1 /* 2 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. 3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved 4 * Copyright 2005 Nokia. All rights reserved. 5 * 6 * Licensed under the OpenSSL license (the "License"). You may not use 7 * this file except in compliance with the License. You can obtain a copy 8 * in the file LICENSE in the source distribution or at 9 * https://www.openssl.org/source/license.html 10 */ 11 12 #include <ctype.h> 13 #include <stdio.h> 14 #include <stdlib.h> 15 #include <string.h> 16 #if defined(_WIN32) 17 /* Included before async.h to avoid some warnings */ 18 # include <windows.h> 19 #endif 20 21 #include <openssl/e_os2.h> 22 #include <openssl/async.h> 23 #include <openssl/ssl.h> 24 25 #ifndef OPENSSL_NO_SOCK 26 27 /* 28 * With IPv6, it looks like Digital has mixed up the proper order of 29 * recursive header file inclusion, resulting in the compiler complaining 30 * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is 31 * needed to have fileno() declared correctly... So let's define u_int 32 */ 33 #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) 34 # define __U_INT 35 typedef unsigned int u_int; 36 #endif 37 38 #include <openssl/bn.h> 39 #include "apps.h" 40 #include "progs.h" 41 #include <openssl/err.h> 42 #include <openssl/pem.h> 43 #include <openssl/x509.h> 44 #include <openssl/ssl.h> 45 #include <openssl/rand.h> 46 #include <openssl/ocsp.h> 47 #ifndef OPENSSL_NO_DH 48 # include <openssl/dh.h> 49 #endif 50 #ifndef OPENSSL_NO_RSA 51 # include <openssl/rsa.h> 52 #endif 53 #ifndef OPENSSL_NO_SRP 54 # include <openssl/srp.h> 55 #endif 56 #include "s_apps.h" 57 #include "timeouts.h" 58 #ifdef CHARSET_EBCDIC 59 #include <openssl/ebcdic.h> 60 #endif 61 #include "internal/sockets.h" 62 63 static int not_resumable_sess_cb(SSL *s, int is_forward_secure); 64 static int sv_body(int s, int stype, int prot, unsigned char *context); 65 static int www_body(int s, int stype, int prot, unsigned char *context); 66 static int rev_body(int s, int stype, int prot, unsigned char *context); 67 static void close_accept_socket(void); 68 static int init_ssl_connection(SSL *s); 69 static void print_stats(BIO *bp, SSL_CTX *ctx); 70 static int generate_session_id(SSL *ssl, unsigned char *id, 71 unsigned int *id_len); 72 static void init_session_cache_ctx(SSL_CTX *sctx); 73 static void free_sessions(void); 74 #ifndef OPENSSL_NO_DH 75 static DH *load_dh_param(const char *dhfile); 76 #endif 77 static void print_connection_info(SSL *con); 78 79 static const int bufsize = 16 * 1024; 80 static int accept_socket = -1; 81 82 #define TEST_CERT "server.pem" 83 #define TEST_CERT2 "server2.pem" 84 85 static int s_nbio = 0; 86 static int s_nbio_test = 0; 87 static int s_crlf = 0; 88 static SSL_CTX *ctx = NULL; 89 static SSL_CTX *ctx2 = NULL; 90 static int www = 0; 91 92 static BIO *bio_s_out = NULL; 93 static BIO *bio_s_msg = NULL; 94 static int s_debug = 0; 95 static int s_tlsextdebug = 0; 96 static int s_msg = 0; 97 static int s_quiet = 0; 98 static int s_ign_eof = 0; 99 static int s_brief = 0; 100 101 static char *keymatexportlabel = NULL; 102 static int keymatexportlen = 20; 103 104 static int async = 0; 105 106 static const char *session_id_prefix = NULL; 107 108 #ifndef OPENSSL_NO_DTLS 109 static int enable_timeouts = 0; 110 static long socket_mtu; 111 #endif 112 113 /* 114 * We define this but make it always be 0 in no-dtls builds to simplify the 115 * code. 116 */ 117 static int dtlslisten = 0; 118 static int stateless = 0; 119 120 static int early_data = 0; 121 static SSL_SESSION *psksess = NULL; 122 123 static char *psk_identity = "Client_identity"; 124 char *psk_key = NULL; /* by default PSK is not used */ 125 126 #ifndef OPENSSL_NO_PSK 127 static unsigned int psk_server_cb(SSL *ssl, const char *identity, 128 unsigned char *psk, 129 unsigned int max_psk_len) 130 { 131 long key_len = 0; 132 unsigned char *key; 133 134 if (s_debug) 135 BIO_printf(bio_s_out, "psk_server_cb\n"); 136 if (identity == NULL) { 137 BIO_printf(bio_err, "Error: client did not send PSK identity\n"); 138 goto out_err; 139 } 140 if (s_debug) 141 BIO_printf(bio_s_out, "identity_len=%d identity=%s\n", 142 (int)strlen(identity), identity); 143 144 /* here we could lookup the given identity e.g. from a database */ 145 if (strcmp(identity, psk_identity) != 0) { 146 BIO_printf(bio_s_out, "PSK warning: client identity not what we expected" 147 " (got '%s' expected '%s')\n", identity, psk_identity); 148 } else { 149 if (s_debug) 150 BIO_printf(bio_s_out, "PSK client identity found\n"); 151 } 152 153 /* convert the PSK key to binary */ 154 key = OPENSSL_hexstr2buf(psk_key, &key_len); 155 if (key == NULL) { 156 BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n", 157 psk_key); 158 return 0; 159 } 160 if (key_len > (int)max_psk_len) { 161 BIO_printf(bio_err, 162 "psk buffer of callback is too small (%d) for key (%ld)\n", 163 max_psk_len, key_len); 164 OPENSSL_free(key); 165 return 0; 166 } 167 168 memcpy(psk, key, key_len); 169 OPENSSL_free(key); 170 171 if (s_debug) 172 BIO_printf(bio_s_out, "fetched PSK len=%ld\n", key_len); 173 return key_len; 174 out_err: 175 if (s_debug) 176 BIO_printf(bio_err, "Error in PSK server callback\n"); 177 (void)BIO_flush(bio_err); 178 (void)BIO_flush(bio_s_out); 179 return 0; 180 } 181 #endif 182 183 #define TLS13_AES_128_GCM_SHA256_BYTES ((const unsigned char *)"\x13\x01") 184 #define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02") 185 186 static int psk_find_session_cb(SSL *ssl, const unsigned char *identity, 187 size_t identity_len, SSL_SESSION **sess) 188 { 189 SSL_SESSION *tmpsess = NULL; 190 unsigned char *key; 191 long key_len; 192 const SSL_CIPHER *cipher = NULL; 193 194 if (strlen(psk_identity) != identity_len 195 || memcmp(psk_identity, identity, identity_len) != 0) { 196 BIO_printf(bio_s_out, 197 "PSK warning: client identity not what we expected" 198 " (got '%s' expected '%s')\n", identity, psk_identity); 199 } 200 201 if (psksess != NULL) { 202 SSL_SESSION_up_ref(psksess); 203 *sess = psksess; 204 return 1; 205 } 206 207 key = OPENSSL_hexstr2buf(psk_key, &key_len); 208 if (key == NULL) { 209 BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n", 210 psk_key); 211 return 0; 212 } 213 214 /* We default to SHA256 */ 215 cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id); 216 if (cipher == NULL) { 217 BIO_printf(bio_err, "Error finding suitable ciphersuite\n"); 218 OPENSSL_free(key); 219 return 0; 220 } 221 222 tmpsess = SSL_SESSION_new(); 223 if (tmpsess == NULL 224 || !SSL_SESSION_set1_master_key(tmpsess, key, key_len) 225 || !SSL_SESSION_set_cipher(tmpsess, cipher) 226 || !SSL_SESSION_set_protocol_version(tmpsess, SSL_version(ssl))) { 227 OPENSSL_free(key); 228 return 0; 229 } 230 OPENSSL_free(key); 231 *sess = tmpsess; 232 233 return 1; 234 } 235 236 #ifndef OPENSSL_NO_SRP 237 /* This is a context that we pass to callbacks */ 238 typedef struct srpsrvparm_st { 239 char *login; 240 SRP_VBASE *vb; 241 SRP_user_pwd *user; 242 } srpsrvparm; 243 static srpsrvparm srp_callback_parm; 244 245 /* 246 * This callback pretends to require some asynchronous logic in order to 247 * obtain a verifier. When the callback is called for a new connection we 248 * return with a negative value. This will provoke the accept etc to return 249 * with an LOOKUP_X509. The main logic of the reinvokes the suspended call 250 * (which would normally occur after a worker has finished) and we set the 251 * user parameters. 252 */ 253 static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) 254 { 255 srpsrvparm *p = (srpsrvparm *) arg; 256 int ret = SSL3_AL_FATAL; 257 258 if (p->login == NULL && p->user == NULL) { 259 p->login = SSL_get_srp_username(s); 260 BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login); 261 return -1; 262 } 263 264 if (p->user == NULL) { 265 BIO_printf(bio_err, "User %s doesn't exist\n", p->login); 266 goto err; 267 } 268 269 if (SSL_set_srp_server_param 270 (s, p->user->N, p->user->g, p->user->s, p->user->v, 271 p->user->info) < 0) { 272 *ad = SSL_AD_INTERNAL_ERROR; 273 goto err; 274 } 275 BIO_printf(bio_err, 276 "SRP parameters set: username = \"%s\" info=\"%s\" \n", 277 p->login, p->user->info); 278 ret = SSL_ERROR_NONE; 279 280 err: 281 SRP_user_pwd_free(p->user); 282 p->user = NULL; 283 p->login = NULL; 284 return ret; 285 } 286 287 #endif 288 289 static int local_argc = 0; 290 static char **local_argv; 291 292 #ifdef CHARSET_EBCDIC 293 static int ebcdic_new(BIO *bi); 294 static int ebcdic_free(BIO *a); 295 static int ebcdic_read(BIO *b, char *out, int outl); 296 static int ebcdic_write(BIO *b, const char *in, int inl); 297 static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr); 298 static int ebcdic_gets(BIO *bp, char *buf, int size); 299 static int ebcdic_puts(BIO *bp, const char *str); 300 301 # define BIO_TYPE_EBCDIC_FILTER (18|0x0200) 302 static BIO_METHOD *methods_ebcdic = NULL; 303 304 /* This struct is "unwarranted chumminess with the compiler." */ 305 typedef struct { 306 size_t alloced; 307 char buff[1]; 308 } EBCDIC_OUTBUFF; 309 310 static const BIO_METHOD *BIO_f_ebcdic_filter() 311 { 312 if (methods_ebcdic == NULL) { 313 methods_ebcdic = BIO_meth_new(BIO_TYPE_EBCDIC_FILTER, 314 "EBCDIC/ASCII filter"); 315 if (methods_ebcdic == NULL 316 || !BIO_meth_set_write(methods_ebcdic, ebcdic_write) 317 || !BIO_meth_set_read(methods_ebcdic, ebcdic_read) 318 || !BIO_meth_set_puts(methods_ebcdic, ebcdic_puts) 319 || !BIO_meth_set_gets(methods_ebcdic, ebcdic_gets) 320 || !BIO_meth_set_ctrl(methods_ebcdic, ebcdic_ctrl) 321 || !BIO_meth_set_create(methods_ebcdic, ebcdic_new) 322 || !BIO_meth_set_destroy(methods_ebcdic, ebcdic_free)) 323 return NULL; 324 } 325 return methods_ebcdic; 326 } 327 328 static int ebcdic_new(BIO *bi) 329 { 330 EBCDIC_OUTBUFF *wbuf; 331 332 wbuf = app_malloc(sizeof(*wbuf) + 1024, "ebcdic wbuf"); 333 wbuf->alloced = 1024; 334 wbuf->buff[0] = '\0'; 335 336 BIO_set_data(bi, wbuf); 337 BIO_set_init(bi, 1); 338 return 1; 339 } 340 341 static int ebcdic_free(BIO *a) 342 { 343 EBCDIC_OUTBUFF *wbuf; 344 345 if (a == NULL) 346 return 0; 347 wbuf = BIO_get_data(a); 348 OPENSSL_free(wbuf); 349 BIO_set_data(a, NULL); 350 BIO_set_init(a, 0); 351 352 return 1; 353 } 354 355 static int ebcdic_read(BIO *b, char *out, int outl) 356 { 357 int ret = 0; 358 BIO *next = BIO_next(b); 359 360 if (out == NULL || outl == 0) 361 return 0; 362 if (next == NULL) 363 return 0; 364 365 ret = BIO_read(next, out, outl); 366 if (ret > 0) 367 ascii2ebcdic(out, out, ret); 368 return ret; 369 } 370 371 static int ebcdic_write(BIO *b, const char *in, int inl) 372 { 373 EBCDIC_OUTBUFF *wbuf; 374 BIO *next = BIO_next(b); 375 int ret = 0; 376 int num; 377 378 if ((in == NULL) || (inl <= 0)) 379 return 0; 380 if (next == NULL) 381 return 0; 382 383 wbuf = (EBCDIC_OUTBUFF *) BIO_get_data(b); 384 385 if (inl > (num = wbuf->alloced)) { 386 num = num + num; /* double the size */ 387 if (num < inl) 388 num = inl; 389 OPENSSL_free(wbuf); 390 wbuf = app_malloc(sizeof(*wbuf) + num, "grow ebcdic wbuf"); 391 392 wbuf->alloced = num; 393 wbuf->buff[0] = '\0'; 394 395 BIO_set_data(b, wbuf); 396 } 397 398 ebcdic2ascii(wbuf->buff, in, inl); 399 400 ret = BIO_write(next, wbuf->buff, inl); 401 402 return ret; 403 } 404 405 static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr) 406 { 407 long ret; 408 BIO *next = BIO_next(b); 409 410 if (next == NULL) 411 return 0; 412 switch (cmd) { 413 case BIO_CTRL_DUP: 414 ret = 0L; 415 break; 416 default: 417 ret = BIO_ctrl(next, cmd, num, ptr); 418 break; 419 } 420 return ret; 421 } 422 423 static int ebcdic_gets(BIO *bp, char *buf, int size) 424 { 425 int i, ret = 0; 426 BIO *next = BIO_next(bp); 427 428 if (next == NULL) 429 return 0; 430 /* return(BIO_gets(bp->next_bio,buf,size));*/ 431 for (i = 0; i < size - 1; ++i) { 432 ret = ebcdic_read(bp, &buf[i], 1); 433 if (ret <= 0) 434 break; 435 else if (buf[i] == '\n') { 436 ++i; 437 break; 438 } 439 } 440 if (i < size) 441 buf[i] = '\0'; 442 return (ret < 0 && i == 0) ? ret : i; 443 } 444 445 static int ebcdic_puts(BIO *bp, const char *str) 446 { 447 if (BIO_next(bp) == NULL) 448 return 0; 449 return ebcdic_write(bp, str, strlen(str)); 450 } 451 #endif 452 453 /* This is a context that we pass to callbacks */ 454 typedef struct tlsextctx_st { 455 char *servername; 456 BIO *biodebug; 457 int extension_error; 458 } tlsextctx; 459 460 static int ssl_servername_cb(SSL *s, int *ad, void *arg) 461 { 462 tlsextctx *p = (tlsextctx *) arg; 463 const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); 464 465 if (servername != NULL && p->biodebug != NULL) { 466 const char *cp = servername; 467 unsigned char uc; 468 469 BIO_printf(p->biodebug, "Hostname in TLS extension: \""); 470 while ((uc = *cp++) != 0) 471 BIO_printf(p->biodebug, 472 isascii(uc) && isprint(uc) ? "%c" : "\\x%02x", uc); 473 BIO_printf(p->biodebug, "\"\n"); 474 } 475 476 if (p->servername == NULL) 477 return SSL_TLSEXT_ERR_NOACK; 478 479 if (servername != NULL) { 480 if (strcasecmp(servername, p->servername)) 481 return p->extension_error; 482 if (ctx2 != NULL) { 483 BIO_printf(p->biodebug, "Switching server context.