s_cb.c 46 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520
  1. /*
  2. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /* callback functions used by s_client, s_server, and s_time */
  10. #include <stdio.h>
  11. #include <stdlib.h>
  12. #include <string.h> /* for memcpy() and strcmp() */
  13. #include "apps.h"
  14. #include <openssl/err.h>
  15. #include <openssl/rand.h>
  16. #include <openssl/x509.h>
  17. #include <openssl/ssl.h>
  18. #include <openssl/bn.h>
  19. #ifndef OPENSSL_NO_DH
  20. # include <openssl/dh.h>
  21. #endif
  22. #include "s_apps.h"
  23. #define COOKIE_SECRET_LENGTH 16
  24. VERIFY_CB_ARGS verify_args = { -1, 0, X509_V_OK, 0 };
  25. #ifndef OPENSSL_NO_SOCK
  26. static unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
  27. static int cookie_initialized = 0;
  28. #endif
  29. static BIO *bio_keylog = NULL;
  30. static const char *lookup(int val, const STRINT_PAIR* list, const char* def)
  31. {
  32. for ( ; list->name; ++list)
  33. if (list->retval == val)
  34. return list->name;
  35. return def;
  36. }
  37. int verify_callback(int ok, X509_STORE_CTX *ctx)
  38. {
  39. X509 *err_cert;
  40. int err, depth;
  41. err_cert = X509_STORE_CTX_get_current_cert(ctx);
  42. err = X509_STORE_CTX_get_error(ctx);
  43. depth = X509_STORE_CTX_get_error_depth(ctx);
  44. if (!verify_args.quiet || !ok) {
  45. BIO_printf(bio_err, "depth=%d ", depth);
  46. if (err_cert != NULL) {
  47. X509_NAME_print_ex(bio_err,
  48. X509_get_subject_name(err_cert),
  49. 0, get_nameopt());
  50. BIO_puts(bio_err, "\n");
  51. } else {
  52. BIO_puts(bio_err, "<no cert>\n");
  53. }
  54. }
  55. if (!ok) {
  56. BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
  57. X509_verify_cert_error_string(err));
  58. if (verify_args.depth < 0 || verify_args.depth >= depth) {
  59. if (!verify_args.return_error)
  60. ok = 1;
  61. verify_args.error = err;
  62. } else {
  63. ok = 0;
  64. verify_args.error = X509_V_ERR_CERT_CHAIN_TOO_LONG;
  65. }
  66. }
  67. switch (err) {
  68. case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
  69. BIO_puts(bio_err, "issuer= ");
  70. X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
  71. 0, get_nameopt());
  72. BIO_puts(bio_err, "\n");
  73. break;
  74. case X509_V_ERR_CERT_NOT_YET_VALID:
  75. case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
  76. BIO_printf(bio_err, "notBefore=");
  77. ASN1_TIME_print(bio_err, X509_get0_notBefore(err_cert));
  78. BIO_printf(bio_err, "\n");
  79. break;
  80. case X509_V_ERR_CERT_HAS_EXPIRED:
  81. case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
  82. BIO_printf(bio_err, "notAfter=");
  83. ASN1_TIME_print(bio_err, X509_get0_notAfter(err_cert));
  84. BIO_printf(bio_err, "\n");
  85. break;
  86. case X509_V_ERR_NO_EXPLICIT_POLICY:
  87. if (!verify_args.quiet)
  88. policies_print(ctx);
  89. break;
  90. }
  91. if (err == X509_V_OK && ok == 2 && !verify_args.quiet)
  92. policies_print(ctx);
  93. if (ok && !verify_args.quiet)
  94. BIO_printf(bio_err, "verify return:%d\n", ok);
  95. return ok;
  96. }
  97. int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
  98. {
  99. if (cert_file != NULL) {
  100. if (SSL_CTX_use_certificate_file(ctx, cert_file,
  101. SSL_FILETYPE_PEM) <= 0) {
  102. BIO_printf(bio_err, "unable to get certificate from '%s'\n",
  103. cert_file);
  104. ERR_print_errors(bio_err);
  105. return 0;
  106. }
  107. if (key_file == NULL)
  108. key_file = cert_file;
  109. if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) {
  110. BIO_printf(bio_err, "unable to get private key from '%s'\n",
  111. key_file);
  112. ERR_print_errors(bio_err);
  113. return 0;
  114. }
  115. /*
  116. * If we are using DSA, we can copy the parameters from the private
  117. * key
  118. */
  119. /*
  120. * Now we know that a key and cert have been set against the SSL
  121. * context
  122. */
  123. if (!SSL_CTX_check_private_key(ctx)) {
  124. BIO_printf(bio_err,
  125. "Private key does not match the certificate public key\n");
  126. return 0;
  127. }
  128. }
  129. return 1;
  130. }
  131. int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
  132. STACK_OF(X509) *chain, int build_chain)
  133. {
  134. int chflags = chain ? SSL_BUILD_CHAIN_FLAG_CHECK : 0;
  135. if (cert == NULL)
  136. return 1;
  137. if (SSL_CTX_use_certificate(ctx, cert) <= 0) {
  138. BIO_printf(bio_err, "error setting certificate\n");
  139. ERR_print_errors(bio_err);
  140. return 0;
  141. }
  142. if (SSL_CTX_use_PrivateKey(ctx, key) <= 0) {
  143. BIO_printf(bio_err, "error setting private key\n");
  144. ERR_print_errors(bio_err);
  145. return 0;
  146. }
  147. /*
  148. * Now we know that a key and cert have been set against the SSL context
  149. */
  150. if (!SSL_CTX_check_private_key(ctx)) {
  151. BIO_printf(bio_err,
  152. "Private key does not match the certificate public key\n");
  153. return 0;
  154. }
  155. if (chain && !SSL_CTX_set1_chain(ctx, chain)) {
  156. BIO_printf(bio_err, "error setting certificate chain\n");
  157. ERR_print_errors(bio_err);
  158. return 0;
  159. }
  160. if (build_chain && !SSL_CTX_build_cert_chain(ctx, chflags)) {
  161. BIO_printf(bio_err, "error building certificate chain\n");
  162. ERR_print_errors(bio_err);
  163. return 0;
  164. }
  165. return 1;
  166. }
  167. static STRINT_PAIR cert_type_list[] = {
  168. {"RSA sign", TLS_CT_RSA_SIGN},
  169. {"DSA sign", TLS_CT_DSS_SIGN},
  170. {"RSA fixed DH", TLS_CT_RSA_FIXED_DH},
  171. {"DSS fixed DH", TLS_CT_DSS_FIXED_DH},
  172. {"ECDSA sign", TLS_CT_ECDSA_SIGN},
  173. {"RSA fixed ECDH", TLS_CT_RSA_FIXED_ECDH},
  174. {"ECDSA fixed ECDH", TLS_CT_ECDSA_FIXED_ECDH},
  175. {"GOST01 Sign", TLS_CT_GOST01_SIGN},
  176. {NULL}
  177. };
  178. static void ssl_print_client_cert_types(BIO *bio, SSL *s)
  179. {
  180. const unsigned char *p;
