1 |
polynomial-c 14/06/05 12:53:23 |
2 |
|
3 |
Added: openssl-1.0.1h-ipv6.patch |
4 |
Log: |
5 |
Security bump (bug #512506) |
6 |
|
7 |
(Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key 0x981CA6FC) |
8 |
|
9 |
Revision Changes Path |
10 |
1.1 dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch |
11 |
|
12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch?rev=1.1&view=markup |
13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch?rev=1.1&content-type=text/plain |
14 |
|
15 |
Index: openssl-1.0.1h-ipv6.patch |
16 |
=================================================================== |
17 |
http://rt.openssl.org/Ticket/Display.html?id=2051 |
18 |
user/pass: guest/guest |
19 |
|
20 |
Forward ported from openssl-1.0.1e-ipv6.patch |
21 |
|
22 |
Signed-off-by: Lars Wendler <polynomial-c@g.o> |
23 |
|
24 |
--- openssl-1.0.1h/apps/s_apps.h |
25 |
+++ openssl-1.0.1h/apps/s_apps.h |
26 |
@@ -148,7 +148,7 @@ |
27 |
#define PORT_STR "4433" |
28 |
#define PROTOCOL "tcp" |
29 |
|
30 |
-int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context); |
31 |
+int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context, int use_ipv4, int use_ipv6); |
32 |
#ifdef HEADER_X509_H |
33 |
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); |
34 |
#endif |
35 |
@@ -156,7 +156,7 @@ |
36 |
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); |
37 |
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key); |
38 |
#endif |
39 |
-int init_client(int *sock, char *server, int port, int type); |
40 |
+int init_client(int *sock, char *server, int port, int type, int use_ipv4, int use_ipv6); |
41 |
int should_retry(int i); |
42 |
int extract_port(char *str, short *port_ptr); |
43 |
int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p); |
44 |
--- openssl-1.0.1h/apps/s_client.c |
45 |
+++ openssl-1.0.1h/apps/s_client.c |
46 |
@@ -285,6 +285,10 @@ |
47 |
{ |
48 |
BIO_printf(bio_err,"usage: s_client args\n"); |
49 |
BIO_printf(bio_err,"\n"); |
50 |
+ BIO_printf(bio_err," -4 - use IPv4 only\n"); |
51 |
+#if OPENSSL_USE_IPV6 |
52 |
+ BIO_printf(bio_err," -6 - use IPv6 only\n"); |
53 |
+#endif |
54 |
BIO_printf(bio_err," -host host - use -connect instead\n"); |
55 |
BIO_printf(bio_err," -port port - use -connect instead\n"); |
56 |
BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR); |
57 |
@@ -568,6 +572,7 @@ |
58 |
int sbuf_len,sbuf_off; |
59 |
fd_set readfds,writefds; |
60 |
short port=PORT; |
61 |
+ int use_ipv4, use_ipv6; |
62 |
int full_log=1; |
63 |
char *host=SSL_HOST_NAME; |
64 |
char *cert_file=NULL,*key_file=NULL; |
65 |
@@ -613,7 +618,11 @@ |
66 |
#endif |
67 |
char *sess_in = NULL; |
68 |
char *sess_out = NULL; |
69 |
- struct sockaddr peer; |
70 |
+#if OPENSSL_USE_IPV6 |
71 |
+ struct sockaddr_storage peer; |
72 |
+#else |
73 |
+ struct sockaddr_in peer; |
74 |
+#endif |
75 |
int peerlen = sizeof(peer); |
