X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=apps%2Fs_server.c;h=29ed59863871741b0b8e58724b650800d8c0a3bb;hb=2006dd12d693499ecbf532748ecbb819868f6951;hp=6200e4bef3d7b1bfb0c403edf12196b6dd6695a6;hpb=251cb4cfed42c8084d3032bf1a0f8e9cb9b44aac;p=oweals%2Fopenssl.git diff --git a/apps/s_server.c b/apps/s_server.c index 6200e4bef3..29ed598638 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -62,8 +62,7 @@ #include #include #include -#include -#ifdef OPENSSL_NO_STDIO +#ifdef NO_STDIO #define APPS_WIN16 #endif @@ -71,7 +70,7 @@ recursive header file inclusion, resulting in the compiler complaining that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is needed to have fileno() declared correctly... So let's define u_int */ -#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) +#if defined(VMS) && defined(__DECC) && !defined(__U_INT) #define __U_INT typedef unsigned int u_int; #endif @@ -84,19 +83,19 @@ typedef unsigned int u_int; #include #include #include -#include +#include #include "s_apps.h" -#ifdef OPENSSL_SYS_WINDOWS +#ifdef WINDOWS #include #endif -#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) +#if (defined(VMS) && __VMS_VER < 70000000) /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ #undef FIONBIO #endif -#ifndef OPENSSL_NO_RSA +#ifndef NO_RSA static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength); #endif static int sv_body(char *hostname, int s, unsigned char *context); @@ -105,9 +104,7 @@ static void close_accept_socket(void ); static void sv_usage(void); static int init_ssl_connection(SSL *s); static void print_stats(BIO *bp,SSL_CTX *ctx); -static int generate_session_id(const SSL *ssl, unsigned char *id, - unsigned int *id_len); -#ifndef OPENSSL_NO_DH +#ifndef NO_DH static DH *load_dh_param(char *dhfile); static DH *get_dh512(void); #endif @@ -123,7 +120,7 @@ static void s_server_init(void); # endif #endif -#ifndef OPENSSL_NO_DH +#ifndef NO_DH static unsigned char dh512_p[]={ 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75, 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F, @@ -180,8 +177,6 @@ static int s_debug=0; static int s_quiet=0; static int hack=0; -static char *engine_id=NULL; -static const char *session_id_prefix=NULL; #ifdef MONOLITH static void s_server_init(void) @@ -204,7 +199,6 @@ static void s_server_init(void) s_debug=0; s_quiet=0; hack=0; - engine_id=NULL; } #endif @@ -235,7 +229,6 @@ static void sv_usage(void) BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n"); BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n"); - BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n"); BIO_printf(bio_err," -quiet - No server output\n"); BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n"); BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n"); @@ -244,16 +237,12 @@ static void sv_usage(void) BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n"); BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n"); BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n"); -#ifndef OPENSSL_NO_DH +#ifndef NO_DH BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n"); #endif BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n"); BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n"); BIO_printf(bio_err," -WWW - Respond to a 'GET / HTTP/1.0' with file ./\n"); - BIO_printf(bio_err," -HTTP - Respond to a 'GET / HTTP/1.0' with file ./\n"); - BIO_printf(bio_err," with the assumption it contains a complete HTTP response.