1 /***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) 2012 - 2014, Nick Zitzmann, <nickzman@gmail.com>.
9 * Copyright (C) 2012 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
10 *
11 * This software is licensed as described in the file COPYING, which
12 * you should have received as part of this distribution. The terms
13 * are also available at https://curl.haxx.se/docs/copyright.html.
14 *
15 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
16 * copies of the Software, and permit persons to whom the Software is
17 * furnished to do so, under the terms of the COPYING file.
18 *
19 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
20 * KIND, either express or implied.
21 *
22 ***************************************************************************/
23
24 /*
25 * Source file for all iOS and Mac OS X SecureTransport-specific code for the
26 * TLS/SSL layer. No code but vtls.c should ever call or use these functions.
27 */
28
29 #include "curl_setup.h"
30
31 #include "urldata.h" /* for the Curl_easy definition */
32 #include "curl_base64.h"
33 #include "strtok.h"
34
35 #ifdef USE_DARWINSSL
36
37 #ifdef HAVE_LIMITS_H
38 #include <limits.h>
39 #endif
40
41 #include <Security/Security.h>
42 #include <Security/SecureTransport.h>
43 #include <CoreFoundation/CoreFoundation.h>
44 #include <CommonCrypto/CommonDigest.h>
45
46 /* The Security framework has changed greatly between iOS and different OS X
47 versions, and we will try to support as many of them as we can (back to
48 Leopard and iOS 5) by using macros and weak-linking.
49
50 IMPORTANT: If TLS 1.1 and 1.2 support are important for you on OS X, then
51 you must build this project against the 10.8 SDK or later. */
52 #if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE))
53
54 #if MAC_OS_X_VERSION_MAX_ALLOWED < 1050
55 #error "The darwinssl back-end requires Leopard or later."
56 #endif /* MAC_OS_X_VERSION_MAX_ALLOWED < 1050 */
57
58 #define CURL_BUILD_IOS 0
59 #define CURL_BUILD_IOS_7 0
60 #define CURL_BUILD_MAC 1
61 /* This is the maximum API level we are allowed to use when building: */
62 #define CURL_BUILD_MAC_10_5 MAC_OS_X_VERSION_MAX_ALLOWED >= 1050
63 #define CURL_BUILD_MAC_10_6 MAC_OS_X_VERSION_MAX_ALLOWED >= 1060
64 #define CURL_BUILD_MAC_10_7 MAC_OS_X_VERSION_MAX_ALLOWED >= 1070
65 #define CURL_BUILD_MAC_10_8 MAC_OS_X_VERSION_MAX_ALLOWED >= 1080
66 #define CURL_BUILD_MAC_10_9 MAC_OS_X_VERSION_MAX_ALLOWED >= 1090
67 /* These macros mean "the following code is present to allow runtime backward
68 compatibility with at least this cat or earlier":
69 (You set this at build-time by setting the MACOSX_DEPLOYMENT_TARGET
70 environmental variable.) */
71 #define CURL_SUPPORT_MAC_10_5 MAC_OS_X_VERSION_MIN_REQUIRED <= 1050
72 #define CURL_SUPPORT_MAC_10_6 MAC_OS_X_VERSION_MIN_REQUIRED <= 1060
73 #define CURL_SUPPORT_MAC_10_7 MAC_OS_X_VERSION_MIN_REQUIRED <= 1070
74 #define CURL_SUPPORT_MAC_10_8 MAC_OS_X_VERSION_MIN_REQUIRED <= 1080
75 #define CURL_SUPPORT_MAC_10_9 MAC_OS_X_VERSION_MIN_REQUIRED <= 1090
76
77 #elif TARGET_OS_EMBEDDED || TARGET_OS_IPHONE
78 #define CURL_BUILD_IOS 1
79 #define CURL_BUILD_IOS_7 __IPHONE_OS_VERSION_MAX_ALLOWED >= 70000
80 #define CURL_BUILD_MAC 0
81 #define CURL_BUILD_MAC_10_5 0
82 #define CURL_BUILD_MAC_10_6 0
83 #define CURL_BUILD_MAC_10_7 0
84 #define CURL_BUILD_MAC_10_8 0
85 #define CURL_SUPPORT_MAC_10_5 0
86 #define CURL_SUPPORT_MAC_10_6 0
87 #define CURL_SUPPORT_MAC_10_7 0
88 #define CURL_SUPPORT_MAC_10_8 0
89 #define CURL_SUPPORT_MAC_10_9 0
90
91 #else
92 #error "The darwinssl back-end requires iOS or OS X."
93 #endif /* (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)) */
94
95 #if CURL_BUILD_MAC
96 #include <sys/sysctl.h>
97 #endif /* CURL_BUILD_MAC */
98
99 #include "urldata.h"
100 #include "sendf.h"
101 #include "inet_pton.h"
102 #include "connect.h"
103 #include "select.h"
104 #include "vtls.h"
105 #include "darwinssl.h"
106 #include "curl_printf.h"
107
108 #include "curl_memory.h"
109 /* The last #include file should be: */
110 #include "memdebug.h"
111
112 /* From MacTypes.h (which we can't include because it isn't present in iOS: */
113 #define ioErr -36
114 #define paramErr -50
115
116 /* The following two functions were ripped from Apple sample code,
117 * with some modifications: */
SocketRead(SSLConnectionRef connection,void * data,size_t * dataLength)118 static OSStatus SocketRead(SSLConnectionRef connection,
119 void *data, /* owned by
120 * caller, data
121 * RETURNED */
122 size_t *dataLength) /* IN/OUT */
123 {
124 size_t bytesToGo = *dataLength;
125 size_t initLen = bytesToGo;
126 UInt8 *currData = (UInt8 *)data;
127 /*int sock = *(int *)connection;*/
128 struct ssl_connect_data *connssl = (struct ssl_connect_data *)connection;
129 int sock = connssl->ssl_sockfd;
130 OSStatus rtn = noErr;
131 size_t bytesRead;
132 ssize_t rrtn;
133 int theErr;
134
135 *dataLength = 0;
136
137 for(;;) {
138 bytesRead = 0;
139 rrtn = read(sock, currData, bytesToGo);
140 if(rrtn <= 0) {
141 /* this is guesswork... */
142 theErr = errno;
143 if(rrtn == 0) { /* EOF = server hung up */
144 /* the framework will turn this into errSSLClosedNoNotify */
145 rtn = errSSLClosedGraceful;
146 }
147 else /* do the switch */
148 switch(theErr) {
149 case ENOENT:
150 /* connection closed */
151 rtn = errSSLClosedGraceful;
152 break;
153 case ECONNRESET:
154 rtn = errSSLClosedAbort;
155 break;
156 case EAGAIN:
157 rtn = errSSLWouldBlock;
158 connssl->ssl_direction = false;
159 break;
160 default:
161 rtn = ioErr;
162 break;
163 }
164 break;
165 }
166 else {
167 bytesRead = rrtn;
168 }
169 bytesToGo -= bytesRead;
170 currData += bytesRead;
171
172 if(bytesToGo == 0) {
173 /* filled buffer with incoming data, done */
174 break;
175 }
176 }
177 *dataLength = initLen - bytesToGo;
178
179 return rtn;
180 }
181
SocketWrite(SSLConnectionRef connection,const void * data,size_t * dataLength)182 static OSStatus SocketWrite(SSLConnectionRef connection,
183 const void *data,
184 size_t *dataLength) /* IN/OUT */
185 {
186 size_t bytesSent = 0;
187 /*int sock = *(int *)connection;*/
188 struct ssl_connect_data *connssl = (struct ssl_connect_data *)connection;
189 int sock = connssl->ssl_sockfd;
190 ssize_t length;
191 size_t dataLen = *dataLength;
192 const UInt8 *dataPtr = (UInt8 *)data;
193 OSStatus ortn;
194 int theErr;
195
196 *dataLength = 0;
197
198 do {
199 length = write(sock,
200 (char *)dataPtr + bytesSent,
201 dataLen - bytesSent);
202 } while((length > 0) &&
203 ( (bytesSent += length) < dataLen) );
204
205 if(length <= 0) {
206 theErr = errno;
207 if(theErr == EAGAIN) {
208 ortn = errSSLWouldBlock;
209 connssl->ssl_direction = true;
210 }
211 else {
212 ortn = ioErr;
213 }
214 }
215 else {
216 ortn = noErr;
217 }
218 *dataLength = bytesSent;
219 return ortn;
220 }
221
SSLCipherNameForNumber(SSLCipherSuite cipher)222 CF_INLINE const char *SSLCipherNameForNumber(SSLCipherSuite cipher)
223 {
224 switch (cipher) {
225 /* SSL version 3.0 */
226 case SSL_RSA_WITH_NULL_MD5:
227 return "SSL_RSA_WITH_NULL_MD5";
228 break;
229 case SSL_RSA_WITH_NULL_SHA:
230 return "SSL_RSA_WITH_NULL_SHA";
231 break;
232 case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
233 return "SSL_RSA_EXPORT_WITH_RC4_40_MD5";
234 break;
235 case SSL_RSA_WITH_RC4_128_MD5:
236 return "SSL_RSA_WITH_RC4_128_MD5";
237 break;
238 case SSL_RSA_WITH_RC4_128_SHA:
239 return "SSL_RSA_WITH_RC4_128_SHA";
240 break;
241 case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
242 return "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5";
243 break;
244 case SSL_RSA_WITH_IDEA_CBC_SHA:
245 return "SSL_RSA_WITH_IDEA_CBC_SHA";
246 break;
247 case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:
248 return "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA";
249 break;
250 case SSL_RSA_WITH_DES_CBC_SHA:
251 return "SSL_RSA_WITH_DES_CBC_SHA";
252 break;
253 case SSL_RSA_WITH_3DES_EDE_CBC_SHA:
254 return "SSL_RSA_WITH_3DES_EDE_CBC_SHA";
255 break;
256 case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:
257 return "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA";
258 break;
259 case SSL_DH_DSS_WITH_DES_CBC_SHA:
260 return "SSL_DH_DSS_WITH_DES_CBC_SHA";
261 break;
262 case SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA:
263 return "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA";
264 break;
265 case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:
266 return "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA";
267 break;
268 case SSL_DH_RSA_WITH_DES_CBC_SHA:
269 return "SSL_DH_RSA_WITH_DES_CBC_SHA";
270 break;
271 case SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA:
272 return "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA";
273 break;
274 case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
275 return "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA";
276 break;
277 case SSL_DHE_DSS_WITH_DES_CBC_SHA:
278 return "SSL_DHE_DSS_WITH_DES_CBC_SHA";
279 break;
280 case SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
281 return "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA";
282 break;
283 case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
284 return "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA";
285 break;
286 case SSL_DHE_RSA_WITH_DES_CBC_SHA:
287 return "SSL_DHE_RSA_WITH_DES_CBC_SHA";
288 break;
289 case SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
290 return "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
291 break;
292 case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5:
293 return "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5";
294 break;
295 case SSL_DH_anon_WITH_RC4_128_MD5:
296 return "SSL_DH_anon_WITH_RC4_128_MD5";
297 break;
298 case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
299 return "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA";
300 break;
301 case SSL_DH_anon_WITH_DES_CBC_SHA:
302 return "SSL_DH_anon_WITH_DES_CBC_SHA";
303 break;
304 case SSL_DH_anon_WITH_3DES_EDE_CBC_SHA:
305 return "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA";
306 break;
307 case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
308 return "SSL_FORTEZZA_DMS_WITH_NULL_SHA";
309 break;
310 case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
311 return "SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA";
312 break;
313 /* TLS 1.0 with AES (RFC 3268)
314 (Apparently these are used in SSLv3 implementations as well.) */
315 case TLS_RSA_WITH_AES_128_CBC_SHA:
316 return "TLS_RSA_WITH_AES_128_CBC_SHA";
317 break;
318 case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
319 return "TLS_DH_DSS_WITH_AES_128_CBC_SHA";
320 break;
321 case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
322 return "TLS_DH_RSA_WITH_AES_128_CBC_SHA";
323 break;
324 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
325 return "TLS_DHE_DSS_WITH_AES_128_CBC_SHA";
326 break;
327 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
328 return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
329 break;
330 case TLS_DH_anon_WITH_AES_128_CBC_SHA:
331 return "TLS_DH_anon_WITH_AES_128_CBC_SHA";
332 break;
333 case TLS_RSA_WITH_AES_256_CBC_SHA:
334 return "TLS_RSA_WITH_AES_256_CBC_SHA";
335 break;
336 case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
337 return "TLS_DH_DSS_WITH_AES_256_CBC_SHA";
338 break;
339 case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
340 return "TLS_DH_RSA_WITH_AES_256_CBC_SHA";
341 break;
342 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
343 return "TLS_DHE_DSS_WITH_AES_256_CBC_SHA";
344 break;
345 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
346 return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
347 break;
348 case TLS_DH_anon_WITH_AES_256_CBC_SHA:
349 return "TLS_DH_anon_WITH_AES_256_CBC_SHA";
350 break;
351 /* SSL version 2.0 */
352 case SSL_RSA_WITH_RC2_CBC_MD5:
353 return "SSL_RSA_WITH_RC2_CBC_MD5";
354 break;
355 case SSL_RSA_WITH_IDEA_CBC_MD5:
356 return "SSL_RSA_WITH_IDEA_CBC_MD5";
357 break;
358 case SSL_RSA_WITH_DES_CBC_MD5:
359 return "SSL_RSA_WITH_DES_CBC_MD5";
360 break;
361 case SSL_RSA_WITH_3DES_EDE_CBC_MD5:
362 return "SSL_RSA_WITH_3DES_EDE_CBC_MD5";
363 break;
364 }
365 return "SSL_NULL_WITH_NULL_NULL";
366 }
367
TLSCipherNameForNumber(SSLCipherSuite cipher)368 CF_INLINE const char *TLSCipherNameForNumber(SSLCipherSuite cipher)
369 {
370 switch(cipher) {
371 /* TLS 1.0 with AES (RFC 3268) */
