Workaround for some CMS signature formats.
[openssl.git] / apps / s_cb.c
1 /* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer. 
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111
112 #include <stdio.h>
113 #include <stdlib.h>
114 #define USE_SOCKETS
115 #define NON_MAIN
116 #include "apps.h"
117 #undef NON_MAIN
118 #undef USE_SOCKETS
119 #include <openssl/err.h>
120 #include <openssl/rand.h>
121 #include <openssl/x509.h>
122 #include <openssl/ssl.h>
123 #include "s_apps.h"
124
125 #define COOKIE_SECRET_LENGTH    16
126
127 int verify_depth=0;
128 int verify_quiet=0;
129 int verify_error=X509_V_OK;
130 int verify_return_error=0;
131 unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
132 int cookie_initialized=0;
133
134 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
135         {
136         X509 *err_cert;
137         int err,depth;
138
139         err_cert=X509_STORE_CTX_get_current_cert(ctx);
140         err=    X509_STORE_CTX_get_error(ctx);
141         depth=  X509_STORE_CTX_get_error_depth(ctx);
142
143         if (!verify_quiet || !ok)
144                 {
145                 BIO_printf(bio_err,"depth=%d ",depth);
146                 if (err_cert)
147                         {
148                         X509_NAME_print_ex(bio_err,
149                                         X509_get_subject_name(err_cert),
150                                         0, XN_FLAG_ONELINE);
151                         BIO_puts(bio_err, "\n");
152                         }
153                 else
154                         BIO_puts(bio_err, "<no cert>\n");
155                 }
156         if (!ok)
157                 {
158                 BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
159                         X509_verify_cert_error_string(err));
160                 if (verify_depth >= depth)
161                         {
162                         if (!verify_return_error)
163                                 ok=1;
164                         verify_error=X509_V_OK;
165                         }
166                 else
167                         {
168                         ok=0;
169                         verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG;
170                         }
171                 }
172         switch (err)
173                 {
174         case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
175                 BIO_puts(bio_err,"issuer= ");
176                 X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
177                                         0, XN_FLAG_ONELINE);
178                 BIO_puts(bio_err, "\n");
179                 break;
180         case X509_V_ERR_CERT_NOT_YET_VALID:
181         case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
182                 BIO_printf(bio_err,"notBefore=");
183                 ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert));
184                 BIO_printf(bio_err,"\n");
185                 break;
186         case X509_V_ERR_CERT_HAS_EXPIRED:
187         case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
188                 BIO_printf(bio_err,"notAfter=");
189                 ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert));
190                 BIO_printf(bio_err,"\n");
191                 break;
192         case X509_V_ERR_NO_EXPLICIT_POLICY:
193                 if (!verify_quiet)
194                         policies_print(bio_err, ctx);
195                 break;
196                 }
197         if (err == X509_V_OK && ok == 2 && !verify_quiet)
198                 policies_print(bio_err, ctx);
199         if (ok && !verify_quiet)
200                 BIO_printf(bio_err,"verify return:%d\n",ok);
201         return(ok);
202         }
203
204 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
205         {
206         if (cert_file != NULL)
207                 {
208                 /*
209                 SSL *ssl;
210                 X509 *x509;
211                 */
212
213                 if (SSL_CTX_use_certificate_file(ctx,cert_file,
214                         SSL_FILETYPE_PEM) <= 0)
215                         {
216                         BIO_printf(bio_err,"unable to get certificate from '%s'\n",cert_file);
217                         ERR_print_errors(bio_err);
218                         return(0);
219                         }
220                 if (key_file == NULL) key_file=cert_file;
221                 if (SSL_CTX_use_PrivateKey_file(ctx,key_file,
222                         SSL_FILETYPE_PEM) <= 0)
223                         {
224                         BIO_printf(bio_err,"unable to get private key from '%s'\n",key_file);
225                         ERR_print_errors(bio_err);
226                         return(0);
227                         }
228
229                 /*
230                 In theory this is no longer needed 
231                 ssl=SSL_new(ctx);
232                 x509=SSL_get_certificate(ssl);
233
234                 if (x509 != NULL) {
235                         EVP_PKEY *pktmp;
236                         pktmp = X509_get_pubkey(x509);
237                         EVP_PKEY_copy_parameters(pktmp,
238                                                 SSL_get_privatekey(ssl));
239                         EVP_PKEY_free(pktmp);
240                 }
241                 SSL_free(ssl);
242                 */
243
244                 /* If we are using DSA, we can copy the parameters from
245                  * the private key */
246
247
248                 /* Now we know that a key and cert have been set against
249                  * the SSL context */
250                 if (!SSL_CTX_check_private_key(ctx))
251                         {
252                         BIO_printf(bio_err,"Private key does not match the certificate public key\n");
253                         return(0);
254                         }
255                 }
256         return(1);
257         }
258
259 int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
260                        STACK_OF(X509) *chain, int build_chain)
261         {
262         int chflags = chain ? SSL_BUILD_CHAIN_FLAG_CHECK : 0;
263         if (cert == NULL)
264                 return 1;
265         if (SSL_CTX_use_certificate(ctx,cert) <= 0)
266                 {
267                 BIO_printf(bio_err,"error setting certificate\n");
268                 ERR_print_errors(bio_err);
269                 return 0;
270                 }
271
272         if (SSL_CTX_use_PrivateKey(ctx,key) <= 0)
273                 {
274                 BIO_printf(bio_err,"error setting private key\n");
275                 ERR_print_errors(bio_err);
276                 return 0;
277                 }
278                  
279         /* Now we know that a key and cert have been set against
280          * the SSL context */
281         if (!SSL_CTX_check_private_key(ctx))
282                 {
283                 BIO_printf(bio_err,"Private key does not match the certificate public key\n");
284                 return 0;
285                 }
286         if (chain && !SSL_CTX_set1_chain(ctx, chain))
287                 {
288                 BIO_printf(bio_err,"error setting certificate chain\n");
289                 ERR_print_errors(bio_err);
290                 return 0;
291                 }
292         if (build_chain && !SSL_CTX_build_cert_chain(ctx, chflags))
293                 {
294                 BIO_printf(bio_err,"error building certificate chain\n");
295                 ERR_print_errors(bio_err);
296                 return 0;
297                 }
298         return 1;
299         }
300
301 static void ssl_print_client_cert_types(BIO *bio, SSL *s)
302         {
303         const unsigned char *p;
304         int i;
305         int cert_type_num = SSL_get0_certificate_types(s, &p);
306         if (!cert_type_num)
307                 return;
308         BIO_puts(bio, "Client Certificate Types: ");
309         for (i = 0; i < cert_type_num; i++)
310                 {
311                 unsigned char cert_type = p[i];
312                 char *cname;
313                 switch(cert_type)
314                         {
315                 case TLS_CT_RSA_SIGN:
316                         cname = "RSA sign";
317                         break;
318
319                 case TLS_CT_DSS_SIGN:
320                         cname = "DSA sign";
321                         break;
322
323                 case TLS_CT_RSA_FIXED_DH:
324                         cname = "RSA fixed DH";
325                         break;
326
327                 case TLS_CT_DSS_FIXED_DH:
328                         cname = "DSS fixed DH";
329                         break;
330
331                 case TLS_CT_ECDSA_SIGN:
332                         cname = "ECDSA sign";
333                         break;
334
335                 case TLS_CT_RSA_FIXED_ECDH:
336                         cname = "RSA fixed ECDH";
337                         break;
338
339                 case TLS_CT_ECDSA_FIXED_ECDH:
340                         cname = "ECDSA fixed ECDH";
