6c4c4057921aafc2872f9708d0210e3c0cb9d951
[openssl.git] / apps / s_cb.c
1 /* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer. 
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111
112 #include <stdio.h>
113 #include <stdlib.h>
114 #define USE_SOCKETS
115 #define NON_MAIN
116 #include "apps.h"
117 #undef NON_MAIN
118 #undef USE_SOCKETS
119 #include <openssl/err.h>
120 #include <openssl/rand.h>
121 #include <openssl/x509.h>
122 #include <openssl/ssl.h>
123 #include "s_apps.h"
124
125 #define COOKIE_SECRET_LENGTH    16
126
127 int verify_depth=0;
128 int verify_error=X509_V_OK;
129 int verify_return_error=0;
130 unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
131 int cookie_initialized=0;
132
133 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
134         {
135         X509 *err_cert;
136         int err,depth;
137
138         err_cert=X509_STORE_CTX_get_current_cert(ctx);
139         err=    X509_STORE_CTX_get_error(ctx);
140         depth=  X509_STORE_CTX_get_error_depth(ctx);
141
142         BIO_printf(bio_err,"depth=%d ",depth);
143         if (err_cert)
144                 {
145                 X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
146                                         0, XN_FLAG_ONELINE);
147                 BIO_puts(bio_err, "\n");
148                 }
149         else
150                 BIO_puts(bio_err, "<no cert>\n");
151         if (!ok)
152                 {
153                 BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
154                         X509_verify_cert_error_string(err));
155                 if (verify_depth >= depth)
156                         {
157                         if (!verify_return_error)
158                                 ok=1;
159                         verify_error=X509_V_OK;
160                         }
161                 else
162                         {
163                         ok=0;
164                         verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG;
165                         }
166                 }
167         switch (err)
168                 {
169         case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
170                 BIO_puts(bio_err,"issuer= ");
171                 X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
172                                         0, XN_FLAG_ONELINE);
173                 BIO_puts(bio_err, "\n");
174                 break;
175         case X509_V_ERR_CERT_NOT_YET_VALID:
176         case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
177                 BIO_printf(bio_err,"notBefore=");
178                 ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert));
179                 BIO_printf(bio_err,"\n");
180                 break;
181         case X509_V_ERR_CERT_HAS_EXPIRED:
182         case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
183                 BIO_printf(bio_err,"notAfter=");
184                 ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert));
185                 BIO_printf(bio_err,"\n");
186                 break;
187         case X509_V_ERR_NO_EXPLICIT_POLICY:
188                 policies_print(bio_err, ctx);
189                 break;
190                 }
191         if (err == X509_V_OK && ok == 2)
192                 policies_print(bio_err, ctx);
193
194         BIO_printf(bio_err,"verify return:%d\n",ok);
195         return(ok);
196         }
197
198 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
199         {
200         if (cert_file != NULL)
201                 {
202                 /*
203                 SSL *ssl;
204                 X509 *x509;
205                 */
206
207                 if (SSL_CTX_use_certificate_file(ctx,cert_file,
208                         SSL_FILETYPE_PEM) <= 0)
209                         {
210                         BIO_printf(bio_err,"unable to get certificate from '%s'\n",cert_file);
211                         ERR_print_errors(bio_err);
212                         return(0);
213                         }
214                 if (key_file == NULL) key_file=cert_file;
215                 if (SSL_CTX_use_PrivateKey_file(ctx,key_file,
216                         SSL_FILETYPE_PEM) <= 0)
217                         {
218                         BIO_printf(bio_err,"unable to get private key from '%s'\n",key_file);
219                         ERR_print_errors(bio_err);
220                         return(0);
221                         }
222
223                 /*
224                 In theory this is no longer needed 
225                 ssl=SSL_new(ctx);
226                 x509=SSL_get_certificate(ssl);
227
228                 if (x509 != NULL) {
229                         EVP_PKEY *pktmp;
230                         pktmp = X509_get_pubkey(x509);
231                         EVP_PKEY_copy_parameters(pktmp,
232                                                 SSL_get_privatekey(ssl));
233                         EVP_PKEY_free(pktmp);
234                 }
235                 SSL_free(ssl);
236                 */
237
238                 /* If we are using DSA, we can copy the parameters from
239                  * the private key */
240
241
242                 /* Now we know that a key and cert have been set against
243                  * the SSL context */
244                 if (!SSL_CTX_check_private_key(ctx))
245                         {
246                         BIO_printf(bio_err,"Private key does not match the certificate public key\n");
247                         return(0);
248                         }
249                 }
250         return(1);
251         }
252
253 int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
254                        STACK_OF(X509) *chain)
255         {
256         if (cert == NULL)
257                 return 1;
258         if (SSL_CTX_use_certificate(ctx,cert) <= 0)
259                 {
260                 BIO_printf(bio_err,"error setting certificate\n");
261                 ERR_print_errors(bio_err);
262                 return 0;
263                 }
264
265         if (SSL_CTX_use_PrivateKey(ctx,key) <= 0)
266                 {
267                 BIO_printf(bio_err,"error setting private key\n");
268                 ERR_print_errors(bio_err);
269                 return 0;
270                 }
271                  
272         /* Now we know that a key and cert have been set against
273          * the SSL context */
274         if (!SSL_CTX_check_private_key(ctx))
275                 {
276                 BIO_printf(bio_err,"Private key does not match the certificate public key\n");
277                 return 0;
278                 }
279         if (chain && !SSL_CTX_set1_chain(ctx, chain))
280                 {
281                 BIO_printf(bio_err,"error setting certificate chain\n");
282                 ERR_print_errors(bio_err);
283                 return 0;
284                 }
285         return 1;
286         }
287
288 static int do_print_sigalgs(BIO *out, SSL *s, int client, int shared)
289         {
290         int i, nsig;
291         if (shared)
292                 nsig = SSL_get_shared_sigalgs(s, -1, NULL, NULL, NULL,
293                                                         NULL, NULL);
294         else
295                 nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);
296         if (nsig == 0)
297                 return 1;
298
299         if (shared)
300                 BIO_puts(out, "Shared ");
301
302         if (client)
303                 BIO_puts(out, "Requested ");
304         BIO_puts(out, "Signature Algorithms: ");
305         for (i = 0; i < nsig; i++)
306                 {
307                 int hash_nid, sign_nid;
308                 unsigned char rhash, rsign;
309                 const char *sstr = NULL;
310                 if (shared)
311                         SSL_get_shared_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
312                                                         &rsign, &rhash);
313                 else
314                         SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
315                                                         &rsign, &rhash);
316                 if (i)
317                         BIO_puts(out, ":");
318                 if (sign_nid == EVP_PKEY_RSA)
319                         sstr = "RSA";
320                 else if(sign_nid == EVP_PKEY_DSA)
321                         sstr = "DSA";
322                 else if(sign_nid == EVP_PKEY_EC)
323                         sstr = "ECDSA";
324                 if (sstr)
325                         BIO_printf(out,"%s+", sstr);
326                 else
327                         BIO_printf(out,"0x%02X+", (int)rsign);
328                 if (hash_nid != NID_undef)
329                         BIO_printf(out, "%s", OBJ_nid2sn(hash_nid));
330                 else
331                         BIO_printf(out,"0x%02X", (int)rhash);
332                 }
333         BIO_puts(out, "\n");
334         return 1;
335         }
336
337 int ssl_print_sigalgs(BIO *out, SSL *s, int client)
338         {
339         do_print_sigalgs(out, s, client, 0);
340         do_print_sigalgs(out, s, client, 1);
341         return 1;
342         }
343
344 int ssl_print_curves(BIO *out, SSL *s)
345         {
346         int i, ncurves, *curves, nid;
347         const char *cname;
348         ncurves = SSL_get1_curves(s, NULL);
349         if (ncurves <= 0)
350                 return 1;
351         curves = OPENSSL_malloc(ncurves * sizeof(int));
352         SSL_get1_curves(s, curves);
353
354         BIO_puts(out, "Supported Elliptic Curves: ");
355         for (i = 0; i < ncurves; i++)
356                 {
357                 if (i)
358                         BIO_puts(out, ":");
359                 nid = curves[i];
360                 /* If unrecognised print out hex version */
361                 if (nid & TLSEXT_nid_unknown)
362                         BIO_printf(out, "0x%04X", nid & 0xFFFF);
363                 else
364                         {
365                         /* Use NIST name for curve if it exists */
366                         cname = EC_curve_nid2nist(nid);
367                         if (!cname)
368                                 cname = OBJ_nid2sn(nid);
369                         BIO_printf(out, "%s", cname);
370                         }
371                 }
372         BIO_puts(out, "\nShared Elliptic curves: ");
373         OPENSSL_free(curves);
374         ncurves = SSL_get_shared_curve(s, -1);
375         for (i = 0; i < ncurves; i++)
376                 {
377                 if (i)
378                         BIO_puts(out, ":");
379                 nid = SSL_get_shared_curve(s, i);
380                 cname = EC_curve_nid2nist(nid);
381                 if (!cname)
382                         cname = OBJ_nid2sn(nid);
383                 BIO_printf(out, "%s", cname);
384                 }
385         if (ncurves == 0)
386                 BIO_puts(out, "NONE");
387         BIO_puts(out, "\n");
388         return 1;
389         }
390
391
392 long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
393                                    int argi, long argl, long ret)
394         {
395         BIO *out;
396
397         out=(BIO *)BIO_get_callback_arg(bio);
398         if (out == NULL) return(ret);
399
400         if (cmd == (BIO_CB_READ|BIO_CB_RETURN))
401                 {
402                 BIO_printf(out,"read from %p [%p] (%lu bytes => %ld (0x%lX))\n",
403                         (void *)bio,argp,(unsigned long)argi,ret,ret);
404                 BIO_dump(out,argp,(int)ret);
405                 return(ret);
406                 }
407         else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
408                 {
