1 /***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.haxx.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 ***************************************************************************/
22
23 /*
24 * Source file for all OpenSSL-specific code for the TLS/SSL layer. No code
25 * but vtls.c should ever call or use these functions.
26 */
27
28 /*
29 * The original SSLeay-using code for curl was written by Linas Vepstas and
30 * Sampo Kellomaki 1998.
31 */
32
33 #include "curl_setup.h"
34
35 #ifdef USE_OPENSSL
36
37 #ifdef HAVE_LIMITS_H
38 #include <limits.h>
39 #endif
40
41 #include "urldata.h"
42 #include "sendf.h"
43 #include "formdata.h" /* for the boundary function */
44 #include "url.h" /* for the ssl config check function */
45 #include "inet_pton.h"
46 #include "openssl.h"
47 #include "connect.h"
48 #include "slist.h"
49 #include "select.h"
50 #include "vtls.h"
51 #include "strcase.h"
52 #include "hostcheck.h"
53 #include "curl_printf.h"
54
55 #include <openssl/ssl.h>
56 #include <openssl/rand.h>
57 #include <openssl/x509v3.h>
58 #include <openssl/dsa.h>
59 #include <openssl/dh.h>
60 #include <openssl/err.h>
61 #include <openssl/md5.h>
62 #include <openssl/conf.h>
63 #include <openssl/bn.h>
64 #include <openssl/rsa.h>
65
66 #ifdef HAVE_OPENSSL_PKCS12_H
67 #include <openssl/pkcs12.h>
68 #endif
69
70 #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_OCSP)
71 #include <openssl/ocsp.h>
72 #endif
73
74 #include "warnless.h"
75 #include "non-ascii.h" /* for Curl_convert_from_utf8 prototype */
76
77 /* The last #include files should be: */
78 #include "curl_memory.h"
79 #include "memdebug.h"
80
81 #ifndef OPENSSL_VERSION_NUMBER
82 #error "OPENSSL_VERSION_NUMBER not defined"
83 #endif
84
85 #if defined(HAVE_OPENSSL_ENGINE_H)
86 #include <openssl/ui.h>
87 #endif
88
89 #if OPENSSL_VERSION_NUMBER >= 0x00909000L
90 #define SSL_METHOD_QUAL const
91 #else
92 #define SSL_METHOD_QUAL
93 #endif
94
95 #if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
96 #define HAVE_ERR_REMOVE_THREAD_STATE 1
97 #endif
98
99 #if !defined(HAVE_SSLV2_CLIENT_METHOD) || \
100 OPENSSL_VERSION_NUMBER >= 0x10100000L /* 1.1.0+ has no SSLv2 */
101 #undef OPENSSL_NO_SSL2 /* undef first to avoid compiler warnings */
102 #define OPENSSL_NO_SSL2
103 #endif
104
105 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && /* OpenSSL 1.1.0+ */ \
106 !defined(LIBRESSL_VERSION_NUMBER)
107 #define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
108 #define HAVE_X509_GET0_EXTENSIONS 1 /* added in 1.1.0 -pre1 */
109 #define HAVE_OPAQUE_EVP_PKEY 1 /* since 1.1.0 -pre3 */
110 #define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */
111 #define CONST_EXTS const
112 #define CONST_ASN1_BIT_STRING const
113 #define HAVE_ERR_REMOVE_THREAD_STATE_DEPRECATED 1
114 #else
115 /* For OpenSSL before 1.1.0 */
116 #define ASN1_STRING_get0_data(x) ASN1_STRING_data(x)
117 #define X509_get0_notBefore(x) X509_get_notBefore(x)
118 #define X509_get0_notAfter(x) X509_get_notAfter(x)
119 #define CONST_EXTS /* nope */
120 #define CONST_ASN1_BIT_STRING /* nope */
121 #ifdef LIBRESSL_VERSION_NUMBER
OpenSSL_version_num(void)122 static unsigned long OpenSSL_version_num(void)
123 {
124 return LIBRESSL_VERSION_NUMBER;
125 }
126 #else
127 #define OpenSSL_version_num() SSLeay()
128 #endif
129 #endif
130
131 #if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && /* 1.0.2 or later */ \
132 !defined(LIBRESSL_VERSION_NUMBER)
133 #define HAVE_X509_GET0_SIGNATURE 1
134 #endif
135
136 #if OPENSSL_VERSION_NUMBER >= 0x10002003L && \
137 OPENSSL_VERSION_NUMBER <= 0x10002FFFL && \
138 !defined(OPENSSL_NO_COMP)
139 #define HAVE_SSL_COMP_FREE_COMPRESSION_METHODS 1
140 #endif
141
142 #if (OPENSSL_VERSION_NUMBER < 0x0090808fL)
143 /* not present in older OpenSSL */
144 #define OPENSSL_load_builtin_modules(x)
145 #endif
146
147 #if defined(LIBRESSL_VERSION_NUMBER)
148 #define OSSL_PACKAGE "LibreSSL"
149 #elif defined(OPENSSL_IS_BORINGSSL)
150 #define OSSL_PACKAGE "BoringSSL"
151 #else
152 #define OSSL_PACKAGE "OpenSSL"
153 #endif
154
155 /*
156 * Number of bytes to read from the random number seed file. This must be
157 * a finite value (because some entropy "files" like /dev/urandom have
158 * an infinite length), but must be large enough to provide enough
159 * entopy to properly seed OpenSSL's PRNG.
160 */
161 #define RAND_LOAD_LENGTH 1024
162
passwd_callback(char * buf,int num,int encrypting,void * global_passwd)163 static int passwd_callback(char *buf, int num, int encrypting,
164 void *global_passwd)
165 {
166 DEBUGASSERT(0 == encrypting);
167
168 if(!encrypting) {
169 int klen = curlx_uztosi(strlen((char *)global_passwd));
170 if(num > klen) {
171 memcpy(buf, global_passwd, klen+1);
172 return klen;
173 }
174 }
175 return 0;
176 }
177
178 /*
179 * rand_enough() returns TRUE if we have seeded the random engine properly.
180 */
rand_enough(void)181 static bool rand_enough(void)
182 {
183 return (0 != RAND_status()) ? TRUE : FALSE;
184 }
185
Curl_ossl_seed(struct Curl_easy * data)186 static CURLcode Curl_ossl_seed(struct Curl_easy *data)
187 {
188 /* we have the "SSL is seeded" boolean static to prevent multiple
189 time-consuming seedings in vain */
190 static bool ssl_seeded = FALSE;
191 char *buf = data->state.buffer; /* point to the big buffer */
192 int nread=0;
193
194 if(ssl_seeded)
195 return CURLE_OK;
196
197 if(rand_enough()) {
198 /* OpenSSL 1.1.0+ will return here */
199 ssl_seeded = TRUE;
200 return CURLE_OK;
201 }
202
203 #ifndef RANDOM_FILE
204 /* if RANDOM_FILE isn't defined, we only perform this if an option tells
205 us to! */
206 if(data->set.str[STRING_SSL_RANDOM_FILE])
207 #define RANDOM_FILE "" /* doesn't matter won't be used */
208 #endif
209 {
210 /* let the option override the define */
211 nread += RAND_load_file((data->set.str[STRING_SSL_RANDOM_FILE]?
212 data->set.str[STRING_SSL_RANDOM_FILE]:
213 RANDOM_FILE),
214 RAND_LOAD_LENGTH);
215 if(rand_enough())
216 return nread;
217 }
218
219 #if defined(HAVE_RAND_EGD)
220 /* only available in OpenSSL 0.9.5 and later */
221 /* EGD_SOCKET is set at configure time or not at all */
222 #ifndef EGD_SOCKET
223 /* If we don't have the define set, we only do this if the egd-option
224 is set */
225 if(data->set.str[STRING_SSL_EGDSOCKET])
226 #define EGD_SOCKET "" /* doesn't matter won't be used */
227 #endif
228 {
229 /* If there's an option and a define, the option overrides the
230 define */
231 int ret = RAND_egd(data->set.str[STRING_SSL_EGDSOCKET]?
232 data->set.str[STRING_SSL_EGDSOCKET]:EGD_SOCKET);
233 if(-1 != ret) {
234 nread += ret;
235 if(rand_enough())
236 return nread;
237 }
238 }
239 #endif
240
241 /* If we get here, it means we need to seed the PRNG using a "silly"
242 approach! */
243 do {
244 unsigned char randb[64];
245 int len = sizeof(randb);
246 if(!RAND_bytes(randb, len))
247 break;
248 RAND_add(randb, len, (len >> 1));
249 } while(!rand_enough());
250
251 /* generates a default path for the random seed file */
252 buf[0]=0; /* blank it first */
253 RAND_file_name(buf, BUFSIZE);
254 if(buf[0]) {
255 /* we got a file name to try */
256 nread += RAND_load_file(buf, RAND_LOAD_LENGTH);
257 if(rand_enough())
258 return nread;
259 }
260
261 infof(data, "libcurl is now using a weak random seed!\n");
262 return CURLE_SSL_CONNECT_ERROR; /* confusing error code */
263 }
264
265 #ifndef SSL_FILETYPE_ENGINE
266 #define SSL_FILETYPE_ENGINE 42
267 #endif
268 #ifndef SSL_FILETYPE_PKCS12
269 #define SSL_FILETYPE_PKCS12 43
270 #endif
do_file_type(const char * type)271 static int do_file_type(const char *type)
272 {
273 if(!type || !type[0])
274 return SSL_FILETYPE_PEM;
275 if(strcasecompare(type, "PEM"))
276 return SSL_FILETYPE_PEM;
277 if(strcasecompare(type, "DER"))
278 return SSL_FILETYPE_ASN1;
279 if(strcasecompare(type, "ENG"))
280 return SSL_FILETYPE_ENGINE;
281 if(strcasecompare(type, "P12"))
282 return SSL_FILETYPE_PKCS12;
283 return -1;
284 }
285
286 #if defined(HAVE_OPENSSL_ENGINE_H)
287 /*
288 * Supply default password to the engine user interface conversation.
289 * The password is passed by OpenSSL engine from ENGINE_load_private_key()
290 * last argument to the ui and can be obtained by UI_get0_user_data(ui) here.
291 */
ssl_ui_reader(UI * ui,UI_STRING * uis)292 static int ssl_ui_reader(UI *ui, UI_STRING *uis)
293 {
294 const char *password;
295 switch(UI_get_string_type(uis)) {
296 case UIT_PROMPT:
297 case UIT_VERIFY:
298 password = (const char *)UI_get0_user_data(ui);
299 if(password && (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD)) {
300 UI_set_result(ui, uis, password);
301 return 1;
302 }
303 default:
304 break;
305 }
306 return (UI_method_get_reader(UI_OpenSSL()))(ui, uis);
307 }
308
309 /*
310 * Suppress interactive request for a default password if available.
311 */
ssl_ui_writer(UI * ui,UI_STRING * uis)312 static int ssl_ui_writer(UI *ui, UI_STRING *uis)
313 {
314 switch(UI_get_string_type(uis)) {
315 case UIT_PROMPT:
316 case UIT_VERIFY:
317 if(UI_get0_user_data(ui) &&
318 (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD)) {
319 return 1;
320 }
321 default:
322 break;
323 }
324 return (UI_method_get_writer(UI_OpenSSL()))(ui, uis);
325 }
326 #endif
327
328 static
cert_stuff(struct connectdata * conn,SSL_CTX * ctx,char * cert_file,const char * cert_type,char * key_file,const char * key_type,char * key_passwd)329 int cert_stuff(struct connectdata *conn,
330 SSL_CTX* ctx,
331 char *cert_file,
332 const char *cert_type,
333 char *key_file,
334 const char *key_type,
335 char *key_passwd)
336 {
337 struct Curl_easy *data = conn->data;
338
339 int file_type = do_file_type(cert_type);
340
341 if(cert_file || (file_type == SSL_FILETYPE_ENGINE)) {
342 SSL *ssl;
343 X509 *x509;
344 int cert_done = 0;
345
346 if(key_passwd) {
347 /* set the password in the callback userdata */
348 SSL_CTX_set_default_passwd_cb_userdata(ctx, key_passwd);
349 /* Set passwd callback: */
350 SSL_CTX_set_default_passwd_cb(ctx, passwd_callback);
351 }
352
353
354 switch(file_type) {
355 case SSL_FILETYPE_PEM:
356 /* SSL_CTX_use_certificate_chain_file() only works on PEM files */
357 if(SSL_CTX_use_certificate_chain_file(ctx,
358 cert_file) != 1) {
359 failf(data,
360 "could not load PEM client certificate, " OSSL_PACKAGE
361 " error %s, "
362 "(no key found, wrong pass phrase, or wrong file format?)",
363 ERR_error_string(ERR_get_error(), NULL) );
364 return 0;
365 }
366 break;
367
368 case SSL_FILETYPE_ASN1:
369 /* SSL_CTX_use_certificate_file() works with either PEM or ASN1, but
370 we use the case above for PEM so this can only be performed with
371 ASN1 files. */
372 if(SSL_CTX_use_certificate_file(ctx,
373 cert_file,
374 file_type) != 1) {
375 failf(data,
376 "could not load ASN1 client certificate, " OSSL_PACKAGE
377 " error %s, "
378 "(no key found, wrong pass phrase, or wrong file format?)",
379 ERR_error_string(ERR_get_error(), NULL) );
380 return 0;
381 }
382 break;
383 case SSL_FILETYPE_ENGINE:
384 #if defined(HAVE_OPENSSL_ENGINE_H) && defined(ENGINE_CTRL_GET_CMD_FROM_NAME)
385 {
386 if(data->state.engine) {
387 const char *cmd_name = "LOAD_CERT_CTRL";
388 struct {
389 const char *cert_id;
390 X509 *cert;
391 } params;
392
393 params.cert_id = cert_file;
394 params.cert = NULL;
395
396 /* Does the engine supports LOAD_CERT_CTRL ? */
397 if(!ENGINE_ctrl(data->state.engine, ENGINE_CTRL_GET_CMD_FROM_NAME,
398 0, (void *)cmd_name, NULL)) {
399 failf(data, "ssl engine does not support loading certificates");
400 return 0;
401 }
402
403 /* Load the certificate from the engine */
404 if(!ENGINE_ctrl_cmd(data->state.engine, cmd_name,
405 0, ¶ms, NULL, 1)) {
406 failf(data, "ssl engine cannot load client cert with id"
407 " '%s' [%s]", cert_file,
408 ERR_error_string(ERR_get_error(), NULL));
409 return 0;
410 }
411
412 if(!params.cert) {
413 failf(data, "ssl engine didn't initialized the certificate "
414 "properly.");
415 return 0;
416 }
417
418 if(SSL_CTX_use_certificate(ctx, params.cert) != 1) {
419 failf(data, "unable to set client certificate");
420 X509_free(params.cert);
421 return 0;
422 }
423 X509_free(params.cert); /* we don't need the handle any more... */
424 }
425 else {
426 failf(data, "crypto engine not set, can't load certificate");
427 return 0;
428 }
429 }
430 break;
431 #else
432 failf(data, "file type ENG for certificate not implemented");
433 return 0;
434 #endif
435
436 case SSL_FILETYPE_PKCS12:
437 {
438 #ifdef HAVE_OPENSSL_PKCS12_H
439 FILE *f;
440 PKCS12 *p12;
441 EVP_PKEY *pri;
442 STACK_OF(X509) *ca = NULL;
443
444 f = fopen(cert_file, "rb");
445 if(!f) {
446 failf(data, "could not open PKCS12 file '%s'", cert_file);
447 return 0;
448 }
449 p12 = d2i_PKCS12_fp(f, NULL);
450 fclose(f);
451
452 if(!p12) {
453 failf(data, "error reading PKCS12 file '%s'", cert_file);
454 return 0;
455 }
456
457 PKCS12_PBE_add();
458
459 if(!PKCS12_parse(p12, key_passwd, &pri, &x509,
460 &ca)) {
461 failf(data,
462 "could not parse PKCS12 file, check password, " OSSL_PACKAGE
463 " error %s",
464 ERR_error_string(ERR_get_error(), NULL) );
465 PKCS12_free(p12);
466 return 0;
467 }
468
469 PKCS12_free(p12);
470
471 if(SSL_CTX_use_certificate(ctx, x509) != 1) {
472 failf(data,
473 "could not load PKCS12 client certificate, " OSSL_PACKAGE
474 " error %s",
475 ERR_error_string(ERR_get_error(), NULL) );
476 goto fail;
477 }
478
479 if(SSL_CTX_use_PrivateKey(ctx, pri) != 1) {
480 failf(data, "unable to use private key from PKCS12 file '%s'",
481 cert_file);
482 goto fail;
483 }
484
485 if(!SSL_CTX_check_private_key (ctx)) {
486 failf(data, "private key from PKCS12 file '%s' "
487 "does not match certificate in same file", cert_file);
488 goto fail;
489 }
490 /* Set Certificate Verification chain */
491 if(ca) {
492 while(sk_X509_num(ca)) {
493 /*
494 * Note that sk_X509_pop() is used below to make sure the cert is
495 * removed from the stack properly before getting passed to
496 * SSL_CTX_add_extra_chain_cert(). Previously we used
497 * sk_X509_value() instead, but then we'd clean it in the subsequent
498 * sk_X509_pop_free() call.
