1 /* $OpenBSD: s_cb.c,v 1.14 2020/04/26 02:09:21 inoguchi Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 /* ==================================================================== 59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 60 * 61 * Redistribution and use in source and binary forms, with or without 62 * modification, are permitted provided that the following conditions 63 * are met: 64 * 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 68 * 2. Redistributions in binary form must reproduce the above copyright 69 * notice, this list of conditions and the following disclaimer in 70 * the documentation and/or other materials provided with the 71 * distribution. 72 * 73 * 3. All advertising materials mentioning features or use of this 74 * software must display the following acknowledgment: 75 * "This product includes software developed by the OpenSSL Project 76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77 * 78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79 * endorse or promote products derived from this software without 80 * prior written permission. For written permission, please contact 81 * openssl-core@openssl.org. 82 * 83 * 5. Products derived from this software may not be called "OpenSSL" 84 * nor may "OpenSSL" appear in their names without prior written 85 * permission of the OpenSSL Project. 86 * 87 * 6. Redistributions of any form whatsoever must retain the following 88 * acknowledgment: 89 * "This product includes software developed by the OpenSSL Project 90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91 * 92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103 * OF THE POSSIBILITY OF SUCH DAMAGE. 104 * ==================================================================== 105 * 106 * This product includes cryptographic software written by Eric Young 107 * (eay@cryptsoft.com). This product includes software written by Tim 108 * Hudson (tjh@cryptsoft.com). 109 * 110 */ 111 112 #include <sys/socket.h> 113 114 #include <netinet/in.h> 115 116 #include <netdb.h> 117 #include <stdio.h> 118 #include <stdlib.h> 119 #include <string.h> 120 121 #include "apps.h" 122 123 #include <openssl/err.h> 124 #include <openssl/ssl.h> 125 #include <openssl/x509.h> 126 127 #include "s_apps.h" 128 129 #define COOKIE_SECRET_LENGTH 16 130 131 int verify_depth = 0; 132 int verify_return_error = 0; 133 unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; 134 int cookie_initialized = 0; 135 136 int 137 verify_callback(int ok, X509_STORE_CTX * ctx) 138 { 139 X509 *err_cert; 140 int err, depth; 141 142 err_cert = X509_STORE_CTX_get_current_cert(ctx); 143 err = X509_STORE_CTX_get_error(ctx); 144 depth = X509_STORE_CTX_get_error_depth(ctx); 145 146 BIO_printf(bio_err, "depth=%d ", depth); 147 if (err_cert) { 148 X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert), 149 0, XN_FLAG_ONELINE); 150 BIO_puts(bio_err, "\n"); 151 } else 152 BIO_puts(bio_err, "<no cert>\n"); 153 if (!ok) { 154 BIO_printf(bio_err, "verify error:num=%d:%s\n", err, 155 X509_verify_cert_error_string(err)); 156 if (verify_depth >= depth) { 157 if (!verify_return_error) 158 ok = 1; 159 } else { 160 ok = 0; 161 } 162 } 163 switch (err) { 164 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 165 BIO_puts(bio_err, "issuer= "); 166 if (err_cert == NULL) 167 BIO_puts(bio_err, "<error getting cert>"); 168 else 169 X509_NAME_print_ex(bio_err, 170 X509_get_issuer_name(err_cert), 0, XN_FLAG_ONELINE); 171 BIO_puts(bio_err, "\n"); 172 break; 173 case X509_V_ERR_CERT_NOT_YET_VALID: 174 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: 175 BIO_printf(bio_err, "notBefore="); 176 if (err_cert == NULL) 177 