s_cb.c revision 296341
1/* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58/* ==================================================================== 59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 60 * 61 * Redistribution and use in source and binary forms, with or without 62 * modification, are permitted provided that the following conditions 63 * are met: 64 * 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 68 * 2. Redistributions in binary form must reproduce the above copyright 69 * notice, this list of conditions and the following disclaimer in 70 * the documentation and/or other materials provided with the 71 * distribution. 72 * 73 * 3. All advertising materials mentioning features or use of this 74 * software must display the following acknowledgment: 75 * "This product includes software developed by the OpenSSL Project 76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77 * 78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79 * endorse or promote products derived from this software without 80 * prior written permission. For written permission, please contact 81 * openssl-core@openssl.org. 82 * 83 * 5. Products derived from this software may not be called "OpenSSL" 84 * nor may "OpenSSL" appear in their names without prior written 85 * permission of the OpenSSL Project. 86 * 87 * 6. Redistributions of any form whatsoever must retain the following 88 * acknowledgment: 89 * "This product includes software developed by the OpenSSL Project 90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91 * 92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103 * OF THE POSSIBILITY OF SUCH DAMAGE. 104 * ==================================================================== 105 * 106 * This product includes cryptographic software written by Eric Young 107 * (eay@cryptsoft.com). This product includes software written by Tim 108 * Hudson (tjh@cryptsoft.com). 109 * 110 */ 111 112#include <stdio.h> 113#include <stdlib.h> 114#include <string.h> /* for memcpy() */ 115#define USE_SOCKETS 116#define NON_MAIN 117#include "apps.h" 118#undef NON_MAIN 119#undef USE_SOCKETS 120#include <openssl/err.h> 121#include <openssl/rand.h> 122#include <openssl/x509.h> 123#include <openssl/ssl.h> 124#include "s_apps.h" 125 126#define COOKIE_SECRET_LENGTH 16 127 128int verify_depth = 0; 129int verify_error = X509_V_OK; 130int verify_return_error = 0; 131unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; 132int cookie_initialized = 0; 133 134int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) 135{ 136 X509 *err_cert; 137 int err, depth; 138 139 err_cert = X509_STORE_CTX_get_current_cert(ctx); 140 err = X509_STORE_CTX_get_error(ctx); 141 depth = X509_STORE_CTX_get_error_depth(ctx); 142 143 BIO_printf(bio_err, "depth=%d ", depth); 144 if (err_cert) { 145 X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert), 146 0, XN_FLAG_ONELINE); 147 BIO_puts(bio_err, "\n"); 148 } else 149 BIO_puts(bio_err, "<no cert>\n"); 150 if (!ok) { 151 BIO_printf(bio_err, "verify error:num=%d:%s\n", err, 152 X509_verify_cert_error_string(err)); 153 if (verify_depth >= depth) { 154 if (!verify_return_error) 155 ok = 1; 156 verify_error = X509_V_OK; 157 } else { 158 ok = 0; 159 verify_error = X509_V_ERR_CERT_CHAIN_TOO_LONG; 160 } 161 } 162 switch (err) { 163 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 164 BIO_puts(bio_err, "issuer= "); 165 X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), 166 0, XN_FLAG_ONELINE); 167 BIO_puts(bio_err, "\n"); 168 break; 169 case X509_V_ERR_CERT_NOT_YET_VALID: 170 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: 171 BIO_printf(bio_err, "notBefore="); 172 ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert)); 173 BIO_printf(bio_err, "\n"); 174 break; 175 case X509_V_ERR_CERT_HAS_EXPIRED: 176 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: 177 BIO_printf(bio_err, "notAfter="); 178 ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert)); 179 BIO_printf(bio_err, "\n"); 180 break; 181 case X509_V_ERR_NO_EXPLICIT_POLICY: 182 policies_print(bio_err, ctx); 183 break; 184 } 185 if (err == X509_V_OK && ok == 2) 186 policies_print(bio_err, ctx); 187 188 BIO_printf(bio_err, "verify return:%d\n", ok); 189 return (ok); 190} 191 192int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) 193{ 194 if (cert_file != NULL) { 195 /*- 196 SSL *ssl; 197 X509 *x509; 198 */ 199 200 if (SSL_CTX_use_certificate_file(ctx, cert_file, 201 SSL_FILETYPE_PEM) <= 0) { 202 BIO_printf(bio_err, "unable to get certificate from '%s'\n", 203 cert_file); 204 ERR_print_errors(bio_err); 205 return (0); 206 } 207 if (key_file == NULL) 208 key_file = cert_file; 209 if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) { 210 BIO_printf(bio_err, "unable to get private key from '%s'\n", 211 key_file); 212 ERR_print_errors(bio_err); 213 return (0); 214 } 215 216 /*- 217 In theory this is no longer needed 218 ssl=SSL_new(ctx); 219 x509=SSL_get_certificate(ssl); 220 221 if (x509 != NULL) { 222 EVP_PKEY *pktmp; 223 pktmp = X509_get_pubkey(x509); 224 EVP_PKEY_copy_parameters(pktmp, 225 SSL_get_privatekey(ssl)); 226 EVP_PKEY_free(pktmp); 227 } 228 SSL_free(ssl); 229 */ 230 231 /* 232 * If we are using DSA, we can copy the parameters from the private 233 * key 234 */ 235 236 /* 237 * Now we know that a key and cert have been set against the SSL 238 * context 239 */ 240 if (!SSL_CTX_check_private_key(ctx)) { 241 BIO_printf(bio_err, 242 "Private key does not match the certificate public key\n"); 243 return (0); 244 } 245 } 246 return (1); 247} 248 249int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key) 250{ 251 if (cert == NULL) 252 return 1; 253 if (SSL_CTX_use_certificate(ctx, cert) <= 0) { 254 BIO_printf(bio_err, "error setting certificate\n"); 255 ERR_print_errors(bio_err); 256 return 0; 257 } 258 if (SSL_CTX_use_PrivateKey(ctx, key) <= 0) { 259 BIO_printf(bio_err, "error setting private key\n"); 260 ERR_print_errors(bio_err); 261 return 0; 262 } 263 264 /* 265 * Now we know that a key and cert have been set against the SSL context 266 */ 267 if (!SSL_CTX_check_private_key(ctx)) { 268 BIO_printf(bio_err, 269 "Private key does not match the certificate public key\n"); 270 return 0; 271 } 272 return 1; 273} 274 275long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, 276 int argi, long argl, long ret) 277{ 278 BIO *out; 279 280 out = (BIO *)BIO_get_callback_arg(bio); 281 if (out == NULL) 282 return (ret); 283 284 if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) { 285 BIO_printf(out, "read from %p [%p] (%lu bytes => %ld (0x%lX))\n", 286 (void *)bio, argp, (unsigned long)argi, ret, ret); 287 BIO_dump(out, argp, (int)ret); 288 return (ret); 289 } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) { 290 BIO_printf(out, "write to %p [%p] (%lu bytes => %ld (0x%lX))\n", 291 (void *)bio, argp, (unsigned long)argi, ret, ret); 292 BIO_dump(out, argp, (int)ret); 293 } 294 return (ret); 295} 296 297void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret) 298{ 299 const char *str; 300 int w; 301 302 w = where & ~SSL_ST_MASK; 303 304 if (w & SSL_ST_CONNECT) 305 str = "SSL_connect"; 306 else if (w & SSL_ST_ACCEPT) 307 str = "SSL_accept"; 308 else 309 str = "undefined"; 310 311 if (where & SSL_CB_LOOP) { 312 BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s)); 313 } else if (where & SSL_CB_ALERT) { 314 str = (where & SSL_CB_READ) ? "read" : "write"; 315 BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n", 316 str, 317 SSL_alert_type_string_long(ret), 318 SSL_alert_desc_string_long(ret)); 319 } else if (where & SSL_CB_EXIT) { 320 if (ret == 0) 321 BIO_printf(bio_err, "%s:failed in %s\n", 322 str, SSL_state_string_long(s)); 323 else if (ret < 0) { 324 BIO_printf(bio_err, "%s:error in %s\n", 325 str, SSL_state_string_long(s)); 326 } 327 } 328} 329 330void MS_CALLBACK msg_cb(int write_p, int version, int content_type, 331 const void *buf, size_t len, SSL *ssl, void *arg) 332{ 333 BIO *bio = arg; 334 const char *str_write_p, *str_version, *str_content_type = 335 "", *str_details1 = "", *str_details2 = ""; 336 337 str_write_p = write_p ? ">>>" : "<<<"; 338 339 switch (version) { 340 case SSL2_VERSION: 341 str_version = "SSL 2.0"; 342 break; 343 case SSL3_VERSION: 344 str_version = "SSL 3.0 "; 345 break; 346 case TLS1_VERSION: 347 str_version = "TLS 1.0 "; 348 break; 349 case TLS1_1_VERSION: 350 str_version = "TLS 1.1 "; 351 break; 352 case TLS1_2_VERSION: 353 str_version = "TLS 1.2 "; 354 break; 355 case DTLS1_VERSION: 356 str_version = "DTLS 1.0 "; 357 break; 358 case DTLS1_BAD_VER: 359 str_version = "DTLS 1.0 (bad) "; 360 break; 361 default: 362 str_version = "???"; 363 } 364 365 if (version == SSL2_VERSION) { 366 str_details1 = "???"; 367 368 if (len > 0) { 369 switch (((const unsigned char *)buf)[0]) { 370 case 0: 371 str_details1 = ", ERROR:"; 372 str_details2 = " ???"; 373 if (len >= 3) { 374 unsigned err = 375 (((const unsigned char *)buf)[1] << 8) + 376 ((const unsigned char *)buf)[2]; 377 378 switch (err) { 379 case 0x0001: 380 str_details2 = " NO-CIPHER-ERROR"; 381 break; 382 case 0x0002: 383 str_details2 = " NO-CERTIFICATE-ERROR"; 384 break; 385 case 0x0004: 386 str_details2 = " BAD-CERTIFICATE-ERROR"; 387 break; 388 case 0x0006: 389 str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR"; 390 break; 391 } 392 } 393 394 break; 395 case 1: 396 str_details1 = ", CLIENT-HELLO"; 397 break; 398 case 2: 399 str_details1 = ", CLIENT-MASTER-KEY"; 400 break; 401 case 3: 402 str_details1 = ", CLIENT-FINISHED"; 403 break; 404 case 4: 405 str_details1 = ", SERVER-HELLO"; 406 break; 407 case 5: 408 str_details1 = ", SERVER-VERIFY"; 409 break; 410 case 6: 411 str_details1 = ", SERVER-FINISHED"; 412 break; 413 case 7: 414 str_details1 = ", REQUEST-CERTIFICATE"; 415 break; 416 case 8: 417 str_details1 = ", CLIENT-CERTIFICATE"; 418 break; 419 } 420 } 421 } 422 423 if (version == SSL3_VERSION || 424 version == TLS1_VERSION || 425 version == TLS1_1_VERSION || 426 version == TLS1_2_VERSION || 427 version == DTLS1_VERSION || version == DTLS1_BAD_VER) { 428 switch (content_type) { 429 case 20: 430 str_content_type = "ChangeCipherSpec"; 431 break; 432 case 21: 433 str_content_type = "Alert"; 434 break; 435 case 22: 436 str_content_type = "Handshake"; 437 break; 438 } 439 440 if (content_type == 21) { /* Alert */ 441 str_details1 = ", ???"; 442 443 if (len == 2) { 444 switch (((const unsigned char *)buf)[0]) { 445 case 1: 446 str_details1 = ", warning"; 447 break; 448 case 2: 449 str_details1 = ", fatal"; 450 break; 451 } 452 453 str_details2 = " ???"; 454 switch (((const unsigned char *)buf)[1]) { 455 case 0: 456 str_details2 = " close_notify"; 457 break; 458 case 10: 459 str_details2 = " unexpected_message"; 460 break; 461 case 20: 462 str_details2 = " bad_record_mac"; 463 break; 464 case 21: 465 str_details2 = " decryption_failed"; 466 break; 467 case 22: 468 str_details2 = " record_overflow"; 469 break; 470 case 30: 471 str_details2 = " decompression_failure"; 472 break; 473 case 40: 474 str_details2 = " handshake_failure"; 475 break; 476 case 42: 477 str_details2 = " bad_certificate"; 478 break; 479 case 43: 480 str_details2 = " unsupported_certificate"; 481 break; 482 case 44: 483 str_details2 = " certificate_revoked"; 484 break; 485 case 45: 486 str_details2 = " certificate_expired"; 487 break; 488 case 46: 489 str_details2 = " certificate_unknown"; 490 break; 491 case 47: 492 str_details2 = " illegal_parameter"; 493 break; 494 case 48: 495 str_details2 = " unknown_ca"; 496 break; 497 case 49: 498 str_details2 = " access_denied"; 499 break; 500 case 50: 501 str_details2 = " decode_error"; 502 break; 503 case 51: 504 str_details2 = " decrypt_error"; 505 break; 506 case 60: 507 str_details2 = " export_restriction"; 508 break; 509 case 70: 510 str_details2 = " protocol_version"; 511 break; 512 case 71: 513 str_details2 = " insufficient_security"; 514 break; 515 case 80: 516 str_details2 = " internal_error"; 517 break; 518 case 90: 519 str_details2 = " user_canceled"; 520 break; 521 case 100: 522 str_details2 = " no_renegotiation"; 523 break; 524 case 110: 525 str_details2 = " unsupported_extension"; 526 break; 527 case 111: 528 str_details2 = " certificate_unobtainable"; 529 break; 530 case 112: 531 str_details2 = " unrecognized_name"; 532 break; 533 case 113: 534 str_details2 = " bad_certificate_status_response"; 535 break; 536 case 114: 537 str_details2 = " bad_certificate_hash_value"; 538 break; 539 case 115: 540 str_details2 = " unknown_psk_identity"; 541 break; 542 } 543 } 544 } 545 546 if (content_type == 22) { /* Handshake */ 547 str_details1 = "???"; 548 549 if (len > 0) { 550 switch (((const unsigned char *)buf)[0]) { 551 case 0: 552 str_details1 = ", HelloRequest"; 553 break; 554 case 1: 555 str_details1 = ", ClientHello"; 556 break; 557 case 2: 558 str_details1 = ", ServerHello"; 559 break; 560 case 3: 561 str_details1 = ", HelloVerifyRequest"; 562 break; 563 case 11: 564 str_details1 = ", Certificate"; 565 break; 566 case 12: 567 str_details1 = ", ServerKeyExchange"; 568 break; 569 case 13: 570 str_details1 = ", CertificateRequest"; 571 break; 572 case 14: 573 str_details1 = ", ServerHelloDone"; 574 break; 575 case 15: 576 str_details1 = ", CertificateVerify"; 577 break; 578 case 16: 579 str_details1 = ", ClientKeyExchange"; 580 break; 581 case 20: 582 str_details1 = ", Finished"; 583 break; 584 } 585 } 586 } 587#ifndef OPENSSL_NO_HEARTBEATS 588 if (content_type == 24) { /* Heartbeat */ 589 str_details1 = ", Heartbeat"; 590 591 if (len > 0) { 592 switch (((const unsigned char *)buf)[0]) { 593 case 1: 594 str_details1 = ", HeartbeatRequest"; 595 break; 596 case 2: 597 str_details1 = ", HeartbeatResponse"; 598 break; 599 } 600 } 601 } 602#endif 603 } 604 605 BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, 606 str_content_type, (unsigned long)len, str_details1, 607 str_details2); 608 609 if (len > 0) { 610 size_t num, i; 611 612 BIO_printf(bio, " "); 613 num = len; 614#if 0 615 if (num > 16) 616 num = 16; 617#endif 618 for (i = 0; i < num; i++) { 619 if (i % 16 == 0 && i > 0) 620 BIO_printf(bio, "\n "); 621 BIO_printf(bio, " %02x", ((const unsigned char *)buf)[i]); 622 } 623 if (i < len) 624 BIO_printf(bio, " ..."); 625 BIO_printf(bio, "\n"); 626 } 627 (void)BIO_flush(bio); 628} 629 630void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type, 631 unsigned char *data, int len, void *arg) 632{ 633 BIO *bio = arg; 634 char *extname; 635 636 switch (type) { 637 case TLSEXT_TYPE_server_name: 638 extname = "server name"; 639 break; 640 641 case TLSEXT_TYPE_max_fragment_length: 642 extname = "max fragment length"; 643 break; 644 645 case TLSEXT_TYPE_client_certificate_url: 646 extname = "client certificate URL"; 647 break; 648 649 case TLSEXT_TYPE_trusted_ca_keys: 650 extname = "trusted CA keys"; 651 break; 652 653 case TLSEXT_TYPE_truncated_hmac: 654 extname = "truncated HMAC"; 655 break; 656 657 case TLSEXT_TYPE_status_request: 658 extname = "status request"; 659 break; 660 661 case TLSEXT_TYPE_user_mapping: 662 extname = "user mapping"; 663 break; 664 665 case TLSEXT_TYPE_client_authz: 666 extname = "client authz"; 667 break; 668 669 case TLSEXT_TYPE_server_authz: 670 extname = "server authz"; 671 break; 672 673 case TLSEXT_TYPE_cert_type: 674 extname = "cert type"; 675 break; 676 677 case TLSEXT_TYPE_elliptic_curves: 678 extname = "elliptic curves"; 679 break; 680 681 case TLSEXT_TYPE_ec_point_formats: 682 extname = "EC point formats"; 683 break; 684 685 case TLSEXT_TYPE_srp: 686 extname = "SRP"; 687 break; 688 689 case TLSEXT_TYPE_signature_algorithms: 690 extname = "signature algorithms"; 691 break; 692 693 case TLSEXT_TYPE_use_srtp: 694 extname = "use SRTP"; 695 break; 696 697 case TLSEXT_TYPE_heartbeat: 698 extname = "heartbeat"; 699 break; 700 701 case TLSEXT_TYPE_session_ticket: 702 extname = "session ticket"; 703 break; 704 705 case TLSEXT_TYPE_renegotiate: 706 extname = "renegotiation info"; 707 break; 708 709#ifdef TLSEXT_TYPE_opaque_prf_input 710 case TLSEXT_TYPE_opaque_prf_input: 711 extname = "opaque PRF input"; 712 break; 713#endif 714#ifdef TLSEXT_TYPE_next_proto_neg 715 case TLSEXT_TYPE_next_proto_neg: 716 extname = "next protocol"; 717 break; 718#endif 719 720 case TLSEXT_TYPE_padding: 721 extname = "TLS padding"; 722 break; 723 724 default: 725 extname = "unknown"; 726 break; 727 728 } 729 730 BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n", 731 client_server ? "server" : "client", extname, type, len); 732 BIO_dump(bio, (char *)data, len); 733 (void)BIO_flush(bio); 734} 735 736int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, 737 unsigned int *cookie_len) 738{ 739 unsigned char *buffer, result[EVP_MAX_MD_SIZE]; 740 unsigned int length, resultlength; 741 union { 742 struct sockaddr sa; 743 struct sockaddr_in s4; 744#if OPENSSL_USE_IPV6 745 struct sockaddr_in6 s6; 746#endif 747 } peer; 748 749 /* Initialize a random secret */ 750 if (!cookie_initialized) { 751 if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) { 752 BIO_printf(bio_err, "error setting random cookie secret\n"); 753 return 0; 754 } 755 cookie_initialized = 1; 756 } 757 758 /* Read peer information */ 759 (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); 760 761 /* Create buffer with peer's address and port */ 762 length = 0; 763 switch (peer.sa.sa_family) { 764 case AF_INET: 765 length += sizeof(struct in_addr); 766 length += sizeof(peer.s4.sin_port); 767 break; 768#if OPENSSL_USE_IPV6 769 case AF_INET6: 770 length += sizeof(struct in6_addr); 771 length += sizeof(peer.s6.sin6_port); 772 break; 773#endif 774 default: 775 OPENSSL_assert(0); 776 break; 777 } 778 buffer = OPENSSL_malloc(length); 779 780 if (buffer == NULL) { 781 BIO_printf(bio_err, "out of memory\n"); 782 return 0; 783 } 784 785 switch (peer.sa.sa_family) { 786 case AF_INET: 787 memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port)); 788 memcpy(buffer + sizeof(peer.s4.sin_port), 789 &peer.s4.sin_addr, sizeof(struct in_addr)); 790 break; 791#if OPENSSL_USE_IPV6 792 case AF_INET6: 793 memcpy(buffer, &peer.s6.sin6_port, sizeof(peer.s6.sin6_port)); 794 memcpy(buffer + sizeof(peer.s6.sin6_port), 795 &peer.s6.sin6_addr, sizeof(struct in6_addr)); 796 break; 797#endif 798 default: 799 OPENSSL_assert(0); 800 break; 801 } 802 803 /* Calculate HMAC of buffer using the secret */ 804 HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, 805 buffer, length, result, &resultlength); 806 OPENSSL_free(buffer); 807 808 memcpy(cookie, result, resultlength); 809 *cookie_len = resultlength; 810 811 return 1; 812} 813 814int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, 815 unsigned int cookie_len) 816{ 817 unsigned char *buffer, result[EVP_MAX_MD_SIZE]; 818 unsigned int length, resultlength; 819 union { 820 struct sockaddr sa; 821 struct sockaddr_in s4; 822#if OPENSSL_USE_IPV6 823 struct sockaddr_in6 s6; 824#endif 825 } peer; 826 827 /* If secret isn't initialized yet, the cookie can't be valid */ 828 if (!cookie_initialized) 829 return 0; 830 831 /* Read peer information */ 832 (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); 833 834 /* Create buffer with peer's address and port */ 835 length = 0; 836 switch (peer.sa.sa_family) { 837 case AF_INET: 838 length += sizeof(struct in_addr); 839 length += sizeof(peer.s4.sin_port); 840 break; 841#if OPENSSL_USE_IPV6 842 case AF_INET6: 843 length += sizeof(struct in6_addr); 844 length += sizeof(peer.s6.sin6_port); 845 break; 846#endif 847 default: 848 OPENSSL_assert(0); 849 break; 850 } 851 buffer = OPENSSL_malloc(length); 852 853 if (buffer == NULL) { 854 BIO_printf(bio_err, "out of memory\n"); 855 return 0; 856 } 857 858 switch (peer.sa.sa_family) { 859 case AF_INET: 860 memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port)); 861 memcpy(buffer + sizeof(peer.s4.sin_port), 862 &peer.s4.sin_addr, sizeof(struct in_addr)); 863 break; 864#if OPENSSL_USE_IPV6 865 case AF_INET6: 866 memcpy(buffer, &peer.s6.sin6_port, sizeof(peer.s6.sin6_port)); 867 memcpy(buffer + sizeof(peer.s6.sin6_port), 868 &peer.s6.sin6_addr, sizeof(struct in6_addr)); 869 break; 870#endif 871 default: 872 OPENSSL_assert(0); 873 break; 874 } 875 876 /* Calculate HMAC of buffer using the secret */ 877 HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, 878 buffer, length, result, &resultlength); 879 OPENSSL_free(buffer); 880 881 if (cookie_len == resultlength 882 && memcmp(result, cookie, resultlength) == 0) 883 return 1; 884 885 return 0; 886} 887