s_server.c 100.8 KB
Newer Older
1
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 3 4 5 6
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
7
 *
8 9 10 11 12 13
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14
 *
15 16 17 18 19 20
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
21
 *
22 23 24 25 26 27 28 29 30 31 32 33 34 35
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
36
 * 4. If you include any Windows specific code (or a derivative thereof) from
37 38
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39
 *
40 41 42 43 44 45 46 47 48 49 50
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
51
 *
52 53 54 55 56
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
57
/* ====================================================================
B
Bodo Möller 已提交
58
 * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
59 60 61 62 63 64
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
65
 *    notice, this list of conditions and the following disclaimer.
66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
B
Bodo Möller 已提交
110 111
/* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
112
 * ECC cipher suite support in OpenSSL originally developed by
B
Bodo Möller 已提交
113 114
 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
 */
115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140
/* ====================================================================
 * Copyright 2005 Nokia. All rights reserved.
 *
 * The portions of the attached software ("Contribution") is developed by
 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
 * license.
 *
 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
 * support (see RFC 4279) to OpenSSL.
 *
 * No patent licenses or other rights except those expressly stated in
 * the OpenSSL open source license shall be deemed granted or received
 * expressly, by implication, estoppel, or otherwise.
 *
 * No assurances are provided by Nokia that the Contribution does not
 * infringe the patent or other intellectual property rights of any third
 * party or that the license provides you with all the necessary rights
 * to make use of the Contribution.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
 * OTHERWISE.
 */
141

B
Bodo Möller 已提交
142
#include <assert.h>
143
#include <ctype.h>
U
Ulf Möller 已提交
144 145 146
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
R
Richard Levitte 已提交
147

148
#include <openssl/e_os2.h>
U
Ulf Möller 已提交
149

150 151
/* conflicts with winsock2 stuff on netware */
#if !defined(OPENSSL_SYS_NETWARE)
152
# include <sys/types.h>
R
Richard Levitte 已提交
153 154
#endif

155 156 157 158 159 160
/*
 * With IPv6, it looks like Digital has mixed up the proper order of
 * recursive header file inclusion, resulting in the compiler complaining
 * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
 * needed to have fileno() declared correctly...  So let's define u_int
 */
161
#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
162
# define __U_INT
U
Ulf Möller 已提交
163 164 165
typedef unsigned int u_int;
#endif

166 167
#include <openssl/lhash.h>
#include <openssl/bn.h>
168 169
#define USE_SOCKETS
#include "apps.h"
170 171 172 173
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/x509.h>
#include <openssl/ssl.h>
174
#include <openssl/rand.h>
175
#include <openssl/ocsp.h>
N
make  
Nils Larsch 已提交
176
#ifndef OPENSSL_NO_DH
177
# include <openssl/dh.h>
N
make  
Nils Larsch 已提交
178 179
#endif
#ifndef OPENSSL_NO_RSA
180
# include <openssl/rsa.h>
N
make  
Nils Larsch 已提交
181
#endif
B
Ben Laurie 已提交
182
#ifndef OPENSSL_NO_SRP
183
# include <openssl/srp.h>
B
Ben Laurie 已提交
184
#endif
185
#include "s_apps.h"
B
Ben Laurie 已提交
186
#include "timeouts.h"
187

188
#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
U
Ulf Möller 已提交
189
/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
190
# undef FIONBIO
U
Ulf Möller 已提交
191 192
#endif

193
#ifndef OPENSSL_NO_RSA
R
Rich Salz 已提交
194
static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength);
195
#endif
196
static int not_resumable_sess_cb(SSL *s, int is_forward_secure);
197 198 199
static int sv_body(char *hostname, int s, int stype, unsigned char *context);
static int www_body(char *hostname, int s, int stype, unsigned char *context);
static int rev_body(char *hostname, int s, int stype, unsigned char *context);
200
static void close_accept_socket(void);
201
static int init_ssl_connection(SSL *s);
202
static void print_stats(BIO *bp, SSL_CTX *ctx);
203
static int generate_session_id(const SSL *ssl, unsigned char *id,
204
                               unsigned int *id_len);
205 206
static void init_session_cache_ctx(SSL_CTX *sctx);
static void free_sessions(void);
207
#ifndef OPENSSL_NO_DH
N
Nils Larsch 已提交
208
static DH *load_dh_param(const char *dhfile);
209
#endif
B
Bodo Möller 已提交
210

211
static void s_server_init(void);
212 213 214 215

/* static int load_CA(SSL_CTX *ctx, char *file);*/

#undef BUFSIZZ
216 217 218
#define BUFSIZZ 16*1024
static int bufsize = BUFSIZZ;
static int accept_socket = -1;
219

220
#define TEST_CERT       "server.pem"
221
#ifndef OPENSSL_NO_TLSEXT
222
# define TEST_CERT2      "server2.pem"
223
#endif
224

225
extern int verify_depth, verify_return_error, verify_quiet;
226

227
static int s_server_verify = SSL_VERIFY_NONE;
228
static int s_server_session_id_context = 1; /* anything will do */
229 230
static const char *s_cert_file = TEST_CERT, *s_key_file =
    NULL, *s_chain_file = NULL;
M
Matt Caswell 已提交
231

232
#ifndef OPENSSL_NO_TLSEXT
233
static const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL;
234
#endif
235
static char *s_dcert_file = NULL, *s_dkey_file = NULL, *s_dchain_file = NULL;
236
#ifdef FIONBIO
237
static int s_nbio = 0;
238
#endif
239 240 241
static int s_nbio_test = 0;
int s_crlf = 0;
static SSL_CTX *ctx = NULL;
242
#ifndef OPENSSL_NO_TLSEXT
243
static SSL_CTX *ctx2 = NULL;
244
#endif
245
static int www = 0;
246

247
static BIO *bio_s_out = NULL;
248
static BIO *bio_s_msg = NULL;
249
static int s_debug = 0;
250
#ifndef OPENSSL_NO_TLSEXT
251 252
static int s_tlsextdebug = 0;
static int s_tlsextstatus = 0;
253
static int cert_status_cb(SSL *s, void *arg);
254
#endif
255
static int no_resume_ephemeral = 0;
256 257 258 259
static int s_msg = 0;
static int s_quiet = 0;
static int s_ign_eof = 0;
static int s_brief = 0;
260

261 262
static char *keymatexportlabel = NULL;
static int keymatexportlen = 20;
B
Ben Laurie 已提交
263

264
#ifndef OPENSSL_NO_ENGINE
265
static char *engine_id = NULL;
266
#endif
267
static const char *session_id_prefix = NULL;
268

B
Ben Laurie 已提交
269
static int enable_timeouts = 0;
B
Bodo Möller 已提交
270
static long socket_mtu;
D
Dr. Stephen Henson 已提交
271
#ifndef OPENSSL_NO_DTLS1
B
Ben Laurie 已提交
272
static int cert_chain = 0;
D
Dr. Stephen Henson 已提交
273
#endif
B
Ben Laurie 已提交
274

B
Ben Laurie 已提交
275
#ifndef OPENSSL_NO_TLSEXT
276 277
static BIO *serverinfo_in = NULL;
static const char *s_serverinfo_file = NULL;
278

B
Ben Laurie 已提交
279
#endif
B
Ben Laurie 已提交
280

281
#ifndef OPENSSL_NO_PSK
282 283
static char *psk_identity = "Client_identity";
char *psk_key = NULL;           /* by default PSK is not used */
284 285

static unsigned int psk_server_cb(SSL *ssl, const char *identity,
286 287 288 289 290 291 292 293 294 295 296 297 298 299 300
                                  unsigned char *psk,
                                  unsigned int max_psk_len)
{
    unsigned int psk_len = 0;
    int ret;
    BIGNUM *bn = NULL;

    if (s_debug)
        BIO_printf(bio_s_out, "psk_server_cb\n");
    if (!identity) {
        BIO_printf(bio_err, "Error: client did not send PSK identity\n");
        goto out_err;
    }
    if (s_debug)
        BIO_printf(bio_s_out, "identity_len=%d identity=%s\n",
M
Matt Caswell 已提交
301
                   (int)strlen(identity), identity);
302 303 304 305 306 307 308 309 310 311 312 313 314 315 316

    /* here we could lookup the given identity e.g. from a database */
    if (strcmp(identity, psk_identity) != 0) {
        BIO_printf(bio_s_out, "PSK error: client identity not found"
                   " (got '%s' expected '%s')\n", identity, psk_identity);
        goto out_err;
    }
    if (s_debug)
        BIO_printf(bio_s_out, "PSK client identity found\n");

    /* convert the PSK key to binary */
    ret = BN_hex2bn(&bn, psk_key);
    if (!ret) {
        BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
                   psk_key);
R
Rich Salz 已提交
317
        BN_free(bn);
318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337
        return 0;
    }
    if (BN_num_bytes(bn) > (int)max_psk_len) {
        BIO_printf(bio_err,
                   "psk buffer of callback is too small (%d) for key (%d)\n",
                   max_psk_len, BN_num_bytes(bn));
        BN_free(bn);
        return 0;
    }

    ret = BN_bn2bin(bn, psk);
    BN_free(bn);

    if (ret < 0)
        goto out_err;
    psk_len = (unsigned int)ret;

    if (s_debug)
        BIO_printf(bio_s_out, "fetched PSK len=%d\n", psk_len);
    return psk_len;
338
 out_err:
339 340
    if (s_debug)
        BIO_printf(bio_err, "Error in PSK server callback\n");
R
Rich Salz 已提交
341 342
    (void)BIO_flush(bio_err);
    (void)BIO_flush(bio_s_out);
343 344
    return 0;
}
345
#endif
B
Ben Laurie 已提交
346

B
Ben Laurie 已提交
347 348
#ifndef OPENSSL_NO_SRP
/* This is a context that we pass to callbacks */
349 350 351 352 353 354 355 356 357 358 359 360 361 362
typedef struct srpsrvparm_st {
    char *login;
    SRP_VBASE *vb;
    SRP_user_pwd *user;
} srpsrvparm;

/*
 * This callback pretends to require some asynchronous logic in order to
 * obtain a verifier. When the callback is called for a new connection we
 * return with a negative value. This will provoke the accept etc to return
 * with an LOOKUP_X509. The main logic of the reinvokes the suspended call
 * (which would normally occur after a worker has finished) and we set the
 * user parameters.
 */
R
Rich Salz 已提交
363
static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389
{
    srpsrvparm *p = (srpsrvparm *) arg;
    if (p->login == NULL && p->user == NULL) {
        p->login = SSL_get_srp_username(s);
        BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
        return (-1);
    }

    if (p->user == NULL) {
        BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
        return SSL3_AL_FATAL;
    }
    if (SSL_set_srp_server_param
        (s, p->user->N, p->user->g, p->user->s, p->user->v,
         p->user->info) < 0) {
        *ad = SSL_AD_INTERNAL_ERROR;
        return SSL3_AL_FATAL;
    }
    BIO_printf(bio_err,
               "SRP parameters set: username = \"%s\" info=\"%s\" \n",
               p->login, p->user->info);
    /* need to check whether there are memory leaks */
    p->user = NULL;
    p->login = NULL;
    return SSL_ERROR_NONE;
}
B
Ben Laurie 已提交
390 391 392

#endif

U
Ulf Möller 已提交
393
static void s_server_init(void)
394 395
{
    accept_socket = -1;
396
    verify_depth = 0;
397 398 399 400 401 402 403
    s_server_verify = SSL_VERIFY_NONE;
    s_dcert_file = NULL;
    s_dkey_file = NULL;
    s_dchain_file = NULL;
    s_cert_file = TEST_CERT;
    s_key_file = NULL;
    s_chain_file = NULL;
404
#ifndef OPENSSL_NO_TLSEXT
405 406 407
    s_cert_file2 = TEST_CERT2;
    s_key_file2 = NULL;
    ctx2 = NULL;
408
#endif
409 410 411 412 413 414 415 416 417
    s_nbio = 0;
    s_nbio_test = 0;
    ctx = NULL;
    www = 0;
    bio_s_out = NULL;
    s_debug = 0;
    s_msg = 0;
    s_quiet = 0;
    s_brief = 0;
418
#ifndef OPENSSL_NO_ENGINE
419
    engine_id = NULL;
420 421
#endif
}
422

423
static int local_argc = 0;
424 425
static char **local_argv;

426 427 428 429
#ifdef CHARSET_EBCDIC
static int ebcdic_new(BIO *bi);
static int ebcdic_free(BIO *a);
static int ebcdic_read(BIO *b, char *out, int outl);
B
Bodo Möller 已提交
430 431
static int ebcdic_write(BIO *b, const char *in, int inl);
static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
432
static int ebcdic_gets(BIO *bp, char *buf, int size);
B
Bodo Möller 已提交
433
static int ebcdic_puts(BIO *bp, const char *str);
434

435 436 437 438 439 440 441 442 443 444 445 446 447
# define BIO_TYPE_EBCDIC_FILTER  (18|0x0200)
static BIO_METHOD methods_ebcdic = {
    BIO_TYPE_EBCDIC_FILTER,
    "EBCDIC/ASCII filter",
    ebcdic_write,
    ebcdic_read,
    ebcdic_puts,
    ebcdic_gets,
    ebcdic_ctrl,
    ebcdic_new,
    ebcdic_free,
};

R
Rich Salz 已提交
448
/* This struct is "unwarranted chumminess with the compiler." */
449 450 451
typedef struct {
    size_t alloced;
    char buff[1];
452 453 454 455
} EBCDIC_OUTBUFF;

BIO_METHOD *BIO_f_ebcdic_filter()
{
456
    return (&methods_ebcdic);
457 458 459 460
}

static int ebcdic_new(BIO *bi)
{
461
    EBCDIC_OUTBUFF *wbuf;
462

R
Rich Salz 已提交
463
    wbuf = app_malloc(sizeof(*wbuf) + 1024, "ebcdic wbuf");
464 465
    wbuf->alloced = 1024;
    wbuf->buff[0] = '\0';
466

467 468 469 470
    bi->ptr = (char *)wbuf;
    bi->init = 1;
    bi->flags = 0;
    return (1);
471 472 473 474
}

static int ebcdic_free(BIO *a)
{
475 476
    if (a == NULL)
        return (0);
R
Rich Salz 已提交
477
    OPENSSL_free(a->ptr);
478 479 480 481
    a->ptr = NULL;
    a->init = 0;
    a->flags = 0;
    return (1);
482
}
483

484 485
static int ebcdic_read(BIO *b, char *out, int outl)
{
486
    int ret = 0;
487

488 489 490 491
    if (out == NULL || outl == 0)
        return (0);
    if (b->next_bio == NULL)
        return (0);
492

493 494 495 496
    ret = BIO_read(b->next_bio, out, outl);
    if (ret > 0)
        ascii2ebcdic(out, out, ret);
    return (ret);
497 498
}

B
Bodo Möller 已提交
499
static int ebcdic_write(BIO *b, const char *in, int inl)
500
{
501 502 503 504
    EBCDIC_OUTBUFF *wbuf;
    int ret = 0;
    int num;
    unsigned char n;
505

506 507 508 509
    if ((in == NULL) || (inl <= 0))
        return (0);
    if (b->next_bio == NULL)
        return (0);
510

