OLD | NEW |
1 /* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */ | 1 /* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */ |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 * All rights reserved. | 3 * All rights reserved. |
4 * | 4 * |
5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
8 * | 8 * |
9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
51 * SUCH DAMAGE. | 51 * SUCH DAMAGE. |
52 * | 52 * |
53 * The licence and distribution terms for any publically available version or | 53 * The licence and distribution terms for any publically available version or |
54 * derivative of this code cannot be changed. i.e. this code cannot simply be | 54 * derivative of this code cannot be changed. i.e. this code cannot simply be |
55 * copied and put under another distribution licence | 55 * copied and put under another distribution licence |
56 * [including the GNU Public Licence.] | 56 * [including the GNU Public Licence.] |
57 */ | 57 */ |
58 /* ==================================================================== | 58 /* ==================================================================== |
59 * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | 59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. |
60 * | 60 * |
61 * Redistribution and use in source and binary forms, with or without | 61 * Redistribution and use in source and binary forms, with or without |
62 * modification, are permitted provided that the following conditions | 62 * modification, are permitted provided that the following conditions |
63 * are met: | 63 * are met: |
64 * | 64 * |
65 * 1. Redistributions of source code must retain the above copyright | 65 * 1. Redistributions of source code must retain the above copyright |
66 * notice, this list of conditions and the following disclaimer. | 66 * notice, this list of conditions and the following disclaimer. |
67 * | 67 * |
68 * 2. Redistributions in binary form must reproduce the above copyright | 68 * 2. Redistributions in binary form must reproduce the above copyright |
69 * notice, this list of conditions and the following disclaimer in | 69 * notice, this list of conditions and the following disclaimer in |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
119 #include <openssl/err.h> | 119 #include <openssl/err.h> |
120 #include <openssl/rand.h> | 120 #include <openssl/rand.h> |
121 #include <openssl/x509.h> | 121 #include <openssl/x509.h> |
122 #include <openssl/ssl.h> | 122 #include <openssl/ssl.h> |
123 #include "s_apps.h" | 123 #include "s_apps.h" |
124 | 124 |
125 #define COOKIE_SECRET_LENGTH 16 | 125 #define COOKIE_SECRET_LENGTH 16 |
126 | 126 |
127 int verify_depth=0; | 127 int verify_depth=0; |
128 int verify_error=X509_V_OK; | 128 int verify_error=X509_V_OK; |
| 129 int verify_return_error=0; |
129 unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; | 130 unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; |
130 int cookie_initialized=0; | 131 int cookie_initialized=0; |
131 | 132 |
132 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) | 133 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) |
133 { | 134 { |
134 char buf[256]; | |
135 X509 *err_cert; | 135 X509 *err_cert; |
136 int err,depth; | 136 int err,depth; |
137 | 137 |
138 err_cert=X509_STORE_CTX_get_current_cert(ctx); | 138 err_cert=X509_STORE_CTX_get_current_cert(ctx); |
139 err= X509_STORE_CTX_get_error(ctx); | 139 err= X509_STORE_CTX_get_error(ctx); |
140 depth= X509_STORE_CTX_get_error_depth(ctx); | 140 depth= X509_STORE_CTX_get_error_depth(ctx); |
141 | 141 |
142 » X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof buf); | 142 » BIO_printf(bio_err,"depth=%d ",depth); |
