1 /* $OpenBSD: s_cb.c,v 1.22 2025/01/02 13:10:03 tb Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 /* ==================================================================== 59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 60 * 61 * Redistribution and use in source and binary forms, with or without 62 * modification, are permitted provided that the following conditions 63 * are met: 64 * 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 68 * 2. Redistributions in binary form must reproduce the above copyright 69 * notice, this list of conditions and the following disclaimer in 70 * the documentation and/or other materials provided with the 71 * distribution. 72 * 73 * 3. All advertising materials mentioning features or use of this 74 * software must display the following acknowledgment: 75 * "This product includes software developed by the OpenSSL Project 76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77 * 78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79 * endorse or promote products derived from this software without 80 * prior written permission. For written permission, please contact 81 * openssl-core@openssl.org. 82 * 83 * 5. Products derived from this software may not be called "OpenSSL" 84 * nor may "OpenSSL" appear in their names without prior written 85 * permission of the OpenSSL Project. 86 * 87 * 6. Redistributions of any form whatsoever must retain the following 88 * acknowledgment: 89 * "This product includes software developed by the OpenSSL Project 90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91 * 92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103 * OF THE POSSIBILITY OF SUCH DAMAGE. 104 * ==================================================================== 105 * 106 * This product includes cryptographic software written by Eric Young 107 * (eay@cryptsoft.com). This product includes software written by Tim 108 * Hudson (tjh@cryptsoft.com). 109 * 110 */ 111 112 #include <sys/socket.h> 113 114 #include <netinet/in.h> 115 116 #include <netdb.h> 117 #include <stdio.h> 118 #include <stdlib.h> 119 #include <string.h> 120 121 #include "apps.h" 122 123 #include <openssl/err.h> 124 #include <openssl/ssl.h> 125 #include <openssl/x509.h> 126 127 #define COOKIE_SECRET_LENGTH 16 128 129 int verify_depth = 0; 130 int verify_return_error = 0; 131 unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; 132 int cookie_initialized = 0; 133 134 int 135 verify_callback(int ok, X509_STORE_CTX * ctx) 136 { 137 X509 *err_cert; 138 int err, depth; 139 140 err_cert = X509_STORE_CTX_get_current_cert(ctx); 141 err = X509_STORE_CTX_get_error(ctx); 142 depth = X509_STORE_CTX_get_error_depth(ctx); 143 144 BIO_printf(bio_err, "depth=%d ", depth); 145 if (err_cert) { 146 X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert), 147 0, XN_FLAG_ONELINE); 148 BIO_puts(bio_err, "\n"); 149 } else 150 BIO_puts(bio_err, "<no cert>\n"); 151 if (!ok) { 152 BIO_printf(bio_err, "verify error:num=%d:%s\n", err, 153 X509_verify_cert_error_string(err)); 154 if (verify_depth >= depth) { 155 if (!verify_return_error) 156 ok = 1; 157 } else { 158 ok = 0; 159 } 160 } 161 switch (err) { 162 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 163 BIO_puts(bio_err, "issuer= "); 164 if (err_cert == NULL) 165 BIO_puts(bio_err, "<error getting cert>"); 166 else 167 X509_NAME_print_ex(bio_err, 168 X509_get_issuer_name(err_cert), 0, XN_FLAG_ONELINE); 169 BIO_puts(bio_err, "\n"); 170 break; 171 case X509_V_ERR_CERT_NOT_YET_VALID: 172 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: 173 BIO_printf(bio_err, "notBefore="); 