Add new ctrl to retrieve client certificate types, print out
[openssl.git] / apps / s_cb.c
1 /* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer. 
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111
112 #include <stdio.h>
113 #include <stdlib.h>
114 #define USE_SOCKETS
115 #define NON_MAIN
116 #include "apps.h"
117 #undef NON_MAIN
118 #undef USE_SOCKETS
119 #include <openssl/err.h>
120 #include <openssl/rand.h>
121 #include <openssl/x509.h>
122 #include <openssl/ssl.h>
123 #include "s_apps.h"
124
125 #define COOKIE_SECRET_LENGTH    16
126
127 int verify_depth=0;
128 int verify_error=X509_V_OK;
129 int verify_return_error=0;
130 unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
131 int cookie_initialized=0;
132
133 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
134         {
135         X509 *err_cert;
136         int err,depth;
137
138         err_cert=X509_STORE_CTX_get_current_cert(ctx);
139         err=    X509_STORE_CTX_get_error(ctx);
140         depth=  X509_STORE_CTX_get_error_depth(ctx);
141
142         BIO_printf(bio_err,"depth=%d ",depth);
143         if (err_cert)
144                 {
145                 X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
146                                         0, XN_FLAG_ONELINE);
147                 BIO_puts(bio_err, "\n");
148                 }
149         else
150                 BIO_puts(bio_err, "<no cert>\n");
151         if (!ok)
152                 {
153                 BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
154                         X509_verify_cert_error_string(err));
155                 if (verify_depth >= depth)
156                         {
157                         if (!verify_return_error)
158                                 ok=1;
159                         verify_error=X509_V_OK;
160                         }
161                 else
162                         {
163                         ok=0;
164                         verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG;
165                         }
166                 }
167         switch (err)
168                 {
169         case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
170                 BIO_puts(bio_err,"issuer= ");
171                 X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
172                                         0, XN_FLAG_ONELINE);
173                 BIO_puts(bio_err, "\n");
174                 break;
175         case X509_V_ERR_CERT_NOT_YET_VALID:
176         case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
177                 BIO_printf(bio_err,"notBefore=");
178                 ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert));
179                 BIO_printf(bio_err,"\n");
180                 break;
181         case X509_V_ERR_CERT_HAS_EXPIRED:
182         case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
183                 BIO_printf(bio_err,"notAfter=");
184                 ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert));
185                 BIO_printf(bio_err,"\n");
186                 break;
187         case X509_V_ERR_NO_EXPLICIT_POLICY:
188                 policies_print(bio_err, ctx);
189                 break;
190                 }
191         if (err == X509_V_OK && ok == 2)
192                 policies_print(bio_err, ctx);
193
194         BIO_printf(bio_err,"verify return:%d\n",ok);
195         return(ok);
196         }
197
198 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
199         {
200         if (cert_file != NULL)
201                 {
202                 /*
203                 SSL *ssl;
204                 X509 *x509;
205                 */
206
207                 if (SSL_CTX_use_certificate_file(ctx,cert_file,
208                         SSL_FILETYPE_PEM) <= 0)
209                         {
210                         BIO_printf(bio_err,"unable to get certificate from '%s'\n",cert_file);
211                         ERR_print_errors(bio_err);
212                         return(0);
213                         }
214                 if (key_file == NULL) key_file=cert_file;
215                 if (SSL_CTX_use_PrivateKey_file(ctx,key_file,
216                         SSL_FILETYPE_PEM) <= 0)
217                         {
218                         BIO_printf(bio_err,"unable to get private key from '%s'\n",key_file);
219                         ERR_print_errors(bio_err);
220                         return(0);
221                         }
222
223                 /*
224                 In theory this is no longer needed 
225                 ssl=SSL_new(ctx);
226                 x509=SSL_get_certificate(ssl);
227
228                 if (x509 != NULL) {
229                         EVP_PKEY *pktmp;
230                         pktmp = X509_get_pubkey(x509);
231                         EVP_PKEY_copy_parameters(pktmp,
232                                                 SSL_get_privatekey(ssl));
233                         EVP_PKEY_free(pktmp);
234                 }
235                 SSL_free(ssl);
236                 */
237
238                 /* If we are using DSA, we can copy the parameters from
239                  * the private key */
240
241
242                 /* Now we know that a key and cert have been set against
243                  * the SSL context */
244                 if (!SSL_CTX_check_private_key(ctx))
245                         {
246                         BIO_printf(bio_err,"Private key does not match the certificate public key\n");
247                         return(0);
248                         }
249                 }
250         return(1);
251         }
252
253 int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
254                        STACK_OF(X509) *chain)
255         {
256         if (cert == NULL)
257                 return 1;
258         if (SSL_CTX_use_certificate(ctx,cert) <= 0)
259                 {
260                 BIO_printf(bio_err,"error setting certificate\n");
261                 ERR_print_errors(bio_err);
262                 return 0;
263                 }
264
265         if (SSL_CTX_use_PrivateKey(ctx,key) <= 0)
266                 {
