1 /***************************************************************************
2  *                                  _   _ ____  _
3  *  Project                     ___| | | |  _ \| |
4  *                             / __| | | | |_) | |
5  *                            | (__| |_| |  _ <| |___
6  *                             \___|\___/|_| \_\_____|
7  *
8  * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
9  *
10  * This software is licensed as described in the file COPYING, which
11  * you should have received as part of this distribution. The terms
12  * are also available at https://curl.haxx.se/docs/copyright.html.
13  *
14  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15  * copies of the Software, and permit persons to whom the Software is
16  * furnished to do so, under the terms of the COPYING file.
17  *
18  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19  * KIND, either express or implied.
20  *
21  ***************************************************************************/
22 
23 /*
24  * Source file for all CyaSSL-specific code for the TLS/SSL layer. No code
25  * but vtls.c should ever call or use these functions.
26  *
27  */
28 
29 #include "curl_setup.h"
30 
31 #ifdef USE_CYASSL
32 
33 #define WOLFSSL_OPTIONS_IGNORE_SYS
34 /* CyaSSL's version.h, which should contain only the version, should come
35 before all other CyaSSL includes and be immediately followed by build config
36 aka options.h. https://curl.haxx.se/mail/lib-2015-04/0069.html */
37 #include <cyassl/version.h>
38 #if defined(HAVE_CYASSL_OPTIONS_H) && (LIBCYASSL_VERSION_HEX > 0x03004008)
39 #if defined(CYASSL_API) || defined(WOLFSSL_API)
40 /* Safety measure. If either is defined some API include was already included
41 and that's a problem since options.h hasn't been included yet. */
42 #error "CyaSSL API was included before the CyaSSL build options."
43 #endif
44 #include <cyassl/options.h>
45 #endif
46 
47 #ifdef HAVE_LIMITS_H
48 #include <limits.h>
49 #endif
50 
51 #include "urldata.h"
52 #include "sendf.h"
53 #include "inet_pton.h"
54 #include "vtls.h"
55 #include "parsedate.h"
56 #include "connect.h" /* for the connect timeout */
57 #include "select.h"
58 #include "strcase.h"
59 #include "x509asn1.h"
60 #include "curl_printf.h"
61 
62 #include <cyassl/ssl.h>
63 #ifdef HAVE_CYASSL_ERROR_SSL_H
64 #include <cyassl/error-ssl.h>
65 #else
66 #include <cyassl/error.h>
67 #endif
68 #include <cyassl/ctaocrypt/random.h>
69 #include <cyassl/ctaocrypt/sha256.h>
70 
71 #include "cyassl.h"
72 
73 /* The last #include files should be: */
74 #include "curl_memory.h"
75 #include "memdebug.h"
76 
77 #if LIBCYASSL_VERSION_HEX < 0x02007002 /* < 2.7.2 */
78 #define CYASSL_MAX_ERROR_SZ 80
79 #endif
80 
81 /* To determine what functions are available we rely on one or both of:
82    - the user's options.h generated by CyaSSL/wolfSSL
83    - the symbols detected by curl's configure
84    Since they are markedly different from one another, and one or the other may
85    not be available, we do some checking below to bring things in sync. */
86 
87 /* HAVE_ALPN is wolfSSL's build time symbol for enabling ALPN in options.h. */
88 #ifndef HAVE_ALPN
89 #ifdef HAVE_WOLFSSL_USEALPN
90 #define HAVE_ALPN
91 #endif
92 #endif
93 
94 /* WOLFSSL_ALLOW_SSLV3 is wolfSSL's build time symbol for enabling SSLv3 in
95    options.h, but is only seen in >= 3.6.6 since that's when they started
96    disabling SSLv3 by default. */
97 #ifndef WOLFSSL_ALLOW_SSLV3
98 #if (LIBCYASSL_VERSION_HEX < 0x03006006) || \
99     defined(HAVE_WOLFSSLV3_CLIENT_METHOD)
100 #define WOLFSSL_ALLOW_SSLV3
101 #endif
102 #endif
103 
104 /* HAVE_SUPPORTED_CURVES is wolfSSL's build time symbol for enabling the ECC
105    supported curve extension in options.h. Note ECC is enabled separately. */
106 #ifndef HAVE_SUPPORTED_CURVES
107 #if defined(HAVE_CYASSL_CTX_USESUPPORTEDCURVE) || \
108     defined(HAVE_WOLFSSL_CTX_USESUPPORTEDCURVE)
109 #define HAVE_SUPPORTED_CURVES
110 #endif
111 #endif
112 
113 static Curl_recv cyassl_recv;
114 static Curl_send cyassl_send;
115 
116 
do_file_type(const char * type)117 static int do_file_type(const char *type)
118 {
119   if(!type || !type[0])
120     return SSL_FILETYPE_PEM;
121   if(strcasecompare(type, "PEM"))
122     return SSL_FILETYPE_PEM;
123   if(strcasecompare(type, "DER"))
124     return SSL_FILETYPE_ASN1;
125   return -1;
126 }
127 
128 /*
129  * This function loads all the client/CA certificates and CRLs. Setup the TLS
130  * layer and do all necessary magic.
