| 1 | /*************************************************************************** |
|---|---|
| 2 | * _ _ ____ _ |
| 3 | * Project ___| | | | _ \| | |
| 4 | * / __| | | | |_) | | |
| 5 | * | (__| |_| | _ <| |___ |
| 6 | * \___|\___/|_| \_\_____| |
| 7 | * |
| 8 | * Copyright (C) Michael Forney, <mforney@mforney.org> |
| 9 | * |
| 10 | * This software is licensed as described in the file COPYING, which |
| 11 | * you should have received as part of this distribution. The terms |
| 12 | * are also available at https://curl.se/docs/copyright.html. |
| 13 | * |
| 14 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
| 15 | * copies of the Software, and permit persons to whom the Software is |
| 16 | * furnished to do so, under the terms of the COPYING file. |
| 17 | * |
| 18 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
| 19 | * KIND, either express or implied. |
| 20 | * |
| 21 | * SPDX-License-Identifier: curl |
| 22 | * |
| 23 | ***************************************************************************/ |
| 24 | #include "curl_setup.h" |
| 25 | |
| 26 | #ifdef USE_BEARSSL |
| 27 | |
| 28 | #include <bearssl.h> |
| 29 | |
| 30 | #include "bearssl.h" |
| 31 | #include "urldata.h" |
| 32 | #include "sendf.h" |
| 33 | #include "inet_pton.h" |
| 34 | #include "vtls.h" |
| 35 | #include "vtls_int.h" |
| 36 | #include "connect.h" |
| 37 | #include "select.h" |
| 38 | #include "multiif.h" |
| 39 | #include "curl_printf.h" |
| 40 | #include "strcase.h" |
| 41 | |
| 42 | /* The last #include files should be: */ |
| 43 | #include "curl_memory.h" |
| 44 | #include "memdebug.h" |
| 45 | |
| 46 | struct x509_context { |
| 47 | const br_x509_class *vtable; |
| 48 | br_x509_minimal_context minimal; |
| 49 | br_x509_decoder_context decoder; |
| 50 | bool verifyhost; |
| 51 | bool verifypeer; |
| 52 | int cert_num; |
| 53 | }; |
| 54 | |
| 55 | struct bearssl_ssl_backend_data { |
| 56 | br_ssl_client_context ctx; |
| 57 | struct x509_context x509; |
| 58 | unsigned char buf[BR_SSL_BUFSIZE_BIDI]; |
| 59 | br_x509_trust_anchor *anchors; |
| 60 | size_t anchors_len; |
| 61 | const char *protocols[ALPN_ENTRIES_MAX]; |
| 62 | /* SSL client context is active */ |
| 63 | bool active; |
| 64 | /* size of pending write, yet to be flushed */ |
| 65 | size_t pending_write; |
| 66 | }; |
| 67 | |
| 68 | struct cafile_parser { |
| 69 | CURLcode err; |
| 70 | bool in_cert; |
| 71 | br_x509_decoder_context xc; |
| 72 | /* array of trust anchors loaded from CAfile */ |
| 73 | br_x509_trust_anchor *anchors; |
| 74 | size_t anchors_len; |
| 75 | /* buffer for DN data */ |
| 76 | unsigned char dn[1024]; |
| 77 | size_t dn_len; |
| 78 | }; |
| 79 | |
| 80 | #define CAFILE_SOURCE_PATH 1 |
| 81 | #define CAFILE_SOURCE_BLOB 2 |
| 82 | struct cafile_source { |
| 83 | int type; |
| 84 | const char *data; |
| 85 | size_t len; |
| 86 | }; |
| 87 | |
| 88 | static void append_dn(void *ctx, const void *buf, size_t len) |
| 89 | { |
| 90 | struct cafile_parser *ca = ctx; |
| 91 | |
| 92 | if(ca->err != CURLE_OK || !ca->in_cert) |
| 93 | return; |
| 94 | if(sizeof(ca->dn) - ca->dn_len < len) { |
| 95 | ca->err = CURLE_FAILED_INIT; |
| 96 | return; |
| 97 | } |
| 98 | memcpy(ca->dn + ca->dn_len, buf, len); |
| 99 | ca->dn_len += len; |
| 100 | } |
| 101 | |
| 102 | static void x509_push(void *ctx, const void *buf, size_t len) |
| 103 | { |
| 104 | struct cafile_parser *ca = ctx; |
| 105 | |
| 106 | if(ca->in_cert) |
| 107 | br_x509_decoder_push(&ca->xc, buf, len); |
| 108 | } |
| 109 | |
| 110 | static CURLcode load_cafile(struct cafile_source *source, |
| 111 | br_x509_trust_anchor **anchors, |
| 112 | size_t *anchors_len) |
| 113 | { |
| 114 | struct cafile_parser ca; |
| 115 | br_pem_decoder_context pc; |
| 116 | br_x509_trust_anchor *ta; |
| 117 | size_t ta_size; |
| 118 | br_x509_trust_anchor *new_anchors; |
| 119 | size_t new_anchors_len; |
| 120 | br_x509_pkey *pkey; |
| 121 | FILE *fp = 0; |
| 122 | unsigned char buf[BUFSIZ]; |
| 123 | const unsigned char *p; |
| 124 | const char *name; |
| 125 | size_t n, i, pushed; |
| 126 | |
| 127 | DEBUGASSERT(source->type == CAFILE_SOURCE_PATH |
| 128 | || source->type == CAFILE_SOURCE_BLOB); |
| 129 | |
| 130 | if(source->type == CAFILE_SOURCE_PATH) { |
| 131 | fp = fopen(source->data, "rb"); |
| 132 | if(!fp) |
| 133 | return CURLE_SSL_CACERT_BADFILE; |
| 134 | } |
| 135 | |
| 136 | if(source->type == CAFILE_SOURCE_BLOB && source->len > (size_t)INT_MAX) |
| 137 | return CURLE_SSL_CACERT_BADFILE; |
| 138 | |
| 139 | ca.err = CURLE_OK; |
| 140 | ca.in_cert = FALSE; |
| 141 | ca.anchors = NULL; |
| 142 | ca.anchors_len = 0; |
| 143 | br_pem_decoder_init(&pc); |
| 144 | br_pem_decoder_setdest(&pc, x509_push, &ca); |
| 145 | do { |
| 146 | if(source->type == CAFILE_SOURCE_PATH) { |
| 147 | n = fread(buf, 1, sizeof(buf), fp); |
| 148 | if(n == 0) |
| 149 | break; |
| 150 | p = buf; |
| 151 | } |
| 152 | else if(source->type == CAFILE_SOURCE_BLOB) { |
| 153 | n = source->len; |
| 154 | p = (unsigned char *) source->data; |
| 155 | } |
| 156 | while(n) { |
| 157 | pushed = br_pem_decoder_push(&pc, p, n); |
| 158 | if(ca.err) |
| 159 | goto fail; |
| 160 | p += pushed; |
| 161 | n -= pushed; |
| 162 | |
| 163 | switch(br_pem_decoder_event(&pc)) { |
| 164 | case 0: |
| 165 | break; |
| 166 | case BR_PEM_BEGIN_OBJ: |
| 167 | name = br_pem_decoder_name(&pc); |
| 168 | if(strcmp(name, "CERTIFICATE") && strcmp(name, "X509 CERTIFICATE")) |
| 169 | break; |
| 170 | br_x509_decoder_init(&ca.xc, append_dn, &ca); |
| 171 | ca.in_cert = TRUE; |
| 172 | ca.dn_len = 0; |
| 173 | break; |
| 174 | case BR_PEM_END_OBJ: |
| 175 | if(!ca.in_cert) |
| 176 | break; |
| 177 | ca.in_cert = FALSE; |