143 » BIO_printf(bio_err,"depth=%d %s\n",depth,buf); | 143 » if (err_cert) |
| 144 » » { |
| 145 » » X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert), |
| 146 » » » » » 0, XN_FLAG_ONELINE); |
| 147 » » BIO_puts(bio_err, "\n"); |
| 148 » » } |
| 149 » else |
| 150 » » BIO_puts(bio_err, "<no cert>\n"); |
144 if (!ok) | 151 if (!ok) |
145 { | 152 { |
146 BIO_printf(bio_err,"verify error:num=%d:%s\n",err, | 153 BIO_printf(bio_err,"verify error:num=%d:%s\n",err, |
147 X509_verify_cert_error_string(err)); | 154 X509_verify_cert_error_string(err)); |
148 if (verify_depth >= depth) | 155 if (verify_depth >= depth) |
149 { | 156 { |
150 » » » ok=1; | 157 » » » if (!verify_return_error) |
| 158 » » » » ok=1; |
151 verify_error=X509_V_OK; | 159 verify_error=X509_V_OK; |
152 } | 160 } |
153 else | 161 else |
154 { | 162 { |
155 ok=0; | 163 ok=0; |
156 verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG; | 164 verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG; |
157 } | 165 } |
158 } | 166 } |
159 » switch (ctx->error) | 167 » switch (err) |
160 { | 168 { |
161 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: | 169 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: |
162 » » X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,si
zeof buf); | 170 » » BIO_puts(bio_err,"issuer= "); |
163 » » BIO_printf(bio_err,"issuer= %s\n",buf); | 171 » » X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), |
| 172 » » » » » 0, XN_FLAG_ONELINE); |
| 173 » » BIO_puts(bio_err, "\n"); |
164 break; | 174 break; |
165 case X509_V_ERR_CERT_NOT_YET_VALID: | 175 case X509_V_ERR_CERT_NOT_YET_VALID: |
166 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: | 176 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: |
167 BIO_printf(bio_err,"notBefore="); | 177 BIO_printf(bio_err,"notBefore="); |
168 » » ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert)); | 178 » » ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert)); |
169 BIO_printf(bio_err,"\n"); | 179 BIO_printf(bio_err,"\n"); |
170 break; | 180 break; |
171 case X509_V_ERR_CERT_HAS_EXPIRED: | 181 case X509_V_ERR_CERT_HAS_EXPIRED: |
172 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: | 182 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: |
173 BIO_printf(bio_err,"notAfter="); | 183 BIO_printf(bio_err,"notAfter="); |
174 » » ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert)); | 184 » » ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert)); |
175 BIO_printf(bio_err,"\n"); | 185 BIO_printf(bio_err,"\n"); |
176 break; | 186 break; |
| 187 case X509_V_ERR_NO_EXPLICIT_POLICY: |
| 188 policies_print(bio_err, ctx); |
| 189 break; |
177 } | 190 } |
| 191 if (err == X509_V_OK && ok == 2) |
| 192 policies_print(bio_err, ctx); |
| 193 |
178 BIO_printf(bio_err,"verify return:%d\n",ok); | 194 BIO_printf(bio_err,"verify return:%d\n",ok); |
179 return(ok); | 195 return(ok); |
180 } | 196 } |
181 | 197 |
182 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) | 198 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) |
183 { | 199 { |
184 if (cert_file != NULL) | 200 if (cert_file != NULL) |
185 { | 201 { |
186 /* | 202 /* |
187 SSL *ssl; | 203 SSL *ssl; |
(...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
256 * the SSL context */ | 272 * the SSL context */ |
257 if (!SSL_CTX_check_private_key(ctx)) | 273 if (!SSL_CTX_check_private_key(ctx)) |
258 { | 274 { |
259 BIO_printf(bio_err,"Private key does not match the certificate p
ublic key\n"); | 275 BIO_printf(bio_err,"Private key does not match the certificate p
ublic key\n"); |
260 return 0; | 276 return 0; |
