1 /***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.haxx.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 ***************************************************************************/
22
23 /*
24 * Source file for all OpenSSL-specific code for the TLS/SSL layer. No code
25 * but vtls.c should ever call or use these functions.
26 */
27
28 /*
29 * The original SSLeay-using code for curl was written by Linas Vepstas and
30 * Sampo Kellomaki 1998.
31 */
32
33 #include "curl_setup.h"
34
35 #ifdef USE_OPENSSL
36
37 #ifdef HAVE_LIMITS_H
38 #include <limits.h>
39 #endif
40
41 #include "urldata.h"
42 #include "sendf.h"
43 #include "formdata.h" /* for the boundary function */
44 #include "url.h" /* for the ssl config check function */
45 #include "inet_pton.h"
46 #include "openssl.h"
47 #include "connect.h"
48 #include "slist.h"
49 #include "strequal.h"
50 #include "select.h"
51 #include "vtls.h"
52 #include "rawstr.h"
53 #include "hostcheck.h"
54 #include "curl_printf.h"
55
56 #include <openssl/ssl.h>
57 #include <openssl/rand.h>
58 #include <openssl/x509v3.h>
59 #include <openssl/dsa.h>
60 #include <openssl/dh.h>
61 #include <openssl/err.h>
62 #include <openssl/md5.h>
63 #include <openssl/conf.h>
64 #include <openssl/bn.h>
65 #include <openssl/rsa.h>
66
67 #ifdef HAVE_OPENSSL_PKCS12_H
68 #include <openssl/pkcs12.h>
69 #endif
70
71 #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_OCSP)
72 #include <openssl/ocsp.h>
73 #endif
74
75 #include "warnless.h"
76 #include "non-ascii.h" /* for Curl_convert_from_utf8 prototype */
77
78 /* The last #include files should be: */
79 #include "curl_memory.h"
80 #include "memdebug.h"
81
82 #ifndef OPENSSL_VERSION_NUMBER
83 #error "OPENSSL_VERSION_NUMBER not defined"
84 #endif
85
86 #if defined(HAVE_OPENSSL_ENGINE_H)
87 #include <openssl/ui.h>
88 #endif
89
90 #if OPENSSL_VERSION_NUMBER >= 0x00909000L
91 #define SSL_METHOD_QUAL const
92 #else
93 #define SSL_METHOD_QUAL
94 #endif
95
96 #if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
97 #define HAVE_ERR_REMOVE_THREAD_STATE 1
98 #if (OPENSSL_VERSION_NUMBER >= 0x10100004L) && \
99 !defined(LIBRESSL_VERSION_NUMBER)
100 /* OpenSSL 1.1.0 deprecates the function */
101 #define HAVE_ERR_REMOVE_THREAD_STATE_DEPRECATED 1
102 #endif
103 #endif
104
105 #if !defined(HAVE_SSLV2_CLIENT_METHOD) || \
106 OPENSSL_VERSION_NUMBER >= 0x10100000L /* 1.1.0+ has no SSLv2 */
107 #undef OPENSSL_NO_SSL2 /* undef first to avoid compiler warnings */
108 #define OPENSSL_NO_SSL2
109 #endif
110
111 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && /* OpenSSL 1.1.0+ */ \
112 !defined(LIBRESSL_VERSION_NUMBER)
113 #define SSLeay_add_ssl_algorithms() SSL_library_init()
114 #define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
115 #define HAVE_X509_GET0_EXTENSIONS 1 /* added in 1.1.0 -pre1 */
116 #define HAVE_OPAQUE_EVP_PKEY 1 /* since 1.1.0 -pre3 */
117 #define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */
118 #endif
119
120 #if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && /* 1.0.2 or later */ \
121 !defined(LIBRESSL_VERSION_NUMBER)
122 #define HAVE_X509_GET0_SIGNATURE 1
123 #endif
124
125 #if OPENSSL_VERSION_NUMBER >= 0x10002003L && \
126 OPENSSL_VERSION_NUMBER <= 0x10002FFFL && \
127 !defined(OPENSSL_NO_COMP)
128 #define HAVE_SSL_COMP_FREE_COMPRESSION_METHODS 1
129 #endif
130
131 #if (OPENSSL_VERSION_NUMBER < 0x0090808fL)
132 /* not present in older OpenSSL */
133 #define OPENSSL_load_builtin_modules(x)
134 #endif
135
136 #if defined(LIBRESSL_VERSION_NUMBER)
137 #define OSSL_PACKAGE "LibreSSL"
138 #elif defined(OPENSSL_IS_BORINGSSL)
139 #define OSSL_PACKAGE "BoringSSL"
140 #else
141 #define OSSL_PACKAGE "OpenSSL"
142 #endif
143
144 /*
145 * Number of bytes to read from the random number seed file. This must be
146 * a finite value (because some entropy "files" like /dev/urandom have
147 * an infinite length), but must be large enough to provide enough
148 * entopy to properly seed OpenSSL's PRNG.
149 */
150 #define RAND_LOAD_LENGTH 1024
151
passwd_callback(char * buf,int num,int encrypting,void * global_passwd)152 static int passwd_callback(char *buf, int num, int encrypting,
153 void *global_passwd)
154 {
155 DEBUGASSERT(0 == encrypting);
156
157 if(!encrypting) {
158 int klen = curlx_uztosi(strlen((char *)global_passwd));
159 if(num > klen) {
160 memcpy(buf, global_passwd, klen+1);
161 return klen;
162 }
163 }
164 return 0;
165 }
166
167 /*
168 * rand_enough() is a function that returns TRUE if we have seeded the random
169 * engine properly. We use some preprocessor magic to provide a seed_enough()
170 * macro to use, just to prevent a compiler warning on this function if we
171 * pass in an argument that is never used.
172 */
173
174 #ifdef HAVE_RAND_STATUS
175 #define seed_enough(x) rand_enough()
rand_enough(void)176 static bool rand_enough(void)
177 {
178 return (0 != RAND_status()) ? TRUE : FALSE;
179 }
180 #else
181 #define seed_enough(x) rand_enough(x)
rand_enough(int nread)182 static bool rand_enough(int nread)
183 {
184 /* this is a very silly decision to make */
185 return (nread > 500) ? TRUE : FALSE;
186 }
187 #endif
188
ossl_seed(struct Curl_easy * data)189 static int ossl_seed(struct Curl_easy *data)
190 {
191 char *buf = data->state.buffer; /* point to the big buffer */
192 int nread=0;
193
194 /* Q: should we add support for a random file name as a libcurl option?
195 A: Yes, it is here */
196
197 #ifndef RANDOM_FILE
198 /* if RANDOM_FILE isn't defined, we only perform this if an option tells
199 us to! */
200 if(data->set.ssl.random_file)
201 #define RANDOM_FILE "" /* doesn't matter won't be used */
202 #endif
203 {
204 /* let the option override the define */
205 nread += RAND_load_file((data->set.str[STRING_SSL_RANDOM_FILE]?
206 data->set.str[STRING_SSL_RANDOM_FILE]:
207 RANDOM_FILE),
208 RAND_LOAD_LENGTH);
209 if(seed_enough(nread))
210 return nread;
211 }
212
213 #if defined(HAVE_RAND_EGD)
214 /* only available in OpenSSL 0.9.5 and later */
215 /* EGD_SOCKET is set at configure time or not at all */
216 #ifndef EGD_SOCKET
217 /* If we don't have the define set, we only do this if the egd-option
218 is set */
219 if(data->set.str[STRING_SSL_EGDSOCKET])
220 #define EGD_SOCKET "" /* doesn't matter won't be used */
221 #endif
222 {
223 /* If there's an option and a define, the option overrides the
224 define */
225 int ret = RAND_egd(data->set.str[STRING_SSL_EGDSOCKET]?
226 data->set.str[STRING_SSL_EGDSOCKET]:EGD_SOCKET);
227 if(-1 != ret) {
228 nread += ret;
229 if(seed_enough(nread))
230 return nread;
231 }
232 }
233 #endif
234
235 /* If we get here, it means we need to seed the PRNG using a "silly"
236 approach! */
237 do {
238 unsigned char randb[64];
239 int len = sizeof(randb);
240 RAND_bytes(randb, len);
241 RAND_add(randb, len, (len >> 1));
242 } while(!RAND_status());
243
244 /* generates a default path for the random seed file */
245 buf[0]=0; /* blank it first */
246 RAND_file_name(buf, BUFSIZE);
247 if(buf[0]) {
248 /* we got a file name to try */
249 nread += RAND_load_file(buf, RAND_LOAD_LENGTH);
250 if(seed_enough(nread))
251 return nread;
252 }
253
254 infof(data, "libcurl is now using a weak random seed!\n");
255 return nread;
256 }
257
Curl_ossl_seed(struct Curl_easy * data)258 static void Curl_ossl_seed(struct Curl_easy *data)
259 {
260 /* we have the "SSL is seeded" boolean static to prevent multiple
261 time-consuming seedings in vain */
262 static bool ssl_seeded = FALSE;
263
264 if(!ssl_seeded || data->set.str[STRING_SSL_RANDOM_FILE] ||
265 data->set.str[STRING_SSL_EGDSOCKET]) {
266 ossl_seed(data);
267 ssl_seeded = TRUE;
268 }
269 }
270
271 #ifndef SSL_FILETYPE_ENGINE
272 #define SSL_FILETYPE_ENGINE 42
273 #endif
274 #ifndef SSL_FILETYPE_PKCS12
275 #define SSL_FILETYPE_PKCS12 43
276 #endif
do_file_type(const char * type)277 static int do_file_type(const char *type)
278 {
279 if(!type || !type[0])
280 return SSL_FILETYPE_PEM;
281 if(Curl_raw_equal(type, "PEM"))
282 return SSL_FILETYPE_PEM;
283 if(Curl_raw_equal(type, "DER"))
284 return SSL_FILETYPE_ASN1;
285 if(Curl_raw_equal(type, "ENG"))
286 return SSL_FILETYPE_ENGINE;
287 if(Curl_raw_equal(type, "P12"))
288 return SSL_FILETYPE_PKCS12;
289 return -1;
290 }
291
292 #if defined(HAVE_OPENSSL_ENGINE_H)
293 /*
294 * Supply default password to the engine user interface conversation.
295 * The password is passed by OpenSSL engine from ENGINE_load_private_key()
296 * last argument to the ui and can be obtained by UI_get0_user_data(ui) here.
297 */
ssl_ui_reader(UI * ui,UI_STRING * uis)298 static int ssl_ui_reader(UI *ui, UI_STRING *uis)
299 {
300 const char *password;
301 switch(UI_get_string_type(uis)) {
302 case UIT_PROMPT:
303 case UIT_VERIFY:
304 password = (const char*)UI_get0_user_data(ui);
305 if(password && (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD)) {
306 UI_set_result(ui, uis, password);
307 return 1;
308 }
309 default:
310 break;
311 }
312 return (UI_method_get_reader(UI_OpenSSL()))(ui, uis);
313 }
314
315 /*
316 * Suppress interactive request for a default password if available.
317 */
ssl_ui_writer(UI * ui,UI_STRING * uis)318 static int ssl_ui_writer(UI *ui, UI_STRING *uis)
319 {
320 switch(UI_get_string_type(uis)) {
321 case UIT_PROMPT:
322 case UIT_VERIFY:
323 if(UI_get0_user_data(ui) &&
324 (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD)) {
325 return 1;
326 }
327 default:
328 break;
329 }
330 return (UI_method_get_writer(UI_OpenSSL()))(ui, uis);
331 }
332 #endif
333
334 static
cert_stuff(struct connectdata * conn,SSL_CTX * ctx,char * cert_file,const char * cert_type,char * key_file,const char * key_type)335 int cert_stuff(struct connectdata *conn,
336 SSL_CTX* ctx,
337 char *cert_file,
338 const char *cert_type,
339 char *key_file,
340 const char *key_type)
341 {
342 struct Curl_easy *data = conn->data;
343
344 int file_type = do_file_type(cert_type);
345
346 if(cert_file || (file_type == SSL_FILETYPE_ENGINE)) {
347 SSL *ssl;
348 X509 *x509;
349 int cert_done = 0;
350
351 if(data->set.str[STRING_KEY_PASSWD]) {
352 /* set the password in the callback userdata */
353 SSL_CTX_set_default_passwd_cb_userdata(ctx,
354 data->set.str[STRING_KEY_PASSWD]);
355 /* Set passwd callback: */
356 SSL_CTX_set_default_passwd_cb(ctx, passwd_callback);
357 }
358
359
360 switch(file_type) {
361 case SSL_FILETYPE_PEM:
362 /* SSL_CTX_use_certificate_chain_file() only works on PEM files */
363 if(SSL_CTX_use_certificate_chain_file(ctx,
364 cert_file) != 1) {
365 failf(data,
366 "could not load PEM client certificate, " OSSL_PACKAGE
367 " error %s, "
368 "(no key found, wrong pass phrase, or wrong file format?)",
369 ERR_error_string(ERR_get_error(), NULL) );
370 return 0;
371 }
372 break;
373
374 case SSL_FILETYPE_ASN1:
375 /* SSL_CTX_use_certificate_file() works with either PEM or ASN1, but
376 we use the case above for PEM so this can only be performed with
377 ASN1 files. */
378 if(SSL_CTX_use_certificate_file(ctx,
379 cert_file,
380 file_type) != 1) {
381 failf(data,
382 "could not load ASN1 client certificate, " OSSL_PACKAGE
383 " error %s, "
384 "(no key found, wrong pass phrase, or wrong file format?)",
385 ERR_error_string(ERR_get_error(), NULL) );
386 return 0;
387 }
388 break;
389 case SSL_FILETYPE_ENGINE:
390 #if defined(HAVE_OPENSSL_ENGINE_H) && defined(ENGINE_CTRL_GET_CMD_FROM_NAME)
391 {
392 if(data->state.engine) {
393 const char *cmd_name = "LOAD_CERT_CTRL";
394 struct {
395 const char *cert_id;
396 X509 *cert;
397 } params;
398
399 params.cert_id = cert_file;
400 params.cert = NULL;
401
402 /* Does the engine supports LOAD_CERT_CTRL ? */
403 if(!ENGINE_ctrl(data->state.engine, ENGINE_CTRL_GET_CMD_FROM_NAME,
404 0, (void *)cmd_name, NULL)) {
405 failf(data, "ssl engine does not support loading certificates");
406 return 0;
407 }
408
409 /* Load the certificate from the engine */
410 if(!ENGINE_ctrl_cmd(data->state.engine, cmd_name,
411 0, ¶ms, NULL, 1)) {
412 failf(data, "ssl engine cannot load client cert with id"
413 " '%s' [%s]", cert_file,
414 ERR_error_string(ERR_get_error(), NULL));
415 return 0;
416 }
417
418 if(!params.cert) {
419 failf(data, "ssl engine didn't initialized the certificate "
420 "properly.");
421 return 0;
422 }
423
424 if(SSL_CTX_use_certificate(ctx, params.cert) != 1) {
425 failf(data, "unable to set client certificate");
426 X509_free(params.cert);
427 return 0;
428 }
429 X509_free(params.cert); /* we don't need the handle any more... */
430 }
431 else {
432 failf(data, "crypto engine not set, can't load certificate");
433 return 0;
434 }
435 }
436 break;
437 #else
438 failf(data, "file type ENG for certificate not implemented");
439 return 0;
440 #endif
441
442 case SSL_FILETYPE_PKCS12:
443 {
444 #ifdef HAVE_OPENSSL_PKCS12_H
445 FILE *f;
446 PKCS12 *p12;
447 EVP_PKEY *pri;
448 STACK_OF(X509) *ca = NULL;
449
450 f = fopen(cert_file, "rb");
451 if(!f) {
452 failf(data, "could not open PKCS12 file '%s'", cert_file);
453 return 0;
454 }
455 p12 = d2i_PKCS12_fp(f, NULL);
456 fclose(f);
457
458 if(!p12) {
459 failf(data, "error reading PKCS12 file '%s'", cert_file);
460 return 0;
461 }
462
463 PKCS12_PBE_add();
464
465 if(!PKCS12_parse(p12, data->set.str[STRING_KEY_PASSWD], &pri, &x509,
466 &ca)) {
467 failf(data,
468 "could not parse PKCS12 file, check password, " OSSL_PACKAGE
469 " error %s",
470 ERR_error_string(ERR_get_error(), NULL) );
471 PKCS12_free(p12);
472 return 0;
473 }
474
475 PKCS12_free(p12);
476
477 if(SSL_CTX_use_certificate(ctx, x509) != 1) {
478 failf(data,
479 "could not load PKCS12 client certificate, " OSSL_PACKAGE
480 " error %s",
481 ERR_error_string(ERR_get_error(), NULL) );
482 goto fail;
483 }
484
485 if(SSL_CTX_use_PrivateKey(ctx, pri) != 1) {
486 failf(data, "unable to use private key from PKCS12 file '%s'",
487 cert_file);
488 goto fail;
489 }
490
491 if(!SSL_CTX_check_private_key (ctx)) {
492 failf(data, "private key from PKCS12 file '%s' "
493 "does not match certificate in same file", cert_file);
494 goto fail;
495 }
496 /* Set Certificate Verification chain */
497 if(ca) {
498 while(sk_X509_num(ca)) {
499 /*
500 * Note that sk_X509_pop() is used below to make sure the cert is
501 * removed from the stack properly before getting passed to
502 * SSL_CTX_add_extra_chain_cert(). Previously we used
503 * sk_X509_value() instead, but then we'd clean it in the subsequent
504 * sk_X509_pop_free() call.
