diff options
Diffstat (limited to '')
| -rw-r--r-- | src/usr.bin/openssl/s_server.c | 47 |
1 files changed, 4 insertions, 43 deletions
diff --git a/src/usr.bin/openssl/s_server.c b/src/usr.bin/openssl/s_server.c index 5987f76e1c..30a926c411 100644 --- a/src/usr.bin/openssl/s_server.c +++ b/src/usr.bin/openssl/s_server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s_server.c,v 1.4 2014/10/31 16:56:00 jsing Exp $ */ | 1 | /* $OpenBSD: s_server.c,v 1.5 2014/10/31 16:59:00 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -178,7 +178,6 @@ | |||
| 178 | #include "s_apps.h" | 178 | #include "s_apps.h" |
| 179 | #include "timeouts.h" | 179 | #include "timeouts.h" |
| 180 | 180 | ||
| 181 | static RSA *tmp_rsa_cb(SSL * s, int is_export, int keylength); | ||
| 182 | static int sv_body(char *hostname, int s, unsigned char *context); | 181 | static int sv_body(char *hostname, int s, unsigned char *context); |
| 183 | static int www_body(char *hostname, int s, unsigned char *context); | 182 | static int www_body(char *hostname, int s, unsigned char *context); |
| 184 | static void close_accept_socket(void); | 183 | static void close_accept_socket(void); |
| @@ -325,7 +324,6 @@ sv_usage(void) | |||
| 325 | BIO_printf(bio_err, " -cipher arg - play with 'openssl ciphers' to see what goes here\n"); | 324 | BIO_printf(bio_err, " -cipher arg - play with 'openssl ciphers' to see what goes here\n"); |
| 326 | BIO_printf(bio_err, " -serverpref - Use server's cipher preferences\n"); | 325 | BIO_printf(bio_err, " -serverpref - Use server's cipher preferences\n"); |
| 327 | BIO_printf(bio_err, " -quiet - Inhibit printing of session and certificate information\n"); | 326 | BIO_printf(bio_err, " -quiet - Inhibit printing of session and certificate information\n"); |
| 328 | BIO_printf(bio_err, " -no_tmp_rsa - Do not generate a tmp RSA key\n"); | ||
| 329 | BIO_printf(bio_err, " -ssl3 - Just talk SSLv3\n"); | 327 | BIO_printf(bio_err, " -ssl3 - Just talk SSLv3\n"); |
| 330 | BIO_printf(bio_err, " -tls1_2 - Just talk TLSv1.2\n"); | 328 | BIO_printf(bio_err, " -tls1_2 - Just talk TLSv1.2\n"); |
| 331 | BIO_printf(bio_err, " -tls1_1 - Just talk TLSv1.1\n"); | 329 | BIO_printf(bio_err, " -tls1_1 - Just talk TLSv1.1\n"); |
| @@ -581,7 +579,7 @@ s_server_main(int argc, char *argv[]) | |||
| 581 | int badop = 0, bugs = 0; | 579 | int badop = 0, bugs = 0; |
| 582 | int ret = 1; | 580 | int ret = 1; |
| 583 | int off = 0; | 581 | int off = 0; |
| 584 | int no_tmp_rsa = 0, no_dhe = 0, no_ecdhe = 0, nocert = 0; | 582 | int no_dhe = 0, no_ecdhe = 0, nocert = 0; |
| 585 | int state = 0; | 583 | int state = 0; |
| 586 | const SSL_METHOD *meth = NULL; | 584 | const SSL_METHOD *meth = NULL; |
| 587 | int socket_type = SOCK_STREAM; | 585 | int socket_type = SOCK_STREAM; |
| @@ -773,13 +771,12 @@ s_server_main(int argc, char *argv[]) | |||
| 773 | } else if (strcmp(*argv, "-bugs") == 0) { | 771 | } else if (strcmp(*argv, "-bugs") == 0) { |