267                 BIO_printf(bio_err,"error setting private key\n");
268                 ERR_print_errors(bio_err);
269                 return 0;
270                 }
271                  
272         /* Now we know that a key and cert have been set against
273          * the SSL context */
274         if (!SSL_CTX_check_private_key(ctx))
275                 {
276                 BIO_printf(bio_err,"Private key does not match the certificate public key\n");
277                 return 0;
278                 }
279         if (chain && !SSL_CTX_set1_chain(ctx, chain))
280                 {
281                 BIO_printf(bio_err,"error setting certificate chain\n");
282                 ERR_print_errors(bio_err);
283                 return 0;
284                 }
285         return 1;
286         }
287
288 static void ssl_print_client_cert_types(BIO *bio, SSL *s)
289         {
290         const unsigned char *p;
291         int i;
292         int cert_type_num = SSL_get0_certificate_types(s, &p);
293         if (!cert_type_num)
294                 return;
295         BIO_puts(bio, "Client Certificate Types: ");
296         for (i = 0; i < cert_type_num; i++)
297                 {
298                 unsigned char cert_type = p[i];
299                 char *cname;
300                 switch(cert_type)
301                         {
302                 case TLS_CT_RSA_SIGN:
303                         cname = "RSA sign";
304                         break;
305
306                 case TLS_CT_DSS_SIGN:
307                         cname = "DSA sign";
308                         break;
309
310                 case TLS_CT_RSA_FIXED_DH:
311                         cname = "RSA fixed DH";
312                         break;
313
314                 case TLS_CT_DSS_FIXED_DH:
315                         cname = "DSS fixed DH";
316                         break;
317
318                 case TLS_CT_ECDSA_SIGN:
319                         cname = "ECDSA sign";
320                         break;
321
322                 case TLS_CT_RSA_FIXED_ECDH:
323                         cname = "RSA fixed ECDH";
324                         break;
325
326                 case TLS_CT_ECDSA_FIXED_ECDH:
327                         cname = "ECDSA fixed ECDH";
328                         break;
329
330                 case TLS_CT_GOST94_SIGN:
331                         cname = "GOST94 Sign";
332                         break;
333
334                 case TLS_CT_GOST01_SIGN:
335                         cname = "GOST01 Sign";
336                         break;
337
338                 default:
339                          cname = NULL;
340                         }
341
342                 if (i)
343                         BIO_puts(bio, ", ");
344
345                 if (cname)
346                         BIO_puts(bio, cname);
347                 else
348                         BIO_printf(bio, "UNKNOWN (%d),", cert_type);
349                 }
350         BIO_puts(bio, "\n");
351         }
352
353 static int do_print_sigalgs(BIO *out, SSL *s, int shared)
354         {
355         int i, nsig, client;
356         client = SSL_is_server(s) ? 0 : 1;
357         if (shared)
358                 nsig = SSL_get_shared_sigalgs(s, -1, NULL, NULL, NULL,
359                                                         NULL, NULL);
360         else
361                 nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);
362         if (nsig == 0)
363                 return 1;
364
365         if (shared)
366                 BIO_puts(out, "Shared ");
367
368         if (client)
369                 BIO_puts(out, "Requested ");
370         BIO_puts(out, "Signature Algorithms: ");
371         for (i = 0; i < nsig; i++)
372                 {
373                 int hash_nid, sign_nid;
374                 unsigned char rhash, rsign;
375                 const char *sstr = NULL;
376                 if (shared)
377                         SSL_get_shared_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
378                                                         &rsign, &rhash);
379                 else
380                         SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
381                                                         &rsign, &rhash);
382                 if (i)
383                         BIO_puts(out, ":");
384                 if (sign_nid == EVP_PKEY_RSA)
385                         sstr = "RSA";
386                 else if(sign_nid == EVP_PKEY_DSA)
387                         sstr = "DSA";
388                 else if(sign_nid == EVP_PKEY_EC)
389                         sstr = "ECDSA";
390                 if (sstr)
391                         BIO_printf(out,"%s+", sstr);
392                 else
393                         BIO_printf(out,"0x%02X+", (int)rsign);
394                 if (hash_nid != NID_undef)
395                         BIO_printf(out, "%s", OBJ_nid2sn(hash_nid));
396                 else
397                         BIO_printf(out,"0x%02X", (int)rhash);
398                 }
399         BIO_puts(out, "\n");
400         return 1;
401         }
402
403 int ssl_print_sigalgs(BIO *out, SSL *s)
404         {
405         if (!SSL_is_server(s))
406                 ssl_print_client_cert_types(out, s);
407         do_print_sigalgs(out, s, 0);
408         do_print_sigalgs(out, s, 1);
409         return 1;
410         }
411
412 int ssl_print_curves(BIO *out, SSL *s)
413         {
414         int i, ncurves, *curves, nid;
415         const char *cname;
416         ncurves = SSL_get1_curves(s, NULL);
417         if (ncurves <= 0)
418                 return 1;
419         curves = OPENSSL_malloc(ncurves * sizeof(int));
420         SSL_get1_curves(s, curves);
421
422         BIO_puts(out, "Supported Elliptic Curves: ");
423         for (i = 0; i < ncurves; i++)
424                 {
425                 if (i)
426                         BIO_puts(out, ":");
427                 nid = curves[i];
428                 /* If unrecognised print out hex version */
429                 if (nid & TLSEXT_nid_unknown)
430                         BIO_printf(out, "0x%04X", nid & 0xFFFF);
431                 else
432                         {
