Coverage Report

Created: 2025-06-09 07:42

/src/gdal/curl/lib/vtls/openssl.c
Line
Count
Source (jump to first uncovered line)
1
/***************************************************************************
2
 *                                  _   _ ____  _
3
 *  Project                     ___| | | |  _ \| |
4
 *                             / __| | | | |_) | |
5
 *                            | (__| |_| |  _ <| |___
6
 *                             \___|\___/|_| \_\_____|
7
 *
8
 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
9
 *
10
 * This software is licensed as described in the file COPYING, which
11
 * you should have received as part of this distribution. The terms
12
 * are also available at https://curl.se/docs/copyright.html.
13
 *
14
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15
 * copies of the Software, and permit persons to whom the Software is
16
 * furnished to do so, under the terms of the COPYING file.
17
 *
18
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19
 * KIND, either express or implied.
20
 *
21
 * SPDX-License-Identifier: curl
22
 *
23
 ***************************************************************************/
24
25
/*
26
 * Source file for all OpenSSL-specific code for the TLS/SSL layer. No code
27
 * but vtls.c should ever call or use these functions.
28
 */
29
30
#include "../curl_setup.h"
31
32
#if defined(USE_QUICHE) || defined(USE_OPENSSL)
33
34
#include <limits.h>
35
36
/* Wincrypt must be included before anything that could include OpenSSL. */
37
#ifdef USE_WIN32_CRYPTO
38
#include <wincrypt.h>
39
/* Undefine wincrypt conflicting symbols for BoringSSL. */
40
#undef X509_NAME
41
#undef X509_EXTENSIONS
42
#undef PKCS7_ISSUER_AND_SERIAL
43
#undef PKCS7_SIGNER_INFO
44
#undef OCSP_REQUEST
45
#undef OCSP_RESPONSE
46
#endif
47
48
#include "../urldata.h"
49
#include "../sendf.h"
50
#include "../formdata.h" /* for the boundary function */
51
#include "../url.h" /* for the ssl config check function */
52
#include "../curlx/inet_pton.h"
53
#include "openssl.h"
54
#include "../connect.h"
55
#include "../slist.h"
56
#include "../select.h"
57
#include "vtls.h"
58
#include "vtls_int.h"
59
#include "vtls_scache.h"
60
#include "../vauth/vauth.h"
61
#include "keylog.h"
62
#include "../strcase.h"
63
#include "hostcheck.h"
64
#include "../multiif.h"
65
#include "../curlx/strparse.h"
66
#include "../strdup.h"
67
#include "../strerror.h"
68
#include "../curl_printf.h"
69
70
#include <openssl/ssl.h>
71
#include <openssl/rand.h>
72
#include <openssl/x509v3.h>
73
#ifndef OPENSSL_NO_DSA
74
#include <openssl/dsa.h>
75
#endif
76
#include <openssl/dh.h>
77
#include <openssl/err.h>
78
#include <openssl/md5.h>
79
#include <openssl/conf.h>
80
#include <openssl/bn.h>
81
#include <openssl/rsa.h>
82
#include <openssl/bio.h>
83
#include <openssl/buffer.h>
84
#include <openssl/pkcs12.h>
85
#include <openssl/tls1.h>
86
#include <openssl/evp.h>
87
88
#ifdef HAVE_SSL_SET1_ECH_CONFIG_LIST
89
#define USE_ECH_OPENSSL
90
#endif
91
92
#ifdef USE_ECH_OPENSSL
93
# if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC)
94
#  include <openssl/ech.h>
95
# endif
96
#endif /* USE_ECH_OPENSSL */
97
98
#ifndef OPENSSL_NO_OCSP
99
#include <openssl/ocsp.h>
100
#endif
101
102
#if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_UI_CONSOLE)
103
#define USE_OPENSSL_ENGINE
104
#include <openssl/engine.h>
105
#endif
106
107
#ifdef LIBRESSL_VERSION_NUMBER
108
# /* As of LibreSSL 2.0.0-4.0.0: OPENSSL_VERSION_NUMBER == 0x20000000L */
109
# if LIBRESSL_VERSION_NUMBER < 0x2090100fL /* 2019-04-13 */
110
#  error "LibreSSL 2.9.1 or later required"
111
# endif
112
#elif OPENSSL_VERSION_NUMBER < 0x1000201fL /* 2015-03-19 */
113
# error "OpenSSL 1.0.2a or later required"
114
#endif
115
116
#if OPENSSL_VERSION_NUMBER >= 0x3000000fL && !defined(OPENSSL_NO_UI_CONSOLE)
117
#include <openssl/provider.h>
118
#include <openssl/store.h>
119
/* this is used in the following conditions to make them easier to read */
120
#define OPENSSL_HAS_PROVIDERS
121
122
static void ossl_provider_cleanup(struct Curl_easy *data);
123
#endif
124
125
#include "../curlx/warnless.h"
126
127
/* The last #include files should be: */
128
#include "../curl_memory.h"
129
#include "../memdebug.h"
130
131
/* Uncomment the ALLOW_RENEG line to a real #define if you want to allow TLS
132
   renegotiations when built with BoringSSL. Renegotiating is non-compliant
133
   with HTTP/2 and "an extremely dangerous protocol feature". Beware.
134
135
#define ALLOW_RENEG 1
136
 */
137
138
#ifndef OPENSSL_VERSION_NUMBER
139
#error "OPENSSL_VERSION_NUMBER not defined"
140
#endif
141
142
#if defined(USE_OPENSSL_ENGINE) || defined(OPENSSL_HAS_PROVIDERS)
143
#include <openssl/ui.h>
144
#endif
145
146
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
147
0
#define OSSL_UI_METHOD_CAST(x) (x)
148
#else
149
#define OSSL_UI_METHOD_CAST(x) CURL_UNCONST(x)
150
#endif
151
152
#if OPENSSL_VERSION_NUMBER >= 0x10100000L /* OpenSSL 1.1.0+ and LibreSSL */
153
#define HAVE_X509_GET0_EXTENSIONS 1 /* added in 1.1.0 -pre1 */
154
#define HAVE_OPAQUE_EVP_PKEY 1 /* since 1.1.0 -pre3 */
155
#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */
156
#define HAVE_ERR_REMOVE_THREAD_STATE_DEPRECATED 1
157
#else
158
/* For OpenSSL before 1.1.0 */
159
#define ASN1_STRING_get0_data(x) ASN1_STRING_data(x)
160
#define X509_get0_notBefore(x) X509_get_notBefore(x)
161
#define X509_get0_notAfter(x) X509_get_notAfter(x)
162
#define OpenSSL_version_num() SSLeay()
163
#endif
164
165
#if OPENSSL_VERSION_NUMBER >= 0x10002003L && \
166
  OPENSSL_VERSION_NUMBER <= 0x10002FFFL && \
167
  !defined(OPENSSL_NO_COMP)
168
#define HAVE_SSL_COMP_FREE_COMPRESSION_METHODS 1
169
#endif
170
171
#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
172
#define HAVE_EVP_PKEY_GET_PARAMS 1
173
#endif
174
175
#ifdef HAVE_EVP_PKEY_GET_PARAMS
176
#include <openssl/core_names.h>
177
#define DECLARE_PKEY_PARAM_BIGNUM(name) BIGNUM *name = NULL
178
#define FREE_PKEY_PARAM_BIGNUM(name) BN_clear_free(name)
179
#else
180
0
#define DECLARE_PKEY_PARAM_BIGNUM(name) const BIGNUM *name
181
#define FREE_PKEY_PARAM_BIGNUM(name)
182
#endif
183
184
/* Whether SSL_CTX_set_ciphersuites is available.
185
 * OpenSSL: supported since 1.1.1 (commit a53b5be6a05)
186
 * BoringSSL: no
187
 * LibreSSL: supported since 3.4.1 (released 2021-10-14)
188
 */
189
#if ((OPENSSL_VERSION_NUMBER >= 0x10101000L && \
190
      !defined(LIBRESSL_VERSION_NUMBER)) || \
191
     (defined(LIBRESSL_VERSION_NUMBER) && \
192
      LIBRESSL_VERSION_NUMBER >= 0x3040100fL)) && \
193
    !defined(OPENSSL_IS_BORINGSSL)
194
  #define HAVE_SSL_CTX_SET_CIPHERSUITES
195
  #ifndef OPENSSL_IS_AWSLC
196
    #define HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
197
  #endif
198
#endif
199
200
/* Whether SSL_CTX_set1_sigalgs_list is available
201
 * OpenSSL: supported since 1.0.2 (commit 0b362de5f575)
202
 * BoringSSL: supported since 0.20240913.0 (commit 826ce15)
203
 * LibreSSL: no
204
 */
205
#if (OPENSSL_VERSION_NUMBER >= 0x10002000L && \
206
      !defined(LIBRESSL_VERSION_NUMBER))
207
  #define HAVE_SSL_CTX_SET1_SIGALGS
208
#endif
209
210
#ifdef LIBRESSL_VERSION_NUMBER
211
#define OSSL_PACKAGE "LibreSSL"
212
#elif defined(OPENSSL_IS_BORINGSSL)
213
#define OSSL_PACKAGE "BoringSSL"
214
#elif defined(OPENSSL_IS_AWSLC)
215
#define OSSL_PACKAGE "AWS-LC"
216
#elif (defined(USE_NGTCP2) && defined(USE_NGHTTP3) && \
217
       !defined(OPENSSL_QUIC_API2)) || defined(USE_MSH3)
218
#define OSSL_PACKAGE "quictls"
219
#else
220
24
#define OSSL_PACKAGE "OpenSSL"
221
#endif
222
223
#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
224
typedef size_t numcert_t;
225
#else
226
typedef int numcert_t;
227
#endif
228
#define ossl_valsize_t numcert_t
229
230
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
231
/* up2date versions of OpenSSL maintain reasonably secure defaults without
232
 * breaking compatibility, so it is better not to override the defaults in curl
233
 */
234
21
#define DEFAULT_CIPHER_SELECTION NULL
235
#else
236
/* not the case with old versions of OpenSSL */
237
#define DEFAULT_CIPHER_SELECTION \
238
  "ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH"
239
#endif
240
241
#ifdef HAVE_OPENSSL_SRP
242
/* the function exists */
243
#ifdef USE_TLS_SRP
244
/* the functionality is not disabled */
245
#define USE_OPENSSL_SRP
246
#endif
247
#endif
248
249
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
250
#define HAVE_RANDOM_INIT_BY_DEFAULT 1
251
#endif
252
253
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
254
    !defined(OPENSSL_IS_BORINGSSL) && \
255
    !defined(OPENSSL_IS_AWSLC)
256
#define HAVE_OPENSSL_VERSION
257
#endif
258
259
#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
260
typedef uint32_t sslerr_t;
261
#else
262
typedef unsigned long sslerr_t;
263
#endif
264
265
/*
266
 * Whether the OpenSSL version has the API needed to support sharing an
267
 * X509_STORE between connections. The API is:
268
 * * `X509_STORE_up_ref`       -- Introduced: OpenSSL 1.1.0.
269
 */
270
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) /* OpenSSL >= 1.1.0 */
271
#define HAVE_SSL_X509_STORE_SHARE
272
#endif
273
274
static CURLcode ossl_certchain(struct Curl_easy *data, SSL *ssl);
275
276
static CURLcode push_certinfo(struct Curl_easy *data,
277
                              BIO *mem, const char *label, int num)
278
  WARN_UNUSED_RESULT;
279
280
static CURLcode push_certinfo(struct Curl_easy *data,
281
                              BIO *mem, const char *label, int num)
282
0
{
283
0
  char *ptr;
284
0
  long len = BIO_get_mem_data(mem, &ptr);
285
0
  CURLcode result = Curl_ssl_push_certinfo_len(data, num, label, ptr, len);
286
0
  (void)BIO_reset(mem);
287
0
  return result;
288
0
}
289
290
static CURLcode pubkey_show(struct Curl_easy *data,
291
                            BIO *mem,
292
                            int num,
293
                            const char *type,
294
                            const char *name,
295
                            const BIGNUM *bn)
296
0
{
297
0
  char namebuf[32];
298
299
0
  msnprintf(namebuf, sizeof(namebuf), "%s(%s)", type, name);
300
301
0
  if(bn)
302
0
    BN_print(mem, bn);
303
0
  return push_certinfo(data, mem, namebuf, num);
304
0
}
305
306
#ifdef HAVE_OPAQUE_RSA_DSA_DH
307
#define print_pubkey_BN(_type, _name, _num)              \
308
0
  pubkey_show(data, mem, _num, #_type, #_name, _name)
309
310
#else
311
#define print_pubkey_BN(_type, _name, _num)    \
312
do {                              \
313
  if(_type->_name) { \
314
    pubkey_show(data, mem, _num, #_type, #_name, _type->_name); \
315
  } \
316
} while(0)
317
#endif
318
319
static int asn1_object_dump(ASN1_OBJECT *a, char *buf, size_t len)
320
0
{
321
0
  int i, ilen;
322
323
0
  ilen = (int)len;
324
0
  if(ilen < 0)
325
0
    return 1; /* buffer too big */
326
327
0
  i = i2t_ASN1_OBJECT(buf, ilen, a);
328
329
0
  if(i >= ilen)
330
0
    return 1; /* buffer too small */
331
332
0
  return 0;
333
0
}
334
335
static CURLcode X509V3_ext(struct Curl_easy *data,
336
                           int certnum,
337
                           const STACK_OF(X509_EXTENSION) *extsarg)
338
0
{
339
0
  int i;
340
0
  CURLcode result = CURLE_OK;
341
0
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
342
0
  !defined(LIBRESSL_VERSION_NUMBER)
343
0
  const STACK_OF(X509_EXTENSION) *exts = extsarg;
344
#else
345
  STACK_OF(X509_EXTENSION) *exts = CURL_UNCONST(extsarg);
346
#endif
347
348
0
  if((int)sk_X509_EXTENSION_num(exts) <= 0)
349
    /* no extensions, bail out */
350
0
    return result;
351
352
0
  for(i = 0; i < (int)sk_X509_EXTENSION_num(exts); i++) {
353
0
    ASN1_OBJECT *obj;
354
0
    X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, (ossl_valsize_t)i);
355
0
    BUF_MEM *biomem;
356
0
    char namebuf[128];
357
0
    BIO *bio_out = BIO_new(BIO_s_mem());
358
359
0
    if(!bio_out)
360
0
      return result;
361
362
0
    obj = X509_EXTENSION_get_object(ext);
363
364
0
    asn1_object_dump(obj, namebuf, sizeof(namebuf));
365
366
0
    if(!X509V3_EXT_print(bio_out, ext, 0, 0))
367
0
      ASN1_STRING_print(bio_out, (ASN1_STRING *)X509_EXTENSION_get_data(ext));
368
369
0
    BIO_get_mem_ptr(bio_out, &biomem);
370
0
    result = Curl_ssl_push_certinfo_len(data, certnum, namebuf, biomem->data,
371
0
                                        biomem->length);
372
0
    BIO_free(bio_out);
373
0
    if(result)
374
0
      break;
375
0
  }
376
0
  return result;
377
0
}
378
379
static CURLcode ossl_certchain(struct Curl_easy *data, SSL *ssl)
380
0
{
381
0
  CURLcode result;
382
0
  STACK_OF(X509) *sk;
383
0
  int i;
384
0
  numcert_t numcerts;
385
0
  BIO *mem;
386
387
0
  DEBUGASSERT(ssl);
388
389
0
  sk = SSL_get_peer_cert_chain(ssl);
390
0
  if(!sk) {
391
0
    return CURLE_OUT_OF_MEMORY;
392
0
  }
393
394
0
  numcerts = sk_X509_num(sk);
395
396
0
  result = Curl_ssl_init_certinfo(data, (int)numcerts);
397
0
  if(result)
398
0
    return result;
399
400
0
  mem = BIO_new(BIO_s_mem());
401
0
  if(!mem)
402
0
    result = CURLE_OUT_OF_MEMORY;
403
404
0
  for(i = 0; !result && (i < (int)numcerts); i++) {
405
0
    ASN1_INTEGER *num;
406
0
    X509 *x = sk_X509_value(sk, (ossl_valsize_t)i);
407
0
    EVP_PKEY *pubkey = NULL;
408
0
    int j;
409
0
    const ASN1_BIT_STRING *psig = NULL;
410
411
0
    X509_NAME_print_ex(mem, X509_get_subject_name(x), 0, XN_FLAG_ONELINE);
412
0
    result = push_certinfo(data, mem, "Subject", i);
413
0
    if(result)
414
0
      break;
415
416
0
    X509_NAME_print_ex(mem, X509_get_issuer_name(x), 0, XN_FLAG_ONELINE);
417
0
    result = push_certinfo(data, mem, "Issuer", i);
418
0
    if(result)
419
0
      break;
420
421
0
    BIO_printf(mem, "%lx", X509_get_version(x));
422
0
    result = push_certinfo(data, mem, "Version", i);
423
0
    if(result)
424
0
      break;
425
426
0
    num = X509_get_serialNumber(x);
427
0
    if(num->type == V_ASN1_NEG_INTEGER)
428
0
      BIO_puts(mem, "-");
429
0
    for(j = 0; j < num->length; j++)
430
0
      BIO_printf(mem, "%02x", num->data[j]);
431
0
    result = push_certinfo(data, mem, "Serial Number", i);
432
0
    if(result)
433
0
      break;
434
435
0
#ifdef HAVE_X509_GET0_EXTENSIONS
436
0
    {
437
0
      const X509_ALGOR *sigalg = NULL;
438
0
      X509_PUBKEY *xpubkey = NULL;
439
0
      ASN1_OBJECT *pubkeyoid = NULL;
440
441
0
      X509_get0_signature(&psig, &sigalg, x);
442
0
      if(sigalg) {
443
0
        const ASN1_OBJECT *sigalgoid = NULL;
444
0
        X509_ALGOR_get0(&sigalgoid, NULL, NULL, sigalg);
445
0
        i2a_ASN1_OBJECT(mem, sigalgoid);
446
0
        result = push_certinfo(data, mem, "Signature Algorithm", i);
447
0
        if(result)
448
0
          break;
449
0
      }
450
451
0
      xpubkey = X509_get_X509_PUBKEY(x);
452
0
      if(xpubkey) {
453
0
        X509_PUBKEY_get0_param(&pubkeyoid, NULL, NULL, NULL, xpubkey);
454
0
        if(pubkeyoid) {
455
0
          i2a_ASN1_OBJECT(mem, pubkeyoid);
456
0
          result = push_certinfo(data, mem, "Public Key Algorithm", i);
457
0
          if(result)
458
0
            break;
459
0
        }
460
0
      }
461
462
0
      result = X509V3_ext(data, i, X509_get0_extensions(x));
463
0
      if(result)
464
0
        break;
465
0
    }
466
#else
467
    {
468
      /* before OpenSSL 1.0.2 */
469
      X509_CINF *cinf = x->cert_info;
470
471
      i2a_ASN1_OBJECT(mem, cinf->signature->algorithm);
472
      result = push_certinfo(data, mem, "Signature Algorithm", i);
473
474
      if(!result) {
475
        i2a_ASN1_OBJECT(mem, cinf->key->algor->algorithm);
476
        result = push_certinfo(data, mem, "Public Key Algorithm", i);
477
      }
478
479
      if(!result)
480
        result = X509V3_ext(data, i, cinf->extensions);
481
482
      if(result)
483
        break;
484
485
      psig = x->signature;
486
    }
487
#endif
488
489
0
    ASN1_TIME_print(mem, X509_get0_notBefore(x));
490
0
    result = push_certinfo(data, mem, "Start date", i);
491
0
    if(result)
492
0
      break;
493
494
0
    ASN1_TIME_print(mem, X509_get0_notAfter(x));
495
0
    result = push_certinfo(data, mem, "Expire date", i);
496
0
    if(result)
497
0
      break;
498
499
0
    pubkey = X509_get_pubkey(x);
500
0
    if(!pubkey)
501
0
      infof(data, "   Unable to load public key");
502
0
    else {
503
0
      int pktype;
504
0
#ifdef HAVE_OPAQUE_EVP_PKEY
505
0
      pktype = EVP_PKEY_id(pubkey);
506
#else
507
      pktype = pubkey->type;
508
#endif
509
0
      switch(pktype) {
510
0
      case EVP_PKEY_RSA: {
511
0
#ifndef HAVE_EVP_PKEY_GET_PARAMS
512
0
        RSA *rsa;
513
0
#ifdef HAVE_OPAQUE_EVP_PKEY
514
0
        rsa = EVP_PKEY_get0_RSA(pubkey);
515
#else
516
        rsa = pubkey->pkey.rsa;
517
#endif /* HAVE_OPAQUE_EVP_PKEY */
518
0
#endif /* !HAVE_EVP_PKEY_GET_PARAMS */
519
520
0
        {
521
0
#ifdef HAVE_OPAQUE_RSA_DSA_DH
522
0
          DECLARE_PKEY_PARAM_BIGNUM(n);
523
0
          DECLARE_PKEY_PARAM_BIGNUM(e);
524
#ifdef HAVE_EVP_PKEY_GET_PARAMS
525
          EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_RSA_N, &n);
526
          EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_RSA_E, &e);
527
#else
528
0
          RSA_get0_key(rsa, &n, &e, NULL);
529
0
#endif /* HAVE_EVP_PKEY_GET_PARAMS */
530
0
          BIO_printf(mem, "%d", n ? BN_num_bits(n) : 0);
531
#else
532
          BIO_printf(mem, "%d", rsa->n ? BN_num_bits(rsa->n) : 0);
533
#endif /* HAVE_OPAQUE_RSA_DSA_DH */
534
0
          result = push_certinfo(data, mem, "RSA Public Key", i);
535
0
          if(result)
536
0
            break;
537
0
          print_pubkey_BN(rsa, n, i);
538
0
          print_pubkey_BN(rsa, e, i);
539
0
          FREE_PKEY_PARAM_BIGNUM(n);
540
0
          FREE_PKEY_PARAM_BIGNUM(e);
541
0
        }
542
543
0
        break;
544
0
      }
545
0
      case EVP_PKEY_DSA:
546
0
      {
547
0
#ifndef OPENSSL_NO_DSA
548
0
#ifndef HAVE_EVP_PKEY_GET_PARAMS
549
0
        DSA *dsa;
550
0
#ifdef HAVE_OPAQUE_EVP_PKEY
551
0
        dsa = EVP_PKEY_get0_DSA(pubkey);
552
#else
553
        dsa = pubkey->pkey.dsa;
554
#endif /* HAVE_OPAQUE_EVP_PKEY */
555
0
#endif /* !HAVE_EVP_PKEY_GET_PARAMS */
556
0
        {
557
0
#ifdef HAVE_OPAQUE_RSA_DSA_DH
558
0
          DECLARE_PKEY_PARAM_BIGNUM(p);
559
0
          DECLARE_PKEY_PARAM_BIGNUM(q);
560
0
          DECLARE_PKEY_PARAM_BIGNUM(g);
561
0
          DECLARE_PKEY_PARAM_BIGNUM(pub_key);
562
#ifdef HAVE_EVP_PKEY_GET_PARAMS
563
          EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_FFC_P, &p);
564
          EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_FFC_Q, &q);
565
          EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_FFC_G, &g);
566
          EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_PUB_KEY, &pub_key);
567
#else
568
0
          DSA_get0_pqg(dsa, &p, &q, &g);
569
0
          DSA_get0_key(dsa, &pub_key, NULL);
570
0
#endif /* HAVE_EVP_PKEY_GET_PARAMS */
571
0
#endif /* HAVE_OPAQUE_RSA_DSA_DH */
572
0
          print_pubkey_BN(dsa, p, i);
573
0
          print_pubkey_BN(dsa, q, i);
574
0
          print_pubkey_BN(dsa, g, i);
575
0
          print_pubkey_BN(dsa, pub_key, i);
576
0
          FREE_PKEY_PARAM_BIGNUM(p);
577
0
          FREE_PKEY_PARAM_BIGNUM(q);
578
0
          FREE_PKEY_PARAM_BIGNUM(g);
579
0
          FREE_PKEY_PARAM_BIGNUM(pub_key);
580
0
        }
581
0
#endif /* !OPENSSL_NO_DSA */
582
0
        break;
583
0
      }
584
0
      case EVP_PKEY_DH: {
585
0
#ifndef HAVE_EVP_PKEY_GET_PARAMS
586
0
        DH *dh;
587
0
#ifdef HAVE_OPAQUE_EVP_PKEY
588
0
        dh = EVP_PKEY_get0_DH(pubkey);
589
#else
590
        dh = pubkey->pkey.dh;
591
#endif /* HAVE_OPAQUE_EVP_PKEY */
592
0
#endif /* !HAVE_EVP_PKEY_GET_PARAMS */
593
0
        {
594
0
#ifdef HAVE_OPAQUE_RSA_DSA_DH
595
0
          DECLARE_PKEY_PARAM_BIGNUM(p);
596
0
          DECLARE_PKEY_PARAM_BIGNUM(q);
597
0
          DECLARE_PKEY_PARAM_BIGNUM(g);
598
0
          DECLARE_PKEY_PARAM_BIGNUM(pub_key);
599
#ifdef HAVE_EVP_PKEY_GET_PARAMS
600
          EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_FFC_P, &p);
601
          EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_FFC_Q, &q);
602
          EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_FFC_G, &g);
603
          EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_PUB_KEY, &pub_key);
604
#else
605
0
          DH_get0_pqg(dh, &p, &q, &g);
606
0
          DH_get0_key(dh, &pub_key, NULL);
607
0
#endif /* HAVE_EVP_PKEY_GET_PARAMS */
608
0
          print_pubkey_BN(dh, p, i);
609
0
          print_pubkey_BN(dh, q, i);
610
0
          print_pubkey_BN(dh, g, i);
611
#else
612
          print_pubkey_BN(dh, p, i);
613
          print_pubkey_BN(dh, g, i);
614
#endif /* HAVE_OPAQUE_RSA_DSA_DH */
615
0
          print_pubkey_BN(dh, pub_key, i);
616
0
          FREE_PKEY_PARAM_BIGNUM(p);
617
0
          FREE_PKEY_PARAM_BIGNUM(q);
618
0
          FREE_PKEY_PARAM_BIGNUM(g);
619
0
          FREE_PKEY_PARAM_BIGNUM(pub_key);
620
0
        }
621
0
        break;
622
0
      }
623
0
      }
624
0
      EVP_PKEY_free(pubkey);
625
0
    }
626
627
0
    if(!result && psig) {
628
0
      for(j = 0; j < psig->length; j++)
629
0
        BIO_printf(mem, "%02x:", psig->data[j]);
630
0
      result = push_certinfo(data, mem, "Signature", i);
631
0
    }
632
633
0
    if(!result) {
634
0
      PEM_write_bio_X509(mem, x);
635
0
      result = push_certinfo(data, mem, "Cert", i);
636
0
    }
637
0
  }
638
639
0
  BIO_free(mem);
640
641
0
  if(result)
642
    /* cleanup all leftovers */
643
0
    Curl_ssl_free_certinfo(data);
644
645
0
  return result;
646
0
}
647
648
#endif /* quiche or OpenSSL */
649
650
#ifdef USE_OPENSSL
651
652
#if OPENSSL_VERSION_NUMBER < 0x10100000L
653
#define BIO_set_init(x,v)          ((x)->init=(v))
654
#define BIO_get_data(x)            ((x)->ptr)
655
#define BIO_set_data(x,v)          ((x)->ptr=(v))
656
#define BIO_get_shutdown(x)        ((x)->shutdown)
657
#define BIO_set_shutdown(x,v)      ((x)->shutdown=(v))
658
#endif /* HAVE_PRE_1_1_API */
659
660
static int ossl_bio_cf_create(BIO *bio)
661
21
{
662
21
  BIO_set_shutdown(bio, 1);
663
21
  BIO_set_init(bio, 1);
664
#if OPENSSL_VERSION_NUMBER < 0x10100000L
665
  bio->num = -1;
666
#endif
667
21
  BIO_set_data(bio, NULL);
668
21
  return 1;
669
21
}
670
671
static int ossl_bio_cf_destroy(BIO *bio)
672
21
{
673
21
  if(!bio)
674
0
    return 0;
675
21
  return 1;
676
21
}
677
678
static long ossl_bio_cf_ctrl(BIO *bio, int cmd, long num, void *ptr)
679
131
{
680
131
  struct Curl_cfilter *cf = BIO_get_data(bio);
681
131
  long ret = 1;
682
683
131
  (void)cf;
684
131
  (void)ptr;
685
131
  switch(cmd) {
686
0
  case BIO_CTRL_GET_CLOSE:
687
0
    ret = (long)BIO_get_shutdown(bio);
688
0
    break;
689
0
  case BIO_CTRL_SET_CLOSE:
690
0
    BIO_set_shutdown(bio, (int)num);
691
0
    break;
692
59
  case BIO_CTRL_FLUSH:
693
    /* we do no delayed writes, but if we ever would, this
694
     * needs to trigger it. */
695
59
    ret = 1;
696
59
    break;
697
0
  case BIO_CTRL_DUP:
698
0
    ret = 1;
699
0
    break;
700
0
#ifdef BIO_CTRL_EOF
701
0
  case BIO_CTRL_EOF: {
702
    /* EOF has been reached on input? */
703
0
    struct ssl_connect_data *connssl = cf->ctx;
704
0
    return connssl->peer_closed;
705
0
  }
706
0
#endif
707
72
  default:
708
72
    ret = 0;
709
72
    break;
710
131
  }
711
131
  return ret;
712
131
}
713
714
static int ossl_bio_cf_out_write(BIO *bio, const char *buf, int blen)
715
95
{
716
95
  struct Curl_cfilter *cf = BIO_get_data(bio);
717
95
  struct ssl_connect_data *connssl = cf->ctx;
718
95
  struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend;
719
95
  struct Curl_easy *data = CF_DATA_CURRENT(cf);
720
95
  ssize_t nwritten;
721
95
  CURLcode result = CURLE_SEND_ERROR;
722
723
95
  DEBUGASSERT(data);
724
95
  if(blen < 0)
725
0
    return 0;
726
727
95
  nwritten = Curl_conn_cf_send(cf->next, data, buf, (size_t)blen, FALSE,
728
95
                               &result);
729
95
  CURL_TRC_CF(data, cf, "ossl_bio_cf_out_write(len=%d) -> %d, err=%d",
730
95
              blen, (int)nwritten, result);
731
95
  BIO_clear_retry_flags(bio);
732
95
  octx->io_result = result;
733
95
  if(nwritten < 0) {
734
1
    if(CURLE_AGAIN == result)
735
0
      BIO_set_retry_write(bio);
736
1
  }
737
95
  return (int)nwritten;
738
95
}
739
740
static int ossl_bio_cf_in_read(BIO *bio, char *buf, int blen)
741
478
{
742
478
  struct Curl_cfilter *cf = BIO_get_data(bio);
743
478
  struct ssl_connect_data *connssl = cf->ctx;
744
478
  struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend;
745
478
  struct Curl_easy *data = CF_DATA_CURRENT(cf);
746
478
  ssize_t nread;
747
478
  CURLcode result = CURLE_RECV_ERROR;
748
749
478
  DEBUGASSERT(data);
750
  /* OpenSSL catches this case, so should we. */
751
478
  if(!buf)
752
0
    return 0;
753
478
  if(blen < 0)
754
0
    return 0;
755
756
478
  nread = Curl_conn_cf_recv(cf->next, data, buf, (size_t)blen, &result);
757
478
  CURL_TRC_CF(data, cf, "ossl_bio_cf_in_read(len=%d) -> %d, err=%d",
758
478
              blen, (int)nread, result);
759
478
  BIO_clear_retry_flags(bio);
760
478
  octx->io_result = result;
761
478
  if(nread < 0) {
762
145
    if(CURLE_AGAIN == result)
763
145
      BIO_set_retry_read(bio);
764
145
  }
765
333
  else if(nread == 0) {
766
3
    connssl->peer_closed = TRUE;
767
3
  }
768
769
  /* Before returning server replies to the SSL instance, we need
770
   * to have setup the x509 store or verification will fail. */
771
478
  if(!octx->x509_store_setup) {
772
21
    result = Curl_ssl_setup_x509_store(cf, data, octx->ssl_ctx);
773
21
    if(result) {
774
0
      octx->io_result = result;
775
0
      return -1;
776
0
    }
777
21
    octx->x509_store_setup = TRUE;
778
21
  }
779
780
478
  return (int)nread;
781
478
}
782
783
#if OPENSSL_VERSION_NUMBER < 0x10100000L
784
785
static BIO_METHOD ossl_bio_cf_meth_1_0 = {
786
  BIO_TYPE_MEM,
787
  "OpenSSL CF BIO",
788
  ossl_bio_cf_out_write,
789
  ossl_bio_cf_in_read,
790
  NULL,                    /* puts is never called */
791
  NULL,                    /* gets is never called */
792
  ossl_bio_cf_ctrl,
793
  ossl_bio_cf_create,
794
  ossl_bio_cf_destroy,
795
  NULL
796
};
797
798
static BIO_METHOD *ossl_bio_cf_method_create(void)
799
{
800
  return &ossl_bio_cf_meth_1_0;
801
}
802
803
#define ossl_bio_cf_method_free(m) Curl_nop_stmt
804
805
#else
806
807
static BIO_METHOD *ossl_bio_cf_method_create(void)
808
21
{
809
21
  BIO_METHOD *m = BIO_meth_new(BIO_TYPE_MEM, "OpenSSL CF BIO");
810
21
  if(m) {
811
21
    BIO_meth_set_write(m, &ossl_bio_cf_out_write);
812
21
    BIO_meth_set_read(m, &ossl_bio_cf_in_read);
813
21
    BIO_meth_set_ctrl(m, &ossl_bio_cf_ctrl);
814
21
    BIO_meth_set_create(m, &ossl_bio_cf_create);
815
21
    BIO_meth_set_destroy(m, &ossl_bio_cf_destroy);
816
21
  }
817
21
  return m;
818
21
}
819
820
static void ossl_bio_cf_method_free(BIO_METHOD *m)
821
21
{
822
21
  if(m)
823
21
    BIO_meth_free(m);
824
21
}
825
826
#endif
827
828
829
#ifdef HAVE_KEYLOG_CALLBACK
830
static void ossl_keylog_callback(const SSL *ssl, const char *line)
831
0
{
832
0
  (void)ssl;
833
834
0
  Curl_tls_keylog_write_line(line);
835
0
}
836
#else
837
/*
838
 * ossl_log_tls12_secret is called by libcurl to make the CLIENT_RANDOMs if the
839
 * OpenSSL being used does not have native support for doing that.