511
    wbuf = (EBCDIC_OUTBUFF *) b->ptr;
512

513 514 515 516
    if (inl > (num = wbuf->alloced)) {
        num = num + num;        /* double the size */
        if (num < inl)
            num = inl;
R
Rich Salz 已提交
517
        wbuf = app_malloc(sizeof(*wbuf) + num, "grow ebcdic wbuf");
M
Matt Caswell 已提交
518
        OPENSSL_free(b->ptr);
519

520 521
        wbuf->alloced = num;
        wbuf->buff[0] = '\0';
522

523 524
        b->ptr = (char *)wbuf;
    }
525

526
    ebcdic2ascii(wbuf->buff, in, inl);
527

528
    ret = BIO_write(b->next_bio, wbuf->buff, inl);
529

530
    return (ret);
531 532
}

B
Bodo Möller 已提交
533
static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
534
{
535 536 537 538 539 540 541 542 543 544 545 546 547
    long ret;

    if (b->next_bio == NULL)
        return (0);
    switch (cmd) {
    case BIO_CTRL_DUP:
        ret = 0L;
        break;
    default:
        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
        break;
    }
    return (ret);
548 549 550 551
}

static int ebcdic_gets(BIO *bp, char *buf, int size)
{
552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567
    int i, ret = 0;
    if (bp->next_bio == NULL)
        return (0);
/*      return(BIO_gets(bp->next_bio,buf,size));*/
    for (i = 0; i < size - 1; ++i) {
        ret = ebcdic_read(bp, &buf[i], 1);
        if (ret <= 0)
            break;
        else if (buf[i] == '\n') {
            ++i;
            break;
        }
    }
    if (i < size)
        buf[i] = '\0';
    return (ret < 0 && i == 0) ? ret : i;
568 569
}

B
Bodo Möller 已提交
570
static int ebcdic_puts(BIO *bp, const char *str)
571
{
572 573 574
    if (bp->next_bio == NULL)
        return (0);
    return ebcdic_write(bp, str, strlen(str));
575 576 577
}
#endif

578 579 580 581
#ifndef OPENSSL_NO_TLSEXT

/* This is a context that we pass to callbacks */
typedef struct tlsextctx_st {
582 583 584
    char *servername;
    BIO *biodebug;
    int extension_error;
585 586
} tlsextctx;

R
Rich Salz 已提交
587
static int ssl_servername_cb(SSL *s, int *ad, void *arg)
588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606
{
    tlsextctx *p = (tlsextctx *) arg;
    const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
    if (servername && p->biodebug)
        BIO_printf(p->biodebug, "Hostname in TLS extension: \"%s\"\n",
                   servername);

    if (!p->servername)
        return SSL_TLSEXT_ERR_NOACK;

    if (servername) {
        if (strcasecmp(servername, p->servername))
            return p->extension_error;
        if (ctx2) {
            BIO_printf(p->biodebug, "Switching server context.\n");
            SSL_set_SSL_CTX(s, ctx2);
        }
    }
    return SSL_TLSEXT_ERR_OK;
607
}
608 609 610 611

/* Structure passed to cert status callback */

typedef struct tlsextstatusctx_st {
612 613 614 615 616
    /* Default responder to use */
    char *host, *path, *port;
    int use_ssl;
    int timeout;
    int verbose;
617 618
} tlsextstatusctx;

619
static tlsextstatusctx tlscstatp = { NULL, NULL, NULL, 0, -1, 0 };
620

621 622 623 624 625 626 627
/*
 * Certificate Status callback. This is called when a client includes a
 * certificate status request extension. This is a simplified version. It
 * examines certificates each time and makes one OCSP responder query for
 * each request. A full version would store details such as the OCSP
 * certificate IDs and minimise the number of OCSP responses by caching them
 * until they were considered "expired".
628 629 630
 */

static int cert_status_cb(SSL *s, void *arg)
631 632
{
    tlsextstatusctx *srctx = arg;
633
    char *host = NULL, *port = NULL, *path = NULL;
634 635 636 637 638 639 640 641 642 643 644 645 646
    int use_ssl;
    unsigned char *rspder = NULL;
    int rspderlen;
    STACK_OF(OPENSSL_STRING) *aia = NULL;
    X509 *x = NULL;
    X509_STORE_CTX inctx;
    X509_OBJECT obj;
    OCSP_REQUEST *req = NULL;
    OCSP_RESPONSE *resp = NULL;
    OCSP_CERTID *id = NULL;
    STACK_OF(X509_EXTENSION) *exts;
    int ret = SSL_TLSEXT_ERR_NOACK;
    int i;
647

648
    if (srctx->verbose)
649
        BIO_puts(bio_err, "cert_status: callback called\n");
650 651 652 653 654 655
    /* Build up OCSP query from server certificate */
    x = SSL_get_certificate(s);
    aia = X509_get1_ocsp(x);
    if (aia) {
        if (!OCSP_parse_url(sk_OPENSSL_STRING_value(aia, 0),
                            &host, &port, &path, &use_ssl)) {
656
            BIO_puts(bio_err, "cert_status: can't parse AIA URL\n");
657 658 659
            goto err;
        }
        if (srctx->verbose)
660
            BIO_printf(bio_err, "cert_status: AIA URL: %s\n",
661 662 663
                       sk_OPENSSL_STRING_value(aia, 0));
    } else {
        if (!srctx->host) {
664
            BIO_puts(bio_err,
665 666 667 668 669 670 671 672 673 674 675 676 677 678 679
                     "cert_status: no AIA and no default responder URL\n");
            goto done;
        }
        host = srctx->host;
        path = srctx->path;
        port = srctx->port;
        use_ssl = srctx->use_ssl;
    }

    if (!X509_STORE_CTX_init(&inctx,
                             SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)),
                             NULL, NULL))
        goto err;
    if (X509_STORE_get_by_subject(&inctx, X509_LU_X509,
                                  X509_get_issuer_name(x), &obj) <= 0) {
680
        BIO_puts(bio_err, "cert_status: Can't retrieve issuer certificate.\n");
681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701
        X509_STORE_CTX_cleanup(&inctx);
        goto done;
    }
    req = OCSP_REQUEST_new();
    if (!req)
        goto err;
    id = OCSP_cert_to_id(NULL, x, obj.data.x509);
    X509_free(obj.data.x509);
    X509_STORE_CTX_cleanup(&inctx);
    if (!id)
        goto err;
    if (!OCSP_request_add0_id(req, id))
        goto err;
    id = NULL;
    /* Add any extensions to the request */
    SSL_get_tlsext_status_exts(s, &exts);
    for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
        X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
        if (!OCSP_REQUEST_add_ext(req, ext, -1))
            goto err;
    }
702
    resp = process_responder(req, host, path, port, use_ssl, NULL,
703 704
                             srctx->timeout);
    if (!resp) {
705
        BIO_puts(bio_err, "cert_status: error querying responder\n");
706 707 708 709 710 711 712
        goto done;
    }
    rspderlen = i2d_OCSP_RESPONSE(resp, &rspder);
    if (rspderlen <= 0)
        goto err;
    SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen);
    if (srctx->verbose) {
713 714
        BIO_puts(bio_err, "cert_status: ocsp response sent:\n");
        OCSP_RESPONSE_print(bio_err, resp, 2);
715 716 717 718
    }
    ret = SSL_TLSEXT_ERR_OK;
 done:
    if (ret != SSL_TLSEXT_ERR_OK)
719
        ERR_print_errors(bio_err);
720 721 722 723 724 725
    if (aia) {
        OPENSSL_free(host);
        OPENSSL_free(path);
        OPENSSL_free(port);
        X509_email_free(aia);
    }
R
Rich Salz 已提交
726 727 728
    OCSP_CERTID_free(id);
    OCSP_REQUEST_free(req);
    OCSP_RESPONSE_free(resp);
729 730 731 732 733
    return ret;
 err:
    ret = SSL_TLSEXT_ERR_ALERT_FATAL;
    goto done;
}
B
Ben Laurie 已提交
734

B
Ben Laurie 已提交
735
# ifndef OPENSSL_NO_NEXTPROTONEG
B
Ben Laurie 已提交
736 737
/* This is the context that we pass to next_proto_cb */
typedef struct tlsextnextprotoctx_st {
738 739
    unsigned char *data;
    unsigned int len;
B
Ben Laurie 已提交
740 741
} tlsextnextprotoctx;

742 743 744 745
static int next_proto_cb(SSL *s, const unsigned char **data,
                         unsigned int *len, void *arg)
{
    tlsextnextprotoctx *next_proto = arg;
B
Ben Laurie 已提交
746

747 748
    *data = next_proto->data;
    *len = next_proto->len;
B
Ben Laurie 已提交
749

750 751 752
    return SSL_TLSEXT_ERR_OK;
}
# endif                         /* ndef OPENSSL_NO_NEXTPROTONEG */
A
Adam Langley 已提交
753 754 755

/* This the context that we pass to alpn_cb */
typedef struct tlsextalpnctx_st {
756 757
    unsigned char *data;
    unsigned short len;
A
Adam Langley 已提交
758 759
} tlsextalpnctx;

760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792
static int alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen,
                   const unsigned char *in, unsigned int inlen, void *arg)
{
    tlsextalpnctx *alpn_ctx = arg;

    if (!s_quiet) {
        /* We can assume that |in| is syntactically valid. */
        unsigned i;
        BIO_printf(bio_s_out, "ALPN protocols advertised by the client: ");
        for (i = 0; i < inlen;) {
            if (i)
                BIO_write(bio_s_out, ", ", 2);
            BIO_write(bio_s_out, &in[i + 1], in[i]);
            i += in[i] + 1;
        }
        BIO_write(bio_s_out, "\n", 1);
    }

    if (SSL_select_next_proto
        ((unsigned char **)out, outlen, alpn_ctx->data, alpn_ctx->len, in,
         inlen) != OPENSSL_NPN_NEGOTIATED) {
        return SSL_TLSEXT_ERR_NOACK;
    }

    if (!s_quiet) {
        BIO_printf(bio_s_out, "ALPN protocols selected: ");
        BIO_write(bio_s_out, *out, *outlen);
        BIO_write(bio_s_out, "\n", 1);
    }

    return SSL_TLSEXT_ERR_OK;
}
#endif                          /* ndef OPENSSL_NO_TLSEXT */
793

794
static int not_resumable_sess_cb(SSL *s, int is_forward_secure)
795 796 797 798
{
    /* disable resumption for sessions with forward secure ciphers */
    return is_forward_secure;
}
799

B
Ben Laurie 已提交
800
static char *jpake_secret = NULL;
D
Dr. Stephen Henson 已提交
801
#ifndef OPENSSL_NO_SRP
802
static srpsrvparm srp_callback_parm;
D
Dr. Stephen Henson 已提交
803
#endif
P
Piotr Sikora 已提交
804
#ifndef OPENSSL_NO_SRTP
B
Ben Laurie 已提交
805
static char *srtp_profiles = NULL;
P
Piotr Sikora 已提交
806
#endif
B
Ben Laurie 已提交
807

808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834
typedef enum OPTION_choice {
    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
    OPT_ENGINE, OPT_PORT, OPT_UNIX, OPT_UNLINK, OPT_NACCEPT,
    OPT_VERIFY, OPT_UPPER_V_VERIFY, OPT_CONTEXT, OPT_CERT, OPT_CRL,
    OPT_CRL_DOWNLOAD, OPT_SERVERINFO, OPT_CERTFORM, OPT_KEY, OPT_KEYFORM,
    OPT_PASS, OPT_CERT_CHAIN, OPT_DHPARAM, OPT_DCERTFORM, OPT_DCERT,
    OPT_DKEYFORM, OPT_DPASS, OPT_DKEY, OPT_DCERT_CHAIN, OPT_NOCERT,
    OPT_CAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH, OPT_NO_CACHE,
    OPT_EXT_CACHE, OPT_CRLFORM, OPT_VERIFY_RET_ERROR, OPT_VERIFY_QUIET,
    OPT_BUILD_CHAIN, OPT_CAFILE, OPT_CHAINCAFILE, OPT_VERIFYCAFILE,
    OPT_NBIO, OPT_NBIO_TEST, OPT_IGN_EOF, OPT_NO_IGN_EOF, OPT_DEBUG,
    OPT_TLSEXTDEBUG, OPT_STATUS, OPT_STATUS_VERBOSE, OPT_STATUS_TIMEOUT,
    OPT_STATUS_URL, OPT_MSG, OPT_MSGFILE, OPT_TRACE, OPT_SECURITY_DEBUG,
    OPT_SECURITY_DEBUG_VERBOSE, OPT_STATE, OPT_CRLF, OPT_QUIET,
    OPT_BRIEF, OPT_NO_TMP_RSA, OPT_NO_DHE, OPT_NO_ECDHE,
    OPT_NO_RESUME_EPHEMERAL, OPT_PSK_HINT, OPT_PSK, OPT_SRPVFILE,
    OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP,
#ifndef OPENSSL_NO_SSL3
    OPT_SSL3,
#endif
    OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
    OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_CHAIN,
    OPT_ID_PREFIX, OPT_RAND, OPT_SERVERNAME, OPT_SERVERNAME_FATAL,
    OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN, OPT_JPAKE,
    OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
    OPT_S_ENUM,
    OPT_V_ENUM,
M
Matt Caswell 已提交
835
    OPT_X_ENUM
836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985
} OPTION_CHOICE;

OPTIONS s_server_options[] = {
    {"help", OPT_HELP, '-', "Display this summary"},

