s_cb.c revision 312826
1/* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58/* ==================================================================== 59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 60 * 61 * Redistribution and use in source and binary forms, with or without 62 * modification, are permitted provided that the following conditions 63 * are met: 64 * 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 68 * 2. Redistributions in binary form must reproduce the above copyright 69 * notice, this list of conditions and the following disclaimer in 70 * the documentation and/or other materials provided with the 71 * distribution. 72 * 73 * 3. All advertising materials mentioning features or use of this 74 * software must display the following acknowledgment: 75 * "This product includes software developed by the OpenSSL Project 76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77 * 78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79 * endorse or promote products derived from this software without 80 * prior written permission. For written permission, please contact 81 * openssl-core@openssl.org. 82 * 83 * 5. Products derived from this software may not be called "OpenSSL" 84 * nor may "OpenSSL" appear in their names without prior written 85 * permission of the OpenSSL Project. 86 * 87 * 6. Redistributions of any form whatsoever must retain the following 88 * acknowledgment: 89 * "This product includes software developed by the OpenSSL Project 90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91 * 92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103 * OF THE POSSIBILITY OF SUCH DAMAGE. 104 * ==================================================================== 105 * 106 * This product includes cryptographic software written by Eric Young 107 * (eay@cryptsoft.com). This product includes software written by Tim 108 * Hudson (tjh@cryptsoft.com). 109 * 110 */ 111 112#include <stdio.h> 113#include <stdlib.h> 114#include <string.h> /* for memcpy() and strcmp() */ 115#define USE_SOCKETS 116#define NON_MAIN 117#include "apps.h" 118#undef NON_MAIN 119#undef USE_SOCKETS 120#include <openssl/err.h> 121#include <openssl/rand.h> 122#include <openssl/x509.h> 123#include <openssl/ssl.h> 124#include "s_apps.h" 125 126#define COOKIE_SECRET_LENGTH 16 127 128int verify_depth = 0; 129int verify_quiet = 0; 130int verify_error = X509_V_OK; 131int verify_return_error = 0; 132unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; 133int cookie_initialized = 0; 134 135int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) 136{ 137 X509 *err_cert; 138 int err, depth; 139 140 err_cert = X509_STORE_CTX_get_current_cert(ctx); 141 err = X509_STORE_CTX_get_error(ctx); 142 depth = X509_STORE_CTX_get_error_depth(ctx); 143 144 if (!verify_quiet || !ok) { 145 BIO_printf(bio_err, "depth=%d ", depth); 146 if (err_cert) { 147 X509_NAME_print_ex(bio_err, 148 X509_get_subject_name(err_cert), 149 0, XN_FLAG_ONELINE); 150 BIO_puts(bio_err, "\n"); 151 } else 152 BIO_puts(bio_err, "<no cert>\n"); 153 } 154 if (!ok) { 155 BIO_printf(bio_err, "verify error:num=%d:%s\n", err, 156 X509_verify_cert_error_string(err)); 157 if (verify_depth >= depth) { 158 if (!verify_return_error) 159 ok = 1; 160 verify_error = X509_V_OK; 161 } else { 162 ok = 0; 163 verify_error = X509_V_ERR_CERT_CHAIN_TOO_LONG; 164 } 165 } 166 switch (err) { 167 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 168 BIO_puts(bio_err, "issuer= "); 169 X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), 170 0, XN_FLAG_ONELINE); 171 BIO_puts(bio_err, "\n"); 172 break; 173 case X509_V_ERR_CERT_NOT_YET_VALID: 174 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: 175 BIO_printf(bio_err, "notBefore="); 176 ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert)); 177 BIO_printf(bio_err, "\n"); 178 break; 179 case X509_V_ERR_CERT_HAS_EXPIRED: 180 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: 181 BIO_printf(bio_err, "notAfter="); 182 ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert)); 183 BIO_printf(bio_err, "\n"); 184 break; 185 case X509_V_ERR_NO_EXPLICIT_POLICY: 186 if (!verify_quiet) 187 policies_print(bio_err, ctx); 188 break; 189 } 190 if (err == X509_V_OK && ok == 2 && !verify_quiet) 191 policies_print(bio_err, ctx); 192 if (ok && !verify_quiet) 193 BIO_printf(bio_err, "verify return:%d\n", ok); 194 return (ok); 195} 196 197int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) 198{ 199 if (cert_file != NULL) { 200 /*- 201 SSL *ssl; 202 X509 *x509; 203 */ 204 205 if (SSL_CTX_use_certificate_file(ctx, cert_file, 206 SSL_FILETYPE_PEM) <= 0) { 207 BIO_printf(bio_err, "unable to get certificate from '%s'\n", 208 cert_file); 209 ERR_print_errors(bio_err); 210 return (0); 211 } 212 if (key_file == NULL) 213 key_file = cert_file; 214 if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) { 215 BIO_printf(bio_err, "unable to get private key from '%s'\n", 216 key_file); 217 ERR_print_errors(bio_err); 218 return (0); 219 } 220 221 /*- 222 In theory this is no longer needed 223 ssl=SSL_new(ctx); 224 x509=SSL_get_certificate(ssl); 225 226 if (x509 != NULL) { 227 EVP_PKEY *pktmp; 228 pktmp = X509_get_pubkey(x509); 229 EVP_PKEY_copy_parameters(pktmp, 230 SSL_get_privatekey(ssl)); 231 EVP_PKEY_free(pktmp); 232 } 233 SSL_free(ssl); 234 */ 235 236 /* 237 * If we are using DSA, we can copy the parameters from the private 238 * key 239 */ 240 241 /* 242 * Now we know that a key and cert have been set against the SSL 243 * context 244 */ 245 if (!SSL_CTX_check_private_key(ctx)) { 246 BIO_printf(bio_err, 247 "Private key does not match the certificate public key\n"); 248 return (0); 249 } 250 } 251 return (1); 252} 253 254int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, 255 STACK_OF(X509) *chain, int build_chain) 256{ 257 int chflags = chain ? SSL_BUILD_CHAIN_FLAG_CHECK : 0; 258 if (cert == NULL) 259 return 1; 260 if (SSL_CTX_use_certificate(ctx, cert) <= 0) { 261 BIO_printf(bio_err, "error setting certificate\n"); 262 ERR_print_errors(bio_err); 263 return 0; 264 } 265 266 if (SSL_CTX_use_PrivateKey(ctx, key) <= 0) { 267 BIO_printf(bio_err, "error setting private key\n"); 268 ERR_print_errors(bio_err); 269 return 0; 270 } 271 272 /* 273 * Now we know that a key and cert have been set against the SSL context 274 */ 275 if (!SSL_CTX_check_private_key(ctx)) { 276 BIO_printf(bio_err, 277 "Private key does not match the certificate public key\n"); 278 return 0; 279 } 280 if (chain && !SSL_CTX_set1_chain(ctx, chain)) { 281 BIO_printf(bio_err, "error setting certificate chain\n"); 282 ERR_print_errors(bio_err); 283 return 0; 284 } 285 if (build_chain && !SSL_CTX_build_cert_chain(ctx, chflags)) { 286 BIO_printf(bio_err, "error building certificate chain\n"); 287 ERR_print_errors(bio_err); 288 return 0; 289 } 290 return 1; 291} 292 293static void ssl_print_client_cert_types(BIO *bio, SSL *s) 294{ 295 const unsigned char *p; 296 int i; 297 int cert_type_num = SSL_get0_certificate_types(s, &p); 298 if (!cert_type_num) 299 return; 300 BIO_puts(bio, "Client Certificate Types: "); 301 for (i = 0; i < cert_type_num; i++) { 302 unsigned char cert_type = p[i]; 303 char *cname; 304 switch (cert_type) { 305 case TLS_CT_RSA_SIGN: 306 cname = "RSA sign"; 307 break; 308 309 case TLS_CT_DSS_SIGN: 310 cname = "DSA sign"; 311 break; 312 313 case TLS_CT_RSA_FIXED_DH: 314 cname = "RSA fixed DH"; 315 break; 316 317 case TLS_CT_DSS_FIXED_DH: 318 cname = "DSS fixed DH"; 319 break; 320 321 case TLS_CT_ECDSA_SIGN: 322 cname = "ECDSA sign"; 323 break; 324 325 case TLS_CT_RSA_FIXED_ECDH: 326 cname = "RSA fixed ECDH"; 327 break; 328 329 case TLS_CT_ECDSA_FIXED_ECDH: 330 cname = "ECDSA fixed ECDH"; 331 break; 332 333 case TLS_CT_GOST94_SIGN: 334 cname = "GOST94 Sign"; 335 break; 336 337 case TLS_CT_GOST01_SIGN: 338 cname = "GOST01 Sign"; 339 break; 340 341 default: 342 cname = NULL; 343 } 344 345 if (i) 346 BIO_puts(bio, ", "); 347 348 if (cname) 349 BIO_puts(bio, cname); 350 else 351 BIO_printf(bio, "UNKNOWN (%d),", cert_type); 352 } 353 BIO_puts(bio, "\n"); 354} 355 356static int do_print_sigalgs(BIO *out, SSL *s, int shared) 357{ 358 int i, nsig, client; 359 client = SSL_is_server(s) ? 0 : 1; 360 if (shared) 361 nsig = SSL_get_shared_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL); 362 else 363 nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL); 364 if (nsig == 0) 365 return 1; 366 367 if (shared) 368 BIO_puts(out, "Shared "); 369 370 if (client) 371 BIO_puts(out, "Requested "); 372 BIO_puts(out, "Signature Algorithms: "); 373 for (i = 0; i < nsig; i++) { 374 int hash_nid, sign_nid; 375 unsigned char rhash, rsign; 376 const char *sstr = NULL; 377 if (shared) 378 SSL_get_shared_sigalgs(s, i, &sign_nid, &hash_nid, NULL, 379 &rsign, &rhash); 380 else 381 SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL, &rsign, &rhash); 382 if (i) 383 BIO_puts(out, ":"); 384 if (sign_nid == EVP_PKEY_RSA) 385 sstr = "RSA"; 386 else if (sign_nid == EVP_PKEY_DSA) 387 sstr = "DSA"; 388 else if (sign_nid == EVP_PKEY_EC) 389 sstr = "ECDSA"; 390 if (sstr) 391 BIO_printf(out, "%s+", sstr); 392 else 393 BIO_printf(out, "0x%02X+", (int)rsign); 394 if (hash_nid != NID_undef) 395 BIO_printf(out, "%s", OBJ_nid2sn(hash_nid)); 396 else 397 BIO_printf(out, "0x%02X", (int)rhash); 398 } 399 BIO_puts(out, "\n"); 400 return 1; 401} 402 403int ssl_print_sigalgs(BIO *out, SSL *s) 404{ 405 int mdnid; 406 if (!SSL_is_server(s)) 407 ssl_print_client_cert_types(out, s); 408 do_print_sigalgs(out, s, 0); 409 do_print_sigalgs(out, s, 1); 410 if (SSL_get_peer_signature_nid(s, &mdnid)) 411 BIO_printf(out, "Peer signing digest: %s\n", OBJ_nid2sn(mdnid)); 412 return 1; 413} 414 415#ifndef OPENSSL_NO_EC 416int ssl_print_point_formats(BIO *out, SSL *s) 417{ 418 int i, nformats; 419 const char *pformats; 420 nformats = SSL_get0_ec_point_formats(s, &pformats); 421 if (nformats <= 0) 422 return 1; 423 BIO_puts(out, "Supported Elliptic Curve Point Formats: "); 424 for (i = 0; i < nformats; i++, pformats++) { 425 if (i) 426 BIO_puts(out, ":"); 427 switch (*pformats) { 428 case TLSEXT_ECPOINTFORMAT_uncompressed: 429 BIO_puts(out, "uncompressed"); 430 break; 431 432 case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime: 433 BIO_puts(out, "ansiX962_compressed_prime"); 