1*cca6fc52SDaniel Fojt /* $OpenBSD: s_cb.c,v 1.14 2020/04/26 02:09:21 inoguchi Exp $ */ 2f5b1c8a1SJohn Marino /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3f5b1c8a1SJohn Marino * All rights reserved. 4f5b1c8a1SJohn Marino * 5f5b1c8a1SJohn Marino * This package is an SSL implementation written 6f5b1c8a1SJohn Marino * by Eric Young (eay@cryptsoft.com). 7f5b1c8a1SJohn Marino * The implementation was written so as to conform with Netscapes SSL. 8f5b1c8a1SJohn Marino * 9f5b1c8a1SJohn Marino * This library is free for commercial and non-commercial use as long as 10f5b1c8a1SJohn Marino * the following conditions are aheared to. The following conditions 11f5b1c8a1SJohn Marino * apply to all code found in this distribution, be it the RC4, RSA, 12f5b1c8a1SJohn Marino * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13f5b1c8a1SJohn Marino * included with this distribution is covered by the same copyright terms 14f5b1c8a1SJohn Marino * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15f5b1c8a1SJohn Marino * 16f5b1c8a1SJohn Marino * Copyright remains Eric Young's, and as such any Copyright notices in 17f5b1c8a1SJohn Marino * the code are not to be removed. 18f5b1c8a1SJohn Marino * If this package is used in a product, Eric Young should be given attribution 19f5b1c8a1SJohn Marino * as the author of the parts of the library used. 20f5b1c8a1SJohn Marino * This can be in the form of a textual message at program startup or 21f5b1c8a1SJohn Marino * in documentation (online or textual) provided with the package. 22f5b1c8a1SJohn Marino * 23f5b1c8a1SJohn Marino * Redistribution and use in source and binary forms, with or without 24f5b1c8a1SJohn Marino * modification, are permitted provided that the following conditions 25f5b1c8a1SJohn Marino * are met: 26f5b1c8a1SJohn Marino * 1. Redistributions of source code must retain the copyright 27f5b1c8a1SJohn Marino * notice, this list of conditions and the following disclaimer. 28f5b1c8a1SJohn Marino * 2. Redistributions in binary form must reproduce the above copyright 29f5b1c8a1SJohn Marino * notice, this list of conditions and the following disclaimer in the 30f5b1c8a1SJohn Marino * documentation and/or other materials provided with the distribution. 31f5b1c8a1SJohn Marino * 3. All advertising materials mentioning features or use of this software 32f5b1c8a1SJohn Marino * must display the following acknowledgement: 33f5b1c8a1SJohn Marino * "This product includes cryptographic software written by 34f5b1c8a1SJohn Marino * Eric Young (eay@cryptsoft.com)" 35f5b1c8a1SJohn Marino * The word 'cryptographic' can be left out if the rouines from the library 36f5b1c8a1SJohn Marino * being used are not cryptographic related :-). 37f5b1c8a1SJohn Marino * 4. If you include any Windows specific code (or a derivative thereof) from 38f5b1c8a1SJohn Marino * the apps directory (application code) you must include an acknowledgement: 39f5b1c8a1SJohn Marino * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40f5b1c8a1SJohn Marino * 41f5b1c8a1SJohn Marino * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42f5b1c8a1SJohn Marino * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43f5b1c8a1SJohn Marino * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44f5b1c8a1SJohn Marino * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45f5b1c8a1SJohn Marino * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46f5b1c8a1SJohn Marino * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47f5b1c8a1SJohn Marino * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48f5b1c8a1SJohn Marino * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49f5b1c8a1SJohn Marino * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50f5b1c8a1SJohn Marino * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51f5b1c8a1SJohn Marino * SUCH DAMAGE. 52f5b1c8a1SJohn Marino * 53f5b1c8a1SJohn Marino * The licence and distribution terms for any publically available version or 54f5b1c8a1SJohn Marino * derivative of this code cannot be changed. i.e. this code cannot simply be 55f5b1c8a1SJohn Marino * copied and put under another distribution licence 56f5b1c8a1SJohn Marino * [including the GNU Public Licence.] 57f5b1c8a1SJohn Marino */ 58f5b1c8a1SJohn Marino /* ==================================================================== 59f5b1c8a1SJohn Marino * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 60f5b1c8a1SJohn Marino * 61f5b1c8a1SJohn Marino * Redistribution and use in source and binary forms, with or without 62f5b1c8a1SJohn Marino * modification, are permitted provided that the following conditions 63f5b1c8a1SJohn Marino * are met: 64f5b1c8a1SJohn Marino * 65f5b1c8a1SJohn Marino * 1. Redistributions of source code must retain the above copyright 66f5b1c8a1SJohn Marino * notice, this list of conditions and the following disclaimer. 67f5b1c8a1SJohn Marino * 68f5b1c8a1SJohn Marino * 2. Redistributions in binary form must reproduce the above copyright 69f5b1c8a1SJohn Marino * notice, this list of conditions and the following disclaimer in 70f5b1c8a1SJohn Marino * the documentation and/or other materials provided with the 71f5b1c8a1SJohn Marino * distribution. 