lib/libssl/ssl_stat.c at jcs · jcs.org/openbsd-src

jcs.org / openbsd-src
fork atom
jcs's openbsd hax
openbsd
fork atom
openbsd-src / lib / libssl / ssl_stat.c
at jcs 531 lines 16 kB view raw
wrap content
tb Simplify SSL_alert_desc_string 10mo ago
a10bf9eb
  1/* $OpenBSD: ssl_stat.c,v 1.24 2025/05/22 08:25:26 tb Exp $ */
  2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3 * All rights reserved.
  4 *
  5 * This package is an SSL implementation written
  6 * by Eric Young (eay@cryptsoft.com).
  7 * The implementation was written so as to conform with Netscapes SSL.
  8 *
  9 * This library is free for commercial and non-commercial use as long as
 10 * the following conditions are aheared to.  The following conditions
 11 * apply to all code found in this distribution, be it the RC4, RSA,
 12 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 13 * included with this distribution is covered by the same copyright terms
 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 15 *
 16 * Copyright remains Eric Young's, and as such any Copyright notices in
 17 * the code are not to be removed.
 18 * If this package is used in a product, Eric Young should be given attribution
 19 * as the author of the parts of the library used.
 20 * This can be in the form of a textual message at program startup or
 21 * in documentation (online or textual) provided with the package.
 22 *
 23 * Redistribution and use in source and binary forms, with or without
 24 * modification, are permitted provided that the following conditions
 25 * are met:
 26 * 1. Redistributions of source code must retain the copyright
 27 *    notice, this list of conditions and the following disclaimer.
 28 * 2. Redistributions in binary form must reproduce the above copyright
 29 *    notice, this list of conditions and the following disclaimer in the
 30 *    documentation and/or other materials provided with the distribution.
 31 * 3. All advertising materials mentioning features or use of this software
 32 *    must display the following acknowledgement:
 33 *    "This product includes cryptographic software written by
 34 *     Eric Young (eay@cryptsoft.com)"
 35 *    The word 'cryptographic' can be left out if the rouines from the library
 36 *    being used are not cryptographic related :-).
 37 * 4. If you include any Windows specific code (or a derivative thereof) from
 38 *    the apps directory (application code) you must include an acknowledgement:
 39 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 40 *
 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 44 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 51 * SUCH DAMAGE.
 52 *
 53 * The licence and distribution terms for any publically available version or
 54 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 55 * copied and put under another distribution licence
 56 * [including the GNU Public Licence.]
 57 */
 58/* ====================================================================
 59 * Copyright 2005 Nokia. All rights reserved.
 60 *
 61 * The portions of the attached software ("Contribution") is developed by
 62 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
 63 * license.
 64 *
 65 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
 66 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
 67 * support (see RFC 4279) to OpenSSL.
 68 *
 69 * No patent licenses or other rights except those expressly stated in
 70 * the OpenSSL open source license shall be deemed granted or received
 71 * expressly, by implication, estoppel, or otherwise.
 72 *
 73 * No assurances are provided by Nokia that the Contribution does not
 74 * infringe the patent or other intellectual property rights of any third
 75 * party or that the license provides you with all the necessary rights
 76 * to make use of the Contribution.
 77 *
 78 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
 79 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
 80 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
 81 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
 82 * OTHERWISE.
 83 */
 84
 85#include <stdio.h>
 86
 87#include "ssl_local.h"
 88
 89const char *
 90SSL_state_string_long(const SSL *s)
 91{
 92	switch (s->s3->hs.state) {
 93	case SSL_ST_BEFORE:
 94		return "before SSL initialization";
 95	case SSL_ST_ACCEPT:
 96		return "before accept initialization";
 97	case SSL_ST_CONNECT:
 98		return "before connect initialization";
 99	case SSL_ST_OK:
100		return "SSL negotiation finished successfully";
101	case SSL_ST_RENEGOTIATE:
102		return "SSL renegotiate ciphers";
103	case SSL_ST_BEFORE|SSL_ST_CONNECT:
104		return "before/connect initialization";
105	case SSL_ST_OK|SSL_ST_CONNECT:
106		return "ok/connect SSL initialization";
107	case SSL_ST_BEFORE|SSL_ST_ACCEPT:
108		return "before/accept initialization";
109	case SSL_ST_OK|SSL_ST_ACCEPT:
110		return "ok/accept SSL initialization";
111
112	/* SSLv3 additions */
113	case SSL3_ST_CW_CLNT_HELLO_A:
114		return "SSLv3 write client hello A";
115	case SSL3_ST_CW_CLNT_HELLO_B:
116		return "SSLv3 write client hello B";
117	case SSL3_ST_CR_SRVR_HELLO_A:
118		return "SSLv3 read server hello A";
119	case SSL3_ST_CR_SRVR_HELLO_B:
120		return "SSLv3 read server hello B";
121	case SSL3_ST_CR_CERT_A:
122		return "SSLv3 read server certificate A";
123	case SSL3_ST_CR_CERT_B:
124		return "SSLv3 read server certificate B";
125	case SSL3_ST_CR_KEY_EXCH_A:
126		return "SSLv3 read server key exchange A";
127	case SSL3_ST_CR_KEY_EXCH_B:
128		return "SSLv3 read server key exchange B";
129	case SSL3_ST_CR_CERT_REQ_A:
130		return "SSLv3 read server certificate request A";
131	case SSL3_ST_CR_CERT_REQ_B:
132		return "SSLv3 read server certificate request B";
133	case SSL3_ST_CR_SESSION_TICKET_A:
134		return "SSLv3 read server session ticket A";
135	case SSL3_ST_CR_SESSION_TICKET_B:
136		return "SSLv3 read server session ticket B";
137	case SSL3_ST_CR_SRVR_DONE_A:
138		return "SSLv3 read server done A";
139	case SSL3_ST_CR_SRVR_DONE_B:
140		return "SSLv3 read server done B";
141	case SSL3_ST_CW_CERT_A:
142		return "SSLv3 write client certificate A";
143	case SSL3_ST_CW_CERT_B:
144		return "SSLv3 write client certificate B";
145	case SSL3_ST_CW_CERT_C:
146		return "SSLv3 write client certificate C";
147	case SSL3_ST_CW_CERT_D:
148		return "SSLv3 write client certificate D";
149	case SSL3_ST_CW_KEY_EXCH_A:
150		return "SSLv3 write client key exchange A";
151	case SSL3_ST_CW_KEY_EXCH_B:
152		return "SSLv3 write client key exchange B";
153	case SSL3_ST_CW_CERT_VRFY_A:
154		return "SSLv3 write certificate verify A";
155	case SSL3_ST_CW_CERT_VRFY_B:
156		return "SSLv3 write certificate verify B";
157
158	case SSL3_ST_CW_CHANGE_A:
159	case SSL3_ST_SW_CHANGE_A:
160		return "SSLv3 write change cipher spec A";
161	case SSL3_ST_CW_CHANGE_B:
162	case SSL3_ST_SW_CHANGE_B:
163		return "SSLv3 write change cipher spec B";
164	case SSL3_ST_CW_FINISHED_A:
165	case SSL3_ST_SW_FINISHED_A:
166		return "SSLv3 write finished A";
167	case SSL3_ST_CW_FINISHED_B:
168	case SSL3_ST_SW_FINISHED_B:
169		return "SSLv3 write finished B";
170	case SSL3_ST_CR_CHANGE_A:
171	case SSL3_ST_SR_CHANGE_A:
172		return "SSLv3 read change cipher spec A";
173	case SSL3_ST_CR_CHANGE_B:
174	case SSL3_ST_SR_CHANGE_B:
175		return "SSLv3 read change cipher spec B";
176	case SSL3_ST_CR_FINISHED_A:
177	case SSL3_ST_SR_FINISHED_A:
178		return "SSLv3 read finished A";
179	case SSL3_ST_CR_FINISHED_B:
180	case SSL3_ST_SR_FINISHED_B:
181		return "SSLv3 read finished B";
182
183	case SSL3_ST_CW_FLUSH:
184	case SSL3_ST_SW_FLUSH:
185		return "SSLv3 flush data";
186
187	case SSL3_ST_SR_CLNT_HELLO_A:
188		return "SSLv3 read client hello A";
189	case SSL3_ST_SR_CLNT_HELLO_B:
190		return "SSLv3 read client hello B";
191	case SSL3_ST_SR_CLNT_HELLO_C:
192		return "SSLv3 read client hello C";
193	case SSL3_ST_SW_HELLO_REQ_A:
194		return "SSLv3 write hello request A";
195	case SSL3_ST_SW_HELLO_REQ_B:
196		return "SSLv3 write hello request B";
197	case SSL3_ST_SW_HELLO_REQ_C:
198		return "SSLv3 write hello request C";
199	case SSL3_ST_SW_SRVR_HELLO_A:
200		return "SSLv3 write server hello A";
201	case SSL3_ST_SW_SRVR_HELLO_B:
202		return "SSLv3 write server hello B";
203	case SSL3_ST_SW_CERT_A:
204		return "SSLv3 write certificate A";
205	case SSL3_ST_SW_CERT_B:
206		return "SSLv3 write certificate B";
207	case SSL3_ST_SW_KEY_EXCH_A:
208		return "SSLv3 write key exchange A";
209	case SSL3_ST_SW_KEY_EXCH_B:
210		return "SSLv3 write key exchange B";
211	case SSL3_ST_SW_CERT_REQ_A:
212		return "SSLv3 write certificate request A";
213	case SSL3_ST_SW_CERT_REQ_B:
214		return "SSLv3 write certificate request B";
215	case SSL3_ST_SW_SESSION_TICKET_A:
216		return "SSLv3 write session ticket A";
217	case SSL3_ST_SW_SESSION_TICKET_B:
218		return "SSLv3 write session ticket B";
219	case SSL3_ST_SW_SRVR_DONE_A:
220		return "SSLv3 write server done A";
221	case SSL3_ST_SW_SRVR_DONE_B:
222		return "SSLv3 write server done B";
223	case SSL3_ST_SR_CERT_A:
224		return "SSLv3 read client certificate A";
225	case SSL3_ST_SR_CERT_B:
226		return "SSLv3 read client certificate B";
227	case SSL3_ST_SR_KEY_EXCH_A:
228		return "SSLv3 read client key exchange A";
229	case SSL3_ST_SR_KEY_EXCH_B:
230		return "SSLv3 read client key exchange B";
231	case SSL3_ST_SR_CERT_VRFY_A:
232		return "SSLv3 read certificate verify A";
233	case SSL3_ST_SR_CERT_VRFY_B:
234		return "SSLv3 read certificate verify B";
235
236	/* DTLS */
237	case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
238		return "DTLS1 read hello verify request A";
239	case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
240		return "DTLS1 read hello verify request B";
241	case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
242		return "DTLS1 write hello verify request A";
243	case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
244		return "DTLS1 write hello verify request B";
245
246	default:
247		return "unknown state";
248	}
249}
250LSSL_ALIAS(SSL_state_string_long);
251
252const char *
253SSL_rstate_string_long(const SSL *s)
254{
255	switch (s->rstate) {
256	case SSL_ST_READ_HEADER:
257		return "read header";
258	case SSL_ST_READ_BODY:
259		return "read body";
260	case SSL_ST_READ_DONE:
261		return "read done";
262	default:
263		return "unknown";
264	}
265}
266LSSL_ALIAS(SSL_rstate_string_long);
267
268const char *
269SSL_state_string(const SSL *s)
270{
271	switch (s->s3->hs.state) {
272	case SSL_ST_BEFORE:
273		return "PINIT ";
274	case SSL_ST_ACCEPT:
275		return "AINIT ";
276	case SSL_ST_CONNECT:
277		return "CINIT ";
278	case SSL_ST_OK:
279		return "SSLOK ";
280
281	/* SSLv3 additions */
282	case SSL3_ST_SW_FLUSH:
283	case SSL3_ST_CW_FLUSH:
284		return "3FLUSH";
285	case SSL3_ST_CW_CLNT_HELLO_A:
286		return "3WCH_A";
287	case SSL3_ST_CW_CLNT_HELLO_B:
288		return "3WCH_B";
289	case SSL3_ST_CR_SRVR_HELLO_A:
290		return "3RSH_A";
291	case SSL3_ST_CR_SRVR_HELLO_B:
292		return "3RSH_B";
293	case SSL3_ST_CR_CERT_A:
294		return "3RSC_A";
295	case SSL3_ST_CR_CERT_B:
296		return "3RSC_B";
297	case SSL3_ST_CR_KEY_EXCH_A:
298		return "3RSKEA";
299	case SSL3_ST_CR_KEY_EXCH_B:
300		return "3RSKEB";
301	case SSL3_ST_CR_CERT_REQ_A:
302		return "3RCR_A";
303	case SSL3_ST_CR_CERT_REQ_B:
304		return "3RCR_B";
305	case SSL3_ST_CR_SRVR_DONE_A:
306		return "3RSD_A";
307	case SSL3_ST_CR_SRVR_DONE_B:
308		return "3RSD_B";
309	case SSL3_ST_CW_CERT_A:
310		return "3WCC_A";
311	case SSL3_ST_CW_CERT_B:
312		return "3WCC_B";
313	case SSL3_ST_CW_CERT_C:
314		return "3WCC_C";
315	case SSL3_ST_CW_CERT_D:
316		return "3WCC_D";
317	case SSL3_ST_CW_KEY_EXCH_A:
318		return "3WCKEA";
319	case SSL3_ST_CW_KEY_EXCH_B:
320		return "3WCKEB";
321	case SSL3_ST_CW_CERT_VRFY_A:
322		return "3WCV_A";
323	case SSL3_ST_CW_CERT_VRFY_B:
324		return "3WCV_B";
325
326	case SSL3_ST_SW_CHANGE_A:
327	case SSL3_ST_CW_CHANGE_A:
328		return "3WCCSA";
329	case SSL3_ST_SW_CHANGE_B:
330	case SSL3_ST_CW_CHANGE_B:
331		return "3WCCSB";
332	case SSL3_ST_SW_FINISHED_A:
333	case SSL3_ST_CW_FINISHED_A:
334		return "3WFINA";
335	case SSL3_ST_SW_FINISHED_B:
336	case SSL3_ST_CW_FINISHED_B:
337		return "3WFINB";
338	case SSL3_ST_SR_CHANGE_A:
339	case SSL3_ST_CR_CHANGE_A:
340		return "3RCCSA";
341	case SSL3_ST_SR_CHANGE_B:
342	case SSL3_ST_CR_CHANGE_B:
343		return "3RCCSB";
344	case SSL3_ST_SR_FINISHED_A:
345	case SSL3_ST_CR_FINISHED_A:
346		return "3RFINA";
347	case SSL3_ST_SR_FINISHED_B:
348	case SSL3_ST_CR_FINISHED_B:
349		return "3RFINB";
350
351	case SSL3_ST_SW_HELLO_REQ_A:
352		return "3WHR_A";
353	case SSL3_ST_SW_HELLO_REQ_B:
354		return "3WHR_B";
355	case SSL3_ST_SW_HELLO_REQ_C:
356		return "3WHR_C";
357	case SSL3_ST_SR_CLNT_HELLO_A:
358		return "3RCH_A";
359	case SSL3_ST_SR_CLNT_HELLO_B:
360		return "3RCH_B";
361	case SSL3_ST_SR_CLNT_HELLO_C:
362		return "3RCH_C";
363	case SSL3_ST_SW_SRVR_HELLO_A:
364		return "3WSH_A";
365	case SSL3_ST_SW_SRVR_HELLO_B:
366		return "3WSH_B";
367	case SSL3_ST_SW_CERT_A:
368		return "3WSC_A";
369	case SSL3_ST_SW_CERT_B:
370		return "3WSC_B";
371	case SSL3_ST_SW_KEY_EXCH_A:
372		return "3WSKEA";
373	case SSL3_ST_SW_KEY_EXCH_B:
374		return "3WSKEB";
375	case SSL3_ST_SW_CERT_REQ_A:
376		return "3WCR_A";
377	case SSL3_ST_SW_CERT_REQ_B:
378		return "3WCR_B";
379	case SSL3_ST_SW_SRVR_DONE_A:
380		return "3WSD_A";
381	case SSL3_ST_SW_SRVR_DONE_B:
382		return "3WSD_B";
383	case SSL3_ST_SR_CERT_A:
384		return "3RCC_A";
385	case SSL3_ST_SR_CERT_B:
386		return "3RCC_B";
387	case SSL3_ST_SR_KEY_EXCH_A:
388		return "3RCKEA";
389	case SSL3_ST_SR_KEY_EXCH_B:
390		return "3RCKEB";
391	case SSL3_ST_SR_CERT_VRFY_A:
392		return "3RCV_A";
393	case SSL3_ST_SR_CERT_VRFY_B:
394		return "3RCV_B";
395
396	/* DTLS */
397	case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
398		return "DRCHVA";
399	case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
400		return "DRCHVB";
401	case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
402		return "DWCHVA";
403	case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
404		return "DWCHVB";
405
406	default:
407		return "UNKWN ";
408	}
409}
410LSSL_ALIAS(SSL_state_string);
411
412const char *
413SSL_alert_type_string_long(int value)
414{
415	value >>= 8;
416	if (value == SSL3_AL_WARNING)
417		return "warning";
418	else if (value == SSL3_AL_FATAL)
419		return "fatal";
420	else
421		return "unknown";
422}
423LSSL_ALIAS(SSL_alert_type_string_long);
424
425const char *
426SSL_alert_type_string(int value)
427{
428	value >>= 8;
429	if (value == SSL3_AL_WARNING)
430		return "W";
431	else if (value == SSL3_AL_FATAL)
432		return "F";
433	else
434		return "U";
435}
436LSSL_ALIAS(SSL_alert_type_string);
437
438const char *
439SSL_alert_desc_string(int value)
440{
441	return "!!";
442}
443LSSL_ALIAS(SSL_alert_desc_string);
444
445const char *
446SSL_alert_desc_string_long(int value)
447{
448	switch (value & 0xff) {
449	case SSL_AD_CLOSE_NOTIFY:
450		return "close notify";
451	case SSL_AD_UNEXPECTED_MESSAGE:
452		return "unexpected_message";
453	case SSL_AD_BAD_RECORD_MAC:
454		return "bad record mac";
455	case SSL_AD_RECORD_OVERFLOW:
456		return "record overflow";
457	case SSL_AD_DECOMPRESSION_FAILURE:
458		return "decompression failure";
459	case SSL_AD_HANDSHAKE_FAILURE:
460		return "handshake failure";
461	case SSL_AD_BAD_CERTIFICATE:
462		return "bad certificate";
463	case SSL_AD_UNSUPPORTED_CERTIFICATE:
464		return "unsupported certificate";
465	case SSL_AD_CERTIFICATE_REVOKED:
466		return "certificate revoked";
467	case SSL_AD_CERTIFICATE_EXPIRED:
468		return "certificate expired";
469	case SSL_AD_CERTIFICATE_UNKNOWN:
470		return "certificate unknown";
471	case SSL_AD_ILLEGAL_PARAMETER:
472		return "illegal parameter";
473	case SSL_AD_UNKNOWN_CA:
474		return "unknown CA";
475	case SSL_AD_ACCESS_DENIED:
476		return "access denied";
477	case SSL_AD_DECODE_ERROR:
478		return "decode error";
479	case SSL_AD_DECRYPT_ERROR:
480		return "decrypt error";
481	case SSL_AD_PROTOCOL_VERSION:
482		return "protocol version";
483	case SSL_AD_INSUFFICIENT_SECURITY:
484		return "insufficient security";
485	case SSL_AD_INTERNAL_ERROR:
486		return "internal error";
487	case SSL_AD_INAPPROPRIATE_FALLBACK:
488		return "inappropriate fallback";
489	case SSL_AD_USER_CANCELLED:
490		return "user canceled";
491	case SSL_AD_NO_RENEGOTIATION:
492		return "no renegotiation";
493	case SSL_AD_MISSING_EXTENSION:
494		return "missing extension";
495	case SSL_AD_UNSUPPORTED_EXTENSION:
496		return "unsupported extension";
497	case SSL_AD_CERTIFICATE_UNOBTAINABLE:
498		return "certificate unobtainable";
499	case SSL_AD_UNRECOGNIZED_NAME:
500		return "unrecognized name";
501	case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
502		return "bad certificate status response";
503	case SSL_AD_BAD_CERTIFICATE_HASH_VALUE:
504		return "bad certificate hash value";
505	case SSL_AD_UNKNOWN_PSK_IDENTITY:
506		return "unknown PSK identity";
507	case SSL_AD_CERTIFICATE_REQUIRED:
508		return "certificate required";
509	case SSL_AD_NO_APPLICATION_PROTOCOL:
510		return "no application protocol";
511	default:
512		return "unknown";
513	}
514}
515LSSL_ALIAS(SSL_alert_desc_string_long);
516
517const char *
518SSL_rstate_string(const SSL *s)
519{
520	switch (s->rstate) {
521	case SSL_ST_READ_HEADER:
522		return "RH";
523	case SSL_ST_READ_BODY:
524		return "RB";
525	case SSL_ST_READ_DONE:
526		return "RD";
527	default:
528		return "unknown";
529	}
530}
531LSSL_ALIAS(SSL_rstate_string);