1 /* 2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. 3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved 4 * Copyright 2005 Nokia. All rights reserved. 5 * 6 * Licensed under the OpenSSL license (the "License"). You may not use 7 * this file except in compliance with the License. You can obtain a copy 8 * in the file LICENSE in the source distribution or at 9 * https://www.openssl.org/source/license.html 10 */ 11 12 #include <ctype.h> 13 #include <stdio.h> 14 #include <stdlib.h> 15 #include <string.h> 16 #if defined(_WIN32) 17 /* Included before async.h to avoid some warnings */ 18 # include <windows.h> 19 #endif 20 21 #include <openssl/e_os2.h> 22 #include <openssl/async.h> 23 #include <openssl/ssl.h> 24 25 #ifndef OPENSSL_NO_SOCK 26 27 /* 28 * With IPv6, it looks like Digital has mixed up the proper order of 29 * recursive header file inclusion, resulting in the compiler complaining 30 * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is 31 * needed to have fileno() declared correctly... So let's define u_int 32 */ 33 #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) 34 # define __U_INT 35 typedef unsigned int u_int; 36 #endif 37 38 #include <openssl/bn.h> 39 #include "apps.h" 40 #include "progs.h" 41 #include <openssl/err.h> 42 #include <openssl/pem.h> 43 #include <openssl/x509.h> 44 #include <openssl/ssl.h> 45 #include <openssl/rand.h> 46 #include <openssl/ocsp.h> 47 #ifndef OPENSSL_NO_DH 48 # include <openssl/dh.h> 49 #endif 50 #ifndef OPENSSL_NO_RSA 51 # include <openssl/rsa.h> 52 #endif 53 #ifndef OPENSSL_NO_SRP 54 # include <openssl/srp.h> 55 #endif 56 #include "s_apps.h" 57 #include "timeouts.h" 58 #ifdef CHARSET_EBCDIC 59 #include <openssl/ebcdic.h> 60 #endif 61 #include "internal/sockets.h" 62 63 static int not_resumable_sess_cb(SSL *s, int is_forward_secure); 64 static int sv_body(int s, int stype, int prot, unsigned char *context); 65 static int www_body(int s, int stype, int prot, unsigned char *context); 66 static int rev_body(int s, int stype, int prot, unsigned char *context); 67 static void close_accept_socket(void); 68 static int init_ssl_connection(SSL *s); 69 static void print_stats(BIO *bp, SSL_CTX *ctx); 70 static int generate_session_id(SSL *ssl, unsigned char *id, 71 unsigned int *id_len); 72 static void init_session_cache_ctx(SSL_CTX *sctx); 73 static void free_sessions(void); 74 #ifndef OPENSSL_NO_DH 75 static DH *load_dh_param(const char *dhfile); 76 #endif 77 static void print_connection_info(SSL *con); 78 79 static const int bufsize = 16 * 1024; 80 static int accept_socket = -1; 81 82 #define TEST_CERT "server.pem" 83 #define TEST_CERT2 "server2.pem" 84 85 static int s_nbio = 0; 86 static int s_nbio_test = 0; 87 static int s_crlf = 0; 88 static SSL_CTX *ctx = NULL; 89 static SSL_CTX *ctx2 = NULL; 90 static int www = 0; 91 92 static BIO *bio_s_out = NULL; 93 static BIO *bio_s_msg = NULL; 94 static int s_debug = 0; 95 static int s_tlsextdebug = 0; 96 static int s_msg = 0; 97 static int s_quiet = 0; 98 static int s_ign_eof = 0; 99 static int s_brief = 0; 100 101 static char *keymatexportlabel = NULL; 102 static int keymatexportlen = 20; 103 104 static int async = 0; 105 106 static const char *session_id_prefix = NULL; 107 108 #ifndef OPENSSL_NO_DTLS 109 static int enable_timeouts = 0; 110 static long socket_mtu; 111 #endif 112 113 /* 114 * We define this but make it always be 0 in no-dtls builds to simplify the 115 * code. 116 */ 117 static int dtlslisten = 0; 118 static int stateless = 0; 119 120 static int early_data = 0; 121 static SSL_SESSION *psksess = NULL; 122 123 static char *psk_identity = "Client_identity"; 124 char *psk_key = NULL; /* by default PSK is not used */ 125 126 #ifndef OPENSSL_NO_PSK 127 static unsigned int psk_server_cb(SSL *ssl, const char *identity, 128 unsigned char *psk, 129 unsigned int max_psk_len) 130 { 131 long key_len = 0; 132 unsigned char *key; 133 134 if (s_debug) 135 BIO_printf(bio_s_out, "psk_server_cb\n"); 136 if (identity == NULL) { 137 BIO_printf(bio_err, "Error: client did not send PSK identity\n"); 138 goto out_err; 139 } 140 if (s_debug) 141 BIO_printf(bio_s_out, "identity_len=%d identity=%s\n", 142 (int)strlen(identity), identity); 143 144 /* here we could lookup the given identity e.g. from a database */ 145 if (strcmp(identity, psk_identity) != 0) { 146 BIO_printf(bio_s_out, "PSK warning: client identity not what we expected" 147 " (got '%s' expected '%s')\n", identity, psk_identity); 148 } else { 149 if (s_debug) 150 BIO_printf(bio_s_out, "PSK client identity found\n"); 151 } 152 153 /* convert the PSK key to binary */ 154 key = OPENSSL_hexstr2buf(psk_key, &key_len); 155 if (key == NULL) { 156 BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n", 157 psk_key); 158 return 0; 159 } 160 if (key_len > (int)max_psk_len) { 161 BIO_printf(bio_err, 162 "psk buffer of callback is too small (%d) for key (%ld)\n", 163 max_psk_len, key_len); 164 OPENSSL_free(key); 165 return 0; 166 } 167 168 memcpy(psk, key, key_len); 169 OPENSSL_free(key); 170 171 if (s_debug) 172 BIO_printf(bio_s_out, "fetched PSK len=%ld\n", key_len); 173 return key_len; 174 out_err: 175 if (s_debug) 176 BIO_printf(bio_err, "Error in PSK server callback\n"); 177 (void)BIO_flush(bio_err); 178 (void)BIO_flush(bio_s_out); 179 return 0; 180 } 181 #endif 182 183 static int psk_find_session_cb(SSL *ssl, const unsigned char *identity, 184 size_t identity_len, SSL_SESSION **sess) 185 { 186 SSL_SESSION *tmpsess = NULL; 187 unsigned char *key; 188 long key_len; 189 const SSL_CIPHER *cipher = NULL; 190 191 if (strlen(psk_identity) != identity_len 192 || memcmp(psk_identity, identity, identity_len) != 0) { 193 *sess = NULL; 194 return 1; 195 } 196 197 if (psksess != NULL) { 198 SSL_SESSION_up_ref(psksess); 199 *sess = psksess; 200 return 1; 201 } 202 203 key = OPENSSL_hexstr2buf(psk_key, &key_len); 204 if (key == NULL) { 205 BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n", 206 psk_key); 207 return 0; 208 } 209 210 /* We default to SHA256 */ 211 cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id); 212 if (cipher == NULL) { 213 BIO_printf(bio_err, "Error finding suitable ciphersuite\n"); 214 OPENSSL_free(key); 215 return 0; 216 } 217 218 tmpsess = SSL_SESSION_new(); 219 if (tmpsess == NULL 220 || !SSL_SESSION_set1_master_key(tmpsess, key, key_len) 221 || !SSL_SESSION_set_cipher(tmpsess, cipher) 222 || !SSL_SESSION_set_protocol_version(tmpsess, SSL_version(ssl))) { 223 OPENSSL_free(key); 224 return 0; 225 } 226 OPENSSL_free(key); 227 *sess = tmpsess; 228 229 return 1; 230 } 231 232 #ifndef OPENSSL_NO_SRP 233 /* This is a context that we pass to callbacks */ 234 typedef struct srpsrvparm_st { 235 char *login; 236 SRP_VBASE *vb; 237 SRP_user_pwd *user; 238 } srpsrvparm; 239 static srpsrvparm srp_callback_parm; 240 241 /* 242 * This callback pretends to require some asynchronous logic in order to 243 * obtain a verifier. When the callback is called for a new connection we 244 * return with a negative value. This will provoke the accept etc to return 245 * with an LOOKUP_X509. The main logic of the reinvokes the suspended call 246 * (which would normally occur after a worker has finished) and we set the 247 * user parameters. 248 */ 249 static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) 250 { 251 srpsrvparm *p = (srpsrvparm *) arg; 252 int ret = SSL3_AL_FATAL; 253 254 if (p->login == NULL && p->user == NULL) { 255 p->login = SSL_get_srp_username(s); 256 BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login); 257 return -1; 258 } 259 260 if (p->user == NULL) { 261 BIO_printf(bio_err, "User %s doesn't exist\n", p->login); 262 goto err; 263 } 264 265 if (SSL_set_srp_server_param 266 (s, p->user->N, p->user->g, p->user->s, p->user->v, 267 p->user->info) < 0) { 268 *ad = SSL_AD_INTERNAL_ERROR; 269 goto err; 270 } 271 BIO_printf(bio_err, 272 "SRP parameters set: username = \"%s\" info=\"%s\" \n", 273 p->login, p->user->info); 274 ret = SSL_ERROR_NONE; 275 276 err: 277 SRP_user_pwd_free(p->user); 278 p->user = NULL; 279 p->login = NULL; 280 return ret; 281 } 282 283 #endif 284 285 static int local_argc = 0; 286 static char **local_argv; 287 288 #ifdef CHARSET_EBCDIC 289 static int ebcdic_new(BIO *bi); 290 static int ebcdic_free(BIO *a); 291 static int ebcdic_read(BIO *b, char *out, int outl); 292 static int ebcdic_write(BIO *b, const char *in, int inl); 293 static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr); 294 static int ebcdic_gets(BIO *bp, char *buf, int size); 295 static int ebcdic_puts(BIO *bp, const char *str); 296 297 # define BIO_TYPE_EBCDIC_FILTER (18|0x0200) 298 static BIO_METHOD *methods_ebcdic = NULL; 299 300 /* This struct is "unwarranted chumminess with the compiler." */ 301 typedef struct { 302 size_t alloced; 303 char buff[1]; 304 } EBCDIC_OUTBUFF; 305 306 static const BIO_METHOD *BIO_f_ebcdic_filter() 307 { 308 if (methods_ebcdic == NULL) { 309 methods_ebcdic = BIO_meth_new(BIO_TYPE_EBCDIC_FILTER, 310 "EBCDIC/ASCII filter"); 311 if (methods_ebcdic == NULL 312 || !BIO_meth_set_write(methods_ebcdic, ebcdic_write) 313 || !BIO_meth_set_read(methods_ebcdic, ebcdic_read) 314 || !BIO_meth_set_puts(methods_ebcdic, ebcdic_puts) 315 || !BIO_meth_set_gets(methods_ebcdic, ebcdic_gets) 316 || !BIO_meth_set_ctrl(methods_ebcdic, ebcdic_ctrl) 317 || !BIO_meth_set_create(methods_ebcdic, ebcdic_new) 318 || !BIO_meth_set_destroy(methods_ebcdic, ebcdic_free)) 319 return NULL; 320 } 321 return methods_ebcdic; 322 } 323 324 static int ebcdic_new(BIO *bi) 325 { 326 EBCDIC_OUTBUFF *wbuf; 327 328 wbuf = app_malloc(sizeof(*wbuf) + 1024, "ebcdic wbuf"); 329 wbuf->alloced = 1024; 330 wbuf->buff[0] = '\0'; 331 332 BIO_set_data(bi, wbuf); 333 BIO_set_init(bi, 1); 334 return 1; 335 } 336 337 static int ebcdic_free(BIO *a) 338 { 339 EBCDIC_OUTBUFF *wbuf; 340 341 if (a == NULL) 342 return 0; 343 wbuf = BIO_get_data(a); 344 OPENSSL_free(wbuf); 345 BIO_set_data(a, NULL); 346 BIO_set_init(a, 0); 347 348 return 1; 349 } 350 351 static int ebcdic_read(BIO *b, char *out, int outl) 352 { 353 int ret = 0; 354 BIO *next = BIO_next(b); 355 356 if (out == NULL || outl == 0) 357 return 0; 358 if (next == NULL) 359 return 0; 360 361 ret = BIO_read(next, out, outl); 362 if (ret > 0) 363 ascii2ebcdic(out, out, ret); 364 return ret; 365 } 366 367 static int ebcdic_write(BIO *b, const char *in, int inl) 368 { 369 EBCDIC_OUTBUFF *wbuf; 370 BIO *next = BIO_next(b); 371 int ret = 0; 372 int num; 373 374 if ((in == NULL) || (inl <= 0)) 375 return 0; 376 if (next == NULL) 377 return 0; 378 379 wbuf = (EBCDIC_OUTBUFF *) BIO_get_data(b); 380 381 if (inl > (num = wbuf->alloced)) { 382 num = num + num; /* double the size */ 383 if (num < inl) 384 num = inl; 385 OPENSSL_free(wbuf); 386 wbuf = app_malloc(sizeof(*wbuf) + num, "grow ebcdic wbuf"); 387 388 wbuf->alloced = num; 389 wbuf->buff[0] = '\0'; 390 391 BIO_set_data(b, wbuf); 392 } 393 394 ebcdic2ascii(wbuf->buff, in, inl); 395 396 ret = BIO_write(next, wbuf->buff, inl); 397 398 return ret; 399 } 400 401 static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr) 402 { 403 long ret; 404 BIO *next = BIO_next(b); 405 406 if (next == NULL) 407 return 0; 408 switch (cmd) { 409 case BIO_CTRL_DUP: 410 ret = 0L; 411 break; 412 default: 413 ret = BIO_ctrl(next, cmd, num, ptr); 414 break; 415 } 416 return ret; 417 } 418 419 static int ebcdic_gets(BIO *bp, char *buf, int size) 420 { 421 int i, ret = 0; 422 BIO *next = BIO_next(bp); 423 424 if (next == NULL) 425 return 0; 426 /* return(BIO_gets(bp->next_bio,buf,size));*/ 427 for (i = 0; i < size - 1; ++i) { 428 ret = ebcdic_read(bp, &buf[i], 1); 429 if (ret <= 0) 430 break; 431 else if (buf[i] == '\n') { 432 ++i; 433 break; 434 } 435 } 436 if (i < size) 437 buf[i] = '\0'; 438 return (ret < 0 && i == 0) ? ret : i; 439 } 440 441 static int ebcdic_puts(BIO *bp, const char *str) 442 { 443 if (BIO_next(bp) == NULL) 444 return 0; 445 return ebcdic_write(bp, str, strlen(str)); 446 } 447 #endif 448 449 /* This is a context that we pass to callbacks */ 450 typedef struct tlsextctx_st { 451 char *servername; 452 BIO *biodebug; 453 int extension_error; 454 } tlsextctx; 455 456 static int ssl_servername_cb(SSL *s, int *ad, void *arg) 457 { 458 tlsextctx *p = (tlsextctx *) arg; 459 const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); 460 461 if (servername != NULL && p->biodebug != NULL) { 462 const char *cp = servername; 463 unsigned char uc; 464 465 BIO_printf(p->biodebug, "Hostname in TLS extension: \""); 466 while ((uc = *cp++) != 0) 467 BIO_printf(p->biodebug, 468 isascii(uc) && isprint(uc) ? "%c" : "\\x%02x", uc); 469 BIO_printf(p->biodebug, "\"\n"); 470 } 471 472 if (p->servername == NULL) 473 return SSL_TLSEXT_ERR_NOACK; 474 475 if (servername != NULL) { 476 if (strcasecmp(servername, p->servername)) 477 return p->extension_error; 478 if (ctx2 != NULL) { 479 BIO_printf(p->biodebug, "Switching server context.