1 /* $OpenBSD: s_cb.c,v 1.15 2021/04/02 10:19:19 inoguchi Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 /* ==================================================================== 59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 60 * 61 * Redistribution and use in source and binary forms, with or without 62 * modification, are permitted provided that the following conditions 63 * are met: 64 * 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 68 * 2. Redistributions in binary form must reproduce the above copyright 69 * notice, this list of conditions and the following disclaimer in 70 * the documentation and/or other materials provided with the 71 * distribution. 72 * 73 * 3. All advertising materials mentioning features or use of this 74 * software must display the following acknowledgment: 75 * "This product includes software developed by the OpenSSL Project 76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77 * 78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79 * endorse or promote products derived from this software without 80 * prior written permission. For written permission, please contact 81 * openssl-core@openssl.org. 82 * 83 * 5. Products derived from this software may not be called "OpenSSL" 84 * nor may "OpenSSL" appear in their names without prior written 85 * permission of the OpenSSL Project. 86 * 87 * 6. Redistributions of any form whatsoever must retain the following 88 * acknowledgment: 89 * "This product includes software developed by the OpenSSL Project 90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91 * 92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103 * OF THE POSSIBILITY OF SUCH DAMAGE. 104 * ==================================================================== 105 * 106 * This product includes cryptographic software written by Eric Young 107 * (eay@cryptsoft.com). This product includes software written by Tim 108 * Hudson (tjh@cryptsoft.com). 109 * 110 */ 111 112 #include <sys/socket.h> 113 114 #include <netinet/in.h> 115 116 #include <netdb.h> 117 #include <stdio.h> 118 #include <stdlib.h> 119 #include <string.h> 120 121 #include "apps.h" 122 123 #include <openssl/err.h> 124 #include <openssl/ssl.h> 125 #include <openssl/x509.h> 126 127 #include "s_apps.h" 128 129 #define COOKIE_SECRET_LENGTH 16 130 131 int verify_depth = 0; 132 int verify_return_error = 0; 133 unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; 134 int cookie_initialized = 0; 135 136 int 137 verify_callback(int ok, X509_STORE_CTX * ctx) 138 { 139 X509 *err_cert; 140 int err, depth; 141 142 err_cert = X509_STORE_CTX_get_current_cert(ctx); 143 err = X509_STORE_CTX_get_error(ctx); 144 depth = X509_STORE_CTX_get_error_depth(ctx); 145 146 BIO_printf(bio_err, "depth=%d ", depth); 147 if (err_cert) { 148 X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert), 149 0, XN_FLAG_ONELINE); 150 BIO_puts(bio_err, "\n"); 151 } else 152 BIO_puts(bio_err, "<no cert>\n"); 153 if (!ok) { 154 BIO_printf(bio_err, "verify error:num=%d:%s\n", err, 155 X509_verify_cert_error_string(err)); 156 if (verify_depth >= depth) { 157 if (!verify_return_error) 158 ok = 1; 159 } else { 160 ok = 0; 161 } 162 } 163 switch (err) { 164 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 165 BIO_puts(bio_err, "issuer= "); 166 if (err_cert == NULL) 167 BIO_puts(bio_err, "<error getting cert>"); 168 else 169 X509_NAME_print_ex(bio_err, 170 X509_get_issuer_name(err_cert), 0, XN_FLAG_ONELINE); 171 BIO_puts(bio_err, "\n"); 172 break; 173 case X509_V_ERR_CERT_NOT_YET_VALID: 174 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: 175 BIO_printf(bio_err, "notBefore="); 176 if (err_cert == NULL) 177 BIO_printf(bio_err, " <error