VirtualBox

source: vbox/trunk/src/libs/curl-8.7.1/lib/vtls/openssl.c@ 106542

最後變更 在這個檔案從106542是 104083,由 vboxsync 提交於 11 月 前

curl-8.7.1: Applied and adjusted our curl changes to 8.4.0. bugref:10639
  • 屬性 svn:eol-style 設為 native
檔案大小: 148.3 KB
 
1/***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) Daniel Stenberg, <[email protected]>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 * SPDX-License-Identifier: curl
22 *
23 ***************************************************************************/
24
25/*
26 * Source file for all OpenSSL-specific code for the TLS/SSL layer. No code
27 * but vtls.c should ever call or use these functions.
28 */
29
30#include "curl_setup.h"
31
32#if defined(USE_QUICHE) || defined(USE_OPENSSL)
33
34#include <limits.h>
35
36/* Wincrypt must be included before anything that could include OpenSSL. */
37#if defined(USE_WIN32_CRYPTO)
38#include <wincrypt.h>
39/* Undefine wincrypt conflicting symbols for BoringSSL. */
40#undef X509_NAME
41#undef X509_EXTENSIONS
42#undef PKCS7_ISSUER_AND_SERIAL
43#undef PKCS7_SIGNER_INFO
44#undef OCSP_REQUEST
45#undef OCSP_RESPONSE
46#endif
47
48#include "urldata.h"
49#include "sendf.h"
50#include "formdata.h" /* for the boundary function */
51#include "url.h" /* for the ssl config check function */
52#include "inet_pton.h"
53#include "openssl.h"
54#include "connect.h"
55#include "slist.h"
56#include "select.h"
57#include "vtls.h"
58#include "vtls_int.h"
59#include "vauth/vauth.h"
60#include "keylog.h"
61#include "strcase.h"
62#include "hostcheck.h"
63#include "multiif.h"
64#include "strerror.h"
65#include "curl_printf.h"
66
67#include <openssl/ssl.h>
68#include <openssl/rand.h>
69#include <openssl/x509v3.h>
70#ifndef OPENSSL_NO_DSA
71#include <openssl/dsa.h>
72#endif
73#include <openssl/dh.h>
74#include <openssl/err.h>
75#include <openssl/md5.h>
76#include <openssl/conf.h>
77#include <openssl/bn.h>
78#include <openssl/rsa.h>
79#include <openssl/bio.h>
80#include <openssl/buffer.h>
81#include <openssl/pkcs12.h>
82#include <openssl/tls1.h>
83#include <openssl/evp.h>
84
85#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_OCSP)
86#include <openssl/ocsp.h>
87#endif
88
89#if (OPENSSL_VERSION_NUMBER >= 0x0090700fL) && /* 0.9.7 or later */ \
90 !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_UI_CONSOLE)
91#define USE_OPENSSL_ENGINE
92#include <openssl/engine.h>
93#endif
94
95#include "warnless.h"
96
97/* The last #include files should be: */
98#include "curl_memory.h"
99#include "memdebug.h"
100
101#ifndef ARRAYSIZE
102#define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0]))
103#endif
104
105/* Uncomment the ALLOW_RENEG line to a real #define if you want to allow TLS
106 renegotiations when built with BoringSSL. Renegotiating is non-compliant
107 with HTTP/2 and "an extremely dangerous protocol feature". Beware.
108
109#define ALLOW_RENEG 1
110 */
111
112#ifndef OPENSSL_VERSION_NUMBER
113#error "OPENSSL_VERSION_NUMBER not defined"
114#endif
115
116#ifdef USE_OPENSSL_ENGINE
117#include <openssl/ui.h>
118#endif
119
120#if OPENSSL_VERSION_NUMBER >= 0x00909000L
121#define SSL_METHOD_QUAL const
122#else
123#define SSL_METHOD_QUAL
124#endif
125
126#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
127#define HAVE_ERR_REMOVE_THREAD_STATE 1
128#endif
129
130#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && /* OpenSSL 1.1.0+ */ \
131 !(defined(LIBRESSL_VERSION_NUMBER) && \
132 LIBRESSL_VERSION_NUMBER < 0x20700000L)
133#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
134#define HAVE_X509_GET0_EXTENSIONS 1 /* added in 1.1.0 -pre1 */
135#define HAVE_OPAQUE_EVP_PKEY 1 /* since 1.1.0 -pre3 */
136#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */
137#define CONST_EXTS const
138#define HAVE_ERR_REMOVE_THREAD_STATE_DEPRECATED 1
139
140/* funny typecast define due to difference in API */
141#ifdef LIBRESSL_VERSION_NUMBER
142#define ARG2_X509_signature_print (X509_ALGOR *)
143#else
144#define ARG2_X509_signature_print
145#endif
146
147#else
148/* For OpenSSL before 1.1.0 */
149#define ASN1_STRING_get0_data(x) ASN1_STRING_data(x)
150#define X509_get0_notBefore(x) X509_get_notBefore(x)
151#define X509_get0_notAfter(x) X509_get_notAfter(x)
152#define CONST_EXTS /* nope */
153#ifndef LIBRESSL_VERSION_NUMBER
154#define OpenSSL_version_num() SSLeay()
155#endif
156#endif
157
158#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && /* 1.0.2 or later */ \
159 !(defined(LIBRESSL_VERSION_NUMBER) && \
160 LIBRESSL_VERSION_NUMBER < 0x20700000L)
161#define HAVE_X509_GET0_SIGNATURE 1
162#endif
163
164#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) /* 1.0.2 or later */
165#define HAVE_SSL_GET_SHUTDOWN 1
166#endif
167
168#if OPENSSL_VERSION_NUMBER >= 0x10002003L && \
169 OPENSSL_VERSION_NUMBER <= 0x10002FFFL && \
170 !defined(OPENSSL_NO_COMP)
171#define HAVE_SSL_COMP_FREE_COMPRESSION_METHODS 1
172#endif
173
174#if (OPENSSL_VERSION_NUMBER < 0x0090808fL)
175/* not present in older OpenSSL */
176#define OPENSSL_load_builtin_modules(x)
177#endif
178
179#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
180#define HAVE_EVP_PKEY_GET_PARAMS 1
181#endif
182
183#ifdef HAVE_EVP_PKEY_GET_PARAMS
184#include <openssl/core_names.h>
185#define DECLARE_PKEY_PARAM_BIGNUM(name) BIGNUM *name = NULL
186#define FREE_PKEY_PARAM_BIGNUM(name) BN_clear_free(name)
187#else
188#define DECLARE_PKEY_PARAM_BIGNUM(name) const BIGNUM *name
189#define FREE_PKEY_PARAM_BIGNUM(name)
190#endif
191
192/*
193 * Whether SSL_CTX_set_keylog_callback is available.
194 * OpenSSL: supported since 1.1.1 https://github.com/openssl/openssl/pull/2287
195 * BoringSSL: supported since d28f59c27bac (committed 2015-11-19)
196 * LibreSSL: supported since 3.5.0 (released 2022-02-24)
197 */
198#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \
199 !defined(LIBRESSL_VERSION_NUMBER)) || \
200 (defined(LIBRESSL_VERSION_NUMBER) && \
201 LIBRESSL_VERSION_NUMBER >= 0x3050000fL) || \
202 defined(OPENSSL_IS_BORINGSSL)
203#define HAVE_KEYLOG_CALLBACK
204#endif
205
206/* Whether SSL_CTX_set_ciphersuites is available.
207 * OpenSSL: supported since 1.1.1 (commit a53b5be6a05)
208 * BoringSSL: no
209 * LibreSSL: supported since 3.4.1 (released 2021-10-14)
210 */
211#if ((OPENSSL_VERSION_NUMBER >= 0x10101000L && \
212 !defined(LIBRESSL_VERSION_NUMBER)) || \
213 (defined(LIBRESSL_VERSION_NUMBER) && \
214 LIBRESSL_VERSION_NUMBER >= 0x3040100fL)) && \
215 !defined(OPENSSL_IS_BORINGSSL)
216 #define HAVE_SSL_CTX_SET_CIPHERSUITES
217 #if !defined(OPENSSL_IS_AWSLC)
218 #define HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
219 #endif
220#endif
221
222/*
223 * Whether SSL_CTX_set1_curves_list is available.
224 * OpenSSL: supported since 1.0.2, see
225 * https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups.html
226 * BoringSSL: supported since 5fd1807d95f7 (committed 2016-09-30)
227 * LibreSSL: since 2.5.3 (April 12, 2017)
228 */
229#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) || \
230 defined(OPENSSL_IS_BORINGSSL)
231#define HAVE_SSL_CTX_SET_EC_CURVES
232#endif
233
234#if defined(LIBRESSL_VERSION_NUMBER)
235#define OSSL_PACKAGE "LibreSSL"
236#elif defined(OPENSSL_IS_BORINGSSL)
237#define OSSL_PACKAGE "BoringSSL"
238#elif defined(OPENSSL_IS_AWSLC)
239#define OSSL_PACKAGE "AWS-LC"
240#else
241# if defined(USE_NGTCP2) && defined(USE_NGHTTP3)
242# define OSSL_PACKAGE "quictls"
243# else
244# define OSSL_PACKAGE "OpenSSL"
245#endif
246#endif
247
248#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
249/* up2date versions of OpenSSL maintain reasonably secure defaults without
250 * breaking compatibility, so it is better not to override the defaults in curl
251 */
252#define DEFAULT_CIPHER_SELECTION NULL
253#else
254/* ... but it is not the case with old versions of OpenSSL */
255#define DEFAULT_CIPHER_SELECTION \
256 "ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH"
257#endif
258
259#ifdef HAVE_OPENSSL_SRP
260/* the function exists */
261#ifdef USE_TLS_SRP
262/* the functionality is not disabled */
263#define USE_OPENSSL_SRP
264#endif
265#endif
266
267#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
268#define HAVE_RANDOM_INIT_BY_DEFAULT 1
269#endif
270
271#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
272 !(defined(LIBRESSL_VERSION_NUMBER) && \
273 LIBRESSL_VERSION_NUMBER < 0x2070100fL) && \
274 !defined(OPENSSL_IS_BORINGSSL) && \
275 !defined(OPENSSL_IS_AWSLC)
276#define HAVE_OPENSSL_VERSION
277#endif
278
279#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
280typedef uint32_t sslerr_t;
281#else
282typedef unsigned long sslerr_t;
283#endif
284
285/*
286 * Whether the OpenSSL version has the API needed to support sharing an
287 * X509_STORE between connections. The API is:
288 * * `X509_STORE_up_ref` -- Introduced: OpenSSL 1.1.0.
289 */
290#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) /* OpenSSL >= 1.1.0 */
291#define HAVE_SSL_X509_STORE_SHARE
292#endif
293
294/* What API version do we use? */
295#if defined(LIBRESSL_VERSION_NUMBER)
296#define USE_PRE_1_1_API (LIBRESSL_VERSION_NUMBER < 0x2070000f)
297#else /* !LIBRESSL_VERSION_NUMBER */
298#define USE_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x10100000L)
299#endif /* !LIBRESSL_VERSION_NUMBER */
300
301struct ossl_ssl_backend_data {
302 /* these ones requires specific SSL-types */
303 SSL_CTX* ctx;
304 SSL* handle;
305 X509* server_cert;
306 BIO_METHOD *bio_method;
307 CURLcode io_result; /* result of last BIO cfilter operation */
308#ifndef HAVE_KEYLOG_CALLBACK
309 /* Set to true once a valid keylog entry has been created to avoid dupes. */
310 bool keylog_done;
311#endif
312 bool x509_store_setup; /* x509 store has been set up */
313};
314
315#if defined(HAVE_SSL_X509_STORE_SHARE)
316struct multi_ssl_backend_data {
317 char *CAfile; /* CAfile path used to generate X509 store */
318 X509_STORE *store; /* cached X509 store or NULL if none */
319 struct curltime time; /* when the cached store was created */
320};
321#endif /* HAVE_SSL_X509_STORE_SHARE */
322
323#define push_certinfo(_label, _num) \
324do { \
325 long info_len = BIO_get_mem_data(mem, &ptr); \
326 Curl_ssl_push_certinfo_len(data, _num, _label, ptr, info_len); \
327 if(1 != BIO_reset(mem)) \
328 break; \
329} while(0)
330
331static void pubkey_show(struct Curl_easy *data,
332 BIO *mem,
333 int num,
334 const char *type,
335 const char *name,
336 const BIGNUM *bn)
337{
338 char *ptr;
339 char namebuf[32];
340
341 msnprintf(namebuf, sizeof(namebuf), "%s(%s)", type, name);
342
343 if(bn)
344 BN_print(mem, bn);
345 push_certinfo(namebuf, num);
346}
347
348#ifdef HAVE_OPAQUE_RSA_DSA_DH
349#define print_pubkey_BN(_type, _name, _num) \
350 pubkey_show(data, mem, _num, #_type, #_name, _name)
351
352#else
353#define print_pubkey_BN(_type, _name, _num) \
354do { \
355 if(_type->_name) { \
356 pubkey_show(data, mem, _num, #_type, #_name, _type->_name); \
357 } \
358} while(0)
359#endif
360
361static int asn1_object_dump(ASN1_OBJECT *a, char *buf, size_t len)
362{
363 int i, ilen;
364
365 ilen = (int)len;
366 if(ilen < 0)
367 return 1; /* buffer too big */
368
369 i = i2t_ASN1_OBJECT(buf, ilen, a);
370
371 if(i >= ilen)
372 return 1; /* buffer too small */
373
374 return 0;
375}
376
377static void X509V3_ext(struct Curl_easy *data,
378 int certnum,
379 CONST_EXTS STACK_OF(X509_EXTENSION) *exts)
380{
381 int i;
382
383 if((int)sk_X509_EXTENSION_num(exts) <= 0)
384 /* no extensions, bail out */
385 return;
386
387 for(i = 0; i < (int)sk_X509_EXTENSION_num(exts); i++) {
388 ASN1_OBJECT *obj;
389 X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
390 BUF_MEM *biomem;
391 char namebuf[128];
392 BIO *bio_out = BIO_new(BIO_s_mem());
393
394 if(!bio_out)
395 return;
396
397 obj = X509_EXTENSION_get_object(ext);
398
399 asn1_object_dump(obj, namebuf, sizeof(namebuf));
400
401 if(!X509V3_EXT_print(bio_out, ext, 0, 0))
402 ASN1_STRING_print(bio_out, (ASN1_STRING *)X509_EXTENSION_get_data(ext));
403
404 BIO_get_mem_ptr(bio_out, &biomem);
405 Curl_ssl_push_certinfo_len(data, certnum, namebuf, biomem->data,
406 biomem->length);
407 BIO_free(bio_out);
408 }
409}
410
411#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
412typedef size_t numcert_t;
413#else
414typedef int numcert_t;
415#endif
416
417CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl)
418{
419 CURLcode result;
420 STACK_OF(X509) *sk;
421 int i;
422 numcert_t numcerts;
423 BIO *mem;
424
425 DEBUGASSERT(ssl);
426
427 sk = SSL_get_peer_cert_chain(ssl);
428 if(!sk) {
429 return CURLE_OUT_OF_MEMORY;
430 }
431
432 numcerts = sk_X509_num(sk);
433
434 result = Curl_ssl_init_certinfo(data, (int)numcerts);
435 if(result) {
436 return result;
437 }
438
439 mem = BIO_new(BIO_s_mem());
440 if(!mem) {
441 return CURLE_OUT_OF_MEMORY;
442 }
443
444 for(i = 0; i < (int)numcerts; i++) {
445 ASN1_INTEGER *num;
446 X509 *x = sk_X509_value(sk, i);
447 EVP_PKEY *pubkey = NULL;
448 int j;
449 char *ptr;
450 const ASN1_BIT_STRING *psig = NULL;
451
452 X509_NAME_print_ex(mem, X509_get_subject_name(x), 0, XN_FLAG_ONELINE);
453 push_certinfo("Subject", i);
454
455 X509_NAME_print_ex(mem, X509_get_issuer_name(x), 0, XN_FLAG_ONELINE);
456 push_certinfo("Issuer", i);
457
458 BIO_printf(mem, "%lx", X509_get_version(x));
459 push_certinfo("Version", i);
460
461 num = X509_get_serialNumber(x);
462 if(num->type == V_ASN1_NEG_INTEGER)
463 BIO_puts(mem, "-");
464 for(j = 0; j < num->length; j++)
465 BIO_printf(mem, "%02x", num->data[j]);
466 push_certinfo("Serial Number", i);
467
468#if defined(HAVE_X509_GET0_SIGNATURE) && defined(HAVE_X509_GET0_EXTENSIONS)
469 {
470 const X509_ALGOR *sigalg = NULL;
471 X509_PUBKEY *xpubkey = NULL;
472 ASN1_OBJECT *pubkeyoid = NULL;
473
474 X509_get0_signature(&psig, &sigalg, x);
475 if(sigalg) {
476 const ASN1_OBJECT *sigalgoid = NULL;
477 X509_ALGOR_get0(&sigalgoid, NULL, NULL, sigalg);
478 i2a_ASN1_OBJECT(mem, sigalgoid);
479 push_certinfo("Signature Algorithm", i);
480 }
481
482 xpubkey = X509_get_X509_PUBKEY(x);
483 if(xpubkey) {
484 X509_PUBKEY_get0_param(&pubkeyoid, NULL, NULL, NULL, xpubkey);
485 if(pubkeyoid) {
486 i2a_ASN1_OBJECT(mem, pubkeyoid);
487 push_certinfo("Public Key Algorithm", i);
488 }
489 }
490
491 X509V3_ext(data, i, X509_get0_extensions(x));
492 }
493#else
494 {
495 /* before OpenSSL 1.0.2 */
496 X509_CINF *cinf = x->cert_info;
497
498 i2a_ASN1_OBJECT(mem, cinf->signature->algorithm);
499 push_certinfo("Signature Algorithm", i);
500
501 i2a_ASN1_OBJECT(mem, cinf->key->algor->algorithm);
502 push_certinfo("Public Key Algorithm", i);
503
504 X509V3_ext(data, i, cinf->extensions);
505
506 psig = x->signature;
507 }
508#endif
509
510 ASN1_TIME_print(mem, X509_get0_notBefore(x));
511 push_certinfo("Start date", i);
512
513 ASN1_TIME_print(mem, X509_get0_notAfter(x));
514 push_certinfo("Expire date", i);
515
516 pubkey = X509_get_pubkey(x);
517 if(!pubkey)
518 infof(data, " Unable to load public key");
519 else {
520 int pktype;
521#ifdef HAVE_OPAQUE_EVP_PKEY
522 pktype = EVP_PKEY_id(pubkey);
523#else
524 pktype = pubkey->type;
525#endif
526 switch(pktype) {
527 case EVP_PKEY_RSA:
528 {
529#ifndef HAVE_EVP_PKEY_GET_PARAMS
530 RSA *rsa;
531#ifdef HAVE_OPAQUE_EVP_PKEY
532 rsa = EVP_PKEY_get0_RSA(pubkey);
533#else
534 rsa = pubkey->pkey.rsa;
535#endif /* HAVE_OPAQUE_EVP_PKEY */
536#endif /* !HAVE_EVP_PKEY_GET_PARAMS */
537
538 {
539#ifdef HAVE_OPAQUE_RSA_DSA_DH
540 DECLARE_PKEY_PARAM_BIGNUM(n);
541 DECLARE_PKEY_PARAM_BIGNUM(e);
542#ifdef HAVE_EVP_PKEY_GET_PARAMS
543 EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_RSA_N, &n);
544 EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_RSA_E, &e);
545#else
546 RSA_get0_key(rsa, &n, &e, NULL);
547#endif /* HAVE_EVP_PKEY_GET_PARAMS */
548 BIO_printf(mem, "%d", n ? BN_num_bits(n) : 0);
549#else
550 BIO_printf(mem, "%d", rsa->n ? BN_num_bits(rsa->n) : 0);
551#endif /* HAVE_OPAQUE_RSA_DSA_DH */
552 push_certinfo("RSA Public Key", i);
553 print_pubkey_BN(rsa, n, i);
554 print_pubkey_BN(rsa, e, i);
555 FREE_PKEY_PARAM_BIGNUM(n);
556 FREE_PKEY_PARAM_BIGNUM(e);
557 }
558
559 break;
560 }
561 case EVP_PKEY_DSA:
562 {
563#ifndef OPENSSL_NO_DSA
564#ifndef HAVE_EVP_PKEY_GET_PARAMS
565 DSA *dsa;
566#ifdef HAVE_OPAQUE_EVP_PKEY
567 dsa = EVP_PKEY_get0_DSA(pubkey);
568#else
569 dsa = pubkey->pkey.dsa;
570#endif /* HAVE_OPAQUE_EVP_PKEY */
571#endif /* !HAVE_EVP_PKEY_GET_PARAMS */
572 {
573#ifdef HAVE_OPAQUE_RSA_DSA_DH
574 DECLARE_PKEY_PARAM_BIGNUM(p);
575 DECLARE_PKEY_PARAM_BIGNUM(q);
576 DECLARE_PKEY_PARAM_BIGNUM(g);
577 DECLARE_PKEY_PARAM_BIGNUM(pub_key);
578#ifdef HAVE_EVP_PKEY_GET_PARAMS
579 EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_FFC_P, &p);
580 EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_FFC_Q, &q);
581 EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_FFC_G, &g);
582 EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_PUB_KEY, &pub_key);
583#else
584 DSA_get0_pqg(dsa, &p, &q, &g);
585 DSA_get0_key(dsa, &pub_key, NULL);
586#endif /* HAVE_EVP_PKEY_GET_PARAMS */
587#endif /* HAVE_OPAQUE_RSA_DSA_DH */
588 print_pubkey_BN(dsa, p, i);
589 print_pubkey_BN(dsa, q, i);
590 print_pubkey_BN(dsa, g, i);
591 print_pubkey_BN(dsa, pub_key, i);
592 FREE_PKEY_PARAM_BIGNUM(p);
593 FREE_PKEY_PARAM_BIGNUM(q);
594 FREE_PKEY_PARAM_BIGNUM(g);
595 FREE_PKEY_PARAM_BIGNUM(pub_key);
596 }
597#endif /* !OPENSSL_NO_DSA */
598 break;
599 }
600 case EVP_PKEY_DH:
601 {
602#ifndef HAVE_EVP_PKEY_GET_PARAMS
603 DH *dh;
604#ifdef HAVE_OPAQUE_EVP_PKEY
605 dh = EVP_PKEY_get0_DH(pubkey);
606#else
607 dh = pubkey->pkey.dh;
608#endif /* HAVE_OPAQUE_EVP_PKEY */
609#endif /* !HAVE_EVP_PKEY_GET_PARAMS */
610 {
611#ifdef HAVE_OPAQUE_RSA_DSA_DH
612 DECLARE_PKEY_PARAM_BIGNUM(p);
613 DECLARE_PKEY_PARAM_BIGNUM(q);
614 DECLARE_PKEY_PARAM_BIGNUM(g);
615 DECLARE_PKEY_PARAM_BIGNUM(pub_key);
616#ifdef HAVE_EVP_PKEY_GET_PARAMS
617 EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_FFC_P, &p);
618 EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_FFC_Q, &q);
619 EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_FFC_G, &g);
620 EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_PUB_KEY, &pub_key);
621#else
622 DH_get0_pqg(dh, &p, &q, &g);
623 DH_get0_key(dh, &pub_key, NULL);
