1 /* $OpenBSD: s_cb.c,v 1.10 2018/04/25 07:12:33 tb Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
58 /* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
87 * 6. Redistributions of any form whatsoever must retain the following
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
112 #include <sys/socket.h>
114 #include <netinet/in.h>
123 #include <openssl/err.h>
124 #include <openssl/ssl.h>
125 #include <openssl/x509.h>
129 #define COOKIE_SECRET_LENGTH 16
131 int verify_depth
= 0;
132 int verify_return_error
= 0;
133 unsigned char cookie_secret
[COOKIE_SECRET_LENGTH
];
134 int cookie_initialized
= 0;
137 verify_callback(int ok
, X509_STORE_CTX
* ctx
)
142 err_cert
= X509_STORE_CTX_get_current_cert(ctx
);
143 err
= X509_STORE_CTX_get_error(ctx
);
144 depth
= X509_STORE_CTX_get_error_depth(ctx
);
146 BIO_printf(bio_err
, "depth=%d ", depth
);
148 X509_NAME_print_ex(bio_err
, X509_get_subject_name(err_cert
),
150 BIO_puts(bio_err
, "\n");
152 BIO_puts(bio_err
, "<no cert>\n");
154 BIO_printf(bio_err
, "verify error:num=%d:%s\n", err
,
155 X509_verify_cert_error_string(err
));
156 if (verify_depth
>= depth
) {
157 if (!verify_return_error
)
164 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
:
165 BIO_puts(bio_err
, "issuer= ");
166 if (err_cert
== NULL
)
167 BIO_puts(bio_err
, "<error getting cert>");
169 X509_NAME_print_ex(bio_err
,
170 X509_get_issuer_name(err_cert
), 0, XN_FLAG_ONELINE
);
171 BIO_puts(bio_err
, "\n");
173 case X509_V_ERR_CERT_NOT_YET_VALID
:
174 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
:
175 BIO_printf(bio_err
, "notBefore=");
176 if (err_cert
== NULL
)
177 BIO_printf(bio_err
, " <error getting cert>");
179 ASN1_TIME_print(bio_err
, X509_get_notBefore(err_cert
));
180 BIO_printf(bio_err
, "\n");
182 case X509_V_ERR_CERT_HAS_EXPIRED
:
183 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
:
184 BIO_printf(bio_err
, "notAfter=");
185 if (err_cert
== NULL
)
186 BIO_printf(bio_err
, " <error getting cert>");
188 ASN1_TIME_print(bio_err
, X509_get_notAfter(err_cert
));
189 BIO_printf(bio_err
, "\n");
191 case X509_V_ERR_NO_EXPLICIT_POLICY
:
192 policies_print(bio_err
, ctx
);
195 if (err
== X509_V_OK
&& ok
== 2)
196 policies_print(bio_err
, ctx
);
198 BIO_printf(bio_err
, "verify return:%d\n", ok
);
203 set_cert_stuff(SSL_CTX
* ctx
, char *cert_file
, char *key_file
)
205 if (cert_file
!= NULL
) {
211 if (SSL_CTX_use_certificate_file(ctx
, cert_file
,
212 SSL_FILETYPE_PEM
) <= 0) {
214 "unable to get certificate from '%s'\n", cert_file
);
215 ERR_print_errors(bio_err
);
218 if (key_file
== NULL
)
219 key_file
= cert_file
;
220 if (SSL_CTX_use_PrivateKey_file(ctx
, key_file
,
221 SSL_FILETYPE_PEM
) <= 0) {
223 "unable to get private key from '%s'\n", key_file
);
224 ERR_print_errors(bio_err
);
228 In theory this is no longer needed
230 x509=SSL_get_certificate(ssl);
234 pktmp = X509_get_pubkey(x509);
235 EVP_PKEY_copy_parameters(pktmp,
236 SSL_get_privatekey(ssl));
237 EVP_PKEY_free(pktmp);
243 * If we are using DSA, we can copy the parameters from the
249 * Now we know that a key and cert have been set against the
252 if (!SSL_CTX_check_private_key(ctx
)) {
254 "Private key does not match the certificate public key\n");
262 set_cert_key_stuff(SSL_CTX
* ctx
, X509
* cert
, EVP_PKEY
* key
)
266 if (SSL_CTX_use_certificate(ctx
, cert
) <= 0) {
267 BIO_printf(bio_err
, "error setting certificate\n");
268 ERR_print_errors(bio_err
);
271 if (SSL_CTX_use_PrivateKey(ctx
, key
) <= 0) {
272 BIO_printf(bio_err
, "error setting private key\n");