\n"); 480 SSL_set_SSL_CTX(s, ctx2); 481 } 482 } 483 return SSL_TLSEXT_ERR_OK; 484 } 485 486 /* Structure passed to cert status callback */ 487 typedef struct tlsextstatusctx_st { 488 int timeout; 489 /* File to load OCSP Response from (or NULL if no file) */ 490 char *respin; 491 /* Default responder to use */ 492 char *host, *path, *port; 493 int use_ssl; 494 int verbose; 495 } tlsextstatusctx; 496 497 static tlsextstatusctx tlscstatp = { -1 }; 498 499 #ifndef OPENSSL_NO_OCSP 500 501 /* 502 * Helper function to get an OCSP_RESPONSE from a responder. This is a 503 * simplified version. It examines certificates each time and makes one OCSP 504 * responder query for each request. A full version would store details such as 505 * the OCSP certificate IDs and minimise the number of OCSP responses by caching 506 * them until they were considered "expired". 507 */ 508 static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx, 509 OCSP_RESPONSE **resp) 510 { 511 char *host = NULL, *port = NULL, *path = NULL; 512 int use_ssl; 513 STACK_OF(OPENSSL_STRING) *aia = NULL; 514 X509 *x = NULL; 515 X509_STORE_CTX *inctx = NULL; 516 X509_OBJECT *obj; 517 OCSP_REQUEST *req = NULL; 518 OCSP_CERTID *id = NULL; 519 STACK_OF(X509_EXTENSION) *exts; 520 int ret = SSL_TLSEXT_ERR_NOACK; 521 int i; 522 523 /* Build up OCSP query from server certificate */ 524 x = SSL_get_certificate(s); 525 aia = X509_get1_ocsp(x); 526 if (aia != NULL) { 527 if (!OCSP_parse_url(sk_OPENSSL_STRING_value(aia, 0), 528 &host, &port, &path, &use_ssl)) { 529 BIO_puts(bio_err, "cert_status: can't parse AIA URL\n"); 530 goto err; 531 } 532 if (srctx->verbose) 533 BIO_printf(bio_err, "cert_status: AIA URL: %s\n", 534 sk_OPENSSL_STRING_value(aia, 0)); 535 } else { 536 if (srctx->host == NULL) { 537 BIO_puts(bio_err, 538 "cert_status: no AIA and no default responder URL\n"); 539 goto done; 540 } 541 host = srctx->host; 542 path = srctx->path; 543 port = srctx->port; 544 use_ssl = srctx->use_ssl; 545 } 546 547 inctx = X509_STORE_CTX_new(); 548 if (inctx == NULL) 549 goto err; 550 if (!X509_STORE_CTX_init(inctx, 551 SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)), 552 NULL, NULL)) 553 goto err; 554 obj = X509_STORE_CTX_get_obj_by_subject(inctx, X509_LU_X509, 555 X509_get_issuer_name(x)); 556 if (obj == NULL) { 557 BIO_puts(bio_err, "cert_status: Can't retrieve issuer certificate.\n"); 558 goto done; 559 } 560 id = OCSP_cert_to_id(NULL, x, X509_OBJECT_get0_X509(obj)); 561 X509_OBJECT_free(obj); 562 if (id == NULL) 563 goto err; 564 req = OCSP_REQUEST_new(); 565 if (req == NULL) 566 goto err; 567 if (!OCSP_request_add0_id(req, id)) 568 goto err; 569 id = NULL; 570 /* Add any extensions to the request */ 571 SSL_get_tlsext_status_exts(s, &exts); 572 for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) { 573 X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i); 574 if (!OCSP_REQUEST_add_ext(req, ext, -1)) 575 goto err; 576 } 577 *resp = process_responder(req, host, path, port, use_ssl, NULL, 578 srctx->timeout); 579 if (*resp == NULL) { 580 BIO_puts(bio_err, "cert_status: error querying responder\n"); 581 goto done; 582 } 583 584 ret = SSL_TLSEXT_ERR_OK; 585 goto done; 586 587 err: 588 ret = SSL_TLSEXT_ERR_ALERT_FATAL; 589 done: 590 /* 591 * If we parsed aia we need to free; otherwise they were copied and we 592 * don't 593 */ 594 if (aia != NULL) { 595 OPENSSL_free(host); 596 OPENSSL_free(path); 597 OPENSSL_free(port); 598 X509_email_free(aia); 599 } 600 OCSP_CERTID_free(id); 601 OCSP_REQUEST_free(req); 602 X509_STORE_CTX_free(inctx); 603 return ret; 604 } 605 606 /* 607 * Certificate Status callback. This is called when a client includes a 608 * certificate status request extension. The response is either obtained from a 609 * file, or from an OCSP responder. 610 */ 611 static int cert_status_cb(SSL *s, void *arg) 612 { 613 tlsextstatusctx *srctx = arg; 614 OCSP_RESPONSE *resp = NULL; 615 unsigned char *rspder = NULL; 616 int rspderlen; 617 int ret = SSL_TLSEXT_ERR_ALERT_FATAL; 618 619 if (srctx->verbose) 620 BIO_puts(bio_err, "cert_status: callback called\n"); 621 622 if (srctx->respin != NULL) { 623 BIO *derbio = bio_open_default(srctx->respin, 'r', FORMAT_ASN1); 624 if (derbio == NULL) { 625 BIO_puts(bio_err, "cert_status: Cannot open OCSP response file\n"); 626 goto err; 627 } 628 resp = d2i_OCSP_RESPONSE_bio(derbio, NULL); 629 BIO_free(derbio); 630 if (resp == NULL) { 631 BIO_puts(bio_err, "cert_status: Error reading OCSP response\n"); 632 goto err; 633 } 634 } else { 635 ret = get_ocsp_resp_from_responder(s, srctx, &resp); 636 if (ret != SSL_TLSEXT_ERR_OK) 637 goto err; 638 } 639 640 rspderlen = i2d_OCSP_RESPONSE(resp, &rspder); 641 if (rspderlen <= 0) 642 goto err; 643 644 SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen); 645 if (srctx->verbose) { 646 BIO_puts(bio_err, "cert_status: ocsp response sent:\n"); 647 OCSP_RESPONSE_print(bio_err, resp, 2); 648 } 649 650 ret = SSL_TLSEXT_ERR_OK; 651 652 err: 653 if (ret != SSL_TLSEXT_ERR_OK) 654 ERR_print_errors(bio_err); 655 656 OCSP_RESPONSE_free(resp); 657 658 return ret; 659 } 660 #endif 661 662 #ifndef OPENSSL_NO_NEXTPROTONEG 663 /* This is the context that we pass to next_proto_cb */ 664 typedef struct tlsextnextprotoctx_st { 665 unsigned char *data; 666 size_t len; 667 } tlsextnextprotoctx; 668 669 static int next_proto_cb(SSL *s, const unsigned char **data, 670 unsigned int *len, void *arg) 671 { 672 tlsextnextprotoctx *next_proto = arg; 673 674 *data = next_proto->data; 675 *len = next_proto->len; 676 677 return SSL_TLSEXT_ERR_OK; 678 } 679 #endif /* ndef OPENSSL_NO_NEXTPROTONEG */ 680 681 /* This the context that we pass to alpn_cb */ 682 typedef struct tlsextalpnctx_st { 683 unsigned char *data; 684 size_t len; 685 } tlsextalpnctx; 686 687 static int alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen, 688 const unsigned char *in, unsigned int inlen, void *arg) 689 { 690 tlsextalpnctx *alpn_ctx = arg; 691 692 if (!s_quiet) { 693 /* We can assume that |in| is syntactically valid. */ 694 unsigned int i; 695 BIO_printf(bio_s_out, "ALPN protocols advertised by the client: "); 696 for (i = 0; i < inlen;) { 697 if (i) 698 BIO_write(bio_s_out, ", ", 2); 699 BIO_write(bio_s_out, &in[i + 1], in[i]); 700 i += in[i] + 1; 701 } 702 BIO_write(bio_s_out, "\n", 1); 703 } 704 705 if (SSL_select_next_proto 706 ((unsigned char **)out, outlen, alpn_ctx->data, alpn_ctx->len, in, 707 inlen) != OPENSSL_NPN_NEGOTIATED) { 708 return SSL_TLSEXT_ERR_NOACK; 709 } 710 711 if (!s_quiet) { 712 BIO_printf(bio_s_out, "ALPN protocols selected: "); 713 BIO_write(bio_s_out, *out, *outlen); 714 BIO_write(bio_s_out, "\n", 1); 715 } 716 717 return SSL_TLSEXT_ERR_OK; 718 } 719 720 static int not_resumable_sess_cb(SSL *s, int is_forward_secure) 721 { 722 /* disable resumption for sessions with forward secure ciphers */ 723 return is_forward_secure; 724 } 725 726 typedef enum OPTION_choice { 727 OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ENGINE, 728 OPT_4, OPT_6, OPT_ACCEPT, OPT_PORT, OPT_UNIX, OPT_UNLINK, OPT_NACCEPT, 729 OPT_VERIFY, OPT_NAMEOPT, OPT_UPPER_V_VERIFY, OPT_CONTEXT, OPT_CERT, OPT_CRL, 730 OPT_CRL_DOWNLOAD, OPT_SERVERINFO, OPT_CERTFORM, OPT_KEY, OPT_KEYFORM, 731 OPT_PASS, OPT_CERT_CHAIN, OPT_DHPARAM, OPT_DCERTFORM, OPT_DCERT, 732 OPT_DKEYFORM, OPT_DPASS, OPT_DKEY, OPT_DCERT_CHAIN, OPT_NOCERT, 733 OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH, OPT_NO_CACHE, 734 OPT_EXT_CACHE, OPT_CRLFORM, OPT_VERIFY_RET_ERROR, OPT_VERIFY_QUIET, 735 OPT_BUILD_CHAIN, OPT_CAFILE, OPT_NOCAFILE, OPT_CHAINCAFILE, 736 OPT_VERIFYCAFILE, OPT_NBIO, OPT_NBIO_TEST, OPT_IGN_EOF, OPT_NO_IGN_EOF, 737 OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_STATUS, OPT_STATUS_VERBOSE, 738 OPT_STATUS_TIMEOUT, OPT_STATUS_URL, OPT_STATUS_FILE, OPT_MSG, OPT_MSGFILE, 739 OPT_TRACE, OPT_SECURITY_DEBUG, OPT_SECURITY_DEBUG_VERBOSE, OPT_STATE, 740 OPT_CRLF, OPT_QUIET, OPT_BRIEF, OPT_NO_DHE, 741 OPT_NO_RESUME_EPHEMERAL, OPT_PSK_IDENTITY, OPT_PSK_HINT, OPT_PSK, 742 OPT_PSK_SESS, OPT_SRPVFILE, OPT_SRPUSERSEED, OPT_REV, OPT_WWW, 743 OPT_UPPER_WWW, OPT_HTTP, OPT_ASYNC, OPT_SSL_CONFIG, 744 OPT_MAX_SEND_FRAG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF, 745 OPT_SSL3, OPT_TLS1_3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, 746 OPT_DTLS1_2, OPT_SCTP, OPT_TIMEOUT, OPT_MTU, OPT_LISTEN, OPT_STATELESS, 747 OPT_ID_PREFIX, OPT_SERVERNAME, OPT_SERVERNAME_FATAL, 748 OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN, 749 OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, 750 OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_RECV_MAX_EARLY, OPT_EARLY_DATA, 751 OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, OPT_SCTP_LABEL_BUG, 752 OPT_R_ENUM, 753 OPT_S_ENUM, 754 OPT_V_ENUM, 755 OPT_X_ENUM 756 } OPTION_CHOICE; 757 758 const OPTIONS s_server_options[] = { 759 {"help", OPT_HELP, '-', "Display this summary"}, 760 {"port", OPT_PORT, 'p', 761 "TCP/IP port to listen on for connections (default is " PORT ")"}, 762 {"accept", OPT_ACCEPT, 's', 763 "TCP/IP optional host and port to listen on for connections (default is *:" PORT ")"}, 764 #ifdef AF_UNIX 765 {"unix", OPT_UNIX, 's', "Unix domain socket to accept on"}, 766 #endif 767 {"4", OPT_4, '-', "Use IPv4 only"}, 768 {"6", OPT_6, '-', "Use IPv6 only"}, 769 #ifdef AF_UNIX 770 {"unlink", OPT_UNLINK, '-', "For -unix, unlink existing socket first"}, 771 #endif 772 {"context", OPT_CONTEXT, 's', "Set session ID context"}, 773 {"verify", OPT_VERIFY, 'n', "Turn on peer certificate verification"}, 774 {"Verify", OPT_UPPER_V_VERIFY, 'n', 775 "Turn on peer certificate verification, must have a cert"}, 776 {"cert", OPT_CERT, '<', "Certificate file to use; default is " TEST_CERT}, 777 {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"}, 778 {"naccept", OPT_NACCEPT, 'p', "Terminate after #num connections"}, 779 {"serverinfo", OPT_SERVERINFO, 's', 780 "PEM serverinfo file for certificate"}, 781 {"certform", OPT_CERTFORM, 'F', 782 "Certificate format (PEM or DER) PEM default"}, 783 {"key", OPT_KEY, 's', 784 "Private Key if not in -cert; default is " TEST_CERT}, 785 {"keyform", OPT_KEYFORM, 'f', 786 "Key format (PEM, DER or ENGINE) PEM default"}, 787 {"pass", OPT_PASS, 's', "Private key file pass phrase source"}, 788 {"dcert", OPT_DCERT, '<', 789 "Second certificate file to use (usually for DSA)"}, 790 {"dhparam", OPT_DHPARAM, '<', "DH parameters file to use"}, 791 {"dcertform", OPT_DCERTFORM, 'F', 792 "Second certificate format (PEM or DER) PEM default"}, 793 {"dkey", OPT_DKEY, '<', 794 "Second private key file to use (usually for DSA)"}, 795 {"dkeyform", OPT_DKEYFORM, 'F', 796 "Second key format (PEM, DER or ENGINE) PEM default"}, 797 {"dpass", OPT_DPASS, 's', "Second private key file pass phrase source"}, 798 {"nbio_test", OPT_NBIO_TEST, '-', "Test with the non-blocking test bio"}, 799 {"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"}, 800 {"debug", OPT_DEBUG, '-', "Print more output"}, 801 {"msg", OPT_MSG, '-', "Show protocol messages"}, 802 {"msgfile", OPT_MSGFILE, '>', 803 "File to send output of -msg or -trace, instead of stdout"}, 804 {"state", OPT_STATE, '-', "Print the SSL states"}, 805 {"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"}, 806 {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"}, 807 {"no-CAfile", OPT_NOCAFILE, '-', 808 "Do not load the default certificates file"}, 809 {"no-CApath", OPT_NOCAPATH, '-', 810 "Do not load certificates from the default certificates directory"}, 811 {"nocert", OPT_NOCERT, '-', "Don't use any certificates (Anon-DH)"}, 812 {"quiet", OPT_QUIET, '-', "No server output"}, 813 {"no_resume_ephemeral", OPT_NO_RESUME_EPHEMERAL, '-', 814 "Disable caching and tickets if ephemeral (EC)DH is used"}, 815 {"www", OPT_WWW, '-', "Respond to a 'GET /' with a status page"}, 816 {"WWW", OPT_UPPER_WWW, '-', "Respond to a 'GET with the file ./path"}, 817 {"servername", OPT_SERVERNAME, 's', 818 "Servername for HostName TLS extension"}, 819 {"servername_fatal", OPT_SERVERNAME_FATAL, '-', 820 "mismatch send fatal alert (default warning alert)"}, 821 {"cert2", OPT_CERT2, '<', 822 "Certificate file to use for servername; default is" TEST_CERT2}, 823 {"key2", OPT_KEY2, '<', 824 "-Private Key file to use for servername if not in -cert2"}, 825 {"tlsextdebug", OPT_TLSEXTDEBUG, '-', 826 "Hex dump of all TLS extensions received"}, 827 {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path includes HTTP headers"}, 828 {"id_prefix", OPT_ID_PREFIX, 's', 829 "Generate SSL/TLS session IDs prefixed by arg"}, 830 OPT_R_OPTIONS, 831 {"keymatexport", OPT_KEYMATEXPORT, 's', 832 "Export keying material using label"}, 833 {"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p', 834 "Export len bytes of keying material (default 20)"}, 835 {"CRL", OPT_CRL, '<', "CRL file to use"}, 836 {"crl_download", OPT_CRL_DOWNLOAD, '-', 837 "Download CRL from distribution points"}, 838 {"cert_chain", OPT_CERT_CHAIN, '<', 839 "certificate chain file in PEM format"}, 840 {"dcert_chain", OPT_DCERT_CHAIN, '<', 841 "second certificate chain file in PEM format"}, 842 {"chainCApath", OPT_CHAINCAPATH, '/', 843 "use dir as certificate store path to build CA certificate chain"}, 844 {"verifyCApath", OPT_VERIFYCAPATH, '/', 845 "use dir as certificate store path to verify CA certificate"}, 846 {"no_cache", OPT_NO_CACHE, '-', "Disable session cache"}, 847 {"ext_cache", OPT_EXT_CACHE, '-', 848 "Disable internal cache, setup and use external cache"}, 849 {"CRLform", OPT_CRLFORM, 'F', "CRL format (PEM or DER) PEM is default"}, 850 {"verify_return_error", OPT_VERIFY_RET_ERROR, '-', 