1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
56 */
57 /* ====================================================================
58 * Copyright 2005 Nokia. All rights reserved.
59 *
60 * The portions of the attached software ("Contribution") is developed by
61 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
62 * license.
63 *
64 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
65 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
66 * support (see RFC 4279) to OpenSSL.
67 *
68 * No patent licenses or other rights except those expressly stated in
69 * the OpenSSL open source license shall be deemed granted or received
70 * expressly, by implication, estoppel, or otherwise.
71 *
72 * No assurances are provided by Nokia that the Contribution does not
73 * infringe the patent or other intellectual property rights of any third
74 * party or that the license provides you with all the necessary rights
75 * to make use of the Contribution.
76 *
77 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
78 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
79 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
80 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
81 * OTHERWISE.
82 */
83
84 #include <openssl/ssl.h>
85
86 #include <assert.h>
87
88 #include "internal.h"
89
90
ssl_state(const SSL * ssl)91 static int ssl_state(const SSL *ssl) {
92 if (ssl->s3->hs == NULL) {
93 assert(ssl->s3->initial_handshake_complete);
94 return SSL_ST_OK;
95 }
96
97 return ssl->s3->hs->state;
98 }
99
SSL_state_string_long(const SSL * ssl)100 const char *SSL_state_string_long(const SSL *ssl) {
101 switch (ssl_state(ssl)) {
102 case SSL_ST_ACCEPT:
103 return "before accept initialization";
104
105 case SSL_ST_CONNECT:
106 return "before connect initialization";
107
108 case SSL_ST_OK:
109 return "SSL negotiation finished successfully";
110
111 case SSL_ST_RENEGOTIATE:
112 return "SSL renegotiate ciphers";
113
114 /* SSLv3 additions */
115 case SSL3_ST_CW_CLNT_HELLO_A:
116 return "SSLv3 write client hello A";
117
118 case SSL3_ST_CR_SRVR_HELLO_A:
119 return "SSLv3 read server hello A";
120
121 case SSL3_ST_CR_CERT_A:
122 return "SSLv3 read server certificate A";
123
124 case SSL3_ST_CR_KEY_EXCH_A:
125 return "SSLv3 read server key exchange A";
126
127 case SSL3_ST_CR_CERT_REQ_A:
128 return "SSLv3 read server certificate request A";
129
130 case SSL3_ST_CR_SESSION_TICKET_A:
131 return "SSLv3 read server session ticket A";
132
133 case SSL3_ST_CR_SRVR_DONE_A:
134 return "SSLv3 read server done A";
135
136 case SSL3_ST_CW_CERT_A:
137 return "SSLv3 write client certificate A";
138
139 case SSL3_ST_CW_KEY_EXCH_A:
140 return "SSLv3 write client key exchange A";
141
142 case SSL3_ST_CW_CERT_VRFY_A:
143 return "SSLv3 write certificate verify A";
144
145 case SSL3_ST_CW_CHANGE:
146 return "SSLv3 write change cipher spec";
147
148 case SSL3_ST_CW_FINISHED_A:
149 case SSL3_ST_SW_FINISHED_A:
150 return "SSLv3 write finished A";
151
152 case SSL3_ST_CR_CHANGE:
153 case SSL3_ST_SR_CHANGE:
154 return "SSLv3 read change cipher spec";
155
156 case SSL3_ST_CR_FINISHED_A:
157 case SSL3_ST_SR_FINISHED_A:
158 return "SSLv3 read finished A";
159
160 case SSL3_ST_CW_FLUSH:
161 case SSL3_ST_SW_FLUSH:
162 return "SSLv3 flush data";
163
164 case SSL3_ST_SR_CLNT_HELLO_A:
165 return "SSLv3 read client hello A";
166
167 case SSL3_ST_SR_CLNT_HELLO_B:
168 return "SSLv3 read client hello B";
169
170 case SSL3_ST_SR_CLNT_HELLO_C:
171 return "SSLv3 read client hello C";
172
173 case SSL3_ST_SW_SRVR_HELLO_A:
174 return "SSLv3 write server hello A";
175
176 case SSL3_ST_SW_CERT_A:
177 return "SSLv3 write certificate A";
178
179 case SSL3_ST_SW_KEY_EXCH_A:
180 return "SSLv3 write key exchange A";
181
182 case SSL3_ST_SW_SRVR_DONE_A:
183 return "SSLv3 write server done A";
184
185 case SSL3_ST_SR_CERT_A:
186 return "SSLv3 read client certificate A";
187
188 case SSL3_ST_SR_KEY_EXCH_A:
189 return "SSLv3 read client key exchange A";
190
191 case SSL3_ST_SR_KEY_EXCH_B:
192 return "SSLv3 read client key exchange B";
193
194 case SSL3_ST_SR_CERT_VRFY_A:
195 return "SSLv3 read certificate verify A";
196
197 /* DTLS */
198 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
199 return "DTLS1 read hello verify request A";
200
201 default:
202 return "unknown state";
203 }
204 }
205
SSL_state_string(const SSL * ssl)206 const char *SSL_state_string(const SSL *ssl) {
207 switch (ssl_state(ssl)) {
208 case SSL_ST_ACCEPT:
209 return "AINIT ";
210
211 case SSL_ST_CONNECT:
212 return "CINIT ";
213
214 case SSL_ST_OK:
215 return "SSLOK ";
216
217 /* SSLv3 additions */
218 case SSL3_ST_SW_FLUSH:
219 case SSL3_ST_CW_FLUSH:
220 return "3FLUSH";
221
222 case SSL3_ST_CW_CLNT_HELLO_A:
223 return "3WCH_A";
224
225 case SSL3_ST_CR_SRVR_HELLO_A:
226 return "3RSH_A";
227
228 case SSL3_ST_CR_CERT_A:
229 return "3RSC_A";
230
231 case SSL3_ST_CR_KEY_EXCH_A:
232 return "3RSKEA";
233
234 case SSL3_ST_CR_CERT_REQ_A:
235 return "3RCR_A";
236
237 case SSL3_ST_CR_SRVR_DONE_A:
238 return "3RSD_A";
239
240 case SSL3_ST_CW_CERT_A:
241 return "3WCC_A";
242
243 case SSL3_ST_CW_KEY_EXCH_A:
244 return "3WCKEA";
245
246 case SSL3_ST_CW_CERT_VRFY_A:
247 return "3WCV_A";
248
249 case SSL3_ST_CW_CHANGE:
250 return "3WCCS_";
251
252 case SSL3_ST_SW_FINISHED_A:
253 case SSL3_ST_CW_FINISHED_A:
254 return "3WFINA";
255
256 case SSL3_ST_CR_CHANGE:
257 case SSL3_ST_SR_CHANGE:
258 return "3RCCS_";
259
260 case SSL3_ST_SR_FINISHED_A:
261 case SSL3_ST_CR_FINISHED_A:
262 return "3RFINA";
263
264 case SSL3_ST_SR_CLNT_HELLO_A:
265 return "3RCH_A";
266
267 case SSL3_ST_SR_CLNT_HELLO_B:
268 return "3RCH_B";
269
270 case SSL3_ST_SR_CLNT_HELLO_C:
271 return "3RCH_C";
272
273 case SSL3_ST_SW_SRVR_HELLO_A:
274 return "3WSH_A";
275
276 case SSL3_ST_SW_CERT_A:
277 return "3WSC_A";
278
279 case SSL3_ST_SW_KEY_EXCH_A:
280 return "3WSKEA";
281
282 case SSL3_ST_SW_SRVR_DONE_A:
283 return "3WSD_A";
284
285 case SSL3_ST_SR_CERT_A:
286 return "3RCC_A";
287
288 case SSL3_ST_SR_KEY_EXCH_A:
289 return "3RCKEA";
290
291 case SSL3_ST_SR_CERT_VRFY_A:
292 return "3RCV_A";
293
294 /* DTLS */
295 case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
296 return "DRCHVA";
297
298 default:
299 return "UNKWN ";
300 }
301 }
302
SSL_alert_type_string_long(int value)303 const char *SSL_alert_type_string_long(int value) {
304 value >>= 8;
305 if (value == SSL3_AL_WARNING) {
306 return "warning";
307 } else if (value == SSL3_AL_FATAL) {
308 return "fatal";
309 }
310
311 return "unknown";
312 }
313
SSL_alert_type_string(int value)314 const char *SSL_alert_type_string(int value) {
315 return "!";
316 }
317
SSL_alert_desc_string(int value)318 const char *SSL_alert_desc_string(int value) {
319 return "!!";
320 }
321
SSL_alert_desc_string_long(int value)322 const char *SSL_alert_desc_string_long(int value) {
323 switch (value & 0xff) {
324 case SSL3_AD_CLOSE_NOTIFY:
325 return "close notify";
326
327 case SSL3_AD_UNEXPECTED_MESSAGE:
328 return "unexpected_message";
329
330 case SSL3_AD_BAD_RECORD_MAC:
331 return "bad record mac";
332
333 case SSL3_AD_DECOMPRESSION_FAILURE:
334 return "decompression failure";
335
336 case SSL3_AD_HANDSHAKE_FAILURE:
337 return "handshake failure";
338
339 case SSL3_AD_NO_CERTIFICATE:
340 return "no certificate";
341
342 case SSL3_AD_BAD_CERTIFICATE:
343 return "bad certificate";
344
345 case SSL3_AD_UNSUPPORTED_CERTIFICATE:
346 return "unsupported certificate";
347
348 case SSL3_AD_CERTIFICATE_REVOKED:
349 return "certificate revoked";
350
351 case SSL3_AD_CERTIFICATE_EXPIRED:
352 return "certificate expired";
353
354 case SSL3_AD_CERTIFICATE_UNKNOWN:
355 return "certificate unknown";
356
357 case SSL3_AD_ILLEGAL_PARAMETER:
358 return "illegal parameter";
359
360 case TLS1_AD_DECRYPTION_FAILED:
361 return "decryption failed";
362
363 case TLS1_AD_RECORD_OVERFLOW:
364 return "record overflow";
365
366 case TLS1_AD_UNKNOWN_CA:
367 return "unknown CA";
368
369 case TLS1_AD_ACCESS_DENIED:
370 return "access denied";
371
372 case TLS1_AD_DECODE_ERROR:
373 return "decode error";
374
375 case TLS1_AD_DECRYPT_ERROR:
376 return "decrypt error";
377
378 case TLS1_AD_EXPORT_RESTRICTION:
379 return "export restriction";
380
381 case TLS1_AD_PROTOCOL_VERSION:
382 return "protocol version";
383
384 case TLS1_AD_INSUFFICIENT_SECURITY:
385 return "insufficient security";
386
387 case TLS1_AD_INTERNAL_ERROR:
388 return "internal error";
389
390 case SSL3_AD_INAPPROPRIATE_FALLBACK:
391 return "inappropriate fallback";
392
393 case TLS1_AD_USER_CANCELLED:
394 return "user canceled";
395
396 case TLS1_AD_NO_RENEGOTIATION:
397 return "no renegotiation";
398
399 case TLS1_AD_UNSUPPORTED_EXTENSION:
400 return "unsupported extension";
401
402 case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
403 return "certificate unobtainable";
404
405 case TLS1_AD_UNRECOGNIZED_NAME:
406 return "unrecognized name";
407
408 case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
409 return "bad certificate status response";
410
411 case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
412 return "bad certificate hash value";
413
414 case TLS1_AD_UNKNOWN_PSK_IDENTITY:
415 return "unknown PSK identity";
416
417 case TLS1_AD_CERTIFICATE_REQUIRED:
418 return "certificate required";
419
420 default:
421 return "unknown";
422 }
423 }
424