2
0

s_cb.c 44 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480
  1. /*
  2. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the OpenSSL license (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /* callback functions used by s_client, s_server, and s_time */
  10. #include <stdio.h>
  11. #include <stdlib.h>
  12. #include <string.h> /* for memcpy() and strcmp() */
  13. #include "apps.h"
  14. #include <openssl/err.h>
  15. #include <openssl/rand.h>
  16. #include <openssl/x509.h>
  17. #include <openssl/ssl.h>
  18. #include <openssl/bn.h>
  19. #ifndef OPENSSL_NO_DH
  20. # include <openssl/dh.h>
  21. #endif
  22. #include "s_apps.h"
  23. #define COOKIE_SECRET_LENGTH 16
  24. VERIFY_CB_ARGS verify_args = { 0, 0, X509_V_OK, 0 };
  25. #ifndef OPENSSL_NO_SOCK
  26. static unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
  27. static int cookie_initialized = 0;
  28. #endif
  29. static BIO *bio_keylog = NULL;
  30. static const char *lookup(int val, const STRINT_PAIR* list, const char* def)
  31. {
  32. for ( ; list->name; ++list)
  33. if (list->retval == val)
  34. return list->name;
  35. return def;
  36. }
  37. int verify_callback(int ok, X509_STORE_CTX *ctx)
  38. {
  39. X509 *err_cert;
  40. int err, depth;
  41. err_cert = X509_STORE_CTX_get_current_cert(ctx);
  42. err = X509_STORE_CTX_get_error(ctx);
  43. depth = X509_STORE_CTX_get_error_depth(ctx);
  44. if (!verify_args.quiet || !ok) {
  45. BIO_printf(bio_err, "depth=%d ", depth);
  46. if (err_cert != NULL) {
  47. X509_NAME_print_ex(bio_err,
  48. X509_get_subject_name(err_cert),
  49. 0, get_nameopt());
  50. BIO_puts(bio_err, "\n");
  51. } else {
  52. BIO_puts(bio_err, "<no cert>\n");
  53. }
  54. }
  55. if (!ok) {
  56. BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
  57. X509_verify_cert_error_string(err));
  58. if (verify_args.depth >= depth) {
  59. if (!verify_args.return_error)
  60. ok = 1;
  61. verify_args.error = err;
  62. } else {
  63. ok = 0;
  64. verify_args.error = X509_V_ERR_CERT_CHAIN_TOO_LONG;
  65. }
  66. }
  67. switch (err) {
  68. case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
  69. BIO_puts(bio_err, "issuer= ");
  70. X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
  71. 0, get_nameopt());
  72. BIO_puts(bio_err, "\n");
  73. break;
  74. case X509_V_ERR_CERT_NOT_YET_VALID:
  75. case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
  76. BIO_printf(bio_err, "notBefore=");
  77. ASN1_TIME_print(bio_err, X509_get0_notBefore(err_cert));
  78. BIO_printf(bio_err, "\n");
  79. break;
  80. case X509_V_ERR_CERT_HAS_EXPIRED:
  81. case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
  82. BIO_printf(bio_err, "notAfter=");
  83. ASN1_TIME_print(bio_err, X509_get0_notAfter(err_cert));
  84. BIO_printf(bio_err, "\n");
  85. break;
  86. case X509_V_ERR_NO_EXPLICIT_POLICY:
  87. if (!verify_args.quiet)
  88. policies_print(ctx);
  89. break;
  90. }
  91. if (err == X509_V_OK && ok == 2 && !verify_args.quiet)
  92. policies_print(ctx);
  93. if (ok && !verify_args.quiet)
  94. BIO_printf(bio_err, "verify return:%d\n", ok);
  95. return ok;
  96. }
  97. int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
  98. {
  99. if (cert_file != NULL) {
  100. if (SSL_CTX_use_certificate_file(ctx, cert_file,
  101. SSL_FILETYPE_PEM) <= 0) {
  102. BIO_printf(bio_err, "unable to get certificate from '%s'\n",
  103. cert_file);
  104. ERR_print_errors(bio_err);
  105. return 0;
  106. }
  107. if (key_file == NULL)
  108. key_file = cert_file;
  109. if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) {
  110. BIO_printf(bio_err, "unable to get private key from '%s'\n",
  111. key_file);
  112. ERR_print_errors(bio_err);
  113. return 0;
  114. }
  115. /*
  116. * If we are using DSA, we can copy the parameters from the private
  117. * key
  118. */
  119. /*
  120. * Now we know that a key and cert have been set against the SSL
  121. * context
  122. */
  123. if (!SSL_CTX_check_private_key(ctx)) {
  124. BIO_printf(bio_err,
  125. "Private key does not match the certificate public key\n");
  126. return 0;
  127. }
  128. }
  129. return 1;
  130. }
  131. int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
  132. STACK_OF(X509) *chain, int build_chain)
  133. {
  134. int chflags = chain ? SSL_BUILD_CHAIN_FLAG_CHECK : 0;
  135. if (cert == NULL)
  136. return 1;
  137. if (SSL_CTX_use_certificate(ctx, cert) <= 0) {
  138. BIO_printf(bio_err, "error setting certificate\n");
  139. ERR_print_errors(bio_err);
  140. return 0;
  141. }
  142. if (SSL_CTX_use_PrivateKey(ctx, key) <= 0) {
  143. BIO_printf(bio_err, "error setting private key\n");
  144. ERR_print_errors(bio_err);
  145. return 0;
  146. }
  147. /*
  148. * Now we know that a key and cert have been set against the SSL context
  149. */
  150. if (!SSL_CTX_check_private_key(ctx)) {
  151. BIO_printf(bio_err,
  152. "Private key does not match the certificate public key\n");
  153. return 0;
  154. }
  155. if (chain && !SSL_CTX_set1_chain(ctx, chain)) {
  156. BIO_printf(bio_err, "error setting certificate chain\n");
  157. ERR_print_errors(bio_err);
  158. return 0;
  159. }
  160. if (build_chain && !SSL_CTX_build_cert_chain(ctx, chflags)) {
  161. BIO_printf(bio_err, "error building certificate chain\n");
  162. ERR_print_errors(bio_err);
  163. return 0;
  164. }
  165. return 1;
  166. }
  167. static STRINT_PAIR cert_type_list[] = {
  168. {"RSA sign", TLS_CT_RSA_SIGN},
  169. {"DSA sign", TLS_CT_DSS_SIGN},
  170. {"RSA fixed DH", TLS_CT_RSA_FIXED_DH},
  171. {"DSS fixed DH", TLS_CT_DSS_FIXED_DH},
  172. {"ECDSA sign", TLS_CT_ECDSA_SIGN},
  173. {"RSA fixed ECDH", TLS_CT_RSA_FIXED_ECDH},
  174. {"ECDSA fixed ECDH", TLS_CT_ECDSA_FIXED_ECDH},
  175. {"GOST01 Sign", TLS_CT_GOST01_SIGN},
  176. {NULL}
  177. };
  178. static void ssl_print_client_cert_types(BIO *bio, SSL *s)
  179. {
  180. const unsigned char *p;
  181. int i;
  182. int cert_type_num = SSL_get0_certificate_types(s, &p);
  183. if (!cert_type_num)
  184. return;
  185. BIO_puts(bio, "Client Certificate Types: ");
  186. for (i = 0; i < cert_type_num; i++) {
  187. unsigned char cert_type = p[i];
  188. const char *cname = lookup((int)cert_type, cert_type_list, NULL);
  189. if (i)
  190. BIO_puts(bio, ", ");
  191. if (cname != NULL)
  192. BIO_puts(bio, cname);
  193. else
  194. BIO_printf(bio, "UNKNOWN (%d),", cert_type);
  195. }
  196. BIO_puts(bio, "\n");
  197. }
  198. static const char *get_sigtype(int nid)
  199. {
  200. switch (nid) {
  201. case EVP_PKEY_RSA:
  202. return "RSA";
  203. case EVP_PKEY_RSA_PSS:
  204. return "RSA-PSS";
  205. case EVP_PKEY_DSA:
  206. return "DSA";
  207. case EVP_PKEY_EC:
  208. return "ECDSA";
  209. case NID_ED25519:
  210. return "Ed25519";
  211. case NID_ED448:
  212. return "Ed448";
  213. case NID_id_GostR3410_2001:
  214. return "gost2001";
  215. case NID_id_GostR3410_2012_256:
  216. return "gost2012_256";
  217. case NID_id_GostR3410_2012_512:
  218. return "gost2012_512";
  219. default:
  220. return NULL;
  221. }
  222. }
  223. static int do_print_sigalgs(BIO *out, SSL *s, int shared)
  224. {
  225. int i, nsig, client;
  226. client = SSL_is_server(s) ? 0 : 1;
  227. if (shared)
  228. nsig = SSL_get_shared_sigalgs(s, 0, NULL, NULL, NULL, NULL, NULL);
  229. else
  230. nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);
  231. if (nsig == 0)
  232. return 1;
  233. if (shared)
  234. BIO_puts(out, "Shared ");
  235. if (client)
  236. BIO_puts(out, "Requested ");
  237. BIO_puts(out, "Signature Algorithms: ");
  238. for (i = 0; i < nsig; i++) {
  239. int hash_nid, sign_nid;
  240. unsigned char rhash, rsign;
  241. const char *sstr = NULL;
  242. if (shared)
  243. SSL_get_shared_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
  244. &rsign, &rhash);
  245. else
  246. SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL, &rsign, &rhash);
  247. if (i)
  248. BIO_puts(out, ":");
  249. sstr = get_sigtype(sign_nid);
  250. if (sstr)
  251. BIO_printf(out, "%s", sstr);
  252. else
  253. BIO_printf(out, "0x%02X", (int)rsign);
  254. if (hash_nid != NID_undef)
  255. BIO_printf(out, "+%s", OBJ_nid2sn(hash_nid));
  256. else if (sstr == NULL)
  257. BIO_printf(out, "+0x%02X", (int)rhash);
  258. }
  259. BIO_puts(out, "\n");
  260. return 1;
  261. }
  262. int ssl_print_sigalgs(BIO *out, SSL *s)
  263. {
  264. int nid;
  265. if (!SSL_is_server(s))
  266. ssl_print_client_cert_types(out, s);
  267. do_print_sigalgs(out, s, 0);
  268. do_print_sigalgs(out, s, 1);
  269. if (SSL_get_peer_signature_nid(s, &nid) && nid != NID_undef)
  270. BIO_printf(out, "Peer signing digest: %s\n", OBJ_nid2sn(nid));
  271. if (SSL_get_peer_signature_type_nid(s, &nid))
  272. BIO_printf(out, "Peer signature type: %s\n", get_sigtype(nid));
  273. return 1;
  274. }
  275. #ifndef OPENSSL_NO_EC
  276. int ssl_print_point_formats(BIO *out, SSL *s)
  277. {
  278. int i, nformats;
  279. const char *pformats;
  280. nformats = SSL_get0_ec_point_formats(s, &pformats);
  281. if (nformats <= 0)
  282. return 1;
  283. BIO_puts(out, "Supported Elliptic Curve Point Formats: ");
  284. for (i = 0; i < nformats; i++, pformats++) {
  285. if (i)
  286. BIO_puts(out, ":");
  287. switch (*pformats) {
  288. case TLSEXT_ECPOINTFORMAT_uncompressed:
  289. BIO_puts(out, "uncompressed");
  290. break;
  291. case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime:
  292. BIO_puts(out, "ansiX962_compressed_prime");
  293. break;
  294. case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2:
  295. BIO_puts(out, "ansiX962_compressed_char2");
  296. break;
  297. default:
  298. BIO_printf(out, "unknown(%d)", (int)*pformats);
  299. break;
  300. }
  301. }
  302. BIO_puts(out, "\n");
  303. return 1;
  304. }
  305. int ssl_print_groups(BIO *out, SSL *s, int noshared)
  306. {
  307. int i, ngroups, *groups, nid;
  308. const char *gname;
  309. ngroups = SSL_get1_groups(s, NULL);
  310. if (ngroups <= 0)
  311. return 1;
  312. groups = app_malloc(ngroups * sizeof(int), "groups to print");
  313. SSL_get1_groups(s, groups);
  314. BIO_puts(out, "Supported Elliptic Groups: ");
  315. for (i = 0; i < ngroups; i++) {
  316. if (i)
  317. BIO_puts(out, ":");
  318. nid = groups[i];
  319. /* If unrecognised print out hex version */
  320. if (nid & TLSEXT_nid_unknown) {
  321. BIO_printf(out, "0x%04X", nid & 0xFFFF);
  322. } else {
  323. /* TODO(TLS1.3): Get group name here */
  324. /* Use NIST name for curve if it exists */
  325. gname = EC_curve_nid2nist(nid);
  326. if (gname == NULL)
  327. gname = OBJ_nid2sn(nid);
  328. BIO_printf(out, "%s", gname);
  329. }
  330. }
  331. OPENSSL_free(groups);
  332. if (noshared) {
  333. BIO_puts(out, "\n");
  334. return 1;
  335. }
  336. BIO_puts(out, "\nShared Elliptic groups: ");
  337. ngroups = SSL_get_shared_group(s, -1);
  338. for (i = 0; i < ngroups; i++) {
  339. if (i)
  340. BIO_puts(out, ":");
  341. nid = SSL_get_shared_group(s, i);
  342. /* TODO(TLS1.3): Convert for DH groups */
  343. gname = EC_curve_nid2nist(nid);
  344. if (gname == NULL)
  345. gname = OBJ_nid2sn(nid);
  346. BIO_printf(out, "%s", gname);
  347. }
  348. if (ngroups == 0)
  349. BIO_puts(out, "NONE");
  350. BIO_puts(out, "\n");
  351. return 1;
  352. }
  353. #endif
  354. int ssl_print_tmp_key(BIO *out, SSL *s)
  355. {
  356. EVP_PKEY *key;
  357. if (!SSL_get_server_tmp_key(s, &key))
  358. return 1;
  359. BIO_puts(out, "Server Temp Key: ");
  360. switch (EVP_PKEY_id(key)) {
  361. case EVP_PKEY_RSA:
  362. BIO_printf(out, "RSA, %d bits\n", EVP_PKEY_bits(key));
  363. break;
  364. case EVP_PKEY_DH:
  365. BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key));
  366. break;
  367. #ifndef OPENSSL_NO_EC
  368. case EVP_PKEY_EC:
  369. {
  370. EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
  371. int nid;
  372. const char *cname;
  373. nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
  374. EC_KEY_free(ec);
  375. cname = EC_curve_nid2nist(nid);
  376. if (cname == NULL)
  377. cname = OBJ_nid2sn(nid);
  378. BIO_printf(out, "ECDH, %s, %d bits\n", cname, EVP_PKEY_bits(key));
  379. }
  380. break;
  381. #endif
  382. default:
  383. BIO_printf(out, "%s, %d bits\n", OBJ_nid2sn(EVP_PKEY_id(key)),
  384. EVP_PKEY_bits(key));
  385. }
  386. EVP_PKEY_free(key);
  387. return 1;
  388. }
  389. long bio_dump_callback(BIO *bio, int cmd, const char *argp,
  390. int argi, long argl, long ret)
  391. {
  392. BIO *out;
  393. out = (BIO *)BIO_get_callback_arg(bio);
  394. if (out == NULL)
  395. return ret;
  396. if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) {
  397. BIO_printf(out, "read from %p [%p] (%lu bytes => %ld (0x%lX))\n",
  398. (void *)bio, (void *)argp, (unsigned long)argi, ret, ret);
  399. BIO_dump(out, argp, (int)ret);
  400. return ret;
  401. } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) {
  402. BIO_printf(out, "write to %p [%p] (%lu bytes => %ld (0x%lX))\n",
  403. (void *)bio, (void *)argp, (unsigned long)argi, ret, ret);
  404. BIO_dump(out, argp, (int)ret);
  405. }
  406. return ret;
  407. }
  408. void apps_ssl_info_callback(const SSL *s, int where, int ret)
  409. {
  410. const char *str;
  411. int w;
  412. w = where & ~SSL_ST_MASK;
  413. if (w & SSL_ST_CONNECT)
  414. str = "SSL_connect";
  415. else if (w & SSL_ST_ACCEPT)
  416. str = "SSL_accept";
  417. else
  418. str = "undefined";
  419. if (where & SSL_CB_LOOP) {
  420. BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s));
  421. } else if (where & SSL_CB_ALERT) {
  422. str = (where & SSL_CB_READ) ? "read" : "write";
  423. BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n",
  424. str,
  425. SSL_alert_type_string_long(ret),
  426. SSL_alert_desc_string_long(ret));
  427. } else if (where & SSL_CB_EXIT) {
  428. if (ret == 0)
  429. BIO_printf(bio_err, "%s:failed in %s\n",
  430. str, SSL_state_string_long(s));
  431. else if (ret < 0)
  432. BIO_printf(bio_err, "%s:error in %s\n",
  433. str, SSL_state_string_long(s));
  434. }
  435. }
  436. static STRINT_PAIR ssl_versions[] = {
  437. {"SSL 3.0", SSL3_VERSION},
  438. {"TLS 1.0", TLS1_VERSION},
  439. {"TLS 1.1", TLS1_1_VERSION},
  440. {"TLS 1.2", TLS1_2_VERSION},
  441. {"TLS 1.3", TLS1_3_VERSION},
  442. {"DTLS 1.0", DTLS1_VERSION},
  443. {"DTLS 1.0 (bad)", DTLS1_BAD_VER},
  444. {NULL}
  445. };
  446. static STRINT_PAIR alert_types[] = {
  447. {" close_notify", 0},
  448. {" end_of_early_data", 1},
  449. {" unexpected_message", 10},
  450. {" bad_record_mac", 20},
  451. {" decryption_failed", 21},
  452. {" record_overflow", 22},
  453. {" decompression_failure", 30},
  454. {" handshake_failure", 40},
  455. {" bad_certificate", 42},
  456. {" unsupported_certificate", 43},
  457. {" certificate_revoked", 44},
  458. {" certificate_expired", 45},
  459. {" certificate_unknown", 46},
  460. {" illegal_parameter", 47},
  461. {" unknown_ca", 48},
  462. {" access_denied", 49},
  463. {" decode_error", 50},
  464. {" decrypt_error", 51},
  465. {" export_restriction", 60},
  466. {" protocol_version", 70},
  467. {" insufficient_security", 71},
  468. {" internal_error", 80},
  469. {" inappropriate_fallback", 86},
  470. {" user_canceled", 90},
  471. {" no_renegotiation", 100},
  472. {" missing_extension", 109},
  473. {" unsupported_extension", 110},
  474. {" certificate_unobtainable", 111},
  475. {" unrecognized_name", 112},
  476. {" bad_certificate_status_response", 113},
  477. {" bad_certificate_hash_value", 114},
  478. {" unknown_psk_identity", 115},
  479. {" certificate_required", 116},
  480. {NULL}
  481. };
  482. static STRINT_PAIR handshakes[] = {
  483. {", HelloRequest", SSL3_MT_HELLO_REQUEST},
  484. {", ClientHello", SSL3_MT_CLIENT_HELLO},
  485. {", ServerHello", SSL3_MT_SERVER_HELLO},
  486. {", HelloVerifyRequest", DTLS1_MT_HELLO_VERIFY_REQUEST},
  487. {", NewSessionTicket", SSL3_MT_NEWSESSION_TICKET},
  488. {", EndOfEarlyData", SSL3_MT_END_OF_EARLY_DATA},
  489. {", EncryptedExtensions", SSL3_MT_ENCRYPTED_EXTENSIONS},
  490. {", Certificate", SSL3_MT_CERTIFICATE},
  491. {", ServerKeyExchange", SSL3_MT_SERVER_KEY_EXCHANGE},
  492. {", CertificateRequest", SSL3_MT_CERTIFICATE_REQUEST},
  493. {", ServerHelloDone", SSL3_MT_SERVER_DONE},
  494. {", CertificateVerify", SSL3_MT_CERTIFICATE_VERIFY},
  495. {", ClientKeyExchange", SSL3_MT_CLIENT_KEY_EXCHANGE},
  496. {", Finished", SSL3_MT_FINISHED},
  497. {", CertificateUrl", SSL3_MT_CERTIFICATE_URL},
  498. {", CertificateStatus", SSL3_MT_CERTIFICATE_STATUS},
  499. {", SupplementalData", SSL3_MT_SUPPLEMENTAL_DATA},
  500. {", KeyUpdate", SSL3_MT_KEY_UPDATE},
  501. #ifndef OPENSSL_NO_NEXTPROTONEG
  502. {", NextProto", SSL3_MT_NEXT_PROTO},
  503. #endif
  504. {", MessageHash", SSL3_MT_MESSAGE_HASH},
  505. {NULL}
  506. };
  507. void msg_cb(int write_p, int version, int content_type, const void *buf,
  508. size_t len, SSL *ssl, void *arg)
  509. {
  510. BIO *bio = arg;
  511. const char *str_write_p = write_p ? ">>>" : "<<<";
  512. const char *str_version = lookup(version, ssl_versions, "???");
  513. const char *str_content_type = "", *str_details1 = "", *str_details2 = "";
  514. const unsigned char* bp = buf;
  515. if (version == SSL3_VERSION ||
  516. version == TLS1_VERSION ||
  517. version == TLS1_1_VERSION ||
  518. version == TLS1_2_VERSION ||
  519. version == TLS1_3_VERSION ||
  520. version == DTLS1_VERSION || version == DTLS1_BAD_VER) {
  521. switch (content_type) {
  522. case 20:
  523. str_content_type = ", ChangeCipherSpec";
  524. break;
  525. case 21:
  526. str_content_type = ", Alert";
  527. str_details1 = ", ???";
  528. if (len == 2) {
  529. switch (bp[0]) {
  530. case 1:
  531. str_details1 = ", warning";
  532. break;
  533. case 2:
  534. str_details1 = ", fatal";
  535. break;
  536. }
  537. str_details2 = lookup((int)bp[1], alert_types, " ???");
  538. }
  539. break;
  540. case 22:
  541. str_content_type = ", Handshake";
  542. str_details1 = "???";
  543. if (len > 0)
  544. str_details1 = lookup((int)bp[0], handshakes, "???");
  545. break;
  546. case 23:
  547. str_content_type = ", ApplicationData";
  548. break;
  549. #ifndef OPENSSL_NO_HEARTBEATS
  550. case 24:
  551. str_details1 = ", Heartbeat";
  552. if (len > 0) {
  553. switch (bp[0]) {
  554. case 1:
  555. str_details1 = ", HeartbeatRequest";
  556. break;
  557. case 2:
  558. str_details1 = ", HeartbeatResponse";
  559. break;
  560. }
  561. }
  562. break;
  563. #endif
  564. }
  565. }
  566. BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version,
  567. str_content_type, (unsigned long)len, str_details1,
  568. str_details2);
  569. if (len > 0) {
  570. size_t num, i;
  571. BIO_printf(bio, " ");
  572. num = len;
  573. for (i = 0; i < num; i++) {
  574. if (i % 16 == 0 && i > 0)
  575. BIO_printf(bio, "\n ");
  576. BIO_printf(bio, " %02x", ((const unsigned char *)buf)[i]);
  577. }
  578. if (i < len)
  579. BIO_printf(bio, " ...");
  580. BIO_printf(bio, "\n");
  581. }
  582. (void)BIO_flush(bio);
  583. }
  584. static STRINT_PAIR tlsext_types[] = {
  585. {"server name", TLSEXT_TYPE_server_name},
  586. {"max fragment length", TLSEXT_TYPE_max_fragment_length},
  587. {"client certificate URL", TLSEXT_TYPE_client_certificate_url},
  588. {"trusted CA keys", TLSEXT_TYPE_trusted_ca_keys},
  589. {"truncated HMAC", TLSEXT_TYPE_truncated_hmac},
  590. {"status request", TLSEXT_TYPE_status_request},
  591. {"user mapping", TLSEXT_TYPE_user_mapping},
  592. {"client authz", TLSEXT_TYPE_client_authz},
  593. {"server authz", TLSEXT_TYPE_server_authz},
  594. {"cert type", TLSEXT_TYPE_cert_type},
  595. {"supported_groups", TLSEXT_TYPE_supported_groups},
  596. {"EC point formats", TLSEXT_TYPE_ec_point_formats},
  597. {"SRP", TLSEXT_TYPE_srp},
  598. {"signature algorithms", TLSEXT_TYPE_signature_algorithms},
  599. {"use SRTP", TLSEXT_TYPE_use_srtp},
  600. {"heartbeat", TLSEXT_TYPE_heartbeat},
  601. {"session ticket", TLSEXT_TYPE_session_ticket},
  602. {"renegotiation info", TLSEXT_TYPE_renegotiate},
  603. {"signed certificate timestamps", TLSEXT_TYPE_signed_certificate_timestamp},
  604. {"TLS padding", TLSEXT_TYPE_padding},
  605. #ifdef TLSEXT_TYPE_next_proto_neg
  606. {"next protocol", TLSEXT_TYPE_next_proto_neg},
  607. #endif
  608. #ifdef TLSEXT_TYPE_encrypt_then_mac
  609. {"encrypt-then-mac", TLSEXT_TYPE_encrypt_then_mac},
  610. #endif
  611. #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
  612. {"application layer protocol negotiation",
  613. TLSEXT_TYPE_application_layer_protocol_negotiation},
  614. #endif
  615. #ifdef TLSEXT_TYPE_extended_master_secret
  616. {"extended master secret", TLSEXT_TYPE_extended_master_secret},
  617. #endif
  618. {"key share", TLSEXT_TYPE_key_share},
  619. {"supported versions", TLSEXT_TYPE_supported_versions},
  620. {"psk", TLSEXT_TYPE_psk},
  621. {"psk kex modes", TLSEXT_TYPE_psk_kex_modes},
  622. {"certificate authorities", TLSEXT_TYPE_certificate_authorities},
  623. {"post handshake auth", TLSEXT_TYPE_post_handshake_auth},
  624. {NULL}
  625. };
  626. void tlsext_cb(SSL *s, int client_server, int type,
  627. const unsigned char *data, int len, void *arg)
  628. {
  629. BIO *bio = arg;
  630. const char *extname = lookup(type, tlsext_types, "unknown");
  631. BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n",
  632. client_server ? "server" : "client", extname, type, len);
  633. BIO_dump(bio, (const char *)data, len);
  634. (void)BIO_flush(bio);
  635. }
  636. #ifndef OPENSSL_NO_SOCK
  637. int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
  638. unsigned int *cookie_len)
  639. {
  640. unsigned char *buffer;
  641. size_t length = 0;
  642. unsigned short port;
  643. BIO_ADDR *lpeer = NULL, *peer = NULL;
  644. /* Initialize a random secret */
  645. if (!cookie_initialized) {
  646. if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) {
  647. BIO_printf(bio_err, "error setting random cookie secret\n");
  648. return 0;
  649. }
  650. cookie_initialized = 1;
  651. }
  652. if (SSL_is_dtls(ssl)) {
  653. lpeer = peer = BIO_ADDR_new();
  654. if (peer == NULL) {
  655. BIO_printf(bio_err, "memory full\n");
  656. return 0;
  657. }
  658. /* Read peer information */
  659. (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), peer);
  660. } else {
  661. peer = ourpeer;
  662. }
  663. /* Create buffer with peer's address and port */
  664. if (!BIO_ADDR_rawaddress(peer, NULL, &length)) {
  665. BIO_printf(bio_err, "Failed getting peer address\n");
  666. return 0;
  667. }
  668. OPENSSL_assert(length != 0);
  669. port = BIO_ADDR_rawport(peer);
  670. length += sizeof(port);
  671. buffer = app_malloc(length, "cookie generate buffer");
  672. memcpy(buffer, &port, sizeof(port));
  673. BIO_ADDR_rawaddress(peer, buffer + sizeof(port), NULL);
  674. /* Calculate HMAC of buffer using the secret */
  675. HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
  676. buffer, length, cookie, cookie_len);
  677. OPENSSL_free(buffer);
  678. BIO_ADDR_free(lpeer);
  679. return 1;
  680. }
  681. int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
  682. unsigned int cookie_len)
  683. {
  684. unsigned char result[EVP_MAX_MD_SIZE];
  685. unsigned int resultlength;
  686. /* Note: we check cookie_initialized because if it's not,
  687. * it cannot be valid */
  688. if (cookie_initialized
  689. && generate_cookie_callback(ssl, result, &resultlength)
  690. && cookie_len == resultlength
  691. && memcmp(result, cookie, resultlength) == 0)
  692. return 1;
  693. return 0;
  694. }
  695. int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie,
  696. size_t *cookie_len)
  697. {
  698. unsigned int temp;
  699. int res = generate_cookie_callback(ssl, cookie, &temp);
  700. *cookie_len = temp;
  701. return res;
  702. }
  703. int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie,
  704. size_t cookie_len)
  705. {
  706. return verify_cookie_callback(ssl, cookie, cookie_len);
  707. }
  708. #endif
  709. /*
  710. * Example of extended certificate handling. Where the standard support of
  711. * one certificate per algorithm is not sufficient an application can decide
  712. * which certificate(s) to use at runtime based on whatever criteria it deems
  713. * appropriate.
  714. */
  715. /* Linked list of certificates, keys and chains */
  716. struct ssl_excert_st {
  717. int certform;
  718. const char *certfile;
  719. int keyform;
  720. const char *keyfile;
  721. const char *chainfile;
  722. X509 *cert;
  723. EVP_PKEY *key;
  724. STACK_OF(X509) *chain;
  725. int build_chain;
  726. struct ssl_excert_st *next, *prev;
  727. };
  728. static STRINT_PAIR chain_flags[] = {
  729. {"Overall Validity", CERT_PKEY_VALID},
  730. {"Sign with EE key", CERT_PKEY_SIGN},
  731. {"EE signature", CERT_PKEY_EE_SIGNATURE},
  732. {"CA signature", CERT_PKEY_CA_SIGNATURE},
  733. {"EE key parameters", CERT_PKEY_EE_PARAM},
  734. {"CA key parameters", CERT_PKEY_CA_PARAM},
  735. {"Explicitly sign with EE key", CERT_PKEY_EXPLICIT_SIGN},
  736. {"Issuer Name", CERT_PKEY_ISSUER_NAME},
  737. {"Certificate Type", CERT_PKEY_CERT_TYPE},
  738. {NULL}
  739. };
  740. static void print_chain_flags(SSL *s, int flags)
  741. {
  742. STRINT_PAIR *pp;
  743. for (pp = chain_flags; pp->name; ++pp)
  744. BIO_printf(bio_err, "\t%s: %s\n",
  745. pp->name,
  746. (flags & pp->retval) ? "OK" : "NOT OK");
  747. BIO_printf(bio_err, "\tSuite B: ");
  748. if (SSL_set_cert_flags(s, 0) & SSL_CERT_FLAG_SUITEB_128_LOS)
  749. BIO_puts(bio_err, flags & CERT_PKEY_SUITEB ? "OK\n" : "NOT OK\n");
  750. else
  751. BIO_printf(bio_err, "not tested\n");
  752. }
  753. /*
  754. * Very basic selection callback: just use any certificate chain reported as
  755. * valid. More sophisticated could prioritise according to local policy.
  756. */
  757. static int set_cert_cb(SSL *ssl, void *arg)
  758. {
  759. int i, rv;
  760. SSL_EXCERT *exc = arg;
  761. #ifdef CERT_CB_TEST_RETRY
  762. static int retry_cnt;
  763. if (retry_cnt < 5) {
  764. retry_cnt++;
  765. BIO_printf(bio_err,
  766. "Certificate callback retry test: count %d\n",
  767. retry_cnt);
  768. return -1;
  769. }
  770. #endif
  771. SSL_certs_clear(ssl);
  772. if (exc == NULL)
  773. return 1;
  774. /*
  775. * Go to end of list and traverse backwards since we prepend newer
  776. * entries this retains the original order.
  777. */
  778. while (exc->next != NULL)
  779. exc = exc->next;
  780. i = 0;
  781. while (exc != NULL) {
  782. i++;
  783. rv = SSL_check_chain(ssl, exc->cert, exc->key, exc->chain);
  784. BIO_printf(bio_err, "Checking cert chain %d:\nSubject: ", i);
  785. X509_NAME_print_ex(bio_err, X509_get_subject_name(exc->cert), 0,
  786. get_nameopt());
  787. BIO_puts(bio_err, "\n");
  788. print_chain_flags(ssl, rv);
  789. if (rv & CERT_PKEY_VALID) {
  790. if (!SSL_use_certificate(ssl, exc->cert)
  791. || !SSL_use_PrivateKey(ssl, exc->key)) {
  792. return 0;
  793. }
  794. /*
  795. * NB: we wouldn't normally do this as it is not efficient
  796. * building chains on each connection better to cache the chain
  797. * in advance.
  798. */
  799. if (exc->build_chain) {
  800. if (!SSL_build_cert_chain(ssl, 0))
  801. return 0;
  802. } else if (exc->chain != NULL) {
  803. SSL_set1_chain(ssl, exc->chain);
  804. }
  805. }
  806. exc = exc->prev;
  807. }
  808. return 1;
  809. }
  810. void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc)
  811. {
  812. SSL_CTX_set_cert_cb(ctx, set_cert_cb, exc);
  813. }
  814. static int ssl_excert_prepend(SSL_EXCERT **pexc)
  815. {
  816. SSL_EXCERT *exc = app_malloc(sizeof(*exc), "prepend cert");
  817. memset(exc, 0, sizeof(*exc));
  818. exc->next = *pexc;
  819. *pexc = exc;
  820. if (exc->next) {
  821. exc->certform = exc->next->certform;
  822. exc->keyform = exc->next->keyform;
  823. exc->next->prev = exc;
  824. } else {
  825. exc->certform = FORMAT_PEM;
  826. exc->keyform = FORMAT_PEM;
  827. }
  828. return 1;
  829. }
  830. void ssl_excert_free(SSL_EXCERT *exc)
  831. {
  832. SSL_EXCERT *curr;
  833. if (exc == NULL)
  834. return;
  835. while (exc) {
  836. X509_free(exc->cert);
  837. EVP_PKEY_free(exc->key);
  838. sk_X509_pop_free(exc->chain, X509_free);
  839. curr = exc;
  840. exc = exc->next;
  841. OPENSSL_free(curr);
  842. }
  843. }
  844. int load_excert(SSL_EXCERT **pexc)
  845. {
  846. SSL_EXCERT *exc = *pexc;
  847. if (exc == NULL)
  848. return 1;
  849. /* If nothing in list, free and set to NULL */
  850. if (exc->certfile == NULL && exc->next == NULL) {
  851. ssl_excert_free(exc);
  852. *pexc = NULL;
  853. return 1;
  854. }
  855. for (; exc; exc = exc->next) {
  856. if (exc->certfile == NULL) {
  857. BIO_printf(bio_err, "Missing filename\n");
  858. return 0;
  859. }
  860. exc->cert = load_cert(exc->certfile, exc->certform,
  861. "Server Certificate");
  862. if (exc->cert == NULL)
  863. return 0;
  864. if (exc->keyfile != NULL) {
  865. exc->key = load_key(exc->keyfile, exc->keyform,
  866. 0, NULL, NULL, "Server Key");
  867. } else {
  868. exc->key = load_key(exc->certfile, exc->certform,
  869. 0, NULL, NULL, "Server Key");
  870. }
  871. if (exc->key == NULL)
  872. return 0;
  873. if (exc->chainfile != NULL) {
  874. if (!load_certs(exc->chainfile, &exc->chain, FORMAT_PEM, NULL,
  875. "Server Chain"))
  876. return 0;
  877. }
  878. }
  879. return 1;
  880. }
  881. enum range { OPT_X_ENUM };
  882. int args_excert(int opt, SSL_EXCERT **pexc)
  883. {
  884. SSL_EXCERT *exc = *pexc;
  885. assert(opt > OPT_X__FIRST);
  886. assert(opt < OPT_X__LAST);
  887. if (exc == NULL) {
  888. if (!ssl_excert_prepend(&exc)) {
  889. BIO_printf(bio_err, " %s: Error initialising xcert\n",
  890. opt_getprog());
  891. goto err;
  892. }
  893. *pexc = exc;
  894. }
  895. switch ((enum range)opt) {
  896. case OPT_X__FIRST:
  897. case OPT_X__LAST:
  898. return 0;
  899. case OPT_X_CERT:
  900. if (exc->certfile != NULL && !ssl_excert_prepend(&exc)) {
  901. BIO_printf(bio_err, "%s: Error adding xcert\n", opt_getprog());
  902. goto err;
  903. }
  904. *pexc = exc;
  905. exc->certfile = opt_arg();
  906. break;
  907. case OPT_X_KEY:
  908. if (exc->keyfile != NULL) {
  909. BIO_printf(bio_err, "%s: Key already specified\n", opt_getprog());
  910. goto err;
  911. }
  912. exc->keyfile = opt_arg();
  913. break;
  914. case OPT_X_CHAIN:
  915. if (exc->chainfile != NULL) {
  916. BIO_printf(bio_err, "%s: Chain already specified\n",
  917. opt_getprog());
  918. goto err;
  919. }
  920. exc->chainfile = opt_arg();
  921. break;
  922. case OPT_X_CHAIN_BUILD:
  923. exc->build_chain = 1;
  924. break;
  925. case OPT_X_CERTFORM:
  926. if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &exc->certform))
  927. return 0;
  928. break;
  929. case OPT_X_KEYFORM:
  930. if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &exc->keyform))
  931. return 0;
  932. break;
  933. }
  934. return 1;
  935. err:
  936. ERR_print_errors(bio_err);
  937. ssl_excert_free(exc);
  938. *pexc = NULL;
  939. return 0;
  940. }
  941. static void print_raw_cipherlist(SSL *s)
  942. {
  943. const unsigned char *rlist;
  944. static const unsigned char scsv_id[] = { 0, 0xFF };
  945. size_t i, rlistlen, num;
  946. if (!SSL_is_server(s))
  947. return;
  948. num = SSL_get0_raw_cipherlist(s, NULL);
  949. OPENSSL_assert(num == 2);
  950. rlistlen = SSL_get0_raw_cipherlist(s, &rlist);
  951. BIO_puts(bio_err, "Client cipher list: ");
  952. for (i = 0; i < rlistlen; i += num, rlist += num) {
  953. const SSL_CIPHER *c = SSL_CIPHER_find(s, rlist);
  954. if (i)
  955. BIO_puts(bio_err, ":");
  956. if (c != NULL) {
  957. BIO_puts(bio_err, SSL_CIPHER_get_name(c));
  958. } else if (memcmp(rlist, scsv_id, num) == 0) {
  959. BIO_puts(bio_err, "SCSV");
  960. } else {
  961. size_t j;
  962. BIO_puts(bio_err, "0x");
  963. for (j = 0; j < num; j++)
  964. BIO_printf(bio_err, "%02X", rlist[j]);
  965. }
  966. }
  967. BIO_puts(bio_err, "\n");
  968. }
  969. /*
  970. * Hex encoder for TLSA RRdata, not ':' delimited.
  971. */
  972. static char *hexencode(const unsigned char *data, size_t len)
  973. {
  974. static const char *hex = "0123456789abcdef";
  975. char *out;
  976. char *cp;
  977. size_t outlen = 2 * len + 1;
  978. int ilen = (int) outlen;
  979. if (outlen < len || ilen < 0 || outlen != (size_t)ilen) {
  980. BIO_printf(bio_err, "%s: %zu-byte buffer too large to hexencode\n",
  981. opt_getprog(), len);
  982. exit(1);
  983. }
  984. cp = out = app_malloc(ilen, "TLSA hex data buffer");
  985. while (len-- > 0) {
  986. *cp++ = hex[(*data >> 4) & 0x0f];
  987. *cp++ = hex[*data++ & 0x0f];
  988. }
  989. *cp = '\0';
  990. return out;
  991. }
  992. void print_verify_detail(SSL *s, BIO *bio)
  993. {
  994. int mdpth;
  995. EVP_PKEY *mspki;
  996. long verify_err = SSL_get_verify_result(s);
  997. if (verify_err == X509_V_OK) {
  998. const char *peername = SSL_get0_peername(s);
  999. BIO_printf(bio, "Verification: OK\n");
  1000. if (peername != NULL)
  1001. BIO_printf(bio, "Verified peername: %s\n", peername);
  1002. } else {
  1003. const char *reason = X509_verify_cert_error_string(verify_err);
  1004. BIO_printf(bio, "Verification error: %s\n", reason);
  1005. }
  1006. if ((mdpth = SSL_get0_dane_authority(s, NULL, &mspki)) >= 0) {
  1007. uint8_t usage, selector, mtype;
  1008. const unsigned char *data = NULL;
  1009. size_t dlen = 0;
  1010. char *hexdata;
  1011. mdpth = SSL_get0_dane_tlsa(s, &usage, &selector, &mtype, &data, &dlen);
  1012. /*
  1013. * The TLSA data field can be quite long when it is a certificate,
  1014. * public key or even a SHA2-512 digest. Because the initial octets of
  1015. * ASN.1 certificates and public keys contain mostly boilerplate OIDs
  1016. * and lengths, we show the last 12 bytes of the data instead, as these
  1017. * are more likely to distinguish distinct TLSA records.
  1018. */
  1019. #define TLSA_TAIL_SIZE 12
  1020. if (dlen > TLSA_TAIL_SIZE)
  1021. hexdata = hexencode(data + dlen - TLSA_TAIL_SIZE, TLSA_TAIL_SIZE);
  1022. else
  1023. hexdata = hexencode(data, dlen);
  1024. BIO_printf(bio, "DANE TLSA %d %d %d %s%s %s at depth %d\n",
  1025. usage, selector, mtype,
  1026. (dlen > TLSA_TAIL_SIZE) ? "..." : "", hexdata,
  1027. (mspki != NULL) ? "signed the certificate" :
  1028. mdpth ? "matched TA certificate" : "matched EE certificate",
  1029. mdpth);
  1030. OPENSSL_free(hexdata);
  1031. }
  1032. }
  1033. void print_ssl_summary(SSL *s)
  1034. {
  1035. const SSL_CIPHER *c;
  1036. X509 *peer;
  1037. BIO_printf(bio_err, "Protocol version: %s\n", SSL_get_version(s));
  1038. print_raw_cipherlist(s);
  1039. c = SSL_get_current_cipher(s);
  1040. BIO_printf(bio_err, "Ciphersuite: %s\n", SSL_CIPHER_get_name(c));
  1041. do_print_sigalgs(bio_err, s, 0);
  1042. peer = SSL_get_peer_certificate(s);
  1043. if (peer != NULL) {
  1044. int nid;
  1045. BIO_puts(bio_err, "Peer certificate: ");
  1046. X509_NAME_print_ex(bio_err, X509_get_subject_name(peer),
  1047. 0, get_nameopt());
  1048. BIO_puts(bio_err, "\n");
  1049. if (SSL_get_peer_signature_nid(s, &nid))
  1050. BIO_printf(bio_err, "Hash used: %s\n", OBJ_nid2sn(nid));
  1051. if (SSL_get_peer_signature_type_nid(s, &nid))
  1052. BIO_printf(bio_err, "Signature type: %s\n", get_sigtype(nid));
  1053. print_verify_detail(s, bio_err);
  1054. } else {
  1055. BIO_puts(bio_err, "No peer certificate\n");
  1056. }
  1057. X509_free(peer);
  1058. #ifndef OPENSSL_NO_EC
  1059. ssl_print_point_formats(bio_err, s);
  1060. if (SSL_is_server(s))
  1061. ssl_print_groups(bio_err, s, 1);
  1062. else
  1063. ssl_print_tmp_key(bio_err, s);
  1064. #else
  1065. if (!SSL_is_server(s))
  1066. ssl_print_tmp_key(bio_err, s);
  1067. #endif
  1068. }
  1069. int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str,
  1070. SSL_CTX *ctx)
  1071. {
  1072. int i;
  1073. SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
  1074. for (i = 0; i < sk_OPENSSL_STRING_num(str); i += 2) {
  1075. const char *flag = sk_OPENSSL_STRING_value(str, i);
  1076. const char *arg = sk_OPENSSL_STRING_value(str, i + 1);
  1077. if (SSL_CONF_cmd(cctx, flag, arg) <= 0) {
  1078. if (arg != NULL)
  1079. BIO_printf(bio_err, "Error with command: \"%s %s\"\n",
  1080. flag, arg);
  1081. else
  1082. BIO_printf(bio_err, "Error with command: \"%s\"\n", flag);
  1083. ERR_print_errors(bio_err);
  1084. return 0;
  1085. }
  1086. }
  1087. if (!SSL_CONF_CTX_finish(cctx)) {
  1088. BIO_puts(bio_err, "Error finishing context\n");
  1089. ERR_print_errors(bio_err);
  1090. return 0;
  1091. }
  1092. return 1;
  1093. }
  1094. static int add_crls_store(X509_STORE *st, STACK_OF(X509_CRL) *crls)
  1095. {
  1096. X509_CRL *crl;
  1097. int i;
  1098. for (i = 0; i < sk_X509_CRL_num(crls); i++) {
  1099. crl = sk_X509_CRL_value(crls, i);
  1100. X509_STORE_add_crl(st, crl);
  1101. }
  1102. return 1;
  1103. }
  1104. int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download)
  1105. {
  1106. X509_STORE *st;
  1107. st = SSL_CTX_get_cert_store(ctx);
  1108. add_crls_store(st, crls);
  1109. if (crl_download)
  1110. store_setup_crl_download(st);
  1111. return 1;
  1112. }
  1113. int ssl_load_stores(SSL_CTX *ctx,
  1114. const char *vfyCApath, const char *vfyCAfile,
  1115. const char *chCApath, const char *chCAfile,
  1116. STACK_OF(X509_CRL) *crls, int crl_download)
  1117. {
  1118. X509_STORE *vfy = NULL, *ch = NULL;
  1119. int rv = 0;
  1120. if (vfyCApath != NULL || vfyCAfile != NULL) {
  1121. vfy = X509_STORE_new();
  1122. if (vfy == NULL)
  1123. goto err;
  1124. if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath))
  1125. goto err;
  1126. add_crls_store(vfy, crls);
  1127. SSL_CTX_set1_verify_cert_store(ctx, vfy);
  1128. if (crl_download)
  1129. store_setup_crl_download(vfy);
  1130. }
  1131. if (chCApath != NULL || chCAfile != NULL) {
  1132. ch = X509_STORE_new();
  1133. if (ch == NULL)
  1134. goto err;
  1135. if (!X509_STORE_load_locations(ch, chCAfile, chCApath))
  1136. goto err;
  1137. SSL_CTX_set1_chain_cert_store(ctx, ch);
  1138. }
  1139. rv = 1;
  1140. err:
  1141. X509_STORE_free(vfy);
  1142. X509_STORE_free(ch);
  1143. return rv;
  1144. }
  1145. /* Verbose print out of security callback */
  1146. typedef struct {
  1147. BIO *out;
  1148. int verbose;
  1149. int (*old_cb) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid,
  1150. void *other, void *ex);
  1151. } security_debug_ex;
  1152. static STRINT_PAIR callback_types[] = {
  1153. {"Supported Ciphersuite", SSL_SECOP_CIPHER_SUPPORTED},
  1154. {"Shared Ciphersuite", SSL_SECOP_CIPHER_SHARED},
  1155. {"Check Ciphersuite", SSL_SECOP_CIPHER_CHECK},
  1156. #ifndef OPENSSL_NO_DH
  1157. {"Temp DH key bits", SSL_SECOP_TMP_DH},
  1158. #endif
  1159. {"Supported Curve", SSL_SECOP_CURVE_SUPPORTED},
  1160. {"Shared Curve", SSL_SECOP_CURVE_SHARED},
  1161. {"Check Curve", SSL_SECOP_CURVE_CHECK},
  1162. {"Supported Signature Algorithm digest", SSL_SECOP_SIGALG_SUPPORTED},
  1163. {"Shared Signature Algorithm digest", SSL_SECOP_SIGALG_SHARED},
  1164. {"Check Signature Algorithm digest", SSL_SECOP_SIGALG_CHECK},
  1165. {"Signature Algorithm mask", SSL_SECOP_SIGALG_MASK},
  1166. {"Certificate chain EE key", SSL_SECOP_EE_KEY},
  1167. {"Certificate chain CA key", SSL_SECOP_CA_KEY},
  1168. {"Peer Chain EE key", SSL_SECOP_PEER_EE_KEY},
  1169. {"Peer Chain CA key", SSL_SECOP_PEER_CA_KEY},
  1170. {"Certificate chain CA digest", SSL_SECOP_CA_MD},
  1171. {"Peer chain CA digest", SSL_SECOP_PEER_CA_MD},
  1172. {"SSL compression", SSL_SECOP_COMPRESSION},
  1173. {"Session ticket", SSL_SECOP_TICKET},
  1174. {NULL}
  1175. };
  1176. static int security_callback_debug(const SSL *s, const SSL_CTX *ctx,
  1177. int op, int bits, int nid,
  1178. void *other, void *ex)
  1179. {
  1180. security_debug_ex *sdb = ex;
  1181. int rv, show_bits = 1, cert_md = 0;
  1182. const char *nm;
  1183. rv = sdb->old_cb(s, ctx, op, bits, nid, other, ex);
  1184. if (rv == 1 && sdb->verbose < 2)
  1185. return 1;
  1186. BIO_puts(sdb->out, "Security callback: ");
  1187. nm = lookup(op, callback_types, NULL);
  1188. switch (op) {
  1189. case SSL_SECOP_TICKET:
  1190. case SSL_SECOP_COMPRESSION:
  1191. show_bits = 0;
  1192. nm = NULL;
  1193. break;
  1194. case SSL_SECOP_VERSION:
  1195. BIO_printf(sdb->out, "Version=%s", lookup(nid, ssl_versions, "???"));
  1196. show_bits = 0;
  1197. nm = NULL;
  1198. break;
  1199. case SSL_SECOP_CA_MD:
  1200. case SSL_SECOP_PEER_CA_MD:
  1201. cert_md = 1;
  1202. break;
  1203. }
  1204. if (nm != NULL)
  1205. BIO_printf(sdb->out, "%s=", nm);
  1206. switch (op & SSL_SECOP_OTHER_TYPE) {
  1207. case SSL_SECOP_OTHER_CIPHER:
  1208. BIO_puts(sdb->out, SSL_CIPHER_get_name(other));
  1209. break;
  1210. #ifndef OPENSSL_NO_EC
  1211. case SSL_SECOP_OTHER_CURVE:
  1212. {
  1213. const char *cname;
  1214. cname = EC_curve_nid2nist(nid);
  1215. if (cname == NULL)
  1216. cname = OBJ_nid2sn(nid);
  1217. BIO_puts(sdb->out, cname);
  1218. }
  1219. break;
  1220. #endif
  1221. #ifndef OPENSSL_NO_DH
  1222. case SSL_SECOP_OTHER_DH:
  1223. {
  1224. DH *dh = other;
  1225. BIO_printf(sdb->out, "%d", DH_bits(dh));
  1226. break;
  1227. }
  1228. #endif
  1229. case SSL_SECOP_OTHER_CERT:
  1230. {
  1231. if (cert_md) {
  1232. int sig_nid = X509_get_signature_nid(other);
  1233. BIO_puts(sdb->out, OBJ_nid2sn(sig_nid));
  1234. } else {
  1235. EVP_PKEY *pkey = X509_get0_pubkey(other);
  1236. const char *algname = "";
  1237. EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL,
  1238. &algname, EVP_PKEY_get0_asn1(pkey));
  1239. BIO_printf(sdb->out, "%s, bits=%d",
  1240. algname, EVP_PKEY_bits(pkey));
  1241. }
  1242. break;
  1243. }
  1244. case SSL_SECOP_OTHER_SIGALG:
  1245. {
  1246. const unsigned char *salg = other;
  1247. const char *sname = NULL;
  1248. switch (salg[1]) {
  1249. case TLSEXT_signature_anonymous:
  1250. sname = "anonymous";
  1251. break;
  1252. case TLSEXT_signature_rsa:
  1253. sname = "RSA";
  1254. break;
  1255. case TLSEXT_signature_dsa:
  1256. sname = "DSA";
  1257. break;
  1258. case TLSEXT_signature_ecdsa:
  1259. sname = "ECDSA";
  1260. break;
  1261. }
  1262. BIO_puts(sdb->out, OBJ_nid2sn(nid));
  1263. if (sname)
  1264. BIO_printf(sdb->out, ", algorithm=%s", sname);
  1265. else
  1266. BIO_printf(sdb->out, ", algid=%d", salg[1]);
  1267. break;
  1268. }
  1269. }
  1270. if (show_bits)
  1271. BIO_printf(sdb->out, ", security bits=%d", bits);
  1272. BIO_printf(sdb->out, ": %s\n", rv ? "yes" : "no");
  1273. return rv;
  1274. }
  1275. void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose)
  1276. {
  1277. static security_debug_ex sdb;
  1278. sdb.out = bio_err;
  1279. sdb.verbose = verbose;
  1280. sdb.old_cb = SSL_CTX_get_security_callback(ctx);
  1281. SSL_CTX_set_security_callback(ctx, security_callback_debug);
  1282. SSL_CTX_set0_security_ex_data(ctx, &sdb);
  1283. }
  1284. static void keylog_callback(const SSL *ssl, const char *line)
  1285. {
  1286. if (bio_keylog == NULL) {
  1287. BIO_printf(bio_err, "Keylog callback is invoked without valid file!\n");
  1288. return;
  1289. }
  1290. /*
  1291. * There might be concurrent writers to the keylog file, so we must ensure
  1292. * that the given line is written at once.
  1293. */
  1294. BIO_printf(bio_keylog, "%s\n", line);
  1295. (void)BIO_flush(bio_keylog);
  1296. }
  1297. int set_keylog_file(SSL_CTX *ctx, const char *keylog_file)
  1298. {
  1299. /* Close any open files */
  1300. BIO_free_all(bio_keylog);
  1301. bio_keylog = NULL;
  1302. if (ctx == NULL || keylog_file == NULL) {
  1303. /* Keylogging is disabled, OK. */
  1304. return 0;
  1305. }
  1306. /*
  1307. * Append rather than write in order to allow concurrent modification.
  1308. * Furthermore, this preserves existing keylog files which is useful when
  1309. * the tool is run multiple times.
  1310. */
  1311. bio_keylog = BIO_new_file(keylog_file, "a");
  1312. if (bio_keylog == NULL) {
  1313. BIO_printf(bio_err, "Error writing keylog file %s\n", keylog_file);
  1314. return 1;
  1315. }
  1316. /* Write a header for seekable, empty files (this excludes pipes). */
  1317. if (BIO_tell(bio_keylog) == 0) {
  1318. BIO_puts(bio_keylog,
  1319. "# SSL/TLS secrets log file, generated by OpenSSL\n");
  1320. (void)BIO_flush(bio_keylog);
  1321. }
  1322. SSL_CTX_set_keylog_callback(ctx, keylog_callback);
  1323. return 0;
  1324. }
  1325. void print_ca_names(BIO *bio, SSL *s)
  1326. {
  1327. const char *cs = SSL_is_server(s) ? "server" : "client";
  1328. const STACK_OF(X509_NAME) *sk = SSL_get0_peer_CA_list(s);
  1329. int i;
  1330. if (sk == NULL || sk_X509_NAME_num(sk) == 0) {
  1331. BIO_printf(bio, "---\nNo %s certificate CA names sent\n", cs);
  1332. return;
  1333. }
  1334. BIO_printf(bio, "---\nAcceptable %s certificate CA names\n",cs);
  1335. for (i = 0; i < sk_X509_NAME_num(sk); i++) {
  1336. X509_NAME_print_ex(bio, sk_X509_NAME_value(sk, i), 0, get_nameopt());
  1337. BIO_write(bio, "\n", 1);
  1338. }
  1339. }