GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: usr.bin/openssl/s_server.c Lines: 0 1150 0.0 %
Date: 2016-12-06 Branches: 0 771 0.0 %

Line Branch Exec Source
1
/* $OpenBSD: s_server.c,v 1.24 2015/12/23 20:43:42 mmcc Exp $ */
2
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3
 * All rights reserved.
4
 *
5
 * This package is an SSL implementation written
6
 * by Eric Young (eay@cryptsoft.com).
7
 * The implementation was written so as to conform with Netscapes SSL.
8
 *
9
 * This library is free for commercial and non-commercial use as long as
10
 * the following conditions are aheared to.  The following conditions
11
 * apply to all code found in this distribution, be it the RC4, RSA,
12
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13
 * included with this distribution is covered by the same copyright terms
14
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15
 *
16
 * Copyright remains Eric Young's, and as such any Copyright notices in
17
 * the code are not to be removed.
18
 * If this package is used in a product, Eric Young should be given attribution
19
 * as the author of the parts of the library used.
20
 * This can be in the form of a textual message at program startup or
21
 * in documentation (online or textual) provided with the package.
22
 *
23
 * Redistribution and use in source and binary forms, with or without
24
 * modification, are permitted provided that the following conditions
25
 * are met:
26
 * 1. Redistributions of source code must retain the copyright
27
 *    notice, this list of conditions and the following disclaimer.
28
 * 2. Redistributions in binary form must reproduce the above copyright
29
 *    notice, this list of conditions and the following disclaimer in the
30
 *    documentation and/or other materials provided with the distribution.
31
 * 3. All advertising materials mentioning features or use of this software
32
 *    must display the following acknowledgement:
33
 *    "This product includes cryptographic software written by
34
 *     Eric Young (eay@cryptsoft.com)"
35
 *    The word 'cryptographic' can be left out if the rouines from the library
36
 *    being used are not cryptographic related :-).
37
 * 4. If you include any Windows specific code (or a derivative thereof) from
38
 *    the apps directory (application code) you must include an acknowledgement:
39
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40
 *
41
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51
 * SUCH DAMAGE.
52
 *
53
 * The licence and distribution terms for any publically available version or
54
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
55
 * copied and put under another distribution licence
56
 * [including the GNU Public Licence.]
57
 */
58
/* ====================================================================
59
 * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
60
 *
61
 * Redistribution and use in source and binary forms, with or without
62
 * modification, are permitted provided that the following conditions
63
 * are met:
64
 *
65
 * 1. Redistributions of source code must retain the above copyright
66
 *    notice, this list of conditions and the following disclaimer.
67
 *
68
 * 2. Redistributions in binary form must reproduce the above copyright
69
 *    notice, this list of conditions and the following disclaimer in
70
 *    the documentation and/or other materials provided with the
71
 *    distribution.
72
 *
73
 * 3. All advertising materials mentioning features or use of this
74
 *    software must display the following acknowledgment:
75
 *    "This product includes software developed by the OpenSSL Project
76
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77
 *
78
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79
 *    endorse or promote products derived from this software without
80
 *    prior written permission. For written permission, please contact
81
 *    openssl-core@openssl.org.
82
 *
83
 * 5. Products derived from this software may not be called "OpenSSL"
84
 *    nor may "OpenSSL" appear in their names without prior written
85
 *    permission of the OpenSSL Project.
86
 *
87
 * 6. Redistributions of any form whatsoever must retain the following
88
 *    acknowledgment:
89
 *    "This product includes software developed by the OpenSSL Project
90
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91
 *
92
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103
 * OF THE POSSIBILITY OF SUCH DAMAGE.
104
 * ====================================================================
105
 *
106
 * This product includes cryptographic software written by Eric Young
107
 * (eay@cryptsoft.com).  This product includes software written by Tim
108
 * Hudson (tjh@cryptsoft.com).
109
 *
110
 */
111
/* ====================================================================
112
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113
 * ECC cipher suite support in OpenSSL originally developed by
114
 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115
 */
116
/* ====================================================================
117
 * Copyright 2005 Nokia. All rights reserved.
118
 *
119
 * The portions of the attached software ("Contribution") is developed by
120
 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121
 * license.
122
 *
123
 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124
 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125
 * support (see RFC 4279) to OpenSSL.
126
 *
127
 * No patent licenses or other rights except those expressly stated in
128
 * the OpenSSL open source license shall be deemed granted or received
129
 * expressly, by implication, estoppel, or otherwise.
130
 *
131
 * No assurances are provided by Nokia that the Contribution does not
132
 * infringe the patent or other intellectual property rights of any third
133
 * party or that the license provides you with all the necessary rights
134
 * to make use of the Contribution.
135
 *
136
 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137
 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138
 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139
 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140
 * OTHERWISE.
141
 */
142
143
/* Until the key-gen callbacks are modified to use newer prototypes, we allow
144
 * deprecated functions for openssl-internal code */
145
#ifdef OPENSSL_NO_DEPRECATED
146
#undef OPENSSL_NO_DEPRECATED
147
#endif
148
149
#include <sys/types.h>
150
#include <sys/socket.h>
151
152
#include <assert.h>
153
#include <ctype.h>
154
#include <stdio.h>
155
#include <stdlib.h>
156
#include <limits.h>
157
#include <string.h>
158
#include <unistd.h>
159
#include <poll.h>
160
161
#include "apps.h"
162
163
#include <openssl/bn.h>
164
#include <openssl/err.h>
165
#include <openssl/lhash.h>
166
#include <openssl/ocsp.h>
167
#include <openssl/pem.h>
168
#include <openssl/ssl.h>
169
#include <openssl/x509.h>
170
171
#ifndef OPENSSL_NO_DH
172
#include <openssl/dh.h>
173
#endif
174
175
#include <openssl/rsa.h>
176
177
#include "s_apps.h"
178
#include "timeouts.h"
179
180
static int sv_body(char *hostname, int s, unsigned char *context);
181
static int www_body(char *hostname, int s, unsigned char *context);
182
static void close_accept_socket(void);
183
static void sv_usage(void);
184
static int init_ssl_connection(SSL * s);
185
static void print_stats(BIO * bp, SSL_CTX * ctx);
186
static int
187
generate_session_id(const SSL * ssl, unsigned char *id,
188
    unsigned int *id_len);
189
#ifndef OPENSSL_NO_DH
190
static DH *load_dh_param(const char *dhfile);
191
#endif
192
193
static void s_server_init(void);
194
195
/* static int load_CA(SSL_CTX *ctx, char *file);*/
196
197
#define BUFSIZZ	16*1024
198
static int bufsize = BUFSIZZ;
199
static int accept_socket = -1;
200
201
#define TEST_CERT	"server.pem"
202
#define TEST_CERT2	"server2.pem"
203
204
static char *cipher = NULL;
205
static int s_server_verify = SSL_VERIFY_NONE;
206
static int s_server_session_id_context = 1;	/* anything will do */
207
static const char *s_cert_file = TEST_CERT, *s_key_file = NULL;
208
static const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL;
209
static char *s_dcert_file = NULL, *s_dkey_file = NULL;
210
static int s_nbio = 0;
211
static int s_nbio_test = 0;
212
int s_crlf = 0;
213
static SSL_CTX *ctx = NULL;
214
static SSL_CTX *ctx2 = NULL;
215
static int www = 0;
216
217
static BIO *bio_s_out = NULL;
218
static int s_debug = 0;
219
static int s_tlsextdebug = 0;
220
static int s_tlsextstatus = 0;
221
static int cert_status_cb(SSL * s, void *arg);
