1 /* $OpenBSD: s_cb.c,v 1.20 2022/08/31 07:12:30 tb Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 /* ==================================================================== 59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 60 * 61 * Redistribution and use in source and binary forms, with or without 62 * modification, are permitted provided that the following conditions 63 * are met: 64 * 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 68 * 2. Redistributions in binary form must reproduce the above copyright 69 * notice, this list of conditions and the following disclaimer in 70 * the documentation and/or other materials provided with the 71 * distribution. 72 * 73 * 3. All advertising materials mentioning features or use of this 74 * software must display the following acknowledgment: 75 * "This product includes software developed by the OpenSSL Project 76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77 * 78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79 * endorse or promote products derived from this software without 80 * prior written permission. For written permission, please contact 81 * openssl-core@openssl.org. 82 * 83 * 5. Products derived from this software may not be called "OpenSSL" 84 * nor may "OpenSSL" appear in their names without prior written 85 * permission of the OpenSSL Project. 86 * 87 * 6. Redistributions of any form whatsoever must retain the following 88 * acknowledgment: 89 * "This product includes software developed by the OpenSSL Project 90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91 * 92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103 * OF THE POSSIBILITY OF SUCH DAMAGE. 104 * ==================================================================== 105 * 106 * This product includes cryptographic software written by Eric Young 107 * (eay@cryptsoft.com). This product includes software written by Tim 108 * Hudson (tjh@cryptsoft.com). 109 * 110 */ 111 112 #include <sys/socket.h> 113 114 #include <netinet/in.h> 115 116 #include <netdb.h> 117 #include <stdio.h> 118 #include <stdlib.h> 119 #include <string.h> 120 121 #include "apps.h" 122 123 #include <openssl/err.h> 124 #include <openssl/ssl.h> 125 #include <openssl/x509.h> 126 127 #include "s_apps.h" 128 129 #define COOKIE_SECRET_LENGTH 16 130 131 int verify_depth = 0; 132 int verify_return_error = 0; 133 unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; 134 int cookie_initialized = 0; 135 136 int 137 verify_callback(int ok, X509_STORE_CTX * ctx) 138 { 139 X509 *err_cert; 140 int err, depth; 141 142 err_cert = X509_STORE_CTX_get_current_cert(ctx); 143 err = X509_STORE_CTX_get_error(ctx); 144 depth = X509_STORE_CTX_get_error_depth(ctx); 145 146 BIO_printf(bio_err, "depth=%d ", depth); 147 if (err_cert) { 148 X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert), 149 0, XN_FLAG_ONELINE); 150 BIO_puts(bio_err, "\n"); 151 } else 152 BIO_puts(bio_err, "<no cert>\n"); 153 if (!ok) { 154 BIO_printf(bio_err, "verify error:num=%d:%s\n", err, 155 X509_verify_cert_error_string(err)); 156 if (verify_depth >= depth) { 157 if (!verify_return_error) 158 ok = 1; 159 } else { 160 ok = 0; 161 } 162 } 163 switch (err) { 164 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 165 BIO_puts(bio_err, "issuer= "); 166 if (err_cert == NULL) 167 BIO_puts(bio_err, "<error getting cert>"); 168 else 169 X509_NAME_print_ex(bio_err, 170 X509_get_issuer_name(err_cert), 0, XN_FLAG_ONELINE); 171 BIO_puts(bio_err, "\n"); 172 break; 173 case X509_V_ERR_CERT_NOT_YET_VALID: 174 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: 175 BIO_printf(bio_err, "notBefore="); 