341                         break;
342
343                 case TLS_CT_GOST94_SIGN:
344                         cname = "GOST94 Sign";
345                         break;
346
347                 case TLS_CT_GOST01_SIGN:
348                         cname = "GOST01 Sign";
349                         break;
350
351                 default:
352                          cname = NULL;
353                         }
354
355                 if (i)
356                         BIO_puts(bio, ", ");
357
358                 if (cname)
359                         BIO_puts(bio, cname);
360                 else
361                         BIO_printf(bio, "UNKNOWN (%d),", cert_type);
362                 }
363         BIO_puts(bio, "\n");
364         }
365
366 static int do_print_sigalgs(BIO *out, SSL *s, int shared)
367         {
368         int i, nsig, client;
369         client = SSL_is_server(s) ? 0 : 1;
370         if (shared)
371                 nsig = SSL_get_shared_sigalgs(s, -1, NULL, NULL, NULL,
372                                                         NULL, NULL);
373         else
374                 nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);
375         if (nsig == 0)
376                 return 1;
377
378         if (shared)
379                 BIO_puts(out, "Shared ");
380
381         if (client)
382                 BIO_puts(out, "Requested ");
383         BIO_puts(out, "Signature Algorithms: ");
384         for (i = 0; i < nsig; i++)
385                 {
386                 int hash_nid, sign_nid;
387                 unsigned char rhash, rsign;
388                 const char *sstr = NULL;
389                 if (shared)
390                         SSL_get_shared_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
391                                                         &rsign, &rhash);
392                 else
393                         SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
394                                                         &rsign, &rhash);
395                 if (i)
396                         BIO_puts(out, ":");
397                 if (sign_nid == EVP_PKEY_RSA)
398                         sstr = "RSA";
399                 else if(sign_nid == EVP_PKEY_DSA)
400                         sstr = "DSA";
401                 else if(sign_nid == EVP_PKEY_EC)
402                         sstr = "ECDSA";
403                 if (sstr)
404                         BIO_printf(out,"%s+", sstr);
405                 else
406                         BIO_printf(out,"0x%02X+", (int)rsign);
407                 if (hash_nid != NID_undef)
408                         BIO_printf(out, "%s", OBJ_nid2sn(hash_nid));
409                 else
410                         BIO_printf(out,"0x%02X", (int)rhash);
411                 }
412         BIO_puts(out, "\n");
413         return 1;
414         }
415
416 int ssl_print_sigalgs(BIO *out, SSL *s)
417         {
418         int mdnid;
419         if (!SSL_is_server(s))
420                 ssl_print_client_cert_types(out, s);
421         do_print_sigalgs(out, s, 0);
422         do_print_sigalgs(out, s, 1);
423         if (SSL_get_peer_signature_nid(s, &mdnid))
424                 BIO_printf(out, "Peer signing digest: %s\n", OBJ_nid2sn(mdnid));
425         return 1;
426         }
427 #ifndef OPENSSL_NO_EC
428 int ssl_print_point_formats(BIO *out, SSL *s)
429         {
430         int i, nformats;
431         const char *pformats;
432         nformats = SSL_get0_ec_point_formats(s, &pformats);
433         if (nformats <= 0)
434                 return 1;
435         BIO_puts(out, "Supported Elliptic Curve Point Formats: ");
436         for (i = 0; i < nformats; i++, pformats++)
437                 {
438                 if (i)
439                         BIO_puts(out, ":");
440                 switch(*pformats)
441                         {
442                 case TLSEXT_ECPOINTFORMAT_uncompressed:
443                         BIO_puts(out, "uncompressed");
444                         break;
445
446                 case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime:
447                         BIO_puts(out, "ansiX962_compressed_prime");
448                         break;
449
450                 case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2:
451                         BIO_puts(out, "ansiX962_compressed_char2");
452                         break;
453
454                 default:
455                         BIO_printf(out, "unknown(%d)", (int)*pformats);
456                         break;
457
458                         }
459                 }
460         if (nformats <= 0)
461                 BIO_puts(out, "NONE");
462         BIO_puts(out, "\n");
463         return 1;
464         }
465
466 int ssl_print_curves(BIO *out, SSL *s, int noshared)
467         {
468         int i, ncurves, *curves, nid;
469         const char *cname;
470         ncurves = SSL_get1_curves(s, NULL);
471         if (ncurves <= 0)
472                 return 1;
473         curves = OPENSSL_malloc(ncurves * sizeof(int));
474         SSL_get1_curves(s, curves);
475
476         BIO_puts(out, "Supported Elliptic Curves: ");
477         for (i = 0; i < ncurves; i++)
478                 {
479                 if (i)
480                         BIO_puts(out, ":");
481                 nid = curves[i];
482                 /* If unrecognised print out hex version */
483                 if (nid & TLSEXT_nid_unknown)
484                         BIO_printf(out, "0x%04X", nid & 0xFFFF);
485                 else
486                         {
487                         /* Use NIST name for curve if it exists */
488                         cname = EC_curve_nid2nist(nid);
489                         if (!cname)
490                                 cname = OBJ_nid2sn(nid);
491                         BIO_printf(out, "%s", cname);
492                         }
493                 }
494         if (ncurves == 0)
495                 BIO_puts(out, "NONE");
496         OPENSSL_free(curves);
497         if (noshared)
498                 {
499                 BIO_puts(out, "\n");
500                 return 1;
501                 }
502         BIO_puts(out, "\nShared Elliptic curves: ");
503         ncurves = SSL_get_shared_curve(s, -1);
504         for (i = 0; i < ncurves; i++)
505                 {
506                 if (i)
507                         BIO_puts(out, ":");
508                 nid = SSL_get_shared_curve(s, i);
509                 cname = EC_curve_nid2nist(nid);
510                 if (!cname)
511                         cname = OBJ_nid2sn(nid);
512                 BIO_printf(out, "%s", cname);
513                 }
514         if (ncurves == 0)
515                 BIO_puts(out, "NONE");
516         BIO_puts(out, "\n");
517         return 1;
518         }
519 #endif
520 int ssl_print_tmp_key(BIO *out, SSL *s)
521         {
522         EVP_PKEY *key;
523         if (!SSL_get_server_tmp_key(s, &key))
524                 return 1;
525         BIO_puts(out, "Server Temp Key: ");
526         switch (EVP_PKEY_id(key))
527                 {
528         case EVP_PKEY_RSA:
529                 BIO_printf(out, "RSA, %d bits\n", EVP_PKEY_bits(key));
530                 break;
531
532         case EVP_PKEY_DH:
533                 BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key));
534                 break;
535 #ifndef OPENSSL_NO_ECDH
536         case EVP_PKEY_EC:
537                         {
538                         EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
539                         int nid;
540                         const char *cname;
541                         nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
542                         EC_KEY_free(ec);
543                         cname = EC_curve_nid2nist(nid);
544                         if (!cname)
545                                 cname = OBJ_nid2sn(nid);
546                         BIO_printf(out, "ECDH, %s, %d bits\n",
547                                                 cname, EVP_PKEY_bits(key));
548                         }
549 #endif
550                 }
551         EVP_PKEY_free(key);
552         return 1;
553         }
554                 
555
556 long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
557                                    int argi, long argl, long ret)
558         {
559         BIO *out;
560
561         out=(BIO *)BIO_get_callback_arg(bio);
562         if (out == NULL) return(ret);
563
564         if (cmd == (BIO_CB_READ|BIO_CB_RETURN))
565                 {
566                 BIO_printf(out,"read from %p [%p] (%lu bytes => %ld (0x%lX))\n",
567                         (void *)bio,argp,(unsigned long)argi,ret,ret);
568                 BIO_dump(out,argp,(int)ret);
569                 return(ret);
570                 }
571         else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
572                 {
573                 BIO_printf(out,"write to %p [%p] (%lu bytes => %ld (0x%lX))\n",
574                         (void *)bio,argp,(unsigned long)argi,ret,ret);
575                 BIO_dump(out,argp,(int)ret);