| 774 | bugs = 1; | 772 | bugs = 1; |
| 775 | } else if (strcmp(*argv, "-no_tmp_rsa") == 0) { | 773 | } else if (strcmp(*argv, "-no_tmp_rsa") == 0) { |
| 776 | no_tmp_rsa = 1; | 774 | /* No-op. */ |
| 777 | } else if (strcmp(*argv, "-no_dhe") == 0) { | 775 | } else if (strcmp(*argv, "-no_dhe") == 0) { |
| 778 | no_dhe = 1; | 776 | no_dhe = 1; |
| 779 | } else if (strcmp(*argv, "-no_ecdhe") == 0) { | 777 | } else if (strcmp(*argv, "-no_ecdhe") == 0) { |
| 780 | no_ecdhe = 1; | 778 | no_ecdhe = 1; |
| 781 | } | 779 | } else if (strcmp(*argv, "-www") == 0) { |
| 782 | else if (strcmp(*argv, "-www") == 0) { | ||
| 783 | www = 1; | 780 | www = 1; |
| 784 | } else if (strcmp(*argv, "-WWW") == 0) { | 781 | } else if (strcmp(*argv, "-WWW") == 0) { |
| 785 | www = 2; | 782 | www = 2; |
| @@ -1210,14 +1207,6 @@ bad: | |||
| 1210 | if (!set_cert_key_stuff(ctx, s_dcert, s_dkey)) | 1207 | if (!set_cert_key_stuff(ctx, s_dcert, s_dkey)) |
| 1211 | goto end; | 1208 | goto end; |
| 1212 | } | 1209 | } |
| 1213 | if (!no_tmp_rsa) { | ||
| 1214 | SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb); | ||
| 1215 | #ifndef OPENSSL_NO_TLSEXT | ||
| 1216 | if (ctx2) | ||
| 1217 | SSL_CTX_set_tmp_rsa_callback(ctx2, tmp_rsa_cb); | ||
| 1218 | #endif | ||
| 1219 | } | ||
| 1220 | |||
| 1221 | 1210 | ||
| 1222 | if (cipher != NULL) { | 1211 | if (cipher != NULL) { |
| 1223 | if (!SSL_CTX_set_cipher_list(ctx, cipher)) { | 1212 | if (!SSL_CTX_set_cipher_list(ctx, cipher)) { |
| @@ -2079,34 +2068,6 @@ err: | |||
| 2079 | return (ret); | 2068 | return (ret); |
| 2080 | } | 2069 | } |
| 2081 | 2070 | ||
| 2082 | static RSA * | ||
| 2083 | tmp_rsa_cb(SSL * s, int is_export, int keylength) | ||
| 2084 | { | ||
| 2085 | BIGNUM *bn = NULL; | ||
| 2086 | static RSA *rsa_tmp = NULL; | ||
| 2087 | |||
| 2088 | if (!rsa_tmp && ((bn = BN_new()) == NULL)) | ||
| 2089 | BIO_printf(bio_err, "Allocation error in generating RSA key\n"); | ||
| 2090 | if (!rsa_tmp && bn) { | ||
| 2091 | if (!s_quiet) { | ||
| 2092 | BIO_printf(bio_err, "Generating temp (%d bit) RSA key...", keylength); | ||
| 2093 | (void) BIO_flush(bio_err); | ||
| 2094 | } | ||
| 2095 | if (!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) || | ||
| 2096 | !RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) { | ||
| 2097 | if (rsa_tmp) | ||
| 2098 | RSA_free(rsa_tmp); | ||
| 2099 | rsa_tmp = NULL; | ||
| 2100 | } | ||
| 2101 | if (!s_quiet) { | ||
| 2102 | BIO_printf(bio_err, "\n"); | ||
| 2103 | (void) BIO_flush(bio_err); | ||
| 2104 | } | ||
| 2105 | BN_free(bn); | ||
| 2106 | } | ||
| 2107 | return (rsa_tmp); | ||
| 2108 | } | ||
| 2109 | |||
| 2110 | #define MAX_SESSION_ID_ATTEMPTS 10 | 2071 | #define MAX_SESSION_ID_ATTEMPTS 10 |
| 2111 | static int | 2072 | static int |
| 2112 | generate_session_id(const SSL * ssl, unsigned char *id, | 2073 | generate_session_id(const SSL * ssl, unsigned char *id, |