1656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */ 2656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * All rights reserved. 4656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This package is an SSL implementation written 6656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * by Eric Young (eay@cryptsoft.com). 7656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The implementation was written so as to conform with Netscapes SSL. 8656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 9656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This library is free for commercial and non-commercial use as long as 10656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the following conditions are aheared to. The following conditions 11656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * apply to all code found in this distribution, be it the RC4, RSA, 12656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * included with this distribution is covered by the same copyright terms 14656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 16656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Copyright remains Eric Young's, and as such any Copyright notices in 17656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the code are not to be removed. 18656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * If this package is used in a product, Eric Young should be given attribution 19656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * as the author of the parts of the library used. 20656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This can be in the form of a textual message at program startup or 21656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * in documentation (online or textual) provided with the package. 22656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 23656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Redistribution and use in source and binary forms, with or without 24656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modification, are permitted provided that the following conditions 25656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * are met: 26656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1. Redistributions of source code must retain the copyright 27656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer. 28656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 29656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer in the 30656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * documentation and/or other materials provided with the distribution. 31656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3. All advertising materials mentioning features or use of this software 32656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * must display the following acknowledgement: 33656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes cryptographic software written by 34656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Eric Young (eay@cryptsoft.com)" 35656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The word 'cryptographic' can be left out if the rouines from the library 36656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * being used are not cryptographic related :-). 37656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 4. If you include any Windows specific code (or a derivative thereof) from 38656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the apps directory (application code) you must include an acknowledgement: 39656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 41656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SUCH DAMAGE. 52656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 53656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The licence and distribution terms for any publically available version or 54656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * derivative of this code cannot be changed. i.e. this code cannot simply be 55656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * copied and put under another distribution licence 56656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * [including the GNU Public Licence.] 57656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 58656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ==================================================================== 59221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 60656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 61656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Redistribution and use in source and binary forms, with or without 62656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modification, are permitted provided that the following conditions 63656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * are met: 64656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 65656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1. Redistributions of source code must retain the above copyright 66656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer. 67656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 68656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 69656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer in 70656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the documentation and/or other materials provided with the 71656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * distribution. 72656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 73656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3. All advertising materials mentioning features or use of this 74656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * software must display the following acknowledgment: 75656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software developed by the OpenSSL Project 76656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 78656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * endorse or promote products derived from this software without 80656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * prior written permission. For written permission, please contact 81656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * openssl-core@openssl.org. 82656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 83656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5. Products derived from this software may not be called "OpenSSL" 84656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * nor may "OpenSSL" appear in their names without prior written 85656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * permission of the OpenSSL Project. 86656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 87656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 6. Redistributions of any form whatsoever must retain the following 88656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * acknowledgment: 89656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software developed by the OpenSSL Project 90656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 92656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OF THE POSSIBILITY OF SUCH DAMAGE. 104656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ==================================================================== 105656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 106656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This product includes cryptographic software written by Eric Young 107656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * (eay@cryptsoft.com). This product includes software written by Tim 108656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Hudson (tjh@cryptsoft.com). 109656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 112656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <stdio.h> 113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <stdlib.h> 114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define USE_SOCKETS 115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define NON_MAIN 116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "apps.h" 117656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#undef NON_MAIN 118656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#undef USE_SOCKETS 119656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/err.h> 12098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom#include <openssl/rand.h> 121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/x509.h> 122656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/ssl.h> 123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "s_apps.h" 124656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 12598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom#define COOKIE_SECRET_LENGTH 16 12698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 127656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint verify_depth=0; 128656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint verify_error=X509_V_OK; 129221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromint verify_return_error=0; 13098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstromunsigned char cookie_secret[COOKIE_SECRET_LENGTH]; 13198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstromint cookie_initialized=0; 132656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 133656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) 134656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 135656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509 *err_cert; 136656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int err,depth; 137656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 138656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project err_cert=X509_STORE_CTX_get_current_cert(ctx); 139656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project err= X509_STORE_CTX_get_error(ctx); 140656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project depth= X509_STORE_CTX_get_error_depth(ctx); 141656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 142221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_printf(bio_err,"depth=%d ",depth); 143221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (err_cert) 144221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 145221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert), 146221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 0, XN_FLAG_ONELINE); 147221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_puts(bio_err, "\n"); 148221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 149221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else 150221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_puts(bio_err, "<no cert>\n"); 151656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ok) 152656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 153656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"verify error:num=%d:%s\n",err, 154656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_verify_cert_error_string(err)); 155656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (verify_depth >= depth) 156656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 157221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!verify_return_error) 158221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ok=1; 159656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project verify_error=X509_V_OK; 