2002-09-03 07:52:59 -04:00
|
|
|
/***************************************************************************
|
2004-05-18 03:25:13 -04:00
|
|
|
* _ _ ____ _
|
|
|
|
* Project ___| | | | _ \| |
|
|
|
|
* / __| | | | |_) | |
|
|
|
|
* | (__| |_| | _ <| |___
|
1999-12-29 09:20:26 -05:00
|
|
|
* \___|\___/|_| \_\_____|
|
|
|
|
*
|
2020-01-22 04:29:44 -05:00
|
|
|
* Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
|
1999-12-29 09:20:26 -05:00
|
|
|
*
|
2002-09-03 07:52:59 -04:00
|
|
|
* This software is licensed as described in the file COPYING, which
|
|
|
|
* you should have received as part of this distribution. The terms
|
2016-02-02 18:19:02 -05:00
|
|
|
* are also available at https://curl.haxx.se/docs/copyright.html.
|
2004-05-18 03:25:13 -04:00
|
|
|
*
|
2001-01-03 04:29:33 -05:00
|
|
|
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
|
|
|
* copies of the Software, and permit persons to whom the Software is
|
2002-09-03 07:52:59 -04:00
|
|
|
* furnished to do so, under the terms of the COPYING file.
|
1999-12-29 09:20:26 -05:00
|
|
|
*
|
2001-01-03 04:29:33 -05:00
|
|
|
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
|
|
|
* KIND, either express or implied.
|
1999-12-29 09:20:26 -05:00
|
|
|
*
|
2002-09-03 07:52:59 -04:00
|
|
|
***************************************************************************/
|
1999-12-29 09:20:26 -05:00
|
|
|
|
2000-05-22 10:12:12 -04:00
|
|
|
/*
|
2005-04-07 11:27:13 -04:00
|
|
|
* Source file for all OpenSSL-specific code for the TLS/SSL layer. No code
|
2013-12-25 05:30:51 -05:00
|
|
|
* but vtls.c should ever call or use these functions.
|
2005-04-07 11:27:13 -04:00
|
|
|
*/
|
|
|
|
|
2013-01-06 13:06:49 -05:00
|
|
|
#include "curl_setup.h"
|
2001-12-17 18:01:39 -05:00
|
|
|
|
2015-03-05 04:57:52 -05:00
|
|
|
#ifdef USE_OPENSSL
|
|
|
|
|
2009-04-14 09:26:06 -04:00
|
|
|
#include <limits.h>
|
1999-12-29 09:20:26 -05:00
|
|
|
|
2020-06-24 16:21:04 -04:00
|
|
|
/* Wincrypt must be included before anything that could include OpenSSL. */
|
|
|
|
#if defined(USE_WIN32_CRYPTO)
|
|
|
|
#include <wincrypt.h>
|
2020-08-26 01:49:47 -04:00
|
|
|
/* Undefine wincrypt conflicting symbols for BoringSSL. */
|
|
|
|
#undef X509_NAME
|
|
|
|
#undef X509_EXTENSIONS
|
|
|
|
#undef PKCS7_ISSUER_AND_SERIAL
|
|
|
|
#undef PKCS7_SIGNER_INFO
|
|
|
|
#undef OCSP_REQUEST
|
|
|
|
#undef OCSP_RESPONSE
|
2020-06-24 16:21:04 -04:00
|
|
|
#endif
|
|
|
|
|
2013-01-03 20:50:28 -05:00
|
|
|
#include "urldata.h"
|
|
|
|
#include "sendf.h"
|
|
|
|
#include "formdata.h" /* for the boundary function */
|
|
|
|
#include "url.h" /* for the ssl config check function */
|
|
|
|
#include "inet_pton.h"
|
2013-12-17 17:26:35 -05:00
|
|
|
#include "openssl.h"
|
2013-01-03 20:50:28 -05:00
|
|
|
#include "connect.h"
|
2013-07-15 11:26:59 -04:00
|
|
|
#include "slist.h"
|
2013-01-03 20:50:28 -05:00
|
|
|
#include "select.h"
|
2013-12-25 05:20:39 -05:00
|
|
|
#include "vtls.h"
|
vtls: Extract and simplify key log file handling from OpenSSL
Create a set of routines for TLS key log file handling to enable reuse
with other TLS backends. Simplify the OpenSSL backend as follows:
- Drop the ENABLE_SSLKEYLOGFILE macro as it is unconditionally enabled.
- Do not perform dynamic memory allocation when preparing a log entry.
Unless the TLS specifications change we can suffice with a reasonable
fixed-size buffer.
- Simplify state tracking when SSL_CTX_set_keylog_callback is
unavailable. My original sslkeylog.c code included this tracking in
order to handle multiple calls to SSL_connect and detect new keys
after renegotiation (via SSL_read/SSL_write). For curl however we can
be sure that a single master secret eventually becomes available
after SSL_connect, so a simple flag is sufficient. An alternative to
the flag is examining SSL_state(), but this seems more complex and is
not pursued. Capturing keys after server renegotiation was already
unsupported in curl and remains unsupported.
Tested with curl built against OpenSSL 0.9.8zh, 1.0.2u, and 1.1.1f
(`SSLKEYLOGFILE=keys.txt curl -vkso /dev/null https://localhost:4433`)
against an OpenSSL 1.1.1f server configured with:
# Force non-TLSv1.3, use TLSv1.0 since 0.9.8 fails with 1.1 or 1.2
openssl s_server -www -tls1
# Likewise, but fail the server handshake.
openssl s_server -www -tls1 -Verify 2
# TLS 1.3 test. No need to test the failing server handshake.
openssl s_server -www -tls1_3
Verify that all secrets (1 for TLS 1.0, 4 for TLS 1.3) are correctly
written using Wireshark. For the first and third case, expect four
matches per connection (decrypted Server Finished, Client Finished, HTTP
Request, HTTP Response). For the second case where the handshake fails,
expect a decrypted Server Finished only.
tshark -i lo -pf tcp -otls.keylog_file:keys.txt -Tfields \
-eframe.number -eframe.time -etcp.stream -e_ws.col.Info \
-dtls.port==4433,http -ohttp.desegment_body:FALSE \
-Y 'tls.handshake.verify_data or http'
A single connection can easily be identified via the `tcp.stream` field.
2020-05-03 11:10:40 -04:00
|
|
|
#include "keylog.h"
|
2016-09-30 12:54:02 -04:00
|
|
|
#include "strcase.h"
|
2013-01-03 20:50:28 -05:00
|
|
|
#include "hostcheck.h"
|
2019-04-30 05:14:38 -04:00
|
|
|
#include "multiif.h"
|
2019-09-24 08:03:23 -04:00
|
|
|
#include "strerror.h"
|
2015-03-03 17:17:43 -05:00
|
|
|
#include "curl_printf.h"
|
2019-09-13 05:24:00 -04:00
|
|
|
|
2015-03-05 04:57:52 -05:00
|
|
|
#include <openssl/ssl.h>
|
2001-03-07 12:08:20 -05:00
|
|
|
#include <openssl/rand.h>
|
2003-10-07 17:46:47 -04:00
|
|
|
#include <openssl/x509v3.h>
|
2017-03-28 02:56:00 -04:00
|
|
|
#ifndef OPENSSL_NO_DSA
|
2009-05-27 17:11:11 -04:00
|
|
|
#include <openssl/dsa.h>
|
2017-03-28 02:56:00 -04:00
|
|
|
#endif
|
2009-05-27 17:11:11 -04:00
|
|
|
#include <openssl/dh.h>
|
2010-06-05 17:41:58 -04:00
|
|
|
#include <openssl/err.h>
|
2012-06-26 08:52:46 -04:00
|
|
|
#include <openssl/md5.h>
|
2014-06-03 12:08:20 -04:00
|
|
|
#include <openssl/conf.h>
|
2014-12-22 07:56:04 -05:00
|
|
|
#include <openssl/bn.h>
|
2015-03-05 04:57:52 -05:00
|
|
|
#include <openssl/rsa.h>
|
2017-09-15 18:36:40 -04:00
|
|
|
#include <openssl/bio.h>
|
|
|
|
#include <openssl/buffer.h>
|
2015-03-05 04:57:52 -05:00
|
|
|
#include <openssl/pkcs12.h>
|
|
|
|
|
2019-03-07 19:06:59 -05:00
|
|
|
#ifdef USE_AMISSL
|
|
|
|
#include "amigaos.h"
|
|
|
|
#endif
|
|
|
|
|
2016-02-08 23:19:31 -05:00
|
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_OCSP)
|
2014-06-16 09:05:17 -04:00
|
|
|
#include <openssl/ocsp.h>
|
2015-01-22 17:34:43 -05:00
|
|
|
#endif
|
1999-12-29 09:20:26 -05:00
|
|
|
|
2018-11-13 15:41:25 -05:00
|
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x0090700fL) && /* 0.9.7 or later */ \
|
2019-06-25 14:35:22 -04:00
|
|
|
!defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_UI_CONSOLE)
|
2018-06-08 10:36:47 -04:00
|
|
|
#define USE_OPENSSL_ENGINE
|
|
|
|
#include <openssl/engine.h>
|
|
|
|
#endif
|
|
|
|
|
2013-01-03 20:50:28 -05:00
|
|
|
#include "warnless.h"
|
|
|
|
#include "non-ascii.h" /* for Curl_convert_from_utf8 prototype */
|
2004-05-11 07:30:23 -04:00
|
|
|
|
2015-03-24 18:12:03 -04:00
|
|
|
/* The last #include files should be: */
|
|
|
|
#include "curl_memory.h"
|
2013-01-03 20:50:28 -05:00
|
|
|
#include "memdebug.h"
|
2001-04-24 17:41:29 -04:00
|
|
|
|
2018-11-20 17:48:30 -05:00
|
|
|
/* Uncomment the ALLOW_RENEG line to a real #define if you want to allow TLS
|
|
|
|
renegotiations when built with BoringSSL. Renegotiating is non-compliant
|
|
|
|
with HTTP/2 and "an extremely dangerous protocol feature". Beware.
|
|
|
|
|
|
|
|
#define ALLOW_RENEG 1
|
|
|
|
*/
|
|
|
|
|
2011-06-02 06:52:52 -04:00
|
|
|
#ifndef OPENSSL_VERSION_NUMBER
|
|
|
|
#error "OPENSSL_VERSION_NUMBER not defined"
|
|
|
|
#endif
|
|
|
|
|
2018-06-08 10:36:47 -04:00
|
|
|
#ifdef USE_OPENSSL_ENGINE
|
2009-05-27 17:11:11 -04:00
|
|
|
#include <openssl/ui.h>
|
2004-12-18 05:42:48 -05:00
|
|
|
#endif
|
|
|
|
|
2005-12-05 10:14:04 -05:00
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x00909000L
|
|
|
|
#define SSL_METHOD_QUAL const
|
|
|
|
#else
|
|
|
|
#define SSL_METHOD_QUAL
|
|
|
|
#endif
|
|
|
|
|
2016-02-08 23:19:31 -05:00
|
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
|
2011-11-04 08:08:37 -04:00
|
|
|
#define HAVE_ERR_REMOVE_THREAD_STATE 1
|
|
|
|
#endif
|
|
|
|
|
2014-12-22 07:56:04 -05:00
|
|
|
#if !defined(HAVE_SSLV2_CLIENT_METHOD) || \
|
|
|
|
OPENSSL_VERSION_NUMBER >= 0x10100000L /* 1.1.0+ has no SSLv2 */
|
2011-12-06 08:22:45 -05:00
|
|
|
#undef OPENSSL_NO_SSL2 /* undef first to avoid compiler warnings */
|
|
|
|
#define OPENSSL_NO_SSL2
|
|
|
|
#endif
|
|
|
|
|
2015-12-14 03:49:19 -05:00
|
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && /* OpenSSL 1.1.0+ */ \
|
2018-04-02 13:04:06 -04:00
|
|
|
!(defined(LIBRESSL_VERSION_NUMBER) && \
|
|
|
|
LIBRESSL_VERSION_NUMBER < 0x20700000L)
|
2015-12-10 11:30:31 -05:00
|
|
|
#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
|
2015-12-10 13:20:22 -05:00
|
|
|
#define HAVE_X509_GET0_EXTENSIONS 1 /* added in 1.1.0 -pre1 */
|
2016-02-15 18:22:54 -05:00
|
|
|
#define HAVE_OPAQUE_EVP_PKEY 1 /* since 1.1.0 -pre3 */
|
2016-04-21 04:24:23 -04:00
|
|
|
#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */
|
2016-08-25 06:27:31 -04:00
|
|
|
#define CONST_EXTS const
|
2016-09-19 08:32:59 -04:00
|
|
|
#define HAVE_ERR_REMOVE_THREAD_STATE_DEPRECATED 1
|
2018-04-04 04:55:56 -04:00
|
|
|
|
|
|
|
/* funny typecast define due to difference in API */
|
|
|
|
#ifdef LIBRESSL_VERSION_NUMBER
|
|
|
|
#define ARG2_X509_signature_print (X509_ALGOR *)
|
|
|
|
#else
|
|
|
|
#define ARG2_X509_signature_print
|
|
|
|
#endif
|
|
|
|
|
2016-08-25 06:27:31 -04:00
|
|
|
#else
|
|
|
|
/* For OpenSSL before 1.1.0 */
|
|
|
|
#define ASN1_STRING_get0_data(x) ASN1_STRING_data(x)
|
2016-09-05 12:15:25 -04:00
|
|
|
#define X509_get0_notBefore(x) X509_get_notBefore(x)
|
|
|
|
#define X509_get0_notAfter(x) X509_get_notAfter(x)
|
2016-08-25 06:27:31 -04:00
|
|
|
#define CONST_EXTS /* nope */
|
2018-09-13 08:09:24 -04:00
|
|
|
#ifndef LIBRESSL_VERSION_NUMBER
|
2016-09-05 12:15:25 -04:00
|
|
|
#define OpenSSL_version_num() SSLeay()
|
2015-12-10 13:20:22 -05:00
|
|
|
#endif
|
2016-09-19 15:11:45 -04:00
|
|
|
#endif
|
2015-12-10 13:20:22 -05:00
|
|
|
|
2015-12-14 03:49:19 -05:00
|
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && /* 1.0.2 or later */ \
|
2018-04-02 13:04:06 -04:00
|
|
|
!(defined(LIBRESSL_VERSION_NUMBER) && \
|
|
|
|
LIBRESSL_VERSION_NUMBER < 0x20700000L)
|
2015-12-10 13:20:22 -05:00
|
|
|
#define HAVE_X509_GET0_SIGNATURE 1
|
2015-12-10 11:30:31 -05:00
|
|
|
#endif
|
|
|
|
|
2019-07-09 05:24:41 -04:00
|
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) /* 1.0.2 or later */
|
|
|
|
#define HAVE_SSL_GET_SHUTDOWN 1
|
|
|
|
#endif
|
|
|
|
|
2016-05-30 07:26:20 -04:00
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x10002003L && \
|
|
|
|
OPENSSL_VERSION_NUMBER <= 0x10002FFFL && \
|
|
|
|
!defined(OPENSSL_NO_COMP)
|
|
|
|
#define HAVE_SSL_COMP_FREE_COMPRESSION_METHODS 1
|
|
|
|
#endif
|
|
|
|
|
2016-02-08 23:19:31 -05:00
|
|
|
#if (OPENSSL_VERSION_NUMBER < 0x0090808fL)
|
|
|
|
/* not present in older OpenSSL */
|
2015-06-17 18:06:46 -04:00
|
|
|
#define OPENSSL_load_builtin_modules(x)
|
|
|
|
#endif
|
|
|
|
|
2017-09-05 15:27:22 -04:00
|
|
|
/*
|
|
|
|
* Whether SSL_CTX_set_keylog_callback is available.
|
|
|
|
* OpenSSL: supported since 1.1.1 https://github.com/openssl/openssl/pull/2287
|
2017-10-09 11:41:02 -04:00
|
|
|
* BoringSSL: supported since d28f59c27bac (committed 2015-11-19)
|
2018-04-02 13:04:06 -04:00
|
|
|
* LibreSSL: unsupported in at least 2.7.2 (explicitly check for it since it
|
2017-09-05 15:27:22 -04:00
|
|
|
* lies and pretends to be OpenSSL 2.0.0).
|
|
|
|
*/
|
|
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \
|
|
|
|
!defined(LIBRESSL_VERSION_NUMBER)) || \
|
2017-10-09 11:41:02 -04:00
|
|
|
defined(OPENSSL_IS_BORINGSSL)
|
2017-09-05 15:27:22 -04:00
|
|
|
#define HAVE_KEYLOG_CALLBACK
|
|
|
|
#endif
|
|
|
|
|
2018-05-29 10:12:52 -04:00
|
|
|
/* Whether SSL_CTX_set_ciphersuites is available.
|
|
|
|
* OpenSSL: supported since 1.1.1 (commit a53b5be6a05)
|
|
|
|
* BoringSSL: no
|
|
|
|
* LibreSSL: no
|
|
|
|
*/
|
|
|
|
#if ((OPENSSL_VERSION_NUMBER >= 0x10101000L) && \
|
|
|
|
!defined(LIBRESSL_VERSION_NUMBER) && \
|
|
|
|
!defined(OPENSSL_IS_BORINGSSL))
|
|
|
|
#define HAVE_SSL_CTX_SET_CIPHERSUITES
|
2018-09-21 04:37:43 -04:00
|
|
|
#define HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
|
2020-08-29 08:09:24 -04:00
|
|
|
/* SET_EC_CURVES available under the same preconditions: see
|
|
|
|
* https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups.html
|
|
|
|
*/
|
|
|
|
#define HAVE_SSL_CTX_SET_EC_CURVES
|
2018-05-29 10:12:52 -04:00
|
|
|
#endif
|
|
|
|
|
2016-03-08 08:19:01 -05:00
|
|
|
#if defined(LIBRESSL_VERSION_NUMBER)
|
|
|
|
#define OSSL_PACKAGE "LibreSSL"
|
|
|
|
#elif defined(OPENSSL_IS_BORINGSSL)
|
|
|
|
#define OSSL_PACKAGE "BoringSSL"
|
|
|
|
#else
|
|
|
|
#define OSSL_PACKAGE "OpenSSL"
|
|
|
|
#endif
|
|
|
|
|
2017-08-30 08:12:10 -04:00
|
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
|
|
|
|
/* up2date versions of OpenSSL maintain the default reasonably secure without
|
|
|
|
* breaking compatibility, so it is better not to override the default by curl
|
|
|
|
*/
|
|
|
|
#define DEFAULT_CIPHER_SELECTION NULL
|
|
|
|
#else
|
|
|
|
/* ... but it is not the case with old versions of OpenSSL */
|
2017-06-26 11:05:49 -04:00
|
|
|
#define DEFAULT_CIPHER_SELECTION \
|
|
|
|
"ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH"
|
2017-08-30 08:12:10 -04:00
|
|
|
#endif
|
2017-06-26 11:05:49 -04:00
|
|
|
|
vtls: encapsulate SSL backend-specific data
So far, all of the SSL backends' private data has been declared as
part of the ssl_connect_data struct, in one big #if .. #elif .. #endif
block.
This can only work as long as the SSL backend is a compile-time option,
something we want to change in the next commits.
Therefore, let's encapsulate the exact data needed by each SSL backend
into a private struct, and let's avoid bleeding any SSL backend-specific
information into urldata.h. This is also necessary to allow multiple SSL
backends to be compiled in at the same time, as e.g. OpenSSL's and
CyaSSL's headers cannot be included in the same .c file.
To avoid too many malloc() calls, we simply append the private structs
to the connectdata struct in allocate_conn().
This requires us to take extra care of alignment issues: struct fields
often need to be aligned on certain boundaries e.g. 32-bit values need to
be stored at addresses that divide evenly by 4 (= 32 bit / 8
bit-per-byte).
We do that by assuming that no SSL backend's private data contains any
fields that need to be aligned on boundaries larger than `long long`
(typically 64-bit) would need. Under this assumption, we simply add a
dummy field of type `long long` to the `struct connectdata` struct. This
field will never be accessed but acts as a placeholder for the four
instances of ssl_backend_data instead. the size of each ssl_backend_data
struct is stored in the SSL backend-specific metadata, to allow
allocate_conn() to know how much extra space to allocate, and how to
initialize the ssl[sockindex]->backend and proxy_ssl[sockindex]->backend
pointers.
This would appear to be a little complicated at first, but is really
necessary to encapsulate the private data of each SSL backend correctly.
And we need to encapsulate thusly if we ever want to allow selecting
CyaSSL and OpenSSL at runtime, as their headers cannot be included within
the same .c file (there are just too many conflicting definitions and
declarations for that).
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2017-07-28 16:09:35 -04:00
|
|
|
struct ssl_backend_data {
|
|
|
|
/* these ones requires specific SSL-types */
|
|
|
|
SSL_CTX* ctx;
|
|
|
|
SSL* handle;
|
|
|
|
X509* server_cert;
|
vtls: Extract and simplify key log file handling from OpenSSL
Create a set of routines for TLS key log file handling to enable reuse
with other TLS backends. Simplify the OpenSSL backend as follows:
- Drop the ENABLE_SSLKEYLOGFILE macro as it is unconditionally enabled.
- Do not perform dynamic memory allocation when preparing a log entry.
Unless the TLS specifications change we can suffice with a reasonable
fixed-size buffer.
- Simplify state tracking when SSL_CTX_set_keylog_callback is
unavailable. My original sslkeylog.c code included this tracking in
order to handle multiple calls to SSL_connect and detect new keys
after renegotiation (via SSL_read/SSL_write). For curl however we can
be sure that a single master secret eventually becomes available
after SSL_connect, so a simple flag is sufficient. An alternative to
the flag is examining SSL_state(), but this seems more complex and is
not pursued. Capturing keys after server renegotiation was already
unsupported in curl and remains unsupported.
Tested with curl built against OpenSSL 0.9.8zh, 1.0.2u, and 1.1.1f
(`SSLKEYLOGFILE=keys.txt curl -vkso /dev/null https://localhost:4433`)
against an OpenSSL 1.1.1f server configured with:
# Force non-TLSv1.3, use TLSv1.0 since 0.9.8 fails with 1.1 or 1.2
openssl s_server -www -tls1
# Likewise, but fail the server handshake.
openssl s_server -www -tls1 -Verify 2
# TLS 1.3 test. No need to test the failing server handshake.
openssl s_server -www -tls1_3
Verify that all secrets (1 for TLS 1.0, 4 for TLS 1.3) are correctly
written using Wireshark. For the first and third case, expect four
matches per connection (decrypted Server Finished, Client Finished, HTTP
Request, HTTP Response). For the second case where the handshake fails,
expect a decrypted Server Finished only.
tshark -i lo -pf tcp -otls.keylog_file:keys.txt -Tfields \
-eframe.number -eframe.time -etcp.stream -e_ws.col.Info \
-dtls.port==4433,http -ohttp.desegment_body:FALSE \
-Y 'tls.handshake.verify_data or http'
A single connection can easily be identified via the `tcp.stream` field.
2020-05-03 11:10:40 -04:00
|
|
|
#ifndef HAVE_KEYLOG_CALLBACK
|
|
|
|
/* Set to true once a valid keylog entry has been created to avoid dupes. */
|
|
|
|
bool keylog_done;
|
2017-09-05 15:27:22 -04:00
|
|
|
#endif
|
vtls: encapsulate SSL backend-specific data
So far, all of the SSL backends' private data has been declared as
part of the ssl_connect_data struct, in one big #if .. #elif .. #endif
block.
This can only work as long as the SSL backend is a compile-time option,
something we want to change in the next commits.
Therefore, let's encapsulate the exact data needed by each SSL backend
into a private struct, and let's avoid bleeding any SSL backend-specific
information into urldata.h. This is also necessary to allow multiple SSL
backends to be compiled in at the same time, as e.g. OpenSSL's and
CyaSSL's headers cannot be included in the same .c file.
To avoid too many malloc() calls, we simply append the private structs
to the connectdata struct in allocate_conn().
This requires us to take extra care of alignment issues: struct fields
often need to be aligned on certain boundaries e.g. 32-bit values need to
be stored at addresses that divide evenly by 4 (= 32 bit / 8
bit-per-byte).
We do that by assuming that no SSL backend's private data contains any
fields that need to be aligned on boundaries larger than `long long`
(typically 64-bit) would need. Under this assumption, we simply add a
dummy field of type `long long` to the `struct connectdata` struct. This
field will never be accessed but acts as a placeholder for the four
instances of ssl_backend_data instead. the size of each ssl_backend_data
struct is stored in the SSL backend-specific metadata, to allow
allocate_conn() to know how much extra space to allocate, and how to
initialize the ssl[sockindex]->backend and proxy_ssl[sockindex]->backend
pointers.
This would appear to be a little complicated at first, but is really
necessary to encapsulate the private data of each SSL backend correctly.
And we need to encapsulate thusly if we ever want to allow selecting
CyaSSL and OpenSSL at runtime, as their headers cannot be included within
the same .c file (there are just too many conflicting definitions and
declarations for that).
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2017-07-28 16:09:35 -04:00
|
|
|
};
|
|
|
|
|
2005-03-04 17:36:56 -05:00
|
|
|
/*
|
|
|
|
* Number of bytes to read from the random number seed file. This must be
|
|
|
|
* a finite value (because some entropy "files" like /dev/urandom have
|
|
|
|
* an infinite length), but must be large enough to provide enough
|
2017-03-22 14:39:41 -04:00
|
|
|
* entropy to properly seed OpenSSL's PRNG.
|
2005-03-04 17:36:56 -05:00
|
|
|
*/
|
|
|
|
#define RAND_LOAD_LENGTH 1024
|
2002-06-10 08:38:10 -04:00
|
|
|
|
2017-09-05 15:27:22 -04:00
|
|
|
#ifdef HAVE_KEYLOG_CALLBACK
|
|
|
|
static void ossl_keylog_callback(const SSL *ssl, const char *line)
|
|
|
|
{
|
|
|
|
(void)ssl;
|
|
|
|
|
vtls: Extract and simplify key log file handling from OpenSSL
Create a set of routines for TLS key log file handling to enable reuse
with other TLS backends. Simplify the OpenSSL backend as follows:
- Drop the ENABLE_SSLKEYLOGFILE macro as it is unconditionally enabled.
- Do not perform dynamic memory allocation when preparing a log entry.
Unless the TLS specifications change we can suffice with a reasonable
fixed-size buffer.
- Simplify state tracking when SSL_CTX_set_keylog_callback is
unavailable. My original sslkeylog.c code included this tracking in
order to handle multiple calls to SSL_connect and detect new keys
after renegotiation (via SSL_read/SSL_write). For curl however we can
be sure that a single master secret eventually becomes available
after SSL_connect, so a simple flag is sufficient. An alternative to
the flag is examining SSL_state(), but this seems more complex and is
not pursued. Capturing keys after server renegotiation was already
unsupported in curl and remains unsupported.
Tested with curl built against OpenSSL 0.9.8zh, 1.0.2u, and 1.1.1f
(`SSLKEYLOGFILE=keys.txt curl -vkso /dev/null https://localhost:4433`)
against an OpenSSL 1.1.1f server configured with:
# Force non-TLSv1.3, use TLSv1.0 since 0.9.8 fails with 1.1 or 1.2
openssl s_server -www -tls1
# Likewise, but fail the server handshake.
openssl s_server -www -tls1 -Verify 2
# TLS 1.3 test. No need to test the failing server handshake.
openssl s_server -www -tls1_3
Verify that all secrets (1 for TLS 1.0, 4 for TLS 1.3) are correctly
written using Wireshark. For the first and third case, expect four
matches per connection (decrypted Server Finished, Client Finished, HTTP
Request, HTTP Response). For the second case where the handshake fails,
expect a decrypted Server Finished only.
tshark -i lo -pf tcp -otls.keylog_file:keys.txt -Tfields \
-eframe.number -eframe.time -etcp.stream -e_ws.col.Info \
-dtls.port==4433,http -ohttp.desegment_body:FALSE \
-Y 'tls.handshake.verify_data or http'
A single connection can easily be identified via the `tcp.stream` field.
2020-05-03 11:10:40 -04:00
|
|
|
Curl_tls_keylog_write_line(line);
|
2017-09-05 15:27:22 -04:00
|
|
|
}
|
|
|
|
#else
|
|
|
|
/*
|
vtls: Extract and simplify key log file handling from OpenSSL
Create a set of routines for TLS key log file handling to enable reuse
with other TLS backends. Simplify the OpenSSL backend as follows:
- Drop the ENABLE_SSLKEYLOGFILE macro as it is unconditionally enabled.
- Do not perform dynamic memory allocation when preparing a log entry.
Unless the TLS specifications change we can suffice with a reasonable
fixed-size buffer.
- Simplify state tracking when SSL_CTX_set_keylog_callback is
unavailable. My original sslkeylog.c code included this tracking in
order to handle multiple calls to SSL_connect and detect new keys
after renegotiation (via SSL_read/SSL_write). For curl however we can
be sure that a single master secret eventually becomes available
after SSL_connect, so a simple flag is sufficient. An alternative to
the flag is examining SSL_state(), but this seems more complex and is
not pursued. Capturing keys after server renegotiation was already
unsupported in curl and remains unsupported.
Tested with curl built against OpenSSL 0.9.8zh, 1.0.2u, and 1.1.1f
(`SSLKEYLOGFILE=keys.txt curl -vkso /dev/null https://localhost:4433`)
against an OpenSSL 1.1.1f server configured with:
# Force non-TLSv1.3, use TLSv1.0 since 0.9.8 fails with 1.1 or 1.2
openssl s_server -www -tls1
# Likewise, but fail the server handshake.
openssl s_server -www -tls1 -Verify 2
# TLS 1.3 test. No need to test the failing server handshake.
openssl s_server -www -tls1_3
Verify that all secrets (1 for TLS 1.0, 4 for TLS 1.3) are correctly
written using Wireshark. For the first and third case, expect four
matches per connection (decrypted Server Finished, Client Finished, HTTP
Request, HTTP Response). For the second case where the handshake fails,
expect a decrypted Server Finished only.
tshark -i lo -pf tcp -otls.keylog_file:keys.txt -Tfields \
-eframe.number -eframe.time -etcp.stream -e_ws.col.Info \
-dtls.port==4433,http -ohttp.desegment_body:FALSE \
-Y 'tls.handshake.verify_data or http'
A single connection can easily be identified via the `tcp.stream` field.
2020-05-03 11:10:40 -04:00
|
|
|
* ossl_log_tls12_secret is called by libcurl to make the CLIENT_RANDOMs if the
|
|
|
|
* OpenSSL being used doesn't have native support for doing that.
|
2017-09-05 15:27:22 -04:00
|
|
|
*/
|
vtls: Extract and simplify key log file handling from OpenSSL
Create a set of routines for TLS key log file handling to enable reuse
with other TLS backends. Simplify the OpenSSL backend as follows:
- Drop the ENABLE_SSLKEYLOGFILE macro as it is unconditionally enabled.
- Do not perform dynamic memory allocation when preparing a log entry.
Unless the TLS specifications change we can suffice with a reasonable
fixed-size buffer.
- Simplify state tracking when SSL_CTX_set_keylog_callback is
unavailable. My original sslkeylog.c code included this tracking in
order to handle multiple calls to SSL_connect and detect new keys
after renegotiation (via SSL_read/SSL_write). For curl however we can
be sure that a single master secret eventually becomes available
after SSL_connect, so a simple flag is sufficient. An alternative to
the flag is examining SSL_state(), but this seems more complex and is
not pursued. Capturing keys after server renegotiation was already
unsupported in curl and remains unsupported.
Tested with curl built against OpenSSL 0.9.8zh, 1.0.2u, and 1.1.1f
(`SSLKEYLOGFILE=keys.txt curl -vkso /dev/null https://localhost:4433`)
against an OpenSSL 1.1.1f server configured with:
# Force non-TLSv1.3, use TLSv1.0 since 0.9.8 fails with 1.1 or 1.2
openssl s_server -www -tls1
# Likewise, but fail the server handshake.
openssl s_server -www -tls1 -Verify 2
# TLS 1.3 test. No need to test the failing server handshake.
openssl s_server -www -tls1_3
Verify that all secrets (1 for TLS 1.0, 4 for TLS 1.3) are correctly
written using Wireshark. For the first and third case, expect four
matches per connection (decrypted Server Finished, Client Finished, HTTP
Request, HTTP Response). For the second case where the handshake fails,
expect a decrypted Server Finished only.
tshark -i lo -pf tcp -otls.keylog_file:keys.txt -Tfields \
-eframe.number -eframe.time -etcp.stream -e_ws.col.Info \
-dtls.port==4433,http -ohttp.desegment_body:FALSE \
-Y 'tls.handshake.verify_data or http'
A single connection can easily be identified via the `tcp.stream` field.
2020-05-03 11:10:40 -04:00
|
|
|
static void
|
|
|
|
ossl_log_tls12_secret(const SSL *ssl, bool *keylog_done)
|
2017-09-05 15:27:22 -04:00
|
|
|
{
|
|
|
|
const SSL_SESSION *session = SSL_get_session(ssl);
|
|
|
|
unsigned char client_random[SSL3_RANDOM_SIZE];
|
|
|
|
unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
|
|
|
|
int master_key_length = 0;
|
|
|
|
|
vtls: Extract and simplify key log file handling from OpenSSL
Create a set of routines for TLS key log file handling to enable reuse
with other TLS backends. Simplify the OpenSSL backend as follows:
- Drop the ENABLE_SSLKEYLOGFILE macro as it is unconditionally enabled.
- Do not perform dynamic memory allocation when preparing a log entry.
Unless the TLS specifications change we can suffice with a reasonable
fixed-size buffer.
- Simplify state tracking when SSL_CTX_set_keylog_callback is
unavailable. My original sslkeylog.c code included this tracking in
order to handle multiple calls to SSL_connect and detect new keys
after renegotiation (via SSL_read/SSL_write). For curl however we can
be sure that a single master secret eventually becomes available
after SSL_connect, so a simple flag is sufficient. An alternative to
the flag is examining SSL_state(), but this seems more complex and is
not pursued. Capturing keys after server renegotiation was already
unsupported in curl and remains unsupported.
Tested with curl built against OpenSSL 0.9.8zh, 1.0.2u, and 1.1.1f
(`SSLKEYLOGFILE=keys.txt curl -vkso /dev/null https://localhost:4433`)
against an OpenSSL 1.1.1f server configured with:
# Force non-TLSv1.3, use TLSv1.0 since 0.9.8 fails with 1.1 or 1.2
openssl s_server -www -tls1
# Likewise, but fail the server handshake.
openssl s_server -www -tls1 -Verify 2
# TLS 1.3 test. No need to test the failing server handshake.
openssl s_server -www -tls1_3
Verify that all secrets (1 for TLS 1.0, 4 for TLS 1.3) are correctly
written using Wireshark. For the first and third case, expect four
matches per connection (decrypted Server Finished, Client Finished, HTTP
Request, HTTP Response). For the second case where the handshake fails,
expect a decrypted Server Finished only.
tshark -i lo -pf tcp -otls.keylog_file:keys.txt -Tfields \
-eframe.number -eframe.time -etcp.stream -e_ws.col.Info \
-dtls.port==4433,http -ohttp.desegment_body:FALSE \
-Y 'tls.handshake.verify_data or http'
A single connection can easily be identified via the `tcp.stream` field.
2020-05-03 11:10:40 -04:00
|
|
|
if(!session || *keylog_done)
|
2017-09-05 15:27:22 -04:00
|
|
|
return;
|
|
|
|
|
2018-04-02 13:04:06 -04:00
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
|
|
|
|
!(defined(LIBRESSL_VERSION_NUMBER) && \
|
|
|
|
LIBRESSL_VERSION_NUMBER < 0x20700000L)
|
2017-09-05 15:27:22 -04:00
|
|
|
/* ssl->s3 is not checked in openssl 1.1.0-pre6, but let's assume that
|
|
|
|
* we have a valid SSL context if we have a non-NULL session. */
|
|
|
|
SSL_get_client_random(ssl, client_random, SSL3_RANDOM_SIZE);
|
2018-01-14 01:45:47 -05:00
|
|
|
master_key_length = (int)
|
2017-09-05 15:27:22 -04:00
|
|
|
SSL_SESSION_get_master_key(session, master_key, SSL_MAX_MASTER_KEY_LENGTH);
|
|
|
|
#else
|
|
|
|
if(ssl->s3 && session->master_key_length > 0) {
|
|
|
|
master_key_length = session->master_key_length;
|
|
|
|
memcpy(master_key, session->master_key, session->master_key_length);
|
|
|
|
memcpy(client_random, ssl->s3->client_random, SSL3_RANDOM_SIZE);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
vtls: Extract and simplify key log file handling from OpenSSL
Create a set of routines for TLS key log file handling to enable reuse
with other TLS backends. Simplify the OpenSSL backend as follows:
- Drop the ENABLE_SSLKEYLOGFILE macro as it is unconditionally enabled.
- Do not perform dynamic memory allocation when preparing a log entry.
Unless the TLS specifications change we can suffice with a reasonable
fixed-size buffer.
- Simplify state tracking when SSL_CTX_set_keylog_callback is
unavailable. My original sslkeylog.c code included this tracking in
order to handle multiple calls to SSL_connect and detect new keys
after renegotiation (via SSL_read/SSL_write). For curl however we can
be sure that a single master secret eventually becomes available
after SSL_connect, so a simple flag is sufficient. An alternative to
the flag is examining SSL_state(), but this seems more complex and is
not pursued. Capturing keys after server renegotiation was already
unsupported in curl and remains unsupported.
Tested with curl built against OpenSSL 0.9.8zh, 1.0.2u, and 1.1.1f
(`SSLKEYLOGFILE=keys.txt curl -vkso /dev/null https://localhost:4433`)
against an OpenSSL 1.1.1f server configured with:
# Force non-TLSv1.3, use TLSv1.0 since 0.9.8 fails with 1.1 or 1.2
openssl s_server -www -tls1
# Likewise, but fail the server handshake.
openssl s_server -www -tls1 -Verify 2
# TLS 1.3 test. No need to test the failing server handshake.
openssl s_server -www -tls1_3
Verify that all secrets (1 for TLS 1.0, 4 for TLS 1.3) are correctly
written using Wireshark. For the first and third case, expect four
matches per connection (decrypted Server Finished, Client Finished, HTTP
Request, HTTP Response). For the second case where the handshake fails,
expect a decrypted Server Finished only.
tshark -i lo -pf tcp -otls.keylog_file:keys.txt -Tfields \
-eframe.number -eframe.time -etcp.stream -e_ws.col.Info \
-dtls.port==4433,http -ohttp.desegment_body:FALSE \
-Y 'tls.handshake.verify_data or http'
A single connection can easily be identified via the `tcp.stream` field.
2020-05-03 11:10:40 -04:00
|
|
|
/* The handshake has not progressed sufficiently yet, or this is a TLS 1.3
|
|
|
|
* session (when curl was built with older OpenSSL headers and running with
|
|
|
|
* newer OpenSSL runtime libraries). */
|
2017-09-05 15:27:22 -04:00
|
|
|
if(master_key_length <= 0)
|
|
|
|
return;
|
|
|
|
|
vtls: Extract and simplify key log file handling from OpenSSL
Create a set of routines for TLS key log file handling to enable reuse
with other TLS backends. Simplify the OpenSSL backend as follows:
- Drop the ENABLE_SSLKEYLOGFILE macro as it is unconditionally enabled.
- Do not perform dynamic memory allocation when preparing a log entry.
Unless the TLS specifications change we can suffice with a reasonable
fixed-size buffer.
- Simplify state tracking when SSL_CTX_set_keylog_callback is
unavailable. My original sslkeylog.c code included this tracking in
order to handle multiple calls to SSL_connect and detect new keys
after renegotiation (via SSL_read/SSL_write). For curl however we can
be sure that a single master secret eventually becomes available
after SSL_connect, so a simple flag is sufficient. An alternative to
the flag is examining SSL_state(), but this seems more complex and is
not pursued. Capturing keys after server renegotiation was already
unsupported in curl and remains unsupported.
Tested with curl built against OpenSSL 0.9.8zh, 1.0.2u, and 1.1.1f
(`SSLKEYLOGFILE=keys.txt curl -vkso /dev/null https://localhost:4433`)
against an OpenSSL 1.1.1f server configured with:
# Force non-TLSv1.3, use TLSv1.0 since 0.9.8 fails with 1.1 or 1.2
openssl s_server -www -tls1
# Likewise, but fail the server handshake.
openssl s_server -www -tls1 -Verify 2
# TLS 1.3 test. No need to test the failing server handshake.
openssl s_server -www -tls1_3
Verify that all secrets (1 for TLS 1.0, 4 for TLS 1.3) are correctly
written using Wireshark. For the first and third case, expect four
matches per connection (decrypted Server Finished, Client Finished, HTTP
Request, HTTP Response). For the second case where the handshake fails,
expect a decrypted Server Finished only.
tshark -i lo -pf tcp -otls.keylog_file:keys.txt -Tfields \
-eframe.number -eframe.time -etcp.stream -e_ws.col.Info \
-dtls.port==4433,http -ohttp.desegment_body:FALSE \
-Y 'tls.handshake.verify_data or http'
A single connection can easily be identified via the `tcp.stream` field.
