s_cb.c 39.4 KB
Newer Older
B
Bodo Möller 已提交
1
/* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */
2
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
58
/* ====================================================================
59
 * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    openssl-core@openssl.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
111 112 113 114 115 116 117 118

#include <stdio.h>
#include <stdlib.h>
#define USE_SOCKETS
#define NON_MAIN
#include "apps.h"
#undef NON_MAIN
#undef USE_SOCKETS
119
#include <openssl/err.h>
D
Dr. Stephen Henson 已提交
120
#include <openssl/rand.h>
121 122
#include <openssl/x509.h>
#include <openssl/ssl.h>
123 124
#include "s_apps.h"

D
Dr. Stephen Henson 已提交
125 126
#define	COOKIE_SECRET_LENGTH	16

127
int verify_depth=0;
128
int verify_quiet=0;
129
int verify_error=X509_V_OK;
130
int verify_return_error=0;
D
Dr. Stephen Henson 已提交
131 132
unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
int cookie_initialized=0;
133

U
Ulf Möller 已提交
134
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
135 136 137 138 139 140 141 142
	{
	X509 *err_cert;
	int err,depth;

	err_cert=X509_STORE_CTX_get_current_cert(ctx);
	err=	X509_STORE_CTX_get_error(ctx);
	depth=	X509_STORE_CTX_get_error_depth(ctx);

143
	if (!verify_quiet || !ok)
144
		{
145 146 147 148 149
		BIO_printf(bio_err,"depth=%d ",depth);
		if (err_cert)
			{
			X509_NAME_print_ex(bio_err,
					X509_get_subject_name(err_cert),
150
					0, XN_FLAG_ONELINE);
151 152 153 154
			BIO_puts(bio_err, "\n");
			}
		else
			BIO_puts(bio_err, "<no cert>\n");
155
		}
156 157 158 159 160 161
	if (!ok)
		{
		BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
			X509_verify_cert_error_string(err));
		if (verify_depth >= depth)
			{
162 163
			if (!verify_return_error)
				ok=1;
164 165 166 167 168 169 170 171
			verify_error=X509_V_OK;
			}
		else
			{
			ok=0;
			verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG;
			}
		}
172
	switch (err)
173 174
		{
	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
175 176 177 178
		BIO_puts(bio_err,"issuer= ");
		X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
					0, XN_FLAG_ONELINE);
		BIO_puts(bio_err, "\n");
179 180 181 182
		break;
	case X509_V_ERR_CERT_NOT_YET_VALID:
	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
		BIO_printf(bio_err,"notBefore=");
183
		ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert));
184 185 186 187 188
		BIO_printf(bio_err,"\n");
		break;
	case X509_V_ERR_CERT_HAS_EXPIRED:
	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
		BIO_printf(bio_err,"notAfter=");
189
		ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert));
190 191
		BIO_printf(bio_err,"\n");
		break;
192
	case X509_V_ERR_NO_EXPLICIT_POLICY:
193 194
		if (!verify_quiet)
			policies_print(bio_err, ctx);
195
		break;
196
		}
197
	if (err == X509_V_OK && ok == 2 && !verify_quiet)
198
		policies_print(bio_err, ctx);
199 200
	if (ok && !verify_quiet)
		BIO_printf(bio_err,"verify return:%d\n",ok);
201 202 203
	return(ok);
	}

U
Ulf Möller 已提交
204
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
205 206 207
	{
	if (cert_file != NULL)
		{
208
		/*
209 210
		SSL *ssl;
		X509 *x509;
211
		*/
212 213 214 215

		if (SSL_CTX_use_certificate_file(ctx,cert_file,
			SSL_FILETYPE_PEM) <= 0)
			{
216
			BIO_printf(bio_err,"unable to get certificate from '%s'\n",cert_file);
217 218 219 220 221 222 223
			ERR_print_errors(bio_err);
			return(0);
			}
		if (key_file == NULL) key_file=cert_file;
		if (SSL_CTX_use_PrivateKey_file(ctx,key_file,
			SSL_FILETYPE_PEM) <= 0)
			{
224
			BIO_printf(bio_err,"unable to get private key from '%s'\n",key_file);
225 226 227 228
			ERR_print_errors(bio_err);
			return(0);
			}

229 230
		/*
		In theory this is no longer needed 
231 232 233
		ssl=SSL_new(ctx);
		x509=SSL_get_certificate(ssl);

234 235 236 237 238 239 240
		if (x509 != NULL) {
			EVP_PKEY *pktmp;
			pktmp = X509_get_pubkey(x509);
			EVP_PKEY_copy_parameters(pktmp,
						SSL_get_privatekey(ssl));
			EVP_PKEY_free(pktmp);
		}
241
		SSL_free(ssl);
242
		*/
243 244 245

		/* If we are using DSA, we can copy the parameters from
		 * the private key */
B
Ben Laurie 已提交
246 247


248 249 250 251 252 253 254 255 256 257 258
		/* Now we know that a key and cert have been set against
		 * the SSL context */
		if (!SSL_CTX_check_private_key(ctx))
			{
			BIO_printf(bio_err,"Private key does not match the certificate public key\n");
			return(0);
			}
		}
	return(1);
	}

259
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
260
		       STACK_OF(X509) *chain, int build_chain)
D
PR: 910  
Dr. Stephen Henson 已提交
261
	{
B
Ben Laurie 已提交
262
	if (cert == NULL)
263
		return 1;
D
PR: 910  
Dr. Stephen Henson 已提交
264 265 266 267 268 269 270
	if (SSL_CTX_use_certificate(ctx,cert) <= 0)
		{
		BIO_printf(bio_err,"error setting certificate\n");
		ERR_print_errors(bio_err);
		return 0;
		}

B
Ben Laurie 已提交
271 272 273 274 275 276 277 278 279
 	if (SSL_CTX_use_PrivateKey(ctx,key) <= 0)
 		{
 		BIO_printf(bio_err,"error setting private key\n");
 		ERR_print_errors(bio_err);
 		return 0;
 		}
		 