160656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 161656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 162656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 163656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ok=0; 164656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG; 165656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 166656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 167221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom switch (err) 168656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 170221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_puts(bio_err,"issuer= "); 171221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), 172221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 0, XN_FLAG_ONELINE); 173221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_puts(bio_err, "\n"); 174656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 175656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case X509_V_ERR_CERT_NOT_YET_VALID: 176656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: 177656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"notBefore="); 178221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert)); 179656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"\n"); 180656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 181656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case X509_V_ERR_CERT_HAS_EXPIRED: 182656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: 183656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"notAfter="); 184221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert)); 185656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"\n"); 186656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 187221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case X509_V_ERR_NO_EXPLICIT_POLICY: 188221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom policies_print(bio_err, ctx); 189221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom break; 190656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 191221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (err == X509_V_OK && ok == 2) 192221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom policies_print(bio_err, ctx); 193221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 194656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"verify return:%d\n",ok); 195656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ok); 196656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 197656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 198656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) 199656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 200656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (cert_file != NULL) 201656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 202656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* 203656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL *ssl; 204656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509 *x509; 205656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 206656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 207656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (SSL_CTX_use_certificate_file(ctx,cert_file, 208656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_FILETYPE_PEM) <= 0) 209656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 210656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"unable to get certificate from '%s'\n",cert_file); 211656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 212656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 213656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 214656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (key_file == NULL) key_file=cert_file; 215656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (SSL_CTX_use_PrivateKey_file(ctx,key_file, 216656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_FILETYPE_PEM) <= 0) 217656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 218656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"unable to get private key from '%s'\n",key_file); 219656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 220656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 221656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 222656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 223656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* 224656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project In theory this is no longer needed 225656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ssl=SSL_new(ctx); 226656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project x509=SSL_get_certificate(ssl); 227656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 228656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (x509 != NULL) { 229656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY *pktmp; 230656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project pktmp = X509_get_pubkey(x509); 231656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY_copy_parameters(pktmp, 232656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_get_privatekey(ssl)); 233656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project EVP_PKEY_free(pktmp); 234656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 235656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_free(ssl); 236656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 237656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 238656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* If we are using DSA, we can copy the parameters from 239656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the private key */ 24004ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom 24104ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom 242656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Now we know that a key and cert have been set against 243656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the SSL context */ 244656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!SSL_CTX_check_private_key(ctx)) 245656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 246656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Private key does not match the certificate public key\n"); 247656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 248656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 249656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 250656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 251656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 252656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 253656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key) 254656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 255656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (cert == NULL) 256656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 257656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (SSL_CTX_use_certificate(ctx,cert) <= 0) 258656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 259656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"error setting certificate\n"); 260656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 261656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 262656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 263656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (SSL_CTX_use_PrivateKey(ctx,key) <= 0) 264656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 265656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"error setting private key\n"); 266656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_print_errors(bio_err); 267656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 268656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 269656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 270656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 271656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Now we know that a key and cert have been set against 272656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the SSL context */ 273656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!SSL_CTX_check_private_key(ctx)) 274656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"Private key does not match the certificate public key\n"); 276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 277656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 278656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 279656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 281656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectlong MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, 282221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int argi, long argl, long ret) 283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 284656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *out; 285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project out=(BIO *)BIO_get_callback_arg(bio); 287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (out == NULL) return(ret); 288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) 290656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 291221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_printf(out,"read from %p [%p] (%lu bytes => %ld (0x%lX))\n", 292221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom (void *)bio,argp,(unsigned long)argi,ret,ret); 293656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_dump(out,argp,(int)ret); 294656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 295656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 296656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) 297656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 298221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom BIO_printf(out,"write to %p [%p] (%lu bytes => %ld (0x%lX))\n", 299221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom (void *)bio,argp,(unsigned long)argi,ret,ret); 300656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_dump(out,argp,(int)ret); 301656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 302656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 303656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 304656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 305656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret) 306656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 307656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const char *str; 308656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int w; 309656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 310656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project w=where& ~SSL_ST_MASK; 311656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 312656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (w & SSL_ST_CONNECT) str="SSL_connect"; 313656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (w & SSL_ST_ACCEPT) str="SSL_accept"; 314656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else str="undefined"; 315656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 316656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (where & SSL_CB_LOOP) 317656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 318656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s)); 319656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 