]>
Commit | Line | Data |
---|---|---|
846e33c7 RS |
1 | /* |
2 | * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. | |
a661b653 | 3 | * |
846e33c7 RS |
4 | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
a661b653 | 8 | */ |
d02b48c6 | 9 | |
7e1b7485 | 10 | /* callback functions used by s_client, s_server, and s_time */ |
d02b48c6 RE |
11 | #include <stdio.h> |
12 | #include <stdlib.h> | |
8f744cce | 13 | #include <string.h> /* for memcpy() and strcmp() */ |
d02b48c6 | 14 | #define USE_SOCKETS |
d02b48c6 | 15 | #include "apps.h" |
d02b48c6 | 16 | #undef USE_SOCKETS |
ec577822 | 17 | #include <openssl/err.h> |
07a9d1a2 | 18 | #include <openssl/rand.h> |
ec577822 BM |
19 | #include <openssl/x509.h> |
20 | #include <openssl/ssl.h> | |
e03c5b59 DSH |
21 | #include <openssl/bn.h> |
22 | #ifndef OPENSSL_NO_DH | |
0f113f3e | 23 | # include <openssl/dh.h> |
e03c5b59 | 24 | #endif |
d02b48c6 RE |
25 | #include "s_apps.h" |
26 | ||
0f113f3e | 27 | #define COOKIE_SECRET_LENGTH 16 |
07a9d1a2 | 28 | |
acc00492 F |
29 | VERIFY_CB_ARGS verify_args = { 0, 0, X509_V_OK, 0 }; |
30 | ||
f9e55034 | 31 | #ifndef OPENSSL_NO_SOCK |
df2ee0e2 BL |
32 | static unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; |
33 | static int cookie_initialized = 0; | |
f9e55034 | 34 | #endif |
d02b48c6 | 35 | |
3e8e688f RS |
36 | static const char *lookup(int val, const STRINT_PAIR* list, const char* def) |
37 | { | |
38 | for ( ; list->name; ++list) | |
39 | if (list->retval == val) | |
40 | return list->name; | |
41 | return def; | |
42 | } | |
43 | ||
6d23cf97 | 44 | int verify_callback(int ok, X509_STORE_CTX *ctx) |
0f113f3e MC |
45 | { |
46 | X509 *err_cert; | |
47 | int err, depth; | |
48 | ||
49 | err_cert = X509_STORE_CTX_get_current_cert(ctx); | |
50 | err = X509_STORE_CTX_get_error(ctx); | |
51 | depth = X509_STORE_CTX_get_error_depth(ctx); | |
52 | ||
acc00492 | 53 | if (!verify_args.quiet || !ok) { |
0f113f3e MC |
54 | BIO_printf(bio_err, "depth=%d ", depth); |
55 | if (err_cert) { | |
56 | X509_NAME_print_ex(bio_err, | |
57 | X509_get_subject_name(err_cert), | |
58 | 0, XN_FLAG_ONELINE); | |
59 | BIO_puts(bio_err, "\n"); | |
60 | } else | |
61 | BIO_puts(bio_err, "<no cert>\n"); | |
62 | } | |
63 | if (!ok) { | |
64 | BIO_printf(bio_err, "verify error:num=%d:%s\n", err, | |
65 | X509_verify_cert_error_string(err)); | |
acc00492 F |
66 | if (verify_args.depth >= depth) { |
67 | if (!verify_args.return_error) | |
0f113f3e | 68 | ok = 1; |
acc00492 | 69 | verify_args.error = err; |
0f113f3e MC |
70 | } else { |
71 | ok = 0; | |
acc00492 | 72 | verify_args.error = X509_V_ERR_CERT_CHAIN_TOO_LONG; |
0f113f3e MC |
73 | } |
74 | } | |
75 | switch (err) { | |
76 | case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: | |
77 | BIO_puts(bio_err, "issuer= "); | |
78 | X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), | |
79 | 0, XN_FLAG_ONELINE); | |
80 | BIO_puts(bio_err, "\n"); | |
81 | break; | |
82 | case X509_V_ERR_CERT_NOT_YET_VALID: | |
83 | case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: | |
84 | BIO_printf(bio_err, "notBefore="); | |
568ce3a5 | 85 | ASN1_TIME_print(bio_err, X509_get0_notBefore(err_cert)); |
0f113f3e MC |
86 | BIO_printf(bio_err, "\n"); |
87 | break; | |
88 | case X509_V_ERR_CERT_HAS_EXPIRED: | |
89 | case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: | |
90 | BIO_printf(bio_err, "notAfter="); | |
568ce3a5 | 91 | ASN1_TIME_print(bio_err, X509_get0_notAfter(err_cert)); |
0f113f3e MC |
92 | BIO_printf(bio_err, "\n"); |
93 | break; | |
94 | case X509_V_ERR_NO_EXPLICIT_POLICY: | |
acc00492 | 95 | if (!verify_args.quiet) |
ecf3a1fb | 96 | policies_print(ctx); |
0f113f3e MC |
97 | break; |
98 | } | |
acc00492 | 99 | if (err == X509_V_OK && ok == 2 && !verify_args.quiet) |
ecf3a1fb | 100 | policies_print(ctx); |
acc00492 | 101 | if (ok && !verify_args.quiet) |
0f113f3e MC |
102 | BIO_printf(bio_err, "verify return:%d\n", ok); |
103 | return (ok); | |
104 | } | |
d02b48c6 | 105 | |
6b691a5c | 106 | int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) |
0f113f3e MC |
107 | { |
108 | if (cert_file != NULL) { | |
0f113f3e MC |
109 | if (SSL_CTX_use_certificate_file(ctx, cert_file, |
110 | SSL_FILETYPE_PEM) <= 0) { | |
111 | BIO_printf(bio_err, "unable to get certificate from '%s'\n", | |
112 | cert_file); | |
113 | ERR_print_errors(bio_err); | |
114 | return (0); | |
115 | } | |
116 | if (key_file == NULL) | |
117 | key_file = cert_file; | |
118 | if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) { | |
119 | BIO_printf(bio_err, "unable to get private key from '%s'\n", | |
120 | key_file); | |
121 | ERR_print_errors(bio_err); | |
122 | return (0); | |
123 | } | |
124 | ||
0f113f3e MC |
125 | /* |
126 | * If we are using DSA, we can copy the parameters from the private | |
127 | * key | |
128 | */ | |
129 | ||
130 | /* | |
131 | * Now we know that a key and cert have been set against the SSL | |
132 | * context | |
133 | */ | |
134 | if (!SSL_CTX_check_private_key(ctx)) { | |
135 | BIO_printf(bio_err, | |
136 | "Private key does not match the certificate public key\n"); | |
137 | return (0); | |
138 | } | |
139 | } | |
140 | return (1); | |
141 | } | |
d02b48c6 | 142 | |
fc6fc7ff | 143 | int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, |
0f113f3e MC |
144 | STACK_OF(X509) *chain, int build_chain) |
145 | { | |
146 | int chflags = chain ? SSL_BUILD_CHAIN_FLAG_CHECK : 0; | |
147 | if (cert == NULL) | |
148 | return 1; | |
149 | if (SSL_CTX_use_certificate(ctx, cert) <= 0) { | |
150 | BIO_printf(bio_err, "error setting certificate\n"); | |
151 | ERR_print_errors(bio_err); | |
152 | return 0; | |
153 | } | |
154 | ||
155 | if (SSL_CTX_use_PrivateKey(ctx, key) <= 0) { | |
156 | BIO_printf(bio_err, "error setting private key\n"); | |
157 | ERR_print_errors(bio_err); | |
158 | return 0; | |
159 | } | |
160 | ||
161 | /* | |
162 | * Now we know that a key and cert have been set against the SSL context | |
163 | */ | |
164 | if (!SSL_CTX_check_private_key(ctx)) { | |
165 | BIO_printf(bio_err, | |
166 | "Private key does not match the certificate public key\n"); | |
167 | return 0; | |
168 | } | |
169 | if (chain && !SSL_CTX_set1_chain(ctx, chain)) { | |
