/src/gdal/curl/lib/vtls/openssl.c
Line | Count | Source (jump to first uncovered line) |
1 | | /*************************************************************************** |
2 | | * _ _ ____ _ |
3 | | * Project ___| | | | _ \| | |
4 | | * / __| | | | |_) | | |
5 | | * | (__| |_| | _ <| |___ |
6 | | * \___|\___/|_| \_\_____| |
7 | | * |
8 | | * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. |
9 | | * |
10 | | * This software is licensed as described in the file COPYING, which |
11 | | * you should have received as part of this distribution. The terms |
12 | | * are also available at https://curl.se/docs/copyright.html. |
13 | | * |
14 | | * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
15 | | * copies of the Software, and permit persons to whom the Software is |
16 | | * furnished to do so, under the terms of the COPYING file. |
17 | | * |
18 | | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
19 | | * KIND, either express or implied. |
20 | | * |
21 | | * SPDX-License-Identifier: curl |
22 | | * |
23 | | ***************************************************************************/ |
24 | | |
25 | | /* |
26 | | * Source file for all OpenSSL-specific code for the TLS/SSL layer. No code |
27 | | * but vtls.c should ever call or use these functions. |
28 | | */ |
29 | | |
30 | | #include "../curl_setup.h" |
31 | | |
32 | | #if defined(USE_QUICHE) || defined(USE_OPENSSL) |
33 | | |
34 | | #include <limits.h> |
35 | | |
36 | | /* Wincrypt must be included before anything that could include OpenSSL. */ |
37 | | #ifdef USE_WIN32_CRYPTO |
38 | | #include <wincrypt.h> |
39 | | /* Undefine wincrypt conflicting symbols for BoringSSL. */ |
40 | | #undef X509_NAME |
41 | | #undef X509_EXTENSIONS |
42 | | #undef PKCS7_ISSUER_AND_SERIAL |
43 | | #undef PKCS7_SIGNER_INFO |
44 | | #undef OCSP_REQUEST |
45 | | #undef OCSP_RESPONSE |
46 | | #endif |
47 | | |
48 | | #include "../urldata.h" |
49 | | #include "../sendf.h" |
50 | | #include "../formdata.h" /* for the boundary function */ |
51 | | #include "../url.h" /* for the ssl config check function */ |
52 | | #include "../curlx/inet_pton.h" |
53 | | #include "openssl.h" |
54 | | #include "../connect.h" |
55 | | #include "../slist.h" |
56 | | #include "../select.h" |
57 | | #include "vtls.h" |
58 | | #include "vtls_int.h" |
59 | | #include "vtls_scache.h" |
60 | | #include "../vauth/vauth.h" |
61 | | #include "keylog.h" |
62 | | #include "../strcase.h" |
63 | | #include "hostcheck.h" |
64 | | #include "../multiif.h" |
65 | | #include "../curlx/strparse.h" |
66 | | #include "../strdup.h" |
67 | | #include "../strerror.h" |
68 | | #include "../curl_printf.h" |
69 | | |
70 | | #include <openssl/ssl.h> |
71 | | #include <openssl/rand.h> |
72 | | #include <openssl/x509v3.h> |
73 | | #ifndef OPENSSL_NO_DSA |
74 | | #include <openssl/dsa.h> |
75 | | #endif |
76 | | #include <openssl/dh.h> |
77 | | #include <openssl/err.h> |
78 | | #include <openssl/md5.h> |
79 | | #include <openssl/conf.h> |
80 | | #include <openssl/bn.h> |
81 | | #include <openssl/rsa.h> |
82 | | #include <openssl/bio.h> |
83 | | #include <openssl/buffer.h> |
84 | | #include <openssl/pkcs12.h> |
85 | | #include <openssl/tls1.h> |
86 | | #include <openssl/evp.h> |
87 | | |
88 | | #ifdef HAVE_SSL_SET1_ECH_CONFIG_LIST |
89 | | #define USE_ECH_OPENSSL |
90 | | #endif |
91 | | |
92 | | #ifdef USE_ECH_OPENSSL |
93 | | # if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC) |
94 | | # include <openssl/ech.h> |
95 | | # endif |
96 | | #endif /* USE_ECH_OPENSSL */ |
97 | | |
98 | | #ifndef OPENSSL_NO_OCSP |
99 | | #include <openssl/ocsp.h> |
100 | | #endif |
101 | | |
102 | | #if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_UI_CONSOLE) |
103 | | #define USE_OPENSSL_ENGINE |
104 | | #include <openssl/engine.h> |
105 | | #endif |
106 | | |
107 | | #ifdef LIBRESSL_VERSION_NUMBER |
108 | | # /* As of LibreSSL 2.0.0-4.0.0: OPENSSL_VERSION_NUMBER == 0x20000000L */ |
109 | | # if LIBRESSL_VERSION_NUMBER < 0x2090100fL /* 2019-04-13 */ |
110 | | # error "LibreSSL 2.9.1 or later required" |
111 | | # endif |
112 | | #elif OPENSSL_VERSION_NUMBER < 0x1000201fL /* 2015-03-19 */ |
113 | | # error "OpenSSL 1.0.2a or later required" |
114 | | #endif |
115 | | |
116 | | #if OPENSSL_VERSION_NUMBER >= 0x3000000fL && !defined(OPENSSL_NO_UI_CONSOLE) |
117 | | #include <openssl/provider.h> |
118 | | #include <openssl/store.h> |
119 | | /* this is used in the following conditions to make them easier to read */ |
120 | | #define OPENSSL_HAS_PROVIDERS |
121 | | |
122 | | static void ossl_provider_cleanup(struct Curl_easy *data); |
123 | | #endif |
124 | | |
125 | | #include "../curlx/warnless.h" |
126 | | |
127 | | /* The last #include files should be: */ |
128 | | #include "../curl_memory.h" |
129 | | #include "../memdebug.h" |
130 | | |
131 | | /* Uncomment the ALLOW_RENEG line to a real #define if you want to allow TLS |
132 | | renegotiations when built with BoringSSL. Renegotiating is non-compliant |
133 | | with HTTP/2 and "an extremely dangerous protocol feature". Beware. |
134 | | |
135 | | #define ALLOW_RENEG 1 |
136 | | */ |
137 | | |
138 | | #ifndef OPENSSL_VERSION_NUMBER |
139 | | #error "OPENSSL_VERSION_NUMBER not defined" |
140 | | #endif |
141 | | |
142 | | #if defined(USE_OPENSSL_ENGINE) || defined(OPENSSL_HAS_PROVIDERS) |
143 | | #include <openssl/ui.h> |
144 | | #endif |
145 | | |
146 | | #if OPENSSL_VERSION_NUMBER >= 0x10100000L |
147 | 0 | #define OSSL_UI_METHOD_CAST(x) (x) |
148 | | #else |
149 | | #define OSSL_UI_METHOD_CAST(x) CURL_UNCONST(x) |
150 | | #endif |
151 | | |
152 | | #if OPENSSL_VERSION_NUMBER >= 0x10100000L /* OpenSSL 1.1.0+ and LibreSSL */ |
153 | | #define HAVE_X509_GET0_EXTENSIONS 1 /* added in 1.1.0 -pre1 */ |
154 | | #define HAVE_OPAQUE_EVP_PKEY 1 /* since 1.1.0 -pre3 */ |
155 | | #define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */ |
156 | | #define HAVE_ERR_REMOVE_THREAD_STATE_DEPRECATED 1 |
157 | | #else |
158 | | /* For OpenSSL before 1.1.0 */ |
159 | | #define ASN1_STRING_get0_data(x) ASN1_STRING_data(x) |
160 | | #define X509_get0_notBefore(x) X509_get_notBefore(x) |
161 | | #define X509_get0_notAfter(x) X509_get_notAfter(x) |
162 | | #define OpenSSL_version_num() SSLeay() |
163 | | #endif |
164 | | |
165 | | #if OPENSSL_VERSION_NUMBER >= 0x10002003L && \ |
166 | | OPENSSL_VERSION_NUMBER <= 0x10002FFFL && \ |
167 | | !defined(OPENSSL_NO_COMP) |
168 | | #define HAVE_SSL_COMP_FREE_COMPRESSION_METHODS 1 |
169 | | #endif |
170 | | |
171 | | #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) |
172 | | #define HAVE_EVP_PKEY_GET_PARAMS 1 |
173 | | #endif |
174 | | |
175 | | #ifdef HAVE_EVP_PKEY_GET_PARAMS |
176 | | #include <openssl/core_names.h> |
177 | | #define DECLARE_PKEY_PARAM_BIGNUM(name) BIGNUM *name = NULL |
178 | | #define FREE_PKEY_PARAM_BIGNUM(name) BN_clear_free(name) |
179 | | #else |
180 | 0 | #define DECLARE_PKEY_PARAM_BIGNUM(name) const BIGNUM *name |
181 | | #define FREE_PKEY_PARAM_BIGNUM(name) |
182 | | #endif |
183 | | |
184 | | /* Whether SSL_CTX_set_ciphersuites is available. |
185 | | * OpenSSL: supported since 1.1.1 (commit a53b5be6a05) |
186 | | * BoringSSL: no |
187 | | * LibreSSL: supported since 3.4.1 (released 2021-10-14) |
188 | | */ |
189 | | #if ((OPENSSL_VERSION_NUMBER >= 0x10101000L && \ |
190 | | !defined(LIBRESSL_VERSION_NUMBER)) || \ |
191 | | (defined(LIBRESSL_VERSION_NUMBER) && \ |
192 | | LIBRESSL_VERSION_NUMBER >= 0x3040100fL)) && \ |
193 | | !defined(OPENSSL_IS_BORINGSSL) |
194 | | #define HAVE_SSL_CTX_SET_CIPHERSUITES |
195 | | #ifndef OPENSSL_IS_AWSLC |
196 | | #define HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH |
197 | | #endif |
198 | | #endif |
199 | | |
200 | | /* Whether SSL_CTX_set1_sigalgs_list is available |
201 | | * OpenSSL: supported since 1.0.2 (commit 0b362de5f575) |
202 | | * BoringSSL: supported since 0.20240913.0 (commit 826ce15) |
203 | | * LibreSSL: no |
204 | | */ |
205 | | #if (OPENSSL_VERSION_NUMBER >= 0x10002000L && \ |
206 | | !defined(LIBRESSL_VERSION_NUMBER)) |
207 | | #define HAVE_SSL_CTX_SET1_SIGALGS |
208 | | #endif |
209 | | |
210 | | #ifdef LIBRESSL_VERSION_NUMBER |
211 | | #define OSSL_PACKAGE "LibreSSL" |
212 | | #elif defined(OPENSSL_IS_BORINGSSL) |
213 | | #define OSSL_PACKAGE "BoringSSL" |
214 | | #elif defined(OPENSSL_IS_AWSLC) |
215 | | #define OSSL_PACKAGE "AWS-LC" |
216 | | #elif (defined(USE_NGTCP2) && defined(USE_NGHTTP3) && \ |
217 | | !defined(OPENSSL_QUIC_API2)) || defined(USE_MSH3) |
218 | | #define OSSL_PACKAGE "quictls" |
219 | | #else |
220 | 24 | #define OSSL_PACKAGE "OpenSSL" |
221 | | #endif |
222 | | |
223 | | #if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC) |
224 | | typedef size_t numcert_t; |
225 | | #else |
226 | | typedef int numcert_t; |
227 | | #endif |
228 | | #define ossl_valsize_t numcert_t |
229 | | |
230 | | #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) |
231 | | /* up2date versions of OpenSSL maintain reasonably secure defaults without |
232 | | * breaking compatibility, so it is better not to override the defaults in curl |
233 | | */ |
234 | 21 | #define DEFAULT_CIPHER_SELECTION NULL |
235 | | #else |
236 | | /* not the case with old versions of OpenSSL */ |
237 | | #define DEFAULT_CIPHER_SELECTION \ |
238 | | "ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH" |
239 | | #endif |
240 | | |
241 | | #ifdef HAVE_OPENSSL_SRP |
242 | | /* the function exists */ |
243 | | #ifdef USE_TLS_SRP |
244 | | /* the functionality is not disabled */ |
245 | | #define USE_OPENSSL_SRP |
246 | | #endif |
247 | | #endif |
248 | | |
249 | | #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) |
250 | | #define HAVE_RANDOM_INIT_BY_DEFAULT 1 |
251 | | #endif |
252 | | |
253 | | #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \ |
254 | | !defined(OPENSSL_IS_BORINGSSL) && \ |
255 | | !defined(OPENSSL_IS_AWSLC) |
256 | | #define HAVE_OPENSSL_VERSION |
257 | | #endif |
258 | | |
259 | | #if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC) |
260 | | typedef uint32_t sslerr_t; |
261 | | #else |
262 | | typedef unsigned long sslerr_t; |
263 | | #endif |
264 | | |
265 | | /* |
266 | | * Whether the OpenSSL version has the API needed to support sharing an |
267 | | * X509_STORE between connections. The API is: |
268 | | * * `X509_STORE_up_ref` -- Introduced: OpenSSL 1.1.0. |
269 | | */ |
270 | | #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) /* OpenSSL >= 1.1.0 */ |
271 | | #define HAVE_SSL_X509_STORE_SHARE |
272 | | #endif |
273 | | |
274 | | static CURLcode ossl_certchain(struct Curl_easy *data, SSL *ssl); |
275 | | |
276 | | static CURLcode push_certinfo(struct Curl_easy *data, |
277 | | BIO *mem, const char *label, int num) |
278 | | WARN_UNUSED_RESULT; |
279 | | |
280 | | static CURLcode push_certinfo(struct Curl_easy *data, |
281 | | BIO *mem, const char *label, int num) |
282 | 0 | { |
283 | 0 | char *ptr; |
284 | 0 | long len = BIO_get_mem_data(mem, &ptr); |
285 | 0 | CURLcode result = Curl_ssl_push_certinfo_len(data, num, label, ptr, len); |
286 | 0 | (void)BIO_reset(mem); |
287 | 0 | return result; |
288 | 0 | } |
289 | | |
290 | | static CURLcode pubkey_show(struct Curl_easy *data, |
291 | | BIO *mem, |
292 | | int num, |
293 | | const char *type, |
294 | | const char *name, |
295 | | const BIGNUM *bn) |
296 | 0 | { |
297 | 0 | char namebuf[32]; |
298 | |
|
299 | 0 | msnprintf(namebuf, sizeof(namebuf), "%s(%s)", type, name); |
300 | |
|
301 | 0 | if(bn) |
302 | 0 | BN_print(mem, bn); |
303 | 0 | return push_certinfo(data, mem, namebuf, num); |
304 | 0 | } |
305 | | |
306 | | #ifdef HAVE_OPAQUE_RSA_DSA_DH |
307 | | #define print_pubkey_BN(_type, _name, _num) \ |
308 | 0 | pubkey_show(data, mem, _num, #_type, #_name, _name) |
309 | | |
310 | | #else |
311 | | #define print_pubkey_BN(_type, _name, _num) \ |
312 | | do { \ |
313 | | if(_type->_name) { \ |
314 | | pubkey_show(data, mem, _num, #_type, #_name, _type->_name); \ |
315 | | } \ |
316 | | } while(0) |
317 | | #endif |
318 | | |
319 | | static int asn1_object_dump(ASN1_OBJECT *a, char *buf, size_t len) |
320 | 0 | { |
321 | 0 | int i, ilen; |
322 | |
|
323 | 0 | ilen = (int)len; |
324 | 0 | if(ilen < 0) |
325 | 0 | return 1; /* buffer too big */ |
326 | | |
327 | 0 | i = i2t_ASN1_OBJECT(buf, ilen, a); |
328 | |
|
329 | 0 | if(i >= ilen) |
330 | 0 | return 1; /* buffer too small */ |
331 | | |
332 | 0 | return 0; |
333 | 0 | } |
334 | | |
335 | | static CURLcode X509V3_ext(struct Curl_easy *data, |
336 | | int certnum, |
337 | | const STACK_OF(X509_EXTENSION) *extsarg) |
338 | 0 | { |
339 | 0 | int i; |
340 | 0 | CURLcode result = CURLE_OK; |
341 | 0 | #if OPENSSL_VERSION_NUMBER >= 0x10100000L && \ |
342 | 0 | !defined(LIBRESSL_VERSION_NUMBER) |
343 | 0 | const STACK_OF(X509_EXTENSION) *exts = extsarg; |
344 | | #else |
345 | | STACK_OF(X509_EXTENSION) *exts = CURL_UNCONST(extsarg); |
346 | | #endif |
347 | |
|
348 | 0 | if((int)sk_X509_EXTENSION_num(exts) <= 0) |
349 | | /* no extensions, bail out */ |
350 | 0 | return result; |
351 | | |
352 | 0 | for(i = 0; i < (int)sk_X509_EXTENSION_num(exts); i++) { |
353 | 0 | ASN1_OBJECT *obj; |
354 | 0 | X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, (ossl_valsize_t)i); |
355 | 0 | BUF_MEM *biomem; |
356 | 0 | char namebuf[128]; |
357 | 0 | BIO *bio_out = BIO_new(BIO_s_mem()); |
358 | |
|
359 | 0 | if(!bio_out) |
360 | 0 | return result; |
361 | | |
362 | 0 | obj = X509_EXTENSION_get_object(ext); |
363 | |
|
364 | 0 | asn1_object_dump(obj, namebuf, sizeof(namebuf)); |
365 | |
|
366 | 0 | if(!X509V3_EXT_print(bio_out, ext, 0, 0)) |
367 | 0 | ASN1_STRING_print(bio_out, (ASN1_STRING *)X509_EXTENSION_get_data(ext)); |
368 | |
|
369 | 0 | BIO_get_mem_ptr(bio_out, &biomem); |
370 | 0 | result = Curl_ssl_push_certinfo_len(data, certnum, namebuf, biomem->data, |
371 | 0 | biomem->length); |
372 | 0 | BIO_free(bio_out); |
373 | 0 | if(result) |
374 | 0 | break; |
375 | 0 | } |
376 | 0 | return result; |
377 | 0 | } |
378 | | |
379 | | static CURLcode ossl_certchain(struct Curl_easy *data, SSL *ssl) |
380 | 0 | { |
381 | 0 | CURLcode result; |
382 | 0 | STACK_OF(X509) *sk; |
383 | 0 | int i; |
384 | 0 | numcert_t numcerts; |
385 | 0 | BIO *mem; |
386 | |
|
387 | 0 | DEBUGASSERT(ssl); |
388 | |
|
389 | 0 | sk = SSL_get_peer_cert_chain(ssl); |
390 | 0 | if(!sk) { |
391 | 0 | return CURLE_OUT_OF_MEMORY; |
392 | 0 | } |
393 | | |
394 | 0 | numcerts = sk_X509_num(sk); |
395 | |
|
396 | 0 | result = Curl_ssl_init_certinfo(data, (int)numcerts); |
397 | 0 | if(result) |
398 | 0 | return result; |
399 | | |
400 | 0 | mem = BIO_new(BIO_s_mem()); |
401 | 0 | if(!mem) |
402 | 0 | result = CURLE_OUT_OF_MEMORY; |
403 | |
|
404 | 0 | for(i = 0; !result && (i < (int)numcerts); i++) { |
405 | 0 | ASN1_INTEGER *num; |
406 | 0 | X509 *x = sk_X509_value(sk, (ossl_valsize_t)i); |
407 | 0 | EVP_PKEY *pubkey = NULL; |
408 | 0 | int j; |
409 | 0 | const ASN1_BIT_STRING *psig = NULL; |
410 | |
|
411 | 0 | X509_NAME_print_ex(mem, X509_get_subject_name(x), 0, XN_FLAG_ONELINE); |
412 | 0 | result = push_certinfo(data, mem, "Subject", i); |
413 | 0 | if(result) |
414 | 0 | break; |
415 | | |
416 | 0 | X509_NAME_print_ex(mem, X509_get_issuer_name(x), 0, XN_FLAG_ONELINE); |
417 | 0 | result = push_certinfo(data, mem, "Issuer", i); |
418 | 0 | if(result) |
419 | 0 | break; |
420 | | |
421 | 0 | BIO_printf(mem, "%lx", X509_get_version(x)); |
422 | 0 | result = push_certinfo(data, mem, "Version", i); |
423 | 0 | if(result) |
424 | 0 | break; |
425 | | |
426 | 0 | num = X509_get_serialNumber(x); |
427 | 0 | if(num->type == V_ASN1_NEG_INTEGER) |
428 | 0 | BIO_puts(mem, "-"); |
429 | 0 | for(j = 0; j < num->length; j++) |
430 | 0 | BIO_printf(mem, "%02x", num->data[j]); |
431 | 0 | result = push_certinfo(data, mem, "Serial Number", i); |
432 | 0 | if(result) |
433 | 0 | break; |
434 | | |
435 | 0 | #ifdef HAVE_X509_GET0_EXTENSIONS |
436 | 0 | { |
437 | 0 | const X509_ALGOR *sigalg = NULL; |
438 | 0 | X509_PUBKEY *xpubkey = NULL; |
439 | 0 | ASN1_OBJECT *pubkeyoid = NULL; |
440 | |
|
441 | 0 | X509_get0_signature(&psig, &sigalg, x); |
442 | 0 | if(sigalg) { |
443 | 0 | const ASN1_OBJECT *sigalgoid = NULL; |
444 | 0 | X509_ALGOR_get0(&sigalgoid, NULL, NULL, sigalg); |
445 | 0 | i2a_ASN1_OBJECT(mem, sigalgoid); |
446 | 0 | result = push_certinfo(data, mem, "Signature Algorithm", i); |
447 | 0 | if(result) |
448 | 0 | break; |
449 | 0 | } |
450 | | |
451 | 0 | xpubkey = X509_get_X509_PUBKEY(x); |
452 | 0 | if(xpubkey) { |
453 | 0 | X509_PUBKEY_get0_param(&pubkeyoid, NULL, NULL, NULL, xpubkey); |
454 | 0 | if(pubkeyoid) { |
455 | 0 | i2a_ASN1_OBJECT(mem, pubkeyoid); |
456 | 0 | result = push_certinfo(data, mem, "Public Key Algorithm", i); |
457 | 0 | if(result) |
458 | 0 | break; |
459 | 0 | } |
460 | 0 | } |
461 | | |
462 | 0 | result = X509V3_ext(data, i, X509_get0_extensions(x)); |
463 | 0 | if(result) |
464 | 0 | break; |
465 | 0 | } |
466 | | #else |
467 | | { |
468 | | /* before OpenSSL 1.0.2 */ |
469 | | X509_CINF *cinf = x->cert_info; |
470 | | |
471 | | i2a_ASN1_OBJECT(mem, cinf->signature->algorithm); |
472 | | result = push_certinfo(data, mem, "Signature Algorithm", i); |
473 | | |
474 | | if(!result) { |
475 | | i2a_ASN1_OBJECT(mem, cinf->key->algor->algorithm); |
476 | | result = push_certinfo(data, mem, "Public Key Algorithm", i); |
477 | | } |
478 | | |
479 | | if(!result) |
480 | | result = X509V3_ext(data, i, cinf->extensions); |
481 | | |
482 | | if(result) |
483 | | break; |
484 | | |
485 | | psig = x->signature; |
486 | | } |
487 | | #endif |
488 | | |
489 | 0 | ASN1_TIME_print(mem, X509_get0_notBefore(x)); |
490 | 0 | result = push_certinfo(data, mem, "Start date", i); |
491 | 0 | if(result) |
492 | 0 | break; |
493 | | |
494 | 0 | ASN1_TIME_print(mem, X509_get0_notAfter(x)); |
495 | 0 | result = push_certinfo(data, mem, "Expire date", i); |
496 | 0 | if(result) |
497 | 0 | break; |
498 | | |
499 | 0 | pubkey = X509_get_pubkey(x); |
500 | 0 | if(!pubkey) |
501 | 0 | infof(data, " Unable to load public key"); |
502 | 0 | else { |
503 | 0 | int pktype; |
504 | 0 | #ifdef HAVE_OPAQUE_EVP_PKEY |
505 | 0 | pktype = EVP_PKEY_id(pubkey); |
506 | | #else |
507 | | pktype = pubkey->type; |
508 | | #endif |
509 | 0 | switch(pktype) { |
510 | 0 | case EVP_PKEY_RSA: { |
511 | 0 | #ifndef HAVE_EVP_PKEY_GET_PARAMS |
512 | 0 | RSA *rsa; |
513 | 0 | #ifdef HAVE_OPAQUE_EVP_PKEY |
514 | 0 | rsa = EVP_PKEY_get0_RSA(pubkey); |
515 | | #else |
516 | | rsa = pubkey->pkey.rsa; |
517 | | #endif /* HAVE_OPAQUE_EVP_PKEY */ |
518 | 0 | #endif /* !HAVE_EVP_PKEY_GET_PARAMS */ |
519 | |
|
520 | 0 | { |
521 | 0 | #ifdef HAVE_OPAQUE_RSA_DSA_DH |
522 | 0 | DECLARE_PKEY_PARAM_BIGNUM(n); |
523 | 0 | DECLARE_PKEY_PARAM_BIGNUM(e); |
524 | | #ifdef HAVE_EVP_PKEY_GET_PARAMS |
525 | | EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_RSA_N, &n); |
526 | | EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_RSA_E, &e); |
527 | | #else |
528 | 0 | RSA_get0_key(rsa, &n, &e, NULL); |
529 | 0 | #endif /* HAVE_EVP_PKEY_GET_PARAMS */ |
530 | 0 | BIO_printf(mem, "%d", n ? BN_num_bits(n) : 0); |
531 | | #else |
532 | | BIO_printf(mem, "%d", rsa->n ? BN_num_bits(rsa->n) : 0); |
533 | | #endif /* HAVE_OPAQUE_RSA_DSA_DH */ |
534 | 0 | result = push_certinfo(data, mem, "RSA Public Key", i); |
535 | 0 | if(result) |
536 | 0 | break; |
537 | 0 | print_pubkey_BN(rsa, n, i); |
538 | 0 | print_pubkey_BN(rsa, e, i); |
539 | 0 | FREE_PKEY_PARAM_BIGNUM(n); |
540 | 0 | FREE_PKEY_PARAM_BIGNUM(e); |
541 | 0 | } |
542 | | |
543 | 0 | break; |
544 | 0 | } |
545 | 0 | case EVP_PKEY_DSA: |
546 | 0 | { |
547 | 0 | #ifndef OPENSSL_NO_DSA |
548 | 0 | #ifndef HAVE_EVP_PKEY_GET_PARAMS |
549 | 0 | DSA *dsa; |
550 | 0 | #ifdef HAVE_OPAQUE_EVP_PKEY |
551 | 0 | dsa = EVP_PKEY_get0_DSA(pubkey); |
552 | | #else |
553 | | dsa = pubkey->pkey.dsa; |
554 | | #endif /* HAVE_OPAQUE_EVP_PKEY */ |
555 | 0 | #endif /* !HAVE_EVP_PKEY_GET_PARAMS */ |
556 | 0 | { |
557 | 0 | #ifdef HAVE_OPAQUE_RSA_DSA_DH |
558 | 0 | DECLARE_PKEY_PARAM_BIGNUM(p); |
559 | 0 | DECLARE_PKEY_PARAM_BIGNUM(q); |
560 | 0 | DECLARE_PKEY_PARAM_BIGNUM(g); |
561 | 0 | DECLARE_PKEY_PARAM_BIGNUM(pub_key); |
562 | | #ifdef HAVE_EVP_PKEY_GET_PARAMS |
563 | | EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_FFC_P, &p); |
564 | | EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_FFC_Q, &q); |
565 | | EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_FFC_G, &g); |
566 | | EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_PUB_KEY, &pub_key); |
567 | | #else |
568 | 0 | DSA_get0_pqg(dsa, &p, &q, &g); |
569 | 0 | DSA_get0_key(dsa, &pub_key, NULL); |
570 | 0 | #endif /* HAVE_EVP_PKEY_GET_PARAMS */ |
571 | 0 | #endif /* HAVE_OPAQUE_RSA_DSA_DH */ |
572 | 0 | print_pubkey_BN(dsa, p, i); |
573 | 0 | print_pubkey_BN(dsa, q, i); |
574 | 0 | print_pubkey_BN(dsa, g, i); |
575 | 0 | print_pubkey_BN(dsa, pub_key, i); |
576 | 0 | FREE_PKEY_PARAM_BIGNUM(p); |
577 | 0 | FREE_PKEY_PARAM_BIGNUM(q); |
578 | 0 | FREE_PKEY_PARAM_BIGNUM(g); |
579 | 0 | FREE_PKEY_PARAM_BIGNUM(pub_key); |
580 | 0 | } |
581 | 0 | #endif /* !OPENSSL_NO_DSA */ |
582 | 0 | break; |
583 | 0 | } |
584 | 0 | case EVP_PKEY_DH: { |
585 | 0 | #ifndef HAVE_EVP_PKEY_GET_PARAMS |
586 | 0 | DH *dh; |
587 | 0 | #ifdef HAVE_OPAQUE_EVP_PKEY |
588 | 0 | dh = EVP_PKEY_get0_DH(pubkey); |
589 | | #else |
590 | | dh = pubkey->pkey.dh; |
591 | | #endif /* HAVE_OPAQUE_EVP_PKEY */ |
592 | 0 | #endif /* !HAVE_EVP_PKEY_GET_PARAMS */ |
593 | 0 | { |
594 | 0 | #ifdef HAVE_OPAQUE_RSA_DSA_DH |
595 | 0 | DECLARE_PKEY_PARAM_BIGNUM(p); |
596 | 0 | DECLARE_PKEY_PARAM_BIGNUM(q); |
597 | 0 | DECLARE_PKEY_PARAM_BIGNUM(g); |
598 | 0 | DECLARE_PKEY_PARAM_BIGNUM(pub_key); |
599 | | #ifdef HAVE_EVP_PKEY_GET_PARAMS |
600 | | EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_FFC_P, &p); |
601 | | EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_FFC_Q, &q); |
602 | | EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_FFC_G, &g); |
603 | | EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_PUB_KEY, &pub_key); |
604 | | #else |
605 | 0 | DH_get0_pqg(dh, &p, &q, &g); |
606 | 0 | DH_get0_key(dh, &pub_key, NULL); |
607 | 0 | #endif /* HAVE_EVP_PKEY_GET_PARAMS */ |
608 | 0 | print_pubkey_BN(dh, p, i); |
609 | 0 | print_pubkey_BN(dh, q, i); |
610 | 0 | print_pubkey_BN(dh, g, i); |
611 | | #else |
612 | | print_pubkey_BN(dh, p, i); |
613 | | print_pubkey_BN(dh, g, i); |
614 | | #endif /* HAVE_OPAQUE_RSA_DSA_DH */ |
615 | 0 | print_pubkey_BN(dh, pub_key, i); |
616 | 0 | FREE_PKEY_PARAM_BIGNUM(p); |
617 | 0 | FREE_PKEY_PARAM_BIGNUM(q); |
618 | 0 | FREE_PKEY_PARAM_BIGNUM(g); |
619 | 0 | FREE_PKEY_PARAM_BIGNUM(pub_key); |
620 | 0 | } |
621 | 0 | break; |
622 | 0 | } |
623 | 0 | } |
624 | 0 | EVP_PKEY_free(pubkey); |
625 | 0 | } |
626 | | |
627 | 0 | if(!result && psig) { |
628 | 0 | for(j = 0; j < psig->length; j++) |
629 | 0 | BIO_printf(mem, "%02x:", psig->data[j]); |
630 | 0 | result = push_certinfo(data, mem, "Signature", i); |
631 | 0 | } |
632 | |
|
633 | 0 | if(!result) { |
634 | 0 | PEM_write_bio_X509(mem, x); |
635 | 0 | result = push_certinfo(data, mem, "Cert", i); |
636 | 0 | } |
637 | 0 | } |
638 | | |
639 | 0 | BIO_free(mem); |
640 | |
|
641 | 0 | if(result) |
642 | | /* cleanup all leftovers */ |
643 | 0 | Curl_ssl_free_certinfo(data); |
644 | |
|
645 | 0 | return result; |
646 | 0 | } |
647 | | |
648 | | #endif /* quiche or OpenSSL */ |
649 | | |
650 | | #ifdef USE_OPENSSL |
651 | | |
652 | | #if OPENSSL_VERSION_NUMBER < 0x10100000L |
653 | | #define BIO_set_init(x,v) ((x)->init=(v)) |
654 | | #define BIO_get_data(x) ((x)->ptr) |
655 | | #define BIO_set_data(x,v) ((x)->ptr=(v)) |
656 | | #define BIO_get_shutdown(x) ((x)->shutdown) |
657 | | #define BIO_set_shutdown(x,v) ((x)->shutdown=(v)) |
658 | | #endif /* HAVE_PRE_1_1_API */ |
659 | | |
660 | | static int ossl_bio_cf_create(BIO *bio) |
661 | 21 | { |
662 | 21 | BIO_set_shutdown(bio, 1); |
663 | 21 | BIO_set_init(bio, 1); |
664 | | #if OPENSSL_VERSION_NUMBER < 0x10100000L |
665 | | bio->num = -1; |
666 | | #endif |
667 | 21 | BIO_set_data(bio, NULL); |
668 | 21 | return 1; |
669 | 21 | } |
670 | | |
671 | | static int ossl_bio_cf_destroy(BIO *bio) |
672 | 21 | { |
673 | 21 | if(!bio) |
674 | 0 | return 0; |
675 | 21 | return 1; |
676 | 21 | } |
677 | | |
678 | | static long ossl_bio_cf_ctrl(BIO *bio, int cmd, long num, void *ptr) |
679 | 131 | { |
680 | 131 | struct Curl_cfilter *cf = BIO_get_data(bio); |
681 | 131 | long ret = 1; |
682 | | |
683 | 131 | (void)cf; |
684 | 131 | (void)ptr; |
685 | 131 | switch(cmd) { |
686 | 0 | case BIO_CTRL_GET_CLOSE: |
687 | 0 | ret = (long)BIO_get_shutdown(bio); |
688 | 0 | break; |
689 | 0 | case BIO_CTRL_SET_CLOSE: |
690 | 0 | BIO_set_shutdown(bio, (int)num); |
691 | 0 | break; |
692 | 59 | case BIO_CTRL_FLUSH: |
693 | | /* we do no delayed writes, but if we ever would, this |
694 | | * needs to trigger it. */ |
695 | 59 | ret = 1; |
696 | 59 | break; |
697 | 0 | case BIO_CTRL_DUP: |
698 | 0 | ret = 1; |
699 | 0 | break; |
700 | 0 | #ifdef BIO_CTRL_EOF |
701 | 0 | case BIO_CTRL_EOF: { |
702 | | /* EOF has been reached on input? */ |
703 | 0 | struct ssl_connect_data *connssl = cf->ctx; |
704 | 0 | return connssl->peer_closed; |
705 | 0 | } |
706 | 0 | #endif |
707 | 72 | default: |
708 | 72 | ret = 0; |
709 | 72 | break; |
710 | 131 | } |
711 | 131 | return ret; |
712 | 131 | } |
713 | | |
714 | | static int ossl_bio_cf_out_write(BIO *bio, const char *buf, int blen) |
715 | 95 | { |
716 | 95 | struct Curl_cfilter *cf = BIO_get_data(bio); |
717 | 95 | struct ssl_connect_data *connssl = cf->ctx; |
718 | 95 | struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend; |
719 | 95 | struct Curl_easy *data = CF_DATA_CURRENT(cf); |
720 | 95 | ssize_t nwritten; |
721 | 95 | CURLcode result = CURLE_SEND_ERROR; |
722 | | |
723 | 95 | DEBUGASSERT(data); |
724 | 95 | if(blen < 0) |
725 | 0 | return 0; |
726 | | |
727 | 95 | nwritten = Curl_conn_cf_send(cf->next, data, buf, (size_t)blen, FALSE, |
728 | 95 | &result); |
729 | 95 | CURL_TRC_CF(data, cf, "ossl_bio_cf_out_write(len=%d) -> %d, err=%d", |
730 | 95 | blen, (int)nwritten, result); |
731 | 95 | BIO_clear_retry_flags(bio); |
732 | 95 | octx->io_result = result; |
733 | 95 | if(nwritten < 0) { |
734 | 1 | if(CURLE_AGAIN == result) |
735 | 0 | BIO_set_retry_write(bio); |
736 | 1 | } |
737 | 95 | return (int)nwritten; |
738 | 95 | } |
739 | | |
740 | | static int ossl_bio_cf_in_read(BIO *bio, char *buf, int blen) |
741 | 478 | { |
742 | 478 | struct Curl_cfilter *cf = BIO_get_data(bio); |
743 | 478 | struct ssl_connect_data *connssl = cf->ctx; |
744 | 478 | struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend; |
745 | 478 | struct Curl_easy *data = CF_DATA_CURRENT(cf); |
746 | 478 | ssize_t nread; |
747 | 478 | CURLcode result = CURLE_RECV_ERROR; |
748 | | |
749 | 478 | DEBUGASSERT(data); |
750 | | /* OpenSSL catches this case, so should we. */ |
751 | 478 | if(!buf) |
752 | 0 | return 0; |
753 | 478 | if(blen < 0) |
754 | 0 | return 0; |
755 | | |
756 | 478 | nread = Curl_conn_cf_recv(cf->next, data, buf, (size_t)blen, &result); |
757 | 478 | CURL_TRC_CF(data, cf, "ossl_bio_cf_in_read(len=%d) -> %d, err=%d", |
758 | 478 | blen, (int)nread, result); |
759 | 478 | BIO_clear_retry_flags(bio); |
760 | 478 | octx->io_result = result; |
761 | 478 | if(nread < 0) { |
762 | 145 | if(CURLE_AGAIN == result) |
763 | 145 | BIO_set_retry_read(bio); |
764 | 145 | } |
765 | 333 | else if(nread == 0) { |
766 | 3 | connssl->peer_closed = TRUE; |
767 | 3 | } |
768 | | |
769 | | /* Before returning server replies to the SSL instance, we need |
770 | | * to have setup the x509 store or verification will fail. */ |
771 | 478 | if(!octx->x509_store_setup) { |
772 | 21 | result = Curl_ssl_setup_x509_store(cf, data, octx->ssl_ctx); |
773 | 21 | if(result) { |
774 | 0 | octx->io_result = result; |
775 | 0 | return -1; |
776 | 0 | } |
777 | 21 | octx->x509_store_setup = TRUE; |
778 | 21 | } |
779 | | |
780 | 478 | return (int)nread; |
781 | 478 | } |
782 | | |
783 | | #if OPENSSL_VERSION_NUMBER < 0x10100000L |
784 | | |
785 | | static BIO_METHOD ossl_bio_cf_meth_1_0 = { |
786 | | BIO_TYPE_MEM, |
787 | | "OpenSSL CF BIO", |
788 | | ossl_bio_cf_out_write, |
789 | | ossl_bio_cf_in_read, |
790 | | NULL, /* puts is never called */ |
791 | | NULL, /* gets is never called */ |
792 | | ossl_bio_cf_ctrl, |
793 | | ossl_bio_cf_create, |
794 | | ossl_bio_cf_destroy, |
795 | | NULL |
796 | | }; |
797 | | |
798 | | static BIO_METHOD *ossl_bio_cf_method_create(void) |
799 | | { |
800 | | return &ossl_bio_cf_meth_1_0; |
801 | | } |
802 | | |
803 | | #define ossl_bio_cf_method_free(m) Curl_nop_stmt |
804 | | |
805 | | #else |
806 | | |
807 | | static BIO_METHOD *ossl_bio_cf_method_create(void) |
808 | 21 | { |
809 | 21 | BIO_METHOD *m = BIO_meth_new(BIO_TYPE_MEM, "OpenSSL CF BIO"); |
810 | 21 | if(m) { |
811 | 21 | BIO_meth_set_write(m, &ossl_bio_cf_out_write); |
812 | 21 | BIO_meth_set_read(m, &ossl_bio_cf_in_read); |
813 | 21 | BIO_meth_set_ctrl(m, &ossl_bio_cf_ctrl); |
814 | 21 | BIO_meth_set_create(m, &ossl_bio_cf_create); |
815 | 21 | BIO_meth_set_destroy(m, &ossl_bio_cf_destroy); |
816 | 21 | } |
817 | 21 | return m; |
818 | 21 | } |
819 | | |
820 | | static void ossl_bio_cf_method_free(BIO_METHOD *m) |
821 | 21 | { |
822 | 21 | if(m) |
823 | 21 | BIO_meth_free(m); |
824 | 21 | } |
825 | | |
826 | | #endif |
827 | | |
828 | | |
829 | | #ifdef HAVE_KEYLOG_CALLBACK |
830 | | static void ossl_keylog_callback(const SSL *ssl, const char *line) |
831 | 0 | { |
832 | 0 | (void)ssl; |
833 | |
|
834 | 0 | Curl_tls_keylog_write_line(line); |
835 | 0 | } |
836 | | #else |
837 | | /* |
838 | | * ossl_log_tls12_secret is called by libcurl to make the CLIENT_RANDOMs if the |
839 | | * OpenSSL being used does not have native support for doing that. |
840 | | */ |
841 | | static void |
842 | | ossl_log_tls12_secret(const SSL *ssl, bool *keylog_done) |
843 | | { |
844 | | const SSL_SESSION *session = SSL_get_session(ssl); |
845 | | unsigned char client_random[SSL3_RANDOM_SIZE]; |
846 | | unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; |
847 | | int master_key_length = 0; |
848 | | |
849 | | if(!session || *keylog_done) |
850 | | return; |
851 | | |
852 | | #if OPENSSL_VERSION_NUMBER >= 0x10100000L |
853 | | /* ssl->s3 is not checked in OpenSSL 1.1.0-pre6, but let's assume that |
854 | | * we have a valid SSL context if we have a non-NULL session. */ |
855 | | SSL_get_client_random(ssl, client_random, SSL3_RANDOM_SIZE); |
856 | | master_key_length = (int) |
857 | | SSL_SESSION_get_master_key(session, master_key, SSL_MAX_MASTER_KEY_LENGTH); |
858 | | #else |
859 | | if(ssl->s3 && session->master_key_length > 0) { |
860 | | master_key_length = session->master_key_length; |
861 | | memcpy(master_key, session->master_key, session->master_key_length); |
862 | | memcpy(client_random, ssl->s3->client_random, SSL3_RANDOM_SIZE); |
863 | | } |
864 | | #endif |
865 | | |
866 | | /* The handshake has not progressed sufficiently yet, or this is a TLS 1.3 |
867 | | * session (when curl was built with older OpenSSL headers and running with |
868 | | * newer OpenSSL runtime libraries). */ |
869 | | if(master_key_length <= 0) |
870 | | return; |
871 | | |
872 | | *keylog_done = TRUE; |
873 | | Curl_tls_keylog_write("CLIENT_RANDOM", client_random, |
874 | | master_key, master_key_length); |
875 | | } |
876 | | #endif /* !HAVE_KEYLOG_CALLBACK */ |
877 | | |
878 | | static const char *SSL_ERROR_to_str(int err) |
879 | 0 | { |
880 | 0 | switch(err) { |
881 | 0 | case SSL_ERROR_NONE: |
882 | 0 | return "SSL_ERROR_NONE"; |
883 | 0 | case SSL_ERROR_SSL: |
884 | 0 | return "SSL_ERROR_SSL"; |
885 | 0 | case SSL_ERROR_WANT_READ: |
886 | 0 | return "SSL_ERROR_WANT_READ"; |
887 | 0 | case SSL_ERROR_WANT_WRITE: |
888 | 0 | return "SSL_ERROR_WANT_WRITE"; |
889 | 0 | case SSL_ERROR_WANT_X509_LOOKUP: |
890 | 0 | return "SSL_ERROR_WANT_X509_LOOKUP"; |
891 | 0 | case SSL_ERROR_SYSCALL: |
892 | 0 | return "SSL_ERROR_SYSCALL"; |
893 | 0 | case SSL_ERROR_ZERO_RETURN: |
894 | 0 | return "SSL_ERROR_ZERO_RETURN"; |
895 | 0 | case SSL_ERROR_WANT_CONNECT: |
896 | 0 | return "SSL_ERROR_WANT_CONNECT"; |
897 | 0 | case SSL_ERROR_WANT_ACCEPT: |
898 | 0 | return "SSL_ERROR_WANT_ACCEPT"; |
899 | 0 | #ifdef SSL_ERROR_WANT_ASYNC |
900 | 0 | case SSL_ERROR_WANT_ASYNC: |
901 | 0 | return "SSL_ERROR_WANT_ASYNC"; |
902 | 0 | #endif |
903 | 0 | #ifdef SSL_ERROR_WANT_ASYNC_JOB |
904 | 0 | case SSL_ERROR_WANT_ASYNC_JOB: |
905 | 0 | return "SSL_ERROR_WANT_ASYNC_JOB"; |
906 | 0 | #endif |
907 | | #ifdef SSL_ERROR_WANT_EARLY |
908 | | case SSL_ERROR_WANT_EARLY: |
909 | | return "SSL_ERROR_WANT_EARLY"; |
910 | | #endif |
911 | 0 | default: |
912 | 0 | return "SSL_ERROR unknown"; |
913 | 0 | } |
914 | 0 | } |
915 | | |
916 | | /* Return error string for last OpenSSL error |
917 | | */ |
918 | | static char *ossl_strerror(unsigned long error, char *buf, size_t size) |
919 | 0 | { |
920 | 0 | size_t len; |
921 | 0 | DEBUGASSERT(size); |
922 | 0 | *buf = '\0'; |
923 | |
|
924 | 0 | len = Curl_ossl_version(buf, size); |
925 | 0 | DEBUGASSERT(len < (size - 2)); |
926 | 0 | if(len < (size - 2)) { |
927 | 0 | buf += len; |
928 | 0 | size -= (len + 2); |
929 | 0 | *buf++ = ':'; |
930 | 0 | *buf++ = ' '; |
931 | 0 | *buf = '\0'; |
932 | 0 | } |
933 | |
|
934 | | #if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC) |
935 | | ERR_error_string_n((uint32_t)error, buf, size); |
936 | | #else |
937 | 0 | ERR_error_string_n(error, buf, size); |
938 | 0 | #endif |
939 | |
|
940 | 0 | if(!*buf) { |
941 | 0 | const char *msg = error ? "Unknown error" : "No error"; |
942 | 0 | if(strlen(msg) < size) |
943 | 0 | strcpy(buf, msg); |
944 | 0 | } |
945 | |
|
946 | 0 | return buf; |
947 | 0 | } |
948 | | |
949 | | static int passwd_callback(char *buf, int num, int encrypting, |
950 | | void *password) |
951 | 0 | { |
952 | 0 | DEBUGASSERT(0 == encrypting); |
953 | |
|
954 | 0 | if(!encrypting && num >= 0 && password) { |
955 | 0 | int klen = curlx_uztosi(strlen((char *)password)); |
956 | 0 | if(num > klen) { |
957 | 0 | memcpy(buf, password, klen + 1); |
958 | 0 | return klen; |
959 | 0 | } |
960 | 0 | } |
961 | 0 | return 0; |
962 | 0 | } |
963 | | |
964 | | /* |
965 | | * rand_enough() returns TRUE if we have seeded the random engine properly. |
966 | | */ |
967 | | static bool rand_enough(void) |
968 | 9 | { |
969 | 9 | return 0 != RAND_status(); |
970 | 9 | } |
971 | | |
972 | | static CURLcode ossl_seed(struct Curl_easy *data) |
973 | 21 | { |
974 | | /* This might get called before it has been added to a multi handle */ |
975 | 21 | if(data->multi && data->multi->ssl_seeded) |
976 | 12 | return CURLE_OK; |
977 | | |
978 | 9 | if(rand_enough()) { |
979 | | /* OpenSSL 1.1.0+ should return here */ |
980 | 9 | if(data->multi) |
981 | 9 | data->multi->ssl_seeded = TRUE; |
982 | 9 | return CURLE_OK; |
983 | 9 | } |
984 | 0 | #ifdef HAVE_RANDOM_INIT_BY_DEFAULT |
985 | | /* with OpenSSL 1.1.0+, a failed RAND_status is a showstopper */ |
986 | 0 | failf(data, "Insufficient randomness"); |
987 | 0 | return CURLE_SSL_CONNECT_ERROR; |
988 | | #else |
989 | | |
990 | | /* fallback to a custom seeding of the PRNG using a hash based on a current |
991 | | time */ |
992 | | do { |
993 | | unsigned char randb[64]; |
994 | | size_t len = sizeof(randb); |
995 | | size_t i, i_max; |
996 | | for(i = 0, i_max = len / sizeof(struct curltime); i < i_max; ++i) { |
997 | | struct curltime tv = curlx_now(); |
998 | | Curl_wait_ms(1); |
999 | | tv.tv_sec *= (time_t)i + 1; |
1000 | | tv.tv_usec *= (int)i + 2; |
1001 | | tv.tv_sec ^= ((curlx_now().tv_sec + (time_t)curlx_now().tv_usec) * |
1002 | | (time_t)(i + 3)) << 8; |
1003 | | tv.tv_usec ^= (int) ((curlx_now().tv_sec + (time_t)curlx_now().tv_usec) * |
1004 | | (time_t)(i + 4)) << 16; |
1005 | | memcpy(&randb[i * sizeof(struct curltime)], &tv, |
1006 | | sizeof(struct curltime)); |
1007 | | } |
1008 | | RAND_add(randb, (int)len, (double)len/2); |
1009 | | } while(!rand_enough()); |
1010 | | |
1011 | | /* |
1012 | | * Number of bytes to read from the random number seed file. This must be |
1013 | | * a finite value (because some entropy "files" like /dev/urandom have |
1014 | | * an infinite length), but must be large enough to provide enough |
1015 | | * entropy to properly seed OpenSSL's PRNG. |
1016 | | */ |
1017 | | # define RAND_LOAD_LENGTH 1024 |
1018 | | |
1019 | | { |
1020 | | /* generates a default path for the random seed file */ |
1021 | | char fname[256]; |
1022 | | fname[0] = 0; /* blank it first */ |
1023 | | RAND_file_name(fname, sizeof(fname)); |
1024 | | if(fname[0]) { |
1025 | | /* we got a filename to try */ |
1026 | | RAND_load_file(fname, RAND_LOAD_LENGTH); |
1027 | | if(rand_enough()) |
1028 | | return CURLE_OK; |
1029 | | } |
1030 | | } |
1031 | | |
1032 | | infof(data, "libcurl is now using a weak random seed"); |
1033 | | return rand_enough() ? CURLE_OK : |
1034 | | CURLE_SSL_CONNECT_ERROR; /* confusing error code */ |
1035 | | #endif |
1036 | 9 | } |
1037 | | |
1038 | | #ifndef SSL_FILETYPE_ENGINE |
1039 | 0 | #define SSL_FILETYPE_ENGINE 42 |
1040 | | #endif |
1041 | | #ifndef SSL_FILETYPE_PKCS12 |
1042 | 0 | #define SSL_FILETYPE_PKCS12 43 |
1043 | | #endif |
1044 | | #ifndef SSL_FILETYPE_PROVIDER |
1045 | 0 | #define SSL_FILETYPE_PROVIDER 44 |
1046 | | #endif |
1047 | | static int ossl_do_file_type(const char *type) |
1048 | 0 | { |
1049 | 0 | if(!type || !type[0]) |
1050 | 0 | return SSL_FILETYPE_PEM; |
1051 | 0 | if(strcasecompare(type, "PEM")) |
1052 | 0 | return SSL_FILETYPE_PEM; |
1053 | 0 | if(strcasecompare(type, "DER")) |
1054 | 0 | return SSL_FILETYPE_ASN1; |
1055 | 0 | if(strcasecompare(type, "PROV")) |
1056 | 0 | return SSL_FILETYPE_PROVIDER; |
1057 | 0 | if(strcasecompare(type, "ENG")) |
1058 | 0 | return SSL_FILETYPE_ENGINE; |
1059 | 0 | if(strcasecompare(type, "P12")) |
1060 | 0 | return SSL_FILETYPE_PKCS12; |
1061 | 0 | return -1; |
1062 | 0 | } |
1063 | | |
1064 | | #if defined(USE_OPENSSL_ENGINE) || defined(OPENSSL_HAS_PROVIDERS) |
1065 | | /* |
1066 | | * Supply default password to the engine user interface conversation. |
1067 | | * The password is passed by OpenSSL engine from ENGINE_load_private_key() |
1068 | | * last argument to the ui and can be obtained by UI_get0_user_data(ui) here. |
1069 | | */ |
1070 | | static int ssl_ui_reader(UI *ui, UI_STRING *uis) |
1071 | 0 | { |
1072 | 0 | const char *password; |
1073 | 0 | switch(UI_get_string_type(uis)) { |
1074 | 0 | case UIT_PROMPT: |
1075 | 0 | case UIT_VERIFY: |
1076 | 0 | password = (const char *)UI_get0_user_data(ui); |
1077 | 0 | if(password && (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD)) { |
1078 | 0 | UI_set_result(ui, uis, password); |
1079 | 0 | return 1; |
1080 | 0 | } |
1081 | 0 | FALLTHROUGH(); |
1082 | 0 | default: |
1083 | 0 | break; |
1084 | 0 | } |
1085 | 0 | return (UI_method_get_reader(UI_OpenSSL()))(ui, uis); |
1086 | 0 | } |
1087 | | |
1088 | | /* |
1089 | | * Suppress interactive request for a default password if available. |
1090 | | */ |
1091 | | static int ssl_ui_writer(UI *ui, UI_STRING *uis) |
1092 | 0 | { |
1093 | 0 | switch(UI_get_string_type(uis)) { |
1094 | 0 | case UIT_PROMPT: |
1095 | 0 | case UIT_VERIFY: |
1096 | 0 | if(UI_get0_user_data(ui) && |
1097 | 0 | (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD)) { |
1098 | 0 | return 1; |
1099 | 0 | } |
1100 | 0 | FALLTHROUGH(); |
1101 | 0 | default: |
1102 | 0 | break; |
1103 | 0 | } |
1104 | 0 | return (UI_method_get_writer(UI_OpenSSL()))(ui, uis); |
1105 | 0 | } |
1106 | | |
1107 | | /* |
1108 | | * Check if a given string is a PKCS#11 URI |
1109 | | */ |
1110 | | static bool is_pkcs11_uri(const char *string) |
1111 | 0 | { |
1112 | 0 | return string && strncasecompare(string, "pkcs11:", 7); |
1113 | 0 | } |
1114 | | |
1115 | | #endif |
1116 | | |
1117 | | static CURLcode ossl_set_engine(struct Curl_easy *data, const char *engine); |
1118 | | #if defined(OPENSSL_HAS_PROVIDERS) |
1119 | | static CURLcode ossl_set_provider(struct Curl_easy *data, |
1120 | | const char *provider); |
1121 | | #endif |
1122 | | |
1123 | | static int use_certificate_blob(SSL_CTX *ctx, const struct curl_blob *blob, |
1124 | | int type, const char *key_passwd) |
1125 | 0 | { |
1126 | 0 | int ret = 0; |
1127 | 0 | X509 *x = NULL; |
1128 | | /* the typecast of blob->len is fine since it is guaranteed to never be |
1129 | | larger than CURL_MAX_INPUT_LENGTH */ |
1130 | 0 | BIO *in = BIO_new_mem_buf(blob->data, (int)(blob->len)); |
1131 | 0 | if(!in) |
1132 | 0 | return CURLE_OUT_OF_MEMORY; |
1133 | | |
1134 | 0 | if(type == SSL_FILETYPE_ASN1) { |
1135 | | /* j = ERR_R_ASN1_LIB; */ |
1136 | 0 | x = d2i_X509_bio(in, NULL); |
1137 | 0 | } |
1138 | 0 | else if(type == SSL_FILETYPE_PEM) { |
1139 | | /* ERR_R_PEM_LIB; */ |
1140 | 0 | x = PEM_read_bio_X509(in, NULL, |
1141 | 0 | passwd_callback, CURL_UNCONST(key_passwd)); |
1142 | 0 | } |
1143 | 0 | else { |
1144 | 0 | ret = 0; |
1145 | 0 | goto end; |
1146 | 0 | } |
1147 | | |
1148 | 0 | if(!x) { |
1149 | 0 | ret = 0; |
1150 | 0 | goto end; |
1151 | 0 | } |
1152 | | |
1153 | 0 | ret = SSL_CTX_use_certificate(ctx, x); |
1154 | 0 | end: |
1155 | 0 | X509_free(x); |
1156 | 0 | BIO_free(in); |
1157 | 0 | return ret; |
1158 | 0 | } |
1159 | | |
1160 | | static int use_privatekey_blob(SSL_CTX *ctx, const struct curl_blob *blob, |
1161 | | int type, const char *key_passwd) |
1162 | 0 | { |
1163 | 0 | int ret = 0; |
1164 | 0 | EVP_PKEY *pkey = NULL; |
1165 | 0 | BIO *in = BIO_new_mem_buf(blob->data, (int)(blob->len)); |
1166 | 0 | if(!in) |
1167 | 0 | return CURLE_OUT_OF_MEMORY; |
1168 | | |
1169 | 0 | if(type == SSL_FILETYPE_PEM) |
1170 | 0 | pkey = PEM_read_bio_PrivateKey(in, NULL, passwd_callback, |
1171 | 0 | CURL_UNCONST(key_passwd)); |
1172 | 0 | else if(type == SSL_FILETYPE_ASN1) |
1173 | 0 | pkey = d2i_PrivateKey_bio(in, NULL); |
1174 | 0 | else |
1175 | 0 | goto end; |
1176 | | |
1177 | 0 | if(!pkey) |
1178 | 0 | goto end; |
1179 | | |
1180 | 0 | ret = SSL_CTX_use_PrivateKey(ctx, pkey); |
1181 | 0 | EVP_PKEY_free(pkey); |
1182 | 0 | end: |
1183 | 0 | BIO_free(in); |
1184 | 0 | return ret; |
1185 | 0 | } |
1186 | | |
1187 | | static int |
1188 | | use_certificate_chain_blob(SSL_CTX *ctx, const struct curl_blob *blob, |
1189 | | const char *key_passwd) |
1190 | 0 | { |
1191 | 0 | int ret = 0; |
1192 | 0 | X509 *x = NULL; |
1193 | 0 | BIO *in = BIO_new_mem_buf(blob->data, (int)(blob->len)); |
1194 | 0 | if(!in) |
1195 | 0 | return CURLE_OUT_OF_MEMORY; |
1196 | | |
1197 | 0 | ERR_clear_error(); |
1198 | |
|
1199 | 0 | x = PEM_read_bio_X509_AUX(in, NULL, |
1200 | 0 | passwd_callback, CURL_UNCONST(key_passwd)); |
1201 | 0 | if(!x) |
1202 | 0 | goto end; |
1203 | | |
1204 | 0 | ret = SSL_CTX_use_certificate(ctx, x); |
1205 | |
|
1206 | 0 | if(ERR_peek_error() != 0) |
1207 | 0 | ret = 0; |
1208 | |
|
1209 | 0 | if(ret) { |
1210 | 0 | X509 *ca; |
1211 | 0 | sslerr_t err; |
1212 | |
|
1213 | 0 | if(!SSL_CTX_clear_chain_certs(ctx)) { |
1214 | 0 | ret = 0; |
1215 | 0 | goto end; |
1216 | 0 | } |
1217 | | |
1218 | 0 | while((ca = PEM_read_bio_X509(in, NULL, passwd_callback, |
1219 | 0 | CURL_UNCONST(key_passwd))) |
1220 | 0 | != NULL) { |
1221 | |
|
1222 | 0 | if(!SSL_CTX_add0_chain_cert(ctx, ca)) { |
1223 | 0 | X509_free(ca); |
1224 | 0 | ret = 0; |
1225 | 0 | goto end; |
1226 | 0 | } |
1227 | 0 | } |
1228 | | |
1229 | 0 | err = ERR_peek_last_error(); |
1230 | 0 | if((ERR_GET_LIB(err) == ERR_LIB_PEM) && |
1231 | 0 | (ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) |
1232 | 0 | ERR_clear_error(); |
1233 | 0 | else |
1234 | 0 | ret = 0; |
1235 | 0 | } |
1236 | | |
1237 | 0 | end: |
1238 | 0 | X509_free(x); |
1239 | 0 | BIO_free(in); |
1240 | 0 | return ret; |
1241 | 0 | } |
1242 | | |
1243 | | static |
1244 | | int cert_stuff(struct Curl_easy *data, |
1245 | | SSL_CTX* ctx, |
1246 | | char *cert_file, |
1247 | | const struct curl_blob *cert_blob, |
1248 | | const char *cert_type, |
1249 | | char *key_file, |
1250 | | const struct curl_blob *key_blob, |
1251 | | const char *key_type, |
1252 | | char *key_passwd) |
1253 | 0 | { |
1254 | 0 | char error_buffer[256]; |
1255 | 0 | bool check_privkey = TRUE; |
1256 | |
|
1257 | 0 | int file_type = ossl_do_file_type(cert_type); |
1258 | |
|
1259 | 0 | if(cert_file || cert_blob || (file_type == SSL_FILETYPE_ENGINE) || |
1260 | 0 | (file_type == SSL_FILETYPE_PROVIDER)) { |
1261 | 0 | SSL *ssl; |
1262 | 0 | X509 *x509; |
1263 | 0 | int cert_done = 0; |
1264 | 0 | int cert_use_result; |
1265 | |
|
1266 | 0 | if(key_passwd) { |
1267 | | /* set the password in the callback userdata */ |
1268 | 0 | SSL_CTX_set_default_passwd_cb_userdata(ctx, key_passwd); |
1269 | | /* Set passwd callback: */ |
1270 | 0 | SSL_CTX_set_default_passwd_cb(ctx, passwd_callback); |
1271 | 0 | } |
1272 | | |
1273 | |
|
1274 | 0 | switch(file_type) { |
1275 | 0 | case SSL_FILETYPE_PEM: |
1276 | | /* SSL_CTX_use_certificate_chain_file() only works on PEM files */ |
1277 | 0 | cert_use_result = cert_blob ? |
1278 | 0 | use_certificate_chain_blob(ctx, cert_blob, key_passwd) : |
1279 | 0 | SSL_CTX_use_certificate_chain_file(ctx, cert_file); |
1280 | 0 | if(cert_use_result != 1) { |
1281 | 0 | failf(data, |
1282 | 0 | "could not load PEM client certificate from %s, " OSSL_PACKAGE |
1283 | 0 | " error %s, " |
1284 | 0 | "(no key found, wrong pass phrase, or wrong file format?)", |
1285 | 0 | (cert_blob ? "CURLOPT_SSLCERT_BLOB" : cert_file), |
1286 | 0 | ossl_strerror(ERR_get_error(), error_buffer, |
1287 | 0 | sizeof(error_buffer)) ); |
1288 | 0 | return 0; |
1289 | 0 | } |
1290 | 0 | break; |
1291 | | |
1292 | 0 | case SSL_FILETYPE_ASN1: |
1293 | | /* SSL_CTX_use_certificate_file() works with either PEM or ASN1, but |
1294 | | we use the case above for PEM so this can only be performed with |
1295 | | ASN1 files. */ |
1296 | |
|
1297 | 0 | cert_use_result = cert_blob ? |
1298 | 0 | use_certificate_blob(ctx, cert_blob, file_type, key_passwd) : |
1299 | 0 | SSL_CTX_use_certificate_file(ctx, cert_file, file_type); |
1300 | 0 | if(cert_use_result != 1) { |
1301 | 0 | failf(data, |
1302 | 0 | "could not load ASN1 client certificate from %s, " OSSL_PACKAGE |
1303 | 0 | " error %s, " |
1304 | 0 | "(no key found, wrong pass phrase, or wrong file format?)", |
1305 | 0 | (cert_blob ? "CURLOPT_SSLCERT_BLOB" : cert_file), |
1306 | 0 | ossl_strerror(ERR_get_error(), error_buffer, |
1307 | 0 | sizeof(error_buffer)) ); |
1308 | 0 | return 0; |
1309 | 0 | } |
1310 | 0 | break; |
1311 | 0 | case SSL_FILETYPE_ENGINE: |
1312 | 0 | #if defined(USE_OPENSSL_ENGINE) && defined(ENGINE_CTRL_GET_CMD_FROM_NAME) |
1313 | 0 | { |
1314 | | /* Implicitly use pkcs11 engine if none was provided and the |
1315 | | * cert_file is a PKCS#11 URI */ |
1316 | 0 | if(!data->state.engine) { |
1317 | 0 | if(is_pkcs11_uri(cert_file)) { |
1318 | 0 | if(ossl_set_engine(data, "pkcs11") != CURLE_OK) { |
1319 | 0 | return 0; |
1320 | 0 | } |
1321 | 0 | } |
1322 | 0 | } |
1323 | | |
1324 | 0 | if(data->state.engine) { |
1325 | 0 | const char *cmd_name = "LOAD_CERT_CTRL"; |
1326 | 0 | struct { |
1327 | 0 | const char *cert_id; |
1328 | 0 | X509 *cert; |
1329 | 0 | } params; |
1330 | |
|
1331 | 0 | params.cert_id = cert_file; |
1332 | 0 | params.cert = NULL; |
1333 | | |
1334 | | /* Does the engine supports LOAD_CERT_CTRL ? */ |
1335 | 0 | if(!ENGINE_ctrl(data->state.engine, ENGINE_CTRL_GET_CMD_FROM_NAME, |
1336 | 0 | 0, CURL_UNCONST(cmd_name), NULL)) { |
1337 | 0 | failf(data, "ssl engine does not support loading certificates"); |
1338 | 0 | return 0; |
1339 | 0 | } |
1340 | | |
1341 | | /* Load the certificate from the engine */ |
1342 | 0 | if(!ENGINE_ctrl_cmd(data->state.engine, cmd_name, |
1343 | 0 | 0, ¶ms, NULL, 1)) { |
1344 | 0 | failf(data, "ssl engine cannot load client cert with id" |
1345 | 0 | " '%s' [%s]", cert_file, |
1346 | 0 | ossl_strerror(ERR_get_error(), error_buffer, |
1347 | 0 | sizeof(error_buffer))); |
1348 | 0 | return 0; |
1349 | 0 | } |
1350 | | |
1351 | 0 | if(!params.cert) { |
1352 | 0 | failf(data, "ssl engine did not initialized the certificate " |
1353 | 0 | "properly."); |
1354 | 0 | return 0; |
1355 | 0 | } |
1356 | | |
1357 | 0 | if(SSL_CTX_use_certificate(ctx, params.cert) != 1) { |
1358 | 0 | failf(data, "unable to set client certificate [%s]", |
1359 | 0 | ossl_strerror(ERR_get_error(), error_buffer, |
1360 | 0 | sizeof(error_buffer))); |
1361 | 0 | return 0; |
1362 | 0 | } |
1363 | 0 | X509_free(params.cert); /* we do not need the handle any more... */ |
1364 | 0 | } |
1365 | 0 | else { |
1366 | 0 | failf(data, "crypto engine not set, cannot load certificate"); |
1367 | 0 | return 0; |
1368 | 0 | } |
1369 | 0 | } |
1370 | 0 | break; |
1371 | 0 | #endif |
1372 | | #if defined(OPENSSL_HAS_PROVIDERS) |
1373 | | /* fall through to compatible provider */ |
1374 | | case SSL_FILETYPE_PROVIDER: |
1375 | | { |
1376 | | /* Implicitly use pkcs11 provider if none was provided and the |
1377 | | * cert_file is a PKCS#11 URI */ |
1378 | | if(!data->state.provider) { |
1379 | | if(is_pkcs11_uri(cert_file)) { |
1380 | | if(ossl_set_provider(data, "pkcs11") != CURLE_OK) { |
1381 | | return 0; |
1382 | | } |
1383 | | } |
1384 | | } |
1385 | | |
1386 | | if(data->state.provider) { |
1387 | | /* Load the certificate from the provider */ |
1388 | | OSSL_STORE_INFO *info = NULL; |
1389 | | X509 *cert = NULL; |
1390 | | OSSL_STORE_CTX *store = |
1391 | | OSSL_STORE_open_ex(cert_file, data->state.libctx, |
1392 | | NULL, NULL, NULL, NULL, NULL, NULL); |
1393 | | if(!store) { |
1394 | | failf(data, "Failed to open OpenSSL store: %s", |
1395 | | ossl_strerror(ERR_get_error(), error_buffer, |
1396 | | sizeof(error_buffer))); |
1397 | | return 0; |
1398 | | } |
1399 | | if(OSSL_STORE_expect(store, OSSL_STORE_INFO_CERT) != 1) { |
1400 | | failf(data, "Failed to set store preference. Ignoring the error: %s", |
1401 | | ossl_strerror(ERR_get_error(), error_buffer, |
1402 | | sizeof(error_buffer))); |
1403 | | } |
1404 | | |
1405 | | info = OSSL_STORE_load(store); |
1406 | | if(info) { |
1407 | | int ossl_type = OSSL_STORE_INFO_get_type(info); |
1408 | | |
1409 | | if(ossl_type == OSSL_STORE_INFO_CERT) |
1410 | | cert = OSSL_STORE_INFO_get1_CERT(info); |
1411 | | OSSL_STORE_INFO_free(info); |
1412 | | } |
1413 | | OSSL_STORE_close(store); |
1414 | | if(!cert) { |
1415 | | failf(data, "No cert found in the openssl store: %s", |
1416 | | ossl_strerror(ERR_get_error(), error_buffer, |
1417 | | sizeof(error_buffer))); |
1418 | | return 0; |
1419 | | } |
1420 | | |
1421 | | if(SSL_CTX_use_certificate(ctx, cert) != 1) { |
1422 | | failf(data, "unable to set client certificate [%s]", |
1423 | | ossl_strerror(ERR_get_error(), error_buffer, |
1424 | | sizeof(error_buffer))); |
1425 | | return 0; |
1426 | | } |
1427 | | X509_free(cert); /* we do not need the handle any more... */ |
1428 | | } |
1429 | | else { |
1430 | | failf(data, "crypto provider not set, cannot load certificate"); |
1431 | | return 0; |
1432 | | } |
1433 | | } |
1434 | | break; |
1435 | | #endif |
1436 | | |
1437 | 0 | case SSL_FILETYPE_PKCS12: |
1438 | 0 | { |
1439 | 0 | BIO *cert_bio = NULL; |
1440 | 0 | PKCS12 *p12 = NULL; |
1441 | 0 | EVP_PKEY *pri; |
1442 | 0 | STACK_OF(X509) *ca = NULL; |
1443 | 0 | if(cert_blob) { |
1444 | 0 | cert_bio = BIO_new_mem_buf(cert_blob->data, (int)(cert_blob->len)); |
1445 | 0 | if(!cert_bio) { |
1446 | 0 | failf(data, |
1447 | 0 | "BIO_new_mem_buf NULL, " OSSL_PACKAGE |
1448 | 0 | " error %s", |
1449 | 0 | ossl_strerror(ERR_get_error(), error_buffer, |
1450 | 0 | sizeof(error_buffer)) ); |
1451 | 0 | return 0; |
1452 | 0 | } |
1453 | 0 | } |
1454 | 0 | else { |
1455 | 0 | cert_bio = BIO_new(BIO_s_file()); |
1456 | 0 | if(!cert_bio) { |
1457 | 0 | failf(data, |
1458 | 0 | "BIO_new return NULL, " OSSL_PACKAGE |
1459 | 0 | " error %s", |
1460 | 0 | ossl_strerror(ERR_get_error(), error_buffer, |
1461 | 0 | sizeof(error_buffer)) ); |
1462 | 0 | return 0; |
1463 | 0 | } |
1464 | | |
1465 | 0 | if(BIO_read_filename(cert_bio, cert_file) <= 0) { |
1466 | 0 | failf(data, "could not open PKCS12 file '%s'", cert_file); |
1467 | 0 | BIO_free(cert_bio); |
1468 | 0 | return 0; |
1469 | 0 | } |
1470 | 0 | } |
1471 | | |
1472 | 0 | p12 = d2i_PKCS12_bio(cert_bio, NULL); |
1473 | 0 | BIO_free(cert_bio); |
1474 | |
|
1475 | 0 | if(!p12) { |
1476 | 0 | failf(data, "error reading PKCS12 file '%s'", |
1477 | 0 | cert_blob ? "(memory blob)" : cert_file); |
1478 | 0 | return 0; |
1479 | 0 | } |
1480 | | |
1481 | 0 | PKCS12_PBE_add(); |
1482 | |
|
1483 | 0 | if(!PKCS12_parse(p12, key_passwd, &pri, &x509, &ca)) { |
1484 | 0 | failf(data, |
1485 | 0 | "could not parse PKCS12 file, check password, " OSSL_PACKAGE |
1486 | 0 | " error %s", |
1487 | 0 | ossl_strerror(ERR_get_error(), error_buffer, |
1488 | 0 | sizeof(error_buffer)) ); |
1489 | 0 | PKCS12_free(p12); |
1490 | 0 | return 0; |
1491 | 0 | } |
1492 | | |
1493 | 0 | PKCS12_free(p12); |
1494 | |
|
1495 | 0 | if(SSL_CTX_use_certificate(ctx, x509) != 1) { |
1496 | 0 | failf(data, |
1497 | 0 | "could not load PKCS12 client certificate, " OSSL_PACKAGE |
1498 | 0 | " error %s", |
1499 | 0 | ossl_strerror(ERR_get_error(), error_buffer, |
1500 | 0 | sizeof(error_buffer)) ); |
1501 | 0 | goto fail; |
1502 | 0 | } |
1503 | | |
1504 | 0 | if(SSL_CTX_use_PrivateKey(ctx, pri) != 1) { |
1505 | 0 | failf(data, "unable to use private key from PKCS12 file '%s'", |
1506 | 0 | cert_file); |
1507 | 0 | goto fail; |
1508 | 0 | } |
1509 | | |
1510 | 0 | if(!SSL_CTX_check_private_key (ctx)) { |
1511 | 0 | failf(data, "private key from PKCS12 file '%s' " |
1512 | 0 | "does not match certificate in same file", cert_file); |
1513 | 0 | goto fail; |
1514 | 0 | } |
1515 | | /* Set Certificate Verification chain */ |
1516 | 0 | if(ca) { |
1517 | 0 | while(sk_X509_num(ca)) { |
1518 | | /* |
1519 | | * Note that sk_X509_pop() is used below to make sure the cert is |
1520 | | * removed from the stack properly before getting passed to |
1521 | | * SSL_CTX_add_extra_chain_cert(), which takes ownership. Previously |
1522 | | * we used sk_X509_value() instead, but then we would clean it in the |
1523 | | * subsequent sk_X509_pop_free() call. |
1524 | | */ |
1525 | 0 | X509 *x = sk_X509_pop(ca); |
1526 | 0 | if(!SSL_CTX_add_client_CA(ctx, x)) { |
1527 | 0 | X509_free(x); |
1528 | 0 | failf(data, "cannot add certificate to client CA list"); |
1529 | 0 | goto fail; |
1530 | 0 | } |
1531 | 0 | if(!SSL_CTX_add_extra_chain_cert(ctx, x)) { |
1532 | 0 | X509_free(x); |
1533 | 0 | failf(data, "cannot add certificate to certificate chain"); |
1534 | 0 | goto fail; |
1535 | 0 | } |
1536 | 0 | } |
1537 | 0 | } |
1538 | | |
1539 | 0 | cert_done = 1; |
1540 | 0 | fail: |
1541 | 0 | EVP_PKEY_free(pri); |
1542 | 0 | X509_free(x509); |
1543 | 0 | sk_X509_pop_free(ca, X509_free); |
1544 | 0 | if(!cert_done) |
1545 | 0 | return 0; /* failure! */ |
1546 | 0 | break; |
1547 | 0 | } |
1548 | 0 | default: |
1549 | 0 | failf(data, "not supported file type '%s' for certificate", cert_type); |
1550 | 0 | return 0; |
1551 | 0 | } |
1552 | | |
1553 | 0 | if((!key_file) && (!key_blob)) { |
1554 | 0 | key_file = cert_file; |
1555 | 0 | key_blob = cert_blob; |
1556 | 0 | } |
1557 | 0 | else |
1558 | 0 | file_type = ossl_do_file_type(key_type); |
1559 | |
|
1560 | 0 | switch(file_type) { |
1561 | 0 | case SSL_FILETYPE_PEM: |
1562 | 0 | if(cert_done) |
1563 | 0 | break; |
1564 | 0 | FALLTHROUGH(); |
1565 | 0 | case SSL_FILETYPE_ASN1: |
1566 | 0 | cert_use_result = key_blob ? |
1567 | 0 | use_privatekey_blob(ctx, key_blob, file_type, key_passwd) : |
1568 | 0 | SSL_CTX_use_PrivateKey_file(ctx, key_file, file_type); |
1569 | 0 | if(cert_use_result != 1) { |
1570 | 0 | failf(data, "unable to set private key file: '%s' type %s", |
1571 | 0 | key_file ? key_file : "(memory blob)", |
1572 | 0 | key_type ? key_type : "PEM"); |
1573 | 0 | return 0; |
1574 | 0 | } |
1575 | 0 | break; |
1576 | 0 | case SSL_FILETYPE_ENGINE: |
1577 | 0 | #ifdef USE_OPENSSL_ENGINE |
1578 | 0 | { |
1579 | 0 | EVP_PKEY *priv_key = NULL; |
1580 | | |
1581 | | /* Implicitly use pkcs11 engine if none was provided and the |
1582 | | * key_file is a PKCS#11 URI */ |
1583 | 0 | if(!data->state.engine) { |
1584 | 0 | if(is_pkcs11_uri(key_file)) { |
1585 | 0 | if(ossl_set_engine(data, "pkcs11") != CURLE_OK) { |
1586 | 0 | return 0; |
1587 | 0 | } |
1588 | 0 | } |
1589 | 0 | } |
1590 | | |
1591 | 0 | if(data->state.engine) { |
1592 | 0 | UI_METHOD *ui_method = |
1593 | 0 | UI_create_method(OSSL_UI_METHOD_CAST("curl user interface")); |
1594 | 0 | if(!ui_method) { |
1595 | 0 | failf(data, "unable do create " OSSL_PACKAGE |
1596 | 0 | " user-interface method"); |
1597 | 0 | return 0; |
1598 | 0 | } |
1599 | 0 | UI_method_set_opener(ui_method, UI_method_get_opener(UI_OpenSSL())); |
1600 | 0 | UI_method_set_closer(ui_method, UI_method_get_closer(UI_OpenSSL())); |
1601 | 0 | UI_method_set_reader(ui_method, ssl_ui_reader); |
1602 | 0 | UI_method_set_writer(ui_method, ssl_ui_writer); |
1603 | 0 | priv_key = ENGINE_load_private_key(data->state.engine, key_file, |
1604 | 0 | ui_method, |
1605 | 0 | key_passwd); |
1606 | 0 | UI_destroy_method(ui_method); |
1607 | 0 | if(!priv_key) { |
1608 | 0 | failf(data, "failed to load private key from crypto engine"); |
1609 | 0 | return 0; |
1610 | 0 | } |
1611 | 0 | if(SSL_CTX_use_PrivateKey(ctx, priv_key) != 1) { |
1612 | 0 | failf(data, "unable to set private key"); |
1613 | 0 | EVP_PKEY_free(priv_key); |
1614 | 0 | return 0; |
1615 | 0 | } |
1616 | 0 | EVP_PKEY_free(priv_key); /* we do not need the handle any more... */ |
1617 | 0 | } |
1618 | 0 | else { |
1619 | 0 | failf(data, "crypto engine not set, cannot load private key"); |
1620 | 0 | return 0; |
1621 | 0 | } |
1622 | 0 | } |
1623 | 0 | break; |
1624 | 0 | #endif |
1625 | | #if defined(OPENSSL_HAS_PROVIDERS) |
1626 | | /* fall through to compatible provider */ |
1627 | | case SSL_FILETYPE_PROVIDER: |
1628 | | { |
1629 | | /* Implicitly use pkcs11 provider if none was provided and the |
1630 | | * key_file is a PKCS#11 URI */ |
1631 | | if(!data->state.provider) { |
1632 | | if(is_pkcs11_uri(key_file)) { |
1633 | | if(ossl_set_provider(data, "pkcs11") != CURLE_OK) { |
1634 | | return 0; |
1635 | | } |
1636 | | } |
1637 | | } |
1638 | | |
1639 | | if(data->state.provider) { |
1640 | | /* Load the private key from the provider */ |
1641 | | EVP_PKEY *priv_key = NULL; |
1642 | | OSSL_STORE_CTX *store = NULL; |
1643 | | OSSL_STORE_INFO *info = NULL; |
1644 | | UI_METHOD *ui_method = |
1645 | | UI_create_method(OSSL_UI_METHOD_CAST("curl user interface")); |
1646 | | if(!ui_method) { |
1647 | | failf(data, "unable do create " OSSL_PACKAGE |
1648 | | " user-interface method"); |
1649 | | return 0; |
1650 | | } |
1651 | | UI_method_set_opener(ui_method, UI_method_get_opener(UI_OpenSSL())); |
1652 | | UI_method_set_closer(ui_method, UI_method_get_closer(UI_OpenSSL())); |
1653 | | UI_method_set_reader(ui_method, ssl_ui_reader); |
1654 | | UI_method_set_writer(ui_method, ssl_ui_writer); |
1655 | | |
1656 | | store = OSSL_STORE_open_ex(key_file, data->state.libctx, |
1657 | | data->state.propq, ui_method, NULL, NULL, |
1658 | | NULL, NULL); |
1659 | | if(!store) { |
1660 | | failf(data, "Failed to open OpenSSL store: %s", |
1661 | | ossl_strerror(ERR_get_error(), error_buffer, |
1662 | | sizeof(error_buffer))); |
1663 | | return 0; |
1664 | | } |
1665 | | if(OSSL_STORE_expect(store, OSSL_STORE_INFO_PKEY) != 1) { |
1666 | | failf(data, "Failed to set store preference. Ignoring the error: %s", |
1667 | | ossl_strerror(ERR_get_error(), error_buffer, |
1668 | | sizeof(error_buffer))); |
1669 | | } |
1670 | | |
1671 | | info = OSSL_STORE_load(store); |
1672 | | if(info) { |
1673 | | int ossl_type = OSSL_STORE_INFO_get_type(info); |
1674 | | |
1675 | | if(ossl_type == OSSL_STORE_INFO_PKEY) |
1676 | | priv_key = OSSL_STORE_INFO_get1_PKEY(info); |
1677 | | OSSL_STORE_INFO_free(info); |
1678 | | } |
1679 | | OSSL_STORE_close(store); |
1680 | | UI_destroy_method(ui_method); |
1681 | | if(!priv_key) { |
1682 | | failf(data, "No private key found in the openssl store: %s", |
1683 | | ossl_strerror(ERR_get_error(), error_buffer, |
1684 | | sizeof(error_buffer))); |
1685 | | return 0; |
1686 | | } |
1687 | | |
1688 | | if(SSL_CTX_use_PrivateKey(ctx, priv_key) != 1) { |
1689 | | failf(data, "unable to set private key [%s]", |
1690 | | ossl_strerror(ERR_get_error(), error_buffer, |
1691 | | sizeof(error_buffer))); |
1692 | | EVP_PKEY_free(priv_key); |
1693 | | return 0; |
1694 | | } |
1695 | | EVP_PKEY_free(priv_key); /* we do not need the handle any more... */ |
1696 | | } |
1697 | | else { |
1698 | | failf(data, "crypto provider not set, cannot load private key"); |
1699 | | return 0; |
1700 | | } |
1701 | | } |
1702 | | break; |
1703 | | #endif |
1704 | | |
1705 | 0 | case SSL_FILETYPE_PKCS12: |
1706 | 0 | if(!cert_done) { |
1707 | 0 | failf(data, "file type P12 for private key not supported"); |
1708 | 0 | return 0; |
1709 | 0 | } |
1710 | 0 | break; |
1711 | 0 | default: |
1712 | 0 | failf(data, "not supported file type for private key"); |
1713 | 0 | return 0; |
1714 | 0 | } |
1715 | | |
1716 | 0 | ssl = SSL_new(ctx); |
1717 | 0 | if(!ssl) { |
1718 | 0 | failf(data, "unable to create an SSL structure"); |
1719 | 0 | return 0; |
1720 | 0 | } |
1721 | | |
1722 | 0 | x509 = SSL_get_certificate(ssl); |
1723 | | |
1724 | | /* This version was provided by Evan Jordan and is supposed to not |
1725 | | leak memory as the previous version: */ |
1726 | 0 | if(x509) { |
1727 | 0 | EVP_PKEY *pktmp = X509_get_pubkey(x509); |
1728 | 0 | EVP_PKEY_copy_parameters(pktmp, SSL_get_privatekey(ssl)); |
1729 | 0 | EVP_PKEY_free(pktmp); |
1730 | 0 | } |
1731 | |
|
1732 | 0 | #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_IS_BORINGSSL) && \ |
1733 | 0 | !defined(OPENSSL_NO_DEPRECATED_3_0) |
1734 | 0 | { |
1735 | | /* If RSA is used, do not check the private key if its flags indicate |
1736 | | * it does not support it. */ |
1737 | 0 | EVP_PKEY *priv_key = SSL_get_privatekey(ssl); |
1738 | 0 | int pktype; |
1739 | 0 | #ifdef HAVE_OPAQUE_EVP_PKEY |
1740 | 0 | pktype = EVP_PKEY_id(priv_key); |
1741 | | #else |
1742 | | pktype = priv_key->type; |
1743 | | #endif |
1744 | 0 | if(pktype == EVP_PKEY_RSA) { |
1745 | 0 | RSA *rsa = EVP_PKEY_get1_RSA(priv_key); |
1746 | 0 | if(RSA_flags(rsa) & RSA_METHOD_FLAG_NO_CHECK) |
1747 | 0 | check_privkey = FALSE; |
1748 | 0 | RSA_free(rsa); /* Decrement reference count */ |
1749 | 0 | } |
1750 | 0 | } |
1751 | 0 | #endif |
1752 | |
|
1753 | 0 | SSL_free(ssl); |
1754 | | |
1755 | | /* If we are using DSA, we can copy the parameters from |
1756 | | * the private key */ |
1757 | |
|
1758 | 0 | if(check_privkey == TRUE) { |
1759 | | /* Now we know that a key and cert have been set against |
1760 | | * the SSL context */ |
1761 | 0 | if(!SSL_CTX_check_private_key(ctx)) { |
1762 | 0 | failf(data, "Private key does not match the certificate public key"); |
1763 | 0 | return 0; |
1764 | 0 | } |
1765 | 0 | } |
1766 | 0 | } |
1767 | 0 | return 1; |
1768 | 0 | } |
1769 | | |
1770 | | /* returns non-zero on failure */ |
1771 | | static CURLcode x509_name_oneline(X509_NAME *a, struct dynbuf *d) |
1772 | 42 | { |
1773 | 42 | BIO *bio_out = BIO_new(BIO_s_mem()); |
1774 | 42 | BUF_MEM *biomem; |
1775 | 42 | int rc; |
1776 | 42 | CURLcode result = CURLE_OUT_OF_MEMORY; |
1777 | | |
1778 | 42 | if(bio_out) { |
1779 | 42 | curlx_dyn_reset(d); |
1780 | 42 | rc = X509_NAME_print_ex(bio_out, a, 0, XN_FLAG_SEP_SPLUS_SPC); |
1781 | 42 | if(rc != -1) { |
1782 | 42 | BIO_get_mem_ptr(bio_out, &biomem); |
1783 | 42 | result = curlx_dyn_addn(d, biomem->data, biomem->length); |
1784 | 42 | BIO_free(bio_out); |
1785 | 42 | } |
1786 | 42 | } |
1787 | 42 | return result; |
1788 | 42 | } |
1789 | | |
1790 | | /** |
1791 | | * Global SSL init |
1792 | | * |
1793 | | * @retval 0 error initializing SSL |
1794 | | * @retval 1 SSL initialized successfully |
1795 | | */ |
1796 | | static int ossl_init(void) |
1797 | 1 | { |
1798 | 1 | #if OPENSSL_VERSION_NUMBER >= 0x10100000L |
1799 | 1 | const uint64_t flags = |
1800 | 1 | #ifdef OPENSSL_INIT_ENGINE_ALL_BUILTIN |
1801 | | /* not present in BoringSSL */ |
1802 | 1 | OPENSSL_INIT_ENGINE_ALL_BUILTIN | |
1803 | 1 | #endif |
1804 | | #ifdef CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG |
1805 | | OPENSSL_INIT_NO_LOAD_CONFIG | |
1806 | | #else |
1807 | 1 | OPENSSL_INIT_LOAD_CONFIG | |
1808 | 1 | #endif |
1809 | 1 | 0; |
1810 | 1 | OPENSSL_init_ssl(flags, NULL); |
1811 | | #else |
1812 | | OPENSSL_load_builtin_modules(); |
1813 | | |
1814 | | #ifdef USE_OPENSSL_ENGINE |
1815 | | ENGINE_load_builtin_engines(); |
1816 | | #endif |
1817 | | |
1818 | | /* CONF_MFLAGS_DEFAULT_SECTION was introduced some time between 0.9.8b and |
1819 | | 0.9.8e */ |
1820 | | #ifndef CONF_MFLAGS_DEFAULT_SECTION |
1821 | | #define CONF_MFLAGS_DEFAULT_SECTION 0x0 |
1822 | | #endif |
1823 | | |
1824 | | #ifndef CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG |
1825 | | CONF_modules_load_file(NULL, NULL, |
1826 | | CONF_MFLAGS_DEFAULT_SECTION| |
1827 | | CONF_MFLAGS_IGNORE_MISSING_FILE); |
1828 | | #endif |
1829 | | |
1830 | | /* Let's get nice error messages */ |
1831 | | SSL_load_error_strings(); |
1832 | | |
1833 | | /* Init the global ciphers and digests */ |
1834 | | if(!SSLeay_add_ssl_algorithms()) |
1835 | | return 0; |
1836 | | |
1837 | | OpenSSL_add_all_algorithms(); |
1838 | | #endif |
1839 | | |
1840 | 1 | Curl_tls_keylog_open(); |
1841 | | |
1842 | 1 | return 1; |
1843 | 1 | } |
1844 | | |
1845 | | /* Global cleanup */ |
1846 | | static void ossl_cleanup(void) |
1847 | 0 | { |
1848 | 0 | #if OPENSSL_VERSION_NUMBER >= 0x10100000L |
1849 | | /* OpenSSL 1.1 deprecates all these cleanup functions and |
1850 | | turns them into no-ops in OpenSSL 1.0 compatibility mode */ |
1851 | | #else |
1852 | | /* Free ciphers and digests lists */ |
1853 | | EVP_cleanup(); |
1854 | | |
1855 | | #ifdef USE_OPENSSL_ENGINE |
1856 | | /* Free engine list */ |
1857 | | ENGINE_cleanup(); |
1858 | | #endif |
1859 | | |
1860 | | /* Free OpenSSL error strings */ |
1861 | | ERR_free_strings(); |
1862 | | |
1863 | | /* Free thread local error state, destroying hash upon zero refcount */ |
1864 | | ERR_remove_thread_state(NULL); |
1865 | | |
1866 | | /* Free all memory allocated by all configuration modules */ |
1867 | | CONF_modules_free(); |
1868 | | |
1869 | | #ifdef HAVE_SSL_COMP_FREE_COMPRESSION_METHODS |
1870 | | SSL_COMP_free_compression_methods(); |
1871 | | #endif |
1872 | | #endif |
1873 | |
|
1874 | 0 | Curl_tls_keylog_close(); |
1875 | 0 | } |
1876 | | |
1877 | | /* Selects an OpenSSL crypto engine or provider. |
1878 | | */ |
1879 | | static CURLcode ossl_set_engine(struct Curl_easy *data, const char *name) |
1880 | 0 | { |
1881 | 0 | #ifdef USE_OPENSSL_ENGINE |
1882 | 0 | CURLcode result = CURLE_SSL_ENGINE_NOTFOUND; |
1883 | 0 | ENGINE *e = ENGINE_by_id(name); |
1884 | |
|
1885 | 0 | if(e) { |
1886 | |
|
1887 | 0 | if(data->state.engine) { |
1888 | 0 | ENGINE_finish(data->state.engine); |
1889 | 0 | ENGINE_free(data->state.engine); |
1890 | 0 | data->state.engine = NULL; |
1891 | 0 | } |
1892 | 0 | if(!ENGINE_init(e)) { |
1893 | 0 | char buf[256]; |
1894 | |
|
1895 | 0 | ENGINE_free(e); |
1896 | 0 | failf(data, "Failed to initialise SSL Engine '%s': %s", |
1897 | 0 | name, ossl_strerror(ERR_get_error(), buf, sizeof(buf))); |
1898 | 0 | result = CURLE_SSL_ENGINE_INITFAILED; |
1899 | 0 | e = NULL; |
1900 | 0 | } |
1901 | 0 | data->state.engine = e; |
1902 | 0 | return result; |
1903 | 0 | } |
1904 | 0 | #endif |
1905 | | #ifdef OPENSSL_HAS_PROVIDERS |
1906 | | return ossl_set_provider(data, name); |
1907 | | #else |
1908 | 0 | (void)name; |
1909 | 0 | failf(data, "OpenSSL engine not found"); |
1910 | 0 | return CURLE_SSL_ENGINE_NOTFOUND; |
1911 | 0 | #endif |
1912 | 0 | } |
1913 | | |
1914 | | /* Sets engine as default for all SSL operations |
1915 | | */ |
1916 | | static CURLcode ossl_set_engine_default(struct Curl_easy *data) |
1917 | 0 | { |
1918 | 0 | #ifdef USE_OPENSSL_ENGINE |
1919 | 0 | if(data->state.engine) { |
1920 | 0 | if(ENGINE_set_default(data->state.engine, ENGINE_METHOD_ALL) > 0) { |
1921 | 0 | infof(data, "set default crypto engine '%s'", |
1922 | 0 | ENGINE_get_id(data->state.engine)); |
1923 | 0 | } |
1924 | 0 | else { |
1925 | 0 | failf(data, "set default crypto engine '%s' failed", |
1926 | 0 | ENGINE_get_id(data->state.engine)); |
1927 | 0 | return CURLE_SSL_ENGINE_SETFAILED; |
1928 | 0 | } |
1929 | 0 | } |
1930 | | #else |
1931 | | (void) data; |
1932 | | #endif |
1933 | 0 | return CURLE_OK; |
1934 | 0 | } |
1935 | | |
1936 | | /* Return list of OpenSSL crypto engine names. |
1937 | | */ |
1938 | | static struct curl_slist *ossl_engines_list(struct Curl_easy *data) |
1939 | 0 | { |
1940 | 0 | struct curl_slist *list = NULL; |
1941 | 0 | #ifdef USE_OPENSSL_ENGINE |
1942 | 0 | struct curl_slist *beg; |
1943 | 0 | ENGINE *e; |
1944 | |
|
1945 | 0 | for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) { |
1946 | 0 | beg = curl_slist_append(list, ENGINE_get_id(e)); |
1947 | 0 | if(!beg) { |
1948 | 0 | curl_slist_free_all(list); |
1949 | 0 | return NULL; |
1950 | 0 | } |
1951 | 0 | list = beg; |
1952 | 0 | } |
1953 | 0 | #endif |
1954 | 0 | (void) data; |
1955 | 0 | return list; |
1956 | 0 | } |
1957 | | |
1958 | | #if defined(OPENSSL_HAS_PROVIDERS) |
1959 | | |
1960 | | static void ossl_provider_cleanup(struct Curl_easy *data) |
1961 | | { |
1962 | | if(data->state.baseprov) { |
1963 | | OSSL_PROVIDER_unload(data->state.baseprov); |
1964 | | data->state.baseprov = NULL; |
1965 | | } |
1966 | | if(data->state.provider) { |
1967 | | OSSL_PROVIDER_unload(data->state.provider); |
1968 | | data->state.provider = NULL; |
1969 | | } |
1970 | | OSSL_LIB_CTX_free(data->state.libctx); |
1971 | | data->state.libctx = NULL; |
1972 | | Curl_safefree(data->state.propq); |
1973 | | data->state.provider_loaded = FALSE; |
1974 | | } |
1975 | | |
1976 | | #define MAX_PROVIDER_LEN 128 /* reasonable */ |
1977 | | |
1978 | | /* Selects an OpenSSL crypto provider. |
1979 | | * |
1980 | | * A provider might need an associated property, a string passed on to |
1981 | | * OpenSSL. Specify this as [PROVIDER][:PROPERTY]: separate the name and the |
1982 | | * property with a colon. No colon means no property is set. |
1983 | | * |
1984 | | * An example provider + property looks like "tpm2:?provider=tpm2". |
1985 | | */ |
1986 | | static CURLcode ossl_set_provider(struct Curl_easy *data, const char *iname) |
1987 | | { |
1988 | | char name[MAX_PROVIDER_LEN + 1]; |
1989 | | struct Curl_str prov; |
1990 | | const char *propq = NULL; |
1991 | | |
1992 | | if(!iname) { |
1993 | | /* clear and cleanup provider use */ |
1994 | | ossl_provider_cleanup(data); |
1995 | | return CURLE_OK; |
1996 | | } |
1997 | | if(curlx_str_until(&iname, &prov, MAX_PROVIDER_LEN, ':')) |
1998 | | return CURLE_BAD_FUNCTION_ARGUMENT; |
1999 | | |
2000 | | if(!curlx_str_single(&iname, ':')) |
2001 | | /* there was a colon, get the propq until the end of string */ |
2002 | | propq = iname; |
2003 | | |
2004 | | /* we need the name in a buffer, null-terminated */ |
2005 | | memcpy(name, curlx_str(&prov), curlx_strlen(&prov)); |
2006 | | name[curlx_strlen(&prov)] = 0; |
2007 | | |
2008 | | if(!data->state.libctx) { |
2009 | | OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new(); |
2010 | | if(!libctx) |
2011 | | return CURLE_OUT_OF_MEMORY; |
2012 | | if(propq) { |
2013 | | data->state.propq = strdup(propq); |
2014 | | if(!data->state.propq) { |
2015 | | OSSL_LIB_CTX_free(libctx); |
2016 | | return CURLE_OUT_OF_MEMORY; |
2017 | | } |
2018 | | } |
2019 | | data->state.libctx = libctx; |
2020 | | } |
2021 | | |
2022 | | if(OSSL_PROVIDER_available(data->state.libctx, name)) { |
2023 | | /* already loaded through the configuration - no action needed */ |
2024 | | data->state.provider_loaded = TRUE; |
2025 | | return CURLE_OK; |
2026 | | } |
2027 | | |
2028 | | data->state.provider = |
2029 | | OSSL_PROVIDER_try_load(data->state.libctx, name, 1); |
2030 | | if(!data->state.provider) { |
2031 | | char error_buffer[256]; |
2032 | | failf(data, "Failed to initialize provider: %s", |
2033 | | ossl_strerror(ERR_get_error(), error_buffer, |
2034 | | sizeof(error_buffer))); |
2035 | | ossl_provider_cleanup(data); |
2036 | | return CURLE_SSL_ENGINE_NOTFOUND; |
2037 | | } |
2038 | | |
2039 | | /* load the base provider as well */ |
2040 | | data->state.baseprov = |
2041 | | OSSL_PROVIDER_try_load(data->state.libctx, "base", 1); |
2042 | | if(!data->state.baseprov) { |
2043 | | ossl_provider_cleanup(data); |
2044 | | failf(data, "Failed to load base"); |
2045 | | return CURLE_SSL_ENGINE_NOTFOUND; |
2046 | | } |
2047 | | else |
2048 | | data->state.provider_loaded = TRUE; |
2049 | | return CURLE_OK; |
2050 | | } |
2051 | | #endif |
2052 | | |
2053 | | |
2054 | | static CURLcode ossl_shutdown(struct Curl_cfilter *cf, |
2055 | | struct Curl_easy *data, |
2056 | | bool send_shutdown, bool *done) |
2057 | 36 | { |
2058 | 36 | struct ssl_connect_data *connssl = cf->ctx; |
2059 | 36 | struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend; |
2060 | 36 | CURLcode result = CURLE_OK; |
2061 | 36 | char buf[1024]; |
2062 | 36 | int nread = -1, err; |
2063 | 36 | unsigned long sslerr; |
2064 | 36 | size_t i; |
2065 | | |
2066 | 36 | DEBUGASSERT(octx); |
2067 | 36 | if(!octx->ssl || cf->shutdown) { |
2068 | 0 | *done = TRUE; |
2069 | 0 | goto out; |
2070 | 0 | } |
2071 | | |
2072 | 36 | connssl->io_need = CURL_SSL_IO_NEED_NONE; |
2073 | 36 | *done = FALSE; |
2074 | 36 | if(!(SSL_get_shutdown(octx->ssl) & SSL_SENT_SHUTDOWN)) { |
2075 | | /* We have not started the shutdown from our side yet. Check |
2076 | | * if the server already sent us one. */ |
2077 | 18 | ERR_clear_error(); |
2078 | 18 | for(i = 0; i < 10; ++i) { |
2079 | 18 | nread = SSL_read(octx->ssl, buf, (int)sizeof(buf)); |
2080 | 18 | CURL_TRC_CF(data, cf, "SSL shutdown not sent, read -> %d", nread); |
2081 | 18 | if(nread <= 0) |
2082 | 18 | break; |
2083 | 18 | } |
2084 | 18 | err = SSL_get_error(octx->ssl, nread); |
2085 | 18 | if(!nread && err == SSL_ERROR_ZERO_RETURN) { |
2086 | 0 | bool input_pending; |
2087 | | /* Yes, it did. */ |
2088 | 0 | if(!send_shutdown) { |
2089 | 0 | CURL_TRC_CF(data, cf, "SSL shutdown received, not sending"); |
2090 | 0 | *done = TRUE; |
2091 | 0 | goto out; |
2092 | 0 | } |
2093 | 0 | else if(!cf->next->cft->is_alive(cf->next, data, &input_pending)) { |
2094 | | /* Server closed the connection after its closy notify. It |
2095 | | * seems not interested to see our close notify, so do not |
2096 | | * send it. We are done. */ |
2097 | 0 | connssl->peer_closed = TRUE; |
2098 | 0 | CURL_TRC_CF(data, cf, "peer closed connection"); |
2099 | 0 | *done = TRUE; |
2100 | 0 | goto out; |
2101 | 0 | } |
2102 | 0 | } |
2103 | 18 | } |
2104 | | |
2105 | | /* SSL should now have started the shutdown from our side. Since it |
2106 | | * was not complete, we are lacking the close notify from the server. */ |
2107 | 36 | if(send_shutdown && !(SSL_get_shutdown(octx->ssl) & SSL_SENT_SHUTDOWN)) { |
2108 | 18 | ERR_clear_error(); |
2109 | 18 | CURL_TRC_CF(data, cf, "send SSL close notify"); |
2110 | 18 | if(SSL_shutdown(octx->ssl) == 1) { |
2111 | 0 | CURL_TRC_CF(data, cf, "SSL shutdown finished"); |
2112 | 0 | *done = TRUE; |
2113 | 0 | goto out; |
2114 | 0 | } |
2115 | 18 | if(SSL_ERROR_WANT_WRITE == SSL_get_error(octx->ssl, nread)) { |
2116 | 0 | CURL_TRC_CF(data, cf, "SSL shutdown still wants to send"); |
2117 | 0 | connssl->io_need = CURL_SSL_IO_NEED_SEND; |
2118 | 0 | goto out; |
2119 | 0 | } |
2120 | | /* Having sent the close notify, we use SSL_read() to get the |
2121 | | * missing close notify from the server. */ |
2122 | 18 | } |
2123 | | |
2124 | 36 | for(i = 0; i < 10; ++i) { |
2125 | 36 | ERR_clear_error(); |
2126 | 36 | nread = SSL_read(octx->ssl, buf, (int)sizeof(buf)); |
2127 | 36 | CURL_TRC_CF(data, cf, "SSL shutdown read -> %d", nread); |
2128 | 36 | if(nread <= 0) |
2129 | 36 | break; |
2130 | 36 | } |
2131 | 36 | err = SSL_get_error(octx->ssl, nread); |
2132 | 36 | switch(err) { |
2133 | 0 | case SSL_ERROR_ZERO_RETURN: /* no more data */ |
2134 | 0 | if(SSL_shutdown(octx->ssl) == 1) |
2135 | 0 | CURL_TRC_CF(data, cf, "SSL shutdown finished"); |
2136 | 0 | else |
2137 | 0 | CURL_TRC_CF(data, cf, "SSL shutdown not received, but closed"); |
2138 | 0 | *done = TRUE; |
2139 | 0 | break; |
2140 | 0 | case SSL_ERROR_NONE: /* just did not get anything */ |
2141 | 34 | case SSL_ERROR_WANT_READ: |
2142 | | /* SSL has send its notify and now wants to read the reply |
2143 | | * from the server. We are not really interested in that. */ |
2144 | 34 | CURL_TRC_CF(data, cf, "SSL shutdown sent, want receive"); |
2145 | 34 | connssl->io_need = CURL_SSL_IO_NEED_RECV; |
2146 | 34 | break; |
2147 | 0 | case SSL_ERROR_WANT_WRITE: |
2148 | 0 | CURL_TRC_CF(data, cf, "SSL shutdown send blocked"); |
2149 | 0 | connssl->io_need = CURL_SSL_IO_NEED_SEND; |
2150 | 0 | break; |
2151 | 2 | default: |
2152 | | /* Server seems to have closed the connection without sending us |
2153 | | * a close notify. */ |
2154 | 2 | sslerr = ERR_get_error(); |
2155 | 2 | CURL_TRC_CF(data, cf, "SSL shutdown, ignore recv error: '%s', errno %d", |
2156 | 2 | (sslerr ? |
2157 | 2 | ossl_strerror(sslerr, buf, sizeof(buf)) : |
2158 | 2 | SSL_ERROR_to_str(err)), |
2159 | 2 | SOCKERRNO); |
2160 | 2 | *done = TRUE; |
2161 | 2 | result = CURLE_OK; |
2162 | 2 | break; |
2163 | 36 | } |
2164 | | |
2165 | 36 | out: |
2166 | 36 | cf->shutdown = (result || *done); |
2167 | 36 | return result; |
2168 | 36 | } |
2169 | | |
2170 | | static void ossl_close(struct Curl_cfilter *cf, struct Curl_easy *data) |
2171 | 42 | { |
2172 | 42 | struct ssl_connect_data *connssl = cf->ctx; |
2173 | 42 | struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend; |
2174 | | |
2175 | 42 | (void)data; |
2176 | 42 | DEBUGASSERT(octx); |
2177 | | |
2178 | 42 | if(octx->ssl) { |
2179 | 21 | SSL_free(octx->ssl); |
2180 | 21 | octx->ssl = NULL; |
2181 | 21 | } |
2182 | 42 | if(octx->ssl_ctx) { |
2183 | 21 | SSL_CTX_free(octx->ssl_ctx); |
2184 | 21 | octx->ssl_ctx = NULL; |
2185 | 21 | octx->x509_store_setup = FALSE; |
2186 | 21 | } |
2187 | 42 | if(octx->bio_method) { |
2188 | 21 | ossl_bio_cf_method_free(octx->bio_method); |
2189 | 21 | octx->bio_method = NULL; |
2190 | 21 | } |
2191 | 42 | } |
2192 | | |
2193 | | /* |
2194 | | * This function is called when the 'data' struct is going away. Close |
2195 | | * down everything and free all resources! |
2196 | | */ |
2197 | | static void ossl_close_all(struct Curl_easy *data) |
2198 | 142k | { |
2199 | 142k | #ifdef USE_OPENSSL_ENGINE |
2200 | 142k | if(data->state.engine) { |
2201 | 0 | ENGINE_finish(data->state.engine); |
2202 | 0 | ENGINE_free(data->state.engine); |
2203 | 0 | data->state.engine = NULL; |
2204 | 0 | } |
2205 | | #else |
2206 | | (void)data; |
2207 | | #endif |
2208 | | #ifdef OPENSSL_HAS_PROVIDERS |
2209 | | ossl_provider_cleanup(data); |
2210 | | #endif |
2211 | | #ifndef HAVE_ERR_REMOVE_THREAD_STATE_DEPRECATED |
2212 | | /* OpenSSL 1.0.1 and 1.0.2 build an error queue that is stored per-thread |
2213 | | so we need to clean it here in case the thread will be killed. All OpenSSL |
2214 | | code should extract the error in association with the error so clearing |
2215 | | this queue here should be harmless at worst. */ |
2216 | | ERR_remove_thread_state(NULL); |
2217 | | #endif |
2218 | 142k | } |
2219 | | |
2220 | | /* ====================================================== */ |
2221 | | |
2222 | | /* |
2223 | | * Match subjectAltName against the hostname. |
2224 | | */ |
2225 | | static bool subj_alt_hostcheck(struct Curl_easy *data, |
2226 | | const char *match_pattern, |
2227 | | size_t matchlen, |
2228 | | const char *hostname, |
2229 | | size_t hostlen, |
2230 | | const char *dispname) |
2231 | 21 | { |
2232 | | #ifdef CURL_DISABLE_VERBOSE_STRINGS |
2233 | | (void)dispname; |
2234 | | (void)data; |
2235 | | #endif |
2236 | 21 | if(Curl_cert_hostcheck(match_pattern, matchlen, hostname, hostlen)) { |
2237 | 21 | infof(data, " subjectAltName: host \"%s\" matched cert's \"%s\"", |
2238 | 21 | dispname, match_pattern); |
2239 | 21 | return TRUE; |
2240 | 21 | } |
2241 | 0 | return FALSE; |
2242 | 21 | } |
2243 | | |
2244 | | /* Quote from RFC2818 section 3.1 "Server Identity" |
2245 | | |
2246 | | If a subjectAltName extension of type dNSName is present, that MUST |
2247 | | be used as the identity. Otherwise, the (most specific) Common Name |
2248 | | field in the Subject field of the certificate MUST be used. Although |
2249 | | the use of the Common Name is existing practice, it is deprecated and |
2250 | | Certification Authorities are encouraged to use the dNSName instead. |
2251 | | |
2252 | | Matching is performed using the matching rules specified by |
2253 | | [RFC2459]. If more than one identity of a given type is present in |
2254 | | the certificate (e.g., more than one dNSName name, a match in any one |
2255 | | of the set is considered acceptable.) Names may contain the wildcard |
2256 | | character * which is considered to match any single domain name |
2257 | | component or component fragment. E.g., *.a.com matches foo.a.com but |
2258 | | not bar.foo.a.com. f*.com matches foo.com but not bar.com. |
2259 | | |
2260 | | In some cases, the URI is specified as an IP address rather than a |
2261 | | hostname. In this case, the iPAddress subjectAltName must be present |
2262 | | in the certificate and must exactly match the IP in the URI. |
2263 | | |
2264 | | This function is now used from ngtcp2 (QUIC) as well. |
2265 | | */ |
2266 | | static CURLcode ossl_verifyhost(struct Curl_easy *data, |
2267 | | struct connectdata *conn, |
2268 | | struct ssl_peer *peer, X509 *server_cert) |
2269 | 21 | { |
2270 | 21 | bool matched = FALSE; |
2271 | 21 | int target; /* target type, GEN_DNS or GEN_IPADD */ |
2272 | 21 | size_t addrlen = 0; |
2273 | 21 | STACK_OF(GENERAL_NAME) *altnames; |
2274 | 21 | #ifdef USE_IPV6 |
2275 | 21 | struct in6_addr addr; |
2276 | | #else |
2277 | | struct in_addr addr; |
2278 | | #endif |
2279 | 21 | CURLcode result = CURLE_OK; |
2280 | 21 | bool dNSName = FALSE; /* if a dNSName field exists in the cert */ |
2281 | 21 | bool iPAddress = FALSE; /* if an iPAddress field exists in the cert */ |
2282 | 21 | size_t hostlen; |
2283 | | |
2284 | 21 | (void)conn; |
2285 | 21 | hostlen = strlen(peer->hostname); |
2286 | 21 | switch(peer->type) { |
2287 | 0 | case CURL_SSL_PEER_IPV4: |
2288 | 0 | if(!curlx_inet_pton(AF_INET, peer->hostname, &addr)) |
2289 | 0 | return CURLE_PEER_FAILED_VERIFICATION; |
2290 | 0 | target = GEN_IPADD; |
2291 | 0 | addrlen = sizeof(struct in_addr); |
2292 | 0 | break; |
2293 | 0 | #ifdef USE_IPV6 |
2294 | 0 | case CURL_SSL_PEER_IPV6: |
2295 | 0 | if(!curlx_inet_pton(AF_INET6, peer->hostname, &addr)) |
2296 | 0 | return CURLE_PEER_FAILED_VERIFICATION; |
2297 | 0 | target = GEN_IPADD; |
2298 | 0 | addrlen = sizeof(struct in6_addr); |
2299 | 0 | break; |
2300 | 0 | #endif |
2301 | 21 | case CURL_SSL_PEER_DNS: |
2302 | 21 | target = GEN_DNS; |
2303 | 21 | break; |
2304 | 0 | default: |
2305 | 0 | DEBUGASSERT(0); |
2306 | 0 | failf(data, "unexpected ssl peer type: %d", peer->type); |
2307 | 0 | return CURLE_PEER_FAILED_VERIFICATION; |
2308 | 21 | } |
2309 | | |
2310 | | /* get a "list" of alternative names */ |
2311 | 21 | altnames = X509_get_ext_d2i(server_cert, NID_subject_alt_name, NULL, NULL); |
2312 | | |
2313 | 21 | if(altnames) { |
2314 | | #if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC) |
2315 | | size_t numalts; |
2316 | | size_t i; |
2317 | | #else |
2318 | 21 | int numalts; |
2319 | 21 | int i; |
2320 | 21 | #endif |
2321 | 21 | bool dnsmatched = FALSE; |
2322 | 21 | bool ipmatched = FALSE; |
2323 | | |
2324 | | /* get amount of alternatives, RFC2459 claims there MUST be at least |
2325 | | one, but we do not depend on it... */ |
2326 | 21 | numalts = sk_GENERAL_NAME_num(altnames); |
2327 | | |
2328 | | /* loop through all alternatives - until a dnsmatch */ |
2329 | 42 | for(i = 0; (i < numalts) && !dnsmatched; i++) { |
2330 | | /* get a handle to alternative name number i */ |
2331 | 21 | const GENERAL_NAME *check = sk_GENERAL_NAME_value(altnames, i); |
2332 | | |
2333 | 21 | if(check->type == GEN_DNS) |
2334 | 21 | dNSName = TRUE; |
2335 | 0 | else if(check->type == GEN_IPADD) |
2336 | 0 | iPAddress = TRUE; |
2337 | | |
2338 | | /* only check alternatives of the same type the target is */ |
2339 | 21 | if(check->type == target) { |
2340 | | /* get data and length */ |
2341 | 21 | const char *altptr = (const char *)ASN1_STRING_get0_data(check->d.ia5); |
2342 | 21 | size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5); |
2343 | | |
2344 | 21 | switch(target) { |
2345 | 21 | case GEN_DNS: /* name/pattern comparison */ |
2346 | | /* The OpenSSL manpage explicitly says: "In general it cannot be |
2347 | | assumed that the data returned by ASN1_STRING_data() is null |
2348 | | terminated or does not contain embedded nulls." But also that |
2349 | | "The actual format of the data will depend on the actual string |
2350 | | type itself: for example for an IA5String the data will be ASCII" |
2351 | | |
2352 | | It has been however verified that in 0.9.6 and 0.9.7, IA5String |
2353 | | is always null-terminated. |
2354 | | */ |
2355 | 21 | if((altlen == strlen(altptr)) && |
2356 | | /* if this is not true, there was an embedded zero in the name |
2357 | | string and we cannot match it. */ |
2358 | 21 | subj_alt_hostcheck(data, altptr, altlen, |
2359 | 21 | peer->hostname, hostlen, |
2360 | 21 | peer->dispname)) { |
2361 | 21 | dnsmatched = TRUE; |
2362 | 21 | } |
2363 | 21 | break; |
2364 | | |
2365 | 0 | case GEN_IPADD: /* IP address comparison */ |
2366 | | /* compare alternative IP address if the data chunk is the same size |
2367 | | our server IP address is */ |
2368 | 0 | if((altlen == addrlen) && !memcmp(altptr, &addr, altlen)) { |
2369 | 0 | ipmatched = TRUE; |
2370 | 0 | infof(data, |
2371 | 0 | " subjectAltName: host \"%s\" matched cert's IP address!", |
2372 | 0 | peer->dispname); |
2373 | 0 | } |
2374 | 0 | break; |
2375 | 21 | } |
2376 | 21 | } |
2377 | 21 | } |
2378 | 21 | GENERAL_NAMES_free(altnames); |
2379 | | |
2380 | 21 | if(dnsmatched || ipmatched) |
2381 | 21 | matched = TRUE; |
2382 | 21 | } |
2383 | | |
2384 | 21 | if(matched) |
2385 | | /* an alternative name matched */ |
2386 | 21 | ; |
2387 | 0 | else if(dNSName || iPAddress) { |
2388 | 0 | const char *tname = (peer->type == CURL_SSL_PEER_DNS) ? "hostname" : |
2389 | 0 | (peer->type == CURL_SSL_PEER_IPV4) ? |
2390 | 0 | "ipv4 address" : "ipv6 address"; |
2391 | 0 | infof(data, " subjectAltName does not match %s %s", tname, peer->dispname); |
2392 | 0 | failf(data, "SSL: no alternative certificate subject name matches " |
2393 | 0 | "target %s '%s'", tname, peer->dispname); |
2394 | 0 | result = CURLE_PEER_FAILED_VERIFICATION; |
2395 | 0 | } |
2396 | 0 | else { |
2397 | | /* we have to look to the last occurrence of a commonName in the |
2398 | | distinguished one to get the most significant one. */ |
2399 | 0 | int i = -1; |
2400 | 0 | unsigned char *cn = NULL; |
2401 | 0 | int cnlen = 0; |
2402 | 0 | bool free_cn = FALSE; |
2403 | | |
2404 | | /* The following is done because of a bug in 0.9.6b */ |
2405 | 0 | X509_NAME *name = X509_get_subject_name(server_cert); |
2406 | 0 | if(name) { |
2407 | 0 | int j; |
2408 | 0 | while((j = X509_NAME_get_index_by_NID(name, NID_commonName, i)) >= 0) |
2409 | 0 | i = j; |
2410 | 0 | } |
2411 | | |
2412 | | /* we have the name entry and we will now convert this to a string |
2413 | | that we can use for comparison. Doing this we support BMPstring, |
2414 | | UTF8, etc. */ |
2415 | |
|
2416 | 0 | if(i >= 0) { |
2417 | 0 | ASN1_STRING *tmp = |
2418 | 0 | X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i)); |
2419 | | |
2420 | | /* In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input |
2421 | | is already UTF-8 encoded. We check for this case and copy the raw |
2422 | | string manually to avoid the problem. This code can be made |
2423 | | conditional in the future when OpenSSL has been fixed. */ |
2424 | 0 | if(tmp) { |
2425 | 0 | if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) { |
2426 | 0 | cnlen = ASN1_STRING_length(tmp); |
2427 | 0 | cn = (unsigned char *)CURL_UNCONST(ASN1_STRING_get0_data(tmp)); |
2428 | 0 | } |
2429 | 0 | else { /* not a UTF8 name */ |
2430 | 0 | cnlen = ASN1_STRING_to_UTF8(&cn, tmp); |
2431 | 0 | free_cn = TRUE; |
2432 | 0 | } |
2433 | |
|
2434 | 0 | if((cnlen <= 0) || !cn) |
2435 | 0 | result = CURLE_OUT_OF_MEMORY; |
2436 | 0 | else if((size_t)cnlen != strlen((char *)cn)) { |
2437 | | /* there was a terminating zero before the end of string, this |
2438 | | cannot match and we return failure! */ |
2439 | 0 | failf(data, "SSL: illegal cert name field"); |
2440 | 0 | result = CURLE_PEER_FAILED_VERIFICATION; |
2441 | 0 | } |
2442 | 0 | } |
2443 | 0 | } |
2444 | |
|
2445 | 0 | if(result) |
2446 | | /* error already detected, pass through */ |
2447 | 0 | ; |
2448 | 0 | else if(!cn) { |
2449 | 0 | failf(data, |
2450 | 0 | "SSL: unable to obtain common name from peer certificate"); |
2451 | 0 | result = CURLE_PEER_FAILED_VERIFICATION; |
2452 | 0 | } |
2453 | 0 | else if(!Curl_cert_hostcheck((const char *)cn, cnlen, |
2454 | 0 | peer->hostname, hostlen)) { |
2455 | 0 | failf(data, "SSL: certificate subject name '%s' does not match " |
2456 | 0 | "target hostname '%s'", cn, peer->dispname); |
2457 | 0 | result = CURLE_PEER_FAILED_VERIFICATION; |
2458 | 0 | } |
2459 | 0 | else { |
2460 | 0 | infof(data, " common name: %s (matched)", cn); |
2461 | 0 | } |
2462 | 0 | if(free_cn) |
2463 | 0 | OPENSSL_free(cn); |
2464 | 0 | } |
2465 | | |
2466 | 21 | return result; |
2467 | 21 | } |
2468 | | |
2469 | | #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_OCSP) |
2470 | | static CURLcode verifystatus(struct Curl_cfilter *cf, |
2471 | | struct Curl_easy *data, |
2472 | | struct ossl_ctx *octx) |
2473 | 0 | { |
2474 | 0 | int i, ocsp_status; |
2475 | | #ifdef OPENSSL_IS_AWSLC |
2476 | | const uint8_t *status; |
2477 | | #else |
2478 | 0 | unsigned char *status; |
2479 | 0 | #endif |
2480 | 0 | const unsigned char *p; |
2481 | 0 | CURLcode result = CURLE_OK; |
2482 | 0 | OCSP_RESPONSE *rsp = NULL; |
2483 | 0 | OCSP_BASICRESP *br = NULL; |
2484 | 0 | X509_STORE *st = NULL; |
2485 | 0 | STACK_OF(X509) *ch = NULL; |
2486 | 0 | X509 *cert; |
2487 | 0 | OCSP_CERTID *id = NULL; |
2488 | 0 | int cert_status, crl_reason; |
2489 | 0 | ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd; |
2490 | 0 | int ret; |
2491 | 0 | long len; |
2492 | |
|
2493 | 0 | (void)cf; |
2494 | 0 | DEBUGASSERT(octx); |
2495 | |
|
2496 | 0 | len = (long)SSL_get_tlsext_status_ocsp_resp(octx->ssl, &status); |
2497 | |
|
2498 | 0 | if(!status) { |
2499 | 0 | failf(data, "No OCSP response received"); |
2500 | 0 | result = CURLE_SSL_INVALIDCERTSTATUS; |
2501 | 0 | goto end; |
2502 | 0 | } |
2503 | 0 | p = status; |
2504 | 0 | rsp = d2i_OCSP_RESPONSE(NULL, &p, len); |
2505 | 0 | if(!rsp) { |
2506 | 0 | failf(data, "Invalid OCSP response"); |
2507 | 0 | result = CURLE_SSL_INVALIDCERTSTATUS; |
2508 | 0 | goto end; |
2509 | 0 | } |
2510 | | |
2511 | 0 | ocsp_status = OCSP_response_status(rsp); |
2512 | 0 | if(ocsp_status != OCSP_RESPONSE_STATUS_SUCCESSFUL) { |
2513 | 0 | failf(data, "Invalid OCSP response status: %s (%d)", |
2514 | 0 | OCSP_response_status_str(ocsp_status), ocsp_status); |
2515 | 0 | result = CURLE_SSL_INVALIDCERTSTATUS; |
2516 | 0 | goto end; |
2517 | 0 | } |
2518 | | |
2519 | 0 | br = OCSP_response_get1_basic(rsp); |
2520 | 0 | if(!br) { |
2521 | 0 | failf(data, "Invalid OCSP response"); |
2522 | 0 | result = CURLE_SSL_INVALIDCERTSTATUS; |
2523 | 0 | goto end; |
2524 | 0 | } |
2525 | | |
2526 | 0 | ch = SSL_get_peer_cert_chain(octx->ssl); |
2527 | 0 | if(!ch) { |
2528 | 0 | failf(data, "Could not get peer certificate chain"); |
2529 | 0 | result = CURLE_SSL_INVALIDCERTSTATUS; |
2530 | 0 | goto end; |
2531 | 0 | } |
2532 | 0 | st = SSL_CTX_get_cert_store(octx->ssl_ctx); |
2533 | |
|
2534 | 0 | if(OCSP_basic_verify(br, ch, st, 0) <= 0) { |
2535 | 0 | failf(data, "OCSP response verification failed"); |
2536 | 0 | result = CURLE_SSL_INVALIDCERTSTATUS; |
2537 | 0 | goto end; |
2538 | 0 | } |
2539 | | |
2540 | | /* Compute the certificate's ID */ |
2541 | 0 | cert = SSL_get1_peer_certificate(octx->ssl); |
2542 | 0 | if(!cert) { |
2543 | 0 | failf(data, "Error getting peer certificate"); |
2544 | 0 | result = CURLE_SSL_INVALIDCERTSTATUS; |
2545 | 0 | goto end; |
2546 | 0 | } |
2547 | | |
2548 | 0 | for(i = 0; i < (int)sk_X509_num(ch); i++) { |
2549 | 0 | X509 *issuer = sk_X509_value(ch, (ossl_valsize_t)i); |
2550 | 0 | if(X509_check_issued(issuer, cert) == X509_V_OK) { |
2551 | 0 | id = OCSP_cert_to_id(EVP_sha1(), cert, issuer); |
2552 | 0 | break; |
2553 | 0 | } |
2554 | 0 | } |
2555 | 0 | X509_free(cert); |
2556 | |
|
2557 | 0 | if(!id) { |
2558 | 0 | failf(data, "Error computing OCSP ID"); |
2559 | 0 | result = CURLE_SSL_INVALIDCERTSTATUS; |
2560 | 0 | goto end; |
2561 | 0 | } |
2562 | | |
2563 | | /* Find the single OCSP response corresponding to the certificate ID */ |
2564 | 0 | ret = OCSP_resp_find_status(br, id, &cert_status, &crl_reason, &rev, |
2565 | 0 | &thisupd, &nextupd); |
2566 | 0 | OCSP_CERTID_free(id); |
2567 | 0 | if(ret != 1) { |
2568 | 0 | failf(data, "Could not find certificate ID in OCSP response"); |
2569 | 0 | result = CURLE_SSL_INVALIDCERTSTATUS; |
2570 | 0 | goto end; |
2571 | 0 | } |
2572 | | |
2573 | | /* Validate the corresponding single OCSP response */ |
2574 | 0 | if(!OCSP_check_validity(thisupd, nextupd, 300L, -1L)) { |
2575 | 0 | failf(data, "OCSP response has expired"); |
2576 | 0 | result = CURLE_SSL_INVALIDCERTSTATUS; |
2577 | 0 | goto end; |
2578 | 0 | } |
2579 | | |
2580 | 0 | infof(data, "SSL certificate status: %s (%d)", |
2581 | 0 | OCSP_cert_status_str(cert_status), cert_status); |
2582 | |
|
2583 | 0 | switch(cert_status) { |
2584 | 0 | case V_OCSP_CERTSTATUS_GOOD: |
2585 | 0 | break; |
2586 | | |
2587 | 0 | case V_OCSP_CERTSTATUS_REVOKED: |
2588 | 0 | result = CURLE_SSL_INVALIDCERTSTATUS; |
2589 | 0 | failf(data, "SSL certificate revocation reason: %s (%d)", |
2590 | 0 | OCSP_crl_reason_str(crl_reason), crl_reason); |
2591 | 0 | goto end; |
2592 | | |
2593 | 0 | case V_OCSP_CERTSTATUS_UNKNOWN: |
2594 | 0 | default: |
2595 | 0 | result = CURLE_SSL_INVALIDCERTSTATUS; |
2596 | 0 | goto end; |
2597 | 0 | } |
2598 | | |
2599 | 0 | end: |
2600 | 0 | if(br) |
2601 | 0 | OCSP_BASICRESP_free(br); |
2602 | 0 | OCSP_RESPONSE_free(rsp); |
2603 | |
|
2604 | 0 | return result; |
2605 | 0 | } |
2606 | | #endif |
2607 | | |
2608 | | #endif /* USE_OPENSSL */ |
2609 | | |
2610 | | /* The SSL_CTRL_SET_MSG_CALLBACK does not exist in ancient OpenSSL versions |
2611 | | and thus this cannot be done there. */ |
2612 | | #ifdef SSL_CTRL_SET_MSG_CALLBACK |
2613 | | |
2614 | | static const char *ssl_msg_type(int ssl_ver, int msg) |
2615 | 0 | { |
2616 | | #ifdef SSL2_VERSION_MAJOR |
2617 | | if(ssl_ver == SSL2_VERSION_MAJOR) { |
2618 | | switch(msg) { |
2619 | | case SSL2_MT_ERROR: |
2620 | | return "Error"; |
2621 | | case SSL2_MT_CLIENT_HELLO: |
2622 | | return "Client hello"; |
2623 | | case SSL2_MT_CLIENT_MASTER_KEY: |
2624 | | return "Client key"; |
2625 | | case SSL2_MT_CLIENT_FINISHED: |
2626 | | return "Client finished"; |
2627 | | case SSL2_MT_SERVER_HELLO: |
2628 | | return "Server hello"; |
2629 | | case SSL2_MT_SERVER_VERIFY: |
2630 | | return "Server verify"; |
2631 | | case SSL2_MT_SERVER_FINISHED: |
2632 | | return "Server finished"; |
2633 | | case SSL2_MT_REQUEST_CERTIFICATE: |
2634 | | return "Request CERT"; |
2635 | | case SSL2_MT_CLIENT_CERTIFICATE: |
2636 | | return "Client CERT"; |
2637 | | } |
2638 | | } |
2639 | | else |
2640 | | #endif |
2641 | 0 | if(ssl_ver == SSL3_VERSION_MAJOR) { |
2642 | 0 | switch(msg) { |
2643 | 0 | case SSL3_MT_HELLO_REQUEST: |
2644 | 0 | return "Hello request"; |
2645 | 0 | case SSL3_MT_CLIENT_HELLO: |
2646 | 0 | return "Client hello"; |
2647 | 0 | case SSL3_MT_SERVER_HELLO: |
2648 | 0 | return "Server hello"; |
2649 | 0 | #ifdef SSL3_MT_NEWSESSION_TICKET |
2650 | 0 | case SSL3_MT_NEWSESSION_TICKET: |
2651 | 0 | return "Newsession Ticket"; |
2652 | 0 | #endif |
2653 | 0 | case SSL3_MT_CERTIFICATE: |
2654 | 0 | return "Certificate"; |
2655 | 0 | case SSL3_MT_SERVER_KEY_EXCHANGE: |
2656 | 0 | return "Server key exchange"; |
2657 | 0 | case SSL3_MT_CLIENT_KEY_EXCHANGE: |
2658 | 0 | return "Client key exchange"; |
2659 | 0 | case SSL3_MT_CERTIFICATE_REQUEST: |
2660 | 0 | return "Request CERT"; |
2661 | 0 | case SSL3_MT_SERVER_DONE: |
2662 | 0 | return "Server finished"; |
2663 | 0 | case SSL3_MT_CERTIFICATE_VERIFY: |
2664 | 0 | return "CERT verify"; |
2665 | 0 | case SSL3_MT_FINISHED: |
2666 | 0 | return "Finished"; |
2667 | 0 | #ifdef SSL3_MT_CERTIFICATE_STATUS |
2668 | 0 | case SSL3_MT_CERTIFICATE_STATUS: |
2669 | 0 | return "Certificate Status"; |
2670 | 0 | #endif |
2671 | 0 | #ifdef SSL3_MT_ENCRYPTED_EXTENSIONS |
2672 | 0 | case SSL3_MT_ENCRYPTED_EXTENSIONS: |
2673 | 0 | return "Encrypted Extensions"; |
2674 | 0 | #endif |
2675 | 0 | #ifdef SSL3_MT_SUPPLEMENTAL_DATA |
2676 | 0 | case SSL3_MT_SUPPLEMENTAL_DATA: |
2677 | 0 | return "Supplemental data"; |
2678 | 0 | #endif |
2679 | 0 | #ifdef SSL3_MT_END_OF_EARLY_DATA |
2680 | 0 | case SSL3_MT_END_OF_EARLY_DATA: |
2681 | 0 | return "End of early data"; |
2682 | 0 | #endif |
2683 | 0 | #ifdef SSL3_MT_KEY_UPDATE |
2684 | 0 | case SSL3_MT_KEY_UPDATE: |
2685 | 0 | return "Key update"; |
2686 | 0 | #endif |
2687 | 0 | #ifdef SSL3_MT_NEXT_PROTO |
2688 | 0 | case SSL3_MT_NEXT_PROTO: |
2689 | 0 | return "Next protocol"; |
2690 | 0 | #endif |
2691 | 0 | #ifdef SSL3_MT_MESSAGE_HASH |
2692 | 0 | case SSL3_MT_MESSAGE_HASH: |
2693 | 0 | return "Message hash"; |
2694 | 0 | #endif |
2695 | 0 | } |
2696 | 0 | } |
2697 | 0 | return "Unknown"; |
2698 | 0 | } |
2699 | | |
2700 | | static const char *tls_rt_type(int type) |
2701 | 0 | { |
2702 | 0 | switch(type) { |
2703 | 0 | #ifdef SSL3_RT_HEADER |
2704 | 0 | case SSL3_RT_HEADER: |
2705 | 0 | return "TLS header"; |
2706 | 0 | #endif |
2707 | 0 | case SSL3_RT_CHANGE_CIPHER_SPEC: |
2708 | 0 | return "TLS change cipher"; |
2709 | 0 | case SSL3_RT_ALERT: |
2710 | 0 | return "TLS alert"; |
2711 | 0 | case SSL3_RT_HANDSHAKE: |
2712 | 0 | return "TLS handshake"; |
2713 | 0 | case SSL3_RT_APPLICATION_DATA: |
2714 | 0 | return "TLS app data"; |
2715 | 0 | default: |
2716 | 0 | return "TLS Unknown"; |
2717 | 0 | } |
2718 | 0 | } |
2719 | | |
2720 | | /* |
2721 | | * Our callback from the SSL/TLS layers. |
2722 | | */ |
2723 | | static void ossl_trace(int direction, int ssl_ver, int content_type, |
2724 | | const void *buf, size_t len, SSL *ssl, |
2725 | | void *userp) |
2726 | 0 | { |
2727 | 0 | const char *verstr = "???"; |
2728 | 0 | struct Curl_cfilter *cf = userp; |
2729 | 0 | struct Curl_easy *data = NULL; |
2730 | 0 | char unknown[32]; |
2731 | |
|
2732 | 0 | if(!cf) |
2733 | 0 | return; |
2734 | 0 | data = CF_DATA_CURRENT(cf); |
2735 | 0 | if(!data || !data->set.fdebug || (direction && direction != 1)) |
2736 | 0 | return; |
2737 | | |
2738 | 0 | switch(ssl_ver) { |
2739 | 0 | #ifdef SSL2_VERSION /* removed in recent versions */ |
2740 | 0 | case SSL2_VERSION: |
2741 | 0 | verstr = "SSLv2"; |
2742 | 0 | break; |
2743 | 0 | #endif |
2744 | 0 | #ifdef SSL3_VERSION |
2745 | 0 | case SSL3_VERSION: |
2746 | 0 | verstr = "SSLv3"; |
2747 | 0 | break; |
2748 | 0 | #endif |
2749 | 0 | case TLS1_VERSION: |
2750 | 0 | verstr = "TLSv1.0"; |
2751 | 0 | break; |
2752 | 0 | #ifdef TLS1_1_VERSION |
2753 | 0 | case TLS1_1_VERSION: |
2754 | 0 | verstr = "TLSv1.1"; |
2755 | 0 | break; |
2756 | 0 | #endif |
2757 | 0 | #ifdef TLS1_2_VERSION |
2758 | 0 | case TLS1_2_VERSION: |
2759 | 0 | verstr = "TLSv1.2"; |
2760 | 0 | break; |
2761 | 0 | #endif |
2762 | 0 | #ifdef TLS1_3_VERSION |
2763 | 0 | case TLS1_3_VERSION: |
2764 | 0 | verstr = "TLSv1.3"; |
2765 | 0 | break; |
2766 | 0 | #endif |
2767 | 0 | case 0: |
2768 | 0 | break; |
2769 | 0 | default: |
2770 | 0 | msnprintf(unknown, sizeof(unknown), "(%x)", ssl_ver); |
2771 | 0 | verstr = unknown; |
2772 | 0 | break; |
2773 | 0 | } |
2774 | | |
2775 | | /* Log progress for interesting records only (like Handshake or Alert), skip |
2776 | | * all raw record headers (content_type == SSL3_RT_HEADER or ssl_ver == 0). |
2777 | | * For TLS 1.3, skip notification of the decrypted inner Content-Type. |
2778 | | */ |
2779 | 0 | if(ssl_ver |
2780 | 0 | #ifdef SSL3_RT_HEADER |
2781 | 0 | && content_type != SSL3_RT_HEADER |
2782 | 0 | #endif |
2783 | 0 | #ifdef SSL3_RT_INNER_CONTENT_TYPE |
2784 | 0 | && content_type != SSL3_RT_INNER_CONTENT_TYPE |
2785 | 0 | #endif |
2786 | 0 | ) { |
2787 | 0 | const char *msg_name, *tls_rt_name; |
2788 | 0 | char ssl_buf[1024]; |
2789 | 0 | int msg_type, txt_len; |
2790 | | |
2791 | | /* the info given when the version is zero is not that useful for us */ |
2792 | |
|
2793 | 0 | ssl_ver >>= 8; /* check the upper 8 bits only below */ |
2794 | | |
2795 | | /* SSLv2 does not seem to have TLS record-type headers, so OpenSSL |
2796 | | * always pass-up content-type as 0. But the interesting message-type |
2797 | | * is at 'buf[0]'. |
2798 | | */ |
2799 | 0 | if(ssl_ver == SSL3_VERSION_MAJOR && content_type) |
2800 | 0 | tls_rt_name = tls_rt_type(content_type); |
2801 | 0 | else |
2802 | 0 | tls_rt_name = ""; |
2803 | |
|
2804 | 0 | if(content_type == SSL3_RT_CHANGE_CIPHER_SPEC) { |
2805 | 0 | msg_type = *(const char *)buf; |
2806 | 0 | msg_name = "Change cipher spec"; |
2807 | 0 | } |
2808 | 0 | else if(content_type == SSL3_RT_ALERT) { |
2809 | 0 | msg_type = (((const char *)buf)[0] << 8) + ((const char *)buf)[1]; |
2810 | 0 | msg_name = SSL_alert_desc_string_long(msg_type); |
2811 | 0 | } |
2812 | 0 | else { |
2813 | 0 | msg_type = *(const char *)buf; |
2814 | 0 | msg_name = ssl_msg_type(ssl_ver, msg_type); |
2815 | 0 | } |
2816 | |
|
2817 | 0 | txt_len = msnprintf(ssl_buf, sizeof(ssl_buf), |
2818 | 0 | "%s (%s), %s, %s (%d):\n", |
2819 | 0 | verstr, direction ? "OUT" : "IN", |
2820 | 0 | tls_rt_name, msg_name, msg_type); |
2821 | 0 | Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len); |
2822 | 0 | } |
2823 | |
|
2824 | 0 | Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT : |
2825 | 0 | CURLINFO_SSL_DATA_IN, (const char *)buf, len); |
2826 | 0 | (void) ssl; |
2827 | 0 | } |
2828 | | #endif |
2829 | | |
2830 | | #ifdef USE_OPENSSL |
2831 | | /* ====================================================== */ |
2832 | | |
2833 | | /* Check for ALPN support. */ |
2834 | | #ifndef OPENSSL_NO_TLSEXT |
2835 | | # define HAS_ALPN_OPENSSL |
2836 | | #endif |
2837 | | |
2838 | | #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) /* 1.1.0 */ |
2839 | | static CURLcode |
2840 | | ossl_set_ssl_version_min_max(struct Curl_cfilter *cf, SSL_CTX *ctx) |
2841 | 21 | { |
2842 | 21 | struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); |
2843 | | /* first, TLS min version... */ |
2844 | 21 | long curl_ssl_version_min = conn_config->version; |
2845 | 21 | long curl_ssl_version_max; |
2846 | | |
2847 | | /* convert curl min SSL version option to OpenSSL constant */ |
2848 | | #if (defined(OPENSSL_IS_BORINGSSL) || \ |
2849 | | defined(OPENSSL_IS_AWSLC) || \ |
2850 | | defined(LIBRESSL_VERSION_NUMBER)) |
2851 | | uint16_t ossl_ssl_version_min = 0; |
2852 | | uint16_t ossl_ssl_version_max = 0; |
2853 | | #else |
2854 | 21 | long ossl_ssl_version_min = 0; |
2855 | 21 | long ossl_ssl_version_max = 0; |
2856 | 21 | #endif |
2857 | 21 | switch(curl_ssl_version_min) { |
2858 | 0 | case CURL_SSLVERSION_TLSv1: /* TLS 1.x */ |
2859 | 0 | case CURL_SSLVERSION_TLSv1_0: |
2860 | 0 | ossl_ssl_version_min = TLS1_VERSION; |
2861 | 0 | break; |
2862 | 0 | case CURL_SSLVERSION_TLSv1_1: |
2863 | 0 | ossl_ssl_version_min = TLS1_1_VERSION; |
2864 | 0 | break; |
2865 | 0 | case CURL_SSLVERSION_TLSv1_2: |
2866 | 0 | ossl_ssl_version_min = TLS1_2_VERSION; |
2867 | 0 | break; |
2868 | 0 | case CURL_SSLVERSION_TLSv1_3: |
2869 | 0 | #ifdef TLS1_3_VERSION |
2870 | 0 | ossl_ssl_version_min = TLS1_3_VERSION; |
2871 | 0 | break; |
2872 | | #else |
2873 | | return CURLE_NOT_BUILT_IN; |
2874 | | #endif |
2875 | 21 | } |
2876 | | |
2877 | | /* CURL_SSLVERSION_DEFAULT means that no option was selected. |
2878 | | We do not want to pass 0 to SSL_CTX_set_min_proto_version as |
2879 | | it would enable all versions down to the lowest supported by |
2880 | | the library. |
2881 | | So we skip this, and stay with the library default |
2882 | | */ |
2883 | 21 | if(curl_ssl_version_min != CURL_SSLVERSION_DEFAULT) { |
2884 | 0 | if(!SSL_CTX_set_min_proto_version(ctx, ossl_ssl_version_min)) { |
2885 | 0 | return CURLE_SSL_CONNECT_ERROR; |
2886 | 0 | } |
2887 | 0 | } |
2888 | | |
2889 | | /* ... then, TLS max version */ |
2890 | 21 | curl_ssl_version_max = (long)conn_config->version_max; |
2891 | | |
2892 | | /* convert curl max SSL version option to OpenSSL constant */ |
2893 | 21 | switch(curl_ssl_version_max) { |
2894 | 0 | case CURL_SSLVERSION_MAX_TLSv1_0: |
2895 | 0 | ossl_ssl_version_max = TLS1_VERSION; |
2896 | 0 | break; |
2897 | 0 | case CURL_SSLVERSION_MAX_TLSv1_1: |
2898 | 0 | ossl_ssl_version_max = TLS1_1_VERSION; |
2899 | 0 | break; |
2900 | 0 | case CURL_SSLVERSION_MAX_TLSv1_2: |
2901 | 0 | ossl_ssl_version_max = TLS1_2_VERSION; |
2902 | 0 | break; |
2903 | 0 | #ifdef TLS1_3_VERSION |
2904 | 0 | case CURL_SSLVERSION_MAX_TLSv1_3: |
2905 | 0 | ossl_ssl_version_max = TLS1_3_VERSION; |
2906 | 0 | break; |
2907 | 0 | #endif |
2908 | 21 | case CURL_SSLVERSION_MAX_NONE: /* none selected */ |
2909 | 21 | case CURL_SSLVERSION_MAX_DEFAULT: /* max selected */ |
2910 | 21 | default: |
2911 | | /* SSL_CTX_set_max_proto_version states that: |
2912 | | setting the maximum to 0 will enable |
2913 | | protocol versions up to the highest version |
2914 | | supported by the library */ |
2915 | 21 | ossl_ssl_version_max = 0; |
2916 | 21 | break; |
2917 | 21 | } |
2918 | | |
2919 | 21 | if(!SSL_CTX_set_max_proto_version(ctx, ossl_ssl_version_max)) { |
2920 | 0 | return CURLE_SSL_CONNECT_ERROR; |
2921 | 0 | } |
2922 | | |
2923 | 21 | return CURLE_OK; |
2924 | 21 | } |
2925 | | #endif |
2926 | | |
2927 | | #if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC) |
2928 | | typedef uint32_t ctx_option_t; |
2929 | | #elif OPENSSL_VERSION_NUMBER >= 0x30000000L |
2930 | | typedef uint64_t ctx_option_t; |
2931 | | #elif OPENSSL_VERSION_NUMBER >= 0x10100000L && \ |
2932 | | !defined(LIBRESSL_VERSION_NUMBER) |
2933 | | typedef unsigned long ctx_option_t; |
2934 | | #else |
2935 | | typedef long ctx_option_t; |
2936 | | #endif |
2937 | | |
2938 | | #if (OPENSSL_VERSION_NUMBER < 0x10100000L) /* 1.1.0 */ |
2939 | | static CURLcode |
2940 | | ossl_set_ssl_version_min_max_legacy(ctx_option_t *ctx_options, |
2941 | | struct Curl_cfilter *cf, |
2942 | | struct Curl_easy *data) |
2943 | | { |
2944 | | struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); |
2945 | | long ssl_version = conn_config->version; |
2946 | | long ssl_version_max = conn_config->version_max; |
2947 | | |
2948 | | (void) data; /* In case it is unused. */ |
2949 | | |
2950 | | switch(ssl_version) { |
2951 | | case CURL_SSLVERSION_TLSv1_3: |
2952 | | #ifdef TLS1_3_VERSION |
2953 | | { |
2954 | | struct ssl_connect_data *connssl = cf->ctx; |
2955 | | struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend; |
2956 | | DEBUGASSERT(octx); |
2957 | | SSL_CTX_set_max_proto_version(octx->ssl_ctx, TLS1_3_VERSION); |
2958 | | *ctx_options |= SSL_OP_NO_TLSv1_2; |
2959 | | } |
2960 | | #else |
2961 | | (void)ctx_options; |
2962 | | failf(data, OSSL_PACKAGE " was built without TLS 1.3 support"); |
2963 | | return CURLE_NOT_BUILT_IN; |
2964 | | #endif |
2965 | | FALLTHROUGH(); |
2966 | | case CURL_SSLVERSION_TLSv1_2: |
2967 | | *ctx_options |= SSL_OP_NO_TLSv1_1; |
2968 | | FALLTHROUGH(); |
2969 | | case CURL_SSLVERSION_TLSv1_1: |
2970 | | *ctx_options |= SSL_OP_NO_TLSv1; |
2971 | | FALLTHROUGH(); |
2972 | | case CURL_SSLVERSION_TLSv1_0: |
2973 | | case CURL_SSLVERSION_TLSv1: |
2974 | | break; |
2975 | | } |
2976 | | |
2977 | | switch(ssl_version_max) { |
2978 | | case CURL_SSLVERSION_MAX_TLSv1_0: |
2979 | | *ctx_options |= SSL_OP_NO_TLSv1_1; |
2980 | | FALLTHROUGH(); |
2981 | | case CURL_SSLVERSION_MAX_TLSv1_1: |
2982 | | *ctx_options |= SSL_OP_NO_TLSv1_2; |
2983 | | FALLTHROUGH(); |
2984 | | case CURL_SSLVERSION_MAX_TLSv1_2: |
2985 | | #ifdef TLS1_3_VERSION |
2986 | | *ctx_options |= SSL_OP_NO_TLSv1_3; |
2987 | | #endif |
2988 | | break; |
2989 | | case CURL_SSLVERSION_MAX_TLSv1_3: |
2990 | | #ifdef TLS1_3_VERSION |
2991 | | break; |
2992 | | #else |
2993 | | failf(data, OSSL_PACKAGE " was built without TLS 1.3 support"); |
2994 | | return CURLE_NOT_BUILT_IN; |
2995 | | #endif |
2996 | | } |
2997 | | return CURLE_OK; |
2998 | | } |
2999 | | #endif |
3000 | | |
3001 | | CURLcode Curl_ossl_add_session(struct Curl_cfilter *cf, |
3002 | | struct Curl_easy *data, |
3003 | | const char *ssl_peer_key, |
3004 | | SSL_SESSION *session, |
3005 | | int ietf_tls_id, |
3006 | | const char *alpn, |
3007 | | unsigned char *quic_tp, |
3008 | | size_t quic_tp_len) |
3009 | 15 | { |
3010 | 15 | const struct ssl_config_data *config; |
3011 | 15 | unsigned char *der_session_buf = NULL; |
3012 | 15 | unsigned char *qtp_clone = NULL; |
3013 | 15 | CURLcode result = CURLE_OK; |
3014 | | |
3015 | 15 | if(!cf || !data) |
3016 | 0 | goto out; |
3017 | | |
3018 | 15 | config = Curl_ssl_cf_get_config(cf, data); |
3019 | 15 | if(config->primary.cache_session) { |
3020 | 15 | struct Curl_ssl_session *sc_session = NULL; |
3021 | 15 | size_t der_session_size; |
3022 | 15 | unsigned char *der_session_ptr; |
3023 | 15 | size_t earlydata_max = 0; |
3024 | | |
3025 | 15 | der_session_size = i2d_SSL_SESSION(session, NULL); |
3026 | 15 | if(der_session_size == 0) { |
3027 | 0 | result = CURLE_OUT_OF_MEMORY; |
3028 | 0 | goto out; |
3029 | 0 | } |
3030 | | |
3031 | 15 | der_session_buf = der_session_ptr = malloc(der_session_size); |
3032 | 15 | if(!der_session_buf) { |
3033 | 0 | result = CURLE_OUT_OF_MEMORY; |
3034 | 0 | goto out; |
3035 | 0 | } |
3036 | | |
3037 | 15 | der_session_size = i2d_SSL_SESSION(session, &der_session_ptr); |
3038 | 15 | if(der_session_size == 0) { |
3039 | 0 | result = CURLE_OUT_OF_MEMORY; |
3040 | 0 | goto out; |
3041 | 0 | } |
3042 | | |
3043 | 15 | #ifdef HAVE_OPENSSL_EARLYDATA |
3044 | 15 | earlydata_max = SSL_SESSION_get_max_early_data(session); |
3045 | 15 | #endif |
3046 | 15 | if(quic_tp && quic_tp_len) { |
3047 | 0 | qtp_clone = Curl_memdup0((char *)quic_tp, quic_tp_len); |
3048 | 0 | if(!qtp_clone) { |
3049 | 0 | result = CURLE_OUT_OF_MEMORY; |
3050 | 0 | goto out; |
3051 | 0 | } |
3052 | 0 | } |
3053 | | |
3054 | 15 | result = Curl_ssl_session_create2(der_session_buf, der_session_size, |
3055 | 15 | ietf_tls_id, alpn, |
3056 | 15 | (curl_off_t)time(NULL) + |
3057 | 15 | SSL_SESSION_get_timeout(session), |
3058 | 15 | earlydata_max, qtp_clone, quic_tp_len, |
3059 | 15 | &sc_session); |
3060 | 15 | der_session_buf = NULL; /* took ownership of sdata */ |
3061 | 15 | if(!result) { |
3062 | 15 | result = Curl_ssl_scache_put(cf, data, ssl_peer_key, sc_session); |
3063 | | /* took ownership of `sc_session` */ |
3064 | 15 | } |
3065 | 15 | } |
3066 | | |
3067 | 15 | out: |
3068 | 15 | free(der_session_buf); |
3069 | 15 | return result; |
3070 | 15 | } |
3071 | | |
3072 | | /* The "new session" callback must return zero if the session can be removed |
3073 | | * or non-zero if the session has been put into the session cache. |
3074 | | */ |
3075 | | static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid) |
3076 | 15 | { |
3077 | 15 | struct Curl_cfilter *cf = (struct Curl_cfilter*) SSL_get_app_data(ssl); |
3078 | 15 | if(cf) { |
3079 | 15 | struct Curl_easy *data = CF_DATA_CURRENT(cf); |
3080 | 15 | struct ssl_connect_data *connssl = cf->ctx; |
3081 | 15 | Curl_ossl_add_session(cf, data, connssl->peer.scache_key, ssl_sessionid, |
3082 | 15 | SSL_version(ssl), connssl->negotiated.alpn, |
3083 | 15 | NULL, 0); |
3084 | 15 | } |
3085 | 15 | return 0; |
3086 | 15 | } |
3087 | | |
3088 | | static CURLcode load_cacert_from_memory(X509_STORE *store, |
3089 | | const struct curl_blob *ca_info_blob) |
3090 | 0 | { |
3091 | | /* these need to be freed at the end */ |
3092 | 0 | BIO *cbio = NULL; |
3093 | 0 | STACK_OF(X509_INFO) *inf = NULL; |
3094 | | |
3095 | | /* everything else is just a reference */ |
3096 | 0 | int i, count = 0; |
3097 | 0 | X509_INFO *itmp = NULL; |
3098 | |
|
3099 | 0 | if(ca_info_blob->len > (size_t)INT_MAX) |
3100 | 0 | return CURLE_SSL_CACERT_BADFILE; |
3101 | | |
3102 | 0 | cbio = BIO_new_mem_buf(ca_info_blob->data, (int)ca_info_blob->len); |
3103 | 0 | if(!cbio) |
3104 | 0 | return CURLE_OUT_OF_MEMORY; |
3105 | | |
3106 | 0 | inf = PEM_X509_INFO_read_bio(cbio, NULL, NULL, NULL); |
3107 | 0 | if(!inf) { |
3108 | 0 | BIO_free(cbio); |
3109 | 0 | return CURLE_SSL_CACERT_BADFILE; |
3110 | 0 | } |
3111 | | |
3112 | | /* add each entry from PEM file to x509_store */ |
3113 | 0 | for(i = 0; i < (int)sk_X509_INFO_num(inf); ++i) { |
3114 | 0 | itmp = sk_X509_INFO_value(inf, (ossl_valsize_t)i); |
3115 | 0 | if(itmp->x509) { |
3116 | 0 | if(X509_STORE_add_cert(store, itmp->x509)) { |
3117 | 0 | ++count; |
3118 | 0 | } |
3119 | 0 | else { |
3120 | | /* set count to 0 to return an error */ |
3121 | 0 | count = 0; |
3122 | 0 | break; |
3123 | 0 | } |
3124 | 0 | } |
3125 | 0 | if(itmp->crl) { |
3126 | 0 | if(X509_STORE_add_crl(store, itmp->crl)) { |
3127 | 0 | ++count; |
3128 | 0 | } |
3129 | 0 | else { |
3130 | | /* set count to 0 to return an error */ |
3131 | 0 | count = 0; |
3132 | 0 | break; |
3133 | 0 | } |
3134 | 0 | } |
3135 | 0 | } |
3136 | |
|
3137 | 0 | sk_X509_INFO_pop_free(inf, X509_INFO_free); |
3138 | 0 | BIO_free(cbio); |
3139 | | |
3140 | | /* if we did not end up importing anything, treat that as an error */ |
3141 | 0 | return (count > 0) ? CURLE_OK : CURLE_SSL_CACERT_BADFILE; |
3142 | 0 | } |
3143 | | |
3144 | | #ifdef USE_WIN32_CRYPTO |
3145 | | static CURLcode import_windows_cert_store(struct Curl_easy *data, |
3146 | | const char *name, |
3147 | | X509_STORE *store, |
3148 | | bool *imported) |
3149 | | { |
3150 | | CURLcode result = CURLE_OK; |
3151 | | HCERTSTORE hStore; |
3152 | | |
3153 | | *imported = FALSE; |
3154 | | |
3155 | | hStore = CertOpenSystemStoreA(0, name); |
3156 | | if(hStore) { |
3157 | | PCCERT_CONTEXT pContext = NULL; |
3158 | | /* The array of enhanced key usage OIDs will vary per certificate and |
3159 | | is declared outside of the loop so that rather than malloc/free each |
3160 | | iteration we can grow it with realloc, when necessary. */ |
3161 | | CERT_ENHKEY_USAGE *enhkey_usage = NULL; |
3162 | | DWORD enhkey_usage_size = 0; |
3163 | | |
3164 | | /* This loop makes a best effort to import all valid certificates from |
3165 | | the MS root store. If a certificate cannot be imported it is |
3166 | | skipped. 'result' is used to store only hard-fail conditions (such |
3167 | | as out of memory) that cause an early break. */ |
3168 | | result = CURLE_OK; |
3169 | | for(;;) { |
3170 | | X509 *x509; |
3171 | | FILETIME now; |
3172 | | BYTE key_usage[2]; |
3173 | | DWORD req_size; |
3174 | | const unsigned char *encoded_cert; |
3175 | | pContext = CertEnumCertificatesInStore(hStore, pContext); |
3176 | | if(!pContext) |
3177 | | break; |
3178 | | |
3179 | | #if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS) |
3180 | | else { |
3181 | | char cert_name[256]; |
3182 | | if(!CertGetNameStringA(pContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, |
3183 | | NULL, cert_name, sizeof(cert_name))) |
3184 | | infof(data, "SSL: unknown cert name"); |
3185 | | else |
3186 | | infof(data, "SSL: Checking cert \"%s\"", cert_name); |
3187 | | } |
3188 | | #endif |
3189 | | encoded_cert = (const unsigned char *)pContext->pbCertEncoded; |
3190 | | if(!encoded_cert) |
3191 | | continue; |
3192 | | |
3193 | | GetSystemTimeAsFileTime(&now); |
3194 | | if(CompareFileTime(&pContext->pCertInfo->NotBefore, &now) > 0 || |
3195 | | CompareFileTime(&now, &pContext->pCertInfo->NotAfter) > 0) |
3196 | | continue; |
3197 | | |
3198 | | /* If key usage exists check for signing attribute */ |
3199 | | if(CertGetIntendedKeyUsage(pContext->dwCertEncodingType, |
3200 | | pContext->pCertInfo, |
3201 | | key_usage, sizeof(key_usage))) { |
3202 | | if(!(key_usage[0] & CERT_KEY_CERT_SIGN_KEY_USAGE)) |
3203 | | continue; |
3204 | | } |
3205 | | else if(GetLastError()) |
3206 | | continue; |
3207 | | |
3208 | | /* If enhanced key usage exists check for server auth attribute. |
3209 | | * |
3210 | | * Note "In a Microsoft environment, a certificate might also have |
3211 | | * EKU extended properties that specify valid uses for the |
3212 | | * certificate." The call below checks both, and behavior varies |
3213 | | * depending on what is found. For more details see |
3214 | | * CertGetEnhancedKeyUsage doc. |
3215 | | */ |
3216 | | if(CertGetEnhancedKeyUsage(pContext, 0, NULL, &req_size)) { |
3217 | | if(req_size && req_size > enhkey_usage_size) { |
3218 | | void *tmp = realloc(enhkey_usage, req_size); |
3219 | | |
3220 | | if(!tmp) { |
3221 | | failf(data, "SSL: Out of memory allocating for OID list"); |
3222 | | result = CURLE_OUT_OF_MEMORY; |
3223 | | break; |
3224 | | } |
3225 | | |
3226 | | enhkey_usage = (CERT_ENHKEY_USAGE *)tmp; |
3227 | | enhkey_usage_size = req_size; |
3228 | | } |
3229 | | |
3230 | | if(CertGetEnhancedKeyUsage(pContext, 0, enhkey_usage, &req_size)) { |
3231 | | if(!enhkey_usage->cUsageIdentifier) { |
3232 | | /* "If GetLastError returns CRYPT_E_NOT_FOUND, the certificate |
3233 | | is good for all uses. If it returns zero, the certificate |
3234 | | has no valid uses." */ |
3235 | | if((HRESULT)GetLastError() != CRYPT_E_NOT_FOUND) |
3236 | | continue; |
3237 | | } |
3238 | | else { |
3239 | | DWORD i; |
3240 | | bool found = FALSE; |
3241 | | |
3242 | | for(i = 0; i < enhkey_usage->cUsageIdentifier; ++i) { |
3243 | | if(!strcmp("1.3.6.1.5.5.7.3.1" /* OID server auth */, |
3244 | | enhkey_usage->rgpszUsageIdentifier[i])) { |
3245 | | found = TRUE; |
3246 | | break; |
3247 | | } |
3248 | | } |
3249 | | |
3250 | | if(!found) |
3251 | | continue; |
3252 | | } |
3253 | | } |
3254 | | else |
3255 | | continue; |
3256 | | } |
3257 | | else |
3258 | | continue; |
3259 | | |
3260 | | x509 = d2i_X509(NULL, &encoded_cert, (long)pContext->cbCertEncoded); |
3261 | | if(!x509) |
3262 | | continue; |
3263 | | |
3264 | | /* Try to import the certificate. This may fail for legitimate |
3265 | | reasons such as duplicate certificate, which is allowed by MS but |
3266 | | not OpenSSL. */ |
3267 | | if(X509_STORE_add_cert(store, x509) == 1) { |
3268 | | #if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS) |
3269 | | infof(data, "SSL: Imported cert"); |
3270 | | #endif |
3271 | | *imported = TRUE; |
3272 | | } |
3273 | | X509_free(x509); |
3274 | | } |
3275 | | |
3276 | | free(enhkey_usage); |
3277 | | CertFreeCertificateContext(pContext); |
3278 | | CertCloseStore(hStore, 0); |
3279 | | |
3280 | | if(result) |
3281 | | return result; |
3282 | | } |
3283 | | |
3284 | | return result; |
3285 | | } |
3286 | | #endif |
3287 | | |
3288 | | static CURLcode ossl_populate_x509_store(struct Curl_cfilter *cf, |
3289 | | struct Curl_easy *data, |
3290 | | X509_STORE *store) |
3291 | 21 | { |
3292 | 21 | struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); |
3293 | 21 | struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); |
3294 | 21 | CURLcode result = CURLE_OK; |
3295 | 21 | X509_LOOKUP *lookup = NULL; |
3296 | 21 | const struct curl_blob *ca_info_blob = conn_config->ca_info_blob; |
3297 | 21 | const char * const ssl_cafile = |
3298 | | /* CURLOPT_CAINFO_BLOB overrides CURLOPT_CAINFO */ |
3299 | 21 | (ca_info_blob ? NULL : conn_config->CAfile); |
3300 | 21 | const char * const ssl_capath = conn_config->CApath; |
3301 | 21 | const char * const ssl_crlfile = ssl_config->primary.CRLfile; |
3302 | 21 | const bool verifypeer = conn_config->verifypeer; |
3303 | 21 | bool imported_native_ca = FALSE; |
3304 | 21 | bool imported_ca_info_blob = FALSE; |
3305 | | |
3306 | 21 | CURL_TRC_CF(data, cf, "ossl_populate_x509_store, path=%s, blob=%d", |
3307 | 21 | ssl_cafile ? ssl_cafile : "none", !!ca_info_blob); |
3308 | 21 | if(!store) |
3309 | 0 | return CURLE_OUT_OF_MEMORY; |
3310 | | |
3311 | 21 | if(verifypeer) { |
3312 | | #ifdef USE_WIN32_CRYPTO |
3313 | | /* Import certificates from the Windows root certificate store if |
3314 | | requested. |
3315 | | https://stackoverflow.com/questions/9507184/ |
3316 | | https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L1037 |
3317 | | https://datatracker.ietf.org/doc/html/rfc5280 */ |
3318 | | if(ssl_config->native_ca_store) { |
3319 | | const char *storeNames[] = { |
3320 | | "ROOT", /* Trusted Root Certification Authorities */ |
3321 | | "CA" /* Intermediate Certification Authorities */ |
3322 | | }; |
3323 | | size_t i; |
3324 | | for(i = 0; i < CURL_ARRAYSIZE(storeNames); ++i) { |
3325 | | bool imported = FALSE; |
3326 | | result = import_windows_cert_store(data, storeNames[i], store, |
3327 | | &imported); |
3328 | | if(result) |
3329 | | return result; |
3330 | | if(imported) { |
3331 | | infof(data, "successfully imported Windows %s store", storeNames[i]); |
3332 | | imported_native_ca = TRUE; |
3333 | | } |
3334 | | else |
3335 | | infof(data, "error importing Windows %s store, continuing anyway", |
3336 | | storeNames[i]); |
3337 | | } |
3338 | | } |
3339 | | #endif |
3340 | 21 | if(ca_info_blob) { |
3341 | 0 | result = load_cacert_from_memory(store, ca_info_blob); |
3342 | 0 | if(result) { |
3343 | 0 | failf(data, "error importing CA certificate blob"); |
3344 | 0 | return result; |
3345 | 0 | } |
3346 | 0 | else { |
3347 | 0 | imported_ca_info_blob = TRUE; |
3348 | 0 | infof(data, "successfully imported CA certificate blob"); |
3349 | 0 | } |
3350 | 0 | } |
3351 | | |
3352 | 21 | if(ssl_cafile || ssl_capath) { |
3353 | | #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) |
3354 | | /* OpenSSL 3.0.0 has deprecated SSL_CTX_load_verify_locations */ |
3355 | | if(ssl_cafile && !X509_STORE_load_file(store, ssl_cafile)) { |
3356 | | if(!imported_native_ca && !imported_ca_info_blob) { |
3357 | | /* Fail if we insist on successfully verifying the server. */ |
3358 | | failf(data, "error setting certificate file: %s", ssl_cafile); |
3359 | | return CURLE_SSL_CACERT_BADFILE; |
3360 | | } |
3361 | | else |
3362 | | infof(data, "error setting certificate file, continuing anyway"); |
3363 | | } |
3364 | | if(ssl_capath && !X509_STORE_load_path(store, ssl_capath)) { |
3365 | | if(!imported_native_ca && !imported_ca_info_blob) { |
3366 | | /* Fail if we insist on successfully verifying the server. */ |
3367 | | failf(data, "error setting certificate path: %s", ssl_capath); |
3368 | | return CURLE_SSL_CACERT_BADFILE; |
3369 | | } |
3370 | | else |
3371 | | infof(data, "error setting certificate path, continuing anyway"); |
3372 | | } |
3373 | | #else |
3374 | | /* tell OpenSSL where to find CA certificates that are used to verify the |
3375 | | server's certificate. */ |
3376 | 21 | if(!X509_STORE_load_locations(store, ssl_cafile, ssl_capath)) { |
3377 | 0 | if(!imported_native_ca && !imported_ca_info_blob) { |
3378 | | /* Fail if we insist on successfully verifying the server. */ |
3379 | 0 | failf(data, "error setting certificate verify locations:" |
3380 | 0 | " CAfile: %s CApath: %s", |
3381 | 0 | ssl_cafile ? ssl_cafile : "none", |
3382 | 0 | ssl_capath ? ssl_capath : "none"); |
3383 | 0 | return CURLE_SSL_CACERT_BADFILE; |
3384 | 0 | } |
3385 | 0 | else { |
3386 | 0 | infof(data, "error setting certificate verify locations," |
3387 | 0 | " continuing anyway"); |
3388 | 0 | } |
3389 | 0 | } |
3390 | 21 | #endif |
3391 | 21 | infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none"); |
3392 | 21 | infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none"); |
3393 | 21 | } |
3394 | | |
3395 | | #ifdef CURL_CA_FALLBACK |
3396 | | if(!ssl_cafile && !ssl_capath && |
3397 | | !imported_native_ca && !imported_ca_info_blob) { |
3398 | | /* verifying the peer without any CA certificates will not |
3399 | | work so use OpenSSL's built-in default as fallback */ |
3400 | | X509_STORE_set_default_paths(store); |
3401 | | } |
3402 | | #endif |
3403 | 21 | } |
3404 | | |
3405 | 21 | if(ssl_crlfile) { |
3406 | | /* tell OpenSSL where to find CRL file that is used to check certificate |
3407 | | * revocation */ |
3408 | 0 | lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); |
3409 | 0 | if(!lookup || |
3410 | 0 | (!X509_load_crl_file(lookup, ssl_crlfile, X509_FILETYPE_PEM)) ) { |
3411 | 0 | failf(data, "error loading CRL file: %s", ssl_crlfile); |
3412 | 0 | return CURLE_SSL_CRL_BADFILE; |
3413 | 0 | } |
3414 | | /* Everything is fine. */ |
3415 | 0 | infof(data, "successfully loaded CRL file:"); |
3416 | 0 | X509_STORE_set_flags(store, |
3417 | 0 | X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL); |
3418 | |
|
3419 | 0 | infof(data, " CRLfile: %s", ssl_crlfile); |
3420 | 0 | } |
3421 | | |
3422 | 21 | if(verifypeer) { |
3423 | | /* Try building a chain using issuers in the trusted store first to avoid |
3424 | | problems with server-sent legacy intermediates. Newer versions of |
3425 | | OpenSSL do alternate chain checking by default but we do not know how to |
3426 | | determine that in a reliable manner. |
3427 | | https://web.archive.org/web/20190422050538/ |
3428 | | rt.openssl.org/Ticket/Display.html?id=3621 |
3429 | | */ |
3430 | 21 | #ifdef X509_V_FLAG_TRUSTED_FIRST |
3431 | 21 | X509_STORE_set_flags(store, X509_V_FLAG_TRUSTED_FIRST); |
3432 | 21 | #endif |
3433 | 21 | #ifdef X509_V_FLAG_PARTIAL_CHAIN |
3434 | 21 | if(!ssl_config->no_partialchain && !ssl_crlfile) { |
3435 | | /* Have intermediate certificates in the trust store be treated as |
3436 | | trust-anchors, in the same way as self-signed root CA certificates |
3437 | | are. This allows users to verify servers using the intermediate cert |
3438 | | only, instead of needing the whole chain. |
3439 | | |
3440 | | Due to OpenSSL bug https://github.com/openssl/openssl/issues/5081 we |
3441 | | cannot do partial chains with a CRL check. |
3442 | | */ |
3443 | 21 | X509_STORE_set_flags(store, X509_V_FLAG_PARTIAL_CHAIN); |
3444 | 21 | } |
3445 | 21 | #endif |
3446 | 21 | } |
3447 | | |
3448 | 21 | return result; |
3449 | 21 | } |
3450 | | |
3451 | | #ifdef HAVE_SSL_X509_STORE_SHARE |
3452 | | |
3453 | | /* key to use at `multi->proto_hash` */ |
3454 | 21 | #define MPROTO_OSSL_X509_KEY "tls:ossl:x509:share" |
3455 | | |
3456 | | struct ossl_x509_share { |
3457 | | char *CAfile; /* CAfile path used to generate X509 store */ |
3458 | | X509_STORE *store; /* cached X509 store or NULL if none */ |
3459 | | struct curltime time; /* when the cached store was created */ |
3460 | | }; |
3461 | | |
3462 | | static void oss_x509_share_free(void *key, size_t key_len, void *p) |
3463 | 0 | { |
3464 | 0 | struct ossl_x509_share *share = p; |
3465 | 0 | DEBUGASSERT(key_len == (sizeof(MPROTO_OSSL_X509_KEY)-1)); |
3466 | 0 | DEBUGASSERT(!memcmp(MPROTO_OSSL_X509_KEY, key, key_len)); |
3467 | 0 | (void)key; |
3468 | 0 | (void)key_len; |
3469 | 0 | if(share->store) { |
3470 | 0 | X509_STORE_free(share->store); |
3471 | 0 | } |
3472 | 0 | free(share->CAfile); |
3473 | 0 | free(share); |
3474 | 0 | } |
3475 | | |
3476 | | static bool |
3477 | | ossl_cached_x509_store_expired(const struct Curl_easy *data, |
3478 | | const struct ossl_x509_share *mb) |
3479 | 0 | { |
3480 | 0 | const struct ssl_general_config *cfg = &data->set.general_ssl; |
3481 | 0 | if(cfg->ca_cache_timeout < 0) |
3482 | 0 | return FALSE; |
3483 | 0 | else { |
3484 | 0 | struct curltime now = curlx_now(); |
3485 | 0 | timediff_t elapsed_ms = curlx_timediff(now, mb->time); |
3486 | 0 | timediff_t timeout_ms = cfg->ca_cache_timeout * (timediff_t)1000; |
3487 | |
|
3488 | 0 | return elapsed_ms >= timeout_ms; |
3489 | 0 | } |
3490 | 0 | } |
3491 | | |
3492 | | static bool |
3493 | | ossl_cached_x509_store_different(struct Curl_cfilter *cf, |
3494 | | const struct ossl_x509_share *mb) |
3495 | 0 | { |
3496 | 0 | struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); |
3497 | 0 | if(!mb->CAfile || !conn_config->CAfile) |
3498 | 0 | return mb->CAfile != conn_config->CAfile; |
3499 | | |
3500 | 0 | return strcmp(mb->CAfile, conn_config->CAfile); |
3501 | 0 | } |
3502 | | |
3503 | | static X509_STORE *ossl_get_cached_x509_store(struct Curl_cfilter *cf, |
3504 | | const struct Curl_easy *data) |
3505 | 21 | { |
3506 | 21 | struct Curl_multi *multi = data->multi; |
3507 | 21 | struct ossl_x509_share *share; |
3508 | 21 | X509_STORE *store = NULL; |
3509 | | |
3510 | 21 | DEBUGASSERT(multi); |
3511 | 21 | share = multi ? Curl_hash_pick(&multi->proto_hash, |
3512 | 21 | CURL_UNCONST(MPROTO_OSSL_X509_KEY), |
3513 | 21 | sizeof(MPROTO_OSSL_X509_KEY)-1) : NULL; |
3514 | 21 | if(share && share->store && |
3515 | 21 | !ossl_cached_x509_store_expired(data, share) && |
3516 | 21 | !ossl_cached_x509_store_different(cf, share)) { |
3517 | 0 | store = share->store; |
3518 | 0 | } |
3519 | | |
3520 | 21 | return store; |
3521 | 21 | } |
3522 | | |
3523 | | static void ossl_set_cached_x509_store(struct Curl_cfilter *cf, |
3524 | | const struct Curl_easy *data, |
3525 | | X509_STORE *store) |
3526 | 0 | { |
3527 | 0 | struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); |
3528 | 0 | struct Curl_multi *multi = data->multi; |
3529 | 0 | struct ossl_x509_share *share; |
3530 | |
|
3531 | 0 | DEBUGASSERT(multi); |
3532 | 0 | if(!multi) |
3533 | 0 | return; |
3534 | 0 | share = Curl_hash_pick(&multi->proto_hash, |
3535 | 0 | CURL_UNCONST(MPROTO_OSSL_X509_KEY), |
3536 | 0 | sizeof(MPROTO_OSSL_X509_KEY)-1); |
3537 | |
|
3538 | 0 | if(!share) { |
3539 | 0 | share = calloc(1, sizeof(*share)); |
3540 | 0 | if(!share) |
3541 | 0 | return; |
3542 | 0 | if(!Curl_hash_add2(&multi->proto_hash, |
3543 | 0 | CURL_UNCONST(MPROTO_OSSL_X509_KEY), |
3544 | 0 | sizeof(MPROTO_OSSL_X509_KEY)-1, |
3545 | 0 | share, oss_x509_share_free)) { |
3546 | 0 | free(share); |
3547 | 0 | return; |
3548 | 0 | } |
3549 | 0 | } |
3550 | | |
3551 | 0 | if(X509_STORE_up_ref(store)) { |
3552 | 0 | char *CAfile = NULL; |
3553 | |
|
3554 | 0 | if(conn_config->CAfile) { |
3555 | 0 | CAfile = strdup(conn_config->CAfile); |
3556 | 0 | if(!CAfile) { |
3557 | 0 | X509_STORE_free(store); |
3558 | 0 | return; |
3559 | 0 | } |
3560 | 0 | } |
3561 | | |
3562 | 0 | if(share->store) { |
3563 | 0 | X509_STORE_free(share->store); |
3564 | 0 | free(share->CAfile); |
3565 | 0 | } |
3566 | |
|
3567 | 0 | share->time = curlx_now(); |
3568 | 0 | share->store = store; |
3569 | 0 | share->CAfile = CAfile; |
3570 | 0 | } |
3571 | 0 | } |
3572 | | |
3573 | | CURLcode Curl_ssl_setup_x509_store(struct Curl_cfilter *cf, |
3574 | | struct Curl_easy *data, |
3575 | | SSL_CTX *ssl_ctx) |
3576 | 21 | { |
3577 | 21 | struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); |
3578 | 21 | struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); |
3579 | 21 | CURLcode result = CURLE_OK; |
3580 | 21 | X509_STORE *cached_store; |
3581 | 21 | bool cache_criteria_met; |
3582 | | |
3583 | | /* Consider the X509 store cacheable if it comes exclusively from a CAfile, |
3584 | | or no source is provided and we are falling back to OpenSSL's built-in |
3585 | | default. */ |
3586 | 21 | cache_criteria_met = (data->set.general_ssl.ca_cache_timeout != 0) && |
3587 | 21 | conn_config->verifypeer && |
3588 | 21 | !conn_config->CApath && |
3589 | 21 | !conn_config->ca_info_blob && |
3590 | 21 | !ssl_config->primary.CRLfile && |
3591 | 21 | !ssl_config->native_ca_store; |
3592 | | |
3593 | 21 | cached_store = ossl_get_cached_x509_store(cf, data); |
3594 | 21 | if(cached_store && cache_criteria_met && X509_STORE_up_ref(cached_store)) { |
3595 | 0 | SSL_CTX_set_cert_store(ssl_ctx, cached_store); |
3596 | 0 | } |
3597 | 21 | else { |
3598 | 21 | X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx); |
3599 | | |
3600 | 21 | result = ossl_populate_x509_store(cf, data, store); |
3601 | 21 | if(result == CURLE_OK && cache_criteria_met) { |
3602 | 0 | ossl_set_cached_x509_store(cf, data, store); |
3603 | 0 | } |
3604 | 21 | } |
3605 | | |
3606 | 21 | return result; |
3607 | 21 | } |
3608 | | #else /* HAVE_SSL_X509_STORE_SHARE */ |
3609 | | CURLcode Curl_ssl_setup_x509_store(struct Curl_cfilter *cf, |
3610 | | struct Curl_easy *data, |
3611 | | SSL_CTX *ssl_ctx) |
3612 | | { |
3613 | | X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx); |
3614 | | |
3615 | | return ossl_populate_x509_store(cf, data, store); |
3616 | | } |
3617 | | #endif /* HAVE_SSL_X509_STORE_SHARE */ |
3618 | | |
3619 | | |
3620 | | static CURLcode |
3621 | | ossl_init_session_and_alpns(struct ossl_ctx *octx, |
3622 | | struct Curl_cfilter *cf, |
3623 | | struct Curl_easy *data, |
3624 | | struct ssl_peer *peer, |
3625 | | const struct alpn_spec *alpns_requested, |
3626 | | Curl_ossl_init_session_reuse_cb *sess_reuse_cb) |
3627 | 21 | { |
3628 | 21 | struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); |
3629 | 21 | struct alpn_spec alpns; |
3630 | 21 | char error_buffer[256]; |
3631 | 21 | CURLcode result; |
3632 | | |
3633 | 21 | Curl_alpn_copy(&alpns, alpns_requested); |
3634 | | |
3635 | 21 | octx->reused_session = FALSE; |
3636 | 21 | if(ssl_config->primary.cache_session) { |
3637 | 21 | struct Curl_ssl_session *scs = NULL; |
3638 | | |
3639 | 21 | result = Curl_ssl_scache_take(cf, data, peer->scache_key, &scs); |
3640 | 21 | if(!result && scs && scs->sdata && scs->sdata_len) { |
3641 | 0 | const unsigned char *der_sessionid = scs->sdata; |
3642 | 0 | size_t der_sessionid_size = scs->sdata_len; |
3643 | 0 | SSL_SESSION *ssl_session = NULL; |
3644 | | |
3645 | | /* If OpenSSL does not accept the session from the cache, this |
3646 | | * is not an error. We just continue without it. */ |
3647 | 0 | ssl_session = d2i_SSL_SESSION(NULL, &der_sessionid, |
3648 | 0 | (long)der_sessionid_size); |
3649 | 0 | if(ssl_session) { |
3650 | 0 | if(!SSL_set_session(octx->ssl, ssl_session)) { |
3651 | 0 | infof(data, "SSL: SSL_set_session not accepted, " |
3652 | 0 | "continuing without: %s", |
3653 | 0 | ossl_strerror(ERR_get_error(), error_buffer, |
3654 | 0 | sizeof(error_buffer))); |
3655 | 0 | } |
3656 | 0 | else { |
3657 | 0 | infof(data, "SSL reusing session with ALPN '%s'", |
3658 | 0 | scs->alpn ? scs->alpn : "-"); |
3659 | 0 | octx->reused_session = TRUE; |
3660 | 0 | #ifdef HAVE_OPENSSL_EARLYDATA |
3661 | 0 | if(ssl_config->earlydata && scs->alpn && |
3662 | 0 | SSL_SESSION_get_max_early_data(ssl_session) && |
3663 | 0 | !cf->conn->connect_only && |
3664 | 0 | (SSL_version(octx->ssl) == TLS1_3_VERSION)) { |
3665 | 0 | bool do_early_data = FALSE; |
3666 | 0 | if(sess_reuse_cb) { |
3667 | 0 | result = sess_reuse_cb(cf, data, &alpns, scs, &do_early_data); |
3668 | 0 | if(result) |
3669 | 0 | return result; |
3670 | 0 | } |
3671 | 0 | if(do_early_data) { |
3672 | | /* We only try the ALPN protocol the session used before, |
3673 | | * otherwise we might send early data for the wrong protocol */ |
3674 | 0 | Curl_alpn_restrict_to(&alpns, scs->alpn); |
3675 | 0 | } |
3676 | 0 | } |
3677 | | #else |
3678 | | (void)sess_reuse_cb; |
3679 | | #endif |
3680 | 0 | } |
3681 | 0 | SSL_SESSION_free(ssl_session); |
3682 | 0 | } |
3683 | 0 | else { |
3684 | 0 | infof(data, "SSL session not accepted by OpenSSL, continuing without"); |
3685 | 0 | } |
3686 | 0 | } |
3687 | 21 | Curl_ssl_scache_return(cf, data, peer->scache_key, scs); |
3688 | 21 | } |
3689 | | |
3690 | 21 | #ifdef HAS_ALPN_OPENSSL |
3691 | 21 | if(alpns.count) { |
3692 | 21 | struct alpn_proto_buf proto; |
3693 | 21 | memset(&proto, 0, sizeof(proto)); |
3694 | 21 | result = Curl_alpn_to_proto_buf(&proto, &alpns); |
3695 | 21 | if(result) { |
3696 | 0 | failf(data, "Error determining ALPN"); |
3697 | 0 | return CURLE_SSL_CONNECT_ERROR; |
3698 | 0 | } |
3699 | 21 | if(SSL_set_alpn_protos(octx->ssl, proto.data, (int)proto.len)) { |
3700 | 0 | failf(data, "Error setting ALPN"); |
3701 | 0 | return CURLE_SSL_CONNECT_ERROR; |
3702 | 0 | } |
3703 | 21 | } |
3704 | 21 | #endif |
3705 | | |
3706 | 21 | return CURLE_OK; |
3707 | 21 | } |
3708 | | |
3709 | | #ifdef USE_ECH_OPENSSL |
3710 | | static CURLcode ossl_init_ech(struct ossl_ctx *octx, |
3711 | | struct Curl_cfilter *cf, |
3712 | | struct Curl_easy *data, |
3713 | | struct ssl_peer *peer) |
3714 | | { |
3715 | | unsigned char *ech_config = NULL; |
3716 | | size_t ech_config_len = 0; |
3717 | | char *outername = data->set.str[STRING_ECH_PUBLIC]; |
3718 | | int trying_ech_now = 0; |
3719 | | CURLcode result; |
3720 | | |
3721 | | if(!ECH_ENABLED(data)) |
3722 | | return CURLE_OK; |
3723 | | |
3724 | | if(data->set.tls_ech & CURLECH_GREASE) { |
3725 | | infof(data, "ECH: will GREASE ClientHello"); |
3726 | | # if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC) |
3727 | | SSL_set_enable_ech_grease(octx->ssl, 1); |
3728 | | # else |
3729 | | SSL_set_options(octx->ssl, SSL_OP_ECH_GREASE); |
3730 | | # endif |
3731 | | } |
3732 | | else if(data->set.tls_ech & CURLECH_CLA_CFG) { |
3733 | | # if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC) |
3734 | | /* have to do base64 decode here for BoringSSL */ |
3735 | | const char *b64 = data->set.str[STRING_ECH_CONFIG]; |
3736 | | |
3737 | | if(!b64) { |
3738 | | infof(data, "ECH: ECHConfig from command line empty"); |
3739 | | return CURLE_SSL_CONNECT_ERROR; |
3740 | | } |
3741 | | ech_config_len = 2 * strlen(b64); |
3742 | | result = curlx_base64_decode(b64, &ech_config, &ech_config_len); |
3743 | | if(result || !ech_config) { |
3744 | | infof(data, "ECH: cannot base64 decode ECHConfig from command line"); |
3745 | | if(data->set.tls_ech & CURLECH_HARD) |
3746 | | return result; |
3747 | | } |
3748 | | if(SSL_set1_ech_config_list(octx->ssl, ech_config, |
3749 | | ech_config_len) != 1) { |
3750 | | infof(data, "ECH: SSL_ECH_set1_ech_config_list failed"); |
3751 | | if(data->set.tls_ech & CURLECH_HARD) { |
3752 | | free(ech_config); |
3753 | | return CURLE_SSL_CONNECT_ERROR; |
3754 | | } |
3755 | | } |
3756 | | free(ech_config); |
3757 | | trying_ech_now = 1; |
3758 | | # else |
3759 | | ech_config = (unsigned char *) data->set.str[STRING_ECH_CONFIG]; |
3760 | | if(!ech_config) { |
3761 | | infof(data, "ECH: ECHConfig from command line empty"); |
3762 | | return CURLE_SSL_CONNECT_ERROR; |
3763 | | } |
3764 | | ech_config_len = strlen(data->set.str[STRING_ECH_CONFIG]); |
3765 | | if(SSL_set1_ech_config_list(octx->ssl, ech_config, |
3766 | | ech_config_len) != 1) { |
3767 | | infof(data, "ECH: SSL_ECH_set1_ech_config_list failed"); |
3768 | | if(data->set.tls_ech & CURLECH_HARD) |
3769 | | return CURLE_SSL_CONNECT_ERROR; |
3770 | | } |
3771 | | else |
3772 | | trying_ech_now = 1; |
3773 | | # endif |
3774 | | infof(data, "ECH: ECHConfig from command line"); |
3775 | | } |
3776 | | else { |
3777 | | struct Curl_dns_entry *dns = NULL; |
3778 | | |
3779 | | if(peer->hostname) |
3780 | | dns = Curl_dnscache_get(data, peer->hostname, peer->port, |
3781 | | cf->conn->ip_version); |
3782 | | if(!dns) { |
3783 | | infof(data, "ECH: requested but no DNS info available"); |
3784 | | if(data->set.tls_ech & CURLECH_HARD) |
3785 | | return CURLE_SSL_CONNECT_ERROR; |
3786 | | } |
3787 | | else { |
3788 | | struct Curl_https_rrinfo *rinfo = NULL; |
3789 | | |
3790 | | rinfo = dns->hinfo; |
3791 | | if(rinfo && rinfo->echconfiglist) { |
3792 | | unsigned char *ecl = rinfo->echconfiglist; |
3793 | | size_t elen = rinfo->echconfiglist_len; |
3794 | | |
3795 | | infof(data, "ECH: ECHConfig from DoH HTTPS RR"); |
3796 | | if(SSL_set1_ech_config_list(octx->ssl, ecl, elen) != 1) { |
3797 | | infof(data, "ECH: SSL_set1_ech_config_list failed"); |
3798 | | if(data->set.tls_ech & CURLECH_HARD) |
3799 | | return CURLE_SSL_CONNECT_ERROR; |
3800 | | } |
3801 | | else { |
3802 | | trying_ech_now = 1; |
3803 | | infof(data, "ECH: imported ECHConfigList of length %zu", elen); |
3804 | | } |
3805 | | } |
3806 | | else { |
3807 | | infof(data, "ECH: requested but no ECHConfig available"); |
3808 | | if(data->set.tls_ech & CURLECH_HARD) |
3809 | | return CURLE_SSL_CONNECT_ERROR; |
3810 | | } |
3811 | | Curl_resolv_unlink(data, &dns); |
3812 | | } |
3813 | | } |
3814 | | # if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC) |
3815 | | if(trying_ech_now && outername) { |
3816 | | infof(data, "ECH: setting public_name not supported with BoringSSL"); |
3817 | | return CURLE_SSL_CONNECT_ERROR; |
3818 | | } |
3819 | | # else |
3820 | | if(trying_ech_now && outername) { |
3821 | | infof(data, "ECH: inner: '%s', outer: '%s'", |
3822 | | peer->hostname ? peer->hostname : "NULL", outername); |
3823 | | result = SSL_ech_set1_server_names(octx->ssl, |
3824 | | peer->hostname, outername, |
3825 | | 0 /* do send outer */); |
3826 | | if(result != 1) { |
3827 | | infof(data, "ECH: rv failed to set server name(s) %d [ERROR]", result); |
3828 | | return CURLE_SSL_CONNECT_ERROR; |
3829 | | } |
3830 | | } |
3831 | | # endif /* OPENSSL_IS_BORINGSSL || OPENSSL_IS_AWSLC */ |
3832 | | if(trying_ech_now |
3833 | | && SSL_set_min_proto_version(octx->ssl, TLS1_3_VERSION) != 1) { |
3834 | | infof(data, "ECH: cannot force TLSv1.3 [ERROR]"); |
3835 | | return CURLE_SSL_CONNECT_ERROR; |
3836 | | } |
3837 | | |
3838 | | return CURLE_OK; |
3839 | | } |
3840 | | #endif /* USE_ECH_OPENSSL */ |
3841 | | |
3842 | | |
3843 | | static CURLcode ossl_init_ssl(struct ossl_ctx *octx, |
3844 | | struct Curl_cfilter *cf, |
3845 | | struct Curl_easy *data, |
3846 | | struct ssl_peer *peer, |
3847 | | const struct alpn_spec *alpns_requested, |
3848 | | void *ssl_user_data, |
3849 | | Curl_ossl_init_session_reuse_cb *sess_reuse_cb) |
3850 | 21 | { |
3851 | | /* Let's make an SSL structure */ |
3852 | 21 | if(octx->ssl) |
3853 | 0 | SSL_free(octx->ssl); |
3854 | 21 | octx->ssl = SSL_new(octx->ssl_ctx); |
3855 | 21 | if(!octx->ssl) { |
3856 | 0 | failf(data, "SSL: could not create a context (handle)"); |
3857 | 0 | return CURLE_OUT_OF_MEMORY; |
3858 | 0 | } |
3859 | | |
3860 | 21 | SSL_set_app_data(octx->ssl, ssl_user_data); |
3861 | | |
3862 | 21 | #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_OCSP) |
3863 | 21 | if(Curl_ssl_cf_get_primary_config(cf)->verifystatus) |
3864 | 0 | SSL_set_tlsext_status_type(octx->ssl, TLSEXT_STATUSTYPE_ocsp); |
3865 | 21 | #endif |
3866 | | |
3867 | | #if (defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)) && \ |
3868 | | defined(ALLOW_RENEG) |
3869 | | SSL_set_renegotiate_mode(octx->ssl, ssl_renegotiate_freely); |
3870 | | #endif |
3871 | | |
3872 | 21 | SSL_set_connect_state(octx->ssl); |
3873 | | |
3874 | 21 | octx->server_cert = NULL; |
3875 | 21 | #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME |
3876 | 21 | if(peer->sni) { |
3877 | 21 | if(!SSL_set_tlsext_host_name(octx->ssl, peer->sni)) { |
3878 | 0 | failf(data, "Failed set SNI"); |
3879 | 0 | return CURLE_SSL_CONNECT_ERROR; |
3880 | 0 | } |
3881 | 21 | } |
3882 | | |
3883 | | #ifdef USE_ECH_OPENSSL |
3884 | | { |
3885 | | CURLcode result = ossl_init_ech(octx, cf, data, peer); |
3886 | | if(result) |
3887 | | return result; |
3888 | | } |
3889 | | #endif /* USE_ECH_OPENSSL */ |
3890 | | |
3891 | 21 | #endif |
3892 | | |
3893 | 21 | return ossl_init_session_and_alpns(octx, cf, data, peer, |
3894 | 21 | alpns_requested, sess_reuse_cb); |
3895 | 21 | } |
3896 | | |
3897 | | |
3898 | | static CURLcode ossl_init_method(struct Curl_cfilter *cf, |
3899 | | struct Curl_easy *data, |
3900 | | struct ssl_peer *peer, |
3901 | | const SSL_METHOD **pmethod, |
3902 | | unsigned int *pssl_version_min) |
3903 | 21 | { |
3904 | 21 | struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); |
3905 | | |
3906 | 21 | *pmethod = NULL; |
3907 | 21 | *pssl_version_min = conn_config->version; |
3908 | 21 | switch(peer->transport) { |
3909 | 21 | case TRNSPRT_TCP: |
3910 | | /* check to see if we have been told to use an explicit SSL/TLS version */ |
3911 | 21 | switch(*pssl_version_min) { |
3912 | 21 | case CURL_SSLVERSION_DEFAULT: |
3913 | 21 | case CURL_SSLVERSION_TLSv1: |
3914 | 21 | case CURL_SSLVERSION_TLSv1_0: |
3915 | 21 | case CURL_SSLVERSION_TLSv1_1: |
3916 | 21 | case CURL_SSLVERSION_TLSv1_2: |
3917 | 21 | case CURL_SSLVERSION_TLSv1_3: |
3918 | | /* it will be handled later with the context options */ |
3919 | 21 | #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) |
3920 | 21 | *pmethod = TLS_client_method(); |
3921 | | #else |
3922 | | *pmethod = SSLv23_client_method(); |
3923 | | #endif |
3924 | 21 | break; |
3925 | 0 | case CURL_SSLVERSION_SSLv2: |
3926 | 0 | failf(data, "No SSLv2 support"); |
3927 | 0 | return CURLE_NOT_BUILT_IN; |
3928 | 0 | case CURL_SSLVERSION_SSLv3: |
3929 | 0 | failf(data, "No SSLv3 support"); |
3930 | 0 | return CURLE_NOT_BUILT_IN; |
3931 | 0 | default: |
3932 | 0 | failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION"); |
3933 | 0 | return CURLE_SSL_CONNECT_ERROR; |
3934 | 21 | } |
3935 | 21 | break; |
3936 | 21 | case TRNSPRT_QUIC: |
3937 | 0 | *pssl_version_min = CURL_SSLVERSION_TLSv1_3; |
3938 | 0 | if(conn_config->version_max && |
3939 | 0 | (conn_config->version_max != CURL_SSLVERSION_MAX_TLSv1_3)) { |
3940 | 0 | failf(data, "QUIC needs at least TLS version 1.3"); |
3941 | 0 | return CURLE_SSL_CONNECT_ERROR; |
3942 | 0 | } |
3943 | | |
3944 | | #ifdef USE_OPENSSL_QUIC |
3945 | | *pmethod = OSSL_QUIC_client_method(); |
3946 | | #elif (OPENSSL_VERSION_NUMBER >= 0x10100000L) |
3947 | 0 | *pmethod = TLS_method(); |
3948 | | #else |
3949 | | *pmethod = SSLv23_client_method(); |
3950 | | #endif |
3951 | 0 | break; |
3952 | 0 | default: |
3953 | 0 | failf(data, "unsupported transport %d in SSL init", peer->transport); |
3954 | 0 | return CURLE_SSL_CONNECT_ERROR; |
3955 | 21 | } |
3956 | | |
3957 | 21 | return *pmethod ? CURLE_OK : CURLE_SSL_CONNECT_ERROR; |
3958 | 21 | } |
3959 | | |
3960 | | |
3961 | | CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, |
3962 | | struct Curl_cfilter *cf, |
3963 | | struct Curl_easy *data, |
3964 | | struct ssl_peer *peer, |
3965 | | const struct alpn_spec *alpns_requested, |
3966 | | Curl_ossl_ctx_setup_cb *cb_setup, |
3967 | | void *cb_user_data, |
3968 | | Curl_ossl_new_session_cb *cb_new_session, |
3969 | | void *ssl_user_data, |
3970 | | Curl_ossl_init_session_reuse_cb *sess_reuse_cb) |
3971 | 21 | { |
3972 | 21 | CURLcode result = CURLE_OK; |
3973 | 21 | const char *ciphers; |
3974 | 21 | const SSL_METHOD *req_method = NULL; |
3975 | 21 | ctx_option_t ctx_options = 0; |
3976 | 21 | struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); |
3977 | 21 | struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); |
3978 | 21 | char * const ssl_cert = ssl_config->primary.clientcert; |
3979 | 21 | const struct curl_blob *ssl_cert_blob = ssl_config->primary.cert_blob; |
3980 | 21 | const char * const ssl_cert_type = ssl_config->cert_type; |
3981 | 21 | const bool verifypeer = conn_config->verifypeer; |
3982 | 21 | unsigned int ssl_version_min; |
3983 | 21 | char error_buffer[256]; |
3984 | | |
3985 | | /* Make funny stuff to get random input */ |
3986 | 21 | result = ossl_seed(data); |
3987 | 21 | if(result) |
3988 | 0 | return result; |
3989 | | |
3990 | 21 | ssl_config->certverifyresult = !X509_V_OK; |
3991 | | |
3992 | 21 | result = ossl_init_method(cf, data, peer, &req_method, &ssl_version_min); |
3993 | 21 | if(result) |
3994 | 0 | return result; |
3995 | 21 | DEBUGASSERT(req_method); |
3996 | | |
3997 | 21 | DEBUGASSERT(!octx->ssl_ctx); |
3998 | 21 | octx->ssl_ctx = |
3999 | | #ifdef OPENSSL_HAS_PROVIDERS |
4000 | | data->state.libctx ? |
4001 | | SSL_CTX_new_ex(data->state.libctx, data->state.propq, req_method): |
4002 | | #endif |
4003 | 21 | SSL_CTX_new(req_method); |
4004 | | |
4005 | 21 | if(!octx->ssl_ctx) { |
4006 | 0 | failf(data, "SSL: could not create a context: %s", |
4007 | 0 | ossl_strerror(ERR_peek_error(), error_buffer, sizeof(error_buffer))); |
4008 | 0 | return CURLE_OUT_OF_MEMORY; |
4009 | 0 | } |
4010 | | |
4011 | 21 | if(cb_setup) { |
4012 | 0 | result = cb_setup(cf, data, cb_user_data); |
4013 | 0 | if(result) |
4014 | 0 | return result; |
4015 | 0 | } |
4016 | | |
4017 | 21 | #ifdef SSL_CTRL_SET_MSG_CALLBACK |
4018 | 21 | if(data->set.fdebug && data->set.verbose) { |
4019 | | /* the SSL trace callback is only used for verbose logging */ |
4020 | 0 | SSL_CTX_set_msg_callback(octx->ssl_ctx, ossl_trace); |
4021 | 0 | SSL_CTX_set_msg_callback_arg(octx->ssl_ctx, cf); |
4022 | 0 | } |
4023 | 21 | #endif |
4024 | | |
4025 | | /* OpenSSL contains code to work around lots of bugs and flaws in various |
4026 | | SSL-implementations. SSL_CTX_set_options() is used to enabled those |
4027 | | work-arounds. The manpage for this option states that SSL_OP_ALL enables |
4028 | | all the work-arounds and that "It is usually safe to use SSL_OP_ALL to |
4029 | | enable the bug workaround options if compatibility with somewhat broken |
4030 | | implementations is desired." |
4031 | | |
4032 | | The "-no_ticket" option was introduced in OpenSSL 0.9.8j. it is a flag to |
4033 | | disable "rfc4507bis session ticket support". rfc4507bis was later turned |
4034 | | into the proper RFC5077: https://datatracker.ietf.org/doc/html/rfc5077 |
4035 | | |
4036 | | The enabled extension concerns the session management. I wonder how often |
4037 | | libcurl stops a connection and then resumes a TLS session. Also, sending |
4038 | | the session data is some overhead. I suggest that you just use your |
4039 | | proposed patch (which explicitly disables TICKET). |
4040 | | |
4041 | | If someone writes an application with libcurl and OpenSSL who wants to |
4042 | | enable the feature, one can do this in the SSL callback. |
4043 | | |
4044 | | SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option enabling allowed proper |
4045 | | interoperability with web server Netscape Enterprise Server 2.0.1 which |
4046 | | was released back in 1996. |
4047 | | |
4048 | | Due to CVE-2010-4180, option SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG has |
4049 | | become ineffective as of OpenSSL 0.9.8q and 1.0.0c. In order to mitigate |
4050 | | CVE-2010-4180 when using previous OpenSSL versions we no longer enable |
4051 | | this option regardless of OpenSSL version and SSL_OP_ALL definition. |
4052 | | |
4053 | | OpenSSL added a work-around for an SSL 3.0/TLS 1.0 CBC vulnerability: |
4054 | | https://web.archive.org/web/20240114184648/openssl.org/~bodo/tls-cbc.txt. |
4055 | | In 0.9.6e they added a bit to SSL_OP_ALL that _disables_ that work-around |
4056 | | despite the fact that SSL_OP_ALL is documented to do "rather harmless" |
4057 | | workarounds. In order to keep the secure work-around, the |
4058 | | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit must not be set. |
4059 | | */ |
4060 | | |
4061 | 21 | ctx_options = SSL_OP_ALL; |
4062 | | |
4063 | 21 | #ifdef SSL_OP_NO_TICKET |
4064 | 21 | ctx_options |= SSL_OP_NO_TICKET; |
4065 | 21 | #endif |
4066 | | |
4067 | 21 | #ifdef SSL_OP_NO_COMPRESSION |
4068 | 21 | ctx_options |= SSL_OP_NO_COMPRESSION; |
4069 | 21 | #endif |
4070 | | |
4071 | 21 | #ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG |
4072 | | /* mitigate CVE-2010-4180 */ |
4073 | 21 | ctx_options &= ~(ctx_option_t)SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG; |
4074 | 21 | #endif |
4075 | | |
4076 | 21 | #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS |
4077 | | /* unless the user explicitly asks to allow the protocol vulnerability we |
4078 | | use the work-around */ |
4079 | 21 | if(!ssl_config->enable_beast) |
4080 | 21 | ctx_options &= ~(ctx_option_t)SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; |
4081 | 21 | #endif |
4082 | | |
4083 | 21 | switch(ssl_version_min) { |
4084 | 0 | case CURL_SSLVERSION_SSLv2: |
4085 | 0 | case CURL_SSLVERSION_SSLv3: |
4086 | 0 | return CURLE_NOT_BUILT_IN; |
4087 | | |
4088 | | /* "--tlsv<x.y>" options mean TLS >= version <x.y> */ |
4089 | 21 | case CURL_SSLVERSION_DEFAULT: |
4090 | 21 | case CURL_SSLVERSION_TLSv1: /* TLS >= version 1.0 */ |
4091 | 21 | case CURL_SSLVERSION_TLSv1_0: /* TLS >= version 1.0 */ |
4092 | 21 | case CURL_SSLVERSION_TLSv1_1: /* TLS >= version 1.1 */ |
4093 | 21 | case CURL_SSLVERSION_TLSv1_2: /* TLS >= version 1.2 */ |
4094 | 21 | case CURL_SSLVERSION_TLSv1_3: /* TLS >= version 1.3 */ |
4095 | | /* asking for any TLS version as the minimum, means no SSL versions |
4096 | | allowed */ |
4097 | 21 | ctx_options |= SSL_OP_NO_SSLv2; |
4098 | 21 | ctx_options |= SSL_OP_NO_SSLv3; |
4099 | | |
4100 | 21 | #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) /* 1.1.0 */ |
4101 | 21 | result = ossl_set_ssl_version_min_max(cf, octx->ssl_ctx); |
4102 | | #else |
4103 | | result = ossl_set_ssl_version_min_max_legacy(&ctx_options, cf, data); |
4104 | | #endif |
4105 | 21 | if(result != CURLE_OK) |
4106 | 0 | return result; |
4107 | 21 | break; |
4108 | | |
4109 | 21 | default: |
4110 | 0 | failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION"); |
4111 | 0 | return CURLE_SSL_CONNECT_ERROR; |
4112 | 21 | } |
4113 | | |
4114 | 21 | SSL_CTX_set_options(octx->ssl_ctx, ctx_options); |
4115 | | |
4116 | 21 | #ifdef SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
4117 | | /* We do retry writes sometimes from another buffer address */ |
4118 | 21 | SSL_CTX_set_mode(octx->ssl_ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); |
4119 | 21 | #endif |
4120 | | |
4121 | 21 | ciphers = conn_config->cipher_list; |
4122 | 21 | if(!ciphers && (peer->transport != TRNSPRT_QUIC)) |
4123 | 21 | ciphers = DEFAULT_CIPHER_SELECTION; |
4124 | 21 | if(ciphers && (ssl_version_min < CURL_SSLVERSION_TLSv1_3)) { |
4125 | 0 | if(!SSL_CTX_set_cipher_list(octx->ssl_ctx, ciphers)) { |
4126 | 0 | failf(data, "failed setting cipher list: %s", ciphers); |
4127 | 0 | return CURLE_SSL_CIPHER; |
4128 | 0 | } |
4129 | 0 | infof(data, "Cipher selection: %s", ciphers); |
4130 | 0 | } |
4131 | | |
4132 | 21 | #ifdef HAVE_SSL_CTX_SET_CIPHERSUITES |
4133 | 21 | { |
4134 | 21 | const char *ciphers13 = conn_config->cipher_list13; |
4135 | 21 | if(ciphers13 && |
4136 | 21 | (!conn_config->version_max || |
4137 | 0 | (conn_config->version_max >= CURL_SSLVERSION_MAX_TLSv1_3))) { |
4138 | 0 | if(!SSL_CTX_set_ciphersuites(octx->ssl_ctx, ciphers13)) { |
4139 | 0 | failf(data, "failed setting TLS 1.3 cipher suite: %s", ciphers13); |
4140 | 0 | return CURLE_SSL_CIPHER; |
4141 | 0 | } |
4142 | 0 | infof(data, "TLS 1.3 cipher selection: %s", ciphers13); |
4143 | 0 | } |
4144 | 21 | } |
4145 | 21 | #endif |
4146 | | |
4147 | 21 | if(ssl_cert || ssl_cert_blob || ssl_cert_type) { |
4148 | 0 | if(!result && |
4149 | 0 | !cert_stuff(data, octx->ssl_ctx, |
4150 | 0 | ssl_cert, ssl_cert_blob, ssl_cert_type, |
4151 | 0 | ssl_config->key, ssl_config->key_blob, |
4152 | 0 | ssl_config->key_type, ssl_config->key_passwd)) |
4153 | 0 | result = CURLE_SSL_CERTPROBLEM; |
4154 | 0 | if(result) |
4155 | | /* failf() is already done in cert_stuff() */ |
4156 | 0 | return result; |
4157 | 0 | } |
4158 | | |
4159 | 21 | #ifdef HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH |
4160 | | /* OpenSSL 1.1.1 requires clients to opt-in for PHA */ |
4161 | 21 | SSL_CTX_set_post_handshake_auth(octx->ssl_ctx, 1); |
4162 | 21 | #endif |
4163 | | |
4164 | 21 | { |
4165 | 21 | const char *curves = conn_config->curves; |
4166 | 21 | if(curves) { |
4167 | | #if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC) |
4168 | | #define OSSL_CURVE_CAST(x) (x) |
4169 | | #else |
4170 | 0 | #define OSSL_CURVE_CAST(x) (char *)CURL_UNCONST(x) |
4171 | 0 | #endif |
4172 | 0 | if(!SSL_CTX_set1_curves_list(octx->ssl_ctx, OSSL_CURVE_CAST(curves))) { |
4173 | 0 | failf(data, "failed setting curves list: '%s'", curves); |
4174 | 0 | return CURLE_SSL_CIPHER; |
4175 | 0 | } |
4176 | 0 | } |
4177 | 21 | } |
4178 | | |
4179 | 21 | #ifdef HAVE_SSL_CTX_SET1_SIGALGS |
4180 | 21 | #define OSSL_SIGALG_CAST(x) OSSL_CURVE_CAST(x) |
4181 | 21 | { |
4182 | 21 | const char *signature_algorithms = conn_config->signature_algorithms; |
4183 | 21 | if(signature_algorithms) { |
4184 | 0 | if(!SSL_CTX_set1_sigalgs_list(octx->ssl_ctx, |
4185 | 0 | OSSL_SIGALG_CAST(signature_algorithms))) { |
4186 | 0 | failf(data, "failed setting signature algorithms: '%s'", |
4187 | 0 | signature_algorithms); |
4188 | 0 | return CURLE_SSL_CIPHER; |
4189 | 0 | } |
4190 | 0 | } |
4191 | 21 | } |
4192 | 21 | #endif |
4193 | | |
4194 | 21 | #ifdef USE_OPENSSL_SRP |
4195 | 21 | if(ssl_config->primary.username && Curl_auth_allowed_to_host(data)) { |
4196 | 0 | char * const ssl_username = ssl_config->primary.username; |
4197 | 0 | char * const ssl_password = ssl_config->primary.password; |
4198 | 0 | infof(data, "Using TLS-SRP username: %s", ssl_username); |
4199 | |
|
4200 | 0 | if(!SSL_CTX_set_srp_username(octx->ssl_ctx, ssl_username)) { |
4201 | 0 | failf(data, "Unable to set SRP username"); |
4202 | 0 | return CURLE_BAD_FUNCTION_ARGUMENT; |
4203 | 0 | } |
4204 | 0 | if(!SSL_CTX_set_srp_password(octx->ssl_ctx, ssl_password)) { |
4205 | 0 | failf(data, "failed setting SRP password"); |
4206 | 0 | return CURLE_BAD_FUNCTION_ARGUMENT; |
4207 | 0 | } |
4208 | 0 | if(!conn_config->cipher_list) { |
4209 | 0 | infof(data, "Setting cipher list SRP"); |
4210 | |
|
4211 | 0 | if(!SSL_CTX_set_cipher_list(octx->ssl_ctx, "SRP")) { |
4212 | 0 | failf(data, "failed setting SRP cipher list"); |
4213 | 0 | return CURLE_SSL_CIPHER; |
4214 | 0 | } |
4215 | 0 | } |
4216 | 0 | } |
4217 | 21 | #endif |
4218 | | |
4219 | | /* OpenSSL always tries to verify the peer, this only says whether it should |
4220 | | * fail to connect if the verification fails, or if it should continue |
4221 | | * anyway. In the latter case the result of the verification is checked with |
4222 | | * SSL_get_verify_result() below. */ |
4223 | 21 | SSL_CTX_set_verify(octx->ssl_ctx, |
4224 | 21 | verifypeer ? SSL_VERIFY_PEER : SSL_VERIFY_NONE, NULL); |
4225 | | |
4226 | | /* Enable logging of secrets to the file specified in env SSLKEYLOGFILE. */ |
4227 | 21 | #ifdef HAVE_KEYLOG_CALLBACK |
4228 | 21 | if(Curl_tls_keylog_enabled()) { |
4229 | 0 | SSL_CTX_set_keylog_callback(octx->ssl_ctx, ossl_keylog_callback); |
4230 | 0 | } |
4231 | 21 | #endif |
4232 | | |
4233 | 21 | if(cb_new_session) { |
4234 | | /* Enable the session cache because it is a prerequisite for the |
4235 | | * "new session" callback. Use the "external storage" mode to prevent |
4236 | | * OpenSSL from creating an internal session cache. |
4237 | | */ |
4238 | 21 | SSL_CTX_set_session_cache_mode(octx->ssl_ctx, |
4239 | 21 | SSL_SESS_CACHE_CLIENT | |
4240 | 21 | SSL_SESS_CACHE_NO_INTERNAL); |
4241 | 21 | SSL_CTX_sess_set_new_cb(octx->ssl_ctx, cb_new_session); |
4242 | 21 | } |
4243 | | |
4244 | | /* give application a chance to interfere with SSL set up. */ |
4245 | 21 | if(data->set.ssl.fsslctx) { |
4246 | | /* When a user callback is installed to modify the SSL_CTX, |
4247 | | * we need to do the full initialization before calling it. |
4248 | | * See: #11800 */ |
4249 | 0 | if(!octx->x509_store_setup) { |
4250 | 0 | result = Curl_ssl_setup_x509_store(cf, data, octx->ssl_ctx); |
4251 | 0 | if(result) |
4252 | 0 | return result; |
4253 | 0 | octx->x509_store_setup = TRUE; |
4254 | 0 | } |
4255 | 0 | Curl_set_in_callback(data, TRUE); |
4256 | 0 | result = (*data->set.ssl.fsslctx)(data, octx->ssl_ctx, |
4257 | 0 | data->set.ssl.fsslctxp); |
4258 | 0 | Curl_set_in_callback(data, FALSE); |
4259 | 0 | if(result) { |
4260 | 0 | failf(data, "error signaled by ssl ctx callback"); |
4261 | 0 | return result; |
4262 | 0 | } |
4263 | 0 | } |
4264 | | |
4265 | 21 | return ossl_init_ssl(octx, cf, data, peer, alpns_requested, |
4266 | 21 | ssl_user_data, sess_reuse_cb); |
4267 | 21 | } |
4268 | | |
4269 | | static CURLcode ossl_on_session_reuse(struct Curl_cfilter *cf, |
4270 | | struct Curl_easy *data, |
4271 | | struct alpn_spec *alpns, |
4272 | | struct Curl_ssl_session *scs, |
4273 | | bool *do_early_data) |
4274 | 0 | { |
4275 | 0 | struct ssl_connect_data *connssl = cf->ctx; |
4276 | 0 | CURLcode result = CURLE_OK; |
4277 | |
|
4278 | 0 | *do_early_data = FALSE; |
4279 | 0 | connssl->earlydata_max = scs->earlydata_max; |
4280 | 0 | if(!connssl->earlydata_max) { |
4281 | 0 | CURL_TRC_CF(data, cf, "SSL session does not allow earlydata"); |
4282 | 0 | } |
4283 | 0 | else if(!Curl_alpn_contains_proto(alpns, scs->alpn)) { |
4284 | 0 | CURL_TRC_CF(data, cf, "SSL session has different ALPN, no early data"); |
4285 | 0 | } |
4286 | 0 | else { |
4287 | 0 | infof(data, "SSL session allows %zu bytes of early data, " |
4288 | 0 | "reusing ALPN '%s'", connssl->earlydata_max, scs->alpn); |
4289 | 0 | connssl->earlydata_state = ssl_earlydata_await; |
4290 | 0 | connssl->state = ssl_connection_deferred; |
4291 | 0 | result = Curl_alpn_set_negotiated(cf, data, connssl, |
4292 | 0 | (const unsigned char *)scs->alpn, |
4293 | 0 | scs->alpn ? strlen(scs->alpn) : 0); |
4294 | 0 | *do_early_data = !result; |
4295 | 0 | } |
4296 | 0 | return result; |
4297 | 0 | } |
4298 | | |
4299 | | static CURLcode ossl_connect_step1(struct Curl_cfilter *cf, |
4300 | | struct Curl_easy *data) |
4301 | 21 | { |
4302 | 21 | struct ssl_connect_data *connssl = cf->ctx; |
4303 | 21 | struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend; |
4304 | 21 | BIO *bio; |
4305 | 21 | CURLcode result; |
4306 | | |
4307 | 21 | DEBUGASSERT(ssl_connect_1 == connssl->connecting_state); |
4308 | 21 | DEBUGASSERT(octx); |
4309 | | |
4310 | 21 | result = Curl_ossl_ctx_init(octx, cf, data, &connssl->peer, |
4311 | 21 | connssl->alpn, NULL, NULL, |
4312 | 21 | ossl_new_session_cb, cf, |
4313 | 21 | ossl_on_session_reuse); |
4314 | 21 | if(result) |
4315 | 0 | return result; |
4316 | | |
4317 | 21 | octx->bio_method = ossl_bio_cf_method_create(); |
4318 | 21 | if(!octx->bio_method) |
4319 | 0 | return CURLE_OUT_OF_MEMORY; |
4320 | 21 | bio = BIO_new(octx->bio_method); |
4321 | 21 | if(!bio) |
4322 | 0 | return CURLE_OUT_OF_MEMORY; |
4323 | | |
4324 | 21 | BIO_set_data(bio, cf); |
4325 | 21 | #ifdef HAVE_SSL_SET0_WBIO |
4326 | | /* with OpenSSL v1.1.1 we get an alternative to SSL_set_bio() that works |
4327 | | * without backward compat quirks. Every call takes one reference, so we |
4328 | | * up it and pass. SSL* then owns it and will free. |
4329 | | * We check on the function in configure, since LibreSSL and friends |
4330 | | * each have their own versions to add support for this. */ |
4331 | 21 | BIO_up_ref(bio); |
4332 | 21 | SSL_set0_rbio(octx->ssl, bio); |
4333 | 21 | SSL_set0_wbio(octx->ssl, bio); |
4334 | | #else |
4335 | | SSL_set_bio(octx->ssl, bio, bio); |
4336 | | #endif |
4337 | | |
4338 | 21 | #ifdef HAS_ALPN_OPENSSL |
4339 | 21 | if(connssl->alpn && (connssl->state != ssl_connection_deferred)) { |
4340 | 21 | struct alpn_proto_buf proto; |
4341 | 21 | memset(&proto, 0, sizeof(proto)); |
4342 | 21 | Curl_alpn_to_proto_str(&proto, connssl->alpn); |
4343 | 21 | infof(data, VTLS_INFOF_ALPN_OFFER_1STR, proto.data); |
4344 | 21 | } |
4345 | 21 | #endif |
4346 | 21 | connssl->connecting_state = ssl_connect_2; |
4347 | 21 | return CURLE_OK; |
4348 | 21 | } |
4349 | | |
4350 | | #ifdef USE_ECH_OPENSSL |
4351 | | /* If we have retry configs, then trace those out */ |
4352 | | static void ossl_trace_ech_retry_configs(struct Curl_easy *data, SSL* ssl, |
4353 | | int reason) |
4354 | | { |
4355 | | CURLcode result = CURLE_OK; |
4356 | | size_t rcl = 0; |
4357 | | int rv = 1; |
4358 | | # if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC) |
4359 | | char *inner = NULL; |
4360 | | unsigned char *rcs = NULL; |
4361 | | char *outer = NULL; |
4362 | | # else |
4363 | | const char *inner = NULL; |
4364 | | const uint8_t *rcs = NULL; |
4365 | | const char *outer = NULL; |
4366 | | size_t out_name_len = 0; |
4367 | | int servername_type = 0; |
4368 | | # endif |
4369 | | |
4370 | | /* nothing to trace if not doing ECH */ |
4371 | | if(!ECH_ENABLED(data)) |
4372 | | return; |
4373 | | # if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC) |
4374 | | rv = SSL_ech_get1_retry_config(ssl, &rcs, &rcl); |
4375 | | # else |
4376 | | SSL_get0_ech_retry_configs(ssl, &rcs, &rcl); |
4377 | | rv = (int)rcl; |
4378 | | # endif |
4379 | | |
4380 | | if(rv && rcs) { |
4381 | | char *b64str = NULL; |
4382 | | size_t blen = 0; |
4383 | | |
4384 | | result = curlx_base64_encode((const char *)rcs, rcl, &b64str, &blen); |
4385 | | if(!result && b64str) { |
4386 | | infof(data, "ECH: retry_configs %s", b64str); |
4387 | | free(b64str); |
4388 | | #if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC) |
4389 | | rv = SSL_ech_get1_status(ssl, &inner, &outer); |
4390 | | infof(data, "ECH: retry_configs for %s from %s, %d %d", |
4391 | | inner ? inner : "NULL", outer ? outer : "NULL", reason, rv); |
4392 | | #else |
4393 | | rv = SSL_ech_accepted(ssl); |
4394 | | servername_type = SSL_get_servername_type(ssl); |
4395 | | inner = SSL_get_servername(ssl, servername_type); |
4396 | | SSL_get0_ech_name_override(ssl, &outer, &out_name_len); |
4397 | | infof(data, "ECH: retry_configs for %s from %s, %d %d", |
4398 | | inner ? inner : "NULL", outer ? outer : "NULL", reason, rv); |
4399 | | #endif |
4400 | | } |
4401 | | } |
4402 | | else |
4403 | | infof(data, "ECH: no retry_configs (rv = %d)", rv); |
4404 | | # if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC) |
4405 | | OPENSSL_free((void *)rcs); |
4406 | | # endif |
4407 | | return; |
4408 | | } |
4409 | | |
4410 | | #endif |
4411 | | |
4412 | | static CURLcode ossl_connect_step2(struct Curl_cfilter *cf, |
4413 | | struct Curl_easy *data) |
4414 | 58 | { |
4415 | 58 | int err; |
4416 | 58 | struct ssl_connect_data *connssl = cf->ctx; |
4417 | 58 | struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend; |
4418 | 58 | struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); |
4419 | 58 | DEBUGASSERT(ssl_connect_2 == connssl->connecting_state); |
4420 | 58 | DEBUGASSERT(octx); |
4421 | | |
4422 | 58 | connssl->io_need = CURL_SSL_IO_NEED_NONE; |
4423 | 58 | ERR_clear_error(); |
4424 | | |
4425 | 58 | err = SSL_connect(octx->ssl); |
4426 | | |
4427 | 58 | if(!octx->x509_store_setup) { |
4428 | | /* After having send off the ClientHello, we prepare the x509 |
4429 | | * store to verify the coming certificate from the server */ |
4430 | 0 | CURLcode result = Curl_ssl_setup_x509_store(cf, data, octx->ssl_ctx); |
4431 | 0 | if(result) |
4432 | 0 | return result; |
4433 | 0 | octx->x509_store_setup = TRUE; |
4434 | 0 | } |
4435 | | |
4436 | | #ifndef HAVE_KEYLOG_CALLBACK |
4437 | | /* If key logging is enabled, wait for the handshake to complete and then |
4438 | | * proceed with logging secrets (for TLS 1.2 or older). |
4439 | | */ |
4440 | | if(Curl_tls_keylog_enabled() && !octx->keylog_done) |
4441 | | ossl_log_tls12_secret(octx->ssl, &octx->keylog_done); |
4442 | | #endif |
4443 | | |
4444 | | /* 1 is fine |
4445 | | 0 is "not successful but was shut down controlled" |
4446 | | <0 is "handshake was not successful, because a fatal error occurred" */ |
4447 | 58 | if(1 != err) { |
4448 | 37 | int detail = SSL_get_error(octx->ssl, err); |
4449 | 37 | CURL_TRC_CF(data, cf, "SSL_connect() -> err=%d, detail=%d", err, detail); |
4450 | | |
4451 | 37 | if(SSL_ERROR_WANT_READ == detail) { |
4452 | 37 | CURL_TRC_CF(data, cf, "SSL_connect() -> want recv"); |
4453 | 37 | connssl->io_need = CURL_SSL_IO_NEED_RECV; |
4454 | 37 | return CURLE_AGAIN; |
4455 | 37 | } |
4456 | 0 | if(SSL_ERROR_WANT_WRITE == detail) { |
4457 | 0 | CURL_TRC_CF(data, cf, "SSL_connect() -> want send"); |
4458 | 0 | connssl->io_need = CURL_SSL_IO_NEED_SEND; |
4459 | 0 | return CURLE_AGAIN; |
4460 | 0 | } |
4461 | 0 | #ifdef SSL_ERROR_WANT_ASYNC |
4462 | 0 | if(SSL_ERROR_WANT_ASYNC == detail) { |
4463 | 0 | CURL_TRC_CF(data, cf, "SSL_connect() -> want async"); |
4464 | 0 | connssl->io_need = CURL_SSL_IO_NEED_RECV; |
4465 | 0 | return CURLE_AGAIN; |
4466 | 0 | } |
4467 | 0 | #endif |
4468 | | #ifdef SSL_ERROR_WANT_RETRY_VERIFY |
4469 | | if(SSL_ERROR_WANT_RETRY_VERIFY == detail) { |
4470 | | CURL_TRC_CF(data, cf, "SSL_connect() -> want retry_verify"); |
4471 | | connssl->io_need = CURL_SSL_IO_NEED_RECV; |
4472 | | return CURLE_AGAIN; |
4473 | | } |
4474 | | #endif |
4475 | 0 | else { |
4476 | | /* untreated error */ |
4477 | 0 | sslerr_t errdetail; |
4478 | 0 | char error_buffer[256]=""; |
4479 | 0 | CURLcode result; |
4480 | 0 | long lerr; |
4481 | 0 | int lib; |
4482 | 0 | int reason; |
4483 | | |
4484 | | /* the connection failed, we are not waiting for anything else. */ |
4485 | 0 | connssl->connecting_state = ssl_connect_2; |
4486 | | |
4487 | | /* Get the earliest error code from the thread's error queue and remove |
4488 | | the entry. */ |
4489 | 0 | errdetail = ERR_get_error(); |
4490 | | |
4491 | | /* Extract which lib and reason */ |
4492 | 0 | lib = ERR_GET_LIB(errdetail); |
4493 | 0 | reason = ERR_GET_REASON(errdetail); |
4494 | |
|
4495 | 0 | if((lib == ERR_LIB_SSL) && |
4496 | 0 | ((reason == SSL_R_CERTIFICATE_VERIFY_FAILED) || |
4497 | 0 | (reason == SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED))) { |
4498 | 0 | result = CURLE_PEER_FAILED_VERIFICATION; |
4499 | |
|
4500 | 0 | lerr = SSL_get_verify_result(octx->ssl); |
4501 | 0 | if(lerr != X509_V_OK) { |
4502 | 0 | ssl_config->certverifyresult = lerr; |
4503 | 0 | failf(data, "SSL certificate problem: %s", |
4504 | 0 | X509_verify_cert_error_string(lerr)); |
4505 | 0 | } |
4506 | 0 | else |
4507 | 0 | failf(data, "%s", "SSL certificate verification failed"); |
4508 | 0 | } |
4509 | 0 | #ifdef SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED |
4510 | | /* SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED is only available on |
4511 | | OpenSSL version above v1.1.1, not LibreSSL, BoringSSL, or AWS-LC */ |
4512 | 0 | else if((lib == ERR_LIB_SSL) && |
4513 | 0 | (reason == SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED)) { |
4514 | | /* If client certificate is required, communicate the |
4515 | | error to client */ |
4516 | 0 | result = CURLE_SSL_CLIENTCERT; |
4517 | 0 | failf(data, "TLS cert problem: %s", |
4518 | 0 | ossl_strerror(errdetail, error_buffer, sizeof(error_buffer))); |
4519 | 0 | } |
4520 | 0 | #endif |
4521 | | #ifdef USE_ECH_OPENSSL |
4522 | | else if((lib == ERR_LIB_SSL) && |
4523 | | # if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC) |
4524 | | (reason == SSL_R_ECH_REQUIRED)) { |
4525 | | # else |
4526 | | (reason == SSL_R_ECH_REJECTED)) { |
4527 | | # endif |
4528 | | |
4529 | | /* trace retry_configs if we got some */ |
4530 | | ossl_trace_ech_retry_configs(data, octx->ssl, reason); |
4531 | | |
4532 | | result = CURLE_ECH_REQUIRED; |
4533 | | failf(data, "ECH required: %s", |
4534 | | ossl_strerror(errdetail, error_buffer, sizeof(error_buffer))); |
4535 | | } |
4536 | | #endif |
4537 | 0 | else { |
4538 | 0 | result = CURLE_SSL_CONNECT_ERROR; |
4539 | 0 | failf(data, "TLS connect error: %s", |
4540 | 0 | ossl_strerror(errdetail, error_buffer, sizeof(error_buffer))); |
4541 | 0 | } |
4542 | | |
4543 | | /* detail is already set to the SSL error above */ |
4544 | | |
4545 | | /* If we e.g. use SSLv2 request-method and the server does not like us |
4546 | | * (RST connection, etc.), OpenSSL gives no explanation whatsoever and |
4547 | | * the SO_ERROR is also lost. |
4548 | | */ |
4549 | 0 | if(CURLE_SSL_CONNECT_ERROR == result && errdetail == 0) { |
4550 | 0 | char extramsg[80]=""; |
4551 | 0 | int sockerr = SOCKERRNO; |
4552 | |
|
4553 | 0 | if(sockerr && detail == SSL_ERROR_SYSCALL) |
4554 | 0 | Curl_strerror(sockerr, extramsg, sizeof(extramsg)); |
4555 | 0 | failf(data, OSSL_PACKAGE " SSL_connect: %s in connection to %s:%d ", |
4556 | 0 | extramsg[0] ? extramsg : SSL_ERROR_to_str(detail), |
4557 | 0 | connssl->peer.hostname, connssl->peer.port); |
4558 | 0 | } |
4559 | |
|
4560 | 0 | return result; |
4561 | 0 | } |
4562 | 0 | } |
4563 | 21 | else { |
4564 | 21 | int psigtype_nid = NID_undef; |
4565 | 21 | const char *negotiated_group_name = NULL; |
4566 | | |
4567 | | /* we connected fine, we are not waiting for anything else. */ |
4568 | 21 | connssl->connecting_state = ssl_connect_3; |
4569 | | |
4570 | | #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) |
4571 | | SSL_get_peer_signature_type_nid(octx->ssl, &psigtype_nid); |
4572 | | #if (OPENSSL_VERSION_NUMBER >= 0x30200000L) |
4573 | | negotiated_group_name = SSL_get0_group_name(octx->ssl); |
4574 | | #else |
4575 | | negotiated_group_name = |
4576 | | OBJ_nid2sn(SSL_get_negotiated_group(octx->ssl) & 0x0000FFFF); |
4577 | | #endif |
4578 | | #endif |
4579 | | |
4580 | | /* Informational message */ |
4581 | 21 | infof(data, "SSL connection using %s / %s / %s / %s", |
4582 | 21 | SSL_get_version(octx->ssl), |
4583 | 21 | SSL_get_cipher(octx->ssl), |
4584 | 21 | negotiated_group_name ? negotiated_group_name : "[blank]", |
4585 | 21 | OBJ_nid2sn(psigtype_nid)); |
4586 | | |
4587 | | #ifdef USE_ECH_OPENSSL |
4588 | | # if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC) |
4589 | | if(ECH_ENABLED(data)) { |
4590 | | char *inner = NULL, *outer = NULL; |
4591 | | const char *status = NULL; |
4592 | | int rv; |
4593 | | |
4594 | | rv = SSL_ech_get1_status(octx->ssl, &inner, &outer); |
4595 | | switch(rv) { |
4596 | | case SSL_ECH_STATUS_SUCCESS: |
4597 | | status = "succeeded"; |
4598 | | break; |
4599 | | case SSL_ECH_STATUS_GREASE_ECH: |
4600 | | status = "sent GREASE, got retry-configs"; |
4601 | | break; |
4602 | | case SSL_ECH_STATUS_GREASE: |
4603 | | status = "sent GREASE"; |
4604 | | break; |
4605 | | case SSL_ECH_STATUS_NOT_TRIED: |
4606 | | status = "not attempted"; |
4607 | | break; |
4608 | | case SSL_ECH_STATUS_NOT_CONFIGURED: |
4609 | | status = "not configured"; |
4610 | | break; |
4611 | | case SSL_ECH_STATUS_BACKEND: |
4612 | | status = "backend (unexpected)"; |
4613 | | break; |
4614 | | case SSL_ECH_STATUS_FAILED: |
4615 | | status = "failed"; |
4616 | | break; |
4617 | | case SSL_ECH_STATUS_BAD_CALL: |
4618 | | status = "bad call (unexpected)"; |
4619 | | break; |
4620 | | case SSL_ECH_STATUS_BAD_NAME: |
4621 | | status = "bad name (unexpected)"; |
4622 | | break; |
4623 | | default: |
4624 | | status = "unexpected status"; |
4625 | | infof(data, "ECH: unexpected status %d",rv); |
4626 | | } |
4627 | | infof(data, "ECH: result: status is %s, inner is %s, outer is %s", |
4628 | | (status ? status : "NULL"), |
4629 | | (inner ? inner : "NULL"), |
4630 | | (outer ? outer : "NULL")); |
4631 | | OPENSSL_free(inner); |
4632 | | OPENSSL_free(outer); |
4633 | | if(rv == SSL_ECH_STATUS_GREASE_ECH) { |
4634 | | /* trace retry_configs if we got some */ |
4635 | | ossl_trace_ech_retry_configs(data, octx->ssl, 0); |
4636 | | } |
4637 | | if(rv != SSL_ECH_STATUS_SUCCESS |
4638 | | && data->set.tls_ech & CURLECH_HARD) { |
4639 | | infof(data, "ECH: ech-hard failed"); |
4640 | | return CURLE_SSL_CONNECT_ERROR; |
4641 | | } |
4642 | | } |
4643 | | else { |
4644 | | infof(data, "ECH: result: status is not attempted"); |
4645 | | } |
4646 | | # endif /* !OPENSSL_IS_BORINGSSL && !OPENSSL_IS_AWSLC */ |
4647 | | #endif /* USE_ECH_OPENSSL */ |
4648 | | |
4649 | 21 | #ifdef HAS_ALPN_OPENSSL |
4650 | | /* Sets data and len to negotiated protocol, len is 0 if no protocol was |
4651 | | * negotiated |
4652 | | */ |
4653 | 21 | if(connssl->alpn) { |
4654 | 21 | const unsigned char *neg_protocol; |
4655 | 21 | unsigned int len; |
4656 | 21 | SSL_get0_alpn_selected(octx->ssl, &neg_protocol, &len); |
4657 | | |
4658 | 21 | return Curl_alpn_set_negotiated(cf, data, connssl, neg_protocol, len); |
4659 | 21 | } |
4660 | 0 | #endif |
4661 | | |
4662 | 0 | return CURLE_OK; |
4663 | 21 | } |
4664 | 58 | } |
4665 | | |
4666 | | /* |
4667 | | * Heavily modified from: |
4668 | | * https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning#OpenSSL |
4669 | | */ |
4670 | | static CURLcode ossl_pkp_pin_peer_pubkey(struct Curl_easy *data, X509* cert, |
4671 | | const char *pinnedpubkey) |
4672 | 0 | { |
4673 | | /* Scratch */ |
4674 | 0 | int len1 = 0, len2 = 0; |
4675 | 0 | unsigned char *buff1 = NULL, *temp = NULL; |
4676 | | |
4677 | | /* Result is returned to caller */ |
4678 | 0 | CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH; |
4679 | | |
4680 | | /* if a path was not specified, do not pin */ |
4681 | 0 | if(!pinnedpubkey) |
4682 | 0 | return CURLE_OK; |
4683 | | |
4684 | 0 | if(!cert) |
4685 | 0 | return result; |
4686 | | |
4687 | 0 | do { |
4688 | | /* Begin Gyrations to get the subjectPublicKeyInfo */ |
4689 | | /* Thanks to Viktor Dukhovni on the OpenSSL mailing list */ |
4690 | | |
4691 | | /* https://groups.google.com/group/mailing.openssl.users/browse_thread |
4692 | | /thread/d61858dae102c6c7 */ |
4693 | 0 | len1 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), NULL); |
4694 | 0 | if(len1 < 1) |
4695 | 0 | break; /* failed */ |
4696 | | |
4697 | 0 | buff1 = temp = malloc(len1); |
4698 | 0 | if(!buff1) |
4699 | 0 | break; /* failed */ |
4700 | | |
4701 | | /* https://docs.openssl.org/master/man3/d2i_X509/ */ |
4702 | 0 | len2 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &temp); |
4703 | | |
4704 | | /* |
4705 | | * These checks are verifying we got back the same values as when we |
4706 | | * sized the buffer. it is pretty weak since they should always be the |
4707 | | * same. But it gives us something to test. |
4708 | | */ |
4709 | 0 | if((len1 != len2) || !temp || ((temp - buff1) != len1)) |
4710 | 0 | break; /* failed */ |
4711 | | |
4712 | | /* End Gyrations */ |
4713 | | |
4714 | | /* The one good exit point */ |
4715 | 0 | result = Curl_pin_peer_pubkey(data, pinnedpubkey, buff1, len1); |
4716 | 0 | } while(0); |
4717 | | |
4718 | 0 | if(buff1) |
4719 | 0 | free(buff1); |
4720 | |
|
4721 | 0 | return result; |
4722 | 0 | } |
4723 | | |
4724 | | #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \ |
4725 | | !(defined(LIBRESSL_VERSION_NUMBER) && \ |
4726 | | LIBRESSL_VERSION_NUMBER < 0x3060000fL) && \ |
4727 | | !defined(OPENSSL_IS_BORINGSSL) && \ |
4728 | | !defined(OPENSSL_IS_AWSLC) && \ |
4729 | | !defined(CURL_DISABLE_VERBOSE_STRINGS) |
4730 | | static void infof_certstack(struct Curl_easy *data, const SSL *ssl) |
4731 | 21 | { |
4732 | 21 | STACK_OF(X509) *certstack; |
4733 | 21 | long verify_result; |
4734 | 21 | int num_cert_levels; |
4735 | 21 | int cert_level; |
4736 | | |
4737 | 21 | verify_result = SSL_get_verify_result(ssl); |
4738 | 21 | if(verify_result != X509_V_OK) |
4739 | 0 | certstack = SSL_get_peer_cert_chain(ssl); |
4740 | 21 | else |
4741 | 21 | certstack = SSL_get0_verified_chain(ssl); |
4742 | 21 | num_cert_levels = sk_X509_num(certstack); |
4743 | | |
4744 | 84 | for(cert_level = 0; cert_level < num_cert_levels; cert_level++) { |
4745 | 63 | char cert_algorithm[80] = ""; |
4746 | 63 | char group_name_final[80] = ""; |
4747 | 63 | const X509_ALGOR *palg_cert = NULL; |
4748 | 63 | const ASN1_OBJECT *paobj_cert = NULL; |
4749 | 63 | X509 *current_cert; |
4750 | 63 | EVP_PKEY *current_pkey; |
4751 | 63 | int key_bits; |
4752 | 63 | int key_sec_bits; |
4753 | 63 | int get_group_name; |
4754 | 63 | const char *type_name; |
4755 | | |
4756 | 63 | current_cert = sk_X509_value(certstack, cert_level); |
4757 | | |
4758 | 63 | X509_get0_signature(NULL, &palg_cert, current_cert); |
4759 | 63 | X509_ALGOR_get0(&paobj_cert, NULL, NULL, palg_cert); |
4760 | 63 | OBJ_obj2txt(cert_algorithm, sizeof(cert_algorithm), paobj_cert, 0); |
4761 | | |
4762 | 63 | current_pkey = X509_get0_pubkey(current_cert); |
4763 | 63 | key_bits = EVP_PKEY_bits(current_pkey); |
4764 | 63 | #if (OPENSSL_VERSION_NUMBER < 0x30000000L) |
4765 | 63 | #define EVP_PKEY_get_security_bits EVP_PKEY_security_bits |
4766 | 63 | #endif |
4767 | 63 | key_sec_bits = EVP_PKEY_get_security_bits(current_pkey); |
4768 | | #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) |
4769 | | { |
4770 | | char group_name[80] = ""; |
4771 | | get_group_name = EVP_PKEY_get_group_name(current_pkey, group_name, |
4772 | | sizeof(group_name), NULL); |
4773 | | msnprintf(group_name_final, sizeof(group_name_final), "/%s", group_name); |
4774 | | } |
4775 | | type_name = current_pkey ? EVP_PKEY_get0_type_name(current_pkey) : NULL; |
4776 | | #else |
4777 | 63 | get_group_name = 0; |
4778 | 63 | type_name = NULL; |
4779 | 63 | #endif |
4780 | | |
4781 | 63 | infof(data, |
4782 | 63 | " Certificate level %d: " |
4783 | 63 | "Public key type %s%s (%d/%d Bits/secBits), signed using %s", |
4784 | 63 | cert_level, type_name ? type_name : "?", |
4785 | 63 | get_group_name == 0 ? "" : group_name_final, |
4786 | 63 | key_bits, key_sec_bits, cert_algorithm); |
4787 | 63 | } |
4788 | 21 | } |
4789 | | #else |
4790 | | #define infof_certstack(data, ssl) |
4791 | | #endif |
4792 | | |
4793 | 21 | #define MAX_CERT_NAME_LENGTH 2048 |
4794 | | |
4795 | | CURLcode Curl_oss_check_peer_cert(struct Curl_cfilter *cf, |
4796 | | struct Curl_easy *data, |
4797 | | struct ossl_ctx *octx, |
4798 | | struct ssl_peer *peer) |
4799 | 21 | { |
4800 | 21 | struct connectdata *conn = cf->conn; |
4801 | 21 | struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); |
4802 | 21 | struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); |
4803 | 21 | CURLcode result = CURLE_OK; |
4804 | 21 | long lerr; |
4805 | 21 | X509 *issuer; |
4806 | 21 | BIO *fp = NULL; |
4807 | 21 | char error_buffer[256]=""; |
4808 | 21 | const char *ptr; |
4809 | 21 | BIO *mem = BIO_new(BIO_s_mem()); |
4810 | 21 | bool strict = (conn_config->verifypeer || conn_config->verifyhost); |
4811 | 21 | struct dynbuf dname; |
4812 | | |
4813 | 21 | DEBUGASSERT(octx); |
4814 | | |
4815 | 21 | curlx_dyn_init(&dname, MAX_CERT_NAME_LENGTH); |
4816 | | |
4817 | 21 | if(!mem) { |
4818 | 0 | failf(data, |
4819 | 0 | "BIO_new return NULL, " OSSL_PACKAGE |
4820 | 0 | " error %s", |
4821 | 0 | ossl_strerror(ERR_get_error(), error_buffer, |
4822 | 0 | sizeof(error_buffer)) ); |
4823 | 0 | return CURLE_OUT_OF_MEMORY; |
4824 | 0 | } |
4825 | | |
4826 | 21 | if(data->set.ssl.certinfo) |
4827 | | /* asked to gather certificate info */ |
4828 | 0 | (void)ossl_certchain(data, octx->ssl); |
4829 | | |
4830 | 21 | octx->server_cert = SSL_get1_peer_certificate(octx->ssl); |
4831 | 21 | if(!octx->server_cert) { |
4832 | 0 | BIO_free(mem); |
4833 | 0 | if(!strict) |
4834 | 0 | return CURLE_OK; |
4835 | | |
4836 | 0 | failf(data, "SSL: could not get peer certificate"); |
4837 | 0 | return CURLE_PEER_FAILED_VERIFICATION; |
4838 | 0 | } |
4839 | | |
4840 | 21 | infof(data, "%s certificate:", |
4841 | 21 | Curl_ssl_cf_is_proxy(cf) ? "Proxy" : "Server"); |
4842 | | |
4843 | 21 | result = x509_name_oneline(X509_get_subject_name(octx->server_cert), |
4844 | 21 | &dname); |
4845 | 21 | infof(data, " subject: %s", result ? "[NONE]" : curlx_dyn_ptr(&dname)); |
4846 | | |
4847 | 21 | #ifndef CURL_DISABLE_VERBOSE_STRINGS |
4848 | 21 | { |
4849 | 21 | char *buf; |
4850 | 21 | long len; |
4851 | 21 | ASN1_TIME_print(mem, X509_get0_notBefore(octx->server_cert)); |
4852 | 21 | len = BIO_get_mem_data(mem, (char **) &buf); |
4853 | 21 | infof(data, " start date: %.*s", (int)len, buf); |
4854 | 21 | (void)BIO_reset(mem); |
4855 | | |
4856 | 21 | ASN1_TIME_print(mem, X509_get0_notAfter(octx->server_cert)); |
4857 | 21 | len = BIO_get_mem_data(mem, (char **) &buf); |
4858 | 21 | infof(data, " expire date: %.*s", (int)len, buf); |
4859 | 21 | (void)BIO_reset(mem); |
4860 | 21 | } |
4861 | 21 | #endif |
4862 | | |
4863 | 21 | BIO_free(mem); |
4864 | | |
4865 | 21 | if(conn_config->verifyhost) { |
4866 | 21 | result = ossl_verifyhost(data, conn, peer, octx->server_cert); |
4867 | 21 | if(result) { |
4868 | 0 | X509_free(octx->server_cert); |
4869 | 0 | octx->server_cert = NULL; |
4870 | 0 | curlx_dyn_free(&dname); |
4871 | 0 | return result; |
4872 | 0 | } |
4873 | 21 | } |
4874 | | |
4875 | 21 | result = x509_name_oneline(X509_get_issuer_name(octx->server_cert), |
4876 | 21 | &dname); |
4877 | 21 | if(result) { |
4878 | 0 | if(strict) |
4879 | 0 | failf(data, "SSL: could not get X509-issuer name"); |
4880 | 0 | result = CURLE_PEER_FAILED_VERIFICATION; |
4881 | 0 | } |
4882 | 21 | else { |
4883 | 21 | infof(data, " issuer: %s", curlx_dyn_ptr(&dname)); |
4884 | 21 | curlx_dyn_free(&dname); |
4885 | | |
4886 | | /* We could do all sorts of certificate verification stuff here before |
4887 | | deallocating the certificate. */ |
4888 | | |
4889 | | /* e.g. match issuer name with provided issuer certificate */ |
4890 | 21 | if(conn_config->issuercert || conn_config->issuercert_blob) { |
4891 | 0 | if(conn_config->issuercert_blob) { |
4892 | 0 | fp = BIO_new_mem_buf(conn_config->issuercert_blob->data, |
4893 | 0 | (int)conn_config->issuercert_blob->len); |
4894 | 0 | if(!fp) { |
4895 | 0 | failf(data, |
4896 | 0 | "BIO_new_mem_buf NULL, " OSSL_PACKAGE |
4897 | 0 | " error %s", |
4898 | 0 | ossl_strerror(ERR_get_error(), error_buffer, |
4899 | 0 | sizeof(error_buffer)) ); |
4900 | 0 | X509_free(octx->server_cert); |
4901 | 0 | octx->server_cert = NULL; |
4902 | 0 | return CURLE_OUT_OF_MEMORY; |
4903 | 0 | } |
4904 | 0 | } |
4905 | 0 | else { |
4906 | 0 | fp = BIO_new(BIO_s_file()); |
4907 | 0 | if(!fp) { |
4908 | 0 | failf(data, |
4909 | 0 | "BIO_new return NULL, " OSSL_PACKAGE |
4910 | 0 | " error %s", |
4911 | 0 | ossl_strerror(ERR_get_error(), error_buffer, |
4912 | 0 | sizeof(error_buffer)) ); |
4913 | 0 | X509_free(octx->server_cert); |
4914 | 0 | octx->server_cert = NULL; |
4915 | 0 | return CURLE_OUT_OF_MEMORY; |
4916 | 0 | } |
4917 | | |
4918 | 0 | if(BIO_read_filename(fp, conn_config->issuercert) <= 0) { |
4919 | 0 | if(strict) |
4920 | 0 | failf(data, "SSL: Unable to open issuer cert (%s)", |
4921 | 0 | conn_config->issuercert); |
4922 | 0 | BIO_free(fp); |
4923 | 0 | X509_free(octx->server_cert); |
4924 | 0 | octx->server_cert = NULL; |
4925 | 0 | return CURLE_SSL_ISSUER_ERROR; |
4926 | 0 | } |
4927 | 0 | } |
4928 | | |
4929 | 0 | issuer = PEM_read_bio_X509(fp, NULL, ZERO_NULL, NULL); |
4930 | 0 | if(!issuer) { |
4931 | 0 | if(strict) |
4932 | 0 | failf(data, "SSL: Unable to read issuer cert (%s)", |
4933 | 0 | conn_config->issuercert); |
4934 | 0 | BIO_free(fp); |
4935 | 0 | X509_free(issuer); |
4936 | 0 | X509_free(octx->server_cert); |
4937 | 0 | octx->server_cert = NULL; |
4938 | 0 | return CURLE_SSL_ISSUER_ERROR; |
4939 | 0 | } |
4940 | | |
4941 | 0 | if(X509_check_issued(issuer, octx->server_cert) != X509_V_OK) { |
4942 | 0 | if(strict) |
4943 | 0 | failf(data, "SSL: Certificate issuer check failed (%s)", |
4944 | 0 | conn_config->issuercert); |
4945 | 0 | BIO_free(fp); |
4946 | 0 | X509_free(issuer); |
4947 | 0 | X509_free(octx->server_cert); |
4948 | 0 | octx->server_cert = NULL; |
4949 | 0 | return CURLE_SSL_ISSUER_ERROR; |
4950 | 0 | } |
4951 | | |
4952 | 0 | infof(data, " SSL certificate issuer check ok (%s)", |
4953 | 0 | conn_config->issuercert); |
4954 | 0 | BIO_free(fp); |
4955 | 0 | X509_free(issuer); |
4956 | 0 | } |
4957 | | |
4958 | 21 | lerr = SSL_get_verify_result(octx->ssl); |
4959 | 21 | ssl_config->certverifyresult = lerr; |
4960 | 21 | if(lerr != X509_V_OK) { |
4961 | 0 | if(conn_config->verifypeer) { |
4962 | | /* We probably never reach this, because SSL_connect() will fail |
4963 | | and we return earlier if verifypeer is set? */ |
4964 | 0 | if(strict) |
4965 | 0 | failf(data, "SSL certificate verify result: %s (%ld)", |
4966 | 0 | X509_verify_cert_error_string(lerr), lerr); |
4967 | 0 | result = CURLE_PEER_FAILED_VERIFICATION; |
4968 | 0 | } |
4969 | 0 | else |
4970 | 0 | infof(data, " SSL certificate verify result: %s (%ld)," |
4971 | 0 | " continuing anyway.", |
4972 | 0 | X509_verify_cert_error_string(lerr), lerr); |
4973 | 0 | } |
4974 | 21 | else |
4975 | 21 | infof(data, " SSL certificate verify ok."); |
4976 | 21 | } |
4977 | 21 | infof_certstack(data, octx->ssl); |
4978 | | |
4979 | 21 | #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_OCSP) |
4980 | 21 | if(conn_config->verifystatus && !octx->reused_session) { |
4981 | | /* do not do this after Session ID reuse */ |
4982 | 0 | result = verifystatus(cf, data, octx); |
4983 | 0 | if(result) { |
4984 | 0 | X509_free(octx->server_cert); |
4985 | 0 | octx->server_cert = NULL; |
4986 | 0 | return result; |
4987 | 0 | } |
4988 | 0 | } |
4989 | 21 | #endif |
4990 | | |
4991 | 21 | if(!strict) |
4992 | | /* when not strict, we do not bother about the verify cert problems */ |
4993 | 0 | result = CURLE_OK; |
4994 | | |
4995 | 21 | #ifndef CURL_DISABLE_PROXY |
4996 | 21 | ptr = Curl_ssl_cf_is_proxy(cf) ? |
4997 | 0 | data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] : |
4998 | 21 | data->set.str[STRING_SSL_PINNEDPUBLICKEY]; |
4999 | | #else |
5000 | | ptr = data->set.str[STRING_SSL_PINNEDPUBLICKEY]; |
5001 | | #endif |
5002 | 21 | if(!result && ptr) { |
5003 | 0 | result = ossl_pkp_pin_peer_pubkey(data, octx->server_cert, ptr); |
5004 | 0 | if(result) |
5005 | 0 | failf(data, "SSL: public key does not match pinned public key"); |
5006 | 0 | } |
5007 | | |
5008 | 21 | X509_free(octx->server_cert); |
5009 | 21 | octx->server_cert = NULL; |
5010 | | |
5011 | 21 | return result; |
5012 | 21 | } |
5013 | | |
5014 | | static CURLcode ossl_connect_step3(struct Curl_cfilter *cf, |
5015 | | struct Curl_easy *data) |
5016 | 21 | { |
5017 | 21 | CURLcode result = CURLE_OK; |
5018 | 21 | struct ssl_connect_data *connssl = cf->ctx; |
5019 | 21 | struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend; |
5020 | | |
5021 | 21 | DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); |
5022 | | |
5023 | | /* |
5024 | | * We check certificates to authenticate the server; otherwise we risk |
5025 | | * man-in-the-middle attack; NEVERTHELESS, if we are told explicitly not to |
5026 | | * verify the peer, ignore faults and failures from the server cert |
5027 | | * operations. |
5028 | | */ |
5029 | | |
5030 | 21 | result = Curl_oss_check_peer_cert(cf, data, octx, &connssl->peer); |
5031 | 21 | if(result) |
5032 | | /* on error, remove sessions we might have in the pool */ |
5033 | 0 | Curl_ssl_scache_remove_all(cf, data, connssl->peer.scache_key); |
5034 | | |
5035 | 21 | return result; |
5036 | 21 | } |
5037 | | |
5038 | | #ifdef HAVE_OPENSSL_EARLYDATA |
5039 | | static CURLcode ossl_send_earlydata(struct Curl_cfilter *cf, |
5040 | | struct Curl_easy *data) |
5041 | 0 | { |
5042 | 0 | struct ssl_connect_data *connssl = cf->ctx; |
5043 | 0 | struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend; |
5044 | 0 | CURLcode result = CURLE_OK; |
5045 | 0 | const unsigned char *buf; |
5046 | 0 | size_t blen, nwritten; |
5047 | 0 | int rc; |
5048 | |
|
5049 | 0 | DEBUGASSERT(connssl->earlydata_state == ssl_earlydata_sending); |
5050 | 0 | octx->io_result = CURLE_OK; |
5051 | 0 | while(Curl_bufq_peek(&connssl->earlydata, &buf, &blen)) { |
5052 | 0 | nwritten = 0; |
5053 | 0 | rc = SSL_write_early_data(octx->ssl, buf, blen, &nwritten); |
5054 | 0 | CURL_TRC_CF(data, cf, "SSL_write_early_data(len=%zu) -> %d, %zu", |
5055 | 0 | blen, rc, nwritten); |
5056 | 0 | if(rc <= 0) { |
5057 | 0 | long sslerror; |
5058 | 0 | char error_buffer[256]; |
5059 | 0 | int err = SSL_get_error(octx->ssl, rc); |
5060 | |
|
5061 | 0 | switch(err) { |
5062 | 0 | case SSL_ERROR_WANT_READ: |
5063 | 0 | connssl->io_need = CURL_SSL_IO_NEED_RECV; |
5064 | 0 | result = CURLE_AGAIN; |
5065 | 0 | goto out; |
5066 | 0 | case SSL_ERROR_WANT_WRITE: |
5067 | 0 | connssl->io_need = CURL_SSL_IO_NEED_SEND; |
5068 | 0 | result = CURLE_AGAIN; |
5069 | 0 | goto out; |
5070 | 0 | case SSL_ERROR_SYSCALL: { |
5071 | 0 | int sockerr = SOCKERRNO; |
5072 | |
|
5073 | 0 | if(octx->io_result == CURLE_AGAIN) { |
5074 | 0 | result = CURLE_AGAIN; |
5075 | 0 | goto out; |
5076 | 0 | } |
5077 | 0 | sslerror = ERR_get_error(); |
5078 | 0 | if(sslerror) |
5079 | 0 | ossl_strerror(sslerror, error_buffer, sizeof(error_buffer)); |
5080 | 0 | else if(sockerr) |
5081 | 0 | Curl_strerror(sockerr, error_buffer, sizeof(error_buffer)); |
5082 | 0 | else |
5083 | 0 | msnprintf(error_buffer, sizeof(error_buffer), "%s", |
5084 | 0 | SSL_ERROR_to_str(err)); |
5085 | |
|
5086 | 0 | failf(data, OSSL_PACKAGE " SSL_write:early_data: %s, errno %d", |
5087 | 0 | error_buffer, sockerr); |
5088 | 0 | result = CURLE_SEND_ERROR; |
5089 | 0 | goto out; |
5090 | 0 | } |
5091 | 0 | case SSL_ERROR_SSL: { |
5092 | | /* A failure in the SSL library occurred, usually a protocol error. |
5093 | | The OpenSSL error queue contains more information on the error. */ |
5094 | 0 | sslerror = ERR_get_error(); |
5095 | 0 | failf(data, "SSL_write_early_data() error: %s", |
5096 | 0 | ossl_strerror(sslerror, error_buffer, sizeof(error_buffer))); |
5097 | 0 | result = CURLE_SEND_ERROR; |
5098 | 0 | goto out; |
5099 | 0 | } |
5100 | 0 | default: |
5101 | | /* a true error */ |
5102 | 0 | failf(data, OSSL_PACKAGE " SSL_write_early_data: %s, errno %d", |
5103 | 0 | SSL_ERROR_to_str(err), SOCKERRNO); |
5104 | 0 | result = CURLE_SEND_ERROR; |
5105 | 0 | goto out; |
5106 | 0 | } |
5107 | 0 | } |
5108 | 0 | Curl_bufq_skip(&connssl->earlydata, nwritten); |
5109 | 0 | } |
5110 | | /* sent everything there was */ |
5111 | 0 | infof(data, "SSL sending %zu bytes of early data", connssl->earlydata_skip); |
5112 | 0 | out: |
5113 | 0 | return result; |
5114 | 0 | } |
5115 | | #endif /* HAVE_OPENSSL_EARLYDATA */ |
5116 | | |
5117 | | static CURLcode ossl_connect(struct Curl_cfilter *cf, |
5118 | | struct Curl_easy *data, |
5119 | | bool *done) |
5120 | 58 | { |
5121 | 58 | CURLcode result = CURLE_OK; |
5122 | 58 | struct ssl_connect_data *connssl = cf->ctx; |
5123 | | |
5124 | | /* check if the connection has already been established */ |
5125 | 58 | if(ssl_connection_complete == connssl->state) { |
5126 | 0 | *done = TRUE; |
5127 | 0 | return CURLE_OK; |
5128 | 0 | } |
5129 | | |
5130 | 58 | *done = FALSE; |
5131 | 58 | connssl->io_need = CURL_SSL_IO_NEED_NONE; |
5132 | | |
5133 | 58 | if(ssl_connect_1 == connssl->connecting_state) { |
5134 | 21 | CURL_TRC_CF(data, cf, "ossl_connect, step1"); |
5135 | 21 | result = ossl_connect_step1(cf, data); |
5136 | 21 | if(result) |
5137 | 0 | goto out; |
5138 | 21 | } |
5139 | | |
5140 | 58 | if(ssl_connect_2 == connssl->connecting_state) { |
5141 | 58 | CURL_TRC_CF(data, cf, "ossl_connect, step2"); |
5142 | 58 | #ifdef HAVE_OPENSSL_EARLYDATA |
5143 | 58 | if(connssl->earlydata_state == ssl_earlydata_await) { |
5144 | 0 | goto out; |
5145 | 0 | } |
5146 | 58 | else if(connssl->earlydata_state == ssl_earlydata_sending) { |
5147 | 0 | result = ossl_send_earlydata(cf, data); |
5148 | 0 | if(result) |
5149 | 0 | goto out; |
5150 | 0 | connssl->earlydata_state = ssl_earlydata_sent; |
5151 | 0 | } |
5152 | 58 | #endif |
5153 | 58 | DEBUGASSERT((connssl->earlydata_state == ssl_earlydata_none) || |
5154 | 58 | (connssl->earlydata_state == ssl_earlydata_sent)); |
5155 | | |
5156 | 58 | result = ossl_connect_step2(cf, data); |
5157 | 58 | if(result) |
5158 | 37 | goto out; |
5159 | 58 | } |
5160 | | |
5161 | 21 | if(ssl_connect_3 == connssl->connecting_state) { |
5162 | 21 | CURL_TRC_CF(data, cf, "ossl_connect, step3"); |
5163 | 21 | result = ossl_connect_step3(cf, data); |
5164 | 21 | if(result) |
5165 | 0 | goto out; |
5166 | 21 | connssl->connecting_state = ssl_connect_done; |
5167 | 21 | #ifdef HAVE_OPENSSL_EARLYDATA |
5168 | 21 | if(connssl->earlydata_state > ssl_earlydata_none) { |
5169 | 0 | struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend; |
5170 | | /* We should be in this state by now */ |
5171 | 0 | DEBUGASSERT(connssl->earlydata_state == ssl_earlydata_sent); |
5172 | 0 | connssl->earlydata_state = |
5173 | 0 | (SSL_get_early_data_status(octx->ssl) == SSL_EARLY_DATA_ACCEPTED) ? |
5174 | 0 | ssl_earlydata_accepted : ssl_earlydata_rejected; |
5175 | 0 | } |
5176 | 21 | #endif |
5177 | 21 | } |
5178 | | |
5179 | 21 | if(ssl_connect_done == connssl->connecting_state) { |
5180 | 21 | CURL_TRC_CF(data, cf, "ossl_connect, done"); |
5181 | 21 | connssl->state = ssl_connection_complete; |
5182 | 21 | } |
5183 | | |
5184 | 58 | out: |
5185 | 58 | if(result == CURLE_AGAIN) { |
5186 | 37 | *done = FALSE; |
5187 | 37 | return CURLE_OK; |
5188 | 37 | } |
5189 | 21 | *done = ((connssl->state == ssl_connection_complete) || |
5190 | 21 | (connssl->state == ssl_connection_deferred)); |
5191 | 21 | return result; |
5192 | 58 | } |
5193 | | |
5194 | | static bool ossl_data_pending(struct Curl_cfilter *cf, |
5195 | | const struct Curl_easy *data) |
5196 | 57 | { |
5197 | 57 | struct ssl_connect_data *connssl = cf->ctx; |
5198 | 57 | struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend; |
5199 | | |
5200 | 57 | (void)data; |
5201 | 57 | DEBUGASSERT(connssl && octx); |
5202 | 57 | if(octx->ssl && SSL_pending(octx->ssl)) |
5203 | 0 | return TRUE; |
5204 | 57 | return FALSE; |
5205 | 57 | } |
5206 | | |
5207 | | static ssize_t ossl_send(struct Curl_cfilter *cf, |
5208 | | struct Curl_easy *data, |
5209 | | const void *mem, |
5210 | | size_t len, |
5211 | | CURLcode *curlcode) |
5212 | 35 | { |
5213 | | /* SSL_write() is said to return 'int' while write() and send() returns |
5214 | | 'size_t' */ |
5215 | 35 | int err; |
5216 | 35 | char error_buffer[256]; |
5217 | 35 | sslerr_t sslerror; |
5218 | 35 | int memlen; |
5219 | 35 | int rc; |
5220 | 35 | struct ssl_connect_data *connssl = cf->ctx; |
5221 | 35 | struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend; |
5222 | | |
5223 | 35 | (void)data; |
5224 | 35 | DEBUGASSERT(octx); |
5225 | | |
5226 | 35 | ERR_clear_error(); |
5227 | | |
5228 | 35 | connssl->io_need = CURL_SSL_IO_NEED_NONE; |
5229 | 35 | memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len; |
5230 | 35 | rc = SSL_write(octx->ssl, mem, memlen); |
5231 | | |
5232 | 35 | if(rc <= 0) { |
5233 | 0 | err = SSL_get_error(octx->ssl, rc); |
5234 | |
|
5235 | 0 | switch(err) { |
5236 | 0 | case SSL_ERROR_WANT_READ: |
5237 | 0 | connssl->io_need = CURL_SSL_IO_NEED_RECV; |
5238 | 0 | *curlcode = CURLE_AGAIN; |
5239 | 0 | rc = -1; |
5240 | 0 | goto out; |
5241 | 0 | case SSL_ERROR_WANT_WRITE: |
5242 | 0 | *curlcode = CURLE_AGAIN; |
5243 | 0 | rc = -1; |
5244 | 0 | goto out; |
5245 | 0 | case SSL_ERROR_SYSCALL: |
5246 | 0 | { |
5247 | 0 | int sockerr = SOCKERRNO; |
5248 | |
|
5249 | 0 | if(octx->io_result == CURLE_AGAIN) { |
5250 | 0 | *curlcode = CURLE_AGAIN; |
5251 | 0 | rc = -1; |
5252 | 0 | goto out; |
5253 | 0 | } |
5254 | 0 | sslerror = ERR_get_error(); |
5255 | 0 | if(sslerror) |
5256 | 0 | ossl_strerror(sslerror, error_buffer, sizeof(error_buffer)); |
5257 | 0 | else if(sockerr) |
5258 | 0 | Curl_strerror(sockerr, error_buffer, sizeof(error_buffer)); |
5259 | 0 | else |
5260 | 0 | msnprintf(error_buffer, sizeof(error_buffer), "%s", |
5261 | 0 | SSL_ERROR_to_str(err)); |
5262 | |
|
5263 | 0 | failf(data, OSSL_PACKAGE " SSL_write: %s, errno %d", |
5264 | 0 | error_buffer, sockerr); |
5265 | 0 | *curlcode = CURLE_SEND_ERROR; |
5266 | 0 | rc = -1; |
5267 | 0 | goto out; |
5268 | 0 | } |
5269 | 0 | case SSL_ERROR_SSL: { |
5270 | | /* A failure in the SSL library occurred, usually a protocol error. |
5271 | | The OpenSSL error queue contains more information on the error. */ |
5272 | 0 | sslerror = ERR_get_error(); |
5273 | 0 | failf(data, "SSL_write() error: %s", |
5274 | 0 | ossl_strerror(sslerror, error_buffer, sizeof(error_buffer))); |
5275 | 0 | *curlcode = CURLE_SEND_ERROR; |
5276 | 0 | rc = -1; |
5277 | 0 | goto out; |
5278 | 0 | } |
5279 | 0 | default: |
5280 | | /* a true error */ |
5281 | 0 | failf(data, OSSL_PACKAGE " SSL_write: %s, errno %d", |
5282 | 0 | SSL_ERROR_to_str(err), SOCKERRNO); |
5283 | 0 | *curlcode = CURLE_SEND_ERROR; |
5284 | 0 | rc = -1; |
5285 | 0 | goto out; |
5286 | 0 | } |
5287 | 0 | } |
5288 | 35 | *curlcode = CURLE_OK; |
5289 | | |
5290 | 35 | out: |
5291 | 35 | return (ssize_t)rc; /* number of bytes */ |
5292 | 35 | } |
5293 | | |
5294 | | static ssize_t ossl_recv(struct Curl_cfilter *cf, |
5295 | | struct Curl_easy *data, /* transfer */ |
5296 | | char *buf, /* store read data here */ |
5297 | | size_t buffersize, /* max amount to read */ |
5298 | | CURLcode *curlcode) |
5299 | 96 | { |
5300 | 96 | char error_buffer[256]; |
5301 | 96 | unsigned long sslerror; |
5302 | 96 | ssize_t nread; |
5303 | 96 | int buffsize; |
5304 | 96 | struct connectdata *conn = cf->conn; |
5305 | 96 | struct ssl_connect_data *connssl = cf->ctx; |
5306 | 96 | struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend; |
5307 | | |
5308 | 96 | (void)data; |
5309 | 96 | DEBUGASSERT(octx); |
5310 | | |
5311 | 96 | ERR_clear_error(); |
5312 | | |
5313 | 96 | connssl->io_need = CURL_SSL_IO_NEED_NONE; |
5314 | 96 | buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize; |
5315 | 96 | nread = (ssize_t)SSL_read(octx->ssl, buf, buffsize); |
5316 | | |
5317 | 96 | if(nread <= 0) { |
5318 | | /* failed SSL_read */ |
5319 | 57 | int err = SSL_get_error(octx->ssl, (int)nread); |
5320 | | |
5321 | 57 | switch(err) { |
5322 | 0 | case SSL_ERROR_NONE: /* this is not an error */ |
5323 | 0 | break; |
5324 | 0 | case SSL_ERROR_ZERO_RETURN: /* no more data */ |
5325 | | /* close_notify alert */ |
5326 | 0 | if(cf->sockindex == FIRSTSOCKET) |
5327 | | /* mark the connection for close if it is indeed the control |
5328 | | connection */ |
5329 | 0 | connclose(conn, "TLS close_notify"); |
5330 | 0 | break; |
5331 | 57 | case SSL_ERROR_WANT_READ: |
5332 | 57 | *curlcode = CURLE_AGAIN; |
5333 | 57 | nread = -1; |
5334 | 57 | goto out; |
5335 | 0 | case SSL_ERROR_WANT_WRITE: |
5336 | 0 | connssl->io_need = CURL_SSL_IO_NEED_SEND; |
5337 | 0 | *curlcode = CURLE_AGAIN; |
5338 | 0 | nread = -1; |
5339 | 0 | goto out; |
5340 | 0 | default: |
5341 | | /* openssl/ssl.h for SSL_ERROR_SYSCALL says "look at error stack/return |
5342 | | value/errno" */ |
5343 | | /* https://docs.openssl.org/master/man3/ERR_get_error/ */ |
5344 | 0 | if(octx->io_result == CURLE_AGAIN) { |
5345 | 0 | *curlcode = CURLE_AGAIN; |
5346 | 0 | nread = -1; |
5347 | 0 | goto out; |
5348 | 0 | } |
5349 | 0 | sslerror = ERR_get_error(); |
5350 | 0 | if((nread < 0) || sslerror) { |
5351 | | /* If the return code was negative or there actually is an error in the |
5352 | | queue */ |
5353 | 0 | int sockerr = SOCKERRNO; |
5354 | 0 | if(sslerror) |
5355 | 0 | ossl_strerror(sslerror, error_buffer, sizeof(error_buffer)); |
5356 | 0 | else if(sockerr && err == SSL_ERROR_SYSCALL) |
5357 | 0 | Curl_strerror(sockerr, error_buffer, sizeof(error_buffer)); |
5358 | 0 | else |
5359 | 0 | msnprintf(error_buffer, sizeof(error_buffer), "%s", |
5360 | 0 | SSL_ERROR_to_str(err)); |
5361 | 0 | failf(data, OSSL_PACKAGE " SSL_read: %s, errno %d", |
5362 | 0 | error_buffer, sockerr); |
5363 | 0 | *curlcode = CURLE_RECV_ERROR; |
5364 | 0 | nread = -1; |
5365 | 0 | goto out; |
5366 | 0 | } |
5367 | | /* For debug builds be a little stricter and error on any |
5368 | | SSL_ERROR_SYSCALL. For example a server may have closed the connection |
5369 | | abruptly without a close_notify alert. For compatibility with older |
5370 | | peers we do not do this by default. #4624 |
5371 | | |
5372 | | We can use this to gauge how many users may be affected, and |
5373 | | if it goes ok eventually transition to allow in dev and release with |
5374 | | the newest OpenSSL: #if (OPENSSL_VERSION_NUMBER >= 0x10101000L) */ |
5375 | | #ifdef DEBUGBUILD |
5376 | | if(err == SSL_ERROR_SYSCALL) { |
5377 | | int sockerr = SOCKERRNO; |
5378 | | if(sockerr) |
5379 | | Curl_strerror(sockerr, error_buffer, sizeof(error_buffer)); |
5380 | | else { |
5381 | | msnprintf(error_buffer, sizeof(error_buffer), |
5382 | | "Connection closed abruptly"); |
5383 | | } |
5384 | | failf(data, OSSL_PACKAGE " SSL_read: %s, errno %d" |
5385 | | " (Fatal because this is a curl debug build)", |
5386 | | error_buffer, sockerr); |
5387 | | *curlcode = CURLE_RECV_ERROR; |
5388 | | nread = -1; |
5389 | | goto out; |
5390 | | } |
5391 | | #endif |
5392 | 57 | } |
5393 | 57 | } |
5394 | | |
5395 | 96 | out: |
5396 | 96 | return nread; |
5397 | 96 | } |
5398 | | |
5399 | | static CURLcode ossl_get_channel_binding(struct Curl_easy *data, int sockindex, |
5400 | | struct dynbuf *binding) |
5401 | 0 | { |
5402 | | /* required for X509_get_signature_nid support */ |
5403 | 0 | #if OPENSSL_VERSION_NUMBER > 0x10100000L |
5404 | 0 | X509 *cert; |
5405 | 0 | int algo_nid; |
5406 | 0 | const EVP_MD *algo_type; |
5407 | 0 | const char *algo_name; |
5408 | 0 | unsigned int length; |
5409 | 0 | unsigned char buf[EVP_MAX_MD_SIZE]; |
5410 | |
|
5411 | 0 | const char prefix[] = "tls-server-end-point:"; |
5412 | 0 | struct connectdata *conn = data->conn; |
5413 | 0 | struct Curl_cfilter *cf = conn->cfilter[sockindex]; |
5414 | 0 | struct ossl_ctx *octx = NULL; |
5415 | |
|
5416 | 0 | do { |
5417 | 0 | const struct Curl_cftype *cft = cf->cft; |
5418 | 0 | struct ssl_connect_data *connssl = cf->ctx; |
5419 | |
|
5420 | 0 | if(cft->name && !strcmp(cft->name, "SSL")) { |
5421 | 0 | octx = (struct ossl_ctx *)connssl->backend; |
5422 | 0 | break; |
5423 | 0 | } |
5424 | | |
5425 | 0 | if(cf->next) |
5426 | 0 | cf = cf->next; |
5427 | |
|
5428 | 0 | } while(cf->next); |
5429 | | |
5430 | 0 | if(!octx) { |
5431 | 0 | failf(data, "Failed to find the SSL filter"); |
5432 | 0 | return CURLE_BAD_FUNCTION_ARGUMENT; |
5433 | 0 | } |
5434 | | |
5435 | 0 | cert = SSL_get1_peer_certificate(octx->ssl); |
5436 | 0 | if(!cert) { |
5437 | | /* No server certificate, don't do channel binding */ |
5438 | 0 | return CURLE_OK; |
5439 | 0 | } |
5440 | | |
5441 | 0 | if(!OBJ_find_sigid_algs(X509_get_signature_nid(cert), &algo_nid, NULL)) { |
5442 | 0 | failf(data, |
5443 | 0 | "Unable to find digest NID for certificate signature algorithm"); |
5444 | 0 | return CURLE_SSL_INVALIDCERTSTATUS; |
5445 | 0 | } |
5446 | | |
5447 | | /* https://datatracker.ietf.org/doc/html/rfc5929#section-4.1 */ |
5448 | 0 | if(algo_nid == NID_md5 || algo_nid == NID_sha1) { |
5449 | 0 | algo_type = EVP_sha256(); |
5450 | 0 | } |
5451 | 0 | else { |
5452 | 0 | algo_type = EVP_get_digestbynid(algo_nid); |
5453 | 0 | if(!algo_type) { |
5454 | 0 | algo_name = OBJ_nid2sn(algo_nid); |
5455 | 0 | failf(data, "Could not find digest algorithm %s (NID %d)", |
5456 | 0 | algo_name ? algo_name : "(null)", algo_nid); |
5457 | 0 | return CURLE_SSL_INVALIDCERTSTATUS; |
5458 | 0 | } |
5459 | 0 | } |
5460 | | |
5461 | 0 | if(!X509_digest(cert, algo_type, buf, &length)) { |
5462 | 0 | failf(data, "X509_digest() failed"); |
5463 | 0 | return CURLE_SSL_INVALIDCERTSTATUS; |
5464 | 0 | } |
5465 | | |
5466 | | /* Append "tls-server-end-point:" */ |
5467 | 0 | if(curlx_dyn_addn(binding, prefix, sizeof(prefix) - 1) != CURLE_OK) |
5468 | 0 | return CURLE_OUT_OF_MEMORY; |
5469 | | /* Append digest */ |
5470 | 0 | if(curlx_dyn_addn(binding, buf, length)) |
5471 | 0 | return CURLE_OUT_OF_MEMORY; |
5472 | | |
5473 | 0 | return CURLE_OK; |
5474 | | #else |
5475 | | /* No X509_get_signature_nid support */ |
5476 | | (void)data; /* unused */ |
5477 | | (void)sockindex; /* unused */ |
5478 | | (void)binding; /* unused */ |
5479 | | return CURLE_OK; |
5480 | | #endif |
5481 | 0 | } |
5482 | | |
5483 | | size_t Curl_ossl_version(char *buffer, size_t size) |
5484 | 24 | { |
5485 | | #ifdef LIBRESSL_VERSION_NUMBER |
5486 | | char *p; |
5487 | | size_t count; |
5488 | | const char *ver = OpenSSL_version(OPENSSL_VERSION); |
5489 | | const char expected[] = OSSL_PACKAGE " "; /* ie "LibreSSL " */ |
5490 | | if(strncasecompare(ver, expected, sizeof(expected) - 1)) { |
5491 | | ver += sizeof(expected) - 1; |
5492 | | } |
5493 | | count = msnprintf(buffer, size, "%s/%s", OSSL_PACKAGE, ver); |
5494 | | for(p = buffer; *p; ++p) { |
5495 | | if(ISBLANK(*p)) |
5496 | | *p = '_'; |
5497 | | } |
5498 | | return count; |
5499 | | #elif defined(OPENSSL_IS_BORINGSSL) |
5500 | | #ifdef CURL_BORINGSSL_VERSION |
5501 | | return msnprintf(buffer, size, "%s/%s", |
5502 | | OSSL_PACKAGE, |
5503 | | CURL_BORINGSSL_VERSION); |
5504 | | #else |
5505 | | return msnprintf(buffer, size, OSSL_PACKAGE); |
5506 | | #endif |
5507 | | #elif defined(OPENSSL_IS_AWSLC) |
5508 | | return msnprintf(buffer, size, "%s/%s", |
5509 | | OSSL_PACKAGE, |
5510 | | AWSLC_VERSION_NUMBER_STRING); |
5511 | | #elif defined(HAVE_OPENSSL_VERSION) && defined(OPENSSL_VERSION_STRING) |
5512 | | return msnprintf(buffer, size, "%s/%s", |
5513 | | OSSL_PACKAGE, OpenSSL_version(OPENSSL_VERSION_STRING)); |
5514 | | #else |
5515 | | /* not LibreSSL, BoringSSL and not using OpenSSL_version */ |
5516 | | |
5517 | 24 | char sub[3]; |
5518 | 24 | unsigned long ssleay_value; |
5519 | 24 | sub[2]='\0'; |
5520 | 24 | sub[1]='\0'; |
5521 | 24 | ssleay_value = OpenSSL_version_num(); |
5522 | 24 | if(ssleay_value&0xff0) { |
5523 | 24 | int minor_ver = (ssleay_value >> 4) & 0xff; |
5524 | 24 | if(minor_ver > 26) { |
5525 | | /* handle extended version introduced for 0.9.8za */ |
5526 | 0 | sub[1] = (char) ((minor_ver - 1) % 26 + 'a' + 1); |
5527 | 0 | sub[0] = 'z'; |
5528 | 0 | } |
5529 | 24 | else { |
5530 | 24 | sub[0] = (char) (minor_ver + 'a' - 1); |
5531 | 24 | } |
5532 | 24 | } |
5533 | 0 | else |
5534 | 0 | sub[0]='\0'; |
5535 | | |
5536 | 24 | return msnprintf(buffer, size, "%s/%lx.%lx.%lx%s" |
5537 | | #ifdef OPENSSL_FIPS |
5538 | | "-fips" |
5539 | | #endif |
5540 | 24 | , |
5541 | 24 | OSSL_PACKAGE, |
5542 | 24 | (ssleay_value >> 28) & 0xf, |
5543 | 24 | (ssleay_value >> 20) & 0xff, |
5544 | 24 | (ssleay_value >> 12) & 0xff, |
5545 | 24 | sub); |
5546 | 24 | #endif /* OPENSSL_IS_BORINGSSL */ |
5547 | 24 | } |
5548 | | |
5549 | | /* can be called with data == NULL */ |
5550 | | static CURLcode ossl_random(struct Curl_easy *data, |
5551 | | unsigned char *entropy, size_t length) |
5552 | 0 | { |
5553 | 0 | int rc; |
5554 | 0 | if(data) { |
5555 | 0 | if(ossl_seed(data)) /* Initiate the seed if not already done */ |
5556 | 0 | return CURLE_FAILED_INIT; /* could not seed for some reason */ |
5557 | 0 | } |
5558 | 0 | else { |
5559 | 0 | if(!rand_enough()) |
5560 | 0 | return CURLE_FAILED_INIT; |
5561 | 0 | } |
5562 | | /* RAND_bytes() returns 1 on success, 0 otherwise. */ |
5563 | 0 | rc = RAND_bytes(entropy, (ossl_valsize_t)curlx_uztosi(length)); |
5564 | 0 | return rc == 1 ? CURLE_OK : CURLE_FAILED_INIT; |
5565 | 0 | } |
5566 | | |
5567 | | #ifndef OPENSSL_NO_SHA256 |
5568 | | static CURLcode ossl_sha256sum(const unsigned char *tmp, /* input */ |
5569 | | size_t tmplen, |
5570 | | unsigned char *sha256sum /* output */, |
5571 | | size_t unused) |
5572 | 0 | { |
5573 | 0 | EVP_MD_CTX *mdctx; |
5574 | 0 | unsigned int len = 0; |
5575 | 0 | (void) unused; |
5576 | |
|
5577 | 0 | mdctx = EVP_MD_CTX_create(); |
5578 | 0 | if(!mdctx) |
5579 | 0 | return CURLE_OUT_OF_MEMORY; |
5580 | 0 | if(!EVP_DigestInit(mdctx, EVP_sha256())) { |
5581 | 0 | EVP_MD_CTX_destroy(mdctx); |
5582 | 0 | return CURLE_FAILED_INIT; |
5583 | 0 | } |
5584 | 0 | EVP_DigestUpdate(mdctx, tmp, tmplen); |
5585 | 0 | EVP_DigestFinal_ex(mdctx, sha256sum, &len); |
5586 | 0 | EVP_MD_CTX_destroy(mdctx); |
5587 | 0 | return CURLE_OK; |
5588 | 0 | } |
5589 | | #endif |
5590 | | |
5591 | | static bool ossl_cert_status_request(void) |
5592 | 0 | { |
5593 | 0 | #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_OCSP) |
5594 | 0 | return TRUE; |
5595 | | #else |
5596 | | return FALSE; |
5597 | | #endif |
5598 | 0 | } |
5599 | | |
5600 | | static void *ossl_get_internals(struct ssl_connect_data *connssl, |
5601 | | CURLINFO info) |
5602 | 0 | { |
5603 | | /* Legacy: CURLINFO_TLS_SESSION must return an SSL_CTX pointer. */ |
5604 | 0 | struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend; |
5605 | 0 | DEBUGASSERT(octx); |
5606 | 0 | return info == CURLINFO_TLS_SESSION ? |
5607 | 0 | (void *)octx->ssl_ctx : (void *)octx->ssl; |
5608 | 0 | } |
5609 | | |
5610 | | const struct Curl_ssl Curl_ssl_openssl = { |
5611 | | { CURLSSLBACKEND_OPENSSL, "openssl" }, /* info */ |
5612 | | |
5613 | | SSLSUPP_CA_PATH | |
5614 | | SSLSUPP_CAINFO_BLOB | |
5615 | | SSLSUPP_CERTINFO | |
5616 | | SSLSUPP_PINNEDPUBKEY | |
5617 | | SSLSUPP_SSL_CTX | |
5618 | | #ifdef HAVE_SSL_CTX_SET_CIPHERSUITES |
5619 | | SSLSUPP_TLS13_CIPHERSUITES | |
5620 | | #endif |
5621 | | #ifdef HAVE_SSL_CTX_SET1_SIGALGS |
5622 | | SSLSUPP_SIGNATURE_ALGORITHMS | |
5623 | | #endif |
5624 | | #ifdef USE_ECH_OPENSSL |
5625 | | SSLSUPP_ECH | |
5626 | | #endif |
5627 | | SSLSUPP_CA_CACHE | |
5628 | | SSLSUPP_HTTPS_PROXY | |
5629 | | SSLSUPP_CIPHER_LIST, |
5630 | | |
5631 | | sizeof(struct ossl_ctx), |
5632 | | |
5633 | | ossl_init, /* init */ |
5634 | | ossl_cleanup, /* cleanup */ |
5635 | | Curl_ossl_version, /* version */ |
5636 | | ossl_shutdown, /* shutdown */ |
5637 | | ossl_data_pending, /* data_pending */ |
5638 | | ossl_random, /* random */ |
5639 | | ossl_cert_status_request, /* cert_status_request */ |
5640 | | ossl_connect, /* connect */ |
5641 | | Curl_ssl_adjust_pollset, /* adjust_pollset */ |
5642 | | ossl_get_internals, /* get_internals */ |
5643 | | ossl_close, /* close_one */ |
5644 | | ossl_close_all, /* close_all */ |
5645 | | ossl_set_engine, /* set_engine or provider */ |
5646 | | ossl_set_engine_default, /* set_engine_default */ |
5647 | | ossl_engines_list, /* engines_list */ |
5648 | | NULL, /* false_start */ |
5649 | | #ifndef OPENSSL_NO_SHA256 |
5650 | | ossl_sha256sum, /* sha256sum */ |
5651 | | #else |
5652 | | NULL, /* sha256sum */ |
5653 | | #endif |
5654 | | ossl_recv, /* recv decrypted data */ |
5655 | | ossl_send, /* send data to encrypt */ |
5656 | | ossl_get_channel_binding /* get_channel_binding */ |
5657 | | }; |
5658 | | |
5659 | | #endif /* USE_OPENSSL */ |