\n"); - BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); - BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n"); BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); } @@ -424,14 +413,16 @@ int MAIN(int argc, char *argv[]) int no_tmp_rsa=0,no_dhe=0,nocert=0; int state=0; SSL_METHOD *meth=NULL; - ENGINE *e=NULL; char *inrand=NULL; +#ifndef NO_DH + DH *dh=NULL; +#endif -#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) +#if !defined(NO_SSL2) && !defined(NO_SSL3) meth=SSLv23_server_method(); -#elif !defined(OPENSSL_NO_SSL3) +#elif !defined(NO_SSL3) meth=SSLv3_server_method(); -#elif !defined(OPENSSL_NO_SSL2) +#elif !defined(NO_SSL2) meth=SSLv2_server_method(); #endif @@ -518,8 +509,6 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; CApath= *(++argv); } - else if (strcmp(*argv,"-serverpref") == 0) - { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; } else if (strcmp(*argv,"-cipher") == 0) { if (--argc < 1) goto bad; @@ -561,36 +550,24 @@ int MAIN(int argc, char *argv[]) { www=1; } else if (strcmp(*argv,"-WWW") == 0) { www=2; } - else if (strcmp(*argv,"-HTTP") == 0) - { www=3; } else if (strcmp(*argv,"-no_ssl2") == 0) { off|=SSL_OP_NO_SSLv2; } else if (strcmp(*argv,"-no_ssl3") == 0) { off|=SSL_OP_NO_SSLv3; } else if (strcmp(*argv,"-no_tls1") == 0) { off|=SSL_OP_NO_TLSv1; } -#ifndef OPENSSL_NO_SSL2 +#ifndef NO_SSL2 else if (strcmp(*argv,"-ssl2") == 0) { meth=SSLv2_server_method(); } #endif -#ifndef OPENSSL_NO_SSL3 +#ifndef NO_SSL3 else if (strcmp(*argv,"-ssl3") == 0) { meth=SSLv3_server_method(); } #endif -#ifndef OPENSSL_NO_TLS1 +#ifndef NO_TLS1 else if (strcmp(*argv,"-tls1") == 0) { meth=TLSv1_server_method(); } #endif - else if (strcmp(*argv, "-id_prefix") == 0) - { - if (--argc < 1) goto bad; - session_id_prefix = *(++argv); - } - else if (strcmp(*argv,"-engine") == 0) - { - if (--argc < 1) goto bad; - engine_id= *(++argv); - } else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -634,7 +611,7 @@ bad: } } -#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) +#if !defined(NO_RSA) || !defined(NO_DSA) if (nocert) #endif { @@ -647,51 +624,13 @@ bad: SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); - if (engine_id != NULL) - { - if((e = ENGINE_by_id(engine_id)) == NULL) - { - BIO_printf(bio_err,"invalid engine\n"); - ERR_print_errors(bio_err); - goto end; - } - if (s_debug) - { - ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, - 0, bio_err, 0); - } - if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) - { - BIO_printf(bio_err,"can't use that engine\n"); - ERR_print_errors(bio_err); - goto end; - } - BIO_printf(bio_err,"engine \"%s\" set.\n", engine_id); - ENGINE_free(e); - } - ctx=SSL_CTX_new(meth); if (ctx == NULL) { ERR_print_errors(bio_err); goto end; } - if (session_id_prefix) - { - if(strlen(session_id_prefix) >= 32) - BIO_printf(bio_err, -"warning: id_prefix is too long, only one new session will be possible\n"); - else if(strlen(session_id_prefix) >= 16) - BIO_printf(bio_err, -"warning: id_prefix is too long if you use SSLv2\n"); - if(!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) - { - BIO_printf(bio_err,"error setting 'id_prefix'\n"); - ERR_print_errors(bio_err); - goto end; - } - BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix); - } + SSL_CTX_set_quiet_shutdown(ctx,1); if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL); if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); @@ -722,16 +661,10 @@ bad: /* goto end; */ } -#ifndef OPENSSL_NO_DH +#ifndef NO_DH if (!no_dhe) { - DH *dh=NULL; - - if (dhfile) - dh = load_dh_param(dhfile); - else if (s_cert_file) - dh = load_dh_param(s_cert_file); - + dh=load_dh_param(dhfile ? dhfile : s_cert_file); if (dh != NULL) { BIO_printf(bio_s_out,"Setting temp DH parameters\n"); @@ -756,7 +689,7 @@ bad: goto end; } -#ifndef OPENSSL_NO_RSA +#ifndef NO_RSA #if 1 if (!no_tmp_rsa) SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb); @@ -845,7 +778,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) unsigned long l; SSL *con=NULL; BIO *sbio; -#ifdef OPENSSL_SYS_WINDOWS +#ifdef WINDOWS