176 if (err_cert == NULL) 177 BIO_printf(bio_err, " <error getting cert>"); 178 else 179 ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert)); 180 BIO_printf(bio_err, "\n"); 181 break; 182 case X509_V_ERR_CERT_HAS_EXPIRED: 183 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: 184 BIO_printf(bio_err, "notAfter="); 185 if (err_cert == NULL) 186 BIO_printf(bio_err, " <error getting cert>"); 187 else 188 ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert)); 189 BIO_printf(bio_err, "\n"); 190 break; 191 case X509_V_ERR_NO_EXPLICIT_POLICY: 192 policies_print(bio_err, ctx); 193 break; 194 } 195 if (err == X509_V_OK && ok == 2) 196 policies_print(bio_err, ctx); 197 198 BIO_printf(bio_err, "verify return:%d\n", ok); 199 return (ok); 200 } 201 202 int 203 set_cert_stuff(SSL_CTX * ctx, char *cert_file, char *key_file) 204 { 205 if (cert_file == NULL) 206 return 1; 207 208 if (key_file == NULL) 209 key_file = cert_file; 210 211 if (SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0) { 212 BIO_printf(bio_err, 213 "unable to get certificate from '%s'\n", cert_file); 214 ERR_print_errors(bio_err); 215 return 0; 216 } 217 if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) { 218 BIO_printf(bio_err, "unable to get private key from '%s'\n", 219 key_file); 220 ERR_print_errors(bio_err); 221 return 0; 222 } 223 224 /* Now we know that a key and cert have been set against the context. */ 225 if (!SSL_CTX_check_private_key(ctx)) { 226 BIO_printf(bio_err, 227 "Private key does not match the certificate public key\n"); 228 return 0; 229 } 230 231 return 1; 232 } 233 234 int 235 set_cert_key_stuff(SSL_CTX * ctx, X509 * cert, EVP_PKEY * key) 236 { 237 if (cert == NULL) 238 return 1; 239 if (SSL_CTX_use_certificate(ctx, cert) <= 0) { 240 BIO_printf(bio_err, "error setting certificate\n"); 241 ERR_print_errors(bio_err); 242 return 0; 243 } 244 if (SSL_CTX_use_PrivateKey(ctx, key) <= 0) { 245 BIO_printf(bio_err, "error setting private key\n"); 246 ERR_print_errors(bio_err); 247 return 0; 248 } 249 /* 250 * Now we know that a key and cert have been set against the SSL 251 * context 252 */ 253 if (!SSL_CTX_check_private_key(ctx)) { 254 BIO_printf(bio_err, 255 "Private key does not match the certificate public key\n"); 256 return 0; 257 } 258 return 1; 259 } 260 261 int 262 ssl_print_tmp_key(BIO *out, SSL *s) 263 { 264 const char *cname; 265 EVP_PKEY *pkey; 266 EC_KEY *ec; 267 const EC_GROUP *group; 268 int nid; 269 270 if (!SSL_get_server_tmp_key(s, &pkey)) 271 return 0; 272 273 BIO_puts(out, "Server Temp Key: "); 274 switch (EVP_PKEY_id(pkey)) { 275 case EVP_PKEY_DH: 276 BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(pkey)); 277 break; 278 279 case EVP_PKEY_EC: 280 if ((ec = EVP_PKEY_get0_EC_KEY(pkey)) == NULL) 281 goto err; 282 if ((group = EC_KEY_get0_group(ec)) == NULL) 283 goto err; 284 285 nid = EC_GROUP_get_curve_name(group); 286 287 if ((cname = EC_curve_nid2nist(nid)) == NULL) 288 cname = OBJ_nid2sn(nid); 289 290 BIO_printf(out, "ECDH, %s, %d bits\n", cname, EVP_PKEY_bits(pkey)); 291 break; 292 293 default: 294 BIO_printf(out, "%s, %d bits\n", OBJ_nid2sn(EVP_PKEY_id(pkey)), 295 EVP_PKEY_bits(pkey)); 296 } 297 298 err: 299 EVP_PKEY_free(pkey); 300 return 1; 301 } 302 303 long 304 bio_dump_callback(BIO * bio, int cmd, const char *argp, 305 int argi, long argl, long ret) 306 { 307 BIO *out; 308 309 out = (BIO *) BIO_get_callback_arg(bio); 310 if (out == NULL) 311 return (ret); 312 313 if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) { 314 BIO_printf(out, 315 "read from %p [%p] (%lu bytes => %ld (0x%lX))\n", 316 (void *) bio, argp, (unsigned