1656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* apps/s_server.c */ 2656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * All rights reserved. 4656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This package is an SSL implementation written 6656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * by Eric Young (eay@cryptsoft.com). 7656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The implementation was written so as to conform with Netscapes SSL. 8656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 9656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This library is free for commercial and non-commercial use as long as 10656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the following conditions are aheared to. The following conditions 11656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * apply to all code found in this distribution, be it the RC4, RSA, 12656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * included with this distribution is covered by the same copyright terms 14656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 16656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Copyright remains Eric Young's, and as such any Copyright notices in 17656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the code are not to be removed. 18656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * If this package is used in a product, Eric Young should be given attribution 19656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * as the author of the parts of the library used. 20656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This can be in the form of a textual message at program startup or 21656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * in documentation (online or textual) provided with the package. 22656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 23656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Redistribution and use in source and binary forms, with or without 24656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modification, are permitted provided that the following conditions 25656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * are met: 26656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1. Redistributions of source code must retain the copyright 27656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer. 28656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 29656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer in the 30656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * documentation and/or other materials provided with the distribution. 31656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3. All advertising materials mentioning features or use of this software 32656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * must display the following acknowledgement: 33656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes cryptographic software written by 34656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Eric Young (eay@cryptsoft.com)" 35656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The word 'cryptographic' can be left out if the rouines from the library 36656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * being used are not cryptographic related :-). 37656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 4. If you include any Windows specific code (or a derivative thereof) from 38656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the apps directory (application code) you must include an acknowledgement: 39656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 41656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SUCH DAMAGE. 52656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 53656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The licence and distribution terms for any publically available version or 54656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * derivative of this code cannot be changed. i.e. this code cannot simply be 55656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * copied and put under another distribution licence 56656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * [including the GNU Public Licence.] 57656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 58656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ==================================================================== 59221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 60656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 61656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Redistribution and use in source and binary forms, with or without 62656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modification, are permitted provided that the following conditions 63656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * are met: 64656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 65656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1. Redistributions of source code must retain the above copyright 66656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer. 67656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 68656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 69656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer in 70656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the documentation and/or other materials provided with the 71656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * distribution. 72656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 73656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3. All advertising materials mentioning features or use of this 74656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * software must display the following acknowledgment: 75656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software developed by the OpenSSL Project 76656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 78656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * endorse or promote products derived from this software without 80656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * prior written permission. For written permission, please contact 81656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * openssl-core@openssl.org. 82656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 83656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5. Products derived from this software may not be called "OpenSSL" 84656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * nor may "OpenSSL" appear in their names without prior written 85656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * permission of the OpenSSL Project. 86656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 87656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 6. Redistributions of any form whatsoever must retain the following 88656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * acknowledgment: 89656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software developed by the OpenSSL Project 90656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 92656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OF THE POSSIBILITY OF SUCH DAMAGE. 104656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ==================================================================== 105656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 106656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This product includes cryptographic software written by Eric Young 107656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * (eay@cryptsoft.com). This product includes software written by Tim 108656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Hudson (tjh@cryptsoft.com). 109656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ==================================================================== 112656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ECC cipher suite support in OpenSSL originally developed by 114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 116221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom/* ==================================================================== 117221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Copyright 2005 Nokia. All rights reserved. 118221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 119221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * The portions of the attached software ("Contribution") is developed by 120221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Nokia Corporation and is licensed pursuant to the OpenSSL open source 121221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * license. 122221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 123221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * The Contribution, originally written by Mika Kousa and Pasi Eronen of 124221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 125221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * support (see RFC 4279) to OpenSSL. 126221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 127221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * No patent licenses or other rights except those expressly stated in 128221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * the OpenSSL open source license shall be deemed granted or received 129221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * expressly, by implication, estoppel, or otherwise. 130221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 131221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * No assurances are provided by Nokia that the Contribution does not 132221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * infringe the patent or other intellectual property rights of any third 133221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * party or that the license provides you with all the necessary rights 134221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * to make use of the Contribution. 135221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * 136221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 137221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 138221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 139221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 140221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * OTHERWISE. 141221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom */ 142656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 143656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Until the key-gen callbacks are modified to use newer prototypes, we allow 144656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * deprecated functions for openssl-internal code */ 145656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef OPENSSL_NO_DEPRECATED 146656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#undef OPENSSL_NO_DEPRECATED 147656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 148656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 149656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <assert.h> 150221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#include <ctype.h> 151656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <stdio.h> 152656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <stdlib.h> 153656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <string.h> 154656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 155656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/e_os2.h> 156656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef OPENSSL_NO_STDIO 157656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define APPS_WIN16 158656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 159656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 160656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */ 161656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <sys/types.h> 162656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 163656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 164656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* With IPv6, it looks like Digital has mixed up the proper order of 165656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project recursive header file inclusion, resulting in the compiler complaining 166656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which 167656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project is needed to have fileno() declared correctly... So let's define u_int */ 168656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) 169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define __U_INT 170656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecttypedef unsigned int u_int; 171656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 172656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 173656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/lhash.h> 174656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/bn.h> 175656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define USE_SOCKETS 176656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "apps.h" 177656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/err.h> 178656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/pem.h> 179656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/x509.h> 180656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/ssl.h> 181656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/rand.h> 182656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/ocsp.h> 183656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_DH 184656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/dh.h> 185656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 186656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_RSA 187656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/rsa.h> 188656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 189392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_SRP 190392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#include <openssl/srp.h> 191392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 192656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "s_apps.h" 193656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "timeouts.h" 194656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 195656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) 196656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ 197656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#undef FIONBIO 198656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 199656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 200221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#if defined(OPENSSL_SYS_BEOS_R5) 201221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#include <fcntl.h> 202221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 203221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 204656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_RSA 205656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength); 206656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 207656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int sv_body(char *hostname, int s, unsigned char *context); 208656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int www_body(char *hostname, int s, unsigned char *context); 209656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic void close_accept_socket(void ); 210656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic void sv_usage(void); 211656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int init_ssl_connection(SSL *s); 212656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic void print_stats(BIO *bp,SSL_CTX *ctx); 213656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int generate_session_id(const SSL *ssl, unsigned char *id, 214656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned int *id_len); 215656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_DH 216656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic DH *load_dh_param(const char *dhfile); 217656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic DH *get_dh512(void); 218656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 219656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 220656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef MONOLITH 221656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic void s_server_init(void); 222656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 223656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 224656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_DH 225656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic unsigned char dh512_p[]={ 226656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75, 227656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F, 228656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3, 229656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12, 230656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C, 231656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 0x47,0x74,0xE8,0x33, 232656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project }; 233656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic unsigned char dh512_g[]={ 234656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 0x02, 235656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project }; 236656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 237656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic DH *get_dh512(void) 238656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 239656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project DH *dh=NULL; 240656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 241656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((dh=DH_new()) == NULL) return(NULL); 242656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); 243656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); 244656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((dh->p == NULL) || (dh->g == NULL)) 245656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 246656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(dh); 247656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 248656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 249656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 250656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 251656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* static int load_CA(SSL_CTX *ctx, char *file);*/ 252656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 253656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#undef BUFSIZZ 254656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define BUFSIZZ 16*1024 255656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int bufsize=BUFSIZZ; 256656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int accept_socket= -1; 257656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 258656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define TEST_CERT "server.pem" 259656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 260656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define TEST_CERT2 "server2.pem" 261656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 262656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#undef PROG 263656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define PROG s_server_main 264656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 265221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromextern int verify_depth, verify_return_error; 266656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 267656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic char *cipher=NULL; 268656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int s_server_verify=SSL_VERIFY_NONE; 269656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int s_server_session_id_context = 1; /* anything will do */ 270656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic const char *s_cert_file=TEST_CERT,*s_key_file=NULL; 271656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 272656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic const char *s_cert_file2=TEST_CERT2,*s_key_file2=NULL; 273656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 274656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic char *s_dcert_file=NULL,*s_dkey_file=NULL; 275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef FIONBIO 276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int s_nbio=0; 277656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 278656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int s_nbio_test=0; 279656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint s_crlf=0; 280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic SSL_CTX *ctx=NULL; 281656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 282656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic SSL_CTX *ctx2=NULL; 283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 284656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int www=0; 285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic BIO *bio_s_out=NULL; 287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int s_debug=0; 288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int s_tlsextdebug=0; 290656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int s_tlsextstatus=0; 291656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int cert_status_cb(SSL *s, void *arg); 292656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 293656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int s_msg=0; 294656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int s_quiet=0; 295656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 296392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromstatic char *keymatexportlabel=NULL; 297392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromstatic int keymatexportlen=20; 298392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 299656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int hack=0; 300656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ENGINE 301656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic char *engine_id=NULL; 302656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 303656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic const char *session_id_prefix=NULL; 304656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 305656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int enable_timeouts = 0; 30698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstromstatic long socket_mtu; 30798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom#ifndef OPENSSL_NO_DTLS1 308656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int cert_chain = 0; 30998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom#endif 310656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 311392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 312221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_PSK 313221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromstatic char *psk_identity="Client_identity"; 314221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromchar *psk_key=NULL; /* by default PSK is not used */ 315221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 316221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromstatic unsigned int psk_server_cb(SSL *ssl, const char *identity, 317221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned char *psk, unsigned int max_psk_len) 318221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 319221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned int psk_len = 0; 320221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int ret; 321221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIGNUM *bn = NULL; 322221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 323221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s_debug) 324221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_printf(bio_s_out,"psk_server_cb\n"); 325221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!identity) 326221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 327221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_printf(bio_err,"Error: client did not send PSK identity\n"); 328221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto out_err; 329221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 330221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s_debug) 331221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_printf(bio_s_out,"identity_len=%d identity=%s\n", 332221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom identity ? (int)strlen(identity) : 0, identity); 333221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 334221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* here we could lookup the given identity e.g. from a database */ 335221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (strcmp(identity, psk_identity) != 0) 336221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 337221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_printf(bio_s_out, "PSK error: client identity not found" 338221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom " (got '%s' expected '%s')\n", identity, 339221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom psk_identity); 340221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto out_err; 341221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 342221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s_debug) 343221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_printf(bio_s_out, "PSK client identity found\n"); 344221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 345221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* convert the PSK key to binary */ 346221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret = BN_hex2bn(&bn, psk_key); 347221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!ret) 348221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 349221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", psk_key); 350221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (bn) 351221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BN_free(bn); 352221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 353221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 354221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (BN_num_bytes(bn) > (int)max_psk_len) 355221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 356221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n", 357221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom max_psk_len, BN_num_bytes(bn)); 358221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BN_free(bn); 359221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 360221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 361221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 362221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ret = BN_bn2bin(bn, psk); 363221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BN_free(bn); 364221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 365221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (ret < 0) 366221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto out_err; 367221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom psk_len = (unsigned int)ret; 368221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 369221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s_debug) 370221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_printf(bio_s_out, "fetched PSK len=%d\n", psk_len); 371221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return psk_len; 372221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom out_err: 373221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s_debug) 374221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_printf(bio_err, "Error in PSK server callback\n"); 375221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 376221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 377221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 378656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 379392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_SRP 380392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom/* This is a context that we pass to callbacks */ 381392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromtypedef struct srpsrvparm_st 382392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 383392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom char *login; 384392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SRP_VBASE *vb; 385392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SRP_user_pwd *user; 386392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } srpsrvparm; 387392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 388392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom/* This callback pretends to require some asynchronous logic in order to obtain 389392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom a verifier. When the callback is called for a new connection we return 390392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom with a negative value. This will provoke the accept etc to return with 391392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom an LOOKUP_X509. The main logic of the reinvokes the suspended call 392392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom (which would normally occur after a worker has finished) and we 393392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom set the user parameters. 