 1367 total_bytes=0;
1130 for (;;) 1368 for (;;)
1131 { 1369 {
1132 i=BIO_read(file,buf,1024); 1370 i=BIO_read(file,buf,bufsize);
1133 if (i <= 0) break; 1371 if (i <= 0) break;
1134 1372
1373#ifdef RENEG
1135 total_bytes+=i; 1374 total_bytes+=i;
1136 fprintf(stderr,"%d\n",i); 1375 fprintf(stderr,"%d\n",i);
1137 if (total_bytes > 3*1024) 1376 if (total_bytes > 3*1024)
@@ -1140,6 +1379,7 @@ int s;
1140 fprintf(stderr,"RENEGOTIATE\n"); 1379 fprintf(stderr,"RENEGOTIATE\n");
1141 SSL_renegotiate(con); 1380 SSL_renegotiate(con);
1142 } 1381 }
1382#endif
1143 1383
1144 for (j=0; j<i; ) 1384 for (j=0; j<i; )
1145 { 1385 {
@@ -1194,14 +1434,14 @@ err:
1194 if (ret >= 0) 1434 if (ret >= 0)
1195 BIO_printf(bio_s_out,"ACCEPT\n"); 1435 BIO_printf(bio_s_out,"ACCEPT\n");
1196 1436
1437 if (buf != NULL) Free(buf);
1197 if (io != NULL) BIO_free_all(io); 1438 if (io != NULL) BIO_free_all(io);
1198/* if (ssl_bio != NULL) BIO_free(ssl_bio);*/ 1439/* if (ssl_bio != NULL) BIO_free(ssl_bio);*/
1199 return(ret); 1440 return(ret);
1200 } 1441 }
1201 1442
1202static RSA MS_CALLBACK *tmp_rsa_cb(s,export) 1443#ifndef NO_RSA
1203SSL *s; 1444static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
1204int export;
1205 { 1445 {
1206 static RSA *rsa_tmp=NULL; 1446 static RSA *rsa_tmp=NULL;
1207 1447
@@ -1209,17 +1449,16 @@ int export;
1209 { 1449 {
1210 if (!s_quiet) 1450 if (!s_quiet)
1211 { 1451 {
1212 BIO_printf(bio_err,"Generating temp (512 bit) RSA key..."); 1452 BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
1213 BIO_flush(bio_err); 1453 (void)BIO_flush(bio_err);
1214 } 1454 }
1215#ifndef NO_RSA 1455 rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
1216 rsa_tmp=RSA_generate_key(512,RSA_F4,NULL,NULL);
1217#endif
1218 if (!s_quiet) 1456 if (!s_quiet)
1219 { 1457 {
1220 BIO_printf(bio_err,"\n"); 1458 BIO_printf(bio_err,"\n");
1221 BIO_flush(bio_err); 1459 (void)BIO_flush(bio_err);
1222 } 1460 }
1223 } 1461 }
1224 return(rsa_tmp); 1462 return(rsa_tmp);
1225 } 1463 }
1464#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 03:04:55 +0000