624#endif /* HAVE_EVP_PKEY_GET_PARAMS */
625 print_pubkey_BN(dh, p, i);
626 print_pubkey_BN(dh, q, i);
627 print_pubkey_BN(dh, g, i);
628#else
629 print_pubkey_BN(dh, p, i);
630 print_pubkey_BN(dh, g, i);
631#endif /* HAVE_OPAQUE_RSA_DSA_DH */
632 print_pubkey_BN(dh, pub_key, i);
633 FREE_PKEY_PARAM_BIGNUM(p);
634 FREE_PKEY_PARAM_BIGNUM(q);
635 FREE_PKEY_PARAM_BIGNUM(g);
636 FREE_PKEY_PARAM_BIGNUM(pub_key);
637 }
638 break;
639 }
640 }
641 EVP_PKEY_free(pubkey);
642 }
643
644 if(psig) {
645 for(j = 0; j < psig->length; j++)
646 BIO_printf(mem, "%02x:", psig->data[j]);
647 push_certinfo("Signature", i);
648 }
649
650 PEM_write_bio_X509(mem, x);
651 push_certinfo("Cert", i);
652 }
653
654 BIO_free(mem);
655
656 return CURLE_OK;
657}
658
659#endif /* quiche or OpenSSL */
660
661#ifdef USE_OPENSSL
662
663#if USE_PRE_1_1_API
664#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL
665#define BIO_set_init(x,v) ((x)->init=(v))
666#define BIO_get_data(x) ((x)->ptr)
667#define BIO_set_data(x,v) ((x)->ptr=(v))
668#endif
669#define BIO_get_shutdown(x) ((x)->shutdown)
670#define BIO_set_shutdown(x,v) ((x)->shutdown=(v))
671#endif /* USE_PRE_1_1_API */
672
673static int ossl_bio_cf_create(BIO *bio)
674{
675 BIO_set_shutdown(bio, 1);
676 BIO_set_init(bio, 1);
677#if USE_PRE_1_1_API
678 bio->num = -1;
679#endif
680 BIO_set_data(bio, NULL);
681 return 1;
682}
683
684static int ossl_bio_cf_destroy(BIO *bio)
685{
686 if(!bio)
687 return 0;
688 return 1;
689}
690
691static long ossl_bio_cf_ctrl(BIO *bio, int cmd, long num, void *ptr)
692{
693 struct Curl_cfilter *cf = BIO_get_data(bio);
694 long ret = 1;
695
696 (void)cf;
697 (void)ptr;
698 switch(cmd) {
699 case BIO_CTRL_GET_CLOSE:
700 ret = (long)BIO_get_shutdown(bio);
701 break;
702 case BIO_CTRL_SET_CLOSE:
703 BIO_set_shutdown(bio, (int)num);
704 break;
705 case BIO_CTRL_FLUSH:
706 /* we do no delayed writes, but if we ever would, this
707 * needs to trigger it. */
708 ret = 1;
709 break;
710 case BIO_CTRL_DUP:
711 ret = 1;
712 break;
713#ifdef BIO_CTRL_EOF
714 case BIO_CTRL_EOF:
715 /* EOF has been reached on input? */
716 return (!cf->next || !cf->next->connected);
717#endif
718 default:
719 ret = 0;
720 break;
721 }
722 return ret;
723}
724
725static int ossl_bio_cf_out_write(BIO *bio, const char *buf, int blen)
726{
727 struct Curl_cfilter *cf = BIO_get_data(bio);
728 struct ssl_connect_data *connssl = cf->ctx;
729 struct ossl_ssl_backend_data *backend =
730 (struct ossl_ssl_backend_data *)connssl->backend;
731 struct Curl_easy *data = CF_DATA_CURRENT(cf);
732 ssize_t nwritten;
733 CURLcode result = CURLE_SEND_ERROR;
734
735 DEBUGASSERT(data);
736 nwritten = Curl_conn_cf_send(cf->next, data, buf, blen, &result);
737 CURL_TRC_CF(data, cf, "ossl_bio_cf_out_write(len=%d) -> %d, err=%d",
738 blen, (int)nwritten, result);
739 BIO_clear_retry_flags(bio);
740 backend->io_result = result;
741 if(nwritten < 0) {
742 if(CURLE_AGAIN == result)
743 BIO_set_retry_write(bio);
744 }
745 return (int)nwritten;
746}
747
748static int ossl_bio_cf_in_read(BIO *bio, char *buf, int blen)
749{
750 struct Curl_cfilter *cf = BIO_get_data(bio);
751 struct ssl_connect_data *connssl = cf->ctx;
752 struct ossl_ssl_backend_data *backend =
753 (struct ossl_ssl_backend_data *)connssl->backend;
754 struct Curl_easy *data = CF_DATA_CURRENT(cf);
755 ssize_t nread;
756 CURLcode result = CURLE_RECV_ERROR;
757
758 DEBUGASSERT(data);
759 /* OpenSSL catches this case, so should we. */
760 if(!buf)
761 return 0;
762
763 nread = Curl_conn_cf_recv(cf->next, data, buf, blen, &result);
764 CURL_TRC_CF(data, cf, "ossl_bio_cf_in_read(len=%d) -> %d, err=%d",
765 blen, (int)nread, result);
766 BIO_clear_retry_flags(bio);
767 backend->io_result = result;
768 if(nread < 0) {
769 if(CURLE_AGAIN == result)
770 BIO_set_retry_read(bio);
771 }
772 else if(nread == 0) {
773 connssl->peer_closed = TRUE;
774 }
775
776 /* Before returning server replies to the SSL instance, we need
777 * to have setup the x509 store or verification will fail. */
778 if(!backend->x509_store_setup) {
779 result = Curl_ssl_setup_x509_store(cf, data, backend->ctx);
780 if(result) {
781 backend->io_result = result;
782 return -1;
783 }
784 backend->x509_store_setup = TRUE;
785 }
786
787 return (int)nread;
788}
789
790#if USE_PRE_1_1_API
791
792static BIO_METHOD ossl_bio_cf_meth_1_0 = {
793 BIO_TYPE_MEM,
794 "OpenSSL CF BIO",
795 ossl_bio_cf_out_write,
796 ossl_bio_cf_in_read,
797 NULL, /* puts is never called */
798 NULL, /* gets is never called */
799 ossl_bio_cf_ctrl,
800 ossl_bio_cf_create,
801 ossl_bio_cf_destroy,
802 NULL
803};
804
805static BIO_METHOD *ossl_bio_cf_method_create(void)
806{
807 return &ossl_bio_cf_meth_1_0;
808}
809
810#define ossl_bio_cf_method_free(m) Curl_nop_stmt
811
812#else
813
814static BIO_METHOD *ossl_bio_cf_method_create(void)
815{
816 BIO_METHOD *m = BIO_meth_new(BIO_TYPE_MEM, "OpenSSL CF BIO");
817 if(m) {
818 BIO_meth_set_write(m, &ossl_bio_cf_out_write);
819 BIO_meth_set_read(m, &ossl_bio_cf_in_read);
820 BIO_meth_set_ctrl(m, &ossl_bio_cf_ctrl);
821 BIO_meth_set_create(m, &ossl_bio_cf_create);
822 BIO_meth_set_destroy(m, &ossl_bio_cf_destroy);
823 }
824 return m;
825}
826
827static void ossl_bio_cf_method_free(BIO_METHOD *m)
828{
829 if(m)
830 BIO_meth_free(m);
831}
832
833#endif
834
835
836/*
837 * Number of bytes to read from the random number seed file. This must be
838 * a finite value (because some entropy "files" like /dev/urandom have
839 * an infinite length), but must be large enough to provide enough
840 * entropy to properly seed OpenSSL's PRNG.
841 */
842#define RAND_LOAD_LENGTH 1024
843
844#ifdef HAVE_KEYLOG_CALLBACK
845static void ossl_keylog_callback(const SSL *ssl, const char *line)
846{
847 (void)ssl;
848
849 Curl_tls_keylog_write_line(line);
850}
851#else
852/*
853 * ossl_log_tls12_secret is called by libcurl to make the CLIENT_RANDOMs if the
854 * OpenSSL being used doesn't have native support for doing that.
855 */
856static void
857ossl_log_tls12_secret(const SSL *ssl, bool *keylog_done)
858{
859 const SSL_SESSION *session = SSL_get_session(ssl);
860 unsigned char client_random[SSL3_RANDOM_SIZE];
861 unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
862 int master_key_length = 0;
863
864 if(!session || *keylog_done)
865 return;
866
867#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
868 !(defined(LIBRESSL_VERSION_NUMBER) && \
869 LIBRESSL_VERSION_NUMBER < 0x20700000L)
870 /* ssl->s3 is not checked in openssl 1.1.0-pre6, but let's assume that
871 * we have a valid SSL context if we have a non-NULL session. */
872 SSL_get_client_random(ssl, client_random, SSL3_RANDOM_SIZE);
873 master_key_length = (int)
874 SSL_SESSION_get_master_key(session, master_key, SSL_MAX_MASTER_KEY_LENGTH);
875#else
876 if(ssl->s3 && session->master_key_length > 0) {
877 master_key_length = session->master_key_length;
878 memcpy(master_key, session->master_key, session->master_key_length);
879 memcpy(client_random, ssl->s3->client_random, SSL3_RANDOM_SIZE);
880 }
881#endif
882
883 /* The handshake has not progressed sufficiently yet, or this is a TLS 1.3
884 * session (when curl was built with older OpenSSL headers and running with
885 * newer OpenSSL runtime libraries). */
886 if(master_key_length <= 0)
887 return;
888
889 *keylog_done = true;
890 Curl_tls_keylog_write("CLIENT_RANDOM", client_random,
891 master_key, master_key_length);
892}
893#endif /* !HAVE_KEYLOG_CALLBACK */
894
895static const char *SSL_ERROR_to_str(int err)
896{
897 switch(err) {
898 case SSL_ERROR_NONE:
899 return "SSL_ERROR_NONE";
900 case SSL_ERROR_SSL:
901 return "SSL_ERROR_SSL";
902 case SSL_ERROR_WANT_READ:
903 return "SSL_ERROR_WANT_READ";
904 case SSL_ERROR_WANT_WRITE:
905 return "SSL_ERROR_WANT_WRITE";
906 case SSL_ERROR_WANT_X509_LOOKUP:
907 return "SSL_ERROR_WANT_X509_LOOKUP";
908 case SSL_ERROR_SYSCALL:
909 return "SSL_ERROR_SYSCALL";
910 case SSL_ERROR_ZERO_RETURN:
911 return "SSL_ERROR_ZERO_RETURN";
912 case SSL_ERROR_WANT_CONNECT:
913 return "SSL_ERROR_WANT_CONNECT";
914 case SSL_ERROR_WANT_ACCEPT:
915 return "SSL_ERROR_WANT_ACCEPT";
916#if defined(SSL_ERROR_WANT_ASYNC)
917 case SSL_ERROR_WANT_ASYNC:
918 return "SSL_ERROR_WANT_ASYNC";
919#endif
920#if defined(SSL_ERROR_WANT_ASYNC_JOB)
921 case SSL_ERROR_WANT_ASYNC_JOB:
922 return "SSL_ERROR_WANT_ASYNC_JOB";
923#endif
924#if defined(SSL_ERROR_WANT_EARLY)
925 case SSL_ERROR_WANT_EARLY:
926 return "SSL_ERROR_WANT_EARLY";
927#endif
928 default:
929 return "SSL_ERROR unknown";
930 }
931}
932
933static size_t ossl_version(char *buffer, size_t size);
934
935/* Return error string for last OpenSSL error
936 */
937static char *ossl_strerror(unsigned long error, char *buf, size_t size)
938{
939 size_t len;
940 DEBUGASSERT(size);
941 *buf = '\0';
942
943 len = ossl_version(buf, size);
944 DEBUGASSERT(len < (size - 2));
945 if(len < (size - 2)) {
946 buf += len;
947 size -= (len + 2);
948 *buf++ = ':';
949 *buf++ = ' ';
950 *buf = '\0';
951 }
952
953#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
954 ERR_error_string_n((uint32_t)error, buf, size);
955#else
956 ERR_error_string_n(error, buf, size);
957#endif
958
959 if(!*buf) {
960 const char *msg = error ? "Unknown error" : "No error";
961 if(strlen(msg) < size)
962 strcpy(buf, msg);
963 }
964
965 return buf;
966}
967
968static int passwd_callback(char *buf, int num, int encrypting,
969 void *global_passwd)
970{
971 DEBUGASSERT(0 == encrypting);
972
973 if(!encrypting) {
974 int klen = curlx_uztosi(strlen((char *)global_passwd));
975 if(num > klen) {
976 memcpy(buf, global_passwd, klen + 1);
977 return klen;
978 }
979 }
980 return 0;
981}
982
983/*
984 * rand_enough() returns TRUE if we have seeded the random engine properly.
985 */
986static bool rand_enough(void)
987{
988 return (0 != RAND_status()) ? TRUE : FALSE;
989}
990
991static CURLcode ossl_seed(struct Curl_easy *data)
992{
993 /* This might get called before it has been added to a multi handle */
994 if(data->multi && data->multi->ssl_seeded)
995 return CURLE_OK;
996
997 if(rand_enough()) {
998 /* OpenSSL 1.1.0+ should return here */
999 if(data->multi)
1000 data->multi->ssl_seeded = TRUE;
1001 return CURLE_OK;
1002 }
1003#ifdef HAVE_RANDOM_INIT_BY_DEFAULT
1004 /* with OpenSSL 1.1.0+, a failed RAND_status is a showstopper */
1005 failf(data, "Insufficient randomness");
1006 return CURLE_SSL_CONNECT_ERROR;
1007#else
1008
1009#ifdef RANDOM_FILE
1010 RAND_load_file(RANDOM_FILE, RAND_LOAD_LENGTH);
1011 if(rand_enough())
1012 return CURLE_OK;
1013#endif
1014
1015 /* fallback to a custom seeding of the PRNG using a hash based on a current
1016 time */
1017 do {
1018 unsigned char randb[64];
1019 size_t len = sizeof(randb);
1020 size_t i, i_max;
1021 for(i = 0, i_max = len / sizeof(struct curltime); i < i_max; ++i) {
1022 struct curltime tv = Curl_now();
1023 Curl_wait_ms(1);
1024 tv.tv_sec *= i + 1;
1025 tv.tv_usec *= (unsigned int)i + 2;
1026 tv.tv_sec ^= ((Curl_now().tv_sec + Curl_now().tv_usec) *
1027 (i + 3)) << 8;
1028 tv.tv_usec ^= (unsigned int) ((Curl_now().tv_sec +
1029 Curl_now().tv_usec) *
1030 (i + 4)) << 16;
1031 memcpy(&randb[i * sizeof(struct curltime)], &tv,
1032 sizeof(struct curltime));
1033 }
1034 RAND_add(randb, (int)len, (double)len/2);
1035 } while(!rand_enough());
1036
1037 {
1038 /* generates a default path for the random seed file */
1039 char fname[256];
1040 fname[0] = 0; /* blank it first */
1041 RAND_file_name(fname, sizeof(fname));
1042 if(fname[0]) {
1043 /* we got a file name to try */
1044 RAND_load_file(fname, RAND_LOAD_LENGTH);
1045 if(rand_enough())
1046 return CURLE_OK;
1047 }
1048 }
1049
1050 infof(data, "libcurl is now using a weak random seed");
1051 return (rand_enough() ? CURLE_OK :
1052 CURLE_SSL_CONNECT_ERROR /* confusing error code */);
1053#endif
1054}
1055
1056#ifndef SSL_FILETYPE_ENGINE
1057#define SSL_FILETYPE_ENGINE 42
1058#endif
1059#ifndef SSL_FILETYPE_PKCS12
1060#define SSL_FILETYPE_PKCS12 43
1061#endif
1062static int do_file_type(const char *type)
1063{
1064 if(!type || !type[0])
1065 return SSL_FILETYPE_PEM;
1066 if(strcasecompare(type, "PEM"))
1067 return SSL_FILETYPE_PEM;
1068 if(strcasecompare(type, "DER"))
1069 return SSL_FILETYPE_ASN1;
1070 if(strcasecompare(type, "ENG"))
1071 return SSL_FILETYPE_ENGINE;
1072 if(strcasecompare(type, "P12"))
1073 return SSL_FILETYPE_PKCS12;
1074 return -1;
1075}
1076
1077#ifdef USE_OPENSSL_ENGINE
1078/*
1079 * Supply default password to the engine user interface conversation.
1080 * The password is passed by OpenSSL engine from ENGINE_load_private_key()
1081 * last argument to the ui and can be obtained by UI_get0_user_data(ui) here.
1082 */
1083static int ssl_ui_reader(UI *ui, UI_STRING *uis)
1084{
1085 const char *password;
1086 switch(UI_get_string_type(uis)) {
1087 case UIT_PROMPT:
1088 case UIT_VERIFY:
1089 password = (const char *)UI_get0_user_data(ui);
1090 if(password && (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD)) {
1091 UI_set_result(ui, uis, password);
1092 return 1;
1093 }
1094 FALLTHROUGH();
1095 default:
1096 break;
1097 }
1098 return (UI_method_get_reader(UI_OpenSSL()))(ui, uis);
1099}
1100
1101/*
1102 * Suppress interactive request for a default password if available.
1103 */
1104static int ssl_ui_writer(UI *ui, UI_STRING *uis)
1105{
1106 switch(UI_get_string_type(uis)) {
1107 case UIT_PROMPT:
1108 case UIT_VERIFY:
1109 if(UI_get0_user_data(ui) &&
1110 (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD)) {
1111 return 1;
1112 }
1113 FALLTHROUGH();
1114 default:
1115 break;
1116 }
1117 return (UI_method_get_writer(UI_OpenSSL()))(ui, uis);
1118}
1119
1120/*
1121 * Check if a given string is a PKCS#11 URI
1122 */
1123static bool is_pkcs11_uri(const char *string)
1124{
1125 return (string && strncasecompare(string, "pkcs11:", 7));
1126}
1127
1128#endif
1129
1130static CURLcode ossl_set_engine(struct Curl_easy *data, const char *engine);
1131
1132static int
1133SSL_CTX_use_certificate_blob(SSL_CTX *ctx, const struct curl_blob *blob,
1134 int type, const char *key_passwd)
1135{
1136 int ret = 0;
1137 X509 *x = NULL;
1138 /* the typecast of blob->len is fine since it is guaranteed to never be
1139 larger than CURL_MAX_INPUT_LENGTH */
1140 BIO *in = BIO_new_mem_buf(blob->data, (int)(blob->len));
1141 if(!in)
1142 return CURLE_OUT_OF_MEMORY;
1143
1144 if(type == SSL_FILETYPE_ASN1) {
1145 /* j = ERR_R_ASN1_LIB; */
1146 x = d2i_X509_bio(in, NULL);
1147 }
1148 else if(type == SSL_FILETYPE_PEM) {
1149 /* ERR_R_PEM_LIB; */
1150 x = PEM_read_bio_X509(in, NULL,
1151 passwd_callback, (void *)key_passwd);
1152 }
1153 else {
1154 ret = 0;
1155 goto end;
1156 }
1157
1158 if(!x) {
1159 ret = 0;
1160 goto end;
1161 }
1162
1163 ret = SSL_CTX_use_certificate(ctx, x);
1164end:
1165 X509_free(x);
1166 BIO_free(in);
1167 return ret;
1168}
1169
1170static int
1171SSL_CTX_use_PrivateKey_blob(SSL_CTX *ctx, const struct curl_blob *blob,
1172 int type, const char *key_passwd)
1173{
1174 int ret = 0;
1175 EVP_PKEY *pkey = NULL;
1176 BIO *in = BIO_new_mem_buf(blob->data, (int)(blob->len));
1177 if(!in)
1178 return CURLE_OUT_OF_MEMORY;
1179
1180 if(type == SSL_FILETYPE_PEM)
1181 pkey = PEM_read_bio_PrivateKey(in, NULL, passwd_callback,
1182 (void *)key_passwd);
1183 else if(type == SSL_FILETYPE_ASN1)
1184 pkey = d2i_PrivateKey_bio(in, NULL);
1185 else {
1186 ret = 0;
1187 goto end;
1188 }
1189 if(!pkey) {
1190 ret = 0;
1191 goto end;
1192 }
1193 ret = SSL_CTX_use_PrivateKey(ctx, pkey);
1194 EVP_PKEY_free(pkey);
1195end:
1196 BIO_free(in);
1197 return ret;
1198}
1199
1200static int
1201SSL_CTX_use_certificate_chain_blob(SSL_CTX *ctx, const struct curl_blob *blob,
1202 const char *key_passwd)
1203{
1204/* SSL_CTX_add1_chain_cert introduced in OpenSSL 1.0.2 */
1205#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && /* OpenSSL 1.0.2 or later */ \
1206 !(defined(LIBRESSL_VERSION_NUMBER) && \
1207 (LIBRESSL_VERSION_NUMBER < 0x2090100fL)) /* LibreSSL 2.9.1 or later */
1208 int ret = 0;
1209 X509 *x = NULL;
1210 void *passwd_callback_userdata = (void *)key_passwd;
1211 BIO *in = BIO_new_mem_buf(blob->data, (int)(blob->len));
1212 if(!in)
1213 return CURLE_OUT_OF_MEMORY;
1214
1215 ERR_clear_error();
1216
1217 x = PEM_read_bio_X509_AUX(in, NULL,
1218 passwd_callback, (void *)key_passwd);
1219
1220 if(!x) {
1221 ret = 0;
1222 goto end;
1223 }
1224
1225 ret = SSL_CTX_use_certificate(ctx, x);
1226
1227 if(ERR_peek_error() != 0)
1228 ret = 0;
1229
1230 if(ret) {
1231 X509 *ca;
1232 sslerr_t err;
1233
1234 if(!SSL_CTX_clear_chain_certs(ctx)) {
1235 ret = 0;
1236 goto end;
1237 }
1238
1239 while((ca = PEM_read_bio_X509(in, NULL, passwd_callback,
1240 passwd_callback_userdata))
1241 != NULL) {
1242
1243 if(!SSL_CTX_add0_chain_cert(ctx, ca)) {
1244 X509_free(ca);
1245 ret = 0;
1246 goto end;
1247 }
1248 }
1249
1250 err = ERR_peek_last_error();
1251 if((ERR_GET_LIB(err) == ERR_LIB_PEM) &&
1252 (ERR_GET_REASON(err) == PEM_R_NO_START_LINE))
1253 ERR_clear_error();
1254 else
1255 ret = 0;
1256 }
1257
1258end:
1259 X509_free(x);
1260 BIO_free(in);
1261 return ret;
1262#else
1263 (void)ctx; /* unused */
1264 (void)blob; /* unused */
1265 (void)key_passwd; /* unused */
1266 return 0;
1267#endif
1268}
1269
1270static
1271int cert_stuff(struct Curl_easy *data,
1272 SSL_CTX* ctx,
1273 char *cert_file,
1274 const struct curl_blob *cert_blob,
1275 const char *cert_type,
1276 char *key_file,
1277 const struct curl_blob *key_blob,
1278 const char *key_type,
1279 char *key_passwd)
1280{
1281 char error_buffer[256];
1282 bool check_privkey = TRUE;
1283
1284 int file_type = do_file_type(cert_type);
1285
1286 if(cert_file || cert_blob || (file_type == SSL_FILETYPE_ENGINE)) {
1287 SSL *ssl;
1288 X509 *x509;
1289 int cert_done = 0;
1290 int cert_use_result;
1291
1292 if(key_passwd) {
1293 /* set the password in the callback userdata */
1294 SSL_CTX_set_default_passwd_cb_userdata(ctx, key_passwd);
1295 /* Set passwd callback: */
1296 SSL_CTX_set_default_passwd_cb(ctx, passwd_callback);
1297 }
1298
1299
1300 switch(file_type) {
1301 case SSL_FILETYPE_PEM:
1302 /* SSL_CTX_use_certificate_chain_file() only works on PEM files */
1303 cert_use_result = cert_blob ?