    {"port", OPT_PORT, 'p'},
    {"accept", OPT_PORT, 'p',
     "TCP/IP port to accept on (default is " PORT_STR ")"},
    {"unix", OPT_UNIX, 's', "Unix domain socket to accept on"},
    {"unlink", OPT_UNLINK, '-', "For -unix, unlink existing socket first"},
    {"context", OPT_CONTEXT, 's', "Set session ID context"},
    {"verify", OPT_VERIFY, 'n', "Turn on peer certificate verification"},
    {"Verify", OPT_UPPER_V_VERIFY, 'n',
     "Turn on peer certificate verification, must have a cert"},
    {"cert", OPT_CERT, '<', "Certificate file to use; default is " TEST_CERT},
    {"naccept", OPT_NACCEPT, 'p', "Terminate after pnum connections"},
#ifndef OPENSSL_NO_TLSEXT
    {"serverinfo", OPT_SERVERINFO, 's',
     "PEM serverinfo file for certificate"},
#endif
    {"certform", OPT_CERTFORM, 'F',
     "Certificate format (PEM or DER) PEM default"},
    {"key", OPT_KEY, '<',
     "Private Key if not in -cert; default is " TEST_CERT},
    {"keyform", OPT_KEYFORM, 'f',
     "Key format (PEM, DER or ENGINE) PEM default"},
    {"pass", OPT_PASS, 's', "Private key file pass phrase source"},
    {"dcert", OPT_DCERT, '<',
     "Second certificate file to use (usually for DSA)"},
    {"dcertform", OPT_DCERTFORM, 'F',
     "Second certificate format (PEM or DER) PEM default"},
    {"dkey", OPT_DKEY, '<',
     "Second private key file to use (usually for DSA)"},
    {"dkeyform", OPT_DKEYFORM, 'F',
     "Second key format (PEM, DER or ENGINE) PEM default"},
    {"dpass", OPT_DPASS, 's', "Second private key file pass phrase source"},
#ifdef FIONBIO
    {"nbio", OPT_NBIO, '-', "Use non-blocking IO"},
#endif
    {"nbio_test", OPT_NBIO_TEST, '-', "Test with the non-blocking test bio"},
    {"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"},
    {"debug", OPT_DEBUG, '-', "Print more output"},
    {"msg", OPT_MSG, '-', "Show protocol messages"},
    {"msgfile", OPT_MSGFILE, '>'},
    {"state", OPT_STATE, '-', "Print the SSL states"},
    {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"},
    {"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"},
    {"nocert", OPT_NOCERT, '-', "Don't use any certificates (Anon-DH)"},
    {"quiet", OPT_QUIET, '-', "No server output"},
    {"no_tmp_rsa", OPT_NO_TMP_RSA, '-', "Do not generate a tmp RSA key"},
#ifndef OPENSSL_NO_PSK
    {"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"},
    {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
# ifndef OPENSSL_NO_JPAKE
    {"jpake", OPT_JPAKE, 's', "JPAKE secret to use"},
# endif
#endif
#ifndef OPENSSL_NO_SRP
    {"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"},
    {"srpuserseed", OPT_SRPUSERSEED, 's',
     "A seed string for a default user salt"},
#endif
#ifndef OPENSSL_NO_SSL3
    {"ssl3", OPT_SSL3, '-', "Just talk SSLv3"},
#endif
    {"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"},
    {"tls1_1", OPT_TLS1_1, '-', "Just talk TLSv1.1"},
    {"tls1", OPT_TLS1, '-', "Just talk TLSv1"},
#ifndef OPENSSL_NO_DTLS1
    {"dtls", OPT_DTLS, '-'},
    {"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"},
    {"dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2"},
    {"timeout", OPT_TIMEOUT, '-', "Enable timeouts"},
    {"mtu", OPT_MTU, 'p', "Set link layer MTU"},
    {"chain", OPT_CHAIN, '-', "Read a certificate chain"},
#endif
#ifndef OPENSSL_NO_DH
    {"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"},
#endif
#ifndef OPENSSL_NO_EC
    {"no_ecdhe", OPT_NO_ECDHE, '-', "Disable ephemeral ECDH"},
#endif
    {"no_resume_ephemeral", OPT_NO_RESUME_EPHEMERAL, '-',
     "Disable caching and tickets if ephemeral (EC)DH is used"},
    {"www", OPT_WWW, '-', "Respond to a 'GET /' with a status page"},
    {"WWW", OPT_UPPER_WWW, '-', "Respond to a 'GET with the file ./path"},
    {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path incluedes HTTP headers"},
    {"id_prefix", OPT_ID_PREFIX, 's',
     "Generate SSL/TLS session IDs prefixed by arg"},
    {"rand", OPT_RAND, 's',
     "Load the file(s) into the random number generator"},
#ifndef OPENSSL_NO_TLSEXT
    {"servername", OPT_SERVERNAME, 's',
     "Servername for HostName TLS extension"},
    {"servername_fatal", OPT_SERVERNAME_FATAL, '-',
     "mismatch send fatal alert (default warning alert)"},
    {"cert2", OPT_CERT2, '<',
     "Certificate file to use for servername; default is" TEST_CERT2},
    {"key2", OPT_KEY2, '<',
     "-Private Key file to use for servername if not in -cert2"},
    {"tlsextdebug", OPT_TLSEXTDEBUG, '-',
     "Hex dump of all TLS extensions received"},
# ifndef OPENSSL_NO_NEXTPROTONEG
    {"nextprotoneg", OPT_NEXTPROTONEG, 's',
     "Set the advertised protocols for the NPN extension (comma-separated list)"},
# endif
    {"use_srtp", OPT_SRTP_PROFILES, '<',
     "Offer SRTP key management with a colon-separated profile list"},
    {"alpn", OPT_ALPN, 's',
     "Set the advertised protocols for the ALPN extension (comma-separated list)"},
#endif
    {"keymatexport", OPT_KEYMATEXPORT, 's',
     "Export keying material using label"},
    {"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
     "Export len bytes of keying material (default 20)"},
    {"CRL", OPT_CRL, '<'},
    {"crl_download", OPT_CRL_DOWNLOAD, '-'},
    {"cert_chain", OPT_CERT_CHAIN, '<'},
    {"dcert_chain", OPT_DCERT_CHAIN, '<'},
    {"chainCApath", OPT_CHAINCAPATH, '/'},
    {"verifyCApath", OPT_VERIFYCAPATH, '/'},
    {"no_cache", OPT_NO_CACHE, '-'},
    {"ext_cache", OPT_EXT_CACHE, '-'},
    {"CRLform", OPT_CRLFORM, 'F'},
    {"verify_return_error", OPT_VERIFY_RET_ERROR, '-'},
    {"verify_quiet", OPT_VERIFY_QUIET, '-'},
    {"build_chain", OPT_BUILD_CHAIN, '-'},
    {"chainCAfile", OPT_CHAINCAFILE, '<'},
    {"verifyCAfile", OPT_VERIFYCAFILE, '<'},
    {"ign_eof", OPT_IGN_EOF, '-'},
    {"no_ign_eof", OPT_NO_IGN_EOF, '-'},
    {"status", OPT_STATUS, '-'},
    {"status_verbose", OPT_STATUS_VERBOSE, '-'},
    {"status_timeout", OPT_STATUS_TIMEOUT, 'n'},
    {"status_url", OPT_STATUS_URL, 's'},
    {"trace", OPT_TRACE, '-'},
    {"security_debug", OPT_SECURITY_DEBUG, '-'},
    {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-'},
    {"brief", OPT_BRIEF, '-'},
    {"rev", OPT_REV, '-'},
#ifndef OPENSSL_NO_ENGINE
    {"engine", OPT_ENGINE, 's'},
#endif
    OPT_S_OPTIONS,
    OPT_V_OPTIONS,
    OPT_X_OPTIONS,
    {NULL}
};

int s_server_main(int argc, char *argv[])
986
{
987 988 989 990 991 992 993 994 995
    ENGINE *e = NULL;
    EVP_PKEY *s_key = NULL, *s_dkey = NULL;
    SSL_CONF_CTX *cctx = NULL;
    const SSL_METHOD *meth = SSLv23_server_method();
    SSL_EXCERT *exc = NULL;
    STACK_OF(OPENSSL_STRING) *ssl_args = NULL;
    STACK_OF(X509) *s_chain = NULL, *s_dchain = NULL;
    STACK_OF(X509_CRL) *crls = NULL;
    X509 *s_cert = NULL, *s_dcert = NULL;
996
    X509_VERIFY_PARAM *vpm = NULL;
997 998 999 1000
    char *CApath = NULL, *CAfile = NULL, *chCApath = NULL, *chCAfile = NULL;
    char *dhfile = NULL, *dpassarg = NULL, *dpass = NULL, *inrand = NULL;
    char *passarg = NULL, *pass = NULL, *vfyCApath = NULL, *vfyCAfile = NULL;
    char *crl_file = NULL, *prog, *p;
1001
    const char *unix_path = NULL;
D
Dr. Stephen Henson 已提交
1002
#ifndef NO_SYS_UN_H
1003 1004 1005 1006
    int unlink_unix_path = 0;
#endif
    int (*server_cb) (char *hostname, int s, int stype,
                      unsigned char *context);
1007 1008
    int vpmtouched = 0, build_chain = 0, no_cache = 0, ext_cache = 0;
    int no_tmp_rsa = 0, no_dhe = 0, no_ecdhe = 0, nocert = 0, ret = 1;
1009 1010
    int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
    int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
1011 1012 1013 1014 1015
    int rev = 0, naccept = -1, sdebug = 0, socket_type = SOCK_STREAM;
    int state = 0, crl_format = FORMAT_PEM, crl_download = 0;
    unsigned short port = PORT;
    unsigned char *context = NULL;
    OPTION_CHOICE o;
1016
#ifndef OPENSSL_NO_TLSEXT
1017 1018 1019
    EVP_PKEY *s_key2 = NULL;
    X509 *s_cert2 = NULL;
    tlsextctx tlsextcbp = { NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING };
B
Ben Laurie 已提交
1020
# ifndef OPENSSL_NO_NEXTPROTONEG
1021 1022
    const char *next_proto_neg_in = NULL;
    tlsextnextprotoctx next_proto = { NULL, 0 };
1023
# endif
1024 1025
    const char *alpn_in = NULL;
    tlsextalpnctx alpn_ctx = { NULL, 0 };
1026
#endif
1027
#ifndef OPENSSL_NO_PSK
1028 1029
    /* by default do not send a PSK identity hint */
    static char *psk_identity_hint = NULL;
1030
#endif
B
Ben Laurie 已提交
1031
#ifndef OPENSSL_NO_SRP
1032 1033
    char *srpuserseed = NULL;
    char *srp_verifier_file = NULL;
B
Ben Laurie 已提交
1034
#endif
1035

1036 1037
    local_argc = argc;
    local_argv = argv;
1038

1039 1040
    s_server_init();
    cctx = SSL_CONF_CTX_new();
1041 1042
    vpm = X509_VERIFY_PARAM_new();
    if (cctx == NULL || vpm == NULL)
1043
        goto end;
1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057
    SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CMDLINE);

    prog = opt_init(argc, argv, s_server_options);
    while ((o = opt_next()) != OPT_EOF) {
        switch (o) {
        case OPT_EOF:
        case OPT_ERR:
 opthelp:
            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
            goto end;
        case OPT_HELP:
            opt_help(s_server_options);
            ret = 0;
            goto end;
1058

1059 1060 1061 1062 1063
        case OPT_PORT:
            if (!extract_port(opt_arg(), &port))
                goto end;
            break;
        case OPT_UNIX:
1064
#ifdef NO_SYS_UN_H
1065
            BIO_printf(bio_err, "unix domain sockets unsupported\n");
1066
            goto end;
1067
#else
1068
            unix_path = opt_arg();
1069
#endif
1070 1071
            break;
        case OPT_UNLINK:
1072
#ifdef NO_SYS_UN_H
1073
            BIO_printf(bio_err, "unix domain sockets unsupported\n");
1074
            goto end;
1075
#else
1076 1077
            unlink_unix_path = 1;
#endif
1078 1079 1080 1081 1082
            break;
        case OPT_NACCEPT:
            naccept = atol(opt_arg());
            break;
        case OPT_VERIFY:
1083
            s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
1084
            verify_depth = atoi(opt_arg());
1085 1086
            if (!s_quiet)
                BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
1087 1088
            break;
        case OPT_UPPER_V_VERIFY:
1089 1090 1091
            s_server_verify =
                SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
                SSL_VERIFY_CLIENT_ONCE;
1092
            verify_depth = atoi(opt_arg());
1093 1094 1095 1096
            if (!s_quiet)
                BIO_printf(bio_err,
                           "verify depth is %d, must return a certificate\n",
                           verify_depth);
1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107
            break;
        case OPT_CONTEXT:
            context = (unsigned char *)opt_arg();
            break;
        case OPT_CERT:
            s_cert_file = opt_arg();
            break;
        case OPT_CRL:
            crl_file = opt_arg();
            break;
        case OPT_CRL_DOWNLOAD:
1108
            crl_download = 1;
1109
            break;
B
Ben Laurie 已提交
1110
#ifndef OPENSSL_NO_TLSEXT
1111 1112 1113
        case OPT_SERVERINFO:
            s_serverinfo_file = opt_arg();
            break;
1114
#endif
1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155
        case OPT_CERTFORM:
            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &s_cert_format))
                goto opthelp;
            break;
        case OPT_KEY:
            s_key_file = opt_arg();
            break;
        case OPT_KEYFORM:
            if (!opt_format(opt_arg(), OPT_FMT_ANY, &s_key_format))
                goto opthelp;
            break;
        case OPT_PASS:
            passarg = opt_arg();
            break;
        case OPT_CERT_CHAIN:
            s_chain_file = opt_arg();
            break;
        case OPT_DHPARAM:
            dhfile = opt_arg();
            break;
        case OPT_DCERTFORM:
            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &s_dcert_format))
                goto opthelp;
            break;
        case OPT_DCERT:
            s_dcert_file = opt_arg();
            break;
        case OPT_DKEYFORM:
            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &s_dkey_format))
                goto opthelp;
            break;
        case OPT_DPASS:
            dpassarg = opt_arg();
            break;
        case OPT_DKEY:
            s_dkey_file = opt_arg();
            break;
        case OPT_DCERT_CHAIN:
            s_dchain_file = opt_arg();
            break;
        case OPT_NOCERT:
1156
            nocert = 1;
1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167
            break;
        case OPT_CAPATH:
            CApath = opt_arg();
            break;
        case OPT_CHAINCAPATH:
            chCApath = opt_arg();
            break;
        case OPT_VERIFYCAPATH:
            vfyCApath = opt_arg();
            break;
        case OPT_NO_CACHE:
1168
            no_cache = 1;
1169 1170
            break;
        case OPT_EXT_CACHE:
1171
            ext_cache = 1;
1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196
            break;
        case OPT_CRLFORM:
            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &crl_format))
                goto opthelp;
            break;
        case OPT_S_CASES:
            if (ssl_args == NULL)
                ssl_args = sk_OPENSSL_STRING_new_null();
            if (ssl_args == NULL
                || !sk_OPENSSL_STRING_push(ssl_args, opt_flag())
                || !sk_OPENSSL_STRING_push(ssl_args, opt_arg())) {
                BIO_printf(bio_err, "%s: Memory allocation failure\n", prog);
                goto end;
            }
            break;
        case OPT_V_CASES:
            if (!opt_verify(o, vpm))
                goto end;
            vpmtouched++;
            break;
        case OPT_X_CASES:
            if (!args_excert(o, &exc))
                goto end;
            break;
        case OPT_VERIFY_RET_ERROR:
1197
            verify_return_error = 1;
1198 1199
            break;
        case OPT_VERIFY_QUIET:
1200
            verify_quiet = 1;
1201 1202
            break;
        case OPT_BUILD_CHAIN:
1203
            build_chain = 1;
1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214
            break;
        case OPT_CAFILE:
            CAfile = opt_arg();
            break;
        case OPT_CHAINCAFILE:
            chCAfile = opt_arg();
            break;
        case OPT_VERIFYCAFILE:
            vfyCAfile = opt_arg();
            break;
        case OPT_NBIO:
1215
            s_nbio = 1;
1216 1217 1218 1219 1220
            break;
        case OPT_NBIO_TEST:
            s_nbio = s_nbio_test = 1;
            break;
        case OPT_IGN_EOF:
1221
            s_ign_eof = 1;
1222 1223
            break;
        case OPT_NO_IGN_EOF:
1224
            s_ign_eof = 0;
1225 1226
            break;
        case OPT_DEBUG:
1227
            s_debug = 1;
1228
            break;
1229
#ifndef OPENSSL_NO_TLSEXT
1230
        case OPT_TLSEXTDEBUG:
1231
            s_tlsextdebug = 1;
1232 1233
            break;
        case OPT_STATUS:
1234
            s_tlsextstatus = 1;
1235 1236 1237 1238 1239
            break;
        case OPT_STATUS_VERBOSE:
            s_tlsextstatus = tlscstatp.verbose = 1;
            break;
        case OPT_STATUS_TIMEOUT:
1240
            s_tlsextstatus = 1;
1241 1242 1243
            tlscstatp.timeout = atoi(opt_arg());
            break;
        case OPT_STATUS_URL:
1244
            s_tlsextstatus = 1;
1245
            if (!OCSP_parse_url(opt_arg(),
1246 1247 1248 1249
                                &tlscstatp.host,
                                &tlscstatp.port,
                                &tlscstatp.path, &tlscstatp.use_ssl)) {
                BIO_printf(bio_err, "Error parsing URL\n");
1250
                goto end;
1251
            }
1252
            break;
1253
#endif
1254
        case OPT_MSG:
1255
            s_msg = 1;
1256 1257 1258 1259
            break;
        case OPT_MSGFILE:
            bio_s_msg = BIO_new_file(opt_arg(), "w");
            break;
1260
#ifndef OPENSSL_NO_SSL_TRACE
1261
        case OPT_TRACE:
1262
            s_msg = 2;
1263 1264 1265 1266
            break;
#else
        case OPT_TRACE:
            goto opthelp;
1267
#endif
1268
        case OPT_SECURITY_DEBUG:
1269
            sdebug = 1;
1270 1271
            break;
        case OPT_SECURITY_DEBUG_VERBOSE:
1272
            sdebug = 2;
1273 1274
            break;
        case OPT_STATE:
1275
            state = 1;
1276 1277
            break;
        case OPT_CRLF:
1278
            s_crlf = 1;
1279 1280
            break;
        case OPT_QUIET:
1281
            s_quiet = 1;
1282 1283 1284 1285 1286
            break;
        case OPT_BRIEF:
            s_quiet = s_brief = verify_quiet = 1;
            break;
        case OPT_NO_TMP_RSA:
1287
            no_tmp_rsa = 1;
1288 1289
            break;
        case OPT_NO_DHE:
1290
            no_dhe = 1;
1291 1292
            break;
        case OPT_NO_ECDHE:
1293
            no_ecdhe = 1;
1294 1295
            break;
        case OPT_NO_RESUME_EPHEMERAL:
1296
            no_resume_ephemeral = 1;
1297
            break;
1298
#ifndef OPENSSL_NO_PSK
1299 1300 1301 1302 1303 1304
        case OPT_PSK_HINT:
            psk_identity_hint = opt_arg();
            break;
        case OPT_PSK:
            for (p = psk_key = opt_arg(); *p; p++) {
                if (isxdigit(*p))
1305 1306
                    continue;
                BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
1307
                goto end;
1308
            }
1309
            break;
B
Ben Laurie 已提交
1310 1311
#endif
#ifndef OPENSSL_NO_SRP
1312 1313
        case OPT_SRPVFILE:
            srp_verifier_file = opt_arg();
1314
            meth = TLSv1_server_method();
1315 1316 1317
            break;
        case OPT_SRPUSERSEED:
            srpuserseed = opt_arg();
1318
            meth = TLSv1_server_method();
1319
            break;
1320
#endif
1321
        case OPT_REV:
1322
            rev = 1;
1323 1324
            break;
        case OPT_WWW:
1325
            www = 1;
1326 1327
            break;
        case OPT_UPPER_WWW:
1328
            www = 2;
1329 1330
            break;
        case OPT_HTTP:
1331
            www = 3;
1332 1333 1334
            break;
#ifndef OPENSSL_NO_SSL3
        case OPT_SSL3:
1335
            meth = SSLv3_server_method();
1336
            break;
1337
#endif
1338
        case OPT_TLS1_2:
1339
            meth = TLSv1_2_server_method();
1340 1341
            break;
        case OPT_TLS1_1:
1342
            meth = TLSv1_1_server_method();
1343 1344
            break;
        case OPT_TLS1:
1345
            meth = TLSv1_server_method();
1346
            break;
B
Ben Laurie 已提交
1347
#ifndef OPENSSL_NO_DTLS1
1348
        case OPT_DTLS:
1349
            meth = DTLS_server_method();
1350
            socket_type = SOCK_DGRAM;
1351 1352
            break;
        case OPT_DTLS1:
1353
            meth = DTLSv1_server_method();
1354
            socket_type = SOCK_DGRAM;
1355 1356
            break;
        case OPT_DTLS1_2:
1357
            meth = DTLSv1_2_server_method();
1358
            socket_type = SOCK_DGRAM;
1359 1360
            break;
        case OPT_TIMEOUT:
1361
            enable_timeouts = 1;
1362 1363 1364 1365 1366
            break;
        case OPT_MTU:
            socket_mtu = atol(opt_arg());
            break;
        case OPT_CHAIN:
1367
            cert_chain = 1;
1368
            break;
1369
#endif
1370 1371 1372 1373
        case OPT_ID_PREFIX:
            session_id_prefix = opt_arg();
            break;
        case OPT_ENGINE:
R
Rich Salz 已提交
1374
            e = setup_engine(opt_arg(), 1);
1375 1376 1377 1378
            break;
        case OPT_RAND:
            inrand = opt_arg();
            break;
1379
#ifndef OPENSSL_NO_TLSEXT
1380 1381 1382 1383
        case OPT_SERVERNAME:
            tlsextcbp.servername = opt_arg();
            break;
        case OPT_SERVERNAME_FATAL:
1384
            tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_FATAL;
1385 1386 1387 1388 1389 1390 1391
            break;
        case OPT_CERT2:
            s_cert_file2 = opt_arg();
            break;
        case OPT_KEY2:
            s_key_file2 = opt_arg();
            break;
B
Ben Laurie 已提交
1392
# ifndef OPENSSL_NO_NEXTPROTONEG
1393 1394 1395
        case OPT_NEXTPROTONEG:
            next_proto_neg_in = opt_arg();
            break;
1396
# endif
1397 1398 1399
        case OPT_ALPN:
            alpn_in = opt_arg();
            break;
1400
#endif
D
Dr. Stephen Henson 已提交
1401
#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
1402 1403 1404 1405 1406 1407
        case OPT_JPAKE:
            jpake_secret = opt_arg();
            break;
#else
        case OPT_JPAKE:
            goto opthelp;
1408
#endif
1409 1410 1411 1412 1413 1414 1415 1416
        case OPT_SRTP_PROFILES:
            srtp_profiles = opt_arg();
            break;
        case OPT_KEYMATEXPORT:
            keymatexportlabel = opt_arg();
            break;
        case OPT_KEYMATEXPORTLEN:
            keymatexportlen = atoi(opt_arg());
1417 1418 1419
            break;
        }
    }
1420 1421 1422
    argc = opt_num_rest();
    argv = opt_rest();