273 ERR_print_errors(bio_err
);
277 * Now we know that a key and cert have been set against the SSL
280 if (!SSL_CTX_check_private_key(ctx
)) {
282 "Private key does not match the certificate public key\n");
289 ssl_print_tmp_key(BIO
*out
, SSL
*s
)
296 if (!SSL_get_server_tmp_key(s
, &pkey
))
299 BIO_puts(out
, "Server Temp Key: ");
300 switch (EVP_PKEY_id(pkey
)) {
302 BIO_printf(out
, "DH, %d bits\n", EVP_PKEY_bits(pkey
));
306 ec
= EVP_PKEY_get1_EC_KEY(pkey
);
307 nid
= EC_GROUP_get_curve_name(EC_KEY_get0_group(ec
));
310 if ((cname
= EC_curve_nid2nist(nid
)) == NULL
)
311 cname
= OBJ_nid2sn(nid
);
313 BIO_printf(out
, "ECDH, %s, %d bits\n", cname
, EVP_PKEY_bits(pkey
));
317 BIO_printf(out
, "%s, %d bits\n", OBJ_nid2sn(EVP_PKEY_id(pkey
)),
318 EVP_PKEY_bits(pkey
));
326 bio_dump_callback(BIO
* bio
, int cmd
, const char *argp
,
327 int argi
, long argl
, long ret
)
331 out
= (BIO
*) BIO_get_callback_arg(bio
);
335 if (cmd
== (BIO_CB_READ
| BIO_CB_RETURN
)) {
337 "read from %p [%p] (%lu bytes => %ld (0x%lX))\n",
338 (void *) bio
, argp
, (unsigned long) argi
, ret
, ret
);
339 BIO_dump(out
, argp
, (int) ret
);
341 } else if (cmd
== (BIO_CB_WRITE
| BIO_CB_RETURN
)) {
343 "write to %p [%p] (%lu bytes => %ld (0x%lX))\n",
344 (void *) bio
, argp
, (unsigned long) argi
, ret
, ret
);
345 BIO_dump(out
, argp
, (int) ret
);
351 apps_ssl_info_callback(const SSL
* s
, int where
, int ret
)
356 w
= where
& ~SSL_ST_MASK
;
358 if (w
& SSL_ST_CONNECT
)
360 else if (w
& SSL_ST_ACCEPT
)
365 if (where
& SSL_CB_LOOP
) {
366 BIO_printf(bio_err
, "%s:%s\n", str
, SSL_state_string_long(s
));
367 } else if (where
& SSL_CB_ALERT
) {
368 str
= (where
& SSL_CB_READ
) ? "read" : "write";
369 BIO_printf(bio_err
, "SSL3 alert %s:%s:%s\n", str
,
370 SSL_alert_type_string_long(ret
),
371 SSL_alert_desc_string_long(ret
));
372 } else if (where
& SSL_CB_EXIT
) {
374 BIO_printf(bio_err
, "%s:failed in %s\n",
375 str
, SSL_state_string_long(s
));
377 BIO_printf(bio_err
, "%s:error in %s\n",
378 str
, SSL_state_string_long(s
));
385 msg_cb(int write_p
, int version
, int content_type
, const void *buf
, size_t len
, SSL
* ssl
, void *arg
)
388 const char *str_write_p
, *str_version
, *str_content_type
= "",
389 *str_details1
= "", *str_details2
= "";
391 str_write_p
= write_p
? ">>>" : "<<<";
395 str_version
= "SSL 2.0";
398 str_version
= "SSL 3.0 ";
401 str_version
= "TLS 1.0 ";
404 str_version
= "TLS 1.1 ";
407 str_version
= "TLS 1.2 ";
410 str_version
= "DTLS 1.0 ";
416 if (version
== SSL2_VERSION
) {
417 str_details1
= "???";
420 switch (((const unsigned char *) buf
)[0]) {
422 str_details1
= ", ERROR:";
423 str_details2
= " ???";
425 unsigned err
= (((const unsigned char *) buf
)[1] << 8) + ((const unsigned char *) buf
)[2];
429 str_details2
= " NO-CIPHER-ERROR";
432 str_details2
= " NO-CERTIFICATE-ERROR";
435 str_details2
= " BAD-CERTIFICATE-ERROR";
438 str_details2
= " UNSUPPORTED-CERTIFICATE-TYPE-ERROR";
444 str_details1
= ", CLIENT-HELLO";
447 str_details1
= ", CLIENT-MASTER-KEY";
450 str_details1
= ", CLIENT-FINISHED";
453 str_details1
= ", SERVER-HELLO";
456 str_details1
= ", SERVER-VERIFY";
459 str_details1
= ", SERVER-FINISHED";
462 str_details1
= ", REQUEST-CERTIFICATE";
465 str_details1
= ", CLIENT-CERTIFICATE";
470 if (version
== SSL3_VERSION
|| version
== TLS1_VERSION
||
471 version
== TLS1_1_VERSION
|| version
== TLS1_2_VERSION
||
472 version
== DTLS1_VERSION
) {
473 switch (content_type
) {
475 str_content_type
= "ChangeCipherSpec";
478 str_content_type
= "Alert";