394392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom*/ 395392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromstatic int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) 396392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 397392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom srpsrvparm *p = (srpsrvparm *)arg; 398392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (p->login == NULL && p->user == NULL ) 399392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 400392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom p->login = SSL_get_srp_username(s); 401392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login); 402392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return (-1) ; 403392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 404392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 405392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (p->user == NULL) 406392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 407392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_err, "User %s doesn't exist\n", p->login); 408392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return SSL3_AL_FATAL; 409392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 410392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (SSL_set_srp_server_param(s, p->user->N, p->user->g, p->user->s, p->user->v, 411392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom p->user->info) < 0) 412392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 413392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom *ad = SSL_AD_INTERNAL_ERROR; 414392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return SSL3_AL_FATAL; 415392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 416392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_err, "SRP parameters set: username = \"%s\" info=\"%s\" \n", p->login,p->user->info); 417392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom /* need to check whether there are memory leaks */ 418392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom p->user = NULL; 419392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom p->login = NULL; 420392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom return SSL_ERROR_NONE; 421392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 422392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 423392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 424392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 425656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef MONOLITH 426656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic void s_server_init(void) 427656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 428656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project accept_socket=-1; 429656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cipher=NULL; 430656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_server_verify=SSL_VERIFY_NONE; 431656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_dcert_file=NULL; 432656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_dkey_file=NULL; 433656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_cert_file=TEST_CERT; 434656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_key_file=NULL; 435656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 436656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_cert_file2=TEST_CERT2; 437656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_key_file2=NULL; 438656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx2=NULL; 439656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 440656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef FIONBIO 441656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_nbio=0; 442656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 443656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_nbio_test=0; 444656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx=NULL; 445656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project www=0; 446656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 447656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bio_s_out=NULL; 448656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_debug=0; 449656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_msg=0; 450656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_quiet=0; 451656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project hack=0; 452656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ENGINE 453656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project engine_id=NULL; 454656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 455656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 456656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 457656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 458656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic void sv_usage(void) 459656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 460656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"usage: s_server [args ...]\n"); 461656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"\n"); 462656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -accept arg - port to accept on (default is %d)\n",PORT); 463656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -context arg - set session ID context\n"); 464656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n"); 465656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); 466c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root BIO_printf(bio_err," -verify_return_error - return verification errors\n"); 467656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -cert arg - certificate file to use\n"); 468656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," (default is %s)\n",TEST_CERT); 469656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -crl_check - check the peer certificate has not been revoked by its CA.\n" \ 470656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project " The CRL(s) are appended to the certificate file\n"); 471656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -crl_check_all - check the peer certificate has not been revoked by its CA\n" \ 472656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project " or any other CRL in the CA chain. CRL(s) are appened to the\n" \ 473656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project " the certificate file.\n"); 474656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n"); 475656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -key arg - Private Key file to use, in cert file if\n"); 476656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT); 477656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -keyform arg - key format (PEM, DER or ENGINE) PEM default\n"); 478656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -pass arg - private key file pass phrase source\n"); 479656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -dcert arg - second certificate file to use (usually for DSA)\n"); 480656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -dcertform x - second certificate format (PEM or DER) PEM default\n"); 481656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -dkey arg - second private key file to use (usually for DSA)\n"); 482656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n"); 483656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -dpass arg - second private key file pass phrase source\n"); 484656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -dhparam arg - DH parameter file to use, in cert file if not specified\n"); 485656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," or a default set of parameters is used\n"); 486656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ECDH 487656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \ 488656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project " Use \"openssl ecparam -list_curves\" for all names\n" \ 489221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom " (default is nistp256).\n"); 490656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 491656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef FIONBIO 492656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -nbio - Run with non-blocking IO\n"); 493656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 494656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio\n"); 495656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n"); 496656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -debug - Print more output\n"); 497656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -msg - Show protocol messages\n"); 498656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -state - Print the SSL states\n"); 499656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n"); 500656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n"); 501656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n"); 502656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n"); 503656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n"); 504656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -quiet - No server output\n"); 505656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n"); 506221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_PSK 507221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_printf(bio_err," -psk_hint arg - PSK identity hint to use\n"); 508221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_printf(bio_err," -psk arg - PSK in hex (without 0x)\n"); 509221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom# ifndef OPENSSL_NO_JPAKE 510221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_printf(bio_err," -jpake arg - JPAKE secret to use\n"); 511221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom# endif 512221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 513392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_SRP 514392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_err," -srpvfile file - The verifier file for SRP\n"); 515392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_err," -srpuserseed string - A seed string for a default user salt.\n"); 516392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 517656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n"); 518656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n"); 519392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_err," -tls1_2 - Just talk TLSv1.2\n"); 520392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_err," -tls1_1 - Just talk TLSv1.1\n"); 521656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -tls1 - Just talk TLSv1\n"); 522656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -dtls1 - Just talk DTLSv1\n"); 523656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -timeout - Enable timeouts\n"); 52498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom BIO_printf(bio_err," -mtu - Set link layer MTU\n"); 525656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -chain - Read a certificate chain\n"); 526656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n"); 527656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n"); 528656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n"); 529392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_err," -no_tls1_1 - Just disable TLSv1.1\n"); 530392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_err," -no_tls1_2 - Just disable TLSv1.2\n"); 531656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_DH 532656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n"); 533656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 534656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ECDH 535656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -no_ecdhe - Disable ephemeral ECDH\n"); 536656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 537656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n"); 538c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root BIO_printf(bio_err," -hack - workaround for early Netscape code\n"); 539656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n"); 540656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); 541656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); 542656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," with the assumption it contains a complete HTTP response.\n"); 543656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ENGINE 544656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); 545656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 546656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n"); 547656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); 548656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 549656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -servername host - servername for HostName TLS extension\n"); 550656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -servername_fatal - on mismatch send fatal alert (default warning alert)\n"); 551656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -cert2 arg - certificate file to use for servername\n"); 552656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," (default is %s)\n",TEST_CERT2); 553656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -key2 arg - Private Key file to use for servername, in cert file if\n"); 554656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT2); 555656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n"); 556656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); 55798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); 558bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen# ifndef OPENSSL_NO_NEXTPROTONEG 559bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n"); 560bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen# endif 561eeffacea337ec6a275e4c496acd12ca67a244533Brian Carlstrom# ifndef OPENSSL_NO_SRTP 562392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); 563eeffacea337ec6a275e4c496acd12ca67a244533Brian Carlstrom# endif 564656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 565392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); 566392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); 567c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root BIO_printf(bio_err," -status - respond to certificate status requests\n"); 568c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root BIO_printf(bio_err," -status_verbose - enable status request verbose printout\n"); 569c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root BIO_printf(bio_err," -status_timeout n - status request responder timeout\n"); 570c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root BIO_printf(bio_err," -status_url URL - status request fallback URL\n"); 571656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 572656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 573656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int local_argc=0; 574656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic char **local_argv; 575656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 576656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef CHARSET_EBCDIC 577656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int ebcdic_new(BIO *bi); 578656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int ebcdic_free(BIO *a); 579656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int ebcdic_read(BIO *b, char *out, int outl); 580656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int ebcdic_write(BIO *b, const char *in, int inl); 581656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr); 582656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int ebcdic_gets(BIO *bp, char *buf, int size); 583656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int ebcdic_puts(BIO *bp, const char *str); 584656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 585656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define BIO_TYPE_EBCDIC_FILTER (18|0x0200) 586656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic BIO_METHOD methods_ebcdic= 587656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 588656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_TYPE_EBCDIC_FILTER, 589656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "EBCDIC/ASCII filter", 590656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ebcdic_write, 591656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ebcdic_read, 592656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ebcdic_puts, 593656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ebcdic_gets, 594656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ebcdic_ctrl, 595656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ebcdic_new, 596656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ebcdic_free, 597656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project }; 598656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 599656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecttypedef struct 600656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project{ 601656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project size_t alloced; 602656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char buff[1]; 603656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project} EBCDIC_OUTBUFF; 604656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 605656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectBIO_METHOD *BIO_f_ebcdic_filter() 606656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project{ 607656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(&methods_ebcdic); 608656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project} 609656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 610656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int ebcdic_new(BIO *bi) 611656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project{ 612656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EBCDIC_OUTBUFF *wbuf; 613656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 614656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project wbuf = (EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024); 615656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project wbuf->alloced = 1024; 616656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project wbuf->buff[0] = '\0'; 617656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 618656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bi->ptr=(char *)wbuf; 619656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bi->init=1; 620656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bi->flags=0; 621656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 622656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project} 623656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 624656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int ebcdic_free(BIO *a) 625656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project{ 626656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (a == NULL) return(0); 627656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (a->ptr != NULL) 628656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(a->ptr); 629656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project a->ptr=NULL; 630656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project a->init=0; 631656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project a->flags=0; 632656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 633656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project} 634656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 635656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int ebcdic_read(BIO *b, char *out, int outl) 636656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project{ 637656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret=0; 638656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 639656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (out == NULL || outl == 0) return(0); 640656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (b->next_bio == NULL) return(0); 641656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 642656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=BIO_read(b->next_bio,out,outl); 643656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret > 0) 644656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ascii2ebcdic(out,out,ret); 645656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 646656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project} 647656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 648656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int ebcdic_write(BIO *b, const char *in, int inl) 649656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project{ 650656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EBCDIC_OUTBUFF *wbuf; 651656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret=0; 652656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int num; 653656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char n; 654656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 655656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((in == NULL) || (inl <= 0)) return(0); 656656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (b->next_bio == NULL) return(0); 657656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 658656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project wbuf=(EBCDIC_OUTBUFF *)b->ptr; 659656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 660656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (inl > (num = wbuf->alloced)) 661656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 662656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project num = num + num; /* double the size */ 663656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (num < inl) 664656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project num = inl; 665656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(wbuf); 666656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project wbuf=(EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num); 667656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 668656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project wbuf->alloced = num; 669656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project wbuf->buff[0] = '\0'; 670656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 671656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project b->ptr=(char *)wbuf; 672656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 673656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 674656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ebcdic2ascii(wbuf->buff, in, inl); 675656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 676656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=BIO_write(b->next_bio, wbuf->buff, inl); 677656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 678656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 679656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project} 680656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 681656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr) 682656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project{ 683656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project long ret; 684656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 685656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (b->next_bio == NULL) return(0); 686656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch (cmd) 687656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 688656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case BIO_CTRL_DUP: 689656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=0L; 690656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 691656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project default: 692656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=BIO_ctrl(b->next_bio,cmd,num,ptr); 693656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 694656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 695656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 696656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project} 697656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 698656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int ebcdic_gets(BIO *bp, char *buf, int size) 699656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project{ 700656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i, ret=0; 701656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (bp->next_bio == NULL) return(0); 702656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* return(BIO_gets(bp->next_bio,buf,size));*/ 703656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i=0; i<size-1; ++i) 704656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 705656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = ebcdic_read(bp,&buf[i],1); 706656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret <= 0) 707656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 708656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (buf[i] == '\n') 709656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 710656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ++i; 711656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 712656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 713656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 714656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i < size) 715656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project buf[i] = '\0'; 716656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return (ret < 0 && i == 0) ? ret : i; 717656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project} 718656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 719656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int ebcdic_puts(BIO *bp, const char *str) 720656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project{ 721656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (bp->next_bio == NULL) return(0); 722656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ebcdic_write(bp, str, strlen(str)); 723656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project} 724656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 725656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 726656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 727656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 728656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* This is a context that we pass to callbacks */ 729656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecttypedef struct tlsextctx_st { 730656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char * servername; 731656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO * biodebug; 732656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int extension_error; 733656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project} tlsextctx; 734656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 735656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 736656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) 737656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 738656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tlsextctx * p = (tlsextctx *) arg; 739656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const char * servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); 740656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (servername && p->biodebug) 741656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(p->biodebug,"Hostname in TLS extension: \"%s\"\n",servername); 742656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 743656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!p->servername) 744656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return SSL_TLSEXT_ERR_NOACK; 745656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 746656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (servername) 747656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 748c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root if (strcasecmp(servername,p->servername)) 749656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return p->extension_error; 750656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx2) 751656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 752221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_printf(p->biodebug,"Switching server context.