1 /* $OpenBSD: ssl_stat.c,v 1.14 2017/05/07 04:22:24 beck Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
58 /* ====================================================================
59 * Copyright 2005 Nokia. All rights reserved.
61 * The portions of the attached software ("Contribution") is developed by
62 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
65 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
66 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
67 * support (see RFC 4279) to OpenSSL.
69 * No patent licenses or other rights except those expressly stated in
70 * the OpenSSL open source license shall be deemed granted or received
71 * expressly, by implication, estoppel, or otherwise.
73 * No assurances are provided by Nokia that the Contribution does not
74 * infringe the patent or other intellectual property rights of any third
75 * party or that the license provides you with all the necessary rights
76 * to make use of the Contribution.
78 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
79 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
80 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
81 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
90 SSL_state_string_long(const SSL
*s
)
94 switch (S3I(s
)->hs
.state
) {
96 str
= "before SSL initialization";
99 str
= "before accept initialization";
102 str
= "before connect initialization";
105 str
= "SSL negotiation finished successfully";
107 case SSL_ST_RENEGOTIATE
:
108 str
= "SSL renegotiate ciphers";
110 case SSL_ST_BEFORE
|SSL_ST_CONNECT
:
111 str
= "before/connect initialization";
113 case SSL_ST_OK
|SSL_ST_CONNECT
:
114 str
= "ok/connect SSL initialization";
116 case SSL_ST_BEFORE
|SSL_ST_ACCEPT
:
117 str
= "before/accept initialization";
119 case SSL_ST_OK
|SSL_ST_ACCEPT
:
120 str
= "ok/accept SSL initialization";
123 /* SSLv3 additions */
124 case SSL3_ST_CW_CLNT_HELLO_A
:
125 str
= "SSLv3 write client hello A";
127 case SSL3_ST_CW_CLNT_HELLO_B
:
128 str
= "SSLv3 write client hello B";
130 case SSL3_ST_CR_SRVR_HELLO_A
:
131 str
= "SSLv3 read server hello A";
133 case SSL3_ST_CR_SRVR_HELLO_B
:
134 str
= "SSLv3 read server hello B";
136 case SSL3_ST_CR_CERT_A
:
137 str
= "SSLv3 read server certificate A";
139 case SSL3_ST_CR_CERT_B
:
140 str
= "SSLv3 read server certificate B";
142 case SSL3_ST_CR_KEY_EXCH_A
:
143 str
= "SSLv3 read server key exchange A";
145 case SSL3_ST_CR_KEY_EXCH_B
:
146 str
= "SSLv3 read server key exchange B";
148 case SSL3_ST_CR_CERT_REQ_A
:
149 str
= "SSLv3 read server certificate request A";
151 case SSL3_ST_CR_CERT_REQ_B
:
152 str
= "SSLv3 read server certificate request B";
154 case SSL3_ST_CR_SESSION_TICKET_A
:
155 str
= "SSLv3 read server session ticket A";
157 case SSL3_ST_CR_SESSION_TICKET_B
:
158 str
= "SSLv3 read server session ticket B";
160 case SSL3_ST_CR_SRVR_DONE_A
:
161 str
= "SSLv3 read server done A";
163 case SSL3_ST_CR_SRVR_DONE_B
:
164 str
= "SSLv3 read server done B";
166 case SSL3_ST_CW_CERT_A
:
167 str
= "SSLv3 write client certificate A";
169 case SSL3_ST_CW_CERT_B
:
170 str
= "SSLv3 write client certificate B";
172 case SSL3_ST_CW_CERT_C
:
173 str
= "SSLv3 write client certificate C";
175 case SSL3_ST_CW_CERT_D
:
176 str
