| s_cb.c (194206) | s_cb.c (205128) |
|---|---|
| 1/* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * --- 103 unchanged lines hidden (view full) --- 112#include <stdio.h> 113#include <stdlib.h> 114#define USE_SOCKETS 115#define NON_MAIN 116#include "apps.h" 117#undef NON_MAIN 118#undef USE_SOCKETS 119#include <openssl/err.h> | 1/* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * --- 103 unchanged lines hidden (view full) --- 112#include <stdio.h> 113#include <stdlib.h> 114#define USE_SOCKETS 115#define NON_MAIN 116#include "apps.h" 117#undef NON_MAIN 118#undef USE_SOCKETS 119#include <openssl/err.h> |
| 120#include <openssl/rand.h> |
|
| 120#include <openssl/x509.h> 121#include <openssl/ssl.h> 122#include "s_apps.h" 123 | 121#include <openssl/x509.h> 122#include <openssl/ssl.h> 123#include "s_apps.h" 124 |
| 125#define COOKIE_SECRET_LENGTH 16 126 |
|
| 124int verify_depth=0; 125int verify_error=X509_V_OK; | 127int verify_depth=0; 128int verify_error=X509_V_OK; |
| 129unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; 130int cookie_initialized=0; |
|
| 126 127int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) 128 { 129 char buf[256]; 130 X509 *err_cert; 131 int err,depth; 132 133 err_cert=X509_STORE_CTX_get_current_cert(ctx); --- 199 unchanged lines hidden (view full) --- 333 case SSL3_VERSION: 334 str_version = "SSL 3.0 "; 335 break; 336 case TLS1_VERSION: 337 str_version = "TLS 1.0 "; 338 break; 339 default: 340 str_version = "???"; | 131 132int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) 133 { 134 char buf[256]; 135 X509 *err_cert; 136 int err,depth; 137 138 err_cert=X509_STORE_CTX_get_current_cert(ctx); --- 199 unchanged lines hidden (view full) --- 338 case SSL3_VERSION: 339 str_version = "SSL 3.0 "; 340 break; 341 case TLS1_VERSION: 342 str_version = "TLS 1.0 "; 343 break; 344 default: 345 str_version = "???"; |
| 346 case DTLS1_VERSION: 347 str_version = "DTLS 1.0 "; 348 break; 349 case DTLS1_BAD_VER: 350 str_version = "DTLS 1.0 (bad) "; 351 break; |
|
| 341 } 342 343 if (version == SSL2_VERSION) 344 { 345 str_details1 = "???"; 346 347 if (len > 0) 348 { --- 47 unchanged lines hidden (view full) --- 396 break; 397 case 8: 398 str_details1 = ", CLIENT-CERTIFICATE"; 399 break; 400 } 401 } 402 } 403 | 352 } 353 354 if (version == SSL2_VERSION) 355 { 356 str_details1 = "???"; 357 358 if (len > 0) 359 { --- 47 unchanged lines hidden (view full) --- 407 break; 408 case 8: 409 str_details1 = ", CLIENT-CERTIFICATE"; 410 break; 411 } 412 } 413 } 414 |
| 404 if (version == SSL3_VERSION || version == TLS1_VERSION) | 415 if (version == SSL3_VERSION || 416 version == TLS1_VERSION || 417 version == DTLS1_VERSION || 418 version == DTLS1_BAD_VER) |
| 405 { 406 switch (content_type) 407 { 408 case 20: 409 str_content_type = "ChangeCipherSpec"; 410 break; 411 case 21: 412 str_content_type = "Alert"; --- 122 unchanged lines hidden (view full) --- 535 str_details1 = ", CertificateRequest"; 536 break; 537 case 14: 538 str_details1 = ", ServerHelloDone"; 539 break; 540 case 15: 541 str_details1 = ", CertificateVerify"; 542 break; | 419 { 420 switch (content_type) 421 { 422 case 20: 423 str_content_type = "ChangeCipherSpec"; 424 break; 425 case 21: 426 str_content_type = "Alert"; --- 122 unchanged lines hidden (view full) --- 549 str_details1 = ", CertificateRequest"; 550 break; 551 case 14: 552 str_details1 = ", ServerHelloDone"; 553 break; 554 case 15: 555 str_details1 = ", CertificateVerify"; 556 break; |
| 557 case 3: 558 str_details1 = ", HelloVerifyRequest"; 559 break; |
|
