s_cb.c revision 280304
1/* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58/* ==================================================================== 59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 60 * 61 * Redistribution and use in source and binary forms, with or without 62 * modification, are permitted provided that the following conditions 63 * are met: 64 * 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 68 * 2. Redistributions in binary form must reproduce the above copyright 69 * notice, this list of conditions and the following disclaimer in 70 * the documentation and/or other materials provided with the 71 * distribution. 72 * 73 * 3. All advertising materials mentioning features or use of this 74 * software must display the following acknowledgment: 75 * "This product includes software developed by the OpenSSL Project 76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77 * 78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79 * endorse or promote products derived from this software without 80 * prior written permission. For written permission, please contact 81 * openssl-core@openssl.org. 82 * 83 * 5. Products derived from this software may not be called "OpenSSL" 84 * nor may "OpenSSL" appear in their names without prior written 85 * permission of the OpenSSL Project. 86 * 87 * 6. Redistributions of any form whatsoever must retain the following 88 * acknowledgment: 89 * "This product includes software developed by the OpenSSL Project 90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91 * 92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103 * OF THE POSSIBILITY OF SUCH DAMAGE. 104 * ==================================================================== 105 * 106 * This product includes cryptographic software written by Eric Young 107 * (eay@cryptsoft.com). This product includes software written by Tim 108 * Hudson (tjh@cryptsoft.com). 109 * 110 */ 111 112#include <stdio.h> 113#include <stdlib.h> 114#define USE_SOCKETS 115#define NON_MAIN 116#include "apps.h" 117#undef NON_MAIN 118#undef USE_SOCKETS 119#include <openssl/err.h> 120#include <openssl/rand.h> 121#include <openssl/x509.h> 122#include <openssl/ssl.h> 123#include "s_apps.h" 124 125#define COOKIE_SECRET_LENGTH 16 126 127int verify_depth = 0; 128int verify_error = X509_V_OK; 129int verify_return_error = 0; 130unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; 131int cookie_initialized = 0; 132 133int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) 134{ 135 X509 *err_cert; 136 int err, depth; 137 138 err_cert = X509_STORE_CTX_get_current_cert(ctx); 139 err = X509_STORE_CTX_get_error(ctx); 140 depth = X509_STORE_CTX_get_error_depth(ctx); 141 142 BIO_printf(bio_err, "depth=%d ", depth); 143 if (err_cert) { 144 X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert), 145 0, XN_FLAG_ONELINE); 146 BIO_puts(bio_err, "\n"); 147 } else 148 BIO_puts(bio_err, "<no cert>\n"); 149 if (!ok) { 150 BIO_printf(bio_err, "verify error:num=%d:%s\n", err, 151 X509_verify_cert_error_string(err)); 152 if (verify_depth >= depth) { 153 if (!verify_return_error) 154 ok = 1; 155 verify_error = X509_V_OK; 156 } else { 157 ok = 0; 158 verify_error = X509_V_ERR_CERT_CHAIN_TOO_LONG; 159 } 160 } 161 switch (err) { 162 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 163 BIO_puts(bio_err, "issuer= "); 164 X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), 