• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /***************************************************************************
2  *                                  _   _ ____  _
3  *  Project                     ___| | | |  _ \| |
4  *                             / __| | | | |_) | |
5  *                            | (__| |_| |  _ <| |___
6  *                             \___|\___/|_| \_\_____|
7  *
8  * Copyright (C) Michael Forney, <mforney@mforney.org>
9  *
10  * This software is licensed as described in the file COPYING, which
11  * you should have received as part of this distribution. The terms
12  * are also available at https://curl.se/docs/copyright.html.
13  *
14  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15  * copies of the Software, and permit persons to whom the Software is
16  * furnished to do so, under the terms of the COPYING file.
17  *
18  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19  * KIND, either express or implied.
20  *
21  * SPDX-License-Identifier: curl
22  *
23  ***************************************************************************/
24 #include "curl_setup.h"
25 
26 #ifdef USE_BEARSSL
27 
28 #include <bearssl.h>
29 
30 #include "bearssl.h"
31 #include "urldata.h"
32 #include "sendf.h"
33 #include "inet_pton.h"
34 #include "vtls.h"
35 #include "vtls_int.h"
36 #include "connect.h"
37 #include "select.h"
38 #include "multiif.h"
39 #include "curl_printf.h"
40 #include "strcase.h"
41 
42 /* The last #include files should be: */
43 #include "curl_memory.h"
44 #include "memdebug.h"
45 
46 struct x509_context {
47   const br_x509_class *vtable;
48   br_x509_minimal_context minimal;
49   br_x509_decoder_context decoder;
50   bool verifyhost;
51   bool verifypeer;
52   int cert_num;
53 };
54 
55 struct bearssl_ssl_backend_data {
56   br_ssl_client_context ctx;
57   struct x509_context x509;
58   unsigned char buf[BR_SSL_BUFSIZE_BIDI];
59   br_x509_trust_anchor *anchors;
60   size_t anchors_len;
61   const char *protocols[ALPN_ENTRIES_MAX];
62   /* SSL client context is active */
63   bool active;
64   /* size of pending write, yet to be flushed */
65   size_t pending_write;
66 };
67 
68 struct cafile_parser {
69   CURLcode err;
70   bool in_cert;
71   br_x509_decoder_context xc;
72   /* array of trust anchors loaded from CAfile */
73   br_x509_trust_anchor *anchors;
74   size_t anchors_len;
75   /* buffer for DN data */
76   unsigned char dn[1024];
77   size_t dn_len;
78 };
79 
80 #define CAFILE_SOURCE_PATH 1
81 #define CAFILE_SOURCE_BLOB 2
82 struct cafile_source {
83   int type;
84   const char *data;
85   size_t len;
86 };
87 
append_dn(void * ctx,const void * buf,size_t len)88 static void append_dn(void *ctx, const void *buf, size_t len)
89 {
90   struct cafile_parser *ca = ctx;
91 
92   if(ca->err != CURLE_OK || !ca->in_cert)
93     return;
94   if(sizeof(ca->dn) - ca->dn_len < len) {
95     ca->err = CURLE_FAILED_INIT;
96     return;
97   }
98   memcpy(ca->dn + ca->dn_len, buf, len);
99   ca->dn_len += len;
100 }
101 
x509_push(void * ctx,const void * buf,size_t len)102 static void x509_push(void *ctx, const void *buf, size_t len)
103 {
104   struct cafile_parser *ca = ctx;
105 
106   if(ca->in_cert)
107     br_x509_decoder_push(&ca->xc, buf, len);
108 }
109 
load_cafile(struct cafile_source * source,br_x509_trust_anchor ** anchors,size_t * anchors_len)110 static CURLcode load_cafile(struct cafile_source *source,
111                             br_x509_trust_anchor **anchors,
112                             size_t *anchors_len)
113 {
114   struct cafile_parser ca;
115   br_pem_decoder_context pc;
116   br_x509_trust_anchor *ta;
117   size_t ta_size;
118   br_x509_trust_anchor *new_anchors;
119   size_t new_anchors_len;
120   br_x509_pkey *pkey;
121   FILE *fp = 0;
122   unsigned char buf[BUFSIZ];
123   const unsigned char *p;
124   const char *name;
125   size_t n, i, pushed;
126 
127   DEBUGASSERT(source->type == CAFILE_SOURCE_PATH
128               || source->type == CAFILE_SOURCE_BLOB);
129 
130   if(source->type == CAFILE_SOURCE_PATH) {
131     fp = fopen(source->data, "rb");
132     if(!fp)
133       return CURLE_SSL_CACERT_BADFILE;
134   }
135 
136   if(source->type == CAFILE_SOURCE_BLOB && source->len > (size_t)INT_MAX)
137     return CURLE_SSL_CACERT_BADFILE;
138 
139   ca.err = CURLE_OK;
140   ca.in_cert = FALSE;
141   ca.anchors = NULL;
142   ca.anchors_len = 0;
143   br_pem_decoder_init(&pc);
144   br_pem_decoder_setdest(&pc, x509_push, &ca);
145   do {
146     if(source->type == CAFILE_SOURCE_PATH) {
147       n = fread(buf, 1, sizeof(buf), fp);
148       if(n == 0)
149         break;
150       p = buf;
151     }
152     else if(source->type == CAFILE_SOURCE_BLOB) {
153       n = source->len;
154       p = (unsigned char *) source->data;
155     }
156     while(n) {
157       pushed = br_pem_decoder_push(&pc, p, n);
158       if(ca.err)
159         goto fail;
160       p += pushed;
161       n -= pushed;
162 
163       switch(br_pem_decoder_event(&pc)) {
164       case 0:
165         break;
166       case BR_PEM_BEGIN_OBJ:
167         name = br_pem_decoder_name(&pc);
168         if(strcmp(name, "CERTIFICATE") && strcmp(name, "X509 CERTIFICATE"))
169           break;
170         br_x509_decoder_init(&ca.xc, append_dn, &ca);
171         ca.in_cert = TRUE;
172         ca.dn_len = 0;
173         break;
174       case BR_PEM_END_OBJ:
175         if(!ca.in_cert)
176           break;
177         ca.in_cert = FALSE;
178         if(br_x509_decoder_last_error(&ca.xc)) {
179           ca.err = CURLE_SSL_CACERT_BADFILE;
180           goto fail;
181         }
182         /* add trust anchor */
183         if(ca.anchors_len == SIZE_MAX / sizeof(ca.anchors[0])) {
184           ca.err = CURLE_OUT_OF_MEMORY;
185           goto fail;
186         }
187         new_anchors_len = ca.anchors_len + 1;
188         new_anchors = realloc(ca.anchors,
189                               new_anchors_len * sizeof(ca.anchors[0]));
190         if(!new_anchors) {
191           ca.err = CURLE_OUT_OF_MEMORY;
192           goto fail;
193         }
194         ca.anchors = new_anchors;
195         ca.anchors_len = new_anchors_len;