long) argi, ret, ret); 317 BIO_dump(out, argp, (int) ret); 318 return (ret); 319 } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) { 320 BIO_printf(out, 321 "write to %p [%p] (%lu bytes => %ld (0x%lX))\n", 322 (void *) bio, argp, (unsigned long) argi, ret, ret); 323 BIO_dump(out, argp, (int) ret); 324 } 325 return (ret); 326 } 327 328 void 329 apps_ssl_info_callback(const SSL * s, int where, int ret) 330 { 331 const char *str; 332 int w; 333 334 w = where & ~SSL_ST_MASK; 335 336 if (w & SSL_ST_CONNECT) 337 str = "SSL_connect"; 338 else if (w & SSL_ST_ACCEPT) 339 str = "SSL_accept"; 340 else 341 str = "undefined"; 342 343 if (where & SSL_CB_LOOP) { 344 BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s)); 345 } else if (where & SSL_CB_ALERT) { 346 str = (where & SSL_CB_READ) ? "read" : "write"; 347 BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n", str, 348 SSL_alert_type_string_long(ret), 349 SSL_alert_desc_string_long(ret)); 350 } else if (where & SSL_CB_EXIT) { 351 if (ret == 0) 352 BIO_printf(bio_err, "%s:failed in %s\n", 353 str, SSL_state_string_long(s)); 354 else if (ret < 0) { 355 BIO_printf(bio_err, "%s:error in %s\n", 356 str, SSL_state_string_long(s)); 357 } 358 } 359 } 360 361 362 void 363 msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL * ssl, void *arg) 364 { 365 BIO *bio = arg; 366 const char *str_write_p, *str_version, *str_content_type = "", 367 *str_details1 = "", *str_details2 = ""; 368 369 str_write_p = write_p ? ">>>" : "<<<"; 370 371 /* XXX convert to using ssl_get_version */ 372 switch (version) { 373 case SSL2_VERSION: 374 str_version = "SSL 2.0"; 375 break; 376 case SSL3_VERSION: 377 str_version = "SSL 3.0 "; 378 break; 379 case TLS1_VERSION: 380 str_version = "TLS 1.0 "; 381 break; 382 case TLS1_1_VERSION: 383 str_version = "TLS 1.1 "; 384 break; 385 case TLS1_2_VERSION: 386 str_version = "TLS 1.2 "; 387 break; 388 case TLS1_3_VERSION: 389 str_version = "TLS 1.3 "; 390 break; 391 case DTLS1_VERSION: 392 str_version = "DTLS 1.0 "; 393 break; 394 case DTLS1_2_VERSION: 395 str_version = "DTLS 1.2 "; 396 break; 397 default: 398 str_version = "???"; 399 } 400 401 if (version == SSL2_VERSION) { 402 str_details1 = "???"; 403 404 if (len > 0) { 405 /* XXX magic numbers */ 406 switch (((const unsigned char *) buf)[0]) { 407 case 0: 408 str_details1 = ", ERROR:"; 409 str_details2 = " ???"; 410 if (len >= 3) { 411 unsigned err = (((const unsigned char *) buf)[1] << 8) + ((const unsigned char *) buf)[2]; 412 413 switch (err) { 414 case 0x0001: 415 str_details2 = " NO-CIPHER-ERROR"; 416 break; 417 case 0x0002: 418 str_details2 = " NO-CERTIFICATE-ERROR"; 419 break; 420 case 0x0004: 421 str_details2 = " BAD-CERTIFICATE-ERROR"; 422 break; 423 case 0x0006: 424 str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR"; 425 break; 426 } 427 } 428 break; 429 case 1: 430 str_details1 = ", CLIENT-HELLO"; 431 break; 432 case 2: 433 str_details1 = ", CLIENT-MASTER-KEY"; 434 break; 435 case 3: 436 str_details1 = ", CLIENT-FINISHED"; 437 break; 438 case 4: 439 str_details1 = ", SERVER-HELLO"; 440 break; 441 case 5: 442 str_details1 = ", SERVER-VERIFY"; 443 break; 444 case 6: 445 str_details1 = ", SERVER-FINISHED"; 446 break; 447 case 7: 448 str_details1 = ", REQUEST-CERTIFICATE"; 449 break; 450 case 8: 451 str_details1 = ", CLIENT-CERTIFICATE"; 452 break; 453 } 454 } 455 } 456 if (version == SSL3_VERSION || version == TLS1_VERSION || 457 version == TLS1_1_VERSION || version == TLS1_2_VERSION || 458 version == TLS1_3_VERSION || version == DTLS1_VERSION || 459 version == DTLS1_2_VERSION) { 460 /* XXX magic numbers are in ssl3.h */ 461 switch (content_type) { 462 case 20: 463 str_content_type = "ChangeCipherSpec"; 464 break; 465 case 21: 466 str_content_type = "Alert"; 467 break; 468 case 22: 469 str_content_type = "Handshake"; 470 break; 471 } 472 473 if (content_type == 21) { /* Alert */ 474 str_details1 = ", ???"; 475 476 if (len == 2) { 477 switch (((const unsigned char *) buf)[0]) { 478 case 1: 479 str_details1 = ", warning"; 480 break; 481 case 2: 482 str_details1 = ", fatal"; 483 break; 484 } 485 486 str_details2 = " ???"; 487 switch (((const unsigned char *) buf)[1]) { 488 case 0: 489 str_details2 = " close_notify"; 490 break; 491 case 10: 492 str_details2 = " unexpected_message"; 493 break; 494 case 20: 495 str_details2 = " bad_record_mac"; 496 break; 497 case 21: 498 str_details2 = " decryption_failed"; 499 break; 500 case 22: 501 str_details2 = " record_overflow"; 502 break; 503 case 30: 504 str_details2 = " decompression_failure"; 505 break; 506 case 40: 507 str_details2 = " handshake_failure"; 508 break; 509 case 42: 510 str_details2 = " bad_certificate"; 511 break; 512 case 43: 513 str_details2 = " unsupported_certificate"; 514 break; 515 case 44: 516 str_details2 = " certificate_revoked"; 517 break; 518 case 45: 519 str_details2 = " certificate_expired"; 520 break; 521 case 46: 522 str_details2 = " certificate_unknown"; 523 break; 524 case 47: 525 str_details2 = " illegal_parameter"; 526 break; 527 case 48: 528 str_details2 = " unknown_ca"; 529 break; 530 case 49: 531 str_details2 = " access_denied"; 532 break; 533 case 50: 534 str_details2 = " decode_error"; 535 break; 536 case 51: 537 str_details2 = " decrypt_error"; 538 break; 539 case 60: 540 str_details2 = " export_restriction"; 541 break; 542 case 70: 543 str_details2 = " protocol_version"; 544 break; 545 case 71: 546 str_details2 = " insufficient_security"; 547 break; 548 case 80: 549 str_details2 = " internal_error"; 550 break; 551 case 90: 552 str_details2 = " user_canceled"; 553 break; 554 case 100: 555 str_details2 = " no_renegotiation"; 556 break; 557 case 110: 558 str_details2 = " unsupported_extension"; 559 break; 560 case 111: 561 str_details2 = " certificate_unobtainable"; 562 break; 563 case 112: 564 str_details2 = " unrecognized_name"; 565 break; 566 case 113: 567 str_details2 = " bad_certificate_status_response"; 568 break; 569 case 114: 570 str_details2 = " bad_certificate_hash_value"; 571 break; 572 case 115: 573 str_details2 = " unknown_psk_identity"; 574 break; 575 } 576 } 577 } 578 if (content_type == 22) { /* Handshake */ 579 str_details1 = "???"; 580 581 if (len > 0) { 582 switch (((const unsigned char *) buf)[0]) { 583 case 0: 584 str_details1 = ", HelloRequest"; 585 break; 586 case 1: 587 str_details1 = ", ClientHello"; 588 break; 589 case 2: 590 str_details1 = ", ServerHello"; 591 break; 592 case 3: 593 str_details1 = ", HelloVerifyRequest"; 594 break; 595 case 4: 596 str_details1 = ", NewSessionTicket"; 597 break; 598 case 5: 599 str_details1 = ", EndOfEarlyData"; 600 break; 601 case 8: 602 str_details1 = ", EncryptedExtensions"; 603 break; 604 case 11: 605 str_details1 = ", Certificate"; 606 break; 607 case 12: 608 str_details1 = ", ServerKeyExchange"; 609 break; 610 case 13: 611 str_details1 = ", CertificateRequest"; 612 break; 613 case 14: 614 str_details1 = ", ServerHelloDone"; 615 break; 616 case 15: 617 str_details1 = ", CertificateVerify"; 618 break; 619 case 16: 620 str_details1 = ", ClientKeyExchange"; 621 break; 622 case 20: 623 str_details1 = ", Finished"; 624 break; 625 case 24: 626 str_details1 = ", KeyUpdate"; 627 break; 628 } 629 } 630 } 631 } 632 BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, 633 str_version, str_content_type, (unsigned long) len, 634 str_details1, str_details2); 635 636 if (len > 0) { 637 size_t num, i; 638 639 BIO_printf(bio, " "); 640 num = len; 641 642 for (i = 0; i < num; i++) { 643 if (i % 16 == 0 && i > 0) 644 BIO_printf(bio, "\n "); 645 BIO_printf(bio, " %02x", 646 ((const unsigned char *) buf)[i]); 647 } 648 if (i < len) 649 BIO_printf(bio, " ..."); 650 BIO_printf(bio, "\n"); 651 } 652 (void) BIO_flush(bio); 653 } 654 655 void 656 tlsext_cb(SSL * s, int client_server, int type, unsigned char *data, int len, 657 void *arg) 658 { 659 BIO *bio = arg; 660 char *extname; 661 662 switch (type) { 663 case TLSEXT_TYPE_server_name: 664 extname = "server name"; 665 break; 666 667 case TLSEXT_TYPE_max_fragment_length: 668 extname = "max fragment length"; 669 break; 670 671 case TLSEXT_TYPE_client_certificate_url: 672 extname = "client certificate URL"; 673 break; 674 675 case TLSEXT_TYPE_trusted_ca_keys: 676 extname = "trusted CA keys"; 677 break; 678 679 case TLSEXT_TYPE_truncated_hmac: 680 extname = "truncated HMAC"; 681 break; 682 683 case TLSEXT_TYPE_status_request: 684 extname = "status request"; 685 break; 686 687 case TLSEXT_TYPE_user_mapping: 688 extname = "user mapping"; 689 break; 690 691 case TLSEXT_TYPE_client_authz: 692 extname = "client authz"; 693 break; 694 695 case TLSEXT_TYPE_server_authz: 696 extname = "server authz"; 697 break; 698 699 case TLSEXT_TYPE_cert_type: 700 extname = "cert type"; 701 break; 702 703 case TLSEXT_TYPE_supported_groups: 704 extname = "supported groups"; 705 break; 706 707 case TLSEXT_TYPE_ec_point_formats: 708 extname = "EC point formats"; 709 break; 710 711 case TLSEXT_TYPE_srp: 712 extname = "SRP"; 713 break; 714 715 case TLSEXT_TYPE_signature_algorithms: 716 extname = "signature algorithms"; 717 break; 718 719 case TLSEXT_TYPE_use_srtp: 720 extname = "use SRTP"; 721 break; 722 723 case TLSEXT_TYPE_heartbeat: 724 extname = "heartbeat"; 725 break; 726 727 case TLSEXT_TYPE_application_layer_protocol_negotiation: 728 extname = "application layer protocol negotiation"; 729 break; 730 731 case TLSEXT_TYPE_padding: 732 extname = "TLS padding"; 733 break; 734 735 case TLSEXT_TYPE_session_ticket: 736 extname = "session ticket"; 737 break; 738 739 #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) 740 case TLSEXT_TYPE_pre_shared_key: 741 extname = "pre shared key"; 742 break; 743 744 case TLSEXT_TYPE_early_data: 745 extname = "early data"; 746 break; 747 748 case TLSEXT_TYPE_supported_versions: 749 extname = "supported versions"; 750 break; 751 752 case TLSEXT_TYPE_cookie: 753 extname = "cookie"; 754 break; 755 756 case TLSEXT_TYPE_psk_key_exchange_modes: 757 extname = "PSK key exchange modes"; 758 break; 759 760 case TLSEXT_TYPE_certificate_authorities: 761 extname = "certificate authorities"; 762 break; 763 764 case TLSEXT_TYPE_oid_filters: 765 extname = "OID filters"; 766 break; 767 768 case TLSEXT_TYPE_post_handshake_auth: 769 extname = "post handshake auth"; 770 break; 771 772 case TLSEXT_TYPE_signature_algorithms_cert: 773 extname = "signature algorithms cert"; 774 break; 775 776 case TLSEXT_TYPE_key_share: 777 extname = "key share"; 778 break; 779 #endif 780 781 case TLSEXT_TYPE_renegotiate: 782 extname = "renegotiation info"; 783 break; 784 785 default: 786 extname = "unknown"; 787 break; 788 789 } 790 791 BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n", 792 client_server ? "server" : "client", extname, type, len); 793 BIO_dump(bio, (char *) data, len); 794 (void) BIO_flush(bio); 795 } 796 797 int 798 generate_cookie_callback(SSL * ssl, unsigned