Initialize num properly.
[openssl.git] / apps / s_cb.c
1 /* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer. 
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111
112 #include <stdio.h>
113 #include <stdlib.h>
114 #define USE_SOCKETS
115 #define NON_MAIN
116 #include "apps.h"
117 #undef NON_MAIN
118 #undef USE_SOCKETS
119 #include <openssl/err.h>
120 #include <openssl/rand.h>
121 #include <openssl/x509.h>
122 #include <openssl/ssl.h>
123 #include <openssl/bn.h>
124 #ifndef OPENSSL_NO_DH
125 #include <openssl/dh.h>
126 #endif
127 #include "s_apps.h"
128
129 #define COOKIE_SECRET_LENGTH    16
130
131 int verify_depth=0;
132 int verify_quiet=0;
133 int verify_error=X509_V_OK;
134 int verify_return_error=0;
135 unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
136 int cookie_initialized=0;
137
138 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
139         {
140         X509 *err_cert;
141         int err,depth;
142
143         err_cert=X509_STORE_CTX_get_current_cert(ctx);
144         err=    X509_STORE_CTX_get_error(ctx);
145         depth=  X509_STORE_CTX_get_error_depth(ctx);
146
147         if (!verify_quiet || !ok)
148                 {
149                 BIO_printf(bio_err,"depth=%d ",depth);
150                 if (err_cert)
151                         {
152                         X509_NAME_print_ex(bio_err,
153                                         X509_get_subject_name(err_cert),
154                                         0, XN_FLAG_ONELINE);
155                         BIO_puts(bio_err, "\n");
156                         }
157                 else
158                         BIO_puts(bio_err, "<no cert>\n");
159                 }
160         if (!ok)
161                 {
162                 BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
163                         X509_verify_cert_error_string(err));
164                 if (verify_depth >= depth)
165                         {
166                         if (!verify_return_error)
167                                 ok=1;
168                         verify_error=X509_V_OK;
169                         }
170                 else
171                         {
172                         ok=0;
173                         verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG;
174                         }
175                 }
176         switch (err)
177                 {
178         case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
179                 BIO_puts(bio_err,"issuer= ");
180                 X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
181                                         0, XN_FLAG_ONELINE);
182                 BIO_puts(bio_err, "\n");
183                 break;
184         case X509_V_ERR_CERT_NOT_YET_VALID:
185         case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
186                 BIO_printf(bio_err,"notBefore=");
187                 ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert));
188                 BIO_printf(bio_err,"\n");
189                 break;
190         case X509_V_ERR_CERT_HAS_EXPIRED:
191         case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
192                 BIO_printf(bio_err,"notAfter=");
193                 ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert));
194                 BIO_printf(bio_err,"\n");
195                 break;
196         case X509_V_ERR_NO_EXPLICIT_POLICY:
197                 if (!verify_quiet)
198                         policies_print(bio_err, ctx);
199                 break;
200                 }
201         if (err == X509_V_OK && ok == 2 && !verify_quiet)
202                 policies_print(bio_err, ctx);
203         if (ok && !verify_quiet)
204                 BIO_printf(bio_err,"verify return:%d\n",ok);
205         return(ok);
206         }
207
208 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
209         {
210         if (cert_file != NULL)
211                 {
212                 /*
213                 SSL *ssl;
214                 X509 *x509;
215                 */
216
217                 if (SSL_CTX_use_certificate_file(ctx,cert_file,
218                         SSL_FILETYPE_PEM) <= 0)
219                         {
220                         BIO_printf(bio_err,"unable to get certificate from '%s'\n",cert_file);
221                         ERR_print_errors(bio_err);
222                         return(0);
223                         }
224                 if (key_file == NULL) key_file=cert_file;
225                 if (SSL_CTX_use_PrivateKey_file(ctx,key_file,
226                         SSL_FILETYPE_PEM) <= 0)
227                         {
228                         BIO_printf(bio_err,"unable to get private key from '%s'\n",key_file);
229                         ERR_print_errors(bio_err);
230                         return(0);
231                         }
232
233                 /*
234                 In theory this is no longer needed 
235                 ssl=SSL_new(ctx);
236                 x509=SSL_get_certificate(ssl);
237
238                 if (x509 != NULL) {
239                         EVP_PKEY *pktmp;
240                         pktmp = X509_get_pubkey(x509);
241                         EVP_PKEY_copy_parameters(pktmp,
242                                                 SSL_get_privatekey(ssl));
243                         EVP_PKEY_free(pktmp);
244                 }
245                 SSL_free(ssl);
246                 */
247
248                 /* If we are using DSA, we can copy the parameters from
249                  * the private key */
250
251
252                 /* Now we know that a key and cert have been set against
253                  * the SSL context */
254                 if (!SSL_CTX_check_private_key(ctx))
255                         {
256                         BIO_printf(bio_err,"Private key does not match the certificate public key\n");
257                         return(0);
258                         }
259                 }
260         return(1);
261         }
262
263 int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
264                        STACK_OF(X509) *chain, int build_chain)
265         {
266         int chflags = chain ? SSL_BUILD_CHAIN_FLAG_CHECK : 0;
267         if (cert == NULL)
268                 return 1;
269         if (SSL_CTX_use_certificate(ctx,cert) <= 0)
270                 {
271                 BIO_printf(bio_err,"error setting certificate\n");
272                 ERR_print_errors(bio_err);
273                 return 0;
274                 }
275
276         if (SSL_CTX_use_PrivateKey(ctx,key) <= 0)
277                 {
278                 BIO_printf(bio_err,"error setting private key\n");
279                 ERR_print_errors(bio_err);
280                 return 0;
281                 }
282                  
283         /* Now we know that a key and cert have been set against
284          * the SSL context */
285         if (!SSL_CTX_check_private_key(ctx))
286                 {
287                 BIO_printf(bio_err,"Private key does not match the certificate public key\n");
288                 return 0;
289                 }
290         if (chain && !SSL_CTX_set1_chain(ctx, chain))
291                 {
292                 BIO_printf(bio_err,"error setting certificate chain\n");
293                 ERR_print_errors(bio_err);
294                 return 0;
295                 }
296         if (build_chain && !SSL_CTX_build_cert_chain(ctx, chflags))
297                 {
298                 BIO_printf(bio_err,"error building certificate chain\n");
299                 ERR_print_errors(bio_err);
300                 return 0;
301                 }
302         return 1;
303         }
304
305 static void ssl_print_client_cert_types(BIO *bio, SSL *s)
306         {
307         const unsigned char *p;
308         int i;
309         int cert_type_num = SSL_get0_certificate_types(s, &p);
310         if (!cert_type_num)
311                 return;
312         BIO_puts(bio, "Client Certificate Types: ");
313         for (i = 0; i < cert_type_num; i++)
314                 {
315                 unsigned char cert_type = p[i];
316                 char *cname;
317                 switch(cert_type)
318                         {
319                 case TLS_CT_RSA_SIGN:
320                         cname = "RSA sign";
321                         break;
322
323                 case TLS_CT_DSS_SIGN:
324                         cname = "DSA sign";
325                         break;
326
327                 case TLS_CT_RSA_FIXED_DH:
328                         cname = "RSA fixed DH";
329                         break;
330
331                 case TLS_CT_DSS_FIXED_DH:
332                         cname = "DSS fixed DH";
333                         break;
334
335                 case TLS_CT_ECDSA_SIGN:
336                         cname = "ECDSA sign";
337                         break;
338
339                 case TLS_CT_RSA_FIXED_ECDH:
340                         cname = "RSA fixed ECDH";
341                         break;
342
343                 case TLS_CT_ECDSA_FIXED_ECDH:
344                         cname = "ECDSA fixed ECDH";
345                         break;
346
347                 case TLS_CT_GOST94_SIGN:
348                         cname = "GOST94 Sign";
349                         break;
350
351                 case TLS_CT_GOST01_SIGN:
352                         cname = "GOST01 Sign";
353                         break;
354
355                 default:
356                          cname = NULL;
357                         }
358
359                 if (i)
360                         BIO_puts(bio, ", ");
361
362                 if (cname)
363                         BIO_puts(bio, cname);
364                 else
365                         BIO_printf(bio, "UNKNOWN (%d),", cert_type);