481 str_content_type
= "Handshake";
485 if (content_type
== 21) { /* Alert */
486 str_details1
= ", ???";
489 switch (((const unsigned char *) buf
)[0]) {
491 str_details1
= ", warning";
494 str_details1
= ", fatal";
498 str_details2
= " ???";
499 switch (((const unsigned char *) buf
)[1]) {
501 str_details2
= " close_notify";
504 str_details2
= " unexpected_message";
507 str_details2
= " bad_record_mac";
510 str_details2
= " decryption_failed";
513 str_details2
= " record_overflow";
516 str_details2
= " decompression_failure";
519 str_details2
= " handshake_failure";
522 str_details2
= " bad_certificate";
525 str_details2
= " unsupported_certificate";
528 str_details2
= " certificate_revoked";
531 str_details2
= " certificate_expired";
534 str_details2
= " certificate_unknown";
537 str_details2
= " illegal_parameter";
540 str_details2
= " unknown_ca";
543 str_details2
= " access_denied";
546 str_details2
= " decode_error";
549 str_details2
= " decrypt_error";
552 str_details2
= " export_restriction";
555 str_details2
= " protocol_version";
558 str_details2
= " insufficient_security";
561 str_details2
= " internal_error";
564 str_details2
= " user_canceled";
567 str_details2
= " no_renegotiation";
570 str_details2
= " unsupported_extension";
573 str_details2
= " certificate_unobtainable";
576 str_details2
= " unrecognized_name";
579 str_details2
= " bad_certificate_status_response";
582 str_details2
= " bad_certificate_hash_value";
585 str_details2
= " unknown_psk_identity";
590 if (content_type
== 22) { /* Handshake */
591 str_details1
= "???";
594 switch (((const unsigned char *) buf
)[0]) {
596 str_details1
= ", HelloRequest";
599 str_details1
= ", ClientHello";
602 str_details1
= ", ServerHello";
605 str_details1
= ", HelloVerifyRequest";
608 str_details1
= ", Certificate";
611 str_details1
= ", ServerKeyExchange";
614 str_details1
= ", CertificateRequest";
617 str_details1
= ", ServerHelloDone";
620 str_details1
= ", CertificateVerify";
623 str_details1
= ", ClientKeyExchange";
626 str_details1
= ", Finished";
632 BIO_printf(bio
, "%s %s%s [length %04lx]%s%s\n", str_write_p
,
633 str_version
, str_content_type
, (unsigned long) len
,
634 str_details1
, str_details2
);
639 BIO_printf(bio
, " ");
642 for (i
= 0; i
< num
; i
++) {
643 if (i
% 16 == 0 && i
> 0)
644 BIO_printf(bio
, "\n ");
645 BIO_printf(bio
, " %02x",
646 ((const unsigned char *) buf
)[i
]);
649 BIO_printf(bio
, " ...");
650 BIO_printf(bio
, "\n");
652 (void) BIO_flush(bio
);
656 tlsext_cb(SSL
* s
, int client_server
, int type
, unsigned char *data
, int len
,
663 case TLSEXT_TYPE_server_name
:
664 extname
= "server name";
667 case TLSEXT_TYPE_max_fragment_length
:
668 extname
= "max fragment length";
671 case TLSEXT_TYPE_client_certificate_url
:
672 extname
= "client certificate URL";
675 case TLSEXT_TYPE_trusted_ca_keys
:
676 extname
= "trusted CA keys";
679 case TLSEXT_TYPE_truncated_hmac
:
680 extname
= "truncated HMAC";
683 case TLSEXT_TYPE_status_request
:
684 extname
= "status request";
687 case TLSEXT_TYPE_user_mapping
:
688 extname
= "user mapping";
691 case TLSEXT_TYPE_client_authz
:
692 extname
= "client authz";
695 case TLSEXT_TYPE_server_authz
:
696 extname
= "server authz";
699 case TLSEXT_TYPE_cert_type
:
700 extname
= "cert type";
703 case TLSEXT_TYPE_elliptic_curves
:
704 extname
= "elliptic curves";
707 case TLSEXT_TYPE_ec_point_formats
:
708 extname
= "EC point formats";
711 case TLSEXT_TYPE_srp
:
715 case TLSEXT_TYPE_signature_algorithms
:
716 extname
= "signature algorithms";
