1 /* $OpenBSD: s_cb.c,v 1.20 2022/08/31 07:12:30 tb Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58 /* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112 #include <sys/socket.h>
113
114 #include <netinet/in.h>
115
116 #include <netdb.h>
117 #include <stdio.h>
118 #include <stdlib.h>
119 #include <string.h>
120
121 #include "apps.h"
122
123 #include <openssl/err.h>
124 #include <openssl/ssl.h>
125 #include <openssl/x509.h>
126
127 #include "s_apps.h"
128
129 #define COOKIE_SECRET_LENGTH 16
130
131 int verify_depth = 0;
132 int verify_return_error = 0;
133 unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
134 int cookie_initialized = 0;
135
136 int
verify_callback(int ok,X509_STORE_CTX * ctx)137 verify_callback(int ok, X509_STORE_CTX * ctx)
138 {
139 X509 *err_cert;
140 int err, depth;
141
142 err_cert = X509_STORE_CTX_get_current_cert(ctx);
143 err = X509_STORE_CTX_get_error(ctx);
144 depth = X509_STORE_CTX_get_error_depth(ctx);
145
146 BIO_printf(bio_err, "depth=%d ", depth);
147 if (err_cert) {
148 X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
149 0, XN_FLAG_ONELINE);
150 BIO_puts(bio_err, "\n");
151 } else
152 BIO_puts(bio_err, "<no cert>\n");
153 if (!ok) {
154 BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
155 X509_verify_cert_error_string(err));
156 if (verify_depth >= depth) {
157 if (!verify_return_error)
158 ok = 1;
159 } else {
160 ok = 0;
161 }
162 }
163 switch (err) {
164 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
165 BIO_puts(bio_err, "issuer= ");
166 if (err_cert == NULL)
167 BIO_puts(bio_err, "<error getting cert>");
168 else
169 X509_NAME_print_ex(bio_err,
170 X509_get_issuer_name(err_cert), 0, XN_FLAG_ONELINE);
171 BIO_puts(bio_err, "\n");
172 break;
173 case X509_V_ERR_CERT_NOT_YET_VALID:
174 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
175 BIO_printf(bio_err, "notBefore=");
176 if (err_cert == NULL)
177 BIO_printf(bio_err, " <error getting cert>");
178 else
179 ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert));
180 BIO_printf(bio_err, "\n");
181 break;
182 case X509_V_ERR_CERT_HAS_EXPIRED:
183 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
184 BIO_printf(bio_err, "notAfter=");
185 if (err_cert == NULL)
186 BIO_printf(bio_err, " <error getting cert>");
187 else
188 ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert));
189 BIO_printf(bio_err, "\n");
190 break;
191 case X509_V_ERR_NO_EXPLICIT_POLICY:
192 policies_print(bio_err, ctx);
193 break;
194 }
195 if (err == X509_V_OK && ok == 2)
196 policies_print(bio_err, ctx);
197
198 BIO_printf(bio_err, "verify return:%d\n", ok);
199 return (ok);
200 }
201
202 int
set_cert_stuff(SSL_CTX * ctx,char * cert_file,char * key_file)203 set_cert_stuff(SSL_CTX * ctx, char *cert_file, char *key_file)
204 {
205 if (cert_file == NULL)
206 return 1;
207
208 if (key_file == NULL)
209 key_file = cert_file;
210
211 if (SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0) {
212 BIO_printf(bio_err,
213 "unable to get certificate from '%s'\n", cert_file);
214 ERR_print_errors(bio_err);
215 return 0;
216 }
217 if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) {
218 BIO_printf(bio_err, "unable to get private key from '%s'\n",
219 key_file);
220 ERR_print_errors(bio_err);
221 return 0;
222 }
223
224 /* Now we know that a key and cert have been set against the context. */
225 if (!SSL_CTX_check_private_key(ctx)) {
226 BIO_printf(bio_err,