76 |
int enable_timeouts = 0 ; |
77 |
long socket_mtu = 0; |
78 |
@@ -628,6 +637,12 @@ |
79 |
|
80 |
meth=SSLv23_client_method(); |
81 |
|
82 |
+ use_ipv4 = 1; |
83 |
+#if OPENSSL_USE_IPV6 |
84 |
+ use_ipv6 = 1; |
85 |
+#else |
86 |
+ use_ipv6 = 0; |
87 |
+#endif |
88 |
apps_startup(); |
89 |
c_Pause=0; |
90 |
c_quiet=0; |
91 |
@@ -949,6 +964,18 @@ |
92 |
jpake_secret = *++argv; |
93 |
} |
94 |
#endif |
95 |
+ else if (strcmp(*argv,"-4") == 0) |
96 |
+ { |
97 |
+ use_ipv4 = 1; |
98 |
+ use_ipv6 = 0; |
99 |
+ } |
100 |
+#if OPENSSL_USE_IPV6 |
101 |
+ else if (strcmp(*argv,"-6") == 0) |
102 |
+ { |
103 |
+ use_ipv4 = 0; |
104 |
+ use_ipv6 = 1; |
105 |
+ } |
106 |
+#endif |
107 |
#ifndef OPENSSL_NO_SRTP |
108 |
else if (strcmp(*argv,"-use_srtp") == 0) |
109 |
{ |
110 |
@@ -1260,7 +1287,7 @@ |
111 |
|
112 |
re_start: |
113 |
|
114 |
- if (init_client(&s,host,port,socket_type) == 0) |
115 |
+ if (init_client(&s,host,port,socket_type,use_ipv4,use_ipv6) == 0) |
116 |
{ |
117 |
BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error()); |
118 |
SHUTDOWN(s); |
119 |
@@ -1286,7 +1313,7 @@ |
120 |
{ |
121 |
|
122 |
sbio=BIO_new_dgram(s,BIO_NOCLOSE); |
123 |
- if (getsockname(s, &peer, (void *)&peerlen) < 0) |
124 |
+ if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0) |
125 |
{ |
126 |
BIO_printf(bio_err, "getsockname:errno=%d\n", |
127 |
get_last_socket_error()); |
128 |
--- openssl-1.0.1h/apps/s_server.c |
129 |
+++ openssl-1.0.1h/apps/s_server.c |
130 |
@@ -560,6 +560,10 @@ |
131 |
BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); |
132 |
# endif |
133 |
#endif |
134 |
+ BIO_printf(bio_err," -4 - use IPv4 only\n"); |
135 |
+#if OPENSSL_USE_IPV6 |
136 |
+ BIO_printf(bio_err," -6 - use IPv6 only\n"); |
137 |
+#endif |
138 |
BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); |
139 |
BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); |
140 |
} |
141 |
@@ -947,6 +951,7 @@ |
142 |
int state=0; |
143 |
const SSL_METHOD *meth=NULL; |
144 |
int socket_type=SOCK_STREAM; |
145 |
+ int use_ipv4, use_ipv6; |
146 |
ENGINE *e=NULL; |
147 |
char *inrand=NULL; |
148 |
int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; |
149 |
@@ -975,6 +980,12 @@ |
150 |
#endif |
151 |
meth=SSLv23_server_method(); |
152 |
|
153 |
+ use_ipv4 = 1; |
154 |
+#if OPENSSL_USE_IPV6 |
155 |
+ use_ipv6 = 1; |
156 |
+#else |
157 |
+ use_ipv6 = 0; |
158 |
+#endif |
159 |
local_argc=argc; |
160 |
local_argv=argv; |
161 |
|
162 |
@@ -1323,6 +1334,18 @@ |
163 |
jpake_secret = *(++argv); |
164 |
} |
165 |
#endif |
166 |
+ else if (strcmp(*argv,"-4") == 0) |
167 |
+ { |
168 |
+ use_ipv4 = 1; |
169 |
+ use_ipv6 = 0; |
170 |
+ } |
171 |
+#if OPENSSL_USE_IPV6 |
172 |
+ else if (strcmp(*argv,"-6") == 0) |
173 |
+ { |
174 |
+ use_ipv4 = 0; |
175 |
+ use_ipv6 = 1; |
176 |
+ } |
177 |
+#endif |
178 |
#ifndef OPENSSL_NO_SRTP |
179 |
