2016-05-18 02:18:30 +08:00
|
|
|
/*
|
2018-02-13 20:51:29 +08:00
|
|
|
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
2001-10-21 01:56:36 +08:00
|
|
|
*
|
2018-12-06 20:00:26 +08:00
|
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
2016-05-18 02:18:30 +08:00
|
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
|
|
* in the file LICENSE in the source distribution or at
|
|
|
|
* https://www.openssl.org/source/license.html
|
2001-10-21 01:56:36 +08:00
|
|
|
*/
|
1998-12-21 18:52:47 +08:00
|
|
|
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
/* callback functions used by s_client, s_server, and s_time */
|
1998-12-21 18:52:47 +08:00
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
2015-05-10 13:51:29 +08:00
|
|
|
#include <string.h> /* for memcpy() and strcmp() */
|
1998-12-21 18:52:47 +08:00
|
|
|
#include "apps.h"
|
1999-04-24 06:13:45 +08:00
|
|
|
#include <openssl/err.h>
|
2009-09-05 01:42:53 +08:00
|
|
|
#include <openssl/rand.h>
|
1999-04-24 06:13:45 +08:00
|
|
|
#include <openssl/x509.h>
|
|
|
|
#include <openssl/ssl.h>
|
2014-02-17 08:10:00 +08:00
|
|
|
#include <openssl/bn.h>
|
|
|
|
#ifndef OPENSSL_NO_DH
|
2015-01-22 11:40:55 +08:00
|
|
|
# include <openssl/dh.h>
|
2014-02-17 08:10:00 +08:00
|
|
|
#endif
|
1998-12-21 18:52:47 +08:00
|
|
|
#include "s_apps.h"
|
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
#define COOKIE_SECRET_LENGTH 16
|
2009-09-05 01:42:53 +08:00
|
|
|
|
2019-01-24 20:21:39 +08:00
|
|
|
VERIFY_CB_ARGS verify_args = { -1, 0, X509_V_OK, 0 };
|
2016-08-02 03:30:57 +08:00
|
|
|
|
2016-03-21 23:32:40 +08:00
|
|
|
#ifndef OPENSSL_NO_SOCK
|
2015-09-05 20:32:58 +08:00
|
|
|
static unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
|
|
|
|
static int cookie_initialized = 0;
|
2016-03-21 23:32:40 +08:00
|
|
|
#endif
|
2017-02-02 02:14:27 +08:00
|
|
|
static BIO *bio_keylog = NULL;
|
1998-12-21 18:52:47 +08:00
|
|
|
|
2015-05-16 04:32:49 +08:00
|
|
|
static const char *lookup(int val, const STRINT_PAIR* list, const char* def)
|
|
|
|
{
|
|
|
|
for ( ; list->name; ++list)
|
|
|
|
if (list->retval == val)
|
|
|
|
return list->name;
|
|
|
|
return def;
|
|
|
|
}
|
|
|
|
|
2015-01-13 06:29:26 +08:00
|
|
|
int verify_callback(int ok, X509_STORE_CTX *ctx)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
X509 *err_cert;
|
|
|
|
int err, depth;
|
|
|
|
|
|
|
|
err_cert = X509_STORE_CTX_get_current_cert(ctx);
|
|
|
|
err = X509_STORE_CTX_get_error(ctx);
|
|
|
|
depth = X509_STORE_CTX_get_error_depth(ctx);
|
|
|
|
|
2016-08-02 03:30:57 +08:00
|
|
|
if (!verify_args.quiet || !ok) {
|
2015-01-22 11:40:55 +08:00
|
|
|
BIO_printf(bio_err, "depth=%d ", depth);
|
2017-06-13 01:24:02 +08:00
|
|
|
if (err_cert != NULL) {
|
2015-01-22 11:40:55 +08:00
|
|
|
X509_NAME_print_ex(bio_err,
|
|
|
|
X509_get_subject_name(err_cert),
|
2017-04-26 00:25:42 +08:00
|
|
|
0, get_nameopt());
|
2015-01-22 11:40:55 +08:00
|
|
|
BIO_puts(bio_err, "\n");
|
2017-06-13 01:24:02 +08:00
|
|
|
} else {
|
2015-01-22 11:40:55 +08:00
|
|
|
BIO_puts(bio_err, "<no cert>\n");
|
2017-06-13 01:24:02 +08:00
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
if (!ok) {
|
|
|
|
BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
|
|
|
|
X509_verify_cert_error_string(err));
|
2019-01-24 20:21:39 +08:00
|
|
|
if (verify_args.depth < 0 || verify_args.depth >= depth) {
|
2016-08-02 03:30:57 +08:00
|
|
|
if (!verify_args.return_error)
|
2015-01-22 11:40:55 +08:00
|
|
|
ok = 1;
|
2016-08-02 03:30:57 +08:00
|
|
|
verify_args.error = err;
|
2015-01-22 11:40:55 +08:00
|
|
|
} else {
|
|
|
|
ok = 0;
|
2016-08-02 03:30:57 +08:00
|
|
|
verify_args.error = X509_V_ERR_CERT_CHAIN_TOO_LONG;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
switch (err) {
|
|
|
|
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
|
|
|
|
BIO_puts(bio_err, "issuer= ");
|
|
|
|
X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
|
2017-04-26 00:25:42 +08:00
|
|
|
0, get_nameopt());
|
2015-01-22 11:40:55 +08:00
|
|
|
BIO_puts(bio_err, "\n");
|
|
|
|
break;
|
|
|
|
case X509_V_ERR_CERT_NOT_YET_VALID:
|
|
|
|
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
|
|
|
|
BIO_printf(bio_err, "notBefore=");
|
2016-08-19 19:39:57 +08:00
|
|
|
ASN1_TIME_print(bio_err, X509_get0_notBefore(err_cert));
|
2015-01-22 11:40:55 +08:00
|
|
|
BIO_printf(bio_err, "\n");
|
|
|
|
break;
|
|
|
|
case X509_V_ERR_CERT_HAS_EXPIRED:
|
|
|
|
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
|
|
|
|
BIO_printf(bio_err, "notAfter=");
|
2016-08-19 19:39:57 +08:00
|
|
|
ASN1_TIME_print(bio_err, X509_get0_notAfter(err_cert));
|
2015-01-22 11:40:55 +08:00
|
|
|
BIO_printf(bio_err, "\n");
|
|
|
|
break;
|
|
|
|
case X509_V_ERR_NO_EXPLICIT_POLICY:
|
2016-08-02 03:30:57 +08:00
|
|
|
if (!verify_args.quiet)
|
2015-04-29 23:27:08 +08:00
|
|
|
policies_print(ctx);
|
2015-01-22 11:40:55 +08:00
|
|
|
break;
|
|
|
|
}
|
2016-08-02 03:30:57 +08:00
|
|
|
if (err == X509_V_OK && ok == 2 && !verify_args.quiet)
|
2015-04-29 23:27:08 +08:00
|
|
|
policies_print(ctx);
|
2016-08-02 03:30:57 +08:00
|
|
|
if (ok && !verify_args.quiet)
|
2015-01-22 11:40:55 +08:00
|
|
|
BIO_printf(bio_err, "verify return:%d\n", ok);
|
2017-10-17 22:04:09 +08:00
|
|
|
return ok;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
1998-12-21 18:52:47 +08:00
|
|
|
|
1999-04-20 05:31:43 +08:00
|
|
|
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
if (cert_file != NULL) {
|
|
|
|
if (SSL_CTX_use_certificate_file(ctx, cert_file,
|
|
|
|
SSL_FILETYPE_PEM) <= 0) {
|
|
|
|
BIO_printf(bio_err, "unable to get certificate from '%s'\n",
|
|
|
|
cert_file);
|
|
|
|
ERR_print_errors(bio_err);
|
2017-10-17 22:04:09 +08:00
|
|
|
return 0;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
if (key_file == NULL)
|
|
|
|
key_file = cert_file;
|
|
|
|
if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) {
|
|
|
|
BIO_printf(bio_err, "unable to get private key from '%s'\n",
|
|
|
|
key_file);
|
|
|
|
ERR_print_errors(bio_err);
|
2017-10-17 22:04:09 +08:00
|
|
|
return 0;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If we are using DSA, we can copy the parameters from the private
|
|
|
|
* key
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Now we know that a key and cert have been set against the SSL
|
|
|
|
* context
|
|
|
|
*/
|
|
|
|
if (!SSL_CTX_check_private_key(ctx)) {
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"Private key does not match the certificate public key\n");
|
2017-10-17 22:04:09 +08:00
|
|
|
return 0;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
}
|
2017-10-09 19:05:58 +08:00
|
|
|
return 1;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
1998-12-21 18:52:47 +08:00
|
|
|
|
2012-04-12 00:53:11 +08:00
|
|
|
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
|
2015-01-22 11:40:55 +08:00
|
|
|
STACK_OF(X509) *chain, int build_chain)
|
|
|
|
{
|
|
|
|
int chflags = chain ? SSL_BUILD_CHAIN_FLAG_CHECK : 0;
|
|
|
|
if (cert == NULL)
|
|
|
|
return 1;
|
|
|
|
if (SSL_CTX_use_certificate(ctx, cert) <= 0) {
|
|
|
|
BIO_printf(bio_err, "error setting certificate\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (SSL_CTX_use_PrivateKey(ctx, key) <= 0) {
|
|
|
|
BIO_printf(bio_err, "error setting private key\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Now we know that a key and cert have been set against the SSL context
|
|
|
|
*/
|
|
|
|
if (!SSL_CTX_check_private_key(ctx)) {
|
|
|
|
BIO_printf(bio_err,
|
|
|
|
"Private key does not match the certificate public key\n");
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
if (chain && !SSL_CTX_set1_chain(ctx, chain)) {
|
|
|
|
BIO_printf(bio_err, "error setting certificate chain\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
if (build_chain && !SSL_CTX_build_cert_chain(ctx, chflags)) {
|
|
|
|
BIO_printf(bio_err, "error building certificate chain\n");
|
|
|
|
ERR_print_errors(bio_err);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
return 1;
|
|
|
|
}
|
2004-11-17 01:30:59 +08:00
|
|
|
|
2015-05-16 04:32:49 +08:00
|
|
|
static STRINT_PAIR cert_type_list[] = {
|
|
|
|
{"RSA sign", TLS_CT_RSA_SIGN},
|
|
|
|
{"DSA sign", TLS_CT_DSS_SIGN},
|
|
|
|
{"RSA fixed DH", TLS_CT_RSA_FIXED_DH},
|
|
|
|
{"DSS fixed DH", TLS_CT_DSS_FIXED_DH},
|
|
|
|
{"ECDSA sign", TLS_CT_ECDSA_SIGN},
|
|
|
|
{"RSA fixed ECDH", TLS_CT_RSA_FIXED_ECDH},
|
|
|
|
{"ECDSA fixed ECDH", TLS_CT_ECDSA_FIXED_ECDH},
|
|
|
|
{"GOST01 Sign", TLS_CT_GOST01_SIGN},
|
|
|
|
{NULL}
|
|
|
|
};
|
|
|
|
|
2012-07-08 22:22:45 +08:00
|
|
|
static void ssl_print_client_cert_types(BIO *bio, SSL *s)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
const unsigned char *p;
|
|
|
|
int i;
|
|
|
|
int cert_type_num = SSL_get0_certificate_types(s, &p);
|
|
|
|
if (!cert_type_num)
|
|
|
|
return;
|
|
|
|
BIO_puts(bio, "Client Certificate Types: ");
|
|
|
|
for (i = 0; i < cert_type_num; i++) {
|
|
|
|
unsigned char cert_type = p[i];
|
2015-05-16 04:32:49 +08:00
|
|
|
const char *cname = lookup((int)cert_type, cert_type_list, NULL);
|
2015-01-22 11:40:55 +08:00
|
|
|
|
|
|
|
if (i)
|
|
|
|
BIO_puts(bio, ", ");
|
2017-06-13 01:24:02 +08:00
|
|
|
if (cname != NULL)
|
2015-01-22 11:40:55 +08:00
|
|
|
BIO_puts(bio, cname);
|
|
|
|
else
|
|
|
|
BIO_printf(bio, "UNKNOWN (%d),", cert_type);
|
|
|
|
}
|
|
|
|
BIO_puts(bio, "\n");
|
|
|
|
}
|
2012-07-08 22:22:45 +08:00
|
|
|
|
2017-01-26 07:28:57 +08:00
|
|
|
static const char *get_sigtype(int nid)
|
|
|
|
{
|
|
|
|
switch (nid) {
|
|
|
|
case EVP_PKEY_RSA:
|
|
|
|
return "RSA";
|
|
|
|
|
|
|
|
case EVP_PKEY_RSA_PSS:
|
|
|
|
return "RSA-PSS";
|
|
|
|
|
|
|
|
case EVP_PKEY_DSA:
|
|
|
|
return "DSA";
|
|
|
|
|
|
|
|
case EVP_PKEY_EC:
|
|
|
|