72f5b1c8a1SJohn Marino * 73f5b1c8a1SJohn Marino * 3. All advertising materials mentioning features or use of this 74f5b1c8a1SJohn Marino * software must display the following acknowledgment: 75f5b1c8a1SJohn Marino * "This product includes software developed by the OpenSSL Project 76f5b1c8a1SJohn Marino * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77f5b1c8a1SJohn Marino * 78f5b1c8a1SJohn Marino * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79f5b1c8a1SJohn Marino * endorse or promote products derived from this software without 80f5b1c8a1SJohn Marino * prior written permission. For written permission, please contact 81f5b1c8a1SJohn Marino * openssl-core@openssl.org. 82f5b1c8a1SJohn Marino * 83f5b1c8a1SJohn Marino * 5. Products derived from this software may not be called "OpenSSL" 84f5b1c8a1SJohn Marino * nor may "OpenSSL" appear in their names without prior written 85f5b1c8a1SJohn Marino * permission of the OpenSSL Project. 86f5b1c8a1SJohn Marino * 87f5b1c8a1SJohn Marino * 6. Redistributions of any form whatsoever must retain the following 88f5b1c8a1SJohn Marino * acknowledgment: 89f5b1c8a1SJohn Marino * "This product includes software developed by the OpenSSL Project 90f5b1c8a1SJohn Marino * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91f5b1c8a1SJohn Marino * 92f5b1c8a1SJohn Marino * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93f5b1c8a1SJohn Marino * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94f5b1c8a1SJohn Marino * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95f5b1c8a1SJohn Marino * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96f5b1c8a1SJohn Marino * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97f5b1c8a1SJohn Marino * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98f5b1c8a1SJohn Marino * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99f5b1c8a1SJohn Marino * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100f5b1c8a1SJohn Marino * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101f5b1c8a1SJohn Marino * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102f5b1c8a1SJohn Marino * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103f5b1c8a1SJohn Marino * OF THE POSSIBILITY OF SUCH DAMAGE. 104f5b1c8a1SJohn Marino * ==================================================================== 105f5b1c8a1SJohn Marino * 106f5b1c8a1SJohn Marino * This product includes cryptographic software written by Eric Young 107f5b1c8a1SJohn Marino * (eay@cryptsoft.com). This product includes software written by Tim 108f5b1c8a1SJohn Marino * Hudson (tjh@cryptsoft.com). 109f5b1c8a1SJohn Marino * 110f5b1c8a1SJohn Marino */ 111f5b1c8a1SJohn Marino 112f5b1c8a1SJohn Marino #include <sys/socket.h> 113f5b1c8a1SJohn Marino 114f5b1c8a1SJohn Marino #include <netinet/in.h> 115f5b1c8a1SJohn Marino 116f5b1c8a1SJohn Marino #include <netdb.h> 117f5b1c8a1SJohn Marino #include <stdio.h> 118f5b1c8a1SJohn Marino #include <stdlib.h> 119f5b1c8a1SJohn Marino #include <string.h> 120f5b1c8a1SJohn Marino 121f5b1c8a1SJohn Marino #include "apps.h" 122f5b1c8a1SJohn Marino 123f5b1c8a1SJohn Marino #include <openssl/err.h> 124f5b1c8a1SJohn Marino #include <openssl/ssl.h> 125f5b1c8a1SJohn Marino #include <openssl/x509.h> 126f5b1c8a1SJohn Marino 127f5b1c8a1SJohn Marino #include "s_apps.h" 128f5b1c8a1SJohn Marino 129f5b1c8a1SJohn Marino #define COOKIE_SECRET_LENGTH 16 130f5b1c8a1SJohn Marino 131f5b1c8a1SJohn Marino int verify_depth = 0; 132f5b1c8a1SJohn Marino int verify_return_error = 0; 133f5b1c8a1SJohn Marino unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; 134f5b1c8a1SJohn Marino int cookie_initialized = 0; 135f5b1c8a1SJohn Marino 136f5b1c8a1SJohn Marino int 137f5b1c8a1SJohn Marino verify_callback(int ok, X509_STORE_CTX * ctx) 138f5b1c8a1SJohn Marino { 139f5b1c8a1SJohn Marino X509 *err_cert; 140f5b1c8a1SJohn Marino int err, depth; 141f5b1c8a1SJohn Marino 142f5b1c8a1SJohn Marino err_cert = X509_STORE_CTX_get_current_cert(ctx); 143f5b1c8a1SJohn Marino err = X509_STORE_CTX_get_error(ctx); 144f5b1c8a1SJohn Marino depth = X509_STORE_CTX_get_error_depth(ctx); 145f5b1c8a1SJohn Marino 146f5b1c8a1SJohn Marino BIO_printf(bio_err, "depth=%d ", depth); 147f5b1c8a1SJohn Marino if (err_cert) { 148f5b1c8a1SJohn Marino X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert), 149f5b1c8a1SJohn Marino 0, XN_FLAG_ONELINE); 150f5b1c8a1SJohn Marino BIO_puts(bio_err, "\n"); 151f5b1c8a1SJohn Marino } else 152f5b1c8a1SJohn Marino BIO_puts(bio_err, "<no cert>\n"); 153f5b1c8a1SJohn Marino if (!ok) { 154f5b1c8a1SJohn Marino BIO_printf(bio_err, "verify error:num=%d:%s\n", err, 155f5b1c8a1SJohn Marino X509_verify_cert_error_string(err)); 156f5b1c8a1SJohn Marino if (verify_depth >= depth) { 157f5b1c8a1SJohn Marino if (!verify_return_error) 158f5b1c8a1SJohn Marino ok = 1; 159f5b1c8a1SJohn Marino } else { 160f5b1c8a1SJohn Marino ok = 0; 161f5b1c8a1SJohn Marino } 162f5b1c8a1SJohn Marino } 163f5b1c8a1SJohn Marino switch (err) { 164f5b1c8a1SJohn Marino case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 165f5b1c8a1SJohn Marino BIO_puts(bio_err, "issuer= "); 166f5b1c8a1SJohn Marino if (err_cert == NULL) 167f5b1c8a1SJohn Marino BIO_puts(bio_err, "<error getting cert>"); 168f5b1c8a1SJohn Marino else 169f5b1c8a1SJohn Marino X509_NAME_print_ex(bio_err, 170f5b1c8a1SJohn Marino X509_get_issuer_name(err_cert), 0, XN_FLAG_ONELINE); 171f5b1c8a1SJohn Marino BIO_puts(bio_err, "\n"); 172f5b1c8a1SJohn Marino break; 173f5b1c8a1SJohn Marino case X509_V_ERR_CERT_NOT_YET_VALID: 174f5b1c8a1SJohn Marino case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: 175f5b1c8a1SJohn Marino BIO_printf(bio_err, "notBefore="); 176f5b1c8a1SJohn Marino if (err_cert == NULL) 177f5b1c8a1SJohn Marino BIO_printf(bio_err, " <error getting cert>"); 178f5b1c8a1SJohn Marino else 179f5b1c8a1SJohn Marino ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert)); 180f5b1c8a1SJohn Marino BIO_printf(bio_err, "\n"); 181f5b1c8a1SJohn Marino break; 182f5b1c8a1SJohn Marino case X509_V_ERR_CERT_HAS_EXPIRED: 