GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: usr.bin/openssl/s_server.c Lines: 199 1071 18.6 %
Date: 2017-11-13 Branches: 84 770 10.9 %

Line Branch Exec Source
1
/* $OpenBSD: s_server.c,v 1.27 2017/08/12 21:04:33 jsing Exp $ */
2
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3
 * All rights reserved.
4
 *
5
 * This package is an SSL implementation written
6
 * by Eric Young (eay@cryptsoft.com).
7
 * The implementation was written so as to conform with Netscapes SSL.
8
 *
9
 * This library is free for commercial and non-commercial use as long as
10
 * the following conditions are aheared to.  The following conditions
11
 * apply to all code found in this distribution, be it the RC4, RSA,
12
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13
 * included with this distribution is covered by the same copyright terms
14
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15
 *
16
 * Copyright remains Eric Young's, and as such any Copyright notices in
17
 * the code are not to be removed.
18
 * If this package is used in a product, Eric Young should be given attribution
19
 * as the author of the parts of the library used.
20
 * This can be in the form of a textual message at program startup or
21
 * in documentation (online or textual) provided with the package.
22
 *
23
 * Redistribution and use in source and binary forms, with or without
24
 * modification, are permitted provided that the following conditions
25
 * are met:
26
 * 1. Redistributions of source code must retain the copyright
27
 *    notice, this list of conditions and the following disclaimer.
28
 * 2. Redistributions in binary form must reproduce the above copyright
29
 *    notice, this list of conditions and the following disclaimer in the
30
 *    documentation and/or other materials provided with the distribution.
31
 * 3. All advertising materials mentioning features or use of this software
32
 *    must display the following acknowledgement:
33
 *    "This product includes cryptographic software written by
34
 *     Eric Young (eay@cryptsoft.com)"
35
 *    The word 'cryptographic' can be left out if the rouines from the library
36
 *    being used are not cryptographic related :-).
37
 * 4. If you include any Windows specific code (or a derivative thereof) from
38
 *    the apps directory (application code) you must include an acknowledgement:
39
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40
 *
41
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51
 * SUCH DAMAGE.
52
 *
53
 * The licence and distribution terms for any publically available version or
54
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
55
 * copied and put under another distribution licence
56
 * [including the GNU Public Licence.]
57
 */
58
/* ====================================================================
59
 * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
60
 *
61
 * Redistribution and use in source and binary forms, with or without
62
 * modification, are permitted provided that the following conditions
63
 * are met:
64
 *
65
 * 1. Redistributions of source code must retain the above copyright
66
 *    notice, this list of conditions and the following disclaimer.
67
 *
68
 * 2. Redistributions in binary form must reproduce the above copyright
69
 *    notice, this list of conditions and the following disclaimer in
70
 *    the documentation and/or other materials provided with the
71
 *    distribution.
72
 *
73
 * 3. All advertising materials mentioning features or use of this
74
 *    software must display the following acknowledgment:
75
 *    "This product includes software developed by the OpenSSL Project
76
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77
 *
78
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79
 *    endorse or promote products derived from this software without
80
 *    prior written permission. For written permission, please contact
81
 *    openssl-core@openssl.org.
82
 *
83
 * 5. Products derived from this software may not be called "OpenSSL"
84
 *    nor may "OpenSSL" appear in their names without prior written
85
 *    permission of the OpenSSL Project.
86
 *
87
 * 6. Redistributions of any form whatsoever must retain the following
88
 *    acknowledgment:
89
 *    "This product includes software developed by the OpenSSL Project
90
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91
 *
92
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103
 * OF THE POSSIBILITY OF SUCH DAMAGE.
104
 * ====================================================================
105
 *
106
 * This product includes cryptographic software written by Eric Young
107
 * (eay@cryptsoft.com).  This product includes software written by Tim
108
 * Hudson (tjh@cryptsoft.com).
109
 *
110
 */
111
/* ====================================================================
112
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113
 * ECC cipher suite support in OpenSSL originally developed by
114
 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115
 */
116
/* ====================================================================
117
 * Copyright 2005 Nokia. All rights reserved.
118
 *
119
 * The portions of the attached software ("Contribution") is developed by
120
 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121
 * license.
122
 *
123
 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124
 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125
 * support (see RFC 4279) to OpenSSL.
126
 *
127
 * No patent licenses or other rights except those expressly stated in
128
 * the OpenSSL open source license shall be deemed granted or received
129
 * expressly, by implication, estoppel, or otherwise.
130
 *
131
 * No assurances are provided by Nokia that the Contribution does not
132
 * infringe the patent or other intellectual property rights of any third
133
 * party or that the license provides you with all the necessary rights
134
 * to make use of the Contribution.
135
 *
136
 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137
 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138
 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139
 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140
 * OTHERWISE.
141
 */
142
143
/* Until the key-gen callbacks are modified to use newer prototypes, we allow
144
 * deprecated functions for openssl-internal code */
145
#ifdef OPENSSL_NO_DEPRECATED
146
#undef OPENSSL_NO_DEPRECATED
147
#endif
148
149
#include <sys/types.h>
150
#include <sys/socket.h>
151
152
#include <assert.h>
153
#include <ctype.h>
154
#include <stdio.h>
155
#include <stdlib.h>
156
#include <limits.h>
157
#include <string.h>
158
#include <unistd.h>
159
#include <poll.h>
160
161
#include "apps.h"
162
163
#include <openssl/bn.h>
164
#include <openssl/err.h>
165
#include <openssl/lhash.h>
166
#include <openssl/ocsp.h>
167
#include <openssl/pem.h>
168
#include <openssl/ssl.h>
169
#include <openssl/x509.h>
170
171
#ifndef OPENSSL_NO_DH
172
#include <openssl/dh.h>
173
#endif
174
175
#include <openssl/rsa.h>
176
177
#include "s_apps.h"
178
#include "timeouts.h"
179
180
static int sv_body(char *hostname, int s, unsigned char *context);
181
static int www_body(char *hostname, int s, unsigned char *context);
182
static void close_accept_socket(void);
183
static void sv_usage(void);
184
static int init_ssl_connection(SSL * s);
185
static void print_stats(BIO * bp, SSL_CTX * ctx);
186
static int
187
generate_session_id(const SSL * ssl, unsigned char *id,
188
    unsigned int *id_len);
189
#ifndef OPENSSL_NO_DH
190
static DH *load_dh_param(const char *dhfile);
191
#endif
192
193
static void s_server_init(void);
194
195
/* static int load_CA(SSL_CTX *ctx, char *file);*/
196
197
#define BUFSIZZ	16*1024
198
static int bufsize = BUFSIZZ;
199
static int accept_socket = -1;
200
201
#define TEST_CERT	"server.pem"
202
#define TEST_CERT2	"server2.pem"
203
204
static char *cipher = NULL;
205
static int s_server_verify = SSL_VERIFY_NONE;
206
static int s_server_session_id_context = 1;	/* anything will do */
207
static const char *s_cert_file = TEST_CERT, *s_key_file = NULL;
208
static const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL;
209
static char *s_dcert_file = NULL, *s_dkey_file = NULL;
210
static int s_nbio = 0;
211
static int s_nbio_test = 0;
212
int s_crlf = 0;
213
static SSL_CTX *ctx = NULL;
214
static SSL_CTX *ctx2 = NULL;
215
static int www = 0;
216
217
static BIO *bio_s_out = NULL;
218
static int s_debug = 0;
219
static int s_tlsextdebug = 0;
220
static int s_tlsextstatus = 0;
221
static int cert_status_cb(SSL * s, void *arg);
222
static int s_msg = 0;
223
static int s_quiet = 0;