434 break; 435 436 case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2: 437 BIO_puts(out, "ansiX962_compressed_char2"); 438 break; 439 440 default: 441 BIO_printf(out, "unknown(%d)", (int)*pformats); 442 break; 443 444 } 445 } 446 if (nformats <= 0) 447 BIO_puts(out, "NONE"); 448 BIO_puts(out, "\n"); 449 return 1; 450} 451 452int ssl_print_curves(BIO *out, SSL *s, int noshared) 453{ 454 int i, ncurves, *curves, nid; 455 const char *cname; 456 ncurves = SSL_get1_curves(s, NULL); 457 if (ncurves <= 0) 458 return 1; 459 curves = OPENSSL_malloc(ncurves * sizeof(int)); 460 if (!curves) { 461 BIO_puts(out, "Malloc error getting supported curves\n"); 462 return 0; 463 } 464 SSL_get1_curves(s, curves); 465 466 467 BIO_puts(out, "Supported Elliptic Curves: "); 468 for (i = 0; i < ncurves; i++) { 469 if (i) 470 BIO_puts(out, ":"); 471 nid = curves[i]; 472 /* If unrecognised print out hex version */ 473 if (nid & TLSEXT_nid_unknown) 474 BIO_printf(out, "0x%04X", nid & 0xFFFF); 475 else { 476 /* Use NIST name for curve if it exists */ 477 cname = EC_curve_nid2nist(nid); 478 if (!cname) 479 cname = OBJ_nid2sn(nid); 480 BIO_printf(out, "%s", cname); 481 } 482 } 483 if (ncurves == 0) 484 BIO_puts(out, "NONE"); 485 OPENSSL_free(curves); 486 if (noshared) { 487 BIO_puts(out, "\n"); 488 return 1; 489 } 490 BIO_puts(out, "\nShared Elliptic curves: "); 491 ncurves = SSL_get_shared_curve(s, -1); 492 for (i = 0; i < ncurves; i++) { 493 if (i) 494 BIO_puts(out, ":"); 495 nid = SSL_get_shared_curve(s, i); 496 cname = EC_curve_nid2nist(nid); 497 if (!cname) 498 cname = OBJ_nid2sn(nid); 499 BIO_printf(out, "%s", cname); 500 } 501 if (ncurves == 0) 502 BIO_puts(out, "NONE"); 503 BIO_puts(out, "\n"); 504 return 1; 505} 506#endif 507int ssl_print_tmp_key(BIO *out, SSL *s) 508{ 509 EVP_PKEY *key; 510 if (!SSL_get_server_tmp_key(s, &key)) 511 return 1; 512 BIO_puts(out, "Server Temp Key: "); 513 switch (EVP_PKEY_id(key)) { 514 case EVP_PKEY_RSA: 515 BIO_printf(out, "RSA, %d bits\n", EVP_PKEY_bits(key)); 516 break; 517 518 case EVP_PKEY_DH: 519 BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key)); 520 break; 521#ifndef OPENSSL_NO_ECDH 522 case EVP_PKEY_EC: 523 { 524 EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key); 525 int nid; 526 const char *cname; 527 nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); 528 EC_KEY_free(ec); 529 cname = EC_curve_nid2nist(nid); 530 if (!cname) 531 cname = OBJ_nid2sn(nid); 532 BIO_printf(out, "ECDH, %s, %d bits\n", cname, EVP_PKEY_bits(key)); 533 } 534#endif 535 } 536 EVP_PKEY_free(key); 537 return 1; 538} 539 540long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, 541 int argi, long argl, long ret) 542{ 543 BIO *out; 544 545 out = (BIO *)BIO_get_callback_arg(bio); 546 if (out == NULL) 547 return (ret); 548 549 if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) { 550 BIO_printf(out, "read from %p [%p] (%lu bytes => %ld (0x%lX))\n", 551 (void *)bio, (void *)argp, (unsigned long)argi, ret, ret); 552 BIO_dump(out, argp, (int)ret); 553 return (ret); 554 } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) { 555 BIO_printf(out, "write to %p [%p] (%lu bytes => %ld (0x%lX))\n", 556 (void *)bio, (void *)argp, (unsigned long)argi, ret, ret); 557 BIO_dump(out, argp, (int)ret); 558 } 559 return (ret); 560} 561 562void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret) 563{ 564 const char *str; 565 int w; 566 567 w = where & ~SSL_ST_MASK; 568 569 if (w & SSL_ST_CONNECT) 570 str = "SSL_connect"; 571 else if (w & SSL_ST_ACCEPT) 572 str = "SSL_accept"; 573 else 574 str = "undefined"; 575 576 if (where & SSL_CB_LOOP) { 577 BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s)); 578 } else if (where & SSL_CB_ALERT) { 579 str = (where & SSL_CB_READ) ? "read" : "write"; 580 BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n", 581 str, 582 SSL_alert_type_string_long(ret), 583 SSL_alert_desc_string_long(ret)); 584 } else if (where & SSL_CB_EXIT) { 585 if (ret == 0) 586 BIO_printf(bio_err, "%s:failed in %s\n", 587 str, SSL_state_string_long(s)); 588 else if (ret < 0) { 589 BIO_printf(bio_err, "%s:error in %s\n", 590 str, SSL_state_string_long(s)); 591 } 592 } 593} 594 595void MS_CALLBACK msg_cb(int write_p, int version, int content_type, 596 const void *buf, size_t len, SSL *ssl, void *arg) 597{ 598 BIO *bio = arg; 599 const char *str_write_p, *str_version, *str_content_type = 600 "", *str_details1 = "", *str_details2 = ""; 601 602 str_write_p = write_p ? ">>>" : "<<<"; 603 604 switch (version) { 605 case SSL2_VERSION: 606 str_version = "SSL 2.0"; 607 break; 608 case SSL3_VERSION: 609 str_version = "SSL 3.0 "; 610 break; 611 case TLS1_VERSION: 612 str_version = "TLS 1.0 "; 613 break; 614 case TLS1_1_VERSION: 615 str_version = "TLS 1.1 "; 616 break; 617 case TLS1_2_VERSION: 618 str_version = "TLS 1.2 "; 619 break; 620 case DTLS1_VERSION: 621 str_version = "DTLS 1.0 "; 622 break; 623 case DTLS1_BAD_VER: 624 str_version = "DTLS 1.0 (bad) "; 625 break; 626 default: 627 str_version = "???"; 628 } 629 630 if (version == SSL2_VERSION) { 631 str_details1 = "???"; 632 633 if (len > 0) { 634 