]> git.ipfire.org Git - thirdparty/openssl.git/blob - ssl/ssl_stat.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Check DSA parameters for excessive sizes before validating
[thirdparty/openssl.git] / ssl / ssl_stat.c
1 /*
2 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright 2005 Nokia. All rights reserved.
4 *
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
9 */
10
11 #include <stdio.h>
12 #include "ssl_local.h"
13
14 const char *SSL_state_string_long(const SSL *s)
15 {
16 if (ossl_statem_in_error(s))
17 return "error";
18
19 switch (SSL_get_state(s)) {
20 case TLS_ST_CR_CERT_STATUS:
21 return "SSLv3/TLS read certificate status";
22 case TLS_ST_CW_NEXT_PROTO:
23 return "SSLv3/TLS write next proto";
24 case TLS_ST_SR_NEXT_PROTO:
25 return "SSLv3/TLS read next proto";
26 case TLS_ST_SW_CERT_STATUS:
27 return "SSLv3/TLS write certificate status";
28 case TLS_ST_BEFORE:
29 return "before SSL initialization";
30 case TLS_ST_OK:
31 return "SSL negotiation finished successfully";
32 case TLS_ST_CW_CLNT_HELLO:
33 return "SSLv3/TLS write client hello";
34 case TLS_ST_CR_SRVR_HELLO:
35 return "SSLv3/TLS read server hello";
36 case TLS_ST_CR_CERT:
37 return "SSLv3/TLS read server certificate";
38 case TLS_ST_CR_KEY_EXCH:
39 return "SSLv3/TLS read server key exchange";
40 case TLS_ST_CR_CERT_REQ:
41 return "SSLv3/TLS read server certificate request";
42 case TLS_ST_CR_SESSION_TICKET:
43 return "SSLv3/TLS read server session ticket";
44 case TLS_ST_CR_SRVR_DONE:
45 return "SSLv3/TLS read server done";
46 case TLS_ST_CW_CERT:
47 return "SSLv3/TLS write client certificate";
48 case TLS_ST_CW_KEY_EXCH:
49 return "SSLv3/TLS write client key exchange";
50 case TLS_ST_CW_CERT_VRFY:
51 return "SSLv3/TLS write certificate verify";
52 case TLS_ST_CW_CHANGE:
53 case TLS_ST_SW_CHANGE:
54 return "SSLv3/TLS write change cipher spec";
55 case TLS_ST_CW_FINISHED:
56 case TLS_ST_SW_FINISHED:
57 return "SSLv3/TLS write finished";
58 case TLS_ST_CR_CHANGE:
59 case TLS_ST_SR_CHANGE:
60 return "SSLv3/TLS read change cipher spec";
61 case TLS_ST_CR_FINISHED:
62 case TLS_ST_SR_FINISHED:
63 return "SSLv3/TLS read finished";
64 case TLS_ST_SR_CLNT_HELLO:
65 return "SSLv3/TLS read client hello";
66 case TLS_ST_SW_HELLO_REQ:
67 return "SSLv3/TLS write hello request";
68 case TLS_ST_SW_SRVR_HELLO:
69 return "SSLv3/TLS write server hello";
70 case TLS_ST_SW_CERT:
71 return "SSLv3/TLS write certificate";
72 case TLS_ST_SW_KEY_EXCH:
73 return "SSLv3/TLS write key exchange";
74 case TLS_ST_SW_CERT_REQ:
75 return "SSLv3/TLS write certificate request";
76 case TLS_ST_SW_SESSION_TICKET:
77 return "SSLv3/TLS write session ticket";
78 case TLS_ST_SW_SRVR_DONE:
79 return "SSLv3/TLS write server done";
80 case TLS_ST_SR_CERT:
81 return "SSLv3/TLS read client certificate";
82 case TLS_ST_SR_KEY_EXCH:
83 return "SSLv3/TLS read client key exchange";
