| OLD | NEW |
|---|
| 1 /* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */ | 1 /* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */ |
| 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 * All rights reserved. | 3 * All rights reserved. |
| 4 * | 4 * |
| 5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
| 6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
| 7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
| 8 * | 8 * |
| 9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
| 10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 51 * SUCH DAMAGE. | 51 * SUCH DAMAGE. |
| 52 * | 52 * |
| 53 * The licence and distribution terms for any publically available version or | 53 * The licence and distribution terms for any publically available version or |
| 54 * derivative of this code cannot be changed. i.e. this code cannot simply be | 54 * derivative of this code cannot be changed. i.e. this code cannot simply be |
| 55 * copied and put under another distribution licence | 55 * copied and put under another distribution licence |
| 56 * [including the GNU Public Licence.] | 56 * [including the GNU Public Licence.] |
| 57 */ | 57 */ |
| 58 /* ==================================================================== | 58 /* ==================================================================== |
| 59 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | 59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. |
| 60 * | 60 * |
| 61 * Redistribution and use in source and binary forms, with or without | 61 * Redistribution and use in source and binary forms, with or without |
| 62 * modification, are permitted provided that the following conditions | 62 * modification, are permitted provided that the following conditions |
| 63 * are met: | 63 * are met: |
| 64 * | 64 * |
| 65 * 1. Redistributions of source code must retain the above copyright | 65 * 1. Redistributions of source code must retain the above copyright |
| 66 * notice, this list of conditions and the following disclaimer. | 66 * notice, this list of conditions and the following disclaimer. |
| 67 * | 67 * |
| 68 * 2. Redistributions in binary form must reproduce the above copyright | 68 * 2. Redistributions in binary form must reproduce the above copyright |
| 69 * notice, this list of conditions and the following disclaimer in | 69 * notice, this list of conditions and the following disclaimer in |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 119 #include <openssl/err.h> | 119 #include <openssl/err.h> |
| 120 #include <openssl/rand.h> | 120 #include <openssl/rand.h> |
| 121 #include <openssl/x509.h> | 121 #include <openssl/x509.h> |
| 122 #include <openssl/ssl.h> | 122 #include <openssl/ssl.h> |
| 123 #include "s_apps.h" | 123 #include "s_apps.h" |
| 124 | 124 |
| 125 #define COOKIE_SECRET_LENGTH 16 | 125 #define COOKIE_SECRET_LENGTH 16 |
| 126 | 126 |
| 127 int verify_depth=0; | 127 int verify_depth=0; |
| 128 int verify_error=X509_V_OK; | 128 int verify_error=X509_V_OK; |
| 129 int verify_return_error=0; |
| 129 unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; | 130 unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; |
| 130 int cookie_initialized=0; | 131 int cookie_initialized=0; |
| 131 | 132 |
| 132 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) | 133 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) |
| 133 { | 134 { |
| 134 char buf[256]; | |
| 135 X509 *err_cert; | 135 X509 *err_cert; |
| 136 int err,depth; | 136 int err,depth; |
| 137 | 137 |
| 138 err_cert=X509_STORE_CTX_get_current_cert(ctx); | 138 err_cert=X509_STORE_CTX_get_current_cert(ctx); |
| 139 err= X509_STORE_CTX_get_error(ctx); | 139 err= X509_STORE_CTX_get_error(ctx); |
| 140 depth= X509_STORE_CTX_get_error_depth(ctx); | 140 depth= X509_STORE_CTX_get_error_depth(ctx); |