499 */
500 X509 *x = sk_X509_pop(ca);
501 if(!SSL_CTX_add_extra_chain_cert(ctx, x)) {
502 X509_free(x);
503 failf(data, "cannot add certificate to certificate chain");
504 goto fail;
505 }
506 /* SSL_CTX_add_client_CA() seems to work with either sk_* function,
507 * presumably because it duplicates what we pass to it.
508 */
509 if(!SSL_CTX_add_client_CA(ctx, x)) {
510 failf(data, "cannot add certificate to client CA list");
511 goto fail;
512 }
513 }
514 }
515
516 cert_done = 1;
517 fail:
518 EVP_PKEY_free(pri);
519 X509_free(x509);
520 sk_X509_pop_free(ca, X509_free);
521
522 if(!cert_done)
523 return 0; /* failure! */
524 break;
525 #else
526 failf(data, "file type P12 for certificate not supported");
527 return 0;
528 #endif
529 }
530 default:
531 failf(data, "not supported file type '%s' for certificate", cert_type);
532 return 0;
533 }
534
535 file_type = do_file_type(key_type);
536
537 switch(file_type) {
538 case SSL_FILETYPE_PEM:
539 if(cert_done)
540 break;
541 if(!key_file)
542 /* cert & key can only be in PEM case in the same file */
543 key_file=cert_file;
544 case SSL_FILETYPE_ASN1:
545 if(SSL_CTX_use_PrivateKey_file(ctx, key_file, file_type) != 1) {
546 failf(data, "unable to set private key file: '%s' type %s",
547 key_file, key_type?key_type:"PEM");
548 return 0;
549 }
550 break;
551 case SSL_FILETYPE_ENGINE:
552 #ifdef HAVE_OPENSSL_ENGINE_H
553 { /* XXXX still needs some work */
554 EVP_PKEY *priv_key = NULL;
555 if(data->state.engine) {
556 UI_METHOD *ui_method =
557 UI_create_method((char *)"curl user interface");
558 if(!ui_method) {
559 failf(data, "unable do create " OSSL_PACKAGE
560 " user-interface method");
561 return 0;
562 }
563 UI_method_set_opener(ui_method, UI_method_get_opener(UI_OpenSSL()));
564 UI_method_set_closer(ui_method, UI_method_get_closer(UI_OpenSSL()));
565 UI_method_set_reader(ui_method, ssl_ui_reader);
566 UI_method_set_writer(ui_method, ssl_ui_writer);
567 /* the typecast below was added to please mingw32 */
568 priv_key = (EVP_PKEY *)
569 ENGINE_load_private_key(data->state.engine, key_file,
570 ui_method,
571 key_passwd);
572 UI_destroy_method(ui_method);
573 if(!priv_key) {
574 failf(data, "failed to load private key from crypto engine");
575 return 0;
576 }
577 if(SSL_CTX_use_PrivateKey(ctx, priv_key) != 1) {
578 failf(data, "unable to set private key");
579 EVP_PKEY_free(priv_key);
580 return 0;
581 }
582 EVP_PKEY_free(priv_key); /* we don't need the handle any more... */
583 }
584 else {
585 failf(data, "crypto engine not set, can't load private key");
586 return 0;
587 }
588 }
589 break;
590 #else
591 failf(data, "file type ENG for private key not supported");
592 return 0;
593 #endif
594 case SSL_FILETYPE_PKCS12:
595 if(!cert_done) {
596 failf(data, "file type P12 for private key not supported");
597 return 0;
598 }
599 break;
600 default:
601 failf(data, "not supported file type for private key");
602 return 0;
603 }
604
605 ssl=SSL_new(ctx);
606 if(!ssl) {
607 failf(data, "unable to create an SSL structure");
608 return 0;
609 }
610
611 x509=SSL_get_certificate(ssl);
612
613 /* This version was provided by Evan Jordan and is supposed to not
614 leak memory as the previous version: */
615 if(x509) {
616 EVP_PKEY *pktmp = X509_get_pubkey(x509);
617 EVP_PKEY_copy_parameters(pktmp, SSL_get_privatekey(ssl));
618 EVP_PKEY_free(pktmp);
619 }
620
621 SSL_free(ssl);
622
623 /* If we are using DSA, we can copy the parameters from
624 * the private key */
625
626
627 /* Now we know that a key and cert have been set against
628 * the SSL context */
629 if(!SSL_CTX_check_private_key(ctx)) {
630 failf(data, "Private key does not match the certificate public key");
631 return 0;
632 }
633 }
634 return 1;
635 }
636
637 /* returns non-zero on failure */
x509_name_oneline(X509_NAME * a,char * buf,size_t size)638 static int x509_name_oneline(X509_NAME *a, char *buf, size_t size)
639 {
640 #if 0
641 return X509_NAME_oneline(a, buf, size);
642 #else
643 BIO *bio_out = BIO_new(BIO_s_mem());
644 BUF_MEM *biomem;
645 int rc;
646
647 if(!bio_out)
648 return 1; /* alloc failed! */
649
650 rc = X509_NAME_print_ex(bio_out, a, 0, XN_FLAG_SEP_SPLUS_SPC);
651 BIO_get_mem_ptr(bio_out, &biomem);
652
653 if((size_t)biomem->length < size)
654 size = biomem->length;
655 else
656 size--; /* don't overwrite the buffer end */
657
658 memcpy(buf, biomem->data, size);
659 buf[size]=0;
660
661 BIO_free(bio_out);
662
663 return !rc;
664 #endif
665 }
666
667 /* Return error string for last OpenSSL error
668 */
ossl_strerror(unsigned long error,char * buf,size_t size)669 static char *ossl_strerror(unsigned long error, char *buf, size_t size)
670 {
671 /* OpenSSL 0.9.6 and later has a function named
672 ERR_error_string_n() that takes the size of the buffer as a
673 third argument */
674 ERR_error_string_n(error, buf, size);
675 return buf;
676 }
677
678 /**
679 * Global SSL init
680 *
681 * @retval 0 error initializing SSL
682 * @retval 1 SSL initialized successfully
683 */
Curl_ossl_init(void)684 int Curl_ossl_init(void)
685 {
686 OPENSSL_load_builtin_modules();
687
688 #ifdef HAVE_ENGINE_LOAD_BUILTIN_ENGINES
689 ENGINE_load_builtin_engines();
690 #endif
691
692 /* OPENSSL_config(NULL); is "strongly recommended" to use but unfortunately
693 that function makes an exit() call on wrongly formatted config files
694 which makes it hard to use in some situations. OPENSSL_config() itself
695 calls CONF_modules_load_file() and we use that instead and we ignore
696 its return code! */
697
698 /* CONF_MFLAGS_DEFAULT_SECTION introduced some time between 0.9.8b and
699 0.9.8e */
700 #ifndef CONF_MFLAGS_DEFAULT_SECTION
701 #define CONF_MFLAGS_DEFAULT_SECTION 0x0
702 #endif
703
704 CONF_modules_load_file(NULL, NULL,
705 CONF_MFLAGS_DEFAULT_SECTION|
706 CONF_MFLAGS_IGNORE_MISSING_FILE);
707
708 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
709 !defined(LIBRESSL_VERSION_NUMBER)
710 /* OpenSSL 1.1.0+ takes care of initialization itself */
711 #else
712 /* Lets get nice error messages */
713 SSL_load_error_strings();
714
715 /* Init the global ciphers and digests */
716 if(!SSLeay_add_ssl_algorithms())
717 return 0;
718
719 OpenSSL_add_all_algorithms();
720 #endif
721
722 return 1;
723 }
724
725 /* Global cleanup */
Curl_ossl_cleanup(void)726 void Curl_ossl_cleanup(void)
727 {
728 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
729 !defined(LIBRESSL_VERSION_NUMBER)
730 /* OpenSSL 1.1 deprecates all these cleanup functions and
731 turns them into no-ops in OpenSSL 1.0 compatibility mode */
732 #else
733 /* Free ciphers and digests lists */
734 EVP_cleanup();
735
736 #ifdef HAVE_ENGINE_CLEANUP
737 /* Free engine list */
738 ENGINE_cleanup();
739 #endif
740
741 /* Free OpenSSL error strings */
742 ERR_free_strings();
743
744 /* Free thread local error state, destroying hash upon zero refcount */
745 #ifdef HAVE_ERR_REMOVE_THREAD_STATE
746 ERR_remove_thread_state(NULL);
747 #else
748 ERR_remove_state(0);
749 #endif
750
751 /* Free all memory allocated by all configuration modules */
752 CONF_modules_free();
753
754 #ifdef HAVE_SSL_COMP_FREE_COMPRESSION_METHODS
755 SSL_COMP_free_compression_methods();
756 #endif
757 #endif
758 }
759
760 /*
761 * This function is used to determine connection status.
762 *
763 * Return codes:
764 * 1 means the connection is still in place
765 * 0 means the connection has been closed
766 * -1 means the connection status is unknown
767 */
Curl_ossl_check_cxn(struct connectdata * conn)768 int Curl_ossl_check_cxn(struct connectdata *conn)
769 {
770 /* SSL_peek takes data out of the raw recv buffer without peeking so we use
771 recv MSG_PEEK instead. Bug #795 */
772 #ifdef MSG_PEEK
773 char buf;
774 ssize_t nread;
775 nread = recv((RECV_TYPE_ARG1)conn->sock[FIRSTSOCKET], (RECV_TYPE_ARG2)&buf,
776 (RECV_TYPE_ARG3)1, (RECV_TYPE_ARG4)MSG_PEEK);
777 if(nread == 0)
778 return 0; /* connection has been closed */
779 else if(nread == 1)
780 return 1; /* connection still in place */
781 else if(nread == -1) {
782 int err = SOCKERRNO;
783 if(err == EINPROGRESS ||
784 #if defined(EAGAIN) && (EAGAIN != EWOULDBLOCK)
785 err == EAGAIN ||
786 #endif
787 err == EWOULDBLOCK)
788 return 1; /* connection still in place */
789 if(err == ECONNRESET ||
790 #ifdef ECONNABORTED
791 err == ECONNABORTED ||
792 #endif
793 #ifdef ENETDOWN
794 err == ENETDOWN ||
795 #endif
796 #ifdef ENETRESET
797 err == ENETRESET ||
798 #endif
799 #ifdef ESHUTDOWN
800 err == ESHUTDOWN ||
801 #endif
802 #ifdef ETIMEDOUT
803 err == ETIMEDOUT ||
804 #endif
805 err == ENOTCONN)
806 return 0; /* connection has been closed */
807 }
808 #endif
809 return -1; /* connection status unknown */
810 }
811
812 /* Selects an OpenSSL crypto engine
813 */
Curl_ossl_set_engine(struct Curl_easy * data,const char * engine)814 CURLcode Curl_ossl_set_engine(struct Curl_easy *data, const char *engine)
815 {
816 #if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H)
817 ENGINE *e;
818
819 #if OPENSSL_VERSION_NUMBER >= 0x00909000L
820 e = ENGINE_by_id(engine);
821 #else
822 /* avoid memory leak */
823 for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
824 const char *e_id = ENGINE_get_id(e);
825 if(!strcmp(engine, e_id))
826 break;
827 }
828 #endif
829
830 if(!e) {
831 failf(data, "SSL Engine '%s' not found", engine);
832 return CURLE_SSL_ENGINE_NOTFOUND;
833 }
834
835 if(data->state.engine) {
836 ENGINE_finish(data->state.engine);
837 ENGINE_free(data->state.engine);
838 data->state.engine = NULL;
839 }
840 if(!ENGINE_init(e)) {
841 char buf[256];
842
843 ENGINE_free(e);
844 failf(data, "Failed to initialise SSL Engine '%s':\n%s",
845 engine, ossl_strerror(ERR_get_error(), buf, sizeof(buf)));
846 return CURLE_SSL_ENGINE_INITFAILED;
847 }
848 data->state.engine = e;
849 return CURLE_OK;
850 #else
851 (void)engine;
852 failf(data, "SSL Engine not supported");
853 return CURLE_SSL_ENGINE_NOTFOUND;
854 #endif
855 }
856
857 /* Sets engine as default for all SSL operations
858 */
Curl_ossl_set_engine_default(struct Curl_easy * data)859 CURLcode Curl_ossl_set_engine_default(struct Curl_easy *data)
860 {
861 #ifdef HAVE_OPENSSL_ENGINE_H
862 if(data->state.engine) {
863 if(ENGINE_set_default(data->state.engine, ENGINE_METHOD_ALL) > 0) {
864 infof(data, "set default crypto engine '%s'\n",
865 ENGINE_get_id(data->state.engine));
866 }
867 else {
868 failf(data, "set default crypto engine '%s' failed",
869 ENGINE_get_id(data->state.engine));
870 return CURLE_SSL_ENGINE_SETFAILED;
871 }
872 }
873 #else
874 (void) data;
875 #endif
876 return CURLE_OK;
877 }
878
879 /* Return list of OpenSSL crypto engine names.
880 */
Curl_ossl_engines_list(struct Curl_easy * data)881 struct curl_slist *Curl_ossl_engines_list(struct Curl_easy *data)
882 {
883 struct curl_slist *list = NULL;
884 #if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H)
885 struct curl_slist *beg;
886 ENGINE *e;
887
888 for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
889 beg = curl_slist_append(list, ENGINE_get_id(e));
890 if(!beg) {
891 curl_slist_free_all(list);
892 return NULL;
893 }
894 list = beg;
895 }
896 #endif
897 (void) data;
898 return list;
899 }
900
901
ossl_close(struct ssl_connect_data * connssl)902 static void ossl_close(struct ssl_connect_data *connssl)
903 {
904 if(connssl->handle) {
905 (void)SSL_shutdown(connssl->handle);
906 SSL_set_connect_state(connssl->handle);
907
908 SSL_free (connssl->handle);
909 connssl->handle = NULL;
910 }
911 if(connssl->ctx) {
912 SSL_CTX_free (connssl->ctx);
913 connssl->ctx = NULL;
914 }
915 }
916
917 /*
918 * This function is called when an SSL connection is closed.
