isaacpittman-hitachi / rpms / openssl

Forked from rpms/openssl 2 years ago
Clone
Blob Blame History Raw
diff -up openssl-1.0.2a/apps/s_apps.h.ipv6-apps openssl-1.0.2a/apps/s_apps.h
--- openssl-1.0.2a/apps/s_apps.h.ipv6-apps	2015-04-20 15:01:24.029120104 +0200
+++ openssl-1.0.2a/apps/s_apps.h	2015-04-20 15:05:00.353137701 +0200
@@ -151,7 +151,7 @@ typedef fd_mask fd_set;
 #define PORT_STR        "4433"
 #define PROTOCOL        "tcp"
 
-int do_server(int port, int type, int *ret,
+int do_server(char *port, int type, int *ret,
               int (*cb) (char *hostname, int s, int stype,
                          unsigned char *context), unsigned char *context,
               int naccept);
@@ -167,11 +167,10 @@ int ssl_print_point_formats(BIO *out, SS
 int ssl_print_curves(BIO *out, SSL *s, int noshared);
 #endif
 int ssl_print_tmp_key(BIO *out, SSL *s);
-int init_client(int *sock, char *server, int port, int type);
+int init_client(int *sock, char *server, char *port, int type);
 int should_retry(int i);
 int extract_port(char *str, short *port_ptr);
-int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
-                      short *p);
+int extract_host_port(char *str, char **host_ptr, char **port_ptr);
 
 long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
                                    int argi, long argl, long ret);
diff -up openssl-1.0.2a/apps/s_client.c.ipv6-apps openssl-1.0.2a/apps/s_client.c
--- openssl-1.0.2a/apps/s_client.c.ipv6-apps	2015-04-20 15:01:24.022119942 +0200
+++ openssl-1.0.2a/apps/s_client.c	2015-04-20 15:06:42.338503234 +0200
@@ -662,7 +662,7 @@ int MAIN(int argc, char **argv)
     int cbuf_len, cbuf_off;
     int sbuf_len, sbuf_off;
     fd_set readfds, writefds;
-    short port = PORT;
+    char *port_str = PORT_STR;
     int full_log = 1;
     char *host = SSL_HOST_NAME;
     char *cert_file = NULL, *key_file = NULL, *chain_file = NULL;
@@ -785,13 +785,11 @@ int MAIN(int argc, char **argv)
         } else if (strcmp(*argv, "-port") == 0) {
             if (--argc < 1)
                 goto bad;
-            port = atoi(*(++argv));
-            if (port == 0)
-                goto bad;
+            port_str = *(++argv);
         } else if (strcmp(*argv, "-connect") == 0) {
             if (--argc < 1)
                 goto bad;
-            if (!extract_host_port(*(++argv), &host, NULL, &port))
+            if (!extract_host_port(*(++argv), &host, &port_str))
                 goto bad;
         } else if (strcmp(*argv, "-verify") == 0) {
             verify = SSL_VERIFY_PEER;
@@ -1417,7 +1415,7 @@ int MAIN(int argc, char **argv)
 
  re_start:
 
-    if (init_client(&s, host, port, socket_type) == 0) {
+    if (init_client(&s, host, port_str, socket_type) == 0) {
         BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error());
         SHUTDOWN(s);
         goto end;
diff -up openssl-1.0.2a/apps/s_server.c.ipv6-apps openssl-1.0.2a/apps/s_server.c
--- openssl-1.0.2a/apps/s_server.c.ipv6-apps	2015-04-20 15:01:24.030120127 +0200
+++ openssl-1.0.2a/apps/s_server.c	2015-04-20 15:10:47.245187746 +0200
@@ -1061,7 +1061,7 @@ int MAIN(int argc, char *argv[])
 {
     X509_VERIFY_PARAM *vpm = NULL;
     int badarg = 0;
-    short port = PORT;
+    char *port_str = PORT_STR;
     char *CApath = NULL, *CAfile = NULL;
     char *chCApath = NULL, *chCAfile = NULL;
     char *vfyCApath = NULL, *vfyCAfile = NULL;
@@ -1148,7 +1148,8 @@ int MAIN(int argc, char *argv[])
         if ((strcmp(*argv, "-port") == 0) || (strcmp(*argv, "-accept") == 0)) {
             if (--argc < 1)
                 goto bad;
-            if (!extract_port(*(++argv), &port))
+            port_str = *(++argv);
+            if (port_str == NULL || *port_str == '\0')
                 goto bad;
         } else if (strcmp(*argv, "-naccept") == 0) {
             if (--argc < 1)
@@ -2020,13 +2021,13 @@ int MAIN(int argc, char *argv[])
     BIO_printf(bio_s_out, "ACCEPT\n");
     (void)BIO_flush(bio_s_out);
     if (rev)
-        do_server(port, socket_type, &accept_socket, rev_body, context,
+        do_server(port_str, socket_type, &accept_socket, rev_body, context,
                   naccept);
     else if (www)
-        do_server(port, socket_type, &accept_socket, www_body, context,
+        do_server(port_str, socket_type, &accept_socket, www_body, context,
                   naccept);
     else
-        do_server(port, socket_type, &accept_socket, sv_body, context,
+        do_server(port_str, socket_type, &accept_socket, sv_body, context,
                   naccept);
     print_stats(bio_s_out, ctx);
     ret = 0;
diff -up openssl-1.0.2a/apps/s_socket.c.ipv6-apps openssl-1.0.2a/apps/s_socket.c
--- openssl-1.0.2a/apps/s_socket.c.ipv6-apps	2015-03-19 14:30:36.000000000 +0100
+++ openssl-1.0.2a/apps/s_socket.c	2015-04-20 15:32:53.960079507 +0200
@@ -106,9 +106,7 @@ static struct hostent *GetHostByName(cha
 static void ssl_sock_cleanup(void);
 # endif
 static int ssl_sock_init(void);
-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type);
-static int init_server(int *sock, int port, int type);
-static int init_server_long(int *sock, int port, char *ip, int type);
+static int init_server(int *sock, char *port, int type);
 static int do_accept(int acc_sock, int *sock, char **host);
 static int host_ip(char *str, unsigned char ip[4]);
 
@@ -231,65 +229,66 @@ static int ssl_sock_init(void)
     return (1);
 }
 
-int init_client(int *sock, char *host, int port, int type)
+int init_client(int *sock, char *host, char *port, int type)
 {
-    unsigned char ip[4];
-
-    memset(ip, '\0', sizeof ip);
-    if (!host_ip(host, &(ip[0])))
-        return 0;
-    return init_client_ip(sock, ip, port, type);
-}
-
-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
-{
-    unsigned long addr;
-    struct sockaddr_in them;
-    int s, i;
+    struct addrinfo *res, *res0, hints;
+    char *failed_call = NULL;
+    int s;
+    int e;
 
     if (!ssl_sock_init())
         return (0);
 
-    memset((char *)&them, 0, sizeof(them));
-    them.sin_family = AF_INET;
-    them.sin_port = htons((unsigned short)port);
-    addr = (unsigned long)
-        ((unsigned long)ip[0] << 24L) |
-        ((unsigned long)ip[1] << 16L) |
-        ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]);
-    them.sin_addr.s_addr = htonl(addr);
-
-    if (type == SOCK_STREAM)
-        s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
-    else                        /* ( type == SOCK_DGRAM) */
-        s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
-
-    if (s == INVALID_SOCKET) {
-        perror("socket");
+    memset(&hints, '\0', sizeof(hints));
+    hints.ai_socktype = type;
+    hints.ai_flags = AI_ADDRCONFIG;
+
+    e = getaddrinfo(host, port, &hints, &res);
+    if (e) {
+        fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
+        if (e == EAI_SYSTEM)
+            perror("getaddrinfo");
         return (0);
     }
+
+    res0 = res;
+    while (res) {
+        s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+        if (s == INVALID_SOCKET) {
+            failed_call = "socket";
+            goto nextres;
+        }
 # if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)
-    if (type == SOCK_STREAM) {
-        i = 0;
-        i = setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, (char *)&i, sizeof(i));
-        if (i < 0) {
-            closesocket(s);
-            perror("keepalive");
-            return (0);
+        if (type == SOCK_STREAM) {
+            int i = 0;
+            i = setsockopt(s, SOL_SOCKET, SO_KEEPALIVE,
+                           (char *)&i, sizeof(i));
+            if (i < 0) {
+                failed_call = "keepalive";
+                goto nextres;
+            }
         }
-    }
 # endif
-
-    if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) {
-        closesocket(s);
-        perror("connect");
-        return (0);
+        if (connect(s, (struct sockaddr *)res->ai_addr, res->ai_addrlen) == 0) {
+            freeaddrinfo(res0);
+            *sock = s;
+            return (1);
+        }
+
+        failed_call = "socket";
+ nextres:
+        if (s != INVALID_SOCKET)
+            close(s);
+        res = res->ai_next;
     }
-    *sock = s;
-    return (1);
+    freeaddrinfo(res0);
+    closesocket(s);
+
+    perror(failed_call);
+    return (0);
 }
 
-int do_server(int port, int type, int *ret,
+int do_server(char *port, int type, int *ret,
               int (*cb) (char *hostname, int s, int stype,
                          unsigned char *context), unsigned char *context,
               int naccept)
@@ -328,69 +327,89 @@ int do_server(int port, int type, int *r
     }
 }
 
-static int init_server_long(int *sock, int port, char *ip, int type)
+static int init_server(int *sock, char *port, int type)
 {
-    int ret = 0;
-    struct sockaddr_in server;
-    int s = -1;
+    struct addrinfo *res, *res0 = NULL, hints;
+    char *failed_call = NULL;
+    int s = INVALID_SOCKET;
+    int e;
 
     if (!ssl_sock_init())
         return (0);
 
-    memset((char *)&server, 0, sizeof(server));
-    server.sin_family = AF_INET;
-    server.sin_port = htons((unsigned short)port);
-    if (ip == NULL)
-        server.sin_addr.s_addr = INADDR_ANY;
-    else
-/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
-# ifndef BIT_FIELD_LIMITS
-        memcpy(&server.sin_addr.s_addr, ip, 4);
-# else
-        memcpy(&server.sin_addr, ip, 4);
-# endif
-
-    if (type == SOCK_STREAM)
-        s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
-    else                        /* type == SOCK_DGRAM */
-        s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+    memset(&hints, '\0', sizeof(hints));
+    hints.ai_family = AF_INET6;
+ tryipv4:
+    hints.ai_socktype = type;
+    hints.ai_flags = AI_PASSIVE;
+
+    e = getaddrinfo(NULL, port, &hints, &res);
+    if (e) {
+        if (hints.ai_family == AF_INET) {
+            fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
+            if (e == EAI_SYSTEM)
+                perror("getaddrinfo");
+            return (0);
+        } else
+            res = NULL;
+    }
 
-    if (s == INVALID_SOCKET)
-        goto err;
+    res0 = res;
+    while (res) {
+        s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+        if (s == INVALID_SOCKET) {
+            failed_call = "socket";
+            goto nextres;
+        }
+        if (hints.ai_family == AF_INET6) {
+            int j = 0;
+            setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&j, sizeof j);
+        }
 # if defined SOL_SOCKET && defined SO_REUSEADDR
-    {
-        int j = 1;
-        setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j);
-    }
-# endif
-    if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {
-# ifndef OPENSSL_SYS_WINDOWS
-        perror("bind");
+        {
+            int j = 1;
+            setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j);
+        }
 # endif
-        goto err;
+
+        if (bind(s, (struct sockaddr *)res->ai_addr, res->ai_addrlen) == -1) {
+            failed_call = "bind";
+            goto nextres;
+        }
+        if (type == SOCK_STREAM && listen(s, 128) == -1) {
+            failed_call = "listen";
+            goto nextres;
+        }
+
+        *sock = s;
+        return (1);
+
+ nextres:
+        if (s != INVALID_SOCKET)
+            close(s);
+        res = res->ai_next;
     }
-    /* Make it 128 for linux */
-    if (type == SOCK_STREAM && listen(s, 128) == -1)
-        goto err;
-    *sock = s;
-    ret = 1;
- err:
-    if ((ret == 0) && (s != -1)) {
-        SHUTDOWN(s);
+    if (res0)
+        freeaddrinfo(res0);
+
+    if (s == INVALID_SOCKET) {
+        if (hints.ai_family == AF_INET6) {
+            hints.ai_family = AF_INET;
+            goto tryipv4;
+        }
+        perror("socket");
+        return (0);
     }
-    return (ret);
-}
 
-static int init_server(int *sock, int port, int type)
-{
-    return (init_server_long(sock, port, NULL, type));
+    perror(failed_call);
+    return (0);
 }
 
 static int do_accept(int acc_sock, int *sock, char **host)
 {
+    static struct sockaddr_storage from;
+    char buffer[NI_MAXHOST];
     int ret;
-    struct hostent *h1, *h2;
-    static struct sockaddr_in from;
     int len;
 /*      struct linger ling; */
 
@@ -432,134 +451,60 @@ static int do_accept(int acc_sock, int *
     ling.l_onoff=1;
     ling.l_linger=0;
     i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));
-    if (i < 0) { perror("linger"); return(0); }
+    if (i < 0) { closesocket(ret); perror("linger"); return(0); }
     i=0;
     i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
-    if (i < 0) { perror("keepalive"); return(0); }
+    if (i < 0) { closesocket(ret); perror("keepalive"); return(0); }
 */
 
     if (host == NULL)
         goto end;
-# ifndef BIT_FIELD_LIMITS
-    /* I should use WSAAsyncGetHostByName() under windows */
-    h1 = gethostbyaddr((char *)&from.sin_addr.s_addr,
-                       sizeof(from.sin_addr.s_addr), AF_INET);
-# else
-    h1 = gethostbyaddr((char *)&from.sin_addr,
-                       sizeof(struct in_addr), AF_INET);
-# endif
-    if (h1 == NULL) {
-        BIO_printf(bio_err, "bad gethostbyaddr\n");
+
+    if (getnameinfo((struct sockaddr *)&from, sizeof(from),
+                    buffer, sizeof(buffer), NULL, 0, 0)) {
+        BIO_printf(bio_err, "getnameinfo failed\n");
         *host = NULL;
         /* return(0); */
     } else {
-        if ((*host = (char *)OPENSSL_malloc(strlen(h1->h_name) + 1)) == NULL) {
+        if ((*host = (char *)OPENSSL_malloc(strlen(buffer) + 1)) == NULL) {
             perror("OPENSSL_malloc");
             closesocket(ret);
             return (0);
         }
-        BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1);
-
-        h2 = GetHostByName(*host);
-        if (h2 == NULL) {
-            BIO_printf(bio_err, "gethostbyname failure\n");
-            closesocket(ret);
-            return (0);
-        }
-        if (h2->h_addrtype != AF_INET) {
-            BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
-            closesocket(ret);
-            return (0);
-        }
+        strcpy(*host, buffer);
     }
  end:
     *sock = ret;
     return (1);
 }
 
-int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
-                      short *port_ptr)
+int extract_host_port(char *str, char **host_ptr, char **port_ptr)
 {
-    char *h, *p;
+    char *h, *p, *x;
 
-    h = str;
-    p = strchr(str, ':');
+    x = h = str;
+    if (*h == '[') {
+        h++;
+        p = strchr(h, ']');
+        if (p == NULL) {
+            BIO_printf(bio_err, "no ending bracket for IPv6 address\n");
+            return (0);
+        }
+        *(p++) = '\0';
+        x = p;
+    }
+    p = strchr(x, ':');
     if (p == NULL) {
         BIO_printf(bio_err, "no port defined\n");
         return (0);
     }
     *(p++) = '\0';
 
-    if ((ip != NULL) && !host_ip(str, ip))
-        goto err;
     if (host_ptr != NULL)
         *host_ptr = h;
+    if (port_ptr != NULL)
+        *port_ptr = p;
 
-    if (!extract_port(p, port_ptr))
-        goto err;
-    return (1);
- err:
-    return (0);
-}
-
-static int host_ip(char *str, unsigned char ip[4])
-{
-    unsigned int in[4];
-    int i;
-
-    if (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) ==
-        4) {
-        for (i = 0; i < 4; i++)
-            if (in[i] > 255) {
-                BIO_printf(bio_err, "invalid IP address\n");
-                goto err;
-            }
-        ip[0] = in[0];
-        ip[1] = in[1];
-        ip[2] = in[2];
-        ip[3] = in[3];
-    } else {                    /* do a gethostbyname */
-        struct hostent *he;
-
-        if (!ssl_sock_init())
-            return (0);
-
-        he = GetHostByName(str);
-        if (he == NULL) {
-            BIO_printf(bio_err, "gethostbyname failure\n");
-            goto err;
-        }
-        /* cast to short because of win16 winsock definition */
-        if ((short)he->h_addrtype != AF_INET) {
-            BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
-            return (0);
-        }
-        ip[0] = he->h_addr_list[0][0];
-        ip[1] = he->h_addr_list[0][1];
-        ip[2] = he->h_addr_list[0][2];
-        ip[3] = he->h_addr_list[0][3];
-    }
-    return (1);
- err:
-    return (0);
-}
-
-int extract_port(char *str, short *port_ptr)
-{
-    int i;
-    struct servent *s;
-
-    i = atoi(str);
-    if (i != 0)
-        *port_ptr = (unsigned short)i;
-    else {
-        s = getservbyname(str, "tcp");
-        if (s == NULL) {
-            BIO_printf(bio_err, "getservbyname failure for %s\n", str);
-            return (0);
-        }
-        *port_ptr = ntohs((unsigned short)s->s_port);
-    }
     return (1);
 }