1 /* $OpenBSD: s_cb.c,v 1.11 2018/11/06 05:45:50 jsing Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 /* ==================================================================== 59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 60 * 61 * Redistribution and use in source and binary forms, with or without 62 * modification, are permitted provided that the following conditions 63 * are met: 64 * 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 68 * 2. Redistributions in binary form must reproduce the above copyright 69 * notice, this list of conditions and the following disclaimer in 70 * the documentation and/or other materials provided with the 71 * distribution. 72 * 73 * 3. All advertising materials mentioning features or use of this 74 * software must display the following acknowledgment: 75 * "This product includes software developed by the OpenSSL Project 76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77 * 78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79 * endorse or promote products derived from this software without 80 * prior written permission. For written permission, please contact 81 * openssl-core@openssl.org. 82 * 83 * 5. Products derived from this software may not be called "OpenSSL" 84 * nor may "OpenSSL" appear in their names without prior written 85 * permission of the OpenSSL Project. 86 * 87 * 6. Redistributions of any form whatsoever must retain the following 88 * acknowledgment: 89 * "This product includes software developed by the OpenSSL Project 90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91 * 92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103 * OF THE POSSIBILITY OF SUCH DAMAGE. 104 * ==================================================================== 105 * 106 * This product includes cryptographic software written by Eric Young 107 * (eay@cryptsoft.com). This product includes software written by Tim 108 * Hudson (tjh@cryptsoft.com). 109 * 110 */ 111 112 #include <sys/socket.h> 113 114 #include <netinet/in.h> 115 116 #include <netdb.h> 117 #include <stdio.h> 118 #include <stdlib.h> 119 #include <string.h> 120 121 #include "apps.h" 122 123 #include <openssl/err.h> 124 #include <openssl/ssl.h> 125 #include <openssl/x509.h> 126 127 #include "s_apps.h" 128 129 #define COOKIE_SECRET_LENGTH 16 130 131 int verify_depth = 0; 132 int verify_return_error = 0; 133 unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; 134 int cookie_initialized = 0; 135 136 int 137 verify_callback(int ok, X509_STORE_CTX * ctx) 138 { 139 X509 *err_cert; 140 int err, depth; 141 142 err_cert = X509_STORE_CTX_get_current_cert(ctx); 143 err = X509_STORE_CTX_get_error(ctx); 144 depth = X509_STORE_CTX_get_error_depth(ctx); 145 146 BIO_printf(bio_err, "depth=%d ", depth); 147 if (err_cert) { 148 X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert), 149 0, XN_FLAG_ONELINE); 150 BIO_puts(bio_err, "\n"); 151 } else 152 BIO_puts(bio_err, "<no cert>\n"); 153 if (!ok) { 154 BIO_printf(bio_err, "verify error:num=%d:%s\n", err, 155 X509_verify_cert_error_string(err)); 156 if (verify_depth >= depth) { 157 if (!verify_return_error) 158 ok = 1; 159 } else { 160 ok = 0; 161 } 162 } 163 switch (err) { 164 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 165 BIO_puts(bio_err, "issuer= "); 166 if (err_cert == NULL) 167 BIO_puts(bio_err, "<error getting cert>"); 168 else 169 X509_NAME_print_ex(bio_err, 170 X509_get_issuer_name(err_cert), 