[331] | 1 | /***************************************************************************
|
---|
| 2 | * _ _ ____ _
|
---|
| 3 | * Project ___| | | | _ \| |
|
---|
| 4 | * / __| | | | |_) | |
|
---|
| 5 | * | (__| |_| | _ <| |___
|
---|
| 6 | * \___|\___/|_| \_\_____|
|
---|
| 7 | *
|
---|
| 8 | * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
|
---|
| 9 | *
|
---|
| 10 | * This software is licensed as described in the file COPYING, which
|
---|
| 11 | * you should have received as part of this distribution. The terms
|
---|
| 12 | * are also available at https://curl.haxx.se/docs/copyright.html.
|
---|
| 13 | *
|
---|
| 14 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
---|
| 15 | * copies of the Software, and permit persons to whom the Software is
|
---|
| 16 | * furnished to do so, under the terms of the COPYING file.
|
---|
| 17 | *
|
---|
| 18 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
---|
| 19 | * KIND, either express or implied.
|
---|
| 20 | *
|
---|
| 21 | ***************************************************************************/
|
---|
| 22 |
|
---|
| 23 | /*
|
---|
| 24 | * Source file for all OpenSSL-specific code for the TLS/SSL layer. No code
|
---|
| 25 | * but vtls.c should ever call or use these functions.
|
---|
| 26 | */
|
---|
| 27 |
|
---|
| 28 | /*
|
---|
| 29 | * The original SSLeay-using code for curl was written by Linas Vepstas and
|
---|
| 30 | * Sampo Kellomaki 1998.
|
---|
| 31 | */
|
---|
| 32 |
|
---|
| 33 | #include "curl_setup.h"
|
---|
| 34 |
|
---|
| 35 | #ifdef USE_OPENSSL
|
---|
| 36 |
|
---|
| 37 | #ifdef HAVE_LIMITS_H
|
---|
| 38 | #include <limits.h>
|
---|
| 39 | #endif
|
---|
| 40 |
|
---|
| 41 | #include "urldata.h"
|
---|
| 42 | #include "sendf.h"
|
---|
| 43 | #include "formdata.h" /* for the boundary function */
|
---|
| 44 | #include "url.h" /* for the ssl config check function */
|
---|
| 45 | #include "inet_pton.h"
|
---|
| 46 | #include "openssl.h"
|
---|
| 47 | #include "connect.h"
|
---|
| 48 | #include "slist.h"
|
---|
| 49 | #include "select.h"
|
---|
| 50 | #include "vtls.h"
|
---|
| 51 | #include "strcase.h"
|
---|
| 52 | #include "hostcheck.h"
|
---|
| 53 | #include "curl_printf.h"
|
---|
| 54 | #include <openssl/ssl.h>
|
---|
| 55 | #ifdef HAVE_OPENSSL_ENGINE_H
|
---|
| 56 | #include <openssl/engine.h>
|
---|
| 57 | #endif
|
---|
| 58 | #include <openssl/rand.h>
|
---|
| 59 | #include <openssl/x509v3.h>
|
---|
| 60 | #ifndef OPENSSL_NO_DSA
|
---|
| 61 | #include <openssl/dsa.h>
|
---|
| 62 | #endif
|
---|
| 63 | #include <openssl/dh.h>
|
---|
| 64 | #include <openssl/err.h>
|
---|
| 65 | #include <openssl/md5.h>
|
---|
| 66 | #include <openssl/conf.h>
|
---|
| 67 | #include <openssl/bn.h>
|
---|
| 68 | #include <openssl/rsa.h>
|
---|
| 69 | #include <openssl/bio.h>
|
---|
| 70 | #include <openssl/buffer.h>
|
---|
| 71 |
|
---|
| 72 | #ifndef OPENSSL_IS_BORINGSSL
|
---|
| 73 | /* BoringSSL does not support PKCS12 */
|
---|
| 74 | #define HAVE_PKCS12_SUPPORT 1
|
---|
| 75 | #include <openssl/pkcs12.h>
|
---|
| 76 | #endif
|
---|
| 77 |
|
---|
| 78 | #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_OCSP)
|
---|
| 79 | #include <openssl/ocsp.h>
|
---|
| 80 | #endif
|
---|
| 81 |
|
---|
| 82 | #include "warnless.h"
|
---|
| 83 | #include "non-ascii.h" /* for Curl_convert_from_utf8 prototype */
|
---|
| 84 |
|
---|
| 85 | /* The last #include files should be: */
|
---|
| 86 | #include "curl_memory.h"
|
---|
| 87 | #include "memdebug.h"
|
---|
| 88 |
|
---|
| 89 | #ifndef OPENSSL_VERSION_NUMBER
|
---|
| 90 | #error "OPENSSL_VERSION_NUMBER not defined"
|
---|
| 91 | #endif
|
---|
| 92 |
|
---|
| 93 | #if defined(HAVE_OPENSSL_ENGINE_H)
|
---|
| 94 | #include <openssl/ui.h>
|
---|
| 95 | #endif
|
---|
| 96 |
|
---|
| 97 | #if OPENSSL_VERSION_NUMBER >= 0x00909000L
|
---|
| 98 | #define SSL_METHOD_QUAL const
|
---|
| 99 | #else
|
---|
| 100 | #define SSL_METHOD_QUAL
|
---|
| 101 | #endif
|
---|
| 102 |
|
---|
| 103 | #if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
|
---|
| 104 | #define HAVE_ERR_REMOVE_THREAD_STATE 1
|
---|
| 105 | #endif
|
---|
| 106 |
|
---|
| 107 | #if !defined(HAVE_SSLV2_CLIENT_METHOD) || \
|
---|
| 108 | OPENSSL_VERSION_NUMBER >= 0x10100000L /* 1.1.0+ has no SSLv2 */
|
---|
| 109 | #undef OPENSSL_NO_SSL2 /* undef first to avoid compiler warnings */
|
---|
| 110 | #define OPENSSL_NO_SSL2
|
---|
| 111 | #endif
|
---|
| 112 |
|
---|
| 113 | #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && /* OpenSSL 1.1.0+ */ \
|
---|
| 114 | !defined(LIBRESSL_VERSION_NUMBER)
|
---|
| 115 | #define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
|
---|
| 116 | #define HAVE_X509_GET0_EXTENSIONS 1 /* added in 1.1.0 -pre1 */
|
---|
| 117 | #define HAVE_OPAQUE_EVP_PKEY 1 /* since 1.1.0 -pre3 */
|
---|
| 118 | #define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */
|
---|
| 119 | #define CONST_EXTS const
|
---|
| 120 | #define HAVE_ERR_REMOVE_THREAD_STATE_DEPRECATED 1
|
---|
| 121 | #else
|
---|
| 122 | /* For OpenSSL before 1.1.0 */
|
---|
| 123 | #define ASN1_STRING_get0_data(x) ASN1_STRING_data(x)
|
---|
| 124 | #define X509_get0_notBefore(x) X509_get_notBefore(x)
|
---|
| 125 | #define X509_get0_notAfter(x) X509_get_notAfter(x)
|
---|
| 126 | #define CONST_EXTS /* nope */
|
---|
| 127 | #ifdef LIBRESSL_VERSION_NUMBER
|
---|
| 128 | static unsigned long OpenSSL_version_num(void)
|
---|
| 129 | {
|
---|
| 130 | return LIBRESSL_VERSION_NUMBER;
|
---|
| 131 | }
|
---|
| 132 | #else
|
---|
| 133 | #define OpenSSL_version_num() SSLeay()
|
---|
| 134 | #endif
|
---|
| 135 | #endif
|
---|
| 136 |
|
---|
| 137 | #if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && /* 1.0.2 or later */ \
|
---|
| 138 | !defined(LIBRESSL_VERSION_NUMBER)
|
---|
| 139 | #define HAVE_X509_GET0_SIGNATURE 1
|
---|
| 140 | #endif
|
---|
| 141 |
|
---|
| 142 | #if OPENSSL_VERSION_NUMBER >= 0x10002003L && \
|
---|
| 143 | OPENSSL_VERSION_NUMBER <= 0x10002FFFL && \
|
---|
| 144 | !defined(OPENSSL_NO_COMP)
|
---|
| 145 | #define HAVE_SSL_COMP_FREE_COMPRESSION_METHODS 1
|
---|
| 146 | #endif
|
---|
| 147 |
|
---|
| 148 | #if (OPENSSL_VERSION_NUMBER < 0x0090808fL)
|
---|
| 149 | /* not present in older OpenSSL */
|
---|
| 150 | #define OPENSSL_load_builtin_modules(x)
|
---|
| 151 | #endif
|
---|
| 152 |
|
---|
| 153 | /*
|
---|
| 154 | * Whether SSL_CTX_set_keylog_callback is available.
|
---|
| 155 | * OpenSSL: supported since 1.1.1 https://github.com/openssl/openssl/pull/2287
|
---|
| 156 | * BoringSSL: supported since d28f59c27bac (committed 2015-11-19)
|
---|
| 157 | * LibreSSL: unsupported in at least 2.5.1 (explicitly check for it since it
|
---|
| 158 | * lies and pretends to be OpenSSL 2.0.0).
|
---|
| 159 | */
|
---|
| 160 | #if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \
|
---|
| 161 | !defined(LIBRESSL_VERSION_NUMBER)) || \
|
---|
| 162 | defined(OPENSSL_IS_BORINGSSL)
|
---|
| 163 | #define HAVE_KEYLOG_CALLBACK
|
---|
| 164 | #endif
|
---|
| 165 |
|
---|
| 166 | #if defined(LIBRESSL_VERSION_NUMBER)
|
---|
| 167 | #define OSSL_PACKAGE "LibreSSL"
|
---|
| 168 | #elif defined(OPENSSL_IS_BORINGSSL)
|
---|
| 169 | #define OSSL_PACKAGE "BoringSSL"
|
---|
| 170 | #else
|
---|
| 171 | #define OSSL_PACKAGE "OpenSSL"
|
---|
| 172 | #endif
|
---|
| 173 |
|
---|
| 174 | #if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
|
---|
| 175 | /* up2date versions of OpenSSL maintain the default reasonably secure without
|
---|
| 176 | * breaking compatibility, so it is better not to override the default by curl
|
---|
| 177 | */
|
---|
| 178 | #define DEFAULT_CIPHER_SELECTION NULL
|
---|
| 179 | #else
|
---|
| 180 | /* ... but it is not the case with old versions of OpenSSL */
|
---|
| 181 | #define DEFAULT_CIPHER_SELECTION \
|
---|
| 182 | "ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH"
|
---|
| 183 | #endif
|
---|
| 184 |
|
---|
| 185 | #ifdef ENABLE_SSLKEYLOGFILE
|
---|
| 186 | typedef struct ssl_tap_state {
|
---|
| 187 | int master_key_length;
|
---|
| 188 | unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
|
---|
| 189 | unsigned char client_random[SSL3_RANDOM_SIZE];
|
---|
| 190 | } ssl_tap_state_t;
|
---|
| 191 | #endif /* ENABLE_SSLKEYLOGFILE */
|
---|
| 192 |
|
---|
| 193 | struct ssl_backend_data {
|
---|
| 194 | /* these ones requires specific SSL-types */
|
---|
| 195 | SSL_CTX* ctx;
|
---|
| 196 | SSL* handle;
|
---|
| 197 | X509* server_cert;
|
---|
| 198 | #ifdef ENABLE_SSLKEYLOGFILE
|
---|
| 199 | /* tap_state holds the last seen master key if we're logging them */
|
---|
| 200 | ssl_tap_state_t tap_state;
|
---|
| 201 | #endif
|
---|
| 202 | };
|
---|
| 203 |
|
---|
| 204 | #define BACKEND connssl->backend
|
---|
| 205 |
|
---|
| 206 | /*
|
---|
| 207 | * Number of bytes to read from the random number seed file. This must be
|
---|
| 208 | * a finite value (because some entropy "files" like /dev/urandom have
|
---|
| 209 | * an infinite length), but must be large enough to provide enough
|
---|
| 210 | * entropy to properly seed OpenSSL's PRNG.
|
---|
| 211 | */
|
---|
| 212 | #define RAND_LOAD_LENGTH 1024
|
---|
| 213 |
|
---|
| 214 | #ifdef ENABLE_SSLKEYLOGFILE
|
---|
| 215 | /* The fp for the open SSLKEYLOGFILE, or NULL if not open */
|
---|
| 216 | static FILE *keylog_file_fp;
|
---|
| 217 |
|
---|
| 218 | #ifdef HAVE_KEYLOG_CALLBACK
|
---|
| 219 | static void ossl_keylog_callback(const SSL *ssl, const char *line)
|
---|
| 220 | {
|
---|
| 221 | (void)ssl;
|
---|
| 222 |
|
---|
| 223 | /* Using fputs here instead of fprintf since libcurl's fprintf replacement
|
---|
| 224 | may not be thread-safe. */
|
---|
| 225 | if(keylog_file_fp && line && *line) {
|
---|
| 226 | char stackbuf[256];
|
---|
| 227 | char *buf;
|
---|
| 228 | size_t linelen = strlen(line);
|
---|
| 229 |
|
---|
| 230 | if(linelen <= sizeof(stackbuf) - 2)
|
---|
| 231 | buf = stackbuf;
|
---|
| 232 | else {
|
---|
| 233 | buf = malloc(linelen + 2);
|
---|
| 234 | if(!buf)
|
---|
| 235 | return;
|
---|
| 236 | }
|
---|
| 237 | strncpy(buf, line, linelen);
|
---|
| 238 | buf[linelen] = '\n';
|
---|
| 239 | buf[linelen + 1] = '\0';
|
---|
| 240 |
|
---|
| 241 | fputs(buf, keylog_file_fp);
|
---|
| 242 | if(buf != stackbuf)
|
---|
| 243 | free(buf);
|
---|
| 244 | }
|
---|
| 245 | }
|
---|
| 246 | #else
|
---|
| 247 | #define KEYLOG_PREFIX "CLIENT_RANDOM "
|
---|
| 248 | #define KEYLOG_PREFIX_LEN (sizeof(KEYLOG_PREFIX) - 1)
|
---|
| 249 | /*
|
---|
| 250 | * tap_ssl_key is called by libcurl to make the CLIENT_RANDOMs if the OpenSSL
|
---|
| 251 | * being used doesn't have native support for doing that.
|
---|
| 252 | */
|
---|
| 253 | static void tap_ssl_key(const SSL *ssl, ssl_tap_state_t *state)
|
---|
| 254 | {
|
---|
| 255 | const char *hex = "0123456789ABCDEF";
|
---|
| 256 | int pos, i;
|
---|
| 257 | char line[KEYLOG_PREFIX_LEN + 2 * SSL3_RANDOM_SIZE + 1 +
|
---|
| 258 | 2 * SSL_MAX_MASTER_KEY_LENGTH + 1 + 1];
|
---|
| 259 | const SSL_SESSION *session = SSL_get_session(ssl);
|
---|
| 260 | unsigned char client_random[SSL3_RANDOM_SIZE];
|
---|
| 261 | unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
|
---|
| 262 | int master_key_length = 0;
|
---|
| 263 |
|
---|
| 264 | if(!session || !keylog_file_fp)
|
---|
| 265 | return;
|
---|
| 266 |
|
---|
| 267 | #if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
---|
| 268 | /* ssl->s3 is not checked in openssl 1.1.0-pre6, but let's assume that
|
---|
| 269 | * we have a valid SSL context if we have a non-NULL session. */
|
---|
| 270 | SSL_get_client_random(ssl, client_random, SSL3_RANDOM_SIZE);
|
---|
| 271 | master_key_length =
|
---|
| 272 | SSL_SESSION_get_master_key(session, master_key, SSL_MAX_MASTER_KEY_LENGTH);
|
---|
| 273 | #else
|
---|
| 274 | if(ssl->s3 && session->master_key_length > 0) {
|
---|
| 275 | master_key_length = session->master_key_length;
|
---|
| 276 | memcpy(master_key, session->master_key, session->master_key_length);
|
---|
| 277 | memcpy(client_random, ssl->s3->client_random, SSL3_RANDOM_SIZE);
|
---|
| 278 | }
|
---|
| 279 | #endif
|
---|
| 280 |
|
---|
| 281 | if(master_key_length <= 0)
|
---|
| 282 | return;
|
---|
| 283 |
|
---|
| 284 | /* Skip writing keys if there is no key or it did not change. */
|
---|
| 285 | if(state->master_key_length == master_key_length &&
|
---|
| 286 | !memcmp(state->master_key, master_key, master_key_length) &&
|
---|
| 287 | !memcmp(state->client_random, client_random, SSL3_RANDOM_SIZE)) {
|
---|
| 288 | return;
|
---|
| 289 | }
|
---|
| 290 |
|
---|
| 291 | state->master_key_length = master_key_length;
|
---|
| 292 | memcpy(state->master_key, master_key, master_key_length);
|
---|
| 293 | memcpy(state->client_random, client_random, SSL3_RANDOM_SIZE);
|
---|
| 294 |
|
---|
| 295 | memcpy(line, KEYLOG_PREFIX, KEYLOG_PREFIX_LEN);
|
---|
| 296 | pos = KEYLOG_PREFIX_LEN;
|
---|
| 297 |
|
---|
| 298 | /* Client Random for SSLv3/TLS */
|
---|
| 299 | for(i = 0; i < SSL3_RANDOM_SIZE; i++) {
|
---|
| 300 | line[pos++] = hex[client_random[i] >> 4];
|
---|
| 301 | line[pos++] = hex[client_random[i] & 0xF];
|
---|
| 302 | }
|
---|
| 303 | line[pos++] = ' ';
|
---|
| 304 |
|
---|
| 305 | /* Master Secret (size is at most SSL_MAX_MASTER_KEY_LENGTH) */
|
---|
| 306 | for(i = 0; i < master_key_length; i++) {
|
---|
| 307 | line[pos++] = hex[master_key[i] >> 4];
|
---|
| 308 | line[pos++] = hex[master_key[i] & 0xF];
|
---|
| 309 | }
|
---|
| 310 | line[pos++] = '\n';
|
---|
| 311 | line[pos] = '\0';
|
---|
| 312 |
|
---|
| 313 | /* Using fputs here instead of fprintf since libcurl's fprintf replacement
|
---|
| 314 | may not be thread-safe. */
|
---|
| 315 | fputs(line, keylog_file_fp);
|
---|
| 316 | }
|
---|
| 317 | #endif /* !HAVE_KEYLOG_CALLBACK */
|
---|
| 318 | #endif /* ENABLE_SSLKEYLOGFILE */
|
---|
| 319 |
|
---|
| 320 | static const char *SSL_ERROR_to_str(int err)
|
---|
| 321 | {
|
---|
| 322 | switch(err) {
|
---|
| 323 | case SSL_ERROR_NONE:
|
---|
| 324 | return "SSL_ERROR_NONE";
|
---|
| 325 | case SSL_ERROR_SSL:
|
---|
| 326 | return "SSL_ERROR_SSL";
|
---|
| 327 | case SSL_ERROR_WANT_READ:
|
---|
| 328 | return "SSL_ERROR_WANT_READ";
|
---|
| 329 | case SSL_ERROR_WANT_WRITE:
|
---|
| 330 | return "SSL_ERROR_WANT_WRITE";
|
---|
| 331 | case SSL_ERROR_WANT_X509_LOOKUP:
|
---|
| 332 | return "SSL_ERROR_WANT_X509_LOOKUP";
|
---|
| 333 | case SSL_ERROR_SYSCALL:
|
---|
| 334 | return "SSL_ERROR_SYSCALL";
|
---|
| 335 | case SSL_ERROR_ZERO_RETURN:
|
---|
| 336 | return "SSL_ERROR_ZERO_RETURN";
|
---|
| 337 | case SSL_ERROR_WANT_CONNECT:
|
---|
| 338 | return "SSL_ERROR_WANT_CONNECT";
|
---|
| 339 | case SSL_ERROR_WANT_ACCEPT:
|
---|
| 340 | return "SSL_ERROR_WANT_ACCEPT";
|
---|
| 341 | #if defined(SSL_ERROR_WANT_ASYNC)
|
---|
| 342 | case SSL_ERROR_WANT_ASYNC:
|
---|
| 343 | return "SSL_ERROR_WANT_ASYNC";
|
---|
| 344 | #endif
|
---|
| 345 | #if defined(SSL_ERROR_WANT_ASYNC_JOB)
|
---|
| 346 | case SSL_ERROR_WANT_ASYNC_JOB:
|
---|
| 347 | return "SSL_ERROR_WANT_ASYNC_JOB";
|
---|
| 348 | #endif
|
---|
| 349 | #if defined(SSL_ERROR_WANT_EARLY)
|
---|
| 350 | case SSL_ERROR_WANT_EARLY:
|
---|
| 351 | return "SSL_ERROR_WANT_EARLY";
|
---|
| 352 | #endif
|
---|
| 353 | default:
|
---|
| 354 | return "SSL_ERROR unknown";
|
---|
| 355 | }
|
---|
| 356 | }
|
---|
| 357 |
|
---|
| 358 | /* Return error string for last OpenSSL error
|
---|
| 359 | */
|
---|
| 360 | static char *ossl_strerror(unsigned long error, char *buf, size_t size)
|
---|
| 361 | {
|
---|
| 362 | ERR_error_string_n(error, buf, size);
|
---|
| 363 | return buf;
|
---|
| 364 | }
|
---|
| 365 |
|
---|
| 366 | static int passwd_callback(char *buf, int num, int encrypting,
|
---|
| 367 | void *global_passwd)
|
---|
| 368 | {
|
---|
| 369 | DEBUGASSERT(0 == encrypting);
|
---|
| 370 |
|
---|
| 371 | if(!encrypting) {
|
---|
| 372 | int klen = curlx_uztosi(strlen((char *)global_passwd));
|
---|
| 373 | if(num > klen) {
|
---|
| 374 | memcpy(buf, global_passwd, klen + 1);
|
---|
| 375 | return klen;
|
---|
| 376 | }
|
---|
| 377 | }
|
---|
| 378 | return 0;
|
---|
| 379 | }
|
---|
| 380 |
|
---|
| 381 | /*
|
---|
| 382 | * rand_enough() returns TRUE if we have seeded the random engine properly.
|
---|
| 383 | */
|
---|
| 384 | static bool rand_enough(void)
|
---|
| 385 | {
|
---|
| 386 | return (0 != RAND_status()) ? TRUE : FALSE;
|
---|
| 387 | }
|
---|
| 388 |
|
---|
| 389 | static CURLcode Curl_ossl_seed(struct Curl_easy *data)
|
---|
| 390 | {
|
---|
| 391 | /* we have the "SSL is seeded" boolean static to prevent multiple
|
---|
| 392 | time-consuming seedings in vain */
|
---|
| 393 | static bool ssl_seeded = FALSE;
|
---|
| 394 | char fname[256];
|
---|
| 395 |
|
---|
| 396 | if(ssl_seeded)
|
---|
| 397 | return CURLE_OK;
|
---|
| 398 |
|
---|
| 399 | if(rand_enough()) {
|
---|
| 400 | /* OpenSSL 1.1.0+ will return here */
|
---|
| 401 | ssl_seeded = TRUE;
|
---|
| 402 | return CURLE_OK;
|
---|
| 403 | }
|
---|
| 404 |
|
---|
| 405 | #ifndef RANDOM_FILE
|
---|
| 406 | /* if RANDOM_FILE isn't defined, we only perform this if an option tells
|
---|
| 407 | us to! */
|
---|
| 408 | if(data->set.str[STRING_SSL_RANDOM_FILE])
|
---|
| 409 | #define RANDOM_FILE "" /* doesn't matter won't be used */
|
---|
| 410 | #endif
|
---|
| 411 | {
|
---|
| 412 | /* let the option override the define */
|
---|
| 413 | RAND_load_file((data->set.str[STRING_SSL_RANDOM_FILE]?
|
---|
| 414 | data->set.str[STRING_SSL_RANDOM_FILE]:
|
---|
| 415 | RANDOM_FILE),
|
---|
| 416 | RAND_LOAD_LENGTH);
|
---|
| 417 | if(rand_enough())
|
---|
| 418 | return CURLE_OK;
|
---|
| 419 | }
|
---|
| 420 |
|
---|
| 421 | #if defined(HAVE_RAND_EGD)
|
---|
| 422 | /* only available in OpenSSL 0.9.5 and later */
|
---|
| 423 | /* EGD_SOCKET is set at configure time or not at all */
|
---|
| 424 | #ifndef EGD_SOCKET
|
---|
| 425 | /* If we don't have the define set, we only do this if the egd-option
|
---|
| 426 | is set */
|
---|
| 427 | if(data->set.str[STRING_SSL_EGDSOCKET])
|
---|
| 428 | #define EGD_SOCKET "" /* doesn't matter won't be used */
|
---|
| 429 | #endif
|
---|
| 430 | {
|
---|
| 431 | /* If there's an option and a define, the option overrides the
|
---|
| 432 | define */
|
---|
| 433 | int ret = RAND_egd(data->set.str[STRING_SSL_EGDSOCKET]?
