X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=apps%2Fs_cb.c;h=2d4568f40ccbc1eeb8d20fc2b5e15666c7e432cc;hb=46c853e03a797946326c030462d708e312f36c4a;hp=e82d4d036cb0bbebf5832e493e2408c730b31364;hpb=208fb891e36f16d20262710c70ef0ff3df0e885c;p=openssl.git diff --git a/apps/s_cb.c b/apps/s_cb.c index e82d4d036c..2d4568f40c 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -100,7 +100,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) policies_print(ctx); if (ok && !verify_args.quiet) BIO_printf(bio_err, "verify return:%d\n", ok); - return (ok); + return ok; } int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) @@ -111,7 +111,7 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) BIO_printf(bio_err, "unable to get certificate from '%s'\n", cert_file); ERR_print_errors(bio_err); - return (0); + return 0; } if (key_file == NULL) key_file = cert_file; @@ -119,7 +119,7 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) BIO_printf(bio_err, "unable to get private key from '%s'\n", key_file); ERR_print_errors(bio_err); - return (0); + return 0; } /* @@ -134,7 +134,7 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) if (!SSL_CTX_check_private_key(ctx)) { BIO_printf(bio_err, "Private key does not match the certificate public key\n"); - return (0); + return 0; } } return 1; @@ -231,6 +231,18 @@ static const char *get_sigtype(int nid) case NID_ED25519: return "Ed25519"; + case NID_ED448: + return "Ed448"; + + case NID_id_GostR3410_2001: + return "gost2001"; + + case NID_id_GostR3410_2012_256: + return "gost2012_256"; + + case NID_id_GostR3410_2012_512: + return "gost2012_512"; + default: return NULL; } @@ -382,7 +394,8 @@ int ssl_print_groups(BIO *out, SSL *s, int noshared) int ssl_print_tmp_key(BIO *out, SSL *s) { EVP_PKEY *key; - if (!SSL_get_server_tmp_key(s, &key)) + + if (!SSL_get_peer_tmp_key(s, &key)) return 1; BIO_puts(out, "Server Temp Key: "); switch (EVP_PKEY_id(key)) { @@ -423,19 +436,19 @@ long bio_dump_callback(BIO *bio, int cmd, const char *argp, out = (BIO *)BIO_get_callback_arg(bio); if (out == NULL) - return (ret); + return ret; if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) { BIO_printf(out, "read from %p [%p] (%lu bytes => %ld (0x%lX))\n", (void *)bio, (void *)argp, (unsigned long)argi, ret, ret); BIO_dump(out, argp, (int)ret); - return (ret); + return ret; } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) { BIO_printf(out, "write to %p [%p] (%lu bytes => %ld (0x%lX))\n", (void *)bio, (void *)argp, (unsigned long)argi, ret, ret); BIO_dump(out, argp, (int)ret); } - return (ret); + return ret; } void apps_ssl_info_callback(const SSL *s, int where, int ret) @@ -525,7 +538,6 @@ static STRINT_PAIR handshakes[] = { {", HelloVerifyRequest", DTLS1_MT_HELLO_VERIFY_REQUEST}, {", NewSessionTicket", SSL3_MT_NEWSESSION_TICKET}, {", EndOfEarlyData", SSL3_MT_END_OF_EARLY_DATA}, - {", HelloRetryRequest", SSL3_MT_HELLO_RETRY_REQUEST}, {", EncryptedExtensions", SSL3_MT_ENCRYPTED_EXTENSIONS}, {", Certificate", SSL3_MT_CERTIFICATE}, {", ServerKeyExchange", SSL3_MT_SERVER_KEY_EXCHANGE}, @@ -534,9 +546,9 @@ static STRINT_PAIR handshakes[] = { {", CertificateVerify", SSL3_MT_CERTIFICATE_VERIFY}, {", ClientKeyExchange", SSL3_MT_CLIENT_KEY_EXCHANGE}, {", Finished", SSL3_MT_FINISHED}, - {", CertificateUrl", 21}, + {", CertificateUrl", SSL3_MT_CERTIFICATE_URL}, {", CertificateStatus", SSL3_MT_CERTIFICATE_STATUS}, - {", SupplementalData", 23}, + {", SupplementalData", SSL3_MT_SUPPLEMENTAL_DATA}, {", KeyUpdate", SSL3_MT_KEY_UPDATE}, #ifndef OPENSSL_NO_NEXTPROTONEG {", NextProto", SSL3_MT_NEXT_PROTO}, @@ -667,6 +679,7 @@ static STRINT_PAIR tlsext_types[] = { {"psk", TLSEXT_TYPE_psk}, {"psk kex modes", TLSEXT_TYPE_psk_kex_modes}, {"certificate authorities", TLSEXT_TYPE_certificate_authorities}, + {"post handshake auth", TLSEXT_TYPE_post_handshake_auth}, {NULL} }; @@ -687,9 +700,9 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len) { unsigned char *buffer; - size_t length; + size_t length = 0; unsigned short port; - BIO_ADDR *peer = NULL; + BIO_ADDR *lpeer = NULL, *peer = NULL; /* Initialize a random secret */ if (!cookie_initialized) { @@ -700,17 +713,24 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie, cookie_initialized = 1; } - peer = BIO_ADDR_new(); - if (peer == NULL) { - BIO_printf(bio_err, "memory full\n"); - return 0; - } + if (SSL_is_dtls(ssl)) { + lpeer = peer = BIO_ADDR_new(); + if (peer == NULL) { + BIO_printf(bio_err, "memory full\n"); + return 0; + } - /* Read peer information */ - (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), peer); + /* Read peer information */ + (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), peer); + } else { + peer = ourpeer; + } /* Create buffer with peer's address and port */ - BIO_ADDR_rawaddress(peer, NULL, &length); + if (!BIO_ADDR_rawaddress(peer, NULL, &length)) { + BIO_printf(bio_err, "Failed getting peer address\n"); + return 0; + } OPENSSL_assert(length != 0); port = BIO_ADDR_rawport(peer); length += sizeof(port); @@ -724,7 +744,7 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie, buffer, length, cookie, cookie_len); OPENSSL_free(buffer); - BIO_ADDR_free(peer); + BIO_ADDR_free(lpeer); return 1; } @@ -745,6 +765,22 @@ int verify_cookie_callback(SSL *ssl, const unsigned char *cookie, return 0; } + +int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie, + size_t *cookie_len) +{ + unsigned int temp; + int res = generate_cookie_callback(ssl, cookie, &temp); + *cookie_len = temp; + return res; +} + +int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie, + size_t cookie_len) +{ + return verify_cookie_callback(ssl, cookie, cookie_len); +} + #endif /*