0, XN_FLAG_ONELINE); 171 BIO_puts(bio_err, "\n"); 172 break; 173 case X509_V_ERR_CERT_NOT_YET_VALID: 174 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: 175 BIO_printf(bio_err, "notBefore="); 176 if (err_cert == NULL) 177 BIO_printf(bio_err, " <error getting cert>"); 178 else 179 ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert)); 180 BIO_printf(bio_err, "\n"); 181 break; 182 case X509_V_ERR_CERT_HAS_EXPIRED: 183 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: 184 BIO_printf(bio_err, "notAfter="); 185 if (err_cert == NULL) 186 BIO_printf(bio_err, " <error getting cert>"); 187 else 188 ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert)); 189 BIO_printf(bio_err, "\n"); 190 break; 191 case X509_V_ERR_NO_EXPLICIT_POLICY: 192 policies_print(bio_err, ctx); 193 break; 194 } 195 if (err == X509_V_OK && ok == 2) 196 policies_print(bio_err, ctx); 197 198 BIO_printf(bio_err, "verify return:%d\n", ok); 199 return (ok); 200 } 201 202 int 203 set_cert_stuff(SSL_CTX * ctx, char *cert_file, char *key_file) 204 { 205 if (cert_file != NULL) { 206 /* 207 SSL *ssl; 208 X509 *x509; 209 */ 210 211 if (SSL_CTX_use_certificate_file(ctx, cert_file, 212 SSL_FILETYPE_PEM) <= 0) { 213 BIO_printf(bio_err, 214 "unable to get certificate from '%s'\n", cert_file); 215 ERR_print_errors(bio_err); 216 return (0); 217 } 218 if (key_file == NULL) 219 key_file = cert_file; 220 if (SSL_CTX_use_PrivateKey_file(ctx, key_file, 221 SSL_FILETYPE_PEM) <= 0) { 222 BIO_printf(bio_err, 223 "unable to get private key from '%s'\n", key_file); 224 ERR_print_errors(bio_err); 225 return (0); 226 } 227 /* 228 In theory this is no longer needed 229 ssl=SSL_new(ctx); 230 x509=SSL_get_certificate(ssl); 231 232 if (x509 != NULL) { 233 EVP_PKEY *pktmp; 234 pktmp = X509_get_pubkey(x509); 235 EVP_PKEY_copy_parameters(pktmp, 236 SSL_get_privatekey(ssl)); 237 EVP_PKEY_free(pktmp); 238 } 239 SSL_free(ssl); 240 */ 241 242 /* 243 * If we are using DSA, we can copy the parameters from the 244 * private key 245 */ 246 247 248 /* 249 * Now we know that a key and cert have been set against the 250 * SSL context 251 */ 252 if (!SSL_CTX_check_private_key(ctx)) { 253 BIO_printf(bio_err, 254 "Private key does not match the certificate public key\n"); 255 return (0); 256 } 257 } 258 return (1); 259 } 260 261 int 262 set_cert_key_stuff(SSL_CTX * ctx, X509 * cert, EVP_PKEY * key) 263 { 264 if (cert == NULL) 265 return 1; 266 if (SSL_CTX_use_certificate(ctx, cert) <= 0) { 267 BIO_printf(bio_err, "error setting certificate\n"); 268 ERR_print_errors(bio_err); 269 return 0; 270 } 271 if (SSL_CTX_use_PrivateKey(ctx, key) <= 0) { 272 BIO_printf(bio_err, "error setting private key\n"); 273 ERR_print_errors(bio_err); 274 return 0; 275 } 276 /* 277 * Now we know that a key and cert have been set against the SSL 278 * context 279 */ 280 if (!SSL_CTX_check_private_key(ctx)) { 281 BIO_printf(bio_err, 282 "Private key does not match the certificate public key\n"); 283 return 0; 284 } 285 return 1; 286 } 287 288 int 289 ssl_print_tmp_key(BIO *out, SSL *s) 290 { 291 const char *cname; 292 EVP_PKEY *pkey; 293 EC_KEY *ec; 294 int nid; 295 296 if (!SSL_get_server_tmp_key(s, &pkey)) 297 return 0; 298 299 BIO_puts(out, "Server Temp Key: "); 300 switch (EVP_PKEY_id(pkey)) { 301 case EVP_PKEY_DH: 302 BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(pkey)); 303 break; 304 305 case EVP_PKEY_EC: 306 ec = EVP_PKEY_get1_EC_KEY(pkey); 