|
---|
| 434 | data->set.str[STRING_SSL_EGDSOCKET]:EGD_SOCKET);
|
---|
| 435 | if(-1 != ret) {
|
---|
| 436 | if(rand_enough())
|
---|
| 437 | return CURLE_OK;
|
---|
| 438 | }
|
---|
| 439 | }
|
---|
| 440 | #endif
|
---|
| 441 |
|
---|
| 442 | /* fallback to a custom seeding of the PRNG using a hash based on a current
|
---|
| 443 | time */
|
---|
| 444 | do {
|
---|
| 445 | unsigned char randb[64];
|
---|
| 446 | size_t len = sizeof(randb);
|
---|
| 447 | size_t i, i_max;
|
---|
| 448 | for(i = 0, i_max = len / sizeof(struct curltime); i < i_max; ++i) {
|
---|
| 449 | struct curltime tv = Curl_now();
|
---|
| 450 | Curl_wait_ms(1);
|
---|
| 451 | tv.tv_sec *= i + 1;
|
---|
| 452 | tv.tv_usec *= (unsigned int)i + 2;
|
---|
| 453 | tv.tv_sec ^= ((Curl_now().tv_sec + Curl_now().tv_usec) *
|
---|
| 454 | (i + 3)) << 8;
|
---|
| 455 | tv.tv_usec ^= (unsigned int) ((Curl_now().tv_sec +
|
---|
| 456 | Curl_now().tv_usec) *
|
---|
| 457 | (i + 4)) << 16;
|
---|
| 458 | memcpy(&randb[i * sizeof(struct curltime)], &tv,
|
---|
| 459 | sizeof(struct curltime));
|
---|
| 460 | }
|
---|
| 461 | RAND_add(randb, (int)len, (double)len/2);
|
---|
| 462 | } while(!rand_enough());
|
---|
| 463 |
|
---|
| 464 | /* generates a default path for the random seed file */
|
---|
| 465 | fname[0] = 0; /* blank it first */
|
---|
| 466 | RAND_file_name(fname, sizeof(fname));
|
---|
| 467 | if(fname[0]) {
|
---|
| 468 | /* we got a file name to try */
|
---|
| 469 | RAND_load_file(fname, RAND_LOAD_LENGTH);
|
---|
| 470 | if(rand_enough())
|
---|
| 471 | return CURLE_OK;
|
---|
| 472 | }
|
---|
| 473 |
|
---|
| 474 | infof(data, "libcurl is now using a weak random seed!\n");
|
---|
| 475 | return (rand_enough() ? CURLE_OK :
|
---|
| 476 | CURLE_SSL_CONNECT_ERROR /* confusing error code */);
|
---|
| 477 | }
|
---|
| 478 |
|
---|
| 479 | #ifndef SSL_FILETYPE_ENGINE
|
---|
| 480 | #define SSL_FILETYPE_ENGINE 42
|
---|
| 481 | #endif
|
---|
| 482 | #ifndef SSL_FILETYPE_PKCS12
|
---|
| 483 | #define SSL_FILETYPE_PKCS12 43
|
---|
| 484 | #endif
|
---|
| 485 | static int do_file_type(const char *type)
|
---|
| 486 | {
|
---|
| 487 | if(!type || !type[0])
|
---|
| 488 | return SSL_FILETYPE_PEM;
|
---|
| 489 | if(strcasecompare(type, "PEM"))
|
---|
| 490 | return SSL_FILETYPE_PEM;
|
---|
| 491 | if(strcasecompare(type, "DER"))
|
---|
| 492 | return SSL_FILETYPE_ASN1;
|
---|
| 493 | if(strcasecompare(type, "ENG"))
|
---|
| 494 | return SSL_FILETYPE_ENGINE;
|
---|
| 495 | if(strcasecompare(type, "P12"))
|
---|
| 496 | return SSL_FILETYPE_PKCS12;
|
---|
| 497 | return -1;
|
---|
| 498 | }
|
---|
| 499 |
|
---|
| 500 | #if defined(HAVE_OPENSSL_ENGINE_H) && !defined(OPENSSL_NO_UI)
|
---|
| 501 | /*
|
---|
| 502 | * Supply default password to the engine user interface conversation.
|
---|
| 503 | * The password is passed by OpenSSL engine from ENGINE_load_private_key()
|
---|
| 504 | * last argument to the ui and can be obtained by UI_get0_user_data(ui) here.
|
---|
| 505 | */
|
---|
| 506 | static int ssl_ui_reader(UI *ui, UI_STRING *uis)
|
---|
| 507 | {
|
---|
| 508 | const char *password;
|
---|
| 509 | switch(UI_get_string_type(uis)) {
|
---|
| 510 | case UIT_PROMPT:
|
---|
| 511 | case UIT_VERIFY:
|
---|
| 512 | password = (const char *)UI_get0_user_data(ui);
|
---|
| 513 | if(password && (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD)) {
|
---|
| 514 | UI_set_result(ui, uis, password);
|
---|
| 515 | return 1;
|
---|
| 516 | }
|
---|
| 517 | default:
|
---|
| 518 | break;
|
---|
| 519 | }
|
---|
| 520 | return (UI_method_get_reader(UI_OpenSSL()))(ui, uis);
|
---|
| 521 | }
|
---|
| 522 |
|
---|
| 523 | /*
|
---|
| 524 | * Suppress interactive request for a default password if available.
|
---|
| 525 | */
|
---|
| 526 | static int ssl_ui_writer(UI *ui, UI_STRING *uis)
|
---|
| 527 | {
|
---|
| 528 | switch(UI_get_string_type(uis)) {
|
---|
| 529 | case UIT_PROMPT:
|
---|
| 530 | case UIT_VERIFY:
|
---|
| 531 | if(UI_get0_user_data(ui) &&
|
---|
| 532 | (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD)) {
|
---|
| 533 | return 1;
|
---|
| 534 | }
|
---|
| 535 | default:
|
---|
| 536 | break;
|
---|
| 537 | }
|
---|
| 538 | return (UI_method_get_writer(UI_OpenSSL()))(ui, uis);
|
---|
| 539 | }
|
---|
| 540 | #endif
|
---|
| 541 |
|
---|
| 542 | static
|
---|
| 543 | int cert_stuff(struct connectdata *conn,
|
---|
| 544 | SSL_CTX* ctx,
|
---|
| 545 | char *cert_file,
|
---|
| 546 | const char *cert_type,
|
---|
| 547 | char *key_file,
|
---|
| 548 | const char *key_type,
|
---|
| 549 | char *key_passwd)
|
---|
| 550 | {
|
---|
| 551 | struct Curl_easy *data = conn->data;
|
---|
| 552 | char error_buffer[256];
|
---|
| 553 | bool check_privkey = TRUE;
|
---|
| 554 |
|
---|
| 555 | int file_type = do_file_type(cert_type);
|
---|
| 556 |
|
---|
| 557 | if(cert_file || (file_type == SSL_FILETYPE_ENGINE)) {
|
---|
| 558 | SSL *ssl;
|
---|
| 559 | X509 *x509;
|
---|
| 560 | int cert_done = 0;
|
---|
| 561 |
|
---|
| 562 | if(key_passwd) {
|
---|
| 563 | /* set the password in the callback userdata */
|
---|
| 564 | SSL_CTX_set_default_passwd_cb_userdata(ctx, key_passwd);
|
---|
| 565 | /* Set passwd callback: */
|
---|
| 566 | SSL_CTX_set_default_passwd_cb(ctx, passwd_callback);
|
---|
| 567 | }
|
---|
| 568 |
|
---|
| 569 |
|
---|
| 570 | switch(file_type) {
|
---|
| 571 | case SSL_FILETYPE_PEM:
|
---|
| 572 | /* SSL_CTX_use_certificate_chain_file() only works on PEM files */
|
---|
| 573 | if(SSL_CTX_use_certificate_chain_file(ctx,
|
---|
| 574 | cert_file) != 1) {
|
---|
| 575 | failf(data,
|
---|
| 576 | "could not load PEM client certificate, " OSSL_PACKAGE
|
---|
| 577 | " error %s, "
|
---|
| 578 | "(no key found, wrong pass phrase, or wrong file format?)",
|
---|
| 579 | ossl_strerror(ERR_get_error(), error_buffer,
|
---|
| 580 | sizeof(error_buffer)) );
|
---|
| 581 | return 0;
|
---|
| 582 | }
|
---|
| 583 | break;
|
---|
| 584 |
|
---|
| 585 | case SSL_FILETYPE_ASN1:
|
---|
| 586 | /* SSL_CTX_use_certificate_file() works with either PEM or ASN1, but
|
---|
| 587 | we use the case above for PEM so this can only be performed with
|
---|
| 588 | ASN1 files. */
|
---|
| 589 | if(SSL_CTX_use_certificate_file(ctx,
|
---|
| 590 | cert_file,
|
---|
| 591 | file_type) != 1) {
|
---|
| 592 | failf(data,
|
---|
| 593 | "could not load ASN1 client certificate, " OSSL_PACKAGE
|
---|
| 594 | " error %s, "
|
---|
| 595 | "(no key found, wrong pass phrase, or wrong file format?)",
|
---|
| 596 | ossl_strerror(ERR_get_error(), error_buffer,
|
---|
| 597 | sizeof(error_buffer)) );
|
---|
| 598 | return 0;
|
---|
| 599 | }
|
---|
| 600 | break;
|
---|
| 601 | case SSL_FILETYPE_ENGINE:
|
---|
| 602 | #if defined(HAVE_OPENSSL_ENGINE_H) && defined(ENGINE_CTRL_GET_CMD_FROM_NAME)
|
---|
| 603 | {
|
---|
| 604 | if(data->state.engine) {
|
---|
| 605 | const char *cmd_name = "LOAD_CERT_CTRL";
|
---|
| 606 | struct {
|
---|
| 607 | const char *cert_id;
|
---|
| 608 | X509 *cert;
|
---|
| 609 | } params;
|
---|
| 610 |
|
---|
| 611 | params.cert_id = cert_file;
|
---|
| 612 | params.cert = NULL;
|
---|
| 613 |
|
---|
| 614 | /* Does the engine supports LOAD_CERT_CTRL ? */
|
---|
| 615 | if(!ENGINE_ctrl(data->state.engine, ENGINE_CTRL_GET_CMD_FROM_NAME,
|
---|
| 616 | 0, (void *)cmd_name, NULL)) {
|
---|
| 617 | failf(data, "ssl engine does not support loading certificates");
|
---|
| 618 | return 0;
|
---|
| 619 | }
|
---|
| 620 |
|
---|
| 621 | /* Load the certificate from the engine */
|
---|
| 622 | if(!ENGINE_ctrl_cmd(data->state.engine, cmd_name,
|
---|
| 623 | 0, ¶ms, NULL, 1)) {
|
---|
| 624 | failf(data, "ssl engine cannot load client cert with id"
|
---|
| 625 | " '%s' [%s]", cert_file,
|
---|
| 626 | ossl_strerror(ERR_get_error(), error_buffer,
|
---|
| 627 | sizeof(error_buffer)));
|
---|
| 628 | return 0;
|
---|
| 629 | }
|
---|
| 630 |
|
---|
| 631 | if(!params.cert) {
|
---|
| 632 | failf(data, "ssl engine didn't initialized the certificate "
|
---|
| 633 | "properly.");
|
---|
| 634 | return 0;
|
---|
| 635 | }
|
---|
| 636 |
|
---|
| 637 | if(SSL_CTX_use_certificate(ctx, params.cert) != 1) {
|
---|
| 638 | failf(data, "unable to set client certificate");
|
---|
| 639 | X509_free(params.cert);
|
---|
| 640 | return 0;
|
---|
| 641 | }
|
---|
| 642 | X509_free(params.cert); /* we don't need the handle any more... */
|
---|
| 643 | }
|
---|
| 644 | else {
|
---|
| 645 | failf(data, "crypto engine not set, can't load certificate");
|
---|
| 646 | return 0;
|
---|
| 647 | }
|
---|
| 648 | }
|
---|
| 649 | break;
|
---|
| 650 | #else
|
---|
| 651 | failf(data, "file type ENG for certificate not implemented");
|
---|
| 652 | return 0;
|
---|
| 653 | #endif
|
---|
| 654 |
|
---|
| 655 | case SSL_FILETYPE_PKCS12:
|
---|
| 656 | {
|
---|
| 657 | #ifdef HAVE_PKCS12_SUPPORT
|
---|
| 658 | FILE *f;
|
---|
| 659 | PKCS12 *p12;
|
---|
| 660 | EVP_PKEY *pri;
|
---|
| 661 | STACK_OF(X509) *ca = NULL;
|
---|
| 662 |
|
---|
| 663 | f = fopen(cert_file, "rb");
|
---|
| 664 | if(!f) {
|
---|
| 665 | failf(data, "could not open PKCS12 file '%s'", cert_file);
|
---|
| 666 | return 0;
|
---|
| 667 | }
|
---|
| 668 | p12 = d2i_PKCS12_fp(f, NULL);
|
---|
| 669 | fclose(f);
|
---|
| 670 |
|
---|
| 671 | if(!p12) {
|
---|
| 672 | failf(data, "error reading PKCS12 file '%s'", cert_file);
|
---|
| 673 | return 0;
|
---|
| 674 | }
|
---|
| 675 |
|
---|
| 676 | PKCS12_PBE_add();
|
---|
| 677 |
|
---|
| 678 | if(!PKCS12_parse(p12, key_passwd, &pri, &x509,
|
---|
| 679 | &ca)) {
|
---|
| 680 | failf(data,
|
---|
| 681 | "could not parse PKCS12 file, check password, " OSSL_PACKAGE
|
---|
| 682 | " error %s",
|
---|
| 683 | ossl_strerror(ERR_get_error(), error_buffer,
|
---|
| 684 | sizeof(error_buffer)) );
|
---|
| 685 | PKCS12_free(p12);
|
---|
| 686 | return 0;
|
---|
| 687 | }
|
---|
| 688 |
|
---|
| 689 | PKCS12_free(p12);
|
---|
| 690 |
|
---|
| 691 | if(SSL_CTX_use_certificate(ctx, x509) != 1) {
|
---|
| 692 | failf(data,
|
---|
| 693 | "could not load PKCS12 client certificate, " OSSL_PACKAGE
|
---|
| 694 | " error %s",
|
---|
| 695 | ossl_strerror(ERR_get_error(), error_buffer,
|
---|
| 696 | sizeof(error_buffer)) );
|
---|
| 697 | goto fail;
|
---|
| 698 | }
|
---|
| 699 |
|
---|
| 700 | if(SSL_CTX_use_PrivateKey(ctx, pri) != 1) {
|
---|
| 701 | failf(data, "unable to use private key from PKCS12 file '%s'",
|
---|
| 702 | cert_file);
|
---|
| 703 | goto fail;
|
---|
| 704 | }
|
---|
| 705 |
|
---|
| 706 | if(!SSL_CTX_check_private_key (ctx)) {
|
---|
| 707 | failf(data, "private key from PKCS12 file '%s' "
|
---|
| 708 | "does not match certificate in same file", cert_file);
|
---|
| 709 | goto fail;
|
---|
| 710 | }
|
---|
| 711 | /* Set Certificate Verification chain */
|
---|
| 712 | if(ca) {
|
---|
| 713 | while(sk_X509_num(ca)) {
|
---|
| 714 | /*
|
---|
| 715 | * Note that sk_X509_pop() is used below to make sure the cert is
|
---|
| 716 | * removed from the stack properly before getting passed to
|
---|
| 717 | * SSL_CTX_add_extra_chain_cert(), which takes ownership. Previously
|
---|
| 718 | * we used sk_X509_value() instead, but then we'd clean it in the
|
---|
| 719 | * subsequent sk_X509_pop_free() call.
|
---|
| 720 | */
|
---|
| 721 | X509 *x = sk_X509_pop(ca);
|
---|
| 722 | if(!SSL_CTX_add_client_CA(ctx, x)) {
|
---|
| 723 | X509_free(x);
|
---|
| 724 | failf(data, "cannot add certificate to client CA list");
|
---|
| 725 | goto fail;
|
---|
| 726 | }
|
---|
| 727 | if(!SSL_CTX_add_extra_chain_cert(ctx, x)) {
|
---|
| 728 | X509_free(x);
|
---|
| 729 | failf(data, "cannot add certificate to certificate chain");
|
---|
| 730 | goto fail;
|
---|
| 731 | }
|
---|
| 732 | }
|
---|
| 733 | }
|
---|
| 734 |
|
---|
| 735 | cert_done = 1;
|
---|
| 736 | fail:
|
---|
| 737 | EVP_PKEY_free(pri);
|
---|
| 738 | X509_free(x509);
|
---|
| 739 | sk_X509_pop_free(ca, X509_free);
|
---|
| 740 |
|
---|
| 741 | if(!cert_done)
|
---|
| 742 | return 0; /* failure! */
|
---|
| 743 | break;
|
---|
| 744 | #else
|
---|
| 745 | failf(data, "file type P12 for certificate not supported");
|
---|
| 746 | return 0;
|
---|
| 747 | #endif
|
---|
| 748 | }
|
---|
| 749 | default:
|
---|
| 750 | failf(data, "not supported file type '%s' for certificate", cert_type);
|
---|
| 751 | return 0;
|
---|
| 752 | }
|
---|
| 753 |
|
---|
| 754 | file_type = do_file_type(key_type);
|
---|
| 755 |
|
---|
| 756 | switch(file_type) {
|
---|
| 757 | case SSL_FILETYPE_PEM:
|
---|
| 758 | if(cert_done)
|
---|
| 759 | break;
|
---|
| 760 | if(!key_file)
|
---|
| 761 | /* cert & key can only be in PEM case in the same file */
|
---|
| 762 | key_file = cert_file;
|
---|
| 763 | /* FALLTHROUGH */
|
---|
| 764 | case SSL_FILETYPE_ASN1:
|
---|
| 765 | if(SSL_CTX_use_PrivateKey_file(ctx, key_file, file_type) != 1) {
|
---|
| 766 | failf(data, "unable to set private key file: '%s' type %s",
|
---|
| 767 | key_file, key_type?key_type:"PEM");
|
---|
| 768 | return 0;
|
---|
| 769 | }
|
---|
| 770 | break;
|
---|
| 771 | case SSL_FILETYPE_ENGINE:
|
---|
| 772 | #if defined(HAVE_OPENSSL_ENGINE_H) && !defined(OPENSSL_NO_UI)
|
---|
| 773 | { /* XXXX still needs some work */
|
---|
| 774 | EVP_PKEY *priv_key = NULL;
|
---|
| 775 | if(data->state.engine) {
|
---|
| 776 | UI_METHOD *ui_method =
|
---|
| 777 | UI_create_method((char *)"curl user interface");
|
---|
| 778 | if(!ui_method) {
|
---|
| 779 | failf(data, "unable do create " OSSL_PACKAGE
|
---|
| 780 | " user-interface method");
|
---|
| 781 | return 0;
|
---|
| 782 | }
|
---|
| 783 | UI_method_set_opener(ui_method, UI_method_get_opener(UI_OpenSSL()));
|
---|
| 784 | UI_method_set_closer(ui_method, UI_method_get_closer(UI_OpenSSL()));
|
---|
| 785 | UI_method_set_reader(ui_method, ssl_ui_reader);
|
---|
| 786 | UI_method_set_writer(ui_method, ssl_ui_writer);
|
---|
| 787 | /* the typecast below was added to please mingw32 */
|
---|
| 788 | priv_key = (EVP_PKEY *)
|
---|
| 789 | ENGINE_load_private_key(data->state.engine, key_file,
|
---|
| 790 | ui_method,
|
---|
| 791 | key_passwd);
|
---|
| 792 | UI_destroy_method(ui_method);
|
---|
| 793 | if(!priv_key) {
|
---|
| 794 | failf(data, "failed to load private key from crypto engine");
|
---|
| 795 | return 0;
|
---|
| 796 | }
|
---|
| 797 | if(SSL_CTX_use_PrivateKey(ctx, priv_key) != 1) {
|
---|
| 798 | failf(data, "unable to set private key");
|
---|
| 799 | EVP_PKEY_free(priv_key);
|
---|
| 800 | return 0;
|
---|
| 801 | }
|
---|
| 802 | EVP_PKEY_free(priv_key); /* we don't need the handle any more... */
|
---|
| 803 | }
|
---|
| 804 | else {
|
---|
| 805 | failf(data, "crypto engine not set, can't load private key");
|
---|
| 806 | return 0;
|
---|
| 807 | }
|
---|
| 808 | }
|
---|
| 809 | break;
|
---|
| 810 | #else
|
---|
| 811 | failf(data, "file type ENG for private key not supported");
|
---|
| 812 | return 0;
|
---|
| 813 | #endif
|
---|
| 814 | case SSL_FILETYPE_PKCS12:
|
---|
| 815 | if(!cert_done) {
|
---|
| 816 | failf(data, "file type P12 for private key not supported");
|
---|
| 817 | return 0;
|
---|
| 818 | }
|
---|
| 819 | break;
|
---|
| 820 | default:
|
---|
| 821 | failf(data, "not supported file type for private key");
|
---|
| 822 | return 0;
|
---|
| 823 | }
|
---|
| 824 |
|
---|
| 825 | ssl = SSL_new(ctx);
|
---|
| 826 | if(!ssl) {
|
---|
| 827 | failf(data, "unable to create an SSL structure");
|
---|
| 828 | return 0;
|
---|
| 829 | }
|
---|
| 830 |
|
---|
| 831 | x509 = SSL_get_certificate(ssl);
|
---|
| 832 |
|
---|
| 833 | /* This version was provided by Evan Jordan and is supposed to not
|
---|
| 834 | leak memory as the previous version: */
|
---|
| 835 | if(x509) {
|
---|
| 836 | EVP_PKEY *pktmp = X509_get_pubkey(x509);
|
---|
| 837 | EVP_PKEY_copy_parameters(pktmp, SSL_get_privatekey(ssl));
|
---|
| 838 | EVP_PKEY_free(pktmp);
|
---|
| 839 | }
|
---|
| 840 |
|
---|
| 841 | #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_IS_BORINGSSL)
|
---|
| 842 | {
|
---|
| 843 | /* If RSA is used, don't check the private key if its flags indicate
|
---|
| 844 | * it doesn't support it. */
|
---|
| 845 | EVP_PKEY *priv_key = SSL_get_privatekey(ssl);
|
---|
| 846 | int pktype;
|
---|
| 847 | #ifdef HAVE_OPAQUE_EVP_PKEY
|
---|
| 848 | pktype = EVP_PKEY_id(priv_key);
|
---|
| 849 | #else
|
---|
| 850 | pktype = priv_key->type;
|
---|
| 851 | #endif
|
---|
| 852 | if(pktype == EVP_PKEY_RSA) {
|
---|
| 853 | RSA *rsa = EVP_PKEY_get1_RSA(priv_key);
|
---|
| 854 | if(RSA_flags(rsa) & RSA_METHOD_FLAG_NO_CHECK)
|
---|
| 855 | check_privkey = FALSE;
|
---|
| 856 | RSA_free(rsa); /* Decrement reference count */
|
---|
| 857 | }
|
---|
| 858 | }
|
---|
| 859 | #endif
|
---|
| 860 |
|
---|
| 861 | SSL_free(ssl);
|
---|
| 862 |
|
---|
| 863 | /* If we are using DSA, we can copy the parameters from
|
---|
| 864 | * the private key */
|
---|
| 865 |
|
---|
| 866 | if(check_privkey == TRUE) {
|
---|
| 867 | /* Now we know that a key and cert have been set against
|
---|
| 868 | * the SSL context */
|
---|
| 869 | if(!SSL_CTX_check_private_key(ctx)) {
|
---|
| 870 | failf(data, "Private key does not match the certificate public key");
|
---|
| 871 | return 0;
|
---|
| 872 | }
|
---|
| 873 | }
|
---|
| 874 | }
|
---|
| 875 | return 1;
|
---|
| 876 | }
|
---|
| 877 |
|
---|
| 878 | /* returns non-zero on failure */
|
---|
| 879 | static int x509_name_oneline(X509_NAME *a, char *buf, size_t size)
|
---|
| 880 | {
|
---|
| 881 | #if 0
|
---|
| 882 | return X509_NAME_oneline(a, buf, size);
|
---|
| 883 | #else
|
---|
| 884 | BIO *bio_out = BIO_new(BIO_s_mem());
|
---|
| 885 | BUF_MEM *biomem;
|
---|
| 886 | int rc;
|
---|
| 887 |
|
---|
| 888 | if(!bio_out)
|
---|
| 889 | return 1; /* alloc failed! */
|
---|
| 890 |
|
---|
| 891 | rc = X509_NAME_print_ex(bio_out, a, 0, XN_FLAG_SEP_SPLUS_SPC);
|
---|
| 892 | BIO_get_mem_ptr(bio_out, &biomem);
|
---|
| 893 |
|
---|
| 894 | if((size_t)biomem->length < size)
|
---|
| 895 | size = biomem->length;
|
---|
| 896 | else
|
---|
| 897 | size--; /* don't overwrite the buffer end */
|
---|
| 898 |
|
---|
| 899 | memcpy(buf, biomem->data, size);
|
---|
| 900 | buf[size] = 0;
|
---|
| 901 |
|
---|
| 902 | BIO_free(bio_out);
|
---|
| 903 |
|
---|
| 904 | return !rc;
|
---|
| 905 | #endif
|
---|
| 906 | }
|
---|
| 907 |
|
---|
| 908 | /**
|
---|
| 909 | * Global SSL init
|
---|
| 910 | *
|
---|
| 911 | * @retval 0 error initializing SSL
|
---|
| 912 | * @retval 1 SSL initialized successfully
|
---|
| 913 | */
|
---|
| 914 | static int Curl_ossl_init(void)
|
---|
| 915 | {
|
---|
| 916 | #ifdef ENABLE_SSLKEYLOGFILE
|
---|
| 917 | const char *keylog_file_name;
|
---|
| 918 | #endif
|
---|
| 919 |
|
---|
| 920 | OPENSSL_load_builtin_modules();
|
---|
| 921 |
|
---|
| 922 | #ifdef HAVE_ENGINE_LOAD_BUILTIN_ENGINES
|
---|
| 923 | ENGINE_load_builtin_engines();
|
---|
| 924 | #endif
|
---|
| 925 |
|
---|
| 926 | /* OPENSSL_config(NULL); is "strongly recommended" to use but unfortunately
|
---|
| 927 | that function makes an exit() call on wrongly formatted config files
|
---|
| 928 | which makes it hard to use in some situations. OPENSSL_config() itself
|
---|
| 929 | calls CONF_modules_load_file() and we use that instead and we ignore
|
---|
| 930 | its return code! */
|
---|
| 931 |
|
---|
| 932 | /* CONF_MFLAGS_DEFAULT_SECTION introduced some time between 0.9.8b and
|
---|
| 933 | 0.9.8e */
|
---|
| 934 | #ifndef CONF_MFLAGS_DEFAULT_SECTION
|
---|
| 935 | #define CONF_MFLAGS_DEFAULT_SECTION 0x0
|
---|
| 936 | #endif
|
---|
| 937 |
|
---|
| 938 | CONF_modules_load_file(NULL, NULL,
|
---|
| 939 | CONF_MFLAGS_DEFAULT_SECTION|
|
---|
| 940 | CONF_MFLAGS_IGNORE_MISSING_FILE);
|
---|
| 941 |
|
---|
| 942 | #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
|
---|
| 943 | !defined(LIBRESSL_VERSION_NUMBER)
|
---|
| 944 | /* OpenSSL 1.1.0+ takes care of initialization itself */
|
---|
| 945 | #else
|
---|
| 946 | /* Lets get nice error messages */
|
---|
| 947 | SSL_load_error_strings();
|
---|
| 948 |
|
---|
| 949 | /* Init the global ciphers and digests */
|
---|
| 950 | if(!SSLeay_add_ssl_algorithms())
|
---|
| 951 | return 0;
|
---|
| 952 |
|
---|
| 953 | OpenSSL_add_all_algorithms();
|
---|
| 954 | #endif
|
---|
| 955 |
|
---|
| 956 | #ifdef ENABLE_SSLKEYLOGFILE
|
---|
| 957 | keylog_file_name = curl_getenv("SSLKEYLOGFILE");
|
---|
| 958 | if(keylog_file_name && !keylog_file_fp) {
|
---|
| 959 | keylog_file_fp = fopen(keylog_file_name, FOPEN_APPENDTEXT);
|
---|
| 960 | if(keylog_file_fp) {
|
---|
| 961 | if(setvbuf(keylog_file_fp, NULL, _IOLBF, 4096)) {
|
---|
| 962 | fclose(keylog_file_fp);
|
---|
| 963 | keylog_file_fp = NULL;
|
---|
| 964 | }
|
---|
| 965 | }
|
---|
| 966 | }
|
---|
| 967 | #endif
|
---|
| 968 |
|
---|
| 969 | return 1;
|
---|
| 970 | }
|
---|
| 971 |
|
---|
| 972 | /* Global cleanup */
|
---|
| 973 | static void Curl_ossl_cleanup(void)
|
---|
| 974 | {
|
---|
| 975 | #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
|
---|
| 976 | !defined(LIBRESSL_VERSION_NUMBER)
|
---|
| 977 | /* OpenSSL 1.1 deprecates all these cleanup functions and
|
---|
| 978 | turns them into no-ops in OpenSSL 1.0 compatibility mode */
|
---|
| 979 | #else
|
---|
| 980 | /* Free ciphers and digests lists */
|
---|
| 981 | EVP_cleanup();
|
---|
| 982 |
|
---|
| 983 | #ifdef HAVE_ENGINE_CLEANUP
|
---|
| 984 | /* Free engine list */
|
---|
| 985 | ENGINE_cleanup();
|
---|
| 986 | #endif
|
---|
| 987 |
|
---|
| 988 | /* Free OpenSSL error strings */
|
---|
| 989 | ERR_free_strings();
|
---|
| 990 |
|
---|
| 991 | /* Free thread local error state, destroying hash upon zero refcount */
|
---|
| 992 | #ifdef HAVE_ERR_REMOVE_THREAD_STATE
|
---|
| 993 | ERR_remove_thread_state(NULL);
|
---|
| 994 | #else
|
---|
| 995 | ERR_remove_state(0);
|
---|
| 996 | #endif
|
---|
| 997 |
|
---|
| 998 | /* Free all memory allocated by all configuration modules */
|
---|
| 999 | CONF_modules_free();
|
---|
| 1000 |
|
---|
| 1001 | #ifdef HAVE_SSL_COMP_FREE_COMPRESSION_METHODS
|
---|
| 1002 | SSL_COMP_free_compression_methods();
|
---|
| 1003 | #endif
|
---|
| 1004 | #endif
|
---|
| 1005 |
|
---|
| 1006 | #ifdef ENABLE_SSLKEYLOGFILE
|
---|
| 1007 | if(keylog_file_fp) {
|
---|
| 1008 | fclose(keylog_file_fp);
|
---|
| 1009 | keylog_file_fp = NULL;
|
---|
| 1010 | }
|
---|
| 1011 | #endif
|
---|
| 1012 | }
|
---|
| 1013 |
|
---|
| 1014 | /*
|
---|
| 1015 | * This function is used to determine connection status.
