GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: usr.bin/openssl/s_cb.c Lines: 37 311 11.9 %
Date: 2017-11-13 Branches: 12 206 5.8 %

Line Branch Exec Source
1
/* $OpenBSD: s_cb.c,v 1.8 2017/08/12 21:04:33 jsing Exp $ */
2
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3
 * All rights reserved.
4
 *
5
 * This package is an SSL implementation written
6
 * by Eric Young (eay@cryptsoft.com).
7
 * The implementation was written so as to conform with Netscapes SSL.
8
 *
9
 * This library is free for commercial and non-commercial use as long as
10
 * the following conditions are aheared to.  The following conditions
11
 * apply to all code found in this distribution, be it the RC4, RSA,
12
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13
 * included with this distribution is covered by the same copyright terms
14
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15
 *
16
 * Copyright remains Eric Young's, and as such any Copyright notices in
17
 * the code are not to be removed.
18
 * If this package is used in a product, Eric Young should be given attribution
19
 * as the author of the parts of the library used.
20
 * This can be in the form of a textual message at program startup or
21
 * in documentation (online or textual) provided with the package.
22
 *
23
 * Redistribution and use in source and binary forms, with or without
24
 * modification, are permitted provided that the following conditions
25
 * are met:
26
 * 1. Redistributions of source code must retain the copyright
27
 *    notice, this list of conditions and the following disclaimer.
28
 * 2. Redistributions in binary form must reproduce the above copyright
29
 *    notice, this list of conditions and the following disclaimer in the
30
 *    documentation and/or other materials provided with the distribution.
31
 * 3. All advertising materials mentioning features or use of this software
32
 *    must display the following acknowledgement:
33
 *    "This product includes cryptographic software written by
34
 *     Eric Young (eay@cryptsoft.com)"
35
 *    The word 'cryptographic' can be left out if the rouines from the library
36
 *    being used are not cryptographic related :-).
37
 * 4. If you include any Windows specific code (or a derivative thereof) from
38
 *    the apps directory (application code) you must include an acknowledgement:
39
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40
 *
41
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51
 * SUCH DAMAGE.
52
 *
53
 * The licence and distribution terms for any publically available version or
54
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
55
 * copied and put under another distribution licence
56
 * [including the GNU Public Licence.]
57
 */
58
/* ====================================================================
59
 * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
60
 *
61
 * Redistribution and use in source and binary forms, with or without
62
 * modification, are permitted provided that the following conditions
63
 * are met:
64
 *
65
 * 1. Redistributions of source code must retain the above copyright
66
 *    notice, this list of conditions and the following disclaimer.
67
 *
68
 * 2. Redistributions in binary form must reproduce the above copyright
69
 *    notice, this list of conditions and the following disclaimer in
70
 *    the documentation and/or other materials provided with the
71
 *    distribution.
72
 *
73
 * 3. All advertising materials mentioning features or use of this
74
 *    software must display the following acknowledgment:
75
 *    "This product includes software developed by the OpenSSL Project
76
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77
 *
78
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79
 *    endorse or promote products derived from this software without
80
 *    prior written permission. For written permission, please contact
81
 *    openssl-core@openssl.org.
82
 *
83
 * 5. Products derived from this software may not be called "OpenSSL"
84
 *    nor may "OpenSSL" appear in their names without prior written
85
 *    permission of the OpenSSL Project.
86
 *
87
 * 6. Redistributions of any form whatsoever must retain the following
88
 *    acknowledgment:
89
 *    "This product includes software developed by the OpenSSL Project
90
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91
 *
92
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103
 * OF THE POSSIBILITY OF SUCH DAMAGE.
104
 * ====================================================================
105
 *
106
 * This product includes cryptographic software written by Eric Young
107
 * (eay@cryptsoft.com).  This product includes software written by Tim
108
 * Hudson (tjh@cryptsoft.com).