else if (strcmp(*argv,"-use_srtp") == 0) |
180 |
{ |
181 |
@@ -1881,9 +1904,9 @@ |
182 |
BIO_printf(bio_s_out,"ACCEPT\n"); |
183 |
(void)BIO_flush(bio_s_out); |
184 |
if (www) |
185 |
- do_server(port,socket_type,&accept_socket,www_body, context); |
186 |
+ do_server(port,socket_type,&accept_socket,www_body, context, use_ipv4, use_ipv6); |
187 |
else |
188 |
- do_server(port,socket_type,&accept_socket,sv_body, context); |
189 |
+ do_server(port,socket_type,&accept_socket,sv_body, context, use_ipv4, use_ipv6); |
190 |
print_stats(bio_s_out,ctx); |
191 |
ret=0; |
192 |
end: |
193 |
--- openssl-1.0.1h/apps/s_socket.c |
194 |
+++ openssl-1.0.1h/apps/s_socket.c |
195 |
@@ -97,16 +97,16 @@ |
196 |
#include "netdb.h" |
197 |
#endif |
198 |
|
199 |
-static struct hostent *GetHostByName(char *name); |
200 |
+static struct hostent *GetHostByName(char *name, int domain); |
201 |
#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) |
202 |
static void ssl_sock_cleanup(void); |
203 |
#endif |
204 |
static int ssl_sock_init(void); |
205 |
-static int init_client_ip(int *sock,unsigned char ip[4], int port, int type); |
206 |
-static int init_server(int *sock, int port, int type); |
207 |
-static int init_server_long(int *sock, int port,char *ip, int type); |
208 |
+static int init_client_ip(int *sock,unsigned char *ip, int port, int type, int domain); |
209 |
+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6); |
210 |
+static int init_server_long(int *sock, int port,char *ip, int type, int use_ipv4, int use_ipv6); |
211 |
static int do_accept(int acc_sock, int *sock, char **host); |
212 |
-static int host_ip(char *str, unsigned char ip[4]); |
213 |
+static int host_ip(char *str, unsigned char *ip, int domain); |
214 |
|
215 |
#ifdef OPENSSL_SYS_WIN16 |
216 |
#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ |
217 |
@@ -234,38 +234,68 @@ |
218 |
return(1); |
219 |
} |
220 |
|
221 |
-int init_client(int *sock, char *host, int port, int type) |
222 |
+int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6) |
223 |
{ |
224 |
+#if OPENSSL_USE_IPV6 |
225 |
+ unsigned char ip[16]; |
226 |
+#else |
227 |
unsigned char ip[4]; |
228 |
+#endif |
229 |
|
230 |
- memset(ip, '\0', sizeof ip); |
231 |
- if (!host_ip(host,&(ip[0]))) |
232 |
- return 0; |
233 |
- return init_client_ip(sock,ip,port,type); |
234 |
- } |
235 |
- |
236 |
-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type) |
237 |
- { |
238 |
- unsigned long addr; |
239 |
+ if (use_ipv4) |
240 |
+ if (host_ip(host,ip,AF_INET)) |
241 |
+ return(init_client_ip(sock,ip,port,type,AF_INET)); |
242 |
+#if OPENSSL_USE_IPV6 |
243 |
+ if (use_ipv6) |
244 |
+ if (host_ip(host,ip,AF_INET6)) |
245 |
+ return(init_client_ip(sock,ip,port,type,AF_INET6)); |
246 |
+#endif |
247 |
+ return 0; |
248 |
+ } |
249 |
+ |
250 |
+static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain) |
251 |
+ { |