1304 SSL_CTX_use_certificate_chain_blob(ctx, cert_blob, key_passwd) :
1305 SSL_CTX_use_certificate_chain_file(ctx, cert_file);
1306 if(cert_use_result != 1) {
1307 failf(data,
1308 "could not load PEM client certificate from %s, " OSSL_PACKAGE
1309 " error %s, "
1310 "(no key found, wrong pass phrase, or wrong file format?)",
1311 (cert_blob ? "CURLOPT_SSLCERT_BLOB" : cert_file),
1312 ossl_strerror(ERR_get_error(), error_buffer,
1313 sizeof(error_buffer)) );
1314 return 0;
1315 }
1316 break;
1317
1318 case SSL_FILETYPE_ASN1:
1319 /* SSL_CTX_use_certificate_file() works with either PEM or ASN1, but
1320 we use the case above for PEM so this can only be performed with
1321 ASN1 files. */
1322
1323 cert_use_result = cert_blob ?
1324 SSL_CTX_use_certificate_blob(ctx, cert_blob,
1325 file_type, key_passwd) :
1326 SSL_CTX_use_certificate_file(ctx, cert_file, file_type);
1327 if(cert_use_result != 1) {
1328 failf(data,
1329 "could not load ASN1 client certificate from %s, " OSSL_PACKAGE
1330 " error %s, "
1331 "(no key found, wrong pass phrase, or wrong file format?)",
1332 (cert_blob ? "CURLOPT_SSLCERT_BLOB" : cert_file),
1333 ossl_strerror(ERR_get_error(), error_buffer,
1334 sizeof(error_buffer)) );
1335 return 0;
1336 }
1337 break;
1338 case SSL_FILETYPE_ENGINE:
1339#if defined(USE_OPENSSL_ENGINE) && defined(ENGINE_CTRL_GET_CMD_FROM_NAME)
1340 {
1341 /* Implicitly use pkcs11 engine if none was provided and the
1342 * cert_file is a PKCS#11 URI */
1343 if(!data->state.engine) {
1344 if(is_pkcs11_uri(cert_file)) {
1345 if(ossl_set_engine(data, "pkcs11") != CURLE_OK) {
1346 return 0;
1347 }
1348 }
1349 }
1350
1351 if(data->state.engine) {
1352 const char *cmd_name = "LOAD_CERT_CTRL";
1353 struct {
1354 const char *cert_id;
1355 X509 *cert;
1356 } params;
1357
1358 params.cert_id = cert_file;
1359 params.cert = NULL;
1360
1361 /* Does the engine supports LOAD_CERT_CTRL ? */
1362 if(!ENGINE_ctrl(data->state.engine, ENGINE_CTRL_GET_CMD_FROM_NAME,
1363 0, (void *)cmd_name, NULL)) {
1364 failf(data, "ssl engine does not support loading certificates");
1365 return 0;
1366 }
1367
1368 /* Load the certificate from the engine */
1369 if(!ENGINE_ctrl_cmd(data->state.engine, cmd_name,
1370 0, &params, NULL, 1)) {
1371 failf(data, "ssl engine cannot load client cert with id"
1372 " '%s' [%s]", cert_file,
1373 ossl_strerror(ERR_get_error(), error_buffer,
1374 sizeof(error_buffer)));
1375 return 0;
1376 }
1377
1378 if(!params.cert) {
1379 failf(data, "ssl engine didn't initialized the certificate "
1380 "properly.");
1381 return 0;
1382 }
1383
1384 if(SSL_CTX_use_certificate(ctx, params.cert) != 1) {
1385 failf(data, "unable to set client certificate [%s]",
1386 ossl_strerror(ERR_get_error(), error_buffer,
1387 sizeof(error_buffer)));
1388 return 0;
1389 }
1390 X509_free(params.cert); /* we don't need the handle any more... */
1391 }
1392 else {
1393 failf(data, "crypto engine not set, can't load certificate");
1394 return 0;
1395 }
1396 }
1397 break;
1398#else
1399 failf(data, "file type ENG for certificate not implemented");
1400 return 0;
1401#endif
1402
1403 case SSL_FILETYPE_PKCS12:
1404 {
1405 BIO *cert_bio = NULL;
1406 PKCS12 *p12 = NULL;
1407 EVP_PKEY *pri;
1408 STACK_OF(X509) *ca = NULL;
1409 if(cert_blob) {
1410 cert_bio = BIO_new_mem_buf(cert_blob->data, (int)(cert_blob->len));
1411 if(!cert_bio) {
1412 failf(data,
1413 "BIO_new_mem_buf NULL, " OSSL_PACKAGE
1414 " error %s",
1415 ossl_strerror(ERR_get_error(), error_buffer,
1416 sizeof(error_buffer)) );
1417 return 0;
1418 }
1419 }
1420 else {
1421 cert_bio = BIO_new(BIO_s_file());
1422 if(!cert_bio) {
1423 failf(data,
1424 "BIO_new return NULL, " OSSL_PACKAGE
1425 " error %s",
1426 ossl_strerror(ERR_get_error(), error_buffer,
1427 sizeof(error_buffer)) );
1428 return 0;
1429 }
1430
1431 if(BIO_read_filename(cert_bio, cert_file) <= 0) {
1432 failf(data, "could not open PKCS12 file '%s'", cert_file);
1433 BIO_free(cert_bio);
1434 return 0;
1435 }
1436 }
1437
1438 p12 = d2i_PKCS12_bio(cert_bio, NULL);
1439 BIO_free(cert_bio);
1440
1441 if(!p12) {
1442 failf(data, "error reading PKCS12 file '%s'",
1443 cert_blob ? "(memory blob)" : cert_file);
1444 return 0;
1445 }
1446
1447 PKCS12_PBE_add();
1448
1449 if(!PKCS12_parse(p12, key_passwd, &pri, &x509,
1450 &ca)) {
1451 failf(data,
1452 "could not parse PKCS12 file, check password, " OSSL_PACKAGE
1453 " error %s",
1454 ossl_strerror(ERR_get_error(), error_buffer,
1455 sizeof(error_buffer)) );
1456 PKCS12_free(p12);
1457 return 0;
1458 }
1459
1460 PKCS12_free(p12);
1461
1462 if(SSL_CTX_use_certificate(ctx, x509) != 1) {
1463 failf(data,
1464 "could not load PKCS12 client certificate, " OSSL_PACKAGE
1465 " error %s",
1466 ossl_strerror(ERR_get_error(), error_buffer,
1467 sizeof(error_buffer)) );
1468 goto fail;
1469 }
1470
1471 if(SSL_CTX_use_PrivateKey(ctx, pri) != 1) {
1472 failf(data, "unable to use private key from PKCS12 file '%s'",
1473 cert_file);
1474 goto fail;
1475 }
1476
1477 if(!SSL_CTX_check_private_key (ctx)) {
1478 failf(data, "private key from PKCS12 file '%s' "
1479 "does not match certificate in same file", cert_file);
1480 goto fail;
1481 }
1482 /* Set Certificate Verification chain */
1483 if(ca) {
1484 while(sk_X509_num(ca)) {
1485 /*
1486 * Note that sk_X509_pop() is used below to make sure the cert is
1487 * removed from the stack properly before getting passed to
1488 * SSL_CTX_add_extra_chain_cert(), which takes ownership. Previously
1489 * we used sk_X509_value() instead, but then we'd clean it in the
1490 * subsequent sk_X509_pop_free() call.
1491 */
1492 X509 *x = sk_X509_pop(ca);
1493 if(!SSL_CTX_add_client_CA(ctx, x)) {
1494 X509_free(x);
1495 failf(data, "cannot add certificate to client CA list");
1496 goto fail;
1497 }
1498 if(!SSL_CTX_add_extra_chain_cert(ctx, x)) {
1499 X509_free(x);
1500 failf(data, "cannot add certificate to certificate chain");
1501 goto fail;
1502 }
1503 }
1504 }
1505
1506 cert_done = 1;
1507fail:
1508 EVP_PKEY_free(pri);
1509 X509_free(x509);
1510 sk_X509_pop_free(ca, X509_free);
1511 if(!cert_done)
1512 return 0; /* failure! */
1513 break;
1514 }
1515 default:
1516 failf(data, "not supported file type '%s' for certificate", cert_type);
1517 return 0;
1518 }
1519
1520 if((!key_file) && (!key_blob)) {
1521 key_file = cert_file;
1522 key_blob = cert_blob;
1523 }
1524 else
1525 file_type = do_file_type(key_type);
1526
1527 switch(file_type) {
1528 case SSL_FILETYPE_PEM:
1529 if(cert_done)
1530 break;
1531 FALLTHROUGH();
1532 case SSL_FILETYPE_ASN1:
1533 cert_use_result = key_blob ?
1534 SSL_CTX_use_PrivateKey_blob(ctx, key_blob, file_type, key_passwd) :
1535 SSL_CTX_use_PrivateKey_file(ctx, key_file, file_type);
1536 if(cert_use_result != 1) {
1537 failf(data, "unable to set private key file: '%s' type %s",
1538 key_file?key_file:"(memory blob)", key_type?key_type:"PEM");
1539 return 0;
1540 }
1541 break;
1542 case SSL_FILETYPE_ENGINE:
1543#ifdef USE_OPENSSL_ENGINE
1544 {
1545 EVP_PKEY *priv_key = NULL;
1546
1547 /* Implicitly use pkcs11 engine if none was provided and the
1548 * key_file is a PKCS#11 URI */
1549 if(!data->state.engine) {
1550 if(is_pkcs11_uri(key_file)) {
1551 if(ossl_set_engine(data, "pkcs11") != CURLE_OK) {
1552 return 0;
1553 }
1554 }
1555 }
1556
1557 if(data->state.engine) {
1558 UI_METHOD *ui_method =
1559 UI_create_method((char *)"curl user interface");
1560 if(!ui_method) {
1561 failf(data, "unable do create " OSSL_PACKAGE
1562 " user-interface method");
1563 return 0;
1564 }
1565 UI_method_set_opener(ui_method, UI_method_get_opener(UI_OpenSSL()));
1566 UI_method_set_closer(ui_method, UI_method_get_closer(UI_OpenSSL()));
1567 UI_method_set_reader(ui_method, ssl_ui_reader);
1568 UI_method_set_writer(ui_method, ssl_ui_writer);
1569 priv_key = ENGINE_load_private_key(data->state.engine, key_file,
1570 ui_method,
1571 key_passwd);
1572 UI_destroy_method(ui_method);
1573 if(!priv_key) {
1574 failf(data, "failed to load private key from crypto engine");
1575 return 0;
1576 }
1577 if(SSL_CTX_use_PrivateKey(ctx, priv_key) != 1) {
1578 failf(data, "unable to set private key");
1579 EVP_PKEY_free(priv_key);
1580 return 0;
1581 }
1582 EVP_PKEY_free(priv_key); /* we don't need the handle any more... */
1583 }
1584 else {
1585 failf(data, "crypto engine not set, can't load private key");
1586 return 0;
1587 }
1588 }
1589 break;
1590#else
1591 failf(data, "file type ENG for private key not supported");
1592 return 0;
1593#endif
1594 case SSL_FILETYPE_PKCS12:
1595 if(!cert_done) {
1596 failf(data, "file type P12 for private key not supported");
1597 return 0;
1598 }
1599 break;
1600 default:
1601 failf(data, "not supported file type for private key");
1602 return 0;
1603 }
1604
1605 ssl = SSL_new(ctx);
1606 if(!ssl) {
1607 failf(data, "unable to create an SSL structure");
1608 return 0;
1609 }
1610
1611 x509 = SSL_get_certificate(ssl);
1612
1613 /* This version was provided by Evan Jordan and is supposed to not
1614 leak memory as the previous version: */
1615 if(x509) {
1616 EVP_PKEY *pktmp = X509_get_pubkey(x509);
1617 EVP_PKEY_copy_parameters(pktmp, SSL_get_privatekey(ssl));
1618 EVP_PKEY_free(pktmp);
1619 }
1620
1621#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_IS_BORINGSSL) && \
1622 !defined(OPENSSL_NO_DEPRECATED_3_0)
1623 {
1624 /* If RSA is used, don't check the private key if its flags indicate
1625 * it doesn't support it. */
1626 EVP_PKEY *priv_key = SSL_get_privatekey(ssl);
1627 int pktype;
1628#ifdef HAVE_OPAQUE_EVP_PKEY
1629 pktype = EVP_PKEY_id(priv_key);
1630#else
1631 pktype = priv_key->type;
1632#endif
1633 if(pktype == EVP_PKEY_RSA) {
1634 RSA *rsa = EVP_PKEY_get1_RSA(priv_key);
1635 if(RSA_flags(rsa) & RSA_METHOD_FLAG_NO_CHECK)
1636 check_privkey = FALSE;
1637 RSA_free(rsa); /* Decrement reference count */
1638 }
1639 }
1640#endif
1641
1642 SSL_free(ssl);
1643
1644 /* If we are using DSA, we can copy the parameters from
1645 * the private key */
1646
1647 if(check_privkey == TRUE) {
1648 /* Now we know that a key and cert have been set against
1649 * the SSL context */
1650 if(!SSL_CTX_check_private_key(ctx)) {
1651 failf(data, "Private key does not match the certificate public key");
1652 return 0;
1653 }
1654 }
1655 }
1656 return 1;
1657}
1658
1659CURLcode Curl_ossl_set_client_cert(struct Curl_easy *data, SSL_CTX *ctx,
1660 char *cert_file,
1661 const struct curl_blob *cert_blob,
1662 const char *cert_type, char *key_file,
1663 const struct curl_blob *key_blob,
1664 const char *key_type, char *key_passwd)
1665{
1666 int rv = cert_stuff(data, ctx, cert_file, cert_blob, cert_type, key_file,
1667 key_blob, key_type, key_passwd);
1668 if(rv != 1) {
1669 return CURLE_SSL_CERTPROBLEM;
1670 }
1671
1672 return CURLE_OK;
1673}
1674
1675/* returns non-zero on failure */
1676static int x509_name_oneline(X509_NAME *a, char *buf, size_t size)
1677{
1678 BIO *bio_out = BIO_new(BIO_s_mem());
1679 BUF_MEM *biomem;
1680 int rc;
1681
1682 if(!bio_out)
1683 return 1; /* alloc failed! */
1684
1685 rc = X509_NAME_print_ex(bio_out, a, 0, XN_FLAG_SEP_SPLUS_SPC);
1686 BIO_get_mem_ptr(bio_out, &biomem);
1687
1688 if((size_t)biomem->length < size)
1689 size = biomem->length;
1690 else
1691 size--; /* don't overwrite the buffer end */
1692
1693 memcpy(buf, biomem->data, size);
1694 buf[size] = 0;
1695
1696 BIO_free(bio_out);
1697
1698 return !rc;
1699}
1700
1701/**
1702 * Global SSL init
1703 *
1704 * @retval 0 error initializing SSL
1705 * @retval 1 SSL initialized successfully
1706 */
1707static int ossl_init(void)
1708{
1709#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
1710 (!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
1711 const uint64_t flags =
1712#ifdef OPENSSL_INIT_ENGINE_ALL_BUILTIN
1713 /* not present in BoringSSL */
1714 OPENSSL_INIT_ENGINE_ALL_BUILTIN |
1715#endif
1716#ifdef CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG
1717 OPENSSL_INIT_NO_LOAD_CONFIG |
1718#else
1719 OPENSSL_INIT_LOAD_CONFIG |
1720#endif
1721 0;
1722 OPENSSL_init_ssl(flags, NULL);
1723#else
1724 OPENSSL_load_builtin_modules();
1725
1726#ifdef USE_OPENSSL_ENGINE
1727 ENGINE_load_builtin_engines();
1728#endif
1729
1730/* CONF_MFLAGS_DEFAULT_SECTION was introduced some time between 0.9.8b and
1731 0.9.8e */
1732#ifndef CONF_MFLAGS_DEFAULT_SECTION
1733#define CONF_MFLAGS_DEFAULT_SECTION 0x0
1734#endif
1735
1736#ifndef CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG
1737 CONF_modules_load_file(NULL, NULL,
1738 CONF_MFLAGS_DEFAULT_SECTION|
1739 CONF_MFLAGS_IGNORE_MISSING_FILE);
1740#endif
1741
1742 /* Let's get nice error messages */
1743 SSL_load_error_strings();
1744
1745 /* Init the global ciphers and digests */
1746 if(!SSLeay_add_ssl_algorithms())
1747 return 0;
1748
1749 OpenSSL_add_all_algorithms();
1750#endif
1751
1752 Curl_tls_keylog_open();
1753
1754 return 1;
1755}
1756
1757/* Global cleanup */
1758static void ossl_cleanup(void)
1759{
1760#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
1761 (!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
1762 /* OpenSSL 1.1 deprecates all these cleanup functions and
1763 turns them into no-ops in OpenSSL 1.0 compatibility mode */
1764#else
1765 /* Free ciphers and digests lists */
1766 EVP_cleanup();
1767
1768#ifdef USE_OPENSSL_ENGINE
1769 /* Free engine list */
1770 ENGINE_cleanup();
1771#endif
1772
1773 /* Free OpenSSL error strings */
1774 ERR_free_strings();
1775
1776 /* Free thread local error state, destroying hash upon zero refcount */
1777#ifdef HAVE_ERR_REMOVE_THREAD_STATE
1778 ERR_remove_thread_state(NULL);
1779#else
1780 ERR_remove_state(0);
1781#endif
1782
1783 /* Free all memory allocated by all configuration modules */
1784 CONF_modules_free();
1785
1786#ifdef HAVE_SSL_COMP_FREE_COMPRESSION_METHODS
1787 SSL_COMP_free_compression_methods();
1788#endif
1789#endif
1790
1791 Curl_tls_keylog_close();
1792}
1793
1794/* Selects an OpenSSL crypto engine
1795 */
1796static CURLcode ossl_set_engine(struct Curl_easy *data, const char *engine)
1797{
1798#ifdef USE_OPENSSL_ENGINE
1799 ENGINE *e;
1800
1801#if OPENSSL_VERSION_NUMBER >= 0x00909000L
1802 e = ENGINE_by_id(engine);
1803#else
1804 /* avoid memory leak */
1805 for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
1806 const char *e_id = ENGINE_get_id(e);
1807 if(!strcmp(engine, e_id))
1808 break;
1809 }
1810#endif
1811
1812 if(!e) {
1813 failf(data, "SSL Engine '%s' not found", engine);
1814 return CURLE_SSL_ENGINE_NOTFOUND;
1815 }
1816
1817 if(data->state.engine) {
1818 ENGINE_finish(data->state.engine);
1819 ENGINE_free(data->state.engine);
1820 data->state.engine = NULL;
1821 }
1822 if(!ENGINE_init(e)) {
1823 char buf[256];
1824
1825 ENGINE_free(e);
1826 failf(data, "Failed to initialise SSL Engine '%s': %s",
1827 engine, ossl_strerror(ERR_get_error(), buf, sizeof(buf)));
1828 return CURLE_SSL_ENGINE_INITFAILED;
1829 }
1830 data->state.engine = e;
1831 return CURLE_OK;
1832#else
1833 (void)engine;
1834 failf(data, "SSL Engine not supported");
1835 return CURLE_SSL_ENGINE_NOTFOUND;
1836#endif
1837}
1838
1839/* Sets engine as default for all SSL operations
1840 */
1841static CURLcode ossl_set_engine_default(struct Curl_easy *data)
1842{
1843#ifdef USE_OPENSSL_ENGINE
1844 if(data->state.engine) {
1845 if(ENGINE_set_default(data->state.engine, ENGINE_METHOD_ALL) > 0) {
1846 infof(data, "set default crypto engine '%s'",
1847 ENGINE_get_id(data->state.engine));
1848 }
1849 else {
1850 failf(data, "set default crypto engine '%s' failed",
1851 ENGINE_get_id(data->state.engine));
1852 return CURLE_SSL_ENGINE_SETFAILED;
1853 }
1854 }
1855#else
1856 (void) data;
1857#endif
1858 return CURLE_OK;
1859}
1860
1861/* Return list of OpenSSL crypto engine names.
1862 */
1863static struct curl_slist *ossl_engines_list(struct Curl_easy *data)
1864{
1865 struct curl_slist *list = NULL;
1866#ifdef USE_OPENSSL_ENGINE
1867 struct curl_slist *beg;
1868 ENGINE *e;
1869
1870 for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
1871 beg = curl_slist_append(list, ENGINE_get_id(e));
1872 if(!beg) {
1873 curl_slist_free_all(list);
1874 return NULL;
1875 }
1876 list = beg;
1877 }
1878#endif
1879 (void) data;
1880 return list;
1881}
1882
1883static void ossl_close(struct Curl_cfilter *cf, struct Curl_easy *data)
1884{
1885 struct ssl_connect_data *connssl = cf->ctx;
1886 struct ossl_ssl_backend_data *backend =
1887 (struct ossl_ssl_backend_data *)connssl->backend;
1888
1889 (void)data;
1890 DEBUGASSERT(backend);
1891
1892 if(backend->handle) {
1893 /* Send the TLS shutdown if we are still connected *and* if
1894 * the peer did not already close the connection. */
1895 if(cf->next && cf->next->connected && !connssl->peer_closed) {
1896 char buf[1024];
1897 int nread, err;
1898 long sslerr;
1899
1900 /* Maybe the server has already sent a close notify alert.
1901 Read it to avoid an RST on the TCP connection. */
1902 ERR_clear_error();
1903 nread = SSL_read(backend->handle, buf, (int)sizeof(buf));
1904 err = SSL_get_error(backend->handle, nread);
1905 if(!nread && err == SSL_ERROR_ZERO_RETURN) {
1906 CURLcode result;
1907 ssize_t n;
1908 size_t blen = sizeof(buf);
1909 CURL_TRC_CF(data, cf, "peer has shutdown TLS");
1910 /* SSL_read() will not longer touch the socket, let's receive
1911 * directly from the next filter to see if the underlying
1912 * connection has also been closed. */
1913 n = Curl_conn_cf_recv(cf->next, data, buf, blen, &result);
1914 if(!n) {
1915 connssl->peer_closed = TRUE;
1916 CURL_TRC_CF(data, cf, "peer closed connection");
1917 }
1918 }
1919 ERR_clear_error();
1920 if(connssl->peer_closed) {
1921 /* As the peer closed, we do not expect it to read anything more we
1922 * may send. It may be harmful, leading to TCP RST and delaying
1923 * a lingering close. Just leave. */
1924 CURL_TRC_CF(data, cf, "not from sending TLS shutdown on "
1925 "connection closed by peer");
1926 }
1927 else if(SSL_shutdown(backend->handle) == 1) {
1928 CURL_TRC_CF(data, cf, "SSL shutdown finished");
1929 }
1930 else {
1931 nread = SSL_read(backend->handle, buf, (int)sizeof(buf));
1932 err = SSL_get_error(backend->handle, nread);
1933 switch(err) {
1934 case SSL_ERROR_NONE: /* this is not an error */
1935 case SSL_ERROR_ZERO_RETURN: /* no more data */
1936 CURL_TRC_CF(data, cf, "SSL shutdown, EOF from server");
1937 break;
1938 case SSL_ERROR_WANT_READ:
1939 /* SSL has send its notify and now wants to read the reply
1940 * from the server. We are not really interested in that. */
1941 CURL_TRC_CF(data, cf, "SSL shutdown sent");
1942 break;
1943 case SSL_ERROR_WANT_WRITE:
1944 CURL_TRC_CF(data, cf, "SSL shutdown send blocked");
1945 break;
1946 default:
1947 sslerr = ERR_get_error();
1948 CURL_TRC_CF(data, cf, "SSL shutdown, error: '%s', errno %d",
1949 (sslerr ?