227 "Private key does not match the certificate public key\n");
228 return 0;
229 }
230
231 return 1;
232 }
233
234 int
set_cert_key_stuff(SSL_CTX * ctx,X509 * cert,EVP_PKEY * key)235 set_cert_key_stuff(SSL_CTX * ctx, X509 * cert, EVP_PKEY * key)
236 {
237 if (cert == NULL)
238 return 1;
239 if (SSL_CTX_use_certificate(ctx, cert) <= 0) {
240 BIO_printf(bio_err, "error setting certificate\n");
241 ERR_print_errors(bio_err);
242 return 0;
243 }
244 if (SSL_CTX_use_PrivateKey(ctx, key) <= 0) {
245 BIO_printf(bio_err, "error setting private key\n");
246 ERR_print_errors(bio_err);
247 return 0;
248 }
249 /*
250 * Now we know that a key and cert have been set against the SSL
251 * context
252 */
253 if (!SSL_CTX_check_private_key(ctx)) {
254 BIO_printf(bio_err,
255 "Private key does not match the certificate public key\n");
256 return 0;
257 }
258 return 1;
259 }
260
261 int
ssl_print_tmp_key(BIO * out,SSL * s)262 ssl_print_tmp_key(BIO *out, SSL *s)
263 {
264 const char *cname;
265 EVP_PKEY *pkey;
266 EC_KEY *ec;
267 const EC_GROUP *group;
268 int nid;
269
270 if (!SSL_get_server_tmp_key(s, &pkey))
271 return 0;
272
273 BIO_puts(out, "Server Temp Key: ");
274 switch (EVP_PKEY_id(pkey)) {
275 case EVP_PKEY_DH:
276 BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(pkey));
277 break;
278
279 case EVP_PKEY_EC:
280 if ((ec = EVP_PKEY_get0_EC_KEY(pkey)) == NULL)
281 goto err;
282 if ((group = EC_KEY_get0_group(ec)) == NULL)
283 goto err;
284
285 nid = EC_GROUP_get_curve_name(group);
286
287 if ((cname = EC_curve_nid2nist(nid)) == NULL)
288 cname = OBJ_nid2sn(nid);
289
290 BIO_printf(out, "ECDH, %s, %d bits\n", cname, EVP_PKEY_bits(pkey));
291 break;
292
293 default:
294 BIO_printf(out, "%s, %d bits\n", OBJ_nid2sn(EVP_PKEY_id(pkey)),
295 EVP_PKEY_bits(pkey));
296 }
297
298 err:
299 EVP_PKEY_free(pkey);
300 return 1;
301 }
302
303 long
bio_dump_callback(BIO * bio,int cmd,const char * argp,int argi,long argl,long ret)304 bio_dump_callback(BIO * bio, int cmd, const char *argp,
305 int argi, long argl, long ret)
306 {
307 BIO *out;
308
309 out = (BIO *) BIO_get_callback_arg(bio);
310 if (out == NULL)
311 return (ret);
312
313 if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) {
314 BIO_printf(out,
315 "read from %p [%p] (%lu bytes => %ld (0x%lX))\n",
316 (void *) bio, argp, (unsigned long) argi, ret, ret);
317 BIO_dump(out, argp, (int) ret);
318 return (ret);
319 } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) {
320 BIO_printf(out,
321 "write to %p [%p] (%lu bytes => %ld (0x%lX))\n",
322 (void *) bio, argp, (unsigned long) argi, ret, ret);
323 BIO_dump(out, argp, (int) ret);
324 }
325 return (ret);
326 }
327
328 void
apps_ssl_info_callback(const SSL * s,int where,int ret)329 apps_ssl_info_callback(const SSL * s, int where, int ret)
330 {
331 const char *str;
332 int w;
333
334 w = where & ~SSL_ST_MASK;
335
336 if (w & SSL_ST_CONNECT)
337 str = "SSL_connect";
338 else if (w & SSL_ST_ACCEPT)
339 str = "SSL_accept";
340 else
341 str = "undefined";
342
343 if (where & SSL_CB_LOOP) {
344 BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s));
345 } else if (where & SSL_CB_ALERT) {
346 str = (where & SSL_CB_READ) ? "read" : "write";
347 BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n", str,
348 SSL_alert_type_string_long(ret),
349 SSL_alert_desc_string_long(ret));
350 } else if (where & SSL_CB_EXIT) {
351 if (ret == 0)
352 BIO_printf(bio_err, "%s:failed in %s\n",
353 str, SSL_state_string_long(s));