131  */
132 static CURLcode
cyassl_connect_step1(struct connectdata * conn,int sockindex)133 cyassl_connect_step1(struct connectdata *conn,
134                      int sockindex)
135 {
136   char error_buffer[CYASSL_MAX_ERROR_SZ];
137   char *ciphers;
138   struct Curl_easy *data = conn->data;
139   struct ssl_connect_data* conssl = &conn->ssl[sockindex];
140   SSL_METHOD* req_method = NULL;
141   curl_socket_t sockfd = conn->sock[sockindex];
142 #ifdef HAVE_SNI
143   bool sni = FALSE;
144 #define use_sni(x)  sni = (x)
145 #else
146 #define use_sni(x)  Curl_nop_stmt
147 #endif
148 
149   if(conssl->state == ssl_connection_complete)
150     return CURLE_OK;
151 
152   /* check to see if we've been told to use an explicit SSL/TLS version */
153   switch(SSL_CONN_CONFIG(version)) {
154   case CURL_SSLVERSION_DEFAULT:
155   case CURL_SSLVERSION_TLSv1:
156 #if LIBCYASSL_VERSION_HEX >= 0x03003000 /* >= 3.3.0 */
157     /* minimum protocol version is set later after the CTX object is created */
158     req_method = SSLv23_client_method();
159 #else
160     infof(data, "CyaSSL <3.3.0 cannot be configured to use TLS 1.0-1.2, "
161           "TLS 1.0 is used exclusively\n");
162     req_method = TLSv1_client_method();
163 #endif
164     use_sni(TRUE);
165     break;
166   case CURL_SSLVERSION_TLSv1_0:
167     req_method = TLSv1_client_method();
168     use_sni(TRUE);
169     break;
170   case CURL_SSLVERSION_TLSv1_1:
171     req_method = TLSv1_1_client_method();
172     use_sni(TRUE);
173     break;
174   case CURL_SSLVERSION_TLSv1_2:
175     req_method = TLSv1_2_client_method();
176     use_sni(TRUE);
177     break;
178   case CURL_SSLVERSION_TLSv1_3:
179     failf(data, "CyaSSL: TLS 1.3 is not yet supported");
180     return CURLE_SSL_CONNECT_ERROR;
181   case CURL_SSLVERSION_SSLv3:
182 #ifdef WOLFSSL_ALLOW_SSLV3
183     req_method = SSLv3_client_method();
184     use_sni(FALSE);
185 #else
186     failf(data, "CyaSSL does not support SSLv3");
187     return CURLE_NOT_BUILT_IN;
188 #endif
189     break;
190   case CURL_SSLVERSION_SSLv2:
191     failf(data, "CyaSSL does not support SSLv2");
192     return CURLE_SSL_CONNECT_ERROR;
193   default:
194     failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
195     return CURLE_SSL_CONNECT_ERROR;
196   }
197 
198   if(!req_method) {
199     failf(data, "SSL: couldn't create a method!");
200     return CURLE_OUT_OF_MEMORY;
201   }
202 
203   if(conssl->ctx)
204     SSL_CTX_free(conssl->ctx);
205   conssl->ctx = SSL_CTX_new(req_method);
206 
207   if(!conssl->ctx) {
208     failf(data, "SSL: couldn't create a context!");
209     return CURLE_OUT_OF_MEMORY;
210   }
211 
212   switch(SSL_CONN_CONFIG(version)) {
213   case CURL_SSLVERSION_DEFAULT:
214   case CURL_SSLVERSION_TLSv1:
215 #if LIBCYASSL_VERSION_HEX > 0x03004006 /* > 3.4.6 */
216     /* Versions 3.3.0 to 3.4.6 we know the minimum protocol version is whatever
217     minimum version of TLS was built in and at least TLS 1.0. For later library
218     versions that could change (eg TLS 1.0 built in but defaults to TLS 1.1) so
219     we have this short circuit evaluation to find the minimum supported TLS
220     version. We use wolfSSL_CTX_SetMinVersion and not CyaSSL_SetMinVersion
221     because only the former will work before the user's CTX callback is called.
