2
0

s_cb.c 51 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658
  1. /*
  2. * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /*
  10. * callback functions used by s_client, s_server, and s_time,
  11. * as well as other common logic for those apps
  12. */
  13. #include <stdio.h>
  14. #include <stdlib.h>
  15. #include <string.h> /* for memcpy() and strcmp() */
  16. #include "apps.h"
  17. #include <openssl/core_names.h>
  18. #include <openssl/params.h>
  19. #include <openssl/err.h>
  20. #include <openssl/rand.h>
  21. #include <openssl/x509.h>
  22. #include <openssl/ssl.h>
  23. #include <openssl/bn.h>
  24. #ifndef OPENSSL_NO_DH
  25. # include <openssl/dh.h>
  26. #endif
  27. #include "s_apps.h"
  28. #define COOKIE_SECRET_LENGTH 16
  29. VERIFY_CB_ARGS verify_args = { -1, 0, X509_V_OK, 0 };
  30. #ifndef OPENSSL_NO_SOCK
  31. static unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
  32. static int cookie_initialized = 0;
  33. #endif
  34. static BIO *bio_keylog = NULL;
  35. static const char *lookup(int val, const STRINT_PAIR* list, const char* def)
  36. {
  37. for ( ; list->name; ++list)
  38. if (list->retval == val)
  39. return list->name;
  40. return def;
  41. }
  42. int verify_callback(int ok, X509_STORE_CTX *ctx)
  43. {
  44. X509 *err_cert;
  45. int err, depth;
  46. err_cert = X509_STORE_CTX_get_current_cert(ctx);
  47. err = X509_STORE_CTX_get_error(ctx);
  48. depth = X509_STORE_CTX_get_error_depth(ctx);
  49. if (!verify_args.quiet || !ok) {
  50. BIO_printf(bio_err, "depth=%d ", depth);
  51. if (err_cert != NULL) {
  52. X509_NAME_print_ex(bio_err,
  53. X509_get_subject_name(err_cert),
  54. 0, get_nameopt());
  55. BIO_puts(bio_err, "\n");
  56. } else {
  57. BIO_puts(bio_err, "<no cert>\n");
  58. }
  59. }
  60. if (!ok) {
  61. BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
  62. X509_verify_cert_error_string(err));
  63. if (verify_args.depth < 0 || verify_args.depth >= depth) {
  64. if (!verify_args.return_error)
  65. ok = 1;
  66. verify_args.error = err;
  67. } else {
  68. ok = 0;
  69. verify_args.error = X509_V_ERR_CERT_CHAIN_TOO_LONG;
  70. }
  71. }
  72. switch (err) {
  73. case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
  74. if (err_cert != NULL) {
  75. BIO_puts(bio_err, "issuer= ");
  76. X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
  77. 0, get_nameopt());
  78. BIO_puts(bio_err, "\n");
  79. }
  80. break;
  81. case X509_V_ERR_CERT_NOT_YET_VALID:
  82. case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
  83. if (err_cert != NULL) {
  84. BIO_printf(bio_err, "notBefore=");
  85. ASN1_TIME_print(bio_err, X509_get0_notBefore(err_cert));
  86. BIO_printf(bio_err, "\n");
  87. }
  88. break;
  89. case X509_V_ERR_CERT_HAS_EXPIRED:
  90. case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
  91. if (err_cert != NULL) {
  92. BIO_printf(bio_err, "notAfter=");
  93. ASN1_TIME_print(bio_err, X509_get0_notAfter(err_cert));
  94. BIO_printf(bio_err, "\n");
  95. }
  96. break;
  97. case X509_V_ERR_NO_EXPLICIT_POLICY:
  98. if (!verify_args.quiet)
  99. policies_print(ctx);
  100. break;
  101. }
  102. if (err == X509_V_OK && ok == 2 && !verify_args.quiet)
  103. policies_print(ctx);
  104. if (ok && !verify_args.quiet)
  105. BIO_printf(bio_err, "verify return:%d\n", ok);
  106. return ok;
  107. }
  108. int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
  109. {
  110. if (cert_file != NULL) {
  111. if (SSL_CTX_use_certificate_file(ctx, cert_file,
  112. SSL_FILETYPE_PEM) <= 0) {
  113. BIO_printf(bio_err, "unable to get certificate from '%s'\n",
  114. cert_file);
  115. ERR_print_errors(bio_err);
  116. return 0;
  117. }
  118. if (key_file == NULL)
  119. key_file = cert_file;
  120. if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) {
  121. BIO_printf(bio_err, "unable to get private key from '%s'\n",
  122. key_file);
  123. ERR_print_errors(bio_err);
  124. return 0;
  125. }
  126. /*
  127. * If we are using DSA, we can copy the parameters from the private
  128. * key
  129. */
  130. /*
  131. * Now we know that a key and cert have been set against the SSL
  132. * context
  133. */
  134. if (!SSL_CTX_check_private_key(ctx)) {
  135. BIO_printf(bio_err,
  136. "Private key does not match the certificate public key\n");
  137. return 0;
  138. }
  139. }
  140. return 1;
  141. }
  142. int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
  143. STACK_OF(X509) *chain, int build_chain)
  144. {
  145. int chflags = chain ? SSL_BUILD_CHAIN_FLAG_CHECK : 0;
  146. if (cert == NULL)
  147. return 1;
  148. if (SSL_CTX_use_certificate(ctx, cert) <= 0) {
  149. BIO_printf(bio_err, "error setting certificate\n");
  150. ERR_print_errors(bio_err);
  151. return 0;
  152. }
  153. if (SSL_CTX_use_PrivateKey(ctx, key) <= 0) {
  154. BIO_printf(bio_err, "error setting private key\n");
  155. ERR_print_errors(bio_err);
  156. return 0;
  157. }
  158. /*
  159. * Now we know that a key and cert have been set against the SSL context
  160. */
  161. if (!SSL_CTX_check_private_key(ctx)) {
  162. BIO_printf(bio_err,
  163. "Private key does not match the certificate public key\n");
  164. return 0;
  165. }
  166. if (chain && !SSL_CTX_set1_chain(ctx, chain)) {
  167. BIO_printf(bio_err, "error setting certificate chain\n");
  168. ERR_print_errors(bio_err);
  169. return 0;
  170. }
  171. if (build_chain && !SSL_CTX_build_cert_chain(ctx, chflags)) {
  172. BIO_printf(bio_err, "error building certificate chain\n");
  173. ERR_print_errors(bio_err);
  174. return 0;
  175. }
  176. return 1;
  177. }
  178. static STRINT_PAIR cert_type_list[] = {
  179. {"RSA sign", TLS_CT_RSA_SIGN},
  180. {"DSA sign", TLS_CT_DSS_SIGN},
  181. {"RSA fixed DH", TLS_CT_RSA_FIXED_DH},
  182. {"DSS fixed DH", TLS_CT_DSS_FIXED_DH},
  183. {"ECDSA sign", TLS_CT_ECDSA_SIGN},
  184. {"RSA fixed ECDH", TLS_CT_RSA_FIXED_ECDH},
  185. {"ECDSA fixed ECDH", TLS_CT_ECDSA_FIXED_ECDH},
  186. {"GOST01 Sign", TLS_CT_GOST01_SIGN},
  187. {"GOST12 Sign", TLS_CT_GOST12_IANA_SIGN},
  188. {NULL}
  189. };
  190. static void ssl_print_client_cert_types(BIO *bio, SSL *s)
  191. {
  192. const unsigned char *p;
  193. int i;
  194. int cert_type_num = SSL_get0_certificate_types(s, &p);
  195. if (!cert_type_num)
  196. return;
  197. BIO_puts(bio, "Client Certificate Types: ");
  198. for (i = 0; i < cert_type_num; i++) {
  199. unsigned char cert_type = p[i];
  200. const char *cname = lookup((int)cert_type, cert_type_list, NULL);
  201. if (i)
  202. BIO_puts(bio, ", ");
  203. if (cname != NULL)
  204. BIO_puts(bio, cname);
  205. else
  206. BIO_printf(bio, "UNKNOWN (%d),", cert_type);
  207. }
  208. BIO_puts(bio, "\n");
  209. }
  210. static const char *get_sigtype(int nid)
  211. {
  212. switch (nid) {
  213. case EVP_PKEY_RSA:
  214. return "RSA";
  215. case EVP_PKEY_RSA_PSS:
  216. return "RSA-PSS";
  217. case EVP_PKEY_DSA:
  218. return "DSA";
  219. case EVP_PKEY_EC:
  220. return "ECDSA";
  221. case NID_ED25519:
  222. return "Ed25519";
  223. case NID_ED448:
  224. return "Ed448";
  225. case NID_id_GostR3410_2001:
  226. return "gost2001";
  227. case NID_id_GostR3410_2012_256:
  228. return "gost2012_256";
  229. case NID_id_GostR3410_2012_512:
  230. return "gost2012_512";
  231. default:
  232. /* Try to output provider-registered sig alg name */
  233. return OBJ_nid2sn(nid);
  234. }
  235. }
  236. static int do_print_sigalgs(BIO *out, SSL *s, int shared)
  237. {
  238. int i, nsig, client;
  239. client = SSL_is_server(s) ? 0 : 1;
  240. if (shared)
  241. nsig = SSL_get_shared_sigalgs(s, 0, NULL, NULL, NULL, NULL, NULL);
  242. else
  243. nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);
  244. if (nsig == 0)
  245. return 1;
  246. if (shared)
  247. BIO_puts(out, "Shared ");
  248. if (client)
  249. BIO_puts(out, "Requested ");
  250. BIO_puts(out, "Signature Algorithms: ");
  251. for (i = 0; i < nsig; i++) {
  252. int hash_nid, sign_nid;
  253. unsigned char rhash, rsign;
  254. const char *sstr = NULL;
  255. if (shared)
  256. SSL_get_shared_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
  257. &rsign, &rhash);
  258. else
  259. SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL, &rsign, &rhash);
  260. if (i)
  261. BIO_puts(out, ":");
  262. sstr = get_sigtype(sign_nid);
  263. if (sstr)
  264. BIO_printf(out, "%s", sstr);
  265. else
  266. BIO_printf(out, "0x%02X", (int)rsign);
  267. if (hash_nid != NID_undef)
  268. BIO_printf(out, "+%s", OBJ_nid2sn(hash_nid));
  269. else if (sstr == NULL)
  270. BIO_printf(out, "+0x%02X", (int)rhash);
  271. }
  272. BIO_puts(out, "\n");
  273. return 1;
  274. }
  275. int ssl_print_sigalgs(BIO *out, SSL *s)
  276. {
  277. int nid;
  278. if (!SSL_is_server(s))
  279. ssl_print_client_cert_types(out, s);
  280. do_print_sigalgs(out, s, 0);
  281. do_print_sigalgs(out, s, 1);
  282. if (SSL_get_peer_signature_nid(s, &nid) && nid != NID_undef)
  283. BIO_printf(out, "Peer signing digest: %s\n", OBJ_nid2sn(nid));
  284. if (SSL_get_peer_signature_type_nid(s, &nid))
  285. BIO_printf(out, "Peer signature type: %s\n", get_sigtype(nid));
  286. return 1;
  287. }
  288. #ifndef OPENSSL_NO_EC
  289. int ssl_print_point_formats(BIO *out, SSL *s)
  290. {
  291. int i, nformats;
  292. const char *pformats;
  293. nformats = SSL_get0_ec_point_formats(s, &pformats);
  294. if (nformats <= 0)
  295. return 1;
  296. BIO_puts(out, "Supported Elliptic Curve Point Formats: ");
  297. for (i = 0; i < nformats; i++, pformats++) {
  298. if (i)
  299. BIO_puts(out, ":");
  300. switch (*pformats) {
  301. case TLSEXT_ECPOINTFORMAT_uncompressed:
  302. BIO_puts(out, "uncompressed");
  303. break;
  304. case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime:
  305. BIO_puts(out, "ansiX962_compressed_prime");
  306. break;
  307. case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2:
  308. BIO_puts(out, "ansiX962_compressed_char2");
  309. break;
  310. default:
  311. BIO_printf(out, "unknown(%d)", (int)*pformats);
  312. break;
  313. }
  314. }
  315. BIO_puts(out, "\n");
  316. return 1;
  317. }
  318. int ssl_print_groups(BIO *out, SSL *s, int noshared)
  319. {
  320. int i, ngroups, *groups, nid;
  321. ngroups = SSL_get1_groups(s, NULL);
  322. if (ngroups <= 0)
  323. return 1;
  324. groups = app_malloc(ngroups * sizeof(int), "groups to print");
  325. SSL_get1_groups(s, groups);
  326. BIO_puts(out, "Supported groups: ");
  327. for (i = 0; i < ngroups; i++) {
  328. if (i)
  329. BIO_puts(out, ":");
  330. nid = groups[i];
  331. BIO_printf(out, "%s", SSL_group_to_name(s, nid));
  332. }
  333. OPENSSL_free(groups);
  334. if (noshared) {
  335. BIO_puts(out, "\n");
  336. return 1;
  337. }
  338. BIO_puts(out, "\nShared groups: ");
  339. ngroups = SSL_get_shared_group(s, -1);
  340. for (i = 0; i < ngroups; i++) {
  341. if (i)
  342. BIO_puts(out, ":");
  343. nid = SSL_get_shared_group(s, i);
  344. BIO_printf(out, "%s", SSL_group_to_name(s, nid));
  345. }
  346. if (ngroups == 0)
  347. BIO_puts(out, "NONE");
  348. BIO_puts(out, "\n");
  349. return 1;
  350. }
  351. #endif
  352. int ssl_print_tmp_key(BIO *out, SSL *s)
  353. {
  354. EVP_PKEY *key;
  355. if (!SSL_get_peer_tmp_key(s, &key))
  356. return 1;
  357. BIO_puts(out, "Server Temp Key: ");
  358. switch (EVP_PKEY_get_id(key)) {
  359. case EVP_PKEY_RSA:
  360. BIO_printf(out, "RSA, %d bits\n", EVP_PKEY_get_bits(key));
  361. break;
  362. case EVP_PKEY_DH:
  363. BIO_printf(out, "DH, %d bits\n", EVP_PKEY_get_bits(key));
  364. break;
  365. #ifndef OPENSSL_NO_EC
  366. case EVP_PKEY_EC:
  367. {
  368. char name[80];
  369. size_t name_len;
  370. if (!EVP_PKEY_get_utf8_string_param(key, OSSL_PKEY_PARAM_GROUP_NAME,
  371. name, sizeof(name), &name_len))
  372. strcpy(name, "?");
  373. BIO_printf(out, "ECDH, %s, %d bits\n", name, EVP_PKEY_get_bits(key));
  374. }
  375. break;
  376. #endif
  377. default:
  378. BIO_printf(out, "%s, %d bits\n", OBJ_nid2sn(EVP_PKEY_get_id(key)),
  379. EVP_PKEY_get_bits(key));
  380. }
  381. EVP_PKEY_free(key);
  382. return 1;
  383. }
  384. long bio_dump_callback(BIO *bio, int cmd, const char *argp, size_t len,
  385. int argi, long argl, int ret, size_t *processed)
  386. {
  387. BIO *out;
  388. BIO_MMSG_CB_ARGS *mmsgargs;
  389. size_t i;
  390. out = (BIO *)BIO_get_callback_arg(bio);
  391. if (out == NULL)
  392. return ret;
  393. switch (cmd) {
  394. case (BIO_CB_READ | BIO_CB_RETURN):
  395. if (ret > 0 && processed != NULL) {
  396. BIO_printf(out, "read from %p [%p] (%zu bytes => %zu (0x%zX))\n",
  397. (void *)bio, (void *)argp, len, *processed, *processed);
  398. BIO_dump(out, argp, (int)*processed);
  399. } else {
  400. BIO_printf(out, "read from %p [%p] (%zu bytes => %d)\n",
  401. (void *)bio, (void *)argp, len, ret);
  402. }
  403. break;
  404. case (BIO_CB_WRITE | BIO_CB_RETURN):
  405. if (ret > 0 && processed != NULL) {
  406. BIO_printf(out, "write to %p [%p] (%zu bytes => %zu (0x%zX))\n",
  407. (void *)bio, (void *)argp, len, *processed, *processed);
  408. BIO_dump(out, argp, (int)*processed);
  409. } else {
  410. BIO_printf(out, "write to %p [%p] (%zu bytes => %d)\n",
  411. (void *)bio, (void *)argp, len, ret);
  412. }
  413. break;
  414. case (BIO_CB_RECVMMSG | BIO_CB_RETURN):
  415. mmsgargs = (BIO_MMSG_CB_ARGS *)argp;
  416. if (ret > 0) {
  417. for (i = 0; i < *(mmsgargs->msgs_processed); i++) {
  418. BIO_MSG *msg = (BIO_MSG *)((char *)mmsgargs->msg
  419. + (i * mmsgargs->stride));
  420. BIO_printf(out, "read from %p [%p] (%zu bytes => %zu (0x%zX))\n",
  421. (void *)bio, (void *)msg->data, msg->data_len,
  422. msg->data_len, msg->data_len);
  423. BIO_dump(out, msg->data, msg->data_len);
  424. }
  425. } else if (mmsgargs->num_msg > 0) {
  426. BIO_MSG *msg = mmsgargs->msg;
  427. BIO_printf(out, "read from %p [%p] (%zu bytes => %d)\n",
  428. (void *)bio, (void *)msg->data, msg->data_len, ret);
  429. }
  430. break;
  431. case (BIO_CB_SENDMMSG | BIO_CB_RETURN):
  432. mmsgargs = (BIO_MMSG_CB_ARGS *)argp;
  433. if (ret > 0) {
  434. for (i = 0; i < *(mmsgargs->msgs_processed); i++) {
  435. BIO_MSG *msg = (BIO_MSG *)((char *)mmsgargs->msg
  436. + (i * mmsgargs->stride));
  437. BIO_printf(out, "write to %p [%p] (%zu bytes => %zu (0x%zX))\n",
  438. (void *)bio, (void *)msg->data, msg->data_len,
  439. msg->data_len, msg->data_len);
  440. BIO_dump(out, msg->data, msg->data_len);
  441. }
  442. } else if (mmsgargs->num_msg > 0) {
  443. BIO_MSG *msg = mmsgargs->msg;
  444. BIO_printf(out, "write to %p [%p] (%zu bytes => %d)\n",
  445. (void *)bio, (void *)msg->data, msg->data_len, ret);
  446. }
  447. break;
  448. default:
  449. /* do nothing */
  450. break;
  451. }
  452. return ret;
  453. }
  454. void apps_ssl_info_callback(const SSL *s, int where, int ret)
  455. {
  456. const char *str;
  457. int w;
  458. w = where & ~SSL_ST_MASK;
  459. if (w & SSL_ST_CONNECT)
  460. str = "SSL_connect";
  461. else if (w & SSL_ST_ACCEPT)
  462. str = "SSL_accept";
  463. else
  464. str = "undefined";
  465. if (where & SSL_CB_LOOP) {
  466. BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s));
  467. } else if (where & SSL_CB_ALERT) {
  468. str = (where & SSL_CB_READ) ? "read" : "write";
  469. BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n",
  470. str,
  471. SSL_alert_type_string_long(ret),
  472. SSL_alert_desc_string_long(ret));
  473. } else if (where & SSL_CB_EXIT) {
  474. if (ret == 0)
  475. BIO_printf(bio_err, "%s:failed in %s\n",
  476. str, SSL_state_string_long(s));
  477. else if (ret < 0)
  478. BIO_printf(bio_err, "%s:error in %s\n",
  479. str, SSL_state_string_long(s));
  480. }
  481. }
  482. static STRINT_PAIR ssl_versions[] = {
  483. {"SSL 3.0", SSL3_VERSION},
  484. {"TLS 1.0", TLS1_VERSION},
  485. {"TLS 1.1", TLS1_1_VERSION},
  486. {"TLS 1.2", TLS1_2_VERSION},
  487. {"TLS 1.3", TLS1_3_VERSION},
  488. {"DTLS 1.0", DTLS1_VERSION},
  489. {"DTLS 1.0 (bad)", DTLS1_BAD_VER},
  490. {NULL}
  491. };
  492. static STRINT_PAIR alert_types[] = {
  493. {" close_notify", 0},
  494. {" end_of_early_data", 1},
  495. {" unexpected_message", 10},
  496. {" bad_record_mac", 20},
  497. {" decryption_failed", 21},
  498. {" record_overflow", 22},
  499. {" decompression_failure", 30},
  500. {" handshake_failure", 40},
  501. {" bad_certificate", 42},
  502. {" unsupported_certificate", 43},
  503. {" certificate_revoked", 44},
  504. {" certificate_expired", 45},
  505. {" certificate_unknown", 46},
  506. {" illegal_parameter", 47},
  507. {" unknown_ca", 48},
  508. {" access_denied", 49},
  509. {" decode_error", 50},
  510. {" decrypt_error", 51},
  511. {" export_restriction", 60},
  512. {" protocol_version", 70},
  513. {" insufficient_security", 71},
  514. {" internal_error", 80},
  515. {" inappropriate_fallback", 86},
  516. {" user_canceled", 90},
  517. {" no_renegotiation", 100},
  518. {" missing_extension", 109},
  519. {" unsupported_extension", 110},
  520. {" certificate_unobtainable", 111},
  521. {" unrecognized_name", 112},
  522. {" bad_certificate_status_response", 113},
  523. {" bad_certificate_hash_value", 114},
  524. {" unknown_psk_identity", 115},
  525. {" certificate_required", 116},
  526. {NULL}
  527. };
  528. static STRINT_PAIR handshakes[] = {
  529. {", HelloRequest", SSL3_MT_HELLO_REQUEST},
  530. {", ClientHello", SSL3_MT_CLIENT_HELLO},
  531. {", ServerHello", SSL3_MT_SERVER_HELLO},
  532. {", HelloVerifyRequest", DTLS1_MT_HELLO_VERIFY_REQUEST},
  533. {", NewSessionTicket", SSL3_MT_NEWSESSION_TICKET},
  534. {", EndOfEarlyData", SSL3_MT_END_OF_EARLY_DATA},
  535. {", EncryptedExtensions", SSL3_MT_ENCRYPTED_EXTENSIONS},
  536. {", Certificate", SSL3_MT_CERTIFICATE},
  537. {", ServerKeyExchange", SSL3_MT_SERVER_KEY_EXCHANGE},
  538. {", CertificateRequest", SSL3_MT_CERTIFICATE_REQUEST},
  539. {", ServerHelloDone", SSL3_MT_SERVER_DONE},
  540. {", CertificateVerify", SSL3_MT_CERTIFICATE_VERIFY},
  541. {", ClientKeyExchange", SSL3_MT_CLIENT_KEY_EXCHANGE},
  542. {", Finished", SSL3_MT_FINISHED},
  543. {", CertificateUrl", SSL3_MT_CERTIFICATE_URL},
  544. {", CertificateStatus", SSL3_MT_CERTIFICATE_STATUS},
  545. {", SupplementalData", SSL3_MT_SUPPLEMENTAL_DATA},
  546. {", KeyUpdate", SSL3_MT_KEY_UPDATE},
  547. {", CompressedCertificate", SSL3_MT_COMPRESSED_CERTIFICATE},
  548. #ifndef OPENSSL_NO_NEXTPROTONEG
  549. {", NextProto", SSL3_MT_NEXT_PROTO},
  550. #endif
  551. {", MessageHash", SSL3_MT_MESSAGE_HASH},
  552. {NULL}
  553. };
  554. void msg_cb(int write_p, int version, int content_type, const void *buf,
  555. size_t len, SSL *ssl, void *arg)
  556. {
  557. BIO *bio = arg;
  558. const char *str_write_p = write_p ? ">>>" : "<<<";
  559. char tmpbuf[128];
  560. const char *str_version, *str_content_type = "", *str_details1 = "", *str_details2 = "";
  561. const unsigned char* bp = buf;
  562. if (version == SSL3_VERSION ||
  563. version == TLS1_VERSION ||
  564. version == TLS1_1_VERSION ||
  565. version == TLS1_2_VERSION ||
  566. version == TLS1_3_VERSION ||
  567. version == DTLS1_VERSION || version == DTLS1_BAD_VER) {
  568. str_version = lookup(version, ssl_versions, "???");
  569. switch (content_type) {
  570. case SSL3_RT_CHANGE_CIPHER_SPEC:
  571. /* type 20 */
  572. str_content_type = ", ChangeCipherSpec";
  573. break;
  574. case SSL3_RT_ALERT:
  575. /* type 21 */
  576. str_content_type = ", Alert";
  577. str_details1 = ", ???";
  578. if (len == 2) {
  579. switch (bp[0]) {
  580. case 1:
  581. str_details1 = ", warning";
  582. break;
  583. case 2:
  584. str_details1 = ", fatal";
  585. break;
  586. }
  587. str_details2 = lookup((int)bp[1], alert_types, " ???");
  588. }
  589. break;
  590. case SSL3_RT_HANDSHAKE:
  591. /* type 22 */
  592. str_content_type = ", Handshake";
  593. str_details1 = "???";
  594. if (len > 0)
  595. str_details1 = lookup((int)bp[0], handshakes, "???");
  596. break;
  597. case SSL3_RT_APPLICATION_DATA:
  598. /* type 23 */
  599. str_content_type = ", ApplicationData";
  600. break;
  601. case SSL3_RT_HEADER:
  602. /* type 256 */
  603. str_content_type = ", RecordHeader";
  604. break;
  605. case SSL3_RT_INNER_CONTENT_TYPE:
  606. /* type 257 */
  607. str_content_type = ", InnerContent";
  608. break;
  609. default:
  610. BIO_snprintf(tmpbuf, sizeof(tmpbuf)-1, ", Unknown (content_type=%d)", content_type);
  611. str_content_type = tmpbuf;
  612. }
  613. } else {
  614. BIO_snprintf(tmpbuf, sizeof(tmpbuf)-1, "Not TLS data or unknown version (version=%d, content_type=%d)", version, content_type);
  615. str_version = tmpbuf;
  616. }
  617. BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version,
  618. str_content_type, (unsigned long)len, str_details1,
  619. str_details2);
  620. if (len > 0) {
  621. size_t num, i;
  622. BIO_printf(bio, " ");
  623. num = len;
  624. for (i = 0; i < num; i++) {
  625. if (i % 16 == 0 && i > 0)
  626. BIO_printf(bio, "\n ");
  627. BIO_printf(bio, " %02x", ((const unsigned char *)buf)[i]);
  628. }
  629. if (i < len)
  630. BIO_printf(bio, " ...");
  631. BIO_printf(bio, "\n");
  632. }
  633. (void)BIO_flush(bio);
  634. }
  635. static STRINT_PAIR tlsext_types[] = {
  636. {"server name", TLSEXT_TYPE_server_name},
  637. {"max fragment length", TLSEXT_TYPE_max_fragment_length},
  638. {"client certificate URL", TLSEXT_TYPE_client_certificate_url},
  639. {"trusted CA keys", TLSEXT_TYPE_trusted_ca_keys},
  640. {"truncated HMAC", TLSEXT_TYPE_truncated_hmac},
  641. {"status request", TLSEXT_TYPE_status_request},
  642. {"user mapping", TLSEXT_TYPE_user_mapping},
  643. {"client authz", TLSEXT_TYPE_client_authz},
  644. {"server authz", TLSEXT_TYPE_server_authz},
  645. {"cert type", TLSEXT_TYPE_cert_type},
  646. {"supported_groups", TLSEXT_TYPE_supported_groups},
  647. {"EC point formats", TLSEXT_TYPE_ec_point_formats},
  648. {"SRP", TLSEXT_TYPE_srp},
  649. {"signature algorithms", TLSEXT_TYPE_signature_algorithms},
  650. {"use SRTP", TLSEXT_TYPE_use_srtp},
  651. {"session ticket", TLSEXT_TYPE_session_ticket},
  652. {"renegotiation info", TLSEXT_TYPE_renegotiate},
  653. {"signed certificate timestamps", TLSEXT_TYPE_signed_certificate_timestamp},
  654. {"client cert type", TLSEXT_TYPE_client_cert_type},
  655. {"server cert type", TLSEXT_TYPE_server_cert_type},
  656. {"TLS padding", TLSEXT_TYPE_padding},
  657. #ifdef TLSEXT_TYPE_next_proto_neg
  658. {"next protocol", TLSEXT_TYPE_next_proto_neg},
  659. #endif
  660. #ifdef TLSEXT_TYPE_encrypt_then_mac
  661. {"encrypt-then-mac", TLSEXT_TYPE_encrypt_then_mac},
  662. #endif
  663. #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
  664. {"application layer protocol negotiation",
  665. TLSEXT_TYPE_application_layer_protocol_negotiation},
  666. #endif
  667. #ifdef TLSEXT_TYPE_extended_master_secret
  668. {"extended master secret", TLSEXT_TYPE_extended_master_secret},
  669. #endif
  670. {"compress certificate", TLSEXT_TYPE_compress_certificate},
  671. {"key share", TLSEXT_TYPE_key_share},
  672. {"supported versions", TLSEXT_TYPE_supported_versions},
  673. {"psk", TLSEXT_TYPE_psk},
  674. {"psk kex modes", TLSEXT_TYPE_psk_kex_modes},
  675. {"certificate authorities", TLSEXT_TYPE_certificate_authorities},
  676. {"post handshake auth", TLSEXT_TYPE_post_handshake_auth},
  677. {NULL}
  678. };
  679. /* from rfc8446 4.2.3. + gost (https://tools.ietf.org/id/draft-smyshlyaev-tls12-gost-suites-04.html) */
  680. static STRINT_PAIR signature_tls13_scheme_list[] = {
  681. {"rsa_pkcs1_sha1", 0x0201 /* TLSEXT_SIGALG_rsa_pkcs1_sha1 */},
  682. {"ecdsa_sha1", 0x0203 /* TLSEXT_SIGALG_ecdsa_sha1 */},
  683. /* {"rsa_pkcs1_sha224", 0x0301 TLSEXT_SIGALG_rsa_pkcs1_sha224}, not in rfc8446 */
  684. /* {"ecdsa_sha224", 0x0303 TLSEXT_SIGALG_ecdsa_sha224} not in rfc8446 */
  685. {"rsa_pkcs1_sha256", 0x0401 /* TLSEXT_SIGALG_rsa_pkcs1_sha256 */},
  686. {"ecdsa_secp256r1_sha256", 0x0403 /* TLSEXT_SIGALG_ecdsa_secp256r1_sha256 */},
  687. {"rsa_pkcs1_sha384", 0x0501 /* TLSEXT_SIGALG_rsa_pkcs1_sha384 */},
  688. {"ecdsa_secp384r1_sha384", 0x0503 /* TLSEXT_SIGALG_ecdsa_secp384r1_sha384 */},
  689. {"rsa_pkcs1_sha512", 0x0601 /* TLSEXT_SIGALG_rsa_pkcs1_sha512 */},
  690. {"ecdsa_secp521r1_sha512", 0x0603 /* TLSEXT_SIGALG_ecdsa_secp521r1_sha512 */},
  691. {"rsa_pss_rsae_sha256", 0x0804 /* TLSEXT_SIGALG_rsa_pss_rsae_sha256 */},
  692. {"rsa_pss_rsae_sha384", 0x0805 /* TLSEXT_SIGALG_rsa_pss_rsae_sha384 */},
  693. {"rsa_pss_rsae_sha512", 0x0806 /* TLSEXT_SIGALG_rsa_pss_rsae_sha512 */},
  694. {"ed25519", 0x0807 /* TLSEXT_SIGALG_ed25519 */},
  695. {"ed448", 0x0808 /* TLSEXT_SIGALG_ed448 */},
  696. {"rsa_pss_pss_sha256", 0x0809 /* TLSEXT_SIGALG_rsa_pss_pss_sha256 */},
  697. {"rsa_pss_pss_sha384", 0x080a /* TLSEXT_SIGALG_rsa_pss_pss_sha384 */},
  698. {"rsa_pss_pss_sha512", 0x080b /* TLSEXT_SIGALG_rsa_pss_pss_sha512 */},
  699. {"gostr34102001", 0xeded /* TLSEXT_SIGALG_gostr34102001_gostr3411 */},
  700. {"gostr34102012_256", 0xeeee /* TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256 */},
  701. {"gostr34102012_512", 0xefef /* TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512 */},
  702. {NULL}
  703. };
  704. /* from rfc5246 7.4.1.4.1. */
  705. static STRINT_PAIR signature_tls12_alg_list[] = {
  706. {"anonymous", TLSEXT_signature_anonymous /* 0 */},
  707. {"RSA", TLSEXT_signature_rsa /* 1 */},
  708. {"DSA", TLSEXT_signature_dsa /* 2 */},
  709. {"ECDSA", TLSEXT_signature_ecdsa /* 3 */},
  710. {NULL}
  711. };
  712. /* from rfc5246 7.4.1.4.1. */
  713. static STRINT_PAIR signature_tls12_hash_list[] = {
  714. {"none", TLSEXT_hash_none /* 0 */},
  715. {"MD5", TLSEXT_hash_md5 /* 1 */},
  716. {"SHA1", TLSEXT_hash_sha1 /* 2 */},
  717. {"SHA224", TLSEXT_hash_sha224 /* 3 */},
  718. {"SHA256", TLSEXT_hash_sha256 /* 4 */},
  719. {"SHA384", TLSEXT_hash_sha384 /* 5 */},
  720. {"SHA512", TLSEXT_hash_sha512 /* 6 */},
  721. {NULL}
  722. };
  723. void tlsext_cb(SSL *s, int client_server, int type,
  724. const unsigned char *data, int len, void *arg)
  725. {
  726. BIO *bio = arg;
  727. const char *extname = lookup(type, tlsext_types, "unknown");
  728. BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n",
  729. client_server ? "server" : "client", extname, type, len);
  730. BIO_dump(bio, (const char *)data, len);
  731. (void)BIO_flush(bio);
  732. }
  733. #ifndef OPENSSL_NO_SOCK
  734. int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie,
  735. size_t *cookie_len)
  736. {
  737. unsigned char *buffer = NULL;
  738. size_t length = 0;
  739. unsigned short port;
  740. BIO_ADDR *lpeer = NULL, *peer = NULL;
  741. int res = 0;
  742. /* Initialize a random secret */
  743. if (!cookie_initialized) {
  744. if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) {
  745. BIO_printf(bio_err, "error setting random cookie secret\n");
  746. return 0;
  747. }
  748. cookie_initialized = 1;
  749. }
  750. if (SSL_is_dtls(ssl)) {
  751. lpeer = peer = BIO_ADDR_new();
  752. if (peer == NULL) {
  753. BIO_printf(bio_err, "memory full\n");
  754. return 0;
  755. }
  756. /* Read peer information */
  757. (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), peer);
  758. } else {
  759. peer = ourpeer;
  760. }
  761. /* Create buffer with peer's address and port */
  762. if (!BIO_ADDR_rawaddress(peer, NULL, &length)) {
  763. BIO_printf(bio_err, "Failed getting peer address\n");
  764. BIO_ADDR_free(lpeer);
  765. return 0;
  766. }
  767. OPENSSL_assert(length != 0);
  768. port = BIO_ADDR_rawport(peer);
  769. length += sizeof(port);
  770. buffer = app_malloc(length, "cookie generate buffer");
  771. memcpy(buffer, &port, sizeof(port));
  772. BIO_ADDR_rawaddress(peer, buffer + sizeof(port), NULL);
  773. if (EVP_Q_mac(NULL, "HMAC", NULL, "SHA1", NULL,
  774. cookie_secret, COOKIE_SECRET_LENGTH, buffer, length,
  775. cookie, DTLS1_COOKIE_LENGTH, cookie_len) == NULL) {
  776. BIO_printf(bio_err,
  777. "Error calculating HMAC-SHA1 of buffer with secret\n");
  778. goto end;
  779. }
  780. res = 1;
  781. end:
  782. OPENSSL_free(buffer);
  783. BIO_ADDR_free(lpeer);
  784. return res;
  785. }
  786. int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie,
  787. size_t cookie_len)
  788. {
  789. unsigned char result[EVP_MAX_MD_SIZE];
  790. size_t resultlength;
  791. /* Note: we check cookie_initialized because if it's not,
  792. * it cannot be valid */
  793. if (cookie_initialized
  794. && generate_stateless_cookie_callback(ssl, result, &resultlength)
  795. && cookie_len == resultlength
  796. && memcmp(result, cookie, resultlength) == 0)
  797. return 1;
  798. return 0;
  799. }
  800. int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
  801. unsigned int *cookie_len)
  802. {
  803. size_t temp = 0;
  804. int res = generate_stateless_cookie_callback(ssl, cookie, &temp);
  805. if (res != 0)
  806. *cookie_len = (unsigned int)temp;
  807. return res;
  808. }
  809. int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
  810. unsigned int cookie_len)
  811. {
  812. return verify_stateless_cookie_callback(ssl, cookie, cookie_len);
  813. }
  814. #endif
  815. /*
  816. * Example of extended certificate handling. Where the standard support of
  817. * one certificate per algorithm is not sufficient an application can decide
  818. * which certificate(s) to use at runtime based on whatever criteria it deems
  819. * appropriate.
  820. */
  821. /* Linked list of certificates, keys and chains */
  822. struct ssl_excert_st {
  823. int certform;
  824. const char *certfile;
  825. int keyform;
  826. const char *keyfile;
  827. const char *chainfile;
  828. X509 *cert;
  829. EVP_PKEY *key;
  830. STACK_OF(X509) *chain;
  831. int build_chain;
  832. struct ssl_excert_st *next, *prev;
  833. };
  834. static STRINT_PAIR chain_flags[] = {
  835. {"Overall Validity", CERT_PKEY_VALID},
  836. {"Sign with EE key", CERT_PKEY_SIGN},
  837. {"EE signature", CERT_PKEY_EE_SIGNATURE},
  838. {"CA signature", CERT_PKEY_CA_SIGNATURE},
  839. {"EE key parameters", CERT_PKEY_EE_PARAM},
  840. {"CA key parameters", CERT_PKEY_CA_PARAM},
  841. {"Explicitly sign with EE key", CERT_PKEY_EXPLICIT_SIGN},
  842. {"Issuer Name", CERT_PKEY_ISSUER_NAME},
  843. {"Certificate Type", CERT_PKEY_CERT_TYPE},
  844. {NULL}
  845. };
  846. static void print_chain_flags(SSL *s, int flags)
  847. {
  848. STRINT_PAIR *pp;
  849. for (pp = chain_flags; pp->name; ++pp)
  850. BIO_printf(bio_err, "\t%s: %s\n",
  851. pp->name,
  852. (flags & pp->retval) ? "OK" : "NOT OK");
  853. BIO_printf(bio_err, "\tSuite B: ");
  854. if (SSL_set_cert_flags(s, 0) & SSL_CERT_FLAG_SUITEB_128_LOS)
  855. BIO_puts(bio_err, flags & CERT_PKEY_SUITEB ? "OK\n" : "NOT OK\n");
  856. else
  857. BIO_printf(bio_err, "not tested\n");
  858. }
  859. /*
  860. * Very basic selection callback: just use any certificate chain reported as
  861. * valid. More sophisticated could prioritise according to local policy.
  862. */
  863. static int set_cert_cb(SSL *ssl, void *arg)
  864. {
  865. int i, rv;
  866. SSL_EXCERT *exc = arg;
  867. #ifdef CERT_CB_TEST_RETRY
  868. static int retry_cnt;
  869. if (retry_cnt < 5) {
  870. retry_cnt++;
  871. BIO_printf(bio_err,
  872. "Certificate callback retry test: count %d\n",
  873. retry_cnt);
  874. return -1;
  875. }
  876. #endif
  877. SSL_certs_clear(ssl);
  878. if (exc == NULL)
  879. return 1;
  880. /*
  881. * Go to end of list and traverse backwards since we prepend newer
  882. * entries this retains the original order.
  883. */
  884. while (exc->next != NULL)
  885. exc = exc->next;
  886. i = 0;
  887. while (exc != NULL) {
  888. i++;
  889. rv = SSL_check_chain(ssl, exc->cert, exc->key, exc->chain);
  890. BIO_printf(bio_err, "Checking cert chain %d:\nSubject: ", i);
  891. X509_NAME_print_ex(bio_err, X509_get_subject_name(exc->cert), 0,
  892. get_nameopt());
  893. BIO_puts(bio_err, "\n");
  894. print_chain_flags(ssl, rv);
  895. if (rv & CERT_PKEY_VALID) {
  896. if (!SSL_use_certificate(ssl, exc->cert)
  897. || !SSL_use_PrivateKey(ssl, exc->key)) {
  898. return 0;
  899. }
  900. /*
  901. * NB: we wouldn't normally do this as it is not efficient
  902. * building chains on each connection better to cache the chain
  903. * in advance.
  904. */
  905. if (exc->build_chain) {
  906. if (!SSL_build_cert_chain(ssl, 0))
  907. return 0;
  908. } else if (exc->chain != NULL) {
  909. if (!SSL_set1_chain(ssl, exc->chain))
  910. return 0;
  911. }
  912. }
  913. exc = exc->prev;
  914. }
  915. return 1;
  916. }
  917. void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc)
  918. {
  919. SSL_CTX_set_cert_cb(ctx, set_cert_cb, exc);
  920. }
  921. static int ssl_excert_prepend(SSL_EXCERT **pexc)
  922. {
  923. SSL_EXCERT *exc = app_malloc(sizeof(*exc), "prepend cert");
  924. memset(exc, 0, sizeof(*exc));
  925. exc->next = *pexc;
  926. *pexc = exc;
  927. if (exc->next) {
  928. exc->certform = exc->next->certform;
  929. exc->keyform = exc->next->keyform;
  930. exc->next->prev = exc;
  931. } else {
  932. exc->certform = FORMAT_PEM;
  933. exc->keyform = FORMAT_PEM;
  934. }
  935. return 1;
  936. }
  937. void ssl_excert_free(SSL_EXCERT *exc)
  938. {
  939. SSL_EXCERT *curr;
  940. if (exc == NULL)
  941. return;
  942. while (exc) {
  943. X509_free(exc->cert);
  944. EVP_PKEY_free(exc->key);
  945. OSSL_STACK_OF_X509_free(exc->chain);
  946. curr = exc;
  947. exc = exc->next;
  948. OPENSSL_free(curr);
  949. }
  950. }
  951. int load_excert(SSL_EXCERT **pexc)
  952. {
  953. SSL_EXCERT *exc = *pexc;
  954. if (exc == NULL)
  955. return 1;
  956. /* If nothing in list, free and set to NULL */
  957. if (exc->certfile == NULL && exc->next == NULL) {
  958. ssl_excert_free(exc);
  959. *pexc = NULL;
  960. return 1;
  961. }
  962. for (; exc; exc = exc->next) {
  963. if (exc->certfile == NULL) {
  964. BIO_printf(bio_err, "Missing filename\n");
  965. return 0;
  966. }
  967. exc->cert = load_cert(exc->certfile, exc->certform,
  968. "Server Certificate");
  969. if (exc->cert == NULL)
  970. return 0;
  971. if (exc->keyfile != NULL) {
  972. exc->key = load_key(exc->keyfile, exc->keyform,
  973. 0, NULL, NULL, "server key");
  974. } else {
  975. exc->key = load_key(exc->certfile, exc->certform,
  976. 0, NULL, NULL, "server key");
  977. }
  978. if (exc->key == NULL)
  979. return 0;
  980. if (exc->chainfile != NULL) {
  981. if (!load_certs(exc->chainfile, 0, &exc->chain, NULL, "server chain"))
  982. return 0;
  983. }
  984. }
  985. return 1;
  986. }
  987. enum range { OPT_X_ENUM };
  988. int args_excert(int opt, SSL_EXCERT **pexc)
  989. {
  990. SSL_EXCERT *exc = *pexc;
  991. assert(opt > OPT_X__FIRST);
  992. assert(opt < OPT_X__LAST);
  993. if (exc == NULL) {
  994. if (!ssl_excert_prepend(&exc)) {
  995. BIO_printf(bio_err, " %s: Error initialising xcert\n",
  996. opt_getprog());
  997. goto err;
  998. }
  999. *pexc = exc;
  1000. }
  1001. switch ((enum range)opt) {
  1002. case OPT_X__FIRST:
  1003. case OPT_X__LAST:
  1004. return 0;
  1005. case OPT_X_CERT:
  1006. if (exc->certfile != NULL && !ssl_excert_prepend(&exc)) {
  1007. BIO_printf(bio_err, "%s: Error adding xcert\n", opt_getprog());
  1008. goto err;
  1009. }
  1010. *pexc = exc;
  1011. exc->certfile = opt_arg();
  1012. break;
  1013. case OPT_X_KEY:
  1014. if (exc->keyfile != NULL) {
  1015. BIO_printf(bio_err, "%s: Key already specified\n", opt_getprog());
  1016. goto err;
  1017. }
  1018. exc->keyfile = opt_arg();
  1019. break;
  1020. case OPT_X_CHAIN:
  1021. if (exc->chainfile != NULL) {
  1022. BIO_printf(bio_err, "%s: Chain already specified\n",
  1023. opt_getprog());
  1024. goto err;
  1025. }
  1026. exc->chainfile = opt_arg();
  1027. break;
  1028. case OPT_X_CHAIN_BUILD:
  1029. exc->build_chain = 1;
  1030. break;
  1031. case OPT_X_CERTFORM:
  1032. if (!opt_format(opt_arg(), OPT_FMT_ANY, &exc->certform))
  1033. return 0;
  1034. break;
  1035. case OPT_X_KEYFORM:
  1036. if (!opt_format(opt_arg(), OPT_FMT_ANY, &exc->keyform))
  1037. return 0;
  1038. break;
  1039. }
  1040. return 1;
  1041. err:
  1042. ERR_print_errors(bio_err);
  1043. ssl_excert_free(exc);
  1044. *pexc = NULL;
  1045. return 0;
  1046. }
  1047. static void print_raw_cipherlist(SSL *s)
  1048. {
  1049. const unsigned char *rlist;
  1050. static const unsigned char scsv_id[] = { 0, 0xFF };
  1051. size_t i, rlistlen, num;
  1052. if (!SSL_is_server(s))
  1053. return;
  1054. num = SSL_get0_raw_cipherlist(s, NULL);
  1055. OPENSSL_assert(num == 2);
  1056. rlistlen = SSL_get0_raw_cipherlist(s, &rlist);
  1057. BIO_puts(bio_err, "Client cipher list: ");
  1058. for (i = 0; i < rlistlen; i += num, rlist += num) {
  1059. const SSL_CIPHER *c = SSL_CIPHER_find(s, rlist);
  1060. if (i)
  1061. BIO_puts(bio_err, ":");
  1062. if (c != NULL) {
  1063. BIO_puts(bio_err, SSL_CIPHER_get_name(c));
  1064. } else if (memcmp(rlist, scsv_id, num) == 0) {
  1065. BIO_puts(bio_err, "SCSV");
  1066. } else {
  1067. size_t j;
  1068. BIO_puts(bio_err, "0x");
  1069. for (j = 0; j < num; j++)
  1070. BIO_printf(bio_err, "%02X", rlist[j]);
  1071. }
  1072. }
  1073. BIO_puts(bio_err, "\n");
  1074. }
  1075. /*
  1076. * Hex encoder for TLSA RRdata, not ':' delimited.
  1077. */
  1078. static char *hexencode(const unsigned char *data, size_t len)
  1079. {
  1080. static const char *hex = "0123456789abcdef";
  1081. char *out;
  1082. char *cp;
  1083. size_t outlen = 2 * len + 1;
  1084. int ilen = (int) outlen;
  1085. if (outlen < len || ilen < 0 || outlen != (size_t)ilen) {
  1086. BIO_printf(bio_err, "%s: %zu-byte buffer too large to hexencode\n",
  1087. opt_getprog(), len);
  1088. exit(1);
  1089. }
  1090. cp = out = app_malloc(ilen, "TLSA hex data buffer");
  1091. while (len-- > 0) {
  1092. *cp++ = hex[(*data >> 4) & 0x0f];
  1093. *cp++ = hex[*data++ & 0x0f];
  1094. }
  1095. *cp = '\0';
  1096. return out;
  1097. }
  1098. void print_verify_detail(SSL *s, BIO *bio)
  1099. {
  1100. int mdpth;
  1101. EVP_PKEY *mspki = NULL;
  1102. long verify_err = SSL_get_verify_result(s);
  1103. if (verify_err == X509_V_OK) {
  1104. const char *peername = SSL_get0_peername(s);
  1105. BIO_printf(bio, "Verification: OK\n");
  1106. if (peername != NULL)
  1107. BIO_printf(bio, "Verified peername: %s\n", peername);
  1108. } else {
  1109. const char *reason = X509_verify_cert_error_string(verify_err);
  1110. BIO_printf(bio, "Verification error: %s\n", reason);
  1111. }
  1112. if ((mdpth = SSL_get0_dane_authority(s, NULL, &mspki)) >= 0) {
  1113. uint8_t usage, selector, mtype;
  1114. const unsigned char *data = NULL;
  1115. size_t dlen = 0;
  1116. char *hexdata;
  1117. mdpth = SSL_get0_dane_tlsa(s, &usage, &selector, &mtype, &data, &dlen);
  1118. /*
  1119. * The TLSA data field can be quite long when it is a certificate,
  1120. * public key or even a SHA2-512 digest. Because the initial octets of
  1121. * ASN.1 certificates and public keys contain mostly boilerplate OIDs
  1122. * and lengths, we show the last 12 bytes of the data instead, as these
  1123. * are more likely to distinguish distinct TLSA records.
  1124. */
  1125. #define TLSA_TAIL_SIZE 12
  1126. if (dlen > TLSA_TAIL_SIZE)
  1127. hexdata = hexencode(data + dlen - TLSA_TAIL_SIZE, TLSA_TAIL_SIZE);
  1128. else
  1129. hexdata = hexencode(data, dlen);
  1130. BIO_printf(bio, "DANE TLSA %d %d %d %s%s ",
  1131. usage, selector, mtype,
  1132. (dlen > TLSA_TAIL_SIZE) ? "..." : "", hexdata);
  1133. if (SSL_get0_peer_rpk(s) == NULL)
  1134. BIO_printf(bio, "%s certificate at depth %d\n",
  1135. (mspki != NULL) ? "signed the peer" :
  1136. mdpth ? "matched the TA" : "matched the EE", mdpth);
  1137. else
  1138. BIO_printf(bio, "matched the peer raw public key\n");
  1139. OPENSSL_free(hexdata);
  1140. }
  1141. }
  1142. void print_ssl_summary(SSL *s)
  1143. {
  1144. const SSL_CIPHER *c;
  1145. X509 *peer = SSL_get0_peer_certificate(s);
  1146. EVP_PKEY *peer_rpk = SSL_get0_peer_rpk(s);
  1147. int nid;
  1148. BIO_printf(bio_err, "Protocol version: %s\n", SSL_get_version(s));
  1149. print_raw_cipherlist(s);
  1150. c = SSL_get_current_cipher(s);
  1151. BIO_printf(bio_err, "Ciphersuite: %s\n", SSL_CIPHER_get_name(c));
  1152. do_print_sigalgs(bio_err, s, 0);
  1153. if (peer != NULL) {
  1154. BIO_puts(bio_err, "Peer certificate: ");
  1155. X509_NAME_print_ex(bio_err, X509_get_subject_name(peer),
  1156. 0, get_nameopt());
  1157. BIO_puts(bio_err, "\n");
  1158. if (SSL_get_peer_signature_nid(s, &nid))
  1159. BIO_printf(bio_err, "Hash used: %s\n", OBJ_nid2sn(nid));
  1160. if (SSL_get_peer_signature_type_nid(s, &nid))
  1161. BIO_printf(bio_err, "Signature type: %s\n", get_sigtype(nid));
  1162. print_verify_detail(s, bio_err);
  1163. } else if (peer_rpk != NULL) {
  1164. BIO_printf(bio_err, "Peer used raw public key\n");
  1165. if (SSL_get_peer_signature_type_nid(s, &nid))
  1166. BIO_printf(bio_err, "Signature type: %s\n", get_sigtype(nid));
  1167. print_verify_detail(s, bio_err);
  1168. } else {
  1169. BIO_puts(bio_err, "No peer certificate or raw public key\n");
  1170. }
  1171. #ifndef OPENSSL_NO_EC
  1172. ssl_print_point_formats(bio_err, s);
  1173. if (SSL_is_server(s))
  1174. ssl_print_groups(bio_err, s, 1);
  1175. else
  1176. ssl_print_tmp_key(bio_err, s);
  1177. #else
  1178. if (!SSL_is_server(s))
  1179. ssl_print_tmp_key(bio_err, s);
  1180. #endif
  1181. }
  1182. int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str,
  1183. SSL_CTX *ctx)
  1184. {
  1185. int i;
  1186. SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
  1187. for (i = 0; i < sk_OPENSSL_STRING_num(str); i += 2) {
  1188. const char *flag = sk_OPENSSL_STRING_value(str, i);
  1189. const char *arg = sk_OPENSSL_STRING_value(str, i + 1);
  1190. if (SSL_CONF_cmd(cctx, flag, arg) <= 0) {
  1191. BIO_printf(bio_err, "Call to SSL_CONF_cmd(%s, %s) failed\n",
  1192. flag, arg == NULL ? "<NULL>" : arg);
  1193. ERR_print_errors(bio_err);
  1194. return 0;
  1195. }
  1196. }
  1197. if (!SSL_CONF_CTX_finish(cctx)) {
  1198. BIO_puts(bio_err, "Error finishing context\n");
  1199. ERR_print_errors(bio_err);
  1200. return 0;
  1201. }
  1202. return 1;
  1203. }
  1204. static int add_crls_store(X509_STORE *st, STACK_OF(X509_CRL) *crls)
  1205. {
  1206. X509_CRL *crl;
  1207. int i, ret = 1;
  1208. for (i = 0; i < sk_X509_CRL_num(crls); i++) {
  1209. crl = sk_X509_CRL_value(crls, i);
  1210. if (!X509_STORE_add_crl(st, crl))
  1211. ret = 0;
  1212. }
  1213. return ret;
  1214. }
  1215. int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download)
  1216. {
  1217. X509_STORE *st;
  1218. st = SSL_CTX_get_cert_store(ctx);
  1219. add_crls_store(st, crls);
  1220. if (crl_download)
  1221. store_setup_crl_download(st);
  1222. return 1;
  1223. }
  1224. int ssl_load_stores(SSL_CTX *ctx,
  1225. const char *vfyCApath, const char *vfyCAfile,
  1226. const char *vfyCAstore,
  1227. const char *chCApath, const char *chCAfile,
  1228. const char *chCAstore,
  1229. STACK_OF(X509_CRL) *crls, int crl_download)
  1230. {
  1231. X509_STORE *vfy = NULL, *ch = NULL;
  1232. int rv = 0;
  1233. if (vfyCApath != NULL || vfyCAfile != NULL || vfyCAstore != NULL) {
  1234. vfy = X509_STORE_new();
  1235. if (vfy == NULL)
  1236. goto err;
  1237. if (vfyCAfile != NULL && !X509_STORE_load_file(vfy, vfyCAfile))
  1238. goto err;
  1239. if (vfyCApath != NULL && !X509_STORE_load_path(vfy, vfyCApath))
  1240. goto err;
  1241. if (vfyCAstore != NULL && !X509_STORE_load_store(vfy, vfyCAstore))
  1242. goto err;
  1243. add_crls_store(vfy, crls);
  1244. if (SSL_CTX_set1_verify_cert_store(ctx, vfy) == 0)
  1245. goto err;
  1246. if (crl_download)
  1247. store_setup_crl_download(vfy);
  1248. }
  1249. if (chCApath != NULL || chCAfile != NULL || chCAstore != NULL) {
  1250. ch = X509_STORE_new();
  1251. if (ch == NULL)
  1252. goto err;
  1253. if (chCAfile != NULL && !X509_STORE_load_file(ch, chCAfile))
  1254. goto err;
  1255. if (chCApath != NULL && !X509_STORE_load_path(ch, chCApath))
  1256. goto err;
  1257. if (chCAstore != NULL && !X509_STORE_load_store(ch, chCAstore))
  1258. goto err;
  1259. if (SSL_CTX_set1_chain_cert_store(ctx, ch) == 0)
  1260. goto err;
  1261. }
  1262. rv = 1;
  1263. err:
  1264. X509_STORE_free(vfy);
  1265. X509_STORE_free(ch);
  1266. return rv;
  1267. }
  1268. /* Verbose print out of security callback */
  1269. typedef struct {
  1270. BIO *out;
  1271. int verbose;
  1272. int (*old_cb) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid,
  1273. void *other, void *ex);
  1274. } security_debug_ex;
  1275. static STRINT_PAIR callback_types[] = {
  1276. {"Supported Ciphersuite", SSL_SECOP_CIPHER_SUPPORTED},
  1277. {"Shared Ciphersuite", SSL_SECOP_CIPHER_SHARED},
  1278. {"Check Ciphersuite", SSL_SECOP_CIPHER_CHECK},
  1279. #ifndef OPENSSL_NO_DH
  1280. {"Temp DH key bits", SSL_SECOP_TMP_DH},
  1281. #endif
  1282. {"Supported Curve", SSL_SECOP_CURVE_SUPPORTED},
  1283. {"Shared Curve", SSL_SECOP_CURVE_SHARED},
  1284. {"Check Curve", SSL_SECOP_CURVE_CHECK},
  1285. {"Supported Signature Algorithm", SSL_SECOP_SIGALG_SUPPORTED},
  1286. {"Shared Signature Algorithm", SSL_SECOP_SIGALG_SHARED},
  1287. {"Check Signature Algorithm", SSL_SECOP_SIGALG_CHECK},
  1288. {"Signature Algorithm mask", SSL_SECOP_SIGALG_MASK},
  1289. {"Certificate chain EE key", SSL_SECOP_EE_KEY},
  1290. {"Certificate chain CA key", SSL_SECOP_CA_KEY},
  1291. {"Peer Chain EE key", SSL_SECOP_PEER_EE_KEY},
  1292. {"Peer Chain CA key", SSL_SECOP_PEER_CA_KEY},
  1293. {"Certificate chain CA digest", SSL_SECOP_CA_MD},
  1294. {"Peer chain CA digest", SSL_SECOP_PEER_CA_MD},
  1295. {"SSL compression", SSL_SECOP_COMPRESSION},
  1296. {"Session ticket", SSL_SECOP_TICKET},
  1297. {NULL}
  1298. };
  1299. static int security_callback_debug(const SSL *s, const SSL_CTX *ctx,
  1300. int op, int bits, int nid,
  1301. void *other, void *ex)
  1302. {
  1303. security_debug_ex *sdb = ex;
  1304. int rv, show_bits = 1, cert_md = 0;
  1305. const char *nm;
  1306. int show_nm;
  1307. rv = sdb->old_cb(s, ctx, op, bits, nid, other, ex);
  1308. if (rv == 1 && sdb->verbose < 2)
  1309. return 1;
  1310. BIO_puts(sdb->out, "Security callback: ");
  1311. nm = lookup(op, callback_types, NULL);
  1312. show_nm = nm != NULL;
  1313. switch (op) {
  1314. case SSL_SECOP_TICKET:
  1315. case SSL_SECOP_COMPRESSION:
  1316. show_bits = 0;
  1317. show_nm = 0;
  1318. break;
  1319. case SSL_SECOP_VERSION:
  1320. BIO_printf(sdb->out, "Version=%s", lookup(nid, ssl_versions, "???"));
  1321. show_bits = 0;
  1322. show_nm = 0;
  1323. break;
  1324. case SSL_SECOP_CA_MD:
  1325. case SSL_SECOP_PEER_CA_MD:
  1326. cert_md = 1;
  1327. break;
  1328. case SSL_SECOP_SIGALG_SUPPORTED:
  1329. case SSL_SECOP_SIGALG_SHARED:
  1330. case SSL_SECOP_SIGALG_CHECK:
  1331. case SSL_SECOP_SIGALG_MASK:
  1332. show_nm = 0;
  1333. break;
  1334. }
  1335. if (show_nm)
  1336. BIO_printf(sdb->out, "%s=", nm);
  1337. switch (op & SSL_SECOP_OTHER_TYPE) {
  1338. case SSL_SECOP_OTHER_CIPHER:
  1339. BIO_puts(sdb->out, SSL_CIPHER_get_name(other));
  1340. break;
  1341. #ifndef OPENSSL_NO_EC
  1342. case SSL_SECOP_OTHER_CURVE:
  1343. {
  1344. const char *cname;
  1345. cname = EC_curve_nid2nist(nid);
  1346. if (cname == NULL)
  1347. cname = OBJ_nid2sn(nid);
  1348. BIO_puts(sdb->out, cname);
  1349. }
  1350. break;
  1351. #endif
  1352. case SSL_SECOP_OTHER_CERT:
  1353. {
  1354. if (cert_md) {
  1355. int sig_nid = X509_get_signature_nid(other);
  1356. BIO_puts(sdb->out, OBJ_nid2sn(sig_nid));
  1357. } else {
  1358. EVP_PKEY *pkey = X509_get0_pubkey(other);
  1359. if (pkey == NULL) {
  1360. BIO_printf(sdb->out, "Public key missing");
  1361. } else {
  1362. const char *algname = "";
  1363. EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL,
  1364. &algname, EVP_PKEY_get0_asn1(pkey));
  1365. BIO_printf(sdb->out, "%s, bits=%d",
  1366. algname, EVP_PKEY_get_bits(pkey));
  1367. }
  1368. }
  1369. break;
  1370. }
  1371. case SSL_SECOP_OTHER_SIGALG:
  1372. {
  1373. const unsigned char *salg = other;
  1374. const char *sname = NULL;
  1375. int raw_sig_code = (salg[0] << 8) + salg[1]; /* always big endian (msb, lsb) */
  1376. /* raw_sig_code: signature_scheme from tls1.3, or signature_and_hash from tls1.2 */
  1377. if (nm != NULL)
  1378. BIO_printf(sdb->out, "%s", nm);
  1379. else
  1380. BIO_printf(sdb->out, "s_cb.c:security_callback_debug op=0x%x", op);
  1381. sname = lookup(raw_sig_code, signature_tls13_scheme_list, NULL);
  1382. if (sname != NULL) {
  1383. BIO_printf(sdb->out, " scheme=%s", sname);
  1384. } else {
  1385. int alg_code = salg[1];
  1386. int hash_code = salg[0];
  1387. const char *alg_str = lookup(alg_code, signature_tls12_alg_list, NULL);
  1388. const char *hash_str = lookup(hash_code, signature_tls12_hash_list, NULL);
  1389. if (alg_str != NULL && hash_str != NULL)
  1390. BIO_printf(sdb->out, " digest=%s, algorithm=%s", hash_str, alg_str);
  1391. else
  1392. BIO_printf(sdb->out, " scheme=unknown(0x%04x)", raw_sig_code);
  1393. }
  1394. }
  1395. }
  1396. if (show_bits)
  1397. BIO_printf(sdb->out, ", security bits=%d", bits);
  1398. BIO_printf(sdb->out, ": %s\n", rv ? "yes" : "no");
  1399. return rv;
  1400. }
  1401. void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose)
  1402. {
  1403. static security_debug_ex sdb;
  1404. sdb.out = bio_err;
  1405. sdb.verbose = verbose;
  1406. sdb.old_cb = SSL_CTX_get_security_callback(ctx);
  1407. SSL_CTX_set_security_callback(ctx, security_callback_debug);
  1408. SSL_CTX_set0_security_ex_data(ctx, &sdb);
  1409. }
  1410. static void keylog_callback(const SSL *ssl, const char *line)
  1411. {
  1412. if (bio_keylog == NULL) {
  1413. BIO_printf(bio_err, "Keylog callback is invoked without valid file!\n");
  1414. return;
  1415. }
  1416. /*
  1417. * There might be concurrent writers to the keylog file, so we must ensure
  1418. * that the given line is written at once.
  1419. */
  1420. BIO_printf(bio_keylog, "%s\n", line);
  1421. (void)BIO_flush(bio_keylog);
  1422. }
  1423. int set_keylog_file(SSL_CTX *ctx, const char *keylog_file)
  1424. {
  1425. /* Close any open files */
  1426. BIO_free_all(bio_keylog);
  1427. bio_keylog = NULL;
  1428. if (ctx == NULL || keylog_file == NULL) {
  1429. /* Keylogging is disabled, OK. */
  1430. return 0;
  1431. }
  1432. /*
  1433. * Append rather than write in order to allow concurrent modification.
  1434. * Furthermore, this preserves existing keylog files which is useful when
  1435. * the tool is run multiple times.
  1436. */
  1437. bio_keylog = BIO_new_file(keylog_file, "a");
  1438. if (bio_keylog == NULL) {
  1439. BIO_printf(bio_err, "Error writing keylog file %s\n", keylog_file);
  1440. return 1;
  1441. }
  1442. /* Write a header for seekable, empty files (this excludes pipes). */
  1443. if (BIO_tell(bio_keylog) == 0) {
  1444. BIO_puts(bio_keylog,
  1445. "# SSL/TLS secrets log file, generated by OpenSSL\n");
  1446. (void)BIO_flush(bio_keylog);
  1447. }
  1448. SSL_CTX_set_keylog_callback(ctx, keylog_callback);
  1449. return 0;
  1450. }
  1451. void print_ca_names(BIO *bio, SSL *s)
  1452. {
  1453. const char *cs = SSL_is_server(s) ? "server" : "client";
  1454. const STACK_OF(X509_NAME) *sk = SSL_get0_peer_CA_list(s);
  1455. int i;
  1456. if (sk == NULL || sk_X509_NAME_num(sk) == 0) {
  1457. if (!SSL_is_server(s))
  1458. BIO_printf(bio, "---\nNo %s certificate CA names sent\n", cs);
  1459. return;
  1460. }
  1461. BIO_printf(bio, "---\nAcceptable %s certificate CA names\n", cs);
  1462. for (i = 0; i < sk_X509_NAME_num(sk); i++) {
  1463. X509_NAME_print_ex(bio, sk_X509_NAME_value(sk, i), 0, get_nameopt());
  1464. BIO_write(bio, "\n", 1);
  1465. }
  1466. }
  1467. void ssl_print_secure_renegotiation_notes(BIO *bio, SSL *s)
  1468. {
  1469. if (SSL_VERSION_ALLOWS_RENEGOTIATION(s)) {
  1470. BIO_printf(bio, "Secure Renegotiation IS%s supported\n",
  1471. SSL_get_secure_renegotiation_support(s) ? "" : " NOT");
  1472. } else {
  1473. BIO_printf(bio, "This TLS version forbids renegotiation.\n");
  1474. }
  1475. }
  1476. int progress_cb(EVP_PKEY_CTX *ctx)
  1477. {
  1478. BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
  1479. int p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
  1480. static const char symbols[] = ".+*\n";
  1481. char c = (p >= 0 && (size_t)p <= sizeof(symbols) - 1) ? symbols[p] : '?';
  1482. BIO_write(b, &c, 1);
  1483. (void)BIO_flush(b);
  1484. return 1;
  1485. }