2020-05-03 11:10:40 -04:00
|
|
|
*keylog_done = true;
|
|
|
|
Curl_tls_keylog_write("CLIENT_RANDOM", client_random,
|
|
|
|
master_key, master_key_length);
|
2017-09-05 15:27:22 -04:00
|
|
|
}
|
|
|
|
#endif /* !HAVE_KEYLOG_CALLBACK */
|
|
|
|
|
2017-03-22 14:39:41 -04:00
|
|
|
static const char *SSL_ERROR_to_str(int err)
|
|
|
|
{
|
2017-04-17 09:42:03 -04:00
|
|
|
switch(err) {
|
|
|
|
case SSL_ERROR_NONE:
|
|
|
|
return "SSL_ERROR_NONE";
|
|
|
|
case SSL_ERROR_SSL:
|
|
|
|
return "SSL_ERROR_SSL";
|
|
|
|
case SSL_ERROR_WANT_READ:
|
|
|
|
return "SSL_ERROR_WANT_READ";
|
|
|
|
case SSL_ERROR_WANT_WRITE:
|
|
|
|
return "SSL_ERROR_WANT_WRITE";
|
|
|
|
case SSL_ERROR_WANT_X509_LOOKUP:
|
|
|
|
return "SSL_ERROR_WANT_X509_LOOKUP";
|
|
|
|
case SSL_ERROR_SYSCALL:
|
|
|
|
return "SSL_ERROR_SYSCALL";
|
|
|
|
case SSL_ERROR_ZERO_RETURN:
|
|
|
|
return "SSL_ERROR_ZERO_RETURN";
|
|
|
|
case SSL_ERROR_WANT_CONNECT:
|
|
|
|
return "SSL_ERROR_WANT_CONNECT";
|
|
|
|
case SSL_ERROR_WANT_ACCEPT:
|
|
|
|
return "SSL_ERROR_WANT_ACCEPT";
|
|
|
|
#if defined(SSL_ERROR_WANT_ASYNC)
|
|
|
|
case SSL_ERROR_WANT_ASYNC:
|
|
|
|
return "SSL_ERROR_WANT_ASYNC";
|
|
|
|
#endif
|
|
|
|
#if defined(SSL_ERROR_WANT_ASYNC_JOB)
|
|
|
|
case SSL_ERROR_WANT_ASYNC_JOB:
|
|
|
|
return "SSL_ERROR_WANT_ASYNC_JOB";
|
|
|
|
#endif
|
|
|
|
#if defined(SSL_ERROR_WANT_EARLY)
|
|
|
|
case SSL_ERROR_WANT_EARLY:
|
|
|
|
return "SSL_ERROR_WANT_EARLY";
|
|
|
|
#endif
|
|
|
|
default:
|
|
|
|
return "SSL_ERROR unknown";
|
|
|
|
}
|
2017-03-22 14:39:41 -04:00
|
|
|
}
|
|
|
|
|
2017-04-17 10:01:40 -04:00
|
|
|
/* Return error string for last OpenSSL error
|
|
|
|
*/
|
|
|
|
static char *ossl_strerror(unsigned long error, char *buf, size_t size)
|
|
|
|
{
|
2019-11-20 18:44:18 -05:00
|
|
|
if(size)
|
|
|
|
*buf = '\0';
|
|
|
|
|
2019-08-20 05:30:25 -04:00
|
|
|
#ifdef OPENSSL_IS_BORINGSSL
|
|
|
|
ERR_error_string_n((uint32_t)error, buf, size);
|
|
|
|
#else
|
2017-04-17 10:01:40 -04:00
|
|
|
ERR_error_string_n(error, buf, size);
|
2019-08-20 05:30:25 -04:00
|
|
|
#endif
|
2019-11-20 18:44:18 -05:00
|
|
|
|
|
|
|
if(size > 1 && !*buf) {
|
|
|
|
strncpy(buf, (error ? "Unknown error" : "No error"), size);
|
|
|
|
buf[size - 1] = '\0';
|
|
|
|
}
|
|
|
|
|
2017-04-17 10:01:40 -04:00
|
|
|
return buf;
|
|
|
|
}
|
|
|
|
|
2018-11-14 05:52:45 -05:00
|
|
|
/* Return an extra data index for the connection data.
|
|
|
|
* This index can be used with SSL_get_ex_data() and SSL_set_ex_data().
|
|
|
|
*/
|
|
|
|
static int ossl_get_ssl_conn_index(void)
|
|
|
|
{
|
|
|
|
static int ssl_ex_data_conn_index = -1;
|
|
|
|
if(ssl_ex_data_conn_index < 0) {
|
|
|
|
ssl_ex_data_conn_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
|
|
|
|
}
|
|
|
|
return ssl_ex_data_conn_index;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Return an extra data index for the sockindex.
|
|
|
|
* This index can be used with SSL_get_ex_data() and SSL_set_ex_data().
|
|
|
|
*/
|
|
|
|
static int ossl_get_ssl_sockindex_index(void)
|
|
|
|
{
|
|
|
|
static int ssl_ex_data_sockindex_index = -1;
|
|
|
|
if(ssl_ex_data_sockindex_index < 0) {
|
|
|
|
ssl_ex_data_sockindex_index = SSL_get_ex_new_index(0, NULL, NULL, NULL,
|
|
|
|
NULL);
|
|
|
|
}
|
|
|
|
return ssl_ex_data_sockindex_index;
|
|
|
|
}
|
|
|
|
|
2015-06-04 18:11:32 -04:00
|
|
|
static int passwd_callback(char *buf, int num, int encrypting,
|
|
|
|
void *global_passwd)
|
1999-12-29 09:20:26 -05:00
|
|
|
{
|
2012-03-21 21:40:19 -04:00
|
|
|
DEBUGASSERT(0 == encrypting);
|
|
|
|
|
|
|
|
if(!encrypting) {
|
|
|
|
int klen = curlx_uztosi(strlen((char *)global_passwd));
|
|
|
|
if(num > klen) {
|
2017-09-09 17:55:08 -04:00
|
|
|
memcpy(buf, global_passwd, klen + 1);
|
2012-03-21 21:40:19 -04:00
|
|
|
return klen;
|
1999-12-29 09:20:26 -05:00
|
|
|
}
|
2004-05-18 03:25:13 -04:00
|
|
|
}
|
1999-12-29 09:20:26 -05:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2004-05-18 03:25:13 -04:00
|
|
|
/*
|
2016-11-11 07:37:01 -05:00
|
|
|
* rand_enough() returns TRUE if we have seeded the random engine properly.
|
2004-05-18 03:25:13 -04:00
|
|
|
*/
|
|
|
|
static bool rand_enough(void)
|
|
|
|
{
|
2011-09-05 14:46:09 -04:00
|
|
|
return (0 != RAND_status()) ? TRUE : FALSE;
|
2004-05-18 03:25:13 -04:00
|
|
|
}
|
1999-12-29 09:20:26 -05:00
|
|
|
|
2016-11-11 08:16:17 -05:00
|
|
|
static CURLcode Curl_ossl_seed(struct Curl_easy *data)
|
2001-03-05 19:04:58 -05:00
|
|
|
{
|
2016-11-11 08:16:17 -05:00
|
|
|
/* we have the "SSL is seeded" boolean static to prevent multiple
|
|
|
|
time-consuming seedings in vain */
|
|
|
|
static bool ssl_seeded = FALSE;
|
2017-04-25 09:28:50 -04:00
|
|
|
char fname[256];
|
2001-03-05 19:04:58 -05:00
|
|
|
|
2016-11-11 08:16:17 -05:00
|
|
|
if(ssl_seeded)
|
|
|
|
return CURLE_OK;
|
|
|
|
|
|
|
|
if(rand_enough()) {
|
|
|
|
/* OpenSSL 1.1.0+ will return here */
|
|
|
|
ssl_seeded = TRUE;
|
|
|
|
return CURLE_OK;
|
|
|
|
}
|
2001-03-12 10:47:17 -05:00
|
|
|
|
|
|
|
#ifndef RANDOM_FILE
|
|
|
|
/* if RANDOM_FILE isn't defined, we only perform this if an option tells
|
|
|
|
us to! */
|
2016-11-16 12:49:15 -05:00
|
|
|
if(data->set.str[STRING_SSL_RANDOM_FILE])
|
2001-03-12 10:47:17 -05:00
|
|
|
#define RANDOM_FILE "" /* doesn't matter won't be used */
|
2001-03-05 19:04:58 -05:00
|
|
|
#endif
|
2001-03-12 10:47:17 -05:00
|
|
|
{
|
|
|
|
/* let the option override the define */
|
2017-06-27 13:56:12 -04:00
|
|
|
RAND_load_file((data->set.str[STRING_SSL_RANDOM_FILE]?
|
|
|
|
data->set.str[STRING_SSL_RANDOM_FILE]:
|
|
|
|
RANDOM_FILE),
|
|
|
|
RAND_LOAD_LENGTH);
|
2016-11-11 07:37:01 -05:00
|
|
|
if(rand_enough())
|
2017-06-27 13:56:12 -04:00
|
|
|
return CURLE_OK;
|
2001-03-05 19:04:58 -05:00
|
|
|
}
|
|
|
|
|
2001-03-12 10:47:17 -05:00
|
|
|
#if defined(HAVE_RAND_EGD)
|
2001-03-05 19:04:58 -05:00
|
|
|
/* only available in OpenSSL 0.9.5 and later */
|
2001-03-12 10:47:17 -05:00
|
|
|
/* EGD_SOCKET is set at configure time or not at all */
|
|
|
|
#ifndef EGD_SOCKET
|
|
|
|
/* If we don't have the define set, we only do this if the egd-option
|
|
|
|
is set */
|
2007-08-01 17:20:01 -04:00
|
|
|
if(data->set.str[STRING_SSL_EGDSOCKET])
|
2001-03-12 10:47:17 -05:00
|
|
|
#define EGD_SOCKET "" /* doesn't matter won't be used */
|
|
|
|
#endif
|
2001-03-07 12:08:20 -05:00
|
|
|
{
|
2001-03-12 10:47:17 -05:00
|
|
|
/* If there's an option and a define, the option overrides the
|
|
|
|
define */
|
2007-08-01 17:20:01 -04:00
|
|
|
int ret = RAND_egd(data->set.str[STRING_SSL_EGDSOCKET]?
|
|
|
|
data->set.str[STRING_SSL_EGDSOCKET]:EGD_SOCKET);
|
2001-03-07 12:08:20 -05:00
|
|
|
if(-1 != ret) {
|
2016-11-11 07:37:01 -05:00
|
|
|
if(rand_enough())
|
2017-06-27 13:56:12 -04:00
|
|
|
return CURLE_OK;
|
2001-03-07 12:08:20 -05:00
|
|
|
}
|
2001-03-05 19:04:58 -05:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2017-06-27 13:56:12 -04:00
|
|
|
/* fallback to a custom seeding of the PRNG using a hash based on a current
|
|
|
|
time */
|
2013-02-13 18:06:19 -05:00
|
|
|
do {
|
|
|
|
unsigned char randb[64];
|
2017-06-27 13:56:12 -04:00
|
|
|
size_t len = sizeof(randb);
|
|
|
|
size_t i, i_max;
|
2017-07-28 09:49:36 -04:00
|
|
|
for(i = 0, i_max = len / sizeof(struct curltime); i < i_max; ++i) {
|
2017-10-25 05:59:43 -04:00
|
|
|
struct curltime tv = Curl_now();
|
2017-06-27 13:56:12 -04:00
|
|
|
Curl_wait_ms(1);
|
|
|
|
tv.tv_sec *= i + 1;
|
2017-07-28 09:49:36 -04:00
|
|
|
tv.tv_usec *= (unsigned int)i + 2;
|
2017-10-25 05:59:43 -04:00
|
|
|
tv.tv_sec ^= ((Curl_now().tv_sec + Curl_now().tv_usec) *
|
2017-06-27 13:56:12 -04:00
|
|
|
(i + 3)) << 8;
|
2017-10-25 05:59:43 -04:00
|
|
|
tv.tv_usec ^= (unsigned int) ((Curl_now().tv_sec +
|
|
|
|
Curl_now().tv_usec) *
|
2017-07-28 09:49:36 -04:00
|
|
|
(i + 4)) << 16;
|
|
|
|
memcpy(&randb[i * sizeof(struct curltime)], &tv,
|
|
|
|
sizeof(struct curltime));
|
2017-06-27 13:56:12 -04:00
|
|
|
}
|
|
|
|
RAND_add(randb, (int)len, (double)len/2);
|
2016-11-11 08:16:17 -05:00
|
|
|
} while(!rand_enough());
|
2001-03-05 19:04:58 -05:00
|
|
|
|
2001-03-12 10:47:17 -05:00
|
|
|
/* generates a default path for the random seed file */
|
2017-09-09 17:09:06 -04:00
|
|
|
fname[0] = 0; /* blank it first */
|
2017-04-25 09:28:50 -04:00
|
|
|
RAND_file_name(fname, sizeof(fname));
|
|
|
|
if(fname[0]) {
|
2001-03-12 10:47:17 -05:00
|
|
|
/* we got a file name to try */
|
2017-06-27 13:56:12 -04:00
|
|
|
RAND_load_file(fname, RAND_LOAD_LENGTH);
|
2016-11-11 07:37:01 -05:00
|
|
|
if(rand_enough())
|
2017-06-27 13:56:12 -04:00
|
|
|
return CURLE_OK;
|
2001-03-12 10:47:17 -05:00
|
|
|
}
|
|
|
|
|
2002-01-29 09:11:38 -05:00
|
|
|
infof(data, "libcurl is now using a weak random seed!\n");
|
2017-06-27 13:56:12 -04:00
|
|
|
return (rand_enough() ? CURLE_OK :
|
|
|
|
CURLE_SSL_CONNECT_ERROR /* confusing error code */);
|
2006-06-07 10:14:04 -04:00
|
|
|
}
|
|
|
|
|
2001-12-17 18:01:39 -05:00
|
|
|
#ifndef SSL_FILETYPE_ENGINE
|
|
|
|
#define SSL_FILETYPE_ENGINE 42
|
|
|
|
#endif
|
2004-12-18 05:42:48 -05:00
|
|
|
#ifndef SSL_FILETYPE_PKCS12
|
|
|
|
#define SSL_FILETYPE_PKCS12 43
|
|
|
|
#endif
|
2001-12-17 18:01:39 -05:00
|
|
|
static int do_file_type(const char *type)
|
|
|
|
{
|
2003-10-07 17:46:47 -04:00
|
|
|
if(!type || !type[0])
|
2001-12-17 18:01:39 -05:00
|
|
|
return SSL_FILETYPE_PEM;
|
2016-09-30 12:54:02 -04:00
|
|
|
if(strcasecompare(type, "PEM"))
|
2001-12-17 18:01:39 -05:00
|
|
|
return SSL_FILETYPE_PEM;
|
2016-09-30 12:54:02 -04:00
|
|
|
if(strcasecompare(type, "DER"))
|
2001-12-17 18:01:39 -05:00
|
|
|
return SSL_FILETYPE_ASN1;
|
2016-09-30 12:54:02 -04:00
|
|
|
if(strcasecompare(type, "ENG"))
|
2001-12-17 18:01:39 -05:00
|
|
|
return SSL_FILETYPE_ENGINE;
|
2016-09-30 12:54:02 -04:00
|
|
|
if(strcasecompare(type, "P12"))
|
2004-12-18 05:42:48 -05:00
|
|
|
return SSL_FILETYPE_PKCS12;
|
2001-12-17 18:01:39 -05:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2018-06-08 10:36:47 -04:00
|
|
|
#ifdef USE_OPENSSL_ENGINE
|
2013-08-20 11:02:53 -04:00
|
|
|
/*
|
|
|
|
* Supply default password to the engine user interface conversation.
|
|
|
|
* The password is passed by OpenSSL engine from ENGINE_load_private_key()
|
|
|
|
* last argument to the ui and can be obtained by UI_get0_user_data(ui) here.
|
|
|
|
*/
|
|
|
|
static int ssl_ui_reader(UI *ui, UI_STRING *uis)
|
|
|
|
{
|
|
|
|
const char *password;
|
|
|
|
switch(UI_get_string_type(uis)) {
|
|
|
|
case UIT_PROMPT:
|
|
|
|
case UIT_VERIFY:
|
2016-11-23 02:30:18 -05:00
|
|
|
password = (const char *)UI_get0_user_data(ui);
|
2014-12-24 11:14:30 -05:00
|
|
|
if(password && (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD)) {
|
2013-08-20 11:02:53 -04:00
|
|
|
UI_set_result(ui, uis, password);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
return (UI_method_get_reader(UI_OpenSSL()))(ui, uis);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Suppress interactive request for a default password if available.
|
|
|
|
*/
|
|
|
|
static int ssl_ui_writer(UI *ui, UI_STRING *uis)
|
|
|
|
{
|
|
|
|
switch(UI_get_string_type(uis)) {
|
|
|
|
case UIT_PROMPT:
|
|
|
|
case UIT_VERIFY:
|
2014-12-24 11:14:30 -05:00
|
|
|
if(UI_get0_user_data(ui) &&
|
|
|
|
(UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD)) {
|
2013-08-20 11:02:53 -04:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
return (UI_method_get_writer(UI_OpenSSL()))(ui, uis);
|
|
|
|
}
|
2018-02-19 08:31:06 -05:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Check if a given string is a PKCS#11 URI
|
|
|
|
*/
|
|
|
|
static bool is_pkcs11_uri(const char *string)
|
|
|
|
{
|
2018-08-10 11:43:31 -04:00
|
|
|
return (string && strncasecompare(string, "pkcs11:", 7));
|
2018-02-19 08:31:06 -05:00
|
|
|
}
|
|
|
|
|
2013-08-20 11:02:53 -04:00
|
|
|
#endif
|
|
|
|
|
2018-02-19 08:31:06 -05:00
|
|
|
static CURLcode Curl_ossl_set_engine(struct Curl_easy *data,
|
|
|
|
const char *engine);
|
|
|
|
|
2020-05-15 04:47:46 -04:00
|
|
|
static int
|
|
|
|
SSL_CTX_use_certificate_bio(SSL_CTX *ctx, BIO *in, int type,
|
|
|
|
const char *key_passwd)
|
|
|
|
{
|
|
|
|
int ret = 0;
|
|
|
|
X509 *x = NULL;
|
|
|
|
|
|
|
|
if(type == SSL_FILETYPE_ASN1) {
|
|
|
|
/* j = ERR_R_ASN1_LIB; */
|
|
|
|
x = d2i_X509_bio(in, NULL);
|
|
|
|
}
|
|
|
|
else if(type == SSL_FILETYPE_PEM) {
|
|
|
|
/* ERR_R_PEM_LIB; */
|
|
|
|
x = PEM_read_bio_X509(in, NULL,
|
|
|
|
passwd_callback, (void *)key_passwd);
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
ret = 0;
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
|
|
|
|
if(x == NULL) {
|
|
|
|
ret = 0;
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = SSL_CTX_use_certificate(ctx, x);
|
|
|
|
end:
|
|
|
|
X509_free(x);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
SSL_CTX_use_PrivateKey_bio(SSL_CTX *ctx, BIO* in, int type,
|
|
|
|
const char *key_passwd)
|
|
|
|
{
|
|
|
|
int ret = 0;
|
|
|
|
EVP_PKEY *pkey = NULL;
|
|
|
|
|
|
|
|
if(type == SSL_FILETYPE_PEM)
|
|
|
|
pkey = PEM_read_bio_PrivateKey(in, NULL, passwd_callback,
|
|
|
|
(void *)key_passwd);
|
|
|
|
else if(type == SSL_FILETYPE_ASN1)
|
|
|
|
pkey = d2i_PrivateKey_bio(in, NULL);
|
|
|
|
else {
|
|
|
|
ret = 0;
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
if(pkey == NULL) {
|
|
|
|
ret = 0;
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
ret = SSL_CTX_use_PrivateKey(ctx, pkey);
|
|
|
|
EVP_PKEY_free(pkey);
|
|
|
|
end:
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
SSL_CTX_use_certificate_chain_bio(SSL_CTX *ctx, BIO* in,
|
|
|
|
const char *key_passwd)
|
|
|
|
{
|
|
|
|
/* SSL_CTX_add1_chain_cert introduced in OpenSSL 1.0.2 */
|
2020-08-01 05:51:59 -04:00
|
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && /* OpenSSL 1.0.2 or later */ \
|
|
|
|
!(defined(LIBRESSL_VERSION_NUMBER) && \
|
|
|
|
(LIBRESSL_VERSION_NUMBER < 0x2090100fL)) /* LibreSSL 2.9.1 or later */
|
2020-05-15 04:47:46 -04:00
|
|
|
int ret = 0;
|
|
|
|
X509 *x = NULL;
|
|
|
|
void *passwd_callback_userdata = (void *)key_passwd;
|
|
|
|
|
|
|
|
ERR_clear_error();
|
|
|
|
|
|
|
|
x = PEM_read_bio_X509_AUX(in, NULL,
|
|
|
|
passwd_callback, (void *)key_passwd);
|
|
|
|
|
|
|
|
if(x == NULL) {
|
|
|
|
ret = 0;
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = SSL_CTX_use_certificate(ctx, x);
|
|
|
|
|
|
|
|
if(ERR_peek_error() != 0)
|
|
|
|
ret = 0;
|
|
|
|
|
|
|
|
if(ret) {
|
|
|
|
X509 *ca;
|
|
|
|
unsigned long err;
|
|
|
|
|
|
|
|
if(!SSL_CTX_clear_chain_certs(ctx)) {
|
|
|
|
ret = 0;
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
|
|
|
|
while((ca = PEM_read_bio_X509(in, NULL, passwd_callback,
|
|
|
|
passwd_callback_userdata))
|
|
|
|
!= NULL) {
|
|
|
|
|
|
|
|
if(!SSL_CTX_add0_chain_cert(ctx, ca)) {
|
|
|
|
X509_free(ca);
|
|
|
|
ret = 0;
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
err = ERR_peek_last_error();
|
|
|
|
if((ERR_GET_LIB(err) == ERR_LIB_PEM) &&
|
|
|
|
(ERR_GET_REASON(err) == PEM_R_NO_START_LINE))
|
|
|
|
ERR_clear_error();
|
|
|
|
else
|
|
|
|
ret = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
end:
|
|
|
|
X509_free(x);
|
|
|
|
return ret;
|
|
|
|
#else
|
|
|
|
(void)ctx; /* unused */
|
|
|
|
(void)in; /* unused */
|
|
|
|
(void)key_passwd; /* unused */
|
|
|
|
return 0;
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
2001-03-05 19:04:58 -05:00
|
|
|
static
|
|
|
|
int cert_stuff(struct connectdata *conn,
|
2003-11-24 02:15:37 -05:00
|
|
|
SSL_CTX* ctx,
|
2001-01-05 05:11:41 -05:00
|
|
|
char *cert_file,
|
2020-05-15 04:47:46 -04:00
|
|
|
BIO *cert_bio,
|
2001-12-17 18:01:39 -05:00
|
|
|
const char *cert_type,
|
|
|
|
char *key_file,
|
2020-05-15 04:47:46 -04:00
|
|
|
BIO* key_bio,
|
2016-11-16 12:49:15 -05:00
|
|
|
const char *key_type,
|
|
|
|
char *key_passwd)
|
1999-12-29 09:20:26 -05:00
|
|
|
{
|
2016-06-21 09:47:12 -04:00
|
|
|
struct Curl_easy *data = conn->data;
|
2017-04-17 10:01:40 -04:00
|
|
|
char error_buffer[256];
|
2017-09-21 03:57:32 -04:00
|
|
|
bool check_privkey = TRUE;
|
2001-12-17 18:01:39 -05:00
|
|
|
|
2009-11-14 02:53:34 -05:00
|
|
|
int file_type = do_file_type(cert_type);
|
|
|
|
|
2020-05-15 04:47:46 -04:00
|
|
|
if(cert_file || cert_bio || (file_type == SSL_FILETYPE_ENGINE)) {
|
1999-12-29 09:20:26 -05:00
|
|
|
SSL *ssl;
|
|
|
|
X509 *x509;
|
2004-12-18 05:42:48 -05:00
|
|
|
int cert_done = 0;
|
2020-05-15 04:47:46 -04:00
|
|
|
int cert_use_result;
|
1999-12-29 09:20:26 -05:00
|
|
|
|
2016-11-16 12:49:15 -05:00
|
|
|
if(key_passwd) {
|
2015-06-04 18:11:32 -04:00
|
|
|
/* set the password in the callback userdata */
|
2016-11-16 12:49:15 -05:00
|
|
|
SSL_CTX_set_default_passwd_cb_userdata(ctx, key_passwd);
|
1999-12-29 09:20:26 -05:00
|
|
|
/* Set passwd callback: */
|
2003-11-24 02:15:37 -05:00
|
|
|
SSL_CTX_set_default_passwd_cb(ctx, passwd_callback);
|
1999-12-29 09:20:26 -05:00
|
|
|
}
|
|
|
|
|
2001-12-17 18:01:39 -05:00
|
|
|
|
|
|
|
switch(file_type) {
|
|
|
|
case SSL_FILETYPE_PEM:
|
2002-05-21 04:15:42 -04:00
|
|
|
/* SSL_CTX_use_certificate_chain_file() only works on PEM files */
|
2020-05-15 04:47:46 -04:00
|
|
|
cert_use_result = cert_bio ?
|
|
|
|
SSL_CTX_use_certificate_chain_bio(ctx, cert_bio, key_passwd) :
|
|
|
|
SSL_CTX_use_certificate_chain_file(ctx, cert_file);
|
|
|
|
if(cert_use_result != 1) {
|
2015-03-24 20:34:13 -04:00
|
|
|
failf(data,
|
2016-03-08 08:19:01 -05:00
|
|
|
"could not load PEM client certificate, " OSSL_PACKAGE
|
|
|
|
" error %s, "
|
2015-03-24 20:34:13 -04:00
|
|
|
"(no key found, wrong pass phrase, or wrong file format?)",
|
2017-04-17 10:01:40 -04:00
|
|
|
ossl_strerror(ERR_get_error(), error_buffer,
|
|
|
|
sizeof(error_buffer)) );
|
2001-12-17 18:01:39 -05:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
break;
|
2002-05-21 04:15:42 -04:00
|
|
|
|
|
|
|
case SSL_FILETYPE_ASN1:
|
|
|
|
/* SSL_CTX_use_certificate_file() works with either PEM or ASN1, but
|
|
|
|
we use the case above for PEM so this can only be performed with
|
|
|
|
ASN1 files. */
|
2020-05-15 04:47:46 -04:00
|
|
|
|
|
|
|
cert_use_result = cert_bio ?
|
|
|
|
SSL_CTX_use_certificate_bio(ctx, cert_bio,
|
|
|
|
file_type, key_passwd) :
|
|
|
|
SSL_CTX_use_certificate_file(ctx, cert_file, file_type);
|
|
|
|
if(cert_use_result != 1) {
|
2015-03-24 20:34:13 -04:00
|
|
|
failf(data,
|
2016-03-08 08:19:01 -05:00
|
|
|
"could not load ASN1 client certificate, " OSSL_PACKAGE
|
|
|
|
" error %s, "
|
2015-03-24 20:34:13 -04:00
|
|
|
"(no key found, wrong pass phrase, or wrong file format?)",
|
2017-04-17 10:01:40 -04:00
|
|
|
ossl_strerror(ERR_get_error(), error_buffer,
|
|
|
|
sizeof(error_buffer)) );
|
2002-05-21 04:15:42 -04:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
break;
|
2001-12-17 18:01:39 -05:00
|
|
|
case SSL_FILETYPE_ENGINE:
|
2018-06-08 10:36:47 -04:00
|
|
|
#if defined(USE_OPENSSL_ENGINE) && defined(ENGINE_CTRL_GET_CMD_FROM_NAME)
|
2009-11-14 02:53:34 -05:00
|
|
|
{
|
2018-02-19 08:31:06 -05:00
|
|
|
/* Implicitly use pkcs11 engine if none was provided and the
|
|
|
|
* cert_file is a PKCS#11 URI */
|
|
|
|
if(!data->state.engine) {
|
|
|
|
if(is_pkcs11_uri(cert_file)) {
|
|
|
|
if(Curl_ossl_set_engine(data, "pkcs11") != CURLE_OK) {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2009-11-14 02:53:34 -05:00
|
|
|
if(data->state.engine) {
|
|
|
|
const char *cmd_name = "LOAD_CERT_CTRL";
|
|
|
|
struct {
|
|
|
|
const char *cert_id;
|
|
|
|
X509 *cert;
|
|
|
|
} params;
|
|
|
|
|
|
|
|
params.cert_id = cert_file;
|
|
|
|
params.cert = NULL;
|
|
|
|
|
|
|
|
/* Does the engine supports LOAD_CERT_CTRL ? */
|
2011-04-20 09:17:42 -04:00
|
|
|
if(!ENGINE_ctrl(data->state.engine, ENGINE_CTRL_GET_CMD_FROM_NAME,
|
|
|
|
0, (void *)cmd_name, NULL)) {
|
2009-11-14 02:53:34 -05:00
|
|
|
failf(data, "ssl engine does not support loading certificates");
|
|
|
|
return 0;
|
|
|
|
}
|
2009-11-15 07:58:50 -05:00
|
|
|
|
2009-11-14 02:53:34 -05:00
|
|
|
/* Load the certificate from the engine */
|
2011-04-20 09:17:42 -04:00
|
|
|
if(!ENGINE_ctrl_cmd(data->state.engine, cmd_name,
|
|
|
|
0, ¶ms, NULL, 1)) {
|
2009-11-14 02:53:34 -05:00
|
|
|
failf(data, "ssl engine cannot load client cert with id"
|
|
|
|
" '%s' [%s]", cert_file,
|
2017-04-17 10:01:40 -04:00
|
|
|
ossl_strerror(ERR_get_error(), error_buffer,
|
|
|
|
sizeof(error_buffer)));
|
2009-11-14 02:53:34 -05:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2011-04-20 09:17:42 -04:00
|
|
|
if(!params.cert) {
|
2009-11-14 02:53:34 -05:00
|
|
|
failf(data, "ssl engine didn't initialized the certificate "
|
|
|
|
"properly.");
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
if(SSL_CTX_use_certificate(ctx, params.cert) != 1) {
|
|
|
|
failf(data, "unable to set client certificate");
|
|
|
|
X509_free(params.cert);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
X509_free(params.cert); /* we don't need the handle any more... */
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
failf(data, "crypto engine not set, can't load certificate");
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
#else
|
2001-12-17 18:01:39 -05:00
|
|
|
failf(data, "file type ENG for certificate not implemented");
|
|
|
|
return 0;
|
2009-11-14 02:53:34 -05:00
|
|
|
#endif
|
2001-12-17 18:01:39 -05:00
|
|
|
|
2004-12-18 05:42:48 -05:00
|
|
|
case SSL_FILETYPE_PKCS12:
|
|
|
|
{
|
2018-04-17 04:50:09 -04:00
|
|
|
BIO *fp = NULL;
|
|
|
|
PKCS12 *p12 = NULL;
|
2004-12-18 05:42:48 -05:00
|
|
|
EVP_PKEY *pri;
|
2008-02-23 07:27:45 -05:00
|
|
|
STACK_OF(X509) *ca = NULL;
|
2020-05-15 04:47:46 -04:00
|
|
|
if(!cert_bio) {
|
|
|
|
fp = BIO_new(BIO_s_file());
|
|
|
|
if(fp == NULL) {
|
|
|
|
failf(data,
|
|
|
|
"BIO_new return NULL, " OSSL_PACKAGE
|
|
|
|
" error %s",
|
|
|
|
ossl_strerror(ERR_get_error(), error_buffer,
|
|
|
|
sizeof(error_buffer)) );
|
|
|
|
return 0;
|
|
|
|
}
|
2004-12-18 05:42:48 -05:00
|
|
|
|
2020-05-15 04:47:46 -04:00
|
|
|
if(BIO_read_filename(fp, cert_file) <= 0) {
|
|
|
|
failf(data, "could not open PKCS12 file '%s'", cert_file);
|
|
|
|
BIO_free(fp);
|
|
|
|
return 0;
|
|
|
|
}
|
2018-04-17 04:50:09 -04:00
|
|
|
}
|
|
|
|
|
2020-05-15 04:47:46 -04:00
|
|
|
p12 = d2i_PKCS12_bio(cert_bio ? cert_bio : fp, NULL);
|
|
|
|
if(fp)
|
2018-04-17 04:50:09 -04:00
|
|
|
BIO_free(fp);
|
2004-12-18 05:42:48 -05:00
|
|
|
|
2008-02-23 07:27:45 -05:00
|
|
|
if(!p12) {
|
2020-05-15 04:47:46 -04:00
|
|
|
failf(data, "error reading PKCS12 file '%s'",
|
|
|
|
cert_bio ? "(memory blob)" : cert_file);
|
2008-02-23 07:27:45 -05:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2004-12-18 05:42:48 -05:00
|
|
|
PKCS12_PBE_add();
|
|
|
|
|
2016-11-16 12:49:15 -05:00
|
|
|
if(!PKCS12_parse(p12, key_passwd, &pri, &x509,
|
2013-06-10 10:10:44 -04:00
|
|
|
&ca)) {
|
2004-12-18 05:42:48 -05:00
|
|
|
failf(data,
|
2016-03-08 08:19:01 -05:00
|
|
|
"could not parse PKCS12 file, check password, " OSSL_PACKAGE
|
|
|
|
" error %s",
|
2017-04-17 10:01:40 -04:00
|
|
|
ossl_strerror(ERR_get_error(), error_buffer,
|
|
|
|
sizeof(error_buffer)) );
|
2007-05-22 16:46:51 -04:00
|
|
|
PKCS12_free(p12);
|
2004-12-18 05:42:48 -05:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
PKCS12_free(p12);
|
|
|
|
|
|
|
|
if(SSL_CTX_use_certificate(ctx, x509) != 1) {
|
2015-03-24 20:36:32 -04:00
|
|
|
failf(data,
|
2016-03-08 08:19:01 -05:00
|
|
|
"could not load PKCS12 client certificate, " OSSL_PACKAGE
|
|
|
|
" error %s",
|
2017-04-17 10:01:40 -04:00
|
|
|
ossl_strerror(ERR_get_error(), error_buffer,
|
|
|
|
sizeof(error_buffer)) );
|
2013-06-10 10:10:44 -04:00
|
|
|
goto fail;
|
2004-12-18 05:42:48 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
if(SSL_CTX_use_PrivateKey(ctx, pri) != 1) {
|
|
|
|
failf(data, "unable to use private key from PKCS12 file '%s'",
|
|
|
|
cert_file);
|
2013-06-10 10:10:44 -04:00
|
|
|
goto fail;
|
2004-12-18 05:42:48 -05:00
|
|
|
}
|
|
|
|
|
2011-04-20 09:17:42 -04:00
|
|
|
if(!SSL_CTX_check_private_key (ctx)) {
|
2008-02-23 07:27:45 -05:00
|
|
|
failf(data, "private key from PKCS12 file '%s' "
|
|
|
|
"does not match certificate in same file", cert_file);
|
2013-06-10 10:10:44 -04:00
|
|
|
goto fail;
|
2008-02-23 07:27:45 -05:00
|
|
|
}
|
|
|
|
/* Set Certificate Verification chain */
|
2015-10-09 15:02:13 -04:00
|
|
|
if(ca) {
|
|
|
|
while(sk_X509_num(ca)) {
|
2013-06-10 17:42:48 -04:00
|
|
|
/*
|
|
|
|
* Note that sk_X509_pop() is used below to make sure the cert is
|
|
|
|
* removed from the stack properly before getting passed to
|
2017-01-31 19:05:33 -05:00
|
|
|
* SSL_CTX_add_extra_chain_cert(), which takes ownership. Previously
|
|
|
|
* we used sk_X509_value() instead, but then we'd clean it in the
|
|
|
|
* subsequent sk_X509_pop_free() call.
|
2013-06-10 17:42:48 -04:00
|
|
|
*/
|
|
|
|
X509 *x = sk_X509_pop(ca);
|
2017-01-31 19:05:33 -05:00
|
|
|
if(!SSL_CTX_add_client_CA(ctx, x)) {
|
2015-10-09 15:02:13 -04:00
|
|
|
X509_free(x);
|
2017-01-31 19:05:33 -05:00
|
|
|
failf(data, "cannot add certificate to client CA list");
|
2013-06-10 10:10:44 -04:00
|
|
|
goto fail;
|
2008-02-23 07:27:45 -05:00
|
|
|
}
|
2017-01-31 19:05:33 -05:00
|
|
|
if(!SSL_CTX_add_extra_chain_cert(ctx, x)) {
|
|
|
|
X509_free(x);
|
|
|
|
failf(data, "cannot add certificate to certificate chain");
|
2013-06-10 10:10:44 -04:00
|
|
|
goto fail;
|
2008-02-23 07:27:45 -05:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-06-10 10:10:44 -04:00
|
|
|
cert_done = 1;
|
|
|
|
fail:
|
2004-12-18 05:42:48 -05:00
|
|
|
EVP_PKEY_free(pri);
|
|
|
|
X509_free(x509);
|
2019-03-07 19:06:59 -05:00
|
|
|
#ifdef USE_AMISSL
|
|
|
|
sk_X509_pop_free(ca, Curl_amiga_X509_free);
|
|
|
|
#else
|
2012-01-18 07:39:12 -05:00
|
|
|
sk_X509_pop_free(ca, X509_free);
|
2019-03-07 19:06:59 -05:00
|
|
|
#endif
|
2013-06-10 10:10:44 -04:00
|
|
|
if(!cert_done)
|
|
|
|
return 0; /* failure! */
|
2014-05-12 07:04:27 -04:00
|
|
|
break;
|
2004-12-18 05:42:48 -05:00
|
|
|
}
|
2001-12-17 18:01:39 -05:00
|
|
|
default:
|
|
|
|
failf(data, "not supported file type '%s' for certificate", cert_type);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2020-05-15 04:47:46 -04:00
|
|
|
if((!key_file) && (!key_bio)) {
|
2019-03-20 16:10:44 -04:00
|
|
|
key_file = cert_file;
|
2020-05-15 04:47:46 -04:00
|
|
|
key_bio = cert_bio;
|
|
|
|
}
|
2019-03-20 16:10:44 -04:00
|
|
|
else
|
|
|
|
file_type = do_file_type(key_type);
|
2001-12-17 18:01:39 -05:00
|
|
|
|
|
|
|
switch(file_type) {
|
|
|
|
case SSL_FILETYPE_PEM:
|
2004-12-18 05:42:48 -05:00
|
|
|
if(cert_done)
|
|
|
|
break;
|
2017-02-28 16:45:28 -05:00
|
|
|
/* FALLTHROUGH */
|
2001-12-17 18:01:39 -05:00
|
|
|
case SSL_FILETYPE_ASN1:
|
2020-05-15 04:47:46 -04:00
|
|
|
cert_use_result = key_bio ?