252 |
+#if OPENSSL_USE_IPV6 |
253 |
+ struct sockaddr_storage them; |
254 |
+ struct sockaddr_in *them_in = (struct sockaddr_in *)&them; |
255 |
+ struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them; |
256 |
+#else |
257 |
struct sockaddr_in them; |
258 |
+ struct sockaddr_in *them_in = &them; |
259 |
+#endif |
260 |
+ socklen_t addr_len; |
261 |
int s,i; |
262 |
|
263 |
if (!ssl_sock_init()) return(0); |
264 |
|
265 |
memset((char *)&them,0,sizeof(them)); |
266 |
- them.sin_family=AF_INET; |
267 |
- them.sin_port=htons((unsigned short)port); |
268 |
- addr=(unsigned long) |
269 |
- ((unsigned long)ip[0]<<24L)| |
270 |
- ((unsigned long)ip[1]<<16L)| |
271 |
- ((unsigned long)ip[2]<< 8L)| |
272 |
- ((unsigned long)ip[3]); |
273 |
- them.sin_addr.s_addr=htonl(addr); |
274 |
+ if (domain == AF_INET) |
275 |
+ { |
276 |
+ addr_len = (socklen_t)sizeof(struct sockaddr_in); |
277 |
+ them_in->sin_family=AF_INET; |
278 |
+ them_in->sin_port=htons((unsigned short)port); |
279 |
+#ifndef BIT_FIELD_LIMITS |
280 |
+ memcpy(&them_in->sin_addr.s_addr, ip, 4); |
281 |
+#else |
282 |
+ memcpy(&them_in->sin_addr, ip, 4); |
283 |
+#endif |
284 |
+ } |
285 |
+ else |
286 |
+#if OPENSSL_USE_IPV6 |
287 |
+ { |
288 |
+ addr_len = (socklen_t)sizeof(struct sockaddr_in6); |
289 |
+ them_in6->sin6_family=AF_INET6; |
290 |
+ them_in6->sin6_port=htons((unsigned short)port); |
291 |
+ memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr)); |
292 |
+ } |
293 |
+#else |
294 |
+ return(0); |
295 |
+#endif |
296 |
|
297 |
if (type == SOCK_STREAM) |
298 |
- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); |
299 |
+ s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL); |
300 |
else /* ( type == SOCK_DGRAM) */ |
301 |
- s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP); |
302 |
+ s=socket(domain,SOCK_DGRAM,IPPROTO_UDP); |
303 |
|
304 |
if (s == INVALID_SOCKET) { perror("socket"); return(0); } |
305 |
|
306 |
@@ -277,29 +307,27 @@ |
307 |
if (i < 0) { closesocket(s); perror("keepalive"); return(0); } |
308 |
} |
309 |
#endif |
310 |
- |
311 |
- if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1) |
312 |
+ if (connect(s,(struct sockaddr *)&them,addr_len) == -1) |
313 |
{ closesocket(s); perror("connect"); return(0); } |
314 |
*sock=s; |
315 |
return(1); |
316 |
} |
317 |
|
318 |
-int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context) |
319 |
+int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context, int use_ipv4, int use_ipv6) |
320 |
{ |
321 |
int sock; |
322 |
char *name = NULL; |
323 |
int accept_socket = 0; |
324 |
int i; |
325 |
|
326 |
- if (!init_server(&accept_socket,port,type)) return(0); |
327 |
- |
328 |
+ if (!init_server(&accept_socket,port,type, use_ipv4, use_ipv6)) return(0); |
329 |
if (ret != NULL) |
330 |
{ |
331 |
*ret=accept_socket; |
332 |
/* return(1);*/ |
333 |
} |
334 |
- for (;;) |