\n"); 484 SSL_set_SSL_CTX(s, ctx2); 485 } 486 } 487 return SSL_TLSEXT_ERR_OK; 488 } 489 490 /* Structure passed to cert status callback */ 491 typedef struct tlsextstatusctx_st { 492 int timeout; 493 /* File to load OCSP Response from (or NULL if no file) */ 494 char *respin; 495 /* Default responder to use */ 496 char *host, *path, *port; 497 int use_ssl; 498 int verbose; 499 } tlsextstatusctx; 500 501 static tlsextstatusctx tlscstatp = { -1 }; 502 503 #ifndef OPENSSL_NO_OCSP 504 505 /* 506 * Helper function to get an OCSP_RESPONSE from a responder. This is a 507 * simplified version. It examines certificates each time and makes one OCSP 508 * responder query for each request. A full version would store details such as 509 * the OCSP certificate IDs and minimise the number of OCSP responses by caching 510 * them until they were considered "expired". 511 */ 512 static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx, 513 OCSP_RESPONSE **resp) 514 { 515 char *host = NULL, *port = NULL, *path = NULL; 516 int use_ssl; 517 STACK_OF(OPENSSL_STRING) *aia = NULL; 518 X509 *x = NULL; 519 X509_STORE_CTX *inctx = NULL; 520 X509_OBJECT *obj; 521 OCSP_REQUEST *req = NULL; 522 OCSP_CERTID *id = NULL; 523 STACK_OF(X509_EXTENSION) *exts; 524 int ret = SSL_TLSEXT_ERR_NOACK; 525 int i; 526 527 /* Build up OCSP query from server certificate */ 528 x = SSL_get_certificate(s); 529 aia = X509_get1_ocsp(x); 530 if (aia != NULL) { 531 if (!OCSP_parse_url(sk_OPENSSL_STRING_value(aia, 0), 532 &host, &port, &path, &use_ssl)) { 533 BIO_puts(bio_err, "cert_status: can't parse AIA URL\n"); 534 goto err; 535 } 536 if (srctx->verbose) 537 BIO_printf(bio_err, "cert_status: AIA URL: %s\n", 538 sk_OPENSSL_STRING_value(aia, 0)); 539 } else { 540 if (srctx->host == NULL) { 541 BIO_puts(bio_err, 542 "cert_status: no AIA and no default responder URL\n"); 543 goto done; 544 } 545 host = srctx->host; 546 path = srctx->path; 547 port = srctx->port; 548 use_ssl = srctx->use_ssl; 549 } 550 551 inctx = X509_STORE_CTX_new(); 552 if (inctx == NULL) 553 goto err; 554 if (!X509_STORE_CTX_init(inctx, 555 SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)), 556 NULL, NULL)) 557 goto err; 558 obj = X509_STORE_CTX_get_obj_by_subject(inctx, X509_LU_X509, 559 X509_get_issuer_name(x)); 560 if (obj == NULL) { 561 BIO_puts(bio_err, "cert_status: Can't retrieve issuer certificate.\n"); 562 goto done; 563 } 564 id = OCSP_cert_to_id(NULL, x, X509_OBJECT_get0_X509(obj)); 565 X509_OBJECT_free(obj); 566 if (id == NULL) 567 goto err; 568 req = OCSP_REQUEST_new(); 569 if (req == NULL) 570 goto err; 571 if (!OCSP_request_add0_id(req, id)) 572 goto err; 573 id = NULL; 574 /* Add any extensions to the request */ 575 SSL_get_tlsext_status_exts(s, &exts); 576 for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) { 577 X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i); 578 if (!OCSP_REQUEST_add_ext(req, ext, -1)) 579 goto err; 580 } 581 *resp = process_responder(req, host, path, port, use_ssl, NULL, 582 srctx->timeout); 583 if (*resp == NULL) { 584 BIO_puts(bio_err, "cert_status: error querying responder\n"); 585 goto done; 586 } 587 588 ret = SSL_TLSEXT_ERR_OK; 589 goto done; 590 591 err: 592 ret = SSL_TLSEXT_ERR_ALERT_FATAL; 593 done: 594 /* 595 * If we parsed aia we need to free; otherwise they were copied and we 596 * don't 597 */ 598 if (aia != NULL) { 599 OPENSSL_free(host); 600 OPENSSL_free(path); 601 OPENSSL_free(port); 602 X509_email_free(aia); 603 } 604 OCSP_CERTID_free(id); 605 OCSP_REQUEST_free(req); 606 X509_STORE_CTX_free(inctx); 607 return ret; 608 } 609 610 /* 611 * Certificate Status callback. This is called when a client includes a 612 * certificate status request extension. The response is either obtained from a 613 * file, or from an OCSP responder. 614 */ 615 static int cert_status_cb(SSL *s, void *arg) 616 { 617 tlsextstatusctx *srctx = arg; 618 OCSP_RESPONSE *resp = NULL; 619 unsigned char *rspder = NULL; 620 int rspderlen; 621 int ret = SSL_TLSEXT_ERR_ALERT_FATAL; 622 623 if (srctx->verbose) 624 BIO_puts(bio_err, "cert_status: callback called\n"); 625 626 if (srctx->respin != NULL) { 627 BIO *derbio = bio_open_default(srctx->respin, 'r', FORMAT_ASN1); 628 if (derbio == NULL) { 629 BIO_puts(bio_err, "cert_status: Cannot open OCSP response file\n"); 630 goto err; 631 } 632 resp = d2i_OCSP_RESPONSE_bio(derbio, NULL); 633 BIO_free(derbio); 634 if (resp == NULL) { 635 BIO_puts(bio_err, "cert_status: Error reading OCSP response\n"); 636 goto err; 637 } 638 } else { 639 ret = get_ocsp_resp_from_responder(s, srctx, &resp); 640 if (ret != SSL_TLSEXT_ERR_OK) 641 goto err; 642 } 643 644 rspderlen = i2d_OCSP_RESPONSE(resp, &rspder); 645 if (rspderlen <= 0) 646 goto err; 647 648 SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen); 649 if (srctx->verbose) { 650 BIO_puts(bio_err, "cert_status: ocsp response sent:\n"); 651 OCSP_RESPONSE_print(bio_err, resp, 2); 652 } 653 654 ret = SSL_TLSEXT_ERR_OK; 655 656 err: 657 if (ret != SSL_TLSEXT_ERR_OK) 658 ERR_print_errors(bio_err); 659 660 OCSP_RESPONSE_free(resp); 661 662 return ret; 663 } 664 #endif 665 666 #ifndef OPENSSL_NO_NEXTPROTONEG 667 /* This is the context that we pass to next_proto_cb */ 668 typedef struct tlsextnextprotoctx_st { 669 unsigned char *data; 670 size_t len; 671 } tlsextnextprotoctx; 672 673 static int next_proto_cb(SSL *s, const unsigned char **data, 674 unsigned int *len, void *arg) 675 { 676 tlsextnextprotoctx *next_proto = arg; 677 678 *data = next_proto->data; 679 *len = next_proto->len; 680 681 return SSL_TLSEXT_ERR_OK; 682 } 683 #endif /* ndef OPENSSL_NO_NEXTPROTONEG */ 684 685 /* This the context that we pass to alpn_cb */ 686 typedef struct tlsextalpnctx_st { 687 unsigned char *data; 688 size_t len; 689 } tlsextalpnctx; 690 691 static int alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen, 692 const unsigned char *in, unsigned int inlen, void *arg) 693 { 694 tlsextalpnctx *alpn_ctx = arg; 695 696 if (!s_quiet) { 697 /* We can assume that |in| is syntactically valid. */ 698 unsigned int i; 699 BIO_printf(bio_s_out, "ALPN protocols advertised by the client: "); 700 for (i = 0; i < inlen;) { 701 if (i) 702 BIO_write(bio_s_out, ", ", 2); 703 BIO_write(bio_s_out, &in[i + 1], in[i]); 704 i += in[i] + 1; 705 } 706 BIO_write(bio_s_out, "\n", 1); 707 } 708 709 if (SSL_select_next_proto 710 ((unsigned char **)out, outlen, alpn_ctx->data, alpn_ctx->len, in, 711 inlen) != OPENSSL_NPN_NEGOTIATED) { 712 return SSL_TLSEXT_ERR_NOACK; 713 } 714 715 if (!s_quiet) { 716 BIO_printf(bio_s_out, "ALPN protocols selected: "); 717 BIO_write(bio_s_out, *out, *outlen); 718 BIO_write(bio_s_out, "\n", 1); 719 } 720 721 return SSL_TLSEXT_ERR_OK; 722 } 723 724 static int not_resumable_sess_cb(SSL *s, int is_forward_secure) 725 { 726 /* disable resumption for sessions with forward secure ciphers */ 727 return is_forward_secure; 728 } 729 730 typedef enum OPTION_choice { 731 OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ENGINE, 732 OPT_4, OPT_6, OPT_ACCEPT, OPT_PORT, OPT_UNIX, OPT_UNLINK, OPT_NACCEPT, 733 OPT_VERIFY, OPT_NAMEOPT, OPT_UPPER_V_VERIFY, OPT_CONTEXT, OPT_CERT, OPT_CRL, 734 OPT_CRL_DOWNLOAD, OPT_SERVERINFO, OPT_CERTFORM, OPT_KEY, OPT_KEYFORM, 735 OPT_PASS, OPT_CERT_CHAIN, OPT_DHPARAM, OPT_DCERTFORM, OPT_DCERT, 736 OPT_DKEYFORM, OPT_DPASS, OPT_DKEY, OPT_DCERT_CHAIN, OPT_NOCERT, 737 OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH, OPT_NO_CACHE, 738 OPT_EXT_CACHE, OPT_CRLFORM, OPT_VERIFY_RET_ERROR, OPT_VERIFY_QUIET, 739 OPT_BUILD_CHAIN, OPT_CAFILE, OPT_NOCAFILE, OPT_CHAINCAFILE, 740 OPT_VERIFYCAFILE, OPT_NBIO, OPT_NBIO_TEST, OPT_IGN_EOF, OPT_NO_IGN_EOF, 741 OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_STATUS, OPT_STATUS_VERBOSE, 742 OPT_STATUS_TIMEOUT, OPT_STATUS_URL, OPT_STATUS_FILE, OPT_MSG, OPT_MSGFILE, 743 OPT_TRACE, OPT_SECURITY_DEBUG, OPT_SECURITY_DEBUG_VERBOSE, OPT_STATE, 744 OPT_CRLF, OPT_QUIET, OPT_BRIEF, OPT_NO_DHE, 745 OPT_NO_RESUME_EPHEMERAL, OPT_PSK_IDENTITY, OPT_PSK_HINT, OPT_PSK, 746 OPT_PSK_SESS, OPT_SRPVFILE, OPT_SRPUSERSEED, OPT_REV, OPT_WWW, 747 OPT_UPPER_WWW, OPT_HTTP, OPT_ASYNC, OPT_SSL_CONFIG, 748 OPT_MAX_SEND_FRAG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF, 749 OPT_SSL3, OPT_TLS1_3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, 750 OPT_DTLS1_2, OPT_SCTP, OPT_TIMEOUT, OPT_MTU, OPT_LISTEN, OPT_STATELESS, 751 OPT_ID_PREFIX, OPT_SERVERNAME, OPT_SERVERNAME_FATAL, 752 OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN, 753 OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, 754 OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_RECV_MAX_EARLY, OPT_EARLY_DATA, 755 OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, 756 OPT_R_ENUM, 757 OPT_S_ENUM, 758 OPT_V_ENUM, 759 OPT_X_ENUM 760 } OPTION_CHOICE; 761 762 const OPTIONS s_server_options[] = { 763 {"help", OPT_HELP, '-', "Display this summary"}, 764 {"port", OPT_PORT, 'p', 765 "TCP/IP port to listen on for connections (default is " PORT ")"}, 766 {"accept", OPT_ACCEPT, 's', 767 "TCP/IP optional host and port to listen on for connections (default is *:" PORT ")"}, 768 #ifdef AF_UNIX 769 {"unix", OPT_UNIX, 's', "Unix domain socket to accept on"}, 770 #endif 771 {"4", OPT_4, '-', "Use IPv4 only"}, 772 {"6", OPT_6, '-', "Use IPv6 only"}, 773 #ifdef AF_UNIX 774 {"unlink", OPT_UNLINK, '-', "For -unix, unlink existing socket first"}, 775 #endif 776 {"context", OPT_CONTEXT, 's', "Set session ID context"}, 777 {"verify", OPT_VERIFY, 'n', "Turn on peer certificate verification"}, 778 {"Verify", OPT_UPPER_V_VERIFY, 'n', 779 "Turn on peer certificate verification, must have a cert"}, 780 {"cert", OPT_CERT, '<', "Certificate file to use; default is " TEST_CERT}, 781 {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"}, 782 {"naccept", OPT_NACCEPT, 'p', "Terminate after #num connections"}, 783 {"serverinfo", OPT_SERVERINFO, 's', 784 "PEM serverinfo file for certificate"}, 785 {"certform", OPT_CERTFORM, 'F', 786 "Certificate format (PEM or DER) PEM default"}, 787 {"key", OPT_KEY, 's', 788 "Private Key if not in -cert; default is " TEST_CERT}, 789 {"keyform", OPT_KEYFORM, 'f', 790 "Key format (PEM, DER or ENGINE) PEM default"}, 791 {"pass", OPT_PASS, 's', "Private key file pass phrase source"}, 792 {"dcert", OPT_DCERT, '<', 793 "Second certificate file to use (usually for DSA)"}, 794 {"dhparam", OPT_DHPARAM, '<', "DH parameters file to use"}, 795 {"dcertform", OPT_DCERTFORM, 'F', 796 "Second certificate format (PEM or DER) PEM default"}, 797 {"dkey", OPT_DKEY, '<', 798 "Second private key file to use (usually for DSA)"}, 799 {"dkeyform", OPT_DKEYFORM, 'F', 800 "Second key format (PEM, DER or ENGINE) PEM default"}, 801 {"dpass", OPT_DPASS, 's', "Second private key file pass phrase source"}, 802 {"nbio_test", OPT_NBIO_TEST, '-', "Test with the non-blocking test bio"}, 803 {"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"}, 804 {"debug", OPT_DEBUG, '-', "Print more output"}, 805 {"msg", OPT_MSG, '-', "Show protocol messages"}, 806 {"msgfile", OPT_MSGFILE, '>', 807 "File to send output of -msg or -trace, instead of stdout"}, 808 {"state", OPT_STATE, '-', "Print the SSL states"}, 809 {"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"}, 810 {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"}, 811 {"no-CAfile", OPT_NOCAFILE, '-', 812 "Do not load the default certificates file"}, 813 {"no-CApath", OPT_NOCAPATH, '-', 814 "Do not load certificates from the default certificates directory"}, 815 {"nocert", OPT_NOCERT, '-', "Don't use any certificates (Anon-DH)"}, 816 {"quiet", OPT_QUIET, '-', "No server output"}, 817 {"no_resume_ephemeral", OPT_NO_RESUME_EPHEMERAL, '-', 818 "Disable caching and tickets if ephemeral (EC)DH is used"}, 819 {"www", OPT_WWW, '-', "Respond to a 'GET /' with a status page"}, 820 {"WWW", OPT_UPPER_WWW, '-', "Respond to a 'GET with the file ./path"}, 821 {"servername", OPT_SERVERNAME, 's', 822 "Servername for HostName TLS extension"}, 823 {"servername_fatal", OPT_SERVERNAME_FATAL, '-', 824 "mismatch send fatal alert (default warning alert)"}, 825 {"cert2", OPT_CERT2, '<', 826 "Certificate file to use for servername; default is" TEST_CERT2}, 827 {"key2", OPT_KEY2, '<', 828 "-Private Key file to use for servername if not in -cert2"}, 829 {"tlsextdebug", OPT_TLSEXTDEBUG, '-', 830 "Hex dump of all TLS extensions received"}, 831 {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path includes HTTP headers"}, 832 {"id_prefix", OPT_ID_PREFIX, 's', 833 "Generate SSL/TLS session IDs prefixed by arg"}, 834 OPT_R_OPTIONS, 835 {"keymatexport", OPT_KEYMATEXPORT, 's', 836 "Export keying material using label"}, 837 {"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p', 838 "Export len bytes of keying material (default 20)"}, 839 {"CRL", OPT_CRL, '<', "CRL file to use"}, 840 {"crl_download", OPT_CRL_DOWNLOAD, '-', 841 "Download CRL from distribution points"}, 842 {"cert_chain", OPT_CERT_CHAIN, '<', 843 "certificate chain file in PEM format"}, 844 {"dcert_chain", OPT_DCERT_CHAIN, '<', 845 "second certificate chain file in PEM format"}, 846 {"chainCApath", OPT_CHAINCAPATH, '/', 847 "use dir as certificate store path to build CA certificate chain"}, 848 {"verifyCApath", OPT_VERIFYCAPATH, '/', 849 "use dir as certificate store path to verify CA certificate"}, 850 {"no_cache", OPT_NO_CACHE, '-', "Disable session cache"}, 851 {"ext_cache", OPT_EXT_CACHE, '-', 852 "Disable internal cache, setup and use external cache"}, 853 {"CRLform", OPT_CRLFORM, 'F', "CRL format (PEM or DER) PEM is default"}, 854 {"verify_return_error", OPT_VERIFY_RET_ERROR, '-', 855 "Close connection on verification error"}, 856 {"verify_quiet", OPT_VERIFY_QUIET, '-', 857 "No verify output except verify errors"}, 858 {"build_chain", OPT_BUILD_CHAIN, '-', "Build certificate chain"}, 859 {"chainCAfile", OPT_CHAINCAFILE, '<', 860 "CA file for certificate chain (PEM format)"}, 861 {"verifyCAfile", OPT_VERIFYCAFILE, '<', 862 "CA file for certificate verification (PEM format)"}, 863 {"ign_eof", OPT_IGN_EOF, '-', "ignore input eof (default when -quiet)"}, 864 {"no_ign_eof", OPT_NO_IGN_EOF, '-', "Do not ignore input eof"}, 865 #ifndef OPENSSL_NO_OCSP 866 {"status", OPT_STATUS, '-', "Request certificate status from server"}, 867 {"status_verbose", OPT_STATUS_VERBOSE, '-', 868 "Print more output in certificate status callback"}, 869 {"status_timeout", OPT_STATUS_TIMEOUT, 'n', 870 "Status request responder timeout"}, 871 {"status_url", OPT_STATUS_URL, 's', "Status request fallback URL"}, 872 {"status_file", OPT_STATUS_FILE, '<', 873 "File containing DER encoded OCSP Response"}, 874 #endif 875 #ifndef OPENSSL_NO_SSL_TRACE 876 {"trace", OPT_TRACE, '-', "trace protocol messages"}, 877 #endif 878 {"security_debug", OPT_SECURITY_DEBUG, '-', 879 "Print output from SSL/TLS security framework"}, 880 {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-', 881 "Print more output from SSL/TLS security framework"}, 882 {"brief", OPT_BRIEF, '-', 883 "Restrict output to brief summary of connection parameters"}, 884 {"rev", OPT_REV, '-', 885 "act as a simple test server which just sends back with the received text reversed"}, 886 {"async", OPT_ASYNC, '-', "Operate in asynchronous mode"}, 887 {"ssl_config", OPT_SSL_CONFIG, 's', 888 "Configure SSL_CTX using the configuration 'val'"}, 889 {"max_send_frag", OPT_MAX_SEND_FRAG, 'p', "Maximum Size of send frames "}, 890 {"split_send_frag", OPT_SPLIT_SEND_FRAG, 'p', 891 "Size used to split data for encrypt pipelines"}, 892 {"max_pipelines", OPT_MAX_PIPELINES, 'p', 893 "Maximum number of encrypt/decrypt pipelines to be used"}, 894 {"read_buf", OPT_READ_BUF, 'p', 895 "Default read buffer size to be used for connections"}, 896 OPT_S_OPTIONS, 897 OPT_V_OPTIONS, 898 OPT_X_OPTIONS, 899 {"nbio", OPT_NBIO, '-', "Use non-blocking IO"}, 900 {"psk_identity", OPT_PSK_IDENTITY, 's', "PSK identity to expect"}, 901 #ifndef OPENSSL_NO_PSK 902 {"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"}, 903 #endif 904 {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"}, 905 {"psk_session", OPT_PSK_SESS, '<', "File to read PSK SSL session from"}, 906 #ifndef OPENSSL_NO_SRP 907 {"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"}, 908 {"srpuserseed", OPT_SRPUSERSEED, 's', 909 "A seed string for a default user salt"}, 910 #endif 911 #ifndef OPENSSL_NO_SSL3 912 {"ssl3", OPT_SSL3, '-', "Just talk SSLv3"}, 913 #endif 914 #ifndef OPENSSL_NO_TLS1 915 {"tls1", OPT_TLS1, '-', "Just talk TLSv1"}, 916 #endif 917 #ifndef OPENSSL_NO_TLS1_1 918 {"tls1_1", OPT_TLS1_1, '-', "Just talk TLSv1.1"}, 919 #endif 920 #ifndef OPENSSL_NO_TLS1_2 921 {"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"}, 922 #endif 923 #ifndef OPENSSL_NO_TLS1_3 924 {"tls1_3", OPT_TLS1_3, '-', "just talk TLSv1.3"}, 925 #endif 926 #ifndef OPENSSL_NO_DTLS 927 {"dtls", OPT_DTLS, '-', "Use any DTLS version"}, 928 {"timeout", OPT_TIMEOUT, '-', "Enable timeouts"}, 929 {"mtu", OPT_MTU, 'p', "Set link layer MTU"}, 930 {"listen", OPT_LISTEN, '-', 931 "Listen for a DTLS ClientHello with a cookie and then connect"}, 932 #endif 933 {"stateless", OPT_STATELESS, '-', "Require TLSv1.3 cookies"}, 934 #ifndef OPENSSL_NO_DTLS1 935 {"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"}, 936 #endif 937 #ifndef OPENSSL_NO_DTLS1_2 938 {"dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2"}, 939 #endif 940 #ifndef OPENSSL_NO_SCTP 941 {"sctp", OPT_SCTP, '-', "Use SCTP"}, 942 #endif 943 #ifndef OPENSSL_NO_DH 944 {"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"}, 945 #endif 946 #ifndef OPENSSL_NO_NEXTPROTONEG 947 {"nextprotoneg", OPT_NEXTPROTONEG, 's', 948 "Set the advertised protocols for the NPN extension (comma-separated list)"}, 949 #endif 950 #ifndef OPENSSL_NO_SRTP 951 {"use_srtp", OPT_SRTP_PROFILES, 's', 952 "Offer SRTP key management with a colon-separated profile list"}, 953 #endif 954 {"alpn", OPT_ALPN, 's', 955 "Set the advertised protocols for the ALPN extension (comma-separated list)"}, 956 #ifndef OPENSSL_NO_ENGINE 957 {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, 958 #endif 959 {"keylogfile", OPT_KEYLOG_FILE, '>', "Write TLS secrets to file"}, 960 {"max_early_data", OPT_MAX_EARLY, 'n', 961 "The maximum number of bytes of early data as advertised in tickets"}, 962 {"recv_max_early_data", OPT_RECV_MAX_EARLY, 'n', 963 "The maximum number of bytes of early data (hard limit)"}, 964 {"early_data", OPT_EARLY_DATA, '-', "Attempt to read early data"}, 965 {"num_tickets", OPT_S_NUM_TICKETS, 'n', 966 "The number of TLSv1.3 session tickets that a server will automatically issue" }, 967 {"anti_replay", OPT_ANTI_REPLAY, '-', "Switch on anti-replay protection (default)"}, 968 {"no_anti_replay", OPT_NO_ANTI_REPLAY, '-', "Switch off anti-replay protection"}, 969 {NULL, OPT_EOF, 0, NULL} 970 }; 971 972 #define IS_PROT_FLAG(o) \ 973 (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \ 974 || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2) 975 976 int s_server_main(int argc, char *argv[]) 977 { 978 ENGINE *engine = NULL; 979 EVP_PKEY *s_key = NULL, *s_dkey = NULL; 980 SSL_CONF_CTX *cctx = NULL; 981 const SSL_METHOD *meth = TLS_server_method(); 982 SSL_EXCERT *exc = NULL; 983 STACK_OF(OPENSSL_STRING) *ssl_args = NULL; 984 STACK_OF(X509) *s_chain = NULL, *s_dchain = NULL; 985 STACK_OF(X509_CRL) *crls = NULL; 986 X509 *s_cert = NULL, *s_dcert = NULL; 987 X509_VERIFY_PARAM *vpm = NULL; 988 const char *CApath = NULL, *CAfile = NULL, *chCApath = NULL, *chCAfile = NULL; 989 char *dpassarg = NULL, *dpass = NULL; 990 char *passarg = NULL, *pass = NULL, *vfyCApath = NULL, *vfyCAfile = NULL; 991 char *crl_file = NULL, *prog; 992 #ifdef AF_UNIX 993 int unlink_unix_path = 0; 994 #endif 995 do_server_cb server_cb; 996 int vpmtouched = 0, build_chain = 0, no_cache = 0, ext_cache = 0; 997 #ifndef OPENSSL_NO_DH 998 char *dhfile = NULL; 999 int no_dhe = 0; 1000 #endif 1001 int nocert = 0, ret = 1; 1002 int noCApath = 0, noCAfile = 0; 1003 int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; 1004 int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM; 1005 int rev = 0, naccept = -1, sdebug = 0; 1006 int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM, protocol = 0; 1007 int state = 0, crl_format = FORMAT_PEM, crl_download = 0; 1008 char *host = NULL; 1009 char *port = BUF_strdup(PORT); 1010 unsigned char *context = NULL; 1011 OPTION_CHOICE o; 1012 EVP_PKEY *s_key2 = NULL; 1013 X509 *s_cert2 = NULL; 1014 tlsextctx tlsextcbp = { NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING }; 1015 const char *ssl_config = NULL; 1016 int read_buf_len = 0; 1017 #ifndef OPENSSL_NO_NEXTPROTONEG 1018 const char *next_proto_neg_in = NULL; 1019 tlsextnextprotoctx next_proto = { NULL, 0 }; 1020 #endif 1021 const char *alpn_in = NULL; 1022 tlsextalpnctx alpn_ctx = { NULL, 0 }; 1023 #ifndef OPENSSL_NO_PSK 1024 /* by default do not send a PSK identity hint */ 1025 char *psk_identity_hint = NULL; 1026 #endif 1027 char *p; 1028 #ifndef OPENSSL_NO_SRP 1029 char *srpuserseed = NULL; 1030 char *srp_verifier_file = NULL; 1031 #endif 1032 #ifndef OPENSSL_NO_SRTP 1033 char *srtp_profiles = NULL; 1034 #endif 1035 int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0; 1036 int s_server_verify = SSL_VERIFY_NONE; 1037 int s_server_session_id_context = 1; /* anything will do */ 1038 const char *s_cert_file = TEST_CERT, *s_key_file = NULL, *s_chain_file = NULL; 1039 const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL; 1040 char *s_dcert_file = NULL, *s_dkey_file = NULL, *s_dchain_file = NULL; 1041 #ifndef OPENSSL_NO_OCSP 1042 int s_tlsextstatus = 0; 1043 #endif 1044 int no_resume_ephemeral = 0; 1045 unsigned int max_send_fragment = 0; 1046 unsigned int split_send_fragment = 0, max_pipelines = 0; 1047 const char *s_serverinfo_file = NULL; 1048 const char *keylog_file = NULL; 1049 int max_early_data = -1, recv_max_early_data = -1; 1050 char *psksessf = NULL; 1051 1052 /* Init of few remaining global variables */ 1053 local_argc = argc; 1054 local_argv = argv; 1055 1056 ctx = ctx2 = NULL; 1057 s_nbio = s_nbio_test = 0; 1058 www = 0; 1059 bio_s_out = NULL; 1060 s_debug = 0; 1061 s_msg = 0; 1062 s_quiet = 0; 1063 s_brief = 0; 1064 async = 0; 1065 1066 cctx = SSL_CONF_CTX_new(); 1067 vpm = X509_VERIFY_PARAM_new(); 1068 if (cctx == NULL || vpm == NULL) 1069 goto end; 1070 SSL_CONF_CTX_set_flags(cctx, 1071 SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CMDLINE); 1072 1073 prog = opt_init(argc, argv, s_server_options); 1074 while ((o = opt_next()) != OPT_EOF) { 1075 if (IS_PROT_FLAG(o) && ++prot_opt > 1) { 1076 BIO_printf(bio_err, "Cannot supply multiple protocol flags\n"); 1077 goto end; 1078 } 1079 if (IS_NO_PROT_FLAG(o)) 1080 no_prot_opt++; 1081 if (prot_opt == 1 && no_prot_opt) { 1082 BIO_printf(bio_err, 1083 "Cannot supply both a protocol flag and '-no_<prot>'\n"); 1084 goto end; 1085 } 1086 switch (o) { 1087 case OPT_EOF: 1088 case OPT_ERR: 1089 opthelp: 1090 BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); 1091 goto end; 1092 case OPT_HELP: 1093 opt_help(s_server_options); 1094 ret = 0; 1095 goto end; 1096 1097 case OPT_4: 1098 #ifdef AF_UNIX 1099 if (socket_family == AF_UNIX) { 1100 OPENSSL_free(host); host = NULL; 1101 OPENSSL_free(port); port = NULL; 1102 } 1103 #endif 1104 socket_family = AF_INET; 1105 break; 1106 case OPT_6: 1107 if (1) { 1108 #ifdef AF_INET6 1109 #ifdef AF_UNIX 1110 if (socket_family == AF_UNIX) { 1111 OPENSSL_free(host); host = NULL; 1112 OPENSSL_free(port); port = NULL; 1113 } 1114 #endif 1115 socket_family = AF_INET6; 1116 } else { 1117 #endif 1118 BIO_printf(bio_err, "%s: IPv6 domain sockets unsupported\n", prog); 1119 goto end; 1120 } 1121 break; 1122 case OPT_PORT: 1123 #ifdef AF_UNIX 1124 if (socket_family == AF_UNIX) { 1125 socket_family = AF_UNSPEC; 1126 } 1127 #endif 1128 OPENSSL_free(port); port = NULL; 1129 OPENSSL_free(host); host = NULL; 1130 if (BIO_parse_hostserv(opt_arg(), NULL, &port, BIO_PARSE_PRIO_SERV) < 1) { 1131 BIO_printf(bio_err, 1132 "%s: -port argument malformed or ambiguous\n", 1133 port); 1134 goto end; 1135 } 1136 break; 1137 case OPT_ACCEPT: 1138 #ifdef AF_UNIX 1139 if (socket_family == AF_UNIX) { 1140 socket_family = AF_UNSPEC; 1141 } 1142 #endif 1143 OPENSSL_free(port); port = NULL; 1144 OPENSSL_free(host); host = NULL; 1145 if (BIO_parse_hostserv(opt_arg(), &host, &port, BIO_PARSE_PRIO_SERV) < 1) { 1146 BIO_printf(bio_err, 1147 "%s: -accept argument malformed or ambiguous\n", 1148 port); 1149 goto end; 1150 } 1151 break; 1152 #ifdef AF_UNIX 1153 case OPT_UNIX: 1154 socket_family = AF_UNIX; 1155 OPENSSL_free(host); host = BUF_strdup(opt_arg()); 1156 OPENSSL_free(port); port = NULL; 1157 break; 1158 case OPT_UNLINK: 1159 unlink_unix_path = 1; 1160 break; 1161 #endif 1162 case OPT_NACCEPT: 1163 naccept = atol(opt_arg()); 1164 break; 1165 case OPT_VERIFY: 1166 s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; 1167 verify_args.depth = atoi(opt_arg()); 1168 if (!s_quiet) 1169 BIO_printf(bio_err, "verify depth is %d\n", verify_args.depth); 1170 break; 1171 case OPT_UPPER_V_VERIFY: 1172 s_server_verify = 1173 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | 1174 SSL_VERIFY_CLIENT_ONCE; 1175 verify_args.depth = atoi(opt_arg()); 1176 if (!s_quiet) 1177 BIO_printf(bio_err, 1178 "verify depth is %d, must return a certificate\n", 1179 verify_args.depth); 1180 break; 1181 case OPT_CONTEXT: 1182 context = (unsigned char *)opt_arg(); 1183 break; 1184 case OPT_CERT: 1185 s_cert_file = opt_arg(); 1186 break; 1187 case OPT_NAMEOPT: 1188 if (!set_nameopt(opt_arg())) 1189 goto end; 1190 break; 1191 case OPT_CRL: 1192 crl_file = opt_arg(); 1193 break; 1194 case OPT_CRL_DOWNLOAD: 1195 crl_download = 1; 1196 break; 1197 case OPT_SERVERINFO: 1198 s_serverinfo_file = opt_arg(); 1199 break; 1200 case OPT_CERTFORM: 1201 if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &s_cert_format)) 1202 goto opthelp; 1203 break; 1204 case OPT_KEY: 1205 s_key_file = opt_arg(); 1206 break; 1207 case OPT_KEYFORM: 1208 if (!opt_format(opt_arg(), OPT_FMT_ANY, &s_key_format)) 1209 goto opthelp; 1210 break; 1211 case OPT_PASS: 1212 passarg = opt_arg(); 1213 break; 1214 case OPT_CERT_CHAIN: 1215 s_chain_file = opt_arg(); 1216 break; 1217 case OPT_DHPARAM: 1218 #ifndef OPENSSL_NO_DH 1219 dhfile = opt_arg(); 1220 #endif 1221 break; 1222 case OPT_DCERTFORM: 1223 if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &s_dcert_format)) 1224 goto opthelp; 1225 break; 1226 case OPT_DCERT: 1227 s_dcert_file = opt_arg(); 1228 break; 1229 case OPT_DKEYFORM: 1230 if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &s_dkey_format)) 1231 goto opthelp; 1232 break; 1233 case OPT_DPASS: 1234 dpassarg = opt_arg(); 1235 break; 1236 case OPT_DKEY: 1237 s_dkey_file = opt_arg(); 1238 break; 1239 case OPT_DCERT_CHAIN: 1240 s_dchain_file = opt_arg(); 1241 break; 1242 case OPT_NOCERT: 1243 nocert = 1; 1244 break; 1245 case OPT_CAPATH: 1246 CApath = opt_arg(); 1247 break; 1248 case OPT_NOCAPATH: 1249 noCApath = 1; 1250 break; 1251 case OPT_CHAINCAPATH: 1252 chCApath = opt_arg(); 1253 break; 1254 case OPT_VERIFYCAPATH: 1255 vfyCApath = opt_arg(); 1256 break; 1257 case OPT_NO_CACHE: 1258 no_cache = 1; 1259 break; 1260 case OPT_EXT_CACHE: 1261 ext_cache = 1; 1262 break; 1263 case OPT_CRLFORM: 1264 if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &crl_format)) 1265 goto opthelp; 1266 break; 1267 case OPT_S_CASES: 1268 case OPT_S_NUM_TICKETS: 1269 case OPT_ANTI_REPLAY: 1270 case OPT_NO_ANTI_REPLAY: 1271 if (ssl_args == NULL) 1272 ssl_args = sk_OPENSSL_STRING_new_null(); 1273 if (ssl_args == NULL 1274 || !sk_OPENSSL_STRING_push(ssl_args, opt_flag()) 1275 || !sk_OPENSSL_STRING_push(ssl_args, opt_arg())) { 1276 BIO_printf(bio_err, "%s: Memory allocation failure\n", prog); 1277 goto end; 1278 } 1279 break; 1280 case OPT_V_CASES: 1281 if (!opt_verify(o, vpm)) 1282 goto end; 1283 vpmtouched++; 1284 break; 1285 case OPT_X_CASES: 1286 if (!args_excert(o, &exc)) 1287 goto end; 1288 break; 1289 case OPT_VERIFY_RET_ERROR: 1290 verify_args.return_error = 1; 1291 break; 1292 case OPT_VERIFY_QUIET: 1293 verify_args.quiet = 1; 1294 break; 1295 case OPT_BUILD_CHAIN: 1296 build_chain = 1; 1297 break; 1298 case OPT_CAFILE: 1299 CAfile = opt_arg(); 1300 break; 1301 case OPT_NOCAFILE: 1302 noCAfile = 1; 1303 break; 1304 case OPT_CHAINCAFILE: 1305 chCAfile = opt_arg(); 1306 break; 1307 case OPT_VERIFYCAFILE: 1308 vfyCAfile = opt_arg(); 1309 break; 1310 case OPT_NBIO: 1311 s_nbio = 1; 1312 break; 1313 case OPT_NBIO_TEST: 1314 s_nbio = s_nbio_test = 1; 1315 break; 1316 case OPT_IGN_EOF: 1317 s_ign_eof = 1; 1318 break; 1319 case OPT_NO_IGN_EOF: 1320 s_ign_eof = 0; 1321 break; 1322 case OPT_DEBUG: 1323 s_debug = 1; 1324 break; 1325 case OPT_TLSEXTDEBUG: 1326 s_tlsextdebug = 1; 1327 break; 1328 case OPT_STATUS: 1329 #ifndef OPENSSL_NO_OCSP 1330 s_tlsextstatus = 1; 1331 #endif 1332 break; 1333 case OPT_STATUS_VERBOSE: 1334 #ifndef OPENSSL_NO_OCSP 1335 s_tlsextstatus = tlscstatp.verbose = 1; 1336 #endif 1337 break; 1338 case OPT_STATUS_TIMEOUT: 1339 #ifndef OPENSSL_NO_OCSP 1340 s_tlsextstatus = 1; 1341 tlscstatp.timeout = atoi(opt_arg()); 1342 #endif 1343 break; 1344 case OPT_STATUS_URL: 1345 #ifndef OPENSSL_NO_OCSP 1346 s_tlsextstatus = 1; 1347 if (!OCSP_parse_url(opt_arg(), 1348 &tlscstatp.host, 1349 &tlscstatp.port, 1350 &tlscstatp.path, &tlscstatp.use_ssl)) { 1351 BIO_printf(bio_err, "Error parsing URL\n"); 1352 goto end; 1353 } 1354 #endif 1355 break; 1356 case OPT_STATUS_FILE: 1357 #ifndef OPENSSL_NO_OCSP 1358 s_tlsextstatus = 1; 1359 tlscstatp.respin = opt_arg(); 1360 #endif 1361 break; 1362 case OPT_MSG: 1363 s_msg = 1; 1364 break; 1365 case OPT_MSGFILE: 1366 bio_s_msg = BIO_new_file(opt_arg(), "w"); 1367 break; 1368 case OPT_TRACE: 1369 #ifndef OPENSSL_NO_SSL_TRACE 1370 s_msg = 2; 1371 #endif 1372 break; 1373 case OPT_SECURITY_DEBUG: 1374 sdebug = 1; 1375 break; 1376 case OPT_SECURITY_DEBUG_VERBOSE: 1377 sdebug = 2; 1378 break; 1379 case OPT_STATE: 1380 state = 1; 1381 break; 1382 case OPT_CRLF: 1383 s_crlf = 1; 1384 break; 1385 case OPT_QUIET: 1386 s_quiet = 1; 1387 break; 1388 case OPT_BRIEF: 1389 s_quiet = s_brief = verify_args.quiet = 1; 1390 break; 1391 case OPT_NO_DHE: 1392 #ifndef OPENSSL_NO_DH 1393 no_dhe = 1; 1394 #endif 1395 break; 1396 case OPT_NO_RESUME_EPHEMERAL: 1397 no_resume_ephemeral = 1; 1398 break; 1399 case OPT_PSK_IDENTITY: 1400 psk_identity = opt_arg(); 1401 break; 1402 case OPT_PSK_HINT: 1403 #ifndef OPENSSL_NO_PSK 1404 psk_identity_hint = opt_arg(); 1405 #endif 1406 break; 1407 case OPT_PSK: 1408 for (p = psk_key = opt_arg(); *p; p++) { 1409 if (isxdigit(_UC(*p))) 1410 continue; 1411 BIO_printf(bio_err, "Not a hex number '%s'\n", *argv); 1412 goto end; 1413 } 1414 break; 1415 case OPT_PSK_SESS: 1416 psksessf = opt_arg(); 1417 break; 1418 case OPT_SRPVFILE: 1419 #ifndef OPENSSL_NO_SRP 1420 srp_verifier_file = opt_arg(); 1421 if (min_version < TLS1_VERSION) 1422 min_version = TLS1_VERSION; 1423 #endif 1424 break; 1425 case OPT_SRPUSERSEED: 1426 #ifndef OPENSSL_NO_SRP 1427 srpuserseed = opt_arg(); 1428 if (min_version < TLS1_VERSION) 1429 min_version = TLS1_VERSION; 1430 #endif 1431 break; 1432 case OPT_REV: 1433 rev = 1; 1434 break; 1435 case OPT_WWW: 1436 www = 1; 1437 break; 1438 case OPT_UPPER_WWW: 1439 www = 2; 1440 break; 1441 case OPT_HTTP: 1442 www = 3; 1443 break; 1444 case OPT_SSL_CONFIG: 1445 ssl_config = opt_arg(); 1446 break; 1447 case OPT_SSL3: 1448 min_version = SSL3_VERSION; 1449 max_version = SSL3_VERSION; 1450 break; 1451 case OPT_TLS1_3: 1452 min_version = TLS1_3_VERSION; 1453 max_version = TLS1_3_VERSION; 1454 break; 1455 case OPT_TLS1_2: 1456 min_version = TLS1_2_VERSION; 1457 max_version = TLS1_2_VERSION; 1458 break; 1459 case OPT_TLS1_1: 1460 min_version = TLS1_1_VERSION; 1461 max_version = TLS1_1_VERSION; 1462 break; 1463 case OPT_TLS1: 1464 min_version = TLS1_VERSION; 1465 max_version = TLS1_VERSION; 1466 break; 1467 case OPT_DTLS: 1468 #ifndef OPENSSL_NO_DTLS 1469 meth = DTLS_server_method(); 1470 socket_type = SOCK_DGRAM; 1471 #endif 1472 break; 1473 case OPT_DTLS1: 1474 #ifndef OPENSSL_NO_DTLS 1475 meth = DTLS_server_method(); 1476 min_version = DTLS1_VERSION; 1477 max_version = DTLS1_VERSION; 1478 socket_type = SOCK_DGRAM; 1479 #endif 1480 break; 1481 case OPT_DTLS1_2: 1482 #ifndef OPENSSL_NO_DTLS 1483 meth = DTLS_server_method(); 1484 min_version = DTLS1_2_VERSION; 1485 max_version = DTLS1_2_VERSION; 1486 socket_type = SOCK_DGRAM; 1487 #endif 1488 break; 1489 case OPT_SCTP: 1490 #ifndef OPENSSL_NO_SCTP 1491 protocol = IPPROTO_SCTP; 1492 #endif 1493 break; 1494 case OPT_TIMEOUT: 1495 #ifndef OPENSSL_NO_DTLS 1496 enable_timeouts = 1; 1497 #endif 1498 break; 1499 case OPT_MTU: 1500 #ifndef OPENSSL_NO_DTLS 1501 socket_mtu = atol(opt_arg()); 1502 #endif 1503 break; 1504 case OPT_LISTEN: 1505 #ifndef OPENSSL_NO_DTLS 1506 dtlslisten = 1; 1507 #endif 1508 break; 1509 case OPT_STATELESS: 1510 stateless = 1; 1511 break; 1512 case OPT_ID_PREFIX: 1513 session_id_prefix = opt_arg(); 1514 break; 1515 case OPT_ENGINE: 1516 engine = setup_engine(opt_arg(), 1); 1517 break; 1518 case OPT_R_CASES: 1519 if (!opt_rand(o)) 1520 goto end; 1521 break; 1522 case OPT_SERVERNAME: 1523 tlsextcbp.servername = opt_arg(); 1524 break; 1525 case OPT_SERVERNAME_FATAL: 1526 tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_FATAL; 1527 break; 1528 case OPT_CERT2: 1529 s_cert_file2 = opt_arg(); 1530 break; 1531 case OPT_KEY2: 1532 s_key_file2 = opt_arg(); 1533 break; 1534 case OPT_NEXTPROTONEG: 1535 # ifndef OPENSSL_NO_NEXTPROTONEG 1536 next_proto_neg_in = opt_arg(); 1537 #endif 1538 break; 1539 case OPT_ALPN: 1540 alpn_in = opt_arg(); 1541 break; 1542 case OPT_SRTP_PROFILES: 1543 #ifndef OPENSSL_NO_SRTP 1544 srtp_profiles = opt_arg(); 1545 #endif 1546 break; 1547 case OPT_KEYMATEXPORT: 1548 keymatexportlabel = opt_arg(); 1549 break; 1550 case OPT_KEYMATEXPORTLEN: 1551 keymatexportlen = atoi(opt_arg()); 1552 break; 1553 case OPT_ASYNC: 1554 async = 1; 1555 break; 1556 case OPT_MAX_SEND_FRAG: 1557 max_send_fragment = atoi(opt_arg()); 1558 break; 1559 case OPT_SPLIT_SEND_FRAG: 1560 split_send_fragment = atoi(opt_arg()); 1561 break; 1562 case OPT_MAX_PIPELINES: 1563 max_pipelines = atoi(opt_arg()); 1564 break; 1565 case OPT_READ_BUF: 1566 read_buf_len = atoi(opt_arg()); 1567 break; 1568 case OPT_KEYLOG_FILE: 1569 keylog_file = opt_arg(); 1570 break; 1571 case OPT_MAX_EARLY: 1572 max_early_data = atoi(opt_arg()); 1573 if (max_early_data < 0) { 1574 BIO_printf(bio_err, "Invalid value for max_early_data\n"); 1575 goto end; 1576 } 1577 break; 1578 case OPT_RECV_MAX_EARLY: 1579 recv_max_early_data = atoi(opt_arg()); 1580 if (recv_max_early_data < 0) { 1581 BIO_printf(bio_err, "Invalid value for recv_max_early_data\n"); 1582 goto end; 1583 } 1584 break; 1585 case OPT_EARLY_DATA: 1586 early_data = 1; 1587 if (max_early_data == -1) 1588 max_early_data = SSL3_RT_MAX_PLAIN_LENGTH; 1589 break; 1590 } 1591 } 1592 argc = opt_num_rest(); 1593 argv = opt_rest(); 1594 1595 #ifndef OPENSSL_NO_NEXTPROTONEG 1596 if (min_version == TLS1_3_VERSION && next_proto_neg_in != NULL) { 1597 BIO_printf(bio_err, "Cannot supply -nextprotoneg with TLSv1.3\n"); 1598 goto opthelp; 1599 } 1600 #endif 1601 #ifndef OPENSSL_NO_DTLS 1602 if (www && socket_type == SOCK_DGRAM) { 1603 BIO_printf(bio_err, "Can't use -HTTP, -www or -WWW with DTLS\n"); 1604 goto end; 1605 } 1606 1607 if (dtlslisten && socket_type != SOCK_DGRAM) { 1608 BIO_printf(bio_err, "Can only use -listen with DTLS\n"); 1609 goto end; 1610 } 1611 #endif 1612 1613 if (stateless && socket_type != SOCK_STREAM) { 1614 BIO_printf(bio_err, "Can only use --stateless with TLS\n"); 1615 goto end; 1616 } 1617 1618 #ifdef AF_UNIX 1619 if (socket_family == AF_UNIX && socket_type != SOCK_STREAM) { 1620 BIO_printf(bio_err, 1621 "Can't use unix sockets and datagrams together\n"); 1622 goto end; 1623 } 1624 #endif 1625 1626 #ifndef OPENSSL_NO_SCTP 1627 if (protocol == IPPROTO_SCTP) { 1628 if (socket_type != SOCK_DGRAM) { 1629 BIO_printf(bio_err, "Can't use -sctp without DTLS\n"); 1630 goto end; 1631 } 1632 /* SCTP is unusual. It uses DTLS over a SOCK_STREAM protocol */ 1633 socket_type = SOCK_STREAM; 1634 } 1635 #endif 1636 1637 if (!app_passwd(passarg, dpassarg, &pass, &dpass)) { 1638 BIO_printf(bio_err, "Error getting password\n"); 1639 goto end; 1640 } 1641 1642 if (s_key_file == NULL) 1643 s_key_file = s_cert_file; 1644 1645 if (s_key_file2 == NULL) 1646 s_key_file2 = s_cert_file2; 1647 1648 if (!load_excert(&exc)) 1649 goto end; 1650 1651 if (nocert == 0) { 1652 s_key = load_key(s_key_file, s_key_format, 0, pass, engine, 1653 "server certificate private key file"); 1654 if (s_key == NULL) { 1655 ERR_print_errors(bio_err); 1656 goto end; 1657 } 1658 1659 s_cert = load_cert(s_cert_file, s_cert_format, 1660 "server certificate file"); 1661 1662 if (s_cert == NULL) { 1663 ERR_print_errors(bio_err); 1664 goto end; 1665 } 1666 if (s_chain_file != NULL) { 1667 if (!load_certs(s_chain_file, &s_chain, FORMAT_PEM, NULL, 1668 "server certificate chain")) 1669 goto end; 1670 } 1671 1672 if (tlsextcbp.servername != NULL) { 1673 s_key2 = load_key(s_key_file2, s_key_format, 0, pass, engine, 1674 "second server certificate private key file"); 1675 if (s_key2 == NULL) { 1676 ERR_print_errors(bio_err); 1677 goto end; 1678 } 1679 1680 s_cert2 = load_cert(s_cert_file2, s_cert_format, 1681 "second server certificate file"); 1682 1683 if (s_cert2 == NULL) { 1684 ERR_print_errors(bio_err); 1685 goto end; 1686 } 1687 } 1688 } 1689 #if !defined(OPENSSL_NO_NEXTPROTONEG) 1690 if (next_proto_neg_in) { 1691 next_proto.data = next_protos_parse(&next_proto.len, next_proto_neg_in); 1692 if (next_proto.data == NULL) 1693 goto end; 1694 } 1695 #endif 1696 alpn_ctx.data = NULL; 1697 if (alpn_in) { 1698 alpn_ctx.data = next_protos_parse(&alpn_ctx.len, alpn_in); 1699 if (alpn_ctx.data == NULL) 1700 goto end; 1701 } 1702 1703 if (crl_file != NULL) { 1704 X509_CRL *crl; 1705 crl = load_crl(crl_file, crl_format); 1706 if (crl == NULL) { 1707 BIO_puts(bio_err, "Error loading CRL\n"); 1708 ERR_print_errors(bio_err); 1709 goto end; 1710 } 1711 crls = sk_X509_CRL_new_null(); 1712 if (crls == NULL || !sk_X509_CRL_push(crls, crl)) { 1713 BIO_puts(bio_err, "Error adding CRL\n"); 1714 ERR_print_errors(bio_err); 1715 X509_CRL_free(crl); 1716 goto end; 1717 } 1718 } 1719 1720 if (s_dcert_file != NULL) { 1721 1722 if (s_dkey_file == NULL) 1723 s_dkey_file = s_dcert_file; 1724 1725 s_dkey = load_key(s_dkey_file, s_dkey_format, 1726 0, dpass, engine, "second certificate private key file"); 1727 if (s_dkey == NULL) { 1728 ERR_print_errors(bio_err); 1729 goto end; 1730 } 1731 1732 s_dcert = load_cert(s_dcert_file, s_dcert_format, 1733 "second server certificate file"); 1734 1735 if (s_dcert == NULL) { 1736 ERR_print_errors(bio_err); 1737 goto end; 1738 } 1739 if (s_dchain_file != NULL) { 1740 if (!load_certs(s_dchain_file, &s_dchain, FORMAT_PEM, NULL, 1741 "second server certificate chain")) 1742 goto end; 1743 } 1744 1745 } 1746 1747 if (bio_s_out == NULL) { 1748 if (s_quiet && !s_debug) { 1749 bio_s_out = BIO_new(BIO_s_null()); 1750 if (s_msg && bio_s_msg == NULL) 1751 bio_s_msg = dup_bio_out(FORMAT_TEXT); 1752 } else { 1753 if (bio_s_out == NULL) 1754 bio_s_out = dup_bio_out(FORMAT_TEXT); 1755 } 1756 } 1757 #if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) 1758 if (nocert) 1759 #endif 1760 { 1761 s_cert_file = NULL; 1762 s_key_file = NULL; 1763 s_dcert_file = NULL; 1764 s_dkey_file = NULL; 1765 s_cert_file2 = NULL; 1766 s_key_file2 = NULL; 1767 } 1768 1769 ctx = SSL_CTX_new(meth); 1770 if (ctx == NULL) { 1771 ERR_print_errors(bio_err); 1772 goto end; 1773 } 1774 1775 SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY); 1776 1777 if (sdebug) 1778 ssl_ctx_security_debug(ctx, sdebug); 1779 1780 if (!config_ctx(cctx, ssl_args, ctx)) 1781 goto end; 1782 1783 if (ssl_config) { 1784 if (SSL_CTX_config(ctx, ssl_config) == 0) { 1785 BIO_printf(bio_err, "Error using configuration \"%s\"\n", 1786 ssl_config); 1787 ERR_print_errors(bio_err); 1788 goto end; 1789 } 1790 } 1791 if (min_version != 0 1792 && SSL_CTX_set_min_proto_version(ctx, min_version) == 0) 1793 goto end; 1794 if (max_version != 0 1795 && SSL_CTX_set_max_proto_version(ctx, max_version) == 0) 1796 goto end; 1797 1798 if (session_id_prefix) { 1799 if (strlen(session_id_prefix) >= 32) 1800 BIO_printf(bio_err, 1801 "warning: id_prefix is too long, only one new session will be possible\n"); 1802 if (!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) { 1803 BIO_printf(bio_err, "error setting 'id_prefix'\n"); 1804 ERR_print_errors(bio_err); 1805 goto end; 1806 } 1807 BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix); 1808 } 1809 SSL_CTX_set_quiet_shutdown(ctx, 1); 1810 if (exc != NULL) 1811 ssl_ctx_set_excert(ctx, exc); 1812 1813 if (state) 1814 SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); 1815 if (no_cache) 1816 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); 1817 else if (ext_cache) 1818 init_session_cache_ctx(ctx); 1819 else 1820 SSL_CTX_sess_set_cache_size(ctx, 128); 1821 1822 if (async) { 1823 SSL_CTX_set_mode(ctx, SSL_MODE_ASYNC); 1824 } 1825 1826 if (max_send_fragment > 0 1827 && !SSL_CTX_set_max_send_fragment(ctx, max_send_fragment)) { 1828 BIO_printf(bio_err, "%s: Max send fragment size %u is out of permitted range\n", 1829 prog, max_send_fragment); 1830 goto end; 1831 } 1832 1833 if (split_send_fragment > 0 1834 && !SSL_CTX_set_split_send_fragment(ctx, split_send_fragment)) { 1835 BIO_printf(bio_err, "%s: Split send fragment size %u is out of permitted range\n", 1836 prog, split_send_fragment); 1837 goto end; 1838 } 1839 if (max_pipelines > 0 1840 && !SSL_CTX_set_max_pipelines(ctx, max_pipelines)) { 1841 BIO_printf(bio_err, "%s: Max pipelines %u is out of permitted range\n", 1842 prog, max_pipelines); 1843 goto end; 1844 } 1845 1846 if (read_buf_len > 0) { 1847 SSL_CTX_set_default_read_buffer_len(ctx, read_buf_len); 1848 } 1849 #ifndef OPENSSL_NO_SRTP 1850 if (srtp_profiles != NULL) { 1851 /* Returns 0 on success! */ 1852 if (SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles) != 0) { 1853 BIO_printf(bio_err, "Error setting SRTP profile\n"); 1854 ERR_print_errors(bio_err); 1855 goto end; 1856 } 1857 } 1858 #endif 1859 1860 if (!ctx_set_verify_locations(ctx, CAfile, CApath, noCAfile, noCApath)) { 1861 ERR_print_errors(bio_err); 1862 goto end; 1863 } 1864 if (vpmtouched && !SSL_CTX_set1_param(ctx, vpm)) { 1865 BIO_printf(bio_err, "Error setting verify params\n"); 1866 ERR_print_errors(bio_err); 1867 goto end; 1868 } 1869 1870 ssl_ctx_add_crls(ctx, crls, 0); 1871 1872 if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile, 1873 crls, crl_download)) { 1874 BIO_printf(bio_err, "Error loading store locations\n"); 1875 ERR_print_errors(bio_err); 1876 goto end; 1877 } 1878 1879 if (s_cert2) { 1880 ctx2 = SSL_CTX_new(meth); 1881 if (ctx2 == NULL) { 1882 ERR_print_errors(bio_err); 1883 goto end; 1884 } 1885 } 1886 1887 if (ctx2 != NULL) { 1888 BIO_printf(bio_s_out, "Setting secondary ctx parameters\n"); 1889 1890 if (sdebug) 1891 ssl_ctx_security_debug(ctx, sdebug); 1892 1893 if (session_id_prefix) { 1894 if (strlen(session_id_prefix) >= 32) 1895 BIO_printf(bio_err, 1896 "warning: id_prefix is too long, only one new session will be possible\n"); 1897 if (!SSL_CTX_set_generate_session_id(ctx2, generate_session_id)) { 1898 BIO_printf(bio_err, "error setting 'id_prefix'\n"); 1899 ERR_print_errors(bio_err); 1900 goto end; 1901 } 1902 BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix); 1903 } 1904 SSL_CTX_set_quiet_shutdown(ctx2, 1); 1905 if (exc != NULL) 1906 ssl_ctx_set_excert(ctx2, exc); 1907 1908 if (state) 1909 SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback); 1910 1911 if (no_cache) 1912 SSL_CTX_set_session_cache_mode(ctx2, SSL_SESS_CACHE_OFF); 1913 else if (ext_cache) 1914 init_session_cache_ctx(ctx2); 1915 else 1916 SSL_CTX_sess_set_cache_size(ctx2, 128); 1917 1918 if (async) 1919 SSL_CTX_set_mode(ctx2, SSL_MODE_ASYNC); 1920 1921 if (!ctx_set_verify_locations(ctx2, CAfile, CApath, noCAfile, 1922 noCApath)) { 1923 ERR_print_errors(bio_err); 1924 goto end; 1925 } 1926 if (vpmtouched && !SSL_CTX_set1_param(ctx2, vpm)) { 1927 BIO_printf(bio_err, "Error setting verify params\n"); 1928 ERR_print_errors(bio_err); 1929 goto end; 1930 } 1931 1932 ssl_ctx_add_crls(ctx2, crls, 0); 1933 if (!config_ctx(cctx, ssl_args, ctx2)) 1934 goto end; 1935 } 1936 #ifndef OPENSSL_NO_NEXTPROTONEG 1937 if (next_proto.data) 1938 SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, 1939 &next_proto); 1940 #endif 1941 if (alpn_ctx.data) 1942 SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx); 1943 1944 #ifndef OPENSSL_NO_DH 1945 if (!no_dhe) { 1946 DH *dh = NULL; 1947 1948 if (dhfile != NULL) 1949 dh = load_dh_param(dhfile); 1950 else if (s_cert_file != NULL) 1951 dh = load_dh_param(s_cert_file); 1952 1953 if (dh != NULL) { 1954 BIO_printf(bio_s_out, "Setting temp DH parameters\n"); 1955 } else { 1956 BIO_printf(bio_s_out, "Using default temp DH parameters\n"); 1957 } 1958 (void)BIO_flush(bio_s_out); 1959 1960 if (dh == NULL) { 1961 SSL_CTX_set_dh_auto(ctx, 1); 1962 } else if (!SSL_CTX_set_tmp_dh(ctx, dh)) { 1963 BIO_puts(bio_err, "Error setting temp DH parameters\n"); 1964 ERR_print_errors(bio_err); 1965 DH_free(dh); 1966 goto end; 1967 } 1968 1969 if (ctx2 != NULL) { 1970 if (!dhfile) { 1971 DH *dh2 = load_dh_param(s_cert_file2); 1972 if (dh2 != NULL) { 1973 BIO_printf(bio_s_out, "Setting temp DH parameters\n"); 1974 (void)BIO_flush(bio_s_out); 1975 1976 DH_free(dh); 1977 dh = dh2; 1978 } 1979 } 1980 if (dh == NULL) { 1981 SSL_CTX_set_dh_auto(ctx2, 1); 1982 } else if (!SSL_CTX_set_tmp_dh(ctx2, dh)) { 1983 BIO_puts(bio_err, "Error setting temp DH parameters\n"); 1984 ERR_print_errors(bio_err); 1985 DH_free(dh); 1986 goto end; 1987 } 1988 } 1989 DH_free(dh); 1990 } 1991 #endif 1992 1993 if (!set_cert_key_stuff(ctx, s_cert, s_key, s_chain, build_chain)) 1994 goto end; 1995 1996 if (s_serverinfo_file != NULL 1997 && !SSL_CTX_use_serverinfo_file(ctx, s_serverinfo_file)) { 1998 ERR_print_errors(bio_err); 1999 goto end; 2000 } 2001 2002 if (ctx2 != NULL 2003 && !set_cert_key_stuff(ctx2, s_cert2, s_key2, NULL, build_chain)) 2004 goto end; 2005 2006 if (s_dcert != NULL) { 2007 if (!set_cert_key_stuff(ctx, s_dcert, s_dkey, s_dchain, build_chain)) 2008 goto end; 2009 } 2010 2011 if (no_resume_ephemeral) { 2012 SSL_CTX_set_not_resumable_session_callback(ctx, 2013 not_resumable_sess_cb); 2014 2015 if (ctx2 != NULL) 2016 SSL_CTX_set_not_resumable_session_callback(ctx2, 2017 not_resumable_sess_cb); 2018 } 2019 #ifndef OPENSSL_NO_PSK 2020 if (psk_key != NULL) { 2021 if (s_debug) 2022 BIO_printf(bio_s_out, "PSK key given, setting server callback\n"); 2023 SSL_CTX_set_psk_server_callback(ctx, psk_server_cb); 2024 } 2025 2026 if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) { 2027 BIO_printf(bio_err, "error setting PSK identity hint to context\n"); 2028 ERR_print_errors(bio_err); 2029 goto end; 2030 } 2031 #endif 2032 if (psksessf != NULL) { 2033 BIO *stmp = BIO_new_file(psksessf, "r"); 2034 2035 if (stmp == NULL) { 2036 BIO_printf(bio_err, "Can't open PSK session file %s\n", psksessf); 2037 ERR_print_errors(bio_err); 2038 goto end; 2039 } 2040 psksess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL); 2041 BIO_free(stmp); 2042 if (psksess == NULL) { 2043 BIO_printf(bio_err, "Can't read PSK session file %s\n", psksessf); 2044 ERR_print_errors(bio_err); 2045 goto end; 2046 } 2047 2048 } 2049 2050 if (psk_key != NULL || psksess != NULL) 2051 SSL_CTX_set_psk_find_session_callback(ctx, psk_find_session_cb); 2052 2053 SSL_CTX_set_verify(ctx, s_server_verify, verify_callback); 2054 if (!SSL_CTX_set_session_id_context(ctx, 2055 (void *)&s_server_session_id_context, 2056 sizeof(s_server_session_id_context))) { 2057 BIO_printf(bio_err, "error setting session id context\n"); 2058 ERR_print_errors(bio_err); 2059 goto end; 2060 } 2061 2062 /* Set DTLS cookie generation and verification callbacks */ 2063 SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback); 2064 SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback); 2065 2066 /* Set TLS1.3 cookie generation and verification callbacks */ 2067 SSL_CTX_set_stateless_cookie_generate_cb(ctx, generate_stateless_cookie_callback); 2068 SSL_CTX_set_stateless_cookie_verify_cb(ctx, verify_stateless_cookie_callback); 2069 2070 if (ctx2 != NULL) { 2071 SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback); 2072 if (!SSL_CTX_set_session_id_context(ctx2, 2073 (void *)&s_server_session_id_context, 2074 sizeof(s_server_session_id_context))) { 2075 BIO_printf(bio_err, "error setting session id context\n"); 2076 ERR_print_errors(bio_err); 2077 goto end; 2078 } 2079 tlsextcbp.biodebug = bio_s_out; 2080 SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb); 2081 SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp); 2082 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); 2083 SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); 2084 } 2085 2086 #ifndef OPENSSL_NO_SRP 2087 if (srp_verifier_file != NULL) { 2088 srp_callback_parm.vb = SRP_VBASE_new(srpuserseed); 2089 srp_callback_parm.user = NULL; 2090 srp_callback_parm.login = NULL; 2091 if ((ret = 2092 SRP_VBASE_init(srp_callback_parm.vb, 2093 srp_verifier_file)) != SRP_NO_ERROR) { 2094 BIO_printf(bio_err, 2095 "Cannot initialize SRP verifier file \"%s\":ret=%d\n", 2096 srp_verifier_file, ret); 2097 goto end; 2098 } 2099 SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_callback); 2100 SSL_CTX_set_srp_cb_arg(ctx, &srp_callback_parm); 2101 SSL_CTX_set_srp_username_callback(ctx, ssl_srp_server_param_cb); 2102 } else 2103 #endif 2104 if (CAfile != NULL) { 2105 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile)); 2106 2107 if (ctx2) 2108 SSL_CTX_set_client_CA_list(ctx2, SSL_load_client_CA_file(CAfile)); 2109 } 2110 #ifndef OPENSSL_NO_OCSP 2111 if (s_tlsextstatus) { 2112 SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb); 2113 SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp); 2114 if (ctx2) { 2115 SSL_CTX_set_tlsext_status_cb(ctx2, cert_status_cb); 2116 SSL_CTX_set_tlsext_status_arg(ctx2, &tlscstatp); 2117 } 2118 } 2119 #endif 2120 if (set_keylog_file(ctx, keylog_file)) 2121 goto end; 2122 2123 if (max_early_data >= 0) 2124 SSL_CTX_set_max_early_data(ctx, max_early_data); 2125 if (recv_max_early_data >= 0) 2126 SSL_CTX_set_recv_max_early_data(ctx, recv_max_early_data); 2127 2128 if (rev) 2129 server_cb = rev_body; 2130 else if (www) 2131 server_cb = www_body; 2132 else 2133 server_cb = sv_body; 2134 #ifdef AF_UNIX 2135 if (socket_family == AF_UNIX 2136 && unlink_unix_path) 2137 unlink(host); 2138 #endif 2139 do_server(&accept_socket, host, port, socket_family, socket_type, protocol, 2140 server_cb, context, naccept, bio_s_out); 2141 print_stats(bio_s_out, ctx); 2142 ret = 0; 2143 end: 2144 SSL_CTX_free(ctx); 2145 SSL_SESSION_free(psksess); 2146 set_keylog_file(NULL, NULL); 2147 X509_free(s_cert); 2148 sk_X509_CRL_pop_free(crls, X509_CRL_free); 2149 X509_free(s_dcert); 2150 EVP_PKEY_free(s_key); 2151 EVP_PKEY_free(s_dkey); 2152 sk_X509_pop_free(s_chain, X509_free); 2153 sk_X509_pop_free(s_dchain, X509_free); 2154 OPENSSL_free(pass); 2155 OPENSSL_free(dpass); 2156 OPENSSL_free(host); 2157 OPENSSL_free(port); 2158 X509_VERIFY_PARAM_free(vpm); 2159 free_sessions(); 2160 OPENSSL_free(tlscstatp.host); 2161 OPENSSL_free(tlscstatp.port); 2162 OPENSSL_free(tlscstatp.path); 2163 SSL_CTX_free(ctx2); 2164 X509_free(s_cert2); 2165 EVP_PKEY_free(s_key2); 2166 #ifndef OPENSSL_NO_NEXTPROTONEG 2167 OPENSSL_free(next_proto.data); 2168 #endif 2169 OPENSSL_free(alpn_ctx.data); 2170 ssl_excert_free(exc); 2171 sk_OPENSSL_STRING_free(ssl_args); 2172 SSL_CONF_CTX_free(cctx); 2173 release_engine(engine); 2174 BIO_free(bio_s_out); 2175 bio_s_out = NULL; 2176 BIO_free(bio_s_msg); 2177 bio_s_msg = NULL; 2178 #ifdef CHARSET_EBCDIC 2179 BIO_meth_free(methods_ebcdic); 2180 #endif 2181 return ret; 2182 } 2183 2184 static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) 2185 { 2186 BIO_printf(bio, "%4ld items in the session cache\n", 2187 SSL_CTX_sess_number(ssl_ctx)); 2188 BIO_printf(bio, "%4ld client connects (SSL_connect())\n", 2189 SSL_CTX_sess_connect(ssl_ctx)); 2190 BIO_printf(bio, "%4ld client renegotiates (SSL_connect())\n", 2191 SSL_CTX_sess_connect_renegotiate(ssl_ctx)); 2192 BIO_printf(bio, "%4ld client connects that finished\n", 2193 SSL_CTX_sess_connect_good(ssl_ctx)); 2194 BIO_printf(bio, "%4ld server accepts (SSL_accept())\n", 2195 SSL_CTX_sess_accept(ssl_ctx)); 2196 BIO_printf(bio, "%4ld server renegotiates (SSL_accept())\n", 2197 SSL_CTX_sess_accept_renegotiate(ssl_ctx)); 2198 BIO_printf(bio, "%4ld server accepts that finished\n", 2199 SSL_CTX_sess_accept_good(ssl_ctx)); 2200 BIO_printf(bio, "%4ld session cache hits\n", SSL_CTX_sess_hits(ssl_ctx)); 2201 BIO_printf(bio, "%4ld session cache misses\n", 2202 SSL_CTX_sess_misses(ssl_ctx)); 2203 BIO_printf(bio, "%4ld session cache timeouts\n", 2204 SSL_CTX_sess_timeouts(ssl_ctx)); 2205 BIO_printf(bio, "%4ld callback cache hits\n", 2206 SSL_CTX_sess_cb_hits(ssl_ctx)); 2207 BIO_printf(bio, "%4ld cache full overflows (%ld allowed)\n", 2208 SSL_CTX_sess_cache_full(ssl_ctx), 2209 SSL_CTX_sess_get_cache_size(ssl_ctx)); 2210 } 2211 2212 static int sv_body(int s, int stype, int prot, unsigned char *context) 2213 { 2214 char *buf = NULL; 2215 fd_set readfds; 2216 int ret = 1, width; 2217 int k, i; 2218 unsigned long l; 2219 SSL *con = NULL; 2220 BIO *sbio; 2221 struct timeval timeout; 2222 #if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)) 2223 struct timeval *timeoutp; 2224 #endif 2225 #ifndef OPENSSL_NO_DTLS 2226 # ifndef OPENSSL_NO_SCTP 2227 int isdtls = (stype == SOCK_DGRAM || prot == IPPROTO_SCTP); 2228 # else 2229 int isdtls = (stype == SOCK_DGRAM); 2230 # endif 2231 #endif 2232 2233 buf = app_malloc(bufsize, "server buffer"); 2234 if (s_nbio) { 2235 if (!BIO_socket_nbio(s, 1)) 2236 ERR_print_errors(bio_err); 2237 else if (!s_quiet) 2238 BIO_printf(bio_err, "Turned on non blocking io\n"); 2239 } 2240 2241 con = SSL_new(ctx); 2242 if (con == NULL) { 2243 ret = -1; 2244 goto err; 2245 } 2246 2247 if (s_tlsextdebug) { 2248 SSL_set_tlsext_debug_callback(con, tlsext_cb); 2249 SSL_set_tlsext_debug_arg(con, bio_s_out); 2250 } 2251 2252 if (context != NULL 2253 && !SSL_set_session_id_context(con, context, 2254 strlen((char *)context))) { 2255 BIO_printf(bio_err, "Error setting session id context\n"); 2256 ret = -1; 2257 goto err; 2258 } 2259 2260 if (!SSL_clear(con)) { 2261 BIO_printf(bio_err, "Error clearing SSL connection\n"); 2262 ret = -1; 2263 goto err; 2264 } 2265 #ifndef OPENSSL_NO_DTLS 2266 if (isdtls) { 2267 # ifndef OPENSSL_NO_SCTP 2268 if (prot == IPPROTO_SCTP) 2269 sbio = BIO_new_dgram_sctp(s, BIO_NOCLOSE); 2270 else 2271 # endif 2272 sbio = BIO_new_dgram(s, BIO_NOCLOSE); 2273 2274 if (enable_timeouts) { 2275 timeout.tv_sec = 0; 2276 timeout.tv_usec = DGRAM_RCV_TIMEOUT; 2277 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); 2278 2279 timeout.tv_sec = 0; 2280 timeout.tv_usec = DGRAM_SND_TIMEOUT; 2281 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout); 2282 } 2283 2284 if (socket_mtu) { 2285 if (socket_mtu < DTLS_get_link_min_mtu(con)) { 2286 BIO_printf(bio_err, "MTU too small. Must be at least %ld\n", 2287 DTLS_get_link_min_mtu(con)); 2288 ret = -1; 2289 BIO_free(sbio); 2290 goto err; 2291 } 2292 SSL_set_options(con, SSL_OP_NO_QUERY_MTU); 2293 if (!DTLS_set_link_mtu(con, socket_mtu)) { 2294 BIO_printf(bio_err, "Failed to set MTU\n"); 2295 ret = -1; 2296 BIO_free(sbio); 2297 goto err; 2298 } 2299 } else 2300 /* want to do MTU discovery */ 2301 BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); 2302 2303 # ifndef OPENSSL_NO_SCTP 2304 if (prot != IPPROTO_SCTP) 2305 # endif 2306 /* Turn on cookie exchange. Not necessary for SCTP */ 2307 SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE); 2308 } else 2309 #endif 2310 sbio = BIO_new_socket(s, BIO_NOCLOSE); 2311 2312 if (sbio == NULL) { 2313 BIO_printf(bio_err, "Unable to create BIO\n"); 2314 ERR_print_errors(bio_err); 2315 goto err; 2316 } 2317 2318 if (s_nbio_test) { 2319 BIO *test; 2320 2321 test = BIO_new(BIO_f_nbio_test()); 2322 sbio = BIO_push(test, sbio); 2323 } 2324 2325 SSL_set_bio(con, sbio, sbio); 2326 SSL_set_accept_state(con); 2327 /* SSL_set_fd(con,s); */ 2328 2329 if (s_debug) { 2330 BIO_set_callback(SSL_get_rbio(con), bio_dump_callback); 2331 BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out); 2332 } 2333 if (s_msg) { 2334 #ifndef OPENSSL_NO_SSL_TRACE 2335 if (s_msg == 2) 2336 SSL_set_msg_callback(con, SSL_trace); 2337 else 2338 #endif 2339 SSL_set_msg_callback(con, msg_cb); 2340 SSL_set_msg_callback_arg(con, bio_s_msg ? bio_s_msg : bio_s_out); 2341 } 2342 2343 if (s_tlsextdebug) { 2344 SSL_set_tlsext_debug_callback(con, tlsext_cb); 2345 SSL_set_tlsext_debug_arg(con, bio_s_out); 2346 } 2347 2348 if (early_data) { 2349 int write_header = 1, edret = SSL_READ_EARLY_DATA_ERROR; 2350 size_t readbytes; 2351 2352 while (edret != SSL_READ_EARLY_DATA_FINISH) { 2353 for (;;) { 2354 edret = SSL_read_early_data(con, buf, bufsize, &readbytes); 2355 if (edret != SSL_READ_EARLY_DATA_ERROR) 2356 break; 2357 2358 switch (SSL_get_error(con, 0)) { 2359 case SSL_ERROR_WANT_WRITE: 2360 case SSL_ERROR_WANT_ASYNC: 2361 case SSL_ERROR_WANT_READ: 2362 /* Just keep trying - busy waiting */ 2363 continue; 2364 default: 2365 BIO_printf(bio_err, "Error reading early data\n"); 2366 ERR_print_errors(bio_err); 2367 goto err; 2368 } 2369 } 2370 if (readbytes > 0) { 2371 if (write_header) { 2372 BIO_printf(bio_s_out, "Early data received:\n"); 2373 write_header = 0; 2374 } 2375 raw_write_stdout(buf, (unsigned int)readbytes); 2376 (void)BIO_flush(bio_s_out); 2377 } 2378 } 2379 if (write_header) { 2380 if (SSL_get_early_data_status(con) == SSL_EARLY_DATA_NOT_SENT) 2381 BIO_printf(bio_s_out, "No early data received\n"); 2382 else 2383 BIO_printf(bio_s_out, "Early data was rejected\n"); 2384 } else { 2385 BIO_printf(bio_s_out, "\nEnd of early data\n"); 2386 } 2387 if (SSL_is_init_finished(con)) 2388 print_connection_info(con); 2389 } 2390 2391 if (fileno_stdin() > s) 2392 width = fileno_stdin() + 1; 2393 else 2394 width = s + 1; 2395 for (;;) { 2396 int read_from_terminal; 2397 int read_from_sslcon; 2398 2399 read_from_terminal = 0; 2400 read_from_sslcon = SSL_has_pending(con) 2401 || (async && SSL_waiting_for_async(con)); 2402 2403 if (!read_from_sslcon) { 2404 FD_ZERO(&readfds); 2405 #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) 2406 openssl_fdset(fileno_stdin(), &readfds); 2407 #endif 2408 openssl_fdset(s, &readfds); 2409 /* 2410 * Note: under VMS with SOCKETSHR the second parameter is 2411 * currently of type (int *) whereas under other systems it is 2412 * (void *) if you don't have a cast it will choke the compiler: 2413 * if you do have a cast then you can either go for (int *) or 2414 * (void *). 2415 */ 2416 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) 2417 /* 2418 * Under DOS (non-djgpp) and Windows we can't select on stdin: 2419 * only on sockets. As a workaround we timeout the select every 2420 * second and check for any keypress. In a proper Windows 2421 * application we wouldn't do this because it is inefficient. 2422 */ 2423 timeout.tv_sec = 1; 2424 timeout.tv_usec = 0; 2425 i = select(width, (void *)&readfds, NULL, NULL, &timeout); 2426 if (has_stdin_waiting()) 2427 read_from_terminal = 1; 2428 if ((i < 0) || (!i && !read_from_terminal)) 2429 continue; 2430 #else 2431 if (SSL_is_dtls(con) && DTLSv1_get_timeout(con, &timeout)) 2432 timeoutp = &timeout; 2433 else 2434 timeoutp = NULL; 2435 2436 i = select(width, (void *)&readfds, NULL, NULL, timeoutp); 2437 2438 if ((SSL_is_dtls(con)) && DTLSv1_handle_timeout(con) > 0) 2439 BIO_printf(bio_err, "TIMEOUT occurred\n"); 2440 2441 if (i <= 0) 2442 continue; 2443 if (FD_ISSET(fileno_stdin(), &readfds)) 2444 read_from_terminal = 1; 2445 #endif 2446 if (FD_ISSET(s, &readfds)) 2447 read_from_sslcon = 1; 2448 } 2449 if (read_from_terminal) { 2450 if (s_crlf) { 2451 int j, lf_num; 2452 2453 i = raw_read_stdin(buf, bufsize / 2); 2454 lf_num = 0; 2455 /* both loops are skipped when i <= 0 */ 2456 for (j = 0; j < i; j++) 2457 if (buf[j] == '\n') 2458 lf_num++; 2459 for (j = i - 1; j >= 0; j--) { 2460 buf[j + lf_num] = buf[j]; 2461 if (buf[j] == '\n') { 2462 lf_num--; 2463 i++; 2464 buf[j + lf_num] = '\r'; 2465 } 2466 } 2467 assert(lf_num == 0); 2468 } else { 2469 i = raw_read_stdin(buf, bufsize); 2470 } 2471 2472 if (!s_quiet && !s_brief) { 2473 if ((i <= 0) || (buf[0] == 'Q')) { 2474 BIO_printf(bio_s_out, "DONE\n"); 2475 (void)BIO_flush(bio_s_out); 2476 BIO_closesocket(s); 2477 close_accept_socket(); 2478 ret = -11; 2479 goto err; 2480 } 2481 if ((i <= 0) || (buf[0] == 'q')) { 2482 BIO_printf(bio_s_out, "DONE\n"); 2483 (void)BIO_flush(bio_s_out); 2484 if (SSL_version(con) != DTLS1_VERSION) 2485 BIO_closesocket(s); 2486 /* 2487 * close_accept_socket(); ret= -11; 2488 */ 2489 goto err; 2490 } 2491 #ifndef OPENSSL_NO_HEARTBEATS 2492 if ((buf[0] == 'B') && ((buf[1] == '\n') || (buf[1] == '\r'))) { 2493 BIO_printf(bio_err, "HEARTBEATING\n"); 2494 SSL_heartbeat(con); 2495 i = 0; 2496 continue; 2497 } 2498 #endif 2499 if ((buf[0] == 'r') && ((buf[1] == '\n') || (buf[1] == '\r'))) { 2500 SSL_renegotiate(con); 2501 i = SSL_do_handshake(con); 2502 printf("SSL_do_handshake -> %d\n", i); 2503 i = 0; /* 13; */ 2504 continue; 2505 } 2506 if ((buf[0] == 'R') && ((buf[1] == '\n') || (buf[1] == '\r'))) { 2507 SSL_set_verify(con, 2508 SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, 2509 NULL); 2510 SSL_renegotiate(con); 2511 i = SSL_do_handshake(con); 2512 printf("SSL_do_handshake -> %d\n", i); 2513 i = 0; /* 13; */ 2514 continue; 2515 } 2516 if ((buf[0] == 'K' || buf[0] == 'k') 2517 && ((buf[1] == '\n') || (buf[1] == '\r'))) { 2518 SSL_key_update(con, buf[0] == 'K' ? 2519 SSL_KEY_UPDATE_REQUESTED 2520 : SSL_KEY_UPDATE_NOT_REQUESTED); 2521 i = SSL_do_handshake(con); 2522 printf("SSL_do_handshake -> %d\n", i); 2523 i = 0; 2524 continue; 2525 } 2526 if (buf[0] == 'c' && ((buf[1] == '\n') || (buf[1] == '\r'))) { 2527 SSL_set_verify(con, SSL_VERIFY_PEER, NULL); 2528 i = SSL_verify_client_post_handshake(con); 2529 if (i == 0) { 2530 printf("Failed to initiate request\n"); 2531 ERR_print_errors(bio_err); 2532 } else { 2533 i = SSL_do_handshake(con); 2534 printf("SSL_do_handshake -> %d\n", i); 2535 i = 0; 2536 } 2537 continue; 2538 } 2539 if (buf[0] == 'P') { 2540 static const char *str = "Lets print some clear text\n"; 2541 BIO_write(SSL_get_wbio(con), str, strlen(str)); 2542 } 2543 if (buf[0] == 'S') { 2544 print_stats(bio_s_out, SSL_get_SSL_CTX(con)); 2545 } 2546 } 2547 #ifdef CHARSET_EBCDIC 2548 ebcdic2ascii(buf, buf, i); 2549 #endif 2550 l = k = 0; 2551 for (;;) { 2552 /* should do a select for the write */ 2553 #ifdef RENEG 2554 static count = 0; 2555 if (++count == 100) { 2556 count = 0; 2557 SSL_renegotiate(con); 2558 } 2559 #endif 2560 k = SSL_write(con, &(buf[l]), (unsigned int)i); 2561 #ifndef OPENSSL_NO_SRP 2562 while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) { 2563 BIO_printf(bio_s_out, "LOOKUP renego during write\n"); 2564 SRP_user_pwd_free(srp_callback_parm.user); 2565 srp_callback_parm.user = 2566 SRP_VBASE_get1_by_user(srp_callback_parm.vb, 2567 srp_callback_parm.login); 2568 if (srp_callback_parm.user) 2569 BIO_printf(bio_s_out, "LOOKUP done %s\n", 2570 srp_callback_parm.user->info); 2571 else 2572 BIO_printf(bio_s_out, "LOOKUP not successful\n"); 2573 k = SSL_write(con, &(buf[l]), (unsigned int)i); 2574 } 2575 #endif 2576 switch (SSL_get_error(con, k)) { 2577 case SSL_ERROR_NONE: 2578 break; 2579 case SSL_ERROR_WANT_ASYNC: 2580 BIO_printf(bio_s_out, "Write BLOCK (Async)\n"); 2581 (void)BIO_flush(bio_s_out); 2582 wait_for_async(con); 2583 break; 2584 case SSL_ERROR_WANT_WRITE: 2585 case SSL_ERROR_WANT_READ: 2586 case SSL_ERROR_WANT_X509_LOOKUP: 2587 BIO_printf(bio_s_out, "Write BLOCK\n"); 2588 (void)BIO_flush(bio_s_out); 2589 break; 2590 case SSL_ERROR_WANT_ASYNC_JOB: 2591 /* 2592 * This shouldn't ever happen in s_server. Treat as an error 2593 */ 2594 case SSL_ERROR_SYSCALL: 2595 case SSL_ERROR_SSL: 2596 BIO_printf(bio_s_out, "ERROR\n"); 2597 (void)BIO_flush(bio_s_out); 2598 ERR_print_errors(bio_err); 2599 ret = 1; 2600 goto err; 2601 /* break; */ 2602 case SSL_ERROR_ZERO_RETURN: 2603 BIO_printf(bio_s_out, "DONE\n"); 2604 (void)BIO_flush(bio_s_out); 2605 ret = 1; 2606 goto err; 2607 } 2608 if (k > 0) { 2609 l += k; 2610 i -= k; 2611 } 2612 if (i <= 0) 2613 break; 2614 } 2615 } 2616 if (read_from_sslcon) { 2617 /* 2618 * init_ssl_connection handles all async events itself so if we're 2619 * waiting for async then we shouldn't go back into 2620 * init_ssl_connection 2621 */ 2622 if ((!async || !SSL_waiting_for_async(con)) 2623 && !SSL_is_init_finished(con)) { 2624 i = init_ssl_connection(con); 2625 2626 if (i < 0) { 2627 ret = 0; 2628 goto err; 2629 } else if (i == 0) { 2630 ret = 1; 2631 goto err; 2632 } 2633 } else { 2634 again: 2635 i = SSL_read(con, (char *)buf, bufsize); 2636 #ifndef OPENSSL_NO_SRP 2637 while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { 2638 BIO_printf(bio_s_out, "LOOKUP renego during read\n"); 2639 SRP_user_pwd_free(srp_callback_parm.user); 2640 srp_callback_parm.user = 2641 SRP_VBASE_get1_by_user(srp_callback_parm.vb, 2642 srp_callback_parm.login); 2643 if (srp_callback_parm.user) 2644 BIO_printf(bio_s_out, "LOOKUP done %s\n", 2645 srp_callback_parm.user->info); 2646 else 2647 BIO_printf(bio_s_out, "LOOKUP not successful\n"); 2648 i = SSL_read(con, (char *)buf, bufsize); 2649 } 2650 #endif 2651 switch (SSL_get_error(con, i)) { 2652 case SSL_ERROR_NONE: 2653 #ifdef CHARSET_EBCDIC 2654 ascii2ebcdic(buf, buf, i); 