[openssl] master update

dev at ddvo.net dev at ddvo.net
Mon Nov 22 14:39:13 UTC 2021


The branch master has been updated
       via  4599ea9fe31953c0c50738ed4b91ade76a693356 (commit)
      from  40649e36c4c0c9438f62e1bf2ccb983f6854c662 (commit)


- Log -----------------------------------------------------------------
commit 4599ea9fe31953c0c50738ed4b91ade76a693356
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Tue Jul 13 10:20:38 2021 +0200

    Fix HTTP server port output and allow dynamic verbosity setting
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16061)

-----------------------------------------------------------------------

Summary of changes:
 apps/cmp.c                 |  4 ++--
 apps/include/http_server.h | 29 +++++++++++++++--------------
 apps/include/s_apps.h      |  1 +
 apps/lib/http_server.c     | 32 +++++++++++++++++++++++++-------
 apps/lib/s_socket.c        | 39 ++++++++++++++++++++++++++-------------
 apps/ocsp.c                | 10 +++++-----
 6 files changed, 74 insertions(+), 41 deletions(-)

diff --git a/apps/cmp.c b/apps/cmp.c
index 589cce1266..f646e3f7bc 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -2568,7 +2568,7 @@ static int cmp_server(OSSL_CMP_CTX *srv_cmp_ctx) {
     int retry = 1;
     int ret = 1;
 
-    if ((acbio = http_server_init_bio(prog, opt_port)) == NULL)
+    if ((acbio = http_server_init(prog, opt_port, opt_verbosity)) == NULL)
         return 0;
     while (opt_max_msgs <= 0 || msgs < opt_max_msgs) {
         char *path = NULL;
@@ -2578,7 +2578,7 @@ static int cmp_server(OSSL_CMP_CTX *srv_cmp_ctx) {
         ret = http_server_get_asn1_req(ASN1_ITEM_rptr(OSSL_CMP_MSG),
                                        (ASN1_VALUE **)&req, &path,
                                        &cbio, acbio, &keep_alive,
-                                       prog, opt_port, 0, 0);
+                                       prog, 0, 0);
         if (ret == 0) { /* no request yet */
             if (retry) {
                 ossl_sleep(1000);
diff --git a/apps/include/http_server.h b/apps/include/http_server.h
index 8c339660a6..3a81cbb140 100644
--- a/apps/include/http_server.h
+++ b/apps/include/http_server.h
@@ -34,17 +34,19 @@
 #  include <syslog.h>
 #  include <signal.h>
 #  define MAXERRLEN 1000 /* limit error text sent to syslog to 1000 bytes */
-# else
-#  undef LOG_DEBUG
-#  undef LOG_INFO
-#  undef LOG_WARNING
-#  undef LOG_ERR
-#  define LOG_DEBUG     7
-#  define LOG_INFO      6
-#  define LOG_WARNING   4
-#  define LOG_ERR       3
 # endif
 
+# undef LOG_TRACE
+# undef LOG_DEBUG
+# undef LOG_INFO
+# undef LOG_WARNING
+# undef LOG_ERR
+# define LOG_TRACE     8
+# define LOG_DEBUG     7
+# define LOG_INFO      6
+# define LOG_WARNING   4
+# define LOG_ERR       3
+
 /*-
  * Log a message to syslog if multi-threaded HTTP_DAEMON, else to bio_err
  * prog: the name of the current app
@@ -56,12 +58,13 @@ void log_message(const char *prog, int level, const char *fmt, ...);
 
 # ifndef OPENSSL_NO_SOCK
 /*-
- * Initialize an HTTP server by setting up its listening BIO
+ * Initialize an HTTP server, setting up its listening BIO
  * prog: the name of the current app
  * port: the port to listen on
+ * verbosity: the level of verbosity to use, or -1 for default: LOG_INFO
  * returns a BIO for accepting requests, NULL on error
  */
-BIO *http_server_init_bio(const char *prog, const char *port);
+BIO *http_server_init(const char *prog, const char *port, int verbosity);
 