	/* Now we know that a key and cert have been set against
 	 * the SSL context */
D
PR: 910  
Dr. Stephen Henson 已提交
280 281 282 283 284
	if (!SSL_CTX_check_private_key(ctx))
		{
		BIO_printf(bio_err,"Private key does not match the certificate public key\n");
		return 0;
		}
285 286 287 288 289 290
	if (chain && !SSL_CTX_set1_chain(ctx, chain))
		{
		BIO_printf(bio_err,"error setting certificate chain\n");
		ERR_print_errors(bio_err);
		return 0;
		}
291 292 293 294 295 296
	if (!chain && build_chain && !SSL_CTX_build_cert_chain(ctx, 0))
		{
		BIO_printf(bio_err,"error building certificate chain\n");
		ERR_print_errors(bio_err);
		return 0;
		}
D
PR: 910  
Dr. Stephen Henson 已提交
297 298 299
	return 1;
	}

300
static void ssl_print_client_cert_types(BIO *bio, SSL *s)
301
	{
302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368
	const unsigned char *p;
	int i;
	int cert_type_num = SSL_get0_certificate_types(s, &p);
	if (!cert_type_num)
		return;
	BIO_puts(bio, "Client Certificate Types: ");
	for (i = 0; i < cert_type_num; i++)
		{
		unsigned char cert_type = p[i];
		char *cname;
		switch(cert_type)
			{
		case TLS_CT_RSA_SIGN:
			cname = "RSA sign";
			break;

		case TLS_CT_DSS_SIGN:
			cname = "DSA sign";
			break;

		case TLS_CT_RSA_FIXED_DH:
			cname = "RSA fixed DH";
			break;

		case TLS_CT_DSS_FIXED_DH:
			cname = "DSS fixed DH";
			break;

		case TLS_CT_ECDSA_SIGN:
			cname = "ECDSA sign";
			break;

		case TLS_CT_RSA_FIXED_ECDH:
			cname = "RSA fixed ECDH";
			break;

		case TLS_CT_ECDSA_FIXED_ECDH:
			cname = "ECDSA fixed ECDH";
			break;

		case TLS_CT_GOST94_SIGN:
			cname = "GOST94 Sign";
			break;

		case TLS_CT_GOST01_SIGN:
			cname = "GOST01 Sign";
			break;

		default:
			 cname = NULL;
			}

		if (i)
			BIO_puts(bio, ", ");

		if (cname)
			BIO_puts(bio, cname);
		else
			BIO_printf(bio, "UNKNOWN (%d),", cert_type);
		}
	BIO_puts(bio, "\n");
	}

static int do_print_sigalgs(BIO *out, SSL *s, int shared)
	{
	int i, nsig, client;
	client = SSL_is_server(s) ? 0 : 1;
369 370 371 372 373
	if (shared)
		nsig = SSL_get_shared_sigalgs(s, -1, NULL, NULL, NULL,
							NULL, NULL);
	else
		nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);
374 375 376
	if (nsig == 0)
		return 1;

377 378 379 380 381
	if (shared)
		BIO_puts(out, "Shared ");

	if (client)
		BIO_puts(out, "Requested ");
382 383 384 385 386 387
	BIO_puts(out, "Signature Algorithms: ");
	for (i = 0; i < nsig; i++)
		{
		int hash_nid, sign_nid;
		unsigned char rhash, rsign;
		const char *sstr = NULL;
388 389 390 391 392
		if (shared)
			SSL_get_shared_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
							&rsign, &rhash);
		else
			SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414
							&rsign, &rhash);
		if (i)
			BIO_puts(out, ":");
		if (sign_nid == EVP_PKEY_RSA)
			sstr = "RSA";
		else if(sign_nid == EVP_PKEY_DSA)
			sstr = "DSA";
		else if(sign_nid == EVP_PKEY_EC)
			sstr = "ECDSA";
		if (sstr)
			BIO_printf(out,"%s+", sstr);
		else
			BIO_printf(out,"0x%02X+", (int)rsign);
		if (hash_nid != NID_undef)
			BIO_printf(out, "%s", OBJ_nid2sn(hash_nid));
		else
			BIO_printf(out,"0x%02X", (int)rhash);
		}
	BIO_puts(out, "\n");
	return 1;
	}

415
int ssl_print_sigalgs(BIO *out, SSL *s)
416
	{
417
	int mdnid;
418 419 420 421
	if (!SSL_is_server(s))
		ssl_print_client_cert_types(out, s);
	do_print_sigalgs(out, s, 0);
	do_print_sigalgs(out, s, 1);
422 423
	if (SSL_get_peer_signature_nid(s, &mdnid))
		BIO_printf(out, "Peer signing digest: %s\n", OBJ_nid2sn(mdnid));
424 425 426
	return 1;
	}

427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464
int ssl_print_point_formats(BIO *out, SSL *s)
	{
	int i, nformats;
	const char *pformats;
	nformats = SSL_get0_ec_point_formats(s, &pformats);
	if (nformats <= 0)
		return 1;
	BIO_puts(out, "Supported Elliptic Curve Point Formats: ");
	for (i = 0; i < nformats; i++, pformats++)
		{
		if (i)
			BIO_puts(out, ":");
		switch(*pformats)
			{
		case TLSEXT_ECPOINTFORMAT_uncompressed:
			BIO_puts(out, "uncompressed");
			break;

		case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime:
			BIO_puts(out, "ansiX962_compressed_prime");
			break;

		case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2:
			BIO_puts(out, "ansiX962_compressed_char2");
			break;

		default:
			BIO_printf(out, "unknown(%d)", (int)*pformats);
			break;

			}
		}
	if (nformats <= 0)
		BIO_puts(out, "NONE");
	BIO_puts(out, "\n");
	return 1;
	}

465
int ssl_print_curves(BIO *out, SSL *s, int noshared)
466
	{
467 468 469
	int i, ncurves, *curves, nid;
	const char *cname;
	ncurves = SSL_get1_curves(s, NULL);
470 471 472
	if (ncurves <= 0)
		return 1;
	curves = OPENSSL_malloc(ncurves * sizeof(int));
473
	SSL_get1_curves(s, curves);
474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492