BIO_printf(bio_err, " <error getting cert>"); 178 else 179 ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert)); 180 BIO_printf(bio_err, "\n"); 181 break; 182 case X509_V_ERR_CERT_HAS_EXPIRED: 183 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: 184 BIO_printf(bio_err, "notAfter="); 185 if (err_cert == NULL) 186 BIO_printf(bio_err, " <error getting cert>"); 187 else 188 ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert)); 189 BIO_printf(bio_err, "\n"); 190 break; 191 case X509_V_ERR_NO_EXPLICIT_POLICY: 192 policies_print(bio_err, ctx); 193 break; 194 } 195 if (err == X509_V_OK && ok == 2) 196 policies_print(bio_err, ctx); 197 198 BIO_printf(bio_err, "verify return:%d\n", ok); 199 return (ok); 200 } 201 202 int 203 set_cert_stuff(SSL_CTX * ctx, char *cert_file, char *key_file) 204 { 205 if (cert_file != NULL) { 206 /* 207 SSL *ssl; 208 X509 *x509; 209 */ 210 211 if (SSL_CTX_use_certificate_file(ctx, cert_file, 212 SSL_FILETYPE_PEM) <= 0) { 213 BIO_printf(bio_err, 214 "unable to get certificate from '%s'\n", cert_file); 215 ERR_print_errors(bio_err); 216 return (0); 217 } 218 if (key_file == NULL) 219 key_file = cert_file; 220 if (SSL_CTX_use_PrivateKey_file(ctx, key_file, 221 SSL_FILETYPE_PEM) <= 0) { 222 BIO_printf(bio_err, 223 "unable to get private key from '%s'\n", key_file); 224 ERR_print_errors(bio_err); 225 return (0); 226 } 227 /* 228 In theory this is no longer needed 229 ssl=SSL_new(ctx); 230 x509=SSL_get_certificate(ssl); 231 232 if (x509 != NULL) { 233 EVP_PKEY *pktmp; 234 pktmp = X509_get_pubkey(x509); 235 EVP_PKEY_copy_parameters(pktmp, 236 SSL_get_privatekey(ssl)); 237 EVP_PKEY_free(pktmp); 238 } 239 SSL_free(ssl); 240 */ 241 242 /* 243 * If we are using DSA, we can copy the parameters from the 244 * private key 245 */ 246 247 248 /* 249 * Now we know that a key and cert have been set against the 250 * SSL context 251 */ 252 if (!SSL_CTX_check_private_key(ctx)) { 253 BIO_printf(bio_err, 254 "Private key does not match the certificate public key\n"); 255 return (0); 256 } 257 } 258 return (1); 259 } 260 261 int 262 set_cert_key_stuff(SSL_CTX * ctx, X509 * cert, EVP_PKEY * key) 263 { 264 if (cert == NULL) 265 return 1; 266 if (SSL_CTX_use_certificate(ctx, cert) <= 0) { 267 BIO_printf(bio_err, "error setting certificate\n"); 268 ERR_print_errors(bio_err); 269 return 0; 270 } 271 if (SSL_CTX_use_PrivateKey(ctx, key) <= 0) { 272 BIO_printf(bio_err, "error setting private key\n"); 273 ERR_print_errors(bio_err); 274 return 0; 275 } 276 /* 277 * Now we know that a key and cert have been set against the SSL 278 * context 279 */ 280 if (!SSL_CTX_check_private_key(ctx)) { 281 BIO_printf(bio_err, 282 "Private key does not match the certificate public key\n"); 283 return 0; 284 } 285 return 1; 286 } 287 288 int 289 ssl_print_tmp_key(BIO *out, SSL *s) 290 { 291 const char *cname; 292 EVP_PKEY *pkey; 293 EC_KEY *ec; 294 int nid; 295 296 if (!SSL_get_server_tmp_key(s, &pkey)) 297 return 0; 298 299 BIO_puts(out, "Server Temp Key: "); 300 switch (EVP_PKEY_id(pkey)) { 301 case EVP_PKEY_DH: 302 BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(pkey)); 303 break; 304 305 case EVP_PKEY_EC: 306 ec = EVP_PKEY_get1_EC_KEY(pkey); 307 nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); 308 EC_KEY_free(ec); 309 310 if ((cname = EC_curve_nid2nist(nid)) == NULL) 311 cname = OBJ_nid2sn(nid); 312 313 BIO_printf(out, "ECDH, %s, %d bits\n", cname, EVP_PKEY_bits(pkey)); 314 break; 315 316 default: 317 BIO_printf(out, "%s, %d bits\n", OBJ_nid2sn(EVP_PKEY_id(pkey)), 318 EVP_PKEY_bits(pkey)); 319 } 320 321 EVP_PKEY_free(pkey); 322 return 1; 323 } 324 325 long 326 bio_dump_callback(BIO * bio, int