222     */
223     if((wolfSSL_CTX_SetMinVersion(conssl->ctx, WOLFSSL_TLSV1) != 1) &&
224        (wolfSSL_CTX_SetMinVersion(conssl->ctx, WOLFSSL_TLSV1_1) != 1) &&
225        (wolfSSL_CTX_SetMinVersion(conssl->ctx, WOLFSSL_TLSV1_2) != 1)) {
226       failf(data, "SSL: couldn't set the minimum protocol version");
227       return CURLE_SSL_CONNECT_ERROR;
228     }
229 #endif
230     break;
231   }
232 
233   ciphers = SSL_CONN_CONFIG(cipher_list);
234   if(ciphers) {
235     if(!SSL_CTX_set_cipher_list(conssl->ctx, ciphers)) {
236       failf(data, "failed setting cipher list: %s", ciphers);
237       return CURLE_SSL_CIPHER;
238     }
239     infof(data, "Cipher selection: %s\n", ciphers);
240   }
241 
242 #ifndef NO_FILESYSTEM
243   /* load trusted cacert */
244   if(SSL_CONN_CONFIG(CAfile)) {
245     if(1 != SSL_CTX_load_verify_locations(conssl->ctx,
246                                       SSL_CONN_CONFIG(CAfile),
247                                       SSL_CONN_CONFIG(CApath))) {
248       if(SSL_CONN_CONFIG(verifypeer)) {
249         /* Fail if we insist on successfully verifying the server. */
250         failf(data, "error setting certificate verify locations:\n"
251               "  CAfile: %s\n  CApath: %s",
252               SSL_CONN_CONFIG(CAfile)?
253               SSL_CONN_CONFIG(CAfile): "none",
254               SSL_CONN_CONFIG(CApath)?
255               SSL_CONN_CONFIG(CApath) : "none");
256         return CURLE_SSL_CACERT_BADFILE;
257       }
258       else {
259         /* Just continue with a warning if no strict certificate
260            verification is required. */
261         infof(data, "error setting certificate verify locations,"
262               " continuing anyway:\n");
263       }
264     }
265     else {
266       /* Everything is fine. */
267       infof(data, "successfully set certificate verify locations:\n");
268     }
269     infof(data,
270           "  CAfile: %s\n"
271           "  CApath: %s\n",
272           SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile):
273           "none",
274           SSL_CONN_CONFIG(CApath) ? SSL_CONN_CONFIG(CApath):
275           "none");
276   }
277 
278   /* Load the client certificate, and private key */
279   if(SSL_SET_OPTION(cert) && SSL_SET_OPTION(key)) {
280     int file_type = do_file_type(SSL_SET_OPTION(cert_type));
281 
282     if(SSL_CTX_use_certificate_file(conssl->ctx, SSL_SET_OPTION(cert),
283                                      file_type) != 1) {
284       failf(data, "unable to use client certificate (no key or wrong pass"
285             " phrase?)");
286       return CURLE_SSL_CONNECT_ERROR;
287     }
288 
289     file_type = do_file_type(SSL_SET_OPTION(key_type));
290     if(SSL_CTX_use_PrivateKey_file(conssl->ctx, SSL_SET_OPTION(key),
291                                     file_type) != 1) {
292       failf(data, "unable to set private key");
293       return CURLE_SSL_CONNECT_ERROR;
294     }
295   }
296 #endif /* !NO_FILESYSTEM */
297 
298   /* SSL always tries to verify the peer, this only says whether it should
299    * fail to connect if the verification fails, or if it should continue
300    * anyway. In the latter case the result of the verification is checked with
301    * SSL_get_verify_result() below. */
302   SSL_CTX_set_verify(conssl->ctx,
303                      SSL_CONN_CONFIG(verifypeer)?SSL_VERIFY_PEER:
304                                                  SSL_VERIFY_NONE,
305                      NULL);
306 
307 #ifdef HAVE_SNI
308   if(sni) {
309     struct in_addr addr4;
310 #ifdef ENABLE_IPV6
311     struct in6_addr addr6;
312 #endif
313     const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
314       conn->host.name;
315     size_t hostname_len = strlen(hostname);
316     if((hostname_len < USHRT_MAX) &&