576                 }
577         return(ret);
578         }
579
580 void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret)
581         {
582         const char *str;
583         int w;
584
585         w=where& ~SSL_ST_MASK;
586
587         if (w & SSL_ST_CONNECT) str="SSL_connect";
588         else if (w & SSL_ST_ACCEPT) str="SSL_accept";
589         else str="undefined";
590
591         if (where & SSL_CB_LOOP)
592                 {
593                 BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s));
594                 }
595         else if (where & SSL_CB_ALERT)
596                 {
597                 str=(where & SSL_CB_READ)?"read":"write";
598                 BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n",
599                         str,
600                         SSL_alert_type_string_long(ret),
601                         SSL_alert_desc_string_long(ret));
602                 }
603         else if (where & SSL_CB_EXIT)
604                 {
605                 if (ret == 0)
606                         BIO_printf(bio_err,"%s:failed in %s\n",
607                                 str,SSL_state_string_long(s));
608                 else if (ret < 0)
609                         {
610                         BIO_printf(bio_err,"%s:error in %s\n",
611                                 str,SSL_state_string_long(s));
612                         }
613                 }
614         }
615
616
617 void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
618         {
619         BIO *bio = arg;
620         const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2= "";
621         
622         str_write_p = write_p ? ">>>" : "<<<";
623
624         switch (version)
625                 {
626         case SSL2_VERSION:
627                 str_version = "SSL 2.0";
628                 break;
629         case SSL3_VERSION:
630                 str_version = "SSL 3.0 ";
631                 break;
632         case TLS1_VERSION:
633                 str_version = "TLS 1.0 ";
634                 break;
635         case TLS1_1_VERSION:
636                 str_version = "TLS 1.1 ";
637                 break;
638         case TLS1_2_VERSION:
639                 str_version = "TLS 1.2 ";
640                 break;
641         case DTLS1_VERSION:
642                 str_version = "DTLS 1.0 ";
643                 break;
644         case DTLS1_BAD_VER:
645                 str_version = "DTLS 1.0 (bad) ";
646                 break;
647         default:
648                 str_version = "???";
649                 }
650
651         if (version == SSL2_VERSION)
652                 {
653                 str_details1 = "???";
654
655                 if (len > 0)
656                         {
657                         switch (((const unsigned char*)buf)[0])
658                                 {
659                                 case 0:
660                                         str_details1 = ", ERROR:";
661                                         str_details2 = " ???";
662                                         if (len >= 3)
663                                                 {
664                                                 unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2];
665                                                 
666                                                 switch (err)
667                                                         {
668                                                 case 0x0001:
669                                                         str_details2 = " NO-CIPHER-ERROR";
670                                                         break;
671                                                 case 0x0002:
672                                                         str_details2 = " NO-CERTIFICATE-ERROR";
673                                                         break;
674                                                 case 0x0004:
675                                                         str_details2 = " BAD-CERTIFICATE-ERROR";
676                                                         break;
677                                                 case 0x0006:
678                                                         str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR";
679                                                         break;
680                                                         }
681                                                 }
682
683                                         break;
684                                 case 1:
685                                         str_details1 = ", CLIENT-HELLO";
686                                         break;
687                                 case 2:
688                                         str_details1 = ", CLIENT-MASTER-KEY";
689                                         break;
690                                 case 3:
691                                         str_details1 = ", CLIENT-FINISHED";
692                                         break;
693                                 case 4:
694                                         str_details1 = ", SERVER-HELLO";
695                                         break;
696                                 case 5:
697                                         str_details1 = ", SERVER-VERIFY";
698                                         break;
699                                 case 6:
700                                         str_details1 = ", SERVER-FINISHED";
701                                         break;
702                                 case 7:
703                                         str_details1 = ", REQUEST-CERTIFICATE";
704                                         break;
705                                 case 8:
706                                         str_details1 = ", CLIENT-CERTIFICATE";
707                                         break;
708                                 }
709                         }
710                 }
711
712         if (version == SSL3_VERSION ||
713             version == TLS1_VERSION ||
714             version == TLS1_1_VERSION ||
715             version == TLS1_2_VERSION ||
716             version == DTLS1_VERSION ||
717             version == DTLS1_BAD_VER)
718                 {
719                 switch (content_type)
720                         {
721                 case 20:
722                         str_content_type = "ChangeCipherSpec";
723                         break;
724                 case 21:
725                         str_content_type = "Alert";
726                         break;
727                 case 22:
728                         str_content_type = "Handshake";
729                         break;
730                         }
731
732                 if (content_type == 21) /* Alert */
733                         {
734                         str_details1 = ", ???";
735                         
736                         if (len == 2)
737                                 {
738                                 switch (((const unsigned char*)buf)[0])
739                                         {
740                                 case 1:
741                                         str_details1 = ", warning";
742                                         break;
743                                 case 2:
744                                         str_details1 = ", fatal";
745                                         break;
746                                         }
747
748                                 str_details2 = " ???";
749                                 switch (((const unsigned char*)buf)[1])
750                                         {
751                                 case 0:
752                                         str_details2 = " close_notify";
753                                         break;
754                                 case 10:
755                                         str_details2 = " unexpected_message";
756                                         break;
757                                 case 20:
758                                         str_details2 = " bad_record_mac";
759                                         break;
760                                 case 21:
761                                         str_details2 = " decryption_failed";
762                                         break;
763                                 case 22:
764                                         str_details2 = " record_overflow";
765                                         break;
766                                 case 30:
767                                         str_details2 = " decompression_failure";
768                                         break;
769                                 case 40:
770                                         str_details2 = " handshake_failure";
771                                         break;
772                                 case 42:
773                                         str_details2 = " bad_certificate";