919 */
Curl_ossl_close(struct connectdata * conn,int sockindex)920 void Curl_ossl_close(struct connectdata *conn, int sockindex)
921 {
922 ossl_close(&conn->ssl[sockindex]);
923 ossl_close(&conn->proxy_ssl[sockindex]);
924 }
925
926 /*
927 * This function is called to shut down the SSL layer but keep the
928 * socket open (CCC - Clear Command Channel)
929 */
Curl_ossl_shutdown(struct connectdata * conn,int sockindex)930 int Curl_ossl_shutdown(struct connectdata *conn, int sockindex)
931 {
932 int retval = 0;
933 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
934 struct Curl_easy *data = conn->data;
935 char buf[256]; /* We will use this for the OpenSSL error buffer, so it has
936 to be at least 256 bytes long. */
937 unsigned long sslerror;
938 ssize_t nread;
939 int buffsize;
940 int err;
941 int done = 0;
942
943 /* This has only been tested on the proftpd server, and the mod_tls code
944 sends a close notify alert without waiting for a close notify alert in
945 response. Thus we wait for a close notify alert from the server, but
946 we do not send one. Let's hope other servers do the same... */
947
948 if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE)
949 (void)SSL_shutdown(connssl->handle);
950
951 if(connssl->handle) {
952 buffsize = (int)sizeof(buf);
953 while(!done) {
954 int what = SOCKET_READABLE(conn->sock[sockindex],
955 SSL_SHUTDOWN_TIMEOUT);
956 if(what > 0) {
957 ERR_clear_error();
958
959 /* Something to read, let's do it and hope that it is the close
960 notify alert from the server */
961 nread = (ssize_t)SSL_read(conn->ssl[sockindex].handle, buf,
962 buffsize);
963 err = SSL_get_error(conn->ssl[sockindex].handle, (int)nread);
964
965 switch(err) {
966 case SSL_ERROR_NONE: /* this is not an error */
967 case SSL_ERROR_ZERO_RETURN: /* no more data */
968 /* This is the expected response. There was no data but only
969 the close notify alert */
970 done = 1;
971 break;
972 case SSL_ERROR_WANT_READ:
973 /* there's data pending, re-invoke SSL_read() */
974 infof(data, "SSL_ERROR_WANT_READ\n");
975 break;
976 case SSL_ERROR_WANT_WRITE:
977 /* SSL wants a write. Really odd. Let's bail out. */
978 infof(data, "SSL_ERROR_WANT_WRITE\n");
979 done = 1;
980 break;
981 default:
982 /* openssl/ssl.h says "look at error stack/return value/errno" */
983 sslerror = ERR_get_error();
984 failf(conn->data, OSSL_PACKAGE " SSL read: %s, errno %d",
985 ossl_strerror(sslerror, buf, sizeof(buf)),
986 SOCKERRNO);
987 done = 1;
988 break;
989 }
990 }
991 else if(0 == what) {
992 /* timeout */
993 failf(data, "SSL shutdown timeout");
994 done = 1;
995 }
996 else {
997 /* anything that gets here is fatally bad */
998 failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
999 retval = -1;
1000 done = 1;
1001 }
1002 } /* while()-loop for the select() */
1003
1004 if(data->set.verbose) {
1005 #ifdef HAVE_SSL_GET_SHUTDOWN
1006 switch(SSL_get_shutdown(connssl->handle)) {
1007 case SSL_SENT_SHUTDOWN:
1008 infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN\n");
1009 break;
1010 case SSL_RECEIVED_SHUTDOWN:
1011 infof(data, "SSL_get_shutdown() returned SSL_RECEIVED_SHUTDOWN\n");
1012 break;
1013 case SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN:
1014 infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN|"
1015 "SSL_RECEIVED__SHUTDOWN\n");
1016 break;
1017 }
1018 #endif
1019 }
1020
1021 SSL_free (connssl->handle);
1022 connssl->handle = NULL;
1023 }
1024 return retval;
1025 }
1026
Curl_ossl_session_free(void * ptr)1027 void Curl_ossl_session_free(void *ptr)
1028 {
1029 /* free the ID */
1030 SSL_SESSION_free(ptr);
1031 }
1032
1033 /*
1034 * This function is called when the 'data' struct is going away. Close
1035 * down everything and free all resources!
1036 */
Curl_ossl_close_all(struct Curl_easy * data)1037 void Curl_ossl_close_all(struct Curl_easy *data)
1038 {
1039 #ifdef HAVE_OPENSSL_ENGINE_H
1040 if(data->state.engine) {
1041 ENGINE_finish(data->state.engine);
1042 ENGINE_free(data->state.engine);
1043 data->state.engine = NULL;
1044 }
1045 #else
1046 (void)data;
1047 #endif
1048 #if !defined(HAVE_ERR_REMOVE_THREAD_STATE_DEPRECATED) && \
1049 defined(HAVE_ERR_REMOVE_THREAD_STATE)
1050 /* OpenSSL 1.0.1 and 1.0.2 build an error queue that is stored per-thread
1051 so we need to clean it here in case the thread will be killed. All OpenSSL
1052 code should extract the error in association with the error so clearing
1053 this queue here should be harmless at worst. */
1054 ERR_remove_thread_state(NULL);
1055 #endif
1056 }
1057
1058 /* ====================================================== */
1059
1060
1061 /* Quote from RFC2818 section 3.1 "Server Identity"
1062
1063 If a subjectAltName extension of type dNSName is present, that MUST
1064 be used as the identity. Otherwise, the (most specific) Common Name
1065 field in the Subject field of the certificate MUST be used. Although
1066 the use of the Common Name is existing practice, it is deprecated and
1067 Certification Authorities are encouraged to use the dNSName instead.
1068
1069 Matching is performed using the matching rules specified by
1070 [RFC2459]. If more than one identity of a given type is present in
1071 the certificate (e.g., more than one dNSName name, a match in any one
1072 of the set is considered acceptable.) Names may contain the wildcard
1073 character * which is considered to match any single domain name
1074 component or component fragment. E.g., *.a.com matches foo.a.com but
1075 not bar.foo.a.com. f*.com matches foo.com but not bar.com.
1076
1077 In some cases, the URI is specified as an IP address rather than a
1078 hostname. In this case, the iPAddress subjectAltName must be present
1079 in the certificate and must exactly match the IP in the URI.
1080
1081 */
verifyhost(struct connectdata * conn,X509 * server_cert)1082 static CURLcode verifyhost(struct connectdata *conn, X509 *server_cert)
1083 {
1084 bool matched = FALSE;
1085 int target = GEN_DNS; /* target type, GEN_DNS or GEN_IPADD */
1086 size_t addrlen = 0;
1087 struct Curl_easy *data = conn->data;
1088 STACK_OF(GENERAL_NAME) *altnames;
1089 #ifdef ENABLE_IPV6
1090 struct in6_addr addr;
1091 #else
1092 struct in_addr addr;
1093 #endif
1094 CURLcode result = CURLE_OK;
1095 bool dNSName = FALSE; /* if a dNSName field exists in the cert */
1096 bool iPAddress = FALSE; /* if a iPAddress field exists in the cert */
1097 const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
1098 conn->host.name;
1099 const char * const dispname = SSL_IS_PROXY() ?
1100 conn->http_proxy.host.dispname : conn->host.dispname;
1101
1102 #ifdef ENABLE_IPV6
1103 if(conn->bits.ipv6_ip &&
1104 Curl_inet_pton(AF_INET6, hostname, &addr)) {
1105 target = GEN_IPADD;
1106 addrlen = sizeof(struct in6_addr);
1107 }
1108 else
1109 #endif
1110 if(Curl_inet_pton(AF_INET, hostname, &addr)) {
1111 target = GEN_IPADD;
1112 addrlen = sizeof(struct in_addr);
1113 }
1114
1115 /* get a "list" of alternative names */
1116 altnames = X509_get_ext_d2i(server_cert, NID_subject_alt_name, NULL, NULL);
1117
1118 if(altnames) {
1119 int numalts;
1120 int i;
1121 bool dnsmatched = FALSE;
1122 bool ipmatched = FALSE;
1123
1124 /* get amount of alternatives, RFC2459 claims there MUST be at least
1125 one, but we don't depend on it... */
1126 numalts = sk_GENERAL_NAME_num(altnames);
1127
1128 /* loop through all alternatives - until a dnsmatch */
1129 for(i=0; (i < numalts) && !dnsmatched; i++) {
1130 /* get a handle to alternative name number i */
1131 const GENERAL_NAME *check = sk_GENERAL_NAME_value(altnames, i);
1132
1133 if(check->type == GEN_DNS)
1134 dNSName = TRUE;
1135 else if(check->type == GEN_IPADD)
1136 iPAddress = TRUE;
1137
1138 /* only check alternatives of the same type the target is */
1139 if(check->type == target) {
1140 /* get data and length */
1141 const char *altptr = (char *)ASN1_STRING_get0_data(check->d.ia5);
1142 size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5);
1143
1144 switch(target) {
1145 case GEN_DNS: /* name/pattern comparison */
1146 /* The OpenSSL man page explicitly says: "In general it cannot be
1147 assumed that the data returned by ASN1_STRING_data() is null
1148 terminated or does not contain embedded nulls." But also that
1149 "The actual format of the data will depend on the actual string
1150 type itself: for example for and IA5String the data will be ASCII"
1151
1152 Gisle researched the OpenSSL sources:
1153 "I checked the 0.9.6 and 0.9.8 sources before my patch and
1154 it always 0-terminates an IA5String."
1155 */
1156 if((altlen == strlen(altptr)) &&
1157 /* if this isn't true, there was an embedded zero in the name
1158 string and we cannot match it. */
1159 Curl_cert_hostcheck(altptr, hostname)) {
1160 dnsmatched = TRUE;
1161 infof(data,
1162 " subjectAltName: host \"%s\" matched cert's \"%s\"\n",
1163 dispname, altptr);
1164 }
1165 break;
1166
1167 case GEN_IPADD: /* IP address comparison */
1168 /* compare alternative IP address if the data chunk is the same size
1169 our server IP address is */
1170 if((altlen == addrlen) && !memcmp(altptr, &addr, altlen)) {
1171 ipmatched = TRUE;
1172 infof(data,
1173 " subjectAltName: host \"%s\" matched cert's IP address!\n",
1174 dispname);
1175 }
1176 break;
1177 }
1178 }
1179 }
1180 GENERAL_NAMES_free(altnames);
1181
1182 if(dnsmatched || ipmatched)
1183 matched = TRUE;
1184 }
1185
1186 if(matched)
1187 /* an alternative name matched */
1188 ;
1189 else if(dNSName || iPAddress) {
1190 infof(data, " subjectAltName does not match %s\n", dispname);
1191 failf(data, "SSL: no alternative certificate subject name matches "
1192 "target host name '%s'", dispname);
1193 result = CURLE_PEER_FAILED_VERIFICATION;
1194 }
1195 else {
1196 /* we have to look to the last occurrence of a commonName in the
1197 distinguished one to get the most significant one. */
1198 int j, i=-1;
1199
1200 /* The following is done because of a bug in 0.9.6b */
1201
1202 unsigned char *nulstr = (unsigned char *)"";
1203 unsigned char *peer_CN = nulstr;
1204
1205 X509_NAME *name = X509_get_subject_name(server_cert);
1206 if(name)
1207 while((j = X509_NAME_get_index_by_NID(name, NID_commonName, i))>=0)
1208 i=j;
1209
1210 /* we have the name entry and we will now convert this to a string
1211 that we can use for comparison. Doing this we support BMPstring,
1212 UTF8 etc. */
1213
1214 if(i>=0) {
1215 ASN1_STRING *tmp =
1216 X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
1217
1218 /* In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input
1219 is already UTF-8 encoded. We check for this case and copy the raw
1220 string manually to avoid the problem. This code can be made
1221 conditional in the future when OpenSSL has been fixed. Work-around
1222 brought by Alexis S. L. Carvalho. */
1223 if(tmp) {
1224 if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
1225 j = ASN1_STRING_length(tmp);
1226 if(j >= 0) {
1227 peer_CN = OPENSSL_malloc(j+1);
1228 if(peer_CN) {
1229 memcpy(peer_CN, ASN1_STRING_get0_data(tmp), j);
1230 peer_CN[j] = '\0';
1231 }
1232 }
1233 }
1234 else /* not a UTF8 name */
1235 j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
1236
1237 if(peer_CN && (curlx_uztosi(strlen((char *)peer_CN)) != j)) {
1238 /* there was a terminating zero before the end of string, this
1239 cannot match and we return failure! */
1240 failf(data, "SSL: illegal cert name field");
1241 result = CURLE_PEER_FAILED_VERIFICATION;
1242 }
1243 }
1244 }
1245
1246 if(peer_CN == nulstr)
1247 peer_CN = NULL;
1248 else {
1249 /* convert peer_CN from UTF8 */
1250 CURLcode rc = Curl_convert_from_utf8(data, peer_CN, strlen(peer_CN));
1251 /* Curl_convert_from_utf8 calls failf if unsuccessful */
1252 if(rc) {
1253 OPENSSL_free(peer_CN);
1254 return rc;
1255 }
1256 }
1257
1258 if(result)
1259 /* error already detected, pass through */
1260 ;
1261 else if(!peer_CN) {
1262 failf(data,
1263 "SSL: unable to obtain common name from peer certificate");
1264 result = CURLE_PEER_FAILED_VERIFICATION;
1265 }
1266 else if(!Curl_cert_hostcheck((const char *)peer_CN, hostname)) {
1267 failf(data, "SSL: certificate subject name '%s' does not match "
1268 "target host name '%s'", peer_CN, dispname);
1269 result = CURLE_PEER_FAILED_VERIFICATION;
1270 }
1271 else {
1272 infof(data, " common name: %s (matched)\n", peer_CN);
1273 }
1274 if(peer_CN)
1275 OPENSSL_free(peer_CN);
1276 }
1277
1278 return result;
1279 }
1280
1281 #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
1282 !defined(OPENSSL_NO_OCSP)
verifystatus(struct connectdata * conn,struct ssl_connect_data * connssl)1283 static CURLcode verifystatus(struct connectdata *conn,
1284 struct ssl_connect_data *connssl)
1285 {
1286 int i, ocsp_status;