183f5b1c8a1SJohn Marino case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: 184f5b1c8a1SJohn Marino BIO_printf(bio_err, "notAfter="); 185f5b1c8a1SJohn Marino if (err_cert == NULL) 186f5b1c8a1SJohn Marino BIO_printf(bio_err, " <error getting cert>"); 187f5b1c8a1SJohn Marino else 188f5b1c8a1SJohn Marino ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert)); 189f5b1c8a1SJohn Marino BIO_printf(bio_err, "\n"); 190f5b1c8a1SJohn Marino break; 191f5b1c8a1SJohn Marino case X509_V_ERR_NO_EXPLICIT_POLICY: 192f5b1c8a1SJohn Marino policies_print(bio_err, ctx); 193f5b1c8a1SJohn Marino break; 194f5b1c8a1SJohn Marino } 195f5b1c8a1SJohn Marino if (err == X509_V_OK && ok == 2) 196f5b1c8a1SJohn Marino policies_print(bio_err, ctx); 197f5b1c8a1SJohn Marino 198f5b1c8a1SJohn Marino BIO_printf(bio_err, "verify return:%d\n", ok); 199f5b1c8a1SJohn Marino return (ok); 200f5b1c8a1SJohn Marino } 201f5b1c8a1SJohn Marino 202f5b1c8a1SJohn Marino int 203f5b1c8a1SJohn Marino set_cert_stuff(SSL_CTX * ctx, char *cert_file, char *key_file) 204f5b1c8a1SJohn Marino { 205f5b1c8a1SJohn Marino if (cert_file != NULL) { 206f5b1c8a1SJohn Marino /* 207f5b1c8a1SJohn Marino SSL *ssl; 208f5b1c8a1SJohn Marino X509 *x509; 209f5b1c8a1SJohn Marino */ 210f5b1c8a1SJohn Marino 211f5b1c8a1SJohn Marino if (SSL_CTX_use_certificate_file(ctx, cert_file, 212f5b1c8a1SJohn Marino SSL_FILETYPE_PEM) <= 0) { 213f5b1c8a1SJohn Marino BIO_printf(bio_err, 214f5b1c8a1SJohn Marino "unable to get certificate from '%s'\n", cert_file); 215f5b1c8a1SJohn Marino ERR_print_errors(bio_err); 216f5b1c8a1SJohn Marino return (0); 217f5b1c8a1SJohn Marino } 218f5b1c8a1SJohn Marino if (key_file == NULL) 219f5b1c8a1SJohn Marino key_file = cert_file; 220f5b1c8a1SJohn Marino if (SSL_CTX_use_PrivateKey_file(ctx, key_file, 221f5b1c8a1SJohn Marino SSL_FILETYPE_PEM) <= 0) { 222f5b1c8a1SJohn Marino BIO_printf(bio_err, 223f5b1c8a1SJohn Marino "unable to get private key from '%s'\n", key_file); 224f5b1c8a1SJohn Marino ERR_print_errors(bio_err); 225f5b1c8a1SJohn Marino return (0); 226f5b1c8a1SJohn Marino } 227f5b1c8a1SJohn Marino /* 228f5b1c8a1SJohn Marino In theory this is no longer needed 229f5b1c8a1SJohn Marino ssl=SSL_new(ctx); 230f5b1c8a1SJohn Marino x509=SSL_get_certificate(ssl); 231f5b1c8a1SJohn Marino 232f5b1c8a1SJohn Marino if (x509 != NULL) { 233f5b1c8a1SJohn Marino EVP_PKEY *pktmp; 234f5b1c8a1SJohn Marino pktmp = X509_get_pubkey(x509); 235f5b1c8a1SJohn Marino EVP_PKEY_copy_parameters(pktmp, 236f5b1c8a1SJohn Marino SSL_get_privatekey(ssl)); 237f5b1c8a1SJohn Marino EVP_PKEY_free(pktmp); 238f5b1c8a1SJohn Marino } 239f5b1c8a1SJohn Marino SSL_free(ssl); 240f5b1c8a1SJohn Marino */ 241f5b1c8a1SJohn Marino 242f5b1c8a1SJohn Marino /* 243f5b1c8a1SJohn Marino * If we are using DSA, we can copy the parameters from the 244f5b1c8a1SJohn Marino * private key 245f5b1c8a1SJohn Marino */ 246f5b1c8a1SJohn Marino 247f5b1c8a1SJohn Marino 248f5b1c8a1SJohn Marino /* 249f5b1c8a1SJohn Marino * Now we know that a key and cert have been set against the 250f5b1c8a1SJohn Marino * SSL context 251f5b1c8a1SJohn Marino */ 252f5b1c8a1SJohn Marino if (!SSL_CTX_check_private_key(ctx)) { 253f5b1c8a1SJohn Marino BIO_printf(bio_err, 254f5b1c8a1SJohn Marino "Private key does not match the certificate public key\n"); 255f5b1c8a1SJohn Marino return (0); 256f5b1c8a1SJohn Marino } 257f5b1c8a1SJohn Marino } 258f5b1c8a1SJohn Marino return (1); 259f5b1c8a1SJohn Marino } 260f5b1c8a1SJohn Marino 261f5b1c8a1SJohn Marino int 262f5b1c8a1SJohn Marino set_cert_key_stuff(SSL_CTX * ctx, X509 * cert, EVP_PKEY * key) 263f5b1c8a1SJohn Marino { 264f5b1c8a1SJohn Marino if (cert == NULL) 265f5b1c8a1SJohn Marino return 1; 266f5b1c8a1SJohn Marino if (SSL_CTX_use_certificate(ctx, cert) <= 0) { 267f5b1c8a1SJohn Marino BIO_printf(bio_err, "error setting certificate\n"); 268f5b1c8a1SJohn Marino ERR_print_errors(bio_err); 269f5b1c8a1SJohn Marino return 0; 270f5b1c8a1SJohn Marino } 271f5b1c8a1SJohn Marino if (SSL_CTX_use_PrivateKey(ctx, key) <= 0) { 272f5b1c8a1SJohn Marino BIO_printf(bio_err, "error setting private key\n"); 273f5b1c8a1SJohn Marino ERR_print_errors(bio_err); 274f5b1c8a1SJohn Marino return 0; 275f5b1c8a1SJohn Marino } 276f5b1c8a1SJohn Marino /* 277f5b1c8a1SJohn Marino * Now we know that a key and cert have been set against the SSL 278f5b1c8a1SJohn Marino * context 279f5b1c8a1SJohn Marino */ 280f5b1c8a1SJohn Marino if (!SSL_CTX_check_private_key(ctx)) { 281f5b1c8a1SJohn Marino BIO_printf(bio_err, 282f5b1c8a1SJohn Marino "Private key does not match the certificate public key\n"); 283f5b1c8a1SJohn Marino return 0; 284f5b1c8a1SJohn Marino } 285f5b1c8a1SJohn Marino return 1; 286f5b1c8a1SJohn Marino } 287f5b1c8a1SJohn Marino 28872c33676SMaxim Ag int 28972c33676SMaxim Ag ssl_print_tmp_key(BIO *out, SSL *s) 29072c33676SMaxim Ag { 29172c33676SMaxim Ag const char *cname; 29272c33676SMaxim Ag EVP_PKEY *pkey; 29372c33676SMaxim Ag EC_KEY *ec; 29472c33676SMaxim Ag int nid; 29572c33676SMaxim Ag 29672c33676SMaxim Ag if (!SSL_get_server_tmp_key(s, &pkey)) 29772c33676SMaxim Ag return 0; 29872c33676SMaxim Ag 29972c33676SMaxim Ag BIO_puts(out, "Server Temp Key: "); 30072c33676SMaxim Ag switch (EVP_PKEY_id(pkey)) { 30172c33676SMaxim Ag case EVP_PKEY_DH: 30272c33676SMaxim Ag BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(pkey)); 30372c33676SMaxim Ag break; 30472c33676SMaxim Ag 30572c33676SMaxim Ag case EVP_PKEY_EC: 30672c33676SMaxim Ag ec = EVP_PKEY_get1_EC_KEY(pkey); 30772c33676SMaxim Ag nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); 30872c33676SMaxim Ag EC_KEY_free(ec); 30972c33676SMaxim Ag 