505 */
506 X509 *x = sk_X509_pop(ca);
507 if(!SSL_CTX_add_extra_chain_cert(ctx, x)) {
508 X509_free(x);
509 failf(data, "cannot add certificate to certificate chain");
510 goto fail;
511 }
512 /* SSL_CTX_add_client_CA() seems to work with either sk_* function,
513 * presumably because it duplicates what we pass to it.
514 */
515 if(!SSL_CTX_add_client_CA(ctx, x)) {
516 failf(data, "cannot add certificate to client CA list");
517 goto fail;
518 }
519 }
520 }
521
522 cert_done = 1;
523 fail:
524 EVP_PKEY_free(pri);
525 X509_free(x509);
526 sk_X509_pop_free(ca, X509_free);
527
528 if(!cert_done)
529 return 0; /* failure! */
530 break;
531 #else
532 failf(data, "file type P12 for certificate not supported");
533 return 0;
534 #endif
535 }
536 default:
537 failf(data, "not supported file type '%s' for certificate", cert_type);
538 return 0;
539 }
540
541 file_type = do_file_type(key_type);
542
543 switch(file_type) {
544 case SSL_FILETYPE_PEM:
545 if(cert_done)
546 break;
547 if(!key_file)
548 /* cert & key can only be in PEM case in the same file */
549 key_file=cert_file;
550 case SSL_FILETYPE_ASN1:
551 if(SSL_CTX_use_PrivateKey_file(ctx, key_file, file_type) != 1) {
552 failf(data, "unable to set private key file: '%s' type %s",
553 key_file, key_type?key_type:"PEM");
554 return 0;
555 }
556 break;
557 case SSL_FILETYPE_ENGINE:
558 #ifdef HAVE_OPENSSL_ENGINE_H
559 { /* XXXX still needs some work */
560 EVP_PKEY *priv_key = NULL;
561 if(data->state.engine) {
562 UI_METHOD *ui_method =
563 UI_create_method((char *)"cURL user interface");
564 if(!ui_method) {
565 failf(data, "unable do create " OSSL_PACKAGE
566 " user-interface method");
567 return 0;
568 }
569 UI_method_set_opener(ui_method, UI_method_get_opener(UI_OpenSSL()));
570 UI_method_set_closer(ui_method, UI_method_get_closer(UI_OpenSSL()));
571 UI_method_set_reader(ui_method, ssl_ui_reader);
572 UI_method_set_writer(ui_method, ssl_ui_writer);
573 /* the typecast below was added to please mingw32 */
574 priv_key = (EVP_PKEY *)
575 ENGINE_load_private_key(data->state.engine, key_file,
576 ui_method,
577 data->set.str[STRING_KEY_PASSWD]);
578 UI_destroy_method(ui_method);
579 if(!priv_key) {
580 failf(data, "failed to load private key from crypto engine");
581 return 0;
582 }
583 if(SSL_CTX_use_PrivateKey(ctx, priv_key) != 1) {
584 failf(data, "unable to set private key");
585 EVP_PKEY_free(priv_key);
586 return 0;
587 }
588 EVP_PKEY_free(priv_key); /* we don't need the handle any more... */
589 }
590 else {
591 failf(data, "crypto engine not set, can't load private key");
592 return 0;
593 }
594 }
595 break;
596 #else
597 failf(data, "file type ENG for private key not supported");
598 return 0;
599 #endif
600 case SSL_FILETYPE_PKCS12:
601 if(!cert_done) {
602 failf(data, "file type P12 for private key not supported");
603 return 0;
604 }
605 break;
606 default:
607 failf(data, "not supported file type for private key");
608 return 0;
609 }
610
611 ssl=SSL_new(ctx);
612 if(!ssl) {
613 failf(data, "unable to create an SSL structure");
614 return 0;
615 }
616
617 x509=SSL_get_certificate(ssl);
618
619 /* This version was provided by Evan Jordan and is supposed to not
620 leak memory as the previous version: */
621 if(x509) {
622 EVP_PKEY *pktmp = X509_get_pubkey(x509);
623 EVP_PKEY_copy_parameters(pktmp, SSL_get_privatekey(ssl));
624 EVP_PKEY_free(pktmp);
625 }
626
627 SSL_free(ssl);
628
629 /* If we are using DSA, we can copy the parameters from
630 * the private key */
631
632
633 /* Now we know that a key and cert have been set against
634 * the SSL context */
635 if(!SSL_CTX_check_private_key(ctx)) {
636 failf(data, "Private key does not match the certificate public key");
637 return 0;
638 }
639 }
640 return 1;
641 }
642
643 /* returns non-zero on failure */
x509_name_oneline(X509_NAME * a,char * buf,size_t size)644 static int x509_name_oneline(X509_NAME *a, char *buf, size_t size)
645 {
646 #if 0
647 return X509_NAME_oneline(a, buf, size);
648 #else
649 BIO *bio_out = BIO_new(BIO_s_mem());
650 BUF_MEM *biomem;
651 int rc;
652
653 if(!bio_out)
654 return 1; /* alloc failed! */
655
656 rc = X509_NAME_print_ex(bio_out, a, 0, XN_FLAG_SEP_SPLUS_SPC);
657 BIO_get_mem_ptr(bio_out, &biomem);
658
659 if((size_t)biomem->length < size)
660 size = biomem->length;
661 else
662 size--; /* don't overwrite the buffer end */
663
664 memcpy(buf, biomem->data, size);
665 buf[size]=0;
666
667 BIO_free(bio_out);
668
669 return !rc;
670 #endif
671 }
672
673 /* Return error string for last OpenSSL error
674 */
ossl_strerror(unsigned long error,char * buf,size_t size)675 static char *ossl_strerror(unsigned long error, char *buf, size_t size)
676 {
677 /* OpenSSL 0.9.6 and later has a function named
678 ERR_error_string_n() that takes the size of the buffer as a
679 third argument */
680 ERR_error_string_n(error, buf, size);
681 return buf;
682 }
683
684 /**
685 * Global SSL init
686 *
687 * @retval 0 error initializing SSL
688 * @retval 1 SSL initialized successfully
689 */
Curl_ossl_init(void)690 int Curl_ossl_init(void)
691 {
692 OPENSSL_load_builtin_modules();
693
694 #ifdef HAVE_ENGINE_LOAD_BUILTIN_ENGINES
695 ENGINE_load_builtin_engines();
696 #endif
697
698 /* OPENSSL_config(NULL); is "strongly recommended" to use but unfortunately
699 that function makes an exit() call on wrongly formatted config files
700 which makes it hard to use in some situations. OPENSSL_config() itself
701 calls CONF_modules_load_file() and we use that instead and we ignore
702 its return code! */
703
704 /* CONF_MFLAGS_DEFAULT_SECTION introduced some time between 0.9.8b and
705 0.9.8e */
706 #ifndef CONF_MFLAGS_DEFAULT_SECTION
707 #define CONF_MFLAGS_DEFAULT_SECTION 0x0
708 #endif
709
710 CONF_modules_load_file(NULL, NULL,
711 CONF_MFLAGS_DEFAULT_SECTION|
712 CONF_MFLAGS_IGNORE_MISSING_FILE);
713
714 /* Lets get nice error messages */
715 SSL_load_error_strings();
716
717 /* Init the global ciphers and digests */
718 if(!SSLeay_add_ssl_algorithms())
719 return 0;
720
721 OpenSSL_add_all_algorithms();
722
723 return 1;
724 }
725
726 /* Global cleanup */
Curl_ossl_cleanup(void)727 void Curl_ossl_cleanup(void)
728 {
729 /* Free ciphers and digests lists */
730 EVP_cleanup();
731
732 #ifdef HAVE_ENGINE_CLEANUP
733 /* Free engine list */
734 ENGINE_cleanup();
735 #endif
736
737 #ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA
738 /* Free OpenSSL ex_data table */
739 CRYPTO_cleanup_all_ex_data();
740 #endif
741
742 /* Free OpenSSL error strings */
743 ERR_free_strings();
744
745 /* Free thread local error state, destroying hash upon zero refcount */
746 #ifdef HAVE_ERR_REMOVE_THREAD_STATE_DEPRECATED
747
748 #elif defined(HAVE_ERR_REMOVE_THREAD_STATE)
749 ERR_remove_thread_state(NULL);
750 #else
751 ERR_remove_state(0);
752 #endif
753
754 /* Free all memory allocated by all configuration modules */
755 CONF_modules_free();
756
757 #ifdef HAVE_SSL_COMP_FREE_COMPRESSION_METHODS
758 SSL_COMP_free_compression_methods();
759 #endif
760 }
761
762 /*
763 * This function is used to determine connection status.
764 *
765 * Return codes:
766 * 1 means the connection is still in place
767 * 0 means the connection has been closed
768 * -1 means the connection status is unknown
769 */
Curl_ossl_check_cxn(struct connectdata * conn)770 int Curl_ossl_check_cxn(struct connectdata *conn)
771 {
772 /* SSL_peek takes data out of the raw recv buffer without peeking so we use
773 recv MSG_PEEK instead. Bug #795 */
774 #ifdef MSG_PEEK
775 char buf;
776 ssize_t nread;
777 nread = recv((RECV_TYPE_ARG1)conn->sock[FIRSTSOCKET], (RECV_TYPE_ARG2)&buf,
778 (RECV_TYPE_ARG3)1, (RECV_TYPE_ARG4)MSG_PEEK);
779 if(nread == 0)
780 return 0; /* connection has been closed */
781 else if(nread == 1)
782 return 1; /* connection still in place */
783 else if(nread == -1) {
784 int err = SOCKERRNO;
785 if(err == EINPROGRESS ||
786 #if defined(EAGAIN) && (EAGAIN != EWOULDBLOCK)
787 err == EAGAIN ||
788 #endif
789 err == EWOULDBLOCK)
790 return 1; /* connection still in place */
791 if(err == ECONNRESET ||
792 #ifdef ECONNABORTED
793 err == ECONNABORTED ||
794 #endif
795 #ifdef ENETDOWN
796 err == ENETDOWN ||
797 #endif
798 #ifdef ENETRESET
799 err == ENETRESET ||
800 #endif
801 #ifdef ESHUTDOWN
802 err == ESHUTDOWN ||
803 #endif
804 #ifdef ETIMEDOUT
805 err == ETIMEDOUT ||
806 #endif
807 err == ENOTCONN)
808 return 0; /* connection has been closed */
809 }
810 #endif
811 return -1; /* connection status unknown */
812 }
813
814 /* Selects an OpenSSL crypto engine
815 */
Curl_ossl_set_engine(struct Curl_easy * data,const char * engine)816 CURLcode Curl_ossl_set_engine(struct Curl_easy *data, const char *engine)
817 {
818 #if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H)
819 ENGINE *e;
820
821 #if OPENSSL_VERSION_NUMBER >= 0x00909000L
822 e = ENGINE_by_id(engine);
823 #else
824 /* avoid memory leak */
825 for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
826 const char *e_id = ENGINE_get_id(e);
827 if(!strcmp(engine, e_id))
828 break;
829 }
830 #endif
831
832 if(!e) {
833 failf(data, "SSL Engine '%s' not found", engine);
834 return CURLE_SSL_ENGINE_NOTFOUND;
835 }
836
837 if(data->state.engine) {
838 ENGINE_finish(data->state.engine);
839 ENGINE_free(data->state.engine);
840 data->state.engine = NULL;
841 }
842 if(!ENGINE_init(e)) {
843 char buf[256];
844
845 ENGINE_free(e);
846 failf(data, "Failed to initialise SSL Engine '%s':\n%s",
847 engine, ossl_strerror(ERR_get_error(), buf, sizeof(buf)));
848 return CURLE_SSL_ENGINE_INITFAILED;
849 }
850 data->state.engine = e;
851 return CURLE_OK;
852 #else
853 (void)engine;
854 failf(data, "SSL Engine not supported");
855 return CURLE_SSL_ENGINE_NOTFOUND;
856 #endif
857 }
858
859 /* Sets engine as default for all SSL operations
860 */
Curl_ossl_set_engine_default(struct Curl_easy * data)861 CURLcode Curl_ossl_set_engine_default(struct Curl_easy *data)
862 {
863 #ifdef HAVE_OPENSSL_ENGINE_H
864 if(data->state.engine) {
865 if(ENGINE_set_default(data->state.engine, ENGINE_METHOD_ALL) > 0) {
866 infof(data, "set default crypto engine '%s'\n",
867 ENGINE_get_id(data->state.engine));
868 }
869 else {
870 failf(data, "set default crypto engine '%s' failed",
871 ENGINE_get_id(data->state.engine));
872 return CURLE_SSL_ENGINE_SETFAILED;
873 }
874 }
875 #else
876 (void) data;
877 #endif
878 return CURLE_OK;
879 }
880
881 /* Return list of OpenSSL crypto engine names.
882 */
Curl_ossl_engines_list(struct Curl_easy * data)883 struct curl_slist *Curl_ossl_engines_list(struct Curl_easy *data)
884 {
885 struct curl_slist *list = NULL;
886 #if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H)
887 struct curl_slist *beg;
888 ENGINE *e;
889
890 for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
891 beg = curl_slist_append(list, ENGINE_get_id(e));
892 if(!beg) {
893 curl_slist_free_all(list);
894 return NULL;
895 }
896 list = beg;
897 }
898 #endif
899 (void) data;
900 return list;
901 }
902
903
904 /*
905 * This function is called when an SSL connection is closed.
906 */
Curl_ossl_close(struct connectdata * conn,int sockindex)907 void Curl_ossl_close(struct connectdata *conn, int sockindex)
908 {
909 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
910
911 if(connssl->handle) {
912 (void)SSL_shutdown(connssl->handle);
913 SSL_set_connect_state(connssl->handle);
914
915 SSL_free (connssl->handle);
916 connssl->handle = NULL;
917 }
918 if(connssl->ctx) {
919 SSL_CTX_free (connssl->ctx);
920 connssl->ctx = NULL;
921 }
922 }
923
924 /*
925 * This function is called to shut down the SSL layer but keep the
926 * socket open (CCC - Clear Command Channel)
927 */
Curl_ossl_shutdown(struct connectdata * conn,int sockindex)928 int Curl_ossl_shutdown(struct connectdata *conn, int sockindex)
929 {
930 int retval = 0;
931 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
932 struct Curl_easy *data = conn->data;
933 char buf[256]; /* We will use this for the OpenSSL error buffer, so it has
934 to be at least 256 bytes long. */
935 unsigned long sslerror;
936 ssize_t nread;
937 int buffsize;
938 int err;
939 int done = 0;
940
941 /* This has only been tested on the proftpd server, and the mod_tls code
942 sends a close notify alert without waiting for a close notify alert in
943 response. Thus we wait for a close notify alert from the server, but
944 we do not send one. Let's hope other servers do the same... */
945
946 if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE)
947 (void)SSL_shutdown(connssl->handle);
948
949 if(connssl->handle) {
950 buffsize = (int)sizeof(buf);
951 while(!done) {
952 int what = Curl_socket_ready(conn->sock[sockindex],
953 CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT);
954 if(what > 0) {
955 ERR_clear_error();
956
957 /* Something to read, let's do it and hope that it is the close
958 notify alert from the server */
959 nread = (ssize_t)SSL_read(conn->ssl[sockindex].handle, buf,
960 buffsize);
961 err = SSL_get_error(conn->ssl[sockindex].handle, (int)nread);
962
963 switch(err) {
964 case SSL_ERROR_NONE: /* this is not an error */
965 case SSL_ERROR_ZERO_RETURN: /* no more data */
966 /* This is the expected response. There was no data but only
967 the close notify alert */
968 done = 1;
969 break;
970 case SSL_ERROR_WANT_READ:
971 /* there's data pending, re-invoke SSL_read() */
972 infof(data, "SSL_ERROR_WANT_READ\n");
973 break;
974 case SSL_ERROR_WANT_WRITE:
975 /* SSL wants a write. Really odd. Let's bail out. */
976 infof(data, "SSL_ERROR_WANT_WRITE\n");
977 done = 1;
978 break;
979 default:
980 /* openssl/ssl.h says "look at error stack/return value/errno" */
981 sslerror = ERR_get_error();
982 failf(conn->data, OSSL_PACKAGE " SSL read: %s, errno %d",
983 ossl_strerror(sslerror, buf, sizeof(buf)),
984 SOCKERRNO);
985 done = 1;
986 break;
987 }
988 }
989 else if(0 == what) {
990 /* timeout */
991 failf(data, "SSL shutdown timeout");
992 done = 1;
993 }
994 else {
995 /* anything that gets here is fatally bad */
996 failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
997 retval = -1;
998 done = 1;
999 }
1000 } /* while()-loop for the select() */
1001
1002 if(data->set.verbose) {
1003 #ifdef HAVE_SSL_GET_SHUTDOWN
1004 switch(SSL_get_shutdown(connssl->handle)) {
1005 case SSL_SENT_SHUTDOWN:
1006 infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN\n");
1007 break;
1008 case SSL_RECEIVED_SHUTDOWN:
1009 infof(data, "SSL_get_shutdown() returned SSL_RECEIVED_SHUTDOWN\n");
1010 break;
1011 case SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN:
1012 infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN|"
1013 "SSL_RECEIVED__SHUTDOWN\n");
1014 break;
1015 }
1016 #endif
1017 }
1018
1019 SSL_free (connssl->handle);
1020 connssl->handle = NULL;
1021 }
1022 return retval;
1023 }
1024
Curl_ossl_session_free(void * ptr)1025 void Curl_ossl_session_free(void *ptr)
1026 {
1027 /* free the ID */
1028 SSL_SESSION_free(ptr);
1029 }
1030
1031 /*
1032 * This function is called when the 'data' struct is going away. Close
1033 * down everything and free all resources!
1034 */
Curl_ossl_close_all(struct Curl_easy * data)1035 void Curl_ossl_close_all(struct Curl_easy *data)
1036 {
1037 #ifdef HAVE_OPENSSL_ENGINE_H
1038 if(data->state.engine) {
1039 ENGINE_finish(data->state.engine);
1040 ENGINE_free(data->state.engine);
1041 data->state.engine = NULL;
1042 }
1043 #else
1044 (void)data;
1045 #endif
1046 }
1047
1048 /* ====================================================== */
1049
1050
1051 /* Quote from RFC2818 section 3.1 "Server Identity"
1052
1053 If a subjectAltName extension of type dNSName is present, that MUST
1054 be used as the identity. Otherwise, the (most specific) Common Name
1055 field in the Subject field of the certificate MUST be used. Although
1056 the use of the Common Name is existing practice, it is deprecated and
1057 Certification Authorities are encouraged to use the dNSName instead.
1058
1059 Matching is performed using the matching rules specified by
1060 [RFC2459]. If more than one identity of a given type is present in
1061 the certificate (e.g., more than one dNSName name, a match in any one
1062 of the set is considered acceptable.) Names may contain the wildcard
1063 character * which is considered to match any single domain name
1064 component or component fragment. E.g., *.a.com matches foo.a.com but
1065 not bar.foo.a.com. f*.com matches foo.com but not bar.com.
1066
1067 In some cases, the URI is specified as an IP address rather than a
1068 hostname. In this case, the iPAddress subjectAltName must be present
1069 in the certificate and must exactly match the IP in the URI.
1070
1071 */
verifyhost(struct connectdata * conn,X509 * server_cert)1072 static CURLcode verifyhost(struct connectdata *conn, X509 *server_cert)
1073 {
1074 bool matched = FALSE;
1075 int target = GEN_DNS; /* target type, GEN_DNS or GEN_IPADD */
1076 size_t addrlen = 0;
1077 struct Curl_easy *data = conn->data;
1078 STACK_OF(GENERAL_NAME) *altnames;
1079 #ifdef ENABLE_IPV6
1080 struct in6_addr addr;
1081 #else
1082 struct in_addr addr;
1083 #endif
1084 CURLcode result = CURLE_OK;
1085 bool dNSName = FALSE; /* if a dNSName field exists in the cert */
1086
1087 #ifdef ENABLE_IPV6
1088 if(conn->bits.ipv6_ip &&
1089 Curl_inet_pton(AF_INET6, conn->host.name, &addr)) {
1090 target = GEN_IPADD;
1091 addrlen = sizeof(struct in6_addr);
1092 }
1093 else
1094 #endif
1095 if(Curl_inet_pton(AF_INET, conn->host.name, &addr)) {
1096 target = GEN_IPADD;
1097 addrlen = sizeof(struct in_addr);
1098 }
1099
1100 /* get a "list" of alternative names */
1101 altnames = X509_get_ext_d2i(server_cert, NID_subject_alt_name, NULL, NULL);
1102
1103 if(altnames) {
1104 int numalts;
1105 int i;
1106 bool dnsmatched = FALSE;
1107 bool ipmatched = FALSE;
1108
1109 /* get amount of alternatives, RFC2459 claims there MUST be at least
1110 one, but we don't depend on it... */
1111 numalts = sk_GENERAL_NAME_num(altnames);
1112
1113 /* loop through all alternatives - until a dnsmatch */
1114 for(i=0; (i < numalts) && !dnsmatched; i++) {
1115 /* get a handle to alternative name number i */
1116 const GENERAL_NAME *check = sk_GENERAL_NAME_value(altnames, i);
1117
1118 /* If a subjectAltName extension of type dNSName is present, that MUST
1119 be used as the identity. / RFC2818 section 3.1 */
1120 if(check->type == GEN_DNS)
1121 dNSName = TRUE;
1122
1123 /* only check alternatives of the same type the target is */
1124 if(check->type == target) {
1125 /* get data and length */
1126 const char *altptr = (char *)ASN1_STRING_data(check->d.ia5);
1127 size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5);
1128
1129 switch(target) {
1130 case GEN_DNS: /* name/pattern comparison */
1131 /* The OpenSSL man page explicitly says: "In general it cannot be
1132 assumed that the data returned by ASN1_STRING_data() is null
1133 terminated or does not contain embedded nulls." But also that
1134 "The actual format of the data will depend on the actual string
1135 type itself: for example for and IA5String the data will be ASCII"
1136
1137 Gisle researched the OpenSSL sources:
1138 "I checked the 0.9.6 and 0.9.8 sources before my patch and
1139 it always 0-terminates an IA5String."
1140 */
1141 if((altlen == strlen(altptr)) &&
1142 /* if this isn't true, there was an embedded zero in the name
1143 string and we cannot match it. */
1144 Curl_cert_hostcheck(altptr, conn->host.name)) {
1145 dnsmatched = TRUE;
1146 infof(data,
1147 " subjectAltName: host \"%s\" matched cert's \"%s\"\n",
1148 conn->host.dispname, altptr);
1149 }
1150 break;
1151
1152 case GEN_IPADD: /* IP address comparison */
1153 /* compare alternative IP address if the data chunk is the same size
1154 our server IP address is */
1155 if((altlen == addrlen) && !memcmp(altptr, &addr, altlen)) {
1156 ipmatched = TRUE;
1157 infof(data,
1158 " subjectAltName: host \"%s\" matched cert's IP address!\n",
1159 conn->host.dispname);
1160 }
1161 break;
1162 }
1163 }
1164 }
1165 GENERAL_NAMES_free(altnames);
1166
1167 if(dnsmatched || (!dNSName && ipmatched)) {
1168 /* count as a match if the dnsname matched or if there was no dnsname
1169 fields at all AND there was an IP field match */
1170 matched = TRUE;
1171 }
1172 }
1173
1174 if(matched)
1175 /* an alternative name matched */
1176 ;
1177 else if(dNSName) {
1178 /* an dNSName field existed, but didn't match and then we MUST fail */
1179 infof(data, " subjectAltName does not match %s\n", conn->host.dispname);
1180 failf(data, "SSL: no alternative certificate subject name matches "
1181 "target host name '%s'", conn->host.dispname);
1182 result = CURLE_PEER_FAILED_VERIFICATION;
1183 }
1184 else {
1185 /* we have to look to the last occurrence of a commonName in the
1186 distinguished one to get the most significant one. */
1187 int j, i=-1;
1188
1189 /* The following is done because of a bug in 0.9.6b */
1190
1191 unsigned char *nulstr = (unsigned char *)"";
1192 unsigned char *peer_CN = nulstr;
1193
1194 X509_NAME *name = X509_get_subject_name(server_cert);
1195 if(name)
1196 while((j = X509_NAME_get_index_by_NID(name, NID_commonName, i))>=0)
1197 i=j;
1198
1199 /* we have the name entry and we will now convert this to a string
1200 that we can use for comparison. Doing this we support BMPstring,
1201 UTF8 etc. */
1202
1203 if(i>=0) {
1204 ASN1_STRING *tmp =
1205 X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
1206
1207 /* In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input
1208 is already UTF-8 encoded. We check for this case and copy the raw
1209 string manually to avoid the problem. This code can be made
1210 conditional in the future when OpenSSL has been fixed. Work-around
1211 brought by Alexis S. L. Carvalho. */
1212 if(tmp) {