320656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (where & SSL_CB_ALERT) 321656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 322656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str=(where & SSL_CB_READ)?"read":"write"; 323656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n", 324656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str, 325656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_alert_type_string_long(ret), 326656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project SSL_alert_desc_string_long(ret)); 327656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 328656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (where & SSL_CB_EXIT) 329656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 330656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret == 0) 331656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"%s:failed in %s\n", 332656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str,SSL_state_string_long(s)); 333656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (ret < 0) 334656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 335656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio_err,"%s:error in %s\n", 336656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str,SSL_state_string_long(s)); 337656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 338656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 339656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 340656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 341656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 342656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg) 343656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 344656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *bio = arg; 345656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2= ""; 346656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 347656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_write_p = write_p ? ">>>" : "<<<"; 348656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 349656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch (version) 350656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 351656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL2_VERSION: 352656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_version = "SSL 2.0"; 353656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 354656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case SSL3_VERSION: 355656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_version = "SSL 3.0 "; 356656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 357656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case TLS1_VERSION: 358656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_version = "TLS 1.0 "; 359656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 360392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom case TLS1_1_VERSION: 361392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom str_version = "TLS 1.1 "; 362392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom break; 363392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom case TLS1_2_VERSION: 364392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom str_version = "TLS 1.2 "; 365392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom break; 36698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom case DTLS1_VERSION: 36798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom str_version = "DTLS 1.0 "; 36898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom break; 36998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom case DTLS1_BAD_VER: 37098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom str_version = "DTLS 1.0 (bad) "; 37198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom break; 372221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom default: 373221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom str_version = "???"; 374656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 375656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 376656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (version == SSL2_VERSION) 377656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 378656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details1 = "???"; 379656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 380656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (len > 0) 381656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 382656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch (((const unsigned char*)buf)[0]) 383656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 384656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 0: 385656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details1 = ", ERROR:"; 386656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details2 = " ???"; 387656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (len >= 3) 388656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 389656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2]; 390656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 391656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch (err) 392656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 393656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 0x0001: 394656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details2 = " NO-CIPHER-ERROR"; 395656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 396656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 0x0002: 397656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details2 = " NO-CERTIFICATE-ERROR"; 398656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 399656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 0x0004: 400656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details2 = " BAD-CERTIFICATE-ERROR"; 401656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 402656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 0x0006: 403656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR"; 404656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 405656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 406656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 407656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 408656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 409656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 1: 410656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details1 = ", CLIENT-HELLO"; 411656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 412656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 2: 413656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details1 = ", CLIENT-MASTER-KEY"; 414656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 415656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 3: 416656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details1 = ", CLIENT-FINISHED"; 417656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 418656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 4: 419656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details1 = ", SERVER-HELLO"; 420656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 421656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 5: 422656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details1 = ", SERVER-VERIFY"; 423656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 424656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 6: 425656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details1 = ", SERVER-FINISHED"; 426656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 427656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 7: 428656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details1 = ", REQUEST-CERTIFICATE"; 429656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 430656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 8: 431656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details1 = ", CLIENT-CERTIFICATE"; 432656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 433656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 434656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 435656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 436656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 43798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (version == SSL3_VERSION || 43898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom version == TLS1_VERSION || 43904ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom version == TLS1_1_VERSION || 44004ef91b390dfcc6125913e2f2af502d23d7a5112Brian Carlstrom version == TLS1_2_VERSION || 44198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom version == DTLS1_VERSION || 44298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom version == DTLS1_BAD_VER) 443656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 444656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch (content_type) 445656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 446656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 20: 447656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_content_type = "ChangeCipherSpec"; 448656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 449656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 21: 450656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_content_type = "Alert"; 451656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 452656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 22: 453656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_content_type = "Handshake"; 454656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 455656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 456656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 457656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (content_type == 21) /* Alert */ 458656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 459656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details1 = ", ???"; 460656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 461656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (len == 2) 462656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 463656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch (((const unsigned char*)buf)[0]) 464656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 465656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 1: 466656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details1 = ", warning"; 467656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 468656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 2: 469656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details1 = ", fatal"; 470656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 471656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 472656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 473656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details2 = " ???"; 474656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch (((const unsigned char*)buf)[1]) 475656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 476656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 0: 477656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details2 = " close_notify"; 478656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 479656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 