261 } | 277 } |
262 return 1; | 278 return 1; |
263 } | 279 } |
264 | 280 |
265 long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, | 281 long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, |
266 » int argi, long argl, long ret) | 282 » » » » int argi, long argl, long ret) |
267 { | 283 { |
268 BIO *out; | 284 BIO *out; |
269 | 285 |
270 out=(BIO *)BIO_get_callback_arg(bio); | 286 out=(BIO *)BIO_get_callback_arg(bio); |
271 if (out == NULL) return(ret); | 287 if (out == NULL) return(ret); |
272 | 288 |
273 if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) | 289 if (cmd == (BIO_CB_READ|BIO_CB_RETURN)) |
274 { | 290 { |
275 » » BIO_printf(out,"read from %p [%p] (%d bytes => %ld (0x%lX))\n", | 291 » » BIO_printf(out,"read from %p [%p] (%lu bytes => %ld (0x%lX))\n", |
276 » » » (void *)bio,argp,argi,ret,ret); | 292 » » » (void *)bio,argp,(unsigned long)argi,ret,ret); |
277 BIO_dump(out,argp,(int)ret); | 293 BIO_dump(out,argp,(int)ret); |
278 return(ret); | 294 return(ret); |
279 } | 295 } |
280 else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) | 296 else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN)) |
281 { | 297 { |
282 » » BIO_printf(out,"write to %p [%p] (%d bytes => %ld (0x%lX))\n", | 298 » » BIO_printf(out,"write to %p [%p] (%lu bytes => %ld (0x%lX))\n", |
283 » » » (void *)bio,argp,argi,ret,ret); | 299 » » » (void *)bio,argp,(unsigned long)argi,ret,ret); |
284 BIO_dump(out,argp,(int)ret); | 300 BIO_dump(out,argp,(int)ret); |
285 } | 301 } |
286 return(ret); | 302 return(ret); |
287 } | 303 } |
288 | 304 |
289 void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret) | 305 void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret) |
290 { | 306 { |
291 const char *str; | 307 const char *str; |
292 int w; | 308 int w; |
293 | 309 |
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
334 { | 350 { |
335 case SSL2_VERSION: | 351 case SSL2_VERSION: |
336 str_version = "SSL 2.0"; | 352 str_version = "SSL 2.0"; |
337 break; | 353 break; |
338 case SSL3_VERSION: | 354 case SSL3_VERSION: |
339 str_version = "SSL 3.0 "; | 355 str_version = "SSL 3.0 "; |
340 break; | 356 break; |
341 case TLS1_VERSION: | 357 case TLS1_VERSION: |
342 str_version = "TLS 1.0 "; | 358 str_version = "TLS 1.0 "; |
343 break; | 359 break; |
344 default: | |
345 str_version = "???"; | |
346 case DTLS1_VERSION: | 360 case DTLS1_VERSION: |
347 str_version = "DTLS 1.0 "; | 361 str_version = "DTLS 1.0 "; |
348 break; | 362 break; |
349 case DTLS1_BAD_VER: | 363 case DTLS1_BAD_VER: |
350 str_version = "DTLS 1.0 (bad) "; | 364 str_version = "DTLS 1.0 (bad) "; |
351 break; | 365 break; |
| 366 default: |
| 367 str_version = "???"; |
352 } | 368 } |
353 | 369 |
354 if (version == SSL2_VERSION) | 370 if (version == SSL2_VERSION) |
355 { | 371 { |
356 str_details1 = "???"; | 372 str_details1 = "???"; |
357 | 373 |
358 if (len > 0) | 374 if (len > 0) |
359 { | 375 { |
360 switch (((const unsigned char*)buf)[0]) | 376 switch (((const unsigned char*)buf)[0]) |
361 { | 377 { |
(...skipping 149 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
511 break; | 527 break; |
512 case 80: | 528 case 80: |
513 str_details2 = " internal_error"; | 529 str_details2 = " internal_error"; |
514 break; | 530 break; |
515 case 90: | 531 case 90: |
516 str_details2 = " user_canceled"; | 532 str_details2 = " user_canceled"; |
517 break; | 533 break; |
518 case 100: | 534 case 100: |
519 str_details2 = " no_renegotiation"; | 535 str_details2 = " no_renegotiation"; |
520 break; | 536 break; |
| 537 case 110: |
| 538 str_details2 = " unsupported_extension"; |
| 539 break; |
