/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#include <stdio.h>
#include <stdlib.h>
#include <string.h> /* for memcpy() and strcmp() */
-#define USE_SOCKETS
#include "apps.h"
-#undef USE_SOCKETS
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/x509.h>
#define COOKIE_SECRET_LENGTH 16
-VERIFY_CB_ARGS verify_args = { 0, 0, X509_V_OK, 0 };
+VERIFY_CB_ARGS verify_args = { -1, 0, X509_V_OK, 0 };
#ifndef OPENSSL_NO_SOCK
static unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
if (!ok) {
BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
X509_verify_cert_error_string(err));
- if (verify_args.depth >= depth) {
+ if (verify_args.depth < 0 || verify_args.depth >= depth) {
if (!verify_args.return_error)
ok = 1;
verify_args.error = err;
policies_print(ctx);
if (ok && !verify_args.quiet)
BIO_printf(bio_err, "verify return:%d\n", ok);
- return (ok);
+ return ok;
}
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
BIO_printf(bio_err, "unable to get certificate from '%s'\n",
cert_file);
ERR_print_errors(bio_err);
- return (0);
+ return 0;
}
if (key_file == NULL)
key_file = cert_file;
BIO_printf(bio_err, "unable to get private key from '%s'\n",
key_file);
ERR_print_errors(bio_err);
- return (0);
+ return 0;
}
/*
if (!SSL_CTX_check_private_key(ctx)) {
BIO_printf(bio_err,
"Private key does not match the certificate public key\n");
- return (0);
+ return 0;
}
}
- return (1);
+ return 1;
}
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
case NID_ED25519:
return "Ed25519";
+ case NID_ED448:
+ return "Ed448";
+
+ case NID_id_GostR3410_2001:
+ return "gost2001";
+
+ case NID_id_GostR3410_2012_256:
+ return "gost2012_256";
+
+ case NID_id_GostR3410_2012_512:
+ return "gost2012_512";
+
default:
return NULL;
}
int ssl_print_tmp_key(BIO *out, SSL *s)
{
EVP_PKEY *key;
- if (!SSL_get_server_tmp_key(s, &key))
+
+ if (!SSL_get_peer_tmp_key(s, &key))
return 1;
BIO_puts(out, "Server Temp Key: ");
switch (EVP_PKEY_id(key)) {
out = (BIO *)BIO_get_callback_arg(bio);
if (out == NULL)
- return (ret);
+ return ret;
if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) {
BIO_printf(out, "read from %p [%p] (%lu bytes => %ld (0x%lX))\n",
(void *)bio, (void *)argp, (unsigned long)argi, ret, ret);
BIO_dump(out, argp, (int)ret);
- return (ret);
+ return ret;
} else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) {
BIO_printf(out, "write to %p [%p] (%lu bytes => %ld (0x%lX))\n",
(void *)bio, (void *)argp, (unsigned long)argi, ret, ret);
BIO_dump(out, argp, (int)ret);
}
- return (ret);
+ return ret;
}
void apps_ssl_info_callback(const SSL *s, int where, int ret)
{", HelloVerifyRequest", DTLS1_MT_HELLO_VERIFY_REQUEST},
{", NewSessionTicket", SSL3_MT_NEWSESSION_TICKET},
{", EndOfEarlyData", SSL3_MT_END_OF_EARLY_DATA},
- {", HelloRetryRequest", SSL3_MT_HELLO_RETRY_REQUEST},
{", EncryptedExtensions", SSL3_MT_ENCRYPTED_EXTENSIONS},
{", Certificate", SSL3_MT_CERTIFICATE},
{", ServerKeyExchange", SSL3_MT_SERVER_KEY_EXCHANGE},
{", CertificateVerify", SSL3_MT_CERTIFICATE_VERIFY},
{", ClientKeyExchange", SSL3_MT_CLIENT_KEY_EXCHANGE},
{", Finished", SSL3_MT_FINISHED},
- {", CertificateUrl", 21},
+ {", CertificateUrl", SSL3_MT_CERTIFICATE_URL},
{", CertificateStatus", SSL3_MT_CERTIFICATE_STATUS},
- {", SupplementalData", 23},
+ {", SupplementalData", SSL3_MT_SUPPLEMENTAL_DATA},
{", KeyUpdate", SSL3_MT_KEY_UPDATE},
#ifndef OPENSSL_NO_NEXTPROTONEG
{", NextProto", SSL3_MT_NEXT_PROTO},
{"psk", TLSEXT_TYPE_psk},
{"psk kex modes", TLSEXT_TYPE_psk_kex_modes},
{"certificate authorities", TLSEXT_TYPE_certificate_authorities},
+ {"post handshake auth", TLSEXT_TYPE_post_handshake_auth},
{NULL}
};
unsigned int *cookie_len)
{
unsigned char *buffer;
- size_t length;
+ size_t length = 0;
unsigned short port;
- BIO_ADDR *peer = NULL;
+ BIO_ADDR *lpeer = NULL, *peer = NULL;
/* Initialize a random secret */
if (!cookie_initialized) {
cookie_initialized = 1;
}
- peer = BIO_ADDR_new();
- if (peer == NULL) {
- BIO_printf(bio_err, "memory full\n");
- return 0;
- }
+ if (SSL_is_dtls(ssl)) {
+ lpeer = peer = BIO_ADDR_new();
+ if (peer == NULL) {
+ BIO_printf(bio_err, "memory full\n");
+ return 0;
+ }
- /* Read peer information */
- (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), peer);
+ /* Read peer information */
+ (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), peer);
+ } else {
+ peer = ourpeer;
+ }
/* Create buffer with peer's address and port */
- BIO_ADDR_rawaddress(peer, NULL, &length);
+ if (!BIO_ADDR_rawaddress(peer, NULL, &length)) {
+ BIO_printf(bio_err, "Failed getting peer address\n");
+ return 0;
+ }
OPENSSL_assert(length != 0);
port = BIO_ADDR_rawport(peer);
length += sizeof(port);
buffer, length, cookie, cookie_len);
OPENSSL_free(buffer);
- BIO_ADDR_free(peer);
+ BIO_ADDR_free(lpeer);
return 1;
}
return 0;
}
+
+int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie,
+ size_t *cookie_len)
+{
+ unsigned int temp;
+ int res = generate_cookie_callback(ssl, cookie, &temp);
+ *cookie_len = temp;
+ return res;
+}
+
+int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie,
+ size_t cookie_len)
+{
+ return verify_cookie_callback(ssl, cookie, cookie_len);
+}
+
#endif
/*