109
 *
110
 */
111
112
#include <sys/socket.h>
113
114
#include <netinet/in.h>
115
116
#include <netdb.h>
117
#include <stdio.h>
118
#include <stdlib.h>
119
#include <string.h>
120
121
#include "apps.h"
122
123
#include <openssl/err.h>
124
#include <openssl/ssl.h>
125
#include <openssl/x509.h>
126
127
#include "s_apps.h"
128
129
#define	COOKIE_SECRET_LENGTH	16
130
131
int verify_depth = 0;
132
int verify_return_error = 0;
133
unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
134
int cookie_initialized = 0;
135
136
int
137
verify_callback(int ok, X509_STORE_CTX * ctx)
138
{
139
	X509 *err_cert;
140
	int err, depth;
141
142
16
	err_cert = X509_STORE_CTX_get_current_cert(ctx);
143
8
	err = X509_STORE_CTX_get_error(ctx);
144
8
	depth = X509_STORE_CTX_get_error_depth(ctx);
145
146
8
	BIO_printf(bio_err, "depth=%d ", depth);
147
8
	if (err_cert) {
148
8
		X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
149
		    0, XN_FLAG_ONELINE);
150
8
		BIO_puts(bio_err, "\n");
151
8
	} else
152
		BIO_puts(bio_err, "<no cert>\n");
153
8
	if (!ok) {
154
16
		BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
155
8
		    X509_verify_cert_error_string(err));
156
8
		if (verify_depth >= depth) {
157
4
			if (!verify_return_error)
158
4
				ok = 1;
159
		} else {
160
			ok = 0;
161
		}
162
	}
163

8
	switch (err) {
164
	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
165
		BIO_puts(bio_err, "issuer= ");
166
		if (err_cert == NULL)
167
			BIO_puts(bio_err, "<error getting cert>");
168
		else
169
			X509_NAME_print_ex(bio_err,
170
			    X509_get_issuer_name(err_cert), 0, XN_FLAG_ONELINE);
171
		BIO_puts(bio_err, "\n");
172
		break;
173
	case X509_V_ERR_CERT_NOT_YET_VALID:
174
	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
175
		BIO_printf(bio_err, "notBefore=");
176
		if (err_cert == NULL)
177
			BIO_printf(bio_err, " <error getting cert>");
178
		else
179
			ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert));
180
		BIO_printf(bio_err, "\n");
181
		break;
182
	case X509_V_ERR_CERT_HAS_EXPIRED:
183
	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
184
		BIO_printf(bio_err, "notAfter=");
185
		if (err_cert == NULL)
186
			BIO_printf(bio_err, " <error getting cert>");
187
		else
188
			ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert));
189
		BIO_printf(bio_err, "\n");
190
		break;
191
	case X509_V_ERR_NO_EXPLICIT_POLICY:
192
		policies_print(bio_err, ctx);
193
		break;
194
	}
195
8
	if (err == X509_V_OK && ok == 2)
196
		policies_print(bio_err, ctx);
197
198
8
	BIO_printf(bio_err, "verify return:%d\n", ok);
199
8
	return (ok);
200
}
201
202
int
203
set_cert_stuff(SSL_CTX * ctx, char *cert_file, char *key_file)
204
{
205
8
	if (cert_file != NULL) {
206
		/*
207
		SSL *ssl;
208
		X509 *x509;
209
		*/
210
211
		if (SSL_CTX_use_certificate_file(ctx, cert_file,
212
		    SSL_FILETYPE_PEM) <= 0) {
213
			BIO_printf(bio_err,
214
			    "unable to get certificate from '%s'\n", cert_file);
215
			ERR_print_errors(bio_err);
216
			return (0);
217
		}
218
		if (key_file == NULL)
219
			key_file = cert_file;
220
		if (SSL_CTX_use_PrivateKey_file(ctx, key_file,
221
		    SSL_FILETYPE_PEM) <= 0) {
222
			BIO_printf(bio_err,
223
			    "unable to get private key from '%s'\n", key_file);
224
			ERR_print_errors(bio_err);
225
			return (0);
226
		}
227
		/*
228
		In theory this is no longer needed
229
