2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
58 /* ====================================================================
59 * Copyright 2005 Nokia. All rights reserved.
61 * The portions of the attached software ("Contribution") is developed by
62 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
65 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
66 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
67 * support (see RFC 4279) to OpenSSL.
69 * No patent licenses or other rights except those expressly stated in
70 * the OpenSSL open source license shall be deemed granted or received
71 * expressly, by implication, estoppel, or otherwise.
73 * No assurances are provided by Nokia that the Contribution does not
74 * infringe the patent or other intellectual property rights of any third
75 * party or that the license provides you with all the necessary rights
76 * to make use of the Contribution.
78 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
79 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
80 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
81 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
88 const char *SSL_state_string_long(const SSL *s)
94 str = "before SSL initialization";
97 str = "before accept initialization";
100 str = "before connect initialization";
103 str = "SSL negotiation finished successfully";
105 case SSL_ST_RENEGOTIATE:
106 str = "SSL renegotiate ciphers";
108 case SSL_ST_BEFORE | SSL_ST_CONNECT:
109 str = "before/connect initialization";
111 case SSL_ST_OK | SSL_ST_CONNECT:
112 str = "ok/connect SSL initialization";
114 case SSL_ST_BEFORE | SSL_ST_ACCEPT:
115 str = "before/accept initialization";
117 case SSL_ST_OK | SSL_ST_ACCEPT:
118 str = "ok/accept SSL initialization";
121 #ifndef OPENSSL_NO_SSL3
122 /* SSLv3 additions */
123 case SSL3_ST_CW_CLNT_HELLO_A:
124 str = "SSLv3 write client hello A";
126 case SSL3_ST_CW_CLNT_HELLO_B:
127 str = "SSLv3 write client hello B";
129 case SSL3_ST_CR_SRVR_HELLO_A:
130 str = "SSLv3 read server hello A";
132 case SSL3_ST_CR_SRVR_HELLO_B:
133 str = "SSLv3 read server hello B";
135 case SSL3_ST_CR_CERT_A:
136 str = "SSLv3 read server certificate A";
138 case SSL3_ST_CR_CERT_B:
139 str = "SSLv3 read server certificate B";
141 case SSL3_ST_CR_KEY_EXCH_A:
142 str = "SSLv3 read server key exchange A";
144 case SSL3_ST_CR_KEY_EXCH_B:
145 str = "SSLv3 read server key exchange B";
147 case SSL3_ST_CR_CERT_REQ_A:
148 str = "SSLv3 read server certificate request A";
150 case SSL3_ST_CR_CERT_REQ_B:
151 str = "SSLv3 read server certificate request B";
153 case SSL3_ST_CR_SESSION_TICKET_A:
154 str = "SSLv3 read server session ticket A";
156 case SSL3_ST_CR_SESSION_TICKET_B:
157 str = "SSLv3 read server session ticket B";
159 case SSL3_ST_CR_SRVR_DONE_A:
160 str = "SSLv3 read server done A";
162 case SSL3_ST_CR_SRVR_DONE_B:
163 str = "SSLv3 read server done B";
165 case SSL3_ST_CW_CERT_A:
166 str = "SSLv3 write client certificate A";
168 case SSL3_ST_CW_CERT_B:
169 str = "SSLv3 write client certificate B";
171 case SSL3_ST_CW_CERT_C:
172 str = "SSLv3 write client certificate C";
174 case SSL3_ST_CW_CERT_D:
175 str = "SSLv3 write client certificate D";
177 case SSL3_ST_CW_KEY_EXCH_A:
178 str = "SSLv3 write client key exchange A";
180 case SSL3_ST_CW_KEY_EXCH_B:
181 str = "SSLv3 write client key exchange B";
183 case SSL3_ST_CW_CERT_VRFY_A:
184 str = "SSLv3 write certificate verify A";
186 case SSL3_ST_CW_CERT_VRFY_B:
187 str = "SSLv3 write certificate verify B";
190 case SSL3_ST_CW_CHANGE_A:
191 case SSL3_ST_SW_CHANGE_A:
192 str = "SSLv3 write change cipher spec A";
194 case SSL3_ST_CW_CHANGE_B:
195 case SSL3_ST_SW_CHANGE_B:
196 str = "SSLv3 write change cipher spec B";
198 case SSL3_ST_CW_FINISHED_A:
199 case SSL3_ST_SW_FINISHED_A:
200 str = "SSLv3 write finished A";
202 case SSL3_ST_CW_FINISHED_B:
203 case SSL3_ST_SW_FINISHED_B:
204 str = "SSLv3 write finished B";
206 case SSL3_ST_CR_CHANGE_A:
207 case SSL3_ST_SR_CHANGE_A:
208 str = "SSLv3 read change cipher spec A";
210 case SSL3_ST_CR_CHANGE_B:
211 case SSL3_ST_SR_CHANGE_B:
212 str = "SSLv3 read change cipher spec B";
214 case SSL3_ST_CR_FINISHED_A:
215 case SSL3_ST_SR_FINISHED_A:
216 str = "SSLv3 read finished A";
218 case SSL3_ST_CR_FINISHED_B:
219 case SSL3_ST_SR_FINISHED_B:
220 str = "SSLv3 read finished B";
223 case SSL3_ST_CW_FLUSH:
224 case SSL3_ST_SW_FLUSH:
225 str = "SSLv3 flush data";
228 case SSL3_ST_SR_CLNT_HELLO_A:
229 str = "SSLv3 read client hello A";
231 case SSL3_ST_SR_CLNT_HELLO_B:
232 str = "SSLv3 read client hello B";
234 case SSL3_ST_SR_CLNT_HELLO_C:
235 str = "SSLv3 read client hello C";
237 case SSL3_ST_SW_HELLO_REQ_A:
238 str = "SSLv3 write hello request A";
240 case SSL3_ST_SW_HELLO_REQ_B:
241 str = "SSLv3 write hello request B";
243 case SSL3_ST_SW_HELLO_REQ_C:
244 str = "SSLv3 write hello request C";
246 case SSL3_ST_SW_SRVR_HELLO_A:
247 str = "SSLv3 write server hello A";
249 case SSL3_ST_SW_SRVR_HELLO_B:
250 str = "SSLv3 write server hello B";
252 case SSL3_ST_SW_CERT_A:
253 str = "SSLv3 write certificate A";
255 case SSL3_ST_SW_CERT_B:
256 str = "SSLv3 write certificate B";
258 case SSL3_ST_SW_KEY_EXCH_A:
259 str = "SSLv3 write key exchange A";
261 case SSL3_ST_SW_KEY_EXCH_B:
262 str = "SSLv3 write key exchange B";
264 case SSL3_ST_SW_CERT_REQ_A:
265 str = "SSLv3 write certificate request A";
267 case SSL3_ST_SW_CERT_REQ_B:
268 str = "SSLv3 write certificate request B";
270 case SSL3_ST_SW_SESSION_TICKET_A:
271 str = "SSLv3 write session ticket A";
273 case SSL3_ST_SW_SESSION_TICKET_B:
274 str = "SSLv3 write session ticket B";
276 case SSL3_ST_SW_SRVR_DONE_A:
277 str = "SSLv3 write server done A";
279 case SSL3_ST_SW_SRVR_DONE_B:
280 str = "SSLv3 write server done B";
282 case SSL3_ST_SR_CERT_A:
283 str = "SSLv3 read client certificate A";
285 case SSL3_ST_SR_CERT_B:
286 str = "SSLv3 read client certificate B";
288 case SSL3_ST_SR_KEY_EXCH_A:
289 str = "SSLv3 read client key exchange A";
291 case SSL3_ST_SR_KEY_EXCH_B:
292 str = "SSLv3 read client key exchange B";
294 case SSL3_ST_SR_CERT_VRFY_A:
295 str = "SSLv3 read certificate verify A";
297 case SSL3_ST_SR_CERT_VRFY_B:
298 str = "SSLv3 read certificate verify B";
302 /* SSLv2/v3 compatibility states */
304 case SSL23_ST_CW_CLNT_HELLO_A:
305 str = "SSLv2/v3 write client hello A";
307 case SSL23_ST_CW_CLNT_HELLO_B:
308 str = "SSLv2/v3 write client hello B";
310 case SSL23_ST_CR_SRVR_HELLO_A:
311 str = "SSLv2/v3 read server hello A";
313 case SSL23_ST_CR_SRVR_HELLO_B:
314 str = "SSLv2/v3 read server hello B";
317 case SSL23_ST_SR_CLNT_HELLO_A:
318 str = "SSLv2/v3 read client hello A";