char *cookie, 799 unsigned int *cookie_len) 800 { 801 unsigned char *buffer, result[EVP_MAX_MD_SIZE]; 802 unsigned int length, resultlength; 803 union { 804 struct sockaddr sa; 805 struct sockaddr_in s4; 806 struct sockaddr_in6 s6; 807 } peer; 808 809 /* Initialize a random secret */ 810 if (!cookie_initialized) { 811 arc4random_buf(cookie_secret, COOKIE_SECRET_LENGTH); 812 cookie_initialized = 1; 813 } 814 /* Read peer information */ 815 (void) BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); 816 817 /* Create buffer with peer's address and port */ 818 length = 0; 819 switch (peer.sa.sa_family) { 820 case AF_INET: 821 length += sizeof(struct in_addr); 822 length += sizeof(peer.s4.sin_port); 823 break; 824 case AF_INET6: 825 length += sizeof(struct in6_addr); 826 length += sizeof(peer.s6.sin6_port); 827 break; 828 default: 829 OPENSSL_assert(0); 830 break; 831 } 832 buffer = malloc(length); 833 834 if (buffer == NULL) { 835 BIO_printf(bio_err, "out of memory\n"); 836 return 0; 837 } 838 switch (peer.sa.sa_family) { 839 case AF_INET: 840 memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port)); 841 memcpy(buffer + sizeof(peer.s4.sin_port), 842 &peer.s4.sin_addr, sizeof(struct in_addr)); 843 break; 844 case AF_INET6: 845 memcpy(buffer, &peer.s6.sin6_port, sizeof(peer.s6.sin6_port)); 846 memcpy(buffer + sizeof(peer.s6.sin6_port), 847 &peer.s6.sin6_addr, sizeof(struct in6_addr)); 848 break; 849 default: 850 OPENSSL_assert(0); 851 break; 852 } 853 854 /* Calculate HMAC of buffer using the secret */ 855 HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, 856 buffer, length, result, &resultlength); 857 free(buffer); 858 859 memcpy(cookie, result, resultlength); 860 *cookie_len = resultlength; 861 862 return 1; 863 } 864 865 int 866 verify_cookie_callback(SSL * ssl, const unsigned char *cookie, 867 unsigned int cookie_len) 868 { 869 unsigned char *buffer, result[EVP_MAX_MD_SIZE]; 870 unsigned int length, resultlength; 871 union { 872 struct sockaddr sa; 873 struct sockaddr_in s4; 874 struct sockaddr_in6 s6; 875 } peer; 876 877 /* If secret isn't initialized yet, the cookie can't be valid */ 878 if (!cookie_initialized) 879 return 0; 880 881 /* Read peer information */ 882 (void) BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); 883 884 /* Create buffer with peer's address and port */ 885 length = 0; 886 switch (peer.sa.sa_family) { 887 case AF_INET: 888 length += sizeof(struct in_addr); 889 length += sizeof(peer.s4.sin_port); 890 break; 891 case AF_INET6: 892 length += sizeof(struct in6_addr); 893 length += sizeof(peer.s6.sin6_port); 894 break; 895 default: 896 OPENSSL_assert(0); 897 break; 898 } 899 buffer = malloc(length); 900 901 if (buffer == NULL) { 902 BIO_printf(bio_err, "out of memory\n"); 903 return 0; 904 } 905 switch (peer.sa.sa_family) { 906 case AF_INET: 907 memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port)); 908 memcpy(buffer + sizeof(peer.s4.sin_port), 909 &peer.s4.sin_addr, sizeof(struct in_addr)); 910 break; 911 case AF_INET6: 912 memcpy(buffer, &peer.s6.sin6_port, sizeof(peer.s6.sin6_port)); 913 memcpy(buffer + sizeof(peer.s6.sin6_port), 914 &peer.s6.sin6_addr, sizeof(struct in6_addr)); 915 break; 916 default: 917 OPENSSL_assert(0); 918 break; 919 } 920 921 /* Calculate HMAC of buffer using the secret */ 922 if (HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, 923 buffer, length, result, &resultlength) == NULL) { 924 free(buffer); 925 return 0; 926 } 927 928 free(buffer); 929 930 if (cookie_len == resultlength && 931 memcmp(result, cookie, resultlength) == 0) 932 return 1; 933 934 return 0; 935 } 936