return "ECDSA";
|
|
|
|
|
2017-05-24 21:56:17 +08:00
|
|
|
case NID_ED25519:
|
|
|
|
return "Ed25519";
|
|
|
|
|
2018-02-27 18:12:02 +08:00
|
|
|
case NID_ED448:
|
|
|
|
return "Ed448";
|
|
|
|
|
2018-05-03 23:31:47 +08:00
|
|
|
case NID_id_GostR3410_2001:
|
|
|
|
return "gost2001";
|
|
|
|
|
|
|
|
case NID_id_GostR3410_2012_256:
|
|
|
|
return "gost2012_256";
|
|
|
|
|
|
|
|
case NID_id_GostR3410_2012_512:
|
|
|
|
return "gost2012_512";
|
|
|
|
|
2017-01-26 07:28:57 +08:00
|
|
|
default:
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-07-08 22:22:45 +08:00
|
|
|
static int do_print_sigalgs(BIO *out, SSL *s, int shared)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
int i, nsig, client;
|
|
|
|
client = SSL_is_server(s) ? 0 : 1;
|
|
|
|
if (shared)
|
2017-02-02 19:11:10 +08:00
|
|
|
nsig = SSL_get_shared_sigalgs(s, 0, NULL, NULL, NULL, NULL, NULL);
|
2015-01-22 11:40:55 +08:00
|
|
|
else
|
|
|
|
nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);
|
|
|
|
if (nsig == 0)
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
if (shared)
|
|
|
|
BIO_puts(out, "Shared ");
|
|
|
|
|
|
|
|
if (client)
|
|
|
|
BIO_puts(out, "Requested ");
|
|
|
|
BIO_puts(out, "Signature Algorithms: ");
|
|
|
|
for (i = 0; i < nsig; i++) {
|
|
|
|
int hash_nid, sign_nid;
|
|
|
|
unsigned char rhash, rsign;
|
|
|
|
const char *sstr = NULL;
|
|
|
|
if (shared)
|
|
|
|
SSL_get_shared_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
|
|
|
|
&rsign, &rhash);
|
|
|
|
else
|
|
|
|
SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL, &rsign, &rhash);
|
|
|
|
if (i)
|
|
|
|
BIO_puts(out, ":");
|
2017-01-29 21:38:55 +08:00
|
|
|
sstr = get_sigtype(sign_nid);
|
2015-01-22 11:40:55 +08:00
|
|
|
if (sstr)
|
2017-05-24 21:56:17 +08:00
|
|
|
BIO_printf(out, "%s", sstr);
|
2015-01-22 11:40:55 +08:00
|
|
|
else
|
2017-05-24 21:56:17 +08:00
|
|
|
BIO_printf(out, "0x%02X", (int)rsign);
|
2015-01-22 11:40:55 +08:00
|
|
|
if (hash_nid != NID_undef)
|
2017-05-24 21:56:17 +08:00
|
|
|
BIO_printf(out, "+%s", OBJ_nid2sn(hash_nid));
|
|
|
|
else if (sstr == NULL)
|
|
|
|
BIO_printf(out, "+0x%02X", (int)rhash);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
BIO_puts(out, "\n");
|
|
|
|
return 1;
|
|
|
|
}
|
2012-03-06 22:28:21 +08:00
|
|
|
|
2012-07-08 22:22:45 +08:00
|
|
|
int ssl_print_sigalgs(BIO *out, SSL *s)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2017-01-26 07:28:57 +08:00
|
|
|
int nid;
|
2015-01-22 11:40:55 +08:00
|
|
|
if (!SSL_is_server(s))
|
|
|
|
ssl_print_client_cert_types(out, s);
|
|
|
|
do_print_sigalgs(out, s, 0);
|
|
|
|
do_print_sigalgs(out, s, 1);
|
2017-05-24 21:56:17 +08:00
|
|
|
if (SSL_get_peer_signature_nid(s, &nid) && nid != NID_undef)
|
2017-01-26 07:28:57 +08:00
|
|
|
BIO_printf(out, "Peer signing digest: %s\n", OBJ_nid2sn(nid));
|
|
|
|
if (SSL_get_peer_signature_type_nid(s, &nid))
|
2017-02-22 02:43:46 +08:00
|
|
|
BIO_printf(out, "Peer signature type: %s\n", get_sigtype(nid));
|
2015-01-22 11:40:55 +08:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2013-08-18 00:40:08 +08:00
|
|
|
#ifndef OPENSSL_NO_EC
|
2012-11-22 23:20:53 +08:00
|
|
|
int ssl_print_point_formats(BIO *out, SSL *s)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
int i, nformats;
|
|
|
|
const char *pformats;
|
|
|
|
nformats = SSL_get0_ec_point_formats(s, &pformats);
|
|
|
|
if (nformats <= 0)
|
|
|
|
return 1;
|
|
|
|
BIO_puts(out, "Supported Elliptic Curve Point Formats: ");
|
|
|
|
for (i = 0; i < nformats; i++, pformats++) {
|
|
|
|
if (i)
|
|
|
|
BIO_puts(out, ":");
|
|
|
|
switch (*pformats) {
|
|
|
|
case TLSEXT_ECPOINTFORMAT_uncompressed:
|
|
|
|
BIO_puts(out, "uncompressed");
|
|
|
|
break;
|
|
|
|
|
|
|
|
case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime:
|
|
|
|
BIO_puts(out, "ansiX962_compressed_prime");
|
|
|
|
break;
|
|
|
|
|
|
|
|
case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2:
|
|
|
|
BIO_puts(out, "ansiX962_compressed_char2");
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
BIO_printf(out, "unknown(%d)", (int)*pformats);
|
|
|
|
break;
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
BIO_puts(out, "\n");
|
|
|
|
return 1;
|
|
|
|
}
|
2012-11-22 23:20:53 +08:00
|
|
|
|
2016-11-09 22:51:06 +08:00
|
|
|
int ssl_print_groups(BIO *out, SSL *s, int noshared)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2016-11-09 22:51:06 +08:00
|
|
|
int i, ngroups, *groups, nid;
|
|
|
|
const char *gname;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
|
2016-11-09 22:51:06 +08:00
|
|
|
ngroups = SSL_get1_groups(s, NULL);
|
|
|
|
if (ngroups <= 0)
|
2015-01-22 11:40:55 +08:00
|
|
|
return 1;
|
2016-11-09 22:51:06 +08:00
|
|
|
groups = app_malloc(ngroups * sizeof(int), "groups to print");
|
|
|
|
SSL_get1_groups(s, groups);
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2016-11-09 22:51:06 +08:00
|
|
|
BIO_puts(out, "Supported Elliptic Groups: ");
|
|
|
|
for (i = 0; i < ngroups; i++) {
|
2015-01-22 11:40:55 +08:00
|
|
|
if (i)
|
|
|
|
BIO_puts(out, ":");
|
2016-11-09 22:51:06 +08:00
|
|
|
nid = groups[i];
|
2015-01-22 11:40:55 +08:00
|
|
|
/* If unrecognised print out hex version */
|
2017-06-13 01:24:02 +08:00
|
|
|
if (nid & TLSEXT_nid_unknown) {
|
2015-01-22 11:40:55 +08:00
|
|
|
BIO_printf(out, "0x%04X", nid & 0xFFFF);
|
2017-06-13 01:24:02 +08:00
|
|
|
} else {
|
2016-11-09 22:51:06 +08:00
|
|
|
/* TODO(TLS1.3): Get group name here */
|
2015-01-22 11:40:55 +08:00
|
|
|
/* Use NIST name for curve if it exists */
|
2016-11-09 22:51:06 +08:00
|
|
|
gname = EC_curve_nid2nist(nid);
|
2017-06-13 01:24:02 +08:00
|
|
|
if (gname == NULL)
|
2016-11-09 22:51:06 +08:00
|
|
|
gname = OBJ_nid2sn(nid);
|
|
|
|
BIO_printf(out, "%s", gname);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
}
|
2016-11-09 22:51:06 +08:00
|
|
|
OPENSSL_free(groups);
|
2015-01-22 11:40:55 +08:00
|
|
|
if (noshared) {
|
|
|
|
BIO_puts(out, "\n");
|
|
|
|
return 1;
|
|
|
|
}
|
2016-11-09 22:51:06 +08:00
|
|
|
BIO_puts(out, "\nShared Elliptic groups: ");
|
|
|
|
ngroups = SSL_get_shared_group(s, -1);
|
|
|
|
for (i = 0; i < ngroups; i++) {
|
2015-01-22 11:40:55 +08:00
|
|
|
if (i)
|
|
|
|
BIO_puts(out, ":");
|
2016-11-09 22:51:06 +08:00
|
|
|
nid = SSL_get_shared_group(s, i);
|
|
|
|
/* TODO(TLS1.3): Convert for DH groups */
|
|
|
|
gname = EC_curve_nid2nist(nid);
|
2017-06-13 01:24:02 +08:00
|
|
|
if (gname == NULL)
|
2016-11-09 22:51:06 +08:00
|
|
|
gname = OBJ_nid2sn(nid);
|
|
|
|
BIO_printf(out, "%s", gname);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2016-11-09 22:51:06 +08:00
|
|
|
if (ngroups == 0)
|
2015-01-22 11:40:55 +08:00
|
|
|
BIO_puts(out, "NONE");
|
|
|
|
BIO_puts(out, "\n");
|
|
|
|
return 1;
|
|
|
|
}
|
2013-08-18 00:40:08 +08:00
|
|
|
#endif
|
2017-06-13 01:24:02 +08:00
|
|
|
|
2012-09-08 21:59:51 +08:00
|
|
|
int ssl_print_tmp_key(BIO *out, SSL *s)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
EVP_PKEY *key;
|
2018-11-10 14:53:56 +08:00
|
|
|
|
|
|
|
if (!SSL_get_peer_tmp_key(s, &key))
|
2015-01-22 11:40:55 +08:00
|
|
|
return 1;
|
|
|
|
BIO_puts(out, "Server Temp Key: ");
|
|
|
|
switch (EVP_PKEY_id(key)) {
|
|
|
|
case EVP_PKEY_RSA:
|
|
|
|
BIO_printf(out, "RSA, %d bits\n", EVP_PKEY_bits(key));
|
|
|
|
break;
|
|
|
|
|
|
|
|
case EVP_PKEY_DH:
|
|
|
|
BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key));
|
|
|
|
break;
|
2015-03-11 07:09:27 +08:00
|
|
|
#ifndef OPENSSL_NO_EC
|
2015-01-22 11:40:55 +08:00
|
|
|
case EVP_PKEY_EC:
|
|
|
|
{
|
|
|
|
EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
|
|
|
|
int nid;
|
|
|
|
const char *cname;
|
|
|
|
nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
|
|
|
|
EC_KEY_free(ec);
|
|
|
|
cname = EC_curve_nid2nist(nid);
|
2017-06-13 01:24:02 +08:00
|
|
|
if (cname == NULL)
|
2015-01-22 11:40:55 +08:00
|
|
|
cname = OBJ_nid2sn(nid);
|
|
|
|
BIO_printf(out, "ECDH, %s, %d bits\n", cname, EVP_PKEY_bits(key));
|
|
|
|
}
|
2016-08-11 23:37:00 +08:00
|
|
|
break;
|
2013-08-18 00:40:08 +08:00
|
|
|
#endif
|
2016-08-11 23:37:00 +08:00
|
|
|
default:
|
|
|
|
BIO_printf(out, "%s, %d bits\n", OBJ_nid2sn(EVP_PKEY_id(key)),
|
|
|
|
EVP_PKEY_bits(key));
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
EVP_PKEY_free(key);
|
|
|
|
return 1;
|
|
|
|
}
|
2012-03-06 22:28:21 +08:00
|
|
|
|
2015-01-13 06:29:26 +08:00
|
|
|
long bio_dump_callback(BIO *bio, int cmd, const char *argp,
|
2015-01-22 11:40:55 +08:00
|
|
|
int argi, long argl, long ret)
|
|
|
|
{
|
|
|
|
BIO *out;
|
|
|
|
|
|
|
|
out = (BIO *)BIO_get_callback_arg(bio);
|
|
|
|
if (out == NULL)
|
2017-10-17 22:04:09 +08:00
|
|
|
return ret;
|
2015-01-22 11:40:55 +08:00
|
|
|
|
|
|
|
if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) {
|
|
|
|
BIO_printf(out, "read from %p [%p] (%lu bytes => %ld (0x%lX))\n",
|
2016-04-08 22:19:00 +08:00
|
|
|
(void *)bio, (void *)argp, (unsigned long)argi, ret, ret);
|
2015-01-22 11:40:55 +08:00
|
|
|
BIO_dump(out, argp, (int)ret);
|
2017-10-17 22:04:09 +08:00
|
|
|
return ret;
|
2015-01-22 11:40:55 +08:00
|
|
|
} else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) {
|
|
|
|
BIO_printf(out, "write to %p [%p] (%lu bytes => %ld (0x%lX))\n",
|
2016-04-08 22:19:00 +08:00
|
|
|
(void *)bio, (void *)argp, (unsigned long)argi, ret, ret);
|
2015-01-22 11:40:55 +08:00
|
|
|
BIO_dump(out, argp, (int)ret);
|
|
|
|
}
|
2017-10-17 22:04:09 +08:00
|
|
|
return ret;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
1998-12-21 18:52:47 +08:00
|
|
|
|
2015-01-13 06:29:26 +08:00
|
|
|
void apps_ssl_info_callback(const SSL *s, int where, int ret)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
const char *str;
|
|
|
|
int w;
|
|
|
|
|
|
|
|
w = where & ~SSL_ST_MASK;