170 | BIO_printf(bio_err, "error setting certificate chain\n"); | |
171 | ERR_print_errors(bio_err); | |
172 | return 0; | |
173 | } | |
174 | if (build_chain && !SSL_CTX_build_cert_chain(ctx, chflags)) { | |
175 | BIO_printf(bio_err, "error building certificate chain\n"); | |
176 | ERR_print_errors(bio_err); | |
177 | return 0; | |
178 | } | |
179 | return 1; | |
180 | } | |
826a42a0 | 181 | |
3e8e688f RS |
182 | static STRINT_PAIR cert_type_list[] = { |
183 | {"RSA sign", TLS_CT_RSA_SIGN}, | |
184 | {"DSA sign", TLS_CT_DSS_SIGN}, | |
185 | {"RSA fixed DH", TLS_CT_RSA_FIXED_DH}, | |
186 | {"DSS fixed DH", TLS_CT_DSS_FIXED_DH}, | |
187 | {"ECDSA sign", TLS_CT_ECDSA_SIGN}, | |
188 | {"RSA fixed ECDH", TLS_CT_RSA_FIXED_ECDH}, | |
189 | {"ECDSA fixed ECDH", TLS_CT_ECDSA_FIXED_ECDH}, | |
3e8e688f RS |
190 | {"GOST01 Sign", TLS_CT_GOST01_SIGN}, |
191 | {NULL} | |
192 | }; | |
193 | ||
9f27b1ee | 194 | static void ssl_print_client_cert_types(BIO *bio, SSL *s) |
0f113f3e MC |
195 | { |
196 | const unsigned char *p; | |
197 | int i; | |
198 | int cert_type_num = SSL_get0_certificate_types(s, &p); | |
199 | if (!cert_type_num) | |
200 | return; | |
201 | BIO_puts(bio, "Client Certificate Types: "); | |
202 | for (i = 0; i < cert_type_num; i++) { | |
203 | unsigned char cert_type = p[i]; | |
3e8e688f | 204 | const char *cname = lookup((int)cert_type, cert_type_list, NULL); |
0f113f3e MC |
205 | |
206 | if (i) | |
207 | BIO_puts(bio, ", "); | |
0f113f3e MC |
208 | if (cname) |
209 | BIO_puts(bio, cname); | |
210 | else | |
211 | BIO_printf(bio, "UNKNOWN (%d),", cert_type); | |
212 | } | |
213 | BIO_puts(bio, "\n"); | |
214 | } | |
9f27b1ee DSH |
215 | |
216 | static int do_print_sigalgs(BIO *out, SSL *s, int shared) | |
0f113f3e MC |
217 | { |
218 | int i, nsig, client; | |
219 | client = SSL_is_server(s) ? 0 : 1; | |
220 | if (shared) | |
221 | nsig = SSL_get_shared_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL); | |
222 | else | |
223 | nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL); | |
224 | if (nsig == 0) | |
225 | return 1; | |
226 | ||
227 | if (shared) | |
228 | BIO_puts(out, "Shared "); | |
229 | ||
230 | if (client) | |
231 | BIO_puts(out, "Requested "); | |
232 | BIO_puts(out, "Signature Algorithms: "); | |
233 | for (i = 0; i < nsig; i++) { | |
234 | int hash_nid, sign_nid; | |
235 | unsigned char rhash, rsign; | |
236 | const char *sstr = NULL; | |
237 | if (shared) | |
238 | SSL_get_shared_sigalgs(s, i, &sign_nid, &hash_nid, NULL, | |
239 | &rsign, &rhash); | |
240 | else | |
241 | SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL, &rsign, &rhash); | |
242 | if (i) | |
243 | BIO_puts(out, ":"); | |
244 | if (sign_nid == EVP_PKEY_RSA) | |
245 | sstr = "RSA"; | |
246 | else if (sign_nid == EVP_PKEY_DSA) | |
247 | sstr = "DSA"; | |
248 | else if (sign_nid == EVP_PKEY_EC) | |
249 | sstr = "ECDSA"; | |
250 | if (sstr) | |
251 | BIO_printf(out, "%s+", sstr); | |
252 | else | |
253 | BIO_printf(out, "0x%02X+", (int)rsign); | |
254 | if (hash_nid != NID_undef) | |
255 | BIO_printf(out, "%s", OBJ_nid2sn(hash_nid)); | |
256 | else | |
257 | BIO_printf(out, "0x%02X", (int)rhash); | |
258 | } | |
259 | BIO_puts(out, "\n"); | |
260 | return 1; | |
261 | } | |
e7f8ff43 | 262 | |
9f27b1ee | 263 | int ssl_print_sigalgs(BIO *out, SSL *s) |
0f113f3e MC |
264 | { |
265 | int mdnid; | |
266 | if (!SSL_is_server(s)) | |
267 | ssl_print_client_cert_types(out, s); | |
268 | do_print_sigalgs(out, s, 0); | |
269 | do_print_sigalgs(out, s, 1); | |
270 | if (SSL_get_peer_signature_nid(s, &mdnid)) | |
271 | BIO_printf(out, "Peer signing digest: %s\n", OBJ_nid2sn(mdnid)); | |
272 | return 1; | |
273 | } | |
274 | ||
14536c8c | 275 | #ifndef OPENSSL_NO_EC |
20b431e3 | 276 | int ssl_print_point_formats(BIO *out, SSL *s) |
0f113f3e MC |
277 | { |
278 | int i, nformats; | |
279 | const char *pformats; | |
280 | nformats = SSL_get0_ec_point_formats(s, &pformats); | |
281 | if (nformats <= 0) | |
282 | return 1; | |
283 | BIO_puts(out, "Supported Elliptic Curve Point Formats: "); | |
284 | for (i = 0; i < nformats; i++, pformats++) { | |
285 | if (i) | |
286 | BIO_puts(out, ":"); | |
287 | switch (*pformats) { | |
288 | case TLSEXT_ECPOINTFORMAT_uncompressed: | |
289 | BIO_puts(out, "uncompressed"); | |
290 | break; | |
291 | ||
292 | case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime: | |
293 | BIO_puts(out, "ansiX962_compressed_prime"); | |
294 | break; | |
295 | ||
296 | case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2: | |
297 | BIO_puts(out, "ansiX962_compressed_char2"); | |
298 | break; | |
299 | ||
300 | default: | |
301 | BIO_printf(out, "unknown(%d)", (int)*pformats); | |
302 | break; | |
303 | ||
304 | } | |
305 | } | |
0f113f3e MC |
306 | BIO_puts(out, "\n"); |
307 | return 1; | |
308 | } | |
20b431e3 | 309 | |
de4d764e | 310 | int ssl_print_groups(BIO *out, SSL *s, int noshared) |
0f113f3e | 311 | { |
de4d764e MC |
312 | int i, ngroups, *groups, nid; |
313 | const char *gname; | |
7e1b7485 | 314 | |
de4d764e MC |
315 | ngroups = SSL_get1_groups(s, NULL); |
316 | if (ngroups <= 0) | |
0f113f3e | 317 | return 1; |
de4d764e MC |
318 | groups = app_malloc(ngroups * sizeof(int), "groups to print"); |
319 | SSL_get1_groups(s, groups); | |
0f113f3e | 320 | |
de4d764e MC |
321 | BIO_puts(out, "Supported Elliptic Groups: "); |
322 | for (i = 0; i < ngroups; i++) { | |
0f113f3e MC |
323 | if (i) |
324 | BIO_puts(out, ":"); | |
de4d764e | 325 | nid = groups[i]; |
0f113f3e MC |
326 | /* If unrecognised print out hex version */ |
327 | if (nid & TLSEXT_nid_unknown) | |
328 | BIO_printf(out, "0x%04X", nid & 0xFFFF); | |
329 | else { | |
de4d764e | 330 | /* TODO(TLS1.3): Get group name here */ |
0f113f3e | 331 | /* Use NIST name for curve if it exists */ |
de4d764e MC |
332 | gname = EC_curve_nid2nist(nid); |
333 | if (!gname) | |
334 | gname = OBJ_nid2sn(nid); | |
335 | BIO_printf(out, "%s", gname); | |
0f113f3e MC |
336 | } |
337 | } | |
de4d764e | 338 | OPENSSL_free(groups); |
0f113f3e MC |
339 | if (noshared) { |
340 | BIO_puts(out, "\n"); | |
341 | return 1; | |
342 | } | |
de4d764e MC |
343 | BIO_puts(out, "\nShared Elliptic groups: "); |
344 | ngroups = SSL_get_shared_group(s, -1); | |