|
---|
| 1016 | *
|
---|
| 1017 | * Return codes:
|
---|
| 1018 | * 1 means the connection is still in place
|
---|
| 1019 | * 0 means the connection has been closed
|
---|
| 1020 | * -1 means the connection status is unknown
|
---|
| 1021 | */
|
---|
| 1022 | static int Curl_ossl_check_cxn(struct connectdata *conn)
|
---|
| 1023 | {
|
---|
| 1024 | /* SSL_peek takes data out of the raw recv buffer without peeking so we use
|
---|
| 1025 | recv MSG_PEEK instead. Bug #795 */
|
---|
| 1026 | #ifdef MSG_PEEK
|
---|
| 1027 | char buf;
|
---|
| 1028 | ssize_t nread;
|
---|
| 1029 | nread = recv((RECV_TYPE_ARG1)conn->sock[FIRSTSOCKET], (RECV_TYPE_ARG2)&buf,
|
---|
| 1030 | (RECV_TYPE_ARG3)1, (RECV_TYPE_ARG4)MSG_PEEK);
|
---|
| 1031 | if(nread == 0)
|
---|
| 1032 | return 0; /* connection has been closed */
|
---|
| 1033 | if(nread == 1)
|
---|
| 1034 | return 1; /* connection still in place */
|
---|
| 1035 | else if(nread == -1) {
|
---|
| 1036 | int err = SOCKERRNO;
|
---|
| 1037 | if(err == EINPROGRESS ||
|
---|
| 1038 | #if defined(EAGAIN) && (EAGAIN != EWOULDBLOCK)
|
---|
| 1039 | err == EAGAIN ||
|
---|
| 1040 | #endif
|
---|
| 1041 | err == EWOULDBLOCK)
|
---|
| 1042 | return 1; /* connection still in place */
|
---|
| 1043 | if(err == ECONNRESET ||
|
---|
| 1044 | #ifdef ECONNABORTED
|
---|
| 1045 | err == ECONNABORTED ||
|
---|
| 1046 | #endif
|
---|
| 1047 | #ifdef ENETDOWN
|
---|
| 1048 | err == ENETDOWN ||
|
---|
| 1049 | #endif
|
---|
| 1050 | #ifdef ENETRESET
|
---|
| 1051 | err == ENETRESET ||
|
---|
| 1052 | #endif
|
---|
| 1053 | #ifdef ESHUTDOWN
|
---|
| 1054 | err == ESHUTDOWN ||
|
---|
| 1055 | #endif
|
---|
| 1056 | #ifdef ETIMEDOUT
|
---|
| 1057 | err == ETIMEDOUT ||
|
---|
| 1058 | #endif
|
---|
| 1059 | err == ENOTCONN)
|
---|
| 1060 | return 0; /* connection has been closed */
|
---|
| 1061 | }
|
---|
| 1062 | #endif
|
---|
| 1063 | return -1; /* connection status unknown */
|
---|
| 1064 | }
|
---|
| 1065 |
|
---|
| 1066 | /* Selects an OpenSSL crypto engine
|
---|
| 1067 | */
|
---|
| 1068 | static CURLcode Curl_ossl_set_engine(struct Curl_easy *data,
|
---|
| 1069 | const char *engine)
|
---|
| 1070 | {
|
---|
| 1071 | #if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H)
|
---|
| 1072 | ENGINE *e;
|
---|
| 1073 |
|
---|
| 1074 | #if OPENSSL_VERSION_NUMBER >= 0x00909000L
|
---|
| 1075 | e = ENGINE_by_id(engine);
|
---|
| 1076 | #else
|
---|
| 1077 | /* avoid memory leak */
|
---|
| 1078 | for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
|
---|
| 1079 | const char *e_id = ENGINE_get_id(e);
|
---|
| 1080 | if(!strcmp(engine, e_id))
|
---|
| 1081 | break;
|
---|
| 1082 | }
|
---|
| 1083 | #endif
|
---|
| 1084 |
|
---|
| 1085 | if(!e) {
|
---|
| 1086 | failf(data, "SSL Engine '%s' not found", engine);
|
---|
| 1087 | return CURLE_SSL_ENGINE_NOTFOUND;
|
---|
| 1088 | }
|
---|
| 1089 |
|
---|
| 1090 | if(data->state.engine) {
|
---|
| 1091 | ENGINE_finish(data->state.engine);
|
---|
| 1092 | ENGINE_free(data->state.engine);
|
---|
| 1093 | data->state.engine = NULL;
|
---|
| 1094 | }
|
---|
| 1095 | if(!ENGINE_init(e)) {
|
---|
| 1096 | char buf[256];
|
---|
| 1097 |
|
---|
| 1098 | ENGINE_free(e);
|
---|
| 1099 | failf(data, "Failed to initialise SSL Engine '%s':\n%s",
|
---|
| 1100 | engine, ossl_strerror(ERR_get_error(), buf, sizeof(buf)));
|
---|
| 1101 | return CURLE_SSL_ENGINE_INITFAILED;
|
---|
| 1102 | }
|
---|
| 1103 | data->state.engine = e;
|
---|
| 1104 | return CURLE_OK;
|
---|
| 1105 | #else
|
---|
| 1106 | (void)engine;
|
---|
| 1107 | failf(data, "SSL Engine not supported");
|
---|
| 1108 | return CURLE_SSL_ENGINE_NOTFOUND;
|
---|
| 1109 | #endif
|
---|
| 1110 | }
|
---|
| 1111 |
|
---|
| 1112 | /* Sets engine as default for all SSL operations
|
---|
| 1113 | */
|
---|
| 1114 | static CURLcode Curl_ossl_set_engine_default(struct Curl_easy *data)
|
---|
| 1115 | {
|
---|
| 1116 | #ifdef HAVE_OPENSSL_ENGINE_H
|
---|
| 1117 | if(data->state.engine) {
|
---|
| 1118 | if(ENGINE_set_default(data->state.engine, ENGINE_METHOD_ALL) > 0) {
|
---|
| 1119 | infof(data, "set default crypto engine '%s'\n",
|
---|
| 1120 | ENGINE_get_id(data->state.engine));
|
---|
| 1121 | }
|
---|
| 1122 | else {
|
---|
| 1123 | failf(data, "set default crypto engine '%s' failed",
|
---|
| 1124 | ENGINE_get_id(data->state.engine));
|
---|
| 1125 | return CURLE_SSL_ENGINE_SETFAILED;
|
---|
| 1126 | }
|
---|
| 1127 | }
|
---|
| 1128 | #else
|
---|
| 1129 | (void) data;
|
---|
| 1130 | #endif
|
---|
| 1131 | return CURLE_OK;
|
---|
| 1132 | }
|
---|
| 1133 |
|
---|
| 1134 | /* Return list of OpenSSL crypto engine names.
|
---|
| 1135 | */
|
---|
| 1136 | static struct curl_slist *Curl_ossl_engines_list(struct Curl_easy *data)
|
---|
| 1137 | {
|
---|
| 1138 | struct curl_slist *list = NULL;
|
---|
| 1139 | #if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H)
|
---|
| 1140 | struct curl_slist *beg;
|
---|
| 1141 | ENGINE *e;
|
---|
| 1142 |
|
---|
| 1143 | for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
|
---|
| 1144 | beg = curl_slist_append(list, ENGINE_get_id(e));
|
---|
| 1145 | if(!beg) {
|
---|
| 1146 | curl_slist_free_all(list);
|
---|
| 1147 | return NULL;
|
---|
| 1148 | }
|
---|
| 1149 | list = beg;
|
---|
| 1150 | }
|
---|
| 1151 | #endif
|
---|
| 1152 | (void) data;
|
---|
| 1153 | return list;
|
---|
| 1154 | }
|
---|
| 1155 |
|
---|
| 1156 |
|
---|
| 1157 | static void ossl_close(struct ssl_connect_data *connssl)
|
---|
| 1158 | {
|
---|
| 1159 | if(BACKEND->handle) {
|
---|
| 1160 | (void)SSL_shutdown(BACKEND->handle);
|
---|
| 1161 | SSL_set_connect_state(BACKEND->handle);
|
---|
| 1162 |
|
---|
| 1163 | SSL_free(BACKEND->handle);
|
---|
| 1164 | BACKEND->handle = NULL;
|
---|
| 1165 | }
|
---|
| 1166 | if(BACKEND->ctx) {
|
---|
| 1167 | SSL_CTX_free(BACKEND->ctx);
|
---|
| 1168 | BACKEND->ctx = NULL;
|
---|
| 1169 | }
|
---|
| 1170 | }
|
---|
| 1171 |
|
---|
| 1172 | /*
|
---|
| 1173 | * This function is called when an SSL connection is closed.
|
---|
| 1174 | */
|
---|
| 1175 | static void Curl_ossl_close(struct connectdata *conn, int sockindex)
|
---|
| 1176 | {
|
---|
| 1177 | ossl_close(&conn->ssl[sockindex]);
|
---|
| 1178 | ossl_close(&conn->proxy_ssl[sockindex]);
|
---|
| 1179 | }
|
---|
| 1180 |
|
---|
| 1181 | /*
|
---|
| 1182 | * This function is called to shut down the SSL layer but keep the
|
---|
| 1183 | * socket open (CCC - Clear Command Channel)
|
---|
| 1184 | */
|
---|
| 1185 | static int Curl_ossl_shutdown(struct connectdata *conn, int sockindex)
|
---|
| 1186 | {
|
---|
| 1187 | int retval = 0;
|
---|
| 1188 | struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
---|
| 1189 | struct Curl_easy *data = conn->data;
|
---|
| 1190 | char buf[256]; /* We will use this for the OpenSSL error buffer, so it has
|
---|
| 1191 | to be at least 256 bytes long. */
|
---|
| 1192 | unsigned long sslerror;
|
---|
| 1193 | ssize_t nread;
|
---|
| 1194 | int buffsize;
|
---|
| 1195 | int err;
|
---|
| 1196 | int done = 0;
|
---|
| 1197 |
|
---|
| 1198 | /* This has only been tested on the proftpd server, and the mod_tls code
|
---|
| 1199 | sends a close notify alert without waiting for a close notify alert in
|
---|
| 1200 | response. Thus we wait for a close notify alert from the server, but
|
---|
| 1201 | we do not send one. Let's hope other servers do the same... */
|
---|
| 1202 |
|
---|
| 1203 | if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE)
|
---|
| 1204 | (void)SSL_shutdown(BACKEND->handle);
|
---|
| 1205 |
|
---|
| 1206 | if(BACKEND->handle) {
|
---|
| 1207 | buffsize = (int)sizeof(buf);
|
---|
| 1208 | while(!done) {
|
---|
| 1209 | int what = SOCKET_READABLE(conn->sock[sockindex],
|
---|
| 1210 | SSL_SHUTDOWN_TIMEOUT);
|
---|
| 1211 | if(what > 0) {
|
---|
| 1212 | ERR_clear_error();
|
---|
| 1213 |
|
---|
| 1214 | /* Something to read, let's do it and hope that it is the close
|
---|
| 1215 | notify alert from the server */
|
---|
| 1216 | nread = (ssize_t)SSL_read(BACKEND->handle, buf, buffsize);
|
---|
| 1217 | err = SSL_get_error(BACKEND->handle, (int)nread);
|
---|
| 1218 |
|
---|
| 1219 | switch(err) {
|
---|
| 1220 | case SSL_ERROR_NONE: /* this is not an error */
|
---|
| 1221 | case SSL_ERROR_ZERO_RETURN: /* no more data */
|
---|
| 1222 | /* This is the expected response. There was no data but only
|
---|
| 1223 | the close notify alert */
|
---|
| 1224 | done = 1;
|
---|
| 1225 | break;
|
---|
| 1226 | case SSL_ERROR_WANT_READ:
|
---|
| 1227 | /* there's data pending, re-invoke SSL_read() */
|
---|
| 1228 | infof(data, "SSL_ERROR_WANT_READ\n");
|
---|
| 1229 | break;
|
---|
| 1230 | case SSL_ERROR_WANT_WRITE:
|
---|
| 1231 | /* SSL wants a write. Really odd. Let's bail out. */
|
---|
| 1232 | infof(data, "SSL_ERROR_WANT_WRITE\n");
|
---|
| 1233 | done = 1;
|
---|
| 1234 | break;
|
---|
| 1235 | default:
|
---|
| 1236 | /* openssl/ssl.h says "look at error stack/return value/errno" */
|
---|
| 1237 | sslerror = ERR_get_error();
|
---|
| 1238 | failf(conn->data, OSSL_PACKAGE " SSL_read on shutdown: %s, errno %d",
|
---|
| 1239 | (sslerror ?
|
---|
| 1240 | ossl_strerror(sslerror, buf, sizeof(buf)) :
|
---|
| 1241 | SSL_ERROR_to_str(err)),
|
---|
| 1242 | SOCKERRNO);
|
---|
| 1243 | done = 1;
|
---|
| 1244 | break;
|
---|
| 1245 | }
|
---|
| 1246 | }
|
---|
| 1247 | else if(0 == what) {
|
---|
| 1248 | /* timeout */
|
---|
| 1249 | failf(data, "SSL shutdown timeout");
|
---|
| 1250 | done = 1;
|
---|
| 1251 | }
|
---|
| 1252 | else {
|
---|
| 1253 | /* anything that gets here is fatally bad */
|
---|
| 1254 | failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
|
---|
| 1255 | retval = -1;
|
---|
| 1256 | done = 1;
|
---|
| 1257 | }
|
---|
| 1258 | } /* while()-loop for the select() */
|
---|
| 1259 |
|
---|
| 1260 | if(data->set.verbose) {
|
---|
| 1261 | #ifdef HAVE_SSL_GET_SHUTDOWN
|
---|
| 1262 | switch(SSL_get_shutdown(BACKEND->handle)) {
|
---|
| 1263 | case SSL_SENT_SHUTDOWN:
|
---|
| 1264 | infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN\n");
|
---|
| 1265 | break;
|
---|
| 1266 | case SSL_RECEIVED_SHUTDOWN:
|
---|
| 1267 | infof(data, "SSL_get_shutdown() returned SSL_RECEIVED_SHUTDOWN\n");
|
---|
| 1268 | break;
|
---|
| 1269 | case SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN:
|
---|
| 1270 | infof(data, "SSL_get_shutdown() returned SSL_SENT_SHUTDOWN|"
|
---|
| 1271 | "SSL_RECEIVED__SHUTDOWN\n");
|
---|
| 1272 | break;
|
---|
| 1273 | }
|
---|
| 1274 | #endif
|
---|
| 1275 | }
|
---|
| 1276 |
|
---|
| 1277 | SSL_free(BACKEND->handle);
|
---|
| 1278 | BACKEND->handle = NULL;
|
---|
| 1279 | }
|
---|
| 1280 | return retval;
|
---|
| 1281 | }
|
---|
| 1282 |
|
---|
| 1283 | static void Curl_ossl_session_free(void *ptr)
|
---|
| 1284 | {
|
---|
| 1285 | /* free the ID */
|
---|
| 1286 | SSL_SESSION_free(ptr);
|
---|
| 1287 | }
|
---|
| 1288 |
|
---|
| 1289 | /*
|
---|
| 1290 | * This function is called when the 'data' struct is going away. Close
|
---|
| 1291 | * down everything and free all resources!
|
---|
| 1292 | */
|
---|
| 1293 | static void Curl_ossl_close_all(struct Curl_easy *data)
|
---|
| 1294 | {
|
---|
| 1295 | #ifdef HAVE_OPENSSL_ENGINE_H
|
---|
| 1296 | if(data->state.engine) {
|
---|
| 1297 | ENGINE_finish(data->state.engine);
|
---|
| 1298 | ENGINE_free(data->state.engine);
|
---|
| 1299 | data->state.engine = NULL;
|
---|
| 1300 | }
|
---|
| 1301 | #else
|
---|
| 1302 | (void)data;
|
---|
| 1303 | #endif
|
---|
| 1304 | #if !defined(HAVE_ERR_REMOVE_THREAD_STATE_DEPRECATED) && \
|
---|
| 1305 | defined(HAVE_ERR_REMOVE_THREAD_STATE)
|
---|
| 1306 | /* OpenSSL 1.0.1 and 1.0.2 build an error queue that is stored per-thread
|
---|
| 1307 | so we need to clean it here in case the thread will be killed. All OpenSSL
|
---|
| 1308 | code should extract the error in association with the error so clearing
|
---|
| 1309 | this queue here should be harmless at worst. */
|
---|
| 1310 | ERR_remove_thread_state(NULL);
|
---|
| 1311 | #endif
|
---|
| 1312 | }
|
---|
| 1313 |
|
---|
| 1314 | /* ====================================================== */
|
---|
| 1315 |
|
---|
| 1316 |
|
---|
| 1317 | /* Quote from RFC2818 section 3.1 "Server Identity"
|
---|
| 1318 |
|
---|
| 1319 | If a subjectAltName extension of type dNSName is present, that MUST
|
---|
| 1320 | be used as the identity. Otherwise, the (most specific) Common Name
|
---|
| 1321 | field in the Subject field of the certificate MUST be used. Although
|
---|
| 1322 | the use of the Common Name is existing practice, it is deprecated and
|
---|
| 1323 | Certification Authorities are encouraged to use the dNSName instead.
|
---|
| 1324 |
|
---|
| 1325 | Matching is performed using the matching rules specified by
|
---|
| 1326 | [RFC2459]. If more than one identity of a given type is present in
|
---|
| 1327 | the certificate (e.g., more than one dNSName name, a match in any one
|
---|
| 1328 | of the set is considered acceptable.) Names may contain the wildcard
|
---|
| 1329 | character * which is considered to match any single domain name
|
---|
| 1330 | component or component fragment. E.g., *.a.com matches foo.a.com but
|
---|
| 1331 | not bar.foo.a.com. f*.com matches foo.com but not bar.com.
|
---|
| 1332 |
|
---|
| 1333 | In some cases, the URI is specified as an IP address rather than a
|
---|
| 1334 | hostname. In this case, the iPAddress subjectAltName must be present
|
---|
| 1335 | in the certificate and must exactly match the IP in the URI.
|
---|
| 1336 |
|
---|
| 1337 | */
|
---|
| 1338 | static CURLcode verifyhost(struct connectdata *conn, X509 *server_cert)
|
---|
| 1339 | {
|
---|
| 1340 | bool matched = FALSE;
|
---|
| 1341 | int target = GEN_DNS; /* target type, GEN_DNS or GEN_IPADD */
|
---|
| 1342 | size_t addrlen = 0;
|
---|
| 1343 | struct Curl_easy *data = conn->data;
|
---|
| 1344 | STACK_OF(GENERAL_NAME) *altnames;
|
---|
| 1345 | #ifdef ENABLE_IPV6
|
---|
| 1346 | struct in6_addr addr;
|
---|
| 1347 | #else
|
---|
| 1348 | struct in_addr addr;
|
---|
| 1349 | #endif
|
---|
| 1350 | CURLcode result = CURLE_OK;
|
---|
| 1351 | bool dNSName = FALSE; /* if a dNSName field exists in the cert */
|
---|
| 1352 | bool iPAddress = FALSE; /* if a iPAddress field exists in the cert */
|
---|
| 1353 | const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
|
---|
| 1354 | conn->host.name;
|
---|
| 1355 | const char * const dispname = SSL_IS_PROXY() ?
|
---|
| 1356 | conn->http_proxy.host.dispname : conn->host.dispname;
|
---|
| 1357 |
|
---|
| 1358 | #ifdef ENABLE_IPV6
|
---|
| 1359 | if(conn->bits.ipv6_ip &&
|
---|
| 1360 | Curl_inet_pton(AF_INET6, hostname, &addr)) {
|
---|
| 1361 | target = GEN_IPADD;
|
---|
| 1362 | addrlen = sizeof(struct in6_addr);
|
---|
| 1363 | }
|
---|
| 1364 | else
|
---|
| 1365 | #endif
|
---|
| 1366 | if(Curl_inet_pton(AF_INET, hostname, &addr)) {
|
---|
| 1367 | target = GEN_IPADD;
|
---|
| 1368 | addrlen = sizeof(struct in_addr);
|
---|
| 1369 | }
|
---|
| 1370 |
|
---|
| 1371 | /* get a "list" of alternative names */
|
---|
| 1372 | altnames = X509_get_ext_d2i(server_cert, NID_subject_alt_name, NULL, NULL);
|
---|
| 1373 |
|
---|
| 1374 | if(altnames) {
|
---|
| 1375 | int numalts;
|
---|
| 1376 | int i;
|
---|
| 1377 | bool dnsmatched = FALSE;
|
---|
| 1378 | bool ipmatched = FALSE;
|
---|
| 1379 |
|
---|
| 1380 | /* get amount of alternatives, RFC2459 claims there MUST be at least
|
---|
| 1381 | one, but we don't depend on it... */
|
---|
| 1382 | numalts = sk_GENERAL_NAME_num(altnames);
|
---|
| 1383 |
|
---|
| 1384 | /* loop through all alternatives - until a dnsmatch */
|
---|
| 1385 | for(i = 0; (i < numalts) && !dnsmatched; i++) {
|
---|
| 1386 | /* get a handle to alternative name number i */
|
---|
| 1387 | const GENERAL_NAME *check = sk_GENERAL_NAME_value(altnames, i);
|
---|
| 1388 |
|
---|
| 1389 | if(check->type == GEN_DNS)
|
---|
| 1390 | dNSName = TRUE;
|
---|
| 1391 | else if(check->type == GEN_IPADD)
|
---|
| 1392 | iPAddress = TRUE;
|
---|
| 1393 |
|
---|
| 1394 | /* only check alternatives of the same type the target is */
|
---|
| 1395 | if(check->type == target) {
|
---|
| 1396 | /* get data and length */
|
---|
| 1397 | const char *altptr = (char *)ASN1_STRING_get0_data(check->d.ia5);
|
---|
| 1398 | size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5);
|
---|
| 1399 |
|
---|
| 1400 | switch(target) {
|
---|
| 1401 | case GEN_DNS: /* name/pattern comparison */
|
---|
| 1402 | /* The OpenSSL man page explicitly says: "In general it cannot be
|
---|
| 1403 | assumed that the data returned by ASN1_STRING_data() is null
|
---|
| 1404 | terminated or does not contain embedded nulls." But also that
|
---|
| 1405 | "The actual format of the data will depend on the actual string
|
---|
| 1406 | type itself: for example for and IA5String the data will be ASCII"
|
---|
| 1407 |
|
---|
| 1408 | Gisle researched the OpenSSL sources:
|
---|
| 1409 | "I checked the 0.9.6 and 0.9.8 sources before my patch and
|
---|
| 1410 | it always 0-terminates an IA5String."