224
225
static char *keymatexportlabel = NULL;
226
static int keymatexportlen = 20;
227
228
static const char *session_id_prefix = NULL;
229
230
static int enable_timeouts = 0;
231
static long socket_mtu;
232
#ifndef OPENSSL_NO_DTLS1
233
static int cert_chain = 0;
234
#endif
235
236
237
238
239
static void
240
s_server_init(void)
241
{
242
8
	accept_socket = -1;
243
4
	cipher = NULL;
244
4
	s_server_verify = SSL_VERIFY_NONE;
245
4
	s_dcert_file = NULL;
246
4
	s_dkey_file = NULL;
247
4
	s_cert_file = TEST_CERT;
248
4
	s_key_file = NULL;
249
4
	s_cert_file2 = TEST_CERT2;
250
4
	s_key_file2 = NULL;
251
4
	ctx2 = NULL;
252
4
	s_nbio = 0;
253
4
	s_nbio_test = 0;
254
4
	ctx = NULL;
255
4
	www = 0;
256
257
4
	bio_s_out = NULL;
258
4
	s_debug = 0;
259
4
	s_msg = 0;
260
4
	s_quiet = 0;
261
4
}
262
263
static void
264
sv_usage(void)
265
{
266
8
	BIO_printf(bio_err, "usage: s_server [args ...]\n");
267
4
	BIO_printf(bio_err, "\n");
268
4
	BIO_printf(bio_err, " -accept arg   - port to accept on (default is %d)\n", PORT);
269
4
	BIO_printf(bio_err, " -context arg  - set session ID context\n");
270
4
	BIO_printf(bio_err, " -verify arg   - turn on peer certificate verification\n");
271
4
	BIO_printf(bio_err, " -Verify arg   - turn on peer certificate verification, must have a cert.\n");
272
4
	BIO_printf(bio_err, " -cert arg     - certificate file to use\n");
273
4
	BIO_printf(bio_err, "                 (default is %s)\n", TEST_CERT);
274
4
	BIO_printf(bio_err, " -crl_check    - check the peer certificate has not been revoked by its CA.\n" \
275
	    "                 The CRL(s) are appended to the certificate file\n");
276
4
	BIO_printf(bio_err, " -crl_check_all - check the peer certificate has not been revoked by its CA\n" \
277
	    "                 or any other CRL in the CA chain. CRL(s) are appended to the\n" \
278
	    "                 the certificate file.\n");
279
4
	BIO_printf(bio_err, " -certform arg - certificate format (PEM or DER) PEM default\n");
280
4
	BIO_printf(bio_err, " -key arg      - Private Key file to use, in cert file if\n");
281
4
	BIO_printf(bio_err, "                 not specified (default is %s)\n", TEST_CERT);
282
4
	BIO_printf(bio_err, " -keyform arg  - key format (PEM or DER) PEM default\n");
283
4
	BIO_printf(bio_err, " -pass arg     - private key file pass phrase source\n");
284
4
	BIO_printf(bio_err, " -dcert arg    - second certificate file to use (usually for DSA)\n");
285
4
	BIO_printf(bio_err, " -dcertform x  - second certificate format (PEM or DER) PEM default\n");
286
4
	BIO_printf(bio_err, " -dkey arg     - second private key file to use (usually for DSA)\n");
287
4
	BIO_printf(bio_err, " -dkeyform arg - second key format (PEM or DER) PEM default\n");
288
4
	BIO_printf(bio_err, " -dpass arg    - second private key file pass phrase source\n");
289
4
	BIO_printf(bio_err, " -dhparam arg  - DH parameter file to use, in cert file if not specified\n");
290
4
	BIO_printf(bio_err, "                 or a default set of parameters is used\n");
291
4
	BIO_printf(bio_err, " -named_curve arg  - Elliptic curve name to use for ephemeral ECDH keys.\n" \
292
	    "                 Use \"openssl ecparam -list_curves\" for all names\n" \
293
	    "                 (default is nistp256).\n");
294
4
	BIO_printf(bio_err, " -nbio         - Run with non-blocking IO\n");
295
4
	BIO_printf(bio_err, " -nbio_test    - test with the non-blocking test bio\n");
296
4
	BIO_printf(bio_err, " -crlf         - convert LF from terminal into CRLF\n");
297
4
	BIO_printf(bio_err, " -debug        - Print more output\n");
298
4
	BIO_printf(bio_err, " -msg          - Show protocol messages\n");
299
4
	BIO_printf(bio_err, " -state        - Print the SSL states\n");
300
4
	BIO_printf(bio_err, " -CApath arg   - PEM format directory of CA's\n");
301
4
	BIO_printf(bio_err, " -CAfile arg   - PEM format file of CA's\n");
302
4
	BIO_printf(bio_err, " -nocert       - Don't use any certificates (Anon-DH)\n");
303
4
	BIO_printf(bio_err, " -cipher arg   - play with 'openssl ciphers' to see what goes here\n");
304
4
	BIO_printf(bio_err, " -serverpref   - Use server's cipher preferences\n");
305
4
	BIO_printf(bio_err, " -quiet        - Inhibit printing of session and certificate information\n");
306
4
	BIO_printf(bio_err, " -tls1_2       - Just talk TLSv1.2\n");
307
4
	BIO_printf(bio_err, " -tls1_1       - Just talk TLSv1.1\n");
308
4
	BIO_printf(bio_err, " -tls1         - Just talk TLSv1\n");
309
4
	BIO_printf(bio_err, " -dtls1        - Just talk DTLSv1\n");
310
4
	BIO_printf(bio_err, " -timeout      - Enable timeouts\n");
311
4
	BIO_printf(bio_err, " -mtu          - Set link layer MTU\n");
312
4
	BIO_printf(bio_err, " -chain        - Read a certificate chain\n");
313
4
	BIO_printf(bio_err, " -no_ssl2      - Just disable SSLv2\n");
314
4
	BIO_printf(bio_err, " -no_ssl3      - Just disable SSLv3\n");
315
4
	BIO_printf(bio_err, " -no_tls1      - Just disable TLSv1\n");
316
4
	BIO_printf(bio_err, " -no_tls1_1    - Just disable TLSv1.1\n");
317
4
	BIO_printf(bio_err, " -no_tls1_2    - Just disable TLSv1.2\n");
318
#ifndef OPENSSL_NO_DH
319
4
	BIO_printf(bio_err, " -no_dhe       - Disable ephemeral DH\n");
320
#endif
321
4
	BIO_printf(bio_err, " -no_ecdhe     - Disable ephemeral ECDH\n");
322
4
	BIO_printf(bio_err, " -bugs         - Turn on SSL bug compatibility\n");
323
4
	BIO_printf(bio_err, " -www          - Respond to a 'GET /' with a status page\n");
324
4
	BIO_printf(bio_err, " -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
325
4
	BIO_printf(bio_err, " -HTTP         - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
326
4
	BIO_printf(bio_err, "                 with the assumption it contains a complete HTTP response.\n");
327
4
	BIO_printf(bio_err, " -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
328
4
	BIO_printf(bio_err, " -servername host - servername for HostName TLS extension\n");
329
4
	BIO_printf(bio_err, " -servername_fatal - on mismatch send fatal alert (default warning alert)\n");
330
4
	BIO_printf(bio_err, " -cert2 arg    - certificate file to use for servername\n");
331
4
	BIO_printf(bio_err, "                 (default is %s)\n", TEST_CERT2);
332
4
	BIO_printf(bio_err, " -key2 arg     - Private Key file to use for servername, in cert file if\n");
333
4
	BIO_printf(bio_err, "                 not specified (default is %s)\n", TEST_CERT2);
334
4
	BIO_printf(bio_err, " -tlsextdebug  - hex dump of all TLS extensions received\n");
335
4
	BIO_printf(bio_err, " -no_ticket    - disable use of RFC4507bis session tickets\n");
336
4
	BIO_printf(bio_err," -alpn arg  - set the advertised protocols for the ALPN extension (comma-separated list)\n");
337
#ifndef OPENSSL_NO_SRTP
338
4
	BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
339
#endif
340
4
	BIO_printf(bio_err, " -keymatexport label   - Export keying material using label\n");
341
4
	BIO_printf(bio_err, " -keymatexportlen len  - Export len bytes of keying material (default 20)\n");
342
4
}
343
344
static int local_argc = 0;
345
static char **local_argv;
346
347
348
/* This is a context that we pass to callbacks */
349
typedef struct tlsextctx_st {
350
	char *servername;
351
	BIO *biodebug;
352
	int extension_error;
353
} tlsextctx;
354
355
356
static int
357
ssl_servername_cb(SSL * s, int *ad, void *arg)
358
{
359
	tlsextctx *p = (tlsextctx *) arg;
360
	const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
361
	if (servername && p->biodebug)
362
		BIO_printf(p->biodebug, "Hostname in TLS extension: \"%s\"\n", servername);
363
364
	if (!p->servername)
365
		return SSL_TLSEXT_ERR_NOACK;
366
367
	if (servername) {
368
		if (strcmp(servername, p->servername))
369
			return p->extension_error;
370
		if (ctx2) {
371
			BIO_printf(p->biodebug, "Switching server context.\n");
372
			SSL_set_SSL_CTX(s, ctx2);
373
		}
374
	}
375
	return SSL_TLSEXT_ERR_OK;
376
}
377
378
/* Structure passed to cert status callback */
379
380
typedef struct tlsextstatusctx_st {
381
	/* Default responder to use */
382
	char *host, *path, *port;
383
	int use_ssl;
384
	int timeout;
385
	BIO *err;
386
	int verbose;
387
} tlsextstatusctx;
388
389
static tlsextstatusctx tlscstatp = {NULL, NULL, NULL, 0, -1, NULL, 0};
390
391
/* Certificate Status callback. This is called when a client includes a
392
 * certificate status request extension.
393
 *
394
 * This is a simplified version. It examines certificates each time and
395
 * makes one OCSP responder query for each request.
396
 *
397
 * A full version would store details such as the OCSP certificate IDs and
398
 * minimise the number of OCSP responses by caching them until they were
399
 * considered "expired".