 /*-
  * Accept an ASN.1-formatted HTTP request
@@ -72,7 +75,6 @@ BIO *http_server_init_bio(const char *prog, const char *port);
  * acbio: the listening bio (typically as returned by http_server_init_bio())
  * found_keep_alive: for returning flag if client requests persistent connection
  * prog: the name of the current app, for diagnostics only
- * port: the local port listening to, for diagnostics only
  * accept_get: whether to accept GET requests (in addition to POST requests)
  * timeout: connection timeout (in seconds), or 0 for none/infinite
  * returns 0 in case caller should retry, then *preq == *ppath == *pcbio == NULL
@@ -86,8 +88,7 @@ BIO *http_server_init_bio(const char *prog, const char *port);
 int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
                              char **ppath, BIO **pcbio, BIO *acbio,
                              int *found_keep_alive,
-                             const char *prog, const char *port,
-                             int accept_get, int timeout);
+                             const char *prog, int accept_get, int timeout);
 
 /*-
  * Send an ASN.1-formatted HTTP response
diff --git a/apps/include/s_apps.h b/apps/include/s_apps.h
index 194ea746ed..5b188b9892 100644
--- a/apps/include/s_apps.h
+++ b/apps/include/s_apps.h
@@ -19,6 +19,7 @@
     (SSL_is_dtls(s) || (SSL_version(s) < TLS1_3_VERSION))
 
 typedef int (*do_server_cb)(int s, int stype, int prot, unsigned char *context);
+void get_sock_info_address(int asock, char **hostname, char **service);
 int report_server_accept(BIO *out, int asock, int with_address, int with_pid);
 int do_server(int *accept_sock, const char *host, const char *port,
               int family, int type, int protocol, do_server_cb cb,
diff --git a/apps/lib/http_server.c b/apps/lib/http_server.c
index 8f654660b4..e531201d17 100644
--- a/apps/lib/http_server.c
+++ b/apps/lib/http_server.c
@@ -216,18 +216,27 @@ void spawn_loop(const char *prog)
 #endif
 
 #ifndef OPENSSL_NO_SOCK
-BIO *http_server_init_bio(const char *prog, const char *port)
+BIO *http_server_init(const char *prog, const char *port, int verb)
 {
     BIO *acbio = NULL, *bufbio;
     int asock;
+    int port_num;
 
+    if (verb >= 0) {
+        if (verb > LOG_TRACE) {
+            log_message(prog, LOG_ERR,
+                        "Logging verbosity level %d too high", verb);
+            return NULL;
+        }
+        verbosity = verb;
+    }
     bufbio = BIO_new(BIO_f_buffer());
     if (bufbio == NULL)
         goto err;
     acbio = BIO_new(BIO_s_accept());
     if (acbio == NULL
         || BIO_set_bind_mode(acbio, BIO_BIND_REUSEADDR) < 0
-        || BIO_set_accept_port(acbio, port) < 0) {
+        || BIO_set_accept_port(acbio, port /* may be "0" */) < 0) {
         log_message(prog, LOG_ERR, "Error setting up accept BIO");
         goto err;
     }
@@ -241,7 +250,8 @@ BIO *http_server_init_bio(const char *prog, const char *port)
 
     /* Report back what address and port are used */
     BIO_get_fd(acbio, &asock);
-    if (!report_server_accept(bio_out, asock, 1, 1)) {
+    port_num = report_server_accept(bio_out, asock, 1, 1);
+    if (port_num == 0) {
         log_message(prog, LOG_ERR, "Error printing ACCEPT string");
         goto err;
     }
@@ -283,8 +293,7 @@ static int urldecode(char *p)
 int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
                              char **ppath, BIO **pcbio, BIO *acbio,
                              int *found_keep_alive,
-                             const char *prog, const char *port,
-                             int accept_get, int timeout)
+                             const char *prog, int accept_get, int timeout)
 {
     BIO *cbio = *pcbio, *getbio = NULL, *b64 = NULL;
     int len;
@@ -298,15 +307,24 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
         *ppath = NULL;
 
     if (cbio == NULL) {
+        char *port;
+
+        get_sock_info_address(BIO_get_fd(acbio, NULL), NULL, &port);
+        if (port == NULL) {
+            log_message(prog, LOG_ERR, "Cannot get port listening on");
+            goto fatal;
+        }
         log_message(prog, LOG_DEBUG,
-                    "Awaiting new connection on port %s...", port);
+                    "Awaiting new connection on port %s ...", port);
+        OPENSSL_free(port);
+
         if (BIO_do_accept(acbio) <= 0)
             /* Connection loss before accept() is routine, ignore silently */
             return ret;
 