345 | for (i = 0; i < ngroups; i++) { | |
0f113f3e MC |
346 | if (i) |
347 | BIO_puts(out, ":"); | |
de4d764e MC |
348 | nid = SSL_get_shared_group(s, i); |
349 | /* TODO(TLS1.3): Convert for DH groups */ | |
350 | gname = EC_curve_nid2nist(nid); | |
351 | if (!gname) | |
352 | gname = OBJ_nid2sn(nid); | |
353 | BIO_printf(out, "%s", gname); | |
0f113f3e | 354 | } |
de4d764e | 355 | if (ngroups == 0) |
0f113f3e MC |
356 | BIO_puts(out, "NONE"); |
357 | BIO_puts(out, "\n"); | |
358 | return 1; | |
359 | } | |
14536c8c | 360 | #endif |
33a8de69 | 361 | int ssl_print_tmp_key(BIO *out, SSL *s) |
0f113f3e MC |
362 | { |
363 | EVP_PKEY *key; | |
364 | if (!SSL_get_server_tmp_key(s, &key)) | |
365 | return 1; | |
366 | BIO_puts(out, "Server Temp Key: "); | |
367 | switch (EVP_PKEY_id(key)) { | |
368 | case EVP_PKEY_RSA: | |
369 | BIO_printf(out, "RSA, %d bits\n", EVP_PKEY_bits(key)); | |
370 | break; | |
371 | ||
372 | case EVP_PKEY_DH: | |
373 | BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key)); | |
374 | break; | |
10bf4fc2 | 375 | #ifndef OPENSSL_NO_EC |
0f113f3e MC |
376 | case EVP_PKEY_EC: |
377 | { | |
378 | EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key); | |
379 | int nid; | |
380 | const char *cname; | |
381 | nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); | |
382 | EC_KEY_free(ec); | |
383 | cname = EC_curve_nid2nist(nid); | |
384 | if (!cname) | |
385 | cname = OBJ_nid2sn(nid); | |
386 | BIO_printf(out, "ECDH, %s, %d bits\n", cname, EVP_PKEY_bits(key)); | |
387 | } | |
23143e4d | 388 | break; |
14536c8c | 389 | #endif |
23143e4d DSH |
390 | default: |
391 | BIO_printf(out, "%s, %d bits\n", OBJ_nid2sn(EVP_PKEY_id(key)), | |
392 | EVP_PKEY_bits(key)); | |
0f113f3e MC |
393 | } |
394 | EVP_PKEY_free(key); | |
395 | return 1; | |
396 | } | |
e7f8ff43 | 397 | |
6d23cf97 | 398 | long bio_dump_callback(BIO *bio, int cmd, const char *argp, |
0f113f3e MC |
399 | int argi, long argl, long ret) |
400 | { | |
401 | BIO *out; | |
402 | ||
403 | out = (BIO *)BIO_get_callback_arg(bio); | |
404 | if (out == NULL) | |
405 | return (ret); | |
406 | ||
407 | if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) { | |
408 | BIO_printf(out, "read from %p [%p] (%lu bytes => %ld (0x%lX))\n", | |
50eadf2a | 409 | (void *)bio, (void *)argp, (unsigned long)argi, ret, ret); |
0f113f3e MC |
410 | BIO_dump(out, argp, (int)ret); |
411 | return (ret); | |
412 | } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) { | |
413 | BIO_printf(out, "write to %p [%p] (%lu bytes => %ld (0x%lX))\n", | |
50eadf2a | 414 | (void *)bio, (void *)argp, (unsigned long)argi, ret, ret); |
0f113f3e MC |
415 | BIO_dump(out, argp, (int)ret); |
416 | } | |
417 | return (ret); | |
418 | } | |
d02b48c6 | 419 | |
6d23cf97 | 420 | void apps_ssl_info_callback(const SSL *s, int where, int ret) |
0f113f3e MC |
421 | { |
422 | const char *str; | |
423 | int w; | |
424 | ||
425 | w = where & ~SSL_ST_MASK; | |
426 | ||
427 | if (w & SSL_ST_CONNECT) | |
428 | str = "SSL_connect"; | |
429 | else if (w & SSL_ST_ACCEPT) | |
430 | str = "SSL_accept"; | |
431 | else | |
432 | str = "undefined"; | |
433 | ||
434 | if (where & SSL_CB_LOOP) { | |
435 | BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s)); | |
436 | } else if (where & SSL_CB_ALERT) { | |
437 | str = (where & SSL_CB_READ) ? "read" : "write"; | |
438 | BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n", | |
439 | str, | |
440 | SSL_alert_type_string_long(ret), | |
441 | SSL_alert_desc_string_long(ret)); | |
442 | } else if (where & SSL_CB_EXIT) { | |
443 | if (ret == 0) | |
444 | BIO_printf(bio_err, "%s:failed in %s\n", | |
445 | str, SSL_state_string_long(s)); | |
446 | else if (ret < 0) { | |
447 | BIO_printf(bio_err, "%s:error in %s\n", | |
448 | str, SSL_state_string_long(s)); | |
449 | } | |
450 | } | |
451 | } | |
d02b48c6 | 452 | |
3e8e688f RS |
453 | static STRINT_PAIR ssl_versions[] = { |
454 | {"SSL 3.0", SSL3_VERSION}, | |
455 | {"TLS 1.0", TLS1_VERSION}, | |
456 | {"TLS 1.1", TLS1_1_VERSION}, | |
457 | {"TLS 1.2", TLS1_2_VERSION}, | |
582a17d6 | 458 | {"TLS 1.3", TLS1_3_VERSION}, |
3e8e688f RS |
459 | {"DTLS 1.0", DTLS1_VERSION}, |
460 | {"DTLS 1.0 (bad)", DTLS1_BAD_VER}, | |
461 | {NULL} | |
462 | }; | |
463 | static STRINT_PAIR alert_types[] = { | |
464 | {" close_notify", 0}, | |
465 | {" unexpected_message", 10}, | |
466 | {" bad_record_mac", 20}, | |
467 | {" decryption_failed", 21}, | |
468 | {" record_overflow", 22}, | |
469 | {" decompression_failure", 30}, | |
470 | {" handshake_failure", 40}, | |
471 | {" bad_certificate", 42}, | |
472 | {" unsupported_certificate", 43}, | |
473 | {" certificate_revoked", 44}, | |
474 | {" certificate_expired", 45}, | |
475 | {" certificate_unknown", 46}, | |
476 | {" illegal_parameter", 47}, | |
477 | {" unknown_ca", 48}, | |
478 | {" access_denied", 49}, | |
479 | {" decode_error", 50}, | |
480 | {" decrypt_error", 51}, | |
481 | {" export_restriction", 60}, | |
482 | {" protocol_version", 70}, | |
483 | {" insufficient_security", 71}, | |
484 | {" internal_error", 80}, | |
485 | {" user_canceled", 90}, | |
486 | {" no_renegotiation", 100}, | |
487 | {" unsupported_extension", 110}, | |
488 | {" certificate_unobtainable", 111}, | |
489 | {" unrecognized_name", 112}, | |
490 | {" bad_certificate_status_response", 113}, | |
491 | {" bad_certificate_hash_value", 114}, | |
492 | {" unknown_psk_identity", 115}, | |
493 | {NULL} | |
494 | }; | |
495 | ||
496 | static STRINT_PAIR handshakes[] = { | |
497 | {", HelloRequest", 0}, | |
498 | {", ClientHello", 1}, | |
499 | {", ServerHello", 2}, | |
500 | {", HelloVerifyRequest", 3}, | |
7429b398 | 501 | {", NewSessionTicket", 4}, |
3e8e688f RS |
502 | {", Certificate", 11}, |
503 | {", ServerKeyExchange", 12}, | |
504 | {", CertificateRequest", 13}, | |
505 | {", ServerHelloDone", 14}, | |
506 | {", CertificateVerify", 15}, | |
507 | {", ClientKeyExchange", 16}, | |
508 | {", Finished", 20}, | |
7429b398 DB |
509 | {", CertificateUrl", 21}, |
510 | {", CertificateStatus", 22}, | |
511 | {", SupplementalData", 23}, | |
3e8e688f RS |
512 | {NULL} |
513 | }; | |
0f113f3e MC |
514 | |
515 | void msg_cb(int write_p, int version, int content_type, const void *buf, | |