switch (((const unsigned char *)buf)[0]) { 635 case 0: 636 str_details1 = ", ERROR:"; 637 str_details2 = " ???"; 638 if (len >= 3) { 639 unsigned err = 640 (((const unsigned char *)buf)[1] << 8) + 641 ((const unsigned char *)buf)[2]; 642 643 switch (err) { 644 case 0x0001: 645 str_details2 = " NO-CIPHER-ERROR"; 646 break; 647 case 0x0002: 648 str_details2 = " NO-CERTIFICATE-ERROR"; 649 break; 650 case 0x0004: 651 str_details2 = " BAD-CERTIFICATE-ERROR"; 652 break; 653 case 0x0006: 654 str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR"; 655 break; 656 } 657 } 658 659 break; 660 case 1: 661 str_details1 = ", CLIENT-HELLO"; 662 break; 663 case 2: 664 str_details1 = ", CLIENT-MASTER-KEY"; 665 break; 666 case 3: 667 str_details1 = ", CLIENT-FINISHED"; 668 break; 669 case 4: 670 str_details1 = ", SERVER-HELLO"; 671 break; 672 case 5: 673 str_details1 = ", SERVER-VERIFY"; 674 break; 675 case 6: 676 str_details1 = ", SERVER-FINISHED"; 677 break; 678 case 7: 679 str_details1 = ", REQUEST-CERTIFICATE"; 680 break; 681 case 8: 682 str_details1 = ", CLIENT-CERTIFICATE"; 683 break; 684 } 685 } 686 } 687 688 if (version == SSL3_VERSION || 689 version == TLS1_VERSION || 690 version == TLS1_1_VERSION || 691 version == TLS1_2_VERSION || 692 version == DTLS1_VERSION || version == DTLS1_BAD_VER) { 693 switch (content_type) { 694 case 20: 695 str_content_type = "ChangeCipherSpec"; 696 break; 697 case 21: 698 str_content_type = "Alert"; 699 break; 700 case 22: 701 str_content_type = "Handshake"; 702 break; 703 } 704 705 if (content_type == 21) { /* Alert */ 706 str_details1 = ", ???"; 707 708 if (len == 2) { 709 switch (((const unsigned char *)buf)[0]) { 710 case 1: 711 str_details1 = ", warning"; 712 break; 713 case 2: 714 str_details1 = ", fatal"; 715 break; 716 } 717 718 str_details2 = " ???"; 719 switch (((const unsigned char *)buf)[1]) { 720 case 0: 721 str_details2 = " close_notify"; 722 break; 723 case 10: 724 str_details2 = " unexpected_message"; 725 break; 726 case 20: 727 str_details2 = " bad_record_mac"; 728 break; 729 case 21: 730 str_details2 = " decryption_failed"; 731 break; 732 case 22: 733 str_details2 = " record_overflow"; 734 break; 735 case 30: 736 str_details2 = " decompression_failure"; 737 break; 738 case 40: 739 str_details2 = " handshake_failure"; 740 break; 741 case 42: 742 str_details2 = " bad_certificate"; 743 break; 744 case 43: 745 str_details2 = " unsupported_certificate"; 746 break; 747 case 44: 748 str_details2 = " certificate_revoked"; 749 break; 750 case 45: 751 str_details2 = " certificate_expired"; 752 break; 753 case 46: 754 str_details2 = " certificate_unknown"; 755 break; 756 case 47: 757 str_details2 = " illegal_parameter"; 758 break; 759 case 48: 760 str_details2 = " unknown_ca"; 761 break; 762 case 49: 763 str_details2 = " access_denied"; 764 break; 765 case 50: 766 str_details2 = " decode_error"; 767 break; 768 case 51: 769 str_details2 = " decrypt_error"; 770 break; 771 case 60: 772 str_details2 = " export_restriction"; 773 break; 774 case 70: 775 str_details2 = " protocol_version"; 776 break; 777 case 71: 778 str_details2 = " insufficient_security"; 779 break; 780 case 80: 781 str_details2 = " internal_error"; 782 break; 783 case 90: 784 str_details2 = " user_canceled"; 785 break; 786 case 100: 787 str_details2 = " no_renegotiation"; 788 break; 789 case 110: 790 str_details2 = " unsupported_extension"; 791 break; 792 case 111: 793 str_details2 = " certificate_unobtainable"; 794 break; 795 case 112: 796 str_details2 = " unrecognized_name"; 797 break; 798 case 113: 799 str_details2 = " bad_certificate_status_response"; 800 break; 801 case 114: 802 str_details2 = " bad_certificate_hash_value"; 803 break; 804 case 115: 805 str_details2 = " unknown_psk_identity"; 806 break; 807 } 808 } 809 } 810 811 if (content_type == 22) { /* Handshake */ 812 str_details1 = "???"; 813 814 if (len > 0) { 815 switch (((const unsigned char *)buf)[0]) { 816 case 0: 817 str_details1 = ", HelloRequest"; 818 break; 819 case 1: 820 str_details1 = ", ClientHello"; 821 break; 822 case 2: 823 str_details1 = ", ServerHello"; 824 break; 825 case 3: 826 str_details1 = ", HelloVerifyRequest"; 827 break; 828 case 11: 829 str_details1 = ", Certificate"; 830 break; 831 case 12: 832 str_details1 = ", ServerKeyExchange"; 833 break; 834 case 13: 835 str_details1 = ", CertificateRequest"; 836 break; 837 case 14: 838 str_details1 = ", ServerHelloDone"; 839 break; 840 case 15: 841 str_details1 = ", CertificateVerify"; 842 break; 843 case 16: 844 str_details1 = ", ClientKeyExchange"; 845 break; 846 case 20: 847 str_details1 = ", Finished"; 848 break; 849 } 850 } 851 } 852#ifndef OPENSSL_NO_HEARTBEATS 853 if (content_type == 24) { /* Heartbeat */ 854 str_details1 = ", Heartbeat"; 855 856 if (len > 0) { 857 switch (((const unsigned char *)buf)[0]) { 858 case 1: 859 str_details1 = ", HeartbeatRequest"; 860 break; 861 case 2: 862 str_details1 = ", HeartbeatResponse"; 863 break; 864 } 865 } 866 } 867#endif 868 } 869 870 BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, 871 str_content_type, (unsigned long)len, str_details1, 872 str_details2); 873 