335 |
- { |
336 |
+ for (;;) |
337 |
+ { |
338 |
if (type==SOCK_STREAM) |
339 |
{ |
340 |
if (do_accept(accept_socket,&sock,&name) == 0) |
341 |
@@ -322,41 +350,88 @@ |
342 |
} |
343 |
} |
344 |
|
345 |
-static int init_server_long(int *sock, int port, char *ip, int type) |
346 |
+static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6) |
347 |
{ |
348 |
int ret=0; |
349 |
+ int domain; |
350 |
+#if OPENSSL_USE_IPV6 |
351 |
+ struct sockaddr_storage server; |
352 |
+ struct sockaddr_in *server_in = (struct sockaddr_in *)&server; |
353 |
+ struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server; |
354 |
+#else |
355 |
struct sockaddr_in server; |
356 |
+ struct sockaddr_in *server_in = &server; |
357 |
+#endif |
358 |
+ socklen_t addr_len; |
359 |
int s= -1; |
360 |
|
361 |
+ if (!use_ipv4 && !use_ipv6) |
362 |
+ goto err; |
363 |
+#if OPENSSL_USE_IPV6 |
364 |
+ /* we are fine here */ |
365 |
+#else |
366 |
+ if (use_ipv6) |
367 |
+ goto err; |
368 |
+#endif |
369 |
if (!ssl_sock_init()) return(0); |
370 |
|
371 |
- memset((char *)&server,0,sizeof(server)); |
372 |
- server.sin_family=AF_INET; |
373 |
- server.sin_port=htons((unsigned short)port); |
374 |
- if (ip == NULL) |
375 |
- server.sin_addr.s_addr=INADDR_ANY; |
376 |
- else |
377 |
-/* Added for T3E, address-of fails on bit field (beckman@××××××××.gov) */ |
378 |
-#ifndef BIT_FIELD_LIMITS |
379 |
- memcpy(&server.sin_addr.s_addr,ip,4); |
380 |
+#if OPENSSL_USE_IPV6 |
381 |
+ domain = use_ipv6 ? AF_INET6 : AF_INET; |
382 |
#else |
383 |
- memcpy(&server.sin_addr,ip,4); |
384 |
+ domain = AF_INET; |
385 |
#endif |
386 |
- |
387 |
- if (type == SOCK_STREAM) |
388 |
- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); |
389 |
- else /* type == SOCK_DGRAM */ |
390 |
- s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP); |
391 |
+ if (type == SOCK_STREAM) |
392 |
+ s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL); |
393 |
+ else /* type == SOCK_DGRAM */ |
394 |
+ s=socket(domain, SOCK_DGRAM,IPPROTO_UDP); |
395 |
|
396 |
if (s == INVALID_SOCKET) goto err; |
397 |
#if defined SOL_SOCKET && defined SO_REUSEADDR |
398 |
+ { |
399 |
+ int j = 1; |
400 |
+ setsockopt(s, SOL_SOCKET, SO_REUSEADDR, |
401 |
+ (void *) &j, sizeof j); |
402 |
+ } |
403 |
+#endif |
404 |
+#if OPENSSL_USE_IPV6 |
405 |
+ if ((use_ipv4 == 0) && (use_ipv6 == 1)) |
406 |
+ { |
407 |
+ const int on = 1; |
408 |
+ |
409 |
+ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, |
410 |
+ (const void *) &on, sizeof(int)); |
411 |
+ } |
412 |
+#endif |
413 |
+ if (domain == AF_INET) |
414 |
+ { |
415 |
+ addr_len = (socklen_t)sizeof(struct sockaddr_in); |
416 |
+ memset(server_in, 0, sizeof(struct sockaddr_in)); |
417 |
+ server_in->sin_family=AF_INET; |
418 |
+ server_in->sin_port = htons((unsigned short)port); |
419 |
+ if (ip == NULL) |
420 |
+ server_in->sin_addr.s_addr = htonl(INADDR_ANY); |