         *pcbio = cbio = BIO_pop(acbio);
     } else {
-        log_message(prog, LOG_DEBUG, "Awaiting next request...");
+        log_message(prog, LOG_DEBUG, "Awaiting next request ...");
     }
     if (cbio == NULL) {
         /* Cannot call http_server_send_status(cbio, ...) */
diff --git a/apps/lib/s_socket.c b/apps/lib/s_socket.c
index 805a1f0f3d..0751d460e8 100644
--- a/apps/lib/s_socket.c
+++ b/apps/lib/s_socket.c
@@ -207,6 +207,25 @@ out:
     return ret;
 }
 
+void get_sock_info_address(int asock, char **hostname, char **service)
+{
+    union BIO_sock_info_u info;
+
+    if (hostname != NULL)
+        *hostname = NULL;
+    if (service != NULL)
+        *service = NULL;
+
+    if ((info.addr = BIO_ADDR_new()) != NULL
+            && BIO_sock_info(asock, BIO_SOCK_INFO_ADDRESS, &info)) {
+        if (hostname != NULL)
+            *hostname = BIO_ADDR_hostname_string(info.addr, 1);
+        if (service != NULL)
+            *service = BIO_ADDR_service_string(info.addr, 1);
+    }
+    BIO_ADDR_free(info.addr);
+}
+
 int report_server_accept(BIO *out, int asock, int with_address, int with_pid)
 {
     int success = 1;
@@ -214,30 +233,24 @@ int report_server_accept(BIO *out, int asock, int with_address, int with_pid)
     if (BIO_printf(out, "ACCEPT") <= 0)
         return 0;
     if (with_address) {
-        union BIO_sock_info_u info;
-        char *hostname = NULL;
-        char *service = NULL;
+        char *hostname, *service;
 
-        if ((info.addr = BIO_ADDR_new()) != NULL
-            && BIO_sock_info(asock, BIO_SOCK_INFO_ADDRESS, &info)
-            && (hostname = BIO_ADDR_hostname_string(info.addr, 1)) != NULL
-            && (service = BIO_ADDR_service_string(info.addr, 1)) != NULL) {
+        get_sock_info_address(asock, &hostname, &service);
+        success = hostname != NULL && service != NULL;
+        if (success)
             success = BIO_printf(out,
                                  strchr(hostname, ':') == NULL
                                  ? /* IPv4 */ " %s:%s"
                                  : /* IPv6 */ " [%s]:%s",
                                  hostname, service) > 0;
-        } else {
+        else
             (void)BIO_printf(out, "unknown:error\n");
-            success = 0;
-        }
         OPENSSL_free(hostname);
         OPENSSL_free(service);
-        BIO_ADDR_free(info.addr);
     }
     if (with_pid)
-        success = success && BIO_printf(out, " PID=%d", getpid()) > 0;
-    success = success && BIO_printf(out, "\n") > 0;
+        success *= BIO_printf(out, " PID=%d", getpid()) > 0;
+    success *= BIO_printf(out, "\n") > 0;
     (void)BIO_flush(out);
 
     return success;
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 8f0eacad2b..841b5f7b81 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -76,7 +76,7 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req
 
 static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
 static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
-                        const char *port, int timeout);
+                        int timeout);
 static int send_ocsp_response(BIO *cbio, const OCSP_RESPONSE *resp);
 static char *prog;
 
@@ -576,7 +576,7 @@ int ocsp_main(int argc, char **argv)
 
     if (req == NULL && port != NULL) {
 #ifndef OPENSSL_NO_SOCK
-        acbio = http_server_init_bio(prog, port);
+        acbio = http_server_init(prog, port, -1);
         if (acbio == NULL)
             goto end;
 #else
@@ -657,7 +657,7 @@ redo_accept:
 #endif
 
         req = NULL;
-        res = do_responder(&req, &cbio, acbio, port, req_timeout);
+        res = do_responder(&req, &cbio, acbio, req_timeout);
         if (res == 0)
             goto redo_accept;
 
@@ -1188,13 +1188,13 @@ static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
 }
 
 static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
-                        const char *port, int timeout)
+                        int timeout)
 {
 #ifndef OPENSSL_NO_SOCK
     return http_server_get_asn1_req(ASN1_ITEM_rptr(OCSP_REQUEST),
                                     (ASN1_VALUE **)preq, NULL, pcbio, acbio,
                                     NULL /* found_keep_alive */,
-                                    prog, port, 1 /* accept_get */, timeout);
+                                    prog, 1 /* accept_get */, timeout);
 #else
     BIO_printf(bio_err,
                "Error getting OCSP request - sockets not supported\n");


More information about the openssl-commits mailing list