ssl_stat.c 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534
  1. /* ssl/ssl_stat.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. /* ====================================================================
  59. * Copyright 2005 Nokia. All rights reserved.
  60. *
  61. * The portions of the attached software ("Contribution") is developed by
  62. * Nokia Corporation and is licensed pursuant to the OpenSSL open source
  63. * license.
  64. *
  65. * The Contribution, originally written by Mika Kousa and Pasi Eronen of
  66. * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
  67. * support (see RFC 4279) to OpenSSL.
  68. *
  69. * No patent licenses or other rights except those expressly stated in
  70. * the OpenSSL open source license shall be deemed granted or received
  71. * expressly, by implication, estoppel, or otherwise.
  72. *
  73. * No assurances are provided by Nokia that the Contribution does not
  74. * infringe the patent or other intellectual property rights of any third
  75. * party or that the license provides you with all the necessary rights
  76. * to make use of the Contribution.
  77. *
  78. * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
  79. * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
  80. * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
  81. * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
  82. * OTHERWISE.
  83. */
  84. #include <stdio.h>
  85. #include "ssl_locl.h"
  86. const char *SSL_state_string_long(const SSL *s)
  87. {
  88. const char *str;
  89. if (ossl_statem_in_error(s)) {
  90. return "error";
  91. }
  92. switch (SSL_get_state(s)) {
  93. case TLS_ST_BEFORE:
  94. str = "before SSL initialization";
  95. break;
  96. case TLS_ST_OK:
  97. str = "SSL negotiation finished successfully";
  98. break;
  99. /* SSLv3 additions */
  100. case TLS_ST_CW_CLNT_HELLO:
  101. str = "SSLv3/TLS write client hello";
  102. break;
  103. case TLS_ST_CR_SRVR_HELLO:
  104. str = "SSLv3/TLS read server hello";
  105. break;
  106. case TLS_ST_CR_CERT:
  107. str = "SSLv3/TLS read server certificate";
  108. break;
  109. case TLS_ST_CR_KEY_EXCH:
  110. str = "SSLv3/TLS read server key exchange";
  111. break;
  112. case TLS_ST_CR_CERT_REQ:
  113. str = "SSLv3/TLS read server certificate request";
  114. break;
  115. case TLS_ST_CR_SESSION_TICKET:
  116. str = "SSLv3/TLS read server session ticket";
  117. break;
  118. case TLS_ST_CR_SRVR_DONE:
  119. str = "SSLv3/TLS read server done";
  120. break;
  121. case TLS_ST_CW_CERT:
  122. str = "SSLv3/TLS write client certificate";
  123. break;
  124. case TLS_ST_CW_KEY_EXCH:
  125. str = "SSLv3/TLS write client key exchange";
  126. break;
  127. case TLS_ST_CW_CERT_VRFY:
  128. str = "SSLv3/TLS write certificate verify";
  129. break;
  130. case TLS_ST_CW_CHANGE:
  131. case TLS_ST_SW_CHANGE:
  132. str = "SSLv3/TLS write change cipher spec";
  133. break;
  134. case TLS_ST_CW_FINISHED:
  135. case TLS_ST_SW_FINISHED:
  136. str = "SSLv3/TLS write finished";
  137. break;
  138. case TLS_ST_CR_CHANGE:
  139. case TLS_ST_SR_CHANGE:
  140. str = "SSLv3/TLS read change cipher spec";
  141. break;
  142. case TLS_ST_CR_FINISHED:
  143. case TLS_ST_SR_FINISHED:
  144. str = "SSLv3/TLS read finished";
  145. break;
  146. case TLS_ST_SR_CLNT_HELLO:
  147. str = "SSLv3/TLS read client hello";
  148. break;
  149. case TLS_ST_SW_HELLO_REQ:
  150. str = "SSLv3/TLS write hello request";
  151. break;
  152. case TLS_ST_SW_SRVR_HELLO:
  153. str = "SSLv3/TLS write server hello";
  154. break;
  155. case TLS_ST_SW_CERT:
  156. str = "SSLv3/TLS write certificate";
  157. break;
  158. case TLS_ST_SW_KEY_EXCH:
  159. str = "SSLv3/TLS write key exchange";
  160. break;
  161. case TLS_ST_SW_CERT_REQ:
  162. str = "SSLv3/TLS write certificate request";
  163. break;
  164. case TLS_ST_SW_SESSION_TICKET:
  165. str = "SSLv3/TLS write session ticket";
  166. break;
  167. case TLS_ST_SW_SRVR_DONE:
  168. str = "SSLv3/TLS write server done";
  169. break;
  170. case TLS_ST_SR_CERT:
  171. str = "SSLv3/TLS read client certificate";
  172. break;
  173. case TLS_ST_SR_KEY_EXCH:
  174. str = "SSLv3/TLS read client key exchange";
  175. break;
  176. case TLS_ST_SR_CERT_VRFY:
  177. str = "SSLv3/TLS read certificate verify";
  178. break;
  179. /* DTLS */
  180. case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
  181. str = "DTLS1 read hello verify request";
  182. break;
  183. case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
  184. str = "DTLS1 write hello verify request";
  185. break;
  186. default:
  187. str = "unknown state";
  188. break;
  189. }
  190. return (str);
  191. }
  192. const char *SSL_state_string(const SSL *s)
  193. {
  194. const char *str;
  195. if (ossl_statem_in_error(s)) {
  196. return "SSLERR";
  197. }
  198. switch (SSL_get_state(s)) {
  199. case TLS_ST_BEFORE:
  200. str = "PINIT ";
  201. break;
  202. case TLS_ST_OK:
  203. str = "SSLOK ";
  204. break;
  205. case TLS_ST_CW_CLNT_HELLO:
  206. str = "TWCH";
  207. break;
  208. case TLS_ST_CR_SRVR_HELLO:
  209. str = "TRSH";
  210. break;
  211. case TLS_ST_CR_CERT:
  212. str = "TRSC";
  213. break;
  214. case TLS_ST_CR_KEY_EXCH:
  215. str = "TRSKE";
  216. break;
  217. case TLS_ST_CR_CERT_REQ:
  218. str = "TRCR";
  219. break;
  220. case TLS_ST_CR_SRVR_DONE:
  221. str = "TRSD";
  222. break;
  223. case TLS_ST_CW_CERT:
  224. str = "TWCC";
  225. break;
  226. case TLS_ST_CW_KEY_EXCH:
  227. str = "TWCKE";
  228. break;
  229. case TLS_ST_CW_CERT_VRFY:
  230. str = "TWCV";
  231. break;
  232. case TLS_ST_SW_CHANGE:
  233. case TLS_ST_CW_CHANGE:
  234. str = "TWCCS";
  235. break;
  236. case TLS_ST_SW_FINISHED:
  237. case TLS_ST_CW_FINISHED:
  238. str = "TWFIN";
  239. break;
  240. case TLS_ST_SR_CHANGE:
  241. case TLS_ST_CR_CHANGE:
  242. str = "TRCCS";
  243. break;
  244. case TLS_ST_SR_FINISHED:
  245. case TLS_ST_CR_FINISHED:
  246. str = "TRFIN";
  247. break;
  248. case TLS_ST_SW_HELLO_REQ:
  249. str = "TWHR";
  250. break;
  251. case TLS_ST_SR_CLNT_HELLO:
  252. str = "TRCH";
  253. break;
  254. case TLS_ST_SW_SRVR_HELLO:
  255. str = "TWSH";
  256. break;
  257. case TLS_ST_SW_CERT:
  258. str = "TWSC";
  259. break;
  260. case TLS_ST_SW_KEY_EXCH:
  261. str = "TWSKE";
  262. break;
  263. case TLS_ST_SW_CERT_REQ:
  264. str = "TWCR";
  265. break;
  266. case TLS_ST_SW_SRVR_DONE:
  267. str = "TWSD";
  268. break;
  269. case TLS_ST_SR_CERT:
  270. str = "TRCC";
  271. break;
  272. case TLS_ST_SR_KEY_EXCH:
  273. str = "TRCKE";
  274. break;
  275. case TLS_ST_SR_CERT_VRFY:
  276. str = "TRCV";
  277. break;
  278. /* DTLS */
  279. case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
  280. str = "DRCHV";
  281. break;
  282. case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
  283. str = "DWCHV";
  284. break;
  285. default:
  286. str = "UNKWN ";
  287. break;
  288. }
  289. return (str);
  290. }
  291. const char *SSL_alert_type_string_long(int value)
  292. {
  293. value >>= 8;
  294. if (value == SSL3_AL_WARNING)
  295. return ("warning");
  296. else if (value == SSL3_AL_FATAL)
  297. return ("fatal");
  298. else
  299. return ("unknown");
  300. }
  301. const char *SSL_alert_type_string(int value)
  302. {
  303. value >>= 8;
  304. if (value == SSL3_AL_WARNING)
  305. return ("W");
  306. else if (value == SSL3_AL_FATAL)
  307. return ("F");
  308. else
  309. return ("U");
  310. }
  311. const char *SSL_alert_desc_string(int value)
  312. {
  313. const char *str;
  314. switch (value & 0xff) {
  315. case SSL3_AD_CLOSE_NOTIFY:
  316. str = "CN";
  317. break;
  318. case SSL3_AD_UNEXPECTED_MESSAGE:
  319. str = "UM";
  320. break;
  321. case SSL3_AD_BAD_RECORD_MAC:
  322. str = "BM";
  323. break;
  324. case SSL3_AD_DECOMPRESSION_FAILURE:
  325. str = "DF";
  326. break;
  327. case SSL3_AD_HANDSHAKE_FAILURE:
  328. str = "HF";
  329. break;
  330. case SSL3_AD_NO_CERTIFICATE:
  331. str = "NC";
  332. break;
  333. case SSL3_AD_BAD_CERTIFICATE:
  334. str = "BC";
  335. break;
  336. case SSL3_AD_UNSUPPORTED_CERTIFICATE:
  337. str = "UC";
  338. break;
  339. case SSL3_AD_CERTIFICATE_REVOKED:
  340. str = "CR";
  341. break;
  342. case SSL3_AD_CERTIFICATE_EXPIRED:
  343. str = "CE";
  344. break;
  345. case SSL3_AD_CERTIFICATE_UNKNOWN:
  346. str = "CU";
  347. break;
  348. case SSL3_AD_ILLEGAL_PARAMETER:
  349. str = "IP";
  350. break;
  351. case TLS1_AD_DECRYPTION_FAILED:
  352. str = "DC";
  353. break;
  354. case TLS1_AD_RECORD_OVERFLOW:
  355. str = "RO";
  356. break;
  357. case TLS1_AD_UNKNOWN_CA:
  358. str = "CA";
  359. break;
  360. case TLS1_AD_ACCESS_DENIED:
  361. str = "AD";
  362. break;
  363. case TLS1_AD_DECODE_ERROR:
  364. str = "DE";
  365. break;
  366. case TLS1_AD_DECRYPT_ERROR:
  367. str = "CY";
  368. break;
  369. case TLS1_AD_EXPORT_RESTRICTION:
  370. str = "ER";
  371. break;
  372. case TLS1_AD_PROTOCOL_VERSION:
  373. str = "PV";
  374. break;
  375. case TLS1_AD_INSUFFICIENT_SECURITY:
  376. str = "IS";
  377. break;
  378. case TLS1_AD_INTERNAL_ERROR:
  379. str = "IE";
  380. break;
  381. case TLS1_AD_USER_CANCELLED:
  382. str = "US";
  383. break;
  384. case TLS1_AD_NO_RENEGOTIATION:
  385. str = "NR";
  386. break;
  387. case TLS1_AD_UNSUPPORTED_EXTENSION:
  388. str = "UE";
  389. break;
  390. case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
  391. str = "CO";
  392. break;
  393. case TLS1_AD_UNRECOGNIZED_NAME:
  394. str = "UN";
  395. break;
  396. case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
  397. str = "BR";
  398. break;
  399. case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
  400. str = "BH";
  401. break;
  402. case TLS1_AD_UNKNOWN_PSK_IDENTITY:
  403. str = "UP";
  404. break;
  405. default:
  406. str = "UK";
  407. break;
  408. }
  409. return (str);
  410. }
  411. const char *SSL_alert_desc_string_long(int value)
  412. {
  413. const char *str;
  414. switch (value & 0xff) {
  415. case SSL3_AD_CLOSE_NOTIFY:
  416. str = "close notify";
  417. break;
  418. case SSL3_AD_UNEXPECTED_MESSAGE:
  419. str = "unexpected_message";
  420. break;
  421. case SSL3_AD_BAD_RECORD_MAC:
  422. str = "bad record mac";
  423. break;
  424. case SSL3_AD_DECOMPRESSION_FAILURE:
  425. str = "decompression failure";
  426. break;
  427. case SSL3_AD_HANDSHAKE_FAILURE:
  428. str = "handshake failure";
  429. break;
  430. case SSL3_AD_NO_CERTIFICATE:
  431. str = "no certificate";
  432. break;
  433. case SSL3_AD_BAD_CERTIFICATE:
  434. str = "bad certificate";
  435. break;
  436. case SSL3_AD_UNSUPPORTED_CERTIFICATE:
  437. str = "unsupported certificate";
  438. break;
  439. case SSL3_AD_CERTIFICATE_REVOKED:
  440. str = "certificate revoked";
  441. break;
  442. case SSL3_AD_CERTIFICATE_EXPIRED:
  443. str = "certificate expired";
  444. break;
  445. case SSL3_AD_CERTIFICATE_UNKNOWN:
  446. str = "certificate unknown";
  447. break;
  448. case SSL3_AD_ILLEGAL_PARAMETER:
  449. str = "illegal parameter";
  450. break;
  451. case TLS1_AD_DECRYPTION_FAILED:
  452. str = "decryption failed";
  453. break;
  454. case TLS1_AD_RECORD_OVERFLOW:
  455. str = "record overflow";
  456. break;
  457. case TLS1_AD_UNKNOWN_CA:
  458. str = "unknown CA";
  459. break;
  460. case TLS1_AD_ACCESS_DENIED:
  461. str = "access denied";
  462. break;
  463. case TLS1_AD_DECODE_ERROR:
  464. str = "decode error";
  465. break;
  466. case TLS1_AD_DECRYPT_ERROR:
  467. str = "decrypt error";
  468. break;
  469. case TLS1_AD_EXPORT_RESTRICTION:
  470. str = "export restriction";
  471. break;
  472. case TLS1_AD_PROTOCOL_VERSION:
  473. str = "protocol version";
  474. break;
  475. case TLS1_AD_INSUFFICIENT_SECURITY:
  476. str = "insufficient security";
  477. break;
  478. case TLS1_AD_INTERNAL_ERROR:
  479. str = "internal error";
  480. break;
  481. case TLS1_AD_USER_CANCELLED:
  482. str = "user canceled";
  483. break;
  484. case TLS1_AD_NO_RENEGOTIATION:
  485. str = "no renegotiation";
  486. break;
  487. case TLS1_AD_UNSUPPORTED_EXTENSION:
  488. str = "unsupported extension";
  489. break;
  490. case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
  491. str = "certificate unobtainable";
  492. break;
  493. case TLS1_AD_UNRECOGNIZED_NAME:
  494. str = "unrecognized name";
  495. break;
  496. case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
  497. str = "bad certificate status response";
  498. break;
  499. case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
  500. str = "bad certificate hash value";
  501. break;
  502. case TLS1_AD_UNKNOWN_PSK_IDENTITY:
  503. str = "unknown PSK identity";
  504. break;
  505. default:
  506. str = "unknown";
  507. break;
  508. }
  509. return (str);
  510. }