354 else if (ret < 0) {
355 BIO_printf(bio_err, "%s:error in %s\n",
356 str, SSL_state_string_long(s));
357 }
358 }
359 }
360
361
362 void
msg_cb(int write_p,int version,int content_type,const void * buf,size_t len,SSL * ssl,void * arg)363 msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL * ssl, void *arg)
364 {
365 BIO *bio = arg;
366 const char *str_write_p, *str_version, *str_content_type = "",
367 *str_details1 = "", *str_details2 = "";
368
369 str_write_p = write_p ? ">>>" : "<<<";
370
371 /* XXX convert to using ssl_get_version */
372 switch (version) {
373 case SSL2_VERSION:
374 str_version = "SSL 2.0";
375 break;
376 case SSL3_VERSION:
377 str_version = "SSL 3.0 ";
378 break;
379 case TLS1_VERSION:
380 str_version = "TLS 1.0 ";
381 break;
382 case TLS1_1_VERSION:
383 str_version = "TLS 1.1 ";
384 break;
385 case TLS1_2_VERSION:
386 str_version = "TLS 1.2 ";
387 break;
388 case TLS1_3_VERSION:
389 str_version = "TLS 1.3 ";
390 break;
391 case DTLS1_VERSION:
392 str_version = "DTLS 1.0 ";
393 break;
394 case DTLS1_2_VERSION:
395 str_version = "DTLS 1.2 ";
396 break;
397 default:
398 str_version = "???";
399 }
400
401 if (version == SSL2_VERSION) {
402 str_details1 = "???";
403
404 if (len > 0) {
405 /* XXX magic numbers */
406 switch (((const unsigned char *) buf)[0]) {
407 case 0:
408 str_details1 = ", ERROR:";
409 str_details2 = " ???";
410 if (len >= 3) {
411 unsigned err = (((const unsigned char *) buf)[1] << 8) + ((const unsigned char *) buf)[2];
412
413 switch (err) {
414 case 0x0001:
415 str_details2 = " NO-CIPHER-ERROR";
416 break;
417 case 0x0002:
418 str_details2 = " NO-CERTIFICATE-ERROR";
419 break;
420 case 0x0004:
421 str_details2 = " BAD-CERTIFICATE-ERROR";
422 break;
423 case 0x0006:
424 str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR";
425 break;
426 }
427 }
428 break;
429 case 1:
430 str_details1 = ", CLIENT-HELLO";
431 break;
432 case 2:
433 str_details1 = ", CLIENT-MASTER-KEY";
434 break;
435 case 3:
436 str_details1 = ", CLIENT-FINISHED";
437 break;
438 case 4:
439 str_details1 = ", SERVER-HELLO";
440 break;
441 case 5:
442 str_details1 = ", SERVER-VERIFY";
443 break;
444 case 6:
445 str_details1 = ", SERVER-FINISHED";
446 break;
447 case 7:
448 str_details1 = ", REQUEST-CERTIFICATE";
449 break;
450 case 8:
451 str_details1 = ", CLIENT-CERTIFICATE";
452 break;
453 }
454 }
455 }
456 if (version == SSL3_VERSION || version == TLS1_VERSION ||
457 version == TLS1_1_VERSION || version == TLS1_2_VERSION ||
458 version == TLS1_3_VERSION || version == DTLS1_VERSION ||
459 version == DTLS1_2_VERSION) {
460 /* XXX magic numbers are in ssl3.h */
461 switch (content_type) {
462 case 20:
463 str_content_type = "ChangeCipherSpec";
464 break;
465 case 21:
466 str_content_type = "Alert";
467 break;
468 case 22:
469 str_content_type = "Handshake";
470 break;
471 }
472
473 if (content_type == 21) { /* Alert */
474 str_details1 = ", ???";
475
476 if (len == 2) {
477 switch (((const unsigned char *) buf)[0]) {
478 case 1:
479 str_details1 = ", warning";
480 break;
481 case 2:
482 str_details1 = ", fatal";
483 break;
484 }
485
486 str_details2 = " ???";
487 switch (((const unsigned char *) buf)[1]) {
488 case 0:
489 str_details2 = " close_notify";
490 break;
491 case 10:
492 str_details2 = " unexpected_message";
493 break;
494 case 20:
495 str_details2 = " bad_record_mac";
496 break;
497 case 21:
498 str_details2 = " decryption_failed";