1950 ossl_strerror(sslerr, buf, sizeof(buf)) :
1951 SSL_ERROR_to_str(err)),
1952 SOCKERRNO);
1953 break;
1954 }
1955 }
1956
1957 ERR_clear_error();
1958 SSL_set_connect_state(backend->handle);
1959 }
1960
1961 SSL_free(backend->handle);
1962 backend->handle = NULL;
1963 }
1964 if(backend->ctx) {
1965 SSL_CTX_free(backend->ctx);
1966 backend->ctx = NULL;
1967 backend->x509_store_setup = FALSE;
1968 }
1969 if(backend->bio_method) {
1970 ossl_bio_cf_method_free(backend->bio_method);
1971 backend->bio_method = NULL;
1972 }
1973}
1974
1975/*
1976 * This function is called to shut down the SSL layer but keep the
1977 * socket open (CCC - Clear Command Channel)
1978 */
1979static int ossl_shutdown(struct Curl_cfilter *cf,
1980 struct Curl_easy *data)
1981{
1982 int retval = 0;
1983 struct ssl_connect_data *connssl = cf->ctx;
1984 char buf[256]; /* We will use this for the OpenSSL error buffer, so it has
1985 to be at least 256 bytes long. */
1986 unsigned long sslerror;
1987 int nread;
1988 int buffsize;
1989 int err;
1990 bool done = FALSE;
1991 struct ossl_ssl_backend_data *backend =
1992 (struct ossl_ssl_backend_data *)connssl->backend;
1993 int loop = 10;
1994
1995 DEBUGASSERT(backend);
1996
1997#ifndef CURL_DISABLE_FTP
1998 /* This has only been tested on the proftpd server, and the mod_tls code
1999 sends a close notify alert without waiting for a close notify alert in
2000 response. Thus we wait for a close notify alert from the server, but
2001 we do not send one. Let's hope other servers do the same... */
2002
2003 if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE)
2004 (void)SSL_shutdown(backend->handle);
2005#endif
2006
2007 if(backend->handle) {
2008 buffsize = (int)sizeof(buf);
2009 while(!done && loop--) {
2010 int what = SOCKET_READABLE(Curl_conn_cf_get_socket(cf, data),
2011 SSL_SHUTDOWN_TIMEOUT);
2012 if(what > 0) {
2013 ERR_clear_error();
2014
2015 /* Something to read, let's do it and hope that it is the close
2016 notify alert from the server */
2017 nread = SSL_read(backend->handle, buf, buffsize);
2018 err = SSL_get_error(backend->handle, nread);
2019
2020 switch(err) {
2021 case SSL_ERROR_NONE: /* this is not an error */
2022 case SSL_ERROR_ZERO_RETURN: /* no more data */
2023 /* This is the expected response. There was no data but only
2024 the close notify alert */
2025 done = TRUE;
2026 break;
2027 case SSL_ERROR_WANT_READ:
2028 /* there's data pending, re-invoke SSL_read() */
2029 infof(data, "SSL_ERROR_WANT_READ");
2030 break;
2031 case SSL_ERROR_WANT_WRITE:
2032 /* SSL wants a write. Really odd. Let's bail out. */
2033 infof(data, "SSL_ERROR_WANT_WRITE");
2034 done = TRUE;
2035 break;
2036 default:
2037 /* openssl/ssl.h says "look at error stack/return value/errno" */
2038 sslerror = ERR_get_error();
2039 failf(data, OSSL_PACKAGE " SSL_read on shutdown: %s, errno %d",
2040 (sslerror ?
2041 ossl_strerror(sslerror, buf, sizeof(buf)) :
2042 SSL_ERROR_to_str(err)),
2043 SOCKERRNO);
2044 done = TRUE;
2045 break;
2046 }
2047 }
2048 else if(0 == what) {
2049 /* timeout */
2050 failf(data, "SSL shutdown timeout");
2051 done = TRUE;
2052 }
2053 else {
2054 /* anything that gets here is fatally bad */
2055 failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
2056 retval = -1;
2057 done = TRUE;
2058 }
2059 } /* while()-loop for the select() */
2060
2061 if(data->set.verbose) {
2062#ifdef HAVE_SSL_GET_SHUTDOWN
2063 switch(SSL_get_shutdown(backend->handle)) {
2064 case SSL_SENT_SHUTDOWN:
2065 infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN");
2066 break;
2067 case SSL_RECEIVED_SHUTDOWN:
2068 infof(data, "SSL_get_shutdown() returned SSL_RECEIVED_SHUTDOWN");
2069 break;
2070 case SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN:
2071 infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN|"
2072 "SSL_RECEIVED__SHUTDOWN");
2073 break;
2074 }
2075#endif
2076 }
2077
2078 SSL_free(backend->handle);
2079 backend->handle = NULL;
2080 }
2081 return retval;
2082}
2083
2084static void ossl_session_free(void *ptr)
2085{
2086 /* free the ID */
2087 SSL_SESSION_free(ptr);
2088}
2089
2090/*
2091 * This function is called when the 'data' struct is going away. Close
2092 * down everything and free all resources!
2093 */
2094static void ossl_close_all(struct Curl_easy *data)
2095{
2096#ifdef USE_OPENSSL_ENGINE
2097 if(data->state.engine) {
2098 ENGINE_finish(data->state.engine);
2099 ENGINE_free(data->state.engine);
2100 data->state.engine = NULL;
2101 }
2102#else
2103 (void)data;
2104#endif
2105#if !defined(HAVE_ERR_REMOVE_THREAD_STATE_DEPRECATED) && \
2106 defined(HAVE_ERR_REMOVE_THREAD_STATE)
2107 /* OpenSSL 1.0.1 and 1.0.2 build an error queue that is stored per-thread
2108 so we need to clean it here in case the thread will be killed. All OpenSSL
2109 code should extract the error in association with the error so clearing
2110 this queue here should be harmless at worst. */
2111 ERR_remove_thread_state(NULL);
2112#endif
2113}
2114
2115/* ====================================================== */
2116
2117/*
2118 * Match subjectAltName against the host name.
2119 */
2120static bool subj_alt_hostcheck(struct Curl_easy *data,
2121 const char *match_pattern,
2122 size_t matchlen,
2123 const char *hostname,
2124 size_t hostlen,
2125 const char *dispname)
2126{
2127#ifdef CURL_DISABLE_VERBOSE_STRINGS
2128 (void)dispname;
2129 (void)data;
2130#endif
2131 if(Curl_cert_hostcheck(match_pattern, matchlen, hostname, hostlen)) {
2132 infof(data, " subjectAltName: host \"%s\" matched cert's \"%s\"",
2133 dispname, match_pattern);
2134 return TRUE;
2135 }
2136 return FALSE;
2137}
2138
2139/* Quote from RFC2818 section 3.1 "Server Identity"
2140
2141 If a subjectAltName extension of type dNSName is present, that MUST
2142 be used as the identity. Otherwise, the (most specific) Common Name
2143 field in the Subject field of the certificate MUST be used. Although
2144 the use of the Common Name is existing practice, it is deprecated and
2145 Certification Authorities are encouraged to use the dNSName instead.
2146
2147 Matching is performed using the matching rules specified by
2148 [RFC2459]. If more than one identity of a given type is present in
2149 the certificate (e.g., more than one dNSName name, a match in any one
2150 of the set is considered acceptable.) Names may contain the wildcard
2151 character * which is considered to match any single domain name
2152 component or component fragment. E.g., *.a.com matches foo.a.com but
2153 not bar.foo.a.com. f*.com matches foo.com but not bar.com.
2154
2155 In some cases, the URI is specified as an IP address rather than a
2156 hostname. In this case, the iPAddress subjectAltName must be present
2157 in the certificate and must exactly match the IP in the URI.
2158
2159 This function is now used from ngtcp2 (QUIC) as well.
2160*/
2161CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn,
2162 struct ssl_peer *peer, X509 *server_cert)
2163{
2164 bool matched = FALSE;
2165 int target; /* target type, GEN_DNS or GEN_IPADD */
2166 size_t addrlen = 0;
2167 STACK_OF(GENERAL_NAME) *altnames;
2168#ifdef ENABLE_IPV6
2169 struct in6_addr addr;
2170#else
2171 struct in_addr addr;
2172#endif
2173 CURLcode result = CURLE_OK;
2174 bool dNSName = FALSE; /* if a dNSName field exists in the cert */
2175 bool iPAddress = FALSE; /* if a iPAddress field exists in the cert */
2176 size_t hostlen;
2177
2178 (void)conn;
2179 hostlen = strlen(peer->hostname);
2180 switch(peer->type) {
2181 case CURL_SSL_PEER_IPV4:
2182 if(!Curl_inet_pton(AF_INET, peer->hostname, &addr))
2183 return CURLE_PEER_FAILED_VERIFICATION;
2184 target = GEN_IPADD;
2185 addrlen = sizeof(struct in_addr);
2186 break;
2187#ifdef ENABLE_IPV6
2188 case CURL_SSL_PEER_IPV6:
2189 if(!Curl_inet_pton(AF_INET6, peer->hostname, &addr))
2190 return CURLE_PEER_FAILED_VERIFICATION;
2191 target = GEN_IPADD;
2192 addrlen = sizeof(struct in6_addr);
2193 break;
2194#endif
2195 case CURL_SSL_PEER_DNS:
2196 target = GEN_DNS;
2197 break;
2198 default:
2199 DEBUGASSERT(0);
2200 failf(data, "unexpected ssl peer type: %d", peer->type);
2201 return CURLE_PEER_FAILED_VERIFICATION;
2202 }
2203
2204 /* get a "list" of alternative names */
2205 altnames = X509_get_ext_d2i(server_cert, NID_subject_alt_name, NULL, NULL);
2206
2207 if(altnames) {
2208#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
2209 size_t numalts;
2210 size_t i;
2211#else
2212 int numalts;
2213 int i;
2214#endif
2215 bool dnsmatched = FALSE;
2216 bool ipmatched = FALSE;
2217
2218 /* get amount of alternatives, RFC2459 claims there MUST be at least
2219 one, but we don't depend on it... */
2220 numalts = sk_GENERAL_NAME_num(altnames);
2221
2222 /* loop through all alternatives - until a dnsmatch */
2223 for(i = 0; (i < numalts) && !dnsmatched; i++) {
2224 /* get a handle to alternative name number i */
2225 const GENERAL_NAME *check = sk_GENERAL_NAME_value(altnames, i);
2226
2227 if(check->type == GEN_DNS)
2228 dNSName = TRUE;
2229 else if(check->type == GEN_IPADD)
2230 iPAddress = TRUE;
2231
2232 /* only check alternatives of the same type the target is */
2233 if(check->type == target) {
2234 /* get data and length */
2235 const char *altptr = (char *)ASN1_STRING_get0_data(check->d.ia5);
2236 size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5);
2237
2238 switch(target) {
2239 case GEN_DNS: /* name/pattern comparison */
2240 /* The OpenSSL man page explicitly says: "In general it cannot be
2241 assumed that the data returned by ASN1_STRING_data() is null
2242 terminated or does not contain embedded nulls." But also that
2243 "The actual format of the data will depend on the actual string
2244 type itself: for example for an IA5String the data will be ASCII"
2245
2246 It has been however verified that in 0.9.6 and 0.9.7, IA5String
2247 is always null-terminated.
2248 */
2249 if((altlen == strlen(altptr)) &&
2250 /* if this isn't true, there was an embedded zero in the name
2251 string and we cannot match it. */
2252 subj_alt_hostcheck(data, altptr, altlen,
2253 peer->hostname, hostlen,
2254 peer->dispname)) {
2255 dnsmatched = TRUE;
2256 }
2257 break;
2258
2259 case GEN_IPADD: /* IP address comparison */
2260 /* compare alternative IP address if the data chunk is the same size
2261 our server IP address is */
2262 if((altlen == addrlen) && !memcmp(altptr, &addr, altlen)) {
2263 ipmatched = TRUE;
2264 infof(data,
2265 " subjectAltName: host \"%s\" matched cert's IP address!",
2266 peer->dispname);
2267 }
2268 break;
2269 }
2270 }
2271 }
2272 GENERAL_NAMES_free(altnames);
2273
2274 if(dnsmatched || ipmatched)
2275 matched = TRUE;
2276 }
2277
2278 if(matched)
2279 /* an alternative name matched */
2280 ;
2281 else if(dNSName || iPAddress) {
2282 const char *tname = (peer->type == CURL_SSL_PEER_DNS) ? "host name" :
2283 (peer->type == CURL_SSL_PEER_IPV4) ?
2284 "ipv4 address" : "ipv6 address";
2285 infof(data, " subjectAltName does not match %s %s", tname, peer->dispname);
2286 failf(data, "SSL: no alternative certificate subject name matches "
2287 "target %s '%s'", tname, peer->dispname);
2288 result = CURLE_PEER_FAILED_VERIFICATION;
2289 }
2290 else {
2291 /* we have to look to the last occurrence of a commonName in the
2292 distinguished one to get the most significant one. */
2293 int i = -1;
2294 unsigned char *peer_CN = NULL;
2295 int peerlen = 0;
2296
2297 /* The following is done because of a bug in 0.9.6b */
2298 X509_NAME *name = X509_get_subject_name(server_cert);
2299 if(name) {
2300 int j;
2301 while((j = X509_NAME_get_index_by_NID(name, NID_commonName, i)) >= 0)
2302 i = j;
2303 }
2304
2305 /* we have the name entry and we will now convert this to a string
2306 that we can use for comparison. Doing this we support BMPstring,
2307 UTF8, etc. */
2308
2309 if(i >= 0) {
2310 ASN1_STRING *tmp =
2311 X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
2312
2313 /* In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input
2314 is already UTF-8 encoded. We check for this case and copy the raw
2315 string manually to avoid the problem. This code can be made
2316 conditional in the future when OpenSSL has been fixed. */
2317 if(tmp) {
2318 if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
2319 peerlen = ASN1_STRING_length(tmp);
2320 if(peerlen >= 0) {
2321 peer_CN = OPENSSL_malloc(peerlen + 1);
2322 if(peer_CN) {
2323 memcpy(peer_CN, ASN1_STRING_get0_data(tmp), peerlen);
2324 peer_CN[peerlen] = '\0';
2325 }
2326 else
2327 result = CURLE_OUT_OF_MEMORY;
2328 }
2329 }
2330 else /* not a UTF8 name */
2331 peerlen = ASN1_STRING_to_UTF8(&peer_CN, tmp);
2332
2333 if(peer_CN && (curlx_uztosi(strlen((char *)peer_CN)) != peerlen)) {
2334 /* there was a terminating zero before the end of string, this
2335 cannot match and we return failure! */
2336 failf(data, "SSL: illegal cert name field");
2337 result = CURLE_PEER_FAILED_VERIFICATION;
2338 }
2339 }
2340 }
2341
2342 if(result)
2343 /* error already detected, pass through */
2344 ;
2345 else if(!peer_CN) {
2346 failf(data,
2347 "SSL: unable to obtain common name from peer certificate");
2348 result = CURLE_PEER_FAILED_VERIFICATION;
2349 }
2350 else if(!Curl_cert_hostcheck((const char *)peer_CN,
2351 peerlen, peer->hostname, hostlen)) {
2352 failf(data, "SSL: certificate subject name '%s' does not match "
2353 "target host name '%s'", peer_CN, peer->dispname);
2354 result = CURLE_PEER_FAILED_VERIFICATION;
2355 }
2356 else {
2357 infof(data, " common name: %s (matched)", peer_CN);
2358 }
2359 if(peer_CN)
2360 OPENSSL_free(peer_CN);
2361 }
2362
2363 return result;
2364}
2365
2366#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
2367 !defined(OPENSSL_NO_OCSP)
2368static CURLcode verifystatus(struct Curl_cfilter *cf,
2369 struct Curl_easy *data)
2370{
2371 struct ssl_connect_data *connssl = cf->ctx;
2372 int i, ocsp_status;
2373#if defined(OPENSSL_IS_AWSLC)
2374 const uint8_t *status;
2375#else
2376 unsigned char *status;
2377#endif
2378 const unsigned char *p;
2379 CURLcode result = CURLE_OK;
2380 OCSP_RESPONSE *rsp = NULL;
2381 OCSP_BASICRESP *br = NULL;
2382 X509_STORE *st = NULL;
2383 STACK_OF(X509) *ch = NULL;
2384 struct ossl_ssl_backend_data *backend =
2385 (struct ossl_ssl_backend_data *)connssl->backend;
2386 X509 *cert;
2387 OCSP_CERTID *id = NULL;
2388 int cert_status, crl_reason;
2389 ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
2390 int ret;
2391 long len;
2392
2393 DEBUGASSERT(backend);
2394
2395 len = SSL_get_tlsext_status_ocsp_resp(backend->handle, &status);
2396
2397 if(!status) {
2398 failf(data, "No OCSP response received");
2399 result = CURLE_SSL_INVALIDCERTSTATUS;
2400 goto end;
2401 }
2402 p = status;
2403 rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
2404 if(!rsp) {
2405 failf(data, "Invalid OCSP response");
2406 result = CURLE_SSL_INVALIDCERTSTATUS;
2407 goto end;
2408 }
2409
2410 ocsp_status = OCSP_response_status(rsp);
2411 if(ocsp_status != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
2412 failf(data, "Invalid OCSP response status: %s (%d)",
2413 OCSP_response_status_str(ocsp_status), ocsp_status);
2414 result = CURLE_SSL_INVALIDCERTSTATUS;
2415 goto end;
2416 }
2417
2418 br = OCSP_response_get1_basic(rsp);
2419 if(!br) {
2420 failf(data, "Invalid OCSP response");
2421 result = CURLE_SSL_INVALIDCERTSTATUS;
2422 goto end;
2423 }
2424
2425 ch = SSL_get_peer_cert_chain(backend->handle);
2426 if(!ch) {
2427 failf(data, "Could not get peer certificate chain");
2428 result = CURLE_SSL_INVALIDCERTSTATUS;
2429 goto end;
2430 }
2431 st = SSL_CTX_get_cert_store(backend->ctx);
2432
2433#if ((OPENSSL_VERSION_NUMBER <= 0x1000201fL) /* Fixed after 1.0.2a */ || \
2434 (defined(LIBRESSL_VERSION_NUMBER) && \
2435 LIBRESSL_VERSION_NUMBER <= 0x2040200fL))
2436 /* The authorized responder cert in the OCSP response MUST be signed by the
2437 peer cert's issuer (see RFC6960 section 4.2.2.2). If that's a root cert,
2438 no problem, but if it's an intermediate cert OpenSSL has a bug where it
2439 expects this issuer to be present in the chain embedded in the OCSP
2440 response. So we add it if necessary. */
2441
2442 /* First make sure the peer cert chain includes both a peer and an issuer,
2443 and the OCSP response contains a responder cert. */
2444 if(sk_X509_num(ch) >= 2 && sk_X509_num(br->certs) >= 1) {
2445 X509 *responder = sk_X509_value(br->certs, sk_X509_num(br->certs) - 1);
2446
2447 /* Find issuer of responder cert and add it to the OCSP response chain */
2448 for(i = 0; i < sk_X509_num(ch); i++) {
2449 X509 *issuer = sk_X509_value(ch, i);
2450 if(X509_check_issued(issuer, responder) == X509_V_OK) {
2451 if(!OCSP_basic_add1_cert(br, issuer)) {
2452 failf(data, "Could not add issuer cert to OCSP response");
2453 result = CURLE_SSL_INVALIDCERTSTATUS;
2454 goto end;
2455 }
2456 }
2457 }
2458 }
2459#endif
2460
2461 if(OCSP_basic_verify(br, ch, st, 0) <= 0) {
2462 failf(data, "OCSP response verification failed");
2463 result = CURLE_SSL_INVALIDCERTSTATUS;
2464 goto end;
2465 }
2466
2467 /* Compute the certificate's ID */
2468 cert = SSL_get1_peer_certificate(backend->handle);
2469 if(!cert) {
2470 failf(data, "Error getting peer certificate");
2471 result = CURLE_SSL_INVALIDCERTSTATUS;
2472 goto end;
2473 }
2474
2475 for(i = 0; i < (int)sk_X509_num(ch); i++) {
2476 X509 *issuer = sk_X509_value(ch, i);
2477 if(X509_check_issued(issuer, cert) == X509_V_OK) {
2478 id = OCSP_cert_to_id(EVP_sha1(), cert, issuer);
2479 break;
2480 }
2481 }
2482 X509_free(cert);
2483
2484 if(!id) {
2485 failf(data, "Error computing OCSP ID");
2486 result = CURLE_SSL_INVALIDCERTSTATUS;
2487 goto end;
2488 }
2489
2490 /* Find the single OCSP response corresponding to the certificate ID */
2491 ret = OCSP_resp_find_status(br, id, &cert_status, &crl_reason, &rev,
2492 &thisupd, &nextupd);
2493 OCSP_CERTID_free(id);
2494 if(ret != 1) {
2495 failf(data, "Could not find certificate ID in OCSP response");
2496 result = CURLE_SSL_INVALIDCERTSTATUS;
2497 goto end;
2498 }
2499
2500 /* Validate the corresponding single OCSP response */
2501 if(!OCSP_check_validity(thisupd, nextupd, 300L, -1L)) {
2502 failf(data, "OCSP response has expired");
2503 result = CURLE_SSL_INVALIDCERTSTATUS;
2504 goto end;
2505 }
2506
2507 infof(data, "SSL certificate status: %s (%d)",
2508 OCSP_cert_status_str(cert_status), cert_status);
2509
2510 switch(cert_status) {
2511 case V_OCSP_CERTSTATUS_GOOD:
2512 break;
2513
2514 case V_OCSP_CERTSTATUS_REVOKED:
2515 result = CURLE_SSL_INVALIDCERTSTATUS;
2516 failf(data, "SSL certificate revocation reason: %s (%d)",
2517 OCSP_crl_reason_str(crl_reason), crl_reason);
2518 goto end;
2519
2520 case V_OCSP_CERTSTATUS_UNKNOWN:
2521 default:
2522 result = CURLE_SSL_INVALIDCERTSTATUS;
2523 goto end;
2524 }
2525
2526end:
2527 if(br)
2528 OCSP_BASICRESP_free(br);
2529 OCSP_RESPONSE_free(rsp);
2530
2531 return result;
2532}
2533#endif
2534
2535#endif /* USE_OPENSSL */
2536
2537/* The SSL_CTRL_SET_MSG_CALLBACK doesn't exist in ancient OpenSSL versions
2538 and thus this cannot be done there. */
2539#ifdef SSL_CTRL_SET_MSG_CALLBACK
2540
2541static const char *ssl_msg_type(int ssl_ver, int msg)
2542{
2543#ifdef SSL2_VERSION_MAJOR
2544 if(ssl_ver == SSL2_VERSION_MAJOR) {
2545 switch(msg) {
2546 case SSL2_MT_ERROR:
2547 return "Error";
2548 case SSL2_MT_CLIENT_HELLO:
2549 return "Client hello";
2550 case SSL2_MT_CLIENT_MASTER_KEY:
2551 return "Client key";
2552 case SSL2_MT_CLIENT_FINISHED:
2553 return "Client finished";
2554 case SSL2_MT_SERVER_HELLO:
2555 return "Server hello";
2556 case SSL2_MT_SERVER_VERIFY:
2557 return "Server verify";
2558 case SSL2_MT_SERVER_FINISHED:
2559 return "Server finished";
2560 case SSL2_MT_REQUEST_CERTIFICATE:
2561 return "Request CERT";
2562 case SSL2_MT_CLIENT_CERTIFICATE:
2563 return "Client CERT";
2564 }
2565 }
2566 else
2567#endif
2568 if(ssl_ver == SSL3_VERSION_MAJOR) {
2569 switch(msg) {
2570 case SSL3_MT_HELLO_REQUEST:
2571 return "Hello request";
2572 case SSL3_MT_CLIENT_HELLO:
2573 return "Client hello";
2574 case SSL3_MT_SERVER_HELLO:
2575 return "Server hello";
2576#ifdef SSL3_MT_NEWSESSION_TICKET
2577 case SSL3_MT_NEWSESSION_TICKET:
2578 return "Newsession Ticket";
2579#endif
2580 case SSL3_MT_CERTIFICATE:
2581 return "Certificate";
2582 case SSL3_MT_SERVER_KEY_EXCHANGE:
2583 return "Server key exchange";
2584 case SSL3_MT_CLIENT_KEY_EXCHANGE:
2585 return "Client key exchange";
2586 case SSL3_MT_CERTIFICATE_REQUEST:
2587 return "Request CERT";
2588 case SSL3_MT_SERVER_DONE:
2589 return "Server finished";
2590 case SSL3_MT_CERTIFICATE_VERIFY:
2591 return "CERT verify";
2592 case SSL3_MT_FINISHED:
2593 return "Finished";
2594#ifdef SSL3_MT_CERTIFICATE_STATUS
2595 case SSL3_MT_CERTIFICATE_STATUS:
2596 return "Certificate Status";
2597#endif
2598#ifdef SSL3_MT_ENCRYPTED_EXTENSIONS
2599 case SSL3_MT_ENCRYPTED_EXTENSIONS:
2600 return "Encrypted Extensions";
2601#endif
2602#ifdef SSL3_MT_SUPPLEMENTAL_DATA
2603 case SSL3_MT_SUPPLEMENTAL_DATA:
2604 return "Supplemental data";
2605#endif
2606#ifdef SSL3_MT_END_OF_EARLY_DATA
2607 case SSL3_MT_END_OF_EARLY_DATA:
2608 return "End of early data";
2609#endif
2610#ifdef SSL3_MT_KEY_UPDATE
2611 case SSL3_MT_KEY_UPDATE:
2612 return "Key update";
2613#endif
2614#ifdef SSL3_MT_NEXT_PROTO
2615 case SSL3_MT_NEXT_PROTO:
2616 return "Next protocol";
2617#endif
2618#ifdef SSL3_MT_MESSAGE_HASH
2619 case SSL3_MT_MESSAGE_HASH:
2620 return "Message hash";
2621#endif
2622 }
2623 }
2624 return "Unknown";
2625}
2626
2627static const char *tls_rt_type(int type)
2628{
2629 switch(type) {
2630#ifdef SSL3_RT_HEADER
2631 case SSL3_RT_HEADER:
2632 return "TLS header";
2633#endif
2634 case SSL3_RT_CHANGE_CIPHER_SPEC:
2635 return "TLS change cipher";
2636 case SSL3_RT_ALERT:
2637 return "TLS alert";
2638 case SSL3_RT_HANDSHAKE:
2639 return "TLS handshake";
2640 case SSL3_RT_APPLICATION_DATA:
2641 return "TLS app data";
2642 default:
2643 return "TLS Unknown";
2644 }
2645}
2646
2647/*
2648 * Our callback from the SSL/TLS layers.