409                 BIO_printf(out,"write to %p [%p] (%lu bytes => %ld (0x%lX))\n",
410                         (void *)bio,argp,(unsigned long)argi,ret,ret);
411                 BIO_dump(out,argp,(int)ret);
412                 }
413         return(ret);
414         }
415
416 void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret)
417         {
418         const char *str;
419         int w;
420
421         w=where& ~SSL_ST_MASK;
422
423         if (w & SSL_ST_CONNECT) str="SSL_connect";
424         else if (w & SSL_ST_ACCEPT) str="SSL_accept";
425         else str="undefined";
426
427         if (where & SSL_CB_LOOP)
428                 {
429                 BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s));
430                 }
431         else if (where & SSL_CB_ALERT)
432                 {
433                 str=(where & SSL_CB_READ)?"read":"write";
434                 BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n",
435                         str,
436                         SSL_alert_type_string_long(ret),
437                         SSL_alert_desc_string_long(ret));
438                 }
439         else if (where & SSL_CB_EXIT)
440                 {
441                 if (ret == 0)
442                         BIO_printf(bio_err,"%s:failed in %s\n",
443                                 str,SSL_state_string_long(s));
444                 else if (ret < 0)
445                         {
446                         BIO_printf(bio_err,"%s:error in %s\n",
447                                 str,SSL_state_string_long(s));
448                         }
449                 }
450         }
451
452
453 void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
454         {
455         BIO *bio = arg;
456         const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2= "";
457         
458         str_write_p = write_p ? ">>>" : "<<<";
459
460         switch (version)
461                 {
462         case SSL2_VERSION:
463                 str_version = "SSL 2.0";
464                 break;
465         case SSL3_VERSION:
466                 str_version = "SSL 3.0 ";
467                 break;
468         case TLS1_VERSION:
469                 str_version = "TLS 1.0 ";
470                 break;
471         case TLS1_1_VERSION:
472                 str_version = "TLS 1.1 ";
473                 break;
474         case TLS1_2_VERSION:
475                 str_version = "TLS 1.2 ";
476                 break;
477         case DTLS1_VERSION:
478                 str_version = "DTLS 1.0 ";
479                 break;
480         case DTLS1_BAD_VER:
481                 str_version = "DTLS 1.0 (bad) ";
482                 break;
483         default:
484                 str_version = "???";
485                 }
486
487         if (version == SSL2_VERSION)
488                 {
489                 str_details1 = "???";
490
491                 if (len > 0)
492                         {
493                         switch (((const unsigned char*)buf)[0])
494                                 {
495                                 case 0:
496                                         str_details1 = ", ERROR:";
497                                         str_details2 = " ???";
498                                         if (len >= 3)
499                                                 {
500                                                 unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2];
501                                                 
502                                                 switch (err)
503                                                         {
504                                                 case 0x0001:
505                                                         str_details2 = " NO-CIPHER-ERROR";
506                                                         break;
507                                                 case 0x0002:
508                                                         str_details2 = " NO-CERTIFICATE-ERROR";
509                                                         break;
510                                                 case 0x0004:
511                                                         str_details2 = " BAD-CERTIFICATE-ERROR";
512                                                         break;
513                                                 case 0x0006:
514                                                         str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR";
515                                                         break;
516                                                         }
517                                                 }
518
519                                         break;
520                                 case 1:
521                                         str_details1 = ", CLIENT-HELLO";
522                                         break;
523                                 case 2:
524                                         str_details1 = ", CLIENT-MASTER-KEY";
525                                         break;
526                                 case 3:
527                                         str_details1 = ", CLIENT-FINISHED";
528                                         break;
529                                 case 4:
530                                         str_details1 = ", SERVER-HELLO";
531                                         break;
532                                 case 5:
533                                         str_details1 = ", SERVER-VERIFY";
534                                         break;
535                                 case 6:
536                                         str_details1 = ", SERVER-FINISHED";
537                                         break;
538                                 case 7:
539                                         str_details1 = ", REQUEST-CERTIFICATE";
540                                         break;
541                                 case 8:
542                                         str_details1 = ", CLIENT-CERTIFICATE";
543                                         break;
544                                 }
545                         }
546                 }
547
548         if (version == SSL3_VERSION ||
549             version == TLS1_VERSION ||
550             version == DTLS1_VERSION ||
551             version == DTLS1_BAD_VER)
552                 {
553                 switch (content_type)
554                         {
555                 case 20:
556                         str_content_type = "ChangeCipherSpec";
557                         break;
558                 case 21:
559                         str_content_type = "Alert";
560                         break;
561                 case 22:
562                         str_content_type = "Handshake";
563                         break;
564                         }
565
566                 if (content_type == 21) /* Alert */
567                         {
568                         str_details1 = ", ???";
569                         
570                         if (len == 2)
571                                 {
572                                 switch (((const unsigned char*)buf)[0])
573                                         {
574                                 case 1:
575                                         str_details1 = ", warning";
576                                         break;
577                                 case 2:
578                                         str_details1 = ", fatal";
579                                         break;
580                                         }
581
582                                 str_details2 = " ???";
583                                 switch (((const unsigned char*)buf)[1])
584                                         {
585                                 case 0:
586                                         str_details2 = " close_notify";
587                                         break;
588                                 case 10:
589                                         str_details2 = " unexpected_message";
590                                         break;
591                                 case 20:
592                                         str_details2 = " bad_record_mac";
593                                         break;
594                                 case 21:
595                                         str_details2 = " decryption_failed";
596                                         break;
597                                 case 22:
598                                         str_details2 = " record_overflow";
599                                         break;
600                                 case 30:
601                                         str_details2 = " decompression_failure";
602                                         break;
603                                 case 40:
604                                         str_details2 = " handshake_failure";
605                                         break;
606                                 case 42:
607                                         str_details2 = " bad_certificate";
608                                         break;
609                                 case 43:
610                                         str_details2 = " unsupported_certificate";
611                                         break;
612                                 case 44:
613                                         str_details2 = " certificate_revoked";
614                                         break;
615                                 case 45:
616                                         str_details2 = " certificate_expired";
617                                         break;
618                                 case 46:
619                                         str_details2 = " certificate_unknown";
620                                         break;
621                                 case 47:
622                                         str_details2 = " illegal_parameter";
623                                         break;
624                                 case 48:
625                                         str_details2 = " unknown_ca";
626                                         break;
627                                 case 49:
628                                         str_details2 = " access_denied";
629                                         break;
630                                 case 50:
631                                         str_details2 = " decode_error";
632                                         break;
633                                 case 51:
634                                         str_details2 = " decrypt_error";
635                                         break;
636                                 case 60:
637                                         str_details2 = " export_restriction";
638                                         break;
639                                 case 70:
640                                         str_details2 = " protocol_version";
641                                         break;
642                                 case 71:
643                                         str_details2 = " insufficient_security";
644                                         break;
645                                 case 80:
646                                         str_details2 = " internal_error";
647                                         break;
648                                 case 90:
649                                         str_details2 = " user_canceled";
650                                         break;
651                                 case 100:
652                                         str_details2 = " no_renegotiation";
653                                         break;
654                                 case 110:
655                                         str_details2 = " unsupported_extension";
656                                         break;
657                                 case 111:
658                                         str_details2 = " certificate_unobtainable";
659                                         break;
660                                 case 112:
661                                         str_details2 = " unrecognized_name";
662                                         break;
663                                 case 113:
664                                         str_details2 = " bad_certificate_status_response";
665                                         break;
666                                 case 114:
667                                         str_details2 = " bad_certificate_hash_value";
668                                         break;
669                                 case 115:
670                                         str_details2 = " unknown_psk_identity";
671                                         break;
672                                         }
673                                 }
674                         }
675                 
676                 if (content_type == 22) /* Handshake */
677                         {
678                         str_details1 = "???";
679
680                         if (len > 0)
681                                 {
682                                 switch (((const unsigned char*)buf)[0])
683                                         {
684                                 case 0:
685                                         str_details1 = ", HelloRequest";
686                                         break;
687                                 case 1:
688                                         str_details1 = ", ClientHello";
689                                         break;
690                                 case 2:
691                                         str_details1 = ", ServerHello";
692                                         break;
693                                 case 3:
694                                         str_details1 = ", HelloVerifyRequest";
695                                         break;
696                                 case 11:
697                                         str_details1 = ", Certificate";
698                                         break;
699                                 case 12:
700                                         str_details1 = ", ServerKeyExchange";
701                                         break;
702                                 case 13:
703                                         str_details1 = ", CertificateRequest";
704                                         break;
705                                 case 14:
706                                         str_details1 = ", ServerHelloDone";
707                                         break;
708                                 case 15:
709                                         str_details1 = ", CertificateVerify";
710                                         break;
711                                 case 16:
712                                         str_details1 = ", ClientKeyExchange";
713                                         break;
714                                 case 20:
715                                         str_details1 = ", Finished";
716                                         break;
717                                         }
718                                 }
719                         }
720
721 #ifndef OPENSSL_NO_HEARTBEATS
722                 if (content_type == 24) /* Heartbeat */
723                         {
724                         str_details1 = ", Heartbeat";
725                         
726                         if (len > 0)
727                                 {
728                                 switch (((const unsigned char*)buf)[0])
729                                         {
730                                 case 1:
731                                         str_details1 = ", HeartbeatRequest";
732                                         break;
733                                 case 2:
734                                         str_details1 = ", HeartbeatResponse";
735                                         break;
736                                         }
737                                 }
738                         }
739 #endif
740                 }
741
742         BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long)len, str_details1, str_details2);
743
744         if (len > 0)
745                 {
746                 size_t num, i;
747                 
748                 BIO_printf(bio, "   ");
749                 num = len;
750 #if 0
751                 if (num > 16)
752                         num = 16;
753 #endif
754                 for (i = 0; i < num; i++)
755                         {
756                         if (i % 16 == 0 && i > 0)
757                                 BIO_printf(bio, "\n   ");
758                         BIO_printf(bio, " %02x", ((const unsigned char*)buf)[i]);
759                         }
760                 if (i < len)
761                         BIO_printf(bio, " ...");
762                 BIO_printf(bio, "\n");
763                 }
764         (void)BIO_flush(bio);
765         }
766
767 void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
768                                         unsigned char *data, int len,
769                                         void *arg)
770         {
771         BIO *bio = arg;
772         char *extname;
773
774         switch(type)
775                 {
776                 case TLSEXT_TYPE_server_name:
777                 extname = "server name";
778                 break;
779
780                 case TLSEXT_TYPE_max_fragment_length:
781                 extname = "max fragment length";
782                 break;
783
784                 case TLSEXT_TYPE_client_certificate_url:
785                 extname = "client certificate URL";
786                 break;
787
788                 case TLSEXT_TYPE_trusted_ca_keys:
789                 extname = "trusted CA keys";
790                 break;
791
792                 case TLSEXT_TYPE_truncated_hmac:
793                 extname = "truncated HMAC";
794                 break;
795
796                 case TLSEXT_TYPE_status_request:
797                 extname = "status request";
798                 break;
799
800                 case TLSEXT_TYPE_user_mapping:
801                 extname = "user mapping";
802                 break;
803
804                 case TLSEXT_TYPE_client_authz:
805                 extname = "client authz";
806                 break;
807
808                 case TLSEXT_TYPE_server_authz:
809                 extname = "server authz";
810                 break;
811
812                 case TLSEXT_TYPE_cert_type:
813                 extname = "cert type";
814                 break;
815
816                 case TLSEXT_TYPE_elliptic_curves:
817                 extname = "elliptic curves";
818                 break;
819
820                 case TLSEXT_TYPE_ec_point_formats:
821                 extname = "EC point formats";
822                 break;
823
824                 case TLSEXT_TYPE_srp:
825                 extname = "SRP";
826                 break;
827
828                 case TLSEXT_TYPE_signature_algorithms:
829                 extname = "signature algorithms";
830                 break;
831
832                 case TLSEXT_TYPE_use_srtp:
833                 extname = "use SRTP";
834                 break;
835
836                 case TLSEXT_TYPE_heartbeat:
837                 extname = "heartbeat";
838                 break;
839
840                 case TLSEXT_TYPE_session_ticket:
841                 extname = "session ticket";
842                 break;
843
844                 case TLSEXT_TYPE_renegotiate: 
845                 extname = "renegotiation info";
846                 break;
847
848 #ifdef TLSEXT_TYPE_opaque_prf_input
849                 case TLSEXT_TYPE_opaque_prf_input:
850                 extname = "opaque PRF input";
851                 break;
852 #endif
853 #ifdef TLSEXT_TYPE_next_proto_neg
854                 case TLSEXT_TYPE_next_proto_neg:
855                 extname = "next protocol";
856                 break;
857 #endif
858
859                 default:
860                 extname = "unknown";
861                 break;
862
863                 }
864         
865         BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n",
866                         client_server ? "server": "client",
867                         extname, type, len);
868         BIO_dump(bio, (char *)data, len);
869         (void)BIO_flush(bio);
870         }
871
872 int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)
873         {
874         unsigned char *buffer, result[EVP_MAX_MD_SIZE];
875         unsigned int length, resultlength;
876         union {
877                 struct sockaddr sa;
878                 struct sockaddr_in s4;
879 #if OPENSSL_USE_IPV6
880                 struct sockaddr_in6 s6;
881 #endif
882         } peer;
883
884         /* Initialize a random secret */
885         if (!cookie_initialized)
886                 {
887                 if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH))
888                         {
889                         BIO_printf(bio_err,"error setting random cookie secret\n");
890                         return 0;
891                         }
892                 cookie_initialized = 1;
893                 }
894
895         /* Read peer information */
896         (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
897
898         /* Create buffer with peer's address and port */
899         length = 0;
900         switch (peer.sa.sa_family)
901                 {
902         case AF_INET:
903                 length += sizeof(struct in_addr);
904                 length += sizeof(peer.s4.sin_port);
905                 break;
906 #if OPENSSL_USE_IPV6
907         case AF_INET6:
908                 length += sizeof(struct in6_addr);
909                 length += sizeof(peer.s6.sin6_port);
910                 break;
911 #endif
912         default:
913                 OPENSSL_assert(0);
914                 break;
915                 }
916         buffer = OPENSSL_malloc(length);
917
918         if (buffer == NULL)
919                 {
920                 BIO_printf(bio_err,"out of memory\n");
921                 return 0;
922                 }
923
924         switch (peer.sa.sa_family)
925                 {
926         case AF_INET:
927                 memcpy(buffer,
928                        &peer.s4.sin_port,
929                        sizeof(peer.s4.sin_port));
930                 memcpy(buffer + sizeof(peer.s4.sin_port),
931                        &peer.s4.sin_addr,
932                        sizeof(struct in_addr));
933                 break;
934 #if OPENSSL_USE_IPV6
935         case AF_INET6:
936                 memcpy(buffer,
937                        &peer.s6.sin6_port,
938                        sizeof(peer.s6.sin6_port));
939                 memcpy(buffer + sizeof(peer.s6.sin6_port),
940                        &peer.s6.sin6_addr,
941                        sizeof(struct in6_addr));
942                 break;
943 #endif
944         default:
945                 OPENSSL_assert(0);
946                 break;
947                 }
948
949         /* Calculate HMAC of buffer using the secret */
950         HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