1213 if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
1214 j = ASN1_STRING_length(tmp);
1215 if(j >= 0) {
1216 peer_CN = OPENSSL_malloc(j+1);
1217 if(peer_CN) {
1218 memcpy(peer_CN, ASN1_STRING_data(tmp), j);
1219 peer_CN[j] = '\0';
1220 }
1221 }
1222 }
1223 else /* not a UTF8 name */
1224 j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
1225
1226 if(peer_CN && (curlx_uztosi(strlen((char *)peer_CN)) != j)) {
1227 /* there was a terminating zero before the end of string, this
1228 cannot match and we return failure! */
1229 failf(data, "SSL: illegal cert name field");
1230 result = CURLE_PEER_FAILED_VERIFICATION;
1231 }
1232 }
1233 }
1234
1235 if(peer_CN == nulstr)
1236 peer_CN = NULL;
1237 else {
1238 /* convert peer_CN from UTF8 */
1239 CURLcode rc = Curl_convert_from_utf8(data, peer_CN, strlen(peer_CN));
1240 /* Curl_convert_from_utf8 calls failf if unsuccessful */
1241 if(rc) {
1242 OPENSSL_free(peer_CN);
1243 return rc;
1244 }
1245 }
1246
1247 if(result)
1248 /* error already detected, pass through */
1249 ;
1250 else if(!peer_CN) {
1251 failf(data,
1252 "SSL: unable to obtain common name from peer certificate");
1253 result = CURLE_PEER_FAILED_VERIFICATION;
1254 }
1255 else if(!Curl_cert_hostcheck((const char *)peer_CN, conn->host.name)) {
1256 failf(data, "SSL: certificate subject name '%s' does not match "
1257 "target host name '%s'", peer_CN, conn->host.dispname);
1258 result = CURLE_PEER_FAILED_VERIFICATION;
1259 }
1260 else {
1261 infof(data, " common name: %s (matched)\n", peer_CN);
1262 }
1263 if(peer_CN)
1264 OPENSSL_free(peer_CN);
1265 }
1266
1267 return result;
1268 }
1269
1270 #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
1271 !defined(OPENSSL_NO_OCSP)
verifystatus(struct connectdata * conn,struct ssl_connect_data * connssl)1272 static CURLcode verifystatus(struct connectdata *conn,
1273 struct ssl_connect_data *connssl)
1274 {
1275 int i, ocsp_status;
1276 const unsigned char *p;
1277 CURLcode result = CURLE_OK;
1278 struct Curl_easy *data = conn->data;
1279
1280 OCSP_RESPONSE *rsp = NULL;
1281 OCSP_BASICRESP *br = NULL;
1282 X509_STORE *st = NULL;
1283 STACK_OF(X509) *ch = NULL;
1284
1285 long len = SSL_get_tlsext_status_ocsp_resp(connssl->handle, &p);
1286
1287 if(!p) {
1288 failf(data, "No OCSP response received");
1289 result = CURLE_SSL_INVALIDCERTSTATUS;
1290 goto end;
1291 }
1292
1293 rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
1294 if(!rsp) {
1295 failf(data, "Invalid OCSP response");
1296 result = CURLE_SSL_INVALIDCERTSTATUS;
1297 goto end;
1298 }
1299
1300 ocsp_status = OCSP_response_status(rsp);
1301 if(ocsp_status != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
1302 failf(data, "Invalid OCSP response status: %s (%d)",
1303 OCSP_response_status_str(ocsp_status), ocsp_status);
1304 result = CURLE_SSL_INVALIDCERTSTATUS;
1305 goto end;
1306 }
1307
1308 br = OCSP_response_get1_basic(rsp);
1309 if(!br) {
1310 failf(data, "Invalid OCSP response");
1311 result = CURLE_SSL_INVALIDCERTSTATUS;
1312 goto end;
1313 }
1314
1315 ch = SSL_get_peer_cert_chain(connssl->handle);
1316 st = SSL_CTX_get_cert_store(connssl->ctx);
1317
1318 #if ((OPENSSL_VERSION_NUMBER <= 0x1000201fL) /* Fixed after 1.0.2a */ || \
1319 defined(LIBRESSL_VERSION_NUMBER))
1320 /* The authorized responder cert in the OCSP response MUST be signed by the
1321 peer cert's issuer (see RFC6960 section 4.2.2.2). If that's a root cert,
1322 no problem, but if it's an intermediate cert OpenSSL has a bug where it
1323 expects this issuer to be present in the chain embedded in the OCSP
1324 response. So we add it if necessary. */
1325
1326 /* First make sure the peer cert chain includes both a peer and an issuer,
1327 and the OCSP response contains a responder cert. */
1328 if(sk_X509_num(ch) >= 2 && sk_X509_num(br->certs) >= 1) {
1329 X509 *responder = sk_X509_value(br->certs, sk_X509_num(br->certs) - 1);
1330
1331 /* Find issuer of responder cert and add it to the OCSP response chain */
1332 for(i = 0; i < sk_X509_num(ch); i++) {
1333 X509 *issuer = sk_X509_value(ch, i);
1334 if(X509_check_issued(issuer, responder) == X509_V_OK) {
1335 if(!OCSP_basic_add1_cert(br, issuer)) {
1336 failf(data, "Could not add issuer cert to OCSP response");
1337 result = CURLE_SSL_INVALIDCERTSTATUS;
1338 goto end;
1339 }
1340 }
1341 }
1342 }
1343 #endif
1344
1345 if(OCSP_basic_verify(br, ch, st, 0) <= 0) {
1346 failf(data, "OCSP response verification failed");
1347 result = CURLE_SSL_INVALIDCERTSTATUS;
1348 goto end;
1349 }
1350
1351 for(i = 0; i < OCSP_resp_count(br); i++) {
1352 int cert_status, crl_reason;
1353 OCSP_SINGLERESP *single = NULL;
1354
1355 ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
1356
1357 single = OCSP_resp_get0(br, i);
1358 if(!single)
1359 continue;
1360
1361 cert_status = OCSP_single_get0_status(single, &crl_reason, &rev,
1362 &thisupd, &nextupd);
1363
1364 if(!OCSP_check_validity(thisupd, nextupd, 300L, -1L)) {
1365 failf(data, "OCSP response has expired");
1366 result = CURLE_SSL_INVALIDCERTSTATUS;
1367 goto end;
1368 }
1369
1370 infof(data, "SSL certificate status: %s (%d)\n",
1371 OCSP_cert_status_str(cert_status), cert_status);
1372
1373 switch(cert_status) {
1374 case V_OCSP_CERTSTATUS_GOOD:
1375 break;
1376
1377 case V_OCSP_CERTSTATUS_REVOKED:
1378 result = CURLE_SSL_INVALIDCERTSTATUS;
1379
1380 failf(data, "SSL certificate revocation reason: %s (%d)",
1381 OCSP_crl_reason_str(crl_reason), crl_reason);
1382 goto end;
1383
1384 case V_OCSP_CERTSTATUS_UNKNOWN:
1385 result = CURLE_SSL_INVALIDCERTSTATUS;
1386 goto end;
1387 }
1388 }
1389
1390 end:
1391 if(br) OCSP_BASICRESP_free(br);
1392 OCSP_RESPONSE_free(rsp);
1393
1394 return result;
1395 }
1396 #endif
1397
1398 #endif /* USE_OPENSSL */
1399
1400 /* The SSL_CTRL_SET_MSG_CALLBACK doesn't exist in ancient OpenSSL versions
1401 and thus this cannot be done there. */
1402 #ifdef SSL_CTRL_SET_MSG_CALLBACK
1403
ssl_msg_type(int ssl_ver,int msg)1404 static const char *ssl_msg_type(int ssl_ver, int msg)
1405 {
1406 #ifdef SSL2_VERSION_MAJOR
1407 if(ssl_ver == SSL2_VERSION_MAJOR) {
1408 switch (msg) {
1409 case SSL2_MT_ERROR:
1410 return "Error";
1411 case SSL2_MT_CLIENT_HELLO:
1412 return "Client hello";
1413 case SSL2_MT_CLIENT_MASTER_KEY:
1414 return "Client key";
1415 case SSL2_MT_CLIENT_FINISHED:
1416 return "Client finished";
1417 case SSL2_MT_SERVER_HELLO:
1418 return "Server hello";
1419 case SSL2_MT_SERVER_VERIFY:
1420 return "Server verify";
1421 case SSL2_MT_SERVER_FINISHED:
1422 return "Server finished";
1423 case SSL2_MT_REQUEST_CERTIFICATE:
1424 return "Request CERT";
1425 case SSL2_MT_CLIENT_CERTIFICATE:
1426 return "Client CERT";
1427 }
1428 }
1429 else
1430 #endif
1431 if(ssl_ver == SSL3_VERSION_MAJOR) {
1432 switch (msg) {
1433 case SSL3_MT_HELLO_REQUEST:
1434 return "Hello request";
1435 case SSL3_MT_CLIENT_HELLO:
1436 return "Client hello";
1437 case SSL3_MT_SERVER_HELLO:
1438 return "Server hello";
1439 #ifdef SSL3_MT_NEWSESSION_TICKET
1440 case SSL3_MT_NEWSESSION_TICKET:
1441 return "Newsession Ticket";
1442 #endif
1443 case SSL3_MT_CERTIFICATE:
1444 return "Certificate";
1445 case SSL3_MT_SERVER_KEY_EXCHANGE:
1446 return "Server key exchange";
1447 case SSL3_MT_CLIENT_KEY_EXCHANGE:
1448 return "Client key exchange";
1449 case SSL3_MT_CERTIFICATE_REQUEST:
1450 return "Request CERT";
1451 case SSL3_MT_SERVER_DONE:
1452 return "Server finished";
1453 case SSL3_MT_CERTIFICATE_VERIFY:
1454 return "CERT verify";
1455 case SSL3_MT_FINISHED:
1456 return "Finished";
1457 #ifdef SSL3_MT_CERTIFICATE_STATUS
1458 case SSL3_MT_CERTIFICATE_STATUS:
1459 return "Certificate Status";
1460 #endif
1461 }
1462 }
1463 return "Unknown";
1464 }
1465
tls_rt_type(int type)1466 static const char *tls_rt_type(int type)
1467 {
1468 switch(type) {
1469 #ifdef SSL3_RT_HEADER
1470 case SSL3_RT_HEADER:
1471 return "TLS header";
1472 #endif
1473 case SSL3_RT_CHANGE_CIPHER_SPEC:
1474 return "TLS change cipher";
1475 case SSL3_RT_ALERT:
1476 return "TLS alert";
1477 case SSL3_RT_HANDSHAKE:
1478 return "TLS handshake";
1479 case SSL3_RT_APPLICATION_DATA:
1480 return "TLS app data";
1481 default:
1482 return "TLS Unknown";
1483 }
1484 }
1485
1486
1487 /*
1488 * Our callback from the SSL/TLS layers.
1489 */
ssl_tls_trace(int direction,int ssl_ver,int content_type,const void * buf,size_t len,SSL * ssl,void * userp)1490 static void ssl_tls_trace(int direction, int ssl_ver, int content_type,
1491 const void *buf, size_t len, SSL *ssl,
1492 void *userp)
1493 {
1494 struct Curl_easy *data;
1495 const char *msg_name, *tls_rt_name;
1496 char ssl_buf[1024];
1497 char unknown[32];
1498 int msg_type, txt_len;
1499 const char *verstr = NULL;
1500 struct connectdata *conn = userp;
1501
1502 if(!conn || !conn->data || !conn->data->set.fdebug ||
1503 (direction != 0 && direction != 1))
1504 return;
1505
1506 data = conn->data;
1507
1508 switch(ssl_ver) {
1509 #ifdef SSL2_VERSION /* removed in recent versions */
1510 case SSL2_VERSION:
1511 verstr = "SSLv2";
1512 break;
1513 #endif
1514 #ifdef SSL3_VERSION
1515 case SSL3_VERSION:
1516 verstr = "SSLv3";
1517 break;
1518 #endif
1519 case TLS1_VERSION:
1520 verstr = "TLSv1.0";
1521 break;
1522 #ifdef TLS1_1_VERSION
1523 case TLS1_1_VERSION:
1524 verstr = "TLSv1.1";
1525 break;
1526 #endif
1527 #ifdef TLS1_2_VERSION
1528 case TLS1_2_VERSION:
1529 verstr = "TLSv1.2";
1530 break;
1531 #endif
1532 case 0:
1533 break;
1534 default:
1535 snprintf(unknown, sizeof(unknown), "(%x)", ssl_ver);
1536 verstr = unknown;
1537 break;
1538 }
1539
1540 if(ssl_ver) {
1541 /* the info given when the version is zero is not that useful for us */
1542
1543 ssl_ver >>= 8; /* check the upper 8 bits only below */
1544
1545 /* SSLv2 doesn't seem to have TLS record-type headers, so OpenSSL
1546 * always pass-up content-type as 0. But the interesting message-type
1547 * is at 'buf[0]'.
1548 */
1549 if(ssl_ver == SSL3_VERSION_MAJOR && content_type)
1550 tls_rt_name = tls_rt_type(content_type);
1551 else
1552 tls_rt_name = "";
1553
1554 msg_type = *(char*)buf;
1555 msg_name = ssl_msg_type(ssl_ver, msg_type);
1556
1557 txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "%s (%s), %s, %s (%d):\n",
1558 verstr, direction?"OUT":"IN",
1559 tls_rt_name, msg_name, msg_type);
1560 Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL);
1561 }
1562
1563 Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT :
1564 CURLINFO_SSL_DATA_IN, (char *)buf, len, NULL);
1565 (void) ssl;
1566 }
1567 #endif
1568
1569 #ifdef USE_OPENSSL
1570 /* ====================================================== */
1571
1572 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
1573 # define use_sni(x) sni = (x)
1574 #else
1575 # define use_sni(x) Curl_nop_stmt
1576 #endif
1577
1578 /* Check for OpenSSL 1.0.2 which has ALPN support. */
1579 #undef HAS_ALPN
1580 #if OPENSSL_VERSION_NUMBER >= 0x10002000L \
1581 && !defined(OPENSSL_NO_TLSEXT)
1582 # define HAS_ALPN 1
1583 #endif
1584
1585 /* Check for OpenSSL 1.0.1 which has NPN support. */
1586 #undef HAS_NPN
1587 #if OPENSSL_VERSION_NUMBER >= 0x10001000L \
1588 && !defined(OPENSSL_NO_TLSEXT) \
1589 && !defined(OPENSSL_NO_NEXTPROTONEG)
1590 # define HAS_NPN 1
1591 #endif
1592
1593 #ifdef HAS_NPN
1594
1595 /*
1596 * in is a list of lenght prefixed strings. this function has to select
1597 * the protocol we want to use from the list and write its string into out.
