aboutsummaryrefslogtreecommitdiffstats
path: root/apps/s_server.c
diff options
context:
space:
mode:
Diffstat (limited to 'apps/s_server.c')
-rw-r--r--apps/s_server.c76
1 files changed, 47 insertions, 29 deletions
diff --git a/apps/s_server.c b/apps/s_server.c
index 09c755b55cfe..857a70e3e4c5 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -353,9 +353,8 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
unsigned char *psk,
unsigned int max_psk_len)
{
- unsigned int psk_len = 0;
- int ret;
- BIGNUM *bn = NULL;
+ long key_len = 0;
+ unsigned char *key;
if (s_debug)
BIO_printf(bio_s_out, "psk_server_cb\n");
@@ -377,32 +376,26 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
BIO_printf(bio_s_out, "PSK client identity found\n");
/* convert the PSK key to binary */
- ret = BN_hex2bn(&bn, psk_key);
- if (!ret) {
- BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
+ key = string_to_hex(psk_key, &key_len);
+ if (key == NULL) {
+ BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n",
psk_key);
- if (bn)
- BN_free(bn);
return 0;
}
- if (BN_num_bytes(bn) > (int)max_psk_len) {
+ if (key_len > (int)max_psk_len) {
BIO_printf(bio_err,
- "psk buffer of callback is too small (%d) for key (%d)\n",
- max_psk_len, BN_num_bytes(bn));
- BN_free(bn);
+ "psk buffer of callback is too small (%d) for key (%ld)\n",
+ max_psk_len, key_len);
+ OPENSSL_free(key);
return 0;
}
- ret = BN_bn2bin(bn, psk);
- BN_free(bn);
-
- if (ret < 0)
- goto out_err;
- psk_len = (unsigned int)ret;
+ memcpy(psk, key, key_len);
+ OPENSSL_free(key);
if (s_debug)
- BIO_printf(bio_s_out, "fetched PSK len=%d\n", psk_len);
- return psk_len;
+ BIO_printf(bio_s_out, "fetched PSK len=%ld\n", key_len);
+ return key_len;
out_err:
if (s_debug)
BIO_printf(bio_err, "Error in PSK server callback\n");
@@ -1144,6 +1137,7 @@ int MAIN(int argc, char *argv[])
int crl_format = FORMAT_PEM;
int crl_download = 0;
STACK_OF(X509_CRL) *crls = NULL;
+ int prot_opt = 0, no_prot_opt = 0;
meth = SSLv23_server_method();
@@ -1307,7 +1301,8 @@ int MAIN(int argc, char *argv[])
if (badarg)
goto bad;
continue;
- } else if (args_ssl(&argv, &argc, cctx, &badarg, bio_err, &ssl_args)) {
+ } else if (args_ssl(&argv, &argc, cctx, &badarg, bio_err, &ssl_args,
+ &no_prot_opt)) {
if (badarg)
goto bad;
continue;
@@ -1451,32 +1446,40 @@ int MAIN(int argc, char *argv[])
else if (strcmp(*argv, "-ssl2") == 0) {
no_ecdhe = 1;
meth = SSLv2_server_method();
+ prot_opt++;
}
#endif
#ifndef OPENSSL_NO_SSL3_METHOD
else if (strcmp(*argv, "-ssl3") == 0) {
meth = SSLv3_server_method();
+ prot_opt++;
}
#endif
#ifndef OPENSSL_NO_TLS1
else if (strcmp(*argv, "-tls1") == 0) {
meth = TLSv1_server_method();
+ prot_opt++;
} else if (strcmp(*argv, "-tls1_1") == 0) {
meth = TLSv1_1_server_method();
+ prot_opt++;
} else if (strcmp(*argv, "-tls1_2") == 0) {
meth = TLSv1_2_server_method();
+ prot_opt++;
}
#endif
#ifndef OPENSSL_NO_DTLS1
else if (strcmp(*argv, "-dtls") == 0) {
meth = DTLS_server_method();
socket_type = SOCK_DGRAM;
+ prot_opt++;
} else if (strcmp(*argv, "-dtls1") == 0) {
meth = DTLSv1_server_method();
socket_type = SOCK_DGRAM;
+ prot_opt++;
} else if (strcmp(*argv, "-dtls1_2") == 0) {
meth = DTLSv1_2_server_method();
socket_type = SOCK_DGRAM;
+ prot_opt++;
} else if (strcmp(*argv, "-timeout") == 0)
enable_timeouts = 1;
else if (strcmp(*argv, "-mtu") == 0) {
@@ -1586,6 +1589,17 @@ int MAIN(int argc, char *argv[])
}
#endif
+ if (prot_opt > 1) {
+ BIO_printf(bio_err, "Cannot supply multiple protocol flags\n");
+ goto end;
+ }
+
+ if (prot_opt == 1 && no_prot_opt) {
+ BIO_printf(bio_err, "Cannot supply both a protocol flag and "
+ "\"-no_<prot>\"\n");
+ goto end;
+ }
+
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
@@ -2293,7 +2307,10 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context)
}
#endif
- width = s + 1;
+ if (fileno_stdin() > s)
+ width = fileno_stdin() + 1;
+ else
+ width = s + 1;
for (;;) {
int read_from_terminal;
int read_from_sslcon;
@@ -2304,7 +2321,7 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context)
if (!read_from_sslcon) {
FD_ZERO(&readfds);
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_BEOS_R5)
- openssl_fdset(fileno(stdin), &readfds);
+ openssl_fdset(fileno_stdin(), &readfds);
#endif
openssl_fdset(s, &readfds);
/*
@@ -2332,13 +2349,13 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context)
/* Under BeOS-R5 the situation is similar to DOS */
tv.tv_sec = 1;
tv.tv_usec = 0;
- (void)fcntl(fileno(stdin), F_SETFL, O_NONBLOCK);
+ (void)fcntl(fileno_stdin(), F_SETFL, O_NONBLOCK);
i = select(width, (void *)&readfds, NULL, NULL, &tv);
- if ((i < 0) || (!i && read(fileno(stdin), buf, 0) < 0))
+ if ((i < 0) || (!i && read(fileno_stdin(), buf, 0) < 0))
continue;
- if (read(fileno(stdin), buf, 0) >= 0)
+ if (read(fileno_stdin(), buf, 0) >= 0)
read_from_terminal = 1;
- (void)fcntl(fileno(stdin), F_SETFL, 0);
+ (void)fcntl(fileno_stdin(), F_SETFL, 0);
#else
if ((SSL_version(con) == DTLS1_VERSION) &&
DTLSv1_get_timeout(con, &timeout))
@@ -2355,7 +2372,7 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context)
if (i <= 0)
continue;
- if (FD_ISSET(fileno(stdin), &readfds))
+ if (FD_ISSET(fileno_stdin(), &readfds))
read_from_terminal = 1;
#endif
if (FD_ISSET(s, &readfds))
@@ -2382,6 +2399,7 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context)
assert(lf_num == 0);
} else
i = raw_read_stdin(buf, bufsize);
+
if (!s_quiet && !s_brief) {
if ((i <= 0) || (buf[0] == 'Q')) {
BIO_printf(bio_s_out, "DONE\n");
@@ -3371,7 +3389,7 @@ static int generate_session_id(const SSL *ssl, unsigned char *id,
{
unsigned int count = 0;
do {
- if (RAND_pseudo_bytes(id, *id_len) < 0)
+ if (RAND_bytes(id, *id_len) <= 0)
return 0;
/*
* Prefix the session_id with the required prefix. NB: If our prefix