openssl/openssl-1.0.2a-ipv6-apps.patch
Dominique Leuenberger bdf3209e96 Accepting request 310849 from Base:System
- update to 1.0.2a
  * Major changes since 1.0.1:
    - Suite B support for TLS 1.2 and DTLS 1.2
    - Support for DTLS 1.2
    - TLS automatic EC curve selection.
    - API to set TLS supported signature algorithms and curves
    - SSL_CONF configuration API.
    - TLS Brainpool support.
    - ALPN support.
    - CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH.
- packaging changes:
  * merged patches modifying CIPHER_LIST into one, dropping:
    - openssl-1.0.1e-add-suse-default-cipher-header.patch
    - openssl-libssl-noweakciphers.patch
  * fix a manpage with invalid name
    - added openssl-fix_invalid_manpage_name.patch
  * remove a missing fips function
    - openssl-missing_FIPS_ec_group_new_by_curve_name.patch
  * reimported patches from Fedora
    dropped patches:
    - openssl-1.0.1c-default-paths.patch
    - openssl-1.0.1c-ipv6-apps.patch
    - openssl-1.0.1e-fips-ctor.patch
    - openssl-1.0.1e-fips-ec.patch
    - openssl-1.0.1e-fips.patch
    - openssl-1.0.1e-new-fips-reqs.patch
    - VIA_padlock_support_on_64systems.patch
    added patches:
    - openssl-1.0.2a-default-paths.patch
    - openssl-1.0.2a-fips-ctor.patch (forwarded request 309611 from vitezslav_cizek)

OBS-URL: https://build.opensuse.org/request/show/310849
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=127
2015-06-08 06:25:56 +00:00

526 lines
16 KiB
Diff

diff -up openssl-1.0.2a/apps/s_apps.h.ipv6-apps openssl-1.0.2a/apps/s_apps.h
--- openssl-1.0.2a/apps/s_apps.h.ipv6-apps 2015-04-20 15:01:24.029120104 +0200
+++ openssl-1.0.2a/apps/s_apps.h 2015-04-20 15:05:00.353137701 +0200
@@ -151,7 +151,7 @@ typedef fd_mask fd_set;
#define PORT_STR "4433"
#define PROTOCOL "tcp"
-int do_server(int port, int type, int *ret,
+int do_server(char *port, int type, int *ret,
int (*cb) (char *hostname, int s, int stype,
unsigned char *context), unsigned char *context,
int naccept);
@@ -167,11 +167,10 @@ int ssl_print_point_formats(BIO *out, SS
int ssl_print_curves(BIO *out, SSL *s, int noshared);
#endif
int ssl_print_tmp_key(BIO *out, SSL *s);
-int init_client(int *sock, char *server, int port, int type);
+int init_client(int *sock, char *server, char *port, int type);
int should_retry(int i);
int extract_port(char *str, short *port_ptr);
-int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
- short *p);
+int extract_host_port(char *str, char **host_ptr, char **port_ptr);
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
int argi, long argl, long ret);
diff -up openssl-1.0.2a/apps/s_client.c.ipv6-apps openssl-1.0.2a/apps/s_client.c
--- openssl-1.0.2a/apps/s_client.c.ipv6-apps 2015-04-20 15:01:24.022119942 +0200
+++ openssl-1.0.2a/apps/s_client.c 2015-04-20 15:06:42.338503234 +0200
@@ -662,7 +662,7 @@ int MAIN(int argc, char **argv)
int cbuf_len, cbuf_off;
int sbuf_len, sbuf_off;
fd_set readfds, writefds;
- short port = PORT;
+ char *port_str = PORT_STR;
int full_log = 1;
char *host = SSL_HOST_NAME;
char *cert_file = NULL, *key_file = NULL, *chain_file = NULL;
@@ -785,13 +785,11 @@ int MAIN(int argc, char **argv)
} else if (strcmp(*argv, "-port") == 0) {
if (--argc < 1)
goto bad;
- port = atoi(*(++argv));
- if (port == 0)
- goto bad;
+ port_str = *(++argv);
} else if (strcmp(*argv, "-connect") == 0) {
if (--argc < 1)
goto bad;
- if (!extract_host_port(*(++argv), &host, NULL, &port))
+ if (!extract_host_port(*(++argv), &host, &port_str))
goto bad;
} else if (strcmp(*argv, "-verify") == 0) {
verify = SSL_VERIFY_PEER;
@@ -1417,7 +1415,7 @@ int MAIN(int argc, char **argv)
re_start:
- if (init_client(&s, host, port, socket_type) == 0) {
+ if (init_client(&s, host, port_str, socket_type) == 0) {
BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error());
SHUTDOWN(s);
