http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
--- openssl-1.0.2/apps/s_apps.h
+++ openssl-1.0.2/apps/s_apps.h
@@ -154,7 +154,7 @@
int do_server(int port, int type, int *ret,
int (*cb) (char *hostname, int s, int stype,
unsigned char *context), unsigned char *context,
- int naccept);
+ int naccept, int use_ipv4, int use_ipv6);
#ifdef HEADER_X509_H
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
#endif
@@ -167,7 +167,8 @@
int ssl_print_curves(BIO *out, SSL *s, int noshared);
#endif
int ssl_print_tmp_key(BIO *out, SSL *s);
-int init_client(int *sock, char *server, int port, int type);
+int init_client(int *sock, char *server, int port, int type,
+ int use_ipv4, int use_ipv6);
int should_retry(int i);
int extract_port(char *str, short *port_ptr);
int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
--- openssl-1.0.2/apps/s_client.c
+++ openssl-1.0.2/apps/s_client.c
@@ -302,6 +302,10 @@
{
BIO_printf(bio_err, "usage: s_client args\n");
BIO_printf(bio_err, "\n");
+ BIO_printf(bio_err, " -4 - use IPv4 only\n");
+#if OPENSSL_USE_IPV6
+ BIO_printf(bio_err, " -6 - use IPv6 only\n");
+#endif
BIO_printf(bio_err, " -host host - use -connect instead\n");
BIO_printf(bio_err, " -port port - use -connect instead\n");
BIO_printf(bio_err,
@@ -658,6 +662,7 @@
int sbuf_len, sbuf_off;
fd_set readfds, writefds;
short port = PORT;
+ int use_ipv4, use_ipv6;
int full_log = 1;
char *host = SSL_HOST_NAME;
char *cert_file = NULL, *key_file = NULL, *chain_file = NULL;
@@ -709,7 +714,11 @@
#endif
char *sess_in = NULL;
char *sess_out = NULL;
- struct sockaddr peer;
+#if OPENSSL_USE_IPV6
+ struct sockaddr_storage peer;
+#else
+ struct sockaddr_in peer;
+#endif
int peerlen = sizeof(peer);
int fallback_scsv = 0;
int enable_timeouts = 0;
@@ -737,6 +746,12 @@
meth = SSLv23_client_method();
+ use_ipv4 = 1;
+#if OPENSSL_USE_IPV6
+ use_ipv6 = 1;
+#else
+ use_ipv6 = 0;
+#endif
apps_startup();
c_Pause = 0;
c_quiet = 0;
@@ -1096,6 +1111,16 @@
jpake_secret = *++argv;
}
#endif
+ else if (strcmp(*argv,"-4") == 0) {
+ use_ipv4 = 1;
+ use_ipv6 = 0;
+ }
+#if OPENSSL_USE_IPV6
+ else if (strcmp(*argv,"-6") == 0) {
+ use_ipv4 = 0;
+ use_ipv6 = 1;
+ }
+#endif
#ifndef OPENSSL_NO_SRTP
else if (strcmp(*argv, "-use_srtp") == 0) {
if (--argc < 1)
@@ -1421,7 +1446,7 @@
re_start:
- if (init_client(&s, host, port, socket_type) == 0) {
+ if (init_client(&s, host, port, socket_type, use_ipv4, use_ipv6) == 0) {
BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error());
SHUTDOWN(s);
goto end;
@@ -1444,7 +1469,7 @@
if (socket_type == SOCK_DGRAM) {
sbio = BIO_new_dgram(s, BIO_NOCLOSE);
- if (getsockname(s, &peer, (void *)&peerlen) < 0) {
+ if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0) {
BIO_printf(bio_err, "getsockname:errno=%d\n",
get_last_socket_error());
SHUTDOWN(s);
--- openssl-1.0.2/apps/s_server.c
+++ openssl-1.0.2/apps/s_server.c
@@ -643,6 +643,10 @@
BIO_printf(bio_err,
" -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n");
#endif
+ BIO_printf(bio_err, " -4 - use IPv4 only\n");
+#if OPENSSL_USE_IPV6
+ BIO_printf(bio_err, " -6 - use IPv6 only\n");
+#endif
BIO_printf(bio_err,
" -keymatexport label - Export keying material using label\n");
BIO_printf(bio_err,