165 0, XN_FLAG_ONELINE); 166 BIO_puts(bio_err, "\n"); 167 break; 168 case X509_V_ERR_CERT_NOT_YET_VALID: 169 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: 170 BIO_printf(bio_err, "notBefore="); 171 ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert)); 172 BIO_printf(bio_err, "\n"); 173 break; 174 case X509_V_ERR_CERT_HAS_EXPIRED: 175 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: 176 BIO_printf(bio_err, "notAfter="); 177 ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert)); 178 BIO_printf(bio_err, "\n"); 179 break; 180 case X509_V_ERR_NO_EXPLICIT_POLICY: 181 policies_print(bio_err, ctx); 182 break; 183 } 184 if (err == X509_V_OK && ok == 2) 185 policies_print(bio_err, ctx); 186 187 BIO_printf(bio_err, "verify return:%d\n", ok); 188 return (ok); 189} 190 191int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) 192{ 193 if (cert_file != NULL) { 194 /*- 195 SSL *ssl; 196 X509 *x509; 197 */ 198 199 if (SSL_CTX_use_certificate_file(ctx, cert_file, 200 SSL_FILETYPE_PEM) <= 0) { 201 BIO_printf(bio_err, "unable to get certificate from '%s'\n", 202 cert_file); 203 ERR_print_errors(bio_err); 204 return (0); 205 } 206 if (key_file == NULL) 207 key_file = cert_file; 208 if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) { 209 BIO_printf(bio_err, "unable to get private key from '%s'\n", 210 key_file); 211 ERR_print_errors(bio_err); 212 return (0); 213 } 214 215 /*- 216 In theory this is no longer needed 217 ssl=SSL_new(ctx); 218 x509=SSL_get_certificate(ssl); 219 220 if (x509 != NULL) { 221 EVP_PKEY *pktmp; 222 pktmp = X509_get_pubkey(x509); 223 EVP_PKEY_copy_parameters(pktmp, 224 SSL_get_privatekey(ssl)); 225 EVP_PKEY_free(pktmp); 226 } 227 SSL_free(ssl); 228 */ 229 230 /* 231 * If we are using DSA, we can copy the parameters from the private 232 * key 233 */ 234 235 /* 236 * Now we know that a key and cert have been set against the SSL 237 * context 238 */ 239 if (!SSL_CTX_check_private_key(ctx)) { 240 BIO_printf(bio_err, 241 "Private key does not match the certificate public key\n"); 242 return (0); 243 } 244 } 245 return (1); 246} 247 248int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key) 249{ 250 if (cert == NULL) 251 return 1; 252 if (SSL_CTX_use_certificate(ctx, cert) <= 0) { 253 BIO_printf(bio_err, "error setting certificate\n"); 254 ERR_print_errors(bio_err); 255 return 0; 256 } 257 if (SSL_CTX_use_PrivateKey(ctx, key) <= 0) { 258 BIO_printf(bio_err, "error setting private key\n"); 259 ERR_print_errors(bio_err); 260 return 0; 261 } 262 263 /* 264 * Now we know that a key and cert have been set against the SSL context 265 */ 266 if (!SSL_CTX_check_private_key(ctx)) { 267 BIO_printf(bio_err, 268 "Private key does not match the certificate public key\n"); 269 return 0; 270 } 271 return 1; 272} 273 274long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, 275 int argi, long argl, long ret) 276{ 277 BIO *out; 278 279 out = (BIO *)BIO_get_callback_arg(bio); 280 if (out == NULL) 281 return (ret); 282 283 if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) { 284 BIO_printf(out, "read from %p [%p] (%lu bytes => %ld (0x%lX))\n", 285 (void *)bio, argp, (unsigned long)argi, ret, ret); 286 BIO_dump(out, argp, (int)ret); 287 return (ret); 288 } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) { 289 BIO_printf(out, "write to %p [%p] (%lu bytes => %ld (0x%lX))\n", 290 (void *)bio, argp, (unsigned