1423
#ifndef OPENSSL_NO_DTLS1
1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434
    if (www && socket_type == SOCK_DGRAM) {
        BIO_printf(bio_err, "Can't use -HTTP, -www or -WWW with DTLS\n");
        goto end;
    }
#endif

    if (unix_path && (socket_type != SOCK_STREAM)) {
        BIO_printf(bio_err,
                   "Can't use unix sockets and datagrams together\n");
        goto end;
    }
D
Dr. Stephen Henson 已提交
1435
#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
1436 1437 1438 1439 1440 1441 1442
    if (jpake_secret) {
        if (psk_key) {
            BIO_printf(bio_err, "Can't use JPAKE and PSK together\n");
            goto end;
        }
        psk_identity = "JPAKE";
    }
1443
#endif
1444

1445
    if (!app_passwd(passarg, dpassarg, &pass, &dpass)) {
1446 1447 1448
        BIO_printf(bio_err, "Error getting password\n");
        goto end;
    }
D
PR: 910  
Dr. Stephen Henson 已提交
1449

1450 1451
    if (s_key_file == NULL)
        s_key_file = s_cert_file;
1452
#ifndef OPENSSL_NO_TLSEXT
1453 1454 1455
    if (s_key_file2 == NULL)
        s_key_file2 = s_cert_file2;
#endif
1456

1457
    if (!load_excert(&exc))
1458 1459 1460
        goto end;

    if (nocert == 0) {
1461
        s_key = load_key(s_key_file, s_key_format, 0, pass, e,
1462 1463 1464 1465 1466
                         "server certificate private key file");
        if (!s_key) {
            ERR_print_errors(bio_err);
            goto end;
        }
D
PR: 910  
Dr. Stephen Henson 已提交
1467

1468
        s_cert = load_cert(s_cert_file, s_cert_format,
1469 1470 1471 1472 1473 1474 1475
                           NULL, e, "server certificate file");

        if (!s_cert) {
            ERR_print_errors(bio_err);
            goto end;
        }
        if (s_chain_file) {
1476
            s_chain = load_certs(s_chain_file, FORMAT_PEM,
1477 1478 1479 1480 1481 1482
                                 NULL, e, "server certificate chain");
            if (!s_chain)
                goto end;
        }
#ifndef OPENSSL_NO_TLSEXT
        if (tlsextcbp.servername) {
1483
            s_key2 = load_key(s_key_file2, s_key_format, 0, pass, e,
1484 1485 1486 1487 1488 1489
                              "second server certificate private key file");
            if (!s_key2) {
                ERR_print_errors(bio_err);
                goto end;
            }

1490
            s_cert2 = load_cert(s_cert_file2, s_cert_format,
1491 1492 1493 1494 1495 1496 1497 1498 1499
                                NULL, e, "second server certificate file");

            if (!s_cert2) {
                ERR_print_errors(bio_err);
                goto end;
            }
        }
#endif                          /* OPENSSL_NO_TLSEXT */
    }
A
Adam Langley 已提交
1500
#if !defined(OPENSSL_NO_TLSEXT)
1501 1502 1503 1504 1505 1506 1507 1508 1509 1510
# if !defined(OPENSSL_NO_NEXTPROTONEG)
    if (next_proto_neg_in) {
        unsigned short len;
        next_proto.data = next_protos_parse(&len, next_proto_neg_in);
        if (next_proto.data == NULL)
            goto end;
        next_proto.len = len;
    } else {
        next_proto.data = NULL;
    }
A
Adam Langley 已提交
1511
# endif
1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539
    alpn_ctx.data = NULL;
    if (alpn_in) {
        unsigned short len;
        alpn_ctx.data = next_protos_parse(&len, alpn_in);
        if (alpn_ctx.data == NULL)
            goto end;
        alpn_ctx.len = len;
    }
#endif

    if (crl_file) {
        X509_CRL *crl;
        crl = load_crl(crl_file, crl_format);
        if (!crl) {
            BIO_puts(bio_err, "Error loading CRL\n");
            ERR_print_errors(bio_err);
            goto end;
        }
        crls = sk_X509_CRL_new_null();
        if (!crls || !sk_X509_CRL_push(crls, crl)) {
            BIO_puts(bio_err, "Error adding CRL\n");
            ERR_print_errors(bio_err);
            X509_CRL_free(crl);
            goto end;
        }
    }

    if (s_dcert_file) {
1540

1541 1542 1543
        if (s_dkey_file == NULL)
            s_dkey_file = s_dcert_file;

1544
        s_dkey = load_key(s_dkey_file, s_dkey_format,
1545 1546 1547 1548 1549 1550
                          0, dpass, e, "second certificate private key file");
        if (!s_dkey) {
            ERR_print_errors(bio_err);
            goto end;
        }

1551
        s_dcert = load_cert(s_dcert_file, s_dcert_format,
1552 1553 1554 1555 1556 1557 1558
                            NULL, e, "second server certificate file");

        if (!s_dcert) {
            ERR_print_errors(bio_err);
            goto end;
        }
        if (s_dchain_file) {
1559
            s_dchain = load_certs(s_dchain_file, FORMAT_PEM,
1560 1561 1562 1563 1564 1565 1566
                                  NULL, e, "second server certificate chain");
            if (!s_dchain)
                goto end;
        }

    }

1567
    if (!app_RAND_load_file(NULL, 1) && inrand == NULL
1568 1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579
        && !RAND_status()) {
        BIO_printf(bio_err,
                   "warning, not much extra random data, consider using the -rand option\n");
    }
    if (inrand != NULL)
        BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
                   app_RAND_load_files(inrand));

    if (bio_s_out == NULL) {
        if (s_quiet && !s_debug) {
            bio_s_out = BIO_new(BIO_s_null());
            if (s_msg && !bio_s_msg)
1580
                bio_s_msg = dup_bio_out();
1581 1582
        } else {
            if (bio_s_out == NULL)
1583
                bio_s_out = dup_bio_out();
1584 1585
        }
    }
1586
#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
1587
    if (nocert)
1588
#endif
1589 1590 1591 1592 1593
    {
        s_cert_file = NULL;
        s_key_file = NULL;
        s_dcert_file = NULL;
        s_dkey_file = NULL;
1594
#ifndef OPENSSL_NO_TLSEXT
1595 1596 1597 1598 1599 1600 1601
        s_cert_file2 = NULL;
        s_key_file2 = NULL;
#endif
    }

    ctx = SSL_CTX_new(meth);
    if (sdebug)
R
Rich Salz 已提交
1602
        ssl_ctx_security_debug(ctx, sdebug);
1603 1604 1605 1606 1607 1608 1609 1610 1611 1612 1613 1614 1615 1616 1617 1618 1619 1620 1621 1622 1623 1624 1625 1626 1627 1628 1629
    if (ctx == NULL) {
        ERR_print_errors(bio_err);
        goto end;
    }
    if (session_id_prefix) {
        if (strlen(session_id_prefix) >= 32)
            BIO_printf(bio_err,
                       "warning: id_prefix is too long, only one new session will be possible\n");
        if (!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) {
            BIO_printf(bio_err, "error setting 'id_prefix'\n");
            ERR_print_errors(bio_err);
            goto end;
        }
        BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
    }
    SSL_CTX_set_quiet_shutdown(ctx, 1);
    if (exc)
        ssl_ctx_set_excert(ctx, exc);

    if (state)
        SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
    if (no_cache)
        SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
    else if (ext_cache)
        init_session_cache_ctx(ctx);
    else
        SSL_CTX_sess_set_cache_size(ctx, 128);
1630

P
Piotr Sikora 已提交
1631
#ifndef OPENSSL_NO_SRTP
M
Matt Caswell 已提交
1632
    if (srtp_profiles != NULL) {
1633 1634
        /* Returns 0 on success! */
        if (SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles) != 0) {
M
Matt Caswell 已提交
1635 1636 1637 1638 1639
            BIO_printf(bio_err, "Error setting SRTP profile\n");
            ERR_print_errors(bio_err);
            goto end;
        }
    }
P
Piotr Sikora 已提交
1640
#endif
B
Ben Laurie 已提交
1641

1642
    if (!ctx_set_verify_locations(ctx, CAfile, CApath)) {
1643
        ERR_print_errors(bio_err);
1644
        goto end;
1645
    }
1646 1647
    if (vpmtouched && !SSL_CTX_set1_param(ctx, vpm)) {
        BIO_printf(bio_err, "Error setting verify params\n");
M
Matt Caswell 已提交
1648 1649 1650
        ERR_print_errors(bio_err);
        goto end;
    }
1651 1652

    ssl_ctx_add_crls(ctx, crls, 0);
1653
    if (!config_ctx(cctx, ssl_args, ctx, no_ecdhe, jpake_secret == NULL))
1654 1655 1656 1657 1658 1659 1660 1661
        goto end;

    if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile,
                         crls, crl_download)) {
        BIO_printf(bio_err, "Error loading store locations\n");
        ERR_print_errors(bio_err);
        goto end;
    }
1662
#ifndef OPENSSL_NO_TLSEXT
1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674
    if (s_cert2) {
        ctx2 = SSL_CTX_new(meth);
        if (ctx2 == NULL) {
            ERR_print_errors(bio_err);
            goto end;
        }
    }

    if (ctx2) {
        BIO_printf(bio_s_out, "Setting secondary ctx parameters\n");

        if (sdebug)
R
Rich Salz 已提交
1675
            ssl_ctx_security_debug(ctx, sdebug);
1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699 1700 1701 1702 1703 1704 1705

        if (session_id_prefix) {
            if (strlen(session_id_prefix) >= 32)
                BIO_printf(bio_err,
                           "warning: id_prefix is too long, only one new session will be possible\n");
            if (!SSL_CTX_set_generate_session_id(ctx2, generate_session_id)) {
                BIO_printf(bio_err, "error setting 'id_prefix'\n");
                ERR_print_errors(bio_err);
                goto end;
            }
            BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
        }
        SSL_CTX_set_quiet_shutdown(ctx2, 1);
        if (exc)
            ssl_ctx_set_excert(ctx2, exc);

        if (state)
            SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback);

        if (no_cache)
            SSL_CTX_set_session_cache_mode(ctx2, SSL_SESS_CACHE_OFF);
        else if (ext_cache)
            init_session_cache_ctx(ctx2);
        else
            SSL_CTX_sess_set_cache_size(ctx2, 128);

        if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) ||
            (!SSL_CTX_set_default_verify_paths(ctx2))) {
            ERR_print_errors(bio_err);
        }
1706 1707
        if (vpmtouched && !SSL_CTX_set1_param(ctx2, vpm)) {
            BIO_printf(bio_err, "Error setting verify params\n");
M
Matt Caswell 已提交
1708 1709 1710
            ERR_print_errors(bio_err);
            goto end;
        }
B
Ben Laurie 已提交
1711

1712
        ssl_ctx_add_crls(ctx2, crls, 0);
1713
        if (!config_ctx(cctx, ssl_args, ctx2, no_ecdhe, jpake_secret == NULL))
1714 1715
            goto end;
    }
B
Ben Laurie 已提交
1716
# ifndef OPENSSL_NO_NEXTPROTONEG
1717 1718 1719
    if (next_proto.data)
        SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb,
                                              &next_proto);
B
Ben Laurie 已提交
1720
# endif
1721 1722 1723
    if (alpn_ctx.data)
        SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx);
#endif
B
Bodo Möller 已提交
1724

1725
#ifndef OPENSSL_NO_DH
1726 1727 1728 1729 1730 1731 1732 1733 1734 1735 1736 1737 1738 1739 1740 1741 1742 1743 1744 1745 1746 1747 1748 1749 1750 1751 1752 1753 1754 1755 1756 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766 1767 1768 1769 1770 1771 1772
    if (!no_dhe) {
        DH *dh = NULL;

        if (dhfile)
            dh = load_dh_param(dhfile);
        else if (s_cert_file)
            dh = load_dh_param(s_cert_file);

        if (dh != NULL) {
            BIO_printf(bio_s_out, "Setting temp DH parameters\n");
        } else {
            BIO_printf(bio_s_out, "Using default temp DH parameters\n");
        }
        (void)BIO_flush(bio_s_out);

        if (dh == NULL)
            SSL_CTX_set_dh_auto(ctx, 1);
        else if (!SSL_CTX_set_tmp_dh(ctx, dh)) {
            BIO_puts(bio_err, "Error setting temp DH parameters\n");
            ERR_print_errors(bio_err);
            DH_free(dh);
            goto end;
        }
# ifndef OPENSSL_NO_TLSEXT
        if (ctx2) {
            if (!dhfile) {
                DH *dh2 = load_dh_param(s_cert_file2);
                if (dh2 != NULL) {
                    BIO_printf(bio_s_out, "Setting temp DH parameters\n");
                    (void)BIO_flush(bio_s_out);

                    DH_free(dh);
                    dh = dh2;
                }
            }
            if (dh == NULL)
                SSL_CTX_set_dh_auto(ctx2, 1);
            else if (!SSL_CTX_set_tmp_dh(ctx2, dh)) {
                BIO_puts(bio_err, "Error setting temp DH parameters\n");
                ERR_print_errors(bio_err);
                DH_free(dh);
                goto end;
            }
        }
# endif
        DH_free(dh);
    }
1773
#endif
1774

1775 1776
    if (!set_cert_key_stuff(ctx, s_cert, s_key, s_chain, build_chain))
        goto end;
1777
#ifndef OPENSSL_NO_TLSEXT
1778 1779 1780 1781 1782
    if (s_serverinfo_file != NULL
        && !SSL_CTX_use_serverinfo_file(ctx, s_serverinfo_file)) {
        ERR_print_errors(bio_err);
        goto end;
    }
1783
#endif
1784 1785 1786
#ifndef OPENSSL_NO_TLSEXT
    if (ctx2 && !set_cert_key_stuff(ctx2, s_cert2, s_key2, NULL, build_chain))
        goto end;
1787
#endif
1788 1789 1790 1791 1792 1793 1794 1795 1796 1797 1798 1799
    if (s_dcert != NULL) {
        if (!set_cert_key_stuff(ctx, s_dcert, s_dkey, s_dchain, build_chain))
            goto end;
    }
#ifndef OPENSSL_NO_RSA
    if (!no_tmp_rsa) {
        SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb);
#  ifndef OPENSSL_NO_TLSEXT
        if (ctx2)
            SSL_CTX_set_tmp_rsa_callback(ctx2, tmp_rsa_cb);
#  endif
    }
1800 1801
#endif

1802 1803 1804
    if (no_resume_ephemeral) {
        SSL_CTX_set_not_resumable_session_callback(ctx,
                                                   not_resumable_sess_cb);
1805
#ifndef OPENSSL_NO_TLSEXT
1806 1807 1808
        if (ctx2)
            SSL_CTX_set_not_resumable_session_callback(ctx2,
                                                       not_resumable_sess_cb);
1809
#endif
1810
    }
1811
#ifndef OPENSSL_NO_PSK
1812 1813 1814 1815 1816 1817 1818 1819 1820 1821 1822
# ifdef OPENSSL_NO_JPAKE
    if (psk_key != NULL)
# else
    if (psk_key != NULL || jpake_secret)
# endif
    {
        if (s_debug)
            BIO_printf(bio_s_out,
                       "PSK key given or JPAKE in use, setting server callback\n");
        SSL_CTX_set_psk_server_callback(ctx, psk_server_cb);
    }
1823

1824 1825 1826 1827 1828
    if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) {
        BIO_printf(bio_err, "error setting PSK identity hint to context\n");
        ERR_print_errors(bio_err);
        goto end;
    }
1829 1830
#endif

1831
    SSL_CTX_set_verify(ctx, s_server_verify, verify_callback);
V
Viktor Dukhovni 已提交
1832
    if (!SSL_CTX_set_session_id_context(ctx,
1833 1834
                (void *)&s_server_session_id_context,
                sizeof s_server_session_id_context)) {
M
Matt Caswell 已提交
1835 1836 1837 1838
        BIO_printf(bio_err, "error setting session id context\n");
        ERR_print_errors(bio_err);
        goto end;
    }
1839

1840 1841 1842
    /* Set DTLS cookie generation and verification callbacks */
    SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
    SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);
D
Dr. Stephen Henson 已提交
1843

1844
#ifndef OPENSSL_NO_TLSEXT
1845 1846
    if (ctx2) {
        SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback);
V
Viktor Dukhovni 已提交
1847
        if (!SSL_CTX_set_session_id_context(ctx2,
1848 1849
                    (void *)&s_server_session_id_context,
                    sizeof s_server_session_id_context)) {
M
Matt Caswell 已提交
1850 1851 1852 1853
            BIO_printf(bio_err, "error setting session id context\n");
            ERR_print_errors(bio_err);
            goto end;
        }
1854 1855 1856 1857 1858 1859
        tlsextcbp.biodebug = bio_s_out;
        SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);
        SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp);
        SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
        SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
    }
1860
#endif
1861

B
Ben Laurie 已提交
1862
#ifndef OPENSSL_NO_SRP
1863 1864 1865 1866 1867 1868 1869 1870 1871 1872 1873 1874 1875 1876 1877 1878 1879 1880 1881
    if (srp_verifier_file != NULL) {
        srp_callback_parm.vb = SRP_VBASE_new(srpuserseed);
        srp_callback_parm.user = NULL;
        srp_callback_parm.login = NULL;
        if ((ret =
             SRP_VBASE_init(srp_callback_parm.vb,
                            srp_verifier_file)) != SRP_NO_ERROR) {
            BIO_printf(bio_err,
                       "Cannot initialize SRP verifier file \"%s\":ret=%d\n",
                       srp_verifier_file, ret);
            goto end;
        }
        SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_callback);
        SSL_CTX_set_srp_cb_arg(ctx, &srp_callback_parm);
        SSL_CTX_set_srp_username_callback(ctx, ssl_srp_server_param_cb);
    } else
#endif
    if (CAfile != NULL) {
        SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
1882
#ifndef OPENSSL_NO_TLSEXT
1883 1884 1885 1886 1887 1888 1889 1890 1891 1892 1893 1894 1895
        if (ctx2)
            SSL_CTX_set_client_CA_list(ctx2, SSL_load_client_CA_file(CAfile));
#endif
    }

    BIO_printf(bio_s_out, "ACCEPT\n");
    (void)BIO_flush(bio_s_out);
    if (rev)
        server_cb = rev_body;
    else if (www)
        server_cb = www_body;
    else
        server_cb = sv_body;
D
Dr. Stephen Henson 已提交
1896
#ifndef NO_SYS_UN_H
1897 1898 1899 1900 1901 1902 1903 1904 1905 1906 1907 1908
    if (unix_path) {
        if (unlink_unix_path)
            unlink(unix_path);
        do_server_unix(unix_path, &accept_socket, server_cb, context,
                       naccept);
    } else
#endif
        do_server(port, socket_type, &accept_socket, server_cb, context,
                  naccept);
    print_stats(bio_s_out, ctx);
    ret = 0;
 end:
R
Rich Salz 已提交
1909
    SSL_CTX_free(ctx);
R
Rich Salz 已提交
1910 1911 1912
    X509_free(s_cert);
    sk_X509_CRL_pop_free(crls, X509_CRL_free);
    X509_free(s_dcert);
R
Rich Salz 已提交
1913 1914
    EVP_PKEY_free(s_key);
    EVP_PKEY_free(s_dkey);
R
Rich Salz 已提交
1915 1916
    sk_X509_pop_free(s_chain, X509_free);
    sk_X509_pop_free(s_dchain, X509_free);
R
Rich Salz 已提交
1917 1918
    OPENSSL_free(pass);
    OPENSSL_free(dpass);
R
Rich Salz 已提交
1919
    X509_VERIFY_PARAM_free(vpm);
1920
    free_sessions();
1921
#ifndef OPENSSL_NO_TLSEXT
R
Rich Salz 已提交
1922 1923 1924
    OPENSSL_free(tlscstatp.host);
    OPENSSL_free(tlscstatp.port);
    OPENSSL_free(tlscstatp.path);
R
Rich Salz 已提交
1925
    SSL_CTX_free(ctx2);
R
Rich Salz 已提交
1926
    X509_free(s_cert2);
R
Rich Salz 已提交
1927
    EVP_PKEY_free(s_key2);
R
Rich Salz 已提交
1928
    BIO_free(serverinfo_in);
1929
# ifndef OPENSSL_NO_NEXTPROTONEG
R
Rich Salz 已提交
1930
    OPENSSL_free(next_proto.data);
1931
# endif
R
Rich Salz 已提交
1932
    OPENSSL_free(alpn_ctx.data);
1933 1934
#endif
    ssl_excert_free(exc);
1935
    sk_OPENSSL_STRING_free(ssl_args);
R
Rich Salz 已提交
1936
    SSL_CONF_CTX_free(cctx);
R
Rich Salz 已提交
1937 1938 1939 1940
    BIO_free(bio_s_out);
    bio_s_out = NULL;
    BIO_free(bio_s_msg);
    bio_s_msg = NULL;
1941
    return (ret);
1942
}
1943

U
Ulf Möller 已提交
1944
static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
1945 1946 1947 1948 1949 1950 1951 1952 1953 1954 1955 1956 1957 1958 1959 1960 1961 1962 1963 1964 1965 1966 1967 1968 1969 1970
{
    BIO_printf(bio, "%4ld items in the session cache\n",
               SSL_CTX_sess_number(ssl_ctx));
    BIO_printf(bio, "%4ld client connects (SSL_connect())\n",
               SSL_CTX_sess_connect(ssl_ctx));
    BIO_printf(bio, "%4ld client renegotiates (SSL_connect())\n",
               SSL_CTX_sess_connect_renegotiate(ssl_ctx));
    BIO_printf(bio, "%4ld client connects that finished\n",
               SSL_CTX_sess_connect_good(ssl_ctx));
    BIO_printf(bio, "%4ld server accepts (SSL_accept())\n",
               SSL_CTX_sess_accept(ssl_ctx));
    BIO_printf(bio, "%4ld server renegotiates (SSL_accept())\n",
               SSL_CTX_sess_accept_renegotiate(ssl_ctx));
    BIO_printf(bio, "%4ld server accepts that finished\n",
               SSL_CTX_sess_accept_good(ssl_ctx));
    BIO_printf(bio, "%4ld session cache hits\n", SSL_CTX_sess_hits(ssl_ctx));
    BIO_printf(bio, "%4ld session cache misses\n",
               SSL_CTX_sess_misses(ssl_ctx));
    BIO_printf(bio, "%4ld session cache timeouts\n",
               SSL_CTX_sess_timeouts(ssl_ctx));
    BIO_printf(bio, "%4ld callback cache hits\n",
               SSL_CTX_sess_cb_hits(ssl_ctx));
    BIO_printf(bio, "%4ld cache full overflows (%ld allowed)\n",
               SSL_CTX_sess_cache_full(ssl_ctx),
               SSL_CTX_sess_get_cache_size(ssl_ctx));
}
1971

1972
static int sv_body(char *hostname, int s, int stype, unsigned char *context)
1973 1974 1975 1976 1977 1978 1979 1980 1981
{
    char *buf = NULL;
    fd_set readfds;
    int ret = 1, width;
    int k, i;
    unsigned long l;
    SSL *con = NULL;
    BIO *sbio;
    struct timeval timeout;
R
Rich Salz 已提交
1982
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
1983
    struct timeval tv;
1984
#else
1985
    struct timeval *timeoutp;
1986
#endif
1987

R
Rich Salz 已提交
1988
    buf = app_malloc(bufsize, "server buffer");
1989 1990 1991
#ifdef FIONBIO
    if (s_nbio) {
        unsigned long sl = 1;
1992

1993 1994 1995 1996 1997
        if (!s_quiet)
            BIO_printf(bio_err, "turning on non blocking io\n");
        if (BIO_socket_ioctl(s, FIONBIO, &sl) < 0)
            ERR_print_errors(bio_err);
    }
1998 1999
#endif