851 "Close connection on verification error"}, 852 {"verify_quiet", OPT_VERIFY_QUIET, '-', 853 "No verify output except verify errors"}, 854 {"build_chain", OPT_BUILD_CHAIN, '-', "Build certificate chain"}, 855 {"chainCAfile", OPT_CHAINCAFILE, '<', 856 "CA file for certificate chain (PEM format)"}, 857 {"verifyCAfile", OPT_VERIFYCAFILE, '<', 858 "CA file for certificate verification (PEM format)"}, 859 {"ign_eof", OPT_IGN_EOF, '-', "ignore input eof (default when -quiet)"}, 860 {"no_ign_eof", OPT_NO_IGN_EOF, '-', "Do not ignore input eof"}, 861 #ifndef OPENSSL_NO_OCSP 862 {"status", OPT_STATUS, '-', "Request certificate status from server"}, 863 {"status_verbose", OPT_STATUS_VERBOSE, '-', 864 "Print more output in certificate status callback"}, 865 {"status_timeout", OPT_STATUS_TIMEOUT, 'n', 866 "Status request responder timeout"}, 867 {"status_url", OPT_STATUS_URL, 's', "Status request fallback URL"}, 868 {"status_file", OPT_STATUS_FILE, '<', 869 "File containing DER encoded OCSP Response"}, 870 #endif 871 #ifndef OPENSSL_NO_SSL_TRACE 872 {"trace", OPT_TRACE, '-', "trace protocol messages"}, 873 #endif 874 {"security_debug", OPT_SECURITY_DEBUG, '-', 875 "Print output from SSL/TLS security framework"}, 876 {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-', 877 "Print more output from SSL/TLS security framework"}, 878 {"brief", OPT_BRIEF, '-', 879 "Restrict output to brief summary of connection parameters"}, 880 {"rev", OPT_REV, '-', 881 "act as a simple test server which just sends back with the received text reversed"}, 882 {"async", OPT_ASYNC, '-', "Operate in asynchronous mode"}, 883 {"ssl_config", OPT_SSL_CONFIG, 's', 884 "Configure SSL_CTX using the configuration 'val'"}, 885 {"max_send_frag", OPT_MAX_SEND_FRAG, 'p', "Maximum Size of send frames "}, 886 {"split_send_frag", OPT_SPLIT_SEND_FRAG, 'p', 887 "Size used to split data for encrypt pipelines"}, 888 {"max_pipelines", OPT_MAX_PIPELINES, 'p', 889 "Maximum number of encrypt/decrypt pipelines to be used"}, 890 {"read_buf", OPT_READ_BUF, 'p', 891 "Default read buffer size to be used for connections"}, 892 OPT_S_OPTIONS, 893 OPT_V_OPTIONS, 894 OPT_X_OPTIONS, 895 {"nbio", OPT_NBIO, '-', "Use non-blocking IO"}, 896 {"psk_identity", OPT_PSK_IDENTITY, 's', "PSK identity to expect"}, 897 #ifndef OPENSSL_NO_PSK 898 {"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"}, 899 #endif 900 {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"}, 901 {"psk_session", OPT_PSK_SESS, '<', "File to read PSK SSL session from"}, 902 #ifndef OPENSSL_NO_SRP 903 {"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"}, 904 {"srpuserseed", OPT_SRPUSERSEED, 's', 905 "A seed string for a default user salt"}, 906 #endif 907 #ifndef OPENSSL_NO_SSL3 908 {"ssl3", OPT_SSL3, '-', "Just talk SSLv3"}, 909 #endif 910 #ifndef OPENSSL_NO_TLS1 911 {"tls1", OPT_TLS1, '-', "Just talk TLSv1"}, 912 #endif 913 #ifndef OPENSSL_NO_TLS1_1 914 {"tls1_1", OPT_TLS1_1, '-', "Just talk TLSv1.1"}, 915 #endif 916 #ifndef OPENSSL_NO_TLS1_2 917 {"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"}, 918 #endif 919 #ifndef OPENSSL_NO_TLS1_3 920 {"tls1_3", OPT_TLS1_3, '-', "just talk TLSv1.3"}, 921 #endif 922 #ifndef OPENSSL_NO_DTLS 923 {"dtls", OPT_DTLS, '-', "Use any DTLS version"}, 924 {"timeout", OPT_TIMEOUT, '-', "Enable timeouts"}, 925 {"mtu", OPT_MTU, 'p', "Set link layer MTU"}, 926 {"listen", OPT_LISTEN, '-', 927 "Listen for a DTLS ClientHello with a cookie and then connect"}, 928 #endif 929 {"stateless", OPT_STATELESS, '-', "Require TLSv1.3 cookies"}, 930 #ifndef OPENSSL_NO_DTLS1 931 {"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"}, 932 #endif 933 #ifndef OPENSSL_NO_DTLS1_2 934 {"dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2"}, 935 #endif 936 #ifndef OPENSSL_NO_SCTP 937 {"sctp", OPT_SCTP, '-', "Use SCTP"}, 938 {"sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length bug"}, 939 #endif 940 #ifndef OPENSSL_NO_DH 941 {"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"}, 942 #endif 943 #ifndef OPENSSL_NO_NEXTPROTONEG 944 {"nextprotoneg", OPT_NEXTPROTONEG, 's', 945 "Set the advertised protocols for the NPN extension (comma-separated list)"}, 946 #endif 947 #ifndef OPENSSL_NO_SRTP 948 {"use_srtp", OPT_SRTP_PROFILES, 's', 949 "Offer SRTP key management with a colon-separated profile list"}, 950 #endif 951 {"alpn", OPT_ALPN, 's', 952 "Set the advertised protocols for the ALPN extension (comma-separated list)"}, 953 #ifndef OPENSSL_NO_ENGINE 954 {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, 955 #endif 956 {"keylogfile", OPT_KEYLOG_FILE, '>', "Write TLS secrets to file"}, 957 {"max_early_data", OPT_MAX_EARLY, 'n', 958 "The maximum number of bytes of early data as advertised in tickets"}, 959 {"recv_max_early_data", OPT_RECV_MAX_EARLY, 'n', 960 "The maximum number of bytes of early data (hard limit)"}, 961 {"early_data", OPT_EARLY_DATA, '-', "Attempt to read early data"}, 962 {"num_tickets", OPT_S_NUM_TICKETS, 'n', 963 "The number of TLSv1.3 session tickets that a server will automatically issue" }, 964 {"anti_replay", OPT_ANTI_REPLAY, '-', "Switch on anti-replay protection (default)"}, 965 {"no_anti_replay", OPT_NO_ANTI_REPLAY, '-', "Switch off anti-replay protection"}, 966 {NULL, OPT_EOF, 0, NULL} 967 }; 968 969 #define IS_PROT_FLAG(o) \ 970 (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \ 971 || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2) 972 973 int s_server_main(int argc, char *argv[]) 974 { 975 ENGINE *engine = NULL; 976 EVP_PKEY *s_key = NULL, *s_dkey = NULL; 977 SSL_CONF_CTX *cctx = NULL; 978 const SSL_METHOD *meth = TLS_server_method(); 979 SSL_EXCERT *exc = NULL; 980 STACK_OF(OPENSSL_STRING) *ssl_args = NULL; 981 STACK_OF(X509) *s_chain = NULL, *s_dchain = NULL; 982 STACK_OF(X509_CRL) *crls = NULL; 983 X509 *s_cert = NULL, *s_dcert = NULL; 984 X509_VERIFY_PARAM *vpm = NULL; 985 const char *CApath = NULL, *CAfile = NULL, *chCApath = NULL, *chCAfile = NULL; 986 char *dpassarg = NULL, *dpass = NULL; 987 char *passarg = NULL, *pass = NULL, *vfyCApath = NULL, *vfyCAfile = NULL; 988 char *crl_file = NULL, *prog; 989 #ifdef AF_UNIX 990 int unlink_unix_path = 0; 991 #endif 992 do_server_cb server_cb; 993 int vpmtouched = 0, build_chain = 0, no_cache = 0, ext_cache = 0; 994 #ifndef OPENSSL_NO_DH 995 char *dhfile = NULL; 996 int no_dhe = 0; 997 #endif 998 int nocert = 0, ret = 1; 999 int noCApath = 0, noCAfile = 0; 1000 int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; 1001 int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM; 1002 int rev = 0, naccept = -1, sdebug = 0; 1003 int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM, protocol = 0; 1004 int state = 0, crl_format = FORMAT_PEM, crl_download = 0; 1005 char *host = NULL; 1006 char *port = BUF_strdup(PORT); 1007 unsigned char *context = NULL; 1008 OPTION_CHOICE o; 1009 EVP_PKEY *s_key2 = NULL; 1010 X509 *s_cert2 = NULL; 1011 tlsextctx tlsextcbp = { NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING }; 1012 const char *ssl_config = NULL; 1013 int read_buf_len = 0; 1014 #ifndef OPENSSL_NO_NEXTPROTONEG 1015 const char *next_proto_neg_in = NULL; 1016 tlsextnextprotoctx next_proto = { NULL, 0 }; 1017 #endif 1018 const char *alpn_in = NULL; 1019 tlsextalpnctx alpn_ctx = { NULL, 0 }; 1020 #ifndef OPENSSL_NO_PSK 1021 /* by default do not send a PSK identity hint */ 1022 char *psk_identity_hint = NULL; 1023 #endif 1024 char *p; 1025 #ifndef OPENSSL_NO_SRP 1026 char *srpuserseed = NULL; 1027 char *srp_verifier_file = NULL; 1028 #endif 1029 #ifndef OPENSSL_NO_SRTP 1030 char *srtp_profiles = NULL; 1031 #endif 1032 int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0; 1033 int s_server_verify = SSL_VERIFY_NONE; 1034 int s_server_session_id_context = 1; /* anything will do */ 1035 const char *s_cert_file = TEST_CERT, *s_key_file = NULL, *s_chain_file = NULL; 1036 const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL; 1037 char *s_dcert_file = NULL, *s_dkey_file = NULL, *s_dchain_file = NULL; 1038 #ifndef OPENSSL_NO_OCSP 1039 int s_tlsextstatus = 0; 1040 #endif 1041 int no_resume_ephemeral = 0; 1042 unsigned int max_send_fragment = 0; 1043 unsigned int split_send_fragment = 0, max_pipelines = 0; 1044 const char *s_serverinfo_file = NULL; 1045 const char *keylog_file = NULL; 1046 int max_early_data = -1, recv_max_early_data = -1; 1047 char *psksessf = NULL; 1048 #ifndef OPENSSL_NO_SCTP 1049 int sctp_label_bug = 0; 1050 #endif 1051 1052 /* Init of few remaining global variables */ 1053 local_argc = argc; 1054 local_argv = argv; 1055 1056 ctx = ctx2 = NULL; 1057 s_nbio = s_nbio_test = 0; 1058 www = 0; 1059 bio_s_out = NULL; 1060 s_debug = 0; 1061 s_msg = 0; 1062 s_quiet = 0; 1063 s_brief = 0; 1064 async = 0; 1065 1066 cctx = SSL_CONF_CTX_new(); 1067 vpm = X509_VERIFY_PARAM_new(); 1068 if (cctx == NULL || vpm == NULL) 1069 goto end; 1070 SSL_CONF_CTX_set_flags(cctx, 1071 SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CMDLINE); 1072 1073 prog = opt_init(argc, argv, s_server_options); 1074 while ((o = opt_next()) != OPT_EOF) { 1075 if (IS_PROT_FLAG(o) && ++prot_opt > 1) { 1076 BIO_printf(bio_err, "Cannot supply multiple protocol flags\n"); 1077 goto end; 1078 } 1079 if (IS_NO_PROT_FLAG(o)) 1080 no_prot_opt++; 1081 if (prot_opt == 1 && no_prot_opt) { 1082 BIO_printf(bio_err, 1083 "Cannot supply both a protocol flag and '-no_<prot>'\n"); 1084 goto end; 1085 } 1086 switch (o) { 1087 case OPT_EOF: 1088 case OPT_ERR: 1089 opthelp: 1090 BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); 1091 goto end; 1092 case OPT_HELP: 1093 opt_help(s_server_options); 1094 ret = 0; 1095 goto end; 1096 1097 case OPT_4: 1098 #ifdef AF_UNIX 1099 if (socket_family == AF_UNIX) { 1100 OPENSSL_free(host); host = NULL; 1101 OPENSSL_free(port); port = NULL; 1102 } 1103 #endif 1104 socket_family = AF_INET; 1105 break; 1106 case OPT_6: 1107 if (1) { 1108 #ifdef AF_INET6 1109 #ifdef AF_UNIX 1110 if (socket_family == AF_UNIX) { 1111 OPENSSL_free(host); host = NULL; 1112 OPENSSL_free(port); port = NULL; 1113 } 1114 #endif 1115 socket_family = AF_INET6; 1116 } else { 1117 #endif 1118 BIO_printf(bio_err, "%s: IPv6 domain sockets unsupported\n", prog); 1119 goto end; 1120 } 1121 break; 1122 case OPT_PORT: 1123 #ifdef AF_UNIX 1124 if (socket_family == AF_UNIX) { 1125 socket_family = AF_UNSPEC; 1126 } 1127 #endif 1128 OPENSSL_free(port); port = NULL; 1129 OPENSSL_free(host); host = NULL; 1130 if (BIO_parse_hostserv(opt_arg(), NULL, &port, BIO_PARSE_PRIO_SERV) < 1) { 1131 BIO_printf(bio_err, 1132 "%s: -port argument malformed or ambiguous\n", 1133 port); 1134 goto end; 1135 } 1136 break; 1137 case OPT_ACCEPT: 1138 #ifdef AF_UNIX 1139 if (socket_family == AF_UNIX) { 1140 socket_family = AF_UNSPEC; 1141 } 1142 #endif 1143 OPENSSL_free(port); port = NULL; 1144 OPENSSL_free(host); host = NULL; 1145 if (BIO_parse_hostserv(opt_arg(), &host, &port, BIO_PARSE_PRIO_SERV) < 1) { 1146 BIO_printf(bio_err, 1147 "%s: -accept argument malformed or ambiguous\n", 1148 port); 1149 goto end; 1150 } 1151 break; 1152 #ifdef AF_UNIX 1153 case OPT_UNIX: 1154 socket_family = AF_UNIX; 1155 OPENSSL_free(host); host = BUF_strdup(opt_arg()); 1156 OPENSSL_free(port); port = NULL; 1157 break; 1158 case OPT_UNLINK: 1159 unlink_unix_path = 1; 1160 break; 1161 #endif 1162 case OPT_NACCEPT: 1163 naccept = atol(opt_arg()); 1164 break; 1165 case OPT_VERIFY: 1166 s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; 1167 verify_args.depth = atoi(opt_arg()); 1168 if (!s_quiet) 1169 BIO_printf(bio_err, "verify depth is %d\n", verify_args.depth); 1170 break; 1171 case OPT_UPPER_V_VERIFY: 1172 s_server_verify = 1173 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | 1174 SSL_VERIFY_CLIENT_ONCE; 1175 verify_args.depth = atoi(opt_arg()); 1176 if (!s_quiet) 1177 BIO_printf(bio_err, 1178 "verify depth is %d, must return a certificate\n", 1179 verify_args.depth); 1180 break; 1181 case OPT_CONTEXT: 1182 context = (unsigned char *)opt_arg(); 1183 break; 1184 case OPT_CERT: 1185 s_cert_file = opt_arg(); 1186 break; 1187 case OPT_NAMEOPT: 1188 if (!set_nameopt(opt_arg())) 1189 goto end; 1190 break; 1191 case OPT_CRL: 1192 crl_file = opt_arg(); 1193 break; 1194 case OPT_CRL_DOWNLOAD: 1195 crl_download = 1; 1196 break; 1197 case OPT_SERVERINFO: 1198 s_serverinfo_file = opt_arg(); 1199 break; 1200 case OPT_CERTFORM: 1201 if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &s_cert_format)) 1202 goto opthelp; 1203 break; 1204 case OPT_KEY: 1205 s_key_file = opt_arg(); 1206 break; 1207 case OPT_KEYFORM: 1208 if (!opt_format(opt_arg(), OPT_FMT_ANY, &s_key_format)) 1209 goto opthelp; 1210 break; 1211 case OPT_PASS: 1212 passarg = opt_arg(); 1213 break; 1214 case OPT_CERT_CHAIN: 1215 s_chain_file = opt_arg(); 1216 break; 1217 case OPT_DHPARAM: 1218 #ifndef OPENSSL_NO_DH 1219 dhfile = opt_arg(); 1220 #endif 1221 break; 1222 case OPT_DCERTFORM: 1223 if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &s_dcert_format)) 1224 goto opthelp; 1225 break; 1226 case OPT_DCERT: 1227 s_dcert_file = opt_arg(); 1228 break; 1229 case OPT_DKEYFORM: 1230 if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &s_dkey_format)) 1231 goto opthelp; 1232 break; 1233 case OPT_DPASS: 1234 dpassarg = opt_arg(); 1235 break; 