| 178 | if(br_x509_decoder_last_error(&ca.xc)) { |
| 179 | ca.err = CURLE_SSL_CACERT_BADFILE; |
| 180 | goto fail; |
| 181 | } |
| 182 | /* add trust anchor */ |
| 183 | if(ca.anchors_len == SIZE_MAX / sizeof(ca.anchors[0])) { |
| 184 | ca.err = CURLE_OUT_OF_MEMORY; |
| 185 | goto fail; |
| 186 | } |
| 187 | new_anchors_len = ca.anchors_len + 1; |
| 188 | new_anchors = realloc(ca.anchors, |
| 189 | new_anchors_len * sizeof(ca.anchors[0])); |
| 190 | if(!new_anchors) { |
| 191 | ca.err = CURLE_OUT_OF_MEMORY; |
| 192 | goto fail; |
| 193 | } |
| 194 | ca.anchors = new_anchors; |
| 195 | ca.anchors_len = new_anchors_len; |
| 196 | ta = &ca.anchors[ca.anchors_len - 1]; |
| 197 | ta->dn.data = NULL; |
| 198 | ta->flags = 0; |
| 199 | if(br_x509_decoder_isCA(&ca.xc)) |
| 200 | ta->flags |= BR_X509_TA_CA; |
| 201 | pkey = br_x509_decoder_get_pkey(&ca.xc); |
| 202 | if(!pkey) { |
| 203 | ca.err = CURLE_SSL_CACERT_BADFILE; |
| 204 | goto fail; |
| 205 | } |
| 206 | ta->pkey = *pkey; |
| 207 | |
| 208 | /* calculate space needed for trust anchor data */ |
| 209 | ta_size = ca.dn_len; |
| 210 | switch(pkey->key_type) { |
| 211 | case BR_KEYTYPE_RSA: |
| 212 | ta_size += pkey->key.rsa.nlen + pkey->key.rsa.elen; |
| 213 | break; |
| 214 | case BR_KEYTYPE_EC: |
| 215 | ta_size += pkey->key.ec.qlen; |
| 216 | break; |
| 217 | default: |
| 218 | ca.err = CURLE_FAILED_INIT; |
| 219 | goto fail; |
| 220 | } |
| 221 | |
| 222 | /* fill in trust anchor DN and public key data */ |
| 223 | ta->dn.data = malloc(ta_size); |
| 224 | if(!ta->dn.data) { |
| 225 | ca.err = CURLE_OUT_OF_MEMORY; |
| 226 | goto fail; |
| 227 | } |
| 228 | memcpy(ta->dn.data, ca.dn, ca.dn_len); |
| 229 | ta->dn.len = ca.dn_len; |
| 230 | switch(pkey->key_type) { |
| 231 | case BR_KEYTYPE_RSA: |
| 232 | ta->pkey.key.rsa.n = ta->dn.data + ta->dn.len; |
| 233 | memcpy(ta->pkey.key.rsa.n, pkey->key.rsa.n, pkey->key.rsa.nlen); |
| 234 | ta->pkey.key.rsa.e = ta->pkey.key.rsa.n + ta->pkey.key.rsa.nlen; |
| 235 | memcpy(ta->pkey.key.rsa.e, pkey->key.rsa.e, pkey->key.rsa.elen); |
| 236 | break; |
| 237 | case BR_KEYTYPE_EC: |
| 238 | ta->pkey.key.ec.q = ta->dn.data + ta->dn.len; |
| 239 | memcpy(ta->pkey.key.ec.q, pkey->key.ec.q, pkey->key.ec.qlen); |
| 240 | break; |
| 241 | } |
| 242 | break; |
| 243 | default: |
| 244 | ca.err = CURLE_SSL_CACERT_BADFILE; |
| 245 | goto fail; |
| 246 | } |
| 247 | } |
| 248 | } while(source->type != CAFILE_SOURCE_BLOB); |
| 249 | if(fp && ferror(fp)) |
| 250 | ca.err = CURLE_READ_ERROR; |
| 251 | else if(ca.in_cert) |
| 252 | ca.err = CURLE_SSL_CACERT_BADFILE; |
| 253 | |
| 254 | fail: |
| 255 | if(fp) |
| 256 | fclose(fp); |
| 257 | if(ca.err == CURLE_OK) { |
| 258 | *anchors = ca.anchors; |
| 259 | *anchors_len = ca.anchors_len; |
| 260 | } |
| 261 | else { |
| 262 | for(i = 0; i < ca.anchors_len; ++i) |
| 263 | free(ca.anchors[i].dn.data); |
| 264 | free(ca.anchors); |
| 265 | } |
| 266 | |
| 267 | return ca.err; |
| 268 | } |
| 269 | |
| 270 | static void x509_start_chain(const br_x509_class **ctx, |
| 271 | const char *server_name) |
| 272 | { |
| 273 | struct x509_context *x509 = (struct x509_context *)ctx; |
| 274 | |
| 275 | if(!x509->verifypeer) { |
| 276 | x509->cert_num = 0; |
| 277 | return; |
| 278 | } |
| 279 | |
| 280 | if(!x509->verifyhost) |
| 281 | server_name = NULL; |
| 282 | x509->minimal.vtable->start_chain(&x509->minimal.vtable, server_name); |
| 283 | } |
| 284 | |
| 285 | static void x509_start_cert(const br_x509_class **ctx, uint32_t length) |
| 286 | { |
| 287 | struct x509_context *x509 = (struct x509_context *)ctx; |
| 288 | |
| 289 | if(!x509->verifypeer) { |
| 290 | /* Only decode the first cert in the chain to obtain the public key */ |
| 291 | if(x509->cert_num == 0) |
| 292 | br_x509_decoder_init(&x509->decoder, NULL, NULL); |
| 293 | return; |
| 294 | } |
| 295 | |
| 296 | x509->minimal.vtable->start_cert(&x509->minimal.vtable, length); |
| 297 | } |
| 298 | |
| 299 | static void x509_append(const br_x509_class **ctx, const unsigned char *buf, |
| 300 | size_t len) |
| 301 | { |
| 302 | struct x509_context *x509 = (struct x509_context *)ctx; |
| 303 | |
| 304 | if(!x509->verifypeer) { |
| 305 | if(x509->cert_num == 0) |
| 306 | br_x509_decoder_push(&x509->decoder, buf, len); |
| 307 | return; |
| 308 | } |
| 309 | |
| 310 | x509->minimal.vtable->append(&x509->minimal.vtable, buf, len); |
| 311 | } |
| 312 | |
| 313 | static void x509_end_cert(const br_x509_class **ctx) |
| 314 | { |
| 315 | struct x509_context *x509 = (struct x509_context *)ctx; |
| 316 | |
| 317 | if(!x509->verifypeer) { |
| 318 | x509->cert_num++; |
| 319 | return; |
| 320 | } |
| 321 | |
| 322 | x509->minimal.vtable->end_cert(&x509->minimal.vtable); |
| 323 | } |
| 324 | |
| 325 | static unsigned x509_end_chain(const br_x509_class **ctx) |
| 326 | { |
| 327 | struct x509_context *x509 = (struct x509_context *)ctx; |
| 328 | |
| 329 | if(!x509->verifypeer) { |
| 330 | return br_x509_decoder_last_error(&x509->decoder); |
| 331 | } |
| 332 | |
| 333 | return x509->minimal.vtable->end_chain(&x509->minimal.vtable); |
| 334 | } |
| 335 | |
| 336 | static const br_x509_pkey *x509_get_pkey(const br_x509_class *const *ctx, |
| 337 | unsigned *usages) |
| 338 | { |
| 339 | struct x509_context *x509 = (struct x509_context *)ctx; |
| 340 | |
| 341 | if(!x509->verifypeer) { |
| 342 | /* Nothing in the chain is verified, just return the public key of the |
| 343 | first certificate and allow its usage for both TLS_RSA_* and |
| 344 | TLS_ECDHE_* */ |
| 345 | if(usages) |
| 346 | *usages = BR_KEYTYPE_KEYX | BR_KEYTYPE_SIGN; |
| 347 | return br_x509_decoder_get_pkey(&x509->decoder); |
| 348 | } |
| 349 | |