10: 480656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details2 = " unexpected_message"; 481656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 482656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 20: 483656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details2 = " bad_record_mac"; 484656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 485656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 21: 486656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details2 = " decryption_failed"; 487656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 488656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 22: 489656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details2 = " record_overflow"; 490656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 491656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 30: 492656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details2 = " decompression_failure"; 493656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 494656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 40: 495656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details2 = " handshake_failure"; 496656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 497656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 42: 498656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details2 = " bad_certificate"; 499656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 500656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 43: 501656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details2 = " unsupported_certificate"; 502656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 503656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 44: 504656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details2 = " certificate_revoked"; 505656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 506656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 45: 507656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details2 = " certificate_expired"; 508656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 509656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 46: 510656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details2 = " certificate_unknown"; 511656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 512656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 47: 513656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details2 = " illegal_parameter"; 514656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 515656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 48: 516656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details2 = " unknown_ca"; 517656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 518656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 49: 519656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details2 = " access_denied"; 520656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 521656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 50: 522656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details2 = " decode_error"; 523656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 524656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 51: 525656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details2 = " decrypt_error"; 526656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 527656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 60: 528656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details2 = " export_restriction"; 529656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 530656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 70: 531656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details2 = " protocol_version"; 532656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 533656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 71: 534656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details2 = " insufficient_security"; 535656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 536656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 80: 537656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details2 = " internal_error"; 538656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 539656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 90: 540656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details2 = " user_canceled"; 541656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 542656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 100: 543656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details2 = " no_renegotiation"; 544656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 545221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case 110: 546221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom str_details2 = " unsupported_extension"; 547221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom break; 548221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case 111: 549221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom str_details2 = " certificate_unobtainable"; 550221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom break; 551221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case 112: 552221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom str_details2 = " unrecognized_name"; 553221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom break; 554221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case 113: 555221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom str_details2 = " bad_certificate_status_response"; 556221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom break; 557221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case 114: 558221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom str_details2 = " bad_certificate_hash_value"; 559221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom break; 560392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom case 115: 561392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom str_details2 = " unknown_psk_identity"; 562392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom break; 563656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 564656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 565656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 566656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 567656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (content_type == 22) /* Handshake */ 568656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 569656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details1 = "???"; 570656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 571656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (len > 0) 572656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 573656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch (((const unsigned char*)buf)[0]) 574656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 575656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 0: 576656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details1 = ", HelloRequest"; 577656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 578656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 1: 579656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details1 = ", ClientHello"; 580656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 581656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 2: 582656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details1 = ", ServerHello"; 583656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 584221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case 3: 585221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom str_details1 = ", HelloVerifyRequest"; 586221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom break; 587656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 11: 588656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details1 = ", Certificate"; 589656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 590656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 12: 591656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details1 = ", ServerKeyExchange"; 592656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 593656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 13: 594656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details1 = ", CertificateRequest"; 595656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 596656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 14: 597656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details1 = ", ServerHelloDone"; 598656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 599656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 15: 600656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details1 = ", CertificateVerify"; 601656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 602656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 16: 603656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details1 = ", ClientKeyExchange"; 604656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 605656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case 20: 606656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project str_details1 = ", Finished"; 607656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 608656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 609656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 610656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 611392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 612392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifndef OPENSSL_NO_HEARTBEATS 613392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (content_type == 24) /* Heartbeat */ 614392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 615392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom str_details1 = ", Heartbeat"; 616392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 617392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom if (len > 0) 618392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 619392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom switch (((const unsigned char*)buf)[0]) 620392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom { 621392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom case 1: 622392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom str_details1 = ", HeartbeatRequest"; 623392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom break; 624392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom case 2: 625392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom str_details1 = ", HeartbeatResponse"; 626392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom break; 627392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 628392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 629392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom } 630392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 631656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 632656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 633656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long)len, str_details1, str_details2); 634656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 635656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (len > 0) 