400
 */
401
402
static int
403
cert_status_cb(SSL * s, void *arg)
404
{
405
	tlsextstatusctx *srctx = arg;
406
	BIO *err = srctx->err;
407
	char *host, *port, *path;
408
	int use_ssl;
409
	unsigned char *rspder = NULL;
410
	int rspderlen;
411
	STACK_OF(OPENSSL_STRING) * aia = NULL;
412
	X509 *x = NULL;
413
	X509_STORE_CTX inctx;
414
	X509_OBJECT obj;
415
	OCSP_REQUEST *req = NULL;
416
	OCSP_RESPONSE *resp = NULL;
417
	OCSP_CERTID *id = NULL;
418
	STACK_OF(X509_EXTENSION) * exts;
419
	int ret = SSL_TLSEXT_ERR_NOACK;
420
	int i;
421
422
	if (srctx->verbose)
423
		BIO_puts(err, "cert_status: callback called\n");
424
	/* Build up OCSP query from server certificate */
425
	x = SSL_get_certificate(s);
426
	aia = X509_get1_ocsp(x);
427
	if (aia) {
428
		if (!OCSP_parse_url(sk_OPENSSL_STRING_value(aia, 0),
429
			&host, &port, &path, &use_ssl)) {
430
			BIO_puts(err, "cert_status: can't parse AIA URL\n");
431
			goto err;
432
		}
433
		if (srctx->verbose)
434
			BIO_printf(err, "cert_status: AIA URL: %s\n",
435
			    sk_OPENSSL_STRING_value(aia, 0));
436
	} else {
437
		if (!srctx->host) {
438
			BIO_puts(srctx->err, "cert_status: no AIA and no default responder URL\n");
439
			goto done;
440
		}
441
		host = srctx->host;
442
		path = srctx->path;
443
		port = srctx->port;
444
		use_ssl = srctx->use_ssl;
445
	}
446
447
	if (!X509_STORE_CTX_init(&inctx,
448
		SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)),
449
		NULL, NULL))
450
		goto err;
451
	if (X509_STORE_get_by_subject(&inctx, X509_LU_X509,
452
		X509_get_issuer_name(x), &obj) <= 0) {
453
		BIO_puts(err, "cert_status: Can't retrieve issuer certificate.\n");
454
		X509_STORE_CTX_cleanup(&inctx);
455
		goto done;
456
	}
457
	req = OCSP_REQUEST_new();
458
	if (!req)
459
		goto err;
460
	id = OCSP_cert_to_id(NULL, x, obj.data.x509);
461
	X509_free(obj.data.x509);
462
	X509_STORE_CTX_cleanup(&inctx);
463
	if (!id)
464
		goto err;
465
	if (!OCSP_request_add0_id(req, id))
466
		goto err;
467
	id = NULL;
468
	/* Add any extensions to the request */
469
	SSL_get_tlsext_status_exts(s, &exts);
470
	for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
471
		X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
472
		if (!OCSP_REQUEST_add_ext(req, ext, -1))
473
			goto err;
474
	}
475
	resp = process_responder(err, req, host, path, port, use_ssl, NULL,
476
	    srctx->timeout);
477
	if (!resp) {
478
		BIO_puts(err, "cert_status: error querying responder\n");
479
		goto done;
480
	}
481
	rspderlen = i2d_OCSP_RESPONSE(resp, &rspder);
482
	if (rspderlen <= 0)
483
		goto err;
484
	SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen);
485
	if (srctx->verbose) {
486
		BIO_puts(err, "cert_status: ocsp response sent:\n");
487
		OCSP_RESPONSE_print(err, resp, 2);
488
	}
489
	ret = SSL_TLSEXT_ERR_OK;
490
done:
491
	if (ret != SSL_TLSEXT_ERR_OK)
492
		ERR_print_errors(err);
493
	if (aia) {
494
		free(host);
495
		free(path);
496
		free(port);
497
		X509_email_free(aia);
498
	}
499
	if (id)
500
		OCSP_CERTID_free(id);
501
	if (req)
502
		OCSP_REQUEST_free(req);
503
	if (resp)
504
		OCSP_RESPONSE_free(resp);
505
	return ret;
506
err:
507
	ret = SSL_TLSEXT_ERR_ALERT_FATAL;
508
	goto done;
509
}
510
511
/* This the context that we pass to alpn_cb */
512
typedef struct tlsextalpnctx_st {
513
	unsigned char *data;
514
	unsigned short len;
515
} tlsextalpnctx;
516
517
static int
518
alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen,
519
    const unsigned char *in, unsigned int inlen, void *arg)
520
{
521
	tlsextalpnctx *alpn_ctx = arg;
522
523
	if (!s_quiet) {
524
		/* We can assume that in is syntactically valid. */
525
		unsigned i;
526
527
		BIO_printf(bio_s_out,
528
		    "ALPN protocols advertised by the client: ");
529
		for (i = 0; i < inlen; ) {
530
			if (i)
531
				BIO_write(bio_s_out, ", ", 2);
532
			BIO_write(bio_s_out, &in[i + 1], in[i]);
533
			i += in[i] + 1;
534
		}
535
		BIO_write(bio_s_out, "\n", 1);
536
	}
537
538
	if (SSL_select_next_proto((unsigned char**)out, outlen, alpn_ctx->data,
539
	    alpn_ctx->len, in, inlen) != OPENSSL_NPN_NEGOTIATED)
540
		return (SSL_TLSEXT_ERR_NOACK);
541
542
	if (!s_quiet) {
543
		BIO_printf(bio_s_out, "ALPN protocols selected: ");
544
		BIO_write(bio_s_out, *out, *outlen);
545
		BIO_write(bio_s_out, "\n", 1);
546
	}
547
548
	return (SSL_TLSEXT_ERR_OK);
549
}
550
551
#ifndef OPENSSL_NO_SRTP
552
static char *srtp_profiles = NULL;
553
#endif
554
555
int
556
s_server_main(int argc, char *argv[])
557
{
558
4
	X509_VERIFY_PARAM *vpm = NULL;
559
4
	int badarg = 0;
560
4
	short port = PORT;
561
	char *CApath = NULL, *CAfile = NULL;
562
	unsigned char *context = NULL;
563
	char *dhfile = NULL;
564
	char *named_curve = NULL;
565
	int badop = 0, bugs = 0;
566
	int ret = 1;
567
	int off = 0;
568
	int no_dhe = 0, no_ecdhe = 0, nocert = 0;
569
	int state = 0;
570
	const SSL_METHOD *meth = NULL;
571
	int socket_type = SOCK_STREAM;
572
	int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
573
4
	char *passarg = NULL, *pass = NULL;
574
4
	char *dpassarg = NULL, *dpass = NULL;
575
	int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
576
	X509 *s_cert = NULL, *s_dcert = NULL;
577
	EVP_PKEY *s_key = NULL, *s_dkey = NULL;
578
	int no_cache = 0;
579
4
	const char *errstr = NULL;
580
	EVP_PKEY *s_key2 = NULL;
581
	X509 *s_cert2 = NULL;
582
4
	tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
583
	const char *alpn_in = NULL;
584
4
	tlsextalpnctx alpn_ctx = { NULL, 0 };
585
586
4
	if (single_execution) {
587
4
		if (pledge("stdio rpath inet dns tty flock cpath wpath", NULL) == -1) {
588
			perror("pledge");
589
			exit(1);
590
		}
591
	}
592
593
4
	meth = SSLv23_server_method();
594
595
4
	local_argc = argc;
596
4
	local_argv = argv;
597
598
4
	s_server_init();
599
600
4
	verify_depth = 0;
601
4
	s_nbio = 0;
602
4
	s_nbio_test = 0;
603
604
4
	argc--;
605
4
	argv++;
606
607
8
	while (argc >= 1) {
608

8
		if ((strcmp(*argv, "-port") == 0) ||
609
4
		    (strcmp(*argv, "-accept") == 0)) {
610
			if (--argc < 1)
611
				goto bad;
612
			if (!extract_port(*(++argv), &port))
613
				goto bad;
614
4
		} else if (strcmp(*argv, "-verify") == 0) {
615
			s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
616
			if (--argc < 1)
617
				goto bad;
618
			verify_depth = strtonum(*(++argv), 0, INT_MAX, &errstr);
619
			if (errstr)
620
				goto bad;
621
			BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
622
4
		} else if (strcmp(*argv, "-Verify") == 0) {
623
			s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
624
			    SSL_VERIFY_CLIENT_ONCE;
625
			if (--argc < 1)
626
				goto bad;
627
			verify_depth = strtonum(*(++argv), 0, INT_MAX, &errstr);
628
			if (errstr)
629
				goto bad;
630
			BIO_printf(bio_err, "verify depth is %d, must return a certificate\n", verify_depth);
631
4
		} else if (strcmp(*argv, "-context") == 0) {
632
			if (--argc < 1)
633
				goto bad;
634
			context = (unsigned char *) *(++argv);
635
4
		} else if (strcmp(*argv, "-cert") == 0) {
636
			if (--argc < 1)
637
				goto bad;
638
			s_cert_file = *(++argv);
639
4
		} else if (strcmp(*argv, "-certform") == 0) {
640
			if (--argc < 1)
641
				goto bad;
642
			s_cert_format = str2fmt(*(++argv));
643
4
		} else if (strcmp(*argv, "-key") == 0) {
644
			if (--argc < 1)
645
				goto bad;
646
			s_key_file = *(++argv);
647
4
		} else if (strcmp(*argv, "-keyform") == 0) {
648
			if (--argc < 1)
649
				goto bad;
650
			s_key_format = str2fmt(*(++argv));
651
4
		} else if (strcmp(*argv, "-pass") == 0) {
652
			if (--argc < 1)
653
				goto bad;
654
			passarg = *(++argv);
655
4
		} else if (strcmp(*argv, "-dhparam") == 0) {
656
			if (--argc < 1)
657
				goto bad;
658
			dhfile = *(++argv);
659
		}
660
4
		else if (strcmp(*argv, "-named_curve") == 0) {
661
			if (--argc < 1)
662
				goto bad;
663
			named_curve = *(++argv);
664
		}
665
4
		else if (strcmp(*argv, "-dcertform") == 0) {
666
			if (--argc < 1)
667
				goto bad;
668
			s_dcert_format = str2fmt(*(++argv));
669
4
		} else if (strcmp(*argv, "-dcert") == 0) {
670
			if (--argc < 1)
671
				goto bad;
672
			s_dcert_file = *(++argv);
673
4
		} else if (strcmp(*argv, "-dkeyform") == 0) {
674
			if (--argc < 1)
675
				goto bad;
676
			s_dkey_format = str2fmt(*(++argv));
677
4
		} else if (strcmp(*argv, "-dpass") == 0) {
678
			if (--argc < 1)
679
				goto bad;
680
			dpassarg = *(++argv);
681
4
		} else if (strcmp(*argv, "-dkey") == 0) {
682
			if (--argc < 1)
683
				goto bad;
684
			s_dkey_file = *(++argv);
685
4
		} else if (strcmp(*argv, "-nocert") == 0) {
686
			nocert = 1;
687
4
		} else if (strcmp(*argv, "-CApath") == 0) {
688
			if (--argc < 1)
689
				goto bad;
690
			CApath = *(++argv);
691
4
		} else if (strcmp(*argv, "-no_cache") == 0)
692
			no_cache = 1;
693
4
		else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) {
694
			if (badarg)
