git.schokokeks.org
Repositories
Help
Report an Issue
keks-overlay.git
Code
Commits
Branches
Tags
Suche
Strukturansicht:
02d5861
Branches
Tags
master
keks-overlay.git
dev-libs
openssl
files
openssl-1.0.2-ipv6.patch
add openssl 1.0.2 patches
Hanno Böck
commited
02d5861
at 2015-02-21 12:00:56
openssl-1.0.2-ipv6.patch
Blame
History
Raw
http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest --- openssl-1.0.2/apps/s_apps.h +++ openssl-1.0.2/apps/s_apps.h @@ -154,7 +154,7 @@ int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, int stype, unsigned char *context), unsigned char *context, - int naccept); + int naccept, int use_ipv4, int use_ipv6); #ifdef HEADER_X509_H int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); #endif @@ -167,7 +167,8 @@ int ssl_print_curves(BIO *out, SSL *s, int noshared); #endif int ssl_print_tmp_key(BIO *out, SSL *s); -int init_client(int *sock, char *server, int port, int type); +int init_client(int *sock, char *server, int port, int type, + int use_ipv4, int use_ipv6); int should_retry(int i); int extract_port(char *str, short *port_ptr); int extract_host_port(char *str, char **host_ptr, unsigned char *ip, --- openssl-1.0.2/apps/s_client.c +++ openssl-1.0.2/apps/s_client.c @@ -302,6 +302,10 @@ { BIO_printf(bio_err, "usage: s_client args\n"); BIO_printf(bio_err, "\n"); + BIO_printf(bio_err, " -4 - use IPv4 only\n"); +#if OPENSSL_USE_IPV6 + BIO_printf(bio_err, " -6 - use IPv6 only\n"); +#endif BIO_printf(bio_err, " -host host - use -connect instead\n"); BIO_printf(bio_err, " -port port - use -connect instead\n"); BIO_printf(bio_err, @@ -658,6 +662,7 @@ int sbuf_len, sbuf_off; fd_set readfds, writefds; short port = PORT; + int use_ipv4, use_ipv6; int full_log = 1; char *host = SSL_HOST_NAME; char *cert_file = NULL, *key_file = NULL, *chain_file = NULL; @@ -709,7 +714,11 @@ #endif char *sess_in = NULL; char *sess_out = NULL; - struct sockaddr peer; +#if OPENSSL_USE_IPV6 + struct sockaddr_storage peer; +#else + struct sockaddr_in peer; +#endif int peerlen = sizeof(peer); int fallback_scsv = 0; int enable_timeouts = 0; @@ -737,6 +746,12 @@ meth = SSLv23_client_method(); + use_ipv4 = 1; +#if OPENSSL_USE_IPV6 + use_ipv6 = 1; +#else + use_ipv6 = 0; +#endif apps_startup(); c_Pause = 0; c_quiet = 0; @@ -1096,6 +1111,16 @@ jpake_secret = *++argv; } #endif + else if (strcmp(*argv,"-4") == 0) { + use_ipv4 = 1; + use_ipv6 = 0; + } +#if OPENSSL_USE_IPV6 + else if (strcmp(*argv,"-6") == 0) { + use_ipv4 = 0; + use_ipv6 = 1; + } +#endif #ifndef OPENSSL_NO_SRTP else if (strcmp(*argv, "-use_srtp") == 0) { if (--argc < 1) @@ -1421,7 +1446,7 @@ re_start: - if (init_client(&s, host, port, socket_type) == 0) { + if (init_client(&s, host, port, socket_type, use_ipv4, use_ipv6) == 0) { BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error()); SHUTDOWN(s); goto end; @@ -1444,7 +1469,7 @@ if (socket_type == SOCK_DGRAM) { sbio = BIO_new_dgram(s, BIO_NOCLOSE); - if (getsockname(s, &peer, (void *)&peerlen) < 0) { + if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0) { BIO_printf(bio_err, "getsockname:errno=%d\n", get_last_socket_error()); SHUTDOWN(s); --- openssl-1.0.2/apps/s_server.c +++ openssl-1.0.2/apps/s_server.c @@ -643,6 +643,10 @@ BIO_printf(bio_err, " -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n"); #endif + BIO_printf(bio_err, " -4 - use IPv4 only\n"); +#if OPENSSL_USE_IPV6 + BIO_printf(bio_err, " -6 - use IPv6 only\n"); +#endif BIO_printf(bio_err, " -keymatexport label - Export keying material using label\n"); BIO_printf(bio_err, @@ -1070,6 +1074,7 @@ int state = 0; const SSL_METHOD *meth = NULL; int socket_type = SOCK_STREAM; + int use_ipv4, use_ipv6; ENGINE *e = NULL; char *inrand = NULL; int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; @@ -1111,6 +1116,12 @@ meth = SSLv23_server_method(); + use_ipv4 = 1; +#if OPENSSL_USE_IPV6 + use_ipv6 = 1; +#else + use_ipv6 = 0; +#endif local_argc = argc; local_argv = argv; @@ -1503,6 +1514,16 @@ jpake_secret = *(++argv); } #endif + else if (strcmp(*argv,"-4") == 0) { + use_ipv4 = 1; + use_ipv6 = 0; + } +#if OPENSSL_USE_IPV6 + else