cmd, const char *argp, 327 int argi, long argl, long ret) 328 { 329 BIO *out; 330 331 out = (BIO *) BIO_get_callback_arg(bio); 332 if (out == NULL) 333 return (ret); 334 335 if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) { 336 BIO_printf(out, 337 "read from %p [%p] (%lu bytes => %ld (0x%lX))\n", 338 (void *) bio, argp, (unsigned long) argi, ret, ret); 339 BIO_dump(out, argp, (int) ret); 340 return (ret); 341 } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) { 342 BIO_printf(out, 343 "write to %p [%p] (%lu bytes => %ld (0x%lX))\n", 344 (void *) bio, argp, (unsigned long) argi, ret, ret); 345 BIO_dump(out, argp, (int) ret); 346 } 347 return (ret); 348 } 349 350 void 351 apps_ssl_info_callback(const SSL * s, int where, int ret) 352 { 353 const char *str; 354 int w; 355 356 w = where & ~SSL_ST_MASK; 357 358 if (w & SSL_ST_CONNECT) 359 str = "SSL_connect"; 360 else if (w & SSL_ST_ACCEPT) 361 str = "SSL_accept"; 362 else 363 str = "undefined"; 364 365 if (where & SSL_CB_LOOP) { 366 BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s)); 367 } else if (where & SSL_CB_ALERT) { 368 str = (where & SSL_CB_READ) ? "read" : "write"; 369 BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n", str, 370 SSL_alert_type_string_long(ret), 371 SSL_alert_desc_string_long(ret)); 372 } else if (where & SSL_CB_EXIT) { 373 if (ret == 0) 374 BIO_printf(bio_err, "%s:failed in %s\n", 375 str, SSL_state_string_long(s)); 376 else if (ret < 0) { 377 BIO_printf(bio_err, "%s:error in %s\n", 378 str, SSL_state_string_long(s)); 379 } 380 } 381 } 382 383 384 void 385 msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL * ssl, void *arg) 386 { 387 BIO *bio = arg; 388 const char *str_write_p, *str_version, *str_content_type = "", 389 *str_details1 = "", *str_details2 = ""; 390 391 str_write_p = write_p ? ">>>" : "<<<"; 392 393 /* XXX convert to using ssl_get_version */ 394 switch (version) { 395 case SSL2_VERSION: 396 str_version = "SSL 2.0"; 397 break; 398 case SSL3_VERSION: 399 str_version = "SSL 3.0 "; 400 break; 401 case TLS1_VERSION: 402 str_version = "TLS 1.0 "; 403 break; 404 case TLS1_1_VERSION: 405 str_version = "TLS 1.1 "; 406 break; 407 case TLS1_2_VERSION: 408 str_version = "TLS 1.2 "; 409 break; 410 case TLS1_3_VERSION: 411 str_version = "TLS 1.3 "; 412 break; 413 case DTLS1_VERSION: 414 str_version = "DTLS 1.0 "; 415 break; 416 default: 417 str_version = "???"; 418 } 419 420 if (version == SSL2_VERSION) { 421 str_details1 = "???"; 422 423 if (len > 0) { 424 /* XXX magic numbers */ 425 switch (((const unsigned char *) buf)[0]) { 426 case 0: 427 str_details1 = ", ERROR:"; 428 str_details2 = " ???"; 429 if (len >= 3) { 430 unsigned err = (((const unsigned char *) buf)[1] << 8) + ((const unsigned char *) buf)[2]; 431 432 switch (err) { 433 case 0x0001: 434 str_details2 = " NO-CIPHER-ERROR"; 435 break; 436 case 0x0002: 437 str_details2 = " NO-CERTIFICATE-ERROR"; 438 break; 439 case 0x0004: 440 str_details2 = " BAD-CERTIFICATE-ERROR"; 441 break; 442 case 0x0006: 443 str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR"; 444 break; 445 } 446 } 447 break; 448 case 1: 449 str_details1 = ", CLIENT-HELLO"; 450 break; 451 case 2: 452 str_details1 = ", CLIENT-MASTER-KEY"; 453 break; 454 case 3: 455 str_details1 = ", CLIENT-FINISHED"; 456 break; 457 case 4: 458 str_details1 = ", SERVER-HELLO"; 459 break; 460 case 5: 461 str_details1 = ", SERVER-VERIFY"; 462 break; 463 case 6: 464 str_details1 = ", SERVER-FINISHED"; 465 break; 466 case 7: 467 str_details1 = ", REQUEST-CERTIFICATE"; 468 break; 469 case 8: 470 str_details1 = ", CLIENT-CERTIFICATE"; 471 break; 472 } 473 } 474 } 475 if (version == SSL3_VERSION || version == TLS1_VERSION || 476 version == TLS1_1_VERSION || version == TLS1_2_VERSION || 477 version == TLS1_3_VERSION || version == DTLS1_VERSION) { 478 /* XXX magic numbers are in ssl3.h */ 479 switch (content_type) { 480 case 20: 481 str_content_type = "ChangeCipherSpec"; 482 break; 483 case 21: 484 str_content_type = "Alert"; 485 break; 486 case 22: 487 str_content_type = "Handshake"; 488 break; 489 } 490 491 if (content_type == 21) { /* Alert */ 492 str_details1 = ", ???"; 493 494 if (len == 2) { 495 switch (((const unsigned char *) buf)[0]) { 496 case 1: 497 str_details1 = ", warning"; 498 break; 499 case 2: 500 str_details1 = ", fatal"; 501 break; 502 } 503 504 str_details2 = " ???"; 505 switch (((const unsigned char *) buf)[1]) { 506 case 0: 507 str_details2 = " close_notify"; 508 break; 509 case 10: 510 str_details2 = " unexpected_message"; 511 break; 512 case 20: 513 str_details2 = " bad_record_mac"; 514 break; 515 case 21: 516 str_details2 = " decryption_failed"; 517 break; 518 case 22: 519 str_details2 = " record_overflow"; 520 break; 521 case 30: 522 str_details2 = " decompression_failure"; 523 break; 524 case 40: 525 str_details2 = " handshake_failure"; 526 break; 527 case 42: 528 str_details2 = " bad_certificate"; 529 break; 530 case 43: 531 str_details2 = " unsupported_certificate"; 532 break; 533 case 44: 534 str_details2 = " certificate_revoked"; 535 break; 536 case 45: 537 str_details2 = " certificate_expired"; 538 break; 539 case 46: 540 str_details2 = " certificate_unknown"; 541 break; 542 case 47: 543 str_details2 = " illegal_parameter"; 544 break; 545 case 48: 546 str_details2 = " unknown_ca"; 547 break; 548 case 49: 549 str_details2 = " access_denied"; 550 break; 551 case 50: 552 str_details2 = " decode_error"; 553 break; 554 case 51: 555 str_details2 = " decrypt_error"; 556 break; 557 case 60: 558 str_details2 = " export_restriction"; 559 break; 560 case 70: 561 str_details2 = " protocol_version"; 562 break; 563 case 71: 564 str_details2 = " insufficient_security"; 565 break; 566 case 80: 567 str_details2 = " internal_error"; 568 break; 569 case 90: 570 str_details2 = " user_canceled"; 571 break; 572 case 100: 573 str_details2 = " no_renegotiation"; 574 break; 575 case 110: 576 str_details2 = " unsupported_extension"; 577 break; 578 case 111: 579 str_details2 = " certificate_unobtainable"; 580 break; 581 case 112: 582 str_details2 = " unrecognized_name"; 583 break; 584 case 113: 585 str_details2 = " bad_certificate_status_response"; 586 break; 587 case 114: 588 str_details2 = " bad_certificate_hash_value"; 589 break; 590 case 115: 591 str_details2 = " unknown_psk_identity"; 592 break; 593 } 594 } 595 } 596 if (content_type == 22) { /* Handshake */ 597 str_details1 = "???"; 598 599 if (len > 0) { 600 switch (((const unsigned char *) buf)[0]) { 601 case 0: 602 str_details1 = ", HelloRequest"; 603 break; 604 case 1: 605 str_details1 = ", ClientHello"; 606 break; 607 case 2: 608 str_details1 = ", ServerHello"; 609 break; 610 case 3: 611 str_details1 = ", HelloVerifyRequest"; 612 break; 613 case 4: 614 str_details1 = ", NewSessionTicket"; 615 break; 616 case 5: 617 str_details1 = ", EndOfEarlyData"; 618 break; 619 case 8: 620 str_details1 = ", EncryptedExtensions"; 621 break; 622 case 11: 623 str_details1 = ", Certificate"; 624 break; 625 case 12: 626 str_details1 = ", ServerKeyExchange"; 627 break; 628 case 13: 629 str_details1 = ", CertificateRequest"; 630 break; 631 case 14: 632 str_details1 = ", ServerHelloDone"; 633 break; 634 case 15: 635 str_details1 = ", CertificateVerify"; 636 break; 637 case 16: 638 str_details1 = ", ClientKeyExchange"; 639 break; 640 case 20: 641 