|
|
|
|
SSL_CTX_use_PrivateKey_bio(ctx, key_bio, file_type, key_passwd) :
|
|
|
|
SSL_CTX_use_PrivateKey_file(ctx, key_file, file_type);
|
|
|
|
if(cert_use_result != 1) {
|
2008-01-15 18:19:02 -05:00
|
|
|
failf(data, "unable to set private key file: '%s' type %s",
|
2020-05-15 04:47:46 -04:00
|
|
|
key_file?key_file:"(memory blob)", key_type?key_type:"PEM");
|
2001-12-17 18:01:39 -05:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case SSL_FILETYPE_ENGINE:
|
2018-06-08 10:36:47 -04:00
|
|
|
#ifdef USE_OPENSSL_ENGINE
|
2015-10-29 09:59:11 -04:00
|
|
|
{ /* XXXX still needs some work */
|
2001-12-17 18:01:39 -05:00
|
|
|
EVP_PKEY *priv_key = NULL;
|
2018-02-19 08:31:06 -05:00
|
|
|
|
|
|
|
/* Implicitly use pkcs11 engine if none was provided and the
|
|
|
|
* key_file is a PKCS#11 URI */
|
|
|
|
if(!data->state.engine) {
|
|
|
|
if(is_pkcs11_uri(key_file)) {
|
|
|
|
if(Curl_ossl_set_engine(data, "pkcs11") != CURLE_OK) {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-03-31 17:10:05 -04:00
|
|
|
if(data->state.engine) {
|
2013-08-20 11:02:53 -04:00
|
|
|
UI_METHOD *ui_method =
|
2016-11-07 04:36:23 -05:00
|
|
|
UI_create_method((char *)"curl user interface");
|
2014-12-24 11:14:30 -05:00
|
|
|
if(!ui_method) {
|
2016-03-08 08:19:01 -05:00
|
|
|
failf(data, "unable do create " OSSL_PACKAGE
|
|
|
|
" user-interface method");
|
2013-08-20 11:02:53 -04:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
UI_method_set_opener(ui_method, UI_method_get_opener(UI_OpenSSL()));
|
|
|
|
UI_method_set_closer(ui_method, UI_method_get_closer(UI_OpenSSL()));
|
|
|
|
UI_method_set_reader(ui_method, ssl_ui_reader);
|
|
|
|
UI_method_set_writer(ui_method, ssl_ui_writer);
|
2004-07-29 03:34:17 -04:00
|
|
|
/* the typecast below was added to please mingw32 */
|
|
|
|
priv_key = (EVP_PKEY *)
|
2015-03-17 08:41:49 -04:00
|
|
|
ENGINE_load_private_key(data->state.engine, key_file,
|
2004-07-29 03:34:17 -04:00
|
|
|
ui_method,
|
2016-11-16 12:49:15 -05:00
|
|
|
key_passwd);
|
2013-08-20 11:02:53 -04:00
|
|
|
UI_destroy_method(ui_method);
|
2003-10-07 17:46:47 -04:00
|
|
|
if(!priv_key) {
|
2008-01-15 18:19:02 -05:00
|
|
|
failf(data, "failed to load private key from crypto engine");
|
2001-12-17 18:01:39 -05:00
|
|
|
return 0;
|
|
|
|
}
|
2003-11-24 02:15:37 -05:00
|
|
|
if(SSL_CTX_use_PrivateKey(ctx, priv_key) != 1) {
|
2008-01-15 18:19:02 -05:00
|
|
|
failf(data, "unable to set private key");
|
2001-12-17 18:01:39 -05:00
|
|
|
EVP_PKEY_free(priv_key);
|
|
|
|
return 0;
|
|
|
|
}
|
2015-10-29 09:59:11 -04:00
|
|
|
EVP_PKEY_free(priv_key); /* we don't need the handle any more... */
|
2001-12-17 18:01:39 -05:00
|
|
|
}
|
|
|
|
else {
|
2008-01-15 18:19:02 -05:00
|
|
|
failf(data, "crypto engine not set, can't load private key");
|
2001-12-17 18:01:39 -05:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
2004-04-26 07:52:43 -04:00
|
|
|
break;
|
2001-12-17 18:01:39 -05:00
|
|
|
#else
|
2008-01-15 18:19:02 -05:00
|
|
|
failf(data, "file type ENG for private key not supported");
|
2001-12-17 18:01:39 -05:00
|
|
|
return 0;
|
|
|
|
#endif
|
2004-12-18 05:42:48 -05:00
|
|
|
case SSL_FILETYPE_PKCS12:
|
|
|
|
if(!cert_done) {
|
2008-01-15 18:19:02 -05:00
|
|
|
failf(data, "file type P12 for private key not supported");
|
2005-04-07 11:27:13 -04:00
|
|
|
return 0;
|
2004-12-18 05:42:48 -05:00
|
|
|
}
|
|
|
|
break;
|
2001-12-17 18:01:39 -05:00
|
|
|
default:
|
2008-01-15 18:19:02 -05:00
|
|
|
failf(data, "not supported file type for private key");
|
2001-12-17 18:01:39 -05:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2017-09-09 17:09:06 -04:00
|
|
|
ssl = SSL_new(ctx);
|
2014-12-24 11:14:30 -05:00
|
|
|
if(!ssl) {
|
2015-03-17 08:41:49 -04:00
|
|
|
failf(data, "unable to create an SSL structure");
|
2005-02-09 18:04:51 -05:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2017-09-09 17:09:06 -04:00
|
|
|
x509 = SSL_get_certificate(ssl);
|
2002-12-13 09:08:49 -05:00
|
|
|
|
|
|
|
/* This version was provided by Evan Jordan and is supposed to not
|
|
|
|
leak memory as the previous version: */
|
2014-12-24 11:14:30 -05:00
|
|
|
if(x509) {
|
2002-12-13 09:08:49 -05:00
|
|
|
EVP_PKEY *pktmp = X509_get_pubkey(x509);
|
2015-03-17 08:41:49 -04:00
|
|
|
EVP_PKEY_copy_parameters(pktmp, SSL_get_privatekey(ssl));
|
2002-12-13 09:08:49 -05:00
|
|
|
EVP_PKEY_free(pktmp);
|
|
|
|
}
|
|
|
|
|
2017-11-27 13:39:09 -05:00
|
|
|
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_IS_BORINGSSL)
|
2017-09-21 03:57:32 -04:00
|
|
|
{
|
|
|
|
/* If RSA is used, don't check the private key if its flags indicate
|
|
|
|
* it doesn't support it. */
|
|
|
|
EVP_PKEY *priv_key = SSL_get_privatekey(ssl);
|
2017-11-14 16:22:47 -05:00
|
|
|
int pktype;
|
|
|
|
#ifdef HAVE_OPAQUE_EVP_PKEY
|
|
|
|
pktype = EVP_PKEY_id(priv_key);
|
|
|
|
#else
|
|
|
|
pktype = priv_key->type;
|
|
|
|
#endif
|
|
|
|
if(pktype == EVP_PKEY_RSA) {
|
2017-09-21 03:57:32 -04:00
|
|
|
RSA *rsa = EVP_PKEY_get1_RSA(priv_key);
|
|
|
|
if(RSA_flags(rsa) & RSA_METHOD_FLAG_NO_CHECK)
|
|
|
|
check_privkey = FALSE;
|
|
|
|
RSA_free(rsa); /* Decrement reference count */
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
1999-12-29 09:20:26 -05:00
|
|
|
SSL_free(ssl);
|
|
|
|
|
|
|
|
/* If we are using DSA, we can copy the parameters from
|
|
|
|
* the private key */
|
2004-05-18 03:25:13 -04:00
|
|
|
|
2017-09-21 03:57:32 -04:00
|
|
|
if(check_privkey == TRUE) {
|
|
|
|
/* Now we know that a key and cert have been set against
|
|
|
|
* the SSL context */
|
|
|
|
if(!SSL_CTX_check_private_key(ctx)) {
|
|
|
|
failf(data, "Private key does not match the certificate public key");
|
|
|
|
return 0;
|
|
|
|
}
|
1999-12-29 09:20:26 -05:00
|
|
|
}
|
|
|
|
}
|
2010-02-05 04:33:36 -05:00
|
|
|
return 1;
|
1999-12-29 09:20:26 -05:00
|
|
|
}
|
|
|
|
|
2008-09-05 10:29:21 -04:00
|
|
|
/* returns non-zero on failure */
|
2008-09-23 09:16:36 -04:00
|
|
|
static int x509_name_oneline(X509_NAME *a, char *buf, size_t size)
|
2008-09-05 10:29:21 -04:00
|
|
|
{
|
|
|
|
#if 0
|
|
|
|
return X509_NAME_oneline(a, buf, size);
|
|
|
|
#else
|
|
|
|
BIO *bio_out = BIO_new(BIO_s_mem());
|
|
|
|
BUF_MEM *biomem;
|
|
|
|
int rc;
|
|
|
|
|
2009-03-08 18:56:55 -04:00
|
|
|
if(!bio_out)
|
|
|
|
return 1; /* alloc failed! */
|
|
|
|
|
2009-06-29 16:45:42 -04:00
|
|
|
rc = X509_NAME_print_ex(bio_out, a, 0, XN_FLAG_SEP_SPLUS_SPC);
|
2008-09-05 10:29:21 -04:00
|
|
|
BIO_get_mem_ptr(bio_out, &biomem);
|
|
|
|
|
2008-09-24 09:55:23 -04:00
|
|
|
if((size_t)biomem->length < size)
|
2008-09-05 10:29:21 -04:00
|
|
|
size = biomem->length;
|
|
|
|
else
|
|
|
|
size--; /* don't overwrite the buffer end */
|
|
|
|
|
|
|
|
memcpy(buf, biomem->data, size);
|
2017-09-09 17:09:06 -04:00
|
|
|
buf[size] = 0;
|
2008-09-05 10:29:21 -04:00
|
|
|
|
|
|
|
BIO_free(bio_out);
|
|
|
|
|
|
|
|
return !rc;
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
2005-02-09 18:04:51 -05:00
|
|
|
/**
|
|
|
|
* Global SSL init
|
|
|
|
*
|
|
|
|
* @retval 0 error initializing SSL
|
|
|
|
* @retval 1 SSL initialized successfully
|
|
|
|
*/
|
2017-06-23 07:19:00 -04:00
|
|
|
static int Curl_ossl_init(void)
|
2001-05-28 10:12:43 -04:00
|
|
|
{
|
2015-04-26 11:26:31 -04:00
|
|
|
OPENSSL_load_builtin_modules();
|
|
|
|
|
2018-09-24 02:26:58 -04:00
|
|
|
#ifdef USE_OPENSSL_ENGINE
|
2001-12-17 18:01:39 -05:00
|
|
|
ENGINE_load_builtin_engines();
|
|
|
|
#endif
|
|
|
|
|
2019-06-17 07:11:02 -04:00
|
|
|
/* CONF_MFLAGS_DEFAULT_SECTION was introduced some time between 0.9.8b and
|
|
|
|
0.9.8e */
|
2014-09-10 07:08:22 -04:00
|
|
|
#ifndef CONF_MFLAGS_DEFAULT_SECTION
|
|
|
|
#define CONF_MFLAGS_DEFAULT_SECTION 0x0
|
|
|
|
#endif
|
|
|
|
|
2018-07-25 05:00:15 -04:00
|
|
|
#ifndef CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG
|
2015-01-22 06:42:50 -05:00
|
|
|
CONF_modules_load_file(NULL, NULL,
|
|
|
|
CONF_MFLAGS_DEFAULT_SECTION|
|
|
|
|
CONF_MFLAGS_IGNORE_MISSING_FILE);
|
2018-07-25 05:00:15 -04:00
|
|
|
#endif
|
2005-02-10 02:45:08 -05:00
|
|
|
|
2016-09-05 12:15:25 -04:00
|
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
|
|
|
|
!defined(LIBRESSL_VERSION_NUMBER)
|
|
|
|
/* OpenSSL 1.1.0+ takes care of initialization itself */
|
|
|
|
#else
|
2015-09-22 02:49:54 -04:00
|
|
|
/* Lets get nice error messages */
|
|
|
|
SSL_load_error_strings();
|
|
|
|
|
|
|
|
/* Init the global ciphers and digests */
|
|
|
|
if(!SSLeay_add_ssl_algorithms())
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
OpenSSL_add_all_algorithms();
|
2016-09-05 12:15:25 -04:00
|
|
|
#endif
|
2015-09-22 02:49:54 -04:00
|
|
|
|
vtls: Extract and simplify key log file handling from OpenSSL
Create a set of routines for TLS key log file handling to enable reuse
with other TLS backends. Simplify the OpenSSL backend as follows:
- Drop the ENABLE_SSLKEYLOGFILE macro as it is unconditionally enabled.
- Do not perform dynamic memory allocation when preparing a log entry.
Unless the TLS specifications change we can suffice with a reasonable
fixed-size buffer.
- Simplify state tracking when SSL_CTX_set_keylog_callback is
unavailable. My original sslkeylog.c code included this tracking in
order to handle multiple calls to SSL_connect and detect new keys
after renegotiation (via SSL_read/SSL_write). For curl however we can
be sure that a single master secret eventually becomes available
after SSL_connect, so a simple flag is sufficient. An alternative to
the flag is examining SSL_state(), but this seems more complex and is
not pursued. Capturing keys after server renegotiation was already
unsupported in curl and remains unsupported.
Tested with curl built against OpenSSL 0.9.8zh, 1.0.2u, and 1.1.1f
(`SSLKEYLOGFILE=keys.txt curl -vkso /dev/null https://localhost:4433`)
against an OpenSSL 1.1.1f server configured with:
# Force non-TLSv1.3, use TLSv1.0 since 0.9.8 fails with 1.1 or 1.2
openssl s_server -www -tls1
# Likewise, but fail the server handshake.
openssl s_server -www -tls1 -Verify 2
# TLS 1.3 test. No need to test the failing server handshake.
openssl s_server -www -tls1_3
Verify that all secrets (1 for TLS 1.0, 4 for TLS 1.3) are correctly
written using Wireshark. For the first and third case, expect four
matches per connection (decrypted Server Finished, Client Finished, HTTP
Request, HTTP Response). For the second case where the handshake fails,
expect a decrypted Server Finished only.
tshark -i lo -pf tcp -otls.keylog_file:keys.txt -Tfields \
-eframe.number -eframe.time -etcp.stream -e_ws.col.Info \
-dtls.port==4433,http -ohttp.desegment_body:FALSE \
-Y 'tls.handshake.verify_data or http'
A single connection can easily be identified via the `tcp.stream` field.
2020-05-03 11:10:40 -04:00
|
|
|
Curl_tls_keylog_open();
|
2017-09-05 15:27:22 -04:00
|
|
|
|
2018-11-14 05:52:45 -05:00
|
|
|
/* Initialize the extra data indexes */
|
|
|
|
if(ossl_get_ssl_conn_index() < 0 || ossl_get_ssl_sockindex_index() < 0)
|
|
|
|
return 0;
|
|
|
|
|
2005-02-09 18:04:51 -05:00
|
|
|
return 1;
|
2001-05-28 10:12:43 -04:00
|
|
|
}
|
|
|
|
|
2005-04-07 11:27:13 -04:00
|
|
|
/* Global cleanup */
|
2017-06-23 07:19:00 -04:00
|
|
|
static void Curl_ossl_cleanup(void)
|
2005-04-07 11:27:13 -04:00
|
|
|
{
|
2016-09-05 12:15:25 -04:00
|
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
|
|
|
|
!defined(LIBRESSL_VERSION_NUMBER)
|
|
|
|
/* OpenSSL 1.1 deprecates all these cleanup functions and
|
|
|
|
turns them into no-ops in OpenSSL 1.0 compatibility mode */
|
|
|
|
#else
|
2011-11-04 08:08:37 -04:00
|
|
|
/* Free ciphers and digests lists */
|
2005-04-07 11:27:13 -04:00
|
|
|
EVP_cleanup();
|
2001-11-14 02:11:39 -05:00
|
|
|
|
2018-11-13 15:41:25 -05:00
|
|
|
#ifdef USE_OPENSSL_ENGINE
|
2011-11-04 08:08:37 -04:00
|
|
|
/* Free engine list */
|
2005-04-07 11:27:13 -04:00
|
|
|
ENGINE_cleanup();
|
2001-12-17 18:01:39 -05:00
|
|
|
#endif
|
|
|
|
|
2011-11-04 08:08:37 -04:00
|
|
|
/* Free OpenSSL error strings */
|
|
|
|
ERR_free_strings();
|
|
|
|
|
|
|
|
/* Free thread local error state, destroying hash upon zero refcount */
|
2016-09-05 12:15:25 -04:00
|
|
|
#ifdef HAVE_ERR_REMOVE_THREAD_STATE
|
2011-11-04 08:08:37 -04:00
|
|
|
ERR_remove_thread_state(NULL);
|
|
|
|
#else
|
|
|
|
ERR_remove_state(0);
|
|
|
|
#endif
|
2015-11-13 16:07:11 -05:00
|
|
|
|
|
|
|
/* Free all memory allocated by all configuration modules */
|
|
|
|
CONF_modules_free();
|
2016-05-20 16:44:01 -04:00
|
|
|
|
2016-05-30 07:26:20 -04:00
|
|
|
#ifdef HAVE_SSL_COMP_FREE_COMPRESSION_METHODS
|
2016-05-20 16:44:01 -04:00
|
|
|
SSL_COMP_free_compression_methods();
|
|
|
|
#endif
|
2016-09-05 12:15:25 -04:00
|
|
|
#endif
|
2017-09-05 15:27:22 -04:00
|
|
|
|
vtls: Extract and simplify key log file handling from OpenSSL
Create a set of routines for TLS key log file handling to enable reuse
with other TLS backends. Simplify the OpenSSL backend as follows:
- Drop the ENABLE_SSLKEYLOGFILE macro as it is unconditionally enabled.
- Do not perform dynamic memory allocation when preparing a log entry.
Unless the TLS specifications change we can suffice with a reasonable
fixed-size buffer.
- Simplify state tracking when SSL_CTX_set_keylog_callback is
unavailable. My original sslkeylog.c code included this tracking in
order to handle multiple calls to SSL_connect and detect new keys
after renegotiation (via SSL_read/SSL_write). For curl however we can
be sure that a single master secret eventually becomes available
after SSL_connect, so a simple flag is sufficient. An alternative to
the flag is examining SSL_state(), but this seems more complex and is
not pursued. Capturing keys after server renegotiation was already
unsupported in curl and remains unsupported.
Tested with curl built against OpenSSL 0.9.8zh, 1.0.2u, and 1.1.1f
(`SSLKEYLOGFILE=keys.txt curl -vkso /dev/null https://localhost:4433`)
against an OpenSSL 1.1.1f server configured with:
# Force non-TLSv1.3, use TLSv1.0 since 0.9.8 fails with 1.1 or 1.2
openssl s_server -www -tls1
# Likewise, but fail the server handshake.
openssl s_server -www -tls1 -Verify 2
# TLS 1.3 test. No need to test the failing server handshake.
openssl s_server -www -tls1_3
Verify that all secrets (1 for TLS 1.0, 4 for TLS 1.3) are correctly
written using Wireshark. For the first and third case, expect four
matches per connection (decrypted Server Finished, Client Finished, HTTP
Request, HTTP Response). For the second case where the handshake fails,
expect a decrypted Server Finished only.
tshark -i lo -pf tcp -otls.keylog_file:keys.txt -Tfields \
-eframe.number -eframe.time -etcp.stream -e_ws.col.Info \
-dtls.port==4433,http -ohttp.desegment_body:FALSE \
-Y 'tls.handshake.verify_data or http'
A single connection can easily be identified via the `tcp.stream` field.
2020-05-03 11:10:40 -04:00
|
|
|
Curl_tls_keylog_close();
|
2001-09-07 05:40:46 -04:00
|
|
|
}
|
|
|
|
|
2006-05-10 18:17:42 -04:00
|
|
|
/*
|
2016-05-11 21:21:15 -04:00
|
|
|
* This function is used to determine connection status.
|
2006-05-10 18:17:42 -04:00
|
|
|
*
|
|
|
|
* Return codes:
|
|
|
|
* 1 means the connection is still in place
|
|
|
|
* 0 means the connection has been closed
|
|
|
|
* -1 means the connection status is unknown
|
|
|
|
*/
|
2017-06-23 07:19:00 -04:00
|
|
|
static int Curl_ossl_check_cxn(struct connectdata *conn)
|
2006-05-10 18:17:42 -04:00
|
|
|
{
|
2016-05-11 21:21:15 -04:00
|
|
|
/* SSL_peek takes data out of the raw recv buffer without peeking so we use
|
|
|
|
recv MSG_PEEK instead. Bug #795 */
|
2016-05-10 15:49:33 -04:00
|
|
|
#ifdef MSG_PEEK
|
2006-05-10 18:17:42 -04:00
|
|
|
char buf;
|
2016-05-12 02:36:21 -04:00
|
|
|
ssize_t nread;
|
2016-05-11 21:21:15 -04:00
|
|
|
nread = recv((RECV_TYPE_ARG1)conn->sock[FIRSTSOCKET], (RECV_TYPE_ARG2)&buf,
|
|
|
|
(RECV_TYPE_ARG3)1, (RECV_TYPE_ARG4)MSG_PEEK);
|
|
|
|
if(nread == 0)
|
2006-05-10 18:17:42 -04:00
|
|
|
return 0; /* connection has been closed */
|
2017-03-10 08:28:37 -05:00
|
|
|
if(nread == 1)
|
2016-05-10 15:49:33 -04:00
|
|
|
return 1; /* connection still in place */
|
2016-05-11 21:21:15 -04:00
|
|
|
else if(nread == -1) {
|
|
|
|
int err = SOCKERRNO;
|
|
|
|
if(err == EINPROGRESS ||
|
|
|
|
#if defined(EAGAIN) && (EAGAIN != EWOULDBLOCK)
|
|
|
|
err == EAGAIN ||
|
|
|
|
#endif
|
|
|
|
err == EWOULDBLOCK)
|
|
|
|
return 1; /* connection still in place */
|
|
|
|
if(err == ECONNRESET ||
|
|
|
|
#ifdef ECONNABORTED
|
|
|
|
err == ECONNABORTED ||
|
|
|
|
#endif
|
|
|
|
#ifdef ENETDOWN
|
|
|
|
err == ENETDOWN ||
|
2016-05-10 15:49:33 -04:00
|
|
|
#endif
|
2016-05-11 21:21:15 -04:00
|
|
|
#ifdef ENETRESET
|
|
|
|
err == ENETRESET ||
|
|
|
|
#endif
|
|
|
|
#ifdef ESHUTDOWN
|
|
|
|
err == ESHUTDOWN ||
|
|
|
|
#endif
|
|
|
|
#ifdef ETIMEDOUT
|
|
|
|
err == ETIMEDOUT ||
|
|
|
|
#endif
|
|
|
|
err == ENOTCONN)
|
|
|
|
return 0; /* connection has been closed */
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
return -1; /* connection status unknown */
|
2006-05-10 18:17:42 -04:00
|
|
|
}
|
|
|
|
|
2004-12-13 11:43:00 -05:00
|
|
|
/* Selects an OpenSSL crypto engine
|
|
|
|
*/
|
2017-06-23 07:19:00 -04:00
|
|
|
static CURLcode Curl_ossl_set_engine(struct Curl_easy *data,
|
|
|
|
const char *engine)
|
2004-12-13 11:43:00 -05:00
|
|
|
{
|
2018-06-08 10:36:47 -04:00
|
|
|
#ifdef USE_OPENSSL_ENGINE
|
2010-02-05 04:33:36 -05:00
|
|
|
ENGINE *e;
|
|
|
|
|
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x00909000L
|
|
|
|
e = ENGINE_by_id(engine);
|
|
|
|
#else
|
|
|
|
/* avoid memory leak */
|
|
|
|
for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
|
|
|
|
const char *e_id = ENGINE_get_id(e);
|
|
|
|
if(!strcmp(engine, e_id))
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
#endif
|
2004-12-13 11:43:00 -05:00
|
|
|
|
2007-11-05 04:45:09 -05:00
|
|
|
if(!e) {
|
2004-12-13 11:43:00 -05:00
|
|
|
failf(data, "SSL Engine '%s' not found", engine);
|
2010-02-05 04:33:36 -05:00
|
|
|
return CURLE_SSL_ENGINE_NOTFOUND;
|
2004-12-13 11:43:00 -05:00
|
|
|
}
|
|
|
|
|
2007-11-05 04:45:09 -05:00
|
|
|
if(data->state.engine) {
|
2004-12-14 04:36:22 -05:00
|
|
|
ENGINE_finish(data->state.engine);
|
|
|
|
ENGINE_free(data->state.engine);
|
2007-01-10 16:21:53 -05:00
|
|
|
data->state.engine = NULL;
|
2004-12-13 11:43:00 -05:00
|
|
|
}
|
2007-11-05 04:45:09 -05:00
|
|
|
if(!ENGINE_init(e)) {
|
2004-12-14 09:20:21 -05:00
|
|
|
char buf[256];
|
|
|
|
|
2004-12-13 11:43:00 -05:00
|
|
|
ENGINE_free(e);
|
2004-12-14 09:20:21 -05:00
|
|
|
failf(data, "Failed to initialise SSL Engine '%s':\n%s",
|
2016-05-31 13:54:35 -04:00
|
|
|
engine, ossl_strerror(ERR_get_error(), buf, sizeof(buf)));
|
2010-02-05 04:33:36 -05:00
|
|
|
return CURLE_SSL_ENGINE_INITFAILED;
|
2004-12-13 11:43:00 -05:00
|
|
|
}
|
2004-12-14 04:36:22 -05:00
|
|
|
data->state.engine = e;
|
2010-02-05 04:33:36 -05:00
|
|
|
return CURLE_OK;
|
2004-12-13 11:43:00 -05:00
|
|
|
#else
|
2004-12-14 17:06:25 -05:00
|
|
|
(void)engine;
|
2004-12-13 11:43:00 -05:00
|
|
|
failf(data, "SSL Engine not supported");
|
2010-02-05 04:33:36 -05:00
|
|
|
return CURLE_SSL_ENGINE_NOTFOUND;
|
2004-12-13 11:43:00 -05:00
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
2005-04-07 11:27:13 -04:00
|
|
|
/* Sets engine as default for all SSL operations
|
2004-12-13 11:43:00 -05:00
|
|
|
*/
|
2017-06-23 07:19:00 -04:00
|
|
|
static CURLcode Curl_ossl_set_engine_default(struct Curl_easy *data)
|
2004-12-13 11:43:00 -05:00
|
|
|
{
|
2018-06-08 10:36:47 -04:00
|
|
|
#ifdef USE_OPENSSL_ENGINE
|
2007-11-05 04:45:09 -05:00
|
|
|
if(data->state.engine) {
|
|
|
|
if(ENGINE_set_default(data->state.engine, ENGINE_METHOD_ALL) > 0) {
|
2015-03-17 08:41:49 -04:00
|
|
|
infof(data, "set default crypto engine '%s'\n",
|
2011-04-20 09:17:42 -04:00
|
|
|
ENGINE_get_id(data->state.engine));
|
2004-12-13 11:43:00 -05:00
|
|
|
}
|
|
|
|
else {
|
2011-04-20 09:17:42 -04:00
|
|
|
failf(data, "set default crypto engine '%s' failed",
|
|
|
|
ENGINE_get_id(data->state.engine));
|
2004-12-13 11:43:00 -05:00
|
|
|
return CURLE_SSL_ENGINE_SETFAILED;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#else
|
|
|
|
(void) data;
|
|
|
|
#endif
|
2005-04-07 11:27:13 -04:00
|
|
|
return CURLE_OK;
|
2004-12-13 11:43:00 -05:00
|
|
|
}
|
|
|
|
|
2004-12-14 09:20:21 -05:00
|
|
|
/* Return list of OpenSSL crypto engine names.
|
2004-12-13 11:43:00 -05:00
|
|
|
*/
|
2017-06-23 07:19:00 -04:00
|
|
|
static struct curl_slist *Curl_ossl_engines_list(struct Curl_easy *data)
|
2004-12-13 11:43:00 -05:00
|
|
|
{
|
2004-12-14 09:20:21 -05:00
|
|
|
struct curl_slist *list = NULL;
|
2018-06-08 10:36:47 -04:00
|
|
|
#ifdef USE_OPENSSL_ENGINE
|
2011-10-07 14:50:57 -04:00
|
|
|
struct curl_slist *beg;
|
2004-12-13 11:43:00 -05:00
|
|
|
ENGINE *e;
|
|
|
|
|
2011-04-20 09:17:42 -04:00
|
|
|
for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
|
2011-10-07 14:50:57 -04:00
|
|
|
beg = curl_slist_append(list, ENGINE_get_id(e));
|
|
|
|
if(!beg) {
|
|
|
|
curl_slist_free_all(list);
|
2007-04-07 00:51:35 -04:00
|
|
|
return NULL;
|
|
|
|
}
|
2011-10-07 14:50:57 -04:00
|
|
|
list = beg;
|
2007-04-07 00:51:35 -04:00
|
|
|
}
|
2004-12-13 11:43:00 -05:00
|
|
|
#endif
|
2004-12-14 09:20:21 -05:00
|
|
|
(void) data;
|
2010-02-05 04:33:36 -05:00
|
|
|
return list;
|
2004-12-13 11:43:00 -05:00
|
|
|
}
|
|
|
|
|
2016-11-16 12:49:15 -05:00
|
|
|
static void ossl_close(struct ssl_connect_data *connssl)
|
2001-08-28 04:37:54 -04:00
|
|
|
{
|
2020-03-18 11:58:38 -04:00
|
|
|
struct ssl_backend_data *backend = connssl->backend;
|
|
|
|
if(backend->handle) {
|
|
|
|
(void)SSL_shutdown(backend->handle);
|
|
|
|
SSL_set_connect_state(backend->handle);
|
2001-08-28 04:37:54 -04:00
|
|
|
|
2020-03-18 11:58:38 -04:00
|
|
|
SSL_free(backend->handle);
|
|
|
|
backend->handle = NULL;
|
2007-07-29 08:54:05 -04:00
|
|
|
}
|
2020-03-18 11:58:38 -04:00
|
|
|
if(backend->ctx) {
|
|
|
|
SSL_CTX_free(backend->ctx);
|
|
|
|
backend->ctx = NULL;
|
2001-08-28 04:37:54 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-11-16 12:49:15 -05:00
|
|
|
/*
|
|
|
|
* This function is called when an SSL connection is closed.
|
|
|
|
*/
|
2017-06-23 07:19:00 -04:00
|
|
|
static void Curl_ossl_close(struct connectdata *conn, int sockindex)
|
2016-11-16 12:49:15 -05:00
|
|
|
{
|
|
|
|
ossl_close(&conn->ssl[sockindex]);
|
2020-05-27 05:51:34 -04:00
|
|
|
#ifndef CURL_DISABLE_PROXY
|
2016-11-16 12:49:15 -05:00
|
|
|
ossl_close(&conn->proxy_ssl[sockindex]);
|
2020-05-27 05:51:34 -04:00
|
|
|
#endif
|
2016-11-16 12:49:15 -05:00
|
|
|
}
|
|
|
|
|
2007-01-05 18:11:14 -05:00
|
|
|
/*
|
|
|
|
* This function is called to shut down the SSL layer but keep the
|
|
|
|
* socket open (CCC - Clear Command Channel)
|
|
|
|
*/
|
2017-06-23 07:19:00 -04:00
|
|
|
static int Curl_ossl_shutdown(struct connectdata *conn, int sockindex)
|
2007-01-05 18:11:14 -05:00
|
|
|
{
|
|
|
|
int retval = 0;
|
|
|
|
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
2016-06-21 09:47:12 -04:00
|
|
|
struct Curl_easy *data = conn->data;
|
2016-05-31 10:25:56 -04:00
|
|
|
char buf[256]; /* We will use this for the OpenSSL error buffer, so it has
|
|
|
|
to be at least 256 bytes long. */
|
2007-01-05 18:11:14 -05:00
|
|
|
unsigned long sslerror;
|
|
|
|
ssize_t nread;
|
2009-04-14 08:53:53 -04:00
|
|
|
int buffsize;
|
2007-01-05 18:11:14 -05:00
|
|
|
int err;
|
2018-10-26 04:06:48 -04:00
|
|
|
bool done = FALSE;
|
2020-03-18 11:58:38 -04:00
|
|
|
struct ssl_backend_data *backend = connssl->backend;
|
2007-01-05 18:11:14 -05:00
|
|
|
|
2019-05-21 03:38:11 -04:00
|
|
|
#ifndef CURL_DISABLE_FTP
|
2007-01-05 18:11:14 -05:00
|
|
|
/* This has only been tested on the proftpd server, and the mod_tls code
|
|
|
|
sends a close notify alert without waiting for a close notify alert in
|
|
|
|
response. Thus we wait for a close notify alert from the server, but
|
|
|
|
we do not send one. Let's hope other servers do the same... */
|
|
|
|
|
2007-02-20 17:02:11 -05:00
|
|
|
if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE)
|
2020-03-18 11:58:38 -04:00
|
|
|
(void)SSL_shutdown(backend->handle);
|
2019-05-21 03:38:11 -04:00
|
|
|
#endif
|
2007-02-20 17:02:11 -05:00
|
|
|
|
2020-03-18 11:58:38 -04:00
|
|
|
if(backend->handle) {
|
2009-04-14 08:53:53 -04:00
|
|
|
buffsize = (int)sizeof(buf);
|
2007-01-05 18:11:14 -05:00
|
|
|
while(!done) {
|
2016-10-18 04:58:58 -04:00
|
|
|
int what = SOCKET_READABLE(conn->sock[sockindex],
|
|
|
|
SSL_SHUTDOWN_TIMEOUT);
|
2007-01-05 18:11:14 -05:00
|
|
|
if(what > 0) {
|
2010-06-05 17:41:58 -04:00
|
|
|
ERR_clear_error();
|
|
|
|
|
2007-01-05 18:11:14 -05:00
|
|
|
/* Something to read, let's do it and hope that it is the close
|
|
|
|
notify alert from the server */
|
2020-03-18 11:58:38 -04:00
|
|
|
nread = (ssize_t)SSL_read(backend->handle, buf, buffsize);
|
|
|
|
err = SSL_get_error(backend->handle, (int)nread);
|
2007-01-05 18:11:14 -05:00
|
|
|
|
|
|
|
switch(err) {
|
|
|
|
case SSL_ERROR_NONE: /* this is not an error */
|
|
|
|
case SSL_ERROR_ZERO_RETURN: /* no more data */
|
|
|
|
/* This is the expected response. There was no data but only
|
|
|
|
the close notify alert */
|
2018-10-26 04:06:48 -04:00
|
|
|
done = TRUE;
|
2007-01-05 18:11:14 -05:00
|
|
|
break;
|
|
|
|
case SSL_ERROR_WANT_READ:
|
|
|
|
/* there's data pending, re-invoke SSL_read() */
|
|
|
|
infof(data, "SSL_ERROR_WANT_READ\n");
|
|
|
|
break;
|
|
|
|
case SSL_ERROR_WANT_WRITE:
|
|
|
|
/* SSL wants a write. Really odd. Let's bail out. */
|
|
|
|
infof(data, "SSL_ERROR_WANT_WRITE\n");
|
2018-10-26 04:06:48 -04:00
|
|
|
done = TRUE;
|
2007-01-05 18:11:14 -05:00
|
|
|
break;
|
|
|
|
default:
|
|
|
|
/* openssl/ssl.h says "look at error stack/return value/errno" */
|
|
|
|
sslerror = ERR_get_error();
|
2017-03-22 14:39:41 -04:00
|
|
|
failf(conn->data, OSSL_PACKAGE " SSL_read on shutdown: %s, errno %d",
|
|
|
|
(sslerror ?
|
|
|
|
ossl_strerror(sslerror, buf, sizeof(buf)) :
|
|
|
|
SSL_ERROR_to_str(err)),
|
2007-02-16 13:19:35 -05:00
|
|
|
SOCKERRNO);
|
2018-10-26 04:06:48 -04:00
|
|
|
done = TRUE;
|
2007-01-05 18:11:14 -05:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else if(0 == what) {
|
|
|
|
/* timeout */
|
|
|
|
failf(data, "SSL shutdown timeout");
|
2018-10-26 04:06:48 -04:00
|
|
|
done = TRUE;
|
2007-01-05 18:11:14 -05:00
|
|
|
}
|
|
|
|
else {
|
|
|
|
/* anything that gets here is fatally bad */
|
2007-03-27 14:16:35 -04:00
|
|
|
failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
|
2007-01-05 18:11:14 -05:00
|
|
|
retval = -1;
|
2018-10-26 04:06:48 -04:00
|
|
|
done = TRUE;
|
2007-01-05 18:11:14 -05:00
|
|
|
}
|
|
|
|
} /* while()-loop for the select() */
|
|
|
|
|
|
|
|
if(data->set.verbose) {
|
2007-03-14 19:40:46 -04:00
|
|
|
#ifdef HAVE_SSL_GET_SHUTDOWN
|
2020-03-18 11:58:38 -04:00
|
|
|
switch(SSL_get_shutdown(backend->handle)) {
|
2007-01-05 18:11:14 -05:00
|
|
|
case SSL_SENT_SHUTDOWN:
|
|
|
|
infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN\n");
|
|
|
|
break;
|
|
|
|
case SSL_RECEIVED_SHUTDOWN:
|
|
|
|
infof(data, "SSL_get_shutdown() returned SSL_RECEIVED_SHUTDOWN\n");
|
|
|
|
break;
|
|
|
|
case SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN:
|
|
|
|
infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN|"
|
|
|
|
"SSL_RECEIVED__SHUTDOWN\n");
|
|
|
|
break;
|
|
|
|
}
|
2007-03-14 19:40:46 -04:00
|
|
|
#endif
|
2007-01-05 18:11:14 -05:00
|
|
|
}
|
|
|
|
|
2020-03-18 11:58:38 -04:00
|
|
|
SSL_free(backend->handle);
|
|
|
|
backend->handle = NULL;
|
2007-01-05 18:11:14 -05:00
|
|
|
}
|
|
|
|
return retval;
|
|
|
|
}
|
|
|
|
|
2017-06-23 07:19:00 -04:00
|
|
|
static void Curl_ossl_session_free(void *ptr)
|
2001-08-28 04:37:54 -04:00
|
|
|
{
|
2005-04-07 11:27:13 -04:00
|
|
|
/* free the ID */
|
|
|
|
SSL_SESSION_free(ptr);
|
2001-08-28 04:37:54 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This function is called when the 'data' struct is going away. Close
|
|
|
|
* down everything and free all resources!
|
|
|
|
*/
|
2017-06-23 07:19:00 -04:00
|
|
|
static void Curl_ossl_close_all(struct Curl_easy *data)
|
2001-08-28 04:37:54 -04:00
|
|
|
{
|
2018-06-08 10:36:47 -04:00
|
|
|
#ifdef USE_OPENSSL_ENGINE
|
2004-12-14 04:36:22 -05:00
|
|
|
if(data->state.engine) {
|
|
|
|
ENGINE_finish(data->state.engine);
|
|
|
|
ENGINE_free(data->state.engine);
|
|
|
|
data->state.engine = NULL;
|
2001-12-17 18:01:39 -05:00
|
|
|
}
|
2005-04-13 02:52:03 -04:00
|
|
|
#else
|
|
|
|
(void)data;
|
2001-12-17 18:01:39 -05:00
|
|
|
#endif
|
2016-08-29 17:18:31 -04:00
|
|
|
#if !defined(HAVE_ERR_REMOVE_THREAD_STATE_DEPRECATED) && \
|
|
|
|
defined(HAVE_ERR_REMOVE_THREAD_STATE)
|
|
|
|
/* OpenSSL 1.0.1 and 1.0.2 build an error queue that is stored per-thread
|
|
|
|
so we need to clean it here in case the thread will be killed. All OpenSSL
|
|
|
|
code should extract the error in association with the error so clearing
|
|
|
|
this queue here should be harmless at worst. */
|
|
|
|
ERR_remove_thread_state(NULL);
|
|
|
|
#endif
|
2001-08-28 04:37:54 -04:00
|
|
|
}
|
|
|
|
|
2003-01-07 11:33:11 -05:00
|
|
|
/* ====================================================== */
|
2004-05-18 03:25:13 -04:00
|
|
|
|
2018-04-13 08:04:11 -04:00
|
|
|
/*
|
|
|
|
* Match subjectAltName against the host name. This requires a conversion
|
|
|
|
* in CURL_DOES_CONVERSIONS builds.
|
|
|
|
*/
|
|
|
|
static bool subj_alt_hostcheck(struct Curl_easy *data,
|
|
|
|
const char *match_pattern, const char *hostname,
|
|
|
|
const char *dispname)
|
|
|
|
#ifdef CURL_DOES_CONVERSIONS
|
|
|
|
{
|
|
|
|
bool res = FALSE;
|
|
|
|
|
|
|
|
/* Curl_cert_hostcheck uses host encoding, but we get ASCII from
|
|
|
|
OpenSSl.
|
|
|
|
*/
|
|
|
|
char *match_pattern2 = strdup(match_pattern);
|
|
|
|
|
|
|
|
if(match_pattern2) {
|
|
|
|
if(Curl_convert_from_network(data, match_pattern2,
|
|
|
|
strlen(match_pattern2)) == CURLE_OK) {
|
|
|
|
if(Curl_cert_hostcheck(match_pattern2, hostname)) {
|
|
|
|
res = TRUE;
|
|
|
|
infof(data,
|
|
|
|
" subjectAltName: host \"%s\" matched cert's \"%s\"\n",
|
|
|
|
dispname, match_pattern2);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
free(match_pattern2);
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
failf(data,
|
|
|
|
"SSL: out of memory when allocating temporary for subjectAltName");
|
|
|
|
}
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
#else
|
|
|
|
{
|
2018-10-16 17:35:44 -04:00
|
|
|
#ifdef CURL_DISABLE_VERBOSE_STRINGS
|
|
|
|
(void)dispname;
|
|
|
|
(void)data;
|
|
|
|
#endif
|
2018-04-13 08:04:11 -04:00
|
|
|
if(Curl_cert_hostcheck(match_pattern, hostname)) {
|
|
|
|
infof(data, " subjectAltName: host \"%s\" matched cert's \"%s\"\n",
|
|
|
|
dispname, match_pattern);
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2003-01-07 11:33:11 -05:00
|
|
|
|
2003-10-16 09:44:34 -04:00
|
|
|
/* Quote from RFC2818 section 3.1 "Server Identity"
|
|
|
|
|
|
|
|
If a subjectAltName extension of type dNSName is present, that MUST
|
|
|
|
be used as the identity. Otherwise, the (most specific) Common Name
|
|
|
|
field in the Subject field of the certificate MUST be used. Although
|
|
|
|
the use of the Common Name is existing practice, it is deprecated and
|
|
|
|
Certification Authorities are encouraged to use the dNSName instead.
|
|
|
|
|
|
|
|
Matching is performed using the matching rules specified by
|
|
|
|
[RFC2459]. If more than one identity of a given type is present in
|
|
|
|
the certificate (e.g., more than one dNSName name, a match in any one
|
|
|
|
of the set is considered acceptable.) Names may contain the wildcard
|
|
|
|
character * which is considered to match any single domain name
|
|
|
|
component or component fragment. E.g., *.a.com matches foo.a.com but
|
|
|
|
not bar.foo.a.com. f*.com matches foo.com but not bar.com.
|
|
|
|
|
|
|
|
In some cases, the URI is specified as an IP address rather than a
|
|
|
|
hostname. In this case, the iPAddress subjectAltName must be present
|
|
|
|
in the certificate and must exactly match the IP in the URI.
|
2003-10-15 10:42:11 -04:00
|
|
|
|
|
|
|
*/
|
2014-11-01 12:16:56 -04:00
|
|
|
static CURLcode verifyhost(struct connectdata *conn, X509 *server_cert)
|
2003-10-07 17:46:47 -04:00
|
|
|
{
|
2016-03-16 06:02:33 -04:00
|
|
|
bool matched = FALSE;
|
2003-10-16 09:44:34 -04:00
|
|
|
int target = GEN_DNS; /* target type, GEN_DNS or GEN_IPADD */
|
2009-04-13 03:18:39 -04:00
|
|
|
size_t addrlen = 0;
|
2016-06-21 09:47:12 -04:00
|
|
|
struct Curl_easy *data = conn->data;
|
2003-10-16 09:44:34 -04:00
|
|
|
STACK_OF(GENERAL_NAME) *altnames;
|
2003-10-07 17:46:47 -04:00
|
|
|
#ifdef ENABLE_IPV6
|
|
|
|
struct in6_addr addr;
|
|
|
|
#else
|
|
|
|
struct in_addr addr;
|
|
|
|
#endif
|
2014-11-01 12:16:56 -04:00
|
|
|
CURLcode result = CURLE_OK;
|
2016-06-15 09:36:40 -04:00
|
|
|
bool dNSName = FALSE; /* if a dNSName field exists in the cert */
|
2016-08-12 04:10:29 -04:00
|
|
|
bool iPAddress = FALSE; /* if a iPAddress field exists in the cert */
|
2020-05-27 05:51:34 -04:00
|
|
|
#ifndef CURL_DISABLE_PROXY
|
|
|
|
const char * const hostname = SSL_IS_PROXY() ?
