diff options
Diffstat (limited to 'crypto/openssl/apps/s_server.c')
-rw-r--r-- | crypto/openssl/apps/s_server.c | 76 |
1 files changed, 47 insertions, 29 deletions
diff --git a/crypto/openssl/apps/s_server.c b/crypto/openssl/apps/s_server.c index 09c755b..857a70e 100644 --- a/crypto/openssl/apps/s_server.c +++ b/crypto/openssl/apps/s_server.c @@ -353,9 +353,8 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, unsigned char *psk, unsigned int max_psk_len) { - unsigned int psk_len = 0; - int ret; - BIGNUM *bn = NULL; + long key_len = 0; + unsigned char *key; if (s_debug) BIO_printf(bio_s_out, "psk_server_cb\n"); @@ -377,32 +376,26 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, BIO_printf(bio_s_out, "PSK client identity found\n"); /* convert the PSK key to binary */ - ret = BN_hex2bn(&bn, psk_key); - if (!ret) { - BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n", + key = string_to_hex(psk_key, &key_len); + if (key == NULL) { + BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n", psk_key); - if (bn) - BN_free(bn); return 0; } - if (BN_num_bytes(bn) > (int)max_psk_len) { + if (key_len > (int)max_psk_len) { BIO_printf(bio_err, - "psk buffer of callback is too small (%d) for key (%d)\n", - max_psk_len, BN_num_bytes(bn)); - BN_free(bn); + "psk buffer of callback is too small (%d) for key (%ld)\n", + max_psk_len, key_len); + OPENSSL_free(key); return 0; } - ret = BN_bn2bin(bn, psk); - BN_free(bn); - - if (ret < 0) - goto out_err; - psk_len = (unsigned int)ret; + memcpy(psk, key, key_len); + OPENSSL_free(key); if (s_debug) - BIO_printf(bio_s_out, "fetched PSK len=%d\n", psk_len); - return psk_len; + BIO_printf(bio_s_out, "fetched PSK len=%ld\n", key_len); + return key_len; out_err: if (s_debug) BIO_printf(bio_err, "Error in PSK server callback\n"); @@ -1144,6 +1137,7 @@ int MAIN(int argc, char *argv[]) int crl_format = FORMAT_PEM; int crl_download = 0; STACK_OF(X509_CRL) *crls = NULL; + int prot_opt = 0, no_prot_opt = 0; meth = SSLv23_server_method(); @@ -1307,7 +1301,8 @@ int MAIN(int argc, char *argv[]) if (badarg) goto bad; continue; - } else if (args_ssl(&argv, &argc, cctx, &badarg, bio_err, &ssl_args)) { + } else if (args_ssl(&argv, &argc, cctx, &badarg, bio_err, &ssl_args, + &no_prot_opt)) { if (badarg) goto bad; continue; @@ -1451,32 +1446,40 @@ int MAIN(int argc, char *argv[]) else if (strcmp(*argv, "-ssl2") == 0) { no_ecdhe = 1; meth = SSLv2_server_method(); + prot_opt++; } #endif #ifndef OPENSSL_NO_SSL3_METHOD else if (strcmp(*argv, "-ssl3") == 0) { meth = SSLv3_server_method(); + prot_opt++; } #endif #ifndef OPENSSL_NO_TLS1 else if (strcmp(*argv, "-tls1") == 0) { meth = TLSv1_server_method(); + prot_opt++; } else if (strcmp(*argv, "-tls1_1") == 0) { meth = TLSv1_1_server_method(); + prot_opt++; } else if (strcmp(*argv, "-tls1_2") == 0) { meth = TLSv1_2_server_method(); + prot_opt++; } #endif #ifndef OPENSSL_NO_DTLS1 else if (strcmp(*argv, "-dtls") == 0) { meth = DTLS_server_method(); socket_type = SOCK_DGRAM; + prot_opt++; } else if (strcmp(*argv, "-dtls1") == 0) { meth = DTLSv1_server_method(); socket_type = SOCK_DGRAM; + prot_opt++; } else if (strcmp(*argv, "-dtls1_2") == 0) { meth = DTLSv1_2_server_method(); socket_type = SOCK_DGRAM; + prot_opt++; } else if (strcmp(*argv, "-timeout") == 0) enable_timeouts = 1; else if (strcmp(*argv, "-mtu") == 0) { @@ -1586,6 +1589,17 @@ int MAIN(int argc, char *argv[]) } #endif + if (prot_opt > 1) { + BIO_printf(bio_err, "Cannot supply multiple protocol flags\n"); + goto end; + } + + if (prot_opt == 1 && no_prot_opt) { + BIO_printf(bio_err, "Cannot supply both a protocol flag and " + "\"-no_<prot>\"\n"); + goto end; + } + SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); @@ -2293,7 +2307,10 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context) } #endif - width = s + 1; + if (fileno_stdin() > s) + width = fileno_stdin() + 1; + else + width = s + 1; for (;;) { int read_from_terminal; int read_from_sslcon; @@ -2304,7 +2321,7 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context) if (!read_from_sslcon) { FD_ZERO(&readfds); #if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_BEOS_R5) - openssl_fdset(fileno(stdin), &readfds); + openssl_fdset(fileno_stdin(), &readfds); #endif openssl_fdset(s, &readfds); /* @@ -2332,13 +2349,13 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context) /* Under BeOS-R5 the situation is similar to DOS */ tv.tv_sec = 1; tv.tv_usec = 0; - (void)fcntl(fileno(stdin), F_SETFL, O_NONBLOCK); + (void)fcntl(fileno_stdin(), F_SETFL, O_NONBLOCK); i = select(width, (void *)&readfds, NULL, NULL, &tv); - if ((i < 0) || (!i && read(fileno(stdin), buf, 0) < 0)) + if ((i < 0) || (!i && read(fileno_stdin(), buf, 0) < 0)) continue; - if (read(fileno(stdin), buf, 0) >= 0) + if (read(fileno_stdin(), buf, 0) >= 0) read_from_terminal = 1; - (void)fcntl(fileno(stdin), F_SETFL, 0); + (void)fcntl(fileno_stdin(), F_SETFL, 0); #else if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_get_timeout(con, &timeout)) @@ -2355,7 +2372,7 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context) if (i <= 0) continue; - if (FD_ISSET(fileno(stdin), &readfds)) + if (FD_ISSET(fileno_stdin(), &readfds)) read_from_terminal = 1; #endif if (FD_ISSET(s, &readfds)) @@ -2382,6 +2399,7 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context) assert(lf_num == 0); } else i = raw_read_stdin(buf, bufsize); + if (!s_quiet && !s_brief) { if ((i <= 0) || (buf[0] == 'Q')) { BIO_printf(bio_s_out, "DONE\n"); @@ -3371,7 +3389,7 @@ static int generate_session_id(const SSL *ssl, unsigned char *id, { unsigned int count = 0; do { - if (RAND_pseudo_bytes(id, *id_len) < 0) + if (RAND_bytes(id, *id_len) <= 0) return 0; /* * Prefix the session_id with the required prefix. NB: If our prefix |