2649 */
2650static void ossl_trace(int direction, int ssl_ver, int content_type,
2651 const void *buf, size_t len, SSL *ssl,
2652 void *userp)
2653{
2654 const char *verstr = "???";
2655 struct Curl_cfilter *cf = userp;
2656 struct Curl_easy *data = NULL;
2657 char unknown[32];
2658
2659 if(!cf)
2660 return;
2661 data = CF_DATA_CURRENT(cf);
2662 if(!data || !data->set.fdebug || (direction && direction != 1))
2663 return;
2664
2665 switch(ssl_ver) {
2666#ifdef SSL2_VERSION /* removed in recent versions */
2667 case SSL2_VERSION:
2668 verstr = "SSLv2";
2669 break;
2670#endif
2671#ifdef SSL3_VERSION
2672 case SSL3_VERSION:
2673 verstr = "SSLv3";
2674 break;
2675#endif
2676 case TLS1_VERSION:
2677 verstr = "TLSv1.0";
2678 break;
2679#ifdef TLS1_1_VERSION
2680 case TLS1_1_VERSION:
2681 verstr = "TLSv1.1";
2682 break;
2683#endif
2684#ifdef TLS1_2_VERSION
2685 case TLS1_2_VERSION:
2686 verstr = "TLSv1.2";
2687 break;
2688#endif
2689#ifdef TLS1_3_VERSION
2690 case TLS1_3_VERSION:
2691 verstr = "TLSv1.3";
2692 break;
2693#endif
2694 case 0:
2695 break;
2696 default:
2697 msnprintf(unknown, sizeof(unknown), "(%x)", ssl_ver);
2698 verstr = unknown;
2699 break;
2700 }
2701
2702 /* Log progress for interesting records only (like Handshake or Alert), skip
2703 * all raw record headers (content_type == SSL3_RT_HEADER or ssl_ver == 0).
2704 * For TLS 1.3, skip notification of the decrypted inner Content-Type.
2705 */
2706 if(ssl_ver
2707#ifdef SSL3_RT_HEADER
2708 && content_type != SSL3_RT_HEADER
2709#endif
2710#ifdef SSL3_RT_INNER_CONTENT_TYPE
2711 && content_type != SSL3_RT_INNER_CONTENT_TYPE
2712#endif
2713 ) {
2714 const char *msg_name, *tls_rt_name;
2715 char ssl_buf[1024];
2716 int msg_type, txt_len;
2717
2718 /* the info given when the version is zero is not that useful for us */
2719
2720 ssl_ver >>= 8; /* check the upper 8 bits only below */
2721
2722 /* SSLv2 doesn't seem to have TLS record-type headers, so OpenSSL
2723 * always pass-up content-type as 0. But the interesting message-type
2724 * is at 'buf[0]'.
2725 */
2726 if(ssl_ver == SSL3_VERSION_MAJOR && content_type)
2727 tls_rt_name = tls_rt_type(content_type);
2728 else
2729 tls_rt_name = "";
2730
2731 if(content_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
2732 msg_type = *(char *)buf;
2733 msg_name = "Change cipher spec";
2734 }
2735 else if(content_type == SSL3_RT_ALERT) {
2736 msg_type = (((char *)buf)[0] << 8) + ((char *)buf)[1];
2737 msg_name = SSL_alert_desc_string_long(msg_type);
2738 }
2739 else {
2740 msg_type = *(char *)buf;
2741 msg_name = ssl_msg_type(ssl_ver, msg_type);
2742 }
2743
2744 txt_len = msnprintf(ssl_buf, sizeof(ssl_buf),
2745 "%s (%s), %s, %s (%d):\n",
2746 verstr, direction?"OUT":"IN",
2747 tls_rt_name, msg_name, msg_type);
2748 if(0 <= txt_len && (unsigned)txt_len < sizeof(ssl_buf)) {
2749 Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len);
2750 }
2751 }
2752
2753 Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT :
2754 CURLINFO_SSL_DATA_IN, (char *)buf, len);
2755 (void) ssl;
2756}
2757#endif
2758
2759#ifdef USE_OPENSSL
2760/* ====================================================== */
2761
2762/* Check for OpenSSL 1.0.2 which has ALPN support. */
2763#undef HAS_ALPN
2764#if OPENSSL_VERSION_NUMBER >= 0x10002000L \
2765 && !defined(OPENSSL_NO_TLSEXT)
2766# define HAS_ALPN 1
2767#endif
2768
2769#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) /* 1.1.0 */
2770static CURLcode
2771ossl_set_ssl_version_min_max(struct Curl_cfilter *cf, SSL_CTX *ctx)
2772{
2773 struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
2774 /* first, TLS min version... */
2775 long curl_ssl_version_min = conn_config->version;
2776 long curl_ssl_version_max;
2777
2778 /* convert curl min SSL version option to OpenSSL constant */
2779#if (defined(OPENSSL_IS_BORINGSSL) || \
2780 defined(OPENSSL_IS_AWSLC) || \
2781 defined(LIBRESSL_VERSION_NUMBER))
2782 uint16_t ossl_ssl_version_min = 0;
2783 uint16_t ossl_ssl_version_max = 0;
2784#else
2785 long ossl_ssl_version_min = 0;
2786 long ossl_ssl_version_max = 0;
2787#endif
2788 switch(curl_ssl_version_min) {
2789 case CURL_SSLVERSION_TLSv1: /* TLS 1.x */
2790 case CURL_SSLVERSION_TLSv1_0:
2791 ossl_ssl_version_min = TLS1_VERSION;
2792 break;
2793 case CURL_SSLVERSION_TLSv1_1:
2794 ossl_ssl_version_min = TLS1_1_VERSION;
2795 break;
2796 case CURL_SSLVERSION_TLSv1_2:
2797 ossl_ssl_version_min = TLS1_2_VERSION;
2798 break;
2799 case CURL_SSLVERSION_TLSv1_3:
2800#ifdef TLS1_3_VERSION
2801 ossl_ssl_version_min = TLS1_3_VERSION;
2802 break;
2803#else
2804 return CURLE_NOT_BUILT_IN;
2805#endif
2806 }
2807
2808 /* CURL_SSLVERSION_DEFAULT means that no option was selected.
2809 We don't want to pass 0 to SSL_CTX_set_min_proto_version as
2810 it would enable all versions down to the lowest supported by
2811 the library.
2812 So we skip this, and stay with the library default
2813 */
2814 if(curl_ssl_version_min != CURL_SSLVERSION_DEFAULT) {
2815 if(!SSL_CTX_set_min_proto_version(ctx, ossl_ssl_version_min)) {
2816 return CURLE_SSL_CONNECT_ERROR;
2817 }
2818 }
2819
2820 /* ... then, TLS max version */
2821 curl_ssl_version_max = conn_config->version_max;
2822
2823 /* convert curl max SSL version option to OpenSSL constant */
2824 switch(curl_ssl_version_max) {
2825 case CURL_SSLVERSION_MAX_TLSv1_0:
2826 ossl_ssl_version_max = TLS1_VERSION;
2827 break;
2828 case CURL_SSLVERSION_MAX_TLSv1_1:
2829 ossl_ssl_version_max = TLS1_1_VERSION;
2830 break;
2831 case CURL_SSLVERSION_MAX_TLSv1_2:
2832 ossl_ssl_version_max = TLS1_2_VERSION;
2833 break;
2834#ifdef TLS1_3_VERSION
2835 case CURL_SSLVERSION_MAX_TLSv1_3:
2836 ossl_ssl_version_max = TLS1_3_VERSION;
2837 break;
2838#endif
2839 case CURL_SSLVERSION_MAX_NONE: /* none selected */
2840 case CURL_SSLVERSION_MAX_DEFAULT: /* max selected */
2841 default:
2842 /* SSL_CTX_set_max_proto_version states that:
2843 setting the maximum to 0 will enable
2844 protocol versions up to the highest version
2845 supported by the library */
2846 ossl_ssl_version_max = 0;
2847 break;
2848 }
2849
2850 if(!SSL_CTX_set_max_proto_version(ctx, ossl_ssl_version_max)) {
2851 return CURLE_SSL_CONNECT_ERROR;
2852 }
2853
2854 return CURLE_OK;
2855}
2856#endif
2857
2858#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
2859typedef uint32_t ctx_option_t;
2860#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
2861typedef uint64_t ctx_option_t;
2862#else
2863typedef long ctx_option_t;
2864#endif
2865
2866#if (OPENSSL_VERSION_NUMBER < 0x10100000L) /* 1.1.0 */
2867static CURLcode
2868ossl_set_ssl_version_min_max_legacy(ctx_option_t *ctx_options,
2869 struct Curl_cfilter *cf,
2870 struct Curl_easy *data)
2871{
2872 struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
2873 long ssl_version = conn_config->version;
2874 long ssl_version_max = conn_config->version_max;
2875
2876 (void) data; /* In case it's unused. */
2877
2878 switch(ssl_version) {
2879 case CURL_SSLVERSION_TLSv1_3:
2880#ifdef TLS1_3_VERSION
2881 {
2882 struct ssl_connect_data *connssl = cf->ctx;
2883 struct ossl_ssl_backend_data *backend =
2884 (struct ossl_ssl_backend_data *)connssl->backend;
2885 DEBUGASSERT(backend);
2886 SSL_CTX_set_max_proto_version(backend->ctx, TLS1_3_VERSION);
2887 *ctx_options |= SSL_OP_NO_TLSv1_2;
2888 }
2889#else
2890 (void)ctx_options;
2891 failf(data, OSSL_PACKAGE " was built without TLS 1.3 support");
2892 return CURLE_NOT_BUILT_IN;
2893#endif
2894 FALLTHROUGH();
2895 case CURL_SSLVERSION_TLSv1_2:
2896#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
2897 *ctx_options |= SSL_OP_NO_TLSv1_1;
2898#else
2899 failf(data, OSSL_PACKAGE " was built without TLS 1.2 support");
2900 return CURLE_NOT_BUILT_IN;
2901#endif
2902 FALLTHROUGH();
2903 case CURL_SSLVERSION_TLSv1_1:
2904#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
2905 *ctx_options |= SSL_OP_NO_TLSv1;
2906#else
2907 failf(data, OSSL_PACKAGE " was built without TLS 1.1 support");
2908 return CURLE_NOT_BUILT_IN;
2909#endif
2910 FALLTHROUGH();
2911 case CURL_SSLVERSION_TLSv1_0:
2912 case CURL_SSLVERSION_TLSv1:
2913 break;
2914 }
2915
2916 switch(ssl_version_max) {
2917 case CURL_SSLVERSION_MAX_TLSv1_0:
2918#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
2919 *ctx_options |= SSL_OP_NO_TLSv1_1;
2920#endif
2921 FALLTHROUGH();
2922 case CURL_SSLVERSION_MAX_TLSv1_1:
2923#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
2924 *ctx_options |= SSL_OP_NO_TLSv1_2;
2925#endif
2926 FALLTHROUGH();
2927 case CURL_SSLVERSION_MAX_TLSv1_2:
2928#ifdef TLS1_3_VERSION
2929 *ctx_options |= SSL_OP_NO_TLSv1_3;
2930#endif
2931 break;
2932 case CURL_SSLVERSION_MAX_TLSv1_3:
2933#ifdef TLS1_3_VERSION
2934 break;
2935#else
2936 failf(data, OSSL_PACKAGE " was built without TLS 1.3 support");
2937 return CURLE_NOT_BUILT_IN;
2938#endif
2939 }
2940 return CURLE_OK;
2941}
2942#endif
2943
2944/* The "new session" callback must return zero if the session can be removed
2945 * or non-zero if the session has been put into the session cache.
2946 */
2947static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid)
2948{
2949 int res = 0;
2950 struct Curl_easy *data;
2951 struct Curl_cfilter *cf;
2952 const struct ssl_config_data *config;
2953 struct ssl_connect_data *connssl;
2954 bool isproxy;
2955
2956 cf = (struct Curl_cfilter*) SSL_get_app_data(ssl);
2957 connssl = cf? cf->ctx : NULL;
2958 data = connssl? CF_DATA_CURRENT(cf) : NULL;
2959 /* The sockindex has been stored as a pointer to an array element */
2960 if(!cf || !data)
2961 return 0;
2962
2963 isproxy = Curl_ssl_cf_is_proxy(cf);
2964
2965 config = Curl_ssl_cf_get_config(cf, data);
2966 if(config->primary.sessionid) {
2967 bool incache;
2968 bool added = FALSE;
2969 void *old_ssl_sessionid = NULL;
2970
2971 Curl_ssl_sessionid_lock(data);
2972 if(isproxy)
2973 incache = FALSE;
2974 else
2975 incache = !(Curl_ssl_getsessionid(cf, data, &old_ssl_sessionid, NULL));
2976 if(incache) {
2977 if(old_ssl_sessionid != ssl_sessionid) {
2978 infof(data, "old SSL session ID is stale, removing");
2979 Curl_ssl_delsessionid(data, old_ssl_sessionid);
2980 incache = FALSE;
2981 }
2982 }
2983
2984 if(!incache) {
2985 if(!Curl_ssl_addsessionid(cf, data, ssl_sessionid,
2986 0 /* unknown size */, &added)) {
2987 if(added) {
2988 /* the session has been put into the session cache */
2989 res = 1;
2990 }
2991 }
2992 else
2993 failf(data, "failed to store ssl session");
2994 }
2995 Curl_ssl_sessionid_unlock(data);
2996 }
2997
2998 return res;
2999}
3000
3001static CURLcode load_cacert_from_memory(X509_STORE *store,
3002 const struct curl_blob *ca_info_blob)
3003{
3004 /* these need to be freed at the end */
3005 BIO *cbio = NULL;
3006 STACK_OF(X509_INFO) *inf = NULL;
3007
3008 /* everything else is just a reference */
3009 int i, count = 0;
3010 X509_INFO *itmp = NULL;
3011
3012 if(ca_info_blob->len > (size_t)INT_MAX)
3013 return CURLE_SSL_CACERT_BADFILE;
3014
3015 cbio = BIO_new_mem_buf(ca_info_blob->data, (int)ca_info_blob->len);
3016 if(!cbio)
3017 return CURLE_OUT_OF_MEMORY;
3018
3019 inf = PEM_X509_INFO_read_bio(cbio, NULL, NULL, NULL);
3020 if(!inf) {
3021 BIO_free(cbio);
3022 return CURLE_SSL_CACERT_BADFILE;
3023 }
3024
3025 /* add each entry from PEM file to x509_store */
3026 for(i = 0; i < (int)sk_X509_INFO_num(inf); ++i) {
3027 itmp = sk_X509_INFO_value(inf, i);
3028 if(itmp->x509) {
3029 if(X509_STORE_add_cert(store, itmp->x509)) {
3030 ++count;
3031 }
3032 else {
3033 /* set count to 0 to return an error */
3034 count = 0;
3035 break;
3036 }
3037 }
3038 if(itmp->crl) {
3039 if(X509_STORE_add_crl(store, itmp->crl)) {
3040 ++count;
3041 }
3042 else {
3043 /* set count to 0 to return an error */
3044 count = 0;
3045 break;
3046 }
3047 }
3048 }
3049
3050 sk_X509_INFO_pop_free(inf, X509_INFO_free);
3051 BIO_free(cbio);
3052
3053 /* if we didn't end up importing anything, treat that as an error */
3054 return (count > 0) ? CURLE_OK : CURLE_SSL_CACERT_BADFILE;
3055}
3056
3057#if defined(USE_WIN32_CRYPTO)
3058static CURLcode import_windows_cert_store(struct Curl_easy *data,
3059 const char *name,
3060 X509_STORE *store,
3061 bool *imported)
3062{
3063 CURLcode result = CURLE_OK;
3064 HCERTSTORE hStore;
3065
3066 *imported = false;
3067
3068 hStore = CertOpenSystemStoreA(0, name);
3069 if(hStore) {
3070 PCCERT_CONTEXT pContext = NULL;
3071 /* The array of enhanced key usage OIDs will vary per certificate and
3072 is declared outside of the loop so that rather than malloc/free each
3073 iteration we can grow it with realloc, when necessary. */
3074 CERT_ENHKEY_USAGE *enhkey_usage = NULL;
3075 DWORD enhkey_usage_size = 0;
3076
3077 /* This loop makes a best effort to import all valid certificates from
3078 the MS root store. If a certificate cannot be imported it is
3079 skipped. 'result' is used to store only hard-fail conditions (such
3080 as out of memory) that cause an early break. */
3081 result = CURLE_OK;
3082 for(;;) {
3083 X509 *x509;
3084 FILETIME now;
3085 BYTE key_usage[2];
3086 DWORD req_size;
3087 const unsigned char *encoded_cert;
3088#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
3089 char cert_name[256];
3090#endif
3091
3092 pContext = CertEnumCertificatesInStore(hStore, pContext);
3093 if(!pContext)
3094 break;
3095
3096#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
3097 if(!CertGetNameStringA(pContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0,
3098 NULL, cert_name, sizeof(cert_name))) {
3099 strcpy(cert_name, "Unknown");
3100 }
3101 infof(data, "SSL: Checking cert \"%s\"", cert_name);
3102#endif
3103 encoded_cert = (const unsigned char *)pContext->pbCertEncoded;
3104 if(!encoded_cert)
3105 continue;
3106
3107 GetSystemTimeAsFileTime(&now);
3108 if(CompareFileTime(&pContext->pCertInfo->NotBefore, &now) > 0 ||
3109 CompareFileTime(&now, &pContext->pCertInfo->NotAfter) > 0)
3110 continue;
3111
3112 /* If key usage exists check for signing attribute */
3113 if(CertGetIntendedKeyUsage(pContext->dwCertEncodingType,
3114 pContext->pCertInfo,
3115 key_usage, sizeof(key_usage))) {
3116 if(!(key_usage[0] & CERT_KEY_CERT_SIGN_KEY_USAGE))
3117 continue;
3118 }
3119 else if(GetLastError())
3120 continue;
3121
3122 /* If enhanced key usage exists check for server auth attribute.
3123 *
3124 * Note "In a Microsoft environment, a certificate might also have
3125 * EKU extended properties that specify valid uses for the
3126 * certificate." The call below checks both, and behavior varies
3127 * depending on what is found. For more details see
3128 * CertGetEnhancedKeyUsage doc.