222
static int s_msg = 0;
223
static int s_quiet = 0;
224
225
static char *keymatexportlabel = NULL;
226
static int keymatexportlen = 20;
227
228
static const char *session_id_prefix = NULL;
229
230
static int enable_timeouts = 0;
231
static long socket_mtu;
232
#ifndef OPENSSL_NO_DTLS1
233
static int cert_chain = 0;
234
#endif
235
236
237
238
239
static void
240
s_server_init(void)
241
{
242
	accept_socket = -1;
243
	cipher = NULL;
244
	s_server_verify = SSL_VERIFY_NONE;
245
	s_dcert_file = NULL;
246
	s_dkey_file = NULL;
247
	s_cert_file = TEST_CERT;
248
	s_key_file = NULL;
249
	s_cert_file2 = TEST_CERT2;
250
	s_key_file2 = NULL;
251
	ctx2 = NULL;
252
	s_nbio = 0;
253
	s_nbio_test = 0;
254
	ctx = NULL;
255
	www = 0;
256
257
	bio_s_out = NULL;
258
	s_debug = 0;
259
	s_msg = 0;
260
	s_quiet = 0;
261
}
262
263
static void
264
sv_usage(void)
265
{
266
	BIO_printf(bio_err, "usage: s_server [args ...]\n");
267
	BIO_printf(bio_err, "\n");
268
	BIO_printf(bio_err, " -accept arg   - port to accept on (default is %d)\n", PORT);
269
	BIO_printf(bio_err, " -context arg  - set session ID context\n");
270
	BIO_printf(bio_err, " -verify arg   - turn on peer certificate verification\n");
271
	BIO_printf(bio_err, " -Verify arg   - turn on peer certificate verification, must have a cert.\n");
272
	BIO_printf(bio_err, " -cert arg     - certificate file to use\n");
273
	BIO_printf(bio_err, "                 (default is %s)\n", TEST_CERT);
274
	BIO_printf(bio_err, " -crl_check    - check the peer certificate has not been revoked by its CA.\n" \
275
	    "                 The CRL(s) are appended to the certificate file\n");
276
	BIO_printf(bio_err, " -crl_check_all - check the peer certificate has not been revoked by its CA\n" \
277
	    "                 or any other CRL in the CA chain. CRL(s) are appended to the\n" \
278
	    "                 the certificate file.\n");
279
	BIO_printf(bio_err, " -certform arg - certificate format (PEM or DER) PEM default\n");
280
	BIO_printf(bio_err, " -key arg      - Private Key file to use, in cert file if\n");
281
	BIO_printf(bio_err, "                 not specified (default is %s)\n", TEST_CERT);
282
	BIO_printf(bio_err, " -keyform arg  - key format (PEM or DER) PEM default\n");
283
	BIO_printf(bio_err, " -pass arg     - private key file pass phrase source\n");
284
	BIO_printf(bio_err, " -dcert arg    - second certificate file to use (usually for DSA)\n");
285
	BIO_printf(bio_err, " -dcertform x  - second certificate format (PEM or DER) PEM default\n");
286
	BIO_printf(bio_err, " -dkey arg     - second private key file to use (usually for DSA)\n");
287
	BIO_printf(bio_err, " -dkeyform arg - second key format (PEM or DER) PEM default\n");
288
	BIO_printf(bio_err, " -dpass arg    - second private key file pass phrase source\n");
289
	BIO_printf(bio_err, " -dhparam arg  - DH parameter file to use, in cert file if not specified\n");
290
	BIO_printf(bio_err, "                 or a default set of parameters is used\n");
291
	BIO_printf(bio_err, " -named_curve arg  - Elliptic curve name to use for ephemeral ECDH keys.\n" \
292
	    "                 Use \"openssl ecparam -list_curves\" for all names\n" \
293
	    "                 (default is nistp256).\n");
294
	BIO_printf(bio_err, " -nbio         - Run with non-blocking IO\n");
295
	BIO_printf(bio_err, " -nbio_test    - test with the non-blocking test bio\n");
296
	BIO_printf(bio_err, " -crlf         - convert LF from terminal into CRLF\n");
297
	BIO_printf(bio_err, " -debug        - Print more output\n");
298
	BIO_printf(bio_err, " -msg          - Show protocol messages\n");
299
	BIO_printf(bio_err, " -state        - Print the SSL states\n");
300
	BIO_printf(bio_err, " -CApath arg   - PEM format directory of CA's\n");
301
	BIO_printf(bio_err, " -CAfile arg   - PEM format file of CA's\n");
302
	BIO_printf(bio_err, " -nocert       - Don't use any certificates (Anon-DH)\n");
303
	BIO_printf(bio_err, " -cipher arg   - play with 'openssl ciphers' to see what goes here\n");
304
	BIO_printf(bio_err, " -serverpref   - Use server's cipher preferences\n");
305
	BIO_printf(bio_err, " -quiet        - Inhibit printing of session and certificate information\n");
306
	BIO_printf(bio_err, " -tls1_2       - Just talk TLSv1.2\n");
307
	BIO_printf(bio_err, " -tls1_1       - Just talk TLSv1.1\n");
308
	BIO_printf(bio_err, " -tls1         - Just talk TLSv1\n");
309
	BIO_printf(bio_err, " -dtls1        - Just talk DTLSv1\n");
310
	BIO_printf(bio_err, " -timeout      - Enable timeouts\n");
311
	BIO_printf(bio_err, " -mtu          - Set link layer MTU\n");
312
	BIO_printf(bio_err, " -chain        - Read a certificate chain\n");
313
	BIO_printf(bio_err, " -no_ssl2      - Just disable SSLv2\n");
314
	BIO_printf(bio_err, " -no_ssl3      - Just disable SSLv3\n");
315
	BIO_printf(bio_err, " -no_tls1      - Just disable TLSv1\n");
316
	BIO_printf(bio_err, " -no_tls1_1    - Just disable TLSv1.1\n");
317
	BIO_printf(bio_err, " -no_tls1_2    - Just disable TLSv1.2\n");
318
#ifndef OPENSSL_NO_DH
319
	BIO_printf(bio_err, " -no_dhe       - Disable ephemeral DH\n");
320
#endif
321
	BIO_printf(bio_err, " -no_ecdhe     - Disable ephemeral ECDH\n");
322
	BIO_printf(bio_err, " -bugs         - Turn on SSL bug compatibility\n");
323
	BIO_printf(bio_err, " -www          - Respond to a 'GET /' with a status page\n");
324
	BIO_printf(bio_err, " -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
325
	BIO_printf(bio_err, " -HTTP         - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
326
	BIO_printf(bio_err, "                 with the assumption it contains a complete HTTP response.\n");
327
	BIO_printf(bio_err, " -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
328
	BIO_printf(bio_err, " -servername host - servername for HostName TLS extension\n");
329
	BIO_printf(bio_err, " -servername_fatal - on mismatch send fatal alert (default warning alert)\n");
330
	BIO_printf(bio_err, " -cert2 arg    - certificate file to use for servername\n");
331
	BIO_printf(bio_err, "                 (default is %s)\n", TEST_CERT2);
332
	BIO_printf(bio_err, " -key2 arg     - Private Key file to use for servername, in cert file if\n");
333
	BIO_printf(bio_err, "                 not specified (default is %s)\n", TEST_CERT2);
334
	BIO_printf(bio_err, " -tlsextdebug  - hex dump of all TLS extensions received\n");
335
	BIO_printf(bio_err, " -no_ticket    - disable use of RFC4507bis session tickets\n");
336
	BIO_printf(bio_err, " -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n");
337
	BIO_printf(bio_err," -alpn arg  - set the advertised protocols for the ALPN extension (comma-separated list)\n");
338
#ifndef OPENSSL_NO_SRTP
339
	BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
340
#endif
341
	BIO_printf(bio_err, " -keymatexport label   - Export keying material using label\n");
342
	BIO_printf(bio_err, " -keymatexportlen len  - Export len bytes of keying material (default 20)\n");
343
}
344
345
static int local_argc = 0;
346
static char **local_argv;
347
348
349
/* This is a context that we pass to callbacks */
350
typedef struct tlsextctx_st {
351
	char *servername;
352
	BIO *biodebug;
353
	int extension_error;
354
} tlsextctx;
355
356
357
static int
358
ssl_servername_cb(SSL * s, int *ad, void *arg)
359
{
360
	tlsextctx *p = (tlsextctx *) arg;
361
	const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
362
	if (servername && p->biodebug)
363
		BIO_printf(p->biodebug, "Hostname in TLS extension: \"%s\"\n", servername);
364
365
	if (!p->servername)
366
		return SSL_TLSEXT_ERR_NOACK;
367
368
	if (servername) {
369
		if (strcmp(servername, p->servername))
370
			return p->extension_error;
371
		if (ctx2) {
372
			BIO_printf(p->biodebug, "Switching server context.\n");
373
			SSL_set_SSL_CTX(s, ctx2);
374
		}
375
	}
376
	return SSL_TLSEXT_ERR_OK;
377
}
378
379
/* Structure passed to cert status callback */
380
381
typedef struct tlsextstatusctx_st {
382
	/* Default responder to use */
383
	char *host, *path, *port;
384
	int use_ssl;
385
	int timeout;
386
	BIO *err;
387
	int verbose;
388
} tlsextstatusctx;
389
390
static tlsextstatusctx tlscstatp = {NULL, NULL, NULL, 0, -1, NULL, 0};
391
392
/* Certificate Status callback. This is called when a client includes a
393
 * certificate status request extension.
394
 *
395
 * This is a simplified version. It examines certificates each time and
396
 * makes one OCSP responder query for each request.
397
 *
398
 * A full version would store details such as the OCSP certificate IDs and
399
 * minimise the number of OCSP responses by caching them until they were
400
 * considered "expired".
