]> git.ipfire.org Git - people/ms/ipfire-3.x.git/blob - openssl/patches/openssl-1.0.1h-ipv6-apps.patch
projects / people / ms / ipfire-3.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
paxctl: Update to 0.8.
[people/ms/ipfire-3.x.git] / openssl / patches / openssl-1.0.1h-ipv6-apps.patch
1 diff -up openssl-1.0.1h/apps/s_apps.h.ipv6-apps openssl-1.0.1h/apps/s_apps.h
2 --- openssl-1.0.1h/apps/s_apps.h.ipv6-apps 2014-06-05 14:33:38.515668750 +0200
3 +++ openssl-1.0.1h/apps/s_apps.h 2014-06-05 14:33:38.540669335 +0200
4 @@ -148,7 +148,7 @@ typedef fd_mask fd_set;
5 #define PORT_STR "4433"
6 #define PROTOCOL "tcp"
7
8 -int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
9 +int do_server(char *port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
10 #ifdef HEADER_X509_H
11 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
12 #endif
13 @@ -156,10 +156,9 @@ int MS_CALLBACK verify_callback(int ok,
14 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
15 int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
16 #endif
17 -int init_client(int *sock, char *server, int port, int type);
18 +int init_client(int *sock, char *server, char *port, int type);
19 int should_retry(int i);
20 -int extract_port(char *str, short *port_ptr);
21 -int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
22 +int extract_host_port(char *str,char **host_ptr,char **port_ptr);
23
24 long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
25 int argi, long argl, long ret);
26 diff -up openssl-1.0.1h/apps/s_client.c.ipv6-apps openssl-1.0.1h/apps/s_client.c
27 --- openssl-1.0.1h/apps/s_client.c.ipv6-apps 2014-06-05 14:33:38.533669171 +0200
28 +++ openssl-1.0.1h/apps/s_client.c 2014-06-05 14:33:38.540669335 +0200
29 @@ -567,7 +567,7 @@ int MAIN(int argc, char **argv)
30 int cbuf_len,cbuf_off;
31 int sbuf_len,sbuf_off;
32 fd_set readfds,writefds;
33 - short port=PORT;
34 + char *port_str = PORT_STR;
35 int full_log=1;
36 char *host=SSL_HOST_NAME;
37 char *cert_file=NULL,*key_file=NULL;
38 @@ -668,13 +668,12 @@ int MAIN(int argc, char **argv)
39 else if (strcmp(*argv,"-port") == 0)
40 {
41 if (--argc < 1) goto bad;
42 - port=atoi(*(++argv));
43 - if (port == 0) goto bad;
44 + port_str= *(++argv);
45 }
46 else if (strcmp(*argv,"-connect") == 0)
47 {
48 if (--argc < 1) goto bad;
49 - if (!extract_host_port(*(++argv),&host,NULL,&port))
50 + if (!extract_host_port(*(++argv),&host,&port_str))
51 goto bad;
52 }
53 else if (strcmp(*argv,"-verify") == 0)
54 @@ -1267,7 +1266,7 @@ bad:
55
56 re_start:
57
58 - if (init_client(&s,host,port,socket_type) == 0)
59 + if (init_client(&s,host,port_str,socket_type) == 0)
60 {
61 BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
62 SHUTDOWN(s);
63 diff -up openssl-1.0.1h/apps/s_server.c.ipv6-apps openssl-1.0.1h/apps/s_server.c
64 --- openssl-1.0.1h/apps/s_server.c.ipv6-apps 2014-06-05 14:33:38.533669171 +0200
65 +++ openssl-1.0.1h/apps/s_server.c 2014-06-05 14:33:38.541669358 +0200
66 @@ -933,7 +933,7 @@ int MAIN(int argc, char *argv[])
67 {
68 X509_VERIFY_PARAM *vpm = NULL;
69 int badarg = 0;
70 - short port=PORT;
71 + char *port_str = PORT_STR;
72 char *CApath=NULL,*CAfile=NULL;
73 unsigned char *context = NULL;
74 char *dhfile = NULL;
75 @@ -1004,8 +1004,7 @@ int MAIN(int argc, char *argv[])
76 (strcmp(*argv,"-accept") == 0))
77 {
78 if (--argc < 1) goto bad;
79 - if (!extract_port(*(++argv),&port))
80 - goto bad;
81 + port_str= *(++argv);
82 }
83 else if (strcmp(*argv,"-verify") == 0)
84 {
85 @@ -1892,9 +1891,9 @@ bad:
86 BIO_printf(bio_s_out,"ACCEPT\n");
87 (void)BIO_flush(bio_s_out);
88 if (www)
89 - do_server(port,socket_type,&accept_socket,www_body, context);
90 + do_server(port_str,socket_type,&accept_socket,www_body, context);
91 else
92 - do_server(port,socket_type,&accept_socket,sv_body, context);
93 + do_server(port_str,socket_type,&accept_socket,sv_body, context);