320 case SSL23_ST_SR_CLNT_HELLO_B:
321 str = "SSLv2/v3 read client hello B";
325 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
326 str = "DTLS1 read hello verify request A";
328 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
329 str = "DTLS1 read hello verify request B";
331 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
332 str = "DTLS1 write hello verify request A";
334 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
335 str = "DTLS1 write hello verify request B";
339 str = "unknown state";
346 const char *SSL_state_string(const SSL *s)
364 #ifndef OPENSSL_NO_SSL3
365 /* SSLv3 additions */
366 case SSL3_ST_SW_FLUSH:
367 case SSL3_ST_CW_FLUSH:
370 case SSL3_ST_CW_CLNT_HELLO_A:
373 case SSL3_ST_CW_CLNT_HELLO_B:
376 case SSL3_ST_CR_SRVR_HELLO_A:
379 case SSL3_ST_CR_SRVR_HELLO_B:
382 case SSL3_ST_CR_CERT_A:
385 case SSL3_ST_CR_CERT_B:
388 case SSL3_ST_CR_KEY_EXCH_A:
391 case SSL3_ST_CR_KEY_EXCH_B:
394 case SSL3_ST_CR_CERT_REQ_A:
397 case SSL3_ST_CR_CERT_REQ_B:
400 case SSL3_ST_CR_SRVR_DONE_A:
403 case SSL3_ST_CR_SRVR_DONE_B:
406 case SSL3_ST_CW_CERT_A:
409 case SSL3_ST_CW_CERT_B:
412 case SSL3_ST_CW_CERT_C:
415 case SSL3_ST_CW_CERT_D:
418 case SSL3_ST_CW_KEY_EXCH_A:
421 case SSL3_ST_CW_KEY_EXCH_B:
424 case SSL3_ST_CW_CERT_VRFY_A:
427 case SSL3_ST_CW_CERT_VRFY_B:
431 case SSL3_ST_SW_CHANGE_A:
432 case SSL3_ST_CW_CHANGE_A:
435 case SSL3_ST_SW_CHANGE_B:
436 case SSL3_ST_CW_CHANGE_B:
439 case SSL3_ST_SW_FINISHED_A:
440 case SSL3_ST_CW_FINISHED_A:
443 case SSL3_ST_SW_FINISHED_B:
444 case SSL3_ST_CW_FINISHED_B:
447 case SSL3_ST_SR_CHANGE_A:
448 case SSL3_ST_CR_CHANGE_A:
451 case SSL3_ST_SR_CHANGE_B:
452 case SSL3_ST_CR_CHANGE_B:
455 case SSL3_ST_SR_FINISHED_A:
456 case SSL3_ST_CR_FINISHED_A:
459 case SSL3_ST_SR_FINISHED_B:
460 case SSL3_ST_CR_FINISHED_B:
464 case SSL3_ST_SW_HELLO_REQ_A:
467 case SSL3_ST_SW_HELLO_REQ_B:
470 case SSL3_ST_SW_HELLO_REQ_C:
473 case SSL3_ST_SR_CLNT_HELLO_A:
476 case SSL3_ST_SR_CLNT_HELLO_B:
479 case SSL3_ST_SR_CLNT_HELLO_C:
482 case SSL3_ST_SW_SRVR_HELLO_A:
485 case SSL3_ST_SW_SRVR_HELLO_B:
488 case SSL3_ST_SW_CERT_A:
491 case SSL3_ST_SW_CERT_B:
494 case SSL3_ST_SW_KEY_EXCH_A:
497 case SSL3_ST_SW_KEY_EXCH_B:
500 case SSL3_ST_SW_CERT_REQ_A:
503 case SSL3_ST_SW_CERT_REQ_B:
506 case SSL3_ST_SW_SRVR_DONE_A:
509 case SSL3_ST_SW_SRVR_DONE_B:
512 case SSL3_ST_SR_CERT_A:
515 case SSL3_ST_SR_CERT_B:
518 case SSL3_ST_SR_KEY_EXCH_A:
521 case SSL3_ST_SR_KEY_EXCH_B:
524 case SSL3_ST_SR_CERT_VRFY_A:
527 case SSL3_ST_SR_CERT_VRFY_B:
532 /* SSLv2/v3 compatibility states */
534 case SSL23_ST_CW_CLNT_HELLO_A:
537 case SSL23_ST_CW_CLNT_HELLO_B:
540 case SSL23_ST_CR_SRVR_HELLO_A:
543 case SSL23_ST_CR_SRVR_HELLO_B:
547 case SSL23_ST_SR_CLNT_HELLO_A:
550 case SSL23_ST_SR_CLNT_HELLO_B:
555 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
558 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
561 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
564 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
575 const char *SSL_alert_type_string_long(int value)
578 if (value == SSL3_AL_WARNING)
580 else if (value == SSL3_AL_FATAL)
586 const char *SSL_alert_type_string(int value)
589 if (value == SSL3_AL_WARNING)
591 else if (value == SSL3_AL_FATAL)
597 const char *SSL_alert_desc_string(int value)
