/* $OpenBSD: s_cb.c,v 1.8 2017/08/12 21:04:33 jsing Exp $ */

/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

 * All rights reserved.

 *

 * This package is an SSL implementation written

 * by Eric Young (eay@cryptsoft.com).

 * The implementation was written so as to conform with Netscapes SSL.

 *

 * This library is free for commercial and non-commercial use as long as

 * the following conditions are aheared to.  The following conditions

 * apply to all code found in this distribution, be it the RC4, RSA,

 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

 * included with this distribution is covered by the same copyright terms

 * except that the holder is Tim Hudson (tjh@cryptsoft.com).

 *

 * Copyright remains Eric Young's, and as such any Copyright notices in

 * the code are not to be removed.

 * If this package is used in a product, Eric Young should be given attribution

 * as the author of the parts of the library used.

 * This can be in the form of a textual message at program startup or

 * in documentation (online or textual) provided with the package.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 * 1. Redistributions of source code must retain the copyright

 *    notice, this list of conditions and the following disclaimer.

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in the

 *    documentation and/or other materials provided with the distribution.

 * 3. All advertising materials mentioning features or use of this software

 *    must display the following acknowledgement:

 *    "This product includes cryptographic software written by

 *     Eric Young (eay@cryptsoft.com)"

 *    The word 'cryptographic' can be left out if the rouines from the library

 *    being used are not cryptographic related :-).

 * 4. If you include any Windows specific code (or a derivative thereof) from

 *    the apps directory (application code) you must include an acknowledgement:

 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

 *

 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

 * SUCH DAMAGE.

 *

 * The licence and distribution terms for any publically available version or

 * derivative of this code cannot be changed.  i.e. this code cannot simply be

 * copied and put under another distribution licence

 * [including the GNU Public Licence.]

 */

/* ====================================================================

 * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 *

 * 1. Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 *

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in

 *    the documentation and/or other materials provided with the

 *    distribution.

 *

 * 3. All advertising materials mentioning features or use of this

 *    software must display the following acknowledgment:

 *    "This product includes software developed by the OpenSSL Project

 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

 *

 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

 *    endorse or promote products derived from this software without

 *    prior written permission. For written permission, please contact

 *    openssl-core@openssl.org.

 *

 * 5. Products derived from this software may not be called "OpenSSL"

 *    nor may "OpenSSL" appear in their names without prior written

 *    permission of the OpenSSL Project.

 *

 * 6. Redistributions of any form whatsoever must retain the following

 *    acknowledgment:

 *    "This product includes software developed by the OpenSSL Project

 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

 *

 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

 * OF THE POSSIBILITY OF SUCH DAMAGE.

 * ====================================================================

 *

 * This product includes cryptographic software written by Eric Young

 * (eay@cryptsoft.com).  This product includes software written by Tim

 * Hudson (tjh@cryptsoft.com).

 *

 */

#include <sys/socket.h>

#include <netinet/in.h>

#include <netdb.h>

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

#include "apps.h"

#include <openssl/err.h>

#include <openssl/ssl.h>

#include <openssl/x509.h>

#include "s_apps.h"

#define	COOKIE_SECRET_LENGTH	16

int verify_depth = 0;

int verify_return_error = 0;

unsigned char cookie_secret[COOKIE_SECRET_LENGTH];

int cookie_initialized = 0;

int

verify_callback(int ok, X509_STORE_CTX * ctx)

{

	X509 *err_cert;

	int err, depth;

		    0, XN_FLAG_ONELINE);

		} else {

			ok = 0;

		}

	}

	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:

		else

	case X509_V_ERR_CERT_NOT_YET_VALID:

	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:

		else

	case X509_V_ERR_CERT_HAS_EXPIRED:

	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:

		else

	case X509_V_ERR_NO_EXPLICIT_POLICY:

	}

}

int

set_cert_stuff(SSL_CTX * ctx, char *cert_file, char *key_file)

{

		/*

		SSL *ssl;

		X509 *x509;

		*/

			    "unable to get certificate from '%s'\n", cert_file);

		}

			    "unable to get private key from '%s'\n", key_file);

		}

		/*

		In theory this is no longer needed

		ssl=SSL_new(ctx);

		x509=SSL_get_certificate(ssl);

		if (x509 != NULL) {

			EVP_PKEY *pktmp;

			pktmp = X509_get_pubkey(x509);

			EVP_PKEY_copy_parameters(pktmp,

						SSL_get_privatekey(ssl));

			EVP_PKEY_free(pktmp);