3129 */
3130 if(CertGetEnhancedKeyUsage(pContext, 0, NULL, &req_size)) {
3131 if(req_size && req_size > enhkey_usage_size) {
3132 void *tmp = realloc(enhkey_usage, req_size);
3133
3134 if(!tmp) {
3135 failf(data, "SSL: Out of memory allocating for OID list");
3136 result = CURLE_OUT_OF_MEMORY;
3137 break;
3138 }
3139
3140 enhkey_usage = (CERT_ENHKEY_USAGE *)tmp;
3141 enhkey_usage_size = req_size;
3142 }
3143
3144 if(CertGetEnhancedKeyUsage(pContext, 0, enhkey_usage, &req_size)) {
3145 if(!enhkey_usage->cUsageIdentifier) {
3146 /* "If GetLastError returns CRYPT_E_NOT_FOUND, the certificate
3147 is good for all uses. If it returns zero, the certificate
3148 has no valid uses." */
3149 if((HRESULT)GetLastError() != CRYPT_E_NOT_FOUND)
3150 continue;
3151 }
3152 else {
3153 DWORD i;
3154 bool found = false;
3155
3156 for(i = 0; i < enhkey_usage->cUsageIdentifier; ++i) {
3157 if(!strcmp("1.3.6.1.5.5.7.3.1" /* OID server auth */,
3158 enhkey_usage->rgpszUsageIdentifier[i])) {
3159 found = true;
3160 break;
3161 }
3162 }
3163
3164 if(!found)
3165 continue;
3166 }
3167 }
3168 else
3169 continue;
3170 }
3171 else
3172 continue;
3173
3174 x509 = d2i_X509(NULL, &encoded_cert, pContext->cbCertEncoded);
3175 if(!x509)
3176 continue;
3177
3178 /* Try to import the certificate. This may fail for legitimate
3179 reasons such as duplicate certificate, which is allowed by MS but
3180 not OpenSSL. */
3181 if(X509_STORE_add_cert(store, x509) == 1) {
3182#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
3183 infof(data, "SSL: Imported cert \"%s\"", cert_name);
3184#endif
3185 *imported = true;
3186 }
3187 X509_free(x509);
3188 }
3189
3190 free(enhkey_usage);
3191 CertFreeCertificateContext(pContext);
3192 CertCloseStore(hStore, 0);
3193
3194 if(result)
3195 return result;
3196 }
3197
3198 return result;
3199}
3200#endif
3201
3202static CURLcode populate_x509_store(struct Curl_cfilter *cf,
3203 struct Curl_easy *data,
3204 X509_STORE *store)
3205{
3206 struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
3207 struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
3208 CURLcode result = CURLE_OK;
3209 X509_LOOKUP *lookup = NULL;
3210 const struct curl_blob *ca_info_blob = conn_config->ca_info_blob;
3211 const char * const ssl_cafile =
3212 /* CURLOPT_CAINFO_BLOB overrides CURLOPT_CAINFO */
3213 (ca_info_blob ? NULL : conn_config->CAfile);
3214 const char * const ssl_capath = conn_config->CApath;
3215 const char * const ssl_crlfile = ssl_config->primary.CRLfile;
3216 const bool verifypeer = conn_config->verifypeer;
3217 bool imported_native_ca = false;
3218 bool imported_ca_info_blob = false;
3219
3220 CURL_TRC_CF(data, cf, "populate_x509_store, path=%s, blob=%d",
3221 ssl_cafile? ssl_cafile : "none", !!ca_info_blob);
3222 if(!store)
3223 return CURLE_OUT_OF_MEMORY;
3224
3225 if(verifypeer) {
3226#if defined(USE_WIN32_CRYPTO)
3227 /* Import certificates from the Windows root certificate store if
3228 requested.
3229 https://stackoverflow.com/questions/9507184/
3230 https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L1037
3231 https://datatracker.ietf.org/doc/html/rfc5280 */
3232 if(ssl_config->native_ca_store) {
3233 const char *storeNames[] = {
3234 "ROOT", /* Trusted Root Certification Authorities */
3235 "CA" /* Intermediate Certification Authorities */
3236 };
3237 size_t i;
3238 for(i = 0; i < ARRAYSIZE(storeNames); ++i) {
3239 bool imported = false;
3240 result = import_windows_cert_store(data, storeNames[i], store,
3241 &imported);
3242 if(result)
3243 return result;
3244 if(imported) {
3245 infof(data, "successfully imported Windows %s store", storeNames[i]);
3246 imported_native_ca = true;
3247 }
3248 else
3249 infof(data, "error importing Windows %s store, continuing anyway",
3250 storeNames[i]);
3251 }
3252 }
3253#endif
3254 if(ca_info_blob) {
3255 result = load_cacert_from_memory(store, ca_info_blob);
3256 if(result) {
3257 failf(data, "error importing CA certificate blob");
3258 return result;
3259 }
3260 else {
3261 imported_ca_info_blob = true;
3262 infof(data, "successfully imported CA certificate blob");
3263 }
3264 }
3265
3266 if(ssl_cafile || ssl_capath) {
3267#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
3268 /* OpenSSL 3.0.0 has deprecated SSL_CTX_load_verify_locations */
3269 if(ssl_cafile && !X509_STORE_load_file(store, ssl_cafile)) {
3270 if(!imported_native_ca && !imported_ca_info_blob) {
3271 /* Fail if we insist on successfully verifying the server. */
3272 failf(data, "error setting certificate file: %s", ssl_cafile);
3273 return CURLE_SSL_CACERT_BADFILE;
3274 }
3275 else
3276 infof(data, "error setting certificate file, continuing anyway");
3277 }
3278 if(ssl_capath && !X509_STORE_load_path(store, ssl_capath)) {
3279 if(!imported_native_ca && !imported_ca_info_blob) {
3280 /* Fail if we insist on successfully verifying the server. */
3281 failf(data, "error setting certificate path: %s", ssl_capath);
3282 return CURLE_SSL_CACERT_BADFILE;
3283 }
3284 else
3285 infof(data, "error setting certificate path, continuing anyway");
3286 }
3287#else
3288 /* tell OpenSSL where to find CA certificates that are used to verify the
3289 server's certificate. */
3290 if(!X509_STORE_load_locations(store, ssl_cafile, ssl_capath)) {
3291 if(!imported_native_ca && !imported_ca_info_blob) {
3292 /* Fail if we insist on successfully verifying the server. */
3293 failf(data, "error setting certificate verify locations:"
3294 " CAfile: %s CApath: %s",
3295 ssl_cafile ? ssl_cafile : "none",
3296 ssl_capath ? ssl_capath : "none");
3297 return CURLE_SSL_CACERT_BADFILE;
3298 }
3299 else {
3300 infof(data, "error setting certificate verify locations,"
3301 " continuing anyway");
3302 }
3303 }
3304#endif
3305 infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none");
3306 infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none");
3307 }
3308
3309#ifdef CURL_CA_FALLBACK
3310 if(!ssl_cafile && !ssl_capath &&
3311 !imported_native_ca && !imported_ca_info_blob) {
3312 /* verifying the peer without any CA certificates won't
3313 work so use openssl's built-in default as fallback */
3314 X509_STORE_set_default_paths(store);
3315 }
3316#endif
3317 }
3318
3319 if(ssl_crlfile) {
3320 /* tell OpenSSL where to find CRL file that is used to check certificate
3321 * revocation */
3322 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
3323 if(!lookup ||
3324 (!X509_load_crl_file(lookup, ssl_crlfile, X509_FILETYPE_PEM)) ) {
3325 failf(data, "error loading CRL file: %s", ssl_crlfile);
3326 return CURLE_SSL_CRL_BADFILE;
3327 }
3328 /* Everything is fine. */
3329 infof(data, "successfully loaded CRL file:");
3330 X509_STORE_set_flags(store,
3331 X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
3332
3333 infof(data, " CRLfile: %s", ssl_crlfile);
3334 }
3335
3336 if(verifypeer) {
3337 /* Try building a chain using issuers in the trusted store first to avoid
3338 problems with server-sent legacy intermediates. Newer versions of
3339 OpenSSL do alternate chain checking by default but we do not know how to
3340 determine that in a reliable manner.
3341 https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest
3342 */
3343#if defined(X509_V_FLAG_TRUSTED_FIRST)
3344 X509_STORE_set_flags(store, X509_V_FLAG_TRUSTED_FIRST);
3345#endif
3346#ifdef X509_V_FLAG_PARTIAL_CHAIN
3347 if(!ssl_config->no_partialchain && !ssl_crlfile) {
3348 /* Have intermediate certificates in the trust store be treated as
3349 trust-anchors, in the same way as self-signed root CA certificates
3350 are. This allows users to verify servers using the intermediate cert
3351 only, instead of needing the whole chain.
3352
3353 Due to OpenSSL bug https://github.com/openssl/openssl/issues/5081 we
3354 cannot do partial chains with a CRL check.
3355 */
3356 X509_STORE_set_flags(store, X509_V_FLAG_PARTIAL_CHAIN);
3357 }
3358#endif
3359 }
3360
3361 return result;
3362}
3363
3364#if defined(HAVE_SSL_X509_STORE_SHARE)
3365static bool cached_x509_store_expired(const struct Curl_easy *data,
3366 const struct multi_ssl_backend_data *mb)
3367{
3368 const struct ssl_general_config *cfg = &data->set.general_ssl;
3369 struct curltime now = Curl_now();
3370 timediff_t elapsed_ms = Curl_timediff(now, mb->time);
3371 timediff_t timeout_ms = cfg->ca_cache_timeout * (timediff_t)1000;
3372
3373 if(timeout_ms < 0)
3374 return false;
3375
3376 return elapsed_ms >= timeout_ms;
3377}
3378
3379static bool cached_x509_store_different(
3380 struct Curl_cfilter *cf,
3381 const struct multi_ssl_backend_data *mb)
3382{
3383 struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
3384 if(!mb->CAfile || !conn_config->CAfile)
3385 return mb->CAfile != conn_config->CAfile;
3386
3387 return strcmp(mb->CAfile, conn_config->CAfile);
3388}
3389
3390static X509_STORE *get_cached_x509_store(struct Curl_cfilter *cf,
3391 const struct Curl_easy *data)
3392{
3393 struct Curl_multi *multi = data->multi_easy ? data->multi_easy : data->multi;
3394 X509_STORE *store = NULL;
3395
3396 DEBUGASSERT(multi);
3397 if(multi &&
3398 multi->ssl_backend_data &&
3399 multi->ssl_backend_data->store &&
3400 !cached_x509_store_expired(data, multi->ssl_backend_data) &&
3401 !cached_x509_store_different(cf, multi->ssl_backend_data)) {
3402 store = multi->ssl_backend_data->store;
3403 }
3404
3405 return store;
3406}
3407
3408static void set_cached_x509_store(struct Curl_cfilter *cf,
3409 const struct Curl_easy *data,
3410 X509_STORE *store)
3411{
3412 struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
3413 struct Curl_multi *multi = data->multi_easy ? data->multi_easy : data->multi;
3414 struct multi_ssl_backend_data *mbackend;
3415
3416 DEBUGASSERT(multi);
3417 if(!multi)
3418 return;
3419
3420 if(!multi->ssl_backend_data) {
3421 multi->ssl_backend_data = calloc(1, sizeof(struct multi_ssl_backend_data));
3422 if(!multi->ssl_backend_data)
3423 return;
3424 }
3425
3426 mbackend = multi->ssl_backend_data;
3427
3428 if(X509_STORE_up_ref(store)) {
3429 char *CAfile = NULL;
3430
3431 if(conn_config->CAfile) {
3432 CAfile = strdup(conn_config->CAfile);
3433 if(!CAfile) {
3434 X509_STORE_free(store);
3435 return;
3436 }
3437 }
3438
3439 if(mbackend->store) {
3440 X509_STORE_free(mbackend->store);
3441 free(mbackend->CAfile);
3442 }
3443
3444 mbackend->time = Curl_now();
3445 mbackend->store = store;
3446 mbackend->CAfile = CAfile;
3447 }
3448}
3449
3450CURLcode Curl_ssl_setup_x509_store(struct Curl_cfilter *cf,
3451 struct Curl_easy *data,
3452 SSL_CTX *ssl_ctx)
3453{
3454 struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
3455 struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
3456 CURLcode result = CURLE_OK;
3457 X509_STORE *cached_store;
3458 bool cache_criteria_met;
3459
3460 /* Consider the X509 store cacheable if it comes exclusively from a CAfile,
3461 or no source is provided and we are falling back to openssl's built-in
3462 default. */
3463 cache_criteria_met = (data->set.general_ssl.ca_cache_timeout != 0) &&
3464 conn_config->verifypeer &&
3465 !conn_config->CApath &&
3466 !conn_config->ca_info_blob &&
3467 !ssl_config->primary.CRLfile &&
3468 !ssl_config->native_ca_store;
3469
3470 cached_store = get_cached_x509_store(cf, data);
3471 if(cached_store && cache_criteria_met && X509_STORE_up_ref(cached_store)) {
3472 SSL_CTX_set_cert_store(ssl_ctx, cached_store);
3473 }
3474 else {
3475 X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
3476
3477 result = populate_x509_store(cf, data, store);
3478 if(result == CURLE_OK && cache_criteria_met) {
3479 set_cached_x509_store(cf, data, store);
3480 }
3481 }
3482
3483 return result;
3484}
3485#else /* HAVE_SSL_X509_STORE_SHARE */
3486CURLcode Curl_ssl_setup_x509_store(struct Curl_cfilter *cf,
3487 struct Curl_easy *data,
3488 SSL_CTX *ssl_ctx)
3489{
3490 X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
3491
3492 return populate_x509_store(cf, data, store);
3493}
3494#endif /* HAVE_SSL_X509_STORE_SHARE */
3495
3496static CURLcode ossl_connect_step1(struct Curl_cfilter *cf,
3497 struct Curl_easy *data)
3498{
3499 CURLcode result = CURLE_OK;
3500 char *ciphers;
3501 SSL_METHOD_QUAL SSL_METHOD *req_method = NULL;
3502 struct ssl_connect_data *connssl = cf->ctx;
3503 ctx_option_t ctx_options = 0;
3504 void *ssl_sessionid = NULL;
3505 struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
3506 struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
3507 BIO *bio;
3508 const long int ssl_version = conn_config->version;
3509 char * const ssl_cert = ssl_config->primary.clientcert;
3510 const struct curl_blob *ssl_cert_blob = ssl_config->primary.cert_blob;
3511 const char * const ssl_cert_type = ssl_config->cert_type;
3512 const bool verifypeer = conn_config->verifypeer;
3513 char error_buffer[256];
3514 struct ossl_ssl_backend_data *backend =
3515 (struct ossl_ssl_backend_data *)connssl->backend;
3516
3517 DEBUGASSERT(ssl_connect_1 == connssl->connecting_state);
3518 DEBUGASSERT(backend);
3519
3520 /* Make funny stuff to get random input */
3521 result = ossl_seed(data);
3522 if(result)
3523 return result;
3524
3525 ssl_config->certverifyresult = !X509_V_OK;
3526
3527 /* check to see if we've been told to use an explicit SSL/TLS version */
3528
3529 switch(ssl_version) {
3530 case CURL_SSLVERSION_DEFAULT:
3531 case CURL_SSLVERSION_TLSv1:
3532 case CURL_SSLVERSION_TLSv1_0:
3533 case CURL_SSLVERSION_TLSv1_1:
3534 case CURL_SSLVERSION_TLSv1_2:
3535 case CURL_SSLVERSION_TLSv1_3:
3536 /* it will be handled later with the context options */
3537#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
3538 req_method = TLS_client_method();
3539#else
3540 req_method = SSLv23_client_method();
3541#endif
3542 break;
3543 case CURL_SSLVERSION_SSLv2:
3544 failf(data, "No SSLv2 support");
3545 return CURLE_NOT_BUILT_IN;
3546 case CURL_SSLVERSION_SSLv3:
3547 failf(data, "No SSLv3 support");
3548 return CURLE_NOT_BUILT_IN;
3549 default:
3550 failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
3551 return CURLE_SSL_CONNECT_ERROR;
3552 }
3553
3554 if(backend->ctx) {
3555 /* This happens when an error was encountered before in this
3556 * step and we are called to do it again. Get rid of any leftover
3557 * from the previous call. */
3558 ossl_close(cf, data);
3559 }
3560 backend->ctx = SSL_CTX_new(req_method);
3561
3562 if(!backend->ctx) {
3563 failf(data, "SSL: couldn't create a context: %s",
3564 ossl_strerror(ERR_peek_error(), error_buffer, sizeof(error_buffer)));
3565 return CURLE_OUT_OF_MEMORY;
3566 }
3567
3568#ifdef SSL_MODE_RELEASE_BUFFERS
3569 SSL_CTX_set_mode(backend->ctx, SSL_MODE_RELEASE_BUFFERS);
3570#endif
3571
3572#ifdef SSL_CTRL_SET_MSG_CALLBACK
3573 if(data->set.fdebug && data->set.verbose) {
3574 /* the SSL trace callback is only used for verbose logging */
3575 SSL_CTX_set_msg_callback(backend->ctx, ossl_trace);
3576 SSL_CTX_set_msg_callback_arg(backend->ctx, cf);
3577 }
3578#endif
3579
3580 /* OpenSSL contains code to work around lots of bugs and flaws in various
3581 SSL-implementations. SSL_CTX_set_options() is used to enabled those
3582 work-arounds. The man page for this option states that SSL_OP_ALL enables
3583 all the work-arounds and that "It is usually safe to use SSL_OP_ALL to
3584 enable the bug workaround options if compatibility with somewhat broken
3585 implementations is desired."
3586
3587 The "-no_ticket" option was introduced in OpenSSL 0.9.8j. It's a flag to
3588 disable "rfc4507bis session ticket support". rfc4507bis was later turned
3589 into the proper RFC5077: https://datatracker.ietf.org/doc/html/rfc5077
3590
3591 The enabled extension concerns the session management. I wonder how often
3592 libcurl stops a connection and then resumes a TLS session. Also, sending
3593 the session data is some overhead. I suggest that you just use your
3594 proposed patch (which explicitly disables TICKET).
3595
3596 If someone writes an application with libcurl and OpenSSL who wants to
3597 enable the feature, one can do this in the SSL callback.
3598
3599 SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option enabling allowed proper
3600 interoperability with web server Netscape Enterprise Server 2.0.1 which
3601 was released back in 1996.
3602
3603 Due to CVE-2010-4180, option SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG has
3604 become ineffective as of OpenSSL 0.9.8q and 1.0.0c. In order to mitigate
3605 CVE-2010-4180 when using previous OpenSSL versions we no longer enable
3606 this option regardless of OpenSSL version and SSL_OP_ALL definition.
3607
3608 OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability
3609 (https://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit to
3610 SSL_OP_ALL that _disables_ that work-around despite the fact that
3611 SSL_OP_ALL is documented to do "rather harmless" workarounds. In order to
3612 keep the secure work-around, the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit
3613 must not be set.
3614 */
3615
3616 ctx_options = SSL_OP_ALL;
3617
3618#ifdef SSL_OP_NO_TICKET
3619 ctx_options |= SSL_OP_NO_TICKET;
3620#endif
3621
3622#ifdef SSL_OP_NO_COMPRESSION
3623 ctx_options |= SSL_OP_NO_COMPRESSION;
3624#endif
3625
3626#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
3627 /* mitigate CVE-2010-4180 */
3628 ctx_options &= ~SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
3629#endif
3630
3631#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
3632 /* unless the user explicitly asks to allow the protocol vulnerability we
3633 use the work-around */
3634 if(!ssl_config->enable_beast)
3635 ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
3636#endif
3637
3638 switch(ssl_version) {
3639 case CURL_SSLVERSION_SSLv2:
3640 case CURL_SSLVERSION_SSLv3:
3641 return CURLE_NOT_BUILT_IN;
3642
3643 /* "--tlsv<x.y>" options mean TLS >= version <x.y> */
3644 case CURL_SSLVERSION_DEFAULT:
3645 case CURL_SSLVERSION_TLSv1: /* TLS >= version 1.0 */
3646 case CURL_SSLVERSION_TLSv1_0: /* TLS >= version 1.0 */
3647 case CURL_SSLVERSION_TLSv1_1: /* TLS >= version 1.1 */
3648 case CURL_SSLVERSION_TLSv1_2: /* TLS >= version 1.2 */
3649 case CURL_SSLVERSION_TLSv1_3: /* TLS >= version 1.3 */
3650 /* asking for any TLS version as the minimum, means no SSL versions
3651 allowed */
3652 ctx_options |= SSL_OP_NO_SSLv2;
3653 ctx_options |= SSL_OP_NO_SSLv3;
3654
3655#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) /* 1.1.0 */
3656 result = ossl_set_ssl_version_min_max(cf, backend->ctx);
3657#else
3658 result = ossl_set_ssl_version_min_max_legacy(&ctx_options, cf, data);
3659#endif
3660 if(result != CURLE_OK)
3661 return result;
3662 break;
3663
3664 default:
3665 failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
3666 return CURLE_SSL_CONNECT_ERROR;
3667 }
3668
3669 SSL_CTX_set_options(backend->ctx, ctx_options);
3670
3671#ifdef HAS_ALPN
3672 if(connssl->alpn) {
3673 struct alpn_proto_buf proto;
3674
3675 result = Curl_alpn_to_proto_buf(&proto, connssl->alpn);
3676 if(result ||
3677 SSL_CTX_set_alpn_protos(backend->ctx, proto.data, proto.len)) {
3678 failf(data, "Error setting ALPN");
3679 return CURLE_SSL_CONNECT_ERROR;
3680 }
3681 Curl_alpn_to_proto_str(&proto, connssl->alpn);
3682 infof(data, VTLS_INFOF_ALPN_OFFER_1STR, proto.data);
3683 }
3684#endif
3685
3686 if(ssl_cert || ssl_cert_blob || ssl_cert_type) {
3687 if(!result &&
3688 !cert_stuff(data, backend->ctx,
3689 ssl_cert, ssl_cert_blob, ssl_cert_type,
3690 ssl_config->key, ssl_config->key_blob,
3691 ssl_config->key_type, ssl_config->key_passwd))
3692 result = CURLE_SSL_CERTPROBLEM;
3693 if(result)
3694 /* failf() is already done in cert_stuff() */
3695 return result;
3696 }
3697
3698 ciphers = conn_config->cipher_list;
3699 if(!ciphers)
3700 ciphers = (char *)DEFAULT_CIPHER_SELECTION;
3701 if(ciphers) {
3702 if(!SSL_CTX_set_cipher_list(backend->ctx, ciphers)) {
3703 failf(data, "failed setting cipher list: %s", ciphers);
3704 return CURLE_SSL_CIPHER;
3705 }
3706 infof(data, "Cipher selection: %s", ciphers);
3707 }
3708
3709#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
3710 {
3711 char *ciphers13 = conn_config->cipher_list13;
3712 if(ciphers13) {
3713 if(!SSL_CTX_set_ciphersuites(backend->ctx, ciphers13)) {
3714 failf(data, "failed setting TLS 1.3 cipher suite: %s", ciphers13);
3715 return CURLE_SSL_CIPHER;
3716 }
3717 infof(data, "TLS 1.3 cipher selection: %s", ciphers13);
3718 }
3719 }
3720#endif
3721
3722#ifdef HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
3723 /* OpenSSL 1.1.1 requires clients to opt-in for PHA */
3724 SSL_CTX_set_post_handshake_auth(backend->ctx, 1);
3725#endif
3726
3727#ifdef HAVE_SSL_CTX_SET_EC_CURVES
3728 {
3729 char *curves = conn_config->curves;
3730 if(curves) {
3731 if(!SSL_CTX_set1_curves_list(backend->ctx, curves)) {
3732 failf(data, "failed setting curves list: '%s'", curves);
3733 return CURLE_SSL_CIPHER;
3734 }
3735 }
3736 }
3737#endif
3738
3739#ifdef USE_OPENSSL_SRP
3740 if(ssl_config->primary.username && Curl_auth_allowed_to_host(data)) {
3741 char * const ssl_username = ssl_config->primary.username;
3742 char * const ssl_password = ssl_config->primary.password;
3743 infof(data, "Using TLS-SRP username: %s", ssl_username);
3744
3745 if(!SSL_CTX_set_srp_username(backend->ctx, ssl_username)) {
3746 failf(data, "Unable to set SRP user name");
3747 return CURLE_BAD_FUNCTION_ARGUMENT;
3748 }
3749 if(!SSL_CTX_set_srp_password(backend->ctx, ssl_password)) {
3750 failf(data, "failed setting SRP password");
3751 return CURLE_BAD_FUNCTION_ARGUMENT;
3752 }
3753 if(!conn_config->cipher_list) {
3754 infof(data, "Setting cipher list SRP");
3755
3756 if(!SSL_CTX_set_cipher_list(backend->ctx, "SRP")) {
3757 failf(data, "failed setting SRP cipher list");
3758 return CURLE_SSL_CIPHER;
3759 }
3760 }
3761 }
3762#endif
3763
3764 /* OpenSSL always tries to verify the peer, this only says whether it should
3765 * fail to connect if the verification fails, or if it should continue
3766 * anyway. In the latter case the result of the verification is checked with
3767 * SSL_get_verify_result() below. */
3768 SSL_CTX_set_verify(backend->ctx,
3769 verifypeer ? SSL_VERIFY_PEER : SSL_VERIFY_NONE, NULL);
3770
3771 /* Enable logging of secrets to the file specified in env SSLKEYLOGFILE. */
3772#ifdef HAVE_KEYLOG_CALLBACK
3773 if(Curl_tls_keylog_enabled()) {
3774 SSL_CTX_set_keylog_callback(backend->ctx, ossl_keylog_callback);
3775 }
3776#endif
3777
3778 /* Enable the session cache because it's a prerequisite for the "new session"
3779 * callback. Use the "external storage" mode to prevent OpenSSL from creating
3780 * an internal session cache.