774                                         break;
775                                 case 43:
776                                         str_details2 = " unsupported_certificate";
777                                         break;
778                                 case 44:
779                                         str_details2 = " certificate_revoked";
780                                         break;
781                                 case 45:
782                                         str_details2 = " certificate_expired";
783                                         break;
784                                 case 46:
785                                         str_details2 = " certificate_unknown";
786                                         break;
787                                 case 47:
788                                         str_details2 = " illegal_parameter";
789                                         break;
790                                 case 48:
791                                         str_details2 = " unknown_ca";
792                                         break;
793                                 case 49:
794                                         str_details2 = " access_denied";
795                                         break;
796                                 case 50:
797                                         str_details2 = " decode_error";
798                                         break;
799                                 case 51:
800                                         str_details2 = " decrypt_error";
801                                         break;
802                                 case 60:
803                                         str_details2 = " export_restriction";
804                                         break;
805                                 case 70:
806                                         str_details2 = " protocol_version";
807                                         break;
808                                 case 71:
809                                         str_details2 = " insufficient_security";
810                                         break;
811                                 case 80:
812                                         str_details2 = " internal_error";
813                                         break;
814                                 case 90:
815                                         str_details2 = " user_canceled";
816                                         break;
817                                 case 100:
818                                         str_details2 = " no_renegotiation";
819                                         break;
820                                 case 110:
821                                         str_details2 = " unsupported_extension";
822                                         break;
823                                 case 111:
824                                         str_details2 = " certificate_unobtainable";
825                                         break;
826                                 case 112:
827                                         str_details2 = " unrecognized_name";
828                                         break;
829                                 case 113:
830                                         str_details2 = " bad_certificate_status_response";
831                                         break;
832                                 case 114:
833                                         str_details2 = " bad_certificate_hash_value";
834                                         break;
835                                 case 115:
836                                         str_details2 = " unknown_psk_identity";
837                                         break;
838                                         }
839                                 }
840                         }
841                 
842                 if (content_type == 22) /* Handshake */
843                         {
844                         str_details1 = "???";
845
846                         if (len > 0)
847                                 {
848                                 switch (((const unsigned char*)buf)[0])
849                                         {
850                                 case 0:
851                                         str_details1 = ", HelloRequest";
852                                         break;
853                                 case 1:
854                                         str_details1 = ", ClientHello";
855                                         break;
856                                 case 2:
857                                         str_details1 = ", ServerHello";
858                                         break;
859                                 case 3:
860                                         str_details1 = ", HelloVerifyRequest";
861                                         break;
862                                 case 11:
863                                         str_details1 = ", Certificate";
864                                         break;
865                                 case 12:
866                                         str_details1 = ", ServerKeyExchange";
867                                         break;
868                                 case 13:
869                                         str_details1 = ", CertificateRequest";
870                                         break;
871                                 case 14:
872                                         str_details1 = ", ServerHelloDone";
873                                         break;
874                                 case 15:
875                                         str_details1 = ", CertificateVerify";
876                                         break;
877                                 case 16:
878                                         str_details1 = ", ClientKeyExchange";
879                                         break;
880                                 case 20:
881                                         str_details1 = ", Finished";
882                                         break;
883                                 case 23:
884                                         str_details1 = ", SupplementalData";
885                                         break;
886                                         }
887                                 }
888                         }
889
890 #ifndef OPENSSL_NO_HEARTBEATS
891                 if (content_type == 24) /* Heartbeat */
892                         {
893                         str_details1 = ", Heartbeat";
894                         
895                         if (len > 0)
896                                 {
897                                 switch (((const unsigned char*)buf)[0])
898                                         {
899                                 case 1:
900                                         str_details1 = ", HeartbeatRequest";
901                                         break;
902                                 case 2:
903                                         str_details1 = ", HeartbeatResponse";
904                                         break;
905                                         }
906                                 }
907                         }
908 #endif
909                 }
910
911         BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long)len, str_details1, str_details2);
912
913         if (len > 0)
914                 {
915                 size_t num, i;
916                 
917                 BIO_printf(bio, "   ");
918                 num = len;
919 #if 0
920                 if (num > 16)
921                         num = 16;
922 #endif
923                 for (i = 0; i < num; i++)
924                         {
925                         if (i % 16 == 0 && i > 0)
926                                 BIO_printf(bio, "\n   ");
927                         BIO_printf(bio, " %02x", ((const unsigned char*)buf)[i]);
928                         }
929                 if (i < len)
930                         BIO_printf(bio, " ...");
931                 BIO_printf(bio, "\n");
932                 }
933         (void)BIO_flush(bio);
934         }
935
936 void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
937                                         unsigned char *data, int len,
938                                         void *arg)
939         {
940         BIO *bio = arg;
941         char *extname;
942
943         switch(type)
944                 {
945                 case TLSEXT_TYPE_server_name:
946                 extname = "server name";
947                 break;
948
949                 case TLSEXT_TYPE_max_fragment_length:
950                 extname = "max fragment length";
951                 break;
952
953                 case TLSEXT_TYPE_client_certificate_url:
954                 extname = "client certificate URL";
955                 break;
956
957                 case TLSEXT_TYPE_trusted_ca_keys:
958                 extname = "trusted CA keys";