94 print_stats(bio_s_out,ctx);
95 ret=0;
96 end:
97 diff -up openssl-1.0.1h/apps/s_socket.c.ipv6-apps openssl-1.0.1h/apps/s_socket.c
98 --- openssl-1.0.1h/apps/s_socket.c.ipv6-apps 2014-06-05 11:44:33.000000000 +0200
99 +++ openssl-1.0.1h/apps/s_socket.c 2014-06-05 14:39:53.226442195 +0200
100 @@ -102,9 +102,7 @@ static struct hostent *GetHostByName(cha
101 static void ssl_sock_cleanup(void);
102 #endif
103 static int ssl_sock_init(void);
104 -static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
105 -static int init_server(int *sock, int port, int type);
106 -static int init_server_long(int *sock, int port,char *ip, int type);
107 +static int init_server(int *sock, char *port, int type);
108 static int do_accept(int acc_sock, int *sock, char **host);
109 static int host_ip(char *str, unsigned char ip[4]);
110
111 @@ -234,57 +232,71 @@ static int ssl_sock_init(void)
112 return(1);
113 }
114
115 -int init_client(int *sock, char *host, int port, int type)
116 +int init_client(int *sock, char *host, char *port, int type)
117 {
118 - unsigned char ip[4];
119 -
120 - memset(ip, '\0', sizeof ip);
121 - if (!host_ip(host,&(ip[0])))
122 - return 0;
123 - return init_client_ip(sock,ip,port,type);
124 - }
125 -
126 -static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
127 - {
128 - unsigned long addr;
129 - struct sockaddr_in them;
130 - int s,i;
131 + struct addrinfo *res, *res0, hints;
132 + char * failed_call = NULL;
133 + int s;
134 + int e;
135
136 if (!ssl_sock_init()) return(0);
137
138 - memset((char *)&them,0,sizeof(them));
139 - them.sin_family=AF_INET;
140 - them.sin_port=htons((unsigned short)port);
141 - addr=(unsigned long)
142 - ((unsigned long)ip[0]<<24L)|
143 - ((unsigned long)ip[1]<<16L)|
144 - ((unsigned long)ip[2]<< 8L)|
145 - ((unsigned long)ip[3]);
146 - them.sin_addr.s_addr=htonl(addr);
147 -
148 - if (type == SOCK_STREAM)
149 - s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
150 - else /* ( type == SOCK_DGRAM) */
151 - s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
152 -
153 - if (s == INVALID_SOCKET) { perror("socket"); return(0); }
154 + memset(&hints, '\0', sizeof(hints));
155 + hints.ai_socktype = type;
156 + hints.ai_flags = AI_ADDRCONFIG;
157 +
158 + e = getaddrinfo(host, port, &hints, &res);
159 + if (e)
160 + {
161 + fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
162 + if (e == EAI_SYSTEM)
163 + perror("getaddrinfo");
164 + return (0);
165 + }
166
167 + res0 = res;
168 + while (res)
169 + {
170 + s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
171 + if (s == INVALID_SOCKET)
172 + {
173 + failed_call = "socket";
174 + goto nextres;
175 + }
176 #if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)
177 if (type == SOCK_STREAM)
178 {
179 - i=0;
180 - i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
181 - if (i < 0) { closesocket(s); perror("keepalive"); return(0); }
182 + int i=0;
183 + i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,
184 + (char *)&i,sizeof(i));
185 + if (i < 0) {
186 + failed_call = "keepalive";
187 + goto nextres;
188 + }
189 }
190 #endif
191 -
192 - if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
193 - { closesocket(s); perror("connect"); return(0); }
194 + if (connect(s,(struct sockaddr *)res->ai_addr,
195 + res->ai_addrlen) == 0)
196 + {
197 + freeaddrinfo(res0);
198 *sock=s;
199 return(1);
200 }
201
202 -int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
203 + failed_call = "socket";
204 +nextres:
205 + if (s != INVALID_SOCKET)
206 + close(s);
207 + res = res->ai_next;
208 + }
209 + freeaddrinfo(res0);
210 + closesocket(s);
211 +
212 + perror(failed_call);
213 + return(0);
214 + }
215 +
216 +int do_server(char *port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
217 {
218 int sock;
219 char *name = NULL;
220 @@ -322,33 +334,50 @@ int do_server(int port, int type, int *r