401
 */
402
403
static int
404
cert_status_cb(SSL * s, void *arg)
405
{
406
	tlsextstatusctx *srctx = arg;
407
	BIO *err = srctx->err;
408
	char *host, *port, *path;
409
	int use_ssl;
410
	unsigned char *rspder = NULL;
411
	int rspderlen;
412
	STACK_OF(OPENSSL_STRING) * aia = NULL;
413
	X509 *x = NULL;
414
	X509_STORE_CTX inctx;
415
	X509_OBJECT obj;
416
	OCSP_REQUEST *req = NULL;
417
	OCSP_RESPONSE *resp = NULL;
418
	OCSP_CERTID *id = NULL;
419
	STACK_OF(X509_EXTENSION) * exts;
420
	int ret = SSL_TLSEXT_ERR_NOACK;
421
	int i;
422
423
	if (srctx->verbose)
424
		BIO_puts(err, "cert_status: callback called\n");
425
	/* Build up OCSP query from server certificate */
426
	x = SSL_get_certificate(s);
427
	aia = X509_get1_ocsp(x);
428
	if (aia) {
429
		if (!OCSP_parse_url(sk_OPENSSL_STRING_value(aia, 0),
430
			&host, &port, &path, &use_ssl)) {
431
			BIO_puts(err, "cert_status: can't parse AIA URL\n");
432
			goto err;
433
		}
434
		if (srctx->verbose)
435
			BIO_printf(err, "cert_status: AIA URL: %s\n",
436
			    sk_OPENSSL_STRING_value(aia, 0));
437
	} else {
438
		if (!srctx->host) {
439
			BIO_puts(srctx->err, "cert_status: no AIA and no default responder URL\n");
440
			goto done;
441
		}
442
		host = srctx->host;
443
		path = srctx->path;
444
		port = srctx->port;
445
		use_ssl = srctx->use_ssl;
446
	}
447
448
	if (!X509_STORE_CTX_init(&inctx,
449
		SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)),
450
		NULL, NULL))
451
		goto err;
452
	if (X509_STORE_get_by_subject(&inctx, X509_LU_X509,
453
		X509_get_issuer_name(x), &obj) <= 0) {
454
		BIO_puts(err, "cert_status: Can't retrieve issuer certificate.\n");
455
		X509_STORE_CTX_cleanup(&inctx);
456
		goto done;
457
	}
458
	req = OCSP_REQUEST_new();
459
	if (!req)
460
		goto err;
461
	id = OCSP_cert_to_id(NULL, x, obj.data.x509);
462
	X509_free(obj.data.x509);
463
	X509_STORE_CTX_cleanup(&inctx);
464
	if (!id)
465
		goto err;
466
	if (!OCSP_request_add0_id(req, id))
467
		goto err;
468
	id = NULL;
469
	/* Add any extensions to the request */
470
	SSL_get_tlsext_status_exts(s, &exts);
471
	for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
472
		X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
473
		if (!OCSP_REQUEST_add_ext(req, ext, -1))
474
			goto err;
475
	}
476
	resp = process_responder(err, req, host, path, port, use_ssl, NULL,
477
	    srctx->timeout);
478
	if (!resp) {
479
		BIO_puts(err, "cert_status: error querying responder\n");
480
		goto done;
481
	}
482
	rspderlen = i2d_OCSP_RESPONSE(resp, &rspder);
483
	if (rspderlen <= 0)
484
		goto err;
485
	SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen);
486
	if (srctx->verbose) {
487
		BIO_puts(err, "cert_status: ocsp response sent:\n");
488
		OCSP_RESPONSE_print(err, resp, 2);
489
	}
490
	ret = SSL_TLSEXT_ERR_OK;
491
done:
492
	if (ret != SSL_TLSEXT_ERR_OK)
493
		ERR_print_errors(err);
494
	if (aia) {
495
		free(host);
496
		free(path);
497
		free(port);
498
		X509_email_free(aia);
499
	}
500
	if (id)
501
		OCSP_CERTID_free(id);
502
	if (req)
503
		OCSP_REQUEST_free(req);
504
	if (resp)
505
		OCSP_RESPONSE_free(resp);
506
	return ret;
507
err:
508
	ret = SSL_TLSEXT_ERR_ALERT_FATAL;
509
	goto done;
510
}
511
512
/* This is the context that we pass to next_proto_cb */
513
typedef struct tlsextnextprotoctx_st {
514
	unsigned char *data;
515
	unsigned int len;
516
} tlsextnextprotoctx;
517
518
static int
519
next_proto_cb(SSL * s, const unsigned char **data, unsigned int *len, void *arg)
520
{
521
	tlsextnextprotoctx *next_proto = arg;
522
523
	*data = next_proto->data;
524
	*len = next_proto->len;
525
526
	return SSL_TLSEXT_ERR_OK;
527
}
528
529
530
/* This the context that we pass to alpn_cb */
531
typedef struct tlsextalpnctx_st {
532
	unsigned char *data;
533
	unsigned short len;
534
} tlsextalpnctx;
535
536
static int
537
alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen,
538
    const unsigned char *in, unsigned int inlen, void *arg)
539
{
540
	tlsextalpnctx *alpn_ctx = arg;
541
542
	if (!s_quiet) {
543
		/* We can assume that in is syntactically valid. */
544
		unsigned i;
545
546
		BIO_printf(bio_s_out,
547
		    "ALPN protocols advertised by the client: ");
548
		for (i = 0; i < inlen; ) {
549
			if (i)
550
				BIO_write(bio_s_out, ", ", 2);
551
			BIO_write(bio_s_out, &in[i + 1], in[i]);
552
			i += in[i] + 1;
553
		}
554
		BIO_write(bio_s_out, "\n", 1);
555
	}
556
557
	if (SSL_select_next_proto((unsigned char**)out, outlen, alpn_ctx->data,
558
	    alpn_ctx->len, in, inlen) != OPENSSL_NPN_NEGOTIATED)
559
		return (SSL_TLSEXT_ERR_NOACK);
560
561
	if (!s_quiet) {
562
		BIO_printf(bio_s_out, "ALPN protocols selected: ");
563
		BIO_write(bio_s_out, *out, *outlen);
564
		BIO_write(bio_s_out, "\n", 1);
565
	}
566
567
	return (SSL_TLSEXT_ERR_OK);
568
}
569
570
#ifndef OPENSSL_NO_SRTP
571
static char *srtp_profiles = NULL;
572
#endif
573
574
int
575
s_server_main(int argc, char *argv[])
576
{
577
	X509_VERIFY_PARAM *vpm = NULL;
578
	int badarg = 0;
579
	short port = PORT;
580
	char *CApath = NULL, *CAfile = NULL;
581
	unsigned char *context = NULL;
582
	char *dhfile = NULL;
583
	char *named_curve = NULL;
584
	int badop = 0, bugs = 0;
585
	int ret = 1;
586
	int off = 0;
587
	int no_dhe = 0, no_ecdhe = 0, nocert = 0;
588
	int state = 0;
589
	const SSL_METHOD *meth = NULL;
590
	int socket_type = SOCK_STREAM;
591
	int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
592
	char *passarg = NULL, *pass = NULL;
593
	char *dpassarg = NULL, *dpass = NULL;
594
	int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
595
	X509 *s_cert = NULL, *s_dcert = NULL;
596
	EVP_PKEY *s_key = NULL, *s_dkey = NULL;
597
	int no_cache = 0;
598
	const char *errstr = NULL;
599
	EVP_PKEY *s_key2 = NULL;
600
	X509 *s_cert2 = NULL;
601
	tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
602
	const char *next_proto_neg_in = NULL;
603
	tlsextnextprotoctx next_proto = { NULL, 0 };
604
	const char *alpn_in = NULL;
605
	tlsextalpnctx alpn_ctx = { NULL, 0 };
606
607
	if (single_execution) {
608
		if (pledge("stdio inet dns rpath tty wpath cpath", NULL) == -1) {
609
			perror("pledge");
610
			exit(1);
611
		}
612
	}
613
614
	meth = SSLv23_server_method();
615
616
	local_argc = argc;
617
	local_argv = argv;
618
619
	s_server_init();
620
621
	verify_depth = 0;
622
	s_nbio = 0;
623
	s_nbio_test = 0;
624
625
	argc--;
626
	argv++;
627
628
	while (argc >= 1) {
629
		if ((strcmp(*argv, "-port") == 0) ||
630
		    (strcmp(*argv, "-accept") == 0)) {
631
			if (--argc < 1)
632
				goto bad;
633
			if (!extract_port(*(++argv), &port))
634
				goto bad;
635
		} else if (strcmp(*argv, "-verify") == 0) {
636
			s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
637
			if (--argc < 1)
638
				goto bad;
639
			verify_depth = strtonum(*(++argv), 0, INT_MAX, &errstr);
640
			if (errstr)
641
				goto bad;
642
			BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
643
		} else if (strcmp(*argv, "-Verify") == 0) {
644
			s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
645
			    SSL_VERIFY_CLIENT_ONCE;
646
			if (--argc < 1)
647
				goto bad;
648
			verify_depth = strtonum(*(++argv), 0, INT_MAX, &errstr);
649
			if (errstr)
650
				goto bad;
651
			BIO_printf(bio_err, "verify depth is %d, must return a certificate\n", verify_depth);
652
		} else if (strcmp(*argv, "-context") == 0) {
653
			if (--argc < 1)
654
				goto bad;
655
			context = (unsigned char *) *(++argv);
656
		} else if (strcmp(*argv, "-cert") == 0) {
657
			if (--argc < 1)
658
				goto bad;
659
			s_cert_file = *(++argv);
660
		} else if (strcmp(*argv, "-certform") == 0) {
661
			if (--argc < 1)
662
				goto bad;
663
			s_cert_format = str2fmt(*(++argv));
664
		} else if (strcmp(*argv, "-key") == 0) {
665
			if (--argc < 1)
666
				goto bad;
667
			s_key_file = *(++argv);
668
		} else if (strcmp(*argv, "-keyform") == 0) {
669
			if (--argc < 1)
670
				goto bad;
671
			s_key_format = str2fmt(*(++argv));
672
		} else if (strcmp(*argv, "-pass") == 0) {
673
			if (--argc < 1)
674
				goto bad;
675
			passarg = *(++argv);
676
		} else if (strcmp(*argv, "-dhparam") == 0) {
677
			if (--argc < 1)
678
				goto bad;
679
			dhfile = *(++argv);
680
		}
681
		else if (strcmp(*argv, "-named_curve") == 0) {
682
			if (--argc < 1)
683
				goto bad;
684
			named_curve = *(++argv);
685
		}
686
		else if (strcmp(*argv, "-dcertform") == 0) {
687
			if (--argc < 1)
688
				goto bad;
689
			s_dcert_format = str2fmt(*(++argv));
690
		} else if (strcmp(*argv, "-dcert") == 0) {
691
			if (--argc < 1)
692
				goto bad;
693
			s_dcert_file = *(++argv);
694
		} else if (strcmp(*argv, "-dkeyform") == 0) {
695
			if (--argc < 1)
696
				goto bad;
697
			s_dkey_format = str2fmt(*(++argv));
698
		} else if (strcmp(*argv, "-dpass") == 0) {
699
			if (--argc < 1)
700
				goto bad;
701
			dpassarg = *(++argv);
702
		} else if (strcmp(*argv, "-dkey") == 0) {
703
			if (--argc < 1)
704
				goto bad;
705
			s_dkey_file = *(++argv);
706
		} else if (strcmp(*argv, "-nocert") == 0) {
707
			nocert = 1;
708
		} else if (strcmp(*argv, "-CApath") == 0) {
709
			if (--argc < 1)
710
				goto bad;
711
			CApath = *(++argv);
712