196         ta = &ca.anchors[ca.anchors_len - 1];
197         ta->dn.data = NULL;
198         ta->flags = 0;
199         if(br_x509_decoder_isCA(&ca.xc))
200           ta->flags |= BR_X509_TA_CA;
201         pkey = br_x509_decoder_get_pkey(&ca.xc);
202         if(!pkey) {
203           ca.err = CURLE_SSL_CACERT_BADFILE;
204           goto fail;
205         }
206         ta->pkey = *pkey;
207 
208         /* calculate space needed for trust anchor data */
209         ta_size = ca.dn_len;
210         switch(pkey->key_type) {
211         case BR_KEYTYPE_RSA:
212           ta_size += pkey->key.rsa.nlen + pkey->key.rsa.elen;
213           break;
214         case BR_KEYTYPE_EC:
215           ta_size += pkey->key.ec.qlen;
216           break;
217         default:
218           ca.err = CURLE_FAILED_INIT;
219           goto fail;
220         }
221 
222         /* fill in trust anchor DN and public key data */
223         ta->dn.data = malloc(ta_size);
224         if(!ta->dn.data) {
225           ca.err = CURLE_OUT_OF_MEMORY;
226           goto fail;
227         }
228         memcpy(ta->dn.data, ca.dn, ca.dn_len);
229         ta->dn.len = ca.dn_len;
230         switch(pkey->key_type) {
231         case BR_KEYTYPE_RSA:
232           ta->pkey.key.rsa.n = ta->dn.data + ta->dn.len;
233           memcpy(ta->pkey.key.rsa.n, pkey->key.rsa.n, pkey->key.rsa.nlen);
234           ta->pkey.key.rsa.e = ta->pkey.key.rsa.n + ta->pkey.key.rsa.nlen;
235           memcpy(ta->pkey.key.rsa.e, pkey->key.rsa.e, pkey->key.rsa.elen);
236           break;
237         case BR_KEYTYPE_EC:
238           ta->pkey.key.ec.q = ta->dn.data + ta->dn.len;
239           memcpy(ta->pkey.key.ec.q, pkey->key.ec.q, pkey->key.ec.qlen);
240           break;
241         }
242         break;
243       default:
244         ca.err = CURLE_SSL_CACERT_BADFILE;
245         goto fail;
246       }
247     }
248   } while(source->type != CAFILE_SOURCE_BLOB);
249   if(fp && ferror(fp))
250     ca.err = CURLE_READ_ERROR;
251   else if(ca.in_cert)
252     ca.err = CURLE_SSL_CACERT_BADFILE;
253 
254 fail:
255   if(fp)
256     fclose(fp);
257   if(ca.err == CURLE_OK) {
258     *anchors = ca.anchors;
259     *anchors_len = ca.anchors_len;
260   }
261   else {
262     for(i = 0; i < ca.anchors_len; ++i)
263       free(ca.anchors[i].dn.data);
264     free(ca.anchors);
265   }
266 
267   return ca.err;
268 }
269 
x509_start_chain(const br_x509_class ** ctx,const char * server_name)270 static void x509_start_chain(const br_x509_class **ctx,
271                              const char *server_name)
272 {
273   struct x509_context *x509 = (struct x509_context *)ctx;
274 
275   if(!x509->verifypeer) {
276     x509->cert_num = 0;
277     return;
278   }
279 
280   if(!x509->verifyhost)
281     server_name = NULL;
282   x509->minimal.vtable->start_chain(&x509->minimal.vtable, server_name);
283 }
284 
x509_start_cert(const br_x509_class ** ctx,uint32_t length)285 static void x509_start_cert(const br_x509_class **ctx, uint32_t length)
286 {
287   struct x509_context *x509 = (struct x509_context *)ctx;
288 
289   if(!x509->verifypeer) {
290     /* Only decode the first cert in the chain to obtain the public key */
291     if(x509->cert_num == 0)
292       br_x509_decoder_init(&x509->decoder, NULL, NULL);
293     return;
294   }
295 
296   x509->minimal.vtable->start_cert(&x509->minimal.vtable, length);
297 }
298 
x509_append(const br_x509_class ** ctx,const unsigned char * buf,size_t len)299 static void x509_append(const br_x509_class **ctx, const unsigned char *buf,
300                         size_t len)
301 {
302   struct x509_context *x509 = (struct x509_context *)ctx;
303 
304   if(!x509->verifypeer) {
305     if(x509->cert_num == 0)
306       br_x509_decoder_push(&x509->decoder, buf, len);
307     return;
308   }
309 
310   x509->minimal.vtable->append(&x509->minimal.vtable, buf, len);
311 }
312 
x509_end_cert(const br_x509_class ** ctx)313 static void x509_end_cert(const br_x509_class **ctx)
314 {
315   struct x509_context *x509 = (struct x509_context *)ctx;
316 
317   if(!x509->verifypeer) {
318     x509->cert_num++;
319     return;
320   }
321 
322   x509->minimal.vtable->end_cert(&x509->minimal.vtable);
323 }
324 
x509_end_chain(const br_x509_class ** ctx)325 static unsigned x509_end_chain(const br_x509_class **ctx)
326 {
327   struct x509_context *x509 = (struct x509_context *)ctx;
328 
329   if(!x509->verifypeer) {
330     return br_x509_decoder_last_error(&x509->decoder);
331   }
332 
333   return x509->minimal.vtable->end_chain(&x509->minimal.vtable);
334 }
335 
x509_get_pkey(const br_x509_class * const * ctx,unsigned * usages)336 static const br_x509_pkey *x509_get_pkey(const br_x509_class *const *ctx,
337                                          unsigned *usages)
338 {
339   struct x509_context *x509 = (struct x509_context *)ctx;
340 
341   if(!x509->verifypeer) {
342     /* Nothing in the chain is verified, just return the public key of the
343        first certificate and allow its usage for both TLS_RSA_* and
344        TLS_ECDHE_* */
345     if(usages)
346       *usages = BR_KEYTYPE_KEYX | BR_KEYTYPE_SIGN;
347     return br_x509_decoder_get_pkey(&x509->decoder);
348   }
349 
350   return x509->minimal.vtable->get_pkey(&x509->minimal.vtable, usages);
351 }
352 
353 static const br_x509_class x509_vtable = {
354   sizeof(struct x509_context),
355   x509_start_chain,
356   x509_start_cert,
357   x509_append,
358   x509_end_cert,
359   x509_end_chain,
360   x509_get_pkey
361 };
362 
363 struct st_cipher {
364   const char *name; /* Cipher suite IANA name. It starts with "TLS_" prefix */
365   const char *alias_name; /* Alias name is the same as OpenSSL cipher name */
366   uint16_t num; /* BearSSL cipher suite */
367 };
368 
369 /* Macro to initialize st_cipher data structure */
370 #define CIPHER_DEF(num, alias) { #num, alias, BR_##num }
371 
372 static const struct st_cipher ciphertable[] = {
373   /* RFC 2246 TLS 1.0 */
374   CIPHER_DEF(TLS_RSA_WITH_3DES_EDE_CBC_SHA,                        /* 0x000A */
375              "DES-CBC3-SHA"),
376 
377   /* RFC 3268 TLS 1.0 AES */
378   CIPHER_DEF(TLS_RSA_WITH_AES_128_CBC_SHA,                         /* 0x002F */