951              buffer, length, result, &resultlength);
952         OPENSSL_free(buffer);
953
954         memcpy(cookie, result, resultlength);
955         *cookie_len = resultlength;
956
957         return 1;
958         }
959
960 int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)
961         {
962         unsigned char *buffer, result[EVP_MAX_MD_SIZE];
963         unsigned int length, resultlength;
964         union {
965                 struct sockaddr sa;
966                 struct sockaddr_in s4;
967 #if OPENSSL_USE_IPV6
968                 struct sockaddr_in6 s6;
969 #endif
970         } peer;
971
972         /* If secret isn't initialized yet, the cookie can't be valid */
973         if (!cookie_initialized)
974                 return 0;
975
976         /* Read peer information */
977         (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
978
979         /* Create buffer with peer's address and port */
980         length = 0;
981         switch (peer.sa.sa_family)
982                 {
983         case AF_INET:
984                 length += sizeof(struct in_addr);
985                 length += sizeof(peer.s4.sin_port);
986                 break;
987 #if OPENSSL_USE_IPV6
988         case AF_INET6:
989                 length += sizeof(struct in6_addr);
990                 length += sizeof(peer.s6.sin6_port);
991                 break;
992 #endif
993         default:
994                 OPENSSL_assert(0);
995                 break;
996                 }
997         buffer = OPENSSL_malloc(length);
998         
999         if (buffer == NULL)
1000                 {
1001                 BIO_printf(bio_err,"out of memory\n");
1002                 return 0;
1003                 }
1004
1005         switch (peer.sa.sa_family)
1006                 {
1007         case AF_INET:
1008                 memcpy(buffer,
1009                        &peer.s4.sin_port,
1010                        sizeof(peer.s4.sin_port));
1011                 memcpy(buffer + sizeof(peer.s4.sin_port),
1012                        &peer.s4.sin_addr,
1013                        sizeof(struct in_addr));
1014                 break;
1015 #if OPENSSL_USE_IPV6
1016         case AF_INET6:
1017                 memcpy(buffer,
1018                        &peer.s6.sin6_port,
1019                        sizeof(peer.s6.sin6_port));
1020                 memcpy(buffer + sizeof(peer.s6.sin6_port),
1021                        &peer.s6.sin6_addr,
1022                        sizeof(struct in6_addr));
1023                 break;
1024 #endif
1025         default:
1026                 OPENSSL_assert(0);
1027                 break;
1028                 }
1029
1030         /* Calculate HMAC of buffer using the secret */
1031         HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
1032              buffer, length, result, &resultlength);
1033         OPENSSL_free(buffer);
1034
1035         if (cookie_len == resultlength && memcmp(result, cookie, resultlength) == 0)
1036                 return 1;
1037
1038         return 0;
1039         }
1040
1041 /* Example of extended certificate handling. Where the standard support
1042  * of one certificate per algorithm is not sufficient an application
1043  * can decide which certificate(s) to use at runtime based on whatever
1044  * criteria it deems appropriate.
1045  */
1046
1047 /* Linked list of certificates, keys and chains */
1048 struct  ssl_excert_st
1049         {
1050         int certform;
1051         const char *certfile;
1052         int keyform;
1053         const char *keyfile;
1054         const char *chainfile;
1055         X509 *cert;
1056         EVP_PKEY *key;
1057         STACK_OF(X509) *chain;
1058         struct ssl_excert_st *next, *prev;
1059         };
1060
1061 /* Very basic selection callback: just use any certificate chain
1062  * reported as valid. More sophisticated could prioritise according
1063  * to local policy.
1064  */
1065 static int set_cert_cb(SSL *ssl, void *arg)
1066         {
1067         SSL_EXCERT *exc = arg;
1068         SSL_certs_clear(ssl);
1069
1070         if (!exc)
1071                 return 1;
1072
1073         /* Go to end of list and traverse backwards since we prepend
1074          * newer entries this retains the original order.
1075          */
1076         while (exc->next)
1077                 exc = exc->next;
1078         
1079         while(exc)
1080                 {
1081                 if (SSL_check_chain(ssl, exc->cert, exc->key, exc->chain))
1082                         {
1083                         SSL_use_certificate(ssl, exc->cert);
1084                         SSL_use_PrivateKey(ssl, exc->key);
1085                         if (exc->chain)
1086                                 SSL_set1_chain(ssl, exc->chain);
1087                         }
1088                 exc = exc->prev;
1089                 }
1090         return 1;
1091         }
1092
1093 void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc)
1094         {
1095         SSL_CTX_set_cert_cb(ctx, set_cert_cb, exc);
1096         }
1097
1098 static int ssl_excert_prepend(SSL_EXCERT **pexc)
1099         {
1100         SSL_EXCERT *exc;
1101         exc = OPENSSL_malloc(sizeof(SSL_EXCERT));
1102         if (!exc)
1103                 return 0;
1104         exc->certfile = NULL;
1105         exc->keyfile = NULL;
1106         exc->chainfile = NULL;
1107         exc->cert = NULL;
1108         exc->key = NULL;
1109         exc->chain = NULL;
1110         exc->prev = NULL;
1111
1112         exc->next = *pexc;
1113         *pexc = exc;
1114                         
1115         if (exc->next)
1116                 {
1117                 exc->certform = exc->next->certform;
1118                 exc->keyform = exc->next->keyform;
1119                 exc->next->prev = exc;
1120                 }
1121         else
1122                 {
1123                 exc->certform = FORMAT_PEM;
1124                 exc->keyform = FORMAT_PEM;
1125                 }
1126         return 1;
1127
1128         }
1129
1130 void ssl_excert_free(SSL_EXCERT *exc)
1131         {
1132         SSL_EXCERT *curr;
1133         while (exc)
1134                 {
1135                 if (exc->cert)
1136                         X509_free(exc->cert);
1137                 if (exc->key)
1138                         EVP_PKEY_free(exc->key);
1139                 if (exc->chain)
1140                         sk_X509_pop_free(exc->chain, X509_free);
1141                 curr = exc;
1142                 exc = exc->next;
1143                 OPENSSL_free(curr);
1144                 }
1145         }
1146
1147 int load_excert(SSL_EXCERT **pexc, BIO *err)
1148         {
1149         SSL_EXCERT *exc = *pexc;
1150         if (!exc)
1151                 return 1;
1152         /* If nothing in list, free and set to NULL */
1153         if (!exc->certfile && !exc->next)
1154                 {
1155                 ssl_excert_free(exc);
1156                 *pexc = NULL;
1157                 return 1;
1158                 }
1159         for(; exc; exc=exc->next)
1160                 {
1161                 if (!exc->certfile)
1162                         {
1163                         BIO_printf(err, "Missing filename\n");
1164                         return 0;
1165                         }
1166                 exc->cert = load_cert(err, exc->certfile, exc->certform,
1167                                         NULL, NULL, "Server Certificate");
1168                 if (!exc->cert)
1169                         return 0;
1170                 if (exc->keyfile)
1171                         exc->keyfile = exc->certfile;
1172                 exc->key = load_key(err, exc->certfile, exc->certform, 0,
1173                                         NULL, NULL, "Server Certificate");
1174                 if (!exc->key)
1175                         return 0;
1176                 if (exc->chainfile)
1177                         {
1178                         exc->chain = load_certs(err,
1179                                                 exc->chainfile, FORMAT_PEM,
1180                                                 NULL, NULL,
1181                                                 "Server Chain");
1182                         if (!exc->chainfile)
1183                                 return 0;
1184                         }
1185                 }
1186         return 1;
1187         }
1188                 
1189
1190 int args_excert(char ***pargs, int *pargc,
1191                         int *badarg, BIO *err, SSL_EXCERT **pexc)
1192         {
1193         char *arg = **pargs, *argn = (*pargs)[1];
1194         SSL_EXCERT *exc = *pexc;
1195         if (!exc)
1196                 {
1197                 if (ssl_excert_prepend(&exc))
1198                         *pexc = exc;
1199                 else
1200                         {
1201                         BIO_printf(err, "Error initialising xcert\n");
1202                         *badarg = 1;
1203                         goto err;
1204                         }
1205                 }
1206         if (strcmp(arg, "-xcert") == 0)
1207                 {
1208                 if (!argn)
1209                         {
1210                         *badarg = 1;
1211                         return 1;
1212                         }
1213                 if (exc->certfile && !ssl_excert_prepend(&exc))
1214                         {
1215                         BIO_printf(err, "Error adding xcert\n");
1216                         *badarg = 1;
1217                         goto err;
1218                         }
1219                 exc->certfile = argn;
1220                 }
1221         else if (strcmp(arg,"-xkey") == 0)
1222                 {
1223                 if (!argn)
1224                         {
1225                         *badarg = 1;
1226                         return 1;
1227                         }
1228                 if (exc->keyfile)
1229                         {
1230                         BIO_printf(err, "Key already specified\n");
1231                         *badarg = 1;
1232                         return 1;
1233                         }
1234                 exc->keyfile = argn;
1235                 }
1236         else if (strcmp(arg,"-xchain") == 0)
1237                 {
1238                 if (!argn)
1239                         {
1240                         *badarg = 1;
1241                         return 1;
1242                         }
1243                 if (exc->chainfile)
1244                         {
1245                         BIO_printf(err, "Chain already specified\n");
1246                         *badarg = 1;
1247                         return 1;
1248                         }
1249                 exc->chainfile = argn;
1250                 }
1251         else if (strcmp(arg,"-xcertform") == 0)
1252                 {
1253                 if (!argn)
1254                         {
1255                         *badarg = 1;
1256                         goto err;
1257                         }
1258                 exc->certform = str2fmt(argn);
1259                 }
1260         else if (strcmp(arg,"-xkeyform") == 0)
1261                 {
1262                 if (!argn)
1263                         {
1264                         *badarg = 1;
1265                         goto err;
1266                         }
1267                 exc->keyform = str2fmt(argn);
1268                 }
1269         else
1270                 return 0;
1271
1272         (*pargs) += 2;
1273
1274         if (pargc)
1275                 *pargc -= 2;
1276
1277         *pexc = exc;
1278
1279         return 1;
1280
1281         err:
1282         ERR_print_errors(err);
1283         ssl_excert_free(exc);
1284         *pexc = NULL;
1285         return 1;
1286         }
1287