	BIO_puts(out, "Supported Elliptic Curves: ");
	for (i = 0; i < ncurves; i++)
		{
		if (i)
			BIO_puts(out, ":");
		nid = curves[i];
		/* If unrecognised print out hex version */
		if (nid & TLSEXT_nid_unknown)
			BIO_printf(out, "0x%04X", nid & 0xFFFF);
		else
			{
			/* Use NIST name for curve if it exists */
			cname = EC_curve_nid2nist(nid);
			if (!cname)
				cname = OBJ_nid2sn(nid);
			BIO_printf(out, "%s", cname);
			}
		}
493 494
	if (ncurves == 0)
		BIO_puts(out, "NONE");
495
	OPENSSL_free(curves);
496 497 498 499 500
	if (noshared)
		{
		BIO_puts(out, "\n");
		return 1;
		}
501 502 503 504 505 506 507 508 509 510 511 512
	BIO_puts(out, "\nShared Elliptic curves: ");
	ncurves = SSL_get_shared_curve(s, -1);
	for (i = 0; i < ncurves; i++)
		{
		if (i)
			BIO_puts(out, ":");
		nid = SSL_get_shared_curve(s, i);
		cname = EC_curve_nid2nist(nid);
		if (!cname)
			cname = OBJ_nid2sn(nid);
		BIO_printf(out, "%s", cname);
		}
513 514
	if (ncurves == 0)
		BIO_puts(out, "NONE");
515
	BIO_puts(out, "\n");
516 517 518
	return 1;
	}

519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552
int ssl_print_tmp_key(BIO *out, SSL *s)
	{
	EVP_PKEY *key;
	if (!SSL_get_server_tmp_key(s, &key))
		return 1;
	BIO_puts(out, "Server Temp Key: ");
	switch (EVP_PKEY_id(key))
		{
	case EVP_PKEY_RSA:
		BIO_printf(out, "RSA, %d bits\n", EVP_PKEY_bits(key));
		break;

	case EVP_PKEY_DH:
		BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key));
		break;

	case EVP_PKEY_EC:
			{
			EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
			int nid;
			const char *cname;
			nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
			EC_KEY_free(ec);
			cname = EC_curve_nid2nist(nid);
			if (!cname)
				cname = OBJ_nid2sn(nid);
			BIO_printf(out, "ECDH, %s, %d bits\n",
						cname, EVP_PKEY_bits(key));
			}
		}
	EVP_PKEY_free(key);
	return 1;
	}
		
553

554
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
555
				   int argi, long argl, long ret)
556 557 558 559 560 561 562 563
	{
	BIO *out;

	out=(BIO *)BIO_get_callback_arg(bio);
	if (out == NULL) return(ret);

	if (cmd == (BIO_CB_READ|BIO_CB_RETURN))
		{
564 565
		BIO_printf(out,"read from %p [%p] (%lu bytes => %ld (0x%lX))\n",
 			(void *)bio,argp,(unsigned long)argi,ret,ret);
566 567 568 569 570
		BIO_dump(out,argp,(int)ret);
		return(ret);
		}
	else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
		{
571 572
		BIO_printf(out,"write to %p [%p] (%lu bytes => %ld (0x%lX))\n",
			(void *)bio,argp,(unsigned long)argi,ret,ret);
573 574 575 576 577
		BIO_dump(out,argp,(int)ret);
		}
	return(ret);
	}

B
Ben Laurie 已提交
578
void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret)
579
	{
N
Nils Larsch 已提交
580
	const char *str;
581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613
	int w;

	w=where& ~SSL_ST_MASK;

	if (w & SSL_ST_CONNECT) str="SSL_connect";
	else if (w & SSL_ST_ACCEPT) str="SSL_accept";
	else str="undefined";

	if (where & SSL_CB_LOOP)
		{
		BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s));
		}
	else if (where & SSL_CB_ALERT)
		{
		str=(where & SSL_CB_READ)?"read":"write";
		BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n",
			str,
			SSL_alert_type_string_long(ret),
			SSL_alert_desc_string_long(ret));
		}
	else if (where & SSL_CB_EXIT)
		{
		if (ret == 0)
			BIO_printf(bio_err,"%s:failed in %s\n",
				str,SSL_state_string_long(s));
		else if (ret < 0)
			{
			BIO_printf(bio_err,"%s:error in %s\n",
				str,SSL_state_string_long(s));
			}
		}
	}

614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632

void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
	{
	BIO *bio = arg;
	const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2= "";
	
	str_write_p = write_p ? ">>>" : "<<<";

	switch (version)
		{
	case SSL2_VERSION:
		str_version = "SSL 2.0";
		break;
	case SSL3_VERSION:
		str_version = "SSL 3.0 ";
		break;
	case TLS1_VERSION:
		str_version = "TLS 1.0 ";
		break;
633 634 635
	case TLS1_1_VERSION:
		str_version = "TLS 1.1 ";
		break;
636 637 638
	case TLS1_2_VERSION:
		str_version = "TLS 1.2 ";
		break;
D
Dr. Stephen Henson 已提交
639 640 641 642 643 644
	case DTLS1_VERSION:
		str_version = "DTLS 1.0 ";
		break;
	case DTLS1_BAD_VER:
		str_version = "DTLS 1.0 (bad) ";
		break;
645 646 647 648
	default:
		str_version = "???";
		}

649 650 651 652 653 654
	if (version == SSL2_VERSION)
		{
		str_details1 = "???";

		if (len > 0)
			{
N
Nils Larsch 已提交
655
			switch (((const unsigned char*)buf)[0])
656 657 658 659 660 661
				{
				case 0:
					str_details1 = ", ERROR:";
					str_details2 = " ???";
					if (len >= 3)
						{
N
Nils Larsch 已提交
662
						unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2];
663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709
						
						switch (err)
							{
						case 0x0001:
							str_details2 = " NO-CIPHER-ERROR";
							break;
						case 0x0002:
							str_details2 = " NO-CERTIFICATE-ERROR";
							break;
						case 0x0004:
							str_details2 = " BAD-CERTIFICATE-ERROR";
							break;
						case 0x0006:
							str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR";
							break;
							}
						}

					break;
				case 1:
					str_details1 = ", CLIENT-HELLO";
					break;
				case 2:
					str_details1 = ", CLIENT-MASTER-KEY";
					break;
				case 3:
					str_details1 = ", CLIENT-FINISHED";
					break;
				case 4:
					str_details1 = ", SERVER-HELLO";
					break;
				case 5:
					str_details1 = ", SERVER-VERIFY";
					break;
				case 6:
					str_details1 = ", SERVER-FINISHED";
					break;
				case 7:
					str_details1 = ", REQUEST-CERTIFICATE";
					break;
				case 8:
					str_details1 = ", CLIENT-CERTIFICATE";
					break;
				}
			}
		}