| 350 | return x509->minimal.vtable->get_pkey(&x509->minimal.vtable, usages); |
| 351 | } |
| 352 | |
| 353 | static const br_x509_class x509_vtable = { |
| 354 | sizeof(struct x509_context), |
| 355 | x509_start_chain, |
| 356 | x509_start_cert, |
| 357 | x509_append, |
| 358 | x509_end_cert, |
| 359 | x509_end_chain, |
| 360 | x509_get_pkey |
| 361 | }; |
| 362 | |
| 363 | struct st_cipher { |
| 364 | const char *name; /* Cipher suite IANA name. It starts with "TLS_" prefix */ |
| 365 | const char *alias_name; /* Alias name is the same as OpenSSL cipher name */ |
| 366 | uint16_t num; /* BearSSL cipher suite */ |
| 367 | }; |
| 368 | |
| 369 | /* Macro to initialize st_cipher data structure */ |
| 370 | #define CIPHER_DEF(num, alias) { #num, alias, BR_##num } |
| 371 | |
| 372 | static const struct st_cipher ciphertable[] = { |
| 373 | /* RFC 2246 TLS 1.0 */ |
| 374 | CIPHER_DEF(TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* 0x000A */ |
| 375 | "DES-CBC3-SHA"), |
| 376 | |
| 377 | /* RFC 3268 TLS 1.0 AES */ |
| 378 | CIPHER_DEF(TLS_RSA_WITH_AES_128_CBC_SHA, /* 0x002F */ |
| 379 | "AES128-SHA"), |
| 380 | CIPHER_DEF(TLS_RSA_WITH_AES_256_CBC_SHA, /* 0x0035 */ |
| 381 | "AES256-SHA"), |
| 382 | |
| 383 | /* RFC 5246 TLS 1.2 */ |
| 384 | CIPHER_DEF(TLS_RSA_WITH_AES_128_CBC_SHA256, /* 0x003C */ |
| 385 | "AES128-SHA256"), |
| 386 | CIPHER_DEF(TLS_RSA_WITH_AES_256_CBC_SHA256, /* 0x003D */ |
| 387 | "AES256-SHA256"), |
| 388 | |
| 389 | /* RFC 5288 TLS 1.2 AES GCM */ |
| 390 | CIPHER_DEF(TLS_RSA_WITH_AES_128_GCM_SHA256, /* 0x009C */ |
| 391 | "AES128-GCM-SHA256"), |
| 392 | CIPHER_DEF(TLS_RSA_WITH_AES_256_GCM_SHA384, /* 0x009D */ |
| 393 | "AES256-GCM-SHA384"), |
| 394 | |
| 395 | /* RFC 4492 TLS 1.0 ECC */ |
| 396 | CIPHER_DEF(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, /* 0xC003 */ |
| 397 | "ECDH-ECDSA-DES-CBC3-SHA"), |
| 398 | CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, /* 0xC004 */ |
| 399 | "ECDH-ECDSA-AES128-SHA"), |
| 400 | CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, /* 0xC005 */ |
| 401 | "ECDH-ECDSA-AES256-SHA"), |
| 402 | CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, /* 0xC008 */ |
| 403 | "ECDHE-ECDSA-DES-CBC3-SHA"), |
| 404 | CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, /* 0xC009 */ |
| 405 | "ECDHE-ECDSA-AES128-SHA"), |
| 406 | CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, /* 0xC00A */ |
| 407 | "ECDHE-ECDSA-AES256-SHA"), |
| 408 | CIPHER_DEF(TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, /* 0xC00D */ |
| 409 | "ECDH-RSA-DES-CBC3-SHA"), |
| 410 | CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, /* 0xC00E */ |
| 411 | "ECDH-RSA-AES128-SHA"), |
| 412 | CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, /* 0xC00F */ |
| 413 | "ECDH-RSA-AES256-SHA"), |
| 414 | CIPHER_DEF(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, /* 0xC012 */ |
| 415 | "ECDHE-RSA-DES-CBC3-SHA"), |
| 416 | CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, /* 0xC013 */ |
| 417 | "ECDHE-RSA-AES128-SHA"), |
| 418 | CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, /* 0xC014 */ |
| 419 | "ECDHE-RSA-AES256-SHA"), |
| 420 | |
| 421 | /* RFC 5289 TLS 1.2 ECC HMAC SHA256/384 */ |
| 422 | CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, /* 0xC023 */ |
| 423 | "ECDHE-ECDSA-AES128-SHA256"), |
| 424 | CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, /* 0xC024 */ |
| 425 | "ECDHE-ECDSA-AES256-SHA384"), |
| 426 | CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, /* 0xC025 */ |
| 427 | "ECDH-ECDSA-AES128-SHA256"), |
| 428 | CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, /* 0xC026 */ |
| 429 | "ECDH-ECDSA-AES256-SHA384"), |
| 430 | CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, /* 0xC027 */ |
| 431 | "ECDHE-RSA-AES128-SHA256"), |
| 432 | CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, /* 0xC028 */ |
| 433 | "ECDHE-RSA-AES256-SHA384"), |
| 434 | CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, /* 0xC029 */ |
| 435 | "ECDH-RSA-AES128-SHA256"), |
| 436 | CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, /* 0xC02A */ |
| 437 | "ECDH-RSA-AES256-SHA384"), |
| 438 | |
| 439 | /* RFC 5289 TLS 1.2 GCM */ |
| 440 | CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, /* 0xC02B */ |
| 441 | "ECDHE-ECDSA-AES128-GCM-SHA256"), |
| 442 | CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, /* 0xC02C */ |
| 443 | "ECDHE-ECDSA-AES256-GCM-SHA384"), |
| 444 | CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, /* 0xC02D */ |
| 445 | "ECDH-ECDSA-AES128-GCM-SHA256"), |
| 446 | CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, /* 0xC02E */ |
| 447 | "ECDH-ECDSA-AES256-GCM-SHA384"), |
| 448 | CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, /* 0xC02F */ |
| 449 | "ECDHE-RSA-AES128-GCM-SHA256"), |
| 450 | CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, /* 0xC030 */ |
| 451 | "ECDHE-RSA-AES256-GCM-SHA384"), |
| 452 | CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, /* 0xC031 */ |
| 453 | "ECDH-RSA-AES128-GCM-SHA256"), |
| 454 | CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, /* 0xC032 */ |
| 455 | "ECDH-RSA-AES256-GCM-SHA384"), |
| 456 | #ifdef BR_TLS_RSA_WITH_AES_128_CCM |
| 457 | |
| 458 | /* RFC 6655 TLS 1.2 CCM |
| 459 | Supported since BearSSL 0.6 */ |
| 460 | CIPHER_DEF(TLS_RSA_WITH_AES_128_CCM, /* 0xC09C */ |
| 461 | "AES128-CCM"), |
| 462 | CIPHER_DEF(TLS_RSA_WITH_AES_256_CCM, /* 0xC09D */ |
| 463 | "AES256-CCM"), |
| 464 | CIPHER_DEF(TLS_RSA_WITH_AES_128_CCM_8, /* 0xC0A0 */ |
| 465 | "AES128-CCM8"), |
| 466 | CIPHER_DEF(TLS_RSA_WITH_AES_256_CCM_8, /* 0xC0A1 */ |
| 467 | "AES256-CCM8"), |
| 468 | |
| 469 | /* RFC 7251 TLS 1.2 ECC CCM |