516 | size_t len, SSL *ssl, void *arg) | |
517 | { | |
518 | BIO *bio = arg; | |
3e8e688f RS |
519 | const char *str_write_p = write_p ? ">>>" : "<<<"; |
520 | const char *str_version = lookup(version, ssl_versions, "???"); | |
521 | const char *str_content_type = "", *str_details1 = "", *str_details2 = ""; | |
522 | const unsigned char* bp = buf; | |
0f113f3e MC |
523 | |
524 | if (version == SSL3_VERSION || | |
525 | version == TLS1_VERSION || | |
526 | version == TLS1_1_VERSION || | |
527 | version == TLS1_2_VERSION || | |
582a17d6 | 528 | version == TLS1_3_VERSION || |
0f113f3e MC |
529 | version == DTLS1_VERSION || version == DTLS1_BAD_VER) { |
530 | switch (content_type) { | |
531 | case 20: | |
532 | str_content_type = "ChangeCipherSpec"; | |
533 | break; | |
534 | case 21: | |
535 | str_content_type = "Alert"; | |
0f113f3e | 536 | str_details1 = ", ???"; |
0f113f3e | 537 | if (len == 2) { |
3e8e688f | 538 | switch (bp[0]) { |
0f113f3e MC |
539 | case 1: |
540 | str_details1 = ", warning"; | |
541 | break; | |
542 | case 2: | |
543 | str_details1 = ", fatal"; | |
544 | break; | |
545 | } | |
3e8e688f | 546 | str_details2 = lookup((int)bp[1], alert_types, " ???"); |
0f113f3e | 547 | } |
3e8e688f RS |
548 | break; |
549 | case 22: | |
550 | str_content_type = "Handshake"; | |
0f113f3e | 551 | str_details1 = "???"; |
3e8e688f RS |
552 | if (len > 0) |
553 | str_details1 = lookup((int)bp[0], handshakes, "???"); | |
554 | break; | |
7429b398 DB |
555 | case 23: |
556 | str_content_type = "ApplicationData"; | |
557 | break; | |
4817504d | 558 | #ifndef OPENSSL_NO_HEARTBEATS |
3e8e688f | 559 | case 24: |
0f113f3e MC |
560 | str_details1 = ", Heartbeat"; |
561 | ||
562 | if (len > 0) { | |
3e8e688f | 563 | switch (bp[0]) { |
0f113f3e MC |
564 | case 1: |
565 | str_details1 = ", HeartbeatRequest"; | |
566 | break; | |
567 | case 2: | |
568 | str_details1 = ", HeartbeatResponse"; | |
569 | break; | |
570 | } | |
571 | } | |
3e8e688f | 572 | break; |
4817504d | 573 | #endif |
3e8e688f | 574 | } |
0f113f3e | 575 | } |
a661b653 | 576 | |
0f113f3e MC |
577 | BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, |
578 | str_content_type, (unsigned long)len, str_details1, | |
579 | str_details2); | |
a661b653 | 580 | |
0f113f3e MC |
581 | if (len > 0) { |
582 | size_t num, i; | |
583 | ||
584 | BIO_printf(bio, " "); | |
585 | num = len; | |
0f113f3e MC |
586 | for (i = 0; i < num; i++) { |
587 | if (i % 16 == 0 && i > 0) | |
588 | BIO_printf(bio, "\n "); | |
589 | BIO_printf(bio, " %02x", ((const unsigned char *)buf)[i]); | |
590 | } | |
591 | if (i < len) | |
592 | BIO_printf(bio, " ..."); | |
593 | BIO_printf(bio, "\n"); | |
594 | } | |
595 | (void)BIO_flush(bio); | |
596 | } | |
6434abbf | 597 | |
3e8e688f RS |
598 | static STRINT_PAIR tlsext_types[] = { |
599 | {"server name", TLSEXT_TYPE_server_name}, | |
600 | {"max fragment length", TLSEXT_TYPE_max_fragment_length}, | |
601 | {"client certificate URL", TLSEXT_TYPE_client_certificate_url}, | |
602 | {"trusted CA keys", TLSEXT_TYPE_trusted_ca_keys}, | |
603 | {"truncated HMAC", TLSEXT_TYPE_truncated_hmac}, | |
604 | {"status request", TLSEXT_TYPE_status_request}, | |
605 | {"user mapping", TLSEXT_TYPE_user_mapping}, | |
606 | {"client authz", TLSEXT_TYPE_client_authz}, | |
607 | {"server authz", TLSEXT_TYPE_server_authz}, | |
608 | {"cert type", TLSEXT_TYPE_cert_type}, | |
de4d764e | 609 | {"supported_groups", TLSEXT_TYPE_supported_groups}, |
3e8e688f RS |
610 | {"EC point formats", TLSEXT_TYPE_ec_point_formats}, |
611 | {"SRP", TLSEXT_TYPE_srp}, | |
612 | {"signature algorithms", TLSEXT_TYPE_signature_algorithms}, | |
613 | {"use SRTP", TLSEXT_TYPE_use_srtp}, | |
614 | {"heartbeat", TLSEXT_TYPE_heartbeat}, | |
615 | {"session ticket", TLSEXT_TYPE_session_ticket}, | |
616 | {"renegotiation info", TLSEXT_TYPE_renegotiate}, | |
dd696a55 | 617 | {"signed certificate timestamps", TLSEXT_TYPE_signed_certificate_timestamp}, |
3e8e688f | 618 | {"TLS padding", TLSEXT_TYPE_padding}, |
15a40af2 | 619 | #ifdef TLSEXT_TYPE_next_proto_neg |
3e8e688f | 620 | {"next protocol", TLSEXT_TYPE_next_proto_neg}, |
15a40af2 | 621 | #endif |
5e3ff62c | 622 | #ifdef TLSEXT_TYPE_encrypt_then_mac |
3e8e688f | 623 | {"encrypt-then-mac", TLSEXT_TYPE_encrypt_then_mac}, |
5e3ff62c | 624 | #endif |
b48357d9 AG |
625 | #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation |
626 | {"application layer protocol negotiation", | |
627 | TLSEXT_TYPE_application_layer_protocol_negotiation}, | |
fecd04e9 AG |
628 | #endif |
629 | #ifdef TLSEXT_TYPE_extended_master_secret | |
630 | {"extended master secret", TLSEXT_TYPE_extended_master_secret}, | |
b48357d9 | 631 | #endif |
3e8e688f RS |
632 | {NULL} |
633 | }; | |
0f113f3e | 634 | |
3e8e688f | 635 | void tlsext_cb(SSL *s, int client_server, int type, |
b6981744 | 636 | const unsigned char *data, int len, void *arg) |
3e8e688f RS |
637 | { |
638 | BIO *bio = arg; | |
639 | const char *extname = lookup(type, tlsext_types, "unknown"); | |
0f113f3e MC |
640 | |
641 | BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n", | |
642 | client_server ? "server" : "client", extname, type, len); | |
b6981744 | 643 | BIO_dump(bio, (const char *)data, len); |
0f113f3e MC |
644 | (void)BIO_flush(bio); |
645 | } | |
646 | ||
f9e55034 | 647 | #ifndef OPENSSL_NO_SOCK |
0f113f3e MC |
648 | int generate_cookie_callback(SSL *ssl, unsigned char *cookie, |
649 | unsigned int *cookie_len) | |
650 | { | |
87a595e5 | 651 | unsigned char *buffer; |
d858c876 RL |
652 | size_t length; |
653 | unsigned short port; | |
654 | BIO_ADDR *peer = NULL; | |
0f113f3e MC |
655 | |
656 | /* Initialize a random secret */ | |
657 | if (!cookie_initialized) { | |
266483d2 | 658 | if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) { |
0f113f3e MC |
659 | BIO_printf(bio_err, "error setting random cookie secret\n"); |
660 | return 0; | |
661 | } | |
662 | cookie_initialized = 1; | |
663 | } | |
664 | ||
d858c876 RL |
665 | peer = BIO_ADDR_new(); |
666 | if (peer == NULL) { | |
667 | BIO_printf(bio_err, "memory full\n"); | |
668 | return 0; | |
669 | } | |
670 | ||
0f113f3e | 671 | /* Read peer information */ |