struct timeval tv; #endif @@ -868,13 +801,6 @@ static int sv_body(char *hostname, int s, unsigned char *context) if (con == NULL) { con=SSL_new(ctx); -#ifndef OPENSSL_NO_KRB5 - if ((con->kssl_ctx = kssl_ctx_new()) != NULL) - { - kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC); - kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB); - } -#endif /* OPENSSL_NO_KRB5 */ if(context) SSL_set_session_id_context(con, context, strlen((char *)context)); @@ -912,7 +838,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) if (!read_from_sslcon) { FD_ZERO(&readfds); -#ifndef OPENSSL_SYS_WINDOWS +#ifndef WINDOWS FD_SET(fileno(stdin),&readfds); #endif FD_SET(s,&readfds); @@ -922,7 +848,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) * the compiler: if you do have a cast then you can either * go for (int *) or (void *). */ -#ifdef OPENSSL_SYS_WINDOWS +#ifdef WINDOWS /* Under Windows we can't select on stdin: only * on sockets. As a workaround we timeout the select every * second and check for any keypress. In a proper Windows @@ -1188,7 +1114,7 @@ static int init_ssl_connection(SSL *con) return(1); } -#ifndef OPENSSL_NO_DH +#ifndef NO_DH static DH *load_dh_param(char *dhfile) { DH *ret=NULL; @@ -1324,7 +1250,7 @@ static int www_body(char *hostname, int s, unsigned char *context) else { BIO_printf(bio_s_out,"read R BLOCK\n"); -#ifndef OPENSSL_SYS_MSDOS +#ifndef MSDOS sleep(1); #endif continue; @@ -1418,13 +1344,11 @@ static int www_body(char *hostname, int s, unsigned char *context) BIO_puts(io,"\r\n\r\n"); break; } - else if ((www == 2 || www == 3) - && (strncmp("GET /",buf,5) == 0)) + else if ((www == 2) && (strncmp("GET /",buf,5) == 0)) { BIO *file; char *p,*e; - static char *text="HTTP/1.0 200 ok\r\n" - "Content-type: text/plain\r\n\r\n"; + static char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"; /* skip the '/' */ p= &(buf[5]); @@ -1488,16 +1412,13 @@ static int www_body(char *hostname, int s, unsigned char *context) if (!s_quiet) BIO_printf(bio_err,"FILE:%s\n",p); - if (www == 2) - { - i=strlen(p); - if ( ((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) || - ((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) || - ((i > 4) && (strcmp(&(p[i-4]),".htm") == 0))) - BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); - else - BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"); - } + i=strlen(p); + if ( ((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) || + ((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) || + ((i > 4) && (strcmp(&(p[i-4]),".htm") == 0))) + BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); + else + BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"); /* send the file */ total_bytes=0; for (;;) @@ -1575,7 +1496,7 @@ err: return(ret); } -#ifndef OPENSSL_NO_RSA +#ifndef NO_RSA static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) { static RSA *rsa_tmp=NULL; @@ -1597,26 +1518,3 @@ static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) return(rsa_tmp); } #endif - -#define MAX_SESSION_ID_ATTEMPTS 10 -static int generate_session_id(const SSL *ssl, unsigned char *id, - unsigned int *id_len) - { - unsigned int count = 0; - do { - RAND_pseudo_bytes(id, *id_len); - /* Prefix the session_id with the required prefix. NB: If our - * prefix is too long, clip it - but there will be worse effects - * anyway, eg. the server could only possibly create 1 session - * ID (ie. the prefix!) so all future session negotiations will - * fail due to conflicts. */ - memcpy(id, session_id_prefix, - (strlen(session_id_prefix) < *id_len) ? - strlen(session_id_prefix) : *id_len); - } - while(SSL_has_matching_session_id(ssl, id, *id_len) && - (++count < MAX_SESSION_ID_ATTEMPTS)); - if(count >= MAX_SESSION_ID_ATTEMPTS) - return 0; - return 1; - }