		} else if (strcmp(*argv, "-no_cache") == 0)
713
			no_cache = 1;
714
		else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) {
715
			if (badarg)
716
				goto bad;
717
			continue;
718
		} else if (strcmp(*argv, "-verify_return_error") == 0)
719
			verify_return_error = 1;
720
		else if (strcmp(*argv, "-serverpref") == 0) {
721
			off |= SSL_OP_CIPHER_SERVER_PREFERENCE;
722
		} else if (strcmp(*argv, "-legacy_renegotiation") == 0)
723
			; /* no-op */
724
		else if (strcmp(*argv, "-cipher") == 0) {
725
			if (--argc < 1)
726
				goto bad;
727
			cipher = *(++argv);
728
		} else if (strcmp(*argv, "-CAfile") == 0) {
729
			if (--argc < 1)
730
				goto bad;
731
			CAfile = *(++argv);
732
		}
733
		else if (strcmp(*argv, "-nbio") == 0) {
734
			s_nbio = 1;
735
		}
736
		else if (strcmp(*argv, "-nbio_test") == 0) {
737
			s_nbio = 1;
738
			s_nbio_test = 1;
739
		} else if (strcmp(*argv, "-debug") == 0) {
740
			s_debug = 1;
741
		}
742
		else if (strcmp(*argv, "-tlsextdebug") == 0)
743
			s_tlsextdebug = 1;
744
		else if (strcmp(*argv, "-status") == 0)
745
			s_tlsextstatus = 1;
746
		else if (strcmp(*argv, "-status_verbose") == 0) {
747
			s_tlsextstatus = 1;
748
			tlscstatp.verbose = 1;
749
		} else if (!strcmp(*argv, "-status_timeout")) {
750
			s_tlsextstatus = 1;
751
			if (--argc < 1)
752
				goto bad;
753
			tlscstatp.timeout = strtonum(*(++argv), 0, INT_MAX, &errstr);
754
			if (errstr)
755
				goto bad;
756
		} else if (!strcmp(*argv, "-status_url")) {
757
			s_tlsextstatus = 1;
758
			if (--argc < 1)
759
				goto bad;
760
			if (!OCSP_parse_url(*(++argv),
761
				&tlscstatp.host,
762
				&tlscstatp.port,
763
				&tlscstatp.path,
764
				&tlscstatp.use_ssl)) {
765
				BIO_printf(bio_err, "Error parsing URL\n");
766
				goto bad;
767
			}
768
		}
769
		else if (strcmp(*argv, "-msg") == 0) {
770
			s_msg = 1;
771
		} else if (strcmp(*argv, "-state") == 0) {
772
			state = 1;
773
		} else if (strcmp(*argv, "-crlf") == 0) {
774
			s_crlf = 1;
775
		} else if (strcmp(*argv, "-quiet") == 0) {
776
			s_quiet = 1;
777
		} else if (strcmp(*argv, "-bugs") == 0) {
778
			bugs = 1;
779
		} else if (strcmp(*argv, "-no_tmp_rsa") == 0) {
780
			/* No-op. */
781
		} else if (strcmp(*argv, "-no_dhe") == 0) {
782
			no_dhe = 1;
783
		} else if (strcmp(*argv, "-no_ecdhe") == 0) {
784
			no_ecdhe = 1;
785
		} else if (strcmp(*argv, "-www") == 0) {
786
			www = 1;
787
		} else if (strcmp(*argv, "-WWW") == 0) {
788
			www = 2;
789
		} else if (strcmp(*argv, "-HTTP") == 0) {
790
			www = 3;
791
		} else if (strcmp(*argv, "-no_ssl2") == 0) {
792
			off |= SSL_OP_NO_SSLv2;
793
		} else if (strcmp(*argv, "-no_ssl3") == 0) {
794
			off |= SSL_OP_NO_SSLv3;
795
		} else if (strcmp(*argv, "-no_tls1") == 0) {
796
			off |= SSL_OP_NO_TLSv1;
797
		} else if (strcmp(*argv, "-no_tls1_1") == 0) {
798
			off |= SSL_OP_NO_TLSv1_1;
799
		} else if (strcmp(*argv, "-no_tls1_2") == 0) {
800
			off |= SSL_OP_NO_TLSv1_2;
801
		} else if (strcmp(*argv, "-no_comp") == 0) {
802
			off |= SSL_OP_NO_COMPRESSION;
803
		} else if (strcmp(*argv, "-no_ticket") == 0) {
804
			off |= SSL_OP_NO_TICKET;
805
		} else if (strcmp(*argv, "-tls1") == 0) {
806
			meth = TLSv1_server_method();
807
		} else if (strcmp(*argv, "-tls1_1") == 0) {
808
			meth = TLSv1_1_server_method();
809
		} else if (strcmp(*argv, "-tls1_2") == 0) {
810
			meth = TLSv1_2_server_method();
811
		}
812
#ifndef OPENSSL_NO_DTLS1
813
		else if (strcmp(*argv, "-dtls1") == 0) {
814
			meth = DTLSv1_server_method();
815
			socket_type = SOCK_DGRAM;
816
		} else if (strcmp(*argv, "-timeout") == 0)
817
			enable_timeouts = 1;
818
		else if (strcmp(*argv, "-mtu") == 0) {
819
			if (--argc < 1)
820
				goto bad;
821
			socket_mtu = strtonum(*(++argv), 0, LONG_MAX, &errstr);
822
			if (errstr)
823
				goto bad;
824
		} else if (strcmp(*argv, "-chain") == 0)
825
			cert_chain = 1;
826
#endif
827
		else if (strcmp(*argv, "-id_prefix") == 0) {
828
			if (--argc < 1)
829
				goto bad;
830
			session_id_prefix = *(++argv);
831
		}
832
		else if (strcmp(*argv, "-servername") == 0) {
833
			if (--argc < 1)
834
				goto bad;
835
			tlsextcbp.servername = *(++argv);
836
		} else if (strcmp(*argv, "-servername_fatal") == 0) {
837
			tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_FATAL;
838
		} else if (strcmp(*argv, "-cert2") == 0) {
839
			if (--argc < 1)
840
				goto bad;
841
			s_cert_file2 = *(++argv);
842
		} else if (strcmp(*argv, "-key2") == 0) {
843
			if (--argc < 1)
844
				goto bad;
845
			s_key_file2 = *(++argv);
846
		}
847
		else if (strcmp(*argv, "-nextprotoneg") == 0) {
848
			if (--argc < 1)
849
				goto bad;
850
			next_proto_neg_in = *(++argv);
851
		}
852
		else if	(strcmp(*argv,"-alpn") == 0) {
853
			if (--argc < 1)
854
				goto bad;
855
			alpn_in = *(++argv);
856
		}
857
#ifndef OPENSSL_NO_SRTP
858
		else if (strcmp(*argv, "-use_srtp") == 0) {
859
			if (--argc < 1)
860
				goto bad;
861
			srtp_profiles = *(++argv);
862
		}
863
#endif
864
		else if (strcmp(*argv, "-keymatexport") == 0) {
865
			if (--argc < 1)
866
				goto bad;
867
			keymatexportlabel = *(++argv);
868
		} else if (strcmp(*argv, "-keymatexportlen") == 0) {
869
			if (--argc < 1)
870
				goto bad;
871
			keymatexportlen = strtonum(*(++argv), 1, INT_MAX, &errstr);
872
			if (errstr)
873
				goto bad;
874
		} else {
875
			BIO_printf(bio_err, "unknown option %s\n", *argv);
876
			badop = 1;
877
			break;
878
		}
879
		argc--;
880
		argv++;
881
	}
882
	if (badop) {
883
bad:
884
		if (errstr)
885
			BIO_printf(bio_err, "invalid argument %s: %s\n",
886
			    *argv, errstr);
887
		else
888
			sv_usage();
889
		goto end;
890
	}
891
892
	if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass)) {
893
		BIO_printf(bio_err, "Error getting password\n");
894
		goto end;
895
	}
896
	if (s_key_file == NULL)
897
		s_key_file = s_cert_file;
898
	if (s_key_file2 == NULL)
899
		s_key_file2 = s_cert_file2;
900
901
	if (nocert == 0) {
902
		s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass,
903
		    "server certificate private key file");
904
		if (!s_key) {
905
			ERR_print_errors(bio_err);
906
			goto end;
907
		}
908
		s_cert = load_cert(bio_err, s_cert_file, s_cert_format,
909
		    NULL, "server certificate file");
910
911
		if (!s_cert) {
912
			ERR_print_errors(bio_err);
913
			goto end;
914
		}
915
		if (tlsextcbp.servername) {
916
			s_key2 = load_key(bio_err, s_key_file2, s_key_format, 0, pass,
917
			    "second server certificate private key file");
918
			if (!s_key2) {
919
				ERR_print_errors(bio_err);
920
				goto end;
921
			}
922
			s_cert2 = load_cert(bio_err, s_cert_file2, s_cert_format,
923
			    NULL, "second server certificate file");
924
925
			if (!s_cert2) {
926
				ERR_print_errors(bio_err);
927
				goto end;
928
			}
929
		}
930
	}
931
	if (next_proto_neg_in) {
932
		unsigned short len;
933
		next_proto.data = next_protos_parse(&len, next_proto_neg_in);
934
		if (next_proto.data == NULL)
935
			goto end;
936
		next_proto.len = len;
937
	} else {
938
		next_proto.data = NULL;
939
	}
940
	alpn_ctx.data = NULL;
941
	if (alpn_in) {
942
		unsigned short len;
943
		alpn_ctx.data = next_protos_parse(&len, alpn_in);
944
		if (alpn_ctx.data == NULL)
945
			goto end;
946
		alpn_ctx.len = len;
947
	}
948
949
	if (s_dcert_file) {
950
951
		if (s_dkey_file == NULL)
952
			s_dkey_file = s_dcert_file;
953
954
		s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format,
955
		    0, dpass, "second certificate private key file");
956
		if (!s_dkey) {
957
			ERR_print_errors(bio_err);
958
			goto end;
959
		}
960
		s_dcert = load_cert(bio_err, s_dcert_file, s_dcert_format,
961
		    NULL, "second server certificate file");
962
963
		if (!s_dcert) {
964
			ERR_print_errors(bio_err);
965
			goto end;
966
		}
967
	}
968
	if (bio_s_out == NULL) {
969
		if (s_quiet && !s_debug && !s_msg) {
970
			bio_s_out = BIO_new(BIO_s_null());
971
		} else {
972
			if (bio_s_out == NULL)
973
				bio_s_out = BIO_new_fp(stdout, BIO_NOCLOSE);
974
		}
975
	}
976
	if (nocert) {
977
		s_cert_file = NULL;
978
		s_key_file = NULL;
979
		s_dcert_file = NULL;
980
		s_dkey_file = NULL;
981
		s_cert_file2 = NULL;
982
		s_key_file2 = NULL;
983
	}
984
	ctx = SSL_CTX_new(meth);
985
	if (ctx == NULL) {
986
		ERR_print_errors(bio_err);
987
		goto end;
988
	}
989
	if (session_id_prefix) {
990
		if (strlen(session_id_prefix) >= 32)
991
			BIO_printf(bio_err,
992
			    "warning: id_prefix is too long, only one new session will be possible\n");
993
		else if (strlen(session_id_prefix) >= 16)
994
			BIO_printf(bio_err,
995
			    "warning: id_prefix is too long if you use SSLv2\n");
996
		if (!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) {
997
			BIO_printf(bio_err, "error setting 'id_prefix'\n");
998
			ERR_print_errors(bio_err);
999
			goto end;
1000
		}
1001
		BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
1002
	}
1003
	SSL_CTX_set_quiet_shutdown(ctx, 1);
1004
	if (bugs)
1005
		SSL_CTX_set_options(ctx, SSL_OP_ALL);
1006
	SSL_CTX_set_options(ctx, off);
1007
	/*
1008
	 * DTLS: partial reads end up discarding unread UDP bytes :-( Setting
1009
	 * read ahead solves this problem.