d858c876 | 672 | (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), peer); |
0f113f3e MC |
673 | |
674 | /* Create buffer with peer's address and port */ | |
d858c876 RL |
675 | BIO_ADDR_rawaddress(peer, NULL, &length); |
676 | OPENSSL_assert(length != 0); | |
677 | port = BIO_ADDR_rawport(peer); | |
678 | length += sizeof(port); | |
68dc6824 | 679 | buffer = app_malloc(length, "cookie generate buffer"); |
0f113f3e | 680 | |
d858c876 RL |
681 | memcpy(buffer, &port, sizeof(port)); |
682 | BIO_ADDR_rawaddress(peer, buffer + sizeof(port), NULL); | |
0f113f3e MC |
683 | |
684 | /* Calculate HMAC of buffer using the secret */ | |
685 | HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, | |
87a595e5 | 686 | buffer, length, cookie, cookie_len); |
d858c876 | 687 | |
0f113f3e | 688 | OPENSSL_free(buffer); |
d858c876 | 689 | BIO_ADDR_free(peer); |
0f113f3e | 690 | |
0f113f3e MC |
691 | return 1; |
692 | } | |
693 | ||
31011544 | 694 | int verify_cookie_callback(SSL *ssl, const unsigned char *cookie, |
0f113f3e MC |
695 | unsigned int cookie_len) |
696 | { | |
87a595e5 RL |
697 | unsigned char result[EVP_MAX_MD_SIZE]; |
698 | unsigned int resultlength; | |
699 | ||
700 | /* Note: we check cookie_initialized because if it's not, | |
701 | * it cannot be valid */ | |
702 | if (cookie_initialized | |
703 | && generate_cookie_callback(ssl, result, &resultlength) | |
704 | && cookie_len == resultlength | |
0f113f3e MC |
705 | && memcmp(result, cookie, resultlength) == 0) |
706 | return 1; | |
707 | ||
708 | return 0; | |
709 | } | |
f9e55034 | 710 | #endif |
0f113f3e MC |
711 | |
712 | /* | |
713 | * Example of extended certificate handling. Where the standard support of | |
714 | * one certificate per algorithm is not sufficient an application can decide | |
715 | * which certificate(s) to use at runtime based on whatever criteria it deems | |
716 | * appropriate. | |
18d71588 DSH |
717 | */ |
718 | ||
719 | /* Linked list of certificates, keys and chains */ | |
0f113f3e MC |
720 | struct ssl_excert_st { |
721 | int certform; | |
722 | const char *certfile; | |
723 | int keyform; | |
724 | const char *keyfile; | |
725 | const char *chainfile; | |
726 | X509 *cert; | |
727 | EVP_PKEY *key; | |
728 | STACK_OF(X509) *chain; | |
729 | int build_chain; | |
730 | struct ssl_excert_st *next, *prev; | |
731 | }; | |
732 | ||
3e8e688f RS |
733 | static STRINT_PAIR chain_flags[] = { |
734 | {"Overall Validity", CERT_PKEY_VALID}, | |
735 | {"Sign with EE key", CERT_PKEY_SIGN}, | |
736 | {"EE signature", CERT_PKEY_EE_SIGNATURE}, | |
737 | {"CA signature", CERT_PKEY_CA_SIGNATURE}, | |
738 | {"EE key parameters", CERT_PKEY_EE_PARAM}, | |
739 | {"CA key parameters", CERT_PKEY_CA_PARAM}, | |
0d4fb843 | 740 | {"Explicitly sign with EE key", CERT_PKEY_EXPLICIT_SIGN}, |
3e8e688f RS |
741 | {"Issuer Name", CERT_PKEY_ISSUER_NAME}, |
742 | {"Certificate Type", CERT_PKEY_CERT_TYPE}, | |
743 | {NULL} | |
0f113f3e | 744 | }; |
6dbb6219 | 745 | |
ecf3a1fb | 746 | static void print_chain_flags(SSL *s, int flags) |
0f113f3e | 747 | { |
3e8e688f | 748 | STRINT_PAIR *pp; |
ecf3a1fb | 749 | |
3e8e688f RS |
750 | for (pp = chain_flags; pp->name; ++pp) |
751 | BIO_printf(bio_err, "\t%s: %s\n", | |
752 | pp->name, | |
753 | (flags & pp->retval) ? "OK" : "NOT OK"); | |
ecf3a1fb | 754 | BIO_printf(bio_err, "\tSuite B: "); |
0f113f3e | 755 | if (SSL_set_cert_flags(s, 0) & SSL_CERT_FLAG_SUITEB_128_LOS) |
ecf3a1fb | 756 | BIO_puts(bio_err, flags & CERT_PKEY_SUITEB ? "OK\n" : "NOT OK\n"); |
0f113f3e | 757 | else |
ecf3a1fb | 758 | BIO_printf(bio_err, "not tested\n"); |
0f113f3e MC |
759 | } |
760 | ||
761 | /* | |
762 | * Very basic selection callback: just use any certificate chain reported as | |
763 | * valid. More sophisticated could prioritise according to local policy. | |
18d71588 DSH |
764 | */ |
765 | static int set_cert_cb(SSL *ssl, void *arg) | |
0f113f3e MC |
766 | { |
767 | int i, rv; | |
768 | SSL_EXCERT *exc = arg; | |
3323314f | 769 | #ifdef CERT_CB_TEST_RETRY |
0f113f3e MC |
770 | static int retry_cnt; |
771 | if (retry_cnt < 5) { | |
772 | retry_cnt++; | |
7768e116 RS |
773 | BIO_printf(bio_err, |
774 | "Certificate callback retry test: count %d\n", | |
775 | retry_cnt); | |
0f113f3e MC |
776 | return -1; |
777 | } | |
3323314f | 778 | #endif |
0f113f3e MC |
779 | SSL_certs_clear(ssl); |
780 | ||
781 | if (!exc) | |
782 | return 1; | |
783 | ||
784 | /* | |
785 | * Go to end of list and traverse backwards since we prepend newer | |
786 | * entries this retains the original order. | |
787 | */ | |
788 | while (exc->next) | |
789 | exc = exc->next; | |
790 | ||
791 | i = 0; | |
792 | ||
793 | while (exc) { | |
794 | i++; | |
795 | rv = SSL_check_chain(ssl, exc->cert, exc->key, exc->chain); | |
796 | BIO_printf(bio_err, "Checking cert chain %d:\nSubject: ", i); | |
797 | X509_NAME_print_ex(bio_err, X509_get_subject_name(exc->cert), 0, | |
798 | XN_FLAG_ONELINE); | |
799 | BIO_puts(bio_err, "\n"); | |
ecf3a1fb | 800 | print_chain_flags(ssl, rv); |
0f113f3e | 801 | if (rv & CERT_PKEY_VALID) { |
61986d32 | 802 | if (!SSL_use_certificate(ssl, exc->cert) |
7e1b7485 | 803 | || !SSL_use_PrivateKey(ssl, exc->key)) { |
ac59d705 MC |
804 | return 0; |
805 | } | |
0f113f3e MC |
806 | /* |
807 | * NB: we wouldn't normally do this as it is not efficient | |
808 | * building chains on each connection better to cache the chain | |
809 | * in advance. | |
810 | */ | |
811 | if (exc->build_chain) { | |
812 | if (!SSL_build_cert_chain(ssl, 0)) | |
813 | return 0; | |
814 | } else if (exc->chain) | |
815 | SSL_set1_chain(ssl, exc->chain); | |
816 | } | |
817 | exc = exc->prev; | |
818 | } | |
819 | return 1; | |
820 | } | |
18d71588 DSH |
821 | |
822 | void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc) | |
0f113f3e MC |
823 | { |
824 | SSL_CTX_set_cert_cb(ctx, set_cert_cb, exc); | |
825 | } | |
18d71588 DSH |
826 | |
827 | static int ssl_excert_prepend(SSL_EXCERT **pexc) | |
0f113f3e | 828 | { |
b4faea50 | 829 | SSL_EXCERT *exc = app_malloc(sizeof(*exc), "prepend cert"); |
68dc6824 | 830 | |
64b25758 | 831 | memset(exc, 0, sizeof(*exc)); |
0f113f3e MC |
832 | |
833 | exc->next = *pexc; | |
834 | *pexc = exc; | |
835 | ||
836 | if (exc->next) { | |