317        (0 == Curl_inet_pton(AF_INET, hostname, &addr4)) &&
318 #ifdef ENABLE_IPV6
319        (0 == Curl_inet_pton(AF_INET6, hostname, &addr6)) &&
320 #endif
321        (CyaSSL_CTX_UseSNI(conssl->ctx, CYASSL_SNI_HOST_NAME, hostname,
322                           (unsigned short)hostname_len) != 1)) {
323       infof(data, "WARNING: failed to configure server name indication (SNI) "
324             "TLS extension\n");
325     }
326   }
327 #endif
328 
329 #ifdef HAVE_SUPPORTED_CURVES
330   /* CyaSSL/wolfSSL does not send the supported ECC curves ext automatically:
331      https://github.com/wolfSSL/wolfssl/issues/366
332      The supported curves below are those also supported by OpenSSL 1.0.2 and
333      in the same order. */
334   CyaSSL_CTX_UseSupportedCurve(conssl->ctx, 0x17); /* secp256r1 */
335   CyaSSL_CTX_UseSupportedCurve(conssl->ctx, 0x19); /* secp521r1 */
336   CyaSSL_CTX_UseSupportedCurve(conssl->ctx, 0x18); /* secp384r1 */
337 #endif
338 
339   /* give application a chance to interfere with SSL set up. */
340   if(data->set.ssl.fsslctx) {
341     CURLcode result = CURLE_OK;
342     result = (*data->set.ssl.fsslctx)(data, conssl->ctx,
343                                       data->set.ssl.fsslctxp);
344     if(result) {
345       failf(data, "error signaled by ssl ctx callback");
346       return result;
347     }
348   }
349 #ifdef NO_FILESYSTEM
350   else if(SSL_CONN_CONFIG(verifypeer)) {
351     failf(data, "SSL: Certificates couldn't be loaded because CyaSSL was built"
352           " with \"no filesystem\". Either disable peer verification"
353           " (insecure) or if you are building an application with libcurl you"
354           " can load certificates via CURLOPT_SSL_CTX_FUNCTION.");
355     return CURLE_SSL_CONNECT_ERROR;
356   }
357 #endif
358 
359   /* Let's make an SSL structure */
360   if(conssl->handle)
361     SSL_free(conssl->handle);
362   conssl->handle = SSL_new(conssl->ctx);
363   if(!conssl->handle) {
364     failf(data, "SSL: couldn't create a context (handle)!");
365     return CURLE_OUT_OF_MEMORY;
366   }
367 
368 #ifdef HAVE_ALPN
369   if(conn->bits.tls_enable_alpn) {
370     char protocols[128];
371     *protocols = '\0';
372 
373     /* wolfSSL's ALPN protocol name list format is a comma separated string of
374        protocols in descending order of preference, eg: "h2,http/1.1" */
375 
376 #ifdef USE_NGHTTP2
377     if(data->set.httpversion >= CURL_HTTP_VERSION_2) {
378       strcpy(protocols + strlen(protocols), NGHTTP2_PROTO_VERSION_ID ",");
379       infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
380     }
381 #endif
382 
383     strcpy(protocols + strlen(protocols), ALPN_HTTP_1_1);
384     infof(data, "ALPN, offering %s\n", ALPN_HTTP_1_1);
385 
386     if(wolfSSL_UseALPN(conssl->handle, protocols,
387                        (unsigned)strlen(protocols),
388                        WOLFSSL_ALPN_CONTINUE_ON_MISMATCH) != SSL_SUCCESS) {
389       failf(data, "SSL: failed setting ALPN protocols");
390       return CURLE_SSL_CONNECT_ERROR;
391     }
392   }
393 #endif /* HAVE_ALPN */
394 
395   /* Check if there's a cached ID we can/should use here! */
396   if(data->set.general_ssl.sessionid) {
397     void *ssl_sessionid = NULL;
398 
399     Curl_ssl_sessionid_lock(conn);
400     if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) {
401       /* we got a session id, use it! */
402       if(!SSL_set_session(conssl->handle, ssl_sessionid)) {
403         Curl_ssl_sessionid_unlock(conn);
404         failf(data, "SSL: SSL_set_session failed: %s",
405               ERR_error_string(SSL_get_error(conssl->handle, 0),
406               error_buffer));
407         return CURLE_SSL_CONNECT_ERROR;
408       }
409       /* Informational message */
410       infof(data, "SSL re-using session ID\n");
411     }
412     Curl_ssl_sessionid_unlock(conn);
413   }
414 
415   /* pass the raw socket into the SSL layer */
416   if(!SSL_set_fd(conssl->handle, (int)sockfd)) {
417     failf(data, "SSL: SSL_set_fd failed");
418     return CURLE_SSL_CONNECT_ERROR;
419   }
420 
421   conssl->connecting_state = ssl_connect_2;
422   return CURLE_OK;
423 }
424 
425 
426 static CURLcode
cyassl_connect_step2(struct connectdata * conn,int sockindex)427 cyassl_connect_step2(struct connectdata *conn,
428                      int sockindex)
429 {
430   int ret = -1;
431   struct Curl_easy *data = conn->data;
432   struct ssl_connect_data* conssl = &conn->ssl[sockindex];
433   const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
434     conn->host.name;
435   const char * const dispname = SSL_IS_PROXY() ?
436     conn->http_proxy.host.dispname : conn->host.dispname;
437   const char * const pinnedpubkey = SSL_IS_PROXY() ?
438                         data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
439                         data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
440 
441   conn->recv[sockindex] = cyassl_recv;
442   conn->send[sockindex] = cyassl_send;
443 
444   /* Enable RFC2818 checks */
445   if(SSL_CONN_CONFIG(verifyhost)) {
446     ret = CyaSSL_check_domain_name(conssl->handle, hostname);
447     if(ret == SSL_FAILURE)
448       return CURLE_OUT_OF_MEMORY;
449   }
450 
451   ret = SSL_connect(conssl->handle);
452   if(ret != 1) {
453     char error_buffer[CYASSL_MAX_ERROR_SZ];
454     int  detail = SSL_get_error(conssl->handle, ret);
455 
456     if(SSL_ERROR_WANT_READ == detail) {
457       conssl->connecting_state = ssl_connect_2_reading;
458       return CURLE_OK;
459     }
460     else if(SSL_ERROR_WANT_WRITE == detail) {
461       conssl->connecting_state = ssl_connect_2_writing;
462       return CURLE_OK;
463     }
464     /* There is no easy way to override only the CN matching.
465      * This will enable the override of both mismatching SubjectAltNames
466      * as also mismatching CN fields */
467     else if(DOMAIN_NAME_MISMATCH == detail) {
468 #if 1
469       failf(data, "\tsubject alt name(s) or common name do not match \"%s\"\n",
470             dispname);
471       return CURLE_PEER_FAILED_VERIFICATION;
472 #else
473       /* When the CyaSSL_check_domain_name() is used and you desire to continue
474        * on a DOMAIN_NAME_MISMATCH, i.e. 'conn->ssl_config.verifyhost == 0',
475        * CyaSSL version 2.4.0 will fail with an INCOMPLETE_DATA error. The only
476        * way to do this is currently to switch the CyaSSL_check_domain_name()
477        * in and out based on the 'conn->ssl_config.verifyhost' value. */
478       if(SSL_CONN_CONFIG(verifyhost)) {
479         failf(data,
480               "\tsubject alt name(s) or common name do not match \"%s\"\n",
481               dispname);
482         return CURLE_PEER_FAILED_VERIFICATION;
483       }
484       else {
485         infof(data,
486               "\tsubject alt name(s) and/or common name do not match \"%s\"\n",
487               dispname);
488         return CURLE_OK;
489       }
490 #endif
491     }
492 #if LIBCYASSL_VERSION_HEX >= 0x02007000 /* 2.7.0 */
493     else if(ASN_NO_SIGNER_E == detail) {
494       if(SSL_CONN_CONFIG(verifypeer)) {
495         failf(data, "\tCA signer not available for verification\n");
496         return CURLE_SSL_CACERT_BADFILE;
497       }
498       else {
499         /* Just continue with a warning if no strict certificate
500            verification is required. */
501         infof(data, "CA signer not available for verification, "
502                     "continuing anyway\n");
503       }
504     }
505 #endif
506     else {
507       failf(data, "SSL_connect failed with error %d: %s", detail,
508           ERR_error_string(detail, error_buffer));