long)argi, ret, ret); 291 BIO_dump(out, argp, (int)ret); 292 } 293 return (ret); 294} 295 296void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret) 297{ 298 const char *str; 299 int w; 300 301 w = where & ~SSL_ST_MASK; 302 303 if (w & SSL_ST_CONNECT) 304 str = "SSL_connect"; 305 else if (w & SSL_ST_ACCEPT) 306 str = "SSL_accept"; 307 else 308 str = "undefined"; 309 310 if (where & SSL_CB_LOOP) { 311 BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s)); 312 } else if (where & SSL_CB_ALERT) { 313 str = (where & SSL_CB_READ) ? "read" : "write"; 314 BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n", 315 str, 316 SSL_alert_type_string_long(ret), 317 SSL_alert_desc_string_long(ret)); 318 } else if (where & SSL_CB_EXIT) { 319 if (ret == 0) 320 BIO_printf(bio_err, "%s:failed in %s\n", 321 str, SSL_state_string_long(s)); 322 else if (ret < 0) { 323 BIO_printf(bio_err, "%s:error in %s\n", 324 str, SSL_state_string_long(s)); 325 } 326 } 327} 328 329void MS_CALLBACK msg_cb(int write_p, int version, int content_type, 330 const void *buf, size_t len, SSL *ssl, void *arg) 331{ 332 BIO *bio = arg; 333 const char *str_write_p, *str_version, *str_content_type = 334 "", *str_details1 = "", *str_details2 = ""; 335 336 str_write_p = write_p ? ">>>" : "<<<"; 337 338 switch (version) { 339 case SSL2_VERSION: 340 str_version = "SSL 2.0"; 341 break; 342 case SSL3_VERSION: 343 str_version = "SSL 3.0 "; 344 break; 345 case TLS1_VERSION: 346 str_version = "TLS 1.0 "; 347 break; 348 case TLS1_1_VERSION: 349 str_version = "TLS 1.1 "; 350 break; 351 case TLS1_2_VERSION: 352 str_version = "TLS 1.2 "; 353 break; 354 case DTLS1_VERSION: 355 str_version = "DTLS 1.0 "; 356 break; 357 case DTLS1_BAD_VER: 358 str_version = "DTLS 1.0 (bad) "; 359 break; 360 default: 361 str_version = "???"; 362 } 363 364 if (version == SSL2_VERSION) { 365 str_details1 = "???"; 366 367 if (len > 0) { 368 switch (((const unsigned char *)buf)[0]) { 369 case 0: 370 str_details1 = ", ERROR:"; 371 str_details2 = " ???"; 372 if (len >= 3) { 373 unsigned err = 374 (((const unsigned char *)buf)[1] << 8) + 375 ((const unsigned char *)buf)[2]; 376 377 switch (err) { 378 case 0x0001: 379 str_details2 = " NO-CIPHER-ERROR"; 380 break; 381 case 0x0002: 382 str_details2 = " NO-CERTIFICATE-ERROR"; 383 break; 384 case 0x0004: 385 str_details2 = " BAD-CERTIFICATE-ERROR"; 386 break; 387 case 0x0006: 388 str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR"; 389 break; 390 } 391 } 392 393 break; 394 case 1: 395 str_details1 = ", CLIENT-HELLO"; 396 break; 397 case 2: 398 str_details1 = ", CLIENT-MASTER-KEY"; 399 break; 400 case 3: 401 str_details1 = ", CLIENT-FINISHED"; 402 break; 403 case 4: 404 str_details1 = ", SERVER-HELLO"; 405 break; 406 case 5: 407 str_details1 = ", SERVER-VERIFY"; 408 break; 409 case 6: 410 str_details1 = ", SERVER-FINISHED"; 411 break; 412 case 7: 413 str_details1 = ", REQUEST-CERTIFICATE"; 414 break; 415 case 8: 416 str_details1 = ", CLIENT-CERTIFICATE"; 417 break; 418 } 419 } 420 } 421 422 if (version == SSL3_VERSION || 423 version == TLS1_VERSION || 424 version == TLS1_1_VERSION || 425 version == TLS1_2_VERSION || 426 version == DTLS1_VERSION || version == DTLS1_BAD_VER) { 427 switch (content_type) { 428 case 20: 429 str_content_type = "ChangeCipherSpec"; 430 break; 431 case 21: 432 str_content_type = "Alert"; 433 break; 434 case 22: 435 str_content_type = "Handshake"; 436 break; 437 } 438 439 if (content_type == 21) { /* Alert */ 440 str_details1 = ", ???"; 441 442 if (len == 2) { 443 switch (((const unsigned char *)buf)[0]) { 444 case 1: 445 str_details1 = ", warning"; 446 break; 447 case 2: 448 str_details1 = ", fatal"; 449 break; 450 } 451 452 str_details2 = " ???"; 453 switch (((const unsigned char *)buf)[1]) { 454 case 0: 455 str_details2 = " close_notify"; 456 break; 457 case 10: 458 str_details2 = " unexpected_message"; 459 break; 460 case 20: 461 str_details2 = " bad_record_mac"; 462 break; 463 case 21: 464 str_details2 = " decryption_failed"; 465 break; 466 case 22: 467 str_details2 = " record_overflow"; 468 break; 469 case 30: 470 str_details2 = " decompression_failure"; 471 break; 472 case 40: 473 str_details2 = " handshake_failure"; 474 break; 475 case 42: 476 str_details2 = " bad_certificate"; 477 break; 478 case 43: 479 str_details2 = " unsupported_certificate"; 480 break; 481 case 44: 482 str_details2 = " certificate_revoked"; 483 break; 484 case 45: 485 str_details2 = " certificate_expired"; 486 break; 487 case 46: 488 str_details2 = " certificate_unknown"; 489 break; 490 case 47: 491 str_details2 = " illegal_parameter"; 492 break; 493 case 48: 494 str_details2 = " unknown_ca"; 495 break; 496 case 49: 497 str_details2 = " access_denied"; 498 break; 499 case 50: 500 str_details2 = " decode_error"; 501 break; 502 case 51: 503 str_details2 = " decrypt_error"; 504 break; 505 case 60: 506 str_details2 = " export_restriction"; 507 break; 508 case 70: 509 str_details2 = " protocol_version"; 510 break; 511 case 71: 512 str_details2 = " insufficient_security"; 513 break; 514 case 80: 515 str_details2 = " internal_error"; 516 break; 517 case 90: 518 str_details2 = " user_canceled"; 519 break; 520 case 100: 521 str_details2 = " no_renegotiation"; 522 break; 523 case 110: 524 str_details2 = " unsupported_extension"; 525 break; 526 case 111: 527 str_details2 = " certificate_unobtainable"; 528 break; 529 case 112: 530 str_details2 = " unrecognized_name"; 531 break; 532 case 113: 533 str_details2 = " bad_certificate_status_response"; 534 break; 535 case 114: 536 str_details2 = " bad_certificate_hash_value"; 537 break; 538 case 115: 539 str_details2 = " unknown_psk_identity"; 540 break; 541 } 542 } 543 } 544 545 if (content_type == 22) { /* Handshake */ 546 str_details1 = "???"; 547 548 if (len > 0) { 549 switch (((const unsigned char *)buf)[0]) { 550 case 0: 551 str_details1 = ", HelloRequest"; 552 break; 553 case 1: 554 str_details1 = ", ClientHello"; 555 break; 556 case 2: 557 str_details1 = ", ServerHello"; 558 break; 559 case 3: 560 str_details1 = ", HelloVerifyRequest"; 561 break; 562 case 11: 563 str_details1 = ", Certificate"; 564 break; 565 case 12: 566 str_details1 = ", ServerKeyExchange"; 567 break; 568 case 13: 569 str_details1 = ", CertificateRequest"; 570 break; 571 case 14: 572 str_details1 = ", ServerHelloDone"; 573 break; 574 case 15: 575 str_details1 = ", CertificateVerify"; 576 break; 577 case 16: 578 str_details1 = ", ClientKeyExchange"; 579 break; 580 case 20: 581 str_details1 = ", Finished"; 582 break; 583 } 584 } 585 } 586#ifndef OPENSSL_NO_HEARTBEATS 587 if (content_type == 24) { /* Heartbeat */ 588 str_details1 = ", Heartbeat"; 589 590 if (len > 0) { 591 switch (((const unsigned char *)buf)[0]) { 592 case 1: 593 str_details1 = ", HeartbeatRequest"; 594 break; 595 case 2: 596 str_details1 = ", HeartbeatResponse"; 597 break; 598 } 599 } 600 } 601#endif 602 } 603 604 BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, 605 str_content_type, (unsigned long)len, str_details1, 606 str_details2); 607 608 if (len > 0) { 609 size_t num, i; 610 611 BIO_printf(bio, " "); 612 num = len; 613#if 0 614 if (num > 16) 615 num = 16; 616#endif 617 for (i = 0; i < num; i++) { 618 if (i % 16 == 0 && i > 0) 619 BIO_printf(bio, "\n "); 620 BIO_printf(bio, " %02x", ((const unsigned char *)buf)[i]); 621 } 622 if (i < len) 623 BIO_printf(bio, " ..."); 624 BIO_printf(bio, "\n"); 625 } 626 (void)BIO_flush(bio); 627} 628 629void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type, 630 unsigned char *data, int len, void *arg) 631{ 632 BIO *bio = arg; 633 char *extname; 634 635 switch (type) { 636 case TLSEXT_TYPE_server_name: 637 extname = "server name"; 638 break; 639 640 case TLSEXT_TYPE_max_fragment_length: 641 extname = "max fragment length"; 642 break; 643 644 case TLSEXT_TYPE_client_certificate_url: 645 extname = "client certificate URL"; 646 break; 647 648 case TLSEXT_TYPE_trusted_ca_keys: 649 extname = "trusted CA keys"; 650 break; 651 652 case TLSEXT_TYPE_truncated_hmac: 653 extname = "truncated HMAC"; 654 break; 655 656 case TLSEXT_TYPE_status_request: 657 extname = "status request"; 658 break; 659 660 case TLSEXT_TYPE_user_mapping: 661 extname = "user mapping"; 662 break; 663 664 case TLSEXT_TYPE_client_authz: 665 extname = "client authz"; 666 break; 667 668 case TLSEXT_TYPE_server_authz: 669 extname = "server authz"; 670 break; 671 672 case TLSEXT_TYPE_cert_type: 673 extname = "cert type"; 674 break; 675 676 case TLSEXT_TYPE_elliptic_curves: 677 extname = "elliptic curves"; 678 break; 679 680 case TLSEXT_TYPE_ec_point_formats: 681 extname = "EC point formats"; 682 break; 683 684 case TLSEXT_TYPE_srp: 685 extname = "SRP"; 686 break; 687 688 case TLSEXT_TYPE_signature_algorithms: 689 extname = "signature algorithms"; 690 break; 691 692 case TLSEXT_TYPE_use_srtp: 693 extname = "use SRTP"; 694 break; 695 696 case TLSEXT_TYPE_heartbeat: 697 extname = "heartbeat"; 698 break; 699 700 case TLSEXT_TYPE_session_ticket: 701 extname = "session ticket"; 702 break; 703 704 case TLSEXT_TYPE_renegotiate: 705 extname = "renegotiation info"; 706 break; 707 708#ifdef TLSEXT_TYPE_opaque_prf_input 709 case TLSEXT_TYPE_opaque_prf_input: 710 extname = "opaque PRF input"; 711 break; 712#endif 713#ifdef TLSEXT_TYPE_next_proto_neg 714 case TLSEXT_TYPE_next_proto_neg: 715 extname = "next protocol"; 716 break; 717#endif 718 719 case TLSEXT_TYPE_padding: 720 extname = "TLS padding"; 721 break; 722 723 default: 724 extname = "unknown"; 725 break; 726 727 } 728 729 BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n", 730 client_server ? "server" : "client", extname, type, len); 731 BIO_dump(bio, (char *)data, len); 732 (void)BIO_flush(bio); 733} 734 735int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, 736 unsigned int *cookie_len) 737{ 738 unsigned char *buffer, result[EVP_MAX_MD_SIZE]; 739 unsigned int length, resultlength; 740 union { 741 struct sockaddr sa; 742 struct sockaddr_in s4; 743#if OPENSSL_USE_IPV6 744 struct sockaddr_in6 s6; 745#endif 746 } peer; 747 748 /* Initialize a random secret */ 749 if (!cookie_initialized) { 750 if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) { 751 BIO_printf(bio_err, "error setting random cookie secret\n"); 752 return 0; 753 } 754 cookie_initialized = 1; 755 } 756 757 /* Read peer information */ 758 (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); 759 760 /* Create buffer with peer's address and port */ 761 length = 0; 762 switch (peer.sa.sa_family) { 763 case AF_INET: 764 length += sizeof(struct in_addr); 765 length += sizeof(peer.s4.sin_port); 766 break; 767#if OPENSSL_USE_IPV6 768 case AF_INET6: 769 length += sizeof(struct in6_addr); 770 length += sizeof(peer.s6.sin6_port); 771 break; 772#endif 773 default: 774 OPENSSL_assert(0); 775 break; 776 } 777 buffer = OPENSSL_malloc(length); 778 779 if (buffer == NULL) { 780 BIO_printf(bio_err, "out of memory\n"); 781 return 0; 782 } 783 784 switch (peer.sa.sa_family) { 785 case AF_INET: 786 memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port)); 787 memcpy(buffer + sizeof(peer.s4.sin_port), 788 &peer.s4.sin_addr, sizeof(struct in_addr)); 789 break; 790#if OPENSSL_USE_IPV6 791 case AF_INET6: 792 memcpy(buffer, &peer.s6.sin6_port, sizeof(peer.s6.sin6_port)); 793 memcpy(buffer + sizeof(peer.s6.sin6_port), 794 &peer.s6.sin6_addr, sizeof(struct in6_addr)); 795 break; 796#endif 797 default: 798 OPENSSL_assert(0); 799 break; 800 } 801 802 /* Calculate HMAC of buffer using the secret */ 803 HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, 804 buffer, length, result, &resultlength); 805 OPENSSL_free(buffer); 806 807 memcpy(cookie, result, resultlength); 808 *cookie_len = resultlength; 809 810 return 1; 811} 812 813int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, 814 unsigned int cookie_len) 815{ 816 unsigned char *buffer, result[EVP_MAX_MD_SIZE]; 817 unsigned int length, resultlength; 818 union { 819 struct sockaddr sa; 820 struct sockaddr_in s4; 821#if OPENSSL_USE_IPV6 822 struct sockaddr_in6 s6; 823#endif 824 } peer; 825 826 /* If secret isn't initialized yet, the cookie can't be valid */ 827 if (!cookie_initialized) 828 return 0; 829 830 /* Read peer information */ 831 (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); 832 833 /* Create buffer with peer's address and port */ 834 length = 0; 835 switch (peer.sa.sa_family) { 836 case AF_INET: 837 length += sizeof(struct in_addr); 838 length += sizeof(peer.s4.sin_port); 839 break; 840#if OPENSSL_USE_IPV6 841 case AF_INET6: 842 length += sizeof(struct in6_addr); 843 length += sizeof(peer.s6.sin6_port); 844 break; 845#endif 846 default: 847 OPENSSL_assert(0); 848 break; 849 } 850 buffer = OPENSSL_malloc(length); 851 852 if (buffer == NULL) { 853 BIO_printf(bio_err, "out of memory\n"); 854 return 0; 855 } 856 857 switch (peer.sa.sa_family) { 858 case AF_INET: 859 memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port)); 860 memcpy(buffer + sizeof(peer.s4.sin_port), 861 &peer.s4.sin_addr, sizeof(struct in_addr)); 862 break; 863#if OPENSSL_USE_IPV6 864 case AF_INET6: 865 memcpy(buffer, &peer.s6.sin6_port, sizeof(peer.s6.sin6_port)); 866 memcpy(buffer + sizeof(peer.s6.sin6_port), 867 &peer.s6.sin6_addr, sizeof(struct in6_addr)); 868 break; 869#endif 870 default: 871 OPENSSL_assert(0); 872 break; 873 } 874 875 /* Calculate HMAC of buffer using the secret */ 876 HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, 877 buffer, length, result, &resultlength); 878 OPENSSL_free(buffer); 879 880 if (cookie_len == resultlength 881 && memcmp(result, cookie, resultlength) == 0) 882 return 1; 883 884 return 0; 885} 886