		ssl=SSL_new(ctx);
230
		x509=SSL_get_certificate(ssl);
231
232
		if (x509 != NULL) {
233
			EVP_PKEY *pktmp;
234
			pktmp = X509_get_pubkey(x509);
235
			EVP_PKEY_copy_parameters(pktmp,
236
						SSL_get_privatekey(ssl));
237
			EVP_PKEY_free(pktmp);
238
		}
239
		SSL_free(ssl);
240
		*/
241
242
		/*
243
		 * If we are using DSA, we can copy the parameters from the
244
		 * private key
245
		 */
246
247
248
		/*
249
		 * Now we know that a key and cert have been set against the
250
		 * SSL context
251
		 */
252
		if (!SSL_CTX_check_private_key(ctx)) {
253
			BIO_printf(bio_err,
254
			    "Private key does not match the certificate public key\n");
255
			return (0);
256
		}
257
	}
258
4
	return (1);
259
4
}
260
261
int
262
set_cert_key_stuff(SSL_CTX * ctx, X509 * cert, EVP_PKEY * key)
263
{
264
8
	if (cert == NULL)
265
4
		return 1;
266
	if (SSL_CTX_use_certificate(ctx, cert) <= 0) {
267
		BIO_printf(bio_err, "error setting certificate\n");
268
		ERR_print_errors(bio_err);
269
		return 0;
270
	}
271
	if (SSL_CTX_use_PrivateKey(ctx, key) <= 0) {
272
		BIO_printf(bio_err, "error setting private key\n");
273
		ERR_print_errors(bio_err);
274
		return 0;
275
	}
276
	/*
277
	 * Now we know that a key and cert have been set against the SSL
278
	 * context
279
	 */
280
	if (!SSL_CTX_check_private_key(ctx)) {
281
		BIO_printf(bio_err,
282
		    "Private key does not match the certificate public key\n");
283
		return 0;
284
	}
285
	return 1;
286
4
}
287
288
int
289
ssl_print_tmp_key(BIO *out, SSL *s)
290
{
291
	const char *cname;
292
16
	EVP_PKEY *pkey;
293
	EC_KEY *ec;
294
	int nid;
295
296
8
	if (!SSL_get_server_tmp_key(s, &pkey))
297
		return 0;
298
299
8
	BIO_puts(out, "Server Temp Key: ");
300
8
	switch (EVP_PKEY_id(pkey)) {
301
	case EVP_PKEY_DH:
302
		BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(pkey));
303
		break;
304
305
	case EVP_PKEY_EC:
306
8
		ec = EVP_PKEY_get1_EC_KEY(pkey);
307
8
		nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
308
8
		EC_KEY_free(ec);
309
310
8
		if ((cname = EC_curve_nid2nist(nid)) == NULL)
311
			cname = OBJ_nid2sn(nid);
312
313
8
		BIO_printf(out, "ECDH, %s, %d bits\n", cname, EVP_PKEY_bits(pkey));
314
8
		break;
315
316
	default:
317
		BIO_printf(out, "%s, %d bits\n", OBJ_nid2sn(EVP_PKEY_id(pkey)),
318
		    EVP_PKEY_bits(pkey));
319
	}
320
321
8
	EVP_PKEY_free(pkey);
322
8
	return 1;
323
8
}
324
325
long
326
bio_dump_callback(BIO * bio, int cmd, const char *argp,
327
    int argi, long argl, long ret)
328
{
329
	BIO *out;
330
331
	out = (BIO *) BIO_get_callback_arg(bio);
332
	if (out == NULL)
333
		return (ret);
334
335
	if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) {
336
		BIO_printf(out,
337
		    "read from %p [%p] (%lu bytes => %ld (0x%lX))\n",
338
		    (void *) bio, argp, (unsigned long) argi, ret, ret);
339
		BIO_dump(out, argp, (int) ret);
340
		return (ret);
341
	} else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) {
342
		BIO_printf(out,
343
		    "write to %p [%p] (%lu bytes => %ld (0x%lX))\n",
344
		    (void *) bio, argp, (unsigned long) argi, ret, ret);
345
		BIO_dump(out, argp, (int) ret);
346
	}
347
	return (ret);
348
}
349
350
void
351
apps_ssl_info_callback(const SSL * s, int where, int ret)
352
{
353
	const char *str;
354
	int w;
355
356
	w = where & ~SSL_ST_MASK;
357
358
	if (w & SSL_ST_CONNECT)
359
		str = "SSL_connect";
360
	else if (w & SSL_ST_ACCEPT)
361
		str = "SSL_accept";
362
	else
363
		str = "undefined";
364
365
	if (where & SSL_CB_LOOP) {
366
		BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s));
367
	} else if (where & SSL_CB_ALERT) {
368
		str = (where & SSL_CB_READ) ? "read" : "write";
369
		BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n", str,
370
		    SSL_alert_type_string_long(ret),
371
		    SSL_alert_desc_string_long(ret));
372
	} else if (where & SSL_CB_EXIT) {
373
		if (ret == 0)
374
			BIO_printf(bio_err, "%s:failed in %s\n",
375
			    str, SSL_state_string_long(s));
376
		else if (ret < 0) {
377
			BIO_printf(bio_err, "%s:error in %s\n",
378
			    str, SSL_state_string_long(s));
379
		}
380
	}
381
}
382
383
384
void
385
msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL * ssl, void *arg)
386
{
387
	BIO *bio = arg;
388
	const char *str_write_p, *str_version, *str_content_type = "",
389
	    *str_details1 = "", *str_details2 = "";
390
391
	str_write_p = write_p ? ">>>" : "<<<";
392
393
	switch (version) {
394
	case SSL2_VERSION:
395
		str_version = "SSL 2.0";
396
		break;
397
	case SSL3_VERSION:
398
		str_version = "SSL 3.0 ";
399
		break;
400
	case TLS1_VERSION:
401
		str_version = "TLS 1.0 ";
402
		break;
403
	case TLS1_1_VERSION:
404
		str_version = "TLS 1.1 ";
405
		break;
406
	case TLS1_2_VERSION:
407
		str_version = "TLS 1.2 ";
408
		break;
409
	case DTLS1_VERSION:
410
		str_version = "DTLS 1.0 ";
411
		break;
412
	default:
413
		str_version = "???";
414
	}
415
416
	if (version == SSL2_VERSION) {
417
		str_details1 = "???";
418
419
		if (len > 0) {
420
			switch (((const unsigned char *) buf)[0]) {
421
			case 0:
422
				str_details1 = ", ERROR:";
423
				str_details2 = " ???";
424
				if (len >= 3) {
425
					unsigned err = (((const unsigned char *) buf)[1] << 8) + ((const unsigned char *) buf)[2];
426
427
					switch (err) {
428
					case 0x0001:
429
						str_details2 = " NO-CIPHER-ERROR";
430
						break;
431
					case 0x0002:
432
						str_details2 = " NO-CERTIFICATE-ERROR";
433
						break;
434
					case 0x0004:
435
						str_details2 = " BAD-CERTIFICATE-ERROR";
436
						break;
437
					case 0x0006:
438
						str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR";
439
						break;
440
					}
441
				}
442
				break;
443
			case 1:
444
				str_details1 = ", CLIENT-HELLO";
445
				break;
446
			case 2:
447
				str_details1 = ", CLIENT-MASTER-KEY";
448
				break;
449
			case 3:
450
				str_details1 = ", CLIENT-FINISHED";
451
				break;
452
			case 4:
453
				str_details1 = ", SERVER-HELLO";
454
				break;
455
			case 5:
456
				str_details1 = ", SERVER-VERIFY";
457
				break;
458
			case 6:
459
				str_details1 = ", SERVER-FINISHED";
460
				break;
461
			case 7:
462
				str_details1 = ", REQUEST-CERTIFICATE";
463
				break;
464
			case 8:
465
				str_details1 = ", CLIENT-CERTIFICATE";
466
				break;
467
			}
468
		}
469
	}
470
	if (version == SSL3_VERSION || version == TLS1_VERSION ||
471
	    version == TLS1_1_VERSION || version == TLS1_2_VERSION ||
472
	    version == DTLS1_VERSION) {
473
		switch (content_type) {
474
		case 20:
475
			str_content_type = "ChangeCipherSpec";
476
			break;
477
		case 21:
478
			str_content_type = "Alert";
479
			break;
480
		case 22:
481
			str_content_type = "Handshake";
482
			break;
483
		}
484
485
		if (content_type == 21) {	/* Alert */