874 if (len > 0) { 875 size_t num, i; 876 877 BIO_printf(bio, " "); 878 num = len; 879#if 0 880 if (num > 16) 881 num = 16; 882#endif 883 for (i = 0; i < num; i++) { 884 if (i % 16 == 0 && i > 0) 885 BIO_printf(bio, "\n "); 886 BIO_printf(bio, " %02x", ((const unsigned char *)buf)[i]); 887 } 888 if (i < len) 889 BIO_printf(bio, " ..."); 890 BIO_printf(bio, "\n"); 891 } 892 (void)BIO_flush(bio); 893} 894 895void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type, 896 unsigned char *data, int len, void *arg) 897{ 898 BIO *bio = arg; 899 char *extname; 900 901 switch (type) { 902 case TLSEXT_TYPE_server_name: 903 extname = "server name"; 904 break; 905 906 case TLSEXT_TYPE_max_fragment_length: 907 extname = "max fragment length"; 908 break; 909 910 case TLSEXT_TYPE_client_certificate_url: 911 extname = "client certificate URL"; 912 break; 913 914 case TLSEXT_TYPE_trusted_ca_keys: 915 extname = "trusted CA keys"; 916 break; 917 918 case TLSEXT_TYPE_truncated_hmac: 919 extname = "truncated HMAC"; 920 break; 921 922 case TLSEXT_TYPE_status_request: 923 extname = "status request"; 924 break; 925 926 case TLSEXT_TYPE_user_mapping: 927 extname = "user mapping"; 928 break; 929 930 case TLSEXT_TYPE_client_authz: 931 extname = "client authz"; 932 break; 933 934 case TLSEXT_TYPE_server_authz: 935 extname = "server authz"; 936 break; 937 938 case TLSEXT_TYPE_cert_type: 939 extname = "cert type"; 940 break; 941 942 case TLSEXT_TYPE_elliptic_curves: 943 extname = "elliptic curves"; 944 break; 945 946 case TLSEXT_TYPE_ec_point_formats: 947 extname = "EC point formats"; 948 break; 949 950 case TLSEXT_TYPE_srp: 951 extname = "SRP"; 952 break; 953 954 case TLSEXT_TYPE_signature_algorithms: 955 extname = "signature algorithms"; 956 break; 957 958 case TLSEXT_TYPE_use_srtp: 959 extname = "use SRTP"; 960 break; 961 962 case TLSEXT_TYPE_heartbeat: 963 extname = "heartbeat"; 964 break; 965 966 case TLSEXT_TYPE_session_ticket: 967 extname = "session ticket"; 968 break; 969 970 case TLSEXT_TYPE_renegotiate: 971 extname = "renegotiation info"; 972 break; 973 974#ifdef TLSEXT_TYPE_opaque_prf_input 975 case TLSEXT_TYPE_opaque_prf_input: 976 extname = "opaque PRF input"; 977 break; 978#endif 979#ifdef TLSEXT_TYPE_next_proto_neg 980 case TLSEXT_TYPE_next_proto_neg: 981 extname = "next protocol"; 982 break; 983#endif 984#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation 985 case TLSEXT_TYPE_application_layer_protocol_negotiation: 986 extname = "application layer protocol negotiation"; 987 break; 988#endif 989 990 case TLSEXT_TYPE_padding: 991 extname = "TLS padding"; 992 break; 993 994 default: 995 extname = "unknown"; 996 break; 997 998 } 999 1000 BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n", 1001 client_server ? "server" : "client", extname, type, len); 1002 BIO_dump(bio, (char *)data, len); 1003 (void)BIO_flush(bio); 1004} 1005 1006int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, 1007 unsigned int *cookie_len) 1008{ 1009 unsigned char *buffer, result[EVP_MAX_MD_SIZE]; 1010 unsigned int length, resultlength; 1011 union { 1012 struct sockaddr sa; 1013 struct sockaddr_in s4; 1014#if OPENSSL_USE_IPV6 1015 struct sockaddr_in6 s6; 1016#endif 1017 } peer; 1018 1019 /* Initialize a random secret */ 1020 if (!cookie_initialized) { 1021 if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) { 1022 BIO_printf(bio_err, "error setting random cookie secret\n"); 1023 return 0; 1024 } 1025 cookie_initialized = 1; 1026 } 1027 1028 /* Read peer information */ 1029 (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); 1030 1031 /* Create buffer with peer's address and port */ 1032 length = 0; 1033 switch (peer.sa.sa_family) { 1034 case AF_INET: 1035 length += sizeof(struct in_addr); 1036 length += sizeof(peer.s4.sin_port); 1037 break; 1038#if OPENSSL_USE_IPV6 1039 case AF_INET6: 1040 length += sizeof(struct in6_addr); 1041 length += sizeof(peer.s6.sin6_port); 1042 break; 1043#endif 1044 default: 1045 OPENSSL_assert(0); 1046 break; 1047 } 1048 buffer = OPENSSL_malloc(length); 1049 1050 if (buffer == NULL) { 1051 BIO_printf(bio_err, "out of memory\n"); 1052 return 0; 1053 } 1054 1055 switch (peer.sa.sa_family) { 1056 case AF_INET: 1057 memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port)); 1058 memcpy(buffer + sizeof(peer.s4.sin_port), 1059 &peer.s4.sin_addr, sizeof(struct in_addr)); 1060 break; 1061#if OPENSSL_USE_IPV6 1062 case AF_INET6: 1063 memcpy(buffer, &peer.s6.sin6_port, sizeof(peer.s6.sin6_port)); 1064 memcpy(buffer + sizeof(peer.s6.sin6_port), 1065 &peer.s6.sin6_addr, sizeof(struct in6_addr)); 1066 break; 1067#endif 1068 default: 1069 OPENSSL_assert(0); 1070 break; 1071 } 1072 1073 /* Calculate HMAC of buffer using the secret */ 1074 HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, 1075 buffer, length, result, &resultlength); 1076 OPENSSL_free(buffer); 1077 1078 memcpy(cookie, result, resultlength); 1079 *cookie_len = resultlength; 1080 1081 return 1; 1082} 1083 1084int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, 1085 unsigned int cookie_len) 1086{ 1087 unsigned char *buffer, result[EVP_MAX_MD_SIZE]; 1088 unsigned