2000 2001
    if (con == NULL) {
        con = SSL_new(ctx);
2002
#ifndef OPENSSL_NO_TLSEXT
2003 2004 2005 2006 2007 2008 2009 2010
        if (s_tlsextdebug) {
            SSL_set_tlsext_debug_callback(con, tlsext_cb);
            SSL_set_tlsext_debug_arg(con, bio_s_out);
        }
        if (s_tlsextstatus) {
            SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb);
            SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp);
        }
2011
#endif
2012 2013 2014
        if (context
                && !SSL_set_session_id_context(con,
                        context, strlen((char *)context))) {
M
Matt Caswell 已提交
2015 2016 2017 2018 2019
            BIO_printf(bio_err, "Error setting session id context\n");
            ret = -1;
            goto err;
        }
    }
V
Viktor Dukhovni 已提交
2020
    if (!SSL_clear(con)) {
M
Matt Caswell 已提交
2021 2022 2023
        BIO_printf(bio_err, "Error clearing SSL connection\n");
        ret = -1;
        goto err;
2024 2025 2026 2027 2028 2029 2030 2031 2032 2033 2034 2035 2036 2037 2038 2039 2040 2041 2042 2043 2044 2045 2046 2047 2048 2049 2050 2051 2052 2053 2054 2055 2056 2057
    }

    if (stype == SOCK_DGRAM) {

        sbio = BIO_new_dgram(s, BIO_NOCLOSE);

        if (enable_timeouts) {
            timeout.tv_sec = 0;
            timeout.tv_usec = DGRAM_RCV_TIMEOUT;
            BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);

            timeout.tv_sec = 0;
            timeout.tv_usec = DGRAM_SND_TIMEOUT;
            BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
        }

        if (socket_mtu) {
            if (socket_mtu < DTLS_get_link_min_mtu(con)) {
                BIO_printf(bio_err, "MTU too small. Must be at least %ld\n",
                           DTLS_get_link_min_mtu(con));
                ret = -1;
                BIO_free(sbio);
                goto err;
            }
            SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
            if (!DTLS_set_link_mtu(con, socket_mtu)) {
                BIO_printf(bio_err, "Failed to set MTU\n");
                ret = -1;
                BIO_free(sbio);
                goto err;
            }
        } else
            /* want to do MTU discovery */
            BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
B
Ben Laurie 已提交
2058 2059 2060

        /* turn on cookie exchange */
        SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE);
2061 2062
    } else
        sbio = BIO_new_socket(s, BIO_NOCLOSE);
B
Ben Laurie 已提交
2063

2064 2065
    if (s_nbio_test) {
        BIO *test;
2066

2067 2068 2069
        test = BIO_new(BIO_f_nbio_test());
        sbio = BIO_push(test, sbio);
    }
D
Dr. Stephen Henson 已提交
2070
#ifndef OPENSSL_NO_JPAKE
2071 2072 2073 2074 2075 2076 2077 2078 2079 2080 2081 2082 2083 2084
    if (jpake_secret)
        jpake_server_auth(bio_s_out, sbio, jpake_secret);
#endif

    SSL_set_bio(con, sbio, sbio);
    SSL_set_accept_state(con);
    /* SSL_set_fd(con,s); */

    if (s_debug) {
        SSL_set_debug(con, 1);
        BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
        BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out);
    }
    if (s_msg) {
2085
#ifndef OPENSSL_NO_SSL_TRACE
2086 2087 2088
        if (s_msg == 2)
            SSL_set_msg_callback(con, SSL_trace);
        else
2089
#endif
2090 2091 2092
            SSL_set_msg_callback(con, msg_cb);
        SSL_set_msg_callback_arg(con, bio_s_msg ? bio_s_msg : bio_s_out);
    }
2093
#ifndef OPENSSL_NO_TLSEXT
2094 2095 2096 2097
    if (s_tlsextdebug) {
        SSL_set_tlsext_debug_callback(con, tlsext_cb);
        SSL_set_tlsext_debug_arg(con, bio_s_out);
    }
2098
#endif
2099

2100 2101 2102 2103
    width = s + 1;
    for (;;) {
        int read_from_terminal;
        int read_from_sslcon;
B
Bodo Möller 已提交
2104

2105 2106
        read_from_terminal = 0;
        read_from_sslcon = SSL_pending(con);
B
Bodo Möller 已提交
2107

2108 2109
        if (!read_from_sslcon) {
            FD_ZERO(&readfds);
R
Rich Salz 已提交
2110
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
2111 2112 2113 2114 2115 2116 2117 2118 2119 2120
            openssl_fdset(fileno(stdin), &readfds);
#endif
            openssl_fdset(s, &readfds);
            /*
             * Note: under VMS with SOCKETSHR the second parameter is
             * currently of type (int *) whereas under other systems it is
             * (void *) if you don't have a cast it will choke the compiler:
             * if you do have a cast then you can either go for (int *) or
             * (void *).
             */
R
Richard Levitte 已提交
2121
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
2122 2123 2124 2125 2126 2127 2128 2129 2130 2131 2132 2133 2134
            /*
             * Under DOS (non-djgpp) and Windows we can't select on stdin:
             * only on sockets. As a workaround we timeout the select every
             * second and check for any keypress. In a proper Windows
             * application we wouldn't do this because it is inefficient.
             */
            tv.tv_sec = 1;
            tv.tv_usec = 0;
            i = select(width, (void *)&readfds, NULL, NULL, &tv);
            if ((i < 0) || (!i && !_kbhit()))
                continue;
            if (_kbhit())
                read_from_terminal = 1;
2135
#else
2136 2137 2138 2139 2140 2141 2142 2143 2144 2145 2146 2147 2148 2149 2150 2151 2152 2153 2154 2155 2156 2157 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168 2169 2170 2171 2172 2173 2174 2175 2176 2177 2178 2179 2180
            if ((SSL_version(con) == DTLS1_VERSION) &&
                DTLSv1_get_timeout(con, &timeout))
                timeoutp = &timeout;
            else
                timeoutp = NULL;

            i = select(width, (void *)&readfds, NULL, NULL, timeoutp);

            if ((SSL_version(con) == DTLS1_VERSION)
                && DTLSv1_handle_timeout(con) > 0) {
                BIO_printf(bio_err, "TIMEOUT occurred\n");
            }

            if (i <= 0)
                continue;
            if (FD_ISSET(fileno(stdin), &readfds))
                read_from_terminal = 1;
#endif
            if (FD_ISSET(s, &readfds))
                read_from_sslcon = 1;
        }
        if (read_from_terminal) {
            if (s_crlf) {
                int j, lf_num;

                i = raw_read_stdin(buf, bufsize / 2);
                lf_num = 0;
                /* both loops are skipped when i <= 0 */
                for (j = 0; j < i; j++)
                    if (buf[j] == '\n')
                        lf_num++;
                for (j = i - 1; j >= 0; j--) {
                    buf[j + lf_num] = buf[j];
                    if (buf[j] == '\n') {
                        lf_num--;
                        i++;
                        buf[j + lf_num] = '\r';
                    }
                }
                assert(lf_num == 0);
            } else
                i = raw_read_stdin(buf, bufsize);
            if (!s_quiet && !s_brief) {
                if ((i <= 0) || (buf[0] == 'Q')) {
                    BIO_printf(bio_s_out, "DONE\n");
2181
                    (void)BIO_flush(bio_s_out);
2182 2183 2184 2185 2186 2187 2188
                    SHUTDOWN(s);
                    close_accept_socket();
                    ret = -11;
                    goto err;
                }
                if ((i <= 0) || (buf[0] == 'q')) {
                    BIO_printf(bio_s_out, "DONE\n");
2189
                    (void)BIO_flush(bio_s_out);
2190
                    if (SSL_version(con) != DTLS1_VERSION)
B
Ben Laurie 已提交
2191
                        SHUTDOWN(s);
2192 2193 2194 2195 2196
                    /*
                     * close_accept_socket(); ret= -11;
                     */
                    goto err;
                }
D
Dr. Stephen Henson 已提交
2197
#ifndef OPENSSL_NO_HEARTBEATS
2198 2199 2200 2201 2202 2203 2204 2205 2206 2207 2208 2209 2210 2211 2212 2213 2214 2215 2216 2217 2218 2219 2220 2221 2222 2223 2224 2225 2226 2227 2228 2229 2230 2231 2232 2233 2234 2235 2236
                if ((buf[0] == 'B') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
                    BIO_printf(bio_err, "HEARTBEATING\n");
                    SSL_heartbeat(con);
                    i = 0;
                    continue;
                }
#endif
                if ((buf[0] == 'r') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
                    SSL_renegotiate(con);
                    i = SSL_do_handshake(con);
                    printf("SSL_do_handshake -> %d\n", i);
                    i = 0;      /* 13; */
                    continue;
                    /*
                     * strcpy(buf,"server side RE-NEGOTIATE\n");
                     */
                }
                if ((buf[0] == 'R') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
                    SSL_set_verify(con,
                                   SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE,
                                   NULL);
                    SSL_renegotiate(con);
                    i = SSL_do_handshake(con);
                    printf("SSL_do_handshake -> %d\n", i);
                    i = 0;      /* 13; */
                    continue;
                    /*
                     * strcpy(buf,"server side RE-NEGOTIATE asking for client
                     * cert\n");
                     */
                }
                if (buf[0] == 'P') {
                    static const char *str = "Lets print some clear text\n";
                    BIO_write(SSL_get_wbio(con), str, strlen(str));
                }
                if (buf[0] == 'S') {
                    print_stats(bio_s_out, SSL_get_SSL_CTX(con));
                }
            }
2237
#ifdef CHARSET_EBCDIC
2238
            ebcdic2ascii(buf, buf, i);
2239
#endif
2240 2241 2242
            l = k = 0;
            for (;;) {
                /* should do a select for the write */
2243
#ifdef RENEG
2244 2245 2246 2247 2248 2249 2250
                {
                    static count = 0;
                    if (++count == 100) {
                        count = 0;
                        SSL_renegotiate(con);
                    }
                }
2251
#endif
2252
                k = SSL_write(con, &(buf[l]), (unsigned int)i);
D
Dr. Stephen Henson 已提交
2253
#ifndef OPENSSL_NO_SRP
2254 2255 2256 2257 2258 2259 2260 2261 2262 2263 2264 2265 2266 2267 2268 2269 2270 2271 2272 2273 2274 2275 2276 2277
                while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) {
                    BIO_printf(bio_s_out, "LOOKUP renego during write\n");
                    srp_callback_parm.user =
                        SRP_VBASE_get_by_user(srp_callback_parm.vb,
                                              srp_callback_parm.login);
                    if (srp_callback_parm.user)
                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
                                   srp_callback_parm.user->info);
                    else
                        BIO_printf(bio_s_out, "LOOKUP not successful\n");
                    k = SSL_write(con, &(buf[l]), (unsigned int)i);
                }
#endif
                switch (SSL_get_error(con, k)) {
                case SSL_ERROR_NONE:
                    break;
                case SSL_ERROR_WANT_WRITE:
                case SSL_ERROR_WANT_READ:
                case SSL_ERROR_WANT_X509_LOOKUP:
                    BIO_printf(bio_s_out, "Write BLOCK\n");
                    break;
                case SSL_ERROR_SYSCALL:
                case SSL_ERROR_SSL:
                    BIO_printf(bio_s_out, "ERROR\n");
2278
                    (void)BIO_flush(bio_s_out);
2279 2280 2281 2282 2283 2284
                    ERR_print_errors(bio_err);
                    ret = 1;
                    goto err;
                    /* break; */
                case SSL_ERROR_ZERO_RETURN:
                    BIO_printf(bio_s_out, "DONE\n");
2285
                    (void)BIO_flush(bio_s_out);
2286 2287 2288 2289 2290 2291 2292 2293 2294 2295 2296 2297 2298 2299 2300 2301 2302 2303 2304 2305 2306 2307 2308
                    ret = 1;
                    goto err;
                }
                l += k;
                i -= k;
                if (i <= 0)
                    break;
            }
        }
        if (read_from_sslcon) {
            if (!SSL_is_init_finished(con)) {
                i = init_ssl_connection(con);

                if (i < 0) {
                    ret = 0;
                    goto err;
                } else if (i == 0) {
                    ret = 1;
                    goto err;
                }
            } else {
 again:
                i = SSL_read(con, (char *)buf, bufsize);
D
Dr. Stephen Henson 已提交
2309
#ifndef OPENSSL_NO_SRP
2310 2311 2312 2313 2314 2315 2316 2317 2318 2319 2320 2321 2322 2323 2324
                while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
                    BIO_printf(bio_s_out, "LOOKUP renego during read\n");
                    srp_callback_parm.user =
                        SRP_VBASE_get_by_user(srp_callback_parm.vb,
                                              srp_callback_parm.login);
                    if (srp_callback_parm.user)
                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
                                   srp_callback_parm.user->info);
                    else
                        BIO_printf(bio_s_out, "LOOKUP not successful\n");
                    i = SSL_read(con, (char *)buf, bufsize);
                }
#endif
                switch (SSL_get_error(con, i)) {
                case SSL_ERROR_NONE:
2325
#ifdef CHARSET_EBCDIC
2326 2327 2328 2329 2330 2331 2332 2333 2334 2335 2336 2337 2338
                    ascii2ebcdic(buf, buf, i);
#endif
                    raw_write_stdout(buf, (unsigned int)i);
                    if (SSL_pending(con))
                        goto again;
                    break;
                case SSL_ERROR_WANT_WRITE:
                case SSL_ERROR_WANT_READ:
                    BIO_printf(bio_s_out, "Read BLOCK\n");
                    break;
                case SSL_ERROR_SYSCALL:
                case SSL_ERROR_SSL:
                    BIO_printf(bio_s_out, "ERROR\n");
2339
                    (void)BIO_flush(bio_s_out);
2340 2341 2342 2343 2344
                    ERR_print_errors(bio_err);
                    ret = 1;
                    goto err;
                case SSL_ERROR_ZERO_RETURN:
                    BIO_printf(bio_s_out, "DONE\n");
2345
                    (void)BIO_flush(bio_s_out);
2346 2347 2348 2349 2350 2351 2352 2353 2354 2355 2356 2357 2358
                    ret = 1;
                    goto err;
                }
            }
        }
    }
 err:
    if (con != NULL) {
        BIO_printf(bio_s_out, "shutting down SSL\n");
        SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
        SSL_free(con);
    }
    BIO_printf(bio_s_out, "CONNECTION CLOSED\n");
R
Rich Salz 已提交
2359
    OPENSSL_clear_free(buf, bufsize);
2360 2361
    if (ret >= 0)
        BIO_printf(bio_s_out, "ACCEPT\n");
R
Rich Salz 已提交
2362
    (void)BIO_flush(bio_s_out);
2363 2364
    return (ret);
}
2365

U
Ulf Möller 已提交
2366
static void close_accept_socket(void)
2367 2368 2369 2370 2371 2372
{
    BIO_printf(bio_err, "shutdown accept socket\n");
    if (accept_socket >= 0) {
        SHUTDOWN2(accept_socket);
    }
}
2373

U
Ulf Möller 已提交
2374
static int init_ssl_connection(SSL *con)
2375 2376 2377 2378 2379
{
    int i;
    const char *str;
    X509 *peer;
    long verify_error;
2380
    char buf[BUFSIZ];
B
Ben Laurie 已提交
2381
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
2382 2383
    const unsigned char *next_proto_neg;
    unsigned next_proto_neg_len;
2384
#endif
2385
    unsigned char *exportedkeymat;
2386