|
|
|
|
|
|
|
|
if (w & SSL_ST_CONNECT)
|
|
|
|
str = "SSL_connect";
|
|
|
|
else if (w & SSL_ST_ACCEPT)
|
|
|
|
str = "SSL_accept";
|
|
|
|
else
|
|
|
|
str = "undefined";
|
|
|
|
|
|
|
|
if (where & SSL_CB_LOOP) {
|
|
|
|
BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s));
|
|
|
|
} else if (where & SSL_CB_ALERT) {
|
|
|
|
str = (where & SSL_CB_READ) ? "read" : "write";
|
|
|
|
BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n",
|
|
|
|
str,
|
|
|
|
SSL_alert_type_string_long(ret),
|
|
|
|
SSL_alert_desc_string_long(ret));
|
|
|
|
} else if (where & SSL_CB_EXIT) {
|
|
|
|
if (ret == 0)
|
|
|
|
BIO_printf(bio_err, "%s:failed in %s\n",
|
|
|
|
str, SSL_state_string_long(s));
|
2017-06-13 01:24:02 +08:00
|
|
|
else if (ret < 0)
|
2015-01-22 11:40:55 +08:00
|
|
|
BIO_printf(bio_err, "%s:error in %s\n",
|
|
|
|
str, SSL_state_string_long(s));
|
|
|
|
}
|
|
|
|
}
|
1998-12-21 18:52:47 +08:00
|
|
|
|
2015-05-16 04:32:49 +08:00
|
|
|
static STRINT_PAIR ssl_versions[] = {
|
|
|
|
{"SSL 3.0", SSL3_VERSION},
|
|
|
|
{"TLS 1.0", TLS1_VERSION},
|
|
|
|
{"TLS 1.1", TLS1_1_VERSION},
|
|
|
|
{"TLS 1.2", TLS1_2_VERSION},
|
2016-10-22 00:39:33 +08:00
|
|
|
{"TLS 1.3", TLS1_3_VERSION},
|
2015-05-16 04:32:49 +08:00
|
|
|
{"DTLS 1.0", DTLS1_VERSION},
|
|
|
|
{"DTLS 1.0 (bad)", DTLS1_BAD_VER},
|
|
|
|
{NULL}
|
|
|
|
};
|
2017-06-13 01:24:02 +08:00
|
|
|
|
2015-05-16 04:32:49 +08:00
|
|
|
static STRINT_PAIR alert_types[] = {
|
|
|
|
{" close_notify", 0},
|
2017-03-09 02:49:44 +08:00
|
|
|
{" end_of_early_data", 1},
|
2015-05-16 04:32:49 +08:00
|
|
|
{" unexpected_message", 10},
|
|
|
|
{" bad_record_mac", 20},
|
|
|
|
{" decryption_failed", 21},
|
|
|
|
{" record_overflow", 22},
|
|
|
|
{" decompression_failure", 30},
|
|
|
|
{" handshake_failure", 40},
|
|
|
|
{" bad_certificate", 42},
|
|
|
|
{" unsupported_certificate", 43},
|
|
|
|
{" certificate_revoked", 44},
|
|
|
|
{" certificate_expired", 45},
|
|
|
|
{" certificate_unknown", 46},
|
|
|
|
{" illegal_parameter", 47},
|
|
|
|
{" unknown_ca", 48},
|
|
|
|
{" access_denied", 49},
|
|
|
|
{" decode_error", 50},
|
|
|
|
{" decrypt_error", 51},
|
|
|
|
{" export_restriction", 60},
|
|
|
|
{" protocol_version", 70},
|
|
|
|
{" insufficient_security", 71},
|
|
|
|
{" internal_error", 80},
|
2017-03-09 02:49:44 +08:00
|
|
|
{" inappropriate_fallback", 86},
|
2015-05-16 04:32:49 +08:00
|
|
|
{" user_canceled", 90},
|
|
|
|
{" no_renegotiation", 100},
|
2017-03-09 02:49:44 +08:00
|
|
|
{" missing_extension", 109},
|
2015-05-16 04:32:49 +08:00
|
|
|
{" unsupported_extension", 110},
|
|
|
|
{" certificate_unobtainable", 111},
|
|
|
|
{" unrecognized_name", 112},
|
|
|
|
{" bad_certificate_status_response", 113},
|
|
|
|
{" bad_certificate_hash_value", 114},
|
|
|
|
{" unknown_psk_identity", 115},
|
2017-03-09 02:49:44 +08:00
|
|
|
{" certificate_required", 116},
|
2015-05-16 04:32:49 +08:00
|
|
|
{NULL}
|
|
|
|
};
|
|
|
|
|
|
|
|
static STRINT_PAIR handshakes[] = {
|
2017-03-17 00:56:01 +08:00
|
|
|
{", HelloRequest", SSL3_MT_HELLO_REQUEST},
|
|
|
|
{", ClientHello", SSL3_MT_CLIENT_HELLO},
|
|
|
|
{", ServerHello", SSL3_MT_SERVER_HELLO},
|
|
|
|
{", HelloVerifyRequest", DTLS1_MT_HELLO_VERIFY_REQUEST},
|
|
|
|
{", NewSessionTicket", SSL3_MT_NEWSESSION_TICKET},
|
|
|
|
{", EndOfEarlyData", SSL3_MT_END_OF_EARLY_DATA},
|
|
|
|
{", EncryptedExtensions", SSL3_MT_ENCRYPTED_EXTENSIONS},
|
|
|
|
{", Certificate", SSL3_MT_CERTIFICATE},
|
|
|
|
{", ServerKeyExchange", SSL3_MT_SERVER_KEY_EXCHANGE},
|
|
|
|
{", CertificateRequest", SSL3_MT_CERTIFICATE_REQUEST},
|
|
|
|
{", ServerHelloDone", SSL3_MT_SERVER_DONE},
|
|
|
|
{", CertificateVerify", SSL3_MT_CERTIFICATE_VERIFY},
|
|
|
|
{", ClientKeyExchange", SSL3_MT_CLIENT_KEY_EXCHANGE},
|
|
|
|
{", Finished", SSL3_MT_FINISHED},
|
2018-03-08 23:32:34 +08:00
|
|
|
{", CertificateUrl", SSL3_MT_CERTIFICATE_URL},
|
2017-03-17 00:56:01 +08:00
|
|
|
{", CertificateStatus", SSL3_MT_CERTIFICATE_STATUS},
|
2018-03-08 23:32:34 +08:00
|
|
|
{", SupplementalData", SSL3_MT_SUPPLEMENTAL_DATA},
|
2017-03-17 00:56:01 +08:00
|
|
|
{", KeyUpdate", SSL3_MT_KEY_UPDATE},
|
|
|
|
#ifndef OPENSSL_NO_NEXTPROTONEG
|
|
|
|
{", NextProto", SSL3_MT_NEXT_PROTO},
|
|
|
|
#endif
|
|
|
|
{", MessageHash", SSL3_MT_MESSAGE_HASH},
|
2015-05-16 04:32:49 +08:00
|
|
|
{NULL}
|
|
|
|
};
|
2015-01-22 11:40:55 +08:00
|
|
|
|
|
|
|
void msg_cb(int write_p, int version, int content_type, const void *buf,
|
|
|
|
size_t len, SSL *ssl, void *arg)
|
|
|
|
{
|
|
|
|
BIO *bio = arg;
|
2015-05-16 04:32:49 +08:00
|
|
|
const char *str_write_p = write_p ? ">>>" : "<<<";
|
|
|
|
const char *str_version = lookup(version, ssl_versions, "???");
|
|
|
|
const char *str_content_type = "", *str_details1 = "", *str_details2 = "";
|
|
|
|
const unsigned char* bp = buf;
|
2015-01-22 11:40:55 +08:00
|
|
|
|
|
|
|
if (version == SSL3_VERSION ||
|
|
|
|
version == TLS1_VERSION ||
|
|
|
|
version == TLS1_1_VERSION ||
|
|
|
|
version == TLS1_2_VERSION ||
|
2016-10-22 00:39:33 +08:00
|
|
|
version == TLS1_3_VERSION ||
|
2015-01-22 11:40:55 +08:00
|
|
|
version == DTLS1_VERSION || version == DTLS1_BAD_VER) {
|
|
|
|
switch (content_type) {
|
|
|
|
case 20:
|
2017-03-09 02:49:44 +08:00
|
|
|
str_content_type = ", ChangeCipherSpec";
|
2015-01-22 11:40:55 +08:00
|
|
|
break;
|
|
|
|
case 21:
|
2017-03-09 02:49:44 +08:00
|
|
|
str_content_type = ", Alert";
|
2015-01-22 11:40:55 +08:00
|
|
|
str_details1 = ", ???";
|
|
|
|
if (len == 2) {
|
2015-05-16 04:32:49 +08:00
|
|
|
switch (bp[0]) {
|
2015-01-22 11:40:55 +08:00
|
|
|
case 1:
|
|
|
|
str_details1 = ", warning";
|
|
|
|
break;
|
|
|
|
case 2:
|
|
|
|
str_details1 = ", fatal";
|
|
|
|
break;
|
|
|
|
}
|
2015-05-16 04:32:49 +08:00
|
|
|
str_details2 = lookup((int)bp[1], alert_types, " ???");
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2015-05-16 04:32:49 +08:00
|
|
|
break;
|
|
|
|
case 22:
|
2017-03-09 02:49:44 +08:00
|
|
|
str_content_type = ", Handshake";
|
2015-01-22 11:40:55 +08:00
|
|
|
str_details1 = "???";
|
2015-05-16 04:32:49 +08:00
|
|
|
if (len > 0)
|
|
|
|
str_details1 = lookup((int)bp[0], handshakes, "???");
|
|
|
|
break;
|
2016-02-04 09:04:10 +08:00
|
|
|
case 23:
|
2017-03-09 02:49:44 +08:00
|
|
|
str_content_type = ", ApplicationData";
|
2016-02-04 09:04:10 +08:00
|
|
|
break;
|
2015-05-16 04:32:49 +08:00
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2001-10-21 01:56:36 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version,
|
|
|
|
str_content_type, (unsigned long)len, str_details1,
|
|
|
|
str_details2);
|
2001-10-21 01:56:36 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
if (len > 0) {
|
|
|
|
size_t num, i;
|
|
|
|
|
|
|
|
BIO_printf(bio, " ");
|
|
|
|
num = len;
|
|
|
|
for (i = 0; i < num; i++) {
|
|
|
|
if (i % 16 == 0 && i > 0)
|
|
|
|
BIO_printf(bio, "\n ");
|
|
|
|
BIO_printf(bio, " %02x", ((const unsigned char *)buf)[i]);
|
|
|
|
}
|
|
|
|
if (i < len)
|
|
|
|
BIO_printf(bio, " ...");
|
|
|
|
BIO_printf(bio, "\n");
|
|
|
|
}
|
|
|
|
(void)BIO_flush(bio);
|
|
|
|
}
|
2007-08-12 07:18:29 +08:00
|
|
|
|
2015-05-16 04:32:49 +08:00
|
|
|
static STRINT_PAIR tlsext_types[] = {
|
|
|
|
{"server name", TLSEXT_TYPE_server_name},
|
|
|
|
{"max fragment length", TLSEXT_TYPE_max_fragment_length},
|
|
|
|
{"client certificate URL", TLSEXT_TYPE_client_certificate_url},
|
|
|
|
{"trusted CA keys", TLSEXT_TYPE_trusted_ca_keys},
|
|
|
|
{"truncated HMAC", TLSEXT_TYPE_truncated_hmac},
|
|
|
|
{"status request", TLSEXT_TYPE_status_request},
|
|
|
|
{"user mapping", TLSEXT_TYPE_user_mapping},
|
|
|
|
{"client authz", TLSEXT_TYPE_client_authz},
|
|
|
|
{"server authz", TLSEXT_TYPE_server_authz},
|
|
|
|
{"cert type", TLSEXT_TYPE_cert_type},
|
2016-11-09 22:51:06 +08:00
|
|
|
{"supported_groups", TLSEXT_TYPE_supported_groups},
|
2015-05-16 04:32:49 +08:00
|
|
|
{"EC point formats", TLSEXT_TYPE_ec_point_formats},
|
|
|
|
{"SRP", TLSEXT_TYPE_srp},
|
|
|
|
{"signature algorithms", TLSEXT_TYPE_signature_algorithms},
|
|
|
|
{"use SRTP", TLSEXT_TYPE_use_srtp},
|
|
|
|
{"session ticket", TLSEXT_TYPE_session_ticket},
|
|
|
|
{"renegotiation info", TLSEXT_TYPE_renegotiate},
|
2016-03-02 21:34:05 +08:00
|
|
|
{"signed certificate timestamps", TLSEXT_TYPE_signed_certificate_timestamp},
|
2015-05-16 04:32:49 +08:00
|
|
|
{"TLS padding", TLSEXT_TYPE_padding},
|
2012-03-10 02:38:35 +08:00
|
|
|
#ifdef TLSEXT_TYPE_next_proto_neg
|
2015-05-16 04:32:49 +08:00
|
|
|
{"next protocol", TLSEXT_TYPE_next_proto_neg},
|
2012-03-10 02:38:35 +08:00
|
|
|
#endif
|
2013-03-23 01:12:33 +08:00
|
|
|
#ifdef TLSEXT_TYPE_encrypt_then_mac
|
2015-05-16 04:32:49 +08:00
|
|
|
{"encrypt-then-mac", TLSEXT_TYPE_encrypt_then_mac},
|
2013-03-23 01:12:33 +08:00
|
|
|
#endif
|
2015-08-19 23:12:31 +08:00
|
|
|
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
|
|
|
|
{"application layer protocol negotiation",
|
|
|
|
TLSEXT_TYPE_application_layer_protocol_negotiation},
|
2015-09-17 19:33:40 +08:00
|
|
|
#endif
|
|
|
|
#ifdef TLSEXT_TYPE_extended_master_secret
|
|
|
|
{"extended master secret", TLSEXT_TYPE_extended_master_secret},
|
2015-08-19 23:12:31 +08:00
|
|
|
#endif
|
2017-03-21 02:31:44 +08:00
|
|
|
{"key share", TLSEXT_TYPE_key_share},
|
|
|
|
{"supported versions", TLSEXT_TYPE_supported_versions},
|
|
|
|
{"psk", TLSEXT_TYPE_psk},
|
|
|
|
{"psk kex modes", TLSEXT_TYPE_psk_kex_modes},
|
|
|
|
{"certificate authorities", TLSEXT_TYPE_certificate_authorities},
|
Add TLSv1.3 post-handshake authentication (PHA)
Add SSL_verify_client_post_handshake() for servers to initiate PHA
Add SSL_force_post_handshake_auth() for clients that don't have certificates
initially configured, but use a certificate callback.