|
|
|
|
conn->http_proxy.host.name : conn->host.name;
|
2016-11-16 12:49:15 -05:00
|
|
|
const char * const dispname = SSL_IS_PROXY() ?
|
|
|
|
conn->http_proxy.host.dispname : conn->host.dispname;
|
2020-05-27 05:51:34 -04:00
|
|
|
#else
|
|
|
|
/* disabled proxy support */
|
|
|
|
const char * const hostname = conn->host.name;
|
|
|
|
const char * const dispname = conn->host.dispname;
|
|
|
|
#endif
|
2004-05-18 03:25:13 -04:00
|
|
|
|
2003-10-07 17:46:47 -04:00
|
|
|
#ifdef ENABLE_IPV6
|
2004-05-18 03:25:13 -04:00
|
|
|
if(conn->bits.ipv6_ip &&
|
2016-11-16 12:49:15 -05:00
|
|
|
Curl_inet_pton(AF_INET6, hostname, &addr)) {
|
2003-10-16 09:44:34 -04:00
|
|
|
target = GEN_IPADD;
|
|
|
|
addrlen = sizeof(struct in6_addr);
|
2003-10-07 17:46:47 -04:00
|
|
|
}
|
|
|
|
else
|
|
|
|
#endif
|
2016-11-16 12:49:15 -05:00
|
|
|
if(Curl_inet_pton(AF_INET, hostname, &addr)) {
|
2003-10-16 09:44:34 -04:00
|
|
|
target = GEN_IPADD;
|
|
|
|
addrlen = sizeof(struct in_addr);
|
2003-10-07 17:46:47 -04:00
|
|
|
}
|
2004-05-18 03:25:13 -04:00
|
|
|
|
2003-10-16 09:44:34 -04:00
|
|
|
/* get a "list" of alternative names */
|
2003-11-24 02:15:37 -05:00
|
|
|
altnames = X509_get_ext_d2i(server_cert, NID_subject_alt_name, NULL, NULL);
|
2004-05-18 03:25:13 -04:00
|
|
|
|
2003-10-16 09:44:34 -04:00
|
|
|
if(altnames) {
|
2019-08-20 05:30:25 -04:00
|
|
|
#ifdef OPENSSL_IS_BORINGSSL
|
|
|
|
size_t numalts;
|
|
|
|
size_t i;
|
|
|
|
#else
|
2003-10-16 09:44:34 -04:00
|
|
|
int numalts;
|
|
|
|
int i;
|
2019-08-20 05:30:25 -04:00
|
|
|
#endif
|
2016-06-15 09:36:40 -04:00
|
|
|
bool dnsmatched = FALSE;
|
|
|
|
bool ipmatched = FALSE;
|
2004-05-18 03:25:13 -04:00
|
|
|
|
2003-10-16 09:44:34 -04:00
|
|
|
/* get amount of alternatives, RFC2459 claims there MUST be at least
|
|
|
|
one, but we don't depend on it... */
|
|
|
|
numalts = sk_GENERAL_NAME_num(altnames);
|
|
|
|
|
2016-06-15 09:36:40 -04:00
|
|
|
/* loop through all alternatives - until a dnsmatch */
|
2017-09-09 17:09:06 -04:00
|
|
|
for(i = 0; (i < numalts) && !dnsmatched; i++) {
|
2003-10-16 09:44:34 -04:00
|
|
|
/* get a handle to alternative name number i */
|
|
|
|
const GENERAL_NAME *check = sk_GENERAL_NAME_value(altnames, i);
|
|
|
|
|
2016-06-15 09:36:40 -04:00
|
|
|
if(check->type == GEN_DNS)
|
|
|
|
dNSName = TRUE;
|
2016-08-12 04:10:29 -04:00
|
|
|
else if(check->type == GEN_IPADD)
|
|
|
|
iPAddress = TRUE;
|
2016-06-15 09:36:40 -04:00
|
|
|
|
2003-10-16 09:44:34 -04:00
|
|
|
/* only check alternatives of the same type the target is */
|
|
|
|
if(check->type == target) {
|
|
|
|
/* get data and length */
|
2016-08-25 06:27:31 -04:00
|
|
|
const char *altptr = (char *)ASN1_STRING_get0_data(check->d.ia5);
|
2009-08-01 17:56:59 -04:00
|
|
|
size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5);
|
2003-10-16 09:44:34 -04:00
|
|
|
|
|
|
|
switch(target) {
|
2004-06-22 04:51:22 -04:00
|
|
|
case GEN_DNS: /* name/pattern comparison */
|
|
|
|
/* The OpenSSL man page explicitly says: "In general it cannot be
|
|
|
|
assumed that the data returned by ASN1_STRING_data() is null
|
|
|
|
terminated or does not contain embedded nulls." But also that
|
|
|
|
"The actual format of the data will depend on the actual string
|
2019-07-19 06:05:05 -04:00
|
|
|
type itself: for example for an IA5String the data will be ASCII"
|
2004-06-22 04:51:22 -04:00
|
|
|
|
2019-07-19 06:05:05 -04:00
|
|
|
It has been however verified that in 0.9.6 and 0.9.7, IA5String
|
2020-06-25 05:38:25 -04:00
|
|
|
is always null-terminated.
|
2004-06-22 04:51:22 -04:00
|
|
|
*/
|
2009-08-03 04:45:19 -04:00
|
|
|
if((altlen == strlen(altptr)) &&
|
|
|
|
/* if this isn't true, there was an embedded zero in the name
|
|
|
|
string and we cannot match it. */
|
2018-04-13 08:04:11 -04:00
|
|
|
subj_alt_hostcheck(data, altptr, hostname, dispname)) {
|
2016-06-15 09:36:40 -04:00
|
|
|
dnsmatched = TRUE;
|
2016-03-16 06:02:33 -04:00
|
|
|
}
|
2003-10-16 09:44:34 -04:00
|
|
|
break;
|
2004-05-18 03:25:13 -04:00
|
|
|
|
|
|
|
case GEN_IPADD: /* IP address comparison */
|
2003-10-16 09:44:34 -04:00
|
|
|
/* compare alternative IP address if the data chunk is the same size
|
|
|
|
our server IP address is */
|
2016-03-16 06:02:33 -04:00
|
|
|
if((altlen == addrlen) && !memcmp(altptr, &addr, altlen)) {
|
2016-06-15 09:36:40 -04:00
|
|
|
ipmatched = TRUE;
|
2016-03-16 06:02:33 -04:00
|
|
|
infof(data,
|
|
|
|
" subjectAltName: host \"%s\" matched cert's IP address!\n",
|
2016-11-16 12:49:15 -05:00
|
|
|
dispname);
|
2016-03-16 06:02:33 -04:00
|
|
|
}
|
2003-10-16 09:44:34 -04:00
|
|
|
break;
|
2003-10-07 17:46:47 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2003-10-16 09:44:34 -04:00
|
|
|
GENERAL_NAMES_free(altnames);
|
2016-06-15 09:36:40 -04:00
|
|
|
|
2016-08-12 04:10:29 -04:00
|
|
|
if(dnsmatched || ipmatched)
|
2016-06-15 09:36:40 -04:00
|
|
|
matched = TRUE;
|
2003-10-07 17:46:47 -04:00
|
|
|
}
|
2004-05-18 03:25:13 -04:00
|
|
|
|
2016-03-16 06:02:33 -04:00
|
|
|
if(matched)
|
|
|
|
/* an alternative name matched */
|
|
|
|
;
|
2016-08-12 04:10:29 -04:00
|
|
|
else if(dNSName || iPAddress) {
|
2016-11-16 12:49:15 -05:00
|
|
|
infof(data, " subjectAltName does not match %s\n", dispname);
|
2013-10-13 17:07:44 -04:00
|
|
|
failf(data, "SSL: no alternative certificate subject name matches "
|
2016-11-16 12:49:15 -05:00
|
|
|
"target host name '%s'", dispname);
|
2014-11-01 12:16:56 -04:00
|
|
|
result = CURLE_PEER_FAILED_VERIFICATION;
|
2009-08-11 17:48:58 -04:00
|
|
|
}
|
2003-10-16 09:44:34 -04:00
|
|
|
else {
|
2011-04-19 09:54:13 -04:00
|
|
|
/* we have to look to the last occurrence of a commonName in the
|
2004-05-17 18:01:16 -04:00
|
|
|
distinguished one to get the most significant one. */
|
2017-09-09 17:09:06 -04:00
|
|
|
int j, i = -1;
|
2004-05-17 18:01:16 -04:00
|
|
|
|
2016-03-16 06:02:33 -04:00
|
|
|
/* The following is done because of a bug in 0.9.6b */
|
2004-05-18 03:25:13 -04:00
|
|
|
|
2004-05-17 18:01:16 -04:00
|
|
|
unsigned char *nulstr = (unsigned char *)"";
|
|
|
|
unsigned char *peer_CN = nulstr;
|
|
|
|
|
2015-03-17 09:06:48 -04:00
|
|
|
X509_NAME *name = X509_get_subject_name(server_cert);
|
2007-11-05 04:45:09 -05:00
|
|
|
if(name)
|
2017-09-09 17:09:06 -04:00
|
|
|
while((j = X509_NAME_get_index_by_NID(name, NID_commonName, i)) >= 0)
|
|
|
|
i = j;
|
2004-05-17 18:01:16 -04:00
|
|
|
|
|
|
|
/* we have the name entry and we will now convert this to a string
|
|
|
|
that we can use for comparison. Doing this we support BMPstring,
|
|
|
|
UTF8 etc. */
|
|
|
|
|
2017-09-09 17:09:06 -04:00
|
|
|
if(i >= 0) {
|
2015-03-17 08:41:49 -04:00
|
|
|
ASN1_STRING *tmp =
|
|
|
|
X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
|
2004-08-10 04:06:43 -04:00
|
|
|
|
|
|
|
/* In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input
|
|
|
|
is already UTF-8 encoded. We check for this case and copy the raw
|
|
|
|
string manually to avoid the problem. This code can be made
|
2019-07-19 06:05:05 -04:00
|
|
|
conditional in the future when OpenSSL has been fixed. */
|
2009-08-02 18:34:00 -04:00
|
|
|
if(tmp) {
|
|
|
|
if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
|
2009-10-13 22:32:27 -04:00
|
|
|
j = ASN1_STRING_length(tmp);
|
2009-08-03 04:45:19 -04:00
|
|
|
if(j >= 0) {
|
2017-09-09 17:55:08 -04:00
|
|
|
peer_CN = OPENSSL_malloc(j + 1);
|
2009-08-02 18:34:00 -04:00
|
|
|
if(peer_CN) {
|
2016-08-25 06:27:31 -04:00
|
|
|
memcpy(peer_CN, ASN1_STRING_get0_data(tmp), j);
|
2009-08-03 04:45:19 -04:00
|
|
|
peer_CN[j] = '\0';
|
2009-08-02 18:34:00 -04:00
|
|
|
}
|
2004-08-10 04:06:43 -04:00
|
|
|
}
|
|
|
|
}
|
2009-08-02 18:34:00 -04:00
|
|
|
else /* not a UTF8 name */
|
|
|
|
j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
|
2009-08-03 04:45:19 -04:00
|
|
|
|
2012-03-16 14:06:34 -04:00
|
|
|
if(peer_CN && (curlx_uztosi(strlen((char *)peer_CN)) != j)) {
|
2009-08-03 04:45:19 -04:00
|
|
|
/* there was a terminating zero before the end of string, this
|
|
|
|
cannot match and we return failure! */
|
|
|
|
failf(data, "SSL: illegal cert name field");
|
2014-11-01 12:16:56 -04:00
|
|
|
result = CURLE_PEER_FAILED_VERIFICATION;
|
2009-08-03 04:45:19 -04:00
|
|
|
}
|
2004-08-10 04:06:43 -04:00
|
|
|
}
|
2004-05-17 18:01:16 -04:00
|
|
|
}
|
2004-05-18 03:25:13 -04:00
|
|
|
|
2007-11-05 04:45:09 -05:00
|
|
|
if(peer_CN == nulstr)
|
2004-05-17 18:01:16 -04:00
|
|
|
peer_CN = NULL;
|
2006-04-07 17:50:47 -04:00
|
|
|
else {
|
|
|
|
/* convert peer_CN from UTF8 */
|
2017-09-10 18:31:12 -04:00
|
|
|
CURLcode rc = Curl_convert_from_utf8(data, (char *)peer_CN,
|
|
|
|
strlen((char *)peer_CN));
|
2006-04-07 17:50:47 -04:00
|
|
|
/* Curl_convert_from_utf8 calls failf if unsuccessful */
|
2011-04-19 18:48:20 -04:00
|
|
|
if(rc) {
|
2016-09-09 17:33:09 -04:00
|
|
|
OPENSSL_free(peer_CN);
|
2007-05-22 15:51:44 -04:00
|
|
|
return rc;
|
2006-04-07 17:50:47 -04:00
|
|
|
}
|
|
|
|
}
|
2004-05-17 18:01:16 -04:00
|
|
|
|
2014-11-01 12:16:56 -04:00
|
|
|
if(result)
|
2009-08-03 04:45:19 -04:00
|
|
|
/* error already detected, pass through */
|
|
|
|
;
|
|
|
|
else if(!peer_CN) {
|
2007-07-11 18:20:46 -04:00
|
|
|
failf(data,
|
|
|
|
"SSL: unable to obtain common name from peer certificate");
|
2014-11-01 12:16:56 -04:00
|
|
|
result = CURLE_PEER_FAILED_VERIFICATION;
|
2003-10-07 17:46:47 -04:00
|
|
|
}
|
2016-11-16 12:49:15 -05:00
|
|
|
else if(!Curl_cert_hostcheck((const char *)peer_CN, hostname)) {
|
2012-10-27 06:31:39 -04:00
|
|
|
failf(data, "SSL: certificate subject name '%s' does not match "
|
2016-11-16 12:49:15 -05:00
|
|
|
"target host name '%s'", peer_CN, dispname);
|
2014-11-01 12:16:56 -04:00
|
|
|
result = CURLE_PEER_FAILED_VERIFICATION;
|
2003-10-07 17:46:47 -04:00
|
|
|
}
|
2004-05-17 18:01:16 -04:00
|
|
|
else {
|
2016-03-16 06:02:33 -04:00
|
|
|
infof(data, " common name: %s (matched)\n", peer_CN);
|
2004-05-17 18:01:16 -04:00
|
|
|
}
|
2005-01-10 04:48:39 -05:00
|
|
|
if(peer_CN)
|
2016-09-09 17:33:09 -04:00
|
|
|
OPENSSL_free(peer_CN);
|
2004-05-18 03:25:13 -04:00
|
|
|
}
|
2014-11-01 12:16:56 -04:00
|
|
|
|
|
|
|
return result;
|
2003-10-07 17:46:47 -04:00
|
|
|
}
|
2014-06-16 09:05:17 -04:00
|
|
|
|
2015-02-09 15:58:33 -05:00
|
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
|
2016-02-08 23:19:31 -05:00
|
|
|
!defined(OPENSSL_NO_OCSP)
|
2014-06-16 09:05:17 -04:00
|
|
|
static CURLcode verifystatus(struct connectdata *conn,
|
|
|
|
struct ssl_connect_data *connssl)
|
|
|
|
{
|
|
|
|
int i, ocsp_status;
|
2019-01-15 17:57:25 -05:00
|
|
|
unsigned char *status;
|
2014-06-16 09:05:17 -04:00
|
|
|
const unsigned char *p;
|
|
|
|
CURLcode result = CURLE_OK;
|
2016-06-21 09:47:12 -04:00
|
|
|
struct Curl_easy *data = conn->data;
|
2014-06-16 09:05:17 -04:00
|
|
|
OCSP_RESPONSE *rsp = NULL;
|
|
|
|
OCSP_BASICRESP *br = NULL;
|
|
|
|
X509_STORE *st = NULL;
|
|
|
|
STACK_OF(X509) *ch = NULL;
|
2020-03-18 11:58:38 -04:00
|
|
|
struct ssl_backend_data *backend = connssl->backend;
|
2014-06-16 09:05:17 -04:00
|
|
|
|
2020-03-18 11:58:38 -04:00
|
|
|
long len = SSL_get_tlsext_status_ocsp_resp(backend->handle, &status);
|
2014-06-16 09:05:17 -04:00
|
|
|
|
2019-01-15 17:57:25 -05:00
|
|
|
if(!status) {
|
2014-06-16 09:05:17 -04:00
|
|
|
failf(data, "No OCSP response received");
|
|
|
|
result = CURLE_SSL_INVALIDCERTSTATUS;
|
|
|
|
goto end;
|
|
|
|
}
|
2019-01-15 17:57:25 -05:00
|
|
|
p = status;
|
2014-06-16 09:05:17 -04:00
|
|
|
rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
|
|
|
|
if(!rsp) {
|
|
|
|
failf(data, "Invalid OCSP response");
|
|
|
|
result = CURLE_SSL_INVALIDCERTSTATUS;
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
|
|
|
|
ocsp_status = OCSP_response_status(rsp);
|
|
|
|
if(ocsp_status != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
|
|
|
|
failf(data, "Invalid OCSP response status: %s (%d)",
|
|
|
|
OCSP_response_status_str(ocsp_status), ocsp_status);
|
|
|
|
result = CURLE_SSL_INVALIDCERTSTATUS;
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
|
|
|
|
br = OCSP_response_get1_basic(rsp);
|
|
|
|
if(!br) {
|
|
|
|
failf(data, "Invalid OCSP response");
|
|
|
|
result = CURLE_SSL_INVALIDCERTSTATUS;
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
|
2020-03-18 11:58:38 -04:00
|
|
|
ch = SSL_get_peer_cert_chain(backend->handle);
|
|
|
|
st = SSL_CTX_get_cert_store(backend->ctx);
|
2014-06-16 09:05:17 -04:00
|
|
|
|
2015-03-24 18:39:52 -04:00
|
|
|
#if ((OPENSSL_VERSION_NUMBER <= 0x1000201fL) /* Fixed after 1.0.2a */ || \
|
2017-06-13 06:06:03 -04:00
|
|
|
(defined(LIBRESSL_VERSION_NUMBER) && \
|
|
|
|
LIBRESSL_VERSION_NUMBER <= 0x2040200fL))
|
2014-06-16 09:05:17 -04:00
|
|
|
/* The authorized responder cert in the OCSP response MUST be signed by the
|
|
|
|
peer cert's issuer (see RFC6960 section 4.2.2.2). If that's a root cert,
|
|
|
|
no problem, but if it's an intermediate cert OpenSSL has a bug where it
|
|
|
|
expects this issuer to be present in the chain embedded in the OCSP
|
|
|
|
response. So we add it if necessary. */
|
|
|
|
|
|
|
|
/* First make sure the peer cert chain includes both a peer and an issuer,
|
|
|
|
and the OCSP response contains a responder cert. */
|
|
|
|
if(sk_X509_num(ch) >= 2 && sk_X509_num(br->certs) >= 1) {
|
|
|
|
X509 *responder = sk_X509_value(br->certs, sk_X509_num(br->certs) - 1);
|
|
|
|
|
|
|
|
/* Find issuer of responder cert and add it to the OCSP response chain */
|
|
|
|
for(i = 0; i < sk_X509_num(ch); i++) {
|
|
|
|
X509 *issuer = sk_X509_value(ch, i);
|
|
|
|
if(X509_check_issued(issuer, responder) == X509_V_OK) {
|
|
|
|
if(!OCSP_basic_add1_cert(br, issuer)) {
|
|
|
|
failf(data, "Could not add issuer cert to OCSP response");
|
|
|
|
result = CURLE_SSL_INVALIDCERTSTATUS;
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2015-03-24 18:05:26 -04:00
|
|
|
#endif
|
2014-06-16 09:05:17 -04:00
|
|
|
|
|
|
|
if(OCSP_basic_verify(br, ch, st, 0) <= 0) {
|
|
|
|
failf(data, "OCSP response verification failed");
|
|
|
|
result = CURLE_SSL_INVALIDCERTSTATUS;
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
|
2015-03-20 08:24:08 -04:00
|
|
|
for(i = 0; i < OCSP_resp_count(br); i++) {
|
2014-06-16 09:05:17 -04:00
|
|
|
int cert_status, crl_reason;
|
|
|
|
OCSP_SINGLERESP *single = NULL;
|
|
|
|
|
|
|
|
ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
|
|
|
|
|
2016-03-20 13:35:31 -04:00
|
|
|
single = OCSP_resp_get0(br, i);
|
|
|
|
if(!single)
|
2014-06-16 09:05:17 -04:00
|
|
|
continue;
|
|
|
|
|
|
|
|
cert_status = OCSP_single_get0_status(single, &crl_reason, &rev,
|
|
|
|
&thisupd, &nextupd);
|
|
|
|
|
|
|
|
if(!OCSP_check_validity(thisupd, nextupd, 300L, -1L)) {
|
|
|
|
failf(data, "OCSP response has expired");
|
|
|
|
result = CURLE_SSL_INVALIDCERTSTATUS;
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
|
|
|
|
infof(data, "SSL certificate status: %s (%d)\n",
|
|
|
|
OCSP_cert_status_str(cert_status), cert_status);
|
|
|
|
|
|
|
|
switch(cert_status) {
|
|
|
|
case V_OCSP_CERTSTATUS_GOOD:
|
|
|
|
break;
|
|
|
|
|
|
|
|
case V_OCSP_CERTSTATUS_REVOKED:
|
|
|
|
result = CURLE_SSL_INVALIDCERTSTATUS;
|
|
|
|
|
|
|
|
failf(data, "SSL certificate revocation reason: %s (%d)",
|
|
|
|
OCSP_crl_reason_str(crl_reason), crl_reason);
|
|
|
|
goto end;
|
|
|
|
|
|
|
|
case V_OCSP_CERTSTATUS_UNKNOWN:
|
|
|
|
result = CURLE_SSL_INVALIDCERTSTATUS;
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
end:
|
2020-03-30 04:55:31 -04:00
|
|
|
if(br)
|
|
|
|
OCSP_BASICRESP_free(br);
|
2014-06-16 09:05:17 -04:00
|
|
|
OCSP_RESPONSE_free(rsp);
|
|
|
|
|
|
|
|
return result;
|
|
|
|
}
|
2015-02-12 02:34:40 -05:00
|
|
|
#endif
|
2014-06-16 09:05:17 -04:00
|
|
|
|
2015-03-05 04:57:52 -05:00
|
|
|
#endif /* USE_OPENSSL */
|
2003-10-07 17:46:47 -04:00
|
|
|
|
2004-06-18 02:20:43 -04:00
|
|
|
/* The SSL_CTRL_SET_MSG_CALLBACK doesn't exist in ancient OpenSSL versions
|
|
|
|
and thus this cannot be done there. */
|
|
|
|
#ifdef SSL_CTRL_SET_MSG_CALLBACK
|
|
|
|
|
|
|
|
static const char *ssl_msg_type(int ssl_ver, int msg)
|
|
|
|
{
|
2014-12-22 07:56:04 -05:00
|
|
|
#ifdef SSL2_VERSION_MAJOR
|
2007-11-05 04:45:09 -05:00
|
|
|
if(ssl_ver == SSL2_VERSION_MAJOR) {
|
2016-12-13 17:34:59 -05:00
|
|
|
switch(msg) {
|
2004-06-18 02:20:43 -04:00
|
|
|
case SSL2_MT_ERROR:
|
|
|
|
return "Error";
|
|
|
|
case SSL2_MT_CLIENT_HELLO:
|
|
|
|
return "Client hello";
|
|
|
|
case SSL2_MT_CLIENT_MASTER_KEY:
|
|
|
|
return "Client key";
|
|
|
|
case SSL2_MT_CLIENT_FINISHED:
|
|
|
|
return "Client finished";
|
|
|
|
case SSL2_MT_SERVER_HELLO:
|
|
|
|
return "Server hello";
|
|
|
|
case SSL2_MT_SERVER_VERIFY:
|
|
|
|
return "Server verify";
|
|
|
|
case SSL2_MT_SERVER_FINISHED:
|
|
|
|
return "Server finished";
|
|
|
|
case SSL2_MT_REQUEST_CERTIFICATE:
|
|
|
|
return "Request CERT";
|
|
|
|
case SSL2_MT_CLIENT_CERTIFICATE:
|
|
|
|
return "Client CERT";
|
|
|
|
}
|
|
|
|
}
|
2014-12-22 07:56:04 -05:00
|
|
|
else
|
|
|
|
#endif
|
|
|
|
if(ssl_ver == SSL3_VERSION_MAJOR) {
|
2016-12-13 17:34:59 -05:00
|
|
|
switch(msg) {
|
2004-06-18 02:20:43 -04:00
|
|
|
case SSL3_MT_HELLO_REQUEST:
|
|
|
|
return "Hello request";
|
|
|
|
case SSL3_MT_CLIENT_HELLO:
|
|
|
|
return "Client hello";
|
|
|
|
case SSL3_MT_SERVER_HELLO:
|
|
|
|
return "Server hello";
|
2015-06-17 10:53:34 -04:00
|
|
|
#ifdef SSL3_MT_NEWSESSION_TICKET
|
2015-05-04 06:27:59 -04:00
|
|
|
case SSL3_MT_NEWSESSION_TICKET:
|
|
|
|
return "Newsession Ticket";
|
2015-06-17 10:53:34 -04:00
|
|
|
#endif
|
2004-06-18 02:20:43 -04:00
|
|
|
case SSL3_MT_CERTIFICATE:
|
2015-05-04 06:27:59 -04:00
|
|
|
return "Certificate";
|
2004-06-18 02:20:43 -04:00
|
|
|
case SSL3_MT_SERVER_KEY_EXCHANGE:
|
|
|
|
return "Server key exchange";
|
|
|
|
case SSL3_MT_CLIENT_KEY_EXCHANGE:
|
|
|
|
return "Client key exchange";
|
|
|
|
case SSL3_MT_CERTIFICATE_REQUEST:
|
|
|
|
return "Request CERT";
|
|
|
|
case SSL3_MT_SERVER_DONE:
|
|
|
|
return "Server finished";
|
|
|
|
case SSL3_MT_CERTIFICATE_VERIFY:
|
|
|
|
return "CERT verify";
|
|
|
|
case SSL3_MT_FINISHED:
|
|
|
|
return "Finished";
|
2015-05-04 06:27:59 -04:00
|
|
|
#ifdef SSL3_MT_CERTIFICATE_STATUS
|
|
|
|
case SSL3_MT_CERTIFICATE_STATUS:
|
|
|
|
return "Certificate Status";
|
2018-03-20 02:57:50 -04:00
|
|
|
#endif
|
|
|
|
#ifdef SSL3_MT_ENCRYPTED_EXTENSIONS
|
|
|
|
case SSL3_MT_ENCRYPTED_EXTENSIONS:
|
|
|
|
return "Encrypted Extensions";
|
|
|
|
#endif
|
|
|
|
#ifdef SSL3_MT_END_OF_EARLY_DATA
|
|
|
|
case SSL3_MT_END_OF_EARLY_DATA:
|
|
|
|
return "End of early data";
|
|
|
|
#endif
|
|
|
|
#ifdef SSL3_MT_KEY_UPDATE
|
|
|
|
case SSL3_MT_KEY_UPDATE:
|
|
|
|
return "Key update";
|
|
|
|
#endif
|
|
|
|
#ifdef SSL3_MT_NEXT_PROTO
|
|
|
|
case SSL3_MT_NEXT_PROTO:
|
|
|
|
return "Next protocol";
|
|
|
|
#endif
|
|
|
|
#ifdef SSL3_MT_MESSAGE_HASH
|
|
|
|
case SSL3_MT_MESSAGE_HASH:
|
|
|
|
return "Message hash";
|
2015-05-04 06:27:59 -04:00
|
|
|
#endif
|
2004-06-18 02:20:43 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
return "Unknown";
|
|
|
|
}
|
|
|
|
|
2018-11-16 11:57:08 -05:00
|
|
|
static const char *tls_rt_type(int type)
|
2004-06-18 02:20:43 -04:00
|
|
|
{
|
2015-05-04 06:27:59 -04:00
|
|
|
switch(type) {
|
2015-05-04 07:29:34 -04:00
|
|
|
#ifdef SSL3_RT_HEADER
|
2015-05-04 06:27:59 -04:00
|
|
|
case SSL3_RT_HEADER:
|
|
|
|
return "TLS header";
|
2015-05-04 07:29:34 -04:00
|
|
|
#endif
|
2015-05-04 06:27:59 -04:00
|
|
|
case SSL3_RT_CHANGE_CIPHER_SPEC:
|
|
|
|
return "TLS change cipher";
|
|
|
|
case SSL3_RT_ALERT:
|
|
|
|
return "TLS alert";
|
|
|
|
case SSL3_RT_HANDSHAKE:
|
|
|
|
return "TLS handshake";
|
|
|
|
case SSL3_RT_APPLICATION_DATA:
|
|
|
|
return "TLS app data";
|
|
|
|
default:
|
|
|
|
return "TLS Unknown";
|
|
|
|
}
|
2004-06-18 02:20:43 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Our callback from the SSL/TLS layers.
|
|
|
|
*/
|
|
|
|
static void ssl_tls_trace(int direction, int ssl_ver, int content_type,
|
2015-05-19 11:10:28 -04:00
|
|
|
const void *buf, size_t len, SSL *ssl,
|
|
|
|
void *userp)
|
2004-06-18 02:20:43 -04:00
|
|
|
{
|
2016-06-21 09:47:12 -04:00
|
|
|
struct Curl_easy *data;
|
2014-12-22 08:09:46 -05:00
|
|
|
char unknown[32];
|
2015-07-16 03:09:02 -04:00
|
|
|
const char *verstr = NULL;
|
2015-05-19 11:10:28 -04:00
|
|
|
struct connectdata *conn = userp;
|
2004-06-18 02:20:43 -04:00
|
|
|
|
2007-11-05 04:45:09 -05:00
|
|
|
if(!conn || !conn->data || !conn->data->set.fdebug ||
|
2009-12-10 15:19:56 -05:00
|
|
|
(direction != 0 && direction != 1))
|
2004-06-18 02:20:43 -04:00
|
|
|
return;
|
|
|
|
|
|
|
|
data = conn->data;
|
2014-12-22 08:09:46 -05:00
|
|
|
|
|
|
|
switch(ssl_ver) {
|
2015-05-04 06:27:59 -04:00
|
|
|
#ifdef SSL2_VERSION /* removed in recent versions */
|
|
|
|
case SSL2_VERSION:
|
2014-12-22 08:09:46 -05:00
|
|
|
verstr = "SSLv2";
|
|
|
|
break;
|
2014-12-22 07:56:04 -05:00
|
|
|
#endif
|
2014-12-22 08:09:46 -05:00
|
|
|
#ifdef SSL3_VERSION
|
|
|
|
case SSL3_VERSION:
|
|
|
|
verstr = "SSLv3";
|
|
|
|
break;
|
|
|
|
#endif
|
|
|
|
case TLS1_VERSION:
|
|
|
|
verstr = "TLSv1.0";
|
|
|
|
break;
|
2014-12-22 19:16:07 -05:00
|
|
|
#ifdef TLS1_1_VERSION
|
2014-12-22 08:09:46 -05:00
|
|
|
case TLS1_1_VERSION:
|
|
|
|
verstr = "TLSv1.1";
|
|
|
|
break;
|
2014-12-22 19:16:07 -05:00
|
|
|
#endif
|
|
|
|
#ifdef TLS1_2_VERSION
|
2014-12-22 08:09:46 -05:00
|
|
|
case TLS1_2_VERSION:
|
|
|
|
verstr = "TLSv1.2";
|
|
|
|
break;
|
2016-11-07 08:38:59 -05:00
|
|
|
#endif
|
|
|
|
#ifdef TLS1_3_VERSION
|
|
|
|
case TLS1_3_VERSION:
|
|
|
|
verstr = "TLSv1.3";
|
|
|
|
break;
|
2014-12-22 19:16:07 -05:00
|
|
|
#endif
|
2015-05-04 06:27:59 -04:00
|
|
|
case 0:
|
|
|
|
break;
|
2014-12-22 08:09:46 -05:00
|
|
|
default:
|
2018-11-22 03:01:24 -05:00
|
|
|
msnprintf(unknown, sizeof(unknown), "(%x)", ssl_ver);
|
2014-12-22 08:09:46 -05:00
|
|
|
verstr = unknown;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2018-11-16 11:57:08 -05:00
|
|
|
/* Log progress for interesting records only (like Handshake or Alert), skip
|
|
|
|
* all raw record headers (content_type == SSL3_RT_HEADER or ssl_ver == 0).
|
|
|
|
* For TLS 1.3, skip notification of the decrypted inner Content Type.
|
|
|
|
*/
|
|
|
|
if(ssl_ver
|
|
|
|
#ifdef SSL3_RT_INNER_CONTENT_TYPE
|
|
|
|
&& content_type != SSL3_RT_INNER_CONTENT_TYPE
|
|
|
|
#endif
|
|
|
|
) {
|
2018-03-20 02:57:50 -04:00
|
|
|
const char *msg_name, *tls_rt_name;
|
|
|
|
char ssl_buf[1024];
|
|
|
|
int msg_type, txt_len;
|
|
|
|
|
2015-05-04 06:27:59 -04:00
|
|
|
/* the info given when the version is zero is not that useful for us */
|
2004-06-18 02:20:43 -04:00
|
|
|
|
2015-05-04 06:27:59 -04:00
|
|
|
ssl_ver >>= 8; /* check the upper 8 bits only below */
|
|
|
|
|
|
|
|
/* SSLv2 doesn't seem to have TLS record-type headers, so OpenSSL
|
|
|
|
* always pass-up content-type as 0. But the interesting message-type
|
|
|
|
* is at 'buf[0]'.
|
|
|
|
*/
|
|
|
|
if(ssl_ver == SSL3_VERSION_MAJOR && content_type)
|
2018-11-16 11:57:08 -05:00
|
|
|
tls_rt_name = tls_rt_type(content_type);
|
2015-05-04 06:27:59 -04:00
|
|
|
else
|
|
|
|
tls_rt_name = "";
|
2004-06-18 02:20:43 -04:00
|
|
|
|
2018-08-06 17:35:33 -04:00
|
|
|
if(content_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
|
|
|
|
msg_type = *(char *)buf;
|
|
|
|
msg_name = "Change cipher spec";
|
|
|
|
}
|
|
|
|
else if(content_type == SSL3_RT_ALERT) {
|
|
|
|
msg_type = (((char *)buf)[0] << 8) + ((char *)buf)[1];
|
|
|
|
msg_name = SSL_alert_desc_string_long(msg_type);
|
|
|
|
}
|
|
|
|
else {
|
2018-03-20 02:57:50 -04:00
|
|
|
msg_type = *(char *)buf;
|
|
|
|
msg_name = ssl_msg_type(ssl_ver, msg_type);
|
|
|
|
}
|
2004-06-18 02:20:43 -04:00
|
|
|
|
2018-11-22 03:01:24 -05:00
|
|
|
txt_len = msnprintf(ssl_buf, sizeof(ssl_buf), "%s (%s), %s, %s (%d):\n",
|
|
|
|
verstr, direction?"OUT":"IN",
|
|
|
|
tls_rt_name, msg_name, msg_type);
|
2018-03-20 02:57:50 -04:00
|
|
|
if(0 <= txt_len && (unsigned)txt_len < sizeof(ssl_buf)) {
|
2018-06-11 18:10:43 -04:00
|
|
|
Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len);
|
2018-03-20 02:57:50 -04:00
|
|
|
}
|
2015-05-04 06:27:59 -04:00
|
|
|
}
|
2004-06-18 02:20:43 -04:00
|
|
|
|
|
|
|
Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT :
|
2018-06-11 18:10:43 -04:00
|
|
|
CURLINFO_SSL_DATA_IN, (char *)buf, len);
|
2004-06-18 02:20:43 -04:00
|
|
|
(void) ssl;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2015-03-05 04:57:52 -05:00
|
|
|
#ifdef USE_OPENSSL
|
1999-12-29 09:20:26 -05:00
|
|
|
/* ====================================================== */
|
2006-03-21 16:54:44 -05:00
|
|
|
|
2009-09-24 09:24:08 -04:00
|
|
|
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
|
|
|
# define use_sni(x) sni = (x)
|
|
|
|
#else
|
2011-09-03 10:06:10 -04:00
|
|
|
# define use_sni(x) Curl_nop_stmt
|
2009-09-24 09:24:08 -04:00
|
|
|
#endif
|
|
|
|
|
2014-10-28 19:56:48 -04:00
|
|
|
/* Check for OpenSSL 1.0.2 which has ALPN support. */
|
2014-02-02 21:33:28 -05:00
|
|
|
#undef HAS_ALPN
|
2014-10-29 09:32:32 -04:00
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x10002000L \
|
2014-10-28 19:56:48 -04:00
|
|
|
&& !defined(OPENSSL_NO_TLSEXT)
|
2014-10-29 15:43:44 -04:00
|
|
|
# define HAS_ALPN 1
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/* Check for OpenSSL 1.0.1 which has NPN support. */
|
|
|
|
#undef HAS_NPN
|
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x10001000L \
|
|
|
|
&& !defined(OPENSSL_NO_TLSEXT) \
|
|
|
|
&& !defined(OPENSSL_NO_NEXTPROTONEG)
|
|
|
|
# define HAS_NPN 1
|
2014-02-02 21:33:28 -05:00
|
|
|
#endif
|
|
|
|
|
2014-10-29 15:43:44 -04:00
|
|
|
#ifdef HAS_NPN
|
2014-02-02 21:33:28 -05:00
|
|
|
|
2014-01-30 00:18:03 -05:00
|
|
|
/*
|
2017-03-26 11:02:22 -04:00
|
|
|
* in is a list of length prefixed strings. this function has to select
|
2014-01-30 00:18:03 -05:00
|
|
|
* the protocol we want to use from the list and write its string into out.