| 540 case 111: |
| 541 str_details2 = " certificate_unobtainabl
e"; |
| 542 break; |
| 543 case 112: |
| 544 str_details2 = " unrecognized_name"; |
| 545 break; |
| 546 case 113: |
| 547 str_details2 = " bad_certificate_status_
response"; |
| 548 break; |
| 549 case 114: |
| 550 str_details2 = " bad_certificate_hash_va
lue"; |
| 551 break; |
521 } | 552 } |
522 } | 553 } |
523 } | 554 } |
524 | 555 |
525 if (content_type == 22) /* Handshake */ | 556 if (content_type == 22) /* Handshake */ |
526 { | 557 { |
527 str_details1 = "???"; | 558 str_details1 = "???"; |
528 | 559 |
529 if (len > 0) | 560 if (len > 0) |
530 { | 561 { |
531 switch (((const unsigned char*)buf)[0]) | 562 switch (((const unsigned char*)buf)[0]) |
532 { | 563 { |
533 case 0: | 564 case 0: |
534 str_details1 = ", HelloRequest"; | 565 str_details1 = ", HelloRequest"; |
535 break; | 566 break; |
536 case 1: | 567 case 1: |
537 str_details1 = ", ClientHello"; | 568 str_details1 = ", ClientHello"; |
538 break; | 569 break; |
539 case 2: | 570 case 2: |
540 str_details1 = ", ServerHello"; | 571 str_details1 = ", ServerHello"; |
541 break; | 572 break; |
| 573 case 3: |
| 574 str_details1 = ", HelloVerifyRequest"; |
| 575 break; |
542 case 11: | 576 case 11: |
543 str_details1 = ", Certificate"; | 577 str_details1 = ", Certificate"; |
544 break; | 578 break; |
545 case 12: | 579 case 12: |
546 str_details1 = ", ServerKeyExchange"; | 580 str_details1 = ", ServerKeyExchange"; |
547 break; | 581 break; |
548 case 13: | 582 case 13: |
549 str_details1 = ", CertificateRequest"; | 583 str_details1 = ", CertificateRequest"; |
550 break; | 584 break; |
551 case 14: | 585 case 14: |
552 str_details1 = ", ServerHelloDone"; | 586 str_details1 = ", ServerHelloDone"; |
553 break; | 587 break; |
554 case 15: | 588 case 15: |
555 str_details1 = ", CertificateVerify"; | 589 str_details1 = ", CertificateVerify"; |
556 break; | 590 break; |
557 case 3: | |
558 str_details1 = ", HelloVerifyRequest"; | |
559 break; | |
560 case 16: | 591 case 16: |
561 str_details1 = ", ClientKeyExchange"; | 592 str_details1 = ", ClientKeyExchange"; |
562 break; | 593 break; |
563 case 20: | 594 case 20: |
564 str_details1 = ", Finished"; | 595 str_details1 = ", Finished"; |
565 break; | 596 break; |
566 } | 597 } |
567 } | 598 } |
568 } | 599 } |
569 } | 600 } |
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
635 break; | 666 break; |
636 | 667 |
637 case TLSEXT_TYPE_session_ticket: | 668 case TLSEXT_TYPE_session_ticket: |
638 extname = "server ticket"; | 669 extname = "server ticket"; |
639 break; | 670 break; |
640 | 671 |
641 case TLSEXT_TYPE_renegotiate: | 672 case TLSEXT_TYPE_renegotiate: |
642 extname = "renegotiate"; | 673 extname = "renegotiate"; |
643 break; | 674 break; |
644 | 675 |
| 676 #ifdef TLSEXT_TYPE_opaque_prf_input |
| 677 case TLSEXT_TYPE_opaque_prf_input: |
| 678 extname = "opaque PRF input"; |
| 679 break; |
| 680 #endif |
| 681 |
645 default: | 682 default: |
646 extname = "unknown"; | 683 extname = "unknown"; |
647 break; | 684 break; |
648 | 685 |
649 } | 686 } |
650 | 687 |
651 BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n", | 688 BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n", |
652 client_server ? "server": "client", | 689 client_server ? "server": "client", |
653 extname, type, len); | 690 extname, type, len); |
654 BIO_dump(bio, (char *)data, len); | 691 BIO_dump(bio, (char *)data, len); |
655 (void)BIO_flush(bio); | 692 (void)BIO_flush(bio); |
656 } | 693 } |
657 | 694 |
658 int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsign
ed int *cookie_len) | 695 int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsign
ed int *cookie_len) |
659 { | 696 { |
660 unsigned char *buffer, result[EVP_MAX_MD_SIZE]; | 697 unsigned char *buffer, result[EVP_MAX_MD_SIZE]; |
661 unsigned int length, resultlength; | 698 unsigned int length, resultlength; |
662 » struct sockaddr_in peer; | 699 » union { |
663 » | 700 » » struct sockaddr sa; |
| 701 » » struct sockaddr_in s4; |
| 702 #if OPENSSL_USE_IPV6 |
| 703 » » struct sockaddr_in6 s6; |
| 704 #endif |
| 705 » } peer; |
| 706 |
664 /* Initialize a random secret */ | 707 /* Initialize a random secret */ |
665 if (!cookie_initialized) | 708 if (!cookie_initialized) |
666 { | 709 { |
667 if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) | 710 if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) |
668 { | 711 { |
669 BIO_printf(bio_err,"error setting random cookie secret\n
"); | 712 BIO_printf(bio_err,"error setting random cookie secret\n
"); |
670 return 0; | 713 return 0; |
671 } | 714 } |
672 cookie_initialized = 1; | 715 cookie_initialized = 1; |
673 } | 716 } |
674 | 717 |
675 /* Read peer information */ | 718 /* Read peer information */ |
676 (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); | 719 (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); |
677 | 720 |
678 /* Create buffer with peer's address and port */ | 721 /* Create buffer with peer's address and port */ |
679 » length = sizeof(peer.sin_addr); | 722 » length = 0; |
680 » length += sizeof(peer.sin_port); | 723 » switch (peer.sa.sa_family) |
| 724 » » { |
| 725 » case AF_INET: |
| 726 » » length += sizeof(struct in_addr); |
| 727 » » length += sizeof(peer.s4.sin_port); |
| 728 » » break; |
| 729 #if OPENSSL_USE_IPV6 |
| 730 » case AF_INET6: |
| 731 » » length += sizeof(struct in6_addr); |
| 732 » » length += sizeof(peer.s6.sin6_port); |
| 733 » » break; |
| 734 #endif |
| 735 » default: |
| 736 » » OPENSSL_assert(0); |
| 737 » » break; |
| 738 » » } |
681 buffer = OPENSSL_malloc(length); | 739 buffer = OPENSSL_malloc(length); |
682 | 740 |
683 if (buffer == NULL) | 741 if (buffer == NULL) |
684 { | 742 { |
685 BIO_printf(bio_err,"out of memory\n"); | 743 BIO_printf(bio_err,"out of memory\n"); |
686 return 0; | 744 return 0; |
687 } | 745 } |
688 » | 746 |
689 » memcpy(buffer, &peer.sin_addr, sizeof(peer.sin_addr)); | 747 » switch (peer.sa.sa_family) |
690 » memcpy(buffer + sizeof(peer.sin_addr), &peer.sin_port, sizeof(peer.sin_p
ort)); | 748 » » { |
| 749 » case AF_INET: |
| 750 » » memcpy(buffer, |
| 751 » » &peer.s4.sin_port, |
| 752 » » sizeof(peer.s4.sin_port)); |
| 753 » » memcpy(buffer + sizeof(peer.s4.sin_port), |
| 754 » » &peer.s4.sin_addr, |
| 755 » » sizeof(struct in_addr)); |
| 756 » » break; |
| 757 #if OPENSSL_USE_IPV6 |
| 758 » case AF_INET6: |
| 759 » » memcpy(buffer, |
| 760 » » &peer.s6.sin6_port, |
| 761 » » sizeof(peer.s6.sin6_port)); |
| 762 » » memcpy(buffer + sizeof(peer.s6.sin6_port), |
| 763 » » &peer.s6.sin6_addr, |
| 764 » » sizeof(struct in6_addr)); |
| 765 » » break; |
| 766 #endif |
| 767 » default: |
| 768 » » OPENSSL_assert(0); |
| 769 » » break; |
| 770 » » } |
691 | 771 |
692 /* Calculate HMAC of buffer using the secret */ | 772 /* Calculate HMAC of buffer using the secret */ |
693 HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, | 773 HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, |
694 buffer, length, result, &resultlength); | 774 buffer, length, result, &resultlength); |
695 OPENSSL_free(buffer); | 775 OPENSSL_free(buffer); |
696 | 776 |
697 memcpy(cookie, result, resultlength); | 777 memcpy(cookie, result, resultlength); |
698 *cookie_len = resultlength; | 778 *cookie_len = resultlength; |
699 | 779 |