|
---|
| 1411 | */
|
---|
| 1412 | if((altlen == strlen(altptr)) &&
|
---|
| 1413 | /* if this isn't true, there was an embedded zero in the name
|
---|
| 1414 | string and we cannot match it. */
|
---|
| 1415 | Curl_cert_hostcheck(altptr, hostname)) {
|
---|
| 1416 | dnsmatched = TRUE;
|
---|
| 1417 | infof(data,
|
---|
| 1418 | " subjectAltName: host \"%s\" matched cert's \"%s\"\n",
|
---|
| 1419 | dispname, altptr);
|
---|
| 1420 | }
|
---|
| 1421 | break;
|
---|
| 1422 |
|
---|
| 1423 | case GEN_IPADD: /* IP address comparison */
|
---|
| 1424 | /* compare alternative IP address if the data chunk is the same size
|
---|
| 1425 | our server IP address is */
|
---|
| 1426 | if((altlen == addrlen) && !memcmp(altptr, &addr, altlen)) {
|
---|
| 1427 | ipmatched = TRUE;
|
---|
| 1428 | infof(data,
|
---|
| 1429 | " subjectAltName: host \"%s\" matched cert's IP address!\n",
|
---|
| 1430 | dispname);
|
---|
| 1431 | }
|
---|
| 1432 | break;
|
---|
| 1433 | }
|
---|
| 1434 | }
|
---|
| 1435 | }
|
---|
| 1436 | GENERAL_NAMES_free(altnames);
|
---|
| 1437 |
|
---|
| 1438 | if(dnsmatched || ipmatched)
|
---|
| 1439 | matched = TRUE;
|
---|
| 1440 | }
|
---|
| 1441 |
|
---|
| 1442 | if(matched)
|
---|
| 1443 | /* an alternative name matched */
|
---|
| 1444 | ;
|
---|
| 1445 | else if(dNSName || iPAddress) {
|
---|
| 1446 | infof(data, " subjectAltName does not match %s\n", dispname);
|
---|
| 1447 | failf(data, "SSL: no alternative certificate subject name matches "
|
---|
| 1448 | "target host name '%s'", dispname);
|
---|
| 1449 | result = CURLE_PEER_FAILED_VERIFICATION;
|
---|
| 1450 | }
|
---|
| 1451 | else {
|
---|
| 1452 | /* we have to look to the last occurrence of a commonName in the
|
---|
| 1453 | distinguished one to get the most significant one. */
|
---|
| 1454 | int j, i = -1;
|
---|
| 1455 |
|
---|
| 1456 | /* The following is done because of a bug in 0.9.6b */
|
---|
| 1457 |
|
---|
| 1458 | unsigned char *nulstr = (unsigned char *)"";
|
---|
| 1459 | unsigned char *peer_CN = nulstr;
|
---|
| 1460 |
|
---|
| 1461 | X509_NAME *name = X509_get_subject_name(server_cert);
|
---|
| 1462 | if(name)
|
---|
| 1463 | while((j = X509_NAME_get_index_by_NID(name, NID_commonName, i)) >= 0)
|
---|
| 1464 | i = j;
|
---|
| 1465 |
|
---|
| 1466 | /* we have the name entry and we will now convert this to a string
|
---|
| 1467 | that we can use for comparison. Doing this we support BMPstring,
|
---|
| 1468 | UTF8 etc. */
|
---|
| 1469 |
|
---|
| 1470 | if(i >= 0) {
|
---|
| 1471 | ASN1_STRING *tmp =
|
---|
| 1472 | X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
|
---|
| 1473 |
|
---|
| 1474 | /* In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input
|
---|
| 1475 | is already UTF-8 encoded. We check for this case and copy the raw
|
---|
| 1476 | string manually to avoid the problem. This code can be made
|
---|
| 1477 | conditional in the future when OpenSSL has been fixed. Work-around
|
---|
| 1478 | brought by Alexis S. L. Carvalho. */
|
---|
| 1479 | if(tmp) {
|
---|
| 1480 | if(ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
|
---|
| 1481 | j = ASN1_STRING_length(tmp);
|
---|
| 1482 | if(j >= 0) {
|
---|
| 1483 | peer_CN = OPENSSL_malloc(j + 1);
|
---|
| 1484 | if(peer_CN) {
|
---|
| 1485 | memcpy(peer_CN, ASN1_STRING_get0_data(tmp), j);
|
---|
| 1486 | peer_CN[j] = '\0';
|
---|
| 1487 | }
|
---|
| 1488 | }
|
---|
| 1489 | }
|
---|
| 1490 | else /* not a UTF8 name */
|
---|
| 1491 | j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
|
---|
| 1492 |
|
---|
| 1493 | if(peer_CN && (curlx_uztosi(strlen((char *)peer_CN)) != j)) {
|
---|
| 1494 | /* there was a terminating zero before the end of string, this
|
---|
| 1495 | cannot match and we return failure! */
|
---|
| 1496 | failf(data, "SSL: illegal cert name field");
|
---|
| 1497 | result = CURLE_PEER_FAILED_VERIFICATION;
|
---|
| 1498 | }
|
---|
| 1499 | }
|
---|
| 1500 | }
|
---|
| 1501 |
|
---|
| 1502 | if(peer_CN == nulstr)
|
---|
| 1503 | peer_CN = NULL;
|
---|
| 1504 | else {
|
---|
| 1505 | /* convert peer_CN from UTF8 */
|
---|
| 1506 | CURLcode rc = Curl_convert_from_utf8(data, (char *)peer_CN,
|
---|
| 1507 | strlen((char *)peer_CN));
|
---|
| 1508 | /* Curl_convert_from_utf8 calls failf if unsuccessful */
|
---|
| 1509 | if(rc) {
|
---|
| 1510 | OPENSSL_free(peer_CN);
|
---|
| 1511 | return rc;
|
---|
| 1512 | }
|
---|
| 1513 | }
|
---|
| 1514 |
|
---|
| 1515 | if(result)
|
---|
| 1516 | /* error already detected, pass through */
|
---|
| 1517 | ;
|
---|
| 1518 | else if(!peer_CN) {
|
---|
| 1519 | failf(data,
|
---|
| 1520 | "SSL: unable to obtain common name from peer certificate");
|
---|
| 1521 | result = CURLE_PEER_FAILED_VERIFICATION;
|
---|
| 1522 | }
|
---|
| 1523 | else if(!Curl_cert_hostcheck((const char *)peer_CN, hostname)) {
|
---|
| 1524 | failf(data, "SSL: certificate subject name '%s' does not match "
|
---|
| 1525 | "target host name '%s'", peer_CN, dispname);
|
---|
| 1526 | result = CURLE_PEER_FAILED_VERIFICATION;
|
---|
| 1527 | }
|
---|
| 1528 | else {
|
---|
| 1529 | infof(data, " common name: %s (matched)\n", peer_CN);
|
---|
| 1530 | }
|
---|
| 1531 | if(peer_CN)
|
---|
| 1532 | OPENSSL_free(peer_CN);
|
---|
| 1533 | }
|
---|
| 1534 |
|
---|
| 1535 | return result;
|
---|
| 1536 | }
|
---|
| 1537 |
|
---|
| 1538 | #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
|
---|
| 1539 | !defined(OPENSSL_NO_OCSP)
|
---|
| 1540 | static CURLcode verifystatus(struct connectdata *conn,
|
---|
| 1541 | struct ssl_connect_data *connssl)
|
---|
| 1542 | {
|
---|
| 1543 | int i, ocsp_status;
|
---|
| 1544 | const unsigned char *p;
|
---|
| 1545 | CURLcode result = CURLE_OK;
|
---|
| 1546 | struct Curl_easy *data = conn->data;
|
---|
| 1547 |
|
---|
| 1548 | OCSP_RESPONSE *rsp = NULL;
|
---|
| 1549 | OCSP_BASICRESP *br = NULL;
|
---|
| 1550 | X509_STORE *st = NULL;
|
---|
| 1551 | STACK_OF(X509) *ch = NULL;
|
---|
| 1552 |
|
---|
| 1553 | long len = SSL_get_tlsext_status_ocsp_resp(BACKEND->handle, &p);
|
---|
| 1554 |
|
---|
| 1555 | if(!p) {
|
---|
| 1556 | failf(data, "No OCSP response received");
|
---|
| 1557 | result = CURLE_SSL_INVALIDCERTSTATUS;
|
---|
| 1558 | goto end;
|
---|
| 1559 | }
|
---|
| 1560 |
|
---|
| 1561 | rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
|
---|
| 1562 | if(!rsp) {
|
---|
| 1563 | failf(data, "Invalid OCSP response");
|
---|
| 1564 | result = CURLE_SSL_INVALIDCERTSTATUS;
|
---|
| 1565 | goto end;
|
---|
| 1566 | }
|
---|
| 1567 |
|
---|
| 1568 | ocsp_status = OCSP_response_status(rsp);
|
---|
| 1569 | if(ocsp_status != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
|
---|
| 1570 | failf(data, "Invalid OCSP response status: %s (%d)",
|
---|
| 1571 | OCSP_response_status_str(ocsp_status), ocsp_status);
|
---|
| 1572 | result = CURLE_SSL_INVALIDCERTSTATUS;
|
---|
| 1573 | goto end;
|
---|
| 1574 | }
|
---|
| 1575 |
|
---|
| 1576 | br = OCSP_response_get1_basic(rsp);
|
---|
| 1577 | if(!br) {
|
---|
| 1578 | failf(data, "Invalid OCSP response");
|
---|
| 1579 | result = CURLE_SSL_INVALIDCERTSTATUS;
|
---|
| 1580 | goto end;
|
---|
| 1581 | }
|
---|
| 1582 |
|
---|
| 1583 | ch = SSL_get_peer_cert_chain(BACKEND->handle);
|
---|
| 1584 | st = SSL_CTX_get_cert_store(BACKEND->ctx);
|
---|
| 1585 |
|
---|
| 1586 | #if ((OPENSSL_VERSION_NUMBER <= 0x1000201fL) /* Fixed after 1.0.2a */ || \
|
---|
| 1587 | (defined(LIBRESSL_VERSION_NUMBER) && \
|
---|
| 1588 | LIBRESSL_VERSION_NUMBER <= 0x2040200fL))
|
---|
| 1589 | /* The authorized responder cert in the OCSP response MUST be signed by the
|
---|
| 1590 | peer cert's issuer (see RFC6960 section 4.2.2.2). If that's a root cert,
|
---|
| 1591 | no problem, but if it's an intermediate cert OpenSSL has a bug where it
|
---|
| 1592 | expects this issuer to be present in the chain embedded in the OCSP
|
---|
| 1593 | response. So we add it if necessary. */
|
---|
| 1594 |
|
---|
| 1595 | /* First make sure the peer cert chain includes both a peer and an issuer,
|
---|
| 1596 | and the OCSP response contains a responder cert. */
|
---|
| 1597 | if(sk_X509_num(ch) >= 2 && sk_X509_num(br->certs) >= 1) {
|
---|
| 1598 | X509 *responder = sk_X509_value(br->certs, sk_X509_num(br->certs) - 1);
|
---|
| 1599 |
|
---|
| 1600 | /* Find issuer of responder cert and add it to the OCSP response chain */
|
---|
| 1601 | for(i = 0; i < sk_X509_num(ch); i++) {
|
---|
| 1602 | X509 *issuer = sk_X509_value(ch, i);
|
---|
| 1603 | if(X509_check_issued(issuer, responder) == X509_V_OK) {
|
---|
| 1604 | if(!OCSP_basic_add1_cert(br, issuer)) {
|
---|
| 1605 | failf(data, "Could not add issuer cert to OCSP response");
|
---|
| 1606 | result = CURLE_SSL_INVALIDCERTSTATUS;
|
---|
| 1607 | goto end;
|
---|
| 1608 | }
|
---|
| 1609 | }
|
---|
| 1610 | }
|
---|
| 1611 | }
|
---|
| 1612 | #endif
|
---|
| 1613 |
|
---|
| 1614 | if(OCSP_basic_verify(br, ch, st, 0) <= 0) {
|
---|
| 1615 | failf(data, "OCSP response verification failed");
|
---|
| 1616 | result = CURLE_SSL_INVALIDCERTSTATUS;
|
---|
| 1617 | goto end;
|
---|
| 1618 | }
|
---|
| 1619 |
|
---|
| 1620 | for(i = 0; i < OCSP_resp_count(br); i++) {
|
---|
| 1621 | int cert_status, crl_reason;
|
---|
| 1622 | OCSP_SINGLERESP *single = NULL;
|
---|
| 1623 |
|
---|
| 1624 | ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
|
---|
| 1625 |
|
---|
| 1626 | single = OCSP_resp_get0(br, i);
|
---|
| 1627 | if(!single)
|
---|
| 1628 | continue;
|
---|
| 1629 |
|
---|
| 1630 | cert_status = OCSP_single_get0_status(single, &crl_reason, &rev,
|
---|
| 1631 | &thisupd, &nextupd);
|
---|
| 1632 |
|
---|
| 1633 | if(!OCSP_check_validity(thisupd, nextupd, 300L, -1L)) {
|
---|
| 1634 | failf(data, "OCSP response has expired");
|
---|
| 1635 | result = CURLE_SSL_INVALIDCERTSTATUS;
|
---|
| 1636 | goto end;
|
---|
| 1637 | }
|
---|
| 1638 |
|
---|
| 1639 | infof(data, "SSL certificate status: %s (%d)\n",
|
---|
| 1640 | OCSP_cert_status_str(cert_status), cert_status);
|
---|
| 1641 |
|
---|
| 1642 | switch(cert_status) {
|
---|
| 1643 | case V_OCSP_CERTSTATUS_GOOD:
|
---|
| 1644 | break;
|
---|
| 1645 |
|
---|
| 1646 | case V_OCSP_CERTSTATUS_REVOKED:
|
---|
| 1647 | result = CURLE_SSL_INVALIDCERTSTATUS;
|
---|
| 1648 |
|
---|
| 1649 | failf(data, "SSL certificate revocation reason: %s (%d)",
|
---|
| 1650 | OCSP_crl_reason_str(crl_reason), crl_reason);
|
---|
| 1651 | goto end;
|
---|
| 1652 |
|
---|
| 1653 | case V_OCSP_CERTSTATUS_UNKNOWN:
|
---|
| 1654 | result = CURLE_SSL_INVALIDCERTSTATUS;
|
---|
| 1655 | goto end;
|
---|
| 1656 | }
|
---|
| 1657 | }
|
---|
| 1658 |
|
---|
| 1659 | end:
|
---|
| 1660 | if(br) OCSP_BASICRESP_free(br);
|
---|
| 1661 | OCSP_RESPONSE_free(rsp);
|
---|
| 1662 |
|
---|
| 1663 | return result;
|
---|
| 1664 | }
|
---|
| 1665 | #endif
|
---|
| 1666 |
|
---|
| 1667 | #endif /* USE_OPENSSL */
|
---|
| 1668 |
|
---|
| 1669 | /* The SSL_CTRL_SET_MSG_CALLBACK doesn't exist in ancient OpenSSL versions
|
---|
| 1670 | and thus this cannot be done there. */
|
---|
| 1671 | #ifdef SSL_CTRL_SET_MSG_CALLBACK
|
---|
| 1672 |
|
---|
| 1673 | static const char *ssl_msg_type(int ssl_ver, int msg)
|
---|
| 1674 | {
|
---|
| 1675 | #ifdef SSL2_VERSION_MAJOR
|
---|
| 1676 | if(ssl_ver == SSL2_VERSION_MAJOR) {
|
---|
| 1677 | switch(msg) {
|
---|
| 1678 | case SSL2_MT_ERROR:
|
---|
| 1679 | return "Error";
|
---|
| 1680 | case SSL2_MT_CLIENT_HELLO:
|
---|
| 1681 | return "Client hello";
|
---|
| 1682 | case SSL2_MT_CLIENT_MASTER_KEY:
|
---|
| 1683 | return "Client key";
|
---|
| 1684 | case SSL2_MT_CLIENT_FINISHED:
|
---|
| 1685 | return "Client finished";
|
---|
| 1686 | case SSL2_MT_SERVER_HELLO:
|
---|
| 1687 | return "Server hello";
|
---|
| 1688 | case SSL2_MT_SERVER_VERIFY:
|
---|
| 1689 | return "Server verify";
|
---|
| 1690 | case SSL2_MT_SERVER_FINISHED:
|
---|
| 1691 | return "Server finished";
|
---|
| 1692 | case SSL2_MT_REQUEST_CERTIFICATE:
|
---|
| 1693 | return "Request CERT";
|
---|
| 1694 | case SSL2_MT_CLIENT_CERTIFICATE:
|
---|
| 1695 | return "Client CERT";
|
---|
| 1696 | }
|
---|
| 1697 | }
|
---|
| 1698 | else
|
---|
| 1699 | #endif
|
---|
| 1700 | if(ssl_ver == SSL3_VERSION_MAJOR) {
|
---|
| 1701 | switch(msg) {
|
---|
| 1702 | case SSL3_MT_HELLO_REQUEST:
|
---|
| 1703 | return "Hello request";
|
---|
| 1704 | case SSL3_MT_CLIENT_HELLO:
|
---|
| 1705 | return "Client hello";
|
---|
| 1706 | case SSL3_MT_SERVER_HELLO:
|
---|
| 1707 | return "Server hello";
|
---|
| 1708 | #ifdef SSL3_MT_NEWSESSION_TICKET
|
---|
| 1709 | case SSL3_MT_NEWSESSION_TICKET:
|
---|
| 1710 | return "Newsession Ticket";
|
---|
| 1711 | #endif
|
---|
| 1712 | case SSL3_MT_CERTIFICATE:
|
---|
| 1713 | return "Certificate";
|
---|
| 1714 | case SSL3_MT_SERVER_KEY_EXCHANGE:
|
---|
| 1715 | return "Server key exchange";
|
---|
| 1716 | case SSL3_MT_CLIENT_KEY_EXCHANGE:
|
---|
| 1717 | return "Client key exchange";
|
---|
| 1718 | case SSL3_MT_CERTIFICATE_REQUEST:
|
---|
| 1719 | return "Request CERT";
|
---|
| 1720 | case SSL3_MT_SERVER_DONE:
|
---|
| 1721 | return "Server finished";
|
---|
| 1722 | case SSL3_MT_CERTIFICATE_VERIFY:
|
---|
| 1723 | return "CERT verify";
|
---|
| 1724 | case SSL3_MT_FINISHED:
|
---|
| 1725 | return "Finished";
|
---|
| 1726 | #ifdef SSL3_MT_CERTIFICATE_STATUS
|
---|
| 1727 | case SSL3_MT_CERTIFICATE_STATUS:
|
---|
| 1728 | return "Certificate Status";
|
---|
| 1729 | #endif
|
---|
| 1730 | }
|
---|
| 1731 | }
|
---|
| 1732 | return "Unknown";
|
---|
| 1733 | }
|
---|
| 1734 |
|
---|
| 1735 | static const char *tls_rt_type(int type)
|
---|
| 1736 | {
|
---|
| 1737 | switch(type) {
|
---|
| 1738 | #ifdef SSL3_RT_HEADER
|
---|
| 1739 | case SSL3_RT_HEADER:
|
---|
| 1740 | return "TLS header";
|
---|
| 1741 | #endif
|
---|
| 1742 | case SSL3_RT_CHANGE_CIPHER_SPEC:
|
---|
| 1743 | return "TLS change cipher";
|
---|
| 1744 | case SSL3_RT_ALERT:
|
---|
| 1745 | return "TLS alert";
|
---|
| 1746 | case SSL3_RT_HANDSHAKE:
|
---|
| 1747 | return "TLS handshake";
|
---|
| 1748 | case SSL3_RT_APPLICATION_DATA:
|
---|
| 1749 | return "TLS app data";
|
---|
| 1750 | default:
|
---|
| 1751 | return "TLS Unknown";
|
---|
| 1752 | }
|
---|
| 1753 | }
|
---|
| 1754 |
|
---|
| 1755 |
|
---|
| 1756 | /*
|
---|
| 1757 | * Our callback from the SSL/TLS layers.
|
---|
| 1758 | */
|
---|
| 1759 | static void ssl_tls_trace(int direction, int ssl_ver, int content_type,
|
---|
| 1760 | const void *buf, size_t len, SSL *ssl,
|
---|
| 1761 | void *userp)
|
---|
| 1762 | {
|
---|
| 1763 | struct Curl_easy *data;
|
---|
| 1764 | const char *msg_name, *tls_rt_name;
|
---|
| 1765 | char ssl_buf[1024];
|
---|
| 1766 | char unknown[32];
|
---|
| 1767 | int msg_type, txt_len;
|
---|
| 1768 | const char *verstr = NULL;
|
---|
| 1769 | struct connectdata *conn = userp;
|
---|
| 1770 |
|
---|
| 1771 | if(!conn || !conn->data || !conn->data->set.fdebug ||
|
---|
| 1772 | (direction != 0 && direction != 1))
|
---|
| 1773 | return;
|
---|
| 1774 |
|
---|
| 1775 | data = conn->data;
|
---|
| 1776 |
|
---|
| 1777 | switch(ssl_ver) {
|
---|
| 1778 | #ifdef SSL2_VERSION /* removed in recent versions */
|
---|
| 1779 | case SSL2_VERSION:
|
---|
| 1780 | verstr = "SSLv2";
|
---|
| 1781 | break;
|
---|
| 1782 | #endif
|
---|
| 1783 | #ifdef SSL3_VERSION
|
---|
| 1784 | case SSL3_VERSION:
|
---|
| 1785 | verstr = "SSLv3";
|
---|
| 1786 | break;
|
---|
| 1787 | #endif
|
---|
| 1788 | case TLS1_VERSION:
|
---|
| 1789 | verstr = "TLSv1.0";
|
---|
| 1790 | break;
|
---|
| 1791 | #ifdef TLS1_1_VERSION
|
---|
| 1792 | case TLS1_1_VERSION:
|
---|
| 1793 | verstr = "TLSv1.1";
|
---|
| 1794 | break;
|
---|
| 1795 | #endif
|
---|
| 1796 | #ifdef TLS1_2_VERSION
|
---|
| 1797 | case TLS1_2_VERSION:
|
---|
| 1798 | verstr = "TLSv1.2";
|
---|
| 1799 | break;
|
---|
| 1800 | #endif
|
---|
| 1801 | #ifdef TLS1_3_VERSION
|
---|
| 1802 | case TLS1_3_VERSION:
|
---|
| 1803 | verstr = "TLSv1.3";
|
---|
| 1804 | break;
|
---|
| 1805 | #endif
|
---|
| 1806 | case 0:
|
---|
| 1807 | break;
|
---|
| 1808 | default:
|
---|
| 1809 | snprintf(unknown, sizeof(unknown), "(%x)", ssl_ver);
|
---|
| 1810 | verstr = unknown;
|
---|
| 1811 | break;
|
---|
| 1812 | }
|
---|
| 1813 |
|
---|
| 1814 | if(ssl_ver) {
|
---|
| 1815 | /* the info given when the version is zero is not that useful for us */
|
---|
| 1816 |
|
---|
| 1817 | ssl_ver >>= 8; /* check the upper 8 bits only below */
|
---|
| 1818 |
|
---|
| 1819 | /* SSLv2 doesn't seem to have TLS record-type headers, so OpenSSL
|
---|
| 1820 | * always pass-up content-type as 0. But the interesting message-type
|
---|
| 1821 | * is at 'buf[0]'.
|
---|
| 1822 | */
|
---|
| 1823 | if(ssl_ver == SSL3_VERSION_MAJOR && content_type)
|
---|
| 1824 | tls_rt_name = tls_rt_type(content_type);
|
---|
| 1825 | else
|
---|
| 1826 | tls_rt_name = "";
|
---|
| 1827 |
|
---|
| 1828 | msg_type = *(char *)buf;
|
---|
| 1829 | msg_name = ssl_msg_type(ssl_ver, msg_type);
|
---|
| 1830 |
|
---|
| 1831 | txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "%s (%s), %s, %s (%d):\n",
|
---|
| 1832 | verstr, direction?"OUT":"IN",
|
---|
| 1833 | tls_rt_name, msg_name, msg_type);
|
---|
| 1834 | Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL);
|
---|
| 1835 | }
|
---|
| 1836 |
|
---|
| 1837 | Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT :
|
---|
| 1838 | CURLINFO_SSL_DATA_IN, (char *)buf, len, NULL);
|
---|
| 1839 | (void) ssl;
|
---|
| 1840 | }
|
---|
| 1841 | #endif
|
---|
| 1842 |
|
---|
| 1843 | #ifdef USE_OPENSSL
|
---|
| 1844 | /* ====================================================== */
|
---|
| 1845 |
|
---|
| 1846 | #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
---|
| 1847 | # define use_sni(x) sni = (x)
|
---|
| 1848 | #else
|
---|
| 1849 | # define use_sni(x) Curl_nop_stmt
|
---|
| 1850 | #endif
|
---|
| 1851 |
|
---|
| 1852 | /* Check for OpenSSL 1.0.2 which has ALPN support. */
|
---|
| 1853 | #undef HAS_ALPN
|
---|
| 1854 | #if OPENSSL_VERSION_NUMBER >= 0x10002000L \
|
---|
| 1855 | && !defined(OPENSSL_NO_TLSEXT)
|
---|
| 1856 | # define HAS_ALPN 1
|
---|
| 1857 | #endif
|
---|
| 1858 |
|
---|
| 1859 | /* Check for OpenSSL 1.0.1 which has NPN support. */
|
---|
| 1860 | #undef HAS_NPN
|
---|
| 1861 | #if OPENSSL_VERSION_NUMBER >= 0x10001000L \
|
---|
| 1862 | && !defined(OPENSSL_NO_TLSEXT) \
|
---|
| 1863 | && !defined(OPENSSL_NO_NEXTPROTONEG)
|
---|
| 1864 | # define HAS_NPN 1
|
---|
| 1865 | #endif
|
---|
| 1866 |
|
---|
| 1867 | #ifdef HAS_NPN
|
---|
| 1868 |
|
---|
| 1869 | /*
|
---|
| 1870 | * in is a list of length prefixed strings. this function has to select
|
---|
| 1871 | * the protocol we want to use from the list and write its string into out.