@@ -1070,6 +1074,7 @@
int state = 0;
const SSL_METHOD *meth = NULL;
int socket_type = SOCK_STREAM;
+ int use_ipv4, use_ipv6;
ENGINE *e = NULL;
char *inrand = NULL;
int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
@@ -1111,6 +1116,12 @@
meth = SSLv23_server_method();
+ use_ipv4 = 1;
+#if OPENSSL_USE_IPV6
+ use_ipv6 = 1;
+#else
+ use_ipv6 = 0;
+#endif
local_argc = argc;
local_argv = argv;
@@ -1503,6 +1514,16 @@
jpake_secret = *(++argv);
}
#endif
+ else if (strcmp(*argv,"-4") == 0) {
+ use_ipv4 = 1;
+ use_ipv6 = 0;
+ }
+#if OPENSSL_USE_IPV6
+ else if (strcmp(*argv,"-6") == 0) {
+ use_ipv4 = 0;
+ use_ipv6 = 1;
+ }
+#endif
#ifndef OPENSSL_NO_SRTP
else if (strcmp(*argv, "-use_srtp") == 0) {
if (--argc < 1)
@@ -2023,13 +2044,13 @@
(void)BIO_flush(bio_s_out);
if (rev)
do_server(port, socket_type, &accept_socket, rev_body, context,
- naccept);
+ naccept, use_ipv4, use_ipv6);
else if (www)
do_server(port, socket_type, &accept_socket, www_body, context,
- naccept);
+ naccept, use_ipv4, use_ipv6);
else
do_server(port, socket_type, &accept_socket, sv_body, context,
- naccept);
+ naccept, use_ipv4, use_ipv6);
print_stats(bio_s_out, ctx);
ret = 0;
end:
--- openssl-1.0.2/apps/s_socket.c
+++ openssl-1.0.2/apps/s_socket.c
@@ -101,16 +101,16 @@
# include "netdb.h"
# endif
-static struct hostent *GetHostByName(char *name);
+static struct hostent *GetHostByName(char *name, int domain);
# if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
static void ssl_sock_cleanup(void);
# endif
static int ssl_sock_init(void);
-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type);
-static int init_server(int *sock, int port, int type);
-static int init_server_long(int *sock, int port, char *ip, int type);
+static int init_client_ip(int *sock, unsigned char *ip, int port, int type, int domain);
+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6);
+static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6);
static int do_accept(int acc_sock, int *sock, char **host);
-static int host_ip(char *str, unsigned char ip[4]);
+static int host_ip(char *str, unsigned char *ip, int domain);
# ifdef OPENSSL_SYS_WIN16
# define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
@@ -231,38 +231,68 @@
return (1);
}
-int init_client(int *sock, char *host, int port, int type)
+int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6)
{
+# if OPENSSL_USE_IPV6
+ unsigned char ip[16];
+# else
unsigned char ip[4];
+# endif
- memset(ip, '\0', sizeof ip);
- if (!host_ip(host, &(ip[0])))
- return 0;
- return init_client_ip(sock, ip, port, type);
-}
-
-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
-{
- unsigned long addr;
+ if (use_ipv4)
+ if (host_ip(host, ip, AF_INET))
+ return(init_client_ip(sock, ip, port, type, AF_INET));
+# if OPENSSL_USE_IPV6
+ if (use_ipv6)
+ if (host_ip(host, ip, AF_INET6))
+ return(init_client_ip(sock, ip, port, type, AF_INET6));
+# endif
+ return 0;
+}
+
+static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain)
+{
+# if OPENSSL_USE_IPV6
+ struct sockaddr_storage them;
+ struct sockaddr_in *them_in = (struct sockaddr_in *)&them;
+ struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them;
+# else
struct sockaddr_in them;