= "SSLv3 write client certificate D";
178 case SSL3_ST_CW_KEY_EXCH_A
:
179 str
= "SSLv3 write client key exchange A";
181 case SSL3_ST_CW_KEY_EXCH_B
:
182 str
= "SSLv3 write client key exchange B";
184 case SSL3_ST_CW_CERT_VRFY_A
:
185 str
= "SSLv3 write certificate verify A";
187 case SSL3_ST_CW_CERT_VRFY_B
:
188 str
= "SSLv3 write certificate verify B";
191 case SSL3_ST_CW_CHANGE_A
:
192 case SSL3_ST_SW_CHANGE_A
:
193 str
= "SSLv3 write change cipher spec A";
195 case SSL3_ST_CW_CHANGE_B
:
196 case SSL3_ST_SW_CHANGE_B
:
197 str
= "SSLv3 write change cipher spec B";
199 case SSL3_ST_CW_FINISHED_A
:
200 case SSL3_ST_SW_FINISHED_A
:
201 str
= "SSLv3 write finished A";
203 case SSL3_ST_CW_FINISHED_B
:
204 case SSL3_ST_SW_FINISHED_B
:
205 str
= "SSLv3 write finished B";
207 case SSL3_ST_CR_CHANGE_A
:
208 case SSL3_ST_SR_CHANGE_A
:
209 str
= "SSLv3 read change cipher spec A";
211 case SSL3_ST_CR_CHANGE_B
:
212 case SSL3_ST_SR_CHANGE_B
:
213 str
= "SSLv3 read change cipher spec B";
215 case SSL3_ST_CR_FINISHED_A
:
216 case SSL3_ST_SR_FINISHED_A
:
217 str
= "SSLv3 read finished A";
219 case SSL3_ST_CR_FINISHED_B
:
220 case SSL3_ST_SR_FINISHED_B
:
221 str
= "SSLv3 read finished B";
224 case SSL3_ST_CW_FLUSH
:
225 case SSL3_ST_SW_FLUSH
:
226 str
= "SSLv3 flush data";
229 case SSL3_ST_SR_CLNT_HELLO_A
:
230 str
= "SSLv3 read client hello A";
232 case SSL3_ST_SR_CLNT_HELLO_B
:
233 str
= "SSLv3 read client hello B";
235 case SSL3_ST_SR_CLNT_HELLO_C
:
236 str
= "SSLv3 read client hello C";
238 case SSL3_ST_SW_HELLO_REQ_A
:
239 str
= "SSLv3 write hello request A";
241 case SSL3_ST_SW_HELLO_REQ_B
:
242 str
= "SSLv3 write hello request B";
244 case SSL3_ST_SW_HELLO_REQ_C
:
245 str
= "SSLv3 write hello request C";
247 case SSL3_ST_SW_SRVR_HELLO_A
:
248 str
= "SSLv3 write server hello A";
250 case SSL3_ST_SW_SRVR_HELLO_B
:
251 str
= "SSLv3 write server hello B";
253 case SSL3_ST_SW_CERT_A
:
254 str
= "SSLv3 write certificate A";
256 case SSL3_ST_SW_CERT_B
:
257 str
= "SSLv3 write certificate B";
259 case SSL3_ST_SW_KEY_EXCH_A
:
260 str
= "SSLv3 write key exchange A";
262 case SSL3_ST_SW_KEY_EXCH_B
:
263 str
= "SSLv3 write key exchange B";
265 case SSL3_ST_SW_CERT_REQ_A
:
266 str
= "SSLv3 write certificate request A";
268 case SSL3_ST_SW_CERT_REQ_B
:
269 str
= "SSLv3 write certificate request B";
271 case SSL3_ST_SW_SESSION_TICKET_A
:
272 str
= "SSLv3 write session ticket A";
274 case SSL3_ST_SW_SESSION_TICKET_B
:
275 str
= "SSLv3 write session ticket B";
277 case SSL3_ST_SW_SRVR_DONE_A
:
278 str
= "SSLv3 write server done A";
280 case SSL3_ST_SW_SRVR_DONE_B
:
281 str
= "SSLv3 write server done B";
283 case SSL3_ST_SR_CERT_A
:
284 str
= "SSLv3 read client certificate A";
286 case SSL3_ST_SR_CERT_B
:
287 str
= "SSLv3 read client certificate B";
289 case SSL3_ST_SR_KEY_EXCH_A
:
290 str
= "SSLv3 read client key exchange A";
292 case SSL3_ST_SR_KEY_EXCH_B
:
293 str
= "SSLv3 read client key exchange B";
295 case SSL3_ST_SR_CERT_VRFY_A
:
296 str
= "SSLv3 read certificate verify A";
298 case SSL3_ST_SR_CERT_VRFY_B
:
299 str
= "SSLv3 read certificate verify B";
303 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A
:
304 str
= "DTLS1 read hello verify request A";
306 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B
:
307 str