|
|
|
|
*/
|
2015-02-16 10:47:56 -05:00
|
|
|
|
|
|
|
static int
|
|
|
|
select_next_protocol(unsigned char **out, unsigned char *outlen,
|
|
|
|
const unsigned char *in, unsigned int inlen,
|
|
|
|
const char *key, unsigned int keylen)
|
|
|
|
{
|
|
|
|
unsigned int i;
|
|
|
|
for(i = 0; i + keylen <= inlen; i += in[i] + 1) {
|
|
|
|
if(memcmp(&in[i + 1], key, keylen) == 0) {
|
|
|
|
*out = (unsigned char *) &in[i + 1];
|
|
|
|
*outlen = in[i];
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2014-01-30 00:18:03 -05:00
|
|
|
static int
|
|
|
|
select_next_proto_cb(SSL *ssl,
|
|
|
|
unsigned char **out, unsigned char *outlen,
|
|
|
|
const unsigned char *in, unsigned int inlen,
|
|
|
|
void *arg)
|
|
|
|
{
|
|
|
|
struct connectdata *conn = (struct connectdata*) arg;
|
2014-11-01 12:44:32 -04:00
|
|
|
|
2014-01-30 00:18:03 -05:00
|
|
|
(void)ssl;
|
|
|
|
|
2015-02-16 10:47:56 -05:00
|
|
|
#ifdef USE_NGHTTP2
|
2015-12-13 03:23:36 -05:00
|
|
|
if(conn->data->set.httpversion >= CURL_HTTP_VERSION_2 &&
|
2015-02-16 10:47:56 -05:00
|
|
|
!select_next_protocol(out, outlen, in, inlen, NGHTTP2_PROTO_VERSION_ID,
|
|
|
|
NGHTTP2_PROTO_VERSION_ID_LEN)) {
|
2014-03-31 03:00:58 -04:00
|
|
|
infof(conn->data, "NPN, negotiated HTTP2 (%s)\n",
|
|
|
|
NGHTTP2_PROTO_VERSION_ID);
|
2015-12-13 03:23:36 -05:00
|
|
|
conn->negnpn = CURL_HTTP_VERSION_2;
|
2015-02-16 10:47:56 -05:00
|
|
|
return SSL_TLSEXT_ERR_OK;
|
2014-01-30 00:18:03 -05:00
|
|
|
}
|
2015-02-16 10:47:56 -05:00
|
|
|
#endif
|
|
|
|
|
|
|
|
if(!select_next_protocol(out, outlen, in, inlen, ALPN_HTTP_1_1,
|
|
|
|
ALPN_HTTP_1_1_LENGTH)) {
|
2014-01-30 00:18:03 -05:00
|
|
|
infof(conn->data, "NPN, negotiated HTTP1.1\n");
|
2015-03-07 05:10:30 -05:00
|
|
|
conn->negnpn = CURL_HTTP_VERSION_1_1;
|
2015-02-16 10:47:56 -05:00
|
|
|
return SSL_TLSEXT_ERR_OK;
|
2014-01-30 00:18:03 -05:00
|
|
|
}
|
|
|
|
|
2015-02-16 10:47:56 -05:00
|
|
|
infof(conn->data, "NPN, no overlap, use HTTP1.1\n");
|
|
|
|
*out = (unsigned char *)ALPN_HTTP_1_1;
|
|
|
|
*outlen = ALPN_HTTP_1_1_LENGTH;
|
2015-03-07 05:10:30 -05:00
|
|
|
conn->negnpn = CURL_HTTP_VERSION_1_1;
|
2015-02-16 10:47:56 -05:00
|
|
|
|
2014-01-30 00:18:03 -05:00
|
|
|
return SSL_TLSEXT_ERR_OK;
|
|
|
|
}
|
2014-10-29 15:43:44 -04:00
|
|
|
#endif /* HAS_NPN */
|
2014-11-01 12:44:32 -04:00
|
|
|
|
2018-10-16 17:35:44 -04:00
|
|
|
#ifndef CURL_DISABLE_VERBOSE_STRINGS
|
2014-03-10 12:11:25 -04:00
|
|
|
static const char *
|
2015-02-05 05:56:29 -05:00
|
|
|
get_ssl_version_txt(SSL *ssl)
|
2014-03-10 12:11:25 -04:00
|
|
|
{
|
2015-02-05 05:56:29 -05:00
|
|
|
if(!ssl)
|
2014-03-10 12:11:25 -04:00
|
|
|
return "";
|
|
|
|
|
2015-02-05 05:56:29 -05:00
|
|
|
switch(SSL_version(ssl)) {
|
2016-11-07 08:38:59 -05:00
|
|
|
#ifdef TLS1_3_VERSION
|
|
|
|
case TLS1_3_VERSION:
|
|
|
|
return "TLSv1.3";
|
|
|
|
#endif
|
2014-03-10 12:11:25 -04:00
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
|
|
|
|
case TLS1_2_VERSION:
|
|
|
|
return "TLSv1.2";
|
|
|
|
case TLS1_1_VERSION:
|
|
|
|
return "TLSv1.1";
|
|
|
|
#endif
|
|
|
|
case TLS1_VERSION:
|
|
|
|
return "TLSv1.0";
|
|
|
|
case SSL3_VERSION:
|
|
|
|
return "SSLv3";
|
|
|
|
case SSL2_VERSION:
|
|
|
|
return "SSLv2";
|
|
|
|
}
|
|
|
|
return "unknown";
|
|
|
|
}
|
2018-10-16 17:35:44 -04:00
|
|
|
#endif
|
2014-03-10 12:11:25 -04:00
|
|
|
|
2019-09-08 10:44:54 -04:00
|
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) /* 1.1.0 */
|
|
|
|
static CURLcode
|
|
|
|
set_ssl_version_min_max(SSL_CTX *ctx, struct connectdata *conn)
|
|
|
|
{
|
|
|
|
/* first, TLS min version... */
|
|
|
|
long curl_ssl_version_min = SSL_CONN_CONFIG(version);
|
|
|
|
long curl_ssl_version_max;
|
|
|
|
|
|
|
|
/* convert cURL min SSL version option to OpenSSL constant */
|
2019-09-22 11:45:27 -04:00
|
|
|
#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
|
2019-09-15 17:58:49 -04:00
|
|
|
uint16_t ossl_ssl_version_min = 0;
|
|
|
|
uint16_t ossl_ssl_version_max = 0;
|
|
|
|
#else
|
2019-09-08 10:44:54 -04:00
|
|
|
long ossl_ssl_version_min = 0;
|
|
|
|
long ossl_ssl_version_max = 0;
|
2019-09-15 17:58:49 -04:00
|
|
|
#endif
|
2019-09-08 10:44:54 -04:00
|
|
|
switch(curl_ssl_version_min) {
|
|
|
|
case CURL_SSLVERSION_TLSv1: /* TLS 1.x */
|
|
|
|
case CURL_SSLVERSION_TLSv1_0:
|
|
|
|
ossl_ssl_version_min = TLS1_VERSION;
|
|
|
|
break;
|
|
|
|
case CURL_SSLVERSION_TLSv1_1:
|
|
|
|
ossl_ssl_version_min = TLS1_1_VERSION;
|
|
|
|
break;
|
|
|
|
case CURL_SSLVERSION_TLSv1_2:
|
|
|
|
ossl_ssl_version_min = TLS1_2_VERSION;
|
|
|
|
break;
|
|
|
|
#ifdef TLS1_3_VERSION
|
|
|
|
case CURL_SSLVERSION_TLSv1_3:
|
|
|
|
ossl_ssl_version_min = TLS1_3_VERSION;
|
|
|
|
break;
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
|
|
|
/* CURL_SSLVERSION_DEFAULT means that no option was selected.
|
2019-09-15 17:58:49 -04:00
|
|
|
We don't want to pass 0 to SSL_CTX_set_min_proto_version as
|
|
|
|
it would enable all versions down to the lowest supported by
|
|
|
|
the library.
|
|
|
|
So we skip this, and stay with the OS default
|
2019-09-08 10:44:54 -04:00
|
|
|
*/
|
|
|
|
if(curl_ssl_version_min != CURL_SSLVERSION_DEFAULT) {
|
|
|
|
if(!SSL_CTX_set_min_proto_version(ctx, ossl_ssl_version_min)) {
|
|
|
|
return CURLE_SSL_CONNECT_ERROR;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* ... then, TLS max version */
|
|
|
|
curl_ssl_version_max = SSL_CONN_CONFIG(version_max);
|
|
|
|
|
|
|
|
/* convert cURL max SSL version option to OpenSSL constant */
|
|
|
|
switch(curl_ssl_version_max) {
|
|
|
|
case CURL_SSLVERSION_MAX_TLSv1_0:
|
|
|
|
ossl_ssl_version_max = TLS1_VERSION;
|
|
|
|
break;
|
|
|
|
case CURL_SSLVERSION_MAX_TLSv1_1:
|
|
|
|
ossl_ssl_version_max = TLS1_1_VERSION;
|
|
|
|
break;
|
|
|
|
case CURL_SSLVERSION_MAX_TLSv1_2:
|
|
|
|
ossl_ssl_version_max = TLS1_2_VERSION;
|
|
|
|
break;
|
|
|
|
#ifdef TLS1_3_VERSION
|
|
|
|
case CURL_SSLVERSION_MAX_TLSv1_3:
|
|
|
|
ossl_ssl_version_max = TLS1_3_VERSION;
|
|
|
|
break;
|
|
|
|
#endif
|
|
|
|
case CURL_SSLVERSION_MAX_NONE: /* none selected */
|
|
|
|
case CURL_SSLVERSION_MAX_DEFAULT: /* max selected */
|
|
|
|
default:
|
|
|
|
/* SSL_CTX_set_max_proto_version states that:
|
|
|
|
setting the maximum to 0 will enable
|
|
|
|
protocol versions up to the highest version
|
|
|
|
supported by the library */
|
|
|
|
ossl_ssl_version_max = 0;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if(!SSL_CTX_set_max_proto_version(ctx, ossl_ssl_version_max)) {
|
|
|
|
return CURLE_SSL_CONNECT_ERROR;
|
|
|
|
}
|
|
|
|
|
|
|
|
return CURLE_OK;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2019-08-20 05:30:25 -04:00
|
|
|
#ifdef OPENSSL_IS_BORINGSSL
|
|
|
|
typedef uint32_t ctx_option_t;
|
|
|
|
#else
|
|
|
|
typedef long ctx_option_t;
|
|
|
|
#endif
|
|
|
|
|
2019-09-08 10:44:54 -04:00
|
|
|
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) /* 1.1.0 */
|
2016-12-13 15:10:00 -05:00
|
|
|
static CURLcode
|
2019-09-08 10:44:54 -04:00
|
|
|
set_ssl_version_min_max_legacy(ctx_option_t *ctx_options,
|
|
|
|
struct connectdata *conn, int sockindex)
|
2016-12-13 15:10:00 -05:00
|
|
|
{
|
2017-03-08 17:38:26 -05:00
|
|
|
#if (OPENSSL_VERSION_NUMBER < 0x1000100FL) || !defined(TLS1_3_VERSION)
|
|
|
|
/* convoluted #if condition just to avoid compiler warnings on unused
|
|
|
|
variable */
|
2016-12-13 15:10:00 -05:00
|
|
|
struct Curl_easy *data = conn->data;
|
2017-03-08 17:38:26 -05:00
|
|
|
#endif
|
2016-12-13 15:10:00 -05:00
|
|
|
long ssl_version = SSL_CONN_CONFIG(version);
|
|
|
|
long ssl_version_max = SSL_CONN_CONFIG(version_max);
|
2017-03-08 17:38:26 -05:00
|
|
|
|
2016-12-13 15:10:00 -05:00
|
|
|
switch(ssl_version) {
|
|
|
|
case CURL_SSLVERSION_TLSv1_3:
|
|
|
|
#ifdef TLS1_3_VERSION
|
2017-03-08 17:38:26 -05:00
|
|
|
{
|
|
|
|
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
2020-03-18 11:58:38 -04:00
|
|
|
SSL_CTX_set_max_proto_version(backend->ctx, TLS1_3_VERSION);
|
2016-12-13 15:10:00 -05:00
|
|
|
*ctx_options |= SSL_OP_NO_TLSv1_2;
|
2017-03-08 17:38:26 -05:00
|
|
|
}
|
2016-12-13 15:10:00 -05:00
|
|
|
#else
|
2017-03-08 17:38:26 -05:00
|
|
|
(void)sockindex;
|
2018-12-07 05:31:08 -05:00
|
|
|
(void)ctx_options;
|
2016-12-13 15:10:00 -05:00
|
|
|
failf(data, OSSL_PACKAGE " was built without TLS 1.3 support");
|
|
|
|
return CURLE_NOT_BUILT_IN;
|
|
|
|
#endif
|
2017-08-11 02:15:16 -04:00
|
|
|
/* FALLTHROUGH */
|
2016-12-13 15:10:00 -05:00
|
|
|
case CURL_SSLVERSION_TLSv1_2:
|
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
|
|
|
|
*ctx_options |= SSL_OP_NO_TLSv1_1;
|
|
|
|
#else
|
|
|
|
failf(data, OSSL_PACKAGE " was built without TLS 1.2 support");
|
|
|
|
return CURLE_NOT_BUILT_IN;
|
|
|
|
#endif
|
2017-04-10 06:59:30 -04:00
|
|
|
/* FALLTHROUGH */
|
2016-12-13 15:10:00 -05:00
|
|
|
case CURL_SSLVERSION_TLSv1_1:
|
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
|
|
|
|
*ctx_options |= SSL_OP_NO_TLSv1;
|
|
|
|
#else
|
|
|
|
failf(data, OSSL_PACKAGE " was built without TLS 1.1 support");
|
|
|
|
return CURLE_NOT_BUILT_IN;
|
|
|
|
#endif
|
2017-04-10 06:59:30 -04:00
|
|
|
/* FALLTHROUGH */
|
2016-12-13 15:10:00 -05:00
|
|
|
case CURL_SSLVERSION_TLSv1_0:
|
2018-06-28 17:24:21 -04:00
|
|
|
case CURL_SSLVERSION_TLSv1:
|
2016-12-13 15:10:00 -05:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
switch(ssl_version_max) {
|
|
|
|
case CURL_SSLVERSION_MAX_TLSv1_0:
|
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
|
|
|
|
*ctx_options |= SSL_OP_NO_TLSv1_1;
|
|
|
|
#endif
|
2017-03-10 02:46:54 -05:00
|
|
|
/* FALLTHROUGH */
|
2016-12-13 15:10:00 -05:00
|
|
|
case CURL_SSLVERSION_MAX_TLSv1_1:
|
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x1000100FL
|
|
|
|
*ctx_options |= SSL_OP_NO_TLSv1_2;
|
|
|
|
#endif
|
2017-03-10 02:46:54 -05:00
|
|
|
/* FALLTHROUGH */
|
2016-12-13 15:10:00 -05:00
|
|
|
case CURL_SSLVERSION_MAX_TLSv1_2:
|
|
|
|
#ifdef TLS1_3_VERSION
|
|
|
|
*ctx_options |= SSL_OP_NO_TLSv1_3;
|
|
|
|
#endif
|
|
|
|
break;
|
|
|
|
case CURL_SSLVERSION_MAX_TLSv1_3:
|
|
|
|
#ifdef TLS1_3_VERSION
|
|
|
|
break;
|
|
|
|
#else
|
|
|
|
failf(data, OSSL_PACKAGE " was built without TLS 1.3 support");
|
|
|
|
return CURLE_NOT_BUILT_IN;
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
return CURLE_OK;
|
|
|
|
}
|
2019-09-08 10:44:54 -04:00
|
|
|
#endif
|
2016-12-13 15:10:00 -05:00
|
|
|
|
2018-11-14 05:52:45 -05:00
|
|
|
/* The "new session" callback must return zero if the session can be removed
|
|
|
|
* or non-zero if the session has been put into the session cache.
|
|
|
|
*/
|
|
|
|
static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid)
|
|
|
|
{
|
|
|
|
int res = 0;
|
|
|
|
struct connectdata *conn;
|
|
|
|
struct Curl_easy *data;
|
|
|
|
int sockindex;
|
|
|
|
curl_socket_t *sockindex_ptr;
|
|
|
|
int connectdata_idx = ossl_get_ssl_conn_index();
|
|
|
|
int sockindex_idx = ossl_get_ssl_sockindex_index();
|
|
|
|
|
|
|
|
if(connectdata_idx < 0 || sockindex_idx < 0)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
conn = (struct connectdata*) SSL_get_ex_data(ssl, connectdata_idx);
|
|
|
|
if(!conn)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
data = conn->data;
|
|
|
|
|
|
|
|
/* The sockindex has been stored as a pointer to an array element */
|
|
|
|
sockindex_ptr = (curl_socket_t*) SSL_get_ex_data(ssl, sockindex_idx);
|
|
|
|
sockindex = (int)(sockindex_ptr - conn->sock);
|
|
|
|
|
|
|
|
if(SSL_SET_OPTION(primary.sessionid)) {
|
|
|
|
bool incache;
|
|
|
|
void *old_ssl_sessionid = NULL;
|
|
|
|
|
|
|
|
Curl_ssl_sessionid_lock(conn);
|
|
|
|
incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL,
|
|
|
|
sockindex));
|
|
|
|
if(incache) {
|
|
|
|
if(old_ssl_sessionid != ssl_sessionid) {
|
|
|
|
infof(data, "old SSL session ID is stale, removing\n");
|
|
|
|
Curl_ssl_delsessionid(conn, old_ssl_sessionid);
|
|
|
|
incache = FALSE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if(!incache) {
|
|
|
|
if(!Curl_ssl_addsessionid(conn, ssl_sessionid,
|
|
|
|
0 /* unknown size */, sockindex)) {
|
|
|
|
/* the session has been put into the session cache */
|
|
|
|
res = 1;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
failf(data, "failed to store ssl session");
|
|
|
|
}
|
|
|
|
Curl_ssl_sessionid_unlock(conn);
|
|
|
|
}
|
|
|
|
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
|
2014-11-01 12:16:56 -04:00
|
|
|
static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
|
1999-12-29 09:20:26 -05:00
|
|
|
{
|
2014-11-01 12:16:56 -04:00
|
|
|
CURLcode result = CURLE_OK;
|
2014-01-10 18:05:19 -05:00
|
|
|
char *ciphers;
|
2016-06-21 09:47:12 -04:00
|
|
|
struct Curl_easy *data = conn->data;
|
2014-11-01 12:16:56 -04:00
|
|
|
SSL_METHOD_QUAL SSL_METHOD *req_method = NULL;
|
|
|
|
X509_LOOKUP *lookup = NULL;
|
2004-03-09 17:52:50 -05:00
|
|
|
curl_socket_t sockfd = conn->sock[sockindex];
|
2003-11-24 02:15:37 -05:00
|
|
|
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
2019-08-20 05:30:25 -04:00
|
|
|
ctx_option_t ctx_options = 0;
|
|
|
|
|
2008-02-26 05:30:13 -05:00
|
|
|
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
2009-09-24 09:24:08 -04:00
|
|
|
bool sni;
|
2020-05-27 05:51:34 -04:00
|
|
|
#ifndef CURL_DISABLE_PROXY
|
2017-04-08 07:40:41 -04:00
|
|
|
const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
|
|
|
|
conn->host.name;
|
2020-05-27 05:51:34 -04:00
|
|
|
#else
|
|
|
|
const char * const hostname = conn->host.name;
|
|
|
|
#endif
|
|
|
|
|
2008-02-26 05:30:13 -05:00
|
|
|
#ifdef ENABLE_IPV6
|
|
|
|
struct in6_addr addr;
|
|
|
|
#else
|
|
|
|
struct in_addr addr;
|
|
|
|
#endif
|
|
|
|
#endif
|
2020-05-27 05:51:34 -04:00
|
|
|
#ifndef CURL_DISABLE_PROXY
|
2016-11-16 12:49:15 -05:00
|
|
|
long * const certverifyresult = SSL_IS_PROXY() ?
|
|
|
|
&data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult;
|
2020-05-27 05:51:34 -04:00
|
|
|
#else
|
|
|
|
long * const certverifyresult = &data->set.ssl.certverifyresult;
|
|
|
|
#endif
|
2016-11-16 12:49:15 -05:00
|
|
|
const long int ssl_version = SSL_CONN_CONFIG(version);
|
2020-08-27 06:46:43 -04:00
|
|
|
#ifdef HAVE_OPENSSL_SRP
|
2016-11-16 12:49:15 -05:00
|
|
|
const enum CURL_TLSAUTH ssl_authtype = SSL_SET_OPTION(authtype);
|
|
|
|
#endif
|
2020-06-29 14:07:37 -04:00
|
|
|
char * const ssl_cert = SSL_SET_OPTION(primary.clientcert);
|
|
|
|
const struct curl_blob *ssl_cert_blob = SSL_SET_OPTION(primary.cert_blob);
|
2016-11-16 12:49:15 -05:00
|
|
|
const char * const ssl_cert_type = SSL_SET_OPTION(cert_type);
|
|
|
|
const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile);
|
|
|
|
const char * const ssl_capath = SSL_CONN_CONFIG(CApath);
|
|
|
|
const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
|
|
|
|
const char * const ssl_crlfile = SSL_SET_OPTION(CRLfile);
|
2017-04-17 10:01:40 -04:00
|
|
|
char error_buffer[256];
|
2020-03-18 11:58:38 -04:00
|
|
|
struct ssl_backend_data *backend = connssl->backend;
|
2020-06-22 12:01:32 -04:00
|
|
|
bool imported_native_ca = false;
|
1999-12-29 09:20:26 -05:00
|
|
|
|
2007-02-21 14:03:20 -05:00
|
|
|
DEBUGASSERT(ssl_connect_1 == connssl->connecting_state);
|
2006-03-21 16:54:44 -05:00
|
|
|
|
2006-06-07 10:14:04 -04:00
|
|
|
/* Make funny stuff to get random input */
|
2016-11-11 08:16:17 -05:00
|
|
|
result = Curl_ossl_seed(data);
|
|
|
|
if(result)
|
|
|
|
return result;
|
2001-11-05 09:06:42 -05:00
|
|
|
|
2016-11-16 12:49:15 -05:00
|
|
|
*certverifyresult = !X509_V_OK;
|
2014-05-04 17:53:38 -04:00
|
|
|
|
2001-11-05 09:06:42 -05:00
|
|
|
/* check to see if we've been told to use an explicit SSL/TLS version */
|
2011-03-25 18:09:28 -04:00
|
|
|
|
2016-11-16 12:49:15 -05:00
|
|
|
switch(ssl_version) {
|
2001-11-05 09:06:42 -05:00
|
|
|
case CURL_SSLVERSION_DEFAULT:
|
|
|
|
case CURL_SSLVERSION_TLSv1:
|
2013-09-19 09:17:13 -04:00
|
|
|
case CURL_SSLVERSION_TLSv1_0:
|
|
|
|
case CURL_SSLVERSION_TLSv1_1:
|
|
|
|
case CURL_SSLVERSION_TLSv1_2:
|
2016-11-07 08:38:59 -05:00
|
|
|
case CURL_SSLVERSION_TLSv1_3:
|
2013-09-19 09:17:13 -04:00
|
|
|
/* it will be handled later with the context options */
|
2018-04-02 13:04:06 -04:00
|
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
|
2015-05-27 01:29:16 -04:00
|
|
|
req_method = TLS_client_method();
|
|
|
|
#else
|
2013-09-19 09:17:13 -04:00
|
|
|
req_method = SSLv23_client_method();
|
2015-05-27 01:29:16 -04:00
|
|
|
#endif
|
2009-09-24 09:24:08 -04:00
|
|
|
use_sni(TRUE);
|
2001-11-05 09:06:42 -05:00
|
|
|
break;
|
|
|
|
case CURL_SSLVERSION_SSLv2:
|
2011-04-10 13:14:22 -04:00
|
|
|
#ifdef OPENSSL_NO_SSL2
|
2016-03-08 08:19:01 -05:00
|
|
|
failf(data, OSSL_PACKAGE " was built without SSLv2 support");
|
2011-04-10 13:14:22 -04:00
|
|
|
return CURLE_NOT_BUILT_IN;
|
|
|
|
#else
|
2020-08-27 06:46:43 -04:00
|
|
|
#ifdef HAVE_OPENSSL_SRP
|
2016-11-16 12:49:15 -05:00
|
|
|
if(ssl_authtype == CURL_TLSAUTH_SRP)
|
2011-03-25 18:09:28 -04:00
|
|
|
return CURLE_SSL_CONNECT_ERROR;
|
|
|
|
#endif
|
2001-02-20 12:35:51 -05:00
|
|
|
req_method = SSLv2_client_method();
|
2009-09-24 09:24:08 -04:00
|
|
|
use_sni(FALSE);
|
2001-02-20 12:35:51 -05:00
|
|
|
break;
|
2011-04-10 13:14:22 -04:00
|
|
|
#endif
|
2001-11-05 09:06:42 -05:00
|
|
|
case CURL_SSLVERSION_SSLv3:
|
2015-04-21 15:08:08 -04:00
|
|
|
#ifdef OPENSSL_NO_SSL3_METHOD
|
2016-03-08 08:19:01 -05:00
|
|
|
failf(data, OSSL_PACKAGE " was built without SSLv3 support");
|
2015-04-21 15:08:08 -04:00
|
|
|
return CURLE_NOT_BUILT_IN;
|
|
|
|
#else
|
2020-08-27 06:46:43 -04:00
|
|
|
#ifdef HAVE_OPENSSL_SRP
|
2016-11-16 12:49:15 -05:00
|
|
|
if(ssl_authtype == CURL_TLSAUTH_SRP)
|
2011-03-25 18:09:28 -04:00
|
|
|
return CURLE_SSL_CONNECT_ERROR;
|
|
|
|
#endif
|
2001-02-20 12:35:51 -05:00
|
|
|
req_method = SSLv3_client_method();
|
2009-09-24 09:24:08 -04:00
|
|
|
use_sni(FALSE);
|
2001-02-20 12:35:51 -05:00
|
|
|
break;
|
2015-04-21 15:08:08 -04:00
|
|
|
#endif
|
2016-11-07 21:51:27 -05:00
|
|
|
default:
|
|
|
|
failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
|
|
|
|
return CURLE_SSL_CONNECT_ERROR;
|
2001-02-20 12:35:51 -05:00
|
|
|
}
|
2004-05-18 03:25:13 -04:00
|
|
|
|
2020-03-18 11:58:38 -04:00
|
|
|
if(backend->ctx)
|
|
|
|
SSL_CTX_free(backend->ctx);
|
|
|
|
backend->ctx = SSL_CTX_new(req_method);
|
1999-12-29 09:20:26 -05:00
|
|
|
|
2020-03-18 11:58:38 -04:00
|
|
|
if(!backend->ctx) {
|
2011-02-02 12:25:57 -05:00
|
|
|
failf(data, "SSL: couldn't create a context: %s",
|
2017-04-17 10:01:40 -04:00
|
|
|
ossl_strerror(ERR_peek_error(), error_buffer, sizeof(error_buffer)));
|
2001-05-12 05:29:56 -04:00
|
|
|
return CURLE_OUT_OF_MEMORY;
|
2001-02-20 12:35:51 -05:00
|
|
|
}
|
2003-06-02 09:27:03 -04:00
|
|
|
|
2011-08-03 16:20:45 -04:00
|
|
|
#ifdef SSL_MODE_RELEASE_BUFFERS
|
2020-03-18 11:58:38 -04:00
|
|
|
SSL_CTX_set_mode(backend->ctx, SSL_MODE_RELEASE_BUFFERS);
|
2011-08-03 16:20:45 -04:00
|
|
|
#endif
|
|
|
|
|
2004-06-18 02:20:43 -04:00
|
|
|
#ifdef SSL_CTRL_SET_MSG_CALLBACK
|
2007-11-05 04:45:09 -05:00
|
|
|
if(data->set.fdebug && data->set.verbose) {
|
2015-05-19 11:10:28 -04:00
|
|
|
/* the SSL trace callback is only used for verbose logging */
|
2020-03-18 11:58:38 -04:00
|
|
|
SSL_CTX_set_msg_callback(backend->ctx, ssl_tls_trace);
|
|
|
|
SSL_CTX_set_msg_callback_arg(backend->ctx, conn);
|
2004-06-18 02:20:43 -04:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2003-06-02 09:27:03 -04:00
|
|
|
/* OpenSSL contains code to work-around lots of bugs and flaws in various
|
|
|
|
SSL-implementations. SSL_CTX_set_options() is used to enabled those
|
|
|
|
work-arounds. The man page for this option states that SSL_OP_ALL enables
|
2006-05-09 08:43:49 -04:00
|
|
|
all the work-arounds and that "It is usually safe to use SSL_OP_ALL to
|
2003-06-02 09:27:03 -04:00
|
|
|
enable the bug workaround options if compatibility with somewhat broken
|
|
|
|
implementations is desired."
|
|
|
|
|
2009-01-26 09:36:18 -05:00
|
|
|
The "-no_ticket" option was introduced in Openssl0.9.8j. It's a flag to
|
|
|
|
disable "rfc4507bis session ticket support". rfc4507bis was later turned
|
2014-12-28 22:15:36 -05:00
|
|
|
into the proper RFC5077 it seems: https://tools.ietf.org/html/rfc5077
|
2009-01-26 09:36:18 -05:00
|
|
|
|
|
|
|
The enabled extension concerns the session management. I wonder how often
|
|
|
|
libcurl stops a connection and then resumes a TLS session. also, sending
|
|
|
|
the session data is some overhead. .I suggest that you just use your
|
|
|
|
proposed patch (which explicitly disables TICKET).
|
|
|
|
|
|
|
|
If someone writes an application with libcurl and openssl who wants to
|
|
|
|
enable the feature, one can do this in the SSL callback.
|
|
|
|
|
2012-01-17 22:33:49 -05:00
|
|
|
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option enabling allowed proper
|
|
|
|
interoperability with web server Netscape Enterprise Server 2.0.1 which
|
|
|
|
was released back in 1996.
|
|
|
|
|
|
|
|
Due to CVE-2010-4180, option SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG has
|
|
|
|
become ineffective as of OpenSSL 0.9.8q and 1.0.0c. In order to mitigate
|
|
|
|
CVE-2010-4180 when using previous OpenSSL versions we no longer enable
|
|
|
|
this option regardless of OpenSSL version and SSL_OP_ALL definition.
|
2012-01-19 04:38:14 -05:00
|
|
|
|
|
|
|
OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability
|
2014-12-28 22:15:36 -05:00
|
|
|
(https://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit to
|
2012-01-19 04:38:14 -05:00
|
|
|
SSL_OP_ALL that _disables_ that work-around despite the fact that
|
|
|
|
SSL_OP_ALL is documented to do "rather harmless" workarounds. In order to
|
|
|
|
keep the secure work-around, the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit
|
|
|
|
must not be set.
|
2003-06-02 09:27:03 -04:00
|
|
|
*/
|
2012-01-17 22:33:49 -05:00
|
|
|
|
|
|
|
ctx_options = SSL_OP_ALL;
|
|
|
|
|
2009-01-26 09:36:18 -05:00
|
|
|
#ifdef SSL_OP_NO_TICKET
|
2012-01-17 22:33:49 -05:00
|
|
|
ctx_options |= SSL_OP_NO_TICKET;
|
2009-01-26 09:36:18 -05:00
|
|
|
#endif
|
|
|
|
|
2012-11-12 10:41:58 -05:00
|
|
|
#ifdef SSL_OP_NO_COMPRESSION
|
|
|
|
ctx_options |= SSL_OP_NO_COMPRESSION;
|
|
|
|
#endif
|
|
|
|
|
2012-01-19 16:28:04 -05:00
|
|
|
#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
|
2012-01-17 22:33:49 -05:00
|
|
|
/* mitigate CVE-2010-4180 */
|
|
|
|
ctx_options &= ~SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
|
|
|
|
#endif
|
2004-05-18 03:25:13 -04:00
|
|
|
|
2012-01-19 04:38:14 -05:00
|
|
|
#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
|
2012-02-06 16:12:06 -05:00
|
|
|
/* unless the user explicitly ask to allow the protocol vulnerability we
|
|
|
|
use the work-around */
|
2016-11-16 12:49:15 -05:00
|
|
|
if(!SSL_SET_OPTION(enable_beast))
|
2012-02-06 16:12:06 -05:00
|
|
|
ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
|
2012-01-19 04:38:14 -05:00
|
|
|
#endif
|
|
|
|
|
2016-11-16 12:49:15 -05:00
|
|
|
switch(ssl_version) {
|
2019-09-08 09:09:32 -04:00
|
|
|
/* "--sslv2" option means SSLv2 only, disable all others */
|
|
|
|
case CURL_SSLVERSION_SSLv2:
|
2019-09-08 10:44:54 -04:00
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000L /* 1.1.0 */
|
2020-03-18 11:58:38 -04:00
|
|
|
SSL_CTX_set_min_proto_version(backend->ctx, SSL2_VERSION);
|
|
|
|
SSL_CTX_set_max_proto_version(backend->ctx, SSL2_VERSION);
|
2019-09-08 10:44:54 -04:00
|
|
|
#else
|
2019-09-08 09:09:32 -04:00
|
|
|
ctx_options |= SSL_OP_NO_SSLv3;
|
|
|
|
ctx_options |= SSL_OP_NO_TLSv1;
|
2019-09-08 10:44:54 -04:00
|
|
|
# if OPENSSL_VERSION_NUMBER >= 0x1000100FL
|
2019-09-08 09:09:32 -04:00
|
|
|
ctx_options |= SSL_OP_NO_TLSv1_1;
|
|
|
|
ctx_options |= SSL_OP_NO_TLSv1_2;
|
2019-09-08 10:44:54 -04:00
|
|
|
# ifdef TLS1_3_VERSION
|
2019-09-08 09:09:32 -04:00
|
|
|
ctx_options |= SSL_OP_NO_TLSv1_3;
|
2019-09-08 10:44:54 -04:00
|
|
|
# endif
|
|
|
|
# endif
|
2014-01-01 17:50:45 -05:00
|
|
|
#endif
|
2019-09-08 09:09:32 -04:00
|
|
|
break;
|
2016-11-07 08:38:59 -05:00
|
|
|
|
2019-09-08 09:09:32 -04:00
|
|
|
/* "--sslv3" option means SSLv3 only, disable all others */
|
|
|
|
case CURL_SSLVERSION_SSLv3:
|
2019-09-08 10:44:54 -04:00
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000L /* 1.1.0 */
|
2020-03-18 11:58:38 -04:00
|
|
|
SSL_CTX_set_min_proto_version(backend->ctx, SSL3_VERSION);
|
|
|
|
SSL_CTX_set_max_proto_version(backend->ctx, SSL3_VERSION);
|
2019-09-08 10:44:54 -04:00
|
|
|
#else
|
2019-09-08 09:09:32 -04:00
|
|
|
ctx_options |= SSL_OP_NO_SSLv2;
|
|
|
|
ctx_options |= SSL_OP_NO_TLSv1;
|
2019-09-08 10:44:54 -04:00
|
|
|
# if OPENSSL_VERSION_NUMBER >= 0x1000100FL
|
2019-09-08 09:09:32 -04:00
|
|
|
ctx_options |= SSL_OP_NO_TLSv1_1;
|
|
|
|
ctx_options |= SSL_OP_NO_TLSv1_2;
|
2019-09-08 10:44:54 -04:00
|
|
|
# ifdef TLS1_3_VERSION
|
2019-09-08 09:09:32 -04:00
|
|
|
ctx_options |= SSL_OP_NO_TLSv1_3;
|
2019-09-08 10:44:54 -04:00
|
|
|
# endif
|
|
|
|
# endif
|
2014-01-03 05:52:49 -05:00
|
|
|
#endif
|
2019-09-08 09:09:32 -04:00
|
|
|
break;
|
2014-01-03 05:52:49 -05:00
|
|
|
|
2019-09-08 09:09:32 -04:00
|
|
|
/* "--tlsv<x.y>" options mean TLS >= version <x.y> */
|
|
|
|
case CURL_SSLVERSION_DEFAULT:
|
|
|
|
case CURL_SSLVERSION_TLSv1: /* TLS >= version 1.0 */
|
|
|
|
case CURL_SSLVERSION_TLSv1_0: /* TLS >= version 1.0 */
|
|
|
|
case CURL_SSLVERSION_TLSv1_1: /* TLS >= version 1.1 */
|
|
|
|
case CURL_SSLVERSION_TLSv1_2: /* TLS >= version 1.2 */
|
|
|
|
case CURL_SSLVERSION_TLSv1_3: /* TLS >= version 1.3 */
|
|
|
|
/* asking for any TLS version as the minimum, means no SSL versions
|
|
|
|
allowed */
|
|
|
|
ctx_options |= SSL_OP_NO_SSLv2;
|
|
|
|
ctx_options |= SSL_OP_NO_SSLv3;
|
2019-09-08 10:44:54 -04:00
|
|
|
|
|
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) /* 1.1.0 */
|
2020-03-18 11:58:38 -04:00
|
|
|
result = set_ssl_version_min_max(backend->ctx, conn);
|
2019-09-08 10:44:54 -04:00
|
|
|
#else
|
|
|
|
result = set_ssl_version_min_max_legacy(&ctx_options, conn, sockindex);
|
|
|
|
#endif
|
2019-09-08 09:09:32 -04:00
|
|
|
if(result != CURLE_OK)
|
|
|
|
return result;
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
|
|
|
|
return CURLE_SSL_CONNECT_ERROR;
|
2013-09-19 09:17:13 -04:00
|
|
|
}
|
2012-01-17 22:33:49 -05:00
|
|
|
|
2020-03-18 11:58:38 -04:00
|
|
|
SSL_CTX_set_options(backend->ctx, ctx_options);
|
2008-02-19 18:10:07 -05:00
|
|
|
|
2014-10-29 15:43:44 -04:00
|
|
|
#ifdef HAS_NPN
|
2016-05-09 10:50:11 -04:00
|
|
|
if(conn->bits.tls_enable_npn)
|
2020-03-18 11:58:38 -04:00
|
|
|
SSL_CTX_set_next_proto_select_cb(backend->ctx, select_next_proto_cb, conn);
|
2014-10-29 15:43:44 -04:00
|
|
|
#endif
|
2014-02-02 21:33:28 -05:00
|
|
|
|
|
|
|
#ifdef HAS_ALPN
|
2016-05-09 10:50:11 -04:00
|
|
|
if(conn->bits.tls_enable_alpn) {
|
2015-02-16 10:47:56 -05:00
|
|
|
int cur = 0;
|
|
|
|
unsigned char protocols[128];
|
2014-02-02 21:33:28 -05:00
|
|
|
|
2015-02-16 10:47:56 -05:00
|
|
|
#ifdef USE_NGHTTP2
|
2020-05-27 05:51:34 -04:00
|
|
|
if(data->set.httpversion >= CURL_HTTP_VERSION_2
|
|
|
|
#ifndef CURL_DISABLE_PROXY
|
|
|
|
&& (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)
|
|
|
|
#endif
|
|
|
|
) {
|
2015-02-16 10:47:56 -05:00
|
|
|
protocols[cur++] = NGHTTP2_PROTO_VERSION_ID_LEN;
|
2014-02-02 21:33:28 -05:00
|
|
|
|
2015-02-16 10:47:56 -05:00
|
|
|
memcpy(&protocols[cur], NGHTTP2_PROTO_VERSION_ID,
|
|
|
|
NGHTTP2_PROTO_VERSION_ID_LEN);
|
|
|
|
cur += NGHTTP2_PROTO_VERSION_ID_LEN;
|
|
|
|
infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
|
2014-02-11 02:05:13 -05:00
|
|
|
}
|
2014-02-02 21:33:28 -05:00
|
|
|
#endif
|
2015-02-16 10:47:56 -05:00
|
|
|
|
|
|
|
protocols[cur++] = ALPN_HTTP_1_1_LENGTH;
|
|
|
|
memcpy(&protocols[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH);
|
|
|
|
cur += ALPN_HTTP_1_1_LENGTH;
|
|
|
|
infof(data, "ALPN, offering %s\n", ALPN_HTTP_1_1);
|
|
|
|
|
|
|
|
/* expects length prefixed preference ordered list of protocols in wire
|
|
|
|
* format
|
|
|
|
*/
|
2020-03-18 11:58:38 -04:00
|
|
|
SSL_CTX_set_alpn_protos(backend->ctx, protocols, cur);
|
2014-02-11 02:05:13 -05:00
|
|
|
}
|
2014-01-30 00:18:03 -05:00
|
|
|
#endif
|
|
|
|
|
2020-05-15 04:47:46 -04:00
|
|
|
if(ssl_cert || ssl_cert_blob || ssl_cert_type) {
|
|
|
|
BIO *ssl_cert_bio = NULL;
|
|
|
|
BIO *ssl_key_bio = NULL;
|
|
|
|
int result_cert_stuff;
|
|
|
|
if(ssl_cert_blob) {
|
|
|
|
/* the typecast of blob->len is fine since it is guaranteed to never be
|
|
|
|
larger than CURL_MAX_INPUT_LENGTH */
|
|
|
|
ssl_cert_bio = BIO_new_mem_buf(ssl_cert_blob->data,
|
|
|
|
(int)ssl_cert_blob->len);
|
|
|
|
if(!ssl_cert_bio)
|
|
|
|
return CURLE_SSL_CERTPROBLEM;
|
|
|
|
}
|
|
|
|
if(SSL_SET_OPTION(key_blob)) {
|
|
|
|
ssl_key_bio = BIO_new_mem_buf(SSL_SET_OPTION(key_blob)->data,
|
|
|
|
(int)SSL_SET_OPTION(key_blob)->len);
|
|
|
|
if(!ssl_key_bio)
|
|
|
|
return CURLE_SSL_CERTPROBLEM;
|
|
|
|
}
|
|
|
|
result_cert_stuff = cert_stuff(conn, backend->ctx,
|
|
|
|
ssl_cert, ssl_cert_bio, ssl_cert_type,
|
|
|
|
SSL_SET_OPTION(key), ssl_key_bio,
|
|
|
|
SSL_SET_OPTION(key_type), SSL_SET_OPTION(key_passwd));
|
|
|
|
if(ssl_cert_bio)
|
|
|
|
BIO_free(ssl_cert_bio);
|
|
|
|
if(ssl_key_bio)
|
|
|
|
BIO_free(ssl_key_bio);
|
|
|
|
if(!result_cert_stuff) {
|
2001-06-12 14:22:52 -04:00
|
|
|
/* failf() is already done in cert_stuff() */
|
2002-08-30 07:09:49 -04:00
|
|
|
return CURLE_SSL_CERTPROBLEM;
|
1999-12-29 09:20:26 -05:00
|
|
|
}
|
2001-02-20 12:35:51 -05:00
|
|
|
}
|
1999-12-29 09:20:26 -05:00
|
|
|
|
2016-11-16 12:49:15 -05:00
|
|
|
ciphers = SSL_CONN_CONFIG(cipher_list);
|
2014-01-10 18:05:19 -05:00
|
|
|
if(!ciphers)
|
|
|
|
ciphers = (char *)DEFAULT_CIPHER_SELECTION;
|
2017-08-30 08:12:10 -04:00
|
|
|
if(ciphers) {
|
2020-03-18 11:58:38 -04:00
|
|
|
if(!SSL_CTX_set_cipher_list(backend->ctx, ciphers)) {
|
2017-08-30 08:12:10 -04:00
|
|
|
failf(data, "failed setting cipher list: %s", ciphers);
|
|
|
|
return CURLE_SSL_CIPHER;
|
|
|
|
}
|
|
|
|
infof(data, "Cipher selection: %s\n", ciphers);
|
2001-09-11 18:21:02 -04:00
|
|
|
}
|
|
|
|
|
2018-05-29 10:12:52 -04:00
|
|
|
#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
|
|
|
|
{
|
|
|
|
char *ciphers13 = SSL_CONN_CONFIG(cipher_list13);
|
|
|
|
if(ciphers13) {
|
2020-03-18 11:58:38 -04:00
|
|
|
if(!SSL_CTX_set_ciphersuites(backend->ctx, ciphers13)) {
|
2018-10-26 07:34:37 -04:00
|
|
|
failf(data, "failed setting TLS 1.3 cipher suite: %s", ciphers13);
|
2018-05-29 10:12:52 -04:00
|
|
|
return CURLE_SSL_CIPHER;
|
|
|
|
}
|
|
|
|
infof(data, "TLS 1.3 cipher selection: %s\n", ciphers13);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2018-09-21 04:37:43 -04:00
|
|
|
#ifdef HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH
|
|
|
|
/* OpenSSL 1.1.1 requires clients to opt-in for PHA */
|
2020-03-18 11:58:38 -04:00
|
|
|
SSL_CTX_set_post_handshake_auth(backend->ctx, 1);
|
2018-09-21 04:37:43 -04:00
|
|
|
#endif
|
|
|
|
|
2020-08-29 08:09:24 -04:00
|
|
|
#ifdef HAVE_SSL_CTX_SET_EC_CURVES
|
|
|
|
{
|
|
|
|
char *curves = SSL_CONN_CONFIG(curves);
|
|
|
|
if(curves) {
|
|
|
|
if(!SSL_CTX_set1_curves_list(backend->ctx, curves)) {
|
|
|
|
failf(data, "failed setting curves list: '%s'", curves);
|
|
|
|
return CURLE_SSL_CIPHER;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2020-08-27 06:46:43 -04:00
|
|
|
#ifdef HAVE_OPENSSL_SRP
|
2016-11-16 12:49:15 -05:00
|
|
|
if(ssl_authtype == CURL_TLSAUTH_SRP) {
|
|
|
|
char * const ssl_username = SSL_SET_OPTION(username);
|
|
|
|
|
|
|
|
infof(data, "Using TLS-SRP username: %s\n", ssl_username);
|
2011-03-25 18:09:28 -04:00
|
|
|
|
2020-03-18 11:58:38 -04:00
|
|
|
if(!SSL_CTX_set_srp_username(backend->ctx, ssl_username)) {
|
2011-03-25 18:09:28 -04:00
|
|
|
failf(data, "Unable to set SRP user name");
|
|
|
|
return CURLE_BAD_FUNCTION_ARGUMENT;
|
|
|
|
}
|
2020-03-18 11:58:38 -04:00
|
|
|
if(!SSL_CTX_set_srp_password(backend->ctx, SSL_SET_OPTION(password))) {
|
2011-03-25 18:09:28 -04:00
|
|
|
failf(data, "failed setting SRP password");
|
|
|
|
return CURLE_BAD_FUNCTION_ARGUMENT;
|
|
|
|
}
|
2016-11-16 12:49:15 -05:00
|
|
|
if(!SSL_CONN_CONFIG(cipher_list)) {
|
2011-03-25 18:09:28 -04:00
|
|
|
infof(data, "Setting cipher list SRP\n");
|
|
|
|
|
2020-03-18 11:58:38 -04:00
|
|
|
if(!SSL_CTX_set_cipher_list(backend->ctx, "SRP")) {
|
2011-03-25 18:09:28 -04:00
|
|
|
failf(data, "failed setting SRP cipher list");
|
|
|
|
return CURLE_SSL_CIPHER;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
2016-11-16 12:49:15 -05:00
|
|
|
|
2019-09-13 05:24:00 -04:00
|
|
|
|
|
|
|
#if defined(USE_WIN32_CRYPTO)
|
|
|
|
/* Import certificates from the Windows root certificate store if requested.