1010
	 */
1011
	if (socket_type == SOCK_DGRAM)
1012
		SSL_CTX_set_read_ahead(ctx, 1);
1013
1014
	if (state)
1015
		SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
1016
	if (no_cache)
1017
		SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
1018
	else
1019
		SSL_CTX_sess_set_cache_size(ctx, 128);
1020
1021
#ifndef OPENSSL_NO_SRTP
1022
	if (srtp_profiles != NULL)
1023
		SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
1024
#endif
1025
1026
1027
	if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
1028
	    (!SSL_CTX_set_default_verify_paths(ctx))) {
1029
		/* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
1030
		ERR_print_errors(bio_err);
1031
		/* goto end; */
1032
	}
1033
	if (vpm)
1034
		SSL_CTX_set1_param(ctx, vpm);
1035
1036
	if (s_cert2) {
1037
		ctx2 = SSL_CTX_new(meth);
1038
		if (ctx2 == NULL) {
1039
			ERR_print_errors(bio_err);
1040
			goto end;
1041
		}
1042
	}
1043
	if (ctx2) {
1044
		BIO_printf(bio_s_out, "Setting secondary ctx parameters\n");
1045
1046
		if (session_id_prefix) {
1047
			if (strlen(session_id_prefix) >= 32)
1048
				BIO_printf(bio_err,
1049
				    "warning: id_prefix is too long, only one new session will be possible\n");
1050
			else if (strlen(session_id_prefix) >= 16)
1051
				BIO_printf(bio_err,
1052
				    "warning: id_prefix is too long if you use SSLv2\n");
1053
			if (!SSL_CTX_set_generate_session_id(ctx2, generate_session_id)) {
1054
				BIO_printf(bio_err, "error setting 'id_prefix'\n");
1055
				ERR_print_errors(bio_err);
1056
				goto end;
1057
			}
1058
			BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
1059
		}
1060
		SSL_CTX_set_quiet_shutdown(ctx2, 1);
1061
		if (bugs)
1062
			SSL_CTX_set_options(ctx2, SSL_OP_ALL);
1063
		SSL_CTX_set_options(ctx2, off);
1064
		/*
1065
		 * DTLS: partial reads end up discarding unread UDP bytes :-(
1066
		 * Setting read ahead solves this problem.
1067
		 */
1068
		if (socket_type == SOCK_DGRAM)
1069
			SSL_CTX_set_read_ahead(ctx2, 1);
1070
1071
		if (state)
1072
			SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback);
1073
1074
		if (no_cache)
1075
			SSL_CTX_set_session_cache_mode(ctx2, SSL_SESS_CACHE_OFF);
1076
		else
1077
			SSL_CTX_sess_set_cache_size(ctx2, 128);
1078
1079
		if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) ||
1080
		    (!SSL_CTX_set_default_verify_paths(ctx2))) {
1081
			ERR_print_errors(bio_err);
1082
		}
1083
		if (vpm)
1084
			SSL_CTX_set1_param(ctx2, vpm);
1085
	}
1086
	if (next_proto.data)
1087
		SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_proto);
1088
	if (alpn_ctx.data)
1089
		SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx);
1090
1091
#ifndef OPENSSL_NO_DH
1092
	if (!no_dhe) {
1093
		DH *dh = NULL;
1094
1095
		if (dhfile)
1096
			dh = load_dh_param(dhfile);
1097
		else if (s_cert_file)
1098
			dh = load_dh_param(s_cert_file);
1099
1100
		if (dh != NULL)
1101
			BIO_printf(bio_s_out, "Setting temp DH parameters\n");
1102
		else
1103
			BIO_printf(bio_s_out, "Using auto DH parameters\n");
1104
		(void) BIO_flush(bio_s_out);
1105
1106
		if (dh == NULL)
1107
			SSL_CTX_set_dh_auto(ctx, 1);
1108
		else if (!SSL_CTX_set_tmp_dh(ctx, dh)) {
1109
			BIO_printf(bio_err,
1110
			    "Error setting temp DH parameters\n");
1111
			ERR_print_errors(bio_err);
1112
			DH_free(dh);
1113
			goto end;
1114
		}
1115
1116
		if (ctx2) {
1117
			if (!dhfile) {
1118
				DH *dh2 = NULL;
1119
1120
				if (s_cert_file2 != NULL)
1121
					dh2 = load_dh_param(s_cert_file2);
1122
				if (dh2 != NULL) {
1123
					BIO_printf(bio_s_out, "Setting temp DH parameters\n");
1124
					(void) BIO_flush(bio_s_out);
1125
1126
					DH_free(dh);
1127
					dh = dh2;
1128
				}
1129
			}
1130
			if (dh == NULL)
1131
				SSL_CTX_set_dh_auto(ctx2, 1);
1132
			else if (!SSL_CTX_set_tmp_dh(ctx2, dh)) {
1133
				BIO_printf(bio_err,
1134
				    "Error setting temp DH parameters\n");
1135
				ERR_print_errors(bio_err);
1136
				DH_free(dh);
1137
				goto end;
1138
			}
1139
		}
1140
		DH_free(dh);
1141
	}
1142
#endif
1143
1144
	if (!no_ecdhe) {
1145
		EC_KEY *ecdh = NULL;
1146
1147
		if (named_curve) {
1148
			int nid = OBJ_sn2nid(named_curve);
1149
1150
			if (nid == 0) {
1151
				BIO_printf(bio_err, "unknown curve name (%s)\n",
1152
				    named_curve);
1153
				goto end;
1154
			}
1155
			ecdh = EC_KEY_new_by_curve_name(nid);
1156
			if (ecdh == NULL) {
1157
				BIO_printf(bio_err, "unable to create curve (%s)\n",
1158
				    named_curve);
1159
				goto end;
1160
			}
1161
		}
1162
		if (ecdh != NULL) {
1163
			BIO_printf(bio_s_out, "Setting temp ECDH parameters\n");
1164
		} else {
1165
			BIO_printf(bio_s_out, "Using default temp ECDH parameters\n");
1166
			ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1167
			if (ecdh == NULL) {
1168
				BIO_printf(bio_err, "unable to create curve (nistp256)\n");
1169
				goto end;
1170
			}
1171
		}
1172
		(void) BIO_flush(bio_s_out);
1173
1174
		SSL_CTX_set_tmp_ecdh(ctx, ecdh);
1175
		if (ctx2)
1176
			SSL_CTX_set_tmp_ecdh(ctx2, ecdh);
1177
		EC_KEY_free(ecdh);
1178
	}
1179
1180
	if (!set_cert_key_stuff(ctx, s_cert, s_key))
1181
		goto end;
1182
	if (ctx2 && !set_cert_key_stuff(ctx2, s_cert2, s_key2))
1183
		goto end;
1184
	if (s_dcert != NULL) {
1185
		if (!set_cert_key_stuff(ctx, s_dcert, s_dkey))
1186
			goto end;
1187
	}
1188
1189
	if (cipher != NULL) {
1190
		if (!SSL_CTX_set_cipher_list(ctx, cipher)) {
1191
			BIO_printf(bio_err, "error setting cipher list\n");
1192
			ERR_print_errors(bio_err);
1193
			goto end;
1194
		}
1195
		if (ctx2 && !SSL_CTX_set_cipher_list(ctx2, cipher)) {
1196
			BIO_printf(bio_err, "error setting cipher list\n");
1197
			ERR_print_errors(bio_err);
1198
			goto end;
1199
		}
1200
	}
1201
	SSL_CTX_set_verify(ctx, s_server_verify, verify_callback);
1202
	SSL_CTX_set_session_id_context(ctx, (void *) &s_server_session_id_context,
1203
	    sizeof s_server_session_id_context);
1204
1205
	/* Set DTLS cookie generation and verification callbacks */
1206
	SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
1207
	SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);
1208
1209
	if (ctx2) {
1210
		SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback);
1211
		SSL_CTX_set_session_id_context(ctx2, (void *) &s_server_session_id_context,
1212
		    sizeof s_server_session_id_context);
1213
1214
		tlsextcbp.biodebug = bio_s_out;
1215
		SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);
1216
		SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp);
1217
		SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
1218
		SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
1219
	}
1220
1221
	if (CAfile != NULL) {
1222
		SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
1223
		if (ctx2)
1224
			SSL_CTX_set_client_CA_list(ctx2, SSL_load_client_CA_file(CAfile));
1225
	}
1226
	BIO_printf(bio_s_out, "ACCEPT\n");
1227
	(void) BIO_flush(bio_s_out);
1228
	if (www)
1229
		do_server(port, socket_type, &accept_socket, www_body, context);
1230
	else
1231
		do_server(port, socket_type, &accept_socket, sv_body, context);
1232
	print_stats(bio_s_out, ctx);
1233
	ret = 0;
1234
end:
1235
	if (ctx != NULL)
1236
		SSL_CTX_free(ctx);
1237
	if (s_cert)
1238
		X509_free(s_cert);
1239
	if (s_dcert)
1240
		X509_free(s_dcert);
1241
	if (s_key)
1242
		EVP_PKEY_free(s_key);
1243
	if (s_dkey)
1244
		EVP_PKEY_free(s_dkey);
1245
	free(pass);
1246
	free(dpass);
1247
	if (vpm)
1248
		X509_VERIFY_PARAM_free(vpm);
1249
	free(tlscstatp.host);
1250
	free(tlscstatp.port);
1251
	free(tlscstatp.path);
1252
	if (ctx2 != NULL)
1253
		SSL_CTX_free(ctx2);
1254
	if (s_cert2)
1255
		X509_free(s_cert2);
1256
	if (s_key2)
1257
		EVP_PKEY_free(s_key2);
1258
	free(next_proto.data);
1259
	free(alpn_ctx.data);
1260
	if (bio_s_out != NULL) {
1261
		BIO_free(bio_s_out);
1262
		bio_s_out = NULL;
1263
	}
1264
1265
	return (ret);
1266
}
1267
1268
static void
1269
print_stats(BIO * bio, SSL_CTX * ssl_ctx)
1270
{
1271
	BIO_printf(bio, "%4ld items in the session cache\n",
1272
	    SSL_CTX_sess_number(ssl_ctx));
1273
	BIO_printf(bio, "%4ld client connects (SSL_connect())\n",
1274
	    SSL_CTX_sess_connect(ssl_ctx));
1275
	BIO_printf(bio, "%4ld client renegotiates (SSL_connect())\n",
1276