372 case TLS_RSA_WITH_AES_128_CBC_SHA:
373 return "TLS_RSA_WITH_AES_128_CBC_SHA";
374 break;
375 case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
376 return "TLS_DH_DSS_WITH_AES_128_CBC_SHA";
377 break;
378 case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
379 return "TLS_DH_RSA_WITH_AES_128_CBC_SHA";
380 break;
381 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
382 return "TLS_DHE_DSS_WITH_AES_128_CBC_SHA";
383 break;
384 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
385 return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
386 break;
387 case TLS_DH_anon_WITH_AES_128_CBC_SHA:
388 return "TLS_DH_anon_WITH_AES_128_CBC_SHA";
389 break;
390 case TLS_RSA_WITH_AES_256_CBC_SHA:
391 return "TLS_RSA_WITH_AES_256_CBC_SHA";
392 break;
393 case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
394 return "TLS_DH_DSS_WITH_AES_256_CBC_SHA";
395 break;
396 case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
397 return "TLS_DH_RSA_WITH_AES_256_CBC_SHA";
398 break;
399 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
400 return "TLS_DHE_DSS_WITH_AES_256_CBC_SHA";
401 break;
402 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
403 return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
404 break;
405 case TLS_DH_anon_WITH_AES_256_CBC_SHA:
406 return "TLS_DH_anon_WITH_AES_256_CBC_SHA";
407 break;
408 #if CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS
409 /* TLS 1.0 with ECDSA (RFC 4492) */
410 case TLS_ECDH_ECDSA_WITH_NULL_SHA:
411 return "TLS_ECDH_ECDSA_WITH_NULL_SHA";
412 break;
413 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
414 return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA";
415 break;
416 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
417 return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA";
418 break;
419 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
420 return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA";
421 break;
422 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
423 return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA";
424 break;
425 case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
426 return "TLS_ECDHE_ECDSA_WITH_NULL_SHA";
427 break;
428 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
429 return "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA";
430 break;
431 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
432 return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
433 break;
434 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
435 return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
436 break;
437 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
438 return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
439 break;
440 case TLS_ECDH_RSA_WITH_NULL_SHA:
441 return "TLS_ECDH_RSA_WITH_NULL_SHA";
442 break;
443 case TLS_ECDH_RSA_WITH_RC4_128_SHA:
444 return "TLS_ECDH_RSA_WITH_RC4_128_SHA";
445 break;
446 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
447 return "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
448 break;
449 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
450 return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA";
451 break;
452 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
453 return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA";
454 break;
455 case TLS_ECDHE_RSA_WITH_NULL_SHA:
456 return "TLS_ECDHE_RSA_WITH_NULL_SHA";
457 break;
458 case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
459 return "TLS_ECDHE_RSA_WITH_RC4_128_SHA";
460 break;
461 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
462 return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
463 break;
464 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
465 return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
466 break;
467 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
468 return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
469 break;
470 case TLS_ECDH_anon_WITH_NULL_SHA:
471 return "TLS_ECDH_anon_WITH_NULL_SHA";
472 break;
473 case TLS_ECDH_anon_WITH_RC4_128_SHA:
474 return "TLS_ECDH_anon_WITH_RC4_128_SHA";
475 break;
476 case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:
477 return "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA";
478 break;
479 case TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
480 return "TLS_ECDH_anon_WITH_AES_128_CBC_SHA";
481 break;
482 case TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
483 return "TLS_ECDH_anon_WITH_AES_256_CBC_SHA";
484 break;
485 #endif /* CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS */
486 #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
487 /* TLS 1.2 (RFC 5246) */
488 case TLS_RSA_WITH_NULL_MD5:
489 return "TLS_RSA_WITH_NULL_MD5";
490 break;
491 case TLS_RSA_WITH_NULL_SHA:
492 return "TLS_RSA_WITH_NULL_SHA";
493 break;
494 case TLS_RSA_WITH_RC4_128_MD5:
495 return "TLS_RSA_WITH_RC4_128_MD5";
496 break;
497 case TLS_RSA_WITH_RC4_128_SHA:
498 return "TLS_RSA_WITH_RC4_128_SHA";
499 break;
500 case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
501 return "TLS_RSA_WITH_3DES_EDE_CBC_SHA";
502 break;
503 case TLS_RSA_WITH_NULL_SHA256:
504 return "TLS_RSA_WITH_NULL_SHA256";
505 break;
506 case TLS_RSA_WITH_AES_128_CBC_SHA256:
507 return "TLS_RSA_WITH_AES_128_CBC_SHA256";
508 break;
509 case TLS_RSA_WITH_AES_256_CBC_SHA256:
510 return "TLS_RSA_WITH_AES_256_CBC_SHA256";
511 break;
512 case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
513 return "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA";
514 break;
515 case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
516 return "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA";
517 break;
518 case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
519 return "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA";
520 break;
521 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
522 return "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
523 break;
524 case TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
525 return "TLS_DH_DSS_WITH_AES_128_CBC_SHA256";
526 break;
527 case TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
528 return "TLS_DH_RSA_WITH_AES_128_CBC_SHA256";
529 break;
530 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
531 return "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256";
532 break;
533 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
534 return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
535 break;
536 case TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
537 return "TLS_DH_DSS_WITH_AES_256_CBC_SHA256";
538 break;
539 case TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
540 return "TLS_DH_RSA_WITH_AES_256_CBC_SHA256";
541 break;
542 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
543 return "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256";
544 break;
545 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
546 return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
547 break;
548 case TLS_DH_anon_WITH_RC4_128_MD5:
549 return "TLS_DH_anon_WITH_RC4_128_MD5";
550 break;
551 case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
552 return "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA";
553 break;
554 case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
555 return "TLS_DH_anon_WITH_AES_128_CBC_SHA256";
556 break;
557 case TLS_DH_anon_WITH_AES_256_CBC_SHA256:
558 return "TLS_DH_anon_WITH_AES_256_CBC_SHA256";
559 break;
560 /* TLS 1.2 with AES GCM (RFC 5288) */
561 case TLS_RSA_WITH_AES_128_GCM_SHA256:
562 return "TLS_RSA_WITH_AES_128_GCM_SHA256";
563 break;
564 case TLS_RSA_WITH_AES_256_GCM_SHA384:
565 return "TLS_RSA_WITH_AES_256_GCM_SHA384";
566 break;
567 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
568 return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
569 break;
570 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
571 return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
572 break;
573 case TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
574 return "TLS_DH_RSA_WITH_AES_128_GCM_SHA256";
575 break;
576 case TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
577 return "TLS_DH_RSA_WITH_AES_256_GCM_SHA384";
578 break;
579 case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
580 return "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256";
581 break;
582 case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
583 return "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384";
584 break;
585 case TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
586 return "TLS_DH_DSS_WITH_AES_128_GCM_SHA256";
587 break;
588 case TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
589 return "TLS_DH_DSS_WITH_AES_256_GCM_SHA384";
590 break;
591 case TLS_DH_anon_WITH_AES_128_GCM_SHA256:
592 return "TLS_DH_anon_WITH_AES_128_GCM_SHA256";
593 break;
594 case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
595 return "TLS_DH_anon_WITH_AES_256_GCM_SHA384";
596 break;
597 /* TLS 1.2 with elliptic curve ciphers (RFC 5289) */
598 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
599 return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
600 break;
601 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
602 return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
603 break;
604 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
605 return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
606 break;
607 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
608 return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
609 break;
610 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
611 return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
612 break;
613 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
614 return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
615 break;
616 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
617 return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
618 break;
619 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
620 return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
621 break;
622 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
623 return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
624 break;
625 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
626 return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
627 break;
628 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
629 return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
630 break;
631 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
632 return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
633 break;
634 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
635 return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
636 break;
637 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
638 return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
639 break;
640 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
641 return "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
642 break;
643 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
644 return "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
645 break;
646 case TLS_EMPTY_RENEGOTIATION_INFO_SCSV:
647 return "TLS_EMPTY_RENEGOTIATION_INFO_SCSV";
648 break;
649 #else
650 case SSL_RSA_WITH_NULL_MD5:
651 return "TLS_RSA_WITH_NULL_MD5";
652 break;
653 case SSL_RSA_WITH_NULL_SHA:
654 return "TLS_RSA_WITH_NULL_SHA";
655 break;
656 case SSL_RSA_WITH_RC4_128_MD5:
657 return "TLS_RSA_WITH_RC4_128_MD5";
658 break;
659 case SSL_RSA_WITH_RC4_128_SHA:
660 return "TLS_RSA_WITH_RC4_128_SHA";
661 break;
662 case SSL_RSA_WITH_3DES_EDE_CBC_SHA:
663 return "TLS_RSA_WITH_3DES_EDE_CBC_SHA";
664 break;
665 case SSL_DH_anon_WITH_RC4_128_MD5:
666 return "TLS_DH_anon_WITH_RC4_128_MD5";
667 break;
668 case SSL_DH_anon_WITH_3DES_EDE_CBC_SHA:
669 return "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA";
670 break;
671 #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
672 #if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7
673 /* TLS PSK (RFC 4279): */
674 case TLS_PSK_WITH_RC4_128_SHA:
675 return "TLS_PSK_WITH_RC4_128_SHA";
676 break;
677 case TLS_PSK_WITH_3DES_EDE_CBC_SHA:
678 return "TLS_PSK_WITH_3DES_EDE_CBC_SHA";
679 break;
680 case TLS_PSK_WITH_AES_128_CBC_SHA:
681 return "TLS_PSK_WITH_AES_128_CBC_SHA";
682 break;
683 case TLS_PSK_WITH_AES_256_CBC_SHA:
684 return "TLS_PSK_WITH_AES_256_CBC_SHA";