| 470 | Supported since BearSSL 0.6 */ |
| 471 | CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CCM, /* 0xC0AC */ |
| 472 | "ECDHE-ECDSA-AES128-CCM"), |
| 473 | CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CCM, /* 0xC0AD */ |
| 474 | "ECDHE-ECDSA-AES256-CCM"), |
| 475 | CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, /* 0xC0AE */ |
| 476 | "ECDHE-ECDSA-AES128-CCM8"), |
| 477 | CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, /* 0xC0AF */ |
| 478 | "ECDHE-ECDSA-AES256-CCM8"), |
| 479 | #endif |
| 480 | |
| 481 | /* RFC 7905 TLS 1.2 ChaCha20-Poly1305 |
| 482 | Supported since BearSSL 0.2 */ |
| 483 | CIPHER_DEF(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA8 */ |
| 484 | "ECDHE-RSA-CHACHA20-POLY1305"), |
| 485 | CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA9 */ |
| 486 | "ECDHE-ECDSA-CHACHA20-POLY1305"), |
| 487 | }; |
| 488 | |
| 489 | #define NUM_OF_CIPHERS (sizeof(ciphertable) / sizeof(ciphertable[0])) |
| 490 | #define CIPHER_NAME_BUF_LEN 64 |
| 491 | |
| 492 | static bool is_separator(char c) |
| 493 | { |
| 494 | /* Return whether character is a cipher list separator. */ |
| 495 | switch(c) { |
| 496 | case ' ': |
| 497 | case '\t': |
| 498 | case ':': |
| 499 | case ',': |
| 500 | case ';': |
| 501 | return true; |
| 502 | } |
| 503 | return false; |
| 504 | } |
| 505 | |
| 506 | static CURLcode bearssl_set_selected_ciphers(struct Curl_easy *data, |
| 507 | br_ssl_engine_context *ssl_eng, |
| 508 | const char *ciphers) |
| 509 | { |
| 510 | uint16_t selected_ciphers[NUM_OF_CIPHERS]; |
| 511 | size_t selected_count = 0; |
| 512 | char cipher_name[CIPHER_NAME_BUF_LEN]; |
| 513 | const char *cipher_start = ciphers; |
| 514 | const char *cipher_end; |
| 515 | size_t i, j; |
| 516 | |
| 517 | if(!cipher_start) |
| 518 | return CURLE_SSL_CIPHER; |
| 519 | |
| 520 | while(true) { |
| 521 | /* Extract the next cipher name from the ciphers string */ |
| 522 | while(is_separator(*cipher_start)) |
| 523 | ++cipher_start; |
| 524 | if(*cipher_start == '\0') |
| 525 | break; |
| 526 | cipher_end = cipher_start; |
| 527 | while(*cipher_end != '\0' && !is_separator(*cipher_end)) |
| 528 | ++cipher_end; |
| 529 | j = cipher_end - cipher_start < CIPHER_NAME_BUF_LEN - 1 ? |
| 530 | cipher_end - cipher_start : CIPHER_NAME_BUF_LEN - 1; |
| 531 | strncpy(cipher_name, cipher_start, j); |
| 532 | cipher_name[j] = '\0'; |
| 533 | cipher_start = cipher_end; |
| 534 | |
| 535 | /* Lookup the cipher name in the table of available ciphers. If the cipher |
| 536 | name starts with "TLS_" we do the lookup by IANA name. Otherwise, we try |
| 537 | to match cipher name by an (OpenSSL) alias. */ |
| 538 | if(strncasecompare(cipher_name, "TLS_", 4)) { |
| 539 | for(i = 0; i < NUM_OF_CIPHERS && |
| 540 | !strcasecompare(cipher_name, ciphertable[i].name); ++i); |
| 541 | } |
| 542 | else { |
| 543 | for(i = 0; i < NUM_OF_CIPHERS && |
| 544 | !strcasecompare(cipher_name, ciphertable[i].alias_name); ++i); |
| 545 | } |
| 546 | if(i == NUM_OF_CIPHERS) { |
| 547 | infof(data, "BearSSL: unknown cipher in list: %s", cipher_name); |
| 548 | continue; |
| 549 | } |
| 550 | |
| 551 | /* No duplicates allowed */ |
| 552 | for(j = 0; j < selected_count && |
| 553 | selected_ciphers[j] != ciphertable[i].num; j++); |
| 554 | if(j < selected_count) { |
| 555 | infof(data, "BearSSL: duplicate cipher in list: %s", cipher_name); |
| 556 | continue; |
| 557 | } |
| 558 | |
| 559 | DEBUGASSERT(selected_count < NUM_OF_CIPHERS); |
| 560 | selected_ciphers[selected_count] = ciphertable[i].num; |
| 561 | ++selected_count; |
| 562 | } |
| 563 | |
| 564 | if(selected_count == 0) { |
| 565 | failf(data, "BearSSL: no supported cipher in list"); |
| 566 | return CURLE_SSL_CIPHER; |
| 567 | } |
| 568 | |
| 569 | br_ssl_engine_set_suites(ssl_eng, selected_ciphers, selected_count); |
| 570 | return CURLE_OK; |
| 571 | } |
| 572 | |
| 573 | static CURLcode bearssl_connect_step1(struct Curl_cfilter *cf, |
| 574 | struct Curl_easy *data) |
| 575 | { |
| 576 | struct ssl_connect_data *connssl = cf->ctx; |
| 577 | struct bearssl_ssl_backend_data *backend = |
| 578 | (struct bearssl_ssl_backend_data *)connssl->backend; |
| 579 | struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); |
| 580 | struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); |
| 581 | const struct curl_blob *ca_info_blob = conn_config->ca_info_blob; |
| 582 | const char * const ssl_cafile = |
| 583 | /* CURLOPT_CAINFO_BLOB overrides CURLOPT_CAINFO */ |
| 584 | (ca_info_blob ? NULL : conn_config->CAfile); |
| 585 | const char *hostname = connssl->hostname; |
| 586 | const bool verifypeer = conn_config->verifypeer; |
| 587 | const bool verifyhost = conn_config->verifyhost; |
| 588 | CURLcode ret; |
| 589 | unsigned version_min, version_max; |
| 590 | int session_set = 0; |
| 591 | #ifdef ENABLE_IPV6 |
| 592 | struct in6_addr addr; |
| 593 | #else |
| 594 | struct in_addr addr; |
| 595 | #endif |
| 596 | |
| 597 | DEBUGASSERT(backend); |
| 598 | CURL_TRC_CF(data, cf, "connect_step1"); |
| 599 | |
| 600 | switch(conn_config->version) { |
| 601 | case CURL_SSLVERSION_SSLv2: |
| 602 | failf(data, "BearSSL does not support SSLv2"); |
| 603 | return CURLE_SSL_CONNECT_ERROR; |
| 604 | case CURL_SSLVERSION_SSLv3: |
| 605 | failf(data, "BearSSL does not support SSLv3"); |
| 606 | return CURLE_SSL_CONNECT_ERROR; |
| 607 | case CURL_SSLVERSION_TLSv1_0: |
| 608 | version_min = BR_TLS10; |
| 609 | version_max = BR_TLS10; |
| 610 | break; |
| 611 | case CURL_SSLVERSION_TLSv1_1: |
| 612 | version_min = BR_TLS11; |
| 613 | version_max = BR_TLS11; |
| 614 | break; |
| 615 | case CURL_SSLVERSION_TLSv1_2: |
| 616 | version_min = BR_TLS12; |
| 617 | version_max = BR_TLS12; |
| 618 | break; |
| 619 | case CURL_SSLVERSION_DEFAULT: |
| 620 | case CURL_SSLVERSION_TLSv1: |
| 621 | version_min = BR_TLS10; |
| 622 | version_max = BR_TLS12; |
| 623 | break; |
| 624 | default: |
| 625 | failf(data, "BearSSL: unknown CURLOPT_SSLVERSION"); |
| 626 | return CURLE_SSL_CONNECT_ERROR; |
| 627 | } |
| 628 | |
| 629 | if(verifypeer) { |
| 630 | if(ca_info_blob) { |
| 631 | struct cafile_source source; |
| 632 | source.type = CAFILE_SOURCE_BLOB; |
| 633 | source.data = ca_info_blob->data; |
| 634 | source.len = ca_info_blob->len; |
| 635 | |
| 636 | CURL_TRC_CF(data, cf, "connect_step1, load ca_info_blob"); |
| 637 | ret = load_cafile(&source, &backend->anchors, &backend->anchors_len); |
| 638 | if(ret != CURLE_OK) { |
| 639 | failf(data, "error importing CA certificate blob"); |
| 640 | return ret; |
| 641 | } |
| 642 | } |
| 643 | |
| 644 | if(ssl_cafile) { |
| 645 | struct cafile_source source; |
| 646 | source.type = CAFILE_SOURCE_PATH; |
| 647 | source.data = ssl_cafile; |
| 648 | source.len = 0; |
| 649 | |
| 650 | CURL_TRC_CF(data, cf, "connect_step1, load cafile"); |
| 651 | ret = load_cafile(&source, &backend->anchors, &backend->anchors_len); |
| 652 | if(ret != CURLE_OK) { |
| 653 | failf(data, "error setting certificate verify locations." |
| 654 | " CAfile: %s", ssl_cafile); |
| 655 | return ret; |
| 656 | } |
| 657 | } |
| 658 | } |
| 659 | |
| 660 | /* initialize SSL context */ |
| 661 | br_ssl_client_init_full(&backend->ctx, &backend->x509.minimal, |
| 662 | backend->anchors, backend->anchors_len); |
| 663 | br_ssl_engine_set_versions(&backend->ctx.eng, version_min, version_max); |
| 664 | br_ssl_engine_set_buffer(&backend->ctx.eng, backend->buf, |
| 665 | sizeof(backend->buf), 1); |
| 666 | |
| 667 | if(conn_config->cipher_list) { |
| 668 | /* Override the ciphers as specified. For the default cipher list see the |
| 669 | BearSSL source code of br_ssl_client_init_full() */ |
| 670 | CURL_TRC_CF(data, cf, "connect_step1, set ciphers"); |
| 671 | ret = bearssl_set_selected_ciphers(data, &backend->ctx.eng, |
| 672 | conn_config->cipher_list); |
| 673 | if(ret) |
| 674 | return ret; |
| 675 | } |
| 676 | |
| 677 | /* initialize X.509 context */ |
| 678 | backend->x509.vtable = &x509_vtable; |
| 679 | backend->x509.verifypeer = verifypeer; |
| 680 | backend->x509.verifyhost = verifyhost; |
| 681 | br_ssl_engine_set_x509(&backend->ctx.eng, &backend->x509.vtable); |
| 682 | |
| 683 | if(ssl_config->primary.sessionid) { |
| 684 | void *session; |
| 685 | |
| 686 | CURL_TRC_CF(data, cf, "connect_step1, check session cache"); |
| 687 | Curl_ssl_sessionid_lock(data); |
| 688 | if(!Curl_ssl_getsessionid(cf, data, &session, NULL)) { |
| 689 | br_ssl_engine_set_session_parameters(&backend->ctx.eng, session); |
| 690 | session_set = 1; |
| 691 | infof(data, "BearSSL: reusing session ID"); |
| 692 | } |
| 693 | Curl_ssl_sessionid_unlock(data); |
| 694 | } |
| 695 | |
| 696 | if(connssl->alpn) { |
| 697 | struct alpn_proto_buf proto; |
| 698 | size_t i; |
| 699 | |
| 700 | for(i = 0; i < connssl->alpn->count; ++i) { |
| 701 | backend->protocols[i] = connssl->alpn->entries[i]; |
| 702 | } |
| 703 | br_ssl_engine_set_protocol_names(&backend->ctx.eng, backend->protocols, |
| 704 | connssl->alpn->count); |
| 705 | Curl_alpn_to_proto_str(&proto, connssl->alpn); |
| 706 | infof(data, VTLS_INFOF_ALPN_OFFER_1STR, proto.data); |
| 707 | } |
| 708 | |
| 709 | if((1 == Curl_inet_pton(AF_INET, hostname, &addr)) |
| 710 | #ifdef ENABLE_IPV6 |
| 711 | || (1 == Curl_inet_pton(AF_INET6, hostname, &addr)) |
| 712 | #endif |
| 713 | ) { |
| 714 | if(verifyhost) { |
| 715 | failf(data, "BearSSL: " |
| 716 | "host verification of IP address is not supported"); |
| 717 | return CURLE_PEER_FAILED_VERIFICATION; |
| 718 | } |
| 719 | hostname = NULL; |
| 720 | } |
| 721 | else { |
| 722 | char *snihost = Curl_ssl_snihost(data, hostname, NULL); |
| 723 | if(!snihost) { |
| 724 | failf(data, "Failed to set SNI"); |
| 725 | return CURLE_SSL_CONNECT_ERROR; |
| 726 | } |
| 727 | hostname = snihost; |
| 728 | CURL_TRC_CF(data, cf, "connect_step1, SNI set"); |
| 729 | } |
| 730 | |
| 731 | /* give application a chance to interfere with SSL set up. */ |
| 732 | if(data->set.ssl.fsslctx) { |
| 733 | Curl_set_in_callback(data, true); |
| 734 | ret = (*data->set.ssl.fsslctx)(data, &backend->ctx, |
| 735 | data->set.ssl.fsslctxp); |
| 736 | Curl_set_in_callback(data, false); |
| 737 | if(ret) { |
| 738 | failf(data, "BearSSL: error signaled by ssl ctx callback"); |
| 739 | return ret; |
| 740 | } |
| 741 | } |
| 742 | |
| 743 | if(!br_ssl_client_reset(&backend->ctx, hostname, session_set)) |
| 744 | return CURLE_FAILED_INIT; |
| 745 | backend->active = TRUE; |
| 746 | |
| 747 | connssl->connecting_state = ssl_connect_2; |
| 748 | |
| 749 | return CURLE_OK; |
| 750 | } |
| 751 | |
| 752 | static int bearssl_get_select_socks(struct Curl_cfilter *cf, |
| 753 | struct Curl_easy *data, |
| 754 | curl_socket_t *socks) |
| 755 | { |
| 756 | struct ssl_connect_data *connssl = cf->ctx; |
| 757 | curl_socket_t sock = Curl_conn_cf_get_socket(cf->next, data); |
| 758 | |
| 759 | if(sock == CURL_SOCKET_BAD) |
| 760 | return GETSOCK_BLANK; |
| 761 | else { |
| 762 | struct bearssl_ssl_backend_data *backend = |
| 763 | (struct bearssl_ssl_backend_data *)connssl->backend; |
| 764 | unsigned state = br_ssl_engine_current_state(&backend->ctx.eng); |
| 765 | if(state & BR_SSL_SENDREC) { |
| 766 | socks[0] = sock; |
| 767 | return GETSOCK_WRITESOCK(0); |
| 768 | } |
| 769 | } |
| 770 | socks[0] = sock; |
| 771 | return GETSOCK_READSOCK(0); |
| 772 | } |
| 773 | |
| 774 | static CURLcode bearssl_run_until(struct Curl_cfilter *cf, |
| 775 | struct Curl_easy *data, |
| 776 | unsigned target) |
| 777 | { |
| 778 | struct ssl_connect_data *connssl = cf->ctx; |
| 779 | struct bearssl_ssl_backend_data *backend = |
| 780 | (struct bearssl_ssl_backend_data *)connssl->backend; |
| 781 | unsigned state; |
| 782 | unsigned char *buf; |
| 783 | size_t len; |
| 784 | ssize_t ret; |
| 785 | CURLcode result; |
| 786 | int err; |
| 787 | |
| 788 | DEBUGASSERT(backend); |
| 789 | |
| 790 | for(;;) { |
| 791 | state = br_ssl_engine_current_state(&backend->ctx.eng); |
| 792 | if(state & BR_SSL_CLOSED) { |
| 793 | err = br_ssl_engine_last_error(&backend->ctx.eng); |
| 794 | switch(err) { |
| 795 | case BR_ERR_OK: |
| 796 | /* TLS close notify */ |
| 797 | if(connssl->state != ssl_connection_complete) { |
| 798 | failf(data, "SSL: connection closed during handshake"); |
| 799 | return CURLE_SSL_CONNECT_ERROR; |
| 800 | } |
| 801 | return CURLE_OK; |
| 802 | case BR_ERR_X509_EXPIRED: |
| 803 | failf(data, "SSL: X.509 verification: " |
| 804 | "certificate is expired or not yet valid"); |
| 805 | return CURLE_PEER_FAILED_VERIFICATION; |
| 806 | case BR_ERR_X509_BAD_SERVER_NAME: |
| 807 | failf(data, "SSL: X.509 verification: " |
| 808 | "expected server name was not found in the chain"); |
| 809 | return CURLE_PEER_FAILED_VERIFICATION; |
| 810 | case BR_ERR_X509_NOT_TRUSTED: |
| 811 | failf(data, "SSL: X.509 verification: " |
| 812 | "chain could not be linked to a trust anchor"); |
| 813 | return CURLE_PEER_FAILED_VERIFICATION; |
| 814 | } |
| 815 | /* X.509 errors are documented to have the range 32..63 */ |
| 816 | if(err >= 32 && err < 64) |
| 817 | return CURLE_PEER_FAILED_VERIFICATION; |
| 818 | return CURLE_SSL_CONNECT_ERROR; |
| 819 | } |
| 820 | if(state & target) |
| 821 | return CURLE_OK; |
| 822 | if(state & BR_SSL_SENDREC) { |
| 823 | buf = br_ssl_engine_sendrec_buf(&backend->ctx.eng, &len); |
| 824 | ret = Curl_conn_cf_send(cf->next, data, (char *)buf, len, &result); |
| 825 | CURL_TRC_CF(data, cf, "ssl_send(len=%zu) -> %zd, %d", len, ret, result); |
| 826 | if(ret <= 0) { |
| 827 | return result; |
| 828 | } |
| 829 | br_ssl_engine_sendrec_ack(&backend->ctx.eng, ret); |
| 830 | } |
| 831 | else if(state & BR_SSL_RECVREC) { |
| 832 | buf = br_ssl_engine_recvrec_buf(&backend->ctx.eng, &len); |
| 833 | ret = Curl_conn_cf_recv(cf->next, data, (char *)buf, len, &result); |
| 834 | CURL_TRC_CF(data, cf, "ssl_recv(len=%zu) -> %zd, %d", len, ret, result); |
| 835 | if(ret == 0) { |
| 836 | failf(data, "SSL: EOF without close notify"); |
| 837 | return CURLE_READ_ERROR; |
| 838 | } |
| 839 | if(ret <= 0) { |
| 840 | return result; |
| 841 | } |
| 842 | br_ssl_engine_recvrec_ack(&backend->ctx.eng, ret); |
| 843 | } |
| 844 | } |
| 845 | } |
| 846 | |
| 847 | static CURLcode bearssl_connect_step2(struct Curl_cfilter *cf, |
| 848 | struct Curl_easy *data) |
| 849 | { |
| 850 | struct ssl_connect_data *connssl = cf->ctx; |
| 851 | struct bearssl_ssl_backend_data *backend = |
| 852 | (struct bearssl_ssl_backend_data *)connssl->backend; |
| 853 | CURLcode ret; |
| 854 | |
| 855 | DEBUGASSERT(backend); |
| 856 | CURL_TRC_CF(data, cf, "connect_step2"); |
| 857 | |
| 858 | ret = bearssl_run_until(cf, data, BR_SSL_SENDAPP | BR_SSL_RECVAPP); |
| 859 | if(ret == CURLE_AGAIN) |
| 860 | return CURLE_OK; |
| 861 | if(ret == CURLE_OK) { |
| 862 | unsigned int tver; |
| 863 | if(br_ssl_engine_current_state(&backend->ctx.eng) == BR_SSL_CLOSED) { |
| 864 | failf(data, "SSL: connection closed during handshake"); |
| 865 | return CURLE_SSL_CONNECT_ERROR; |
| 866 | } |
| 867 | connssl->connecting_state = ssl_connect_3; |
| 868 | /* Informational message */ |
| 869 | tver = br_ssl_engine_get_version(&backend->ctx.eng); |
| 870 | if(tver == 0x0303) |
| 871 | infof(data, "SSL connection using TLSv1.2"); |
| 872 | else if(tver == 0x0304) |
| 873 | infof(data, "SSL connection using TLSv1.3"); |
| 874 | else |
| 875 | infof(data, "SSL connection using TLS 0x%x", tver); |
| 876 | } |
| 877 | return ret; |
| 878 | } |
| 879 | |
| 880 | static CURLcode bearssl_connect_step3(struct Curl_cfilter *cf, |
| 881 | struct Curl_easy *data) |
| 882 | { |
| 883 | struct ssl_connect_data *connssl = cf->ctx; |
| 884 | struct bearssl_ssl_backend_data *backend = |
| 885 | (struct bearssl_ssl_backend_data *)connssl->backend; |
| 886 | struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); |
| 887 | CURLcode ret; |
| 888 | |
| 889 | DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); |
| 890 | DEBUGASSERT(backend); |
| 891 | CURL_TRC_CF(data, cf, "connect_step3"); |
| 892 | |
| 893 | if(connssl->alpn) { |
| 894 | const char *proto; |
| 895 | |
| 896 | proto = br_ssl_engine_get_selected_protocol(&backend->ctx.eng); |
| 897 | Curl_alpn_set_negotiated(cf, data, (const unsigned char *)proto, |
| 898 | proto? strlen(proto) : 0); |
| 899 | } |
| 900 | |
| 901 | if(ssl_config->primary.sessionid) { |
| 902 | bool incache; |
| 903 | bool added = FALSE; |
| 904 | void *oldsession; |
| 905 | br_ssl_session_parameters *session; |
| 906 | |
| 907 | session = malloc(sizeof(*session)); |
| 908 | if(!session) |
| 909 | return CURLE_OUT_OF_MEMORY; |
| 910 | br_ssl_engine_get_session_parameters(&backend->ctx.eng, session); |
| 911 | Curl_ssl_sessionid_lock(data); |
| 912 | incache = !(Curl_ssl_getsessionid(cf, data, &oldsession, NULL)); |
| 913 | if(incache) |
| 914 | Curl_ssl_delsessionid(data, oldsession); |
| 915 | ret = Curl_ssl_addsessionid(cf, data, session, 0, &added); |
| 916 | Curl_ssl_sessionid_unlock(data); |
| 917 | if(!added) |
| 918 | free(session); |
| 919 | if(ret) { |
| 920 | return CURLE_OUT_OF_MEMORY; |
| 921 | } |
| 922 | } |
| 923 | |