174 if (err_cert == NULL) 175 BIO_printf(bio_err, " <error getting cert>"); 176 else 177 ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert)); 178 BIO_printf(bio_err, "\n"); 179 break; 180 case X509_V_ERR_CERT_HAS_EXPIRED: 181 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: 182 BIO_printf(bio_err, "notAfter="); 183 if (err_cert == NULL) 184 BIO_printf(bio_err, " <error getting cert>"); 185 else 186 ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert)); 187 BIO_printf(bio_err, "\n"); 188 break; 189 case X509_V_ERR_NO_EXPLICIT_POLICY: 190 break; 191 } 192 193 BIO_printf(bio_err, "verify return:%d\n", ok); 194 return (ok); 195 } 196 197 int 198 set_cert_stuff(SSL_CTX * ctx, char *cert_file, char *key_file) 199 { 200 if (cert_file == NULL) 201 return 1; 202 203 if (key_file == NULL) 204 key_file = cert_file; 205 206 if (SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0) { 207 BIO_printf(bio_err, 208 "unable to get certificate from '%s'\n", cert_file); 209 ERR_print_errors(bio_err); 210 return 0; 211 } 212 if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) { 213 BIO_printf(bio_err, "unable to get private key from '%s'\n", 214 key_file); 215 ERR_print_errors(bio_err); 216 return 0; 217 } 218 219 /* Now we know that a key and cert have been set against the context. */ 220 if (!SSL_CTX_check_private_key(ctx)) { 221 BIO_printf(bio_err, 222 "Private key does not match the certificate public key\n"); 223 return 0; 224 } 225 226 return 1; 227 } 228 229 int 230 set_cert_key_stuff(SSL_CTX * ctx, X509 * cert, EVP_PKEY * key) 231 { 232 if (cert == NULL) 233 return 1; 234 if (SSL_CTX_use_certificate(ctx, cert) <= 0) { 235 BIO_printf(bio_err, "error setting certificate\n"); 236 ERR_print_errors(bio_err); 237 return 0; 238 } 239 if (SSL_CTX_use_PrivateKey(ctx, key) <= 0) { 240 BIO_printf(bio_err, "error setting private key\n"); 241 ERR_print_errors(bio_err); 242 return 0; 243 } 244 /* 245 * Now we know that a key and cert have been set against the SSL 246 * context 247 */ 248 if (!SSL_CTX_check_private_key(ctx)) { 249 BIO_printf(bio_err, 250 "Private key does not match the certificate public key\n"); 251 return 0; 252 } 253 return 1; 254 } 255 256 int 257 ssl_print_tmp_key(BIO *out, SSL *s) 258 { 259 const char *cname; 260 EVP_PKEY *pkey; 261 EC_KEY *ec; 262 const EC_GROUP *group; 263 int nid; 264 265 if (!SSL_get_server_tmp_key(s, &pkey)) 266 return 0; 267 268 BIO_puts(out, "Server Temp Key: "); 269 switch (EVP_PKEY_id(pkey)) { 270 case EVP_PKEY_DH: 271 BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(pkey)); 272 break; 273 274 case EVP_PKEY_EC: 275 if ((ec = EVP_PKEY_get0_EC_KEY(pkey)) == NULL) 276 goto err; 277 if ((group = EC_KEY_get0_group(ec)) == NULL) 278 goto err; 279 280 nid = EC_GROUP_get_curve_name(group); 281 282 if ((cname = EC_curve_nid2nist(nid)) == NULL) 283 cname = OBJ_nid2sn(nid); 284 285 BIO_printf(out, "ECDH, %s, %d bits\n", cname, EVP_PKEY_bits(pkey)); 286 break; 287 288 default: 289 BIO_printf(out, "%s, %d bits\n", OBJ_nid2sn(EVP_PKEY_id(pkey)), 290 EVP_PKEY_bits(pkey)); 291 } 292 293 err: 294 EVP_PKEY_free(pkey); 295 return 1; 296 } 297 298 long 299 bio_dump_callback(BIO * bio, int cmd, const char *argp, 300 int argi, long argl, long ret) 301 { 302 BIO *out; 303 304 out = (BIO *) BIO_get_callback_arg(bio); 305 if (out == NULL) 306 return (ret); 307 308 if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) { 309 BIO_printf(out, 310 "read from %p [%p] (%lu bytes => %ld (0x%lX))\n", 311 (void *) bio, argp, (unsigned long) argi, ret, ret); 312 BIO_dump(out, argp, (int) ret); 313 return (ret); 314 } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) { 315 BIO_printf(out, 316 "write to %p [%p] (%lu bytes => %ld (0x%lX))\n", 317 (void *) bio, argp, (unsigned long) argi, ret, ret); 318 BIO_dump(out, argp, (int) ret); 319 } 320 return (ret); 321 } 322 323 void 324 apps_ssl_info_callback(const SSL * s, int where, int ret) 325 { 326 const char *str; 327 int w; 328 329 w = where & ~SSL_ST_MASK; 330 331 if (w & SSL_ST_CONNECT) 332 str = "SSL_connect"; 333 else if (w & SSL_ST_ACCEPT) 334 str = "SSL_accept"; 335 else 336 str = "undefined"; 337 338 if (where & SSL_CB_LOOP) { 339 BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s)); 340 } else if (where & SSL_CB_ALERT) { 341 str = (where & SSL_CB_READ) ? "read" : "write"; 342 BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n", str, 343 SSL_alert_type_string_long(ret), 344 SSL_alert_desc_string_long(ret)); 345 } else if (where & SSL_CB_EXIT) { 346 if (ret == 0) 347 BIO_printf(bio_err, "%s:failed in %s\n", 348 str, SSL_state_string_long(s)); 349 else if (ret < 0) { 350 BIO_printf(bio_err, "%s:error in %s\n", 351 str, SSL_state_string_long(s)); 352 } 353 } 354 } 355 356 357 void 358 msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL * ssl, void *arg) 359 { 360 BIO *bio = arg; 361 const char *str_write_p, *str_version, *str_content_type = "", 362 *str_details1 = "", *str_details2 = ""; 363 364 str_write_p = write_p ? ">>>" : "<<<"; 365 366 /* XXX convert to using ssl_get_version */ 367 switch (version) { 368 case SSL2_VERSION: 369 str_version = "SSL 2.0"; 370 break; 371 case SSL3_VERSION: 372 str_version = "SSL 3.0 "; 373 break; 374 case TLS1_VERSION: 375 str_version = "TLS 1.0 "; 376 break; 377 case TLS1_1_VERSION: 378 str_version = "TLS 1.1 "; 379 break; 380 case TLS1_2_VERSION: 381 str_version = "TLS 1.2 "; 382 break; 383 case TLS1_3_VERSION: 384 str_version = "TLS 1.3 "; 385 break; 386 case DTLS1_VERSION: 387 str_version = "DTLS 1.0 "; 388 break; 389 case DTLS1_2_VERSION: 390 str_version = "DTLS 1.2 "; 391 break; 392 default: 393 str_version = "???"; 394 } 395 396 if (version == SSL2_VERSION) { 397 str_details1 = "???"; 398 399 if (len > 0) { 400 /* XXX magic numbers */ 401 switch (((const unsigned char *) buf)[0]) { 402 case 0: 403 str_details1 = ", ERROR:"; 404 str_details2 = " ???"; 405 if (len >= 3) { 406 unsigned err = (((const unsigned char *) buf)[1] << 8) + ((const unsigned char *) buf)[2]; 407 408 switch (err) { 409 case 0x0001: 410 str_details2 = " NO-CIPHER-ERROR"; 411 break; 412 case 0x0002: 413 str_details2 = " NO-CERTIFICATE-ERROR"; 414 break; 415 case 0x0004: 416 str_details2 = " BAD-CERTIFICATE-ERROR"; 417 break; 418 case 0x0006: 419 str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR"; 420 break; 421 } 422 } 423 break; 424 case 1: 425 str_details1 = ", CLIENT-HELLO"; 426 break; 427 case 2: 428 str_details1 = ", CLIENT-MASTER-KEY"; 429 break; 430 case 3: 431 str_details1 = ", CLIENT-FINISHED"; 432 break; 433 case 4: 434 str_details1 = ", SERVER-HELLO"; 435 break; 436 case 5: 437 str_details1 = ", SERVER-VERIFY"; 438 break; 439 case 6: 440 str_details1 = ", SERVER-FINISHED"; 441 break; 442 case 7: 443 str_details1 = ", REQUEST-CERTIFICATE"; 444 break; 445 case 8: 446 str_details1 = ", CLIENT-CERTIFICATE"; 447 break; 448 } 449 } 450 } 451 if (version == SSL3_VERSION || version == TLS1_VERSION || 452 version == TLS1_1_VERSION || version == TLS1_2_VERSION || 453 version == TLS1_3_VERSION || version == DTLS1_VERSION || 454 version == DTLS1_2_VERSION) { 455 /* XXX magic numbers are in ssl3.h */ 456 switch (content_type) { 457 case 20: 458 str_content_type = "ChangeCipherSpec"; 459 break; 460 case 21: 461 str_content_type = "Alert"; 462 break; 463 case 22: 464 str_content_type = "Handshake"; 465 break; 466 } 467 468 if (content_type == 21) { /* Alert */ 469 str_details1 = ", ???"; 470 471 if (len == 2) { 472 switch (((const unsigned char *) buf)[0]) { 473 case 1: 474 str_details1 = ", warning"; 475 break; 476 case 2: 477 str_details1 = ", fatal"; 478 break; 479 } 480 481 str_details2 = " ???"; 482 switch (((const unsigned char *) buf)[1]) { 483 case 0: 484 str_details2 = " close_notify"; 485 break; 486 case 10: 487 str_details2 = " unexpected_message"; 488 break; 489 case 20: 490 str_details2 = " bad_record_mac"; 491 break; 492 case 21: 493 str_details2 = " decryption_failed"; 494 break; 495 case 22: 496 str_details2 = " record_overflow"; 497 break; 498 case 30: 499 str_details2 = " decompression_failure"; 500 break; 501 case 40: 502 str_details2 = " handshake_failure"; 503 break; 504 case 42: 505 str_details2 = " bad_certificate"; 506 break; 507 case 43: 508 str_details2 = " unsupported_certificate"; 509 break; 510 case 44: 511 str_details2 = " certificate_revoked"; 512 break; 513 case 45: 514 str_details2 = " certificate_expired"; 515 break; 516 case 46: 517 str_details2 = " certificate_unknown"; 518 break; 519 case 47: 520 str_details2 = " illegal_parameter"; 521 break; 522 case 48: 523 str_details2 = " unknown_ca"; 524 break; 525 case 49: 526 str_details2 = " access_denied"; 527 break; 528 case 50: 529 str_details2 = " decode_error"; 530 break; 531 case 51: 532 str_details2 = " decrypt_error"; 533 break; 534 case 60: 535 str_details2 = " export_restriction"; 536 break; 537 case 70: 538 str_details2 = " protocol_version"; 539 break; 540 case 71: 541 str_details2 = " insufficient_security"; 542 break; 543 case 80: 544 str_details2 = " internal_error"; 545 break; 546 case 90: 547 str_details2 = " user_canceled"; 548 break; 549 case 100: 550 str_details2 = " no_renegotiation"; 551 break; 552 case 110: 553 str_details2 = " unsupported_extension"; 554 break; 555 case 111: 556 str_details2 = " certificate_unobtainable"; 557 break; 558 case 112: 559 str_details2 = " unrecognized_name"; 560 break; 561 case 113: 562 str_details2 = " bad_certificate_status_response"; 563 break; 564 case 114: 565 str_details2 = " bad_certificate_hash_value"; 566 break; 567 case 115: 568 str_details2 = " unknown_psk_identity"; 569 break; 570 } 571 } 572 } 573 if (content_type == 22) { /* Handshake */ 574 str_details1 = "???"; 575 576 if (len > 0) { 577 switch (((const unsigned char *) buf)[0]) { 578 case 0: 579 str_details1 = ", HelloRequest"; 580 break; 581 case 1: 582 str_details1 = ", ClientHello"; 583 break; 584 case 2: 585 str_details1 = ", ServerHello"; 586 break; 587 case 3: 588 str_details1 = ", HelloVerifyRequest"; 589 break; 590 case 4: 591 str_details1 = ", NewSessionTicket"; 592 break; 593 case 5: 594 str_details1 = ", EndOfEarlyData"; 595 break; 596 case 8: 597 str_details1 = ", EncryptedExtensions"; 598 break; 599 case 11: 600 str_details1 = ", Certificate"; 601 break; 602 case 12: 603 str_details1 = ", ServerKeyExchange"; 604 break; 605 case 13: 606 str_details1 = ", CertificateRequest"; 607 break; 608 case 14: 609 str_details1 = ", ServerHelloDone"; 610 break; 611 case 15: 612 str_details1 = ", CertificateVerify"; 613 break; 614 case 16: 615 str_details1 = ", ClientKeyExchange"; 616 break; 617 case 20: 618 str_details1 = ", Finished"; 619 break; 620 case 24: 621 str_details1 = ", KeyUpdate"; 622 break; 623 } 624 } 625 } 626 } 627 BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, 628 str_version, str_content_type, (unsigned long) len, 629 str_details1, str_details2); 630 631 if (len > 0) { 632 size_t num, i; 633 634 BIO_printf(bio, " "); 635 num = len; 636 637 for (i = 0; i < num; i++) { 638 if (i % 16 == 0 && i > 0) 639 BIO_printf(bio, "\n "); 640 BIO_printf(bio, " %02x", 641 ((const unsigned char *) buf)[i]); 642 } 643 if (i < len) 644 BIO_printf(bio, " ..."); 645 BIO_printf(bio, "\n"); 646 } 647 (void) BIO_flush(bio); 648 } 649 650 void 651 tlsext_cb(SSL * s, int client_server, int type, unsigned char *data, int len, 652 void *arg) 653 { 654 BIO *bio = arg; 655 char *extname; 656 657 switch (type) { 658 case TLSEXT_TYPE_server_name: 659 extname = "server name"; 660 break; 661 662 case TLSEXT_TYPE_max_fragment_length: 663 extname = "max fragment length"; 664 break; 665 666 case TLSEXT_TYPE_client_certificate_url: 667 extname = "client certificate URL"; 668 break; 669 670 case TLSEXT_TYPE_trusted_ca_keys: 671 extname = "trusted CA keys"; 672 break; 673 674 case TLSEXT_TYPE_truncated_hmac: 675 extname = "truncated HMAC"; 676 break; 677 678 case TLSEXT_TYPE_status_request: 679 extname = "status request"; 680 break; 681 682 case TLSEXT_TYPE_user_mapping: 683 extname = "user mapping"; 684 break; 685 686 case TLSEXT_TYPE_client_authz: 687 extname = "client authz"; 688 break; 689 690 case TLSEXT_TYPE_server_authz: 691 extname = "server authz"; 692 break; 693 694 case TLSEXT_TYPE_cert_type: 695 extname = "cert type"; 696 break; 697 698 case TLSEXT_TYPE_supported_groups: 699 extname = "supported groups"; 700 break; 701 702 case TLSEXT_TYPE_ec_point_formats: 703 extname = "EC point formats"; 704 break; 705 706 case TLSEXT_TYPE_srp: 707 extname = "SRP"; 708 break; 709 710 case TLSEXT_TYPE_signature_algorithms: 711 extname = "signature algorithms"; 712 break; 713 714 case TLSEXT_TYPE_use_srtp: 715 extname = "use SRTP"; 716 break; 717 718 case TLSEXT_TYPE_heartbeat: 719 extname = "heartbeat"; 720 break; 721 722 case TLSEXT_TYPE_application_layer_protocol_negotiation: 723 extname = "application layer protocol negotiation"; 724 break; 725 726 case TLSEXT_TYPE_padding: 727 extname = "TLS padding"; 728 break; 729 730 case TLSEXT_TYPE_session_ticket: 731 extname = "session ticket"; 732 break; 733 734 #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) 735 case TLSEXT_TYPE_pre_shared_key: 736 extname = "pre shared key"; 737 break; 738 739 case TLSEXT_TYPE_early_data: 740 extname = "early data"; 741 break; 742 743 case TLSEXT_TYPE_supported_versions: 744 extname = "supported versions"; 745 break; 746 747 case TLSEXT_TYPE_cookie: 748 extname = "cookie"; 749 break; 750 751 case TLSEXT_TYPE_psk_key_exchange_modes: 752 extname = "PSK key exchange modes"; 753 break; 754 755 case TLSEXT_TYPE_certificate_authorities: 756 extname = "certificate authorities"; 757 break; 758 759 case TLSEXT_TYPE_oid_filters: 760 extname = "OID filters"; 761 break; 762 763 case TLSEXT_TYPE_post_handshake_auth: 764 extname = "post handshake auth"; 765 break; 766 767 case TLSEXT_TYPE_signature_algorithms_cert: 768 extname = "signature algorithms cert"; 769 break; 770 771 case TLSEXT_TYPE_key_share: 772 extname = "key share"; 773 break; 774 #endif 775 776 case TLSEXT_TYPE_renegotiate: 777 extname = "renegotiation info"; 778 break; 779 780 default: 781 extname = "unknown"; 782 break; 783 784 } 785 786 BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n", 787 client_server ? "server" : "client", extname, type, len); 788 BIO_dump(bio, (char *) data, len); 789 (void) BIO_flush(bio); 790 } 791 792 int 793 generate_cookie_callback(SSL * ssl, unsigned char *cookie, 794 unsigned int *cookie_len) 795 { 796 unsigned char *buffer, result[EVP_MAX_MD_SIZE]; 797 unsigned int length, resultlength; 798 union { 799 struct sockaddr sa; 800 struct sockaddr_in s4; 801 struct sockaddr_in6 s6; 802 } peer; 803 804 /* Initialize a random secret */ 805 if (!cookie_initialized) { 806 arc4random_buf(cookie_secret, COOKIE_SECRET_LENGTH); 807 cookie_initialized = 1; 808 } 809 /* Read peer information */ 810 (void) BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); 811 812 /* Create buffer with peer's address and port */ 813 length = 0; 814 switch (peer.sa.sa_family) { 815 case AF_INET: 816 length += sizeof(struct in_addr); 817 length += sizeof(peer.s4.sin_port); 818 break; 819 case AF_INET6: 820 length += sizeof(struct in6_addr); 821 length += sizeof(peer.s6.sin6_port); 822 break; 823 default: 824 OPENSSL_assert(0); 825 break; 826 } 827 buffer = malloc(length); 828 829 if (buffer == NULL) { 830 BIO_printf(bio_err, "out of memory\n"); 831 return 0; 832 } 833 switch (peer.sa.sa_family) { 834 case AF_INET: 835 memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port)); 836 memcpy(buffer + sizeof(peer.s4.sin_port), 837 &peer.s4.sin_addr, sizeof(struct in_addr)); 838 break; 839 case AF_INET6: 840 memcpy(buffer, &peer.s6.sin6_port, sizeof(peer.s6.sin6_port)); 841 memcpy(buffer + sizeof(peer.s6.sin6_port), 842 &peer.s6.sin6_addr, sizeof(struct in6_addr)); 843 break; 844 default: 845 OPENSSL_assert(0); 846 break; 847 } 848 849 /* Calculate HMAC of buffer using the secret */ 850 HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, 851 buffer, length, result, &resultlength); 852 free(buffer); 853 854 memcpy(cookie, result, resultlength); 855 *cookie_len = resultlength; 856 857 return 1; 858 } 859 860 int 861 verify_cookie_callback(SSL * ssl, const unsigned char *cookie, 862 unsigned int cookie_len) 863 { 864 unsigned char *buffer, result[EVP_MAX_MD_SIZE]; 865 unsigned int length, resultlength; 866 union { 867 struct sockaddr sa; 868 struct sockaddr_in s4; 869 struct sockaddr_in6 s6; 870 } peer; 871 872 /* If secret isn't initialized yet, the cookie can't be valid */ 873 if (!cookie_initialized) 874 return 0; 875 876 /* Read peer information */ 877 (void) BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); 878 879 /* Create buffer with peer's address and port */ 880 length = 0; 881 switch (peer.sa.sa_family) { 882 case AF_INET: 883 length += sizeof(struct in_addr); 884 length += sizeof(peer.s4.sin_port); 885 break; 886 case AF_INET6: 887 length += sizeof(struct in6_addr); 888 length += sizeof(peer.s6.sin6_port); 889 break; 890 default: 891 OPENSSL_assert(0); 892 break; 893 } 894 buffer = malloc(length); 895 896 if (buffer == NULL) { 897 BIO_printf(bio_err, "out of memory\n"); 898 return 0; 899 } 900 switch (peer.sa.sa_family) { 901 case AF_INET: 902 memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port)); 903 memcpy(buffer + sizeof(peer.s4.sin_port), 904 &peer.s4.sin_addr, sizeof(struct in_addr)); 905 break; 906 case AF_INET6: 907 memcpy(buffer, &peer.s6.sin6_port, sizeof(peer.s6.sin6_port)); 908 memcpy(buffer + sizeof(peer.s6.sin6_port), 909 &peer.s6.sin6_addr, sizeof(struct in6_addr)); 910 break; 911 default: 912 OPENSSL_assert(0); 913 break; 914 } 915 916 /* Calculate HMAC of buffer using the secret */ 917 if (HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, 918 buffer, length, result, &resultlength) == NULL) { 919 free(buffer); 920 return 0; 921 } 922 923 free(buffer); 924 925 if (cookie_len == resultlength && 926 memcmp(result, cookie, resultlength) == 0) 927 return 1; 928 929 return 0; 930 } 931