|
|
|
|
https://stackoverflow.com/questions/9507184/
|
|
|
|
https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L1037
|
|
|
|
https://tools.ietf.org/html/rfc5280 */
|
|
|
|
if((SSL_CONN_CONFIG(verifypeer) || SSL_CONN_CONFIG(verifyhost)) &&
|
|
|
|
(SSL_SET_OPTION(native_ca_store))) {
|
|
|
|
X509_STORE *store = SSL_CTX_get_cert_store(backend->ctx);
|
2020-07-23 15:28:14 -04:00
|
|
|
HCERTSTORE hStore = CertOpenSystemStore((HCRYPTPROV_LEGACY)NULL,
|
|
|
|
TEXT("ROOT"));
|
2019-09-13 05:24:00 -04:00
|
|
|
|
|
|
|
if(hStore) {
|
|
|
|
PCCERT_CONTEXT pContext = NULL;
|
|
|
|
/* The array of enhanced key usage OIDs will vary per certificate and is
|
|
|
|
declared outside of the loop so that rather than malloc/free each
|
|
|
|
iteration we can grow it with realloc, when necessary. */
|
|
|
|
CERT_ENHKEY_USAGE *enhkey_usage = NULL;
|
|
|
|
DWORD enhkey_usage_size = 0;
|
|
|
|
|
|
|
|
/* This loop makes a best effort to import all valid certificates from
|
|
|
|
the MS root store. If a certificate cannot be imported it is skipped.
|
|
|
|
'result' is used to store only hard-fail conditions (such as out of
|
|
|
|
memory) that cause an early break. */
|
|
|
|
result = CURLE_OK;
|
|
|
|
for(;;) {
|
|
|
|
X509 *x509;
|
|
|
|
FILETIME now;
|
|
|
|
BYTE key_usage[2];
|
|
|
|
DWORD req_size;
|
|
|
|
const unsigned char *encoded_cert;
|
|
|
|
#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
|
|
|
|
char cert_name[256];
|
|
|
|
#endif
|
|
|
|
|
|
|
|
pContext = CertEnumCertificatesInStore(hStore, pContext);
|
|
|
|
if(!pContext)
|
|
|
|
break;
|
|
|
|
|
|
|
|
#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
|
|
|
|
if(!CertGetNameStringA(pContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0,
|
|
|
|
NULL, cert_name, sizeof(cert_name))) {
|
|
|
|
strcpy(cert_name, "Unknown");
|
|
|
|
}
|
|
|
|
infof(data, "SSL: Checking cert \"%s\"\n", cert_name);
|
|
|
|
#endif
|
|
|
|
|
|
|
|
encoded_cert = (const unsigned char *)pContext->pbCertEncoded;
|
|
|
|
if(!encoded_cert)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
GetSystemTimeAsFileTime(&now);
|
|
|
|
if(CompareFileTime(&pContext->pCertInfo->NotBefore, &now) > 0 ||
|
|
|
|
CompareFileTime(&now, &pContext->pCertInfo->NotAfter) > 0)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
/* If key usage exists check for signing attribute */
|
|
|
|
if(CertGetIntendedKeyUsage(pContext->dwCertEncodingType,
|
|
|
|
pContext->pCertInfo,
|
|
|
|
key_usage, sizeof(key_usage))) {
|
|
|
|
if(!(key_usage[0] & CERT_KEY_CERT_SIGN_KEY_USAGE))
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
else if(GetLastError())
|
|
|
|
continue;
|
|
|
|
|
|
|
|
/* If enhanced key usage exists check for server auth attribute.
|
|
|
|
*
|
|
|
|
* Note "In a Microsoft environment, a certificate might also have EKU
|
|
|
|
* extended properties that specify valid uses for the certificate."
|
|
|
|
* The call below checks both, and behavior varies depending on what is
|
|
|
|
* found. For more details see CertGetEnhancedKeyUsage doc.
|
|
|
|
*/
|
|
|
|
if(CertGetEnhancedKeyUsage(pContext, 0, NULL, &req_size)) {
|
|
|
|
if(req_size && req_size > enhkey_usage_size) {
|
|
|
|
void *tmp = realloc(enhkey_usage, req_size);
|
|
|
|
|
|
|
|
if(!tmp) {
|
|
|
|
failf(data, "SSL: Out of memory allocating for OID list");
|
|
|
|
result = CURLE_OUT_OF_MEMORY;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
enhkey_usage = (CERT_ENHKEY_USAGE *)tmp;
|
|
|
|
enhkey_usage_size = req_size;
|
|
|
|
}
|
|
|
|
|
|
|
|
if(CertGetEnhancedKeyUsage(pContext, 0, enhkey_usage, &req_size)) {
|
|
|
|
if(!enhkey_usage->cUsageIdentifier) {
|
|
|
|
/* "If GetLastError returns CRYPT_E_NOT_FOUND, the certificate is
|
|
|
|
good for all uses. If it returns zero, the certificate has no
|
|
|
|
valid uses." */
|
|
|
|
if(GetLastError() != CRYPT_E_NOT_FOUND)
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
DWORD i;
|
|
|
|
bool found = false;
|
|
|
|
|
|
|
|
for(i = 0; i < enhkey_usage->cUsageIdentifier; ++i) {
|
|
|
|
if(!strcmp("1.3.6.1.5.5.7.3.1" /* OID server auth */,
|
|
|
|
enhkey_usage->rgpszUsageIdentifier[i])) {
|
|
|
|
found = true;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if(!found)
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
continue;
|
|
|
|
|
|
|
|
x509 = d2i_X509(NULL, &encoded_cert, pContext->cbCertEncoded);
|
|
|
|
if(!x509)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
/* Try to import the certificate. This may fail for legitimate reasons
|
|
|
|
such as duplicate certificate, which is allowed by MS but not
|
|
|
|
OpenSSL. */
|
|
|
|
if(X509_STORE_add_cert(store, x509) == 1) {
|
|
|
|
#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
|
|
|
|
infof(data, "SSL: Imported cert \"%s\"\n", cert_name);
|
|
|
|
#endif
|
2020-06-22 12:01:32 -04:00
|
|
|
imported_native_ca = true;
|
2019-09-13 05:24:00 -04:00
|
|
|
}
|
|
|
|
X509_free(x509);
|
|
|
|
}
|
|
|
|
|
|
|
|
free(enhkey_usage);
|
|
|
|
CertFreeCertificateContext(pContext);
|
|
|
|
CertCloseStore(hStore, 0);
|
|
|
|
|
|
|
|
if(result)
|
|
|
|
return result;
|
|
|
|
}
|
2020-06-22 12:01:32 -04:00
|
|
|
if(imported_native_ca)
|
|
|
|
infof(data, "successfully imported windows ca store\n");
|
|
|
|
else
|
|
|
|
infof(data, "error importing windows ca store, continuing anyway\n");
|
2019-09-13 05:24:00 -04:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2020-03-23 07:28:20 -04:00
|
|
|
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
|
|
|
|
/* OpenSSL 3.0.0 has deprecated SSL_CTX_load_verify_locations */
|
2019-09-13 05:24:00 -04:00
|
|
|
{
|
|
|
|
if(ssl_cafile) {
|
|
|
|
if(!SSL_CTX_load_verify_file(backend->ctx, ssl_cafile)) {
|
2020-09-02 09:26:09 -04:00
|
|
|
if(verifypeer && !imported_native_ca) {
|
2019-09-13 05:24:00 -04:00
|
|
|
/* Fail if we insist on successfully verifying the server. */
|
|
|
|
failf(data, "error setting certificate file: %s", ssl_cafile);
|
|
|
|
return CURLE_SSL_CACERT_BADFILE;
|
|
|
|
}
|
|
|
|
/* Continue with a warning if no certificate verif is required. */
|
|
|
|
infof(data, "error setting certificate file, continuing anyway\n");
|
2020-03-23 07:28:20 -04:00
|
|
|
}
|
2020-08-17 18:22:34 -04:00
|
|
|
infof(data, " CAfile: %s\n", ssl_cafile);
|
2020-03-23 07:28:20 -04:00
|
|
|
}
|
2019-09-13 05:24:00 -04:00
|
|
|
if(ssl_capath) {
|
|
|
|
if(!SSL_CTX_load_verify_dir(backend->ctx, ssl_capath)) {
|
2020-09-02 09:26:09 -04:00
|
|
|
if(verifypeer && !imported_native_ca) {
|
2019-09-13 05:24:00 -04:00
|
|
|
/* Fail if we insist on successfully verifying the server. */
|
|
|
|
failf(data, "error setting certificate path: %s", ssl_capath);
|
|
|
|
return CURLE_SSL_CACERT_BADFILE;
|
|
|
|
}
|
|
|
|
/* Continue with a warning if no certificate verif is required. */
|
|
|
|
infof(data, "error setting certificate path, continuing anyway\n");
|
2020-03-23 07:28:20 -04:00
|
|
|
}
|
2020-08-17 18:22:34 -04:00
|
|
|
infof(data, " CApath: %s\n", ssl_capath);
|
2020-03-23 07:28:20 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
#else
|
2016-11-16 12:49:15 -05:00
|
|
|
if(ssl_cafile || ssl_capath) {
|
2018-04-03 08:41:27 -04:00
|
|
|
/* tell SSL where to find CA certificates that are used to verify
|
|
|
|
the servers certificate. */
|
2020-03-18 11:58:38 -04:00
|
|
|
if(!SSL_CTX_load_verify_locations(backend->ctx, ssl_cafile, ssl_capath)) {
|
2020-06-22 12:01:32 -04:00
|
|
|
if(verifypeer && !imported_native_ca) {
|
2004-10-06 03:50:18 -04:00
|
|
|
/* Fail if we insist on successfully verifying the server. */
|
2020-08-17 18:22:34 -04:00
|
|
|
failf(data, "error setting certificate verify locations:"
|
|
|
|
" CAfile: %s CApath: %s",
|
2016-11-16 12:49:15 -05:00
|
|
|
ssl_cafile ? ssl_cafile : "none",
|
|
|
|
ssl_capath ? ssl_capath : "none");
|
2006-10-21 07:32:05 -04:00
|
|
|
return CURLE_SSL_CACERT_BADFILE;
|
2003-10-23 03:44:55 -04:00
|
|
|
}
|
2020-06-22 12:01:32 -04:00
|
|
|
/* Just continue with a warning if no strict certificate verification
|
2018-04-03 08:41:27 -04:00
|
|
|
is required. */
|
|
|
|
infof(data, "error setting certificate verify locations,"
|
|
|
|
" continuing anyway:\n");
|
2003-10-23 03:44:55 -04:00
|
|
|
}
|
|
|
|
else {
|
2018-04-03 08:41:27 -04:00
|
|
|
/* Everything is fine. */
|
|
|
|
infof(data, "successfully set certificate verify locations:\n");
|
2000-10-30 06:53:40 -05:00
|
|
|
}
|
2020-08-17 18:22:34 -04:00
|
|
|
infof(data, " CAfile: %s\n", ssl_cafile ? ssl_cafile : "none");
|
|
|
|
infof(data, " CApath: %s\n", ssl_capath ? ssl_capath : "none");
|
2001-02-20 12:35:51 -05:00
|
|
|
}
|
2020-03-23 07:28:20 -04:00
|
|
|
#endif
|
|
|
|
|
2015-03-24 08:25:17 -04:00
|
|
|
#ifdef CURL_CA_FALLBACK
|
2020-06-22 12:01:32 -04:00
|
|
|
if(verifypeer && !ssl_cafile && !ssl_capath && !imported_native_ca) {
|
2018-10-08 15:37:40 -04:00
|
|
|
/* verifying the peer without any CA certificates won't
|
2015-03-24 08:25:17 -04:00
|
|
|
work so use openssl's built in default as fallback */
|
2020-03-18 11:58:38 -04:00
|
|
|
SSL_CTX_set_default_verify_paths(backend->ctx);
|
2015-03-24 08:25:17 -04:00
|
|
|
}
|
|
|
|
#endif
|
2008-06-06 14:40:21 -04:00
|
|
|
|
2016-11-16 12:49:15 -05:00
|
|
|
if(ssl_crlfile) {
|
2008-06-06 14:40:21 -04:00
|
|
|
/* tell SSL where to find CRL file that is used to check certificate
|
|
|
|
* revocation */
|
2020-03-18 11:58:38 -04:00
|
|
|
lookup = X509_STORE_add_lookup(SSL_CTX_get_cert_store(backend->ctx),
|
2012-01-04 17:02:36 -05:00
|
|
|
X509_LOOKUP_file());
|
2011-04-20 09:17:42 -04:00
|
|
|
if(!lookup ||
|
2016-11-16 12:49:15 -05:00
|
|
|
(!X509_load_crl_file(lookup, ssl_crlfile, X509_FILETYPE_PEM)) ) {
|
|
|
|
failf(data, "error loading CRL file: %s", ssl_crlfile);
|
2008-06-06 14:40:21 -04:00
|
|
|
return CURLE_SSL_CRL_BADFILE;
|
|
|
|
}
|
2017-03-10 08:28:37 -05:00
|
|
|
/* Everything is fine. */
|
|
|
|
infof(data, "successfully load CRL file:\n");
|
2020-03-18 11:58:38 -04:00
|
|
|
X509_STORE_set_flags(SSL_CTX_get_cert_store(backend->ctx),
|
2017-03-10 08:28:37 -05:00
|
|
|
X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
|
|
|
|
|
2016-11-23 17:11:38 -05:00
|
|
|
infof(data, " CRLfile: %s\n", ssl_crlfile);
|
2008-06-06 14:40:21 -04:00
|
|
|
}
|
|
|
|
|
2016-11-21 05:01:25 -05:00
|
|
|
if(verifypeer) {
|
2019-12-02 04:45:55 -05:00
|
|
|
/* Try building a chain using issuers in the trusted store first to avoid
|
|
|
|
problems with server-sent legacy intermediates. Newer versions of
|
2020-06-05 16:00:58 -04:00
|
|
|
OpenSSL do alternate chain checking by default but we do not know how to
|
|
|
|
determine that in a reliable manner.
|
2019-12-02 04:45:55 -05:00
|
|
|
https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest
|
|
|
|
*/
|
2020-06-05 16:00:58 -04:00
|
|
|
#if defined(X509_V_FLAG_TRUSTED_FIRST)
|
2020-03-18 11:58:38 -04:00
|
|
|
X509_STORE_set_flags(SSL_CTX_get_cert_store(backend->ctx),
|
2015-05-30 01:29:48 -04:00
|
|
|
X509_V_FLAG_TRUSTED_FIRST);
|
|
|
|
#endif
|
2019-12-02 04:45:55 -05:00
|
|
|
#ifdef X509_V_FLAG_PARTIAL_CHAIN
|
2020-05-11 17:00:31 -04:00
|
|
|
if(!SSL_SET_OPTION(no_partialchain) && !ssl_crlfile) {
|
2019-12-02 04:55:33 -05:00
|
|
|
/* Have intermediate certificates in the trust store be treated as
|
|
|
|
trust-anchors, in the same way as self-signed root CA certificates
|
|
|
|
are. This allows users to verify servers using the intermediate cert
|
2020-05-11 17:00:31 -04:00
|
|
|
only, instead of needing the whole chain.
|
|
|
|
|
|
|
|
Due to OpenSSL bug https://github.com/openssl/openssl/issues/5081 we
|
|
|
|
cannot do partial chains with CRL check.
|
|
|
|
*/
|
2020-03-18 11:58:38 -04:00
|
|
|
X509_STORE_set_flags(SSL_CTX_get_cert_store(backend->ctx),
|
2019-12-02 04:55:33 -05:00
|
|
|
X509_V_FLAG_PARTIAL_CHAIN);
|
|
|
|
}
|
2019-12-02 04:45:55 -05:00
|
|
|
#endif
|
|
|
|
}
|
2015-05-30 01:29:48 -04:00
|
|
|
|
2003-10-23 03:44:55 -04:00
|
|
|
/* SSL always tries to verify the peer, this only says whether it should
|
|
|
|
* fail to connect if the verification fails, or if it should continue
|
|
|
|
* anyway. In the latter case the result of the verification is checked with
|
|
|
|
* SSL_get_verify_result() below. */
|
2020-03-18 11:58:38 -04:00
|
|
|
SSL_CTX_set_verify(backend->ctx,
|
2016-11-16 12:49:15 -05:00
|
|
|
verifypeer ? SSL_VERIFY_PEER : SSL_VERIFY_NONE, NULL);
|
2000-10-30 06:53:40 -05:00
|
|
|
|
2017-09-05 15:27:22 -04:00
|
|
|
/* Enable logging of secrets to the file specified in env SSLKEYLOGFILE. */
|
vtls: Extract and simplify key log file handling from OpenSSL
Create a set of routines for TLS key log file handling to enable reuse
with other TLS backends. Simplify the OpenSSL backend as follows:
- Drop the ENABLE_SSLKEYLOGFILE macro as it is unconditionally enabled.
- Do not perform dynamic memory allocation when preparing a log entry.
Unless the TLS specifications change we can suffice with a reasonable
fixed-size buffer.
- Simplify state tracking when SSL_CTX_set_keylog_callback is
unavailable. My original sslkeylog.c code included this tracking in
order to handle multiple calls to SSL_connect and detect new keys
after renegotiation (via SSL_read/SSL_write). For curl however we can
be sure that a single master secret eventually becomes available
after SSL_connect, so a simple flag is sufficient. An alternative to
the flag is examining SSL_state(), but this seems more complex and is
not pursued. Capturing keys after server renegotiation was already
unsupported in curl and remains unsupported.
Tested with curl built against OpenSSL 0.9.8zh, 1.0.2u, and 1.1.1f
(`SSLKEYLOGFILE=keys.txt curl -vkso /dev/null https://localhost:4433`)
against an OpenSSL 1.1.1f server configured with:
# Force non-TLSv1.3, use TLSv1.0 since 0.9.8 fails with 1.1 or 1.2
openssl s_server -www -tls1
# Likewise, but fail the server handshake.
openssl s_server -www -tls1 -Verify 2
# TLS 1.3 test. No need to test the failing server handshake.
openssl s_server -www -tls1_3
Verify that all secrets (1 for TLS 1.0, 4 for TLS 1.3) are correctly
written using Wireshark. For the first and third case, expect four
matches per connection (decrypted Server Finished, Client Finished, HTTP
Request, HTTP Response). For the second case where the handshake fails,
expect a decrypted Server Finished only.
tshark -i lo -pf tcp -otls.keylog_file:keys.txt -Tfields \
-eframe.number -eframe.time -etcp.stream -e_ws.col.Info \
-dtls.port==4433,http -ohttp.desegment_body:FALSE \
-Y 'tls.handshake.verify_data or http'
A single connection can easily be identified via the `tcp.stream` field.
2020-05-03 11:10:40 -04:00
|
|
|
#ifdef HAVE_KEYLOG_CALLBACK
|
|
|
|
if(Curl_tls_keylog_enabled()) {
|
2020-03-18 11:58:38 -04:00
|
|
|
SSL_CTX_set_keylog_callback(backend->ctx, ossl_keylog_callback);
|
2017-09-05 15:27:22 -04:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2018-11-14 05:52:45 -05:00
|
|
|
/* Enable the session cache because it's a prerequisite for the "new session"
|
|
|
|
* callback. Use the "external storage" mode to avoid that OpenSSL creates
|
|
|
|
* an internal session cache.
|
|
|
|
*/
|
2020-03-18 11:58:38 -04:00
|
|
|
SSL_CTX_set_session_cache_mode(backend->ctx,
|
2018-11-14 05:52:45 -05:00
|
|
|
SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL);
|
2020-03-18 11:58:38 -04:00
|
|
|
SSL_CTX_sess_set_new_cb(backend->ctx, ossl_new_session_cb);
|
2018-11-14 05:52:45 -05:00
|
|
|
|
2003-07-04 12:29:23 -04:00
|
|
|
/* give application a chance to interfere with SSL set up. */
|
2003-10-07 17:46:47 -04:00
|
|
|
if(data->set.ssl.fsslctx) {
|
2019-11-11 05:45:12 -05:00
|
|
|
Curl_set_in_callback(data, true);
|
2020-03-18 11:58:38 -04:00
|
|
|
result = (*data->set.ssl.fsslctx)(data, backend->ctx,
|
2014-11-01 12:16:56 -04:00
|
|
|
data->set.ssl.fsslctxp);
|
2019-11-11 05:45:12 -05:00
|
|
|
Curl_set_in_callback(data, false);
|
2014-11-01 12:16:56 -04:00
|
|
|
if(result) {
|
2015-03-17 08:41:49 -04:00
|
|
|
failf(data, "error signaled by ssl ctx callback");
|
2014-11-01 12:16:56 -04:00
|
|
|
return result;
|
2003-07-04 12:29:23 -04:00
|
|
|
}
|
|
|
|
}
|
1999-12-29 09:20:26 -05:00
|
|
|
|
2001-02-20 12:35:51 -05:00
|
|
|
/* Lets make an SSL structure */
|
2020-03-18 11:58:38 -04:00
|
|
|
if(backend->handle)
|
|
|
|
SSL_free(backend->handle);
|
|
|
|
backend->handle = SSL_new(backend->ctx);
|
|
|
|
if(!backend->handle) {
|
2005-02-09 18:04:51 -05:00
|
|
|
failf(data, "SSL: couldn't create a context (handle)!");
|
|
|
|
return CURLE_OUT_OF_MEMORY;
|
|
|
|
}
|
2014-06-16 09:05:17 -04:00
|
|
|
|
2015-02-09 15:58:33 -05:00
|
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
|
2016-02-08 23:19:31 -05:00
|
|
|
!defined(OPENSSL_NO_OCSP)
|
2016-11-16 12:49:15 -05:00
|
|
|
if(SSL_CONN_CONFIG(verifystatus))
|
2020-03-18 11:58:38 -04:00
|
|
|
SSL_set_tlsext_status_type(backend->handle, TLSEXT_STATUSTYPE_ocsp);
|
2015-01-22 17:34:43 -05:00
|
|
|
#endif
|
2014-06-16 09:05:17 -04:00
|
|
|
|
2018-11-20 17:48:30 -05:00
|
|
|
#if defined(OPENSSL_IS_BORINGSSL) && defined(ALLOW_RENEG)
|
2020-03-18 11:58:38 -04:00
|
|
|
SSL_set_renegotiate_mode(backend->handle, ssl_renegotiate_freely);
|
2018-11-09 08:05:26 -05:00
|
|
|
#endif
|
|
|
|
|
2020-03-18 11:58:38 -04:00
|
|
|
SSL_set_connect_state(backend->handle);
|
1999-12-29 09:20:26 -05:00
|
|
|
|
2020-03-18 11:58:38 -04:00
|
|
|
backend->server_cert = 0x0;
|
2008-02-26 05:30:13 -05:00
|
|
|
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
2016-11-16 12:49:15 -05:00
|
|
|
if((0 == Curl_inet_pton(AF_INET, hostname, &addr)) &&
|
2008-02-26 05:30:13 -05:00
|
|
|
#ifdef ENABLE_IPV6
|
2016-11-16 12:49:15 -05:00
|
|
|
(0 == Curl_inet_pton(AF_INET6, hostname, &addr)) &&
|
2008-02-26 05:30:13 -05:00
|
|
|
#endif
|
2011-04-20 09:17:42 -04:00
|
|
|
sni &&
|
2020-03-18 11:58:38 -04:00
|
|
|
!SSL_set_tlsext_host_name(backend->handle, hostname))
|
2008-02-26 05:30:13 -05:00
|
|
|
infof(data, "WARNING: failed to configure server name indication (SNI) "
|
|
|
|
"TLS extension\n");
|
|
|
|
#endif
|
|
|
|
|
2005-04-07 11:27:13 -04:00
|
|
|
/* Check if there's a cached ID we can/should use here! */
|
2017-03-22 01:59:49 -04:00
|
|
|
if(SSL_SET_OPTION(primary.sessionid)) {
|
2016-06-12 23:47:12 -04:00
|
|
|
void *ssl_sessionid = NULL;
|
2018-11-14 05:52:45 -05:00
|
|
|
int connectdata_idx = ossl_get_ssl_conn_index();
|
|
|
|
int sockindex_idx = ossl_get_ssl_sockindex_index();
|
|
|
|
|
|
|
|
if(connectdata_idx >= 0 && sockindex_idx >= 0) {
|
|
|
|
/* Store the data needed for the "new session" callback.
|
|
|
|
* The sockindex is stored as a pointer to an array element. */
|
2020-03-18 11:58:38 -04:00
|
|
|
SSL_set_ex_data(backend->handle, connectdata_idx, conn);
|
|
|
|
SSL_set_ex_data(backend->handle, sockindex_idx, conn->sock + sockindex);
|
2018-11-14 05:52:45 -05:00
|
|
|
}
|
2016-06-12 23:47:12 -04:00
|
|
|
|
|
|
|
Curl_ssl_sessionid_lock(conn);
|
2016-11-16 12:49:15 -05:00
|
|
|
if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) {
|
2016-06-12 23:47:12 -04:00
|
|
|
/* we got a session id, use it! */
|
2020-03-18 11:58:38 -04:00
|
|
|
if(!SSL_set_session(backend->handle, ssl_sessionid)) {
|
2016-06-12 23:47:12 -04:00
|
|
|
Curl_ssl_sessionid_unlock(conn);
|
|
|
|
failf(data, "SSL: SSL_set_session failed: %s",
|
2017-04-17 10:01:40 -04:00
|
|
|
ossl_strerror(ERR_get_error(), error_buffer,
|
|
|
|
sizeof(error_buffer)));
|
2016-06-12 23:47:12 -04:00
|
|
|
return CURLE_SSL_CONNECT_ERROR;
|
|
|
|
}
|
|
|
|
/* Informational message */
|
2016-12-13 17:34:59 -05:00
|
|
|
infof(data, "SSL re-using session ID\n");
|
2001-08-28 04:37:54 -04:00
|
|
|
}
|
2016-06-12 23:47:12 -04:00
|
|
|
Curl_ssl_sessionid_unlock(conn);
|
2001-08-28 04:37:54 -04:00
|
|
|
}
|
|
|
|
|
2020-05-27 05:51:34 -04:00
|
|
|
#ifndef CURL_DISABLE_PROXY
|
2016-11-16 12:49:15 -05:00
|
|
|
if(conn->proxy_ssl[sockindex].use) {
|
|
|
|
BIO *const bio = BIO_new(BIO_f_ssl());
|
vtls: encapsulate SSL backend-specific data
So far, all of the SSL backends' private data has been declared as
part of the ssl_connect_data struct, in one big #if .. #elif .. #endif
block.
This can only work as long as the SSL backend is a compile-time option,
something we want to change in the next commits.
Therefore, let's encapsulate the exact data needed by each SSL backend
into a private struct, and let's avoid bleeding any SSL backend-specific
information into urldata.h. This is also necessary to allow multiple SSL
backends to be compiled in at the same time, as e.g. OpenSSL's and
CyaSSL's headers cannot be included in the same .c file.
To avoid too many malloc() calls, we simply append the private structs
to the connectdata struct in allocate_conn().
This requires us to take extra care of alignment issues: struct fields
often need to be aligned on certain boundaries e.g. 32-bit values need to
be stored at addresses that divide evenly by 4 (= 32 bit / 8
bit-per-byte).
We do that by assuming that no SSL backend's private data contains any
fields that need to be aligned on boundaries larger than `long long`
(typically 64-bit) would need. Under this assumption, we simply add a
dummy field of type `long long` to the `struct connectdata` struct. This
field will never be accessed but acts as a placeholder for the four
instances of ssl_backend_data instead. the size of each ssl_backend_data
struct is stored in the SSL backend-specific metadata, to allow
allocate_conn() to know how much extra space to allocate, and how to
initialize the ssl[sockindex]->backend and proxy_ssl[sockindex]->backend
pointers.
This would appear to be a little complicated at first, but is really
necessary to encapsulate the private data of each SSL backend correctly.
And we need to encapsulate thusly if we ever want to allow selecting
CyaSSL and OpenSSL at runtime, as their headers cannot be included within
the same .c file (there are just too many conflicting definitions and
declarations for that).
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2017-07-28 16:09:35 -04:00
|
|
|
SSL *handle = conn->proxy_ssl[sockindex].backend->handle;
|
2016-11-16 12:49:15 -05:00
|
|
|
DEBUGASSERT(ssl_connection_complete == conn->proxy_ssl[sockindex].state);
|
2017-09-06 18:04:06 -04:00
|
|
|
DEBUGASSERT(handle != NULL);
|
2016-11-16 12:49:15 -05:00
|
|
|
DEBUGASSERT(bio != NULL);
|
2017-06-21 06:41:18 -04:00
|
|
|
BIO_set_ssl(bio, handle, FALSE);
|
2020-03-18 11:58:38 -04:00
|
|
|
SSL_set_bio(backend->handle, bio, bio);
|
2016-11-16 12:49:15 -05:00
|
|
|
}
|
2020-05-27 05:51:34 -04:00
|
|
|
else
|
|
|
|
#endif
|
|
|
|
if(!SSL_set_fd(backend->handle, (int)sockfd)) {
|
2016-11-16 12:49:15 -05:00
|
|
|
/* pass the raw socket into the SSL layers */
|
2011-04-20 09:17:42 -04:00
|
|
|
failf(data, "SSL: SSL_set_fd failed: %s",
|
2017-04-17 10:01:40 -04:00
|
|
|
ossl_strerror(ERR_get_error(), error_buffer, sizeof(error_buffer)));
|
2011-04-20 09:17:42 -04:00
|
|
|
return CURLE_SSL_CONNECT_ERROR;
|
2005-02-09 18:04:51 -05:00
|
|
|
}
|
2002-01-07 13:38:01 -05:00
|
|
|
|
2006-03-21 16:54:44 -05:00
|
|
|
connssl->connecting_state = ssl_connect_2;
|
2014-11-01 12:16:56 -04:00
|
|
|
|
2006-03-21 16:54:44 -05:00
|
|
|
return CURLE_OK;
|
|
|
|
}
|
2002-01-07 13:38:01 -05:00
|
|
|
|
2014-10-30 19:14:45 -04:00
|
|
|
static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex)
|
2006-03-21 16:54:44 -05:00
|
|
|
{
|
2016-06-21 09:47:12 -04:00
|
|
|
struct Curl_easy *data = conn->data;
|
2006-03-21 16:54:44 -05:00
|
|
|
int err;
|
|
|
|
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
2020-05-27 05:51:34 -04:00
|
|
|
#ifndef CURL_DISABLE_PROXY
|
2016-11-21 05:01:25 -05:00
|
|
|
long * const certverifyresult = SSL_IS_PROXY() ?
|
|
|
|
&data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult;
|
2020-05-27 05:51:34 -04:00
|
|
|
#else
|
|
|
|
long * const certverifyresult = &data->set.ssl.certverifyresult;
|
|
|
|
#endif
|
2020-03-18 11:58:38 -04:00
|
|
|
struct ssl_backend_data *backend = connssl->backend;
|
2007-02-21 14:03:20 -05:00
|
|
|
DEBUGASSERT(ssl_connect_2 == connssl->connecting_state
|
2016-11-16 12:49:15 -05:00
|
|
|
|| ssl_connect_2_reading == connssl->connecting_state
|
|
|
|
|| ssl_connect_2_writing == connssl->connecting_state);
|
2005-04-07 11:27:13 -04:00
|
|
|
|
2010-06-05 17:41:58 -04:00
|
|
|
ERR_clear_error();
|
|
|
|
|
2020-03-18 11:58:38 -04:00
|
|
|
err = SSL_connect(backend->handle);
|
vtls: Extract and simplify key log file handling from OpenSSL
Create a set of routines for TLS key log file handling to enable reuse
with other TLS backends. Simplify the OpenSSL backend as follows:
- Drop the ENABLE_SSLKEYLOGFILE macro as it is unconditionally enabled.
- Do not perform dynamic memory allocation when preparing a log entry.
Unless the TLS specifications change we can suffice with a reasonable
fixed-size buffer.
- Simplify state tracking when SSL_CTX_set_keylog_callback is
unavailable. My original sslkeylog.c code included this tracking in
order to handle multiple calls to SSL_connect and detect new keys
after renegotiation (via SSL_read/SSL_write). For curl however we can
be sure that a single master secret eventually becomes available
after SSL_connect, so a simple flag is sufficient. An alternative to
the flag is examining SSL_state(), but this seems more complex and is
not pursued. Capturing keys after server renegotiation was already
unsupported in curl and remains unsupported.
Tested with curl built against OpenSSL 0.9.8zh, 1.0.2u, and 1.1.1f
(`SSLKEYLOGFILE=keys.txt curl -vkso /dev/null https://localhost:4433`)
against an OpenSSL 1.1.1f server configured with:
# Force non-TLSv1.3, use TLSv1.0 since 0.9.8 fails with 1.1 or 1.2
openssl s_server -www -tls1
# Likewise, but fail the server handshake.
openssl s_server -www -tls1 -Verify 2
# TLS 1.3 test. No need to test the failing server handshake.
openssl s_server -www -tls1_3
Verify that all secrets (1 for TLS 1.0, 4 for TLS 1.3) are correctly
written using Wireshark. For the first and third case, expect four
matches per connection (decrypted Server Finished, Client Finished, HTTP
Request, HTTP Response). For the second case where the handshake fails,
expect a decrypted Server Finished only.
tshark -i lo -pf tcp -otls.keylog_file:keys.txt -Tfields \
-eframe.number -eframe.time -etcp.stream -e_ws.col.Info \
-dtls.port==4433,http -ohttp.desegment_body:FALSE \
-Y 'tls.handshake.verify_data or http'
A single connection can easily be identified via the `tcp.stream` field.