3781 */
3782 SSL_CTX_set_session_cache_mode(backend->ctx,
3783 SSL_SESS_CACHE_CLIENT |
3784 SSL_SESS_CACHE_NO_INTERNAL);
3785 SSL_CTX_sess_set_new_cb(backend->ctx, ossl_new_session_cb);
3786
3787 /* give application a chance to interfere with SSL set up. */
3788 if(data->set.ssl.fsslctx) {
3789 /* When a user callback is installed to modify the SSL_CTX,
3790 * we need to do the full initialization before calling it.
3791 * See: #11800 */
3792 if(!backend->x509_store_setup) {
3793 result = Curl_ssl_setup_x509_store(cf, data, backend->ctx);
3794 if(result)
3795 return result;
3796 backend->x509_store_setup = TRUE;
3797 }
3798 Curl_set_in_callback(data, true);
3799 result = (*data->set.ssl.fsslctx)(data, backend->ctx,
3800 data->set.ssl.fsslctxp);
3801 Curl_set_in_callback(data, false);
3802 if(result) {
3803 failf(data, "error signaled by ssl ctx callback");
3804 return result;
3805 }
3806 }
3807
3808 /* Let's make an SSL structure */
3809 if(backend->handle)
3810 SSL_free(backend->handle);
3811 backend->handle = SSL_new(backend->ctx);
3812 if(!backend->handle) {
3813 failf(data, "SSL: couldn't create a context (handle)");
3814 return CURLE_OUT_OF_MEMORY;
3815 }
3816
3817 SSL_set_app_data(backend->handle, cf);
3818
3819#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
3820 !defined(OPENSSL_NO_OCSP)
3821 if(conn_config->verifystatus)
3822 SSL_set_tlsext_status_type(backend->handle, TLSEXT_STATUSTYPE_ocsp);
3823#endif
3824
3825#if (defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)) && \
3826 defined(ALLOW_RENEG)
3827 SSL_set_renegotiate_mode(backend->handle, ssl_renegotiate_freely);
3828#endif
3829
3830 SSL_set_connect_state(backend->handle);
3831
3832 backend->server_cert = 0x0;
3833#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3834 if(connssl->peer.sni) {
3835 if(!SSL_set_tlsext_host_name(backend->handle, connssl->peer.sni)) {
3836 failf(data, "Failed set SNI");
3837 return CURLE_SSL_CONNECT_ERROR;
3838 }
3839 }
3840#endif
3841
3842 SSL_set_app_data(backend->handle, cf);
3843
3844 connssl->reused_session = FALSE;
3845 if(ssl_config->primary.sessionid) {
3846 Curl_ssl_sessionid_lock(data);
3847 if(!Curl_ssl_getsessionid(cf, data, &ssl_sessionid, NULL)) {
3848 /* we got a session id, use it! */
3849 if(!SSL_set_session(backend->handle, ssl_sessionid)) {
3850 Curl_ssl_sessionid_unlock(data);
3851 failf(data, "SSL: SSL_set_session failed: %s",
3852 ossl_strerror(ERR_get_error(), error_buffer,
3853 sizeof(error_buffer)));
3854 return CURLE_SSL_CONNECT_ERROR;
3855 }
3856 /* Informational message */
3857 infof(data, "SSL reusing session ID");
3858 connssl->reused_session = TRUE;
3859 }
3860 Curl_ssl_sessionid_unlock(data);
3861 }
3862
3863 backend->bio_method = ossl_bio_cf_method_create();
3864 if(!backend->bio_method)
3865 return CURLE_OUT_OF_MEMORY;
3866 bio = BIO_new(backend->bio_method);
3867 if(!bio)
3868 return CURLE_OUT_OF_MEMORY;
3869
3870 BIO_set_data(bio, cf);
3871#ifdef HAVE_SSL_SET0_WBIO
3872 /* with OpenSSL v1.1.1 we get an alternative to SSL_set_bio() that works
3873 * without backward compat quirks. Every call takes one reference, so we
3874 * up it and pass. SSL* then owns it and will free.
3875 * We check on the function in configure, since libressl and friends
3876 * each have their own versions to add support for this. */
3877 BIO_up_ref(bio);
3878 SSL_set0_rbio(backend->handle, bio);
3879 SSL_set0_wbio(backend->handle, bio);
3880#else
3881 SSL_set_bio(backend->handle, bio, bio);
3882#endif
3883 connssl->connecting_state = ssl_connect_2;
3884
3885 return CURLE_OK;
3886}
3887
3888static CURLcode ossl_connect_step2(struct Curl_cfilter *cf,
3889 struct Curl_easy *data)
3890{
3891 int err;
3892 struct ssl_connect_data *connssl = cf->ctx;
3893 struct ossl_ssl_backend_data *backend =
3894 (struct ossl_ssl_backend_data *)connssl->backend;
3895 struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
3896 DEBUGASSERT(ssl_connect_2 == connssl->connecting_state
3897 || ssl_connect_2_reading == connssl->connecting_state
3898 || ssl_connect_2_writing == connssl->connecting_state);
3899 DEBUGASSERT(backend);
3900
3901 ERR_clear_error();
3902
3903 err = SSL_connect(backend->handle);
3904
3905 if(!backend->x509_store_setup) {
3906 /* After having send off the ClientHello, we prepare the x509
3907 * store to verify the coming certificate from the server */
3908 CURLcode result = Curl_ssl_setup_x509_store(cf, data, backend->ctx);
3909 if(result)
3910 return result;
3911 backend->x509_store_setup = TRUE;
3912 }
3913
3914#ifndef HAVE_KEYLOG_CALLBACK
3915 if(Curl_tls_keylog_enabled()) {
3916 /* If key logging is enabled, wait for the handshake to complete and then
3917 * proceed with logging secrets (for TLS 1.2 or older).
3918 */
3919 ossl_log_tls12_secret(backend->handle, &backend->keylog_done);
3920 }
3921#endif
3922
3923 /* 1 is fine
3924 0 is "not successful but was shut down controlled"
3925 <0 is "handshake was not successful, because a fatal error occurred" */
3926 if(1 != err) {
3927 int detail = SSL_get_error(backend->handle, err);
3928
3929 if(SSL_ERROR_WANT_READ == detail) {
3930 connssl->connecting_state = ssl_connect_2_reading;
3931 return CURLE_OK;
3932 }
3933 if(SSL_ERROR_WANT_WRITE == detail) {
3934 connssl->connecting_state = ssl_connect_2_writing;
3935 return CURLE_OK;
3936 }
3937#ifdef SSL_ERROR_WANT_ASYNC
3938 if(SSL_ERROR_WANT_ASYNC == detail) {
3939 connssl->connecting_state = ssl_connect_2;
3940 return CURLE_OK;
3941 }
3942#endif
3943#ifdef SSL_ERROR_WANT_RETRY_VERIFY
3944 if(SSL_ERROR_WANT_RETRY_VERIFY == detail) {
3945 connssl->connecting_state = ssl_connect_2;
3946 return CURLE_OK;
3947 }
3948#endif
3949 if(backend->io_result == CURLE_AGAIN) {
3950 return CURLE_OK;
3951 }
3952 else {
3953 /* untreated error */
3954 sslerr_t errdetail;
3955 char error_buffer[256]="";
3956 CURLcode result;
3957 long lerr;
3958 int lib;
3959 int reason;
3960
3961 /* the connection failed, we're not waiting for anything else. */
3962 connssl->connecting_state = ssl_connect_2;
3963
3964 /* Get the earliest error code from the thread's error queue and remove
3965 the entry. */
3966 errdetail = ERR_get_error();
3967
3968 /* Extract which lib and reason */
3969 lib = ERR_GET_LIB(errdetail);
3970 reason = ERR_GET_REASON(errdetail);
3971
3972 if((lib == ERR_LIB_SSL) &&
3973 ((reason == SSL_R_CERTIFICATE_VERIFY_FAILED) ||
3974 (reason == SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED))) {
3975 result = CURLE_PEER_FAILED_VERIFICATION;
3976
3977 lerr = SSL_get_verify_result(backend->handle);
3978 if(lerr != X509_V_OK) {
3979 ssl_config->certverifyresult = lerr;
3980 msnprintf(error_buffer, sizeof(error_buffer),
3981 "SSL certificate problem: %s",
3982 X509_verify_cert_error_string(lerr));
3983 }
3984 else
3985 /* strcpy() is fine here as long as the string fits within
3986 error_buffer */
3987 strcpy(error_buffer, "SSL certificate verification failed");
3988 }
3989#if defined(SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED)
3990 /* SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED is only available on
3991 OpenSSL version above v1.1.1, not LibreSSL, BoringSSL, or AWS-LC */
3992 else if((lib == ERR_LIB_SSL) &&
3993 (reason == SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED)) {
3994 /* If client certificate is required, communicate the
3995 error to client */
3996 result = CURLE_SSL_CLIENTCERT;
3997 ossl_strerror(errdetail, error_buffer, sizeof(error_buffer));
3998 }
3999#endif
4000 else {
4001 result = CURLE_SSL_CONNECT_ERROR;
4002 ossl_strerror(errdetail, error_buffer, sizeof(error_buffer));
4003 }
4004
4005 /* detail is already set to the SSL error above */
4006
4007 /* If we e.g. use SSLv2 request-method and the server doesn't like us
4008 * (RST connection, etc.), OpenSSL gives no explanation whatsoever and
4009 * the SO_ERROR is also lost.
4010 */
4011 if(CURLE_SSL_CONNECT_ERROR == result && errdetail == 0) {
4012 char extramsg[80]="";
4013 int sockerr = SOCKERRNO;
4014
4015 if(sockerr && detail == SSL_ERROR_SYSCALL)
4016 Curl_strerror(sockerr, extramsg, sizeof(extramsg));
4017 failf(data, OSSL_PACKAGE " SSL_connect: %s in connection to %s:%d ",
4018 extramsg[0] ? extramsg : SSL_ERROR_to_str(detail),
4019 connssl->peer.hostname, connssl->port);
4020 return result;
4021 }
4022
4023 /* Could be a CERT problem */
4024 failf(data, "%s", error_buffer);
4025
4026 return result;
4027 }
4028 }
4029 else {
4030 int psigtype_nid = NID_undef;
4031 const char *negotiated_group_name = NULL;
4032
4033 /* we connected fine, we're not waiting for anything else. */
4034 connssl->connecting_state = ssl_connect_3;
4035
4036#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
4037 SSL_get_peer_signature_type_nid(backend->handle, &psigtype_nid);
4038#if (OPENSSL_VERSION_NUMBER >= 0x30200000L)
4039 negotiated_group_name = SSL_get0_group_name(backend->handle);
4040#else
4041 negotiated_group_name =
4042 OBJ_nid2sn(SSL_get_negotiated_group(backend->handle) & 0x0000FFFF);
4043#endif
4044#endif
4045
4046 /* Informational message */
4047 infof(data, "SSL connection using %s / %s / %s / %s",
4048 SSL_get_version(backend->handle),
4049 SSL_get_cipher(backend->handle),
4050 negotiated_group_name? negotiated_group_name : "[blank]",
4051 OBJ_nid2sn(psigtype_nid));
4052
4053#ifdef HAS_ALPN
4054 /* Sets data and len to negotiated protocol, len is 0 if no protocol was
4055 * negotiated
4056 */
4057 if(connssl->alpn) {
4058 const unsigned char *neg_protocol;
4059 unsigned int len;
4060 SSL_get0_alpn_selected(backend->handle, &neg_protocol, &len);
4061
4062 return Curl_alpn_set_negotiated(cf, data, neg_protocol, len);
4063 }
4064#endif
4065
4066 return CURLE_OK;
4067 }
4068}
4069
4070/*
4071 * Heavily modified from:
4072 * https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning#OpenSSL
4073 */
4074static CURLcode ossl_pkp_pin_peer_pubkey(struct Curl_easy *data, X509* cert,
4075 const char *pinnedpubkey)
4076{
4077 /* Scratch */
4078 int len1 = 0, len2 = 0;
4079 unsigned char *buff1 = NULL, *temp = NULL;
4080
4081 /* Result is returned to caller */
4082 CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
4083
4084 /* if a path wasn't specified, don't pin */
4085 if(!pinnedpubkey)
4086 return CURLE_OK;
4087
4088 if(!cert)
4089 return result;
4090
4091 do {
4092 /* Begin Gyrations to get the subjectPublicKeyInfo */
4093 /* Thanks to Viktor Dukhovni on the OpenSSL mailing list */
4094
4095 /* https://groups.google.com/group/mailing.openssl.users/browse_thread
4096 /thread/d61858dae102c6c7 */
4097 len1 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), NULL);
4098 if(len1 < 1)
4099 break; /* failed */
4100
4101 buff1 = temp = malloc(len1);
4102 if(!buff1)
4103 break; /* failed */
4104
4105 /* https://www.openssl.org/docs/crypto/d2i_X509.html */
4106 len2 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &temp);
4107
4108 /*
4109 * These checks are verifying we got back the same values as when we
4110 * sized the buffer. It's pretty weak since they should always be the
4111 * same. But it gives us something to test.
4112 */
4113 if((len1 != len2) || !temp || ((temp - buff1) != len1))
4114 break; /* failed */
4115
4116 /* End Gyrations */
4117
4118 /* The one good exit point */
4119 result = Curl_pin_peer_pubkey(data, pinnedpubkey, buff1, len1);
4120 } while(0);
4121
4122 if(buff1)
4123 free(buff1);
4124
4125 return result;
4126}
4127
4128#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
4129 !(defined(LIBRESSL_VERSION_NUMBER) && \
4130 LIBRESSL_VERSION_NUMBER < 0x3060000fL) && \
4131 !defined(OPENSSL_IS_BORINGSSL) && \
4132 !defined(OPENSSL_IS_AWSLC) && \
4133 !defined(CURL_DISABLE_VERBOSE_STRINGS)
4134static void infof_certstack(struct Curl_easy *data, const SSL *ssl)
4135{
4136 STACK_OF(X509) *certstack;
4137 long verify_result;
4138 int num_cert_levels;
4139 int cert_level;
4140
4141 verify_result = SSL_get_verify_result(ssl);
4142 if(verify_result != X509_V_OK)
4143 certstack = SSL_get_peer_cert_chain(ssl);
4144 else
4145 certstack = SSL_get0_verified_chain(ssl);
4146 num_cert_levels = sk_X509_num(certstack);
4147
4148 for(cert_level = 0; cert_level < num_cert_levels; cert_level++) {
4149 char cert_algorithm[80] = "";
4150 char group_name_final[80] = "";
4151 const X509_ALGOR *palg_cert = NULL;
4152 const ASN1_OBJECT *paobj_cert = NULL;
4153 X509 *current_cert;
4154 EVP_PKEY *current_pkey;
4155 int key_bits;
4156 int key_sec_bits;
4157 int get_group_name;
4158 const char *type_name;
4159
4160 current_cert = sk_X509_value(certstack, cert_level);
4161
4162 X509_get0_signature(NULL, &palg_cert, current_cert);
4163 X509_ALGOR_get0(&paobj_cert, NULL, NULL, palg_cert);
4164 OBJ_obj2txt(cert_algorithm, sizeof(cert_algorithm), paobj_cert, 0);
4165
4166 current_pkey = X509_get0_pubkey(current_cert);
4167 key_bits = EVP_PKEY_bits(current_pkey);
4168#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
4169#define EVP_PKEY_get_security_bits EVP_PKEY_security_bits
4170#endif
4171 key_sec_bits = EVP_PKEY_get_security_bits(current_pkey);
4172#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
4173 {
4174 char group_name[80] = "";
4175 get_group_name = EVP_PKEY_get_group_name(current_pkey, group_name,
4176 sizeof(group_name), NULL);
4177 msnprintf(group_name_final, sizeof(group_name_final), "/%s", group_name);
4178 }
4179 type_name = EVP_PKEY_get0_type_name(current_pkey);
4180#else
4181 get_group_name = 0;
4182 type_name = NULL;
4183#endif
4184
4185 infof(data,
4186 " Certificate level %d: "
4187 "Public key type %s%s (%d/%d Bits/secBits), signed using %s",
4188 cert_level, type_name ? type_name : "?",
4189 get_group_name == 0 ? "" : group_name_final,
4190 key_bits, key_sec_bits, cert_algorithm);
4191 }
4192}
4193#else
4194#define infof_certstack(data, ssl)
4195#endif
4196
4197/*
4198 * Get the server cert, verify it and show it, etc., only call failf() if the
4199 * 'strict' argument is TRUE as otherwise all this is for informational
4200 * purposes only!
4201 *
4202 * We check certificates to authenticate the server; otherwise we risk
4203 * man-in-the-middle attack.
4204 */
4205static CURLcode servercert(struct Curl_cfilter *cf,
4206 struct Curl_easy *data,
4207 bool strict)
4208{
4209 struct connectdata *conn = cf->conn;
4210 struct ssl_connect_data *connssl = cf->ctx;
4211 struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
4212 struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
4213 CURLcode result = CURLE_OK;
4214 int rc;
4215 long lerr;
4216 X509 *issuer;
4217 BIO *fp = NULL;
4218 char error_buffer[256]="";
4219 char buffer[2048];
4220 const char *ptr;
4221 BIO *mem = BIO_new(BIO_s_mem());
4222 struct ossl_ssl_backend_data *backend =
4223 (struct ossl_ssl_backend_data *)connssl->backend;
4224
4225 DEBUGASSERT(backend);
4226
4227 if(!mem) {
4228 failf(data,
4229 "BIO_new return NULL, " OSSL_PACKAGE
4230 " error %s",
4231 ossl_strerror(ERR_get_error(), error_buffer,
4232 sizeof(error_buffer)) );
4233 return CURLE_OUT_OF_MEMORY;
4234 }
4235
4236 if(data->set.ssl.certinfo)
4237 /* asked to gather certificate info */
4238 (void)Curl_ossl_certchain(data, backend->handle);
4239
4240 backend->server_cert = SSL_get1_peer_certificate(backend->handle);
4241 if(!backend->server_cert) {
4242 BIO_free(mem);
4243 if(!strict)
4244 return CURLE_OK;
4245
4246 failf(data, "SSL: couldn't get peer certificate");
4247 return CURLE_PEER_FAILED_VERIFICATION;
4248 }
4249
4250 infof(data, "%s certificate:",
4251 Curl_ssl_cf_is_proxy(cf)? "Proxy" : "Server");
4252
4253 rc = x509_name_oneline(X509_get_subject_name(backend->server_cert),
4254 buffer, sizeof(buffer));
4255 infof(data, " subject: %s", rc?"[NONE]":buffer);
4256
4257#ifndef CURL_DISABLE_VERBOSE_STRINGS
4258 {
4259 long len;
4260 ASN1_TIME_print(mem, X509_get0_notBefore(backend->server_cert));
4261 len = BIO_get_mem_data(mem, (char **) &ptr);
4262 infof(data, " start date: %.*s", (int)len, ptr);
4263 (void)BIO_reset(mem);
4264
4265 ASN1_TIME_print(mem, X509_get0_notAfter(backend->server_cert));
4266 len = BIO_get_mem_data(mem, (char **) &ptr);
4267 infof(data, " expire date: %.*s", (int)len, ptr);
4268 (void)BIO_reset(mem);
4269 }
4270#endif
4271
4272 BIO_free(mem);
4273
4274 if(conn_config->verifyhost) {
4275 result = Curl_ossl_verifyhost(data, conn, &connssl->peer,
4276 backend->server_cert);
4277 if(result) {
4278 X509_free(backend->server_cert);
4279 backend->server_cert = NULL;
4280 return result;
4281 }
4282 }
4283
4284 rc = x509_name_oneline(X509_get_issuer_name(backend->server_cert),
4285 buffer, sizeof(buffer));
4286 if(rc) {
4287 if(strict)
4288 failf(data, "SSL: couldn't get X509-issuer name");
4289 result = CURLE_PEER_FAILED_VERIFICATION;
4290 }
4291 else {
4292 infof(data, " issuer: %s", buffer);
4293
4294 /* We could do all sorts of certificate verification stuff here before
4295 deallocating the certificate. */
4296
4297 /* e.g. match issuer name with provided issuer certificate */
4298 if(conn_config->issuercert || conn_config->issuercert_blob) {
4299 if(conn_config->issuercert_blob) {
4300 fp = BIO_new_mem_buf(conn_config->issuercert_blob->data,
4301 (int)conn_config->issuercert_blob->len);
4302 if(!fp) {
4303 failf(data,
4304 "BIO_new_mem_buf NULL, " OSSL_PACKAGE
4305 " error %s",
4306 ossl_strerror(ERR_get_error(), error_buffer,
4307 sizeof(error_buffer)) );
4308 X509_free(backend->server_cert);
4309 backend->server_cert = NULL;
4310 return CURLE_OUT_OF_MEMORY;
4311 }
4312 }
4313 else {
4314 fp = BIO_new(BIO_s_file());
4315 if(!fp) {
4316 failf(data,
4317 "BIO_new return NULL, " OSSL_PACKAGE
4318 " error %s",
4319 ossl_strerror(ERR_get_error(), error_buffer,
4320 sizeof(error_buffer)) );
4321 X509_free(backend->server_cert);
4322 backend->server_cert = NULL;
4323 return CURLE_OUT_OF_MEMORY;
4324 }
4325
4326 if(BIO_read_filename(fp, conn_config->issuercert) <= 0) {
4327 if(strict)
4328 failf(data, "SSL: Unable to open issuer cert (%s)",
4329 conn_config->issuercert);
4330 BIO_free(fp);
4331 X509_free(backend->server_cert);
4332 backend->server_cert = NULL;
4333 return CURLE_SSL_ISSUER_ERROR;
4334 }
4335 }
4336
4337 issuer = PEM_read_bio_X509(fp, NULL, ZERO_NULL, NULL);
4338 if(!issuer) {
4339 if(strict)
4340 failf(data, "SSL: Unable to read issuer cert (%s)",
4341 conn_config->issuercert);
4342 BIO_free(fp);
4343 X509_free(issuer);
4344 X509_free(backend->server_cert);
4345 backend->server_cert = NULL;
4346 return CURLE_SSL_ISSUER_ERROR;
4347 }
4348
4349 if(X509_check_issued(issuer, backend->server_cert) != X509_V_OK) {
4350 if(strict)
4351 failf(data, "SSL: Certificate issuer check failed (%s)",
4352 conn_config->issuercert);
4353 BIO_free(fp);
4354 X509_free(issuer);
4355 X509_free(backend->server_cert);
4356 backend->server_cert = NULL;
4357 return CURLE_SSL_ISSUER_ERROR;
4358 }
4359
4360 infof(data, " SSL certificate issuer check ok (%s)",
4361 conn_config->issuercert);
4362 BIO_free(fp);
4363 X509_free(issuer);
4364 }
4365
4366 lerr = SSL_get_verify_result(backend->handle);
4367 ssl_config->certverifyresult = lerr;
4368 if(lerr != X509_V_OK) {
4369 if(conn_config->verifypeer) {
4370 /* We probably never reach this, because SSL_connect() will fail
4371 and we return earlier if verifypeer is set? */
4372 if(strict)
4373 failf(data, "SSL certificate verify result: %s (%ld)",
4374 X509_verify_cert_error_string(lerr), lerr);
4375 result = CURLE_PEER_FAILED_VERIFICATION;
4376 }
4377 else
4378 infof(data, " SSL certificate verify result: %s (%ld),"
4379 " continuing anyway.",
4380 X509_verify_cert_error_string(lerr), lerr);
4381 }
4382 else
4383 infof(data, " SSL certificate verify ok.");
4384 }
4385
4386 infof_certstack(data, backend->handle);
4387
4388#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
4389 !defined(OPENSSL_NO_OCSP)
4390 if(conn_config->verifystatus && !connssl->reused_session) {
4391 /* don't do this after Session ID reuse */
4392 result = verifystatus(cf, data);
4393 if(result) {
4394 /* when verifystatus failed, remove the session id from the cache again
4395 if present */
4396 if(!Curl_ssl_cf_is_proxy(cf)) {
4397 void *old_ssl_sessionid = NULL;
4398 bool incache;
4399 Curl_ssl_sessionid_lock(data);
4400 incache = !(Curl_ssl_getsessionid(cf, data, &old_ssl_sessionid, NULL));
4401 if(incache) {
4402 infof(data, "Remove session ID again from cache");
4403 Curl_ssl_delsessionid(data, old_ssl_sessionid);
4404 }
4405 Curl_ssl_sessionid_unlock(data);
4406 }
4407
4408 X509_free(backend->server_cert);
4409 backend->server_cert = NULL;
4410 return result;
4411 }
4412 }
4413#endif
4414
4415 if(!strict)
4416 /* when not strict, we don't bother about the verify cert problems */
4417 result = CURLE_OK;
4418
4419 ptr = Curl_ssl_cf_is_proxy(cf)?