|
---|
| 1872 | */
|
---|
| 1873 |
|
---|
| 1874 | static int
|
---|
| 1875 | select_next_protocol(unsigned char **out, unsigned char *outlen,
|
---|
| 1876 | const unsigned char *in, unsigned int inlen,
|
---|
| 1877 | const char *key, unsigned int keylen)
|
---|
| 1878 | {
|
---|
| 1879 | unsigned int i;
|
---|
| 1880 | for(i = 0; i + keylen <= inlen; i += in[i] + 1) {
|
---|
| 1881 | if(memcmp(&in[i + 1], key, keylen) == 0) {
|
---|
| 1882 | *out = (unsigned char *) &in[i + 1];
|
---|
| 1883 | *outlen = in[i];
|
---|
| 1884 | return 0;
|
---|
| 1885 | }
|
---|
| 1886 | }
|
---|
| 1887 | return -1;
|
---|
| 1888 | }
|
---|
| 1889 |
|
---|
| 1890 | static int
|
---|
| 1891 | select_next_proto_cb(SSL *ssl,
|
---|
| 1892 | unsigned char **out, unsigned char *outlen,
|
---|
| 1893 | const unsigned char *in, unsigned int inlen,
|
---|
| 1894 | void *arg)
|
---|
| 1895 | {
|
---|
| 1896 | struct connectdata *conn = (struct connectdata*) arg;
|
---|
| 1897 |
|
---|
| 1898 | (void)ssl;
|
---|
| 1899 |
|
---|
| 1900 | #ifdef USE_NGHTTP2
|
---|
| 1901 | if(conn->data->set.httpversion >= CURL_HTTP_VERSION_2 &&
|
---|
| 1902 | !select_next_protocol(out, outlen, in, inlen, NGHTTP2_PROTO_VERSION_ID,
|
---|
| 1903 | NGHTTP2_PROTO_VERSION_ID_LEN)) {
|
---|
| 1904 | infof(conn->data, "NPN, negotiated HTTP2 (%s)\n",
|
---|
| 1905 | NGHTTP2_PROTO_VERSION_ID);
|
---|
| 1906 | conn->negnpn = CURL_HTTP_VERSION_2;
|
---|
| 1907 | return SSL_TLSEXT_ERR_OK;
|
---|
| 1908 | }
|
---|
| 1909 | #endif
|
---|
| 1910 |
|
---|
| 1911 | if(!select_next_protocol(out, outlen, in, inlen, ALPN_HTTP_1_1,
|
---|
| 1912 | ALPN_HTTP_1_1_LENGTH)) {
|
---|
| 1913 | infof(conn->data, "NPN, negotiated HTTP1.1\n");
|
---|
| 1914 | conn->negnpn = CURL_HTTP_VERSION_1_1;
|
---|
| 1915 | return SSL_TLSEXT_ERR_OK;
|
---|
| 1916 | }
|
---|
| 1917 |
|
---|
| 1918 | infof(conn->data, "NPN, no overlap, use HTTP1.1\n");
|
---|
| 1919 | *out = (unsigned char *)ALPN_HTTP_1_1;
|
---|
| 1920 | *outlen = ALPN_HTTP_1_1_LENGTH;
|
---|
| 1921 | conn->negnpn = CURL_HTTP_VERSION_1_1;
|
---|
| 1922 |
|
---|
| 1923 | return SSL_TLSEXT_ERR_OK;
|
---|
| 1924 | }
|
---|
| 1925 | #endif /* HAS_NPN */
|
---|
| 1926 |
|
---|
| 1927 | static const char *
|
---|
| 1928 | get_ssl_version_txt(SSL *ssl)
|
---|
| 1929 | {
|
---|
| 1930 | if(!ssl)
|
---|
| 1931 | return "";
|
---|
| 1932 |
|
---|
| 1933 | switch(SSL_version(ssl)) {
|
---|
| 1934 | #ifdef TLS1_3_VERSION
|
---|
| 1935 | case TLS1_3_VERSION:
|
---|
| 1936 | return "TLSv1.3";
|
---|
| 1937 | #endif
|
---|
| 1938 | #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
|
---|
| 1939 | case TLS1_2_VERSION:
|
---|
| 1940 | return "TLSv1.2";
|
---|
| 1941 | case TLS1_1_VERSION:
|
---|
| 1942 | return "TLSv1.1";
|
---|
| 1943 | #endif
|
---|
| 1944 | case TLS1_VERSION:
|
---|
| 1945 | return "TLSv1.0";
|
---|
| 1946 | case SSL3_VERSION:
|
---|
| 1947 | return "SSLv3";
|
---|
| 1948 | case SSL2_VERSION:
|
---|
| 1949 | return "SSLv2";
|
---|
| 1950 | }
|
---|
| 1951 | return "unknown";
|
---|
| 1952 | }
|
---|
| 1953 |
|
---|
| 1954 | static CURLcode
|
---|
| 1955 | set_ssl_version_min_max(long *ctx_options, struct connectdata *conn,
|
---|
| 1956 | int sockindex)
|
---|
| 1957 | {
|
---|
| 1958 | #if (OPENSSL_VERSION_NUMBER < 0x1000100FL) || !defined(TLS1_3_VERSION)
|
---|
| 1959 | /* convoluted #if condition just to avoid compiler warnings on unused
|
---|
| 1960 | variable */
|
---|
| 1961 | struct Curl_easy *data = conn->data;
|
---|
| 1962 | #endif
|
---|
| 1963 | long ssl_version = SSL_CONN_CONFIG(version);
|
---|
| 1964 | long ssl_version_max = SSL_CONN_CONFIG(version_max);
|
---|
| 1965 |
|
---|
| 1966 | if(ssl_version_max == CURL_SSLVERSION_MAX_NONE) {
|
---|
| 1967 | ssl_version_max = ssl_version << 16;
|
---|
| 1968 | }
|
---|
| 1969 |
|
---|
| 1970 | switch(ssl_version) {
|
---|
| 1971 | case CURL_SSLVERSION_TLSv1_3:
|
---|
| 1972 | #ifdef TLS1_3_VERSION
|
---|
| 1973 | {
|
---|
| 1974 | struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
---|
| 1975 | SSL_CTX_set_max_proto_version(BACKEND->ctx, TLS1_3_VERSION);
|
---|
| 1976 | *ctx_options |= SSL_OP_NO_TLSv1_2;
|
---|
| 1977 | }
|
---|
| 1978 | #else
|
---|
| 1979 | (void)sockindex;
|
---|
| 1980 | failf(data, OSSL_PACKAGE " was built without TLS 1.3 support");
|
---|
| 1981 | return CURLE_NOT_BUILT_IN;
|
---|
| 1982 | #endif
|
---|
| 1983 | /* FALLTHROUGH */
|
---|
| 1984 | case CURL_SSLVERSION_TLSv1_2:
|
---|
| 1985 | #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
|
---|
| 1986 | *ctx_options |= SSL_OP_NO_TLSv1_1;
|
---|
| 1987 | #else
|
---|
| 1988 | failf(data, OSSL_PACKAGE " was built without TLS 1.2 support");
|
---|
| 1989 | return CURLE_NOT_BUILT_IN;
|
---|
| 1990 | #endif
|
---|
| 1991 | /* FALLTHROUGH */
|
---|
| 1992 | case CURL_SSLVERSION_TLSv1_1:
|
---|
| 1993 | #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
|
---|
| 1994 | *ctx_options |= SSL_OP_NO_TLSv1;
|
---|
| 1995 | #else
|
---|
| 1996 | failf(data, OSSL_PACKAGE " was built without TLS 1.1 support");
|
---|
| 1997 | return CURLE_NOT_BUILT_IN;
|
---|
| 1998 | #endif
|
---|
| 1999 | /* FALLTHROUGH */
|
---|
| 2000 | case CURL_SSLVERSION_TLSv1_0:
|
---|
| 2001 | *ctx_options |= SSL_OP_NO_SSLv2;
|
---|
| 2002 | *ctx_options |= SSL_OP_NO_SSLv3;
|
---|
| 2003 | break;
|
---|
| 2004 | }
|
---|
| 2005 |
|
---|
| 2006 | switch(ssl_version_max) {
|
---|
| 2007 | case CURL_SSLVERSION_MAX_TLSv1_0:
|
---|
| 2008 | #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
|
---|
| 2009 | *ctx_options |= SSL_OP_NO_TLSv1_1;
|
---|
| 2010 | #endif
|
---|
| 2011 | /* FALLTHROUGH */
|
---|
| 2012 | case CURL_SSLVERSION_MAX_TLSv1_1:
|
---|
| 2013 | #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
|
---|
| 2014 | *ctx_options |= SSL_OP_NO_TLSv1_2;
|
---|
| 2015 | #endif
|
---|
| 2016 | /* FALLTHROUGH */
|
---|
| 2017 | case CURL_SSLVERSION_MAX_TLSv1_2:
|
---|
| 2018 | case CURL_SSLVERSION_MAX_DEFAULT:
|
---|
| 2019 | #ifdef TLS1_3_VERSION
|
---|
| 2020 | *ctx_options |= SSL_OP_NO_TLSv1_3;
|
---|
| 2021 | #endif
|
---|
| 2022 | break;
|
---|
| 2023 | case CURL_SSLVERSION_MAX_TLSv1_3:
|
---|
| 2024 | #ifdef TLS1_3_VERSION
|
---|
| 2025 | break;
|
---|
| 2026 | #else
|
---|
| 2027 | failf(data, OSSL_PACKAGE " was built without TLS 1.3 support");
|
---|
| 2028 | return CURLE_NOT_BUILT_IN;
|
---|
| 2029 | #endif
|
---|
| 2030 | }
|
---|
| 2031 | return CURLE_OK;
|
---|
| 2032 | }
|
---|
| 2033 |
|
---|
| 2034 | static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
|
---|
| 2035 | {
|
---|
| 2036 | CURLcode result = CURLE_OK;
|
---|
| 2037 | char *ciphers;
|
---|
| 2038 | struct Curl_easy *data = conn->data;
|
---|
| 2039 | SSL_METHOD_QUAL SSL_METHOD *req_method = NULL;
|
---|
| 2040 | X509_LOOKUP *lookup = NULL;
|
---|
| 2041 | curl_socket_t sockfd = conn->sock[sockindex];
|
---|
| 2042 | struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
---|
| 2043 | long ctx_options = 0;
|
---|
| 2044 | #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
---|
| 2045 | bool sni;
|
---|
| 2046 | const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
|
---|
| 2047 | conn->host.name;
|
---|
| 2048 | #ifdef ENABLE_IPV6
|
---|
| 2049 | struct in6_addr addr;
|
---|
| 2050 | #else
|
---|
| 2051 | struct in_addr addr;
|
---|
| 2052 | #endif
|
---|
| 2053 | #endif
|
---|
| 2054 | long * const certverifyresult = SSL_IS_PROXY() ?
|
---|
| 2055 | &data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult;
|
---|
| 2056 | const long int ssl_version = SSL_CONN_CONFIG(version);
|
---|
| 2057 | #ifdef USE_TLS_SRP
|
---|
| 2058 | const enum CURL_TLSAUTH ssl_authtype = SSL_SET_OPTION(authtype);
|
---|
| 2059 | #endif
|
---|
| 2060 | char * const ssl_cert = SSL_SET_OPTION(cert);
|
---|
| 2061 | const char * const ssl_cert_type = SSL_SET_OPTION(cert_type);
|
---|
| 2062 | const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile);
|
---|
| 2063 | const char * const ssl_capath = SSL_CONN_CONFIG(CApath);
|
---|
| 2064 | const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
|
---|
| 2065 | const char * const ssl_crlfile = SSL_SET_OPTION(CRLfile);
|
---|
| 2066 | char error_buffer[256];
|
---|
| 2067 |
|
---|
| 2068 | DEBUGASSERT(ssl_connect_1 == connssl->connecting_state);
|
---|
| 2069 |
|
---|
| 2070 | /* Make funny stuff to get random input */
|
---|
| 2071 | result = Curl_ossl_seed(data);
|
---|
| 2072 | if(result)
|
---|
| 2073 | return result;
|
---|
| 2074 |
|
---|
| 2075 | *certverifyresult = !X509_V_OK;
|
---|
| 2076 |
|
---|
| 2077 | /* check to see if we've been told to use an explicit SSL/TLS version */
|
---|
| 2078 |
|
---|
| 2079 | switch(ssl_version) {
|
---|
| 2080 | case CURL_SSLVERSION_DEFAULT:
|
---|
| 2081 | case CURL_SSLVERSION_TLSv1:
|
---|
| 2082 | case CURL_SSLVERSION_TLSv1_0:
|
---|
| 2083 | case CURL_SSLVERSION_TLSv1_1:
|
---|
| 2084 | case CURL_SSLVERSION_TLSv1_2:
|
---|
| 2085 | case CURL_SSLVERSION_TLSv1_3:
|
---|
| 2086 | /* it will be handled later with the context options */
|
---|
| 2087 | #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \
|
---|
| 2088 | !defined(LIBRESSL_VERSION_NUMBER)
|
---|
| 2089 | req_method = TLS_client_method();
|
---|
| 2090 | #else
|
---|
| 2091 | req_method = SSLv23_client_method();
|
---|
| 2092 | #endif
|
---|
| 2093 | use_sni(TRUE);
|
---|
| 2094 | break;
|
---|
| 2095 | case CURL_SSLVERSION_SSLv2:
|
---|
| 2096 | #ifdef OPENSSL_NO_SSL2
|
---|
| 2097 | failf(data, OSSL_PACKAGE " was built without SSLv2 support");
|
---|
| 2098 | return CURLE_NOT_BUILT_IN;
|
---|
| 2099 | #else
|
---|
| 2100 | #ifdef USE_TLS_SRP
|
---|
| 2101 | if(ssl_authtype == CURL_TLSAUTH_SRP)
|
---|
| 2102 | return CURLE_SSL_CONNECT_ERROR;
|
---|
| 2103 | #endif
|
---|
| 2104 | req_method = SSLv2_client_method();
|
---|
| 2105 | use_sni(FALSE);
|
---|
| 2106 | break;
|
---|
| 2107 | #endif
|
---|
| 2108 | case CURL_SSLVERSION_SSLv3:
|
---|
| 2109 | #ifdef OPENSSL_NO_SSL3_METHOD
|
---|
| 2110 | failf(data, OSSL_PACKAGE " was built without SSLv3 support");
|
---|
| 2111 | return CURLE_NOT_BUILT_IN;
|
---|
| 2112 | #else
|
---|
| 2113 | #ifdef USE_TLS_SRP
|
---|
| 2114 | if(ssl_authtype == CURL_TLSAUTH_SRP)
|
---|
| 2115 | return CURLE_SSL_CONNECT_ERROR;
|
---|
| 2116 | #endif
|
---|
| 2117 | req_method = SSLv3_client_method();
|
---|
| 2118 | use_sni(FALSE);
|
---|
| 2119 | break;
|
---|
| 2120 | #endif
|
---|
| 2121 | default:
|
---|
| 2122 | failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
|
---|
| 2123 | return CURLE_SSL_CONNECT_ERROR;
|
---|
| 2124 | }
|
---|
| 2125 |
|
---|
| 2126 | if(BACKEND->ctx)
|
---|
| 2127 | SSL_CTX_free(BACKEND->ctx);
|
---|
| 2128 | BACKEND->ctx = SSL_CTX_new(req_method);
|
---|
| 2129 |
|
---|
| 2130 | if(!BACKEND->ctx) {
|
---|
| 2131 | failf(data, "SSL: couldn't create a context: %s",
|
---|
| 2132 | ossl_strerror(ERR_peek_error(), error_buffer, sizeof(error_buffer)));
|
---|
| 2133 | return CURLE_OUT_OF_MEMORY;
|
---|
| 2134 | }
|
---|
| 2135 |
|
---|
| 2136 | #ifdef SSL_MODE_RELEASE_BUFFERS
|
---|
| 2137 | SSL_CTX_set_mode(BACKEND->ctx, SSL_MODE_RELEASE_BUFFERS);
|
---|
| 2138 | #endif
|
---|
| 2139 |
|
---|
| 2140 | #ifdef SSL_CTRL_SET_MSG_CALLBACK
|
---|
| 2141 | if(data->set.fdebug && data->set.verbose) {
|
---|
| 2142 | /* the SSL trace callback is only used for verbose logging */
|
---|
| 2143 | SSL_CTX_set_msg_callback(BACKEND->ctx, ssl_tls_trace);
|
---|
| 2144 | SSL_CTX_set_msg_callback_arg(BACKEND->ctx, conn);
|
---|
| 2145 | }
|
---|
| 2146 | #endif
|
---|
| 2147 |
|
---|
| 2148 | /* OpenSSL contains code to work-around lots of bugs and flaws in various
|
---|
| 2149 | SSL-implementations. SSL_CTX_set_options() is used to enabled those
|
---|
| 2150 | work-arounds. The man page for this option states that SSL_OP_ALL enables
|
---|
| 2151 | all the work-arounds and that "It is usually safe to use SSL_OP_ALL to
|
---|
| 2152 | enable the bug workaround options if compatibility with somewhat broken
|
---|
| 2153 | implementations is desired."
|
---|
| 2154 |
|
---|
| 2155 | The "-no_ticket" option was introduced in Openssl0.9.8j. It's a flag to
|
---|
| 2156 | disable "rfc4507bis session ticket support". rfc4507bis was later turned
|
---|
| 2157 | into the proper RFC5077 it seems: https://tools.ietf.org/html/rfc5077
|
---|
| 2158 |
|
---|
| 2159 | The enabled extension concerns the session management. I wonder how often
|
---|
| 2160 | libcurl stops a connection and then resumes a TLS session. also, sending
|
---|
| 2161 | the session data is some overhead. .I suggest that you just use your
|
---|
| 2162 | proposed patch (which explicitly disables TICKET).
|
---|
| 2163 |
|
---|
| 2164 | If someone writes an application with libcurl and openssl who wants to
|
---|
| 2165 | enable the feature, one can do this in the SSL callback.
|
---|
| 2166 |
|
---|
| 2167 | SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option enabling allowed proper
|
---|
| 2168 | interoperability with web server Netscape Enterprise Server 2.0.1 which
|
---|
| 2169 | was released back in 1996.
|
---|
| 2170 |
|
---|
| 2171 | Due to CVE-2010-4180, option SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG has
|
---|
| 2172 | become ineffective as of OpenSSL 0.9.8q and 1.0.0c. In order to mitigate
|
---|
| 2173 | CVE-2010-4180 when using previous OpenSSL versions we no longer enable
|
---|
| 2174 | this option regardless of OpenSSL version and SSL_OP_ALL definition.
|
---|
| 2175 |
|
---|
| 2176 | OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability
|
---|
| 2177 | (https://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit to
|
---|
| 2178 | SSL_OP_ALL that _disables_ that work-around despite the fact that
|
---|
| 2179 | SSL_OP_ALL is documented to do "rather harmless" workarounds. In order to
|
---|
| 2180 | keep the secure work-around, the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit
|
---|
| 2181 | must not be set.
|
---|
| 2182 | */
|
---|
| 2183 |
|
---|
| 2184 | ctx_options = SSL_OP_ALL;
|
---|
| 2185 |
|
---|
| 2186 | #ifdef SSL_OP_NO_TICKET
|
---|
| 2187 | ctx_options |= SSL_OP_NO_TICKET;
|
---|
| 2188 | #endif
|
---|
| 2189 |
|
---|
| 2190 | #ifdef SSL_OP_NO_COMPRESSION
|
---|
| 2191 | ctx_options |= SSL_OP_NO_COMPRESSION;
|
---|
| 2192 | #endif
|
---|
| 2193 |
|
---|
| 2194 | #ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
|
---|
| 2195 | /* mitigate CVE-2010-4180 */
|
---|
| 2196 | ctx_options &= ~SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
|
---|
| 2197 | #endif
|
---|
| 2198 |
|
---|
| 2199 | #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
|
---|
| 2200 | /* unless the user explicitly ask to allow the protocol vulnerability we
|
---|
| 2201 | use the work-around */
|
---|
| 2202 | if(!SSL_SET_OPTION(enable_beast))
|
---|
| 2203 | ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
|
---|
| 2204 | #endif
|
---|
| 2205 |
|
---|
| 2206 | switch(ssl_version) {
|
---|
| 2207 | case CURL_SSLVERSION_SSLv3:
|
---|
| 2208 | #ifdef USE_TLS_SRP
|
---|
| 2209 | if(ssl_authtype == CURL_TLSAUTH_SRP) {
|
---|
| 2210 | infof(data, "Set version TLSv1.x for SRP authorisation\n");
|
---|
| 2211 | }
|
---|
| 2212 | #endif
|
---|
| 2213 | ctx_options |= SSL_OP_NO_SSLv2;
|
---|
| 2214 | ctx_options |= SSL_OP_NO_TLSv1;
|
---|
| 2215 | #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
|
---|
| 2216 | ctx_options |= SSL_OP_NO_TLSv1_1;
|
---|
| 2217 | ctx_options |= SSL_OP_NO_TLSv1_2;
|
---|
| 2218 | #ifdef TLS1_3_VERSION
|
---|
| 2219 | ctx_options |= SSL_OP_NO_TLSv1_3;
|
---|
| 2220 | #endif
|
---|
| 2221 | #endif
|
---|
| 2222 | break;
|
---|
| 2223 |
|
---|
| 2224 | case CURL_SSLVERSION_DEFAULT:
|
---|
| 2225 | case CURL_SSLVERSION_TLSv1:
|
---|
| 2226 | ctx_options |= SSL_OP_NO_SSLv2;
|
---|
| 2227 | ctx_options |= SSL_OP_NO_SSLv3;
|
---|
| 2228 | break;
|
---|
| 2229 |
|
---|
| 2230 | case CURL_SSLVERSION_TLSv1_0:
|
---|
| 2231 | case CURL_SSLVERSION_TLSv1_1:
|
---|
| 2232 | case CURL_SSLVERSION_TLSv1_2:
|
---|
| 2233 | case CURL_SSLVERSION_TLSv1_3:
|
---|
| 2234 | result = set_ssl_version_min_max(&ctx_options, conn, sockindex);
|
---|
| 2235 | if(result != CURLE_OK)
|
---|
| 2236 | return result;
|
---|
| 2237 | break;
|
---|
| 2238 |
|
---|
| 2239 | case CURL_SSLVERSION_SSLv2:
|
---|
| 2240 | #ifndef OPENSSL_NO_SSL2
|
---|
| 2241 | ctx_options |= SSL_OP_NO_SSLv3;
|
---|
| 2242 | ctx_options |= SSL_OP_NO_TLSv1;
|
---|
| 2243 | #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
|
---|
| 2244 | ctx_options |= SSL_OP_NO_TLSv1_1;
|
---|
| 2245 | ctx_options |= SSL_OP_NO_TLSv1_2;
|
---|
| 2246 | #ifdef TLS1_3_VERSION
|
---|
| 2247 | ctx_options |= SSL_OP_NO_TLSv1_3;
|
---|
| 2248 | #endif
|
---|
| 2249 | #endif
|
---|
| 2250 | break;
|
---|
| 2251 | #else
|
---|
| 2252 | failf(data, OSSL_PACKAGE " was built without SSLv2 support");
|
---|
| 2253 | return CURLE_NOT_BUILT_IN;
|
---|
| 2254 | #endif
|
---|
| 2255 |
|
---|
| 2256 | default:
|
---|
| 2257 | failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
|
---|
| 2258 | return CURLE_SSL_CONNECT_ERROR;
|
---|
| 2259 | }
|
---|
| 2260 |
|
---|
| 2261 | SSL_CTX_set_options(BACKEND->ctx, ctx_options);
|
---|
| 2262 |
|
---|
| 2263 | #ifdef HAS_NPN
|
---|
| 2264 | if(conn->bits.tls_enable_npn)
|
---|
| 2265 | SSL_CTX_set_next_proto_select_cb(BACKEND->ctx, select_next_proto_cb, conn);
|
---|
| 2266 | #endif
|
---|
| 2267 |
|
---|
| 2268 | #ifdef HAS_ALPN
|
---|
| 2269 | if(conn->bits.tls_enable_alpn) {
|
---|
| 2270 | int cur = 0;
|
---|
| 2271 | unsigned char protocols[128];
|
---|
| 2272 |
|
---|
| 2273 | #ifdef USE_NGHTTP2
|
---|
| 2274 | if(data->set.httpversion >= CURL_HTTP_VERSION_2 &&
|
---|
| 2275 | (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) {
|
---|
| 2276 | protocols[cur++] = NGHTTP2_PROTO_VERSION_ID_LEN;
|
---|
| 2277 |
|
---|
| 2278 | memcpy(&protocols[cur], NGHTTP2_PROTO_VERSION_ID,
|
---|
| 2279 | NGHTTP2_PROTO_VERSION_ID_LEN);
|
---|
| 2280 | cur += NGHTTP2_PROTO_VERSION_ID_LEN;
|
---|
| 2281 | infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
|
---|
| 2282 | }
|
---|
| 2283 | #endif
|
---|
| 2284 |
|
---|
| 2285 | protocols[cur++] = ALPN_HTTP_1_1_LENGTH;
|
---|
| 2286 | memcpy(&protocols[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH);
|
---|
| 2287 | cur += ALPN_HTTP_1_1_LENGTH;
|
---|
| 2288 | infof(data, "ALPN, offering %s\n", ALPN_HTTP_1_1);
|
---|
| 2289 |
|
---|
| 2290 | /* expects length prefixed preference ordered list of protocols in wire
|
---|
| 2291 | * format
|
---|
| 2292 | */
|
---|
| 2293 | SSL_CTX_set_alpn_protos(BACKEND->ctx, protocols, cur);
|
---|
| 2294 | }
|
---|
| 2295 | #endif
|
---|
| 2296 |
|
---|
| 2297 | if(ssl_cert || ssl_cert_type) {
|
---|
| 2298 | if(!cert_stuff(conn, BACKEND->ctx, ssl_cert, ssl_cert_type,
|
---|
| 2299 | SSL_SET_OPTION(key), SSL_SET_OPTION(key_type),
|
---|
| 2300 | SSL_SET_OPTION(key_passwd))) {
|
---|
| 2301 | /* failf() is already done in cert_stuff() */
|
---|
| 2302 | return CURLE_SSL_CERTPROBLEM;
|
---|
| 2303 | }
|
---|
| 2304 | }
|
---|
| 2305 |
|
---|
| 2306 | ciphers = SSL_CONN_CONFIG(cipher_list);
|
---|
| 2307 | if(!ciphers)
|
---|
| 2308 | ciphers = (char *)DEFAULT_CIPHER_SELECTION;
|
---|
| 2309 | if(ciphers) {
|
---|
| 2310 | if(!SSL_CTX_set_cipher_list(BACKEND->ctx, ciphers)) {
|
---|
| 2311 | failf(data, "failed setting cipher list: %s", ciphers);
|
---|
| 2312 | return CURLE_SSL_CIPHER;
|
---|
| 2313 | }
|
---|
| 2314 | infof(data, "Cipher selection: %s\n", ciphers);
|
---|
| 2315 | }
|
---|
| 2316 |
|
---|
| 2317 | #ifdef USE_TLS_SRP
|
---|
| 2318 | if(ssl_authtype == CURL_TLSAUTH_SRP) {
|
---|
| 2319 | char * const ssl_username = SSL_SET_OPTION(username);
|
---|
| 2320 |
|
---|
| 2321 | infof(data, "Using TLS-SRP username: %s\n", ssl_username);
|
---|
| 2322 |
|
---|
| 2323 | if(!SSL_CTX_set_srp_username(BACKEND->ctx, ssl_username)) {
|
---|
| 2324 | failf(data, "Unable to set SRP user name");
|
---|
| 2325 | return CURLE_BAD_FUNCTION_ARGUMENT;
|
---|
| 2326 | }
|
---|
| 2327 | if(!SSL_CTX_set_srp_password(BACKEND->ctx, SSL_SET_OPTION(password))) {
|
---|
| 2328 | failf(data, "failed setting SRP password");
|
---|
| 2329 | return CURLE_BAD_FUNCTION_ARGUMENT;
|
---|
| 2330 | }
|
---|
| 2331 | if(!SSL_CONN_CONFIG(cipher_list)) {
|
---|
| 2332 | infof(data, "Setting cipher list SRP\n");
|
---|
| 2333 |
|
---|
| 2334 | if(!SSL_CTX_set_cipher_list(BACKEND->ctx, "SRP")) {
|
---|
| 2335 | failf(data, "failed setting SRP cipher list");
|
---|
| 2336 | return CURLE_SSL_CIPHER;
|
---|
| 2337 | }
|
---|
| 2338 | }
|
---|
| 2339 | }
|
---|
| 2340 | #endif
|
---|
| 2341 |
|
---|
| 2342 | if(ssl_cafile || ssl_capath) {
|
---|
| 2343 | /* tell SSL where to find CA certificates that are used to verify
|
---|
| 2344 | the servers certificate. */
|
---|
| 2345 | if(!SSL_CTX_load_verify_locations(BACKEND->ctx, ssl_cafile, ssl_capath)) {
|
---|
| 2346 | if(verifypeer) {
|
---|
| 2347 | /* Fail if we insist on successfully verifying the server. */
|
---|
| 2348 | failf(data, "error setting certificate verify locations:\n"
|
---|
| 2349 | " CAfile: %s\n CApath: %s",
|
---|
| 2350 | ssl_cafile ? ssl_cafile : "none",
|
---|
| 2351 | ssl_capath ? ssl_capath : "none");
|
---|
| 2352 | return CURLE_SSL_CACERT_BADFILE;
|
---|
| 2353 | }
|
---|
| 2354 | /* Just continue with a warning if no strict certificate verification
|
---|
| 2355 | is required. */
|
---|
| 2356 | infof(data, "error setting certificate verify locations,"
|
---|
| 2357 | " continuing anyway:\n");
|
---|
| 2358 | }
|
---|
| 2359 | else {
|
---|
| 2360 | /* Everything is fine. */
|
---|
| 2361 | infof(data, "successfully set certificate verify locations:\n");
|
---|
| 2362 | }
|
---|
| 2363 | infof(data,
|
---|
| 2364 | " CAfile: %s\n"
|
---|
| 2365 | " CApath: %s\n",
|
---|
| 2366 | ssl_cafile ? ssl_cafile : "none",
|
---|
| 2367 | ssl_capath ? ssl_capath : "none");
|
---|
| 2368 | }
|
---|
| 2369 | #ifdef CURL_CA_FALLBACK
|
---|
| 2370 | else if(verifypeer) {
|
---|
| 2371 | /* verfying the peer without any CA certificates won't
|
---|
| 2372 | work so use openssl's built in default as fallback */
|
---|
| 2373 | SSL_CTX_set_default_verify_paths(BACKEND->ctx);
|
---|
| 2374 | }
|
---|
| 2375 | #endif
|
---|
| 2376 |
|
---|
| 2377 | if(ssl_crlfile) {
|
---|
| 2378 | /* tell SSL where to find CRL file that is used to check certificate
|
---|
| 2379 | * revocation */
|
---|
| 2380 | lookup = X509_STORE_add_lookup(SSL_CTX_get_cert_store(BACKEND->ctx),
|
---|
| 2381 | X509_LOOKUP_file());
|
---|
| 2382 | if(!lookup ||
|
---|
| 2383 | (!X509_load_crl_file(lookup, ssl_crlfile, X509_FILETYPE_PEM)) ) {
|
---|
| 2384 | failf(data, "error loading CRL file: %s", ssl_crlfile);
|
---|
| 2385 | return CURLE_SSL_CRL_BADFILE;
|
---|
| 2386 | }
|
---|
| 2387 | /* Everything is fine. */
|
---|
| 2388 | infof(data, "successfully load CRL file:\n");
|
---|
| 2389 | X509_STORE_set_flags(SSL_CTX_get_cert_store(BACKEND->ctx),
|
---|
| 2390 | X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
|
---|
| 2391 |
|
---|
| 2392 | infof(data, " CRLfile: %s\n", ssl_crlfile);
|
---|
| 2393 | }
|
---|
| 2394 |
|
---|
| 2395 | /* Try building a chain using issuers in the trusted store first to avoid
|
---|
| 2396 | problems with server-sent legacy intermediates.