695
				goto bad;
696
			continue;
697
4
		} else if (strcmp(*argv, "-verify_return_error") == 0)
698
			verify_return_error = 1;
699
4
		else if (strcmp(*argv, "-serverpref") == 0) {
700
			off |= SSL_OP_CIPHER_SERVER_PREFERENCE;
701
4
		} else if (strcmp(*argv, "-legacy_renegotiation") == 0)
702
			; /* no-op */
703
4
		else if (strcmp(*argv, "-cipher") == 0) {
704
			if (--argc < 1)
705
				goto bad;
706
			cipher = *(++argv);
707
4
		} else if (strcmp(*argv, "-CAfile") == 0) {
708
			if (--argc < 1)
709
				goto bad;
710
			CAfile = *(++argv);
711
		}
712
4
		else if (strcmp(*argv, "-nbio") == 0) {
713
			s_nbio = 1;
714
		}
715
4
		else if (strcmp(*argv, "-nbio_test") == 0) {
716
			s_nbio = 1;
717
			s_nbio_test = 1;
718
4
		} else if (strcmp(*argv, "-debug") == 0) {
719
			s_debug = 1;
720
		}
721
4
		else if (strcmp(*argv, "-tlsextdebug") == 0)
722
			s_tlsextdebug = 1;
723
4
		else if (strcmp(*argv, "-status") == 0)
724
			s_tlsextstatus = 1;
725
4
		else if (strcmp(*argv, "-status_verbose") == 0) {
726
			s_tlsextstatus = 1;
727
			tlscstatp.verbose = 1;
728
4
		} else if (!strcmp(*argv, "-status_timeout")) {
729
			s_tlsextstatus = 1;
730
			if (--argc < 1)
731
				goto bad;
732
			tlscstatp.timeout = strtonum(*(++argv), 0, INT_MAX, &errstr);
733
			if (errstr)
734
				goto bad;
735
4
		} else if (!strcmp(*argv, "-status_url")) {
736
			s_tlsextstatus = 1;
737
			if (--argc < 1)
738
				goto bad;
739
			if (!OCSP_parse_url(*(++argv),
740
				&tlscstatp.host,
741
				&tlscstatp.port,
742
				&tlscstatp.path,
743
				&tlscstatp.use_ssl)) {
744
				BIO_printf(bio_err, "Error parsing URL\n");
745
				goto bad;
746
			}
747
		}
748
4
		else if (strcmp(*argv, "-msg") == 0) {
749
			s_msg = 1;
750
4
		} else if (strcmp(*argv, "-state") == 0) {
751
			state = 1;
752
4
		} else if (strcmp(*argv, "-crlf") == 0) {
753
			s_crlf = 1;
754
4
		} else if (strcmp(*argv, "-quiet") == 0) {
755
			s_quiet = 1;
756
4
		} else if (strcmp(*argv, "-bugs") == 0) {
757
			bugs = 1;
758
4
		} else if (strcmp(*argv, "-no_tmp_rsa") == 0) {
759
			/* No-op. */
760
4
		} else if (strcmp(*argv, "-no_dhe") == 0) {
761
			no_dhe = 1;
762
4
		} else if (strcmp(*argv, "-no_ecdhe") == 0) {
763
			no_ecdhe = 1;
764
4
		} else if (strcmp(*argv, "-www") == 0) {
765
			www = 1;
766
4
		} else if (strcmp(*argv, "-WWW") == 0) {
767
			www = 2;
768
4
		} else if (strcmp(*argv, "-HTTP") == 0) {
769
			www = 3;
770
4
		} else if (strcmp(*argv, "-no_ssl2") == 0) {
771
			off |= SSL_OP_NO_SSLv2;
772
4
		} else if (strcmp(*argv, "-no_ssl3") == 0) {
773
			off |= SSL_OP_NO_SSLv3;
774
4
		} else if (strcmp(*argv, "-no_tls1") == 0) {
775
			off |= SSL_OP_NO_TLSv1;
776
4
		} else if (strcmp(*argv, "-no_tls1_1") == 0) {
777
			off |= SSL_OP_NO_TLSv1_1;
778
4
		} else if (strcmp(*argv, "-no_tls1_2") == 0) {
779
			off |= SSL_OP_NO_TLSv1_2;
780
4
		} else if (strcmp(*argv, "-no_comp") == 0) {
781
			off |= SSL_OP_NO_COMPRESSION;
782
4
		} else if (strcmp(*argv, "-no_ticket") == 0) {
783
			off |= SSL_OP_NO_TICKET;
784
4
		} else if (strcmp(*argv, "-tls1") == 0) {
785
			meth = TLSv1_server_method();
786
4
		} else if (strcmp(*argv, "-tls1_1") == 0) {
787
			meth = TLSv1_1_server_method();
788
4
		} else if (strcmp(*argv, "-tls1_2") == 0) {
789
			meth = TLSv1_2_server_method();
790
		}
791
#ifndef OPENSSL_NO_DTLS1
792
4
		else if (strcmp(*argv, "-dtls1") == 0) {
793
			meth = DTLSv1_server_method();
794
			socket_type = SOCK_DGRAM;
795
4
		} else if (strcmp(*argv, "-timeout") == 0)
796
			enable_timeouts = 1;
797
4
		else if (strcmp(*argv, "-mtu") == 0) {
798
			if (--argc < 1)
799
				goto bad;
800
			socket_mtu = strtonum(*(++argv), 0, LONG_MAX, &errstr);
801
			if (errstr)
802
				goto bad;
803
4
		} else if (strcmp(*argv, "-chain") == 0)
804
			cert_chain = 1;
805
#endif
806
4
		else if (strcmp(*argv, "-id_prefix") == 0) {
807
			if (--argc < 1)
808
				goto bad;
809
			session_id_prefix = *(++argv);
810
		}
811
4
		else if (strcmp(*argv, "-servername") == 0) {
812
			if (--argc < 1)
813
				goto bad;
814
			tlsextcbp.servername = *(++argv);
815
4
		} else if (strcmp(*argv, "-servername_fatal") == 0) {
816
			tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_FATAL;
817
4
		} else if (strcmp(*argv, "-cert2") == 0) {
818
			if (--argc < 1)
819
				goto bad;
820
			s_cert_file2 = *(++argv);
821
4
		} else if (strcmp(*argv, "-key2") == 0) {
822
			if (--argc < 1)
823
				goto bad;
824
			s_key_file2 = *(++argv);
825
4
		} else if (strcmp(*argv, "-nextprotoneg") == 0) {
826
			/* Ignored. */
827
			if (--argc < 1)
828
				goto bad;
829
			++argv;
830
4
		} else if (strcmp(*argv,"-alpn") == 0) {
831
			if (--argc < 1)
832
				goto bad;
833
			alpn_in = *(++argv);
834
		}
835
#ifndef OPENSSL_NO_SRTP
836
4
		else if (strcmp(*argv, "-use_srtp") == 0) {
837
			if (--argc < 1)
838
				goto bad;
839
			srtp_profiles = *(++argv);
840
		}
841
#endif
842
4
		else if (strcmp(*argv, "-keymatexport") == 0) {
843
			if (--argc < 1)
844
				goto bad;
845
			keymatexportlabel = *(++argv);
846
4
		} else if (strcmp(*argv, "-keymatexportlen") == 0) {
847
			if (--argc < 1)
848
				goto bad;
849
			keymatexportlen = strtonum(*(++argv), 1, INT_MAX, &errstr);
850
			if (errstr)
851
				goto bad;
852
		} else {
853
4
			BIO_printf(bio_err, "unknown option %s\n", *argv);
854
			badop = 1;
855
4
			break;
856
		}
857
		argc--;
858
		argv++;
859
	}
860
4
	if (badop) {
861
bad:
862
4
		if (errstr)
863
			BIO_printf(bio_err, "invalid argument %s: %s\n",
864
			    *argv, errstr);
865
		else
866
4
			sv_usage();
867
		goto end;
868
	}
869
870
	if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass)) {
871
		BIO_printf(bio_err, "Error getting password\n");
872
		goto end;
873
	}
874
	if (s_key_file == NULL)
875
		s_key_file = s_cert_file;
876
	if (s_key_file2 == NULL)
877
		s_key_file2 = s_cert_file2;
878
879
	if (nocert == 0) {
880
		s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass,
881
		    "server certificate private key file");
882
		if (!s_key) {
883
			ERR_print_errors(bio_err);
884
			goto end;
885
		}
886
		s_cert = load_cert(bio_err, s_cert_file, s_cert_format,
887
		    NULL, "server certificate file");
888
889
		if (!s_cert) {
890
			ERR_print_errors(bio_err);
891
			goto end;
892
		}
893
		if (tlsextcbp.servername) {
894
			s_key2 = load_key(bio_err, s_key_file2, s_key_format, 0, pass,
895
			    "second server certificate private key file");
896
			if (!s_key2) {
897
				ERR_print_errors(bio_err);
898
				goto end;
899
			}
900
			s_cert2 = load_cert(bio_err, s_cert_file2, s_cert_format,
901
			    NULL, "second server certificate file");
902
903
			if (!s_cert2) {
904
				ERR_print_errors(bio_err);
905
				goto end;
906
			}
907
		}
908
	}
909
	alpn_ctx.data = NULL;
910
	if (alpn_in) {
911
		unsigned short len;
912
		alpn_ctx.data = next_protos_parse(&len, alpn_in);
913
		if (alpn_ctx.data == NULL)
914
			goto end;
915
		alpn_ctx.len = len;
916
	}
917
918
	if (s_dcert_file) {
919
920
		if (s_dkey_file == NULL)
921
			s_dkey_file = s_dcert_file;
922
923
		s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format,
924
		    0, dpass, "second certificate private key file");
925
		if (!s_dkey) {
926
			ERR_print_errors(bio_err);
927
			goto end;
928
		}
929
		s_dcert = load_cert(bio_err, s_dcert_file, s_dcert_format,
930
		    NULL, "second server certificate file");
931
932
		if (!s_dcert) {
933
			ERR_print_errors(bio_err);
934
			goto end;
935
		}
936
	}
937
	if (bio_s_out == NULL) {
938
		if (s_quiet && !s_debug && !s_msg) {
939
			bio_s_out = BIO_new(BIO_s_null());
940
		} else {
941
			if (bio_s_out == NULL)
942
				bio_s_out = BIO_new_fp(stdout, BIO_NOCLOSE);
943
		}
944
	}
945
	if (nocert) {
946
		s_cert_file = NULL;
947
		s_key_file = NULL;
948
		s_dcert_file = NULL;
949
		s_dkey_file = NULL;
950
		s_cert_file2 = NULL;
951
		s_key_file2 = NULL;
952
	}
953
	ctx = SSL_CTX_new(meth);
954
	if (ctx == NULL) {
955
		ERR_print_errors(bio_err);
956
		goto end;
957
	}
958
	if (session_id_prefix) {
959
		if (strlen(session_id_prefix) >= 32)
960
			BIO_printf(bio_err,
961
			    "warning: id_prefix is too long, only one new session will be possible\n");
962
		else if (strlen(session_id_prefix) >= 16)
963
			BIO_printf(bio_err,
964
			    "warning: id_prefix is too long if you use SSLv2\n");
965
		if (!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) {
966
			BIO_printf(bio_err, "error setting 'id_prefix'\n");
967
			ERR_print_errors(bio_err);
968
			goto end;
969
		}
970
		BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
971
	}
972
	SSL_CTX_set_quiet_shutdown(ctx, 1);
973
	if (bugs)
974
		SSL_CTX_set_options(ctx, SSL_OP_ALL);
975
	SSL_CTX_set_options(ctx, off);
976
	/*
977
	 * DTLS: partial reads end up discarding unread UDP bytes :-( Setting
978
	 * read ahead solves this problem.