840
 */
841
static void
842
ossl_log_tls12_secret(const SSL *ssl, bool *keylog_done)
843
{
844
  const SSL_SESSION *session = SSL_get_session(ssl);
845
  unsigned char client_random[SSL3_RANDOM_SIZE];
846
  unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
847
  int master_key_length = 0;
848
849
  if(!session || *keylog_done)
850
    return;
851
852
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
853
  /* ssl->s3 is not checked in OpenSSL 1.1.0-pre6, but let's assume that
854
   * we have a valid SSL context if we have a non-NULL session. */
855
  SSL_get_client_random(ssl, client_random, SSL3_RANDOM_SIZE);
856
  master_key_length = (int)
857
    SSL_SESSION_get_master_key(session, master_key, SSL_MAX_MASTER_KEY_LENGTH);
858
#else
859
  if(ssl->s3 && session->master_key_length > 0) {
860
    master_key_length = session->master_key_length;
861
    memcpy(master_key, session->master_key, session->master_key_length);
862
    memcpy(client_random, ssl->s3->client_random, SSL3_RANDOM_SIZE);
863
  }
864
#endif
865
866
  /* The handshake has not progressed sufficiently yet, or this is a TLS 1.3
867
   * session (when curl was built with older OpenSSL headers and running with
868
   * newer OpenSSL runtime libraries). */
869
  if(master_key_length <= 0)
870
    return;
871
872
  *keylog_done = TRUE;
873
  Curl_tls_keylog_write("CLIENT_RANDOM", client_random,
874
                        master_key, master_key_length);
875
}
876
#endif /* !HAVE_KEYLOG_CALLBACK */
877
878
static const char *SSL_ERROR_to_str(int err)
879
0
{
880
0
  switch(err) {
881
0
  case SSL_ERROR_NONE:
882
0
    return "SSL_ERROR_NONE";
883
0
  case SSL_ERROR_SSL:
884
0
    return "SSL_ERROR_SSL";
885
0
  case SSL_ERROR_WANT_READ:
886
0
    return "SSL_ERROR_WANT_READ";
887
0
  case SSL_ERROR_WANT_WRITE:
888
0
    return "SSL_ERROR_WANT_WRITE";
889
0
  case SSL_ERROR_WANT_X509_LOOKUP:
890
0
    return "SSL_ERROR_WANT_X509_LOOKUP";
891
0
  case SSL_ERROR_SYSCALL:
892
0
    return "SSL_ERROR_SYSCALL";
893
0
  case SSL_ERROR_ZERO_RETURN:
894
0
    return "SSL_ERROR_ZERO_RETURN";
895
0
  case SSL_ERROR_WANT_CONNECT:
896
0
    return "SSL_ERROR_WANT_CONNECT";
897
0
  case SSL_ERROR_WANT_ACCEPT:
898
0
    return "SSL_ERROR_WANT_ACCEPT";
899
0
#ifdef SSL_ERROR_WANT_ASYNC
900
0
  case SSL_ERROR_WANT_ASYNC:
901
0
    return "SSL_ERROR_WANT_ASYNC";
902
0
#endif
903
0
#ifdef SSL_ERROR_WANT_ASYNC_JOB
904
0
  case SSL_ERROR_WANT_ASYNC_JOB:
905
0
    return "SSL_ERROR_WANT_ASYNC_JOB";
906
0
#endif
907
#ifdef SSL_ERROR_WANT_EARLY
908
  case SSL_ERROR_WANT_EARLY:
909
    return "SSL_ERROR_WANT_EARLY";
910
#endif
911
0
  default:
912
0
    return "SSL_ERROR unknown";
913
0
  }
914
0
}
915
916
/* Return error string for last OpenSSL error
917
 */
918
static char *ossl_strerror(unsigned long error, char *buf, size_t size)
919
0
{
920
0
  size_t len;
921
0
  DEBUGASSERT(size);
922
0
  *buf = '\0';
923
924
0
  len = Curl_ossl_version(buf, size);
925
0
  DEBUGASSERT(len < (size - 2));
926
0
  if(len < (size - 2)) {
927
0
    buf += len;
928
0
    size -= (len + 2);
929
0
    *buf++ = ':';
930
0
    *buf++ = ' ';
931
0
    *buf = '\0';
932
0
  }
933
934
#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
935
  ERR_error_string_n((uint32_t)error, buf, size);
936
#else
937
0
  ERR_error_string_n(error, buf, size);
938
0
#endif
939
940
0
  if(!*buf) {
941
0
    const char *msg = error ? "Unknown error" : "No error";
942
0
    if(strlen(msg) < size)
943
0
      strcpy(buf, msg);
944
0
  }
945
946
0
  return buf;
947
0
}
948
949
static int passwd_callback(char *buf, int num, int encrypting,
950
                           void *password)
951
0
{
952
0
  DEBUGASSERT(0 == encrypting);
953
954
0
  if(!encrypting && num >= 0 && password) {
955
0
    int klen = curlx_uztosi(strlen((char *)password));
956
0
    if(num > klen) {
957
0
      memcpy(buf, password, klen + 1);
958
0
      return klen;
959
0
    }
960
0
  }
961
0
  return 0;
962
0
}
963
964
/*
965
 * rand_enough() returns TRUE if we have seeded the random engine properly.
966
 */
967
static bool rand_enough(void)
968
9
{
969
9
  return 0 != RAND_status();
970
9
}
971
972
static CURLcode ossl_seed(struct Curl_easy *data)
973
21
{
974
  /* This might get called before it has been added to a multi handle */
975
21
  if(data->multi && data->multi->ssl_seeded)
976
12
    return CURLE_OK;
977
978
9
  if(rand_enough()) {
979
    /* OpenSSL 1.1.0+ should return here */
980
9
    if(data->multi)
981
9
      data->multi->ssl_seeded = TRUE;
982
9
    return CURLE_OK;
983
9
  }
984
0
#ifdef HAVE_RANDOM_INIT_BY_DEFAULT
985
  /* with OpenSSL 1.1.0+, a failed RAND_status is a showstopper */
986
0
  failf(data, "Insufficient randomness");
987
0
  return CURLE_SSL_CONNECT_ERROR;
988
#else
989
990
  /* fallback to a custom seeding of the PRNG using a hash based on a current
991
     time */
992
  do {
993
    unsigned char randb[64];
994
    size_t len = sizeof(randb);
995
    size_t i, i_max;
996
    for(i = 0, i_max = len / sizeof(struct curltime); i < i_max; ++i) {
997
      struct curltime tv = curlx_now();
998
      Curl_wait_ms(1);
999
      tv.tv_sec *= (time_t)i + 1;
1000
      tv.tv_usec *= (int)i + 2;
1001
      tv.tv_sec ^= ((curlx_now().tv_sec + (time_t)curlx_now().tv_usec) *
1002
                    (time_t)(i + 3)) << 8;
1003
      tv.tv_usec ^= (int) ((curlx_now().tv_sec + (time_t)curlx_now().tv_usec) *
1004
                           (time_t)(i + 4)) << 16;
1005
      memcpy(&randb[i * sizeof(struct curltime)], &tv,
1006
             sizeof(struct curltime));
1007
    }
1008
    RAND_add(randb, (int)len, (double)len/2);
1009
  } while(!rand_enough());
1010
1011
  /*
1012
   * Number of bytes to read from the random number seed file. This must be
1013
   * a finite value (because some entropy "files" like /dev/urandom have
1014
   * an infinite length), but must be large enough to provide enough
1015
   * entropy to properly seed OpenSSL's PRNG.
1016
   */
1017
#  define RAND_LOAD_LENGTH 1024
1018
1019
  {
1020
    /* generates a default path for the random seed file */
1021
    char fname[256];
1022
    fname[0] = 0; /* blank it first */
1023
    RAND_file_name(fname, sizeof(fname));
1024
    if(fname[0]) {
1025
      /* we got a filename to try */
1026
      RAND_load_file(fname, RAND_LOAD_LENGTH);
1027
      if(rand_enough())
1028
        return CURLE_OK;
1029
    }
1030
  }
1031
1032
  infof(data, "libcurl is now using a weak random seed");
1033
  return rand_enough() ? CURLE_OK :
1034
         CURLE_SSL_CONNECT_ERROR; /* confusing error code */
1035
#endif
1036
9
}
1037
1038
#ifndef SSL_FILETYPE_ENGINE
1039
0
#define SSL_FILETYPE_ENGINE 42
1040
#endif
1041
#ifndef SSL_FILETYPE_PKCS12
1042
0
#define SSL_FILETYPE_PKCS12 43
1043
#endif
1044
#ifndef SSL_FILETYPE_PROVIDER
1045
0
#define SSL_FILETYPE_PROVIDER 44
1046
#endif
1047
static int ossl_do_file_type(const char *type)
1048
0
{
1049
0
  if(!type || !type[0])
1050
0
    return SSL_FILETYPE_PEM;
1051
0
  if(strcasecompare(type, "PEM"))
1052
0
    return SSL_FILETYPE_PEM;
1053
0
  if(strcasecompare(type, "DER"))
1054
0
    return SSL_FILETYPE_ASN1;
1055
0
  if(strcasecompare(type, "PROV"))
1056
0
    return SSL_FILETYPE_PROVIDER;
1057
0
  if(strcasecompare(type, "ENG"))
1058
0
    return SSL_FILETYPE_ENGINE;
1059
0
  if(strcasecompare(type, "P12"))
1060
0
    return SSL_FILETYPE_PKCS12;
1061
0
  return -1;
1062
0
}
1063
1064
#if defined(USE_OPENSSL_ENGINE) || defined(OPENSSL_HAS_PROVIDERS)
1065
/*
1066
 * Supply default password to the engine user interface conversation.
1067
 * The password is passed by OpenSSL engine from ENGINE_load_private_key()
1068
 * last argument to the ui and can be obtained by UI_get0_user_data(ui) here.
1069
 */
1070
static int ssl_ui_reader(UI *ui, UI_STRING *uis)
1071
0
{
1072
0
  const char *password;
1073
0
  switch(UI_get_string_type(uis)) {
1074
0
  case UIT_PROMPT:
1075
0
  case UIT_VERIFY:
1076
0
    password = (const char *)UI_get0_user_data(ui);
1077
0
    if(password && (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD)) {
1078
0
      UI_set_result(ui, uis, password);
1079
0
      return 1;
1080
0
    }
1081
0
    FALLTHROUGH();
1082
0
  default:
1083
0
    break;
1084
0
  }
1085
0
  return (UI_method_get_reader(UI_OpenSSL()))(ui, uis);
1086
0
}
1087
1088
/*
1089
 * Suppress interactive request for a default password if available.
1090
 */
1091
static int ssl_ui_writer(UI *ui, UI_STRING *uis)
1092
0
{
1093
0
  switch(UI_get_string_type(uis)) {
1094
0
  case UIT_PROMPT:
1095
0
  case UIT_VERIFY:
1096
0
    if(UI_get0_user_data(ui) &&
1097
0
       (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD)) {
1098
0
      return 1;
1099
0
    }
1100
0
    FALLTHROUGH();
1101
0
  default:
1102
0
    break;
1103
0
  }
1104
0
  return (UI_method_get_writer(UI_OpenSSL()))(ui, uis);
1105
0
}
1106
1107
/*
1108
 * Check if a given string is a PKCS#11 URI
1109
 */
1110
static bool is_pkcs11_uri(const char *string)
1111
0
{
1112
0
  return string && strncasecompare(string, "pkcs11:", 7);
1113
0
}
1114
1115
#endif
1116
1117
static CURLcode ossl_set_engine(struct Curl_easy *data, const char *engine);
1118
#if defined(OPENSSL_HAS_PROVIDERS)
1119
static CURLcode ossl_set_provider(struct Curl_easy *data,
1120
                                  const char *provider);
1121
#endif
1122
1123
static int use_certificate_blob(SSL_CTX *ctx, const struct curl_blob *blob,
1124
                                int type, const char *key_passwd)
1125
0
{
1126
0
  int ret = 0;
1127
0
  X509 *x = NULL;
1128
  /* the typecast of blob->len is fine since it is guaranteed to never be
1129
     larger than CURL_MAX_INPUT_LENGTH */
1130
0
  BIO *in = BIO_new_mem_buf(blob->data, (int)(blob->len));
1131
0
  if(!in)
1132
0
    return CURLE_OUT_OF_MEMORY;
1133
1134
0
  if(type == SSL_FILETYPE_ASN1) {
1135
    /* j = ERR_R_ASN1_LIB; */
1136
0
    x = d2i_X509_bio(in, NULL);
1137
0
  }
1138
0
  else if(type == SSL_FILETYPE_PEM) {
1139
    /* ERR_R_PEM_LIB; */
1140
0
    x = PEM_read_bio_X509(in, NULL,
1141
0
                          passwd_callback, CURL_UNCONST(key_passwd));
1142
0
  }
1143
0
  else {
1144
0
    ret = 0;
1145
0
    goto end;
1146
0
  }
1147
1148
0
  if(!x) {
1149
0
    ret = 0;
1150
0
    goto end;
1151
0
  }
1152
1153
0
  ret = SSL_CTX_use_certificate(ctx, x);
1154
0
end:
1155
0
  X509_free(x);
1156
0
  BIO_free(in);
1157
0
  return ret;
1158
0
}
1159
1160
static int use_privatekey_blob(SSL_CTX *ctx, const struct curl_blob *blob,
1161
                               int type, const char *key_passwd)
1162
0
{
1163
0
  int ret = 0;
1164
0
  EVP_PKEY *pkey = NULL;
1165
0
  BIO *in = BIO_new_mem_buf(blob->data, (int)(blob->len));
1166
0
  if(!in)
1167
0
    return CURLE_OUT_OF_MEMORY;
1168
1169
0
  if(type == SSL_FILETYPE_PEM)
1170
0
    pkey = PEM_read_bio_PrivateKey(in, NULL, passwd_callback,
1171
0
                                   CURL_UNCONST(key_passwd));
1172
0
  else if(type == SSL_FILETYPE_ASN1)
1173
0
    pkey = d2i_PrivateKey_bio(in, NULL);
1174
0
  else
1175
0
    goto end;
1176
1177
0
  if(!pkey)
1178
0
    goto end;
1179
1180
0
  ret = SSL_CTX_use_PrivateKey(ctx, pkey);
1181
0
  EVP_PKEY_free(pkey);
1182
0
end:
1183
0
  BIO_free(in);
1184
0
  return ret;
1185
0
}
1186
1187
static int
1188
use_certificate_chain_blob(SSL_CTX *ctx, const struct curl_blob *blob,
1189
                           const char *key_passwd)
1190
0
{
1191
0
  int ret = 0;
1192
0
  X509 *x = NULL;
1193
0
  BIO *in = BIO_new_mem_buf(blob->data, (int)(blob->len));
1194
0
  if(!in)
1195
0
    return CURLE_OUT_OF_MEMORY;
1196
1197
0
  ERR_clear_error();
1198
1199
0
  x = PEM_read_bio_X509_AUX(in, NULL,
1200
0
                            passwd_callback, CURL_UNCONST(key_passwd));
1201
0
  if(!x)
1202
0
    goto end;
1203
1204
0
  ret = SSL_CTX_use_certificate(ctx, x);
1205
1206
0
  if(ERR_peek_error() != 0)
1207
0
    ret = 0;
1208
1209
0
  if(ret) {
1210
0
    X509 *ca;
1211
0
    sslerr_t err;
1212
1213
0
    if(!SSL_CTX_clear_chain_certs(ctx)) {
1214
0
      ret = 0;
1215
0
      goto end;
1216
0
    }
1217
1218
0
    while((ca = PEM_read_bio_X509(in, NULL, passwd_callback,
1219
0
                                  CURL_UNCONST(key_passwd)))
1220
0
          != NULL) {
1221
1222
0
      if(!SSL_CTX_add0_chain_cert(ctx, ca)) {
1223
0
        X509_free(ca);
1224
0
        ret = 0;
1225
0
        goto end;
1226
0
      }
1227
0
    }
1228
1229
0
    err = ERR_peek_last_error();
1230
0
    if((ERR_GET_LIB(err) == ERR_LIB_PEM) &&
1231
0
       (ERR_GET_REASON(err) == PEM_R_NO_START_LINE))
1232
0
      ERR_clear_error();
1233
0
    else
1234
0
      ret = 0;
1235
0
  }
1236
1237
0
end:
1238
0
  X509_free(x);
1239
0
  BIO_free(in);
1240
0
  return ret;
1241
0
}
1242
1243
static
1244
int cert_stuff(struct Curl_easy *data,
1245
               SSL_CTX* ctx,
1246
               char *cert_file,
1247
               const struct curl_blob *cert_blob,
1248
               const char *cert_type,
1249
               char *key_file,
1250
               const struct curl_blob *key_blob,
1251
               const char *key_type,
1252
               char *key_passwd)
1253
0
{
1254
0
  char error_buffer[256];
1255
0
  bool check_privkey = TRUE;
1256
1257
0
  int file_type = ossl_do_file_type(cert_type);
1258
1259
0
  if(cert_file || cert_blob || (file_type == SSL_FILETYPE_ENGINE) ||
1260
0
     (file_type == SSL_FILETYPE_PROVIDER)) {
1261
0
    SSL *ssl;
1262
0
    X509 *x509;
1263
0
    int cert_done = 0;
1264
0
    int cert_use_result;
1265
1266
0
    if(key_passwd) {
1267
      /* set the password in the callback userdata */
1268
0
      SSL_CTX_set_default_passwd_cb_userdata(ctx, key_passwd);
1269
      /* Set passwd callback: */
1270
0
      SSL_CTX_set_default_passwd_cb(ctx, passwd_callback);
1271
0
    }
1272
1273
1274
0
    switch(file_type) {
1275
0
    case SSL_FILETYPE_PEM:
1276
      /* SSL_CTX_use_certificate_chain_file() only works on PEM files */
1277
0
      cert_use_result = cert_blob ?
1278
0
        use_certificate_chain_blob(ctx, cert_blob, key_passwd) :
1279
0
        SSL_CTX_use_certificate_chain_file(ctx, cert_file);
1280
0
      if(cert_use_result != 1) {
1281
0
        failf(data,
1282
0
              "could not load PEM client certificate from %s, " OSSL_PACKAGE
1283
0
              " error %s, "
1284
0
              "(no key found, wrong pass phrase, or wrong file format?)",
1285
0
              (cert_blob ? "CURLOPT_SSLCERT_BLOB" : cert_file),
1286
0
              ossl_strerror(ERR_get_error(), error_buffer,
1287
0
                            sizeof(error_buffer)) );
1288
0
        return 0;
1289
0
      }
1290
0
      break;
1291
1292
0
    case SSL_FILETYPE_ASN1:
1293
      /* SSL_CTX_use_certificate_file() works with either PEM or ASN1, but
1294
         we use the case above for PEM so this can only be performed with
1295
         ASN1 files. */
1296
1297
0
      cert_use_result = cert_blob ?
1298
0
        use_certificate_blob(ctx, cert_blob, file_type, key_passwd) :
1299
0
      SSL_CTX_use_certificate_file(ctx, cert_file, file_type);
1300
0
      if(cert_use_result != 1) {
1301
0
        failf(data,
1302
0
              "could not load ASN1 client certificate from %s, " OSSL_PACKAGE
1303
0
              " error %s, "
1304
0
              "(no key found, wrong pass phrase, or wrong file format?)",
1305
0
              (cert_blob ? "CURLOPT_SSLCERT_BLOB" : cert_file),
1306
0
              ossl_strerror(ERR_get_error(), error_buffer,
1307
0
                            sizeof(error_buffer)) );
1308
0
        return 0;
1309
0
      }
1310
0
      break;
1311
0
    case SSL_FILETYPE_ENGINE:
1312
0
#if defined(USE_OPENSSL_ENGINE) && defined(ENGINE_CTRL_GET_CMD_FROM_NAME)
1313
0
    {
1314
      /* Implicitly use pkcs11 engine if none was provided and the
1315
       * cert_file is a PKCS#11 URI */
1316
0
      if(!data->state.engine) {
1317
0
        if(is_pkcs11_uri(cert_file)) {
1318
0
          if(ossl_set_engine(data, "pkcs11") != CURLE_OK) {
1319
0
            return 0;
1320
0
          }
1321
0
        }
1322
0
      }
1323
1324
0
      if(data->state.engine) {
1325
0
        const char *cmd_name = "LOAD_CERT_CTRL";
1326
0
        struct {
1327
0
          const char *cert_id;
1328
0
          X509 *cert;
1329
0
        } params;
1330
1331
0
        params.cert_id = cert_file;
1332
0
        params.cert = NULL;
1333
1334
        /* Does the engine supports LOAD_CERT_CTRL ? */
1335
0
        if(!ENGINE_ctrl(data->state.engine, ENGINE_CTRL_GET_CMD_FROM_NAME,
1336
0
                        0, CURL_UNCONST(cmd_name), NULL)) {
1337
0
          failf(data, "ssl engine does not support loading certificates");
1338
0
          return 0;
1339
0
        }
1340
1341
        /* Load the certificate from the engine */
1342
0
        if(!ENGINE_ctrl_cmd(data->state.engine, cmd_name,
1343
0
                            0, &params, NULL, 1)) {
1344
0
          failf(data, "ssl engine cannot load client cert with id"
1345
0
                " '%s' [%s]", cert_file,
1346
0
                ossl_strerror(ERR_get_error(), error_buffer,
1347
0
                              sizeof(error_buffer)));
1348
0
          return 0;
1349
0
        }
1350
1351
0
        if(!params.cert) {
1352
0
          failf(data, "ssl engine did not initialized the certificate "
1353
0
                "properly.");
1354
0
          return 0;
1355
0
        }
1356
1357
0
        if(SSL_CTX_use_certificate(ctx, params.cert) != 1) {
1358
0
          failf(data, "unable to set client certificate [%s]",
1359
0
                ossl_strerror(ERR_get_error(), error_buffer,
1360
0
                              sizeof(error_buffer)));
1361
0
          return 0;
1362
0
        }
1363
0
        X509_free(params.cert); /* we do not need the handle any more... */
1364
0
      }
1365
0
      else {
1366
0
        failf(data, "crypto engine not set, cannot load certificate");
1367
0
        return 0;
1368
0
      }
1369
0
    }
1370
0
    break;
1371
0
#endif
1372
#if defined(OPENSSL_HAS_PROVIDERS)
1373
      /* fall through to compatible provider */
1374
    case SSL_FILETYPE_PROVIDER:
1375
    {
1376
      /* Implicitly use pkcs11 provider if none was provided and the
1377
       * cert_file is a PKCS#11 URI */
1378
      if(!data->state.provider) {
1379
        if(is_pkcs11_uri(cert_file)) {
1380
          if(ossl_set_provider(data, "pkcs11") != CURLE_OK) {
1381
            return 0;
1382
          }
1383
        }
1384
      }
1385
1386
      if(data->state.provider) {
1387
        /* Load the certificate from the provider */
1388
        OSSL_STORE_INFO *info = NULL;
1389
        X509 *cert = NULL;
1390
        OSSL_STORE_CTX *store =
1391
          OSSL_STORE_open_ex(cert_file, data->state.libctx,
1392
                             NULL, NULL, NULL, NULL, NULL, NULL);
1393
        if(!store) {
1394
          failf(data, "Failed to open OpenSSL store: %s",
1395
                ossl_strerror(ERR_get_error(), error_buffer,
1396
                              sizeof(error_buffer)));
1397
          return 0;
1398
        }
1399
        if(OSSL_STORE_expect(store, OSSL_STORE_INFO_CERT) != 1) {
1400
          failf(data, "Failed to set store preference. Ignoring the error: %s",
1401
                ossl_strerror(ERR_get_error(), error_buffer,
1402
                              sizeof(error_buffer)));
1403
        }
1404
1405
        info = OSSL_STORE_load(store);
1406
        if(info) {
1407
          int ossl_type = OSSL_STORE_INFO_get_type(info);
1408
1409
          if(ossl_type == OSSL_STORE_INFO_CERT)
1410
            cert = OSSL_STORE_INFO_get1_CERT(info);
1411
          OSSL_STORE_INFO_free(info);
1412
        }
1413
        OSSL_STORE_close(store);
1414
        if(!cert) {
1415
          failf(data, "No cert found in the openssl store: %s",
1416
                ossl_strerror(ERR_get_error(), error_buffer,
1417
                              sizeof(error_buffer)));
1418
          return 0;
1419
        }
1420
1421
        if(SSL_CTX_use_certificate(ctx, cert) != 1) {
1422
          failf(data, "unable to set client certificate [%s]",
1423
                ossl_strerror(ERR_get_error(), error_buffer,
1424
                              sizeof(error_buffer)));
1425
          return 0;
1426
        }
1427
        X509_free(cert); /* we do not need the handle any more... */
1428
      }
1429
      else {
1430
        failf(data, "crypto provider not set, cannot load certificate");
1431
        return 0;
1432
      }
1433
    }
1434
    break;
1435
#endif
1436
1437
0
    case SSL_FILETYPE_PKCS12:
1438
0
    {
1439
0
      BIO *cert_bio = NULL;
1440
0
      PKCS12 *p12 = NULL;
1441
0
      EVP_PKEY *pri;
1442
0
      STACK_OF(X509) *ca = NULL;
1443
0
      if(cert_blob) {
1444
0
        cert_bio = BIO_new_mem_buf(cert_blob->data, (int)(cert_blob->len));
1445
0
        if(!cert_bio) {
1446
0
          failf(data,
1447
0
                "BIO_new_mem_buf NULL, " OSSL_PACKAGE
1448
0
                " error %s",
1449
0
                ossl_strerror(ERR_get_error(), error_buffer,
1450
0
                              sizeof(error_buffer)) );
1451
0
          return 0;
1452
0
        }
1453
0
      }
1454
0
      else {
1455
0
        cert_bio = BIO_new(BIO_s_file());
1456
0
        if(!cert_bio) {
1457
0
          failf(data,
1458
0
                "BIO_new return NULL, " OSSL_PACKAGE
1459
0
                " error %s",
1460
0
                ossl_strerror(ERR_get_error(), error_buffer,
1461
0
                              sizeof(error_buffer)) );
1462
0
          return 0;
1463
0
        }
1464
1465
0
        if(BIO_read_filename(cert_bio, cert_file) <= 0) {
1466
0
          failf(data, "could not open PKCS12 file '%s'", cert_file);
1467
0
          BIO_free(cert_bio);
1468
0
          return 0;
1469
0
        }
1470
0
      }
1471
1472
0
      p12 = d2i_PKCS12_bio(cert_bio, NULL);
1473
0
      BIO_free(cert_bio);
1474
1475
0
      if(!p12) {
1476
0
        failf(data, "error reading PKCS12 file '%s'",
1477
0
              cert_blob ? "(memory blob)" : cert_file);
1478
0
        return 0;
1479
0
      }
1480
1481
0
      PKCS12_PBE_add();
1482
1483
0
      if(!PKCS12_parse(p12, key_passwd, &pri, &x509, &ca)) {
1484
0
        failf(data,
1485
0
              "could not parse PKCS12 file, check password, " OSSL_PACKAGE
1486
0
              " error %s",
1487
0
              ossl_strerror(ERR_get_error(), error_buffer,
1488
0
                            sizeof(error_buffer)) );
1489
0
        PKCS12_free(p12);
1490
0
        return 0;
1491
0
      }
1492
1493
0
      PKCS12_free(p12);
1494
1495
0
      if(SSL_CTX_use_certificate(ctx, x509) != 1) {
1496
0
        failf(data,
1497
0
              "could not load PKCS12 client certificate, " OSSL_PACKAGE
1498
0
              " error %s",
1499
0
              ossl_strerror(ERR_get_error(), error_buffer,
1500
0
                            sizeof(error_buffer)) );
1501
0
        goto fail;
1502
0
      }
1503
1504
0
      if(SSL_CTX_use_PrivateKey(ctx, pri) != 1) {
1505
0
        failf(data, "unable to use private key from PKCS12 file '%s'",
1506
0
              cert_file);
1507
0
        goto fail;
1508
0
      }
1509
1510
0
      if(!SSL_CTX_check_private_key (ctx)) {
1511
0
        failf(data, "private key from PKCS12 file '%s' "
1512
0
              "does not match certificate in same file", cert_file);
1513
0
        goto fail;
1514
0
      }
1515
      /* Set Certificate Verification chain */
1516
0
      if(ca) {
1517
0
        while(sk_X509_num(ca)) {
1518
          /*
1519
           * Note that sk_X509_pop() is used below to make sure the cert is
1520
           * removed from the stack properly before getting passed to
1521
           * SSL_CTX_add_extra_chain_cert(), which takes ownership. Previously
1522
           * we used sk_X509_value() instead, but then we would clean it in the
1523
           * subsequent sk_X509_pop_free() call.