421 |
+ else |
422 |
+/* Added for T3E, address-of fails on bit field (beckman@××××××××.gov) */ |
423 |
+#ifndef BIT_FIELD_LIMITS |
424 |
+ memcpy(&server_in->sin_addr.s_addr, ip, 4); |
425 |
+#else |
426 |
+ memcpy(&server_in->sin_addr, ip, 4); |
427 |
+#endif |
428 |
+ } |
429 |
+#if OPENSSL_USE_IPV6 |
430 |
+ else |
431 |
{ |
432 |
- int j = 1; |
433 |
- setsockopt(s, SOL_SOCKET, SO_REUSEADDR, |
434 |
- (void *) &j, sizeof j); |
435 |
+ addr_len = (socklen_t)sizeof(struct sockaddr_in6); |
436 |
+ memset(server_in6, 0, sizeof(struct sockaddr_in6)); |
437 |
+ server_in6->sin6_family = AF_INET6; |
438 |
+ server_in6->sin6_port = htons((unsigned short)port); |
439 |
+ if (ip == NULL) |
440 |
+ server_in6->sin6_addr = in6addr_any; |
441 |
+ else |
442 |
+ memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr)); |
443 |
} |
444 |
#endif |
445 |
- if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1) |
446 |
+ if (bind(s, (struct sockaddr *)&server, addr_len) == -1) |
447 |
{ |
448 |
#ifndef OPENSSL_SYS_WINDOWS |
449 |
perror("bind"); |
450 |
@@ -375,16 +450,23 @@ |
451 |
return(ret); |
452 |
} |
453 |
|
454 |
-static int init_server(int *sock, int port, int type) |
455 |
+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6) |
456 |
{ |
457 |
- return(init_server_long(sock, port, NULL, type)); |
458 |
+ return(init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6)); |
459 |
} |
460 |
|
461 |
static int do_accept(int acc_sock, int *sock, char **host) |
462 |
{ |
463 |
int ret; |
464 |
struct hostent *h1,*h2; |
465 |
- static struct sockaddr_in from; |
466 |
+#if OPENSSL_USE_IPV6 |
467 |
+ struct sockaddr_storage from; |
468 |
+ struct sockaddr_in *from_in = (struct sockaddr_in *)&from; |
469 |
+ struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from; |
470 |
+#else |
471 |
+ struct sockaddr_in from; |
472 |
+ struct sockaddr_in *from_in = &from; |
473 |
+#endif |
474 |
int len; |
475 |
/* struct linger ling; */ |
476 |
|
477 |
@@ -431,13 +513,23 @@ |
478 |
*/ |
479 |
|
480 |
if (host == NULL) goto end; |
481 |
+#if OPENSSL_USE_IPV6 |
482 |
+ if (from.ss_family == AF_INET) |
483 |
+#else |
484 |
+ if (from.sin_family == AF_INET) |
485 |
+#endif |
486 |
#ifndef BIT_FIELD_LIMITS |
487 |
- /* I should use WSAAsyncGetHostByName() under windows */ |
488 |
- h1=gethostbyaddr((char *)&from.sin_addr.s_addr, |
489 |
- sizeof(from.sin_addr.s_addr),AF_INET); |
490 |
+ /* I should use WSAAsyncGetHostByName() under windows */ |
491 |
+ h1=gethostbyaddr((char *)&from_in->sin_addr.s_addr, |
492 |
+ sizeof(from_in->sin_addr.s_addr), AF_INET); |
493 |
#else |
494 |
- h1=gethostbyaddr((char *)&from.sin_addr, |
495 |
- sizeof(struct in_addr),AF_INET); |
496 |
+ h1=gethostbyaddr((char *)&from_in->sin_addr, |
497 |
+ sizeof(struct in_addr), AF_INET); |
498 |
+#endif |
499 |
+#if OPENSSL_USE_IPV6 |
500 |
+ else |