84 case TLS_ST_SR_CERT_VRFY:
85 return "SSLv3/TLS read certificate verify";
86 case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
87 return "DTLS1 read hello verify request";
88 case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
89 return "DTLS1 write hello verify request";
90 case TLS_ST_SW_ENCRYPTED_EXTENSIONS:
91 return "TLSv1.3 write encrypted extensions";
92 case TLS_ST_CR_ENCRYPTED_EXTENSIONS:
93 return "TLSv1.3 read encrypted extensions";
94 case TLS_ST_CR_CERT_VRFY:
95 return "TLSv1.3 read server certificate verify";
96 case TLS_ST_SW_CERT_VRFY:
97 return "TLSv1.3 write server certificate verify";
98 case TLS_ST_CR_HELLO_REQ:
99 return "SSLv3/TLS read hello request";
100 case TLS_ST_SW_KEY_UPDATE:
101 return "TLSv1.3 write server key update";
102 case TLS_ST_CW_KEY_UPDATE:
103 return "TLSv1.3 write client key update";
104 case TLS_ST_SR_KEY_UPDATE:
105 return "TLSv1.3 read client key update";
106 case TLS_ST_CR_KEY_UPDATE:
107 return "TLSv1.3 read server key update";
108 case TLS_ST_EARLY_DATA:
109 return "TLSv1.3 early data";
110 case TLS_ST_PENDING_EARLY_DATA_END:
111 return "TLSv1.3 pending early data end";
112 case TLS_ST_CW_END_OF_EARLY_DATA:
113 return "TLSv1.3 write end of early data";
114 case TLS_ST_SR_END_OF_EARLY_DATA:
115 return "TLSv1.3 read end of early data";
116 default:
117 return "unknown state";
118 }
119 }
120
121 const char *SSL_state_string(const SSL *s)
122 {
123 if (ossl_statem_in_error(s))
124 return "SSLERR";
125
126 switch (SSL_get_state(s)) {
127 case TLS_ST_SR_NEXT_PROTO:
128 return "TRNP";
129 case TLS_ST_SW_SESSION_TICKET:
130 return "TWST";
131 case TLS_ST_SW_CERT_STATUS:
132 return "TWCS";
133 case TLS_ST_CR_CERT_STATUS:
134 return "TRCS";
135 case TLS_ST_CR_SESSION_TICKET:
136 return "TRST";
137 case TLS_ST_CW_NEXT_PROTO:
138 return "TWNP";
139 case TLS_ST_BEFORE:
140 return "PINIT ";
141 case TLS_ST_OK:
142 return "SSLOK ";
143 case TLS_ST_CW_CLNT_HELLO:
144 return "TWCH";
145 case TLS_ST_CR_SRVR_HELLO:
146 return "TRSH";
147 case TLS_ST_CR_CERT:
148 return "TRSC";
149 case TLS_ST_CR_KEY_EXCH:
150 return "TRSKE";
151 case TLS_ST_CR_CERT_REQ:
152 return "TRCR";
153 case TLS_ST_CR_SRVR_DONE:
154 return "TRSD";
155 case TLS_ST_CW_CERT:
156 return "TWCC";
157 case TLS_ST_CW_KEY_EXCH:
158 return "TWCKE";
159 case TLS_ST_CW_CERT_VRFY:
160 return "TWCV";
161 case TLS_ST_SW_CHANGE:
162 case TLS_ST_CW_CHANGE:
163 return "TWCCS";
164 case TLS_ST_SW_FINISHED:
165 case TLS_ST_CW_FINISHED:
166 return "TWFIN";
167 case TLS_ST_SR_CHANGE:
168 case TLS_ST_CR_CHANGE:
169 return "TRCCS";
170 case TLS_ST_SR_FINISHED:
171 case TLS_ST_CR_FINISHED:
172 return "TRFIN";
173 case TLS_ST_SW_HELLO_REQ:
174 return "TWHR";
175 case TLS_ST_SR_CLNT_HELLO:
176 return "TRCH";
177 case TLS_ST_SW_SRVR_HELLO:
178 return "TWSH";
179 case TLS_ST_SW_CERT:
180 return "TWSC";
181 case TLS_ST_SW_KEY_EXCH:
182 return "TWSKE";