636656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 637656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project size_t num, i; 638656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 639656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio, " "); 640656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project num = len; 641656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#if 0 642656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (num > 16) 643656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project num = 16; 644656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 645656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (i = 0; i < num; i++) 646656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 647656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i % 16 == 0 && i > 0) 648656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio, "\n "); 649656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio, " %02x", ((const unsigned char*)buf)[i]); 650656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 651656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i < len) 652656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio, " ..."); 653656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio, "\n"); 654656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 655656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (void)BIO_flush(bio); 656656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 657656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 658656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type, 659656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *data, int len, 660656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project void *arg) 661656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 662656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO *bio = arg; 663656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project char *extname; 664656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 665656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch(type) 666656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 667656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case TLSEXT_TYPE_server_name: 668656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project extname = "server name"; 669656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 670656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 671656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case TLSEXT_TYPE_max_fragment_length: 672656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project extname = "max fragment length"; 673656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 674656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 675656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case TLSEXT_TYPE_client_certificate_url: 676656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project extname = "client certificate URL"; 677656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 678656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 679656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case TLSEXT_TYPE_trusted_ca_keys: 680656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project extname = "trusted CA keys"; 681656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 682656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 683656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case TLSEXT_TYPE_truncated_hmac: 684656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project extname = "truncated HMAC"; 685656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 686656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 687656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case TLSEXT_TYPE_status_request: 688656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project extname = "status request"; 689656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 690656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 691392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom case TLSEXT_TYPE_user_mapping: 692392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom extname = "user mapping"; 693392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom break; 694392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 695392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom case TLSEXT_TYPE_client_authz: 696392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom extname = "client authz"; 697392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom break; 698392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 699392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom case TLSEXT_TYPE_server_authz: 700392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom extname = "server authz"; 701392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom break; 702392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 703392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom case TLSEXT_TYPE_cert_type: 704392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom extname = "cert type"; 705392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom break; 706392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 707656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case TLSEXT_TYPE_elliptic_curves: 708656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project extname = "elliptic curves"; 709656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 710656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 711656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case TLSEXT_TYPE_ec_point_formats: 712656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project extname = "EC point formats"; 713656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 714656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 715392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom case TLSEXT_TYPE_srp: 716392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom extname = "SRP"; 717392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom break; 718392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 719392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom case TLSEXT_TYPE_signature_algorithms: 720392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom extname = "signature algorithms"; 721392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom break; 722392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 723392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom case TLSEXT_TYPE_use_srtp: 724392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom extname = "use SRTP"; 725392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom break; 726392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 727392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom case TLSEXT_TYPE_heartbeat: 728392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom extname = "heartbeat"; 729392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom break; 730392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom 731656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case TLSEXT_TYPE_session_ticket: 732392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom extname = "session ticket"; 733656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 734656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 735392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom case TLSEXT_TYPE_renegotiate: 736392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom extname = "renegotiation info"; 73798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom break; 738656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 739221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifdef TLSEXT_TYPE_opaque_prf_input 740221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case TLSEXT_TYPE_opaque_prf_input: 741221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom extname = "opaque PRF input"; 742221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom break; 743221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 744392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#ifdef TLSEXT_TYPE_next_proto_neg 745392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom case TLSEXT_TYPE_next_proto_neg: 746392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom extname = "next protocol"; 747392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom break; 748392aa7cc7d2b122614c5393c3e357da07fd07af3Brian Carlstrom#endif 749221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 75077c6be7176c48d2ce4d5979a84876d34204eedafKenny Root case TLSEXT_TYPE_padding: 75177c6be7176c48d2ce4d5979a84876d34204eedafKenny Root extname = "TLS padding"; 75277c6be7176c48d2ce4d5979a84876d34204eedafKenny Root break; 75377c6be7176c48d2ce4d5979a84876d34204eedafKenny Root 754656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project default: 755656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project extname = "unknown"; 756656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 757656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 758656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 759656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 760656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n", 761656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project client_server ? "server": "client", 762656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project extname, type, len); 763656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIO_dump(bio, (char *)data, len); 764656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (void)BIO_flush(bio); 765656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 76698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 76798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstromint MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len) 76898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 76998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom unsigned char *buffer, result[EVP_MAX_MD_SIZE]; 77098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom unsigned int length, resultlength; 771221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom union { 772221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom struct sockaddr sa; 773221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom struct sockaddr_in s4; 774221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#if OPENSSL_USE_IPV6 775221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom struct sockaddr_in6 s6; 776221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 777221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } peer; 778221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 77998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* Initialize a random secret */ 78098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (!cookie_initialized) 78198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 78298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) 78398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 78498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom BIO_printf(bio_err,"error setting random cookie secret\n"); 78598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return 0; 78698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 