D
Dr. Stephen Henson 已提交
710 711
	if (version == SSL3_VERSION ||
	    version == TLS1_VERSION ||
712 713
	    version == TLS1_1_VERSION ||
	    version == TLS1_2_VERSION ||
D
Dr. Stephen Henson 已提交
714 715
	    version == DTLS1_VERSION ||
	    version == DTLS1_BAD_VER)
716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735
		{
		switch (content_type)
			{
		case 20:
			str_content_type = "ChangeCipherSpec";
			break;
		case 21:
			str_content_type = "Alert";
			break;
		case 22:
			str_content_type = "Handshake";
			break;
			}

		if (content_type == 21) /* Alert */
			{
			str_details1 = ", ???";
			
			if (len == 2)
				{
N
Nils Larsch 已提交
736
				switch (((const unsigned char*)buf)[0])
737 738 739 740 741 742 743 744 745 746
					{
				case 1:
					str_details1 = ", warning";
					break;
				case 2:
					str_details1 = ", fatal";
					break;
					}

				str_details2 = " ???";
N
Nils Larsch 已提交
747
				switch (((const unsigned char*)buf)[1])
748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817
					{
				case 0:
					str_details2 = " close_notify";
					break;
				case 10:
					str_details2 = " unexpected_message";
					break;
				case 20:
					str_details2 = " bad_record_mac";
					break;
				case 21:
					str_details2 = " decryption_failed";
					break;
				case 22:
					str_details2 = " record_overflow";
					break;
				case 30:
					str_details2 = " decompression_failure";
					break;
				case 40:
					str_details2 = " handshake_failure";
					break;
				case 42:
					str_details2 = " bad_certificate";
					break;
				case 43:
					str_details2 = " unsupported_certificate";
					break;
				case 44:
					str_details2 = " certificate_revoked";
					break;
				case 45:
					str_details2 = " certificate_expired";
					break;
				case 46:
					str_details2 = " certificate_unknown";
					break;
				case 47:
					str_details2 = " illegal_parameter";
					break;
				case 48:
					str_details2 = " unknown_ca";
					break;
				case 49:
					str_details2 = " access_denied";
					break;
				case 50:
					str_details2 = " decode_error";
					break;
				case 51:
					str_details2 = " decrypt_error";
					break;
				case 60:
					str_details2 = " export_restriction";
					break;
				case 70:
					str_details2 = " protocol_version";
					break;
				case 71:
					str_details2 = " insufficient_security";
					break;
				case 80:
					str_details2 = " internal_error";
					break;
				case 90:
					str_details2 = " user_canceled";
					break;
				case 100:
					str_details2 = " no_renegotiation";
					break;
818 819 820 821 822 823 824 825 826 827 828 829 830 831 832
				case 110:
					str_details2 = " unsupported_extension";
					break;
				case 111:
					str_details2 = " certificate_unobtainable";
					break;
				case 112:
					str_details2 = " unrecognized_name";
					break;
				case 113:
					str_details2 = " bad_certificate_status_response";
					break;
				case 114:
					str_details2 = " bad_certificate_hash_value";
					break;
D
Dr. Stephen Henson 已提交
833 834 835
				case 115:
					str_details2 = " unknown_psk_identity";
					break;
836 837 838 839 840 841 842 843 844 845
					}
				}
			}
		
		if (content_type == 22) /* Handshake */
			{
			str_details1 = "???";

			if (len > 0)
				{
N
Nils Larsch 已提交
846
				switch (((const unsigned char*)buf)[0])
847 848 849 850 851 852 853 854 855 856
					{
				case 0:
					str_details1 = ", HelloRequest";
					break;
				case 1:
					str_details1 = ", ClientHello";
					break;
				case 2:
					str_details1 = ", ServerHello";
					break;
D
Dr. Stephen Henson 已提交
857 858 859
				case 3:
					str_details1 = ", HelloVerifyRequest";
					break;
860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883
				case 11:
					str_details1 = ", Certificate";
					break;
				case 12:
					str_details1 = ", ServerKeyExchange";
					break;
				case 13:
					str_details1 = ", CertificateRequest";
					break;
				case 14:
					str_details1 = ", ServerHelloDone";
					break;
				case 15:
					str_details1 = ", CertificateVerify";
					break;
				case 16:
					str_details1 = ", ClientKeyExchange";
					break;
				case 20:
					str_details1 = ", Finished";
					break;
					}
				}
			}
D
Dr. Stephen Henson 已提交
884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903

#ifndef OPENSSL_NO_HEARTBEATS
		if (content_type == 24) /* Heartbeat */
			{
			str_details1 = ", Heartbeat";
			
			if (len > 0)
				{
				switch (((const unsigned char*)buf)[0])
					{
				case 1:
					str_details1 = ", HeartbeatRequest";
					break;
				case 2:
					str_details1 = ", HeartbeatResponse";
					break;
					}
				}
			}
#endif
904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921
		}

	BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long)len, str_details1, str_details2);

	if (len > 0)
		{
		size_t num, i;
		
		BIO_printf(bio, "   ");
		num = len;
#if 0
		if (num > 16)
			num = 16;
#endif
		for (i = 0; i < num; i++)
			{
			if (i % 16 == 0 && i > 0)
				BIO_printf(bio, "\n   ");
N
Nils Larsch 已提交
922
			BIO_printf(bio, " %02x", ((const unsigned char*)buf)[i]);
923 924 925 926 927
			}
		if (i < len)
			BIO_printf(bio, " ...");
		BIO_printf(bio, "\n");
		}
D
Dr. Stephen Henson 已提交
928
	(void)BIO_flush(bio);
929
	}
930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963

void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
					unsigned char *data, int len,
					void *arg)
	{
	BIO *bio = arg;
	char *extname;

	switch(type)
		{
		case TLSEXT_TYPE_server_name:
		extname = "server name";
		break;

		case TLSEXT_TYPE_max_fragment_length:
		extname = "max fragment length";
		break;

		case TLSEXT_TYPE_client_certificate_url:
		extname = "client certificate URL";
		break;

		case TLSEXT_TYPE_trusted_ca_keys:
		extname = "trusted CA keys";
		break;

		case TLSEXT_TYPE_truncated_hmac:
		extname = "truncated HMAC";
		break;

		case TLSEXT_TYPE_status_request:
		extname = "status request";
		break;

964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979
		case TLSEXT_TYPE_user_mapping:
		extname = "user mapping";
		break;

		case TLSEXT_TYPE_client_authz:
		extname = "client authz";
		break;

		case TLSEXT_TYPE_server_authz:
		extname = "server authz";
		break;

		case TLSEXT_TYPE_cert_type:
		extname = "cert type";
		break;