509       return CURLE_SSL_CONNECT_ERROR;
510     }
511   }
512 
513   if(pinnedpubkey) {
514 #ifdef KEEP_PEER_CERT
515     X509 *x509;
516     const char *x509_der;
517     int x509_der_len;
518     curl_X509certificate x509_parsed;
519     curl_asn1Element *pubkey;
520     CURLcode result;
521 
522     x509 = SSL_get_peer_certificate(conssl->handle);
523     if(!x509) {
524       failf(data, "SSL: failed retrieving server certificate");
525       return CURLE_SSL_PINNEDPUBKEYNOTMATCH;
526     }
527 
528     x509_der = (const char *)CyaSSL_X509_get_der(x509, &x509_der_len);
529     if(!x509_der) {
530       failf(data, "SSL: failed retrieving ASN.1 server certificate");
531       return CURLE_SSL_PINNEDPUBKEYNOTMATCH;
532     }
533 
534     memset(&x509_parsed, 0, sizeof x509_parsed);
535     if(Curl_parseX509(&x509_parsed, x509_der, x509_der + x509_der_len))
536       return CURLE_SSL_PINNEDPUBKEYNOTMATCH;
537 
538     pubkey = &x509_parsed.subjectPublicKeyInfo;
539     if(!pubkey->header || pubkey->end <= pubkey->header) {
540       failf(data, "SSL: failed retrieving public key from server certificate");
541       return CURLE_SSL_PINNEDPUBKEYNOTMATCH;
542     }
543 
544     result = Curl_pin_peer_pubkey(data,
545                                   pinnedpubkey,
546                                   (const unsigned char *)pubkey->header,
547                                   (size_t)(pubkey->end - pubkey->header));
548     if(result) {
549       failf(data, "SSL: public key does not match pinned public key!");
550       return result;
551     }
552 #else
553     failf(data, "Library lacks pinning support built-in");
554     return CURLE_NOT_BUILT_IN;
555 #endif
556   }
557 
558 #ifdef HAVE_ALPN
559   if(conn->bits.tls_enable_alpn) {
560     int rc;
561     char *protocol = NULL;
562     unsigned short protocol_len = 0;
563 
564     rc = wolfSSL_ALPN_GetProtocol(conssl->handle, &protocol, &protocol_len);
565 
566     if(rc == SSL_SUCCESS) {
567       infof(data, "ALPN, server accepted to use %.*s\n", protocol_len,
568             protocol);
569 
570       if(protocol_len == ALPN_HTTP_1_1_LENGTH &&
571          !memcmp(protocol, ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH))
572         conn->negnpn = CURL_HTTP_VERSION_1_1;
573 #ifdef USE_NGHTTP2
574       else if(data->set.httpversion >= CURL_HTTP_VERSION_2 &&
575               protocol_len == NGHTTP2_PROTO_VERSION_ID_LEN &&
576               !memcmp(protocol, NGHTTP2_PROTO_VERSION_ID,
577                       NGHTTP2_PROTO_VERSION_ID_LEN))
578         conn->negnpn = CURL_HTTP_VERSION_2;
579 #endif
580       else
581         infof(data, "ALPN, unrecognized protocol %.*s\n", protocol_len,
582               protocol);
583     }
584     else if(rc == SSL_ALPN_NOT_FOUND)
585       infof(data, "ALPN, server did not agree to a protocol\n");
586     else {
587       failf(data, "ALPN, failure getting protocol, error %d", rc);
588       return CURLE_SSL_CONNECT_ERROR;
589     }
590   }
591 #endif /* HAVE_ALPN */
592 
593   conssl->connecting_state = ssl_connect_3;
594 #if (LIBCYASSL_VERSION_HEX >= 0x03009010)
595   infof(data, "SSL connection using %s / %s\n",
596         wolfSSL_get_version(conssl->handle),
597         wolfSSL_get_cipher_name(conssl->handle));
598 #else
599   infof(data, "SSL connected\n");
600 #endif
601 
602   return CURLE_OK;
603 }
604 
605 
606 static CURLcode
cyassl_connect_step3(struct connectdata * conn,int sockindex)607 cyassl_connect_step3(struct connectdata *conn,
608                      int sockindex)
609 {
610   CURLcode result = CURLE_OK;
611   struct Curl_easy *data = conn->data;
612   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
613 
614   DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
615 
616   if(data->set.general_ssl.sessionid) {
617     bool incache;