1598 */
1599
1600 static int
select_next_protocol(unsigned char ** out,unsigned char * outlen,const unsigned char * in,unsigned int inlen,const char * key,unsigned int keylen)1601 select_next_protocol(unsigned char **out, unsigned char *outlen,
1602 const unsigned char *in, unsigned int inlen,
1603 const char *key, unsigned int keylen)
1604 {
1605 unsigned int i;
1606 for(i = 0; i + keylen <= inlen; i += in[i] + 1) {
1607 if(memcmp(&in[i + 1], key, keylen) == 0) {
1608 *out = (unsigned char *) &in[i + 1];
1609 *outlen = in[i];
1610 return 0;
1611 }
1612 }
1613 return -1;
1614 }
1615
1616 static int
select_next_proto_cb(SSL * ssl,unsigned char ** out,unsigned char * outlen,const unsigned char * in,unsigned int inlen,void * arg)1617 select_next_proto_cb(SSL *ssl,
1618 unsigned char **out, unsigned char *outlen,
1619 const unsigned char *in, unsigned int inlen,
1620 void *arg)
1621 {
1622 struct connectdata *conn = (struct connectdata*) arg;
1623
1624 (void)ssl;
1625
1626 #ifdef USE_NGHTTP2
1627 if(conn->data->set.httpversion >= CURL_HTTP_VERSION_2 &&
1628 !select_next_protocol(out, outlen, in, inlen, NGHTTP2_PROTO_VERSION_ID,
1629 NGHTTP2_PROTO_VERSION_ID_LEN)) {
1630 infof(conn->data, "NPN, negotiated HTTP2 (%s)\n",
1631 NGHTTP2_PROTO_VERSION_ID);
1632 conn->negnpn = CURL_HTTP_VERSION_2;
1633 return SSL_TLSEXT_ERR_OK;
1634 }
1635 #endif
1636
1637 if(!select_next_protocol(out, outlen, in, inlen, ALPN_HTTP_1_1,
1638 ALPN_HTTP_1_1_LENGTH)) {
1639 infof(conn->data, "NPN, negotiated HTTP1.1\n");
1640 conn->negnpn = CURL_HTTP_VERSION_1_1;
1641 return SSL_TLSEXT_ERR_OK;
1642 }
1643
1644 infof(conn->data, "NPN, no overlap, use HTTP1.1\n");
1645 *out = (unsigned char *)ALPN_HTTP_1_1;
1646 *outlen = ALPN_HTTP_1_1_LENGTH;
1647 conn->negnpn = CURL_HTTP_VERSION_1_1;
1648
1649 return SSL_TLSEXT_ERR_OK;
1650 }
1651 #endif /* HAS_NPN */
1652
1653 static const char *
get_ssl_version_txt(SSL * ssl)1654 get_ssl_version_txt(SSL *ssl)
1655 {
1656 if(!ssl)
1657 return "";
1658
1659 switch(SSL_version(ssl)) {
1660 #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
1661 case TLS1_2_VERSION:
1662 return "TLSv1.2";
1663 case TLS1_1_VERSION:
1664 return "TLSv1.1";
1665 #endif
1666 case TLS1_VERSION:
1667 return "TLSv1.0";
1668 case SSL3_VERSION:
1669 return "SSLv3";
1670 case SSL2_VERSION:
1671 return "SSLv2";
1672 }
1673 return "unknown";
1674 }
1675
ossl_connect_step1(struct connectdata * conn,int sockindex)1676 static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
1677 {
1678 CURLcode result = CURLE_OK;
1679 char *ciphers;
1680 struct Curl_easy *data = conn->data;
1681 SSL_METHOD_QUAL SSL_METHOD *req_method = NULL;
1682 X509_LOOKUP *lookup = NULL;
1683 curl_socket_t sockfd = conn->sock[sockindex];
1684 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
1685 long ctx_options;
1686 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
1687 bool sni;
1688 #ifdef ENABLE_IPV6
1689 struct in6_addr addr;
1690 #else
1691 struct in_addr addr;
1692 #endif
1693 #endif
1694
1695 DEBUGASSERT(ssl_connect_1 == connssl->connecting_state);
1696
1697 /* Make funny stuff to get random input */
1698 Curl_ossl_seed(data);
1699
1700 data->set.ssl.certverifyresult = !X509_V_OK;
1701
1702 /* check to see if we've been told to use an explicit SSL/TLS version */
1703
1704 switch(data->set.ssl.version) {
1705 default:
1706 case CURL_SSLVERSION_DEFAULT:
1707 case CURL_SSLVERSION_TLSv1:
1708 case CURL_SSLVERSION_TLSv1_0:
1709 case CURL_SSLVERSION_TLSv1_1:
1710 case CURL_SSLVERSION_TLSv1_2:
1711 /* it will be handled later with the context options */
1712 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
1713 !defined(LIBRESSL_VERSION_NUMBER)
1714 req_method = TLS_client_method();
1715 #else
1716 req_method = SSLv23_client_method();
1717 #endif
1718 use_sni(TRUE);
1719 break;
1720 case CURL_SSLVERSION_SSLv2:
1721 #ifdef OPENSSL_NO_SSL2
1722 failf(data, OSSL_PACKAGE " was built without SSLv2 support");
1723 return CURLE_NOT_BUILT_IN;
1724 #else
1725 #ifdef USE_TLS_SRP
1726 if(data->set.ssl.authtype == CURL_TLSAUTH_SRP)
1727 return CURLE_SSL_CONNECT_ERROR;
1728 #endif
1729 req_method = SSLv2_client_method();
1730 use_sni(FALSE);
1731 break;
1732 #endif
1733 case CURL_SSLVERSION_SSLv3:
1734 #ifdef OPENSSL_NO_SSL3_METHOD
1735 failf(data, OSSL_PACKAGE " was built without SSLv3 support");
1736 return CURLE_NOT_BUILT_IN;
1737 #else
1738 #ifdef USE_TLS_SRP
1739 if(data->set.ssl.authtype == CURL_TLSAUTH_SRP)
1740 return CURLE_SSL_CONNECT_ERROR;
1741 #endif
1742 req_method = SSLv3_client_method();
1743 use_sni(FALSE);
1744 break;
1745 #endif
1746 }
1747
1748 if(connssl->ctx)
1749 SSL_CTX_free(connssl->ctx);
1750 connssl->ctx = SSL_CTX_new(req_method);
1751
1752 if(!connssl->ctx) {
1753 failf(data, "SSL: couldn't create a context: %s",
1754 ERR_error_string(ERR_peek_error(), NULL));
1755 return CURLE_OUT_OF_MEMORY;
1756 }
1757
1758 #ifdef SSL_MODE_RELEASE_BUFFERS
1759 SSL_CTX_set_mode(connssl->ctx, SSL_MODE_RELEASE_BUFFERS);
1760 #endif
1761
1762 #ifdef SSL_CTRL_SET_MSG_CALLBACK
1763 if(data->set.fdebug && data->set.verbose) {
1764 /* the SSL trace callback is only used for verbose logging */
1765 SSL_CTX_set_msg_callback(connssl->ctx, ssl_tls_trace);
1766 SSL_CTX_set_msg_callback_arg(connssl->ctx, conn);
1767 }
1768 #endif
1769
1770 /* OpenSSL contains code to work-around lots of bugs and flaws in various
1771 SSL-implementations. SSL_CTX_set_options() is used to enabled those
1772 work-arounds. The man page for this option states that SSL_OP_ALL enables
1773 all the work-arounds and that "It is usually safe to use SSL_OP_ALL to
1774 enable the bug workaround options if compatibility with somewhat broken
1775 implementations is desired."
1776
1777 The "-no_ticket" option was introduced in Openssl0.9.8j. It's a flag to
1778 disable "rfc4507bis session ticket support". rfc4507bis was later turned
1779 into the proper RFC5077 it seems: https://tools.ietf.org/html/rfc5077
1780
1781 The enabled extension concerns the session management. I wonder how often
1782 libcurl stops a connection and then resumes a TLS session. also, sending
1783 the session data is some overhead. .I suggest that you just use your
1784 proposed patch (which explicitly disables TICKET).
1785
1786 If someone writes an application with libcurl and openssl who wants to
1787 enable the feature, one can do this in the SSL callback.
1788
1789 SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option enabling allowed proper
1790 interoperability with web server Netscape Enterprise Server 2.0.1 which
1791 was released back in 1996.
1792
1793 Due to CVE-2010-4180, option SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG has
1794 become ineffective as of OpenSSL 0.9.8q and 1.0.0c. In order to mitigate
1795 CVE-2010-4180 when using previous OpenSSL versions we no longer enable
1796 this option regardless of OpenSSL version and SSL_OP_ALL definition.
1797
1798 OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability
1799 (https://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit to
1800 SSL_OP_ALL that _disables_ that work-around despite the fact that
1801 SSL_OP_ALL is documented to do "rather harmless" workarounds. In order to
1802 keep the secure work-around, the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit
1803 must not be set.
1804 */
1805
1806 ctx_options = SSL_OP_ALL;
1807
1808 #ifdef SSL_OP_NO_TICKET
1809 ctx_options |= SSL_OP_NO_TICKET;
1810 #endif
1811
1812 #ifdef SSL_OP_NO_COMPRESSION
1813 ctx_options |= SSL_OP_NO_COMPRESSION;
1814 #endif
1815
1816 #ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
1817 /* mitigate CVE-2010-4180 */
1818 ctx_options &= ~SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
1819 #endif
1820
1821 #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
1822 /* unless the user explicitly ask to allow the protocol vulnerability we
1823 use the work-around */
1824 if(!conn->data->set.ssl_enable_beast)
1825 ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
1826 #endif
1827
1828 switch(data->set.ssl.version) {
1829 case CURL_SSLVERSION_SSLv3:
1830 #ifdef USE_TLS_SRP
1831 if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) {
1832 infof(data, "Set version TLSv1.x for SRP authorisation\n");
1833 }
1834 #endif
1835 ctx_options |= SSL_OP_NO_SSLv2;
1836 ctx_options |= SSL_OP_NO_TLSv1;
1837 #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
1838 ctx_options |= SSL_OP_NO_TLSv1_1;
1839 ctx_options |= SSL_OP_NO_TLSv1_2;
1840 #endif
1841 break;
1842
1843 case CURL_SSLVERSION_DEFAULT:
1844 case CURL_SSLVERSION_TLSv1:
1845 ctx_options |= SSL_OP_NO_SSLv2;
1846 ctx_options |= SSL_OP_NO_SSLv3;
1847 break;
1848
1849 case CURL_SSLVERSION_TLSv1_0:
1850 ctx_options |= SSL_OP_NO_SSLv2;
1851 ctx_options |= SSL_OP_NO_SSLv3;
1852 #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
1853 ctx_options |= SSL_OP_NO_TLSv1_1;
1854 ctx_options |= SSL_OP_NO_TLSv1_2;
1855 #endif
1856 break;
1857
1858 #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
1859 case CURL_SSLVERSION_TLSv1_1:
1860 ctx_options |= SSL_OP_NO_SSLv2;
1861 ctx_options |= SSL_OP_NO_SSLv3;
1862 ctx_options |= SSL_OP_NO_TLSv1;
1863 ctx_options |= SSL_OP_NO_TLSv1_2;
1864 break;
1865
1866 case CURL_SSLVERSION_TLSv1_2:
1867 ctx_options |= SSL_OP_NO_SSLv2;
1868 ctx_options |= SSL_OP_NO_SSLv3;
1869 ctx_options |= SSL_OP_NO_TLSv1;
1870 ctx_options |= SSL_OP_NO_TLSv1_1;
1871 break;
1872 #endif
1873
1874 #ifndef OPENSSL_NO_SSL2
1875 case CURL_SSLVERSION_SSLv2:
1876 ctx_options |= SSL_OP_NO_SSLv3;
1877 ctx_options |= SSL_OP_NO_TLSv1;
1878 #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
1879 ctx_options |= SSL_OP_NO_TLSv1_1;
1880 ctx_options |= SSL_OP_NO_TLSv1_2;
1881 #endif
1882 break;
1883 #endif
1884
1885 default:
1886 failf(data, "Unsupported SSL protocol version");
1887 return CURLE_SSL_CONNECT_ERROR;
1888 }
1889
1890 SSL_CTX_set_options(connssl->ctx, ctx_options);
1891
1892 #ifdef HAS_NPN
1893 if(conn->bits.tls_enable_npn)
1894 SSL_CTX_set_next_proto_select_cb(connssl->ctx, select_next_proto_cb, conn);
1895 #endif
1896
1897 #ifdef HAS_ALPN
1898 if(conn->bits.tls_enable_alpn) {
1899 int cur = 0;
1900 unsigned char protocols[128];
1901
1902 #ifdef USE_NGHTTP2
1903 if(data->set.httpversion >= CURL_HTTP_VERSION_2) {
1904 protocols[cur++] = NGHTTP2_PROTO_VERSION_ID_LEN;
1905
1906 memcpy(&protocols[cur], NGHTTP2_PROTO_VERSION_ID,
1907 NGHTTP2_PROTO_VERSION_ID_LEN);
1908 cur += NGHTTP2_PROTO_VERSION_ID_LEN;
1909 infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
1910 }
1911 #endif
1912
1913 protocols[cur++] = ALPN_HTTP_1_1_LENGTH;
1914 memcpy(&protocols[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH);
1915 cur += ALPN_HTTP_1_1_LENGTH;
1916 infof(data, "ALPN, offering %s\n", ALPN_HTTP_1_1);
1917
1918 /* expects length prefixed preference ordered list of protocols in wire
1919 * format
1920 */
1921 SSL_CTX_set_alpn_protos(connssl->ctx, protocols, cur);
1922 }
1923 #endif
1924
1925 if(data->set.str[STRING_CERT] || data->set.str[STRING_CERT_TYPE]) {
1926 if(!cert_stuff(conn,
1927 connssl->ctx,
1928 data->set.str[STRING_CERT],
1929 data->set.str[STRING_CERT_TYPE],
1930 data->set.str[STRING_KEY],
1931 data->set.str[STRING_KEY_TYPE])) {
1932 /* failf() is already done in cert_stuff() */
1933 return CURLE_SSL_CERTPROBLEM;
1934 }
1935 }
1936
1937 ciphers = data->set.str[STRING_SSL_CIPHER_LIST];
1938 if(!ciphers)
1939 ciphers = (char *)DEFAULT_CIPHER_SELECTION;
1940 if(!SSL_CTX_set_cipher_list(connssl->ctx, ciphers)) {
1941 failf(data, "failed setting cipher list: %s", ciphers);
1942 return CURLE_SSL_CIPHER;
1943 }
1944 infof(data, "Cipher selection: %s\n", ciphers);
1945
1946 #ifdef USE_TLS_SRP
1947 if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) {
1948 infof(data, "Using TLS-SRP username: %s\n", data->set.ssl.username);
1949
1950 if(!SSL_CTX_set_srp_username(connssl->ctx, data->set.ssl.username)) {
1951 failf(data, "Unable to set SRP user name");
1952 return CURLE_BAD_FUNCTION_ARGUMENT;
1953 }
1954 if(!SSL_CTX_set_srp_password(connssl->ctx, data->set.ssl.password)) {
1955 failf(data, "failed setting SRP password");
1956 return CURLE_BAD_FUNCTION_ARGUMENT;
1957 }
1958 if(!data->set.str[STRING_SSL_CIPHER_LIST]) {
1959 infof(data, "Setting cipher list SRP\n");
1960
1961 if(!SSL_CTX_set_cipher_list(connssl->ctx, "SRP")) {
1962 failf(data, "failed setting SRP cipher list");
1963 return CURLE_SSL_CIPHER;
1964 }
1965 }
1966 }
1967 #endif
1968 if(data->set.str[STRING_SSL_CAFILE] || data->set.str[STRING_SSL_CAPATH]) {
1969 /* tell SSL where to find CA certificates that are used to verify
1970 the servers certificate. */
1971 if(!SSL_CTX_load_verify_locations(connssl->ctx,
1972 data->set.str[STRING_SSL_CAFILE],
1973 data->set.str[STRING_SSL_CAPATH])) {
1974 if(data->set.ssl.verifypeer) {
1975 /* Fail if we insist on successfully verifying the server. */
1976 failf(data, "error setting certificate verify locations:\n"
1977 " CAfile: %s\n CApath: %s",
1978 data->set.str[STRING_SSL_CAFILE]?
1979 data->set.str[STRING_SSL_CAFILE]: "none",
1980 data->set.str[STRING_SSL_CAPATH]?
1981 data->set.str[STRING_SSL_CAPATH] : "none");
1982 return CURLE_SSL_CACERT_BADFILE;
1983 }
1984 else {
1985 /* Just continue with a warning if no strict certificate verification
1986 is required. */
1987 infof(data, "error setting certificate verify locations,"
1988 " continuing anyway:\n");
1989 }
1990 }
1991 else {
1992 /* Everything is fine. */
1993 infof(data, "successfully set certificate verify locations:\n");
1994 }
1995 infof(data,
1996 " CAfile: %s\n"
1997 " CApath: %s\n",
1998 data->set.str[STRING_SSL_CAFILE] ? data->set.str[STRING_SSL_CAFILE]:
1999 "none",
2000 data->set.str[STRING_SSL_CAPATH] ? data->set.str[STRING_SSL_CAPATH]:
2001 "none");
2002 }
2003 #ifdef CURL_CA_FALLBACK
2004 else if(data->set.ssl.verifypeer) {
2005 /* verfying the peer without any CA certificates won't
2006 work so use openssl's built in default as fallback */
2007 SSL_CTX_set_default_verify_paths(connssl->ctx);
2008 }
2009 #endif
2010
2011 if(data->set.str[STRING_SSL_CRLFILE]) {
2012 /* tell SSL where to find CRL file that is used to check certificate
2013 * revocation */
2014 lookup=X509_STORE_add_lookup(SSL_CTX_get_cert_store(connssl->ctx),
2015 X509_LOOKUP_file());
2016 if(!lookup ||
2017 (!X509_load_crl_file(lookup, data->set.str[STRING_SSL_CRLFILE],
2018 X509_FILETYPE_PEM)) ) {
2019 failf(data, "error loading CRL file: %s",
2020 data->set.str[STRING_SSL_CRLFILE]);
2021 return CURLE_SSL_CRL_BADFILE;
2022 }
2023 else {
2024 /* Everything is fine. */
2025 infof(data, "successfully load CRL file:\n");
2026 X509_STORE_set_flags(SSL_CTX_get_cert_store(connssl->ctx),
2027 X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
2028 }
2029 infof(data,
2030 " CRLfile: %s\n", data->set.str[STRING_SSL_CRLFILE] ?
2031 data->set.str[STRING_SSL_CRLFILE]: "none");
2032 }
2033
2034 /* Try building a chain using issuers in the trusted store first to avoid
2035 problems with server-sent legacy intermediates.
2036 Newer versions of OpenSSL do alternate chain checking by default which
2037 gives us the same fix without as much of a performance hit (slight), so we
2038 prefer that if available.
2039 https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest
2040 */
2041 #if defined(X509_V_FLAG_TRUSTED_FIRST) && !defined(X509_V_FLAG_NO_ALT_CHAINS)
2042 if(data->set.ssl.verifypeer) {
2043 X509_STORE_set_flags(SSL_CTX_get_cert_store(connssl->ctx),
2044 X509_V_FLAG_TRUSTED_FIRST);
2045 }
2046 #endif
2047
2048 /* SSL always tries to verify the peer, this only says whether it should
2049 * fail to connect if the verification fails, or if it should continue
2050 * anyway. In the latter case the result of the verification is checked with
2051 * SSL_get_verify_result() below. */
2052 SSL_CTX_set_verify(connssl->ctx,
2053 data->set.ssl.verifypeer?SSL_VERIFY_PEER:SSL_VERIFY_NONE,
2054 NULL);
2055
2056 /* give application a chance to interfere with SSL set up. */
2057 if(data->set.ssl.fsslctx) {
2058 result = (*data->set.ssl.fsslctx)(data, connssl->ctx,
2059 data->set.ssl.fsslctxp);
2060 if(result) {
2061 failf(data, "error signaled by ssl ctx callback");
2062 return result;
2063 }
2064 }
2065
2066 /* Lets make an SSL structure */
2067 if(connssl->handle)
2068 SSL_free(connssl->handle);
2069 connssl->handle = SSL_new(connssl->ctx);
2070 if(!connssl->handle) {
2071 failf(data, "SSL: couldn't create a context (handle)!");
2072 return CURLE_OUT_OF_MEMORY;
2073 }
2074
2075 #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
2076 !defined(OPENSSL_NO_OCSP)
2077 if(data->set.ssl.verifystatus)
2078 SSL_set_tlsext_status_type(connssl->handle, TLSEXT_STATUSTYPE_ocsp);
2079 #endif
2080
2081 SSL_set_connect_state(connssl->handle);
2082
2083 connssl->server_cert = 0x0;
2084
2085 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
2086 if((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
2087 #ifdef ENABLE_IPV6
2088 (0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&
2089 #endif
2090 sni &&
2091 !SSL_set_tlsext_host_name(connssl->handle, conn->host.name))
2092 infof(data, "WARNING: failed to configure server name indication (SNI) "
2093 "TLS extension\n");
2094 #endif
2095
2096 /* Check if there's a cached ID we can/should use here! */
2097 if(conn->ssl_config.sessionid) {
2098 void *ssl_sessionid = NULL;
2099
2100 Curl_ssl_sessionid_lock(conn);
2101 if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL)) {
2102 /* we got a session id, use it! */
2103 if(!SSL_set_session(connssl->handle, ssl_sessionid)) {
2104 Curl_ssl_sessionid_unlock(conn);
2105 failf(data, "SSL: SSL_set_session failed: %s",
2106 ERR_error_string(ERR_get_error(), NULL));
2107 return CURLE_SSL_CONNECT_ERROR;
2108 }
2109 /* Informational message */
2110 infof (data, "SSL re-using session ID\n");
2111 }
2112 Curl_ssl_sessionid_unlock(conn);
2113 }
2114
2115 /* pass the raw socket into the SSL layers */
2116 if(!SSL_set_fd(connssl->handle, (int)sockfd)) {
2117 failf(data, "SSL: SSL_set_fd failed: %s",
2118 ERR_error_string(ERR_get_error(), NULL));
2119 return CURLE_SSL_CONNECT_ERROR;
2120 }
2121
2122 connssl->connecting_state = ssl_connect_2;
2123
2124 return CURLE_OK;
2125 }
2126
ossl_connect_step2(struct connectdata * conn,int sockindex)2127 static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex)
2128 {
2129 struct Curl_easy *data = conn->data;
2130 int err;
2131 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2132 DEBUGASSERT(ssl_connect_2 == connssl->connecting_state
2133 || ssl_connect_2_reading == connssl->connecting_state
2134 || ssl_connect_2_writing == connssl->connecting_state);
2135
2136 ERR_clear_error();
2137
2138 err = SSL_connect(connssl->handle);
2139
2140 /* 1 is fine
2141 0 is "not successful but was shut down controlled"
2142 <0 is "handshake was not successful, because a fatal error occurred" */
2143 if(1 != err) {
2144 int detail = SSL_get_error(connssl->handle, err);
2145
2146 if(SSL_ERROR_WANT_READ == detail) {
2147 connssl->connecting_state = ssl_connect_2_reading;
2148 return CURLE_OK;
2149 }
2150 else if(SSL_ERROR_WANT_WRITE == detail) {
2151 connssl->connecting_state = ssl_connect_2_writing;
2152 return CURLE_OK;
2153 }
2154 else {
2155 /* untreated error */
2156 unsigned long errdetail;
2157 char error_buffer[256]=""; /* OpenSSL documents that this must be at
2158 least 256 bytes long. */
2159 CURLcode result;
2160 long lerr;
2161 int lib;
2162 int reason;
2163
2164 /* the connection failed, we're not waiting for anything else. */
2165 connssl->connecting_state = ssl_connect_2;
2166
2167 /* Get the earliest error code from the thread's error queue and removes
2168 the entry. */
2169 errdetail = ERR_get_error();
2170
2171 /* Extract which lib and reason */
2172 lib = ERR_GET_LIB(errdetail);
2173 reason = ERR_GET_REASON(errdetail);
2174
2175 if((lib == ERR_LIB_SSL) &&
2176 (reason == SSL_R_CERTIFICATE_VERIFY_FAILED)) {
2177 result = CURLE_SSL_CACERT;
2178
2179 lerr = SSL_get_verify_result(connssl->handle);
2180 if(lerr != X509_V_OK) {
2181 snprintf(error_buffer, sizeof(error_buffer),
2182 "SSL certificate problem: %s",
2183 X509_verify_cert_error_string(lerr));
2184 }
2185 else
2186 /* strcpy() is fine here as long as the string fits within
2187 error_buffer */
2188 strcpy(error_buffer, "SSL certificate verification failed");
2189 }
2190 else {
2191 result = CURLE_SSL_CONNECT_ERROR;
2192 ossl_strerror(errdetail, error_buffer, sizeof(error_buffer));
2193 }
2194
2195 /* detail is already set to the SSL error above */
2196
2197 /* If we e.g. use SSLv2 request-method and the server doesn't like us
2198 * (RST connection etc.), OpenSSL gives no explanation whatsoever and
2199 * the SO_ERROR is also lost.
2200 */
2201 if(CURLE_SSL_CONNECT_ERROR == result && errdetail == 0) {
2202 failf(data, "Unknown SSL protocol error in connection to %s:%ld ",
2203 conn->host.name, conn->remote_port);
2204 return result;
2205 }
2206
2207 /* Could be a CERT problem */
2208 failf(data, "%s", error_buffer);
2209
2210 return result;
2211 }
2212 }
2213 else {
2214 /* we have been connected fine, we're not waiting for anything else. */
2215 connssl->connecting_state = ssl_connect_3;
2216
2217 /* Informational message */
2218 infof(data, "SSL connection using %s / %s\n",
2219 get_ssl_version_txt(connssl->handle),
2220 SSL_get_cipher(connssl->handle));
2221
2222 #ifdef HAS_ALPN
2223 /* Sets data and len to negotiated protocol, len is 0 if no protocol was
2224 * negotiated
2225 */
2226 if(conn->bits.tls_enable_alpn) {
2227 const unsigned char* neg_protocol;
2228 unsigned int len;
2229 SSL_get0_alpn_selected(connssl->handle, &neg_protocol, &len);
2230 if(len != 0) {
2231 infof(data, "ALPN, server accepted to use %.*s\n", len, neg_protocol);
2232
2233 #ifdef USE_NGHTTP2
2234 if(len == NGHTTP2_PROTO_VERSION_ID_LEN &&
2235 !memcmp(NGHTTP2_PROTO_VERSION_ID, neg_protocol, len)) {
2236 conn->negnpn = CURL_HTTP_VERSION_2;
2237 }
2238 else
2239 #endif
2240 if(len == ALPN_HTTP_1_1_LENGTH &&
2241 !memcmp(ALPN_HTTP_1_1, neg_protocol, ALPN_HTTP_1_1_LENGTH)) {
2242 conn->negnpn = CURL_HTTP_VERSION_1_1;
2243 }
2244 }
2245 else
2246 infof(data, "ALPN, server did not agree to a protocol\n");
2247 }
2248 #endif
2249
2250 return CURLE_OK;
2251 }
2252 }
2253
asn1_object_dump(ASN1_OBJECT * a,char * buf,size_t len)2254 static int asn1_object_dump(ASN1_OBJECT *a, char *buf, size_t len)
2255 {
2256 int i, ilen;
2257
2258 if((ilen = (int)len) < 0)
2259 return 1; /* buffer too big */
2260
2261 i = i2t_ASN1_OBJECT(buf, ilen, a);
2262
2263 if(i >= ilen)
2264 return 1; /* buffer too small */
2265
2266 return 0;
2267 }
2268
2269 #define push_certinfo(_label, _num) \
2270 do { \
2271 long info_len = BIO_get_mem_data(mem, &ptr); \
2272 Curl_ssl_push_certinfo_len(data, _num, _label, ptr, info_len); \
2273 if(1!=BIO_reset(mem)) \
2274 break; \
2275 } WHILE_FALSE
2276
pubkey_show(struct Curl_easy * data,BIO * mem,int num,const char * type,const char * name,const BIGNUM * bn)2277 static void pubkey_show(struct Curl_easy *data,
2278 BIO *mem,
2279 int num,
2280 const char *type,
2281 const char *name,
2282 #ifdef HAVE_OPAQUE_RSA_DSA_DH
2283 const
2284 #endif
2285 BIGNUM *bn)
2286 {
2287 char *ptr;
2288 char namebuf[32];
2289
2290 snprintf(namebuf, sizeof(namebuf), "%s(%s)", type, name);
2291
2292 if(bn)
2293 BN_print(mem, bn);
2294 push_certinfo(namebuf, num);
2295 }
2296
2297 #ifdef HAVE_OPAQUE_RSA_DSA_DH
2298 #define print_pubkey_BN(_type, _name, _num) \
2299 pubkey_show(data, mem, _num, #_type, #_name, _name)
2300
2301 #else
2302 #define print_pubkey_BN(_type, _name, _num) \
2303 do { \
2304 if(_type->_name) { \
2305 pubkey_show(data, mem, _num, #_type, #_name, _type->_name); \
2306 } \
2307 } WHILE_FALSE
2308 #endif
2309
X509V3_ext(struct Curl_easy * data,int certnum,STACK_OF (X509_EXTENSION)* exts)2310 static int X509V3_ext(struct Curl_easy *data,
2311 int certnum,
2312 STACK_OF(X509_EXTENSION) *exts)
2313 {
2314 int i;
2315 size_t j;
2316
2317 if((int)sk_X509_EXTENSION_num(exts) <= 0)
2318 /* no extensions, bail out */
2319 return 1;
2320
2321 for(i=0; i < (int)sk_X509_EXTENSION_num(exts); i++) {
2322 ASN1_OBJECT *obj;
2323 X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
2324 BUF_MEM *biomem;
2325 char buf[512];
2326 char *ptr=buf;
2327 char namebuf[128];
2328 BIO *bio_out = BIO_new(BIO_s_mem());
2329
2330 if(!bio_out)
2331 return 1;
2332
2333 obj = X509_EXTENSION_get_object(ext);
2334
2335 asn1_object_dump(obj, namebuf, sizeof(namebuf));
2336
2337 if(!X509V3_EXT_print(bio_out, ext, 0, 0))
2338 ASN1_STRING_print(bio_out, (ASN1_STRING *)X509_EXTENSION_get_data(ext));
2339
2340 BIO_get_mem_ptr(bio_out, &biomem);
2341
2342 for(j = 0; j < (size_t)biomem->length; j++) {
2343 const char *sep="";
2344 if(biomem->data[j] == '\n') {
2345 sep=", ";
2346 j++; /* skip the newline */
2347 };
2348 while((j<(size_t)biomem->length) && (biomem->data[j] == ' '))
2349 j++;
2350 if(j<(size_t)biomem->length)
2351 ptr+=snprintf(ptr, sizeof(buf)-(ptr-buf), "%s%c", sep,
2352 biomem->data[j]);
2353 }
2354
2355 Curl_ssl_push_certinfo(data, certnum, namebuf, buf);
2356
2357 BIO_free(bio_out);
2358
2359 }
2360 return 0; /* all is fine */
2361 }
2362
get_cert_chain(struct connectdata * conn,struct ssl_connect_data * connssl)2363 static CURLcode get_cert_chain(struct connectdata *conn,
2364 struct ssl_connect_data *connssl)
2365
2366 {
2367 CURLcode result;
2368 STACK_OF(X509) *sk;
2369 int i;
2370 struct Curl_easy *data = conn->data;
2371 int numcerts;
2372 BIO *mem;
2373
2374 sk = SSL_get_peer_cert_chain(connssl->handle);
2375 if(!sk) {
2376 return CURLE_OUT_OF_MEMORY;
2377 }
2378
2379 numcerts = sk_X509_num(sk);
2380
2381 result = Curl_ssl_init_certinfo(data, numcerts);
2382 if(result) {
2383 return result;
2384 }
2385
2386 mem = BIO_new(BIO_s_mem());
2387
2388 for(i = 0; i < numcerts; i++) {
2389 ASN1_INTEGER *num;
2390 X509 *x = sk_X509_value(sk, i);
2391 EVP_PKEY *pubkey=NULL;
2392 int j;
2393 char *ptr;
2394 ASN1_BIT_STRING *psig = NULL;
2395
2396 X509_NAME_print_ex(mem, X509_get_subject_name(x), 0, XN_FLAG_ONELINE);
2397 push_certinfo("Subject", i);
2398
2399 X509_NAME_print_ex(mem, X509_get_issuer_name(x), 0, XN_FLAG_ONELINE);
2400 push_certinfo("Issuer", i);
2401
2402 BIO_printf(mem, "%lx", X509_get_version(x));
2403 push_certinfo("Version", i);
2404
2405 num = X509_get_serialNumber(x);
2406 if(num->type == V_ASN1_NEG_INTEGER)
2407 BIO_puts(mem, "-");
2408 for(j = 0; j < num->length; j++)
2409 BIO_printf(mem, "%02x", num->data[j]);
2410 push_certinfo("Serial Number", i);
2411
2412 #if defined(HAVE_X509_GET0_SIGNATURE) && defined(HAVE_X509_GET0_EXTENSIONS)
2413 {
2414 X509_ALGOR *palg = NULL;
2415 ASN1_STRING *a = ASN1_STRING_new();
2416 if(a) {
2417 X509_get0_signature(&psig, &palg, x);
2418 X509_signature_print(mem, palg, a);
2419 ASN1_STRING_free(a);
2420
2421 if(palg) {
2422 i2a_ASN1_OBJECT(mem, palg->algorithm);
2423 push_certinfo("Public Key Algorithm", i);
2424 }
2425 }
2426 X509V3_ext(data, i, X509_get0_extensions(x));
2427 }
2428 #else
2429 {
2430 /* before OpenSSL 1.0.2 */
2431 X509_CINF *cinf = x->cert_info;
2432
2433 i2a_ASN1_OBJECT(mem, cinf->signature->algorithm);
2434 push_certinfo("Signature Algorithm", i);
2435
2436 i2a_ASN1_OBJECT(mem, cinf->key->algor->algorithm);
2437 push_certinfo("Public Key Algorithm", i);
2438
2439 X509V3_ext(data, i, cinf->extensions);
2440
2441 psig = x->signature;
2442 }
2443 #endif
2444
2445 ASN1_TIME_print(mem, X509_get_notBefore(x));
2446 push_certinfo("Start date", i);
2447
2448 ASN1_TIME_print(mem, X509_get_notAfter(x));
2449 push_certinfo("Expire date", i);
2450
2451 pubkey = X509_get_pubkey(x);
2452 if(!pubkey)
2453 infof(data, " Unable to load public key\n");
2454 else {
2455 int pktype;
2456 #ifdef HAVE_OPAQUE_EVP_PKEY
2457 pktype = EVP_PKEY_id(pubkey);
2458 #else
2459 pktype = pubkey->type;
2460 #endif
2461 switch(pktype) {
2462 case EVP_PKEY_RSA:
2463 {
2464 RSA *rsa;
2465 #ifdef HAVE_OPAQUE_EVP_PKEY
2466 rsa = EVP_PKEY_get0_RSA(pubkey);
2467 #else
2468 rsa = pubkey->pkey.rsa;
2469 #endif
2470
2471 #ifdef HAVE_OPAQUE_RSA_DSA_DH
2472 {
2473 const BIGNUM *n;
2474 const BIGNUM *e;
2475 const BIGNUM *d;
2476 const BIGNUM *p;
2477 const BIGNUM *q;
2478 const BIGNUM *dmp1;
2479 const BIGNUM *dmq1;
2480 const BIGNUM *iqmp;
2481
2482 RSA_get0_key(rsa, &n, &e, &d);
2483 RSA_get0_factors(rsa, &p, &q);
2484 RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
2485 BN_print(mem, n);
2486 push_certinfo("RSA Public Key", i);
2487 print_pubkey_BN(rsa, n, i);
2488 print_pubkey_BN(rsa, e, i);
2489 print_pubkey_BN(rsa, d, i);
2490 print_pubkey_BN(rsa, p, i);
2491 print_pubkey_BN(rsa, q, i);
2492 print_pubkey_BN(rsa, dmp1, i);
2493 print_pubkey_BN(rsa, dmq1, i);
2494 print_pubkey_BN(rsa, iqmp, i);
2495 }
2496 #else
2497 BIO_printf(mem, "%d", BN_num_bits(rsa->n));
2498 push_certinfo("RSA Public Key", i);
2499 print_pubkey_BN(rsa, n, i);
2500 print_pubkey_BN(rsa, e, i);
2501 print_pubkey_BN(rsa, d, i);
2502 print_pubkey_BN(rsa, p, i);
2503 print_pubkey_BN(rsa, q, i);
2504 print_pubkey_BN(rsa, dmp1, i);
2505 print_pubkey_BN(rsa, dmq1, i);
2506 print_pubkey_BN(rsa, iqmp, i);
2507 #endif
2508
2509 break;
2510 }
2511 case EVP_PKEY_DSA:
2512 {
2513 DSA *dsa;
2514 #ifdef HAVE_OPAQUE_EVP_PKEY
2515 dsa = EVP_PKEY_get0_DSA(pubkey);
2516 #else
2517 dsa = pubkey->pkey.dsa;
2518 #endif
2519 #ifdef HAVE_OPAQUE_RSA_DSA_DH
2520 {
2521 const BIGNUM *p;
2522 const BIGNUM *q;
2523 const BIGNUM *g;
2524 const BIGNUM *priv_key;
2525 const BIGNUM *pub_key;
2526
2527 DSA_get0_pqg(dsa, &p, &q, &g);
2528 DSA_get0_key(dsa, &pub_key, &priv_key);
2529
2530 print_pubkey_BN(dsa, p, i);
2531 print_pubkey_BN(dsa, q, i);
2532 print_pubkey_BN(dsa, g, i);
2533 print_pubkey_BN(dsa, priv_key, i);
2534 print_pubkey_BN(dsa, pub_key, i);
2535 }
2536 #else
2537 print_pubkey_BN(dsa, p, i);
2538 print_pubkey_BN(dsa, q, i);
2539 print_pubkey_BN(dsa, g, i);
2540 print_pubkey_BN(dsa, priv_key, i);
2541 print_pubkey_BN(dsa, pub_key, i);
2542 #endif
2543 break;
2544 }
2545 case EVP_PKEY_DH:
2546 {
2547 DH *dh;
2548 #ifdef HAVE_OPAQUE_EVP_PKEY
2549 dh = EVP_PKEY_get0_DH(pubkey);
2550 #else
2551 dh = pubkey->pkey.dh;
2552 #endif
2553 #ifdef HAVE_OPAQUE_RSA_DSA_DH
2554 {
2555 const BIGNUM *p;
2556 const BIGNUM *q;
2557 const BIGNUM *g;
2558 const BIGNUM *priv_key;
2559 const BIGNUM *pub_key;
2560 DH_get0_pqg(dh, &p, &q, &g);
2561 DH_get0_key(dh, &pub_key, &priv_key);
2562 print_pubkey_BN(dh, p, i);
2563 print_pubkey_BN(dh, q, i);
2564 print_pubkey_BN(dh, g, i);
2565 print_pubkey_BN(dh, priv_key, i);
2566 print_pubkey_BN(dh, pub_key, i);
2567 }
2568 #else
2569 print_pubkey_BN(dh, p, i);
2570 print_pubkey_BN(dh, g, i);
2571 print_pubkey_BN(dh, priv_key, i);
2572 print_pubkey_BN(dh, pub_key, i);
2573 #endif
2574 break;
2575 }
2576 #if 0
2577 case EVP_PKEY_EC: /* symbol not present in OpenSSL 0.9.6 */
2578 /* left TODO */
2579 break;
2580 #endif
2581 }
2582 EVP_PKEY_free(pubkey);
2583 }
2584
2585 if(psig) {
2586 for(j = 0; j < psig->length; j++)
2587 BIO_printf(mem, "%02x:", psig->data[j]);
2588 push_certinfo("Signature", i);
2589 }
2590
2591 PEM_write_bio_X509(mem, x);
2592 push_certinfo("Cert", i);
2593 }
2594
2595 BIO_free(mem);
2596
2597 return CURLE_OK;
2598 }
2599
2600 /*
2601 * Heavily modified from:
2602 * https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning#OpenSSL
2603 */
pkp_pin_peer_pubkey(struct Curl_easy * data,X509 * cert,const char * pinnedpubkey)2604 static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, X509* cert,
2605 const char *pinnedpubkey)
2606 {
2607 /* Scratch */
2608 int len1 = 0, len2 = 0;
2609 unsigned char *buff1 = NULL, *temp = NULL;
2610
2611 /* Result is returned to caller */
2612 CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
2613
2614 /* if a path wasn't specified, don't pin */
2615 if(!pinnedpubkey)
2616 return CURLE_OK;
2617
2618 if(!cert)
2619 return result;
2620
2621 do {
2622 /* Begin Gyrations to get the subjectPublicKeyInfo */
2623 /* Thanks to Viktor Dukhovni on the OpenSSL mailing list */
2624
2625 /* https://groups.google.com/group/mailing.openssl.users/browse_thread
2626 /thread/d61858dae102c6c7 */
2627 len1 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), NULL);
2628 if(len1 < 1)
2629 break; /* failed */
2630
2631 /* https://www.openssl.org/docs/crypto/buffer.html */
2632 buff1 = temp = OPENSSL_malloc(len1);
2633 if(!buff1)
2634 break; /* failed */
2635
2636 /* https://www.openssl.org/docs/crypto/d2i_X509.html */
2637 len2 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &temp);
2638
2639 /*
2640 * These checks are verifying we got back the same values as when we
2641 * sized the buffer. It's pretty weak since they should always be the
2642 * same. But it gives us something to test.
2643 */
2644 if((len1 != len2) || !temp || ((temp - buff1) != len1))
2645 break; /* failed */
2646
2647 /* End Gyrations */
2648
2649 /* The one good exit point */
2650 result = Curl_pin_peer_pubkey(data, pinnedpubkey, buff1, len1);
2651 } while(0);
2652
2653 /* https://www.openssl.org/docs/crypto/buffer.html */
2654 if(buff1)
2655 OPENSSL_free(buff1);
2656
2657 return result;
2658 }
2659
2660 /*
2661 * Get the server cert, verify it and show it etc, only call failf() if the
2662 * 'strict' argument is TRUE as otherwise all this is for informational
2663 * purposes only!
2664 *
2665 * We check certificates to authenticate the server; otherwise we risk
2666 * man-in-the-middle attack.
2667 */
servercert(struct connectdata * conn,struct ssl_connect_data * connssl,bool strict)2668 static CURLcode servercert(struct connectdata *conn,
2669 struct ssl_connect_data *connssl,
2670 bool strict)
2671 {
2672 CURLcode result = CURLE_OK;
2673 int rc;
2674 long lerr, len;
2675 struct Curl_easy *data = conn->data;
2676 X509 *issuer;
2677 FILE *fp;
2678 char *buffer = data->state.buffer;
2679 const char *ptr;
2680 BIO *mem = BIO_new(BIO_s_mem());
2681
2682 if(data->set.ssl.certinfo)
2683 /* we've been asked to gather certificate info! */
2684 (void)get_cert_chain(conn, connssl);
2685
2686 connssl->server_cert = SSL_get_peer_certificate(connssl->handle);
2687 if(!connssl->server_cert) {
2688 if(!strict)
2689 return CURLE_OK;
2690
2691 failf(data, "SSL: couldn't get peer certificate!");
2692 return CURLE_PEER_FAILED_VERIFICATION;
2693 }
2694
2695 infof(data, "Server certificate:\n");
2696
2697 rc = x509_name_oneline(X509_get_subject_name(connssl->server_cert),
2698 buffer, BUFSIZE);
2699 infof(data, " subject: %s\n", rc?"[NONE]":buffer);
2700
2701 ASN1_TIME_print(mem, X509_get_notBefore(connssl->server_cert));
2702 len = BIO_get_mem_data(mem, (char **) &ptr);
2703 infof(data, " start date: %.*s\n", len, ptr);
2704 rc = BIO_reset(mem);
2705
2706 ASN1_TIME_print(mem, X509_get_notAfter(connssl->server_cert));
2707 len = BIO_get_mem_data(mem, (char **) &ptr);
2708 infof(data, " expire date: %.*s\n", len, ptr);
2709 rc = BIO_reset(mem);
2710
2711 BIO_free(mem);
2712
2713 if(data->set.ssl.verifyhost) {
2714 result = verifyhost(conn, connssl->server_cert);
2715 if(result) {
2716 X509_free(connssl->server_cert);
2717 connssl->server_cert = NULL;
2718 return result;
2719 }
2720 }
2721
2722 rc = x509_name_oneline(X509_get_issuer_name(connssl->server_cert),
2723 buffer, BUFSIZE);
2724 if(rc) {
2725 if(strict)
2726 failf(data, "SSL: couldn't get X509-issuer name!");
2727 result = CURLE_SSL_CONNECT_ERROR;
2728 }
2729 else {
2730 infof(data, " issuer: %s\n", buffer);
2731
2732 /* We could do all sorts of certificate verification stuff here before
2733 deallocating the certificate. */
2734
2735 /* e.g. match issuer name with provided issuer certificate */
2736 if(data->set.str[STRING_SSL_ISSUERCERT]) {
2737 fp = fopen(data->set.str[STRING_SSL_ISSUERCERT], FOPEN_READTEXT);
2738 if(!fp) {
2739 if(strict)
2740 failf(data, "SSL: Unable to open issuer cert (%s)",
2741 data->set.str[STRING_SSL_ISSUERCERT]);
2742 X509_free(connssl->server_cert);
2743 connssl->server_cert = NULL;
2744 return CURLE_SSL_ISSUER_ERROR;
2745 }
2746
2747 issuer = PEM_read_X509(fp, NULL, ZERO_NULL, NULL);
2748 if(!issuer) {
2749 if(strict)
2750 failf(data, "SSL: Unable to read issuer cert (%s)",
2751 data->set.str[STRING_SSL_ISSUERCERT]);
2752 X509_free(connssl->server_cert);
2753 X509_free(issuer);
2754 fclose(fp);
2755 return CURLE_SSL_ISSUER_ERROR;
2756 }
2757
2758 fclose(fp);
2759
2760 if(X509_check_issued(issuer, connssl->server_cert) != X509_V_OK) {
2761 if(strict)
2762 failf(data, "SSL: Certificate issuer check failed (%s)",
2763 data->set.str[STRING_SSL_ISSUERCERT]);
2764 X509_free(connssl->server_cert);
2765 X509_free(issuer);
2766 connssl->server_cert = NULL;
2767 return CURLE_SSL_ISSUER_ERROR;
2768 }
2769
2770 infof(data, " SSL certificate issuer check ok (%s)\n",
2771 data->set.str[STRING_SSL_ISSUERCERT]);
2772 X509_free(issuer);
2773 }
2774
2775 lerr = data->set.ssl.certverifyresult =
2776 SSL_get_verify_result(connssl->handle);
2777
2778 if(data->set.ssl.certverifyresult != X509_V_OK) {
2779 if(data->set.ssl.verifypeer) {
2780 /* We probably never reach this, because SSL_connect() will fail
2781 and we return earlier if verifypeer is set? */
2782 if(strict)
2783 failf(data, "SSL certificate verify result: %s (%ld)",
2784 X509_verify_cert_error_string(lerr), lerr);
2785 result = CURLE_PEER_FAILED_VERIFICATION;
2786 }
2787 else
2788 infof(data, " SSL certificate verify result: %s (%ld),"
2789 " continuing anyway.\n",
2790 X509_verify_cert_error_string(lerr), lerr);
2791 }
2792 else
2793 infof(data, " SSL certificate verify ok.\n");
2794 }
2795
2796 #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
2797 !defined(OPENSSL_NO_OCSP)
2798 if(data->set.ssl.verifystatus) {
2799 result = verifystatus(conn, connssl);
2800 if(result) {
2801 X509_free(connssl->server_cert);
2802 connssl->server_cert = NULL;
2803 return result;
2804 }
2805 }
2806 #endif
2807
2808 if(!strict)
2809 /* when not strict, we don't bother about the verify cert problems */
2810 result = CURLE_OK;
2811
2812 ptr = data->set.str[STRING_SSL_PINNEDPUBLICKEY];
2813 if(!result && ptr) {
2814 result = pkp_pin_peer_pubkey(data, connssl->server_cert, ptr);
2815 if(result)
2816 failf(data, "SSL: public key does not match pinned public key!");
2817 }
2818
2819 X509_free(connssl->server_cert);
2820 connssl->server_cert = NULL;
2821 connssl->connecting_state = ssl_connect_done;
2822
2823 return result;
2824 }
2825
ossl_connect_step3(struct connectdata * conn,int sockindex)2826 static CURLcode ossl_connect_step3(struct connectdata *conn, int sockindex)
2827 {
2828 CURLcode result = CURLE_OK;
2829 struct Curl_easy *data = conn->data;
2830 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2831
2832 DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
2833
2834 if(conn->ssl_config.sessionid) {
2835 bool incache;
2836 SSL_SESSION *our_ssl_sessionid;
2837 void *old_ssl_sessionid = NULL;
2838
2839 our_ssl_sessionid = SSL_get1_session(connssl->handle);
2840
2841 /* SSL_get1_session() will increment the reference count and the session
2842 will stay in memory until explicitly freed with SSL_SESSION_free(3),
2843 regardless of its state. */
2844
2845 Curl_ssl_sessionid_lock(conn);
2846 incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL));
2847 if(incache) {
2848 if(old_ssl_sessionid != our_ssl_sessionid) {
2849 infof(data, "old SSL session ID is stale, removing\n");
2850 Curl_ssl_delsessionid(conn, old_ssl_sessionid);
2851 incache = FALSE;
2852 }
2853 }
2854
2855 if(!incache) {
2856 result = Curl_ssl_addsessionid(conn, our_ssl_sessionid,
2857 0 /* unknown size */);
2858 if(result) {
2859 Curl_ssl_sessionid_unlock(conn);
2860 failf(data, "failed to store ssl session");
2861 return result;
2862 }
2863 }
2864 else {
2865 /* Session was incache, so refcount already incremented earlier.
2866 * Avoid further increments with each SSL_get1_session() call.
2867 * This does not free the session as refcount remains > 0
2868 */
2869 SSL_SESSION_free(our_ssl_sessionid);
2870 }
2871 Curl_ssl_sessionid_unlock(conn);
2872 }
2873
2874 /*
2875 * We check certificates to authenticate the server; otherwise we risk
2876 * man-in-the-middle attack; NEVERTHELESS, if we're told explicitly not to
2877 * verify the peer ignore faults and failures from the server cert
2878 * operations.
2879 */
2880
2881 result = servercert(conn, connssl,
2882 (data->set.ssl.verifypeer || data->set.ssl.verifyhost));
2883
2884 if(!result)
2885 connssl->connecting_state = ssl_connect_done;
2886
2887 return result;
2888 }
2889
2890 static Curl_recv ossl_recv;
2891 static Curl_send ossl_send;
2892
ossl_connect_common(struct connectdata * conn,int sockindex,bool nonblocking,bool * done)2893 static CURLcode ossl_connect_common(struct connectdata *conn,
2894 int sockindex,
2895 bool nonblocking,
2896 bool *done)
2897 {
2898 CURLcode result;
2899 struct Curl_easy *data = conn->data;
2900 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2901 curl_socket_t sockfd = conn->sock[sockindex];
2902 long timeout_ms;
2903 int what;
2904
2905 /* check if the connection has already been established */
2906 if(ssl_connection_complete == connssl->state) {
2907 *done = TRUE;
2908 return CURLE_OK;
2909 }
2910
2911 if(ssl_connect_1 == connssl->connecting_state) {
2912 /* Find out how much more time we're allowed */
2913 timeout_ms = Curl_timeleft(data, NULL, TRUE);
2914
2915 if(timeout_ms < 0) {
2916 /* no need to continue if time already is up */
2917 failf(data, "SSL connection timeout");
2918 return CURLE_OPERATION_TIMEDOUT;
2919 }
2920
2921 result = ossl_connect_step1(conn, sockindex);
2922 if(result)
2923 return result;
2924 }
2925
2926 while(ssl_connect_2 == connssl->connecting_state ||
2927 ssl_connect_2_reading == connssl->connecting_state ||
2928 ssl_connect_2_writing == connssl->connecting_state) {
2929
2930 /* check allowed time left */
2931 timeout_ms = Curl_timeleft(data, NULL, TRUE);
2932
2933 if(timeout_ms < 0) {
2934 /* no need to continue if time already is up */
2935 failf(data, "SSL connection timeout");
2936 return CURLE_OPERATION_TIMEDOUT;
2937 }
2938
2939 /* if ssl is expecting something, check if it's available. */
2940 if(connssl->connecting_state == ssl_connect_2_reading ||
2941 connssl->connecting_state == ssl_connect_2_writing) {
2942
2943 curl_socket_t writefd = ssl_connect_2_writing==
2944 connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
2945 curl_socket_t readfd = ssl_connect_2_reading==
2946 connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
2947
2948 what = Curl_socket_ready(readfd, writefd, nonblocking?0:timeout_ms);
2949 if(what < 0) {
2950 /* fatal error */
2951 failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
2952 return CURLE_SSL_CONNECT_ERROR;
2953 }
2954 else if(0 == what) {
2955 if(nonblocking) {
2956 *done = FALSE;
2957 return CURLE_OK;
2958 }
2959 else {
2960 /* timeout */
2961 failf(data, "SSL connection timeout");
2962 return CURLE_OPERATION_TIMEDOUT;
2963 }
2964 }
2965 /* socket is readable or writable */
2966 }
2967
2968 /* Run transaction, and return to the caller if it failed or if this
2969 * connection is done nonblocking and this loop would execute again. This
2970 * permits the owner of a multi handle to abort a connection attempt
2971 * before step2 has completed while ensuring that a client using select()
2972 * or epoll() will always have a valid fdset to wait on.
2973 */
2974 result = ossl_connect_step2(conn, sockindex);
2975 if(result || (nonblocking &&
2976 (ssl_connect_2 == connssl->connecting_state ||
2977 ssl_connect_2_reading == connssl->connecting_state ||
2978 ssl_connect_2_writing == connssl->connecting_state)))
2979 return result;
2980
2981 } /* repeat step2 until all transactions are done. */
2982
2983 if(ssl_connect_3 == connssl->connecting_state) {
2984 result = ossl_connect_step3(conn, sockindex);
2985 if(result)
2986 return result;
2987 }
2988
2989 if(ssl_connect_done == connssl->connecting_state) {
2990 connssl->state = ssl_connection_complete;
2991 conn->recv[sockindex] = ossl_recv;
2992 conn->send[sockindex] = ossl_send;
2993 *done = TRUE;
2994 }
2995 else
2996 *done = FALSE;
2997
2998 /* Reset our connect state machine */
2999 connssl->connecting_state = ssl_connect_1;
3000
3001 return CURLE_OK;
3002 }
3003
Curl_ossl_connect_nonblocking(struct connectdata * conn,int sockindex,bool * done)3004 CURLcode Curl_ossl_connect_nonblocking(struct connectdata *conn,
3005 int sockindex,
3006 bool *done)
3007 {
3008 return ossl_connect_common(conn, sockindex, TRUE, done);
3009 }
3010
Curl_ossl_connect(struct connectdata * conn,int sockindex)3011 CURLcode Curl_ossl_connect(struct connectdata *conn, int sockindex)
3012 {
3013 CURLcode result;
3014 bool done = FALSE;
3015
3016 result = ossl_connect_common(conn, sockindex, FALSE, &done);
3017 if(result)
3018 return result;
3019
3020 DEBUGASSERT(done);
3021
3022 return CURLE_OK;
3023 }
3024
Curl_ossl_data_pending(const struct connectdata * conn,int connindex)3025 bool Curl_ossl_data_pending(const struct connectdata *conn, int connindex)
3026 {
3027 if(conn->ssl[connindex].handle)
3028 /* SSL is in use */
3029 return (0 != SSL_pending(conn->ssl[connindex].handle)) ? TRUE : FALSE;
3030 else
3031 return FALSE;
3032 }
3033
ossl_send(struct connectdata * conn,int sockindex,const void * mem,size_t len,CURLcode * curlcode)3034 static ssize_t ossl_send(struct connectdata *conn,
3035 int sockindex,
3036 const void *mem,
3037 size_t len,
3038 CURLcode *curlcode)
3039 {
3040 /* SSL_write() is said to return 'int' while write() and send() returns
3041 'size_t' */
3042 int err;
3043 char error_buffer[256]; /* OpenSSL documents that this must be at least 256
3044 bytes long. */
3045 unsigned long sslerror;
3046 int memlen;
3047 int rc;
3048
3049 ERR_clear_error();
3050
3051 memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len;
3052 rc = SSL_write(conn->ssl[sockindex].handle, mem, memlen);
3053
3054 if(rc <= 0) {
3055 err = SSL_get_error(conn->ssl[sockindex].handle, rc);
3056
3057 switch(err) {
3058 case SSL_ERROR_WANT_READ:
3059 case SSL_ERROR_WANT_WRITE:
3060 /* The operation did not complete; the same TLS/SSL I/O function
3061 should be called again later. This is basically an EWOULDBLOCK
3062 equivalent. */
3063 *curlcode = CURLE_AGAIN;
3064 return -1;
3065 case SSL_ERROR_SYSCALL:
3066 failf(conn->data, "SSL_write() returned SYSCALL, errno = %d",
3067 SOCKERRNO);
3068 *curlcode = CURLE_SEND_ERROR;
3069 return -1;
3070 case SSL_ERROR_SSL:
3071 /* A failure in the SSL library occurred, usually a protocol error.
3072 The OpenSSL error queue contains more information on the error. */
3073 sslerror = ERR_get_error();
3074 failf(conn->data, "SSL_write() error: %s",
3075 ossl_strerror(sslerror, error_buffer, sizeof(error_buffer)));
3076 *curlcode = CURLE_SEND_ERROR;
3077 return -1;
3078 }
3079 /* a true error */
3080 failf(conn->data, "SSL_write() return error %d", err);
3081 *curlcode = CURLE_SEND_ERROR;
3082 return -1;
3083 }
3084 *curlcode = CURLE_OK;
3085 return (ssize_t)rc; /* number of bytes */
3086 }
3087
ossl_recv(struct connectdata * conn,int num,char * buf,size_t buffersize,CURLcode * curlcode)3088 static ssize_t ossl_recv(struct connectdata *conn, /* connection data */
3089 int num, /* socketindex */
3090 char *buf, /* store read data here */
3091 size_t buffersize, /* max amount to read */
3092 CURLcode *curlcode)
3093 {
3094 char error_buffer[256]; /* OpenSSL documents that this must be at
3095 least 256 bytes long. */
3096 unsigned long sslerror;
3097 ssize_t nread;
3098 int buffsize;
3099
3100 ERR_clear_error();
3101
3102 buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize;
3103 nread = (ssize_t)SSL_read(conn->ssl[num].handle, buf, buffsize);
3104 if(nread <= 0) {
3105 /* failed SSL_read */
3106 int err = SSL_get_error(conn->ssl[num].handle, (int)nread);
3107
3108 switch(err) {
3109 case SSL_ERROR_NONE: /* this is not an error */
3110 case SSL_ERROR_ZERO_RETURN: /* no more data */
3111 break;
3112 case SSL_ERROR_WANT_READ:
3113 case SSL_ERROR_WANT_WRITE:
3114 /* there's data pending, re-invoke SSL_read() */
3115 *curlcode = CURLE_AGAIN;
3116 return -1;
3117 default:
3118 /* openssl/ssl.h for SSL_ERROR_SYSCALL says "look at error stack/return
3119 value/errno" */
3120 /* https://www.openssl.org/docs/crypto/ERR_get_error.html */
3121 sslerror = ERR_get_error();
3122 if((nread < 0) || sslerror) {
3123 /* If the return code was negative or there actually is an error in the
3124 queue */
3125 failf(conn->data, "SSL read: %s, errno %d",
3126 ossl_strerror(sslerror, error_buffer, sizeof(error_buffer)),
3127 SOCKERRNO);
3128 *curlcode = CURLE_RECV_ERROR;
3129 return -1;
3130 }
3131 }
3132 }
3133 return nread;
3134 }
3135
Curl_ossl_version(char * buffer,size_t size)3136 size_t Curl_ossl_version(char *buffer, size_t size)
3137 {
3138 #ifdef OPENSSL_IS_BORINGSSL
3139 return snprintf(buffer, size, OSSL_PACKAGE);
3140 #else /* OPENSSL_IS_BORINGSSL */
3141 char sub[3];
3142 unsigned long ssleay_value;
3143 sub[2]='\0';
3144 sub[1]='\0';
3145 ssleay_value=SSLeay();
3146 if(ssleay_value < 0x906000) {
3147 ssleay_value=SSLEAY_VERSION_NUMBER;
3148 sub[0]='\0';
3149 }
3150 else {
3151 if(ssleay_value&0xff0) {
3152 int minor_ver = (ssleay_value >> 4) & 0xff;
3153 if(minor_ver > 26) {
3154 /* handle extended version introduced for 0.9.8za */
3155 sub[1] = (char) ((minor_ver - 1) % 26 + 'a' + 1);
3156 sub[0] = 'z';
3157 }
3158 else {
3159 sub[0]=(char)(((ssleay_value>>4)&0xff) + 'a' -1);
3160 }
3161 }
3162 else
3163 sub[0]='\0';
3164 }
3165
3166 return snprintf(buffer, size, "%s/%lx.%lx.%lx%s",
3167 OSSL_PACKAGE,
3168 (ssleay_value>>28)&0xf,
3169 (ssleay_value>>20)&0xff,
3170 (ssleay_value>>12)&0xff,
3171 sub);
3172 #endif /* OPENSSL_IS_BORINGSSL */
3173 }
3174
3175 /* can be called with data == NULL */
Curl_ossl_random(struct Curl_easy * data,unsigned char * entropy,size_t length)3176 int Curl_ossl_random(struct Curl_easy *data, unsigned char *entropy,
3177 size_t length)
3178 {
3179 if(data) {
3180 Curl_ossl_seed(data); /* Initiate the seed if not already done */
3181 }
3182 RAND_bytes(entropy, curlx_uztosi(length));
3183 return 0; /* 0 as in no problem */
3184 }
3185
Curl_ossl_md5sum(unsigned char * tmp,size_t tmplen,unsigned char * md5sum,size_t unused)3186 void Curl_ossl_md5sum(unsigned char *tmp, /* input */
3187 size_t tmplen,
3188 unsigned char *md5sum /* output */,
3189 size_t unused)
3190 {
3191 MD5_CTX MD5pw;
3192 (void)unused;
3193 MD5_Init(&MD5pw);
3194 MD5_Update(&MD5pw, tmp, tmplen);
3195 MD5_Final(md5sum, &MD5pw);
3196 }
3197
3198 #if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
Curl_ossl_sha256sum(const unsigned char * tmp,size_t tmplen,unsigned char * sha256sum,size_t unused)3199 void Curl_ossl_sha256sum(const unsigned char *tmp, /* input */
3200 size_t tmplen,
3201 unsigned char *sha256sum /* output */,
3202 size_t unused)
3203 {
3204 SHA256_CTX SHA256pw;
3205 (void)unused;
3206 SHA256_Init(&SHA256pw);
3207 SHA256_Update(&SHA256pw, tmp, tmplen);
3208 SHA256_Final(sha256sum, &SHA256pw);
3209 }
3210 #endif
3211
Curl_ossl_cert_status_request(void)3212 bool Curl_ossl_cert_status_request(void)
3213 {
3214 #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
3215 !defined(OPENSSL_NO_OCSP)
3216 return TRUE;
3217 #else
3218 return FALSE;
3219 #endif
3220 }
3221 #endif /* USE_OPENSSL */
3222