str_details1 = ", Finished"; 642 break; 643 case 24: 644 str_details1 = ", KeyUpdate"; 645 break; 646 } 647 } 648 } 649 } 650 BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, 651 str_version, str_content_type, (unsigned long) len, 652 str_details1, str_details2); 653 654 if (len > 0) { 655 size_t num, i; 656 657 BIO_printf(bio, " "); 658 num = len; 659 660 for (i = 0; i < num; i++) { 661 if (i % 16 == 0 && i > 0) 662 BIO_printf(bio, "\n "); 663 BIO_printf(bio, " %02x", 664 ((const unsigned char *) buf)[i]); 665 } 666 if (i < len) 667 BIO_printf(bio, " ..."); 668 BIO_printf(bio, "\n"); 669 } 670 (void) BIO_flush(bio); 671 } 672 673 void 674 tlsext_cb(SSL * s, int client_server, int type, unsigned char *data, int len, 675 void *arg) 676 { 677 BIO *bio = arg; 678 char *extname; 679 680 switch (type) { 681 case TLSEXT_TYPE_server_name: 682 extname = "server name"; 683 break; 684 685 case TLSEXT_TYPE_max_fragment_length: 686 extname = "max fragment length"; 687 break; 688 689 case TLSEXT_TYPE_client_certificate_url: 690 extname = "client certificate URL"; 691 break; 692 693 case TLSEXT_TYPE_trusted_ca_keys: 694 extname = "trusted CA keys"; 695 break; 696 697 case TLSEXT_TYPE_truncated_hmac: 698 extname = "truncated HMAC"; 699 break; 700 701 case TLSEXT_TYPE_status_request: 702 extname = "status request"; 703 break; 704 705 case TLSEXT_TYPE_user_mapping: 706 extname = "user mapping"; 707 break; 708 709 case TLSEXT_TYPE_client_authz: 710 extname = "client authz"; 711 break; 712 713 case TLSEXT_TYPE_server_authz: 714 extname = "server authz"; 715 break; 716 717 case TLSEXT_TYPE_cert_type: 718 extname = "cert type"; 719 break; 720 721 case TLSEXT_TYPE_supported_groups: 722 extname = "supported groups"; 723 break; 724 725 case TLSEXT_TYPE_ec_point_formats: 726 extname = "EC point formats"; 727 break; 728 729 case TLSEXT_TYPE_srp: 730 extname = "SRP"; 731 break; 732 733 case TLSEXT_TYPE_signature_algorithms: 734 extname = "signature algorithms"; 735 break; 736 737 case TLSEXT_TYPE_use_srtp: 738 extname = "use SRTP"; 739 break; 740 741 case TLSEXT_TYPE_heartbeat: 742 extname = "heartbeat"; 743 break; 744 745 case TLSEXT_TYPE_application_layer_protocol_negotiation: 746 extname = "application layer protocol negotiation"; 747 break; 748 749 case TLSEXT_TYPE_padding: 750 extname = "TLS padding"; 751 break; 752 753 case TLSEXT_TYPE_session_ticket: 754 extname = "session ticket"; 755 break; 756 757 #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) 758 case TLSEXT_TYPE_pre_shared_key: 759 extname = "pre shared key"; 760 break; 761 762 case TLSEXT_TYPE_early_data: 763 extname = "early data"; 764 break; 765 766 case TLSEXT_TYPE_supported_versions: 767 extname = "supported versions"; 768 break; 769 770 case TLSEXT_TYPE_cookie: 771 extname = "cookie"; 772 break; 773 774 case TLSEXT_TYPE_psk_key_exchange_modes: 775 extname = "PSK key exchange modes"; 776 break; 777 778 case TLSEXT_TYPE_certificate_authorities: 779 extname = "certificate authorities"; 780 break; 781 782 case TLSEXT_TYPE_oid_filters: 783 extname = "OID filters"; 784 break; 785 786 case TLSEXT_TYPE_post_handshake_auth: 787 extname = "post handshake auth"; 788 break; 789 790 case TLSEXT_TYPE_signature_algorithms_cert: 791 extname = "signature algorithms cert"; 792 break; 793 794 case TLSEXT_TYPE_key_share: 795 extname = "key share"; 796 break; 797 #endif 798 799 case TLSEXT_TYPE_renegotiate: 800 extname = "renegotiation info"; 801 break; 802 803 default: 804 extname = "unknown"; 805 break; 806 807 } 808 809 BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n", 810 client_server ? "server" : "client", extname, type, len); 811 BIO_dump(bio, (char *) data, len); 812 (void) BIO_flush(bio); 813 } 814 815 int 816 generate_cookie_callback(SSL * ssl, unsigned char *cookie, 817 unsigned int *cookie_len) 818 { 819 unsigned char *buffer, result[EVP_MAX_MD_SIZE]; 820 unsigned int length, resultlength; 821 union { 822 struct sockaddr sa; 823 struct sockaddr_in s4; 824 struct sockaddr_in6 s6; 825 } peer; 826 827 /* Initialize a random secret */ 828 if (!cookie_initialized) { 829 arc4random_buf(cookie_secret, COOKIE_SECRET_LENGTH); 830 cookie_initialized = 1; 831 } 832 /* Read peer information */ 833 (void) BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); 834 835 /* Create buffer with peer's address and port */ 836 length = 0; 837 switch (peer.sa.sa_family) { 838 case AF_INET: 839 length += sizeof(struct in_addr); 840 length += sizeof(peer.s4.sin_port); 841 break; 842 case AF_INET6: 843 length += sizeof(struct in6_addr); 844 length += sizeof(peer.s6.sin6_port); 845 break; 846 default: 847 OPENSSL_assert(0); 848 break; 849 } 850 buffer = malloc(length); 851 852 if (buffer == NULL) { 853 BIO_printf(bio_err, "out of memory\n"); 854 return 0; 855 } 856 switch (peer.sa.sa_family) { 857 case AF_INET: 858 memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port)); 859 memcpy(buffer + sizeof(peer.s4.sin_port), 860 &peer.s4.sin_addr, sizeof(struct in_addr)); 861 break; 862 case AF_INET6: 863 memcpy(buffer, &peer.s6.sin6_port, sizeof(peer.s6.sin6_port)); 864 memcpy(buffer + sizeof(peer.s6.sin6_port), 865 &peer.s6.sin6_addr, sizeof(struct in6_addr)); 866 break; 867 default: 868 OPENSSL_assert(0); 869 break; 870 } 871 872 /* Calculate HMAC of buffer using the secret */ 873 HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, 874 buffer, length, result, &resultlength); 875 free(buffer); 876 877 memcpy(cookie, result, resultlength); 878 *cookie_len = resultlength; 879 880 return 1; 881 } 882 883 int 884 verify_cookie_callback(SSL * ssl, const unsigned char *cookie, 885 unsigned int cookie_len) 886 { 887 unsigned char *buffer, result[EVP_MAX_MD_SIZE]; 888 unsigned int length, resultlength; 889 union { 890 struct sockaddr sa; 891 struct sockaddr_in s4; 892 struct sockaddr_in6 s6; 893 } peer; 894 895 /* If secret isn't initialized yet, the cookie can't be valid */ 896 if (!cookie_initialized) 897 return 0; 898 899 /* Read peer information */ 900 (void) BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); 901 902 /* Create buffer with peer's address and port */ 903 length = 0; 904 switch (peer.sa.sa_family) { 905 case AF_INET: 906 length += sizeof(struct in_addr); 907 length += sizeof(peer.s4.sin_port); 908 break; 909 case AF_INET6: 910 length += sizeof(struct in6_addr); 911 length += sizeof(peer.s6.sin6_port); 912 break; 913 default: 914 OPENSSL_assert(0); 915 break; 916 } 917 buffer = malloc(length); 918 919 if (buffer == NULL) { 920 BIO_printf(bio_err, "out of memory\n"); 921 return 0; 922 } 923 switch (peer.sa.sa_family) { 924 case AF_INET: 925 memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port)); 926 memcpy(buffer + sizeof(peer.s4.sin_port), 927 &peer.s4.sin_addr, sizeof(struct in_addr)); 928 break; 929 case AF_INET6: 930 memcpy(buffer, &peer.s6.sin6_port, sizeof(peer.s6.sin6_port)); 931 memcpy(buffer + sizeof(peer.s6.sin6_port), 932 &peer.s6.sin6_addr, sizeof(struct in6_addr)); 933 break; 934 default: 935 OPENSSL_assert(0); 936 break; 937 } 938 939 /* Calculate HMAC of buffer using the secret */ 940 HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, 941 buffer, length, result, &resultlength); 942 free(buffer); 943 944 if (cookie_len == resultlength && 945 memcmp(result, cookie, resultlength) == 0) 946 return 1; 947 948 return 0; 949 } 950