2655 #endif 2656 raw_write_stdout(buf, (unsigned int)i); 2657 (void)BIO_flush(bio_s_out); 2658 if (SSL_has_pending(con)) 2659 goto again; 2660 break; 2661 case SSL_ERROR_WANT_ASYNC: 2662 BIO_printf(bio_s_out, "Read BLOCK (Async)\n"); 2663 (void)BIO_flush(bio_s_out); 2664 wait_for_async(con); 2665 break; 2666 case SSL_ERROR_WANT_WRITE: 2667 case SSL_ERROR_WANT_READ: 2668 BIO_printf(bio_s_out, "Read BLOCK\n"); 2669 (void)BIO_flush(bio_s_out); 2670 break; 2671 case SSL_ERROR_WANT_ASYNC_JOB: 2672 /* 2673 * This shouldn't ever happen in s_server. Treat as an error 2674 */ 2675 case SSL_ERROR_SYSCALL: 2676 case SSL_ERROR_SSL: 2677 BIO_printf(bio_s_out, "ERROR\n"); 2678 (void)BIO_flush(bio_s_out); 2679 ERR_print_errors(bio_err); 2680 ret = 1; 2681 goto err; 2682 case SSL_ERROR_ZERO_RETURN: 2683 BIO_printf(bio_s_out, "DONE\n"); 2684 (void)BIO_flush(bio_s_out); 2685 ret = 1; 2686 goto err; 2687 } 2688 } 2689 } 2690 } 2691 err: 2692 if (con != NULL) { 2693 BIO_printf(bio_s_out, "shutting down SSL\n"); 2694 SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); 2695 SSL_free(con); 2696 } 2697 BIO_printf(bio_s_out, "CONNECTION CLOSED\n"); 2698 OPENSSL_clear_free(buf, bufsize); 2699 return ret; 2700 } 2701 2702 static void close_accept_socket(void) 2703 { 2704 BIO_printf(bio_err, "shutdown accept socket\n"); 2705 if (accept_socket >= 0) { 2706 BIO_closesocket(accept_socket); 2707 } 2708 } 2709 2710 static int is_retryable(SSL *con, int i) 2711 { 2712 int err = SSL_get_error(con, i); 2713 2714 /* If it's not a fatal error, it must be retryable */ 2715 return (err != SSL_ERROR_SSL) 2716 && (err != SSL_ERROR_SYSCALL) 2717 && (err != SSL_ERROR_ZERO_RETURN); 2718 } 2719 2720 static int init_ssl_connection(SSL *con) 2721 { 2722 int i; 2723 long verify_err; 2724 int retry = 0; 2725 2726 if (dtlslisten || stateless) { 2727 BIO_ADDR *client = NULL; 2728 2729 if (dtlslisten) { 2730 if ((client = BIO_ADDR_new()) == NULL) { 2731 BIO_printf(bio_err, "ERROR - memory\n"); 2732 return 0; 2733 } 2734 i = DTLSv1_listen(con, client); 2735 } else { 2736 i = SSL_stateless(con); 2737 } 2738 if (i > 0) { 2739 BIO *wbio; 2740 int fd = -1; 2741 2742 if (dtlslisten) { 2743 wbio = SSL_get_wbio(con); 2744 if (wbio) { 2745 BIO_get_fd(wbio, &fd); 2746 } 2747 2748 if (!wbio || BIO_connect(fd, client, 0) == 0) { 2749 BIO_printf(bio_err, "ERROR - unable to connect\n"); 2750 BIO_ADDR_free(client); 2751 return 0; 2752 } 2753 BIO_ADDR_free(client); 2754 dtlslisten = 0; 2755 } else { 2756 stateless = 0; 2757 } 2758 i = SSL_accept(con); 2759 } else { 2760 BIO_ADDR_free(client); 2761 } 2762 } else { 2763 do { 2764 i = SSL_accept(con); 2765 2766 if (i <= 0) 2767 retry = is_retryable(con, i); 2768 #ifdef CERT_CB_TEST_RETRY 2769 { 2770 while (i <= 0 2771 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP 2772 && SSL_get_state(con) == TLS_ST_SR_CLNT_HELLO) { 2773 BIO_printf(bio_err, 2774 "LOOKUP from certificate callback during accept\n"); 2775 i = SSL_accept(con); 2776 if (i <= 0) 2777 retry = is_retryable(con, i); 2778 } 2779 } 2780 #endif 2781 2782 #ifndef OPENSSL_NO_SRP 2783 while (i <= 0 2784 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { 2785 BIO_printf(bio_s_out, "LOOKUP during accept %s\n", 2786 srp_callback_parm.login); 2787 SRP_user_pwd_free(srp_callback_parm.user); 2788 srp_callback_parm.user = 2789 SRP_VBASE_get1_by_user(srp_callback_parm.vb, 2790 srp_callback_parm.login); 2791 if (srp_callback_parm.user) 2792 BIO_printf(bio_s_out, "LOOKUP done %s\n", 2793 srp_callback_parm.user->info); 2794 else 2795 BIO_printf(bio_s_out, "LOOKUP not successful\n"); 2796 i = SSL_accept(con); 2797 if (i <= 0) 2798 retry = is_retryable(con, i); 2799 } 2800 #endif 2801 } while (i < 0 && SSL_waiting_for_async(con)); 2802 } 2803 2804 if (i <= 0) { 2805 if (((dtlslisten || stateless) && i == 0) 2806 || (!dtlslisten && !stateless && retry)) { 2807 BIO_printf(bio_s_out, "DELAY\n"); 2808 return 1; 2809 } 2810 2811 BIO_printf(bio_err, "ERROR\n"); 2812 2813 verify_err = SSL_get_verify_result(con); 2814 if (verify_err != X509_V_OK) { 2815 BIO_printf(bio_err, "verify error:%s\n", 2816 X509_verify_cert_error_string(verify_err)); 2817 } 2818 /* Always print any error messages */ 2819 ERR_print_errors(bio_err); 2820 return 0; 2821 } 2822 2823 print_connection_info(con); 2824 return 1; 2825 } 2826 2827 static void print_connection_info(SSL *con) 2828 { 2829 const char *str; 2830 X509 *peer; 2831 char buf[BUFSIZ]; 2832 #if !defined(OPENSSL_NO_NEXTPROTONEG) 2833 const unsigned char *next_proto_neg; 2834 unsigned next_proto_neg_len; 2835 #endif 2836 unsigned char *exportedkeymat; 2837 int i; 2838 2839 if (s_brief) 2840 print_ssl_summary(con); 2841 2842 PEM_write_bio_SSL_SESSION(bio_s_out, SSL_get_session(con)); 2843 2844 peer = SSL_get_peer_certificate(con); 2845 if (peer != NULL) { 2846 BIO_printf(bio_s_out, "Client certificate\n"); 2847 PEM_write_bio_X509(bio_s_out, peer); 2848 dump_cert_text(bio_s_out, peer); 2849 X509_free(peer); 2850 peer = NULL; 2851 } 2852 2853 if (SSL_get_shared_ciphers(con, buf, sizeof(buf)) != NULL) 2854 BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf); 2855 str = SSL_CIPHER_get_name(SSL_get_current_cipher(con)); 2856 ssl_print_sigalgs(bio_s_out, con); 2857 #ifndef OPENSSL_NO_EC 2858 ssl_print_point_formats(bio_s_out, con); 2859 ssl_print_groups(bio_s_out, con, 0); 2860 #endif 2861 print_ca_names(bio_s_out, con); 2862 BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)"); 2863 2864 #if !defined(OPENSSL_NO_NEXTPROTONEG) 2865 SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len); 2866 if (next_proto_neg) { 2867 BIO_printf(bio_s_out, "NEXTPROTO is "); 2868 BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len); 2869 BIO_printf(bio_s_out, "\n"); 2870 } 2871 #endif 2872 #ifndef OPENSSL_NO_SRTP 2873 { 2874 SRTP_PROTECTION_PROFILE *srtp_profile 2875 = SSL_get_selected_srtp_profile(con); 2876 2877 if (srtp_profile) 2878 BIO_printf(bio_s_out, "SRTP Extension negotiated, profile=%s\n", 2879 srtp_profile->name); 2880 } 2881 #endif 2882 if (SSL_session_reused(con)) 2883 BIO_printf(bio_s_out, "Reused session-id\n"); 2884 BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", 2885 SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); 2886 if ((SSL_get_options(con) & SSL_OP_NO_RENEGOTIATION)) 2887 BIO_printf(bio_s_out, "Renegotiation is DISABLED\n"); 2888 2889 if (keymatexportlabel != NULL) { 2890 BIO_printf(bio_s_out, "Keying material exporter:\n"); 2891 BIO_printf(bio_s_out, " Label: '%s'\n", keymatexportlabel); 2892 BIO_printf(bio_s_out, " Length: %i bytes\n", keymatexportlen); 2893 exportedkeymat = app_malloc(keymatexportlen, "export key"); 2894 if (!SSL_export_keying_material(con, exportedkeymat, 2895 keymatexportlen, 2896 keymatexportlabel, 2897 strlen(keymatexportlabel), 2898 NULL, 0, 0)) { 2899 BIO_printf(bio_s_out, " Error\n"); 2900 } else { 2901 BIO_printf(bio_s_out, " Keying material: "); 2902 for (i = 0; i < keymatexportlen; i++) 2903 BIO_printf(bio_s_out, "%02X", exportedkeymat[i]); 2904 BIO_printf(bio_s_out, "\n"); 2905 } 2906 OPENSSL_free(exportedkeymat); 2907 } 2908 2909 (void)BIO_flush(bio_s_out); 2910 } 2911 2912 #ifndef OPENSSL_NO_DH 2913 static DH *load_dh_param(const char *dhfile) 2914 { 2915 DH *ret = NULL; 2916 BIO *bio; 2917 2918 if ((bio = BIO_new_file(dhfile, "r")) == NULL) 2919 goto err; 2920 ret = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); 2921 err: 2922 BIO_free(bio); 2923 return ret; 2924 } 2925 #endif 2926 2927 static int www_body(int s, int stype, int prot, unsigned char *context) 2928 { 2929 char *buf = NULL; 2930 int ret = 1; 2931 int i, j, k, dot; 2932 SSL *con; 2933 const SSL_CIPHER *c; 2934 BIO *io, *ssl_bio, *sbio; 2935 #ifdef RENEG 2936 int total_bytes = 0; 2937 #endif 2938 int width; 2939 fd_set readfds; 2940 2941 /* Set width for a select call if needed */ 2942 width = s + 1; 2943 2944 buf = app_malloc(bufsize, "server www buffer"); 2945 io = BIO_new(BIO_f_buffer()); 2946 ssl_bio = BIO_new(BIO_f_ssl()); 2947 if ((io == NULL) || (ssl_bio == NULL)) 2948 goto err; 2949 2950 if (s_nbio) { 2951 if (!BIO_socket_nbio(s, 1)) 2952 ERR_print_errors(bio_err); 2953 else if (!s_quiet) 2954 BIO_printf(bio_err, "Turned on non blocking io\n"); 2955 } 2956 2957 /* lets make the output buffer a reasonable size */ 2958 if (!BIO_set_write_buffer_size(io, bufsize)) 2959 goto err; 2960 2961 if ((con = SSL_new(ctx)) == NULL) 2962 goto err; 2963 2964 if (s_tlsextdebug) { 2965 SSL_set_tlsext_debug_callback(con, tlsext_cb); 2966 SSL_set_tlsext_debug_arg(con, bio_s_out); 2967 } 2968 2969 if (context != NULL 2970 && !SSL_set_session_id_context(con, context, 2971 strlen((char *)context))) { 2972 SSL_free(con); 2973 goto err; 2974 } 2975 2976 sbio = BIO_new_socket(s, BIO_NOCLOSE); 2977 if (s_nbio_test) { 2978 BIO *test; 2979 2980 test = BIO_new(BIO_f_nbio_test()); 2981 sbio = BIO_push(test, sbio); 2982 } 2983 SSL_set_bio(con, sbio, sbio); 2984 SSL_set_accept_state(con); 2985 2986 /* No need to free |con| after this. Done by BIO_free(ssl_bio) */ 2987 BIO_set_ssl(ssl_bio, con, BIO_CLOSE); 2988 BIO_push(io, ssl_bio); 2989 #ifdef CHARSET_EBCDIC 2990 io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io); 2991 #endif 2992 2993 if (s_debug) { 2994 BIO_set_callback(SSL_get_rbio(con), bio_dump_callback); 2995 BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out); 2996 } 2997 if (s_msg) { 2998 #ifndef OPENSSL_NO_SSL_TRACE 2999 if (s_msg == 2) 3000 SSL_set_msg_callback(con, SSL_trace); 3001 else 3002 #endif 3003 SSL_set_msg_callback(con, msg_cb); 3004 SSL_set_msg_callback_arg(con, bio_s_msg ? bio_s_msg : bio_s_out); 3005 } 3006 3007 for (;;) { 3008 i = BIO_gets(io, buf, bufsize - 1); 3009 if (i < 0) { /* error */ 3010 if (!BIO_should_retry(io) && !SSL_waiting_for_async(con)) { 3011 if (!s_quiet) 3012 ERR_print_errors(bio_err); 3013 goto err; 3014 } else { 3015 BIO_printf(bio_s_out, "read R BLOCK\n"); 3016 #ifndef OPENSSL_NO_SRP 3017 if (BIO_should_io_special(io) 3018 && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) { 3019 BIO_printf(bio_s_out, "LOOKUP renego during read\n"); 3020 SRP_user_pwd_free(srp_callback_parm.user); 3021 srp_callback_parm.user = 3022 SRP_VBASE_get1_by_user(srp_callback_parm.vb, 3023 srp_callback_parm.login); 3024 if (srp_callback_parm.user) 3025 BIO_printf(bio_s_out, "LOOKUP done %s\n", 3026 srp_callback_parm.user->info); 3027 else 3028 BIO_printf(bio_s_out, "LOOKUP not successful\n"); 3029 continue; 3030 } 3031 #endif 3032 #if !defined(OPENSSL_SYS_MSDOS) 3033 sleep(1); 3034 #endif 3035 continue; 3036 } 3037 } else if (i == 0) { /* end of input */ 3038 ret = 1; 3039 goto end; 3040 } 3041 3042 /* else we have data */ 3043 if (((www == 1) && (strncmp("GET ", buf, 4) == 0)) || 3044 ((www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) { 3045 char *p; 3046 X509 *peer = NULL; 3047 STACK_OF(SSL_CIPHER) *sk; 3048 static const char *space = " "; 3049 3050 if (www == 1 && strncmp("GET /reneg", buf, 10) == 0) { 3051 if (strncmp("GET /renegcert", buf, 14) == 0) 3052 SSL_set_verify(con, 3053 SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, 3054 NULL); 3055 i = SSL_renegotiate(con); 3056 BIO_printf(bio_s_out, "SSL_renegotiate -> %d\n", i); 3057 /* Send the HelloRequest */ 3058 i = SSL_do_handshake(con); 3059 if (i <= 0) { 3060 BIO_printf(bio_s_out, "SSL_do_handshake() Retval %d\n", 3061 SSL_get_error(con, i)); 3062 ERR_print_errors(bio_err); 3063 goto err; 3064 } 3065 /* Wait for a ClientHello to come back */ 3066 FD_ZERO(&readfds); 3067 openssl_fdset(s, &readfds); 3068 i = select(width, (void *)&readfds, NULL, NULL, NULL); 3069 if (i <= 0 || !FD_ISSET(s, &readfds)) { 3070 BIO_printf(bio_s_out, 3071 "Error waiting for client response\n"); 3072 ERR_print_errors(bio_err); 3073 goto err; 3074 } 3075 /* 3076 * We're not actually expecting any data here and we ignore 3077 * any that is sent. This is just to force the handshake that 3078 * we're expecting to come from the client. If they haven't 3079 * sent one there's not much we can do. 3080 */ 3081 BIO_gets(io, buf, bufsize - 1); 3082 } 3083 3084 BIO_puts(io, 3085 "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); 3086 BIO_puts(io, "<HTML><BODY BGCOLOR=\"#ffffff\">\n"); 3087 BIO_puts(io, "<pre>\n"); 3088 /* BIO_puts(io, OpenSSL_version(OPENSSL_VERSION)); */ 3089 BIO_puts(io, "\n"); 3090 for (i = 0; i < local_argc; i++) { 3091 const char *myp; 3092 for (myp = local_argv[i]; *myp; myp++) 3093 switch (*myp) { 3094 case '<': 3095 BIO_puts(io, "<"); 3096 break; 3097 case '>': 3098 BIO_puts(io, ">"); 3099 break; 3100 case '&': 3101 BIO_puts(io, "&"); 3102 break; 3103 default: 3104 BIO_write(io, myp, 1); 3105 break; 3106 } 3107 BIO_write(io, " ", 1); 3108 } 3109 BIO_puts(io, "\n"); 3110 3111 BIO_printf(io, 3112 "Secure Renegotiation IS%s supported\n", 3113 SSL_get_secure_renegotiation_support(con) ? 