2020-05-03 11:10:40 -04:00
|
|
|
#ifndef HAVE_KEYLOG_CALLBACK
|
|
|
|
if(Curl_tls_keylog_enabled()) {
|
|
|
|
/* If key logging is enabled, wait for the handshake to complete and then
|
|
|
|
* proceed with logging secrets (for TLS 1.2 or older).
|
|
|
|
*/
|
|
|
|
ossl_log_tls12_secret(backend->handle, &backend->keylog_done);
|
|
|
|
}
|
2017-09-05 15:27:22 -04:00
|
|
|
#endif
|
2004-06-18 02:20:43 -04:00
|
|
|
|
2006-03-21 16:54:44 -05:00
|
|
|
/* 1 is fine
|
|
|
|
0 is "not successful but was shut down controlled"
|
|
|
|
<0 is "handshake was not successful, because a fatal error occurred" */
|
|
|
|
if(1 != err) {
|
2020-03-18 11:58:38 -04:00
|
|
|
int detail = SSL_get_error(backend->handle, err);
|
2004-06-18 02:20:43 -04:00
|
|
|
|
2006-03-21 16:54:44 -05:00
|
|
|
if(SSL_ERROR_WANT_READ == detail) {
|
|
|
|
connssl->connecting_state = ssl_connect_2_reading;
|
|
|
|
return CURLE_OK;
|
2003-02-05 02:43:05 -05:00
|
|
|
}
|
2017-03-10 08:28:37 -05:00
|
|
|
if(SSL_ERROR_WANT_WRITE == detail) {
|
2006-03-21 16:54:44 -05:00
|
|
|
connssl->connecting_state = ssl_connect_2_writing;
|
|
|
|
return CURLE_OK;
|
|
|
|
}
|
2019-02-20 08:21:10 -05:00
|
|
|
#ifdef SSL_ERROR_WANT_ASYNC
|
|
|
|
if(SSL_ERROR_WANT_ASYNC == detail) {
|
|
|
|
connssl->connecting_state = ssl_connect_2;
|
|
|
|
return CURLE_OK;
|
|
|
|
}
|
|
|
|
#endif
|
2006-03-21 16:54:44 -05:00
|
|
|
else {
|
|
|
|
/* untreated error */
|
|
|
|
unsigned long errdetail;
|
2017-04-17 10:01:40 -04:00
|
|
|
char error_buffer[256]="";
|
2014-10-30 19:14:45 -04:00
|
|
|
CURLcode result;
|
2000-02-29 09:49:47 -05:00
|
|
|
long lerr;
|
2016-01-14 15:25:30 -05:00
|
|
|
int lib;
|
|
|
|
int reason;
|
2006-03-21 16:54:44 -05:00
|
|
|
|
2016-01-14 15:25:30 -05:00
|
|
|
/* the connection failed, we're not waiting for anything else. */
|
|
|
|
connssl->connecting_state = ssl_connect_2;
|
|
|
|
|
|
|
|
/* Get the earliest error code from the thread's error queue and removes
|
|
|
|
the entry. */
|
|
|
|
errdetail = ERR_get_error();
|
|
|
|
|
|
|
|
/* Extract which lib and reason */
|
|
|
|
lib = ERR_GET_LIB(errdetail);
|
|
|
|
reason = ERR_GET_REASON(errdetail);
|
|
|
|
|
|
|
|
if((lib == ERR_LIB_SSL) &&
|
2020-09-07 10:20:16 -04:00
|
|
|
((reason == SSL_R_CERTIFICATE_VERIFY_FAILED) ||
|
|
|
|
(reason == SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED))) {
|
2018-11-19 20:48:59 -05:00
|
|
|
result = CURLE_PEER_FAILED_VERIFICATION;
|
2000-02-29 09:49:47 -05:00
|
|
|
|
2020-03-18 11:58:38 -04:00
|
|
|
lerr = SSL_get_verify_result(backend->handle);
|
2000-02-29 09:49:47 -05:00
|
|
|
if(lerr != X509_V_OK) {
|
2016-11-21 05:01:25 -05:00
|
|
|
*certverifyresult = lerr;
|
2018-11-22 03:01:24 -05:00
|
|
|
msnprintf(error_buffer, sizeof(error_buffer),
|
|
|
|
"SSL certificate problem: %s",
|
|
|
|
X509_verify_cert_error_string(lerr));
|
2000-02-29 09:49:47 -05:00
|
|
|
}
|
|
|
|
else
|
2015-06-18 08:20:31 -04:00
|
|
|
/* strcpy() is fine here as long as the string fits within
|
|
|
|
error_buffer */
|
2016-01-14 15:25:30 -05:00
|
|
|
strcpy(error_buffer, "SSL certificate verification failed");
|
|
|
|
}
|
|
|
|
else {
|
2014-10-30 19:14:45 -04:00
|
|
|
result = CURLE_SSL_CONNECT_ERROR;
|
2016-05-31 13:54:35 -04:00
|
|
|
ossl_strerror(errdetail, error_buffer, sizeof(error_buffer));
|
2004-03-10 03:43:01 -05:00
|
|
|
}
|
2006-03-21 16:54:44 -05:00
|
|
|
|
|
|
|
/* detail is already set to the SSL error above */
|
|
|
|
|
|
|
|
/* If we e.g. use SSLv2 request-method and the server doesn't like us
|
|
|
|
* (RST connection etc.), OpenSSL gives no explanation whatsoever and
|
|
|
|
* the SO_ERROR is also lost.
|
|
|
|
*/
|
2014-10-30 19:14:45 -04:00
|
|
|
if(CURLE_SSL_CONNECT_ERROR == result && errdetail == 0) {
|
2020-05-27 05:51:34 -04:00
|
|
|
#ifndef CURL_DISABLE_PROXY
|
2016-11-16 12:49:15 -05:00
|
|
|
const char * const hostname = SSL_IS_PROXY() ?
|
|
|
|
conn->http_proxy.host.name : conn->host.name;
|
|
|
|
const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port;
|
2020-05-27 05:51:34 -04:00
|
|
|
#else
|
|
|
|
const char * const hostname = conn->host.name;
|
|
|
|
const long int port = conn->remote_port;
|
|
|
|
#endif
|
2019-11-14 08:19:04 -05:00
|
|
|
char extramsg[80]="";
|
|
|
|
int sockerr = SOCKERRNO;
|
|
|
|
if(sockerr && detail == SSL_ERROR_SYSCALL)
|
|
|
|
Curl_strerror(sockerr, extramsg, sizeof(extramsg));
|
2017-03-22 14:39:41 -04:00
|
|
|
failf(data, OSSL_PACKAGE " SSL_connect: %s in connection to %s:%ld ",
|
2019-11-14 08:19:04 -05:00
|
|
|
extramsg[0] ? extramsg : SSL_ERROR_to_str(detail),
|
|
|
|
hostname, port);
|
2014-10-30 19:14:45 -04:00
|
|
|
return result;
|
2004-03-10 03:43:01 -05:00
|
|
|
}
|
2006-03-21 16:54:44 -05:00
|
|
|
|
2014-10-30 19:14:45 -04:00
|
|
|
/* Could be a CERT problem */
|
2015-06-18 08:20:31 -04:00
|
|
|
failf(data, "%s", error_buffer);
|
2014-10-30 19:14:45 -04:00
|
|
|
|
|
|
|
return result;
|
2006-03-21 16:54:44 -05:00
|
|
|
}
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
/* we have been connected fine, we're not waiting for anything else. */
|
|
|
|
connssl->connecting_state = ssl_connect_3;
|
|
|
|
|
|
|
|
/* Informational message */
|
2014-10-30 19:14:45 -04:00
|
|
|
infof(data, "SSL connection using %s / %s\n",
|
2020-03-18 11:58:38 -04:00
|
|
|
get_ssl_version_txt(backend->handle),
|
|
|
|
SSL_get_cipher(backend->handle));
|
2006-03-21 16:54:44 -05:00
|
|
|
|
2014-02-02 21:33:28 -05:00
|
|
|
#ifdef HAS_ALPN
|
|
|
|
/* Sets data and len to negotiated protocol, len is 0 if no protocol was
|
|
|
|
* negotiated
|
|
|
|
*/
|
2016-05-09 10:50:11 -04:00
|
|
|
if(conn->bits.tls_enable_alpn) {
|
2016-11-23 01:53:24 -05:00
|
|
|
const unsigned char *neg_protocol;
|
2014-04-03 11:03:02 -04:00
|
|
|
unsigned int len;
|
2020-03-18 11:58:38 -04:00
|
|
|
SSL_get0_alpn_selected(backend->handle, &neg_protocol, &len);
|
2014-02-11 02:05:13 -05:00
|
|
|
if(len != 0) {
|
|
|
|
infof(data, "ALPN, server accepted to use %.*s\n", len, neg_protocol);
|
|
|
|
|
2015-02-16 10:47:56 -05:00
|
|
|
#ifdef USE_NGHTTP2
|
2014-02-11 02:05:13 -05:00
|
|
|
if(len == NGHTTP2_PROTO_VERSION_ID_LEN &&
|
2015-02-16 10:47:56 -05:00
|
|
|
!memcmp(NGHTTP2_PROTO_VERSION_ID, neg_protocol, len)) {
|
2015-12-13 03:23:36 -05:00
|
|
|
conn->negnpn = CURL_HTTP_VERSION_2;
|
2014-02-11 02:05:13 -05:00
|
|
|
}
|
2015-02-16 10:47:56 -05:00
|
|
|
else
|
|
|
|
#endif
|
|
|
|
if(len == ALPN_HTTP_1_1_LENGTH &&
|
|
|
|
!memcmp(ALPN_HTTP_1_1, neg_protocol, ALPN_HTTP_1_1_LENGTH)) {
|
2015-03-07 05:10:30 -05:00
|
|
|
conn->negnpn = CURL_HTTP_VERSION_1_1;
|
2014-02-11 02:05:13 -05:00
|
|
|
}
|
2014-02-02 21:33:28 -05:00
|
|
|
}
|
2015-02-16 10:47:56 -05:00
|
|
|
else
|
2014-02-11 02:05:13 -05:00
|
|
|
infof(data, "ALPN, server did not agree to a protocol\n");
|
2019-04-30 05:14:38 -04:00
|
|
|
|
|
|
|
Curl_multiuse_state(conn, conn->negnpn == CURL_HTTP_VERSION_2 ?
|
|
|
|
BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
|
2014-02-02 21:33:28 -05:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2006-03-21 16:54:44 -05:00
|
|
|
return CURLE_OK;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2008-09-05 10:29:21 -04:00
|
|
|
static int asn1_object_dump(ASN1_OBJECT *a, char *buf, size_t len)
|
|
|
|
{
|
2008-10-13 22:35:39 -04:00
|
|
|
int i, ilen;
|
|
|
|
|
2016-12-13 19:29:44 -05:00
|
|
|
ilen = (int)len;
|
|
|
|
if(ilen < 0)
|
2008-10-13 22:35:39 -04:00
|
|
|
return 1; /* buffer too big */
|
|
|
|
|
|
|
|
i = i2t_ASN1_OBJECT(buf, ilen, a);
|
|
|
|
|
|
|
|
if(i >= ilen)
|
|
|
|
return 1; /* buffer too small */
|
|
|
|
|
2008-09-05 10:29:21 -04:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2015-09-14 06:26:12 -04:00
|
|
|
#define push_certinfo(_label, _num) \
|
2015-09-12 09:30:44 -04:00
|
|
|
do { \
|
|
|
|
long info_len = BIO_get_mem_data(mem, &ptr); \
|
|
|
|
Curl_ssl_push_certinfo_len(data, _num, _label, ptr, info_len); \
|
2017-09-09 17:09:06 -04:00
|
|
|
if(1 != BIO_reset(mem)) \
|
2015-12-10 11:31:00 -05:00
|
|
|
break; \
|
2019-11-30 03:29:36 -05:00
|
|
|
} while(0)
|
2015-09-12 09:30:44 -04:00
|
|
|
|
2016-06-21 09:47:12 -04:00
|
|
|
static void pubkey_show(struct Curl_easy *data,
|
2015-09-12 09:30:44 -04:00
|
|
|
BIO *mem,
|
2008-09-05 10:29:21 -04:00
|
|
|
int num,
|
|
|
|
const char *type,
|
|
|
|
const char *name,
|
2016-06-19 17:21:54 -04:00
|
|
|
#ifdef HAVE_OPAQUE_RSA_DSA_DH
|
|
|
|
const
|
|
|
|
#endif
|
2015-09-12 09:30:44 -04:00
|
|
|
BIGNUM *bn)
|
2008-09-05 10:29:21 -04:00
|
|
|
{
|
2015-09-12 09:30:44 -04:00
|
|
|
char *ptr;
|
2008-09-05 10:29:21 -04:00
|
|
|
char namebuf[32];
|
2015-09-12 09:30:44 -04:00
|
|
|
|
2018-11-22 03:01:24 -05:00
|
|
|
msnprintf(namebuf, sizeof(namebuf), "%s(%s)", type, name);
|
2015-09-12 09:30:44 -04:00
|
|
|
|
2016-04-26 17:55:31 -04:00
|
|
|
if(bn)
|
|
|
|
BN_print(mem, bn);
|
2015-09-14 06:26:12 -04:00
|
|
|
push_certinfo(namebuf, num);
|
2008-09-05 10:29:21 -04:00
|
|
|
}
|
|
|
|
|
2016-04-21 04:24:23 -04:00
|
|
|
#ifdef HAVE_OPAQUE_RSA_DSA_DH
|
|
|
|
#define print_pubkey_BN(_type, _name, _num) \
|
|
|
|
pubkey_show(data, mem, _num, #_type, #_name, _name)
|
|
|
|
|
|
|
|
#else
|
2008-09-05 10:29:21 -04:00
|
|
|
#define print_pubkey_BN(_type, _name, _num) \
|
|
|
|
do { \
|
2016-02-13 11:09:12 -05:00
|
|
|
if(_type->_name) { \
|
|
|
|
pubkey_show(data, mem, _num, #_type, #_name, _type->_name); \
|
2008-09-05 10:29:21 -04:00
|
|
|
} \
|
2019-11-30 03:29:36 -05:00
|
|
|
} while(0)
|
2016-04-21 04:24:23 -04:00
|
|
|
#endif
|
2008-09-05 10:29:21 -04:00
|
|
|
|
2020-01-22 04:29:44 -05:00
|
|
|
static void X509V3_ext(struct Curl_easy *data,
|
2008-09-05 10:29:21 -04:00
|
|
|
int certnum,
|
2016-08-25 06:27:31 -04:00
|
|
|
CONST_EXTS STACK_OF(X509_EXTENSION) *exts)
|
2008-09-05 10:29:21 -04:00
|
|
|
{
|
2008-09-23 09:16:36 -04:00
|
|
|
int i;
|
2008-09-05 10:29:21 -04:00
|
|
|
|
2016-02-06 19:10:49 -05:00
|
|
|
if((int)sk_X509_EXTENSION_num(exts) <= 0)
|
2008-09-05 10:29:21 -04:00
|
|
|
/* no extensions, bail out */
|
2020-01-22 04:29:44 -05:00
|
|
|
return;
|
2008-09-05 10:29:21 -04:00
|
|
|
|
2017-09-09 17:09:06 -04:00
|
|
|
for(i = 0; i < (int)sk_X509_EXTENSION_num(exts); i++) {
|
2008-09-05 10:29:21 -04:00
|
|
|
ASN1_OBJECT *obj;
|
|
|
|
X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
|
|
|
|
BUF_MEM *biomem;
|
|
|
|
char namebuf[128];
|
2009-05-27 17:15:38 -04:00
|
|
|
BIO *bio_out = BIO_new(BIO_s_mem());
|
|
|
|
|
|
|
|
if(!bio_out)
|
2020-01-22 04:29:44 -05:00
|
|
|
return;
|
2008-09-05 10:29:21 -04:00
|
|
|
|
|
|
|
obj = X509_EXTENSION_get_object(ext);
|
|
|
|
|
|
|
|
asn1_object_dump(obj, namebuf, sizeof(namebuf));
|
|
|
|
|
|
|
|
if(!X509V3_EXT_print(bio_out, ext, 0, 0))
|
2015-03-24 17:59:33 -04:00
|
|
|
ASN1_STRING_print(bio_out, (ASN1_STRING *)X509_EXTENSION_get_data(ext));
|
2008-09-05 10:29:21 -04:00
|
|
|
|
|
|
|
BIO_get_mem_ptr(bio_out, &biomem);
|
2020-01-22 04:29:44 -05:00
|
|
|
Curl_ssl_push_certinfo_len(data, certnum, namebuf, biomem->data,
|
|
|
|
biomem->length);
|
2008-09-05 10:29:21 -04:00
|
|
|
BIO_free(bio_out);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-08-20 05:30:25 -04:00
|
|
|
#ifdef OPENSSL_IS_BORINGSSL
|
|
|
|
typedef size_t numcert_t;
|
|
|
|
#else
|
|
|
|
typedef int numcert_t;
|
|
|
|
#endif
|
|
|
|
|
2008-09-05 10:29:21 -04:00
|
|
|
static CURLcode get_cert_chain(struct connectdata *conn,
|
|
|
|
struct ssl_connect_data *connssl)
|
|
|
|
|
|
|
|
{
|
2014-12-26 06:53:34 -05:00
|
|
|
CURLcode result;
|
2008-09-05 10:29:21 -04:00
|
|
|
STACK_OF(X509) *sk;
|
|
|
|
int i;
|
2016-06-21 09:47:12 -04:00
|
|
|
struct Curl_easy *data = conn->data;
|
2019-08-20 05:30:25 -04:00
|
|
|
numcert_t numcerts;
|
2015-09-12 09:30:44 -04:00
|
|
|
BIO *mem;
|
2020-03-18 11:58:38 -04:00
|
|
|
struct ssl_backend_data *backend = connssl->backend;
|
2008-09-05 10:29:21 -04:00
|
|
|
|
2020-03-18 11:58:38 -04:00
|
|
|
sk = SSL_get_peer_cert_chain(backend->handle);
|
2011-01-04 04:20:28 -05:00
|
|
|
if(!sk) {
|
2008-09-05 10:29:21 -04:00
|
|
|
return CURLE_OUT_OF_MEMORY;
|
2011-01-04 04:20:28 -05:00
|
|
|
}
|
2008-09-05 10:29:21 -04:00
|
|
|
|
|
|
|
numcerts = sk_X509_num(sk);
|
2014-12-26 06:53:34 -05:00
|
|
|
|
2019-08-20 05:30:25 -04:00
|
|
|
result = Curl_ssl_init_certinfo(data, (int)numcerts);
|
2014-12-26 06:53:34 -05:00
|
|
|
if(result) {
|
|
|
|
return result;
|
2011-01-04 04:20:28 -05:00
|
|
|
}
|
2008-09-05 10:29:21 -04:00
|
|
|
|
2015-09-12 09:30:44 -04:00
|
|
|
mem = BIO_new(BIO_s_mem());
|
|
|
|
|
2019-08-20 05:30:25 -04:00
|
|
|
for(i = 0; i < (int)numcerts; i++) {
|
2008-09-05 10:29:21 -04:00
|
|
|
ASN1_INTEGER *num;
|
|
|
|
X509 *x = sk_X509_value(sk, i);
|
2017-09-09 17:09:06 -04:00
|
|
|
EVP_PKEY *pubkey = NULL;
|
2008-09-05 10:29:21 -04:00
|
|
|
int j;
|
|
|
|
char *ptr;
|
2017-08-10 16:37:17 -04:00
|
|
|
const ASN1_BIT_STRING *psig = NULL;
|
2008-09-05 10:29:21 -04:00
|
|
|
|
2015-09-12 09:30:44 -04:00
|
|
|
X509_NAME_print_ex(mem, X509_get_subject_name(x), 0, XN_FLAG_ONELINE);
|
2015-09-14 06:26:12 -04:00
|
|
|
push_certinfo("Subject", i);
|
2008-09-05 10:29:21 -04:00
|
|
|
|
2015-09-12 09:30:44 -04:00
|
|
|
X509_NAME_print_ex(mem, X509_get_issuer_name(x), 0, XN_FLAG_ONELINE);
|
2015-09-14 06:26:12 -04:00
|
|
|
push_certinfo("Issuer", i);
|
2008-09-05 10:29:21 -04:00
|
|
|
|
2015-09-14 06:26:12 -04:00
|
|
|
BIO_printf(mem, "%lx", X509_get_version(x));
|
|
|
|
push_certinfo("Version", i);
|
2008-09-05 10:29:21 -04:00
|
|
|
|
2015-09-12 09:30:44 -04:00
|
|
|
num = X509_get_serialNumber(x);
|
|
|
|
if(num->type == V_ASN1_NEG_INTEGER)
|
|
|
|
BIO_puts(mem, "-");
|
|
|
|
for(j = 0; j < num->length; j++)
|
|
|
|
BIO_printf(mem, "%02x", num->data[j]);
|
2015-09-14 06:26:12 -04:00
|
|
|
push_certinfo("Serial Number", i);
|
2008-09-05 10:29:21 -04:00
|
|
|
|
2015-12-10 13:20:22 -05:00
|
|
|
#if defined(HAVE_X509_GET0_SIGNATURE) && defined(HAVE_X509_GET0_EXTENSIONS)
|
|
|
|
{
|
2019-06-16 03:44:21 -04:00
|
|
|
const X509_ALGOR *sigalg = NULL;
|
|
|
|
X509_PUBKEY *xpubkey = NULL;
|
|
|
|
ASN1_OBJECT *pubkeyoid = NULL;
|
|
|
|
|
|
|
|
X509_get0_signature(&psig, &sigalg, x);
|
|
|
|
if(sigalg) {
|
|
|
|
i2a_ASN1_OBJECT(mem, sigalg->algorithm);
|
|
|
|
push_certinfo("Signature Algorithm", i);
|
|
|
|
}
|
|
|
|
|
|
|
|
xpubkey = X509_get_X509_PUBKEY(x);
|
|
|
|
if(xpubkey) {
|
|
|
|
X509_PUBKEY_get0_param(&pubkeyoid, NULL, NULL, NULL, xpubkey);
|
|
|
|
if(pubkeyoid) {
|
|
|
|
i2a_ASN1_OBJECT(mem, pubkeyoid);
|
2016-05-17 03:14:06 -04:00
|
|
|
push_certinfo("Public Key Algorithm", i);
|
|
|
|
}
|
|
|
|
}
|
2019-06-16 03:44:21 -04:00
|
|
|
|
2015-12-10 13:20:22 -05:00
|
|
|
X509V3_ext(data, i, X509_get0_extensions(x));
|
|
|
|
}
|
|
|
|
#else
|
|
|
|
{
|
|
|
|
/* before OpenSSL 1.0.2 */
|
|
|
|
X509_CINF *cinf = x->cert_info;
|
|
|
|
|
|
|
|
i2a_ASN1_OBJECT(mem, cinf->signature->algorithm);
|
|
|
|
push_certinfo("Signature Algorithm", i);
|
|
|
|
|
|
|
|
i2a_ASN1_OBJECT(mem, cinf->key->algor->algorithm);
|
|
|
|
push_certinfo("Public Key Algorithm", i);
|
|
|
|
|
|
|
|
X509V3_ext(data, i, cinf->extensions);
|
|
|
|
|
|
|
|
psig = x->signature;
|
|
|
|
}
|
|
|
|
#endif
|
2008-09-05 10:29:21 -04:00
|
|
|
|
2016-09-05 12:15:25 -04:00
|
|
|
ASN1_TIME_print(mem, X509_get0_notBefore(x));
|
2015-09-14 06:26:12 -04:00
|
|
|
push_certinfo("Start date", i);
|
2008-09-05 10:29:21 -04:00
|
|
|
|
2016-09-05 12:15:25 -04:00
|
|
|
ASN1_TIME_print(mem, X509_get0_notAfter(x));
|
2015-09-14 06:26:12 -04:00
|
|
|
push_certinfo("Expire date", i);
|
2008-09-05 10:29:21 -04:00
|
|
|
|
|
|
|
pubkey = X509_get_pubkey(x);
|
|
|
|
if(!pubkey)
|
|
|
|
infof(data, " Unable to load public key\n");
|
|
|
|
else {
|
2016-02-13 11:09:12 -05:00
|
|
|
int pktype;
|
2016-02-15 18:22:54 -05:00
|
|
|
#ifdef HAVE_OPAQUE_EVP_PKEY
|
2016-02-13 11:09:12 -05:00
|
|
|
pktype = EVP_PKEY_id(pubkey);
|
|
|
|
#else
|
|
|
|
pktype = pubkey->type;
|
|
|
|
#endif
|
|
|
|
switch(pktype) {
|
2008-09-05 10:29:21 -04:00
|
|
|
case EVP_PKEY_RSA:
|
2016-02-13 11:09:12 -05:00
|
|
|
{
|
|
|
|
RSA *rsa;
|
2016-02-15 18:22:54 -05:00
|
|
|
#ifdef HAVE_OPAQUE_EVP_PKEY
|
2016-02-13 11:09:12 -05:00
|
|
|
rsa = EVP_PKEY_get0_RSA(pubkey);
|
|
|
|
#else
|
|
|
|
rsa = pubkey->pkey.rsa;
|
|
|
|
#endif
|
2016-04-21 04:24:23 -04:00
|
|
|
|
|
|
|
#ifdef HAVE_OPAQUE_RSA_DSA_DH
|
|
|
|
{
|
2016-06-19 17:21:54 -04:00
|
|
|
const BIGNUM *n;
|
|
|
|
const BIGNUM *e;
|
2016-04-21 04:24:23 -04:00
|
|
|
|
2017-04-17 10:20:26 -04:00
|
|
|
RSA_get0_key(rsa, &n, &e, NULL);
|
2019-06-16 03:44:21 -04:00
|
|
|
BIO_printf(mem, "%d", BN_num_bits(n));
|
2016-04-21 04:24:23 -04:00
|
|
|
push_certinfo("RSA Public Key", i);
|
|
|
|
print_pubkey_BN(rsa, n, i);
|
|
|
|
print_pubkey_BN(rsa, e, i);
|
|
|
|
}
|
|
|
|
#else
|
2016-02-13 11:09:12 -05:00
|
|
|
BIO_printf(mem, "%d", BN_num_bits(rsa->n));
|
2015-09-14 06:26:12 -04:00
|
|
|
push_certinfo("RSA Public Key", i);
|
2008-09-05 10:29:21 -04:00
|
|
|
print_pubkey_BN(rsa, n, i);
|
|
|
|
print_pubkey_BN(rsa, e, i);
|
2016-04-21 04:24:23 -04:00
|
|
|
#endif
|
|
|
|
|
2008-09-05 10:29:21 -04:00
|
|
|
break;
|
2016-02-13 11:09:12 -05:00
|
|
|
}
|
2008-09-05 10:29:21 -04:00
|
|
|
case EVP_PKEY_DSA:
|
2016-02-13 11:09:12 -05:00
|
|
|
{
|
2017-03-28 02:56:00 -04:00
|
|
|
#ifndef OPENSSL_NO_DSA
|
2016-02-13 11:09:12 -05:00
|
|
|
DSA *dsa;
|
2016-02-15 18:22:54 -05:00
|
|
|
#ifdef HAVE_OPAQUE_EVP_PKEY
|
2016-02-13 11:09:12 -05:00
|
|
|
dsa = EVP_PKEY_get0_DSA(pubkey);
|
|
|
|
#else
|
|
|
|
dsa = pubkey->pkey.dsa;
|
|
|
|
#endif
|
2016-04-21 04:24:23 -04:00
|
|
|
#ifdef HAVE_OPAQUE_RSA_DSA_DH
|
|
|
|
{
|
2016-06-19 17:21:54 -04:00
|
|
|
const BIGNUM *p;
|
|
|
|
const BIGNUM *q;
|
|
|
|
const BIGNUM *g;
|
|
|
|
const BIGNUM *pub_key;
|
2016-04-21 04:24:23 -04:00
|
|
|
|
|
|
|
DSA_get0_pqg(dsa, &p, &q, &g);
|
2017-04-17 10:20:26 -04:00
|
|
|
DSA_get0_key(dsa, &pub_key, NULL);
|
2016-04-21 04:24:23 -04:00
|
|
|
|
|
|
|
print_pubkey_BN(dsa, p, i);
|
|
|
|
print_pubkey_BN(dsa, q, i);
|
|
|
|
print_pubkey_BN(dsa, g, i);
|
|
|
|
print_pubkey_BN(dsa, pub_key, i);
|
|
|
|
}
|
|
|
|
#else
|
2008-09-05 10:29:21 -04:00
|
|
|
print_pubkey_BN(dsa, p, i);
|
|
|
|
print_pubkey_BN(dsa, q, i);
|
|
|
|
print_pubkey_BN(dsa, g, i);
|
|
|
|
print_pubkey_BN(dsa, pub_key, i);
|
2016-04-21 04:24:23 -04:00
|
|
|
#endif
|
2017-03-28 02:56:00 -04:00
|
|
|
#endif /* !OPENSSL_NO_DSA */
|
2008-09-05 10:29:21 -04:00
|
|
|
break;
|
2016-02-13 11:09:12 -05:00
|
|
|
}
|
2008-09-05 10:29:21 -04:00
|
|
|
case EVP_PKEY_DH:
|
2016-02-13 11:09:12 -05:00
|
|
|
{
|
|
|
|
DH *dh;
|
2016-02-15 18:22:54 -05:00
|
|
|
#ifdef HAVE_OPAQUE_EVP_PKEY
|
2016-02-13 11:09:12 -05:00
|
|
|
dh = EVP_PKEY_get0_DH(pubkey);
|
|
|
|
#else
|
|
|
|
dh = pubkey->pkey.dh;
|
|
|
|
#endif
|
2016-04-21 04:24:23 -04:00
|
|
|
#ifdef HAVE_OPAQUE_RSA_DSA_DH
|
|
|
|
{
|
2016-06-19 17:21:54 -04:00
|
|
|
const BIGNUM *p;
|
|
|
|
const BIGNUM *q;
|
|
|
|
const BIGNUM *g;
|
|
|
|
const BIGNUM *pub_key;
|
2016-04-21 04:24:23 -04:00
|
|
|
DH_get0_pqg(dh, &p, &q, &g);
|
2017-04-17 10:20:26 -04:00
|
|
|
DH_get0_key(dh, &pub_key, NULL);
|
2016-04-21 04:24:23 -04:00
|
|
|
print_pubkey_BN(dh, p, i);
|
|
|
|
print_pubkey_BN(dh, q, i);
|
|
|
|
print_pubkey_BN(dh, g, i);
|
|
|
|
print_pubkey_BN(dh, pub_key, i);
|
|
|
|
}
|
|
|
|
#else
|
2008-09-05 10:29:21 -04:00
|
|
|
print_pubkey_BN(dh, p, i);
|
|
|
|
print_pubkey_BN(dh, g, i);
|
|
|
|
print_pubkey_BN(dh, pub_key, i);
|
2016-04-21 04:24:23 -04:00
|
|
|
#endif
|
2008-09-05 10:29:21 -04:00
|
|
|
break;
|
2016-02-13 11:09:12 -05:00
|
|
|
}
|
2008-09-05 10:29:21 -04:00
|
|
|
}
|
2010-03-02 08:41:18 -05:00
|
|
|
EVP_PKEY_free(pubkey);
|
2008-09-05 10:29:21 -04:00
|
|
|
}
|
|
|
|
|
2016-05-17 03:34:33 -04:00
|
|
|
if(psig) {
|
|
|
|
for(j = 0; j < psig->length; j++)
|
|
|
|
BIO_printf(mem, "%02x:", psig->data[j]);
|
|
|
|
push_certinfo("Signature", i);
|
|
|
|
}
|
2015-09-12 09:30:44 -04:00
|
|
|
|
|
|
|
PEM_write_bio_X509(mem, x);
|
2015-09-14 06:26:12 -04:00
|
|
|
push_certinfo("Cert", i);
|
2008-09-05 10:29:21 -04:00
|
|
|
}
|
|
|
|
|
2015-09-12 09:30:44 -04:00
|
|
|
BIO_free(mem);
|
2011-01-04 04:20:28 -05:00
|
|
|
|
2008-09-05 10:29:21 -04:00
|
|
|
return CURLE_OK;
|
|
|
|
}
|
|
|
|
|
2014-09-30 22:31:17 -04:00
|
|
|
/*
|
|
|
|
* Heavily modified from:
|
|
|
|
* https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning#OpenSSL
|
|
|
|
*/
|
2016-06-21 09:47:12 -04:00
|
|
|
static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, X509* cert,
|
2015-09-12 17:35:12 -04:00
|
|
|
const char *pinnedpubkey)
|
2014-09-30 22:31:17 -04:00
|
|
|
{
|
|
|
|
/* Scratch */
|
|
|
|
int len1 = 0, len2 = 0;
|
2014-10-13 12:34:51 -04:00
|
|
|
unsigned char *buff1 = NULL, *temp = NULL;
|
2014-09-30 22:31:17 -04:00
|
|
|
|
|
|
|
/* Result is returned to caller */
|
2014-10-13 12:34:51 -04:00
|
|
|
CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
|
2014-09-30 22:31:17 -04:00
|
|
|
|
|
|
|
/* if a path wasn't specified, don't pin */
|
2014-12-24 11:14:30 -05:00
|
|
|
if(!pinnedpubkey)
|
2014-10-13 16:22:49 -04:00
|
|
|
return CURLE_OK;
|
|
|
|
|
2014-12-24 11:14:30 -05:00
|
|
|
if(!cert)
|
2014-10-13 16:22:49 -04:00
|
|
|
return result;
|
2014-09-30 22:31:17 -04:00
|
|
|
|
|
|
|
do {
|
|
|
|
/* Begin Gyrations to get the subjectPublicKeyInfo */
|
|
|
|
/* Thanks to Viktor Dukhovni on the OpenSSL mailing list */
|
|
|
|
|
2014-12-28 22:15:36 -05:00
|
|
|
/* https://groups.google.com/group/mailing.openssl.users/browse_thread
|
2014-09-30 22:31:17 -04:00
|
|
|
/thread/d61858dae102c6c7 */
|
|
|
|
len1 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), NULL);
|
|
|
|
if(len1 < 1)
|
|
|
|
break; /* failed */
|
|
|
|
|
2016-08-12 04:06:07 -04:00
|
|
|
buff1 = temp = malloc(len1);
|
2014-12-24 11:14:30 -05:00
|
|
|
if(!buff1)
|
2014-09-30 22:31:17 -04:00
|
|
|
break; /* failed */
|
|
|
|
|
2014-12-28 22:15:36 -05:00
|
|
|
/* https://www.openssl.org/docs/crypto/d2i_X509.html */
|
2014-09-30 22:31:17 -04:00
|
|
|
len2 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &temp);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* These checks are verifying we got back the same values as when we
|
2014-12-28 22:15:36 -05:00
|
|
|
* sized the buffer. It's pretty weak since they should always be the
|
2014-09-30 22:31:17 -04:00
|
|
|
* same. But it gives us something to test.
|
|
|
|
*/
|
2014-12-24 11:14:30 -05:00
|
|
|
if((len1 != len2) || !temp || ((temp - buff1) != len1))
|
2014-09-30 22:31:17 -04:00
|
|
|
break; /* failed */
|
|
|
|
|
|
|
|
/* End Gyrations */
|
|
|
|
|
|
|
|
/* The one good exit point */
|
2015-09-12 17:35:12 -04:00
|
|
|
result = Curl_pin_peer_pubkey(data, pinnedpubkey, buff1, len1);
|
2014-09-30 22:31:17 -04:00
|
|
|
} while(0);
|
|
|
|
|
2014-10-13 16:22:49 -04:00
|
|
|
if(buff1)
|
2016-08-12 04:06:07 -04:00
|
|
|
free(buff1);
|
2014-09-30 22:31:17 -04:00
|
|
|
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
2007-12-03 06:39:27 -05:00
|
|
|
/*
|
|
|
|
* Get the server cert, verify it and show it etc, only call failf() if the
|
|
|
|
* 'strict' argument is TRUE as otherwise all this is for informational
|
|
|
|
* purposes only!
|
|
|
|
*
|
|
|
|
* We check certificates to authenticate the server; otherwise we risk
|
|
|
|
* man-in-the-middle attack.
|
|
|
|
*/
|
|
|
|
static CURLcode servercert(struct connectdata *conn,
|
|
|
|
struct ssl_connect_data *connssl,
|
|
|
|
bool strict)
|
2006-03-21 16:54:44 -05:00
|
|
|
{
|
2014-11-01 12:30:16 -04:00
|
|
|
CURLcode result = CURLE_OK;
|
2008-09-05 10:29:21 -04:00
|
|
|
int rc;
|
2018-10-16 17:35:44 -04:00
|
|
|
long lerr;
|
2016-06-21 09:47:12 -04:00
|
|
|
struct Curl_easy *data = conn->data;
|
2008-06-06 16:52:32 -04:00
|
|
|
X509 *issuer;
|
2018-04-17 04:50:09 -04:00
|
|
|
BIO *fp = NULL;
|
|
|
|
char error_buffer[256]="";
|
2017-04-25 09:28:50 -04:00
|
|
|
char buffer[2048];
|
2014-10-13 12:34:51 -04:00
|
|
|
const char *ptr;
|
2020-05-27 05:51:34 -04:00
|
|
|
#ifndef CURL_DISABLE_PROXY
|
2016-11-16 12:49:15 -05:00
|
|
|
long * const certverifyresult = SSL_IS_PROXY() ?
|
|
|
|
&data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult;
|
2020-05-27 05:51:34 -04:00
|
|
|
#else
|
|
|
|
long * const certverifyresult = &data->set.ssl.certverifyresult;
|
|
|
|
#endif
|
2015-09-12 09:30:44 -04:00
|
|
|
BIO *mem = BIO_new(BIO_s_mem());
|
2020-03-18 11:58:38 -04:00
|
|
|
struct ssl_backend_data *backend = connssl->backend;
|
2008-09-05 10:29:21 -04:00
|
|
|
|
|
|
|
if(data->set.ssl.certinfo)
|
|
|
|
/* we've been asked to gather certificate info! */
|
|
|
|
(void)get_cert_chain(conn, connssl);
|
2008-06-06 16:52:32 -04:00
|
|
|
|
2020-03-18 11:58:38 -04:00
|
|
|
backend->server_cert = SSL_get_peer_certificate(backend->handle);
|
|
|
|
if(!backend->server_cert) {
|
2017-04-20 09:46:03 -04:00
|
|
|
BIO_free(mem);
|
2015-08-21 08:50:45 -04:00
|
|
|
if(!strict)
|
|
|
|
return CURLE_OK;
|
|
|
|
|
|
|
|
failf(data, "SSL: couldn't get peer certificate!");
|
2007-10-03 04:07:50 -04:00
|
|
|
return CURLE_PEER_FAILED_VERIFICATION;
|
2001-02-20 12:35:51 -05:00
|
|
|
}
|
2014-11-01 12:30:16 -04:00
|
|
|
|
2016-11-16 12:49:15 -05:00
|
|
|
infof(data, "%s certificate:\n", SSL_IS_PROXY() ? "Proxy" : "Server");
|
2004-05-18 03:25:13 -04:00
|
|
|
|
2020-03-18 11:58:38 -04:00
|
|
|
rc = x509_name_oneline(X509_get_subject_name(backend->server_cert),
|
2017-04-25 09:28:50 -04:00
|
|
|
buffer, sizeof(buffer));
|
2016-03-16 06:02:33 -04:00
|
|
|
infof(data, " subject: %s\n", rc?"[NONE]":buffer);
|
2001-02-20 12:35:51 -05:00
|
|
|
|
2018-10-16 17:35:44 -04:00
|
|
|
#ifndef CURL_DISABLE_VERBOSE_STRINGS
|
|
|
|
{
|
|
|
|
long len;
|
2020-03-18 11:58:38 -04:00
|
|
|
ASN1_TIME_print(mem, X509_get0_notBefore(backend->server_cert));
|
2018-10-16 17:35:44 -04:00
|
|
|
len = BIO_get_mem_data(mem, (char **) &ptr);
|
|
|
|
infof(data, " start date: %.*s\n", len, ptr);
|
|
|
|
(void)BIO_reset(mem);
|
2015-09-12 09:30:44 -04:00
|
|
|
|
2020-03-18 11:58:38 -04:00
|
|
|
ASN1_TIME_print(mem, X509_get0_notAfter(backend->server_cert));
|
2018-10-16 17:35:44 -04:00
|
|
|
len = BIO_get_mem_data(mem, (char **) &ptr);
|
|
|
|
infof(data, " expire date: %.*s\n", len, ptr);
|
|
|
|
(void)BIO_reset(mem);
|
|
|
|
}
|
|
|
|
#endif
|
2001-09-11 06:00:49 -04:00
|
|
|
|
2015-09-12 09:30:44 -04:00
|
|
|
BIO_free(mem);
|
2001-09-11 06:00:49 -04:00
|
|
|
|
2016-11-16 12:49:15 -05:00
|
|
|
if(SSL_CONN_CONFIG(verifyhost)) {
|
2020-03-18 11:58:38 -04:00
|
|
|
result = verifyhost(conn, backend->server_cert);
|
2014-11-01 12:30:16 -04:00
|
|
|
if(result) {
|
2020-03-18 11:58:38 -04:00
|
|
|
X509_free(backend->server_cert);
|
|
|
|
backend->server_cert = NULL;
|
2014-11-01 12:30:16 -04:00
|
|
|
return result;
|
2003-10-23 03:44:55 -04:00
|
|
|
}
|
2001-08-08 03:16:47 -04:00
|
|
|
}
|
|
|
|
|
2020-03-18 11:58:38 -04:00
|
|
|
rc = x509_name_oneline(X509_get_issuer_name(backend->server_cert),
|
2017-04-25 09:28:50 -04:00
|
|
|
buffer, sizeof(buffer));
|
2008-09-05 10:29:21 -04:00
|
|
|
if(rc) {
|
2007-12-03 06:39:27 -05:00
|
|
|
if(strict)
|
|
|
|
failf(data, "SSL: couldn't get X509-issuer name!");
|
2018-08-16 15:41:31 -04:00
|
|
|
result = CURLE_PEER_FAILED_VERIFICATION;
|
2001-02-20 12:35:51 -05:00
|
|
|
}
|
2003-10-23 03:44:55 -04:00
|
|
|
else {
|
2016-03-16 06:02:33 -04:00
|
|
|
infof(data, " issuer: %s\n", buffer);
|
1999-12-29 09:20:26 -05:00
|
|
|
|
2003-10-23 03:44:55 -04:00
|
|
|
/* We could do all sorts of certificate verification stuff here before
|
|
|
|
deallocating the certificate. */
|
2004-05-18 03:25:13 -04:00
|
|
|
|
2008-06-06 16:52:32 -04:00
|
|
|
/* e.g. match issuer name with provided issuer certificate */
|
2020-05-15 04:47:46 -04:00
|
|
|
if(SSL_SET_OPTION(issuercert) || SSL_SET_OPTION(issuercert_blob)) {
|
|
|
|
if(SSL_SET_OPTION(issuercert_blob))
|
|
|
|
fp = BIO_new_mem_buf(SSL_SET_OPTION(issuercert_blob)->data,
|
|
|
|
(int)SSL_SET_OPTION(issuercert_blob)->len);
|
|
|
|
else {
|
|
|
|
fp = BIO_new(BIO_s_file());
|
|
|
|
if(fp == NULL) {
|
|
|
|
failf(data,
|
|
|
|
"BIO_new return NULL, " OSSL_PACKAGE
|
|
|
|
" error %s",
|
|
|
|
ossl_strerror(ERR_get_error(), error_buffer,
|
|
|
|
sizeof(error_buffer)) );
|
|
|
|
X509_free(backend->server_cert);
|
|
|
|
backend->server_cert = NULL;
|
|
|
|
return CURLE_OUT_OF_MEMORY;
|
|
|
|
}
|
2018-12-03 11:34:57 -05:00
|
|
|
|
2020-05-15 04:47:46 -04:00
|
|
|
if(BIO_read_filename(fp, SSL_SET_OPTION(issuercert)) <= 0) {
|
|
|
|
if(strict)
|
|
|
|
failf(data, "SSL: Unable to open issuer cert (%s)",
|
|
|
|
SSL_SET_OPTION(issuercert));
|
|
|
|
BIO_free(fp);
|
|
|
|
X509_free(backend->server_cert);
|
|
|
|
backend->server_cert = NULL;
|
|
|
|
return CURLE_SSL_ISSUER_ERROR;
|
|
|
|
}
|
2008-06-06 16:52:32 -04:00
|
|
|
}
|
2014-11-01 12:30:16 -04:00
|
|
|
|
2018-04-17 04:50:09 -04:00
|
|
|
issuer = PEM_read_bio_X509(fp, NULL, ZERO_NULL, NULL);
|
2011-04-20 09:17:42 -04:00
|
|
|
if(!issuer) {
|
|
|
|
if(strict)
|
2012-06-14 07:32:05 -04:00
|
|
|
failf(data, "SSL: Unable to read issuer cert (%s)",
|
2016-11-16 12:49:15 -05:00
|
|
|
SSL_SET_OPTION(issuercert));
|
2018-04-17 04:50:09 -04:00
|
|
|
BIO_free(fp);
|
2008-07-30 17:24:59 -04:00
|
|
|
X509_free(issuer);
|
2020-03-18 11:58:38 -04:00
|
|
|
X509_free(backend->server_cert);
|
|
|
|
backend->server_cert = NULL;
|
2008-07-30 17:24:59 -04:00
|
|
|
return CURLE_SSL_ISSUER_ERROR;
|
2008-06-06 16:52:32 -04:00
|
|
|
}
|
2014-11-01 12:30:16 -04:00
|
|
|
|
2020-03-18 11:58:38 -04:00
|
|
|
if(X509_check_issued(issuer, backend->server_cert) != X509_V_OK) {
|
2011-04-20 09:17:42 -04:00
|
|
|
if(strict)
|
2012-06-14 07:32:05 -04:00
|
|
|
failf(data, "SSL: Certificate issuer check failed (%s)",
|
2016-11-16 12:49:15 -05:00
|
|
|
SSL_SET_OPTION(issuercert));
|
2018-04-17 04:50:09 -04:00
|
|
|
BIO_free(fp);
|
2008-07-30 17:24:59 -04:00
|
|
|
X509_free(issuer);
|
2020-03-18 11:58:38 -04:00
|
|
|
X509_free(backend->server_cert);
|
|
|
|
backend->server_cert = NULL;
|
2008-06-06 16:52:32 -04:00
|
|
|
return CURLE_SSL_ISSUER_ERROR;
|
|
|
|
}
|
2014-11-01 12:30:16 -04:00
|
|
|
|
2016-03-16 06:02:33 -04:00
|
|
|
infof(data, " SSL certificate issuer check ok (%s)\n",
|
2016-11-16 12:49:15 -05:00
|
|
|
SSL_SET_OPTION(issuercert));
|
2018-12-03 11:34:57 -05:00
|
|
|
BIO_free(fp);
|
2008-06-06 16:52:32 -04:00
|
|
|
X509_free(issuer);
|
|
|
|
}
|
|
|
|
|
2020-03-18 11:58:38 -04:00
|
|
|
lerr = *certverifyresult = SSL_get_verify_result(backend->handle);
|
2014-11-01 12:30:16 -04:00
|
|
|
|
2016-11-16 12:49:15 -05:00
|
|
|
if(*certverifyresult != X509_V_OK) {
|
|
|
|
if(SSL_CONN_CONFIG(verifypeer)) {
|
2003-10-23 03:44:55 -04:00
|
|
|
/* We probably never reach this, because SSL_connect() will fail
|
2008-07-30 17:24:59 -04:00
|
|
|
and we return earlier if verifypeer is set? */
|
2007-12-03 06:39:27 -05:00
|
|
|
if(strict)
|
|
|
|
failf(data, "SSL certificate verify result: %s (%ld)",
|
|
|
|
X509_verify_cert_error_string(lerr), lerr);
|
2014-11-01 12:30:16 -04:00
|
|
|
result = CURLE_PEER_FAILED_VERIFICATION;
|
2003-10-23 03:44:55 -04:00
|
|
|
}
|
|
|
|
else
|
2016-03-16 06:02:33 -04:00
|
|
|
infof(data, " SSL certificate verify result: %s (%ld),"
|
2004-07-04 17:42:32 -04:00
|
|
|
" continuing anyway.\n",
|
2006-03-13 18:34:25 -05:00
|
|
|
X509_verify_cert_error_string(lerr), lerr);
|
2001-08-08 03:16:47 -04:00
|
|
|
}
|
2003-10-23 03:44:55 -04:00
|
|
|
else
|
2016-03-16 06:02:33 -04:00
|
|
|
infof(data, " SSL certificate verify ok.\n");
|
2001-02-20 12:35:51 -05:00
|
|
|
}
|
1999-12-29 09:20:26 -05:00
|
|
|
|
2015-02-09 15:58:33 -05:00
|
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
|
2016-02-08 23:19:31 -05:00
|
|
|
!defined(OPENSSL_NO_OCSP)
|
2016-11-16 12:49:15 -05:00
|
|
|
if(SSL_CONN_CONFIG(verifystatus)) {
|
2014-06-16 09:05:17 -04:00
|
|
|
result = verifystatus(conn, connssl);
|
|
|
|
if(result) {
|
2020-03-18 11:58:38 -04:00
|
|
|
X509_free(backend->server_cert);
|
|
|
|
backend->server_cert = NULL;
|
2014-06-16 09:05:17 -04:00
|
|
|
return result;
|
|
|
|
}
|
|
|
|
}
|
2015-01-22 17:34:43 -05:00
|
|
|
#endif
|
2014-06-16 09:05:17 -04:00
|
|
|
|
2015-01-19 17:18:58 -05:00
|
|
|
if(!strict)
|
|
|
|
/* when not strict, we don't bother about the verify cert problems */
|
|
|
|
result = CURLE_OK;
|
|
|
|
|
2016-11-25 04:47:25 -05:00
|
|
|
ptr = SSL_IS_PROXY() ? data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
|
|
|
|
data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
|
2014-11-01 12:30:16 -04:00
|
|
|
if(!result && ptr) {
|
2020-03-18 11:58:38 -04:00
|
|
|
result = pkp_pin_peer_pubkey(data, backend->server_cert, ptr);
|
2014-11-01 12:30:16 -04:00
|
|
|
if(result)
|
2014-10-13 12:34:51 -04:00
|
|
|
failf(data, "SSL: public key does not match pinned public key!");
|
2014-09-30 22:31:17 -04:00
|
|
|
}
|
|
|
|
|
2020-03-18 11:58:38 -04:00
|
|
|
X509_free(backend->server_cert);
|
|
|
|
backend->server_cert = NULL;
|
2006-03-21 16:54:44 -05:00
|
|
|
connssl->connecting_state = ssl_connect_done;
|
2007-12-03 06:39:27 -05:00
|
|
|
|
2014-11-01 12:30:16 -04:00
|
|
|
return result;
|
2007-12-03 06:39:27 -05:00
|
|
|
}
|
|
|
|
|
2014-11-01 12:16:56 -04:00
|
|
|
static CURLcode ossl_connect_step3(struct connectdata *conn, int sockindex)
|
2007-12-03 06:39:27 -05:00
|
|
|
{
|
2014-11-01 12:16:56 -04:00
|
|
|
CURLcode result = CURLE_OK;
|
2007-12-03 06:39:27 -05:00
|
|
|
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
|
|
|
|
|
|
|
DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We check certificates to authenticate the server; otherwise we risk
|
|
|
|
* man-in-the-middle attack; NEVERTHELESS, if we're told explicitly not to
|
|
|
|
* verify the peer ignore faults and failures from the server cert
|
|
|
|
* operations.
|
|
|
|
*/
|
|
|
|
|
2016-11-16 12:49:15 -05:00
|
|
|
result = servercert(conn, connssl, (SSL_CONN_CONFIG(verifypeer) ||
|
|
|
|
SSL_CONN_CONFIG(verifyhost)));
|
2007-12-03 06:39:27 -05:00
|
|
|
|
2014-11-01 12:16:56 -04:00
|
|
|
if(!result)
|
2007-12-03 06:39:27 -05:00
|
|
|
connssl->connecting_state = ssl_connect_done;
|
2014-11-01 12:16:56 -04:00
|
|
|
|
|
|
|
return result;
|
1999-12-29 09:20:26 -05:00
|
|
|
}
|
2005-04-07 11:27:13 -04:00
|
|
|
|
2010-05-07 09:05:34 -04:00
|
|
|
static Curl_recv ossl_recv;
|
|
|
|
static Curl_send ossl_send;
|
|
|
|
|
2014-11-01 12:44:32 -04:00
|
|
|
static CURLcode ossl_connect_common(struct connectdata *conn,
|
|
|
|
int sockindex,
|
|
|
|
bool nonblocking,
|
|
|
|
bool *done)
|
2006-03-21 16:54:44 -05:00
|
|
|
{
|
2014-11-01 12:44:32 -04:00
|
|
|
CURLcode result;
|
2016-06-21 09:47:12 -04:00
|
|
|
struct Curl_easy *data = conn->data;
|
2006-03-21 16:54:44 -05:00
|
|
|
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
|
|
|
curl_socket_t sockfd = conn->sock[sockindex];
|
2009-09-25 09:05:36 -04:00
|
|
|
int what;
|
2006-03-21 16:54:44 -05:00
|
|
|
|
2010-11-18 17:07:57 -05:00
|
|
|
/* check if the connection has already been established */
|
|
|
|
if(ssl_connection_complete == connssl->state) {
|
|
|
|
*done = TRUE;
|
|
|
|
return CURLE_OK;
|
|
|
|
}
|
|
|
|
|
2014-11-01 12:44:32 -04:00
|
|
|
if(ssl_connect_1 == connssl->connecting_state) {
|
2008-04-14 11:26:34 -04:00
|
|
|
/* Find out how much more time we're allowed */
|
2020-05-28 18:08:03 -04:00
|
|
|
const timediff_t timeout_ms = Curl_timeleft(data, NULL, TRUE);
|
2008-04-14 11:26:34 -04:00
|
|
|
|
|
|
|
if(timeout_ms < 0) {
|
|
|
|
/* no need to continue if time already is up */
|
|
|
|
failf(data, "SSL connection timeout");
|
|
|
|
return CURLE_OPERATION_TIMEDOUT;
|
|
|
|
}
|
2014-11-01 12:44:32 -04:00
|
|
|
|
|
|
|
result = ossl_connect_step1(conn, sockindex);
|
|
|
|
if(result)
|
|
|
|
return result;
|
2006-03-21 16:54:44 -05:00
|
|
|
}
|
|
|
|
|
2007-11-05 04:45:09 -05:00
|
|
|
while(ssl_connect_2 == connssl->connecting_state ||
|
|
|
|
ssl_connect_2_reading == connssl->connecting_state ||
|
|
|
|
ssl_connect_2_writing == connssl->connecting_state) {
|
2006-03-21 16:54:44 -05:00
|
|
|
|
2008-04-14 11:26:34 -04:00
|
|
|
/* check allowed time left */
|
2020-05-28 18:08:03 -04:00
|
|
|
const timediff_t timeout_ms = Curl_timeleft(data, NULL, TRUE);
|
2008-04-14 11:26:34 -04:00
|
|
|
|
|
|
|
if(timeout_ms < 0) {
|
|
|
|
/* no need to continue if time already is up */
|
|
|
|
failf(data, "SSL connection timeout");
|
|
|
|
return CURLE_OPERATION_TIMEDOUT;
|
|
|
|
}
|
|
|
|
|
2006-03-21 16:54:44 -05:00
|
|
|
/* if ssl is expecting something, check if it's available. */
|
2014-11-01 12:44:32 -04:00
|
|
|
if(connssl->connecting_state == ssl_connect_2_reading ||
|
|
|
|
connssl->connecting_state == ssl_connect_2_writing) {
|
2006-03-21 16:54:44 -05:00
|
|
|
|
2017-09-09 17:09:06 -04:00
|
|
|
curl_socket_t writefd = ssl_connect_2_writing ==
|
2006-03-21 16:54:44 -05:00
|
|
|
connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
|
2017-09-09 17:09:06 -04:00
|
|
|
curl_socket_t readfd = ssl_connect_2_reading ==
|
2006-03-21 16:54:44 -05:00
|
|
|
connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
|
|
|
|
|
2016-10-18 04:58:58 -04:00
|
|
|
what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd,
|
2020-05-28 18:08:03 -04:00
|
|
|
nonblocking?0:timeout_ms);
|
2009-09-25 09:05:36 -04:00
|
|
|
if(what < 0) {
|
|
|
|
/* fatal error */
|
|
|
|
failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
|
|
|
|
return CURLE_SSL_CONNECT_ERROR;
|
|
|
|
}
|
2017-03-10 08:28:37 -05:00
|
|
|
if(0 == what) {
|
2009-09-25 09:05:36 -04:00
|
|
|
if(nonblocking) {
|
|
|
|
*done = FALSE;
|
|
|
|
return CURLE_OK;
|
2006-03-21 16:54:44 -05:00
|
|
|
}
|
2017-03-10 08:28:37 -05:00
|
|
|
/* timeout */
|
|
|
|
failf(data, "SSL connection timeout");
|
|
|
|
return CURLE_OPERATION_TIMEDOUT;
|
2009-09-25 09:05:36 -04:00
|
|
|
}
|
|
|
|
/* socket is readable or writable */
|
2006-03-21 16:54:44 -05:00
|
|
|
}
|
|
|
|
|
2010-08-01 17:50:46 -04:00
|
|
|
/* Run transaction, and return to the caller if it failed or if this
|
|
|
|
* connection is done nonblocking and this loop would execute again. This
|
|
|
|
* permits the owner of a multi handle to abort a connection attempt
|
|
|
|
* before step2 has completed while ensuring that a client using select()
|
|
|
|
* or epoll() will always have a valid fdset to wait on.
|
2010-05-14 16:34:10 -04:00
|
|
|
*/
|
2014-11-01 12:44:32 -04:00
|
|
|
result = ossl_connect_step2(conn, sockindex);
|
|
|
|
if(result || (nonblocking &&
|
|
|
|
(ssl_connect_2 == connssl->connecting_state ||
|
|
|
|
ssl_connect_2_reading == connssl->connecting_state ||
|
|
|
|
ssl_connect_2_writing == connssl->connecting_state)))
|
|
|
|
return result;
|
2006-03-21 16:54:44 -05:00
|
|
|
|
|
|
|
} /* repeat step2 until all transactions are done. */
|
|
|
|
|
2014-11-01 12:44:32 -04:00
|
|
|
if(ssl_connect_3 == connssl->connecting_state) {
|
|
|
|
result = ossl_connect_step3(conn, sockindex);
|
|
|
|
if(result)
|
|
|
|
return result;
|
2006-03-21 16:54:44 -05:00
|
|
|
}
|
|
|
|
|
2014-11-01 12:44:32 -04:00
|
|
|
if(ssl_connect_done == connssl->connecting_state) {
|
2008-02-20 04:56:26 -05:00
|
|
|
connssl->state = ssl_connection_complete;
|
2010-05-11 16:48:38 -04:00
|
|
|
conn->recv[sockindex] = ossl_recv;
|
|
|
|
conn->send[sockindex] = ossl_send;
|
2006-03-21 16:54:44 -05:00
|
|
|
*done = TRUE;
|
|
|
|
}
|
2008-02-20 04:56:26 -05:00
|
|
|
else
|
2006-03-21 16:54:44 -05:00
|
|
|
*done = FALSE;
|
|
|
|
|
2006-05-09 08:43:49 -04:00
|
|
|
/* Reset our connect state machine */
|
|
|
|
connssl->connecting_state = ssl_connect_1;
|
|
|
|
|
2006-03-21 16:54:44 -05:00
|
|
|
return CURLE_OK;
|
|
|
|
}
|
|
|
|
|
2017-06-23 07:19:00 -04:00
|
|
|
static CURLcode Curl_ossl_connect_nonblocking(struct connectdata *conn,
|
|
|
|
int sockindex,
|
|
|
|
bool *done)
|
2006-03-21 16:54:44 -05:00
|
|
|
{
|
2007-12-08 17:50:55 -05:00
|
|
|
return ossl_connect_common(conn, sockindex, TRUE, done);
|
2006-03-21 16:54:44 -05:00
|
|
|
}
|
|
|
|
|
2017-06-23 07:19:00 -04:00
|
|
|
static CURLcode Curl_ossl_connect(struct connectdata *conn, int sockindex)
|
2006-03-21 16:54:44 -05:00
|
|
|
{
|
2014-11-01 12:16:56 -04:00
|
|
|
CURLcode result;
|
2006-03-21 16:54:44 -05:00
|
|
|
bool done = FALSE;
|
|
|
|
|
2014-11-01 12:16:56 -04:00
|
|
|
result = ossl_connect_common(conn, sockindex, FALSE, &done);
|
|
|
|
if(result)
|
|
|
|
return result;
|
2006-03-21 16:54:44 -05:00
|
|
|
|
2007-02-21 14:03:20 -05:00
|
|
|
DEBUGASSERT(done);
|
2006-03-21 16:54:44 -05:00
|
|
|
|
|
|
|
return CURLE_OK;
|
|
|
|
}
|
|
|
|
|
2017-06-23 07:19:00 -04:00
|
|
|
static bool Curl_ossl_data_pending(const struct connectdata *conn,
|
|
|
|
int connindex)
|
2008-06-11 13:01:58 -04:00
|
|
|
{
|
2017-06-21 06:41:18 -04:00
|
|
|
const struct ssl_connect_data *connssl = &conn->ssl[connindex];
|
2017-09-24 01:42:37 -04:00
|
|
|
if(connssl->backend->handle && SSL_pending(connssl->backend->handle))
|
|
|
|
return TRUE;
|
2020-05-27 05:51:34 -04:00
|
|
|
#ifndef CURL_DISABLE_PROXY
|
|
|
|
{
|
|
|
|
const struct ssl_connect_data *proxyssl = &conn->proxy_ssl[connindex];
|
|
|
|
if(proxyssl->backend->handle && SSL_pending(proxyssl->backend->handle))
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
#endif
|
2017-03-10 08:28:37 -05:00
|
|
|
return FALSE;
|
2008-06-11 13:01:58 -04:00
|
|
|
}
|
|
|
|
|
2017-06-23 07:19:00 -04:00
|
|
|
static size_t Curl_ossl_version(char *buffer, size_t size);
|
|
|
|
|
2010-05-07 09:05:34 -04:00
|
|
|
static ssize_t ossl_send(struct connectdata *conn,
|
|
|
|
int sockindex,
|
|
|
|
const void *mem,
|
|
|
|
size_t len,
|
|
|
|
CURLcode *curlcode)
|
2005-04-07 11:27:13 -04:00
|
|
|
{
|
|
|
|
/* SSL_write() is said to return 'int' while write() and send() returns
|
|
|
|
'size_t' */
|
|
|
|
int err;
|
2017-04-17 10:01:40 -04:00
|
|
|
char error_buffer[256];
|
2005-04-07 11:27:13 -04:00
|
|
|
unsigned long sslerror;
|
2009-04-14 08:53:53 -04:00
|
|
|
int memlen;
|
|
|
|
int rc;
|
2017-06-21 06:41:18 -04:00
|
|
|
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
2020-03-18 11:58:38 -04:00
|
|
|
struct ssl_backend_data *backend = connssl->backend;
|
2009-04-14 08:53:53 -04:00
|
|
|
|
2010-06-05 17:41:58 -04:00
|
|
|
ERR_clear_error();
|
|
|
|
|
2009-04-14 08:53:53 -04:00
|
|
|
memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len;
|
2020-03-18 11:58:38 -04:00
|
|
|
rc = SSL_write(backend->handle, mem, memlen);
|
2005-04-07 11:27:13 -04:00
|
|
|
|
2013-05-22 17:08:27 -04:00
|
|
|
if(rc <= 0) {
|
2020-03-18 11:58:38 -04:00
|
|
|
err = SSL_get_error(backend->handle, rc);
|
2005-04-07 11:27:13 -04:00
|
|
|
|
|
|
|
switch(err) {
|
|
|
|
case SSL_ERROR_WANT_READ:
|
|
|
|
case SSL_ERROR_WANT_WRITE:
|
|
|
|
/* The operation did not complete; the same TLS/SSL I/O function
|
2011-04-19 09:54:13 -04:00
|
|
|
should be called again later. This is basically an EWOULDBLOCK
|
2005-04-07 11:27:13 -04:00
|
|
|
equivalent. */
|
2010-05-07 09:05:34 -04:00
|
|
|
*curlcode = CURLE_AGAIN;
|
2010-04-04 17:37:18 -04:00
|
|
|
return -1;
|
2005-04-07 11:27:13 -04:00
|
|
|
case SSL_ERROR_SYSCALL:
|
2019-11-20 18:44:18 -05:00
|
|
|
{
|
|
|
|
int sockerr = SOCKERRNO;
|
|
|
|
sslerror = ERR_get_error();
|
|
|
|
if(sslerror)
|
|
|
|
ossl_strerror(sslerror, error_buffer, sizeof(error_buffer));
|
|
|
|
else if(sockerr)
|
|
|
|
Curl_strerror(sockerr, error_buffer, sizeof(error_buffer));
|
|
|
|
else {
|
|
|
|
strncpy(error_buffer, SSL_ERROR_to_str(err), sizeof(error_buffer));
|
|
|
|
error_buffer[sizeof(error_buffer) - 1] = '\0';
|
|
|
|
}
|
|
|
|
failf(conn->data, OSSL_PACKAGE " SSL_write: %s, errno %d",
|
|
|
|
error_buffer, sockerr);
|
|
|
|
*curlcode = CURLE_SEND_ERROR;
|
|
|
|
return -1;
|
|
|
|
}
|
2005-04-07 11:27:13 -04:00
|
|
|
case SSL_ERROR_SSL:
|
|
|
|
/* A failure in the SSL library occurred, usually a protocol error.
|
|
|
|
The OpenSSL error queue contains more information on the error. */
|
|
|
|
sslerror = ERR_get_error();
|
2016-12-07 15:18:21 -05:00
|
|
|
if(ERR_GET_LIB(sslerror) == ERR_LIB_SSL &&
|
|
|
|
ERR_GET_REASON(sslerror) == SSL_R_BIO_NOT_SET &&
|
2020-05-27 05:51:34 -04:00
|
|
|
conn->ssl[sockindex].state == ssl_connection_complete
|
|
|
|
#ifndef CURL_DISABLE_PROXY
|
|
|
|
&& conn->proxy_ssl[sockindex].state == ssl_connection_complete
|
|
|
|
#endif
|
|
|
|
) {
|
2016-11-16 12:49:15 -05:00
|
|
|
char ver[120];
|
|
|
|
Curl_ossl_version(ver, 120);
|
|
|
|
failf(conn->data, "Error: %s does not support double SSL tunneling.",
|
|
|
|
ver);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
failf(conn->data, "SSL_write() error: %s",
|
|
|
|
ossl_strerror(sslerror, error_buffer, sizeof(error_buffer)));
|
2010-04-04 17:37:18 -04:00
|
|
|
*curlcode = CURLE_SEND_ERROR;
|
2005-04-07 11:27:13 -04:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
/* a true error */
|
2017-03-22 14:39:41 -04:00
|
|
|
failf(conn->data, OSSL_PACKAGE " SSL_write: %s, errno %d",
|
|
|
|
SSL_ERROR_to_str(err), SOCKERRNO);
|
2010-04-04 17:37:18 -04:00
|
|
|
*curlcode = CURLE_SEND_ERROR;
|
2005-04-07 11:27:13 -04:00
|
|
|
return -1;
|
|
|
|
}
|
2014-07-31 18:01:02 -04:00
|
|
|
*curlcode = CURLE_OK;
|
2006-11-11 16:34:43 -05:00
|
|
|
return (ssize_t)rc; /* number of bytes */
|
2005-04-07 11:27:13 -04:00
|
|
|
}
|
|
|
|
|
2010-05-07 09:05:34 -04:00
|
|
|
static ssize_t ossl_recv(struct connectdata *conn, /* connection data */
|
|
|
|
int num, /* socketindex */
|
|
|
|
char *buf, /* store read data here */
|
|
|
|
size_t buffersize, /* max amount to read */
|
|
|
|
CURLcode *curlcode)
|
2005-04-07 11:27:13 -04:00
|
|
|
{
|
2017-04-17 10:01:40 -04:00
|
|
|
char error_buffer[256];
|
2005-04-07 11:27:13 -04:00
|
|
|
unsigned long sslerror;
|
2009-04-14 08:53:53 -04:00
|
|
|
ssize_t nread;
|
|
|
|
int buffsize;
|
2017-06-21 06:41:18 -04:00
|
|
|
struct ssl_connect_data *connssl = &conn->ssl[num];
|
2020-03-18 11:58:38 -04:00
|
|
|
struct ssl_backend_data *backend = connssl->backend;
|
2009-04-14 08:53:53 -04:00
|
|
|
|
2010-06-05 17:41:58 -04:00
|
|
|
ERR_clear_error();
|
|
|
|
|
2009-04-14 08:53:53 -04:00
|
|
|
buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize;
|
2020-03-18 11:58:38 -04:00
|
|
|
nread = (ssize_t)SSL_read(backend->handle, buf, buffsize);
|
2013-05-22 17:42:33 -04:00
|
|
|
if(nread <= 0) {
|
2005-04-07 11:27:13 -04:00
|
|
|
/* failed SSL_read */
|
2020-03-18 11:58:38 -04:00
|
|
|
int err = SSL_get_error(backend->handle, (int)nread);
|
2005-04-07 11:27:13 -04:00
|
|
|
|
|
|
|
switch(err) {
|
|
|
|
case SSL_ERROR_NONE: /* this is not an error */
|
2019-04-11 11:22:52 -04:00
|
|
|
break;
|
2005-04-07 11:27:13 -04:00
|
|
|
case SSL_ERROR_ZERO_RETURN: /* no more data */
|
2019-04-11 11:22:52 -04:00
|
|
|
/* close_notify alert */
|
2019-09-12 11:56:49 -04:00
|
|
|
if(num == FIRSTSOCKET)
|
|
|
|
/* mark the connection for close if it is indeed the control
|
|
|
|
connection */
|
|
|
|
connclose(conn, "TLS close_notify");
|
2005-04-07 11:27:13 -04:00
|
|
|
break;
|
|
|
|
case SSL_ERROR_WANT_READ:
|
|
|
|
case SSL_ERROR_WANT_WRITE:
|
|
|
|
/* there's data pending, re-invoke SSL_read() */
|
2010-05-07 09:05:34 -04:00
|
|
|
*curlcode = CURLE_AGAIN;
|
2010-04-04 17:37:18 -04:00
|
|
|
return -1;
|
2005-04-07 11:27:13 -04:00
|
|
|
default:
|
2013-06-23 04:31:04 -04:00
|
|
|
/* openssl/ssl.h for SSL_ERROR_SYSCALL says "look at error stack/return
|
|
|
|
value/errno" */
|
2014-12-28 22:15:36 -05:00
|
|
|
/* https://www.openssl.org/docs/crypto/ERR_get_error.html */
|
2005-04-07 11:27:13 -04:00
|
|
|
sslerror = ERR_get_error();
|
2013-06-23 04:31:04 -04:00
|
|
|
if((nread < 0) || sslerror) {
|
|
|
|
/* If the return code was negative or there actually is an error in the
|
|
|
|
queue */
|
2019-11-20 18:44:18 -05:00
|
|
|
int sockerr = SOCKERRNO;
|
|
|
|
if(sslerror)
|
|
|
|
ossl_strerror(sslerror, error_buffer, sizeof(error_buffer));
|
|
|
|
else if(sockerr && err == SSL_ERROR_SYSCALL)
|
|
|
|
Curl_strerror(sockerr, error_buffer, sizeof(error_buffer));
|
|
|
|
else {
|
|
|
|
strncpy(error_buffer, SSL_ERROR_to_str(err), sizeof(error_buffer));
|
|
|
|
error_buffer[sizeof(error_buffer) - 1] = '\0';
|
|
|
|
}
|
2017-03-22 14:39:41 -04:00
|
|
|
failf(conn->data, OSSL_PACKAGE " SSL_read: %s, errno %d",
|
2019-11-20 18:44:18 -05:00
|
|
|
error_buffer, sockerr);
|
|
|
|
*curlcode = CURLE_RECV_ERROR;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
/* For debug builds be a little stricter and error on any
|
|
|
|
SSL_ERROR_SYSCALL. For example a server may have closed the connection
|
|
|
|
abruptly without a close_notify alert. For compatibility with older
|
|
|
|
peers we don't do this by default. #4624
|
|
|
|
|
|
|
|
We can use this to gauge how many users may be affected, and
|
|
|
|
if it goes ok eventually transition to allow in dev and release with
|
|
|
|
the newest OpenSSL: #if (OPENSSL_VERSION_NUMBER >= 0x10101000L) */
|
|
|
|
#ifdef DEBUGBUILD
|
|
|
|
if(err == SSL_ERROR_SYSCALL) {
|
|
|
|
int sockerr = SOCKERRNO;
|
|
|
|
if(sockerr)
|
|
|
|
Curl_strerror(sockerr, error_buffer, sizeof(error_buffer));
|
|
|
|
else {
|
|
|
|
msnprintf(error_buffer, sizeof(error_buffer),
|
|
|
|
"Connection closed abruptly");
|
|
|
|
}
|
|
|
|
failf(conn->data, OSSL_PACKAGE " SSL_read: %s, errno %d"
|
|
|
|
" (Fatal because this is a curl debug build)",
|
|
|
|
error_buffer, sockerr);
|
2013-06-23 04:31:04 -04:00
|
|
|
*curlcode = CURLE_RECV_ERROR;
|
|
|
|
return -1;
|
|
|
|
}
|
2019-11-20 18:44:18 -05:00
|
|
|
#endif
|
2005-04-07 11:27:13 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
return nread;
|
|
|
|
}
|
|
|
|
|
2017-06-23 07:19:00 -04:00
|
|
|
static size_t Curl_ossl_version(char *buffer, size_t size)
|
2005-04-07 11:27:13 -04:00
|
|
|
{
|
2018-03-24 00:57:42 -04:00
|
|
|
#ifdef LIBRESSL_VERSION_NUMBER
|
|
|
|
#if LIBRESSL_VERSION_NUMBER < 0x2070100fL
|
|
|
|
return msnprintf(buffer, size, "%s/%lx.%lx.%lx",
|
|
|
|
OSSL_PACKAGE,
|
|
|
|
(LIBRESSL_VERSION_NUMBER>>28)&0xf,
|
|
|
|
(LIBRESSL_VERSION_NUMBER>>20)&0xff,
|
|
|
|
(LIBRESSL_VERSION_NUMBER>>12)&0xff);
|
|
|
|
#else /* OpenSSL_version() first appeared in LibreSSL 2.7.1 */
|
|
|
|
char *p;
|
|
|
|
int count;
|
|
|
|
const char *ver = OpenSSL_version(OPENSSL_VERSION);
|
|
|
|
const char expected[] = OSSL_PACKAGE " "; /* ie "LibreSSL " */
|
|
|
|
if(Curl_strncasecompare(ver, expected, sizeof(expected) - 1)) {
|
|
|
|
ver += sizeof(expected) - 1;
|
|
|
|
}
|
|
|
|
count = msnprintf(buffer, size, "%s/%s", OSSL_PACKAGE, ver);
|
|
|
|
for(p = buffer; *p; ++p) {
|
|
|
|
if(ISSPACE(*p))
|
|
|
|
*p = '_';
|
|
|
|
}
|
|
|
|
return count;
|
|
|
|
#endif
|
|
|
|
#elif defined(OPENSSL_IS_BORINGSSL)
|
2018-11-22 03:01:24 -05:00
|
|
|
return msnprintf(buffer, size, OSSL_PACKAGE);
|
2019-01-11 11:04:44 -05:00
|
|
|
#elif defined(HAVE_OPENSSL_VERSION) && defined(OPENSSL_VERSION_STRING)
|
|
|
|
return msnprintf(buffer, size, "%s/%s",
|
|
|
|
OSSL_PACKAGE, OpenSSL_version(OPENSSL_VERSION_STRING));
|
|
|
|
#else
|
2018-03-24 00:57:42 -04:00
|
|
|
/* not LibreSSL, BoringSSL and not using OpenSSL_version */
|
2019-01-11 11:04:44 -05:00
|
|
|
|
2015-11-13 09:49:49 -05:00
|
|
|
char sub[3];
|
|
|
|
unsigned long ssleay_value;
|
|
|
|
sub[2]='\0';
|
|
|
|
sub[1]='\0';
|
2017-09-09 17:09:06 -04:00
|
|
|
ssleay_value = OpenSSL_version_num();
|
2015-11-13 09:49:49 -05:00
|
|
|
if(ssleay_value < 0x906000) {
|
2017-09-09 17:09:06 -04:00
|
|
|
ssleay_value = SSLEAY_VERSION_NUMBER;
|
2015-11-13 09:49:49 -05:00
|
|
|
sub[0]='\0';
|
2005-04-07 11:27:13 -04:00
|
|
|
}
|
2015-11-13 09:49:49 -05:00
|
|
|
else {
|
|
|
|
if(ssleay_value&0xff0) {
|
|
|
|
int minor_ver = (ssleay_value >> 4) & 0xff;
|
|
|
|
if(minor_ver > 26) {
|
|
|
|
/* handle extended version introduced for 0.9.8za */
|
|
|
|
sub[1] = (char) ((minor_ver - 1) % 26 + 'a' + 1);
|
|
|
|
sub[0] = 'z';
|
|
|
|
}
|
|
|
|
else {
|
2016-12-18 07:09:51 -05:00
|
|
|
sub[0] = (char) (minor_ver + 'a' - 1);
|
2015-11-13 09:49:49 -05:00
|
|
|
}
|
2005-04-07 11:27:13 -04:00
|
|
|
}
|
|
|
|
else
|
|
|
|
sub[0]='\0';
|
|
|
|
}
|
2006-06-29 03:35:02 -04:00
|
|
|
|
2019-04-12 14:53:12 -04:00
|
|
|
return msnprintf(buffer, size, "%s/%lx.%lx.%lx%s"
|
|
|
|
#ifdef OPENSSL_FIPS
|
|
|
|
"-fips"
|
|
|
|
#endif
|
|
|
|
,
|
2018-11-22 03:01:24 -05:00
|
|
|
OSSL_PACKAGE,
|
|
|
|
(ssleay_value>>28)&0xf,
|
|
|
|
(ssleay_value>>20)&0xff,
|
|
|
|
(ssleay_value>>12)&0xff,
|
|
|
|
sub);
|
2015-01-22 06:42:50 -05:00
|
|
|
#endif /* OPENSSL_IS_BORINGSSL */
|
2005-04-07 11:27:13 -04:00
|
|
|
}
|
2012-06-26 08:52:46 -04:00
|
|
|
|
2014-06-03 14:04:46 -04:00
|
|
|
/* can be called with data == NULL */
|
2017-06-23 07:19:00 -04:00
|
|
|
static CURLcode Curl_ossl_random(struct Curl_easy *data,
|
|
|
|
unsigned char *entropy, size_t length)
|
2012-06-26 08:52:46 -04:00
|
|
|
{
|
2016-12-23 09:29:01 -05:00
|
|
|
int rc;
|
2015-01-22 06:42:50 -05:00
|
|
|
if(data) {
|
2016-11-11 08:16:17 -05:00
|
|
|
if(Curl_ossl_seed(data)) /* Initiate the seed if not already done */
|
2017-01-12 11:41:26 -05:00
|
|
|
return CURLE_FAILED_INIT; /* couldn't seed for some reason */
|
2016-11-11 08:16:17 -05:00
|
|
|
}
|
|
|
|
else {
|
|
|
|
if(!rand_enough())
|
2017-01-12 11:41:26 -05:00
|
|
|
return CURLE_FAILED_INIT;
|
2015-01-22 06:42:50 -05:00
|
|
|
}
|
2016-12-23 09:29:01 -05:00
|
|
|
/* RAND_bytes() returns 1 on success, 0 otherwise. */
|
|
|
|
rc = RAND_bytes(entropy, curlx_uztosi(length));
|
2017-01-17 02:53:29 -05:00
|
|
|
return (rc == 1 ? CURLE_OK : CURLE_FAILED_INIT);
|
2012-06-26 08:52:46 -04:00
|
|
|
}
|
|
|
|
|
2017-06-22 19:04:56 -04:00
|
|
|
static CURLcode Curl_ossl_md5sum(unsigned char *tmp, /* input */
|
|
|
|
size_t tmplen,
|
|
|
|
unsigned char *md5sum /* output */,
|
|
|
|
size_t unused)
|
2012-06-26 08:52:46 -04:00
|
|
|
{
|
2018-01-22 20:24:59 -05:00
|
|
|
EVP_MD_CTX *mdctx;
|
|
|
|
unsigned int len = 0;
|
|
|
|
(void) unused;
|
|
|
|
|
|
|
|
mdctx = EVP_MD_CTX_create();
|
|
|
|
EVP_DigestInit_ex(mdctx, EVP_md5(), NULL);
|
|
|
|
EVP_DigestUpdate(mdctx, tmp, tmplen);
|
|
|
|
EVP_DigestFinal_ex(mdctx, md5sum, &len);
|
|
|
|
EVP_MD_CTX_destroy(mdctx);
|
2017-06-22 19:04:56 -04:00
|
|
|
return CURLE_OK;
|
2012-06-26 08:52:46 -04:00
|
|
|
}
|
2014-06-16 09:05:17 -04:00
|
|
|
|
2015-09-17 02:48:43 -04:00
|
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
|
2018-04-02 13:33:00 -04:00
|
|
|
static CURLcode Curl_ossl_sha256sum(const unsigned char *tmp, /* input */
|
2017-06-22 19:04:56 -04:00
|
|
|
size_t tmplen,
|
|
|
|
unsigned char *sha256sum /* output */,
|
|
|
|
size_t unused)
|
2015-06-30 20:23:54 -04:00
|
|
|
{
|
2018-01-22 20:24:59 -05:00
|
|
|
EVP_MD_CTX *mdctx;
|
|
|
|
unsigned int len = 0;
|
|
|
|
(void) unused;
|
|
|
|
|
2020-05-26 02:26:20 -04:00
|
|
|
mdctx = EVP_MD_CTX_create();
|
2018-01-22 20:24:59 -05:00
|
|
|
EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL);
|
|
|
|
EVP_DigestUpdate(mdctx, tmp, tmplen);
|
|
|
|
EVP_DigestFinal_ex(mdctx, sha256sum, &len);
|
|
|
|
EVP_MD_CTX_destroy(mdctx);
|
2018-04-02 13:33:00 -04:00
|
|
|
return CURLE_OK;
|
2015-06-30 20:23:54 -04:00
|
|
|
}
|
2015-07-01 21:54:09 -04:00
|
|
|
#endif
|
2015-06-30 20:23:54 -04:00
|
|
|
|
2017-06-23 07:19:00 -04:00
|
|
|
static bool Curl_ossl_cert_status_request(void)
|
2014-06-16 09:05:17 -04:00
|
|
|
{
|
2015-02-09 15:58:33 -05:00
|
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
|
2016-02-08 23:19:31 -05:00
|
|
|
!defined(OPENSSL_NO_OCSP)
|
2014-06-16 09:05:17 -04:00
|
|
|
return TRUE;
|
2015-01-27 06:55:19 -05:00
|
|
|
#else
|
|
|
|
return FALSE;
|
|
|
|
#endif
|
2014-06-16 09:05:17 -04:00
|
|
|
}
|
2017-06-22 10:45:34 -04:00
|
|
|
|
2017-06-23 10:05:26 -04:00
|
|
|
static void *Curl_ossl_get_internals(struct ssl_connect_data *connssl,
|
|
|
|
CURLINFO info)
|
|
|
|
{
|
|
|
|
/* Legacy: CURLINFO_TLS_SESSION must return an SSL_CTX pointer. */
|
2020-03-18 11:58:38 -04:00
|
|
|
struct ssl_backend_data *backend = connssl->backend;
|
2017-06-23 10:05:26 -04:00
|
|
|
return info == CURLINFO_TLS_SESSION ?
|
2020-03-18 11:58:38 -04:00
|
|
|
(void *)backend->ctx : (void *)backend->handle;
|
2017-06-23 10:05:26 -04:00
|
|
|
}
|
|
|
|
|
2017-06-22 10:45:34 -04:00
|
|
|
const struct Curl_ssl Curl_ssl_openssl = {
|
2017-07-15 07:49:30 -04:00
|
|
|
{ CURLSSLBACKEND_OPENSSL, "openssl" }, /* info */
|
2017-06-22 10:45:34 -04:00
|
|
|
|
2018-05-04 06:10:39 -04:00
|
|
|
SSLSUPP_CA_PATH |
|
|
|
|
SSLSUPP_CERTINFO |
|
|
|
|
SSLSUPP_PINNEDPUBKEY |
|
|
|
|
SSLSUPP_SSL_CTX |
|
2018-08-31 19:46:29 -04:00
|
|
|
#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
|
|
|
|
SSLSUPP_TLS13_CIPHERSUITES |
|
|
|
|
#endif
|
2018-05-04 06:10:39 -04:00
|
|
|
SSLSUPP_HTTPS_PROXY,
|
2017-06-20 05:32:53 -04:00
|
|
|
|
vtls: encapsulate SSL backend-specific data
So far, all of the SSL backends' private data has been declared as
part of the ssl_connect_data struct, in one big #if .. #elif .. #endif
block.
This can only work as long as the SSL backend is a compile-time option,
something we want to change in the next commits.
Therefore, let's encapsulate the exact data needed by each SSL backend
into a private struct, and let's avoid bleeding any SSL backend-specific
information into urldata.h. This is also necessary to allow multiple SSL
backends to be compiled in at the same time, as e.g. OpenSSL's and
CyaSSL's headers cannot be included in the same .c file.
To avoid too many malloc() calls, we simply append the private structs
to the connectdata struct in allocate_conn().
This requires us to take extra care of alignment issues: struct fields
often need to be aligned on certain boundaries e.g. 32-bit values need to
be stored at addresses that divide evenly by 4 (= 32 bit / 8
bit-per-byte).
We do that by assuming that no SSL backend's private data contains any
fields that need to be aligned on boundaries larger than `long long`
(typically 64-bit) would need. Under this assumption, we simply add a
dummy field of type `long long` to the `struct connectdata` struct. This
field will never be accessed but acts as a placeholder for the four
instances of ssl_backend_data instead. the size of each ssl_backend_data
struct is stored in the SSL backend-specific metadata, to allow
allocate_conn() to know how much extra space to allocate, and how to
initialize the ssl[sockindex]->backend and proxy_ssl[sockindex]->backend
pointers.
This would appear to be a little complicated at first, but is really
necessary to encapsulate the private data of each SSL backend correctly.
And we need to encapsulate thusly if we ever want to allow selecting
CyaSSL and OpenSSL at runtime, as their headers cannot be included within
the same .c file (there are just too many conflicting definitions and
declarations for that).
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2017-07-28 16:09:35 -04:00
|
|
|
sizeof(struct ssl_backend_data),
|
|
|
|
|
2017-06-22 10:45:34 -04:00
|
|
|
Curl_ossl_init, /* init */
|
|
|
|
Curl_ossl_cleanup, /* cleanup */
|
|
|
|
Curl_ossl_version, /* version */
|
|
|
|
Curl_ossl_check_cxn, /* check_cxn */
|
|
|
|
Curl_ossl_shutdown, /* shutdown */
|
|
|
|
Curl_ossl_data_pending, /* data_pending */
|
|
|
|
Curl_ossl_random, /* random */
|
|
|
|
Curl_ossl_cert_status_request, /* cert_status_request */
|
|
|
|
Curl_ossl_connect, /* connect */
|
|
|
|
Curl_ossl_connect_nonblocking, /* connect_nonblocking */
|
2017-06-23 10:05:26 -04:00
|
|
|
Curl_ossl_get_internals, /* get_internals */
|
2017-10-19 14:55:17 -04:00
|
|
|
Curl_ossl_close, /* close_one */
|
2017-06-22 10:45:34 -04:00
|
|
|
Curl_ossl_close_all, /* close_all */
|
|
|
|
Curl_ossl_session_free, /* session_free */
|
|
|
|
Curl_ossl_set_engine, /* set_engine */
|
|
|
|
Curl_ossl_set_engine_default, /* set_engine_default */
|
|
|
|
Curl_ossl_engines_list, /* engines_list */
|
2017-06-22 19:04:56 -04:00
|
|
|
Curl_none_false_start, /* false_start */
|
2017-06-22 19:04:56 -04:00
|
|
|
Curl_ossl_md5sum, /* md5sum */
|
|
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
|
|
|
|
Curl_ossl_sha256sum /* sha256sum */
|
|
|
|
#else
|
|
|
|
NULL /* sha256sum */
|
|
|
|
#endif
|
2017-06-22 10:45:34 -04:00
|
|
|
};
|
|
|
|
|
2015-03-05 04:57:52 -05:00
|
|
|
#endif /* USE_OPENSSL */
|