		}

		SSL_free(ssl);

		*/

		/*

		 * If we are using DSA, we can copy the parameters from the

		 * private key

		 */

		/*

		 * Now we know that a key and cert have been set against the

		 * SSL context

		 */

			    "Private key does not match the certificate public key\n");

		}

	}

int

set_cert_key_stuff(SSL_CTX * ctx, X509 * cert, EVP_PKEY * key)

{

	}

	}

	/*

	 * Now we know that a key and cert have been set against the SSL

	 * context

	 */

		    "Private key does not match the certificate public key\n");

	}

int

ssl_print_tmp_key(BIO *out, SSL *s)

{

	const char *cname;

	EC_KEY *ec;

	int nid;

	case EVP_PKEY_DH:

	case EVP_PKEY_EC:

	default:

	}

long

bio_dump_callback(BIO * bio, int cmd, const char *argp,

    int argi, long argl, long ret)

{

	BIO *out;

		    "read from %p [%p] (%lu bytes => %ld (0x%lX))\n",

		    "write to %p [%p] (%lu bytes => %ld (0x%lX))\n",

	}

}

void

apps_ssl_info_callback(const SSL * s, int where, int ret)

{

	const char *str;

	int w;

	else

		str = "undefined";

		}

	}

}

void

msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL * ssl, void *arg)

{

	const char *str_write_p, *str_version, *str_content_type = "",

	    *str_details1 = "", *str_details2 = "";

	case SSL2_VERSION:

		str_version = "SSL 2.0";

	case SSL3_VERSION:

		str_version = "SSL 3.0 ";

	case TLS1_VERSION:

		str_version = "TLS 1.0 ";

	case TLS1_1_VERSION:

		str_version = "TLS 1.1 ";

	case TLS1_2_VERSION:

		str_version = "TLS 1.2 ";

	case DTLS1_VERSION:

		str_version = "DTLS 1.0 ";

	default:

		str_version = "???";

	}

		str_details1 = "???";

			case 0:

				str_details1 = ", ERROR:";

				str_details2 = " ???";

					case 0x0001:

						str_details2 = " NO-CIPHER-ERROR";

					case 0x0002:

						str_details2 = " NO-CERTIFICATE-ERROR";

					case 0x0004:

						str_details2 = " BAD-CERTIFICATE-ERROR";

					case 0x0006:

						str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR";

					}

				}

				break;

			case 1:

				str_details1 = ", CLIENT-HELLO";

			case 2:

				str_details1 = ", CLIENT-MASTER-KEY";

			case 3:

				str_details1 = ", CLIENT-FINISHED";

			case 4:

				str_details1 = ", SERVER-HELLO";

			case 5:

				str_details1 = ", SERVER-VERIFY";

			case 6:

				str_details1 = ", SERVER-FINISHED";

			case 7:

				str_details1 = ", REQUEST-CERTIFICATE";

			case 8:

				str_details1 = ", CLIENT-CERTIFICATE";

			}

		}

	}

		case 20:

			str_content_type = "ChangeCipherSpec";

		case 21:

			str_content_type = "Alert";

		case 22:

			str_content_type = "Handshake";

		}

			str_details1 = ", ???";

				case 1:

					str_details1 = ", warning";

				case 2:

					str_details1 = ", fatal";

				}

				str_details2 = " ???";

				case 0:

					str_details2 = " close_notify";

				case 10:

					str_details2 = " unexpected_message";

				case 20:

					str_details2 = " bad_record_mac";

				case 21:

					str_details2 = " decryption_failed";

				case 22:

					str_details2 = " record_overflow";

				case 30:

					str_details2 = " decompression_failure";

				case 40:

					str_details2 = " handshake_failure";

				case 42:

					str_details2 = " bad_certificate";

				case 43:

					str_details2 = " unsupported_certificate";

				case 44:

					str_details2 = " certificate_revoked";

				case 45:

					str_details2 = " certificate_expired";

				case 46:

					str_details2 = " certificate_unknown";

				case 47:

					str_details2 = " illegal_parameter";

				case 48:

					str_details2 = " unknown_ca";

				case 49:

					str_details2 = " access_denied";

				case 50:

					str_details2 = " decode_error";

				case 51:

					str_details2 = " decrypt_error";

				case 60:

					str_details2 = " export_restriction";

				case 70:

					str_details2 = " protocol_version";

				case 71:

					str_details2 = " insufficient_security";

				case 80:

					str_details2 = " internal_error";

				case 90:

					str_details2 = " user_canceled";

				case 100:

					str_details2 = " no_renegotiation";

				case 110:

					str_details2 = " unsupported_extension";

				case 111:

					str_details2 = " certificate_unobtainable";

				case 112:

					str_details2 = " unrecognized_name";

				case 113:

					str_details2 = " bad_certificate_status_response";

				case 114:

					str_details2 = " bad_certificate_hash_value";

				case 115:

					str_details2 = " unknown_psk_identity";