31072c33676SMaxim Ag if ((cname = EC_curve_nid2nist(nid)) == NULL) 31172c33676SMaxim Ag cname = OBJ_nid2sn(nid); 31272c33676SMaxim Ag 31372c33676SMaxim Ag BIO_printf(out, "ECDH, %s, %d bits\n", cname, EVP_PKEY_bits(pkey)); 31472c33676SMaxim Ag break; 31572c33676SMaxim Ag 31672c33676SMaxim Ag default: 31772c33676SMaxim Ag BIO_printf(out, "%s, %d bits\n", OBJ_nid2sn(EVP_PKEY_id(pkey)), 31872c33676SMaxim Ag EVP_PKEY_bits(pkey)); 31972c33676SMaxim Ag } 32072c33676SMaxim Ag 32172c33676SMaxim Ag EVP_PKEY_free(pkey); 32272c33676SMaxim Ag return 1; 32372c33676SMaxim Ag } 32472c33676SMaxim Ag 325f5b1c8a1SJohn Marino long 326f5b1c8a1SJohn Marino bio_dump_callback(BIO * bio, int cmd, const char *argp, 327f5b1c8a1SJohn Marino int argi, long argl, long ret) 328f5b1c8a1SJohn Marino { 329f5b1c8a1SJohn Marino BIO *out; 330f5b1c8a1SJohn Marino 331f5b1c8a1SJohn Marino out = (BIO *) BIO_get_callback_arg(bio); 332f5b1c8a1SJohn Marino if (out == NULL) 333f5b1c8a1SJohn Marino return (ret); 334f5b1c8a1SJohn Marino 335f5b1c8a1SJohn Marino if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) { 336f5b1c8a1SJohn Marino BIO_printf(out, 337f5b1c8a1SJohn Marino "read from %p [%p] (%lu bytes => %ld (0x%lX))\n", 338f5b1c8a1SJohn Marino (void *) bio, argp, (unsigned long) argi, ret, ret); 339f5b1c8a1SJohn Marino BIO_dump(out, argp, (int) ret); 340f5b1c8a1SJohn Marino return (ret); 341f5b1c8a1SJohn Marino } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) { 342f5b1c8a1SJohn Marino BIO_printf(out, 343f5b1c8a1SJohn Marino "write to %p [%p] (%lu bytes => %ld (0x%lX))\n", 344f5b1c8a1SJohn Marino (void *) bio, argp, (unsigned long) argi, ret, ret); 345f5b1c8a1SJohn Marino BIO_dump(out, argp, (int) ret); 346f5b1c8a1SJohn Marino } 347f5b1c8a1SJohn Marino return (ret); 348f5b1c8a1SJohn Marino } 349f5b1c8a1SJohn Marino 350f5b1c8a1SJohn Marino void 351f5b1c8a1SJohn Marino apps_ssl_info_callback(const SSL * s, int where, int ret) 352f5b1c8a1SJohn Marino { 353f5b1c8a1SJohn Marino const char *str; 354f5b1c8a1SJohn Marino int w; 355f5b1c8a1SJohn Marino 356f5b1c8a1SJohn Marino w = where & ~SSL_ST_MASK; 357f5b1c8a1SJohn Marino 358f5b1c8a1SJohn Marino if (w & SSL_ST_CONNECT) 359f5b1c8a1SJohn Marino str = "SSL_connect"; 360f5b1c8a1SJohn Marino else if (w & SSL_ST_ACCEPT) 361f5b1c8a1SJohn Marino str = "SSL_accept"; 362f5b1c8a1SJohn Marino else 363f5b1c8a1SJohn Marino str = "undefined"; 364f5b1c8a1SJohn Marino 365f5b1c8a1SJohn Marino if (where & SSL_CB_LOOP) { 366f5b1c8a1SJohn Marino BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s)); 367f5b1c8a1SJohn Marino } else if (where & SSL_CB_ALERT) { 368f5b1c8a1SJohn Marino str = (where & SSL_CB_READ) ? "read" : "write"; 369f5b1c8a1SJohn Marino BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n", str, 370f5b1c8a1SJohn Marino SSL_alert_type_string_long(ret), 371f5b1c8a1SJohn Marino SSL_alert_desc_string_long(ret)); 372f5b1c8a1SJohn Marino } else if (where & SSL_CB_EXIT) { 373f5b1c8a1SJohn Marino if (ret == 0) 374f5b1c8a1SJohn Marino BIO_printf(bio_err, "%s:failed in %s\n", 375f5b1c8a1SJohn Marino str, SSL_state_string_long(s)); 376f5b1c8a1SJohn Marino else if (ret < 0) { 377f5b1c8a1SJohn Marino BIO_printf(bio_err, "%s:error in %s\n", 378f5b1c8a1SJohn Marino str, SSL_state_string_long(s)); 379f5b1c8a1SJohn Marino } 380f5b1c8a1SJohn Marino } 381f5b1c8a1SJohn Marino } 382f5b1c8a1SJohn Marino 383f5b1c8a1SJohn Marino 384f5b1c8a1SJohn Marino void 385f5b1c8a1SJohn Marino msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL * ssl, void *arg) 386f5b1c8a1SJohn Marino { 387f5b1c8a1SJohn Marino BIO *bio = arg; 388f5b1c8a1SJohn Marino const char *str_write_p, *str_version, *str_content_type = "", 389f5b1c8a1SJohn Marino *str_details1 = "", *str_details2 = ""; 390f5b1c8a1SJohn Marino 391f5b1c8a1SJohn Marino str_write_p = write_p ? ">>>" : "<<<"; 392f5b1c8a1SJohn Marino 393*cca6fc52SDaniel Fojt /* XXX convert to using ssl_get_version */ 394f5b1c8a1SJohn Marino switch (version) { 395f5b1c8a1SJohn Marino case SSL2_VERSION: 396f5b1c8a1SJohn Marino str_version = "SSL 2.0"; 397f5b1c8a1SJohn Marino break; 398f5b1c8a1SJohn Marino case SSL3_VERSION: 399f5b1c8a1SJohn Marino str_version = "SSL 3.0 "; 400f5b1c8a1SJohn Marino break; 401f5b1c8a1SJohn Marino case TLS1_VERSION: 402f5b1c8a1SJohn Marino str_version = "TLS 1.0 "; 403f5b1c8a1SJohn Marino break; 404f5b1c8a1SJohn Marino case TLS1_1_VERSION: 405f5b1c8a1SJohn Marino str_version = "TLS 1.1 "; 406f5b1c8a1SJohn Marino break; 407f5b1c8a1SJohn Marino case TLS1_2_VERSION: 408f5b1c8a1SJohn Marino str_version = "TLS 1.2 "; 409f5b1c8a1SJohn Marino break; 410*cca6fc52SDaniel Fojt case TLS1_3_VERSION: 411*cca6fc52SDaniel Fojt str_version = "TLS 1.3 "; 412*cca6fc52SDaniel Fojt break; 413f5b1c8a1SJohn Marino case DTLS1_VERSION: 414f5b1c8a1SJohn Marino str_version = "DTLS 1.0 "; 415f5b1c8a1SJohn Marino break; 416f5b1c8a1SJohn Marino default: 417f5b1c8a1SJohn Marino str_version = "???"; 418f5b1c8a1SJohn Marino } 419f5b1c8a1SJohn Marino 420f5b1c8a1SJohn Marino if (version == SSL2_VERSION) { 421f5b1c8a1SJohn Marino str_details1 = "???"; 422f5b1c8a1SJohn Marino 423f5b1c8a1SJohn Marino if (len > 0) { 424*cca6fc52SDaniel Fojt /* XXX magic numbers */ 425f5b1c8a1SJohn Marino switch (((const unsigned char *) buf)[0]) { 426f5b1c8a1SJohn Marino case 0: 427f5b1c8a1SJohn Marino str_details1 = ", ERROR:"; 428f5b1c8a1SJohn Marino str_details2 = " ???"; 429f5b1c8a1SJohn Marino if (len >= 3) { 430f5b1c8a1SJohn Marino unsigned err = (((const unsigned char *) buf)[1] << 8) + ((const unsigned char *) buf)[2]; 431f5b1c8a1SJohn Marino 432f5b1c8a1SJohn Marino