| 141 | 141 |
| 142 » X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof buf); | 142 » BIO_printf(bio_err,"depth=%d ",depth); |
| 143 » BIO_printf(bio_err,"depth=%d %s\n",depth,buf); | 143 » if (err_cert) |
| 144 » » { |
| 145 » » X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert), |
| 146 » » » » » 0, XN_FLAG_ONELINE); |
| 147 » » BIO_puts(bio_err, "\n"); |
| 148 » » } |
| 149 » else |
| 150 » » BIO_puts(bio_err, "<no cert>\n"); |
| 144 if (!ok) | 151 if (!ok) |
| 145 { | 152 { |
| 146 BIO_printf(bio_err,"verify error:num=%d:%s\n",err, | 153 BIO_printf(bio_err,"verify error:num=%d:%s\n",err, |
| 147 X509_verify_cert_error_string(err)); | 154 X509_verify_cert_error_string(err)); |
| 148 if (verify_depth >= depth) | 155 if (verify_depth >= depth) |
| 149 { | 156 { |
| 150 » » » ok=1; | 157 » » » if (!verify_return_error) |
| 158 » » » » ok=1; |
| 151 verify_error=X509_V_OK; | 159 verify_error=X509_V_OK; |
| 152 } | 160 } |
| 153 else | 161 else |
| 154 { | 162 { |
| 155 ok=0; | 163 ok=0; |
| 156 verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG; | 164 verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG; |
| 157 } | 165 } |
| 158 } | 166 } |
| 159 » switch (ctx->error) | 167 » switch (err) |
| 160 { | 168 { |
| 161 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: | 169 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: |
| 162 » » X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,si
zeof buf); | 170 » » BIO_puts(bio_err,"issuer= "); |
| 163 » » BIO_printf(bio_err,"issuer= %s\n",buf); | 171 » » X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), |
| 172 » » » » » 0, XN_FLAG_ONELINE); |
| 173 » » BIO_puts(bio_err, "\n"); |
| 164 break; | 174 break; |
| 165 case X509_V_ERR_CERT_NOT_YET_VALID: | 175 case X509_V_ERR_CERT_NOT_YET_VALID: |
| 166 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: | 176 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: |
| 167 BIO_printf(bio_err,"notBefore="); | 177 BIO_printf(bio_err,"notBefore="); |
| 168 » » ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert)); | 178 » » ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert)); |
| 169 BIO_printf(bio_err,"\n"); | 179 BIO_printf(bio_err,"\n"); |
| 170 break; | 180 break; |
| 171 case X509_V_ERR_CERT_HAS_EXPIRED: | 181 case X509_V_ERR_CERT_HAS_EXPIRED: |
| 172 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: | 182 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: |
| 173 BIO_printf(bio_err,"notAfter="); | 183 BIO_printf(bio_err,"notAfter="); |
| 174 » » ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert)); | 184 » » ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert)); |
| 175 BIO_printf(bio_err,"\n"); | 185 BIO_printf(bio_err,"\n"); |
| 176 break; | 186 break; |
| 187 case X509_V_ERR_NO_EXPLICIT_POLICY: |
| 188 policies_print(bio_err, ctx); |
| 189 break; |
| 177 } | 190 } |
| 191 if (err == X509_V_OK && ok == 2) |
| 192 policies_print(bio_err, ctx); |
| 193 |
| 178 BIO_printf(bio_err,"verify return:%d\n",ok); | 194 BIO_printf(bio_err,"verify return:%d\n",ok); |
| 179 return(ok); | 195 return(ok); |
| 180 } | 196 } |
| 181 | 197 |
| 182 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) | 198 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) |
| 183 { | 199 { |
| 184 if (cert_file != NULL) | 200 if (cert_file != NULL) |
| 185 { | 201 { |
| 186 /* | 202 /* |
| 187 SSL *ssl; | 203 SSL *ssl; |
| (...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 256 * the SSL context */ | 272 * the SSL context */ |
| 257 if (!SSL_CTX_check_private_key(ctx)) | 273 if (!SSL_CTX_check_private_key(ctx)) |
| 258 { | 274 { |
| 259 BIO_printf(bio_err,"Private key does not match the certificate p
ublic key\n"); | 275 BIO_printf(bio_err,"Private key does not match the certificate p
