]>
Commit | Line | Data |
---|---|---|
846e33c7 | 1 | /* |
fecb3aae | 2 | * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. |
a661b653 | 3 | * |
dffa7520 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
846e33c7 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
a661b653 | 8 | */ |
d02b48c6 | 9 | |
af5e63e1 FG |
10 | /* |
11 | * callback functions used by s_client, s_server, and s_time, | |
12 | * as well as other common logic for those apps | |
13 | */ | |
d02b48c6 RE |
14 | #include <stdio.h> |
15 | #include <stdlib.h> | |
8f744cce | 16 | #include <string.h> /* for memcpy() and strcmp() */ |
d02b48c6 | 17 | #include "apps.h" |
dbde4726 P |
18 | #include <openssl/core_names.h> |
19 | #include <openssl/params.h> | |
ec577822 | 20 | #include <openssl/err.h> |
07a9d1a2 | 21 | #include <openssl/rand.h> |
ec577822 BM |
22 | #include <openssl/x509.h> |
23 | #include <openssl/ssl.h> | |
e03c5b59 DSH |
24 | #include <openssl/bn.h> |
25 | #ifndef OPENSSL_NO_DH | |
0f113f3e | 26 | # include <openssl/dh.h> |
e03c5b59 | 27 | #endif |
d02b48c6 RE |
28 | #include "s_apps.h" |
29 | ||
0f113f3e | 30 | #define COOKIE_SECRET_LENGTH 16 |
07a9d1a2 | 31 | |
78021171 | 32 | VERIFY_CB_ARGS verify_args = { -1, 0, X509_V_OK, 0 }; |
acc00492 | 33 | |
f9e55034 | 34 | #ifndef OPENSSL_NO_SOCK |
df2ee0e2 BL |
35 | static unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; |
36 | static int cookie_initialized = 0; | |
f9e55034 | 37 | #endif |
4bf73e9f | 38 | static BIO *bio_keylog = NULL; |
d02b48c6 | 39 | |
3e8e688f RS |
40 | static const char *lookup(int val, const STRINT_PAIR* list, const char* def) |
41 | { | |
42 | for ( ; list->name; ++list) | |
43 | if (list->retval == val) | |
44 | return list->name; | |
45 | return def; | |
46 | } | |
47 | ||
6d23cf97 | 48 | int verify_callback(int ok, X509_STORE_CTX *ctx) |
0f113f3e MC |
49 | { |
50 | X509 *err_cert; | |
51 | int err, depth; | |
52 | ||
53 | err_cert = X509_STORE_CTX_get_current_cert(ctx); | |
54 | err = X509_STORE_CTX_get_error(ctx); | |
55 | depth = X509_STORE_CTX_get_error_depth(ctx); | |
56 | ||
acc00492 | 57 | if (!verify_args.quiet || !ok) { |
0f113f3e | 58 | BIO_printf(bio_err, "depth=%d ", depth); |
2234212c | 59 | if (err_cert != NULL) { |
0f113f3e MC |
60 | X509_NAME_print_ex(bio_err, |
61 | X509_get_subject_name(err_cert), | |
b5c4209b | 62 | 0, get_nameopt()); |
0f113f3e | 63 | BIO_puts(bio_err, "\n"); |
2234212c | 64 | } else { |
0f113f3e | 65 | BIO_puts(bio_err, "<no cert>\n"); |
2234212c | 66 | } |
0f113f3e MC |
67 | } |
68 | if (!ok) { | |
69 | BIO_printf(bio_err, "verify error:num=%d:%s\n", err, | |
70 | X509_verify_cert_error_string(err)); | |
78021171 | 71 | if (verify_args.depth < 0 || verify_args.depth >= depth) { |
acc00492 | 72 | if (!verify_args.return_error) |
0f113f3e | 73 | ok = 1; |
acc00492 | 74 | verify_args.error = err; |
0f113f3e MC |
75 | } else { |
76 | ok = 0; | |
acc00492 | 77 | verify_args.error = X509_V_ERR_CERT_CHAIN_TOO_LONG; |
0f113f3e MC |
78 | } |
79 | } | |
80 | switch (err) { | |
81 | case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: | |
fad0f80e DB |
82 | if (err_cert != NULL) { |
83 | BIO_puts(bio_err, "issuer= "); | |
84 | X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), | |
85 | 0, get_nameopt()); | |
86 | BIO_puts(bio_err, "\n"); | |
87 | } | |
0f113f3e MC |
88 | break; |
89 | case X509_V_ERR_CERT_NOT_YET_VALID: | |
90 | case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: | |
fad0f80e DB |
91 | if (err_cert != NULL) { |
92 | BIO_printf(bio_err, "notBefore="); | |
93 | ASN1_TIME_print(bio_err, X509_get0_notBefore(err_cert)); | |
94 | BIO_printf(bio_err, "\n"); | |
95 | } | |
0f113f3e MC |
96 | break; |
97 | case X509_V_ERR_CERT_HAS_EXPIRED: | |
98 | case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: | |
fad0f80e DB |
99 | if (err_cert != NULL) { |
100 | BIO_printf(bio_err, "notAfter="); | |
101 | ASN1_TIME_print(bio_err, X509_get0_notAfter(err_cert)); | |
102 | BIO_printf(bio_err, "\n"); | |
103 | } | |
0f113f3e MC |
104 | break; |
105 | case X509_V_ERR_NO_EXPLICIT_POLICY: | |
acc00492 | 106 | if (!verify_args.quiet) |
ecf3a1fb | 107 | policies_print(ctx); |
0f113f3e MC |
108 | break; |
109 | } | |
acc00492 | 110 | if (err == X509_V_OK && ok == 2 && !verify_args.quiet) |
ecf3a1fb | 111 | policies_print(ctx); |
acc00492 | 112 | if (ok && !verify_args.quiet) |
0f113f3e | 113 | BIO_printf(bio_err, "verify return:%d\n", ok); |
26a7d938 | 114 | return ok; |
0f113f3e | 115 | } |
d02b48c6 | 116 | |
6b691a5c | 117 | int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) |
0f113f3e MC |
118 | { |
119 | if (cert_file != NULL) { | |
0f113f3e MC |
120 | if (SSL_CTX_use_certificate_file(ctx, cert_file, |
121 | SSL_FILETYPE_PEM) <= 0) { | |
122 | BIO_printf(bio_err, "unable to get certificate from '%s'\n", | |
123 | cert_file); | |
124 | ERR_print_errors(bio_err); | |
26a7d938 | 125 | return 0; |
0f113f3e MC |
126 | } |
127 | if (key_file == NULL) | |
128 | key_file = cert_file; | |
129 | if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) { | |
130 | BIO_printf(bio_err, "unable to get private key from '%s'\n", | |
131 | key_file); | |
132 | ERR_print_errors(bio_err); | |
26a7d938 | 133 | return 0; |
0f113f3e MC |
134 | } |
135 | ||
0f113f3e MC |
136 | /* |
137 | * If we are using DSA, we can copy the parameters from the private | |
138 | * key | |
139 | */ | |
140 | ||
141 | /* | |
142 | * Now we know that a key and cert have been set against the SSL | |
143 | * context | |
144 | */ | |
145 | if (!SSL_CTX_check_private_key(ctx)) { | |
146 | BIO_printf(bio_err, | |
147 | "Private key does not match the certificate public key\n"); | |
26a7d938 | 148 | return 0; |
0f113f3e MC |
149 | } |
150 | } | |
208fb891 | 151 | return 1; |
0f113f3e | 152 | } |
d02b48c6 | 153 | |
fc6fc7ff | 154 | int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, |
0f113f3e MC |
155 | STACK_OF(X509) *chain, int build_chain) |
156 | { | |
157 | int chflags = chain ? SSL_BUILD_CHAIN_FLAG_CHECK : 0; | |
5fae09f3 | 158 | |
0f113f3e MC |
159 | if (cert == NULL) |
160 | return 1; | |
161 | if (SSL_CTX_use_certificate(ctx, cert) <= 0) { | |
162 | BIO_printf(bio_err, "error setting certificate\n"); | |
163 | ERR_print_errors(bio_err); | |
164 | return 0; | |
165 | } | |
166 | ||
167 | if (SSL_CTX_use_PrivateKey(ctx, key) <= 0) { | |
168 | BIO_printf(bio_err, "error setting private key\n"); | |
169 | ERR_print_errors(bio_err); | |
170 | return 0; | |
171 | } | |
172 | ||
173 | /* | |
174 | * Now we know that a key and cert have been set against the SSL context | |
175 | */ | |
176 | if (!SSL_CTX_check_private_key(ctx)) { | |
177 | BIO_printf(bio_err, | |
178 | "Private key does not match the certificate public key\n"); | |
179 | return 0; | |
180 | } | |
181 | if (chain && !SSL_CTX_set1_chain(ctx, chain)) { | |
182 | BIO_printf(bio_err, "error setting certificate chain\n"); | |
183 | ERR_print_errors(bio_err); | |
184 | return 0; | |
185 | } | |
186 | if (build_chain && !SSL_CTX_build_cert_chain(ctx, chflags)) { | |
187 | BIO_printf(bio_err, "error building certificate chain\n"); | |
188 | ERR_print_errors(bio_err); | |
189 | return 0; | |
190 | } | |
191 | return 1; | |
192 | } | |
826a42a0 | 193 | |
3e8e688f RS |
194 | static STRINT_PAIR cert_type_list[] = { |
195 | {"RSA sign", TLS_CT_RSA_SIGN}, | |
196 | {"DSA sign", TLS_CT_DSS_SIGN}, | |
197 | {"RSA fixed DH", TLS_CT_RSA_FIXED_DH}, | |
198 | {"DSS fixed DH", TLS_CT_DSS_FIXED_DH}, | |
199 | {"ECDSA sign", TLS_CT_ECDSA_SIGN}, | |
200 | {"RSA fixed ECDH", TLS_CT_RSA_FIXED_ECDH}, | |
201 | {"ECDSA fixed ECDH", TLS_CT_ECDSA_FIXED_ECDH}, | |
3e8e688f | 202 | {"GOST01 Sign", TLS_CT_GOST01_SIGN}, |
7a417606 | 203 | {"GOST12 Sign", TLS_CT_GOST12_IANA_SIGN}, |
3e8e688f RS |
204 | {NULL} |
205 | }; | |
206 | ||
9f27b1ee | 207 | static void ssl_print_client_cert_types(BIO *bio, SSL *s) |
0f113f3e MC |
208 | { |