|
---|
| 2397 | Newer versions of OpenSSL do alternate chain checking by default which
|
---|
| 2398 | gives us the same fix without as much of a performance hit (slight), so we
|
---|
| 2399 | prefer that if available.
|
---|
| 2400 | https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest
|
---|
| 2401 | */
|
---|
| 2402 | #if defined(X509_V_FLAG_TRUSTED_FIRST) && !defined(X509_V_FLAG_NO_ALT_CHAINS)
|
---|
| 2403 | if(verifypeer) {
|
---|
| 2404 | X509_STORE_set_flags(SSL_CTX_get_cert_store(BACKEND->ctx),
|
---|
| 2405 | X509_V_FLAG_TRUSTED_FIRST);
|
---|
| 2406 | }
|
---|
| 2407 | #endif
|
---|
| 2408 |
|
---|
| 2409 | /* SSL always tries to verify the peer, this only says whether it should
|
---|
| 2410 | * fail to connect if the verification fails, or if it should continue
|
---|
| 2411 | * anyway. In the latter case the result of the verification is checked with
|
---|
| 2412 | * SSL_get_verify_result() below. */
|
---|
| 2413 | SSL_CTX_set_verify(BACKEND->ctx,
|
---|
| 2414 | verifypeer ? SSL_VERIFY_PEER : SSL_VERIFY_NONE, NULL);
|
---|
| 2415 |
|
---|
| 2416 | /* Enable logging of secrets to the file specified in env SSLKEYLOGFILE. */
|
---|
| 2417 | #if defined(ENABLE_SSLKEYLOGFILE) && defined(HAVE_KEYLOG_CALLBACK)
|
---|
| 2418 | if(keylog_file) {
|
---|
| 2419 | SSL_CTX_set_keylog_callback(connssl->ctx, ossl_keylog_callback);
|
---|
| 2420 | }
|
---|
| 2421 | #endif
|
---|
| 2422 |
|
---|
| 2423 | /* give application a chance to interfere with SSL set up. */
|
---|
| 2424 | if(data->set.ssl.fsslctx) {
|
---|
| 2425 | result = (*data->set.ssl.fsslctx)(data, BACKEND->ctx,
|
---|
| 2426 | data->set.ssl.fsslctxp);
|
---|
| 2427 | if(result) {
|
---|
| 2428 | failf(data, "error signaled by ssl ctx callback");
|
---|
| 2429 | return result;
|
---|
| 2430 | }
|
---|
| 2431 | }
|
---|
| 2432 |
|
---|
| 2433 | /* Lets make an SSL structure */
|
---|
| 2434 | if(BACKEND->handle)
|
---|
| 2435 | SSL_free(BACKEND->handle);
|
---|
| 2436 | BACKEND->handle = SSL_new(BACKEND->ctx);
|
---|
| 2437 | if(!BACKEND->handle) {
|
---|
| 2438 | failf(data, "SSL: couldn't create a context (handle)!");
|
---|
| 2439 | return CURLE_OUT_OF_MEMORY;
|
---|
| 2440 | }
|
---|
| 2441 |
|
---|
| 2442 | #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
|
---|
| 2443 | !defined(OPENSSL_NO_OCSP)
|
---|
| 2444 | if(SSL_CONN_CONFIG(verifystatus))
|
---|
| 2445 | SSL_set_tlsext_status_type(BACKEND->handle, TLSEXT_STATUSTYPE_ocsp);
|
---|
| 2446 | #endif
|
---|
| 2447 |
|
---|
| 2448 | SSL_set_connect_state(BACKEND->handle);
|
---|
| 2449 |
|
---|
| 2450 | BACKEND->server_cert = 0x0;
|
---|
| 2451 | #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
---|
| 2452 | if((0 == Curl_inet_pton(AF_INET, hostname, &addr)) &&
|
---|
| 2453 | #ifdef ENABLE_IPV6
|
---|
| 2454 | (0 == Curl_inet_pton(AF_INET6, hostname, &addr)) &&
|
---|
| 2455 | #endif
|
---|
| 2456 | sni &&
|
---|
| 2457 | !SSL_set_tlsext_host_name(BACKEND->handle, hostname))
|
---|
| 2458 | infof(data, "WARNING: failed to configure server name indication (SNI) "
|
---|
| 2459 | "TLS extension\n");
|
---|
| 2460 | #endif
|
---|
| 2461 |
|
---|
| 2462 | /* Check if there's a cached ID we can/should use here! */
|
---|
| 2463 | if(SSL_SET_OPTION(primary.sessionid)) {
|
---|
| 2464 | void *ssl_sessionid = NULL;
|
---|
| 2465 |
|
---|
| 2466 | Curl_ssl_sessionid_lock(conn);
|
---|
| 2467 | if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) {
|
---|
| 2468 | /* we got a session id, use it! */
|
---|
| 2469 | if(!SSL_set_session(BACKEND->handle, ssl_sessionid)) {
|
---|
| 2470 | Curl_ssl_sessionid_unlock(conn);
|
---|
| 2471 | failf(data, "SSL: SSL_set_session failed: %s",
|
---|
| 2472 | ossl_strerror(ERR_get_error(), error_buffer,
|
---|
| 2473 | sizeof(error_buffer)));
|
---|
| 2474 | return CURLE_SSL_CONNECT_ERROR;
|
---|
| 2475 | }
|
---|
| 2476 | /* Informational message */
|
---|
| 2477 | infof(data, "SSL re-using session ID\n");
|
---|
| 2478 | }
|
---|
| 2479 | Curl_ssl_sessionid_unlock(conn);
|
---|
| 2480 | }
|
---|
| 2481 |
|
---|
| 2482 | if(conn->proxy_ssl[sockindex].use) {
|
---|
| 2483 | BIO *const bio = BIO_new(BIO_f_ssl());
|
---|
| 2484 | SSL *handle = conn->proxy_ssl[sockindex].backend->handle;
|
---|
| 2485 | DEBUGASSERT(ssl_connection_complete == conn->proxy_ssl[sockindex].state);
|
---|
| 2486 | DEBUGASSERT(handle != NULL);
|
---|
| 2487 | DEBUGASSERT(bio != NULL);
|
---|
| 2488 | BIO_set_ssl(bio, handle, FALSE);
|
---|
| 2489 | SSL_set_bio(BACKEND->handle, bio, bio);
|
---|
| 2490 | }
|
---|
| 2491 | else if(!SSL_set_fd(BACKEND->handle, (int)sockfd)) {
|
---|
| 2492 | /* pass the raw socket into the SSL layers */
|
---|
| 2493 | failf(data, "SSL: SSL_set_fd failed: %s",
|
---|
| 2494 | ossl_strerror(ERR_get_error(), error_buffer, sizeof(error_buffer)));
|
---|
| 2495 | return CURLE_SSL_CONNECT_ERROR;
|
---|
| 2496 | }
|
---|
| 2497 |
|
---|
| 2498 | connssl->connecting_state = ssl_connect_2;
|
---|
| 2499 |
|
---|
| 2500 | return CURLE_OK;
|
---|
| 2501 | }
|
---|
| 2502 |
|
---|
| 2503 | static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex)
|
---|
| 2504 | {
|
---|
| 2505 | struct Curl_easy *data = conn->data;
|
---|
| 2506 | int err;
|
---|
| 2507 | struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
---|
| 2508 | long * const certverifyresult = SSL_IS_PROXY() ?
|
---|
| 2509 | &data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult;
|
---|
| 2510 | DEBUGASSERT(ssl_connect_2 == connssl->connecting_state
|
---|
| 2511 | || ssl_connect_2_reading == connssl->connecting_state
|
---|
| 2512 | || ssl_connect_2_writing == connssl->connecting_state);
|
---|
| 2513 |
|
---|
| 2514 | ERR_clear_error();
|
---|
| 2515 |
|
---|
| 2516 | err = SSL_connect(BACKEND->handle);
|
---|
| 2517 | /* If keylogging is enabled but the keylog callback is not supported then log
|
---|
| 2518 | secrets here, immediately after SSL_connect by using tap_ssl_key. */
|
---|
| 2519 | #if defined(ENABLE_SSLKEYLOGFILE) && !defined(HAVE_KEYLOG_CALLBACK)
|
---|
| 2520 | tap_ssl_key(BACKEND->handle, &BACKEND->tap_state);
|
---|
| 2521 | #endif
|
---|
| 2522 |
|
---|
| 2523 | /* 1 is fine
|
---|
| 2524 | 0 is "not successful but was shut down controlled"
|
---|
| 2525 | <0 is "handshake was not successful, because a fatal error occurred" */
|
---|
| 2526 | if(1 != err) {
|
---|
| 2527 | int detail = SSL_get_error(BACKEND->handle, err);
|
---|
| 2528 |
|
---|
| 2529 | if(SSL_ERROR_WANT_READ == detail) {
|
---|
| 2530 | connssl->connecting_state = ssl_connect_2_reading;
|
---|
| 2531 | return CURLE_OK;
|
---|
| 2532 | }
|
---|
| 2533 | if(SSL_ERROR_WANT_WRITE == detail) {
|
---|
| 2534 | connssl->connecting_state = ssl_connect_2_writing;
|
---|
| 2535 | return CURLE_OK;
|
---|
| 2536 | }
|
---|
| 2537 | else {
|
---|
| 2538 | /* untreated error */
|
---|
| 2539 | unsigned long errdetail;
|
---|
| 2540 | char error_buffer[256]="";
|
---|
| 2541 | CURLcode result;
|
---|
| 2542 | long lerr;
|
---|
| 2543 | int lib;
|
---|
| 2544 | int reason;
|
---|
| 2545 |
|
---|
| 2546 | /* the connection failed, we're not waiting for anything else. */
|
---|
| 2547 | connssl->connecting_state = ssl_connect_2;
|
---|
| 2548 |
|
---|
| 2549 | /* Get the earliest error code from the thread's error queue and removes
|
---|
| 2550 | the entry. */
|
---|
| 2551 | errdetail = ERR_get_error();
|
---|
| 2552 |
|
---|
| 2553 | /* Extract which lib and reason */
|
---|
| 2554 | lib = ERR_GET_LIB(errdetail);
|
---|
| 2555 | reason = ERR_GET_REASON(errdetail);
|
---|
| 2556 |
|
---|
| 2557 | if((lib == ERR_LIB_SSL) &&
|
---|
| 2558 | (reason == SSL_R_CERTIFICATE_VERIFY_FAILED)) {
|
---|
| 2559 | result = CURLE_SSL_CACERT;
|
---|
| 2560 |
|
---|
| 2561 | lerr = SSL_get_verify_result(BACKEND->handle);
|
---|
| 2562 | if(lerr != X509_V_OK) {
|
---|
| 2563 | *certverifyresult = lerr;
|
---|
| 2564 | snprintf(error_buffer, sizeof(error_buffer),
|
---|
| 2565 | "SSL certificate problem: %s",
|
---|
| 2566 | X509_verify_cert_error_string(lerr));
|
---|
| 2567 | }
|
---|
| 2568 | else
|
---|
| 2569 | /* strcpy() is fine here as long as the string fits within
|
---|
| 2570 | error_buffer */
|
---|
| 2571 | strcpy(error_buffer, "SSL certificate verification failed");
|
---|
| 2572 | }
|
---|
| 2573 | else {
|
---|
| 2574 | result = CURLE_SSL_CONNECT_ERROR;
|
---|
| 2575 | ossl_strerror(errdetail, error_buffer, sizeof(error_buffer));
|
---|
| 2576 | }
|
---|
| 2577 |
|
---|
| 2578 | /* detail is already set to the SSL error above */
|
---|
| 2579 |
|
---|
| 2580 | /* If we e.g. use SSLv2 request-method and the server doesn't like us
|
---|
| 2581 | * (RST connection etc.), OpenSSL gives no explanation whatsoever and
|
---|
| 2582 | * the SO_ERROR is also lost.
|
---|
| 2583 | */
|
---|
| 2584 | if(CURLE_SSL_CONNECT_ERROR == result && errdetail == 0) {
|
---|
| 2585 | const char * const hostname = SSL_IS_PROXY() ?
|
---|
| 2586 | conn->http_proxy.host.name : conn->host.name;
|
---|
| 2587 | const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port;
|
---|
| 2588 | failf(data, OSSL_PACKAGE " SSL_connect: %s in connection to %s:%ld ",
|
---|
| 2589 | SSL_ERROR_to_str(detail), hostname, port);
|
---|
| 2590 | return result;
|
---|
| 2591 | }
|
---|
| 2592 |
|
---|
| 2593 | /* Could be a CERT problem */
|
---|
| 2594 | failf(data, "%s", error_buffer);
|
---|
| 2595 |
|
---|
| 2596 | return result;
|
---|
| 2597 | }
|
---|
| 2598 | }
|
---|
| 2599 | else {
|
---|
| 2600 | /* we have been connected fine, we're not waiting for anything else. */
|
---|
| 2601 | connssl->connecting_state = ssl_connect_3;
|
---|
| 2602 |
|
---|
| 2603 | /* Informational message */
|
---|
| 2604 | infof(data, "SSL connection using %s / %s\n",
|
---|
| 2605 | get_ssl_version_txt(BACKEND->handle),
|
---|
| 2606 | SSL_get_cipher(BACKEND->handle));
|
---|
| 2607 |
|
---|
| 2608 | #ifdef HAS_ALPN
|
---|
| 2609 | /* Sets data and len to negotiated protocol, len is 0 if no protocol was
|
---|
| 2610 | * negotiated
|
---|
| 2611 | */
|
---|
| 2612 | if(conn->bits.tls_enable_alpn) {
|
---|
| 2613 | const unsigned char *neg_protocol;
|
---|
| 2614 | unsigned int len;
|
---|
| 2615 | SSL_get0_alpn_selected(BACKEND->handle, &neg_protocol, &len);
|
---|
| 2616 | if(len != 0) {
|
---|
| 2617 | infof(data, "ALPN, server accepted to use %.*s\n", len, neg_protocol);
|
---|
| 2618 |
|
---|
| 2619 | #ifdef USE_NGHTTP2
|
---|
| 2620 | if(len == NGHTTP2_PROTO_VERSION_ID_LEN &&
|
---|
| 2621 | !memcmp(NGHTTP2_PROTO_VERSION_ID, neg_protocol, len)) {
|
---|
| 2622 | conn->negnpn = CURL_HTTP_VERSION_2;
|
---|
| 2623 | }
|
---|
| 2624 | else
|
---|
| 2625 | #endif
|
---|
| 2626 | if(len == ALPN_HTTP_1_1_LENGTH &&
|
---|
| 2627 | !memcmp(ALPN_HTTP_1_1, neg_protocol, ALPN_HTTP_1_1_LENGTH)) {
|
---|
| 2628 | conn->negnpn = CURL_HTTP_VERSION_1_1;
|
---|
| 2629 | }
|
---|
| 2630 | }
|
---|
| 2631 | else
|
---|
| 2632 | infof(data, "ALPN, server did not agree to a protocol\n");
|
---|
| 2633 | }
|
---|
| 2634 | #endif
|
---|
| 2635 |
|
---|
| 2636 | return CURLE_OK;
|
---|
| 2637 | }
|
---|
| 2638 | }
|
---|
| 2639 |
|
---|
| 2640 | static int asn1_object_dump(ASN1_OBJECT *a, char *buf, size_t len)
|
---|
| 2641 | {
|
---|
| 2642 | int i, ilen;
|
---|
| 2643 |
|
---|
| 2644 | ilen = (int)len;
|
---|
| 2645 | if(ilen < 0)
|
---|
| 2646 | return 1; /* buffer too big */
|
---|
| 2647 |
|
---|
| 2648 | i = i2t_ASN1_OBJECT(buf, ilen, a);
|
---|
| 2649 |
|
---|
| 2650 | if(i >= ilen)
|
---|
| 2651 | return 1; /* buffer too small */
|
---|
| 2652 |
|
---|
| 2653 | return 0;
|
---|
| 2654 | }
|
---|
| 2655 |
|
---|
| 2656 | #define push_certinfo(_label, _num) \
|
---|
| 2657 | do { \
|
---|
| 2658 | long info_len = BIO_get_mem_data(mem, &ptr); \
|
---|
| 2659 | Curl_ssl_push_certinfo_len(data, _num, _label, ptr, info_len); \
|
---|
| 2660 | if(1 != BIO_reset(mem)) \
|
---|
| 2661 | break; \
|
---|
| 2662 | } WHILE_FALSE
|
---|
| 2663 |
|
---|
| 2664 | static void pubkey_show(struct Curl_easy *data,
|
---|
| 2665 | BIO *mem,
|
---|
| 2666 | int num,
|
---|
| 2667 | const char *type,
|
---|
| 2668 | const char *name,
|
---|
| 2669 | #ifdef HAVE_OPAQUE_RSA_DSA_DH
|
---|
| 2670 | const
|
---|
| 2671 | #endif
|
---|
| 2672 | BIGNUM *bn)
|
---|
| 2673 | {
|
---|
| 2674 | char *ptr;
|
---|
| 2675 | char namebuf[32];
|
---|
| 2676 |
|
---|
| 2677 | snprintf(namebuf, sizeof(namebuf), "%s(%s)", type, name);
|
---|
| 2678 |
|
---|
| 2679 | if(bn)
|
---|
| 2680 | BN_print(mem, bn);
|
---|
| 2681 | push_certinfo(namebuf, num);
|
---|
| 2682 | }
|
---|
| 2683 |
|
---|
| 2684 | #ifdef HAVE_OPAQUE_RSA_DSA_DH
|
---|
| 2685 | #define print_pubkey_BN(_type, _name, _num) \
|
---|
| 2686 | pubkey_show(data, mem, _num, #_type, #_name, _name)
|
---|
| 2687 |
|
---|
| 2688 | #else
|
---|
| 2689 | #define print_pubkey_BN(_type, _name, _num) \
|
---|
| 2690 | do { \
|
---|
| 2691 | if(_type->_name) { \
|
---|
| 2692 | pubkey_show(data, mem, _num, #_type, #_name, _type->_name); \
|
---|
| 2693 | } \
|
---|
| 2694 | } WHILE_FALSE
|
---|
| 2695 | #endif
|
---|
| 2696 |
|
---|
| 2697 | static int X509V3_ext(struct Curl_easy *data,
|
---|
| 2698 | int certnum,
|
---|
| 2699 | CONST_EXTS STACK_OF(X509_EXTENSION) *exts)
|
---|
| 2700 | {
|
---|
| 2701 | int i;
|
---|
| 2702 | size_t j;
|
---|
| 2703 |
|
---|
| 2704 | if((int)sk_X509_EXTENSION_num(exts) <= 0)
|
---|
| 2705 | /* no extensions, bail out */
|
---|
| 2706 | return 1;
|
---|
| 2707 |
|
---|
| 2708 | for(i = 0; i < (int)sk_X509_EXTENSION_num(exts); i++) {
|
---|
| 2709 | ASN1_OBJECT *obj;
|
---|
| 2710 | X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
|
---|
| 2711 | BUF_MEM *biomem;
|
---|
| 2712 | char buf[512];
|
---|
| 2713 | char *ptr = buf;
|
---|
| 2714 | char namebuf[128];
|
---|
| 2715 | BIO *bio_out = BIO_new(BIO_s_mem());
|
---|
| 2716 |
|
---|
| 2717 | if(!bio_out)
|
---|
| 2718 | return 1;
|
---|
| 2719 |
|
---|
| 2720 | obj = X509_EXTENSION_get_object(ext);
|
---|
| 2721 |
|
---|
| 2722 | asn1_object_dump(obj, namebuf, sizeof(namebuf));
|
---|
| 2723 |
|
---|
| 2724 | if(!X509V3_EXT_print(bio_out, ext, 0, 0))
|
---|
| 2725 | ASN1_STRING_print(bio_out, (ASN1_STRING *)X509_EXTENSION_get_data(ext));
|
---|
| 2726 |
|
---|
| 2727 | BIO_get_mem_ptr(bio_out, &biomem);
|
---|
| 2728 |
|
---|
| 2729 | for(j = 0; j < (size_t)biomem->length; j++) {
|
---|
| 2730 | const char *sep = "";
|
---|
| 2731 | if(biomem->data[j] == '\n') {
|
---|
| 2732 | sep = ", ";
|
---|
| 2733 | j++; /* skip the newline */
|
---|
| 2734 | };
|
---|
| 2735 | while((j<(size_t)biomem->length) && (biomem->data[j] == ' '))
|
---|
| 2736 | j++;
|
---|
| 2737 | if(j<(size_t)biomem->length)
|
---|
| 2738 | ptr += snprintf(ptr, sizeof(buf)-(ptr-buf), "%s%c", sep,
|
---|
| 2739 | biomem->data[j]);
|
---|
| 2740 | }
|
---|
| 2741 |
|
---|
| 2742 | Curl_ssl_push_certinfo(data, certnum, namebuf, buf);
|
---|
| 2743 |
|
---|
| 2744 | BIO_free(bio_out);
|
---|
| 2745 |
|
---|
| 2746 | }
|
---|
| 2747 | return 0; /* all is fine */
|
---|
| 2748 | }
|
---|
| 2749 |
|
---|
| 2750 | static CURLcode get_cert_chain(struct connectdata *conn,
|
---|
| 2751 | struct ssl_connect_data *connssl)
|
---|
| 2752 |
|
---|
| 2753 | {
|
---|
| 2754 | CURLcode result;
|
---|
| 2755 | STACK_OF(X509) *sk;
|
---|
| 2756 | int i;
|
---|
| 2757 | struct Curl_easy *data = conn->data;
|
---|
| 2758 | int numcerts;
|
---|
| 2759 | BIO *mem;
|
---|
| 2760 |
|
---|
| 2761 | sk = SSL_get_peer_cert_chain(BACKEND->handle);
|
---|
| 2762 | if(!sk) {
|
---|
| 2763 | return CURLE_OUT_OF_MEMORY;
|
---|
| 2764 | }
|
---|
| 2765 |
|
---|
| 2766 | numcerts = sk_X509_num(sk);
|
---|
| 2767 |
|
---|
| 2768 | result = Curl_ssl_init_certinfo(data, numcerts);
|
---|
| 2769 | if(result) {
|
---|
| 2770 | return result;
|
---|
| 2771 | }
|
---|
| 2772 |
|
---|
| 2773 | mem = BIO_new(BIO_s_mem());
|
---|
| 2774 |
|
---|
| 2775 | for(i = 0; i < numcerts; i++) {
|
---|
| 2776 | ASN1_INTEGER *num;
|
---|
| 2777 | X509 *x = sk_X509_value(sk, i);
|
---|
| 2778 | EVP_PKEY *pubkey = NULL;
|
---|
| 2779 | int j;
|
---|
| 2780 | char *ptr;
|
---|
| 2781 | const ASN1_BIT_STRING *psig = NULL;
|
---|
| 2782 |
|
---|
| 2783 | X509_NAME_print_ex(mem, X509_get_subject_name(x), 0, XN_FLAG_ONELINE);
|
---|
| 2784 | push_certinfo("Subject", i);
|
---|
| 2785 |
|
---|
| 2786 | X509_NAME_print_ex(mem, X509_get_issuer_name(x), 0, XN_FLAG_ONELINE);
|
---|
| 2787 | push_certinfo("Issuer", i);
|
---|
| 2788 |
|
---|
| 2789 | BIO_printf(mem, "%lx", X509_get_version(x));
|
---|
| 2790 | push_certinfo("Version", i);
|
---|
| 2791 |
|
---|
| 2792 | num = X509_get_serialNumber(x);
|
---|
| 2793 | if(num->type == V_ASN1_NEG_INTEGER)
|
---|
| 2794 | BIO_puts(mem, "-");
|
---|
| 2795 | for(j = 0; j < num->length; j++)
|
---|
| 2796 | BIO_printf(mem, "%02x", num->data[j]);
|
---|
| 2797 | push_certinfo("Serial Number", i);
|
---|
| 2798 |
|
---|
| 2799 | #if defined(HAVE_X509_GET0_SIGNATURE) && defined(HAVE_X509_GET0_EXTENSIONS)
|
---|
| 2800 | {
|
---|
| 2801 | const X509_ALGOR *palg = NULL;
|
---|