	    SSL_CTX_sess_connect_renegotiate(ssl_ctx));
1277
	BIO_printf(bio, "%4ld client connects that finished\n",
1278
	    SSL_CTX_sess_connect_good(ssl_ctx));
1279
	BIO_printf(bio, "%4ld server accepts (SSL_accept())\n",
1280
	    SSL_CTX_sess_accept(ssl_ctx));
1281
	BIO_printf(bio, "%4ld server renegotiates (SSL_accept())\n",
1282
	    SSL_CTX_sess_accept_renegotiate(ssl_ctx));
1283
	BIO_printf(bio, "%4ld server accepts that finished\n",
1284
	    SSL_CTX_sess_accept_good(ssl_ctx));
1285
	BIO_printf(bio, "%4ld session cache hits\n", SSL_CTX_sess_hits(ssl_ctx));
1286
	BIO_printf(bio, "%4ld session cache misses\n", SSL_CTX_sess_misses(ssl_ctx));
1287
	BIO_printf(bio, "%4ld session cache timeouts\n", SSL_CTX_sess_timeouts(ssl_ctx));
1288
	BIO_printf(bio, "%4ld callback cache hits\n", SSL_CTX_sess_cb_hits(ssl_ctx));
1289
	BIO_printf(bio, "%4ld cache full overflows (%ld allowed)\n",
1290
	    SSL_CTX_sess_cache_full(ssl_ctx),
1291
	    SSL_CTX_sess_get_cache_size(ssl_ctx));
1292
}
1293
1294
static int
1295
sv_body(char *hostname, int s, unsigned char *context)
1296
{
1297
	char *buf = NULL;
1298
	int ret = 1;
1299
	int k, i;
1300
	unsigned long l;
1301
	SSL *con = NULL;
1302
	BIO *sbio;
1303
	struct timeval timeout;
1304
1305
	if ((buf = malloc(bufsize)) == NULL) {
1306
		BIO_printf(bio_err, "out of memory\n");
1307
		goto err;
1308
	}
1309
	if (s_nbio) {
1310
		if (!s_quiet)
1311
			BIO_printf(bio_err, "turning on non blocking io\n");
1312
		if (!BIO_socket_nbio(s, 1))
1313
			ERR_print_errors(bio_err);
1314
	}
1315
1316
	if (con == NULL) {
1317
		con = SSL_new(ctx);
1318
		if (s_tlsextdebug) {
1319
			SSL_set_tlsext_debug_callback(con, tlsext_cb);
1320
			SSL_set_tlsext_debug_arg(con, bio_s_out);
1321
		}
1322
		if (s_tlsextstatus) {
1323
			SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb);
1324
			tlscstatp.err = bio_err;
1325
			SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp);
1326
		}
1327
		if (context)
1328
			SSL_set_session_id_context(con, context,
1329
			    strlen((char *) context));
1330
	}
1331
	SSL_clear(con);
1332
1333
	if (SSL_version(con) == DTLS1_VERSION) {
1334
1335
		sbio = BIO_new_dgram(s, BIO_NOCLOSE);
1336
1337
		if (enable_timeouts) {
1338
			timeout.tv_sec = 0;
1339
			timeout.tv_usec = DGRAM_RCV_TIMEOUT;
1340
			BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
1341
1342
			timeout.tv_sec = 0;
1343
			timeout.tv_usec = DGRAM_SND_TIMEOUT;
1344
			BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
1345
		}
1346
		if (socket_mtu > 28) {
1347
			SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
1348
			SSL_set_mtu(con, socket_mtu - 28);
1349
		} else
1350
			/* want to do MTU discovery */
1351
			BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
1352
1353
		/* turn on cookie exchange */
1354
		SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE);
1355
	} else
1356
		sbio = BIO_new_socket(s, BIO_NOCLOSE);
1357
1358
	if (s_nbio_test) {
1359
		BIO *test;
1360
1361
		test = BIO_new(BIO_f_nbio_test());
1362
		sbio = BIO_push(test, sbio);
1363
	}
1364
1365
	SSL_set_bio(con, sbio, sbio);
1366
	SSL_set_accept_state(con);
1367
	/* SSL_set_fd(con,s); */
1368
1369
	if (s_debug) {
1370
		SSL_set_debug(con, 1);
1371
		BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
1372
		BIO_set_callback_arg(SSL_get_rbio(con), (char *) bio_s_out);
1373
	}
1374
	if (s_msg) {
1375
		SSL_set_msg_callback(con, msg_cb);
1376
		SSL_set_msg_callback_arg(con, bio_s_out);
1377
	}
1378
	if (s_tlsextdebug) {
1379
		SSL_set_tlsext_debug_callback(con, tlsext_cb);
1380
		SSL_set_tlsext_debug_arg(con, bio_s_out);
1381
	}
1382
1383
	for (;;) {
1384
		int read_from_terminal;
1385
		int read_from_sslcon;
1386
		struct pollfd pfd[2];
1387
		int ptimeout;
1388
1389
		read_from_terminal = 0;
1390
		read_from_sslcon = SSL_pending(con);
1391
1392
		if (!read_from_sslcon) {
1393
			pfd[0].fd = fileno(stdin);
1394
			pfd[0].events = POLLIN;
1395
			pfd[1].fd = s;
1396
			pfd[1].events = POLLIN;
1397
1398
			if ((SSL_version(con) == DTLS1_VERSION) &&
1399
			    DTLSv1_get_timeout(con, &timeout))
1400
				ptimeout = timeout.tv_sec * 1000 +
1401
				    timeout.tv_usec / 1000;
1402
			else
1403
				ptimeout = -1;
1404
1405
			i = poll(pfd, 2, ptimeout);
1406
1407
			if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0) {
1408
				BIO_printf(bio_err, "TIMEOUT occured\n");
1409
			}
1410
			if (i <= 0)
1411
				continue;
1412
			if (pfd[0].revents) {
1413
				if ((pfd[0].revents & (POLLERR|POLLNVAL)))
1414
					continue;
1415
				read_from_terminal = 1;
1416
			}
1417
			if (pfd[1].revents) {
1418
				if ((pfd[1].revents & (POLLERR|POLLNVAL)))
1419
					continue;
1420
				read_from_sslcon = 1;
1421
			}
1422
		}
1423
		if (read_from_terminal) {
1424
			if (s_crlf) {
1425
				int j, lf_num;
1426
1427
				i = read(fileno(stdin), buf, bufsize / 2);
1428
				lf_num = 0;
1429
				/* both loops are skipped when i <= 0 */
1430
				for (j = 0; j < i; j++)
1431
					if (buf[j] == '\n')
1432
						lf_num++;
1433
				for (j = i - 1; j >= 0; j--) {
1434
					buf[j + lf_num] = buf[j];
1435
					if (buf[j] == '\n') {
1436
						lf_num--;
1437
						i++;
1438
						buf[j + lf_num] = '\r';
1439
					}
1440
				}
1441
				assert(lf_num == 0);
1442
			} else
1443
				i = read(fileno(stdin), buf, bufsize);
1444
			if (!s_quiet) {
1445
				if ((i <= 0) || (buf[0] == 'Q')) {
1446
					BIO_printf(bio_s_out, "DONE\n");
1447
					shutdown(s, SHUT_RD);
1448
					close(s);
1449
					close_accept_socket();
1450
					ret = -11;
1451
					goto err;
1452
				}
1453
				if ((i <= 0) || (buf[0] == 'q')) {
1454
					BIO_printf(bio_s_out, "DONE\n");
1455
					if (SSL_version(con) != DTLS1_VERSION) {
1456
						shutdown(s, SHUT_RD);
1457
						close(s);
1458
					}
1459
					/*
1460
					 * close_accept_socket(); ret= -11;
1461
					 */
1462
					goto err;
1463
				}
1464
				if ((buf[0] == 'r') &&
1465
				    ((buf[1] == '\n') || (buf[1] == '\r'))) {
1466
					SSL_renegotiate(con);
1467
					i = SSL_do_handshake(con);
1468
					printf("SSL_do_handshake -> %d\n", i);
1469
					i = 0;	/* 13; */
1470
					continue;
1471
					/*
1472
					 * RE-NEGOTIATE\n");
1473
					 */
1474
				}
1475
				if ((buf[0] == 'R') &&
1476
				    ((buf[1] == '\n') || (buf[1] == '\r'))) {
1477
					SSL_set_verify(con,
1478
					    SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, NULL);
1479
					SSL_renegotiate(con);
1480
					i = SSL_do_handshake(con);
1481
					printf("SSL_do_handshake -> %d\n", i);
1482
					i = 0;	/* 13; */
1483
					continue;
1484
					/*
1485
					 * RE-NEGOTIATE asking for client
1486
					 * cert\n");
1487
					 */
1488
				}
1489
				if (buf[0] == 'P') {
1490
					static const char *str = "Lets print some clear text\n";
1491
					BIO_write(SSL_get_wbio(con), str, strlen(str));
1492
				}
1493
				if (buf[0] == 'S') {
1494
					print_stats(bio_s_out, SSL_get_SSL_CTX(con));
1495
				}
1496
			}
1497
			l = k = 0;
1498
			for (;;) {
1499
				/* should do a select for the write */
1500
#ifdef RENEG
1501
				{
1502
					static count = 0;
1503
					if (++count == 100) {
1504
						count = 0;
1505
						SSL_renegotiate(con);
1506
					}
1507
				}
1508
#endif
1509
				k = SSL_write(con, &(buf[l]), (unsigned int) i);
1510
				switch (SSL_get_error(con, k)) {
1511
				case SSL_ERROR_NONE:
1512
					break;
1513
				case SSL_ERROR_WANT_WRITE:
1514
				case SSL_ERROR_WANT_READ:
1515
				case SSL_ERROR_WANT_X509_LOOKUP:
1516
					BIO_printf(bio_s_out, "Write BLOCK\n");
1517
					break;
1518
				case SSL_ERROR_SYSCALL:
1519
				case SSL_ERROR_SSL:
1520
					BIO_printf(bio_s_out, "ERROR\n");
1521
					ERR_print_errors(bio_err);
1522
					ret = 1;
1523
					goto err;
1524
					/* break; */
1525
				case SSL_ERROR_ZERO_RETURN:
1526
					BIO_printf(bio_s_out, "DONE\n");
1527
					ret = 1;
1528
					goto err;
1529
				}
1530
				l += k;
1531
				i -= k;
1532
				if (i <= 0)
1533
					break;
1534
			}
1535
		}
1536
		if (read_from_sslcon) {
1537
			if (!SSL_is_init_finished(con)) {
1538
				i = init_ssl_connection(con);
1539
1540
				if (i < 0) {
1541
					ret = 0;
1542
					goto err;
1543
				} else if (i == 0) {
1544
					ret = 1;
1545
					goto err;
1546
				}
1547