1236 case OPT_DKEY: 1237 s_dkey_file = opt_arg(); 1238 break; 1239 case OPT_DCERT_CHAIN: 1240 s_dchain_file = opt_arg(); 1241 break; 1242 case OPT_NOCERT: 1243 nocert = 1; 1244 break; 1245 case OPT_CAPATH: 1246 CApath = opt_arg(); 1247 break; 1248 case OPT_NOCAPATH: 1249 noCApath = 1; 1250 break; 1251 case OPT_CHAINCAPATH: 1252 chCApath = opt_arg(); 1253 break; 1254 case OPT_VERIFYCAPATH: 1255 vfyCApath = opt_arg(); 1256 break; 1257 case OPT_NO_CACHE: 1258 no_cache = 1; 1259 break; 1260 case OPT_EXT_CACHE: 1261 ext_cache = 1; 1262 break; 1263 case OPT_CRLFORM: 1264 if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &crl_format)) 1265 goto opthelp; 1266 break; 1267 case OPT_S_CASES: 1268 case OPT_S_NUM_TICKETS: 1269 case OPT_ANTI_REPLAY: 1270 case OPT_NO_ANTI_REPLAY: 1271 if (ssl_args == NULL) 1272 ssl_args = sk_OPENSSL_STRING_new_null(); 1273 if (ssl_args == NULL 1274 || !sk_OPENSSL_STRING_push(ssl_args, opt_flag()) 1275 || !sk_OPENSSL_STRING_push(ssl_args, opt_arg())) { 1276 BIO_printf(bio_err, "%s: Memory allocation failure\n", prog); 1277 goto end; 1278 } 1279 break; 1280 case OPT_V_CASES: 1281 if (!opt_verify(o, vpm)) 1282 goto end; 1283 vpmtouched++; 1284 break; 1285 case OPT_X_CASES: 1286 if (!args_excert(o, &exc)) 1287 goto end; 1288 break; 1289 case OPT_VERIFY_RET_ERROR: 1290 verify_args.return_error = 1; 1291 break; 1292 case OPT_VERIFY_QUIET: 1293 verify_args.quiet = 1; 1294 break; 1295 case OPT_BUILD_CHAIN: 1296 build_chain = 1; 1297 break; 1298 case OPT_CAFILE: 1299 CAfile = opt_arg(); 1300 break; 1301 case OPT_NOCAFILE: 1302 noCAfile = 1; 1303 break; 1304 case OPT_CHAINCAFILE: 1305 chCAfile = opt_arg(); 1306 break; 1307 case OPT_VERIFYCAFILE: 1308 vfyCAfile = opt_arg(); 1309 break; 1310 case OPT_NBIO: 1311 s_nbio = 1; 1312 break; 1313 case OPT_NBIO_TEST: 1314 s_nbio = s_nbio_test = 1; 1315 break; 1316 case OPT_IGN_EOF: 1317 s_ign_eof = 1; 1318 break; 1319 case OPT_NO_IGN_EOF: 1320 s_ign_eof = 0; 1321 break; 1322 case OPT_DEBUG: 1323 s_debug = 1; 1324 break; 1325 case OPT_TLSEXTDEBUG: 1326 s_tlsextdebug = 1; 1327 break; 1328 case OPT_STATUS: 1329 #ifndef OPENSSL_NO_OCSP 1330 s_tlsextstatus = 1; 1331 #endif 1332 break; 1333 case OPT_STATUS_VERBOSE: 1334 #ifndef OPENSSL_NO_OCSP 1335 s_tlsextstatus = tlscstatp.verbose = 1; 1336 #endif 1337 break; 1338 case OPT_STATUS_TIMEOUT: 1339 #ifndef OPENSSL_NO_OCSP 1340 s_tlsextstatus = 1; 1341 tlscstatp.timeout = atoi(opt_arg()); 1342 #endif 1343 break; 1344 case OPT_STATUS_URL: 1345 #ifndef OPENSSL_NO_OCSP 1346 s_tlsextstatus = 1; 1347 if (!OCSP_parse_url(opt_arg(), 1348 &tlscstatp.host, 1349 &tlscstatp.port, 1350 &tlscstatp.path, &tlscstatp.use_ssl)) { 1351 BIO_printf(bio_err, "Error parsing URL\n"); 1352 goto end; 1353 } 1354 #endif 1355 break; 1356 case OPT_STATUS_FILE: 1357 #ifndef OPENSSL_NO_OCSP 1358 s_tlsextstatus = 1; 1359 tlscstatp.respin = opt_arg(); 1360 #endif 1361 break; 1362 case OPT_MSG: 1363 s_msg = 1; 1364 break; 1365 case OPT_MSGFILE: 1366 bio_s_msg = BIO_new_file(opt_arg(), "w"); 1367 break; 1368 case OPT_TRACE: 1369 #ifndef OPENSSL_NO_SSL_TRACE 1370 s_msg = 2; 1371 #endif 1372 break; 1373 case OPT_SECURITY_DEBUG: 1374 sdebug = 1; 1375 break; 1376 case OPT_SECURITY_DEBUG_VERBOSE: 1377 sdebug = 2; 1378 break; 1379 case OPT_STATE: 1380 state = 1; 1381 break; 1382 case OPT_CRLF: 1383 s_crlf = 1; 1384 break; 1385 case OPT_QUIET: 1386 s_quiet = 1; 1387 break; 1388 case OPT_BRIEF: 1389 s_quiet = s_brief = verify_args.quiet = 1; 1390 break; 1391 case OPT_NO_DHE: 1392 #ifndef OPENSSL_NO_DH 1393 no_dhe = 1; 1394 #endif 1395 break; 1396 case OPT_NO_RESUME_EPHEMERAL: 1397 no_resume_ephemeral = 1; 1398 break; 1399 case OPT_PSK_IDENTITY: 1400 psk_identity = opt_arg(); 1401 break; 1402 case OPT_PSK_HINT: 1403 #ifndef OPENSSL_NO_PSK 1404 psk_identity_hint = opt_arg(); 1405 #endif 1406 break; 1407 case OPT_PSK: 1408 for (p = psk_key = opt_arg(); *p; p++) { 1409 if (isxdigit(_UC(*p))) 1410 continue; 1411 BIO_printf(bio_err, "Not a hex number '%s'\n", psk_key); 1412 goto end; 1413 } 1414 break; 1415 case OPT_PSK_SESS: 1416 psksessf = opt_arg(); 1417 break; 1418 case OPT_SRPVFILE: 1419 #ifndef OPENSSL_NO_SRP 1420 srp_verifier_file = opt_arg(); 1421 if (min_version < TLS1_VERSION) 1422 min_version = TLS1_VERSION; 1423 #endif 1424 break; 1425 case OPT_SRPUSERSEED: 1426 #ifndef OPENSSL_NO_SRP 1427 srpuserseed = opt_arg(); 1428 if (min_version < TLS1_VERSION) 1429 min_version = TLS1_VERSION; 1430 #endif 1431 break; 1432 case OPT_REV: 1433 rev = 1; 1434 break; 1435 case OPT_WWW: 1436 www = 1; 1437 break; 1438 case OPT_UPPER_WWW: 1439 www = 2; 1440 break; 1441 case OPT_HTTP: 1442 www = 3; 1443 break; 1444 case OPT_SSL_CONFIG: 1445 ssl_config = opt_arg(); 1446 break; 1447 case OPT_SSL3: 1448 min_version = SSL3_VERSION; 1449 max_version = SSL3_VERSION; 1450 break; 1451 case OPT_TLS1_3: 1452 min_version = TLS1_3_VERSION; 1453 max_version = TLS1_3_VERSION; 1454 break; 1455 case OPT_TLS1_2: 1456 min_version = TLS1_2_VERSION; 1457 max_version = TLS1_2_VERSION; 1458 break; 1459 case OPT_TLS1_1: 1460 min_version = TLS1_1_VERSION; 1461 max_version = TLS1_1_VERSION; 1462 break; 1463 case OPT_TLS1: 1464 min_version = TLS1_VERSION; 1465 max_version = TLS1_VERSION; 1466 break; 1467 case OPT_DTLS: 1468 #ifndef OPENSSL_NO_DTLS 1469 meth = DTLS_server_method(); 1470 socket_type = SOCK_DGRAM; 1471 #endif 1472 break; 1473 case OPT_DTLS1: 1474 #ifndef OPENSSL_NO_DTLS 1475 meth = DTLS_server_method(); 1476 min_version = DTLS1_VERSION; 1477 max_version = DTLS1_VERSION; 1478 socket_type = SOCK_DGRAM; 1479 #endif 1480 break; 1481 case OPT_DTLS1_2: 1482 #ifndef OPENSSL_NO_DTLS 1483 meth = DTLS_server_method(); 1484 min_version = DTLS1_2_VERSION; 1485 max_version = DTLS1_2_VERSION; 1486 socket_type = SOCK_DGRAM; 1487 #endif 1488 break; 1489 case OPT_SCTP: 1490 #ifndef OPENSSL_NO_SCTP 1491 protocol = IPPROTO_SCTP; 1492 #endif 1493 break; 1494 case OPT_SCTP_LABEL_BUG: 1495 #ifndef OPENSSL_NO_SCTP 1496 sctp_label_bug = 1; 1497 #endif 1498 break; 1499 case OPT_TIMEOUT: 1500 #ifndef OPENSSL_NO_DTLS 1501 enable_timeouts = 1; 1502 #endif 1503 break; 1504 case OPT_MTU: 1505 #ifndef OPENSSL_NO_DTLS 1506 socket_mtu = atol(opt_arg()); 1507 #endif 1508 break; 1509 case OPT_LISTEN: 1510 #ifndef OPENSSL_NO_DTLS 1511 dtlslisten = 1; 1512 #endif 1513 break; 1514 case OPT_STATELESS: 1515 stateless = 1; 1516 break; 1517 case OPT_ID_PREFIX: 1518 session_id_prefix = opt_arg(); 1519 break; 1520 case OPT_ENGINE: 1521 engine = setup_engine(opt_arg(), 1); 1522 break; 1523 case OPT_R_CASES: 1524 if (!opt_rand(o)) 1525 goto end; 1526 break; 1527 case OPT_SERVERNAME: 1528 tlsextcbp.servername = opt_arg(); 1529 break; 1530 case OPT_SERVERNAME_FATAL: 1531 tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_FATAL; 1532 break; 1533 case OPT_CERT2: 1534 s_cert_file2 = opt_arg(); 1535 break; 1536 case OPT_KEY2: 1537 s_key_file2 = opt_arg(); 1538 break; 1539 case OPT_NEXTPROTONEG: 1540 # ifndef OPENSSL_NO_NEXTPROTONEG 1541 next_proto_neg_in = opt_arg(); 1542 #endif 1543 break; 1544 case OPT_ALPN: 1545 alpn_in = opt_arg(); 1546 break; 1547 case OPT_SRTP_PROFILES: 1548 #ifndef OPENSSL_NO_SRTP 1549 srtp_profiles = opt_arg(); 1550 #endif 1551 break; 1552 case OPT_KEYMATEXPORT: 1553 keymatexportlabel = opt_arg(); 1554 break; 1555 case OPT_KEYMATEXPORTLEN: 1556 keymatexportlen = atoi(opt_arg()); 1557 break; 1558 case OPT_ASYNC: 1559 async = 1; 1560 break; 1561 case OPT_MAX_SEND_FRAG: 1562 max_send_fragment = atoi(opt_arg()); 1563 break; 1564 case OPT_SPLIT_SEND_FRAG: 1565 split_send_fragment = atoi(opt_arg()); 1566 break; 1567 case OPT_MAX_PIPELINES: 1568 max_pipelines = atoi(opt_arg()); 1569 break; 1570 case OPT_READ_BUF: 1571 read_buf_len = atoi(opt_arg()); 1572 break; 1573 case OPT_KEYLOG_FILE: 1574 keylog_file = opt_arg(); 1575 break; 1576 case OPT_MAX_EARLY: 1577 max_early_data = atoi(opt_arg()); 1578 if (max_early_data < 0) { 1579 BIO_printf(bio_err, "Invalid value for max_early_data\n"); 1580 goto end; 1581 } 1582 break; 1583 case OPT_RECV_MAX_EARLY: 1584 recv_max_early_data = atoi(opt_arg()); 1585 if (recv_max_early_data < 0) { 1586 BIO_printf(bio_err, "Invalid value for recv_max_early_data\n"); 1587 goto end; 1588 } 1589 break; 1590 case OPT_EARLY_DATA: 1591 early_data = 1; 1592 if (max_early_data == -1) 1593 max_early_data = SSL3_RT_MAX_PLAIN_LENGTH; 1594 break; 1595 } 1596 } 1597 argc = opt_num_rest(); 1598 argv = opt_rest(); 1599 1600 #ifndef OPENSSL_NO_NEXTPROTONEG 1601 if (min_version == TLS1_3_VERSION && next_proto_neg_in != NULL) { 1602 BIO_printf(bio_err, "Cannot supply -nextprotoneg with TLSv1.3\n"); 1603 goto opthelp; 1604 } 1605 #endif 1606 #ifndef OPENSSL_NO_DTLS 1607 if (www && socket_type == SOCK_DGRAM) { 1608 BIO_printf(bio_err, "Can't use -HTTP, -www or -WWW with DTLS\n"); 1609 goto end; 1610 } 1611 1612 if (dtlslisten && socket_type != SOCK_DGRAM) { 1613 BIO_printf(bio_err, "Can only use -listen with DTLS\n"); 1614 goto end; 1615 } 1616 #endif 1617 1618 if (stateless && socket_type != SOCK_STREAM) { 1619 BIO_printf(bio_err, "Can only use --stateless with TLS\n"); 1620 goto end; 1621 } 1622 1623 #ifdef AF_UNIX 1624 if (socket_family == AF_UNIX && socket_type != SOCK_STREAM) { 1625 BIO_printf(bio_err, 1626 "Can't use unix sockets and datagrams together\n"); 1627 goto end; 1628 } 1629 #endif 1630 if (early_data && (www > 0 || rev)) { 1631 BIO_printf(bio_err, 1632 "Can't use -early_data in combination with -www, -WWW, -HTTP, or -rev\n"); 1633 goto end; 1634 } 1635 1636 #ifndef OPENSSL_NO_SCTP 1637 if (protocol == IPPROTO_SCTP) { 1638 if (socket_type != SOCK_DGRAM) { 1639 BIO_printf(bio_err, "Can't use -sctp without DTLS\n"); 1640 goto end; 1641 } 1642 /* SCTP is unusual. It uses DTLS over a SOCK_STREAM protocol */ 1643 socket_type = SOCK_STREAM; 1644 } 1645 #endif 1646 1647 if (!app_passwd(passarg, dpassarg, &pass, &dpass)) { 1648 BIO_printf(bio_err, "Error getting password\n"); 1649 goto end; 1650 } 1651 1652 if (s_key_file == NULL) 1653 s_key_file = s_cert_file; 1654 1655 if (s_key_file2 == NULL) 1656 s_key_file2 = s_cert_file2; 1657 1658 if (!load_excert(&exc)) 1659 goto end; 1660 1661 if (nocert == 0) { 1662 s_key = load_key(s_key_file, s_key_format, 0, pass, engine, 1663 "server certificate private key file"); 1664 if (s_key == NULL) { 1665 ERR_print_errors(bio_err); 1666 goto end; 1667 } 1668 1669 s_cert = load_cert(s_cert_file, s_cert_format, 1670 "server certificate file"); 1671 1672 if (s_cert == NULL) { 1673 ERR_print_errors(bio_err); 1674 goto end; 1675 } 1676 if (s_chain_file != NULL) { 1677 if (!load_certs(s_chain_file, &s_chain, FORMAT_PEM, NULL, 1678 "server certificate chain")) 1679 goto end; 1680 } 1681 1682 if (tlsextcbp.servername != NULL) { 1683 s_key2 = load_key(s_key_file2, s_key_format, 0, pass, engine, 1684 "second server certificate private key file"); 1685 if (s_key2 == NULL) { 1686 ERR_print_errors(bio_err); 1687 goto end; 1688 } 1689 1690 s_cert2 = load_cert(s_cert_file2, s_cert_format, 1691 "second server certificate file"); 1692 1693 if (s_cert2 == NULL) { 1694 ERR_print_errors(bio_err); 1695 goto end; 1696 } 1697 } 1698 } 1699 #if !defined(OPENSSL_NO_NEXTPROTONEG) 1700 if (next_proto_neg_in) { 1701 next_proto.data = next_protos_parse(&next_proto.len, next_proto_neg_in); 1702 if (next_proto.data == NULL) 1703 goto end; 1704 } 1705 #endif 1706 alpn_ctx.data = NULL; 1707 if (alpn_in) { 1708 alpn_ctx.data = next_protos_parse(&alpn_ctx.len, alpn_in); 1709 if (alpn_ctx.data == NULL) 1710 goto end; 1711 } 1712 1713 if (crl_file != NULL) { 1714 X509_CRL *crl; 1715 crl = load_crl(crl_file, crl_format); 1716 if (crl == NULL) { 1717 BIO_puts(bio_err, "Error loading CRL\n"); 1718 ERR_print_errors(bio_err); 1719 goto end; 1720 } 1721 crls = sk_X509_CRL_new_null(); 1722 if (crls == NULL || !sk_X509_CRL_push(crls, crl)) { 1723 BIO_puts(bio_err, "Error adding CRL\n"); 1724 ERR_print_errors(bio_err); 1725 X509_CRL_free(crl); 1726 goto end; 1727 } 1728 } 1729 1730 if (s_dcert_file != NULL) { 1731 1732 if (s_dkey_file == NULL) 1733 s_dkey_file = s_dcert_file; 1734 1735 s_dkey = load_key(s_dkey_file, s_dkey_format, 1736 0, dpass, engine, "second certificate private key file"); 1737 if (s_dkey == NULL) { 1738 ERR_print_errors(bio_err); 1739 goto end; 1740 } 1741 1742 s_dcert = load_cert(s_dcert_file, s_dcert_format, 1743 "second server certificate file"); 1744 1745 if (s_dcert == NULL) { 1746 ERR_print_errors(bio_err); 1747 goto end; 1748 } 1749 if (s_dchain_file != NULL) { 1750 if (!load_certs(s_dchain_file, &s_dchain, FORMAT_PEM, NULL, 1751 "second server certificate chain")) 1752 goto end; 1753 } 1754 1755 } 1756 1757 if (bio_s_out == NULL) { 1758 if (s_quiet && !s_debug) { 1759 bio_s_out = BIO_new(BIO_s_null()); 1760 if (s_msg && bio_s_msg == NULL) 1761 bio_s_msg = dup_bio_out(FORMAT_TEXT); 1762 } else { 1763 if (bio_s_out == NULL) 1764 bio_s_out = dup_bio_out(FORMAT_TEXT); 1765 } 1766 } 1767 #if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) 1768 if (nocert) 1769 #endif 1770 { 1771 s_cert_file = NULL; 1772 s_key_file = NULL; 1773 s_dcert_file = NULL; 1774 s_dkey_file = NULL; 1775 s_cert_file2 = NULL; 1776 s_key_file2 = NULL; 1777 } 1778 1779 ctx = SSL_CTX_new(meth); 1780 if (ctx == NULL) { 1781 ERR_print_errors(bio_err); 1782 goto end; 1783 } 1784 1785 SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY); 1786 1787 if (sdebug) 1788 ssl_ctx_security_debug(ctx, sdebug); 1789 1790 if (!config_ctx(cctx, ssl_args, ctx)) 1791 goto end; 1792 1793 if (ssl_config) { 1794 if (SSL_CTX_config(ctx, ssl_config) == 0) { 1795 BIO_printf(bio_err, "Error using configuration \"%s\"\n", 1796 ssl_config); 1797 ERR_print_errors(bio_err); 1798 goto end; 1799 } 1800 } 1801 1802 #ifndef OPENSSL_NO_SCTP 1803 if (protocol == IPPROTO_SCTP && sctp_label_bug == 1) 1804 SSL_CTX_set_mode(ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG); 1805 #endif 1806 1807 if (min_version != 0 1808 && SSL_CTX_set_min_proto_version(ctx, min_version) == 0) 1809 goto end; 1810 if (max_version != 0 1811 && SSL_CTX_set_max_proto_version(ctx, max_version) == 0) 1812 goto end; 1813 1814 if (session_id_prefix) { 1815 if (strlen(session_id_prefix) >= 32) 1816 BIO_printf(bio_err, 1817 "warning: id_prefix is too long, only one new session will be possible\n"); 1818 if (!