4420 data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]:
4421 data->set.str[STRING_SSL_PINNEDPUBLICKEY];
4422 if(!result && ptr) {
4423 result = ossl_pkp_pin_peer_pubkey(data, backend->server_cert, ptr);
4424 if(result)
4425 failf(data, "SSL: public key does not match pinned public key");
4426 }
4427
4428 X509_free(backend->server_cert);
4429 backend->server_cert = NULL;
4430 connssl->connecting_state = ssl_connect_done;
4431
4432 return result;
4433}
4434
4435static CURLcode ossl_connect_step3(struct Curl_cfilter *cf,
4436 struct Curl_easy *data)
4437{
4438 CURLcode result = CURLE_OK;
4439 struct ssl_connect_data *connssl = cf->ctx;
4440 struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
4441
4442 DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
4443
4444 /*
4445 * We check certificates to authenticate the server; otherwise we risk
4446 * man-in-the-middle attack; NEVERTHELESS, if we're told explicitly not to
4447 * verify the peer, ignore faults and failures from the server cert
4448 * operations.
4449 */
4450
4451 result = servercert(cf, data, conn_config->verifypeer ||
4452 conn_config->verifyhost);
4453
4454 if(!result)
4455 connssl->connecting_state = ssl_connect_done;
4456
4457 return result;
4458}
4459
4460static CURLcode ossl_connect_common(struct Curl_cfilter *cf,
4461 struct Curl_easy *data,
4462 bool nonblocking,
4463 bool *done)
4464{
4465 CURLcode result = CURLE_OK;
4466 struct ssl_connect_data *connssl = cf->ctx;
4467 curl_socket_t sockfd = Curl_conn_cf_get_socket(cf, data);
4468 int what;
4469
4470 /* check if the connection has already been established */
4471 if(ssl_connection_complete == connssl->state) {
4472 *done = TRUE;
4473 return CURLE_OK;
4474 }
4475
4476 if(ssl_connect_1 == connssl->connecting_state) {
4477 /* Find out how much more time we're allowed */
4478 const timediff_t timeout_ms = Curl_timeleft(data, NULL, TRUE);
4479
4480 if(timeout_ms < 0) {
4481 /* no need to continue if time is already up */
4482 failf(data, "SSL connection timeout");
4483 return CURLE_OPERATION_TIMEDOUT;
4484 }
4485
4486 result = ossl_connect_step1(cf, data);
4487 if(result)
4488 goto out;
4489 }
4490
4491 while(ssl_connect_2 == connssl->connecting_state ||
4492 ssl_connect_2_reading == connssl->connecting_state ||
4493 ssl_connect_2_writing == connssl->connecting_state) {
4494
4495 /* check allowed time left */
4496 const timediff_t timeout_ms = Curl_timeleft(data, NULL, TRUE);
4497
4498 if(timeout_ms < 0) {
4499 /* no need to continue if time already is up */
4500 failf(data, "SSL connection timeout");
4501 result = CURLE_OPERATION_TIMEDOUT;
4502 goto out;
4503 }
4504
4505 /* if ssl is expecting something, check if it's available. */
4506 if(!nonblocking &&
4507 (connssl->connecting_state == ssl_connect_2_reading ||
4508 connssl->connecting_state == ssl_connect_2_writing)) {
4509
4510 curl_socket_t writefd = ssl_connect_2_writing ==
4511 connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
4512 curl_socket_t readfd = ssl_connect_2_reading ==
4513 connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
4514
4515 what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd,
4516 timeout_ms);
4517 if(what < 0) {
4518 /* fatal error */
4519 failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
4520 result = CURLE_SSL_CONNECT_ERROR;
4521 goto out;
4522 }
4523 if(0 == what) {
4524 /* timeout */
4525 failf(data, "SSL connection timeout");
4526 result = CURLE_OPERATION_TIMEDOUT;
4527 goto out;
4528 }
4529 /* socket is readable or writable */
4530 }
4531
4532 /* Run transaction, and return to the caller if it failed or if this
4533 * connection is done nonblocking and this loop would execute again. This
4534 * permits the owner of a multi handle to abort a connection attempt
4535 * before step2 has completed while ensuring that a client using select()
4536 * or epoll() will always have a valid fdset to wait on.
4537 */
4538 result = ossl_connect_step2(cf, data);
4539 if(result || (nonblocking &&
4540 (ssl_connect_2 == connssl->connecting_state ||
4541 ssl_connect_2_reading == connssl->connecting_state ||
4542 ssl_connect_2_writing == connssl->connecting_state)))
4543 goto out;
4544
4545 } /* repeat step2 until all transactions are done. */
4546
4547 if(ssl_connect_3 == connssl->connecting_state) {
4548 result = ossl_connect_step3(cf, data);
4549 if(result)
4550 goto out;
4551 }
4552
4553 if(ssl_connect_done == connssl->connecting_state) {
4554 connssl->state = ssl_connection_complete;
4555 *done = TRUE;
4556 }
4557 else
4558 *done = FALSE;
4559
4560 /* Reset our connect state machine */
4561 connssl->connecting_state = ssl_connect_1;
4562
4563out:
4564 return result;
4565}
4566
4567static CURLcode ossl_connect_nonblocking(struct Curl_cfilter *cf,
4568 struct Curl_easy *data,
4569 bool *done)
4570{
4571 return ossl_connect_common(cf, data, TRUE, done);
4572}
4573
4574static CURLcode ossl_connect(struct Curl_cfilter *cf,
4575 struct Curl_easy *data)
4576{
4577 CURLcode result;
4578 bool done = FALSE;
4579
4580 result = ossl_connect_common(cf, data, FALSE, &done);
4581 if(result)
4582 return result;
4583
4584 DEBUGASSERT(done);
4585
4586 return CURLE_OK;
4587}
4588
4589static bool ossl_data_pending(struct Curl_cfilter *cf,
4590 const struct Curl_easy *data)
4591{
4592 struct ssl_connect_data *connssl = cf->ctx;
4593 struct ossl_ssl_backend_data *backend =
4594 (struct ossl_ssl_backend_data *)connssl->backend;
4595
4596 (void)data;
4597 DEBUGASSERT(connssl && backend);
4598 if(backend->handle && SSL_pending(backend->handle))
4599 return TRUE;
4600 return FALSE;
4601}
4602
4603static ssize_t ossl_send(struct Curl_cfilter *cf,
4604 struct Curl_easy *data,
4605 const void *mem,
4606 size_t len,
4607 CURLcode *curlcode)
4608{
4609 /* SSL_write() is said to return 'int' while write() and send() returns
4610 'size_t' */
4611 int err;
4612 char error_buffer[256];
4613 sslerr_t sslerror;
4614 int memlen;
4615 int rc;
4616 struct ssl_connect_data *connssl = cf->ctx;
4617 struct ossl_ssl_backend_data *backend =
4618 (struct ossl_ssl_backend_data *)connssl->backend;
4619
4620 (void)data;
4621 DEBUGASSERT(backend);
4622
4623 ERR_clear_error();
4624
4625 memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len;
4626 rc = SSL_write(backend->handle, mem, memlen);
4627
4628 if(rc <= 0) {
4629 err = SSL_get_error(backend->handle, rc);
4630
4631 switch(err) {
4632 case SSL_ERROR_WANT_READ:
4633 case SSL_ERROR_WANT_WRITE:
4634 /* The operation did not complete; the same TLS/SSL I/O function
4635 should be called again later. This is basically an EWOULDBLOCK
4636 equivalent. */
4637 *curlcode = CURLE_AGAIN;
4638 rc = -1;
4639 goto out;
4640 case SSL_ERROR_SYSCALL:
4641 {
4642 int sockerr = SOCKERRNO;
4643
4644 if(backend->io_result == CURLE_AGAIN) {
4645 *curlcode = CURLE_AGAIN;
4646 rc = -1;
4647 goto out;
4648 }
4649 sslerror = ERR_get_error();
4650 if(sslerror)
4651 ossl_strerror(sslerror, error_buffer, sizeof(error_buffer));
4652 else if(sockerr)
4653 Curl_strerror(sockerr, error_buffer, sizeof(error_buffer));
4654 else
4655 msnprintf(error_buffer, sizeof(error_buffer), "%s",
4656 SSL_ERROR_to_str(err));
4657
4658 failf(data, OSSL_PACKAGE " SSL_write: %s, errno %d",
4659 error_buffer, sockerr);
4660 *curlcode = CURLE_SEND_ERROR;
4661 rc = -1;
4662 goto out;
4663 }
4664 case SSL_ERROR_SSL: {
4665 /* A failure in the SSL library occurred, usually a protocol error.
4666 The OpenSSL error queue contains more information on the error. */
4667 sslerror = ERR_get_error();
4668 failf(data, "SSL_write() error: %s",
4669 ossl_strerror(sslerror, error_buffer, sizeof(error_buffer)));
4670 *curlcode = CURLE_SEND_ERROR;
4671 rc = -1;
4672 goto out;
4673 }
4674 default:
4675 /* a true error */
4676 failf(data, OSSL_PACKAGE " SSL_write: %s, errno %d",
4677 SSL_ERROR_to_str(err), SOCKERRNO);
4678 *curlcode = CURLE_SEND_ERROR;
4679 rc = -1;
4680 goto out;
4681 }
4682 }
4683 *curlcode = CURLE_OK;
4684
4685out:
4686 return (ssize_t)rc; /* number of bytes */
4687}
4688
4689static ssize_t ossl_recv(struct Curl_cfilter *cf,
4690 struct Curl_easy *data, /* transfer */
4691 char *buf, /* store read data here */
4692 size_t buffersize, /* max amount to read */
4693 CURLcode *curlcode)
4694{
4695 char error_buffer[256];
4696 unsigned long sslerror;
4697 ssize_t nread;
4698 int buffsize;
4699 struct connectdata *conn = cf->conn;
4700 struct ssl_connect_data *connssl = cf->ctx;
4701 struct ossl_ssl_backend_data *backend =
4702 (struct ossl_ssl_backend_data *)connssl->backend;
4703
4704 (void)data;
4705 DEBUGASSERT(backend);
4706
4707 ERR_clear_error();
4708
4709 buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize;
4710 nread = (ssize_t)SSL_read(backend->handle, buf, buffsize);
4711
4712 if(nread <= 0) {
4713 /* failed SSL_read */
4714 int err = SSL_get_error(backend->handle, (int)nread);
4715
4716 switch(err) {
4717 case SSL_ERROR_NONE: /* this is not an error */
4718 break;
4719 case SSL_ERROR_ZERO_RETURN: /* no more data */
4720 /* close_notify alert */
4721 if(cf->sockindex == FIRSTSOCKET)
4722 /* mark the connection for close if it is indeed the control
4723 connection */
4724 connclose(conn, "TLS close_notify");
4725 break;
4726 case SSL_ERROR_WANT_READ:
4727 case SSL_ERROR_WANT_WRITE:
4728 /* there's data pending, re-invoke SSL_read() */
4729 *curlcode = CURLE_AGAIN;
4730 nread = -1;
4731 goto out;
4732 default:
4733 /* openssl/ssl.h for SSL_ERROR_SYSCALL says "look at error stack/return
4734 value/errno" */
4735 /* https://www.openssl.org/docs/crypto/ERR_get_error.html */
4736 if(backend->io_result == CURLE_AGAIN) {
4737 *curlcode = CURLE_AGAIN;
4738 nread = -1;
4739 goto out;
4740 }
4741 sslerror = ERR_get_error();
4742 if((nread < 0) || sslerror) {
4743 /* If the return code was negative or there actually is an error in the
4744 queue */
4745 int sockerr = SOCKERRNO;
4746 if(sslerror)
4747 ossl_strerror(sslerror, error_buffer, sizeof(error_buffer));
4748 else if(sockerr && err == SSL_ERROR_SYSCALL)
4749 Curl_strerror(sockerr, error_buffer, sizeof(error_buffer));
4750 else
4751 msnprintf(error_buffer, sizeof(error_buffer), "%s",
4752 SSL_ERROR_to_str(err));
4753 failf(data, OSSL_PACKAGE " SSL_read: %s, errno %d",
4754 error_buffer, sockerr);
4755 *curlcode = CURLE_RECV_ERROR;
4756 nread = -1;
4757 goto out;
4758 }
4759 /* For debug builds be a little stricter and error on any
4760 SSL_ERROR_SYSCALL. For example a server may have closed the connection
4761 abruptly without a close_notify alert. For compatibility with older
4762 peers we don't do this by default. #4624
4763
4764 We can use this to gauge how many users may be affected, and
4765 if it goes ok eventually transition to allow in dev and release with
4766 the newest OpenSSL: #if (OPENSSL_VERSION_NUMBER >= 0x10101000L) */
4767#ifdef DEBUGBUILD
4768 if(err == SSL_ERROR_SYSCALL) {
4769 int sockerr = SOCKERRNO;
4770 if(sockerr)
4771 Curl_strerror(sockerr, error_buffer, sizeof(error_buffer));
4772 else {
4773 msnprintf(error_buffer, sizeof(error_buffer),
4774 "Connection closed abruptly");
4775 }
4776 failf(data, OSSL_PACKAGE " SSL_read: %s, errno %d"
4777 " (Fatal because this is a curl debug build)",
4778 error_buffer, sockerr);
4779 *curlcode = CURLE_RECV_ERROR;
4780 nread = -1;
4781 goto out;
4782 }
4783#endif
4784 }
4785 }
4786
4787out:
4788 return nread;
4789}
4790
4791static size_t ossl_version(char *buffer, size_t size)
4792{
4793#ifdef LIBRESSL_VERSION_NUMBER
4794#ifdef HAVE_OPENSSL_VERSION
4795 char *p;
4796 int count;
4797 const char *ver = OpenSSL_version(OPENSSL_VERSION);
4798 const char expected[] = OSSL_PACKAGE " "; /* ie "LibreSSL " */
4799 if(strncasecompare(ver, expected, sizeof(expected) - 1)) {
4800 ver += sizeof(expected) - 1;
4801 }
4802 count = msnprintf(buffer, size, "%s/%s", OSSL_PACKAGE, ver);
4803 for(p = buffer; *p; ++p) {
4804 if(ISBLANK(*p))
4805 *p = '_';
4806 }
4807 return count;
4808#else
4809 return msnprintf(buffer, size, "%s/%lx.%lx.%lx",
4810 OSSL_PACKAGE,
4811 (LIBRESSL_VERSION_NUMBER>>28)&0xf,
4812 (LIBRESSL_VERSION_NUMBER>>20)&0xff,
4813 (LIBRESSL_VERSION_NUMBER>>12)&0xff);
4814#endif
4815#elif defined(OPENSSL_IS_BORINGSSL)
4816#ifdef CURL_BORINGSSL_VERSION
4817 return msnprintf(buffer, size, "%s/%s",
4818 OSSL_PACKAGE,
4819 CURL_BORINGSSL_VERSION);
4820#else
4821 return msnprintf(buffer, size, OSSL_PACKAGE);
4822#endif
4823#elif defined(OPENSSL_IS_AWSLC)
4824 return msnprintf(buffer, size, "%s/%s",
4825 OSSL_PACKAGE,
4826 AWSLC_VERSION_NUMBER_STRING);
4827#elif defined(HAVE_OPENSSL_VERSION) && defined(OPENSSL_VERSION_STRING)
4828 return msnprintf(buffer, size, "%s/%s",
4829 OSSL_PACKAGE, OpenSSL_version(OPENSSL_VERSION_STRING));
4830#else
4831 /* not LibreSSL, BoringSSL and not using OpenSSL_version */
4832
4833 char sub[3];
4834 unsigned long ssleay_value;
4835 sub[2]='\0';
4836 sub[1]='\0';
4837 ssleay_value = OpenSSL_version_num();
4838 if(ssleay_value < 0x906000) {
4839 ssleay_value = SSLEAY_VERSION_NUMBER;
4840 sub[0]='\0';
4841 }
4842 else {
4843 if(ssleay_value&0xff0) {
4844 int minor_ver = (ssleay_value >> 4) & 0xff;
4845 if(minor_ver > 26) {
4846 /* handle extended version introduced for 0.9.8za */
4847 sub[1] = (char) ((minor_ver - 1) % 26 + 'a' + 1);
4848 sub[0] = 'z';
4849 }
4850 else {
4851 sub[0] = (char) (minor_ver + 'a' - 1);
4852 }
4853 }
4854 else
4855 sub[0]='\0';
4856 }
4857
4858 return msnprintf(buffer, size, "%s/%lx.%lx.%lx%s"
4859#ifdef OPENSSL_FIPS
4860 "-fips"
4861#endif
4862 ,
4863 OSSL_PACKAGE,
4864 (ssleay_value>>28)&0xf,
4865 (ssleay_value>>20)&0xff,
4866 (ssleay_value>>12)&0xff,
4867 sub);
4868#endif /* OPENSSL_IS_BORINGSSL */
4869}
4870
4871/* can be called with data == NULL */
4872static CURLcode ossl_random(struct Curl_easy *data,
4873 unsigned char *entropy, size_t length)
4874{
4875 int rc;
4876 if(data) {
4877 if(ossl_seed(data)) /* Initiate the seed if not already done */
4878 return CURLE_FAILED_INIT; /* couldn't seed for some reason */
4879 }
4880 else {
4881 if(!rand_enough())
4882 return CURLE_FAILED_INIT;
4883 }
4884 /* RAND_bytes() returns 1 on success, 0 otherwise. */
4885 rc = RAND_bytes(entropy, curlx_uztosi(length));
4886 return (rc == 1 ? CURLE_OK : CURLE_FAILED_INIT);
4887}
4888
4889#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
4890static CURLcode ossl_sha256sum(const unsigned char *tmp, /* input */
4891 size_t tmplen,
4892 unsigned char *sha256sum /* output */,
4893 size_t unused)
4894{
4895 EVP_MD_CTX *mdctx;
4896 unsigned int len = 0;
4897 (void) unused;
4898
4899 mdctx = EVP_MD_CTX_create();
4900 if(!mdctx)
4901 return CURLE_OUT_OF_MEMORY;
4902 if(!EVP_DigestInit(mdctx, EVP_sha256())) {
4903 EVP_MD_CTX_destroy(mdctx);
4904 return CURLE_FAILED_INIT;
4905 }
4906 EVP_DigestUpdate(mdctx, tmp, tmplen);
4907 EVP_DigestFinal_ex(mdctx, sha256sum, &len);
4908 EVP_MD_CTX_destroy(mdctx);
4909 return CURLE_OK;
4910}
4911#endif
4912
4913static bool ossl_cert_status_request(void)
4914{
4915#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
4916 !defined(OPENSSL_NO_OCSP)
4917 return TRUE;
4918#else
4919 return FALSE;
4920#endif
4921}
4922
4923static void *ossl_get_internals(struct ssl_connect_data *connssl,
4924 CURLINFO info)
4925{
4926 /* Legacy: CURLINFO_TLS_SESSION must return an SSL_CTX pointer. */
4927 struct ossl_ssl_backend_data *backend =
4928 (struct ossl_ssl_backend_data *)connssl->backend;
4929 DEBUGASSERT(backend);
4930 return info == CURLINFO_TLS_SESSION ?
4931 (void *)backend->ctx : (void *)backend->handle;
4932}
4933
4934static void ossl_free_multi_ssl_backend_data(
4935 struct multi_ssl_backend_data *mbackend)
4936{
4937#if defined(HAVE_SSL_X509_STORE_SHARE)
4938 if(mbackend->store) {
4939 X509_STORE_free(mbackend->store);
4940 }
4941 free(mbackend->CAfile);
4942 free(mbackend);
4943#else /* HAVE_SSL_X509_STORE_SHARE */
4944 (void)mbackend;
4945#endif /* HAVE_SSL_X509_STORE_SHARE */
4946}
4947
4948const struct Curl_ssl Curl_ssl_openssl = {
4949 { CURLSSLBACKEND_OPENSSL, "openssl" }, /* info */
4950
4951 SSLSUPP_CA_PATH |
4952 SSLSUPP_CAINFO_BLOB |
4953 SSLSUPP_CERTINFO |
4954 SSLSUPP_PINNEDPUBKEY |
4955 SSLSUPP_SSL_CTX |
4956#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
4957 SSLSUPP_TLS13_CIPHERSUITES |
4958#endif
4959 SSLSUPP_HTTPS_PROXY,
4960
4961 sizeof(struct ossl_ssl_backend_data),
4962
4963 ossl_init, /* init */
4964 ossl_cleanup, /* cleanup */
4965 ossl_version, /* version */
4966 Curl_none_check_cxn, /* check_cxn */
4967 ossl_shutdown, /* shutdown */
4968 ossl_data_pending, /* data_pending */
4969 ossl_random, /* random */
4970 ossl_cert_status_request, /* cert_status_request */
4971 ossl_connect, /* connect */
4972 ossl_connect_nonblocking, /* connect_nonblocking */
4973 Curl_ssl_adjust_pollset, /* adjust_pollset */
4974 ossl_get_internals, /* get_internals */
4975 ossl_close, /* close_one */
4976 ossl_close_all, /* close_all */
4977 ossl_session_free, /* session_free */
4978 ossl_set_engine, /* set_engine */
4979 ossl_set_engine_default, /* set_engine_default */
4980 ossl_engines_list, /* engines_list */
4981 Curl_none_false_start, /* false_start */
4982#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
4983 ossl_sha256sum, /* sha256sum */
4984#else
4985 NULL, /* sha256sum */
4986#endif
4987 NULL, /* use of data in this connection */
4988 NULL, /* remote of data from this connection */
4989 ossl_free_multi_ssl_backend_data, /* free_multi_ssl_backend_data */
4990 ossl_recv, /* recv decrypted data */
4991 ossl_send, /* send data to encrypt */
4992};
4993
4994#endif /* USE_OPENSSL */
注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette