Enable message names for TLS 1.1, 1.2 with -msg.
[openssl.git] / apps / s_cb.c
1 /* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer. 
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111
112 #include <stdio.h>
113 #include <stdlib.h>
114 #define USE_SOCKETS
115 #define NON_MAIN
116 #include "apps.h"
117 #undef NON_MAIN
118 #undef USE_SOCKETS
119 #include <openssl/err.h>
120 #include <openssl/rand.h>
121 #include <openssl/x509.h>
122 #include <openssl/ssl.h>
123 #include "s_apps.h"
124
125 #define COOKIE_SECRET_LENGTH    16
126
127 int verify_depth=0;
128 int verify_error=X509_V_OK;
129 int verify_return_error=0;
130 unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
131 int cookie_initialized=0;
132
133 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
134         {
135         X509 *err_cert;
136         int err,depth;
137
138         err_cert=X509_STORE_CTX_get_current_cert(ctx);
139         err=    X509_STORE_CTX_get_error(ctx);
140         depth=  X509_STORE_CTX_get_error_depth(ctx);
141
142         BIO_printf(bio_err,"depth=%d ",depth);
143         if (err_cert)
144                 {
145                 X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
146                                         0, XN_FLAG_ONELINE);
147                 BIO_puts(bio_err, "\n");
148                 }
149         else
150                 BIO_puts(bio_err, "<no cert>\n");
151         if (!ok)
152                 {
153                 BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
154                         X509_verify_cert_error_string(err));
155                 if (verify_depth >= depth)
156                         {
157                         if (!verify_return_error)
158                                 ok=1;
159                         verify_error=X509_V_OK;
160                         }
161                 else
162                         {
163                         ok=0;
164                         verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG;
165                         }
166                 }
167         switch (err)
168                 {
169         case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
170                 BIO_puts(bio_err,"issuer= ");
171                 X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
172                                         0, XN_FLAG_ONELINE);
173                 BIO_puts(bio_err, "\n");
174                 break;
175         case X509_V_ERR_CERT_NOT_YET_VALID:
176         case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
177                 BIO_printf(bio_err,"notBefore=");
178                 ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert));
179                 BIO_printf(bio_err,"\n");
180                 break;
181         case X509_V_ERR_CERT_HAS_EXPIRED:
182         case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
183                 BIO_printf(bio_err,"notAfter=");
184                 ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert));
185                 BIO_printf(bio_err,"\n");
186                 break;
187         case X509_V_ERR_NO_EXPLICIT_POLICY:
188                 policies_print(bio_err, ctx);
189                 break;
190                 }
191         if (err == X509_V_OK && ok == 2)
192                 policies_print(bio_err, ctx);
193
194         BIO_printf(bio_err,"verify return:%d\n",ok);
195         return(ok);
196         }
197
198 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
199         {
200         if (cert_file != NULL)
201                 {
202                 /*
203                 SSL *ssl;
204                 X509 *x509;
205                 */
206
207                 if (SSL_CTX_use_certificate_file(ctx,cert_file,
208                         SSL_FILETYPE_PEM) <= 0)
209                         {
210                         BIO_printf(bio_err,"unable to get certificate from '%s'\n",cert_file);
211                         ERR_print_errors(bio_err);
212                         return(0);
213                         }
214                 if (key_file == NULL) key_file=cert_file;
215                 if (SSL_CTX_use_PrivateKey_file(ctx,key_file,
216                         SSL_FILETYPE_PEM) <= 0)
217                         {
218                         BIO_printf(bio_err,"unable to get private key from '%s'\n",key_file);
219                         ERR_print_errors(bio_err);
220                         return(0);
221                         }
222
223                 /*
224                 In theory this is no longer needed 
225                 ssl=SSL_new(ctx);
226                 x509=SSL_get_certificate(ssl);
227
228                 if (x509 != NULL) {
229                         EVP_PKEY *pktmp;
230                         pktmp = X509_get_pubkey(x509);
231                         EVP_PKEY_copy_parameters(pktmp,
232                                                 SSL_get_privatekey(ssl));
233                         EVP_PKEY_free(pktmp);
234                 }
235                 SSL_free(ssl);
236                 */
237
238                 /* If we are using DSA, we can copy the parameters from
239                  * the private key */
240
241
242                 /* Now we know that a key and cert have been set against
243                  * the SSL context */
244                 if (!SSL_CTX_check_private_key(ctx))
245                         {
246                         BIO_printf(bio_err,"Private key does not match the certificate public key\n");
247                         return(0);
248                         }
249                 }
250         return(1);
251         }
252
253 int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
254                        STACK_OF(X509) *chain, int build_chain)
255         {
256         if (cert == NULL)
257                 return 1;
258         if (SSL_CTX_use_certificate(ctx,cert) <= 0)
259                 {
260                 BIO_printf(bio_err,"error setting certificate\n");
261                 ERR_print_errors(bio_err);
262                 return 0;
263                 }
264
265         if (SSL_CTX_use_PrivateKey(ctx,key) <= 0)
266                 {
267                 BIO_printf(bio_err,"error setting private key\n");
268                 ERR_print_errors(bio_err);
269                 return 0;
270                 }
271                  
272         /* Now we know that a key and cert have been set against
273          * the SSL context */
274         if (!SSL_CTX_check_private_key(ctx))
275                 {
276                 BIO_printf(bio_err,"Private key does not match the certificate public key\n");
277                 return 0;
278                 }
279         if (chain && !SSL_CTX_set1_chain(ctx, chain))
280                 {
281                 BIO_printf(bio_err,"error setting certificate chain\n");
282                 ERR_print_errors(bio_err);
283                 return 0;