1287 const unsigned char *p;
1288 CURLcode result = CURLE_OK;
1289 struct Curl_easy *data = conn->data;
1290
1291 OCSP_RESPONSE *rsp = NULL;
1292 OCSP_BASICRESP *br = NULL;
1293 X509_STORE *st = NULL;
1294 STACK_OF(X509) *ch = NULL;
1295
1296 long len = SSL_get_tlsext_status_ocsp_resp(connssl->handle, &p);
1297
1298 if(!p) {
1299 failf(data, "No OCSP response received");
1300 result = CURLE_SSL_INVALIDCERTSTATUS;
1301 goto end;
1302 }
1303
1304 rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
1305 if(!rsp) {
1306 failf(data, "Invalid OCSP response");
1307 result = CURLE_SSL_INVALIDCERTSTATUS;
1308 goto end;
1309 }
1310
1311 ocsp_status = OCSP_response_status(rsp);
1312 if(ocsp_status != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
1313 failf(data, "Invalid OCSP response status: %s (%d)",
1314 OCSP_response_status_str(ocsp_status), ocsp_status);
1315 result = CURLE_SSL_INVALIDCERTSTATUS;
1316 goto end;
1317 }
1318
1319 br = OCSP_response_get1_basic(rsp);
1320 if(!br) {
1321 failf(data, "Invalid OCSP response");
1322 result = CURLE_SSL_INVALIDCERTSTATUS;
1323 goto end;
1324 }
1325
1326 ch = SSL_get_peer_cert_chain(connssl->handle);
1327 st = SSL_CTX_get_cert_store(connssl->ctx);
1328
1329 #if ((OPENSSL_VERSION_NUMBER <= 0x1000201fL) /* Fixed after 1.0.2a */ || \
1330 defined(LIBRESSL_VERSION_NUMBER))
1331 /* The authorized responder cert in the OCSP response MUST be signed by the
1332 peer cert's issuer (see RFC6960 section 4.2.2.2). If that's a root cert,
1333 no problem, but if it's an intermediate cert OpenSSL has a bug where it
1334 expects this issuer to be present in the chain embedded in the OCSP
1335 response. So we add it if necessary. */
1336
1337 /* First make sure the peer cert chain includes both a peer and an issuer,
1338 and the OCSP response contains a responder cert. */
1339 if(sk_X509_num(ch) >= 2 && sk_X509_num(br->certs) >= 1) {
1340 X509 *responder = sk_X509_value(br->certs, sk_X509_num(br->certs) - 1);
1341
1342 /* Find issuer of responder cert and add it to the OCSP response chain */
1343 for(i = 0; i < sk_X509_num(ch); i++) {
1344 X509 *issuer = sk_X509_value(ch, i);
1345 if(X509_check_issued(issuer, responder) == X509_V_OK) {
1346 if(!OCSP_basic_add1_cert(br, issuer)) {
1347 failf(data, "Could not add issuer cert to OCSP response");
1348 result = CURLE_SSL_INVALIDCERTSTATUS;
1349 goto end;
1350 }
1351 }
1352 }
1353 }
1354 #endif
1355
1356 if(OCSP_basic_verify(br, ch, st, 0) <= 0) {
1357 failf(data, "OCSP response verification failed");
1358 result = CURLE_SSL_INVALIDCERTSTATUS;
1359 goto end;
1360 }
1361
1362 for(i = 0; i < OCSP_resp_count(br); i++) {
1363 int cert_status, crl_reason;
1364 OCSP_SINGLERESP *single = NULL;
1365
1366 ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
1367
1368 single = OCSP_resp_get0(br, i);
1369 if(!single)
1370 continue;
1371
1372 cert_status = OCSP_single_get0_status(single, &crl_reason, &rev,
1373 &thisupd, &nextupd);
1374
1375 if(!OCSP_check_validity(thisupd, nextupd, 300L, -1L)) {
1376 failf(data, "OCSP response has expired");
1377 result = CURLE_SSL_INVALIDCERTSTATUS;
1378 goto end;
1379 }
1380
1381 infof(data, "SSL certificate status: %s (%d)\n",
1382 OCSP_cert_status_str(cert_status), cert_status);
1383
1384 switch(cert_status) {
1385 case V_OCSP_CERTSTATUS_GOOD:
1386 break;
1387
1388 case V_OCSP_CERTSTATUS_REVOKED:
1389 result = CURLE_SSL_INVALIDCERTSTATUS;
1390
1391 failf(data, "SSL certificate revocation reason: %s (%d)",
1392 OCSP_crl_reason_str(crl_reason), crl_reason);
1393 goto end;
1394
1395 case V_OCSP_CERTSTATUS_UNKNOWN:
1396 result = CURLE_SSL_INVALIDCERTSTATUS;
1397 goto end;
1398 }
1399 }
1400
1401 end:
1402 if(br) OCSP_BASICRESP_free(br);
1403 OCSP_RESPONSE_free(rsp);
1404
1405 return result;
1406 }
1407 #endif
1408
1409 #endif /* USE_OPENSSL */
1410
1411 /* The SSL_CTRL_SET_MSG_CALLBACK doesn't exist in ancient OpenSSL versions
1412 and thus this cannot be done there. */
1413 #ifdef SSL_CTRL_SET_MSG_CALLBACK
1414
ssl_msg_type(int ssl_ver,int msg)1415 static const char *ssl_msg_type(int ssl_ver, int msg)
1416 {
1417 #ifdef SSL2_VERSION_MAJOR
1418 if(ssl_ver == SSL2_VERSION_MAJOR) {
1419 switch (msg) {
1420 case SSL2_MT_ERROR:
1421 return "Error";
1422 case SSL2_MT_CLIENT_HELLO:
1423 return "Client hello";
1424 case SSL2_MT_CLIENT_MASTER_KEY:
1425 return "Client key";
1426 case SSL2_MT_CLIENT_FINISHED:
1427 return "Client finished";
1428 case SSL2_MT_SERVER_HELLO:
1429 return "Server hello";
1430 case SSL2_MT_SERVER_VERIFY:
1431 return "Server verify";
1432 case SSL2_MT_SERVER_FINISHED:
1433 return "Server finished";
1434 case SSL2_MT_REQUEST_CERTIFICATE:
1435 return "Request CERT";
1436 case SSL2_MT_CLIENT_CERTIFICATE:
1437 return "Client CERT";
1438 }
1439 }
1440 else
1441 #endif
1442 if(ssl_ver == SSL3_VERSION_MAJOR) {
1443 switch (msg) {
1444 case SSL3_MT_HELLO_REQUEST:
1445 return "Hello request";
1446 case SSL3_MT_CLIENT_HELLO:
1447 return "Client hello";
1448 case SSL3_MT_SERVER_HELLO:
1449 return "Server hello";
1450 #ifdef SSL3_MT_NEWSESSION_TICKET
1451 case SSL3_MT_NEWSESSION_TICKET:
1452 return "Newsession Ticket";
1453 #endif
1454 case SSL3_MT_CERTIFICATE:
1455 return "Certificate";
1456 case SSL3_MT_SERVER_KEY_EXCHANGE:
1457 return "Server key exchange";
1458 case SSL3_MT_CLIENT_KEY_EXCHANGE:
1459 return "Client key exchange";
1460 case SSL3_MT_CERTIFICATE_REQUEST:
1461 return "Request CERT";
1462 case SSL3_MT_SERVER_DONE:
1463 return "Server finished";
1464 case SSL3_MT_CERTIFICATE_VERIFY:
1465 return "CERT verify";
1466 case SSL3_MT_FINISHED:
1467 return "Finished";
1468 #ifdef SSL3_MT_CERTIFICATE_STATUS
1469 case SSL3_MT_CERTIFICATE_STATUS:
1470 return "Certificate Status";
1471 #endif
1472 }
1473 }
1474 return "Unknown";
1475 }
1476
tls_rt_type(int type)1477 static const char *tls_rt_type(int type)
1478 {
1479 switch(type) {
1480 #ifdef SSL3_RT_HEADER
1481 case SSL3_RT_HEADER:
1482 return "TLS header";
1483 #endif
1484 case SSL3_RT_CHANGE_CIPHER_SPEC:
1485 return "TLS change cipher";
1486 case SSL3_RT_ALERT:
1487 return "TLS alert";
1488 case SSL3_RT_HANDSHAKE:
1489 return "TLS handshake";
1490 case SSL3_RT_APPLICATION_DATA:
1491 return "TLS app data";
1492 default:
1493 return "TLS Unknown";
1494 }
1495 }
1496
1497
1498 /*
1499 * Our callback from the SSL/TLS layers.
1500 */
ssl_tls_trace(int direction,int ssl_ver,int content_type,const void * buf,size_t len,SSL * ssl,void * userp)1501 static void ssl_tls_trace(int direction, int ssl_ver, int content_type,
1502 const void *buf, size_t len, SSL *ssl,
1503 void *userp)
1504 {
1505 struct Curl_easy *data;
1506 const char *msg_name, *tls_rt_name;
1507 char ssl_buf[1024];
1508 char unknown[32];
1509 int msg_type, txt_len;
1510 const char *verstr = NULL;
1511 struct connectdata *conn = userp;
1512
1513 if(!conn || !conn->data || !conn->data->set.fdebug ||
1514 (direction != 0 && direction != 1))
1515 return;
1516
1517 data = conn->data;
1518
1519 switch(ssl_ver) {
1520 #ifdef SSL2_VERSION /* removed in recent versions */
1521 case SSL2_VERSION:
1522 verstr = "SSLv2";
1523 break;
1524 #endif
1525 #ifdef SSL3_VERSION
1526 case SSL3_VERSION:
1527 verstr = "SSLv3";
1528 break;
1529 #endif
1530 case TLS1_VERSION:
1531 verstr = "TLSv1.0";
1532 break;
1533 #ifdef TLS1_1_VERSION
1534 case TLS1_1_VERSION:
1535 verstr = "TLSv1.1";
1536 break;
1537 #endif
1538 #ifdef TLS1_2_VERSION
1539 case TLS1_2_VERSION:
1540 verstr = "TLSv1.2";
1541 break;
1542 #endif
1543 #ifdef TLS1_3_VERSION
1544 case TLS1_3_VERSION:
1545 verstr = "TLSv1.3";
1546 break;
1547 #endif
1548 case 0:
1549 break;
1550 default:
1551 snprintf(unknown, sizeof(unknown), "(%x)", ssl_ver);
1552 verstr = unknown;
1553 break;
1554 }
1555
1556 if(ssl_ver) {
1557 /* the info given when the version is zero is not that useful for us */
1558
1559 ssl_ver >>= 8; /* check the upper 8 bits only below */
1560
1561 /* SSLv2 doesn't seem to have TLS record-type headers, so OpenSSL
1562 * always pass-up content-type as 0. But the interesting message-type
1563 * is at 'buf[0]'.
1564 */
1565 if(ssl_ver == SSL3_VERSION_MAJOR && content_type)
1566 tls_rt_name = tls_rt_type(content_type);
1567 else
1568 tls_rt_name = "";
1569
1570 msg_type = *(char *)buf;
1571 msg_name = ssl_msg_type(ssl_ver, msg_type);
1572
1573 txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "%s (%s), %s, %s (%d):\n",
1574 verstr, direction?"OUT":"IN",
1575 tls_rt_name, msg_name, msg_type);
1576 Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL);
1577 }
1578
1579 Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT :
1580 CURLINFO_SSL_DATA_IN, (char *)buf, len, NULL);
1581 (void) ssl;
1582 }
1583 #endif
1584
1585 #ifdef USE_OPENSSL
1586 /* ====================================================== */
1587
1588 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
1589 # define use_sni(x) sni = (x)
1590 #else
1591 # define use_sni(x) Curl_nop_stmt
1592 #endif
1593
1594 /* Check for OpenSSL 1.0.2 which has ALPN support. */
1595 #undef HAS_ALPN
1596 #if OPENSSL_VERSION_NUMBER >= 0x10002000L \
1597 && !defined(OPENSSL_NO_TLSEXT)
1598 # define HAS_ALPN 1
1599 #endif
1600
1601 /* Check for OpenSSL 1.0.1 which has NPN support. */
1602 #undef HAS_NPN
1603 #if OPENSSL_VERSION_NUMBER >= 0x10001000L \
1604 && !defined(OPENSSL_NO_TLSEXT) \
1605 && !defined(OPENSSL_NO_NEXTPROTONEG)
1606 # define HAS_NPN 1
1607 #endif
1608
1609 #ifdef HAS_NPN
1610
1611 /*
1612 * in is a list of lenght prefixed strings. this function has to select
1613 * the protocol we want to use from the list and write its string into out.
1614 */
1615
1616 static int
select_next_protocol(unsigned char ** out,unsigned char * outlen,const unsigned char * in,unsigned int inlen,const char * key,unsigned int keylen)1617 select_next_protocol(unsigned char **out, unsigned char *outlen,
1618 const unsigned char *in, unsigned int inlen,
1619 const char *key, unsigned int keylen)
1620 {
1621 unsigned int i;
1622 for(i = 0; i + keylen <= inlen; i += in[i] + 1) {
1623 if(memcmp(&in[i + 1], key, keylen) == 0) {
1624 *out = (unsigned char *) &in[i + 1];
1625 *outlen = in[i];
1626 return 0;
1627 }
1628 }
1629 return -1;
1630 }
1631
1632 static int
select_next_proto_cb(SSL * ssl,unsigned char ** out,unsigned char * outlen,const unsigned char * in,unsigned int inlen,void * arg)1633 select_next_proto_cb(SSL *ssl,
1634 unsigned char **out, unsigned char *outlen,
1635 const unsigned char *in, unsigned int inlen,
1636 void *arg)
1637 {
1638 struct connectdata *conn = (struct connectdata*) arg;
1639
1640 (void)ssl;
1641
1642 #ifdef USE_NGHTTP2
1643 if(conn->data->set.httpversion >= CURL_HTTP_VERSION_2 &&
1644 !select_next_protocol(out, outlen, in, inlen, NGHTTP2_PROTO_VERSION_ID,
1645 NGHTTP2_PROTO_VERSION_ID_LEN)) {
1646 infof(conn->data, "NPN, negotiated HTTP2 (%s)\n",
1647 NGHTTP2_PROTO_VERSION_ID);
1648 conn->negnpn = CURL_HTTP_VERSION_2;
1649 return SSL_TLSEXT_ERR_OK;
1650 }
1651 #endif
1652
1653 if(!select_next_protocol(out, outlen, in, inlen, ALPN_HTTP_1_1,
1654 ALPN_HTTP_1_1_LENGTH)) {
1655 infof(conn->data, "NPN, negotiated HTTP1.1\n");
1656 conn->negnpn = CURL_HTTP_VERSION_1_1;
1657 return SSL_TLSEXT_ERR_OK;
1658 }
1659
1660 infof(conn->data, "NPN, no overlap, use HTTP1.1\n");
1661 *out = (unsigned char *)ALPN_HTTP_1_1;
1662 *outlen = ALPN_HTTP_1_1_LENGTH;
1663 conn->negnpn = CURL_HTTP_VERSION_1_1;
1664
1665 return SSL_TLSEXT_ERR_OK;
1666 }
1667 #endif /* HAS_NPN */
1668
1669 static const char *
get_ssl_version_txt(SSL * ssl)1670 get_ssl_version_txt(SSL *ssl)
1671 {
1672 if(!ssl)
1673 return "";
1674
1675 switch(SSL_version(ssl)) {
1676 #ifdef TLS1_3_VERSION
1677 case TLS1_3_VERSION:
1678 return "TLSv1.3";
1679 #endif
1680 #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
1681 case TLS1_2_VERSION:
1682 return "TLSv1.2";
1683 case TLS1_1_VERSION:
1684 return "TLSv1.1";
1685 #endif
1686 case TLS1_VERSION:
1687 return "TLSv1.0";
1688 case SSL3_VERSION:
1689 return "SSLv3";
1690 case SSL2_VERSION:
1691 return "SSLv2";
1692 }
1693 return "unknown";
1694 }
1695
ossl_connect_step1(struct connectdata * conn,int sockindex)1696 static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
1697 {
1698 CURLcode result = CURLE_OK;
1699 char *ciphers;
1700 struct Curl_easy *data = conn->data;
1701 SSL_METHOD_QUAL SSL_METHOD *req_method = NULL;
1702 X509_LOOKUP *lookup = NULL;
1703 curl_socket_t sockfd = conn->sock[sockindex];
1704 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
1705 long ctx_options;
1706 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
1707 bool sni;
1708 #ifdef ENABLE_IPV6
1709 struct in6_addr addr;
1710 #else
1711 struct in_addr addr;
1712 #endif
1713 #endif
1714 long * const certverifyresult = SSL_IS_PROXY() ?
1715 &data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult;
1716 const long int ssl_version = SSL_CONN_CONFIG(version);
1717 #ifdef USE_TLS_SRP
1718 const enum CURL_TLSAUTH ssl_authtype = SSL_SET_OPTION(authtype);
1719 #endif
1720 char * const ssl_cert = SSL_SET_OPTION(cert);
1721 const char * const ssl_cert_type = SSL_SET_OPTION(cert_type);
1722 const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile);
1723 const char * const ssl_capath = SSL_CONN_CONFIG(CApath);
1724 const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
1725 const char * const ssl_crlfile = SSL_SET_OPTION(CRLfile);
1726 const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
1727 conn->host.name;
1728
1729 DEBUGASSERT(ssl_connect_1 == connssl->connecting_state);
1730
1731 /* Make funny stuff to get random input */
1732 result = Curl_ossl_seed(data);
1733 if(result)
1734 return result;
1735
1736 *certverifyresult = !X509_V_OK;
1737
1738 /* check to see if we've been told to use an explicit SSL/TLS version */
1739
1740 switch(ssl_version) {
1741 case CURL_SSLVERSION_DEFAULT:
1742 case CURL_SSLVERSION_TLSv1:
1743 case CURL_SSLVERSION_TLSv1_0:
1744 case CURL_SSLVERSION_TLSv1_1:
1745 case CURL_SSLVERSION_TLSv1_2:
1746 case CURL_SSLVERSION_TLSv1_3:
1747 /* it will be handled later with the context options */
1748 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
1749 !defined(LIBRESSL_VERSION_NUMBER)
1750 req_method = TLS_client_method();
1751 #else
1752 req_method = SSLv23_client_method();
1753 #endif
1754 use_sni(TRUE);
1755 break;
1756 case CURL_SSLVERSION_SSLv2:
1757 #ifdef OPENSSL_NO_SSL2
1758 failf(data, OSSL_PACKAGE " was built without SSLv2 support");
1759 return CURLE_NOT_BUILT_IN;
1760 #else
1761 #ifdef USE_TLS_SRP
1762 if(ssl_authtype == CURL_TLSAUTH_SRP)
1763 return CURLE_SSL_CONNECT_ERROR;
1764 #endif
1765 req_method = SSLv2_client_method();
1766 use_sni(FALSE);
1767 break;
1768 #endif
1769 case CURL_SSLVERSION_SSLv3:
1770 #ifdef OPENSSL_NO_SSL3_METHOD
1771 failf(data, OSSL_PACKAGE " was built without SSLv3 support");
1772 return CURLE_NOT_BUILT_IN;
1773 #else
1774 #ifdef USE_TLS_SRP
1775 if(ssl_authtype == CURL_TLSAUTH_SRP)
1776 return CURLE_SSL_CONNECT_ERROR;
1777 #endif
1778 req_method = SSLv3_client_method();
1779 use_sni(FALSE);
1780 break;
1781 #endif
1782 default:
1783 failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
1784 return CURLE_SSL_CONNECT_ERROR;
1785 }
1786
1787 if(connssl->ctx)
1788 SSL_CTX_free(connssl->ctx);
1789 connssl->ctx = SSL_CTX_new(req_method);
1790
1791 if(!connssl->ctx) {
1792 failf(data, "SSL: couldn't create a context: %s",
1793 ERR_error_string(ERR_peek_error(), NULL));
1794 return CURLE_OUT_OF_MEMORY;
1795 }
1796
1797 #ifdef SSL_MODE_RELEASE_BUFFERS
1798 SSL_CTX_set_mode(connssl->ctx, SSL_MODE_RELEASE_BUFFERS);
1799 #endif
1800
1801 #ifdef SSL_CTRL_SET_MSG_CALLBACK
1802 if(data->set.fdebug && data->set.verbose) {
1803 /* the SSL trace callback is only used for verbose logging */
1804 SSL_CTX_set_msg_callback(connssl->ctx, ssl_tls_trace);
1805 SSL_CTX_set_msg_callback_arg(connssl->ctx, conn);
1806 }
1807 #endif
1808
1809 /* OpenSSL contains code to work-around lots of bugs and flaws in various
1810 SSL-implementations. SSL_CTX_set_options() is used to enabled those
1811 work-arounds. The man page for this option states that SSL_OP_ALL enables
1812 all the work-arounds and that "It is usually safe to use SSL_OP_ALL to
1813 enable the bug workaround options if compatibility with somewhat broken
1814 implementations is desired."
1815
1816 The "-no_ticket" option was introduced in Openssl0.9.8j. It's a flag to
1817 disable "rfc4507bis session ticket support". rfc4507bis was later turned
1818 into the proper RFC5077 it seems: https://tools.ietf.org/html/rfc5077
1819
1820 The enabled extension concerns the session management. I wonder how often
1821 libcurl stops a connection and then resumes a TLS session. also, sending
1822 the session data is some overhead. .I suggest that you just use your
1823 proposed patch (which explicitly disables TICKET).
1824
1825 If someone writes an application with libcurl and openssl who wants to
1826 enable the feature, one can do this in the SSL callback.
1827
1828 SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option enabling allowed proper
1829 interoperability with web server Netscape Enterprise Server 2.0.1 which
1830 was released back in 1996.
1831
1832 Due to CVE-2010-4180, option SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG has
1833 become ineffective as of OpenSSL 0.9.8q and 1.0.0c. In order to mitigate
1834 CVE-2010-4180 when using previous OpenSSL versions we no longer enable
1835 this option regardless of OpenSSL version and SSL_OP_ALL definition.
1836
1837 OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability
1838 (https://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit to
1839 SSL_OP_ALL that _disables_ that work-around despite the fact that
1840 SSL_OP_ALL is documented to do "rather harmless" workarounds. In order to
1841 keep the secure work-around, the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit
1842 must not be set.
1843 */
1844
1845 ctx_options = SSL_OP_ALL;
1846
1847 #ifdef SSL_OP_NO_TICKET
1848 ctx_options |= SSL_OP_NO_TICKET;
1849 #endif
1850
1851 #ifdef SSL_OP_NO_COMPRESSION
1852 ctx_options |= SSL_OP_NO_COMPRESSION;
1853 #endif
1854
1855 #ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
1856 /* mitigate CVE-2010-4180 */
1857 ctx_options &= ~SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
1858 #endif
1859
1860 #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
1861 /* unless the user explicitly ask to allow the protocol vulnerability we
1862 use the work-around */
1863 if(!SSL_SET_OPTION(enable_beast))
1864 ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
1865 #endif
1866
1867 switch(ssl_version) {
1868 case CURL_SSLVERSION_SSLv3:
1869 #ifdef USE_TLS_SRP
1870 if(ssl_authtype == CURL_TLSAUTH_SRP) {
1871 infof(data, "Set version TLSv1.x for SRP authorisation\n");
1872 }
1873 #endif
1874 ctx_options |= SSL_OP_NO_SSLv2;
1875 ctx_options |= SSL_OP_NO_TLSv1;
1876 #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
1877 ctx_options |= SSL_OP_NO_TLSv1_1;
1878 ctx_options |= SSL_OP_NO_TLSv1_2;
1879 #ifdef TLS1_3_VERSION
1880 ctx_options |= SSL_OP_NO_TLSv1_3;
1881 #endif
1882 #endif
1883 break;
1884
1885 case CURL_SSLVERSION_DEFAULT:
1886 case CURL_SSLVERSION_TLSv1:
1887 ctx_options |= SSL_OP_NO_SSLv2;
1888 ctx_options |= SSL_OP_NO_SSLv3;
1889 break;
1890
1891 case CURL_SSLVERSION_TLSv1_0:
1892 ctx_options |= SSL_OP_NO_SSLv2;
1893 ctx_options |= SSL_OP_NO_SSLv3;
1894 #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
1895 ctx_options |= SSL_OP_NO_TLSv1_1;
1896 ctx_options |= SSL_OP_NO_TLSv1_2;
1897 #ifdef TLS1_3_VERSION
1898 ctx_options |= SSL_OP_NO_TLSv1_3;
1899 #endif
1900 #endif
1901 break;
1902
1903 case CURL_SSLVERSION_TLSv1_1:
1904 #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
1905 ctx_options |= SSL_OP_NO_SSLv2;
1906 ctx_options |= SSL_OP_NO_SSLv3;
1907 ctx_options |= SSL_OP_NO_TLSv1;
1908 ctx_options |= SSL_OP_NO_TLSv1_2;
1909 #ifdef TLS1_3_VERSION
1910 ctx_options |= SSL_OP_NO_TLSv1_3;
1911 #endif
1912 break;
1913 #else
1914 failf(data, OSSL_PACKAGE " was built without TLS 1.1 support");
1915 return CURLE_NOT_BUILT_IN;
1916 #endif
1917
1918 case CURL_SSLVERSION_TLSv1_2:
1919 #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
1920 ctx_options |= SSL_OP_NO_SSLv2;
1921 ctx_options |= SSL_OP_NO_SSLv3;
1922 ctx_options |= SSL_OP_NO_TLSv1;
1923 ctx_options |= SSL_OP_NO_TLSv1_1;
1924 #ifdef TLS1_3_VERSION
1925 ctx_options |= SSL_OP_NO_TLSv1_3;
1926 #endif
1927 break;
1928 #else
1929 failf(data, OSSL_PACKAGE " was built without TLS 1.2 support");
1930 return CURLE_NOT_BUILT_IN;
1931 #endif
1932
1933 case CURL_SSLVERSION_TLSv1_3:
1934 #ifdef TLS1_3_VERSION
1935 SSL_CTX_set_max_proto_version(connssl->ctx, TLS1_3_VERSION);
1936 ctx_options |= SSL_OP_NO_SSLv2;
1937 ctx_options |= SSL_OP_NO_SSLv3;
1938 ctx_options |= SSL_OP_NO_TLSv1;
1939 ctx_options |= SSL_OP_NO_TLSv1_1;
1940 ctx_options |= SSL_OP_NO_TLSv1_2;
1941 break;
1942 #else
1943 failf(data, OSSL_PACKAGE " was built without TLS 1.3 support");
1944 return CURLE_NOT_BUILT_IN;
1945 #endif
1946
1947 case CURL_SSLVERSION_SSLv2:
1948 #ifndef OPENSSL_NO_SSL2
1949 ctx_options |= SSL_OP_NO_SSLv3;
1950 ctx_options |= SSL_OP_NO_TLSv1;
1951 #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
1952 ctx_options |= SSL_OP_NO_TLSv1_1;
1953 ctx_options |= SSL_OP_NO_TLSv1_2;
1954 #ifdef TLS1_3_VERSION
1955 ctx_options |= SSL_OP_NO_TLSv1_3;
1956 #endif
1957 #endif
1958 break;
1959 #else
1960 failf(data, OSSL_PACKAGE " was built without SSLv2 support");
1961 return CURLE_NOT_BUILT_IN;
1962 #endif
1963
1964 default:
1965 failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
1966 return CURLE_SSL_CONNECT_ERROR;
1967 }
1968
1969 SSL_CTX_set_options(connssl->ctx, ctx_options);
1970
1971 #ifdef HAS_NPN
1972 if(conn->bits.tls_enable_npn)
1973 SSL_CTX_set_next_proto_select_cb(connssl->ctx, select_next_proto_cb, conn);
1974 #endif
1975
1976 #ifdef HAS_ALPN
1977 if(conn->bits.tls_enable_alpn) {
1978 int cur = 0;
1979 unsigned char protocols[128];
1980
1981 #ifdef USE_NGHTTP2
1982 if(data->set.httpversion >= CURL_HTTP_VERSION_2) {
1983 protocols[cur++] = NGHTTP2_PROTO_VERSION_ID_LEN;
1984
1985 memcpy(&protocols[cur], NGHTTP2_PROTO_VERSION_ID,
1986 NGHTTP2_PROTO_VERSION_ID_LEN);
1987 cur += NGHTTP2_PROTO_VERSION_ID_LEN;
1988 infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
1989 }
1990 #endif
1991
1992 protocols[cur++] = ALPN_HTTP_1_1_LENGTH;
1993 memcpy(&protocols[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH);
1994 cur += ALPN_HTTP_1_1_LENGTH;
1995 infof(data, "ALPN, offering %s\n", ALPN_HTTP_1_1);
1996
1997 /* expects length prefixed preference ordered list of protocols in wire
1998 * format
1999 */
2000 SSL_CTX_set_alpn_protos(connssl->ctx, protocols, cur);
2001 }
2002 #endif
2003
2004 if(ssl_cert || ssl_cert_type) {
2005 if(!cert_stuff(conn, connssl->ctx, ssl_cert, ssl_cert_type,
2006 SSL_SET_OPTION(key), SSL_SET_OPTION(key_type),
2007 SSL_SET_OPTION(key_passwd))) {
2008 /* failf() is already done in cert_stuff() */
2009 return CURLE_SSL_CERTPROBLEM;
2010 }
2011 }
2012
2013 ciphers = SSL_CONN_CONFIG(cipher_list);
2014 if(!ciphers)
2015 ciphers = (char *)DEFAULT_CIPHER_SELECTION;
2016 if(!SSL_CTX_set_cipher_list(connssl->ctx, ciphers)) {
2017 failf(data, "failed setting cipher list: %s", ciphers);
2018 return CURLE_SSL_CIPHER;
2019 }
2020 infof(data, "Cipher selection: %s\n", ciphers);
2021
2022 #ifdef USE_TLS_SRP
2023 if(ssl_authtype == CURL_TLSAUTH_SRP) {
2024 char * const ssl_username = SSL_SET_OPTION(username);
2025
2026 infof(data, "Using TLS-SRP username: %s\n", ssl_username);
2027
2028 if(!SSL_CTX_set_srp_username(connssl->ctx, ssl_username)) {
2029 failf(data, "Unable to set SRP user name");
2030 return CURLE_BAD_FUNCTION_ARGUMENT;
2031 }
2032 if(!SSL_CTX_set_srp_password(connssl->ctx, SSL_SET_OPTION(password))) {
2033 failf(data, "failed setting SRP password");
2034 return CURLE_BAD_FUNCTION_ARGUMENT;
2035 }
2036 if(!SSL_CONN_CONFIG(cipher_list)) {
2037 infof(data, "Setting cipher list SRP\n");
2038
2039 if(!SSL_CTX_set_cipher_list(connssl->ctx, "SRP")) {
2040 failf(data, "failed setting SRP cipher list");
2041 return CURLE_SSL_CIPHER;
2042 }
2043 }
2044 }
2045 #endif
2046
2047 if(ssl_cafile || ssl_capath) {
2048 /* tell SSL where to find CA certificates that are used to verify
2049 the servers certificate. */
2050 if(!SSL_CTX_load_verify_locations(connssl->ctx, ssl_cafile, ssl_capath)) {
2051 if(verifypeer) {
2052 /* Fail if we insist on successfully verifying the server. */
2053 failf(data, "error setting certificate verify locations:\n"
2054 " CAfile: %s\n CApath: %s",
2055 ssl_cafile ? ssl_cafile : "none",
2056 ssl_capath ? ssl_capath : "none");
2057 return CURLE_SSL_CACERT_BADFILE;
2058 }
2059 else {
2060 /* Just continue with a warning if no strict certificate verification
2061 is required. */
2062 infof(data, "error setting certificate verify locations,"
2063 " continuing anyway:\n");
2064 }
2065 }
2066 else {
2067 /* Everything is fine. */
2068 infof(data, "successfully set certificate verify locations:\n");
2069 }
2070 infof(data,
2071 " CAfile: %s\n"
2072 " CApath: %s\n",
2073 ssl_cafile ? ssl_cafile : "none",
2074 ssl_capath ? ssl_capath : "none");
2075 }
2076 #ifdef CURL_CA_FALLBACK
2077 else if(verifypeer) {
2078 /* verfying the peer without any CA certificates won't
2079 work so use openssl's built in default as fallback */
2080 SSL_CTX_set_default_verify_paths(connssl->ctx);
2081 }
2082 #endif
2083
2084 if(ssl_crlfile) {
2085 /* tell SSL where to find CRL file that is used to check certificate
2086 * revocation */
2087 lookup=X509_STORE_add_lookup(SSL_CTX_get_cert_store(connssl->ctx),
2088 X509_LOOKUP_file());
2089 if(!lookup ||
2090 (!X509_load_crl_file(lookup, ssl_crlfile, X509_FILETYPE_PEM)) ) {
2091 failf(data, "error loading CRL file: %s", ssl_crlfile);
2092 return CURLE_SSL_CRL_BADFILE;
2093 }
2094 else {
2095 /* Everything is fine. */
2096 infof(data, "successfully load CRL file:\n");
2097 X509_STORE_set_flags(SSL_CTX_get_cert_store(connssl->ctx),
2098 X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
2099 }
2100 infof(data, " CRLfile: %s\n", ssl_crlfile);
2101 }
2102
2103 /* Try building a chain using issuers in the trusted store first to avoid
2104 problems with server-sent legacy intermediates.
2105 Newer versions of OpenSSL do alternate chain checking by default which
2106 gives us the same fix without as much of a performance hit (slight), so we
2107 prefer that if available.
2108 https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest
2109 */
2110 #if defined(X509_V_FLAG_TRUSTED_FIRST) && !defined(X509_V_FLAG_NO_ALT_CHAINS)
2111 if(verifypeer) {
2112 X509_STORE_set_flags(SSL_CTX_get_cert_store(connssl->ctx),
2113 X509_V_FLAG_TRUSTED_FIRST);
2114 }
2115 #endif
2116
2117 /* SSL always tries to verify the peer, this only says whether it should
2118 * fail to connect if the verification fails, or if it should continue
2119 * anyway. In the latter case the result of the verification is checked with
2120 * SSL_get_verify_result() below. */
2121 SSL_CTX_set_verify(connssl->ctx,
2122 verifypeer ? SSL_VERIFY_PEER : SSL_VERIFY_NONE, NULL);
2123
2124 /* give application a chance to interfere with SSL set up. */
2125 if(data->set.ssl.fsslctx) {
2126 result = (*data->set.ssl.fsslctx)(data, connssl->ctx,
2127 data->set.ssl.fsslctxp);
2128 if(result) {
2129 failf(data, "error signaled by ssl ctx callback");
2130 return result;
2131 }
2132 }
2133
2134 /* Lets make an SSL structure */
2135 if(connssl->handle)
2136 SSL_free(connssl->handle);
2137 connssl->handle = SSL_new(connssl->ctx);
2138 if(!connssl->handle) {
2139 failf(data, "SSL: couldn't create a context (handle)!");
2140 return CURLE_OUT_OF_MEMORY;
2141 }
2142
2143 #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
2144 !defined(OPENSSL_NO_OCSP)
2145 if(SSL_CONN_CONFIG(verifystatus))
2146 SSL_set_tlsext_status_type(connssl->handle, TLSEXT_STATUSTYPE_ocsp);
2147 #endif
2148
2149 SSL_set_connect_state(connssl->handle);
2150
2151 connssl->server_cert = 0x0;
2152 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
2153 if((0 == Curl_inet_pton(AF_INET, hostname, &addr)) &&
2154 #ifdef ENABLE_IPV6
2155 (0 == Curl_inet_pton(AF_INET6, hostname, &addr)) &&
2156 #endif
2157 sni &&
2158 !SSL_set_tlsext_host_name(connssl->handle, hostname))
2159 infof(data, "WARNING: failed to configure server name indication (SNI) "
2160 "TLS extension\n");
2161 #endif
2162
2163 /* Check if there's a cached ID we can/should use here! */
2164 if(data->set.general_ssl.sessionid) {
2165 void *ssl_sessionid = NULL;
2166
2167 Curl_ssl_sessionid_lock(conn);
2168 if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) {
2169 /* we got a session id, use it! */
2170 if(!SSL_set_session(connssl->handle, ssl_sessionid)) {
2171 Curl_ssl_sessionid_unlock(conn);
2172 failf(data, "SSL: SSL_set_session failed: %s",
2173 ERR_error_string(ERR_get_error(), NULL));
2174 return CURLE_SSL_CONNECT_ERROR;
2175 }
2176 /* Informational message */
2177 infof (data, "SSL re-using session ID\n");
2178 }
2179 Curl_ssl_sessionid_unlock(conn);
2180 }
2181
2182 if(conn->proxy_ssl[sockindex].use) {
2183 BIO *const bio = BIO_new(BIO_f_ssl());
2184 DEBUGASSERT(ssl_connection_complete == conn->proxy_ssl[sockindex].state);
2185 DEBUGASSERT(conn->proxy_ssl[sockindex].handle != NULL);
2186 DEBUGASSERT(bio != NULL);
2187 BIO_set_ssl(bio, conn->proxy_ssl[sockindex].handle, FALSE);
2188 SSL_set_bio(connssl->handle, bio, bio);
2189 }
2190 else if(!SSL_set_fd(connssl->handle, (int)sockfd)) {
2191 /* pass the raw socket into the SSL layers */
2192 failf(data, "SSL: SSL_set_fd failed: %s",
2193 ERR_error_string(ERR_get_error(), NULL));
2194 return CURLE_SSL_CONNECT_ERROR;
2195 }
2196
2197 connssl->connecting_state = ssl_connect_2;
2198
2199 return CURLE_OK;
2200 }
2201
ossl_connect_step2(struct connectdata * conn,int sockindex)2202 static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex)
2203 {
2204 struct Curl_easy *data = conn->data;
2205 int err;
2206 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2207 long * const certverifyresult = SSL_IS_PROXY() ?
2208 &data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult;
2209 DEBUGASSERT(ssl_connect_2 == connssl->connecting_state
2210 || ssl_connect_2_reading == connssl->connecting_state
2211 || ssl_connect_2_writing == connssl->connecting_state);
2212
2213 ERR_clear_error();
2214
2215 err = SSL_connect(connssl->handle);
2216
2217 /* 1 is fine
2218 0 is "not successful but was shut down controlled"
2219 <0 is "handshake was not successful, because a fatal error occurred" */
2220 if(1 != err) {
2221 int detail = SSL_get_error(connssl->handle, err);
2222
2223 if(SSL_ERROR_WANT_READ == detail) {
2224 connssl->connecting_state = ssl_connect_2_reading;
2225 return CURLE_OK;
2226 }
2227 else if(SSL_ERROR_WANT_WRITE == detail) {
2228 connssl->connecting_state = ssl_connect_2_writing;
2229 return CURLE_OK;
2230 }
2231 else {
2232 /* untreated error */
2233 unsigned long errdetail;
2234 char error_buffer[256]=""; /* OpenSSL documents that this must be at
2235 least 256 bytes long. */
2236 CURLcode result;
2237 long lerr;
2238 int lib;
2239 int reason;
2240
2241 /* the connection failed, we're not waiting for anything else. */
2242 connssl->connecting_state = ssl_connect_2;
2243
2244 /* Get the earliest error code from the thread's error queue and removes
2245 the entry. */
2246 errdetail = ERR_get_error();
2247
2248 /* Extract which lib and reason */
2249 lib = ERR_GET_LIB(errdetail);
2250 reason = ERR_GET_REASON(errdetail);
2251
2252 if((lib == ERR_LIB_SSL) &&
2253 (reason == SSL_R_CERTIFICATE_VERIFY_FAILED)) {
2254 result = CURLE_SSL_CACERT;
2255
2256 lerr = SSL_get_verify_result(connssl->handle);
2257 if(lerr != X509_V_OK) {
2258 *certverifyresult = lerr;
2259 snprintf(error_buffer, sizeof(error_buffer),
2260 "SSL certificate problem: %s",
2261 X509_verify_cert_error_string(lerr));
2262 }
2263 else
2264 /* strcpy() is fine here as long as the string fits within
2265 error_buffer */
2266 strcpy(error_buffer, "SSL certificate verification failed");
2267 }
2268 else {
2269 result = CURLE_SSL_CONNECT_ERROR;
2270 ossl_strerror(errdetail, error_buffer, sizeof(error_buffer));
2271 }
2272
2273 /* detail is already set to the SSL error above */
2274
2275 /* If we e.g. use SSLv2 request-method and the server doesn't like us
2276 * (RST connection etc.), OpenSSL gives no explanation whatsoever and
2277 * the SO_ERROR is also lost.
2278 */
2279 if(CURLE_SSL_CONNECT_ERROR == result && errdetail == 0) {
2280 const char * const hostname = SSL_IS_PROXY() ?
2281 conn->http_proxy.host.name : conn->host.name;
2282 const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port;
2283 failf(data, "Unknown SSL protocol error in connection to %s:%ld ",
2284 hostname, port);
2285 return result;
2286 }
2287
2288 /* Could be a CERT problem */
2289 failf(data, "%s", error_buffer);
2290
2291 return result;
2292 }
2293 }
2294 else {
2295 /* we have been connected fine, we're not waiting for anything else. */
2296 connssl->connecting_state = ssl_connect_3;
2297
2298 /* Informational message */
2299 infof(data, "SSL connection using %s / %s\n",
2300 get_ssl_version_txt(connssl->handle),
2301 SSL_get_cipher(connssl->handle));
2302
2303 #ifdef HAS_ALPN
2304 /* Sets data and len to negotiated protocol, len is 0 if no protocol was
2305 * negotiated
2306 */
2307 if(conn->bits.tls_enable_alpn) {
2308 const unsigned char *neg_protocol;
2309 unsigned int len;
2310 SSL_get0_alpn_selected(connssl->handle, &neg_protocol, &len);
2311 if(len != 0) {
2312 infof(data, "ALPN, server accepted to use %.*s\n", len, neg_protocol);
2313
2314 #ifdef USE_NGHTTP2
2315 if(len == NGHTTP2_PROTO_VERSION_ID_LEN &&
2316 !memcmp(NGHTTP2_PROTO_VERSION_ID, neg_protocol, len)) {
2317 conn->negnpn = CURL_HTTP_VERSION_2;
2318 }
2319 else
2320 #endif
2321 if(len == ALPN_HTTP_1_1_LENGTH &&
2322 !memcmp(ALPN_HTTP_1_1, neg_protocol, ALPN_HTTP_1_1_LENGTH)) {
2323 conn->negnpn = CURL_HTTP_VERSION_1_1;
2324 }
2325 }
2326 else
2327 infof(data, "ALPN, server did not agree to a protocol\n");
2328 }
2329 #endif
2330
2331 return CURLE_OK;
2332 }
2333 }
2334
asn1_object_dump(ASN1_OBJECT * a,char * buf,size_t len)2335 static int asn1_object_dump(ASN1_OBJECT *a, char *buf, size_t len)
2336 {
2337 int i, ilen;
2338
2339 if((ilen = (int)len) < 0)
2340 return 1; /* buffer too big */
2341
2342 i = i2t_ASN1_OBJECT(buf, ilen, a);
2343
2344 if(i >= ilen)
2345 return 1; /* buffer too small */
2346
2347 return 0;
2348 }
2349
2350 #define push_certinfo(_label, _num) \
2351 do { \
2352 long info_len = BIO_get_mem_data(mem, &ptr); \
2353 Curl_ssl_push_certinfo_len(data, _num, _label, ptr, info_len); \
2354 if(1!=BIO_reset(mem)) \
2355 break; \
2356 } WHILE_FALSE
2357
pubkey_show(struct Curl_easy * data,BIO * mem,int num,const char * type,const char * name,const BIGNUM * bn)2358 static void pubkey_show(struct Curl_easy *data,
2359 BIO *mem,
2360 int num,
2361 const char *type,
2362 const char *name,
2363 #ifdef HAVE_OPAQUE_RSA_DSA_DH
2364 const
2365 #endif
2366 BIGNUM *bn)
2367 {
2368 char *ptr;
2369 char namebuf[32];
2370
2371 snprintf(namebuf, sizeof(namebuf), "%s(%s)", type, name);
2372
2373 if(bn)
2374 BN_print(mem, bn);
2375 push_certinfo(namebuf, num);
2376 }
2377
2378 #ifdef HAVE_OPAQUE_RSA_DSA_DH
2379 #define print_pubkey_BN(_type, _name, _num) \
2380 pubkey_show(data, mem, _num, #_type, #_name, _name)
2381
2382 #else
2383 #define print_pubkey_BN(_type, _name, _num) \
2384 do { \
2385 if(_type->_name) { \
2386 pubkey_show(data, mem, _num, #_type, #_name, _type->_name); \
2387 } \
2388 } WHILE_FALSE
2389 #endif
2390
X509V3_ext(struct Curl_easy * data,int certnum,CONST_EXTS STACK_OF (X509_EXTENSION)* exts)2391 static int X509V3_ext(struct Curl_easy *data,
2392 int certnum,
2393 CONST_EXTS STACK_OF(X509_EXTENSION) *exts)
2394 {
2395 int i;
2396 size_t j;
2397
2398 if((int)sk_X509_EXTENSION_num(exts) <= 0)
2399 /* no extensions, bail out */
2400 return 1;
2401
2402 for(i=0; i < (int)sk_X509_EXTENSION_num(exts); i++) {
2403 ASN1_OBJECT *obj;
2404 X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
2405 BUF_MEM *biomem;
2406 char buf[512];
2407 char *ptr=buf;
2408 char namebuf[128];
2409 BIO *bio_out = BIO_new(BIO_s_mem());
2410
2411 if(!bio_out)
2412 return 1;
2413
2414 obj = X509_EXTENSION_get_object(ext);
2415
2416 asn1_object_dump(obj, namebuf, sizeof(namebuf));
2417
2418 if(!X509V3_EXT_print(bio_out, ext, 0, 0))
2419 ASN1_STRING_print(bio_out, (ASN1_STRING *)X509_EXTENSION_get_data(ext));
2420
2421 BIO_get_mem_ptr(bio_out, &biomem);
2422
2423 for(j = 0; j < (size_t)biomem->length; j++) {
2424 const char *sep="";
2425 if(biomem->data[j] == '\n') {
2426 sep=", ";
2427 j++; /* skip the newline */
2428 };
2429 while((j<(size_t)biomem->length) && (biomem->data[j] == ' '))
2430 j++;
2431 if(j<(size_t)biomem->length)
2432 ptr+=snprintf(ptr, sizeof(buf)-(ptr-buf), "%s%c", sep,
2433 biomem->data[j]);
2434 }
2435
2436 Curl_ssl_push_certinfo(data, certnum, namebuf, buf);
2437
2438 BIO_free(bio_out);
2439
2440 }
2441 return 0; /* all is fine */
2442 }
2443
get_cert_chain(struct connectdata * conn,struct ssl_connect_data * connssl)2444 static CURLcode get_cert_chain(struct connectdata *conn,
2445 struct ssl_connect_data *connssl)
2446
2447 {
2448 CURLcode result;
2449 STACK_OF(X509) *sk;
2450 int i;
2451 struct Curl_easy *data = conn->data;
2452 int numcerts;
2453 BIO *mem;
2454
2455 sk = SSL_get_peer_cert_chain(connssl->handle);
2456 if(!sk) {
2457 return CURLE_OUT_OF_MEMORY;
2458 }
2459
2460 numcerts = sk_X509_num(sk);
2461
2462 result = Curl_ssl_init_certinfo(data, numcerts);
2463 if(result) {
2464 return result;
2465 }
2466
2467 mem = BIO_new(BIO_s_mem());
2468
2469 for(i = 0; i < numcerts; i++) {
2470 ASN1_INTEGER *num;
2471 X509 *x = sk_X509_value(sk, i);
2472 EVP_PKEY *pubkey=NULL;
2473 int j;
2474 char *ptr;
2475 CONST_ASN1_BIT_STRING ASN1_BIT_STRING *psig = NULL;
2476
2477 X509_NAME_print_ex(mem, X509_get_subject_name(x), 0, XN_FLAG_ONELINE);
2478 push_certinfo("Subject", i);
2479
2480 X509_NAME_print_ex(mem, X509_get_issuer_name(x), 0, XN_FLAG_ONELINE);
2481 push_certinfo("Issuer", i);
2482
2483 BIO_printf(mem, "%lx", X509_get_version(x));
2484 push_certinfo("Version", i);
2485
2486 num = X509_get_serialNumber(x);
2487 if(num->type == V_ASN1_NEG_INTEGER)
2488 BIO_puts(mem, "-");
2489 for(j = 0; j < num->length; j++)
2490 BIO_printf(mem, "%02x", num->data[j]);
2491 push_certinfo("Serial Number", i);
2492
2493 #if defined(HAVE_X509_GET0_SIGNATURE) && defined(HAVE_X509_GET0_EXTENSIONS)
2494 {
2495 const X509_ALGOR *palg = NULL;
2496 ASN1_STRING *a = ASN1_STRING_new();
2497 if(a) {
2498 X509_get0_signature(&psig, &palg, x);
2499 X509_signature_print(mem, palg, a);
2500 ASN1_STRING_free(a);
2501
2502 if(palg) {
2503 i2a_ASN1_OBJECT(mem, palg->algorithm);
2504 push_certinfo("Public Key Algorithm", i);
2505 }
2506 }
2507 X509V3_ext(data, i, X509_get0_extensions(x));
2508 }
2509 #else
2510 {
2511 /* before OpenSSL 1.0.2 */
2512 X509_CINF *cinf = x->cert_info;
2513
2514 i2a_ASN1_OBJECT(mem, cinf->signature->algorithm);
2515 push_certinfo("Signature Algorithm", i);
2516
2517 i2a_ASN1_OBJECT(mem, cinf->key->algor->algorithm);
2518 push_certinfo("Public Key Algorithm", i);
2519
2520 X509V3_ext(data, i, cinf->extensions);
2521
2522 psig = x->signature;
2523 }
2524 #endif
2525
2526 ASN1_TIME_print(mem, X509_get0_notBefore(x));
2527 push_certinfo("Start date", i);
2528
2529 ASN1_TIME_print(mem, X509_get0_notAfter(x));
2530 push_certinfo("Expire date", i);
2531
2532 pubkey = X509_get_pubkey(x);
2533 if(!pubkey)
2534 infof(data, " Unable to load public key\n");
2535 else {
2536 int pktype;
2537 #ifdef HAVE_OPAQUE_EVP_PKEY
2538 pktype = EVP_PKEY_id(pubkey);
2539 #else
2540 pktype = pubkey->type;
2541 #endif
2542 switch(pktype) {
2543 case EVP_PKEY_RSA:
2544 {
2545 RSA *rsa;
2546 #ifdef HAVE_OPAQUE_EVP_PKEY
2547 rsa = EVP_PKEY_get0_RSA(pubkey);
2548 #else
2549 rsa = pubkey->pkey.rsa;
2550 #endif
2551
2552 #ifdef HAVE_OPAQUE_RSA_DSA_DH
2553 {
2554 const BIGNUM *n;
2555 const BIGNUM *e;
2556 const BIGNUM *d;
2557 const BIGNUM *p;
2558 const BIGNUM *q;
2559 const BIGNUM *dmp1;
2560 const BIGNUM *dmq1;
2561 const BIGNUM *iqmp;
2562
2563 RSA_get0_key(rsa, &n, &e, &d);
2564 RSA_get0_factors(rsa, &p, &q);
2565 RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
2566 BN_print(mem, n);
2567 push_certinfo("RSA Public Key", i);
2568 print_pubkey_BN(rsa, n, i);
2569 print_pubkey_BN(rsa, e, i);
2570 print_pubkey_BN(rsa, d, i);
2571 print_pubkey_BN(rsa, p, i);
2572 print_pubkey_BN(rsa, q, i);
2573 print_pubkey_BN(rsa, dmp1, i);
2574 print_pubkey_BN(rsa, dmq1, i);
2575 print_pubkey_BN(rsa, iqmp, i);
2576 }
2577 #else
2578 BIO_printf(mem, "%d", BN_num_bits(rsa->n));
2579 push_certinfo("RSA Public Key", i);
2580 print_pubkey_BN(rsa, n, i);
2581 print_pubkey_BN(rsa, e, i);
2582 print_pubkey_BN(rsa, d, i);
2583 print_pubkey_BN(rsa, p, i);
2584 print_pubkey_BN(rsa, q, i);
2585 print_pubkey_BN(rsa, dmp1, i);
2586 print_pubkey_BN(rsa, dmq1, i);
2587 print_pubkey_BN(rsa, iqmp, i);
2588 #endif
2589
2590 break;
2591 }
2592 case EVP_PKEY_DSA:
2593 {
2594 DSA *dsa;
2595 #ifdef HAVE_OPAQUE_EVP_PKEY
2596 dsa = EVP_PKEY_get0_DSA(pubkey);
2597 #else
2598 dsa = pubkey->pkey.dsa;
2599 #endif
2600 #ifdef HAVE_OPAQUE_RSA_DSA_DH
2601 {
2602 const BIGNUM *p;
2603 const BIGNUM *q;
2604 const BIGNUM *g;
2605 const BIGNUM *priv_key;
2606 const BIGNUM *pub_key;
2607
2608 DSA_get0_pqg(dsa, &p, &q, &g);
2609 DSA_get0_key(dsa, &pub_key, &priv_key);
2610
2611 print_pubkey_BN(dsa, p, i);
2612 print_pubkey_BN(dsa, q, i);
2613 print_pubkey_BN(dsa, g, i);
2614 print_pubkey_BN(dsa, priv_key, i);
2615 print_pubkey_BN(dsa, pub_key, i);
2616 }
2617 #else
2618 print_pubkey_BN(dsa, p, i);
2619 print_pubkey_BN(dsa, q, i);
2620 print_pubkey_BN(dsa, g, i);
2621 print_pubkey_BN(dsa, priv_key, i);
2622 print_pubkey_BN(dsa, pub_key, i);
2623 #endif
2624 break;
2625 }
2626 case EVP_PKEY_DH:
2627 {
2628 DH *dh;
2629 #ifdef HAVE_OPAQUE_EVP_PKEY
2630 dh = EVP_PKEY_get0_DH(pubkey);
2631 #else
2632 dh = pubkey->pkey.dh;
2633 #endif
2634 #ifdef HAVE_OPAQUE_RSA_DSA_DH
2635 {
2636 const BIGNUM *p;
2637 const BIGNUM *q;
2638 const BIGNUM *g;
2639 const BIGNUM *priv_key;
2640 const BIGNUM *pub_key;
2641 DH_get0_pqg(dh, &p, &q, &g);
2642 DH_get0_key(dh, &pub_key, &priv_key);
2643 print_pubkey_BN(dh, p, i);
2644 print_pubkey_BN(dh, q, i);
2645 print_pubkey_BN(dh, g, i);
2646 print_pubkey_BN(dh, priv_key, i);
2647 print_pubkey_BN(dh, pub_key, i);
2648 }
2649 #else
2650 print_pubkey_BN(dh, p, i);
2651 print_pubkey_BN(dh, g, i);
2652 print_pubkey_BN(dh, priv_key, i);
2653 print_pubkey_BN(dh, pub_key, i);
2654 #endif
2655 break;
2656 }
2657 #if 0
2658 case EVP_PKEY_EC: /* symbol not present in OpenSSL 0.9.6 */
2659 /* left TODO */
2660 break;
2661 #endif
2662 }
2663 EVP_PKEY_free(pubkey);
2664 }
2665
2666 if(psig) {
2667 for(j = 0; j < psig->length; j++)
2668 BIO_printf(mem, "%02x:", psig->data[j]);
2669 push_certinfo("Signature", i);
2670 }
2671
2672 PEM_write_bio_X509(mem, x);
2673 push_certinfo("Cert", i);
2674 }
2675
2676 BIO_free(mem);
2677
2678 return CURLE_OK;
2679 }
2680
2681 /*
2682 * Heavily modified from:
2683 * https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning#OpenSSL
2684 */
pkp_pin_peer_pubkey(struct Curl_easy * data,X509 * cert,const char * pinnedpubkey)2685 static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, X509* cert,
2686 const char *pinnedpubkey)
2687 {
2688 /* Scratch */
2689 int len1 = 0, len2 = 0;
2690 unsigned char *buff1 = NULL, *temp = NULL;
2691
2692 /* Result is returned to caller */
2693 CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
2694
2695 /* if a path wasn't specified, don't pin */
2696 if(!pinnedpubkey)
2697 return CURLE_OK;
2698
2699 if(!cert)
2700 return result;
2701
2702 do {
2703 /* Begin Gyrations to get the subjectPublicKeyInfo */
2704 /* Thanks to Viktor Dukhovni on the OpenSSL mailing list */
2705
2706 /* https://groups.google.com/group/mailing.openssl.users/browse_thread
2707 /thread/d61858dae102c6c7 */
2708 len1 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), NULL);
2709 if(len1 < 1)
2710 break; /* failed */
2711
2712 /* https://www.openssl.org/docs/crypto/buffer.html */
2713 buff1 = temp = malloc(len1);
2714 if(!buff1)
2715 break; /* failed */
2716
2717 /* https://www.openssl.org/docs/crypto/d2i_X509.html */
2718 len2 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &temp);
2719
2720 /*
2721 * These checks are verifying we got back the same values as when we
2722 * sized the buffer. It's pretty weak since they should always be the
2723 * same. But it gives us something to test.
2724 */
2725 if((len1 != len2) || !temp || ((temp - buff1) != len1))
2726 break; /* failed */
2727
2728 /* End Gyrations */
2729
2730 /* The one good exit point */
2731 result = Curl_pin_peer_pubkey(data, pinnedpubkey, buff1, len1);
2732 } while(0);
2733
2734 /* https://www.openssl.org/docs/crypto/buffer.html */
2735 if(buff1)
2736 free(buff1);
2737
2738 return result;
2739 }
2740
2741 /*
2742 * Get the server cert, verify it and show it etc, only call failf() if the
2743 * 'strict' argument is TRUE as otherwise all this is for informational
2744 * purposes only!
2745 *
2746 * We check certificates to authenticate the server; otherwise we risk
2747 * man-in-the-middle attack.
2748 */
servercert(struct connectdata * conn,struct ssl_connect_data * connssl,bool strict)2749 static CURLcode servercert(struct connectdata *conn,
2750 struct ssl_connect_data *connssl,
2751 bool strict)
2752 {
2753 CURLcode result = CURLE_OK;
2754 int rc;
2755 long lerr, len;
2756 struct Curl_easy *data = conn->data;
2757 X509 *issuer;
2758 FILE *fp;
2759 char *buffer = data->state.buffer;
2760 const char *ptr;
2761 long * const certverifyresult = SSL_IS_PROXY() ?
2762 &data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult;
2763 BIO *mem = BIO_new(BIO_s_mem());
2764
2765 if(data->set.ssl.certinfo)
2766 /* we've been asked to gather certificate info! */
2767 (void)get_cert_chain(conn, connssl);
2768
2769 connssl->server_cert = SSL_get_peer_certificate(connssl->handle);
2770 if(!connssl->server_cert) {
2771 if(!strict)
2772 return CURLE_OK;
2773
2774 failf(data, "SSL: couldn't get peer certificate!");
2775 return CURLE_PEER_FAILED_VERIFICATION;
2776 }
2777
2778 infof(data, "%s certificate:\n", SSL_IS_PROXY() ? "Proxy" : "Server");
2779
2780 rc = x509_name_oneline(X509_get_subject_name(connssl->server_cert),
2781 buffer, BUFSIZE);
2782 infof(data, " subject: %s\n", rc?"[NONE]":buffer);
2783
2784 ASN1_TIME_print(mem, X509_get0_notBefore(connssl->server_cert));
2785 len = BIO_get_mem_data(mem, (char **) &ptr);
2786 infof(data, " start date: %.*s\n", len, ptr);
2787 rc = BIO_reset(mem);
2788
2789 ASN1_TIME_print(mem, X509_get0_notAfter(connssl->server_cert));
2790 len = BIO_get_mem_data(mem, (char **) &ptr);
2791 infof(data, " expire date: %.*s\n", len, ptr);
2792 rc = BIO_reset(mem);
2793
2794 BIO_free(mem);
2795
2796 if(SSL_CONN_CONFIG(verifyhost)) {
2797 result = verifyhost(conn, connssl->server_cert);
2798 if(result) {
2799 X509_free(connssl->server_cert);
2800 connssl->server_cert = NULL;
2801 return result;
2802 }
2803 }
2804
2805 rc = x509_name_oneline(X509_get_issuer_name(connssl->server_cert),
2806 buffer, BUFSIZE);
2807 if(rc) {
2808 if(strict)
2809 failf(data, "SSL: couldn't get X509-issuer name!");
2810 result = CURLE_SSL_CONNECT_ERROR;
2811 }
2812 else {
2813 infof(data, " issuer: %s\n", buffer);
2814
2815 /* We could do all sorts of certificate verification stuff here before
2816 deallocating the certificate. */
2817
2818 /* e.g. match issuer name with provided issuer certificate */
2819 if(SSL_SET_OPTION(issuercert)) {
2820 fp = fopen(SSL_SET_OPTION(issuercert), FOPEN_READTEXT);
2821 if(!fp) {
2822 if(strict)
2823 failf(data, "SSL: Unable to open issuer cert (%s)",
2824 SSL_SET_OPTION(issuercert));
2825 X509_free(connssl->server_cert);
2826 connssl->server_cert = NULL;
2827 return CURLE_SSL_ISSUER_ERROR;
2828 }
2829
2830 issuer = PEM_read_X509(fp, NULL, ZERO_NULL, NULL);
2831 if(!issuer) {
2832 if(strict)
2833 failf(data, "SSL: Unable to read issuer cert (%s)",
2834 SSL_SET_OPTION(issuercert));
2835 X509_free(connssl->server_cert);
2836 X509_free(issuer);
2837 fclose(fp);
2838 return CURLE_SSL_ISSUER_ERROR;
2839 }
2840
2841 fclose(fp);
2842
2843 if(X509_check_issued(issuer, connssl->server_cert) != X509_V_OK) {
2844 if(strict)
2845 failf(data, "SSL: Certificate issuer check failed (%s)",
2846 SSL_SET_OPTION(issuercert));
2847 X509_free(connssl->server_cert);
2848 X509_free(issuer);
2849 connssl->server_cert = NULL;
2850 return CURLE_SSL_ISSUER_ERROR;
2851 }
2852
2853 infof(data, " SSL certificate issuer check ok (%s)\n",
2854 SSL_SET_OPTION(issuercert));
2855 X509_free(issuer);
2856 }
2857
2858 lerr = *certverifyresult = SSL_get_verify_result(connssl->handle);
2859
2860 if(*certverifyresult != X509_V_OK) {
2861 if(SSL_CONN_CONFIG(verifypeer)) {
2862 /* We probably never reach this, because SSL_connect() will fail
2863 and we return earlier if verifypeer is set? */
2864 if(strict)
2865 failf(data, "SSL certificate verify result: %s (%ld)",
2866 X509_verify_cert_error_string(lerr), lerr);
2867 result = CURLE_PEER_FAILED_VERIFICATION;
2868 }
2869 else
2870 infof(data, " SSL certificate verify result: %s (%ld),"
2871 " continuing anyway.\n",
2872 X509_verify_cert_error_string(lerr), lerr);
2873 }
2874 else
2875 infof(data, " SSL certificate verify ok.\n");
2876 }
2877
2878 #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
2879 !defined(OPENSSL_NO_OCSP)
2880 if(SSL_CONN_CONFIG(verifystatus)) {
2881 result = verifystatus(conn, connssl);
2882 if(result) {
2883 X509_free(connssl->server_cert);
2884 connssl->server_cert = NULL;
2885 return result;
2886 }
2887 }
2888 #endif
2889
2890 if(!strict)
2891 /* when not strict, we don't bother about the verify cert problems */
2892 result = CURLE_OK;
2893
2894 ptr = data->set.str[STRING_SSL_PINNEDPUBLICKEY];
2895 if(!result && ptr) {
2896 result = pkp_pin_peer_pubkey(data, connssl->server_cert, ptr);
2897 if(result)
2898 failf(data, "SSL: public key does not match pinned public key!");
2899 }
2900
2901 X509_free(connssl->server_cert);
2902 connssl->server_cert = NULL;
2903 connssl->connecting_state = ssl_connect_done;
2904
2905 return result;
2906 }
2907
ossl_connect_step3(struct connectdata * conn,int sockindex)2908 static CURLcode ossl_connect_step3(struct connectdata *conn, int sockindex)
2909 {
2910 CURLcode result = CURLE_OK;
2911 struct Curl_easy *data = conn->data;
2912 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2913
2914 DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
2915
2916 if(data->set.general_ssl.sessionid) {
2917 bool incache;
2918 SSL_SESSION *our_ssl_sessionid;
2919 void *old_ssl_sessionid = NULL;
2920
2921 our_ssl_sessionid = SSL_get1_session(connssl->handle);
2922
2923 /* SSL_get1_session() will increment the reference count and the session
2924 will stay in memory until explicitly freed with SSL_SESSION_free(3),
2925 regardless of its state. */
2926
2927 Curl_ssl_sessionid_lock(conn);
2928 incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL,
2929 sockindex));
2930 if(incache) {
2931 if(old_ssl_sessionid != our_ssl_sessionid) {
2932 infof(data, "old SSL session ID is stale, removing\n");
2933 Curl_ssl_delsessionid(conn, old_ssl_sessionid);
2934 incache = FALSE;
2935 }
2936 }
2937
2938 if(!incache) {
2939 result = Curl_ssl_addsessionid(conn, our_ssl_sessionid,
2940 0 /* unknown size */, sockindex);
2941 if(result) {
2942 Curl_ssl_sessionid_unlock(conn);
2943 failf(data, "failed to store ssl session");
2944 return result;
2945 }
2946 }
2947 else {
2948 /* Session was incache, so refcount already incremented earlier.
2949 * Avoid further increments with each SSL_get1_session() call.
2950 * This does not free the session as refcount remains > 0
2951 */
2952 SSL_SESSION_free(our_ssl_sessionid);
2953 }
2954 Curl_ssl_sessionid_unlock(conn);
2955 }
2956
2957 /*
2958 * We check certificates to authenticate the server; otherwise we risk
2959 * man-in-the-middle attack; NEVERTHELESS, if we're told explicitly not to
2960 * verify the peer ignore faults and failures from the server cert
2961 * operations.
2962 */
2963
2964 result = servercert(conn, connssl, (SSL_CONN_CONFIG(verifypeer) ||
2965 SSL_CONN_CONFIG(verifyhost)));
2966
2967 if(!result)
2968 connssl->connecting_state = ssl_connect_done;
2969
2970 return result;
2971 }
2972
2973 static Curl_recv ossl_recv;
2974 static Curl_send ossl_send;
2975
ossl_connect_common(struct connectdata * conn,int sockindex,bool nonblocking,bool * done)2976 static CURLcode ossl_connect_common(struct connectdata *conn,
2977 int sockindex,
2978 bool nonblocking,
2979 bool *done)
2980 {
2981 CURLcode result;
2982 struct Curl_easy *data = conn->data;
2983 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2984 curl_socket_t sockfd = conn->sock[sockindex];
2985 time_t timeout_ms;
2986 int what;
2987
2988 /* check if the connection has already been established */
2989 if(ssl_connection_complete == connssl->state) {
2990 *done = TRUE;
2991 return CURLE_OK;
2992 }
2993
2994 if(ssl_connect_1 == connssl->connecting_state) {
2995 /* Find out how much more time we're allowed */
2996 timeout_ms = Curl_timeleft(data, NULL, TRUE);
2997
2998 if(timeout_ms < 0) {
2999 /* no need to continue if time already is up */
3000 failf(data, "SSL connection timeout");
3001 return CURLE_OPERATION_TIMEDOUT;
3002 }
3003
3004 result = ossl_connect_step1(conn, sockindex);
3005 if(result)
3006 return result;
3007 }
3008
3009 while(ssl_connect_2 == connssl->connecting_state ||
3010 ssl_connect_2_reading == connssl->connecting_state ||
3011 ssl_connect_2_writing == connssl->connecting_state) {
3012
3013 /* check allowed time left */
3014 timeout_ms = Curl_timeleft(data, NULL, TRUE);
3015
3016 if(timeout_ms < 0) {
3017 /* no need to continue if time already is up */
3018 failf(data, "SSL connection timeout");
3019 return CURLE_OPERATION_TIMEDOUT;
3020 }
3021
3022 /* if ssl is expecting something, check if it's available. */
3023 if(connssl->connecting_state == ssl_connect_2_reading ||
3024 connssl->connecting_state == ssl_connect_2_writing) {
3025
3026 curl_socket_t writefd = ssl_connect_2_writing==
3027 connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
3028 curl_socket_t readfd = ssl_connect_2_reading==
3029 connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
3030
3031 what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd,
3032 nonblocking?0:timeout_ms);
3033 if(what < 0) {
3034 /* fatal error */
3035 failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
3036 return CURLE_SSL_CONNECT_ERROR;
3037 }
3038 else if(0 == what) {
3039 if(nonblocking) {
3040 *done = FALSE;
3041 return CURLE_OK;
3042 }
3043 else {
3044 /* timeout */
3045 failf(data, "SSL connection timeout");
3046 return CURLE_OPERATION_TIMEDOUT;
3047 }
3048 }
3049 /* socket is readable or writable */
3050 }
3051
3052 /* Run transaction, and return to the caller if it failed or if this
3053 * connection is done nonblocking and this loop would execute again. This
3054 * permits the owner of a multi handle to abort a connection attempt
3055 * before step2 has completed while ensuring that a client using select()
3056 * or epoll() will always have a valid fdset to wait on.
3057 */
3058 result = ossl_connect_step2(conn, sockindex);
3059 if(result || (nonblocking &&
3060 (ssl_connect_2 == connssl->connecting_state ||
3061 ssl_connect_2_reading == connssl->connecting_state ||
3062 ssl_connect_2_writing == connssl->connecting_state)))
3063 return result;
3064
3065 } /* repeat step2 until all transactions are done. */
3066
3067 if(ssl_connect_3 == connssl->connecting_state) {
3068 result = ossl_connect_step3(conn, sockindex);
3069 if(result)
3070 return result;
3071 }
3072
3073 if(ssl_connect_done == connssl->connecting_state) {
3074 connssl->state = ssl_connection_complete;
3075 conn->recv[sockindex] = ossl_recv;
3076 conn->send[sockindex] = ossl_send;
3077 *done = TRUE;
3078 }
3079 else
3080 *done = FALSE;
3081
3082 /* Reset our connect state machine */
3083 connssl->connecting_state = ssl_connect_1;
3084
3085 return CURLE_OK;
3086 }
3087
Curl_ossl_connect_nonblocking(struct connectdata * conn,int sockindex,bool * done)3088 CURLcode Curl_ossl_connect_nonblocking(struct connectdata *conn,
3089 int sockindex,
3090 bool *done)
3091 {
3092 return ossl_connect_common(conn, sockindex, TRUE, done);
3093 }
3094
Curl_ossl_connect(struct connectdata * conn,int sockindex)3095 CURLcode Curl_ossl_connect(struct connectdata *conn, int sockindex)
3096 {
3097 CURLcode result;
3098 bool done = FALSE;
3099
3100 result = ossl_connect_common(conn, sockindex, FALSE, &done);
3101 if(result)
3102 return result;
3103
3104 DEBUGASSERT(done);
3105
3106 return CURLE_OK;
3107 }
3108
Curl_ossl_data_pending(const struct connectdata * conn,int connindex)3109 bool Curl_ossl_data_pending(const struct connectdata *conn, int connindex)
3110 {
3111 if(conn->ssl[connindex].handle)
3112 /* SSL is in use */
3113 return (0 != SSL_pending(conn->ssl[connindex].handle) ||
3114 (conn->proxy_ssl[connindex].handle &&
3115 0 != SSL_pending(conn->proxy_ssl[connindex].handle))) ?
3116 TRUE : FALSE;
3117 else
3118 return FALSE;
3119 }
3120
ossl_send(struct connectdata * conn,int sockindex,const void * mem,size_t len,CURLcode * curlcode)3121 static ssize_t ossl_send(struct connectdata *conn,
3122 int sockindex,
3123 const void *mem,
3124 size_t len,
3125 CURLcode *curlcode)
3126 {
3127 /* SSL_write() is said to return 'int' while write() and send() returns
3128 'size_t' */
3129 int err;
3130 char error_buffer[256]; /* OpenSSL documents that this must be at least 256
3131 bytes long. */
3132 unsigned long sslerror;
3133 int memlen;
3134 int rc;
3135
3136 ERR_clear_error();
3137
3138 memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len;
3139 rc = SSL_write(conn->ssl[sockindex].handle, mem, memlen);
3140
3141 if(rc <= 0) {
3142 err = SSL_get_error(conn->ssl[sockindex].handle, rc);
3143
3144 switch(err) {
3145 case SSL_ERROR_WANT_READ:
3146 case SSL_ERROR_WANT_WRITE:
3147 /* The operation did not complete; the same TLS/SSL I/O function
3148 should be called again later. This is basically an EWOULDBLOCK
3149 equivalent. */
3150 *curlcode = CURLE_AGAIN;
3151 return -1;
3152 case SSL_ERROR_SYSCALL:
3153 failf(conn->data, "SSL_write() returned SYSCALL, errno = %d",
3154 SOCKERRNO);
3155 *curlcode = CURLE_SEND_ERROR;
3156 return -1;
3157 case SSL_ERROR_SSL:
3158 /* A failure in the SSL library occurred, usually a protocol error.
3159 The OpenSSL error queue contains more information on the error. */
3160 sslerror = ERR_get_error();
3161 if(ERR_GET_LIB(sslerror) == ERR_LIB_SSL &&
3162 ERR_GET_REASON(sslerror) == SSL_R_BIO_NOT_SET &&
3163 conn->ssl[sockindex].state == ssl_connection_complete &&
3164 conn->proxy_ssl[sockindex].state == ssl_connection_complete) {
3165 char ver[120];
3166 Curl_ossl_version(ver, 120);
3167 failf(conn->data, "Error: %s does not support double SSL tunneling.",
3168 ver);
3169 }
3170 else
3171 failf(conn->data, "SSL_write() error: %s",
3172 ossl_strerror(sslerror, error_buffer, sizeof(error_buffer)));
3173 *curlcode = CURLE_SEND_ERROR;
3174 return -1;
3175 }
3176 /* a true error */
3177 failf(conn->data, "SSL_write() return error %d", err);
3178 *curlcode = CURLE_SEND_ERROR;
3179 return -1;
3180 }
3181 *curlcode = CURLE_OK;
3182 return (ssize_t)rc; /* number of bytes */
3183 }
3184
ossl_recv(struct connectdata * conn,int num,char * buf,size_t buffersize,CURLcode * curlcode)3185 static ssize_t ossl_recv(struct connectdata *conn, /* connection data */
3186 int num, /* socketindex */
3187 char *buf, /* store read data here */
3188 size_t buffersize, /* max amount to read */
3189 CURLcode *curlcode)
3190 {
3191 char error_buffer[256]; /* OpenSSL documents that this must be at
3192 least 256 bytes long. */
3193 unsigned long sslerror;
3194 ssize_t nread;
3195 int buffsize;
3196
3197 ERR_clear_error();
3198
3199 buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize;
3200 nread = (ssize_t)SSL_read(conn->ssl[num].handle, buf, buffsize);
3201 if(nread <= 0) {
3202 /* failed SSL_read */
3203 int err = SSL_get_error(conn->ssl[num].handle, (int)nread);
3204
3205 switch(err) {
3206 case SSL_ERROR_NONE: /* this is not an error */
3207 case SSL_ERROR_ZERO_RETURN: /* no more data */
3208 break;
3209 case SSL_ERROR_WANT_READ:
3210 case SSL_ERROR_WANT_WRITE:
3211 /* there's data pending, re-invoke SSL_read() */
3212 *curlcode = CURLE_AGAIN;
3213 return -1;
3214 default:
3215 /* openssl/ssl.h for SSL_ERROR_SYSCALL says "look at error stack/return
3216 value/errno" */
3217 /* https://www.openssl.org/docs/crypto/ERR_get_error.html */
3218 sslerror = ERR_get_error();
3219 if((nread < 0) || sslerror) {
3220 /* If the return code was negative or there actually is an error in the
3221 queue */
3222 failf(conn->data, "SSL read: %s, errno %d",
3223 ossl_strerror(sslerror, error_buffer, sizeof(error_buffer)),
3224 SOCKERRNO);
3225 *curlcode = CURLE_RECV_ERROR;
3226 return -1;
3227 }
3228 }
3229 }
3230 return nread;
3231 }
3232
Curl_ossl_version(char * buffer,size_t size)3233 size_t Curl_ossl_version(char *buffer, size_t size)
3234 {
3235 #ifdef OPENSSL_IS_BORINGSSL
3236 return snprintf(buffer, size, OSSL_PACKAGE);
3237 #else /* OPENSSL_IS_BORINGSSL */
3238 char sub[3];
3239 unsigned long ssleay_value;
3240 sub[2]='\0';
3241 sub[1]='\0';
3242 ssleay_value=OpenSSL_version_num();
3243 if(ssleay_value < 0x906000) {
3244 ssleay_value=SSLEAY_VERSION_NUMBER;
3245 sub[0]='\0';
3246 }
3247 else {
3248 if(ssleay_value&0xff0) {
3249 int minor_ver = (ssleay_value >> 4) & 0xff;
3250 if(minor_ver > 26) {
3251 /* handle extended version introduced for 0.9.8za */
3252 sub[1] = (char) ((minor_ver - 1) % 26 + 'a' + 1);
3253 sub[0] = 'z';
3254 }
3255 else {
3256 sub[0]=(char)(((ssleay_value>>4)&0xff) + 'a' -1);
3257 }
3258 }
3259 else
3260 sub[0]='\0';
3261 }
3262
3263 return snprintf(buffer, size, "%s/%lx.%lx.%lx%s",
3264 OSSL_PACKAGE,
3265 (ssleay_value>>28)&0xf,
3266 (ssleay_value>>20)&0xff,
3267 (ssleay_value>>12)&0xff,
3268 sub);
3269 #endif /* OPENSSL_IS_BORINGSSL */
3270 }
3271
3272 /* can be called with data == NULL */
Curl_ossl_random(struct Curl_easy * data,unsigned char * entropy,size_t length)3273 int Curl_ossl_random(struct Curl_easy *data, unsigned char *entropy,
3274 size_t length)
3275 {
3276 if(data) {
3277 if(Curl_ossl_seed(data)) /* Initiate the seed if not already done */
3278 return 1; /* couldn't seed for some reason */
3279 }
3280 else {
3281 if(!rand_enough())
3282 return 1;
3283 }
3284 RAND_bytes(entropy, curlx_uztosi(length));
3285 return 0; /* 0 as in no problem */
3286 }
3287
Curl_ossl_md5sum(unsigned char * tmp,size_t tmplen,unsigned char * md5sum,size_t unused)3288 void Curl_ossl_md5sum(unsigned char *tmp, /* input */
3289 size_t tmplen,
3290 unsigned char *md5sum /* output */,
3291 size_t unused)
3292 {
3293 MD5_CTX MD5pw;
3294 (void)unused;
3295 MD5_Init(&MD5pw);
3296 MD5_Update(&MD5pw, tmp, tmplen);
3297 MD5_Final(md5sum, &MD5pw);
3298 }
3299
3300 #if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
Curl_ossl_sha256sum(const unsigned char * tmp,size_t tmplen,unsigned char * sha256sum,size_t unused)3301 void Curl_ossl_sha256sum(const unsigned char *tmp, /* input */
3302 size_t tmplen,
3303 unsigned char *sha256sum /* output */,
3304 size_t unused)
3305 {
3306 SHA256_CTX SHA256pw;
3307 (void)unused;
3308 SHA256_Init(&SHA256pw);
3309 SHA256_Update(&SHA256pw, tmp, tmplen);
3310 SHA256_Final(sha256sum, &SHA256pw);
3311 }
3312 #endif
3313
Curl_ossl_cert_status_request(void)3314 bool Curl_ossl_cert_status_request(void)
3315 {
3316 #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
3317 !defined(OPENSSL_NO_OCSP)
3318 return TRUE;
3319 #else
3320 return FALSE;
3321 #endif
3322 }
3323 #endif /* USE_OPENSSL */
3324