int length, resultlength; 1089 union { 1090 struct sockaddr sa; 1091 struct sockaddr_in s4; 1092#if OPENSSL_USE_IPV6 1093 struct sockaddr_in6 s6; 1094#endif 1095 } peer; 1096 1097 /* If secret isn't initialized yet, the cookie can't be valid */ 1098 if (!cookie_initialized) 1099 return 0; 1100 1101 /* Read peer information */ 1102 (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); 1103 1104 /* Create buffer with peer's address and port */ 1105 length = 0; 1106 switch (peer.sa.sa_family) { 1107 case AF_INET: 1108 length += sizeof(struct in_addr); 1109 length += sizeof(peer.s4.sin_port); 1110 break; 1111#if OPENSSL_USE_IPV6 1112 case AF_INET6: 1113 length += sizeof(struct in6_addr); 1114 length += sizeof(peer.s6.sin6_port); 1115 break; 1116#endif 1117 default: 1118 OPENSSL_assert(0); 1119 break; 1120 } 1121 buffer = OPENSSL_malloc(length); 1122 1123 if (buffer == NULL) { 1124 BIO_printf(bio_err, "out of memory\n"); 1125 return 0; 1126 } 1127 1128 switch (peer.sa.sa_family) { 1129 case AF_INET: 1130 memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port)); 1131 memcpy(buffer + sizeof(peer.s4.sin_port), 1132 &peer.s4.sin_addr, sizeof(struct in_addr)); 1133 break; 1134#if OPENSSL_USE_IPV6 1135 case AF_INET6: 1136 memcpy(buffer, &peer.s6.sin6_port, sizeof(peer.s6.sin6_port)); 1137 memcpy(buffer + sizeof(peer.s6.sin6_port), 1138 &peer.s6.sin6_addr, sizeof(struct in6_addr)); 1139 break; 1140#endif 1141 default: 1142 OPENSSL_assert(0); 1143 break; 1144 } 1145 1146 /* Calculate HMAC of buffer using the secret */ 1147 HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, 1148 buffer, length, result, &resultlength); 1149 OPENSSL_free(buffer); 1150 1151 if (cookie_len == resultlength 1152 && memcmp(result, cookie, resultlength) == 0) 1153 return 1; 1154 1155 return 0; 1156} 1157 1158/* 1159 * Example of extended certificate handling. Where the standard support of 1160 * one certificate per algorithm is not sufficient an application can decide 1161 * which certificate(s) to use at runtime based on whatever criteria it deems 1162 * appropriate. 1163 */ 1164 1165/* Linked list of certificates, keys and chains */ 1166struct ssl_excert_st { 1167 int certform; 1168 const char *certfile; 1169 int keyform; 1170 const char *keyfile; 1171 const char *chainfile; 1172 X509 *cert; 1173 EVP_PKEY *key; 1174 STACK_OF(X509) *chain; 1175 int build_chain; 1176 struct ssl_excert_st *next, *prev; 1177}; 1178 1179struct chain_flags { 1180 int flag; 1181 const char *name; 1182}; 1183 1184struct chain_flags chain_flags_list[] = { 1185 {CERT_PKEY_VALID, "Overall Validity"}, 1186 {CERT_PKEY_SIGN, "Sign with EE key"}, 1187 {CERT_PKEY_EE_SIGNATURE, "EE signature"}, 1188 {CERT_PKEY_CA_SIGNATURE, "CA signature"}, 1189 {CERT_PKEY_EE_PARAM, "EE key parameters"}, 1190 {CERT_PKEY_CA_PARAM, "CA key parameters"}, 1191 {CERT_PKEY_EXPLICIT_SIGN, "Explicity sign with EE key"}, 1192 {CERT_PKEY_ISSUER_NAME, "Issuer Name"}, 1193 {CERT_PKEY_CERT_TYPE, "Certificate Type"}, 1194 {0, NULL} 1195}; 1196 1197static void print_chain_flags(BIO *out, SSL *s, int flags) 1198{ 1199 struct chain_flags *ctmp = chain_flags_list; 1200 while (ctmp->name) { 1201 BIO_printf(out, "\t%s: %s\n", ctmp->name, 1202 flags & ctmp->flag ? "OK" : "NOT OK"); 1203 ctmp++; 1204 } 1205 BIO_printf(out, "\tSuite B: "); 1206 if (SSL_set_cert_flags(s, 0) & SSL_CERT_FLAG_SUITEB_128_LOS) 1207 BIO_puts(out, flags & CERT_PKEY_SUITEB ? "OK\n" : "NOT OK\n"); 1208 else 1209 BIO_printf(out, "not tested\n"); 1210} 1211 1212/* 1213 * Very basic selection callback: just use any certificate chain reported as 1214 * valid. More sophisticated could prioritise according to local policy. 1215 */ 1216static int set_cert_cb(SSL *ssl, void *arg) 1217{ 1218 int i, rv; 1219 SSL_EXCERT *exc = arg; 1220#ifdef CERT_CB_TEST_RETRY 1221 static int retry_cnt; 1222 if (retry_cnt < 5) { 1223 retry_cnt++; 1224 fprintf(stderr, "Certificate callback retry test: count %d\n", 1225 retry_cnt); 1226 return -1; 1227 } 1228#endif 1229 SSL_certs_clear(ssl); 1230 1231 if (!exc) 1232 return 1; 1233 1234 /* 1235 * Go to end of list and traverse backwards since we prepend newer 1236 * entries this retains the original order. 1237 */ 1238 while (exc->next) 1239 exc = exc->next; 1240 1241 i = 0; 1242 1243 while (exc) { 1244 i++; 1245 rv = SSL_check_chain(ssl, exc->cert, exc->key, exc->chain); 1246 BIO_printf(bio_err, "Checking cert chain %d:\nSubject: ", i); 1247 X509_NAME_print_ex(bio_err, X509_get_subject_name(exc->cert), 0, 1248 XN_FLAG_ONELINE); 1249 BIO_puts(bio_err, "\n"); 1250 1251 print_chain_flags(bio_err, ssl, rv); 1252 if (rv & CERT_PKEY_VALID) { 1253 SSL_use_certificate(ssl, exc->cert); 1254 SSL_use_PrivateKey(ssl, exc->key); 1255 /* 1256 * NB: we wouldn't normally do this as it is not efficient 1257 * building chains on each connection better to cache the chain 1258 * in advance. 