366                 }
367         BIO_puts(bio, "\n");
368         }
369
370 static int do_print_sigalgs(BIO *out, SSL *s, int shared)
371         {
372         int i, nsig, client;
373         client = SSL_is_server(s) ? 0 : 1;
374         if (shared)
375                 nsig = SSL_get_shared_sigalgs(s, -1, NULL, NULL, NULL,
376                                                         NULL, NULL);
377         else
378                 nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);
379         if (nsig == 0)
380                 return 1;
381
382         if (shared)
383                 BIO_puts(out, "Shared ");
384
385         if (client)
386                 BIO_puts(out, "Requested ");
387         BIO_puts(out, "Signature Algorithms: ");
388         for (i = 0; i < nsig; i++)
389                 {
390                 int hash_nid, sign_nid;
391                 unsigned char rhash, rsign;
392                 const char *sstr = NULL;
393                 if (shared)
394                         SSL_get_shared_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
395                                                         &rsign, &rhash);
396                 else
397                         SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
398                                                         &rsign, &rhash);
399                 if (i)
400                         BIO_puts(out, ":");
401                 if (sign_nid == EVP_PKEY_RSA)
402                         sstr = "RSA";
403                 else if(sign_nid == EVP_PKEY_DSA)
404                         sstr = "DSA";
405                 else if(sign_nid == EVP_PKEY_EC)
406                         sstr = "ECDSA";
407                 if (sstr)
408                         BIO_printf(out,"%s+", sstr);
409                 else
410                         BIO_printf(out,"0x%02X+", (int)rsign);
411                 if (hash_nid != NID_undef)
412                         BIO_printf(out, "%s", OBJ_nid2sn(hash_nid));
413                 else
414                         BIO_printf(out,"0x%02X", (int)rhash);
415                 }
416         BIO_puts(out, "\n");
417         return 1;
418         }
419
420 int ssl_print_sigalgs(BIO *out, SSL *s)
421         {
422         int mdnid;
423         if (!SSL_is_server(s))
424                 ssl_print_client_cert_types(out, s);
425         do_print_sigalgs(out, s, 0);
426         do_print_sigalgs(out, s, 1);
427         if (SSL_get_peer_signature_nid(s, &mdnid))
428                 BIO_printf(out, "Peer signing digest: %s\n", OBJ_nid2sn(mdnid));
429         return 1;
430         }
431 #ifndef OPENSSL_NO_EC
432 int ssl_print_point_formats(BIO *out, SSL *s)
433         {
434         int i, nformats;
435         const char *pformats;
436         nformats = SSL_get0_ec_point_formats(s, &pformats);
437         if (nformats <= 0)
438                 return 1;
439         BIO_puts(out, "Supported Elliptic Curve Point Formats: ");
440         for (i = 0; i < nformats; i++, pformats++)
441                 {
442                 if (i)
443                         BIO_puts(out, ":");
444                 switch(*pformats)
445                         {
446                 case TLSEXT_ECPOINTFORMAT_uncompressed:
447                         BIO_puts(out, "uncompressed");
448                         break;
449
450                 case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime:
451                         BIO_puts(out, "ansiX962_compressed_prime");
452                         break;
453
454                 case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2:
455                         BIO_puts(out, "ansiX962_compressed_char2");
456                         break;
457
458                 default:
459                         BIO_printf(out, "unknown(%d)", (int)*pformats);
460                         break;
461
462                         }
463                 }
464         if (nformats <= 0)
465                 BIO_puts(out, "NONE");
466         BIO_puts(out, "\n");
467         return 1;
468         }
469
470 int ssl_print_curves(BIO *out, SSL *s, int noshared)
471         {
472         int i, ncurves, *curves, nid;
473         const char *cname;
474         ncurves = SSL_get1_curves(s, NULL);
475         if (ncurves <= 0)
476                 return 1;
477         curves = OPENSSL_malloc(ncurves * sizeof(int));
478         SSL_get1_curves(s, curves);
479
480         BIO_puts(out, "Supported Elliptic Curves: ");
481         for (i = 0; i < ncurves; i++)
482                 {
483                 if (i)
484                         BIO_puts(out, ":");
485                 nid = curves[i];
486                 /* If unrecognised print out hex version */
487                 if (nid & TLSEXT_nid_unknown)
488                         BIO_printf(out, "0x%04X", nid & 0xFFFF);
489                 else
490                         {
491                         /* Use NIST name for curve if it exists */
492                         cname = EC_curve_nid2nist(nid);
493                         if (!cname)
494                                 cname = OBJ_nid2sn(nid);
495                         BIO_printf(out, "%s", cname);
496                         }
497                 }
498         if (ncurves == 0)
499                 BIO_puts(out, "NONE");
500         OPENSSL_free(curves);
501         if (noshared)
502                 {
503                 BIO_puts(out, "\n");
504                 return 1;
505                 }
506         BIO_puts(out, "\nShared Elliptic curves: ");
507         ncurves = SSL_get_shared_curve(s, -1);
508         for (i = 0; i < ncurves; i++)
509                 {
510                 if (i)
511                         BIO_puts(out, ":");
512                 nid = SSL_get_shared_curve(s, i);
513                 cname = EC_curve_nid2nist(nid);
514                 if (!cname)
515                         cname = OBJ_nid2sn(nid);
516                 BIO_printf(out, "%s", cname);
517                 }
518         if (ncurves == 0)
519                 BIO_puts(out, "NONE");
520         BIO_puts(out, "\n");
521         return 1;
522         }
523 #endif
524 int ssl_print_tmp_key(BIO *out, SSL *s)
525         {
526         EVP_PKEY *key;
527         if (!SSL_get_server_tmp_key(s, &key))
528                 return 1;
529         BIO_puts(out, "Server Temp Key: ");
530         switch (EVP_PKEY_id(key))
531                 {
532         case EVP_PKEY_RSA:
533                 BIO_printf(out, "RSA, %d bits\n", EVP_PKEY_bits(key));
534                 break;
535
536         case EVP_PKEY_DH:
537                 BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key));
538                 break;
539 #ifndef OPENSSL_NO_ECDH
540         case EVP_PKEY_EC:
541                         {
542                         EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
543                         int nid;
544                         const char *cname;
545                         nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
546                         EC_KEY_free(ec);
547                         cname = EC_curve_nid2nist(nid);
548                         if (!cname)
549                                 cname = OBJ_nid2sn(nid);
550                         BIO_printf(out, "ECDH, %s, %d bits\n",
551                                                 cname, EVP_PKEY_bits(key));
552                         }
553 #endif
554                 }
555         EVP_PKEY_free(key);
556         return 1;
557         }
558                 
559
560 long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
561                                    int argi, long argl, long ret)
562         {
563         BIO *out;
564
565         out=(BIO *)BIO_get_callback_arg(bio);
566         if (out == NULL) return(ret);
567
568         if (cmd == (BIO_CB_READ|BIO_CB_RETURN))
569                 {
570                 BIO_printf(out,"read from %p [%p] (%lu bytes => %ld (0x%lX))\n",
571                         (void *)bio,argp,(unsigned long)argi,ret,ret);
572                 BIO_dump(out,argp,(int)ret);
573                 return(ret);
574                 }
575         else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
576                 {
577                 BIO_printf(out,"write to %p [%p] (%lu bytes => %ld (0x%lX))\n",
578                         (void *)bio,argp,(unsigned long)argi,ret,ret);
579                 BIO_dump(out,argp,(int)ret);
580                 }
581         return(ret);
582         }
583
584 void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret)
585         {
586         const char *str;
587         int w;
588
589         w=where& ~SSL_ST_MASK;
590
591         if (w & SSL_ST_CONNECT) str="SSL_connect";
592         else if (w & SSL_ST_ACCEPT) str="SSL_accept";
593         else str="undefined";
594
595         if (where & SSL_CB_LOOP)
596                 {
597                 BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s));
598                 }
599         else if (where & SSL_CB_ALERT)
600                 {
601                 str=(where & SSL_CB_READ)?"read":"write";
602                 BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n",
603                         str,
604                         SSL_alert_type_string_long(ret),
605                         SSL_alert_desc_string_long(ret));
606                 }
607         else if (where & SSL_CB_EXIT)
608                 {
609                 if (ret == 0)
610                         BIO_printf(bio_err,"%s:failed in %s\n",
611                                 str,SSL_state_string_long(s));
612                 else if (ret < 0)
613                         {
614                         BIO_printf(bio_err,"%s:error in %s\n",
615                                 str,SSL_state_string_long(s));