979
	 */
980
	if (socket_type == SOCK_DGRAM)
981
		SSL_CTX_set_read_ahead(ctx, 1);
982
983
	if (state)
984
		SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
985
	if (no_cache)
986
		SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
987
	else
988
		SSL_CTX_sess_set_cache_size(ctx, 128);
989
990
#ifndef OPENSSL_NO_SRTP
991
	if (srtp_profiles != NULL)
992
		SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
993
#endif
994
995
996
	if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
997
	    (!SSL_CTX_set_default_verify_paths(ctx))) {
998
		/* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
999
		ERR_print_errors(bio_err);
1000
		/* goto end; */
1001
	}
1002
	if (vpm)
1003
		SSL_CTX_set1_param(ctx, vpm);
1004
1005
	if (s_cert2) {
1006
		ctx2 = SSL_CTX_new(meth);
1007
		if (ctx2 == NULL) {
1008
			ERR_print_errors(bio_err);
1009
			goto end;
1010
		}
1011
	}
1012
	if (ctx2) {
1013
		BIO_printf(bio_s_out, "Setting secondary ctx parameters\n");
1014
1015
		if (session_id_prefix) {
1016
			if (strlen(session_id_prefix) >= 32)
1017
				BIO_printf(bio_err,
1018
				    "warning: id_prefix is too long, only one new session will be possible\n");
1019
			else if (strlen(session_id_prefix) >= 16)
1020
				BIO_printf(bio_err,
1021
				    "warning: id_prefix is too long if you use SSLv2\n");
1022
			if (!SSL_CTX_set_generate_session_id(ctx2, generate_session_id)) {
1023
				BIO_printf(bio_err, "error setting 'id_prefix'\n");
1024
				ERR_print_errors(bio_err);
1025
				goto end;
1026
			}
1027
			BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
1028
		}
1029
		SSL_CTX_set_quiet_shutdown(ctx2, 1);
1030
		if (bugs)
1031
			SSL_CTX_set_options(ctx2, SSL_OP_ALL);
1032
		SSL_CTX_set_options(ctx2, off);
1033
		/*
1034
		 * DTLS: partial reads end up discarding unread UDP bytes :-(
1035
		 * Setting read ahead solves this problem.
1036
		 */
1037
		if (socket_type == SOCK_DGRAM)
1038
			SSL_CTX_set_read_ahead(ctx2, 1);
1039
1040
		if (state)
1041
			SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback);
1042
1043
		if (no_cache)
1044
			SSL_CTX_set_session_cache_mode(ctx2, SSL_SESS_CACHE_OFF);
1045
		else
1046
			SSL_CTX_sess_set_cache_size(ctx2, 128);
1047
1048
		if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) ||
1049
		    (!SSL_CTX_set_default_verify_paths(ctx2))) {
1050
			ERR_print_errors(bio_err);
1051
		}
1052
		if (vpm)
1053
			SSL_CTX_set1_param(ctx2, vpm);
1054
	}
1055
	if (alpn_ctx.data)
1056
		SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx);
1057
1058
#ifndef OPENSSL_NO_DH
1059
	if (!no_dhe) {
1060
		DH *dh = NULL;
1061
1062
		if (dhfile)
1063
			dh = load_dh_param(dhfile);
1064
		else if (s_cert_file)
1065
			dh = load_dh_param(s_cert_file);
1066
1067
		if (dh != NULL)
1068
			BIO_printf(bio_s_out, "Setting temp DH parameters\n");
1069
		else
1070
			BIO_printf(bio_s_out, "Using auto DH parameters\n");
1071
		(void) BIO_flush(bio_s_out);
1072
1073
		if (dh == NULL)
1074
			SSL_CTX_set_dh_auto(ctx, 1);
1075
		else if (!SSL_CTX_set_tmp_dh(ctx, dh)) {
1076
			BIO_printf(bio_err,
1077
			    "Error setting temp DH parameters\n");
1078
			ERR_print_errors(bio_err);
1079
			DH_free(dh);
1080
			goto end;
1081
		}
1082
1083
		if (ctx2) {
1084
			if (!dhfile) {
1085
				DH *dh2 = NULL;
1086
1087
				if (s_cert_file2 != NULL)
1088
					dh2 = load_dh_param(s_cert_file2);
1089
				if (dh2 != NULL) {
1090
					BIO_printf(bio_s_out, "Setting temp DH parameters\n");
1091
					(void) BIO_flush(bio_s_out);
1092
1093
					DH_free(dh);
1094
					dh = dh2;
1095
				}
1096
			}
1097
			if (dh == NULL)
1098
				SSL_CTX_set_dh_auto(ctx2, 1);
1099
			else if (!SSL_CTX_set_tmp_dh(ctx2, dh)) {
1100
				BIO_printf(bio_err,
1101
				    "Error setting temp DH parameters\n");
1102
				ERR_print_errors(bio_err);
1103
				DH_free(dh);
1104
				goto end;
1105
			}
1106
		}
1107
		DH_free(dh);
1108
	}
1109
#endif
1110
1111
	if (!no_ecdhe) {
1112
		EC_KEY *ecdh = NULL;
1113
1114
		if (named_curve) {
1115
			int nid = OBJ_sn2nid(named_curve);
1116
1117
			if (nid == 0) {
1118
				BIO_printf(bio_err, "unknown curve name (%s)\n",
1119
				    named_curve);
1120
				goto end;
1121
			}
1122
			ecdh = EC_KEY_new_by_curve_name(nid);
1123
			if (ecdh == NULL) {
1124
				BIO_printf(bio_err, "unable to create curve (%s)\n",
1125
				    named_curve);
1126
				goto end;
1127
			}
1128
		}
1129
		if (ecdh != NULL) {
1130
			BIO_printf(bio_s_out, "Setting temp ECDH parameters\n");
1131
		} else {
1132
			BIO_printf(bio_s_out, "Using default temp ECDH parameters\n");
1133
			ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1134
			if (ecdh == NULL) {
1135
				BIO_printf(bio_err, "unable to create curve (nistp256)\n");
1136
				goto end;
1137
			}
1138
		}
1139
		(void) BIO_flush(bio_s_out);
1140
1141
		SSL_CTX_set_tmp_ecdh(ctx, ecdh);
1142
		if (ctx2)
1143
			SSL_CTX_set_tmp_ecdh(ctx2, ecdh);
1144
		EC_KEY_free(ecdh);
1145
	}
1146
1147
	if (!set_cert_key_stuff(ctx, s_cert, s_key))
1148
		goto end;
1149
	if (ctx2 && !set_cert_key_stuff(ctx2, s_cert2, s_key2))
1150
		goto end;
1151
	if (s_dcert != NULL) {
1152
		if (!set_cert_key_stuff(ctx, s_dcert, s_dkey))
1153
			goto end;
1154
	}
1155
1156
	if (cipher != NULL) {
1157
		if (!SSL_CTX_set_cipher_list(ctx, cipher)) {
1158
			BIO_printf(bio_err, "error setting cipher list\n");
1159
			ERR_print_errors(bio_err);
1160
			goto end;
1161
		}
1162
		if (ctx2 && !SSL_CTX_set_cipher_list(ctx2, cipher)) {
1163
			BIO_printf(bio_err, "error setting cipher list\n");
1164
			ERR_print_errors(bio_err);
1165
			goto end;
1166
		}
1167
	}
1168
	SSL_CTX_set_verify(ctx, s_server_verify, verify_callback);
1169
	SSL_CTX_set_session_id_context(ctx, (void *) &s_server_session_id_context,
1170
	    sizeof s_server_session_id_context);
1171
1172
	/* Set DTLS cookie generation and verification callbacks */
1173
	SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
1174
	SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);
1175
1176
	if (ctx2) {
1177
		SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback);
1178
		SSL_CTX_set_session_id_context(ctx2, (void *) &s_server_session_id_context,
1179
		    sizeof s_server_session_id_context);
1180
1181
		tlsextcbp.biodebug = bio_s_out;
1182
		SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);
1183
		SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp);
1184
		SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
1185
		SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
1186
	}
1187
1188
	if (CAfile != NULL) {
1189
		SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
1190
		if (ctx2)
1191
			SSL_CTX_set_client_CA_list(ctx2, SSL_load_client_CA_file(CAfile));
1192
	}
1193
	BIO_printf(bio_s_out, "ACCEPT\n");
1194
	(void) BIO_flush(bio_s_out);
1195
	if (www)
1196
		do_server(port, socket_type, &accept_socket, www_body, context);
1197
	else
1198
		do_server(port, socket_type, &accept_socket, sv_body, context);
1199
	print_stats(bio_s_out, ctx);
1200
	ret = 0;
1201
end:
1202
4
	if (ctx != NULL)
1203
		SSL_CTX_free(ctx);
1204
4
	if (s_cert)
1205
		X509_free(s_cert);
1206
4
	if (s_dcert)
1207
		X509_free(s_dcert);
1208
4
	if (s_key)
1209
		EVP_PKEY_free(s_key);
1210
4
	if (s_dkey)
1211
		EVP_PKEY_free(s_dkey);
1212
4
	free(pass);
1213
4
	free(dpass);
1214
4
	if (vpm)
1215
		X509_VERIFY_PARAM_free(vpm);
1216
4
	free(tlscstatp.host);
1217
4
	free(tlscstatp.port);
1218
4
	free(tlscstatp.path);
1219
4
	if (ctx2 != NULL)
1220
		SSL_CTX_free(ctx2);
1221
4
	if (s_cert2)
1222
		X509_free(s_cert2);
1223
4
	if (s_key2)
1224
		EVP_PKEY_free(s_key2);
1225
4
	free(alpn_ctx.data);
1226
4
	if (bio_s_out != NULL) {
1227
		BIO_free(bio_s_out);
1228
		bio_s_out = NULL;
1229
	}
1230
1231
4
	return (ret);
1232
4
}
1233
1234
static void
1235
print_stats(BIO * bio, SSL_CTX * ssl_ctx)
1236
{
1237
	BIO_printf(bio, "%4ld items in the session cache\n",
1238
	    SSL_CTX_sess_number(ssl_ctx));
1239
	BIO_printf(bio, "%4ld client connects (SSL_connect())\n",
1240
	    SSL_CTX_sess_connect(ssl_ctx));
1241