501 |
+ h1=gethostbyaddr((char *)&from_in6->sin6_addr, |
502 |
+ sizeof(struct in6_addr), AF_INET6); |
503 |
#endif |
504 |
if (h1 == NULL) |
505 |
{ |
506 |
@@ -455,16 +547,25 @@ |
507 |
} |
508 |
BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1); |
509 |
|
510 |
- h2=GetHostByName(*host); |
511 |
+#if OPENSSL_USE_IPV6 |
512 |
+ h2=GetHostByName(*host, from.ss_family); |
513 |
+#else |
514 |
+ h2=GetHostByName(*host, from.sin_family); |
515 |
+#endif |
516 |
+ |
517 |
if (h2 == NULL) |
518 |
{ |
519 |
BIO_printf(bio_err,"gethostbyname failure\n"); |
520 |
closesocket(ret); |
521 |
return(0); |
522 |
} |
523 |
- if (h2->h_addrtype != AF_INET) |
524 |
+#if OPENSSL_USE_IPV6 |
525 |
+ if (h2->h_addrtype != from.ss_family) |
526 |
+#else |
527 |
+ if (h2->h_addrtype != from.sin_family) |
528 |
+#endif |
529 |
{ |
530 |
- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); |
531 |
+ BIO_printf(bio_err,"gethostbyname addr address is not correct\n"); |
532 |
closesocket(ret); |
533 |
return(0); |
534 |
} |
535 |
@@ -480,7 +581,7 @@ |
536 |
char *h,*p; |
537 |
|
538 |
h=str; |
539 |
- p=strchr(str,':'); |
540 |
+ p=strrchr(str,':'); |
541 |
if (p == NULL) |
542 |
{ |
543 |
BIO_printf(bio_err,"no port defined\n"); |
544 |
@@ -488,7 +589,7 @@ |
545 |
} |
546 |
*(p++)='\0'; |
547 |
|
548 |
- if ((ip != NULL) && !host_ip(str,ip)) |
549 |
+ if ((ip != NULL) && !host_ip(str,ip,AF_INET)) |
550 |
goto err; |
551 |
if (host_ptr != NULL) *host_ptr=h; |
552 |
|
553 |
@@ -499,48 +600,58 @@ |
554 |
return(0); |
555 |
} |
556 |
|
557 |
-static int host_ip(char *str, unsigned char ip[4]) |
558 |
+static int host_ip(char *str, unsigned char *ip, int domain) |
559 |
{ |
560 |
- unsigned int in[4]; |
561 |
+ unsigned int in[4]; |
562 |
+ unsigned long l; |
563 |
int i; |
564 |
|
565 |
- if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4) |
566 |
+ if ((domain == AF_INET) && |
567 |
+ (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)) |
568 |
{ |
569 |
+ |
570 |
for (i=0; i<4; i++) |
571 |
if (in[i] > 255) |
572 |
{ |
573 |
BIO_printf(bio_err,"invalid IP address\n"); |
574 |
goto err; |
575 |
} |
576 |
- ip[0]=in[0]; |
577 |
- ip[1]=in[1]; |
578 |
- ip[2]=in[2]; |
579 |
- ip[3]=in[3]; |
580 |
- } |
581 |
+ l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]); |
582 |
+ memcpy(ip, &l, 4); |
583 |
+ return 1; |
584 |
+ } |
585 |
+#if OPENSSL_USE_IPV6 |
586 |
+ else if ((domain == AF_INET6) && |
587 |
+ (inet_pton(AF_INET6, str, ip) == 1)) |
588 |
+ return 1; |
589 |
+#endif |
590 |
else |
591 |
{ /* do a gethostbyname */ |
592 |
struct hostent *he; |
593 |
|
594 |
if (!ssl_sock_init()) return(0); |
595 |
|
596 |
- he=GetHostByName(str); |
597 |
+ he=GetHostByName(str,domain); |
598 |
if (he == NULL) |
599 |
{ |
600 |
BIO_printf(bio_err,"gethostbyname failure\n"); |
601 |
goto err; |
602 |
} |
603 |