= "DTLS1 read hello verify request B";
309 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A
:
310 str
= "DTLS1 write hello verify request A";
312 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B
:
313 str
= "DTLS1 write hello verify request B";
317 str
= "unknown state";
324 SSL_rstate_string_long(const SSL
*s
)
328 switch (s
->internal
->rstate
) {
329 case SSL_ST_READ_HEADER
:
332 case SSL_ST_READ_BODY
:
335 case SSL_ST_READ_DONE
:
346 SSL_state_string(const SSL
*s
)
350 switch (S3I(s
)->hs
.state
) {
364 /* SSLv3 additions */
365 case SSL3_ST_SW_FLUSH
:
366 case SSL3_ST_CW_FLUSH
:
369 case SSL3_ST_CW_CLNT_HELLO_A
:
372 case SSL3_ST_CW_CLNT_HELLO_B
:
375 case SSL3_ST_CR_SRVR_HELLO_A
:
378 case SSL3_ST_CR_SRVR_HELLO_B
:
381 case SSL3_ST_CR_CERT_A
:
384 case SSL3_ST_CR_CERT_B
:
387 case SSL3_ST_CR_KEY_EXCH_A
:
390 case SSL3_ST_CR_KEY_EXCH_B
:
393 case SSL3_ST_CR_CERT_REQ_A
:
396 case SSL3_ST_CR_CERT_REQ_B
:
399 case SSL3_ST_CR_SRVR_DONE_A
:
402 case SSL3_ST_CR_SRVR_DONE_B
:
405 case SSL3_ST_CW_CERT_A
:
408 case SSL3_ST_CW_CERT_B
:
411 case SSL3_ST_CW_CERT_C
:
414 case SSL3_ST_CW_CERT_D
:
417 case SSL3_ST_CW_KEY_EXCH_A
:
420 case SSL3_ST_CW_KEY_EXCH_B
:
423 case SSL3_ST_CW_CERT_VRFY_A
:
426 case SSL3_ST_CW_CERT_VRFY_B
:
430 case SSL3_ST_SW_CHANGE_A
:
431 case SSL3_ST_CW_CHANGE_A
:
434 case SSL3_ST_SW_CHANGE_B
:
435 case SSL3_ST_CW_CHANGE_B
:
438 case SSL3_ST_SW_FINISHED_A
:
439 case SSL3_ST_CW_FINISHED_A
:
442 case SSL3_ST_SW_FINISHED_B
:
443 case SSL3_ST_CW_FINISHED_B
:
446 case SSL3_ST_SR_CHANGE_A
:
447 case SSL3_ST_CR_CHANGE_A
:
450 case SSL3_ST_SR_CHANGE_B
:
451 case SSL3_ST_CR_CHANGE_B
:
454 case SSL3_ST_SR_FINISHED_A
:
455 case SSL3_ST_CR_FINISHED_A
:
458 case SSL3_ST_SR_FINISHED_B
:
459 case SSL3_ST_CR_FINISHED_B
:
463 case SSL3_ST_SW_HELLO_REQ_A
:
466 case SSL3_ST_SW_HELLO_REQ_B
:
469 case SSL3_ST_SW_HELLO_REQ_C
:
472 case SSL3_ST_SR_CLNT_HELLO_A
:
475 case SSL3_ST_SR_CLNT_HELLO_B
:
478 case SSL3_ST_SR_CLNT_HELLO_C
:
481 case SSL3_ST_SW_SRVR_HELLO_A
:
484 case SSL3_ST_SW_SRVR_HELLO_B
:
487 case SSL3_ST_SW_CERT_A
:
490 case SSL3_ST_SW_CERT_B
:
493 case SSL3_ST_SW_KEY_EXCH_A
:
496 case SSL3_ST_SW_KEY_EXCH_B
:
499 case SSL3_ST_SW_CERT_REQ_A
:
502 case SSL3_ST_SW_CERT_REQ_B
:
505 case SSL3_ST_SW_SRVR_DONE_A
:
508 case SSL3_ST_SW_SRVR_DONE_B
:
511 case SSL3_ST_SR_CERT_A
:
514 case SSL3_ST_SR_CERT_B
:
517 case SSL3_ST_SR_KEY_EXCH_A
:
520 case SSL3_ST_SR_KEY_EXCH_B
:
523 case SSL3_ST_SR_CERT_VRFY_A
:
526 case SSL3_ST_SR_CERT_VRFY_B
:
531 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A
:
534 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B
:
537 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A
:
540 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B
:
552 SSL_alert_type_string_long(int value
)
555 if (value
== SSL3_AL_WARNING
)
557 else if (value
== SSL3_AL_FATAL
)
564 SSL_alert_type_string(int value
)
567 if (value
== SSL3_AL_WARNING
)
569 else if (value
== SSL3_AL_FATAL
)
576 SSL_alert_desc_string(int value
)
580 switch (value
& 0xff) {
581 case SSL3_AD_CLOSE_NOTIFY
:
584 case SSL3_AD_UNEXPECTED_MESSAGE
:
587 case SSL3_AD_BAD_RECORD_MAC
:
590 case SSL3_AD_DECOMPRESSION_FAILURE
:
593 case SSL3_AD_HANDSHAKE_FAILURE
:
596 case SSL3_AD_NO_CERTIFICATE
:
599 case SSL3_AD_BAD_CERTIFICATE
:
602 case SSL3_AD_UNSUPPORTED_CERTIFICATE
:
605 case SSL3_AD_CERTIFICATE_REVOKED
:
608 case SSL3_AD_CERTIFICATE_EXPIRED
:
611 case SSL3_AD_CERTIFICATE_UNKNOWN
:
614 case SSL3_AD_ILLEGAL_PARAMETER
:
617 case TLS1_AD_DECRYPTION_FAILED
:
620 case TLS1_AD_RECORD_OVERFLOW
:
623 case TLS1_AD_UNKNOWN_CA
:
626 case TLS1_AD_ACCESS_DENIED
:
629 case TLS1_AD_DECODE_ERROR
:
632 case TLS1_AD_DECRYPT_ERROR
:
635 case TLS1_AD_EXPORT_RESTRICTION
:
638 case TLS1_AD_PROTOCOL_VERSION
:
641 case TLS1_AD_INSUFFICIENT_SECURITY
:
644 case TLS1_AD_INTERNAL_ERROR
:
647 case TLS1_AD_USER_CANCELLED
:
650 case TLS1_AD_NO_RENEGOTIATION
:
653 case TLS1_AD_UNSUPPORTED_EXTENSION
:
656 case TLS1_AD_CERTIFICATE_UNOBTAINABLE
:
659 case TLS1_AD_UNRECOGNIZED_NAME
:
662 case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
:
665 case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
:
668 case TLS1_AD_UNKNOWN_PSK_IDENTITY
:
679 SSL_alert_desc_string_long(int value
)
683 switch (value
& 0xff) {
684 case SSL3_AD_CLOSE_NOTIFY
:
685 str
= "close notify";
687 case SSL3_AD_UNEXPECTED_MESSAGE
:
688 str
= "unexpected_message";
690 case SSL3_AD_BAD_RECORD_MAC
:
691 str
= "bad record mac";
693 case SSL3_AD_DECOMPRESSION_FAILURE
:
694 str
= "decompression failure";
696 case SSL3_AD_HANDSHAKE_FAILURE
:
697 str
= "handshake failure";
699 case SSL3_AD_NO_CERTIFICATE
:
700 str
= "no certificate";
702 case SSL3_AD_BAD_CERTIFICATE
:
703 str
= "bad certificate";
705 case SSL3_AD_UNSUPPORTED_CERTIFICATE
:
706 str
= "unsupported certificate";
708 case SSL3_AD_CERTIFICATE_REVOKED
:
709 str
= "certificate revoked";
711 case SSL3_AD_CERTIFICATE_EXPIRED
:
712 str
= "certificate expired";
714 case SSL3_AD_CERTIFICATE_UNKNOWN
:
715 str
= "certificate unknown";
717 case SSL3_AD_ILLEGAL_PARAMETER
:
718 str
= "illegal parameter";
720 case TLS1_AD_DECRYPTION_FAILED
:
721 str
= "decryption failed";
723 case TLS1_AD_RECORD_OVERFLOW
:
724 str
= "record overflow";
726 case TLS1_AD_UNKNOWN_CA
:
729 case TLS1_AD_ACCESS_DENIED
:
730 str
= "access denied";
732 case TLS1_AD_DECODE_ERROR
:
733 str
= "decode error";
735 case TLS1_AD_DECRYPT_ERROR
:
736 str
= "decrypt error";
738 case TLS1_AD_EXPORT_RESTRICTION
:
739 str
= "export restriction";
741 case TLS1_AD_PROTOCOL_VERSION
:
742 str
= "protocol version";
744 case TLS1_AD_INSUFFICIENT_SECURITY
:
745 str
= "insufficient security";
747 case TLS1_AD_INTERNAL_ERROR
:
748 str
= "internal error";
750 case TLS1_AD_USER_CANCELLED
:
751 str
= "user canceled";
753 case TLS1_AD_NO_RENEGOTIATION
:
754 str
= "no renegotiation";
756 case TLS1_AD_UNSUPPORTED_EXTENSION
:
757 str
= "unsupported extension";
759 case TLS1_AD_CERTIFICATE_UNOBTAINABLE
:
760 str
= "certificate unobtainable";
762 case TLS1_AD_UNRECOGNIZED_NAME
:
763 str
= "unrecognized name";
765 case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
:
766 str
= "bad certificate status response";
768 case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
:
769 str
= "bad certificate hash value";
771 case TLS1_AD_UNKNOWN_PSK_IDENTITY
:
772 str
= "unknown PSK identity";
782 SSL_rstate_string(const SSL
*s
)
786 switch (s
->internal
->rstate
) {
787 case SSL_ST_READ_HEADER
:
790 case SSL_ST_READ_BODY
:
793 case SSL_ST_READ_DONE
: