diff options
Diffstat (limited to 'apps/s_server.c')
-rw-r--r-- | apps/s_server.c | 5743 |
1 files changed, 2804 insertions, 2939 deletions
diff --git a/apps/s_server.c b/apps/s_server.c index 4d55a9a259..94de734e5c 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,7 +63,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -110,7 +110,7 @@ */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by + * ECC cipher suite support in OpenSSL originally developed by * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. */ /* ==================================================================== @@ -140,7 +140,6 @@ * OTHERWISE. */ - #include <assert.h> #include <ctype.h> #include <stdio.h> @@ -151,15 +150,17 @@ /* conflicts with winsock2 stuff on netware */ #if !defined(OPENSSL_SYS_NETWARE) -#include <sys/types.h> +# include <sys/types.h> #endif -/* With IPv6, it looks like Digital has mixed up the proper order of - recursive header file inclusion, resulting in the compiler complaining - that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which - is needed to have fileno() declared correctly... So let's define u_int */ +/* + * With IPv6, it looks like Digital has mixed up the proper order of + * recursive header file inclusion, resulting in the compiler complaining + * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is + * needed to have fileno() declared correctly... So let's define u_int + */ #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) -#define __U_INT +# define __U_INT typedef unsigned int u_int; #endif @@ -174,20 +175,20 @@ typedef unsigned int u_int; #include <openssl/rand.h> #include <openssl/ocsp.h> #ifndef OPENSSL_NO_DH -#include <openssl/dh.h> +# include <openssl/dh.h> #endif #ifndef OPENSSL_NO_RSA -#include <openssl/rsa.h> +# include <openssl/rsa.h> #endif #ifndef OPENSSL_NO_SRP -#include <openssl/srp.h> +# include <openssl/srp.h> #endif #include "s_apps.h" #include "timeouts.h" #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ -#undef FIONBIO +# undef FIONBIO #endif #ifndef OPENSSL_NO_RSA @@ -197,12 +198,12 @@ static int not_resumable_sess_cb(SSL *s, int is_forward_secure); static int sv_body(char *hostname, int s, int stype, unsigned char *context); static int www_body(char *hostname, int s, int stype, unsigned char *context); static int rev_body(char *hostname, int s, int stype, unsigned char *context); -static void close_accept_socket(void ); +static void close_accept_socket(void); static void sv_usage(void); static int init_ssl_connection(SSL *s); -static void print_stats(BIO *bp,SSL_CTX *ctx); +static void print_stats(BIO *bp, SSL_CTX *ctx); static int generate_session_id(const SSL *ssl, unsigned char *id, - unsigned int *id_len); + unsigned int *id_len); static void init_session_cache_ctx(SSL_CTX *sctx); static void free_sessions(void); #ifndef OPENSSL_NO_DH @@ -216,59 +217,60 @@ static void s_server_init(void); /* static int load_CA(SSL_CTX *ctx, char *file);*/ #undef BUFSIZZ -#define BUFSIZZ 16*1024 -static int bufsize=BUFSIZZ; -static int accept_socket= -1; +#define BUFSIZZ 16*1024 +static int bufsize = BUFSIZZ; +static int accept_socket = -1; -#define TEST_CERT "server.pem" +#define TEST_CERT "server.pem" #ifndef OPENSSL_NO_TLSEXT -#define TEST_CERT2 "server2.pem" +# define TEST_CERT2 "server2.pem" #endif #undef PROG -#define PROG s_server_main +#define PROG s_server_main extern int verify_depth, verify_return_error, verify_quiet; -static int s_server_verify=SSL_VERIFY_NONE; +static int s_server_verify = SSL_VERIFY_NONE; static int s_server_session_id_context = 1; /* anything will do */ -static const char *s_cert_file=TEST_CERT,*s_key_file=NULL, *s_chain_file=NULL; +static const char *s_cert_file = TEST_CERT, *s_key_file = + NULL, *s_chain_file = NULL; #ifndef OPENSSL_NO_TLSEXT -static const char *s_cert_file2=TEST_CERT2,*s_key_file2=NULL; +static const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL; #endif -static char *s_dcert_file=NULL,*s_dkey_file=NULL, *s_dchain_file=NULL; +static char *s_dcert_file = NULL, *s_dkey_file = NULL, *s_dchain_file = NULL; #ifdef FIONBIO -static int s_nbio=0; +static int s_nbio = 0; #endif -static int s_nbio_test=0; -int s_crlf=0; -static SSL_CTX *ctx=NULL; +static int s_nbio_test = 0; +int s_crlf = 0; +static SSL_CTX *ctx = NULL; #ifndef OPENSSL_NO_TLSEXT -static SSL_CTX *ctx2=NULL; +static SSL_CTX *ctx2 = NULL; #endif -static int www=0; +static int www = 0; -static BIO *bio_s_out=NULL; +static BIO *bio_s_out = NULL; static BIO *bio_s_msg = NULL; -static int s_debug=0; +static int s_debug = 0; #ifndef OPENSSL_NO_TLSEXT -static int s_tlsextdebug=0; -static int s_tlsextstatus=0; +static int s_tlsextdebug = 0; +static int s_tlsextstatus = 0; static int cert_status_cb(SSL *s, void *arg); #endif static int no_resume_ephemeral = 0; -static int s_msg=0; -static int s_quiet=0; -static int s_ign_eof=0; -static int s_brief=0; +static int s_msg = 0; +static int s_quiet = 0; +static int s_ign_eof = 0; +static int s_brief = 0; -static char *keymatexportlabel=NULL; -static int keymatexportlen=20; +static char *keymatexportlabel = NULL; +static int keymatexportlen = 20; -static int hack=0; +static int hack = 0; #ifndef OPENSSL_NO_ENGINE -static char *engine_id=NULL; +static char *engine_id = NULL; #endif -static const char *session_id_prefix=NULL; +static const char *session_id_prefix = NULL; static int enable_timeouts = 0; static long socket_mtu; @@ -283,280 +285,333 @@ static const char *s_serverinfo_file = NULL; #endif #ifndef OPENSSL_NO_PSK -static char *psk_identity="Client_identity"; -char *psk_key=NULL; /* by default PSK is not used */ +static char *psk_identity = "Client_identity"; +char *psk_key = NULL; /* by default PSK is not used */ static unsigned int psk_server_cb(SSL *ssl, const char *identity, - unsigned char *psk, unsigned int max_psk_len) - { - unsigned int psk_len = 0; - int ret; - BIGNUM *bn = NULL; - - if (s_debug) - BIO_printf(bio_s_out,"psk_server_cb\n"); - if (!identity) - { - BIO_printf(bio_err,"Error: client did not send PSK identity\n"); - goto out_err; - } - if (s_debug) - BIO_printf(bio_s_out,"identity_len=%d identity=%s\n", - identity ? (int)strlen(identity) : 0, identity); - - /* here we could lookup the given identity e.g. from a database */ - if (strcmp(identity, psk_identity) != 0) - { - BIO_printf(bio_s_out, "PSK error: client identity not found" - " (got '%s' expected '%s')\n", identity, - psk_identity); - goto out_err; - } - if (s_debug) - BIO_printf(bio_s_out, "PSK client identity found\n"); - - /* convert the PSK key to binary */ - ret = BN_hex2bn(&bn, psk_key); - if (!ret) - { - BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", psk_key); - if (bn) - BN_free(bn); - return 0; - } - if (BN_num_bytes(bn) > (int)max_psk_len) - { - BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n", - max_psk_len, BN_num_bytes(bn)); - BN_free(bn); - return 0; - } - - ret = BN_bn2bin(bn, psk); - BN_free(bn); - - if (ret < 0) - goto out_err; - psk_len = (unsigned int)ret; - - if (s_debug) - BIO_printf(bio_s_out, "fetched PSK len=%d\n", psk_len); - return psk_len; + unsigned char *psk, + unsigned int max_psk_len) +{ + unsigned int psk_len = 0; + int ret; + BIGNUM *bn = NULL; + + if (s_debug) + BIO_printf(bio_s_out, "psk_server_cb\n"); + if (!identity) { + BIO_printf(bio_err, "Error: client did not send PSK identity\n"); + goto out_err; + } + if (s_debug) + BIO_printf(bio_s_out, "identity_len=%d identity=%s\n", + identity ? (int)strlen(identity) : 0, identity); + + /* here we could lookup the given identity e.g. from a database */ + if (strcmp(identity, psk_identity) != 0) { + BIO_printf(bio_s_out, "PSK error: client identity not found" + " (got '%s' expected '%s')\n", identity, psk_identity); + goto out_err; + } + if (s_debug) + BIO_printf(bio_s_out, "PSK client identity found\n"); + + /* convert the PSK key to binary */ + ret = BN_hex2bn(&bn, psk_key); + if (!ret) { + BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n", + psk_key); + if (bn) + BN_free(bn); + return 0; + } + if (BN_num_bytes(bn) > (int)max_psk_len) { + BIO_printf(bio_err, + "psk buffer of callback is too small (%d) for key (%d)\n", + max_psk_len, BN_num_bytes(bn)); + BN_free(bn); + return 0; + } + + ret = BN_bn2bin(bn, psk); + BN_free(bn); + + if (ret < 0) + goto out_err; + psk_len = (unsigned int)ret; + + if (s_debug) + BIO_printf(bio_s_out, "fetched PSK len=%d\n", psk_len); + return psk_len; out_err: - if (s_debug) - BIO_printf(bio_err, "Error in PSK server callback\n"); - return 0; - } + if (s_debug) + BIO_printf(bio_err, "Error in PSK server callback\n"); + return 0; +} #endif #ifndef OPENSSL_NO_SRP /* This is a context that we pass to callbacks */ -typedef struct srpsrvparm_st - { - char *login; - SRP_VBASE *vb; - SRP_user_pwd *user; - } srpsrvparm; - -/* This callback pretends to require some asynchronous logic in order to obtain - a verifier. When the callback is called for a new connection we return - with a negative value. This will provoke the accept etc to return with - an LOOKUP_X509. The main logic of the reinvokes the suspended call - (which would normally occur after a worker has finished) and we - set the user parameters. -*/ +typedef struct srpsrvparm_st { + char *login; + SRP_VBASE *vb; + SRP_user_pwd *user; +} srpsrvparm; + +/* + * This callback pretends to require some asynchronous logic in order to + * obtain a verifier. When the callback is called for a new connection we + * return with a negative value. This will provoke the accept etc to return + * with an LOOKUP_X509. The main logic of the reinvokes the suspended call + * (which would normally occur after a worker has finished) and we set the + * user parameters. + */ static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) - { - srpsrvparm *p = (srpsrvparm *)arg; - if (p->login == NULL && p->user == NULL ) - { - p->login = SSL_get_srp_username(s); - BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login); - return (-1) ; - } - - if (p->user == NULL) - { - BIO_printf(bio_err, "User %s doesn't exist\n", p->login); - return SSL3_AL_FATAL; - } - if (SSL_set_srp_server_param(s, p->user->N, p->user->g, p->user->s, p->user->v, - p->user->info) < 0) - { - *ad = SSL_AD_INTERNAL_ERROR; - return SSL3_AL_FATAL; - } - BIO_printf(bio_err, "SRP parameters set: username = \"%s\" info=\"%s\" \n", p->login,p->user->info); - /* need to check whether there are memory leaks */ - p->user = NULL; - p->login = NULL; - return SSL_ERROR_NONE; - } +{ + srpsrvparm *p = (srpsrvparm *) arg; + if (p->login == NULL && p->user == NULL) { + p->login = SSL_get_srp_username(s); + BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login); + return (-1); + } + + if (p->user == NULL) { + BIO_printf(bio_err, "User %s doesn't exist\n", p->login); + return SSL3_AL_FATAL; + } + if (SSL_set_srp_server_param + (s, p->user->N, p->user->g, p->user->s, p->user->v, + p->user->info) < 0) { + *ad = SSL_AD_INTERNAL_ERROR; + return SSL3_AL_FATAL; + } + BIO_printf(bio_err, + "SRP parameters set: username = \"%s\" info=\"%s\" \n", + p->login, p->user->info); + /* need to check whether there are memory leaks */ + p->user = NULL; + p->login = NULL; + return