183 case TLS_ST_SW_CERT_REQ:
184 return "TWCR";
185 case TLS_ST_SW_SRVR_DONE:
186 return "TWSD";
187 case TLS_ST_SR_CERT:
188 return "TRCC";
189 case TLS_ST_SR_KEY_EXCH:
190 return "TRCKE";
191 case TLS_ST_SR_CERT_VRFY:
192 return "TRCV";
193 case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
194 return "DRCHV";
195 case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
196 return "DWCHV";
197 case TLS_ST_SW_ENCRYPTED_EXTENSIONS:
198 return "TWEE";
199 case TLS_ST_CR_ENCRYPTED_EXTENSIONS:
200 return "TREE";
201 case TLS_ST_CR_CERT_VRFY:
202 return "TRSCV";
203 case TLS_ST_SW_CERT_VRFY:
204 return "TRSCV";
205 case TLS_ST_CR_HELLO_REQ:
206 return "TRHR";
207 case TLS_ST_SW_KEY_UPDATE:
208 return "TWSKU";
209 case TLS_ST_CW_KEY_UPDATE:
210 return "TWCKU";
211 case TLS_ST_SR_KEY_UPDATE:
212 return "TRCKU";
213 case TLS_ST_CR_KEY_UPDATE:
214 return "TRSKU";
215 case TLS_ST_EARLY_DATA:
216 return "TED";
217 case TLS_ST_PENDING_EARLY_DATA_END:
218 return "TPEDE";
219 case TLS_ST_CW_END_OF_EARLY_DATA:
220 return "TWEOED";
221 case TLS_ST_SR_END_OF_EARLY_DATA:
222 return "TWEOED";
223 default:
224 return "UNKWN ";
225 }
226 }
227
228 const char *SSL_alert_type_string_long(int value)
229 {
230 switch (value >> 8) {
231 case SSL3_AL_WARNING:
232 return "warning";
233 case SSL3_AL_FATAL:
234 return "fatal";
235 default:
236 return "unknown";
237 }
238 }
239
240 const char *SSL_alert_type_string(int value)
241 {
242 switch (value >> 8) {
243 case SSL3_AL_WARNING:
244 return "W";
245 case SSL3_AL_FATAL:
246 return "F";
247 default:
248 return "U";
249 }
250 }
251
252 const char *SSL_alert_desc_string(int value)
253 {
254 switch (value & 0xff) {
255 case SSL3_AD_CLOSE_NOTIFY:
256 return "CN";
257 case SSL3_AD_UNEXPECTED_MESSAGE:
258 return "UM";
259 case SSL3_AD_BAD_RECORD_MAC:
260 return "BM";
261 case SSL3_AD_DECOMPRESSION_FAILURE:
262 return "DF";
263 case SSL3_AD_HANDSHAKE_FAILURE:
264 return "HF";
265 case SSL3_AD_NO_CERTIFICATE:
266 return "NC";
267 case SSL3_AD_BAD_CERTIFICATE:
268 return "BC";
269 case SSL3_AD_UNSUPPORTED_CERTIFICATE:
270 return "UC";
271 case SSL3_AD_CERTIFICATE_REVOKED:
272 return "CR";
273 case SSL3_AD_CERTIFICATE_EXPIRED:
274 return "CE";
275 case SSL3_AD_CERTIFICATE_UNKNOWN:
276 return "CU";
277 case SSL3_AD_ILLEGAL_PARAMETER:
278 return "IP";
279 case TLS1_AD_DECRYPTION_FAILED:
280 return "DC";
281 case TLS1_AD_RECORD_OVERFLOW:
282 return "RO";
283 case TLS1_AD_UNKNOWN_CA:
284 return "CA";
285 case TLS1_AD_ACCESS_DENIED:
286 return "AD";
287 case TLS1_AD_DECODE_ERROR:
288 return "DE";
289 case TLS1_AD_DECRYPT_ERROR:
290 return "CY";
291 case TLS1_AD_EXPORT_RESTRICTION:
292 return "ER";
293 case TLS1_AD_PROTOCOL_VERSION:
294 return "PV";
295 case TLS1_AD_INSUFFICIENT_SECURITY:
296 return "IS";
297 case TLS1_AD_INTERNAL_ERROR:
298 return "IE";
299 case TLS1_AD_USER_CANCELLED:
300 return "US";
301 case TLS1_AD_NO_RENEGOTIATION:
302 return "NR";
303 case TLS1_AD_UNSUPPORTED_EXTENSION:
304 return "UE";
305 case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
306 return "CO";
307 case TLS1_AD_UNRECOGNIZED_NAME:
308 return "UN";
309 case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
310 return "BR";
311 case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
312 return "BH";
313 case TLS1_AD_UNKNOWN_PSK_IDENTITY:
314 return "UP";
315 default:
316 return "UK";
317 }
318 }
319
320 const char *SSL_alert_desc_string_long(int value)
321 {
322 switch (value & 0xff) {
323 case SSL3_AD_CLOSE_NOTIFY:
324 return "close notify";
325 case SSL3_AD_UNEXPECTED_MESSAGE:
326 return "unexpected_message";
327 case SSL3_AD_BAD_RECORD_MAC:
328 return "bad record mac";
329 case SSL3_AD_DECOMPRESSION_FAILURE:
330 return "decompression failure";
331 case SSL3_AD_HANDSHAKE_FAILURE:
332 return "handshake failure";
333 case SSL3_AD_NO_CERTIFICATE:
334 return "no certificate";
335 case SSL3_AD_BAD_CERTIFICATE:
336 return "bad certificate";
337 case SSL3_AD_UNSUPPORTED_CERTIFICATE:
338 return "unsupported certificate";
339 case SSL3_AD_CERTIFICATE_REVOKED:
340 return "certificate revoked";
341 case SSL3_AD_CERTIFICATE_EXPIRED:
342 return "certificate expired";
343 case SSL3_AD_CERTIFICATE_UNKNOWN:
344 return "certificate unknown";
345 case SSL3_AD_ILLEGAL_PARAMETER:
346 return "illegal parameter";
347 case TLS1_AD_DECRYPTION_FAILED:
348 return "decryption failed";
349 case TLS1_AD_RECORD_OVERFLOW:
350 return "record overflow";
351 case TLS1_AD_UNKNOWN_CA:
352 return "unknown CA";
353 case TLS1_AD_ACCESS_DENIED:
354 return "access denied";
355 case TLS1_AD_DECODE_ERROR:
356 return "decode error";
357 case TLS1_AD_DECRYPT_ERROR:
358 return "decrypt error";
359 case TLS1_AD_EXPORT_RESTRICTION:
360 return "export restriction";
361 case TLS1_AD_PROTOCOL_VERSION:
362 return "protocol version";
363 case TLS1_AD_INSUFFICIENT_SECURITY:
364 return "insufficient security";
365 case TLS1_AD_INTERNAL_ERROR:
366 return "internal error";
367 case TLS1_AD_USER_CANCELLED:
368 return "user canceled";
369 case TLS1_AD_NO_RENEGOTIATION:
370 return "no renegotiation";
371 case TLS1_AD_UNSUPPORTED_EXTENSION:
372 return "unsupported extension";
373 case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
374 return "certificate unobtainable";
375 case TLS1_AD_UNRECOGNIZED_NAME:
376 return "unrecognized name";
377 case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
378 return "bad certificate status response";
379 case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
380 return "bad certificate hash value";
381 case TLS1_AD_UNKNOWN_PSK_IDENTITY:
382 return "unknown PSK identity";
383 case TLS1_AD_NO_APPLICATION_PROTOCOL:
384 return "no application protocol";
385 default:
386 return "unknown";
387 }
388 }
A mirror of the official openssl repository