2387
    i = SSL_accept(con);
2388
#ifdef CERT_CB_TEST_RETRY
2389 2390 2391 2392 2393 2394 2395 2396
    {
        while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP
               && SSL_state(con) == SSL3_ST_SR_CLNT_HELLO_C) {
            fprintf(stderr,
                    "LOOKUP from certificate callback during accept\n");
            i = SSL_accept(con);
        }
    }
2397
#endif
D
Dr. Stephen Henson 已提交
2398
#ifndef OPENSSL_NO_SRP
2399 2400 2401 2402 2403 2404 2405 2406 2407 2408 2409 2410 2411 2412 2413 2414 2415 2416 2417 2418 2419 2420
    while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
        BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
                   srp_callback_parm.login);
        srp_callback_parm.user =
            SRP_VBASE_get_by_user(srp_callback_parm.vb,
                                  srp_callback_parm.login);
        if (srp_callback_parm.user)
            BIO_printf(bio_s_out, "LOOKUP done %s\n",
                       srp_callback_parm.user->info);
        else
            BIO_printf(bio_s_out, "LOOKUP not successful\n");
        i = SSL_accept(con);
    }
#endif

    if (i <= 0) {
        if (BIO_sock_should_retry(i)) {
            BIO_printf(bio_s_out, "DELAY\n");
            return (1);
        }

        BIO_printf(bio_err, "ERROR\n");
2421

2422 2423 2424 2425 2426 2427 2428 2429 2430 2431 2432
        verify_error = SSL_get_verify_result(con);
        if (verify_error != X509_V_OK) {
            BIO_printf(bio_err, "verify error:%s\n",
                       X509_verify_cert_error_string(verify_error));
        }
        /* Always print any error messages */
        ERR_print_errors(bio_err);
        return (0);
    }

    if (s_brief)
R
Rich Salz 已提交
2433
        print_ssl_summary(con);
2434 2435 2436 2437 2438 2439 2440 2441 2442 2443 2444 2445 2446 2447 2448 2449 2450 2451

    PEM_write_bio_SSL_SESSION(bio_s_out, SSL_get_session(con));

    peer = SSL_get_peer_certificate(con);
    if (peer != NULL) {
        BIO_printf(bio_s_out, "Client certificate\n");
        PEM_write_bio_X509(bio_s_out, peer);
        X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf);
        BIO_printf(bio_s_out, "subject=%s\n", buf);
        X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf);
        BIO_printf(bio_s_out, "issuer=%s\n", buf);
        X509_free(peer);
    }

    if (SSL_get_shared_ciphers(con, buf, sizeof buf) != NULL)
        BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf);
    str = SSL_CIPHER_get_name(SSL_get_current_cipher(con));
    ssl_print_sigalgs(bio_s_out, con);
2452
#ifndef OPENSSL_NO_EC
2453 2454
    ssl_print_point_formats(bio_s_out, con);
    ssl_print_curves(bio_s_out, con, 0);
2455
#endif
2456
    BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)");
2457

B
Ben Laurie 已提交
2458
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
2459 2460 2461 2462 2463 2464
    SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len);
    if (next_proto_neg) {
        BIO_printf(bio_s_out, "NEXTPROTO is ");
        BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len);
        BIO_printf(bio_s_out, "\n");
    }
B
Ben Laurie 已提交
2465
#endif
P
Piotr Sikora 已提交
2466
#ifndef OPENSSL_NO_SRTP
2467 2468 2469 2470 2471 2472 2473 2474 2475 2476 2477 2478 2479 2480 2481 2482 2483 2484 2485 2486
    {
        SRTP_PROTECTION_PROFILE *srtp_profile
            = SSL_get_selected_srtp_profile(con);

        if (srtp_profile)
            BIO_printf(bio_s_out, "SRTP Extension negotiated, profile=%s\n",
                       srtp_profile->name);
    }
#endif
    if (SSL_cache_hit(con))
        BIO_printf(bio_s_out, "Reused session-id\n");
    if (SSL_ctrl(con, SSL_CTRL_GET_FLAGS, 0, NULL) &
        TLS1_FLAGS_TLS_PADDING_BUG)
        BIO_printf(bio_s_out, "Peer has incorrect TLSv1 block padding\n");
    BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
               SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
    if (keymatexportlabel != NULL) {
        BIO_printf(bio_s_out, "Keying material exporter:\n");
        BIO_printf(bio_s_out, "    Label: '%s'\n", keymatexportlabel);
        BIO_printf(bio_s_out, "    Length: %i bytes\n", keymatexportlen);
R
Rich Salz 已提交
2487 2488 2489 2490 2491 2492 2493 2494 2495 2496 2497 2498
        exportedkeymat = app_malloc(keymatexportlen, "export key");
        if (!SSL_export_keying_material(con, exportedkeymat,
                                        keymatexportlen,
                                        keymatexportlabel,
                                        strlen(keymatexportlabel),
                                        NULL, 0, 0)) {
            BIO_printf(bio_s_out, "    Error\n");
        } else {
            BIO_printf(bio_s_out, "    Keying material: ");
            for (i = 0; i < keymatexportlen; i++)
                BIO_printf(bio_s_out, "%02X", exportedkeymat[i]);
            BIO_printf(bio_s_out, "\n");
2499
        }
R
Rich Salz 已提交
2500
        OPENSSL_free(exportedkeymat);
2501 2502 2503 2504
    }

    return (1);
}
2505

2506
#ifndef OPENSSL_NO_DH
N
Nils Larsch 已提交
2507
static DH *load_dh_param(const char *dhfile)
2508 2509 2510 2511 2512 2513 2514 2515
{
    DH *ret = NULL;
    BIO *bio;

    if ((bio = BIO_new_file(dhfile, "r")) == NULL)
        goto err;
    ret = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
 err:
R
Rich Salz 已提交
2516
    BIO_free(bio);
2517 2518
    return (ret);
}
2519
#endif
2520

2521
static int www_body(char *hostname, int s, int stype, unsigned char *context)
2522 2523 2524 2525 2526 2527 2528
{
    char *buf = NULL;
    int ret = 1;
    int i, j, k, dot;
    SSL *con;
    const SSL_CIPHER *c;
    BIO *io, *ssl_bio, *sbio;
2529 2530 2531
#ifdef RENEG
    int total_bytes = 0;
#endif
2532

R
Rich Salz 已提交
2533
    buf = app_malloc(bufsize, "server www buffer");
2534 2535 2536 2537
    io = BIO_new(BIO_f_buffer());
    ssl_bio = BIO_new(BIO_f_ssl());
    if ((io == NULL) || (ssl_bio == NULL))
        goto err;
2538

2539 2540 2541
#ifdef FIONBIO
    if (s_nbio) {
        unsigned long sl = 1;
2542

2543 2544 2545 2546 2547
        if (!s_quiet)
            BIO_printf(bio_err, "turning on non blocking io\n");
        if (BIO_socket_ioctl(s, FIONBIO, &sl) < 0)
            ERR_print_errors(bio_err);
    }
2548 2549
#endif

2550 2551 2552
    /* lets make the output buffer a reasonable size */
    if (!BIO_set_write_buffer_size(io, bufsize))
        goto err;
2553

2554 2555
    if ((con = SSL_new(ctx)) == NULL)
        goto err;
2556
#ifndef OPENSSL_NO_TLSEXT
2557 2558 2559 2560
    if (s_tlsextdebug) {
        SSL_set_tlsext_debug_callback(con, tlsext_cb);
        SSL_set_tlsext_debug_arg(con, bio_s_out);
    }
2561
#endif
M
Matt Caswell 已提交
2562
    if (context && !SSL_set_session_id_context(con, context,
2563
                        strlen((char *)context)))
M
Matt Caswell 已提交
2564
        goto err;
2565 2566 2567 2568 2569 2570 2571 2572 2573 2574 2575 2576 2577 2578

    sbio = BIO_new_socket(s, BIO_NOCLOSE);
    if (s_nbio_test) {
        BIO *test;

        test = BIO_new(BIO_f_nbio_test());
        sbio = BIO_push(test, sbio);
    }
    SSL_set_bio(con, sbio, sbio);
    SSL_set_accept_state(con);

    /* SSL_set_fd(con,s); */
    BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
    BIO_push(io, ssl_bio);
2579
#ifdef CHARSET_EBCDIC
2580
    io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io);
2581
#endif
2582

2583 2584 2585 2586 2587 2588
    if (s_debug) {
        SSL_set_debug(con, 1);
        BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
        BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out);
    }
    if (s_msg) {
2589
#ifndef OPENSSL_NO_SSL_TRACE
2590 2591 2592 2593 2594 2595 2596 2597 2598 2599 2600 2601 2602 2603 2604 2605 2606
        if (s_msg == 2)
            SSL_set_msg_callback(con, SSL_trace);
        else
#endif
            SSL_set_msg_callback(con, msg_cb);
        SSL_set_msg_callback_arg(con, bio_s_msg ? bio_s_msg : bio_s_out);
    }

    for (;;) {
        i = BIO_gets(io, buf, bufsize - 1);
        if (i < 0) {            /* error */
            if (!BIO_should_retry(io)) {
                if (!s_quiet)
                    ERR_print_errors(bio_err);
                goto err;
            } else {
                BIO_printf(bio_s_out, "read R BLOCK\n");
R
Richard Levitte 已提交
2607
#if defined(OPENSSL_SYS_NETWARE)
2608
                delay(1000);
2609
#elif !defined(OPENSSL_SYS_MSDOS)
2610 2611 2612 2613 2614 2615 2616 2617
                sleep(1);
#endif
                continue;
            }
        } else if (i == 0) {    /* end of input */
            ret = 1;
            goto end;
        }
2618

2619 2620
        /* else we have data */
        if (((www == 1) && (strncmp("GET ", buf, 4) == 0)) ||
2621
            ((www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) {
2622 2623 2624 2625 2626 2627 2628 2629 2630 2631 2632 2633 2634 2635 2636 2637 2638 2639 2640 2641 2642 2643 2644 2645 2646 2647 2648 2649 2650 2651 2652 2653 2654 2655 2656 2657 2658 2659
            char *p;
            X509 *peer;
            STACK_OF(SSL_CIPHER) *sk;
            static const char *space = "                          ";

            if (www == 1 && strncmp("GET /reneg", buf, 10) == 0) {
                if (strncmp("GET /renegcert", buf, 14) == 0)
                    SSL_set_verify(con,
                                   SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE,
                                   NULL);
                i = SSL_renegotiate(con);
                BIO_printf(bio_s_out, "SSL_renegotiate -> %d\n", i);
                i = SSL_do_handshake(con);
                if (i <= 0) {
                    BIO_printf(bio_s_out, "SSL_do_handshake() Retval %d\n",
                               SSL_get_error(con, i));
                    ERR_print_errors(bio_err);
                    goto err;
                }
                /* EVIL HACK! */
                SSL_set_state(con, SSL_ST_ACCEPT);
                i = SSL_do_handshake(con);
                BIO_printf(bio_s_out, "SSL_do_handshake -> %d\n", i);
                if (i <= 0) {
                    BIO_printf(bio_s_out, "SSL_do_handshake() Retval %d\n",
                               SSL_get_error(con, i));
                    ERR_print_errors(bio_err);
                    goto err;
                }
            }

            BIO_puts(io,
                     "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
            BIO_puts(io, "<HTML><BODY BGCOLOR=\"#ffffff\">\n");
            BIO_puts(io, "<pre>\n");
/*                      BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/
            BIO_puts(io, "\n");
            for (i = 0; i < local_argc; i++) {
2660 2661 2662 2663 2664 2665 2666 2667 2668 2669 2670 2671 2672 2673 2674 2675
                const char *myp;
                for (myp = local_argv[i]; *myp; myp++)
                    switch (*myp) {
                    case '<':
                        BIO_puts(io, "&lt;");
                        break;
                    case '>':
                        BIO_puts(io, "&gt;");
                        break;
                    case '&':
                        BIO_puts(io, "&amp;");
                        break;
                    default:
                        BIO_write(io, myp, 1);
                        break;
                    }
2676 2677 2678 2679 2680 2681 2682 2683 2684 2685 2686 2687 2688 2689 2690 2691 2692
                BIO_write(io, " ", 1);
            }
            BIO_puts(io, "\n");

            BIO_printf(io,
                       "Secure Renegotiation IS%s supported\n",
                       SSL_get_secure_renegotiation_support(con) ?
                       "" : " NOT");

            /*
             * The following is evil and should not really be done
             */
            BIO_printf(io, "Ciphers supported in s_server binary\n");
            sk = SSL_get_ciphers(con);
            j = sk_SSL_CIPHER_num(sk);
            for (i = 0; i < j; i++) {
                c = sk_SSL_CIPHER_value(sk, i);
2693
                BIO_printf(io, "%-11s:%-25s ",
2694 2695 2696 2697 2698 2699 2700 2701 2702 2703 2704 2705 2706 2707 2708 2709 2710 2711 2712 2713 2714 2715 2716 2717 2718 2719 2720 2721 2722 2723 2724 2725 2726 2727 2728 2729 2730 2731 2732 2733 2734 2735 2736 2737 2738 2739 2740 2741 2742 2743 2744 2745 2746 2747 2748 2749 2750 2751 2752 2753 2754 2755 2756 2757 2758 2759 2760 2761 2762 2763 2764 2765 2766 2767 2768 2769 2770 2771 2772 2773 2774 2775 2776 2777 2778 2779 2780 2781 2782 2783 2784 2785 2786 2787 2788 2789
                           SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
                if ((((i + 1) % 2) == 0) && (i + 1 != j))
                    BIO_puts(io, "\n");
            }
            BIO_puts(io, "\n");
            p = SSL_get_shared_ciphers(con, buf, bufsize);
            if (p != NULL) {
                BIO_printf(io,
                           "---\nCiphers common between both SSL end points:\n");
                j = i = 0;
                while (*p) {
                    if (*p == ':') {
                        BIO_write(io, space, 26 - j);
                        i++;
                        j = 0;
                        BIO_write(io, ((i % 3) ? " " : "\n"), 1);
                    } else {
                        BIO_write(io, p, 1);
                        j++;
                    }
                    p++;
                }
                BIO_puts(io, "\n");
            }
            ssl_print_sigalgs(io, con);
#ifndef OPENSSL_NO_EC
            ssl_print_curves(io, con, 0);
#endif
            BIO_printf(io, (SSL_cache_hit(con)
                            ? "---\nReused, " : "---\nNew, "));
            c = SSL_get_current_cipher(con);
            BIO_printf(io, "%s, Cipher is %s\n",
                       SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
            SSL_SESSION_print(io, SSL_get_session(con));
            BIO_printf(io, "---\n");
            print_stats(io, SSL_get_SSL_CTX(con));
            BIO_printf(io, "---\n");
            peer = SSL_get_peer_certificate(con);
            if (peer != NULL) {
                BIO_printf(io, "Client certificate\n");
                X509_print(io, peer);
                PEM_write_bio_X509(io, peer);
            } else
                BIO_puts(io, "no client certificate available\n");
            BIO_puts(io, "</BODY></HTML>\r\n\r\n");
            break;
        } else if ((www == 2 || www == 3)
                   && (strncmp("GET /", buf, 5) == 0)) {
            BIO *file;
            char *p, *e;
            static const char *text =
                "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";

            /* skip the '/' */
            p = &(buf[5]);

            dot = 1;
            for (e = p; *e != '\0'; e++) {
                if (e[0] == ' ')
                    break;

                switch (dot) {
                case 1:
                    dot = (e[0] == '.') ? 2 : 0;
                    break;
                case 2:
                    dot = (e[0] == '.') ? 3 : 0;
                    break;
                case 3:
                    dot = (e[0] == '/') ? -1 : 0;
                    break;
                }
                if (dot == 0)
                    dot = (e[0] == '/') ? 1 : 0;
            }
            dot = (dot == 3) || (dot == -1); /* filename contains ".."
                                              * component */

            if (*e == '\0') {
                BIO_puts(io, text);
                BIO_printf(io, "'%s' is an invalid file name\r\n", p);
                break;
            }
            *e = '\0';

            if (dot) {
                BIO_puts(io, text);
                BIO_printf(io, "'%s' contains '..' reference\r\n", p);
                break;
            }

            if (*p == '/') {
                BIO_puts(io, text);
                BIO_printf(io, "'%s' is an invalid path\r\n", p);
                break;
            }
2790