SSL_ERROR_NONE; +} #endif #ifdef MONOLITH static void s_server_init(void) - { - accept_socket=-1; - s_server_verify=SSL_VERIFY_NONE; - s_dcert_file=NULL; - s_dkey_file=NULL; - s_dchain_file=NULL; - s_cert_file=TEST_CERT; - s_key_file=NULL; - s_chain_file=NULL; -#ifndef OPENSSL_NO_TLSEXT - s_cert_file2=TEST_CERT2; - s_key_file2=NULL; - ctx2=NULL; -#endif -#ifdef FIONBIO - s_nbio=0; -#endif - s_nbio_test=0; - ctx=NULL; - www=0; - - bio_s_out=NULL; - s_debug=0; - s_msg=0; - s_quiet=0; - s_brief=0; - hack=0; -#ifndef OPENSSL_NO_ENGINE - engine_id=NULL; -#endif - } +{ + accept_socket = -1; + s_server_verify = SSL_VERIFY_NONE; + s_dcert_file = NULL; + s_dkey_file = NULL; + s_dchain_file = NULL; + s_cert_file = TEST_CERT; + s_key_file = NULL; + s_chain_file = NULL; +# ifndef OPENSSL_NO_TLSEXT + s_cert_file2 = TEST_CERT2; + s_key_file2 = NULL; + ctx2 = NULL; +# endif +# ifdef FIONBIO + s_nbio = 0; +# endif + s_nbio_test = 0; + ctx = NULL; + www = 0; + + bio_s_out = NULL; + s_debug = 0; + s_msg = 0; + s_quiet = 0; + s_brief = 0; + hack = 0; +# ifndef OPENSSL_NO_ENGINE + engine_id = NULL; +# endif +} #endif static void sv_usage(void) - { - BIO_printf(bio_err,"usage: s_server [args ...]\n"); - BIO_printf(bio_err,"\n"); - BIO_printf(bio_err," -accept port - TCP/IP port to accept on (default is %d)\n",PORT); - BIO_printf(bio_err," -unix path - unix domain socket to accept on\n"); - BIO_printf(bio_err," -unlink - for -unix, unlink existing socket first\n"); - BIO_printf(bio_err," -context arg - set session ID context\n"); - BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); - BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); - BIO_printf(bio_err," -verify_return_error - return verification errors\n"); - BIO_printf(bio_err," -cert arg - certificate file to use\n"); - BIO_printf(bio_err," (default is %s)\n",TEST_CERT); - BIO_printf(bio_err," -naccept arg - terminate after 'arg' connections\n"); +{ + BIO_printf(bio_err, "usage: s_server [args ...]\n"); + BIO_printf(bio_err, "\n"); + BIO_printf(bio_err, + " -accept port - TCP/IP port to accept on (default is %d)\n", + PORT); + BIO_printf(bio_err, " -unix path - unix domain socket to accept on\n"); + BIO_printf(bio_err, + " -unlink - for -unix, unlink existing socket first\n"); + BIO_printf(bio_err, " -context arg - set session ID context\n"); + BIO_printf(bio_err, + " -verify arg - turn on peer certificate verification\n"); + BIO_printf(bio_err, + " -Verify arg - turn on peer certificate verification, must have a cert.\n"); + BIO_printf(bio_err, + " -verify_return_error - return verification errors\n"); + BIO_printf(bio_err, " -cert arg - certificate file to use\n"); + BIO_printf(bio_err, " (default is %s)\n", TEST_CERT); + BIO_printf(bio_err, + " -naccept arg - terminate after 'arg' connections\n"); #ifndef OPENSSL_NO_TLSEXT - BIO_printf(bio_err," -serverinfo arg - PEM serverinfo file for certificate\n"); -#endif - BIO_printf(bio_err," -no_resumption_on_reneg - set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag\n"); - BIO_printf(bio_err," -crl_check - check the peer certificate has not been revoked by its CA.\n" \ - " The CRL(s) are appended to the certificate file\n"); - BIO_printf(bio_err," -crl_check_all - check the peer certificate has not been revoked by its CA\n" \ - " or any other CRL in the CA chain. CRL(s) are appened to the\n" \ - " the certificate file.