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) { 1819 BIO_printf(bio_err, "error setting 'id_prefix'\n"); 1820 ERR_print_errors(bio_err); 1821 goto end; 1822 } 1823 BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix); 1824 } 1825 SSL_CTX_set_quiet_shutdown(ctx, 1); 1826 if (exc != NULL) 1827 ssl_ctx_set_excert(ctx, exc); 1828 1829 if (state) 1830 SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); 1831 if (no_cache) 1832 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); 1833 else if (ext_cache) 1834 init_session_cache_ctx(ctx); 1835 else 1836 SSL_CTX_sess_set_cache_size(ctx, 128); 1837 1838 if (async) { 1839 SSL_CTX_set_mode(ctx, SSL_MODE_ASYNC); 1840 } 1841 1842 if (max_send_fragment > 0 1843 && !SSL_CTX_set_max_send_fragment(ctx, max_send_fragment)) { 1844 BIO_printf(bio_err, "%s: Max send fragment size %u is out of permitted range\n", 1845 prog, max_send_fragment); 1846 goto end; 1847 } 1848 1849 if (split_send_fragment > 0 1850 && !SSL_CTX_set_split_send_fragment(ctx, split_send_fragment)) { 1851 BIO_printf(bio_err, "%s: Split send fragment size %u is out of permitted range\n", 1852 prog, split_send_fragment); 1853 goto end; 1854 } 1855 if (max_pipelines > 0 1856 && !SSL_CTX_set_max_pipelines(ctx, max_pipelines)) { 1857 BIO_printf(bio_err, "%s: Max pipelines %u is out of permitted range\n", 1858 prog, max_pipelines); 1859 goto end; 1860 } 1861 1862 if (read_buf_len > 0) { 1863 SSL_CTX_set_default_read_buffer_len(ctx, read_buf_len); 1864 } 1865 #ifndef OPENSSL_NO_SRTP 1866 if (srtp_profiles != NULL) { 1867 /* Returns 0 on success! */ 1868 if (SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles) != 0) { 1869 BIO_printf(bio_err, "Error setting SRTP profile\n"); 1870 ERR_print_errors(bio_err); 1871 goto end; 1872 } 1873 } 1874 #endif 1875 1876 if (!ctx_set_verify_locations(ctx, CAfile, CApath, noCAfile, noCApath)) { 1877 ERR_print_errors(bio_err); 1878 goto end; 1879 } 1880 if (vpmtouched && !SSL_CTX_set1_param(ctx, vpm)) { 1881 BIO_printf(bio_err, "Error setting verify params\n"); 1882 ERR_print_errors(bio_err); 1883 goto end; 1884 } 1885 1886 ssl_ctx_add_crls(ctx, crls, 0); 1887 1888 if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile, 1889 crls, crl_download)) { 1890 BIO_printf(bio_err, "Error loading store locations\n"); 1891 ERR_print_errors(bio_err); 1892 goto end; 1893 } 1894 1895 if (s_cert2) { 1896 ctx2 = SSL_CTX_new(meth); 1897 if (ctx2 == NULL) { 1898 ERR_print_errors(bio_err); 1899 goto end; 1900 } 1901 } 1902 1903 if (ctx2 != NULL) { 1904 BIO_printf(bio_s_out, "Setting secondary ctx parameters\n"); 1905 1906 if (sdebug) 1907 ssl_ctx_security_debug(ctx2, sdebug); 1908 1909 if (session_id_prefix) { 1910 if (strlen(session_id_prefix) >= 32) 1911 BIO_printf(bio_err, 1912 "warning: id_prefix is too long, only one new session will be possible\n"); 1913 if (!SSL_CTX_set_generate_session_id(ctx2, generate_session_id)) { 1914 BIO_printf(bio_err, "error setting 'id_prefix'\n"); 1915 ERR_print_errors(bio_err); 1916 goto end; 1917 } 1918 BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix); 1919 } 1920 SSL_CTX_set_quiet_shutdown(ctx2, 1); 1921 if (exc != NULL) 1922 ssl_ctx_set_excert(ctx2, exc); 1923 1924 if (state) 1925 SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback); 1926 1927 if (no_cache) 1928 SSL_CTX_set_session_cache_mode(ctx2, SSL_SESS_CACHE_OFF); 1929 else if (ext_cache) 1930 init_session_cache_ctx(ctx2); 1931 else 1932 SSL_CTX_sess_set_cache_size(ctx2, 128); 1933 1934 if (async) 1935 SSL_CTX_set_mode(ctx2, SSL_MODE_ASYNC); 1936 1937 if (!ctx_set_verify_locations(ctx2, CAfile, CApath, noCAfile, 1938 noCApath)) { 1939 ERR_print_errors(bio_err); 1940 goto end; 1941 } 1942 if (vpmtouched && !SSL_CTX_set1_param(ctx2, vpm)) { 1943 BIO_printf(bio_err, "Error setting verify params\n"); 1944 ERR_print_errors(bio_err); 1945 goto end; 1946 } 1947 1948 ssl_ctx_add_crls(ctx2, crls, 0); 1949 if (!config_ctx(cctx, ssl_args, ctx2)) 1950 goto end; 1951 } 1952 #ifndef OPENSSL_NO_NEXTPROTONEG 1953 if (next_proto.data) 1954 SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, 1955 &next_proto); 1956 #endif 1957 if (alpn_ctx.data) 1958 SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx); 1959 1960 #ifndef OPENSSL_NO_DH 1961 if (!no_dhe) { 1962 DH *dh = NULL; 1963 1964 if (dhfile != NULL) 1965 dh = load_dh_param(dhfile); 1966 else if (s_cert_file != NULL) 1967 dh = load_dh_param(s_cert_file); 1968 1969 if (dh != NULL) { 1970 BIO_printf(bio_s_out, "Setting temp DH parameters\n"); 1971 } else { 1972 BIO_printf(bio_s_out, "Using default temp DH parameters\n"); 1973 } 1974 (void)BIO_flush(bio_s_out); 1975 1976 if (dh == NULL) { 1977 SSL_CTX_set_dh_auto(ctx, 1); 1978 } else if (!SSL_CTX_set_tmp_dh(ctx, dh)) { 1979 BIO_puts(bio_err, "Error setting temp DH parameters\n"); 1980 ERR_print_errors(bio_err); 1981 DH_free(dh); 1982 goto end; 1983 } 1984 1985 if (ctx2 != NULL) { 1986 if (!dhfile) { 1987 DH *dh2 = load_dh_param(s_cert_file2); 1988 if (dh2 != NULL) { 1989 BIO_printf(bio_s_out, "Setting temp DH parameters\n"); 1990 (void)BIO_flush(bio_s_out); 1991 1992 DH_free(dh); 1993 dh = dh2; 1994 } 1995 } 1996 if (dh == NULL) { 1997 SSL_CTX_set_dh_auto(ctx2, 1); 1998 } else if (!SSL_CTX_set_tmp_dh(ctx2, dh)) { 1999 BIO_puts(bio_err, "Error setting temp DH parameters\n"); 2000 ERR_print_errors(bio_err); 2001 DH_free(dh); 2002 goto end; 2003 } 2004 } 2005 DH_free(dh); 2006 } 2007 #endif 2008 2009 if (!set_cert_key_stuff(ctx, s_cert, s_key, s_chain, build_chain)) 2010 goto end; 2011 2012 if (s_serverinfo_file != NULL 2013 && !SSL_CTX_use_serverinfo_file(ctx, s_serverinfo_file)) { 2014 ERR_print_errors(bio_err); 2015 goto end; 2016 } 2017 2018 if (ctx2 != NULL 2019 && !set_cert_key_stuff(ctx2, s_cert2, s_key2, NULL, build_chain)) 2020 goto end; 2021 2022 if (s_dcert != NULL) { 2023 if (!set_cert_key_stuff(ctx, s_dcert, s_dkey, s_dchain, build_chain)) 2024 goto end; 2025 } 2026 2027 if (no_resume_ephemeral) { 2028 SSL_CTX_set_not_resumable_session_callback(ctx, 2029 not_resumable_sess_cb); 2030 2031 if (ctx2 != NULL) 2032 SSL_CTX_set_not_resumable_session_callback(ctx2, 2033 not_resumable_sess_cb); 2034 } 2035 #ifndef OPENSSL_NO_PSK 2036 if (psk_key != NULL) { 2037 if (s_debug) 2038 BIO_printf(bio_s_out, "PSK key given, setting server callback\n"); 2039 SSL_CTX_set_psk_server_callback(ctx, psk_server_cb); 2040 } 2041 2042 if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) { 2043 BIO_printf(bio_err, "error setting PSK identity hint to context\n"); 2044 ERR_print_errors(bio_err); 2045 goto end; 2046 } 2047 #endif 2048 if (psksessf != NULL) { 2049 BIO *stmp = BIO_new_file(psksessf, "r"); 2050 2051 if (stmp == NULL) { 2052 BIO_printf(bio_err, "Can't open PSK session file %s\n", psksessf); 2053 ERR_print_errors(bio_err); 2054 goto end; 2055 } 2056 psksess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL); 2057 BIO_free(stmp); 2058 if (psksess == NULL) { 2059 BIO_printf(bio_err, "Can't read PSK session file %s\n", psksessf); 2060 ERR_print_errors(bio_err); 2061 goto end; 2062 } 2063 2064 } 2065 2066 if (psk_key != NULL || psksess != NULL) 2067 SSL_CTX_set_psk_find_session_callback(ctx, psk_find_session_cb); 2068 2069 SSL_CTX_set_verify(ctx, s_server_verify, verify_callback); 2070 if (!SSL_CTX_set_session_id_context(ctx, 2071 (void *)&s_server_session_id_context, 2072 sizeof(s_server_session_id_context))) { 2073 BIO_printf(bio_err, "error setting session id context\n"); 2074 ERR_print_errors(bio_err); 2075 goto end; 2076 } 2077 2078 /* Set DTLS cookie generation and verification callbacks */ 2079 SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback); 2080 SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback); 2081 2082 /* Set TLS1.3 cookie generation and verification callbacks */ 2083 SSL_CTX_set_stateless_cookie_generate_cb(ctx, generate_stateless_cookie_callback); 2084 SSL_CTX_set_stateless_cookie_verify_cb(ctx, verify_stateless_cookie_callback); 2085 2086 if (ctx2 != NULL) { 2087 SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback); 2088 if (!SSL_CTX_set_session_id_context(ctx2, 2089 (void *)&s_server_session_id_context, 2090 sizeof(s_server_session_id_context))) { 2091 BIO_printf(bio_err, "error setting session id context\n"); 2092 ERR_print_errors(bio_err); 2093 goto end; 2094 } 2095 tlsextcbp.biodebug = bio_s_out; 2096 SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb); 2097 SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp); 2098 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); 2099 SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); 2100 } 2101 2102 #ifndef OPENSSL_NO_SRP 2103 if (srp_verifier_file != NULL) { 2104 srp_callback_parm.vb = SRP_VBASE_new(srpuserseed); 2105 srp_callback_parm.user = NULL; 2106 srp_callback_parm.login = NULL; 2107 if ((ret = 2108 SRP_VBASE_init(srp_callback_parm.vb, 2109 srp_verifier_file)) != SRP_NO_ERROR) { 2110 BIO_printf(bio_err, 2111 "Cannot initialize SRP verifier file \"%s\":ret=%d\n", 2112 srp_verifier_file, ret); 2113 goto end; 2114 } 2115 SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_callback); 2116 SSL_CTX_set_srp_cb_arg(ctx, &srp_callback_parm); 2117 SSL_CTX_set_srp_username_callback(ctx, ssl_srp_server_param_cb); 2118 } else 2119 #endif 2120 if (CAfile != NULL) { 2121 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile)); 2122 2123 if (ctx2) 2124 SSL_CTX_set_client_CA_list(ctx2, SSL_load_client_CA_file(CAfile)); 2125 } 2126 #ifndef OPENSSL_NO_OCSP 2127 if (s_tlsextstatus) { 2128 SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb); 2129 SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp); 2130 if (ctx2) { 2131 SSL_CTX_set_tlsext_status_cb(ctx2, cert_status_cb); 2132 SSL_CTX_set_tlsext_status_arg(ctx2, &tlscstatp); 2133 } 2134 } 2135 #endif 2136 if (set_keylog_file(ctx, keylog_file)) 2137 goto end; 2138 2139 if (max_early_data >= 0) 2140 SSL_CTX_set_max_early_data(ctx, max_early_data); 2141 if (recv_max_early_data >= 0) 2142 SSL_CTX_set_recv_max_early_data(ctx, recv_max_early_data); 2143 2144 if (rev) 2145 server_cb = rev_body; 2146 else if (www) 2147 server_cb = www_body; 2148 else 2149 server_cb = sv_body; 2150 #ifdef AF_UNIX 2151 if (socket_family == AF_UNIX 2152 && unlink_unix_path) 2153 unlink(host); 2154 #endif 2155 do_server(&accept_socket, host, port, socket_family, socket_type, protocol, 2156 server_cb, context, naccept, bio_s_out); 2157 print_stats(bio_s_out, ctx); 2158 ret = 0; 2159 end: 2160 SSL_CTX_free(ctx); 2161 SSL_SESSION_free(psksess); 2162 set_keylog_file(NULL, NULL); 2163 X509_free(s_cert); 2164 sk_X509_CRL_pop_free(crls, X509_CRL_free); 2165 X509_free(s_dcert); 2166 EVP_PKEY_free(s_key); 2167 EVP_PKEY_free(s_dkey); 2168 sk_X509_pop_free(s_chain, X509_free); 2169 sk_X509_pop_free(s_dchain, X509_free); 2170 OPENSSL_free(pass); 2171 OPENSSL_free(dpass); 2172 OPENSSL_free(host); 2173 OPENSSL_free(port); 2174 X509_VERIFY_PARAM_free(vpm); 2175 free_sessions(); 2176 OPENSSL_free(tlscstatp.host); 2177 OPENSSL_free(tlscstatp.port); 2178 OPENSSL_free(tlscstatp.path); 2179 SSL_CTX_free(ctx2); 2180 X509_free(s_cert2); 2181 EVP_PKEY_free(s_key2); 2182 #ifndef OPENSSL_NO_NEXTPROTONEG 2183 OPENSSL_free(next_proto.data); 2184 #endif 2185 OPENSSL_free(alpn_ctx.data); 2186 ssl_excert_free(exc); 2187 sk_OPENSSL_STRING_free(ssl_args); 2188 SSL_CONF_CTX_free(cctx); 2189 release_engine(engine); 2190 BIO_free(bio_s_out); 2191 bio_s_out = NULL; 2192 BIO_free(bio_s_msg); 2193 bio_s_msg = NULL; 2194 #ifdef CHARSET_EBCDIC 2195 BIO_meth_free(methods_ebcdic); 2196 #endif 2197 return ret; 2198 } 2199 2200 static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) 2201 { 2202 BIO_printf(bio, "%4ld items in the session cache\n", 2203 SSL_CTX_sess_number(ssl_ctx)); 2204 BIO_printf(bio, "%4ld client connects (SSL_connect())\n", 2205 SSL_CTX_sess_connect(ssl_ctx)); 2206 BIO_printf(bio, "%4ld client renegotiates (SSL_connect())\n", 2207 SSL_CTX_sess_connect_renegotiate(ssl_ctx)); 2208 BIO_printf(bio, "%4ld client connects that finished\n", 2209 SSL_CTX_sess_connect_good(ssl_ctx)); 2210 BIO_printf(bio, "%4ld server accepts (SSL_accept())\n", 2211 SSL_CTX_sess_accept(ssl_ctx)); 2212 BIO_printf(bio, "%4ld server renegotiates (SSL_accept())\n", 2213 