221 }
222 }
223
224 -static int init_server_long(int *sock, int port, char *ip, int type)
225 +static int init_server(int *sock, char *port, int type)
226 {
227 - int ret=0;
228 - struct sockaddr_in server;
229 - int s= -1;
230 + struct addrinfo *res, *res0 = NULL, hints;
231 + char * failed_call = NULL;
232 + int s = INVALID_SOCKET;
233 + int e;
234
235 if (!ssl_sock_init()) return(0);
236
237 - memset((char *)&server,0,sizeof(server));
238 - server.sin_family=AF_INET;
239 - server.sin_port=htons((unsigned short)port);
240 - if (ip == NULL)
241 - server.sin_addr.s_addr=INADDR_ANY;
242 - else
243 -/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
244 -#ifndef BIT_FIELD_LIMITS
245 - memcpy(&server.sin_addr.s_addr,ip,4);
246 -#else
247 - memcpy(&server.sin_addr,ip,4);
248 -#endif
249 + memset(&hints, '\0', sizeof(hints));
250 + hints.ai_family = AF_INET6;
251 +tryipv4:
252 + hints.ai_socktype = type;
253 + hints.ai_flags = AI_PASSIVE;
254
255 - if (type == SOCK_STREAM)
256 - s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
257 - else /* type == SOCK_DGRAM */
258 - s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
259 + e = getaddrinfo(NULL, port, &hints, &res);
260 + if (e)
261 + {
262 + if (hints.ai_family == AF_INET)
263 + {
264 + fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
265 + if (e == EAI_SYSTEM)
266 + perror("getaddrinfo");
267 + return (0);
268 + }
269 + else
270 + res = NULL;
271 + }
272
273 - if (s == INVALID_SOCKET) goto err;
274 + res0 = res;
275 + while (res)
276 + {
277 + s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
278 + if (s == INVALID_SOCKET)
279 + {
280 + failed_call = "socket";
281 + goto nextres;
282 + }
283 + if (hints.ai_family == AF_INET6)
284 + {
285 + int j = 0;
286 + setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
287 + (void *) &j, sizeof j);
288 + }
289 #if defined SOL_SOCKET && defined SO_REUSEADDR
290 {
291 int j = 1;
292 @@ -356,35 +385,49 @@ static int init_server_long(int *sock, i
293 (void *) &j, sizeof j);
294 }
295 #endif
296 - if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
297 +
298 + if (bind(s,(struct sockaddr *)res->ai_addr, res->ai_addrlen) == -1)
299 {
300 -#ifndef OPENSSL_SYS_WINDOWS
301 - perror("bind");
302 -#endif
303 - goto err;
304 + failed_call = "bind";
305 + goto nextres;
306 }
307 - /* Make it 128 for linux */
308 - if (type==SOCK_STREAM && listen(s,128) == -1) goto err;
309 - *sock=s;
310 - ret=1;
311 -err:
312 - if ((ret == 0) && (s != -1))
313 + if (type==SOCK_STREAM && listen(s,128) == -1)
314 {
315 - SHUTDOWN(s);
316 + failed_call = "listen";
317 + goto nextres;
318 }
319 - return(ret);
320 +
321 + *sock=s;
322 + return(1);
323 +
324 +nextres:
325 + if (s != INVALID_SOCKET)
326 + close(s);
327 + res = res->ai_next;
328 }
329 + if (res0)
330 + freeaddrinfo(res0);
331
332 -static int init_server(int *sock, int port, int type)
333 + if (s == INVALID_SOCKET)
334 {
335 - return(init_server_long(sock, port, NULL, type));
336 + if (hints.ai_family == AF_INET6)
337 + {
338 + hints.ai_family = AF_INET;
339 + goto tryipv4;
340 + }
341 + perror("socket");
342 + return(0);
343 + }
344 +
345 + perror(failed_call);
346 + return(0);
347 }
348
349 static int do_accept(int acc_sock, int *sock, char **host)
350 {
351 + static struct sockaddr_storage from;
352 + char buffer[NI_MAXHOST];
353 int ret;
354 - struct hostent *h1,*h2;
355 - static struct sockaddr_in from;
356 int len;
357 /* struct linger ling; */
358
359 @@ -424,145 +467,66 @@ redoit:
360 ling.l_onoff=1;
361 ling.l_linger=0;
362 i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));
363 - if (i < 0) { perror("linger"); return(0); }
364 + if (i < 0) { closesocket(ret); perror("linger"); return(0); }
365 i=0;
366 i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
367 - if (i < 0) { perror("keepalive"); return(0); }