ublic key\n"); |
| 260 return 0; | 276 return 0; |
| 261 } | 277 } |
| 262 return 1; | 278 return 1; |
| 263 } | 279 } |
| 264 | 280 |
| 265 long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, | 281 long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, |
| 266 » int argi, long argl, long ret) | 282 » » » » int argi, long argl, long ret) |
| 267 { | 283 { |
| 268 BIO *out; | 284 BIO *out; |
| 269 | 285 |
| 270 out=(BIO *)BIO_get_callback_arg(bio); | 286 out=(BIO *)BIO_get_callback_arg(bio); |
| 271 if (out == NULL) return(ret); | 287 if (out == NULL) return(ret); |
| 272 | 288 |
| 273 if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) | 289 if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) |
| 274 { | 290 { |
| 275 » » BIO_printf(out,"read from %p [%p] (%d bytes => %ld (0x%lX))\n", | 291 » » BIO_printf(out,"read from %p [%p] (%lu bytes => %ld (0x%lX))\n", |
| 276 » » » (void *)bio,argp,argi,ret,ret); | 292 » » » (void *)bio,argp,(unsigned long)argi,ret,ret); |
| 277 BIO_dump(out,argp,(int)ret); | 293 BIO_dump(out,argp,(int)ret); |
| 278 return(ret); | 294 return(ret); |
| 279 } | 295 } |
| 280 else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) | 296 else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) |
| 281 { | 297 { |
| 282 » » BIO_printf(out,"write to %p [%p] (%d bytes => %ld (0x%lX))\n", | 298 » » BIO_printf(out,"write to %p [%p] (%lu bytes => %ld (0x%lX))\n", |
| 283 » » » (void *)bio,argp,argi,ret,ret); | 299 » » » (void *)bio,argp,(unsigned long)argi,ret,ret); |
| 284 BIO_dump(out,argp,(int)ret); | 300 BIO_dump(out,argp,(int)ret); |
| 285 } | 301 } |
| 286 return(ret); | 302 return(ret); |
| 287 } | 303 } |
| 288 | 304 |
| 289 void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret) | 305 void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret) |
| 290 { | 306 { |
| 291 const char *str; | 307 const char *str; |
| 292 int w; | 308 int w; |
| 293 | 309 |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 334 { | 350 { |
| 335 case SSL2_VERSION: | 351 case SSL2_VERSION: |
| 336 str_version = "SSL 2.0"; | 352 str_version = "SSL 2.0"; |
| 337 break; | 353 break; |
| 338 case SSL3_VERSION: | 354 case SSL3_VERSION: |
| 339 str_version = "SSL 3.0 "; | 355 str_version = "SSL 3.0 "; |
| 340 break; | 356 break; |
| 341 case TLS1_VERSION: | 357 case TLS1_VERSION: |
| 342 str_version = "TLS 1.0 "; | 358 str_version = "TLS 1.0 "; |
| 343 break; | 359 break; |
| 344 default: | |
| 345 str_version = "???"; | |
| 346 case DTLS1_VERSION: | 360 case DTLS1_VERSION: |
| 347 str_version = "DTLS 1.0 "; | 361 str_version = "DTLS 1.0 "; |
| 348 break; | 362 break; |
| 349 case DTLS1_BAD_VER: | 363 case DTLS1_BAD_VER: |
| 350 str_version = "DTLS 1.0 (bad) "; | 364 str_version = "DTLS 1.0 (bad) "; |
| 351 break; | 365 break; |
| 366 default: |
| 367 str_version = "???"; |
| 352 } | 368 } |
| 353 | 369 |
| 354 if (version == SSL2_VERSION) | 370 if (version == SSL2_VERSION) |
| 355 { | 371 { |
| 356 str_details1 = "???"; | 372 str_details1 = "???"; |
| 357 | 373 |
| 358 if (len > 0) | 374 if (len > 0) |
| 359 { | 375 { |
| 360 switch (((const unsigned char*)buf)[0]) | 376 switch (((const unsigned char*)buf)[0]) |
| 361 { | 377 { |
| (...skipping 149 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 511 break; | 527 break; |
| 512 case 80: | 528 case 80: |
| 513 str_details2 = " internal_error"; | 529 str_details2 = " internal_error"; |
| 514 break; | 530 break; |
| 515 case 90: | 531 case 90: |
| 516 str_details2 = " user_canceled"; | 532 str_details2 = " user_canceled"; |
| 517 break; | 533 break; |
| 518 case 100: | 534 case 100: |
| 519 str_details2 = " no_renegotiation"; | 535 str_details2 = " no_renegotiation"; |
| 520 break; | 536 break; |
| 537 case 110: |
| 538 str_details2 = " unsupported_extension"; |
| 539 break; |
| 540 case 111: |
| 541 str_details2 = " certificate_unobtainabl
e"; |
| 542 break; |
| 543 case 112: |
| 544 str_details2 = " unrecognized_name"; |
| 545 break; |
| 546 case 113: |
| 547 str_details2 = " bad_certificate_status_
response"; |
| 548 break; |
| 549 case 114: |
| 550 str_details2 = " bad_certificate_hash_va
lue"; |
| 551 break; |
| 521 } | 552 } |
| 522 } | 553 } |
| 523 } | 554 } |
| 524 | 555 |
| 525 if (content_type == 22) /* Handshake */ | 556 if (content_type == 22) /* Handshake */ |
| 526 { | 557 { |
| 527 str_details1 = "???"; | 558 str_details1 = "???"; |
| 528 | 559 |
| 529 if (len > 0) | 560 if (len > 0) |
| 530 { | 561 { |
| 531 switch (((const unsigned char*)buf)[0]) | 562 switch (((const unsigned char*)buf)[0]) |
| 532 { | 563 { |
| 533 case 0: | 564 case 0: |
| 534 str_details1 = ", HelloRequest"; | 565 str_details1 = ", HelloRequest"; |
| 535 break; | 566 break; |
| 536 case 1: | 567 case 1: |
| 537 str_details1 = ", ClientHello"; | 568 str_details1 = ", ClientHello"; |
| 538 break; | 569 break; |
| 539 case 2: | 570 case 2: |
| 540 str_details1 = ", ServerHello"; | 571 str_details1 = ", ServerHello"; |
| 541 break; | 572 break; |
| 573 case 3: |
| 574 str_details1 = ", HelloVerifyRequest"; |
| 575 break; |
| 542 case 11: | 576 case 11: |
| 543 str_details1 = ", Certificate"; | 577 str_details1 = ", Certificate"; |
| 544 break; | 578 break; |
| 545 case 12: | 579 case 12: |
| 546 str_details1 = ", ServerKeyExchange"; | 580 str_details1 = ", ServerKeyExchange"; |
| 547 break; | 581 break; |
| 548 case 13: | 582 case 13: |
| 549 str_details1 = ", CertificateRequest"; | 583 str_details1 = ", CertificateRequest"; |
| 550 break; | 584 break; |
| 551 case 14: | 585 case 14: |
| 552 str_details1 = ", ServerHelloDone"; | 586 str_details1 = ", ServerHelloDone"; |
| 553 break; | 587 break; |
| 554 case 15: | 588 case 15: |
| 555 str_details1 = ", CertificateVerify"; | 589 str_details1 = ", CertificateVerify"; |
| 556 break; | 590 break; |
| 557 case 3: | |
| 558 str_details1 = ", HelloVerifyRequest"; | |
| 559 break; | |
| 560 case 16: | 591 case 16: |
| 561 str_details1 = ", ClientKeyExchange"; | 592 str_details1 = ", ClientKeyExchange"; |
| 562 break; | 593 break; |
| 563 case 20: | 594 case 20: |
| 564 str_details1 = ", Finished"; | 595 str_details1 = ", Finished"; |
| 565 break; | 596 break; |
| 566 } | 597 } |
| 567 } | 598 } |
| 568 } | 599 } |
| 569 } | 600 } |
| (...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 635 break; | 666 break; |
| 636 | 667 |
| 637 case TLSEXT_TYPE_session_ticket: | 668 case TLSEXT_TYPE_session_ticket: |
| 638 extname = "server ticket"; | 669 extname = "server ticket"; |
| 639 break; | 670 break; |
| 640 | 671 |
| 641 case TLSEXT_TYPE_renegotiate: | 672 case TLSEXT_TYPE_renegotiate: |
| 642 extname = "renegotiate"; | 673 extname = "renegotiate"; |
| 643 break; | 674 break; |
| 644 | 675 |
| 676 #ifdef TLSEXT_TYPE_opaque_prf_input |
| 677 case TLSEXT_TYPE_opaque_prf_input: |
| 678 extname = "opaque PRF input"; |
| 679 break; |
| 680 #endif |
| 681 |
| 645 default: | 682 default: |
| 646 extname = "unknown"; | 683 extname = "unknown"; |
| 647 break; | 684 break; |
| 648 | 685 |
| 649 } | 686 } |
| 650 | 687 |
| 651 BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n", | 688 BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n", |
| 652 client_server ? "server": "client", | 689 client_server ? "server": "client", |
| 653 extname, type, len); | 690 extname, type, len); |
| 654 BIO_dump(bio, (char *)data, len); | 691 BIO_dump(bio, (char *)data, len); |
| 655 (void)BIO_flush(bio); | 692 (void)BIO_flush(bio); |
| 656 } | 693 } |
| 657 | 694 |
| 658 int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsign
ed int *cookie_len) | 695 int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsign
ed int *cookie_len) |
| 659 { | 696 { |
| 660 unsigned char *buffer, result[EVP_MAX_MD_SIZE]; | 697 unsigned char *buffer, result[EVP_MAX_MD_SIZE]; |
| 661 unsigned int length, resultlength; | 698 unsigned int length, resultlength; |
| 662 » struct sockaddr_in peer; | 699 » union { |
| 663 » | 700 » » struct sockaddr sa; |
| 701 » » struct sockaddr_in s4; |
| 702 #if OPENSSL_USE_IPV6 |
| 703 » » struct sockaddr_in6 s6; |
| 704 #endif |
| 705 » } peer; |
| 706 |
| 664 /* Initialize a random secret */ | 707 /* Initialize a random secret */ |
| 665 if (!cookie_initialized) | 708 if (!cookie_initialized) |
| 666 { | 709 { |
| 667 if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) | 710 if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) |
| 668 { | 711 { |
| 669 BIO_printf(bio_err,"error setting random cookie secret\n
"); | 712 BIO_printf(bio_err,"error setting random cookie secret\n
"); |
| 670 return 0; | 713 return 0; |
| 671 } | 714 } |
| 672 cookie_initialized = 1; | 715 cookie_initialized = 1; |
| 673 } | 716 } |
| 674 | 717 |
| 675 /* Read peer information */ | 718 /* Read peer information */ |
| 676 (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); | 719 (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); |
| 677 | 720 |
| 678 /* Create buffer with peer's address and port */ | 721 /* Create buffer with peer's address and port */ |
| 679 » length = sizeof(peer.sin_addr); | 722 » length = 0; |
| 680 » length += sizeof(peer.sin_port); | 723 » switch (peer.sa.sa_family) |
| 724 » » { |
| 725 » case AF_INET: |
| 726 » » length += sizeof(struct in_addr); |
| 727 » » length += sizeof(peer.s4.sin_port); |
| 728 » » break; |
| 729 #if OPENSSL_USE_IPV6 |
| 730 » case AF_INET6: |
| 731 » » length += sizeof(struct in6_addr); |
| 732 » » length += sizeof(peer.s6.sin6_port); |
| 733 » » break; |
| 734 #endif |
| 735 » default: |
| 736 » » OPENSSL_assert(0); |
| 737 » » break; |
| 738 » » } |
| 681 buffer = OPENSSL_malloc(length); | 739 buffer = OPENSSL_malloc(length); |
| 682 | 740 |
| 683 if (buffer == NULL) | 741 if (buffer == NULL) |
| 684 { | 742 { |
| 685 BIO_printf(bio_err,"out of memory\n"); | 743 BIO_printf(bio_err,"out of memory\n"); |
| 686 return 0; | 744 return 0; |
| 687 } | 745 } |
| 688 » | 746 |
| 689 » memcpy(buffer, &peer.sin_addr, sizeof(peer.sin_addr)); | 747 » switch (peer.sa.sa_family) |
| 690 » memcpy(buffer + sizeof(peer.sin_addr), &peer.sin_port, sizeof(peer.sin_p
ort)); | 748 » » { |
| 749 » case AF_INET: |
| 750 » » memcpy(buffer, |
| 751 » » &peer.s4.sin_port, |
| 752 » » sizeof(peer.s4.sin_port)); |
| 753 » » memcpy(buffer + sizeof(peer.s4.sin_port), |
| 754 » » &peer.s4.sin_addr, |
| 755 » » sizeof(struct in_addr)); |
| 756 » » break; |
| 757 #if OPENSSL_USE_IPV6 |
| 758 » case AF_INET6: |
| 759 » » memcpy(buffer, |
| 760 » » &peer.s6.sin6_port, |
| 761 » » sizeof(peer.s6.sin6_port)); |
| 762 » » memcpy(buffer + sizeof(peer.s6.sin6_port), |
| 763 » » &peer.s6.sin6_addr, |
| 764 » » sizeof(struct in6_addr)); |
| 765 » » break; |
| 766 #endif |
| 767 » default: |
| 768 » » OPENSSL_assert(0); |
| 769 » » break; |
| 770 » » } |
| 691 | 771 |
| 692 /* Calculate HMAC of buffer using the secret */ | 772 /* Calculate HMAC of buffer using the secret */ |
| 693 HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, | 773 HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, |
| 694 buffer, length, result, &resultlength); | 774 buffer, length, result, &resultlength); |
| 695 OPENSSL_free(buffer); | 775 OPENSSL_free(buffer); |
| 696 | 776 |
| 697 memcpy(cookie, result, resultlength); | 777 memcpy(cookie, result, resultlength); |
| 698 *cookie_len = resultlength; | 778 *cookie_len = resultlength; |
| 699 | 779 |
| 700 return 1; | 780 return 1; |
| 701 } | 781 } |
| 702 | 782 |
| 703 int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned
int cookie_len) | 783 int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned
int cookie_len) |
| 704 { | 784 { |
| 705 unsigned char *buffer, result[EVP_MAX_MD_SIZE]; | 785 unsigned char *buffer, result[EVP_MAX_MD_SIZE]; |
| 706 unsigned int length, resultlength; | 786 unsigned int length, resultlength; |
| 707 » struct sockaddr_in peer; | 787 » union { |
| 708 » | 788 » » struct sockaddr sa; |
| 789 » » struct sockaddr_in s4; |
| 790 #if OPENSSL_USE_IPV6 |
| 791 » » struct sockaddr_in6 s6; |
| 792 #endif |
| 793 » } peer; |
| 794 |
| 709 /* If secret isn't initialized yet, the cookie can't be valid */ | 795 /* If secret isn't initialized yet, the cookie can't be valid */ |
| 710 if (!cookie_initialized) | 796 if (!cookie_initialized) |
| 711 return 0; | 797 return 0; |
| 712 | 798 |
| 713 /* Read peer information */ | 799 /* Read peer information */ |
| 714 (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); | 800 (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); |
| 715 | 801 |
| 716 /* Create buffer with peer's address and port */ | 802 /* Create buffer with peer's address and port */ |
| 717 » length = sizeof(peer.sin_addr); | 803 » length = 0; |
| 718 » length += sizeof(peer.sin_port); | 804 » switch (peer.sa.sa_family) |
| 719 » buffer = (unsigned char*) OPENSSL_malloc(length); | 805 » » { |
| 806 » case AF_INET: |
| 807 » » length += sizeof(struct in_addr); |
| 808 » » length += sizeof(peer.s4.sin_port); |
| 809 » » break; |
| 810 #if OPENSSL_USE_IPV6 |
| 811 » case AF_INET6: |
| 812 » » length += sizeof(struct in6_addr); |
| 813 » » length += sizeof(peer.s6.sin6_port); |
| 814 » » break; |
| 815 #endif |
| 816 » default: |
| 817 » » OPENSSL_assert(0); |
| 818 » » break; |
| 819 » » } |
| 820 » buffer = OPENSSL_malloc(length); |
| 720 | 821 |
| 721 if (buffer == NULL) | 822 if (buffer == NULL) |
| 722 { | 823 { |
| 723 BIO_printf(bio_err,"out of memory\n"); | 824 BIO_printf(bio_err,"out of memory\n"); |
| 724 return 0; | 825 return 0; |
| 725 } | 826 } |
| 726 » | 827 |
| 727 » memcpy(buffer, &peer.sin_addr, sizeof(peer.sin_addr)); | 828 » switch (peer.sa.sa_family) |
| 728 » memcpy(buffer + sizeof(peer.sin_addr), &peer.sin_port, sizeof(peer.sin_p
ort)); | 829 » » { |
| 830 » case AF_INET: |
| 831 » » memcpy(buffer, |
| 832 » » &peer.s4.sin_port, |
| 833 » » sizeof(peer.s4.sin_port)); |
| 834 » » memcpy(buffer + sizeof(peer.s4.sin_port), |
| 835 » » &peer.s4.sin_addr, |
| 836 » » sizeof(struct in_addr)); |
| 837 » » break; |
| 838 #if OPENSSL_USE_IPV6 |
| 839 » case AF_INET6: |
| 840 » » memcpy(buffer, |
| 841 » » &peer.s6.sin6_port, |
| 842 » » sizeof(peer.s6.sin6_port)); |
| 843 » » memcpy(buffer + sizeof(peer.s6.sin6_port), |
| 844 » » &peer.s6.sin6_addr, |
| 845 » » sizeof(struct in6_addr)); |
| 846 » » break; |
| 847 #endif |
| 848 » default: |
| 849 » » OPENSSL_assert(0); |
| 850 » » break; |
| 851 » » } |
| 729 | 852 |
| 730 /* Calculate HMAC of buffer using the secret */ | 853 /* Calculate HMAC of buffer using the secret */ |
| 731 HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, | 854 HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, |
| 732 buffer, length, result, &resultlength); | 855 buffer, length, result, &resultlength); |
| 733 OPENSSL_free(buffer); | 856 OPENSSL_free(buffer); |
| 734 » | 857 |
| 735 if (cookie_len == resultlength && memcmp(result, cookie, resultlength) =
= 0) | 858 if (cookie_len == resultlength && memcmp(result, cookie, resultlength) =
= 0) |
| 736 return 1; | 859 return 1; |
| 737 | 860 |
| 738 return 0; | 861 return 0; |
| 739 } | 862 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9254031:
Upgrade chrome's OpenSSL to same version Android ships with. (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/