\n"); 753656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_SSL_CTX(s,ctx2); 754656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 755656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 756656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return SSL_TLSEXT_ERR_OK; 757656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project} 758656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 759656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Structure passed to cert status callback */ 760656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 761656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecttypedef struct tlsextstatusctx_st { 762656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Default responder to use */ 763656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *host, *path, *port; 764656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int use_ssl; 765656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int timeout; 766656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *err; 767656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int verbose; 768656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project} tlsextstatusctx; 769656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 770656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic tlsextstatusctx tlscstatp = {NULL, NULL, NULL, 0, -1, NULL, 0}; 771656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 772656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Certificate Status callback. This is called when a client includes a 773656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * certificate status request extension. 774656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 775656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This is a simplified version. It examines certificates each time and 776656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * makes one OCSP responder query for each request. 777656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 778656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * A full version would store details such as the OCSP certificate IDs and 779656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * minimise the number of OCSP responses by caching them until they were 780656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * considered "expired". 781656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 782656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 783656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int cert_status_cb(SSL *s, void *arg) 784656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 785656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tlsextstatusctx *srctx = arg; 786656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *err = srctx->err; 787656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *host, *port, *path; 788656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int use_ssl; 789656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *rspder = NULL; 790656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int rspderlen; 791221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom STACK_OF(OPENSSL_STRING) *aia = NULL; 792656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509 *x = NULL; 793656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_STORE_CTX inctx; 794656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_OBJECT obj; 795656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_REQUEST *req = NULL; 796656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_RESPONSE *resp = NULL; 797656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_CERTID *id = NULL; 798656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(X509_EXTENSION) *exts; 799656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret = SSL_TLSEXT_ERR_NOACK; 800656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i; 801656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 0 802656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectSTACK_OF(OCSP_RESPID) *ids; 803656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectSSL_get_tlsext_status_ids(s, &ids); 804656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectBIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids)); 805656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 806656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (srctx->verbose) 807656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(err, "cert_status: callback called\n"); 808656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Build up OCSP query from server certificate */ 809656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project x = SSL_get_certificate(s); 810656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project aia = X509_get1_ocsp(x); 811656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (aia) 812656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 813221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!OCSP_parse_url(sk_OPENSSL_STRING_value(aia, 0), 814656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &host, &port, &path, &use_ssl)) 815656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 816656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(err, "cert_status: can't parse AIA URL\n"); 817656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 818656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 819656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (srctx->verbose) 820656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(err, "cert_status: AIA URL: %s\n", 821221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom sk_OPENSSL_STRING_value(aia, 0)); 822656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 823656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 824656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 825656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!srctx->host) 826656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 827656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(srctx->err, "cert_status: no AIA and no default responder URL\n"); 828656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto done; 829656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 830656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project host = srctx->host; 831656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project path = srctx->path; 832656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project port = srctx->port; 833656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project use_ssl = srctx->use_ssl; 834656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 835656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 836656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!X509_STORE_CTX_init(&inctx, 837656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)), 838656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project NULL, NULL)) 839656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 840656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (X509_STORE_get_by_subject(&inctx,X509_LU_X509, 841656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_get_issuer_name(x),&obj) <= 0) 842656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 843656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(err, "cert_status: Can't retrieve issuer certificate.\n"); 844656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_STORE_CTX_cleanup(&inctx); 845656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto done; 846656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 847656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project req = OCSP_REQUEST_new(); 848656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!req) 849656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 850656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project id = OCSP_cert_to_id(NULL, x, obj.data.x509); 851656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_free(obj.data.x509); 852656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_STORE_CTX_cleanup(&inctx); 853656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!id) 854656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 855656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!OCSP_request_add0_id(req, id)) 856656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 857656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project id = NULL; 858656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Add any extensions to the request */ 859656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_get_tlsext_status_exts(s, &exts); 860656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) 861656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 862656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i); 863656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!OCSP_REQUEST_add_ext(req, ext, -1)) 864656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 865656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 866221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom resp = process_responder(err, req, host, path, port, use_ssl, NULL, 867656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project srctx->timeout); 868656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!resp) 869656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 870656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(err, "cert_status: error querying responder\n"); 871656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto done; 872656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 873656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rspderlen = i2d_OCSP_RESPONSE(resp, &rspder); 874656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rspderlen <= 0) 875656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 876656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen); 877656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (srctx->verbose) 878656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 879656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(err, "cert_status: ocsp response sent:\n"); 880656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_RESPONSE_print(err, resp, 2); 881656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 882656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = SSL_TLSEXT_ERR_OK; 883656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project done: 884656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret != SSL_TLSEXT_ERR_OK) 885656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(err); 886656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (aia) 887656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 888656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(host); 889656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(path); 890656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(port); 891656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_email_free(aia); 892656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 893656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (id) 894656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_CERTID_free(id); 895656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (req) 896656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_REQUEST_free(req); 897656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (resp) 898656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_RESPONSE_free(resp); 899656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ret; 900656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project err: 901656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = SSL_TLSEXT_ERR_ALERT_FATAL; 902656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto done; 903656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 904bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 905bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen# ifndef OPENSSL_NO_NEXTPROTONEG 906bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen/* This is the context that we pass to next_proto_cb */ 907bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsentypedef struct tlsextnextprotoctx_st { 908bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen unsigned char *data; 909bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen unsigned int len; 910bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen} tlsextnextprotoctx; 911bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 912bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsenstatic int next_proto_cb(SSL *s, const unsigned char **data, unsigned int *len, void *arg) 913bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 914bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen tlsextnextprotoctx *next_proto = arg; 915bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 916bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen *data = next_proto->data; 917bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen *len = next_proto->len; 918bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 919bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen return SSL_TLSEXT_ERR_OK; 920bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 921392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom# endif /* ndef OPENSSL_NO_NEXTPROTONEG */ 922392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 923392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 924656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 925221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 926656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint MAIN(int, char **); 927656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 928e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu#ifndef OPENSSL_NO_JPAKE 929e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugustatic char *jpake_secret = NULL; 930e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu#endif 931392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_SRP 932392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom static srpsrvparm srp_callback_parm; 933392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 934eeffacea337ec6a275e4c496acd12ca67a244533Brian Carlstrom#ifndef OPENSSL_NO_SRTP 935392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstromstatic char *srtp_profiles = NULL; 936eeffacea337ec6a275e4c496acd12ca67a244533Brian Carlstrom#endif 937e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu 938656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint MAIN(int argc, char *argv[]) 939656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 940221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom X509_VERIFY_PARAM *vpm = NULL; 941221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int badarg = 0; 942656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project short port=PORT; 943656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *CApath=NULL,*CAfile=NULL; 944656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *context = NULL; 945656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *dhfile = NULL; 946656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ECDH 947656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *named_curve = NULL; 948656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 949656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int badop=0,bugs=0; 950656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret=1; 951656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int off=0; 952656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0; 953656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int state=0; 954221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom const SSL_METHOD *meth=NULL; 955221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int socket_type=SOCK_STREAM; 956656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ENGINE *e=NULL; 957656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *inrand=NULL; 958656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; 959656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *passarg = NULL, *pass = NULL; 960656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *dpassarg = NULL, *dpass = NULL; 961656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM; 962656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509 *s_cert = NULL, *s_dcert = NULL; 963656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY *s_key = NULL, *s_dkey = NULL; 96498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom int no_cache = 0; 965656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 966656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY *s_key2 = NULL; 967656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509 *s_cert2 = NULL; 968656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; 969bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen# ifndef OPENSSL_NO_NEXTPROTONEG 970bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen const char *next_proto_neg_in = NULL; 971bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen tlsextnextprotoctx next_proto; 972bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen# endif 973656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 974221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_PSK 975221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* by default do not send a PSK identity hint */ 976221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom static char *psk_identity_hint=NULL; 977221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 978392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_SRP 979392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom char *srpuserseed = NULL; 980392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom char *srp_verifier_file = NULL; 981392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 982656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project meth=SSLv23_server_method(); 983656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 984656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project local_argc=argc; 985656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project local_argv=argv; 986656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 987656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project apps_startup(); 988656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef MONOLITH 989656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_server_init(); 990656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 991656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 992656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (bio_err == NULL) 993656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); 994656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 995656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!load_config(bio_err, NULL)) 996656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 997656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 998656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project verify_depth=0; 999656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef FIONBIO 1000656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_nbio=0; 1001656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1002656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_nbio_test=0; 1003656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1004656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project argc--; 1005656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project argv++; 1006656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1007656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project while (argc >= 1) 1008656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1009656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((strcmp(*argv,"-port") == 0) || 1010656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (strcmp(*argv,"-accept") == 0)) 1011656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1012656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 1013656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!extract_port(*(++argv),&port)) 1014656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto bad; 1015656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1016656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-verify") == 0) 1017656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1018656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE; 1019656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 1020656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project verify_depth=atoi(*(++argv)); 1021656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"verify depth is %d\n",verify_depth); 1022656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1023656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-Verify") == 0) 1024656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1025656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT| 1026656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_VERIFY_CLIENT_ONCE; 1027656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 1028656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project verify_depth=atoi(*(++argv)); 1029656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth); 1030656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1031656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-context") == 0) 1032656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1033656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 1034656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project context= (unsigned char *)*(++argv); 1035656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1036656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-cert") == 0) 1037656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1038656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 1039656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_cert_file= *(++argv); 1040656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1041656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-certform") == 0) 1042656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1043656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 1044656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_cert_format = str2fmt(*(++argv)); 1045656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1046656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-key") == 0) 1047656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1048656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 1049656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_key_file= *(++argv); 1050656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1051656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-keyform") == 0) 1052656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1053656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 1054656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_key_format = str2fmt(*(++argv)); 1055656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1056656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-pass") == 0) 1057656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1058656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 1059656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project passarg = *(++argv); 1060656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1061656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-dhparam") == 0) 1062656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1063656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 1064656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dhfile = *(++argv); 1065656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1066656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ECDH 1067656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-named_curve") == 0) 1068656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1069656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 1070656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project named_curve = *(++argv); 1071656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1072656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1073656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-dcertform") == 0) 1074656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1075656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 1076656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_dcert_format = str2fmt(*(++argv)); 1077656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1078656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-dcert") == 0) 1079656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1080656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 1081656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_dcert_file= *(++argv); 1082656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1083656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-dkeyform") == 0) 1084656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1085656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 1086656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_dkey_format = str2fmt(*(++argv)); 1087656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1088656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-dpass") == 0) 1089656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1090656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 1091656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dpassarg = *(++argv); 1092656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1093656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-dkey") == 0) 1094656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1095656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 1096656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_dkey_file= *(++argv); 1097656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1098656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-nocert") == 0) 1099656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1100656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project nocert=1; 1101656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1102656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-CApath") == 0) 1103656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1104656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 1105656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CApath= *(++argv); 1106656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 110798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom else if (strcmp(*argv,"-no_cache") == 0) 110898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom no_cache = 1; 1109221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) 1110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1111221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (badarg) 1112221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto bad; 1113221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom continue; 1114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1115221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (strcmp(*argv,"-verify_return_error") == 