284                 }
285         if (!chain && build_chain && !SSL_CTX_build_cert_chain(ctx, 0))
286                 {
287                 BIO_printf(bio_err,"error building certificate chain\n");
288                 ERR_print_errors(bio_err);
289                 return 0;
290                 }
291                 
292         return 1;
293         }
294
295 static void ssl_print_client_cert_types(BIO *bio, SSL *s)
296         {
297         const unsigned char *p;
298         int i;
299         int cert_type_num = SSL_get0_certificate_types(s, &p);
300         if (!cert_type_num)
301                 return;
302         BIO_puts(bio, "Client Certificate Types: ");
303         for (i = 0; i < cert_type_num; i++)
304                 {
305                 unsigned char cert_type = p[i];
306                 char *cname;
307                 switch(cert_type)
308                         {
309                 case TLS_CT_RSA_SIGN:
310                         cname = "RSA sign";
311                         break;
312
313                 case TLS_CT_DSS_SIGN:
314                         cname = "DSA sign";
315                         break;
316
317                 case TLS_CT_RSA_FIXED_DH:
318                         cname = "RSA fixed DH";
319                         break;
320
321                 case TLS_CT_DSS_FIXED_DH:
322                         cname = "DSS fixed DH";
323                         break;
324
325                 case TLS_CT_ECDSA_SIGN:
326                         cname = "ECDSA sign";
327                         break;
328
329                 case TLS_CT_RSA_FIXED_ECDH:
330                         cname = "RSA fixed ECDH";
331                         break;
332
333                 case TLS_CT_ECDSA_FIXED_ECDH:
334                         cname = "ECDSA fixed ECDH";
335                         break;
336
337                 case TLS_CT_GOST94_SIGN:
338                         cname = "GOST94 Sign";
339                         break;
340
341                 case TLS_CT_GOST01_SIGN:
342                         cname = "GOST01 Sign";
343                         break;
344
345                 default:
346                          cname = NULL;
347                         }
348
349                 if (i)
350                         BIO_puts(bio, ", ");
351
352                 if (cname)
353                         BIO_puts(bio, cname);
354                 else
355                         BIO_printf(bio, "UNKNOWN (%d),", cert_type);
356                 }
357         BIO_puts(bio, "\n");
358         }
359
360 static int do_print_sigalgs(BIO *out, SSL *s, int shared)
361         {
362         int i, nsig, client;
363         client = SSL_is_server(s) ? 0 : 1;
364         if (shared)
365                 nsig = SSL_get_shared_sigalgs(s, -1, NULL, NULL, NULL,
366                                                         NULL, NULL);
367         else
368                 nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);
369         if (nsig == 0)
370                 return 1;
371
372         if (shared)
373                 BIO_puts(out, "Shared ");
374
375         if (client)
376                 BIO_puts(out, "Requested ");
377         BIO_puts(out, "Signature Algorithms: ");
378         for (i = 0; i < nsig; i++)
379                 {
380                 int hash_nid, sign_nid;
381                 unsigned char rhash, rsign;
382                 const char *sstr = NULL;
383                 if (shared)
384                         SSL_get_shared_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
385                                                         &rsign, &rhash);
386                 else
387                         SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
388                                                         &rsign, &rhash);
389                 if (i)
390                         BIO_puts(out, ":");
391                 if (sign_nid == EVP_PKEY_RSA)
392                         sstr = "RSA";
393                 else if(sign_nid == EVP_PKEY_DSA)
394                         sstr = "DSA";
395                 else if(sign_nid == EVP_PKEY_EC)
396                         sstr = "ECDSA";
397                 if (sstr)
398                         BIO_printf(out,"%s+", sstr);
399                 else
400                         BIO_printf(out,"0x%02X+", (int)rsign);
401                 if (hash_nid != NID_undef)
402                         BIO_printf(out, "%s", OBJ_nid2sn(hash_nid));
403                 else
404                         BIO_printf(out,"0x%02X", (int)rhash);
405                 }
406         BIO_puts(out, "\n");
407         return 1;
408         }
409
410 int ssl_print_sigalgs(BIO *out, SSL *s)
411         {
412         if (!SSL_is_server(s))
413                 ssl_print_client_cert_types(out, s);
414         do_print_sigalgs(out, s, 0);
415         do_print_sigalgs(out, s, 1);
416         return 1;
417         }
418
419 int ssl_print_curves(BIO *out, SSL *s)
420         {
421         int i, ncurves, *curves, nid;
422         const char *cname;
423         ncurves = SSL_get1_curves(s, NULL);
424         if (ncurves <= 0)
425                 return 1;
426         curves = OPENSSL_malloc(ncurves * sizeof(int));
427         SSL_get1_curves(s, curves);
428
429         BIO_puts(out, "Supported Elliptic Curves: ");
430         for (i = 0; i < ncurves; i++)
431                 {
432                 if (i)
433                         BIO_puts(out, ":");
434                 nid = curves[i];
435                 /* If unrecognised print out hex version */
436                 if (nid & TLSEXT_nid_unknown)
437                         BIO_printf(out, "0x%04X", nid & 0xFFFF);
438                 else
439                         {
440                         /* Use NIST name for curve if it exists */
441                         cname = EC_curve_nid2nist(nid);
442                         if (!cname)
443                                 cname = OBJ_nid2sn(nid);
444                         BIO_printf(out, "%s", cname);
445                         }
446                 }
447         BIO_puts(out, "\nShared Elliptic curves: ");
448         OPENSSL_free(curves);
449         ncurves = SSL_get_shared_curve(s, -1);
450         for (i = 0; i < ncurves; i++)
451                 {
452                 if (i)
453                         BIO_puts(out, ":");
454                 nid = SSL_get_shared_curve(s, i);
455                 cname = EC_curve_nid2nist(nid);
456                 if (!cname)
457                         cname = OBJ_nid2sn(nid);
458                 BIO_printf(out, "%s", cname);
459                 }
460         if (ncurves == 0)
461                 BIO_puts(out, "NONE");
462         BIO_puts(out, "\n");
463         return 1;
464         }
465
466
467 long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
468                                    int argi, long argl, long ret)
469         {
470         BIO *out;
471
472         out=(BIO *)BIO_get_callback_arg(bio);
473         if (out == NULL) return(ret);
474
475         if (cmd == (BIO_CB_READ|BIO_CB_RETURN))
476                 {
477                 BIO_printf(out,"read from %p [%p] (%lu bytes => %ld (0x%lX))\n",
478                         (void *)bio,argp,(unsigned long)argi,ret,ret);
479                 BIO_dump(out,argp,(int)ret);
480                 return(ret);
481                 }
482         else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
483                 {
484                 BIO_printf(out,"write to %p [%p] (%lu bytes => %ld (0x%lX))\n",
485                         (void *)bio,argp,(unsigned long)argi,ret,ret);
486                 BIO_dump(out,argp,(int)ret);
487                 }
488         return(ret);
489         }
490
491 void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret)
492         {
493         const char *str;
494         int w;
495
496         w=where& ~SSL_ST_MASK;
497
498         if (w & SSL_ST_CONNECT) str="SSL_connect";
499         else if (w & SSL_ST_ACCEPT) str="SSL_accept";
500         else str="undefined";
501
502         if (where & SSL_CB_LOOP)
503                 {
504                 BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s));
505                 }
506         else if (where & SSL_CB_ALERT)
507                 {
508                 str=(where & SSL_CB_READ)?"read":"write";
509                 BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n",
510                         str,
511                         SSL_alert_type_string_long(ret),
512                         SSL_alert_desc_string_long(ret));
513                 }
514         else if (where & SSL_CB_EXIT)
515                 {
516                 if (ret == 0)
517                         BIO_printf(bio_err,"%s:failed in %s\n",
518                                 str,SSL_state_string_long(s));
519                 else if (ret < 0)
520                         {
521                         BIO_printf(bio_err,"%s:error in %s\n",
522                                 str,SSL_state_string_long(s));
523                         }
524                 }
525         }
526
527
528 void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
529         {
530         BIO *bio = arg;
531         const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2= "";
532         
533         str_write_p = write_p ? ">>>" : "<<<";
534
535         switch (version)
536                 {
537         case SSL2_VERSION:
538                 str_version = "SSL 2.0";
539                 break;
540         case SSL3_VERSION:
541                 str_version = "SSL 3.0 ";
542                 break;
543         case TLS1_VERSION:
544                 str_version = "TLS 1.0 ";
545                 break;
546         case TLS1_1_VERSION:
547                 str_version = "TLS 1.1 ";
548                 break;
549         case TLS1_2_VERSION:
550                 str_version = "TLS 1.2 ";
551                 break;
552         case DTLS1_VERSION:
553                 str_version = "DTLS 1.0 ";
554                 break;
555         case DTLS1_BAD_VER:
556                 str_version = "DTLS 1.0 (bad) ";
557                 break;
558         default:
559                 str_version = "???";
560                 }
561
562         if (version == SSL2_VERSION)
563                 {
564                 str_details1 = "???";
565
566                 if (len > 0)
567                         {
568                         switch (((const unsigned char*)buf)[0])
569                                 {
570                                 case 0:
571                                         str_details1 = ", ERROR:";
572                                         str_details2 = " ???";
573                                         if (len >= 3)
574                                                 {
575                                                 unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2];
576                                                 
577                                                 switch (err)
578                                                         {
579                                                 case 0x0001:
580                                                         str_details2 = " NO-CIPHER-ERROR";
581                                                         break;
582                                                 case 0x0002:
583                                                         str_details2 = " NO-CERTIFICATE-ERROR";
584                                                         break;
585                                                 case 0x0004:
586                                                         str_details2 = " BAD-CERTIFICATE-ERROR";
587                                                         break;
588                                                 case 0x0006:
589                                                         str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR";
590                                                         break;
591                                                         }
592                                                 }
593
594                                         break;
595                                 case 1:
596                                         str_details1 = ", CLIENT-HELLO";
597                                         break;
598                                 case 2:
599                                         str_details1 = ", CLIENT-MASTER-KEY";
600                                         break;
601                                 case 3:
602                                         str_details1 = ", CLIENT-FINISHED";
603                                         break;
604                                 case 4:
605                                         str_details1 = ", SERVER-HELLO";
606                                         break;
607                                 case 5:
608                                         str_details1 = ", SERVER-VERIFY";
609                                         break;
610                                 case 6:
611                                         str_details1 = ", SERVER-FINISHED";
612                                         break;
613                                 case 7:
614                                         str_details1 = ", REQUEST-CERTIFICATE";
615                                         break;
616                                 case 8:
617                                         str_details1 = ", CLIENT-CERTIFICATE";
618                                         break;
619                                 }
620                         }
621                 }
622
623         if (version == SSL3_VERSION ||
624             version == TLS1_VERSION ||