368 + if (i < 0) { closesocket(ret); perror("keepalive"); return(0); }
369 */
370
371 if (host == NULL) goto end;
372 -#ifndef BIT_FIELD_LIMITS
373 - /* I should use WSAAsyncGetHostByName() under windows */
374 - h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
375 - sizeof(from.sin_addr.s_addr),AF_INET);
376 -#else
377 - h1=gethostbyaddr((char *)&from.sin_addr,
378 - sizeof(struct in_addr),AF_INET);
379 -#endif
380 - if (h1 == NULL)
381 +
382 + if (getnameinfo((struct sockaddr *)&from, sizeof(from),
383 + buffer, sizeof(buffer),
384 + NULL, 0, 0))
385 {
386 - BIO_printf(bio_err,"bad gethostbyaddr\n");
387 + BIO_printf(bio_err,"getnameinfo failed\n");
388 *host=NULL;
389 /* return(0); */
390 }
391 else
392 {
393 - if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
394 + if ((*host=(char *)OPENSSL_malloc(strlen(buffer)+1)) == NULL)
395 {
396 perror("OPENSSL_malloc");
397 closesocket(ret);
398 return(0);
399 }
400 - BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
401 -
402 - h2=GetHostByName(*host);
403 - if (h2 == NULL)
404 - {
405 - BIO_printf(bio_err,"gethostbyname failure\n");
406 - closesocket(ret);
407 - return(0);
408 - }
409 - if (h2->h_addrtype != AF_INET)
410 - {
411 - BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
412 - closesocket(ret);
413 - return(0);
414 - }
415 + strcpy(*host, buffer);
416 }
417 end:
418 *sock=ret;
419 return(1);
420 }
421
422 -int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
423 - short *port_ptr)
424 +int extract_host_port(char *str, char **host_ptr,
425 + char **port_ptr)
426 {
427 - char *h,*p;
428 + char *h,*p,*x;
429
430 - h=str;
431 - p=strchr(str,':');
432 + x=h=str;
433 + if (*h == '[')
434 + {
435 + h++;
436 + p=strchr(h,']');
437 if (p == NULL)
438 {
439 - BIO_printf(bio_err,"no port defined\n");
440 + BIO_printf(bio_err,"no ending bracket for IPv6 address\n");
441 return(0);
442 }
443 *(p++)='\0';
444 -
445 - if ((ip != NULL) && !host_ip(str,ip))
446 - goto err;
447 - if (host_ptr != NULL) *host_ptr=h;
448 -
449 - if (!extract_port(p,port_ptr))
450 - goto err;
451 - return(1);
452 -err:
453 - return(0);
454 + x = p;
455 }
456 -
457 -static int host_ip(char *str, unsigned char ip[4])
458 - {
459 - unsigned int in[4];
460 - int i;
461 -
462 - if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
463 - {
464 - for (i=0; i<4; i++)
465 - if (in[i] > 255)
466 - {
467 - BIO_printf(bio_err,"invalid IP address\n");
468 - goto err;
469 - }
470 - ip[0]=in[0];
471 - ip[1]=in[1];
472 - ip[2]=in[2];
473 - ip[3]=in[3];
474 - }
475 - else
476 - { /* do a gethostbyname */
477 - struct hostent *he;
478 -
479 - if (!ssl_sock_init()) return(0);
480 -
481 - he=GetHostByName(str);
482 - if (he == NULL)
483 - {
484 - BIO_printf(bio_err,"gethostbyname failure\n");
485 - goto err;
486 - }
487 - /* cast to short because of win16 winsock definition */
488 - if ((short)he->h_addrtype != AF_INET)
489 + p=strchr(x,':');
490 + if (p == NULL)
491 {
492 - BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
493 - return(0);
494 - }
495 - ip[0]=he->h_addr_list[0][0];
496 - ip[1]=he->h_addr_list[0][1];
497 - ip[2]=he->h_addr_list[0][2];
498 - ip[3]=he->h_addr_list[0][3];
499 - }
500 - return(1);
501 -err:
502 + BIO_printf(bio_err,"no port defined\n");
503 return(0);
504 }
505 + *(p++)='\0';
506
507 -int extract_port(char *str, short *port_ptr)
508 - {
509 - int i;
510 - struct servent *s;
511 + if (host_ptr != NULL) *host_ptr=h;
512 + if (port_ptr != NULL) *port_ptr=p;
513
514 - i=atoi(str);
515 - if (i != 0)
516 - *port_ptr=(unsigned short)i;
517 - else
518 - {
519 - s=getservbyname(str,"tcp");
520 - if (s == NULL)
521 - {
522 - BIO_printf(bio_err,"getservbyname failure for %s\n",str);
523 - return(0);
524 - }
525 - *port_ptr=ntohs((unsigned short)s->s_port);
526 - }
527 return(1);
528 }
529
Michael's tree of IPFire 3.x.