| 924 | connssl->connecting_state = ssl_connect_done; |
| 925 | |
| 926 | return CURLE_OK; |
| 927 | } |
| 928 | |
| 929 | static ssize_t bearssl_send(struct Curl_cfilter *cf, struct Curl_easy *data, |
| 930 | const void *buf, size_t len, CURLcode *err) |
| 931 | { |
| 932 | struct ssl_connect_data *connssl = cf->ctx; |
| 933 | struct bearssl_ssl_backend_data *backend = |
| 934 | (struct bearssl_ssl_backend_data *)connssl->backend; |
| 935 | unsigned char *app; |
| 936 | size_t applen; |
| 937 | |
| 938 | DEBUGASSERT(backend); |
| 939 | |
| 940 | for(;;) { |
| 941 | *err = bearssl_run_until(cf, data, BR_SSL_SENDAPP); |
| 942 | if(*err) |
| 943 | return -1; |
| 944 | app = br_ssl_engine_sendapp_buf(&backend->ctx.eng, &applen); |
| 945 | if(!app) { |
| 946 | failf(data, "SSL: connection closed during write"); |
| 947 | *err = CURLE_SEND_ERROR; |
| 948 | return -1; |
| 949 | } |
| 950 | if(backend->pending_write) { |
| 951 | applen = backend->pending_write; |
| 952 | backend->pending_write = 0; |
| 953 | return applen; |
| 954 | } |
| 955 | if(applen > len) |
| 956 | applen = len; |
| 957 | memcpy(app, buf, applen); |
| 958 | br_ssl_engine_sendapp_ack(&backend->ctx.eng, applen); |
| 959 | br_ssl_engine_flush(&backend->ctx.eng, 0); |
| 960 | backend->pending_write = applen; |
| 961 | } |
| 962 | } |
| 963 | |
| 964 | static ssize_t bearssl_recv(struct Curl_cfilter *cf, struct Curl_easy *data, |
| 965 | char *buf, size_t len, CURLcode *err) |
| 966 | { |
| 967 | struct ssl_connect_data *connssl = cf->ctx; |
| 968 | struct bearssl_ssl_backend_data *backend = |
| 969 | (struct bearssl_ssl_backend_data *)connssl->backend; |
| 970 | unsigned char *app; |
| 971 | size_t applen; |
| 972 | |
| 973 | DEBUGASSERT(backend); |
| 974 | |
| 975 | *err = bearssl_run_until(cf, data, BR_SSL_RECVAPP); |
| 976 | if(*err != CURLE_OK) |
| 977 | return -1; |
| 978 | app = br_ssl_engine_recvapp_buf(&backend->ctx.eng, &applen); |
| 979 | if(!app) |
| 980 | return 0; |
| 981 | if(applen > len) |
| 982 | applen = len; |
| 983 | memcpy(buf, app, applen); |
| 984 | br_ssl_engine_recvapp_ack(&backend->ctx.eng, applen); |
| 985 | |
| 986 | return applen; |
| 987 | } |
| 988 | |
| 989 | static CURLcode bearssl_connect_common(struct Curl_cfilter *cf, |
| 990 | struct Curl_easy *data, |
| 991 | bool nonblocking, |
| 992 | bool *done) |
| 993 | { |
| 994 | CURLcode ret; |
| 995 | struct ssl_connect_data *connssl = cf->ctx; |
| 996 | curl_socket_t sockfd = Curl_conn_cf_get_socket(cf, data); |
| 997 | timediff_t timeout_ms; |
| 998 | int what; |
| 999 | |
| 1000 | CURL_TRC_CF(data, cf, "connect_common(blocking=%d)", !nonblocking); |
| 1001 | /* check if the connection has already been established */ |
| 1002 | if(ssl_connection_complete == connssl->state) { |
| 1003 | CURL_TRC_CF(data, cf, "connect_common, connected"); |
| 1004 | *done = TRUE; |
| 1005 | return CURLE_OK; |
| 1006 | } |
| 1007 | |
| 1008 | if(ssl_connect_1 == connssl->connecting_state) { |
| 1009 | ret = bearssl_connect_step1(cf, data); |
| 1010 | if(ret) |
| 1011 | return ret; |
| 1012 | } |
| 1013 | |
| 1014 | while(ssl_connect_2 == connssl->connecting_state || |
| 1015 | ssl_connect_2_reading == connssl->connecting_state || |
| 1016 | ssl_connect_2_writing == connssl->connecting_state) { |
| 1017 | /* check allowed time left */ |
| 1018 | timeout_ms = Curl_timeleft(data, NULL, TRUE); |
| 1019 | |
| 1020 | if(timeout_ms < 0) { |
| 1021 | /* no need to continue if time already is up */ |
| 1022 | failf(data, "SSL connection timeout"); |
| 1023 | return CURLE_OPERATION_TIMEDOUT; |
| 1024 | } |
| 1025 | |
| 1026 | /* if ssl is expecting something, check if it's available. */ |
| 1027 | if(ssl_connect_2_reading == connssl->connecting_state || |
| 1028 | ssl_connect_2_writing == connssl->connecting_state) { |
| 1029 | |
| 1030 | curl_socket_t writefd = ssl_connect_2_writing == |
| 1031 | connssl->connecting_state?sockfd:CURL_SOCKET_BAD; |
| 1032 | curl_socket_t readfd = ssl_connect_2_reading == |
| 1033 | connssl->connecting_state?sockfd:CURL_SOCKET_BAD; |
| 1034 | |
| 1035 | CURL_TRC_CF(data, cf, "connect_common, check socket"); |
| 1036 | what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd, |
| 1037 | nonblocking?0:timeout_ms); |
| 1038 | CURL_TRC_CF(data, cf, "connect_common, check socket -> %d", what); |
| 1039 | if(what < 0) { |
| 1040 | /* fatal error */ |
| 1041 | failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO); |
| 1042 | return CURLE_SSL_CONNECT_ERROR; |
| 1043 | } |
| 1044 | else if(0 == what) { |
| 1045 | if(nonblocking) { |
| 1046 | *done = FALSE; |
| 1047 | return CURLE_OK; |
| 1048 | } |
| 1049 | else { |
| 1050 | /* timeout */ |
| 1051 | failf(data, "SSL connection timeout"); |
| 1052 | return CURLE_OPERATION_TIMEDOUT; |
| 1053 | } |
| 1054 | } |
| 1055 | /* socket is readable or writable */ |
| 1056 | } |
| 1057 | |
| 1058 | /* Run transaction, and return to the caller if it failed or if this |
| 1059 | * connection is done nonblocking and this loop would execute again. This |
| 1060 | * permits the owner of a multi handle to abort a connection attempt |
| 1061 | * before step2 has completed while ensuring that a client using select() |
| 1062 | * or epoll() will always have a valid fdset to wait on. |
| 1063 | */ |
| 1064 | ret = bearssl_connect_step2(cf, data); |
| 1065 | if(ret || (nonblocking && |
| 1066 | (ssl_connect_2 == connssl->connecting_state || |
| 1067 | ssl_connect_2_reading == connssl->connecting_state || |
| 1068 | ssl_connect_2_writing == connssl->connecting_state))) |
| 1069 | return ret; |
| 1070 | } |
| 1071 | |
| 1072 | if(ssl_connect_3 == connssl->connecting_state) { |
| 1073 | ret = bearssl_connect_step3(cf, data); |