getting cert>"); 178 else 179 ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert)); 180 BIO_printf(bio_err, "\n"); 181 break; 182 case X509_V_ERR_CERT_HAS_EXPIRED: 183 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: 184 BIO_printf(bio_err, "notAfter="); 185 if (err_cert == NULL) 186 BIO_printf(bio_err, " <error getting cert>"); 187 else 188 ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert)); 189 BIO_printf(bio_err, "\n"); 190 break; 191 case X509_V_ERR_NO_EXPLICIT_POLICY: 192 policies_print(bio_err, ctx); 193 break; 194 } 195 if (err == X509_V_OK && ok == 2) 196 policies_print(bio_err, ctx); 197 198 BIO_printf(bio_err, "verify return:%d\n", ok); 199 return (ok); 200 } 201 202 int 203 set_cert_stuff(SSL_CTX * ctx, char *cert_file, char *key_file) 204 { 205 if (cert_file != NULL) { 206 /* 207 SSL *ssl; 208 X509 *x509; 209 */ 210 211 if (SSL_CTX_use_certificate_file(ctx, cert_file, 212 SSL_FILETYPE_PEM) <= 0) { 213 BIO_printf(bio_err, 214 "unable to get certificate from '%s'\n", cert_file); 215 ERR_print_errors(bio_err); 216 return (0); 217 } 218 if (key_file == NULL) 219 key_file = cert_file; 220 if (SSL_CTX_use_PrivateKey_file(ctx, key_file, 221 SSL_FILETYPE_PEM) <= 0) { 222 BIO_printf(bio_err, 223 "unable to get private key from '%s'\n", key_file); 224 ERR_print_errors(bio_err); 225 return (0); 226 } 227 /* 228 In theory this is no longer needed 229 ssl=SSL_new(ctx); 230 x509=SSL_get_certificate(ssl); 231 232 if (x509 != NULL) { 233 EVP_PKEY *pktmp; 234 pktmp = X509_get_pubkey(x509); 235 EVP_PKEY_copy_parameters(pktmp, 236 SSL_get_privatekey(ssl)); 237 EVP_PKEY_free(pktmp); 238 } 239 SSL_free(ssl); 240 */ 241 242 /* 243 * If we are using DSA, we can copy the parameters from the 244 * private key 245 */ 246 247 248 /* 249 * Now we know that a key and cert have been set against the 250 * SSL context 251 */ 252 if (!SSL_CTX_check_private_key(ctx)) { 253 BIO_printf(bio_err, 254 "Private key does not match the certificate public key\n"); 255 return (0); 256 } 257 } 258 return (1); 259 } 260 261 int 262 set_cert_key_stuff(SSL_CTX * ctx, X509 * cert, EVP_PKEY * key) 263 { 264 if (cert == NULL) 265 return 1; 266 if (SSL_CTX_use_certificate(ctx, cert) <= 0) { 267 BIO_printf(bio_err, "error setting certificate\n"); 268 ERR_print_errors(bio_err); 269 return 0; 270 } 271 if (SSL_CTX_use_PrivateKey(ctx, key) <= 0) { 272 BIO_printf(bio_err, "error setting private key\n"); 273 ERR_print_errors(bio_err); 274 return 0; 275 } 276 /* 277 * Now we know that a key and cert have been set against the SSL 278 * context 279 */ 280 if (!SSL_CTX_check_private_key(ctx)) { 281 BIO_printf(bio_err, 282 "Private key does not match the certificate public key\n"); 283 return 0; 284 } 285 return 1; 286 } 287 288 int 289 ssl_print_tmp_key(BIO *out, SSL *s) 290 { 291 const char *cname; 292 EVP_PKEY *pkey; 293 EC_KEY *ec; 294 int nid; 295 296 if (!SSL_get_server_tmp_key(s, &pkey)) 297 return 0; 298 299 BIO_puts(out, "Server Temp Key: "); 300 switch (EVP_PKEY_id(pkey)) { 301 case EVP_PKEY_DH: 302 BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(pkey)); 303 break; 304 305 case EVP_PKEY_EC: 306 ec = EVP_PKEY_get1_EC_KEY(pkey); 307 nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); 308 EC_KEY_free(ec); 309 310 if ((cname = EC_curve_nid2nist(nid)) == NULL) 311 cname = OBJ_nid2sn(nid); 312 313 BIO_printf(out, "ECDH, %s, %d bits\n", cname, EVP_PKEY_bits(pkey)); 314 break; 315 316 default: 317 BIO_printf(out, "%s, %d bits\n", OBJ_nid2sn(EVP_PKEY_id(pkey)), 318 EVP_PKEY_bits(pkey)); 319 } 320 321 EVP_PKEY_free(pkey); 322 return 1; 323 } 324 325 long 326 bio_dump_callback(BIO * bio, int cmd, const char *argp, 327 int