2015-01-31 09:13:33 +00:00
|
|
|
/**
|
|
|
|
|
sslxprint.c
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Copyright (C) 1999-2000 RTFM, Inc.
|
|
|
|
|
All Rights Reserved
|
|
|
|
|
|
|
|
|
|
This package is a SSLv3/TLS protocol analyzer written by Eric Rescorla
|
|
|
|
|
<ekr@rtfm.com> and licensed by RTFM, Inc.
|
|
|
|
|
|
|
|
|
|
Redistribution and use in source and binary forms, with or without
|
|
|
|
|
modification, are permitted provided that the following conditions
|
|
|
|
|
are met:
|
|
|
|
|
1. Redistributions of source code must retain the above copyright
|
|
|
|
|
notice, this list of conditions and the following disclaimer.
|
|
|
|
|
2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
notice, this list of conditions and the following disclaimer in the
|
|
|
|
|
documentation and/or other materials provided with the distribution.
|
|
|
|
|
3. All advertising materials mentioning features or use of this software
|
|
|
|
|
must display the following acknowledgement:
|
2023-08-14 10:37:08 +00:00
|
|
|
|
2015-01-31 09:13:33 +00:00
|
|
|
This product includes software developed by Eric Rescorla for
|
|
|
|
|
RTFM, Inc.
|
|
|
|
|
|
|
|
|
|
4. Neither the name of RTFM, Inc. nor the name of Eric Rescorla may be
|
|
|
|
|
used to endorse or promote products derived from this
|
|
|
|
|
software without specific prior written permission.
|
|
|
|
|
|
|
|
|
|
THIS SOFTWARE IS PROVIDED BY ERIC RESCORLA AND RTFM, INC. ``AS IS'' AND
|
|
|
|
|
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
|
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
|
ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
|
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
|
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
|
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
|
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
|
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
2023-08-14 10:37:08 +00:00
|
|
|
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY SUCH
|
|
|
|
|
DAMAGE.
|
2015-01-31 09:13:33 +00:00
|
|
|
|
|
|
|
|
$Id: sslxprint.c,v 1.3 2000/11/03 06:38:06 ekr Exp $
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ekr@rtfm.com Thu Mar 25 21:17:16 1999
|
|
|
|
|
*/
|
|
|
|
|
|
2023-08-10 14:29:45 +00:00
|
|
|
#include <json.h>
|
2015-01-31 09:13:33 +00:00
|
|
|
#include "network.h"
|
|
|
|
|
#include "ssl_h.h"
|
|
|
|
|
#include "sslprint.h"
|
|
|
|
|
#include "ssl.enums.h"
|
|
|
|
|
#ifdef OPENSSL
|
|
|
|
|
#include <openssl/asn1.h>
|
|
|
|
|
#include <openssl/x509.h>
|
|
|
|
|
#include <openssl/x509v3.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#define BUFSIZE 1024
|
|
|
|
|
|
2023-08-14 10:37:08 +00:00
|
|
|
static int sslx__print_dn PROTO_LIST((ssl_obj * ssl, char *x));
|
2015-01-31 09:13:33 +00:00
|
|
|
#ifdef OPENSSL
|
2023-08-14 10:37:08 +00:00
|
|
|
static int sslx__print_serial PROTO_LIST((ssl_obj * ssl, ASN1_INTEGER *a));
|
2015-01-31 09:13:33 +00:00
|
|
|
#endif
|
|
|
|
|
|
2023-08-14 10:37:08 +00:00
|
|
|
int sslx_print_certificate(ssl_obj *ssl, Data *data, int pf) {
|
|
|
|
|
#ifdef OPENSSL
|
|
|
|
|
X509 *x = 0;
|
|
|
|
|
ASN1_INTEGER *a;
|
|
|
|
|
#endif
|
|
|
|
|
UCHAR *d;
|
|
|
|
|
int _status;
|
|
|
|
|
struct json_object *cert_obj;
|
|
|
|
|
|
|
|
|
|
#ifdef OPENSSL
|
|
|
|
|
P_(P_ASN) {
|
|
|
|
|
char buf[BUFSIZE];
|
|
|
|
|
int ext;
|
|
|
|
|
char *b64_cert;
|
|
|
|
|
|
|
|
|
|
char *serial_str = NULL;
|
|
|
|
|
Data data_tmp;
|
|
|
|
|
|
|
|
|
|
struct json_object *jobj;
|
|
|
|
|
jobj = ssl->cur_json_st;
|
|
|
|
|
|
|
|
|
|
cert_obj = json_object_new_object();
|
|
|
|
|
|
|
|
|
|
d = data->data;
|
|
|
|
|
|
|
|
|
|
if(!(b64_cert = (char *)calloc(
|
|
|
|
|
1, sizeof(char) * ((((data->len) + 3 - 1) / 3) * 4 + 1))))
|
|
|
|
|
ABORT(R_NO_MEMORY);
|
|
|
|
|
|
|
|
|
|
EVP_EncodeBlock((unsigned char *)b64_cert, d, data->len);
|
|
|
|
|
json_object_object_add(cert_obj, "cert_der",
|
|
|
|
|
json_object_new_string(b64_cert));
|
|
|
|
|
free(b64_cert);
|
|
|
|
|
|
|
|
|
|
if(!(x = d2i_X509(0, (const unsigned char **)&d, data->len))) {
|
|
|
|
|
explain(ssl, "Bad certificate");
|
|
|
|
|
ABORT(R_BAD_DATA);
|
|
|
|
|
}
|
|
|
|
|
X509_NAME_oneline(X509_get_subject_name(x), buf, BUFSIZE);
|
|
|
|
|
explain(ssl, "Subject\n");
|
|
|
|
|
INDENT_INCR;
|
|
|
|
|
json_object_object_add(cert_obj, "cert_subject",
|
|
|
|
|
json_object_new_string(buf));
|
|
|
|
|
sslx__print_dn(ssl, buf);
|
|
|
|
|
INDENT_POP;
|
|
|
|
|
X509_NAME_oneline(X509_get_issuer_name(x), buf, BUFSIZE);
|
|
|
|
|
explain(ssl, "Issuer\n");
|
|
|
|
|
INDENT_INCR;
|
|
|
|
|
json_object_object_add(cert_obj, "cert_issuer",
|
|
|
|
|
json_object_new_string(buf));
|
|
|
|
|
sslx__print_dn(ssl, buf);
|
|
|
|
|
INDENT_POP;
|
|
|
|
|
a = X509_get_serialNumber(x);
|
|
|
|
|
explain(ssl, "Serial ");
|
|
|
|
|
if(!(serial_str = (char *)calloc(1, sizeof(char) * (a->length * 3))))
|
|
|
|
|
ABORT(R_NO_MEMORY);
|
|
|
|
|
INIT_DATA(data_tmp, a->data, a->length);
|
|
|
|
|
exstr(ssl, serial_str, &data_tmp);
|
|
|
|
|
json_object_object_add(cert_obj, "cert_serial",
|
|
|
|
|
json_object_new_string(serial_str));
|
|
|
|
|
free(serial_str);
|
|
|
|
|
sslx__print_serial(ssl, a);
|
|
|
|
|
|
|
|
|
|
ext = X509_get_ext_count(x);
|
|
|
|
|
if(ext > 0) {
|
|
|
|
|
int i, j;
|
|
|
|
|
UCHAR buf[1024];
|
|
|
|
|
|
|
|
|
|
explain(ssl, "Extensions\n");
|
2015-01-31 09:13:33 +00:00
|
|
|
INDENT_INCR;
|
2023-08-14 10:37:08 +00:00
|
|
|
for(i = 0; i < ext; i++) {
|
|
|
|
|
X509_EXTENSION *ex;
|
|
|
|
|
ASN1_OBJECT *obj;
|
|
|
|
|
|
|
|
|
|
ex = X509_get_ext(x, i);
|
|
|
|
|
obj = X509_EXTENSION_get_object(ex);
|
|
|
|
|
i2t_ASN1_OBJECT((char *)buf, sizeof(buf), obj);
|
|
|
|
|
|
|
|
|
|
explain(ssl, "Extension: %s\n", buf);
|
|
|
|
|
j = X509_EXTENSION_get_critical(ex);
|
|
|
|
|
if(j) {
|
|
|
|
|
INDENT;
|
|
|
|
|
explain(ssl, "Critical\n");
|
2015-01-31 09:13:33 +00:00
|
|
|
}
|
2023-08-14 10:37:08 +00:00
|
|
|
if(SSL_print_flags & SSL_PRINT_NROFF) {
|
|
|
|
|
if(ssl->process_ciphertext & ssl->direction)
|
|
|
|
|
printf("\\f(CI");
|
|
|
|
|
else
|
|
|
|
|
printf("\\fC");
|
|
|
|
|
|
|
|
|
|
INDENT_INCR;
|
|
|
|
|
INDENT;
|
|
|
|
|
if(!X509V3_EXT_print_fp(stdout, ex, 0, 0)) {
|
|
|
|
|
printf("Hex value");
|
|
|
|
|
}
|
|
|
|
|
INDENT_POP;
|
|
|
|
|
explain(ssl, "\n");
|
2015-01-31 09:13:33 +00:00
|
|
|
}
|
|
|
|
|
}
|
2023-08-14 10:37:08 +00:00
|
|
|
INDENT_POP;
|
2021-01-06 16:52:45 +00:00
|
|
|
|
2023-08-14 10:37:08 +00:00
|
|
|
} else {
|
|
|
|
|
#endif
|
|
|
|
|
P_(pf) { exdump(ssl, "certificate", data); }
|
|
|
|
|
#ifdef OPENSSL
|
2015-01-31 09:13:33 +00:00
|
|
|
}
|
2023-08-14 10:37:08 +00:00
|
|
|
|
|
|
|
|
struct json_object *certs_array;
|
|
|
|
|
json_object_object_get_ex(jobj, "cert_chain", &certs_array);
|
|
|
|
|
json_object_array_add(certs_array, cert_obj);
|
|
|
|
|
}
|
2015-01-31 09:13:33 +00:00
|
|
|
#endif
|
|
|
|
|
|
2023-08-14 10:37:08 +00:00
|
|
|
_status = 0;
|
|
|
|
|
abort:
|
|
|
|
|
#ifdef OPENSSL
|
|
|
|
|
if(x)
|
|
|
|
|
X509_free(x);
|
2021-01-27 17:39:03 +00:00
|
|
|
#endif
|
2023-08-14 10:37:08 +00:00
|
|
|
if(_status && cert_obj)
|
|
|
|
|
json_object_put(cert_obj);
|
2023-08-16 13:40:29 +00:00
|
|
|
return _status;
|
2023-08-14 10:37:08 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int sslx_print_dn(ssl_obj *ssl, Data *data, int pf) {
|
|
|
|
|
UCHAR buf[BUFSIZE];
|
|
|
|
|
int _status;
|
|
|
|
|
UCHAR *d = data->data;
|
|
|
|
|
#ifdef OPENSSL
|
|
|
|
|
X509_NAME *n = 0;
|
2015-01-31 09:13:33 +00:00
|
|
|
#endif
|
2023-08-14 10:37:08 +00:00
|
|
|
|
|
|
|
|
P_(pf){
|
|
|
|
|
#ifdef OPENSSL
|
|
|
|
|
P_(P_ASN){if(!(n = d2i_X509_NAME(0, (const unsigned char **)&d,
|
|
|
|
|
data->len))) ABORT(R_BAD_DATA);
|
|
|
|
|
X509_NAME_oneline(n, (char *)buf, BUFSIZE);
|
|
|
|
|
sslx__print_dn(ssl, (char *)buf);
|
|
|
|
|
}
|
|
|
|
|
else {
|
2015-01-31 09:13:33 +00:00
|
|
|
#endif
|
2023-08-14 10:37:08 +00:00
|
|
|
exdump(ssl, 0, data);
|
|
|
|
|
#ifdef OPENSSL
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
}
|
2015-01-31 09:13:33 +00:00
|
|
|
|
2023-08-14 10:37:08 +00:00
|
|
|
_status = 0;
|
|
|
|
|
abort :
|
|
|
|
|
#ifdef OPENSSL
|
2015-01-31 09:13:33 +00:00
|
|
|
if(n) X509_NAME_free(n);
|
2023-08-14 10:37:08 +00:00
|
|
|
#endif
|
2023-08-16 13:40:29 +00:00
|
|
|
return _status;
|
2023-08-14 10:37:08 +00:00
|
|
|
}
|
2015-01-31 09:13:33 +00:00
|
|
|
|
2023-08-14 10:37:08 +00:00
|
|
|
static int sslx__print_dn(ssl_obj *ssl, char *x) {
|
|
|
|
|
char *slash;
|
2015-01-31 09:13:33 +00:00
|
|
|
|
2023-08-14 10:37:08 +00:00
|
|
|
if(*x == '/')
|
|
|
|
|
x++;
|
|
|
|
|
|
|
|
|
|
while(x) {
|
|
|
|
|
if((slash = strchr(x, '/'))) {
|
|
|
|
|
*slash = 0;
|
|
|
|
|
}
|
2015-01-31 09:13:33 +00:00
|
|
|
|
2023-08-14 10:37:08 +00:00
|
|
|
explain(ssl, "%s\n", x);
|
2015-01-31 09:13:33 +00:00
|
|
|
|
2023-08-14 10:37:08 +00:00
|
|
|
x = slash ? slash + 1 : 0;
|
|
|
|
|
};
|
2015-01-31 09:13:33 +00:00
|
|
|
|
2023-08-16 13:40:29 +00:00
|
|
|
return 0;
|
2023-08-14 10:37:08 +00:00
|
|
|
}
|
2015-01-31 09:13:33 +00:00
|
|
|
|
|
|
|
|
#ifdef OPENSSL
|
2023-08-14 10:37:08 +00:00
|
|
|
static int sslx__print_serial(ssl_obj *ssl, ASN1_INTEGER *a) {
|
|
|
|
|
Data d;
|
|
|
|
|
|
|
|
|
|
if(a->length == 0)
|
|
|
|
|
printf("0");
|
|
|
|
|
|
|
|
|
|
INIT_DATA(d, a->data, a->length);
|
|
|
|
|
exdump(ssl, 0, &d);
|
|
|
|
|
|
2023-08-16 13:40:29 +00:00
|
|
|
return 0;
|
2023-08-14 10:37:08 +00:00
|
|
|
}
|
2015-01-31 09:13:33 +00:00
|
|
|
#endif
|