700 return 1; | 780 return 1; |
701 } | 781 } |
702 | 782 |
703 int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned
int cookie_len) | 783 int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned
int cookie_len) |
704 { | 784 { |
705 unsigned char *buffer, result[EVP_MAX_MD_SIZE]; | 785 unsigned char *buffer, result[EVP_MAX_MD_SIZE]; |
706 unsigned int length, resultlength; | 786 unsigned int length, resultlength; |
707 » struct sockaddr_in peer; | 787 » union { |
708 » | 788 » » struct sockaddr sa; |
| 789 » » struct sockaddr_in s4; |
| 790 #if OPENSSL_USE_IPV6 |
| 791 » » struct sockaddr_in6 s6; |
| 792 #endif |
| 793 » } peer; |
| 794 |
709 /* If secret isn't initialized yet, the cookie can't be valid */ | 795 /* If secret isn't initialized yet, the cookie can't be valid */ |
710 if (!cookie_initialized) | 796 if (!cookie_initialized) |
711 return 0; | 797 return 0; |
712 | 798 |
713 /* Read peer information */ | 799 /* Read peer information */ |
714 (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); | 800 (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer); |
715 | 801 |
716 /* Create buffer with peer's address and port */ | 802 /* Create buffer with peer's address and port */ |
717 » length = sizeof(peer.sin_addr); | 803 » length = 0; |
718 » length += sizeof(peer.sin_port); | 804 » switch (peer.sa.sa_family) |
719 » buffer = (unsigned char*) OPENSSL_malloc(length); | 805 » » { |
| 806 » case AF_INET: |
| 807 » » length += sizeof(struct in_addr); |
| 808 » » length += sizeof(peer.s4.sin_port); |
| 809 » » break; |
| 810 #if OPENSSL_USE_IPV6 |
| 811 » case AF_INET6: |
| 812 » » length += sizeof(struct in6_addr); |
| 813 » » length += sizeof(peer.s6.sin6_port); |
| 814 » » break; |
| 815 #endif |
| 816 » default: |
| 817 » » OPENSSL_assert(0); |
| 818 » » break; |
| 819 » » } |
| 820 » buffer = OPENSSL_malloc(length); |
720 | 821 |
721 if (buffer == NULL) | 822 if (buffer == NULL) |
722 { | 823 { |
723 BIO_printf(bio_err,"out of memory\n"); | 824 BIO_printf(bio_err,"out of memory\n"); |
724 return 0; | 825 return 0; |
725 } | 826 } |
726 » | 827 |
727 » memcpy(buffer, &peer.sin_addr, sizeof(peer.sin_addr)); | 828 » switch (peer.sa.sa_family) |
728 » memcpy(buffer + sizeof(peer.sin_addr), &peer.sin_port, sizeof(peer.sin_p
ort)); | 829 » » { |
| 830 » case AF_INET: |
| 831 » » memcpy(buffer, |
| 832 » » &peer.s4.sin_port, |
| 833 » » sizeof(peer.s4.sin_port)); |
| 834 » » memcpy(buffer + sizeof(peer.s4.sin_port), |
| 835 » » &peer.s4.sin_addr, |
| 836 » » sizeof(struct in_addr)); |
| 837 » » break; |
| 838 #if OPENSSL_USE_IPV6 |
| 839 » case AF_INET6: |
| 840 » » memcpy(buffer, |
| 841 » » &peer.s6.sin6_port, |
| 842 » » sizeof(peer.s6.sin6_port)); |
| 843 » » memcpy(buffer + sizeof(peer.s6.sin6_port), |
| 844 » » &peer.s6.sin6_addr, |
| 845 » » sizeof(struct in6_addr)); |
| 846 » » break; |
| 847 #endif |
| 848 » default: |
| 849 » » OPENSSL_assert(0); |
| 850 » » break; |
| 851 » » } |
729 | 852 |
730 /* Calculate HMAC of buffer using the secret */ | 853 /* Calculate HMAC of buffer using the secret */ |
731 HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, | 854 HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, |
732 buffer, length, result, &resultlength); | 855 buffer, length, result, &resultlength); |
733 OPENSSL_free(buffer); | 856 OPENSSL_free(buffer); |
734 » | 857 |
735 if (cookie_len == resultlength && memcmp(result, cookie, resultlength) =
= 0) | 858 if (cookie_len == resultlength && memcmp(result, cookie, resultlength) =
= 0) |
736 return 1; | 859 return 1; |
737 | 860 |
738 return 0; | 861 return 0; |
739 } | 862 } |
OLD | NEW |