	BIO_printf(bio, "%4ld client renegotiates (SSL_connect())\n",
1242
	    SSL_CTX_sess_connect_renegotiate(ssl_ctx));
1243
	BIO_printf(bio, "%4ld client connects that finished\n",
1244
	    SSL_CTX_sess_connect_good(ssl_ctx));
1245
	BIO_printf(bio, "%4ld server accepts (SSL_accept())\n",
1246
	    SSL_CTX_sess_accept(ssl_ctx));
1247
	BIO_printf(bio, "%4ld server renegotiates (SSL_accept())\n",
1248
	    SSL_CTX_sess_accept_renegotiate(ssl_ctx));
1249
	BIO_printf(bio, "%4ld server accepts that finished\n",
1250
	    SSL_CTX_sess_accept_good(ssl_ctx));
1251
	BIO_printf(bio, "%4ld session cache hits\n", SSL_CTX_sess_hits(ssl_ctx));
1252
	BIO_printf(bio, "%4ld session cache misses\n", SSL_CTX_sess_misses(ssl_ctx));
1253
	BIO_printf(bio, "%4ld session cache timeouts\n", SSL_CTX_sess_timeouts(ssl_ctx));
1254
	BIO_printf(bio, "%4ld callback cache hits\n", SSL_CTX_sess_cb_hits(ssl_ctx));
1255
	BIO_printf(bio, "%4ld cache full overflows (%ld allowed)\n",
1256
	    SSL_CTX_sess_cache_full(ssl_ctx),
1257
	    SSL_CTX_sess_get_cache_size(ssl_ctx));
1258
}
1259
1260
static int
1261
sv_body(char *hostname, int s, unsigned char *context)
1262
{
1263
	char *buf = NULL;
1264
	int ret = 1;
1265
	int k, i;
1266
	unsigned long l;
1267
	SSL *con = NULL;
1268
	BIO *sbio;
1269
	struct timeval timeout;
1270
1271
	if ((buf = malloc(bufsize)) == NULL) {
1272
		BIO_printf(bio_err, "out of memory\n");
1273
		goto err;
1274
	}
1275
	if (s_nbio) {
1276
		if (!s_quiet)
1277
			BIO_printf(bio_err, "turning on non blocking io\n");
1278
		if (!BIO_socket_nbio(s, 1))
1279
			ERR_print_errors(bio_err);
1280
	}
1281
1282
	if (con == NULL) {
1283
		con = SSL_new(ctx);
1284
		if (s_tlsextdebug) {
1285
			SSL_set_tlsext_debug_callback(con, tlsext_cb);
1286
			SSL_set_tlsext_debug_arg(con, bio_s_out);
1287
		}
1288
		if (s_tlsextstatus) {
1289
			SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb);
1290
			tlscstatp.err = bio_err;
1291
			SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp);
1292
		}
1293
		if (context)
1294
			SSL_set_session_id_context(con, context,
1295
			    strlen((char *) context));
1296
	}
1297
	SSL_clear(con);
1298
1299
	if (SSL_version(con) == DTLS1_VERSION) {
1300
1301
		sbio = BIO_new_dgram(s, BIO_NOCLOSE);
1302
1303
		if (enable_timeouts) {
1304
			timeout.tv_sec = 0;
1305
			timeout.tv_usec = DGRAM_RCV_TIMEOUT;
1306
			BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
1307
1308
			timeout.tv_sec = 0;
1309
			timeout.tv_usec = DGRAM_SND_TIMEOUT;
1310
			BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
1311
		}
1312
		if (socket_mtu > 28) {
1313
			SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
1314
			SSL_set_mtu(con, socket_mtu - 28);
1315
		} else
1316
			/* want to do MTU discovery */
1317
			BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
1318
1319
		/* turn on cookie exchange */
1320
		SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE);
1321
	} else
1322
		sbio = BIO_new_socket(s, BIO_NOCLOSE);
1323
1324
	if (s_nbio_test) {
1325
		BIO *test;
1326
1327
		test = BIO_new(BIO_f_nbio_test());
1328
		sbio = BIO_push(test, sbio);
1329
	}
1330
1331
	SSL_set_bio(con, sbio, sbio);
1332
	SSL_set_accept_state(con);
1333
	/* SSL_set_fd(con,s); */
1334
1335
	if (s_debug) {
1336
		SSL_set_debug(con, 1);
1337
		BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
1338
		BIO_set_callback_arg(SSL_get_rbio(con), (char *) bio_s_out);
1339
	}
1340
	if (s_msg) {
1341
		SSL_set_msg_callback(con, msg_cb);
1342
		SSL_set_msg_callback_arg(con, bio_s_out);
1343
	}
1344
	if (s_tlsextdebug) {
1345
		SSL_set_tlsext_debug_callback(con, tlsext_cb);
1346
		SSL_set_tlsext_debug_arg(con, bio_s_out);
1347
	}
1348
1349
	for (;;) {
1350
		int read_from_terminal;
1351
		int read_from_sslcon;
1352
		struct pollfd pfd[2];
1353
		int ptimeout;
1354
1355
		read_from_terminal = 0;
1356
		read_from_sslcon = SSL_pending(con);
1357
1358
		if (!read_from_sslcon) {
1359
			pfd[0].fd = fileno(stdin);
1360
			pfd[0].events = POLLIN;
1361
			pfd[1].fd = s;
1362
			pfd[1].events = POLLIN;
1363
1364
			if ((SSL_version(con) == DTLS1_VERSION) &&
1365
			    DTLSv1_get_timeout(con, &timeout))
1366
				ptimeout = timeout.tv_sec * 1000 +
1367
				    timeout.tv_usec / 1000;
1368
			else
1369
				ptimeout = -1;
1370
1371
			i = poll(pfd, 2, ptimeout);
1372
1373
			if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0) {
1374
				BIO_printf(bio_err, "TIMEOUT occured\n");
1375
			}
1376
			if (i <= 0)
1377
				continue;
1378
			if (pfd[0].revents) {
1379
				if ((pfd[0].revents & (POLLERR|POLLNVAL)))
1380
					continue;
1381
				read_from_terminal = 1;
1382
			}
1383
			if (pfd[1].revents) {
1384
				if ((pfd[1].revents & (POLLERR|POLLNVAL)))
1385
					continue;
1386
				read_from_sslcon = 1;
1387
			}
1388
		}
1389
		if (read_from_terminal) {
1390
			if (s_crlf) {
1391
				int j, lf_num;
1392
1393
				i = read(fileno(stdin), buf, bufsize / 2);
1394
				lf_num = 0;
1395
				/* both loops are skipped when i <= 0 */
1396
				for (j = 0; j < i; j++)
1397
					if (buf[j] == '\n')
1398
						lf_num++;
1399
				for (j = i - 1; j >= 0; j--) {
1400
					buf[j + lf_num] = buf[j];
1401
					if (buf[j] == '\n') {
1402
						lf_num--;
1403
						i++;
1404
						buf[j + lf_num] = '\r';
1405
					}
1406
				}
1407
				assert(lf_num == 0);
1408
			} else
1409
				i = read(fileno(stdin), buf, bufsize);
1410
			if (!s_quiet) {
1411
				if ((i <= 0) || (buf[0] == 'Q')) {
1412
					BIO_printf(bio_s_out, "DONE\n");
1413
					shutdown(s, SHUT_RD);
1414
					close(s);
1415
					close_accept_socket();
1416
					ret = -11;
1417
					goto err;
1418
				}
1419
				if ((i <= 0) || (buf[0] == 'q')) {
1420
					BIO_printf(bio_s_out, "DONE\n");
1421
					if (SSL_version(con) != DTLS1_VERSION) {
1422
						shutdown(s, SHUT_RD);
1423
						close(s);
1424
					}
1425
					/*
1426
					 * close_accept_socket(); ret= -11;
1427
					 */
1428
					goto err;
1429
				}
1430
				if ((buf[0] == 'r') &&
1431
				    ((buf[1] == '\n') || (buf[1] == '\r'))) {
1432
					SSL_renegotiate(con);
1433
					i = SSL_do_handshake(con);
1434
					printf("SSL_do_handshake -> %d\n", i);
1435
					i = 0;	/* 13; */
1436
					continue;
1437
					/*
1438
					 * RE-NEGOTIATE\n");
1439
					 */
1440
				}
1441
				if ((buf[0] == 'R') &&
1442
				    ((buf[1] == '\n') || (buf[1] == '\r'))) {
1443
					SSL_set_verify(con,
1444
					    SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, NULL);
1445
					SSL_renegotiate(con);
1446
					i = SSL_do_handshake(con);
1447
					printf("SSL_do_handshake -> %d\n", i);
1448
					i = 0;	/* 13; */
1449
					continue;
1450
					/*
1451
					 * RE-NEGOTIATE asking for client
1452
					 * cert\n");
1453
					 */
1454
				}
1455
				if (buf[0] == 'P') {
1456
					static const char *str = "Lets print some clear text\n";
1457
					BIO_write(SSL_get_wbio(con), str, strlen(str));
1458
				}
1459
				if (buf[0] == 'S') {
1460
					print_stats(bio_s_out, SSL_get_SSL_CTX(con));
1461
				}
1462
			}
1463
			l = k = 0;
1464
			for (;;) {
1465
				/* should do a select for the write */
1466
#ifdef RENEG
1467
				{
1468
					static count = 0;
1469
					if (++count == 100) {
1470
						count = 0;
1471
						SSL_renegotiate(con);
1472
					}
1473
				}
1474
#endif
1475
				k = SSL_write(con, &(buf[l]), (unsigned int) i);
1476
				switch (SSL_get_error(con, k)) {
1477
				case SSL_ERROR_NONE:
1478
					break;
1479
				case SSL_ERROR_WANT_WRITE:
1480
				case SSL_ERROR_WANT_READ:
1481
				case SSL_ERROR_WANT_X509_LOOKUP:
1482
					BIO_printf(bio_s_out, "Write BLOCK\n");
1483
					break;
1484
				case SSL_ERROR_SYSCALL:
1485
				case SSL_ERROR_SSL:
1486
					BIO_printf(bio_s_out, "ERROR\n");
1487
					ERR_print_errors(bio_err);
1488
					ret = 1;
1489
					goto err;
1490
					/* break; */
1491
				case SSL_ERROR_ZERO_RETURN:
1492
					BIO_printf(bio_s_out, "DONE\n");
1493
					ret = 1;
1494
					goto err;
1495
				}
1496
				l += k;
1497
				i -= k;
1498
				if (i <= 0)
1499
					break;
1500
			}
1501
		}
1502
		if (read_from_sslcon) {
1503