goto end;
diff -up openssl-1.0.2a/apps/s_server.c.ipv6-apps openssl-1.0.2a/apps/s_server.c
--- openssl-1.0.2a/apps/s_server.c.ipv6-apps 2015-04-20 15:01:24.030120127 +0200
+++ openssl-1.0.2a/apps/s_server.c 2015-04-20 15:10:47.245187746 +0200
@@ -1061,7 +1061,7 @@ int MAIN(int argc, char *argv[])
{
X509_VERIFY_PARAM *vpm = NULL;
int badarg = 0;
- short port = PORT;
+ char *port_str = PORT_STR;
char *CApath = NULL, *CAfile = NULL;
char *chCApath = NULL, *chCAfile = NULL;
char *vfyCApath = NULL, *vfyCAfile = NULL;
@@ -1148,7 +1148,8 @@ int MAIN(int argc, char *argv[])
if ((strcmp(*argv, "-port") == 0) || (strcmp(*argv, "-accept") == 0)) {
if (--argc < 1)
goto bad;
- if (!extract_port(*(++argv), &port))
+ port_str = *(++argv);
+ if (port_str == NULL || *port_str == '\0')
goto bad;
} else if (strcmp(*argv, "-naccept") == 0) {
if (--argc < 1)
@@ -2020,13 +2021,13 @@ int MAIN(int argc, char *argv[])
BIO_printf(bio_s_out, "ACCEPT\n");
(void)BIO_flush(bio_s_out);
if (rev)
- do_server(port, socket_type, &accept_socket, rev_body, context,
+ do_server(port_str, socket_type, &accept_socket, rev_body, context,
naccept);
else if (www)
- do_server(port, socket_type, &accept_socket, www_body, context,
+ do_server(port_str, socket_type, &accept_socket, www_body, context,
naccept);
else
- do_server(port, socket_type, &accept_socket, sv_body, context,
+ do_server(port_str, socket_type, &accept_socket, sv_body, context,
naccept);
print_stats(bio_s_out, ctx);
ret = 0;
diff -up openssl-1.0.2a/apps/s_socket.c.ipv6-apps openssl-1.0.2a/apps/s_socket.c
--- openssl-1.0.2a/apps/s_socket.c.ipv6-apps 2015-03-19 14:30:36.000000000 +0100
+++ openssl-1.0.2a/apps/s_socket.c 2015-04-20 15:32:53.960079507 +0200
@@ -106,9 +106,7 @@ static struct hostent *GetHostByName(cha
static void ssl_sock_cleanup(void);
# endif
static int ssl_sock_init(void);
-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type);
-static int init_server(int *sock, int port, int type);
-static int init_server_long(int *sock, int port, char *ip, int type);
+static int init_server(int *sock, char *port, int type);
static int do_accept(int acc_sock, int *sock, char **host);
static int host_ip(char *str, unsigned char ip[4]);
@@ -231,65 +229,66 @@ static int ssl_sock_init(void)
return (1);
}
-int init_client(int *sock, char *host, int port, int type)
+int init_client(int *sock, char *host, char *port, int type)
{
- unsigned char ip[4];
-
- memset(ip, '\0', sizeof ip);
- if (!host_ip(host, &(ip[0])))
- return 0;
- return init_client_ip(sock, ip, port, type);
-}
-
-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
-{
- unsigned long addr;
- struct sockaddr_in them;
- int s, i;
+ struct addrinfo *res, *res0, hints;
+ char *failed_call = NULL;
+ int s;
+ int e;
if (!ssl_sock_init())
return (0);
- memset((char *)&them, 0, sizeof(them));
- them.sin_family = AF_INET;
- them.sin_port = htons((unsigned short)port);
- addr = (unsigned long)
- ((unsigned long)ip[0] << 24L) |
- ((unsigned long)ip[1] << 16L) |
- ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]);
- them.sin_addr.s_addr = htonl(addr);
-
- if (type == SOCK_STREAM)
- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
- else /* ( type == SOCK_DGRAM) */
- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
-
- if (s == INVALID_SOCKET) {
- perror("socket");
+ memset(&hints, '\0', sizeof(hints));
+ hints.ai_socktype = type;
+ hints.ai_flags = AI_ADDRCONFIG;
+
+ e = getaddrinfo(host, port, &hints, &res);
+ if (e) {
+ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
+ if (e == EAI_SYSTEM)
+ perror("getaddrinfo");
return (0);
}
+
+ res0 = res;
+ while (res) {
+ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+ if (s == INVALID_SOCKET) {
+ failed_call = "socket";
+ goto nextres;
+ }
# if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)
- if (type == SOCK_STREAM) {