| 1074 | if(ret) |
| 1075 | return ret; |
| 1076 | } |
| 1077 | |
| 1078 | if(ssl_connect_done == connssl->connecting_state) { |
| 1079 | connssl->state = ssl_connection_complete; |
| 1080 | *done = TRUE; |
| 1081 | } |
| 1082 | else |
| 1083 | *done = FALSE; |
| 1084 | |
| 1085 | /* Reset our connect state machine */ |
| 1086 | connssl->connecting_state = ssl_connect_1; |
| 1087 | |
| 1088 | return CURLE_OK; |
| 1089 | } |
| 1090 | |
| 1091 | static size_t bearssl_version(char *buffer, size_t size) |
| 1092 | { |
| 1093 | return msnprintf(buffer, size, "BearSSL"); |
| 1094 | } |
| 1095 | |
| 1096 | static bool bearssl_data_pending(struct Curl_cfilter *cf, |
| 1097 | const struct Curl_easy *data) |
| 1098 | { |
| 1099 | struct ssl_connect_data *ctx = cf->ctx; |
| 1100 | struct bearssl_ssl_backend_data *backend; |
| 1101 | |
| 1102 | (void)data; |
| 1103 | DEBUGASSERT(ctx && ctx->backend); |
| 1104 | backend = (struct bearssl_ssl_backend_data *)ctx->backend; |
| 1105 | return br_ssl_engine_current_state(&backend->ctx.eng) & BR_SSL_RECVAPP; |
| 1106 | } |
| 1107 | |
| 1108 | static CURLcode bearssl_random(struct Curl_easy *data UNUSED_PARAM, |
| 1109 | unsigned char *entropy, size_t length) |
| 1110 | { |
| 1111 | static br_hmac_drbg_context ctx; |
| 1112 | static bool seeded = FALSE; |
| 1113 | |
| 1114 | if(!seeded) { |
| 1115 | br_prng_seeder seeder; |
| 1116 | |
| 1117 | br_hmac_drbg_init(&ctx, &br_sha256_vtable, NULL, 0); |
| 1118 | seeder = br_prng_seeder_system(NULL); |
| 1119 | if(!seeder || !seeder(&ctx.vtable)) |
| 1120 | return CURLE_FAILED_INIT; |
| 1121 | seeded = TRUE; |
| 1122 | } |
| 1123 | br_hmac_drbg_generate(&ctx, entropy, length); |
| 1124 | |
| 1125 | return CURLE_OK; |
| 1126 | } |
| 1127 | |
| 1128 | static CURLcode bearssl_connect(struct Curl_cfilter *cf, |
| 1129 | struct Curl_easy *data) |
| 1130 | { |
| 1131 | CURLcode ret; |
| 1132 | bool done = FALSE; |
| 1133 | |
| 1134 | ret = bearssl_connect_common(cf, data, FALSE, &done); |
| 1135 | if(ret) |
| 1136 | return ret; |
| 1137 | |
| 1138 | DEBUGASSERT(done); |
| 1139 | |
| 1140 | return CURLE_OK; |
| 1141 | } |
| 1142 | |
| 1143 | static CURLcode bearssl_connect_nonblocking(struct Curl_cfilter *cf, |
| 1144 | struct Curl_easy *data, |
| 1145 | bool *done) |
| 1146 | { |
| 1147 | return bearssl_connect_common(cf, data, TRUE, done); |
| 1148 | } |
| 1149 | |
| 1150 | static void *bearssl_get_internals(struct ssl_connect_data *connssl, |
| 1151 | CURLINFO info UNUSED_PARAM) |
| 1152 | { |
| 1153 | struct bearssl_ssl_backend_data *backend = |
| 1154 | (struct bearssl_ssl_backend_data *)connssl->backend; |
| 1155 | DEBUGASSERT(backend); |
| 1156 | return &backend->ctx; |
| 1157 | } |
| 1158 | |
| 1159 | static void bearssl_close(struct Curl_cfilter *cf, struct Curl_easy *data) |
| 1160 | { |
| 1161 | struct ssl_connect_data *connssl = cf->ctx; |
| 1162 | struct bearssl_ssl_backend_data *backend = |
| 1163 | (struct bearssl_ssl_backend_data *)connssl->backend; |
| 1164 | size_t i; |
| 1165 | |
| 1166 | DEBUGASSERT(backend); |
| 1167 | |
| 1168 | if(backend->active) { |
| 1169 | backend->active = FALSE; |
| 1170 | br_ssl_engine_close(&backend->ctx.eng); |
| 1171 | (void)bearssl_run_until(cf, data, BR_SSL_CLOSED); |
| 1172 | } |
| 1173 | if(backend->anchors) { |
| 1174 | for(i = 0; i < backend->anchors_len; ++i) |
| 1175 | free(backend->anchors[i].dn.data); |
| 1176 | Curl_safefree(backend->anchors); |
| 1177 | } |
| 1178 | } |
| 1179 | |
| 1180 | static void bearssl_session_free(void *ptr) |
| 1181 | { |
| 1182 | free(ptr); |
| 1183 | } |
| 1184 | |
| 1185 | static CURLcode bearssl_sha256sum(const unsigned char *input, |
| 1186 | size_t inputlen, |
| 1187 | unsigned char *sha256sum, |
| 1188 | size_t sha256len UNUSED_PARAM) |
| 1189 | { |
| 1190 | br_sha256_context ctx; |
| 1191 | |
| 1192 | br_sha256_init(&ctx); |
| 1193 | br_sha256_update(&ctx, input, inputlen); |
| 1194 | br_sha256_out(&ctx, sha256sum); |
| 1195 | return CURLE_OK; |
| 1196 | } |
| 1197 | |
| 1198 | const struct Curl_ssl Curl_ssl_bearssl = { |
| 1199 | { CURLSSLBACKEND_BEARSSL, "bearssl"}, /* info */ |
| 1200 | SSLSUPP_CAINFO_BLOB | SSLSUPP_SSL_CTX | SSLSUPP_HTTPS_PROXY, |
| 1201 | sizeof(struct bearssl_ssl_backend_data), |
| 1202 | |
| 1203 | Curl_none_init, /* init */ |
| 1204 | Curl_none_cleanup, /* cleanup */ |
| 1205 | bearssl_version, /* version */ |
| 1206 | Curl_none_check_cxn, /* check_cxn */ |
| 1207 | Curl_none_shutdown, /* shutdown */ |
| 1208 | bearssl_data_pending, /* data_pending */ |
| 1209 | bearssl_random, /* random */ |
| 1210 | Curl_none_cert_status_request, /* cert_status_request */ |
| 1211 | bearssl_connect, /* connect */ |
| 1212 | bearssl_connect_nonblocking, /* connect_nonblocking */ |
| 1213 | bearssl_get_select_socks, /* getsock */ |
| 1214 | bearssl_get_internals, /* get_internals */ |
| 1215 | bearssl_close, /* close_one */ |
| 1216 | Curl_none_close_all, /* close_all */ |
| 1217 | bearssl_session_free, /* session_free */ |
| 1218 | Curl_none_set_engine, /* set_engine */ |
| 1219 | Curl_none_set_engine_default, /* set_engine_default */ |
| 1220 | Curl_none_engines_list, /* engines_list */ |
| 1221 | Curl_none_false_start, /* false_start */ |
| 1222 | bearssl_sha256sum, /* sha256sum */ |
| 1223 | NULL, /* associate_connection */ |
| 1224 | NULL, /* disassociate_connection */ |
| 1225 | NULL, /* free_multi_ssl_backend_data */ |
| 1226 | bearssl_recv, /* recv decrypted data */ |
| 1227 | bearssl_send, /* send data to encrypt */ |
| 1228 | }; |
| 1229 | |
| 1230 | #endif /* USE_BEARSSL */ |
| 1231 |
Generated on 2024-Jan-11 from project Velox revision 1.0.1
Powered by 
Code Browser 2.1
Generator usage only permitted with license.