SSL_CTX_sess_accept_renegotiate(ssl_ctx)); 2214 BIO_printf(bio, "%4ld server accepts that finished\n", 2215 SSL_CTX_sess_accept_good(ssl_ctx)); 2216 BIO_printf(bio, "%4ld session cache hits\n", SSL_CTX_sess_hits(ssl_ctx)); 2217 BIO_printf(bio, "%4ld session cache misses\n", 2218 SSL_CTX_sess_misses(ssl_ctx)); 2219 BIO_printf(bio, "%4ld session cache timeouts\n", 2220 SSL_CTX_sess_timeouts(ssl_ctx)); 2221 BIO_printf(bio, "%4ld callback cache hits\n", 2222 SSL_CTX_sess_cb_hits(ssl_ctx)); 2223 BIO_printf(bio, "%4ld cache full overflows (%ld allowed)\n", 2224 SSL_CTX_sess_cache_full(ssl_ctx), 2225 SSL_CTX_sess_get_cache_size(ssl_ctx)); 2226 } 2227 2228 static int sv_body(int s, int stype, int prot, unsigned char *context) 2229 { 2230 char *buf = NULL; 2231 fd_set readfds; 2232 int ret = 1, width; 2233 int k, i; 2234 unsigned long l; 2235 SSL *con = NULL; 2236 BIO *sbio; 2237 struct timeval timeout; 2238 #if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)) 2239 struct timeval *timeoutp; 2240 #endif 2241 #ifndef OPENSSL_NO_DTLS 2242 # ifndef OPENSSL_NO_SCTP 2243 int isdtls = (stype == SOCK_DGRAM || prot == IPPROTO_SCTP); 2244 # else 2245 int isdtls = (stype == SOCK_DGRAM); 2246 # endif 2247 #endif 2248 2249 buf = app_malloc(bufsize, "server buffer"); 2250 if (s_nbio) { 2251 if (!BIO_socket_nbio(s, 1)) 2252 ERR_print_errors(bio_err); 2253 else if (!s_quiet) 2254 BIO_printf(bio_err, "Turned on non blocking io\n"); 2255 } 2256 2257 con = SSL_new(ctx); 2258 if (con == NULL) { 2259 ret = -1; 2260 goto err; 2261 } 2262 2263 if (s_tlsextdebug) { 2264 SSL_set_tlsext_debug_callback(con, tlsext_cb); 2265 SSL_set_tlsext_debug_arg(con, bio_s_out); 2266 } 2267 2268 if (context != NULL 2269 && !SSL_set_session_id_context(con, context, 2270 strlen((char *)context))) { 2271 BIO_printf(bio_err, "Error setting session id context\n"); 2272 ret = -1; 2273 goto err; 2274 } 2275 2276 if (!SSL_clear(con)) { 2277 BIO_printf(bio_err, "Error clearing SSL connection\n"); 2278 ret = -1; 2279 goto err; 2280 } 2281 #ifndef OPENSSL_NO_DTLS 2282 if (isdtls) { 2283 # ifndef OPENSSL_NO_SCTP 2284 if (prot == IPPROTO_SCTP) 2285 sbio = BIO_new_dgram_sctp(s, BIO_NOCLOSE); 2286 else 2287 # endif 2288 sbio = BIO_new_dgram(s, BIO_NOCLOSE); 2289 2290 if (enable_timeouts) { 2291 timeout.tv_sec = 0; 2292 timeout.tv_usec = DGRAM_RCV_TIMEOUT; 2293 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); 2294 2295 timeout.tv_sec = 0; 2296 timeout.tv_usec = DGRAM_SND_TIMEOUT; 2297 BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout); 2298 } 2299 2300 if (socket_mtu) { 2301 if (socket_mtu < DTLS_get_link_min_mtu(con)) { 2302 BIO_printf(bio_err, "MTU too small. Must be at least %ld\n", 2303 DTLS_get_link_min_mtu(con)); 2304 ret = -1; 2305 BIO_free(sbio); 2306 goto err; 2307 } 2308 SSL_set_options(con, SSL_OP_NO_QUERY_MTU); 2309 if (!DTLS_set_link_mtu(con, socket_mtu)) { 2310 BIO_printf(bio_err, "Failed to set MTU\n"); 2311 ret = -1; 2312 BIO_free(sbio); 2313 goto err; 2314 } 2315 } else 2316 /* want to do MTU discovery */ 2317 BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); 2318 2319 # ifndef OPENSSL_NO_SCTP 2320 if (prot != IPPROTO_SCTP) 2321 # endif 2322 /* Turn on cookie exchange. Not necessary for SCTP */ 2323 SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE); 2324 } else 2325 #endif 2326 sbio = BIO_new_socket(s, BIO_NOCLOSE); 2327 2328 if (sbio == NULL) { 2329 BIO_printf(bio_err, "Unable to create BIO\n"); 2330 ERR_print_errors(bio_err); 2331 goto err; 2332 } 2333 2334 if (s_nbio_test) { 2335 BIO *test; 2336 2337 test = BIO_new(BIO_f_nbio_test()); 2338 sbio = BIO_push(test, sbio); 2339 } 2340 2341 SSL_set_bio(con, sbio, sbio); 2342 SSL_set_accept_state(con); 2343 /* SSL_set_fd(con,s); */ 2344 2345 if (s_debug) { 2346 BIO_set_callback(SSL_get_rbio(con), bio_dump_callback); 2347 BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out); 2348 } 2349 if (s_msg) { 2350 #ifndef OPENSSL_NO_SSL_TRACE 2351 if (s_msg == 2) 2352 SSL_set_msg_callback(con, SSL_trace); 2353 else 2354 #endif 2355 SSL_set_msg_callback(con, msg_cb); 2356 SSL_set_msg_callback_arg(con, bio_s_msg ? bio_s_msg : bio_s_out); 2357 } 2358 2359 if (s_tlsextdebug) { 2360 SSL_set_tlsext_debug_callback(con, tlsext_cb); 2361 SSL_set_tlsext_debug_arg(con, bio_s_out); 2362 } 2363 2364 if (early_data) { 2365 int write_header = 1, edret = SSL_READ_EARLY_DATA_ERROR; 2366 size_t readbytes; 2367 2368 while (edret != SSL_READ_EARLY_DATA_FINISH) { 2369 for (;;) { 2370 edret = SSL_read_early_data(con, buf, bufsize, &readbytes); 2371 if (edret != SSL_READ_EARLY_DATA_ERROR) 2372 break; 2373 2374 switch (SSL_get_error(con, 0)) { 2375 case SSL_ERROR_WANT_WRITE: 2376 case SSL_ERROR_WANT_ASYNC: 2377 case SSL_ERROR_WANT_READ: 2378 /* Just keep trying - busy waiting */ 2379 continue; 2380 default: 2381 BIO_printf(bio_err, "Error reading early data\n"); 2382 ERR_print_errors(bio_err); 2383 goto err; 2384 } 2385 } 2386 if (readbytes > 0) { 2387 if (write_header) { 2388 BIO_printf(bio_s_out, "Early data received:\n"); 2389 write_header = 0; 2390 } 2391 raw_write_stdout(buf, (unsigned int)readbytes); 2392 (void)BIO_flush(bio_s_out); 2393 } 2394 } 2395 if (write_header) { 2396 if (SSL_get_early_data_status(con) == SSL_EARLY_DATA_NOT_SENT) 2397 BIO_printf(bio_s_out, "No early data received\n"); 2398 else 2399 BIO_printf(bio_s_out, "Early data was rejected\n"); 2400 } else { 2401 BIO_printf(bio_s_out, "\nEnd of early data\n"); 2402 } 2403 if (SSL_is_init_finished(con)) 2404 print_connection_info(con); 2405 } 2406 2407 if (fileno_stdin() > s) 2408 width = fileno_stdin() + 1; 2409 else 2410 width = s + 1; 2411 for (;;) { 2412 int read_from_terminal; 2413 int read_from_sslcon; 2414 2415 read_from_terminal = 0; 2416 read_from_sslcon = SSL_has_pending(con) 2417 || (async && SSL_waiting_for_async(con)); 2418 2419 if (!read_from_sslcon) { 2420 FD_ZERO(&readfds); 2421 #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) 2422 openssl_fdset(fileno_stdin(), &readfds); 2423 #endif 2424 openssl_fdset(s, &readfds); 2425 /* 2426 * Note: under VMS with SOCKETSHR the second parameter is 2427 * currently of type (int *) whereas under other systems it is 2428 * (void *) if you don't have a cast it will choke the compiler: 2429 * if you do have a cast then you can either go for (int *) or 2430 * (void *). 2431 */ 2432 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) 2433 /* 2434 * Under DOS (non-djgpp) and Windows we can't select on stdin: 2435 * only on sockets. As a workaround we timeout the select every 2436 * second and check for any keypress. In a proper Windows 2437 * application we wouldn't do this because it is inefficient. 2438 */ 2439 timeout.tv_sec = 1; 2440 timeout.tv_usec = 0; 2441 i = select(width, (void *)&readfds, NULL, NULL, &timeout); 2442 if (has_stdin_waiting()) 2443 read_from_terminal = 1; 2444 if ((i < 0) || (!i && !read_from_terminal)) 2445 continue; 2446 #else 2447 if (SSL_is_dtls(con) && DTLSv1_get_timeout(con, &timeout)) 2448 timeoutp = &timeout; 2449 else 2450 timeoutp = NULL; 2451 2452 i = select(width, (void *)&readfds, NULL, NULL, timeoutp); 2453 2454 if ((SSL_is_dtls(con)) && DTLSv1_handle_timeout(con) > 0) 2455 BIO_printf(bio_err, "TIMEOUT occurred\n"); 2456 2457 if (i <= 0) 2458 continue; 2459 if (FD_ISSET(fileno_stdin(), &readfds)) 2460 read_from_terminal = 1; 2461 #endif 2462 if (FD_ISSET(s, &readfds)) 2463 read_from_sslcon = 1; 2464 } 2465 if (read_from_terminal) { 2466 if (s_crlf) { 2467 int j, lf_num; 2468 2469 i = raw_read_stdin(buf, bufsize / 2); 2470 lf_num = 0; 2471 /* both loops are skipped when i <= 0 */ 2472 for (j = 0; j < i; j++) 2473 if (buf[j] == '\n') 2474 lf_num++; 2475 for (j = i - 1; j >= 0; j--) { 2476 buf[j + lf_num] = buf[j]; 2477 if (buf[j] == '\n') { 2478 lf_num--; 2479 i++; 2480 buf[j + lf_num] = '\r'; 2481 } 2482 } 2483 assert(lf_num == 0); 2484 } else { 2485 i = raw_read_stdin(buf, bufsize); 2486 } 2487 2488 if (!s_quiet && !s_brief) { 2489 if ((i <= 0) || (buf[0] == 'Q')) { 2490 BIO_printf(bio_s_out, "DONE\n"); 2491 (void)BIO_flush(bio_s_out); 2492 BIO_closesocket(s); 2493 close_accept_socket(); 2494 ret = -11; 2495 goto err; 2496 } 2497 if ((i <= 0) || (buf[0] == 'q')) { 2498 BIO_printf(bio_s_out, "DONE\n"); 2499 (void)BIO_flush(bio_s_out); 2500 if (SSL_version(con) != DTLS1_VERSION) 2501 BIO_closesocket(s); 2502 /* 2503 * close_accept_socket(); ret= -11; 2504 */ 2505 goto err; 2506 } 2507 #ifndef OPENSSL_NO_HEARTBEATS 2508 if ((buf[0] == 'B') && ((buf[1] == '\n') || (buf[1] == '\r'))) { 2509 BIO_printf(bio_err, "HEARTBEATING\n"); 2510 SSL_heartbeat(con); 2511 i = 0; 2512 continue; 2513 } 2514 #endif 2515 if ((buf[0] == 'r') && ((buf[1] == '\n') || (buf[1] == '\r'))) { 2516 SSL_renegotiate(con); 2517 i = SSL_do_handshake(con); 2518 printf("SSL_do_handshake -> %d\n", i); 2519 i = 0; /* 13; */ 2520 continue; 2521 } 2522 if ((buf[0] == 'R') && ((buf[1] == '\n') || (buf[1] == '\r'))) { 2523 SSL_set_verify(con, 2524 SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, 2525 NULL); 2526 SSL_renegotiate(con); 2527 i = SSL_do_handshake(con); 2528 printf("SSL_do_handshake -> %d\n", i); 2529 i = 0; /* 13; */ 2530 continue; 2531 } 2532 if ((buf[0] == 'K' || buf[0] == 'k') 2533 && ((buf[1] == '\n') || (buf[1] == '\r'))) { 2534 SSL_key_update(con, buf[0] == 'K' ? 2535 SSL_KEY_UPDATE_REQUESTED 2536 : SSL_KEY_UPDATE_NOT_REQUESTED); 2537 i = SSL_do_handshake(con); 2538 printf("SSL_do_handshake -> %d\n", i); 2539 i = 0; 2540 continue; 2541 } 2542 if (buf[0] == 'c' && ((buf[1] == '\n') || (buf[1] == '\r'))) { 2543 SSL_set_verify(con, SSL_VERIFY_PEER, NULL); 2544 i = SSL_verify_client_post_handshake(con); 2545 if (i == 0) { 2546 printf("Failed to initiate request\n"); 2547 ERR_print_errors(bio_err); 2548 } else { 2549 i = SSL_do_handshake(con); 2550 printf("SSL_do_handshake -> %d\n", i); 2551 i = 0; 2552 } 2553 continue; 2554 } 2555 if (buf[0] == 'P') { 2556 static const char *str = "Lets print some clear text\n"; 2557 BIO_write(SSL_get_wbio(con), str, strlen(str)); 2558 } 2559 if (buf[0] == 'S') { 2560 print_stats(bio_s_out, SSL_get_SSL_CTX(con)); 2561 } 2562 } 2563 #ifdef CHARSET_EBCDIC 2564 ebcdic2ascii(buf, buf, i); 2565 #endif 2566 l = k = 0; 2567 for (;;) { 2568 /* should do a select for the write */ 2569 #ifdef RENEG 2570 static count = 0; 2571 if (++count == 100) { 2572 count = 0; 2573 SSL_renegotiate(con); 2574 } 2575 #endif 2576 k = SSL_write(con, &(buf[l]), (unsigned int)i); 2577 #ifndef OPENSSL_NO_SRP 2578 while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) { 2579 BIO_printf(bio_s_out, "LOOKUP renego during write\n"); 2580 SRP_user_pwd_free(srp_callback_parm.user); 2581 srp_callback_parm.user = 2582 SRP_VBASE_get1_by_user(srp_callback_parm.vb, 2583 srp_callback_parm.login); 2584 if (srp_callback_parm.user) 2585 BIO_printf(bio_s_out, "LOOKUP done %s\n", 2586 srp_callback_parm.user->info); 2587 else 2588 BIO_printf(bio_s_out, "LOOKUP not successful\n"); 2589 k = SSL_write(con, &(buf[l]), (unsigned int)i); 2590 } 2591 #endif 2592 switch (SSL_get_error(con, k)) { 2593 case SSL_ERROR_NONE: 2594 break; 2595 case SSL_ERROR_WANT_ASYNC: 2596 BIO_printf(bio_s_out, "Write BLOCK (Async)\n"); 2597 (void)BIO_flush(bio_s_out); 2598 wait_for_async(con); 2599 break; 2600 case SSL_ERROR_WANT_WRITE: 2601 case SSL_ERROR_WANT_READ: 2602 case SSL_ERROR_WANT_X509_LOOKUP: 2603 BIO_printf(bio_s_out, "Write BLOCK\n"); 2604 (void)BIO_flush(bio_s_out); 2605 break; 2606 case SSL_ERROR_WANT_ASYNC_JOB: 2607 /* 2608 * This shouldn't ever happen in s_server. Treat as an error 2609 */ 2610 case SSL_ERROR_SYSCALL: 2611 case SSL_ERROR_SSL: 2612 BIO_printf(bio_s_out, "ERROR\n"); 2613 (void)BIO_flush(bio_s_out); 2614 ERR_print_errors(bio_err); 2615 ret = 1; 2616 goto err; 2617 /* break; */ 2618 case SSL_ERROR_ZERO_RETURN: 2619 BIO_printf(bio_s_out, "DONE\n"); 2620 (void)BIO_flush(bio_s_out); 2621 ret = 1; 2622 goto err; 2623 } 2624 if (k > 0) { 2625 l += k; 2626 i -= k; 2627 } 2628 if (i <= 0) 2629 break; 2630 } 2631 } 2632 if (read_from_sslcon) { 2633 /* 2634 * init_ssl_connection handles all async events itself so if we're 2635 * waiting for async then we shouldn't go back into 2636 * init_ssl_connection 2637 */ 2638 if ((!async || !SSL_waiting_for_async(con)) 2639 && !SSL_is_init_finished(con)) { 2640 i = init_ssl_connection(con); 2641 2642 if (i < 0) { 2643 ret = 0; 2644 goto err; 2645 } else if (i == 0) { 2646 ret = 1; 2647 goto err; 2648 } 2649 } else { 2650 again: 2651 i = SSL_read(con, (char *)buf, bufsize); 2652 #ifndef OPENSSL_NO_SRP 2653 while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { 2654 BIO_printf(bio_s_out, "LOOKUP renego during read\n"); 2655 SRP_user_pwd_free(srp_callback_parm.user); 2656 srp_callback_parm.user = 2657 SRP_VBASE_get1_by_user(srp_callback_parm.vb, 2658 srp_callback_parm.login); 2659 if (srp_callback_parm.user) 2660 BIO_printf(bio_s_out, "LOOKUP done %s\n", 2661 srp_callback_parm.user->info); 2662 else 2663 BIO_printf(bio_s_out, "LOOKUP not successful\n"); 2664 i = SSL_read(con, (char *)buf, bufsize); 2665 } 2666 #endif 2667 switch (SSL_get_error(con, i)) { 2668 case SSL_ERROR_NONE: 2669 #ifdef CHARSET_EBCDIC 2670 ascii2ebcdic(buf, buf, i); 2671 #endif 2672 raw_write_stdout(buf, (unsigned int)i); 2673 (void)BIO_flush(bio_s_out); 2674 if (SSL_has_pending(con)) 2675 goto again; 2676 break; 2677 case SSL_ERROR_WANT_ASYNC: 2678 BIO_printf(bio_s_out, "Read BLOCK (Async)\n"); 2679 (void)BIO_flush(bio_s_out); 2680 wait_for_async(con); 2681 break; 2682 case SSL_ERROR_WANT_WRITE: 2683 case SSL_ERROR_WANT_READ: 2684 BIO_printf(bio_s_out, "Read BLOCK\n"); 2685 (void)BIO_flush(bio_s_out); 2686 break; 2687 case SSL_ERROR_WANT_ASYNC_JOB: 2688 /* 2689 * This shouldn't ever happen in s_server. Treat as an error 2690 */ 2691 case SSL_ERROR_SYSCALL: 2692 case SSL_ERROR_SSL: 2693 BIO_printf(bio_s_out, "ERROR\n"); 2694 (void)BIO_flush(bio_s_out); 2695 ERR_print_errors(bio_err); 2696 ret = 1; 2697 goto err; 2698 case SSL_ERROR_ZERO_RETURN: 2699 BIO_printf(bio_s_out, "DONE\n"); 2700 (void)BIO_flush(bio_s_out); 2701 ret = 1; 2702 goto err; 2703 } 2704 } 2705 } 2706 } 2707 err: 2708 if (con != NULL) { 2709 BIO_printf(bio_s_out, "shutting down SSL\n"); 2710 SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); 2711 SSL_free(con); 2712 } 2713 BIO_printf(bio_s_out, "CONNECTION CLOSED\n"); 2714 OPENSSL_clear_free(buf, bufsize); 2715 return ret; 2716 } 2717 2718 static void close_accept_socket(void) 2719 { 2720 BIO_printf(bio_err, "shutdown accept socket\n"); 2721 if (accept_socket >= 0) { 2722 BIO_closesocket(accept_socket); 2723 } 2724 } 2725 2726 static int is_retryable(SSL *con, int i) 2727 { 2728 int err = SSL_get_error(con, i); 2729 2730 /* If it's not a fatal error, it must be retryable */ 2731 return (err != SSL_ERROR_SSL) 2732 && (err != SSL_ERROR_SYSCALL) 2733 && (err != SSL_ERROR_ZERO_RETURN); 2734 } 2735 2736 static int init_ssl_connection(SSL *con) 2737 { 2738 int i; 2739 long verify_err; 2740 int retry = 0; 2741 2742 if (dtlslisten || stateless) { 2743 BIO_ADDR *client = NULL; 2744 2745 if (dtlslisten) { 2746 if ((client = BIO_ADDR_new()) == NULL) { 2747 BIO_printf(bio_err, "ERROR - memory\n"); 2748 return 0; 2749 } 2750 i = DTLSv1_listen(con, client); 2751 } else { 2752 i = SSL_stateless(con); 2753 } 2754 if (i > 0) { 2755 BIO *wbio; 2756 int fd = -1; 2757 2758 if (dtlslisten) { 2759 wbio = SSL_get_wbio(con); 2760 if (wbio) { 2761 BIO_get_fd(wbio, &fd); 2762 } 2763 2764 if (!wbio || BIO_connect(fd, client, 0) == 0) { 2765 BIO_printf(bio_err, "ERROR - unable to connect\n"); 2766 BIO_ADDR_free(client); 2767 return 0; 2768 } 2769 2770 (void)BIO_ctrl_set_connected(wbio, client); 2771 BIO_ADDR_free(client); 2772 dtlslisten = 0; 2773 } else { 2774 stateless = 0; 2775 } 2776 i = SSL_accept(con); 2777 } else { 2778 BIO_ADDR_free(client); 2779 } 2780 } else { 2781 do { 2782 i = SSL_accept(con); 2783 2784 if (i <= 0) 2785 retry = is_retryable(con, i); 2786 #ifdef CERT_CB_TEST_RETRY 2787 { 2788 while (i <= 0 2789 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP 2790 && SSL_get_state(con) == TLS_ST_SR_CLNT_HELLO) { 2791 BIO_printf(bio_err, 2792 "LOOKUP from certificate callback during accept\n"); 2793 i = SSL_accept(con); 2794 if (i <= 0) 2795 retry = is_retryable(con, i); 2796 } 2797 } 2798 #endif 2799 2800 #ifndef OPENSSL_NO_SRP 2801 while (i <= 0 2802 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { 2803 BIO_printf(bio_s_out, "LOOKUP during accept %s\n", 2804 srp_callback_parm.login); 2805 SRP_user_pwd_free(srp_callback_parm.user); 2806 srp_callback_parm.user = 2807 SRP_VBASE_get1_by_user(srp_callback_parm.vb, 2808 srp_callback_parm.login); 2809 if (srp_callback_parm.user) 2810 BIO_printf(bio_s_out, "LOOKUP done %s\n", 2811 srp_callback_parm.user->info); 2812 else 2813 BIO_printf(bio_s_out, "LOOKUP not successful\n"); 2814 i = SSL_accept(con); 2815 if (i <= 0) 2816 retry = is_retryable(con, i); 2817 } 2818 #endif 2819 } while (i < 0 && SSL_waiting_for_async(con)); 2820 } 2821 2822 if (i <= 0) { 2823 if (((dtlslisten || stateless) && i == 0) 2824 || (!dtlslisten && !stateless && retry)) { 2825 BIO_printf(bio_s_out, "DELAY\n"); 2826 return 1; 2827 } 2828 2829 BIO_printf(bio_err, "ERROR\n"); 2830 2831 verify_err = SSL_get_verify_result(con); 2832 if (verify_err != X509_V_OK) { 2833 BIO_printf(bio_err, "verify error:%s\n", 2834 X509_verify_cert_error_string(verify_err)); 2835 } 2836 /* Always print any error messages */ 2837 ERR_print_errors(bio_err); 2838 return 0; 2839 } 2840 2841 print_connection_info(con); 2842 return 1; 2843 } 2844 2845 static void print_connection_info(SSL *con) 2846 { 2847 const char *str; 2848 X509 *peer; 2849 char buf[BUFSIZ]; 2850 #if !defined(OPENSSL_NO_NEXTPROTONEG) 2851 const unsigned char *next_proto_neg; 2852 unsigned next_proto_neg_len; 2853 #endif 2854 unsigned char *exportedkeymat; 2855 int i; 2856 2857 if (s_brief) 2858 print_ssl_summary(con); 2859 2860 PEM_write_bio_SSL_SESSION(bio_s_out, SSL_get_session(con)); 2861 2862 peer = SSL_get_peer_certificate(con); 2863 if (peer != NULL) { 2864 BIO_printf(bio_s_out, "Client certificate\n"); 2865 PEM_write_bio_X509(bio_s_out, peer); 2866 dump_cert_text(bio_s_out, peer); 2867 X509_free(peer); 2868 peer = NULL; 2869 } 2870 2871 if (SSL_get_shared_ciphers(con, buf, sizeof(buf)) != NULL) 2872 BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf); 2873 str = SSL_CIPHER_get_name(SSL_get_current_cipher(con)); 2874 ssl_print_sigalgs(bio_s_out, con); 2875 #ifndef OPENSSL_NO_EC 2876 ssl_print_point_formats(bio_s_out, con); 2877 ssl_print_groups(bio_s_out, con, 0); 2878 #endif 2879 print_ca_names(bio_s_out, con); 2880 BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)"); 2881 2882 #if !defined(OPENSSL_NO_NEXTPROTONEG) 2883 SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len); 2884 if (next_proto_neg) { 2885 BIO_printf(bio_s_out, "NEXTPROTO is "); 2886 BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len); 2887 BIO_printf(bio_s_out, "\n"); 2888 } 2889 #endif 2890 #ifndef OPENSSL_NO_SRTP 2891 { 2892 SRTP_PROTECTION_PROFILE *srtp_profile 2893 = SSL_get_selected_srtp_profile(con); 2894 2895 if (srtp_profile) 2896 BIO_printf(bio_s_out, "SRTP Extension negotiated, profile=%s\n", 2897 srtp_profile->name); 2898 } 2899 #endif 2900 if (SSL_session_reused(con)) 2901 BIO_printf(bio_s_out, "Reused session-id\n"); 2902 BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", 2903 SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); 2904 if ((SSL_get_options(con) & SSL_OP_NO_RENEGOTIATION)) 2905 BIO_printf(bio_s_out, "Renegotiation is DISABLED\n"); 2906 2907 if (keymatexportlabel != NULL) { 2908 BIO_printf(bio_s_out, "Keying material exporter:\n"); 2909 BIO_printf(bio_s_out, " Label: '%s'\n", keymatexportlabel); 2910 BIO_printf(bio_s_out, " Length: %i bytes\n", keymatexportlen); 2911 exportedkeymat = app_malloc(keymatexportlen, "export key"); 2912 if (!SSL_export_keying_material(con, exportedkeymat, 2913 keymatexportlen, 2914 keymatexportlabel, 2915 strlen(keymatexportlabel), 2916 NULL, 0, 0)) { 2917 BIO_printf(bio_s_out, " Error\n"); 2918 } else { 2919 BIO_printf(bio_s_out, " Keying material: "); 2920 for (i = 0; i < keymatexportlen; i++) 2921 BIO_printf(bio_s_out, "%02X", exportedkeymat[i]); 2922 BIO_printf(bio_s_out, "\n"); 2923 } 2924 OPENSSL_free(exportedkeymat); 2925 } 2926 2927 (void)BIO_flush(bio_s_out); 2928 } 2929 2930 #ifndef OPENSSL_NO_DH 2931 static DH *load_dh_param(const char *dhfile) 2932 { 2933 DH *ret = NULL; 2934 BIO *bio; 2935 2936 if ((bio = BIO_new_file(dhfile, "r")) == NULL) 2937 goto err; 2938 ret = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); 2939 err: 2940 BIO_free(bio); 2941 return ret; 2942 } 2943 #endif 2944 2945 static int www_body(int s, int stype, int prot, unsigned char *context) 2946 { 2947 char *buf = NULL; 2948 int ret = 1; 2949 int i, j, k, dot; 2950 SSL *con; 2951 const SSL_CIPHER *c; 2952 BIO *io, *ssl_bio, *sbio; 2953 #ifdef RENEG 2954 int total_bytes = 0; 2955 #endif 2956 int width; 2957 fd_set readfds; 2958 2959 /* Set width for a select call if needed */ 2960 width = s + 1; 2961 2962 buf = app_malloc(bufsize, "server www buffer"); 2963 io = BIO_new(BIO_f_buffer()); 2964 ssl_bio = BIO_new(BIO_f_ssl()); 2965 if ((io == NULL) || (ssl_bio == NULL)) 2966 goto err; 2967 2968 if (s_nbio) { 2969 if (!BIO_socket_nbio(s, 1)) 2970 ERR_print_errors(bio_err); 2971 else if (!s_quiet) 2972 BIO_printf(bio_err, "Turned on non blocking io\n"); 2973 } 2974 2975 /* lets make the output buffer a reasonable size */ 2976 if (!BIO_set_write_buffer_size(io, bufsize)) 2977 goto err; 2978 2979 if ((con = SSL_new(ctx)) == NULL) 2980 goto err; 2981 2982 if (s_tlsextdebug) { 2983 SSL_set_tlsext_debug_callback(con, tlsext_cb); 2984 SSL_set_tlsext_debug_arg(con, bio_s_out); 2985 } 2986 2987 if (context != NULL 2988 && !SSL_set_session_id_context(con, context, 2989 strlen((char *)context))) { 2990 SSL_free(con); 2991 goto err; 2992 } 2993 2994 sbio = BIO_new_socket(s, BIO_NOCLOSE); 2995 if (s_nbio_test) { 2996 BIO *test; 2997 2998 test = BIO_new(BIO_f_nbio_test()); 2999 sbio = BIO_push(test, sbio); 3000 } 3001 SSL_set_bio(con, sbio, sbio); 3002 SSL_set_accept_state(con); 3003 3004 /* No need to free |con| after this. Done by BIO_free(ssl_bio) */ 3005 BIO_set_ssl(ssl_bio, con, BIO_CLOSE); 3006 BIO_push(io, ssl_bio); 3007 #ifdef CHARSET_EBCDIC 3008 io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io); 3009 #endif 3010 3011 if (s_debug) { 3012 BIO_set_callback(SSL_get_rbio(con), bio_dump_callback); 3013 BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out); 3014 } 3015 if (s_msg) { 3016 #ifndef OPENSSL_NO_SSL_TRACE 3017 if (s_msg == 2) 3018 SSL_set_msg_callback(con, SSL_trace); 3019 else 3020 #endif 3021 SSL_set_msg_callback(con, msg_cb); 3022 SSL_set_msg_callback_arg(con, bio_s_msg ? bio_s_msg : bio_s_out); 3023 } 3024 3025 for (;;) { 3026 i = BIO_gets(io, buf, bufsize - 1); 3027 if (i < 0) { /* error */ 3028 if (!BIO_should_retry(io) && !SSL_waiting_for_async(con)) { 3029 if (!s_quiet) 3030 ERR_print_errors(bio_err); 3031 goto err; 3032 } else { 3033 BIO_printf(bio_s_out, "read R BLOCK\n"); 3034 #ifndef OPENSSL_NO_SRP 3035 if (BIO_should_io_special(io) 3036 && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) { 3037 BIO_printf(bio_s_out, "LOOKUP renego during read\n"); 3038 SRP_user_pwd_free(srp_callback_parm.user); 3039 srp_callback_parm.user = 3040 SRP_VBASE_get1_by_user(srp_callback_parm.vb, 3041 srp_callback_parm.login); 3042 if (srp_callback_parm.user) 3043 BIO_printf(bio_s_out, "LOOKUP done %s\n", 3044 srp_callback_parm.user->info); 3045 else 3046 BIO_printf(bio_s_out, "LOOKUP not successful\n"); 3047 continue; 3048 } 3049 #endif 3050 #if !defined(OPENSSL_SYS_MSDOS) 3051 sleep(1); 3052 #endif 3053 continue; 3054 } 3055 } else if (i == 0) { /* end of input */ 3056 ret = 1; 3057 goto end; 3058 } 3059 3060 /* else we have data */ 3061 if (((www == 1) && (strncmp("GET ", buf, 4) == 0)) || 3062 ((www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) { 3063 char *p; 3064 X509 *peer = NULL; 3065 STACK_OF(SSL_CIPHER) *sk; 3066 static const char *space = " "; 3067 3068 if (www == 1 && strncmp("GET /reneg", buf, 10) == 0) { 3069 if (strncmp("GET /renegcert", buf, 14) == 0) 3070 SSL_set_verify(con, 3071 SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, 3072 NULL); 3073 i = SSL_renegotiate(con); 3074 BIO_printf(bio_s_out, "SSL_renegotiate -> %d\n", i); 3075 /* Send the HelloRequest */ 3076 i = SSL_do_handshake(con); 3077 if (i <= 0) { 3078 BIO_printf(bio_s_out, "SSL_do_handshake() Retval %d\n", 3079 SSL_get_error(con, i)); 3080 ERR_print_errors(bio_err); 3081 goto err; 3082 } 3083 /* Wait for a ClientHello to come back */ 3084 FD_ZERO(&readfds); 3085 openssl_fdset(s, &readfds); 3086 i = select(width, (void *)&readfds, NULL, NULL, NULL); 3087 if (i <= 0 || !FD_ISSET(s, &readfds)) { 3088 BIO_printf(bio_s_out, 3089 "Error waiting for client response\n"); 3090 ERR_print_errors(bio_err); 3091 goto err; 3092 } 3093 /* 3094 * We're not actually expecting any data here and we ignore 3095 * any that is sent. This is just to force the handshake that 3096 * we're expecting to come from the client. If they haven't 3097 * sent one there's not much we can do. 3098 */ 3099 BIO_gets(io, buf, bufsize - 1); 3100 } 3101 3102 BIO_puts(io, 3103 "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); 3104 BIO_puts(io, "<HTML><BODY BGCOLOR=\"#ffffff\">\n"); 3105 BIO_puts(io, "<pre>\n"); 3106 /* BIO_puts(io, OpenSSL_version(OPENSSL_VERSION)); */ 3107 BIO_puts(io, "\n"); 3108 for (i = 0; i < local_argc; i++) { 3109 const char *myp; 3110 for (myp = local_argv[i]; *myp; myp++) 3111 switch (*myp) { 3112 case '<': 3113 BIO_puts(io, "<"); 3114 break; 3115 case '>': 3116 BIO_puts(io, ">"); 3117 break; 3118 case '&': 3119 BIO_puts(io, "&"); 3120 break; 3121 default: 3122 BIO_write(io, myp, 1); 3123 break; 3124 } 3125 BIO_write(io, " ", 1); 3126 } 3127 BIO_puts(io, "\n"); 3128 3129 BIO_printf(io, 3130 "Secure Renegotiation IS%s supported\n", 3131 SSL_get_secure_renegotiation_support(con) ? 