/* cast to short because of win16 winsock definition */ |
604 |
- if ((short)he->h_addrtype != AF_INET) |
605 |
+ if ((short)he->h_addrtype != domain) |
606 |
{ |
607 |
- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); |
608 |
+ BIO_printf(bio_err,"gethostbyname addr family is not correct\n"); |
609 |
return(0); |
610 |
} |
611 |
- ip[0]=he->h_addr_list[0][0]; |
612 |
- ip[1]=he->h_addr_list[0][1]; |
613 |
- ip[2]=he->h_addr_list[0][2]; |
614 |
- ip[3]=he->h_addr_list[0][3]; |
615 |
+ if (domain == AF_INET) |
616 |
+ memset(ip, 0, 4); |
617 |
+#if OPENSSL_USE_IPV6 |
618 |
+ else |
619 |
+ memset(ip, 0, 16); |
620 |
+#endif |
621 |
+ memcpy(ip, he->h_addr_list[0], he->h_length); |
622 |
+ return 1; |
623 |
} |
624 |
- return(1); |
625 |
err: |
626 |
return(0); |
627 |
} |
628 |
@@ -577,7 +688,7 @@ |
629 |
static unsigned long ghbn_hits=0L; |
630 |
static unsigned long ghbn_miss=0L; |
631 |
|
632 |
-static struct hostent *GetHostByName(char *name) |
633 |
+static struct hostent *GetHostByName(char *name, int domain) |
634 |
{ |
635 |
struct hostent *ret; |
636 |
int i,lowi=0; |
637 |
@@ -592,14 +703,20 @@ |
638 |
} |
639 |
if (ghbn_cache[i].order > 0) |
640 |
{ |
641 |
- if (strncmp(name,ghbn_cache[i].name,128) == 0) |
642 |
+ if ((strncmp(name,ghbn_cache[i].name,128) == 0) && |
643 |
+ (ghbn_cache[i].ent.h_addrtype == domain)) |
644 |
break; |
645 |
} |
646 |
} |
647 |
if (i == GHBN_NUM) /* no hit*/ |
648 |
{ |
649 |
ghbn_miss++; |
650 |
- ret=gethostbyname(name); |
651 |
+ if (domain == AF_INET) |
652 |
+ ret=gethostbyname(name); |
653 |
+#if OPENSSL_USE_IPV6 |
654 |
+ else |
655 |
+ ret=gethostbyname2(name, AF_INET6); |
656 |
+#endif |
657 |
if (ret == NULL) return(NULL); |
658 |
/* else add to cache */ |
659 |
if(strlen(name) < sizeof ghbn_cache[0].name) |
660 |
--- openssl-1.0.1h/apps/s_socket.c.rej |
661 |
+++ openssl-1.0.1h/apps/s_socket.c.rej |
662 |
@@ -0,0 +1,29 @@ |
663 |
+--- apps/s_socket.c 2 Dec 2011 14:39:40 -0000 1.43.2.3.2.2 |
664 |
++++ apps/s_socket.c 28 Dec 2011 00:28:14 -0000 |
665 |
+@@ -546,15 +646,23 @@ |
666 |
+ } |
667 |
+ BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1); |
668 |
+ |
669 |
+- h2=GetHostByName(*host); |
670 |
++#if OPENSSL_USE_IPV6 |
671 |
++ h2=GetHostByName(*host, from.ss_family); |
672 |
++#else |
673 |
++ h2=GetHostByName(*host, from.sin_family); |
674 |
++#endif |
675 |
+ if (h2 == NULL) |
676 |
+ { |
677 |
+ BIO_printf(bio_err,"gethostbyname failure\n"); |
678 |
+ return(0); |
679 |
+ } |
680 |
+- if (h2->h_addrtype != AF_INET) |
681 |
++#if OPENSSL_USE_IPV6 |
682 |
++ if (h2->h_addrtype != from.ss_family) |
683 |
++#else |
684 |
++ if (h2->h_addrtype != from.sin_family) |
685 |
++#endif |
686 |
+ { |
687 |
+- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); |
688 |
++ BIO_printf(bio_err,"gethostbyname addr address is not correct\n"); |
689 |
+ return(0); |
690 |
+ } |
691 |
+ } |