379              "AES128-SHA"),
380   CIPHER_DEF(TLS_RSA_WITH_AES_256_CBC_SHA,                         /* 0x0035 */
381              "AES256-SHA"),
382 
383   /* RFC 5246 TLS 1.2 */
384   CIPHER_DEF(TLS_RSA_WITH_AES_128_CBC_SHA256,                      /* 0x003C */
385              "AES128-SHA256"),
386   CIPHER_DEF(TLS_RSA_WITH_AES_256_CBC_SHA256,                      /* 0x003D */
387              "AES256-SHA256"),
388 
389   /* RFC 5288 TLS 1.2 AES GCM */
390   CIPHER_DEF(TLS_RSA_WITH_AES_128_GCM_SHA256,                      /* 0x009C */
391              "AES128-GCM-SHA256"),
392   CIPHER_DEF(TLS_RSA_WITH_AES_256_GCM_SHA384,                      /* 0x009D */
393              "AES256-GCM-SHA384"),
394 
395   /* RFC 4492 TLS 1.0 ECC */
396   CIPHER_DEF(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,                 /* 0xC003 */
397              "ECDH-ECDSA-DES-CBC3-SHA"),
398   CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,                  /* 0xC004 */
399              "ECDH-ECDSA-AES128-SHA"),
400   CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,                  /* 0xC005 */
401              "ECDH-ECDSA-AES256-SHA"),
402   CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,                /* 0xC008 */
403              "ECDHE-ECDSA-DES-CBC3-SHA"),
404   CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,                 /* 0xC009 */
405              "ECDHE-ECDSA-AES128-SHA"),
406   CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,                 /* 0xC00A */
407              "ECDHE-ECDSA-AES256-SHA"),
408   CIPHER_DEF(TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,                   /* 0xC00D */
409              "ECDH-RSA-DES-CBC3-SHA"),
410   CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,                    /* 0xC00E */
411              "ECDH-RSA-AES128-SHA"),
412   CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,                    /* 0xC00F */
413              "ECDH-RSA-AES256-SHA"),
414   CIPHER_DEF(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,                  /* 0xC012 */
415              "ECDHE-RSA-DES-CBC3-SHA"),
416   CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,                   /* 0xC013 */
417              "ECDHE-RSA-AES128-SHA"),
418   CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,                   /* 0xC014 */
419              "ECDHE-RSA-AES256-SHA"),
420 
421   /* RFC 5289 TLS 1.2 ECC HMAC SHA256/384 */
422   CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,              /* 0xC023 */
423              "ECDHE-ECDSA-AES128-SHA256"),
424   CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,              /* 0xC024 */
425              "ECDHE-ECDSA-AES256-SHA384"),
426   CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,               /* 0xC025 */
427              "ECDH-ECDSA-AES128-SHA256"),
428   CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,               /* 0xC026 */
429              "ECDH-ECDSA-AES256-SHA384"),
430   CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,                /* 0xC027 */
431              "ECDHE-RSA-AES128-SHA256"),
432   CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,                /* 0xC028 */
433              "ECDHE-RSA-AES256-SHA384"),
434   CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,                 /* 0xC029 */
435              "ECDH-RSA-AES128-SHA256"),
436   CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,                 /* 0xC02A */
437              "ECDH-RSA-AES256-SHA384"),
438 
439   /* RFC 5289 TLS 1.2 GCM */
440   CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,              /* 0xC02B */
441              "ECDHE-ECDSA-AES128-GCM-SHA256"),
442   CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,              /* 0xC02C */
443              "ECDHE-ECDSA-AES256-GCM-SHA384"),
444   CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,               /* 0xC02D */
445              "ECDH-ECDSA-AES128-GCM-SHA256"),
446   CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,               /* 0xC02E */
447              "ECDH-ECDSA-AES256-GCM-SHA384"),
448   CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,                /* 0xC02F */
449              "ECDHE-RSA-AES128-GCM-SHA256"),
450   CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,                /* 0xC030 */
451              "ECDHE-RSA-AES256-GCM-SHA384"),
452   CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,                 /* 0xC031 */
453              "ECDH-RSA-AES128-GCM-SHA256"),
454   CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,                 /* 0xC032 */
455              "ECDH-RSA-AES256-GCM-SHA384"),
456 #ifdef BR_TLS_RSA_WITH_AES_128_CCM
457 
458   /* RFC 6655 TLS 1.2 CCM
459      Supported since BearSSL 0.6 */
460   CIPHER_DEF(TLS_RSA_WITH_AES_128_CCM,                             /* 0xC09C */
461              "AES128-CCM"),
462   CIPHER_DEF(TLS_RSA_WITH_AES_256_CCM,                             /* 0xC09D */
463              "AES256-CCM"),
464   CIPHER_DEF(TLS_RSA_WITH_AES_128_CCM_8,                           /* 0xC0A0 */
465              "AES128-CCM8"),
466   CIPHER_DEF(TLS_RSA_WITH_AES_256_CCM_8,                           /* 0xC0A1 */
467              "AES256-CCM8"),
468 
469   /* RFC 7251 TLS 1.2 ECC CCM
470      Supported since BearSSL 0.6 */
471   CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CCM,                     /* 0xC0AC */
472              "ECDHE-ECDSA-AES128-CCM"),
473   CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CCM,                     /* 0xC0AD */
474              "ECDHE-ECDSA-AES256-CCM"),
475   CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,                   /* 0xC0AE */
476              "ECDHE-ECDSA-AES128-CCM8"),
477   CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,                   /* 0xC0AF */
478              "ECDHE-ECDSA-AES256-CCM8"),
479 #endif
480 
481   /* RFC 7905 TLS 1.2 ChaCha20-Poly1305
482      Supported since BearSSL 0.2 */
483   CIPHER_DEF(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,          /* 0xCCA8 */
484              "ECDHE-RSA-CHACHA20-POLY1305"),