Update SSL_CTX_set_verify()/SSL_set_verify() mode:
* Add SSL_VERIFY_POST_HANDSHAKE to postpone client authentication until after
the initial handshake.
* Update SSL_VERIFY_CLIENT_ONCE now only sends out one CertRequest regardless
of when the certificate authentication takes place; either initial handshake,
re-negotiation, or post-handshake authentication.
Add 'RequestPostHandshake' and 'RequirePostHandshake' SSL_CONF options that
add the SSL_VERIFY_POST_HANDSHAKE to the 'Request' and 'Require' options
Add support to s_client:
* Enabled automatically when cert is configured
* Can be forced enabled via -force_pha
Add support to s_server:
* Use 'c' to invoke PHA in s_server
* Remove some dead code
Update documentation
Update unit tests:
* Illegal use of PHA extension
* TLSv1.3 certificate tests
DTLS and TLS behave ever-so-slightly differently. So, when DTLS1.3 is
implemented, it's PHA support state machine may need to be different.
Add a TODO and a #error
Update handshake context to deal with PHA.
The handshake context for TLSv1.3 post-handshake auth is up through the
ClientFinish message, plus the CertificateRequest message. Subsequent
Certificate, CertificateVerify, and Finish messages are based on this
handshake context (not the Certificate message per se, but it's included
after the hash). KeyUpdate, NewSessionTicket, and prior Certificate
Request messages are not included in post-handshake authentication.
After the ClientFinished message is processed, save off the digest state
for future post-handshake authentication. When post-handshake auth occurs,
copy over the saved handshake context into the "main" handshake digest.
This effectively discards the any KeyUpdate or NewSessionTicket messages
and any prior post-handshake authentication.
This, of course, assumes that the ID-22 did not mean to include any
previous post-handshake authentication into the new handshake transcript.
This is implied by section 4.4.1 that lists messages only up to the
first ClientFinished.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4964)
2017-12-19 05:52:28 +08:00
|
|
|
{"post handshake auth", TLSEXT_TYPE_post_handshake_auth},
|
2015-05-16 04:32:49 +08:00
|
|
|
{NULL}
|
|
|
|
};
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2019-03-09 03:22:05 +08:00
|
|
|
/* from rfc8446 4.2.3. + gost (https://tools.ietf.org/id/draft-smyshlyaev-tls12-gost-suites-04.html) */
|
|
|
|
static STRINT_PAIR signature_tls13_scheme_list[] = {
|
|
|
|
{"rsa_pkcs1_sha1", 0x0201 /* TLSEXT_SIGALG_rsa_pkcs1_sha1 */},
|
|
|
|
{"ecdsa_sha1", 0x0203 /* TLSEXT_SIGALG_ecdsa_sha1 */},
|
|
|
|
/* {"rsa_pkcs1_sha224", 0x0301 TLSEXT_SIGALG_rsa_pkcs1_sha224}, not in rfc8446 */
|
|
|
|
/* {"ecdsa_sha224", 0x0303 TLSEXT_SIGALG_ecdsa_sha224} not in rfc8446 */
|
|
|
|
{"rsa_pkcs1_sha256", 0x0401 /* TLSEXT_SIGALG_rsa_pkcs1_sha256 */},
|
|
|
|
{"ecdsa_secp256r1_sha256", 0x0403 /* TLSEXT_SIGALG_ecdsa_secp256r1_sha256 */},
|
|
|
|
{"rsa_pkcs1_sha384", 0x0501 /* TLSEXT_SIGALG_rsa_pkcs1_sha384 */},
|
|
|
|
{"ecdsa_secp384r1_sha384", 0x0503 /* TLSEXT_SIGALG_ecdsa_secp384r1_sha384 */},
|
|
|
|
{"rsa_pkcs1_sha512", 0x0601 /* TLSEXT_SIGALG_rsa_pkcs1_sha512 */},
|
|
|
|
{"ecdsa_secp521r1_sha512", 0x0603 /* TLSEXT_SIGALG_ecdsa_secp521r1_sha512 */},
|
|
|
|
{"rsa_pss_rsae_sha256", 0x0804 /* TLSEXT_SIGALG_rsa_pss_rsae_sha256 */},
|
|
|
|
{"rsa_pss_rsae_sha384", 0x0805 /* TLSEXT_SIGALG_rsa_pss_rsae_sha384 */},
|
|
|
|
{"rsa_pss_rsae_sha512", 0x0806 /* TLSEXT_SIGALG_rsa_pss_rsae_sha512 */},
|
|
|
|
{"ed25519", 0x0807 /* TLSEXT_SIGALG_ed25519 */},
|
|
|
|
{"ed448", 0x0808 /* TLSEXT_SIGALG_ed448 */},
|
|
|
|
{"rsa_pss_pss_sha256", 0x0809 /* TLSEXT_SIGALG_rsa_pss_pss_sha256 */},
|
|
|
|
{"rsa_pss_pss_sha384", 0x080a /* TLSEXT_SIGALG_rsa_pss_pss_sha384 */},
|
|
|
|
{"rsa_pss_pss_sha512", 0x080b /* TLSEXT_SIGALG_rsa_pss_pss_sha512 */},
|
|
|
|
{"gostr34102001", 0xeded /* TLSEXT_SIGALG_gostr34102001_gostr3411 */},
|
|
|
|
{"gostr34102012_256", 0xeeee /* TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256 */},
|
|
|
|
{"gostr34102012_512", 0xefef /* TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512 */},
|
|
|
|
{NULL}
|
|
|
|
};
|
|
|
|
|
|
|
|
/* from rfc5246 7.4.1.4.1. */
|
|
|
|
static STRINT_PAIR signature_tls12_alg_list[] = {
|
|
|
|
{"anonymous", TLSEXT_signature_anonymous /* 0 */},
|
|
|
|
{"RSA", TLSEXT_signature_rsa /* 1 */},
|
|
|
|
{"DSA", TLSEXT_signature_dsa /* 2 */},
|
|
|
|
{"ECDSA", TLSEXT_signature_ecdsa /* 3 */},
|
|
|
|
{NULL}
|
|
|
|
};
|
|
|
|
|
|
|
|
/* from rfc5246 7.4.1.4.1. */
|
|
|
|
static STRINT_PAIR signature_tls12_hash_list[] = {
|
|
|
|
{"none", TLSEXT_hash_none /* 0 */},
|
|
|
|
{"MD5", TLSEXT_hash_md5 /* 1 */},
|
|
|
|
{"SHA1", TLSEXT_hash_sha1 /* 2 */},
|
|
|
|
{"SHA224", TLSEXT_hash_sha224 /* 3 */},
|
|
|
|
{"SHA256", TLSEXT_hash_sha256 /* 4 */},
|
|
|
|
{"SHA384", TLSEXT_hash_sha384 /* 5 */},
|
|
|
|
{"SHA512", TLSEXT_hash_sha512 /* 6 */},
|
|
|
|
{NULL}
|
|
|
|
};
|
|
|
|
|
2015-05-16 04:32:49 +08:00
|
|
|
void tlsext_cb(SSL *s, int client_server, int type,
|
2016-02-01 22:26:18 +08:00
|
|
|
const unsigned char *data, int len, void *arg)
|
2015-05-16 04:32:49 +08:00
|
|
|
{
|
|
|
|
BIO *bio = arg;
|
|
|
|
const char *extname = lookup(type, tlsext_types, "unknown");
|
2015-01-22 11:40:55 +08:00
|
|
|
|
|
|
|
BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n",
|
|
|
|
client_server ? "server" : "client", extname, type, len);
|
2016-02-01 22:26:18 +08:00
|
|
|
BIO_dump(bio, (const char *)data, len);
|
2015-01-22 11:40:55 +08:00
|
|
|
(void)BIO_flush(bio);
|
|
|
|
}
|
|
|
|
|
2016-03-21 23:32:40 +08:00
|
|
|
#ifndef OPENSSL_NO_SOCK
|
2015-01-22 11:40:55 +08:00
|
|
|
int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
|
|
|
|
unsigned int *cookie_len)
|
|
|
|
{
|
2015-12-23 18:40:43 +08:00
|
|
|
unsigned char *buffer;
|
2017-09-12 23:19:09 +08:00
|
|
|
size_t length = 0;
|
2016-02-03 07:27:44 +08:00
|
|
|
unsigned short port;
|
2017-09-12 23:19:09 +08:00
|
|
|
BIO_ADDR *lpeer = NULL, *peer = NULL;
|
2015-01-22 11:40:55 +08:00
|
|
|
|
|
|
|
/* Initialize a random secret */
|
|
|
|
if (!cookie_initialized) {
|
2015-02-26 19:57:37 +08:00
|
|
|
if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) {
|
2015-01-22 11:40:55 +08:00
|
|
|
BIO_printf(bio_err, "error setting random cookie secret\n");
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
cookie_initialized = 1;
|
|
|
|
}
|
|
|
|
|
2017-09-12 23:19:09 +08:00
|
|
|
if (SSL_is_dtls(ssl)) {
|
|
|
|
lpeer = peer = BIO_ADDR_new();
|
|
|
|
if (peer == NULL) {
|
|
|
|
BIO_printf(bio_err, "memory full\n");
|
|
|
|
return 0;
|
|
|
|
}
|
2016-02-03 07:27:44 +08:00
|
|
|
|
2017-09-12 23:19:09 +08:00
|
|
|
/* Read peer information */
|
|
|
|
(void)BIO_dgram_get_peer(SSL_get_rbio(ssl), peer);
|
|
|
|
} else {
|
|
|
|
peer = ourpeer;
|
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
|
|
|
|
/* Create buffer with peer's address and port */
|
2017-09-12 23:19:09 +08:00
|
|
|
if (!BIO_ADDR_rawaddress(peer, NULL, &length)) {
|
|
|
|
BIO_printf(bio_err, "Failed getting peer address\n");
|
|
|
|
return 0;
|
|
|
|
}
|
2016-02-03 07:27:44 +08:00
|
|
|
OPENSSL_assert(length != 0);
|
|
|
|
port = BIO_ADDR_rawport(peer);
|
|
|
|
length += sizeof(port);
|
2015-05-01 05:48:31 +08:00
|
|
|
buffer = app_malloc(length, "cookie generate buffer");
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2016-02-03 07:27:44 +08:00
|
|
|
memcpy(buffer, &port, sizeof(port));
|
|
|
|
BIO_ADDR_rawaddress(peer, buffer + sizeof(port), NULL);
|
2015-01-22 11:40:55 +08:00
|
|
|
|
|
|
|
/* Calculate HMAC of buffer using the secret */
|
|
|
|
HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
|
2015-12-23 18:40:43 +08:00
|
|
|
buffer, length, cookie, cookie_len);
|
2016-02-03 07:27:44 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
OPENSSL_free(buffer);
|
2017-09-12 23:19:09 +08:00
|
|
|
BIO_ADDR_free(lpeer);
|
2015-01-22 11:40:55 +08:00
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2015-10-06 23:20:32 +08:00
|
|
|
int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
|
2015-01-22 11:40:55 +08:00
|
|
|
unsigned int cookie_len)
|
|
|
|
{
|
2015-12-23 18:40:43 +08:00
|
|
|
unsigned char result[EVP_MAX_MD_SIZE];
|
|
|
|
unsigned int resultlength;
|
|
|
|
|
|
|
|
/* Note: we check cookie_initialized because if it's not,
|
|
|
|
* it cannot be valid */
|
|
|
|
if (cookie_initialized
|
|
|
|
&& generate_cookie_callback(ssl, result, &resultlength)
|
|
|
|
&& cookie_len == resultlength
|
2015-01-22 11:40:55 +08:00
|
|
|
&& memcmp(result, cookie, resultlength) == 0)
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
2018-02-26 10:39:11 +08:00
|
|
|
|
|
|
|
int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie,
|
|
|
|
size_t *cookie_len)
|
|
|
|
{
|
|
|
|
unsigned int temp;
|
|
|
|
int res = generate_cookie_callback(ssl, cookie, &temp);
|
|
|
|
*cookie_len = temp;
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
|
|
|
|
int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie,
|
|
|
|
size_t cookie_len)
|
|
|
|
{
|
|
|
|
return verify_cookie_callback(ssl, cookie, cookie_len);
|
|
|
|
}
|
|
|
|
|
2016-03-21 23:32:40 +08:00
|
|
|
#endif
|
2015-01-22 11:40:55 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Example of extended certificate handling. Where the standard support of
|
|
|
|
* one certificate per algorithm is not sufficient an application can decide
|
|
|
|
* which certificate(s) to use at runtime based on whatever criteria it deems
|
|
|
|
* appropriate.