0) 1116221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom verify_return_error = 1; 1117656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-serverpref") == 0) 1118656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; } 111998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom else if (strcmp(*argv,"-legacy_renegotiation") == 0) 112098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; 1121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-cipher") == 0) 1122656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 1124656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cipher= *(++argv); 1125656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1126656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-CAfile") == 0) 1127656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1128656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 1129656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CAfile= *(++argv); 1130656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1131656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef FIONBIO 1132656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-nbio") == 0) 1133656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { s_nbio=1; } 1134656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1135656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-nbio_test") == 0) 1136656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1137656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef FIONBIO 1138656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_nbio=1; 1139656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1140656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_nbio_test=1; 1141656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1142656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-debug") == 0) 1143656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { s_debug=1; } 1144656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 1145656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-tlsextdebug") == 0) 1146656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_tlsextdebug=1; 1147656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-status") == 0) 1148656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_tlsextstatus=1; 1149656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-status_verbose") == 0) 1150656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1151656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_tlsextstatus=1; 1152656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tlscstatp.verbose = 1; 1153656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1154656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*argv, "-status_timeout")) 1155656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1156656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_tlsextstatus=1; 1157656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 1158656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tlscstatp.timeout = atoi(*(++argv)); 1159656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1160656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!strcmp(*argv, "-status_url")) 1161656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1162656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_tlsextstatus=1; 1163656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 1164656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!OCSP_parse_url(*(++argv), 1165656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &tlscstatp.host, 1166656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &tlscstatp.port, 1167656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &tlscstatp.path, 1168656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &tlscstatp.use_ssl)) 1169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1170656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error parsing URL\n"); 1171656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto bad; 1172656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1173656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1174656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1175656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-msg") == 0) 1176656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { s_msg=1; } 1177656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-hack") == 0) 1178656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { hack=1; } 1179656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-state") == 0) 1180656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { state=1; } 1181656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-crlf") == 0) 1182656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { s_crlf=1; } 1183656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-quiet") == 0) 1184656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { s_quiet=1; } 1185656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-bugs") == 0) 1186656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { bugs=1; } 1187656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-no_tmp_rsa") == 0) 1188656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { no_tmp_rsa=1; } 1189656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-no_dhe") == 0) 1190656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { no_dhe=1; } 1191656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-no_ecdhe") == 0) 1192656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { no_ecdhe=1; } 1193221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_PSK 1194221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (strcmp(*argv,"-psk_hint") == 0) 1195221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1196221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (--argc < 1) goto bad; 1197221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom psk_identity_hint= *(++argv); 1198221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1199221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (strcmp(*argv,"-psk") == 0) 1200221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1201221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom size_t i; 1202221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1203221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (--argc < 1) goto bad; 1204221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom psk_key=*(++argv); 1205221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom for (i=0; i<strlen(psk_key); i++) 1206221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 12077d3d122363e2a85d516db314892f3d6112cb1377Brian Carlstrom if (isxdigit((unsigned char)psk_key[i])) 1208221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom continue; 1209221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_printf(bio_err,"Not a hex number '%s'\n",*argv); 1210221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto bad; 1211221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1212221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1213221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 1214392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_SRP 1215392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (strcmp(*argv, "-srpvfile") == 0) 1216392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1217392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (--argc < 1) goto bad; 1218392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom srp_verifier_file = *(++argv); 121904ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom meth = TLSv1_server_method(); 1220392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1221392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (strcmp(*argv, "-srpuserseed") == 0) 1222392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1223392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (--argc < 1) goto bad; 1224392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom srpuserseed = *(++argv); 122504ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom meth = TLSv1_server_method(); 1226392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1227392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 1228656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-www") == 0) 1229656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { www=1; } 1230656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-WWW") == 0) 1231656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { www=2; } 1232656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-HTTP") == 0) 1233656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { www=3; } 1234656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-no_ssl2") == 0) 1235656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { off|=SSL_OP_NO_SSLv2; } 1236656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-no_ssl3") == 0) 1237656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { off|=SSL_OP_NO_SSLv3; } 1238656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-no_tls1") == 0) 1239656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { off|=SSL_OP_NO_TLSv1; } 1240392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (strcmp(*argv,"-no_tls1_1") == 0) 1241392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { off|=SSL_OP_NO_TLSv1_1; } 1242392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (strcmp(*argv,"-no_tls1_2") == 0) 1243392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { off|=SSL_OP_NO_TLSv1_2; } 1244221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else if (strcmp(*argv,"-no_comp") == 0) 1245221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { off|=SSL_OP_NO_COMPRESSION; } 1246656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 1247656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-no_ticket") == 0) 1248656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { off|=SSL_OP_NO_TICKET; } 1249656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1250656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_SSL2 1251656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-ssl2") == 0) 1252656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { meth=SSLv2_server_method(); } 1253656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1254656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_SSL3 1255656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-ssl3") == 0) 1256656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { meth=SSLv3_server_method(); } 1257656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1258656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLS1 1259656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-tls1") == 0) 1260656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { meth=TLSv1_server_method(); } 1261392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (strcmp(*argv,"-tls1_1") == 0) 1262392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { meth=TLSv1_1_server_method(); } 1263392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (strcmp(*argv,"-tls1_2") == 0) 1264392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { meth=TLSv1_2_server_method(); } 1265656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1266656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_DTLS1 1267656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-dtls1") == 0) 1268656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1269656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project meth=DTLSv1_server_method(); 1270656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project socket_type = SOCK_DGRAM; 1271656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1272656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-timeout") == 0) 1273656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project enable_timeouts = 1; 1274656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-mtu") == 0) 1275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 127798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom socket_mtu = atol(*(++argv)); 1278656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1279656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv, "-chain") == 0) 1280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project cert_chain = 1; 1281656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1282656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv, "-id_prefix") == 0) 1283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1284656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 1285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project session_id_prefix = *(++argv); 1286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ENGINE 1288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-engine") == 0) 1289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1290656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 1291656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project engine_id= *(++argv); 1292656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1293656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1294656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-rand") == 0) 1295656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1296656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 1297656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project inrand= *(++argv); 1298656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1299656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 1300656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-servername") == 0) 1301656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1302656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 1303656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tlsextcbp.servername= *(++argv); 1304656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1305656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-servername_fatal") == 0) 1306656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_FATAL; } 1307656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-cert2") == 0) 1308656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1309656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 1310656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_cert_file2= *(++argv); 1311656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1312656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (strcmp(*argv,"-key2") == 0) 1313656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1314656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (--argc < 1) goto bad; 1315656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_key_file2= *(++argv); 1316656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1317bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen# ifndef OPENSSL_NO_NEXTPROTONEG 1318bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen else if (strcmp(*argv,"-nextprotoneg") == 0) 1319bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 1320bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (--argc < 1) goto bad; 1321bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen next_proto_neg_in = *(++argv); 1322bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 1323bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen# endif 1324e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu#endif 1325221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) 1326e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu else if (strcmp(*argv,"-jpake") == 0) 1327e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu { 1328e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu if (--argc < 1) goto bad; 1329e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu jpake_secret = *(++argv); 1330e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu } 1331656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1332eeffacea337ec6a275e4c496acd12ca67a244533Brian Carlstrom#ifndef OPENSSL_NO_SRTP 1333392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (strcmp(*argv,"-use_srtp") == 0) 1334392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1335392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (--argc < 1) goto bad; 1336392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom srtp_profiles = *(++argv); 1337392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1338eeffacea337ec6a275e4c496acd12ca67a244533Brian Carlstrom#endif 1339392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (strcmp(*argv,"-keymatexport") == 0) 1340392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1341392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (--argc < 1) goto bad; 1342392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom keymatexportlabel= *(++argv); 1343392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1344392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else if (strcmp(*argv,"-keymatexportlen") == 0) 1345392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1346392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (--argc < 1) goto bad; 1347392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom keymatexportlen=atoi(*(++argv)); 1348392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (keymatexportlen == 0) goto bad; 1349392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1350656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1351656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1352656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"unknown option %s\n",*argv); 1353656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project badop=1; 1354656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 1355656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1356656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project argc--; 1357656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project argv++; 1358656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1359656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (badop) 1360656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1361656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectbad: 1362656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sv_usage(); 1363656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 1364656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1365c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root#ifndef OPENSSL_NO_DTLS1 1366c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root if (www && socket_type == SOCK_DGRAM) 1367c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root { 1368c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root BIO_printf(bio_err, 1369c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root "Can't use -HTTP, -www or -WWW with DTLS\n"); 1370c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root goto end; 1371c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root } 1372c64f6fe2be99cb3fa8e491b5bede9a217de87a4cKenny Root#endif 1373656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1374221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) 1375221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (jpake_secret) 1376221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1377221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (psk_key) 1378221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1379221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_printf(bio_err, 1380221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom "Can't use JPAKE and PSK together\n"); 1381221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto end; 1382221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1383221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom psk_identity = "JPAKE"; 1384221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (cipher) 1385221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1386221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_printf(bio_err, "JPAKE sets cipher to PSK\n"); 1387221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto end; 1388221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1389221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom cipher = "PSK"; 1390221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1391221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1392221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 1393221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1394656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_load_error_strings(); 1395656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OpenSSL_add_ssl_algorithms(); 1396656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1397656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ENGINE 1398656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project e = setup_engine(bio_err, engine_id, 1); 1399656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1400656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1401656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass)) 1402656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1403656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "Error getting password\n"); 1404656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 1405656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1406656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1407656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1408656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s_key_file == NULL) 1409656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_key_file = s_cert_file; 1410656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 1411656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s_key_file2 == NULL) 1412656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_key_file2 = s_cert_file2; 1413656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1414656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1415656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (nocert == 0) 1416656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1417656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e, 1418656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "server certificate private key file"); 1419656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s_key) 1420656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1421656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 1422656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 1423656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1424656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1425656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_cert = load_cert(bio_err,s_cert_file,s_cert_format, 1426656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project NULL, e, "server certificate file"); 1427656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1428656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s_cert) 1429656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1430656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 1431656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 1432656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1433656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1434656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 1435656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (tlsextcbp.servername) 1436656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1437656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_key2 = load_key(bio_err, s_key_file2, s_key_format, 0, pass, e, 1438656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "second server certificate private key file"); 1439656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s_key2) 1440656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1441656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 1442656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 1443656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1444656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1445656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_cert2 = load_cert(bio_err,s_cert_file2,s_cert_format, 1446656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project NULL, e, "second server certificate file"); 1447656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1448656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s_cert2) 1449656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1450656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 1451656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 1452656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1453656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1454656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1455656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1456221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 145704ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 145804ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom if (next_proto_neg_in) 145904ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom { 146004ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom unsigned short len; 146104ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom next_proto.data = next_protos_parse(&len, next_proto_neg_in); 146204ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom if (next_proto.data == NULL) 146304ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom goto end; 146404ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom next_proto.len = len; 146504ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom } 146604ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom else 146704ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom { 146804ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom next_proto.data = NULL; 146904ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom } 147004ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom#endif 147104ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom 1472221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1473656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s_dcert_file) 1474656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1475656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1476656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s_dkey_file == NULL) 1477656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_dkey_file = s_dcert_file; 1478656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1479656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format, 1480656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 0, dpass, e, 1481656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "second certificate private key file"); 1482656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s_dkey) 1483656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1484656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 1485656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 1486656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1487656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1488656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_dcert = load_cert(bio_err,s_dcert_file,s_dcert_format, 1489656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project NULL, e, "second server certificate file"); 1490656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1491656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s_dcert) 1492656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1493656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 1494656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 1495656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1496656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1497656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1498656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1499656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL 1500656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project && !RAND_status()) 1501656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1502656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); 1503656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1504656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (inrand != NULL) 1505656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"%ld semi-random bytes loaded\n", 1506656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project app_RAND_load_files(inrand)); 1507656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1508656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (bio_s_out == NULL) 1509656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1510656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s_quiet && !s_debug && !s_msg) 1511656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1512656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bio_s_out=BIO_new(BIO_s_null()); 1513656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1514656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1515656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1516656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (bio_s_out == NULL) 1517656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bio_s_out=BIO_new_fp(stdout,BIO_NOCLOSE); 1518656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1519656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1520656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1521656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) 1522656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (nocert) 1523656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1524656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1525656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_cert_file=NULL; 1526656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_key_file=NULL; 1527656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_dcert_file=NULL; 1528656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_dkey_file=NULL; 1529656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 1530656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_cert_file2=NULL; 1531656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project s_key_file2=NULL; 1532656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1533656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1534656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1535656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx=SSL_CTX_new(meth); 1536656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx == NULL) 1537656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1538656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 1539656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 1540656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1541656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (session_id_prefix) 1542656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1543656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(strlen(session_id_prefix) >= 32) 1544656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, 1545656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project"warning: id_prefix is too long, only one new session will be possible\n"); 1546656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if(strlen(session_id_prefix) >= 16) 1547656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, 1548656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project"warning: id_prefix is too long if you use SSLv2\n"); 1549656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) 1550656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1551656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"error setting 'id_prefix'\n"); 1552656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 1553656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 1554656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1555656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix); 1556656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1557656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_set_quiet_shutdown(ctx,1); 1558656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL); 1559656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); 1560656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_set_options(ctx,off); 1561656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* DTLS: partial reads end up discarding unread UDP bytes :-( 1562656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Setting read ahead solves this problem. 