| 2802 | ASN1_STRING *a = ASN1_STRING_new();
|
---|
| 2803 | if(a) {
|
---|
| 2804 | X509_get0_signature(&psig, &palg, x);
|
---|
| 2805 | X509_signature_print(mem, palg, a);
|
---|
| 2806 | ASN1_STRING_free(a);
|
---|
| 2807 |
|
---|
| 2808 | if(palg) {
|
---|
| 2809 | i2a_ASN1_OBJECT(mem, palg->algorithm);
|
---|
| 2810 | push_certinfo("Public Key Algorithm", i);
|
---|
| 2811 | }
|
---|
| 2812 | }
|
---|
| 2813 | X509V3_ext(data, i, X509_get0_extensions(x));
|
---|
| 2814 | }
|
---|
| 2815 | #else
|
---|
| 2816 | {
|
---|
| 2817 | /* before OpenSSL 1.0.2 */
|
---|
| 2818 | X509_CINF *cinf = x->cert_info;
|
---|
| 2819 |
|
---|
| 2820 | i2a_ASN1_OBJECT(mem, cinf->signature->algorithm);
|
---|
| 2821 | push_certinfo("Signature Algorithm", i);
|
---|
| 2822 |
|
---|
| 2823 | i2a_ASN1_OBJECT(mem, cinf->key->algor->algorithm);
|
---|
| 2824 | push_certinfo("Public Key Algorithm", i);
|
---|
| 2825 |
|
---|
| 2826 | X509V3_ext(data, i, cinf->extensions);
|
---|
| 2827 |
|
---|
| 2828 | psig = x->signature;
|
---|
| 2829 | }
|
---|
| 2830 | #endif
|
---|
| 2831 |
|
---|
| 2832 | ASN1_TIME_print(mem, X509_get0_notBefore(x));
|
---|
| 2833 | push_certinfo("Start date", i);
|
---|
| 2834 |
|
---|
| 2835 | ASN1_TIME_print(mem, X509_get0_notAfter(x));
|
---|
| 2836 | push_certinfo("Expire date", i);
|
---|
| 2837 |
|
---|
| 2838 | pubkey = X509_get_pubkey(x);
|
---|
| 2839 | if(!pubkey)
|
---|
| 2840 | infof(data, " Unable to load public key\n");
|
---|
| 2841 | else {
|
---|
| 2842 | int pktype;
|
---|
| 2843 | #ifdef HAVE_OPAQUE_EVP_PKEY
|
---|
| 2844 | pktype = EVP_PKEY_id(pubkey);
|
---|
| 2845 | #else
|
---|
| 2846 | pktype = pubkey->type;
|
---|
| 2847 | #endif
|
---|
| 2848 | switch(pktype) {
|
---|
| 2849 | case EVP_PKEY_RSA:
|
---|
| 2850 | {
|
---|
| 2851 | RSA *rsa;
|
---|
| 2852 | #ifdef HAVE_OPAQUE_EVP_PKEY
|
---|
| 2853 | rsa = EVP_PKEY_get0_RSA(pubkey);
|
---|
| 2854 | #else
|
---|
| 2855 | rsa = pubkey->pkey.rsa;
|
---|
| 2856 | #endif
|
---|
| 2857 |
|
---|
| 2858 | #ifdef HAVE_OPAQUE_RSA_DSA_DH
|
---|
| 2859 | {
|
---|
| 2860 | const BIGNUM *n;
|
---|
| 2861 | const BIGNUM *e;
|
---|
| 2862 |
|
---|
| 2863 | RSA_get0_key(rsa, &n, &e, NULL);
|
---|
| 2864 | BN_print(mem, n);
|
---|
| 2865 | push_certinfo("RSA Public Key", i);
|
---|
| 2866 | print_pubkey_BN(rsa, n, i);
|
---|
| 2867 | print_pubkey_BN(rsa, e, i);
|
---|
| 2868 | }
|
---|
| 2869 | #else
|
---|
| 2870 | BIO_printf(mem, "%d", BN_num_bits(rsa->n));
|
---|
| 2871 | push_certinfo("RSA Public Key", i);
|
---|
| 2872 | print_pubkey_BN(rsa, n, i);
|
---|
| 2873 | print_pubkey_BN(rsa, e, i);
|
---|
| 2874 | #endif
|
---|
| 2875 |
|
---|
| 2876 | break;
|
---|
| 2877 | }
|
---|
| 2878 | case EVP_PKEY_DSA:
|
---|
| 2879 | {
|
---|
| 2880 | #ifndef OPENSSL_NO_DSA
|
---|
| 2881 | DSA *dsa;
|
---|
| 2882 | #ifdef HAVE_OPAQUE_EVP_PKEY
|
---|
| 2883 | dsa = EVP_PKEY_get0_DSA(pubkey);
|
---|
| 2884 | #else
|
---|
| 2885 | dsa = pubkey->pkey.dsa;
|
---|
| 2886 | #endif
|
---|
| 2887 | #ifdef HAVE_OPAQUE_RSA_DSA_DH
|
---|
| 2888 | {
|
---|
| 2889 | const BIGNUM *p;
|
---|
| 2890 | const BIGNUM *q;
|
---|
| 2891 | const BIGNUM *g;
|
---|
| 2892 | const BIGNUM *pub_key;
|
---|
| 2893 |
|
---|
| 2894 | DSA_get0_pqg(dsa, &p, &q, &g);
|
---|
| 2895 | DSA_get0_key(dsa, &pub_key, NULL);
|
---|
| 2896 |
|
---|
| 2897 | print_pubkey_BN(dsa, p, i);
|
---|
| 2898 | print_pubkey_BN(dsa, q, i);
|
---|
| 2899 | print_pubkey_BN(dsa, g, i);
|
---|
| 2900 | print_pubkey_BN(dsa, pub_key, i);
|
---|
| 2901 | }
|
---|
| 2902 | #else
|
---|
| 2903 | print_pubkey_BN(dsa, p, i);
|
---|
| 2904 | print_pubkey_BN(dsa, q, i);
|
---|
| 2905 | print_pubkey_BN(dsa, g, i);
|
---|
| 2906 | print_pubkey_BN(dsa, pub_key, i);
|
---|
| 2907 | #endif
|
---|
| 2908 | #endif /* !OPENSSL_NO_DSA */
|
---|
| 2909 | break;
|
---|
| 2910 | }
|
---|
| 2911 | case EVP_PKEY_DH:
|
---|
| 2912 | {
|
---|
| 2913 | DH *dh;
|
---|
| 2914 | #ifdef HAVE_OPAQUE_EVP_PKEY
|
---|
| 2915 | dh = EVP_PKEY_get0_DH(pubkey);
|
---|
| 2916 | #else
|
---|
| 2917 | dh = pubkey->pkey.dh;
|
---|
| 2918 | #endif
|
---|
| 2919 | #ifdef HAVE_OPAQUE_RSA_DSA_DH
|
---|
| 2920 | {
|
---|
| 2921 | const BIGNUM *p;
|
---|
| 2922 | const BIGNUM *q;
|
---|
| 2923 | const BIGNUM *g;
|
---|
| 2924 | const BIGNUM *pub_key;
|
---|
| 2925 | DH_get0_pqg(dh, &p, &q, &g);
|
---|
| 2926 | DH_get0_key(dh, &pub_key, NULL);
|
---|
| 2927 | print_pubkey_BN(dh, p, i);
|
---|
| 2928 | print_pubkey_BN(dh, q, i);
|
---|
| 2929 | print_pubkey_BN(dh, g, i);
|
---|
| 2930 | print_pubkey_BN(dh, pub_key, i);
|
---|
| 2931 | }
|
---|
| 2932 | #else
|
---|
| 2933 | print_pubkey_BN(dh, p, i);
|
---|
| 2934 | print_pubkey_BN(dh, g, i);
|
---|
| 2935 | print_pubkey_BN(dh, pub_key, i);
|
---|
| 2936 | #endif
|
---|
| 2937 | break;
|
---|
| 2938 | }
|
---|
| 2939 | #if 0
|
---|
| 2940 | case EVP_PKEY_EC: /* symbol not present in OpenSSL 0.9.6 */
|
---|
| 2941 | /* left TODO */
|
---|
| 2942 | break;
|
---|
| 2943 | #endif
|
---|
| 2944 | }
|
---|
| 2945 | EVP_PKEY_free(pubkey);
|
---|
| 2946 | }
|
---|
| 2947 |
|
---|
| 2948 | if(psig) {
|
---|
| 2949 | for(j = 0; j < psig->length; j++)
|
---|
| 2950 | BIO_printf(mem, "%02x:", psig->data[j]);
|
---|
| 2951 | push_certinfo("Signature", i);
|
---|
| 2952 | }
|
---|
| 2953 |
|
---|
| 2954 | PEM_write_bio_X509(mem, x);
|
---|
| 2955 | push_certinfo("Cert", i);
|
---|
| 2956 | }
|
---|
| 2957 |
|
---|
| 2958 | BIO_free(mem);
|
---|
| 2959 |
|
---|
| 2960 | return CURLE_OK;
|
---|
| 2961 | }
|
---|
| 2962 |
|
---|
| 2963 | /*
|
---|
| 2964 | * Heavily modified from:
|
---|
| 2965 | * https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning#OpenSSL
|
---|
| 2966 | */
|
---|
| 2967 | static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, X509* cert,
|
---|
| 2968 | const char *pinnedpubkey)
|
---|
| 2969 | {
|
---|
| 2970 | /* Scratch */
|
---|
| 2971 | int len1 = 0, len2 = 0;
|
---|
| 2972 | unsigned char *buff1 = NULL, *temp = NULL;
|
---|
| 2973 |
|
---|
| 2974 | /* Result is returned to caller */
|
---|
| 2975 | CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
|
---|
| 2976 |
|
---|
| 2977 | /* if a path wasn't specified, don't pin */
|
---|
| 2978 | if(!pinnedpubkey)
|
---|
| 2979 | return CURLE_OK;
|
---|
| 2980 |
|
---|
| 2981 | if(!cert)
|
---|
| 2982 | return result;
|
---|
| 2983 |
|
---|
| 2984 | do {
|
---|
| 2985 | /* Begin Gyrations to get the subjectPublicKeyInfo */
|
---|
| 2986 | /* Thanks to Viktor Dukhovni on the OpenSSL mailing list */
|
---|
| 2987 |
|
---|
| 2988 | /* https://groups.google.com/group/mailing.openssl.users/browse_thread
|
---|
| 2989 | /thread/d61858dae102c6c7 */
|
---|
| 2990 | len1 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), NULL);
|
---|
| 2991 | if(len1 < 1)
|
---|
| 2992 | break; /* failed */
|
---|
| 2993 |
|
---|
| 2994 | /* https://www.openssl.org/docs/crypto/buffer.html */
|
---|
| 2995 | buff1 = temp = malloc(len1);
|
---|
| 2996 | if(!buff1)
|
---|
| 2997 | break; /* failed */
|
---|
| 2998 |
|
---|
| 2999 | /* https://www.openssl.org/docs/crypto/d2i_X509.html */
|
---|
| 3000 | len2 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &temp);
|
---|
| 3001 |
|
---|
| 3002 | /*
|
---|
| 3003 | * These checks are verifying we got back the same values as when we
|
---|
| 3004 | * sized the buffer. It's pretty weak since they should always be the
|
---|
| 3005 | * same. But it gives us something to test.
|
---|
| 3006 | */
|
---|
| 3007 | if((len1 != len2) || !temp || ((temp - buff1) != len1))
|
---|
| 3008 | break; /* failed */
|
---|
| 3009 |
|
---|
| 3010 | /* End Gyrations */
|
---|
| 3011 |
|
---|
| 3012 | /* The one good exit point */
|
---|
| 3013 | result = Curl_pin_peer_pubkey(data, pinnedpubkey, buff1, len1);
|
---|
| 3014 | } while(0);
|
---|
| 3015 |
|
---|
| 3016 | /* https://www.openssl.org/docs/crypto/buffer.html */
|
---|
| 3017 | if(buff1)
|
---|
| 3018 | free(buff1);
|
---|
| 3019 |
|
---|
| 3020 | return result;
|
---|
| 3021 | }
|
---|
| 3022 |
|
---|
| 3023 | /*
|
---|
| 3024 | * Get the server cert, verify it and show it etc, only call failf() if the
|
---|
| 3025 | * 'strict' argument is TRUE as otherwise all this is for informational
|
---|
| 3026 | * purposes only!
|
---|
| 3027 | *
|
---|
| 3028 | * We check certificates to authenticate the server; otherwise we risk
|
---|
| 3029 | * man-in-the-middle attack.
|
---|
| 3030 | */
|
---|
| 3031 | static CURLcode servercert(struct connectdata *conn,
|
---|
| 3032 | struct ssl_connect_data *connssl,
|
---|
| 3033 | bool strict)
|
---|
| 3034 | {
|
---|
| 3035 | CURLcode result = CURLE_OK;
|
---|
| 3036 | int rc;
|
---|
| 3037 | long lerr, len;
|
---|
| 3038 | struct Curl_easy *data = conn->data;
|
---|
| 3039 | X509 *issuer;
|
---|
| 3040 | FILE *fp;
|
---|
| 3041 | char buffer[2048];
|
---|
| 3042 | const char *ptr;
|
---|
| 3043 | long * const certverifyresult = SSL_IS_PROXY() ?
|
---|
| 3044 | &data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult;
|
---|
| 3045 | BIO *mem = BIO_new(BIO_s_mem());
|
---|
| 3046 |
|
---|
| 3047 | if(data->set.ssl.certinfo)
|
---|
| 3048 | /* we've been asked to gather certificate info! */
|
---|
| 3049 | (void)get_cert_chain(conn, connssl);
|
---|
| 3050 |
|
---|
| 3051 | BACKEND->server_cert = SSL_get_peer_certificate(BACKEND->handle);
|
---|
| 3052 | if(!BACKEND->server_cert) {
|
---|
| 3053 | BIO_free(mem);
|
---|
| 3054 | if(!strict)
|
---|
| 3055 | return CURLE_OK;
|
---|
| 3056 |
|
---|
| 3057 | failf(data, "SSL: couldn't get peer certificate!");
|
---|
| 3058 | return CURLE_PEER_FAILED_VERIFICATION;
|
---|
| 3059 | }
|
---|
| 3060 |
|
---|
| 3061 | infof(data, "%s certificate:\n", SSL_IS_PROXY() ? "Proxy" : "Server");
|
---|
| 3062 |
|
---|
| 3063 | rc = x509_name_oneline(X509_get_subject_name(BACKEND->server_cert),
|
---|
| 3064 | buffer, sizeof(buffer));
|
---|
| 3065 | infof(data, " subject: %s\n", rc?"[NONE]":buffer);
|
---|
| 3066 |
|
---|
| 3067 | ASN1_TIME_print(mem, X509_get0_notBefore(BACKEND->server_cert));
|
---|
| 3068 | len = BIO_get_mem_data(mem, (char **) &ptr);
|
---|
| 3069 | infof(data, " start date: %.*s\n", len, ptr);
|
---|
| 3070 | (void)BIO_reset(mem);
|
---|
| 3071 |
|
---|
| 3072 | ASN1_TIME_print(mem, X509_get0_notAfter(BACKEND->server_cert));
|
---|
| 3073 | len = BIO_get_mem_data(mem, (char **) &ptr);
|
---|
| 3074 | infof(data, " expire date: %.*s\n", len, ptr);
|
---|
| 3075 | (void)BIO_reset(mem);
|
---|
| 3076 |
|
---|
| 3077 | BIO_free(mem);
|
---|
| 3078 |
|
---|
| 3079 | if(SSL_CONN_CONFIG(verifyhost)) {
|
---|
| 3080 | result = verifyhost(conn, BACKEND->server_cert);
|
---|
| 3081 | if(result) {
|
---|
| 3082 | X509_free(BACKEND->server_cert);
|
---|
| 3083 | BACKEND->server_cert = NULL;
|
---|
| 3084 | return result;
|
---|
| 3085 | }
|
---|
| 3086 | }
|
---|
| 3087 |
|
---|
| 3088 | rc = x509_name_oneline(X509_get_issuer_name(BACKEND->server_cert),
|
---|
| 3089 | buffer, sizeof(buffer));
|
---|
| 3090 | if(rc) {
|
---|
| 3091 | if(strict)
|
---|
| 3092 | failf(data, "SSL: couldn't get X509-issuer name!");
|
---|
| 3093 | result = CURLE_SSL_CONNECT_ERROR;
|
---|
| 3094 | }
|
---|
| 3095 | else {
|
---|
| 3096 | infof(data, " issuer: %s\n", buffer);
|
---|
| 3097 |
|
---|
| 3098 | /* We could do all sorts of certificate verification stuff here before
|
---|
| 3099 | deallocating the certificate. */
|
---|
| 3100 |
|
---|
| 3101 | /* e.g. match issuer name with provided issuer certificate */
|
---|
| 3102 | if(SSL_SET_OPTION(issuercert)) {
|
---|
| 3103 | fp = fopen(SSL_SET_OPTION(issuercert), FOPEN_READTEXT);
|
---|
| 3104 | if(!fp) {
|
---|
| 3105 | if(strict)
|
---|
| 3106 | failf(data, "SSL: Unable to open issuer cert (%s)",
|
---|
| 3107 | SSL_SET_OPTION(issuercert));
|
---|
| 3108 | X509_free(BACKEND->server_cert);
|
---|
| 3109 | BACKEND->server_cert = NULL;
|
---|
| 3110 | return CURLE_SSL_ISSUER_ERROR;
|
---|
| 3111 | }
|
---|
| 3112 |
|
---|
| 3113 | issuer = PEM_read_X509(fp, NULL, ZERO_NULL, NULL);
|
---|
| 3114 | if(!issuer) {
|
---|
| 3115 | if(strict)
|
---|
| 3116 | failf(data, "SSL: Unable to read issuer cert (%s)",
|
---|
| 3117 | SSL_SET_OPTION(issuercert));
|
---|
| 3118 | X509_free(BACKEND->server_cert);
|
---|
| 3119 | X509_free(issuer);
|
---|
| 3120 | fclose(fp);
|
---|
| 3121 | return CURLE_SSL_ISSUER_ERROR;
|
---|
| 3122 | }
|
---|
| 3123 |
|
---|
| 3124 | fclose(fp);
|
---|
| 3125 |
|
---|
| 3126 | if(X509_check_issued(issuer, BACKEND->server_cert) != X509_V_OK) {
|
---|
| 3127 | if(strict)
|
---|
| 3128 | failf(data, "SSL: Certificate issuer check failed (%s)",
|
---|
| 3129 | SSL_SET_OPTION(issuercert));
|
---|
| 3130 | X509_free(BACKEND->server_cert);
|
---|
| 3131 | X509_free(issuer);
|
---|
| 3132 | BACKEND->server_cert = NULL;
|
---|
| 3133 | return CURLE_SSL_ISSUER_ERROR;
|
---|
| 3134 | }
|
---|
| 3135 |
|
---|
| 3136 | infof(data, " SSL certificate issuer check ok (%s)\n",
|
---|
| 3137 | SSL_SET_OPTION(issuercert));
|
---|
| 3138 | X509_free(issuer);
|
---|
| 3139 | }
|
---|
| 3140 |
|
---|
| 3141 | lerr = *certverifyresult = SSL_get_verify_result(BACKEND->handle);
|
---|
| 3142 |
|
---|
| 3143 | if(*certverifyresult != X509_V_OK) {
|
---|
| 3144 | if(SSL_CONN_CONFIG(verifypeer)) {
|
---|
| 3145 | /* We probably never reach this, because SSL_connect() will fail
|
---|
| 3146 | and we return earlier if verifypeer is set? */
|
---|
| 3147 | if(strict)
|
---|
| 3148 | failf(data, "SSL certificate verify result: %s (%ld)",
|
---|
| 3149 | X509_verify_cert_error_string(lerr), lerr);
|
---|
| 3150 | result = CURLE_PEER_FAILED_VERIFICATION;
|
---|
| 3151 | }
|
---|
| 3152 | else
|
---|
| 3153 | infof(data, " SSL certificate verify result: %s (%ld),"
|
---|
| 3154 | " continuing anyway.\n",
|
---|
| 3155 | X509_verify_cert_error_string(lerr), lerr);
|
---|
| 3156 | }
|
---|
| 3157 | else
|
---|
| 3158 | infof(data, " SSL certificate verify ok.\n");
|
---|
| 3159 | }
|
---|
| 3160 |
|
---|
| 3161 | #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
|
---|
| 3162 | !defined(OPENSSL_NO_OCSP)
|
---|
| 3163 | if(SSL_CONN_CONFIG(verifystatus)) {
|
---|
| 3164 | result = verifystatus(conn, connssl);
|
---|
| 3165 | if(result) {
|
---|
| 3166 | X509_free(BACKEND->server_cert);
|
---|
| 3167 | BACKEND->server_cert = NULL;
|
---|
| 3168 | return result;
|
---|
| 3169 | }
|
---|
| 3170 | }
|
---|
| 3171 | #endif
|
---|
| 3172 |
|
---|
| 3173 | if(!strict)
|
---|
| 3174 | /* when not strict, we don't bother about the verify cert problems */
|
---|
| 3175 | result = CURLE_OK;
|
---|
| 3176 |
|
---|
| 3177 | ptr = SSL_IS_PROXY() ? data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
|
---|
| 3178 | data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
|
---|
| 3179 | if(!result && ptr) {
|
---|
| 3180 | result = pkp_pin_peer_pubkey(data, BACKEND->server_cert, ptr);
|
---|
| 3181 | if(result)
|
---|
| 3182 | failf(data, "SSL: public key does not match pinned public key!");
|
---|
| 3183 | }
|
---|
| 3184 |
|
---|
| 3185 | X509_free(BACKEND->server_cert);
|
---|
| 3186 | BACKEND->server_cert = NULL;
|
---|
| 3187 | connssl->connecting_state = ssl_connect_done;
|
---|
| 3188 |
|
---|
| 3189 | return result;
|
---|
| 3190 | }
|
---|
| 3191 |
|
---|
| 3192 | static CURLcode ossl_connect_step3(struct connectdata *conn, int sockindex)
|
---|
| 3193 | {
|
---|
| 3194 | CURLcode result = CURLE_OK;
|
---|
| 3195 | struct Curl_easy *data = conn->data;
|
---|
| 3196 | struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
---|
| 3197 |
|
---|
| 3198 | DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
|
---|
| 3199 |
|
---|
| 3200 | if(SSL_SET_OPTION(primary.sessionid)) {
|
---|
| 3201 | bool incache;
|
---|
| 3202 | SSL_SESSION *our_ssl_sessionid;
|
---|
| 3203 | void *old_ssl_sessionid = NULL;
|
---|
| 3204 |
|
---|
| 3205 | our_ssl_sessionid = SSL_get1_session(BACKEND->handle);
|
---|
| 3206 |
|
---|
| 3207 | /* SSL_get1_session() will increment the reference count and the session
|
---|
| 3208 | will stay in memory until explicitly freed with SSL_SESSION_free(3),
|
---|
| 3209 | regardless of its state. */
|
---|
| 3210 |
|
---|
| 3211 | Curl_ssl_sessionid_lock(conn);
|
---|
| 3212 | incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL,
|
---|
| 3213 | sockindex));
|
---|
| 3214 | if(incache) {
|
---|
| 3215 | if(old_ssl_sessionid != our_ssl_sessionid) {
|
---|
| 3216 | infof(data, "old SSL session ID is stale, removing\n");
|
---|
| 3217 | Curl_ssl_delsessionid(conn, old_ssl_sessionid);
|
---|
| 3218 | incache = FALSE;
|
---|
| 3219 | }
|
---|
| 3220 | }
|
---|
| 3221 |
|
---|
| 3222 | if(!incache) {
|
---|
| 3223 | result = Curl_ssl_addsessionid(conn, our_ssl_sessionid,
|
---|
| 3224 | 0 /* unknown size */, sockindex);
|
---|
| 3225 | if(result) {
|
---|
| 3226 | Curl_ssl_sessionid_unlock(conn);
|
---|
| 3227 | failf(data, "failed to store ssl session");
|
---|
| 3228 | return result;
|
---|
| 3229 | }
|
---|
| 3230 | }
|
---|
| 3231 | else {
|
---|
| 3232 | /* Session was incache, so refcount already incremented earlier.