\n"); - BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n"); - BIO_printf(bio_err," -key arg - Private Key file to use, in cert file if\n"); - BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT); - BIO_printf(bio_err," -keyform arg - key format (PEM, DER or ENGINE) PEM default\n"); - BIO_printf(bio_err," -pass arg - private key file pass phrase source\n"); - BIO_printf(bio_err," -dcert arg - second certificate file to use (usually for DSA)\n"); - BIO_printf(bio_err," -dcertform x - second certificate format (PEM or DER) PEM default\n"); - BIO_printf(bio_err," -dkey arg - second private key file to use (usually for DSA)\n"); - BIO_printf(bio_err," -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n"); - BIO_printf(bio_err," -dpass arg - second private key file pass phrase source\n"); - BIO_printf(bio_err," -dhparam arg - DH parameter file to use, in cert file if not specified\n"); - BIO_printf(bio_err," or a default set of parameters is used\n"); + BIO_printf(bio_err, + " -serverinfo arg - PEM serverinfo file for certificate\n"); +#endif + BIO_printf(bio_err, + " -no_resumption_on_reneg - set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag\n"); + BIO_printf(bio_err, + " -crl_check - check the peer certificate has not been revoked by its CA.\n" + " The CRL(s) are appended to the certificate file\n"); + BIO_printf(bio_err, + " -crl_check_all - check the peer certificate has not been revoked by its CA\n" + " or any other CRL in the CA chain. CRL(s) are appened to the\n" + " the certificate file.\n"); + BIO_printf(bio_err, + " -certform arg - certificate format (PEM or DER) PEM default\n"); + BIO_printf(bio_err, + " -key arg - Private Key file to use, in cert file if\n"); + BIO_printf(bio_err, " not specified (default is %s)\n", + TEST_CERT); + BIO_printf(bio_err, + " -keyform arg - key format (PEM, DER or ENGINE) PEM default\n"); + BIO_printf(bio_err, + " -pass arg - private key file pass phrase source\n"); + BIO_printf(bio_err, + " -dcert arg - second certificate file to use (usually for DSA)\n"); + BIO_printf(bio_err, + " -dcertform x - second certificate format (PEM or DER) PEM default\n"); + BIO_printf(bio_err, + " -dkey arg - second private key file to use (usually for DSA)\n"); + BIO_printf(bio_err, + " -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n"); + BIO_printf(bio_err, + " -dpass arg - second private key file pass phrase source\n"); + BIO_printf(bio_err, + " -dhparam arg - DH parameter file to use, in cert file if not specified\n"); + BIO_printf(bio_err, + " or a default set of parameters is used\n"); #ifndef OPENSSL_NO_ECDH - BIO_printf(bio_err," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \ - " Use \"openssl ecparam -list_curves\" for all names\n" \ - " (default is nistp256).\n"); + BIO_printf(bio_err, + " -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" + " Use \"openssl ecparam -list_curves\" for all names\n" + " (default is nistp256).\n"); #endif #ifdef FIONBIO - BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); -#endif - BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio\n"); - BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n"); - BIO_printf(bio_err," -debug - Print more output\n"); - BIO_printf(bio_err," -msg - Show protocol messages\n"); - BIO_printf(bio_err," -state - Print the SSL states\n"); - BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); - BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); - BIO_printf(bio_err," -trusted_first - Use locally trusted CA's first when building trust chain\n"); - BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n"); - BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n"); - BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n"); - BIO_printf(bio_err," -quiet - No server output\n"); - BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n"); + BIO_printf(bio_err, " -nbio - Run with non-blocking IO\n"); +#endif + BIO_printf(bio_err, + " -nbio_test - test with the non-blocking test bio\n"); + BIO_printf(bio_err, + " -crlf - convert LF from terminal into CRLF\n"); + BIO_printf(bio_err, " -debug - Print more output\n"); + BIO_printf(bio_err, " -msg - Show protocol messages\n"); + BIO_printf(bio_err, " -state - Print the SSL states\n"); + BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n"); + BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n"); + BIO_printf(bio_err, + " -trusted_first - Use locally trusted CA's first when building trust chain\n"); + BIO_printf(bio_err, + " -nocert - Don't use any certificates (Anon-DH)\n"); + BIO_printf(bio_err, + " -cipher arg - play with 'openssl ciphers' to see what goes here\n"); + BIO_printf(bio_err, " -serverpref - Use server's cipher preferences\n"); + BIO_printf(bio_err, " -quiet - No server output\n"); + BIO_printf(bio_err, " -no_tmp_rsa - Do not generate a tmp RSA key\n"); #ifndef OPENSSL_NO_PSK - BIO_printf(bio_err," -psk_hint arg - PSK identity hint to use\n"); - BIO_printf(bio_err," -psk arg - PSK in hex (without 0x)\n"); + BIO_printf(bio_err, " -psk_hint arg - PSK identity hint to use\n"); + BIO_printf(bio_err, " -psk arg - PSK in hex (without 0x)\n"); # ifndef OPENSSL_NO_JPAKE - BIO_printf(bio_err," -jpake arg - JPAKE secret to use\n"); + BIO_printf(bio_err, " -jpake arg - JPAKE secret to use\n"); # endif #endif #ifndef OPENSSL_NO_SRP - BIO_printf(bio_err," -srpvfile file - The verifier file for SRP\n"); - BIO_printf(bio_err," -srpuserseed string - A seed string for a default user salt.\n"); + BIO_printf(bio_err, " -srpvfile file - The verifier file for SRP\n"); + BIO_printf(bio_err, + " -srpuserseed string - A seed string for a default user salt.\n"); #endif #ifndef OPENSSL_NO_SSL3_METHOD - BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n"); -#endif - BIO_printf(bio_err," -tls1_2 - Just talk TLSv1.2\n"); - BIO_printf(bio_err," -tls1_1 - Just talk TLSv1.1\n"); - BIO_printf(bio_err," -tls1 - Just talk TLSv1\n"); - BIO_printf(bio_err," -dtls1 - Just talk DTLSv1\n"); - BIO_printf(bio_err," -dtls1_2 - Just talk DTLSv1.2\n"); - BIO_printf(bio_err," -timeout - Enable timeouts\n"); - BIO_printf(bio_err," -mtu - Set link layer MTU\n"); - BIO_printf(bio_err," -chain - Read a certificate chain\n"); - BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n"); - BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n"); - BIO_printf(bio_err," -no_tls1_1 - Just disable TLSv1.1\n"); - BIO_printf(bio_err," -no_tls1_2 - Just disable TLSv1.2\n"); + BIO_printf(bio_err, " -ssl3 - Just talk SSLv3\n"); +#endif + BIO_printf(bio_err, " -tls1_2 - Just talk TLSv1.2\n"); + BIO_printf(bio_err, " -tls1_1 - Just talk TLSv1.1\n"); + BIO_printf(bio_err, " -tls1 - Just talk TLSv1\n"); + BIO_printf(bio_err, " -dtls1 - Just talk DTLSv1\n"); + BIO_printf(bio_err, " -dtls1_2 - Just talk DTLSv1.2\n"); + BIO_printf(bio_err, " -timeout - Enable timeouts\n"); + BIO_printf(bio_err, " -mtu - Set link layer MTU\n"); + BIO_printf(bio_err, " -chain - Read a certificate chain\n"); + BIO_printf(bio_err, " -no_ssl3 - Just disable SSLv3\n"); + BIO_printf(bio_err, " -no_tls1 - Just disable TLSv1\n"); + BIO_printf(bio_err, " -no_tls1_1 - Just disable TLSv1.1\n"); + BIO_printf(bio_err, " -no_tls1_2 - Just disable TLSv1.2\n"); #ifndef OPENSSL_NO_DH - BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n"); + BIO_printf(bio_err, " -no_dhe - Disable ephemeral DH\n"); #endif #ifndef OPENSSL_NO_ECDH - BIO_printf(bio_err," -no_ecdhe - Disable ephemeral ECDH\n"); -#endif - BIO_printf(bio_err, "-no_resume_ephemeral - Disable caching and tickets if ephemeral (EC)DH is used\n"); - BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n"); - BIO_printf(bio_err," -hack - workaround for early Netscape code\n"); - BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n"); - BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); - BIO_printf(bio_err," -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); - BIO_printf(bio_err," with the assumption it contains a complete HTTP response.