433                         /* Use NIST name for curve if it exists */
434                         cname = EC_curve_nid2nist(nid);
435                         if (!cname)
436                                 cname = OBJ_nid2sn(nid);
437                         BIO_printf(out, "%s", cname);
438                         }
439                 }
440         BIO_puts(out, "\nShared Elliptic curves: ");
441         OPENSSL_free(curves);
442         ncurves = SSL_get_shared_curve(s, -1);
443         for (i = 0; i < ncurves; i++)
444                 {
445                 if (i)
446                         BIO_puts(out, ":");
447                 nid = SSL_get_shared_curve(s, i);
448                 cname = EC_curve_nid2nist(nid);
449                 if (!cname)
450                         cname = OBJ_nid2sn(nid);
451                 BIO_printf(out, "%s", cname);
452                 }
453         if (ncurves == 0)
454                 BIO_puts(out, "NONE");
455         BIO_puts(out, "\n");
456         return 1;
457         }
458
459
460 long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
461                                    int argi, long argl, long ret)
462         {
463         BIO *out;
464
465         out=(BIO *)BIO_get_callback_arg(bio);
466         if (out == NULL) return(ret);
467
468         if (cmd == (BIO_CB_READ|BIO_CB_RETURN))
469                 {
470                 BIO_printf(out,"read from %p [%p] (%lu bytes => %ld (0x%lX))\n",
471                         (void *)bio,argp,(unsigned long)argi,ret,ret);
472                 BIO_dump(out,argp,(int)ret);
473                 return(ret);
474                 }
475         else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
476                 {
477                 BIO_printf(out,"write to %p [%p] (%lu bytes => %ld (0x%lX))\n",
478                         (void *)bio,argp,(unsigned long)argi,ret,ret);
479                 BIO_dump(out,argp,(int)ret);
480                 }
481         return(ret);
482         }
483
484 void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret)
485         {
486         const char *str;
487         int w;
488
489         w=where& ~SSL_ST_MASK;
490
491         if (w & SSL_ST_CONNECT) str="SSL_connect";
492         else if (w & SSL_ST_ACCEPT) str="SSL_accept";
493         else str="undefined";
494
495         if (where & SSL_CB_LOOP)
496                 {
497                 BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s));
498                 }
499         else if (where & SSL_CB_ALERT)
500                 {
501                 str=(where & SSL_CB_READ)?"read":"write";
502                 BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n",
503                         str,
504                         SSL_alert_type_string_long(ret),
505                         SSL_alert_desc_string_long(ret));
506                 }
507         else if (where & SSL_CB_EXIT)
508                 {
509                 if (ret == 0)
510                         BIO_printf(bio_err,"%s:failed in %s\n",
511                                 str,SSL_state_string_long(s));
512                 else if (ret < 0)
513                         {
514                         BIO_printf(bio_err,"%s:error in %s\n",
515                                 str,SSL_state_string_long(s));
516                         }
517                 }
518         }
519
520
521 void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
522         {
523         BIO *bio = arg;
524         const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2= "";
525         
526         str_write_p = write_p ? ">>>" : "<<<";
527
528         switch (version)
529                 {
530         case SSL2_VERSION:
531                 str_version = "SSL 2.0";
532                 break;
533         case SSL3_VERSION:
534                 str_version = "SSL 3.0 ";
535                 break;
536         case TLS1_VERSION:
537                 str_version = "TLS 1.0 ";
538                 break;
539         case TLS1_1_VERSION:
540                 str_version = "TLS 1.1 ";
541                 break;
542         case TLS1_2_VERSION:
543                 str_version = "TLS 1.2 ";
544                 break;
545         case DTLS1_VERSION:
546                 str_version = "DTLS 1.0 ";
547                 break;
548         case DTLS1_BAD_VER:
549                 str_version = "DTLS 1.0 (bad) ";
550                 break;
551         default:
552                 str_version = "???";
553                 }
554
555         if (version == SSL2_VERSION)
556                 {
557                 str_details1 = "???";
558
559                 if (len > 0)
560                         {
561                         switch (((const unsigned char*)buf)[0])
562                                 {
563                                 case 0:
564                                         str_details1 = ", ERROR:";
565                                         str_details2 = " ???";
566                                         if (len >= 3)
567                                                 {
568                                                 unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2];
569                                                 
570                                                 switch (err)
571                                                         {
572                                                 case 0x0001:
573                                                         str_details2 = " NO-CIPHER-ERROR";
574                                                         break;
575                                                 case 0x0002:
576                                                         str_details2 = " NO-CERTIFICATE-ERROR";
577                                                         break;
578                                                 case 0x0004:
579                                                         str_details2 = " BAD-CERTIFICATE-ERROR";
580                                                         break;
581                                                 case 0x0006:
582                                                         str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR";
583                                                         break;
584                                                         }
585                                                 }
586
587                                         break;
588                                 case 1:
589                                         str_details1 = ", CLIENT-HELLO";
590                                         break;
591                                 case 2:
592                                         str_details1 = ", CLIENT-MASTER-KEY";
593                                         break;
594                                 case 3:
595                                         str_details1 = ", CLIENT-FINISHED";
596                                         break;
597                                 case 4:
598                                         str_details1 = ", SERVER-HELLO";
599                                         break;
600                                 case 5:
601                                         str_details1 = ", SERVER-VERIFY";
602                                         break;
603                                 case 6:
604                                         str_details1 = ", SERVER-FINISHED";
605                                         break;
606                                 case 7:
607                                         str_details1 = ", REQUEST-CERTIFICATE";
608                                         break;
609                                 case 8:
610                                         str_details1 = ", CLIENT-CERTIFICATE";
611                                         break;
612                                 }
613                         }
614                 }
615
616         if (version == SSL3_VERSION ||
617             version == TLS1_VERSION ||
618             version == DTLS1_VERSION ||
619             version == DTLS1_BAD_VER)
620                 {
621                 switch (content_type)
622                         {
623                 case 20:
624                         str_content_type = "ChangeCipherSpec";
625                         break;
626                 case 21:
627                         str_content_type = "Alert";
628                         break;
629                 case 22:
630                         str_content_type = "Handshake";
631                         break;
632                         }
633
634                 if (content_type == 21) /* Alert */
635                         {
636                         str_details1 = ", ???";
637                         
638                         if (len == 2)
639                                 {
640                                 switch (((const unsigned char*)buf)[0])
641                                         {
642                                 case 1:
643                                         str_details1 = ", warning";
644                                         break;
645                                 case 2:
646                                         str_details1 = ", fatal";
647                                         break;
648                                         }
649
650                                 str_details2 = " ???";
651                                 switch (((const unsigned char*)buf)[1])
652                                         {
653                                 case 0:
654                                         str_details2 = " close_notify";
655                                         break;
656                                 case 10:
657                                         str_details2 = " unexpected_message";
658                                         break;
659                                 case 20:
660                                         str_details2 = " bad_record_mac";
661                                         break;
662                                 case 21:
663                                         str_details2 = " decryption_failed";
664                                         break;
665                                 case 22:
666                                         str_details2 = " record_overflow";
667                                         break;
668                                 case 30:
669                                         str_details2 = " decompression_failure";
670                                         break;
671                                 case 40:
672                                         str_details2 = " handshake_failure";
673                                         break;
674                                 case 42:
675                                         str_details2 = " bad_certificate";
676                                         break;
677                                 case 43:
678                                         str_details2 = " unsupported_certificate";
679                                         break;
680                                 case 44:
681                                         str_details2 = " certificate_revoked";
682                                         break;
683                                 case 45:
684                                         str_details2 = " certificate_expired";
685                                         break;
686                                 case 46:
687                                         str_details2 = " certificate_unknown";
688                                         break;
689                                 case 47:
690                                         str_details2 = " illegal_parameter";
691                                         break;
692                                 case 48:
693                                         str_details2 = " unknown_ca";
694                                         break;
695                                 case 49:
696                                         str_details2 = " access_denied";
697                                         break;
698                                 case 50:
699                                         str_details2 = " decode_error";
700                                         break;
701                                 case 51:
702                                         str_details2 = " decrypt_error";
703                                         break;
704                                 case 60:
705                                         str_details2 = " export_restriction";
706                                         break;
707                                 case 70:
708                                         str_details2 = " protocol_version";
709                                         break;
710                                 case 71:
711                                         str_details2 = " insufficient_security";
712                                         break;
713                                 case 80:
714                                         str_details2 = " internal_error";
715                                         break;
716                                 case 90:
717                                         str_details2 = " user_canceled";
718                                         break;
719                                 case 100:
720                                         str_details2 = " no_renegotiation";
721                                         break;
722                                 case 110:
723                                         str_details2 = " unsupported_extension";
724                                         break;
725                                 case 111:
726                                         str_details2 = " certificate_unobtainable";
727                                         break;
728                                 case 112:
729                                         str_details2 = " unrecognized_name";
730                                         break;
731                                 case 113:
732                                         str_details2 = " bad_certificate_status_response";
733                                         break;
734                                 case 114:
735                                         str_details2 = " bad_certificate_hash_value";
736                                         break;
737                                 case 115:
738                                         str_details2 = " unknown_psk_identity";
739                                         break;
740                                         }
741                                 }
742                         }
743                 
744                 if (content_type == 22) /* Handshake */
745                         {
746                         str_details1 = "???";
747
748                         if (len > 0)
749                                 {
750                                 switch (((const unsigned char*)buf)[0])
751                                         {
752                                 case 0:
753                                         str_details1 = ", HelloRequest";
754                                         break;
755                                 case 1:
756                                         str_details1 = ", ClientHello";
757                                         break;
758                                 case 2:
759                                         str_details1 = ", ServerHello";
760                                         break;
761                                 case 3:
762                                         str_details1 = ", HelloVerifyRequest";
763                                         break;
764                                 case 11:
765                                         str_details1 = ", Certificate";
766                                         break;
767                                 case 12:
768                                         str_details1 = ", ServerKeyExchange";
769                                         break;
770                                 case 13:
771                                         str_details1 = ", CertificateRequest";
772                                         break;
773                                 case 14:
774                                         str_details1 = ", ServerHelloDone";
775                                         break;
776                                 case 15:
777                                         str_details1 = ", CertificateVerify";
778                                         break;
779                                 case 16:
780                                         str_details1 = ", ClientKeyExchange";
781                                         break;
782                                 case 20:
783                                         str_details1 = ", Finished";
784                                         break;
785                                         }
786                                 }
787                         }
788
789 #ifndef OPENSSL_NO_HEARTBEATS
790                 if (content_type == 24) /* Heartbeat */
791                         {
792                         str_details1 = ", Heartbeat";
793                         
794                         if (len > 0)
795                                 {
796                                 switch (((const unsigned char*)buf)[0])
797                                         {
798                                 case 1:
799                                         str_details1 = ", HeartbeatRequest";
800                                         break;
801                                 case 2:
802                                         str_details1 = ", HeartbeatResponse";
803                                         break;
804                                         }
805                                 }
806                         }
807 #endif
808                 }
809
810         BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long)len, str_details1, str_details2);
811
812         if (len > 0)
813                 {
814                 size_t num, i;
815                 
816                 BIO_printf(bio, "   ");
817                 num = len;
818 #if 0
819                 if (num > 16)
820                         num = 16;
821 #endif
822                 for (i = 0; i < num; i++)
823                         {
824                         if (i % 16 == 0 && i > 0)
825                                 BIO_printf(bio, "\n   ");
826                         BIO_printf(bio, " %02x", ((const unsigned char*)buf)[i]);
827                         }
828                 if (i < len)
829                         BIO_printf(bio, " ...");
830                 BIO_printf(bio, "\n");
831                 }
832         (void)BIO_flush(bio);
833         }
834
835 void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
836                                         unsigned char *data, int len,
837                                         void *arg)
838         {
839         BIO *bio = arg;
840         char *extname;
841
842         switch(type)
843                 {
844                 case TLSEXT_TYPE_server_name:
845                 extname = "server name";
846                 break;
847
848                 case TLSEXT_TYPE_max_fragment_length:
849                 extname = "max fragment length";
850                 break;
851
852                 case TLSEXT_TYPE_client_certificate_url:
853                 extname = "client certificate URL";
854                 break;
855
856                 case TLSEXT_TYPE_trusted_ca_keys:
857                 extname = "trusted CA keys";
858                 break;
859
860                 case TLSEXT_TYPE_truncated_hmac:
861                 extname = "truncated HMAC";
862                 break;
863
864                 case TLSEXT_TYPE_status_request:
865                 extname = "status request";
866                 break;
867
868                 case TLSEXT_TYPE_user_mapping:
869                 extname = "user mapping";
870                 break;
871
872                 case TLSEXT_TYPE_client_authz:
873                 extname = "client authz";
874                 break;
875
876                 case TLSEXT_TYPE_server_authz:
877                 extname = "server authz";
878                 break;
879
880                 case TLSEXT_TYPE_cert_type:
881                 extname = "cert type";
882                 break;
883
884                 case TLSEXT_TYPE_elliptic_curves:
885                 extname = "elliptic curves";
886                 break;
887
888                 case TLSEXT_TYPE_ec_point_formats:
889                 extname = "EC point formats";
890                 break;
891
892                 case TLSEXT_TYPE_srp:
893                 extname = "SRP";
894                 break;
895
896                 case TLSEXT_TYPE_signature_algorithms:
897                 extname = "signature algorithms";
898                 break;
899
900                 case TLSEXT_TYPE_use_srtp:
901                 extname = "use SRTP";
902                 break;
903
904                 case TLSEXT_TYPE_heartbeat:
905                 extname = "heartbeat";
906                 break;
907
908                 case TLSEXT_TYPE_session_ticket:
909                 extname = "session ticket";
910                 break;
911
912                 case TLSEXT_TYPE_renegotiate: 
913                 extname = "renegotiation info";
914                 break;
915
916 #ifdef TLSEXT_TYPE_opaque_prf_input
917                 case TLSEXT_TYPE_opaque_prf_input:
918                 extname = "opaque PRF input";
919                 break;
920 #endif
921 #ifdef TLSEXT_TYPE_next_proto_neg
922                 case TLSEXT_TYPE_next_proto_neg:
923                 extname = "next protocol";
924                 break;
925 #endif
926
927                 default:
928                 extname = "unknown";
929                 break;
930
931                 }
932         
933         BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n",
934                         client_server ? "server": "client",
935                         extname, type, len);
936         BIO_dump(bio, (char *)data, len);
937         (void)BIO_flush(bio);
938         }
939
940 int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)
941         {
942         unsigned char *buffer, result[EVP_MAX_MD_SIZE];
943         unsigned int length, resultlength;
944         union {
945                 struct sockaddr sa;
946                 struct sockaddr_in s4;
947 #if OPENSSL_USE_IPV6
948                 struct sockaddr_in6 s6;
949 #endif
950         } peer;
951
952         /* Initialize a random secret */
953         if (!cookie_initialized)
954                 {
955                 if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH))
956                         {
957                         BIO_printf(bio_err,"error setting random cookie secret\n");
958                         return 0;
959                         }
960                 cookie_initialized = 1;
961                 }
962
963         /* Read peer information */
964         (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
965
966         /* Create buffer with peer's address and port */
967         length = 0;
968         switch (peer.sa.sa_family)
969                 {
970         case AF_INET:
971                 length += sizeof(struct in_addr);
972                 length += sizeof(peer.s4.sin_port);
973                 break;
974 #if OPENSSL_USE_IPV6
975         case AF_INET6:
976                 length += sizeof(struct in6_addr);
977                 length += sizeof(peer.s6.sin6_port);
978                 break;
979 #endif
980         default:
981                 OPENSSL_assert(0);
982                 break;
983                 }
984         buffer = OPENSSL_malloc(length);
985
986         if (buffer == NULL)
987                 {
988                 BIO_printf(bio_err,"out of memory\n");
989                 return 0;
990                 }
991
992         switch (peer.sa.sa_family)
993                 {
994         case AF_INET:
995                 memcpy(buffer,
996                        &peer.s4.sin_port,
997                        sizeof(peer.s4.sin_port));
998                 memcpy(buffer + sizeof(peer.s4.sin_port),
999                        &peer.s4.sin_addr,
1000                        sizeof(struct in_addr));
1001                 break;
1002 #if OPENSSL_USE_IPV6
1003         case AF_INET6:
1004                 memcpy(buffer,