685 break;
686 case TLS_DHE_PSK_WITH_RC4_128_SHA:
687 return "TLS_DHE_PSK_WITH_RC4_128_SHA";
688 break;
689 case TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA:
690 return "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA";
691 break;
692 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA:
693 return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA";
694 break;
695 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA:
696 return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA";
697 break;
698 case TLS_RSA_PSK_WITH_RC4_128_SHA:
699 return "TLS_RSA_PSK_WITH_RC4_128_SHA";
700 break;
701 case TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA:
702 return "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA";
703 break;
704 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA:
705 return "TLS_RSA_PSK_WITH_AES_128_CBC_SHA";
706 break;
707 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA:
708 return "TLS_RSA_PSK_WITH_AES_256_CBC_SHA";
709 break;
710 /* More TLS PSK (RFC 4785): */
711 case TLS_PSK_WITH_NULL_SHA:
712 return "TLS_PSK_WITH_NULL_SHA";
713 break;
714 case TLS_DHE_PSK_WITH_NULL_SHA:
715 return "TLS_DHE_PSK_WITH_NULL_SHA";
716 break;
717 case TLS_RSA_PSK_WITH_NULL_SHA:
718 return "TLS_RSA_PSK_WITH_NULL_SHA";
719 break;
720 /* Even more TLS PSK (RFC 5487): */
721 case TLS_PSK_WITH_AES_128_GCM_SHA256:
722 return "TLS_PSK_WITH_AES_128_GCM_SHA256";
723 break;
724 case TLS_PSK_WITH_AES_256_GCM_SHA384:
725 return "TLS_PSK_WITH_AES_256_GCM_SHA384";
726 break;
727 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
728 return "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
729 break;
730 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
731 return "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
732 break;
733 case TLS_RSA_PSK_WITH_AES_128_GCM_SHA256:
734 return "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256";
735 break;
736 case TLS_RSA_PSK_WITH_AES_256_GCM_SHA384:
737 return "TLS_PSK_WITH_AES_256_GCM_SHA384";
738 break;
739 case TLS_PSK_WITH_AES_128_CBC_SHA256:
740 return "TLS_PSK_WITH_AES_128_CBC_SHA256";
741 break;
742 case TLS_PSK_WITH_AES_256_CBC_SHA384:
743 return "TLS_PSK_WITH_AES_256_CBC_SHA384";
744 break;
745 case TLS_PSK_WITH_NULL_SHA256:
746 return "TLS_PSK_WITH_NULL_SHA256";
747 break;
748 case TLS_PSK_WITH_NULL_SHA384:
749 return "TLS_PSK_WITH_NULL_SHA384";
750 break;
751 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256:
752 return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
753 break;
754 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:
755 return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
756 break;
757 case TLS_DHE_PSK_WITH_NULL_SHA256:
758 return "TLS_DHE_PSK_WITH_NULL_SHA256";
759 break;
760 case TLS_DHE_PSK_WITH_NULL_SHA384:
761 return "TLS_RSA_PSK_WITH_NULL_SHA384";
762 break;
763 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA256:
764 return "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256";
765 break;
766 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA384:
767 return "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384";
768 break;
769 case TLS_RSA_PSK_WITH_NULL_SHA256:
770 return "TLS_RSA_PSK_WITH_NULL_SHA256";
771 break;
772 case TLS_RSA_PSK_WITH_NULL_SHA384:
773 return "TLS_RSA_PSK_WITH_NULL_SHA384";
774 break;
775 #endif /* CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 */
776 }
777 return "TLS_NULL_WITH_NULL_NULL";
778 }
779
780 #if CURL_BUILD_MAC
GetDarwinVersionNumber(int * major,int * minor)781 CF_INLINE void GetDarwinVersionNumber(int *major, int *minor)
782 {
783 int mib[2];
784 char *os_version;
785 size_t os_version_len;
786 char *os_version_major, *os_version_minor;
787 char *tok_buf;
788
789 /* Get the Darwin kernel version from the kernel using sysctl(): */
790 mib[0] = CTL_KERN;
791 mib[1] = KERN_OSRELEASE;
792 if(sysctl(mib, 2, NULL, &os_version_len, NULL, 0) == -1)
793 return;
794 os_version = malloc(os_version_len*sizeof(char));
795 if(!os_version)
796 return;
797 if(sysctl(mib, 2, os_version, &os_version_len, NULL, 0) == -1) {
798 free(os_version);
799 return;
800 }
801
802 /* Parse the version: */
803 os_version_major = strtok_r(os_version, ".", &tok_buf);
804 os_version_minor = strtok_r(NULL, ".", &tok_buf);
805 *major = atoi(os_version_major);
806 *minor = atoi(os_version_minor);
807 free(os_version);
808 }
809 #endif /* CURL_BUILD_MAC */
810
811 /* Apple provides a myriad of ways of getting information about a certificate
812 into a string. Some aren't available under iOS or newer cats. So here's
813 a unified function for getting a string describing the certificate that
814 ought to work in all cats starting with Leopard. */
CopyCertSubject(SecCertificateRef cert)815 CF_INLINE CFStringRef CopyCertSubject(SecCertificateRef cert)
816 {
817 CFStringRef server_cert_summary = CFSTR("(null)");
818
819 #if CURL_BUILD_IOS
820 /* iOS: There's only one way to do this. */
821 server_cert_summary = SecCertificateCopySubjectSummary(cert);
822 #else
823 #if CURL_BUILD_MAC_10_7
824 /* Lion & later: Get the long description if we can. */
825 if(SecCertificateCopyLongDescription != NULL)
826 server_cert_summary =
827 SecCertificateCopyLongDescription(NULL, cert, NULL);
828 else
829 #endif /* CURL_BUILD_MAC_10_7 */
830 #if CURL_BUILD_MAC_10_6
831 /* Snow Leopard: Get the certificate summary. */
832 if(SecCertificateCopySubjectSummary != NULL)
833 server_cert_summary = SecCertificateCopySubjectSummary(cert);
834 else
835 #endif /* CURL_BUILD_MAC_10_6 */
836 /* Leopard is as far back as we go... */
837 (void)SecCertificateCopyCommonName(cert, &server_cert_summary);
838 #endif /* CURL_BUILD_IOS */
839 return server_cert_summary;
840 }
841
842 #if CURL_SUPPORT_MAC_10_6
843 /* The SecKeychainSearch API was deprecated in Lion, and using it will raise
844 deprecation warnings, so let's not compile this unless it's necessary: */
CopyIdentityWithLabelOldSchool(char * label,SecIdentityRef * out_c_a_k)845 static OSStatus CopyIdentityWithLabelOldSchool(char *label,
846 SecIdentityRef *out_c_a_k)
847 {
848 OSStatus status = errSecItemNotFound;
849 SecKeychainAttributeList attr_list;
850 SecKeychainAttribute attr;
851 SecKeychainSearchRef search = NULL;
852 SecCertificateRef cert = NULL;
853
854 /* Set up the attribute list: */
855 attr_list.count = 1L;
856 attr_list.attr = &attr;
857
858 /* Set up our lone search criterion: */
859 attr.tag = kSecLabelItemAttr;
860 attr.data = label;
861 attr.length = (UInt32)strlen(label);
862
863 /* Start searching: */
864 status = SecKeychainSearchCreateFromAttributes(NULL,
865 kSecCertificateItemClass,
866 &attr_list,
867 &search);
868 if(status == noErr) {
869 status = SecKeychainSearchCopyNext(search,
870 (SecKeychainItemRef *)&cert);
871 if(status == noErr && cert) {
872 /* If we found a certificate, does it have a private key? */
873 status = SecIdentityCreateWithCertificate(NULL, cert, out_c_a_k);
874 CFRelease(cert);
875 }
876 }
877
878 if(search)
879 CFRelease(search);
880 return status;
881 }
882 #endif /* CURL_SUPPORT_MAC_10_6 */
883
CopyIdentityWithLabel(char * label,SecIdentityRef * out_cert_and_key)884 static OSStatus CopyIdentityWithLabel(char *label,
885 SecIdentityRef *out_cert_and_key)
886 {
887 OSStatus status = errSecItemNotFound;
888 CFArrayRef keys_list;
889 CFIndex keys_list_count;
890 CFIndex i;
891 CFStringRef common_name;
892
893 #if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS
894 /* SecItemCopyMatching() was introduced in iOS and Snow Leopard.
895 kSecClassIdentity was introduced in Lion. If both exist, let's use them
896 to find the certificate. */
897 if(SecItemCopyMatching != NULL && kSecClassIdentity != NULL) {
898 CFTypeRef keys[5];
899 CFTypeRef values[5];
900 CFDictionaryRef query_dict;
901 CFStringRef label_cf = CFStringCreateWithCString(NULL, label,
902 kCFStringEncodingUTF8);
903
904 /* Set up our search criteria and expected results: */
905 values[0] = kSecClassIdentity; /* we want a certificate and a key */
906 keys[0] = kSecClass;
907 values[1] = kCFBooleanTrue; /* we want a reference */
908 keys[1] = kSecReturnRef;
909 values[2] = kSecMatchLimitAll; /* kSecMatchLimitOne would be better if the
910 * label matching below worked correctly */
911 keys[2] = kSecMatchLimit;
912 /* identity searches need a SecPolicyRef in order to work */
913 values[3] = SecPolicyCreateSSL(false, NULL);
914 keys[3] = kSecMatchPolicy;
915 /* match the name of the certificate (doesn't work in macOS 10.12.1) */
916 values[4] = label_cf;
917 keys[4] = kSecAttrLabel;
918 query_dict = CFDictionaryCreate(NULL, (const void **)keys,
919 (const void **)values, 5L,
920 &kCFCopyStringDictionaryKeyCallBacks,
921 &kCFTypeDictionaryValueCallBacks);
922 CFRelease(values[3]);
923
924 /* Do we have a match? */
925 status = SecItemCopyMatching(query_dict, (CFTypeRef *) &keys_list);
926
927 /* Because kSecAttrLabel matching doesn't work with kSecClassIdentity,
928 * we need to find the correct identity ourselves */
929 if(status == noErr) {
930 keys_list_count = CFArrayGetCount(keys_list);
931 *out_cert_and_key = NULL;
932 for(i=0; i<keys_list_count; i++) {
933 OSStatus err = noErr;
934 SecCertificateRef cert = NULL;
935 *out_cert_and_key =
936 (SecIdentityRef) CFArrayGetValueAtIndex(keys_list, i);
937 err = SecIdentityCopyCertificate(*out_cert_and_key, &cert);
938 if(err == noErr) {
939 SecCertificateCopyCommonName(cert, &common_name);
940 if(CFStringCompare(common_name, label_cf, 0) == kCFCompareEqualTo) {
941 CFRelease(cert);
942 CFRelease(common_name);
943 status = noErr;
944 break;
945 }
946 CFRelease(common_name);
947 }
948 *out_cert_and_key = NULL;
949 status = 1;
950 CFRelease(cert);
951 }
952 }
953
954 CFRelease(query_dict);
955 CFRelease(label_cf);
956 }
957 else {
958 #if CURL_SUPPORT_MAC_10_6
959 /* On Leopard and Snow Leopard, fall back to SecKeychainSearch. */
960 status = CopyIdentityWithLabelOldSchool(label, out_cert_and_key);
961 #endif /* CURL_SUPPORT_MAC_10_6 */
962 }
963 #elif CURL_SUPPORT_MAC_10_6
964 /* For developers building on older cats, we have no choice but to fall back
965 to SecKeychainSearch. */
966 status = CopyIdentityWithLabelOldSchool(label, out_cert_and_key);
967 #endif /* CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS */
968 return status;
969 }
970
CopyIdentityFromPKCS12File(const char * cPath,const char * cPassword,SecIdentityRef * out_cert_and_key)971 static OSStatus CopyIdentityFromPKCS12File(const char *cPath,
972 const char *cPassword,
973 SecIdentityRef *out_cert_and_key)
974 {
975 OSStatus status = errSecItemNotFound;
976 CFURLRef pkcs_url = CFURLCreateFromFileSystemRepresentation(NULL,
977 (const UInt8 *)cPath, strlen(cPath), false);
978 CFStringRef password = cPassword ? CFStringCreateWithCString(NULL,
979 cPassword, kCFStringEncodingUTF8) : NULL;
980 CFDataRef pkcs_data = NULL;
981
982 /* We can import P12 files on iOS or OS X 10.7 or later: */
983 /* These constants are documented as having first appeared in 10.6 but they
984 raise linker errors when used on that cat for some reason. */
985 #if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS
986 if(CFURLCreateDataAndPropertiesFromResource(NULL, pkcs_url, &pkcs_data,
987 NULL, NULL, &status)) {
988 const void *cKeys[] = {kSecImportExportPassphrase};
989 const void *cValues[] = {password};
990 CFDictionaryRef options = CFDictionaryCreate(NULL, cKeys, cValues,
991 password ? 1L : 0L, NULL, NULL);
992 CFArrayRef items = NULL;
993
994 /* Here we go: */
995 status = SecPKCS12Import(pkcs_data, options, &items);
996 if(status == errSecSuccess && items && CFArrayGetCount(items)) {
997 CFDictionaryRef identity_and_trust = CFArrayGetValueAtIndex(items, 0L);
998 const void *temp_identity = CFDictionaryGetValue(identity_and_trust,
999 kSecImportItemIdentity);
1000
1001 /* Retain the identity; we don't care about any other data... */
1002 CFRetain(temp_identity);
1003 *out_cert_and_key = (SecIdentityRef)temp_identity;
1004 }
1005
1006 if(items)
1007 CFRelease(items);
1008 CFRelease(options);
1009 CFRelease(pkcs_data);
1010 }
1011 #endif /* CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS */
1012 if(password)
1013 CFRelease(password);
1014 CFRelease(pkcs_url);
1015 return status;
1016 }
1017
1018 /* This code was borrowed from nss.c, with some modifications:
1019 * Determine whether the nickname passed in is a filename that needs to
1020 * be loaded as a PEM or a regular NSS nickname.