78798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom cookie_initialized = 1; 78898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 78998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 79098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* Read peer information */ 79198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); 79298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 79398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* Create buffer with peer's address and port */ 794221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom length = 0; 795221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom switch (peer.sa.sa_family) 796221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 797221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case AF_INET: 798221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom length += sizeof(struct in_addr); 799221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom length += sizeof(peer.s4.sin_port); 800221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom break; 801221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#if OPENSSL_USE_IPV6 802221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case AF_INET6: 803221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom length += sizeof(struct in6_addr); 804221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom length += sizeof(peer.s6.sin6_port); 805221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom break; 806221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 807221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom default: 808221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_assert(0); 809221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom break; 810221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 81198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom buffer = OPENSSL_malloc(length); 81298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 81398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (buffer == NULL) 81498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 81598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom BIO_printf(bio_err,"out of memory\n"); 81698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return 0; 81798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 818221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 819221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom switch (peer.sa.sa_family) 820221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 821221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case AF_INET: 822221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(buffer, 823221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom &peer.s4.sin_port, 824221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom sizeof(peer.s4.sin_port)); 825221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(buffer + sizeof(peer.s4.sin_port), 826221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom &peer.s4.sin_addr, 827221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom sizeof(struct in_addr)); 828221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom break; 829221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#if OPENSSL_USE_IPV6 830221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case AF_INET6: 831221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(buffer, 832221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom &peer.s6.sin6_port, 833221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom sizeof(peer.s6.sin6_port)); 834221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(buffer + sizeof(peer.s6.sin6_port), 835221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom &peer.s6.sin6_addr, 836221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom sizeof(struct in6_addr)); 837221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom break; 838221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 839221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom default: 840221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_assert(0); 841221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom break; 842221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 84398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 84498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* Calculate HMAC of buffer using the secret */ 84598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, 84698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom buffer, length, result, &resultlength); 84798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom OPENSSL_free(buffer); 84898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 84998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom memcpy(cookie, result, resultlength); 85098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom *cookie_len = resultlength; 85198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 85298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return 1; 85398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 85498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 85598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstromint MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len) 85698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 85798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom unsigned char *buffer, result[EVP_MAX_MD_SIZE]; 85898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom unsigned int length, resultlength; 859221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom union { 860221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom struct sockaddr sa; 861221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom struct sockaddr_in s4; 862221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#if OPENSSL_USE_IPV6 863221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom struct sockaddr_in6 s6; 864221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 865221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } peer; 866221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 86798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* If secret isn't initialized yet, the cookie can't be valid */ 86898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (!cookie_initialized) 86998d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return 0; 87098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 87198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* Read peer information */ 87298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); 87398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 87498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* Create buffer with peer's address and port */ 875221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom length = 0; 876221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom switch (peer.sa.sa_family) 877221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 878221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case AF_INET: 879221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom length += sizeof(struct in_addr); 880221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom length += sizeof(peer.s4.sin_port); 881221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom break; 882221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#if OPENSSL_USE_IPV6 883221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case AF_INET6: 884221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom length += sizeof(struct in6_addr); 885221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom length += sizeof(peer.s6.sin6_port); 886221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom break; 887221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 888221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom default: 889221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_assert(0); 890221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom break; 891221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 892221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom buffer = OPENSSL_malloc(length); 89398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 89498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (buffer == NULL) 89598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom { 89698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom BIO_printf(bio_err,"out of memory\n"); 89798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return 0; 89898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 899221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 900221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom switch (peer.sa.sa_family) 901221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 902221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case AF_INET: 903221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(buffer, 904221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom &peer.s4.sin_port, 905221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom sizeof(peer.s4.sin_port)); 906221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(buffer + sizeof(peer.s4.sin_port), 907221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom &peer.s4.sin_addr, 908221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom sizeof(struct in_addr)); 909221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom break; 910221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#if OPENSSL_USE_IPV6 911221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom case AF_INET6: 912221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(buffer, 913221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom &peer.s6.sin6_port, 914221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom sizeof(peer.s6.sin6_port)); 915221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(buffer + sizeof(peer.s6.sin6_port), 916221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom &peer.s6.sin6_addr, 917221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom sizeof(struct in6_addr)); 918221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom break; 919221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 920221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom default: 921221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom OPENSSL_assert(0); 922221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom break; 923221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 92498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 92598d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom /* Calculate HMAC of buffer using the secret */ 92698d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, 92798d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom buffer, length, result, &resultlength); 92898d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom OPENSSL_free(buffer); 929221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 93098d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom if (cookie_len == resultlength && memcmp(result, cookie, resultlength) == 0) 93198d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return 1; 93298d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom 93398d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom return 0; 93498d58bb80c64b02a33662f0ea80351d4a1535267Brian Carlstrom } 935