|
2012-06-29 22:24:42 +08:00
|
|
|
*/
|
|
|
|
|
|
|
|
/* Linked list of certificates, keys and chains */
|
2015-01-22 11:40:55 +08:00
|
|
|
struct ssl_excert_st {
|
|
|
|
int certform;
|
|
|
|
const char *certfile;
|
|
|
|
int keyform;
|
|
|
|
const char *keyfile;
|
|
|
|
const char *chainfile;
|
|
|
|
X509 *cert;
|
|
|
|
EVP_PKEY *key;
|
|
|
|
STACK_OF(X509) *chain;
|
|
|
|
int build_chain;
|
|
|
|
struct ssl_excert_st *next, *prev;
|
|
|
|
};
|
|
|
|
|
2015-05-16 04:32:49 +08:00
|
|
|
static STRINT_PAIR chain_flags[] = {
|
|
|
|
{"Overall Validity", CERT_PKEY_VALID},
|
|
|
|
{"Sign with EE key", CERT_PKEY_SIGN},
|
|
|
|
{"EE signature", CERT_PKEY_EE_SIGNATURE},
|
|
|
|
{"CA signature", CERT_PKEY_CA_SIGNATURE},
|
|
|
|
{"EE key parameters", CERT_PKEY_EE_PARAM},
|
|
|
|
{"CA key parameters", CERT_PKEY_CA_PARAM},
|
2016-02-06 04:23:54 +08:00
|
|
|
{"Explicitly sign with EE key", CERT_PKEY_EXPLICIT_SIGN},
|
2015-05-16 04:32:49 +08:00
|
|
|
{"Issuer Name", CERT_PKEY_ISSUER_NAME},
|
|
|
|
{"Certificate Type", CERT_PKEY_CERT_TYPE},
|
|
|
|
{NULL}
|
2015-01-22 11:40:55 +08:00
|
|
|
};
|
2012-07-27 21:39:23 +08:00
|
|
|
|
2015-04-29 23:27:08 +08:00
|
|
|
static void print_chain_flags(SSL *s, int flags)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2015-05-16 04:32:49 +08:00
|
|
|
STRINT_PAIR *pp;
|
2015-04-29 23:27:08 +08:00
|
|
|
|
2015-05-16 04:32:49 +08:00
|
|
|
for (pp = chain_flags; pp->name; ++pp)
|
|
|
|
BIO_printf(bio_err, "\t%s: %s\n",
|
|
|
|
pp->name,
|
|
|
|
(flags & pp->retval) ? "OK" : "NOT OK");
|
2015-04-29 23:27:08 +08:00
|
|
|
BIO_printf(bio_err, "\tSuite B: ");
|
2015-01-22 11:40:55 +08:00
|
|
|
if (SSL_set_cert_flags(s, 0) & SSL_CERT_FLAG_SUITEB_128_LOS)
|
2015-04-29 23:27:08 +08:00
|
|
|
BIO_puts(bio_err, flags & CERT_PKEY_SUITEB ? "OK\n" : "NOT OK\n");
|
2015-01-22 11:40:55 +08:00
|
|
|
else
|
2015-04-29 23:27:08 +08:00
|
|
|
BIO_printf(bio_err, "not tested\n");
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Very basic selection callback: just use any certificate chain reported as
|
|
|
|
* valid. More sophisticated could prioritise according to local policy.
|
2012-06-29 22:24:42 +08:00
|
|
|
*/
|
|
|
|
static int set_cert_cb(SSL *ssl, void *arg)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
int i, rv;
|
|
|
|
SSL_EXCERT *exc = arg;
|
2014-01-26 08:51:09 +08:00
|
|
|
#ifdef CERT_CB_TEST_RETRY
|
2015-01-22 11:40:55 +08:00
|
|
|
static int retry_cnt;
|
|
|
|
if (retry_cnt < 5) {
|
|
|
|
retry_cnt++;
|
2015-06-05 02:26:55 +08:00
|
|
|
BIO_printf(bio_err,
|
|
|
|
"Certificate callback retry test: count %d\n",
|
|
|
|
retry_cnt);
|
2015-01-22 11:40:55 +08:00
|
|
|
return -1;
|
|
|
|
}
|
2014-01-26 08:51:09 +08:00
|
|
|
#endif
|
2015-01-22 11:40:55 +08:00
|
|
|
SSL_certs_clear(ssl);
|
|
|
|
|
2017-06-13 01:24:02 +08:00
|
|
|
if (exc == NULL)
|
2015-01-22 11:40:55 +08:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Go to end of list and traverse backwards since we prepend newer
|
|
|
|
* entries this retains the original order.
|
|
|
|
*/
|
2017-06-13 01:24:02 +08:00
|
|
|
while (exc->next != NULL)
|
2015-01-22 11:40:55 +08:00
|
|
|
exc = exc->next;
|
|
|
|
|
|
|
|
i = 0;
|
|
|
|
|
2017-06-13 01:24:02 +08:00
|
|
|
while (exc != NULL) {
|
2015-01-22 11:40:55 +08:00
|
|
|
i++;
|
|
|
|
rv = SSL_check_chain(ssl, exc->cert, exc->key, exc->chain);
|
|
|
|
BIO_printf(bio_err, "Checking cert chain %d:\nSubject: ", i);
|
|
|
|
X509_NAME_print_ex(bio_err, X509_get_subject_name(exc->cert), 0,
|
2017-04-26 00:25:42 +08:00
|
|
|
get_nameopt());
|
2015-01-22 11:40:55 +08:00
|
|
|
BIO_puts(bio_err, "\n");
|
2015-04-29 23:27:08 +08:00
|
|
|
print_chain_flags(ssl, rv);
|
2015-01-22 11:40:55 +08:00
|
|
|
if (rv & CERT_PKEY_VALID) {
|
2015-04-16 13:50:03 +08:00
|
|
|
if (!SSL_use_certificate(ssl, exc->cert)
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
|| !SSL_use_PrivateKey(ssl, exc->key)) {
|
2015-03-06 22:39:46 +08:00
|
|
|
return 0;
|
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
/*
|
|
|
|
* NB: we wouldn't normally do this as it is not efficient
|
|
|
|
* building chains on each connection better to cache the chain
|
|
|
|
* in advance.
|
|
|
|
*/
|
|
|
|
if (exc->build_chain) {
|
|
|
|
if (!SSL_build_cert_chain(ssl, 0))
|
|
|
|
return 0;
|
2017-06-13 01:24:02 +08:00
|
|
|
} else if (exc->chain != NULL) {
|
2015-01-22 11:40:55 +08:00
|
|
|
SSL_set1_chain(ssl, exc->chain);
|
2017-06-13 01:24:02 +08:00
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
exc = exc->prev;
|
|
|
|
}
|
|
|
|
return 1;
|
|
|
|
}
|
2012-06-29 22:24:42 +08:00
|
|
|
|
|
|
|
void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
SSL_CTX_set_cert_cb(ctx, set_cert_cb, exc);
|
|
|
|
}
|
2012-06-29 22:24:42 +08:00
|
|
|
|
|
|
|
static int ssl_excert_prepend(SSL_EXCERT **pexc)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2015-05-02 11:10:31 +08:00
|
|
|
SSL_EXCERT *exc = app_malloc(sizeof(*exc), "prepend cert");
|
2015-05-01 05:48:31 +08:00
|
|
|
|
2015-09-03 21:15:26 +08:00
|
|
|
memset(exc, 0, sizeof(*exc));
|
2015-01-22 11:40:55 +08:00
|
|
|
|
|
|
|
exc->next = *pexc;
|
|
|
|
*pexc = exc;
|
|
|
|
|
|
|
|
if (exc->next) {
|
|
|
|
exc->certform = exc->next->certform;
|
|
|
|
exc->keyform = exc->next->keyform;
|
|
|
|
exc->next->prev = exc;
|
|
|
|
} else {
|
|
|
|
exc->certform = FORMAT_PEM;
|
|
|
|
exc->keyform = FORMAT_PEM;
|
|
|
|
}
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
}
|
2012-06-29 22:24:42 +08:00
|
|
|
|
|
|
|
void ssl_excert_free(SSL_EXCERT *exc)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
SSL_EXCERT *curr;
|
2015-05-02 02:37:16 +08:00
|
|
|
|
2017-06-13 01:24:02 +08:00
|
|
|
if (exc == NULL)
|
2015-05-02 02:37:16 +08:00
|
|
|
return;
|
2015-01-22 11:40:55 +08:00
|
|
|
while (exc) {
|
2015-05-01 05:33:59 +08:00
|
|
|
X509_free(exc->cert);
|
2015-03-28 22:54:15 +08:00
|
|
|
EVP_PKEY_free(exc->key);
|
2015-05-01 05:33:59 +08:00
|
|
|
sk_X509_pop_free(exc->chain, X509_free);
|
2015-01-22 11:40:55 +08:00
|
|
|
curr = exc;
|
|
|
|
exc = exc->next;
|
|
|
|
OPENSSL_free(curr);
|
|
|
|
}
|
|
|
|
}
|
2012-06-29 22:24:42 +08:00
|
|
|
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
int load_excert(SSL_EXCERT **pexc)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
SSL_EXCERT *exc = *pexc;
|
2017-06-13 01:24:02 +08:00
|
|
|
if (exc == NULL)
|
2015-01-22 11:40:55 +08:00
|
|
|
return 1;
|
|
|
|
/* If nothing in list, free and set to NULL */
|
2017-06-13 01:24:02 +08:00
|
|
|
if (exc->certfile == NULL && exc->next == NULL) {
|
2015-01-22 11:40:55 +08:00
|
|
|
ssl_excert_free(exc);
|
|
|
|
*pexc = NULL;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
for (; exc; exc = exc->next) {
|
2017-06-13 01:24:02 +08:00
|
|
|
if (exc->certfile == NULL) {
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
BIO_printf(bio_err, "Missing filename\n");
|
2015-01-22 11:40:55 +08:00
|
|
|
return 0;
|
|
|
|
}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
exc->cert = load_cert(exc->certfile, exc->certform,
|
2016-02-14 11:33:56 +08:00
|
|
|
"Server Certificate");
|
2017-06-13 01:24:02 +08:00
|
|
|
if (exc->cert == NULL)
|
2015-01-22 11:40:55 +08:00
|
|
|
return 0;
|
2017-06-13 01:24:02 +08:00
|
|
|
if (exc->keyfile != NULL) {
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
exc->key = load_key(exc->keyfile, exc->keyform,
|
2015-01-22 11:40:55 +08:00
|
|
|
0, NULL, NULL, "Server Key");
|
|
|
|
} else {
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
exc->key = load_key(exc->certfile, exc->certform,
|
2015-01-22 11:40:55 +08:00
|
|
|
0, NULL, NULL, "Server Key");
|
|
|
|
}
|
2017-06-13 01:24:02 +08:00
|
|
|
if (exc->key == NULL)
|
2015-01-22 11:40:55 +08:00
|
|
|
return 0;
|
2017-06-13 01:24:02 +08:00
|
|
|
if (exc->chainfile != NULL) {
|
2016-01-16 13:08:38 +08:00
|
|
|
if (!load_certs(exc->chainfile, &exc->chain, FORMAT_PEM, NULL,
|
2016-02-14 11:33:56 +08:00
|
|
|
"Server Chain"))
|
2015-01-22 11:40:55 +08:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return 1;
|
|
|
|
}
|
2012-06-29 22:24:42 +08:00
|
|
|
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
enum range { OPT_X_ENUM };
|
|
|
|
|
|
|
|
int args_excert(int opt, SSL_EXCERT **pexc)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
SSL_EXCERT *exc = *pexc;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
|
|
|
|
assert(opt > OPT_X__FIRST);
|
|
|
|
assert(opt < OPT_X__LAST);
|
|
|
|
|
|
|
|
if (exc == NULL) {
|
|
|
|
if (!ssl_excert_prepend(&exc)) {
|
|
|
|
BIO_printf(bio_err, " %s: Error initialising xcert\n",
|
|
|
|
opt_getprog());
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
|
|
|
}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
*pexc = exc;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
|
|
|
|
switch ((enum range)opt) {
|
|
|
|
case OPT_X__FIRST:
|
|
|
|
case OPT_X__LAST:
|
|
|
|
return 0;
|
|
|
|
case OPT_X_CERT:
|
2017-06-13 01:24:02 +08:00
|
|
|
if (exc->certfile != NULL && !ssl_excert_prepend(&exc)) {
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
BIO_printf(bio_err, "%s: Error adding xcert\n", opt_getprog());
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
|
|
|
}
|
2017-02-15 01:18:00 +08:00
|
|
|
*pexc = exc;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
exc->certfile = opt_arg();
|
|
|
|
break;
|
|
|
|
case OPT_X_KEY:
|
2017-06-13 01:24:02 +08:00
|
|
|
if (exc->keyfile != NULL) {
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
BIO_printf(bio_err, "%s: Key already specified\n", opt_getprog());
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
|
|
|
}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
exc->keyfile = opt_arg();
|
|
|
|
break;
|
|
|
|
case OPT_X_CHAIN:
|
2017-06-13 01:24:02 +08:00
|
|
|
if (exc->chainfile != NULL) {
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
BIO_printf(bio_err, "%s: Chain already specified\n",
|
|
|
|
opt_getprog());
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
|
|
|
}
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
exc->chainfile = opt_arg();
|
|
|
|
break;
|
|
|
|
case OPT_X_CHAIN_BUILD:
|
|
|
|
exc->build_chain = 1;
|
|
|
|
break;
|
|
|
|
case OPT_X_CERTFORM:
|
|
|
|
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &exc->certform))
|
|
|
|
return 0;
|
|
|
|
break;
|
|
|
|
case OPT_X_KEYFORM:
|
|
|
|
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &exc->keyform))
|
|
|
|
return 0;
|
|
|
|
break;
|
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
err:
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
ERR_print_errors(bio_err);
|
2015-05-02 02:37:16 +08:00
|
|
|
ssl_excert_free(exc);
|
2015-01-22 11:40:55 +08:00
|
|
|
*pexc = NULL;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
return 0;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2012-06-29 22:24:42 +08:00
|
|
|
|
2015-04-29 23:27:08 +08:00
|
|
|
static void print_raw_cipherlist(SSL *s)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
const unsigned char *rlist;
|
2016-02-22 02:57:43 +08:00
|
|
|
static const unsigned char scsv_id[] = { 0, 0xFF };