+ struct sockaddr_in *them_in = &them;
+# endif
+ socklen_t addr_len;
int s, i;
if (!ssl_sock_init())
return (0);
memset((char *)&them, 0, sizeof(them));
- them.sin_family = AF_INET;
- them.sin_port = htons((unsigned short)port);
- addr = (unsigned long)
- ((unsigned long)ip[0] << 24L) |
- ((unsigned long)ip[1] << 16L) |
- ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]);
- them.sin_addr.s_addr = htonl(addr);
+ if (domain == AF_INET) {
+ addr_len = (socklen_t)sizeof(struct sockaddr_in);
+ them_in->sin_family=AF_INET;
+ them_in->sin_port=htons((unsigned short)port);
+# ifndef BIT_FIELD_LIMITS
+ memcpy(&them_in->sin_addr.s_addr, ip, 4);
+# else
+ memcpy(&them_in->sin_addr, ip, 4);
+# endif
+ }
+ else
+# if OPENSSL_USE_IPV6
+ {
+ addr_len = (socklen_t)sizeof(struct sockaddr_in6);
+ them_in6->sin6_family=AF_INET6;
+ them_in6->sin6_port=htons((unsigned short)port);
+ memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr));
+ }
+# else
+ return(0);
+# endif
if (type == SOCK_STREAM)
- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
+ s = socket(domain, SOCK_STREAM, SOCKET_PROTOCOL);
else /* ( type == SOCK_DGRAM) */
- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+ s = socket(domain, SOCK_DGRAM, IPPROTO_UDP);
if (s == INVALID_SOCKET) {
perror("socket");
@@ -280,7 +310,7 @@
}
# endif
- if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) {
+ if (connect(s, (struct sockaddr *)&them, addr_len) == -1) {
closesocket(s);
perror("connect");
return (0);
@@ -292,14 +322,14 @@
int do_server(int port, int type, int *ret,
int (*cb) (char *hostname, int s, int stype,
unsigned char *context), unsigned char *context,
- int naccept)
+ int naccept, int use_ipv4, int use_ipv6)
{
int sock;
char *name = NULL;
int accept_socket = 0;
int i;
- if (!init_server(&accept_socket, port, type))
+ if (!init_server(&accept_socket, port, type, use_ipv4, use_ipv6))
return (0);
if (ret != NULL) {
@@ -328,32 +358,41 @@
}
}
-static int init_server_long(int *sock, int port, char *ip, int type)
+static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6)
{
int ret = 0;
+ int domain;
+# if OPENSSL_USE_IPV6
+ struct sockaddr_storage server;
+ struct sockaddr_in *server_in = (struct sockaddr_in *)&server;
+ struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server;
+# else
struct sockaddr_in server;
+ struct sockaddr_in *server_in = &server;
+# endif
+ socklen_t addr_len;
int s = -1;
+ if (!use_ipv4 && !use_ipv6)
+ goto err;
+# if OPENSSL_USE_IPV6
+ /* we are fine here */
+# else
+ if (use_ipv6)
+ goto err;
+# endif
if (!ssl_sock_init())
return (0);
- memset((char *)&server, 0, sizeof(server));
- server.sin_family = AF_INET;
- server.sin_port = htons((unsigned short)port);
- if (ip == NULL)
- server.sin_addr.s_addr = INADDR_ANY;
- else
-/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
-# ifndef BIT_FIELD_LIMITS
- memcpy(&server.sin_addr.s_addr, ip, 4);
+#if OPENSSL_USE_IPV6
+ domain = use_ipv6 ? AF_INET6 : AF_INET;
# else
- memcpy(&server.sin_addr, ip, 4);
+ domain = AF_INET;
# endif
-
if (type == SOCK_STREAM)
- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
- else /* type == SOCK_DGRAM */
- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+ s=socket(domain, SOCK_STREAM, SOCKET_PROTOCOL);
+ else /* type == SOCK_DGRAM */
+ s=socket(domain, SOCK_DGRAM, IPPROTO_UDP);
if (s == INVALID_SOCKET)
goto err;
@@ -363,7 +402,42 @@
setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j);
}
# endif
- if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {
+# if OPENSSL_USE_IPV6
+ if ((use_ipv4 == 0) && (use_ipv6 == 1)) {
+ const int on = 1;
+
+ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
+ (const void *) &on, sizeof(int));
+ }
+# endif
+ if (domain == AF_INET) {
+ addr_len = (socklen_t)sizeof(struct sockaddr_in);
+ memset(server_in, 0, sizeof(struct sockaddr_in));
+ server_in->sin_family=AF_INET;
+ server_in->sin_port = htons((unsigned short)port);
+ if (ip == NULL)
+ server_in->sin_addr.s_addr = htonl(INADDR_ANY);
+ else
+/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
+# ifndef BIT_FIELD_LIMITS
+ memcpy(&server_in->sin_addr.s_addr, ip, 4);
+# else
+ memcpy(&server_in->sin_addr, ip, 4);
+# endif
+ }
+# if OPENSSL_USE_IPV6
+ else {
+ addr_len = (socklen_t)sizeof(struct sockaddr_in6);
+ memset(server_in6, 0, sizeof(struct sockaddr_in6));
+ server_in6->sin6_family = AF_INET6;
+ server_in6->sin6_port = htons((unsigned short)port);
+ if (ip == NULL)
+ server_in6->sin6_addr = in6addr_any;
+ else
+ memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr));
+ }
+# endif
+ if (bind(s, (struct sockaddr *)&server, addr_len) == -1) {
# ifndef OPENSSL_SYS_WINDOWS
perror("bind");
# endif
@@ -381,16 +455,23 @@
return (ret);
}
-static int init_server(int *sock, int port, int type)
+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6)
{
- return (init_server_long(sock, port, NULL, type));
+ return (init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6));
}
static int do_accept(int acc_sock, int *sock, char **host)
{
int ret;
struct hostent *h1, *h2;
- static struct sockaddr_in from;
+#if OPENSSL_USE_IPV6
+ struct sockaddr_storage from;
+ struct sockaddr_in *from_in = (struct sockaddr_in *)&from;
+ struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from;
+#else
+ struct sockaddr_in from;
+ struct sockaddr_in *from_in = &from;
+#endif
int len;
/* struct linger ling; */
@@ -440,14 +521,25 @@
if (host == NULL)
goto end;
+# if OPENSSL_USE_IPV6
+ if (from.ss_family == AF_INET)
+# else
+ if (from.sin_family == AF_INET)
+# endif
# ifndef BIT_FIELD_LIMITS
- /* I should use WSAAsyncGetHostByName() under windows */
- h1 = gethostbyaddr((char *)&from.sin_addr.s_addr,
- sizeof(from.sin_addr.s_addr), AF_INET);
+ /* I should use WSAAsyncGetHostByName() under windows */
+ h1 = gethostbyaddr((char *)&from_in->sin_addr.s_addr,
+ sizeof(from_in->sin_addr.s_addr), AF_INET);
# else
- h1 = gethostbyaddr((char *)&from.sin_addr,
- sizeof(struct in_addr), AF_INET);
+ h1 = gethostbyaddr((char *)&from_in->sin_addr,
+ sizeof(struct in_addr), AF_INET);
+# endif
+# if OPENSSL_USE_IPV6
+ else
+ h1 = gethostbyaddr((char *)&from_in6->sin6_addr,
+ sizeof(struct in6_addr), AF_INET6);
# endif
+
if (h1 == NULL) {
BIO_printf(bio_err, "bad gethostbyaddr\n");
*host = NULL;
@@ -460,14 +552,22 @@
}
BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1);
- h2 = GetHostByName(*host);