| 543 case 16: 544 str_details1 = ", ClientKeyExchange"; 545 break; 546 case 20: 547 str_details1 = ", Finished"; 548 break; 549 } 550 } --- 65 unchanged lines hidden (view full) --- 616 case TLSEXT_TYPE_ec_point_formats: 617 extname = "EC point formats"; 618 break; 619 620 case TLSEXT_TYPE_session_ticket: 621 extname = "server ticket"; 622 break; 623 | 560 case 16: 561 str_details1 = ", ClientKeyExchange"; 562 break; 563 case 20: 564 str_details1 = ", Finished"; 565 break; 566 } 567 } --- 65 unchanged lines hidden (view full) --- 633 case TLSEXT_TYPE_ec_point_formats: 634 extname = "EC point formats"; 635 break; 636 637 case TLSEXT_TYPE_session_ticket: 638 extname = "server ticket"; 639 break; 640 |
| 641 case TLSEXT_TYPE_renegotiate: 642 extname = "renegotiate"; 643 break; |
|
| 624 625 default: 626 extname = "unknown"; 627 break; 628 629 } 630 631 BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n", 632 client_server ? "server": "client", 633 extname, type, len); 634 BIO_dump(bio, (char *)data, len); 635 (void)BIO_flush(bio); 636 } | 644 645 default: 646 extname = "unknown"; 647 break; 648 649 } 650 651 BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n", 652 client_server ? "server": "client", 653 extname, type, len); 654 BIO_dump(bio, (char *)data, len); 655 (void)BIO_flush(bio); 656 } |
| 657 658int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len) 659 { 660 unsigned char *buffer, result[EVP_MAX_MD_SIZE]; 661 unsigned int length, resultlength; 662 struct sockaddr_in peer; 663 664 /* Initialize a random secret */ 665 if (!cookie_initialized) 666 { 667 if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) 668 { 669 BIO_printf(bio_err,"error setting random cookie secret\n"); 670 return 0; 671 } 672 cookie_initialized = 1; 673 } 674 675 /* Read peer information */ 676 (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); 677 678 /* Create buffer with peer's address and port */ 679 length = sizeof(peer.sin_addr); 680 length += sizeof(peer.sin_port); 681 buffer = OPENSSL_malloc(length); 682 683 if (buffer == NULL) 684 { 685 BIO_printf(bio_err,"out of memory\n"); 686 return 0; 687 } 688 689 memcpy(buffer, &peer.sin_addr, sizeof(peer.sin_addr)); 690 memcpy(buffer + sizeof(peer.sin_addr), &peer.sin_port, sizeof(peer.sin_port)); 691 692 /* Calculate HMAC of buffer using the secret */ 693 HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, 694 buffer, length, result, &resultlength); 695 OPENSSL_free(buffer); 696 697 memcpy(cookie, result, resultlength); 698 *cookie_len = resultlength; 699 700 return 1; 701 } 702 703int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len) 704 { 705 unsigned char *buffer, result[EVP_MAX_MD_SIZE]; 706 unsigned int length, resultlength; 707 struct sockaddr_in peer; 708 709 /* If secret isn't initialized yet, the cookie can't be valid */ 710 if (!cookie_initialized) 711 return 0; 712 713 /* Read peer information */ 714 (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); 715 716 /* Create buffer with peer's address and port */ 717 length = sizeof(peer.sin_addr); 718 length += sizeof(peer.sin_port); 719 buffer = (unsigned char*) OPENSSL_malloc(length); 720 721 if (buffer == NULL) 722 { 723 BIO_printf(bio_err,"out of memory\n"); 724 return 0; 725 } 726 727 memcpy(buffer, &peer.sin_addr, sizeof(peer.sin_addr)); 728 memcpy(buffer + sizeof(peer.sin_addr), &peer.sin_port, sizeof(peer.sin_port)); 729 730 /* Calculate HMAC of buffer using the secret */ 731 HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, 732 buffer, length, result, &resultlength); 733 OPENSSL_free(buffer); 734 735 if (cookie_len == resultlength && memcmp(result, cookie, resultlength) == 0) 736 return 1; 737 738 return 0; 739 } |
|