switch (err) { 433f5b1c8a1SJohn Marino case 0x0001: 434f5b1c8a1SJohn Marino str_details2 = " NO-CIPHER-ERROR"; 435f5b1c8a1SJohn Marino break; 436f5b1c8a1SJohn Marino case 0x0002: 437f5b1c8a1SJohn Marino str_details2 = " NO-CERTIFICATE-ERROR"; 438f5b1c8a1SJohn Marino break; 439f5b1c8a1SJohn Marino case 0x0004: 440f5b1c8a1SJohn Marino str_details2 = " BAD-CERTIFICATE-ERROR"; 441f5b1c8a1SJohn Marino break; 442f5b1c8a1SJohn Marino case 0x0006: 443f5b1c8a1SJohn Marino str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR"; 444f5b1c8a1SJohn Marino break; 445f5b1c8a1SJohn Marino } 446f5b1c8a1SJohn Marino } 447f5b1c8a1SJohn Marino break; 448f5b1c8a1SJohn Marino case 1: 449f5b1c8a1SJohn Marino str_details1 = ", CLIENT-HELLO"; 450f5b1c8a1SJohn Marino break; 451f5b1c8a1SJohn Marino case 2: 452f5b1c8a1SJohn Marino str_details1 = ", CLIENT-MASTER-KEY"; 453f5b1c8a1SJohn Marino break; 454f5b1c8a1SJohn Marino case 3: 455f5b1c8a1SJohn Marino str_details1 = ", CLIENT-FINISHED"; 456f5b1c8a1SJohn Marino break; 457f5b1c8a1SJohn Marino case 4: 458f5b1c8a1SJohn Marino str_details1 = ", SERVER-HELLO"; 459f5b1c8a1SJohn Marino break; 460f5b1c8a1SJohn Marino case 5: 461f5b1c8a1SJohn Marino str_details1 = ", SERVER-VERIFY"; 462f5b1c8a1SJohn Marino break; 463f5b1c8a1SJohn Marino case 6: 464f5b1c8a1SJohn Marino str_details1 = ", SERVER-FINISHED"; 465f5b1c8a1SJohn Marino break; 466f5b1c8a1SJohn Marino case 7: 467f5b1c8a1SJohn Marino str_details1 = ", REQUEST-CERTIFICATE"; 468f5b1c8a1SJohn Marino break; 469f5b1c8a1SJohn Marino case 8: 470f5b1c8a1SJohn Marino str_details1 = ", CLIENT-CERTIFICATE"; 471f5b1c8a1SJohn Marino break; 472f5b1c8a1SJohn Marino } 473f5b1c8a1SJohn Marino } 474f5b1c8a1SJohn Marino } 475f5b1c8a1SJohn Marino if (version == SSL3_VERSION || version == TLS1_VERSION || 476f5b1c8a1SJohn Marino version == TLS1_1_VERSION || version == TLS1_2_VERSION || 477*cca6fc52SDaniel Fojt version == TLS1_3_VERSION || version == DTLS1_VERSION) { 478*cca6fc52SDaniel Fojt /* XXX magic numbers are in ssl3.h */ 479f5b1c8a1SJohn Marino switch (content_type) { 480f5b1c8a1SJohn Marino case 20: 481f5b1c8a1SJohn Marino str_content_type = "ChangeCipherSpec"; 482f5b1c8a1SJohn Marino break; 483f5b1c8a1SJohn Marino case 21: 484f5b1c8a1SJohn Marino str_content_type = "Alert"; 485f5b1c8a1SJohn Marino break; 486f5b1c8a1SJohn Marino case 22: 487f5b1c8a1SJohn Marino str_content_type = "Handshake"; 488f5b1c8a1SJohn Marino break; 489f5b1c8a1SJohn Marino } 490f5b1c8a1SJohn Marino 491f5b1c8a1SJohn Marino if (content_type == 21) { /* Alert */ 492f5b1c8a1SJohn Marino str_details1 = ", ???"; 493f5b1c8a1SJohn Marino 494f5b1c8a1SJohn Marino if (len == 2) { 495f5b1c8a1SJohn Marino switch (((const unsigned char *) buf)[0]) { 496f5b1c8a1SJohn Marino case 1: 497f5b1c8a1SJohn Marino str_details1 = ", warning"; 498f5b1c8a1SJohn Marino break; 499f5b1c8a1SJohn Marino case 2: 500f5b1c8a1SJohn Marino str_details1 = ", fatal"; 501f5b1c8a1SJohn Marino break; 502f5b1c8a1SJohn Marino } 503f5b1c8a1SJohn Marino 504f5b1c8a1SJohn Marino str_details2 = " ???"; 505f5b1c8a1SJohn Marino switch (((const unsigned char *) buf)[1]) { 506f5b1c8a1SJohn Marino case 0: 507f5b1c8a1SJohn Marino str_details2 = " close_notify"; 508f5b1c8a1SJohn Marino break; 509f5b1c8a1SJohn Marino case 10: 510f5b1c8a1SJohn Marino str_details2 = " unexpected_message"; 511f5b1c8a1SJohn Marino break; 512f5b1c8a1SJohn Marino case 20: 513f5b1c8a1SJohn Marino str_details2 = " bad_record_mac"; 514f5b1c8a1SJohn Marino break; 515f5b1c8a1SJohn Marino case 21: 516f5b1c8a1SJohn Marino str_details2 = " decryption_failed"; 517f5b1c8a1SJohn Marino break; 518f5b1c8a1SJohn Marino case 22: 519f5b1c8a1SJohn Marino str_details2 = " record_overflow"; 520f5b1c8a1SJohn Marino break; 521f5b1c8a1SJohn Marino case 30: 522f5b1c8a1SJohn Marino str_details2 = " decompression_failure"; 523f5b1c8a1SJohn Marino break; 524f5b1c8a1SJohn Marino case 40: 525f5b1c8a1SJohn Marino str_details2 = " handshake_failure"; 526f5b1c8a1SJohn Marino break; 527f5b1c8a1SJohn Marino case 42: 528f5b1c8a1SJohn Marino str_details2 = " bad_certificate"; 529f5b1c8a1SJohn Marino break; 530f5b1c8a1SJohn Marino case 43: 531f5b1c8a1SJohn Marino str_details2 = " unsupported_certificate"; 532f5b1c8a1SJohn Marino break; 533f5b1c8a1SJohn Marino case 44: 534f5b1c8a1SJohn Marino str_details2 = " certificate_revoked"; 535f5b1c8a1SJohn Marino break; 536f5b1c8a1SJohn Marino case 45: 537f5b1c8a1SJohn Marino str_details2 = " certificate_expired"; 538f5b1c8a1SJohn Marino break; 539f5b1c8a1SJohn Marino case 46: 540f5b1c8a1SJohn Marino str_details2 = " certificate_unknown"; 541f5b1c8a1SJohn Marino break; 542f5b1c8a1SJohn Marino case 47: 543f5b1c8a1SJohn Marino str_details2 = " illegal_parameter"; 544f5b1c8a1SJohn Marino break; 545f5b1c8a1SJohn Marino case 48: 546f5b1c8a1SJohn Marino str_details2 = " unknown_ca"; 547f5b1c8a1SJohn Marino break; 548f5b1c8a1SJohn Marino case 49: 549f5b1c8a1SJohn Marino str_details2 = " access_denied"; 550f5b1c8a1SJohn Marino break; 551f5b1c8a1SJohn Marino case 50: 552f5b1c8a1SJohn Marino str_details2 = " decode_error"; 553f5b1c8a1SJohn Marino break; 554f5b1c8a1SJohn Marino case 51: 555f5b1c8a1SJohn Marino str_details2 = " decrypt_error"; 556f5b1c8a1SJohn Marino break; 557f5b1c8a1SJohn Marino case 60: 558f5b1c8a1SJohn Marino str_details2 = " export_restriction"; 559f5b1c8a1SJohn Marino break; 560f5b1c8a1SJohn Marino case 70: 561f5b1c8a1SJohn Marino str_details2 = " protocol_version"; 562f5b1c8a1SJohn Marino break; 563f5b1c8a1SJohn Marino case 71: 564f5b1c8a1SJohn Marino str_details2 = " insufficient_security"; 