980 981 982 983 984 985 986 987
		case TLSEXT_TYPE_elliptic_curves:
		extname = "elliptic curves";
		break;

		case TLSEXT_TYPE_ec_point_formats:
		extname = "EC point formats";
		break;

988 989
		case TLSEXT_TYPE_srp:
		extname = "SRP";
990 991
		break;

992 993 994 995
		case TLSEXT_TYPE_signature_algorithms:
		extname = "signature algorithms";
		break;

996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011
		case TLSEXT_TYPE_use_srtp:
		extname = "use SRTP";
		break;

		case TLSEXT_TYPE_heartbeat:
		extname = "heartbeat";
		break;

		case TLSEXT_TYPE_session_ticket:
		extname = "session ticket";
		break;

		case TLSEXT_TYPE_renegotiate: 
		extname = "renegotiation info";
		break;

1012 1013 1014 1015 1016
#ifdef TLSEXT_TYPE_opaque_prf_input
		case TLSEXT_TYPE_opaque_prf_input:
		extname = "opaque PRF input";
		break;
#endif
1017 1018 1019 1020 1021
#ifdef TLSEXT_TYPE_next_proto_neg
		case TLSEXT_TYPE_next_proto_neg:
		extname = "next protocol";
		break;
#endif
1022 1023 1024 1025 1026 1027 1028 1029 1030 1031

		default:
		extname = "unknown";
		break;

		}
	
	BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n",
			client_server ? "server": "client",
			extname, type, len);
D
Dr. Stephen Henson 已提交
1032
	BIO_dump(bio, (char *)data, len);
1033
	(void)BIO_flush(bio);
1034
	}
D
Dr. Stephen Henson 已提交
1035 1036 1037 1038 1039

int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)
	{
	unsigned char *buffer, result[EVP_MAX_MD_SIZE];
	unsigned int length, resultlength;
D
Dr. Stephen Henson 已提交
1040
	union {
1041
		struct sockaddr sa;
D
Dr. Stephen Henson 已提交
1042
		struct sockaddr_in s4;
1043 1044
#if OPENSSL_USE_IPV6
		struct sockaddr_in6 s6;
D
Dr. Stephen Henson 已提交
1045
#endif
1046
	} peer;
D
Dr. Stephen Henson 已提交
1047

D
Dr. Stephen Henson 已提交
1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062
	/* Initialize a random secret */
	if (!cookie_initialized)
		{
		if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH))
			{
			BIO_printf(bio_err,"error setting random cookie secret\n");
			return 0;
			}
		cookie_initialized = 1;
		}

	/* Read peer information */
	(void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);

	/* Create buffer with peer's address and port */
D
Dr. Stephen Henson 已提交
1063
	length = 0;
1064
	switch (peer.sa.sa_family)
D
Dr. Stephen Henson 已提交
1065 1066 1067
		{
	case AF_INET:
		length += sizeof(struct in_addr);
1068
		length += sizeof(peer.s4.sin_port);
D
Dr. Stephen Henson 已提交
1069
		break;
1070
#if OPENSSL_USE_IPV6
D
Dr. Stephen Henson 已提交
1071 1072
	case AF_INET6:
		length += sizeof(struct in6_addr);
1073
		length += sizeof(peer.s6.sin6_port);
D
Dr. Stephen Henson 已提交
1074
		break;
1075
#endif
D
Dr. Stephen Henson 已提交
1076 1077 1078 1079
	default:
		OPENSSL_assert(0);
		break;
		}
D
Dr. Stephen Henson 已提交
1080 1081 1082 1083 1084 1085 1086
	buffer = OPENSSL_malloc(length);

	if (buffer == NULL)
		{
		BIO_printf(bio_err,"out of memory\n");
		return 0;
		}
D
Dr. Stephen Henson 已提交
1087

1088
	switch (peer.sa.sa_family)
D
Dr. Stephen Henson 已提交
1089 1090 1091 1092
		{
	case AF_INET:
		memcpy(buffer,
		       &peer.s4.sin_port,
1093 1094
		       sizeof(peer.s4.sin_port));
		memcpy(buffer + sizeof(peer.s4.sin_port),
D
Dr. Stephen Henson 已提交
1095 1096 1097
		       &peer.s4.sin_addr,
		       sizeof(struct in_addr));
		break;
1098
#if OPENSSL_USE_IPV6
D
Dr. Stephen Henson 已提交
1099 1100 1101
	case AF_INET6:
		memcpy(buffer,
		       &peer.s6.sin6_port,
1102 1103
		       sizeof(peer.s6.sin6_port));
		memcpy(buffer + sizeof(peer.s6.sin6_port),
D
Dr. Stephen Henson 已提交
1104 1105 1106
		       &peer.s6.sin6_addr,
		       sizeof(struct in6_addr));
		break;
1107
#endif
D
Dr. Stephen Henson 已提交
1108 1109 1110 1111
	default:
		OPENSSL_assert(0);
		break;
		}
D
Dr. Stephen Henson 已提交
1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127

	/* Calculate HMAC of buffer using the secret */
	HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
	     buffer, length, result, &resultlength);
	OPENSSL_free(buffer);

	memcpy(cookie, result, resultlength);
	*cookie_len = resultlength;

	return 1;
	}

int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)
	{
	unsigned char *buffer, result[EVP_MAX_MD_SIZE];
	unsigned int length, resultlength;
D
Dr. Stephen Henson 已提交
1128
	union {
1129
		struct sockaddr sa;
D
Dr. Stephen Henson 已提交
1130
		struct sockaddr_in s4;
1131 1132
#if OPENSSL_USE_IPV6
		struct sockaddr_in6 s6;
D
Dr. Stephen Henson 已提交
1133
#endif
1134
	} peer;
D
Dr. Stephen Henson 已提交
1135

D
Dr. Stephen Henson 已提交
1136 1137 1138 1139 1140 1141 1142 1143
	/* If secret isn't initialized yet, the cookie can't be valid */
	if (!cookie_initialized)
		return 0;

	/* Read peer information */
	(void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);