625             version == TLS1_1_VERSION ||
626             version == TLS1_2_VERSION ||
627             version == DTLS1_VERSION ||
628             version == DTLS1_BAD_VER)
629                 {
630                 switch (content_type)
631                         {
632                 case 20:
633                         str_content_type = "ChangeCipherSpec";
634                         break;
635                 case 21:
636                         str_content_type = "Alert";
637                         break;
638                 case 22:
639                         str_content_type = "Handshake";
640                         break;
641                         }
642
643                 if (content_type == 21) /* Alert */
644                         {
645                         str_details1 = ", ???";
646                         
647                         if (len == 2)
648                                 {
649                                 switch (((const unsigned char*)buf)[0])
650                                         {
651                                 case 1:
652                                         str_details1 = ", warning";
653                                         break;
654                                 case 2:
655                                         str_details1 = ", fatal";
656                                         break;
657                                         }
658
659                                 str_details2 = " ???";
660                                 switch (((const unsigned char*)buf)[1])
661                                         {
662                                 case 0:
663                                         str_details2 = " close_notify";
664                                         break;
665                                 case 10:
666                                         str_details2 = " unexpected_message";
667                                         break;
668                                 case 20:
669                                         str_details2 = " bad_record_mac";
670                                         break;
671                                 case 21:
672                                         str_details2 = " decryption_failed";
673                                         break;
674                                 case 22:
675                                         str_details2 = " record_overflow";
676                                         break;
677                                 case 30:
678                                         str_details2 = " decompression_failure";
679                                         break;
680                                 case 40:
681                                         str_details2 = " handshake_failure";
682                                         break;
683                                 case 42:
684                                         str_details2 = " bad_certificate";
685                                         break;
686                                 case 43:
687                                         str_details2 = " unsupported_certificate";
688                                         break;
689                                 case 44:
690                                         str_details2 = " certificate_revoked";
691                                         break;
692                                 case 45:
693                                         str_details2 = " certificate_expired";
694                                         break;
695                                 case 46:
696                                         str_details2 = " certificate_unknown";
697                                         break;
698                                 case 47:
699                                         str_details2 = " illegal_parameter";
700                                         break;
701                                 case 48:
702                                         str_details2 = " unknown_ca";
703                                         break;
704                                 case 49:
705                                         str_details2 = " access_denied";
706                                         break;
707                                 case 50:
708                                         str_details2 = " decode_error";
709                                         break;
710                                 case 51:
711                                         str_details2 = " decrypt_error";
712                                         break;
713                                 case 60:
714                                         str_details2 = " export_restriction";
715                                         break;
716                                 case 70:
717                                         str_details2 = " protocol_version";
718                                         break;
719                                 case 71:
720                                         str_details2 = " insufficient_security";
721                                         break;
722                                 case 80:
723                                         str_details2 = " internal_error";
724                                         break;
725                                 case 90:
726                                         str_details2 = " user_canceled";
727                                         break;
728                                 case 100:
729                                         str_details2 = " no_renegotiation";
730                                         break;
731                                 case 110:
732                                         str_details2 = " unsupported_extension";
733                                         break;
734                                 case 111:
735                                         str_details2 = " certificate_unobtainable";
736                                         break;
737                                 case 112:
738                                         str_details2 = " unrecognized_name";
739                                         break;
740                                 case 113:
741                                         str_details2 = " bad_certificate_status_response";
742                                         break;
743                                 case 114:
744                                         str_details2 = " bad_certificate_hash_value";
745                                         break;
746                                 case 115:
747                                         str_details2 = " unknown_psk_identity";
748                                         break;
749                                         }
750                                 }
751                         }
752                 