565f5b1c8a1SJohn Marino break; 566f5b1c8a1SJohn Marino case 80: 567f5b1c8a1SJohn Marino str_details2 = " internal_error"; 568f5b1c8a1SJohn Marino break; 569f5b1c8a1SJohn Marino case 90: 570f5b1c8a1SJohn Marino str_details2 = " user_canceled"; 571f5b1c8a1SJohn Marino break; 572f5b1c8a1SJohn Marino case 100: 573f5b1c8a1SJohn Marino str_details2 = " no_renegotiation"; 574f5b1c8a1SJohn Marino break; 575f5b1c8a1SJohn Marino case 110: 576f5b1c8a1SJohn Marino str_details2 = " unsupported_extension"; 577f5b1c8a1SJohn Marino break; 578f5b1c8a1SJohn Marino case 111: 579f5b1c8a1SJohn Marino str_details2 = " certificate_unobtainable"; 580f5b1c8a1SJohn Marino break; 581f5b1c8a1SJohn Marino case 112: 582f5b1c8a1SJohn Marino str_details2 = " unrecognized_name"; 583f5b1c8a1SJohn Marino break; 584f5b1c8a1SJohn Marino case 113: 585f5b1c8a1SJohn Marino str_details2 = " bad_certificate_status_response"; 586f5b1c8a1SJohn Marino break; 587f5b1c8a1SJohn Marino case 114: 588f5b1c8a1SJohn Marino str_details2 = " bad_certificate_hash_value"; 589f5b1c8a1SJohn Marino break; 590f5b1c8a1SJohn Marino case 115: 591f5b1c8a1SJohn Marino str_details2 = " unknown_psk_identity"; 592f5b1c8a1SJohn Marino break; 593f5b1c8a1SJohn Marino } 594f5b1c8a1SJohn Marino } 595f5b1c8a1SJohn Marino } 596f5b1c8a1SJohn Marino if (content_type == 22) { /* Handshake */ 597f5b1c8a1SJohn Marino str_details1 = "???"; 598f5b1c8a1SJohn Marino 599f5b1c8a1SJohn Marino if (len > 0) { 600f5b1c8a1SJohn Marino switch (((const unsigned char *) buf)[0]) { 601f5b1c8a1SJohn Marino case 0: 602f5b1c8a1SJohn Marino str_details1 = ", HelloRequest"; 603f5b1c8a1SJohn Marino break; 604f5b1c8a1SJohn Marino case 1: 605f5b1c8a1SJohn Marino str_details1 = ", ClientHello"; 606f5b1c8a1SJohn Marino break; 607f5b1c8a1SJohn Marino case 2: 608f5b1c8a1SJohn Marino str_details1 = ", ServerHello"; 609f5b1c8a1SJohn Marino break; 610f5b1c8a1SJohn Marino case 3: 611f5b1c8a1SJohn Marino str_details1 = ", HelloVerifyRequest"; 612f5b1c8a1SJohn Marino break; 613*cca6fc52SDaniel Fojt case 4: 614*cca6fc52SDaniel Fojt str_details1 = ", NewSessionTicket"; 615*cca6fc52SDaniel Fojt break; 616*cca6fc52SDaniel Fojt case 5: 617*cca6fc52SDaniel Fojt str_details1 = ", EndOfEarlyData"; 618*cca6fc52SDaniel Fojt break; 619*cca6fc52SDaniel Fojt case 8: 620*cca6fc52SDaniel Fojt str_details1 = ", EncryptedExtensions"; 621*cca6fc52SDaniel Fojt break; 622f5b1c8a1SJohn Marino case 11: 623f5b1c8a1SJohn Marino str_details1 = ", Certificate"; 624f5b1c8a1SJohn Marino break; 625f5b1c8a1SJohn Marino case 12: 626f5b1c8a1SJohn Marino str_details1 = ", ServerKeyExchange"; 627f5b1c8a1SJohn Marino break; 628f5b1c8a1SJohn Marino case 13: 629f5b1c8a1SJohn Marino str_details1 = ", CertificateRequest"; 630f5b1c8a1SJohn Marino break; 631f5b1c8a1SJohn Marino case 14: 632f5b1c8a1SJohn Marino str_details1 = ", ServerHelloDone"; 633f5b1c8a1SJohn Marino break; 634f5b1c8a1SJohn Marino case 15: 635f5b1c8a1SJohn Marino str_details1 = ", CertificateVerify"; 636f5b1c8a1SJohn Marino break; 637f5b1c8a1SJohn Marino case 16: 638f5b1c8a1SJohn Marino str_details1 = ", ClientKeyExchange"; 639f5b1c8a1SJohn Marino break; 640f5b1c8a1SJohn Marino case 20: 641f5b1c8a1SJohn Marino str_details1 = ", Finished"; 642f5b1c8a1SJohn Marino break; 643*cca6fc52SDaniel Fojt case 24: 644*cca6fc52SDaniel Fojt str_details1 = ", KeyUpdate"; 645*cca6fc52SDaniel Fojt break; 646f5b1c8a1SJohn Marino } 647f5b1c8a1SJohn Marino } 648f5b1c8a1SJohn Marino } 649f5b1c8a1SJohn Marino } 650f5b1c8a1SJohn Marino BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, 651f5b1c8a1SJohn Marino str_version, str_content_type, (unsigned long) len, 652f5b1c8a1SJohn Marino str_details1, str_details2); 653f5b1c8a1SJohn Marino 654f5b1c8a1SJohn Marino if (len > 0) { 655f5b1c8a1SJohn Marino size_t num, i; 656f5b1c8a1SJohn Marino 657f5b1c8a1SJohn Marino BIO_printf(bio, " "); 658f5b1c8a1SJohn Marino num = len; 659f5b1c8a1SJohn Marino 660f5b1c8a1SJohn Marino for (i = 0; i < num; i++) { 661f5b1c8a1SJohn Marino if (i % 16 == 0 && i > 0) 662f5b1c8a1SJohn Marino BIO_printf(bio, "\n "); 663f5b1c8a1SJohn Marino BIO_printf(bio, " %02x", 664f5b1c8a1SJohn Marino ((const unsigned char *) buf)[i]); 665f5b1c8a1SJohn Marino } 666f5b1c8a1SJohn Marino if (i < len) 667f5b1c8a1SJohn Marino BIO_printf(bio, " ..."); 668f5b1c8a1SJohn Marino BIO_printf(bio, "\n"); 669f5b1c8a1SJohn Marino } 670f5b1c8a1SJohn Marino (void) BIO_flush(bio); 671f5b1c8a1SJohn Marino } 672f5b1c8a1SJohn Marino 673f5b1c8a1SJohn Marino void 674f5b1c8a1SJohn Marino tlsext_cb(SSL * s, int client_server, int type, unsigned char *data, int len, 675f5b1c8a1SJohn Marino void *arg) 676f5b1c8a1SJohn Marino { 677f5b1c8a1SJohn Marino BIO *bio = arg; 678f5b1c8a1SJohn Marino char *extname; 679f5b1c8a1SJohn Marino 680f5b1c8a1SJohn Marino switch (type) { 681f5b1c8a1SJohn Marino case TLSEXT_TYPE_server_name: 682f5b1c8a1SJohn Marino extname = "server name"; 683f5b1c8a1SJohn Marino break; 684f5b1c8a1SJohn Marino 685f5b1c8a1SJohn Marino case TLSEXT_TYPE_max_fragment_length: 686f5b1c8a1SJohn Marino extname = "max fragment length"; 687f5b1c8a1SJohn Marino break; 688f5b1c8a1SJohn Marino 689f5b1c8a1SJohn Marino case TLSEXT_TYPE_client_certificate_url: 690f5b1c8a1SJohn Marino extname = "client certificate URL"; 691f5b1c8a1SJohn Marino break; 692f5b1c8a1SJohn Marino 693f5b1c8a1SJohn Marino case TLSEXT_TYPE_trusted_ca_keys: 694f5b1c8a1SJohn Marino extname = "trusted CA keys"; 695f5b1c8a1SJohn Marino break; 696f5b1c8a1SJohn Marino 697f5b1c8a1SJohn Marino case TLSEXT_TYPE_truncated_hmac: 698f5b1c8a1SJohn Marino extname = "truncated HMAC"; 