499 break;
500 case 22:
501 str_details2 = " record_overflow";
502 break;
503 case 30:
504 str_details2 = " decompression_failure";
505 break;
506 case 40:
507 str_details2 = " handshake_failure";
508 break;
509 case 42:
510 str_details2 = " bad_certificate";
511 break;
512 case 43:
513 str_details2 = " unsupported_certificate";
514 break;
515 case 44:
516 str_details2 = " certificate_revoked";
517 break;
518 case 45:
519 str_details2 = " certificate_expired";
520 break;
521 case 46:
522 str_details2 = " certificate_unknown";
523 break;
524 case 47:
525 str_details2 = " illegal_parameter";
526 break;
527 case 48:
528 str_details2 = " unknown_ca";
529 break;
530 case 49:
531 str_details2 = " access_denied";
532 break;
533 case 50:
534 str_details2 = " decode_error";
535 break;
536 case 51:
537 str_details2 = " decrypt_error";
538 break;
539 case 60:
540 str_details2 = " export_restriction";
541 break;
542 case 70:
543 str_details2 = " protocol_version";
544 break;
545 case 71:
546 str_details2 = " insufficient_security";
547 break;
548 case 80:
549 str_details2 = " internal_error";
550 break;
551 case 90:
552 str_details2 = " user_canceled";
553 break;
554 case 100:
555 str_details2 = " no_renegotiation";
556 break;
557 case 110:
558 str_details2 = " unsupported_extension";
559 break;
560 case 111:
561 str_details2 = " certificate_unobtainable";
562 break;
563 case 112:
564 str_details2 = " unrecognized_name";
565 break;
566 case 113:
567 str_details2 = " bad_certificate_status_response";
568 break;
569 case 114:
570 str_details2 = " bad_certificate_hash_value";
571 break;
572 case 115:
573 str_details2 = " unknown_psk_identity";
574 break;
575 }
576 }
577 }
578 if (content_type == 22) { /* Handshake */
579 str_details1 = "???";
580
581 if (len > 0) {
582 switch (((const unsigned char *) buf)[0]) {
583 case 0:
584 str_details1 = ", HelloRequest";
585 break;
586 case 1:
587 str_details1 = ", ClientHello";
588 break;
589 case 2:
590 str_details1 = ", ServerHello";
591 break;
592 case 3:
593 str_details1 = ", HelloVerifyRequest";
594 break;
595 case 4:
596 str_details1 = ", NewSessionTicket";
597 break;
598 case 5:
599 str_details1 = ", EndOfEarlyData";
600 break;
601 case 8:
602 str_details1 = ", EncryptedExtensions";
603 break;
604 case 11:
605 str_details1 = ", Certificate";
606 break;
607 case 12:
608 str_details1 = ", ServerKeyExchange";
609 break;
610 case 13:
611 str_details1 = ", CertificateRequest";
612 break;
613 case 14:
614 str_details1 = ", ServerHelloDone";
615 break;
616 case 15:
617 str_details1 = ", CertificateVerify";
618 break;
619 case 16:
620 str_details1 = ", ClientKeyExchange";
621 break;
622 case 20:
623 str_details1 = ", Finished";
624 break;
625 case 24:
626 str_details1 = ", KeyUpdate";
627 break;
628 }
629 }
630 }
631 }
632 BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p,
633 str_version, str_content_type, (unsigned long) len,
634 str_details1, str_details2);
635
636 if (len > 0) {
637 size_t num, i;
638
639 BIO_printf(bio, " ");
640 num = len;
641
642 for (i = 0; i < num; i++) {
643 if (i % 16 == 0 && i > 0)
644 BIO_printf(bio, "\n ");
645 BIO_printf(bio, " %02x",
646 ((const unsigned char *) buf)[i]);
647 }
648 if (i < len)
649 BIO_printf(bio, " ...");
650 BIO_printf(bio, "\n");
651 }
652 (void) BIO_flush(bio);
653 }
654
655 void
tlsext_cb(SSL * s,int client_server,int type,unsigned char * data,int len,void * arg)656 tlsext_cb(SSL * s, int client_server, int type, unsigned char *data, int len,
657 void *arg)
658 {
659 BIO *bio = arg;
660 char *extname;
661
662 switch (type) {
663 case TLSEXT_TYPE_server_name:
664 extname = "server name";
665 break;
666
667 case TLSEXT_TYPE_max_fragment_length:
668 extname = "max fragment length";
669 break;
670
671 case TLSEXT_TYPE_client_certificate_url:
672 extname = "client certificate URL";
673 break;
674
675 case TLSEXT_TYPE_trusted_ca_keys:
676 extname = "trusted CA keys";
677 break;
678
679 case TLSEXT_TYPE_truncated_hmac:
680 extname = "truncated HMAC";
681 break;
682
683 case TLSEXT_TYPE_status_request:
684 extname = "status request";
685 break;
686
687 case TLSEXT_TYPE_user_mapping:
688 extname = "user mapping";
689 break;
690
691 case TLSEXT_TYPE_client_authz:
692 extname = "client authz";
693 break;
694
695 case TLSEXT_TYPE_server_authz:
696 extname = "server authz";
697 break;
698
699 case TLSEXT_TYPE_cert_type:
700 extname = "cert type";
701 break;
702
703 case TLSEXT_TYPE_supported_groups:
704 extname = "supported groups";
705 break;
706
707 case TLSEXT_TYPE_ec_point_formats:
708 extname = "EC point formats";
709 break;
710
711 case TLSEXT_TYPE_srp:
712 extname = "SRP";
713 break;
714
715 case TLSEXT_TYPE_signature_algorithms:
716 extname = "signature algorithms";
717 break;
718
719 case TLSEXT_TYPE_use_srtp:
720 extname = "use SRTP";
721 break;
722
723 case TLSEXT_TYPE_heartbeat:
724 extname = "heartbeat";
725 break;
726
727 case TLSEXT_TYPE_application_layer_protocol_negotiation:
728 extname = "application layer protocol negotiation";
729 break;
730
731 case TLSEXT_TYPE_padding:
732 extname = "TLS padding";
733 break;
734
735 case TLSEXT_TYPE_session_ticket:
736 extname = "session ticket";
737 break;
738
739 #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
740 case TLSEXT_TYPE_pre_shared_key:
741 extname = "pre shared key";
742 break;
743
744 case TLSEXT_TYPE_early_data:
745 extname = "early data";
746 break;
747
748 case TLSEXT_TYPE_supported_versions:
749 extname = "supported versions";
750 break;
751
752 case TLSEXT_TYPE_cookie:
753 extname = "cookie";
754 break;
755
756 case TLSEXT_TYPE_psk_key_exchange_modes:
757 extname = "PSK key exchange modes";
758 break;
759
760 case TLSEXT_TYPE_certificate_authorities:
761 extname = "certificate authorities";
762 break;
763
764 case TLSEXT_TYPE_oid_filters:
765 extname = "OID filters";
766 break;
767
768 case TLSEXT_TYPE_post_handshake_auth:
769 extname = "post handshake auth";
770 break;
771
772 case TLSEXT_TYPE_signature_algorithms_cert:
773 extname = "signature algorithms cert";
774 break;
775
776 case TLSEXT_TYPE_key_share:
777 extname = "key share";
778 break;
779 #endif
780
781 case TLSEXT_TYPE_renegotiate:
782 extname = "renegotiation info";
783 break;
784
785 default:
786 extname = "unknown";
787 break;
788
789 }
790
791 BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n",
792 client_server ? "server" : "client", extname, type, len);
793 BIO_dump(bio, (char *) data, len);
794 (void) BIO_flush(bio);
795 }
796
797 int
generate_cookie_callback(SSL * ssl,unsigned char * cookie,unsigned int * cookie_len)798 generate_cookie_callback(SSL * ssl, unsigned char *cookie,
799 unsigned int *cookie_len)
800 {
801 unsigned char *buffer, result[EVP_MAX_MD_SIZE];
802 unsigned int length, resultlength;
803 union {
804 struct sockaddr sa;
805 struct sockaddr_in s4;
806 struct sockaddr_in6 s6;
807 } peer;
808