argi, long argl, long ret) 328 { 329 BIO *out; 330 331 out = (BIO *) BIO_get_callback_arg(bio); 332 if (out == NULL) 333 return (ret); 334 335 if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) { 336 BIO_printf(out, 337 "read from %p [%p] (%lu bytes => %ld (0x%lX))\n", 338 (void *) bio, argp, (unsigned long) argi, ret, ret); 339 BIO_dump(out, argp, (int) ret); 340 return (ret); 341 } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) { 342 BIO_printf(out, 343 "write to %p [%p] (%lu bytes => %ld (0x%lX))\n", 344 (void *) bio, argp, (unsigned long) argi, ret, ret); 345 BIO_dump(out, argp, (int) ret); 346 } 347 return (ret); 348 } 349 350 void 351 apps_ssl_info_callback(const SSL * s, int where, int ret) 352 { 353 const char *str; 354 int w; 355 356 w = where & ~SSL_ST_MASK; 357 358 if (w & SSL_ST_CONNECT) 359 str = "SSL_connect"; 360 else if (w & SSL_ST_ACCEPT) 361 str = "SSL_accept"; 362 else 363 str = "undefined"; 364 365 if (where & SSL_CB_LOOP) { 366 BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s)); 367 } else if (where & SSL_CB_ALERT) { 368 str = (where & SSL_CB_READ) ? "read" : "write"; 369 BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n", str, 370 SSL_alert_type_string_long(ret), 371 SSL_alert_desc_string_long(ret)); 372 } else if (where & SSL_CB_EXIT) { 373 if (ret == 0) 374 BIO_printf(bio_err, "%s:failed in %s\n", 375 str, SSL_state_string_long(s)); 376 else if (ret < 0) { 377 BIO_printf(bio_err, "%s:error in %s\n", 378 str, SSL_state_string_long(s)); 379 } 380 } 381 } 382 383 384 void 385 msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL * ssl, void *arg) 386 { 387 BIO *bio = arg; 388 const char *str_write_p, *str_version, *str_content_type = "", 389 *str_details1 = "", *str_details2 = ""; 390 391 str_write_p = write_p ? ">>>" : "<<<"; 392 393 /* XXX convert to using ssl_get_version */ 394 switch (version) { 395 case SSL2_VERSION: 396 str_version = "SSL 2.0"; 397 break; 398 case SSL3_VERSION: 399 str_version = "SSL 3.0 "; 400 break; 401 case TLS1_VERSION: 402 str_version = "TLS 1.0 "; 403 break; 404 case TLS1_1_VERSION: 405 str_version = "TLS 1.1 "; 406 break; 407 case TLS1_2_VERSION: 408 str_version = "TLS 1.2 "; 409 break; 410 case TLS1_3_VERSION: 411 str_version = "TLS 1.3 "; 412 break; 413 case DTLS1_VERSION: 414 str_version = "DTLS 1.0 "; 415 break; 416 case DTLS1_2_VERSION: 417 str_version = "DTLS 1.2 "; 418 break; 419 default: 420 str_version = "???"; 421 } 422 423 if (version == SSL2_VERSION) { 424 str_details1 = "???"; 425 426 if (len > 0) { 427 /* XXX magic numbers */ 428 switch (((const unsigned char *) buf)[0]) { 429 case 0: 430 str_details1 = ", ERROR:"; 431 str_details2 = " ???"; 432 if (len >= 3) { 433 unsigned err = (((const unsigned char *) buf)[1] << 8) + ((const unsigned char *) buf)[2]; 434 435 switch (err) { 436 case 0x0001: 437 str_details2 = " NO-CIPHER-ERROR"; 438 break; 439 case 0x0002: 440 str_details2 = " NO-CERTIFICATE-ERROR"; 441 break; 442 case 0x0004: 443 str_details2 = " BAD-CERTIFICATE-ERROR"; 444 break; 445 case 0x0006: 446 str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR"; 447 break; 448 } 449 } 450 break; 451 case 1: 452 str_details1 = ", CLIENT-HELLO"; 453 break; 454 case 2: 455 str_details1 = ", CLIENT-MASTER-KEY"; 456 break; 457 case 3: 458 str_details1 = ", CLIENT-FINISHED"; 459 break; 460 case 4: 461 str_details1 = ", SERVER-HELLO"; 462 break; 463 case 5: 464 str_details1 = ", SERVER-VERIFY"; 465 break; 466 case 6: 467 str_details1 = ", SERVER-FINISHED"; 468 break; 469 case 7: 470 str_details1 = ", REQUEST-CERTIFICATE"; 471 break; 472 case 8: 473 str_details1 = ", CLIENT-CERTIFICATE"; 474 break; 475 } 476 } 477 } 478 if (version == SSL3_VERSION || version == TLS1_VERSION || 479 version == TLS1_1_VERSION || version == TLS1_2_VERSION || 480 version == TLS1_3_VERSION || version == DTLS1_VERSION || 481 version == DTLS1_2_VERSION) { 482 /* XXX magic numbers are in ssl3.h */ 483 switch (content_type) { 484 case 20: 485 str_content_type = "ChangeCipherSpec"; 486 break; 487 case 21: 488 str_content_type = "Alert"; 489 break; 490 case 22: 491 str_content_type = "Handshake"; 492 break; 493 } 494 495 if (content_type == 21) { /* Alert */ 496 str_details1 = ", ???"; 497 498 if (len == 2) { 499 switch (((const unsigned char *) buf)[0]) { 500 case 1: 501 str_details1 = ", warning"; 502 break; 503 case 2: 504 str_details1 = ", fatal"; 505 break; 506 } 507 508 str_details2 = " ???"; 509 switch (((const unsigned char *) buf)[1]) { 510 case 0: 511 str_details2 = " close_notify"; 512 break; 513 case 10: 514 str_details2 = " unexpected_message"; 515 break; 516 case 20: 517 str_details2 = " bad_record_mac"; 518 break; 519 case 21: 520 str_details2 = " decryption_failed"; 521 break; 522 case 22: 523 str_details2 = " record_overflow"; 524 break; 525 case 30: 526 str_details2 = " decompression_failure"; 527 break; 528 case 40: 529 str_details2 = " handshake_failure"; 530 break; 531 case 42: 532 str_details2 = " bad_certificate"; 533 break; 534 case 43: 535 str_details2 = " unsupported_certificate"; 536 break; 537 case 44: 538 str_details2 = " certificate_revoked"; 539 break; 540 case 45: 541 str_details2 = " certificate_expired"; 542 break; 543 case 46: 544 str_details2 = " certificate_unknown"; 545 break; 546 case 47: 547 str_details2 = " illegal_parameter"; 548 break; 549 case 48: 550 str_details2 = " unknown_ca"; 551 break; 552 case 49: 553 str_details2 = " access_denied"; 554 break; 555 case 50: 556 str_details2 = " decode_error"; 557 break; 558 case 51: 559 str_details2 = " decrypt_error"; 560 break; 561 case 60: 562 str_details2 = " export_restriction"; 563 break; 564 case 70: 565 str_details2 = " protocol_version"; 566 break; 567 case 71: 568 str_details2 = " insufficient_security"; 569 break; 570 case 80: 571 str_details2 = " internal_error"; 572 break; 573 case 90: 574 str_details2 = " user_canceled"; 575 break; 576 case 100: 577 str_details2 = " no_renegotiation"; 578 break; 579 case 110: 580 str_details2 = " unsupported_extension"; 581 break; 582 case 111: 583 str_details2 = " certificate_unobtainable"; 584 break; 585 case 112: 586 str_details2 = " unrecognized_name"; 587 break; 588 case 113: 589 str_details2 = " bad_certificate_status_response"; 590 break; 591 case 114: 592 str_details2 = " bad_certificate_hash_value"; 593 break; 594 case 115: 595 str_details2 = " unknown_psk_identity"; 596 break; 597 } 598 } 599 } 600 if (content_type == 22) { /* Handshake */ 601 str_details1 = "???"; 602 603 if (len > 0) { 604 switch (((const unsigned char *) buf)[0]) { 605 case 0: 606 str_details1 = ", HelloRequest"; 607 break; 608 case 1: 609 str_details1 = ", ClientHello"; 610 break; 611 case 2: 612 str_details1 = ", ServerHello"; 613 break; 614 case 3: 615 str_details1 = ", HelloVerifyRequest"; 616 break; 617 case 4: 618 str_details1 = ", NewSessionTicket"; 619 break; 620 case 5: 621 str_details1 = ", EndOfEarlyData"; 622 break; 623 case 8: 624 str_details1 = ", EncryptedExtensions"; 625 break; 626 case 11: 627 str_details1 = ", Certificate"; 628 break; 629 case 12: 630 str_details1 = ", ServerKeyExchange"; 631 break; 632 case 13: 633 str_details1 = ", CertificateRequest"; 634 break; 635 case 14: 636 str_details1 = ", ServerHelloDone"; 637 break; 638 case 15: 639 str_details1 = ", CertificateVerify"; 640 break; 641 case 16: 642 str_details1 = ", ClientKeyExchange"; 643 break; 644 case 20: 645 str_details1 = ", Finished"; 646 break; 647 case 24: 648 str_details1 = ", KeyUpdate"; 649 break; 650 } 651 } 652 } 653 } 654 BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, 655 str_version, str_content_type, (unsigned long) len, 656 str_details1, str_details2); 657 658 if (len > 0) { 659 size_t num, i; 660 661 BIO_printf(bio, " "); 662 num = len; 663 664 for (i = 0; i < num; i++) { 665 if (i % 16 == 0 && i > 0) 666 BIO_printf(bio, "\n "); 667 BIO_printf(bio, " %02x", 668 ((const unsigned char *) buf)[i]); 669 } 670 if (i < len) 671 BIO_printf(bio, " ..."); 672 BIO_printf(bio, "\n"); 673 } 674 (void) BIO_flush(bio); 675 } 676 677 void 678 tlsext_cb(SSL * s, int client_server, int type, unsigned char *data, int len, 679 void *arg) 680 { 681 BIO *bio = arg; 682 char *extname; 683 684 switch (type) { 685 case TLSEXT_TYPE_server_name: 686 extname = "server name"; 687 break; 688 689 case TLSEXT_TYPE_max_fragment_length: 690 extname = "max fragment length"; 691 break; 692 693 case TLSEXT_TYPE_client_certificate_url: 694 extname = "client certificate URL"; 695 break; 696 697 case TLSEXT_TYPE_trusted_ca_keys: 698 extname = "trusted CA keys"; 699 break; 700 701 case TLSEXT_TYPE_truncated_hmac: 702 extname = "truncated HMAC"; 703 break; 704 705 case TLSEXT_TYPE_status_request: 706 extname = "status request"; 707 break; 708 709 case TLSEXT_TYPE_user_mapping: 710 extname = "user mapping"; 711 break; 712 713 case TLSEXT_TYPE_client_authz: 714 extname = "client authz"; 715 break; 716 717 case TLSEXT_TYPE_server_authz: 718 extname = "server authz"; 719 break; 720 721 case TLSEXT_TYPE_cert_type: 722 extname = "cert type"; 723 break; 724 725 case TLSEXT_TYPE_supported_groups: 726 extname = "supported groups"; 727 break; 728 729 case TLSEXT_TYPE_ec_point_formats: 730 extname = "EC point formats"; 731 break; 732 733 case TLSEXT_TYPE_srp: 734 extname = "SRP"; 735 break; 736 737 case TLSEXT_TYPE_signature_algorithms: 738 extname = "signature algorithms"; 739 break; 740 741 case TLSEXT_TYPE_use_srtp: 742 extname = "use SRTP"; 743 break; 744 745 case TLSEXT_TYPE_heartbeat: 746 extname = "heartbeat"; 747 break; 748 749 case TLSEXT_TYPE_application_layer_protocol_negotiation: 750 extname = "application layer protocol negotiation"; 751 break; 752 753 case TLSEXT_TYPE_padding: 754 extname = "TLS padding"; 755 break; 756 757 case TLSEXT_TYPE_session_ticket: 758 extname = "session ticket"; 759 break; 760 761 #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) 762 case TLSEXT_TYPE_pre_shared_key: 763 extname = "pre shared key"; 764 break; 765 766 case TLSEXT_TYPE_early_data: 767 extname = "early data"; 768 break; 769 770 case TLSEXT_TYPE_supported_versions: 771 extname = "supported versions"; 772 break; 773 774 case TLSEXT_TYPE_cookie: 775 extname = "cookie"; 776 break; 777 778 case TLSEXT_TYPE_psk_key_exchange_modes: 779 extname = "PSK key exchange modes"; 780 break; 781 782 case TLSEXT_TYPE_certificate_authorities: 783 extname = "certificate authorities"; 784 break; 785 786 case TLSEXT_TYPE_oid_filters: 787 extname = "OID filters"; 788 break; 789 790 case TLSEXT_TYPE_post_handshake_auth: 791 extname = "post handshake auth"; 792 break; 793 794 case TLSEXT_TYPE_signature_algorithms_cert: 795 extname = "signature algorithms cert"; 796 break; 797 798 case TLSEXT_TYPE_key_share: 799 extname = "key share"; 800 break; 801 #endif 802 803 case TLSEXT_TYPE_renegotiate: 804 extname = "renegotiation info"; 805 break; 806 807 default: 808 extname = "unknown"; 809 break; 810 811 } 812 813 BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n", 814 client_server ? "server" : "client", extname, type, len); 815 BIO_dump(bio, (char *) data, len); 816 (void) BIO_flush(bio); 817 } 818 819 int 820 generate_cookie_callback(SSL * ssl, unsigned char *cookie, 821 unsigned int *cookie_len) 822 { 823 unsigned char *buffer, result[EVP_MAX_MD_SIZE]; 824 unsigned int length, resultlength; 825 union { 826 struct sockaddr sa; 827 struct sockaddr_in s4; 828 struct sockaddr_in6 s6; 829 } peer; 830 831 /* Initialize a random secret */ 832 if (!cookie_initialized) { 833 arc4random_buf(cookie_secret, COOKIE_SECRET_LENGTH); 834 cookie_initialized = 1; 835 } 836 /* Read peer information */ 837 (void) BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); 838 839 /* Create buffer with peer's address and port */ 840 length = 0; 841 switch (peer.sa.sa_family) { 842 case AF_INET: 843 length += sizeof(struct in_addr); 844 length += sizeof(peer.s4.sin_port); 845 break; 846 case AF_INET6: 847 length += sizeof(struct in6_addr); 848 length += sizeof(peer.s6.sin6_port); 849 break; 850 default: 851 OPENSSL_assert(0); 852 break; 853 } 854 buffer = malloc(length); 855 856 if (buffer == NULL) { 857 BIO_printf(bio_err, "out of memory\n"); 858 return 0; 859 } 860 switch (peer.sa.sa_family) { 861 case AF_INET: 862 memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port)); 863 memcpy(buffer + sizeof(peer.s4.sin_port), 864 &peer.s4.sin_addr, sizeof(struct in_addr)); 865 break; 866 case AF_INET6: 867 memcpy(buffer, &peer.s6.sin6_port, sizeof(peer.s6.sin6_port)); 868 memcpy(buffer + sizeof(peer.s6.sin6_port), 869 &peer.s6.sin6_addr, sizeof(struct in6_addr)); 870 break; 871 default: 872 OPENSSL_assert(0); 873 break; 874 } 875 876 /* Calculate HMAC of buffer using the secret */ 877 HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, 878 buffer, length, result, &resultlength); 879 free(buffer); 880 881 memcpy(cookie, result, resultlength); 882 *cookie_len = resultlength; 883 884 return 1; 885 } 886 887 int 888 verify_cookie_callback(SSL * ssl, const unsigned char *cookie, 889 unsigned int cookie_len) 890 { 891 unsigned char *buffer, result[EVP_MAX_MD_SIZE]; 892 unsigned int length, resultlength; 893 union { 894 struct sockaddr sa; 895 struct sockaddr_in s4; 896 struct sockaddr_in6 s6; 897 } peer; 898 899 /* If secret isn't initialized yet, the cookie can't be valid */ 900 if (!cookie_initialized) 901 return 0; 902 903 /* Read peer information */ 904 (void) BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); 905 906 /* Create buffer with peer's address and port */ 907 length = 0; 908 switch (peer.sa.sa_family) { 909 case AF_INET: 910 length += sizeof(struct in_addr); 911 length += sizeof(peer.s4.sin_port); 912 break; 913 case AF_INET6: 914 length += sizeof(struct in6_addr); 915 length += sizeof(peer.s6.sin6_port); 916 break; 917 default: 918 OPENSSL_assert(0); 919 break; 920 } 921 buffer = malloc(length); 922 923 if (buffer == NULL) { 924 BIO_printf(bio_err, "out of memory\n"); 925 return 0; 926 } 927 switch (peer.sa.sa_family) { 928 case AF_INET: 929 memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port)); 930 memcpy(buffer + sizeof(peer.s4.sin_port), 931 &peer.s4.sin_addr, sizeof(struct in_addr)); 932 break; 933 case AF_INET6: 934 memcpy(buffer, &peer.s6.sin6_port, sizeof(peer.s6.sin6_port)); 935 memcpy(buffer + sizeof(peer.s6.sin6_port), 936 &peer.s6.sin6_addr, sizeof(struct in6_addr)); 937 break; 938 default: 939 OPENSSL_assert(0); 940 break; 941 } 942 943 /* Calculate HMAC of buffer using the secret */ 944 HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, 945 buffer, length, result, &resultlength); 946 free(buffer); 947 948 if (cookie_len == resultlength && 949 memcmp(result, cookie, resultlength) == 0) 950 return 1; 951 952 return 0; 953 } 954