- i = 0;
- i = setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, (char *)&i, sizeof(i));
- if (i < 0) {
- closesocket(s);
- perror("keepalive");
- return (0);
+ if (type == SOCK_STREAM) {
+ int i = 0;
+ i = setsockopt(s, SOL_SOCKET, SO_KEEPALIVE,
+ (char *)&i, sizeof(i));
+ if (i < 0) {
+ failed_call = "keepalive";
+ goto nextres;
+ }
}
- }
# endif
-
- if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) {
- closesocket(s);
- perror("connect");
- return (0);
+ if (connect(s, (struct sockaddr *)res->ai_addr, res->ai_addrlen) == 0) {
+ freeaddrinfo(res0);
+ *sock = s;
+ return (1);
+ }
+
+ failed_call = "socket";
+ nextres:
+ if (s != INVALID_SOCKET)
+ close(s);
+ res = res->ai_next;
}
- *sock = s;
- return (1);
+ freeaddrinfo(res0);
+ closesocket(s);
+
+ perror(failed_call);
+ return (0);
}
-int do_server(int port, int type, int *ret,
+int do_server(char *port, int type, int *ret,
int (*cb) (char *hostname, int s, int stype,
unsigned char *context), unsigned char *context,
int naccept)
@@ -328,69 +327,89 @@ int do_server(int port, int type, int *r
}
}
-static int init_server_long(int *sock, int port, char *ip, int type)
+static int init_server(int *sock, char *port, int type)
{
- int ret = 0;
- struct sockaddr_in server;
- int s = -1;
+ struct addrinfo *res, *res0 = NULL, hints;
+ char *failed_call = NULL;
+ int s = INVALID_SOCKET;
+ int e;
if (!ssl_sock_init())
return (0);
- memset((char *)&server, 0, sizeof(server));
- server.sin_family = AF_INET;
- server.sin_port = htons((unsigned short)port);
- if (ip == NULL)
- server.sin_addr.s_addr = INADDR_ANY;
- else
-/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
-# ifndef BIT_FIELD_LIMITS
- memcpy(&server.sin_addr.s_addr, ip, 4);
-# else
- memcpy(&server.sin_addr, ip, 4);
-# endif
-
- if (type == SOCK_STREAM)
- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
- else /* type == SOCK_DGRAM */
- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+ memset(&hints, '\0', sizeof(hints));
+ hints.ai_family = AF_INET6;
+ tryipv4:
+ hints.ai_socktype = type;
+ hints.ai_flags = AI_PASSIVE;
+
+ e = getaddrinfo(NULL, port, &hints, &res);
+ if (e) {
+ if (hints.ai_family == AF_INET) {
+ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
+ if (e == EAI_SYSTEM)
+ perror("getaddrinfo");
+ return (0);
+ } else
+ res = NULL;
+ }
- if (s == INVALID_SOCKET)
- goto err;
+ res0 = res;
+ while (res) {
+ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+ if (s == INVALID_SOCKET) {
+ failed_call = "socket";
+ goto nextres;
+ }
+ if (hints.ai_family == AF_INET6) {
+ int j = 0;
+ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&j, sizeof j);
+ }
# if defined SOL_SOCKET && defined SO_REUSEADDR
- {
- int j = 1;
- setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j);
- }
-# endif
- if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {
-# ifndef OPENSSL_SYS_WINDOWS
- perror("bind");
+ {
+ int j = 1;
+ setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j);
+ }
# endif
- goto err;
+
+ if (bind(s, (struct sockaddr *)res->ai_addr, res->ai_addrlen) == -1) {
+ failed_call = "bind";
+ goto nextres;
+ }
+ if (type == SOCK_STREAM && listen(s, 128) == -1) {
+ failed_call = "listen";
+ goto nextres;
+ }
+
+ *sock = s;
+ return (1);
+
+ nextres:
+ if (s != INVALID_SOCKET)
+ close(s);
+ res = res->ai_next;
}
- /* Make it 128 for linux */
- if (type == SOCK_STREAM && listen(s, 128) == -1)
- goto err;
- *sock = s;
- ret = 1;
- err:
- if ((ret == 0) && (s != -1)) {
- SHUTDOWN(s);
+ if (res0)
+ freeaddrinfo(res0);
+
+ if (s == INVALID_SOCKET) {
+ if (hints.ai_family == AF_INET6) {
+ hints.ai_family = AF_INET;
+ goto tryipv4;
+ }
+ perror("socket");
+ return (0);
}
- return (ret);
-}
-static int init_server(int *sock, int port, int type)
-{
- return (init_server_long(sock, port, NULL, type));
+ perror(failed_call);
+ return (0);
}
static int do_accept(int acc_sock, int *sock, char **host)
{
+ static struct sockaddr_storage from;
+ char buffer[NI_MAXHOST];
int ret;
- struct hostent *h1, *h2;
- static struct sockaddr_in from;
int len;
/* struct linger ling; */
@@ -432,134 +451,60 @@ static int do_accept(int acc_sock, int *
ling.l_onoff=1;
ling.l_linger=0;
i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));
- if (i < 0) { perror("linger"); return(0); }
+ if (i < 0) { closesocket(ret); perror("linger"); return(0); }
i=0;
i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
- if (i < 0) { perror("keepalive"); return(0); }
+ if (i < 0) { closesocket(ret); perror("keepalive"); return(0); }
*/
if (host == NULL)
goto end;
-# ifndef BIT_FIELD_LIMITS
- /* I should use WSAAsyncGetHostByName() under windows */
- h1 = gethostbyaddr((char *)&from.sin_addr.s_addr,
- sizeof(from.sin_addr.s_addr), AF_INET);
-# else
- h1 = gethostbyaddr((char *)&from.sin_addr,
- sizeof(struct in_addr), AF_INET);
-# endif
- if (h1 == NULL) {
- BIO_printf(bio_err, "bad gethostbyaddr\n");
+
+ if (getnameinfo((struct sockaddr *)&from, sizeof(from),
+ buffer, sizeof(buffer), NULL, 0, 0)) {
+ BIO_printf(bio_err, "getnameinfo failed\n");
*host = NULL;
/* return(0); */
} else {
- if ((*host = (char *)OPENSSL_malloc(strlen(h1->h_name) + 1)) == NULL) {
+ if ((*host = (char *)OPENSSL_malloc(strlen(buffer) + 1)) == NULL) {
perror("OPENSSL_malloc");
closesocket(ret);
return (0);
}
- BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1);
-
- h2 = GetHostByName(*host);
- if (h2 == NULL) {
- BIO_printf(bio_err, "gethostbyname failure\n");
- closesocket(ret);
- return (0);
- }
- if (h2->h_addrtype != AF_INET) {
- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
- closesocket(ret);
- return (0);
- }
+ strcpy(*host, buffer);
}
end:
*sock = ret;
return (1);
}
-int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
- short *port_ptr)
+int extract_host_port(char *str, char **host_ptr, char **port_ptr)
{
- char *h, *p;
+ char *h, *p, *x;
- h = str;
- p = strchr(str, ':');
+ x = h = str;
+ if (*h == '[') {
+ h++;
+ p = strchr(h, ']');
+ if (p == NULL) {
+ BIO_printf(bio_err, "no ending bracket for IPv6 address\n");
+ return (0);
+ }
+ *(p++) = '\0';
+ x = p;
+ }
+ p = strchr(x, ':');
if (p == NULL) {
BIO_printf(bio_err, "no port defined\n");
return (0);
}
*(p++) = '\0';
- if ((ip != NULL) && !host_ip(str, ip))
- goto err;
if (host_ptr != NULL)
*host_ptr = h;
+ if (port_ptr != NULL)
+ *port_ptr = p;
- if (!extract_port(p, port_ptr))
- goto err;
- return (1);
- err:
- return (0);
-}
-
-static int host_ip(char *str, unsigned char ip[4])
-{
- unsigned int in[4];
- int i;
-
- if (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) ==
- 4) {
- for (i = 0; i < 4; i++)
- if (in[i] > 255) {
- BIO_printf(bio_err, "invalid IP address\n");
- goto err;
- }
- ip[0] = in[0];
- ip[1] = in[1];
- ip[2] = in[2];
- ip[3] = in[3];
- } else { /* do a gethostbyname */
- struct hostent *he;
-
- if (!ssl_sock_init())
- return (0);
-
- he = GetHostByName(str);
- if (he == NULL) {
- BIO_printf(bio_err, "gethostbyname failure\n");
- goto err;
- }
- /* cast to short because of win16 winsock definition */
- if ((short)he->h_addrtype != AF_INET) {
- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
- return (0);
- }
- ip[0] = he->h_addr_list[0][0];
- ip[1] = he->h_addr_list[0][1];
- ip[2] = he->h_addr_list[0][2];
- ip[3] = he->h_addr_list[0][3];
- }
- return (1);
- err:
- return (0);
-}
-
-int extract_port(char *str, short *port_ptr)
-{
- int i;
- struct servent *s;
-
- i = atoi(str);
- if (i != 0)
- *port_ptr = (unsigned short)i;
- else {
- s = getservbyname(str, "tcp");
- if (s == NULL) {
- BIO_printf(bio_err, "getservbyname failure for %s\n", str);
- return (0);
- }
- *port_ptr = ntohs((unsigned short)s->s_port);
- }
return (1);
}