			if (!SSL_is_init_finished(con)) {
1504
				i = init_ssl_connection(con);
1505
1506
				if (i < 0) {
1507
					ret = 0;
1508
					goto err;
1509
				} else if (i == 0) {
1510
					ret = 1;
1511
					goto err;
1512
				}
1513
			} else {
1514
		again:
1515
				i = SSL_read(con, (char *) buf, bufsize);
1516
				switch (SSL_get_error(con, i)) {
1517
				case SSL_ERROR_NONE: {
1518
						int len, n;
1519
						for (len = 0; len < i;) {
1520
							do {
1521
								n = write(fileno(stdout), buf + len, i - len);
1522
							} while (n == -1 && errno == EINTR);
1523
1524
							if (n < 0) {
1525
								BIO_printf(bio_s_out, "ERROR\n");
1526
								goto err;
1527
							}
1528
							len += n;
1529
						}
1530
					}
1531
					if (SSL_pending(con))
1532
						goto again;
1533
					break;
1534
				case SSL_ERROR_WANT_WRITE:
1535
				case SSL_ERROR_WANT_READ:
1536
					BIO_printf(bio_s_out, "Read BLOCK\n");
1537
					break;
1538
				case SSL_ERROR_SYSCALL:
1539
				case SSL_ERROR_SSL:
1540
					BIO_printf(bio_s_out, "ERROR\n");
1541
					ERR_print_errors(bio_err);
1542
					ret = 1;
1543
					goto err;
1544
				case SSL_ERROR_ZERO_RETURN:
1545
					BIO_printf(bio_s_out, "DONE\n");
1546
					ret = 1;
1547
					goto err;
1548
				}
1549
			}
1550
		}
1551
	}
1552
err:
1553
	if (con != NULL) {
1554
		BIO_printf(bio_s_out, "shutting down SSL\n");
1555
		SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
1556
		SSL_free(con);
1557
	}
1558
	BIO_printf(bio_s_out, "CONNECTION CLOSED\n");
1559
	freezero(buf, bufsize);
1560
	if (ret >= 0)
1561
		BIO_printf(bio_s_out, "ACCEPT\n");
1562
	return (ret);
1563
}
1564
1565
static void
1566
close_accept_socket(void)
1567
{
1568
	BIO_printf(bio_err, "shutdown accept socket\n");
1569
	if (accept_socket >= 0) {
1570
		shutdown(accept_socket, SHUT_RDWR);
1571
		close(accept_socket);
1572
	}
1573
}
1574
1575
static int
1576
init_ssl_connection(SSL * con)
1577
{
1578
	int i;
1579
	const char *str;
1580
	X509 *peer;
1581
	long verify_error;
1582
	char buf[BUFSIZ];
1583
	unsigned char *exportedkeymat;
1584
1585
	i = SSL_accept(con);
1586
	if (i <= 0) {
1587
		if (BIO_sock_should_retry(i)) {
1588
			BIO_printf(bio_s_out, "DELAY\n");
1589
			return (1);
1590
		}
1591
		BIO_printf(bio_err, "ERROR\n");
1592
		verify_error = SSL_get_verify_result(con);
1593
		if (verify_error != X509_V_OK) {
1594
			BIO_printf(bio_err, "verify error:%s\n",
1595
			    X509_verify_cert_error_string(verify_error));
1596
		} else
1597
			ERR_print_errors(bio_err);
1598
		return (0);
1599
	}
1600
	PEM_write_bio_SSL_SESSION(bio_s_out, SSL_get_session(con));
1601
1602
	peer = SSL_get_peer_certificate(con);
1603
	if (peer != NULL) {
1604
		BIO_printf(bio_s_out, "Client certificate\n");
1605
		PEM_write_bio_X509(bio_s_out, peer);
1606
		X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf);
1607
		BIO_printf(bio_s_out, "subject=%s\n", buf);
1608
		X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf);
1609
		BIO_printf(bio_s_out, "issuer=%s\n", buf);
1610
		X509_free(peer);
1611
	}
1612
	if (SSL_get_shared_ciphers(con, buf, sizeof buf) != NULL)
1613
		BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf);
1614
	str = SSL_CIPHER_get_name(SSL_get_current_cipher(con));
1615
	BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)");
1616
1617
#ifndef OPENSSL_NO_SRTP
1618
	{
1619
		SRTP_PROTECTION_PROFILE *srtp_profile
1620
		= SSL_get_selected_srtp_profile(con);
1621
1622
		if (srtp_profile)
1623
			BIO_printf(bio_s_out, "SRTP Extension negotiated, profile=%s\n",
1624
			    srtp_profile->name);
1625
	}
1626
#endif
1627
	if (SSL_cache_hit(con))
1628
		BIO_printf(bio_s_out, "Reused session-id\n");
1629
	BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
1630
	    SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
1631
	if (keymatexportlabel != NULL) {
1632
		BIO_printf(bio_s_out, "Keying material exporter:\n");
1633
		BIO_printf(bio_s_out, "    Label: '%s'\n", keymatexportlabel);
1634
		BIO_printf(bio_s_out, "    Length: %i bytes\n",
1635
		    keymatexportlen);
1636
		exportedkeymat = malloc(keymatexportlen);
1637
		if (exportedkeymat != NULL) {
1638
			if (!SSL_export_keying_material(con, exportedkeymat,
1639
				keymatexportlen,
1640
				keymatexportlabel,
1641
				strlen(keymatexportlabel),
1642
				NULL, 0, 0)) {
1643
				BIO_printf(bio_s_out, "    Error\n");
1644
			} else {
1645
				BIO_printf(bio_s_out, "    Keying material: ");
1646
				for (i = 0; i < keymatexportlen; i++)
1647
					BIO_printf(bio_s_out, "%02X",
1648
					    exportedkeymat[i]);
1649
				BIO_printf(bio_s_out, "\n");
1650
			}
1651
			free(exportedkeymat);
1652
		}
1653
	}
1654
	return (1);
1655
}
1656
1657
#ifndef OPENSSL_NO_DH
1658
static DH *
1659
load_dh_param(const char *dhfile)
1660
{
1661
	DH *ret = NULL;
1662
	BIO *bio;
1663
1664
	if ((bio = BIO_new_file(dhfile, "r")) == NULL)
1665
		goto err;
1666
	ret = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
1667
err:
1668
	BIO_free(bio);
1669
	return (ret);
1670
}
1671
#endif
1672
1673
static int
1674
www_body(char *hostname, int s, unsigned char *context)
1675
{
1676
	char *buf = NULL;
1677
	int ret = 1;
1678
	int i, j, k, dot;
1679
	SSL *con;
1680
	const SSL_CIPHER *c;
1681
	BIO *io, *ssl_bio, *sbio;
1682
1683
	buf = malloc(bufsize);
1684
	if (buf == NULL)
1685
		return (0);
1686
	io = BIO_new(BIO_f_buffer());
1687
	ssl_bio = BIO_new(BIO_f_ssl());
1688
	if ((io == NULL) || (ssl_bio == NULL))
1689
		goto err;
1690
1691
	if (s_nbio) {
1692
		if (!s_quiet)
1693
			BIO_printf(bio_err, "turning on non blocking io\n");
1694
		if (!BIO_socket_nbio(s, 1))
1695
			ERR_print_errors(bio_err);
1696
	}
1697
1698
	/* lets make the output buffer a reasonable size */
1699
	if (!BIO_set_write_buffer_size(io, bufsize))
1700
		goto err;
1701
1702
	if ((con = SSL_new(ctx)) == NULL)
1703
		goto err;
1704
	if (s_tlsextdebug) {
1705
		SSL_set_tlsext_debug_callback(con, tlsext_cb);
1706
		SSL_set_tlsext_debug_arg(con, bio_s_out);
1707
	}
1708
	if (context)
1709
		SSL_set_session_id_context(con, context,
1710
		    strlen((char *) context));
1711
1712
	sbio = BIO_new_socket(s, BIO_NOCLOSE);
1713
	if (s_nbio_test) {
1714
		BIO *test;
1715
1716
		test = BIO_new(BIO_f_nbio_test());
1717
		sbio = BIO_push(test, sbio);
1718
	}
1719
	SSL_set_bio(con, sbio, sbio);
1720
	SSL_set_accept_state(con);
1721
1722
	/* SSL_set_fd(con,s); */
1723
	BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
1724
	BIO_push(io, ssl_bio);
1725
1726
	if (s_debug) {
1727
		SSL_set_debug(con, 1);
1728
		BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
1729
		BIO_set_callback_arg(SSL_get_rbio(con), (char *) bio_s_out);
1730
	}
1731
	if (s_msg) {
1732
		SSL_set_msg_callback(con, msg_cb);
1733
		SSL_set_msg_callback_arg(con, bio_s_out);
1734
	}
1735
	for (;;) {
1736
		i = BIO_gets(io, buf, bufsize - 1);
1737
		if (i < 0) {	/* error */
1738
			if (!BIO_should_retry(io)) {
1739
				if (!s_quiet)
1740
					ERR_print_errors(bio_err);
1741
				goto err;
1742
			} else {
1743
				BIO_printf(bio_s_out, "read R BLOCK\n");
1744
				sleep(1);
1745
				continue;
1746
			}
1747
		} else if (i == 0) {	/* end of input */
1748
			ret = 1;
1749
			goto end;
1750
		}
1751
		/* else we have data */
1752
		if (((www == 1) && (strncmp("GET ", buf, 4) == 0)) ||
1753
		    ((www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) {
1754
			char *p;
1755
			X509 *peer;
1756
			STACK_OF(SSL_CIPHER) * sk;
1757
			static const char *space = "                          ";
1758
1759
			BIO_puts(io, "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
1760
			BIO_puts(io, "<HTML><BODY BGCOLOR=\"#ffffff\">\n");
1761
			BIO_puts(io, "<pre>\n");
1762
/*			BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/
1763
			BIO_puts(io, "\n");
1764
			for (i = 0; i < local_argc; i++) {
1765
				BIO_puts(io, local_argv[i]);
1766
				BIO_write(io, " ", 1);
1767
			}
1768
			BIO_puts(io, "\n");
1769
1770
			BIO_printf(io,
1771
			    "Secure Renegotiation IS%s supported\n",
1772
			    SSL_get_secure_renegotiation_support(con) ?