			} else {
1548
		again:
1549
				i = SSL_read(con, (char *) buf, bufsize);
1550
				switch (SSL_get_error(con, i)) {
1551
				case SSL_ERROR_NONE: {
1552
						int len, n;
1553
						for (len = 0; len < i;) {
1554
							do {
1555
								n = write(fileno(stdout), buf + len, i - len);
1556
							} while (n == -1 && errno == EINTR);
1557
1558
							if (n < 0) {
1559
								BIO_printf(bio_s_out, "ERROR\n");
1560
								goto err;
1561
							}
1562
							len += n;
1563
						}
1564
					}
1565
					if (SSL_pending(con))
1566
						goto again;
1567
					break;
1568
				case SSL_ERROR_WANT_WRITE:
1569
				case SSL_ERROR_WANT_READ:
1570
					BIO_printf(bio_s_out, "Read BLOCK\n");
1571
					break;
1572
				case SSL_ERROR_SYSCALL:
1573
				case SSL_ERROR_SSL:
1574
					BIO_printf(bio_s_out, "ERROR\n");
1575
					ERR_print_errors(bio_err);
1576
					ret = 1;
1577
					goto err;
1578
				case SSL_ERROR_ZERO_RETURN:
1579
					BIO_printf(bio_s_out, "DONE\n");
1580
					ret = 1;
1581
					goto err;
1582
				}
1583
			}
1584
		}
1585
	}
1586
err:
1587
	if (con != NULL) {
1588
		BIO_printf(bio_s_out, "shutting down SSL\n");
1589
		SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
1590
		SSL_free(con);
1591
	}
1592
	BIO_printf(bio_s_out, "CONNECTION CLOSED\n");
1593
	if (buf != NULL) {
1594
		explicit_bzero(buf, bufsize);
1595
		free(buf);
1596
	}
1597
	if (ret >= 0)
1598
		BIO_printf(bio_s_out, "ACCEPT\n");
1599
	return (ret);
1600
}
1601
1602
static void
1603
close_accept_socket(void)
1604
{
1605
	BIO_printf(bio_err, "shutdown accept socket\n");
1606
	if (accept_socket >= 0) {
1607
		shutdown(accept_socket, SHUT_RDWR);
1608
		close(accept_socket);
1609
	}
1610
}
1611
1612
static int
1613
init_ssl_connection(SSL * con)
1614
{
1615
	int i;
1616
	const char *str;
1617
	X509 *peer;
1618
	long verify_error;
1619
	char buf[BUFSIZ];
1620
	const unsigned char *next_proto_neg;
1621
	unsigned next_proto_neg_len;
1622
	unsigned char *exportedkeymat;
1623
1624
	i = SSL_accept(con);
1625
	if (i <= 0) {
1626
		if (BIO_sock_should_retry(i)) {
1627
			BIO_printf(bio_s_out, "DELAY\n");
1628
			return (1);
1629
		}
1630
		BIO_printf(bio_err, "ERROR\n");
1631
		verify_error = SSL_get_verify_result(con);
1632
		if (verify_error != X509_V_OK) {
1633
			BIO_printf(bio_err, "verify error:%s\n",
1634
			    X509_verify_cert_error_string(verify_error));
1635
		} else
1636
			ERR_print_errors(bio_err);
1637
		return (0);
1638
	}
1639
	PEM_write_bio_SSL_SESSION(bio_s_out, SSL_get_session(con));
1640
1641
	peer = SSL_get_peer_certificate(con);
1642
	if (peer != NULL) {
1643
		BIO_printf(bio_s_out, "Client certificate\n");
1644
		PEM_write_bio_X509(bio_s_out, peer);
1645
		X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf);
1646
		BIO_printf(bio_s_out, "subject=%s\n", buf);
1647
		X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf);
1648
		BIO_printf(bio_s_out, "issuer=%s\n", buf);
1649
		X509_free(peer);
1650
	}
1651
	if (SSL_get_shared_ciphers(con, buf, sizeof buf) != NULL)
1652
		BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf);
1653
	str = SSL_CIPHER_get_name(SSL_get_current_cipher(con));
1654
	BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)");
1655
1656
	SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len);
1657
	if (next_proto_neg) {
1658
		BIO_printf(bio_s_out, "NEXTPROTO is ");
1659
		BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len);
1660
		BIO_printf(bio_s_out, "\n");
1661
	}
1662
#ifndef OPENSSL_NO_SRTP
1663
	{
1664
		SRTP_PROTECTION_PROFILE *srtp_profile
1665
		= SSL_get_selected_srtp_profile(con);
1666
1667
		if (srtp_profile)
1668
			BIO_printf(bio_s_out, "SRTP Extension negotiated, profile=%s\n",
1669
			    srtp_profile->name);
1670
	}
1671
#endif
1672
	if (SSL_cache_hit(con))
1673
		BIO_printf(bio_s_out, "Reused session-id\n");
1674
	BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
1675
	    SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
1676
	if (keymatexportlabel != NULL) {
1677
		BIO_printf(bio_s_out, "Keying material exporter:\n");
1678
		BIO_printf(bio_s_out, "    Label: '%s'\n", keymatexportlabel);
1679
		BIO_printf(bio_s_out, "    Length: %i bytes\n",
1680
		    keymatexportlen);
1681
		exportedkeymat = malloc(keymatexportlen);
1682
		if (exportedkeymat != NULL) {
1683
			if (!SSL_export_keying_material(con, exportedkeymat,
1684
				keymatexportlen,
1685
				keymatexportlabel,
1686
				strlen(keymatexportlabel),
1687
				NULL, 0, 0)) {
1688
				BIO_printf(bio_s_out, "    Error\n");
1689
			} else {
1690
				BIO_printf(bio_s_out, "    Keying material: ");
1691
				for (i = 0; i < keymatexportlen; i++)
1692
					BIO_printf(bio_s_out, "%02X",
1693
					    exportedkeymat[i]);
1694
				BIO_printf(bio_s_out, "\n");
1695
			}
1696
			free(exportedkeymat);
1697
		}
1698
	}
1699
	return (1);
1700
}
1701
1702
#ifndef OPENSSL_NO_DH
1703
static DH *
1704
load_dh_param(const char *dhfile)
1705
{
1706
	DH *ret = NULL;
1707
	BIO *bio;
1708
1709
	if ((bio = BIO_new_file(dhfile, "r")) == NULL)
1710
		goto err;
1711
	ret = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
1712
err:
1713
	BIO_free(bio);
1714
	return (ret);
1715
}
1716
#endif
1717
1718
static int
1719
www_body(char *hostname, int s, unsigned char *context)
1720
{
1721
	char *buf = NULL;
1722
	int ret = 1;
1723
	int i, j, k, dot;
1724
	SSL *con;
1725
	const SSL_CIPHER *c;
1726
	BIO *io, *ssl_bio, *sbio;
1727
1728
	buf = malloc(bufsize);
1729
	if (buf == NULL)
1730
		return (0);
1731
	io = BIO_new(BIO_f_buffer());
1732
	ssl_bio = BIO_new(BIO_f_ssl());
1733
	if ((io == NULL) || (ssl_bio == NULL))
1734
		goto err;
1735
1736
	if (s_nbio) {
1737
		if (!s_quiet)
1738
			BIO_printf(bio_err, "turning on non blocking io\n");
1739
		if (!BIO_socket_nbio(s, 1))
1740
			ERR_print_errors(bio_err);
1741
	}
1742
1743
	/* lets make the output buffer a reasonable size */
1744
	if (!BIO_set_write_buffer_size(io, bufsize))
1745
		goto err;
1746
1747
	if ((con = SSL_new(ctx)) == NULL)
1748
		goto err;
1749
	if (s_tlsextdebug) {
1750
		SSL_set_tlsext_debug_callback(con, tlsext_cb);
1751
		SSL_set_tlsext_debug_arg(con, bio_s_out);
1752
	}
1753
	if (context)
1754
		SSL_set_session_id_context(con, context,
1755
		    strlen((char *) context));
1756
1757
	sbio = BIO_new_socket(s, BIO_NOCLOSE);
1758
	if (s_nbio_test) {
1759
		BIO *test;
1760
1761
		test = BIO_new(BIO_f_nbio_test());
1762
		sbio = BIO_push(test, sbio);
1763
	}
1764
	SSL_set_bio(con, sbio, sbio);
1765
	SSL_set_accept_state(con);
1766
1767
	/* SSL_set_fd(con,s); */
1768
	BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
1769
	BIO_push(io, ssl_bio);
1770
1771
	if (s_debug) {
1772
		SSL_set_debug(con, 1);
1773
		BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
1774
		BIO_set_callback_arg(SSL_get_rbio(con), (char *) bio_s_out);
1775
	}
1776
	if (s_msg) {
1777
		SSL_set_msg_callback(con, msg_cb);
1778
		SSL_set_msg_callback_arg(con, bio_s_out);
1779
	}
1780
	for (;;) {
1781
		i = BIO_gets(io, buf, bufsize - 1);
1782
		if (i < 0) {	/* error */
1783
			if (!BIO_should_retry(io)) {
1784
				if (!s_quiet)
1785
					ERR_print_errors(bio_err);
1786
				goto err;
1787
			} else {
1788
				BIO_printf(bio_s_out, "read R BLOCK\n");
1789
				sleep(1);
1790
				continue;
1791
			}
1792
		} else if (i == 0) {	/* end of input */
1793
			ret = 1;
1794
			goto end;
1795
		}
1796
		/* else we have data */
1797
		if (((www == 1) && (strncmp("GET ", buf, 4) == 0)) ||
1798
		    ((www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) {
1799
			char *p;
1800
			X509 *peer;
1801
			STACK_OF(SSL_CIPHER) * sk;
1802
			static const char *space = "                          ";
1803
1804
			BIO_puts(io, "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
1805
			BIO_puts(io, "<HTML><BODY BGCOLOR=\"#ffffff\">\n");
1806
			BIO_puts(io, "<pre>\n");
1807
/*			BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/
1808
			BIO_puts(io, "\n");
1809
			for (i = 0; i < local_argc; i++) {
1810
				BIO_puts(io, local_argv[i]);
1811
				BIO_write(io, " ", 1);
1812
			}
1813
			BIO_puts(io, "\n");
1814
1815
			BIO_printf(io,
1816
			    "Secure Renegotiation IS%s supported\n",
1817
			    SSL_get_secure_renegotiation_support(con) ?
1818
			    "" : " NOT");
1819
1820
			/*
1821
			 * The following is evil and should not really be
1822
			 * done
1823
			 */
1824
			BIO_printf(io, "Ciphers supported in s_server binary\n");
1825
			sk = SSL_get_ciphers(con);
1826
			j = sk_SSL_CIPHER_num(sk);
1827
			for (i = 0; i < j; i++) {
1828
				c = sk_SSL_CIPHER_value(sk, i);
1829
				BIO_printf(io, "%-11s:%-25s",
1830
				    SSL_CIPHER_get_version(c),
1831
				    SSL_CIPHER_get_name(c));
1832
				if ((((i + 1) % 2) == 0) && (i + 1 != j))
1833
					BIO_puts(io, "\n");
1834
			}
1835
			BIO_puts(io, "\n");
1836
			p = SSL_get_shared_ciphers(con, buf, bufsize);
1837
			if (p != NULL) {
1838
				BIO_printf(io, "---\nCiphers common between both SSL end points:\n");
1839
				j = i = 0;
1840
				while (*p) {
1841
					if (*p == ':') {
1842
						BIO_write(io, space, 26 - j);
1843
						i++;
1844
						j = 0;
1845
						BIO_write(io, ((i % 3) ? " " : "\n"), 1);
1846
					} else {
1847
						BIO_write(io, p, 1);
1848
						j++;
1849
					}
1850
					p++;
1851
				}
1852
				BIO_puts(io, "\n");
1853
			}
1854
			BIO_printf(io, (SSL_cache_hit(con)
1855
				? "---\nReused, "
1856
				: "---\nNew, "));
1857
			c = SSL_get_current_cipher(con);
1858
			BIO_printf(io, "%s, Cipher is %s\n",
1859
			    SSL_CIPHER_get_version(c),
1860
			    SSL_CIPHER_get_name(c));
1861
			SSL_SESSION_print(io, SSL_get_session(con));
1862
			BIO_printf(io, "---\n");
1863
			print_stats(io, SSL_get_SSL_CTX(con));
1864
			BIO_printf(io, "---\n");
1865
			peer = SSL_get_peer_certificate(con);
1866
			if (peer != NULL) {
1867
				BIO_printf(io, "Client certificate\n");
1868
				X509_print(io, peer);
1869
				PEM_write_bio_X509(io, peer);
1870
			} else
1871
				BIO_puts(io, "no client certificate available\n");
1872
			BIO_puts(io, "</BODY></HTML>\r\n\r\n");
1873
			break;
1874
		} else if ((www == 2 || www == 3)
1875
		    && (strncmp("GET /", buf, 5) == 0)) {
1876
			BIO *file;
1877
			char *p, *e;
1878
			static const char *text = "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
1879
1880
			/* skip the '/' */
1881
			p = &(buf[5]);
1882
1883
			dot = 1;
1884
			for (e = p; *e != '\0'; e++) {
1885
				if (e[0] == ' ')
1886
					break;
1887
1888
				switch (dot) {
1889
				case 1:
1890
					dot = (e[0] == '.') ? 2 : 0;
1891
					break;
1892
				case 2:
1893
					dot = (e[0] == '.') ? 3 : 0;
1894
					break;
1895
				case 3:
1896
					dot = (e[0] == '/') ? -1 : 0;
1897
					break;
1898
				}
1899
				if (dot == 0)
1900
					dot = (e[0] == '/') ? 1 : 0;
1901
			}
1902
			dot = (dot == 3) || (dot == -1);	/* filename contains
1903
								 * ".." component */
1904
1905
			if (*e == '\0') {
1906
				BIO_puts(io, text);
1907
				BIO_printf(io, "'%s' is an invalid file name\r\n", p);
1908
				break;
1909
			}
1910
			*e = '\0';
1911
1912
			if (dot) {
1913
				BIO_puts(io, text);
1914
				BIO_printf(io, "'%s' contains '..' reference\r\n", p);
1915
				break;
1916
			}
1917
			if (*p == '/') {
1918
				BIO_puts(io, text);
1919
				BIO_printf(io, "'%s' is an invalid path\r\n", p);
1920
				break;
1921
			}
1922
			/* if a directory, do the index thang */
1923
			if (app_isdir(p) > 0) {
1924
				BIO_puts(io, text);
1925
				BIO_printf(io, "'%s' is a directory\r\n", p);
1926
				break;
1927
			}
1928
			if ((file = BIO_new_file(p, "r")) == NULL) {
1929
				BIO_puts(io, text);
1930
				BIO_printf(io, "Error opening '%s'\r\n", p);
1931
				ERR_print_errors(io);
1932
				break;
1933
			}
1934
			if (!s_quiet)
1935
				BIO_printf(bio_err, "FILE:%s\n", p);
1936
1937
			if (www == 2) {
1938
				i = strlen(p);
1939
				if (((i > 5) && (strcmp(&(p[i - 5]), ".html") == 0)) ||
1940
				    ((i > 4) && (strcmp(&(p[i - 4]), ".php") == 0)) ||
1941
				    ((i > 4) && (strcmp(&(p[i - 4]), ".htm") == 0)))
1942
					BIO_puts(io, "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
1943
				else
1944
					BIO_puts(io, "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
1945
			}
1946
			/* send the file */
1947
			for (;;) {
1948
				i = BIO_read(file, buf, bufsize);
1949
				if (i <= 0)
1950
					break;
1951
1952
#ifdef RENEG
1953
				total_bytes += i;
1954
				fprintf(stderr, "%d\n", i);
1955
				if (total_bytes > 3 * 1024) {
1956
					total_bytes = 0;
1957
					fprintf(stderr, "RENEGOTIATE\n");
1958
					SSL_renegotiate(con);
1959
				}
1960
#endif
1961
1962
				for (j = 0; j < i;) {
1963
#ifdef RENEG
1964
					{
1965
						static count = 0;
1966
						if (++count == 13) {
1967
							SSL_renegotiate(con);
1968
						}
1969
					}
1970
#endif
1971
					k = BIO_write(io, &(buf[j]), i - j);
1972
					if (k <= 0) {
1973
						if (!BIO_should_retry(io))
1974
							goto write_error;
1975
						else {
1976
							BIO_printf(bio_s_out, "rwrite W BLOCK\n");
1977
						}
1978
					} else {
1979
						j += k;
1980
					}
1981
				}
1982
			}
1983
	write_error:
1984
			BIO_free(file);
1985
			break;
1986
		}
1987
	}
1988
1989
	for (;;) {
1990
		i = (int) BIO_flush(io);
1991
		if (i <= 0) {
1992
			if (!BIO_should_retry(io))
1993
				break;
1994
		} else
1995
			break;
1996
	}
1997
end:
1998
	/* make sure we re-use sessions */
1999
	SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
2000
2001
err:
2002
2003
	if (ret >= 0)
2004
		BIO_printf(bio_s_out, "ACCEPT\n");
2005
2006
	free(buf);
2007
	if (io != NULL)
2008
		BIO_free_all(io);
2009
/*	if (ssl_bio != NULL) BIO_free(ssl_bio);*/
2010
	return (ret);
2011
}
2012
2013
#define MAX_SESSION_ID_ATTEMPTS 10
2014
static int
2015
generate_session_id(const SSL * ssl, unsigned char *id,
2016
    unsigned int *id_len)
2017
{
2018
	unsigned int count = 0;
2019
	do {
2020
		arc4random_buf(id, *id_len);
2021
		/*
2022
		 * Prefix the session_id with the required prefix. NB: If our
2023
		 * prefix is too long, clip it - but there will be worse
2024
		 * effects anyway, eg. the server could only possibly create
2025
		 * 1 session ID (ie. the prefix!) so all future session
2026
		 * negotiations will fail due to conflicts.
2027
		 */
2028
		memcpy(id, session_id_prefix,
2029
		    (strlen(session_id_prefix) < *id_len) ?
2030
		    strlen(session_id_prefix) : *id_len);
2031
	}
2032
	while (SSL_has_matching_session_id(ssl, id, *id_len) &&
2033
	    (++count < MAX_SESSION_ID_ATTEMPTS));
2034
	if (count >= MAX_SESSION_ID_ATTEMPTS)
2035
		return 0;
2036
	return 1;
2037
}