3114 "" : " NOT"); 3115 3116 /* 3117 * The following is evil and should not really be done 3118 */ 3119 BIO_printf(io, "Ciphers supported in s_server binary\n"); 3120 sk = SSL_get_ciphers(con); 3121 j = sk_SSL_CIPHER_num(sk); 3122 for (i = 0; i < j; i++) { 3123 c = sk_SSL_CIPHER_value(sk, i); 3124 BIO_printf(io, "%-11s:%-25s ", 3125 SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c)); 3126 if ((((i + 1) % 2) == 0) && (i + 1 != j)) 3127 BIO_puts(io, "\n"); 3128 } 3129 BIO_puts(io, "\n"); 3130 p = SSL_get_shared_ciphers(con, buf, bufsize); 3131 if (p != NULL) { 3132 BIO_printf(io, 3133 "---\nCiphers common between both SSL end points:\n"); 3134 j = i = 0; 3135 while (*p) { 3136 if (*p == ':') { 3137 BIO_write(io, space, 26 - j); 3138 i++; 3139 j = 0; 3140 BIO_write(io, ((i % 3) ? " " : "\n"), 1); 3141 } else { 3142 BIO_write(io, p, 1); 3143 j++; 3144 } 3145 p++; 3146 } 3147 BIO_puts(io, "\n"); 3148 } 3149 ssl_print_sigalgs(io, con); 3150 #ifndef OPENSSL_NO_EC 3151 ssl_print_groups(io, con, 0); 3152 #endif 3153 print_ca_names(io, con); 3154 BIO_printf(io, (SSL_session_reused(con) 3155 ? "---\nReused, " : "---\nNew, ")); 3156 c = SSL_get_current_cipher(con); 3157 BIO_printf(io, "%s, Cipher is %s\n", 3158 SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c)); 3159 SSL_SESSION_print(io, SSL_get_session(con)); 3160 BIO_printf(io, "---\n"); 3161 print_stats(io, SSL_get_SSL_CTX(con)); 3162 BIO_printf(io, "---\n"); 3163 peer = SSL_get_peer_certificate(con); 3164 if (peer != NULL) { 3165 BIO_printf(io, "Client certificate\n"); 3166 X509_print(io, peer); 3167 PEM_write_bio_X509(io, peer); 3168 X509_free(peer); 3169 peer = NULL; 3170 } else { 3171 BIO_puts(io, "no client certificate available\n"); 3172 } 3173 BIO_puts(io, "</pre></BODY></HTML>\r\n\r\n"); 3174 break; 3175 } else if ((www == 2 || www == 3) 3176 && (strncmp("GET /", buf, 5) == 0)) { 3177 BIO *file; 3178 char *p, *e; 3179 static const char *text = 3180 "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"; 3181 3182 /* skip the '/' */ 3183 p = &(buf[5]); 3184 3185 dot = 1; 3186 for (e = p; *e != '\0'; e++) { 3187 if (e[0] == ' ') 3188 break; 3189 3190 switch (dot) { 3191 case 1: 3192 dot = (e[0] == '.') ? 2 : 0; 3193 break; 3194 case 2: 3195 dot = (e[0] == '.') ? 3 : 0; 3196 break; 3197 case 3: 3198 dot = (e[0] == '/') ? -1 : 0; 3199 break; 3200 } 3201 if (dot == 0) 3202 dot = (e[0] == '/') ? 1 : 0; 3203 } 3204 dot = (dot == 3) || (dot == -1); /* filename contains ".." 3205 * component */ 3206 3207 if (*e == '\0') { 3208 BIO_puts(io, text); 3209 BIO_printf(io, "'%s' is an invalid file name\r\n", p); 3210 break; 3211 } 3212 *e = '\0'; 3213 3214 if (dot) { 3215 BIO_puts(io, text); 3216 BIO_printf(io, "'%s' contains '..' reference\r\n", p); 3217 break; 3218 } 3219 3220 if (*p == '/') { 3221 BIO_puts(io, text); 3222 BIO_printf(io, "'%s' is an invalid path\r\n", p); 3223 break; 3224 } 3225 3226 /* if a directory, do the index thang */ 3227 if (app_isdir(p) > 0) { 3228 BIO_puts(io, text); 3229 BIO_printf(io, "'%s' is a directory\r\n", p); 3230 break; 3231 } 3232 3233 if ((file = BIO_new_file(p, "r")) == NULL) { 3234 BIO_puts(io, text); 3235 BIO_printf(io, "Error opening '%s'\r\n", p); 3236 ERR_print_errors(io); 3237 break; 3238 } 3239 3240 if (!s_quiet) 3241 BIO_printf(bio_err, "FILE:%s\n", p); 3242 3243 if (www == 2) { 3244 i = strlen(p); 3245 if (((i > 5) && (strcmp(&(p[i - 5]), ".html") == 0)) || 3246 ((i > 4) && (strcmp(&(p[i - 4]), ".php") == 0)) || 3247 ((i > 4) && (strcmp(&(p[i - 4]), ".htm") == 0))) 3248 BIO_puts(io, 3249 "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); 3250 else 3251 BIO_puts(io, 3252 "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"); 3253 } 3254 /* send the file */ 3255 for (;;) { 3256 i = BIO_read(file, buf, bufsize); 3257 if (i <= 0) 3258 break; 3259 3260 #ifdef RENEG 3261 total_bytes += i; 3262 BIO_printf(bio_err, "%d\n", i); 3263 if (total_bytes > 3 * 1024) { 3264 total_bytes = 0; 3265 BIO_printf(bio_err, "RENEGOTIATE\n"); 3266 SSL_renegotiate(con); 3267 } 3268 #endif 3269 3270 for (j = 0; j < i;) { 3271 #ifdef RENEG 3272 static count = 0; 3273 if (++count == 13) { 3274 SSL_renegotiate(con); 3275 } 3276 #endif 3277 k = BIO_write(io, &(buf[j]), i - j); 3278 if (k <= 0) { 3279 if (!BIO_should_retry(io) 3280 && !SSL_waiting_for_async(con)) 3281 goto write_error; 3282 else { 3283 BIO_printf(bio_s_out, "rwrite W BLOCK\n"); 3284 } 3285 } else { 3286 j += k; 3287 } 3288 } 3289 } 3290 write_error: 3291 BIO_free(file); 3292 break; 3293 } 3294 } 3295 3296 for (;;) { 3297 i = (int)BIO_flush(io); 3298 if (i <= 0) { 3299 if (!BIO_should_retry(io)) 3300 break; 3301 } else 3302 break; 3303 } 3304 end: 3305 /* make sure we re-use sessions */ 3306 SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); 3307 3308 err: 3309 OPENSSL_free(buf); 3310 BIO_free_all(io); 3311 return ret; 3312 } 3313 3314 static int rev_body(int s, int stype, int prot, unsigned char *context) 3315 { 3316 char *buf = NULL; 3317 int i; 3318 int ret = 1; 3319 SSL *con; 3320 BIO *io, *ssl_bio, *sbio; 3321 3322 buf = app_malloc(bufsize, "server rev buffer"); 3323 io = BIO_new(BIO_f_buffer()); 3324 ssl_bio = BIO_new(BIO_f_ssl()); 3325 if ((io == NULL) || (ssl_bio == NULL)) 3326 goto err; 3327 3328 /* lets make the output buffer a reasonable size */ 3329 if (!BIO_set_write_buffer_size(io, bufsize)) 3330 goto err; 3331 3332 if ((con = SSL_new(ctx)) == NULL) 3333 goto err; 3334 3335 if (s_tlsextdebug) { 3336 SSL_set_tlsext_debug_callback(con, tlsext_cb); 3337 SSL_set_tlsext_debug_arg(con, bio_s_out); 3338 } 3339 if (context != NULL 3340 && !SSL_set_session_id_context(con, context, 3341 strlen((char *)context))) { 3342 SSL_free(con); 3343 ERR_print_errors(bio_err); 3344 goto err; 3345 } 3346 3347 sbio = BIO_new_socket(s, BIO_NOCLOSE); 3348 SSL_set_bio(con, sbio, sbio); 3349 SSL_set_accept_state(con); 3350 3351 /* No need to free |con| after this. Done by BIO_free(ssl_bio) */ 3352 BIO_set_ssl(ssl_bio, con, BIO_CLOSE); 3353 BIO_push(io, ssl_bio); 3354 #ifdef CHARSET_EBCDIC 3355 io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io); 3356 #endif 3357 3358 if (s_debug) { 3359 BIO_set_callback(SSL_get_rbio(con), bio_dump_callback); 3360 BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out); 3361 } 3362 if (s_msg) { 3363 #ifndef OPENSSL_NO_SSL_TRACE 3364 if (s_msg == 2) 3365 SSL_set_msg_callback(con, SSL_trace); 3366 else 3367 #endif 3368 SSL_set_msg_callback(con, msg_cb); 3369 SSL_set_msg_callback_arg(con, bio_s_msg ? bio_s_msg : bio_s_out); 3370 } 3371 3372 for (;;) { 3373 i = BIO_do_handshake(io); 3374 if (i > 0) 3375 break; 3376 if (!BIO_should_retry(io)) { 3377 BIO_puts(bio_err, "CONNECTION FAILURE\n"); 3378 ERR_print_errors(bio_err); 3379 goto end; 3380 } 3381 #ifndef OPENSSL_NO_SRP 3382 if (BIO_should_io_special(io) 3383 && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) { 3384 BIO_printf(bio_s_out, "LOOKUP renego during accept\n"); 3385 SRP_user_pwd_free(srp_callback_parm.user); 3386 srp_callback_parm.user = 3387 SRP_VBASE_get1_by_user(srp_callback_parm.vb, 3388 srp_callback_parm.login); 3389 if (srp_callback_parm.user) 3390 BIO_printf(bio_s_out, "LOOKUP done %s\n", 3391 srp_callback_parm.user->info); 3392 else 3393 BIO_printf(bio_s_out, "LOOKUP not successful\n"); 3394 continue; 3395 } 3396 #endif 3397 } 3398 BIO_printf(bio_err, "CONNECTION ESTABLISHED\n"); 3399 print_ssl_summary(con); 3400 3401 for (;;) { 3402 i = BIO_gets(io, buf, bufsize - 1); 3403 if (i < 0) { /* error */ 3404 if (!BIO_should_retry(io)) { 3405 if (!s_quiet) 3406 ERR_print_errors(bio_err); 3407 goto err; 3408 } else { 3409 BIO_printf(bio_s_out, "read R BLOCK\n"); 3410 #ifndef OPENSSL_NO_SRP 3411 if (BIO_should_io_special(io) 3412 && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) { 3413 BIO_printf(bio_s_out, "LOOKUP renego during read\n"); 3414 SRP_user_pwd_free(srp_callback_parm.user); 3415 srp_callback_parm.user = 3416 SRP_VBASE_get1_by_user(srp_callback_parm.vb, 3417 srp_callback_parm.login); 3418 if (srp_callback_parm.user) 3419 BIO_printf(bio_s_out, "LOOKUP done %s\n", 3420 srp_callback_parm.user->info); 3421 else 3422 BIO_printf(bio_s_out, "LOOKUP not successful\n"); 3423 continue; 3424 } 3425 #endif 3426 #if !defined(OPENSSL_SYS_MSDOS) 3427 sleep(1); 3428 #endif 3429 continue; 3430 } 3431 } else if (i == 0) { /* end of input */ 3432 ret = 1; 3433 BIO_printf(bio_err, "CONNECTION CLOSED\n"); 3434 goto end; 3435 } else { 3436 char *p = buf + i - 1; 3437 while (i && (*p == '\n' || *p == '\r')) { 3438 p--; 3439 i--; 3440 } 3441 if (!s_ign_eof && (i == 5) && (strncmp(buf, "CLOSE", 5) == 0)) { 3442 ret = 1; 3443 BIO_printf(bio_err, "CONNECTION CLOSED\n"); 3444 goto end; 3445 } 3446 BUF_reverse((unsigned char *)buf, NULL, i); 3447 buf[i] = '\n'; 3448 BIO_write(io, buf, i + 1); 3449 for (;;) { 3450 i = BIO_flush(io); 3451 if (i > 0) 3452 break; 3453 if (!BIO_should_retry(io)) 3454 goto end; 3455 } 3456 } 3457 } 3458 end: 3459 /* make sure we re-use sessions */ 3460 SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); 3461 3462 err: 3463 3464 OPENSSL_free(buf); 3465 BIO_free_all(io); 3466 return ret; 3467 } 3468 3469 #define MAX_SESSION_ID_ATTEMPTS 10 3470 static int generate_session_id(SSL *ssl, unsigned char *id, 3471 unsigned int *id_len) 3472 { 3473 unsigned int count = 0; 3474 do { 3475 if (RAND_bytes(id, *id_len) <= 0) 3476 return 0; 3477 /* 3478 * Prefix the session_id with the required prefix. NB: If our prefix 3479 * is too long, clip it - but there will be worse effects anyway, eg. 3480 * the server could only possibly create 1 session ID (ie. the 3481 * prefix!) so all future session negotiations will fail due to 3482 * conflicts. 3483 */ 3484 memcpy(id, session_id_prefix, 3485 (strlen(session_id_prefix) < *id_len) ? 3486 strlen(session_id_prefix) : *id_len); 3487 } 3488 while (SSL_has_matching_session_id(ssl, id, *id_len) && 3489 (++count < MAX_SESSION_ID_ATTEMPTS)); 3490 if (count >= MAX_SESSION_ID_ATTEMPTS) 3491 return 0; 3492 return 1; 3493 } 3494 3495 /* 3496 * By default s_server uses an in-memory cache which caches SSL_SESSION 3497 * structures without any serialisation. This hides some bugs which only 3498 * become apparent in deployed servers. By implementing a basic external 3499 * session cache some issues can be debugged using s_server. 3500 */ 3501 3502 typedef struct simple_ssl_session_st { 3503 unsigned char *id; 3504 unsigned int idlen; 3505 unsigned char *der; 3506 int derlen; 3507 struct simple_ssl_session_st *next; 3508 } simple_ssl_session; 3509 3510 static simple_ssl_session *first = NULL; 3511 3512 static int add_session(SSL *ssl, SSL_SESSION *session) 3513 { 3514 simple_ssl_session *sess = app_malloc(sizeof(*sess), "get session"); 3515 unsigned char *p; 3516 3517 SSL_SESSION_get_id(session, &sess->idlen); 3518 sess->derlen = i2d_SSL_SESSION(session, NULL); 3519 if (sess->derlen < 0) { 3520 BIO_printf(bio_err, "Error encoding session\n"); 3521 OPENSSL_free(sess); 3522 return 0; 3523 } 3524 3525 sess->id = OPENSSL_memdup(SSL_SESSION_get_id(session, NULL), sess->idlen); 3526 sess->der = app_malloc(sess->derlen, "get session buffer"); 3527 if (!sess->id) { 3528 BIO_printf(bio_err, "Out of memory adding to external cache\n"); 3529 OPENSSL_free(sess->id); 3530 OPENSSL_free(sess->der); 3531 OPENSSL_free(sess); 3532 return 0; 3533 } 3534 p = sess->der; 3535 3536 /* Assume it still works. */ 3537 if (i2d_SSL_SESSION(session, &p) != sess->derlen) { 3538 BIO_printf(bio_err, "Unexpected session encoding length\n"); 3539 OPENSSL_free(sess->id); 3540 OPENSSL_free(sess->der); 3541 OPENSSL_free(sess); 3542 return 0; 3543 } 3544 3545 sess->next = first; 3546 first = sess; 3547 BIO_printf(bio_err, "New session added to external cache\n"); 3548 return 0; 3549 } 3550 3551 static SSL_SESSION *get_session(SSL *ssl, const unsigned char *id, int idlen, 3552 int *do_copy) 3553 { 3554 simple_ssl_session *sess; 3555 *do_copy = 0; 3556 for (sess = first; sess; sess = sess->next) { 3557 if (idlen == (int)sess->idlen && !memcmp(sess->id, id, idlen)) { 3558 const unsigned char *p = sess->der; 3559 BIO_printf(bio_err, "Lookup session: cache hit\n"); 3560 return d2i_SSL_SESSION(NULL, &p, sess->derlen); 3561 } 3562 } 3563 BIO_printf(bio_err, "Lookup session: cache miss\n"); 3564 return NULL; 3565 } 3566 3567 static void del_session(SSL_CTX *sctx, SSL_SESSION *session) 3568 { 3569 simple_ssl_session *sess, *prev = NULL; 3570 const unsigned char *id; 3571 unsigned int idlen; 3572 id = SSL_SESSION_get_id(session, &idlen); 3573 for (sess = first; sess; sess = sess->next) { 3574 if (idlen == sess->idlen && !memcmp(sess->id, id, idlen)) { 3575 if (prev) 3576 prev->next = sess->next; 3577 else 3578 first = sess->next; 3579 OPENSSL_free(sess->id); 3580 OPENSSL_free(sess->der); 3581 OPENSSL_free(sess); 3582 return; 3583 } 3584 prev = sess; 3585 } 3586 } 3587 3588 static void init_session_cache_ctx(SSL_CTX *sctx) 3589 { 3590 SSL_CTX_set_session_cache_mode(sctx, 3591 SSL_SESS_CACHE_NO_INTERNAL | 3592 SSL_SESS_CACHE_SERVER); 3593 SSL_CTX_sess_set_new_cb(sctx, add_session); 3594 SSL_CTX_sess_set_get_cb(sctx, get_session); 3595 SSL_CTX_sess_set_remove_cb(sctx, del_session); 3596 } 3597 3598 static void free_sessions(void) 3599 { 3600 simple_ssl_session *sess, *tsess; 3601 for (sess = first; sess;) { 3602 OPENSSL_free(sess->id); 3603 OPENSSL_free(sess->der); 3604 tsess = sess; 3605 sess = sess->next; 3606 OPENSSL_free(tsess); 3607 } 3608 first = NULL; 3609 } 3610 3611 #endif /* OPENSSL_NO_SOCK */ 3612