699f5b1c8a1SJohn Marino break; 700f5b1c8a1SJohn Marino 701f5b1c8a1SJohn Marino case TLSEXT_TYPE_status_request: 702f5b1c8a1SJohn Marino extname = "status request"; 703f5b1c8a1SJohn Marino break; 704f5b1c8a1SJohn Marino 705f5b1c8a1SJohn Marino case TLSEXT_TYPE_user_mapping: 706f5b1c8a1SJohn Marino extname = "user mapping"; 707f5b1c8a1SJohn Marino break; 708f5b1c8a1SJohn Marino 709f5b1c8a1SJohn Marino case TLSEXT_TYPE_client_authz: 710f5b1c8a1SJohn Marino extname = "client authz"; 711f5b1c8a1SJohn Marino break; 712f5b1c8a1SJohn Marino 713f5b1c8a1SJohn Marino case TLSEXT_TYPE_server_authz: 714f5b1c8a1SJohn Marino extname = "server authz"; 715f5b1c8a1SJohn Marino break; 716f5b1c8a1SJohn Marino 717f5b1c8a1SJohn Marino case TLSEXT_TYPE_cert_type: 718f5b1c8a1SJohn Marino extname = "cert type"; 719f5b1c8a1SJohn Marino break; 720f5b1c8a1SJohn Marino 72172c33676SMaxim Ag case TLSEXT_TYPE_supported_groups: 72272c33676SMaxim Ag extname = "supported groups"; 723f5b1c8a1SJohn Marino break; 724f5b1c8a1SJohn Marino 725f5b1c8a1SJohn Marino case TLSEXT_TYPE_ec_point_formats: 726f5b1c8a1SJohn Marino extname = "EC point formats"; 727f5b1c8a1SJohn Marino break; 728f5b1c8a1SJohn Marino 729f5b1c8a1SJohn Marino case TLSEXT_TYPE_srp: 730f5b1c8a1SJohn Marino extname = "SRP"; 731f5b1c8a1SJohn Marino break; 732f5b1c8a1SJohn Marino 733f5b1c8a1SJohn Marino case TLSEXT_TYPE_signature_algorithms: 734f5b1c8a1SJohn Marino extname = "signature algorithms"; 735f5b1c8a1SJohn Marino break; 736f5b1c8a1SJohn Marino 737f5b1c8a1SJohn Marino case TLSEXT_TYPE_use_srtp: 738f5b1c8a1SJohn Marino extname = "use SRTP"; 739f5b1c8a1SJohn Marino break; 740f5b1c8a1SJohn Marino 741f5b1c8a1SJohn Marino case TLSEXT_TYPE_heartbeat: 742f5b1c8a1SJohn Marino extname = "heartbeat"; 743f5b1c8a1SJohn Marino break; 744f5b1c8a1SJohn Marino 74572c33676SMaxim Ag case TLSEXT_TYPE_application_layer_protocol_negotiation: 74672c33676SMaxim Ag extname = "application layer protocol negotiation"; 747f5b1c8a1SJohn Marino break; 74872c33676SMaxim Ag 74972c33676SMaxim Ag case TLSEXT_TYPE_padding: 75072c33676SMaxim Ag extname = "TLS padding"; 75172c33676SMaxim Ag break; 752f5b1c8a1SJohn Marino 753*cca6fc52SDaniel Fojt case TLSEXT_TYPE_session_ticket: 754*cca6fc52SDaniel Fojt extname = "session ticket"; 755*cca6fc52SDaniel Fojt break; 756*cca6fc52SDaniel Fojt 757*cca6fc52SDaniel Fojt #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) 758*cca6fc52SDaniel Fojt case TLSEXT_TYPE_pre_shared_key: 759*cca6fc52SDaniel Fojt extname = "pre shared key"; 760*cca6fc52SDaniel Fojt break; 761*cca6fc52SDaniel Fojt 762*cca6fc52SDaniel Fojt case TLSEXT_TYPE_early_data: 763*cca6fc52SDaniel Fojt extname = "early data"; 764*cca6fc52SDaniel Fojt break; 765*cca6fc52SDaniel Fojt 766*cca6fc52SDaniel Fojt case TLSEXT_TYPE_supported_versions: 767*cca6fc52SDaniel Fojt extname = "supported versions"; 768*cca6fc52SDaniel Fojt break; 769*cca6fc52SDaniel Fojt 770*cca6fc52SDaniel Fojt case TLSEXT_TYPE_cookie: 771*cca6fc52SDaniel Fojt extname = "cookie"; 772*cca6fc52SDaniel Fojt break; 773*cca6fc52SDaniel Fojt 774*cca6fc52SDaniel Fojt case TLSEXT_TYPE_psk_key_exchange_modes: 775*cca6fc52SDaniel Fojt extname = "PSK key exchange modes"; 776*cca6fc52SDaniel Fojt break; 777*cca6fc52SDaniel Fojt 778*cca6fc52SDaniel Fojt case TLSEXT_TYPE_certificate_authorities: 779*cca6fc52SDaniel Fojt extname = "certificate authorities"; 780*cca6fc52SDaniel Fojt break; 781*cca6fc52SDaniel Fojt 782*cca6fc52SDaniel Fojt case TLSEXT_TYPE_oid_filters: 783*cca6fc52SDaniel Fojt extname = "OID filters"; 784*cca6fc52SDaniel Fojt break; 785*cca6fc52SDaniel Fojt 786*cca6fc52SDaniel Fojt case TLSEXT_TYPE_post_handshake_auth: 787*cca6fc52SDaniel Fojt extname = "post handshake auth"; 788*cca6fc52SDaniel Fojt break; 789*cca6fc52SDaniel Fojt 790*cca6fc52SDaniel Fojt case TLSEXT_TYPE_signature_algorithms_cert: 791*cca6fc52SDaniel Fojt extname = "signature algorithms cert"; 792*cca6fc52SDaniel Fojt break; 793*cca6fc52SDaniel Fojt 794*cca6fc52SDaniel Fojt case TLSEXT_TYPE_key_share: 795*cca6fc52SDaniel Fojt extname = "key share"; 796*cca6fc52SDaniel Fojt break; 797*cca6fc52SDaniel Fojt #endif 798*cca6fc52SDaniel Fojt 799*cca6fc52SDaniel Fojt case TLSEXT_TYPE_renegotiate: 800*cca6fc52SDaniel Fojt extname = "renegotiation info"; 801*cca6fc52SDaniel Fojt break; 802*cca6fc52SDaniel Fojt 803f5b1c8a1SJohn Marino default: 804f5b1c8a1SJohn Marino extname = "unknown"; 805f5b1c8a1SJohn Marino break; 806f5b1c8a1SJohn Marino 807f5b1c8a1SJohn Marino } 808f5b1c8a1SJohn Marino 809f5b1c8a1SJohn Marino BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n", 810f5b1c8a1SJohn Marino client_server ? "server" : "client", extname, type, len); 811f5b1c8a1SJohn Marino BIO_dump(bio, (char *) data, len); 812f5b1c8a1SJohn Marino (void) BIO_flush(bio); 813f5b1c8a1SJohn Marino } 814f5b1c8a1SJohn Marino 815f5b1c8a1SJohn Marino int 816f5b1c8a1SJohn Marino generate_cookie_callback(SSL * ssl, unsigned char *cookie, 817f5b1c8a1SJohn Marino unsigned int *cookie_len) 818f5b1c8a1SJohn Marino { 819f5b1c8a1SJohn Marino unsigned char *buffer, result[EVP_MAX_MD_SIZE]; 820f5b1c8a1SJohn Marino unsigned int length, resultlength; 821f5b1c8a1SJohn Marino union { 822f5b1c8a1SJohn Marino struct sockaddr sa; 823f5b1c8a1SJohn Marino struct sockaddr_in s4; 824f5b1c8a1SJohn Marino struct sockaddr_in6 s6; 825f5b1c8a1SJohn Marino } peer; 826f5b1c8a1SJohn Marino 827f5b1c8a1SJohn Marino /* Initialize a random secret */ 828f5b1c8a1SJohn Marino if (!cookie_initialized) { 829f5b1c8a1SJohn Marino arc4random_buf(cookie_secret, COOKIE_SECRET_LENGTH); 830f5b1c8a1SJohn