1021 *
1022 * returns 1 for a file
1023 * returns 0 for not a file
1024 */
is_file(const char * filename)1025 CF_INLINE bool is_file(const char *filename)
1026 {
1027 struct_stat st;
1028
1029 if(filename == NULL)
1030 return false;
1031
1032 if(stat(filename, &st) == 0)
1033 return S_ISREG(st.st_mode);
1034 return false;
1035 }
1036
darwinssl_connect_step1(struct connectdata * conn,int sockindex)1037 static CURLcode darwinssl_connect_step1(struct connectdata *conn,
1038 int sockindex)
1039 {
1040 struct Curl_easy *data = conn->data;
1041 curl_socket_t sockfd = conn->sock[sockindex];
1042 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
1043 const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile);
1044 const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
1045 char * const ssl_cert = SSL_SET_OPTION(cert);
1046 const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
1047 conn->host.name;
1048 const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port;
1049 #ifdef ENABLE_IPV6
1050 struct in6_addr addr;
1051 #else
1052 struct in_addr addr;
1053 #endif /* ENABLE_IPV6 */
1054 size_t all_ciphers_count = 0UL, allowed_ciphers_count = 0UL, i;
1055 SSLCipherSuite *all_ciphers = NULL, *allowed_ciphers = NULL;
1056 OSStatus err = noErr;
1057 #if CURL_BUILD_MAC
1058 int darwinver_maj = 0, darwinver_min = 0;
1059
1060 GetDarwinVersionNumber(&darwinver_maj, &darwinver_min);
1061 #endif /* CURL_BUILD_MAC */
1062
1063 #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
1064 if(SSLCreateContext != NULL) { /* use the newer API if avaialble */
1065 if(connssl->ssl_ctx)
1066 CFRelease(connssl->ssl_ctx);
1067 connssl->ssl_ctx = SSLCreateContext(NULL, kSSLClientSide, kSSLStreamType);
1068 if(!connssl->ssl_ctx) {
1069 failf(data, "SSL: couldn't create a context!");
1070 return CURLE_OUT_OF_MEMORY;
1071 }
1072 }
1073 else {
1074 /* The old ST API does not exist under iOS, so don't compile it: */
1075 #if CURL_SUPPORT_MAC_10_8
1076 if(connssl->ssl_ctx)
1077 (void)SSLDisposeContext(connssl->ssl_ctx);
1078 err = SSLNewContext(false, &(connssl->ssl_ctx));
1079 if(err != noErr) {
1080 failf(data, "SSL: couldn't create a context: OSStatus %d", err);
1081 return CURLE_OUT_OF_MEMORY;
1082 }
1083 #endif /* CURL_SUPPORT_MAC_10_8 */
1084 }
1085 #else
1086 if(connssl->ssl_ctx)
1087 (void)SSLDisposeContext(connssl->ssl_ctx);
1088 err = SSLNewContext(false, &(connssl->ssl_ctx));
1089 if(err != noErr) {
1090 failf(data, "SSL: couldn't create a context: OSStatus %d", err);
1091 return CURLE_OUT_OF_MEMORY;
1092 }
1093 #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
1094 connssl->ssl_write_buffered_length = 0UL; /* reset buffered write length */
1095
1096 /* check to see if we've been told to use an explicit SSL/TLS version */
1097 #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
1098 if(SSLSetProtocolVersionMax != NULL) {
1099 switch(conn->ssl_config.version) {
1100 case CURL_SSLVERSION_DEFAULT:
1101 case CURL_SSLVERSION_TLSv1:
1102 (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kTLSProtocol1);
1103 (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol12);
1104 break;
1105 case CURL_SSLVERSION_TLSv1_0:
1106 (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kTLSProtocol1);
1107 (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol1);
1108 break;
1109 case CURL_SSLVERSION_TLSv1_1:
1110 (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kTLSProtocol11);
1111 (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol11);
1112 break;
1113 case CURL_SSLVERSION_TLSv1_2:
1114 (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kTLSProtocol12);
1115 (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol12);
1116 break;
1117 case CURL_SSLVERSION_TLSv1_3:
1118 failf(data, "DarwinSSL: TLS 1.3 is not yet supported");
1119 return CURLE_SSL_CONNECT_ERROR;
1120 case CURL_SSLVERSION_SSLv3:
1121 err = SSLSetProtocolVersionMin(connssl->ssl_ctx, kSSLProtocol3);
1122 if(err != noErr) {
1123 failf(data, "Your version of the OS does not support SSLv3");
1124 return CURLE_SSL_CONNECT_ERROR;
1125 }
1126 (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kSSLProtocol3);
1127 break;
1128 case CURL_SSLVERSION_SSLv2:
1129 err = SSLSetProtocolVersionMin(connssl->ssl_ctx, kSSLProtocol2);
1130 if(err != noErr) {
1131 failf(data, "Your version of the OS does not support SSLv2");
1132 return CURLE_SSL_CONNECT_ERROR;
1133 }
1134 (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kSSLProtocol2);
1135 break;
1136 default:
1137 failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
1138 return CURLE_SSL_CONNECT_ERROR;
1139 }
1140 }
1141 else {
1142 #if CURL_SUPPORT_MAC_10_8
1143 (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1144 kSSLProtocolAll,
1145 false);
1146 switch (conn->ssl_config.version) {
1147 case CURL_SSLVERSION_DEFAULT:
1148 case CURL_SSLVERSION_TLSv1:
1149 (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1150 kTLSProtocol1,
1151 true);
1152 (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1153 kTLSProtocol11,
1154 true);
1155 (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1156 kTLSProtocol12,
1157 true);
1158 break;
1159 case CURL_SSLVERSION_TLSv1_0:
1160 (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1161 kTLSProtocol1,
1162 true);
1163 break;
1164 case CURL_SSLVERSION_TLSv1_1:
1165 (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1166 kTLSProtocol11,
1167 true);
1168 break;
1169 case CURL_SSLVERSION_TLSv1_2:
1170 (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1171 kTLSProtocol12,
1172 true);
1173 break;
1174 case CURL_SSLVERSION_TLSv1_3:
1175 failf(data, "DarwinSSL: TLS 1.3 is not yet supported");
1176 return CURLE_SSL_CONNECT_ERROR;
1177 case CURL_SSLVERSION_SSLv3:
1178 err = SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1179 kSSLProtocol3,
1180 true);
1181 if(err != noErr) {
1182 failf(data, "Your version of the OS does not support SSLv3");
1183 return CURLE_SSL_CONNECT_ERROR;
1184 }
1185 break;
1186 case CURL_SSLVERSION_SSLv2:
1187 err = SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1188 kSSLProtocol2,
1189 true);
1190 if(err != noErr) {
1191 failf(data, "Your version of the OS does not support SSLv2");
1192 return CURLE_SSL_CONNECT_ERROR;
1193 }
1194 break;
1195 default:
1196 failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
1197 return CURLE_SSL_CONNECT_ERROR;
1198 }
1199 #endif /* CURL_SUPPORT_MAC_10_8 */
1200 }
1201 #else
1202 (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, kSSLProtocolAll, false);
1203 switch(conn->ssl_config.version) {
1204 case CURL_SSLVERSION_DEFAULT:
1205 case CURL_SSLVERSION_TLSv1:
1206 case CURL_SSLVERSION_TLSv1_0:
1207 (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1208 kTLSProtocol1,
1209 true);
1210 break;
1211 case CURL_SSLVERSION_TLSv1_1:
1212 failf(data, "Your version of the OS does not support TLSv1.1");
1213 return CURLE_SSL_CONNECT_ERROR;
1214 case CURL_SSLVERSION_TLSv1_2:
1215 failf(data, "Your version of the OS does not support TLSv1.2");
1216 return CURLE_SSL_CONNECT_ERROR;
1217 case CURL_SSLVERSION_TLSv1_3:
1218 failf(data, "Your version of the OS does not support TLSv1.3");
1219 return CURLE_SSL_CONNECT_ERROR;
1220 case CURL_SSLVERSION_SSLv2:
1221 err = SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1222 kSSLProtocol2,
1223 true);
1224 if(err != noErr) {
1225 failf(data, "Your version of the OS does not support SSLv2");
1226 return CURLE_SSL_CONNECT_ERROR;
1227 }
1228 break;
1229 case CURL_SSLVERSION_SSLv3:
1230 err = SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
1231 kSSLProtocol3,
1232 true);
1233 if(err != noErr) {
1234 failf(data, "Your version of the OS does not support SSLv3");
1235 return CURLE_SSL_CONNECT_ERROR;
1236 }
1237 break;
1238 default:
1239 failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
1240 return CURLE_SSL_CONNECT_ERROR;
1241 }
1242 #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
1243
1244 if(SSL_SET_OPTION(key)) {
1245 infof(data, "WARNING: SSL: CURLOPT_SSLKEY is ignored by Secure "
1246 "Transport. The private key must be in the Keychain.\n");
1247 }
1248
1249 if(ssl_cert) {
1250 SecIdentityRef cert_and_key = NULL;
1251 bool is_cert_file = is_file(ssl_cert);
1252
1253 /* User wants to authenticate with a client cert. Look for it:
1254 If we detect that this is a file on disk, then let's load it.
1255 Otherwise, assume that the user wants to use an identity loaded
1256 from the Keychain. */
1257 if(is_cert_file) {
1258 if(!SSL_SET_OPTION(cert_type))
1259 infof(data, "WARNING: SSL: Certificate type not set, assuming "
1260 "PKCS#12 format.\n");
1261 else if(strncmp(SSL_SET_OPTION(cert_type), "P12",
1262 strlen(SSL_SET_OPTION(cert_type))) != 0)
1263 infof(data, "WARNING: SSL: The Security framework only supports "
1264 "loading identities that are in PKCS#12 format.\n");
1265
1266 err = CopyIdentityFromPKCS12File(ssl_cert,
1267 SSL_SET_OPTION(key_passwd), &cert_and_key);
1268 }
1269 else
1270 err = CopyIdentityWithLabel(ssl_cert, &cert_and_key);
1271
1272 if(err == noErr) {
1273 SecCertificateRef cert = NULL;
1274 CFTypeRef certs_c[1];
1275 CFArrayRef certs;
1276
1277 /* If we found one, print it out: */
1278 err = SecIdentityCopyCertificate(cert_and_key, &cert);
1279 if(err == noErr) {
1280 CFStringRef cert_summary = CopyCertSubject(cert);
1281 char cert_summary_c[128];
1282
1283 if(cert_summary) {
1284 memset(cert_summary_c, 0, 128);
1285 if(CFStringGetCString(cert_summary,
1286 cert_summary_c,
1287 128,
1288 kCFStringEncodingUTF8)) {
1289 infof(data, "Client certificate: %s\n", cert_summary_c);
1290 }
1291 CFRelease(cert_summary);
1292 CFRelease(cert);
1293 }
1294 }
1295 certs_c[0] = cert_and_key;
1296 certs = CFArrayCreate(NULL, (const void **)certs_c, 1L,
1297 &kCFTypeArrayCallBacks);
1298 err = SSLSetCertificate(connssl->ssl_ctx, certs);
1299 if(certs)
1300 CFRelease(certs);
1301 if(err != noErr) {
1302 failf(data, "SSL: SSLSetCertificate() failed: OSStatus %d", err);
1303 return CURLE_SSL_CERTPROBLEM;
1304 }
1305 CFRelease(cert_and_key);
1306 }
1307 else {
1308 switch(err) {
1309 case errSecAuthFailed: case -25264: /* errSecPkcs12VerifyFailure */
1310 failf(data, "SSL: Incorrect password for the certificate \"%s\" "
1311 "and its private key.", ssl_cert);
1312 break;
1313 case -26275: /* errSecDecode */ case -25257: /* errSecUnknownFormat */
1314 failf(data, "SSL: Couldn't make sense of the data in the "
1315 "certificate \"%s\" and its private key.",
1316 ssl_cert);
1317 break;
1318 case -25260: /* errSecPassphraseRequired */
1319 failf(data, "SSL The certificate \"%s\" requires a password.",
1320 ssl_cert);
1321 break;
1322 case errSecItemNotFound:
1323 failf(data, "SSL: Can't find the certificate \"%s\" and its private "
1324 "key in the Keychain.", ssl_cert);
1325 break;
1326 default:
1327 failf(data, "SSL: Can't load the certificate \"%s\" and its private "
1328 "key: OSStatus %d", ssl_cert, err);
1329 break;
1330 }
1331 return CURLE_SSL_CERTPROBLEM;
1332 }
1333 }
1334
1335 /* SSL always tries to verify the peer, this only says whether it should
1336 * fail to connect if the verification fails, or if it should continue
1337 * anyway. In the latter case the result of the verification is checked with
1338 * SSL_get_verify_result() below. */
1339 #if CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS
1340 /* Snow Leopard introduced the SSLSetSessionOption() function, but due to
1341 a library bug with the way the kSSLSessionOptionBreakOnServerAuth flag
1342 works, it doesn't work as expected under Snow Leopard, Lion or
1343 Mountain Lion.
1344 So we need to call SSLSetEnableCertVerify() on those older cats in order
1345 to disable certificate validation if the user turned that off.
1346 (SecureTransport will always validate the certificate chain by
1347 default.)
1348 Note:
1349 Darwin 11.x.x is Lion (10.7)
1350 Darwin 12.x.x is Mountain Lion (10.8)
1351 Darwin 13.x.x is Mavericks (10.9)
1352 Darwin 14.x.x is Yosemite (10.10)
1353 Darwin 15.x.x is El Capitan (10.11)
1354 */
1355 #if CURL_BUILD_MAC
1356 if(SSLSetSessionOption != NULL && darwinver_maj >= 13) {
1357 #else
1358 if(SSLSetSessionOption != NULL) {
1359 #endif /* CURL_BUILD_MAC */
1360 bool break_on_auth = !conn->ssl_config.verifypeer || ssl_cafile;
1361 err = SSLSetSessionOption(connssl->ssl_ctx,
1362 kSSLSessionOptionBreakOnServerAuth,
1363 break_on_auth);
1364 if(err != noErr) {
1365 failf(data, "SSL: SSLSetSessionOption() failed: OSStatus %d", err);
1366 return CURLE_SSL_CONNECT_ERROR;
1367 }
1368 }
1369 else {
1370 #if CURL_SUPPORT_MAC_10_8
1371 err = SSLSetEnableCertVerify(connssl->ssl_ctx,
1372 conn->ssl_config.verifypeer?true:false);
1373 if(err != noErr) {
1374 failf(data, "SSL: SSLSetEnableCertVerify() failed: OSStatus %d", err);
1375 return CURLE_SSL_CONNECT_ERROR;
1376 }
1377 #endif /* CURL_SUPPORT_MAC_10_8 */
1378 }
1379 #else
1380 err = SSLSetEnableCertVerify(connssl->ssl_ctx,
1381 conn->ssl_config.verifypeer?true:false);
1382 if(err != noErr) {
1383 failf(data, "SSL: SSLSetEnableCertVerify() failed: OSStatus %d", err);
1384 return CURLE_SSL_CONNECT_ERROR;
1385 }
1386 #endif /* CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS */
1387
1388 if(ssl_cafile) {
1389 bool is_cert_file = is_file(ssl_cafile);
1390
1391 if(!is_cert_file) {
1392 failf(data, "SSL: can't load CA certificate file %s", ssl_cafile);
1393 return CURLE_SSL_CACERT_BADFILE;
1394 }
1395 if(!verifypeer) {
1396 failf(data, "SSL: CA certificate set, but certificate verification "
1397 "is disabled");
1398 return CURLE_SSL_CONNECT_ERROR;
1399 }
1400 }
1401
1402 /* Configure hostname check. SNI is used if available.
1403 * Both hostname check and SNI require SSLSetPeerDomainName().
1404 * Also: the verifyhost setting influences SNI usage */
1405 if(conn->ssl_config.verifyhost) {
1406 err = SSLSetPeerDomainName(connssl->ssl_ctx, hostname,
1407 strlen(hostname));
1408
1409 if(err != noErr) {
1410 infof(data, "WARNING: SSL: SSLSetPeerDomainName() failed: OSStatus %d\n",
1411 err);
1412 }
1413
1414 if((Curl_inet_pton(AF_INET, hostname, &addr))
1415 #ifdef ENABLE_IPV6
1416 || (Curl_inet_pton(AF_INET6, hostname, &addr))
1417 #endif
1418 ) {
1419 infof(data, "WARNING: using IP address, SNI is being disabled by "
1420 "the OS.\n");
1421 }
1422 }
1423
1424 /* Disable cipher suites that ST supports but are not safe. These ciphers
1425 are unlikely to be used in any case since ST gives other ciphers a much
1426 higher priority, but it's probably better that we not connect at all than
1427 to give the user a false sense of security if the server only supports
1428 insecure ciphers. (Note: We don't care about SSLv2-only ciphers.) */
1429 (void)SSLGetNumberSupportedCiphers(connssl->ssl_ctx, &all_ciphers_count);
1430 all_ciphers = malloc(all_ciphers_count*sizeof(SSLCipherSuite));
1431 allowed_ciphers = malloc(all_ciphers_count*sizeof(SSLCipherSuite));
1432 if(all_ciphers && allowed_ciphers &&
1433 SSLGetSupportedCiphers(connssl->ssl_ctx, all_ciphers,
1434 &all_ciphers_count) == noErr) {
1435 for(i = 0UL ; i < all_ciphers_count ; i++) {
1436 #if CURL_BUILD_MAC
1437 /* There's a known bug in early versions of Mountain Lion where ST's ECC
1438 ciphers (cipher suite 0xC001 through 0xC032) simply do not work.
1439 Work around the problem here by disabling those ciphers if we are
1440 running in an affected version of OS X. */
1441 if(darwinver_maj == 12 && darwinver_min <= 3 &&
1442 all_ciphers[i] >= 0xC001 && all_ciphers[i] <= 0xC032) {
1443 continue;
1444 }
1445 #endif /* CURL_BUILD_MAC */
1446 switch(all_ciphers[i]) {
1447 /* Disable NULL ciphersuites: */
1448 case SSL_NULL_WITH_NULL_NULL:
1449 case SSL_RSA_WITH_NULL_MD5:
1450 case SSL_RSA_WITH_NULL_SHA:
1451 case 0x003B: /* TLS_RSA_WITH_NULL_SHA256 */
1452 case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
1453 case 0xC001: /* TLS_ECDH_ECDSA_WITH_NULL_SHA */
1454 case 0xC006: /* TLS_ECDHE_ECDSA_WITH_NULL_SHA */
1455 case 0xC00B: /* TLS_ECDH_RSA_WITH_NULL_SHA */
1456 case 0xC010: /* TLS_ECDHE_RSA_WITH_NULL_SHA */
1457 case 0x002C: /* TLS_PSK_WITH_NULL_SHA */
1458 case 0x002D: /* TLS_DHE_PSK_WITH_NULL_SHA */
1459 case 0x002E: /* TLS_RSA_PSK_WITH_NULL_SHA */
1460 case 0x00B0: /* TLS_PSK_WITH_NULL_SHA256 */
1461 case 0x00B1: /* TLS_PSK_WITH_NULL_SHA384 */
1462 case 0x00B4: /* TLS_DHE_PSK_WITH_NULL_SHA256 */
1463 case 0x00B5: /* TLS_DHE_PSK_WITH_NULL_SHA384 */
1464 case 0x00B8: /* TLS_RSA_PSK_WITH_NULL_SHA256 */
1465 case 0x00B9: /* TLS_RSA_PSK_WITH_NULL_SHA384 */
1466 /* Disable anonymous ciphersuites: */
1467 case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5:
1468 case SSL_DH_anon_WITH_RC4_128_MD5:
1469 case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
1470 case SSL_DH_anon_WITH_DES_CBC_SHA:
1471 case SSL_DH_anon_WITH_3DES_EDE_CBC_SHA:
1472 case TLS_DH_anon_WITH_AES_128_CBC_SHA:
1473 case TLS_DH_anon_WITH_AES_256_CBC_SHA:
1474 case 0xC015: /* TLS_ECDH_anon_WITH_NULL_SHA */
1475 case 0xC016: /* TLS_ECDH_anon_WITH_RC4_128_SHA */
1476 case 0xC017: /* TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA */
1477 case 0xC018: /* TLS_ECDH_anon_WITH_AES_128_CBC_SHA */
1478 case 0xC019: /* TLS_ECDH_anon_WITH_AES_256_CBC_SHA */
1479 case 0x006C: /* TLS_DH_anon_WITH_AES_128_CBC_SHA256 */
1480 case 0x006D: /* TLS_DH_anon_WITH_AES_256_CBC_SHA256 */
1481 case 0x00A6: /* TLS_DH_anon_WITH_AES_128_GCM_SHA256 */
1482 case 0x00A7: /* TLS_DH_anon_WITH_AES_256_GCM_SHA384 */
1483 /* Disable weak key ciphersuites: */
1484 case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
1485 case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
1486 case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:
1487 case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:
1488 case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:
1489 case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
1490 case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
1491 case SSL_RSA_WITH_DES_CBC_SHA:
1492 case SSL_DH_DSS_WITH_DES_CBC_SHA:
1493 case SSL_DH_RSA_WITH_DES_CBC_SHA:
1494 case SSL_DHE_DSS_WITH_DES_CBC_SHA:
1495 case SSL_DHE_RSA_WITH_DES_CBC_SHA:
1496 /* Disable IDEA: */
1497 case SSL_RSA_WITH_IDEA_CBC_SHA:
1498 case SSL_RSA_WITH_IDEA_CBC_MD5:
1499 /* Disable RC4: */
1500 case SSL_RSA_WITH_RC4_128_MD5:
1501 case SSL_RSA_WITH_RC4_128_SHA:
1502 case 0xC002: /* TLS_ECDH_ECDSA_WITH_RC4_128_SHA */
1503 case 0xC007: /* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA*/
1504 case 0xC00C: /* TLS_ECDH_RSA_WITH_RC4_128_SHA */
1505 case 0xC011: /* TLS_ECDHE_RSA_WITH_RC4_128_SHA */
1506 case 0x008A: /* TLS_PSK_WITH_RC4_128_SHA */
1507 case 0x008E: /* TLS_DHE_PSK_WITH_RC4_128_SHA */
1508 case 0x0092: /* TLS_RSA_PSK_WITH_RC4_128_SHA */
1509 break;
1510 default: /* enable everything else */
1511 allowed_ciphers[allowed_ciphers_count++] = all_ciphers[i];
1512 break;
1513 }
1514 }
1515 err = SSLSetEnabledCiphers(connssl->ssl_ctx, allowed_ciphers,
1516 allowed_ciphers_count);
1517 if(err != noErr) {
1518 failf(data, "SSL: SSLSetEnabledCiphers() failed: OSStatus %d", err);
1519 return CURLE_SSL_CONNECT_ERROR;
1520 }
1521 }
1522 else {
1523 Curl_safefree(all_ciphers);
1524 Curl_safefree(allowed_ciphers);
1525 failf(data, "SSL: Failed to allocate memory for allowed ciphers");
1526 return CURLE_OUT_OF_MEMORY;
1527 }
1528 Curl_safefree(all_ciphers);
1529 Curl_safefree(allowed_ciphers);
1530
1531 #if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7
1532 /* We want to enable 1/n-1 when using a CBC cipher unless the user
1533 specifically doesn't want us doing that: */
1534 if(SSLSetSessionOption != NULL) {
1535 /* TODO s/data->set.ssl.enable_beast/SSL_SET_OPTION(enable_beast)/g */
1536 SSLSetSessionOption(connssl->ssl_ctx, kSSLSessionOptionSendOneByteRecord,
1537 !data->set.ssl.enable_beast);
1538 SSLSetSessionOption(connssl->ssl_ctx, kSSLSessionOptionFalseStart,
1539 data->set.ssl.falsestart); /* false start support */
1540 }
1541 #endif /* CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 */
1542
1543 /* Check if there's a cached ID we can/should use here! */
1544 if(data->set.general_ssl.sessionid) {
1545 char *ssl_sessionid;
1546 size_t ssl_sessionid_len;
1547
1548 Curl_ssl_sessionid_lock(conn);
1549 if(!Curl_ssl_getsessionid(conn, (void **)&ssl_sessionid,
1550 &ssl_sessionid_len, sockindex)) {
1551 /* we got a session id, use it! */
1552 err = SSLSetPeerID(connssl->ssl_ctx, ssl_sessionid, ssl_sessionid_len);
1553 Curl_ssl_sessionid_unlock(conn);
1554 if(err != noErr) {
1555 failf(data, "SSL: SSLSetPeerID() failed: OSStatus %d", err);
1556 return CURLE_SSL_CONNECT_ERROR;
1557 }
1558 /* Informational message */
1559 infof(data, "SSL re-using session ID\n");
1560 }
1561 /* If there isn't one, then let's make one up! This has to be done prior
1562 to starting the handshake. */
1563 else {
1564 CURLcode result;
1565 ssl_sessionid =
1566 aprintf("%s:%d:%d:%s:%hu", ssl_cafile,
1567 verifypeer, SSL_CONN_CONFIG(verifyhost), hostname, port);
1568 ssl_sessionid_len = strlen(ssl_sessionid);
1569
1570 err = SSLSetPeerID(connssl->ssl_ctx, ssl_sessionid, ssl_sessionid_len);
1571 if(err != noErr) {
1572 Curl_ssl_sessionid_unlock(conn);
1573 failf(data, "SSL: SSLSetPeerID() failed: OSStatus %d", err);
1574 return CURLE_SSL_CONNECT_ERROR;
1575 }
1576
1577 result = Curl_ssl_addsessionid(conn, ssl_sessionid, ssl_sessionid_len,
1578 sockindex);
1579 Curl_ssl_sessionid_unlock(conn);
1580 if(result) {
1581 failf(data, "failed to store ssl session");
1582 return result;
1583 }
1584 }
1585 }
1586
1587 err = SSLSetIOFuncs(connssl->ssl_ctx, SocketRead, SocketWrite);
1588 if(err != noErr) {
1589 failf(data, "SSL: SSLSetIOFuncs() failed: OSStatus %d", err);
1590 return CURLE_SSL_CONNECT_ERROR;
1591 }
1592
1593 /* pass the raw socket into the SSL layers */
1594 /* We need to store the FD in a constant memory address, because
1595 * SSLSetConnection() will not copy that address. I've found that
1596 * conn->sock[sockindex] may change on its own. */
1597 connssl->ssl_sockfd = sockfd;
1598 err = SSLSetConnection(connssl->ssl_ctx, connssl);
1599 if(err != noErr) {
1600 failf(data, "SSL: SSLSetConnection() failed: %d", err);
1601 return CURLE_SSL_CONNECT_ERROR;
1602 }
1603
1604 connssl->connecting_state = ssl_connect_2;
1605 return CURLE_OK;
1606 }
1607
1608 static long pem_to_der(const char *in, unsigned char **out, size_t *outlen)
1609 {
1610 char *sep_start, *sep_end, *cert_start, *cert_end;
1611 size_t i, j, err;
1612 size_t len;
1613 unsigned char *b64;
1614
1615 /* Jump through the separators at the beginning of the certificate. */
1616 sep_start = strstr(in, "-----");
1617 if(sep_start == NULL)
1618 return 0;
1619 cert_start = strstr(sep_start + 1, "-----");
1620 if(cert_start == NULL)
1621 return -1;
1622
1623 cert_start += 5;
1624
1625 /* Find separator after the end of the certificate. */
1626 cert_end = strstr(cert_start, "-----");
1627 if(cert_end == NULL)
1628 return -1;
1629
1630 sep_end = strstr(cert_end + 1, "-----");
1631 if(sep_end == NULL)
1632 return -1;
1633 sep_end += 5;
1634
1635 len = cert_end - cert_start;
1636 b64 = malloc(len + 1);
1637 if(!b64)
1638 return -1;
1639
1640 /* Create base64 string without linefeeds. */
1641 for(i = 0, j = 0; i < len; i++) {
1642 if(cert_start[i] != '\r' && cert_start[i] != '\n')
1643 b64[j++] = cert_start[i];
1644 }
1645 b64[j] = '\0';
1646
1647 err = Curl_base64_decode((const char *)b64, out, outlen);
1648 free(b64);
1649 if(err) {
1650 free(*out);
1651 return -1;
1652 }
1653
1654 return sep_end - in;
1655 }
1656
1657 static int read_cert(const char *file, unsigned char **out, size_t *outlen)
1658 {
1659 int fd;
1660 ssize_t n, len = 0, cap = 512;
1661 unsigned char buf[cap], *data;
1662
1663 fd = open(file, 0);
1664 if(fd < 0)
1665 return -1;
1666
1667 data = malloc(cap);
1668 if(!data) {
1669 close(fd);
1670 return -1;
1671 }
1672
1673 for(;;) {
1674 n = read(fd, buf, sizeof(buf));
1675 if(n < 0) {
1676 close(fd);
1677 free(data);
1678 return -1;
1679 }
1680 else if(n == 0) {
1681 close(fd);
1682 break;
1683 }
1684
1685 if(len + n >= cap) {
1686 cap *= 2;
1687 data = realloc(data, cap);
1688 if(!data) {
1689 close(fd);
1690 return -1;
1691 }
1692 }
1693
1694 memcpy(data + len, buf, n);
1695 len += n;
1696 }
1697 data[len] = '\0';
1698
1699 *out = data;
1700 *outlen = len;
1701
1702 return 0;
1703 }
1704
1705 static int sslerr_to_curlerr(struct Curl_easy *data, int err)
1706 {
1707 switch(err) {
1708 case errSSLXCertChainInvalid:
1709 failf(data, "SSL certificate problem: Invalid certificate chain");
1710 return CURLE_SSL_CACERT;
1711 case errSSLUnknownRootCert:
1712 failf(data, "SSL certificate problem: Untrusted root certificate");
1713 return CURLE_SSL_CACERT;
1714 case errSSLNoRootCert:
1715 failf(data, "SSL certificate problem: No root certificate");
1716 return CURLE_SSL_CACERT;
1717 case errSSLCertExpired:
1718 failf(data, "SSL certificate problem: Certificate chain had an "
1719 "expired certificate");
1720 return CURLE_SSL_CACERT;
1721 case errSSLBadCert:
1722 failf(data, "SSL certificate problem: Couldn't understand the server "
1723 "certificate format");
1724 return CURLE_SSL_CONNECT_ERROR;
1725 case errSSLHostNameMismatch:
1726 failf(data, "SSL certificate peer hostname mismatch");
1727 return CURLE_PEER_FAILED_VERIFICATION;
1728 default:
1729 failf(data, "SSL unexpected certificate error %d", err);
1730 return CURLE_SSL_CACERT;
1731 }
1732 }
1733
1734 static int append_cert_to_array(struct Curl_easy *data,
1735 unsigned char *buf, size_t buflen,
1736 CFMutableArrayRef array)
1737 {
1738 CFDataRef certdata = CFDataCreate(kCFAllocatorDefault, buf, buflen);
1739 if(!certdata) {
1740 failf(data, "SSL: failed to allocate array for CA certificate");
1741 return CURLE_OUT_OF_MEMORY;
1742 }
1743
1744 SecCertificateRef cacert =
1745 SecCertificateCreateWithData(kCFAllocatorDefault, certdata);
1746 CFRelease(certdata);
1747 if(!cacert) {
1748 failf(data, "SSL: failed to create SecCertificate from CA certificate");
1749 return CURLE_SSL_CACERT;
1750 }
1751
1752 /* Check if cacert is valid. */
1753 CFStringRef subject = CopyCertSubject(cacert);
1754 if(subject) {
1755 char subject_cbuf[128];
1756 memset(subject_cbuf, 0, 128);
1757 if(!CFStringGetCString(subject,
1758 subject_cbuf,
1759 128,
1760 kCFStringEncodingUTF8)) {
1761 CFRelease(cacert);
1762 failf(data, "SSL: invalid CA certificate subject");
1763 return CURLE_SSL_CACERT;
1764 }
1765 CFRelease(subject);
1766 }
1767 else {
1768 CFRelease(cacert);
1769 failf(data, "SSL: invalid CA certificate");
1770 return CURLE_SSL_CACERT;
1771 }
1772
1773 CFArrayAppendValue(array, cacert);
1774 CFRelease(cacert);
1775
1776 return CURLE_OK;
1777 }
1778
1779 static int verify_cert(const char *cafile, struct Curl_easy *data,
1780 SSLContextRef ctx)
1781 {
1782 int n = 0, rc;
1783 long res;
1784 unsigned char *certbuf, *der;
1785 size_t buflen, derlen, offset = 0;
1786
1787 if(read_cert(cafile, &certbuf, &buflen) < 0) {
1788 failf(data, "SSL: failed to read or invalid CA certificate");
1789 return CURLE_SSL_CACERT;
1790 }
1791
1792 /*
1793 * Certbuf now contains the contents of the certificate file, which can be
1794 * - a single DER certificate,
1795 * - a single PEM certificate or
1796 * - a bunch of PEM certificates (certificate bundle).
1797 *
1798 * Go through certbuf, and convert any PEM certificate in it into DER
1799 * format.
1800 */
1801 CFMutableArrayRef array = CFArrayCreateMutable(kCFAllocatorDefault, 0,
1802 &kCFTypeArrayCallBacks);
1803 if(array == NULL) {
1804 free(certbuf);
1805 failf(data, "SSL: out of memory creating CA certificate array");
1806 return CURLE_OUT_OF_MEMORY;
1807 }
1808
1809 while(offset < buflen) {
1810 n++;
1811
1812 /*
1813 * Check if the certificate is in PEM format, and convert it to DER. If
1814 * this fails, we assume the certificate is in DER format.
1815 */
1816 res = pem_to_der((const char *)certbuf + offset, &der, &derlen);
1817 if(res < 0) {
1818 free(certbuf);
1819 CFRelease(array);
1820 failf(data, "SSL: invalid CA certificate #%d (offset %d) in bundle",
1821 n, offset);
1822 return CURLE_SSL_CACERT;
1823 }
1824 offset += res;
1825
1826 if(res == 0 && offset == 0) {
1827 /* This is not a PEM file, probably a certificate in DER format. */
1828 rc = append_cert_to_array(data, certbuf, buflen, array);
1829 free(certbuf);
1830 if(rc != CURLE_OK) {
1831 CFRelease(array);
1832 return rc;
1833 }
1834 break;
1835 }
1836 else if(res == 0) {
1837 /* No more certificates in the bundle. */
1838 free(certbuf);
1839 break;
1840 }
1841
1842 rc = append_cert_to_array(data, der, derlen, array);
1843 free(der);
1844 if(rc != CURLE_OK) {
1845 free(certbuf);
1846 CFRelease(array);
1847 return rc;
1848 }
1849 }
1850
1851 SecTrustRef trust;
1852 OSStatus ret = SSLCopyPeerTrust(ctx, &trust);
1853 if(trust == NULL) {
1854 failf(data, "SSL: error getting certificate chain");
1855 CFRelease(array);
1856 return CURLE_OUT_OF_MEMORY;
1857 }
1858 else if(ret != noErr) {
1859 CFRelease(array);
1860 return sslerr_to_curlerr(data, ret);
1861 }
1862
1863 ret = SecTrustSetAnchorCertificates(trust, array);
1864 if(ret != noErr) {
1865 CFRelease(trust);
1866 return sslerr_to_curlerr(data, ret);
1867 }
1868 ret = SecTrustSetAnchorCertificatesOnly(trust, true);
1869 if(ret != noErr) {
1870 CFRelease(trust);
1871 return sslerr_to_curlerr(data, ret);
1872 }
1873
1874 SecTrustResultType trust_eval = 0;
1875 ret = SecTrustEvaluate(trust, &trust_eval);
1876 CFRelease(array);
1877 CFRelease(trust);
1878 if(ret != noErr) {
1879 return sslerr_to_curlerr(data, ret);
1880 }
1881
1882 switch (trust_eval) {
1883 case kSecTrustResultUnspecified:
1884 case kSecTrustResultProceed:
1885 return CURLE_OK;
1886
1887 case kSecTrustResultRecoverableTrustFailure:
1888 case kSecTrustResultDeny:
1889 default:
1890 failf(data, "SSL: certificate verification failed (result: %d)",
1891 trust_eval);
1892 return CURLE_PEER_FAILED_VERIFICATION;
1893 }
1894 }
1895
1896 static CURLcode
1897 darwinssl_connect_step2(struct connectdata *conn, int sockindex)
1898 {
1899 struct Curl_easy *data = conn->data;
1900 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
1901 OSStatus err;
1902 SSLCipherSuite cipher;
1903 SSLProtocol protocol = 0;
1904 const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
1905 conn->host.name;
1906
1907 DEBUGASSERT(ssl_connect_2 == connssl->connecting_state
1908 || ssl_connect_2_reading == connssl->connecting_state
1909 || ssl_connect_2_writing == connssl->connecting_state);
1910
1911 /* Here goes nothing: */
1912 err = SSLHandshake(connssl->ssl_ctx);
1913
1914 if(err != noErr) {
1915 switch (err) {
1916 case errSSLWouldBlock: /* they're not done with us yet */
1917 connssl->connecting_state = connssl->ssl_direction ?
1918 ssl_connect_2_writing : ssl_connect_2_reading;
1919 return CURLE_OK;
1920
1921 /* The below is errSSLServerAuthCompleted; it's not defined in
1922 Leopard's headers */
1923 case -9841:
1924 if(SSL_CONN_CONFIG(CAfile)) {
1925 int res = verify_cert(SSL_CONN_CONFIG(CAfile), data,
1926 connssl->ssl_ctx);
1927 if(res != CURLE_OK)
1928 return res;
1929 }
1930 /* the documentation says we need to call SSLHandshake() again */
1931 return darwinssl_connect_step2(conn, sockindex);
1932
1933 /* These are all certificate problems with the server: */
1934 case errSSLXCertChainInvalid:
1935 failf(data, "SSL certificate problem: Invalid certificate chain");
1936 return CURLE_SSL_CACERT;
1937 case errSSLUnknownRootCert:
1938 failf(data, "SSL certificate problem: Untrusted root certificate");
1939 return CURLE_SSL_CACERT;
1940 case errSSLNoRootCert:
1941 failf(data, "SSL certificate problem: No root certificate");
1942 return CURLE_SSL_CACERT;
1943 case errSSLCertExpired:
1944 failf(data, "SSL certificate problem: Certificate chain had an "
1945 "expired certificate");
1946 return CURLE_SSL_CACERT;
1947 case errSSLBadCert:
1948 failf(data, "SSL certificate problem: Couldn't understand the server "
1949 "certificate format");
1950 return CURLE_SSL_CONNECT_ERROR;
1951
1952 /* These are all certificate problems with the client: */
1953 case errSecAuthFailed:
1954 failf(data, "SSL authentication failed");
1955 return CURLE_SSL_CONNECT_ERROR;
1956 case errSSLPeerHandshakeFail:
1957 failf(data, "SSL peer handshake failed, the server most likely "
1958 "requires a client certificate to connect");
1959 return CURLE_SSL_CONNECT_ERROR;
1960 case errSSLPeerUnknownCA:
1961 failf(data, "SSL server rejected the client certificate due to "
1962 "the certificate being signed by an unknown certificate "
1963 "authority");
1964 return CURLE_SSL_CONNECT_ERROR;
1965
1966 /* This error is raised if the server's cert didn't match the server's
1967 host name: */
1968 case errSSLHostNameMismatch:
1969 failf(data, "SSL certificate peer verification failed, the "
1970 "certificate did not match \"%s\"\n", conn->host.dispname);
1971 return CURLE_PEER_FAILED_VERIFICATION;
1972
1973 /* Generic handshake errors: */
1974 case errSSLConnectionRefused:
1975 failf(data, "Server dropped the connection during the SSL handshake");
1976 return CURLE_SSL_CONNECT_ERROR;
1977 case errSSLClosedAbort:
1978 failf(data, "Server aborted the SSL handshake");
1979 return CURLE_SSL_CONNECT_ERROR;
1980 case errSSLNegotiation:
1981 failf(data, "Could not negotiate an SSL cipher suite with the server");
1982 return CURLE_SSL_CONNECT_ERROR;
1983 /* Sometimes paramErr happens with buggy ciphers: */
1984 case paramErr: case errSSLInternal:
1985 failf(data, "Internal SSL engine error encountered during the "
1986 "SSL handshake");
1987 return CURLE_SSL_CONNECT_ERROR;
1988 case errSSLFatalAlert:
1989 failf(data, "Fatal SSL engine error encountered during the SSL "
1990 "handshake");
1991 return CURLE_SSL_CONNECT_ERROR;
1992 default:
1993 failf(data, "Unknown SSL protocol error in connection to %s:%d",
1994 hostname, err);
1995 return CURLE_SSL_CONNECT_ERROR;
1996 }
1997 }
1998 else {
1999 /* we have been connected fine, we're not waiting for anything else. */
2000 connssl->connecting_state = ssl_connect_3;
2001
2002 /* Informational message */
2003 (void)SSLGetNegotiatedCipher(connssl->ssl_ctx, &cipher);
2004 (void)SSLGetNegotiatedProtocolVersion(connssl->ssl_ctx, &protocol);
2005 switch (protocol) {
2006 case kSSLProtocol2:
2007 infof(data, "SSL 2.0 connection using %s\n",
2008 SSLCipherNameForNumber(cipher));
2009 break;
2010 case kSSLProtocol3:
2011 infof(data, "SSL 3.0 connection using %s\n",
2012 SSLCipherNameForNumber(cipher));
2013 break;
2014 case kTLSProtocol1:
2015 infof(data, "TLS 1.0 connection using %s\n",
2016 TLSCipherNameForNumber(cipher));
2017 break;
2018 #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
2019 case kTLSProtocol11:
2020 infof(data, "TLS 1.1 connection using %s\n",
2021 TLSCipherNameForNumber(cipher));
2022 break;
2023 case kTLSProtocol12:
2024 infof(data, "TLS 1.2 connection using %s\n",
2025 TLSCipherNameForNumber(cipher));
2026 break;
2027 #endif
2028 default:
2029 infof(data, "Unknown protocol connection\n");
2030 break;
2031 }
2032
2033 return CURLE_OK;
2034 }
2035 }
2036
2037 static CURLcode
2038 darwinssl_connect_step3(struct connectdata *conn,
2039 int sockindex)
2040 {
2041 struct Curl_easy *data = conn->data;
2042 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2043 CFStringRef server_cert_summary;
2044 char server_cert_summary_c[128];
2045 CFArrayRef server_certs = NULL;
2046 SecCertificateRef server_cert;
2047 OSStatus err;
2048 CFIndex i, count;
2049 SecTrustRef trust = NULL;
2050
2051 /* There is no step 3!
2052 * Well, okay, if verbose mode is on, let's print the details of the
2053 * server certificates. */
2054 #if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS
2055 #if CURL_BUILD_IOS
2056 #pragma unused(server_certs)
2057 err = SSLCopyPeerTrust(connssl->ssl_ctx, &trust);
2058 /* For some reason, SSLCopyPeerTrust() can return noErr and yet return
2059 a null trust, so be on guard for that: */
2060 if(err == noErr && trust) {
2061 count = SecTrustGetCertificateCount(trust);
2062 for(i = 0L ; i < count ; i++) {
2063 server_cert = SecTrustGetCertificateAtIndex(trust, i);
2064 server_cert_summary = CopyCertSubject(server_cert);
2065 memset(server_cert_summary_c, 0, 128);
2066 if(CFStringGetCString(server_cert_summary,
2067 server_cert_summary_c,
2068 128,
2069 kCFStringEncodingUTF8)) {
2070 infof(data, "Server certificate: %s\n", server_cert_summary_c);
2071 }
2072 CFRelease(server_cert_summary);
2073 }
2074 CFRelease(trust);
2075 }
2076 #else
2077 /* SSLCopyPeerCertificates() is deprecated as of Mountain Lion.
2078 The function SecTrustGetCertificateAtIndex() is officially present
2079 in Lion, but it is unfortunately also present in Snow Leopard as
2080 private API and doesn't work as expected. So we have to look for
2081 a different symbol to make sure this code is only executed under
2082 Lion or later. */
2083 if(SecTrustEvaluateAsync != NULL) {
2084 #pragma unused(server_certs)
2085 err = SSLCopyPeerTrust(connssl->ssl_ctx, &trust);
2086 /* For some reason, SSLCopyPeerTrust() can return noErr and yet return
2087 a null trust, so be on guard for that: */
2088 if(err == noErr && trust) {
2089 count = SecTrustGetCertificateCount(trust);
2090 for(i = 0L ; i < count ; i++) {
2091 server_cert = SecTrustGetCertificateAtIndex(trust, i);
2092 server_cert_summary = CopyCertSubject(server_cert);
2093 memset(server_cert_summary_c, 0, 128);
2094 if(CFStringGetCString(server_cert_summary,
2095 server_cert_summary_c,
2096 128,
2097 kCFStringEncodingUTF8)) {
2098 infof(data, "Server certificate: %s\n", server_cert_summary_c);
2099 }
2100 CFRelease(server_cert_summary);
2101 }
2102 CFRelease(trust);
2103 }
2104 }
2105 else {
2106 #if CURL_SUPPORT_MAC_10_8
2107 err = SSLCopyPeerCertificates(connssl->ssl_ctx, &server_certs);
2108 /* Just in case SSLCopyPeerCertificates() returns null too... */
2109 if(err == noErr && server_certs) {
2110 count = CFArrayGetCount(server_certs);
2111 for(i = 0L ; i < count ; i++) {
2112 server_cert = (SecCertificateRef)CFArrayGetValueAtIndex(server_certs,
2113 i);
2114
2115 server_cert_summary = CopyCertSubject(server_cert);
2116 memset(server_cert_summary_c, 0, 128);
2117 if(CFStringGetCString(server_cert_summary,
2118 server_cert_summary_c,
2119 128,
2120 kCFStringEncodingUTF8)) {
2121 infof(data, "Server certificate: %s\n", server_cert_summary_c);
2122 }
2123 CFRelease(server_cert_summary);
2124 }
2125 CFRelease(server_certs);
2126 }
2127 #endif /* CURL_SUPPORT_MAC_10_8 */
2128 }
2129 #endif /* CURL_BUILD_IOS */
2130 #else
2131 #pragma unused(trust)
2132 err = SSLCopyPeerCertificates(connssl->ssl_ctx, &server_certs);
2133 if(err == noErr) {
2134 count = CFArrayGetCount(server_certs);
2135 for(i = 0L ; i < count ; i++) {
2136 server_cert = (SecCertificateRef)CFArrayGetValueAtIndex(server_certs, i);
2137 server_cert_summary = CopyCertSubject(server_cert);
2138 memset(server_cert_summary_c, 0, 128);
2139 if(CFStringGetCString(server_cert_summary,
2140 server_cert_summary_c,
2141 128,
2142 kCFStringEncodingUTF8)) {
2143 infof(data, "Server certificate: %s\n", server_cert_summary_c);
2144 }
2145 CFRelease(server_cert_summary);
2146 }
2147 CFRelease(server_certs);
2148 }
2149 #endif /* CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS */
2150
2151 connssl->connecting_state = ssl_connect_done;
2152 return CURLE_OK;
2153 }
2154
2155 static Curl_recv darwinssl_recv;
2156 static Curl_send darwinssl_send;
2157
2158 static CURLcode
2159 darwinssl_connect_common(struct connectdata *conn,
2160 int sockindex,
2161 bool nonblocking,
2162 bool *done)
2163 {
2164 CURLcode result;
2165 struct Curl_easy *data = conn->data;
2166 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2167 curl_socket_t sockfd = conn->sock[sockindex];
2168 long timeout_ms;
2169 int what;
2170
2171 /* check if the connection has already been established */
2172 if(ssl_connection_complete == connssl->state) {
2173 *done = TRUE;
2174 return CURLE_OK;
2175 }
2176
2177 if(ssl_connect_1==connssl->connecting_state) {
2178 /* Find out how much more time we're allowed */
2179 timeout_ms = Curl_timeleft(data, NULL, TRUE);
2180
2181 if(timeout_ms < 0) {
2182 /* no need to continue if time already is up */
2183 failf(data, "SSL connection timeout");
2184 return CURLE_OPERATION_TIMEDOUT;
2185 }
2186
2187 result = darwinssl_connect_step1(conn, sockindex);
2188 if(result)
2189 return result;
2190 }
2191
2192 while(ssl_connect_2 == connssl->connecting_state ||
2193 ssl_connect_2_reading == connssl->connecting_state ||
2194 ssl_connect_2_writing == connssl->connecting_state) {
2195
2196 /* check allowed time left */
2197 timeout_ms = Curl_timeleft(data, NULL, TRUE);
2198
2199 if(timeout_ms < 0) {
2200 /* no need to continue if time already is up */
2201 failf(data, "SSL connection timeout");
2202 return CURLE_OPERATION_TIMEDOUT;
2203 }
2204
2205 /* if ssl is expecting something, check if it's available. */
2206 if(connssl->connecting_state == ssl_connect_2_reading ||
2207 connssl->connecting_state == ssl_connect_2_writing) {
2208
2209 curl_socket_t writefd = ssl_connect_2_writing ==
2210 connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
2211 curl_socket_t readfd = ssl_connect_2_reading ==
2212 connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
2213
2214 what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd,
2215 nonblocking?0:timeout_ms);
2216 if(what < 0) {
2217 /* fatal error */
2218 failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
2219 return CURLE_SSL_CONNECT_ERROR;
2220 }
2221 else if(0 == what) {
2222 if(nonblocking) {
2223 *done = FALSE;
2224 return CURLE_OK;
2225 }
2226 else {
2227 /* timeout */
2228 failf(data, "SSL connection timeout");
2229 return CURLE_OPERATION_TIMEDOUT;
2230 }
2231 }
2232 /* socket is readable or writable */
2233 }
2234
2235 /* Run transaction, and return to the caller if it failed or if this
2236 * connection is done nonblocking and this loop would execute again. This
2237 * permits the owner of a multi handle to abort a connection attempt
2238 * before step2 has completed while ensuring that a client using select()
2239 * or epoll() will always have a valid fdset to wait on.
2240 */
2241 result = darwinssl_connect_step2(conn, sockindex);
2242 if(result || (nonblocking &&
2243 (ssl_connect_2 == connssl->connecting_state ||
2244 ssl_connect_2_reading == connssl->connecting_state ||
2245 ssl_connect_2_writing == connssl->connecting_state)))
2246 return result;
2247
2248 } /* repeat step2 until all transactions are done. */
2249
2250
2251 if(ssl_connect_3 == connssl->connecting_state) {
2252 result = darwinssl_connect_step3(conn, sockindex);
2253 if(result)
2254 return result;
2255 }
2256
2257 if(ssl_connect_done == connssl->connecting_state) {
2258 connssl->state = ssl_connection_complete;
2259 conn->recv[sockindex] = darwinssl_recv;
2260 conn->send[sockindex] = darwinssl_send;
2261 *done = TRUE;
2262 }
2263 else
2264 *done = FALSE;
2265
2266 /* Reset our connect state machine */
2267 connssl->connecting_state = ssl_connect_1;
2268
2269 return CURLE_OK;
2270 }
2271
2272 CURLcode
2273 Curl_darwinssl_connect_nonblocking(struct connectdata *conn,
2274 int sockindex,
2275 bool *done)
2276 {
2277 return darwinssl_connect_common(conn, sockindex, TRUE, done);
2278 }
2279
2280 CURLcode
2281 Curl_darwinssl_connect(struct connectdata *conn,
2282 int sockindex)
2283 {
2284 CURLcode result;
2285 bool done = FALSE;
2286
2287 result = darwinssl_connect_common(conn, sockindex, FALSE, &done);
2288
2289 if(result)
2290 return result;
2291
2292 DEBUGASSERT(done);
2293
2294 return CURLE_OK;
2295 }
2296
2297 void Curl_darwinssl_close(struct connectdata *conn, int sockindex)
2298 {
2299 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2300
2301 if(connssl->ssl_ctx) {
2302 (void)SSLClose(connssl->ssl_ctx);
2303 #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
2304 if(SSLCreateContext != NULL)
2305 CFRelease(connssl->ssl_ctx);
2306 #if CURL_SUPPORT_MAC_10_8
2307 else
2308 (void)SSLDisposeContext(connssl->ssl_ctx);
2309 #endif /* CURL_SUPPORT_MAC_10_8 */
2310 #else
2311 (void)SSLDisposeContext(connssl->ssl_ctx);
2312 #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
2313 connssl->ssl_ctx = NULL;
2314 }
2315 connssl->ssl_sockfd = 0;
2316 }
2317
2318 int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex)
2319 {
2320 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2321 struct Curl_easy *data = conn->data;
2322 ssize_t nread;
2323 int what;
2324 int rc;
2325 char buf[120];
2326
2327 if(!connssl->ssl_ctx)
2328 return 0;
2329
2330 if(data->set.ftp_ccc != CURLFTPSSL_CCC_ACTIVE)
2331 return 0;
2332
2333 Curl_darwinssl_close(conn, sockindex);
2334
2335 rc = 0;
2336
2337 what = SOCKET_READABLE(conn->sock[sockindex], SSL_SHUTDOWN_TIMEOUT);
2338
2339 for(;;) {
2340 if(what < 0) {
2341 /* anything that gets here is fatally bad */
2342 failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
2343 rc = -1;
2344 break;
2345 }
2346
2347 if(!what) { /* timeout */
2348 failf(data, "SSL shutdown timeout");
2349 break;
2350 }
2351
2352 /* Something to read, let's do it and hope that it is the close
2353 notify alert from the server. No way to SSL_Read now, so use read(). */
2354
2355 nread = read(conn->sock[sockindex], buf, sizeof(buf));
2356
2357 if(nread < 0) {
2358 failf(data, "read: %s", strerror(errno));
2359 rc = -1;
2360 }
2361
2362 if(nread <= 0)
2363 break;
2364
2365 what = SOCKET_READABLE(conn->sock[sockindex], 0);
2366 }
2367
2368 return rc;
2369 }
2370
2371 void Curl_darwinssl_session_free(void *ptr)
2372 {
2373 /* ST, as of iOS 5 and Mountain Lion, has no public method of deleting a
2374 cached session ID inside the Security framework. There is a private
2375 function that does this, but I don't want to have to explain to you why I
2376 got your application rejected from the App Store due to the use of a
2377 private API, so the best we can do is free up our own char array that we
2378 created way back in darwinssl_connect_step1... */
2379 Curl_safefree(ptr);
2380 }
2381
2382 size_t Curl_darwinssl_version(char *buffer, size_t size)
2383 {
2384 return snprintf(buffer, size, "SecureTransport");
2385 }
2386
2387 /*
2388 * This function uses SSLGetSessionState to determine connection status.
2389 *
2390 * Return codes:
2391 * 1 means the connection is still in place
2392 * 0 means the connection has been closed
2393 * -1 means the connection status is unknown
2394 */
2395 int Curl_darwinssl_check_cxn(struct connectdata *conn)
2396 {
2397 struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET];
2398 OSStatus err;
2399 SSLSessionState state;
2400
2401 if(connssl->ssl_ctx) {
2402 err = SSLGetSessionState(connssl->ssl_ctx, &state);
2403 if(err == noErr)
2404 return state == kSSLConnected || state == kSSLHandshake;
2405 return -1;
2406 }
2407 return 0;
2408 }
2409
2410 bool Curl_darwinssl_data_pending(const struct connectdata *conn,
2411 int connindex)
2412 {
2413 const struct ssl_connect_data *connssl = &conn->ssl[connindex];
2414 OSStatus err;
2415 size_t buffer;
2416
2417 if(connssl->ssl_ctx) { /* SSL is in use */
2418 err = SSLGetBufferedReadSize(connssl->ssl_ctx, &buffer);
2419 if(err == noErr)
2420 return buffer > 0UL;
2421 return false;
2422 }
2423 else
2424 return false;
2425 }
2426
2427 int Curl_darwinssl_random(unsigned char *entropy,
2428 size_t length)
2429 {
2430 /* arc4random_buf() isn't available on cats older than Lion, so let's
2431 do this manually for the benefit of the older cats. */
2432 size_t i;
2433 u_int32_t random_number = 0;
2434
2435 for(i = 0 ; i < length ; i++) {
2436 if(i % sizeof(u_int32_t) == 0)
2437 random_number = arc4random();
2438 entropy[i] = random_number & 0xFF;
2439 random_number >>= 8;
2440 }
2441 i = random_number = 0;
2442 return 0;
2443 }
2444
2445 void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */
2446 size_t tmplen,
2447 unsigned char *md5sum, /* output */
2448 size_t md5len)
2449 {
2450 (void)md5len;
2451 (void)CC_MD5(tmp, (CC_LONG)tmplen, md5sum);
2452 }
2453
2454 bool Curl_darwinssl_false_start(void)
2455 {
2456 #if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7
2457 if(SSLSetSessionOption != NULL)
2458 return TRUE;
2459 #endif
2460 return FALSE;
2461 }
2462
2463 static ssize_t darwinssl_send(struct connectdata *conn,
2464 int sockindex,
2465 const void *mem,
2466 size_t len,
2467 CURLcode *curlcode)
2468 {
2469 /*struct Curl_easy *data = conn->data;*/
2470 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2471 size_t processed = 0UL;
2472 OSStatus err;
2473
2474 /* The SSLWrite() function works a little differently than expected. The
2475 fourth argument (processed) is currently documented in Apple's
2476 documentation as: "On return, the length, in bytes, of the data actually
2477 written."
2478
2479 Now, one could interpret that as "written to the socket," but actually,
2480 it returns the amount of data that was written to a buffer internal to
2481 the SSLContextRef instead. So it's possible for SSLWrite() to return
2482 errSSLWouldBlock and a number of bytes "written" because those bytes were
2483 encrypted and written to a buffer, not to the socket.
2484
2485 So if this happens, then we need to keep calling SSLWrite() over and
2486 over again with no new data until it quits returning errSSLWouldBlock. */
2487
2488 /* Do we have buffered data to write from the last time we were called? */
2489 if(connssl->ssl_write_buffered_length) {
2490 /* Write the buffered data: */
2491 err = SSLWrite(connssl->ssl_ctx, NULL, 0UL, &processed);
2492 switch (err) {
2493 case noErr:
2494 /* processed is always going to be 0 because we didn't write to
2495 the buffer, so return how much was written to the socket */
2496 processed = connssl->ssl_write_buffered_length;
2497 connssl->ssl_write_buffered_length = 0UL;
2498 break;
2499 case errSSLWouldBlock: /* argh, try again */
2500 *curlcode = CURLE_AGAIN;
2501 return -1L;
2502 default:
2503 failf(conn->data, "SSLWrite() returned error %d", err);
2504 *curlcode = CURLE_SEND_ERROR;
2505 return -1L;
2506 }
2507 }
2508 else {
2509 /* We've got new data to write: */
2510 err = SSLWrite(connssl->ssl_ctx, mem, len, &processed);
2511 if(err != noErr) {
2512 switch (err) {
2513 case errSSLWouldBlock:
2514 /* Data was buffered but not sent, we have to tell the caller
2515 to try sending again, and remember how much was buffered */
2516 connssl->ssl_write_buffered_length = len;
2517 *curlcode = CURLE_AGAIN;
2518 return -1L;
2519 default:
2520 failf(conn->data, "SSLWrite() returned error %d", err);
2521 *curlcode = CURLE_SEND_ERROR;
2522 return -1L;
2523 }
2524 }
2525 }
2526 return (ssize_t)processed;
2527 }
2528
2529 static ssize_t darwinssl_recv(struct connectdata *conn,
2530 int num,
2531 char *buf,
2532 size_t buffersize,
2533 CURLcode *curlcode)
2534 {
2535 /*struct Curl_easy *data = conn->data;*/
2536 struct ssl_connect_data *connssl = &conn->ssl[num];
2537 size_t processed = 0UL;
2538 OSStatus err = SSLRead(connssl->ssl_ctx, buf, buffersize, &processed);
2539
2540 if(err != noErr) {
2541 switch (err) {
2542 case errSSLWouldBlock: /* return how much we read (if anything) */
2543 if(processed)
2544 return (ssize_t)processed;
2545 *curlcode = CURLE_AGAIN;
2546 return -1L;
2547 break;
2548
2549 /* errSSLClosedGraceful - server gracefully shut down the SSL session
2550 errSSLClosedNoNotify - server hung up on us instead of sending a
2551 closure alert notice, read() is returning 0
2552 Either way, inform the caller that the server disconnected. */
2553 case errSSLClosedGraceful:
2554 case errSSLClosedNoNotify:
2555 *curlcode = CURLE_OK;
2556 return -1L;
2557 break;
2558
2559 default:
2560 failf(conn->data, "SSLRead() return error %d", err);
2561 *curlcode = CURLE_RECV_ERROR;
2562 return -1L;
2563 break;
2564 }
2565 }
2566 return (ssize_t)processed;
2567 }
2568
2569 #endif /* USE_DARWINSSL */
2570