1259 */ 1260 if (exc->build_chain) { 1261 if (!SSL_build_cert_chain(ssl, 0)) 1262 return 0; 1263 } else if (exc->chain) 1264 SSL_set1_chain(ssl, exc->chain); 1265 } 1266 exc = exc->prev; 1267 } 1268 return 1; 1269} 1270 1271void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc) 1272{ 1273 SSL_CTX_set_cert_cb(ctx, set_cert_cb, exc); 1274} 1275 1276static int ssl_excert_prepend(SSL_EXCERT **pexc) 1277{ 1278 SSL_EXCERT *exc; 1279 exc = OPENSSL_malloc(sizeof(SSL_EXCERT)); 1280 if (!exc) 1281 return 0; 1282 exc->certfile = NULL; 1283 exc->keyfile = NULL; 1284 exc->chainfile = NULL; 1285 exc->cert = NULL; 1286 exc->key = NULL; 1287 exc->chain = NULL; 1288 exc->prev = NULL; 1289 exc->build_chain = 0; 1290 1291 exc->next = *pexc; 1292 *pexc = exc; 1293 1294 if (exc->next) { 1295 exc->certform = exc->next->certform; 1296 exc->keyform = exc->next->keyform; 1297 exc->next->prev = exc; 1298 } else { 1299 exc->certform = FORMAT_PEM; 1300 exc->keyform = FORMAT_PEM; 1301 } 1302 return 1; 1303 1304} 1305 1306void ssl_excert_free(SSL_EXCERT *exc) 1307{ 1308 SSL_EXCERT *curr; 1309 while (exc) { 1310 if (exc->cert) 1311 X509_free(exc->cert); 1312 if (exc->key) 1313 EVP_PKEY_free(exc->key); 1314 if (exc->chain) 1315 sk_X509_pop_free(exc->chain, X509_free); 1316 curr = exc; 1317 exc = exc->next; 1318 OPENSSL_free(curr); 1319 } 1320} 1321 1322int load_excert(SSL_EXCERT **pexc, BIO *err) 1323{ 1324 SSL_EXCERT *exc = *pexc; 1325 if (!exc) 1326 return 1; 1327 /* If nothing in list, free and set to NULL */ 1328 if (!exc->certfile && !exc->next) { 1329 ssl_excert_free(exc); 1330 *pexc = NULL; 1331 return 1; 1332 } 1333 for (; exc; exc = exc->next) { 1334 if (!exc->certfile) { 1335 BIO_printf(err, "Missing filename\n"); 1336 return 0; 1337 } 1338 exc->cert = load_cert(err, exc->certfile, exc->certform, 1339 NULL, NULL, "Server Certificate"); 1340 if (!exc->cert) 1341 return 0; 1342 if (exc->keyfile) { 1343 exc->key = load_key(err, exc->keyfile, exc->keyform, 1344 0, NULL, NULL, "Server Key"); 1345 } else { 1346 exc->key = load_key(err, exc->certfile, exc->certform, 1347 0, NULL, NULL, "Server Key"); 1348 } 1349 if (!exc->key) 1350 return 0; 1351 if (exc->chainfile) { 1352 exc->chain = load_certs(err, 1353 exc->chainfile, FORMAT_PEM, 1354 NULL, NULL, "Server Chain"); 1355 if (!exc->chain) 1356 return 0; 1357 } 1358 } 1359 return 1; 1360} 1361 1362int args_excert(char ***pargs, int *pargc, 1363 int *badarg, BIO *err, SSL_EXCERT **pexc) 1364{ 1365 char *arg = **pargs, *argn = (*pargs)[1]; 1366 SSL_EXCERT *exc = *pexc; 1367 int narg = 2; 1368 if (!exc) { 1369 if (ssl_excert_prepend(&exc)) 1370 *pexc = exc; 1371 else { 1372 BIO_printf(err, "Error initialising xcert\n"); 1373 *badarg = 1; 1374 goto err; 1375 } 1376 } 1377 if (strcmp(arg, "-xcert") == 0) { 1378 if (!argn) { 1379 *badarg = 1; 1380 return 1; 1381 } 1382 if (exc->certfile && !ssl_excert_prepend(&exc)) { 1383 BIO_printf(err, "Error adding xcert\n"); 1384 *badarg = 1; 1385 goto err; 1386 } 1387 exc->certfile = argn; 1388 } else if (strcmp(arg, "-xkey") == 0) { 1389 if (!argn) { 1390 *badarg = 1; 1391 return 1; 1392 } 1393 if (exc->keyfile) { 1394 BIO_printf(err, "Key already specified\n"); 1395 *badarg = 1; 1396 return 1; 1397 } 1398 exc->keyfile = argn; 1399 } else if (strcmp(arg, "-xchain") == 0) { 1400 if (!argn) { 1401 *badarg = 1; 1402 return 1; 1403 } 1404 if (exc->chainfile) { 1405 BIO_printf(err, "Chain already specified\n"); 1406 *badarg = 1; 1407 return 1; 1408 } 1409 exc->chainfile = argn; 1410 } else if (strcmp(arg, "-xchain_build") == 0) { 1411 narg = 1; 1412 exc->build_chain = 1; 1413 } else if (strcmp(arg, "-xcertform") == 0) { 1414 if (!argn) { 1415 *badarg = 1; 1416 goto err; 1417 } 1418 exc->certform = str2fmt(argn); 1419 } else if (strcmp(arg, "-xkeyform") == 0) { 1420 if (!argn) { 1421 *badarg = 1; 1422 goto err; 1423 } 1424 exc->keyform = str2fmt(argn); 1425 } else 1426 return 0; 1427 1428 (*pargs) += narg; 1429 1430 if (pargc) 1431 *pargc -= narg; 1432 1433 *pexc = exc; 1434 1435 return 1; 1436 1437 err: 1438 ERR_print_errors(err); 1439 ssl_excert_free(exc); 1440 *pexc = NULL; 1441 return 1; 1442} 1443 1444static void print_raw_cipherlist(BIO *bio, SSL *s) 1445{ 1446 const unsigned char *rlist; 1447 static const unsigned char scsv_id[] = { 0, 0, 0xFF }; 1448 size_t i, rlistlen, num; 1449 if (!SSL_is_server(s)) 1450 return; 1451 num = SSL_get0_raw_cipherlist(s, NULL); 1452 rlistlen = SSL_get0_raw_cipherlist(s, &rlist); 1453 BIO_puts(bio, "Client cipher list: "); 1454 for (i = 0; i < rlistlen; i += num, rlist += num) { 1455 const SSL_CIPHER *c = SSL_CIPHER_find(s, rlist); 1456 if (i) 1457 BIO_puts(bio, ":"); 1458 if (c) 1459 BIO_puts(bio, SSL_CIPHER_get_name(c)); 1460 else if (!memcmp(rlist, scsv_id - num + 3, num)) 1461 BIO_puts(bio, "SCSV"); 1462 else { 1463 size_t j; 1464 BIO_puts(bio, "0x"); 1465 for (j = 0; j < num; j++) 1466 BIO_printf(bio, "%02X", rlist[j]); 1467 } 1468 } 1469 BIO_puts(bio, "\n"); 1470} 1471 1472void print_ssl_summary(BIO *bio, SSL *s) 1473{ 1474 const SSL_CIPHER *c; 1475 X509 *peer; 1476 /* 1477 * const char *pnam = SSL_is_server(s) ? "client" : "server"; 1478 */ 1479 BIO_printf(bio, "Protocol version: %s\n", SSL_get_version(s)); 1480 print_raw_cipherlist(bio, s); 1481 c = SSL_get_current_cipher(s); 1482 BIO_printf(bio, "Ciphersuite: %s\n", SSL_CIPHER_get_name(c)); 1483 do_print_sigalgs(bio, s, 0); 1484 peer = SSL_get_peer_certificate(s); 1485 if (peer) { 1486 int nid; 1487 BIO_puts(bio, "Peer certificate: "); 1488 X509_NAME_print_ex(bio, X509_get_subject_name(peer), 1489 0, XN_FLAG_ONELINE); 1490 BIO_puts(bio, "\n"); 1491 if (SSL_get_peer_signature_nid(s, &nid)) 1492 BIO_printf(bio, "Hash used: %s\n", OBJ_nid2sn(nid)); 1493 } else 1494 BIO_puts(bio, "No peer certificate\n"); 1495 if (peer) 1496 X509_free(peer); 1497#ifndef OPENSSL_NO_EC 1498 ssl_print_point_formats(bio, s); 1499 if (SSL_is_server(s)) 1500 ssl_print_curves(bio, s, 1); 1501 else 1502 ssl_print_tmp_key(bio, s); 1503#else 1504 if (!SSL_is_server(s)) 1505 ssl_print_tmp_key(bio, s); 1506#endif 1507} 1508 1509int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx, 1510 int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr, 1511 int *no_prot_opt) 1512{ 1513 char *arg = **pargs, *argn = (*pargs)[1]; 1514 int rv; 1515 1516 if (strcmp(arg, "-no_ssl2") == 0 || strcmp(arg, "-no_ssl3") == 0 1517 || strcmp(arg, "-no_tls1") == 0 || strcmp(arg, "-no_tls1_1") == 0 1518 || strcmp(arg, "-no_tls1_2") == 0) { 1519 *no_prot_opt = 1; 1520 } 1521 1522 /* Attempt to run SSL configuration command */ 1523 rv = SSL_CONF_cmd_argv(cctx, pargc, pargs); 1524 /* If parameter not recognised just return */ 1525 if (rv == 0) 1526 return 0; 1527 /* see if missing argument error */ 1528 if (rv == -3) { 1529 BIO_printf(err, "%s needs an argument\n", arg); 1530 *badarg = 1; 1531 goto end; 1532 } 1533 /* Check for some other error */ 1534 if (rv < 0) { 1535 BIO_printf(err, "Error with command: \"%s %s\"\n", 1536 arg, argn ? argn : ""); 1537 *badarg = 1; 1538 goto end; 1539 } 1540 /* Store command and argument */ 1541 /* If only one argument processed store value as NULL */ 1542 if (rv == 1) 1543 argn = NULL; 1544 if (!*pstr) 1545 *pstr = sk_OPENSSL_STRING_new_null(); 1546 if (!*pstr || !sk_OPENSSL_STRING_push(*pstr, arg) || 1547 !sk_OPENSSL_STRING_push(*pstr, argn)) { 1548 BIO_puts(err, "Memory allocation failure\n"); 1549 goto end; 1550 } 1551 1552 end: 1553 if (*badarg) 1554 ERR_print_errors(err); 1555 1556 return 1; 1557} 1558 1559int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx, 1560 STACK_OF(OPENSSL_STRING) *str, int no_ecdhe, int no_jpake) 1561{ 1562 int i; 1563 SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); 1564 for (i = 0; i < sk_OPENSSL_STRING_num(str); i += 2) { 1565 const char *param = sk_OPENSSL_STRING_value(str, i); 1566 const char *value = sk_OPENSSL_STRING_value(str, i + 1); 1567 /* 1568 * If no_ecdhe or named curve already specified don't need a default. 1569 */ 1570 if (!no_ecdhe && !strcmp(param, "-named_curve")) 1571 no_ecdhe = 1; 1572#ifndef OPENSSL_NO_JPAKE 1573 if (!no_jpake && !strcmp(param, "-cipher")) { 1574 BIO_puts(err, "JPAKE sets cipher to PSK\n"); 1575 return 0; 1576 } 1577#endif 1578 if (SSL_CONF_cmd(cctx, param, value) <= 0) { 1579 BIO_printf(err, "Error with command: \"%s %s\"\n", 1580 param, value ? value : ""); 1581 ERR_print_errors(err); 1582 return 0; 1583 } 1584 } 1585 /* 1586 * This is a special case to keep existing s_server functionality: if we 1587 * don't have any curve specified *and* we haven't disabled ECDHE then 1588 * use P-256. 1589 */ 1590 if (!no_ecdhe) { 1591 if (SSL_CONF_cmd(cctx, "-named_curve", "P-256") <= 0) { 1592 BIO_puts(err, "Error setting EC curve\n"); 1593 ERR_print_errors(err); 1594 return 0; 1595 } 1596 } 1597#ifndef OPENSSL_NO_JPAKE 1598 if (!no_jpake) { 1599 if (SSL_CONF_cmd(cctx, "-cipher", "PSK") <= 0) { 1600 BIO_puts(err, "Error setting cipher to PSK\n"); 1601 ERR_print_errors(err); 1602 return 0; 1603 } 1604 } 1605#endif 1606 if (!SSL_CONF_CTX_finish(cctx)) { 1607 BIO_puts(err, "Error finishing context\n"); 1608 ERR_print_errors(err); 1609 return 0; 1610 } 1611 return 1; 1612} 1613 1614static int add_crls_store(X509_STORE *st, STACK_OF(X509_CRL) *crls) 1615{ 1616 X509_CRL *crl; 1617 int i; 1618 for (i = 0; i < sk_X509_CRL_num(crls); i++) { 1619 crl = sk_X509_CRL_value(crls, i); 1620 X509_STORE_add_crl(st, crl); 1621 } 1622 return 1; 1623} 1624 1625int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download) 1626{ 1627 X509_STORE *st; 1628 st = SSL_CTX_get_cert_store(ctx); 1629 add_crls_store(st, crls); 1630 if (crl_download) 1631 store_setup_crl_download(st); 1632 return 1; 1633} 1634 1635int ssl_load_stores(SSL_CTX *ctx, 1636 const char *vfyCApath, const char *vfyCAfile, 1637 const char *chCApath, const char *chCAfile, 1638 STACK_OF(X509_CRL) *crls, int crl_download) 1639{ 1640 X509_STORE *vfy = NULL, *ch = NULL; 1641 int rv = 0; 1642 if (vfyCApath || vfyCAfile) { 1643 vfy = X509_STORE_new(); 1644 if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath)) 1645 goto err; 1646 add_crls_store(vfy, crls); 1647 SSL_CTX_set1_verify_cert_store(ctx, vfy); 1648 if (crl_download) 1649 store_setup_crl_download(vfy); 1650 } 1651 if (chCApath || chCAfile) { 1652 ch = X509_STORE_new(); 1653 if (!X509_STORE_load_locations(ch, chCAfile, chCApath)) 1654 goto err; 1655 SSL_CTX_set1_chain_cert_store(ctx, ch); 1656 } 1657 rv = 1; 1658 err: 1659 if (vfy) 1660 X509_STORE_free(vfy); 1661 if (ch) 1662 X509_STORE_free(ch); 1663 return rv; 1664} 1665