Marino cookie_initialized = 1; 831f5b1c8a1SJohn Marino } 832f5b1c8a1SJohn Marino /* Read peer information */ 833f5b1c8a1SJohn Marino (void) BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); 834f5b1c8a1SJohn Marino 835f5b1c8a1SJohn Marino /* Create buffer with peer's address and port */ 836f5b1c8a1SJohn Marino length = 0; 837f5b1c8a1SJohn Marino switch (peer.sa.sa_family) { 838f5b1c8a1SJohn Marino case AF_INET: 839f5b1c8a1SJohn Marino length += sizeof(struct in_addr); 840f5b1c8a1SJohn Marino length += sizeof(peer.s4.sin_port); 841f5b1c8a1SJohn Marino break; 842f5b1c8a1SJohn Marino case AF_INET6: 843f5b1c8a1SJohn Marino length += sizeof(struct in6_addr); 844f5b1c8a1SJohn Marino length += sizeof(peer.s6.sin6_port); 845f5b1c8a1SJohn Marino break; 846f5b1c8a1SJohn Marino default: 847f5b1c8a1SJohn Marino OPENSSL_assert(0); 848f5b1c8a1SJohn Marino break; 849f5b1c8a1SJohn Marino } 850f5b1c8a1SJohn Marino buffer = malloc(length); 851f5b1c8a1SJohn Marino 852f5b1c8a1SJohn Marino if (buffer == NULL) { 853f5b1c8a1SJohn Marino BIO_printf(bio_err, "out of memory\n"); 854f5b1c8a1SJohn Marino return 0; 855f5b1c8a1SJohn Marino } 856f5b1c8a1SJohn Marino switch (peer.sa.sa_family) { 857f5b1c8a1SJohn Marino case AF_INET: 858f5b1c8a1SJohn Marino memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port)); 859f5b1c8a1SJohn Marino memcpy(buffer + sizeof(peer.s4.sin_port), 860f5b1c8a1SJohn Marino &peer.s4.sin_addr, sizeof(struct in_addr)); 861f5b1c8a1SJohn Marino break; 862f5b1c8a1SJohn Marino case AF_INET6: 863f5b1c8a1SJohn Marino memcpy(buffer, &peer.s6.sin6_port, sizeof(peer.s6.sin6_port)); 864f5b1c8a1SJohn Marino memcpy(buffer + sizeof(peer.s6.sin6_port), 865f5b1c8a1SJohn Marino &peer.s6.sin6_addr, sizeof(struct in6_addr)); 866f5b1c8a1SJohn Marino break; 867f5b1c8a1SJohn Marino default: 868f5b1c8a1SJohn Marino OPENSSL_assert(0); 869f5b1c8a1SJohn Marino break; 870f5b1c8a1SJohn Marino } 871f5b1c8a1SJohn Marino 872f5b1c8a1SJohn Marino /* Calculate HMAC of buffer using the secret */ 873f5b1c8a1SJohn Marino HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, 874f5b1c8a1SJohn Marino buffer, length, result, &resultlength); 875f5b1c8a1SJohn Marino free(buffer); 876f5b1c8a1SJohn Marino 877f5b1c8a1SJohn Marino memcpy(cookie, result, resultlength); 878f5b1c8a1SJohn Marino *cookie_len = resultlength; 879f5b1c8a1SJohn Marino 880f5b1c8a1SJohn Marino return 1; 881f5b1c8a1SJohn Marino } 882f5b1c8a1SJohn Marino 883f5b1c8a1SJohn Marino int 88472c33676SMaxim Ag verify_cookie_callback(SSL * ssl, const unsigned char *cookie, 88572c33676SMaxim Ag unsigned int cookie_len) 886f5b1c8a1SJohn Marino { 887f5b1c8a1SJohn Marino unsigned char *buffer, result[EVP_MAX_MD_SIZE]; 888f5b1c8a1SJohn Marino unsigned int length, resultlength; 889f5b1c8a1SJohn Marino union { 890f5b1c8a1SJohn Marino struct sockaddr sa; 891f5b1c8a1SJohn Marino struct sockaddr_in s4; 892f5b1c8a1SJohn Marino struct sockaddr_in6 s6; 893f5b1c8a1SJohn Marino } peer; 894f5b1c8a1SJohn Marino 895f5b1c8a1SJohn Marino /* If secret isn't initialized yet, the cookie can't be valid */ 896f5b1c8a1SJohn Marino if (!cookie_initialized) 897f5b1c8a1SJohn Marino return 0; 898f5b1c8a1SJohn Marino 899f5b1c8a1SJohn Marino /* Read peer information */ 900f5b1c8a1SJohn Marino (void) BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); 901f5b1c8a1SJohn Marino 902f5b1c8a1SJohn Marino /* Create buffer with peer's address and port */ 903f5b1c8a1SJohn Marino length = 0; 904f5b1c8a1SJohn Marino switch (peer.sa.sa_family) { 905f5b1c8a1SJohn Marino case AF_INET: 906f5b1c8a1SJohn Marino length += sizeof(struct in_addr); 907f5b1c8a1SJohn Marino length += sizeof(peer.s4.sin_port); 908f5b1c8a1SJohn Marino break; 909f5b1c8a1SJohn Marino case AF_INET6: 910f5b1c8a1SJohn Marino length += sizeof(struct in6_addr); 911f5b1c8a1SJohn Marino length += sizeof(peer.s6.sin6_port); 912f5b1c8a1SJohn Marino break; 913f5b1c8a1SJohn Marino default: 914f5b1c8a1SJohn Marino OPENSSL_assert(0); 915f5b1c8a1SJohn Marino break; 916f5b1c8a1SJohn Marino } 917f5b1c8a1SJohn Marino buffer = malloc(length); 918f5b1c8a1SJohn Marino 919f5b1c8a1SJohn Marino if (buffer == NULL) { 920f5b1c8a1SJohn Marino BIO_printf(bio_err, "out of memory\n"); 921f5b1c8a1SJohn Marino return 0; 922f5b1c8a1SJohn Marino } 923f5b1c8a1SJohn Marino switch (peer.sa.sa_family) { 924f5b1c8a1SJohn Marino case AF_INET: 925f5b1c8a1SJohn Marino memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port)); 926f5b1c8a1SJohn Marino memcpy(buffer + sizeof(peer.s4.sin_port), 927f5b1c8a1SJohn Marino &peer.s4.sin_addr, sizeof(struct in_addr)); 928f5b1c8a1SJohn Marino break; 929f5b1c8a1SJohn Marino case AF_INET6: 930f5b1c8a1SJohn Marino memcpy(buffer, &peer.s6.sin6_port, sizeof(peer.s6.sin6_port)); 931f5b1c8a1SJohn Marino memcpy(buffer + sizeof(peer.s6.sin6_port), 932f5b1c8a1SJohn Marino &peer.s6.sin6_addr, sizeof(struct in6_addr)); 933f5b1c8a1SJohn Marino break; 934f5b1c8a1SJohn Marino default: 935f5b1c8a1SJohn Marino OPENSSL_assert(0); 936f5b1c8a1SJohn Marino break; 937f5b1c8a1SJohn Marino } 938f5b1c8a1SJohn Marino 939f5b1c8a1SJohn Marino /* Calculate HMAC of buffer using the secret */ 940f5b1c8a1SJohn Marino HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, 941f5b1c8a1SJohn Marino buffer, length, result, &resultlength); 942f5b1c8a1SJohn Marino free(buffer); 943f5b1c8a1SJohn Marino 944f5b1c8a1SJohn Marino if (cookie_len == resultlength && 945f5b1c8a1SJohn Marino memcmp(result, cookie, resultlength) == 0) 946f5b1c8a1SJohn Marino return 1; 947f5b1c8a1SJohn Marino 948f5b1c8a1SJohn Marino return 0; 949f5b1c8a1SJohn Marino } 950