3132 "" : " NOT"); 3133 3134 /* 3135 * The following is evil and should not really be done 3136 */ 3137 BIO_printf(io, "Ciphers supported in s_server binary\n"); 3138 sk = SSL_get_ciphers(con); 3139 j = sk_SSL_CIPHER_num(sk); 3140 for (i = 0; i < j; i++) { 3141 c = sk_SSL_CIPHER_value(sk, i); 3142 BIO_printf(io, "%-11s:%-25s ", 3143 SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c)); 3144 if ((((i + 1) % 2) == 0) && (i + 1 != j)) 3145 BIO_puts(io, "\n"); 3146 } 3147 BIO_puts(io, "\n"); 3148 p = SSL_get_shared_ciphers(con, buf, bufsize); 3149 if (p != NULL) { 3150 BIO_printf(io, 3151 "---\nCiphers common between both SSL end points:\n"); 3152 j = i = 0; 3153 while (*p) { 3154 if (*p == ':') { 3155 BIO_write(io, space, 26 - j); 3156 i++; 3157 j = 0; 3158 BIO_write(io, ((i % 3) ? " " : "\n"), 1); 3159 } else { 3160 BIO_write(io, p, 1); 3161 j++; 3162 } 3163 p++; 3164 } 3165 BIO_puts(io, "\n"); 3166 } 3167 ssl_print_sigalgs(io, con); 3168 #ifndef OPENSSL_NO_EC 3169 ssl_print_groups(io, con, 0); 3170 #endif 3171 print_ca_names(io, con); 3172 BIO_printf(io, (SSL_session_reused(con) 3173 ? "---\nReused, " : "---\nNew, ")); 3174 c = SSL_get_current_cipher(con); 3175 BIO_printf(io, "%s, Cipher is %s\n", 3176 SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c)); 3177 SSL_SESSION_print(io, SSL_get_session(con)); 3178 BIO_printf(io, "---\n"); 3179 print_stats(io, SSL_get_SSL_CTX(con)); 3180 BIO_printf(io, "---\n"); 3181 peer = SSL_get_peer_certificate(con); 3182 if (peer != NULL) { 3183 BIO_printf(io, "Client certificate\n"); 3184 X509_print(io, peer); 3185 PEM_write_bio_X509(io, peer); 3186 X509_free(peer); 3187 peer = NULL; 3188 } else { 3189 BIO_puts(io, "no client certificate available\n"); 3190 } 3191 BIO_puts(io, "</pre></BODY></HTML>\r\n\r\n"); 3192 break; 3193 } else if ((www == 2 || www == 3) 3194 && (strncmp("GET /", buf, 5) == 0)) { 3195 BIO *file; 3196 char *p, *e; 3197 static const char *text = 3198 "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"; 3199 3200 /* skip the '/' */ 3201 p = &(buf[5]); 3202 3203 dot = 1; 3204 for (e = p; *e != '\0'; e++) { 3205 if (e[0] == ' ') 3206 break; 3207 3208 if (e[0] == ':') { 3209 /* Windows drive. We treat this the same way as ".." */ 3210 dot = -1; 3211 break; 3212 } 3213 3214 switch (dot) { 3215 case 1: 3216 dot = (e[0] == '.') ? 2 : 0; 3217 break; 3218 case 2: 3219 dot = (e[0] == '.') ? 3 : 0; 3220 break; 3221 case 3: 3222 dot = (e[0] == '/' || e[0] == '\\') ? -1 : 0; 3223 break; 3224 } 3225 if (dot == 0) 3226 dot = (e[0] == '/' || e[0] == '\\') ? 1 : 0; 3227 } 3228 dot = (dot == 3) || (dot == -1); /* filename contains ".." 3229 * component */ 3230 3231 if (*e == '\0') { 3232 BIO_puts(io, text); 3233 BIO_printf(io, "'%s' is an invalid file name\r\n", p); 3234 break; 3235 } 3236 *e = '\0'; 3237 3238 if (dot) { 3239 BIO_puts(io, text); 3240 BIO_printf(io, "'%s' contains '..' or ':'\r\n", p); 3241 break; 3242 } 3243 3244 if (*p == '/' || *p == '\\') { 3245 BIO_puts(io, text); 3246 BIO_printf(io, "'%s' is an invalid path\r\n", p); 3247 break; 3248 } 3249 3250 /* if a directory, do the index thang */ 3251 if (app_isdir(p) > 0) { 3252 BIO_puts(io, text); 3253 BIO_printf(io, "'%s' is a directory\r\n", p); 3254 break; 3255 } 3256 3257 if ((file = BIO_new_file(p, "r")) == NULL) { 3258 BIO_puts(io, text); 3259 BIO_printf(io, "Error opening '%s'\r\n", p); 3260 ERR_print_errors(io); 3261 break; 3262 } 3263 3264 if (!s_quiet) 3265 BIO_printf(bio_err, "FILE:%s\n", p); 3266 3267 if (www == 2) { 3268 i = strlen(p); 3269 if (((i > 5) && (strcmp(&(p[i - 5]), ".html") == 0)) || 3270 ((i > 4) && (strcmp(&(p[i - 4]), ".php") == 0)) || 3271 ((i > 4) && (strcmp(&(p[i - 4]), ".htm") == 0))) 3272 BIO_puts(io, 3273 "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); 3274 else 3275 BIO_puts(io, 3276 "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"); 3277 } 3278 /* send the file */ 3279 for (;;) { 3280 i = BIO_read(file, buf, bufsize); 3281 if (i <= 0) 3282 break; 3283 3284 #ifdef RENEG 3285 total_bytes += i; 3286 BIO_printf(bio_err, "%d\n", i); 3287 if (total_bytes > 3 * 1024) { 3288 total_bytes = 0; 3289 BIO_printf(bio_err, "RENEGOTIATE\n"); 3290 SSL_renegotiate(con); 3291 } 3292 #endif 3293 3294 for (j = 0; j < i;) { 3295 #ifdef RENEG 3296 static count = 0; 3297 if (++count == 13) { 3298 SSL_renegotiate(con); 3299 } 3300 #endif 3301 k = BIO_write(io, &(buf[j]), i - j); 3302 if (k <= 0) { 3303 if (!BIO_should_retry(io) 3304 && !SSL_waiting_for_async(con)) 3305 goto write_error; 3306 else { 3307 BIO_printf(bio_s_out, "rwrite W BLOCK\n"); 3308 } 3309 } else { 3310 j += k; 3311 } 3312 } 3313 } 3314 write_error: 3315 BIO_free(file); 3316 break; 3317 } 3318 } 3319 3320 for (;;) { 3321 i = (int)BIO_flush(io); 3322 if (i <= 0) { 3323 if (!BIO_should_retry(io)) 3324 break; 3325 } else 3326 break; 3327 } 3328 end: 3329 /* make sure we re-use sessions */ 3330 SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); 3331 3332 err: 3333 OPENSSL_free(buf); 3334 BIO_free_all(io); 3335 return ret; 3336 } 3337 3338 static int rev_body(int s, int stype, int prot, unsigned char *context) 3339 { 3340 char *buf = NULL; 3341 int i; 3342 int ret = 1; 3343 SSL *con; 3344 BIO *io, *ssl_bio, *sbio; 3345 3346 buf = app_malloc(bufsize, "server rev buffer"); 3347 io = BIO_new(BIO_f_buffer()); 3348 ssl_bio = BIO_new(BIO_f_ssl()); 3349 if ((io == NULL) || (ssl_bio == NULL)) 3350 goto err; 3351 3352 /* lets make the output buffer a reasonable size */ 3353 if (!BIO_set_write_buffer_size(io, bufsize)) 3354 goto err; 3355 3356 if ((con = SSL_new(ctx)) == NULL) 3357 goto err; 3358 3359 if (s_tlsextdebug) { 3360 SSL_set_tlsext_debug_callback(con, tlsext_cb); 3361 SSL_set_tlsext_debug_arg(con, bio_s_out); 3362 } 3363 if (context != NULL 3364 && !SSL_set_session_id_context(con, context, 3365 strlen((char *)context))) { 3366 SSL_free(con); 3367 ERR_print_errors(bio_err); 3368 goto err; 3369 } 3370 3371 sbio = BIO_new_socket(s, BIO_NOCLOSE); 3372 SSL_set_bio(con, sbio, sbio); 3373 SSL_set_accept_state(con); 3374 3375 /* No need to free |con| after this. Done by BIO_free(ssl_bio) */ 3376 BIO_set_ssl(ssl_bio, con, BIO_CLOSE); 3377 BIO_push(io, ssl_bio); 3378 #ifdef CHARSET_EBCDIC 3379 io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io); 3380 #endif 3381 3382 if (s_debug) { 3383 BIO_set_callback(SSL_get_rbio(con), bio_dump_callback); 3384 BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out); 3385 } 3386 if (s_msg) { 3387 #ifndef OPENSSL_NO_SSL_TRACE 3388 if (s_msg == 2) 3389 SSL_set_msg_callback(con, SSL_trace); 3390 else 3391 #endif 3392 SSL_set_msg_callback(con, msg_cb); 3393 SSL_set_msg_callback_arg(con, bio_s_msg ? bio_s_msg : bio_s_out); 3394 } 3395 3396 for (;;) { 3397 i = BIO_do_handshake(io); 3398 if (i > 0) 3399 break; 3400 if (!BIO_should_retry(io)) { 3401 BIO_puts(bio_err, "CONNECTION FAILURE\n"); 3402 ERR_print_errors(bio_err); 3403 goto end; 3404 } 3405 #ifndef OPENSSL_NO_SRP 3406 if (BIO_should_io_special(io) 3407 && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) { 3408 BIO_printf(bio_s_out, "LOOKUP renego during accept\n"); 3409 SRP_user_pwd_free(srp_callback_parm.user); 3410 srp_callback_parm.user = 3411 SRP_VBASE_get1_by_user(srp_callback_parm.vb, 3412 srp_callback_parm.login); 3413 if (srp_callback_parm.user) 3414 BIO_printf(bio_s_out, "LOOKUP done %s\n", 3415 srp_callback_parm.user->info); 3416 else 3417 BIO_printf(bio_s_out, "LOOKUP not successful\n"); 3418 continue; 3419 } 3420 #endif 3421 } 3422 BIO_printf(bio_err, "CONNECTION ESTABLISHED\n"); 3423 print_ssl_summary(con); 3424 3425 for (;;) { 3426 i = BIO_gets(io, buf, bufsize - 1); 3427 if (i < 0) { /* error */ 3428 if (!BIO_should_retry(io)) { 3429 if (!s_quiet) 3430 ERR_print_errors(bio_err); 3431 goto err; 3432 } else { 3433 BIO_printf(bio_s_out, "read R BLOCK\n"); 3434 #ifndef OPENSSL_NO_SRP 3435 if (BIO_should_io_special(io) 3436 && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) { 3437 BIO_printf(bio_s_out, "LOOKUP renego during read\n"); 3438 SRP_user_pwd_free(srp_callback_parm.user); 3439 srp_callback_parm.user = 3440 SRP_VBASE_get1_by_user(srp_callback_parm.vb, 3441 srp_callback_parm.login); 3442 if (srp_callback_parm.user) 3443 BIO_printf(bio_s_out, "LOOKUP done %s\n", 3444 srp_callback_parm.user->info); 3445 else 3446 BIO_printf(bio_s_out, "LOOKUP not successful\n"); 3447 continue; 3448 } 3449 #endif 3450 #if !defined(OPENSSL_SYS_MSDOS) 3451 sleep(1); 3452 #endif 3453 continue; 3454 } 3455 } else if (i == 0) { /* end of input */ 3456 ret = 1; 3457 BIO_printf(bio_err, "CONNECTION CLOSED\n"); 3458 goto end; 3459 } else { 3460 char *p = buf + i - 1; 3461 while (i && (*p == '\n' || *p == '\r')) { 3462 p--; 3463 i--; 3464 } 3465 if (!s_ign_eof && (i == 5) && (strncmp(buf, "CLOSE", 5) == 0)) { 3466 ret = 1; 3467 BIO_printf(bio_err, "CONNECTION CLOSED\n"); 3468 goto end; 3469 } 3470 BUF_reverse((unsigned char *)buf, NULL, i); 3471 buf[i] = '\n'; 3472 BIO_write(io, buf, i + 1); 3473 for (;;) { 3474 i = BIO_flush(io); 3475 if (i > 0) 3476 break; 3477 if (!BIO_should_retry(io)) 3478 goto end; 3479 } 3480 } 3481 } 3482 end: 3483 /* make sure we re-use sessions */ 3484 SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); 3485 3486 err: 3487 3488 OPENSSL_free(buf); 3489 BIO_free_all(io); 3490 return ret; 3491 } 3492 3493 #define MAX_SESSION_ID_ATTEMPTS 10 3494 static int generate_session_id(SSL *ssl, unsigned char *id, 3495 unsigned int *id_len) 3496 { 3497 unsigned int count = 0; 3498 do { 3499 if (RAND_bytes(id, *id_len) <= 0) 3500 return 0; 3501 /* 3502 * Prefix the session_id with the required prefix. NB: If our prefix 3503 * is too long, clip it - but there will be worse effects anyway, eg. 3504 * the server could only possibly create 1 session ID (ie. the 3505 * prefix!) so all future session negotiations will fail due to 3506 * conflicts. 3507 */ 3508 memcpy(id, session_id_prefix, 3509 (strlen(session_id_prefix) < *id_len) ? 3510 strlen(session_id_prefix) : *id_len); 3511 } 3512 while (SSL_has_matching_session_id(ssl, id, *id_len) && 3513 (++count < MAX_SESSION_ID_ATTEMPTS)); 3514 if (count >= MAX_SESSION_ID_ATTEMPTS) 3515 return 0; 3516 return 1; 3517 } 3518 3519 /* 3520 * By default s_server uses an in-memory cache which caches SSL_SESSION 3521 * structures without any serialisation. This hides some bugs which only 3522 * become apparent in deployed servers. By implementing a basic external 3523 * session cache some issues can be debugged using s_server. 3524 */ 3525 3526 typedef struct simple_ssl_session_st { 3527 unsigned char *id; 3528 unsigned int idlen; 3529 unsigned char *der; 3530 int derlen; 3531 struct simple_ssl_session_st *next; 3532 } simple_ssl_session; 3533 3534 static simple_ssl_session *first = NULL; 3535 3536 static int add_session(SSL *ssl, SSL_SESSION *session) 3537 { 3538 simple_ssl_session *sess = app_malloc(sizeof(*sess), "get session"); 3539 unsigned char *p; 3540 3541 SSL_SESSION_get_id(session, &sess->idlen); 3542 sess->derlen = i2d_SSL_SESSION(session, NULL); 3543 if (sess->derlen < 0) { 3544 BIO_printf(bio_err, "Error encoding session\n"); 3545 OPENSSL_free(sess); 3546 return 0; 3547 } 3548 3549 sess->id = OPENSSL_memdup(SSL_SESSION_get_id(session, NULL), sess->idlen); 3550 sess->der = app_malloc(sess->derlen, "get session buffer"); 3551 if (!sess->id) { 3552 BIO_printf(bio_err, "Out of memory adding to external cache\n"); 3553 OPENSSL_free(sess->id); 3554 OPENSSL_free(sess->der); 3555 OPENSSL_free(sess); 3556 return 0; 3557 } 3558 p = sess->der; 3559 3560 /* Assume it still works. */ 3561 if (i2d_SSL_SESSION(session, &p) != sess->derlen) { 3562 BIO_printf(bio_err, "Unexpected session encoding length\n"); 3563 OPENSSL_free(sess->id); 3564 OPENSSL_free(sess->der); 3565 OPENSSL_free(sess); 3566 return 0; 3567 } 3568 3569 sess->next = first; 3570 first = sess; 3571 BIO_printf(bio_err, "New session added to external cache\n"); 3572 return 0; 3573 } 3574 3575 static SSL_SESSION *get_session(SSL *ssl, const unsigned char *id, int idlen, 3576 int *do_copy) 3577 { 3578 simple_ssl_session *sess; 3579 *do_copy = 0; 3580 for (sess = first; sess; sess = sess->next) { 3581 if (idlen == (int)sess->idlen && !memcmp(sess->id, id, idlen)) { 3582 const unsigned char *p = sess->der; 3583 BIO_printf(bio_err, "Lookup session: cache hit\n"); 3584 return d2i_SSL_SESSION(NULL, &p, sess->derlen); 3585 } 3586 } 3587 BIO_printf(bio_err, "Lookup session: cache miss\n"); 3588 return NULL; 3589 } 3590 3591 static void del_session(SSL_CTX *sctx, SSL_SESSION *session) 3592 { 3593 simple_ssl_session *sess, *prev = NULL; 3594 const unsigned char *id; 3595 unsigned int idlen; 3596 id = SSL_SESSION_get_id(session, &idlen); 3597 for (sess = first; sess; sess = sess->next) { 3598 if (idlen == sess->idlen && !memcmp(sess->id, id, idlen)) { 3599 if (prev) 3600 prev->next = sess->next; 3601 else 3602 first = sess->next; 3603 OPENSSL_free(sess->id); 3604 OPENSSL_free(sess->der); 3605 OPENSSL_free(sess); 3606 return; 3607 } 3608 prev = sess; 3609 } 3610 } 3611 3612 static void init_session_cache_ctx(SSL_CTX *sctx) 3613 { 3614 SSL_CTX_set_session_cache_mode(sctx, 3615 SSL_SESS_CACHE_NO_INTERNAL | 3616 SSL_SESS_CACHE_SERVER); 3617 SSL_CTX_sess_set_new_cb(sctx, add_session); 3618 SSL_CTX_sess_set_get_cb(sctx, get_session); 3619 SSL_CTX_sess_set_remove_cb(sctx, del_session); 3620 } 3621 3622 static void free_sessions(void) 3623 { 3624 simple_ssl_session *sess, *tsess; 3625 for (sess = first; sess;) { 3626 OPENSSL_free(sess->id); 3627 OPENSSL_free(sess->der); 3628 tsess = sess; 3629 sess = sess->next; 3630 OPENSSL_free(tsess); 3631 } 3632 first = NULL; 3633 } 3634 3635 #endif /* OPENSSL_NO_SOCK */ 3636