616                         }
617                 }
618         }
619
620 static const char *ssl_version_str(int version)
621         {
622         switch (version)
623                 {
624         case SSL2_VERSION:
625                 return "SSL 2.0";
626         case SSL3_VERSION:
627                 return "SSL 3.0";
628         case TLS1_VERSION:
629                 return "TLS 1.0";
630         case TLS1_1_VERSION:
631                 return "TLS 1.1";
632         case TLS1_2_VERSION:
633                 return "TLS 1.2";
634         case DTLS1_VERSION:
635                 return "DTLS 1.0";
636         case DTLS1_BAD_VER:
637                 return "DTLS 1.0 (bad)";
638         default:
639                 return "???";
640                 }
641         }
642
643 void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
644         {
645         BIO *bio = arg;
646         const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2= "";
647         
648         str_write_p = write_p ? ">>>" : "<<<";
649
650         str_version = ssl_version_str(version);
651
652         if (version == SSL2_VERSION)
653                 {
654                 str_details1 = "???";
655
656                 if (len > 0)
657                         {
658                         switch (((const unsigned char*)buf)[0])
659                                 {
660                                 case 0:
661                                         str_details1 = ", ERROR:";
662                                         str_details2 = " ???";
663                                         if (len >= 3)
664                                                 {
665                                                 unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2];
666                                                 
667                                                 switch (err)
668                                                         {
669                                                 case 0x0001:
670                                                         str_details2 = " NO-CIPHER-ERROR";
671                                                         break;
672                                                 case 0x0002:
673                                                         str_details2 = " NO-CERTIFICATE-ERROR";
674                                                         break;
675                                                 case 0x0004:
676                                                         str_details2 = " BAD-CERTIFICATE-ERROR";
677                                                         break;
678                                                 case 0x0006:
679                                                         str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR";
680                                                         break;
681                                                         }
682                                                 }
683
684                                         break;
685                                 case 1:
686                                         str_details1 = ", CLIENT-HELLO";
687                                         break;
688                                 case 2:
689                                         str_details1 = ", CLIENT-MASTER-KEY";
690                                         break;
691                                 case 3:
692                                         str_details1 = ", CLIENT-FINISHED";
693                                         break;
694                                 case 4:
695                                         str_details1 = ", SERVER-HELLO";
696                                         break;
697                                 case 5:
698                                         str_details1 = ", SERVER-VERIFY";
699                                         break;
700                                 case 6:
701                                         str_details1 = ", SERVER-FINISHED";
702                                         break;
703                                 case 7:
704                                         str_details1 = ", REQUEST-CERTIFICATE";
705                                         break;
706                                 case 8:
707                                         str_details1 = ", CLIENT-CERTIFICATE";
708                                         break;
709                                 }
710                         }
711                 }
712
713         if (version == SSL3_VERSION ||
714             version == TLS1_VERSION ||
715             version == TLS1_1_VERSION ||
716             version == TLS1_2_VERSION ||
717             version == DTLS1_VERSION ||
718             version == DTLS1_BAD_VER)
719                 {
720                 switch (content_type)
721                         {
722                 case 20:
723                         str_content_type = "ChangeCipherSpec";
724                         break;
725                 case 21:
726                         str_content_type = "Alert";
727                         break;
728                 case 22:
729                         str_content_type = "Handshake";
730                         break;
731                         }
732
733                 if (content_type == 21) /* Alert */
734                         {
735                         str_details1 = ", ???";
736                         
737                         if (len == 2)
738                                 {
739                                 switch (((const unsigned char*)buf)[0])
740                                         {
741                                 case 1:
742                                         str_details1 = ", warning";
743                                         break;
744                                 case 2:
745                                         str_details1 = ", fatal";
746                                         break;
747                                         }
748
749                                 str_details2 = " ???";
750                                 switch (((const unsigned char*)buf)[1])
751                                         {
752                                 case 0:
753                                         str_details2 = " close_notify";
754                                         break;
755                                 case 10:
756                                         str_details2 = " unexpected_message";
757                                         break;
758                                 case 20:
759                                         str_details2 = " bad_record_mac";
760                                         break;
761                                 case 21:
762                                         str_details2 = " decryption_failed";
763                                         break;
764                                 case 22:
765                                         str_details2 = " record_overflow";
766                                         break;
767                                 case 30:
768                                         str_details2 = " decompression_failure";
769                                         break;
770                                 case 40:
771                                         str_details2 = " handshake_failure";
772                                         break;
773                                 case 42:
774                                         str_details2 = " bad_certificate";
775                                         break;
776                                 case 43:
777                                         str_details2 = " unsupported_certificate";
778                                         break;
779                                 case 44:
780                                         str_details2 = " certificate_revoked";
781                                         break;
782                                 case 45:
783                                         str_details2 = " certificate_expired";
784                                         break;
785                                 case 46:
786                                         str_details2 = " certificate_unknown";
787                                         break;
788                                 case 47:
789                                         str_details2 = " illegal_parameter";
790                                         break;
791                                 case 48:
792                                         str_details2 = " unknown_ca";
793                                         break;
794                                 case 49:
795                                         str_details2 = " access_denied";
796                                         break;
797                                 case 50:
798                                         str_details2 = " decode_error";
799                                         break;
800                                 case 51:
801                                         str_details2 = " decrypt_error";
802                                         break;
803                                 case 60:
804                                         str_details2 = " export_restriction";
805                                         break;
806                                 case 70:
807                                         str_details2 = " protocol_version";
808                                         break;
809                                 case 71:
810                                         str_details2 = " insufficient_security";
811                                         break;
812                                 case 80:
