1 /***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) 2019 - 2021, Michael Forney, <mforney@mforney.org>
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 ***************************************************************************/
22 #include "curl_setup.h"
23
24 #ifdef USE_BEARSSL
25
26 #include <bearssl.h>
27
28 #include "bearssl.h"
29 #include "urldata.h"
30 #include "sendf.h"
31 #include "inet_pton.h"
32 #include "vtls.h"
33 #include "connect.h"
34 #include "select.h"
35 #include "multiif.h"
36 #include "curl_printf.h"
37 #include "curl_memory.h"
38
39 struct x509_context {
40 const br_x509_class *vtable;
41 br_x509_minimal_context minimal;
42 bool verifyhost;
43 bool verifypeer;
44 };
45
46 struct ssl_backend_data {
47 br_ssl_client_context ctx;
48 struct x509_context x509;
49 unsigned char buf[BR_SSL_BUFSIZE_BIDI];
50 br_x509_trust_anchor *anchors;
51 size_t anchors_len;
52 const char *protocols[2];
53 /* SSL client context is active */
54 bool active;
55 /* size of pending write, yet to be flushed */
56 size_t pending_write;
57 };
58
59 struct cafile_parser {
60 CURLcode err;
61 bool in_cert;
62 br_x509_decoder_context xc;
63 /* array of trust anchors loaded from CAfile */
64 br_x509_trust_anchor *anchors;
65 size_t anchors_len;
66 /* buffer for DN data */
67 unsigned char dn[1024];
68 size_t dn_len;
69 };
70
71 #define CAFILE_SOURCE_PATH 1
72 #define CAFILE_SOURCE_BLOB 2
73 struct cafile_source {
74 const int type;
75 const char * const data;
76 const size_t len;
77 };
78
append_dn(void * ctx,const void * buf,size_t len)79 static void append_dn(void *ctx, const void *buf, size_t len)
80 {
81 struct cafile_parser *ca = ctx;
82
83 if(ca->err != CURLE_OK || !ca->in_cert)
84 return;
85 if(sizeof(ca->dn) - ca->dn_len < len) {
86 ca->err = CURLE_FAILED_INIT;
87 return;
88 }
89 memcpy(ca->dn + ca->dn_len, buf, len);
90 ca->dn_len += len;
91 }
92
x509_push(void * ctx,const void * buf,size_t len)93 static void x509_push(void *ctx, const void *buf, size_t len)
94 {
95 struct cafile_parser *ca = ctx;
96
97 if(ca->in_cert)
98 br_x509_decoder_push(&ca->xc, buf, len);
99 }
100
load_cafile(struct cafile_source * source,br_x509_trust_anchor ** anchors,size_t * anchors_len)101 static CURLcode load_cafile(struct cafile_source *source,
102 br_x509_trust_anchor **anchors,
103 size_t *anchors_len)
104 {
105 struct cafile_parser ca;
106 br_pem_decoder_context pc;
107 br_x509_trust_anchor *ta;
108 size_t ta_size;
109 br_x509_trust_anchor *new_anchors;
110 size_t new_anchors_len;
111 br_x509_pkey *pkey;
112 FILE *fp = 0;
113 unsigned char buf[BUFSIZ];
114 const unsigned char *p;
115 const char *name;
116 size_t n, i, pushed;
117
118 DEBUGASSERT(source->type == CAFILE_SOURCE_PATH
119 || source->type == CAFILE_SOURCE_BLOB);
120
121 if(source->type == CAFILE_SOURCE_PATH) {
122 fp = fopen(source->data, "rb");
123 if(!fp)
124 return CURLE_SSL_CACERT_BADFILE;
125 }
126
127 if(source->type == CAFILE_SOURCE_BLOB && source->len > (size_t)INT_MAX)
128 return CURLE_SSL_CACERT_BADFILE;
129
130 ca.err = CURLE_OK;
131 ca.in_cert = FALSE;
132 ca.anchors = NULL;
133 ca.anchors_len = 0;
134 br_pem_decoder_init(&pc);
135 br_pem_decoder_setdest(&pc, x509_push, &ca);
136 do {
137 if(source->type == CAFILE_SOURCE_PATH) {
138 n = fread(buf, 1, sizeof(buf), fp);
139 if(n == 0)
140 break;
141 p = buf;
142 }
143 else if(source->type == CAFILE_SOURCE_BLOB) {
144 n = source->len;
145 p = (unsigned char *) source->data;
146 }
147 while(n) {
148 pushed = br_pem_decoder_push(&pc, p, n);
149 if(ca.err)
150 goto fail;
151 p += pushed;
152 n -= pushed;
153
154 switch(br_pem_decoder_event(&pc)) {
155 case 0:
156 break;
157 case BR_PEM_BEGIN_OBJ:
158 name = br_pem_decoder_name(&pc);
159 if(strcmp(name, "CERTIFICATE") && strcmp(name, "X509 CERTIFICATE"))
160 break;
161 br_x509_decoder_init(&ca.xc, append_dn, &ca);
162 if(ca.anchors_len == SIZE_MAX / sizeof(ca.anchors[0])) {
163 ca.err = CURLE_OUT_OF_MEMORY;
164 goto fail;
165 }
166 new_anchors_len = ca.anchors_len + 1;
167 new_anchors = realloc(ca.anchors,
168 new_anchors_len * sizeof(ca.anchors[0]));
169 if(!new_anchors) {
170 ca.err = CURLE_OUT_OF_MEMORY;
171 goto fail;
172 }
173 ca.anchors = new_anchors;
174 ca.anchors_len = new_anchors_len;
175 ca.in_cert = TRUE;
176 ca.dn_len = 0;
177 ta = &ca.anchors[ca.anchors_len - 1];
178 ta->dn.data = NULL;
179 break;
180 case BR_PEM_END_OBJ:
181 if(!ca.in_cert)
182 break;
183 ca.in_cert = FALSE;
184 if(br_x509_decoder_last_error(&ca.xc)) {
185 ca.err = CURLE_SSL_CACERT_BADFILE;
186 goto fail;
187 }
188 ta->flags = 0;
189 if(br_x509_decoder_isCA(&ca.xc))
190 ta->flags |= BR_X509_TA_CA;
191 pkey = br_x509_decoder_get_pkey(&ca.xc);
192 if(!pkey) {
193 ca.err = CURLE_SSL_CACERT_BADFILE;
194 goto fail;
195 }
196 ta->pkey = *pkey;
197
198 /* calculate space needed for trust anchor data */
199 ta_size = ca.dn_len;
200 switch(pkey->key_type) {
201 case BR_KEYTYPE_RSA:
202 ta_size += pkey->key.rsa.nlen + pkey->key.rsa.elen;
203 break;
204 case BR_KEYTYPE_EC:
205 ta_size += pkey->key.ec.qlen;
206 break;
207 default:
208 ca.err = CURLE_FAILED_INIT;
209 goto fail;
210 }
211
212 /* fill in trust anchor DN and public key data */
213 ta->dn.data = malloc(ta_size);
214 if(!ta->dn.data) {
215 ca.err = CURLE_OUT_OF_MEMORY;
216 goto fail;
217 }
218 memcpy(ta->dn.data, ca.dn, ca.dn_len);
219 ta->dn.len = ca.dn_len;
220 switch(pkey->key_type) {
221 case BR_KEYTYPE_RSA:
222 ta->pkey.key.rsa.n = ta->dn.data + ta->dn.len;
223 memcpy(ta->pkey.key.rsa.n, pkey->key.rsa.n, pkey->key.rsa.nlen);
224 ta->pkey.key.rsa.e = ta->pkey.key.rsa.n + ta->pkey.key.rsa.nlen;
225 memcpy(ta->pkey.key.rsa.e, pkey->key.rsa.e, pkey->key.rsa.elen);
226 break;
227 case BR_KEYTYPE_EC:
228 ta->pkey.key.ec.q = ta->dn.data + ta->dn.len;
229 memcpy(ta->pkey.key.ec.q, pkey->key.ec.q, pkey->key.ec.qlen);
230 break;
231 }
232 break;
233 default:
234 ca.err = CURLE_SSL_CACERT_BADFILE;
235 goto fail;
236 }
237 }
238 } while(source->type != CAFILE_SOURCE_BLOB);
239 if(fp && ferror(fp))
240 ca.err = CURLE_READ_ERROR;
241
242 fail:
243 if(fp)
244 fclose(fp);
245 if(ca.err == CURLE_OK) {
246 *anchors = ca.anchors;
247 *anchors_len = ca.anchors_len;
248 }
249 else {
250 for(i = 0; i < ca.anchors_len; ++i)
251 free(ca.anchors[i].dn.data);
252 free(ca.anchors);
253 }
254
255 return ca.err;
256 }
257
x509_start_chain(const br_x509_class ** ctx,const char * server_name)258 static void x509_start_chain(const br_x509_class **ctx,
259 const char *server_name)
260 {
261 struct x509_context *x509 = (struct x509_context *)ctx;
262
263 if(!x509->verifyhost)
264 server_name = NULL;
265 x509->minimal.vtable->start_chain(&x509->minimal.vtable, server_name);
266 }
267
x509_start_cert(const br_x509_class ** ctx,uint32_t length)268 static void x509_start_cert(const br_x509_class **ctx, uint32_t length)
269 {
270 struct x509_context *x509 = (struct x509_context *)ctx;
271
272 x509->minimal.vtable->start_cert(&x509->minimal.vtable, length);
273 }
274
x509_append(const br_x509_class ** ctx,const unsigned char * buf,size_t len)275 static void x509_append(const br_x509_class **ctx, const unsigned char *buf,
276 size_t len)
277 {
278 struct x509_context *x509 = (struct x509_context *)ctx;
279
280 x509->minimal.vtable->append(&x509->minimal.vtable, buf, len);
281 }
282
x509_end_cert(const br_x509_class ** ctx)283 static void x509_end_cert(const br_x509_class **ctx)
284 {
285 struct x509_context *x509 = (struct x509_context *)ctx;
286
287 x509->minimal.vtable->end_cert(&x509->minimal.vtable);
288 }
289
x509_end_chain(const br_x509_class ** ctx)290 static unsigned x509_end_chain(const br_x509_class **ctx)
291 {
292 struct x509_context *x509 = (struct x509_context *)ctx;
293 unsigned err;
294
295 err = x509->minimal.vtable->end_chain(&x509->minimal.vtable);
296 if(err && !x509->verifypeer) {
297 /* ignore any X.509 errors */
298 err = BR_ERR_OK;
299 }
300
301 return err;
302 }
303
x509_get_pkey(const br_x509_class * const * ctx,unsigned * usages)304 static const br_x509_pkey *x509_get_pkey(const br_x509_class *const *ctx,
305 unsigned *usages)
306 {
307 struct x509_context *x509 = (struct x509_context *)ctx;
308
309 return x509->minimal.vtable->get_pkey(&x509->minimal.vtable, usages);
310 }
311
312 static const br_x509_class x509_vtable = {
313 sizeof(struct x509_context),
314 x509_start_chain,
315 x509_start_cert,
316 x509_append,
317 x509_end_cert,
318 x509_end_chain,
319 x509_get_pkey
320 };
321
bearssl_connect_step1(struct Curl_easy * data,struct connectdata * conn,int sockindex)322 static CURLcode bearssl_connect_step1(struct Curl_easy *data,
323 struct connectdata *conn, int sockindex)
324 {
325 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
326 struct ssl_backend_data *backend = connssl->backend;
327 const struct curl_blob *ca_info_blob = SSL_CONN_CONFIG(ca_info_blob);
328 const char * const ssl_cafile =
329 /* CURLOPT_CAINFO_BLOB overrides CURLOPT_CAINFO */
330 (ca_info_blob ? NULL : SSL_CONN_CONFIG(CAfile));
331 const char *hostname = SSL_HOST_NAME();
332 const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
333 const bool verifyhost = SSL_CONN_CONFIG(verifyhost);
334 CURLcode ret;
335 unsigned version_min, version_max;
336 #ifdef ENABLE_IPV6
337 struct in6_addr addr;
338 #else
339 struct in_addr addr;
340 #endif
341
342 switch(SSL_CONN_CONFIG(version)) {
343 case CURL_SSLVERSION_SSLv2:
344 failf(data, "BearSSL does not support SSLv2");
345 return CURLE_SSL_CONNECT_ERROR;
346 case CURL_SSLVERSION_SSLv3:
347 failf(data, "BearSSL does not support SSLv3");
348 return CURLE_SSL_CONNECT_ERROR;
349 case CURL_SSLVERSION_TLSv1_0:
350 version_min = BR_TLS10;
351 version_max = BR_TLS10;
352 break;
353 case CURL_SSLVERSION_TLSv1_1:
354 version_min = BR_TLS11;
355 version_max = BR_TLS11;
356 break;
357 case CURL_SSLVERSION_TLSv1_2:
358 version_min = BR_TLS12;
359 version_max = BR_TLS12;
360 break;
361 case CURL_SSLVERSION_DEFAULT:
362 case CURL_SSLVERSION_TLSv1:
363 version_min = BR_TLS10;
364 version_max = BR_TLS12;
365 break;
366 default:
367 failf(data, "BearSSL: unknown CURLOPT_SSLVERSION");
368 return CURLE_SSL_CONNECT_ERROR;
369 }
370
371 if(ca_info_blob) {
372 struct cafile_source source = {
373 CAFILE_SOURCE_BLOB,
374 ca_info_blob->data,
375 ca_info_blob->len,
376 };
377 ret = load_cafile(&source, &backend->anchors, &backend->anchors_len);
378 if(ret != CURLE_OK) {
379 if(verifypeer) {
380 failf(data, "error importing CA certificate blob");
381 return ret;
382 }
383 /* Only warn if no certificate verification is required. */
384 infof(data, "error importing CA certificate blob, continuing anyway");
385 }
386 }
387
388 if(ssl_cafile) {
389 struct cafile_source source = {
390 CAFILE_SOURCE_PATH,
391 ssl_cafile,
392 0,
393 };
394 ret = load_cafile(&source, &backend->anchors, &backend->anchors_len);
395 if(ret != CURLE_OK) {
396 if(verifypeer) {
397 failf(data, "error setting certificate verify locations."
398 " CAfile: %s", ssl_cafile);
399 return ret;
400 }
401 infof(data, "error setting certificate verify locations,"
402 " continuing anyway:");
403 }
404 }
405
406 /* initialize SSL context */
407 br_ssl_client_init_full(&backend->ctx, &backend->x509.minimal,
408 backend->anchors, backend->anchors_len);
409 br_ssl_engine_set_versions(&backend->ctx.eng, version_min, version_max);
410 br_ssl_engine_set_buffer(&backend->ctx.eng, backend->buf,
411 sizeof(backend->buf), 1);
412
413 /* initialize X.509 context */
414 backend->x509.vtable = &x509_vtable;
415 backend->x509.verifypeer = verifypeer;
416 backend->x509.verifyhost = verifyhost;
417 br_ssl_engine_set_x509(&backend->ctx.eng, &backend->x509.vtable);
418
419 if(SSL_SET_OPTION(primary.sessionid)) {
420 void *session;
421
422 Curl_ssl_sessionid_lock(data);
423 if(!Curl_ssl_getsessionid(data, conn, SSL_IS_PROXY() ? TRUE : FALSE,
424 &session, NULL, sockindex)) {
425 br_ssl_engine_set_session_parameters(&backend->ctx.eng, session);
426 infof(data, "BearSSL: re-using session ID");
427 }
428 Curl_ssl_sessionid_unlock(data);
429 }
430
431 if(conn->bits.tls_enable_alpn) {
432 int cur = 0;
433
434 /* NOTE: when adding more protocols here, increase the size of the
435 * protocols array in `struct ssl_backend_data`.
436 */
437
438 #ifdef USE_HTTP2
439 if(data->state.httpwant >= CURL_HTTP_VERSION_2
440 #ifndef CURL_DISABLE_PROXY
441 && (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)
442 #endif
443 ) {
444 backend->protocols[cur++] = ALPN_H2;
445 infof(data, "ALPN, offering %s", ALPN_H2);
446 }
447 #endif
448
449 backend->protocols[cur++] = ALPN_HTTP_1_1;
450 infof(data, "ALPN, offering %s", ALPN_HTTP_1_1);
451
452 br_ssl_engine_set_protocol_names(&backend->ctx.eng,
453 backend->protocols, cur);
454 }
455
456 if((1 == Curl_inet_pton(AF_INET, hostname, &addr))
457 #ifdef ENABLE_IPV6
458 || (1 == Curl_inet_pton(AF_INET6, hostname, &addr))
459 #endif
460 ) {
461 if(verifyhost) {
462 failf(data, "BearSSL: "
463 "host verification of IP address is not supported");
464 return CURLE_PEER_FAILED_VERIFICATION;
465 }
466 hostname = NULL;
467 }
468
469 if(!br_ssl_client_reset(&backend->ctx, hostname, 0))
470 return CURLE_FAILED_INIT;
471 backend->active = TRUE;
472
473 connssl->connecting_state = ssl_connect_2;
474
475 return CURLE_OK;
476 }
477
bearssl_run_until(struct Curl_easy * data,struct connectdata * conn,int sockindex,unsigned target)478 static CURLcode bearssl_run_until(struct Curl_easy *data,
479 struct connectdata *conn, int sockindex,
480 unsigned target)
481 {
482 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
483 struct ssl_backend_data *backend = connssl->backend;
484 curl_socket_t sockfd = conn->sock[sockindex];
485 unsigned state;
486 unsigned char *buf;
487 size_t len;
488 ssize_t ret;
489 int err;
490
491 for(;;) {
492 state = br_ssl_engine_current_state(&backend->ctx.eng);
493 if(state & BR_SSL_CLOSED) {
494 err = br_ssl_engine_last_error(&backend->ctx.eng);
495 switch(err) {
496 case BR_ERR_OK:
497 /* TLS close notify */
498 if(connssl->state != ssl_connection_complete) {
499 failf(data, "SSL: connection closed during handshake");
500 return CURLE_SSL_CONNECT_ERROR;
501 }
502 return CURLE_OK;
503 case BR_ERR_X509_EXPIRED:
504 failf(data, "SSL: X.509 verification: "
505 "certificate is expired or not yet valid");
506 return CURLE_PEER_FAILED_VERIFICATION;
507 case BR_ERR_X509_BAD_SERVER_NAME:
508 failf(data, "SSL: X.509 verification: "
509 "expected server name was not found in the chain");
510 return CURLE_PEER_FAILED_VERIFICATION;
511 case BR_ERR_X509_NOT_TRUSTED:
512 failf(data, "SSL: X.509 verification: "
513 "chain could not be linked to a trust anchor");
514 return CURLE_PEER_FAILED_VERIFICATION;
515 }
516 /* X.509 errors are documented to have the range 32..63 */
517 if(err >= 32 && err < 64)
518 return CURLE_PEER_FAILED_VERIFICATION;
519 return CURLE_SSL_CONNECT_ERROR;
520 }
521 if(state & target)
522 return CURLE_OK;
523 if(state & BR_SSL_SENDREC) {
524 buf = br_ssl_engine_sendrec_buf(&backend->ctx.eng, &len);
525 ret = swrite(sockfd, buf, len);
526 if(ret == -1) {
527 if(SOCKERRNO == EAGAIN || SOCKERRNO == EWOULDBLOCK) {
528 if(connssl->state != ssl_connection_complete)
529 connssl->connecting_state = ssl_connect_2_writing;
530 return CURLE_AGAIN;
531 }
532 return CURLE_WRITE_ERROR;
533 }
534 br_ssl_engine_sendrec_ack(&backend->ctx.eng, ret);
535 }
536 else if(state & BR_SSL_RECVREC) {
537 buf = br_ssl_engine_recvrec_buf(&backend->ctx.eng, &len);
538 ret = sread(sockfd, buf, len);
539 if(ret == 0) {
540 failf(data, "SSL: EOF without close notify");
541 return CURLE_READ_ERROR;
542 }
543 if(ret == -1) {
544 if(SOCKERRNO == EAGAIN || SOCKERRNO == EWOULDBLOCK) {
545 if(connssl->state != ssl_connection_complete)
546 connssl->connecting_state = ssl_connect_2_reading;
547 return CURLE_AGAIN;
548 }
549 return CURLE_READ_ERROR;
550 }
551 br_ssl_engine_recvrec_ack(&backend->ctx.eng, ret);
552 }
553 }
554 }
555
bearssl_connect_step2(struct Curl_easy * data,struct connectdata * conn,int sockindex)556 static CURLcode bearssl_connect_step2(struct Curl_easy *data,
557 struct connectdata *conn, int sockindex)
558 {
559 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
560 struct ssl_backend_data *backend = connssl->backend;
561 CURLcode ret;
562
563 ret = bearssl_run_until(data, conn, sockindex,
564 BR_SSL_SENDAPP | BR_SSL_RECVAPP);
565 if(ret == CURLE_AGAIN)
566 return CURLE_OK;
567 if(ret == CURLE_OK) {
568 if(br_ssl_engine_current_state(&backend->ctx.eng) == BR_SSL_CLOSED) {
569 failf(data, "SSL: connection closed during handshake");
570 return CURLE_SSL_CONNECT_ERROR;
571 }
572 connssl->connecting_state = ssl_connect_3;
573 }
574 return ret;
575 }
576
bearssl_connect_step3(struct Curl_easy * data,struct connectdata * conn,int sockindex)577 static CURLcode bearssl_connect_step3(struct Curl_easy *data,
578 struct connectdata *conn, int sockindex)
579 {
580 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
581 struct ssl_backend_data *backend = connssl->backend;
582 CURLcode ret;
583
584 DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
585
586 if(conn->bits.tls_enable_alpn) {
587 const char *protocol;
588
589 protocol = br_ssl_engine_get_selected_protocol(&backend->ctx.eng);
590 if(protocol) {
591 infof(data, "ALPN, server accepted to use %s", protocol);
592
593 #ifdef USE_HTTP2
594 if(!strcmp(protocol, ALPN_H2))
595 conn->negnpn = CURL_HTTP_VERSION_2;
596 else
597 #endif
598 if(!strcmp(protocol, ALPN_HTTP_1_1))
599 conn->negnpn = CURL_HTTP_VERSION_1_1;
600 else
601 infof(data, "ALPN, unrecognized protocol %s", protocol);
602 Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ?
603 BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
604 }
605 else
606 infof(data, "ALPN, server did not agree to a protocol");
607 }
608
609 if(SSL_SET_OPTION(primary.sessionid)) {
610 bool incache;
611 bool added = FALSE;
612 void *oldsession;
613 br_ssl_session_parameters *session;
614
615 session = malloc(sizeof(*session));
616 if(!session)
617 return CURLE_OUT_OF_MEMORY;
618 br_ssl_engine_get_session_parameters(&backend->ctx.eng, session);
619 Curl_ssl_sessionid_lock(data);
620 incache = !(Curl_ssl_getsessionid(data, conn,
621 SSL_IS_PROXY() ? TRUE : FALSE,
622 &oldsession, NULL, sockindex));
623 if(incache)
624 Curl_ssl_delsessionid(data, oldsession);
625 ret = Curl_ssl_addsessionid(data, conn,
626 SSL_IS_PROXY() ? TRUE : FALSE,
627 session, 0, sockindex, &added);
628 Curl_ssl_sessionid_unlock(data);
629 if(!added)
630 free(session);
631 if(ret) {
632 return CURLE_OUT_OF_MEMORY;
633 }
634 }
635
636 connssl->connecting_state = ssl_connect_done;
637
638 return CURLE_OK;
639 }
640
bearssl_send(struct Curl_easy * data,int sockindex,const void * buf,size_t len,CURLcode * err)641 static ssize_t bearssl_send(struct Curl_easy *data, int sockindex,
642 const void *buf, size_t len, CURLcode *err)
643 {
644 struct connectdata *conn = data->conn;
645 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
646 struct ssl_backend_data *backend = connssl->backend;
647 unsigned char *app;
648 size_t applen;
649
650 for(;;) {
651 *err = bearssl_run_until(data, conn, sockindex, BR_SSL_SENDAPP);
652 if (*err != CURLE_OK)
653 return -1;
654 app = br_ssl_engine_sendapp_buf(&backend->ctx.eng, &applen);
655 if(!app) {
656 failf(data, "SSL: connection closed during write");
657 *err = CURLE_SEND_ERROR;
658 return -1;
659 }
660 if(backend->pending_write) {
661 applen = backend->pending_write;
662 backend->pending_write = 0;
663 return applen;
664 }
665 if(applen > len)
666 applen = len;
667 memcpy(app, buf, applen);
668 br_ssl_engine_sendapp_ack(&backend->ctx.eng, applen);
669 br_ssl_engine_flush(&backend->ctx.eng, 0);
670 backend->pending_write = applen;
671 }
672 }
673
bearssl_recv(struct Curl_easy * data,int sockindex,char * buf,size_t len,CURLcode * err)674 static ssize_t bearssl_recv(struct Curl_easy *data, int sockindex,
675 char *buf, size_t len, CURLcode *err)
676 {
677 struct connectdata *conn = data->conn;
678 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
679 struct ssl_backend_data *backend = connssl->backend;
680 unsigned char *app;
681 size_t applen;
682
683 *err = bearssl_run_until(data, conn, sockindex, BR_SSL_RECVAPP);
684 if(*err != CURLE_OK)
685 return -1;
686 app = br_ssl_engine_recvapp_buf(&backend->ctx.eng, &applen);
687 if(!app)
688 return 0;
689 if(applen > len)
690 applen = len;
691 memcpy(buf, app, applen);
692 br_ssl_engine_recvapp_ack(&backend->ctx.eng, applen);
693
694 return applen;
695 }
696
bearssl_connect_common(struct Curl_easy * data,struct connectdata * conn,int sockindex,bool nonblocking,bool * done)697 static CURLcode bearssl_connect_common(struct Curl_easy *data,
698 struct connectdata *conn,
699 int sockindex,
700 bool nonblocking,
701 bool *done)
702 {
703 CURLcode ret;
704 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
705 curl_socket_t sockfd = conn->sock[sockindex];
706 timediff_t timeout_ms;
707 int what;
708
709 /* check if the connection has already been established */
710 if(ssl_connection_complete == connssl->state) {
711 *done = TRUE;
712 return CURLE_OK;
713 }
714
715 if(ssl_connect_1 == connssl->connecting_state) {
716 ret = bearssl_connect_step1(data, conn, sockindex);
717 if(ret)
718 return ret;
719 }
720
721 while(ssl_connect_2 == connssl->connecting_state ||
722 ssl_connect_2_reading == connssl->connecting_state ||
723 ssl_connect_2_writing == connssl->connecting_state) {
724 /* check allowed time left */
725 timeout_ms = Curl_timeleft(data, NULL, TRUE);
726
727 if(timeout_ms < 0) {
728 /* no need to continue if time already is up */
729 failf(data, "SSL connection timeout");
730 return CURLE_OPERATION_TIMEDOUT;
731 }
732
733 /* if ssl is expecting something, check if it's available. */
734 if(ssl_connect_2_reading == connssl->connecting_state ||
735 ssl_connect_2_writing == connssl->connecting_state) {
736
737 curl_socket_t writefd = ssl_connect_2_writing ==
738 connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
739 curl_socket_t readfd = ssl_connect_2_reading ==
740 connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
741
742 what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd,
743 nonblocking?0:timeout_ms);
744 if(what < 0) {
745 /* fatal error */
746 failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
747 return CURLE_SSL_CONNECT_ERROR;
748 }
749 else if(0 == what) {
750 if(nonblocking) {
751 *done = FALSE;
752 return CURLE_OK;
753 }
754 else {
755 /* timeout */
756 failf(data, "SSL connection timeout");
757 return CURLE_OPERATION_TIMEDOUT;
758 }
759 }
760 /* socket is readable or writable */
761 }
762
763 /* Run transaction, and return to the caller if it failed or if this
764 * connection is done nonblocking and this loop would execute again. This
765 * permits the owner of a multi handle to abort a connection attempt
766 * before step2 has completed while ensuring that a client using select()
767 * or epoll() will always have a valid fdset to wait on.
768 */
769 ret = bearssl_connect_step2(data, conn, sockindex);
770 if(ret || (nonblocking &&
771 (ssl_connect_2 == connssl->connecting_state ||
772 ssl_connect_2_reading == connssl->connecting_state ||
773 ssl_connect_2_writing == connssl->connecting_state)))
774 return ret;
775 }
776
777 if(ssl_connect_3 == connssl->connecting_state) {
778 ret = bearssl_connect_step3(data, conn, sockindex);
779 if(ret)
780 return ret;
781 }
782
783 if(ssl_connect_done == connssl->connecting_state) {
784 connssl->state = ssl_connection_complete;
785 conn->recv[sockindex] = bearssl_recv;
786 conn->send[sockindex] = bearssl_send;
787 *done = TRUE;
788 }
789 else
790 *done = FALSE;
791
792 /* Reset our connect state machine */
793 connssl->connecting_state = ssl_connect_1;
794
795 return CURLE_OK;
796 }
797
bearssl_version(char * buffer,size_t size)798 static size_t bearssl_version(char *buffer, size_t size)
799 {
800 return msnprintf(buffer, size, "BearSSL");
801 }
802
bearssl_data_pending(const struct connectdata * conn,int connindex)803 static bool bearssl_data_pending(const struct connectdata *conn,
804 int connindex)
805 {
806 const struct ssl_connect_data *connssl = &conn->ssl[connindex];
807 struct ssl_backend_data *backend = connssl->backend;
808 return br_ssl_engine_current_state(&backend->ctx.eng) & BR_SSL_RECVAPP;
809 }
810
bearssl_random(struct Curl_easy * data UNUSED_PARAM,unsigned char * entropy,size_t length)811 static CURLcode bearssl_random(struct Curl_easy *data UNUSED_PARAM,
812 unsigned char *entropy, size_t length)
813 {
814 static br_hmac_drbg_context ctx;
815 static bool seeded = FALSE;
816
817 if(!seeded) {
818 br_prng_seeder seeder;
819
820 br_hmac_drbg_init(&ctx, &br_sha256_vtable, NULL, 0);
821 seeder = br_prng_seeder_system(NULL);
822 if(!seeder || !seeder(&ctx.vtable))
823 return CURLE_FAILED_INIT;
824 seeded = TRUE;
825 }
826 br_hmac_drbg_generate(&ctx, entropy, length);
827
828 return CURLE_OK;
829 }
830
bearssl_connect(struct Curl_easy * data,struct connectdata * conn,int sockindex)831 static CURLcode bearssl_connect(struct Curl_easy *data,
832 struct connectdata *conn, int sockindex)
833 {
834 CURLcode ret;
835 bool done = FALSE;
836
837 ret = bearssl_connect_common(data, conn, sockindex, FALSE, &done);
838 if(ret)
839 return ret;
840
841 DEBUGASSERT(done);
842
843 return CURLE_OK;
844 }
845
bearssl_connect_nonblocking(struct Curl_easy * data,struct connectdata * conn,int sockindex,bool * done)846 static CURLcode bearssl_connect_nonblocking(struct Curl_easy *data,
847 struct connectdata *conn,
848 int sockindex, bool *done)
849 {
850 return bearssl_connect_common(data, conn, sockindex, TRUE, done);
851 }
852
bearssl_get_internals(struct ssl_connect_data * connssl,CURLINFO info UNUSED_PARAM)853 static void *bearssl_get_internals(struct ssl_connect_data *connssl,
854 CURLINFO info UNUSED_PARAM)
855 {
856 struct ssl_backend_data *backend = connssl->backend;
857 return &backend->ctx;
858 }
859
bearssl_close(struct Curl_easy * data,struct connectdata * conn,int sockindex)860 static void bearssl_close(struct Curl_easy *data,
861 struct connectdata *conn, int sockindex)
862 {
863 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
864 struct ssl_backend_data *backend = connssl->backend;
865 size_t i;
866
867 if(backend->active) {
868 br_ssl_engine_close(&backend->ctx.eng);
869 (void)bearssl_run_until(data, conn, sockindex, BR_SSL_CLOSED);
870 }
871 for(i = 0; i < backend->anchors_len; ++i)
872 free(backend->anchors[i].dn.data);
873 free(backend->anchors);
874 }
875
bearssl_session_free(void * ptr)876 static void bearssl_session_free(void *ptr)
877 {
878 free(ptr);
879 }
880
bearssl_sha256sum(const unsigned char * input,size_t inputlen,unsigned char * sha256sum,size_t sha256len UNUSED_PARAM)881 static CURLcode bearssl_sha256sum(const unsigned char *input,
882 size_t inputlen,
883 unsigned char *sha256sum,
884 size_t sha256len UNUSED_PARAM)
885 {
886 br_sha256_context ctx;
887
888 br_sha256_init(&ctx);
889 br_sha256_update(&ctx, input, inputlen);
890 br_sha256_out(&ctx, sha256sum);
891 return CURLE_OK;
892 }
893
894 const struct Curl_ssl Curl_ssl_bearssl = {
895 { CURLSSLBACKEND_BEARSSL, "bearssl" }, /* info */
896 SSLSUPP_CAINFO_BLOB,
897 sizeof(struct ssl_backend_data),
898
899 Curl_none_init, /* init */
900 Curl_none_cleanup, /* cleanup */
901 bearssl_version, /* version */
902 Curl_none_check_cxn, /* check_cxn */
903 Curl_none_shutdown, /* shutdown */
904 bearssl_data_pending, /* data_pending */
905 bearssl_random, /* random */
906 Curl_none_cert_status_request, /* cert_status_request */
907 bearssl_connect, /* connect */
908 bearssl_connect_nonblocking, /* connect_nonblocking */
909 Curl_ssl_getsock, /* getsock */
910 bearssl_get_internals, /* get_internals */
911 bearssl_close, /* close_one */
912 Curl_none_close_all, /* close_all */
913 bearssl_session_free, /* session_free */
914 Curl_none_set_engine, /* set_engine */
915 Curl_none_set_engine_default, /* set_engine_default */
916 Curl_none_engines_list, /* engines_list */
917 Curl_none_false_start, /* false_start */
918 bearssl_sha256sum, /* sha256sum */
919 NULL, /* associate_connection */
920 NULL /* disassociate_connection */
921 };
922
923 #endif /* USE_BEARSSL */
924