486
			str_details1 = ", ???";
487
488
			if (len == 2) {
489
				switch (((const unsigned char *) buf)[0]) {
490
				case 1:
491
					str_details1 = ", warning";
492
					break;
493
				case 2:
494
					str_details1 = ", fatal";
495
					break;
496
				}
497
498
				str_details2 = " ???";
499
				switch (((const unsigned char *) buf)[1]) {
500
				case 0:
501
					str_details2 = " close_notify";
502
					break;
503
				case 10:
504
					str_details2 = " unexpected_message";
505
					break;
506
				case 20:
507
					str_details2 = " bad_record_mac";
508
					break;
509
				case 21:
510
					str_details2 = " decryption_failed";
511
					break;
512
				case 22:
513
					str_details2 = " record_overflow";
514
					break;
515
				case 30:
516
					str_details2 = " decompression_failure";
517
					break;
518
				case 40:
519
					str_details2 = " handshake_failure";
520
					break;
521
				case 42:
522
					str_details2 = " bad_certificate";
523
					break;
524
				case 43:
525
					str_details2 = " unsupported_certificate";
526
					break;
527
				case 44:
528
					str_details2 = " certificate_revoked";
529
					break;
530
				case 45:
531
					str_details2 = " certificate_expired";
532
					break;
533
				case 46:
534
					str_details2 = " certificate_unknown";
535
					break;
536
				case 47:
537
					str_details2 = " illegal_parameter";
538
					break;
539
				case 48:
540
					str_details2 = " unknown_ca";
541
					break;
542
				case 49:
543
					str_details2 = " access_denied";
544
					break;
545
				case 50:
546
					str_details2 = " decode_error";
547
					break;
548
				case 51:
549
					str_details2 = " decrypt_error";
550
					break;
551
				case 60:
552
					str_details2 = " export_restriction";
553
					break;
554
				case 70:
555
					str_details2 = " protocol_version";
556
					break;
557
				case 71:
558
					str_details2 = " insufficient_security";
559
					break;
560
				case 80:
561
					str_details2 = " internal_error";
562
					break;
563
				case 90:
564
					str_details2 = " user_canceled";
565
					break;
566
				case 100:
567
					str_details2 = " no_renegotiation";
568
					break;
569
				case 110:
570
					str_details2 = " unsupported_extension";
571
					break;
572
				case 111:
573
					str_details2 = " certificate_unobtainable";
574
					break;
575
				case 112:
576
					str_details2 = " unrecognized_name";
577
					break;
578
				case 113:
579
					str_details2 = " bad_certificate_status_response";
580
					break;
581
				case 114:
582
					str_details2 = " bad_certificate_hash_value";
583
					break;
584
				case 115:
585
					str_details2 = " unknown_psk_identity";
586
					break;
587
				}
588
			}
589
		}
590
		if (content_type == 22) {	/* Handshake */
591
			str_details1 = "???";
592
593
			if (len > 0) {
594
				switch (((const unsigned char *) buf)[0]) {
595
				case 0:
596
					str_details1 = ", HelloRequest";
597
					break;
598
				case 1:
599
					str_details1 = ", ClientHello";
600
					break;
601
				case 2:
602
					str_details1 = ", ServerHello";
603
					break;
604
				case 3:
605
					str_details1 = ", HelloVerifyRequest";
606
					break;
607
				case 11:
608
					str_details1 = ", Certificate";
609
					break;
610
				case 12:
611
					str_details1 = ", ServerKeyExchange";
612
					break;
613
				case 13:
614
					str_details1 = ", CertificateRequest";
615
					break;