307 nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); 308 EC_KEY_free(ec); 309 310 if ((cname = EC_curve_nid2nist(nid)) == NULL) 311 cname = OBJ_nid2sn(nid); 312 313 BIO_printf(out, "ECDH, %s, %d bits\n", cname, EVP_PKEY_bits(pkey)); 314 break; 315 316 default: 317 BIO_printf(out, "%s, %d bits\n", OBJ_nid2sn(EVP_PKEY_id(pkey)), 318 EVP_PKEY_bits(pkey)); 319 } 320 321 EVP_PKEY_free(pkey); 322 return 1; 323 } 324 325 long 326 bio_dump_callback(BIO * bio, int cmd, const char *argp, 327 int argi, long argl, long ret) 328 { 329 BIO *out; 330 331 out = (BIO *) BIO_get_callback_arg(bio); 332 if (out == NULL) 333 return (ret); 334 335 if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) { 336 BIO_printf(out, 337 "read from %p [%p] (%lu bytes => %ld (0x%lX))\n", 338 (void *) bio, argp, (unsigned long) argi, ret, ret); 339 BIO_dump(out, argp, (int) ret); 340 return (ret); 341 } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) { 342 BIO_printf(out, 343 "write to %p [%p] (%lu bytes => %ld (0x%lX))\n", 344 (void *) bio, argp, (unsigned long) argi, ret, ret); 345 BIO_dump(out, argp, (int) ret); 346 } 347 return (ret); 348 } 349 350 void 351 apps_ssl_info_callback(const SSL * s, int where, int ret) 352 { 353 const char *str; 354 int w; 355 356 w = where & ~SSL_ST_MASK; 357 358 if (w & SSL_ST_CONNECT) 359 str = "SSL_connect"; 360 else if (w & SSL_ST_ACCEPT) 361 str = "SSL_accept"; 362 else 363 str = "undefined"; 364 365 if (where & SSL_CB_LOOP) { 366 BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s)); 367 } else if (where & SSL_CB_ALERT) { 368 str = (where & SSL_CB_READ) ? "read" : "write"; 369 BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n", str, 370 SSL_alert_type_string_long(ret), 371 SSL_alert_desc_string_long(ret)); 372 } else if (where & SSL_CB_EXIT) { 373 if (ret == 0) 374 BIO_printf(bio_err, "%s:failed in %s\n", 375 str, SSL_state_string_long(s)); 376 else if (ret < 0) { 377 BIO_printf(bio_err, "%s:error in %s\n", 378 str, SSL_state_string_long(s)); 379 } 380 } 381 } 382 383 384 void 385 msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL * ssl, void *arg) 386 { 387 BIO *bio = arg; 388 const char *str_write_p, *str_version, *str_content_type = "", 389 *str_details1 = "", *str_details2 = ""; 390 391 str_write_p = write_p ? ">>>" : "<<<"; 392 393 switch (version) { 394 case SSL2_VERSION: 395 str_version = "SSL 2.0"; 396 break; 397 case SSL3_VERSION: 398 str_version = "SSL 3.0 "; 399 break; 400 case TLS1_VERSION: 401 str_version = "TLS 1.0 "; 402 break; 403 case TLS1_1_VERSION: 404 str_version = "TLS 1.1 "; 405 break; 406 case TLS1_2_VERSION: 407 str_version = "TLS 1.2 "; 408 break; 409 case DTLS1_VERSION: 410 str_version = "DTLS 1.0 "; 411 break; 412 default: 413 str_version = "???"; 414 } 415 416 if (version == SSL2_VERSION) { 417 str_details1 = "???"; 418 419 if (len > 0) { 420 switch (((const unsigned char *) buf)[0]) { 421 case 0: 422 str_details1 = ", ERROR:"; 423 str_details2 = " ???"; 424 if (len >= 3) { 425 unsigned err = (((const unsigned char *) buf)[1] << 8) + ((const unsigned char *) buf)[2]; 426 427 switch (err) { 428 case 0x0001: 429 str_details2 = " NO-CIPHER-ERROR"; 430 break; 431 case 0x0002: 432 str_details2 = " NO-CERTIFICATE-ERROR"; 433 break; 434 case 0x0004: 435 str_details2 = " BAD-CERTIFICATE-ERROR"; 436 break; 437 case 0x0006: 438 str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR"; 439 break; 440 } 441 } 442 