1773
			    "" : " NOT");
1774
1775
			/*
1776
			 * The following is evil and should not really be
1777
			 * done
1778
			 */
1779
			BIO_printf(io, "Ciphers supported in s_server binary\n");
1780
			sk = SSL_get_ciphers(con);
1781
			j = sk_SSL_CIPHER_num(sk);
1782
			for (i = 0; i < j; i++) {
1783
				c = sk_SSL_CIPHER_value(sk, i);
1784
				BIO_printf(io, "%-11s:%-25s",
1785
				    SSL_CIPHER_get_version(c),
1786
				    SSL_CIPHER_get_name(c));
1787
				if ((((i + 1) % 2) == 0) && (i + 1 != j))
1788
					BIO_puts(io, "\n");
1789
			}
1790
			BIO_puts(io, "\n");
1791
			p = SSL_get_shared_ciphers(con, buf, bufsize);
1792
			if (p != NULL) {
1793
				BIO_printf(io, "---\nCiphers common between both SSL end points:\n");
1794
				j = i = 0;
1795
				while (*p) {
1796
					if (*p == ':') {
1797
						BIO_write(io, space, 26 - j);
1798
						i++;
1799
						j = 0;
1800
						BIO_write(io, ((i % 3) ? " " : "\n"), 1);
1801
					} else {
1802
						BIO_write(io, p, 1);
1803
						j++;
1804
					}
1805
					p++;
1806
				}
1807
				BIO_puts(io, "\n");
1808
			}
1809
			BIO_printf(io, (SSL_cache_hit(con)
1810
				? "---\nReused, "
1811
				: "---\nNew, "));
1812
			c = SSL_get_current_cipher(con);
1813
			BIO_printf(io, "%s, Cipher is %s\n",
1814
			    SSL_CIPHER_get_version(c),
1815
			    SSL_CIPHER_get_name(c));
1816
			SSL_SESSION_print(io, SSL_get_session(con));
1817
			BIO_printf(io, "---\n");
1818
			print_stats(io, SSL_get_SSL_CTX(con));
1819
			BIO_printf(io, "---\n");
1820
			peer = SSL_get_peer_certificate(con);
1821
			if (peer != NULL) {
1822
				BIO_printf(io, "Client certificate\n");
1823
				X509_print(io, peer);
1824
				PEM_write_bio_X509(io, peer);
1825
			} else
1826
				BIO_puts(io, "no client certificate available\n");
1827
			BIO_puts(io, "</BODY></HTML>\r\n\r\n");
1828
			break;
1829
		} else if ((www == 2 || www == 3)
1830
		    && (strncmp("GET /", buf, 5) == 0)) {
1831
			BIO *file;
1832
			char *p, *e;
1833
			static const char *text = "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
1834
1835
			/* skip the '/' */
1836
			p = &(buf[5]);
1837
1838
			dot = 1;
1839
			for (e = p; *e != '\0'; e++) {
1840
				if (e[0] == ' ')
1841
					break;
1842
1843
				switch (dot) {
1844
				case 1:
1845
					dot = (e[0] == '.') ? 2 : 0;
1846
					break;
1847
				case 2:
1848
					dot = (e[0] == '.') ? 3 : 0;
1849
					break;
1850
				case 3:
1851
					dot = (e[0] == '/') ? -1 : 0;
1852
					break;
1853
				}
1854
				if (dot == 0)
1855
					dot = (e[0] == '/') ? 1 : 0;
1856
			}
1857
			dot = (dot == 3) || (dot == -1);	/* filename contains
1858
								 * ".." component */
1859
1860
			if (*e == '\0') {
1861
				BIO_puts(io, text);
1862
				BIO_printf(io, "'%s' is an invalid file name\r\n", p);
1863
				break;
1864
			}
1865
			*e = '\0';
1866
1867
			if (dot) {
1868
				BIO_puts(io, text);
1869
				BIO_printf(io, "'%s' contains '..' reference\r\n", p);
1870
				break;
1871
			}
1872
			if (*p == '/') {
1873
				BIO_puts(io, text);
1874
				BIO_printf(io, "'%s' is an invalid path\r\n", p);
1875
				break;
1876
			}
1877
			/* if a directory, do the index thang */
1878
			if (app_isdir(p) > 0) {
1879
				BIO_puts(io, text);
1880
				BIO_printf(io, "'%s' is a directory\r\n", p);
1881
				break;
1882
			}
1883
			if ((file = BIO_new_file(p, "r")) == NULL) {
1884
				BIO_puts(io, text);
1885
				BIO_printf(io, "Error opening '%s'\r\n", p);
1886
				ERR_print_errors(io);
1887
				break;
1888
			}
1889
			if (!s_quiet)
1890
				BIO_printf(bio_err, "FILE:%s\n", p);
1891
1892
			if (www == 2) {
1893
				i = strlen(p);
1894
				if (((i > 5) && (strcmp(&(p[i - 5]), ".html") == 0)) ||
1895
				    ((i > 4) && (strcmp(&(p[i - 4]), ".php") == 0)) ||
1896
				    ((i > 4) && (strcmp(&(p[i - 4]), ".htm") == 0)))
1897
					BIO_puts(io, "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
1898
				else
1899
					BIO_puts(io, "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
1900
			}
1901
			/* send the file */
1902
			for (;;) {
1903
				i = BIO_read(file, buf, bufsize);
1904
				if (i <= 0)
1905
					break;
1906
1907
#ifdef RENEG
1908
				total_bytes += i;
1909
				fprintf(stderr, "%d\n", i);
1910
				if (total_bytes > 3 * 1024) {
1911
					total_bytes = 0;
1912
					fprintf(stderr, "RENEGOTIATE\n");
1913
					SSL_renegotiate(con);
1914
				}
1915
#endif
1916
1917
				for (j = 0; j < i;) {
1918
#ifdef RENEG
1919
					{
1920
						static count = 0;
1921
						if (++count == 13) {
1922
							SSL_renegotiate(con);
1923
						}
1924
					}
1925
#endif
1926
					k = BIO_write(io, &(buf[j]), i - j);
1927
					if (k <= 0) {
1928
						if (!BIO_should_retry(io))
1929
							goto write_error;
1930
						else {
1931
							BIO_printf(bio_s_out, "rwrite W BLOCK\n");
1932
						}
1933
					} else {
1934
						j += k;
1935
					}
1936
				}
1937
			}
1938
	write_error:
1939
			BIO_free(file);
1940
			break;
1941
		}
1942
	}
1943
1944
	for (;;) {
1945
		i = (int) BIO_flush(io);
1946
		if (i <= 0) {
1947
			if (!BIO_should_retry(io))
1948
				break;
1949
		} else
1950
			break;
1951
	}
1952
end:
1953
	/* make sure we re-use sessions */
1954
	SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
1955
1956
err:
1957
1958
	if (ret >= 0)
1959
		BIO_printf(bio_s_out, "ACCEPT\n");
1960
1961
	free(buf);
1962
	if (io != NULL)
1963
		BIO_free_all(io);
1964
/*	if (ssl_bio != NULL) BIO_free(ssl_bio);*/
1965
	return (ret);
1966
}
1967
1968
#define MAX_SESSION_ID_ATTEMPTS 10
1969
static int
1970
generate_session_id(const SSL * ssl, unsigned char *id,
1971
    unsigned int *id_len)
1972
{
1973
	unsigned int count = 0;
1974
	do {
1975
		arc4random_buf(id, *id_len);
1976
		/*
1977
		 * Prefix the session_id with the required prefix. NB: If our
1978
		 * prefix is too long, clip it - but there will be worse
1979
		 * effects anyway, eg. the server could only possibly create
1980
		 * 1 session ID (ie. the prefix!) so all future session
1981
		 * negotiations will fail due to conflicts.
1982
		 */
1983
		memcpy(id, session_id_prefix,
1984
		    (strlen(session_id_prefix) < *id_len) ?
1985
		    strlen(session_id_prefix) : *id_len);
1986
	}
1987
	while (SSL_has_matching_session_id(ssl, id, *id_len) &&
1988
	    (++count < MAX_SESSION_ID_ATTEMPTS));
1989
	if (count >= MAX_SESSION_ID_ATTEMPTS)
1990
		return 0;
1991
	return 1;
1992
}