616
				case 14:
617
					str_details1 = ", ServerHelloDone";
618
					break;
619
				case 15:
620
					str_details1 = ", CertificateVerify";
621
					break;
622
				case 16:
623
					str_details1 = ", ClientKeyExchange";
624
					break;
625
				case 20:
626
					str_details1 = ", Finished";
627
					break;
628
				}
629
			}
630
		}
631
	}
632
	BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p,
633
	    str_version, str_content_type, (unsigned long) len,
634
	    str_details1, str_details2);
635
636
	if (len > 0) {
637
		size_t num, i;
638
639
		BIO_printf(bio, "   ");
640
		num = len;
641
642
		for (i = 0; i < num; i++) {
643
			if (i % 16 == 0 && i > 0)
644
				BIO_printf(bio, "\n   ");
645
			BIO_printf(bio, " %02x",
646
			    ((const unsigned char *) buf)[i]);
647
		}
648
		if (i < len)
649
			BIO_printf(bio, " ...");
650
		BIO_printf(bio, "\n");
651
	}
652
	(void) BIO_flush(bio);
653
}
654
655
void
656
tlsext_cb(SSL * s, int client_server, int type, unsigned char *data, int len,
657
    void *arg)
658
{
659
	BIO *bio = arg;
660
	char *extname;
661
662
	switch (type) {
663
	case TLSEXT_TYPE_server_name:
664
		extname = "server name";
665
		break;
666
667
	case TLSEXT_TYPE_max_fragment_length:
668
		extname = "max fragment length";
669
		break;
670
671
	case TLSEXT_TYPE_client_certificate_url:
672
		extname = "client certificate URL";
673
		break;
674
675
	case TLSEXT_TYPE_trusted_ca_keys:
676
		extname = "trusted CA keys";
677
		break;
678
679
	case TLSEXT_TYPE_truncated_hmac:
680
		extname = "truncated HMAC";
681
		break;
682
683
	case TLSEXT_TYPE_status_request:
684
		extname = "status request";
685
		break;
686
687
	case TLSEXT_TYPE_user_mapping:
688
		extname = "user mapping";
689
		break;
690
691
	case TLSEXT_TYPE_client_authz:
692
		extname = "client authz";
693
		break;
694
695
	case TLSEXT_TYPE_server_authz:
696
		extname = "server authz";
697
		break;
698
699
	case TLSEXT_TYPE_cert_type:
700
		extname = "cert type";
701
		break;
702
703
	case TLSEXT_TYPE_elliptic_curves:
704
		extname = "elliptic curves";
705
		break;
706
707
	case TLSEXT_TYPE_ec_point_formats:
708
		extname = "EC point formats";
709
		break;
710
711
	case TLSEXT_TYPE_srp:
712
		extname = "SRP";
713
		break;
714
715
	case TLSEXT_TYPE_signature_algorithms:
716
		extname = "signature algorithms";
717
		break;
718
719
	case TLSEXT_TYPE_use_srtp:
720
		extname = "use SRTP";
721
		break;
722
723
	case TLSEXT_TYPE_heartbeat:
724
		extname = "heartbeat";
725
		break;
726
727
	case TLSEXT_TYPE_session_ticket:
728
		extname = "session ticket";
729
		break;
730
731
	case TLSEXT_TYPE_renegotiate:
732
		extname = "renegotiation info";
733
		break;
734
735
	default:
736
		extname = "unknown";
737
		break;
738
739
	}
740
741
	BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n",
742
	    client_server ? "server" : "client", extname, type, len);
743
	BIO_dump(bio, (char *) data, len);
744
	(void) BIO_flush(bio);
745
}
746
747
int
748
generate_cookie_callback(SSL * ssl, unsigned char *cookie,
749
    unsigned int *cookie_len)
750
{
751
	unsigned char *buffer, result[EVP_MAX_MD_SIZE];
752
	unsigned int length, resultlength;
753
	union {
754
		struct sockaddr sa;
755
		struct sockaddr_in s4;
756
		struct sockaddr_in6 s6;
757
	} peer;
758
759
	/* Initialize a random secret */
760
	if (!cookie_initialized) {
761