485   CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,        /* 0xCCA9 */
486              "ECDHE-ECDSA-CHACHA20-POLY1305"),
487 };
488 
489 #define NUM_OF_CIPHERS (sizeof(ciphertable) / sizeof(ciphertable[0]))
490 #define CIPHER_NAME_BUF_LEN 64
491 
is_separator(char c)492 static bool is_separator(char c)
493 {
494   /* Return whether character is a cipher list separator. */
495   switch(c) {
496     case ' ':
497     case '\t':
498     case ':':
499     case ',':
500     case ';':
501       return true;
502   }
503   return false;
504 }
505 
bearssl_set_selected_ciphers(struct Curl_easy * data,br_ssl_engine_context * ssl_eng,const char * ciphers)506 static CURLcode bearssl_set_selected_ciphers(struct Curl_easy *data,
507                                              br_ssl_engine_context *ssl_eng,
508                                              const char *ciphers)
509 {
510   uint16_t selected_ciphers[NUM_OF_CIPHERS];
511   size_t selected_count = 0;
512   char cipher_name[CIPHER_NAME_BUF_LEN];
513   const char *cipher_start = ciphers;
514   const char *cipher_end;
515   size_t i, j;
516 
517   if(!cipher_start)
518     return CURLE_SSL_CIPHER;
519 
520   while(true) {
521     /* Extract the next cipher name from the ciphers string */
522     while(is_separator(*cipher_start))
523       ++cipher_start;
524     if(*cipher_start == '\0')
525       break;
526     cipher_end = cipher_start;
527     while(*cipher_end != '\0' && !is_separator(*cipher_end))
528       ++cipher_end;
529     j = cipher_end - cipher_start < CIPHER_NAME_BUF_LEN - 1 ?
530         cipher_end - cipher_start : CIPHER_NAME_BUF_LEN - 1;
531     strncpy(cipher_name, cipher_start, j);
532     cipher_name[j] = '\0';
533     cipher_start = cipher_end;
534 
535     /* Lookup the cipher name in the table of available ciphers. If the cipher
536        name starts with "TLS_" we do the lookup by IANA name. Otherwise, we try
537        to match cipher name by an (OpenSSL) alias. */
538     if(strncasecompare(cipher_name, "TLS_", 4)) {
539       for(i = 0; i < NUM_OF_CIPHERS &&
540                  !strcasecompare(cipher_name, ciphertable[i].name); ++i);
541     }
542     else {
543       for(i = 0; i < NUM_OF_CIPHERS &&
544                  !strcasecompare(cipher_name, ciphertable[i].alias_name); ++i);
545     }
546     if(i == NUM_OF_CIPHERS) {
547       infof(data, "BearSSL: unknown cipher in list: %s", cipher_name);
548       continue;
549     }
550 
551     /* No duplicates allowed */
552     for(j = 0; j < selected_count &&
553                selected_ciphers[j] != ciphertable[i].num; j++);
554     if(j < selected_count) {
555       infof(data, "BearSSL: duplicate cipher in list: %s", cipher_name);
556       continue;
557     }
558 
559     DEBUGASSERT(selected_count < NUM_OF_CIPHERS);
560     selected_ciphers[selected_count] = ciphertable[i].num;
561     ++selected_count;
562   }
563 
564   if(selected_count == 0) {
565     failf(data, "BearSSL: no supported cipher in list");
566     return CURLE_SSL_CIPHER;
567   }
568 
569   br_ssl_engine_set_suites(ssl_eng, selected_ciphers, selected_count);
570   return CURLE_OK;
571 }
572 
bearssl_connect_step1(struct Curl_cfilter * cf,struct Curl_easy * data)573 static CURLcode bearssl_connect_step1(struct Curl_cfilter *cf,
574                                       struct Curl_easy *data)
575 {
576   struct ssl_connect_data *connssl = cf->ctx;
577   struct bearssl_ssl_backend_data *backend =
578     (struct bearssl_ssl_backend_data *)connssl->backend;
579   struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
580   struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
581   const struct curl_blob *ca_info_blob = conn_config->ca_info_blob;
582   const char * const ssl_cafile =
583     /* CURLOPT_CAINFO_BLOB overrides CURLOPT_CAINFO */
584     (ca_info_blob ? NULL : conn_config->CAfile);
585   const char *hostname = connssl->hostname;
586   const bool verifypeer = conn_config->verifypeer;
587   const bool verifyhost = conn_config->verifyhost;
588   CURLcode ret;
589   unsigned version_min, version_max;
590   int session_set = 0;
591 #ifdef ENABLE_IPV6
592   struct in6_addr addr;
593 #else
594   struct in_addr addr;
595 #endif
596 
597   DEBUGASSERT(backend);
598   CURL_TRC_CF(data, cf, "connect_step1");
599 
600   switch(conn_config->version) {
601   case CURL_SSLVERSION_SSLv2:
602     failf(data, "BearSSL does not support SSLv2");
603     return CURLE_SSL_CONNECT_ERROR;
604   case CURL_SSLVERSION_SSLv3:
605     failf(data, "BearSSL does not support SSLv3");
606     return CURLE_SSL_CONNECT_ERROR;
607   case CURL_SSLVERSION_TLSv1_0:
608     version_min = BR_TLS10;
609     version_max = BR_TLS10;
610     break;
611   case CURL_SSLVERSION_TLSv1_1:
612     version_min = BR_TLS11;
613     version_max = BR_TLS11;
614     break;
615   case CURL_SSLVERSION_TLSv1_2:
616     version_min = BR_TLS12;
617     version_max = BR_TLS12;
618     break;
619   case CURL_SSLVERSION_DEFAULT:
620   case CURL_SSLVERSION_TLSv1:
621     version_min = BR_TLS10;
622     version_max = BR_TLS12;
623     break;
624   default:
625     failf(data, "BearSSL: unknown CURLOPT_SSLVERSION");
626     return CURLE_SSL_CONNECT_ERROR;
627   }
628 
629   if(verifypeer) {
630     if(ca_info_blob) {
631       struct cafile_source source;
632       source.type = CAFILE_SOURCE_BLOB;
633       source.data = ca_info_blob->data;
634       source.len = ca_info_blob->len;
635 
636       CURL_TRC_CF(data, cf, "connect_step1, load ca_info_blob");
637       ret = load_cafile(&source, &backend->anchors, &backend->anchors_len);
638       if(ret != CURLE_OK) {
639         failf(data, "error importing CA certificate blob");
640         return ret;
641       }
642     }
643 
644     if(ssl_cafile) {
645       struct cafile_source source;
646       source.type = CAFILE_SOURCE_PATH;
647       source.data = ssl_cafile;
648       source.len = 0;
649 
650       CURL_TRC_CF(data, cf, "connect_step1, load cafile");
651       ret = load_cafile(&source, &backend->anchors, &backend->anchors_len);
652       if(ret != CURLE_OK) {
653         failf(data, "error setting certificate verify locations."
654               " CAfile: %s", ssl_cafile);
655         return ret;
656       }
657     }
658   }
659 
660   /* initialize SSL context */
661   br_ssl_client_init_full(&backend->ctx, &backend->x509.minimal,
662                           backend->anchors, backend->anchors_len);
663   br_ssl_engine_set_versions(&backend->ctx.eng, version_min, version_max);
664   br_ssl_engine_set_buffer(&backend->ctx.eng, backend->buf,
665                            sizeof(backend->buf), 1);
666 
667   if(conn_config->cipher_list) {
668     /* Override the ciphers as specified. For the default cipher list see the
669        BearSSL source code of br_ssl_client_init_full() */
670     CURL_TRC_CF(data, cf, "connect_step1, set ciphers");
671     ret = bearssl_set_selected_ciphers(data, &backend->ctx.eng,
672                                        conn_config->cipher_list);
673     if(ret)
674       return ret;
675   }
676 
677   /* initialize X.509 context */
678   backend->x509.vtable = &x509_vtable;
679   backend->x509.verifypeer = verifypeer;
680   backend->x509.verifyhost = verifyhost;
681   br_ssl_engine_set_x509(&backend->ctx.eng, &backend->x509.vtable);
682 
683   if(ssl_config->primary.sessionid) {
684     void *session;
685 
686     CURL_TRC_CF(data, cf, "connect_step1, check session cache");
687     Curl_ssl_sessionid_lock(data);
688     if(!Curl_ssl_getsessionid(cf, data, &session, NULL)) {
689       br_ssl_engine_set_session_parameters(&backend->ctx.eng, session);
690       session_set = 1;
691       infof(data, "BearSSL: reusing session ID");
692     }
693     Curl_ssl_sessionid_unlock(data);
694   }
695 
696   if(connssl->alpn) {
697     struct alpn_proto_buf proto;
698     size_t i;
699 
700     for(i = 0; i < connssl->alpn->count; ++i) {
701       backend->protocols[i] = connssl->alpn->entries[i];
702     }
703     br_ssl_engine_set_protocol_names(&backend->ctx.eng, backend->protocols,
704                                      connssl->alpn->count);
705     Curl_alpn_to_proto_str(&proto, connssl->alpn);
706     infof(data, VTLS_INFOF_ALPN_OFFER_1STR, proto.data);
707   }
708 
709   if((1 == Curl_inet_pton(AF_INET, hostname, &addr))
710 #ifdef ENABLE_IPV6
711       || (1 == Curl_inet_pton(AF_INET6, hostname, &addr))
712 #endif
713      ) {
714     if(verifyhost) {
715       failf(data, "BearSSL: "
716             "host verification of IP address is not supported");
717       return CURLE_PEER_FAILED_VERIFICATION;
718     }
719     hostname = NULL;
720   }
721   else {
722     char *snihost = Curl_ssl_snihost(data, hostname, NULL);
723     if(!snihost) {
724       failf(data, "Failed to set SNI");
725       return CURLE_SSL_CONNECT_ERROR;
726     }
727     hostname = snihost;
728     CURL_TRC_CF(data, cf, "connect_step1, SNI set");
729   }
730 
731   /* give application a chance to interfere with SSL set up. */
732   if(data->set.ssl.fsslctx) {
733     Curl_set_in_callback(data, true);
734     ret = (*data->set.ssl.fsslctx)(data, &backend->ctx,
735                                    data->set.ssl.fsslctxp);
736     Curl_set_in_callback(data, false);
737     if(ret) {
738       failf(data, "BearSSL: error signaled by ssl ctx callback");
739       return ret;
740     }
741   }
742 
743   if(!br_ssl_client_reset(&backend->ctx, hostname, session_set))
744     return CURLE_FAILED_INIT;
745   backend->active = TRUE;
746 
747   connssl->connecting_state = ssl_connect_2;
748 
749   return CURLE_OK;
750 }
751 
bearssl_get_select_socks(struct Curl_cfilter * cf,struct Curl_easy * data,curl_socket_t * socks)752 static int bearssl_get_select_socks(struct Curl_cfilter *cf,
753                                     struct Curl_easy *data,
754                                     curl_socket_t *socks)
755 {
756   struct ssl_connect_data *connssl = cf->ctx;
757   curl_socket_t sock = Curl_conn_cf_get_socket(cf->next, data);
758 
759   if(sock == CURL_SOCKET_BAD)
760     return GETSOCK_BLANK;
761   else {
762     struct bearssl_ssl_backend_data *backend =
763       (struct bearssl_ssl_backend_data *)connssl->backend;
764     unsigned state = br_ssl_engine_current_state(&backend->ctx.eng);
765     if(state & BR_SSL_SENDREC) {
766       socks[0] = sock;
767       return GETSOCK_WRITESOCK(0);
768     }
769   }
770   socks[0] = sock;
771   return GETSOCK_READSOCK(0);
772 }
773 
bearssl_run_until(struct Curl_cfilter * cf,struct Curl_easy * data,unsigned target)774 static CURLcode bearssl_run_until(struct Curl_cfilter *cf,
775                                   struct Curl_easy *data,
776                                   unsigned target)
777 {
778   struct ssl_connect_data *connssl = cf->ctx;
779   struct bearssl_ssl_backend_data *backend =
780     (struct bearssl_ssl_backend_data *)connssl->backend;
781   unsigned state;
782   unsigned char *buf;
783   size_t len;
784   ssize_t ret;
785   CURLcode result;
786   int err;
787 
788   DEBUGASSERT(backend);
789 
790   for(;;) {
791     state = br_ssl_engine_current_state(&backend->ctx.eng);
792     if(state & BR_SSL_CLOSED) {
793       err = br_ssl_engine_last_error(&backend->ctx.eng);
794       switch(err) {
795       case BR_ERR_OK:
796         /* TLS close notify */
797         if(connssl->state != ssl_connection_complete) {
798           failf(data, "SSL: connection closed during handshake");
799           return CURLE_SSL_CONNECT_ERROR;
800         }
801         return CURLE_OK;
802       case BR_ERR_X509_EXPIRED:
803         failf(data, "SSL: X.509 verification: "
804               "certificate is expired or not yet valid");
805         return CURLE_PEER_FAILED_VERIFICATION;
806       case BR_ERR_X509_BAD_SERVER_NAME:
807         failf(data, "SSL: X.509 verification: "
808               "expected server name was not found in the chain");
809         return CURLE_PEER_FAILED_VERIFICATION;
810       case BR_ERR_X509_NOT_TRUSTED:
811         failf(data, "SSL: X.509 verification: "
812               "chain could not be linked to a trust anchor");
813         return CURLE_PEER_FAILED_VERIFICATION;
814       }
815       /* X.509 errors are documented to have the range 32..63 */
816       if(err >= 32 && err < 64)
817         return CURLE_PEER_FAILED_VERIFICATION;
818       return CURLE_SSL_CONNECT_ERROR;
819     }
820     if(state & target)
821       return CURLE_OK;
822     if(state & BR_SSL_SENDREC) {
823       buf = br_ssl_engine_sendrec_buf(&backend->ctx.eng, &len);
824       ret = Curl_conn_cf_send(cf->next, data, (char *)buf, len, &result);
825       CURL_TRC_CF(data, cf, "ssl_send(len=%zu) -> %zd, %d", len, ret, result);
826       if(ret <= 0) {
827         return result;
828       }
829       br_ssl_engine_sendrec_ack(&backend->ctx.eng, ret);
830     }
831     else if(state & BR_SSL_RECVREC) {
832       buf = br_ssl_engine_recvrec_buf(&backend->ctx.eng, &len);
833       ret = Curl_conn_cf_recv(cf->next, data, (char *)buf, len, &result);
834       CURL_TRC_CF(data, cf, "ssl_recv(len=%zu) -> %zd, %d", len, ret, result);
835       if(ret == 0) {
836         failf(data, "SSL: EOF without close notify");
837         return CURLE_READ_ERROR;
838       }
839       if(ret <= 0) {
840         return result;
841       }
842       br_ssl_engine_recvrec_ack(&backend->ctx.eng, ret);
843     }
844   }
845 }
846 
bearssl_connect_step2(struct Curl_cfilter * cf,struct Curl_easy * data)847 static CURLcode bearssl_connect_step2(struct Curl_cfilter *cf,
848                                       struct Curl_easy *data)
849 {
850   struct ssl_connect_data *connssl = cf->ctx;
851   struct bearssl_ssl_backend_data *backend =
852     (struct bearssl_ssl_backend_data *)connssl->backend;
853   CURLcode ret;
854 
855   DEBUGASSERT(backend);
856   CURL_TRC_CF(data, cf, "connect_step2");
857 
858   ret = bearssl_run_until(cf, data, BR_SSL_SENDAPP | BR_SSL_RECVAPP);
859   if(ret == CURLE_AGAIN)
860     return CURLE_OK;
861   if(ret == CURLE_OK) {
862     unsigned int tver;
863     if(br_ssl_engine_current_state(&backend->ctx.eng) == BR_SSL_CLOSED) {
864       failf(data, "SSL: connection closed during handshake");
865       return CURLE_SSL_CONNECT_ERROR;
866     }
867     connssl->connecting_state = ssl_connect_3;
868     /* Informational message */
869     tver = br_ssl_engine_get_version(&backend->ctx.eng);
870     if(tver == 0x0303)
871       infof(data, "SSL connection using TLSv1.2");
872     else if(tver == 0x0304)
873       infof(data, "SSL connection using TLSv1.3");
874     else
875       infof(data, "SSL connection using TLS 0x%x", tver);
876   }
877   return ret;
878 }
879 
bearssl_connect_step3(struct Curl_cfilter * cf,struct Curl_easy * data)880 static CURLcode bearssl_connect_step3(struct Curl_cfilter *cf,
881                                       struct Curl_easy *data)
882 {
883   struct ssl_connect_data *connssl = cf->ctx;
884   struct bearssl_ssl_backend_data *backend =
885     (struct bearssl_ssl_backend_data *)connssl->backend;
886   struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
887   CURLcode ret;
888 
889   DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
890   DEBUGASSERT(backend);
891   CURL_TRC_CF(data, cf, "connect_step3");
892 
893   if(connssl->alpn) {
894     const char *proto;
895 
896     proto = br_ssl_engine_get_selected_protocol(&backend->ctx.eng);
897     Curl_alpn_set_negotiated(cf, data, (const unsigned char *)proto,
898                              proto? strlen(proto) : 0);
899   }
900 
901   if(ssl_config->primary.sessionid) {
902     bool incache;
903     bool added = FALSE;
904     void *oldsession;
905     br_ssl_session_parameters *session;
906 
907     session = malloc(sizeof(*session));
908     if(!session)
909       return CURLE_OUT_OF_MEMORY;
910     br_ssl_engine_get_session_parameters(&backend->ctx.eng, session);
911     Curl_ssl_sessionid_lock(data);
912     incache = !(Curl_ssl_getsessionid(cf, data, &oldsession, NULL));
913     if(incache)
914       Curl_ssl_delsessionid(data, oldsession);
915     ret = Curl_ssl_addsessionid(cf, data, session, 0, &added);
916     Curl_ssl_sessionid_unlock(data);
917     if(!added)
918       free(session);
919     if(ret) {
920       return CURLE_OUT_OF_MEMORY;
921     }
922   }
923 
924   connssl->connecting_state = ssl_connect_done;
925 
926   return CURLE_OK;
927 }
928 
bearssl_send(struct Curl_cfilter * cf,struct Curl_easy * data,const void * buf,size_t len,CURLcode * err)929 static ssize_t bearssl_send(struct Curl_cfilter *cf, struct Curl_easy *data,
930                             const void *buf, size_t len, CURLcode *err)
931 {
932   struct ssl_connect_data *connssl = cf->ctx;
933   struct bearssl_ssl_backend_data *backend =
934     (struct bearssl_ssl_backend_data *)connssl->backend;
935   unsigned char *app;
936   size_t applen;
937 
938   DEBUGASSERT(backend);
939 
940   for(;;) {
941     *err = bearssl_run_until(cf, data, BR_SSL_SENDAPP);
942     if(*err)
943       return -1;
944     app = br_ssl_engine_sendapp_buf(&backend->ctx.eng, &applen);
945     if(!app) {
946       failf(data, "SSL: connection closed during write");
947       *err = CURLE_SEND_ERROR;
948       return -1;
949     }
950     if(backend->pending_write) {
951       applen = backend->pending_write;
952       backend->pending_write = 0;
953       return applen;
954     }
955     if(applen > len)
956       applen = len;
957     memcpy(app, buf, applen);
958     br_ssl_engine_sendapp_ack(&backend->ctx.eng, applen);
959     br_ssl_engine_flush(&backend->ctx.eng, 0);
960     backend->pending_write = applen;
961   }
962 }
963 
bearssl_recv(struct Curl_cfilter * cf,struct Curl_easy * data,char * buf,size_t len,CURLcode * err)964 static ssize_t bearssl_recv(struct Curl_cfilter *cf, struct Curl_easy *data,
965                             char *buf, size_t len, CURLcode *err)
966 {
967   struct ssl_connect_data *connssl = cf->ctx;
968   struct bearssl_ssl_backend_data *backend =
969     (struct bearssl_ssl_backend_data *)connssl->backend;
970   unsigned char *app;
971   size_t applen;
972 
973   DEBUGASSERT(backend);
974 
975   *err = bearssl_run_until(cf, data, BR_SSL_RECVAPP);
976   if(*err != CURLE_OK)
977     return -1;
978   app = br_ssl_engine_recvapp_buf(&backend->ctx.eng, &applen);
979   if(!app)
980     return 0;
981   if(applen > len)
982     applen = len;
983   memcpy(buf, app, applen);
984   br_ssl_engine_recvapp_ack(&backend->ctx.eng, applen);
985 
986   return applen;
987 }
988 
bearssl_connect_common(struct Curl_cfilter * cf,struct Curl_easy * data,bool nonblocking,bool * done)989 static CURLcode bearssl_connect_common(struct Curl_cfilter *cf,
990                                        struct Curl_easy *data,
991                                        bool nonblocking,
992                                        bool *done)
993 {
994   CURLcode ret;
995   struct ssl_connect_data *connssl = cf->ctx;
996   curl_socket_t sockfd = Curl_conn_cf_get_socket(cf, data);
997   timediff_t timeout_ms;
998   int what;
999 
1000   CURL_TRC_CF(data, cf, "connect_common(blocking=%d)", !nonblocking);
1001   /* check if the connection has already been established */
1002   if(ssl_connection_complete == connssl->state) {
1003     CURL_TRC_CF(data, cf, "connect_common, connected");
1004     *done = TRUE;
1005     return CURLE_OK;
1006   }
1007 
1008   if(ssl_connect_1 == connssl->connecting_state) {
1009     ret = bearssl_connect_step1(cf, data);
1010     if(ret)
1011       return ret;
1012   }
1013 
1014   while(ssl_connect_2 == connssl->connecting_state ||
1015         ssl_connect_2_reading == connssl->connecting_state ||
1016         ssl_connect_2_writing == connssl->connecting_state) {
1017     /* check allowed time left */
1018     timeout_ms = Curl_timeleft(data, NULL, TRUE);
1019 
1020     if(timeout_ms < 0) {
1021       /* no need to continue if time already is up */
1022       failf(data, "SSL connection timeout");
1023       return CURLE_OPERATION_TIMEDOUT;
1024     }
1025 
1026     /* if ssl is expecting something, check if it's available. */
1027     if(ssl_connect_2_reading == connssl->connecting_state ||
1028        ssl_connect_2_writing == connssl->connecting_state) {
1029 
1030       curl_socket_t writefd = ssl_connect_2_writing ==
1031         connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
1032       curl_socket_t readfd = ssl_connect_2_reading ==
1033         connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
1034 
1035       CURL_TRC_CF(data, cf, "connect_common, check socket");
1036       what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd,
1037                                nonblocking?0:timeout_ms);
1038       CURL_TRC_CF(data, cf, "connect_common, check socket -> %d", what);
1039       if(what < 0) {
1040         /* fatal error */
1041         failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
1042         return CURLE_SSL_CONNECT_ERROR;
1043       }
1044       else if(0 == what) {
1045         if(nonblocking) {
1046           *done = FALSE;
1047           return CURLE_OK;
1048         }
1049         else {
1050           /* timeout */
1051           failf(data, "SSL connection timeout");
1052           return CURLE_OPERATION_TIMEDOUT;
1053         }
1054       }
1055       /* socket is readable or writable */
1056     }
1057 
1058     /* Run transaction, and return to the caller if it failed or if this
1059      * connection is done nonblocking and this loop would execute again. This
1060      * permits the owner of a multi handle to abort a connection attempt
1061      * before step2 has completed while ensuring that a client using select()
1062      * or epoll() will always have a valid fdset to wait on.
1063      */
1064     ret = bearssl_connect_step2(cf, data);
1065     if(ret || (nonblocking &&
1066                (ssl_connect_2 == connssl->connecting_state ||
1067                 ssl_connect_2_reading == connssl->connecting_state ||
1068                 ssl_connect_2_writing == connssl->connecting_state)))
1069       return ret;
1070   }
1071 
1072   if(ssl_connect_3 == connssl->connecting_state) {
1073     ret = bearssl_connect_step3(cf, data);
1074     if(ret)
1075       return ret;
1076   }
1077 
1078   if(ssl_connect_done == connssl->connecting_state) {
1079     connssl->state = ssl_connection_complete;
1080     *done = TRUE;
1081   }
1082   else
1083     *done = FALSE;
1084 
1085   /* Reset our connect state machine */
1086   connssl->connecting_state = ssl_connect_1;
1087 
1088   return CURLE_OK;
1089 }
1090 
bearssl_version(char * buffer,size_t size)1091 static size_t bearssl_version(char *buffer, size_t size)
1092 {
1093   return msnprintf(buffer, size, "BearSSL");
1094 }
1095 
bearssl_data_pending(struct Curl_cfilter * cf,const struct Curl_easy * data)1096 static bool bearssl_data_pending(struct Curl_cfilter *cf,
1097                                  const struct Curl_easy *data)
1098 {
1099   struct ssl_connect_data *ctx = cf->ctx;
1100   struct bearssl_ssl_backend_data *backend;
1101 
1102   (void)data;
1103   DEBUGASSERT(ctx && ctx->backend);
1104   backend = (struct bearssl_ssl_backend_data *)ctx->backend;
1105   return br_ssl_engine_current_state(&backend->ctx.eng) & BR_SSL_RECVAPP;
1106 }
1107 
bearssl_random(struct Curl_easy * data UNUSED_PARAM,unsigned char * entropy,size_t length)1108 static CURLcode bearssl_random(struct Curl_easy *data UNUSED_PARAM,
1109                                unsigned char *entropy, size_t length)
1110 {
1111   static br_hmac_drbg_context ctx;
1112   static bool seeded = FALSE;
1113 
1114   if(!seeded) {
1115     br_prng_seeder seeder;
1116 
1117     br_hmac_drbg_init(&ctx, &br_sha256_vtable, NULL, 0);
1118     seeder = br_prng_seeder_system(NULL);
1119     if(!seeder || !seeder(&ctx.vtable))
1120       return CURLE_FAILED_INIT;
1121     seeded = TRUE;
1122   }
1123   br_hmac_drbg_generate(&ctx, entropy, length);
1124 
1125   return CURLE_OK;
1126 }
1127 
bearssl_connect(struct Curl_cfilter * cf,struct Curl_easy * data)1128 static CURLcode bearssl_connect(struct Curl_cfilter *cf,
1129                                 struct Curl_easy *data)
1130 {
1131   CURLcode ret;
1132   bool done = FALSE;
1133 
1134   ret = bearssl_connect_common(cf, data, FALSE, &done);
1135   if(ret)
1136     return ret;
1137 
1138   DEBUGASSERT(done);
1139 
1140   return CURLE_OK;
1141 }
1142 
bearssl_connect_nonblocking(struct Curl_cfilter * cf,struct Curl_easy * data,bool * done)1143 static CURLcode bearssl_connect_nonblocking(struct Curl_cfilter *cf,
1144                                             struct Curl_easy *data,
1145                                             bool *done)
1146 {
1147   return bearssl_connect_common(cf, data, TRUE, done);
1148 }
1149 
bearssl_get_internals(struct ssl_connect_data * connssl,CURLINFO info UNUSED_PARAM)1150 static void *bearssl_get_internals(struct ssl_connect_data *connssl,
1151                                    CURLINFO info UNUSED_PARAM)
1152 {
1153   struct bearssl_ssl_backend_data *backend =
1154     (struct bearssl_ssl_backend_data *)connssl->backend;
1155   DEBUGASSERT(backend);
1156   return &backend->ctx;
1157 }
1158 
bearssl_close(struct Curl_cfilter * cf,struct Curl_easy * data)1159 static void bearssl_close(struct Curl_cfilter *cf, struct Curl_easy *data)
1160 {
1161   struct ssl_connect_data *connssl = cf->ctx;
1162   struct bearssl_ssl_backend_data *backend =
1163     (struct bearssl_ssl_backend_data *)connssl->backend;
1164   size_t i;
1165 
1166   DEBUGASSERT(backend);
1167 
1168   if(backend->active) {
1169     backend->active = FALSE;
1170     br_ssl_engine_close(&backend->ctx.eng);
1171     (void)bearssl_run_until(cf, data, BR_SSL_CLOSED);
1172   }
1173   if(backend->anchors) {
1174     for(i = 0; i < backend->anchors_len; ++i)
1175       free(backend->anchors[i].dn.data);
1176     Curl_safefree(backend->anchors);
1177   }
1178 }
1179 
bearssl_session_free(void * ptr)1180 static void bearssl_session_free(void *ptr)
1181 {
1182   free(ptr);
1183 }
1184 
bearssl_sha256sum(const unsigned char * input,size_t inputlen,unsigned char * sha256sum,size_t sha256len UNUSED_PARAM)1185 static CURLcode bearssl_sha256sum(const unsigned char *input,
1186                                   size_t inputlen,
1187                                   unsigned char *sha256sum,
1188                                   size_t sha256len UNUSED_PARAM)
1189 {
1190   br_sha256_context ctx;
1191 
1192   br_sha256_init(&ctx);
1193   br_sha256_update(&ctx, input, inputlen);
1194   br_sha256_out(&ctx, sha256sum);
1195   return CURLE_OK;
1196 }
1197 
1198 const struct Curl_ssl Curl_ssl_bearssl = {
1199   { CURLSSLBACKEND_BEARSSL, "bearssl" }, /* info */
1200   SSLSUPP_CAINFO_BLOB | SSLSUPP_SSL_CTX | SSLSUPP_HTTPS_PROXY,
1201   sizeof(struct bearssl_ssl_backend_data),
1202 
1203   Curl_none_init,                  /* init */
1204   Curl_none_cleanup,               /* cleanup */
1205   bearssl_version,                 /* version */
1206   Curl_none_check_cxn,             /* check_cxn */
1207   Curl_none_shutdown,              /* shutdown */
1208   bearssl_data_pending,            /* data_pending */
1209   bearssl_random,                  /* random */
1210   Curl_none_cert_status_request,   /* cert_status_request */
1211   bearssl_connect,                 /* connect */
1212   bearssl_connect_nonblocking,     /* connect_nonblocking */
1213   bearssl_get_select_socks,        /* getsock */
1214   bearssl_get_internals,           /* get_internals */
1215   bearssl_close,                   /* close_one */
1216   Curl_none_close_all,             /* close_all */
1217   bearssl_session_free,            /* session_free */
1218   Curl_none_set_engine,            /* set_engine */
1219   Curl_none_set_engine_default,    /* set_engine_default */
1220   Curl_none_engines_list,          /* engines_list */
1221   Curl_none_false_start,           /* false_start */
1222   bearssl_sha256sum,               /* sha256sum */
1223   NULL,                            /* associate_connection */
1224   NULL,                            /* disassociate_connection */
1225   NULL,                            /* free_multi_ssl_backend_data */
1226   bearssl_recv,                    /* recv decrypted data */
1227   bearssl_send,                    /* send data to encrypt */
1228 };
1229 
1230 #endif /* USE_BEARSSL */
1231