if (strcmp(*argv,"-6") == 0) { + use_ipv4 = 0; + use_ipv6 = 1; + } +#endif #ifndef OPENSSL_NO_SRTP else if (strcmp(*argv, "-use_srtp") == 0) { if (--argc < 1) @@ -2023,13 +2044,13 @@ (void)BIO_flush(bio_s_out); if (rev) do_server(port, socket_type, &accept_socket, rev_body, context, - naccept); + naccept, use_ipv4, use_ipv6); else if (www) do_server(port, socket_type, &accept_socket, www_body, context, - naccept); + naccept, use_ipv4, use_ipv6); else do_server(port, socket_type, &accept_socket, sv_body, context, - naccept); + naccept, use_ipv4, use_ipv6); print_stats(bio_s_out, ctx); ret = 0; end: --- openssl-1.0.2/apps/s_socket.c +++ openssl-1.0.2/apps/s_socket.c @@ -101,16 +101,16 @@ # include "netdb.h" # endif -static struct hostent *GetHostByName(char *name); +static struct hostent *GetHostByName(char *name, int domain); # if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) static void ssl_sock_cleanup(void); # endif static int ssl_sock_init(void); -static int init_client_ip(int *sock, unsigned char ip[4], int port, int type); -static int init_server(int *sock, int port, int type); -static int init_server_long(int *sock, int port, char *ip, int type); +static int init_client_ip(int *sock, unsigned char *ip, int port, int type, int domain); +static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6); +static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6); static int do_accept(int acc_sock, int *sock, char **host); -static int host_ip(char *str, unsigned char ip[4]); +static int host_ip(char *str, unsigned char *ip, int domain); # ifdef OPENSSL_SYS_WIN16 # define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ @@ -231,38 +231,68 @@ return (1); } -int init_client(int *sock, char *host, int port, int type) +int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6) { +# if OPENSSL_USE_IPV6 + unsigned char ip[16]; +# else unsigned char ip[4]; +# endif - memset(ip, '\0', sizeof ip); - if (!host_ip(host, &(ip[0]))) - return 0; - return init_client_ip(sock, ip, port, type); -} - -static int init_client_ip(int *sock, unsigned char ip[4], int port, int type) -{ - unsigned long addr; + if (use_ipv4) + if (host_ip(host, ip, AF_INET)) + return(init_client_ip(sock, ip, port, type, AF_INET)); +# if OPENSSL_USE_IPV6 + if (use_ipv6) + if (host_ip(host, ip, AF_INET6)) + return(init_client_ip(sock, ip, port, type, AF_INET6)); +# endif + return 0; +} + +static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain) +{ +# if OPENSSL_USE_IPV6 + struct sockaddr_storage them; + struct sockaddr_in *them_in = (struct sockaddr_in *)&them; + struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them; +# else struct sockaddr_in them; + struct sockaddr_in *them_in = &them; +# endif + socklen_t addr_len; int s, i; if (!ssl_sock_init()) return (0); memset((char *)&them, 0, sizeof(them)); - them.sin_family = AF_INET; - them.sin_port = htons((unsigned short)port); - addr = (unsigned long) - ((unsigned long)ip[0] << 24L) | - ((unsigned long)ip[1] << 16L) | - ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]); - them.sin_addr.s_addr = htonl(addr); + if (domain == AF_INET) { + addr_len = (socklen_t)sizeof(struct sockaddr_in); + them_in->sin_family=AF_INET; + them_in->sin_port=htons((unsigned short)port); +# ifndef BIT_FIELD_LIMITS + memcpy(&them_in->sin_addr.s_addr, ip, 4); +# else + memcpy(&them_in->sin_addr, ip, 4); +# endif + } + else +# if OPENSSL_USE_IPV6 + { + addr_len = (socklen_t)sizeof(struct sockaddr_in6); + them_in6->sin6_family=AF_INET6; + them_in6->sin6_port=htons((unsigned short)port); + memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr)); + } +# else + return(0); +# endif if (type == SOCK_STREAM) - s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL); + s = socket(domain, SOCK_STREAM, SOCKET_PROTOCOL); else /* ( type == SOCK_DGRAM) */ - s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); + s = socket(domain, SOCK_DGRAM, IPPROTO_UDP); if (s == INVALID_SOCKET) { perror("socket"); @@ -280,7 +310,7 @@ } # endif - if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) { + if (connect(s, (struct