				}

			}

		}

			str_details1 = "???";

				case 0:

					str_details1 = ", HelloRequest";

				case 1:

					str_details1 = ", ClientHello";

				case 2:

					str_details1 = ", ServerHello";

				case 3:

					str_details1 = ", HelloVerifyRequest";

				case 11:

					str_details1 = ", Certificate";

				case 12:

					str_details1 = ", ServerKeyExchange";

				case 13:

					str_details1 = ", CertificateRequest";

				case 14:

					str_details1 = ", ServerHelloDone";

				case 15:

					str_details1 = ", CertificateVerify";

				case 16:

					str_details1 = ", ClientKeyExchange";

				case 20:

					str_details1 = ", Finished";

				}

			}

		}

	}

	    str_version, str_content_type, (unsigned long) len,

	    str_details1, str_details2);

		size_t num, i;

		num = len;

		}

	}

}

void

tlsext_cb(SSL * s, int client_server, int type, unsigned char *data, int len,

    void *arg)

{

	char *extname;

	case TLSEXT_TYPE_server_name:

		extname = "server name";

	case TLSEXT_TYPE_max_fragment_length:

		extname = "max fragment length";

	case TLSEXT_TYPE_client_certificate_url:

		extname = "client certificate URL";

	case TLSEXT_TYPE_trusted_ca_keys:

		extname = "trusted CA keys";

	case TLSEXT_TYPE_truncated_hmac:

		extname = "truncated HMAC";

	case TLSEXT_TYPE_status_request:

		extname = "status request";

	case TLSEXT_TYPE_user_mapping:

		extname = "user mapping";

	case TLSEXT_TYPE_client_authz:

		extname = "client authz";

	case TLSEXT_TYPE_server_authz:

		extname = "server authz";

	case TLSEXT_TYPE_cert_type:

		extname = "cert type";

	case TLSEXT_TYPE_elliptic_curves:

		extname = "elliptic curves";

	case TLSEXT_TYPE_ec_point_formats:

		extname = "EC point formats";

	case TLSEXT_TYPE_srp:

		extname = "SRP";

	case TLSEXT_TYPE_signature_algorithms:

		extname = "signature algorithms";

	case TLSEXT_TYPE_use_srtp:

		extname = "use SRTP";

	case TLSEXT_TYPE_heartbeat:

		extname = "heartbeat";

	case TLSEXT_TYPE_session_ticket:

		extname = "session ticket";

	case TLSEXT_TYPE_renegotiate:

		extname = "renegotiation info";

	default:

		extname = "unknown";

	}

}

int

generate_cookie_callback(SSL * ssl, unsigned char *cookie,

    unsigned int *cookie_len)

{

		struct sockaddr sa;

		struct sockaddr_in s4;

		struct sockaddr_in6 s6;

	} peer;

	/* Initialize a random secret */

	}

	/* Read peer information */

	/* Create buffer with peer's address and port */

	length = 0;

	case AF_INET:

		length += sizeof(struct in_addr);

		length += sizeof(peer.s4.sin_port);

	case AF_INET6:

		length += sizeof(struct in6_addr);

		length += sizeof(peer.s6.sin6_port);

	default:

	}

	}

	case AF_INET:

	case AF_INET6:

	default:

	}

	/* Calculate HMAC of buffer using the secret */

}

int

verify_cookie_callback(SSL * ssl, unsigned char *cookie, unsigned int cookie_len)

{

		struct sockaddr sa;

		struct sockaddr_in s4;

		struct sockaddr_in6 s6;

	} peer;

	/* If secret isn't initialized yet, the cookie can't be valid */

	/* Read peer information */

	/* Create buffer with peer's address and port */

	length = 0;

	case AF_INET:

		length += sizeof(struct in_addr);

		length += sizeof(peer.s4.sin_port);

	case AF_INET6:

		length += sizeof(struct in6_addr);

		length += sizeof(peer.s6.sin6_port);

	default:

	}

	}

	case AF_INET:

	case AF_INET6:

	default:

	}

	/* Calculate HMAC of buffer using the secret */

}