719 case TLSEXT_TYPE_use_srtp
:
720 extname
= "use SRTP";
723 case TLSEXT_TYPE_heartbeat
:
724 extname
= "heartbeat";
727 case TLSEXT_TYPE_session_ticket
:
728 extname
= "session ticket";
731 case TLSEXT_TYPE_renegotiate
:
732 extname
= "renegotiation info";
735 case TLSEXT_TYPE_application_layer_protocol_negotiation
:
736 extname
= "application layer protocol negotiation";
739 case TLSEXT_TYPE_padding
:
740 extname
= "TLS padding";
749 BIO_printf(bio
, "TLS %s extension \"%s\" (id=%d), len=%d\n",
750 client_server
? "server" : "client", extname
, type
, len
);
751 BIO_dump(bio
, (char *) data
, len
);
752 (void) BIO_flush(bio
);
756 generate_cookie_callback(SSL
* ssl
, unsigned char *cookie
,
757 unsigned int *cookie_len
)
759 unsigned char *buffer
, result
[EVP_MAX_MD_SIZE
];
760 unsigned int length
, resultlength
;
763 struct sockaddr_in s4
;
764 struct sockaddr_in6 s6
;
767 /* Initialize a random secret */
768 if (!cookie_initialized
) {
769 arc4random_buf(cookie_secret
, COOKIE_SECRET_LENGTH
);
770 cookie_initialized
= 1;
772 /* Read peer information */
773 (void) BIO_dgram_get_peer(SSL_get_rbio(ssl
), &peer
);
775 /* Create buffer with peer's address and port */
777 switch (peer
.sa
.sa_family
) {
779 length
+= sizeof(struct in_addr
);
780 length
+= sizeof(peer
.s4
.sin_port
);
783 length
+= sizeof(struct in6_addr
);
784 length
+= sizeof(peer
.s6
.sin6_port
);
790 buffer
= malloc(length
);
792 if (buffer
== NULL
) {
793 BIO_printf(bio_err
, "out of memory\n");
796 switch (peer
.sa
.sa_family
) {
798 memcpy(buffer
, &peer
.s4
.sin_port
, sizeof(peer
.s4
.sin_port
));
799 memcpy(buffer
+ sizeof(peer
.s4
.sin_port
),
800 &peer
.s4
.sin_addr
, sizeof(struct in_addr
));
803 memcpy(buffer
, &peer
.s6
.sin6_port
, sizeof(peer
.s6
.sin6_port
));
804 memcpy(buffer
+ sizeof(peer
.s6
.sin6_port
),
805 &peer
.s6
.sin6_addr
, sizeof(struct in6_addr
));
812 /* Calculate HMAC of buffer using the secret */
813 HMAC(EVP_sha1(), cookie_secret
, COOKIE_SECRET_LENGTH
,
814 buffer
, length
, result
, &resultlength
);
817 memcpy(cookie
, result
, resultlength
);
818 *cookie_len
= resultlength
;
824 verify_cookie_callback(SSL
* ssl
, const unsigned char *cookie
,
825 unsigned int cookie_len
)
827 unsigned char *buffer
, result
[EVP_MAX_MD_SIZE
];
828 unsigned int length
, resultlength
;
831 struct sockaddr_in s4
;
832 struct sockaddr_in6 s6
;
835 /* If secret isn't initialized yet, the cookie can't be valid */
836 if (!cookie_initialized
)
839 /* Read peer information */
840 (void) BIO_dgram_get_peer(SSL_get_rbio(ssl
), &peer
);
842 /* Create buffer with peer's address and port */
844 switch (peer
.sa
.sa_family
) {
846 length
+= sizeof(struct in_addr
);
847 length
+= sizeof(peer
.s4
.sin_port
);
850 length
+= sizeof(struct in6_addr
);
851 length
+= sizeof(peer
.s6
.sin6_port
);
857 buffer
= malloc(length
);
859 if (buffer
== NULL
) {
860 BIO_printf(bio_err
, "out of memory\n");
863 switch (peer
.sa
.sa_family
) {
865 memcpy(buffer
, &peer
.s4
.sin_port
, sizeof(peer
.s4
.sin_port
));
866 memcpy(buffer
+ sizeof(peer
.s4
.sin_port
),
867 &peer
.s4
.sin_addr
, sizeof(struct in_addr
));
870 memcpy(buffer
, &peer
.s6
.sin6_port
, sizeof(peer
.s6
.sin6_port
));
871 memcpy(buffer
+ sizeof(peer
.s6
.sin6_port
),
872 &peer
.s6
.sin6_addr
, sizeof(struct in6_addr
));
879 /* Calculate HMAC of buffer using the secret */
880 HMAC(EVP_sha1(), cookie_secret
, COOKIE_SECRET_LENGTH
,
881 buffer
, length
, result
, &resultlength
);
884 if (cookie_len
== resultlength
&&
885 memcmp(result
, cookie
, resultlength
) == 0)