+# if OPENSSL_USE_IPV6
+ h2=GetHostByName(*host, from.ss_family);
+# else
+ h2=GetHostByName(*host, from.sin_family);
+# endif
if (h2 == NULL) {
BIO_printf(bio_err, "gethostbyname failure\n");
closesocket(ret);
return (0);
}
- if (h2->h_addrtype != AF_INET) {
- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
+# if OPENSSL_USE_IPV6
+ if (h2->h_addrtype != from.ss_family) {
+# else
+ if (h2->h_addrtype != from.sin_family) {
+# endif
+ BIO_printf(bio_err, "gethostbyname addr is not correct\n");
closesocket(ret);
return (0);
}
@@ -483,14 +583,14 @@
char *h, *p;
h = str;
- p = strchr(str, ':');
+ p = strrchr(str, ':');
if (p == NULL) {
BIO_printf(bio_err, "no port defined\n");
return (0);
}
*(p++) = '\0';
- if ((ip != NULL) && !host_ip(str, ip))
+ if ((ip != NULL) && !host_ip(str, ip, AF_INET))
goto err;
if (host_ptr != NULL)
*host_ptr = h;
@@ -502,44 +602,51 @@
return (0);
}
-static int host_ip(char *str, unsigned char ip[4])
+static int host_ip(char *str, unsigned char *ip, int domain)
{
unsigned int in[4];
+ unsigned long l;
int i;
- if (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) ==
- 4) {
+ if ((domain == AF_INET) && (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) == 4)) {
for (i = 0; i < 4; i++)
if (in[i] > 255) {
BIO_printf(bio_err, "invalid IP address\n");
goto err;
}
- ip[0] = in[0];
- ip[1] = in[1];
- ip[2] = in[2];
- ip[3] = in[3];
- } else { /* do a gethostbyname */
+ l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]);
+ memcpy(ip, &l, 4);
+ return 1;
+ }
+# if OPENSSL_USE_IPV6
+ else if ((domain == AF_INET6) && (inet_pton(AF_INET6, str, ip) == 1))
+ return 1;
+# endif
+ else { /* do a gethostbyname */
struct hostent *he;
if (!ssl_sock_init())
return (0);
- he = GetHostByName(str);
+ he = GetHostByName(str, domain);
if (he == NULL) {
BIO_printf(bio_err, "gethostbyname failure\n");
goto err;
}
/* cast to short because of win16 winsock definition */
- if ((short)he->h_addrtype != AF_INET) {
- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
+ if ((short)he->h_addrtype != domain) {
+ BIO_printf(bio_err, "gethostbyname addr is not correct\n");
return (0);
}
- ip[0] = he->h_addr_list[0][0];
- ip[1] = he->h_addr_list[0][1];
- ip[2] = he->h_addr_list[0][2];
- ip[3] = he->h_addr_list[0][3];
+ if (domain == AF_INET)
+ memset(ip, 0, 4);
+# if OPENSSL_USE_IPV6
+ else
+ memset(ip, 0, 16);
+# endif
+ memcpy(ip, he->h_addr_list[0], he->h_length);
+ return 1;
}
- return (1);
err:
return (0);
}
@@ -573,7 +680,7 @@
static unsigned long ghbn_hits = 0L;
static unsigned long ghbn_miss = 0L;
-static struct hostent *GetHostByName(char *name)
+static struct hostent *GetHostByName(char *name, int domain)
{
struct hostent *ret;
int i, lowi = 0;
@@ -585,13 +692,18 @@
lowi = i;
}
if (ghbn_cache[i].order > 0) {
- if (strncmp(name, ghbn_cache[i].name, 128) == 0)
+ if ((strncmp(name, ghbn_cache[i].name, 128) == 0) && (ghbn_cache[i].ent.h_addrtype == domain))
break;
}
}
if (i == GHBN_NUM) { /* no hit */
ghbn_miss++;
- ret = gethostbyname(name);
+ if (domain == AF_INET)
+ ret = gethostbyname(name);
+# if OPENSSL_USE_IPV6
+ else
+ ret = gethostbyname2(name, AF_INET6);
+# endif
if (ret == NULL)
return (NULL);
/* else add to cache */