|
---|
| 3233 | * Avoid further increments with each SSL_get1_session() call.
|
---|
| 3234 | * This does not free the session as refcount remains > 0
|
---|
| 3235 | */
|
---|
| 3236 | SSL_SESSION_free(our_ssl_sessionid);
|
---|
| 3237 | }
|
---|
| 3238 | Curl_ssl_sessionid_unlock(conn);
|
---|
| 3239 | }
|
---|
| 3240 |
|
---|
| 3241 | /*
|
---|
| 3242 | * We check certificates to authenticate the server; otherwise we risk
|
---|
| 3243 | * man-in-the-middle attack; NEVERTHELESS, if we're told explicitly not to
|
---|
| 3244 | * verify the peer ignore faults and failures from the server cert
|
---|
| 3245 | * operations.
|
---|
| 3246 | */
|
---|
| 3247 |
|
---|
| 3248 | result = servercert(conn, connssl, (SSL_CONN_CONFIG(verifypeer) ||
|
---|
| 3249 | SSL_CONN_CONFIG(verifyhost)));
|
---|
| 3250 |
|
---|
| 3251 | if(!result)
|
---|
| 3252 | connssl->connecting_state = ssl_connect_done;
|
---|
| 3253 |
|
---|
| 3254 | return result;
|
---|
| 3255 | }
|
---|
| 3256 |
|
---|
| 3257 | static Curl_recv ossl_recv;
|
---|
| 3258 | static Curl_send ossl_send;
|
---|
| 3259 |
|
---|
| 3260 | static CURLcode ossl_connect_common(struct connectdata *conn,
|
---|
| 3261 | int sockindex,
|
---|
| 3262 | bool nonblocking,
|
---|
| 3263 | bool *done)
|
---|
| 3264 | {
|
---|
| 3265 | CURLcode result;
|
---|
| 3266 | struct Curl_easy *data = conn->data;
|
---|
| 3267 | struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
---|
| 3268 | curl_socket_t sockfd = conn->sock[sockindex];
|
---|
| 3269 | time_t timeout_ms;
|
---|
| 3270 | int what;
|
---|
| 3271 |
|
---|
| 3272 | /* check if the connection has already been established */
|
---|
| 3273 | if(ssl_connection_complete == connssl->state) {
|
---|
| 3274 | *done = TRUE;
|
---|
| 3275 | return CURLE_OK;
|
---|
| 3276 | }
|
---|
| 3277 |
|
---|
| 3278 | if(ssl_connect_1 == connssl->connecting_state) {
|
---|
| 3279 | /* Find out how much more time we're allowed */
|
---|
| 3280 | timeout_ms = Curl_timeleft(data, NULL, TRUE);
|
---|
| 3281 |
|
---|
| 3282 | if(timeout_ms < 0) {
|
---|
| 3283 | /* no need to continue if time already is up */
|
---|
| 3284 | failf(data, "SSL connection timeout");
|
---|
| 3285 | return CURLE_OPERATION_TIMEDOUT;
|
---|
| 3286 | }
|
---|
| 3287 |
|
---|
| 3288 | result = ossl_connect_step1(conn, sockindex);
|
---|
| 3289 | if(result)
|
---|
| 3290 | return result;
|
---|
| 3291 | }
|
---|
| 3292 |
|
---|
| 3293 | while(ssl_connect_2 == connssl->connecting_state ||
|
---|
| 3294 | ssl_connect_2_reading == connssl->connecting_state ||
|
---|
| 3295 | ssl_connect_2_writing == connssl->connecting_state) {
|
---|
| 3296 |
|
---|
| 3297 | /* check allowed time left */
|
---|
| 3298 | timeout_ms = Curl_timeleft(data, NULL, TRUE);
|
---|
| 3299 |
|
---|
| 3300 | if(timeout_ms < 0) {
|
---|
| 3301 | /* no need to continue if time already is up */
|
---|
| 3302 | failf(data, "SSL connection timeout");
|
---|
| 3303 | return CURLE_OPERATION_TIMEDOUT;
|
---|
| 3304 | }
|
---|
| 3305 |
|
---|
| 3306 | /* if ssl is expecting something, check if it's available. */
|
---|
| 3307 | if(connssl->connecting_state == ssl_connect_2_reading ||
|
---|
| 3308 | connssl->connecting_state == ssl_connect_2_writing) {
|
---|
| 3309 |
|
---|
| 3310 | curl_socket_t writefd = ssl_connect_2_writing ==
|
---|
| 3311 | connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
|
---|
| 3312 | curl_socket_t readfd = ssl_connect_2_reading ==
|
---|
| 3313 | connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
|
---|
| 3314 |
|
---|
| 3315 | what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd,
|
---|
| 3316 | nonblocking?0:timeout_ms);
|
---|
| 3317 | if(what < 0) {
|
---|
| 3318 | /* fatal error */
|
---|
| 3319 | failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
|
---|
| 3320 | return CURLE_SSL_CONNECT_ERROR;
|
---|
| 3321 | }
|
---|
| 3322 | if(0 == what) {
|
---|
| 3323 | if(nonblocking) {
|
---|
| 3324 | *done = FALSE;
|
---|
| 3325 | return CURLE_OK;
|
---|
| 3326 | }
|
---|
| 3327 | /* timeout */
|
---|
| 3328 | failf(data, "SSL connection timeout");
|
---|
| 3329 | return CURLE_OPERATION_TIMEDOUT;
|
---|
| 3330 | }
|
---|
| 3331 | /* socket is readable or writable */
|
---|
| 3332 | }
|
---|
| 3333 |
|
---|
| 3334 | /* Run transaction, and return to the caller if it failed or if this
|
---|
| 3335 | * connection is done nonblocking and this loop would execute again. This
|
---|
| 3336 | * permits the owner of a multi handle to abort a connection attempt
|
---|
| 3337 | * before step2 has completed while ensuring that a client using select()
|
---|
| 3338 | * or epoll() will always have a valid fdset to wait on.
|
---|
| 3339 | */
|
---|
| 3340 | result = ossl_connect_step2(conn, sockindex);
|
---|
| 3341 | if(result || (nonblocking &&
|
---|
| 3342 | (ssl_connect_2 == connssl->connecting_state ||
|
---|
| 3343 | ssl_connect_2_reading == connssl->connecting_state ||
|
---|
| 3344 | ssl_connect_2_writing == connssl->connecting_state)))
|
---|
| 3345 | return result;
|
---|
| 3346 |
|
---|
| 3347 | } /* repeat step2 until all transactions are done. */
|
---|
| 3348 |
|
---|
| 3349 | if(ssl_connect_3 == connssl->connecting_state) {
|
---|
| 3350 | result = ossl_connect_step3(conn, sockindex);
|
---|
| 3351 | if(result)
|
---|
| 3352 | return result;
|
---|
| 3353 | }
|
---|
| 3354 |
|
---|
| 3355 | if(ssl_connect_done == connssl->connecting_state) {
|
---|
| 3356 | connssl->state = ssl_connection_complete;
|
---|
| 3357 | conn->recv[sockindex] = ossl_recv;
|
---|
| 3358 | conn->send[sockindex] = ossl_send;
|
---|
| 3359 | *done = TRUE;
|
---|
| 3360 | }
|
---|
| 3361 | else
|
---|
| 3362 | *done = FALSE;
|
---|
| 3363 |
|
---|
| 3364 | /* Reset our connect state machine */
|
---|
| 3365 | connssl->connecting_state = ssl_connect_1;
|
---|
| 3366 |
|
---|
| 3367 | return CURLE_OK;
|
---|
| 3368 | }
|
---|
| 3369 |
|
---|
| 3370 | static CURLcode Curl_ossl_connect_nonblocking(struct connectdata *conn,
|
---|
| 3371 | int sockindex,
|
---|
| 3372 | bool *done)
|
---|
| 3373 | {
|
---|
| 3374 | return ossl_connect_common(conn, sockindex, TRUE, done);
|
---|
| 3375 | }
|
---|
| 3376 |
|
---|
| 3377 | static CURLcode Curl_ossl_connect(struct connectdata *conn, int sockindex)
|
---|
| 3378 | {
|
---|
| 3379 | CURLcode result;
|
---|
| 3380 | bool done = FALSE;
|
---|
| 3381 |
|
---|
| 3382 | result = ossl_connect_common(conn, sockindex, FALSE, &done);
|
---|
| 3383 | if(result)
|
---|
| 3384 | return result;
|
---|
| 3385 |
|
---|
| 3386 | DEBUGASSERT(done);
|
---|
| 3387 |
|
---|
| 3388 | return CURLE_OK;
|
---|
| 3389 | }
|
---|
| 3390 |
|
---|
| 3391 | static bool Curl_ossl_data_pending(const struct connectdata *conn,
|
---|
| 3392 | int connindex)
|
---|
| 3393 | {
|
---|
| 3394 | const struct ssl_connect_data *connssl = &conn->ssl[connindex];
|
---|
| 3395 | const struct ssl_connect_data *proxyssl = &conn->proxy_ssl[connindex];
|
---|
| 3396 | if(BACKEND->handle)
|
---|
| 3397 | /* SSL is in use */
|
---|
| 3398 | return (0 != SSL_pending(BACKEND->handle) ||
|
---|
| 3399 | (proxyssl->backend->handle &&
|
---|
| 3400 | 0 != SSL_pending(proxyssl->backend->handle))) ?
|
---|
| 3401 | TRUE : FALSE;
|
---|
| 3402 | return FALSE;
|
---|
| 3403 | }
|
---|
| 3404 |
|
---|
| 3405 | static size_t Curl_ossl_version(char *buffer, size_t size);
|
---|
| 3406 |
|
---|
| 3407 | static ssize_t ossl_send(struct connectdata *conn,
|
---|
| 3408 | int sockindex,
|
---|
| 3409 | const void *mem,
|
---|
| 3410 | size_t len,
|
---|
| 3411 | CURLcode *curlcode)
|
---|
| 3412 | {
|
---|
| 3413 | /* SSL_write() is said to return 'int' while write() and send() returns
|
---|
| 3414 | 'size_t' */
|
---|
| 3415 | int err;
|
---|
| 3416 | char error_buffer[256];
|
---|
| 3417 | unsigned long sslerror;
|
---|
| 3418 | int memlen;
|
---|
| 3419 | int rc;
|
---|
| 3420 | struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
---|
| 3421 |
|
---|
| 3422 | ERR_clear_error();
|
---|
| 3423 |
|
---|
| 3424 | memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len;
|
---|
| 3425 | rc = SSL_write(BACKEND->handle, mem, memlen);
|
---|
| 3426 |
|
---|
| 3427 | if(rc <= 0) {
|
---|
| 3428 | err = SSL_get_error(BACKEND->handle, rc);
|
---|
| 3429 |
|
---|
| 3430 | switch(err) {
|
---|
| 3431 | case SSL_ERROR_WANT_READ:
|
---|
| 3432 | case SSL_ERROR_WANT_WRITE:
|
---|
| 3433 | /* The operation did not complete; the same TLS/SSL I/O function
|
---|
| 3434 | should be called again later. This is basically an EWOULDBLOCK
|
---|
| 3435 | equivalent. */
|
---|
| 3436 | *curlcode = CURLE_AGAIN;
|
---|
| 3437 | return -1;
|
---|
| 3438 | case SSL_ERROR_SYSCALL:
|
---|
| 3439 | failf(conn->data, "SSL_write() returned SYSCALL, errno = %d",
|
---|
| 3440 | SOCKERRNO);
|
---|
| 3441 | *curlcode = CURLE_SEND_ERROR;
|
---|
| 3442 | return -1;
|
---|
| 3443 | case SSL_ERROR_SSL:
|
---|
| 3444 | /* A failure in the SSL library occurred, usually a protocol error.
|
---|
| 3445 | The OpenSSL error queue contains more information on the error. */
|
---|
| 3446 | sslerror = ERR_get_error();
|
---|
| 3447 | if(ERR_GET_LIB(sslerror) == ERR_LIB_SSL &&
|
---|
| 3448 | ERR_GET_REASON(sslerror) == SSL_R_BIO_NOT_SET &&
|
---|
| 3449 | conn->ssl[sockindex].state == ssl_connection_complete &&
|
---|
| 3450 | conn->proxy_ssl[sockindex].state == ssl_connection_complete) {
|
---|
| 3451 | char ver[120];
|
---|
| 3452 | Curl_ossl_version(ver, 120);
|
---|
| 3453 | failf(conn->data, "Error: %s does not support double SSL tunneling.",
|
---|
| 3454 | ver);
|
---|
| 3455 | }
|
---|
| 3456 | else
|
---|
| 3457 | failf(conn->data, "SSL_write() error: %s",
|
---|
| 3458 | ossl_strerror(sslerror, error_buffer, sizeof(error_buffer)));
|
---|
| 3459 | *curlcode = CURLE_SEND_ERROR;
|
---|
| 3460 | return -1;
|
---|
| 3461 | }
|
---|
| 3462 | /* a true error */
|
---|
| 3463 | failf(conn->data, OSSL_PACKAGE " SSL_write: %s, errno %d",
|
---|
| 3464 | SSL_ERROR_to_str(err), SOCKERRNO);
|
---|
| 3465 | *curlcode = CURLE_SEND_ERROR;
|
---|
| 3466 | return -1;
|
---|
| 3467 | }
|
---|
| 3468 | *curlcode = CURLE_OK;
|
---|
| 3469 | return (ssize_t)rc; /* number of bytes */
|
---|
| 3470 | }
|
---|
| 3471 |
|
---|
| 3472 | static ssize_t ossl_recv(struct connectdata *conn, /* connection data */
|
---|
| 3473 | int num, /* socketindex */
|
---|
| 3474 | char *buf, /* store read data here */
|
---|
| 3475 | size_t buffersize, /* max amount to read */
|
---|
| 3476 | CURLcode *curlcode)
|
---|
| 3477 | {
|
---|
| 3478 | char error_buffer[256];
|
---|
| 3479 | unsigned long sslerror;
|
---|
| 3480 | ssize_t nread;
|
---|
| 3481 | int buffsize;
|
---|
| 3482 | struct ssl_connect_data *connssl = &conn->ssl[num];
|
---|
| 3483 |
|
---|
| 3484 | ERR_clear_error();
|
---|
| 3485 |
|
---|
| 3486 | buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize;
|
---|
| 3487 | nread = (ssize_t)SSL_read(BACKEND->handle, buf, buffsize);
|
---|
| 3488 | if(nread <= 0) {
|
---|
| 3489 | /* failed SSL_read */
|
---|
| 3490 | int err = SSL_get_error(BACKEND->handle, (int)nread);
|
---|
| 3491 |
|
---|
| 3492 | switch(err) {
|
---|
| 3493 | case SSL_ERROR_NONE: /* this is not an error */
|
---|
| 3494 | case SSL_ERROR_ZERO_RETURN: /* no more data */
|
---|
| 3495 | break;
|
---|
| 3496 | case SSL_ERROR_WANT_READ:
|
---|
| 3497 | case SSL_ERROR_WANT_WRITE:
|
---|
| 3498 | /* there's data pending, re-invoke SSL_read() */
|
---|
| 3499 | *curlcode = CURLE_AGAIN;
|
---|
| 3500 | return -1;
|
---|
| 3501 | default:
|
---|
| 3502 | /* openssl/ssl.h for SSL_ERROR_SYSCALL says "look at error stack/return
|
---|
| 3503 | value/errno" */
|
---|
| 3504 | /* https://www.openssl.org/docs/crypto/ERR_get_error.html */
|
---|
| 3505 | sslerror = ERR_get_error();
|
---|
| 3506 | if((nread < 0) || sslerror) {
|
---|
| 3507 | /* If the return code was negative or there actually is an error in the
|
---|
| 3508 | queue */
|
---|
| 3509 | failf(conn->data, OSSL_PACKAGE " SSL_read: %s, errno %d",
|
---|
| 3510 | (sslerror ?
|
---|
| 3511 | ossl_strerror(sslerror, error_buffer, sizeof(error_buffer)) :
|
---|
| 3512 | SSL_ERROR_to_str(err)),
|
---|
| 3513 | SOCKERRNO);
|
---|
| 3514 | *curlcode = CURLE_RECV_ERROR;
|
---|
| 3515 | return -1;
|
---|
| 3516 | }
|
---|
| 3517 | }
|
---|
| 3518 | }
|
---|
| 3519 | return nread;
|
---|
| 3520 | }
|
---|
| 3521 |
|
---|
| 3522 | static size_t Curl_ossl_version(char *buffer, size_t size)
|
---|
| 3523 | {
|
---|
| 3524 | #ifdef OPENSSL_IS_BORINGSSL
|
---|
| 3525 | return snprintf(buffer, size, OSSL_PACKAGE);
|
---|
| 3526 | #else /* OPENSSL_IS_BORINGSSL */
|
---|
| 3527 | char sub[3];
|
---|
| 3528 | unsigned long ssleay_value;
|
---|
| 3529 | sub[2]='\0';
|
---|
| 3530 | sub[1]='\0';
|
---|
| 3531 | ssleay_value = OpenSSL_version_num();
|
---|
| 3532 | if(ssleay_value < 0x906000) {
|
---|
| 3533 | ssleay_value = SSLEAY_VERSION_NUMBER;
|
---|
| 3534 | sub[0]='\0';
|
---|
| 3535 | }
|
---|
| 3536 | else {
|
---|
| 3537 | if(ssleay_value&0xff0) {
|
---|
| 3538 | int minor_ver = (ssleay_value >> 4) & 0xff;
|
---|
| 3539 | if(minor_ver > 26) {
|
---|
| 3540 | /* handle extended version introduced for 0.9.8za */
|
---|
| 3541 | sub[1] = (char) ((minor_ver - 1) % 26 + 'a' + 1);
|
---|
| 3542 | sub[0] = 'z';
|
---|
| 3543 | }
|
---|
| 3544 | else {
|
---|
| 3545 | sub[0] = (char) (minor_ver + 'a' - 1);
|
---|
| 3546 | }
|
---|
| 3547 | }
|
---|
| 3548 | else
|
---|
| 3549 | sub[0]='\0';
|
---|
| 3550 | }
|
---|
| 3551 |
|
---|
| 3552 | return snprintf(buffer, size, "%s/%lx.%lx.%lx%s",
|
---|
| 3553 | OSSL_PACKAGE,
|
---|
| 3554 | (ssleay_value>>28)&0xf,
|
---|
| 3555 | (ssleay_value>>20)&0xff,
|
---|
| 3556 | (ssleay_value>>12)&0xff,
|
---|
| 3557 | sub);
|
---|
| 3558 | #endif /* OPENSSL_IS_BORINGSSL */
|
---|
| 3559 | }
|
---|
| 3560 |
|
---|
| 3561 | /* can be called with data == NULL */
|
---|
| 3562 | static CURLcode Curl_ossl_random(struct Curl_easy *data,
|
---|
| 3563 | unsigned char *entropy, size_t length)
|
---|
| 3564 | {
|
---|
| 3565 | int rc;
|
---|
| 3566 | if(data) {
|
---|
| 3567 | if(Curl_ossl_seed(data)) /* Initiate the seed if not already done */
|
---|
| 3568 | return CURLE_FAILED_INIT; /* couldn't seed for some reason */
|
---|
| 3569 | }
|
---|
| 3570 | else {
|
---|
| 3571 | if(!rand_enough())
|
---|
| 3572 | return CURLE_FAILED_INIT;
|
---|
| 3573 | }
|
---|
| 3574 | /* RAND_bytes() returns 1 on success, 0 otherwise. */
|
---|
| 3575 | rc = RAND_bytes(entropy, curlx_uztosi(length));
|
---|
| 3576 | return (rc == 1 ? CURLE_OK : CURLE_FAILED_INIT);
|
---|
| 3577 | }
|
---|
| 3578 |
|
---|
| 3579 | static CURLcode Curl_ossl_md5sum(unsigned char *tmp, /* input */
|
---|
| 3580 | size_t tmplen,
|
---|
| 3581 | unsigned char *md5sum /* output */,
|
---|
| 3582 | size_t unused)
|
---|
| 3583 | {
|
---|
| 3584 | MD5_CTX MD5pw;
|
---|
| 3585 | (void)unused;
|
---|
| 3586 | MD5_Init(&MD5pw);
|
---|
| 3587 | MD5_Update(&MD5pw, tmp, tmplen);
|
---|
| 3588 | MD5_Final(md5sum, &MD5pw);
|
---|
| 3589 | return CURLE_OK;
|
---|
| 3590 | }
|
---|
| 3591 |
|
---|
| 3592 | #if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
|
---|
| 3593 | static void Curl_ossl_sha256sum(const unsigned char *tmp, /* input */
|
---|
| 3594 | size_t tmplen,
|
---|
| 3595 | unsigned char *sha256sum /* output */,
|
---|
| 3596 | size_t unused)
|
---|
| 3597 | {
|
---|
| 3598 | SHA256_CTX SHA256pw;
|
---|
| 3599 | (void)unused;
|
---|
| 3600 | SHA256_Init(&SHA256pw);
|
---|
| 3601 | SHA256_Update(&SHA256pw, tmp, tmplen);
|
---|
| 3602 | SHA256_Final(sha256sum, &SHA256pw);
|
---|
| 3603 | }
|
---|
| 3604 | #endif
|
---|
| 3605 |
|
---|
| 3606 | static bool Curl_ossl_cert_status_request(void)
|
---|
| 3607 | {
|
---|
| 3608 | #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
|
---|
| 3609 | !defined(OPENSSL_NO_OCSP)
|
---|
| 3610 | return TRUE;
|
---|
| 3611 | #else
|
---|
| 3612 | return FALSE;
|
---|
| 3613 | #endif
|
---|
| 3614 | }
|
---|
| 3615 |
|
---|
| 3616 | static void *Curl_ossl_get_internals(struct ssl_connect_data *connssl,
|
---|
| 3617 | CURLINFO info)
|
---|
| 3618 | {
|
---|
| 3619 | /* Legacy: CURLINFO_TLS_SESSION must return an SSL_CTX pointer. */
|
---|
| 3620 | return info == CURLINFO_TLS_SESSION ?
|
---|
| 3621 | (void *)BACKEND->ctx : (void *)BACKEND->handle;
|
---|
| 3622 | }
|
---|
| 3623 |
|
---|
| 3624 | const struct Curl_ssl Curl_ssl_openssl = {
|
---|
| 3625 | { CURLSSLBACKEND_OPENSSL, "openssl" }, /* info */
|
---|
| 3626 |
|
---|
| 3627 | 1, /* have_ca_path */
|
---|
| 3628 | 1, /* have_certinfo */
|
---|
| 3629 | 1, /* have_pinnedpubkey */
|
---|
| 3630 | 1, /* have_ssl_ctx */
|
---|
| 3631 | 1, /* support_https_proxy */
|
---|
| 3632 |
|
---|
| 3633 | sizeof(struct ssl_backend_data),
|
---|
| 3634 |
|
---|
| 3635 | Curl_ossl_init, /* init */
|
---|
| 3636 | Curl_ossl_cleanup, /* cleanup */
|
---|
| 3637 | Curl_ossl_version, /* version */
|
---|
| 3638 | Curl_ossl_check_cxn, /* check_cxn */
|
---|
| 3639 | Curl_ossl_shutdown, /* shutdown */
|
---|
| 3640 | Curl_ossl_data_pending, /* data_pending */
|
---|
| 3641 | Curl_ossl_random, /* random */
|
---|
| 3642 | Curl_ossl_cert_status_request, /* cert_status_request */
|
---|
| 3643 | Curl_ossl_connect, /* connect */
|
---|
| 3644 | Curl_ossl_connect_nonblocking, /* connect_nonblocking */
|
---|
| 3645 | Curl_ossl_get_internals, /* get_internals */
|
---|
| 3646 | Curl_ossl_close, /* close_one */
|
---|
| 3647 | Curl_ossl_close_all, /* close_all */
|
---|
| 3648 | Curl_ossl_session_free, /* session_free */
|
---|
| 3649 | Curl_ossl_set_engine, /* set_engine */
|
---|
| 3650 | Curl_ossl_set_engine_default, /* set_engine_default */
|
---|
| 3651 | Curl_ossl_engines_list, /* engines_list */
|
---|
| 3652 | Curl_none_false_start, /* false_start */
|
---|
| 3653 | Curl_ossl_md5sum, /* md5sum */
|
---|
| 3654 | #if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
|
---|
| 3655 | Curl_ossl_sha256sum /* sha256sum */
|
---|
| 3656 | #else
|
---|
| 3657 | NULL /* sha256sum */
|
---|
| 3658 | #endif
|
---|
| 3659 | };
|
---|
| 3660 |
|
---|
| 3661 | #endif /* USE_OPENSSL */
|
---|