809 /* Initialize a random secret */
810 if (!cookie_initialized) {
811 arc4random_buf(cookie_secret, COOKIE_SECRET_LENGTH);
812 cookie_initialized = 1;
813 }
814 /* Read peer information */
815 (void) BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
816
817 /* Create buffer with peer's address and port */
818 length = 0;
819 switch (peer.sa.sa_family) {
820 case AF_INET:
821 length += sizeof(struct in_addr);
822 length += sizeof(peer.s4.sin_port);
823 break;
824 case AF_INET6:
825 length += sizeof(struct in6_addr);
826 length += sizeof(peer.s6.sin6_port);
827 break;
828 default:
829 OPENSSL_assert(0);
830 break;
831 }
832 buffer = malloc(length);
833
834 if (buffer == NULL) {
835 BIO_printf(bio_err, "out of memory\n");
836 return 0;
837 }
838 switch (peer.sa.sa_family) {
839 case AF_INET:
840 memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port));
841 memcpy(buffer + sizeof(peer.s4.sin_port),
842 &peer.s4.sin_addr, sizeof(struct in_addr));
843 break;
844 case AF_INET6:
845 memcpy(buffer, &peer.s6.sin6_port, sizeof(peer.s6.sin6_port));
846 memcpy(buffer + sizeof(peer.s6.sin6_port),
847 &peer.s6.sin6_addr, sizeof(struct in6_addr));
848 break;
849 default:
850 OPENSSL_assert(0);
851 break;
852 }
853
854 /* Calculate HMAC of buffer using the secret */
855 HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
856 buffer, length, result, &resultlength);
857 free(buffer);
858
859 memcpy(cookie, result, resultlength);
860 *cookie_len = resultlength;
861
862 return 1;
863 }
864
865 int
verify_cookie_callback(SSL * ssl,const unsigned char * cookie,unsigned int cookie_len)866 verify_cookie_callback(SSL * ssl, const unsigned char *cookie,
867 unsigned int cookie_len)
868 {
869 unsigned char *buffer, result[EVP_MAX_MD_SIZE];
870 unsigned int length, resultlength;
871 union {
872 struct sockaddr sa;
873 struct sockaddr_in s4;
874 struct sockaddr_in6 s6;
875 } peer;
876
877 /* If secret isn't initialized yet, the cookie can't be valid */
878 if (!cookie_initialized)
879 return 0;
880
881 /* Read peer information */
882 (void) BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
883
884 /* Create buffer with peer's address and port */
885 length = 0;
886 switch (peer.sa.sa_family) {
887 case AF_INET:
888 length += sizeof(struct in_addr);
889 length += sizeof(peer.s4.sin_port);
890 break;
891 case AF_INET6:
892 length += sizeof(struct in6_addr);
893 length += sizeof(peer.s6.sin6_port);
894 break;
895 default:
896 OPENSSL_assert(0);
897 break;
898 }
899 buffer = malloc(length);
900
901 if (buffer == NULL) {
902 BIO_printf(bio_err, "out of memory\n");
903 return 0;
904 }
905 switch (peer.sa.sa_family) {
906 case AF_INET:
907 memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port));
908 memcpy(buffer + sizeof(peer.s4.sin_port),
909 &peer.s4.sin_addr, sizeof(struct in_addr));
910 break;
911 case AF_INET6:
912 memcpy(buffer, &peer.s6.sin6_port, sizeof(peer.s6.sin6_port));
913 memcpy(buffer + sizeof(peer.s6.sin6_port),
914 &peer.s6.sin6_addr, sizeof(struct in6_addr));
915 break;
916 default:
917 OPENSSL_assert(0);
918 break;
919 }
920
921 /* Calculate HMAC of buffer using the secret */
922 if (HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
923 buffer, length, result, &resultlength) == NULL) {
924 free(buffer);
925 return 0;
926 }
927
928 free(buffer);
929
930 if (cookie_len == resultlength &&
931 memcmp(result, cookie, resultlength) == 0)
932 return 1;
933
934 return 0;
935 }
936