	/* Create buffer with peer's address and port */
D
Dr. Stephen Henson 已提交
1144
	length = 0;
1145
	switch (peer.sa.sa_family)
D
Dr. Stephen Henson 已提交
1146 1147 1148
		{
	case AF_INET:
		length += sizeof(struct in_addr);
1149
		length += sizeof(peer.s4.sin_port);
D
Dr. Stephen Henson 已提交
1150
		break;
1151
#if OPENSSL_USE_IPV6
D
Dr. Stephen Henson 已提交
1152 1153
	case AF_INET6:
		length += sizeof(struct in6_addr);
1154
		length += sizeof(peer.s6.sin6_port);
D
Dr. Stephen Henson 已提交
1155
		break;
1156
#endif
D
Dr. Stephen Henson 已提交
1157 1158 1159 1160
	default:
		OPENSSL_assert(0);
		break;
		}
D
Dr. Stephen Henson 已提交
1161 1162 1163 1164 1165 1166 1167
	buffer = OPENSSL_malloc(length);
	
	if (buffer == NULL)
		{
		BIO_printf(bio_err,"out of memory\n");
		return 0;
		}
D
Dr. Stephen Henson 已提交
1168

1169
	switch (peer.sa.sa_family)
D
Dr. Stephen Henson 已提交
1170 1171 1172 1173
		{
	case AF_INET:
		memcpy(buffer,
		       &peer.s4.sin_port,
1174 1175
		       sizeof(peer.s4.sin_port));
		memcpy(buffer + sizeof(peer.s4.sin_port),
D
Dr. Stephen Henson 已提交
1176 1177 1178
		       &peer.s4.sin_addr,
		       sizeof(struct in_addr));
		break;
1179
#if OPENSSL_USE_IPV6
D
Dr. Stephen Henson 已提交
1180 1181 1182
	case AF_INET6:
		memcpy(buffer,
		       &peer.s6.sin6_port,
1183 1184
		       sizeof(peer.s6.sin6_port));
		memcpy(buffer + sizeof(peer.s6.sin6_port),
D
Dr. Stephen Henson 已提交
1185 1186 1187
		       &peer.s6.sin6_addr,
		       sizeof(struct in6_addr));
		break;
1188
#endif
D
Dr. Stephen Henson 已提交
1189 1190 1191 1192
	default:
		OPENSSL_assert(0);
		break;
		}
D
Dr. Stephen Henson 已提交
1193 1194 1195 1196 1197

	/* Calculate HMAC of buffer using the secret */
	HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
	     buffer, length, result, &resultlength);
	OPENSSL_free(buffer);
D
Dr. Stephen Henson 已提交
1198

D
Dr. Stephen Henson 已提交
1199 1200 1201 1202 1203
	if (cookie_len == resultlength && memcmp(result, cookie, resultlength) == 0)
		return 1;

	return 0;
	}
1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221

/* Example of extended certificate handling. Where the standard support
 * of one certificate per algorithm is not sufficient an application
 * can decide which certificate(s) to use at runtime based on whatever
 * criteria it deems appropriate.
 */

/* Linked list of certificates, keys and chains */
struct  ssl_excert_st
	{
	int certform;
	const char *certfile;
	int keyform;
	const char *keyfile;
	const char *chainfile;
	X509 *cert;
	EVP_PKEY *key;
	STACK_OF(X509) *chain;
1222
	int build_chain;
1223 1224 1225
	struct ssl_excert_st *next, *prev;
	};

1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257
struct chain_flags
	{
	int flag;
	const char *name;
	};

struct chain_flags chain_flags_list[] =
	{
		{CERT_PKEY_VALID, "Overall Validity"},
		{CERT_PKEY_SIGN,  "Sign with EE key"},
		{CERT_PKEY_EE_SIGNATURE, "EE signature"},
		{CERT_PKEY_CA_SIGNATURE, "CA signature"},
		{CERT_PKEY_EE_PARAM, "EE key parameters"},
		{CERT_PKEY_CA_PARAM, "CA key parameters"},
		{CERT_PKEY_EXPLICIT_SIGN,  "Explicity sign with EE key"},
		{CERT_PKEY_ISSUER_NAME,  "Issuer Name"},
		{CERT_PKEY_CERT_TYPE,  "Certificate Type"},
		{0, NULL}
	};


static void print_chain_flags(BIO *out, int flags)
	{
	struct chain_flags *ctmp = chain_flags_list;
	while(ctmp->name)
		{
		BIO_printf(out, "\t%s: %s\n", ctmp->name,
				flags & ctmp->flag ? "OK" : "NOT OK");
		ctmp++;
		}
	}

1258 1259 1260 1261 1262 1263
/* Very basic selection callback: just use any certificate chain
 * reported as valid. More sophisticated could prioritise according
 * to local policy.
 */
static int set_cert_cb(SSL *ssl, void *arg)
	{
1264
	int i, rv;
1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275
	SSL_EXCERT *exc = arg;
	SSL_certs_clear(ssl);

	if (!exc)
		return 1;

	/* Go to end of list and traverse backwards since we prepend
	 * newer entries this retains the original order.
	 */
	while (exc->next)
		exc = exc->next;
1276 1277 1278

	i = 0;	

1279 1280
	while(exc)
		{
1281 1282 1283 1284 1285 1286 1287 1288 1289
		i++;
		rv = SSL_check_chain(ssl, exc->cert, exc->key, exc->chain);
		BIO_printf(bio_err, "Checking cert chain %d:\nSubject: ", i);
		X509_NAME_print_ex(bio_err, X509_get_subject_name(exc->cert), 0,
							XN_FLAG_ONELINE);
		BIO_puts(bio_err, "\n");
		
		print_chain_flags(bio_err, rv);
		if (rv & CERT_PKEY_VALID)
1290 1291 1292
			{
			SSL_use_certificate(ssl, exc->cert);
			SSL_use_PrivateKey(ssl, exc->key);
1293 1294 1295 1296 1297 1298 1299 1300 1301 1302
			/* NB: we wouldn't normally do this as it is
			 * not efficient building chains on each connection
			 * better to cache the chain in advance.
			 */
			if (exc->build_chain)
				{
				if (!SSL_build_cert_chain(ssl, 0))
					return 0;
				}
			else if (exc->chain)
1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327
				SSL_set1_chain(ssl, exc->chain);
			}
		exc = exc->prev;
		}
	return 1;
	}

void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc)
	{
	SSL_CTX_set_cert_cb(ctx, set_cert_cb, exc);
	}

static int ssl_excert_prepend(SSL_EXCERT **pexc)
	{
	SSL_EXCERT *exc;
	exc = OPENSSL_malloc(sizeof(SSL_EXCERT));
	if (!exc)
		return 0;
	exc->certfile = NULL;
	exc->keyfile = NULL;
	exc->chainfile = NULL;
	exc->cert = NULL;
	exc->key = NULL;
	exc->chain = NULL;
	exc->prev = NULL;
1328
	exc->build_chain = 0;
1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412

	exc->next = *pexc;
	*pexc = exc;
			
	if (exc->next)
		{
		exc->certform = exc->next->certform;
		exc->keyform = exc->next->keyform;
		exc->next->prev = exc;
		}
	else
		{
		exc->certform = FORMAT_PEM;
		exc->keyform = FORMAT_PEM;
		}
	return 1;