|
2015-01-22 11:40:55 +08:00
|
|
|
size_t i, rlistlen, num;
|
|
|
|
if (!SSL_is_server(s))
|
|
|
|
return;
|
|
|
|
num = SSL_get0_raw_cipherlist(s, NULL);
|
2016-02-22 02:57:43 +08:00
|
|
|
OPENSSL_assert(num == 2);
|
2015-01-22 11:40:55 +08:00
|
|
|
rlistlen = SSL_get0_raw_cipherlist(s, &rlist);
|
2015-04-29 23:27:08 +08:00
|
|
|
BIO_puts(bio_err, "Client cipher list: ");
|
2015-01-22 11:40:55 +08:00
|
|
|
for (i = 0; i < rlistlen; i += num, rlist += num) {
|
|
|
|
const SSL_CIPHER *c = SSL_CIPHER_find(s, rlist);
|
|
|
|
if (i)
|
2015-04-29 23:27:08 +08:00
|
|
|
BIO_puts(bio_err, ":");
|
2017-06-13 01:24:02 +08:00
|
|
|
if (c != NULL) {
|
2015-04-29 23:27:08 +08:00
|
|
|
BIO_puts(bio_err, SSL_CIPHER_get_name(c));
|
2017-06-13 01:24:02 +08:00
|
|
|
} else if (memcmp(rlist, scsv_id, num) == 0) {
|
2015-04-29 23:27:08 +08:00
|
|
|
BIO_puts(bio_err, "SCSV");
|
2017-06-13 01:24:02 +08:00
|
|
|
} else {
|
2015-01-22 11:40:55 +08:00
|
|
|
size_t j;
|
2015-04-29 23:27:08 +08:00
|
|
|
BIO_puts(bio_err, "0x");
|
2015-01-22 11:40:55 +08:00
|
|
|
for (j = 0; j < num; j++)
|
2015-04-29 23:27:08 +08:00
|
|
|
BIO_printf(bio_err, "%02X", rlist[j]);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
}
|
2015-04-29 23:27:08 +08:00
|
|
|
BIO_puts(bio_err, "\n");
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2012-09-13 07:14:28 +08:00
|
|
|
|
Suppress DANE TLSA reflection when verification fails
As documented both SSL_get0_dane_authority() and SSL_get0_dane_tlsa()
are expected to return a negative match depth and nothing else when
verification fails. However, this only happened when verification
failed during chain construction. Errors in verification of the
constructed chain did not have the intended effect on these functions.
This commit updates the functions to check for verify_result ==
X509_V_OK, and no longer erases any accumulated match information
when chain construction fails. Sophisticated developers can, with
care, use SSL_set_verify_result(ssl, X509_V_OK) to "peek" at TLSA
info even when verification fail. They must of course first check
and save the real error, and restore the original error as quickly
as possible. Hiding by default seems to be the safer interface.
Introduced X509_V_ERR_DANE_NO_MATCH code to signal failure to find
matching TLSA records. Previously reported via X509_V_ERR_CERT_UNTRUSTED.
This also changes the "-brief" output from s_client to include
verification results and TLSA match information.
Mentioned session resumption in code example in SSL_CTX_dane_enable(3).
Also mentioned that depths returned are relative to the verified chain
which is now available via SSL_get0_verified_chain(3).
Added a few more test-cases to danetest, that exercise the new
code.
Resolved thread safety issue in use of static buffer in
X509_verify_cert_error_string().
Fixed long-stating issue in apps/s_cb.c which always sets verify_error
to either X509_V_OK or "chain to long", code elsewhere (e.g.
s_time.c), seems to expect the actual error. [ The new chain
construction code is expected to correctly generate "chain
too long" errors, so at some point we need to drop the
work-arounds, once SSL_set_verify_depth() is also fixed to
propagate the depth to X509_STORE_CTX reliably. ]
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-08 08:07:57 +08:00
|
|
|
/*
|
|
|
|
* Hex encoder for TLSA RRdata, not ':' delimited.
|
|
|
|
*/
|
|
|
|
static char *hexencode(const unsigned char *data, size_t len)
|
|
|
|
{
|
|
|
|
static const char *hex = "0123456789abcdef";
|
|
|
|
char *out;
|
|
|
|
char *cp;
|
|
|
|
size_t outlen = 2 * len + 1;
|
|
|
|
int ilen = (int) outlen;
|
|
|
|
|
|
|
|
if (outlen < len || ilen < 0 || outlen != (size_t)ilen) {
|
2017-03-30 05:23:56 +08:00
|
|
|
BIO_printf(bio_err, "%s: %zu-byte buffer too large to hexencode\n",
|
|
|
|
opt_getprog(), len);
|
Suppress DANE TLSA reflection when verification fails
As documented both SSL_get0_dane_authority() and SSL_get0_dane_tlsa()
are expected to return a negative match depth and nothing else when
verification fails. However, this only happened when verification
failed during chain construction. Errors in verification of the
constructed chain did not have the intended effect on these functions.
This commit updates the functions to check for verify_result ==
X509_V_OK, and no longer erases any accumulated match information
when chain construction fails. Sophisticated developers can, with
care, use SSL_set_verify_result(ssl, X509_V_OK) to "peek" at TLSA
info even when verification fail. They must of course first check
and save the real error, and restore the original error as quickly
as possible. Hiding by default seems to be the safer interface.
Introduced X509_V_ERR_DANE_NO_MATCH code to signal failure to find
matching TLSA records. Previously reported via X509_V_ERR_CERT_UNTRUSTED.
This also changes the "-brief" output from s_client to include
verification results and TLSA match information.
Mentioned session resumption in code example in SSL_CTX_dane_enable(3).
Also mentioned that depths returned are relative to the verified chain
which is now available via SSL_get0_verified_chain(3).
Added a few more test-cases to danetest, that exercise the new
code.
Resolved thread safety issue in use of static buffer in
X509_verify_cert_error_string().
Fixed long-stating issue in apps/s_cb.c which always sets verify_error
to either X509_V_OK or "chain to long", code elsewhere (e.g.
s_time.c), seems to expect the actual error. [ The new chain
construction code is expected to correctly generate "chain
too long" errors, so at some point we need to drop the
work-arounds, once SSL_set_verify_depth() is also fixed to
propagate the depth to X509_STORE_CTX reliably. ]
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-08 08:07:57 +08:00
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
cp = out = app_malloc(ilen, "TLSA hex data buffer");
|
|
|
|
|
2016-03-17 11:58:58 +08:00
|
|
|
while (len-- > 0) {
|
Suppress DANE TLSA reflection when verification fails
As documented both SSL_get0_dane_authority() and SSL_get0_dane_tlsa()
are expected to return a negative match depth and nothing else when
verification fails. However, this only happened when verification
failed during chain construction. Errors in verification of the
constructed chain did not have the intended effect on these functions.
This commit updates the functions to check for verify_result ==
X509_V_OK, and no longer erases any accumulated match information
when chain construction fails. Sophisticated developers can, with
care, use SSL_set_verify_result(ssl, X509_V_OK) to "peek" at TLSA
info even when verification fail. They must of course first check
and save the real error, and restore the original error as quickly
as possible. Hiding by default seems to be the safer interface.
Introduced X509_V_ERR_DANE_NO_MATCH code to signal failure to find
matching TLSA records. Previously reported via X509_V_ERR_CERT_UNTRUSTED.
This also changes the "-brief" output from s_client to include
verification results and TLSA match information.
Mentioned session resumption in code example in SSL_CTX_dane_enable(3).
Also mentioned that depths returned are relative to the verified chain
which is now available via SSL_get0_verified_chain(3).
Added a few more test-cases to danetest, that exercise the new
code.
Resolved thread safety issue in use of static buffer in
X509_verify_cert_error_string().
Fixed long-stating issue in apps/s_cb.c which always sets verify_error
to either X509_V_OK or "chain to long", code elsewhere (e.g.
s_time.c), seems to expect the actual error. [ The new chain
construction code is expected to correctly generate "chain
too long" errors, so at some point we need to drop the
work-arounds, once SSL_set_verify_depth() is also fixed to
propagate the depth to X509_STORE_CTX reliably. ]
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-08 08:07:57 +08:00
|
|
|
*cp++ = hex[(*data >> 4) & 0x0f];
|
|
|
|
*cp++ = hex[*data++ & 0x0f];
|
|
|
|
}
|
|
|
|
*cp = '\0';
|
|
|
|
return out;
|
|
|
|
}
|
|
|
|
|
|
|
|
void print_verify_detail(SSL *s, BIO *bio)
|
|
|
|
{
|
|
|
|
int mdpth;
|
|
|
|
EVP_PKEY *mspki;
|
|
|
|
long verify_err = SSL_get_verify_result(s);
|
|
|
|
|
|
|
|
if (verify_err == X509_V_OK) {
|
|
|
|
const char *peername = SSL_get0_peername(s);
|
|
|
|
|
|
|
|
BIO_printf(bio, "Verification: OK\n");
|
|
|
|
if (peername != NULL)
|
|
|
|
BIO_printf(bio, "Verified peername: %s\n", peername);
|
|
|
|
} else {
|
|
|
|
const char *reason = X509_verify_cert_error_string(verify_err);
|
|
|
|
|
|
|
|
BIO_printf(bio, "Verification error: %s\n", reason);
|
|
|
|
}
|
|
|
|
|
|
|
|
if ((mdpth = SSL_get0_dane_authority(s, NULL, &mspki)) >= 0) {
|
|
|
|
uint8_t usage, selector, mtype;
|
|
|
|
const unsigned char *data = NULL;
|
|
|
|
size_t dlen = 0;
|
|
|
|
char *hexdata;
|
|
|
|
|
|
|
|
mdpth = SSL_get0_dane_tlsa(s, &usage, &selector, &mtype, &data, &dlen);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The TLSA data field can be quite long when it is a certificate,
|
|
|
|
* public key or even a SHA2-512 digest. Because the initial octets of
|
|
|
|
* ASN.1 certificates and public keys contain mostly boilerplate OIDs
|
|
|
|
* and lengths, we show the last 12 bytes of the data instead, as these
|
|
|
|
* are more likely to distinguish distinct TLSA records.
|
|
|
|
*/
|
|
|
|
#define TLSA_TAIL_SIZE 12
|
|
|
|
if (dlen > TLSA_TAIL_SIZE)
|
|
|
|
hexdata = hexencode(data + dlen - TLSA_TAIL_SIZE, TLSA_TAIL_SIZE);
|
|
|
|
else
|
|
|
|
hexdata = hexencode(data, dlen);
|
|
|
|
BIO_printf(bio, "DANE TLSA %d %d %d %s%s %s at depth %d\n",
|
|
|
|
usage, selector, mtype,
|
|
|
|
(dlen > TLSA_TAIL_SIZE) ? "..." : "", hexdata,
|
|
|
|
(mspki != NULL) ? "signed the certificate" :
|
|
|
|
mdpth ? "matched TA certificate" : "matched EE certificate",
|
|
|
|
mdpth);
|
|
|
|
OPENSSL_free(hexdata);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-04-29 23:27:08 +08:00
|
|
|
void print_ssl_summary(SSL *s)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
const SSL_CIPHER *c;
|
|
|
|
X509 *peer;
|
2015-04-29 23:27:08 +08:00
|
|
|
|
|
|
|
BIO_printf(bio_err, "Protocol version: %s\n", SSL_get_version(s));
|
|
|
|
print_raw_cipherlist(s);
|
2015-01-22 11:40:55 +08:00
|
|
|
c = SSL_get_current_cipher(s);
|
2015-04-29 23:27:08 +08:00
|
|
|
BIO_printf(bio_err, "Ciphersuite: %s\n", SSL_CIPHER_get_name(c));
|
|
|
|
do_print_sigalgs(bio_err, s, 0);
|
2015-01-22 11:40:55 +08:00
|
|
|
peer = SSL_get_peer_certificate(s);
|
2017-06-13 01:24:02 +08:00
|
|
|
if (peer != NULL) {
|
2015-01-22 11:40:55 +08:00
|
|
|
int nid;
|
Suppress DANE TLSA reflection when verification fails
As documented both SSL_get0_dane_authority() and SSL_get0_dane_tlsa()
are expected to return a negative match depth and nothing else when
verification fails. However, this only happened when verification
failed during chain construction. Errors in verification of the
constructed chain did not have the intended effect on these functions.