		arc4random_buf(cookie_secret, COOKIE_SECRET_LENGTH);
762
		cookie_initialized = 1;
763
	}
764
	/* Read peer information */
765
	(void) BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
766
767
	/* Create buffer with peer's address and port */
768
	length = 0;
769
	switch (peer.sa.sa_family) {
770
	case AF_INET:
771
		length += sizeof(struct in_addr);
772
		length += sizeof(peer.s4.sin_port);
773
		break;
774
	case AF_INET6:
775
		length += sizeof(struct in6_addr);
776
		length += sizeof(peer.s6.sin6_port);
777
		break;
778
	default:
779
		OPENSSL_assert(0);
780
		break;
781
	}
782
	buffer = malloc(length);
783
784
	if (buffer == NULL) {
785
		BIO_printf(bio_err, "out of memory\n");
786
		return 0;
787
	}
788
	switch (peer.sa.sa_family) {
789
	case AF_INET:
790
		memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port));
791
		memcpy(buffer + sizeof(peer.s4.sin_port),
792
		    &peer.s4.sin_addr, sizeof(struct in_addr));
793
		break;
794
	case AF_INET6:
795
		memcpy(buffer, &peer.s6.sin6_port, sizeof(peer.s6.sin6_port));
796
		memcpy(buffer + sizeof(peer.s6.sin6_port),
797
		    &peer.s6.sin6_addr, sizeof(struct in6_addr));
798
		break;
799
	default:
800
		OPENSSL_assert(0);
801
		break;
802
	}
803
804
	/* Calculate HMAC of buffer using the secret */
805
	HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
806
	    buffer, length, result, &resultlength);
807
	free(buffer);
808
809
	memcpy(cookie, result, resultlength);
810
	*cookie_len = resultlength;
811
812
	return 1;
813
}
814
815
int
816
verify_cookie_callback(SSL * ssl, unsigned char *cookie, unsigned int cookie_len)
817
{
818
	unsigned char *buffer, result[EVP_MAX_MD_SIZE];
819
	unsigned int length, resultlength;
820
	union {
821
		struct sockaddr sa;
822
		struct sockaddr_in s4;
823
		struct sockaddr_in6 s6;
824
	} peer;
825
826
	/* If secret isn't initialized yet, the cookie can't be valid */
827
	if (!cookie_initialized)
828
		return 0;
829
830
	/* Read peer information */
831
	(void) BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
832
833
	/* Create buffer with peer's address and port */
834
	length = 0;
835
	switch (peer.sa.sa_family) {
836
	case AF_INET:
837
		length += sizeof(struct in_addr);
838
		length += sizeof(peer.s4.sin_port);
839
		break;
840
	case AF_INET6:
841
		length += sizeof(struct in6_addr);
842
		length += sizeof(peer.s6.sin6_port);
843
		break;
844
	default:
845
		OPENSSL_assert(0);
846
		break;
847
	}
848
	buffer = malloc(length);
849
850
	if (buffer == NULL) {
851
		BIO_printf(bio_err, "out of memory\n");
852
		return 0;
853
	}
854
	switch (peer.sa.sa_family) {
855
	case AF_INET:
856
		memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port));
857
		memcpy(buffer + sizeof(peer.s4.sin_port),
858
		    &peer.s4.sin_addr, sizeof(struct in_addr));
859
		break;
860
	case AF_INET6:
861
		memcpy(buffer, &peer.s6.sin6_port, sizeof(peer.s6.sin6_port));
862
		memcpy(buffer + sizeof(peer.s6.sin6_port),
863
		    &peer.s6.sin6_addr, sizeof(struct in6_addr));
864
		break;
865
	default:
866
		OPENSSL_assert(0);
867
		break;
868
	}
869
870
	/* Calculate HMAC of buffer using the secret */
871
	HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
872
	    buffer, length, result, &resultlength);
873
	free(buffer);
874
875
	if (cookie_len == resultlength &&
876
	    memcmp(result, cookie, resultlength) == 0)
877
		return 1;
878
879
	return 0;
880
}