	}

void ssl_excert_free(SSL_EXCERT *exc)
	{
	SSL_EXCERT *curr;
	while (exc)
		{
		if (exc->cert)
			X509_free(exc->cert);
		if (exc->key)
			EVP_PKEY_free(exc->key);
		if (exc->chain)
			sk_X509_pop_free(exc->chain, X509_free);
		curr = exc;
		exc = exc->next;
		OPENSSL_free(curr);
		}
	}

int load_excert(SSL_EXCERT **pexc, BIO *err)
	{
	SSL_EXCERT *exc = *pexc;
	if (!exc)
		return 1;
	/* If nothing in list, free and set to NULL */
	if (!exc->certfile && !exc->next)
		{
		ssl_excert_free(exc);
		*pexc = NULL;
		return 1;
		}
	for(; exc; exc=exc->next)
		{
		if (!exc->certfile)
			{
			BIO_printf(err, "Missing filename\n");
			return 0;
			}
		exc->cert = load_cert(err, exc->certfile, exc->certform,
					NULL, NULL, "Server Certificate");
		if (!exc->cert)
			return 0;
		if (exc->keyfile)
			exc->keyfile = exc->certfile;
		exc->key = load_key(err, exc->certfile, exc->certform, 0,
					NULL, NULL, "Server Certificate");
		if (!exc->key)
			return 0;
		if (exc->chainfile)
			{
			exc->chain = load_certs(err,
						exc->chainfile, FORMAT_PEM,
						NULL, NULL,
						"Server Chain");
			if (!exc->chainfile)
				return 0;
			}
		}
	return 1;
	}
		

int args_excert(char ***pargs, int *pargc,
			int *badarg, BIO *err, SSL_EXCERT **pexc)
	{
	char *arg = **pargs, *argn = (*pargs)[1];
	SSL_EXCERT *exc = *pexc;
1413
	int narg = 2;
1414
	if (!exc)
1415
		{
1416 1417 1418 1419 1420 1421 1422 1423
		if (ssl_excert_prepend(&exc))
			*pexc = exc;
		else
			{
			BIO_printf(err, "Error initialising xcert\n");
			*badarg = 1;
			goto err;
			}
1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469
		}
	if (strcmp(arg, "-xcert") == 0)
		{
		if (!argn)
			{
			*badarg = 1;
			return 1;
			}
		if (exc->certfile && !ssl_excert_prepend(&exc))
			{
			BIO_printf(err, "Error adding xcert\n");
			*badarg = 1;
			goto err;
			}
		exc->certfile = argn;
		}
	else if (strcmp(arg,"-xkey") == 0)
		{
		if (!argn)
			{
			*badarg = 1;
			return 1;
			}
		if (exc->keyfile)
			{
			BIO_printf(err, "Key already specified\n");
			*badarg = 1;
			return 1;
			}
		exc->keyfile = argn;
		}
	else if (strcmp(arg,"-xchain") == 0)
		{
		if (!argn)
			{
			*badarg = 1;
			return 1;
			}
		if (exc->chainfile)
			{
			BIO_printf(err, "Chain already specified\n");
			*badarg = 1;
			return 1;
			}
		exc->chainfile = argn;
		}
1470 1471 1472 1473 1474
	else if (strcmp(arg,"-xchain_build") == 0)
		{
		narg = 1;
		exc->build_chain = 1;
		}
1475 1476 1477 1478 1479 1480 1481 1482 1483 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 1495
	else if (strcmp(arg,"-xcertform") == 0)
		{
		if (!argn)
			{
			*badarg = 1;
			goto err;
			}
		exc->certform = str2fmt(argn);
		}
	else if (strcmp(arg,"-xkeyform") == 0)
		{
		if (!argn)
			{
			*badarg = 1;
			goto err;
			}
		exc->keyform = str2fmt(argn);
		}
	else
		return 0;

1496
	(*pargs) += narg;
1497 1498

	if (pargc)
1499
		*pargc -= narg;
1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511

	*pexc = exc;

	return 1;

	err:
	ERR_print_errors(err);
	ssl_excert_free(exc);
	*pexc = NULL;
	return 1;
	}

1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566 1567
static void print_raw_cipherlist(BIO *bio, SSL *s)
	{
	const unsigned char *rlist;
	static const unsigned char scsv_id[] = {0, 0, 0xFF};
	size_t i, rlistlen, num;
	if (!SSL_is_server(s))
		return;
	num = SSL_get0_raw_cipherlist(s, NULL);
	rlistlen = SSL_get0_raw_cipherlist(s, &rlist);
	BIO_puts(bio, "Client cipher list: ");
	for (i = 0; i < rlistlen; i += num, rlist += num)
		{
		const SSL_CIPHER *c = SSL_CIPHER_find(s, rlist);
		if (i)
			BIO_puts(bio, ":");
		if (c)
			BIO_puts(bio, SSL_CIPHER_get_name(c));
		else if (!memcmp(rlist, scsv_id - num + 3, num))
			BIO_puts(bio, "SCSV");
		else
			{
			size_t j;
			BIO_puts(bio, "0x");
			for (j = 0; j < num; j++)
				BIO_printf(bio, "%02X", rlist[j]);
			}
		}
	BIO_puts(bio, "\n");
	}
	

void print_ssl_summary(BIO *bio, SSL *s)
	{
	const SSL_CIPHER *c;
	X509 *peer;
	/*const char *pnam = SSL_is_server(s) ? "client" : "server";*/
	BIO_printf(bio, "Protocol version: %s\n", SSL_get_version(s));
	print_raw_cipherlist(bio, s);
	c = SSL_get_current_cipher(s);
	BIO_printf(bio,"Ciphersuite: %s\n", SSL_CIPHER_get_name(c));
	do_print_sigalgs(bio, s, 0);
	peer = SSL_get_peer_certificate(s);
	if (peer)
		{
		int nid;
		BIO_puts(bio, "Peer certificate: ");
		X509_NAME_print_ex(bio, X509_get_subject_name(peer),
					0, XN_FLAG_ONELINE);
		BIO_puts(bio, "\n");
		if (SSL_get_peer_signature_nid(s, &nid))
			BIO_printf(bio, "Hash used: %s\n", OBJ_nid2sn(nid));
		}
	else
		BIO_puts(bio, "No peer certificate\n");
	if (peer)
		X509_free(peer);
1568
	ssl_print_point_formats(bio, s);
1569 1570 1571 1572 1573 1574
	if (SSL_is_server(s))
		ssl_print_curves(bio, s, 1);
	else
		ssl_print_tmp_key(bio, s);
	}