813                                         str_details2 = " internal_error";
814                                         break;
815                                 case 90:
816                                         str_details2 = " user_canceled";
817                                         break;
818                                 case 100:
819                                         str_details2 = " no_renegotiation";
820                                         break;
821                                 case 110:
822                                         str_details2 = " unsupported_extension";
823                                         break;
824                                 case 111:
825                                         str_details2 = " certificate_unobtainable";
826                                         break;
827                                 case 112:
828                                         str_details2 = " unrecognized_name";
829                                         break;
830                                 case 113:
831                                         str_details2 = " bad_certificate_status_response";
832                                         break;
833                                 case 114:
834                                         str_details2 = " bad_certificate_hash_value";
835                                         break;
836                                 case 115:
837                                         str_details2 = " unknown_psk_identity";
838                                         break;
839                                         }
840                                 }
841                         }
842                 
843                 if (content_type == 22) /* Handshake */
844                         {
845                         str_details1 = "???";
846
847                         if (len > 0)
848                                 {
849                                 switch (((const unsigned char*)buf)[0])
850                                         {
851                                 case 0:
852                                         str_details1 = ", HelloRequest";
853                                         break;
854                                 case 1:
855                                         str_details1 = ", ClientHello";
856                                         break;
857                                 case 2:
858                                         str_details1 = ", ServerHello";
859                                         break;
860                                 case 3:
861                                         str_details1 = ", HelloVerifyRequest";
862                                         break;
863                                 case 11:
864                                         str_details1 = ", Certificate";
865                                         break;
866                                 case 12:
867                                         str_details1 = ", ServerKeyExchange";
868                                         break;
869                                 case 13:
870                                         str_details1 = ", CertificateRequest";
871                                         break;
872                                 case 14:
873                                         str_details1 = ", ServerHelloDone";
874                                         break;
875                                 case 15:
876                                         str_details1 = ", CertificateVerify";
877                                         break;
878                                 case 16:
879                                         str_details1 = ", ClientKeyExchange";
880                                         break;
881                                 case 20:
882                                         str_details1 = ", Finished";
883                                         break;
884                                 case 23:
885                                         str_details1 = ", SupplementalData";
886                                         break;
887                                         }
888                                 }
889                         }
890
891 #ifndef OPENSSL_NO_HEARTBEATS
892                 if (content_type == 24) /* Heartbeat */
893                         {
894                         str_details1 = ", Heartbeat";
895                         
896                         if (len > 0)
897                                 {
898                                 switch (((const unsigned char*)buf)[0])
899                                         {
900                                 case 1:
901                                         str_details1 = ", HeartbeatRequest";
902                                         break;
903                                 case 2:
904                                         str_details1 = ", HeartbeatResponse";
905                                         break;
906                                         }
907                                 }
908                         }
909 #endif
910                 }
911
912         BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long)len, str_details1, str_details2);
913
914         if (len > 0)
915                 {
916                 size_t num, i;
917                 
918                 BIO_printf(bio, "   ");
919                 num = len;
920 #if 0
921                 if (num > 16)
922                         num = 16;
923 #endif
924                 for (i = 0; i < num; i++)
925                         {
926                         if (i % 16 == 0 && i > 0)
927                                 BIO_printf(bio, "\n   ");
928                         BIO_printf(bio, " %02x", ((const unsigned char*)buf)[i]);
929                         }
930                 if (i < len)
931                         BIO_printf(bio, " ...");
932                 BIO_printf(bio, "\n");
933                 }
934         (void)BIO_flush(bio);
935         }
936
937 void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
938                                         unsigned char *data, int len,
939                                         void *arg)
940         {
941         BIO *bio = arg;
942         char *extname;
943
944         switch(type)
945                 {
946                 case TLSEXT_TYPE_server_name:
947                 extname = "server name";
948                 break;
949
950                 case TLSEXT_TYPE_max_fragment_length:
951                 extname = "max fragment length";
952                 break;
953
954                 case TLSEXT_TYPE_client_certificate_url:
955                 extname = "client certificate URL";
956                 break;
957
958                 case TLSEXT_TYPE_trusted_ca_keys:
959                 extname = "trusted CA keys";
960                 break;
961
962                 case TLSEXT_TYPE_truncated_hmac:
963                 extname = "truncated HMAC";
964                 break;
965
966                 case TLSEXT_TYPE_status_request:
967                 extname = "status request";
968                 break;
969
970                 case TLSEXT_TYPE_user_mapping:
971                 extname = "user mapping";
972                 break;
973
974                 case TLSEXT_TYPE_client_authz:
975                 extname = "client authz";
976                 break;
977
978                 case TLSEXT_TYPE_server_authz:
979                 extname = "server authz";
980                 break;
981
982                 case TLSEXT_TYPE_cert_type:
983                 extname = "cert type";
984                 break;
985
986                 case TLSEXT_TYPE_elliptic_curves:
987                 extname = "elliptic curves";
988                 break;
989
990                 case TLSEXT_TYPE_ec_point_formats:
991                 extname = "EC point formats";
992                 break;
993
994                 case TLSEXT_TYPE_srp:
995                 extname = "SRP";
996                 break;
997
998                 case TLSEXT_TYPE_signature_algorithms:
999                 extname = "signature algorithms";
1000                 break;
1001
1002                 case TLSEXT_TYPE_use_srtp:
1003                 extname = "use SRTP";
1004                 break;
1005
1006                 case TLSEXT_TYPE_heartbeat:
1007                 extname = "heartbeat";
1008                 break;
1009
1010                 case TLSEXT_TYPE_session_ticket:
1011                 extname = "session ticket";
1012                 break;
1013
1014                 case TLSEXT_TYPE_renegotiate: 
1015                 extname = "renegotiation info";
1016                 break;
1017
1018 #ifdef TLSEXT_TYPE_opaque_prf_input
1019                 case TLSEXT_TYPE_opaque_prf_input:
1020                 extname = "opaque PRF input";
1021                 break;
1022 #endif
1023 #ifdef TLSEXT_TYPE_next_proto_neg
1024                 case TLSEXT_TYPE_next_proto_neg:
1025                 extname = "next protocol";
1026                 break;
1027 #endif
1028 #ifdef TLSEXT_TYPE_encrypt_then_mac
1029                 case TLSEXT_TYPE_encrypt_then_mac:
1030                 extname = "encrypt-then-mac";
1031                 break;
1032 #endif
1033
1034                 default:
1035                 extname = "unknown";
1036                 break;
1037
1038                 }
1039         
1040         BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n",
1041                         client_server ? "server": "client",
1042                         extname, type, len);
1043         BIO_dump(bio, (char *)data, len);
1044         (void)BIO_flush(bio);
1045         }
1046
1047 int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)
1048         {
1049         unsigned char *buffer, result[EVP_MAX_MD_SIZE];
1050         unsigned int length, resultlength;
1051         union {
1052                 struct sockaddr sa;
1053                 struct sockaddr_in s4;
1054 #if OPENSSL_USE_IPV6
1055                 struct sockaddr_in6 s6;
1056 #endif
1057         } peer;
1058
1059         /* Initialize a random secret */
1060         if (!cookie_initialized)
1061                 {
1062                 if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH))
1063                         {
1064                         BIO_printf(bio_err,"error setting random cookie secret\n");
1065                         return 0;
1066                         }
1067                 cookie_initialized = 1;
1068                 }
1069
1070         /* Read peer information */
1071         (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
1072
1073         /* Create buffer with peer's address and port */
1074         length = 0;
1075         switch (peer.sa.sa_family)
1076                 {
1077         case AF_INET:
1078                 length += sizeof(struct in_addr);
1079                 length += sizeof(peer.s4.sin_port);
1080                 break;
1081 #if OPENSSL_USE_IPV6
1082         case AF_INET6:
1083                 length += sizeof(struct in6_addr);
1084                 length += sizeof(peer.s6.sin6_port);
1085                 break;
1086 #endif
1087         default:
1088                 OPENSSL_assert(0);
1089                 break;
1090                 }
1091         buffer = OPENSSL_malloc(length);
1092
1093         if (buffer == NULL)
1094                 {
1095                 BIO_printf(bio_err,"out of memory\n");
1096                 return 0;
1097                 }
1098
1099         switch (peer.sa.sa_family)
1100                 {
1101         case AF_INET:
1102                 memcpy(buffer,
1103                        &peer.s4.sin_port,
1104                        sizeof(peer.s4.sin_port));
1105                 memcpy(buffer + sizeof(peer.s4.sin_port),
1106                        &peer.s4.sin_addr,
1107                        sizeof(struct in_addr));
1108                 break;
1109 #if OPENSSL_USE_IPV6
1110         case AF_INET6:
1111                 memcpy(buffer,
1112                        &peer.s6.sin6_port,
1113                        sizeof(peer.s6.sin6_port));
1114                 memcpy(buffer + sizeof(peer.s6.sin6_port),
1115                        &peer.s6.sin6_addr,
1116                        sizeof(struct in6_addr));
1117                 break;
1118 #endif
1119         default:
1120                 OPENSSL_assert(0);
1121                 break;
1122                 }
1123
1124         /* Calculate HMAC of buffer using the secret */
1125         HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
1126              buffer, length, result, &resultlength);
1127         OPENSSL_free(buffer);
1128
1129         memcpy(cookie, result, resultlength);
1130         *cookie_len = resultlength;
1131
1132         return 1;
1133         }
1134
1135 int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)
1136         {
1137         unsigned char *buffer, result[EVP_MAX_MD_SIZE];
1138         unsigned int length, resultlength;
1139         union {
1140                 struct sockaddr sa;
1141                 struct sockaddr_in s4;
1142 #if OPENSSL_USE_IPV6
1143                 struct sockaddr_in6 s6;
1144 #endif
1145         } peer;
1146
1147         /* If secret isn't initialized yet, the cookie can't be valid */
1148         if (!cookie_initialized)
1149                 return 0;
1150
1151         /* Read peer information */
1152         (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
1153
1154         /* Create buffer with peer's address and port */
1155         length = 0;
1156         switch (peer.sa.sa_family)
1157                 {
1158         case AF_INET:
1159                 length += sizeof(struct in_addr);
1160                 length += sizeof(peer.s4.sin_port);
1161                 break;
1162 #if OPENSSL_USE_IPV6
1163         case AF_INET6:
1164                 length += sizeof(struct in6_addr);
1165                 length += sizeof(peer.s6.sin6_port);
1166                 break;
1167 #endif
1168         default:
1169                 OPENSSL_assert(0);
1170                 break;
1171                 }
1172         buffer = OPENSSL_malloc(length);
1173         
1174         if (buffer == NULL)
1175                 {
1176                 BIO_printf(bio_err,"out of memory\n");
1177                 return 0;
1178                 }
1179
1180         switch (peer.sa.sa_family)
1181                 {
1182         case AF_INET:
1183                 memcpy(buffer,
1184                        &peer.s4.sin_port,
1185                        sizeof(peer.s4.sin_port));
1186                 memcpy(buffer + sizeof(peer.s4.sin_port),
1187                        &peer.s4.sin_addr,
1188                        sizeof(struct in_addr));
1189                 break;
1190 #if OPENSSL_USE_IPV6
1191         case AF_INET6:
1192                 memcpy(buffer,
1193                        &peer.s6.sin6_port,
1194                        sizeof(peer.s6.sin6_port));
1195                 memcpy(buffer + sizeof(peer.s6.sin6_port),
1196                        &peer.s6.sin6_addr,
1197                        sizeof(struct in6_addr));
1198                 break;
1199 #endif
1200         default:
1201                 OPENSSL_assert(0);
1202                 break;
1203                 }
1204
1205         /* Calculate HMAC of buffer using the secret */
1206         HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
1207              buffer, length, result, &resultlength);
1208         OPENSSL_free(buffer);
1209
1210         if (cookie_len == resultlength && memcmp(result, cookie, resultlength) == 0)
1211                 return 1;
1212
1213         return 0;
1214         }
1215
1216 /* Example of extended certificate handling. Where the standard support
1217  * of one certificate per algorithm is not sufficient an application
1218  * can decide which certificate(s) to use at runtime based on whatever
1219  * criteria it deems appropriate.
1220  */
1221
1222 /* Linked list of certificates, keys and chains */
1223 struct  ssl_excert_st
1224         {
1225         int certform;
1226         const char *certfile;
1227         int keyform;
1228         const char *keyfile;
1229         const char *chainfile;
1230         X509 *cert;
1231         EVP_PKEY *key;
1232         STACK_OF(X509) *chain;
1233         int build_chain;
1234         struct ssl_excert_st *next, *prev;
1235         };
1236
1237 struct chain_flags
1238         {
1239         int flag;
1240         const char *name;
1241         };
1242
1243 struct chain_flags chain_flags_list[] =
1244         {
1245                 {CERT_PKEY_VALID, "Overall Validity"},
1246                 {CERT_PKEY_SIGN,  "Sign with EE key"},
1247                 {CERT_PKEY_EE_SIGNATURE, "EE signature"},
1248                 {CERT_PKEY_CA_SIGNATURE, "CA signature"},
1249                 {CERT_PKEY_EE_PARAM, "EE key parameters"},
1250                 {CERT_PKEY_CA_PARAM, "CA key parameters"},
1251                 {CERT_PKEY_EXPLICIT_SIGN,  "Explicity sign with EE key"},
1252                 {CERT_PKEY_ISSUER_NAME,  "Issuer Name"},
1253                 {CERT_PKEY_CERT_TYPE,  "Certificate Type"},
1254                 {0, NULL}
1255         };
1256
1257
1258 static void print_chain_flags(BIO *out, int flags)
1259         {
1260         struct chain_flags *ctmp = chain_flags_list;
1261         while(ctmp->name)
1262                 {
1263                 BIO_printf(out, "\t%s: %s\n", ctmp->name,
1264                                 flags & ctmp->flag ? "OK" : "NOT OK");
1265                 ctmp++;
1266                 }
1267         }
1268
1269 /* Very basic selection callback: just use any certificate chain
1270  * reported as valid. More sophisticated could prioritise according
1271  * to local policy.
1272  */
1273 static int set_cert_cb(SSL *ssl, void *arg)
1274         {
1275         int i, rv;
1276         SSL_EXCERT *exc = arg;
1277 #ifdef CERT_CB_TEST_RETRY
1278         static int retry_cnt;
1279         if (retry_cnt < 5)
1280                 {
1281                 retry_cnt++;
1282                 fprintf(stderr, "Certificate callback retry test: count %d\n",
1283                                                                 retry_cnt);
1284                 return -1;
1285                 }
1286 #endif
1287         SSL_certs_clear(ssl);
1288
1289         if (!exc)
1290                 return 1;
1291
1292         /* Go to end of list and traverse backwards since we prepend
1293          * newer entries this retains the original order.
1294          */
1295         while (exc->next)
1296                 exc = exc->next;
1297
1298         i = 0;  
1299
1300         while(exc)
1301                 {
1302                 i++;
1303                 rv = SSL_check_chain(ssl, exc->cert, exc->key, exc->chain);
1304                 BIO_printf(bio_err, "Checking cert chain %d:\nSubject: ", i);
1305                 X509_NAME_print_ex(bio_err, X509_get_subject_name(exc->cert), 0,
1306                                                         XN_FLAG_ONELINE);
1307                 BIO_puts(bio_err, "\n");
1308                 
1309                 print_chain_flags(bio_err, rv);
1310                 if (rv & CERT_PKEY_VALID)
1311                         {
1312                         SSL_use_certificate(ssl, exc->cert);
1313                         SSL_use_PrivateKey(ssl, exc->key);
1314                         /* NB: we wouldn't normally do this as it is
1315                          * not efficient building chains on each connection
1316                          * better to cache the chain in advance.
1317                          */
1318                         if (exc->build_chain)
1319                                 {
1320                                 if (!SSL_build_cert_chain(ssl, 0))
1321                                         return 0;
1322                                 }
1323                         else if (exc->chain)
1324                                 SSL_set1_chain(ssl, exc->chain);
1325                         }
1326                 exc = exc->prev;
1327                 }
1328         return 1;
1329         }
1330
1331 void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc)
1332         {
1333         SSL_CTX_set_cert_cb(ctx, set_cert_cb, exc);
1334         }
1335
1336 static int ssl_excert_prepend(SSL_EXCERT **pexc)
1337         {
1338         SSL_EXCERT *exc;
1339         exc = OPENSSL_malloc(sizeof(SSL_EXCERT));
1340         if (!exc)
1341                 return 0;
1342         exc->certfile = NULL;
1343         exc->keyfile = NULL;
1344         exc->chainfile = NULL;
1345         exc->cert = NULL;
1346         exc->key = NULL;
1347         exc->chain = NULL;
1348         exc->prev = NULL;
1349         exc->build_chain = 0;
1350
1351         exc->next = *pexc;
1352         *pexc = exc;
1353                         
1354         if (exc->next)
1355                 {
1356                 exc->certform = exc->next->certform;
1357                 exc->keyform = exc->next->keyform;
1358                 exc->next->prev = exc;
1359                 }
1360         else
1361                 {
1362                 exc->certform = FORMAT_PEM;
1363                 exc->keyform = FORMAT_PEM;
1364                 }
1365         return 1;
1366
1367         }
1368
1369 void ssl_excert_free(SSL_EXCERT *exc)
1370         {
1371         SSL_EXCERT *curr;
1372         while (exc)
1373                 {
1374                 if (exc->cert)
1375                         X509_free(exc->cert);
1376                 if (exc->key)
1377                         EVP_PKEY_free(exc->key);
1378                 if (exc->chain)
1379                         sk_X509_pop_free(exc->chain, X509_free);
1380                 curr = exc;
1381                 exc = exc->next;
1382                 OPENSSL_free(curr);
1383                 }
1384         }
1385
1386 int load_excert(SSL_EXCERT **pexc, BIO *err)
1387         {
1388         SSL_EXCERT *exc = *pexc;
1389         if (!exc)
1390                 return 1;
1391         /* If nothing in list, free and set to NULL */
1392         if (!exc->certfile && !exc->next)
1393                 {
1394                 ssl_excert_free(exc);
1395                 *pexc = NULL;
1396                 return 1;
1397                 }
1398         for(; exc; exc=exc->next)
1399                 {
1400                 if (!exc->certfile)
1401                         {
1402                         BIO_printf(err, "Missing filename\n");
1403                         return 0;
1404                         }
1405                 exc->cert = load_cert(err, exc->certfile, exc->certform,
1406                                         NULL, NULL, "Server Certificate");
1407                 if (!exc->cert)
1408                         return 0;
1409                 if (exc->keyfile)
1410                         exc->keyfile = exc->certfile;
1411                 exc->key = load_key(err, exc->certfile, exc->certform, 0,
1412                                         NULL, NULL, "Server Certificate");
1413                 if (!exc->key)
1414                         return 0;
1415                 if (exc->chainfile)
1416                         {
1417                         exc->chain = load_certs(err,
1418                                                 exc->chainfile, FORMAT_PEM,
1419                                                 NULL, NULL,
1420                                                 "Server Chain");
1421                         if (!exc->chainfile)
1422                                 return 0;
1423                         }
1424                 }
1425         return 1;
1426         }
1427                 
1428
1429 int args_excert(char ***pargs, int *pargc,
1430                         int *badarg, BIO *err, SSL_EXCERT **pexc)
1431         {
1432         char *arg = **pargs, *argn = (*pargs)[1];
1433         SSL_EXCERT *exc = *pexc;
1434         int narg = 2;
1435         if (!exc)
1436                 {
1437                 if (ssl_excert_prepend(&exc))
1438                         *pexc = exc;
1439                 else
1440                         {
1441                         BIO_printf(err, "Error initialising xcert\n");
1442                         *badarg = 1;
1443                         goto err;
1444                         }
1445                 }
1446         if (strcmp(arg, "-xcert") == 0)
1447                 {
1448                 if (!argn)
1449                         {
1450                         *badarg = 1;
1451                         return 1;
1452                         }
1453                 if (exc->certfile && !ssl_excert_prepend(&exc))
1454                         {
1455                         BIO_printf(err, "Error adding xcert\n");
1456                         *badarg = 1;
1457                         goto err;
1458                         }
1459                 exc->certfile = argn;
1460                 }
1461         else if (strcmp(arg,"-xkey") == 0)
1462                 {
1463                 if (!argn)
1464                         {
1465                         *badarg = 1;
1466                         return 1;
1467                         }
1468                 if (exc->keyfile)
1469                         {
1470                         BIO_printf(err, "Key already specified\n");
1471                         *badarg = 1;
1472                         return 1;
1473                         }
1474                 exc->keyfile = argn;
1475                 }
1476         else if (strcmp(arg,"-xchain") == 0)
1477                 {
1478                 if (!argn)
1479                         {
1480                         *badarg = 1;
1481                         return 1;
1482                         }
1483                 if (exc->chainfile)
1484                         {
1485                         BIO_printf(err, "Chain already specified\n");
1486                         *badarg = 1;
1487                         return 1;
1488                         }
1489                 exc->chainfile = argn;
1490                 }
1491         else if (strcmp(arg,"-xchain_build") == 0)
1492                 {
1493                 narg = 1;
1494                 exc->build_chain = 1;
1495                 }
1496         else if (strcmp(arg,"-xcertform") == 0)
1497                 {
1498                 if (!argn)
1499                         {
1500                         *badarg = 1;
1501                         goto err;
1502                         }
1503                 exc->certform = str2fmt(argn);
1504                 }
1505         else if (strcmp(arg,"-xkeyform") == 0)
1506                 {
1507                 if (!argn)
1508                         {
1509                         *badarg = 1;
1510                         goto err;
1511                         }
1512                 exc->keyform = str2fmt(argn);
1513                 }
1514         else
1515                 return 0;
1516
1517         (*pargs) += narg;
1518
1519         if (pargc)
1520                 *pargc -= narg;
1521
1522         *pexc = exc;
1523
1524         return 1;
1525
1526         err:
1527         ERR_print_errors(err);
1528         ssl_excert_free(exc);
1529         *pexc = NULL;
1530         return 1;
1531         }
1532
1533 static void print_raw_cipherlist(BIO *bio, SSL *s)
1534         {
1535         const unsigned char *rlist;
1536         static const unsigned char scsv_id[] = {0, 0, 0xFF};
1537         size_t i, rlistlen, num;
1538         if (!SSL_is_server(s))
1539                 return;
1540         num = SSL_get0_raw_cipherlist(s, NULL);
1541         rlistlen = SSL_get0_raw_cipherlist(s, &rlist);
1542         BIO_puts(bio, "Client cipher list: ");
1543         for (i = 0; i < rlistlen; i += num, rlist += num)
1544                 {
1545                 const SSL_CIPHER *c = SSL_CIPHER_find(s, rlist);
1546                 if (i)
1547                         BIO_puts(bio, ":");
1548                 if (c)
1549                         BIO_puts(bio, SSL_CIPHER_get_name(c));
1550                 else if (!memcmp(rlist, scsv_id - num + 3, num))
1551                         BIO_puts(bio, "SCSV");
1552                 else
1553                         {
1554                         size_t j;
1555                         BIO_puts(bio, "0x");
1556                         for (j = 0; j < num; j++)
1557                                 BIO_printf(bio, "%02X", rlist[j]);
1558                         }
1559                 }
1560         BIO_puts(bio, "\n");
1561         }
1562         
1563
1564 void print_ssl_summary(BIO *bio, SSL *s)
1565         {
1566         const SSL_CIPHER *c;
1567         X509 *peer;
1568         /*const char *pnam = SSL_is_server(s) ? "client" : "server";*/
1569         BIO_printf(bio, "Protocol version: %s\n", SSL_get_version(s));
1570         print_raw_cipherlist(bio, s);
1571         c = SSL_get_current_cipher(s);
1572         BIO_printf(bio,"Ciphersuite: %s\n", SSL_CIPHER_get_name(c));
1573         do_print_sigalgs(bio, s, 0);
1574         peer = SSL_get_peer_certificate(s);
1575         if (peer)
1576                 {
1577                 int nid;
1578                 BIO_puts(bio, "Peer certificate: ");
1579                 X509_NAME_print_ex(bio, X509_get_subject_name(peer),
1580                                         0, XN_FLAG_ONELINE);
1581                 BIO_puts(bio, "\n");
1582                 if (SSL_get_peer_signature_nid(s, &nid))
1583                         BIO_printf(bio, "Hash used: %s\n", OBJ_nid2sn(nid));
1584                 }
1585         else
1586                 BIO_puts(bio, "No peer certificate\n");
1587         if (peer)
1588                 X509_free(peer);
1589 #ifndef OPENSSL_NO_EC
1590         ssl_print_point_formats(bio, s);
1591         if (SSL_is_server(s))
1592                 ssl_print_curves(bio, s, 1);
1593         else
1594                 ssl_print_tmp_key(bio, s);
1595 #else
1596         if (!SSL_is_server(s))
1597                 ssl_print_tmp_key(bio, s);
1598 #endif
1599         }
1600
1601 int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx,
1602                         int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr)
1603         {
1604         char *arg = **pargs, *argn = (*pargs)[1];
1605         int rv;
1606
1607         /* Attempt to run SSL configuration command */
1608         rv = SSL_CONF_cmd_argv(cctx, pargc, pargs);
1609         /* If parameter not recognised just return */
1610         if (rv == 0)
1611                 return 0;
1612         /* see if missing argument error */
1613         if (rv == -3)
1614                 {
1615                 BIO_printf(err, "%s needs an argument\n", arg);
1616                 *badarg = 1;
1617                 goto end;
1618                 }
1619         /* Check for some other error */
1620         if (rv < 0)
1621                 {
1622                 BIO_printf(err, "Error with command: \"%s %s\"\n",
1623                                                 arg, argn ? argn : "");
1624                 *badarg = 1;
1625                 goto end;
1626                 }
1627         /* Store command and argument */
1628         /* If only one argument processed store value as NULL */
1629         if (rv == 1)
1630                 argn = NULL;
1631         if (!*pstr)
1632                 *pstr = sk_OPENSSL_STRING_new_null();
1633         if (!*pstr || !sk_OPENSSL_STRING_push(*pstr, arg) ||
1634                                 !sk_OPENSSL_STRING_push(*pstr, argn))
1635                 {
1636                 BIO_puts(err, "Memory allocation failure\n");
1637                 goto end;
1638                 }
1639
1640         end:
1641         if (*badarg)
1642                 ERR_print_errors(err);
1643
1644         return 1;
1645         }
1646
1647 int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
1648                 STACK_OF(OPENSSL_STRING) *str, int no_ecdhe, int no_jpake)
1649         {
1650         int i;
1651         SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
1652         for (i = 0; i < sk_OPENSSL_STRING_num(str); i+= 2)
1653                 {
1654                 const char *param = sk_OPENSSL_STRING_value(str, i);
1655                 const char *value = sk_OPENSSL_STRING_value(str, i + 1);
1656                 /* If no_ecdhe or named curve already specified don't need
1657                  * a default.
1658                  */
1659                 if (!no_ecdhe && !strcmp(param, "-named_curve"))
1660                         no_ecdhe = 1;
1661 #ifndef OPENSSL_NO_JPAKE
1662                 if (!no_jpake && !strcmp(param, "-cipher"))
1663                         {
1664                         BIO_puts(err, "JPAKE sets cipher to PSK\n");
1665                         return 0;
1666                         }
1667 #endif
1668                 if (SSL_CONF_cmd(cctx, param, value) <= 0)
1669                         {
1670                         BIO_printf(err, "Error with command: \"%s %s\"\n",
1671                                                 param, value ? value : "");
1672                         ERR_print_errors(err);
1673                         return 0;
1674                         }
1675                 }
1676         /* This is a special case to keep existing s_server functionality:
1677          * if we don't have any curve specified *and* we haven't disabled
1678          * ECDHE then use P-256.
1679          */
1680         if (!no_ecdhe)
1681                 {
1682                 if (SSL_CONF_cmd(cctx, "-named_curve", "P-256") <= 0)
1683                         {
1684                         BIO_puts(err, "Error setting EC curve\n");
1685                         ERR_print_errors(err);
1686                         return 0;
1687                         }
1688                 }
1689 #ifndef OPENSSL_NO_JPAKE
1690         if (!no_jpake)
1691                 {
1692                 if (SSL_CONF_cmd(cctx, "-cipher", "PSK") <= 0)
1693                         {
1694                         BIO_puts(err, "Error setting cipher to PSK\n");
1695                         ERR_print_errors(err);
1696                         return 0;
1697                         }
1698                 }
1699 #endif
1700         if (!SSL_CONF_CTX_finish(cctx))
1701                 {
1702                 BIO_puts(err, "Error finishing context\n");
1703                 ERR_print_errors(err);
1704                 return 0;
1705                 }
1706         return 1;
1707         }
1708
1709 static int add_crls_store(X509_STORE *st, STACK_OF(X509_CRL) *crls)
1710         {
1711         X509_CRL *crl;
1712         int i;
1713         for (i = 0; i < sk_X509_CRL_num(crls); i++)
1714                 {
1715                 crl = sk_X509_CRL_value(crls, i);
1716                 X509_STORE_add_crl(st, crl);
1717                 }
1718         return 1;
1719         }
1720
1721 int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download)
1722         {
1723         X509_STORE *st;
1724         st = SSL_CTX_get_cert_store(ctx);
1725         add_crls_store(st, crls);
1726         if (crl_download)
1727                 store_setup_crl_download(st);
1728         return 1;
1729         }
1730
1731 int ssl_load_stores(SSL_CTX *ctx,
1732                         const char *vfyCApath, const char *vfyCAfile,
1733                         const char *chCApath, const char *chCAfile,
1734                         STACK_OF(X509_CRL) *crls, int crl_download)
1735         {
1736         X509_STORE *vfy = NULL, *ch = NULL;
1737         int rv = 0;
1738         if (vfyCApath || vfyCAfile)
1739                 {
1740                 vfy = X509_STORE_new();
1741                 if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath))
1742                         goto err;
1743                 add_crls_store(vfy, crls);
1744                 SSL_CTX_set1_verify_cert_store(ctx, vfy);
1745                 if (crl_download)
1746                         store_setup_crl_download(vfy);
1747                 }
1748         if (chCApath || chCAfile)
1749                 {
1750                 ch = X509_STORE_new();
1751                 if (!X509_STORE_load_locations(ch, chCAfile, chCApath))
1752                         goto err;
1753                 SSL_CTX_set1_chain_cert_store(ctx, ch);
1754                 }
1755         rv = 1;
1756         err:
1757         if (vfy)
1758                 X509_STORE_free(vfy);
1759         if (ch)
1760                 X509_STORE_free(ch);
1761         return rv;
1762         }
1763
1764 /* Verbose print out of security callback */
1765
1766 typedef struct
1767         {
1768         BIO *out;
1769         int verbose;
1770         int (*old_cb)(SSL *s, SSL_CTX *ctx, int op, int bits, int nid,
1771                                 void *other, void *ex);
1772         } security_debug_ex;
1773
1774 static int security_callback_debug(SSL *s, SSL_CTX *ctx,
1775                                 int op, int bits, int nid,
1776                                 void *other, void *ex)
1777         {
1778         security_debug_ex *sdb = ex;
1779         int rv, show_bits = 1, cert_md = 0;
1780         const char *nm;
1781         rv = sdb->old_cb(s, ctx, op, bits, nid, other, ex);
1782         if (rv == 1 && sdb->verbose < 2)
1783                 return 1;
1784         BIO_puts(sdb->out, "Security callback: ");
1785
1786         switch (op)
1787                 {
1788         case SSL_SECOP_CIPHER_SUPPORTED:
1789                 nm = "Supported Ciphersuite";
1790                 break;
1791         case SSL_SECOP_CIPHER_SHARED:
1792                 nm = "Shared Ciphersuite";
1793                 break;
1794         case SSL_SECOP_CIPHER_CHECK:
1795                 nm = "Check Ciphersuite";
1796                 break;
1797         case SSL_SECOP_TICKET:
1798                 BIO_puts(sdb->out, "Session ticket");
1799                 show_bits = 0;
1800                 nm = NULL;
1801                 break;
1802         case SSL_SECOP_COMPRESSION:
1803                 BIO_puts(sdb->out, "SSL compression");
1804                 show_bits = 0;
1805                 nm = NULL;
1806                 break;
1807 #ifndef OPENSSL_NO_DH
1808         case SSL_SECOP_TMP_DH:
1809                 nm = "Temp DH key bits";
1810                 break;
1811 #endif
1812         case SSL_SECOP_CURVE_SUPPORTED:
1813                 nm = "Supported Curve";
1814                 break;
1815         case SSL_SECOP_CURVE_SHARED:
1816                 nm = "Shared Curve";
1817                 break;
1818         case SSL_SECOP_CURVE_CHECK:
1819                 nm = "Check Curve";
1820                 break;
1821         case SSL_SECOP_SSL2_COMPAT:
1822                 BIO_puts(sdb->out, "SSLv2 compatible");
1823                 show_bits = 0;
1824                 nm = NULL;
1825                 break;
1826         case SSL_SECOP_VERSION:
1827                 BIO_printf(sdb->out, "Version=%s", ssl_version_str(nid));
1828                 show_bits = 0;
1829                 nm = NULL;
1830                 break;
1831         case SSL_SECOP_SIGALG_SUPPORTED:
1832                 nm = "Supported Signature Algorithm digest";
1833                 break;
1834         case SSL_SECOP_SIGALG_SHARED:
1835                 nm = "Shared Signature Algorithm digest";
1836                 break;
1837         case SSL_SECOP_SIGALG_CHECK:
1838                 nm = "Check Signature Algorithm digest";
1839                 break;
1840         case SSL_SECOP_SIGALG_MASK:
1841                 nm = "Signature Algorithm mask";
1842                 break;
1843         case SSL_SECOP_EE_KEY:
1844                 nm = "Certificate chain EE key";
1845                 break;
1846         case SSL_SECOP_CA_KEY:
1847                 nm = "Certificate chain CA key";
1848                 break;
1849         case SSL_SECOP_CA_MD:
1850                 cert_md = 1;
1851                 nm = "Certificate chain CA digest";
1852                 break;
1853         case SSL_SECOP_PEER_EE_KEY:
1854                 nm = "Peer Chain EE key";
1855                 break;
1856         case SSL_SECOP_PEER_CA_KEY:
1857                 nm = "Peer Chain CA key";
1858                 break;
1859         case SSL_SECOP_PEER_CA_MD:
1860                 cert_md = 1;
1861                 nm = "Peer chain CA digest";
1862                 break;
1863         default:
1864                 nm = NULL;
1865                 }
1866         if (nm)
1867                 BIO_printf(sdb->out, "%s=", nm);
1868
1869         switch (op & SSL_SECOP_OTHER_TYPE)
1870                 {
1871
1872         case SSL_SECOP_OTHER_CIPHER:
1873                 BIO_puts(sdb->out, SSL_CIPHER_get_name(other));
1874                 break;
1875
1876         case SSL_SECOP_OTHER_CURVE:
1877                         {
1878                         const char *cname;
1879                         cname = EC_curve_nid2nist(nid);
1880                         if (cname == NULL)
1881                                 cname = OBJ_nid2sn(nid);
1882                         BIO_puts(sdb->out, cname);
1883                         }
1884                         break;
1885
1886         case SSL_SECOP_OTHER_DH:
1887                         {
1888                         DH *dh = other;
1889                         BIO_printf(sdb->out, "%d", BN_num_bits(dh->p));
1890                         break;
1891                         }
1892         case SSL_SECOP_OTHER_CERT:
1893                         {
1894                         if (cert_md)
1895                                 {
1896                                 int sig_nid = X509_get_signature_nid(other);
1897                                 BIO_puts(sdb->out, OBJ_nid2sn(sig_nid));
1898                                 }
1899                         else
1900                                 {
1901                                 EVP_PKEY *pkey = X509_get_pubkey(other);
1902                                 const char *algname = "";
1903                                 EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL,
1904                                                 &algname,
1905                                                 EVP_PKEY_get0_asn1(pkey));
1906                                 BIO_printf(sdb->out, "%s, bits=%d",
1907                                                 algname, EVP_PKEY_bits(pkey));
1908                                 EVP_PKEY_free(pkey);
1909                                 }
1910                         break;
1911                         }
1912         case SSL_SECOP_OTHER_SIGALG:
1913                         {
1914                         const unsigned char *salg = other;
1915                         const char *sname = NULL;
1916                         switch (salg[1])
1917                                 {
1918                         case TLSEXT_signature_anonymous:
1919                                 sname = "anonymous";
1920                                 break;
1921                         case TLSEXT_signature_rsa:
1922                                 sname = "RSA";
1923                                 break;
1924                         case TLSEXT_signature_dsa:
1925                                 sname = "DSA";
1926                                 break;
1927                         case TLSEXT_signature_ecdsa:
1928                                 sname = "ECDSA";
1929                                 break;
1930                                 }
1931                                 
1932                         BIO_puts(sdb->out, OBJ_nid2sn(nid));
1933                         if (sname)
1934                                 BIO_printf(sdb->out, ", algorithm=%s", sname);
1935                         else
1936                                 BIO_printf(sdb->out, ", algid=%d", salg[1]);
1937                         break;
1938                         }
1939         
1940                 }
1941
1942         if (show_bits)
1943                 BIO_printf(sdb->out, ", security bits=%d", bits);
1944         BIO_printf(sdb->out, ": %s\n", rv ? "yes" : "no");
1945         return rv;
1946         }
1947
1948 void ssl_ctx_security_debug(SSL_CTX *ctx, BIO *out, int verbose)
1949         {
1950         static security_debug_ex sdb;
1951         sdb.out = out;
1952         sdb.verbose = verbose;
1953         sdb.old_cb = SSL_CTX_get_security_callback(ctx);
1954         SSL_CTX_set_security_callback(ctx, security_callback_debug);
1955         SSL_CTX_set0_security_ex_data(ctx, &sdb);
1956         }
1957
1958
1959