break; 443 case 1: 444 str_details1 = ", CLIENT-HELLO"; 445 break; 446 case 2: 447 str_details1 = ", CLIENT-MASTER-KEY"; 448 break; 449 case 3: 450 str_details1 = ", CLIENT-FINISHED"; 451 break; 452 case 4: 453 str_details1 = ", SERVER-HELLO"; 454 break; 455 case 5: 456 str_details1 = ", SERVER-VERIFY"; 457 break; 458 case 6: 459 str_details1 = ", SERVER-FINISHED"; 460 break; 461 case 7: 462 str_details1 = ", REQUEST-CERTIFICATE"; 463 break; 464 case 8: 465 str_details1 = ", CLIENT-CERTIFICATE"; 466 break; 467 } 468 } 469 } 470 if (version == SSL3_VERSION || version == TLS1_VERSION || 471 version == TLS1_1_VERSION || version == TLS1_2_VERSION || 472 version == DTLS1_VERSION) { 473 switch (content_type) { 474 case 20: 475 str_content_type = "ChangeCipherSpec"; 476 break; 477 case 21: 478 str_content_type = "Alert"; 479 break; 480 case 22: 481 str_content_type = "Handshake"; 482 break; 483 } 484 485 if (content_type == 21) { /* Alert */ 486 str_details1 = ", ???"; 487 488 if (len == 2) { 489 switch (((const unsigned char *) buf)[0]) { 490 case 1: 491 str_details1 = ", warning"; 492 break; 493 case 2: 494 str_details1 = ", fatal"; 495 break; 496 } 497 498 str_details2 = " ???"; 499 switch (((const unsigned char *) buf)[1]) { 500 case 0: 501 str_details2 = " close_notify"; 502 break; 503 case 10: 504 str_details2 = " unexpected_message"; 505 break; 506 case 20: 507 str_details2 = " bad_record_mac"; 508 break; 509 case 21: 510 str_details2 = " decryption_failed"; 511 break; 512 case 22: 513 str_details2 = " record_overflow"; 514 break; 515 case 30: 516 str_details2 = " decompression_failure"; 517 break; 518 case 40: 519 str_details2 = " handshake_failure"; 520 break; 521 case 42: 522 str_details2 = " bad_certificate"; 523 break; 524 case 43: 525 str_details2 = " unsupported_certificate"; 526 break; 527 case 44: 528 str_details2 = " certificate_revoked"; 529 break; 530 case 45: 531 str_details2 = " certificate_expired"; 532 break; 533 case 46: 534 str_details2 = " certificate_unknown"; 535 break; 536 case 47: 537 str_details2 = " illegal_parameter"; 538 break; 539 case 48: 540 str_details2 = " unknown_ca"; 541 break; 542 case 49: 543 str_details2 = " access_denied"; 544 break; 545 case 50: 546 str_details2 = " decode_error"; 547 break; 548 case 51: 549 str_details2 = " decrypt_error"; 550 break; 551 case 60: 552 str_details2 = " export_restriction"; 553 break; 554 case 70: 555 str_details2 = " protocol_version"; 556 break; 557 case 71: 558 str_details2 = " insufficient_security"; 559 break; 560 case 80: 561 str_details2 = " internal_error"; 562 break; 563 case 90: 564 str_details2 = " user_canceled"; 565 break; 566 case 100: 567 str_details2 = " no_renegotiation"; 568 break; 569 case 110: 570 str_details2 = " unsupported_extension"; 571 break; 572 case 111: 573 str_details2 = " certificate_unobtainable"; 574 break; 575 case 112: 576 str_details2 = " unrecognized_name"; 577 break; 578 case 113: 579 str_details2 = " bad_certificate_status_response"; 580 break; 581 case 114: 582 str_details2 = " bad_certificate_hash_value"; 583 break; 584 case 115: 585 str_details2 = " unknown_psk_identity"; 586 break; 587 } 588 } 589 } 590 if (content_type == 22) { /* Handshake */ 591 str_details1 = "???"; 592 593 if (len > 0) { 594 switch (((const unsigned char *) buf)[0]) { 595 case 0: 596 str_details1 = ", HelloRequest"; 597 break; 598 case 1: 599 str_details1 = ", ClientHello"; 600 break; 601 