1005                        &peer.s6.sin6_port,
1006                        sizeof(peer.s6.sin6_port));
1007                 memcpy(buffer + sizeof(peer.s6.sin6_port),
1008                        &peer.s6.sin6_addr,
1009                        sizeof(struct in6_addr));
1010                 break;
1011 #endif
1012         default:
1013                 OPENSSL_assert(0);
1014                 break;
1015                 }
1016
1017         /* Calculate HMAC of buffer using the secret */
1018         HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
1019              buffer, length, result, &resultlength);
1020         OPENSSL_free(buffer);
1021
1022         memcpy(cookie, result, resultlength);
1023         *cookie_len = resultlength;
1024
1025         return 1;
1026         }
1027
1028 int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)
1029         {
1030         unsigned char *buffer, result[EVP_MAX_MD_SIZE];
1031         unsigned int length, resultlength;
1032         union {
1033                 struct sockaddr sa;
1034                 struct sockaddr_in s4;
1035 #if OPENSSL_USE_IPV6
1036                 struct sockaddr_in6 s6;
1037 #endif
1038         } peer;
1039
1040         /* If secret isn't initialized yet, the cookie can't be valid */
1041         if (!cookie_initialized)
1042                 return 0;
1043
1044         /* Read peer information */
1045         (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
1046
1047         /* Create buffer with peer's address and port */
1048         length = 0;
1049         switch (peer.sa.sa_family)
1050                 {
1051         case AF_INET:
1052                 length += sizeof(struct in_addr);
1053                 length += sizeof(peer.s4.sin_port);
1054                 break;
1055 #if OPENSSL_USE_IPV6
1056         case AF_INET6:
1057                 length += sizeof(struct in6_addr);
1058                 length += sizeof(peer.s6.sin6_port);
1059                 break;
1060 #endif
1061         default:
1062                 OPENSSL_assert(0);
1063                 break;
1064                 }
1065         buffer = OPENSSL_malloc(length);
1066         
1067         if (buffer == NULL)
1068                 {
1069                 BIO_printf(bio_err,"out of memory\n");
1070                 return 0;
1071                 }
1072
1073         switch (peer.sa.sa_family)
1074                 {
1075         case AF_INET:
1076                 memcpy(buffer,
1077                        &peer.s4.sin_port,
1078                        sizeof(peer.s4.sin_port));
1079                 memcpy(buffer + sizeof(peer.s4.sin_port),
1080                        &peer.s4.sin_addr,
1081                        sizeof(struct in_addr));
1082                 break;
1083 #if OPENSSL_USE_IPV6
1084         case AF_INET6:
1085                 memcpy(buffer,
1086                        &peer.s6.sin6_port,
1087                        sizeof(peer.s6.sin6_port));
1088                 memcpy(buffer + sizeof(peer.s6.sin6_port),
1089                        &peer.s6.sin6_addr,
1090                        sizeof(struct in6_addr));
1091                 break;
1092 #endif
1093         default:
1094                 OPENSSL_assert(0);
1095                 break;
1096                 }
1097
1098         /* Calculate HMAC of buffer using the secret */
1099         HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
1100              buffer, length, result, &resultlength);
1101         OPENSSL_free(buffer);
1102
1103         if (cookie_len == resultlength && memcmp(result, cookie, resultlength) == 0)
1104                 return 1;
1105
1106         return 0;
1107         }
1108
1109 /* Example of extended certificate handling. Where the standard support
1110  * of one certificate per algorithm is not sufficient an application
1111  * can decide which certificate(s) to use at runtime based on whatever
1112  * criteria it deems appropriate.
1113  */
1114
1115 /* Linked list of certificates, keys and chains */
1116 struct  ssl_excert_st
1117         {
1118         int certform;
1119         const char *certfile;
1120         int keyform;
1121         const char *keyfile;
1122         const char *chainfile;
1123         X509 *cert;
1124         EVP_PKEY *key;
1125         STACK_OF(X509) *chain;
1126         struct ssl_excert_st *next, *prev;
1127         };
1128
1129 /* Very basic selection callback: just use any certificate chain
1130  * reported as valid. More sophisticated could prioritise according
1131  * to local policy.
1132  */
1133 static int set_cert_cb(SSL *ssl, void *arg)
1134         {
1135         SSL_EXCERT *exc = arg;
1136         SSL_certs_clear(ssl);
1137
1138         if (!exc)
1139                 return 1;
1140
1141         /* Go to end of list and traverse backwards since we prepend
1142          * newer entries this retains the original order.
1143          */
1144         while (exc->next)
1145                 exc = exc->next;
1146         
1147         while(exc)
1148                 {
1149                 if (SSL_check_chain(ssl, exc->cert, exc->key, exc->chain))
1150                         {
1151                         SSL_use_certificate(ssl, exc->cert);
1152                         SSL_use_PrivateKey(ssl, exc->key);
1153                         if (exc->chain)
1154                                 SSL_set1_chain(ssl, exc->chain);
1155                         }
1156                 exc = exc->prev;
1157                 }
1158         return 1;
1159         }
1160
1161 void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc)
1162         {
1163         SSL_CTX_set_cert_cb(ctx, set_cert_cb, exc);
1164         }
1165
1166 static int ssl_excert_prepend(SSL_EXCERT **pexc)
1167         {
1168         SSL_EXCERT *exc;
1169         exc = OPENSSL_malloc(sizeof(SSL_EXCERT));
1170         if (!exc)
1171                 return 0;
1172         exc->certfile = NULL;
1173         exc->keyfile = NULL;
1174         exc->chainfile = NULL;
1175         exc->cert = NULL;
1176         exc->key = NULL;
1177         exc->chain = NULL;
1178         exc->prev = NULL;
1179
1180         exc->next = *pexc;
1181         *pexc = exc;
1182                         
1183         if (exc->next)
1184                 {
1185                 exc->certform = exc->next->certform;
1186                 exc->keyform = exc->next->keyform;
1187                 exc->next->prev = exc;
1188                 }
1189         else
1190                 {
1191                 exc->certform = FORMAT_PEM;
1192                 exc->keyform = FORMAT_PEM;
1193                 }
1194         return 1;
1195
1196         }
1197
1198 void ssl_excert_free(SSL_EXCERT *exc)
1199         {
1200         SSL_EXCERT *curr;
1201         while (exc)
1202                 {
1203                 if (exc->cert)
1204                         X509_free(exc->cert);
1205                 if (exc->key)
1206                         EVP_PKEY_free(exc->key);
1207                 if (exc->chain)
1208                         sk_X509_pop_free(exc->chain, X509_free);
1209                 curr = exc;
1210                 exc = exc->next;
1211                 OPENSSL_free(curr);
1212                 }
1213         }
1214
1215 int load_excert(SSL_EXCERT **pexc, BIO *err)
1216         {
1217         SSL_EXCERT *exc = *pexc;
1218         if (!exc)
1219                 return 1;
1220         /* If nothing in list, free and set to NULL */
1221         if (!exc->certfile && !exc->next)
1222                 {
1223                 ssl_excert_free(exc);
1224                 *pexc = NULL;
1225                 return 1;
1226                 }
1227         for(; exc; exc=exc->next)
1228                 {
1229                 if (!exc->certfile)
1230                         {
1231                         BIO_printf(err, "Missing filename\n");
1232                         return 0;
1233                         }
1234                 exc->cert = load_cert(err, exc->certfile, exc->certform,
1235                                         NULL, NULL, "Server Certificate");
1236                 if (!exc->cert)
1237                         return 0;
1238                 if (exc->keyfile)
1239                         exc->keyfile = exc->certfile;
1240                 exc->key = load_key(err, exc->certfile, exc->certform, 0,
1241                                         NULL, NULL, "Server Certificate");
1242                 if (!exc->key)
1243                         return 0;
1244                 if (exc->chainfile)
1245                         {
1246                         exc->chain = load_certs(err,
1247                                                 exc->chainfile, FORMAT_PEM,
1248                                                 NULL, NULL,
1249                                                 "Server Chain");
1250                         if (!exc->chainfile)
1251                                 return 0;
1252                         }
1253                 }
1254         return 1;
1255         }
1256                 
1257
1258 int args_excert(char ***pargs, int *pargc,
1259                         int *badarg, BIO *err, SSL_EXCERT **pexc)
1260         {
1261         char *arg = **pargs, *argn = (*pargs)[1];
1262         SSL_EXCERT *exc = *pexc;
1263         if (!exc)
1264                 {
1265                 if (ssl_excert_prepend(&exc))
1266                         *pexc = exc;
1267                 else
1268                         {
1269                         BIO_printf(err, "Error initialising xcert\n");
1270                         *badarg = 1;
1271                         goto err;
1272                         }
1273                 }
1274         if (strcmp(arg, "-xcert") == 0)
1275                 {
1276                 if (!argn)
1277                         {
1278                         *badarg = 1;
1279                         return 1;
1280                         }
1281                 if (exc->certfile && !ssl_excert_prepend(&exc))
1282                         {
1283                         BIO_printf(err, "Error adding xcert\n");
1284                         *badarg = 1;
1285                         goto err;
1286                         }
1287                 exc->certfile = argn;
1288                 }
1289         else if (strcmp(arg,"-xkey") == 0)
1290                 {
1291                 if (!argn)
1292                         {
1293                         *badarg = 1;
1294                         return 1;
1295                         }
1296                 if (exc->keyfile)
1297                         {
1298                         BIO_printf(err, "Key already specified\n");
1299                         *badarg = 1;
1300                         return 1;
1301                         }
1302                 exc->keyfile = argn;
1303                 }
1304         else if (strcmp(arg,"-xchain") == 0)
1305                 {
1306                 if (!argn)
1307                         {
1308                         *badarg = 1;
1309                         return 1;
1310                         }
1311                 if (exc->chainfile)
1312                         {
1313                         BIO_printf(err, "Chain already specified\n");
1314                         *badarg = 1;
1315                         return 1;
1316                         }
1317                 exc->chainfile = argn;
1318                 }
1319         else if (strcmp(arg,"-xcertform") == 0)
1320                 {
1321                 if (!argn)
1322                         {
1323                         *badarg = 1;
1324                         goto err;
1325                         }
1326                 exc->certform = str2fmt(argn);
1327                 }
1328         else if (strcmp(arg,"-xkeyform") == 0)
1329                 {
1330                 if (!argn)
1331                         {
1332                         *badarg = 1;
1333                         goto err;
1334                         }
1335                 exc->keyform = str2fmt(argn);
1336                 }
1337         else
1338                 return 0;
1339
1340         (*pargs) += 2;
1341
1342         if (pargc)
1343                 *pargc -= 2;
1344
1345         *pexc = exc;
1346
1347         return 1;
1348
1349         err:
1350         ERR_print_errors(err);
1351         ssl_excert_free(exc);
1352         *pexc = NULL;
1353         return 1;
1354         }
1355