This commit updates the functions to check for verify_result ==
X509_V_OK, and no longer erases any accumulated match information
when chain construction fails. Sophisticated developers can, with
care, use SSL_set_verify_result(ssl, X509_V_OK) to "peek" at TLSA
info even when verification fail. They must of course first check
and save the real error, and restore the original error as quickly
as possible. Hiding by default seems to be the safer interface.
Introduced X509_V_ERR_DANE_NO_MATCH code to signal failure to find
matching TLSA records. Previously reported via X509_V_ERR_CERT_UNTRUSTED.
This also changes the "-brief" output from s_client to include
verification results and TLSA match information.
Mentioned session resumption in code example in SSL_CTX_dane_enable(3).
Also mentioned that depths returned are relative to the verified chain
which is now available via SSL_get0_verified_chain(3).
Added a few more test-cases to danetest, that exercise the new
code.
Resolved thread safety issue in use of static buffer in
X509_verify_cert_error_string().
Fixed long-stating issue in apps/s_cb.c which always sets verify_error
to either X509_V_OK or "chain to long", code elsewhere (e.g.
s_time.c), seems to expect the actual error. [ The new chain
construction code is expected to correctly generate "chain
too long" errors, so at some point we need to drop the
work-arounds, once SSL_set_verify_depth() is also fixed to
propagate the depth to X509_STORE_CTX reliably. ]
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-08 08:07:57 +08:00
|
|
|
|
2015-04-29 23:27:08 +08:00
|
|
|
BIO_puts(bio_err, "Peer certificate: ");
|
|
|
|
X509_NAME_print_ex(bio_err, X509_get_subject_name(peer),
|
2017-04-26 00:25:42 +08:00
|
|
|
0, get_nameopt());
|
2015-04-29 23:27:08 +08:00
|
|
|
BIO_puts(bio_err, "\n");
|
2015-01-22 11:40:55 +08:00
|
|
|
if (SSL_get_peer_signature_nid(s, &nid))
|
2015-04-29 23:27:08 +08:00
|
|
|
BIO_printf(bio_err, "Hash used: %s\n", OBJ_nid2sn(nid));
|
2017-01-26 07:28:57 +08:00
|
|
|
if (SSL_get_peer_signature_type_nid(s, &nid))
|
|
|
|
BIO_printf(bio_err, "Signature type: %s\n", get_sigtype(nid));
|
Suppress DANE TLSA reflection when verification fails
As documented both SSL_get0_dane_authority() and SSL_get0_dane_tlsa()
are expected to return a negative match depth and nothing else when
verification fails. However, this only happened when verification
failed during chain construction. Errors in verification of the
constructed chain did not have the intended effect on these functions.
This commit updates the functions to check for verify_result ==
X509_V_OK, and no longer erases any accumulated match information
when chain construction fails. Sophisticated developers can, with
care, use SSL_set_verify_result(ssl, X509_V_OK) to "peek" at TLSA
info even when verification fail. They must of course first check
and save the real error, and restore the original error as quickly
as possible. Hiding by default seems to be the safer interface.
Introduced X509_V_ERR_DANE_NO_MATCH code to signal failure to find
matching TLSA records. Previously reported via X509_V_ERR_CERT_UNTRUSTED.
This also changes the "-brief" output from s_client to include
verification results and TLSA match information.
Mentioned session resumption in code example in SSL_CTX_dane_enable(3).
Also mentioned that depths returned are relative to the verified chain
which is now available via SSL_get0_verified_chain(3).
Added a few more test-cases to danetest, that exercise the new
code.
Resolved thread safety issue in use of static buffer in
X509_verify_cert_error_string().
Fixed long-stating issue in apps/s_cb.c which always sets verify_error
to either X509_V_OK or "chain to long", code elsewhere (e.g.
s_time.c), seems to expect the actual error. [ The new chain
construction code is expected to correctly generate "chain
too long" errors, so at some point we need to drop the
work-arounds, once SSL_set_verify_depth() is also fixed to
propagate the depth to X509_STORE_CTX reliably. ]
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-08 08:07:57 +08:00
|
|
|
print_verify_detail(s, bio_err);
|
2017-06-13 01:24:02 +08:00
|
|
|
} else {
|
2015-04-29 23:27:08 +08:00
|
|
|
BIO_puts(bio_err, "No peer certificate\n");
|
2017-06-13 01:24:02 +08:00
|
|
|
}
|
2015-05-01 05:33:59 +08:00
|
|
|
X509_free(peer);
|
2013-08-18 00:40:08 +08:00
|
|
|
#ifndef OPENSSL_NO_EC
|
2015-04-29 23:27:08 +08:00
|
|
|
ssl_print_point_formats(bio_err, s);
|
2015-01-22 11:40:55 +08:00
|
|
|
if (SSL_is_server(s))
|
2016-11-09 22:51:06 +08:00
|
|
|
ssl_print_groups(bio_err, s, 1);
|
2015-01-22 11:40:55 +08:00
|
|
|
else
|
2015-04-29 23:27:08 +08:00
|
|
|
ssl_print_tmp_key(bio_err, s);
|
2013-08-18 00:40:08 +08:00
|
|
|
#else
|
2015-01-22 11:40:55 +08:00
|
|
|
if (!SSL_is_server(s))
|
2015-04-29 23:27:08 +08:00
|
|
|
ssl_print_tmp_key(bio_err, s);
|
2013-08-18 00:40:08 +08:00
|
|
|
#endif
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2012-09-13 07:14:28 +08:00
|
|
|
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str,
|
2016-02-14 13:17:59 +08:00
|
|
|
SSL_CTX *ctx)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
int i;
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
|
|
|
|
for (i = 0; i < sk_OPENSSL_STRING_num(str); i += 2) {
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
const char *flag = sk_OPENSSL_STRING_value(str, i);
|
|
|
|
const char *arg = sk_OPENSSL_STRING_value(str, i + 1);
|
|
|
|
if (SSL_CONF_cmd(cctx, flag, arg) <= 0) {
|
2017-06-13 01:24:02 +08:00
|
|
|
if (arg != NULL)
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
BIO_printf(bio_err, "Error with command: \"%s %s\"\n",
|
|
|
|
flag, arg);
|
|
|
|
else
|
|
|
|
BIO_printf(bio_err, "Error with command: \"%s\"\n", flag);
|
|
|
|
ERR_print_errors(bio_err);
|
2015-01-22 11:40:55 +08:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (!SSL_CONF_CTX_finish(cctx)) {
|
Big apps cleanup (option-parsing, etc)
This is merges the old "rsalz-monolith" branch over to master. The biggest
change is that option parsing switch from cascasding 'else if strcmp("-foo")'
to a utility routine and somethin akin to getopt. Also, an error in the
command line no longer prints the full summary; use -help (or --help :)
for that. There have been many other changes and code-cleanup, see
bullet list below.
Special thanks to Matt for the long and detailed code review.
TEMPORARY:
For now, comment out CRYPTO_mem_leaks() at end of main
Tickets closed:
RT3515: Use 3DES in pkcs12 if built with no-rc2
RT1766: s_client -reconnect and -starttls broke
RT2932: Catch write errors
RT2604: port should be 'unsigned short'
RT2983: total_bytes undeclared #ifdef RENEG
RT1523: Add -nocert to fix output in x509 app
RT3508: Remove unused variable introduced by b09eb24
RT3511: doc fix; req default serial is random
RT1325,2973: Add more extensions to c_rehash
RT2119,3407: Updated to dgst.pod
RT2379: Additional typo fix
RT2693: Extra include of string.h
RT2880: HFS is case-insensitive filenames
RT3246: req command prints version number wrong
Other changes; incompatibilities marked with *:
Add SCSV support
Add -misalign to speed command
Make dhparam, dsaparam, ecparam, x509 output C in proper style
Make some internal ocsp.c functions void
Only display cert usages with -help in verify
Use global bio_err, remove "BIO*err" parameter from functions
For filenames, - always means stdin (or stdout as appropriate)
Add aliases for -des/aes "wrap" ciphers.
*Remove support for IISSGC (server gated crypto)
*The undocumented OCSP -header flag is now "-header name=value"
*Documented the OCSP -header flag
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-04-25 03:26:15 +08:00
|
|
|
BIO_puts(bio_err, "Error finishing context\n");
|
|
|
|
ERR_print_errors(bio_err);
|
2015-01-22 11:40:55 +08:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
return 1;
|
|
|
|
}
|
2012-11-24 02:56:25 +08:00
|
|
|
|
2012-12-03 00:16:28 +08:00
|
|
|
static int add_crls_store(X509_STORE *st, STACK_OF(X509_CRL) *crls)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
X509_CRL *crl;
|
|
|
|
int i;
|
|
|
|
for (i = 0; i < sk_X509_CRL_num(crls); i++) {
|
|
|
|
crl = sk_X509_CRL_value(crls, i);
|
|
|
|
X509_STORE_add_crl(st, crl);
|
|
|
|
}
|
|
|
|
return 1;
|
|
|
|
}
|
2012-12-03 00:16:28 +08:00
|
|
|
|
2012-12-07 02:43:40 +08:00
|
|
|
int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
X509_STORE *st;
|
|
|
|
st = SSL_CTX_get_cert_store(ctx);
|
|
|
|
add_crls_store(st, crls);
|
|
|
|
if (crl_download)
|
|
|
|
store_setup_crl_download(st);
|
|
|
|
return 1;
|
|
|
|
}
|
2012-12-03 00:16:28 +08:00
|
|
|
|
2012-11-24 02:56:25 +08:00
|
|
|
int ssl_load_stores(SSL_CTX *ctx,
|
2015-01-22 11:40:55 +08:00
|
|
|
const char *vfyCApath, const char *vfyCAfile,
|
|
|
|
const char *chCApath, const char *chCAfile,
|
|
|
|
STACK_OF(X509_CRL) *crls, int crl_download)
|
|
|
|
{
|
|
|
|
X509_STORE *vfy = NULL, *ch = NULL;
|
|
|
|
int rv = 0;
|
2015-10-30 19:18:04 +08:00
|
|
|
if (vfyCApath != NULL || vfyCAfile != NULL) {
|
2015-01-22 11:40:55 +08:00
|
|
|
vfy = X509_STORE_new();
|
2015-10-30 19:18:04 +08:00
|
|
|
if (vfy == NULL)
|
|
|
|
goto err;
|
2015-01-22 11:40:55 +08:00
|
|
|
if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath))
|
|
|
|
goto err;
|
|
|
|
add_crls_store(vfy, crls);
|
|
|
|
SSL_CTX_set1_verify_cert_store(ctx, vfy);
|
|
|
|
if (crl_download)
|
|
|
|
store_setup_crl_download(vfy);
|
|
|
|
}
|
2015-10-30 19:18:04 +08:00
|
|
|
if (chCApath != NULL || chCAfile != NULL) {
|
2015-01-22 11:40:55 +08:00
|
|
|
ch = X509_STORE_new();
|
2015-10-30 19:18:04 +08:00
|
|
|
if (ch == NULL)
|
|
|
|
goto err;
|
2015-01-22 11:40:55 +08:00
|
|
|
if (!X509_STORE_load_locations(ch, chCAfile, chCApath))
|
|
|
|
goto err;
|
|
|
|
SSL_CTX_set1_chain_cert_store(ctx, ch);
|
|
|
|
}
|
|
|
|
rv = 1;
|
|
|
|
err:
|
2015-05-01 05:33:59 +08:00
|
|
|
X509_STORE_free(vfy);
|
|
|
|
X509_STORE_free(ch);
|
2015-01-22 11:40:55 +08:00
|
|
|
return rv;
|
|
|
|
}
|
2014-02-17 08:10:00 +08:00
|
|
|
|
|
|
|
/* Verbose print out of security callback */
|
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
typedef struct {
|
|
|
|
BIO *out;
|
|
|
|
int verbose;
|
2016-02-08 03:44:27 +08:00
|
|
|
int (*old_cb) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid,
|
2015-01-22 11:40:55 +08:00
|
|
|
void *other, void *ex);
|
|
|
|
} security_debug_ex;
|
2014-02-17 08:10:00 +08:00
|
|
|
|
2015-05-16 04:32:49 +08:00
|
|
|
static STRINT_PAIR callback_types[] = {
|
|
|
|
{"Supported Ciphersuite", SSL_SECOP_CIPHER_SUPPORTED},
|
|
|
|
{"Shared Ciphersuite", SSL_SECOP_CIPHER_SHARED},
|
|
|
|
{"Check Ciphersuite", SSL_SECOP_CIPHER_CHECK},
|
|
|
|
#ifndef OPENSSL_NO_DH
|
|
|
|
{"Temp DH key bits", SSL_SECOP_TMP_DH},
|
|
|
|
#endif
|
|
|
|
{"Supported Curve", SSL_SECOP_CURVE_SUPPORTED},
|
|
|
|
{"Shared Curve", SSL_SECOP_CURVE_SHARED},
|
|
|
|
{"Check Curve", SSL_SECOP_CURVE_CHECK},
|
2019-03-09 03:22:05 +08:00
|
|
|
{"Supported Signature Algorithm", SSL_SECOP_SIGALG_SUPPORTED},
|
|
|
|
{"Shared Signature Algorithm", SSL_SECOP_SIGALG_SHARED},
|
|
|
|
{"Check Signature Algorithm", SSL_SECOP_SIGALG_CHECK},
|
2015-05-16 04:32:49 +08:00
|
|
|
{"Signature Algorithm mask", SSL_SECOP_SIGALG_MASK},
|
|
|
|
{"Certificate chain EE key", SSL_SECOP_EE_KEY},
|
|
|
|
{"Certificate chain CA key", SSL_SECOP_CA_KEY},
|
|
|
|
{"Peer Chain EE key", SSL_SECOP_PEER_EE_KEY},
|
|
|
|
{"Peer Chain CA key", SSL_SECOP_PEER_CA_KEY},
|
|
|
|
{"Certificate chain CA digest", SSL_SECOP_CA_MD},
|
|
|
|
{"Peer chain CA digest", SSL_SECOP_PEER_CA_MD},
|
|
|
|
{"SSL compression", SSL_SECOP_COMPRESSION},
|
|
|
|
{"Session ticket", SSL_SECOP_TICKET},
|
|
|
|
{NULL}
|
|
|
|
};
|
|
|
|
|
2016-02-08 03:44:27 +08:00
|
|
|
static int security_callback_debug(const SSL *s, const SSL_CTX *ctx,
|
2015-01-22 11:40:55 +08:00
|
|
|
int op, int bits, int nid,
|
|
|
|
void *other, void *ex)
|
|
|
|
{
|
|
|
|
security_debug_ex *sdb = ex;
|
|
|
|
int rv, show_bits = 1, cert_md = 0;
|
|
|
|
const char *nm;
|
2019-03-09 03:22:05 +08:00
|
|
|
int show_nm;
|
2015-01-22 11:40:55 +08:00
|
|
|
rv = sdb->old_cb(s, ctx, op, bits, nid, other, ex);
|
|
|
|
if (rv == 1 && sdb->verbose < 2)
|
|
|
|
return 1;
|
|
|
|
BIO_puts(sdb->out, "Security callback: ");
|
|
|
|
|
2015-05-16 04:32:49 +08:00
|
|
|
nm = lookup(op, callback_types, NULL);
|
2019-03-09 03:22:05 +08:00
|
|
|
show_nm = nm != NULL;
|
2015-01-22 11:40:55 +08:00
|
|
|
switch (op) {
|
|
|
|
case SSL_SECOP_TICKET:
|
|
|
|
case SSL_SECOP_COMPRESSION:
|
|
|
|
show_bits = 0;
|
2019-03-09 03:22:05 +08:00
|
|
|
show_nm = 0;
|
2015-01-22 11:40:55 +08:00
|
|
|
break;
|
|
|
|
case SSL_SECOP_VERSION:
|
2015-05-16 04:32:49 +08:00
|
|
|
BIO_printf(sdb->out, "Version=%s", lookup(nid, ssl_versions, "???"));
|
2015-01-22 11:40:55 +08:00
|
|
|
show_bits = 0;
|
2019-03-09 03:22:05 +08:00
|
|
|
show_nm = 0;
|
2015-01-22 11:40:55 +08:00
|
|
|
break;
|
|
|
|
case SSL_SECOP_CA_MD:
|
|
|
|
case SSL_SECOP_PEER_CA_MD:
|
|
|
|
cert_md = 1;
|
|
|
|
break;
|
2019-03-09 03:22:05 +08:00
|
|
|
case SSL_SECOP_SIGALG_SUPPORTED:
|
|
|
|
case SSL_SECOP_SIGALG_SHARED:
|
|
|
|
case SSL_SECOP_SIGALG_CHECK:
|
|
|
|
case SSL_SECOP_SIGALG_MASK:
|
|
|
|
show_nm = 0;
|
|
|
|
break;
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2019-03-09 03:22:05 +08:00
|
|
|
if (show_nm)
|
2015-01-22 11:40:55 +08:00
|
|
|
BIO_printf(sdb->out, "%s=", nm);
|
|
|
|
|
|
|
|
switch (op & SSL_SECOP_OTHER_TYPE) {
|
|
|
|
|
|
|
|
case SSL_SECOP_OTHER_CIPHER:
|
|
|
|
BIO_puts(sdb->out, SSL_CIPHER_get_name(other));
|
|
|
|
break;
|
2014-02-17 08:10:00 +08:00
|
|
|
|
2014-11-19 01:16:57 +08:00
|
|
|
#ifndef OPENSSL_NO_EC
|
2015-01-22 11:40:55 +08:00
|
|
|
case SSL_SECOP_OTHER_CURVE:
|
|
|
|
{
|
|
|
|
const char *cname;
|
|
|
|
cname = EC_curve_nid2nist(nid);
|
|
|
|
if (cname == NULL)
|
|
|
|
cname = OBJ_nid2sn(nid);
|
|
|
|
BIO_puts(sdb->out, cname);
|
|
|
|
}
|
|
|
|
break;
|
2014-11-19 01:16:57 +08:00
|
|
|
#endif
|
2015-09-20 05:03:15 +08:00
|
|
|
#ifndef OPENSSL_NO_DH
|
2015-01-22 11:40:55 +08:00
|
|
|
case SSL_SECOP_OTHER_DH:
|
|
|
|
{
|
|
|
|
DH *dh = other;
|
2016-04-07 00:49:48 +08:00
|
|
|
BIO_printf(sdb->out, "%d", DH_bits(dh));
|
2015-01-22 11:40:55 +08:00
|
|
|
break;
|
|
|
|
}
|
2015-09-20 05:03:15 +08:00
|
|
|
#endif
|
2015-01-22 11:40:55 +08:00
|
|
|
case SSL_SECOP_OTHER_CERT:
|
|
|
|
{
|
|
|
|
if (cert_md) {
|
|
|
|
int sig_nid = X509_get_signature_nid(other);
|
|
|
|
BIO_puts(sdb->out, OBJ_nid2sn(sig_nid));
|
|
|
|
} else {
|
2015-12-14 21:13:32 +08:00
|
|
|
EVP_PKEY *pkey = X509_get0_pubkey(other);
|
2015-01-22 11:40:55 +08:00
|
|
|
const char *algname = "";
|
|
|
|
EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL,
|
|
|
|
&algname, EVP_PKEY_get0_asn1(pkey));
|
|
|
|
BIO_printf(sdb->out, "%s, bits=%d",
|
|
|
|
algname, EVP_PKEY_bits(pkey));
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
case SSL_SECOP_OTHER_SIGALG:
|
|
|
|
{
|
|
|
|
const unsigned char *salg = other;
|
|
|
|
const char *sname = NULL;
|
2019-03-09 03:22:05 +08:00
|
|
|
int raw_sig_code = (salg[0] << 8) + salg[1]; /* always big endian (msb, lsb) */
|
|
|
|
/* raw_sig_code: signature_scheme from tls1.3, or signature_and_hash from tls1.2 */
|
2015-01-22 11:40:55 +08:00
|
|
|
|
2019-03-09 03:22:05 +08:00
|
|
|
if (nm != NULL)
|
|
|
|
BIO_printf(sdb->out, "%s", nm);
|
2015-01-22 11:40:55 +08:00
|
|
|
else
|
2019-03-09 03:22:05 +08:00
|
|
|
BIO_printf(sdb->out, "s_cb.c:security_callback_debug op=0x%x", op);
|
|
|
|
|
|
|
|
sname = lookup(raw_sig_code, signature_tls13_scheme_list, NULL);
|
|
|
|
if (sname != NULL) {
|
|
|
|
BIO_printf(sdb->out, " scheme=%s", sname);
|
|
|
|
} else {
|
|
|
|
int alg_code = salg[1];
|
|
|
|
int hash_code = salg[0];
|
|
|
|
const char *alg_str = lookup(alg_code, signature_tls12_alg_list, NULL);
|
|
|
|
const char *hash_str = lookup(hash_code, signature_tls12_hash_list, NULL);
|
|
|
|
|
|
|
|
if (alg_str != NULL && hash_str != NULL)
|
|
|
|
BIO_printf(sdb->out, " digest=%s, algorithm=%s", hash_str, alg_str);
|
|
|
|
else
|
|
|
|
BIO_printf(sdb->out, " scheme=unknown(0x%04x)", raw_sig_code);
|
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
if (show_bits)
|
|
|
|
BIO_printf(sdb->out, ", security bits=%d", bits);
|
|
|
|
BIO_printf(sdb->out, ": %s\n", rv ? "yes" : "no");
|
|
|
|
return rv;
|
|
|
|
}
|
2014-02-17 08:10:00 +08:00
|
|
|
|
2015-04-29 23:27:08 +08:00
|
|
|
void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
|
|
|
static security_debug_ex sdb;
|
2015-04-29 23:27:08 +08:00
|
|
|
|
|
|
|
sdb.out = bio_err;
|
2015-01-22 11:40:55 +08:00
|
|
|
sdb.verbose = verbose;
|
|
|
|
sdb.old_cb = SSL_CTX_get_security_callback(ctx);
|
|
|
|
SSL_CTX_set_security_callback(ctx, security_callback_debug);
|
|
|
|
SSL_CTX_set0_security_ex_data(ctx, &sdb);
|
|
|
|
}
|
2017-02-02 02:14:27 +08:00
|
|
|
|
|
|
|
static void keylog_callback(const SSL *ssl, const char *line)
|
|
|
|
{
|
|
|
|
if (bio_keylog == NULL) {
|
|
|
|
BIO_printf(bio_err, "Keylog callback is invoked without valid file!\n");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* There might be concurrent writers to the keylog file, so we must ensure
|
|
|
|
* that the given line is written at once.
|
|
|
|
*/
|
|
|
|
BIO_printf(bio_keylog, "%s\n", line);
|
|
|
|
(void)BIO_flush(bio_keylog);
|
|
|
|
}
|
|
|
|
|
|
|
|
int set_keylog_file(SSL_CTX *ctx, const char *keylog_file)
|
|
|
|
{
|
|
|
|
/* Close any open files */
|
|
|
|
BIO_free_all(bio_keylog);
|
|
|
|
bio_keylog = NULL;
|
|
|
|
|
|
|
|
if (ctx == NULL || keylog_file == NULL) {
|
|
|
|
/* Keylogging is disabled, OK. */
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Append rather than write in order to allow concurrent modification.
|
|
|
|
* Furthermore, this preserves existing keylog files which is useful when
|
|
|
|
* the tool is run multiple times.
|
|
|
|
*/
|
|
|
|
bio_keylog = BIO_new_file(keylog_file, "a");
|
|
|
|
if (bio_keylog == NULL) {
|
|
|
|
BIO_printf(bio_err, "Error writing keylog file %s\n", keylog_file);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Write a header for seekable, empty files (this excludes pipes). */
|
|
|
|
if (BIO_tell(bio_keylog) == 0) {
|
|
|
|
BIO_puts(bio_keylog,
|
|
|
|
"# SSL/TLS secrets log file, generated by OpenSSL\n");
|
|
|
|
(void)BIO_flush(bio_keylog);
|
|
|
|
}
|
|
|
|
SSL_CTX_set_keylog_callback(ctx, keylog_callback);
|
|
|
|
return 0;
|
|
|
|
}
|
2017-04-01 00:04:28 +08:00
|
|
|
|
|
|
|
void print_ca_names(BIO *bio, SSL *s)
|
|
|
|
{
|
|
|
|
const char *cs = SSL_is_server(s) ? "server" : "client";
|
|
|
|
const STACK_OF(X509_NAME) *sk = SSL_get0_peer_CA_list(s);
|
|
|
|
int i;
|
|
|
|
|
|
|
|
if (sk == NULL || sk_X509_NAME_num(sk) == 0) {
|
|
|
|
BIO_printf(bio, "---\nNo %s certificate CA names sent\n", cs);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
BIO_printf(bio, "---\nAcceptable %s certificate CA names\n",cs);
|
|
|
|
for (i = 0; i < sk_X509_NAME_num(sk); i++) {
|
2017-04-26 00:25:42 +08:00
|
|
|
X509_NAME_print_ex(bio, sk_X509_NAME_value(sk, i), 0, get_nameopt());
|
2017-04-01 00:04:28 +08:00
|
|
|
BIO_write(bio, "\n", 1);
|
|
|
|
}
|
|
|
|
}
|