case 2: 602 str_details1 = ", ServerHello"; 603 break; 604 case 3: 605 str_details1 = ", HelloVerifyRequest"; 606 break; 607 case 11: 608 str_details1 = ", Certificate"; 609 break; 610 case 12: 611 str_details1 = ", ServerKeyExchange"; 612 break; 613 case 13: 614 str_details1 = ", CertificateRequest"; 615 break; 616 case 14: 617 str_details1 = ", ServerHelloDone"; 618 break; 619 case 15: 620 str_details1 = ", CertificateVerify"; 621 break; 622 case 16: 623 str_details1 = ", ClientKeyExchange"; 624 break; 625 case 20: 626 str_details1 = ", Finished"; 627 break; 628 } 629 } 630 } 631 } 632 BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, 633 str_version, str_content_type, (unsigned long) len, 634 str_details1, str_details2); 635 636 if (len > 0) { 637 size_t num, i; 638 639 BIO_printf(bio, " "); 640 num = len; 641 642 for (i = 0; i < num; i++) { 643 if (i % 16 == 0 && i > 0) 644 BIO_printf(bio, "\n "); 645 BIO_printf(bio, " %02x", 646 ((const unsigned char *) buf)[i]); 647 } 648 if (i < len) 649 BIO_printf(bio, " ..."); 650 BIO_printf(bio, "\n"); 651 } 652 (void) BIO_flush(bio); 653 } 654 655 void 656 tlsext_cb(SSL * s, int client_server, int type, unsigned char *data, int len, 657 void *arg) 658 { 659 BIO *bio = arg; 660 char *extname; 661 662 switch (type) { 663 case TLSEXT_TYPE_server_name: 664 extname = "server name"; 665 break; 666 667 case TLSEXT_TYPE_max_fragment_length: 668 extname = "max fragment length"; 669 break; 670 671 case TLSEXT_TYPE_client_certificate_url: 672 extname = "client certificate URL"; 673 break; 674 675 case TLSEXT_TYPE_trusted_ca_keys: 676 extname = "trusted CA keys"; 677 break; 678 679 case TLSEXT_TYPE_truncated_hmac: 680 extname = "truncated HMAC"; 681 break; 682 683 case TLSEXT_TYPE_status_request: 684 extname = "status request"; 685 break; 686 687 case TLSEXT_TYPE_user_mapping: 688 extname = "user mapping"; 689 break; 690 691 case TLSEXT_TYPE_client_authz: 692 extname = "client authz"; 693 break; 694 695 case TLSEXT_TYPE_server_authz: 696 extname = "server authz"; 697 break; 698 699 case TLSEXT_TYPE_cert_type: 700 extname = "cert type"; 701 break; 702 703 case TLSEXT_TYPE_supported_groups: 704 extname = "supported groups"; 705 break; 706 707 case TLSEXT_TYPE_ec_point_formats: 708 extname = "EC point formats"; 709 break; 710 711 case TLSEXT_TYPE_srp: 712 extname = "SRP"; 713 break; 714 715 case TLSEXT_TYPE_signature_algorithms: 716 extname = "signature algorithms"; 717 break; 718 719 case TLSEXT_TYPE_use_srtp: 720 extname = "use SRTP"; 721 break; 722 723 case TLSEXT_TYPE_heartbeat: 724 extname = "heartbeat"; 725 break; 726 727 case TLSEXT_TYPE_session_ticket: 728 extname = "session ticket"; 729 break; 730 731 case TLSEXT_TYPE_renegotiate: 732 extname = "renegotiation info"; 733 break; 734 735 case TLSEXT_TYPE_application_layer_protocol_negotiation: 736 extname = "application layer protocol negotiation"; 737 break; 738 739 case TLSEXT_TYPE_padding: 740 extname = "TLS padding"; 741 break; 742 743 default: 744 extname = "unknown"; 745 break; 746 747 } 748 749 BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n", 750 client_server ? "server" : "client", extname, type, len); 751 BIO_dump(bio, (char *) data, len); 752 (void) BIO_flush(bio); 753 } 754 755 int 756 generate_cookie_callback(SSL * ssl, unsigned char *cookie, 757 unsigned int *cookie_len) 758 { 759 unsigned char *buffer, result[EVP_MAX_MD_SIZE]; 760 unsigned int length, resultlength; 