1575 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588
int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx,
			int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr)
	{
	char *arg = **pargs, *argn = (*pargs)[1];
	int rv;

	/* Attempt to run SSL configuration command */
	rv = SSL_CONF_cmd_argv(cctx, pargc, pargs);
	/* If parameter not recognised just return */
	if (rv == 0)
		return 0;
	/* see if missing argument error */
	if (rv == -3)
		{
D
Dr. Stephen Henson 已提交
1589
		BIO_printf(err, "%s needs an argument\n", arg);
1590 1591 1592 1593 1594 1595
		*badarg = 1;
		goto end;
		}
	/* Check for some other error */
	if (rv < 0)
		{
D
Dr. Stephen Henson 已提交
1596 1597
		BIO_printf(err, "Error with command: \"%s %s\"\n",
						arg, argn ? argn : "");
1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 1608 1609 1610 1611 1612 1613 1614 1615 1616 1617 1618 1619 1620 1621
		*badarg = 1;
		goto end;
		}
	/* Store command and argument */
	/* If only one argument processed store value as NULL */
	if (rv == 1)
		argn = NULL;
	if (!*pstr)
		*pstr = sk_OPENSSL_STRING_new_null();
	if (!*pstr || !sk_OPENSSL_STRING_push(*pstr, arg) ||
				!sk_OPENSSL_STRING_push(*pstr, argn))
		{
		BIO_puts(err, "Memory allocation failure\n");
		goto end;
		}

	end:
	if (*badarg)
		ERR_print_errors(err);

	return 1;
	}

int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
1622
		STACK_OF(OPENSSL_STRING) *str, int no_ecdhe, int no_jpake)
1623 1624 1625 1626 1627 1628 1629
	{
	int i;
	SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
	for (i = 0; i < sk_OPENSSL_STRING_num(str); i+= 2)
		{
		const char *param = sk_OPENSSL_STRING_value(str, i);
		const char *value = sk_OPENSSL_STRING_value(str, i + 1);
1630 1631 1632 1633 1634
		/* If no_ecdhe or named curve already specified don't need
		 * a default.
		 */
		if (!no_ecdhe && !strcmp(param, "-named_curve"))
			no_ecdhe = 1;
1635 1636 1637 1638 1639 1640 1641
#ifndef OPENSSL_NO_JPAKE
		if (!no_jpake && !strcmp(param, "-cipher"))
			{
			BIO_puts(err, "JPAKE sets cipher to PSK\n");
			return 0;
			}
#endif
1642 1643 1644 1645 1646 1647 1648 1649
		if (SSL_CONF_cmd(cctx, param, value) <= 0)
			{
			BIO_printf(err, "Error with command: \"%s %s\"\n",
						param, value ? value : "");
			ERR_print_errors(err);
			return 0;
			}
		}
1650 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662
	/* This is a special case to keep existing s_server functionality:
	 * if we don't have any curve specified *and* we haven't disabled
	 * ECDHE then use P-256.
	 */
	if (!no_ecdhe)
		{
		if (SSL_CONF_cmd(cctx, "-named_curve", "P-256") <= 0)
			{
			BIO_puts(err, "Error setting EC curve\n");
			ERR_print_errors(err);
			return 0;
			}
		}
1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673
#ifndef OPENSSL_NO_JPAKE
	if (!no_jpake)
		{
		if (SSL_CONF_cmd(cctx, "-cipher", "PSK") <= 0)
			{
			BIO_puts(err, "Error setting cipher to PSK\n");
			ERR_print_errors(err);
			return 0;
			}
		}
#endif
1674 1675
	return 1;
	}
1676

1677 1678 1679 1680
static int add_crls_store(X509_STORE *st, STACK_OF(X509_CRL) *crls)
	{
	X509_CRL *crl;
	int i;
1681
	for (i = 0; i < sk_X509_CRL_num(crls); i++)
1682
		{
1683 1684
		crl = sk_X509_CRL_value(crls, i);
		X509_STORE_add_crl(st, crl);
1685 1686 1687 1688
		}
	return 1;
	}

1689
int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download)
1690 1691
	{
	X509_STORE *st;
1692 1693 1694 1695
	st = SSL_CTX_get_cert_store(ctx);
	add_crls_store(st, crls);
	if (crl_download)
		store_setup_crl_download(st);
1696 1697 1698
	return 1;
	}

1699 1700
int ssl_load_stores(SSL_CTX *ctx,
			const char *vfyCApath, const char *vfyCAfile,
1701
			const char *chCApath, const char *chCAfile,
1702
			STACK_OF(X509_CRL) *crls, int crl_download)
1703 1704 1705 1706 1707 1708 1709 1710
	{
	X509_STORE *vfy = NULL, *ch = NULL;
	int rv = 0;
	if (vfyCApath || vfyCAfile)
		{
		vfy = X509_STORE_new();
		if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath))
			goto err;
1711
		add_crls_store(vfy, crls);
1712
		SSL_CTX_set1_verify_cert_store(ctx, vfy);
1713 1714
		if (crl_download)
			store_setup_crl_download(vfy);
1715 1716 1717 1718 1719 1720 1721 1722 1723 1724 1725 1726 1727 1728 1729 1730
		}
	if (chCApath || chCAfile)
		{
		ch = X509_STORE_new();
		if (!X509_STORE_load_locations(ch, chCAfile, chCApath))
			goto err;
		SSL_CTX_set1_chain_cert_store(ctx, ch);
		}
	rv = 1;
	err:
	if (vfy)
		X509_STORE_free(vfy);
	if (ch)
		X509_STORE_free(ch);
	return rv;
	}