209 | const unsigned char *p; | |
210 | int i; | |
211 | int cert_type_num = SSL_get0_certificate_types(s, &p); | |
5fae09f3 | 212 | |
0f113f3e MC |
213 | if (!cert_type_num) |
214 | return; | |
215 | BIO_puts(bio, "Client Certificate Types: "); | |
216 | for (i = 0; i < cert_type_num; i++) { | |
217 | unsigned char cert_type = p[i]; | |
3e8e688f | 218 | const char *cname = lookup((int)cert_type, cert_type_list, NULL); |
0f113f3e MC |
219 | |
220 | if (i) | |
221 | BIO_puts(bio, ", "); | |
2234212c | 222 | if (cname != NULL) |
0f113f3e MC |
223 | BIO_puts(bio, cname); |
224 | else | |
225 | BIO_printf(bio, "UNKNOWN (%d),", cert_type); | |
226 | } | |
227 | BIO_puts(bio, "\n"); | |
228 | } | |
9f27b1ee | 229 | |
42ef7aea DSH |
230 | static const char *get_sigtype(int nid) |
231 | { | |
232 | switch (nid) { | |
233 | case EVP_PKEY_RSA: | |
234 | return "RSA"; | |
235 | ||
236 | case EVP_PKEY_RSA_PSS: | |
237 | return "RSA-PSS"; | |
238 | ||
239 | case EVP_PKEY_DSA: | |
240 | return "DSA"; | |
241 | ||
5fae09f3 | 242 | case EVP_PKEY_EC: |
42ef7aea DSH |
243 | return "ECDSA"; |
244 | ||
5fae09f3 | 245 | case NID_ED25519: |
03327c8b DSH |
246 | return "Ed25519"; |
247 | ||
5fae09f3 | 248 | case NID_ED448: |
0e1d6ecf MC |
249 | return "Ed448"; |
250 | ||
5fae09f3 | 251 | case NID_id_GostR3410_2001: |
f3a246c6 DB |
252 | return "gost2001"; |
253 | ||
5fae09f3 | 254 | case NID_id_GostR3410_2012_256: |
f3a246c6 DB |
255 | return "gost2012_256"; |
256 | ||
5fae09f3 | 257 | case NID_id_GostR3410_2012_512: |
f3a246c6 DB |
258 | return "gost2012_512"; |
259 | ||
42ef7aea | 260 | default: |
ee58915c MB |
261 | /* Try to output provider-registered sig alg name */ |
262 | return OBJ_nid2sn(nid); | |
42ef7aea DSH |
263 | } |
264 | } | |
265 | ||
9f27b1ee | 266 | static int do_print_sigalgs(BIO *out, SSL *s, int shared) |
0f113f3e MC |
267 | { |
268 | int i, nsig, client; | |
5fae09f3 | 269 | |
0f113f3e MC |
270 | client = SSL_is_server(s) ? 0 : 1; |
271 | if (shared) | |
6d047e06 | 272 | nsig = SSL_get_shared_sigalgs(s, 0, NULL, NULL, NULL, NULL, NULL); |
0f113f3e MC |
273 | else |
274 | nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL); | |
275 | if (nsig == 0) | |
276 | return 1; | |
277 | ||
278 | if (shared) | |
279 | BIO_puts(out, "Shared "); | |
280 | ||
281 | if (client) | |
282 | BIO_puts(out, "Requested "); | |
283 | BIO_puts(out, "Signature Algorithms: "); | |
284 | for (i = 0; i < nsig; i++) { | |
285 | int hash_nid, sign_nid; | |
286 | unsigned char rhash, rsign; | |
287 | const char *sstr = NULL; | |
288 | if (shared) | |
289 | SSL_get_shared_sigalgs(s, i, &sign_nid, &hash_nid, NULL, | |
290 | &rsign, &rhash); | |
291 | else | |
292 | SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL, &rsign, &rhash); | |
293 | if (i) | |
294 | BIO_puts(out, ":"); | |
91410d40 | 295 | sstr = get_sigtype(sign_nid); |
0f113f3e | 296 | if (sstr) |
03327c8b | 297 | BIO_printf(out, "%s", sstr); |
0f113f3e | 298 | else |
03327c8b | 299 | BIO_printf(out, "0x%02X", (int)rsign); |
0f113f3e | 300 | if (hash_nid != NID_undef) |
03327c8b DSH |
301 | BIO_printf(out, "+%s", OBJ_nid2sn(hash_nid)); |
302 | else if (sstr == NULL) | |
303 | BIO_printf(out, "+0x%02X", (int)rhash); | |
0f113f3e MC |
304 | } |
305 | BIO_puts(out, "\n"); | |
306 | return 1; | |
307 | } | |
e7f8ff43 | 308 | |
9f27b1ee | 309 | int ssl_print_sigalgs(BIO *out, SSL *s) |
0f113f3e | 310 | { |
42ef7aea | 311 | int nid; |
5fae09f3 | 312 | |
0f113f3e MC |
313 | if (!SSL_is_server(s)) |
314 | ssl_print_client_cert_types(out, s); | |
315 | do_print_sigalgs(out, s, 0); | |
316 | do_print_sigalgs(out, s, 1); | |
03327c8b | 317 | if (SSL_get_peer_signature_nid(s, &nid) && nid != NID_undef) |
42ef7aea DSH |
318 | BIO_printf(out, "Peer signing digest: %s\n", OBJ_nid2sn(nid)); |
319 | if (SSL_get_peer_signature_type_nid(s, &nid)) | |
395f7c42 | 320 | BIO_printf(out, "Peer signature type: %s\n", get_sigtype(nid)); |
0f113f3e MC |
321 | return 1; |
322 | } | |
323 | ||
14536c8c | 324 | #ifndef OPENSSL_NO_EC |
20b431e3 | 325 | int ssl_print_point_formats(BIO *out, SSL *s) |
0f113f3e MC |
326 | { |
327 | int i, nformats; | |
328 | const char *pformats; | |
5fae09f3 | 329 | |
0f113f3e MC |
330 | nformats = SSL_get0_ec_point_formats(s, &pformats); |
331 | if (nformats <= 0) | |
332 | return 1; | |
333 | BIO_puts(out, "Supported Elliptic Curve Point Formats: "); | |
334 | for (i = 0; i < nformats; i++, pformats++) { | |
335 | if (i) | |
336 | BIO_puts(out, ":"); | |
337 | switch (*pformats) { | |
338 | case TLSEXT_ECPOINTFORMAT_uncompressed: | |
339 | BIO_puts(out, "uncompressed"); | |
340 | break; | |
341 | ||
342 | case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime: | |
343 | BIO_puts(out, "ansiX962_compressed_prime"); | |
344 | break; | |
345 | ||
346 | case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2: | |
347 | BIO_puts(out, "ansiX962_compressed_char2"); | |
348 | break; | |
349 | ||
350 | default: | |
351 | BIO_printf(out, "unknown(%d)", (int)*pformats); | |
352 | break; | |
353 | ||
354 | } | |
355 | } | |
0f113f3e MC |
356 | BIO_puts(out, "\n"); |
357 | return 1; | |
358 | } | |
20b431e3 | 359 | |
de4d764e | 360 | int ssl_print_groups(BIO *out, SSL *s, int noshared) |
0f113f3e | 361 | { |
de4d764e | 362 | int i, ngroups, *groups, nid; |
7e1b7485 | 363 | |
de4d764e MC |
364 | ngroups = SSL_get1_groups(s, NULL); |
365 | if (ngroups <= 0) | |
0f113f3e | 366 | return 1; |
de4d764e MC |
367 | groups = app_malloc(ngroups * sizeof(int), "groups to print"); |
368 | SSL_get1_groups(s, groups); | |
0f113f3e | 369 | |
becbacd7 | 370 | BIO_puts(out, "Supported groups: "); |
de4d764e | 371 | for (i = 0; i < ngroups; i++) { |
0f113f3e MC |
372 | if (i) |
373 | BIO_puts(out, ":"); | |
de4d764e | 374 | nid = groups[i]; |
becbacd7 | 375 | BIO_printf(out, "%s", SSL_group_to_name(s, nid)); |
0f113f3e | 376 | } |
de4d764e | 377 | OPENSSL_free(groups); |
0f113f3e MC |
378 | if (noshared) { |
379 | BIO_puts(out, "\n"); | |
380 | return 1; | |
381 | } | |
becbacd7 | 382 | BIO_puts(out, "\nShared groups: "); |
de4d764e MC |
383 | ngroups = SSL_get_shared_group(s, -1); |
384 | for (i = 0; i < ngroups; i++) { | |
0f113f3e MC |
385 | if (i) |
386 | BIO_puts(out, ":"); | |
de4d764e | 387 | nid = SSL_get_shared_group(s, i); |
becbacd7 | 388 | BIO_printf(out, "%s", SSL_group_to_name(s, nid)); |
0f113f3e | 389 | } |
de4d764e | 390 | if (ngroups == 0) |
0f113f3e MC |
391 | BIO_puts(out, "NONE"); |
392 | BIO_puts(out, "\n"); | |
393 | return 1; | |
394 | } | |
14536c8c | 395 | #endif |
2234212c | 396 | |
33a8de69 | 397 | int ssl_print_tmp_key(BIO *out, SSL *s) |
0f113f3e MC |
398 | { |
399 | EVP_PKEY *key; | |
a51c9f63 VD |
400 | |
401 | if (!SSL_get_peer_tmp_key(s, &key)) | |
0f113f3e MC |
402 | return 1; |
403 | BIO_puts(out, "Server Temp Key: "); | |
ed576acd | 404 | switch (EVP_PKEY_get_id(key)) { |
0f113f3e | 405 | case EVP_PKEY_RSA: |
ed576acd | 406 | BIO_printf(out, "RSA, %d bits\n", EVP_PKEY_get_bits(key)); |
0f113f3e MC |
407 | break; |
408 | ||
409 | case EVP_PKEY_DH: | |
ed576acd | 410 | BIO_printf(out, "DH, %d bits\n", EVP_PKEY_get_bits(key)); |
0f113f3e | 411 | break; |
10bf4fc2 | 412 | #ifndef OPENSSL_NO_EC |
0f113f3e MC |
413 | case EVP_PKEY_EC: |
414 | { | |
5b5eea4b SL |
415 | char name[80]; |
416 | size_t name_len; | |
417 | ||
418 | if (!EVP_PKEY_get_utf8_string_param(key, OSSL_PKEY_PARAM_GROUP_NAME, | |
419 | name, sizeof(name), &name_len)) | |
420 | strcpy(name, "?"); | |
ed576acd | 421 | BIO_printf(out, "ECDH, %s, %d bits\n", name, EVP_PKEY_get_bits(key)); |
0f113f3e | 422 | } |
23143e4d | 423 | break; |
14536c8c | 424 | #endif |
23143e4d | 425 | default: |
ed576acd TM |
426 | BIO_printf(out, "%s, %d bits\n", OBJ_nid2sn(EVP_PKEY_get_id(key)), |
427 | EVP_PKEY_get_bits(key)); | |
0f113f3e MC |
428 | } |
429 | EVP_PKEY_free(key); | |
430 | return 1; | |
431 | } | |
e7f8ff43 | 432 | |
0800318a TM |
433 | long bio_dump_callback(BIO *bio, int cmd, const char *argp, size_t len, |
434 | int argi, long argl, int ret, size_t *processed) | |
0f113f3e MC |
435 | { |
436 | BIO *out; | |
437 | ||
438 | out = (BIO *)BIO_get_callback_arg(bio); | |
439 | if (out == NULL) | |
26a7d938 | 440 | return ret; |
0f113f3e MC |
441 | |
442 | if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) { | |
0800318a TM |
443 | if (ret > 0 && processed != NULL) { |
444 | BIO_printf(out, "read from %p [%p] (%zu bytes => %zu (0x%zX))\n", | |
445 | (void *)bio, (void *)argp, len, *processed, *processed); | |
446 | BIO_dump(out, argp, (int)*processed); | |
447 | } else { | |
448 | BIO_printf(out, "read from %p [%p] (%zu bytes => %d)\n", | |
449 | (void *)bio, (void *)argp, len, ret); | |
450 | } | |
0f113f3e | 451 | } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) { |
0800318a TM |
452 | if (ret > 0 && processed != NULL) { |
453 | BIO_printf(out, "write to %p [%p] (%zu bytes => %zu (0x%zX))\n", | |
454 | (void *)bio, (void *)argp, len, *processed, *processed); | |
455 | BIO_dump(out, argp, (int)*processed); | |
456 | } else { | |
457 | BIO_printf(out, "write to %p [%p] (%zu bytes => %d)\n", | |
458 | (void *)bio, (void *)argp, len, ret); | |
459 | } | |
0f113f3e | 460 | } |
26a7d938 | 461 | return ret; |
0f113f3e | 462 | } |
d02b48c6 | 463 | |
6d23cf97 | 464 | void apps_ssl_info_callback(const SSL *s, int where, int ret) |
0f113f3e MC |
465 | { |
466 | const char *str; | |
467 | int w; | |
468 | ||
469 | w = where & ~SSL_ST_MASK; | |
470 | ||
471 | if (w & SSL_ST_CONNECT) | |
472 | str = "SSL_connect"; | |
473 | else if (w & SSL_ST_ACCEPT) | |
474 | str = "SSL_accept"; | |
475 | else | |
476 | str = "undefined"; | |
477 | ||
478 | if (where & SSL_CB_LOOP) { | |
479 | BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s)); | |
480 | } else if (where & SSL_CB_ALERT) { | |
481 | str = (where & SSL_CB_READ) ? "read" : "write"; | |
482 | BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n", | |
483 | str, | |
484 | SSL_alert_type_string_long(ret), | |
485 | SSL_alert_desc_string_long(ret)); | |
486 | } else if (where & SSL_CB_EXIT) { | |
487 | if (ret == 0) | |
488 | BIO_printf(bio_err, "%s:failed in %s\n", | |
489 | str, SSL_state_string_long(s)); | |
2234212c | 490 | else if (ret < 0) |
0f113f3e MC |
491 | BIO_printf(bio_err, "%s:error in %s\n", |
492 | str, SSL_state_string_long(s)); | |
0f113f3e MC |
493 | } |
494 | } | |
d02b48c6 | 495 | |
3e8e688f RS |
496 | static STRINT_PAIR ssl_versions[] = { |
497 | {"SSL 3.0", SSL3_VERSION}, | |
498 | {"TLS 1.0", TLS1_VERSION}, | |
499 | {"TLS 1.1", TLS1_1_VERSION}, | |
500 | {"TLS 1.2", TLS1_2_VERSION}, | |
582a17d6 | 501 | {"TLS 1.3", TLS1_3_VERSION}, |
3e8e688f RS |
502 | {"DTLS 1.0", DTLS1_VERSION}, |
503 | {"DTLS 1.0 (bad)", DTLS1_BAD_VER}, | |
504 | {NULL} | |
505 | }; | |
2234212c | 506 | |
3e8e688f RS |
507 | static STRINT_PAIR alert_types[] = { |
508 | {" close_notify", 0}, | |
b35fb005 | 509 | {" end_of_early_data", 1}, |
3e8e688f RS |
510 | {" unexpected_message", 10}, |
511 | {" bad_record_mac", 20}, | |
512 | {" decryption_failed", 21}, | |
513 | {" record_overflow", 22}, | |
514 | {" decompression_failure", 30}, | |
515 | {" handshake_failure", 40}, | |
516 | {" bad_certificate", 42}, | |
517 | {" unsupported_certificate", 43}, | |
518 | {" certificate_revoked", 44}, | |
519 | {" certificate_expired", 45}, | |
520 | {" certificate_unknown", 46}, | |
521 | {" illegal_parameter", 47}, | |
522 | {" unknown_ca", 48}, | |
523 | {" access_denied", 49}, | |
524 | {" decode_error", 50}, | |
525 | {" decrypt_error", 51}, | |
526 | {" export_restriction", 60}, | |
527 | {" protocol_version", 70}, | |
528 | {" insufficient_security", 71}, | |
529 | {" internal_error", 80}, | |
b35fb005 | 530 | {" inappropriate_fallback", 86}, |
3e8e688f RS |
531 | {" user_canceled", 90}, |
532 | {" no_renegotiation", 100}, | |
b35fb005 | 533 | {" missing_extension", 109}, |
3e8e688f RS |
534 | {" unsupported_extension", 110}, |
535 | {" certificate_unobtainable", 111}, | |
536 | {" unrecognized_name", 112}, | |
537 | {" bad_certificate_status_response", 113}, | |
538 | {" bad_certificate_hash_value", 114}, | |
539 | {" unknown_psk_identity", 115}, | |
b35fb005 | 540 | {" certificate_required", 116}, |
3e8e688f RS |
541 | {NULL} |
542 | }; | |
543 | ||
544 | static STRINT_PAIR handshakes[] = { | |
07518cfb TS |
545 | {", HelloRequest", SSL3_MT_HELLO_REQUEST}, |
546 | {", ClientHello", SSL3_MT_CLIENT_HELLO}, | |
547 | {", ServerHello", SSL3_MT_SERVER_HELLO}, | |
548 | {", HelloVerifyRequest", DTLS1_MT_HELLO_VERIFY_REQUEST}, | |
549 | {", NewSessionTicket", SSL3_MT_NEWSESSION_TICKET}, | |
550 | {", EndOfEarlyData", SSL3_MT_END_OF_EARLY_DATA}, | |
07518cfb TS |
551 | {", EncryptedExtensions", SSL3_MT_ENCRYPTED_EXTENSIONS}, |
552 | {", Certificate", SSL3_MT_CERTIFICATE}, | |
553 | {", ServerKeyExchange", SSL3_MT_SERVER_KEY_EXCHANGE}, | |
554 | {", CertificateRequest", SSL3_MT_CERTIFICATE_REQUEST}, | |
555 | {", ServerHelloDone", SSL3_MT_SERVER_DONE}, | |
556 | {", CertificateVerify", SSL3_MT_CERTIFICATE_VERIFY}, | |
557 | {", ClientKeyExchange", SSL3_MT_CLIENT_KEY_EXCHANGE}, | |
558 | {", Finished", SSL3_MT_FINISHED}, | |
d420729b | 559 | {", CertificateUrl", SSL3_MT_CERTIFICATE_URL}, |
07518cfb | 560 | {", CertificateStatus", SSL3_MT_CERTIFICATE_STATUS}, |
d420729b | 561 | {", SupplementalData", SSL3_MT_SUPPLEMENTAL_DATA}, |
07518cfb | 562 | {", KeyUpdate", SSL3_MT_KEY_UPDATE}, |
b67cb09f | 563 | {", CompressedCertificate", SSL3_MT_COMPRESSED_CERTIFICATE}, |
07518cfb TS |
564 | #ifndef OPENSSL_NO_NEXTPROTONEG |
565 | {", NextProto", SSL3_MT_NEXT_PROTO}, | |
566 | #endif | |
567 | {", MessageHash", SSL3_MT_MESSAGE_HASH}, | |
3e8e688f RS |
568 | {NULL} |
569 | }; | |
0f113f3e MC |
570 | |
571 | void msg_cb(int write_p, int version, int content_type, const void *buf, | |
572 | size_t len, SSL *ssl, void *arg) | |
573 | { | |
574 | BIO *bio = arg; | |
3e8e688f | 575 | const char *str_write_p = write_p ? ">>>" : "<<<"; |
50c911b0 M |
576 | char tmpbuf[128]; |
577 | const char *str_version, *str_content_type = "", *str_details1 = "", *str_details2 = ""; | |
3e8e688f | 578 | const unsigned char* bp = buf; |
0f113f3e MC |
579 | |
580 | if (version == SSL3_VERSION || | |
581 | version == TLS1_VERSION || | |
582 | version == TLS1_1_VERSION || | |
583 | version == TLS1_2_VERSION || | |
582a17d6 | 584 | version == TLS1_3_VERSION || |
0f113f3e | 585 | version == DTLS1_VERSION || version == DTLS1_BAD_VER) { |
50c911b0 | 586 | str_version = lookup(version, ssl_versions, "???"); |
0f113f3e | 587 | switch (content_type) { |
50c911b0 M |
588 | case SSL3_RT_CHANGE_CIPHER_SPEC: |
589 | /* type 20 */ | |
b35fb005 | 590 | str_content_type = ", ChangeCipherSpec"; |
0f113f3e | 591 | break; |
50c911b0 M |
592 | case SSL3_RT_ALERT: |
593 | /* type 21 */ | |
b35fb005 | 594 | str_content_type = ", Alert"; |
0f113f3e | 595 | str_details1 = ", ???"; |
0f113f3e | 596 | if (len == 2) { |
3e8e688f | 597 | switch (bp[0]) { |
0f113f3e MC |
598 | case 1: |
599 | str_details1 = ", warning"; | |
600 | break; | |
601 | case 2: | |
602 | str_details1 = ", fatal"; | |
603 | break; | |
604 | } | |
3e8e688f | 605 | str_details2 = lookup((int)bp[1], alert_types, " ???"); |
0f113f3e | 606 | } |
3e8e688f | 607 | break; |
50c911b0 M |
608 | case SSL3_RT_HANDSHAKE: |
609 | /* type 22 */ | |
b35fb005 | 610 | str_content_type = ", Handshake"; |
0f113f3e | 611 | str_details1 = "???"; |
3e8e688f RS |
612 | if (len > 0) |
613 | str_details1 = lookup((int)bp[0], handshakes, "???"); | |
614 | break; | |
50c911b0 M |
615 | case SSL3_RT_APPLICATION_DATA: |
616 | /* type 23 */ | |
b35fb005 | 617 | str_content_type = ", ApplicationData"; |
7429b398 | 618 | break; |
50c911b0 M |
619 | case SSL3_RT_HEADER: |
620 | /* type 256 */ | |
621 | str_content_type = ", RecordHeader"; | |
622 | break; | |
623 | case SSL3_RT_INNER_CONTENT_TYPE: | |
624 | /* type 257 */ | |
625 | str_content_type = ", InnerContent"; | |
626 | break; | |
627 | default: | |
628 | BIO_snprintf(tmpbuf, sizeof(tmpbuf)-1, ", Unknown (content_type=%d)", content_type); | |
629 | str_content_type = tmpbuf; | |
3e8e688f | 630 | } |
50c911b0 M |
631 | } else { |
632 | BIO_snprintf(tmpbuf, sizeof(tmpbuf)-1, "Not TLS data or unknown version (version=%d, content_type=%d)", version, content_type); | |
633 | str_version = tmpbuf; | |
0f113f3e | 634 | } |
a661b653 | 635 | |
0f113f3e MC |
636 | BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, |
637 | str_content_type, (unsigned long)len, str_details1, | |
638 | str_details2); | |
a661b653 | 639 | |
0f113f3e MC |
640 | if (len > 0) { |
641 | size_t num, i; | |
642 | ||
643 | BIO_printf(bio, " "); | |
644 | num = len; | |
0f113f3e MC |
645 | for (i = 0; i < num; i++) { |
646 | if (i % 16 == 0 && i > 0) | |
647 | BIO_printf(bio, "\n "); | |
648 | BIO_printf(bio, " %02x", ((const unsigned char *)buf)[i]); | |
649 | } | |
650 | if (i < len) | |
651 | BIO_printf(bio, " ..."); | |
652 | BIO_printf(bio, "\n"); | |
653 | } | |
654 | (void)BIO_flush(bio); | |
655 | } | |
6434abbf | 656 | |
3e8e688f RS |
657 | static STRINT_PAIR tlsext_types[] = { |
658 | {"server name", TLSEXT_TYPE_server_name}, | |
659 | {"max fragment length", TLSEXT_TYPE_max_fragment_length}, | |
660 | {"client certificate URL", TLSEXT_TYPE_client_certificate_url}, | |
661 | {"trusted CA keys", TLSEXT_TYPE_trusted_ca_keys}, | |
662 | {"truncated HMAC", TLSEXT_TYPE_truncated_hmac}, | |
663 | {"status request", TLSEXT_TYPE_status_request}, | |
664 | {"user mapping", TLSEXT_TYPE_user_mapping}, | |
665 | {"client authz", TLSEXT_TYPE_client_authz}, | |
666 | {"server authz", TLSEXT_TYPE_server_authz}, | |
667 | {"cert type", TLSEXT_TYPE_cert_type}, | |
de4d764e | 668 | {"supported_groups", TLSEXT_TYPE_supported_groups}, |
3e8e688f RS |
669 | {"EC point formats", TLSEXT_TYPE_ec_point_formats}, |
670 | {"SRP", TLSEXT_TYPE_srp}, | |
671 | {"signature algorithms", TLSEXT_TYPE_signature_algorithms}, | |
672 | {"use SRTP", TLSEXT_TYPE_use_srtp}, | |
3e8e688f RS |
673 | {"session ticket", TLSEXT_TYPE_session_ticket}, |
674 | {"renegotiation info", TLSEXT_TYPE_renegotiate}, | |
dd696a55 | 675 | {"signed certificate timestamps", TLSEXT_TYPE_signed_certificate_timestamp}, |
3e8e688f | 676 | {"TLS padding", TLSEXT_TYPE_padding}, |
15a40af2 | 677 | #ifdef TLSEXT_TYPE_next_proto_neg |
3e8e688f | 678 | {"next protocol", TLSEXT_TYPE_next_proto_neg}, |
15a40af2 | 679 | #endif |
5e3ff62c | 680 | #ifdef TLSEXT_TYPE_encrypt_then_mac |
3e8e688f | 681 | {"encrypt-then-mac", TLSEXT_TYPE_encrypt_then_mac}, |
5e3ff62c | 682 | #endif |
b48357d9 AG |
683 | #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation |
684 | {"application layer protocol negotiation", | |
685 | TLSEXT_TYPE_application_layer_protocol_negotiation}, | |
fecd04e9 AG |
686 | #endif |
687 | #ifdef TLSEXT_TYPE_extended_master_secret | |
688 | {"extended master secret", TLSEXT_TYPE_extended_master_secret}, | |
b48357d9 | 689 | #endif |
b67cb09f | 690 | {"compress certificate", TLSEXT_TYPE_compress_certificate}, |
3578020b DSH |
691 | {"key share", TLSEXT_TYPE_key_share}, |
692 | {"supported versions", TLSEXT_TYPE_supported_versions}, | |
693 | {"psk", TLSEXT_TYPE_psk}, | |
694 | {"psk kex modes", TLSEXT_TYPE_psk_kex_modes}, | |
695 | {"certificate authorities", TLSEXT_TYPE_certificate_authorities}, | |
9d75dce3 | 696 | {"post handshake auth", TLSEXT_TYPE_post_handshake_auth}, |
3e8e688f RS |
697 | {NULL} |
698 | }; | |
0f113f3e | 699 | |
861e4562 LZ |
700 | /* from rfc8446 4.2.3. + gost (https://tools.ietf.org/id/draft-smyshlyaev-tls12-gost-suites-04.html) */ |
701 | static STRINT_PAIR signature_tls13_scheme_list[] = { | |
702 | {"rsa_pkcs1_sha1", 0x0201 /* TLSEXT_SIGALG_rsa_pkcs1_sha1 */}, | |
703 | {"ecdsa_sha1", 0x0203 /* TLSEXT_SIGALG_ecdsa_sha1 */}, | |
704 | /* {"rsa_pkcs1_sha224", 0x0301 TLSEXT_SIGALG_rsa_pkcs1_sha224}, not in rfc8446 */ | |
705 | /* {"ecdsa_sha224", 0x0303 TLSEXT_SIGALG_ecdsa_sha224} not in rfc8446 */ | |
706 | {"rsa_pkcs1_sha256", 0x0401 /* TLSEXT_SIGALG_rsa_pkcs1_sha256 */}, | |
707 | {"ecdsa_secp256r1_sha256", 0x0403 /* TLSEXT_SIGALG_ecdsa_secp256r1_sha256 */}, | |
708 | {"rsa_pkcs1_sha384", 0x0501 /* TLSEXT_SIGALG_rsa_pkcs1_sha384 */}, | |
709 | {"ecdsa_secp384r1_sha384", 0x0503 /* TLSEXT_SIGALG_ecdsa_secp384r1_sha384 */}, | |
710 | {"rsa_pkcs1_sha512", 0x0601 /* TLSEXT_SIGALG_rsa_pkcs1_sha512 */}, | |
711 | {"ecdsa_secp521r1_sha512", 0x0603 /* TLSEXT_SIGALG_ecdsa_secp521r1_sha512 */}, | |
712 | {"rsa_pss_rsae_sha256", 0x0804 /* TLSEXT_SIGALG_rsa_pss_rsae_sha256 */}, | |
713 | {"rsa_pss_rsae_sha384", 0x0805 /* TLSEXT_SIGALG_rsa_pss_rsae_sha384 */}, | |
714 | {"rsa_pss_rsae_sha512", 0x0806 /* TLSEXT_SIGALG_rsa_pss_rsae_sha512 */}, | |
715 | {"ed25519", 0x0807 /* TLSEXT_SIGALG_ed25519 */}, | |
716 | {"ed448", 0x0808 /* TLSEXT_SIGALG_ed448 */}, | |
717 | {"rsa_pss_pss_sha256", 0x0809 /* TLSEXT_SIGALG_rsa_pss_pss_sha256 */}, | |
718 | {"rsa_pss_pss_sha384", 0x080a /* TLSEXT_SIGALG_rsa_pss_pss_sha384 */}, | |
719 | {"rsa_pss_pss_sha512", 0x080b /* TLSEXT_SIGALG_rsa_pss_pss_sha512 */}, | |
720 | {"gostr34102001", 0xeded /* TLSEXT_SIGALG_gostr34102001_gostr3411 */}, | |
721 | {"gostr34102012_256", 0xeeee /* TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256 */}, | |
722 | {"gostr34102012_512", 0xefef /* TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512 */}, | |
723 | {NULL} | |
724 | }; | |
725 | ||
726 | /* from rfc5246 7.4.1.4.1. */ | |
727 | static STRINT_PAIR signature_tls12_alg_list[] = { | |
728 | {"anonymous", TLSEXT_signature_anonymous /* 0 */}, | |
729 | {"RSA", TLSEXT_signature_rsa /* 1 */}, | |
730 | {"DSA", TLSEXT_signature_dsa /* 2 */}, | |
731 | {"ECDSA", TLSEXT_signature_ecdsa /* 3 */}, | |
732 | {NULL} | |
733 | }; | |
734 | ||
735 | /* from rfc5246 7.4.1.4.1. */ | |
736 | static STRINT_PAIR signature_tls12_hash_list[] = { | |
737 | {"none", TLSEXT_hash_none /* 0 */}, | |
738 | {"MD5", TLSEXT_hash_md5 /* 1 */}, | |
739 | {"SHA1", TLSEXT_hash_sha1 /* 2 */}, | |
740 | {"SHA224", TLSEXT_hash_sha224 /* 3 */}, | |
741 | {"SHA256", TLSEXT_hash_sha256 /* 4 */}, | |
742 | {"SHA384", TLSEXT_hash_sha384 /* 5 */}, | |
743 | {"SHA512", TLSEXT_hash_sha512 /* 6 */}, | |
744 | {NULL} | |
745 | }; | |
746 | ||
3e8e688f | 747 | void tlsext_cb(SSL *s, int client_server, int type, |
b6981744 | 748 | const unsigned char *data, int len, void *arg) |
3e8e688f RS |
749 | { |
750 | BIO *bio = arg; | |
751 | const char *extname = lookup(type, tlsext_types, "unknown"); | |
0f113f3e MC |
752 | |
753 | BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n", | |
754 | client_server ? "server" : "client", extname, type, len); | |
b6981744 | 755 | BIO_dump(bio, (const char *)data, len); |
0f113f3e MC |
756 | (void)BIO_flush(bio); |
757 | } | |
758 | ||
f9e55034 | 759 | #ifndef OPENSSL_NO_SOCK |
21dfdbef RL |
760 | int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie, |
761 | size_t *cookie_len) | |
0f113f3e | 762 | { |
dbde4726 | 763 | unsigned char *buffer = NULL; |
10ee7246 | 764 | size_t length = 0; |
d858c876 | 765 | unsigned short port; |
10ee7246 | 766 | BIO_ADDR *lpeer = NULL, *peer = NULL; |
dbde4726 | 767 | int res = 0; |
0f113f3e MC |
768 | |
769 | /* Initialize a random secret */ | |
770 | if (!cookie_initialized) { | |
266483d2 | 771 | if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) { |
0f113f3e MC |
772 | BIO_printf(bio_err, "error setting random cookie secret\n"); |
773 | return 0; | |
774 | } | |
775 | cookie_initialized = 1; | |
776 | } | |
777 | ||
10ee7246 MC |
778 | if (SSL_is_dtls(ssl)) { |
779 | lpeer = peer = BIO_ADDR_new(); | |
780 | if (peer == NULL) { | |
781 | BIO_printf(bio_err, "memory full\n"); | |
782 | return 0; | |
783 | } | |
d858c876 | 784 | |
10ee7246 MC |
785 | /* Read peer information */ |
786 | (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), peer); | |
787 | } else { | |
788 | peer = ourpeer; | |
789 | } | |
0f113f3e MC |
790 | |
791 | /* Create buffer with peer's address and port */ | |
10ee7246 MC |
792 | if (!BIO_ADDR_rawaddress(peer, NULL, &length)) { |
793 | BIO_printf(bio_err, "Failed getting peer address\n"); | |
87188185 | 794 | BIO_ADDR_free(lpeer); |
10ee7246 MC |
795 | return 0; |
796 | } | |
d858c876 RL |
797 | OPENSSL_assert(length != 0); |
798 | port = BIO_ADDR_rawport(peer); | |
799 | length += sizeof(port); | |
68dc6824 | 800 | buffer = app_malloc(length, "cookie generate buffer"); |
0f113f3e | 801 | |
d858c876 RL |
802 | memcpy(buffer, &port, sizeof(port)); |
803 | BIO_ADDR_rawaddress(peer, buffer + sizeof(port), NULL); | |
0f113f3e | 804 | |
0a8a6afd DDO |
805 | if (EVP_Q_mac(NULL, "HMAC", NULL, "SHA1", NULL, |
806 | cookie_secret, COOKIE_SECRET_LENGTH, buffer, length, | |
807 | cookie, DTLS1_COOKIE_LENGTH, cookie_len) == NULL) { | |
808 | BIO_printf(bio_err, | |
809 | "Error calculating HMAC-SHA1 of buffer with secret\n"); | |
810 | goto end; | |
dbde4726 P |
811 | } |
812 | res = 1; | |
813 | end: | |
0f113f3e | 814 | OPENSSL_free(buffer); |
10ee7246 | 815 | BIO_ADDR_free(lpeer); |
0f113f3e | 816 | |
dbde4726 | 817 | return res; |
0f113f3e MC |
818 | } |
819 | ||
21dfdbef RL |
820 | int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie, |
821 | size_t cookie_len) | |
0f113f3e | 822 | { |
87a595e5 | 823 | unsigned char result[EVP_MAX_MD_SIZE]; |
21dfdbef | 824 | size_t resultlength; |
87a595e5 RL |
825 | |
826 | /* Note: we check cookie_initialized because if it's not, | |
827 | * it cannot be valid */ | |
828 | if (cookie_initialized | |
21dfdbef | 829 | && generate_stateless_cookie_callback(ssl, result, &resultlength) |
87a595e5 | 830 | && cookie_len == resultlength |
0f113f3e MC |
831 | && memcmp(result, cookie, resultlength) == 0) |
832 | return 1; | |
833 | ||
834 | return 0; | |
835 | } | |
3fa2812f | 836 | |
21dfdbef RL |
837 | int generate_cookie_callback(SSL *ssl, unsigned char *cookie, |
838 | unsigned int *cookie_len) | |
3fa2812f | 839 | { |
21dfdbef RL |
840 | size_t temp = 0; |
841 | int res = generate_stateless_cookie_callback(ssl, cookie, &temp); | |
f36c3885 | 842 | |
06447b58 BE |
843 | if (res != 0) |
844 | *cookie_len = (unsigned int)temp; | |
3fa2812f BS |
845 | return res; |
846 | } | |
847 | ||
21dfdbef RL |
848 | int verify_cookie_callback(SSL *ssl, const unsigned char *cookie, |
849 | unsigned int cookie_len) | |
3fa2812f | 850 | { |
21dfdbef | 851 | return verify_stateless_cookie_callback(ssl, cookie, cookie_len); |
3fa2812f BS |
852 | } |
853 | ||
f9e55034 | 854 | #endif |
0f113f3e MC |
855 | |
856 | /* | |
857 | * Example of extended certificate handling. Where the standard support of | |
858 | * one certificate per algorithm is not sufficient an application can decide | |
859 | * which certificate(s) to use at runtime based on whatever criteria it deems | |
860 | * appropriate. | |
18d71588 DSH |
861 | */ |
862 | ||
863 | /* Linked list of certificates, keys and chains */ | |
0f113f3e MC |
864 | struct ssl_excert_st { |
865 | int certform; | |
866 | const char *certfile; | |
867 | int keyform; | |
868 | const char *keyfile; | |
869 | const char *chainfile; | |
870 | X509 *cert; | |
871 | EVP_PKEY *key; | |
872 | STACK_OF(X509) *chain; | |
873 | int build_chain; | |
874 | struct ssl_excert_st *next, *prev; | |
875 | }; | |
876 | ||
3e8e688f RS |
877 | static STRINT_PAIR chain_flags[] = { |
878 | {"Overall Validity", CERT_PKEY_VALID}, | |
879 | {"Sign with EE key", CERT_PKEY_SIGN}, | |
880 | {"EE signature", CERT_PKEY_EE_SIGNATURE}, | |
881 | {"CA signature", CERT_PKEY_CA_SIGNATURE}, | |
882 | {"EE key parameters", CERT_PKEY_EE_PARAM}, | |
883 | {"CA key parameters", CERT_PKEY_CA_PARAM}, | |
0d4fb843 | 884 | {"Explicitly sign with EE key", CERT_PKEY_EXPLICIT_SIGN}, |
3e8e688f RS |
885 | {"Issuer Name", CERT_PKEY_ISSUER_NAME}, |
886 | {"Certificate Type", CERT_PKEY_CERT_TYPE}, | |
887 | {NULL} | |
0f113f3e | 888 | }; |
6dbb6219 | 889 | |
ecf3a1fb | 890 | static void print_chain_flags(SSL *s, int flags) |
0f113f3e | 891 | { |
3e8e688f | 892 | STRINT_PAIR *pp; |
ecf3a1fb | 893 | |
3e8e688f RS |
894 | for (pp = chain_flags; pp->name; ++pp) |
895 | BIO_printf(bio_err, "\t%s: %s\n", | |
896 | pp->name, | |
897 | (flags & pp->retval) ? "OK" : "NOT OK"); | |
ecf3a1fb | 898 | BIO_printf(bio_err, "\tSuite B: "); |
0f113f3e | 899 | if (SSL_set_cert_flags(s, 0) & SSL_CERT_FLAG_SUITEB_128_LOS) |
ecf3a1fb | 900 | BIO_puts(bio_err, flags & CERT_PKEY_SUITEB ? "OK\n" : "NOT OK\n"); |
0f113f3e | 901 | else |
ecf3a1fb | 902 | BIO_printf(bio_err, "not tested\n"); |
0f113f3e MC |
903 | } |
904 | ||
905 | /* | |
906 | * Very basic selection callback: just use any certificate chain reported as | |
907 | * valid. More sophisticated could prioritise according to local policy. | |
18d71588 DSH |
908 | */ |
909 | static int set_cert_cb(SSL *ssl, void *arg) | |
0f113f3e MC |
910 | { |
911 | int i, rv; | |
912 | SSL_EXCERT *exc = arg; | |
3323314f | 913 | #ifdef CERT_CB_TEST_RETRY |
0f113f3e | 914 | static int retry_cnt; |
5fae09f3 | 915 | |
0f113f3e MC |
916 | if (retry_cnt < 5) { |
917 | retry_cnt++; | |
7768e116 RS |
918 | BIO_printf(bio_err, |
919 | "Certificate callback retry test: count %d\n", | |
920 | retry_cnt); | |
0f113f3e MC |
921 | return -1; |
922 | } | |
3323314f | 923 | #endif |
0f113f3e MC |
924 | SSL_certs_clear(ssl); |
925 | ||
2234212c | 926 | if (exc == NULL) |
0f113f3e MC |
927 | return 1; |
928 | ||
929 | /* | |
930 | * Go to end of list and traverse backwards since we prepend newer | |
931 | * entries this retains the original order. | |
932 | */ | |
2234212c | 933 | while (exc->next != NULL) |
0f113f3e MC |
934 | exc = exc->next; |
935 | ||
936 | i = 0; | |
937 | ||
2234212c | 938 | while (exc != NULL) { |
0f113f3e MC |
939 | i++; |
940 | rv = SSL_check_chain(ssl, exc->cert, exc->key, exc->chain); | |
941 | BIO_printf(bio_err, "Checking cert chain %d:\nSubject: ", i); | |
942 | X509_NAME_print_ex(bio_err, X509_get_subject_name(exc->cert), 0, | |
b5c4209b | 943 | get_nameopt()); |
0f113f3e | 944 | BIO_puts(bio_err, "\n"); |
ecf3a1fb | 945 | print_chain_flags(ssl, rv); |
0f113f3e | 946 | if (rv & CERT_PKEY_VALID) { |
61986d32 | 947 | if (!SSL_use_certificate(ssl, exc->cert) |
7e1b7485 | 948 | || !SSL_use_PrivateKey(ssl, exc->key)) { |
ac59d705 MC |
949 | return 0; |
950 | } | |
0f113f3e MC |
951 | /* |
952 | * NB: we wouldn't normally do this as it is not efficient | |
953 | * building chains on each connection better to cache the chain | |
954 | * in advance. | |
955 | */ | |
956 | if (exc->build_chain) { | |
957 | if (!SSL_build_cert_chain(ssl, 0)) | |
958 | return 0; | |
2234212c | 959 | } else if (exc->chain != NULL) { |
1aa7ecd0 | 960 | if (!SSL_set1_chain(ssl, exc->chain)) |
961 | return 0; | |
2234212c | 962 | } |
0f113f3e MC |
963 | } |
964 | exc = exc->prev; | |
965 | } | |
966 | return 1; | |
967 | } | |
18d71588 DSH |
968 | |
969 | void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc) | |
0f113f3e MC |
970 | { |
971 | SSL_CTX_set_cert_cb(ctx, set_cert_cb, exc); | |
972 | } | |
18d71588 DSH |
973 | |
974 | static int ssl_excert_prepend(SSL_EXCERT **pexc) | |
0f113f3e | 975 | { |
b4faea50 | 976 | SSL_EXCERT *exc = app_malloc(sizeof(*exc), "prepend cert"); |
68dc6824 | 977 | |
64b25758 | 978 | memset(exc, 0, sizeof(*exc)); |
0f113f3e MC |
979 | |
980 | exc->next = *pexc; | |
981 | *pexc = exc; | |
982 | ||
983 | if (exc->next) { | |
984 | exc->certform = exc->next->certform; | |
985 | exc->keyform = exc->next->keyform; | |
986 | exc->next->prev = exc; | |
987 | } else { | |
988 | exc->certform = FORMAT_PEM; | |
989 | exc->keyform = FORMAT_PEM; | |
990 | } | |
991 | return 1; | |
992 | ||
993 | } | |
18d71588 DSH |
994 | |
995 | void ssl_excert_free(SSL_EXCERT *exc) | |
0f113f3e MC |
996 | { |
997 | SSL_EXCERT *curr; | |
25aaa98a | 998 | |
2234212c | 999 | if (exc == NULL) |
25aaa98a | 1000 | return; |
0f113f3e | 1001 | while (exc) { |
222561fe | 1002 | X509_free(exc->cert); |
c5ba2d99 | 1003 | EVP_PKEY_free(exc->key); |
79b2a2f2 | 1004 | OSSL_STACK_OF_X509_free(exc->chain); |
0f113f3e MC |
1005 | curr = exc; |
1006 | exc = exc->next; | |
1007 | OPENSSL_free(curr); | |
1008 | } | |
1009 | } | |
18d71588 | 1010 | |
7e1b7485 | 1011 | int load_excert(SSL_EXCERT **pexc) |
0f113f3e MC |
1012 | { |
1013 | SSL_EXCERT *exc = *pexc; | |
5fae09f3 | 1014 | |
2234212c | 1015 | if (exc == NULL) |
0f113f3e MC |
1016 | return 1; |
1017 | /* If nothing in list, free and set to NULL */ | |
2234212c | 1018 | if (exc->certfile == NULL && exc->next == NULL) { |
0f113f3e MC |
1019 | ssl_excert_free(exc); |
1020 | *pexc = NULL; | |
1021 | return 1; | |
1022 | } | |
1023 | for (; exc; exc = exc->next) { | |
2234212c | 1024 | if (exc->certfile == NULL) { |
7e1b7485 | 1025 | BIO_printf(bio_err, "Missing filename\n"); |
0f113f3e MC |
1026 | return 0; |
1027 | } | |
d382e796 TM |
1028 | exc->cert = load_cert(exc->certfile, exc->certform, |
1029 | "Server Certificate"); | |
2234212c | 1030 | if (exc->cert == NULL) |
0f113f3e | 1031 | return 0; |
2234212c | 1032 | if (exc->keyfile != NULL) { |
7e1b7485 | 1033 | exc->key = load_key(exc->keyfile, exc->keyform, |
50eb2a50 | 1034 | 0, NULL, NULL, "server key"); |
0f113f3e | 1035 | } else { |
7e1b7485 | 1036 | exc->key = load_key(exc->certfile, exc->certform, |
50eb2a50 | 1037 | 0, NULL, NULL, "server key"); |
0f113f3e | 1038 | } |
2234212c | 1039 | if (exc->key == NULL) |
0f113f3e | 1040 | return 0; |
2234212c | 1041 | if (exc->chainfile != NULL) { |
ea51096e | 1042 | if (!load_certs(exc->chainfile, 0, &exc->chain, NULL, "server chain")) |
0f113f3e MC |
1043 | return 0; |
1044 | } | |
1045 | } | |
1046 | return 1; | |
1047 | } | |
18d71588 | 1048 | |
7e1b7485 RS |
1049 | enum range { OPT_X_ENUM }; |
1050 | ||
1051 | int args_excert(int opt, SSL_EXCERT **pexc) | |
0f113f3e | 1052 | { |
0f113f3e | 1053 | SSL_EXCERT *exc = *pexc; |
7e1b7485 RS |
1054 | |
1055 | assert(opt > OPT_X__FIRST); | |
1056 | assert(opt < OPT_X__LAST); | |
1057 | ||
1058 | if (exc == NULL) { | |
1059 | if (!ssl_excert_prepend(&exc)) { | |
1060 | BIO_printf(bio_err, " %s: Error initialising xcert\n", | |
1061 | opt_getprog()); | |
0f113f3e MC |
1062 | goto err; |
1063 | } | |
7e1b7485 | 1064 | *pexc = exc; |
0f113f3e | 1065 | } |
7e1b7485 RS |
1066 | |
1067 | switch ((enum range)opt) { | |
1068 | case OPT_X__FIRST: | |
1069 | case OPT_X__LAST: | |
1070 | return 0; | |
1071 | case OPT_X_CERT: | |
2234212c | 1072 | if (exc->certfile != NULL && !ssl_excert_prepend(&exc)) { |
7e1b7485 | 1073 | BIO_printf(bio_err, "%s: Error adding xcert\n", opt_getprog()); |
0f113f3e MC |
1074 | goto err; |
1075 | } | |
52f4840c | 1076 | *pexc = exc; |
7e1b7485 RS |
1077 | exc->certfile = opt_arg(); |
1078 | break; | |
1079 | case OPT_X_KEY: | |
2234212c | 1080 | if (exc->keyfile != NULL) { |
7e1b7485 | 1081 | BIO_printf(bio_err, "%s: Key already specified\n", opt_getprog()); |
0f113f3e MC |
1082 | goto err; |
1083 | } | |
7e1b7485 RS |
1084 | exc->keyfile = opt_arg(); |
1085 | break; | |
1086 | case OPT_X_CHAIN: | |
2234212c | 1087 | if (exc->chainfile != NULL) { |
7e1b7485 RS |
1088 | BIO_printf(bio_err, "%s: Chain already specified\n", |
1089 | opt_getprog()); | |
0f113f3e MC |
1090 | goto err; |
1091 | } | |
7e1b7485 RS |
1092 | exc->chainfile = opt_arg(); |
1093 | break; | |
1094 | case OPT_X_CHAIN_BUILD: | |
1095 | exc->build_chain = 1; | |
1096 | break; | |
1097 | case OPT_X_CERTFORM: | |
6d382c74 | 1098 | if (!opt_format(opt_arg(), OPT_FMT_ANY, &exc->certform)) |
7e1b7485 RS |
1099 | return 0; |
1100 | break; | |
1101 | case OPT_X_KEYFORM: | |
6d382c74 | 1102 | if (!opt_format(opt_arg(), OPT_FMT_ANY, &exc->keyform)) |
7e1b7485 RS |
1103 | return 0; |
1104 | break; | |
1105 | } | |
0f113f3e MC |
1106 | return 1; |
1107 | ||
1108 | err: | |
7e1b7485 | 1109 | ERR_print_errors(bio_err); |
25aaa98a | 1110 | ssl_excert_free(exc); |
0f113f3e | 1111 | *pexc = NULL; |
7e1b7485 | 1112 | return 0; |
0f113f3e | 1113 | } |
18d71588 | 1114 | |
ecf3a1fb | 1115 | static void print_raw_cipherlist(SSL *s) |
0f113f3e MC |
1116 | { |
1117 | const unsigned char *rlist; | |
800fe8e3 | 1118 | static const unsigned char scsv_id[] = { 0, 0xFF }; |
0f113f3e | 1119 | size_t i, rlistlen, num; |
5fae09f3 | 1120 | |
0f113f3e MC |
1121 | if (!SSL_is_server(s)) |
1122 | return; | |
1123 | num = SSL_get0_raw_cipherlist(s, NULL); | |
800fe8e3 | 1124 | OPENSSL_assert(num == 2); |
0f113f3e | 1125 | rlistlen = SSL_get0_raw_cipherlist(s, &rlist); |
ecf3a1fb | 1126 | BIO_puts(bio_err, "Client cipher list: "); |
0f113f3e MC |
1127 | for (i = 0; i < rlistlen; i += num, rlist += num) { |
1128 | const SSL_CIPHER *c = SSL_CIPHER_find(s, rlist); | |
1129 | if (i) | |
ecf3a1fb | 1130 | BIO_puts(bio_err, ":"); |
2234212c | 1131 | if (c != NULL) { |
ecf3a1fb | 1132 | BIO_puts(bio_err, SSL_CIPHER_get_name(c)); |
2234212c | 1133 | } else if (memcmp(rlist, scsv_id, num) == 0) { |
ecf3a1fb | 1134 | BIO_puts(bio_err, "SCSV"); |
2234212c | 1135 | } else { |
0f113f3e | 1136 | size_t j; |
ecf3a1fb | 1137 | BIO_puts(bio_err, "0x"); |
0f113f3e | 1138 | for (j = 0; j < num; j++) |
ecf3a1fb | 1139 | BIO_printf(bio_err, "%02X", rlist[j]); |
0f113f3e MC |
1140 | } |
1141 | } | |
ecf3a1fb | 1142 | BIO_puts(bio_err, "\n"); |
0f113f3e | 1143 | } |
2a7cbe77 | 1144 | |
c0a445a9 VD |
1145 | /* |
1146 | * Hex encoder for TLSA RRdata, not ':' delimited. | |
1147 | */ | |
1148 | static char *hexencode(const unsigned char *data, size_t len) | |
1149 | { | |
1150 | static const char *hex = "0123456789abcdef"; | |
1151 | char *out; | |
1152 | char *cp; | |
1153 | size_t outlen = 2 * len + 1; | |
1154 | int ilen = (int) outlen; | |
1155 | ||
1156 | if (outlen < len || ilen < 0 || outlen != (size_t)ilen) { | |
7d672984 AP |
1157 | BIO_printf(bio_err, "%s: %zu-byte buffer too large to hexencode\n", |
1158 | opt_getprog(), len); | |
c0a445a9 VD |
1159 | exit(1); |
1160 | } | |
1161 | cp = out = app_malloc(ilen, "TLSA hex data buffer"); | |
1162 | ||
b5f40eb2 | 1163 | while (len-- > 0) { |
c0a445a9 VD |
1164 | *cp++ = hex[(*data >> 4) & 0x0f]; |
1165 | *cp++ = hex[*data++ & 0x0f]; | |
1166 | } | |
1167 | *cp = '\0'; | |
1168 | return out; | |
1169 | } | |
1170 | ||
1171 | void print_verify_detail(SSL *s, BIO *bio) | |
1172 | { | |
1173 | int mdpth; | |
1174 | EVP_PKEY *mspki; | |
1175 | long verify_err = SSL_get_verify_result(s); | |
1176 | ||
1177 | if (verify_err == X509_V_OK) { | |
1178 | const char *peername = SSL_get0_peername(s); | |
1179 | ||
1180 | BIO_printf(bio, "Verification: OK\n"); | |
1181 | if (peername != NULL) | |
1182 | BIO_printf(bio, "Verified peername: %s\n", peername); | |
1183 | } else { | |
1184 | const char *reason = X509_verify_cert_error_string(verify_err); | |
1185 | ||
1186 | BIO_printf(bio, "Verification error: %s\n", reason); | |
1187 | } | |
1188 | ||
1189 | if ((mdpth = SSL_get0_dane_authority(s, NULL, &mspki)) >= 0) { | |
1190 | uint8_t usage, selector, mtype; | |
1191 | const unsigned char *data = NULL; | |
1192 | size_t dlen = 0; | |
1193 | char *hexdata; | |
1194 | ||
1195 | mdpth = SSL_get0_dane_tlsa(s, &usage, &selector, &mtype, &data, &dlen); | |
1196 | ||
1197 | /* | |
1198 | * The TLSA data field can be quite long when it is a certificate, | |
1199 | * public key or even a SHA2-512 digest. Because the initial octets of | |
1200 | * ASN.1 certificates and public keys contain mostly boilerplate OIDs | |
1201 | * and lengths, we show the last 12 bytes of the data instead, as these | |
1202 | * are more likely to distinguish distinct TLSA records. | |
1203 | */ | |
1204 | #define TLSA_TAIL_SIZE 12 | |
1205 | if (dlen > TLSA_TAIL_SIZE) | |
1206 | hexdata = hexencode(data + dlen - TLSA_TAIL_SIZE, TLSA_TAIL_SIZE); | |
1207 | else | |
1208 | hexdata = hexencode(data, dlen); | |
1209 | BIO_printf(bio, "DANE TLSA %d %d %d %s%s %s at depth %d\n", | |
1210 | usage, selector, mtype, | |
1211 | (dlen > TLSA_TAIL_SIZE) ? "..." : "", hexdata, | |
1212 | (mspki != NULL) ? "signed the certificate" : | |
1213 | mdpth ? "matched TA certificate" : "matched EE certificate", | |
1214 | mdpth); | |
1215 | OPENSSL_free(hexdata); | |
1216 | } | |
1217 | } | |
1218 | ||
ecf3a1fb | 1219 | void print_ssl_summary(SSL *s) |
0f113f3e MC |
1220 | { |
1221 | const SSL_CIPHER *c; | |
1222 | X509 *peer; | |
ecf3a1fb RS |
1223 | |
1224 | BIO_printf(bio_err, "Protocol version: %s\n", SSL_get_version(s)); | |
1225 | print_raw_cipherlist(s); | |
0f113f3e | 1226 | c = SSL_get_current_cipher(s); |
ecf3a1fb RS |
1227 | BIO_printf(bio_err, "Ciphersuite: %s\n", SSL_CIPHER_get_name(c)); |
1228 | do_print_sigalgs(bio_err, s, 0); | |
8c2bfd25 | 1229 | peer = SSL_get0_peer_certificate(s); |
2234212c | 1230 | if (peer != NULL) { |
0f113f3e | 1231 | int nid; |
c0a445a9 | 1232 | |
ecf3a1fb RS |
1233 | BIO_puts(bio_err, "Peer certificate: "); |
1234 | X509_NAME_print_ex(bio_err, X509_get_subject_name(peer), | |
b5c4209b | 1235 | 0, get_nameopt()); |
ecf3a1fb | 1236 | BIO_puts(bio_err, "\n"); |
0f113f3e | 1237 | if (SSL_get_peer_signature_nid(s, &nid)) |
ecf3a1fb | 1238 | BIO_printf(bio_err, "Hash used: %s\n", OBJ_nid2sn(nid)); |
42ef7aea DSH |
1239 | if (SSL_get_peer_signature_type_nid(s, &nid)) |
1240 | BIO_printf(bio_err, "Signature type: %s\n", get_sigtype(nid)); | |
c0a445a9 | 1241 | print_verify_detail(s, bio_err); |
2234212c | 1242 | } else { |
ecf3a1fb | 1243 | BIO_puts(bio_err, "No peer certificate\n"); |
2234212c | 1244 | } |
14536c8c | 1245 | #ifndef OPENSSL_NO_EC |
ecf3a1fb | 1246 | ssl_print_point_formats(bio_err, s); |
0f113f3e | 1247 | if (SSL_is_server(s)) |
de4d764e | 1248 | ssl_print_groups(bio_err, s, 1); |
0f113f3e | 1249 | else |
ecf3a1fb | 1250 | ssl_print_tmp_key(bio_err, s); |
14536c8c | 1251 | #else |
0f113f3e | 1252 | if (!SSL_is_server(s)) |
ecf3a1fb | 1253 | ssl_print_tmp_key(bio_err, s); |
14536c8c | 1254 | #endif |
0f113f3e | 1255 | } |
2a7cbe77 | 1256 | |
7e1b7485 | 1257 | int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, |
dba31777 | 1258 | SSL_CTX *ctx) |
0f113f3e MC |
1259 | { |
1260 | int i; | |
7e1b7485 | 1261 | |
0f113f3e MC |
1262 | SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); |
1263 | for (i = 0; i < sk_OPENSSL_STRING_num(str); i += 2) { | |
7e1b7485 RS |
1264 | const char *flag = sk_OPENSSL_STRING_value(str, i); |
1265 | const char *arg = sk_OPENSSL_STRING_value(str, i + 1); | |
55373bfd | 1266 | |
7e1b7485 | 1267 | if (SSL_CONF_cmd(cctx, flag, arg) <= 0) { |
55373bfd RS |
1268 | BIO_printf(bio_err, "Call to SSL_CONF_cmd(%s, %s) failed\n", |
1269 | flag, arg == NULL ? "<NULL>" : arg); | |
7e1b7485 | 1270 | ERR_print_errors(bio_err); |
0f113f3e MC |
1271 | return 0; |
1272 | } | |
1273 | } | |
0f113f3e | 1274 | if (!SSL_CONF_CTX_finish(cctx)) { |
7e1b7485 RS |
1275 | BIO_puts(bio_err, "Error finishing context\n"); |
1276 | ERR_print_errors(bio_err); | |
0f113f3e MC |
1277 | return 0; |
1278 | } | |
1279 | return 1; | |
1280 | } | |
a5afc0a8 | 1281 | |
fdb78f3d | 1282 | static int add_crls_store(X509_STORE *st, STACK_OF(X509_CRL) *crls) |
0f113f3e MC |
1283 | { |
1284 | X509_CRL *crl; | |
8cdcb63f P |
1285 | int i, ret = 1; |
1286 | ||
0f113f3e MC |
1287 | for (i = 0; i < sk_X509_CRL_num(crls); i++) { |
1288 | crl = sk_X509_CRL_value(crls, i); | |
8cdcb63f P |
1289 | if (!X509_STORE_add_crl(st, crl)) |
1290 | ret = 0; | |
0f113f3e | 1291 | } |
8cdcb63f | 1292 | return ret; |
0f113f3e | 1293 | } |
fdb78f3d | 1294 | |
0090a686 | 1295 | int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download) |
0f113f3e MC |
1296 | { |
1297 | X509_STORE *st; | |
5fae09f3 | 1298 | |
0f113f3e MC |
1299 | st = SSL_CTX_get_cert_store(ctx); |
1300 | add_crls_store(st, crls); | |
1301 | if (crl_download) | |
1302 | store_setup_crl_download(st); | |
1303 | return 1; | |
1304 | } | |
fdb78f3d | 1305 | |
a5afc0a8 | 1306 | int ssl_load_stores(SSL_CTX *ctx, |
0f113f3e | 1307 | const char *vfyCApath, const char *vfyCAfile, |
fd3397fc | 1308 | const char *vfyCAstore, |
0f113f3e | 1309 | const char *chCApath, const char *chCAfile, |
fd3397fc | 1310 | const char *chCAstore, |
0f113f3e MC |
1311 | STACK_OF(X509_CRL) *crls, int crl_download) |
1312 | { | |
1313 | X509_STORE *vfy = NULL, *ch = NULL; | |
1314 | int rv = 0; | |
5fae09f3 | 1315 | |
fd3397fc | 1316 | if (vfyCApath != NULL || vfyCAfile != NULL || vfyCAstore != NULL) { |
0f113f3e | 1317 | vfy = X509_STORE_new(); |
96487cdd MC |
1318 | if (vfy == NULL) |
1319 | goto err; | |
fd3397fc RL |
1320 | if (vfyCAfile != NULL && !X509_STORE_load_file(vfy, vfyCAfile)) |
1321 | goto err; | |
1322 | if (vfyCApath != NULL && !X509_STORE_load_path(vfy, vfyCApath)) | |
1323 | goto err; | |
1324 | if (vfyCAstore != NULL && !X509_STORE_load_store(vfy, vfyCAstore)) | |
0f113f3e MC |
1325 | goto err; |
1326 | add_crls_store(vfy, crls); | |
1327 | SSL_CTX_set1_verify_cert_store(ctx, vfy); | |
1328 | if (crl_download) | |
1329 | store_setup_crl_download(vfy); | |
1330 | } | |
fd3397fc | 1331 | if (chCApath != NULL || chCAfile != NULL || chCAstore != NULL) { |
0f113f3e | 1332 | ch = X509_STORE_new(); |
96487cdd MC |
1333 | if (ch == NULL) |
1334 | goto err; | |
fd3397fc RL |
1335 | if (chCAfile != NULL && !X509_STORE_load_file(ch, chCAfile)) |
1336 | goto err; | |
1337 | if (chCApath != NULL && !X509_STORE_load_path(ch, chCApath)) | |
1338 | goto err; | |
1339 | if (chCAstore != NULL && !X509_STORE_load_store(ch, chCAstore)) | |
0f113f3e MC |
1340 | goto err; |
1341 | SSL_CTX_set1_chain_cert_store(ctx, ch); | |
1342 | } | |
1343 | rv = 1; | |
1344 | err: | |
222561fe RS |
1345 | X509_STORE_free(vfy); |
1346 | X509_STORE_free(ch); | |
0f113f3e MC |
1347 | return rv; |
1348 | } | |
e03c5b59 DSH |
1349 | |
1350 | /* Verbose print out of security callback */ | |
1351 | ||
0f113f3e MC |
1352 | typedef struct { |
1353 | BIO *out; | |
1354 | int verbose; | |
e4646a89 | 1355 | int (*old_cb) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid, |
0f113f3e MC |
1356 | void *other, void *ex); |
1357 | } security_debug_ex; | |
e03c5b59 | 1358 | |
3e8e688f RS |
1359 | static STRINT_PAIR callback_types[] = { |
1360 | {"Supported Ciphersuite", SSL_SECOP_CIPHER_SUPPORTED}, | |
1361 | {"Shared Ciphersuite", SSL_SECOP_CIPHER_SHARED}, | |
1362 | {"Check Ciphersuite", SSL_SECOP_CIPHER_CHECK}, | |
1363 | #ifndef OPENSSL_NO_DH | |
1364 | {"Temp DH key bits", SSL_SECOP_TMP_DH}, | |
1365 | #endif | |
1366 | {"Supported Curve", SSL_SECOP_CURVE_SUPPORTED}, | |
1367 | {"Shared Curve", SSL_SECOP_CURVE_SHARED}, | |
1368 | {"Check Curve", SSL_SECOP_CURVE_CHECK}, | |
861e4562 LZ |
1369 | {"Supported Signature Algorithm", SSL_SECOP_SIGALG_SUPPORTED}, |
1370 | {"Shared Signature Algorithm", SSL_SECOP_SIGALG_SHARED}, | |
1371 | {"Check Signature Algorithm", SSL_SECOP_SIGALG_CHECK}, | |
3e8e688f RS |
1372 | {"Signature Algorithm mask", SSL_SECOP_SIGALG_MASK}, |
1373 | {"Certificate chain EE key", SSL_SECOP_EE_KEY}, | |
1374 | {"Certificate chain CA key", SSL_SECOP_CA_KEY}, | |
1375 | {"Peer Chain EE key", SSL_SECOP_PEER_EE_KEY}, | |
1376 | {"Peer Chain CA key", SSL_SECOP_PEER_CA_KEY}, | |
1377 | {"Certificate chain CA digest", SSL_SECOP_CA_MD}, | |
1378 | {"Peer chain CA digest", SSL_SECOP_PEER_CA_MD}, | |
1379 | {"SSL compression", SSL_SECOP_COMPRESSION}, | |
1380 | {"Session ticket", SSL_SECOP_TICKET}, | |
1381 | {NULL} | |
1382 | }; | |
1383 | ||
e4646a89 | 1384 | static int security_callback_debug(const SSL *s, const SSL_CTX *ctx, |
0f113f3e MC |
1385 | int op, int bits, int nid, |
1386 | void *other, void *ex) | |
1387 | { | |
1388 | security_debug_ex *sdb = ex; | |
1389 | int rv, show_bits = 1, cert_md = 0; | |
1390 | const char *nm; | |
861e4562 | 1391 | int show_nm; |
5fae09f3 | 1392 | |
0f113f3e MC |
1393 | rv = sdb->old_cb(s, ctx, op, bits, nid, other, ex); |
1394 | if (rv == 1 && sdb->verbose < 2) | |
1395 | return 1; | |
1396 | BIO_puts(sdb->out, "Security callback: "); | |
1397 | ||
3e8e688f | 1398 | nm = lookup(op, callback_types, NULL); |
861e4562 | 1399 | show_nm = nm != NULL; |
0f113f3e | 1400 | switch (op) { |
0f113f3e | 1401 | case SSL_SECOP_TICKET: |
0f113f3e | 1402 | case SSL_SECOP_COMPRESSION: |
0f113f3e | 1403 | show_bits = 0; |
861e4562 | 1404 | show_nm = 0; |
0f113f3e | 1405 | break; |
0f113f3e | 1406 | case SSL_SECOP_VERSION: |
3e8e688f | 1407 | BIO_printf(sdb->out, "Version=%s", lookup(nid, ssl_versions, "???")); |
0f113f3e | 1408 | show_bits = 0; |
861e4562 | 1409 | show_nm = 0; |
0f113f3e | 1410 | break; |
0f113f3e | 1411 | case SSL_SECOP_CA_MD: |
0f113f3e MC |
1412 | case SSL_SECOP_PEER_CA_MD: |
1413 | cert_md = 1; | |
0f113f3e | 1414 | break; |
861e4562 LZ |
1415 | case SSL_SECOP_SIGALG_SUPPORTED: |
1416 | case SSL_SECOP_SIGALG_SHARED: | |
1417 | case SSL_SECOP_SIGALG_CHECK: | |
1418 | case SSL_SECOP_SIGALG_MASK: | |
1419 | show_nm = 0; | |
1420 | break; | |
0f113f3e | 1421 | } |
861e4562 | 1422 | if (show_nm) |
0f113f3e MC |
1423 | BIO_printf(sdb->out, "%s=", nm); |
1424 | ||
1425 | switch (op & SSL_SECOP_OTHER_TYPE) { | |
1426 | ||
1427 | case SSL_SECOP_OTHER_CIPHER: | |
1428 | BIO_puts(sdb->out, SSL_CIPHER_get_name(other)); | |
1429 | break; | |
e03c5b59 | 1430 | |
fd86c2b1 | 1431 | #ifndef OPENSSL_NO_EC |
0f113f3e MC |
1432 | case SSL_SECOP_OTHER_CURVE: |
1433 | { | |
1434 | const char *cname; | |
1435 | cname = EC_curve_nid2nist(nid); | |
1436 | if (cname == NULL) | |
1437 | cname = OBJ_nid2sn(nid); | |
1438 | BIO_puts(sdb->out, cname); | |
1439 | } | |
1440 | break; | |
37f3a3b3 | 1441 | #endif |
0f113f3e MC |
1442 | case SSL_SECOP_OTHER_CERT: |
1443 | { | |
1444 | if (cert_md) { | |
1445 | int sig_nid = X509_get_signature_nid(other); | |
5fae09f3 | 1446 | |
0f113f3e MC |
1447 | BIO_puts(sdb->out, OBJ_nid2sn(sig_nid)); |
1448 | } else { | |
c01ff880 | 1449 | EVP_PKEY *pkey = X509_get0_pubkey(other); |
5fae09f3 | 1450 | |
1451 | if (pkey == NULL) { | |
1452 | BIO_printf(sdb->out, "Public key missing"); | |
1453 | } else { | |
1454 | const char *algname = ""; | |
1455 | ||
1456 | EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, | |
1457 | &algname, EVP_PKEY_get0_asn1(pkey)); | |
1458 | BIO_printf(sdb->out, "%s, bits=%d", | |
1459 | algname, EVP_PKEY_get_bits(pkey)); | |
1460 | } | |
0f113f3e MC |
1461 | } |
1462 | break; | |
1463 | } | |
1464 | case SSL_SECOP_OTHER_SIGALG: | |
1465 | { | |
1466 | const unsigned char *salg = other; | |
1467 | const char *sname = NULL; | |
861e4562 LZ |
1468 | int raw_sig_code = (salg[0] << 8) + salg[1]; /* always big endian (msb, lsb) */ |
1469 | /* raw_sig_code: signature_scheme from tls1.3, or signature_and_hash from tls1.2 */ | |
0f113f3e | 1470 | |
861e4562 LZ |
1471 | if (nm != NULL) |
1472 | BIO_printf(sdb->out, "%s", nm); | |
0f113f3e | 1473 | else |
861e4562 LZ |
1474 | BIO_printf(sdb->out, "s_cb.c:security_callback_debug op=0x%x", op); |
1475 | ||
1476 | sname = lookup(raw_sig_code, signature_tls13_scheme_list, NULL); | |
1477 | if (sname != NULL) { | |
1478 | BIO_printf(sdb->out, " scheme=%s", sname); | |
1479 | } else { | |
1480 | int alg_code = salg[1]; | |
1481 | int hash_code = salg[0]; | |
1482 | const char *alg_str = lookup(alg_code, signature_tls12_alg_list, NULL); | |
1483 | const char *hash_str = lookup(hash_code, signature_tls12_hash_list, NULL); | |
1484 | ||
1485 | if (alg_str != NULL && hash_str != NULL) | |
1486 | BIO_printf(sdb->out, " digest=%s, algorithm=%s", hash_str, alg_str); | |
1487 | else | |
1488 | BIO_printf(sdb->out, " scheme=unknown(0x%04x)", raw_sig_code); | |
1489 | } | |
0f113f3e MC |
1490 | } |
1491 | ||
1492 | } | |
1493 | ||
1494 | if (show_bits) | |
1495 | BIO_printf(sdb->out, ", security bits=%d", bits); | |
1496 | BIO_printf(sdb->out, ": %s\n", rv ? "yes" : "no"); | |
1497 | return rv; | |
1498 | } | |
e03c5b59 | 1499 | |
ecf3a1fb | 1500 | void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose) |
0f113f3e MC |
1501 | { |
1502 | static security_debug_ex sdb; | |
ecf3a1fb RS |
1503 | |
1504 | sdb.out = bio_err; | |
0f113f3e MC |
1505 | sdb.verbose = verbose; |
1506 | sdb.old_cb = SSL_CTX_get_security_callback(ctx); | |
1507 | SSL_CTX_set_security_callback(ctx, security_callback_debug); | |
1508 | SSL_CTX_set0_security_ex_data(ctx, &sdb); | |
1509 | } | |
4bf73e9f PW |
1510 | |
1511 | static void keylog_callback(const SSL *ssl, const char *line) | |
1512 | { | |
1513 | if (bio_keylog == NULL) { | |
1514 | BIO_printf(bio_err, "Keylog callback is invoked without valid file!\n"); | |
1515 | return; | |
1516 | } | |
1517 | ||
1518 | /* | |
1519 | * There might be concurrent writers to the keylog file, so we must ensure | |
1520 | * that the given line is written at once. | |
1521 | */ | |
1522 | BIO_printf(bio_keylog, "%s\n", line); | |
1523 | (void)BIO_flush(bio_keylog); | |
1524 | } | |
1525 | ||
1526 | int set_keylog_file(SSL_CTX *ctx, const char *keylog_file) | |
1527 | { | |
1528 | /* Close any open files */ | |
1529 | BIO_free_all(bio_keylog); | |
1530 | bio_keylog = NULL; | |
1531 | ||
1532 | if (ctx == NULL || keylog_file == NULL) { | |
1533 | /* Keylogging is disabled, OK. */ | |
1534 | return 0; | |
1535 | } | |
1536 | ||
1537 | /* | |
1538 | * Append rather than write in order to allow concurrent modification. | |
1539 | * Furthermore, this preserves existing keylog files which is useful when | |
1540 | * the tool is run multiple times. | |
1541 | */ | |
1542 | bio_keylog = BIO_new_file(keylog_file, "a"); | |
1543 | if (bio_keylog == NULL) { | |
1544 | BIO_printf(bio_err, "Error writing keylog file %s\n", keylog_file); | |
1545 | return 1; | |
1546 | } | |
1547 | ||
1548 | /* Write a header for seekable, empty files (this excludes pipes). */ | |
1549 | if (BIO_tell(bio_keylog) == 0) { | |
1550 | BIO_puts(bio_keylog, | |
1551 | "# SSL/TLS secrets log file, generated by OpenSSL\n"); | |
1552 | (void)BIO_flush(bio_keylog); | |
1553 | } | |
1554 | SSL_CTX_set_keylog_callback(ctx, keylog_callback); | |
1555 | return 0; | |
1556 | } | |
5969a2dd DSH |
1557 | |
1558 | void print_ca_names(BIO *bio, SSL *s) | |
1559 | { | |
1560 | const char *cs = SSL_is_server(s) ? "server" : "client"; | |
1561 | const STACK_OF(X509_NAME) *sk = SSL_get0_peer_CA_list(s); | |
1562 | int i; | |
1563 | ||
1564 | if (sk == NULL || sk_X509_NAME_num(sk) == 0) { | |
1e8e75d1 BB |
1565 | if (!SSL_is_server(s)) |
1566 | BIO_printf(bio, "---\nNo %s certificate CA names sent\n", cs); | |
5969a2dd DSH |
1567 | return; |
1568 | } | |
1569 | ||
1287dabd | 1570 | BIO_printf(bio, "---\nAcceptable %s certificate CA names\n", cs); |
5969a2dd | 1571 | for (i = 0; i < sk_X509_NAME_num(sk); i++) { |
b5c4209b | 1572 | X509_NAME_print_ex(bio, sk_X509_NAME_value(sk, i), 0, get_nameopt()); |
5969a2dd DSH |
1573 | BIO_write(bio, "\n", 1); |
1574 | } | |
1575 | } | |
af5e63e1 FG |
1576 | |
1577 | void ssl_print_secure_renegotiation_notes(BIO *bio, SSL *s) | |
1578 | { | |
1579 | if (SSL_VERSION_ALLOWS_RENEGOTIATION(s)) { | |
1580 | BIO_printf(bio, "Secure Renegotiation IS%s supported\n", | |
1581 | SSL_get_secure_renegotiation_support(s) ? "" : " NOT"); | |
1582 | } else { | |
1583 | BIO_printf(bio, "This TLS version forbids renegotiation.\n"); | |
1584 | } | |
1585 | } | |
e1cd94f2 PP |
1586 | |
1587 | int progress_cb(EVP_PKEY_CTX *ctx) | |
1588 | { | |
1589 | BIO *b = EVP_PKEY_CTX_get_app_data(ctx); | |
1590 | int p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); | |
1591 | static const char symbols[] = ".+*\n"; | |
1592 | char c = (p >= 0 && (size_t)p <= sizeof(symbols) - 1) ? symbols[p] : '?'; | |
1593 | ||
1594 | BIO_write(b, &c, 1); | |
1595 | (void)BIO_flush(b); | |
1596 | return 1; | |
1597 | } | |
1598 |