1524
           */
1525
0
          X509 *x = sk_X509_pop(ca);
1526
0
          if(!SSL_CTX_add_client_CA(ctx, x)) {
1527
0
            X509_free(x);
1528
0
            failf(data, "cannot add certificate to client CA list");
1529
0
            goto fail;
1530
0
          }
1531
0
          if(!SSL_CTX_add_extra_chain_cert(ctx, x)) {
1532
0
            X509_free(x);
1533
0
            failf(data, "cannot add certificate to certificate chain");
1534
0
            goto fail;
1535
0
          }
1536
0
        }
1537
0
      }
1538
1539
0
      cert_done = 1;
1540
0
fail:
1541
0
      EVP_PKEY_free(pri);
1542
0
      X509_free(x509);
1543
0
      sk_X509_pop_free(ca, X509_free);
1544
0
      if(!cert_done)
1545
0
        return 0; /* failure! */
1546
0
      break;
1547
0
    }
1548
0
    default:
1549
0
      failf(data, "not supported file type '%s' for certificate", cert_type);
1550
0
      return 0;
1551
0
    }
1552
1553
0
    if((!key_file) && (!key_blob)) {
1554
0
      key_file = cert_file;
1555
0
      key_blob = cert_blob;
1556
0
    }
1557
0
    else
1558
0
      file_type = ossl_do_file_type(key_type);
1559
1560
0
    switch(file_type) {
1561
0
    case SSL_FILETYPE_PEM:
1562
0
      if(cert_done)
1563
0
        break;
1564
0
      FALLTHROUGH();
1565
0
    case SSL_FILETYPE_ASN1:
1566
0
      cert_use_result = key_blob ?
1567
0
        use_privatekey_blob(ctx, key_blob, file_type, key_passwd) :
1568
0
      SSL_CTX_use_PrivateKey_file(ctx, key_file, file_type);
1569
0
      if(cert_use_result != 1) {
1570
0
        failf(data, "unable to set private key file: '%s' type %s",
1571
0
              key_file ? key_file : "(memory blob)",
1572
0
              key_type ? key_type : "PEM");
1573
0
        return 0;
1574
0
      }
1575
0
      break;
1576
0
    case SSL_FILETYPE_ENGINE:
1577
0
#ifdef USE_OPENSSL_ENGINE
1578
0
    {
1579
0
      EVP_PKEY *priv_key = NULL;
1580
1581
      /* Implicitly use pkcs11 engine if none was provided and the
1582
       * key_file is a PKCS#11 URI */
1583
0
      if(!data->state.engine) {
1584
0
        if(is_pkcs11_uri(key_file)) {
1585
0
          if(ossl_set_engine(data, "pkcs11") != CURLE_OK) {
1586
0
            return 0;
1587
0
          }
1588
0
        }
1589
0
      }
1590
1591
0
      if(data->state.engine) {
1592
0
        UI_METHOD *ui_method =
1593
0
          UI_create_method(OSSL_UI_METHOD_CAST("curl user interface"));
1594
0
        if(!ui_method) {
1595
0
          failf(data, "unable do create " OSSL_PACKAGE
1596
0
                " user-interface method");
1597
0
          return 0;
1598
0
        }
1599
0
        UI_method_set_opener(ui_method, UI_method_get_opener(UI_OpenSSL()));
1600
0
        UI_method_set_closer(ui_method, UI_method_get_closer(UI_OpenSSL()));
1601
0
        UI_method_set_reader(ui_method, ssl_ui_reader);
1602
0
        UI_method_set_writer(ui_method, ssl_ui_writer);
1603
0
        priv_key = ENGINE_load_private_key(data->state.engine, key_file,
1604
0
                                           ui_method,
1605
0
                                           key_passwd);
1606
0
        UI_destroy_method(ui_method);
1607
0
        if(!priv_key) {
1608
0
          failf(data, "failed to load private key from crypto engine");
1609
0
          return 0;
1610
0
        }
1611
0
        if(SSL_CTX_use_PrivateKey(ctx, priv_key) != 1) {
1612
0
          failf(data, "unable to set private key");
1613
0
          EVP_PKEY_free(priv_key);
1614
0
          return 0;
1615
0
        }
1616
0
        EVP_PKEY_free(priv_key);  /* we do not need the handle any more... */
1617
0
      }
1618
0
      else {
1619
0
        failf(data, "crypto engine not set, cannot load private key");
1620
0
        return 0;
1621
0
      }
1622
0
    }
1623
0
    break;
1624
0
#endif
1625
#if defined(OPENSSL_HAS_PROVIDERS)
1626
      /* fall through to compatible provider */
1627
    case SSL_FILETYPE_PROVIDER:
1628
    {
1629
      /* Implicitly use pkcs11 provider if none was provided and the
1630
       * key_file is a PKCS#11 URI */
1631
      if(!data->state.provider) {
1632
        if(is_pkcs11_uri(key_file)) {
1633
          if(ossl_set_provider(data, "pkcs11") != CURLE_OK) {
1634
            return 0;
1635
          }
1636
        }
1637
      }
1638
1639
      if(data->state.provider) {
1640
        /* Load the private key from the provider */
1641
        EVP_PKEY *priv_key = NULL;
1642
        OSSL_STORE_CTX *store = NULL;
1643
        OSSL_STORE_INFO *info = NULL;
1644
        UI_METHOD *ui_method =
1645
          UI_create_method(OSSL_UI_METHOD_CAST("curl user interface"));
1646
        if(!ui_method) {
1647
          failf(data, "unable do create " OSSL_PACKAGE
1648
                " user-interface method");
1649
          return 0;
1650
        }
1651
        UI_method_set_opener(ui_method, UI_method_get_opener(UI_OpenSSL()));
1652
        UI_method_set_closer(ui_method, UI_method_get_closer(UI_OpenSSL()));
1653
        UI_method_set_reader(ui_method, ssl_ui_reader);
1654
        UI_method_set_writer(ui_method, ssl_ui_writer);
1655
1656
        store = OSSL_STORE_open_ex(key_file, data->state.libctx,
1657
                                   data->state.propq, ui_method, NULL, NULL,
1658
                                   NULL, NULL);
1659
        if(!store) {
1660
          failf(data, "Failed to open OpenSSL store: %s",
1661
                ossl_strerror(ERR_get_error(), error_buffer,
1662
                              sizeof(error_buffer)));
1663
          return 0;
1664
        }
1665
        if(OSSL_STORE_expect(store, OSSL_STORE_INFO_PKEY) != 1) {
1666
          failf(data, "Failed to set store preference. Ignoring the error: %s",
1667
                ossl_strerror(ERR_get_error(), error_buffer,
1668
                              sizeof(error_buffer)));
1669
        }
1670
1671
        info = OSSL_STORE_load(store);
1672
        if(info) {
1673
          int ossl_type = OSSL_STORE_INFO_get_type(info);
1674
1675
          if(ossl_type == OSSL_STORE_INFO_PKEY)
1676
            priv_key = OSSL_STORE_INFO_get1_PKEY(info);
1677
          OSSL_STORE_INFO_free(info);
1678
        }
1679
        OSSL_STORE_close(store);
1680
        UI_destroy_method(ui_method);
1681
        if(!priv_key) {
1682
          failf(data, "No private key found in the openssl store: %s",
1683
                ossl_strerror(ERR_get_error(), error_buffer,
1684
                              sizeof(error_buffer)));
1685
          return 0;
1686
        }
1687
1688
        if(SSL_CTX_use_PrivateKey(ctx, priv_key) != 1) {
1689
          failf(data, "unable to set private key [%s]",
1690
                ossl_strerror(ERR_get_error(), error_buffer,
1691
                              sizeof(error_buffer)));
1692
          EVP_PKEY_free(priv_key);
1693
          return 0;
1694
        }
1695
        EVP_PKEY_free(priv_key); /* we do not need the handle any more... */
1696
      }
1697
      else {
1698
        failf(data, "crypto provider not set, cannot load private key");
1699
        return 0;
1700
      }
1701
    }
1702
    break;
1703
#endif
1704
1705
0
    case SSL_FILETYPE_PKCS12:
1706
0
      if(!cert_done) {
1707
0
        failf(data, "file type P12 for private key not supported");
1708
0
        return 0;
1709
0
      }
1710
0
      break;
1711
0
    default:
1712
0
      failf(data, "not supported file type for private key");
1713
0
      return 0;
1714
0
    }
1715
1716
0
    ssl = SSL_new(ctx);
1717
0
    if(!ssl) {
1718
0
      failf(data, "unable to create an SSL structure");
1719
0
      return 0;
1720
0
    }
1721
1722
0
    x509 = SSL_get_certificate(ssl);
1723
1724
    /* This version was provided by Evan Jordan and is supposed to not
1725
       leak memory as the previous version: */
1726
0
    if(x509) {
1727
0
      EVP_PKEY *pktmp = X509_get_pubkey(x509);
1728
0
      EVP_PKEY_copy_parameters(pktmp, SSL_get_privatekey(ssl));
1729
0
      EVP_PKEY_free(pktmp);
1730
0
    }
1731
1732
0
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_IS_BORINGSSL) &&       \
1733
0
  !defined(OPENSSL_NO_DEPRECATED_3_0)
1734
0
    {
1735
      /* If RSA is used, do not check the private key if its flags indicate
1736
       * it does not support it. */
1737
0
      EVP_PKEY *priv_key = SSL_get_privatekey(ssl);
1738
0
      int pktype;
1739
0
#ifdef HAVE_OPAQUE_EVP_PKEY
1740
0
      pktype = EVP_PKEY_id(priv_key);
1741
#else
1742
      pktype = priv_key->type;
1743
#endif
1744
0
      if(pktype == EVP_PKEY_RSA) {
1745
0
        RSA *rsa = EVP_PKEY_get1_RSA(priv_key);
1746
0
        if(RSA_flags(rsa) & RSA_METHOD_FLAG_NO_CHECK)
1747
0
          check_privkey = FALSE;
1748
0
        RSA_free(rsa); /* Decrement reference count */
1749
0
      }
1750
0
    }
1751
0
#endif
1752
1753
0
    SSL_free(ssl);
1754
1755
    /* If we are using DSA, we can copy the parameters from
1756
     * the private key */
1757
1758
0
    if(check_privkey == TRUE) {
1759
      /* Now we know that a key and cert have been set against
1760
       * the SSL context */
1761
0
      if(!SSL_CTX_check_private_key(ctx)) {
1762
0
        failf(data, "Private key does not match the certificate public key");
1763
0
        return 0;
1764
0
      }
1765
0
    }
1766
0
  }
1767
0
  return 1;
1768
0
}
1769
1770
/* returns non-zero on failure */
1771
static CURLcode x509_name_oneline(X509_NAME *a, struct dynbuf *d)
1772
42
{
1773
42
  BIO *bio_out = BIO_new(BIO_s_mem());
1774
42
  BUF_MEM *biomem;
1775
42
  int rc;
1776
42
  CURLcode result = CURLE_OUT_OF_MEMORY;
1777
1778
42
  if(bio_out) {
1779
42
    curlx_dyn_reset(d);
1780
42
    rc = X509_NAME_print_ex(bio_out, a, 0, XN_FLAG_SEP_SPLUS_SPC);
1781
42
    if(rc != -1) {
1782
42
      BIO_get_mem_ptr(bio_out, &biomem);
1783
42
      result = curlx_dyn_addn(d, biomem->data, biomem->length);
1784
42
      BIO_free(bio_out);
1785
42
    }
1786
42
  }
1787
42
  return result;
1788
42
}
1789
1790
/**
1791
 * Global SSL init
1792
 *
1793
 * @retval 0 error initializing SSL
1794
 * @retval 1 SSL initialized successfully
1795
 */
1796
static int ossl_init(void)
1797
1
{
1798
1
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
1799
1
  const uint64_t flags =
1800
1
#ifdef OPENSSL_INIT_ENGINE_ALL_BUILTIN
1801
    /* not present in BoringSSL */
1802
1
    OPENSSL_INIT_ENGINE_ALL_BUILTIN |
1803
1
#endif
1804
#ifdef CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG
1805
    OPENSSL_INIT_NO_LOAD_CONFIG |
1806
#else
1807
1
    OPENSSL_INIT_LOAD_CONFIG |
1808
1
#endif
1809
1
    0;
1810
1
  OPENSSL_init_ssl(flags, NULL);
1811
#else
1812
  OPENSSL_load_builtin_modules();
1813
1814
#ifdef USE_OPENSSL_ENGINE
1815
  ENGINE_load_builtin_engines();
1816
#endif
1817
1818
/* CONF_MFLAGS_DEFAULT_SECTION was introduced some time between 0.9.8b and
1819
   0.9.8e */
1820
#ifndef CONF_MFLAGS_DEFAULT_SECTION
1821
#define CONF_MFLAGS_DEFAULT_SECTION 0x0
1822
#endif
1823
1824
#ifndef CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG
1825
  CONF_modules_load_file(NULL, NULL,
1826
                         CONF_MFLAGS_DEFAULT_SECTION|
1827
                         CONF_MFLAGS_IGNORE_MISSING_FILE);
1828
#endif
1829
1830
  /* Let's get nice error messages */
1831
  SSL_load_error_strings();
1832
1833
  /* Init the global ciphers and digests */
1834
  if(!SSLeay_add_ssl_algorithms())
1835
    return 0;
1836
1837
  OpenSSL_add_all_algorithms();
1838
#endif
1839
1840
1
  Curl_tls_keylog_open();
1841
1842
1
  return 1;
1843
1
}
1844
1845
/* Global cleanup */
1846
static void ossl_cleanup(void)
1847
0
{
1848
0
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
1849
  /* OpenSSL 1.1 deprecates all these cleanup functions and
1850
     turns them into no-ops in OpenSSL 1.0 compatibility mode */
1851
#else
1852
  /* Free ciphers and digests lists */
1853
  EVP_cleanup();
1854
1855
#ifdef USE_OPENSSL_ENGINE
1856
  /* Free engine list */
1857
  ENGINE_cleanup();
1858
#endif
1859
1860
  /* Free OpenSSL error strings */
1861
  ERR_free_strings();
1862
1863
  /* Free thread local error state, destroying hash upon zero refcount */
1864
  ERR_remove_thread_state(NULL);
1865
1866
  /* Free all memory allocated by all configuration modules */
1867
  CONF_modules_free();
1868
1869
#ifdef HAVE_SSL_COMP_FREE_COMPRESSION_METHODS
1870
  SSL_COMP_free_compression_methods();
1871
#endif
1872
#endif
1873
1874
0
  Curl_tls_keylog_close();
1875
0
}
1876
1877
/* Selects an OpenSSL crypto engine or provider.
1878
 */
1879
static CURLcode ossl_set_engine(struct Curl_easy *data, const char *name)
1880
0
{
1881
0
#ifdef USE_OPENSSL_ENGINE
1882
0
  CURLcode result = CURLE_SSL_ENGINE_NOTFOUND;
1883
0
  ENGINE *e = ENGINE_by_id(name);
1884
1885
0
  if(e) {
1886
1887
0
    if(data->state.engine) {
1888
0
      ENGINE_finish(data->state.engine);
1889
0
      ENGINE_free(data->state.engine);
1890
0
      data->state.engine = NULL;
1891
0
    }
1892
0
    if(!ENGINE_init(e)) {
1893
0
      char buf[256];
1894
1895
0
      ENGINE_free(e);
1896
0
      failf(data, "Failed to initialise SSL Engine '%s': %s",
1897
0
            name, ossl_strerror(ERR_get_error(), buf, sizeof(buf)));
1898
0
      result = CURLE_SSL_ENGINE_INITFAILED;
1899
0
      e = NULL;
1900
0
    }
1901
0
    data->state.engine = e;
1902
0
    return result;
1903
0
  }
1904
0
#endif
1905
#ifdef OPENSSL_HAS_PROVIDERS
1906
  return ossl_set_provider(data, name);
1907
#else
1908
0
  (void)name;
1909
0
  failf(data, "OpenSSL engine not found");
1910
0
  return CURLE_SSL_ENGINE_NOTFOUND;
1911
0
#endif
1912
0
}
1913
1914
/* Sets engine as default for all SSL operations
1915
 */
1916
static CURLcode ossl_set_engine_default(struct Curl_easy *data)
1917
0
{
1918
0
#ifdef USE_OPENSSL_ENGINE
1919
0
  if(data->state.engine) {
1920
0
    if(ENGINE_set_default(data->state.engine, ENGINE_METHOD_ALL) > 0) {
1921
0
      infof(data, "set default crypto engine '%s'",
1922
0
            ENGINE_get_id(data->state.engine));
1923
0
    }
1924
0
    else {
1925
0
      failf(data, "set default crypto engine '%s' failed",
1926
0
            ENGINE_get_id(data->state.engine));
1927
0
      return CURLE_SSL_ENGINE_SETFAILED;
1928
0
    }
1929
0
  }
1930
#else
1931
  (void) data;
1932
#endif
1933
0
  return CURLE_OK;
1934
0
}
1935
1936
/* Return list of OpenSSL crypto engine names.
1937
 */
1938
static struct curl_slist *ossl_engines_list(struct Curl_easy *data)
1939
0
{
1940
0
  struct curl_slist *list = NULL;
1941
0
#ifdef USE_OPENSSL_ENGINE
1942
0
  struct curl_slist *beg;
1943
0
  ENGINE *e;
1944
1945
0
  for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
1946
0
    beg = curl_slist_append(list, ENGINE_get_id(e));
1947
0
    if(!beg) {
1948
0
      curl_slist_free_all(list);
1949
0
      return NULL;
1950
0
    }
1951
0
    list = beg;
1952
0
  }
1953
0
#endif
1954
0
  (void) data;
1955
0
  return list;
1956
0
}
1957
1958
#if defined(OPENSSL_HAS_PROVIDERS)
1959
1960
static void ossl_provider_cleanup(struct Curl_easy *data)
1961
{
1962
  if(data->state.baseprov) {
1963
    OSSL_PROVIDER_unload(data->state.baseprov);
1964
    data->state.baseprov = NULL;
1965
  }
1966
  if(data->state.provider) {
1967
    OSSL_PROVIDER_unload(data->state.provider);
1968
    data->state.provider = NULL;
1969
  }
1970
  OSSL_LIB_CTX_free(data->state.libctx);
1971
  data->state.libctx = NULL;
1972
  Curl_safefree(data->state.propq);
1973
  data->state.provider_loaded = FALSE;
1974
}
1975
1976
#define MAX_PROVIDER_LEN 128 /* reasonable */
1977
1978
/* Selects an OpenSSL crypto provider.
1979
 *
1980
 * A provider might need an associated property, a string passed on to
1981
 * OpenSSL. Specify this as [PROVIDER][:PROPERTY]: separate the name and the
1982
 * property with a colon. No colon means no property is set.
1983
 *
1984
 * An example provider + property looks like "tpm2:?provider=tpm2".
1985
 */
1986
static CURLcode ossl_set_provider(struct Curl_easy *data, const char *iname)
1987
{
1988
  char name[MAX_PROVIDER_LEN + 1];
1989
  struct Curl_str prov;
1990
  const char *propq = NULL;
1991
1992
  if(!iname) {
1993
    /* clear and cleanup provider use */
1994
    ossl_provider_cleanup(data);
1995
    return CURLE_OK;
1996
  }
1997
  if(curlx_str_until(&iname, &prov, MAX_PROVIDER_LEN, ':'))
1998
    return CURLE_BAD_FUNCTION_ARGUMENT;
1999
2000
  if(!curlx_str_single(&iname, ':'))
2001
    /* there was a colon, get the propq until the end of string */
2002
    propq = iname;
2003
2004
  /* we need the name in a buffer, null-terminated */
2005
  memcpy(name, curlx_str(&prov), curlx_strlen(&prov));
2006
  name[curlx_strlen(&prov)] = 0;
2007
2008
  if(!data->state.libctx) {
2009
    OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new();
2010
    if(!libctx)
2011
      return CURLE_OUT_OF_MEMORY;
2012
    if(propq) {
2013
      data->state.propq = strdup(propq);
2014
      if(!data->state.propq) {
2015
        OSSL_LIB_CTX_free(libctx);
2016
        return CURLE_OUT_OF_MEMORY;
2017
      }
2018
    }
2019
    data->state.libctx = libctx;
2020
  }
2021
2022
  if(OSSL_PROVIDER_available(data->state.libctx, name)) {
2023
    /* already loaded through the configuration - no action needed */
2024
    data->state.provider_loaded = TRUE;
2025
    return CURLE_OK;
2026
  }
2027
2028
  data->state.provider =
2029
    OSSL_PROVIDER_try_load(data->state.libctx, name, 1);
2030
  if(!data->state.provider) {
2031
    char error_buffer[256];
2032
    failf(data, "Failed to initialize provider: %s",
2033
          ossl_strerror(ERR_get_error(), error_buffer,
2034
                        sizeof(error_buffer)));
2035
    ossl_provider_cleanup(data);
2036
    return CURLE_SSL_ENGINE_NOTFOUND;
2037
  }
2038
2039
  /* load the base provider as well */
2040
  data->state.baseprov =
2041
    OSSL_PROVIDER_try_load(data->state.libctx, "base", 1);
2042
  if(!data->state.baseprov) {
2043
    ossl_provider_cleanup(data);
2044
    failf(data, "Failed to load base");
2045
    return CURLE_SSL_ENGINE_NOTFOUND;
2046
  }
2047
  else
2048
    data->state.provider_loaded = TRUE;
2049
  return CURLE_OK;
2050
}
2051
#endif
2052
2053
2054
static CURLcode ossl_shutdown(struct Curl_cfilter *cf,
2055
                              struct Curl_easy *data,
2056
                              bool send_shutdown, bool *done)
2057
36
{
2058
36
  struct ssl_connect_data *connssl = cf->ctx;
2059
36
  struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend;
2060
36
  CURLcode result = CURLE_OK;
2061
36
  char buf[1024];
2062
36
  int nread = -1, err;
2063
36
  unsigned long sslerr;
2064
36
  size_t i;
2065
2066
36
  DEBUGASSERT(octx);
2067
36
  if(!octx->ssl || cf->shutdown) {
2068
0
    *done = TRUE;
2069
0
    goto out;
2070
0
  }
2071
2072
36
  connssl->io_need = CURL_SSL_IO_NEED_NONE;
2073
36
  *done = FALSE;
2074
36
  if(!(SSL_get_shutdown(octx->ssl) & SSL_SENT_SHUTDOWN)) {
2075
    /* We have not started the shutdown from our side yet. Check
2076
     * if the server already sent us one. */
2077
18
    ERR_clear_error();
2078
18
    for(i = 0; i < 10; ++i) {
2079
18
      nread = SSL_read(octx->ssl, buf, (int)sizeof(buf));
2080
18
      CURL_TRC_CF(data, cf, "SSL shutdown not sent, read -> %d", nread);
2081
18
      if(nread <= 0)
2082
18
        break;
2083
18
    }
2084
18
    err = SSL_get_error(octx->ssl, nread);
2085
18
    if(!nread && err == SSL_ERROR_ZERO_RETURN) {
2086
0
      bool input_pending;
2087
      /* Yes, it did. */
2088
0
      if(!send_shutdown) {
2089
0
        CURL_TRC_CF(data, cf, "SSL shutdown received, not sending");
2090
0
        *done = TRUE;
2091
0
        goto out;
2092
0
      }
2093
0
      else if(!cf->next->cft->is_alive(cf->next, data, &input_pending)) {
2094
        /* Server closed the connection after its closy notify. It
2095
         * seems not interested to see our close notify, so do not
2096
         * send it. We are done. */
2097
0
        connssl->peer_closed = TRUE;
2098
0
        CURL_TRC_CF(data, cf, "peer closed connection");
2099
0
        *done = TRUE;
2100
0
        goto out;
2101
0
      }
2102
0
    }
2103
18
  }
2104
2105
  /* SSL should now have started the shutdown from our side. Since it
2106
   * was not complete, we are lacking the close notify from the server. */
2107
36
  if(send_shutdown && !(SSL_get_shutdown(octx->ssl) & SSL_SENT_SHUTDOWN)) {
2108
18
    ERR_clear_error();
2109
18
    CURL_TRC_CF(data, cf, "send SSL close notify");
2110
18
    if(SSL_shutdown(octx->ssl) == 1) {
2111
0
      CURL_TRC_CF(data, cf, "SSL shutdown finished");
2112
0
      *done = TRUE;
2113
0
      goto out;
2114
0
    }
2115
18
    if(SSL_ERROR_WANT_WRITE == SSL_get_error(octx->ssl, nread)) {
2116
0
      CURL_TRC_CF(data, cf, "SSL shutdown still wants to send");
2117
0
      connssl->io_need = CURL_SSL_IO_NEED_SEND;
2118
0
      goto out;
2119
0
    }
2120
    /* Having sent the close notify, we use SSL_read() to get the
2121
     * missing close notify from the server. */
2122
18
  }
2123
2124
36
  for(i = 0; i < 10; ++i) {
2125
36
    ERR_clear_error();
2126
36
    nread = SSL_read(octx->ssl, buf, (int)sizeof(buf));
2127
36
    CURL_TRC_CF(data, cf, "SSL shutdown read -> %d", nread);
2128
36
    if(nread <= 0)
2129
36
      break;
2130
36
  }
2131
36
  err = SSL_get_error(octx->ssl, nread);
2132
36
  switch(err) {
2133
0
  case SSL_ERROR_ZERO_RETURN: /* no more data */
2134
0
    if(SSL_shutdown(octx->ssl) == 1)
2135
0
      CURL_TRC_CF(data, cf, "SSL shutdown finished");
2136
0
    else
2137
0
      CURL_TRC_CF(data, cf, "SSL shutdown not received, but closed");
2138
0
    *done = TRUE;
2139
0
    break;
2140
0
  case SSL_ERROR_NONE: /* just did not get anything */
2141
34
  case SSL_ERROR_WANT_READ:
2142
    /* SSL has send its notify and now wants to read the reply
2143
     * from the server. We are not really interested in that. */
2144
34
    CURL_TRC_CF(data, cf, "SSL shutdown sent, want receive");
2145
34
    connssl->io_need = CURL_SSL_IO_NEED_RECV;
2146
34
    break;
2147
0
  case SSL_ERROR_WANT_WRITE:
2148
0
    CURL_TRC_CF(data, cf, "SSL shutdown send blocked");
2149
0
    connssl->io_need = CURL_SSL_IO_NEED_SEND;
2150
0
    break;
2151
2
  default:
2152
    /* Server seems to have closed the connection without sending us
2153
     * a close notify. */
2154
2
    sslerr = ERR_get_error();
2155
2
    CURL_TRC_CF(data, cf, "SSL shutdown, ignore recv error: '%s', errno %d",
2156
2
                (sslerr ?
2157
2
                 ossl_strerror(sslerr, buf, sizeof(buf)) :
2158
2
                 SSL_ERROR_to_str(err)),
2159
2
                SOCKERRNO);
2160
2
    *done = TRUE;
2161
2
    result = CURLE_OK;
2162
2
    break;
2163
36
  }
2164
2165
36
out:
2166
36
  cf->shutdown = (result || *done);
2167
36
  return result;
2168
36
}
2169
2170
static void ossl_close(struct Curl_cfilter *cf, struct Curl_easy *data)
2171
42
{
2172
42
  struct ssl_connect_data *connssl = cf->ctx;
2173
42
  struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend;
2174
2175
42
  (void)data;
2176
42
  DEBUGASSERT(octx);
2177
2178
42
  if(octx->ssl) {
2179
21
    SSL_free(octx->ssl);
2180
21
    octx->ssl = NULL;
2181
21
  }
2182
42
  if(octx->ssl_ctx) {
2183
21
    SSL_CTX_free(octx->ssl_ctx);
2184
21
    octx->ssl_ctx = NULL;
2185
21
    octx->x509_store_setup = FALSE;
2186
21
  }
2187
42
  if(octx->bio_method) {
2188
21
    ossl_bio_cf_method_free(octx->bio_method);
2189
21
    octx->bio_method = NULL;
2190
21
  }
2191
42
}
2192
2193
/*
2194
 * This function is called when the 'data' struct is going away. Close
2195
 * down everything and free all resources!
2196
 */
2197
static void ossl_close_all(struct Curl_easy *data)
2198
142k
{
2199
142k
#ifdef USE_OPENSSL_ENGINE
2200
142k
  if(data->state.engine) {
2201
0
    ENGINE_finish(data->state.engine);
2202
0
    ENGINE_free(data->state.engine);
2203
0
    data->state.engine = NULL;
2204
0
  }
2205
#else
2206
  (void)data;
2207
#endif
2208
#ifdef OPENSSL_HAS_PROVIDERS
2209
  ossl_provider_cleanup(data);
2210
#endif
2211
#ifndef HAVE_ERR_REMOVE_THREAD_STATE_DEPRECATED
2212
  /* OpenSSL 1.0.1 and 1.0.2 build an error queue that is stored per-thread
2213
     so we need to clean it here in case the thread will be killed. All OpenSSL
2214
     code should extract the error in association with the error so clearing
2215
     this queue here should be harmless at worst. */
2216
  ERR_remove_thread_state(NULL);
2217
#endif
2218
142k
}
2219
2220
/* ====================================================== */
2221
2222
/*
2223
 * Match subjectAltName against the hostname.
2224
 */
2225
static bool subj_alt_hostcheck(struct Curl_easy *data,
2226
                               const char *match_pattern,
2227
                               size_t matchlen,
2228
                               const char *hostname,
2229
                               size_t hostlen,
2230
                               const char *dispname)
2231
21
{
2232
#ifdef CURL_DISABLE_VERBOSE_STRINGS
2233
  (void)dispname;
2234
  (void)data;
2235
#endif
2236
21
  if(Curl_cert_hostcheck(match_pattern, matchlen, hostname, hostlen)) {
2237
21
    infof(data, " subjectAltName: host \"%s\" matched cert's \"%s\"",
2238
21
          dispname, match_pattern);
2239
21
    return TRUE;
2240
21
  }
2241
0
  return FALSE;
2242
21
}
2243
2244
/* Quote from RFC2818 section 3.1 "Server Identity"
2245
2246
   If a subjectAltName extension of type dNSName is present, that MUST
2247
   be used as the identity. Otherwise, the (most specific) Common Name
2248
   field in the Subject field of the certificate MUST be used. Although
2249
   the use of the Common Name is existing practice, it is deprecated and
2250
   Certification Authorities are encouraged to use the dNSName instead.
2251
2252
   Matching is performed using the matching rules specified by
2253
   [RFC2459]. If more than one identity of a given type is present in
2254
   the certificate (e.g., more than one dNSName name, a match in any one
2255
   of the set is considered acceptable.) Names may contain the wildcard
2256
   character * which is considered to match any single domain name
2257
   component or component fragment. E.g., *.a.com matches foo.a.com but
2258
   not bar.foo.a.com. f*.com matches foo.com but not bar.com.
2259
2260
   In some cases, the URI is specified as an IP address rather than a
2261
   hostname. In this case, the iPAddress subjectAltName must be present
2262
   in the certificate and must exactly match the IP in the URI.
2263
2264
   This function is now used from ngtcp2 (QUIC) as well.
2265
*/
2266
static CURLcode ossl_verifyhost(struct Curl_easy *data,
2267
                                struct connectdata *conn,
2268
                                struct ssl_peer *peer, X509 *server_cert)
2269
21
{
2270
21
  bool matched = FALSE;
2271
21
  int target; /* target type, GEN_DNS or GEN_IPADD */
2272
21
  size_t addrlen = 0;
2273
21
  STACK_OF(GENERAL_NAME) *altnames;
2274
21
#ifdef USE_IPV6
2275
21
  struct in6_addr addr;
2276
#else
2277
  struct in_addr addr;
2278
#endif
2279
21
  CURLcode result = CURLE_OK;
2280
21
  bool dNSName = FALSE; /* if a dNSName field exists in the cert */
2281
21
  bool iPAddress = FALSE; /* if an iPAddress field exists in the cert */
2282
21
  size_t hostlen;
2283
2284
21
  (void)conn;
2285
21
  hostlen = strlen(peer->hostname);
2286
21
  switch(peer->type) {
2287
0
  case CURL_SSL_PEER_IPV4:
2288
0
    if(!curlx_inet_pton(AF_INET, peer->hostname, &addr))
2289
0
      return CURLE_PEER_FAILED_VERIFICATION;
2290
0
    target = GEN_IPADD;
2291
0
    addrlen = sizeof(struct in_addr);
2292
0
    break;
2293
0
#ifdef USE_IPV6
2294
0
  case CURL_SSL_PEER_IPV6:
2295
0
    if(!curlx_inet_pton(AF_INET6, peer->hostname, &addr))
2296
0
      return CURLE_PEER_FAILED_VERIFICATION;
2297
0
    target = GEN_IPADD;
2298
0
    addrlen = sizeof(struct in6_addr);
2299
0
    break;
2300
0
#endif
2301
21
  case CURL_SSL_PEER_DNS:
2302
21
    target = GEN_DNS;
2303
21
    break;
2304
0
  default:
2305
0
    DEBUGASSERT(0);
2306
0
    failf(data, "unexpected ssl peer type: %d", peer->type);
2307
0
    return CURLE_PEER_FAILED_VERIFICATION;
2308
21
  }
2309
2310
  /* get a "list" of alternative names */
2311
21
  altnames = X509_get_ext_d2i(server_cert, NID_subject_alt_name, NULL, NULL);
2312
2313
21
  if(altnames) {
2314
#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
2315
    size_t numalts;
2316
    size_t i;
2317
#else
2318
21
    int numalts;
2319
21
    int i;
2320
21
#endif
2321
21
    bool dnsmatched = FALSE;
2322
21
    bool ipmatched = FALSE;
2323
2324
    /* get amount of alternatives, RFC2459 claims there MUST be at least
2325
       one, but we do not depend on it... */
2326
21
    numalts = sk_GENERAL_NAME_num(altnames);
2327
2328
    /* loop through all alternatives - until a dnsmatch */
2329
42
    for(i = 0; (i < numalts) && !dnsmatched; i++) {
2330
      /* get a handle to alternative name number i */
2331
21
      const GENERAL_NAME *check = sk_GENERAL_NAME_value(altnames, i);
2332
2333
21
      if(check->type == GEN_DNS)
2334
21
        dNSName = TRUE;
2335
0
      else if(check->type == GEN_IPADD)
2336
0
        iPAddress = TRUE;
2337
2338
      /* only check alternatives of the same type the target is */
2339
21
      if(check->type == target) {
2340
        /* get data and length */
2341
21
        const char *altptr = (const char *)ASN1_STRING_get0_data(check->d.ia5);
2342
21
        size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5);
2343
2344
21
        switch(target) {
2345
21
        case GEN_DNS: /* name/pattern comparison */
2346
          /* The OpenSSL manpage explicitly says: "In general it cannot be
2347
             assumed that the data returned by ASN1_STRING_data() is null
2348
             terminated or does not contain embedded nulls." But also that
2349
             "The actual format of the data will depend on the actual string
2350
             type itself: for example for an IA5String the data will be ASCII"
2351
2352
             It has been however verified that in 0.9.6 and 0.9.7, IA5String
2353
             is always null-terminated.
2354
          */
2355
21
          if((altlen == strlen(altptr)) &&
2356
             /* if this is not true, there was an embedded zero in the name
2357
                string and we cannot match it. */
2358
21
             subj_alt_hostcheck(data, altptr, altlen,
2359
21
                                peer->hostname, hostlen,
2360
21
                                peer->dispname)) {
2361
21
            dnsmatched = TRUE;
2362
21
          }
2363
21
          break;
2364
2365
0
        case GEN_IPADD: /* IP address comparison */
2366
          /* compare alternative IP address if the data chunk is the same size
2367
             our server IP address is */
2368
0
          if((altlen == addrlen) && !memcmp(altptr, &addr, altlen)) {
2369
0
            ipmatched = TRUE;
2370
0
            infof(data,
2371
0
                  " subjectAltName: host \"%s\" matched cert's IP address!",
2372
0
                  peer->dispname);
2373
0
          }
2374
0
          break;
2375
21
        }
2376
21
      }
2377
21
    }
2378
21
    GENERAL_NAMES_free(altnames);
2379
2380
21
    if(dnsmatched || ipmatched)
2381
21
      matched = TRUE;
2382
21
  }
2383
2384
21
  if(matched)
2385
    /* an alternative name matched */
2386
21
    ;
2387
0
  else if(dNSName || iPAddress) {
2388
0
    const char *tname = (peer->type == CURL_SSL_PEER_DNS) ? "hostname" :
2389
0
                        (peer->type == CURL_SSL_PEER_IPV4) ?
2390
0
                        "ipv4 address" : "ipv6 address";
2391
0
    infof(data, " subjectAltName does not match %s %s", tname, peer->dispname);
2392
0
    failf(data, "SSL: no alternative certificate subject name matches "
2393
0
          "target %s '%s'", tname, peer->dispname);
2394
0
    result = CURLE_PEER_FAILED_VERIFICATION;
2395
0
  }
2396
0
  else {
2397
    /* we have to look to the last occurrence of a commonName in the
2398
       distinguished one to get the most significant one. */
2399
0
    int i = -1;
2400
0
    unsigned char *cn = NULL;
2401
0
    int cnlen = 0;
2402
0
    bool free_cn = FALSE;
2403
2404
    /* The following is done because of a bug in 0.9.6b */
2405
0
    X509_NAME *name = X509_get_subject_name(server_cert);
2406
0
    if(name) {
2407
0
      int j;
2408
0
      while((j = X509_NAME_get_index_by_NID(name, NID_commonName, i)) >= 0)
2409
0
        i = j;
2410
0
    }
2411
2412
    /* we have the name entry and we will now convert this to a string
2413
       that we can use for comparison. Doing this we support BMPstring,
2414
       UTF8, etc. */
2415
2416
0
    if(i >= 0) {
2417
0
      ASN1_STRING *tmp =
2418
0
        X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
2419
2420
      /* In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input
2421
         is already UTF-8 encoded. We check for this case and copy the raw
2422
         string manually to avoid the problem. This code can be made
2423
         conditional in the future when OpenSSL has been fixed. */
2424
0
      if(tmp) {
2425
0
        if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
2426
0
          cnlen = ASN1_STRING_length(tmp);
2427
0
          cn = (unsigned char *)CURL_UNCONST(ASN1_STRING_get0_data(tmp));
2428
0
        }
2429
0
        else { /* not a UTF8 name */
2430
0
          cnlen = ASN1_STRING_to_UTF8(&cn, tmp);
2431
0
          free_cn = TRUE;
2432
0
        }
2433
2434
0
        if((cnlen <= 0) || !cn)
2435
0
          result = CURLE_OUT_OF_MEMORY;
2436
0
        else if((size_t)cnlen != strlen((char *)cn)) {
2437
          /* there was a terminating zero before the end of string, this
2438
             cannot match and we return failure! */
2439
0
          failf(data, "SSL: illegal cert name field");
2440
0
          result = CURLE_PEER_FAILED_VERIFICATION;
2441
0
        }
2442
0
      }
2443
0
    }
2444
2445
0
    if(result)
2446
      /* error already detected, pass through */
2447
0
      ;
2448
0
    else if(!cn) {
2449
0
      failf(data,
2450
0
            "SSL: unable to obtain common name from peer certificate");
2451
0
      result = CURLE_PEER_FAILED_VERIFICATION;
2452
0
    }
2453
0
    else if(!Curl_cert_hostcheck((const char *)cn, cnlen,
2454
0
                                 peer->hostname, hostlen)) {
2455
0
      failf(data, "SSL: certificate subject name '%s' does not match "
2456
0
            "target hostname '%s'", cn, peer->dispname);
2457
0
      result = CURLE_PEER_FAILED_VERIFICATION;
2458
0
    }
2459
0
    else {
2460
0
      infof(data, " common name: %s (matched)", cn);
2461
0
    }
2462
0
    if(free_cn)
2463
0
      OPENSSL_free(cn);
2464
0
  }
2465
2466
21
  return result;
2467
21
}
2468
2469
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_OCSP)
2470
static CURLcode verifystatus(struct Curl_cfilter *cf,
2471
                             struct Curl_easy *data,
2472
                             struct ossl_ctx *octx)
2473
0
{
2474
0
  int i, ocsp_status;
2475
#ifdef OPENSSL_IS_AWSLC
2476
  const uint8_t *status;
2477
#else
2478
0
  unsigned char *status;
2479
0
#endif
2480
0
  const unsigned char *p;
2481
0
  CURLcode result = CURLE_OK;
2482
0
  OCSP_RESPONSE *rsp = NULL;
2483
0
  OCSP_BASICRESP *br = NULL;
2484
0
  X509_STORE     *st = NULL;
2485
0
  STACK_OF(X509) *ch = NULL;
2486
0
  X509 *cert;
2487
0
  OCSP_CERTID *id = NULL;
2488
0
  int cert_status, crl_reason;
2489
0
  ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
2490
0
  int ret;
2491
0
  long len;
2492
2493
0
  (void)cf;
2494
0
  DEBUGASSERT(octx);
2495
2496
0
  len = (long)SSL_get_tlsext_status_ocsp_resp(octx->ssl, &status);
2497
2498
0
  if(!status) {
2499
0
    failf(data, "No OCSP response received");
2500
0
    result = CURLE_SSL_INVALIDCERTSTATUS;
2501
0
    goto end;
2502
0
  }
2503
0
  p = status;
2504
0
  rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
2505
0
  if(!rsp) {
2506
0
    failf(data, "Invalid OCSP response");
2507
0
    result = CURLE_SSL_INVALIDCERTSTATUS;
2508
0
    goto end;
2509
0
  }
2510
2511
0
  ocsp_status = OCSP_response_status(rsp);
2512
0
  if(ocsp_status != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
2513
0
    failf(data, "Invalid OCSP response status: %s (%d)",
2514
0
          OCSP_response_status_str(ocsp_status), ocsp_status);
2515
0
    result = CURLE_SSL_INVALIDCERTSTATUS;
2516
0
    goto end;
2517
0
  }
2518
2519
0
  br = OCSP_response_get1_basic(rsp);
2520
0
  if(!br) {
2521
0
    failf(data, "Invalid OCSP response");
2522
0
    result = CURLE_SSL_INVALIDCERTSTATUS;
2523
0
    goto end;
2524
0
  }
2525
2526
0
  ch = SSL_get_peer_cert_chain(octx->ssl);
2527
0
  if(!ch) {
2528
0
    failf(data, "Could not get peer certificate chain");
2529
0
    result = CURLE_SSL_INVALIDCERTSTATUS;
2530
0
    goto end;
2531
0
  }
2532
0
  st = SSL_CTX_get_cert_store(octx->ssl_ctx);
2533
2534
0
  if(OCSP_basic_verify(br, ch, st, 0) <= 0) {
2535
0
    failf(data, "OCSP response verification failed");
2536
0
    result = CURLE_SSL_INVALIDCERTSTATUS;
2537
0
    goto end;
2538
0
  }
2539
2540
  /* Compute the certificate's ID */
2541
0
  cert = SSL_get1_peer_certificate(octx->ssl);
2542
0
  if(!cert) {
2543
0
    failf(data, "Error getting peer certificate");
2544
0
    result = CURLE_SSL_INVALIDCERTSTATUS;
2545
0
    goto end;
2546
0
  }
2547
2548
0
  for(i = 0; i < (int)sk_X509_num(ch); i++) {
2549
0
    X509 *issuer = sk_X509_value(ch, (ossl_valsize_t)i);
2550
0
    if(X509_check_issued(issuer, cert) == X509_V_OK) {
2551
0
      id = OCSP_cert_to_id(EVP_sha1(), cert, issuer);
2552
0
      break;
2553
0
    }
2554
0
  }
2555
0
  X509_free(cert);
2556
2557
0
  if(!id) {
2558
0
    failf(data, "Error computing OCSP ID");
2559
0
    result = CURLE_SSL_INVALIDCERTSTATUS;
2560
0
    goto end;
2561
0
  }
2562
2563
  /* Find the single OCSP response corresponding to the certificate ID */
2564
0
  ret = OCSP_resp_find_status(br, id, &cert_status, &crl_reason, &rev,
2565
0
                              &thisupd, &nextupd);
2566
0
  OCSP_CERTID_free(id);
2567
0
  if(ret != 1) {
2568
0
    failf(data, "Could not find certificate ID in OCSP response");
2569
0
    result = CURLE_SSL_INVALIDCERTSTATUS;
2570
0
    goto end;
2571
0
  }
2572
2573
  /* Validate the corresponding single OCSP response */
2574
0
  if(!OCSP_check_validity(thisupd, nextupd, 300L, -1L)) {
2575
0
    failf(data, "OCSP response has expired");
2576
0
    result = CURLE_SSL_INVALIDCERTSTATUS;
2577
0
    goto end;
2578
0
  }
2579
2580
0
  infof(data, "SSL certificate status: %s (%d)",
2581
0
        OCSP_cert_status_str(cert_status), cert_status);
2582
2583
0
  switch(cert_status) {
2584
0
  case V_OCSP_CERTSTATUS_GOOD:
2585
0
    break;
2586
2587
0
  case V_OCSP_CERTSTATUS_REVOKED:
2588
0
    result = CURLE_SSL_INVALIDCERTSTATUS;
2589
0
    failf(data, "SSL certificate revocation reason: %s (%d)",
2590
0
          OCSP_crl_reason_str(crl_reason), crl_reason);
2591
0
    goto end;
2592
2593
0
  case V_OCSP_CERTSTATUS_UNKNOWN:
2594
0
  default:
2595
0
    result = CURLE_SSL_INVALIDCERTSTATUS;
2596
0
    goto end;
2597
0
  }
2598
2599
0
end:
2600
0
  if(br)
2601
0
    OCSP_BASICRESP_free(br);
2602
0
  OCSP_RESPONSE_free(rsp);
2603
2604
0
  return result;
2605
0
}
2606
#endif
2607
2608
#endif /* USE_OPENSSL */
2609
2610
/* The SSL_CTRL_SET_MSG_CALLBACK does not exist in ancient OpenSSL versions
2611
   and thus this cannot be done there. */
2612
#ifdef SSL_CTRL_SET_MSG_CALLBACK
2613
2614
static const char *ssl_msg_type(int ssl_ver, int msg)
2615
0
{
2616
#ifdef SSL2_VERSION_MAJOR
2617
  if(ssl_ver == SSL2_VERSION_MAJOR) {
2618
    switch(msg) {
2619
    case SSL2_MT_ERROR:
2620
      return "Error";
2621
    case SSL2_MT_CLIENT_HELLO:
2622
      return "Client hello";
2623
    case SSL2_MT_CLIENT_MASTER_KEY:
2624
      return "Client key";
2625
    case SSL2_MT_CLIENT_FINISHED:
2626
      return "Client finished";
2627
    case SSL2_MT_SERVER_HELLO:
2628
      return "Server hello";
2629
    case SSL2_MT_SERVER_VERIFY:
2630
      return "Server verify";
2631
    case SSL2_MT_SERVER_FINISHED:
2632
      return "Server finished";
2633
    case SSL2_MT_REQUEST_CERTIFICATE:
2634
      return "Request CERT";
2635
    case SSL2_MT_CLIENT_CERTIFICATE:
2636
      return "Client CERT";
2637
    }
2638
  }
2639
  else
2640
#endif
2641
0
  if(ssl_ver == SSL3_VERSION_MAJOR) {
2642
0
    switch(msg) {
2643
0
    case SSL3_MT_HELLO_REQUEST:
2644
0
      return "Hello request";
2645
0
    case SSL3_MT_CLIENT_HELLO:
2646
0
      return "Client hello";
2647
0
    case SSL3_MT_SERVER_HELLO:
2648
0
      return "Server hello";
2649
0
#ifdef SSL3_MT_NEWSESSION_TICKET
2650
0
    case SSL3_MT_NEWSESSION_TICKET:
2651
0
      return "Newsession Ticket";
2652
0
#endif
2653
0
    case SSL3_MT_CERTIFICATE:
2654
0
      return "Certificate";
2655
0
    case SSL3_MT_SERVER_KEY_EXCHANGE:
2656
0
      return "Server key exchange";
2657
0
    case SSL3_MT_CLIENT_KEY_EXCHANGE:
2658
0
      return "Client key exchange";
2659
0
    case SSL3_MT_CERTIFICATE_REQUEST:
2660
0
      return "Request CERT";
2661
0
    case SSL3_MT_SERVER_DONE:
2662
0
      return "Server finished";
2663
0
    case SSL3_MT_CERTIFICATE_VERIFY:
2664
0
      return "CERT verify";
2665
0
    case SSL3_MT_FINISHED:
2666
0
      return "Finished";
2667
0
#ifdef SSL3_MT_CERTIFICATE_STATUS
2668
0
    case SSL3_MT_CERTIFICATE_STATUS:
2669
0
      return "Certificate Status";
2670
0
#endif
2671
0
#ifdef SSL3_MT_ENCRYPTED_EXTENSIONS
2672
0
    case SSL3_MT_ENCRYPTED_EXTENSIONS:
2673
0
      return "Encrypted Extensions";
2674
0
#endif
2675
0
#ifdef SSL3_MT_SUPPLEMENTAL_DATA
2676
0
    case SSL3_MT_SUPPLEMENTAL_DATA:
2677
0
      return "Supplemental data";
2678
0
#endif
2679
0
#ifdef SSL3_MT_END_OF_EARLY_DATA
2680
0
    case SSL3_MT_END_OF_EARLY_DATA:
2681
0
      return "End of early data";
2682
0
#endif
2683
0
#ifdef SSL3_MT_KEY_UPDATE
2684
0
    case SSL3_MT_KEY_UPDATE:
2685
0
      return "Key update";
2686
0
#endif
2687
0
#ifdef SSL3_MT_NEXT_PROTO
2688
0
    case SSL3_MT_NEXT_PROTO:
2689
0
      return "Next protocol";
2690
0
#endif
2691
0
#ifdef SSL3_MT_MESSAGE_HASH
2692
0
    case SSL3_MT_MESSAGE_HASH:
2693
0
      return "Message hash";
2694
0
#endif
2695
0
    }
2696
0
  }
2697
0
  return "Unknown";
2698
0
}
2699
2700
static const char *tls_rt_type(int type)
2701
0
{
2702
0
  switch(type) {
2703
0
#ifdef SSL3_RT_HEADER
2704
0
  case SSL3_RT_HEADER:
2705
0
    return "TLS header";
2706
0
#endif
2707
0
  case SSL3_RT_CHANGE_CIPHER_SPEC:
2708
0
    return "TLS change cipher";
2709
0
  case SSL3_RT_ALERT:
2710
0
    return "TLS alert";
2711
0
  case SSL3_RT_HANDSHAKE:
2712
0
    return "TLS handshake";
2713
0
  case SSL3_RT_APPLICATION_DATA:
2714
0
    return "TLS app data";
2715
0
  default:
2716
0
    return "TLS Unknown";
2717
0
  }
2718
0
}
2719
2720
/*
2721
 * Our callback from the SSL/TLS layers.
2722
 */
2723
static void ossl_trace(int direction, int ssl_ver, int content_type,
2724
                       const void *buf, size_t len, SSL *ssl,
2725
                       void *userp)
2726
0
{
2727
0
  const char *verstr = "???";
2728
0
  struct Curl_cfilter *cf = userp;
2729
0
  struct Curl_easy *data = NULL;
2730
0
  char unknown[32];
2731
2732
0
  if(!cf)
2733
0
    return;
2734
0
  data = CF_DATA_CURRENT(cf);
2735
0
  if(!data || !data->set.fdebug || (direction && direction != 1))
2736
0
    return;
2737
2738
0
  switch(ssl_ver) {
2739
0
#ifdef SSL2_VERSION /* removed in recent versions */
2740
0
  case SSL2_VERSION:
2741
0
    verstr = "SSLv2";
2742
0
    break;
2743
0
#endif
2744
0
#ifdef SSL3_VERSION
2745
0
  case SSL3_VERSION:
2746
0
    verstr = "SSLv3";
2747
0
    break;
2748
0
#endif
2749
0
  case TLS1_VERSION:
2750
0
    verstr = "TLSv1.0";
2751
0
    break;
2752
0
#ifdef TLS1_1_VERSION
2753
0
  case TLS1_1_VERSION:
2754
0
    verstr = "TLSv1.1";
2755
0
    break;
2756
0
#endif
2757
0
#ifdef TLS1_2_VERSION
2758
0
  case TLS1_2_VERSION:
2759
0
    verstr = "TLSv1.2";
2760
0
    break;
2761
0
#endif
2762
0
#ifdef TLS1_3_VERSION
2763
0
  case TLS1_3_VERSION:
2764
0
    verstr = "TLSv1.3";
2765
0
    break;
2766
0
#endif
2767
0
  case 0:
2768
0
    break;
2769
0
  default:
2770
0
    msnprintf(unknown, sizeof(unknown), "(%x)", ssl_ver);
2771
0
    verstr = unknown;
2772
0
    break;
2773
0
  }
2774
2775
  /* Log progress for interesting records only (like Handshake or Alert), skip
2776
   * all raw record headers (content_type == SSL3_RT_HEADER or ssl_ver == 0).
2777
   * For TLS 1.3, skip notification of the decrypted inner Content-Type.
2778
   */
2779
0
  if(ssl_ver
2780
0
#ifdef SSL3_RT_HEADER
2781
0
     && content_type != SSL3_RT_HEADER
2782
0
#endif
2783
0
#ifdef SSL3_RT_INNER_CONTENT_TYPE
2784
0
     && content_type != SSL3_RT_INNER_CONTENT_TYPE
2785
0
#endif
2786
0
    ) {
2787
0
    const char *msg_name, *tls_rt_name;
2788
0
    char ssl_buf[1024];
2789
0
    int msg_type, txt_len;
2790
2791
    /* the info given when the version is zero is not that useful for us */
2792
2793
0
    ssl_ver >>= 8; /* check the upper 8 bits only below */
2794
2795
    /* SSLv2 does not seem to have TLS record-type headers, so OpenSSL
2796
     * always pass-up content-type as 0. But the interesting message-type
2797
     * is at 'buf[0]'.
2798
     */
2799
0
    if(ssl_ver == SSL3_VERSION_MAJOR && content_type)
2800
0
      tls_rt_name = tls_rt_type(content_type);
2801
0
    else
2802
0
      tls_rt_name = "";
2803
2804
0
    if(content_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
2805
0
      msg_type = *(const char *)buf;
2806
0
      msg_name = "Change cipher spec";
2807
0
    }
2808
0
    else if(content_type == SSL3_RT_ALERT) {
2809
0
      msg_type = (((const char *)buf)[0] << 8) + ((const char *)buf)[1];
2810
0
      msg_name = SSL_alert_desc_string_long(msg_type);
2811
0
    }
2812
0
    else {
2813
0
      msg_type = *(const char *)buf;
2814
0
      msg_name = ssl_msg_type(ssl_ver, msg_type);
2815
0
    }
2816
2817
0
    txt_len = msnprintf(ssl_buf, sizeof(ssl_buf),
2818
0
                        "%s (%s), %s, %s (%d):\n",
2819
0
                        verstr, direction ? "OUT" : "IN",
2820
0
                        tls_rt_name, msg_name, msg_type);
2821
0
    Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len);
2822
0
  }
2823
2824
0
  Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT :
2825
0
             CURLINFO_SSL_DATA_IN, (const char *)buf, len);
2826
0
  (void) ssl;
2827
0
}
2828
#endif
2829
2830
#ifdef USE_OPENSSL
2831
/* ====================================================== */
2832
2833
/* Check for ALPN support. */
2834
#ifndef OPENSSL_NO_TLSEXT
2835
#  define HAS_ALPN_OPENSSL
2836
#endif
2837
2838
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) /* 1.1.0 */
2839
static CURLcode
2840
ossl_set_ssl_version_min_max(struct Curl_cfilter *cf, SSL_CTX *ctx)
2841
21
{
2842
21
  struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
2843
  /* first, TLS min version... */
2844
21
  long curl_ssl_version_min = conn_config->version;
2845
21
  long curl_ssl_version_max;
2846
2847
  /* convert curl min SSL version option to OpenSSL constant */
2848
#if (defined(OPENSSL_IS_BORINGSSL)  || \
2849
     defined(OPENSSL_IS_AWSLC)      || \
2850
     defined(LIBRESSL_VERSION_NUMBER))
2851
  uint16_t ossl_ssl_version_min = 0;
2852
  uint16_t ossl_ssl_version_max = 0;
2853
#else
2854
21
  long ossl_ssl_version_min = 0;
2855
21
  long ossl_ssl_version_max = 0;
2856
21
#endif
2857
21
  switch(curl_ssl_version_min) {
2858
0
  case CURL_SSLVERSION_TLSv1: /* TLS 1.x */
2859
0
  case CURL_SSLVERSION_TLSv1_0:
2860
0
    ossl_ssl_version_min = TLS1_VERSION;
2861
0
    break;
2862
0
  case CURL_SSLVERSION_TLSv1_1:
2863
0
    ossl_ssl_version_min = TLS1_1_VERSION;
2864
0
    break;
2865
0
  case CURL_SSLVERSION_TLSv1_2:
2866
0
    ossl_ssl_version_min = TLS1_2_VERSION;
2867
0
    break;
2868
0
  case CURL_SSLVERSION_TLSv1_3:
2869
0
#ifdef TLS1_3_VERSION
2870
0
    ossl_ssl_version_min = TLS1_3_VERSION;
2871
0
    break;
2872
#else
2873
    return CURLE_NOT_BUILT_IN;
2874
#endif
2875
21
  }
2876
2877
  /* CURL_SSLVERSION_DEFAULT means that no option was selected.
2878
     We do not want to pass 0 to SSL_CTX_set_min_proto_version as
2879
     it would enable all versions down to the lowest supported by
2880
     the library.
2881
     So we skip this, and stay with the library default
2882
  */
2883
21
  if(curl_ssl_version_min != CURL_SSLVERSION_DEFAULT) {
2884
0
    if(!SSL_CTX_set_min_proto_version(ctx, ossl_ssl_version_min)) {
2885
0
      return CURLE_SSL_CONNECT_ERROR;
2886
0
    }
2887
0
  }
2888
2889
  /* ... then, TLS max version */
2890
21
  curl_ssl_version_max = (long)conn_config->version_max;
2891
2892
  /* convert curl max SSL version option to OpenSSL constant */
2893
21
  switch(curl_ssl_version_max) {
2894
0
  case CURL_SSLVERSION_MAX_TLSv1_0:
2895
0
    ossl_ssl_version_max = TLS1_VERSION;
2896
0
    break;
2897
0
  case CURL_SSLVERSION_MAX_TLSv1_1:
2898
0
    ossl_ssl_version_max = TLS1_1_VERSION;
2899
0
    break;
2900
0
  case CURL_SSLVERSION_MAX_TLSv1_2:
2901
0
    ossl_ssl_version_max = TLS1_2_VERSION;
2902
0
    break;
2903
0
#ifdef TLS1_3_VERSION
2904
0
  case CURL_SSLVERSION_MAX_TLSv1_3:
2905
0
    ossl_ssl_version_max = TLS1_3_VERSION;
2906
0
    break;
2907
0
#endif
2908
21
  case CURL_SSLVERSION_MAX_NONE:  /* none selected */
2909
21
  case CURL_SSLVERSION_MAX_DEFAULT:  /* max selected */
2910
21
  default:
2911
    /* SSL_CTX_set_max_proto_version states that:
2912
       setting the maximum to 0 will enable
2913
       protocol versions up to the highest version
2914
       supported by the library */
2915
21
    ossl_ssl_version_max = 0;
2916
21
    break;
2917
21
  }
2918
2919
21
  if(!SSL_CTX_set_max_proto_version(ctx, ossl_ssl_version_max)) {
2920
0
    return CURLE_SSL_CONNECT_ERROR;
2921
0
  }
2922
2923
21
  return CURLE_OK;
2924
21
}
2925
#endif
2926
2927
#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
2928
typedef uint32_t ctx_option_t;
2929
#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
2930
typedef uint64_t ctx_option_t;
2931
#elif OPENSSL_VERSION_NUMBER >= 0x10100000L && \
2932
  !defined(LIBRESSL_VERSION_NUMBER)
2933
typedef unsigned long ctx_option_t;
2934
#else
2935
typedef long ctx_option_t;
2936
#endif
2937
2938
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) /* 1.1.0 */
2939
static CURLcode
2940
ossl_set_ssl_version_min_max_legacy(ctx_option_t *ctx_options,
2941
                                    struct Curl_cfilter *cf,
2942
                                    struct Curl_easy *data)
2943
{
2944
  struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
2945
  long ssl_version = conn_config->version;
2946
  long ssl_version_max = conn_config->version_max;
2947
2948
  (void) data; /* In case it is unused. */
2949
2950
  switch(ssl_version) {
2951
  case CURL_SSLVERSION_TLSv1_3:
2952
#ifdef TLS1_3_VERSION
2953
  {
2954
    struct ssl_connect_data *connssl = cf->ctx;
2955
    struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend;
2956
    DEBUGASSERT(octx);
2957
    SSL_CTX_set_max_proto_version(octx->ssl_ctx, TLS1_3_VERSION);
2958
    *ctx_options |= SSL_OP_NO_TLSv1_2;
2959
  }
2960
#else
2961
  (void)ctx_options;
2962
  failf(data, OSSL_PACKAGE " was built without TLS 1.3 support");
2963
  return CURLE_NOT_BUILT_IN;
2964
#endif
2965
  FALLTHROUGH();
2966
  case CURL_SSLVERSION_TLSv1_2:
2967
    *ctx_options |= SSL_OP_NO_TLSv1_1;
2968
    FALLTHROUGH();
2969
  case CURL_SSLVERSION_TLSv1_1:
2970
    *ctx_options |= SSL_OP_NO_TLSv1;
2971
    FALLTHROUGH();
2972
  case CURL_SSLVERSION_TLSv1_0:
2973
  case CURL_SSLVERSION_TLSv1:
2974
    break;
2975
  }
2976
2977
  switch(ssl_version_max) {
2978
  case CURL_SSLVERSION_MAX_TLSv1_0:
2979
    *ctx_options |= SSL_OP_NO_TLSv1_1;
2980
    FALLTHROUGH();
2981
  case CURL_SSLVERSION_MAX_TLSv1_1:
2982
    *ctx_options |= SSL_OP_NO_TLSv1_2;
2983
    FALLTHROUGH();
2984
  case CURL_SSLVERSION_MAX_TLSv1_2:
2985
#ifdef TLS1_3_VERSION
2986
    *ctx_options |= SSL_OP_NO_TLSv1_3;
2987
#endif
2988
    break;
2989
  case CURL_SSLVERSION_MAX_TLSv1_3:
2990
#ifdef TLS1_3_VERSION
2991
    break;
2992
#else
2993
    failf(data, OSSL_PACKAGE " was built without TLS 1.3 support");
2994
    return CURLE_NOT_BUILT_IN;
2995
#endif
2996
  }
2997
  return CURLE_OK;
2998
}
2999
#endif
3000
3001
CURLcode Curl_ossl_add_session(struct Curl_cfilter *cf,
3002
                               struct Curl_easy *data,
3003
                               const char *ssl_peer_key,
3004
                               SSL_SESSION *session,
3005
                               int ietf_tls_id,
3006
                               const char *alpn,
3007
                               unsigned char *quic_tp,
3008
                               size_t quic_tp_len)
3009
15
{
3010
15
  const struct ssl_config_data *config;
3011
15
  unsigned char *der_session_buf = NULL;
3012
15
  unsigned char *qtp_clone = NULL;
3013
15
  CURLcode result = CURLE_OK;
3014
3015
15
  if(!cf || !data)
3016
0
    goto out;
3017
3018
15
  config = Curl_ssl_cf_get_config(cf, data);
3019
15
  if(config->primary.cache_session) {
3020
15
    struct Curl_ssl_session *sc_session = NULL;
3021
15
    size_t der_session_size;
3022
15
    unsigned char *der_session_ptr;
3023
15
    size_t earlydata_max = 0;
3024
3025
15
    der_session_size = i2d_SSL_SESSION(session, NULL);
3026
15
    if(der_session_size == 0) {
3027
0
      result = CURLE_OUT_OF_MEMORY;
3028
0
      goto out;
3029
0
    }
3030
3031
15
    der_session_buf = der_session_ptr = malloc(der_session_size);
3032
15
    if(!der_session_buf) {
3033
0
      result = CURLE_OUT_OF_MEMORY;
3034
0
      goto out;
3035
0
    }
3036
3037
15
    der_session_size = i2d_SSL_SESSION(session, &der_session_ptr);
3038
15
    if(der_session_size == 0) {
3039
0
      result = CURLE_OUT_OF_MEMORY;
3040
0
      goto out;
3041
0
    }
3042
3043
15
#ifdef HAVE_OPENSSL_EARLYDATA
3044
15
    earlydata_max = SSL_SESSION_get_max_early_data(session);
3045
15
#endif
3046
15
    if(quic_tp && quic_tp_len) {
3047
0
      qtp_clone = Curl_memdup0((char *)quic_tp, quic_tp_len);
3048
0
      if(!qtp_clone) {
3049
0
        result = CURLE_OUT_OF_MEMORY;
3050
0
        goto out;
3051
0
      }
3052
0
    }
3053
3054
15
    result = Curl_ssl_session_create2(der_session_buf, der_session_size,
3055
15
                                      ietf_tls_id, alpn,
3056
15
                                      (curl_off_t)time(NULL) +
3057
15
                                      SSL_SESSION_get_timeout(session),
3058
15
                                      earlydata_max, qtp_clone, quic_tp_len,
3059
15
                                      &sc_session);
3060
15
    der_session_buf = NULL;  /* took ownership of sdata */
3061
15
    if(!result) {
3062
15
      result = Curl_ssl_scache_put(cf, data, ssl_peer_key, sc_session);
3063
      /* took ownership of `sc_session` */
3064
15
    }
3065
15
  }
3066
3067
15
out:
3068
15
  free(der_session_buf);
3069
15
  return result;
3070
15
}
3071
3072
/* The "new session" callback must return zero if the session can be removed
3073
 * or non-zero if the session has been put into the session cache.
3074
 */
3075
static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid)
3076
15
{
3077
15
  struct Curl_cfilter *cf = (struct Curl_cfilter*) SSL_get_app_data(ssl);
3078
15
  if(cf) {
3079
15
    struct Curl_easy *data = CF_DATA_CURRENT(cf);
3080
15
    struct ssl_connect_data *connssl = cf->ctx;
3081
15
    Curl_ossl_add_session(cf, data, connssl->peer.scache_key, ssl_sessionid,
3082
15
                          SSL_version(ssl), connssl->negotiated.alpn,
3083
15
                          NULL, 0);
3084
15
  }
3085
15
  return 0;
3086
15
}
3087
3088
static CURLcode load_cacert_from_memory(X509_STORE *store,
3089
                                        const struct curl_blob *ca_info_blob)
3090
0
{
3091
  /* these need to be freed at the end */
3092
0
  BIO *cbio = NULL;
3093
0
  STACK_OF(X509_INFO) *inf = NULL;
3094
3095
  /* everything else is just a reference */
3096
0
  int i, count = 0;
3097
0
  X509_INFO *itmp = NULL;
3098
3099
0
  if(ca_info_blob->len > (size_t)INT_MAX)
3100
0
    return CURLE_SSL_CACERT_BADFILE;
3101
3102
0
  cbio = BIO_new_mem_buf(ca_info_blob->data, (int)ca_info_blob->len);
3103
0
  if(!cbio)
3104
0
    return CURLE_OUT_OF_MEMORY;
3105
3106
0
  inf = PEM_X509_INFO_read_bio(cbio, NULL, NULL, NULL);
3107
0
  if(!inf) {
3108
0
    BIO_free(cbio);
3109
0
    return CURLE_SSL_CACERT_BADFILE;
3110
0
  }
3111
3112
  /* add each entry from PEM file to x509_store */
3113
0
  for(i = 0; i < (int)sk_X509_INFO_num(inf); ++i) {
3114
0
    itmp = sk_X509_INFO_value(inf, (ossl_valsize_t)i);
3115
0
    if(itmp->x509) {
3116
0
      if(X509_STORE_add_cert(store, itmp->x509)) {
3117
0
        ++count;
3118
0
      }
3119
0
      else {
3120
        /* set count to 0 to return an error */
3121
0
        count = 0;
3122
0
        break;
3123
0
      }
3124
0
    }
3125
0
    if(itmp->crl) {
3126
0
      if(X509_STORE_add_crl(store, itmp->crl)) {
3127
0
        ++count;
3128
0
      }
3129
0
      else {
3130
        /* set count to 0 to return an error */
3131
0
        count = 0;
3132
0
        break;
3133
0
      }
3134
0
    }
3135
0
  }
3136
3137
0
  sk_X509_INFO_pop_free(inf, X509_INFO_free);
3138
0
  BIO_free(cbio);
3139
3140
  /* if we did not end up importing anything, treat that as an error */
3141
0
  return (count > 0) ? CURLE_OK : CURLE_SSL_CACERT_BADFILE;
3142
0
}
3143
3144
#ifdef USE_WIN32_CRYPTO
3145
static CURLcode import_windows_cert_store(struct Curl_easy *data,
3146
                                          const char *name,
3147
                                          X509_STORE *store,
3148
                                          bool *imported)
3149
{
3150
  CURLcode result = CURLE_OK;
3151
  HCERTSTORE hStore;
3152
3153
  *imported = FALSE;
3154
3155
  hStore = CertOpenSystemStoreA(0, name);
3156
  if(hStore) {
3157
    PCCERT_CONTEXT pContext = NULL;
3158
    /* The array of enhanced key usage OIDs will vary per certificate and
3159
       is declared outside of the loop so that rather than malloc/free each
3160
       iteration we can grow it with realloc, when necessary. */
3161
    CERT_ENHKEY_USAGE *enhkey_usage = NULL;
3162
    DWORD enhkey_usage_size = 0;
3163
3164
    /* This loop makes a best effort to import all valid certificates from
3165
       the MS root store. If a certificate cannot be imported it is
3166
       skipped. 'result' is used to store only hard-fail conditions (such
3167
       as out of memory) that cause an early break. */
3168
    result = CURLE_OK;
3169
    for(;;) {
3170
      X509 *x509;
3171
      FILETIME now;
3172
      BYTE key_usage[2];
3173
      DWORD req_size;
3174
      const unsigned char *encoded_cert;
3175
      pContext = CertEnumCertificatesInStore(hStore, pContext);
3176
      if(!pContext)
3177
        break;
3178
3179
#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
3180
      else {
3181
        char cert_name[256];
3182
        if(!CertGetNameStringA(pContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0,
3183
                               NULL, cert_name, sizeof(cert_name)))
3184
          infof(data, "SSL: unknown cert name");
3185
        else
3186
          infof(data, "SSL: Checking cert \"%s\"", cert_name);
3187
      }
3188
#endif
3189
      encoded_cert = (const unsigned char *)pContext->pbCertEncoded;
3190
      if(!encoded_cert)
3191
        continue;
3192
3193
      GetSystemTimeAsFileTime(&now);
3194
      if(CompareFileTime(&pContext->pCertInfo->NotBefore, &now) > 0 ||
3195
         CompareFileTime(&now, &pContext->pCertInfo->NotAfter) > 0)
3196
        continue;
3197
3198
      /* If key usage exists check for signing attribute */
3199
      if(CertGetIntendedKeyUsage(pContext->dwCertEncodingType,
3200
                                 pContext->pCertInfo,
3201
                                 key_usage, sizeof(key_usage))) {
3202
        if(!(key_usage[0] & CERT_KEY_CERT_SIGN_KEY_USAGE))
3203
          continue;
3204
      }
3205
      else if(GetLastError())
3206
        continue;
3207
3208
      /* If enhanced key usage exists check for server auth attribute.
3209
       *
3210
       * Note "In a Microsoft environment, a certificate might also have
3211
       * EKU extended properties that specify valid uses for the
3212
       * certificate."  The call below checks both, and behavior varies
3213
       * depending on what is found. For more details see
3214
       * CertGetEnhancedKeyUsage doc.
3215
       */
3216
      if(CertGetEnhancedKeyUsage(pContext, 0, NULL, &req_size)) {
3217
        if(req_size && req_size > enhkey_usage_size) {
3218
          void *tmp = realloc(enhkey_usage, req_size);
3219
3220
          if(!tmp) {
3221
            failf(data, "SSL: Out of memory allocating for OID list");
3222
            result = CURLE_OUT_OF_MEMORY;
3223
            break;
3224
          }
3225
3226
          enhkey_usage = (CERT_ENHKEY_USAGE *)tmp;
3227
          enhkey_usage_size = req_size;
3228
        }
3229
3230
        if(CertGetEnhancedKeyUsage(pContext, 0, enhkey_usage, &req_size)) {
3231
          if(!enhkey_usage->cUsageIdentifier) {
3232
            /* "If GetLastError returns CRYPT_E_NOT_FOUND, the certificate
3233
               is good for all uses. If it returns zero, the certificate
3234
               has no valid uses." */
3235
            if((HRESULT)GetLastError() != CRYPT_E_NOT_FOUND)
3236
              continue;
3237
          }
3238
          else {
3239
            DWORD i;
3240
            bool found = FALSE;
3241
3242
            for(i = 0; i < enhkey_usage->cUsageIdentifier; ++i) {
3243
              if(!strcmp("1.3.6.1.5.5.7.3.1" /* OID server auth */,
3244
                         enhkey_usage->rgpszUsageIdentifier[i])) {
3245
                found = TRUE;
3246
                break;
3247
              }
3248
            }
3249
3250
            if(!found)
3251
              continue;
3252
          }
3253
        }
3254
        else
3255
          continue;
3256
      }
3257
      else
3258
        continue;
3259
3260
      x509 = d2i_X509(NULL, &encoded_cert, (long)pContext->cbCertEncoded);
3261
      if(!x509)
3262
        continue;
3263
3264
      /* Try to import the certificate. This may fail for legitimate
3265
         reasons such as duplicate certificate, which is allowed by MS but
3266
         not OpenSSL. */
3267
      if(X509_STORE_add_cert(store, x509) == 1) {
3268
#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
3269
        infof(data, "SSL: Imported cert");
3270
#endif
3271
        *imported = TRUE;
3272
      }
3273
      X509_free(x509);
3274
    }
3275
3276
    free(enhkey_usage);
3277
    CertFreeCertificateContext(pContext);
3278
    CertCloseStore(hStore, 0);
3279
3280
    if(result)
3281
      return result;
3282
  }
3283
3284
  return result;
3285
}
3286
#endif
3287
3288
static CURLcode ossl_populate_x509_store(struct Curl_cfilter *cf,
3289
                                         struct Curl_easy *data,
3290
                                         X509_STORE *store)
3291
21
{
3292
21
  struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
3293
21
  struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
3294
21
  CURLcode result = CURLE_OK;
3295
21
  X509_LOOKUP *lookup = NULL;
3296
21
  const struct curl_blob *ca_info_blob = conn_config->ca_info_blob;
3297
21
  const char * const ssl_cafile =
3298
    /* CURLOPT_CAINFO_BLOB overrides CURLOPT_CAINFO */
3299
21
    (ca_info_blob ? NULL : conn_config->CAfile);
3300
21
  const char * const ssl_capath = conn_config->CApath;
3301
21
  const char * const ssl_crlfile = ssl_config->primary.CRLfile;
3302
21
  const bool verifypeer = conn_config->verifypeer;
3303
21
  bool imported_native_ca = FALSE;
3304
21
  bool imported_ca_info_blob = FALSE;
3305
3306
21
  CURL_TRC_CF(data, cf, "ossl_populate_x509_store, path=%s, blob=%d",
3307
21
              ssl_cafile ? ssl_cafile : "none", !!ca_info_blob);
3308
21
  if(!store)
3309
0
    return CURLE_OUT_OF_MEMORY;
3310
3311
21
  if(verifypeer) {
3312
#ifdef USE_WIN32_CRYPTO
3313
    /* Import certificates from the Windows root certificate store if
3314
       requested.
3315
       https://stackoverflow.com/questions/9507184/
3316
       https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L1037
3317
       https://datatracker.ietf.org/doc/html/rfc5280 */
3318
    if(ssl_config->native_ca_store) {
3319
      const char *storeNames[] = {
3320
        "ROOT",   /* Trusted Root Certification Authorities */
3321
        "CA"      /* Intermediate Certification Authorities */
3322
      };
3323
      size_t i;
3324
      for(i = 0; i < CURL_ARRAYSIZE(storeNames); ++i) {
3325
        bool imported = FALSE;
3326
        result = import_windows_cert_store(data, storeNames[i], store,
3327
                                           &imported);
3328
        if(result)
3329
          return result;
3330
        if(imported) {
3331
          infof(data, "successfully imported Windows %s store", storeNames[i]);
3332
          imported_native_ca = TRUE;
3333
        }
3334
        else
3335
          infof(data, "error importing Windows %s store, continuing anyway",
3336
                storeNames[i]);
3337
      }
3338
    }
3339
#endif
3340
21
    if(ca_info_blob) {
3341
0
      result = load_cacert_from_memory(store, ca_info_blob);
3342
0
      if(result) {
3343
0
        failf(data, "error importing CA certificate blob");
3344
0
        return result;
3345
0
      }
3346
0
      else {
3347
0
        imported_ca_info_blob = TRUE;
3348
0
        infof(data, "successfully imported CA certificate blob");
3349
0
      }
3350
0
    }
3351
3352
21
    if(ssl_cafile || ssl_capath) {
3353
#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
3354
      /* OpenSSL 3.0.0 has deprecated SSL_CTX_load_verify_locations */
3355
      if(ssl_cafile && !X509_STORE_load_file(store, ssl_cafile)) {
3356
        if(!imported_native_ca && !imported_ca_info_blob) {
3357
          /* Fail if we insist on successfully verifying the server. */
3358
          failf(data, "error setting certificate file: %s", ssl_cafile);
3359
          return CURLE_SSL_CACERT_BADFILE;
3360
        }
3361
        else
3362
          infof(data, "error setting certificate file, continuing anyway");
3363
      }
3364
      if(ssl_capath && !X509_STORE_load_path(store, ssl_capath)) {
3365
        if(!imported_native_ca && !imported_ca_info_blob) {
3366
          /* Fail if we insist on successfully verifying the server. */
3367
          failf(data, "error setting certificate path: %s", ssl_capath);
3368
          return CURLE_SSL_CACERT_BADFILE;
3369
        }
3370
        else
3371
          infof(data, "error setting certificate path, continuing anyway");
3372
      }
3373
#else
3374
      /* tell OpenSSL where to find CA certificates that are used to verify the
3375
         server's certificate. */
3376
21
      if(!X509_STORE_load_locations(store, ssl_cafile, ssl_capath)) {
3377
0
        if(!imported_native_ca && !imported_ca_info_blob) {
3378
          /* Fail if we insist on successfully verifying the server. */
3379
0
          failf(data, "error setting certificate verify locations:"
3380
0
                "  CAfile: %s CApath: %s",
3381
0
                ssl_cafile ? ssl_cafile : "none",
3382
0
                ssl_capath ? ssl_capath : "none");
3383
0
          return CURLE_SSL_CACERT_BADFILE;
3384
0
        }
3385
0
        else {
3386
0
          infof(data, "error setting certificate verify locations,"
3387
0
                " continuing anyway");
3388
0
        }
3389
0
      }
3390
21
#endif
3391
21
      infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none");
3392
21
      infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none");
3393
21
    }
3394
3395
#ifdef CURL_CA_FALLBACK
3396
    if(!ssl_cafile && !ssl_capath &&
3397
       !imported_native_ca && !imported_ca_info_blob) {
3398
      /* verifying the peer without any CA certificates will not
3399
         work so use OpenSSL's built-in default as fallback */
3400
      X509_STORE_set_default_paths(store);
3401
    }
3402
#endif
3403
21
  }
3404
3405
21
  if(ssl_crlfile) {
3406
    /* tell OpenSSL where to find CRL file that is used to check certificate
3407
     * revocation */
3408
0
    lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
3409
0
    if(!lookup ||
3410
0
       (!X509_load_crl_file(lookup, ssl_crlfile, X509_FILETYPE_PEM)) ) {
3411
0
      failf(data, "error loading CRL file: %s", ssl_crlfile);
3412
0
      return CURLE_SSL_CRL_BADFILE;
3413
0
    }
3414
    /* Everything is fine. */
3415
0
    infof(data, "successfully loaded CRL file:");
3416
0
    X509_STORE_set_flags(store,
3417
0
                         X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
3418
3419
0
    infof(data, "  CRLfile: %s", ssl_crlfile);
3420
0
  }
3421
3422
21
  if(verifypeer) {
3423
    /* Try building a chain using issuers in the trusted store first to avoid
3424
       problems with server-sent legacy intermediates. Newer versions of
3425
       OpenSSL do alternate chain checking by default but we do not know how to
3426
       determine that in a reliable manner.
3427
       https://web.archive.org/web/20190422050538/
3428
       rt.openssl.org/Ticket/Display.html?id=3621
3429
    */
3430
21
#ifdef X509_V_FLAG_TRUSTED_FIRST
3431
21
    X509_STORE_set_flags(store, X509_V_FLAG_TRUSTED_FIRST);
3432
21
#endif
3433
21
#ifdef X509_V_FLAG_PARTIAL_CHAIN
3434
21
    if(!ssl_config->no_partialchain && !ssl_crlfile) {
3435
      /* Have intermediate certificates in the trust store be treated as
3436
         trust-anchors, in the same way as self-signed root CA certificates
3437
         are. This allows users to verify servers using the intermediate cert
3438
         only, instead of needing the whole chain.
3439
3440
         Due to OpenSSL bug https://github.com/openssl/openssl/issues/5081 we
3441
         cannot do partial chains with a CRL check.
3442
      */
3443
21
      X509_STORE_set_flags(store, X509_V_FLAG_PARTIAL_CHAIN);
3444
21
    }
3445
21
#endif
3446
21
  }
3447
3448
21
  return result;
3449
21
}
3450
3451
#ifdef HAVE_SSL_X509_STORE_SHARE
3452
3453
/* key to use at `multi->proto_hash` */
3454
21
#define MPROTO_OSSL_X509_KEY   "tls:ossl:x509:share"
3455
3456
struct ossl_x509_share {
3457
  char *CAfile;         /* CAfile path used to generate X509 store */
3458
  X509_STORE *store;    /* cached X509 store or NULL if none */
3459
  struct curltime time; /* when the cached store was created */
3460
};
3461
3462
static void oss_x509_share_free(void *key, size_t key_len, void *p)
3463
0
{
3464
0
  struct ossl_x509_share *share = p;
3465
0
  DEBUGASSERT(key_len == (sizeof(MPROTO_OSSL_X509_KEY)-1));
3466
0
  DEBUGASSERT(!memcmp(MPROTO_OSSL_X509_KEY, key, key_len));
3467
0
  (void)key;
3468
0
  (void)key_len;
3469
0
  if(share->store) {
3470
0
    X509_STORE_free(share->store);
3471
0
  }
3472
0
  free(share->CAfile);
3473
0
  free(share);
3474
0
}
3475
3476
static bool
3477
ossl_cached_x509_store_expired(const struct Curl_easy *data,
3478
                               const struct ossl_x509_share *mb)
3479
0
{
3480
0
  const struct ssl_general_config *cfg = &data->set.general_ssl;
3481
0
  if(cfg->ca_cache_timeout < 0)
3482
0
    return FALSE;
3483
0
  else {
3484
0
    struct curltime now = curlx_now();
3485
0
    timediff_t elapsed_ms = curlx_timediff(now, mb->time);
3486
0
    timediff_t timeout_ms = cfg->ca_cache_timeout * (timediff_t)1000;
3487
3488
0
    return elapsed_ms >= timeout_ms;
3489
0
  }
3490
0
}
3491
3492
static bool
3493
ossl_cached_x509_store_different(struct Curl_cfilter *cf,
3494
                                 const struct ossl_x509_share *mb)
3495
0
{
3496
0
  struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
3497
0
  if(!mb->CAfile || !conn_config->CAfile)
3498
0
    return mb->CAfile != conn_config->CAfile;
3499
3500
0
  return strcmp(mb->CAfile, conn_config->CAfile);
3501
0
}
3502
3503
static X509_STORE *ossl_get_cached_x509_store(struct Curl_cfilter *cf,
3504
                                              const struct Curl_easy *data)
3505
21
{
3506
21
  struct Curl_multi *multi = data->multi;
3507
21
  struct ossl_x509_share *share;
3508
21
  X509_STORE *store = NULL;
3509
3510
21
  DEBUGASSERT(multi);
3511
21
  share = multi ? Curl_hash_pick(&multi->proto_hash,
3512
21
                                 CURL_UNCONST(MPROTO_OSSL_X509_KEY),
3513
21
                                 sizeof(MPROTO_OSSL_X509_KEY)-1) : NULL;
3514
21
  if(share && share->store &&
3515
21
     !ossl_cached_x509_store_expired(data, share) &&
3516
21
     !ossl_cached_x509_store_different(cf, share)) {
3517
0
    store = share->store;
3518
0
  }
3519
3520
21
  return store;
3521
21
}
3522
3523
static void ossl_set_cached_x509_store(struct Curl_cfilter *cf,
3524
                                       const struct Curl_easy *data,
3525
                                       X509_STORE *store)
3526
0
{
3527
0
  struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
3528
0
  struct Curl_multi *multi = data->multi;
3529
0
  struct ossl_x509_share *share;
3530
3531
0
  DEBUGASSERT(multi);
3532
0
  if(!multi)
3533
0
    return;
3534
0
  share = Curl_hash_pick(&multi->proto_hash,
3535
0
                         CURL_UNCONST(MPROTO_OSSL_X509_KEY),
3536
0
                         sizeof(MPROTO_OSSL_X509_KEY)-1);
3537
3538
0
  if(!share) {
3539
0
    share = calloc(1, sizeof(*share));
3540
0
    if(!share)
3541
0
      return;
3542
0
    if(!Curl_hash_add2(&multi->proto_hash,
3543
0
                       CURL_UNCONST(MPROTO_OSSL_X509_KEY),
3544
0
                       sizeof(MPROTO_OSSL_X509_KEY)-1,
3545
0
                       share, oss_x509_share_free)) {
3546
0
      free(share);
3547
0
      return;
3548
0
    }
3549
0
  }
3550
3551
0
  if(X509_STORE_up_ref(store)) {
3552
0
    char *CAfile = NULL;
3553
3554
0
    if(conn_config->CAfile) {
3555
0
      CAfile = strdup(conn_config->CAfile);
3556
0
      if(!CAfile) {
3557
0
        X509_STORE_free(store);
3558
0
        return;
3559
0
      }
3560
0
    }
3561
3562
0
    if(share->store) {
3563
0
      X509_STORE_free(share->store);
3564
0
      free(share->CAfile);
3565
0
    }
3566
3567
0
    share->time = curlx_now();
3568
0
    share->store = store;
3569
0
    share->CAfile = CAfile;
3570
0
  }
3571
0
}
3572
3573
CURLcode Curl_ssl_setup_x509_store(struct Curl_cfilter *cf,
3574
                                   struct Curl_easy *data,
3575
                                   SSL_CTX *ssl_ctx)
3576
21
{
3577
21
  struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
3578
21
  struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
3579
21
  CURLcode result = CURLE_OK;
3580
21
  X509_STORE *cached_store;
3581
21
  bool cache_criteria_met;
3582
3583
  /* Consider the X509 store cacheable if it comes exclusively from a CAfile,
3584
     or no source is provided and we are falling back to OpenSSL's built-in
3585
     default. */
3586
21
  cache_criteria_met = (data->set.general_ssl.ca_cache_timeout != 0) &&
3587
21
    conn_config->verifypeer &&
3588
21
    !conn_config->CApath &&
3589
21
    !conn_config->ca_info_blob &&
3590
21
    !ssl_config->primary.CRLfile &&
3591
21
    !ssl_config->native_ca_store;
3592
3593
21
  cached_store = ossl_get_cached_x509_store(cf, data);
3594
21
  if(cached_store && cache_criteria_met && X509_STORE_up_ref(cached_store)) {
3595
0
    SSL_CTX_set_cert_store(ssl_ctx, cached_store);
3596
0
  }
3597
21
  else {
3598
21
    X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
3599
3600
21
    result = ossl_populate_x509_store(cf, data, store);
3601
21
    if(result == CURLE_OK && cache_criteria_met) {
3602
0
      ossl_set_cached_x509_store(cf, data, store);
3603
0
    }
3604
21
  }
3605
3606
21
  return result;
3607
21
}
3608
#else /* HAVE_SSL_X509_STORE_SHARE */
3609
CURLcode Curl_ssl_setup_x509_store(struct Curl_cfilter *cf,
3610
                                   struct Curl_easy *data,
3611
                                   SSL_CTX *ssl_ctx)
3612
{
3613
  X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
3614
3615
  return ossl_populate_x509_store(cf, data, store);
3616
}
3617
#endif /* HAVE_SSL_X509_STORE_SHARE */
3618
3619
3620
static CURLcode
3621
ossl_init_session_and_alpns(struct ossl_ctx *octx,
3622
                            struct Curl_cfilter *cf,
3623
                            struct Curl_easy *data,
3624
                            struct ssl_peer *peer,
3625
                            const struct alpn_spec *alpns_requested,
3626
                            Curl_ossl_init_session_reuse_cb *sess_reuse_cb)
3627
21
{
3628
21
  struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
3629
21
  struct alpn_spec alpns;
3630
21
  char error_buffer[256];
3631
21
  CURLcode result;
3632
3633
21
  Curl_alpn_copy(&alpns, alpns_requested);
3634
3635
21
  octx->reused_session = FALSE;
3636
21
  if(ssl_config->primary.cache_session) {
3637
21
    struct Curl_ssl_session *scs = NULL;
3638
3639
21
    result = Curl_ssl_scache_take(cf, data, peer->scache_key, &scs);
3640
21
    if(!result && scs && scs->sdata && scs->sdata_len) {
3641
0
      const unsigned char *der_sessionid = scs->sdata;
3642
0
      size_t der_sessionid_size = scs->sdata_len;
3643
0
      SSL_SESSION *ssl_session = NULL;
3644
3645
      /* If OpenSSL does not accept the session from the cache, this
3646
       * is not an error. We just continue without it. */
3647
0
      ssl_session = d2i_SSL_SESSION(NULL, &der_sessionid,
3648
0
                                    (long)der_sessionid_size);
3649
0
      if(ssl_session) {
3650
0
        if(!SSL_set_session(octx->ssl, ssl_session)) {
3651
0
          infof(data, "SSL: SSL_set_session not accepted, "
3652
0
                "continuing without: %s",
3653
0
                ossl_strerror(ERR_get_error(), error_buffer,
3654
0
                              sizeof(error_buffer)));
3655
0
        }
3656
0
        else {
3657
0
          infof(data, "SSL reusing session with ALPN '%s'",
3658
0
                scs->alpn ? scs->alpn : "-");
3659
0
          octx->reused_session = TRUE;
3660
0
#ifdef HAVE_OPENSSL_EARLYDATA
3661
0
          if(ssl_config->earlydata && scs->alpn &&
3662
0
             SSL_SESSION_get_max_early_data(ssl_session) &&
3663
0
             !cf->conn->connect_only &&
3664
0
             (SSL_version(octx->ssl) == TLS1_3_VERSION)) {
3665
0
            bool do_early_data = FALSE;
3666
0
            if(sess_reuse_cb) {
3667
0
              result = sess_reuse_cb(cf, data, &alpns, scs, &do_early_data);
3668
0
              if(result)
3669
0
                return result;
3670
0
            }
3671
0
            if(do_early_data) {
3672
              /* We only try the ALPN protocol the session used before,
3673
               * otherwise we might send early data for the wrong protocol */
3674
0
              Curl_alpn_restrict_to(&alpns, scs->alpn);
3675
0
            }
3676
0
          }
3677
#else
3678
          (void)sess_reuse_cb;
3679
#endif
3680
0
        }
3681
0
        SSL_SESSION_free(ssl_session);
3682
0
      }
3683
0
      else {
3684
0
        infof(data, "SSL session not accepted by OpenSSL, continuing without");
3685
0
      }
3686
0
    }
3687
21
    Curl_ssl_scache_return(cf, data, peer->scache_key, scs);
3688
21
  }
3689
3690
21
#ifdef HAS_ALPN_OPENSSL
3691
21
  if(alpns.count) {
3692
21
    struct alpn_proto_buf proto;
3693
21
    memset(&proto, 0, sizeof(proto));
3694
21
    result = Curl_alpn_to_proto_buf(&proto, &alpns);
3695
21
    if(result) {
3696
0
      failf(data, "Error determining ALPN");
3697
0
      return CURLE_SSL_CONNECT_ERROR;
3698
0
    }
3699
21
    if(SSL_set_alpn_protos(octx->ssl, proto.data, (int)proto.len)) {
3700
0
      failf(data, "Error setting ALPN");
3701
0
      return CURLE_SSL_CONNECT_ERROR;
3702
0
    }
3703
21
  }
3704
21
#endif
3705
3706
21
  return CURLE_OK;
3707
21
}
3708
3709
#ifdef USE_ECH_OPENSSL
3710
static CURLcode ossl_init_ech(struct ossl_ctx *octx,
3711
                              struct Curl_cfilter *cf,
3712
                              struct Curl_easy *data,
3713
                              struct ssl_peer *peer)
3714
{
3715
  unsigned char *ech_config = NULL;
3716
  size_t ech_config_len = 0;
3717
  char *outername = data->set.str[STRING_ECH_PUBLIC];
3718
  int trying_ech_now = 0;
3719
  CURLcode result;
3720
3721
  if(!ECH_ENABLED(data))
3722
    return CURLE_OK;
3723
3724
  if(data->set.tls_ech & CURLECH_GREASE) {
3725
    infof(data, "ECH: will GREASE ClientHello");
3726
# if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
3727
    SSL_set_enable_ech_grease(octx->ssl, 1);
3728
# else
3729
    SSL_set_options(octx->ssl, SSL_OP_ECH_GREASE);
3730
# endif
3731
  }
3732
  else if(data->set.tls_ech & CURLECH_CLA_CFG) {
3733
# if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
3734
    /* have to do base64 decode here for BoringSSL */
3735
    const char *b64 = data->set.str[STRING_ECH_CONFIG];
3736
3737
    if(!b64) {
3738
      infof(data, "ECH: ECHConfig from command line empty");
3739
      return CURLE_SSL_CONNECT_ERROR;
3740
    }
3741
    ech_config_len = 2 * strlen(b64);
3742
    result = curlx_base64_decode(b64, &ech_config, &ech_config_len);
3743
    if(result || !ech_config) {
3744
      infof(data, "ECH: cannot base64 decode ECHConfig from command line");
3745
      if(data->set.tls_ech & CURLECH_HARD)
3746
        return result;
3747
    }
3748
    if(SSL_set1_ech_config_list(octx->ssl, ech_config,
3749
                                ech_config_len) != 1) {
3750
      infof(data, "ECH: SSL_ECH_set1_ech_config_list failed");
3751
      if(data->set.tls_ech & CURLECH_HARD) {
3752
        free(ech_config);
3753
        return CURLE_SSL_CONNECT_ERROR;
3754
      }
3755
    }
3756
    free(ech_config);
3757
    trying_ech_now = 1;
3758
# else
3759
    ech_config = (unsigned char *) data->set.str[STRING_ECH_CONFIG];
3760
    if(!ech_config) {
3761
      infof(data, "ECH: ECHConfig from command line empty");
3762
      return CURLE_SSL_CONNECT_ERROR;
3763
    }
3764
    ech_config_len = strlen(data->set.str[STRING_ECH_CONFIG]);
3765
    if(SSL_set1_ech_config_list(octx->ssl, ech_config,
3766
                                ech_config_len) != 1) {
3767
      infof(data, "ECH: SSL_ECH_set1_ech_config_list failed");
3768
      if(data->set.tls_ech & CURLECH_HARD)
3769
        return CURLE_SSL_CONNECT_ERROR;
3770
    }
3771
    else
3772
      trying_ech_now = 1;
3773
# endif
3774
    infof(data, "ECH: ECHConfig from command line");
3775
  }
3776
  else {
3777
    struct Curl_dns_entry *dns = NULL;
3778
3779
    if(peer->hostname)
3780
      dns = Curl_dnscache_get(data, peer->hostname, peer->port,
3781
                              cf->conn->ip_version);
3782
    if(!dns) {
3783
      infof(data, "ECH: requested but no DNS info available");
3784
      if(data->set.tls_ech & CURLECH_HARD)
3785
        return CURLE_SSL_CONNECT_ERROR;
3786
    }
3787
    else {
3788
      struct Curl_https_rrinfo *rinfo = NULL;
3789
3790
      rinfo = dns->hinfo;
3791
      if(rinfo && rinfo->echconfiglist) {
3792
        unsigned char *ecl = rinfo->echconfiglist;
3793
        size_t elen = rinfo->echconfiglist_len;
3794
3795
        infof(data, "ECH: ECHConfig from DoH HTTPS RR");
3796
        if(SSL_set1_ech_config_list(octx->ssl, ecl, elen) != 1) {
3797
          infof(data, "ECH: SSL_set1_ech_config_list failed");
3798
          if(data->set.tls_ech & CURLECH_HARD)
3799
            return CURLE_SSL_CONNECT_ERROR;
3800
        }
3801
        else {
3802
          trying_ech_now = 1;
3803
          infof(data, "ECH: imported ECHConfigList of length %zu", elen);
3804
        }
3805
      }
3806
      else {
3807
        infof(data, "ECH: requested but no ECHConfig available");
3808
        if(data->set.tls_ech & CURLECH_HARD)
3809
          return CURLE_SSL_CONNECT_ERROR;
3810
      }
3811
      Curl_resolv_unlink(data, &dns);
3812
    }
3813
  }
3814
# if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
3815
  if(trying_ech_now && outername) {
3816
    infof(data, "ECH: setting public_name not supported with BoringSSL");
3817
    return CURLE_SSL_CONNECT_ERROR;
3818
  }
3819
# else
3820
  if(trying_ech_now && outername) {
3821
    infof(data, "ECH: inner: '%s', outer: '%s'",
3822
          peer->hostname ? peer->hostname : "NULL", outername);
3823
    result = SSL_ech_set1_server_names(octx->ssl,
3824
                                      peer->hostname, outername,
3825
                                      0 /* do send outer */);
3826
    if(result != 1) {
3827
      infof(data, "ECH: rv failed to set server name(s) %d [ERROR]", result);
3828
      return CURLE_SSL_CONNECT_ERROR;
3829
    }
3830
  }
3831
# endif  /* OPENSSL_IS_BORINGSSL || OPENSSL_IS_AWSLC */
3832
  if(trying_ech_now
3833
     && SSL_set_min_proto_version(octx->ssl, TLS1_3_VERSION) != 1) {
3834
    infof(data, "ECH: cannot force TLSv1.3 [ERROR]");
3835
    return CURLE_SSL_CONNECT_ERROR;
3836
  }
3837
3838
  return CURLE_OK;
3839
}
3840
#endif /* USE_ECH_OPENSSL */
3841
3842
3843
static CURLcode ossl_init_ssl(struct ossl_ctx *octx,
3844
                              struct Curl_cfilter *cf,
3845
                              struct Curl_easy *data,
3846
                              struct ssl_peer *peer,
3847
                              const struct alpn_spec *alpns_requested,
3848
                              void *ssl_user_data,
3849
                              Curl_ossl_init_session_reuse_cb *sess_reuse_cb)
3850
21
{
3851
  /* Let's make an SSL structure */
3852
21
  if(octx->ssl)
3853
0
    SSL_free(octx->ssl);
3854
21
  octx->ssl = SSL_new(octx->ssl_ctx);
3855
21
  if(!octx->ssl) {
3856
0
    failf(data, "SSL: could not create a context (handle)");
3857
0
    return CURLE_OUT_OF_MEMORY;
3858
0
  }
3859
3860
21
  SSL_set_app_data(octx->ssl, ssl_user_data);
3861
3862
21
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_OCSP)
3863
21
  if(Curl_ssl_cf_get_primary_config(cf)->verifystatus)
3864
0
    SSL_set_tlsext_status_type(octx->ssl, TLSEXT_STATUSTYPE_ocsp);
3865
21
#endif
3866
3867
#if (defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)) && \
3868
    defined(ALLOW_RENEG)
3869
  SSL_set_renegotiate_mode(octx->ssl, ssl_renegotiate_freely);
3870
#endif
3871
3872
21
  SSL_set_connect_state(octx->ssl);
3873
3874
21
  octx->server_cert = NULL;
3875
21
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3876
21
  if(peer->sni) {
3877
21
    if(!SSL_set_tlsext_host_name(octx->ssl, peer->sni)) {
3878
0
      failf(data, "Failed set SNI");
3879
0
      return CURLE_SSL_CONNECT_ERROR;
3880
0
    }
3881
21
  }
3882
3883
#ifdef USE_ECH_OPENSSL
3884
  {
3885
    CURLcode result = ossl_init_ech(octx, cf, data, peer);
3886
    if(result)
3887
      return result;
3888
  }
3889
#endif  /* USE_ECH_OPENSSL */
3890
3891
21
#endif
3892
3893
21
  return ossl_init_session_and_alpns(octx, cf, data, peer,
3894
21
                                     alpns_requested, sess_reuse_cb);
3895
21
}
3896
3897
3898
static CURLcode ossl_init_method(struct Curl_cfilter *cf,
3899
                                 struct Curl_easy *data,
3900
                                 struct ssl_peer *peer,
3901
                                 const SSL_METHOD **pmethod,
3902
                                 unsigned int *pssl_version_min)
3903
21
{
3904
21
  struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
3905
3906
21
  *pmethod = NULL;
3907
21
  *pssl_version_min = conn_config->version;
3908
21
  switch(peer->transport) {
3909
21
  case TRNSPRT_TCP:
3910
    /* check to see if we have been told to use an explicit SSL/TLS version */
3911
21
    switch(*pssl_version_min) {
3912
21
    case CURL_SSLVERSION_DEFAULT:
3913
21
    case CURL_SSLVERSION_TLSv1:
3914
21
    case CURL_SSLVERSION_TLSv1_0:
3915
21
    case CURL_SSLVERSION_TLSv1_1:
3916
21
    case CURL_SSLVERSION_TLSv1_2:
3917
21
    case CURL_SSLVERSION_TLSv1_3:
3918
      /* it will be handled later with the context options */
3919
21
  #if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
3920
21
      *pmethod = TLS_client_method();
3921
  #else
3922
      *pmethod = SSLv23_client_method();
3923
  #endif
3924
21
      break;
3925
0
    case CURL_SSLVERSION_SSLv2:
3926
0
      failf(data, "No SSLv2 support");
3927
0
      return CURLE_NOT_BUILT_IN;
3928
0
    case CURL_SSLVERSION_SSLv3:
3929
0
      failf(data, "No SSLv3 support");
3930
0
      return CURLE_NOT_BUILT_IN;
3931
0
    default:
3932
0
      failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
3933
0
      return CURLE_SSL_CONNECT_ERROR;
3934
21
    }
3935
21
    break;
3936
21
  case TRNSPRT_QUIC:
3937
0
    *pssl_version_min = CURL_SSLVERSION_TLSv1_3;
3938
0
    if(conn_config->version_max &&
3939
0
       (conn_config->version_max != CURL_SSLVERSION_MAX_TLSv1_3)) {
3940
0
      failf(data, "QUIC needs at least TLS version 1.3");
3941
0
      return CURLE_SSL_CONNECT_ERROR;
3942
0
    }
3943
3944
#ifdef USE_OPENSSL_QUIC
3945
    *pmethod = OSSL_QUIC_client_method();
3946
#elif (OPENSSL_VERSION_NUMBER >= 0x10100000L)
3947
0
    *pmethod = TLS_method();
3948
#else
3949
    *pmethod = SSLv23_client_method();
3950
#endif
3951
0
    break;
3952
0
  default:
3953
0
    failf(data, "unsupported transport %d in SSL init", peer->transport);
3954
0
    return CURLE_SSL_CONNECT_ERROR;
3955
21
  }
3956
3957
21
  return *pmethod ? CURLE_OK : CURLE_SSL_CONNECT_ERROR;
3958
21
}
3959
3960
3961
CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx,
3962
                            struct Curl_cfilter *cf,
3963
                            struct Curl_easy *data,
3964
                            struct ssl_peer *peer,
3965
                            const struct alpn_spec *alpns_requested,
3966
                            Curl_ossl_ctx_setup_cb *cb_setup,
3967
                            void *cb_user_data,
3968
                            Curl_ossl_new_session_cb *cb_new_session,
3969
                            void *ssl_user_data,
3970
                            Curl_ossl_init_session_reuse_cb *sess_reuse_cb)
3971
21
{
3972
21
  CURLcode result = CURLE_OK;
3973
21
  const char *ciphers;
3974
21
  const SSL_METHOD *req_method = NULL;
3975
21
  ctx_option_t ctx_options = 0;
3976
21
  struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
3977
21
  struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
3978
21
  char * const ssl_cert = ssl_config->primary.clientcert;
3979
21
  const struct curl_blob *ssl_cert_blob = ssl_config->primary.cert_blob;
3980
21
  const char * const ssl_cert_type = ssl_config->cert_type;
3981
21
  const bool verifypeer = conn_config->verifypeer;
3982
21
  unsigned int ssl_version_min;
3983
21
  char error_buffer[256];
3984
3985
  /* Make funny stuff to get random input */
3986
21
  result = ossl_seed(data);
3987
21
  if(result)
3988
0
    return result;
3989
3990
21
  ssl_config->certverifyresult = !X509_V_OK;
3991
3992
21
  result = ossl_init_method(cf, data, peer, &req_method, &ssl_version_min);
3993
21
  if(result)
3994
0
    return result;
3995
21
  DEBUGASSERT(req_method);
3996
3997
21
  DEBUGASSERT(!octx->ssl_ctx);
3998
21
  octx->ssl_ctx =
3999
#ifdef OPENSSL_HAS_PROVIDERS
4000
    data->state.libctx ?
4001
    SSL_CTX_new_ex(data->state.libctx, data->state.propq, req_method):
4002
#endif
4003
21
    SSL_CTX_new(req_method);
4004
4005
21
  if(!octx->ssl_ctx) {
4006
0
    failf(data, "SSL: could not create a context: %s",
4007
0
          ossl_strerror(ERR_peek_error(), error_buffer, sizeof(error_buffer)));
4008
0
    return CURLE_OUT_OF_MEMORY;
4009
0
  }
4010
4011
21
  if(cb_setup) {
4012
0
    result = cb_setup(cf, data, cb_user_data);
4013
0
    if(result)
4014
0
      return result;
4015
0
  }
4016
4017
21
#ifdef SSL_CTRL_SET_MSG_CALLBACK
4018
21
  if(data->set.fdebug && data->set.verbose) {
4019
    /* the SSL trace callback is only used for verbose logging */
4020
0
    SSL_CTX_set_msg_callback(octx->ssl_ctx, ossl_trace);
4021
0
    SSL_CTX_set_msg_callback_arg(octx->ssl_ctx, cf);
4022
0
  }
4023
21
#endif
4024
4025
  /* OpenSSL contains code to work around lots of bugs and flaws in various
4026
     SSL-implementations. SSL_CTX_set_options() is used to enabled those
4027
     work-arounds. The manpage for this option states that SSL_OP_ALL enables
4028
     all the work-arounds and that "It is usually safe to use SSL_OP_ALL to
4029
     enable the bug workaround options if compatibility with somewhat broken
4030
     implementations is desired."
4031
4032
     The "-no_ticket" option was introduced in OpenSSL 0.9.8j. it is a flag to
4033
     disable "rfc4507bis session ticket support". rfc4507bis was later turned
4034
     into the proper RFC5077: https://datatracker.ietf.org/doc/html/rfc5077
4035
4036
     The enabled extension concerns the session management. I wonder how often
4037
     libcurl stops a connection and then resumes a TLS session. Also, sending
4038
     the session data is some overhead. I suggest that you just use your
4039
     proposed patch (which explicitly disables TICKET).
4040
4041
     If someone writes an application with libcurl and OpenSSL who wants to
4042
     enable the feature, one can do this in the SSL callback.
4043
4044
     SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option enabling allowed proper
4045
     interoperability with web server Netscape Enterprise Server 2.0.1 which
4046
     was released back in 1996.
4047
4048
     Due to CVE-2010-4180, option SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG has
4049
     become ineffective as of OpenSSL 0.9.8q and 1.0.0c. In order to mitigate
4050
     CVE-2010-4180 when using previous OpenSSL versions we no longer enable
4051
     this option regardless of OpenSSL version and SSL_OP_ALL definition.
4052
4053
     OpenSSL added a work-around for an SSL 3.0/TLS 1.0 CBC vulnerability:
4054
     https://web.archive.org/web/20240114184648/openssl.org/~bodo/tls-cbc.txt.
4055
     In 0.9.6e they added a bit to SSL_OP_ALL that _disables_ that work-around
4056
     despite the fact that SSL_OP_ALL is documented to do "rather harmless"
4057
     workarounds. In order to keep the secure work-around, the
4058
     SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit must not be set.
4059
  */
4060
4061
21
  ctx_options = SSL_OP_ALL;
4062
4063
21
#ifdef SSL_OP_NO_TICKET
4064
21
  ctx_options |= SSL_OP_NO_TICKET;
4065
21
#endif
4066
4067
21
#ifdef SSL_OP_NO_COMPRESSION
4068
21
  ctx_options |= SSL_OP_NO_COMPRESSION;
4069
21
#endif
4070
4071
21
#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
4072
  /* mitigate CVE-2010-4180 */
4073
21
  ctx_options &= ~(ctx_option_t)SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
4074
21
#endif
4075
4076
21
#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
4077
  /* unless the user explicitly asks to allow the protocol vulnerability we
4078
     use the work-around */
4079
21
  if(!ssl_config->enable_beast)
4080
21
    ctx_options &= ~(ctx_option_t)SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
4081
21
#endif
4082
4083
21
  switch(ssl_version_min) {
4084
0
  case CURL_SSLVERSION_SSLv2:
4085
0
  case CURL_SSLVERSION_SSLv3:
4086
0
    return CURLE_NOT_BUILT_IN;
4087
4088
    /* "--tlsv<x.y>" options mean TLS >= version <x.y> */
4089
21
  case CURL_SSLVERSION_DEFAULT:
4090
21
  case CURL_SSLVERSION_TLSv1: /* TLS >= version 1.0 */
4091
21
  case CURL_SSLVERSION_TLSv1_0: /* TLS >= version 1.0 */
4092
21
  case CURL_SSLVERSION_TLSv1_1: /* TLS >= version 1.1 */
4093
21
  case CURL_SSLVERSION_TLSv1_2: /* TLS >= version 1.2 */
4094
21
  case CURL_SSLVERSION_TLSv1_3: /* TLS >= version 1.3 */
4095
    /* asking for any TLS version as the minimum, means no SSL versions
4096
       allowed */
4097
21
    ctx_options |= SSL_OP_NO_SSLv2;
4098
21
    ctx_options |= SSL_OP_NO_SSLv3;
4099
4100
21
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) /* 1.1.0 */
4101
21
    result = ossl_set_ssl_version_min_max(cf, octx->ssl_ctx);
4102
#else
4103
    result = ossl_set_ssl_version_min_max_legacy(&ctx_options, cf, data);
4104
#endif
4105
21
    if(result != CURLE_OK)
4106
0
      return result;
4107
21
    break;
4108
4109
21
  default:
4110
0
    failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
4111
0
    return CURLE_SSL_CONNECT_ERROR;
4112
21
  }
4113
4114
21
  SSL_CTX_set_options(octx->ssl_ctx, ctx_options);
4115
4116
21
#ifdef SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
4117
  /* We do retry writes sometimes from another buffer address */
4118
21
  SSL_CTX_set_mode(octx->ssl_ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
4119
21
#endif
4120
4121
21
  ciphers = conn_config->cipher_list;
4122
21
  if(!ciphers && (peer->transport != TRNSPRT_QUIC))
4123
21
    ciphers = DEFAULT_CIPHER_SELECTION;
4124
21
  if(ciphers && (ssl_version_min < CURL_SSLVERSION_TLSv1_3)) {
4125
0
    if(!SSL_CTX_set_cipher_list(octx->ssl_ctx, ciphers)) {
4126
0
      failf(data, "failed setting cipher list: %s", ciphers);
4127
0
      return CURLE_SSL_CIPHER;
4128
0
    }
4129
0
    infof(data, "Cipher selection: %s", ciphers);
4130
0
  }
4131
4132
21
#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
4133
21
  {
4134
21
    const char *ciphers13 = conn_config->cipher_list13;
4135
21
    if(ciphers13 &&
4136
21
       (!conn_config->version_max ||
4137
0
        (conn_config->version_max >= CURL_SSLVERSION_MAX_TLSv1_3))) {
4138
0
      if(!SSL_CTX_set_ciphersuites(octx->ssl_ctx, ciphers13)) {
4139
0
        failf(data, "failed setting TLS 1.3 cipher suite: %s", ciphers13);
4140
0
        return CURLE_SSL_CIPHER;
4141
0
      }
4142
0
      infof(data, "TLS 1.3 cipher selection: %s", ciphers13);
4143
0
    }
4144
21
  }
4145
21
#endif
4146
4147
21
  if(ssl_cert || ssl_cert_blob || ssl_cert_type) {
4148
0
    if(!result &&
4149
0
       !cert_stuff(data, octx->ssl_ctx,
4150
0
                   ssl_cert, ssl_cert_blob, ssl_cert_type,
4151
0
                   ssl_config->key, ssl_config->key_blob,
4152
0
                   ssl_config->key_type, ssl_config->key_passwd))
4153
0
      result = CURLE_SSL_CERTPROBLEM;
4154
0
    if(result)
4155
      /* failf() is already done in cert_stuff() */
4156
0
      return result;
4157
0
  }
4158
4159
21
#ifdef HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
4160
  /* OpenSSL 1.1.1 requires clients to opt-in for PHA */
4161
21
  SSL_CTX_set_post_handshake_auth(octx->ssl_ctx, 1);
4162
21
#endif
4163
4164
21
  {
4165
21
    const char *curves = conn_config->curves;
4166
21
    if(curves) {
4167
#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
4168
#define OSSL_CURVE_CAST(x) (x)
4169
#else
4170
0
#define OSSL_CURVE_CAST(x) (char *)CURL_UNCONST(x)
4171
0
#endif
4172
0
      if(!SSL_CTX_set1_curves_list(octx->ssl_ctx, OSSL_CURVE_CAST(curves))) {
4173
0
        failf(data, "failed setting curves list: '%s'", curves);
4174
0
        return CURLE_SSL_CIPHER;
4175
0
      }
4176
0
    }
4177
21
  }
4178
4179
21
#ifdef HAVE_SSL_CTX_SET1_SIGALGS
4180
21
#define OSSL_SIGALG_CAST(x) OSSL_CURVE_CAST(x)
4181
21
  {
4182
21
    const char *signature_algorithms = conn_config->signature_algorithms;
4183
21
    if(signature_algorithms) {
4184
0
      if(!SSL_CTX_set1_sigalgs_list(octx->ssl_ctx,
4185
0
                                    OSSL_SIGALG_CAST(signature_algorithms))) {
4186
0
        failf(data, "failed setting signature algorithms: '%s'",
4187
0
              signature_algorithms);
4188
0
        return CURLE_SSL_CIPHER;
4189
0
      }
4190
0
    }
4191
21
  }
4192
21
#endif
4193
4194
21
#ifdef USE_OPENSSL_SRP
4195
21
  if(ssl_config->primary.username && Curl_auth_allowed_to_host(data)) {
4196
0
    char * const ssl_username = ssl_config->primary.username;
4197
0
    char * const ssl_password = ssl_config->primary.password;
4198
0
    infof(data, "Using TLS-SRP username: %s", ssl_username);
4199
4200
0
    if(!SSL_CTX_set_srp_username(octx->ssl_ctx, ssl_username)) {
4201
0
      failf(data, "Unable to set SRP username");
4202
0
      return CURLE_BAD_FUNCTION_ARGUMENT;
4203
0
    }
4204
0
    if(!SSL_CTX_set_srp_password(octx->ssl_ctx, ssl_password)) {
4205
0
      failf(data, "failed setting SRP password");
4206
0
      return CURLE_BAD_FUNCTION_ARGUMENT;
4207
0
    }
4208
0
    if(!conn_config->cipher_list) {
4209
0
      infof(data, "Setting cipher list SRP");
4210
4211
0
      if(!SSL_CTX_set_cipher_list(octx->ssl_ctx, "SRP")) {
4212
0
        failf(data, "failed setting SRP cipher list");
4213
0
        return CURLE_SSL_CIPHER;
4214
0
      }
4215
0
    }
4216
0
  }
4217
21
#endif
4218
4219
  /* OpenSSL always tries to verify the peer, this only says whether it should
4220
   * fail to connect if the verification fails, or if it should continue
4221
   * anyway. In the latter case the result of the verification is checked with
4222
   * SSL_get_verify_result() below. */
4223
21
  SSL_CTX_set_verify(octx->ssl_ctx,
4224
21
                     verifypeer ? SSL_VERIFY_PEER : SSL_VERIFY_NONE, NULL);
4225
4226
  /* Enable logging of secrets to the file specified in env SSLKEYLOGFILE. */
4227
21
#ifdef HAVE_KEYLOG_CALLBACK
4228
21
  if(Curl_tls_keylog_enabled()) {
4229
0
    SSL_CTX_set_keylog_callback(octx->ssl_ctx, ossl_keylog_callback);
4230
0
  }
4231
21
#endif
4232
4233
21
  if(cb_new_session) {
4234
    /* Enable the session cache because it is a prerequisite for the
4235
     * "new session" callback. Use the "external storage" mode to prevent
4236
     * OpenSSL from creating an internal session cache.
4237
     */
4238
21
    SSL_CTX_set_session_cache_mode(octx->ssl_ctx,
4239
21
                                   SSL_SESS_CACHE_CLIENT |
4240
21
                                   SSL_SESS_CACHE_NO_INTERNAL);
4241
21
    SSL_CTX_sess_set_new_cb(octx->ssl_ctx, cb_new_session);
4242
21
  }
4243
4244
  /* give application a chance to interfere with SSL set up. */
4245
21
  if(data->set.ssl.fsslctx) {
4246
    /* When a user callback is installed to modify the SSL_CTX,
4247
     * we need to do the full initialization before calling it.
4248
     * See: #11800 */
4249
0
    if(!octx->x509_store_setup) {
4250
0
      result = Curl_ssl_setup_x509_store(cf, data, octx->ssl_ctx);
4251
0
      if(result)
4252
0
        return result;
4253
0
      octx->x509_store_setup = TRUE;
4254
0
    }
4255
0
    Curl_set_in_callback(data, TRUE);
4256
0
    result = (*data->set.ssl.fsslctx)(data, octx->ssl_ctx,
4257
0
                                      data->set.ssl.fsslctxp);
4258
0
    Curl_set_in_callback(data, FALSE);
4259
0
    if(result) {
4260
0
      failf(data, "error signaled by ssl ctx callback");
4261
0
      return result;
4262
0
    }
4263
0
  }
4264
4265
21
  return ossl_init_ssl(octx, cf, data, peer, alpns_requested,
4266
21
                       ssl_user_data, sess_reuse_cb);
4267
21
}
4268
4269
static CURLcode ossl_on_session_reuse(struct Curl_cfilter *cf,
4270
                                      struct Curl_easy *data,
4271
                                      struct alpn_spec *alpns,
4272
                                      struct Curl_ssl_session *scs,
4273
                                      bool *do_early_data)
4274
0
{
4275
0
  struct ssl_connect_data *connssl = cf->ctx;
4276
0
  CURLcode result = CURLE_OK;
4277
4278
0
  *do_early_data = FALSE;
4279
0
  connssl->earlydata_max = scs->earlydata_max;
4280
0
  if(!connssl->earlydata_max) {
4281
0
    CURL_TRC_CF(data, cf, "SSL session does not allow earlydata");
4282
0
  }
4283
0
  else if(!Curl_alpn_contains_proto(alpns, scs->alpn)) {
4284
0
    CURL_TRC_CF(data, cf, "SSL session has different ALPN, no early data");
4285
0
  }
4286
0
  else {
4287
0
    infof(data, "SSL session allows %zu bytes of early data, "
4288
0
          "reusing ALPN '%s'", connssl->earlydata_max, scs->alpn);
4289
0
    connssl->earlydata_state = ssl_earlydata_await;
4290
0
    connssl->state = ssl_connection_deferred;
4291
0
    result = Curl_alpn_set_negotiated(cf, data, connssl,
4292
0
                    (const unsigned char *)scs->alpn,
4293
0
                    scs->alpn ? strlen(scs->alpn) : 0);
4294
0
    *do_early_data = !result;
4295
0
  }
4296
0
  return result;
4297
0
}
4298
4299
static CURLcode ossl_connect_step1(struct Curl_cfilter *cf,
4300
                                   struct Curl_easy *data)
4301
21
{
4302
21
  struct ssl_connect_data *connssl = cf->ctx;
4303
21
  struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend;
4304
21
  BIO *bio;
4305
21
  CURLcode result;
4306
4307
21
  DEBUGASSERT(ssl_connect_1 == connssl->connecting_state);
4308
21
  DEBUGASSERT(octx);
4309
4310
21
  result = Curl_ossl_ctx_init(octx, cf, data, &connssl->peer,
4311
21
                              connssl->alpn, NULL, NULL,
4312
21
                              ossl_new_session_cb, cf,
4313
21
                              ossl_on_session_reuse);
4314
21
  if(result)
4315
0
    return result;
4316
4317
21
  octx->bio_method = ossl_bio_cf_method_create();
4318
21
  if(!octx->bio_method)
4319
0
    return CURLE_OUT_OF_MEMORY;
4320
21
  bio = BIO_new(octx->bio_method);
4321
21
  if(!bio)
4322
0
    return CURLE_OUT_OF_MEMORY;
4323
4324
21
  BIO_set_data(bio, cf);
4325
21
#ifdef HAVE_SSL_SET0_WBIO
4326
  /* with OpenSSL v1.1.1 we get an alternative to SSL_set_bio() that works
4327
   * without backward compat quirks. Every call takes one reference, so we
4328
   * up it and pass. SSL* then owns it and will free.
4329
   * We check on the function in configure, since LibreSSL and friends
4330
   * each have their own versions to add support for this. */
4331
21
  BIO_up_ref(bio);
4332
21
  SSL_set0_rbio(octx->ssl, bio);
4333
21
  SSL_set0_wbio(octx->ssl, bio);
4334
#else
4335
  SSL_set_bio(octx->ssl, bio, bio);
4336
#endif
4337
4338
21
#ifdef HAS_ALPN_OPENSSL
4339
21
  if(connssl->alpn && (connssl->state != ssl_connection_deferred)) {
4340
21
    struct alpn_proto_buf proto;
4341
21
    memset(&proto, 0, sizeof(proto));
4342
21
    Curl_alpn_to_proto_str(&proto, connssl->alpn);
4343
21
    infof(data, VTLS_INFOF_ALPN_OFFER_1STR, proto.data);
4344
21
  }
4345
21
#endif
4346
21
  connssl->connecting_state = ssl_connect_2;
4347
21
  return CURLE_OK;
4348
21
}
4349
4350
#ifdef USE_ECH_OPENSSL
4351
/* If we have retry configs, then trace those out */
4352
static void ossl_trace_ech_retry_configs(struct Curl_easy *data, SSL* ssl,
4353
                                         int reason)
4354
{
4355
  CURLcode result = CURLE_OK;
4356
  size_t rcl = 0;
4357
  int rv = 1;
4358
# if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC)
4359
  char *inner = NULL;
4360
  unsigned char *rcs = NULL;
4361
  char *outer = NULL;
4362
# else
4363
  const char *inner = NULL;
4364
  const uint8_t *rcs = NULL;
4365
  const char *outer = NULL;
4366
  size_t out_name_len = 0;
4367
  int servername_type = 0;
4368
# endif
4369
4370
  /* nothing to trace if not doing ECH */
4371
  if(!ECH_ENABLED(data))
4372
    return;
4373
# if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC)
4374
  rv = SSL_ech_get1_retry_config(ssl, &rcs, &rcl);
4375
# else
4376
  SSL_get0_ech_retry_configs(ssl, &rcs, &rcl);
4377
  rv = (int)rcl;
4378
# endif
4379
4380
  if(rv && rcs) {
4381
    char *b64str = NULL;
4382
    size_t blen = 0;
4383
4384
    result = curlx_base64_encode((const char *)rcs, rcl, &b64str, &blen);
4385
    if(!result && b64str) {
4386
      infof(data, "ECH: retry_configs %s", b64str);
4387
      free(b64str);
4388
#if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC)
4389
      rv = SSL_ech_get1_status(ssl, &inner, &outer);
4390
      infof(data, "ECH: retry_configs for %s from %s, %d %d",
4391
            inner ? inner : "NULL", outer ? outer : "NULL", reason, rv);
4392
#else
4393
      rv = SSL_ech_accepted(ssl);
4394
      servername_type = SSL_get_servername_type(ssl);
4395
      inner = SSL_get_servername(ssl, servername_type);
4396
      SSL_get0_ech_name_override(ssl, &outer, &out_name_len);
4397
      infof(data, "ECH: retry_configs for %s from %s, %d %d",
4398
            inner ? inner : "NULL", outer ? outer : "NULL", reason, rv);
4399
#endif
4400
    }
4401
  }
4402
  else
4403
    infof(data, "ECH: no retry_configs (rv = %d)", rv);
4404
# if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC)
4405
  OPENSSL_free((void *)rcs);
4406
# endif
4407
  return;
4408
}
4409
4410
#endif
4411
4412
static CURLcode ossl_connect_step2(struct Curl_cfilter *cf,
4413
                                   struct Curl_easy *data)
4414
58
{
4415
58
  int err;
4416
58
  struct ssl_connect_data *connssl = cf->ctx;
4417
58
  struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend;
4418
58
  struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
4419
58
  DEBUGASSERT(ssl_connect_2 == connssl->connecting_state);
4420
58
  DEBUGASSERT(octx);
4421
4422
58
  connssl->io_need = CURL_SSL_IO_NEED_NONE;
4423
58
  ERR_clear_error();
4424
4425
58
  err = SSL_connect(octx->ssl);
4426
4427
58
  if(!octx->x509_store_setup) {
4428
    /* After having send off the ClientHello, we prepare the x509
4429
     * store to verify the coming certificate from the server */
4430
0
    CURLcode result = Curl_ssl_setup_x509_store(cf, data, octx->ssl_ctx);
4431
0
    if(result)
4432
0
      return result;
4433
0
    octx->x509_store_setup = TRUE;
4434
0
  }
4435
4436
#ifndef HAVE_KEYLOG_CALLBACK
4437
  /* If key logging is enabled, wait for the handshake to complete and then
4438
   * proceed with logging secrets (for TLS 1.2 or older).
4439
   */
4440
  if(Curl_tls_keylog_enabled() && !octx->keylog_done)
4441
    ossl_log_tls12_secret(octx->ssl, &octx->keylog_done);
4442
#endif
4443
4444
  /* 1  is fine
4445
     0  is "not successful but was shut down controlled"
4446
     <0 is "handshake was not successful, because a fatal error occurred" */
4447
58
  if(1 != err) {
4448
37
    int detail = SSL_get_error(octx->ssl, err);
4449
37
    CURL_TRC_CF(data, cf, "SSL_connect() -> err=%d, detail=%d", err, detail);
4450
4451
37
    if(SSL_ERROR_WANT_READ == detail) {
4452
37
      CURL_TRC_CF(data, cf, "SSL_connect() -> want recv");
4453
37
      connssl->io_need = CURL_SSL_IO_NEED_RECV;
4454
37
      return CURLE_AGAIN;
4455
37
    }
4456
0
    if(SSL_ERROR_WANT_WRITE == detail) {
4457
0
      CURL_TRC_CF(data, cf, "SSL_connect() -> want send");
4458
0
      connssl->io_need = CURL_SSL_IO_NEED_SEND;
4459
0
      return CURLE_AGAIN;
4460
0
    }
4461
0
#ifdef SSL_ERROR_WANT_ASYNC
4462
0
    if(SSL_ERROR_WANT_ASYNC == detail) {
4463
0
      CURL_TRC_CF(data, cf, "SSL_connect() -> want async");
4464
0
      connssl->io_need = CURL_SSL_IO_NEED_RECV;
4465
0
      return CURLE_AGAIN;
4466
0
    }
4467
0
#endif
4468
#ifdef SSL_ERROR_WANT_RETRY_VERIFY
4469
    if(SSL_ERROR_WANT_RETRY_VERIFY == detail) {
4470
      CURL_TRC_CF(data, cf, "SSL_connect() -> want retry_verify");
4471
      connssl->io_need = CURL_SSL_IO_NEED_RECV;
4472
      return CURLE_AGAIN;
4473
    }
4474
#endif
4475
0
    else {
4476
      /* untreated error */
4477
0
      sslerr_t errdetail;
4478
0
      char error_buffer[256]="";
4479
0
      CURLcode result;
4480
0
      long lerr;
4481
0
      int lib;
4482
0
      int reason;
4483
4484
      /* the connection failed, we are not waiting for anything else. */
4485
0
      connssl->connecting_state = ssl_connect_2;
4486
4487
      /* Get the earliest error code from the thread's error queue and remove
4488
         the entry. */
4489
0
      errdetail = ERR_get_error();
4490
4491
      /* Extract which lib and reason */
4492
0
      lib = ERR_GET_LIB(errdetail);
4493
0
      reason = ERR_GET_REASON(errdetail);
4494
4495
0
      if((lib == ERR_LIB_SSL) &&
4496
0
         ((reason == SSL_R_CERTIFICATE_VERIFY_FAILED) ||
4497
0
          (reason == SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED))) {
4498
0
        result = CURLE_PEER_FAILED_VERIFICATION;
4499
4500
0
        lerr = SSL_get_verify_result(octx->ssl);
4501
0
        if(lerr != X509_V_OK) {
4502
0
          ssl_config->certverifyresult = lerr;
4503
0
          failf(data, "SSL certificate problem: %s",
4504
0
                X509_verify_cert_error_string(lerr));
4505
0
        }
4506
0
        else
4507
0
          failf(data, "%s", "SSL certificate verification failed");
4508
0
      }
4509
0
#ifdef SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED
4510
      /* SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED is only available on
4511
         OpenSSL version above v1.1.1, not LibreSSL, BoringSSL, or AWS-LC */
4512
0
      else if((lib == ERR_LIB_SSL) &&
4513
0
              (reason == SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED)) {
4514
        /* If client certificate is required, communicate the
4515
           error to client */
4516
0
        result = CURLE_SSL_CLIENTCERT;
4517
0
        failf(data, "TLS cert problem: %s",
4518
0
              ossl_strerror(errdetail, error_buffer, sizeof(error_buffer)));
4519
0
      }
4520
0
#endif
4521
#ifdef USE_ECH_OPENSSL
4522
      else if((lib == ERR_LIB_SSL) &&
4523
# if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC)
4524
              (reason == SSL_R_ECH_REQUIRED)) {
4525
# else
4526
              (reason == SSL_R_ECH_REJECTED)) {
4527
# endif
4528
4529
        /* trace retry_configs if we got some */
4530
        ossl_trace_ech_retry_configs(data, octx->ssl, reason);
4531
4532
        result = CURLE_ECH_REQUIRED;
4533
        failf(data, "ECH required: %s",
4534
              ossl_strerror(errdetail, error_buffer, sizeof(error_buffer)));
4535
      }
4536
#endif
4537
0
      else {
4538
0
        result = CURLE_SSL_CONNECT_ERROR;
4539
0
        failf(data, "TLS connect error: %s",
4540
0
              ossl_strerror(errdetail, error_buffer, sizeof(error_buffer)));
4541
0
      }
4542
4543
      /* detail is already set to the SSL error above */
4544
4545
      /* If we e.g. use SSLv2 request-method and the server does not like us
4546
       * (RST connection, etc.), OpenSSL gives no explanation whatsoever and
4547
       * the SO_ERROR is also lost.
4548
       */
4549
0
      if(CURLE_SSL_CONNECT_ERROR == result && errdetail == 0) {
4550
0
        char extramsg[80]="";
4551
0
        int sockerr = SOCKERRNO;
4552
4553
0
        if(sockerr && detail == SSL_ERROR_SYSCALL)
4554
0
          Curl_strerror(sockerr, extramsg, sizeof(extramsg));
4555
0
        failf(data, OSSL_PACKAGE " SSL_connect: %s in connection to %s:%d ",
4556
0
              extramsg[0] ? extramsg : SSL_ERROR_to_str(detail),
4557
0
              connssl->peer.hostname, connssl->peer.port);
4558
0
      }
4559
4560
0
      return result;
4561
0
    }
4562
0
  }
4563
21
  else {
4564
21
    int psigtype_nid = NID_undef;
4565
21
    const char *negotiated_group_name = NULL;
4566
4567
    /* we connected fine, we are not waiting for anything else. */
4568
21
    connssl->connecting_state = ssl_connect_3;
4569
4570
#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
4571
    SSL_get_peer_signature_type_nid(octx->ssl, &psigtype_nid);
4572
#if (OPENSSL_VERSION_NUMBER >= 0x30200000L)
4573
    negotiated_group_name = SSL_get0_group_name(octx->ssl);
4574
#else
4575
    negotiated_group_name =
4576
      OBJ_nid2sn(SSL_get_negotiated_group(octx->ssl) & 0x0000FFFF);
4577
#endif
4578
#endif
4579
4580
    /* Informational message */
4581
21
    infof(data, "SSL connection using %s / %s / %s / %s",
4582
21
          SSL_get_version(octx->ssl),
4583
21
          SSL_get_cipher(octx->ssl),
4584
21
          negotiated_group_name ? negotiated_group_name : "[blank]",
4585
21
          OBJ_nid2sn(psigtype_nid));
4586
4587
#ifdef USE_ECH_OPENSSL
4588
# if !defined(OPENSSL_IS_BORINGSSL) && !defined(OPENSSL_IS_AWSLC)
4589
    if(ECH_ENABLED(data)) {
4590
      char *inner = NULL, *outer = NULL;
4591
      const char *status = NULL;
4592
      int rv;
4593
4594
      rv = SSL_ech_get1_status(octx->ssl, &inner, &outer);
4595
      switch(rv) {
4596
      case SSL_ECH_STATUS_SUCCESS:
4597
        status = "succeeded";
4598
        break;
4599
      case SSL_ECH_STATUS_GREASE_ECH:
4600
        status = "sent GREASE, got retry-configs";
4601
        break;
4602
      case SSL_ECH_STATUS_GREASE:
4603
        status = "sent GREASE";
4604
        break;
4605
      case SSL_ECH_STATUS_NOT_TRIED:
4606
        status = "not attempted";
4607
        break;
4608
      case SSL_ECH_STATUS_NOT_CONFIGURED:
4609
        status = "not configured";
4610
        break;
4611
      case SSL_ECH_STATUS_BACKEND:
4612
        status = "backend (unexpected)";
4613
        break;
4614
      case SSL_ECH_STATUS_FAILED:
4615
        status = "failed";
4616
        break;
4617
      case SSL_ECH_STATUS_BAD_CALL:
4618
        status = "bad call (unexpected)";
4619
        break;
4620
      case SSL_ECH_STATUS_BAD_NAME:
4621
        status = "bad name (unexpected)";
4622
        break;
4623
      default:
4624
        status = "unexpected status";
4625
        infof(data, "ECH: unexpected status %d",rv);
4626
      }
4627
      infof(data, "ECH: result: status is %s, inner is %s, outer is %s",
4628
            (status ? status : "NULL"),
4629
            (inner ? inner : "NULL"),
4630
            (outer ? outer : "NULL"));
4631
      OPENSSL_free(inner);
4632
      OPENSSL_free(outer);
4633
      if(rv == SSL_ECH_STATUS_GREASE_ECH) {
4634
        /* trace retry_configs if we got some */
4635
        ossl_trace_ech_retry_configs(data, octx->ssl, 0);
4636
      }
4637
      if(rv != SSL_ECH_STATUS_SUCCESS
4638
         && data->set.tls_ech & CURLECH_HARD) {
4639
        infof(data, "ECH: ech-hard failed");
4640
        return CURLE_SSL_CONNECT_ERROR;
4641
      }
4642
   }
4643
   else {
4644
      infof(data, "ECH: result: status is not attempted");
4645
   }
4646
# endif  /* !OPENSSL_IS_BORINGSSL && !OPENSSL_IS_AWSLC */
4647
#endif  /* USE_ECH_OPENSSL */
4648
4649
21
#ifdef HAS_ALPN_OPENSSL
4650
    /* Sets data and len to negotiated protocol, len is 0 if no protocol was
4651
     * negotiated
4652
     */
4653
21
    if(connssl->alpn) {
4654
21
      const unsigned char *neg_protocol;
4655
21
      unsigned int len;
4656
21
      SSL_get0_alpn_selected(octx->ssl, &neg_protocol, &len);
4657
4658
21
      return Curl_alpn_set_negotiated(cf, data, connssl, neg_protocol, len);
4659
21
    }
4660
0
#endif
4661
4662
0
    return CURLE_OK;
4663
21
  }
4664
58
}
4665
4666
/*
4667
 * Heavily modified from:
4668
 * https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning#OpenSSL
4669
 */
4670
static CURLcode ossl_pkp_pin_peer_pubkey(struct Curl_easy *data, X509* cert,
4671
                                         const char *pinnedpubkey)
4672
0
{
4673
  /* Scratch */
4674
0
  int len1 = 0, len2 = 0;
4675
0
  unsigned char *buff1 = NULL, *temp = NULL;
4676
4677
  /* Result is returned to caller */
4678
0
  CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
4679
4680
  /* if a path was not specified, do not pin */
4681
0
  if(!pinnedpubkey)
4682
0
    return CURLE_OK;
4683
4684
0
  if(!cert)
4685
0
    return result;
4686
4687
0
  do {
4688
    /* Begin Gyrations to get the subjectPublicKeyInfo     */
4689
    /* Thanks to Viktor Dukhovni on the OpenSSL mailing list */
4690
4691
    /* https://groups.google.com/group/mailing.openssl.users/browse_thread
4692
       /thread/d61858dae102c6c7 */
4693
0
    len1 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), NULL);
4694
0
    if(len1 < 1)
4695
0
      break; /* failed */
4696
4697
0
    buff1 = temp = malloc(len1);
4698
0
    if(!buff1)
4699
0
      break; /* failed */
4700
4701
    /* https://docs.openssl.org/master/man3/d2i_X509/ */
4702
0
    len2 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &temp);
4703
4704
    /*
4705
     * These checks are verifying we got back the same values as when we
4706
     * sized the buffer. it is pretty weak since they should always be the
4707
     * same. But it gives us something to test.
4708
     */
4709
0
    if((len1 != len2) || !temp || ((temp - buff1) != len1))
4710
0
      break; /* failed */
4711
4712
    /* End Gyrations */
4713
4714
    /* The one good exit point */
4715
0
    result = Curl_pin_peer_pubkey(data, pinnedpubkey, buff1, len1);
4716
0
  } while(0);
4717
4718
0
  if(buff1)
4719
0
    free(buff1);
4720
4721
0
  return result;
4722
0
}
4723
4724
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) &&  \
4725
  !(defined(LIBRESSL_VERSION_NUMBER) && \
4726
    LIBRESSL_VERSION_NUMBER < 0x3060000fL) && \
4727
  !defined(OPENSSL_IS_BORINGSSL) && \
4728
  !defined(OPENSSL_IS_AWSLC) && \
4729
  !defined(CURL_DISABLE_VERBOSE_STRINGS)
4730
static void infof_certstack(struct Curl_easy *data, const SSL *ssl)
4731
21
{
4732
21
  STACK_OF(X509) *certstack;
4733
21
  long verify_result;
4734
21
  int num_cert_levels;
4735
21
  int cert_level;
4736
4737
21
  verify_result = SSL_get_verify_result(ssl);
4738
21
  if(verify_result != X509_V_OK)
4739
0
    certstack = SSL_get_peer_cert_chain(ssl);
4740
21
  else
4741
21
    certstack = SSL_get0_verified_chain(ssl);
4742
21
  num_cert_levels = sk_X509_num(certstack);
4743
4744
84
  for(cert_level = 0; cert_level < num_cert_levels; cert_level++) {
4745
63
    char cert_algorithm[80] = "";
4746
63
    char group_name_final[80] = "";
4747
63
    const X509_ALGOR *palg_cert = NULL;
4748
63
    const ASN1_OBJECT *paobj_cert = NULL;
4749
63
    X509 *current_cert;
4750
63
    EVP_PKEY *current_pkey;
4751
63
    int key_bits;
4752
63
    int key_sec_bits;
4753
63
    int get_group_name;
4754
63
    const char *type_name;
4755
4756
63
    current_cert = sk_X509_value(certstack, cert_level);
4757
4758
63
    X509_get0_signature(NULL, &palg_cert, current_cert);
4759
63
    X509_ALGOR_get0(&paobj_cert, NULL, NULL, palg_cert);
4760
63
    OBJ_obj2txt(cert_algorithm, sizeof(cert_algorithm), paobj_cert, 0);
4761
4762
63
    current_pkey = X509_get0_pubkey(current_cert);
4763
63
    key_bits = EVP_PKEY_bits(current_pkey);
4764
63
#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
4765
63
#define EVP_PKEY_get_security_bits EVP_PKEY_security_bits
4766
63
#endif
4767
63
    key_sec_bits = EVP_PKEY_get_security_bits(current_pkey);
4768
#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
4769
    {
4770
      char group_name[80] = "";
4771
      get_group_name = EVP_PKEY_get_group_name(current_pkey, group_name,
4772
                                               sizeof(group_name), NULL);
4773
      msnprintf(group_name_final, sizeof(group_name_final), "/%s", group_name);
4774
    }
4775
    type_name = current_pkey ? EVP_PKEY_get0_type_name(current_pkey) : NULL;
4776
#else
4777
63
    get_group_name = 0;
4778
63
    type_name = NULL;
4779
63
#endif
4780
4781
63
    infof(data,
4782
63
          "  Certificate level %d: "
4783
63
          "Public key type %s%s (%d/%d Bits/secBits), signed using %s",
4784
63
          cert_level, type_name ? type_name : "?",
4785
63
          get_group_name == 0 ? "" : group_name_final,
4786
63
          key_bits, key_sec_bits, cert_algorithm);
4787
63
  }
4788
21
}
4789
#else
4790
#define infof_certstack(data, ssl)
4791
#endif
4792
4793
21
#define MAX_CERT_NAME_LENGTH 2048
4794
4795
CURLcode Curl_oss_check_peer_cert(struct Curl_cfilter *cf,
4796
                                  struct Curl_easy *data,
4797
                                  struct ossl_ctx *octx,
4798
                                  struct ssl_peer *peer)
4799
21
{
4800
21
  struct connectdata *conn = cf->conn;
4801
21
  struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
4802
21
  struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
4803
21
  CURLcode result = CURLE_OK;
4804
21
  long lerr;
4805
21
  X509 *issuer;
4806
21
  BIO *fp = NULL;
4807
21
  char error_buffer[256]="";
4808
21
  const char *ptr;
4809
21
  BIO *mem = BIO_new(BIO_s_mem());
4810
21
  bool strict = (conn_config->verifypeer || conn_config->verifyhost);
4811
21
  struct dynbuf dname;
4812
4813
21
  DEBUGASSERT(octx);
4814
4815
21
  curlx_dyn_init(&dname, MAX_CERT_NAME_LENGTH);
4816
4817
21
  if(!mem) {
4818
0
    failf(data,
4819
0
          "BIO_new return NULL, " OSSL_PACKAGE
4820
0
          " error %s",
4821
0
          ossl_strerror(ERR_get_error(), error_buffer,
4822
0
                        sizeof(error_buffer)) );
4823
0
    return CURLE_OUT_OF_MEMORY;
4824
0
  }
4825
4826
21
  if(data->set.ssl.certinfo)
4827
    /* asked to gather certificate info */
4828
0
    (void)ossl_certchain(data, octx->ssl);
4829
4830
21
  octx->server_cert = SSL_get1_peer_certificate(octx->ssl);
4831
21
  if(!octx->server_cert) {
4832
0
    BIO_free(mem);
4833
0
    if(!strict)
4834
0
      return CURLE_OK;
4835
4836
0
    failf(data, "SSL: could not get peer certificate");
4837
0
    return CURLE_PEER_FAILED_VERIFICATION;
4838
0
  }
4839
4840
21
  infof(data, "%s certificate:",
4841
21
        Curl_ssl_cf_is_proxy(cf) ? "Proxy" : "Server");
4842
4843
21
  result = x509_name_oneline(X509_get_subject_name(octx->server_cert),
4844
21
                             &dname);
4845
21
  infof(data, " subject: %s", result ? "[NONE]" : curlx_dyn_ptr(&dname));
4846
4847
21
#ifndef CURL_DISABLE_VERBOSE_STRINGS
4848
21
  {
4849
21
    char *buf;
4850
21
    long len;
4851
21
    ASN1_TIME_print(mem, X509_get0_notBefore(octx->server_cert));
4852
21
    len = BIO_get_mem_data(mem, (char **) &buf);
4853
21
    infof(data, " start date: %.*s", (int)len, buf);
4854
21
    (void)BIO_reset(mem);
4855
4856
21
    ASN1_TIME_print(mem, X509_get0_notAfter(octx->server_cert));
4857
21
    len = BIO_get_mem_data(mem, (char **) &buf);
4858
21
    infof(data, " expire date: %.*s", (int)len, buf);
4859
21
    (void)BIO_reset(mem);
4860
21
  }
4861
21
#endif
4862
4863
21
  BIO_free(mem);
4864
4865
21
  if(conn_config->verifyhost) {
4866
21
    result = ossl_verifyhost(data, conn, peer, octx->server_cert);
4867
21
    if(result) {
4868
0
      X509_free(octx->server_cert);
4869
0
      octx->server_cert = NULL;
4870
0
      curlx_dyn_free(&dname);
4871
0
      return result;
4872
0
    }
4873
21
  }
4874
4875
21
  result = x509_name_oneline(X509_get_issuer_name(octx->server_cert),
4876
21
                             &dname);
4877
21
  if(result) {
4878
0
    if(strict)
4879
0
      failf(data, "SSL: could not get X509-issuer name");
4880
0
    result = CURLE_PEER_FAILED_VERIFICATION;
4881
0
  }
4882
21
  else {
4883
21
    infof(data, " issuer: %s", curlx_dyn_ptr(&dname));
4884
21
    curlx_dyn_free(&dname);
4885
4886
    /* We could do all sorts of certificate verification stuff here before
4887
       deallocating the certificate. */
4888
4889
    /* e.g. match issuer name with provided issuer certificate */
4890
21
    if(conn_config->issuercert || conn_config->issuercert_blob) {
4891
0
      if(conn_config->issuercert_blob) {
4892
0
        fp = BIO_new_mem_buf(conn_config->issuercert_blob->data,
4893
0
                             (int)conn_config->issuercert_blob->len);
4894
0
        if(!fp) {
4895
0
          failf(data,
4896
0
                "BIO_new_mem_buf NULL, " OSSL_PACKAGE
4897
0
                " error %s",
4898
0
                ossl_strerror(ERR_get_error(), error_buffer,
4899
0
                              sizeof(error_buffer)) );
4900
0
          X509_free(octx->server_cert);
4901
0
          octx->server_cert = NULL;
4902
0
          return CURLE_OUT_OF_MEMORY;
4903
0
        }
4904
0
      }
4905
0
      else {
4906
0
        fp = BIO_new(BIO_s_file());
4907
0
        if(!fp) {
4908
0
          failf(data,
4909
0
                "BIO_new return NULL, " OSSL_PACKAGE
4910
0
                " error %s",
4911
0
                ossl_strerror(ERR_get_error(), error_buffer,
4912
0
                              sizeof(error_buffer)) );
4913
0
          X509_free(octx->server_cert);
4914
0
          octx->server_cert = NULL;
4915
0
          return CURLE_OUT_OF_MEMORY;
4916
0
        }
4917
4918
0
        if(BIO_read_filename(fp, conn_config->issuercert) <= 0) {
4919
0
          if(strict)
4920
0
            failf(data, "SSL: Unable to open issuer cert (%s)",
4921
0
                  conn_config->issuercert);
4922
0
          BIO_free(fp);
4923
0
          X509_free(octx->server_cert);
4924
0
          octx->server_cert = NULL;
4925
0
          return CURLE_SSL_ISSUER_ERROR;
4926
0
        }
4927
0
      }
4928
4929
0
      issuer = PEM_read_bio_X509(fp, NULL, ZERO_NULL, NULL);
4930
0
      if(!issuer) {
4931
0
        if(strict)
4932
0
          failf(data, "SSL: Unable to read issuer cert (%s)",
4933
0
                conn_config->issuercert);
4934
0
        BIO_free(fp);
4935
0
        X509_free(issuer);
4936
0
        X509_free(octx->server_cert);
4937
0
        octx->server_cert = NULL;
4938
0
        return CURLE_SSL_ISSUER_ERROR;
4939
0
      }
4940
4941
0
      if(X509_check_issued(issuer, octx->server_cert) != X509_V_OK) {
4942
0
        if(strict)
4943
0
          failf(data, "SSL: Certificate issuer check failed (%s)",
4944
0
                conn_config->issuercert);
4945
0
        BIO_free(fp);
4946
0
        X509_free(issuer);
4947
0
        X509_free(octx->server_cert);
4948
0
        octx->server_cert = NULL;
4949
0
        return CURLE_SSL_ISSUER_ERROR;
4950
0
      }
4951
4952
0
      infof(data, " SSL certificate issuer check ok (%s)",
4953
0
            conn_config->issuercert);
4954
0
      BIO_free(fp);
4955
0
      X509_free(issuer);
4956
0
    }
4957
4958
21
    lerr = SSL_get_verify_result(octx->ssl);
4959
21
    ssl_config->certverifyresult = lerr;
4960
21
    if(lerr != X509_V_OK) {
4961
0
      if(conn_config->verifypeer) {
4962
        /* We probably never reach this, because SSL_connect() will fail
4963
           and we return earlier if verifypeer is set? */
4964
0
        if(strict)
4965
0
          failf(data, "SSL certificate verify result: %s (%ld)",
4966
0
                X509_verify_cert_error_string(lerr), lerr);
4967
0
        result = CURLE_PEER_FAILED_VERIFICATION;
4968
0
      }
4969
0
      else
4970
0
        infof(data, " SSL certificate verify result: %s (%ld),"
4971
0
              " continuing anyway.",
4972
0
              X509_verify_cert_error_string(lerr), lerr);
4973
0
    }
4974
21
    else
4975
21
      infof(data, " SSL certificate verify ok.");
4976
21
  }
4977
21
  infof_certstack(data, octx->ssl);
4978
4979
21
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_OCSP)
4980
21
  if(conn_config->verifystatus && !octx->reused_session) {
4981
    /* do not do this after Session ID reuse */
4982
0
    result = verifystatus(cf, data, octx);
4983
0
    if(result) {
4984
0
      X509_free(octx->server_cert);
4985
0
      octx->server_cert = NULL;
4986
0
      return result;
4987
0
    }
4988
0
  }
4989
21
#endif
4990
4991
21
  if(!strict)
4992
    /* when not strict, we do not bother about the verify cert problems */
4993
0
    result = CURLE_OK;
4994
4995
21
#ifndef CURL_DISABLE_PROXY
4996
21
  ptr = Curl_ssl_cf_is_proxy(cf) ?
4997
0
    data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
4998
21
    data->set.str[STRING_SSL_PINNEDPUBLICKEY];
4999
#else
5000
  ptr = data->set.str[STRING_SSL_PINNEDPUBLICKEY];
5001
#endif
5002
21
  if(!result && ptr) {
5003
0
    result = ossl_pkp_pin_peer_pubkey(data, octx->server_cert, ptr);
5004
0
    if(result)
5005
0
      failf(data, "SSL: public key does not match pinned public key");
5006
0
  }
5007
5008
21
  X509_free(octx->server_cert);
5009
21
  octx->server_cert = NULL;
5010
5011
21
  return result;
5012
21
}
5013
5014
static CURLcode ossl_connect_step3(struct Curl_cfilter *cf,
5015
                                   struct Curl_easy *data)
5016
21
{
5017
21
  CURLcode result = CURLE_OK;
5018
21
  struct ssl_connect_data *connssl = cf->ctx;
5019
21
  struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend;
5020
5021
21
  DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
5022
5023
  /*
5024
   * We check certificates to authenticate the server; otherwise we risk
5025
   * man-in-the-middle attack; NEVERTHELESS, if we are told explicitly not to
5026
   * verify the peer, ignore faults and failures from the server cert
5027
   * operations.
5028
   */
5029
5030
21
  result = Curl_oss_check_peer_cert(cf, data, octx, &connssl->peer);
5031
21
  if(result)
5032
    /* on error, remove sessions we might have in the pool */
5033
0
    Curl_ssl_scache_remove_all(cf, data, connssl->peer.scache_key);
5034
5035
21
  return result;
5036
21
}
5037
5038
#ifdef HAVE_OPENSSL_EARLYDATA
5039
static CURLcode ossl_send_earlydata(struct Curl_cfilter *cf,
5040
                                    struct Curl_easy *data)
5041
0
{
5042
0
  struct ssl_connect_data *connssl = cf->ctx;
5043
0
  struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend;
5044
0
  CURLcode result = CURLE_OK;
5045
0
  const unsigned char *buf;
5046
0
  size_t blen, nwritten;
5047
0
  int rc;
5048
5049
0
  DEBUGASSERT(connssl->earlydata_state == ssl_earlydata_sending);
5050
0
  octx->io_result = CURLE_OK;
5051
0
  while(Curl_bufq_peek(&connssl->earlydata, &buf, &blen)) {
5052
0
    nwritten = 0;
5053
0
    rc = SSL_write_early_data(octx->ssl, buf, blen, &nwritten);
5054
0
    CURL_TRC_CF(data, cf, "SSL_write_early_data(len=%zu) -> %d, %zu",
5055
0
                blen, rc, nwritten);
5056
0
    if(rc <= 0) {
5057
0
      long sslerror;
5058
0
      char error_buffer[256];
5059
0
      int err = SSL_get_error(octx->ssl, rc);
5060
5061
0
      switch(err) {
5062
0
      case SSL_ERROR_WANT_READ:
5063
0
        connssl->io_need = CURL_SSL_IO_NEED_RECV;
5064
0
        result = CURLE_AGAIN;
5065
0
        goto out;
5066
0
      case SSL_ERROR_WANT_WRITE:
5067
0
        connssl->io_need = CURL_SSL_IO_NEED_SEND;
5068
0
        result = CURLE_AGAIN;
5069
0
        goto out;
5070
0
      case SSL_ERROR_SYSCALL: {
5071
0
        int sockerr = SOCKERRNO;
5072
5073
0
        if(octx->io_result == CURLE_AGAIN) {
5074
0
          result = CURLE_AGAIN;
5075
0
          goto out;
5076
0
        }
5077
0
        sslerror = ERR_get_error();
5078
0
        if(sslerror)
5079
0
          ossl_strerror(sslerror, error_buffer, sizeof(error_buffer));
5080
0
        else if(sockerr)
5081
0
          Curl_strerror(sockerr, error_buffer, sizeof(error_buffer));
5082
0
        else
5083
0
          msnprintf(error_buffer, sizeof(error_buffer), "%s",
5084
0
                    SSL_ERROR_to_str(err));
5085
5086
0
        failf(data, OSSL_PACKAGE " SSL_write:early_data: %s, errno %d",
5087
0
              error_buffer, sockerr);
5088
0
        result = CURLE_SEND_ERROR;
5089
0
        goto out;
5090
0
      }
5091
0
      case SSL_ERROR_SSL: {
5092
        /*  A failure in the SSL library occurred, usually a protocol error.
5093
            The OpenSSL error queue contains more information on the error. */
5094
0
        sslerror = ERR_get_error();
5095
0
        failf(data, "SSL_write_early_data() error: %s",
5096
0
              ossl_strerror(sslerror, error_buffer, sizeof(error_buffer)));
5097
0
        result = CURLE_SEND_ERROR;
5098
0
        goto out;
5099
0
      }
5100
0
      default:
5101
        /* a true error */
5102
0
        failf(data, OSSL_PACKAGE " SSL_write_early_data: %s, errno %d",
5103
0
              SSL_ERROR_to_str(err), SOCKERRNO);
5104
0
        result = CURLE_SEND_ERROR;
5105
0
        goto out;
5106
0
      }
5107
0
    }
5108
0
    Curl_bufq_skip(&connssl->earlydata, nwritten);
5109
0
  }
5110
  /* sent everything there was */
5111
0
  infof(data, "SSL sending %zu bytes of early data", connssl->earlydata_skip);
5112
0
out:
5113
0
  return result;
5114
0
}
5115
#endif /* HAVE_OPENSSL_EARLYDATA */
5116
5117
static CURLcode ossl_connect(struct Curl_cfilter *cf,
5118
                             struct Curl_easy *data,
5119
                             bool *done)
5120
58
{
5121
58
  CURLcode result = CURLE_OK;
5122
58
  struct ssl_connect_data *connssl = cf->ctx;
5123
5124
  /* check if the connection has already been established */
5125
58
  if(ssl_connection_complete == connssl->state) {
5126
0
    *done = TRUE;
5127
0
    return CURLE_OK;
5128
0
  }
5129
5130
58
  *done = FALSE;
5131
58
  connssl->io_need = CURL_SSL_IO_NEED_NONE;
5132
5133
58
  if(ssl_connect_1 == connssl->connecting_state) {
5134
21
    CURL_TRC_CF(data, cf, "ossl_connect, step1");
5135
21
    result = ossl_connect_step1(cf, data);
5136
21
    if(result)
5137
0
      goto out;
5138
21
  }
5139
5140
58
  if(ssl_connect_2 == connssl->connecting_state) {
5141
58
    CURL_TRC_CF(data, cf, "ossl_connect, step2");
5142
58
#ifdef HAVE_OPENSSL_EARLYDATA
5143
58
    if(connssl->earlydata_state == ssl_earlydata_await) {
5144
0
      goto out;
5145
0
    }
5146
58
    else if(connssl->earlydata_state == ssl_earlydata_sending) {
5147
0
      result = ossl_send_earlydata(cf, data);
5148
0
      if(result)
5149
0
        goto out;
5150
0
      connssl->earlydata_state = ssl_earlydata_sent;
5151
0
    }
5152
58
#endif
5153
58
    DEBUGASSERT((connssl->earlydata_state == ssl_earlydata_none) ||
5154
58
                (connssl->earlydata_state == ssl_earlydata_sent));
5155
5156
58
    result = ossl_connect_step2(cf, data);
5157
58
    if(result)
5158
37
      goto out;
5159
58
  }
5160
5161
21
  if(ssl_connect_3 == connssl->connecting_state) {
5162
21
    CURL_TRC_CF(data, cf, "ossl_connect, step3");
5163
21
    result = ossl_connect_step3(cf, data);
5164
21
    if(result)
5165
0
      goto out;
5166
21
    connssl->connecting_state = ssl_connect_done;
5167
21
#ifdef HAVE_OPENSSL_EARLYDATA
5168
21
    if(connssl->earlydata_state > ssl_earlydata_none) {
5169
0
      struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend;
5170
      /* We should be in this state by now */
5171
0
      DEBUGASSERT(connssl->earlydata_state == ssl_earlydata_sent);
5172
0
      connssl->earlydata_state =
5173
0
        (SSL_get_early_data_status(octx->ssl) == SSL_EARLY_DATA_ACCEPTED) ?
5174
0
        ssl_earlydata_accepted : ssl_earlydata_rejected;
5175
0
    }
5176
21
#endif
5177
21
  }
5178
5179
21
  if(ssl_connect_done == connssl->connecting_state) {
5180
21
    CURL_TRC_CF(data, cf, "ossl_connect, done");
5181
21
    connssl->state = ssl_connection_complete;
5182
21
  }
5183
5184
58
out:
5185
58
  if(result == CURLE_AGAIN) {
5186
37
    *done = FALSE;
5187
37
    return CURLE_OK;
5188
37
  }
5189
21
  *done = ((connssl->state == ssl_connection_complete) ||
5190
21
           (connssl->state == ssl_connection_deferred));
5191
21
  return result;
5192
58
}
5193
5194
static bool ossl_data_pending(struct Curl_cfilter *cf,
5195
                              const struct Curl_easy *data)
5196
57
{
5197
57
  struct ssl_connect_data *connssl = cf->ctx;
5198
57
  struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend;
5199
5200
57
  (void)data;
5201
57
  DEBUGASSERT(connssl && octx);
5202
57
  if(octx->ssl && SSL_pending(octx->ssl))
5203
0
    return TRUE;
5204
57
  return FALSE;
5205
57
}
5206
5207
static ssize_t ossl_send(struct Curl_cfilter *cf,
5208
                         struct Curl_easy *data,
5209
                         const void *mem,
5210
                         size_t len,
5211
                         CURLcode *curlcode)
5212
35
{
5213
  /* SSL_write() is said to return 'int' while write() and send() returns
5214
     'size_t' */
5215
35
  int err;
5216
35
  char error_buffer[256];
5217
35
  sslerr_t sslerror;
5218
35
  int memlen;
5219
35
  int rc;
5220
35
  struct ssl_connect_data *connssl = cf->ctx;
5221
35
  struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend;
5222
5223
35
  (void)data;
5224
35
  DEBUGASSERT(octx);
5225
5226
35
  ERR_clear_error();
5227
5228
35
  connssl->io_need = CURL_SSL_IO_NEED_NONE;
5229
35
  memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len;
5230
35
  rc = SSL_write(octx->ssl, mem, memlen);
5231
5232
35
  if(rc <= 0) {
5233
0
    err = SSL_get_error(octx->ssl, rc);
5234
5235
0
    switch(err) {
5236
0
    case SSL_ERROR_WANT_READ:
5237
0
      connssl->io_need = CURL_SSL_IO_NEED_RECV;
5238
0
      *curlcode = CURLE_AGAIN;
5239
0
      rc = -1;
5240
0
      goto out;
5241
0
    case SSL_ERROR_WANT_WRITE:
5242
0
      *curlcode = CURLE_AGAIN;
5243
0
      rc = -1;
5244
0
      goto out;
5245
0
    case SSL_ERROR_SYSCALL:
5246
0
    {
5247
0
      int sockerr = SOCKERRNO;
5248
5249
0
      if(octx->io_result == CURLE_AGAIN) {
5250
0
        *curlcode = CURLE_AGAIN;
5251
0
        rc = -1;
5252
0
        goto out;
5253
0
      }
5254
0
      sslerror = ERR_get_error();
5255
0
      if(sslerror)
5256
0
        ossl_strerror(sslerror, error_buffer, sizeof(error_buffer));
5257
0
      else if(sockerr)
5258
0
        Curl_strerror(sockerr, error_buffer, sizeof(error_buffer));
5259
0
      else
5260
0
        msnprintf(error_buffer, sizeof(error_buffer), "%s",
5261
0
                  SSL_ERROR_to_str(err));
5262
5263
0
      failf(data, OSSL_PACKAGE " SSL_write: %s, errno %d",
5264
0
            error_buffer, sockerr);
5265
0
      *curlcode = CURLE_SEND_ERROR;
5266
0
      rc = -1;
5267
0
      goto out;
5268
0
    }
5269
0
    case SSL_ERROR_SSL: {
5270
      /*  A failure in the SSL library occurred, usually a protocol error.
5271
          The OpenSSL error queue contains more information on the error. */
5272
0
      sslerror = ERR_get_error();
5273
0
      failf(data, "SSL_write() error: %s",
5274
0
            ossl_strerror(sslerror, error_buffer, sizeof(error_buffer)));
5275
0
      *curlcode = CURLE_SEND_ERROR;
5276
0
      rc = -1;
5277
0
      goto out;
5278
0
    }
5279
0
    default:
5280
      /* a true error */
5281
0
      failf(data, OSSL_PACKAGE " SSL_write: %s, errno %d",
5282
0
            SSL_ERROR_to_str(err), SOCKERRNO);
5283
0
      *curlcode = CURLE_SEND_ERROR;
5284
0
      rc = -1;
5285
0
      goto out;
5286
0
    }
5287
0
  }
5288
35
  *curlcode = CURLE_OK;
5289
5290
35
out:
5291
35
  return (ssize_t)rc; /* number of bytes */
5292
35
}
5293
5294
static ssize_t ossl_recv(struct Curl_cfilter *cf,
5295
                         struct Curl_easy *data,   /* transfer */
5296
                         char *buf,                /* store read data here */
5297
                         size_t buffersize,        /* max amount to read */
5298
                         CURLcode *curlcode)
5299
96
{
5300
96
  char error_buffer[256];
5301
96
  unsigned long sslerror;
5302
96
  ssize_t nread;
5303
96
  int buffsize;
5304
96
  struct connectdata *conn = cf->conn;
5305
96
  struct ssl_connect_data *connssl = cf->ctx;
5306
96
  struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend;
5307
5308
96
  (void)data;
5309
96
  DEBUGASSERT(octx);
5310
5311
96
  ERR_clear_error();
5312
5313
96
  connssl->io_need = CURL_SSL_IO_NEED_NONE;
5314
96
  buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize;
5315
96
  nread = (ssize_t)SSL_read(octx->ssl, buf, buffsize);
5316
5317
96
  if(nread <= 0) {
5318
    /* failed SSL_read */
5319
57
    int err = SSL_get_error(octx->ssl, (int)nread);
5320
5321
57
    switch(err) {
5322
0
    case SSL_ERROR_NONE: /* this is not an error */
5323
0
      break;
5324
0
    case SSL_ERROR_ZERO_RETURN: /* no more data */
5325
      /* close_notify alert */
5326
0
      if(cf->sockindex == FIRSTSOCKET)
5327
        /* mark the connection for close if it is indeed the control
5328
           connection */
5329
0
        connclose(conn, "TLS close_notify");
5330
0
      break;
5331
57
    case SSL_ERROR_WANT_READ:
5332
57
      *curlcode = CURLE_AGAIN;
5333
57
      nread = -1;
5334
57
      goto out;
5335
0
    case SSL_ERROR_WANT_WRITE:
5336
0
      connssl->io_need = CURL_SSL_IO_NEED_SEND;
5337
0
      *curlcode = CURLE_AGAIN;
5338
0
      nread = -1;
5339
0
      goto out;
5340
0
    default:
5341
      /* openssl/ssl.h for SSL_ERROR_SYSCALL says "look at error stack/return
5342
         value/errno" */
5343
      /* https://docs.openssl.org/master/man3/ERR_get_error/ */
5344
0
      if(octx->io_result == CURLE_AGAIN) {
5345
0
        *curlcode = CURLE_AGAIN;
5346
0
        nread = -1;
5347
0
        goto out;
5348
0
      }
5349
0
      sslerror = ERR_get_error();
5350
0
      if((nread < 0) || sslerror) {
5351
        /* If the return code was negative or there actually is an error in the
5352
           queue */
5353
0
        int sockerr = SOCKERRNO;
5354
0
        if(sslerror)
5355
0
          ossl_strerror(sslerror, error_buffer, sizeof(error_buffer));
5356
0
        else if(sockerr && err == SSL_ERROR_SYSCALL)
5357
0
          Curl_strerror(sockerr, error_buffer, sizeof(error_buffer));
5358
0
        else
5359
0
          msnprintf(error_buffer, sizeof(error_buffer), "%s",
5360
0
                    SSL_ERROR_to_str(err));
5361
0
        failf(data, OSSL_PACKAGE " SSL_read: %s, errno %d",
5362
0
              error_buffer, sockerr);
5363
0
        *curlcode = CURLE_RECV_ERROR;
5364
0
        nread = -1;
5365
0
        goto out;
5366
0
      }
5367
      /* For debug builds be a little stricter and error on any
5368
         SSL_ERROR_SYSCALL. For example a server may have closed the connection
5369
         abruptly without a close_notify alert. For compatibility with older
5370
         peers we do not do this by default. #4624
5371
5372
         We can use this to gauge how many users may be affected, and
5373
         if it goes ok eventually transition to allow in dev and release with
5374
         the newest OpenSSL: #if (OPENSSL_VERSION_NUMBER >= 0x10101000L) */
5375
#ifdef DEBUGBUILD
5376
      if(err == SSL_ERROR_SYSCALL) {
5377
        int sockerr = SOCKERRNO;
5378
        if(sockerr)
5379
          Curl_strerror(sockerr, error_buffer, sizeof(error_buffer));
5380
        else {
5381
          msnprintf(error_buffer, sizeof(error_buffer),
5382
                    "Connection closed abruptly");
5383
        }
5384
        failf(data, OSSL_PACKAGE " SSL_read: %s, errno %d"
5385
              " (Fatal because this is a curl debug build)",
5386
              error_buffer, sockerr);
5387
        *curlcode = CURLE_RECV_ERROR;
5388
        nread = -1;
5389
        goto out;
5390
      }
5391
#endif
5392
57
    }
5393
57
  }
5394
5395
96
out:
5396
96
  return nread;
5397
96
}
5398
5399
static CURLcode ossl_get_channel_binding(struct Curl_easy *data, int sockindex,
5400
                                         struct dynbuf *binding)
5401
0
{
5402
  /* required for X509_get_signature_nid support */
5403
0
#if OPENSSL_VERSION_NUMBER > 0x10100000L
5404
0
  X509 *cert;
5405
0
  int algo_nid;
5406
0
  const EVP_MD *algo_type;
5407
0
  const char *algo_name;
5408
0
  unsigned int length;
5409
0
  unsigned char buf[EVP_MAX_MD_SIZE];
5410
5411
0
  const char prefix[] = "tls-server-end-point:";
5412
0
  struct connectdata *conn = data->conn;
5413
0
  struct Curl_cfilter *cf = conn->cfilter[sockindex];
5414
0
  struct ossl_ctx *octx = NULL;
5415
5416
0
  do {
5417
0
    const struct Curl_cftype *cft = cf->cft;
5418
0
    struct ssl_connect_data *connssl = cf->ctx;
5419
5420
0
    if(cft->name && !strcmp(cft->name, "SSL")) {
5421
0
      octx = (struct ossl_ctx *)connssl->backend;
5422
0
      break;
5423
0
    }
5424
5425
0
    if(cf->next)
5426
0
      cf = cf->next;
5427
5428
0
  } while(cf->next);
5429
5430
0
  if(!octx) {
5431
0
    failf(data, "Failed to find the SSL filter");
5432
0
    return CURLE_BAD_FUNCTION_ARGUMENT;
5433
0
  }
5434
5435
0
  cert = SSL_get1_peer_certificate(octx->ssl);
5436
0
  if(!cert) {
5437
    /* No server certificate, don't do channel binding */
5438
0
    return CURLE_OK;
5439
0
  }
5440
5441
0
  if(!OBJ_find_sigid_algs(X509_get_signature_nid(cert), &algo_nid, NULL)) {
5442
0
    failf(data,
5443
0
          "Unable to find digest NID for certificate signature algorithm");
5444
0
    return CURLE_SSL_INVALIDCERTSTATUS;
5445
0
  }
5446
5447
  /* https://datatracker.ietf.org/doc/html/rfc5929#section-4.1 */
5448
0
  if(algo_nid == NID_md5 || algo_nid == NID_sha1) {
5449
0
    algo_type = EVP_sha256();
5450
0
  }
5451
0
  else {
5452
0
    algo_type = EVP_get_digestbynid(algo_nid);
5453
0
    if(!algo_type) {
5454
0
      algo_name = OBJ_nid2sn(algo_nid);
5455
0
      failf(data, "Could not find digest algorithm %s (NID %d)",
5456
0
            algo_name ? algo_name : "(null)", algo_nid);
5457
0
      return CURLE_SSL_INVALIDCERTSTATUS;
5458
0
    }
5459
0
  }
5460
5461
0
  if(!X509_digest(cert, algo_type, buf, &length)) {
5462
0
    failf(data, "X509_digest() failed");
5463
0
    return CURLE_SSL_INVALIDCERTSTATUS;
5464
0
  }
5465
5466
  /* Append "tls-server-end-point:" */
5467
0
  if(curlx_dyn_addn(binding, prefix, sizeof(prefix) - 1) != CURLE_OK)
5468
0
    return CURLE_OUT_OF_MEMORY;
5469
  /* Append digest */
5470
0
  if(curlx_dyn_addn(binding, buf, length))
5471
0
    return CURLE_OUT_OF_MEMORY;
5472
5473
0
  return CURLE_OK;
5474
#else
5475
  /* No X509_get_signature_nid support */
5476
  (void)data; /* unused */
5477
  (void)sockindex; /* unused */
5478
  (void)binding; /* unused */
5479
  return CURLE_OK;
5480
#endif
5481
0
}
5482
5483
size_t Curl_ossl_version(char *buffer, size_t size)
5484
24
{
5485
#ifdef LIBRESSL_VERSION_NUMBER
5486
  char *p;
5487
  size_t count;
5488
  const char *ver = OpenSSL_version(OPENSSL_VERSION);
5489
  const char expected[] = OSSL_PACKAGE " "; /* ie "LibreSSL " */
5490
  if(strncasecompare(ver, expected, sizeof(expected) - 1)) {
5491
    ver += sizeof(expected) - 1;
5492
  }
5493
  count = msnprintf(buffer, size, "%s/%s", OSSL_PACKAGE, ver);
5494
  for(p = buffer; *p; ++p) {
5495
    if(ISBLANK(*p))
5496
      *p = '_';
5497
  }
5498
  return count;
5499
#elif defined(OPENSSL_IS_BORINGSSL)
5500
#ifdef CURL_BORINGSSL_VERSION
5501
  return msnprintf(buffer, size, "%s/%s",
5502
                   OSSL_PACKAGE,
5503
                   CURL_BORINGSSL_VERSION);
5504
#else
5505
  return msnprintf(buffer, size, OSSL_PACKAGE);
5506
#endif
5507
#elif defined(OPENSSL_IS_AWSLC)
5508
  return msnprintf(buffer, size, "%s/%s",
5509
                   OSSL_PACKAGE,
5510
                   AWSLC_VERSION_NUMBER_STRING);
5511
#elif defined(HAVE_OPENSSL_VERSION) && defined(OPENSSL_VERSION_STRING)
5512
  return msnprintf(buffer, size, "%s/%s",
5513
                   OSSL_PACKAGE, OpenSSL_version(OPENSSL_VERSION_STRING));
5514
#else
5515
  /* not LibreSSL, BoringSSL and not using OpenSSL_version */
5516
5517
24
  char sub[3];
5518
24
  unsigned long ssleay_value;
5519
24
  sub[2]='\0';
5520
24
  sub[1]='\0';
5521
24
  ssleay_value = OpenSSL_version_num();
5522
24
  if(ssleay_value&0xff0) {
5523
24
    int minor_ver = (ssleay_value >> 4) & 0xff;
5524
24
    if(minor_ver > 26) {
5525
      /* handle extended version introduced for 0.9.8za */
5526
0
      sub[1] = (char) ((minor_ver - 1) % 26 + 'a' + 1);
5527
0
      sub[0] = 'z';
5528
0
    }
5529
24
    else {
5530
24
      sub[0] = (char) (minor_ver + 'a' - 1);
5531
24
    }
5532
24
  }
5533
0
  else
5534
0
    sub[0]='\0';
5535
5536
24
  return msnprintf(buffer, size, "%s/%lx.%lx.%lx%s"
5537
#ifdef OPENSSL_FIPS
5538
                   "-fips"
5539
#endif
5540
24
                   ,
5541
24
                   OSSL_PACKAGE,
5542
24
                   (ssleay_value >> 28) & 0xf,
5543
24
                   (ssleay_value >> 20) & 0xff,
5544
24
                   (ssleay_value >> 12) & 0xff,
5545
24
                   sub);
5546
24
#endif /* OPENSSL_IS_BORINGSSL */
5547
24
}
5548
5549
/* can be called with data == NULL */
5550
static CURLcode ossl_random(struct Curl_easy *data,
5551
                            unsigned char *entropy, size_t length)
5552
0
{
5553
0
  int rc;
5554
0
  if(data) {
5555
0
    if(ossl_seed(data)) /* Initiate the seed if not already done */
5556
0
      return CURLE_FAILED_INIT; /* could not seed for some reason */
5557
0
  }
5558
0
  else {
5559
0
    if(!rand_enough())
5560
0
      return CURLE_FAILED_INIT;
5561
0
  }
5562
  /* RAND_bytes() returns 1 on success, 0 otherwise.  */
5563
0
  rc = RAND_bytes(entropy, (ossl_valsize_t)curlx_uztosi(length));
5564
0
  return rc == 1 ? CURLE_OK : CURLE_FAILED_INIT;
5565
0
}
5566
5567
#ifndef OPENSSL_NO_SHA256
5568
static CURLcode ossl_sha256sum(const unsigned char *tmp, /* input */
5569
                               size_t tmplen,
5570
                               unsigned char *sha256sum /* output */,
5571
                               size_t unused)
5572
0
{
5573
0
  EVP_MD_CTX *mdctx;
5574
0
  unsigned int len = 0;
5575
0
  (void) unused;
5576
5577
0
  mdctx = EVP_MD_CTX_create();
5578
0
  if(!mdctx)
5579
0
    return CURLE_OUT_OF_MEMORY;
5580
0
  if(!EVP_DigestInit(mdctx, EVP_sha256())) {
5581
0
    EVP_MD_CTX_destroy(mdctx);
5582
0
    return CURLE_FAILED_INIT;
5583
0
  }
5584
0
  EVP_DigestUpdate(mdctx, tmp, tmplen);
5585
0
  EVP_DigestFinal_ex(mdctx, sha256sum, &len);
5586
0
  EVP_MD_CTX_destroy(mdctx);
5587
0
  return CURLE_OK;
5588
0
}
5589
#endif
5590
5591
static bool ossl_cert_status_request(void)
5592
0
{
5593
0
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_OCSP)
5594
0
  return TRUE;
5595
#else
5596
  return FALSE;
5597
#endif
5598
0
}
5599
5600
static void *ossl_get_internals(struct ssl_connect_data *connssl,
5601
                                CURLINFO info)
5602
0
{
5603
  /* Legacy: CURLINFO_TLS_SESSION must return an SSL_CTX pointer. */
5604
0
  struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend;
5605
0
  DEBUGASSERT(octx);
5606
0
  return info == CURLINFO_TLS_SESSION ?
5607
0
    (void *)octx->ssl_ctx : (void *)octx->ssl;
5608
0
}
5609
5610
const struct Curl_ssl Curl_ssl_openssl = {
5611
  { CURLSSLBACKEND_OPENSSL, "openssl" }, /* info */
5612
5613
  SSLSUPP_CA_PATH |
5614
  SSLSUPP_CAINFO_BLOB |
5615
  SSLSUPP_CERTINFO |
5616
  SSLSUPP_PINNEDPUBKEY |
5617
  SSLSUPP_SSL_CTX |
5618
#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
5619
  SSLSUPP_TLS13_CIPHERSUITES |
5620
#endif
5621
#ifdef HAVE_SSL_CTX_SET1_SIGALGS
5622
  SSLSUPP_SIGNATURE_ALGORITHMS |
5623
#endif
5624
#ifdef USE_ECH_OPENSSL
5625
  SSLSUPP_ECH |
5626
#endif
5627
  SSLSUPP_CA_CACHE |
5628
  SSLSUPP_HTTPS_PROXY |
5629
  SSLSUPP_CIPHER_LIST,
5630
5631
  sizeof(struct ossl_ctx),
5632
5633
  ossl_init,                /* init */
5634
  ossl_cleanup,             /* cleanup */
5635
  Curl_ossl_version,        /* version */
5636
  ossl_shutdown,            /* shutdown */
5637
  ossl_data_pending,        /* data_pending */
5638
  ossl_random,              /* random */
5639
  ossl_cert_status_request, /* cert_status_request */
5640
  ossl_connect,             /* connect */
5641
  Curl_ssl_adjust_pollset,  /* adjust_pollset */
5642
  ossl_get_internals,       /* get_internals */
5643
  ossl_close,               /* close_one */
5644
  ossl_close_all,           /* close_all */
5645
  ossl_set_engine,          /* set_engine or provider */
5646
  ossl_set_engine_default,  /* set_engine_default */
5647
  ossl_engines_list,        /* engines_list */
5648
  NULL,                     /* false_start */
5649
#ifndef OPENSSL_NO_SHA256
5650
  ossl_sha256sum,           /* sha256sum */
5651
#else
5652
  NULL,                     /* sha256sum */
5653
#endif
5654
  ossl_recv,                /* recv decrypted data */
5655
  ossl_send,                /* send data to encrypt */
5656
  ossl_get_channel_binding  /* get_channel_binding */
5657
};
5658
5659
#endif /* USE_OPENSSL */