837 | exc->certform = exc->next->certform; | |
838 | exc->keyform = exc->next->keyform; | |
839 | exc->next->prev = exc; | |
840 | } else { | |
841 | exc->certform = FORMAT_PEM; | |
842 | exc->keyform = FORMAT_PEM; | |
843 | } | |
844 | return 1; | |
845 | ||
846 | } | |
18d71588 DSH |
847 | |
848 | void ssl_excert_free(SSL_EXCERT *exc) | |
0f113f3e MC |
849 | { |
850 | SSL_EXCERT *curr; | |
25aaa98a RS |
851 | |
852 | if (!exc) | |
853 | return; | |
0f113f3e | 854 | while (exc) { |
222561fe | 855 | X509_free(exc->cert); |
c5ba2d99 | 856 | EVP_PKEY_free(exc->key); |
222561fe | 857 | sk_X509_pop_free(exc->chain, X509_free); |
0f113f3e MC |
858 | curr = exc; |
859 | exc = exc->next; | |
860 | OPENSSL_free(curr); | |
861 | } | |
862 | } | |
18d71588 | 863 | |
7e1b7485 | 864 | int load_excert(SSL_EXCERT **pexc) |
0f113f3e MC |
865 | { |
866 | SSL_EXCERT *exc = *pexc; | |
867 | if (!exc) | |
868 | return 1; | |
869 | /* If nothing in list, free and set to NULL */ | |
870 | if (!exc->certfile && !exc->next) { | |
871 | ssl_excert_free(exc); | |
872 | *pexc = NULL; | |
873 | return 1; | |
874 | } | |
875 | for (; exc; exc = exc->next) { | |
876 | if (!exc->certfile) { | |
7e1b7485 | 877 | BIO_printf(bio_err, "Missing filename\n"); |
0f113f3e MC |
878 | return 0; |
879 | } | |
7e1b7485 | 880 | exc->cert = load_cert(exc->certfile, exc->certform, |
a773b52a | 881 | "Server Certificate"); |
0f113f3e MC |
882 | if (!exc->cert) |
883 | return 0; | |
884 | if (exc->keyfile) { | |
7e1b7485 | 885 | exc->key = load_key(exc->keyfile, exc->keyform, |
0f113f3e MC |
886 | 0, NULL, NULL, "Server Key"); |
887 | } else { | |
7e1b7485 | 888 | exc->key = load_key(exc->certfile, exc->certform, |
0f113f3e MC |
889 | 0, NULL, NULL, "Server Key"); |
890 | } | |
891 | if (!exc->key) | |
892 | return 0; | |
893 | if (exc->chainfile) { | |
0996dc54 | 894 | if (!load_certs(exc->chainfile, &exc->chain, FORMAT_PEM, NULL, |
a773b52a | 895 | "Server Chain")) |
0f113f3e MC |
896 | return 0; |
897 | } | |
898 | } | |
899 | return 1; | |
900 | } | |
18d71588 | 901 | |
7e1b7485 RS |
902 | enum range { OPT_X_ENUM }; |
903 | ||
904 | int args_excert(int opt, SSL_EXCERT **pexc) | |
0f113f3e | 905 | { |
0f113f3e | 906 | SSL_EXCERT *exc = *pexc; |
7e1b7485 RS |
907 | |
908 | assert(opt > OPT_X__FIRST); | |
909 | assert(opt < OPT_X__LAST); | |
910 | ||
911 | if (exc == NULL) { | |
912 | if (!ssl_excert_prepend(&exc)) { | |
913 | BIO_printf(bio_err, " %s: Error initialising xcert\n", | |
914 | opt_getprog()); | |
0f113f3e MC |
915 | goto err; |
916 | } | |
7e1b7485 | 917 | *pexc = exc; |
0f113f3e | 918 | } |
7e1b7485 RS |
919 | |
920 | switch ((enum range)opt) { | |
921 | case OPT_X__FIRST: | |
922 | case OPT_X__LAST: | |
923 | return 0; | |
924 | case OPT_X_CERT: | |
0f113f3e | 925 | if (exc->certfile && !ssl_excert_prepend(&exc)) { |
7e1b7485 | 926 | BIO_printf(bio_err, "%s: Error adding xcert\n", opt_getprog()); |
0f113f3e MC |
927 | goto err; |
928 | } | |
7e1b7485 RS |
929 | exc->certfile = opt_arg(); |
930 | break; | |
931 | case OPT_X_KEY: | |
0f113f3e | 932 | if (exc->keyfile) { |
7e1b7485 | 933 | BIO_printf(bio_err, "%s: Key already specified\n", opt_getprog()); |
0f113f3e MC |
934 | goto err; |
935 | } | |
7e1b7485 RS |
936 | exc->keyfile = opt_arg(); |
937 | break; | |
938 | case OPT_X_CHAIN: | |
939 | if (exc->chainfile) { | |
940 | BIO_printf(bio_err, "%s: Chain already specified\n", | |
941 | opt_getprog()); | |
0f113f3e MC |
942 | goto err; |
943 | } | |
7e1b7485 RS |
944 | exc->chainfile = opt_arg(); |
945 | break; | |
946 | case OPT_X_CHAIN_BUILD: | |
947 | exc->build_chain = 1; | |
948 | break; | |
949 | case OPT_X_CERTFORM: | |
950 | if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &exc->certform)) | |
951 | return 0; | |
952 | break; | |
953 | case OPT_X_KEYFORM: | |
954 | if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &exc->keyform)) | |
955 | return 0; | |
956 | break; | |
957 | } | |
0f113f3e MC |
958 | return 1; |
959 | ||
960 | err: | |
7e1b7485 | 961 | ERR_print_errors(bio_err); |
25aaa98a | 962 | ssl_excert_free(exc); |
0f113f3e | 963 | *pexc = NULL; |
7e1b7485 | 964 | return 0; |
0f113f3e | 965 | } |
18d71588 | 966 | |
ecf3a1fb | 967 | static void print_raw_cipherlist(SSL *s) |
0f113f3e MC |
968 | { |
969 | const unsigned char *rlist; | |
800fe8e3 | 970 | static const unsigned char scsv_id[] = { 0, 0xFF }; |
0f113f3e MC |
971 | size_t i, rlistlen, num; |
972 | if (!SSL_is_server(s)) | |
973 | return; | |
974 | num = SSL_get0_raw_cipherlist(s, NULL); | |
800fe8e3 | 975 | OPENSSL_assert(num == 2); |
0f113f3e | 976 | rlistlen = SSL_get0_raw_cipherlist(s, &rlist); |
ecf3a1fb | 977 | BIO_puts(bio_err, "Client cipher list: "); |
0f113f3e MC |
978 | for (i = 0; i < rlistlen; i += num, rlist += num) { |
979 | const SSL_CIPHER *c = SSL_CIPHER_find(s, rlist); | |
980 | if (i) | |
ecf3a1fb | 981 | BIO_puts(bio_err, ":"); |
0f113f3e | 982 | if (c) |
ecf3a1fb | 983 | BIO_puts(bio_err, SSL_CIPHER_get_name(c)); |
800fe8e3 | 984 | else if (!memcmp(rlist, scsv_id, num)) |
ecf3a1fb | 985 | BIO_puts(bio_err, "SCSV"); |
0f113f3e MC |
986 | else { |
987 | size_t j; | |
ecf3a1fb | 988 | BIO_puts(bio_err, "0x"); |
0f113f3e | 989 | for (j = 0; j < num; j++) |
ecf3a1fb | 990 | BIO_printf(bio_err, "%02X", rlist[j]); |
0f113f3e MC |
991 | } |
992 | } | |
ecf3a1fb | 993 | BIO_puts(bio_err, "\n"); |
0f113f3e | 994 | } |
2a7cbe77 | 995 | |
c0a445a9 VD |
996 | /* |
997 | * Hex encoder for TLSA RRdata, not ':' delimited. | |
998 | */ | |
999 | static char *hexencode(const unsigned char *data, size_t len) | |
1000 | { | |
1001 | static const char *hex = "0123456789abcdef"; | |
1002 | char *out; | |
1003 | char *cp; | |
1004 | size_t outlen = 2 * len + 1; | |
1005 | int ilen = (int) outlen; | |
1006 | ||
1007 | if (outlen < len || ilen < 0 || outlen != (size_t)ilen) { | |
1008 | BIO_printf(bio_err, "%s: %" PRIu64 "-byte buffer too large to hexencode\n", | |
1009 | opt_getprog(), (uint64_t)len); | |
1010 | exit(1); | |
1011 | } | |
1012 | cp = out = app_malloc(ilen, "TLSA hex data buffer"); | |
1013 | ||
b5f40eb2 | 1014 | while (len-- > 0) { |
c0a445a9 VD |
1015 | *cp++ = hex[(*data >> 4) & 0x0f]; |
1016 | *cp++ = hex[*data++ & 0x0f]; | |
1017 | } | |