1563656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1564656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1); 1565656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1566656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); 156798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (no_cache) 156898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); 156998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom else 157098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSL_CTX_sess_set_cache_size(ctx,128); 1571656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1572eeffacea337ec6a275e4c496acd12ca67a244533Brian Carlstrom#ifndef OPENSSL_NO_SRTP 1573392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (srtp_profiles != NULL) 1574392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles); 1575eeffacea337ec6a275e4c496acd12ca67a244533Brian Carlstrom#endif 1576392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 1577656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 0 1578656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (cipher == NULL) cipher=getenv("SSL_CIPHER"); 1579656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1580656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1581656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 0 1582656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s_cert_file == NULL) 1583656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1584656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"You must specify a certificate file for the server to use\n"); 1585656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 1586656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1587656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1588656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1589656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || 1590656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (!SSL_CTX_set_default_verify_paths(ctx))) 1591656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1592656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ 1593656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 1594656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* goto end; */ 1595656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1596221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (vpm) 1597221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSL_CTX_set1_param(ctx, vpm); 1598221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1599656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 1600656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s_cert2) 1601656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1602656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx2=SSL_CTX_new(meth); 1603656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx2 == NULL) 1604656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1605656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 1606656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 1607656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1608656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1609656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1610656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx2) 1611656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1612656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_s_out,"Setting secondary ctx parameters\n"); 1613656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1614656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (session_id_prefix) 1615656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1616656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(strlen(session_id_prefix) >= 32) 1617656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, 1618656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "warning: id_prefix is too long, only one new session will be possible\n"); 1619656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if(strlen(session_id_prefix) >= 16) 1620656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, 1621656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "warning: id_prefix is too long if you use SSLv2\n"); 1622656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!SSL_CTX_set_generate_session_id(ctx2, generate_session_id)) 1623656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1624656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"error setting 'id_prefix'\n"); 1625656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 1626656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 1627656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1628656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix); 1629656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1630656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_set_quiet_shutdown(ctx2,1); 1631656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (bugs) SSL_CTX_set_options(ctx2,SSL_OP_ALL); 1632656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (hack) SSL_CTX_set_options(ctx2,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); 1633656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_set_options(ctx2,off); 1634656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* DTLS: partial reads end up discarding unread UDP bytes :-( 1635656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Setting read ahead solves this problem. 1636656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 1637656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx2, 1); 1638656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1639656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (state) SSL_CTX_set_info_callback(ctx2,apps_ssl_info_callback); 1640656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 164198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (no_cache) 164298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSL_CTX_set_session_cache_mode(ctx2,SSL_SESS_CACHE_OFF); 164398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom else 164498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSL_CTX_sess_set_cache_size(ctx2,128); 1645656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1646656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) || 1647656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (!SSL_CTX_set_default_verify_paths(ctx2))) 1648656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1649656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 1650656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1651221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (vpm) 1652221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSL_CTX_set1_param(ctx2, vpm); 1653656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1654bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen 1655bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen# ifndef OPENSSL_NO_NEXTPROTONEG 1656bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (next_proto.data) 1657bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_proto); 1658bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen# endif 1659656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1660656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1661656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_DH 1662656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!no_dhe) 1663656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1664656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project DH *dh=NULL; 1665656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1666656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dhfile) 1667656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dh = load_dh_param(dhfile); 1668656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (s_cert_file) 1669656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dh = load_dh_param(s_cert_file); 1670656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1671656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dh != NULL) 1672656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1673656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_s_out,"Setting temp DH parameters\n"); 1674656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1675656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1676656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1677656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_s_out,"Using default temp DH parameters\n"); 1678656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dh=get_dh512(); 1679656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1680656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (void)BIO_flush(bio_s_out); 1681656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1682656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_set_tmp_dh(ctx,dh); 1683656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 1684656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx2) 1685656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1686656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!dhfile) 1687656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1688656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project DH *dh2=load_dh_param(s_cert_file2); 1689656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dh2 != NULL) 1690656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1691656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_s_out,"Setting temp DH parameters\n"); 1692656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (void)BIO_flush(bio_s_out); 1693656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1694656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project DH_free(dh); 1695656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dh = dh2; 1696656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1697656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1698656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_set_tmp_dh(ctx2,dh); 1699656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1700656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1701656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project DH_free(dh); 1702656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1703656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1704656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1705656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_ECDH 1706656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!no_ecdhe) 1707656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1708656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_KEY *ecdh=NULL; 1709656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1710656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (named_curve) 1711656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1712656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int nid = OBJ_sn2nid(named_curve); 1713656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1714656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (nid == 0) 1715656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1716656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "unknown curve name (%s)\n", 1717656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project named_curve); 1718656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 1719656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1720656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ecdh = EC_KEY_new_by_curve_name(nid); 1721656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ecdh == NULL) 1722656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1723656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err, "unable to create curve (%s)\n", 1724656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project named_curve); 1725656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 1726656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1727656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1728656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1729656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ecdh != NULL) 1730656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1731656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_s_out,"Setting temp ECDH parameters\n"); 1732656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1733656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1734656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1735656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_s_out,"Using default temp ECDH parameters\n"); 1736221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 1737656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ecdh == NULL) 1738656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1739221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_printf(bio_err, "unable to create curve (nistp256)\n"); 1740656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 1741656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1742656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1743656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (void)BIO_flush(bio_s_out); 1744656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1745656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_set_tmp_ecdh(ctx,ecdh); 1746656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 1747656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx2) 1748656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_set_tmp_ecdh(ctx2,ecdh); 1749656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1750656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EC_KEY_free(ecdh); 1751656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1752656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1753656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 175404ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom if (!set_cert_key_stuff(ctx, s_cert, s_key)) 1755656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 1756656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 1757656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2)) 1758656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 1759656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1760656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s_dcert != NULL) 1761656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 176204ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom if (!set_cert_key_stuff(ctx, s_dcert, s_dkey)) 1763656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 1764656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1765656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1766656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_RSA 1767656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 1 1768656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!no_tmp_rsa) 1769656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1770656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb); 1771656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 1772656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx2) 1773656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_set_tmp_rsa_callback(ctx2,tmp_rsa_cb); 1774221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 1775656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1776656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 1777656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx)) 1778656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1779656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSA *rsa; 1780656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1781656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_s_out,"Generating temp (512 bit) RSA key..."); 1782656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_flush(bio_s_out); 1783656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1784656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rsa=RSA_generate_key(512,RSA_F4,NULL); 1785656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1786656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!SSL_CTX_set_tmp_rsa(ctx,rsa)) 1787656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1788656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 1789656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 1790656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1791656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 1792656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx2) 1793656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1794656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!SSL_CTX_set_tmp_rsa(ctx2,rsa)) 1795656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1796656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 1797656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 1798656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1799656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1800656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1801656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSA_free(rsa); 1802656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_s_out,"\n"); 1803656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1804656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1805656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1806656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1807221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_PSK 1808221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifdef OPENSSL_NO_JPAKE 1809221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (psk_key != NULL) 1810221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#else 1811221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (psk_key != NULL || jpake_secret) 1812221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 1813221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1814221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (s_debug) 1815221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_printf(bio_s_out, "PSK key given or JPAKE in use, setting server callback\n"); 1816221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSL_CTX_set_psk_server_callback(ctx, psk_server_cb); 1817221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1818221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1819221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) 1820221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1821221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_printf(bio_err,"error setting PSK identity hint to context\n"); 1822656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 1823656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 1824221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1825221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 1826221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1827221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (cipher != NULL) 1828221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1829221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if(!SSL_CTX_set_cipher_list(ctx,cipher)) 1830221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 1831221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_printf(bio_err,"error setting cipher list\n"); 1832221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ERR_print_errors(bio_err); 1833221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto end; 1834221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1835656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 1836656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx2 && !SSL_CTX_set_cipher_list(ctx2,cipher)) 1837656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1838656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"error setting cipher list\n"); 1839656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 1840656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 1841656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1842656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1843221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 1844656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_set_verify(ctx,s_server_verify,verify_callback); 1845656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context, 1846656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sizeof s_server_session_id_context); 1847656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 184898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* Set DTLS cookie generation and verification callbacks */ 184998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback); 185098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback); 185198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 1852656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 1853656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx2) 1854656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1855656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_set_verify(ctx2,s_server_verify,verify_callback); 1856656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_set_session_id_context(ctx2,(void*)&s_server_session_id_context, 1857656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sizeof s_server_session_id_context); 1858656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1859656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tlsextcbp.biodebug = bio_s_out; 1860656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb); 1861656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp); 1862656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); 1863656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); 1864656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1865656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1866221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1867392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_SRP 1868392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (srp_verifier_file != NULL) 1869392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1870392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom srp_callback_parm.vb = SRP_VBASE_new(srpuserseed); 1871392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom srp_callback_parm.user = NULL; 1872392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom srp_callback_parm.login = NULL; 1873392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if ((ret = SRP_VBASE_init(srp_callback_parm.vb, srp_verifier_file)) != SRP_NO_ERROR) 1874392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 1875392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_err, 1876392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "Cannot initialize SRP verifier file \"%s\":ret=%d\n", 1877392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom srp_verifier_file, ret); 1878392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom goto end; 1879392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1880392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE,verify_callback); 1881392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSL_CTX_set_srp_cb_arg(ctx, &srp_callback_parm); 1882392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSL_CTX_set_srp_username_callback(ctx, ssl_srp_server_param_cb); 1883392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 1884392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else 1885392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 1886656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (CAfile != NULL) 1887656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1888656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile)); 1889656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 1890656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx2) 1891656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_set_client_CA_list(ctx2,SSL_load_client_CA_file(CAfile)); 1892656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1893656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1894221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 1895656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_s_out,"ACCEPT\n"); 1896221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom (void)BIO_flush(bio_s_out); 1897656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (www) 1898656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project do_server(port,socket_type,&accept_socket,www_body, context); 1899656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 1900656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project do_server(port,socket_type,&accept_socket,sv_body, context); 1901656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project print_stats(bio_s_out,ctx); 1902656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=0; 1903656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectend: 1904656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx != NULL) SSL_CTX_free(ctx); 1905656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s_cert) 1906656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_free(s_cert); 1907656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s_dcert) 1908656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_free(s_dcert); 1909656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s_key) 1910656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY_free(s_key); 1911656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s_dkey) 1912656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY_free(s_dkey); 1913656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (pass) 1914656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(pass); 1915656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dpass) 1916656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(dpass); 191704ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom if (vpm) 191804ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom X509_VERIFY_PARAM_free(vpm); 1919656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 192004ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom if (tlscstatp.host) 192104ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom OPENSSL_free(tlscstatp.host); 192204ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom if (tlscstatp.port) 192304ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom OPENSSL_free(tlscstatp.port); 192404ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom if (tlscstatp.path) 192504ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom OPENSSL_free(tlscstatp.path); 1926656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx2 != NULL) SSL_CTX_free(ctx2); 1927656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s_cert2) 1928656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_free(s_cert2); 1929656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s_key2) 1930656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY_free(s_key2); 1931656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1932656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (bio_s_out != NULL) 1933656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1934656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free(bio_s_out); 1935656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bio_s_out=NULL; 1936656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1937656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project apps_shutdown(); 1938656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_EXIT(ret); 1939656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1940656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1941656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic void print_stats(BIO *bio, SSL_CTX *ssl_ctx) 1942656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1943656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio,"%4ld items in the session cache\n", 1944656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_sess_number(ssl_ctx)); 1945656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio,"%4ld client connects (SSL_connect())\n", 1946656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_sess_connect(ssl_ctx)); 1947656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio,"%4ld client renegotiates (SSL_connect())\n", 1948656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_sess_connect_renegotiate(ssl_ctx)); 1949656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio,"%4ld client connects that finished\n", 1950656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_sess_connect_good(ssl_ctx)); 1951656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio,"%4ld server accepts (SSL_accept())\n", 1952656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_sess_accept(ssl_ctx)); 1953656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio,"%4ld server renegotiates (SSL_accept())\n", 1954656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_sess_accept_renegotiate(ssl_ctx)); 1955656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio,"%4ld server accepts that finished\n", 1956656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_sess_accept_good(ssl_ctx)); 1957656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio,"%4ld session cache hits\n",SSL_CTX_sess_hits(ssl_ctx)); 1958656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio,"%4ld session cache misses\n",SSL_CTX_sess_misses(ssl_ctx)); 1959656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio,"%4ld session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx)); 1960656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio,"%4ld callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx)); 1961656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio,"%4ld cache full overflows (%ld allowed)\n", 1962656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_sess_cache_full(ssl_ctx), 1963656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_sess_get_cache_size(ssl_ctx)); 1964656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1965656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1966656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int sv_body(char *hostname, int s, unsigned char *context) 1967656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1968656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *buf=NULL; 1969656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fd_set readfds; 1970656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret=1,width; 1971656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int k,i; 1972656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long l; 1973656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL *con=NULL; 1974656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *sbio; 1975392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_KRB5 1976392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom KSSL_CTX *kctx; 1977392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 197898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom struct timeval timeout; 1979221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5) 1980656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project struct timeval tv; 198198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom#else 198298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom struct timeval *timeoutp; 1983656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 1984656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1985656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((buf=OPENSSL_malloc(bufsize)) == NULL) 1986656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1987656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"out of memory\n"); 1988656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 1989656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 1990656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef FIONBIO 1991656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s_nbio) 1992656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 1993656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long sl=1; 1994656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1995656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s_quiet) 1996656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"turning on non blocking io\n"); 1997656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0) 1998656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 1999656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2000656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2001656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2002656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (con == NULL) { 2003656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project con=SSL_new(ctx); 2004656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 2005656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s_tlsextdebug) 2006656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2007656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_tlsext_debug_callback(con, tlsext_cb); 2008656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_tlsext_debug_arg(con, bio_s_out); 2009656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2010656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s_tlsextstatus) 2011656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2012656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb); 2013656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tlscstatp.err = bio_err; 2014656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp); 2015656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2016656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2017656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_KRB5 2018392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if ((kctx = kssl_ctx_new()) != NULL) 2019656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2020392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSL_set0_kssl_ctx(con, kctx); 2021392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC); 2022392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB); 2023656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2024656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif /* OPENSSL_NO_KRB5 */ 2025656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(context) 2026656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_session_id_context(con, context, 2027656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project strlen((char *)context)); 2028656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2029656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_clear(con); 2030221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#if 0 2031221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifdef TLSEXT_TYPE_opaque_prf_input 2032221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSL_set_tlsext_opaque_prf_input(con, "Test server", 11); 2033221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 2034221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 2035656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2036656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (SSL_version(con) == DTLS1_VERSION) 2037656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2038656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2039656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sbio=BIO_new_dgram(s,BIO_NOCLOSE); 2040656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2041221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (enable_timeouts) 2042656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2043656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timeout.tv_sec = 0; 2044656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timeout.tv_usec = DGRAM_RCV_TIMEOUT; 2045656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); 2046656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2047656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timeout.tv_sec = 0; 2048656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project timeout.tv_usec = DGRAM_SND_TIMEOUT; 2049656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout); 2050656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2051656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 205298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (socket_mtu > 28) 2053656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2054656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_options(con, SSL_OP_NO_QUERY_MTU); 205598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSL_set_mtu(con, socket_mtu - 28); 2056656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2057656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2058656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* want to do MTU discovery */ 2059656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); 2060656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2061656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* turn on cookie exchange */ 2062656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE); 2063656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2064656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2065656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sbio=BIO_new_socket(s,BIO_NOCLOSE); 2066656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2067656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s_nbio_test) 2068656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2069656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *test; 2070656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2071656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project test=BIO_new(BIO_f_nbio_test()); 2072656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sbio=BIO_push(test,sbio); 2073656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2074e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu#ifndef OPENSSL_NO_JPAKE 2075e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu if(jpake_secret) 2076e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu jpake_server_auth(bio_s_out, sbio, jpake_secret); 2077e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu#endif 2078e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu 2079656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_bio(con,sbio,sbio); 2080656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_accept_state(con); 2081656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* SSL_set_fd(con,s); */ 2082656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2083656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s_debug) 2084656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2085392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSL_set_debug(con, 1); 2086656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_set_callback(SSL_get_rbio(con),bio_dump_callback); 2087656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out); 2088656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2089656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s_msg) 2090656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2091656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_msg_callback(con, msg_cb); 2092656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_msg_callback_arg(con, bio_s_out); 2093656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2094656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 2095656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s_tlsextdebug) 2096656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2097656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_tlsext_debug_callback(con, tlsext_cb); 2098656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_tlsext_debug_arg(con, bio_s_out); 2099656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2100656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2101656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2102656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project width=s+1; 2103656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (;;) 2104656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2105656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int read_from_terminal; 2106656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int read_from_sslcon; 2107656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2108656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project read_from_terminal = 0; 2109656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project read_from_sslcon = SSL_pending(con); 2110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!read_from_sslcon) 2112656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project FD_ZERO(&readfds); 2114221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_BEOS_R5) 2115221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom openssl_fdset(fileno(stdin),&readfds); 2116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2117221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom openssl_fdset(s,&readfds); 2118656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Note: under VMS with SOCKETSHR the second parameter is 2119656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * currently of type (int *) whereas under other systems 2120656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * it is (void *) if you don't have a cast it will choke 2121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the compiler: if you do have a cast then you can either 2122656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * go for (int *) or (void *). 2123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 2124656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) 2125656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Under DOS (non-djgpp) and Windows we can't select on stdin: only 2126656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * on sockets. As a workaround we timeout the select every 2127656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * second and check for any keypress. In a proper Windows 2128656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * application we wouldn't do this because it is inefficient. 2129656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 2130656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tv.tv_sec = 1; 2131656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tv.tv_usec = 0; 2132656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=select(width,(void *)&readfds,NULL,NULL,&tv); 2133656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if((i < 0) || (!i && !_kbhit() ) )continue; 2134656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(_kbhit()) 2135656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project read_from_terminal = 1; 2136221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#elif defined(OPENSSL_SYS_BEOS_R5) 2137221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* Under BeOS-R5 the situation is similar to DOS */ 2138221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom tv.tv_sec = 1; 2139221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom tv.tv_usec = 0; 2140221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom (void)fcntl(fileno(stdin), F_SETFL, O_NONBLOCK); 2141221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom i=select(width,(void *)&readfds,NULL,NULL,&tv); 2142221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((i < 0) || (!i && read(fileno(stdin), buf, 0) < 0)) 2143221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom continue; 2144221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (read(fileno(stdin), buf, 0) >= 0) 2145221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom read_from_terminal = 1; 2146221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom (void)fcntl(fileno(stdin), F_SETFL, 0); 2147656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 214898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if ((SSL_version(con) == DTLS1_VERSION) && 214998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom DTLSv1_get_timeout(con, &timeout)) 215098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom timeoutp = &timeout; 215198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom else 215298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom timeoutp = NULL; 215398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 215498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom i=select(width,(void *)&readfds,NULL,NULL,timeoutp); 215598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 215698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0) 215798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 215898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom BIO_printf(bio_err,"TIMEOUT occured\n"); 215998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 216098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 2161656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i <= 0) continue; 2162656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (FD_ISSET(fileno(stdin),&readfds)) 2163656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project read_from_terminal = 1; 2164656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2165656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (FD_ISSET(s,&readfds)) 2166656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project read_from_sslcon = 1; 2167656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2168656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (read_from_terminal) 2169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2170656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s_crlf) 2171656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2172656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int j, lf_num; 2173656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2174221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom i=raw_read_stdin(buf, bufsize/2); 2175656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project lf_num = 0; 2176656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* both loops are skipped when i <= 0 */ 2177656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (j = 0; j < i; j++) 2178656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (buf[j] == '\n') 2179656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project lf_num++; 2180656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (j = i-1; j >= 0; j--) 2181656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2182656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project buf[j+lf_num] = buf[j]; 2183656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (buf[j] == '\n') 2184656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2185656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project lf_num--; 2186656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i++; 2187656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project buf[j+lf_num] = '\r'; 2188656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2189656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2190656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project assert(lf_num == 0); 2191656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2192656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2193221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom i=raw_read_stdin(buf,bufsize); 2194656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s_quiet) 2195656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2196656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((i <= 0) || (buf[0] == 'Q')) 2197656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2198656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_s_out,"DONE\n"); 2199656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SHUTDOWN(s); 2200656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project close_accept_socket(); 2201656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret= -11; 2202656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2203656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2204656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((i <= 0) || (buf[0] == 'q')) 2205656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2206656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_s_out,"DONE\n"); 2207656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (SSL_version(con) != DTLS1_VERSION) 2208656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SHUTDOWN(s); 2209656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* close_accept_socket(); 2210656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret= -11;*/ 2211656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2212656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2213221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 2214392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_HEARTBEATS 2215392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if ((buf[0] == 'B') && 2216392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom ((buf[1] == '\n') || (buf[1] == '\r'))) 2217392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2218392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_err,"HEARTBEATING\n"); 2219392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSL_heartbeat(con); 2220392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom i=0; 2221392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom continue; 2222392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2223392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 2224656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((buf[0] == 'r') && 2225656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ((buf[1] == '\n') || (buf[1] == '\r'))) 2226656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2227656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_renegotiate(con); 2228656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=SSL_do_handshake(con); 2229656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project printf("SSL_do_handshake -> %d\n",i); 2230656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=0; /*13; */ 2231656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project continue; 2232656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* strcpy(buf,"server side RE-NEGOTIATE\n"); */ 2233656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2234656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((buf[0] == 'R') && 2235656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ((buf[1] == '\n') || (buf[1] == '\r'))) 2236656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2237656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_verify(con, 2238656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL); 2239656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_renegotiate(con); 2240656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=SSL_do_handshake(con); 2241656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project printf("SSL_do_handshake -> %d\n",i); 2242656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=0; /* 13; */ 2243656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project continue; 2244656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n"); */ 2245656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2246656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (buf[0] == 'P') 2247656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2248656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project static const char *str="Lets print some clear text\n"; 2249656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_write(SSL_get_wbio(con),str,strlen(str)); 2250656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2251656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (buf[0] == 'S') 2252656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2253656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project print_stats(bio_s_out,SSL_get_SSL_CTX(con)); 2254656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2255656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2256656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef CHARSET_EBCDIC 2257656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ebcdic2ascii(buf,buf,i); 2258656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2259656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project l=k=0; 2260656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (;;) 2261656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2262656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* should do a select for the write */ 2263656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef RENEG 2264656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project{ static count=0; if (++count == 100) { count=0; SSL_renegotiate(con); } } 2265656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2266656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project k=SSL_write(con,&(buf[l]),(unsigned int)i); 2267392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_SRP 2268392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom while (SSL_get_error(con,k) == SSL_ERROR_WANT_X509_LOOKUP) 2269392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2270392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_s_out,"LOOKUP renego during write\n"); 2271392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login); 2272392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (srp_callback_parm.user) 2273392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_s_out,"LOOKUP done %s\n",srp_callback_parm.user->info); 2274392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else 2275392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_s_out,"LOOKUP not successful\n"); 2276392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom k=SSL_write(con,&(buf[l]),(unsigned int)i); 2277392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2278392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 2279656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch (SSL_get_error(con,k)) 2280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2281656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ERROR_NONE: 2282656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 2283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ERROR_WANT_WRITE: 2284656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ERROR_WANT_READ: 2285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ERROR_WANT_X509_LOOKUP: 2286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_s_out,"Write BLOCK\n"); 2287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 2288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ERROR_SYSCALL: 2289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ERROR_SSL: 2290656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_s_out,"ERROR\n"); 2291656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 2292656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=1; 2293656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2294656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* break; */ 2295656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ERROR_ZERO_RETURN: 2296656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_s_out,"DONE\n"); 2297656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=1; 2298656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2299656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2300656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project l+=k; 2301656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i-=k; 2302656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i <= 0) break; 2303656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2304656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2305656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (read_from_sslcon) 2306656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2307656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!SSL_is_init_finished(con)) 2308656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2309656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=init_ssl_connection(con); 2310656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2311656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i < 0) 2312656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2313656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=0; 2314656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2315656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2316656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (i == 0) 2317656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2318656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=1; 2319656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2320656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2321656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2322656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2323656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2324656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectagain: 2325656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=SSL_read(con,(char *)buf,bufsize); 2326392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_SRP 2327392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom while (SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP) 2328392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2329392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_s_out,"LOOKUP renego during read\n"); 2330392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login); 2331392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (srp_callback_parm.user) 2332392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_s_out,"LOOKUP done %s\n",srp_callback_parm.user->info); 2333392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else 2334392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_s_out,"LOOKUP not successful\n"); 2335392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom i=SSL_read(con,(char *)buf,bufsize); 2336392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2337392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 2338656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch (SSL_get_error(con,i)) 2339656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2340656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ERROR_NONE: 2341656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef CHARSET_EBCDIC 2342656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ascii2ebcdic(buf,buf,i); 2343656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2344221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom raw_write_stdout(buf, 2345656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (unsigned int)i); 2346656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (SSL_pending(con)) goto again; 2347656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 2348656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ERROR_WANT_WRITE: 2349656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ERROR_WANT_READ: 2350656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_s_out,"Read BLOCK\n"); 2351656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 2352656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ERROR_SYSCALL: 2353656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ERROR_SSL: 2354656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_s_out,"ERROR\n"); 2355656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 2356656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=1; 2357656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2358656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ERROR_ZERO_RETURN: 2359656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_s_out,"DONE\n"); 2360656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=1; 2361656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2362656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2363656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2364656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2365656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2366656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 2367221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (con != NULL) 2368221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 2369221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_printf(bio_s_out,"shutting down SSL\n"); 2370656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 1 2371221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 2372656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 2373221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSL_shutdown(con); 2374656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2375221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom SSL_free(con); 2376221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 2377656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_s_out,"CONNECTION CLOSED\n"); 2378656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (buf != NULL) 2379656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2380656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_cleanse(buf,bufsize); 2381656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(buf); 2382656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2383656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret >= 0) 2384656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_s_out,"ACCEPT\n"); 2385656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 2386656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2387656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2388656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic void close_accept_socket(void) 2389656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2390656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"shutdown accept socket\n"); 2391656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (accept_socket >= 0) 2392656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2393656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SHUTDOWN2(accept_socket); 2394656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2395656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2396656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2397656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int init_ssl_connection(SSL *con) 2398656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2399656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i; 2400656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const char *str; 2401656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509 *peer; 2402656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project long verify_error; 2403656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project MS_STATIC char buf[BUFSIZ]; 2404392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_KRB5 2405392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom char *client_princ; 2406392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 2407bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 2408bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen const unsigned char *next_proto_neg; 2409bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen unsigned next_proto_neg_len; 2410bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#endif 2411392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom unsigned char *exportedkeymat; 2412656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2413392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2414392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom i=SSL_accept(con); 2415392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_SRP 2416392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom while (i <= 0 && SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP) 2417392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2418392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_s_out,"LOOKUP during accept %s\n",srp_callback_parm.login); 2419392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login); 2420392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (srp_callback_parm.user) 2421392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_s_out,"LOOKUP done %s\n",srp_callback_parm.user->info); 2422392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else 2423392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_s_out,"LOOKUP not successful\n"); 2424392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom i=SSL_accept(con); 2425392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2426392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 2427392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (i <= 0) 2428656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2429656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BIO_sock_should_retry(i)) 2430656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2431656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_s_out,"DELAY\n"); 2432656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 2433656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2434656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2435656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"ERROR\n"); 2436656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project verify_error=SSL_get_verify_result(con); 2437656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (verify_error != X509_V_OK) 2438656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2439656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"verify error:%s\n", 2440656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_verify_cert_error_string(verify_error)); 2441656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2442656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2443656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 2444656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 2445656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2446656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2447656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project PEM_write_bio_SSL_SESSION(bio_s_out,SSL_get_session(con)); 2448656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2449656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project peer=SSL_get_peer_certificate(con); 2450656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (peer != NULL) 2451656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2452656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_s_out,"Client certificate\n"); 2453656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project PEM_write_bio_X509(bio_s_out,peer); 2454656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_NAME_oneline(X509_get_subject_name(peer),buf,sizeof buf); 2455656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_s_out,"subject=%s\n",buf); 2456656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_NAME_oneline(X509_get_issuer_name(peer),buf,sizeof buf); 2457656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_s_out,"issuer=%s\n",buf); 2458656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_free(peer); 2459656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2460656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2461656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL) 2462656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); 2463656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); 2464656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); 246504ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom 2466bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 2467bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len); 2468bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen if (next_proto_neg) 2469bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen { 2470bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen BIO_printf(bio_s_out,"NEXTPROTO is "); 2471bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len); 2472bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen BIO_printf(bio_s_out, "\n"); 2473bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen } 2474bf9ac266e34f910ace31880ea92b8deaf6212aa6Kristian Monsen#endif 2475eeffacea337ec6a275e4c496acd12ca67a244533Brian Carlstrom#ifndef OPENSSL_NO_SRTP 2476392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2477392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SRTP_PROTECTION_PROFILE *srtp_profile 2478392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom = SSL_get_selected_srtp_profile(con); 2479392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2480392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if(srtp_profile) 2481392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_s_out,"SRTP Extension negotiated, profile=%s\n", 2482392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom srtp_profile->name); 2483392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2484eeffacea337ec6a275e4c496acd12ca67a244533Brian Carlstrom#endif 2485392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (SSL_cache_hit(con)) BIO_printf(bio_s_out,"Reused session-id\n"); 2486656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & 2487656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project TLS1_FLAGS_TLS_PADDING_BUG) 2488392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_s_out, 2489392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom "Peer has incorrect TLSv1 block padding\n"); 2490656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_KRB5 2491392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom client_princ = kssl_ctx_get0_client_princ(SSL_get0_kssl_ctx(con)); 2492392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (client_princ != NULL) 2493656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2494656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_s_out,"Kerberos peer principal is %s\n", 2495392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom client_princ); 2496656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2497656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif /* OPENSSL_NO_KRB5 */ 249898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", 249998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); 2500392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (keymatexportlabel != NULL) 2501392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2502392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_s_out, "Keying material exporter:\n"); 2503392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_s_out, " Label: '%s'\n", keymatexportlabel); 2504392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_s_out, " Length: %i bytes\n", 2505392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom keymatexportlen); 2506392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom exportedkeymat = OPENSSL_malloc(keymatexportlen); 2507392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (exportedkeymat != NULL) 2508392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2509392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (!SSL_export_keying_material(con, exportedkeymat, 2510392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom keymatexportlen, 2511392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom keymatexportlabel, 2512392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom strlen(keymatexportlabel), 2513392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom NULL, 0, 0)) 2514392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2515392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_s_out, " Error\n"); 2516392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2517392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else 2518392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2519392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_s_out, " Keying material: "); 2520392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom for (i=0; i<keymatexportlen; i++) 2521392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_s_out, "%02X", 2522392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom exportedkeymat[i]); 2523392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_s_out, "\n"); 2524392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2525392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom OPENSSL_free(exportedkeymat); 2526392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2527392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2528392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 2529656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 2530656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2531656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2532656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_DH 2533656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic DH *load_dh_param(const char *dhfile) 2534656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2535656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project DH *ret=NULL; 2536656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *bio; 2537656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2538656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((bio=BIO_new_file(dhfile,"r")) == NULL) 2539656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2540656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=PEM_read_bio_DHparams(bio,NULL,NULL,NULL); 2541656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 2542656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (bio != NULL) BIO_free(bio); 2543656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 2544656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2545656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2546392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_KRB5 2547392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom char *client_princ; 2548392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 2549656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2550656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 0 2551656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int load_CA(SSL_CTX *ctx, char *file) 2552656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2553656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project FILE *in; 2554656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509 *x=NULL; 2555656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2556656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((in=fopen(file,"r")) == NULL) 2557656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 2558656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2559656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (;;) 2560656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2561656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (PEM_read_X509(in,&x,NULL) == NULL) 2562656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 2563656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CTX_add_client_CA(ctx,x); 2564656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2565656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (x != NULL) X509_free(x); 2566656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fclose(in); 2567656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 2568656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2569656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2570656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2571656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int www_body(char *hostname, int s, unsigned char *context) 2572656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2573656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *buf=NULL; 2574656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret=1; 257543c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom int i,j,k,dot; 2576656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL *con; 2577221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom const SSL_CIPHER *c; 2578656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *io,*ssl_bio,*sbio; 2579392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_KRB5 2580392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom KSSL_CTX *kctx; 2581392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 2582656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2583656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project buf=OPENSSL_malloc(bufsize); 2584656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (buf == NULL) return(0); 2585656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project io=BIO_new(BIO_f_buffer()); 2586656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl_bio=BIO_new(BIO_f_ssl()); 2587656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((io == NULL) || (ssl_bio == NULL)) goto err; 2588656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2589656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef FIONBIO 2590656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s_nbio) 2591656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2592656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long sl=1; 2593656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2594656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s_quiet) 2595656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"turning on non blocking io\n"); 2596656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0) 2597656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 2598656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2599656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2600656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2601656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* lets make the output buffer a reasonable size */ 2602656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BIO_set_write_buffer_size(io,bufsize)) goto err; 2603656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2604656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((con=SSL_new(ctx)) == NULL) goto err; 2605656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_TLSEXT 2606656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s_tlsextdebug) 2607656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2608656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_tlsext_debug_callback(con, tlsext_cb); 2609656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_tlsext_debug_arg(con, bio_s_out); 2610656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2611656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2612656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_KRB5 2613392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if ((kctx = kssl_ctx_new()) != NULL) 2614656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2615392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC); 2616392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB); 2617656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2618656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif /* OPENSSL_NO_KRB5 */ 2619656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(context) SSL_set_session_id_context(con, context, 2620656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project strlen((char *)context)); 2621656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2622656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sbio=BIO_new_socket(s,BIO_NOCLOSE); 2623656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s_nbio_test) 2624656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2625656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *test; 2626656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2627656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project test=BIO_new(BIO_f_nbio_test()); 2628656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sbio=BIO_push(test,sbio); 2629656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2630656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_bio(con,sbio,sbio); 2631656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_accept_state(con); 2632656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2633656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* SSL_set_fd(con,s); */ 2634656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_set_ssl(ssl_bio,con,BIO_CLOSE); 2635656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_push(io,ssl_bio); 2636656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef CHARSET_EBCDIC 2637656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project io = BIO_push(BIO_new(BIO_f_ebcdic_filter()),io); 2638656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2639656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2640656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s_debug) 2641656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2642392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom SSL_set_debug(con, 1); 2643656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_set_callback(SSL_get_rbio(con),bio_dump_callback); 2644656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out); 2645656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2646656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (s_msg) 2647656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2648656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_msg_callback(con, msg_cb); 2649656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_msg_callback_arg(con, bio_s_out); 2650656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2651656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2652656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (;;) 2653656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2654656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (hack) 2655656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2656656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=SSL_accept(con); 2657392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_SRP 2658392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom while (i <= 0 && SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP) 2659392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 2660392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_s_out,"LOOKUP during accept %s\n",srp_callback_parm.login); 2661392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login); 2662392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (srp_callback_parm.user) 2663392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_s_out,"LOOKUP done %s\n",srp_callback_parm.user->info); 2664392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom else 2665392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(bio_s_out,"LOOKUP not successful\n"); 2666392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom i=SSL_accept(con); 2667392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 2668392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 2669656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch (SSL_get_error(con,i)) 2670656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2671656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ERROR_NONE: 2672656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 2673656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ERROR_WANT_WRITE: 2674656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ERROR_WANT_READ: 2675656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ERROR_WANT_X509_LOOKUP: 2676656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project continue; 2677656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ERROR_SYSCALL: 2678656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ERROR_SSL: 2679656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL_ERROR_ZERO_RETURN: 2680656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=1; 2681656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2682656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* break; */ 2683656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2684656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2685656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_renegotiate(con); 2686656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_write(con,NULL,0); 2687656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2688656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2689656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=BIO_gets(io,buf,bufsize-1); 2690656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i < 0) /* error */ 2691656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2692656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BIO_should_retry(io)) 2693656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2694656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s_quiet) 2695656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 2696656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 2697656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2698656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2699656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2700656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_s_out,"read R BLOCK\n"); 2701656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if defined(OPENSSL_SYS_NETWARE) 2702656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project delay(1000); 2703656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__) 2704656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sleep(1); 2705656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2706656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project continue; 2707656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2708656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2709656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (i == 0) /* end of input */ 2710656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2711656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=1; 2712656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; 2713656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2714656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2715656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* else we have data */ 2716656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ( ((www == 1) && (strncmp("GET ",buf,4) == 0)) || 2717656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ((www == 2) && (strncmp("GET /stats ",buf,10) == 0))) 2718656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2719656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *p; 2720656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509 *peer; 2721656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(SSL_CIPHER) *sk; 2722656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project static const char *space=" "; 2723656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2724656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); 2725656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(io,"<HTML><BODY BGCOLOR=\"#ffffff\">\n"); 2726656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(io,"<pre>\n"); 2727656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/ 2728656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(io,"\n"); 2729656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i=0; i<local_argc; i++) 2730656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2731656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(io,local_argv[i]); 2732656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_write(io," ",1); 2733656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2734656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(io,"\n"); 2735656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 273604ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom BIO_printf(io, 273704ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom "Secure Renegotiation IS%s supported\n", 273804ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom SSL_get_secure_renegotiation_support(con) ? 273904ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom "" : " NOT"); 274004ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom 2741656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* The following is evil and should not really 2742656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * be done */ 2743656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(io,"Ciphers supported in s_server binary\n"); 2744656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk=SSL_get_ciphers(con); 2745656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j=sk_SSL_CIPHER_num(sk); 2746656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i=0; i<j; i++) 2747656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2748656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project c=sk_SSL_CIPHER_value(sk,i); 2749656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(io,"%-11s:%-25s", 2750656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CIPHER_get_version(c), 2751656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CIPHER_get_name(c)); 2752656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((((i+1)%2) == 0) && (i+1 != j)) 2753656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(io,"\n"); 2754656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2755656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(io,"\n"); 2756656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p=SSL_get_shared_ciphers(con,buf,bufsize); 2757656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (p != NULL) 2758656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2759656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(io,"---\nCiphers common between both SSL end points:\n"); 2760656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j=i=0; 2761656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project while (*p) 2762656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2763656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (*p == ':') 2764656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2765656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_write(io,space,26-j); 2766656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i++; 2767656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j=0; 2768656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_write(io,((i%3)?" ":"\n"),1); 2769656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2770656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2771656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2772656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_write(io,p,1); 2773656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j++; 2774656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2775656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p++; 2776656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2777656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(io,"\n"); 2778656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2779392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom BIO_printf(io,(SSL_cache_hit(con) 2780656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ?"---\nReused, " 2781656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project :"---\nNew, ")); 2782656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project c=SSL_get_current_cipher(con); 2783656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(io,"%s, Cipher is %s\n", 2784656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CIPHER_get_version(c), 2785656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_CIPHER_get_name(c)); 2786656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_SESSION_print(io,SSL_get_session(con)); 2787656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(io,"---\n"); 2788656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project print_stats(io,SSL_get_SSL_CTX(con)); 2789656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(io,"---\n"); 2790656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project peer=SSL_get_peer_certificate(con); 2791656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (peer != NULL) 2792656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2793656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(io,"Client certificate\n"); 2794656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_print(io,peer); 2795656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project PEM_write_bio_X509(io,peer); 2796656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2797656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2798656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(io,"no client certificate available\n"); 2799656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(io,"</BODY></HTML>\r\n\r\n"); 2800656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 2801656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2802656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if ((www == 2 || www == 3) 2803656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project && (strncmp("GET /",buf,5) == 0)) 2804656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2805656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *file; 2806656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *p,*e; 2807656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project static const char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"; 2808656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2809656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* skip the '/' */ 2810656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p= &(buf[5]); 2811656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2812656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dot = 1; 2813656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (e=p; *e != '\0'; e++) 2814656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2815656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (e[0] == ' ') 2816656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 2817656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2818656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch (dot) 2819656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2820656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 1: 2821656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dot = (e[0] == '.') ? 2 : 0; 2822656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 2823656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 2: 2824656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dot = (e[0] == '.') ? 3 : 0; 2825656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 2826656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 3: 2827656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dot = (e[0] == '/') ? -1 : 0; 2828656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 2829656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2830656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dot == 0) 2831656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dot = (e[0] == '/') ? 1 : 0; 2832656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2833656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dot = (dot == 3) || (dot == -1); /* filename contains ".." component */ 2834656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2835656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (*e == '\0') 2836656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2837656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(io,text); 2838656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(io,"'%s' is an invalid file name\r\n",p); 2839656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 2840656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2841656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *e='\0'; 2842656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2843656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (dot) 2844656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2845656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(io,text); 2846656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(io,"'%s' contains '..' reference\r\n",p); 2847656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 2848656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2849656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2850656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (*p == '/') 2851656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2852656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(io,text); 2853656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(io,"'%s' is an invalid path\r\n",p); 2854656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 2855656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2856656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2857656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 0 2858656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* append if a directory lookup */ 2859656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (e[-1] == '/') 2860656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project strcat(p,"index.html"); 2861656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2862656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2863656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* if a directory, do the index thang */ 2864221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (app_isdir(p)>0) 2865656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2866656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 0 /* must check buffer size */ 2867656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project strcat(p,"/index.html"); 2868656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 2869656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(io,text); 2870656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(io,"'%s' is a directory\r\n",p); 2871656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 2872656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2873656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2874656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2875656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((file=BIO_new_file(p,"r")) == NULL) 2876656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2877656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(io,text); 2878656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(io,"Error opening '%s'\r\n",p); 2879656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(io); 2880656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 2881656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2882656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2883656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s_quiet) 2884656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"FILE:%s\n",p); 2885656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2886656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (www == 2) 2887656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2888656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=strlen(p); 2889656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ( ((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) || 2890656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) || 2891656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ((i > 4) && (strcmp(&(p[i-4]),".htm") == 0))) 2892656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); 2893656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2894656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"); 2895656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2896656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* send the file */ 2897656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (;;) 2898656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2899656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=BIO_read(file,buf,bufsize); 2900656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i <= 0) break; 2901656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2902656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef RENEG 2903656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project total_bytes+=i; 2904656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stderr,"%d\n",i); 2905656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (total_bytes > 3*1024) 2906656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2907656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project total_bytes=0; 2908656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project fprintf(stderr,"RENEGOTIATE\n"); 2909656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_renegotiate(con); 2910656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2911656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2912656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2913656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (j=0; j<i; ) 2914656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2915656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef RENEG 2916656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project{ static count=0; if (++count == 13) { SSL_renegotiate(con); } } 2917656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2918656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project k=BIO_write(io,&(buf[j]),i-j); 2919656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (k <= 0) 2920656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2921656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BIO_should_retry(io)) 2922656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto write_error; 2923656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2924656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2925656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_s_out,"rwrite W BLOCK\n"); 2926656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2927656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2928656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2929656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2930656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j+=k; 2931656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2932656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2933656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2934656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectwrite_error: 2935656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_free(file); 2936656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 2937656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2938656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2939656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2940656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (;;) 2941656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2942656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=(int)BIO_flush(io); 2943656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i <= 0) 2944656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2945656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BIO_should_retry(io)) 2946656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 2947656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2948656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 2949656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 2950656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2951656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectend: 2952656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 1 2953656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* make sure we re-use sessions */ 2954656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); 2955656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 2956656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* This kills performance */ 2957656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* SSL_shutdown(con); A shutdown gets sent in the 2958656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * BIO_free_all(io) procession */ 2959656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 2960656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2961656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 2962656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2963656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret >= 0) 2964656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_s_out,"ACCEPT\n"); 2965656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2966656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (buf != NULL) OPENSSL_free(buf); 2967656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (io != NULL) BIO_free_all(io); 2968656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* if (ssl_bio != NULL) BIO_free(ssl_bio);*/ 2969656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 2970656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2971656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2972656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_RSA 2973656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) 2974656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2975656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *bn = NULL; 2976656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project static RSA *rsa_tmp=NULL; 2977656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2978656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rsa_tmp && ((bn = BN_new()) == NULL)) 2979656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Allocation error in generating RSA key\n"); 2980656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rsa_tmp && bn) 2981656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2982656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s_quiet) 2983656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2984656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength); 2985656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (void)BIO_flush(bio_err); 2986656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2987656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) || 2988656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project !RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) 2989656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2990656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(rsa_tmp) RSA_free(rsa_tmp); 2991656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rsa_tmp = NULL; 2992656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2993656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s_quiet) 2994656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2995656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"\n"); 2996656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (void)BIO_flush(bio_err); 2997656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2998656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_free(bn); 2999656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3000656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(rsa_tmp); 3001656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3002656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 3003656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 3004656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define MAX_SESSION_ID_ATTEMPTS 10 3005656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int generate_session_id(const SSL *ssl, unsigned char *id, 3006656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned int *id_len) 3007656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 3008656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned int count = 0; 3009656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project do { 3010656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RAND_pseudo_bytes(id, *id_len); 3011656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Prefix the session_id with the required prefix. NB: If our 3012656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * prefix is too long, clip it - but there will be worse effects 3013656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * anyway, eg. the server could only possibly create 1 session 3014656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ID (ie. the prefix!) so all future session negotiations will 3015656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * fail due to conflicts. */ 3016656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(id, session_id_prefix, 3017656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (strlen(session_id_prefix) < *id_len) ? 3018656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project strlen(session_id_prefix) : *id_len); 3019656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3020656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project while(SSL_has_matching_session_id(ssl, id, *id_len) && 3021656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (++count < MAX_SESSION_ID_ATTEMPTS)); 3022656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(count >= MAX_SESSION_ID_ATTEMPTS) 3023656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 3024656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 3025656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 3026