601 switch (value & 0xff) {
602 case SSL3_AD_CLOSE_NOTIFY:
605 case SSL3_AD_UNEXPECTED_MESSAGE:
608 case SSL3_AD_BAD_RECORD_MAC:
611 case SSL3_AD_DECOMPRESSION_FAILURE:
614 case SSL3_AD_HANDSHAKE_FAILURE:
617 case SSL3_AD_NO_CERTIFICATE:
620 case SSL3_AD_BAD_CERTIFICATE:
623 case SSL3_AD_UNSUPPORTED_CERTIFICATE:
626 case SSL3_AD_CERTIFICATE_REVOKED:
629 case SSL3_AD_CERTIFICATE_EXPIRED:
632 case SSL3_AD_CERTIFICATE_UNKNOWN:
635 case SSL3_AD_ILLEGAL_PARAMETER:
638 case TLS1_AD_DECRYPTION_FAILED:
641 case TLS1_AD_RECORD_OVERFLOW:
644 case TLS1_AD_UNKNOWN_CA:
647 case TLS1_AD_ACCESS_DENIED:
650 case TLS1_AD_DECODE_ERROR:
653 case TLS1_AD_DECRYPT_ERROR:
656 case TLS1_AD_EXPORT_RESTRICTION:
659 case TLS1_AD_PROTOCOL_VERSION:
662 case TLS1_AD_INSUFFICIENT_SECURITY:
665 case TLS1_AD_INTERNAL_ERROR:
668 case TLS1_AD_USER_CANCELLED:
671 case TLS1_AD_NO_RENEGOTIATION:
674 case TLS1_AD_UNSUPPORTED_EXTENSION:
677 case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
680 case TLS1_AD_UNRECOGNIZED_NAME:
683 case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
686 case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
689 case TLS1_AD_UNKNOWN_PSK_IDENTITY:
699 const char *SSL_alert_desc_string_long(int value)
703 switch (value & 0xff) {
704 case SSL3_AD_CLOSE_NOTIFY:
705 str = "close notify";
707 case SSL3_AD_UNEXPECTED_MESSAGE:
708 str = "unexpected_message";
710 case SSL3_AD_BAD_RECORD_MAC:
711 str = "bad record mac";
713 case SSL3_AD_DECOMPRESSION_FAILURE:
714 str = "decompression failure";
716 case SSL3_AD_HANDSHAKE_FAILURE:
717 str = "handshake failure";
719 case SSL3_AD_NO_CERTIFICATE:
720 str = "no certificate";
722 case SSL3_AD_BAD_CERTIFICATE:
723 str = "bad certificate";
725 case SSL3_AD_UNSUPPORTED_CERTIFICATE:
726 str = "unsupported certificate";
728 case SSL3_AD_CERTIFICATE_REVOKED:
729 str = "certificate revoked";
731 case SSL3_AD_CERTIFICATE_EXPIRED:
732 str = "certificate expired";
734 case SSL3_AD_CERTIFICATE_UNKNOWN:
735 str = "certificate unknown";
737 case SSL3_AD_ILLEGAL_PARAMETER:
738 str = "illegal parameter";
740 case TLS1_AD_DECRYPTION_FAILED:
741 str = "decryption failed";
743 case TLS1_AD_RECORD_OVERFLOW:
744 str = "record overflow";
746 case TLS1_AD_UNKNOWN_CA:
749 case TLS1_AD_ACCESS_DENIED:
750 str = "access denied";
752 case TLS1_AD_DECODE_ERROR:
753 str = "decode error";
755 case TLS1_AD_DECRYPT_ERROR:
756 str = "decrypt error";
758 case TLS1_AD_EXPORT_RESTRICTION:
759 str = "export restriction";
761 case TLS1_AD_PROTOCOL_VERSION:
762 str = "protocol version";
764 case TLS1_AD_INSUFFICIENT_SECURITY:
765 str = "insufficient security";
767 case TLS1_AD_INTERNAL_ERROR:
768 str = "internal error";
770 case TLS1_AD_USER_CANCELLED:
771 str = "user canceled";
773 case TLS1_AD_NO_RENEGOTIATION:
774 str = "no renegotiation";
776 case TLS1_AD_UNSUPPORTED_EXTENSION:
777 str = "unsupported extension";
779 case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
780 str = "certificate unobtainable";
782 case TLS1_AD_UNRECOGNIZED_NAME:
783 str = "unrecognized name";
785 case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
786 str = "bad certificate status response";
788 case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
789 str = "bad certificate hash value";
791 case TLS1_AD_UNKNOWN_PSK_IDENTITY:
792 str = "unknown PSK identity";