1018 | *cp = '\0'; | |
1019 | return out; | |
1020 | } | |
1021 | ||
1022 | void print_verify_detail(SSL *s, BIO *bio) | |
1023 | { | |
1024 | int mdpth; | |
1025 | EVP_PKEY *mspki; | |
1026 | long verify_err = SSL_get_verify_result(s); | |
1027 | ||
1028 | if (verify_err == X509_V_OK) { | |
1029 | const char *peername = SSL_get0_peername(s); | |
1030 | ||
1031 | BIO_printf(bio, "Verification: OK\n"); | |
1032 | if (peername != NULL) | |
1033 | BIO_printf(bio, "Verified peername: %s\n", peername); | |
1034 | } else { | |
1035 | const char *reason = X509_verify_cert_error_string(verify_err); | |
1036 | ||
1037 | BIO_printf(bio, "Verification error: %s\n", reason); | |
1038 | } | |
1039 | ||
1040 | if ((mdpth = SSL_get0_dane_authority(s, NULL, &mspki)) >= 0) { | |
1041 | uint8_t usage, selector, mtype; | |
1042 | const unsigned char *data = NULL; | |
1043 | size_t dlen = 0; | |
1044 | char *hexdata; | |
1045 | ||
1046 | mdpth = SSL_get0_dane_tlsa(s, &usage, &selector, &mtype, &data, &dlen); | |
1047 | ||
1048 | /* | |
1049 | * The TLSA data field can be quite long when it is a certificate, | |
1050 | * public key or even a SHA2-512 digest. Because the initial octets of | |
1051 | * ASN.1 certificates and public keys contain mostly boilerplate OIDs | |
1052 | * and lengths, we show the last 12 bytes of the data instead, as these | |
1053 | * are more likely to distinguish distinct TLSA records. | |
1054 | */ | |
1055 | #define TLSA_TAIL_SIZE 12 | |
1056 | if (dlen > TLSA_TAIL_SIZE) | |
1057 | hexdata = hexencode(data + dlen - TLSA_TAIL_SIZE, TLSA_TAIL_SIZE); | |
1058 | else | |
1059 | hexdata = hexencode(data, dlen); | |
1060 | BIO_printf(bio, "DANE TLSA %d %d %d %s%s %s at depth %d\n", | |
1061 | usage, selector, mtype, | |
1062 | (dlen > TLSA_TAIL_SIZE) ? "..." : "", hexdata, | |
1063 | (mspki != NULL) ? "signed the certificate" : | |
1064 | mdpth ? "matched TA certificate" : "matched EE certificate", | |
1065 | mdpth); | |
1066 | OPENSSL_free(hexdata); | |
1067 | } | |
1068 | } | |
1069 | ||
ecf3a1fb | 1070 | void print_ssl_summary(SSL *s) |
0f113f3e MC |
1071 | { |
1072 | const SSL_CIPHER *c; | |
1073 | X509 *peer; | |
ecf3a1fb RS |
1074 | /* const char *pnam = SSL_is_server(s) ? "client" : "server"; */ |
1075 | ||
1076 | BIO_printf(bio_err, "Protocol version: %s\n", SSL_get_version(s)); | |
1077 | print_raw_cipherlist(s); | |
0f113f3e | 1078 | c = SSL_get_current_cipher(s); |
ecf3a1fb RS |
1079 | BIO_printf(bio_err, "Ciphersuite: %s\n", SSL_CIPHER_get_name(c)); |
1080 | do_print_sigalgs(bio_err, s, 0); | |
0f113f3e MC |
1081 | peer = SSL_get_peer_certificate(s); |
1082 | if (peer) { | |
1083 | int nid; | |
c0a445a9 | 1084 | |
ecf3a1fb RS |
1085 | BIO_puts(bio_err, "Peer certificate: "); |
1086 | X509_NAME_print_ex(bio_err, X509_get_subject_name(peer), | |
0f113f3e | 1087 | 0, XN_FLAG_ONELINE); |
ecf3a1fb | 1088 | BIO_puts(bio_err, "\n"); |
0f113f3e | 1089 | if (SSL_get_peer_signature_nid(s, &nid)) |
ecf3a1fb | 1090 | BIO_printf(bio_err, "Hash used: %s\n", OBJ_nid2sn(nid)); |
c0a445a9 | 1091 | print_verify_detail(s, bio_err); |
0f113f3e | 1092 | } else |
ecf3a1fb | 1093 | BIO_puts(bio_err, "No peer certificate\n"); |
222561fe | 1094 | X509_free(peer); |
14536c8c | 1095 | #ifndef OPENSSL_NO_EC |
ecf3a1fb | 1096 | ssl_print_point_formats(bio_err, s); |
0f113f3e | 1097 | if (SSL_is_server(s)) |
de4d764e | 1098 | ssl_print_groups(bio_err, s, 1); |
0f113f3e | 1099 | else |
ecf3a1fb | 1100 | ssl_print_tmp_key(bio_err, s); |
14536c8c | 1101 | #else |
0f113f3e | 1102 | if (!SSL_is_server(s)) |
ecf3a1fb | 1103 | ssl_print_tmp_key(bio_err, s); |
14536c8c | 1104 | #endif |
0f113f3e | 1105 | } |
2a7cbe77 | 1106 | |
7e1b7485 | 1107 | int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, |
dba31777 | 1108 | SSL_CTX *ctx) |
0f113f3e MC |
1109 | { |
1110 | int i; | |
7e1b7485 | 1111 | |
0f113f3e MC |
1112 | SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); |
1113 | for (i = 0; i < sk_OPENSSL_STRING_num(str); i += 2) { | |
7e1b7485 RS |
1114 | const char *flag = sk_OPENSSL_STRING_value(str, i); |
1115 | const char *arg = sk_OPENSSL_STRING_value(str, i + 1); | |
7e1b7485 RS |
1116 | if (SSL_CONF_cmd(cctx, flag, arg) <= 0) { |
1117 | if (arg) | |
1118 | BIO_printf(bio_err, "Error with command: \"%s %s\"\n", | |
1119 | flag, arg); | |
1120 | else | |
1121 | BIO_printf(bio_err, "Error with command: \"%s\"\n", flag); | |
1122 | ERR_print_errors(bio_err); | |
0f113f3e MC |
1123 | return 0; |
1124 | } | |
1125 | } | |
0f113f3e | 1126 | if (!SSL_CONF_CTX_finish(cctx)) { |
7e1b7485 RS |
1127 | BIO_puts(bio_err, "Error finishing context\n"); |
1128 | ERR_print_errors(bio_err); | |
0f113f3e MC |
1129 | return 0; |
1130 | } | |
1131 | return 1; | |
1132 | } | |
a5afc0a8 | 1133 | |
fdb78f3d | 1134 | static int add_crls_store(X509_STORE *st, STACK_OF(X509_CRL) *crls) |
0f113f3e MC |
1135 | { |
1136 | X509_CRL *crl; | |
1137 | int i; | |
1138 | for (i = 0; i < sk_X509_CRL_num(crls); i++) { | |
1139 | crl = sk_X509_CRL_value(crls, i); | |
1140 | X509_STORE_add_crl(st, crl); | |
1141 | } | |
1142 | return 1; | |
1143 | } | |
fdb78f3d | 1144 | |
0090a686 | 1145 | int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download) |
0f113f3e MC |
1146 | { |
1147 | X509_STORE *st; | |
1148 | st = SSL_CTX_get_cert_store(ctx); | |
1149 | add_crls_store(st, crls); | |
1150 | if (crl_download) | |
1151 | store_setup_crl_download(st); | |
1152 | return 1; | |
1153 | } | |
fdb78f3d | 1154 | |
a5afc0a8 | 1155 | int ssl_load_stores(SSL_CTX *ctx, |
0f113f3e MC |
1156 | const char *vfyCApath, const char *vfyCAfile, |
1157 | const char *chCApath, const char *chCAfile, | |
1158 | STACK_OF(X509_CRL) *crls, int crl_download) | |
1159 | { | |
1160 | X509_STORE *vfy = NULL, *ch = NULL; | |
1161 | int rv = 0; | |
96487cdd | 1162 | if (vfyCApath != NULL || vfyCAfile != NULL) { |
0f113f3e | 1163 | vfy = X509_STORE_new(); |
96487cdd MC |
1164 | if (vfy == NULL) |
1165 | goto err; | |
0f113f3e MC |
1166 | if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath)) |
1167 | goto err; | |
1168 | add_crls_store(vfy, crls); | |
1169 | SSL_CTX_set1_verify_cert_store(ctx, vfy); | |
1170 | if (crl_download) | |
1171 | store_setup_crl_download(vfy); | |