\n"); + BIO_printf(bio_err, " -no_ecdhe - Disable ephemeral ECDH\n"); +#endif + BIO_printf(bio_err, + "-no_resume_ephemeral - Disable caching and tickets if ephemeral (EC)DH is used\n"); + BIO_printf(bio_err, " -bugs - Turn on SSL bug compatibility\n"); + BIO_printf(bio_err, + " -hack - workaround for early Netscape code\n"); + BIO_printf(bio_err, + " -www - Respond to a 'GET /' with a status page\n"); + BIO_printf(bio_err, + " -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); + BIO_printf(bio_err, + " -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); + BIO_printf(bio_err, + " with the assumption it contains a complete HTTP response.\n"); #ifndef OPENSSL_NO_ENGINE - BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); + BIO_printf(bio_err, + " -engine id - Initialise and use the specified engine\n"); #endif - BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n"); - BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); + BIO_printf(bio_err, + " -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n"); + BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, + LIST_SEPARATOR_CHAR); #ifndef OPENSSL_NO_TLSEXT - BIO_printf(bio_err," -servername host - servername for HostName TLS extension\n"); - BIO_printf(bio_err," -servername_fatal - on mismatch send fatal alert (default warning alert)\n"); - BIO_printf(bio_err," -cert2 arg - certificate file to use for servername\n"); - BIO_printf(bio_err," (default is %s)\n",TEST_CERT2); - BIO_printf(bio_err," -key2 arg - Private Key file to use for servername, in cert file if\n"); - BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT2); - BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n"); - BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); - BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); + BIO_printf(bio_err, + " -servername host - servername for HostName TLS extension\n"); + BIO_printf(bio_err, + " -servername_fatal - on mismatch send fatal alert (default warning alert)\n"); + BIO_printf(bio_err, + " -cert2 arg - certificate file to use for servername\n"); + BIO_printf(bio_err, " (default is %s)\n", TEST_CERT2); + BIO_printf(bio_err, + " -key2 arg - Private Key file to use for servername, in cert file if\n"); + BIO_printf(bio_err, " not specified (default is %s)\n", + TEST_CERT2); + BIO_printf(bio_err, + " -tlsextdebug - hex dump of all TLS extensions received\n"); + BIO_printf(bio_err, + " -no_ticket - disable use of RFC4507bis session tickets\n"); + BIO_printf(bio_err, + " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); # ifndef OPENSSL_NO_NEXTPROTONEG - BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n"); + BIO_printf(bio_err, + " -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n"); # endif # ifndef OPENSSL_NO_SRTP - BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); + BIO_printf(bio_err, + " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); # endif - BIO_printf(bio_err," -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n"); -#endif - BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); - BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); - BIO_printf(bio_err," -status - respond to certificate status requests\n"); - BIO_printf(bio_err," -status_verbose - enable status request verbose printout\n"); - BIO_printf(bio_err," -status_timeout n - status request responder timeout\n"); - BIO_printf(bio_err," -status_url URL - status request fallback URL\n"); - } + BIO_printf(bio_err, + " -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n"); +#endif + BIO_printf(bio_err, + " -keymatexport label - Export keying material using label\n"); + BIO_printf(bio_err, + " -keymatexportlen len - Export len bytes of keying material (default 20)\n"); + BIO_printf(bio_err, + " -status - respond to certificate status requests\n"); + BIO_printf(bio_err, + " -status_verbose - enable status request verbose printout\n"); + BIO_printf(bio_err, + " -status_timeout n - status request responder timeout\n"); + BIO_printf(bio_err, " -status_url URL - status request fallback URL\n"); +} -static int local_argc=0; +static int local_argc = 0; static char **local_argv; #ifdef CHARSET_EBCDIC @@ -568,144 +623,147 @@ static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr); static int ebcdic_gets(BIO *bp, char *buf, int size); static int ebcdic_puts(BIO *bp, const char *str); -#define BIO_TYPE_EBCDIC_FILTER (18|0x0200) -static BIO_METHOD methods_ebcdic= - { - BIO_TYPE_EBCDIC_FILTER, - "EBCDIC/ASCII filter", - ebcdic_write, - ebcdic_read, - ebcdic_puts, - ebcdic_gets, - ebcdic_ctrl, - ebcdic_new, - ebcdic_free, - }; - -typedef struct -{ - size_t alloced; - char buff[1]; +# define BIO_TYPE_EBCDIC_FILTER (18|0x0200) +static BIO_METHOD methods_ebcdic = { + BIO_TYPE_EBCDIC_FILTER, + "EBCDIC/ASCII filter", + ebcdic_write, + ebcdic_read, + ebcdic_puts, + ebcdic_gets, + ebcdic_ctrl, + ebcdic_new, + ebcdic_free, +}; + +typedef struct { + size_t alloced; + char buff[1]; } EBCDIC_OUTBUFF; BIO_METHOD *BIO_f_ebcdic_filter() { - return(&methods_ebcdic); + return (&methods_ebcdic); } static int ebcdic_new(BIO *bi) { - EBCDIC_OUTBUFF *wbuf; + EBCDIC_OUTBUFF *wbuf; - wbuf = (EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024); - wbuf->alloced = 1024; - wbuf->buff[0] = '\0'; + wbuf = (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024); + wbuf->alloced = 1024; + wbuf->buff[0] = '\0'; - bi->ptr=(char *)wbuf; - bi->init=1; - bi->flags=0; - return(1); + bi->ptr = (char *)wbuf; + bi->init = 1; + bi->flags = 0; + return (1); } static int ebcdic_free(BIO *a) { - if (a == NULL) return(0); - if (a->ptr != NULL) - OPENSSL_free(a->ptr); - a->ptr=NULL; - a->init=0; - a->flags=0; - return(1); + if (a == NULL) + return (0); + if (a->ptr != NULL) + OPENSSL_free(a->ptr); + a->ptr = NULL; + a->init = 0; + a->flags = 0; + return (1); } - + static int ebcdic_read(BIO *b, char *out, int outl) { - int ret=0; + int ret = 0; - if (out == NULL || outl == 0) return(0); - if (b->next_bio == NULL) return(0); + if (out == NULL || outl == 0) + return (0); + if (b->next_bio == NULL) + return (0); - ret=BIO_read(b->next_bio,out,outl); - if (ret > 0) - ascii2ebcdic(out,out,ret); - return(ret); + ret = BIO_read(b->next_bio, out, outl); + if (ret > 0) + ascii2ebcdic(out, out, ret); + return (ret); } static int ebcdic_write(BIO *b, const char *in, int inl) { - EBCDIC_OUTBUFF *wbuf; - int ret=0; - int num; - unsigned char n; + EBCDIC_OUTBUFF *wbuf; + int ret = 0; + int num; + unsigned char n; - if ((in == NULL) || (inl <= 0)) return(0); - if (b->next_bio == NULL) return(0); + if ((in == NULL) || (inl <= 0)) + return (0); + if (b->next_bio == NULL) + return (0); - wbuf=(EBCDIC_OUTBUFF *)b->ptr; + wbuf = (EBCDIC_OUTBUFF *) b->ptr; - if (inl > (num = wbuf->alloced)) - { - num = num + num; /* double the size */ - if (num < inl) - num = inl; - OPENSSL_free(wbuf); - wbuf=(EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num); + if (inl > (num = wbuf->alloced)) { + num = num + num; /* double the size */ + if (num < inl) + num = inl; + OPENSSL_free(wbuf); + wbuf = + (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num); - wbuf->alloced = num; - wbuf->buff[0] = '\0'; + wbuf->alloced = num; + wbuf->buff[0] = '\0'; - b->ptr=(char *)wbuf; < |