  181. int i;
  182. int cert_type_num = SSL_get0_certificate_types(s, &p);
  183. if (!cert_type_num)
  184. return;
  185. BIO_puts(bio, "Client Certificate Types: ");
  186. for (i = 0; i < cert_type_num; i++) {
  187. unsigned char cert_type = p[i];
  188. const char *cname = lookup((int)cert_type, cert_type_list, NULL);
  189. if (i)
  190. BIO_puts(bio, ", ");
  191. if (cname != NULL)
  192. BIO_puts(bio, cname);
  193. else
  194. BIO_printf(bio, "UNKNOWN (%d),", cert_type);
  195. }
  196. BIO_puts(bio, "\n");
  197. }
  198. static const char *get_sigtype(int nid)
  199. {
  200. switch (nid) {
  201. case EVP_PKEY_RSA:
  202. return "RSA";
  203. case EVP_PKEY_RSA_PSS:
  204. return "RSA-PSS";
  205. case EVP_PKEY_DSA:
  206. return "DSA";
  207. case EVP_PKEY_EC:
  208. return "ECDSA";
  209. case NID_ED25519:
  210. return "Ed25519";
  211. case NID_ED448:
  212. return "Ed448";
  213. case NID_id_GostR3410_2001:
  214. return "gost2001";
  215. case NID_id_GostR3410_2012_256:
  216. return "gost2012_256";
  217. case NID_id_GostR3410_2012_512:
  218. return "gost2012_512";
  219. default:
  220. return NULL;
  221. }
  222. }
  223. static int do_print_sigalgs(BIO *out, SSL *s, int shared)
  224. {
  225. int i, nsig, client;
  226. client = SSL_is_server(s) ? 0 : 1;
  227. if (shared)
  228. nsig = SSL_get_shared_sigalgs(s, 0, NULL, NULL, NULL, NULL, NULL);
  229. else
  230. nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);
  231. if (nsig == 0)
  232. return 1;
  233. if (shared)
  234. BIO_puts(out, "Shared ");
  235. if (client)
  236. BIO_puts(out, "Requested ");
  237. BIO_puts(out, "Signature Algorithms: ");
  238. for (i = 0; i < nsig; i++) {
  239. int hash_nid, sign_nid;
  240. unsigned char rhash, rsign;
  241. const char *sstr = NULL;
  242. if (shared)
  243. SSL_get_shared_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
  244. &rsign, &rhash);
  245. else
  246. SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL, &rsign, &rhash);
  247. if (i)
  248. BIO_puts(out, ":");
  249. sstr = get_sigtype(sign_nid);
  250. if (sstr)
  251. BIO_printf(out, "%s", sstr);
  252. else
  253. BIO_printf(out, "0x%02X", (int)rsign);
  254. if (hash_nid != NID_undef)
  255. BIO_printf(out, "+%s", OBJ_nid2sn(hash_nid));
  256. else if (sstr == NULL)
  257. BIO_printf(out, "+0x%02X", (int)rhash);
  258. }
  259. BIO_puts(out, "\n");
  260. return 1;
  261. }
  262. int ssl_print_sigalgs(BIO *out, SSL *s)
  263. {
  264. int nid;
  265. if (!SSL_is_server(s))
  266. ssl_print_client_cert_types(out, s);
  267. do_print_sigalgs(out, s, 0);
  268. do_print_sigalgs(out, s, 1);
  269. if (SSL_get_peer_signature_nid(s, &nid) && nid != NID_undef)
  270. BIO_printf(out, "Peer signing digest: %s\n", OBJ_nid2sn(nid));
  271. if (SSL_get_peer_signature_type_nid(s, &nid))
  272. BIO_printf(out, "Peer signature type: %s\n", get_sigtype(nid));
  273. return 1;
  274. }
  275. #ifndef OPENSSL_NO_EC
  276. int ssl_print_point_formats(BIO *out, SSL *s)
  277. {
  278. int i, nformats;
  279. const char *pformats;
  280. nformats = SSL_get0_ec_point_formats(s, &pformats);
  281. if (nformats <= 0)
  282. return 1;
  283. BIO_puts(out, "Supported Elliptic Curve Point Formats: ");
  284. for (i = 0; i < nformats; i++, pformats++) {
  285. if (i)
  286. BIO_puts(out, ":");
  287. switch (*pformats) {
  288. case TLSEXT_ECPOINTFORMAT_uncompressed:
  289. BIO_puts(out, "uncompressed");
  290. break;
  291. case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime:
  292. BIO_puts(out, "ansiX962_compressed_prime");
  293. break;
  294. case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2:
  295. BIO_puts(out, "ansiX962_compressed_char2");
  296. break;
  297. default:
  298. BIO_printf(out, "unknown(%d)", (int)*pformats);
  299. break;
  300. }
  301. }
  302. BIO_puts(out, "\n");
  303. return 1;
  304. }
  305. int ssl_print_groups(BIO *out, SSL *s, int noshared)
  306. {
  307. int i, ngroups, *groups, nid;
  308. const char *gname;
  309. ngroups = SSL_get1_groups(s, NULL);
  310. if (ngroups <= 0)
  311. return 1;
  312. groups = app_malloc(ngroups * sizeof(int), "groups to print");
  313. SSL_get1_groups(s, groups);
  314. BIO_puts(out, "Supported Elliptic Groups: ");
  315. for (i = 0; i < ngroups; i++) {
  316. if (i)
  317. BIO_puts(out, ":");
  318. nid = groups[i];
  319. /* If unrecognised print out hex version */
  320. if (nid & TLSEXT_nid_unknown) {
  321. BIO_printf(out, "0x%04X", nid & 0xFFFF);
  322. } else {
  323. /* TODO(TLS1.3): Get group name here */
  324. /* Use NIST name for curve if it exists */
  325. gname = EC_curve_nid2nist(nid);
  326. if (gname == NULL)
  327. gname = OBJ_nid2sn(nid);
  328. BIO_printf(out, "%s", gname);
  329. }
  330. }
  331. OPENSSL_free(groups);
  332. if (noshared) {
  333. BIO_puts(out, "\n");
  334. return 1;
  335. }
  336. BIO_puts(out, "\nShared Elliptic groups: ");
  337. ngroups = SSL_get_shared_group(s, -1);
  338. for (i = 0; i < ngroups; i++) {
  339. if (i)
  340. BIO_puts(out, ":");
  341. nid = SSL_get_shared_group(s, i);
  342. /* TODO(TLS1.3): Convert for DH groups */
  343. gname = EC_curve_nid2nist(nid);
  344. if (gname == NULL)
  345. gname = OBJ_nid2sn(nid);
  346. BIO_printf(out, "%s", gname);
  347. }
  348. if (ngroups == 0)
  349. BIO_puts(out, "NONE");
  350. BIO_puts(out, "\n");
  351. return 1;
  352. }
  353. #endif
  354. int ssl_print_tmp_key(BIO *out, SSL *s)
  355. {
  356. EVP_PKEY *key;
  357. if (!SSL_get_peer_tmp_key(s, &key))
  358. return 1;
  359. BIO_puts(out, "Server Temp Key: ");
  360. switch (EVP_PKEY_id(key)) {
  361. case EVP_PKEY_RSA:
  362. BIO_printf(out, "RSA, %d bits\n", EVP_PKEY_bits(key));
  363. break;
  364. case EVP_PKEY_DH:
  365. BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key));
  366. break;
  367. #ifndef OPENSSL_NO_EC
  368. case EVP_PKEY_EC:
  369. {
  370. EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
  371. int nid;
  372. const char *cname;
  373. nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
  374. EC_KEY_free(ec);
  375. cname = EC_curve_nid2nist(nid);
  376. if (cname == NULL)
  377. cname = OBJ_nid2sn(nid);
  378. BIO_printf(out, "ECDH, %s, %d bits\n", cname, EVP_PKEY_bits(key));
  379. }
  380. break;
  381. #endif
  382. default:
  383. BIO_printf(out, "%s, %d bits\n", OBJ_nid2sn(EVP_PKEY_id(key)),
  384. EVP_PKEY_bits(key));
  385. }
  386. EVP_PKEY_free(key);
  387. return 1;
  388. }
  389. long bio_dump_callback(BIO *bio, int cmd, const char *argp,
  390. int argi, long argl, long ret)
  391. {
  392. BIO *out;
  393. out = (BIO *)BIO_get_callback_arg(bio);
  394. if (out == NULL)
  395. return ret;
  396. if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) {
  397. BIO_printf(out, "read from %p [%p] (%lu bytes => %ld (0x%lX))\n",
  398. (void *)bio, (void *)argp, (unsigned long)argi, ret, ret);
  399. BIO_dump(out, argp, (int)ret);
  400. return ret;
  401. } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) {
  402. BIO_printf(out, "write to %p [%p] (%lu bytes => %ld (0x%lX))\n",
  403. (void *)bio, (void *)argp, (unsigned long)argi, ret, ret);
  404. BIO_dump(out, argp, (int)ret);
  405. }
  406. return ret;
  407. }
  408. void apps_ssl_info_callback(const SSL *s, int where, int ret)
  409. {
  410. const char *str;
  411. int w;
  412. w = where & ~SSL_ST_MASK;
  413. if (w & SSL_ST_CONNECT)
  414. str = "SSL_connect";
  415. else if (w & SSL_ST_ACCEPT)
  416. str = "SSL_accept";
  417. else
  418. str = "undefined";
  419. if (where & SSL_CB_LOOP) {
  420. BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s));
  421. } else if (where & SSL_CB_ALERT) {
  422. str = (where & SSL_CB_READ) ? "read" : "write";
  423. BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n",
  424. str,
  425. SSL_alert_type_string_long(ret),
  426. SSL_alert_desc_string_long(ret));
  427. } else if (where & SSL_CB_EXIT) {
  428. if (ret == 0)
  429. BIO_printf(bio_err, "%s:failed in %s\n",
  430. str, SSL_state_string_long(s));
  431. else if (ret < 0)
  432. BIO_printf(bio_err, "%s:error in %s\n",
  433. str, SSL_state_string_long(s));
  434. }
  435. }
  436. static STRINT_PAIR ssl_versions[] = {
  437. {"SSL 3.0", SSL3_VERSION},
  438. {"TLS 1.0", TLS1_VERSION},
  439. {"TLS 1.1", TLS1_1_VERSION},
  440. {"TLS 1.2", TLS1_2_VERSION},
  441. {"TLS 1.3", TLS1_3_VERSION},
  442. {"DTLS 1.0", DTLS1_VERSION},
  443. {"DTLS 1.0 (bad)", DTLS1_BAD_VER},
  444. {NULL}
  445. };
  446. static STRINT_PAIR alert_types[] = {
  447. {" close_notify", 0},
  448. {" end_of_early_data", 1},
  449. {" unexpected_message", 10},
  450. {" bad_record_mac", 20},
  451. {" decryption_failed", 21},
  452. {" record_overflow", 22},
  453. {" decompression_failure", 30},
  454. {" handshake_failure", 40},
  455. {" bad_certificate", 42},
  456. {" unsupported_certificate", 43},
  457. {" certificate_revoked", 44},
  458. {" certificate_expired", 45},
  459. {" certificate_unknown", 46},
  460. {" illegal_parameter", 47},
  461. {" unknown_ca", 48},
  462. {" access_denied", 49},
  463. {" decode_error", 50},
  464. {" decrypt_error", 51},
  465. {" export_restriction", 60},
  466. {" protocol_version", 70},
  467. {" insufficient_security", 71},
  468. {" internal_error", 80},
  469. {" inappropriate_fallback", 86},
  470. {" user_canceled", 90},
  471. {" no_renegotiation", 100},
  472. {" missing_extension", 109},
  473. {" unsupported_extension", 110},
  474. {" certificate_unobtainable", 111},
  475. {" unrecognized_name", 112},
  476. {" bad_certificate_status_response", 113},
  477. {" bad_certificate_hash_value", 114},
  478. {" unknown_psk_identity", 115},
  479. {" certificate_required", 116},
  480. {NULL}
  481. };
  482. static STRINT_PAIR handshakes[] = {
  483. {", HelloRequest", SSL3_MT_HELLO_REQUEST},
  484. {", ClientHello", SSL3_MT_CLIENT_HELLO},
  485. {", ServerHello", SSL3_MT_SERVER_HELLO},
  486. {", HelloVerifyRequest", DTLS1_MT_HELLO_VERIFY_REQUEST},
  487. {", NewSessionTicket", SSL3_MT_NEWSESSION_TICKET},
  488. {", EndOfEarlyData", SSL3_MT_END_OF_EARLY_DATA},
  489. {", EncryptedExtensions", SSL3_MT_ENCRYPTED_EXTENSIONS},
  490. {", Certificate", SSL3_MT_CERTIFICATE},
  491. {", ServerKeyExchange", SSL3_MT_SERVER_KEY_EXCHANGE},
  492. {", CertificateRequest", SSL3_MT_CERTIFICATE_REQUEST},
  493. {", ServerHelloDone", SSL3_MT_SERVER_DONE},
  494. {", CertificateVerify", SSL3_MT_CERTIFICATE_VERIFY},
  495. {", ClientKeyExchange", SSL3_MT_CLIENT_KEY_EXCHANGE},
  496. {", Finished", SSL3_MT_FINISHED},
  497. {", CertificateUrl", SSL3_MT_CERTIFICATE_URL},
  498. {", CertificateStatus", SSL3_MT_CERTIFICATE_STATUS},
  499. {", SupplementalData", SSL3_MT_SUPPLEMENTAL_DATA},
  500. {", KeyUpdate", SSL3_MT_KEY_UPDATE},
  501. #ifndef OPENSSL_NO_NEXTPROTONEG
  502. {", NextProto", SSL3_MT_NEXT_PROTO},
  503. #endif
  504. {", MessageHash", SSL3_MT_MESSAGE_HASH},
  505. {NULL}
  506. };
  507. void msg_cb(int write_p, int version, int content_type, const void *buf,
  508. size_t len, SSL *ssl, void *arg)
  509. {
  510. BIO *bio = arg;
  511. const char *str_write_p = write_p ? ">>>" : "<<<";
  512. const char *str_version = lookup(version, ssl_versions, "???");
  513. const char *str_content_type = "", *str_details1 = "", *str_details2 = "";
  514. const unsigned char* bp = buf;
  515. if (version == SSL3_VERSION ||
  516. version == TLS1_VERSION ||
  517. version == TLS1_1_VERSION ||
  518. version == TLS1_2_VERSION ||
  519. version == TLS1_3_VERSION ||
  520. version == DTLS1_VERSION || version == DTLS1_BAD_VER) {
  521. switch (content_type) {
  522. case 20:
  523. str_content_type = ", ChangeCipherSpec";
  524. break;
  525. case 21:
  526. str_content_type = ", Alert";
  527. str_details1 = ", ???";
  528. if (len == 2) {
  529. switch (bp[0]) {
  530. case 1:
  531. str_details1 = ", warning";
  532. break;
  533. case 2:
  534. str_details1 = ", fatal";
  535. break;
  536. }
  537. str_details2 = lookup((int)bp[1], alert_types, " ???");
  538. }
  539. break;
  540. case 22:
  541. str_content_type = ", Handshake";
  542. str_details1 = "???";
  543. if (len > 0)
  544. str_details1 = lookup((int)bp[0], handshakes, "???");
  545. break;
  546. case 23:
  547. str_content_type = ", ApplicationData";
  548. break;
  549. }
  550. }
  551. BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version,
  552. str_content_type, (unsigned long)len, str_details1,
  553. str_details2);
  554. if (len > 0) {
  555. size_t num, i;
  556. BIO_printf(bio, " ");
  557. num = len;
  558. for (i = 0; i < num; i++) {
  559. if (i % 16 == 0 && i > 0)
  560. BIO_printf(bio, "\n ");
  561. BIO_printf(bio, " %02x", ((const unsigned char *)buf)[i]);
  562. }
  563. if (i < len)
  564. BIO_printf(bio, " ...");
  565. BIO_printf(bio, "\n");
  566. }
  567. (void)BIO_flush(bio);
  568. }
  569. static STRINT_PAIR tlsext_types[] = {
  570. {"server name", TLSEXT_TYPE_server_name},
  571. {"max fragment length", TLSEXT_TYPE_max_fragment_length},
  572. {"client certificate URL", TLSEXT_TYPE_client_certificate_url},
  573. {"trusted CA keys", TLSEXT_TYPE_trusted_ca_keys},
  574. {"truncated HMAC", TLSEXT_TYPE_truncated_hmac},
  575. {"status request", TLSEXT_TYPE_status_request},
  576. {"user mapping", TLSEXT_TYPE_user_mapping},
  577. {"client authz", TLSEXT_TYPE_client_authz},
  578. {"server authz", TLSEXT_TYPE_server_authz},
  579. {"cert type", TLSEXT_TYPE_cert_type},
  580. {"supported_groups", TLSEXT_TYPE_supported_groups},
  581. {"EC point formats", TLSEXT_TYPE_ec_point_formats},
  582. {"SRP", TLSEXT_TYPE_srp},
  583. {"signature algorithms", TLSEXT_TYPE_signature_algorithms},
  584. {"use SRTP", TLSEXT_TYPE_use_srtp},
  585. {"session ticket", TLSEXT_TYPE_session_ticket},
  586. {"renegotiation info", TLSEXT_TYPE_renegotiate},
  587. {"signed certificate timestamps", TLSEXT_TYPE_signed_certificate_timestamp},
  588. {"TLS padding", TLSEXT_TYPE_padding},
  589. #ifdef TLSEXT_TYPE_next_proto_neg
  590. {"next protocol", TLSEXT_TYPE_next_proto_neg},
  591. #endif
  592. #ifdef TLSEXT_TYPE_encrypt_then_mac
  593. {"encrypt-then-mac", TLSEXT_TYPE_encrypt_then_mac},
  594. #endif
  595. #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
  596. {"application layer protocol negotiation",
  597. TLSEXT_TYPE_application_layer_protocol_negotiation},
  598. #endif
  599. #ifdef TLSEXT_TYPE_extended_master_secret
  600. {"extended master secret", TLSEXT_TYPE_extended_master_secret},
  601. #endif
  602. {"key share", TLSEXT_TYPE_key_share},
  603. {"supported versions", TLSEXT_TYPE_supported_versions},
  604. {"psk", TLSEXT_TYPE_psk},
  605. {"psk kex modes", TLSEXT_TYPE_psk_kex_modes},
  606. {"certificate authorities", TLSEXT_TYPE_certificate_authorities},
  607. {"post handshake auth", TLSEXT_TYPE_post_handshake_auth},
  608. {NULL}
  609. };
  610. /* from rfc8446 4.2.3. + gost (https://tools.ietf.org/id/draft-smyshlyaev-tls12-gost-suites-04.html) */
  611. static STRINT_PAIR signature_tls13_scheme_list[] = {
  612. {"rsa_pkcs1_sha1", 0x0201 /* TLSEXT_SIGALG_rsa_pkcs1_sha1 */},
  613. {"ecdsa_sha1", 0x0203 /* TLSEXT_SIGALG_ecdsa_sha1 */},
  614. /* {"rsa_pkcs1_sha224", 0x0301 TLSEXT_SIGALG_rsa_pkcs1_sha224}, not in rfc8446 */
  615. /* {"ecdsa_sha224", 0x0303 TLSEXT_SIGALG_ecdsa_sha224} not in rfc8446 */
  616. {"rsa_pkcs1_sha256", 0x0401 /* TLSEXT_SIGALG_rsa_pkcs1_sha256 */},
  617. {"ecdsa_secp256r1_sha256", 0x0403 /* TLSEXT_SIGALG_ecdsa_secp256r1_sha256 */},
  618. {"rsa_pkcs1_sha384", 0x0501 /* TLSEXT_SIGALG_rsa_pkcs1_sha384 */},
  619. {"ecdsa_secp384r1_sha384", 0x0503 /* TLSEXT_SIGALG_ecdsa_secp384r1_sha384 */},
  620. {"rsa_pkcs1_sha512", 0x0601 /* TLSEXT_SIGALG_rsa_pkcs1_sha512 */},
  621. {"ecdsa_secp521r1_sha512", 0x0603 /* TLSEXT_SIGALG_ecdsa_secp521r1_sha512 */},
  622. {"rsa_pss_rsae_sha256", 0x0804 /* TLSEXT_SIGALG_rsa_pss_rsae_sha256 */},
  623. {"rsa_pss_rsae_sha384", 0x0805 /* TLSEXT_SIGALG_rsa_pss_rsae_sha384 */},
  624. {"rsa_pss_rsae_sha512", 0x0806 /* TLSEXT_SIGALG_rsa_pss_rsae_sha512 */},
  625. {"ed25519", 0x0807 /* TLSEXT_SIGALG_ed25519 */},
  626. {"ed448", 0x0808 /* TLSEXT_SIGALG_ed448 */},
  627. {"rsa_pss_pss_sha256", 0x0809 /* TLSEXT_SIGALG_rsa_pss_pss_sha256 */},
  628. {"rsa_pss_pss_sha384", 0x080a /* TLSEXT_SIGALG_rsa_pss_pss_sha384 */},
  629. {"rsa_pss_pss_sha512", 0x080b /* TLSEXT_SIGALG_rsa_pss_pss_sha512 */},
  630. {"gostr34102001", 0xeded /* TLSEXT_SIGALG_gostr34102001_gostr3411 */},
  631. {"gostr34102012_256", 0xeeee /* TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256 */},
  632. {"gostr34102012_512", 0xefef /* TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512 */},
  633. {NULL}
  634. };
  635. /* from rfc5246 7.4.1.4.1. */
  636. static STRINT_PAIR signature_tls12_alg_list[] = {
  637. {"anonymous", TLSEXT_signature_anonymous /* 0 */},
  638. {"RSA", TLSEXT_signature_rsa /* 1 */},
  639. {"DSA", TLSEXT_signature_dsa /* 2 */},
  640. {"ECDSA", TLSEXT_signature_ecdsa /* 3 */},
  641. {NULL}
  642. };
  643. /* from rfc5246 7.4.1.4.1. */
  644. static STRINT_PAIR signature_tls12_hash_list[] = {
  645. {"none", TLSEXT_hash_none /* 0 */},
  646. {"MD5", TLSEXT_hash_md5 /* 1 */},
  647. {"SHA1", TLSEXT_hash_sha1 /* 2 */},
  648. {"SHA224", TLSEXT_hash_sha224 /* 3 */},
  649. {"SHA256", TLSEXT_hash_sha256 /* 4 */},
  650. {"SHA384", TLSEXT_hash_sha384 /* 5 */},
  651. {"SHA512", TLSEXT_hash_sha512 /* 6 */},
  652. {NULL}
  653. };
  654. void tlsext_cb(SSL *s, int client_server, int type,
  655. const unsigned char *data, int len, void *arg)
  656. {
  657. BIO *bio = arg;
  658. const char *extname = lookup(type, tlsext_types, "unknown");
  659. BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n",
  660. client_server ? "server" : "client", extname, type, len);
  661. BIO_dump(bio, (const char *)data, len);
  662. (void)BIO_flush(bio);
  663. }
  664. #ifndef OPENSSL_NO_SOCK
  665. int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
  666. unsigned int *cookie_len)
  667. {
  668. unsigned char *buffer;
  669. size_t length = 0;
  670. unsigned short port;
  671. BIO_ADDR *lpeer = NULL, *peer = NULL;
  672. /* Initialize a random secret */
  673. if (!cookie_initialized) {
  674. if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) {
  675. BIO_printf(bio_err, "error setting random cookie secret\n");
  676. return 0;
  677. }
  678. cookie_initialized = 1;
  679. }
  680. if (SSL_is_dtls(ssl)) {
  681. lpeer = peer = BIO_ADDR_new();
  682. if (peer == NULL) {
  683. BIO_printf(bio_err, "memory full\n");
  684. return 0;
  685. }
  686. /* Read peer information */
  687. (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), peer);
  688. } else {
  689. peer = ourpeer;
  690. }
  691. /* Create buffer with peer's address and port */
  692. if (!BIO_ADDR_rawaddress(peer, NULL, &length)) {
  693. BIO_printf(bio_err, "Failed getting peer address\n");
  694. return 0;
  695. }
  696. OPENSSL_assert(length != 0);
  697. port = BIO_ADDR_rawport(peer);
  698. length += sizeof(port);
  699. buffer = app_malloc(length, "cookie generate buffer");
  700. memcpy(buffer, &port, sizeof(port));
  701. BIO_ADDR_rawaddress(peer, buffer + sizeof(port), NULL);
  702. /* Calculate HMAC of buffer using the secret */
  703. HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
  704. buffer, length, cookie, cookie_len);
  705. OPENSSL_free(buffer);
  706. BIO_ADDR_free(lpeer);
  707. return 1;
  708. }
  709. int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
  710. unsigned int cookie_len)
  711. {
  712. unsigned char result[EVP_MAX_MD_SIZE];
  713. unsigned int resultlength;
  714. /* Note: we check cookie_initialized because if it's not,
  715. * it cannot be valid */
  716. if (cookie_initialized
  717. && generate_cookie_callback(ssl, result, &resultlength)
  718. && cookie_len == resultlength
  719. && memcmp(result, cookie, resultlength) == 0)
  720. return 1;
  721. return 0;
  722. }
  723. int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie,
  724. size_t *cookie_len)
  725. {
  726. unsigned int temp;
  727. int res = generate_cookie_callback(ssl, cookie, &temp);
  728. *cookie_len = temp;
  729. return res;
  730. }
  731. int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie,
  732. size_t cookie_len)
  733. {
  734. return verify_cookie_callback(ssl, cookie, cookie_len);
  735. }
  736. #endif
  737. /*
  738. * Example of extended certificate handling. Where the standard support of
  739. * one certificate per algorithm is not sufficient an application can decide
  740. * which certificate(s) to use at runtime based on whatever criteria it deems
  741. * appropriate.
  742. */
  743. /* Linked list of certificates, keys and chains */
  744. struct ssl_excert_st {
  745. int certform;
  746. const char *certfile;
  747. int keyform;
  748. const char *keyfile;
  749. const char *chainfile;
  750. X509 *cert;
  751. EVP_PKEY *key;
  752. STACK_OF(X509) *chain;
  753. int build_chain;
  754. struct ssl_excert_st *next, *prev;
  755. };
  756. static STRINT_PAIR chain_flags[] = {
  757. {"Overall Validity", CERT_PKEY_VALID},
  758. {"Sign with EE key", CERT_PKEY_SIGN},
  759. {"EE signature", CERT_PKEY_EE_SIGNATURE},
  760. {"CA signature", CERT_PKEY_CA_SIGNATURE},
  761. {"EE key parameters", CERT_PKEY_EE_PARAM},
  762. {"CA key parameters", CERT_PKEY_CA_PARAM},
  763. {"Explicitly sign with EE key", CERT_PKEY_EXPLICIT_SIGN},
  764. {"Issuer Name", CERT_PKEY_ISSUER_NAME},
  765. {"Certificate Type", CERT_PKEY_CERT_TYPE},
  766. {NULL}
  767. };
  768. static void print_chain_flags(SSL *s, int flags)
  769. {
  770. STRINT_PAIR *pp;
  771. for (pp = chain_flags; pp->name; ++pp)
  772. BIO_printf(bio_err, "\t%s: %s\n",
  773. pp->name,
  774. (flags & pp->retval) ? "OK" : "NOT OK");
  775. BIO_printf(bio_err, "\tSuite B: ");
  776. if (SSL_set_cert_flags(s, 0) & SSL_CERT_FLAG_SUITEB_128_LOS)
  777. BIO_puts(bio_err, flags & CERT_PKEY_SUITEB ? "OK\n" : "NOT OK\n");
  778. else
  779. BIO_printf(bio_err, "not tested\n");
  780. }
  781. /*
  782. * Very basic selection callback: just use any certificate chain reported as
  783. * valid. More sophisticated could prioritise according to local policy.
  784. */
  785. static int set_cert_cb(SSL *ssl, void *arg)
  786. {
  787. int i, rv;
  788. SSL_EXCERT *exc = arg;
  789. #ifdef CERT_CB_TEST_RETRY
  790. static int retry_cnt;
  791. if (retry_cnt < 5) {
  792. retry_cnt++;
  793. BIO_printf(bio_err,
  794. "Certificate callback retry test: count %d\n",
  795. retry_cnt);
  796. return -1;
  797. }
  798. #endif
  799. SSL_certs_clear(ssl);
  800. if (exc == NULL)
  801. return 1;
  802. /*
  803. * Go to end of list and traverse backwards since we prepend newer
  804. * entries this retains the original order.
  805. */
  806. while (exc->next != NULL)
  807. exc = exc->next;
  808. i = 0;
  809. while (exc != NULL) {
  810. i++;
  811. rv = SSL_check_chain(ssl, exc->cert, exc->key, exc->chain);
  812. BIO_printf(bio_err, "Checking cert chain %d:\nSubject: ", i);
  813. X509_NAME_print_ex(bio_err, X509_get_subject_name(exc->cert), 0,
  814. get_nameopt());
  815. BIO_puts(bio_err, "\n");
  816. print_chain_flags(ssl, rv);
  817. if (rv & CERT_PKEY_VALID) {
  818. if (!SSL_use_certificate(ssl, exc->cert)
  819. || !SSL_use_PrivateKey(ssl, exc->key)) {
  820. return 0;
  821. }
  822. /*
  823. * NB: we wouldn't normally do this as it is not efficient
  824. * building chains on each connection better to cache the chain
  825. * in advance.
  826. */
  827. if (exc->build_chain) {
  828. if (!SSL_build_cert_chain(ssl, 0))
  829. return 0;
  830. } else if (exc->chain != NULL) {
  831. SSL_set1_chain(ssl, exc->chain);
  832. }
  833. }
  834. exc = exc->prev;
  835. }
  836. return 1;
  837. }
  838. void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc)
  839. {
  840. SSL_CTX_set_cert_cb(ctx, set_cert_cb, exc);
  841. }
  842. static int ssl_excert_prepend(SSL_EXCERT **pexc)
  843. {
  844. SSL_EXCERT *exc = app_malloc(sizeof(*exc), "prepend cert");
  845. memset(exc, 0, sizeof(*exc));
  846. exc->next = *pexc;
  847. *pexc = exc;
  848. if (exc->next) {
  849. exc->certform = exc->next->certform;
  850. exc->keyform = exc->next->keyform;
  851. exc->next->prev = exc;
  852. } else {
  853. exc->certform = FORMAT_PEM;
  854. exc->keyform = FORMAT_PEM;
  855. }
  856. return 1;
  857. }
  858. void ssl_excert_free(SSL_EXCERT *exc)
  859. {
  860. SSL_EXCERT *curr;
  861. if (exc == NULL)
  862. return;
  863. while (exc) {
  864. X509_free(exc->cert);
  865. EVP_PKEY_free(exc->key);
  866. sk_X509_pop_free(exc->chain, X509_free);
  867. curr = exc;
  868. exc = exc->next;
  869. OPENSSL_free(curr);
  870. }
  871. }
  872. int load_excert(SSL_EXCERT **pexc)
  873. {
  874. SSL_EXCERT *exc = *pexc;
  875. if (exc == NULL)
  876. return 1;
  877. /* If nothing in list, free and set to NULL */
  878. if (exc->certfile == NULL && exc->next == NULL) {
  879. ssl_excert_free(exc);
  880. *pexc = NULL;
  881. return 1;
  882. }
  883. for (; exc; exc = exc->next) {
  884. if (exc->certfile == NULL) {
  885. BIO_printf(bio_err, "Missing filename\n");
  886. return 0;
  887. }
  888. exc->cert = load_cert(exc->certfile, exc->certform,
  889. "Server Certificate");
  890. if (exc->cert == NULL)
  891. return 0;
  892. if (exc->keyfile != NULL) {
  893. exc->key = load_key(exc->keyfile, exc->keyform,
  894. 0, NULL, NULL, "Server Key");
  895. } else {
  896. exc->key = load_key(exc->certfile, exc->certform,
  897. 0, NULL, NULL, "Server Key");
  898. }
  899. if (exc->key == NULL)
  900. return 0;
  901. if (exc->chainfile != NULL) {
  902. if (!load_certs(exc->chainfile, &exc->chain, FORMAT_PEM, NULL,
  903. "Server Chain"))
  904. return 0;
  905. }
  906. }
  907. return 1;
  908. }
  909. enum range { OPT_X_ENUM };
  910. int args_excert(int opt, SSL_EXCERT **pexc)
  911. {
  912. SSL_EXCERT *exc = *pexc;
  913. assert(opt > OPT_X__FIRST);
  914. assert(opt < OPT_X__LAST);
  915. if (exc == NULL) {
  916. if (!ssl_excert_prepend(&exc)) {
  917. BIO_printf(bio_err, " %s: Error initialising xcert\n",
  918. opt_getprog());
  919. goto err;
  920. }
  921. *pexc = exc;
  922. }
  923. switch ((enum range)opt) {
  924. case OPT_X__FIRST:
  925. case OPT_X__LAST:
  926. return 0;
  927. case OPT_X_CERT:
  928. if (exc->certfile != NULL && !ssl_excert_prepend(&exc)) {
  929. BIO_printf(bio_err, "%s: Error adding xcert\n", opt_getprog());
  930. goto err;
  931. }
  932. *pexc = exc;
  933. exc->certfile = opt_arg();
  934. break;
  935. case OPT_X_KEY:
  936. if (exc->keyfile != NULL) {
  937. BIO_printf(bio_err, "%s: Key already specified\n", opt_getprog());
  938. goto err;
  939. }
  940. exc->keyfile = opt_arg();
  941. break;
  942. case OPT_X_CHAIN:
  943. if (exc->chainfile != NULL) {
  944. BIO_printf(bio_err, "%s: Chain already specified\n",
  945. opt_getprog());
  946. goto err;
  947. }
  948. exc->chainfile = opt_arg();
  949. break;
  950. case OPT_X_CHAIN_BUILD:
  951. exc->build_chain = 1;
  952. break;
  953. case OPT_X_CERTFORM:
  954. if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &exc->certform))
  955. return 0;
  956. break;
  957. case OPT_X_KEYFORM:
  958. if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &exc->keyform))
  959. return 0;
  960. break;
  961. }
  962. return 1;
  963. err:
  964. ERR_print_errors(bio_err);
  965. ssl_excert_free(exc);
  966. *pexc = NULL;
  967. return 0;
  968. }
  969. static void print_raw_cipherlist(SSL *s)
  970. {
  971. const unsigned char *rlist;
  972. static const unsigned char scsv_id[] = { 0, 0xFF };
  973. size_t i, rlistlen, num;
  974. if (!SSL_is_server(s))
  975. return;
  976. num = SSL_get0_raw_cipherlist(s, NULL);
  977. OPENSSL_assert(num == 2);
  978. rlistlen = SSL_get0_raw_cipherlist(s, &rlist);
  979. BIO_puts(bio_err, "Client cipher list: ");
  980. for (i = 0; i < rlistlen; i += num, rlist += num) {
  981. const SSL_CIPHER *c = SSL_CIPHER_find(s, rlist);
  982. if (i)
  983. BIO_puts(bio_err, ":");
  984. if (c != NULL) {
  985. BIO_puts(bio_err, SSL_CIPHER_get_name(c));
  986. } else if (memcmp(rlist, scsv_id, num) == 0) {
  987. BIO_puts(bio_err, "SCSV");
  988. } else {
  989. size_t j;
  990. BIO_puts(bio_err, "0x");
  991. for (j = 0; j < num; j++)
  992. BIO_printf(bio_err, "%02X", rlist[j]);
  993. }
  994. }
  995. BIO_puts(bio_err, "\n");
  996. }
  997. /*
  998. * Hex encoder for TLSA RRdata, not ':' delimited.
  999. */
  1000. static char *hexencode(const unsigned char *data, size_t len)
  1001. {
  1002. static const char *hex = "0123456789abcdef";
  1003. char *out;
  1004. char *cp;
  1005. size_t outlen = 2 * len + 1;
  1006. int ilen = (int) outlen;
  1007. if (outlen < len || ilen < 0 || outlen != (size_t)ilen) {
  1008. BIO_printf(bio_err, "%s: %zu-byte buffer too large to hexencode\n",
  1009. opt_getprog(), len);
  1010. exit(1);
  1011. }
  1012. cp = out = app_malloc(ilen, "TLSA hex data buffer");
  1013. while (len-- > 0) {
  1014. *cp++ = hex[(*data >> 4) & 0x0f];
  1015. *cp++ = hex[*data++ & 0x0f];
  1016. }
  1017. *cp = '\0';
  1018. return out;
  1019. }
  1020. void print_verify_detail(SSL *s, BIO *bio)
  1021. {
  1022. int mdpth;
  1023. EVP_PKEY *mspki;
  1024. long verify_err = SSL_get_verify_result(s);
  1025. if (verify_err == X509_V_OK) {
  1026. const char *peername = SSL_get0_peername(s);
  1027. BIO_printf(bio, "Verification: OK\n");
  1028. if (peername != NULL)
  1029. BIO_printf(bio, "Verified peername: %s\n", peername);
  1030. } else {
  1031. const char *reason = X509_verify_cert_error_string(verify_err);
  1032. BIO_printf(bio, "Verification error: %s\n", reason);
  1033. }
  1034. if ((mdpth = SSL_get0_dane_authority(s, NULL, &mspki)) >= 0) {
  1035. uint8_t usage, selector, mtype;
  1036. const unsigned char *data = NULL;
  1037. size_t dlen = 0;
  1038. char *hexdata;
  1039. mdpth = SSL_get0_dane_tlsa(s, &usage, &selector, &mtype, &data, &dlen);
  1040. /*
  1041. * The TLSA data field can be quite long when it is a certificate,
  1042. * public key or even a SHA2-512 digest. Because the initial octets of
  1043. * ASN.1 certificates and public keys contain mostly boilerplate OIDs
  1044. * and lengths, we show the last 12 bytes of the data instead, as these
  1045. * are more likely to distinguish distinct TLSA records.
  1046. */
  1047. #define TLSA_TAIL_SIZE 12
  1048. if (dlen > TLSA_TAIL_SIZE)
  1049. hexdata = hexencode(data + dlen - TLSA_TAIL_SIZE, TLSA_TAIL_SIZE);
  1050. else
  1051. hexdata = hexencode(data, dlen);
  1052. BIO_printf(bio, "DANE TLSA %d %d %d %s%s %s at depth %d\n",
  1053. usage, selector, mtype,
  1054. (dlen > TLSA_TAIL_SIZE) ? "..." : "", hexdata,
  1055. (mspki != NULL) ? "signed the certificate" :
  1056. mdpth ? "matched TA certificate" : "matched EE certificate",
  1057. mdpth);
  1058. OPENSSL_free(hexdata);
  1059. }
  1060. }
  1061. void print_ssl_summary(SSL *s)
  1062. {
  1063. const SSL_CIPHER *c;
  1064. X509 *peer;
  1065. BIO_printf(bio_err, "Protocol version: %s\n", SSL_get_version(s));
  1066. print_raw_cipherlist(s);
  1067. c = SSL_get_current_cipher(s);
  1068. BIO_printf(bio_err, "Ciphersuite: %s\n", SSL_CIPHER_get_name(c));
  1069. do_print_sigalgs(bio_err, s, 0);
  1070. peer = SSL_get_peer_certificate(s);
  1071. if (peer != NULL) {
  1072. int nid;
  1073. BIO_puts(bio_err, "Peer certificate: ");
  1074. X509_NAME_print_ex(bio_err, X509_get_subject_name(peer),
  1075. 0, get_nameopt());
  1076. BIO_puts(bio_err, "\n");
  1077. if (SSL_get_peer_signature_nid(s, &nid))
  1078. BIO_printf(bio_err, "Hash used: %s\n", OBJ_nid2sn(nid));
  1079. if (SSL_get_peer_signature_type_nid(s, &nid))
  1080. BIO_printf(bio_err, "Signature type: %s\n", get_sigtype(nid));
  1081. print_verify_detail(s, bio_err);
  1082. } else {
  1083. BIO_puts(bio_err, "No peer certificate\n");
  1084. }
  1085. X509_free(peer);
  1086. #ifndef OPENSSL_NO_EC
  1087. ssl_print_point_formats(bio_err, s);
  1088. if (SSL_is_server(s))
  1089. ssl_print_groups(bio_err, s, 1);
  1090. else
  1091. ssl_print_tmp_key(bio_err, s);
  1092. #else
  1093. if (!SSL_is_server(s))
  1094. ssl_print_tmp_key(bio_err, s);
  1095. #endif
  1096. }
  1097. int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str,
  1098. SSL_CTX *ctx)
  1099. {
  1100. int i;
  1101. SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
  1102. for (i = 0; i < sk_OPENSSL_STRING_num(str); i += 2) {
  1103. const char *flag = sk_OPENSSL_STRING_value(str, i);
  1104. const char *arg = sk_OPENSSL_STRING_value(str, i + 1);
  1105. if (SSL_CONF_cmd(cctx, flag, arg) <= 0) {
  1106. if (arg != NULL)
  1107. BIO_printf(bio_err, "Error with command: \"%s %s\"\n",
  1108. flag, arg);
  1109. else
  1110. BIO_printf(bio_err, "Error with command: \"%s\"\n", flag);
  1111. ERR_print_errors(bio_err);
  1112. return 0;
  1113. }
  1114. }
  1115. if (!SSL_CONF_CTX_finish(cctx)) {
  1116. BIO_puts(bio_err, "Error finishing context\n");
  1117. ERR_print_errors(bio_err);
  1118. return 0;
  1119. }
  1120. return 1;
  1121. }
  1122. static int add_crls_store(X509_STORE *st, STACK_OF(X509_CRL) *crls)
  1123. {
  1124. X509_CRL *crl;
  1125. int i;
  1126. for (i = 0; i < sk_X509_CRL_num(crls); i++) {
  1127. crl = sk_X509_CRL_value(crls, i);
  1128. X509_STORE_add_crl(st, crl);
  1129. }
  1130. return 1;
  1131. }
  1132. int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download)
  1133. {
  1134. X509_STORE *st;
  1135. st = SSL_CTX_get_cert_store(ctx);
  1136. add_crls_store(st, crls);
  1137. if (crl_download)
  1138. store_setup_crl_download(st);
  1139. return 1;
  1140. }
  1141. int ssl_load_stores(SSL_CTX *ctx,
  1142. const char *vfyCApath, const char *vfyCAfile,
  1143. const char *chCApath, const char *chCAfile,
  1144. STACK_OF(X509_CRL) *crls, int crl_download)
  1145. {
  1146. X509_STORE *vfy = NULL, *ch = NULL;
  1147. int rv = 0;
  1148. if (vfyCApath != NULL || vfyCAfile != NULL) {
  1149. vfy = X509_STORE_new();
  1150. if (vfy == NULL)
  1151. goto err;
  1152. if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath))
  1153. goto err;
  1154. add_crls_store(vfy, crls);
  1155. SSL_CTX_set1_verify_cert_store(ctx, vfy);
  1156. if (crl_download)
  1157. store_setup_crl_download(vfy);
  1158. }
  1159. if (chCApath != NULL || chCAfile != NULL) {
  1160. ch = X509_STORE_new();
  1161. if (ch == NULL)
  1162. goto err;
  1163. if (!X509_STORE_load_locations(ch, chCAfile, chCApath))
  1164. goto err;
  1165. SSL_CTX_set1_chain_cert_store(ctx, ch);
  1166. }
  1167. rv = 1;
  1168. err:
  1169. X509_STORE_free(vfy);
  1170. X509_STORE_free(ch);
  1171. return rv;
  1172. }
  1173. /* Verbose print out of security callback */
  1174. typedef struct {
  1175. BIO *out;
  1176. int verbose;
  1177. int (*old_cb) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid,
  1178. void *other, void *ex);
  1179. } security_debug_ex;
  1180. static STRINT_PAIR callback_types[] = {
  1181. {"Supported Ciphersuite", SSL_SECOP_CIPHER_SUPPORTED},
  1182. {"Shared Ciphersuite", SSL_SECOP_CIPHER_SHARED},
  1183. {"Check Ciphersuite", SSL_SECOP_CIPHER_CHECK},
  1184. #ifndef OPENSSL_NO_DH
  1185. {"Temp DH key bits", SSL_SECOP_TMP_DH},
  1186. #endif
  1187. {"Supported Curve", SSL_SECOP_CURVE_SUPPORTED},
  1188. {"Shared Curve", SSL_SECOP_CURVE_SHARED},
  1189. {"Check Curve", SSL_SECOP_CURVE_CHECK},
  1190. {"Supported Signature Algorithm", SSL_SECOP_SIGALG_SUPPORTED},
  1191. {"Shared Signature Algorithm", SSL_SECOP_SIGALG_SHARED},
  1192. {"Check Signature Algorithm", SSL_SECOP_SIGALG_CHECK},
  1193. {"Signature Algorithm mask", SSL_SECOP_SIGALG_MASK},
  1194. {"Certificate chain EE key", SSL_SECOP_EE_KEY},
  1195. {"Certificate chain CA key", SSL_SECOP_CA_KEY},
  1196. {"Peer Chain EE key", SSL_SECOP_PEER_EE_KEY},
  1197. {"Peer Chain CA key", SSL_SECOP_PEER_CA_KEY},
  1198. {"Certificate chain CA digest", SSL_SECOP_CA_MD},
  1199. {"Peer chain CA digest", SSL_SECOP_PEER_CA_MD},
  1200. {"SSL compression", SSL_SECOP_COMPRESSION},
  1201. {"Session ticket", SSL_SECOP_TICKET},
  1202. {NULL}
  1203. };
  1204. static int security_callback_debug(const SSL *s, const SSL_CTX *ctx,
  1205. int op, int bits, int nid,
  1206. void *other, void *ex)
  1207. {
  1208. security_debug_ex *sdb = ex;
  1209. int rv, show_bits = 1, cert_md = 0;
  1210. const char *nm;
  1211. int show_nm;
  1212. rv = sdb->old_cb(s, ctx, op, bits, nid, other, ex);
  1213. if (rv == 1 && sdb->verbose < 2)
  1214. return 1;
  1215. BIO_puts(sdb->out, "Security callback: ");
  1216. nm = lookup(op, callback_types, NULL);
  1217. show_nm = nm != NULL;
  1218. switch (op) {
  1219. case SSL_SECOP_TICKET:
  1220. case SSL_SECOP_COMPRESSION:
  1221. show_bits = 0;
  1222. show_nm = 0;
  1223. break;
  1224. case SSL_SECOP_VERSION:
  1225. BIO_printf(sdb->out, "Version=%s", lookup(nid, ssl_versions, "???"));
  1226. show_bits = 0;
  1227. show_nm = 0;
  1228. break;
  1229. case SSL_SECOP_CA_MD:
  1230. case SSL_SECOP_PEER_CA_MD:
  1231. cert_md = 1;
  1232. break;
  1233. case SSL_SECOP_SIGALG_SUPPORTED:
  1234. case SSL_SECOP_SIGALG_SHARED:
  1235. case SSL_SECOP_SIGALG_CHECK:
  1236. case SSL_SECOP_SIGALG_MASK:
  1237. show_nm = 0;
  1238. break;
  1239. }
  1240. if (show_nm)
  1241. BIO_printf(sdb->out, "%s=", nm);
  1242. switch (op & SSL_SECOP_OTHER_TYPE) {
  1243. case SSL_SECOP_OTHER_CIPHER:
  1244. BIO_puts(sdb->out, SSL_CIPHER_get_name(other));
  1245. break;
  1246. #ifndef OPENSSL_NO_EC
  1247. case SSL_SECOP_OTHER_CURVE:
  1248. {
  1249. const char *cname;
  1250. cname = EC_curve_nid2nist(nid);
  1251. if (cname == NULL)
  1252. cname = OBJ_nid2sn(nid);
  1253. BIO_puts(sdb->out, cname);
  1254. }
  1255. break;
  1256. #endif
  1257. #ifndef OPENSSL_NO_DH
  1258. case SSL_SECOP_OTHER_DH:
  1259. {
  1260. DH *dh = other;
  1261. BIO_printf(sdb->out, "%d", DH_bits(dh));
  1262. break;
  1263. }
  1264. #endif
  1265. case SSL_SECOP_OTHER_CERT:
  1266. {
  1267. if (cert_md) {
  1268. int sig_nid = X509_get_signature_nid(other);
  1269. BIO_puts(sdb->out, OBJ_nid2sn(sig_nid));
  1270. } else {
  1271. EVP_PKEY *pkey = X509_get0_pubkey(other);
  1272. const char *algname = "";
  1273. EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL,
  1274. &algname, EVP_PKEY_get0_asn1(pkey));
  1275. BIO_printf(sdb->out, "%s, bits=%d",
  1276. algname, EVP_PKEY_bits(pkey));
  1277. }
  1278. break;
  1279. }
  1280. case SSL_SECOP_OTHER_SIGALG:
  1281. {
  1282. const unsigned char *salg = other;
  1283. const char *sname = NULL;
  1284. int raw_sig_code = (salg[0] << 8) + salg[1]; /* always big endian (msb, lsb) */
  1285. /* raw_sig_code: signature_scheme from tls1.3, or signature_and_hash from tls1.2 */
  1286. if (nm != NULL)
  1287. BIO_printf(sdb->out, "%s", nm);
  1288. else
  1289. BIO_printf(sdb->out, "s_cb.c:security_callback_debug op=0x%x", op);
  1290. sname = lookup(raw_sig_code, signature_tls13_scheme_list, NULL);
  1291. if (sname != NULL) {
  1292. BIO_printf(sdb->out, " scheme=%s", sname);
  1293. } else {
  1294. int alg_code = salg[1];
  1295. int hash_code = salg[0];
  1296. const char *alg_str = lookup(alg_code, signature_tls12_alg_list, NULL);
  1297. const char *hash_str = lookup(hash_code, signature_tls12_hash_list, NULL);
  1298. if (alg_str != NULL && hash_str != NULL)
  1299. BIO_printf(sdb->out, " digest=%s, algorithm=%s", hash_str, alg_str);
  1300. else
  1301. BIO_printf(sdb->out, " scheme=unknown(0x%04x)", raw_sig_code);
  1302. }
  1303. }
  1304. }
  1305. if (show_bits)
  1306. BIO_printf(sdb->out, ", security bits=%d", bits);
  1307. BIO_printf(sdb->out, ": %s\n", rv ? "yes" : "no");
  1308. return rv;
  1309. }
  1310. void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose)
  1311. {
  1312. static security_debug_ex sdb;
  1313. sdb.out = bio_err;
  1314. sdb.verbose = verbose;
  1315. sdb.old_cb = SSL_CTX_get_security_callback(ctx);
  1316. SSL_CTX_set_security_callback(ctx, security_callback_debug);
  1317. SSL_CTX_set0_security_ex_data(ctx, &sdb);
  1318. }
  1319. static void keylog_callback(const SSL *ssl, const char *line)
  1320. {
  1321. if (bio_keylog == NULL) {
  1322. BIO_printf(bio_err, "Keylog callback is invoked without valid file!\n");
  1323. return;
  1324. }
  1325. /*
  1326. * There might be concurrent writers to the keylog file, so we must ensure
  1327. * that the given line is written at once.
  1328. */
  1329. BIO_printf(bio_keylog, "%s\n", line);
  1330. (void)BIO_flush(bio_keylog);
  1331. }
  1332. int set_keylog_file(SSL_CTX *ctx, const char *keylog_file)
  1333. {
  1334. /* Close any open files */
  1335. BIO_free_all(bio_keylog);
  1336. bio_keylog = NULL;
  1337. if (ctx == NULL || keylog_file == NULL) {
  1338. /* Keylogging is disabled, OK. */
  1339. return 0;
  1340. }
  1341. /*
  1342. * Append rather than write in order to allow concurrent modification.
  1343. * Furthermore, this preserves existing keylog files which is useful when
  1344. * the tool is run multiple times.
  1345. */
  1346. bio_keylog = BIO_new_file(keylog_file, "a");
  1347. if (bio_keylog == NULL) {
  1348. BIO_printf(bio_err, "Error writing keylog file %s\n", keylog_file);
  1349. return 1;
  1350. }
  1351. /* Write a header for seekable, empty files (this excludes pipes). */
  1352. if (BIO_tell(bio_keylog) == 0) {
  1353. BIO_puts(bio_keylog,
  1354. "# SSL/TLS secrets log file, generated by OpenSSL\n");
  1355. (void)BIO_flush(bio_keylog);
  1356. }
  1357. SSL_CTX_set_keylog_callback(ctx, keylog_callback);
  1358. return 0;
  1359. }
  1360. void print_ca_names(BIO *bio, SSL *s)
  1361. {
  1362. const char *cs = SSL_is_server(s) ? "server" : "client";
  1363. const STACK_OF(X509_NAME) *sk = SSL_get0_peer_CA_list(s);
  1364. int i;
  1365. if (sk == NULL || sk_X509_NAME_num(sk) == 0) {
  1366. BIO_printf(bio, "---\nNo %s certificate CA names sent\n", cs);
  1367. return;
  1368. }
  1369. BIO_printf(bio, "---\nAcceptable %s certificate CA names\n",cs);
  1370. for (i = 0; i < sk_X509_NAME_num(sk); i++) {
  1371. X509_NAME_print_ex(bio, sk_X509_NAME_value(sk, i), 0, get_nameopt());
  1372. BIO_write(bio, "\n", 1);
  1373. }
  1374. }