761 union { 762 struct sockaddr sa; 763 struct sockaddr_in s4; 764 struct sockaddr_in6 s6; 765 } peer; 766 767 /* Initialize a random secret */ 768 if (!cookie_initialized) { 769 arc4random_buf(cookie_secret, COOKIE_SECRET_LENGTH); 770 cookie_initialized = 1; 771 } 772 /* Read peer information */ 773 (void) BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); 774 775 /* Create buffer with peer's address and port */ 776 length = 0; 777 switch (peer.sa.sa_family) { 778 case AF_INET: 779 length += sizeof(struct in_addr); 780 length += sizeof(peer.s4.sin_port); 781 break; 782 case AF_INET6: 783 length += sizeof(struct in6_addr); 784 length += sizeof(peer.s6.sin6_port); 785 break; 786 default: 787 OPENSSL_assert(0); 788 break; 789 } 790 buffer = malloc(length); 791 792 if (buffer == NULL) { 793 BIO_printf(bio_err, "out of memory\n"); 794 return 0; 795 } 796 switch (peer.sa.sa_family) { 797 case AF_INET: 798 memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port)); 799 memcpy(buffer + sizeof(peer.s4.sin_port), 800 &peer.s4.sin_addr, sizeof(struct in_addr)); 801 break; 802 case AF_INET6: 803 memcpy(buffer, &peer.s6.sin6_port, sizeof(peer.s6.sin6_port)); 804 memcpy(buffer + sizeof(peer.s6.sin6_port), 805 &peer.s6.sin6_addr, sizeof(struct in6_addr)); 806 break; 807 default: 808 OPENSSL_assert(0); 809 break; 810 } 811 812 /* Calculate HMAC of buffer using the secret */ 813 HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, 814 buffer, length, result, &resultlength); 815 free(buffer); 816 817 memcpy(cookie, result, resultlength); 818 *cookie_len = resultlength; 819 820 return 1; 821 } 822 823 int 824 verify_cookie_callback(SSL * ssl, const unsigned char *cookie, 825 unsigned int cookie_len) 826 { 827 unsigned char *buffer, result[EVP_MAX_MD_SIZE]; 828 unsigned int length, resultlength; 829 union { 830 struct sockaddr sa; 831 struct sockaddr_in s4; 832 struct sockaddr_in6 s6; 833 } peer; 834 835 /* If secret isn't initialized yet, the cookie can't be valid */ 836 if (!cookie_initialized) 837 return 0; 838 839 /* Read peer information */ 840 (void) BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); 841 842 /* Create buffer with peer's address and port */ 843 length = 0; 844 switch (peer.sa.sa_family) { 845 case AF_INET: 846 length += sizeof(struct in_addr); 847 length += sizeof(peer.s4.sin_port); 848 break; 849 case AF_INET6: 850 length += sizeof(struct in6_addr); 851 length += sizeof(peer.s6.sin6_port); 852 break; 853 default: 854 OPENSSL_assert(0); 855 break; 856 } 857 buffer = malloc(length); 858 859 if (buffer == NULL) { 860 BIO_printf(bio_err, "out of memory\n"); 861 return 0; 862 } 863 switch (peer.sa.sa_family) { 864 case AF_INET: 865 memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port)); 866 memcpy(buffer + sizeof(peer.s4.sin_port), 867 &peer.s4.sin_addr, sizeof(struct in_addr)); 868 break; 869 case AF_INET6: 870 memcpy(buffer, &peer.s6.sin6_port, sizeof(peer.s6.sin6_port)); 871 memcpy(buffer + sizeof(peer.s6.sin6_port), 872 &peer.s6.sin6_addr, sizeof(struct in6_addr)); 873 break; 874 default: 875 OPENSSL_assert(0); 876 break; 877 } 878 879 /* Calculate HMAC of buffer using the secret */ 880 HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, 881 buffer, length, result, &resultlength); 882 free(buffer); 883 884 if (cookie_len == resultlength && 885 memcmp(result, cookie, resultlength) == 0) 886 return 1; 887 888 return 0; 889 } 890