1172 | } | |
96487cdd | 1173 | if (chCApath != NULL || chCAfile != NULL) { |
0f113f3e | 1174 | ch = X509_STORE_new(); |
96487cdd MC |
1175 | if (ch == NULL) |
1176 | goto err; | |
0f113f3e MC |
1177 | if (!X509_STORE_load_locations(ch, chCAfile, chCApath)) |
1178 | goto err; | |
1179 | SSL_CTX_set1_chain_cert_store(ctx, ch); | |
1180 | } | |
1181 | rv = 1; | |
1182 | err: | |
222561fe RS |
1183 | X509_STORE_free(vfy); |
1184 | X509_STORE_free(ch); | |
0f113f3e MC |
1185 | return rv; |
1186 | } | |
e03c5b59 DSH |
1187 | |
1188 | /* Verbose print out of security callback */ | |
1189 | ||
0f113f3e MC |
1190 | typedef struct { |
1191 | BIO *out; | |
1192 | int verbose; | |
e4646a89 | 1193 | int (*old_cb) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid, |
0f113f3e MC |
1194 | void *other, void *ex); |
1195 | } security_debug_ex; | |
e03c5b59 | 1196 | |
3e8e688f RS |
1197 | static STRINT_PAIR callback_types[] = { |
1198 | {"Supported Ciphersuite", SSL_SECOP_CIPHER_SUPPORTED}, | |
1199 | {"Shared Ciphersuite", SSL_SECOP_CIPHER_SHARED}, | |
1200 | {"Check Ciphersuite", SSL_SECOP_CIPHER_CHECK}, | |
1201 | #ifndef OPENSSL_NO_DH | |
1202 | {"Temp DH key bits", SSL_SECOP_TMP_DH}, | |
1203 | #endif | |
1204 | {"Supported Curve", SSL_SECOP_CURVE_SUPPORTED}, | |
1205 | {"Shared Curve", SSL_SECOP_CURVE_SHARED}, | |
1206 | {"Check Curve", SSL_SECOP_CURVE_CHECK}, | |
1207 | {"Supported Signature Algorithm digest", SSL_SECOP_SIGALG_SUPPORTED}, | |
1208 | {"Shared Signature Algorithm digest", SSL_SECOP_SIGALG_SHARED}, | |
1209 | {"Check Signature Algorithm digest", SSL_SECOP_SIGALG_CHECK}, | |
1210 | {"Signature Algorithm mask", SSL_SECOP_SIGALG_MASK}, | |
1211 | {"Certificate chain EE key", SSL_SECOP_EE_KEY}, | |
1212 | {"Certificate chain CA key", SSL_SECOP_CA_KEY}, | |
1213 | {"Peer Chain EE key", SSL_SECOP_PEER_EE_KEY}, | |
1214 | {"Peer Chain CA key", SSL_SECOP_PEER_CA_KEY}, | |
1215 | {"Certificate chain CA digest", SSL_SECOP_CA_MD}, | |
1216 | {"Peer chain CA digest", SSL_SECOP_PEER_CA_MD}, | |
1217 | {"SSL compression", SSL_SECOP_COMPRESSION}, | |
1218 | {"Session ticket", SSL_SECOP_TICKET}, | |
1219 | {NULL} | |
1220 | }; | |
1221 | ||
e4646a89 | 1222 | static int security_callback_debug(const SSL *s, const SSL_CTX *ctx, |
0f113f3e MC |
1223 | int op, int bits, int nid, |
1224 | void *other, void *ex) | |
1225 | { | |
1226 | security_debug_ex *sdb = ex; | |
1227 | int rv, show_bits = 1, cert_md = 0; | |
1228 | const char *nm; | |
1229 | rv = sdb->old_cb(s, ctx, op, bits, nid, other, ex); | |
1230 | if (rv == 1 && sdb->verbose < 2) | |
1231 | return 1; | |
1232 | BIO_puts(sdb->out, "Security callback: "); | |
1233 | ||
3e8e688f | 1234 | nm = lookup(op, callback_types, NULL); |
0f113f3e | 1235 | switch (op) { |
0f113f3e | 1236 | case SSL_SECOP_TICKET: |
0f113f3e | 1237 | case SSL_SECOP_COMPRESSION: |
0f113f3e MC |
1238 | show_bits = 0; |
1239 | nm = NULL; | |
1240 | break; | |
0f113f3e | 1241 | case SSL_SECOP_VERSION: |
3e8e688f | 1242 | BIO_printf(sdb->out, "Version=%s", lookup(nid, ssl_versions, "???")); |
0f113f3e MC |
1243 | show_bits = 0; |
1244 | nm = NULL; | |
1245 | break; | |
0f113f3e | 1246 | case SSL_SECOP_CA_MD: |
0f113f3e MC |
1247 | case SSL_SECOP_PEER_CA_MD: |
1248 | cert_md = 1; | |
0f113f3e | 1249 | break; |
0f113f3e MC |
1250 | } |
1251 | if (nm) | |
1252 | BIO_printf(sdb->out, "%s=", nm); | |
1253 | ||
1254 | switch (op & SSL_SECOP_OTHER_TYPE) { | |
1255 | ||
1256 | case SSL_SECOP_OTHER_CIPHER: | |
1257 | BIO_puts(sdb->out, SSL_CIPHER_get_name(other)); | |
1258 | break; | |
e03c5b59 | 1259 | |
fd86c2b1 | 1260 | #ifndef OPENSSL_NO_EC |
0f113f3e MC |
1261 | case SSL_SECOP_OTHER_CURVE: |
1262 | { | |
1263 | const char *cname; | |
1264 | cname = EC_curve_nid2nist(nid); | |
1265 | if (cname == NULL) | |
1266 | cname = OBJ_nid2sn(nid); | |
1267 | BIO_puts(sdb->out, cname); | |
1268 | } | |
1269 | break; | |
fd86c2b1 | 1270 | #endif |
37f3a3b3 | 1271 | #ifndef OPENSSL_NO_DH |
0f113f3e MC |
1272 | case SSL_SECOP_OTHER_DH: |
1273 | { | |
1274 | DH *dh = other; | |
0aeddcfa | 1275 | BIO_printf(sdb->out, "%d", DH_bits(dh)); |
0f113f3e MC |
1276 | break; |
1277 | } | |
37f3a3b3 | 1278 | #endif |
0f113f3e MC |
1279 | case SSL_SECOP_OTHER_CERT: |
1280 | { | |
1281 | if (cert_md) { | |
1282 | int sig_nid = X509_get_signature_nid(other); | |
1283 | BIO_puts(sdb->out, OBJ_nid2sn(sig_nid)); | |
1284 | } else { | |
c01ff880 | 1285 | EVP_PKEY *pkey = X509_get0_pubkey(other); |
0f113f3e MC |
1286 | const char *algname = ""; |
1287 | EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, | |
1288 | &algname, EVP_PKEY_get0_asn1(pkey)); | |
1289 | BIO_printf(sdb->out, "%s, bits=%d", | |
1290 | algname, EVP_PKEY_bits(pkey)); | |
0f113f3e MC |
1291 | } |
1292 | break; | |
1293 | } | |
1294 | case SSL_SECOP_OTHER_SIGALG: | |
1295 | { | |
1296 | const unsigned char *salg = other; | |
1297 | const char *sname = NULL; | |
1298 | switch (salg[1]) { | |
1299 | case TLSEXT_signature_anonymous: | |
1300 | sname = "anonymous"; | |
1301 | break; | |
1302 | case TLSEXT_signature_rsa: | |
1303 | sname = "RSA"; | |
1304 | break; | |
1305 | case TLSEXT_signature_dsa: | |
1306 | sname = "DSA"; | |
1307 | break; | |
1308 | case TLSEXT_signature_ecdsa: | |
1309 | sname = "ECDSA"; | |
1310 | break; | |
1311 | } | |
1312 | ||
1313 | BIO_puts(sdb->out, OBJ_nid2sn(nid)); | |
1314 | if (sname) | |
1315 | BIO_printf(sdb->out, ", algorithm=%s", sname); | |
1316 | else | |
1317 | BIO_printf(sdb->out, ", algid=%d", salg[1]); | |
1318 | break; | |
1319 | } | |
1320 | ||
1321 | } | |
1322 | ||
1323 | if (show_bits) | |
1324 | BIO_printf(sdb->out, ", security bits=%d", bits); | |
1325 | BIO_printf(sdb->out, ": %s\n", rv ? "yes" : "no"); | |
1326 | return rv; | |
1327 | } | |
e03c5b59 | 1328 | |
ecf3a1fb | 1329 | void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose) |
0f113f3e MC |
1330 | { |
1331 | static security_debug_ex sdb; | |
ecf3a1fb RS |
1332 | |
1333 | sdb.out = bio_err; | |
0f113f3e MC |
1334 | sdb.verbose = verbose; |
1335 | sdb.old_cb = SSL_CTX_get_security_callback(ctx); | |
1336 | SSL_CTX_set_security_callback(ctx, security_callback_debug); | |
1337 | SSL_CTX_set0_security_ex_data(ctx, &sdb); | |
1338 | } |