753                 if (content_type == 22) /* Handshake */
754                         {
755                         str_details1 = "???";
756
757                         if (len > 0)
758                                 {
759                                 switch (((const unsigned char*)buf)[0])
760                                         {
761                                 case 0:
762                                         str_details1 = ", HelloRequest";
763                                         break;
764                                 case 1:
765                                         str_details1 = ", ClientHello";
766                                         break;
767                                 case 2:
768                                         str_details1 = ", ServerHello";
769                                         break;
770                                 case 3:
771                                         str_details1 = ", HelloVerifyRequest";
772                                         break;
773                                 case 11:
774                                         str_details1 = ", Certificate";
775                                         break;
776                                 case 12:
777                                         str_details1 = ", ServerKeyExchange";
778                                         break;
779                                 case 13:
780                                         str_details1 = ", CertificateRequest";
781                                         break;
782                                 case 14:
783                                         str_details1 = ", ServerHelloDone";
784                                         break;
785                                 case 15:
786                                         str_details1 = ", CertificateVerify";
787                                         break;
788                                 case 16:
789                                         str_details1 = ", ClientKeyExchange";
790                                         break;
791                                 case 20:
792                                         str_details1 = ", Finished";
793                                         break;
794                                         }
795                                 }
796                         }
797
798 #ifndef OPENSSL_NO_HEARTBEATS
799                 if (content_type == 24) /* Heartbeat */
800                         {
801                         str_details1 = ", Heartbeat";
802                         
803                         if (len > 0)
804                                 {
805                                 switch (((const unsigned char*)buf)[0])
806                                         {
807                                 case 1:
808                                         str_details1 = ", HeartbeatRequest";
809                                         break;
810                                 case 2:
811                                         str_details1 = ", HeartbeatResponse";
812                                         break;
813                                         }
814                                 }
815                         }
816 #endif
817                 }
818
819         BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long)len, str_details1, str_details2);
820
821         if (len > 0)
822                 {
823                 size_t num, i;
824                 
825                 BIO_printf(bio, "   ");
826                 num = len;
827 #if 0
828                 if (num > 16)
829                         num = 16;
830 #endif
831                 for (i = 0; i < num; i++)
832                         {
833                         if (i % 16 == 0 && i > 0)
834                                 BIO_printf(bio, "\n   ");
835                         BIO_printf(bio, " %02x", ((const unsigned char*)buf)[i]);
836                         }
837                 if (i < len)
838                         BIO_printf(bio, " ...");
839                 BIO_printf(bio, "\n");
840                 }
841         (void)BIO_flush(bio);
842         }
843
844 void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
845                                         unsigned char *data, int len,
846                                         void *arg)
847         {
848         BIO *bio = arg;
849         char *extname;
850
851         switch(type)
852                 {
853                 case TLSEXT_TYPE_server_name:
854                 extname = "server name";
855                 break;
856
857                 case TLSEXT_TYPE_max_fragment_length:
858                 extname = "max fragment length";
859                 break;
860
861                 case TLSEXT_TYPE_client_certificate_url:
862                 extname = "client certificate URL";
863                 break;
864
865                 case TLSEXT_TYPE_trusted_ca_keys:
866                 extname = "trusted CA keys";
867                 break;
868
869                 case TLSEXT_TYPE_truncated_hmac:
870                 extname = "truncated HMAC";
871                 break;
872
873                 case TLSEXT_TYPE_status_request:
874                 extname = "status request";
875                 break;
876
877                 case TLSEXT_TYPE_user_mapping:
878                 extname = "user mapping";
879                 break;
880
881                 case TLSEXT_TYPE_client_authz:
882                 extname = "client authz";
883                 break;
884
885                 case TLSEXT_TYPE_server_authz:
886                 extname = "server authz";
887                 break;
888
889                 case TLSEXT_TYPE_cert_type:
890                 extname = "cert type";
891                 break;
892
893                 case TLSEXT_TYPE_elliptic_curves:
894                 extname = "elliptic curves";
895                 break;
896
897                 case TLSEXT_TYPE_ec_point_formats:
898                 extname = "EC point formats";
899                 break;
900
901                 case TLSEXT_TYPE_srp:
902                 extname = "SRP";
903                 break;
904
905                 case TLSEXT_TYPE_signature_algorithms:
906                 extname = "signature algorithms";
907                 break;
908
909                 case TLSEXT_TYPE_use_srtp:
910                 extname = "use SRTP";
911                 break;
912
913                 case TLSEXT_TYPE_heartbeat:
914                 extname = "heartbeat";
915                 break;
916
917                 case TLSEXT_TYPE_session_ticket:
918                 extname = "session ticket";
919                 break;
920
921                 case TLSEXT_TYPE_renegotiate: 
922                 extname = "renegotiation info";
923                 break;
924
925 #ifdef TLSEXT_TYPE_opaque_prf_input
926                 case TLSEXT_TYPE_opaque_prf_input:
927                 extname = "opaque PRF input";
928                 break;
929 #endif
930 #ifdef TLSEXT_TYPE_next_proto_neg
931                 case TLSEXT_TYPE_next_proto_neg:
932                 extname = "next protocol";
933                 break;
934 #endif
935
936                 default:
937                 extname = "unknown";
938                 break;
939
940                 }
941         
942         BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n",
943                         client_server ? "server": "client",
944                         extname, type, len);
945         BIO_dump(bio, (char *)data, len);
946         (void)BIO_flush(bio);
947         }
948
949 int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)
950         {
951         unsigned char *buffer, result[EVP_MAX_MD_SIZE];
952         unsigned int length, resultlength;
953         union {
954                 struct sockaddr sa;
955                 struct sockaddr_in s4;
956 #if OPENSSL_USE_IPV6
957                 struct sockaddr_in6 s6;
958 #endif
959         } peer;
960
961         /* Initialize a random secret */
962         if (!cookie_initialized)
963                 {
964                 if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH))
965                         {
966                         BIO_printf(bio_err,"error setting random cookie secret\n");
967                         return 0;
968                         }
969                 cookie_initialized = 1;
970                 }
971
972         /* Read peer information */
973         (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
974
975         /* Create buffer with peer's address and port */
976         length = 0;
977         switch (peer.sa.sa_family)
978                 {
979         case AF_INET:
980                 length += sizeof(struct in_addr);
981                 length += sizeof(peer.s4.sin_port);
982                 break;
983 #if OPENSSL_USE_IPV6
984         case AF_INET6:
985                 length += sizeof(struct in6_addr);
986                 length += sizeof(peer.s6.sin6_port);
987                 break;
988 #endif
989         default:
990                 OPENSSL_assert(0);
991                 break;
992                 }
993         buffer = OPENSSL_malloc(length);
994
995         if (buffer == NULL)
996                 {
997                 BIO_printf(bio_err,"out of memory\n");
998                 return 0;
999                 }
1000
1001         switch (peer.sa.sa_family)
1002                 {
1003         case AF_INET:
1004                 memcpy(buffer,
1005                        &peer.s4.sin_port,
1006                        sizeof(peer.s4.sin_port));
1007                 memcpy(buffer + sizeof(peer.s4.sin_port),
1008                        &peer.s4.sin_addr,
1009                        sizeof(struct in_addr));
1010                 break;
1011 #if OPENSSL_USE_IPV6
1012         case AF_INET6:
1013                 memcpy(buffer,
1014                        &peer.s6.sin6_port,
1015                        sizeof(peer.s6.sin6_port));
1016                 memcpy(buffer + sizeof(peer.s6.sin6_port),
1017                        &peer.s6.sin6_addr,
1018                        sizeof(struct in6_addr));
1019                 break;
1020 #endif
1021         default:
1022                 OPENSSL_assert(0);
1023                 break;
1024                 }
1025
1026         /* Calculate HMAC of buffer using the secret */
1027         HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
1028              buffer, length, result, &resultlength);
1029         OPENSSL_free(buffer);
1030
1031         memcpy(cookie, result, resultlength);
1032         *cookie_len = resultlength;
1033
1034         return 1;
1035         }
1036
1037 int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)
1038         {
1039         unsigned char *buffer, result[EVP_MAX_MD_SIZE];
1040         unsigned int length, resultlength;
1041         union {
1042                 struct sockaddr sa;
1043                 struct sockaddr_in s4;
1044 #if OPENSSL_USE_IPV6
1045                 struct sockaddr_in6 s6;
1046 #endif
1047         } peer;
1048
1049         /* If secret isn't initialized yet, the cookie can't be valid */
1050         if (!cookie_initialized)
1051                 return 0;
1052
1053         /* Read peer information */
1054         (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
1055
1056         /* Create buffer with peer's address and port */
1057         length = 0;
1058         switch (peer.sa.sa_family)
1059                 {
1060         case AF_INET:
1061                 length += sizeof(struct in_addr);
1062                 length += sizeof(peer.s4.sin_port);
1063                 break;
1064 #if OPENSSL_USE_IPV6
1065         case AF_INET6:
1066                 length += sizeof(struct in6_addr);
1067                 length += sizeof(peer.s6.sin6_port);
1068                 break;
1069 #endif
1070         default:
1071                 OPENSSL_assert(0);
1072                 break;
1073                 }
1074         buffer = OPENSSL_malloc(length);
1075         
1076         if (buffer == NULL)
1077                 {
1078                 BIO_printf(bio_err,"out of memory\n");
1079                 return 0;
1080                 }
1081
1082         switch (peer.sa.sa_family)
1083                 {
1084         case AF_INET:
1085                 memcpy(buffer,
1086                        &peer.s4.sin_port,
1087                        sizeof(peer.s4.sin_port));
1088                 memcpy(buffer + sizeof(peer.s4.sin_port),
1089                        &peer.s4.sin_addr,
1090                        sizeof(struct in_addr));
1091                 break;
1092 #if OPENSSL_USE_IPV6
1093         case AF_INET6:
1094                 memcpy(buffer,
1095                        &peer.s6.sin6_port,
1096                        sizeof(peer.s6.sin6_port));
1097                 memcpy(buffer + sizeof(peer.s6.sin6_port),
1098                        &peer.s6.sin6_addr,
1099                        sizeof(struct in6_addr));
1100                 break;
1101 #endif
1102         default:
1103                 OPENSSL_assert(0);
1104                 break;
1105                 }
1106
1107         /* Calculate HMAC of buffer using the secret */
1108         HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
1109              buffer, length, result, &resultlength);
1110         OPENSSL_free(buffer);
1111
1112         if (cookie_len == resultlength && memcmp(result, cookie, resultlength) == 0)
1113                 return 1;
1114
1115         return 0;
1116         }
1117
1118 /* Example of extended certificate handling. Where the standard support
1119  * of one certificate per algorithm is not sufficient an application
1120  * can decide which certificate(s) to use at runtime based on whatever
1121  * criteria it deems appropriate.