2791 2792 2793 2794 2795 2796 2797 2798 2799 2800 2801 2802 2803 2804 2805 2806 2807 2808 2809 2810 2811 2812 2813 2814 2815 2816 2817 2818 2819 2820 2821 2822 2823
            /* if a directory, do the index thang */
            if (app_isdir(p) > 0) {
                BIO_puts(io, text);
                BIO_printf(io, "'%s' is a directory\r\n", p);
                break;
            }

            if ((file = BIO_new_file(p, "r")) == NULL) {
                BIO_puts(io, text);
                BIO_printf(io, "Error opening '%s'\r\n", p);
                ERR_print_errors(io);
                break;
            }

            if (!s_quiet)
                BIO_printf(bio_err, "FILE:%s\n", p);

            if (www == 2) {
                i = strlen(p);
                if (((i > 5) && (strcmp(&(p[i - 5]), ".html") == 0)) ||
                    ((i > 4) && (strcmp(&(p[i - 4]), ".php") == 0)) ||
                    ((i > 4) && (strcmp(&(p[i - 4]), ".htm") == 0)))
                    BIO_puts(io,
                             "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
                else
                    BIO_puts(io,
                             "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
            }
            /* send the file */
            for (;;) {
                i = BIO_read(file, buf, bufsize);
                if (i <= 0)
                    break;
2824

2825
#ifdef RENEG
2826 2827 2828 2829 2830 2831 2832 2833 2834 2835
                total_bytes += i;
                fprintf(stderr, "%d\n", i);
                if (total_bytes > 3 * 1024) {
                    total_bytes = 0;
                    fprintf(stderr, "RENEGOTIATE\n");
                    SSL_renegotiate(con);
                }
#endif

                for (j = 0; j < i;) {
2836
#ifdef RENEG
2837 2838 2839 2840 2841 2842 2843 2844 2845 2846 2847 2848 2849 2850 2851 2852 2853 2854 2855 2856 2857 2858 2859 2860 2861 2862 2863 2864 2865 2866 2867 2868 2869 2870 2871 2872
                    {
                        static count = 0;
                        if (++count == 13) {
                            SSL_renegotiate(con);
                        }
                    }
#endif
                    k = BIO_write(io, &(buf[j]), i - j);
                    if (k <= 0) {
                        if (!BIO_should_retry(io))
                            goto write_error;
                        else {
                            BIO_printf(bio_s_out, "rwrite W BLOCK\n");
                        }
                    } else {
                        j += k;
                    }
                }
            }
 write_error:
            BIO_free(file);
            break;
        }
    }

    for (;;) {
        i = (int)BIO_flush(io);
        if (i <= 0) {
            if (!BIO_should_retry(io))
                break;
        } else
            break;
    }
 end:
    /* make sure we re-use sessions */
    SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
2873

2874 2875 2876
 err:
    if (ret >= 0)
        BIO_printf(bio_s_out, "ACCEPT\n");
R
Rich Salz 已提交
2877
    OPENSSL_free(buf);
R
Rich Salz 已提交
2878
    BIO_free_all(io);
2879 2880
    return (ret);
}
2881

2882
static int rev_body(char *hostname, int s, int stype, unsigned char *context)
2883 2884 2885 2886 2887 2888
{
    char *buf = NULL;
    int i;
    int ret = 1;
    SSL *con;
    BIO *io, *ssl_bio, *sbio;
2889

R
Rich Salz 已提交
2890
    buf = app_malloc(bufsize, "server rev buffer");
2891 2892 2893 2894
    io = BIO_new(BIO_f_buffer());
    ssl_bio = BIO_new(BIO_f_ssl());
    if ((io == NULL) || (ssl_bio == NULL))
        goto err;
2895

2896 2897 2898
    /* lets make the output buffer a reasonable size */
    if (!BIO_set_write_buffer_size(io, bufsize))
        goto err;
2899

2900 2901
    if ((con = SSL_new(ctx)) == NULL)
        goto err;
2902
#ifndef OPENSSL_NO_TLSEXT
2903 2904 2905 2906
    if (s_tlsextdebug) {
        SSL_set_tlsext_debug_callback(con, tlsext_cb);
        SSL_set_tlsext_debug_arg(con, bio_s_out);
    }
2907
#endif
M
Matt Caswell 已提交
2908
    if (context && !SSL_set_session_id_context(con, context,
2909
                        strlen((char *)context))) {
M
Matt Caswell 已提交
2910 2911 2912
        ERR_print_errors(bio_err);
        goto err;
    }
2913 2914 2915 2916 2917 2918 2919

    sbio = BIO_new_socket(s, BIO_NOCLOSE);
    SSL_set_bio(con, sbio, sbio);
    SSL_set_accept_state(con);

    BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
    BIO_push(io, ssl_bio);
2920
#ifdef CHARSET_EBCDIC
2921
    io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io);
2922 2923
#endif

2924 2925 2926 2927 2928 2929
    if (s_debug) {
        SSL_set_debug(con, 1);
        BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
        BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out);
    }
    if (s_msg) {
2930
#ifndef OPENSSL_NO_SSL_TRACE
2931 2932 2933 2934 2935 2936 2937 2938 2939 2940 2941 2942 2943 2944 2945 2946 2947 2948 2949
        if (s_msg == 2)
            SSL_set_msg_callback(con, SSL_trace);
        else
#endif
            SSL_set_msg_callback(con, msg_cb);
        SSL_set_msg_callback_arg(con, bio_s_msg ? bio_s_msg : bio_s_out);
    }

    for (;;) {
        i = BIO_do_handshake(io);
        if (i > 0)
            break;
        if (!BIO_should_retry(io)) {
            BIO_puts(bio_err, "CONNECTION FAILURE\n");
            ERR_print_errors(bio_err);
            goto end;
        }
    }
    BIO_printf(bio_err, "CONNECTION ESTABLISHED\n");
R
Rich Salz 已提交
2950
    print_ssl_summary(con);
2951 2952 2953 2954 2955 2956 2957 2958 2959 2960

    for (;;) {
        i = BIO_gets(io, buf, bufsize - 1);
        if (i < 0) {            /* error */
            if (!BIO_should_retry(io)) {
                if (!s_quiet)
                    ERR_print_errors(bio_err);
                goto err;
            } else {
                BIO_printf(bio_s_out, "read R BLOCK\n");
2961
#if defined(OPENSSL_SYS_NETWARE)
2962
                delay(1000);
2963
#elif !defined(OPENSSL_SYS_MSDOS)
2964 2965 2966 2967 2968 2969 2970 2971 2972 2973 2974 2975 2976 2977
                sleep(1);
#endif
                continue;
            }
        } else if (i == 0) {    /* end of input */
            ret = 1;
            BIO_printf(bio_err, "CONNECTION CLOSED\n");
            goto end;
        } else {
            char *p = buf + i - 1;
            while (i && (*p == '\n' || *p == '\r')) {
                p--;
                i--;
            }
R
Rich Salz 已提交
2978
            if (!s_ign_eof && (i == 5) && (strncmp(buf, "CLOSE", 5) == 0)) {
2979 2980 2981 2982 2983 2984 2985 2986 2987 2988 2989 2990 2991 2992 2993 2994 2995 2996 2997 2998 2999 3000
                ret = 1;
                BIO_printf(bio_err, "CONNECTION CLOSED\n");
                goto end;
            }
            BUF_reverse((unsigned char *)buf, NULL, i);
            buf[i] = '\n';
            BIO_write(io, buf, i + 1);
            for (;;) {
                i = BIO_flush(io);
                if (i > 0)
                    break;
                if (!BIO_should_retry(io))
                    goto end;
            }
        }
    }
 end:
    /* make sure we re-use sessions */
    SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);

 err:

R
Rich Salz 已提交
3001
    OPENSSL_free(buf);
R
Rich Salz 已提交
3002
    BIO_free_all(io);
3003 3004
    return (ret);
}
3005

3006
#ifndef OPENSSL_NO_RSA
R
Rich Salz 已提交
3007
static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength)
3008 3009 3010 3011 3012 3013 3014 3015 3016 3017 3018 3019 3020 3021
{
    BIGNUM *bn = NULL;
    static RSA *rsa_tmp = NULL;

    if (!rsa_tmp && ((bn = BN_new()) == NULL))
        BIO_printf(bio_err, "Allocation error in generating RSA key\n");
    if (!rsa_tmp && bn) {
        if (!s_quiet) {
            BIO_printf(bio_err, "Generating temp (%d bit) RSA key...",
                       keylength);
            (void)BIO_flush(bio_err);
        }
        if (!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) ||
            !RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) {
R
Rich Salz 已提交
3022
            RSA_free(rsa_tmp);
3023 3024 3025 3026 3027 3028 3029 3030 3031 3032
            rsa_tmp = NULL;
        }
        if (!s_quiet) {
            BIO_printf(bio_err, "\n");
            (void)BIO_flush(bio_err);
        }
        BN_free(bn);
    }
    return (rsa_tmp);
}
3033
#endif
3034 3035 3036

#define MAX_SESSION_ID_ATTEMPTS 10
static int generate_session_id(const SSL *ssl, unsigned char *id,
3037 3038 3039 3040
                               unsigned int *id_len)
{
    unsigned int count = 0;
    do {
M
Matt Caswell 已提交
3041 3042
        if (RAND_bytes(id, *id_len) <= 0)
            return 0;
3043 3044 3045 3046 3047 3048 3049 3050 3051 3052 3053 3054 3055 3056 3057 3058 3059 3060 3061 3062
        /*
         * Prefix the session_id with the required prefix. NB: If our prefix
         * is too long, clip it - but there will be worse effects anyway, eg.
         * the server could only possibly create 1 session ID (ie. the
         * prefix!) so all future session negotiations will fail due to
         * conflicts.
         */
        memcpy(id, session_id_prefix,
               (strlen(session_id_prefix) < *id_len) ?
               strlen(session_id_prefix) : *id_len);
    }
    while (SSL_has_matching_session_id(ssl, id, *id_len) &&
           (++count < MAX_SESSION_ID_ATTEMPTS));
    if (count >= MAX_SESSION_ID_ATTEMPTS)
        return 0;
    return 1;
}

/*
 * By default s_server uses an in-memory cache which caches SSL_SESSION
3063 3064 3065 3066 3067
 * structures without any serialisation. This hides some bugs which only
 * become apparent in deployed servers. By implementing a basic external
 * session cache some issues can be debugged using s_server.
 */

3068 3069 3070 3071 3072 3073 3074
typedef struct simple_ssl_session_st {
    unsigned char *id;
    unsigned int idlen;
    unsigned char *der;
    int derlen;
    struct simple_ssl_session_st *next;
} simple_ssl_session;
3075 3076 3077 3078

static simple_ssl_session *first = NULL;

static int add_session(SSL *ssl, SSL_SESSION *session)
3079
{
R
Rich Salz 已提交
3080
    simple_ssl_session *sess = app_malloc(sizeof(*sess), "get session");
3081
    unsigned char *p;
3082

3083 3084
    SSL_SESSION_get_id(session, &sess->idlen);
    sess->derlen = i2d_SSL_SESSION(session, NULL);
3085 3086
    if (sess->derlen < 0) {
        BIO_printf(bio_err, "Error encoding session\n");
R
Rich Salz 已提交
3087
        OPENSSL_free(sess);
3088 3089
        return 0;
    }
3090

3091
    sess->id = BUF_memdup(SSL_SESSION_get_id(session, NULL), sess->idlen);
R
Rich Salz 已提交
3092 3093
    sess->der = app_malloc(sess->derlen, "get session buffer");
    if (!sess->id) {
3094
        BIO_printf(bio_err, "Out of memory adding to external cache\n");
R
Rich Salz 已提交
3095 3096
        OPENSSL_free(sess->id);
        OPENSSL_free(sess->der);
M
Matt Caswell 已提交
3097 3098 3099
        OPENSSL_free(sess);
        return 0;
    }
3100
    p = sess->der;
3101 3102 3103

    /* Assume it still works. */
    if (i2d_SSL_SESSION(session, &p) != sess->derlen) {
R
Rich Salz 已提交
3104
        BIO_printf(bio_err, "Unexpected session encoding length\n");
R
Rich Salz 已提交
3105 3106 3107
        OPENSSL_free(sess->id);
        OPENSSL_free(sess->der);
        OPENSSL_free(sess);
M
Matt Caswell 已提交
3108 3109
        return 0;
    }
3110

3111 3112 3113 3114 3115
    sess->next = first;
    first = sess;
    BIO_printf(bio_err, "New session added to external cache\n");
    return 0;
}
3116 3117

static SSL_SESSION *get_session(SSL *ssl, unsigned char *id, int idlen,
3118 3119 3120 3121 3122 3123 3124 3125 3126 3127 3128 3129 3130 3131
                                int *do_copy)
{
    simple_ssl_session *sess;
    *do_copy = 0;
    for (sess = first; sess; sess = sess->next) {
        if (idlen == (int)sess->idlen && !memcmp(sess->id, id, idlen)) {
            const unsigned char *p = sess->der;
            BIO_printf(bio_err, "Lookup session: cache hit\n");
            return d2i_SSL_SESSION(NULL, &p, sess->derlen);
        }
    }
    BIO_printf(bio_err, "Lookup session: cache miss\n");
    return NULL;
}
3132 3133

static void del_session(SSL_CTX *sctx, SSL_SESSION *session)
3134 3135 3136 3137 3138 3139 3140 3141 3142 3143 3144 3145 3146 3147 3148 3149 3150 3151 3152
{
    simple_ssl_session *sess, *prev = NULL;
    const unsigned char *id;
    unsigned int idlen;
    id = SSL_SESSION_get_id(session, &idlen);
    for (sess = first; sess; sess = sess->next) {
        if (idlen == sess->idlen && !memcmp(sess->id, id, idlen)) {
            if (prev)
                prev->next = sess->next;
            else
                first = sess->next;
            OPENSSL_free(sess->id);
            OPENSSL_free(sess->der);
            OPENSSL_free(sess);
            return;
        }
        prev = sess;
    }
}
3153 3154

static void init_session_cache_ctx(SSL_CTX *sctx)
3155 3156 3157 3158 3159 3160 3161 3162
{
    SSL_CTX_set_session_cache_mode(sctx,
                                   SSL_SESS_CACHE_NO_INTERNAL |
                                   SSL_SESS_CACHE_SERVER);
    SSL_CTX_sess_set_new_cb(sctx, add_session);
    SSL_CTX_sess_set_get_cb(sctx, get_session);
    SSL_CTX_sess_set_remove_cb(sctx, del_session);
}
3163 3164

static void free_sessions(void)
3165 3166 3167 3168 3169 3170 3171 3172 3173 3174 3175
{
    simple_ssl_session *sess, *tsess;
    for (sess = first; sess;) {
        OPENSSL_free(sess->id);
        OPENSSL_free(sess->der);
        tsess = sess;
        sess = sess->next;
        OPENSSL_free(tsess);
    }
    first = NULL;
}