959                 break;
960
961                 case TLSEXT_TYPE_truncated_hmac:
962                 extname = "truncated HMAC";
963                 break;
964
965                 case TLSEXT_TYPE_status_request:
966                 extname = "status request";
967                 break;
968
969                 case TLSEXT_TYPE_user_mapping:
970                 extname = "user mapping";
971                 break;
972
973                 case TLSEXT_TYPE_client_authz:
974                 extname = "client authz";
975                 break;
976
977                 case TLSEXT_TYPE_server_authz:
978                 extname = "server authz";
979                 break;
980
981                 case TLSEXT_TYPE_cert_type:
982                 extname = "cert type";
983                 break;
984
985                 case TLSEXT_TYPE_elliptic_curves:
986                 extname = "elliptic curves";
987                 break;
988
989                 case TLSEXT_TYPE_ec_point_formats:
990                 extname = "EC point formats";
991                 break;
992
993                 case TLSEXT_TYPE_srp:
994                 extname = "SRP";
995                 break;
996
997                 case TLSEXT_TYPE_signature_algorithms:
998                 extname = "signature algorithms";
999                 break;
1000
1001                 case TLSEXT_TYPE_use_srtp:
1002                 extname = "use SRTP";
1003                 break;
1004
1005                 case TLSEXT_TYPE_heartbeat:
1006                 extname = "heartbeat";
1007                 break;
1008
1009                 case TLSEXT_TYPE_session_ticket:
1010                 extname = "session ticket";
1011                 break;
1012
1013                 case TLSEXT_TYPE_renegotiate: 
1014                 extname = "renegotiation info";
1015                 break;
1016
1017 #ifdef TLSEXT_TYPE_opaque_prf_input
1018                 case TLSEXT_TYPE_opaque_prf_input:
1019                 extname = "opaque PRF input";
1020                 break;
1021 #endif
1022 #ifdef TLSEXT_TYPE_next_proto_neg
1023                 case TLSEXT_TYPE_next_proto_neg:
1024                 extname = "next protocol";
1025                 break;
1026 #endif
1027 #ifdef TLSEXT_TYPE_encrypt_then_mac
1028                 case TLSEXT_TYPE_encrypt_then_mac:
1029                 extname = "encrypt-then-mac";
1030                 break;
1031 #endif
1032
1033                 default:
1034                 extname = "unknown";
1035                 break;
1036
1037                 }
1038         
1039         BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n",
1040                         client_server ? "server": "client",
1041                         extname, type, len);
1042         BIO_dump(bio, (char *)data, len);
1043         (void)BIO_flush(bio);
1044         }
1045
1046 int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)
1047         {
1048         unsigned char *buffer, result[EVP_MAX_MD_SIZE];
1049         unsigned int length, resultlength;
1050         union {
1051                 struct sockaddr sa;
1052                 struct sockaddr_in s4;
1053 #if OPENSSL_USE_IPV6
1054                 struct sockaddr_in6 s6;
1055 #endif
1056         } peer;
1057
1058         /* Initialize a random secret */
1059         if (!cookie_initialized)
1060                 {
1061                 if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH))
1062                         {
1063                         BIO_printf(bio_err,"error setting random cookie secret\n");
1064                         return 0;
1065                         }
1066                 cookie_initialized = 1;
1067                 }
1068
1069         /* Read peer information */
1070         (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
1071
1072         /* Create buffer with peer's address and port */
1073         length = 0;
1074         switch (peer.sa.sa_family)
1075                 {
1076         case AF_INET:
1077                 length += sizeof(struct in_addr);
1078                 length += sizeof(peer.s4.sin_port);
1079                 break;
1080 #if OPENSSL_USE_IPV6
1081         case AF_INET6:
1082                 length += sizeof(struct in6_addr);
1083                 length += sizeof(peer.s6.sin6_port);
1084                 break;
1085 #endif
1086         default:
1087                 OPENSSL_assert(0);
1088                 break;
1089                 }
1090         buffer = OPENSSL_malloc(length);
1091
1092         if (buffer == NULL)
1093                 {
1094                 BIO_printf(bio_err,"out of memory\n");
1095                 return 0;
1096                 }
1097
1098         switch (peer.sa.sa_family)
1099                 {
1100         case AF_INET:
1101                 memcpy(buffer,
1102                        &peer.s4.sin_port,
1103                        sizeof(peer.s4.sin_port));
1104                 memcpy(buffer + sizeof(peer.s4.sin_port),
1105                        &peer.s4.sin_addr,
1106                        sizeof(struct in_addr));
1107                 break;
1108 #if OPENSSL_USE_IPV6
1109         case AF_INET6:
1110                 memcpy(buffer,
1111                        &peer.s6.sin6_port,
1112                        sizeof(peer.s6.sin6_port));
1113                 memcpy(buffer + sizeof(peer.s6.sin6_port),
1114                        &peer.s6.sin6_addr,
1115                        sizeof(struct in6_addr));
1116                 break;
1117 #endif
1118         default:
1119                 OPENSSL_assert(0);
1120                 break;
1121                 }
1122
1123         /* Calculate HMAC of buffer using the secret */
1124         HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
1125              buffer, length, result, &resultlength);
1126         OPENSSL_free(buffer);
1127
1128         memcpy(cookie, result, resultlength);
1129         *cookie_len = resultlength;
1130
1131         return 1;
1132         }
1133
1134 int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)
1135         {
1136         unsigned char *buffer, result[EVP_MAX_MD_SIZE];
1137         unsigned int length, resultlength;
1138         union {
1139                 struct sockaddr sa;
1140                 struct sockaddr_in s4;
1141 #if OPENSSL_USE_IPV6
1142                 struct sockaddr_in6 s6;
1143 #endif
1144         } peer;
1145
1146         /* If secret isn't initialized yet, the cookie can't be valid */
1147         if (!cookie_initialized)
1148                 return 0;
1149
1150         /* Read peer information */
1151         (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
1152
1153         /* Create buffer with peer's address and port */
1154         length = 0;
1155         switch (peer.sa.sa_family)
1156                 {
1157         case AF_INET:
1158                 length += sizeof(struct in_addr);
1159                 length += sizeof(peer.s4.sin_port);
1160                 break;
1161 #if OPENSSL_USE_IPV6
1162         case AF_INET6:
1163                 length += sizeof(struct in6_addr);
1164                 length += sizeof(peer.s6.sin6_port);
1165                 break;
1166 #endif
1167         default:
1168                 OPENSSL_assert(0);
1169                 break;
1170                 }
1171         buffer = OPENSSL_malloc(length);
1172         
1173         if (buffer == NULL)
1174                 {
1175                 BIO_printf(bio_err,"out of memory\n");
1176                 return 0;
1177                 }
1178
1179         switch (peer.sa.sa_family)
1180                 {
1181         case AF_INET:
1182                 memcpy(buffer,
1183                        &peer.s4.sin_port,
1184                        sizeof(peer.s4.sin_port));
1185                 memcpy(buffer + sizeof(peer.s4.sin_port),
1186                        &peer.s4.sin_addr,
1187                        sizeof(struct in_addr));
1188                 break;
1189 #if OPENSSL_USE_IPV6
1190         case AF_INET6:
1191                 memcpy(buffer,
1192                        &peer.s6.sin6_port,
1193                        sizeof(peer.s6.sin6_port));
1194                 memcpy(buffer + sizeof(peer.s6.sin6_port),
1195                        &peer.s6.sin6_addr,
1196                        sizeof(struct in6_addr));
1197                 break;
1198 #endif
1199         default:
1200                 OPENSSL_assert(0);
1201                 break;
1202                 }
1203
1204         /* Calculate HMAC of buffer using the secret */
1205         HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
1206              buffer, length, result, &resultlength);
1207         OPENSSL_free(buffer);
1208
1209         if (cookie_len == resultlength && memcmp(result, cookie, resultlength) == 0)
1210                 return 1;
1211
1212         return 0;
1213         }
1214
1215 /* Example of extended certificate handling. Where the standard support
1216  * of one certificate per algorithm is not sufficient an application
1217  * can decide which certificate(s) to use at runtime based on whatever
1218  * criteria it deems appropriate.