1122  */
1123
1124 /* Linked list of certificates, keys and chains */
1125 struct  ssl_excert_st
1126         {
1127         int certform;
1128         const char *certfile;
1129         int keyform;
1130         const char *keyfile;
1131         const char *chainfile;
1132         X509 *cert;
1133         EVP_PKEY *key;
1134         STACK_OF(X509) *chain;
1135         int build_chain;
1136         struct ssl_excert_st *next, *prev;
1137         };
1138
1139 struct chain_flags
1140         {
1141         int flag;
1142         const char *name;
1143         };
1144
1145 struct chain_flags chain_flags_list[] =
1146         {
1147                 {CERT_PKEY_VALID, "Overall Validity"},
1148                 {CERT_PKEY_SIGN,  "Sign with EE key"},
1149                 {CERT_PKEY_EE_SIGNATURE, "EE signature"},
1150                 {CERT_PKEY_CA_SIGNATURE, "CA signature"},
1151                 {CERT_PKEY_EE_PARAM, "EE key parameters"},
1152                 {CERT_PKEY_CA_PARAM, "CA key parameters"},
1153                 {CERT_PKEY_EXPLICIT_SIGN,  "Explicity sign with EE key"},
1154                 {CERT_PKEY_ISSUER_NAME,  "Issuer Name"},
1155                 {CERT_PKEY_CERT_TYPE,  "Certificate Type"},
1156                 {0, NULL}
1157         };
1158
1159
1160 static void print_chain_flags(BIO *out, int flags)
1161         {
1162         struct chain_flags *ctmp = chain_flags_list;
1163         while(ctmp->name)
1164                 {
1165                 BIO_printf(out, "\t%s: %s\n", ctmp->name,
1166                                 flags & ctmp->flag ? "OK" : "NOT OK");
1167                 ctmp++;
1168                 }
1169         }
1170
1171 /* Very basic selection callback: just use any certificate chain
1172  * reported as valid. More sophisticated could prioritise according
1173  * to local policy.
1174  */
1175 static int set_cert_cb(SSL *ssl, void *arg)
1176         {
1177         int i, rv;
1178         SSL_EXCERT *exc = arg;
1179         SSL_certs_clear(ssl);
1180
1181         if (!exc)
1182                 return 1;
1183
1184         /* Go to end of list and traverse backwards since we prepend
1185          * newer entries this retains the original order.
1186          */
1187         while (exc->next)
1188                 exc = exc->next;
1189
1190         i = 0;  
1191
1192         while(exc)
1193                 {
1194                 i++;
1195                 rv = SSL_check_chain(ssl, exc->cert, exc->key, exc->chain);
1196                 BIO_printf(bio_err, "Checking cert chain %d:\nSubject: ", i);
1197                 X509_NAME_print_ex(bio_err, X509_get_subject_name(exc->cert), 0,
1198                                                         XN_FLAG_ONELINE);
1199                 BIO_puts(bio_err, "\n");
1200                 
1201                 print_chain_flags(bio_err, rv);
1202                 if (rv & CERT_PKEY_VALID)
1203                         {
1204                         SSL_use_certificate(ssl, exc->cert);
1205                         SSL_use_PrivateKey(ssl, exc->key);
1206                         /* NB: we wouldn't normally do this as it is
1207                          * not efficient building chains on each connection
1208                          * better to cache the chain in advance.
1209                          */
1210                         if (exc->build_chain)
1211                                 {
1212                                 if (!SSL_build_cert_chain(ssl, 0))
1213                                         return 0;
1214                                 }
1215                         else if (exc->chain)
1216                                 SSL_set1_chain(ssl, exc->chain);
1217                         }
1218                 exc = exc->prev;
1219                 }
1220         return 1;
1221         }
1222
1223 void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc)
1224         {
1225         SSL_CTX_set_cert_cb(ctx, set_cert_cb, exc);
1226         }
1227
1228 static int ssl_excert_prepend(SSL_EXCERT **pexc)
1229         {
1230         SSL_EXCERT *exc;
1231         exc = OPENSSL_malloc(sizeof(SSL_EXCERT));
1232         if (!exc)
1233                 return 0;
1234         exc->certfile = NULL;
1235         exc->keyfile = NULL;
1236         exc->chainfile = NULL;
1237         exc->cert = NULL;
1238         exc->key = NULL;
1239         exc->chain = NULL;
1240         exc->prev = NULL;
1241         exc->build_chain = 0;
1242
1243         exc->next = *pexc;
1244         *pexc = exc;
1245                         
1246         if (exc->next)
1247                 {
1248                 exc->certform = exc->next->certform;
1249                 exc->keyform = exc->next->keyform;
1250                 exc->next->prev = exc;
1251                 }
1252         else
1253                 {
1254                 exc->certform = FORMAT_PEM;
1255                 exc->keyform = FORMAT_PEM;
1256                 }
1257         return 1;
1258
1259         }
1260
1261 void ssl_excert_free(SSL_EXCERT *exc)
1262         {
1263         SSL_EXCERT *curr;
1264         while (exc)
1265                 {
1266                 if (exc->cert)
1267                         X509_free(exc->cert);
1268                 if (exc->key)
1269                         EVP_PKEY_free(exc->key);
1270                 if (exc->chain)
1271                         sk_X509_pop_free(exc->chain, X509_free);
1272                 curr = exc;
1273                 exc = exc->next;
1274                 OPENSSL_free(curr);
1275                 }
1276         }
1277
1278 int load_excert(SSL_EXCERT **pexc, BIO *err)
1279         {
1280         SSL_EXCERT *exc = *pexc;
1281         if (!exc)
1282                 return 1;
1283         /* If nothing in list, free and set to NULL */
1284         if (!exc->certfile && !exc->next)
1285                 {
1286                 ssl_excert_free(exc);
1287                 *pexc = NULL;
1288                 return 1;
1289                 }
1290         for(; exc; exc=exc->next)
1291                 {
1292                 if (!exc->certfile)
1293                         {
1294                         BIO_printf(err, "Missing filename\n");
1295                         return 0;
1296                         }
1297                 exc->cert = load_cert(err, exc->certfile, exc->certform,
1298                                         NULL, NULL, "Server Certificate");
1299                 if (!exc->cert)
1300                         return 0;
1301                 if (exc->keyfile)
1302                         exc->keyfile = exc->certfile;
1303                 exc->key = load_key(err, exc->certfile, exc->certform, 0,
1304                                         NULL, NULL, "Server Certificate");
1305                 if (!exc->key)
1306                         return 0;
1307                 if (exc->chainfile)
1308                         {
1309                         exc->chain = load_certs(err,
1310                                                 exc->chainfile, FORMAT_PEM,
1311                                                 NULL, NULL,
1312                                                 "Server Chain");
1313                         if (!exc->chainfile)
1314                                 return 0;
1315                         }
1316                 }
1317         return 1;
1318         }
1319                 
1320
1321 int args_excert(char ***pargs, int *pargc,
1322                         int *badarg, BIO *err, SSL_EXCERT **pexc)
1323         {
1324         char *arg = **pargs, *argn = (*pargs)[1];
1325         SSL_EXCERT *exc = *pexc;
1326         int narg = 2;
1327         if (!exc)
1328                 {
1329                 if (ssl_excert_prepend(&exc))
1330                         *pexc = exc;
1331                 else
1332                         {
1333                         BIO_printf(err, "Error initialising xcert\n");
1334                         *badarg = 1;
1335                         goto err;
1336                         }
1337                 }
1338         if (strcmp(arg, "-xcert") == 0)
1339                 {
1340                 if (!argn)
1341                         {
1342                         *badarg = 1;
1343                         return 1;
1344                         }
1345                 if (exc->certfile && !ssl_excert_prepend(&exc))
1346                         {
1347                         BIO_printf(err, "Error adding xcert\n");
1348                         *badarg = 1;
1349                         goto err;
1350                         }
1351                 exc->certfile = argn;
1352                 }
1353         else if (strcmp(arg,"-xkey") == 0)
1354                 {
1355                 if (!argn)
1356                         {
1357                         *badarg = 1;
1358                         return 1;
1359                         }
1360                 if (exc->keyfile)
1361                         {
1362                         BIO_printf(err, "Key already specified\n");
1363                         *badarg = 1;
1364                         return 1;
1365                         }
1366                 exc->keyfile = argn;
1367                 }
1368         else if (strcmp(arg,"-xchain") == 0)
1369                 {
1370                 if (!argn)
1371                         {
1372                         *badarg = 1;
1373                         return 1;
1374                         }
1375                 if (exc->chainfile)
1376                         {
1377                         BIO_printf(err, "Chain already specified\n");
1378                         *badarg = 1;
1379                         return 1;
1380                         }
1381                 exc->chainfile = argn;
1382                 }
1383         else if (strcmp(arg,"-xchain_build") == 0)
1384                 {
1385                 narg = 1;
1386                 exc->build_chain = 1;
1387                 }
1388         else if (strcmp(arg,"-xcertform") == 0)
1389                 {
1390                 if (!argn)
1391                         {
1392                         *badarg = 1;
1393                         goto err;
1394                         }
1395                 exc->certform = str2fmt(argn);
1396                 }
1397         else if (strcmp(arg,"-xkeyform") == 0)
1398                 {
1399                 if (!argn)
1400                         {
1401                         *badarg = 1;
1402                         goto err;
1403                         }
1404                 exc->keyform = str2fmt(argn);
1405                 }
1406         else
1407                 return 0;
1408
1409         (*pargs) += narg;
1410
1411         if (pargc)
1412                 *pargc -= narg;
1413
1414         *pexc = exc;
1415
1416         return 1;
1417
1418         err:
1419         ERR_print_errors(err);
1420         ssl_excert_free(exc);
1421         *pexc = NULL;
1422         return 1;
1423         }
1424