sockaddr *)&them, addr_len) == -1) { closesocket(s); perror("connect"); return (0); @@ -292,14 +322,14 @@ int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, int stype, unsigned char *context), unsigned char *context, - int naccept) + int naccept, int use_ipv4, int use_ipv6) { int sock; char *name = NULL; int accept_socket = 0; int i; - if (!init_server(&accept_socket, port, type)) + if (!init_server(&accept_socket, port, type, use_ipv4, use_ipv6)) return (0); if (ret != NULL) { @@ -328,32 +358,41 @@ } } -static int init_server_long(int *sock, int port, char *ip, int type) +static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6) { int ret = 0; + int domain; +# if OPENSSL_USE_IPV6 + struct sockaddr_storage server; + struct sockaddr_in *server_in = (struct sockaddr_in *)&server; + struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server; +# else struct sockaddr_in server; + struct sockaddr_in *server_in = &server; +# endif + socklen_t addr_len; int s = -1; + if (!use_ipv4 && !use_ipv6) + goto err; +# if OPENSSL_USE_IPV6 + /* we are fine here */ +# else + if (use_ipv6) + goto err; +# endif if (!ssl_sock_init()) return (0); - memset((char *)&server, 0, sizeof(server)); - server.sin_family = AF_INET; - server.sin_port = htons((unsigned short)port); - if (ip == NULL) - server.sin_addr.s_addr = INADDR_ANY; - else -/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */ -# ifndef BIT_FIELD_LIMITS - memcpy(&server.sin_addr.s_addr, ip, 4); +#if OPENSSL_USE_IPV6 + domain = use_ipv6 ? AF_INET6 : AF_INET; # else - memcpy(&server.sin_addr, ip, 4); + domain = AF_INET; # endif - if (type == SOCK_STREAM) - s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL); - else /* type == SOCK_DGRAM */ - s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); + s=socket(domain, SOCK_STREAM, SOCKET_PROTOCOL); + else /* type == SOCK_DGRAM */ + s=socket(domain, SOCK_DGRAM, IPPROTO_UDP); if (s == INVALID_SOCKET) goto err; @@ -363,7 +402,42 @@ setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j); } # endif - if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) { +# if OPENSSL_USE_IPV6 + if ((use_ipv4 == 0) && (use_ipv6 == 1)) { + const int on = 1; + + setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, + (const void *) &on, sizeof(int)); + } +# endif + if (domain == AF_INET) { + addr_len = (socklen_t)sizeof(struct sockaddr_in); + memset(server_in, 0, sizeof(struct sockaddr_in)); + server_in->sin_family=AF_INET; + server_in->sin_port = htons((unsigned short)port); + if (ip == NULL) + server_in->sin_addr.s_addr = htonl(INADDR_ANY); + else +/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */ +# ifndef BIT_FIELD_LIMITS + memcpy(&server_in->sin_addr.s_addr, ip, 4); +# else + memcpy(&server_in->sin_addr, ip, 4); +# endif + } +# if OPENSSL_USE_IPV6 + else { + addr_len = (socklen_t)sizeof(struct sockaddr_in6); + memset(server_in6, 0, sizeof(struct sockaddr_in6)); + server_in6->sin6_family = AF_INET6; + server_in6->sin6_port = htons((unsigned short)port); + if (ip == NULL) + server_in6->sin6_addr = in6addr_any; + else + memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr)); + } +# endif + if (bind(s, (struct sockaddr *)&server, addr_len) == -1) { # ifndef OPENSSL_SYS_WINDOWS perror("bind"); # endif @@ -381,16 +455,23 @@ return (ret); } -static int init_server(int *sock, int port, int type) +static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6) { - return (init_server_long(sock, port, NULL, type)); + return (init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6)); } static int do_accept(int acc_sock, int *sock, char **host) { int ret; struct hostent *h1, *h2; - static struct sockaddr_in from; +#if OPENSSL_USE_IPV6 + struct sockaddr_storage from; + struct sockaddr_in *from_in = (struct sockaddr_in *)&from; + struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from; +#else + struct sockaddr_in from; + struct sockaddr_in *from_in = &from; +#endif int len; /* struct linger ling; */ @@ -440,14 +521,25 @@ if (host == NULL) goto end; +# if OPENSSL_USE_IPV6 + if (from.ss_family == AF_INET) +# else + if (from.sin_family == AF_INET) +# endif # ifndef BIT_FIELD_LIMITS - /* I should use WSAAsyncGetHostByName() under windows */ - h1 = gethostbyaddr((char *)&from.sin_addr.s_addr, - sizeof(from.sin_addr.s_addr), AF_INET); + /* I should use WSAAsyncGetHostByName() under windows */ + h1 = gethostbyaddr((char *)&from_in->sin_addr.s_addr, + sizeof(from_in->sin_addr.s_addr), AF_INET); # else - h1 = gethostbyaddr((char *)&from.sin_addr, - sizeof(struct in_addr), AF_INET); + h1 = gethostbyaddr((char *)&from_in->sin_addr, + sizeof(struct in_addr), AF_INET); +# endif +# if OPENSSL_USE_IPV6 + else + h1 = gethostbyaddr((char *)&from_in6->sin6_addr, + sizeof(struct in6_addr), AF_INET6); # endif + if (h1 == NULL) { BIO_printf(bio_err, "bad gethostbyaddr\n"); *host = NULL; @@ -460,14 +552,22 @@ } BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1); - h2 = GetHostByName(*host); +# if OPENSSL_USE_IPV6 + h2=GetHostByName(*host, from.ss_family); +# else + h2=GetHostByName(*host, from.sin_family); +# endif if (h2 == NULL) { BIO_printf(bio_err, "gethostbyname failure\n"); closesocket(ret); return (0); } - if (h2->h_addrtype != AF_INET) { - BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n"); +# if OPENSSL_USE_IPV6 + if (h2->h_addrtype != from.ss_family) { +# else + if (h2->h_addrtype != from.sin_family) { +# endif + BIO_printf(bio_err, "gethostbyname addr is not correct\n"); closesocket(ret); return (0); } @@ -483,14 +583,14 @@ char *h, *p; h = str; - p = strchr(str, ':'); + p = strrchr(str, ':'); if (p == NULL) { BIO_printf(bio_err, "no port defined\n"); return (0); } *(p++) = '\0'; - if ((ip != NULL) && !host_ip(str, ip)) + if ((ip != NULL) && !host_ip(str, ip, AF_INET)) goto err; if (host_ptr != NULL) *host_ptr = h; @@ -502,44 +602,51 @@ return (0); } -static int host_ip(char *str, unsigned char ip[4]) +static int host_ip(char *str, unsigned char *ip, int domain) { unsigned int in[4]; + unsigned long l; int i; - if (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) == - 4) { + if ((domain == AF_INET) && (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) == 4)) { for (i = 0; i < 4; i++) if (in[i] > 255) { BIO_printf(bio_err, "invalid IP address\n"); goto err; } - ip[0] = in[0]; - ip[1] = in[1]; - ip[2] = in[2]; - ip[3] = in[3]; - } else { /* do a gethostbyname */ + l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]); + memcpy(ip, &l, 4); + return 1; + } +# if OPENSSL_USE_IPV6 + else if ((domain == AF_INET6) && (inet_pton(AF_INET6, str, ip) == 1)) + return 1; +# endif + else { /* do a gethostbyname */ struct hostent *he; if (!ssl_sock_init()) return (0); - he = GetHostByName(str); + he = GetHostByName(str, domain); if (he == NULL) { BIO_printf(bio_err, "gethostbyname failure\n"); goto err; } /* cast to short because of win16 winsock definition */ - if ((short)he->h_addrtype != AF_INET) { - BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n"); + if ((short)he->h_addrtype != domain) { + BIO_printf(bio_err, "gethostbyname addr is not correct\n"); return (0); } - ip[0] = he->h_addr_list[0][0]; - ip[1] = he->h_addr_list[0][1]; - ip[2] = he->h_addr_list[0][2]; - ip[3] = he->h_addr_list[0][3]; + if (domain == AF_INET) + memset(ip, 0, 4); +# if OPENSSL_USE_IPV6 + else + memset(ip, 0, 16); +# endif + memcpy(ip, he->h_addr_list[0], he->h_length); + return 1; } - return (1); err: return (0); } @@ -573,7 +680,7 @@ static unsigned long ghbn_hits = 0L; static unsigned long ghbn_miss = 0L; -static struct hostent *GetHostByName(char *name) +static struct hostent *GetHostByName(char *name, int domain) { struct hostent *ret; int i, lowi = 0; @@ -585,13 +692,18 @@ lowi = i; } if (ghbn_cache[i].order > 0) { - if (strncmp(name, ghbn_cache[i].name, 128) == 0) + if ((strncmp(name, ghbn_cache[i].name, 128) == 0) && (ghbn_cache[i].ent.h_addrtype == domain)) break; } } if (i == GHBN_NUM) { /* no hit */ ghbn_miss++; - ret = gethostbyname(name); + if (domain == AF_INET) + ret = gethostbyname(name); +# if OPENSSL_USE_IPV6 + else + ret = gethostbyname2(name, AF_INET6); +# endif if (ret == NULL) return (NULL); /* else add to cache */