1219  */
1220
1221 /* Linked list of certificates, keys and chains */
1222 struct  ssl_excert_st
1223         {
1224         int certform;
1225         const char *certfile;
1226         int keyform;
1227         const char *keyfile;
1228         const char *chainfile;
1229         X509 *cert;
1230         EVP_PKEY *key;
1231         STACK_OF(X509) *chain;
1232         int build_chain;
1233         struct ssl_excert_st *next, *prev;
1234         };
1235
1236 struct chain_flags
1237         {
1238         int flag;
1239         const char *name;
1240         };
1241
1242 struct chain_flags chain_flags_list[] =
1243         {
1244                 {CERT_PKEY_VALID, "Overall Validity"},
1245                 {CERT_PKEY_SIGN,  "Sign with EE key"},
1246                 {CERT_PKEY_EE_SIGNATURE, "EE signature"},
1247                 {CERT_PKEY_CA_SIGNATURE, "CA signature"},
1248                 {CERT_PKEY_EE_PARAM, "EE key parameters"},
1249                 {CERT_PKEY_CA_PARAM, "CA key parameters"},
1250                 {CERT_PKEY_EXPLICIT_SIGN,  "Explicity sign with EE key"},
1251                 {CERT_PKEY_ISSUER_NAME,  "Issuer Name"},
1252                 {CERT_PKEY_CERT_TYPE,  "Certificate Type"},
1253                 {0, NULL}
1254         };
1255
1256
1257 static void print_chain_flags(BIO *out, int flags)
1258         {
1259         struct chain_flags *ctmp = chain_flags_list;
1260         while(ctmp->name)
1261                 {
1262                 BIO_printf(out, "\t%s: %s\n", ctmp->name,
1263                                 flags & ctmp->flag ? "OK" : "NOT OK");
1264                 ctmp++;
1265                 }
1266         }
1267
1268 /* Very basic selection callback: just use any certificate chain
1269  * reported as valid. More sophisticated could prioritise according
1270  * to local policy.
1271  */
1272 static int set_cert_cb(SSL *ssl, void *arg)
1273         {
1274         int i, rv;
1275         SSL_EXCERT *exc = arg;
1276 #ifdef CERT_CB_TEST_RETRY
1277         static int retry_cnt;
1278         if (retry_cnt < 5)
1279                 {
1280                 retry_cnt++;
1281                 fprintf(stderr, "Certificate callback retry test: count %d\n",
1282                                                                 retry_cnt);
1283                 return -1;
1284                 }
1285 #endif
1286         SSL_certs_clear(ssl);
1287
1288         if (!exc)
1289                 return 1;
1290
1291         /* Go to end of list and traverse backwards since we prepend
1292          * newer entries this retains the original order.
1293          */
1294         while (exc->next)
1295                 exc = exc->next;
1296
1297         i = 0;  
1298
1299         while(exc)
1300                 {
1301                 i++;
1302                 rv = SSL_check_chain(ssl, exc->cert, exc->key, exc->chain);
1303                 BIO_printf(bio_err, "Checking cert chain %d:\nSubject: ", i);
1304                 X509_NAME_print_ex(bio_err, X509_get_subject_name(exc->cert), 0,
1305                                                         XN_FLAG_ONELINE);
1306                 BIO_puts(bio_err, "\n");
1307                 
1308                 print_chain_flags(bio_err, rv);
1309                 if (rv & CERT_PKEY_VALID)
1310                         {
1311                         SSL_use_certificate(ssl, exc->cert);
1312                         SSL_use_PrivateKey(ssl, exc->key);
1313                         /* NB: we wouldn't normally do this as it is
1314                          * not efficient building chains on each connection
1315                          * better to cache the chain in advance.
1316                          */
1317                         if (exc->build_chain)
1318                                 {
1319                                 if (!SSL_build_cert_chain(ssl, 0))
1320                                         return 0;
1321                                 }
1322                         else if (exc->chain)
1323                                 SSL_set1_chain(ssl, exc->chain);
1324                         }
1325                 exc = exc->prev;
1326                 }
1327         return 1;
1328         }
1329
1330 void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc)
1331         {
1332         SSL_CTX_set_cert_cb(ctx, set_cert_cb, exc);
1333         }
1334
1335 static int ssl_excert_prepend(SSL_EXCERT **pexc)
1336         {
1337         SSL_EXCERT *exc;
1338         exc = OPENSSL_malloc(sizeof(SSL_EXCERT));
1339         if (!exc)
1340                 return 0;
1341         exc->certfile = NULL;
1342         exc->keyfile = NULL;
1343         exc->chainfile = NULL;
1344         exc->cert = NULL;
1345         exc->key = NULL;
1346         exc->chain = NULL;
1347         exc->prev = NULL;
1348         exc->build_chain = 0;
1349
1350         exc->next = *pexc;
1351         *pexc = exc;
1352                         
1353         if (exc->next)
1354                 {
1355                 exc->certform = exc->next->certform;
1356                 exc->keyform = exc->next->keyform;
1357                 exc->next->prev = exc;
1358                 }
1359         else
1360                 {
1361                 exc->certform = FORMAT_PEM;
1362                 exc->keyform = FORMAT_PEM;
1363                 }
1364         return 1;
1365
1366         }
1367
1368 void ssl_excert_free(SSL_EXCERT *exc)
1369         {
1370         SSL_EXCERT *curr;
1371         while (exc)
1372                 {
1373                 if (exc->cert)
1374                         X509_free(exc->cert);
1375                 if (exc->key)
1376                         EVP_PKEY_free(exc->key);
1377                 if (exc->chain)
1378                         sk_X509_pop_free(exc->chain, X509_free);
1379                 curr = exc;
1380                 exc = exc->next;
1381                 OPENSSL_free(curr);
1382                 }
1383         }
1384
1385 int load_excert(SSL_EXCERT **pexc, BIO *err)
1386         {
1387         SSL_EXCERT *exc = *pexc;
1388         if (!exc)
1389                 return 1;
1390         /* If nothing in list, free and set to NULL */
1391         if (!exc->certfile && !exc->next)
1392                 {
1393                 ssl_excert_free(exc);
1394                 *pexc = NULL;
1395                 return 1;
1396                 }
1397         for(; exc; exc=exc->next)
1398                 {
1399                 if (!exc->certfile)
1400                         {
1401                         BIO_printf(err, "Missing filename\n");
1402                         return 0;
1403                         }
1404                 exc->cert = load_cert(err, exc->certfile, exc->certform,
1405                                         NULL, NULL, "Server Certificate");
1406                 if (!exc->cert)
1407                         return 0;
1408                 if (exc->keyfile)
1409                         exc->keyfile = exc->certfile;
1410                 exc->key = load_key(err, exc->certfile, exc->certform, 0,
1411                                         NULL, NULL, "Server Certificate");
1412                 if (!exc->key)
1413                         return 0;
1414                 if (exc->chainfile)
1415                         {
1416                         exc->chain = load_certs(err,
1417                                                 exc->chainfile, FORMAT_PEM,
1418                                                 NULL, NULL,
1419                                                 "Server Chain");
1420                         if (!exc->chainfile)
1421                                 return 0;
1422                         }
1423                 }
1424         return 1;
1425         }
1426                 
1427
1428 int args_excert(char ***pargs, int *pargc,
1429                         int *badarg, BIO *err, SSL_EXCERT **pexc)
1430         {
1431         char *arg = **pargs, *argn = (*pargs)[1];
1432         SSL_EXCERT *exc = *pexc;
1433         int narg = 2;
1434         if (!exc)
1435                 {
1436                 if (ssl_excert_prepend(&exc))
1437                         *pexc = exc;
1438                 else
1439                         {
1440                         BIO_printf(err, "Error initialising xcert\n");
1441                         *badarg = 1;
1442                         goto err;
1443                         }
1444                 }
1445         if (strcmp(arg, "-xcert") == 0)
1446                 {
1447                 if (!argn)
1448                         {
1449                         *badarg = 1;
1450                         return 1;
1451                         }
1452                 if (exc->certfile && !ssl_excert_prepend(&exc))
1453                         {
1454                         BIO_printf(err, "Error adding xcert\n");
1455                         *badarg = 1;
1456                         goto err;
1457                         }
1458                 exc->certfile = argn;
1459                 }
1460         else if (strcmp(arg,"-xkey") == 0)
1461                 {
1462                 if (!argn)
1463                         {
1464                         *badarg = 1;
1465                         return 1;
1466                         }
1467                 if (exc->keyfile)
1468                         {
1469                         BIO_printf(err, "Key already specified\n");
1470                         *badarg = 1;
1471                         return 1;
1472                         }
1473                 exc->keyfile = argn;
1474                 }
1475         else if (strcmp(arg,"-xchain") == 0)
1476                 {
1477                 if (!argn)
1478                         {
1479                         *badarg = 1;
1480                         return 1;
1481                         }
1482                 if (exc->chainfile)
1483                         {
1484                         BIO_printf(err, "Chain already specified\n");
1485                         *badarg = 1;
1486                         return 1;
1487                         }
1488                 exc->chainfile = argn;
1489                 }
1490         else if (strcmp(arg,"-xchain_build") == 0)
1491                 {
1492                 narg = 1;
1493                 exc->build_chain = 1;
1494                 }
1495         else if (strcmp(arg,"-xcertform") == 0)
1496                 {
1497                 if (!argn)
1498                         {
1499                         *badarg = 1;
1500                         goto err;
1501                         }
1502                 exc->certform = str2fmt(argn);
1503                 }
1504         else if (strcmp(arg,"-xkeyform") == 0)
1505                 {
1506                 if (!argn)
1507                         {
1508                         *badarg = 1;
1509                         goto err;
1510                         }
1511                 exc->keyform = str2fmt(argn);
1512                 }
1513         else
1514                 return 0;
1515
1516         (*pargs) += narg;
1517
1518         if (pargc)
1519                 *pargc -= narg;
1520
1521         *pexc = exc;
1522
1523         return 1;
1524
1525         err:
1526         ERR_print_errors(err);
1527         ssl_excert_free(exc);
1528         *pexc = NULL;
1529         return 1;
1530         }
1531
1532 static void print_raw_cipherlist(BIO *bio, SSL *s)
1533         {
1534         const unsigned char *rlist;
1535         static const unsigned char scsv_id[] = {0, 0, 0xFF};
1536         size_t i, rlistlen, num;
1537         if (!SSL_is_server(s))
1538                 return;
1539         num = SSL_get0_raw_cipherlist(s, NULL);
1540         rlistlen = SSL_get0_raw_cipherlist(s, &rlist);
1541         BIO_puts(bio, "Client cipher list: ");
1542         for (i = 0; i < rlistlen; i += num, rlist += num)
1543                 {
1544                 const SSL_CIPHER *c = SSL_CIPHER_find(s, rlist);
1545                 if (i)
1546                         BIO_puts(bio, ":");
1547                 if (c)
1548                         BIO_puts(bio, SSL_CIPHER_get_name(c));
1549                 else if (!memcmp(rlist, scsv_id - num + 3, num))
1550                         BIO_puts(bio, "SCSV");
1551                 else
1552                         {
1553                         size_t j;
1554                         BIO_puts(bio, "0x");
1555                         for (j = 0; j < num; j++)
1556                                 BIO_printf(bio, "%02X", rlist[j]);
1557                         }
1558                 }
1559         BIO_puts(bio, "\n");
1560         }
1561         
1562
1563 void print_ssl_summary(BIO *bio, SSL *s)
1564         {
1565         const SSL_CIPHER *c;
1566         X509 *peer;
1567         /*const char *pnam = SSL_is_server(s) ? "client" : "server";*/
1568         BIO_printf(bio, "Protocol version: %s\n", SSL_get_version(s));
1569         print_raw_cipherlist(bio, s);
1570         c = SSL_get_current_cipher(s);
1571         BIO_printf(bio,"Ciphersuite: %s\n", SSL_CIPHER_get_name(c));
1572         do_print_sigalgs(bio, s, 0);
1573         peer = SSL_get_peer_certificate(s);
1574         if (peer)
1575                 {
1576                 int nid;
1577                 BIO_puts(bio, "Peer certificate: ");
1578                 X509_NAME_print_ex(bio, X509_get_subject_name(peer),
1579                                         0, XN_FLAG_ONELINE);
1580                 BIO_puts(bio, "\n");
1581                 if (SSL_get_peer_signature_nid(s, &nid))
1582                         BIO_printf(bio, "Hash used: %s\n", OBJ_nid2sn(nid));
1583                 }
1584         else
1585                 BIO_puts(bio, "No peer certificate\n");
1586         if (peer)
1587                 X509_free(peer);
1588 #ifndef OPENSSL_NO_EC
1589         ssl_print_point_formats(bio, s);
1590         if (SSL_is_server(s))
1591                 ssl_print_curves(bio, s, 1);
1592         else
1593                 ssl_print_tmp_key(bio, s);
1594 #else
1595         if (!SSL_is_server(s))
1596                 ssl_print_tmp_key(bio, s);
1597 #endif
1598         }
1599
1600 int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx,
1601                         int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr)
1602         {
1603         char *arg = **pargs, *argn = (*pargs)[1];
1604         int rv;
1605
1606         /* Attempt to run SSL configuration command */
1607         rv = SSL_CONF_cmd_argv(cctx, pargc, pargs);
1608         /* If parameter not recognised just return */
1609         if (rv == 0)
1610                 return 0;
1611         /* see if missing argument error */
1612         if (rv == -3)
1613                 {
1614                 BIO_printf(err, "%s needs an argument\n", arg);
1615                 *badarg = 1;
1616                 goto end;
1617                 }
1618         /* Check for some other error */
1619         if (rv < 0)
1620                 {
1621                 BIO_printf(err, "Error with command: \"%s %s\"\n",
1622                                                 arg, argn ? argn : "");
1623                 *badarg = 1;
1624                 goto end;
1625                 }
1626         /* Store command and argument */
1627         /* If only one argument processed store value as NULL */
1628         if (rv == 1)
1629                 argn = NULL;
1630         if (!*pstr)
1631                 *pstr = sk_OPENSSL_STRING_new_null();
1632         if (!*pstr || !sk_OPENSSL_STRING_push(*pstr, arg) ||
1633                                 !sk_OPENSSL_STRING_push(*pstr, argn))
1634                 {
1635                 BIO_puts(err, "Memory allocation failure\n");
1636                 goto end;
1637                 }
1638
1639         end:
1640         if (*badarg)
1641                 ERR_print_errors(err);
1642
1643         return 1;
1644         }
1645
1646 int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
1647                 STACK_OF(OPENSSL_STRING) *str, int no_ecdhe, int no_jpake)
1648         {
1649         int i;
1650         SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
1651         for (i = 0; i < sk_OPENSSL_STRING_num(str); i+= 2)
1652                 {
1653                 const char *param = sk_OPENSSL_STRING_value(str, i);
1654                 const char *value = sk_OPENSSL_STRING_value(str, i + 1);
1655                 /* If no_ecdhe or named curve already specified don't need
1656                  * a default.
1657                  */
1658                 if (!no_ecdhe && !strcmp(param, "-named_curve"))
1659                         no_ecdhe = 1;
1660 #ifndef OPENSSL_NO_JPAKE
1661                 if (!no_jpake && !strcmp(param, "-cipher"))
1662                         {
1663                         BIO_puts(err, "JPAKE sets cipher to PSK\n");
1664                         return 0;
1665                         }
1666 #endif
1667                 if (SSL_CONF_cmd(cctx, param, value) <= 0)
1668                         {
1669                         BIO_printf(err, "Error with command: \"%s %s\"\n",
1670                                                 param, value ? value : "");
1671                         ERR_print_errors(err);
1672                         return 0;
1673                         }
1674                 }
1675         /* This is a special case to keep existing s_server functionality:
1676          * if we don't have any curve specified *and* we haven't disabled
1677          * ECDHE then use P-256.
1678          */
1679         if (!no_ecdhe)
1680                 {
1681                 if (SSL_CONF_cmd(cctx, "-named_curve", "P-256") <= 0)
1682                         {
1683                         BIO_puts(err, "Error setting EC curve\n");
1684                         ERR_print_errors(err);
1685                         return 0;
1686                         }
1687                 }
1688 #ifndef OPENSSL_NO_JPAKE
1689         if (!no_jpake)
1690                 {
1691                 if (SSL_CONF_cmd(cctx, "-cipher", "PSK") <= 0)
1692                         {
1693                         BIO_puts(err, "Error setting cipher to PSK\n");
1694                         ERR_print_errors(err);
1695                         return 0;
1696                         }
1697                 }
1698 #endif
1699         if (!SSL_CONF_CTX_finish(cctx))
1700                 {
1701                 BIO_puts(err, "Error finishing context\n");
1702                 ERR_print_errors(err);
1703                 return 0;
1704                 }
1705         return 1;
1706         }
1707
1708 static int add_crls_store(X509_STORE *st, STACK_OF(X509_CRL) *crls)
1709         {
1710         X509_CRL *crl;
1711         int i;
1712         for (i = 0; i < sk_X509_CRL_num(crls); i++)
1713                 {
1714                 crl = sk_X509_CRL_value(crls, i);
1715                 X509_STORE_add_crl(st, crl);
1716                 }
1717         return 1;
1718         }
1719
1720 int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download)
1721         {
1722         X509_STORE *st;
1723         st = SSL_CTX_get_cert_store(ctx);
1724         add_crls_store(st, crls);
1725         if (crl_download)
1726                 store_setup_crl_download(st);
1727         return 1;
1728         }
1729
1730 int ssl_load_stores(SSL_CTX *ctx,
1731                         const char *vfyCApath, const char *vfyCAfile,
1732                         const char *chCApath, const char *chCAfile,
1733                         STACK_OF(X509_CRL) *crls, int crl_download)
1734         {
1735         X509_STORE *vfy = NULL, *ch = NULL;
1736         int rv = 0;
1737         if (vfyCApath || vfyCAfile)
1738                 {
1739                 vfy = X509_STORE_new();
1740                 if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath))
1741                         goto err;
1742                 add_crls_store(vfy, crls);
1743                 SSL_CTX_set1_verify_cert_store(ctx, vfy);
1744                 if (crl_download)
1745                         store_setup_crl_download(vfy);
1746                 }
1747         if (chCApath || chCAfile)
1748                 {
1749                 ch = X509_STORE_new();
1750                 if (!X509_STORE_load_locations(ch, chCAfile, chCApath))
1751                         goto err;
1752                 SSL_CTX_set1_chain_cert_store(ctx, ch);
1753                 }
1754         rv = 1;
1755         err:
1756         if (vfy)
1757                 X509_STORE_free(vfy);
1758         if (ch)
1759                 X509_STORE_free(ch);
1760         return rv;
1761         }