618     SSL_SESSION *our_ssl_sessionid;
619     void *old_ssl_sessionid = NULL;
620 
621     our_ssl_sessionid = SSL_get_session(connssl->handle);
622 
623     Curl_ssl_sessionid_lock(conn);
624     incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL,
625                                       sockindex));
626     if(incache) {
627       if(old_ssl_sessionid != our_ssl_sessionid) {
628         infof(data, "old SSL session ID is stale, removing\n");
629         Curl_ssl_delsessionid(conn, old_ssl_sessionid);
630         incache = FALSE;
631       }
632     }
633 
634     if(!incache) {
635       result = Curl_ssl_addsessionid(conn, our_ssl_sessionid,
636                                      0 /* unknown size */, sockindex);
637       if(result) {
638         Curl_ssl_sessionid_unlock(conn);
639         failf(data, "failed to store ssl session");
640         return result;
641       }
642     }
643     Curl_ssl_sessionid_unlock(conn);
644   }
645 
646   connssl->connecting_state = ssl_connect_done;
647 
648   return result;
649 }
650 
651 
cyassl_send(struct connectdata * conn,int sockindex,const void * mem,size_t len,CURLcode * curlcode)652 static ssize_t cyassl_send(struct connectdata *conn,
653                            int sockindex,
654                            const void *mem,
655                            size_t len,
656                            CURLcode *curlcode)
657 {
658   char error_buffer[CYASSL_MAX_ERROR_SZ];
659   int  memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len;
660   int  rc     = SSL_write(conn->ssl[sockindex].handle, mem, memlen);
661 
662   if(rc < 0) {
663     int err = SSL_get_error(conn->ssl[sockindex].handle, rc);
664 
665     switch(err) {
666     case SSL_ERROR_WANT_READ:
667     case SSL_ERROR_WANT_WRITE:
668       /* there's data pending, re-invoke SSL_write() */
669       *curlcode = CURLE_AGAIN;
670       return -1;
671     default:
672       failf(conn->data, "SSL write: %s, errno %d",
673             ERR_error_string(err, error_buffer),
674             SOCKERRNO);
675       *curlcode = CURLE_SEND_ERROR;
676       return -1;
677     }
678   }
679   return rc;
680 }
681 
Curl_cyassl_close(struct connectdata * conn,int sockindex)682 void Curl_cyassl_close(struct connectdata *conn, int sockindex)
683 {
684   struct ssl_connect_data *conssl = &conn->ssl[sockindex];
685 
686   if(conssl->handle) {
687     (void)SSL_shutdown(conssl->handle);
688     SSL_free(conssl->handle);
689     conssl->handle = NULL;
690   }
691   if(conssl->ctx) {
692     SSL_CTX_free(conssl->ctx);
693     conssl->ctx = NULL;
694   }
695 }
696 
cyassl_recv(struct connectdata * conn,int num,char * buf,size_t buffersize,CURLcode * curlcode)697 static ssize_t cyassl_recv(struct connectdata *conn,
698                            int num,
699                            char *buf,
700                            size_t buffersize,
701                            CURLcode *curlcode)
702 {
703   char error_buffer[CYASSL_MAX_ERROR_SZ];
704   int  buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize;
705   int  nread    = SSL_read(conn->ssl[num].handle, buf, buffsize);
706 
707   if(nread < 0) {
708     int err = SSL_get_error(conn->ssl[num].handle, nread);
709 
710     switch(err) {
711     case SSL_ERROR_ZERO_RETURN: /* no more data */
712       break;
713     case SSL_ERROR_WANT_READ:
714     case SSL_ERROR_WANT_WRITE:
715       /* there's data pending, re-invoke SSL_read() */
716       *curlcode = CURLE_AGAIN;
717       return -1;
718     default:
719       failf(conn->data, "SSL read: %s, errno %d",
720             ERR_error_string(err, error_buffer),
721             SOCKERRNO);
722       *curlcode = CURLE_RECV_ERROR;
723       return -1;
724     }
725   }
726   return nread;
727 }
728 
729 
Curl_cyassl_session_free(void * ptr)730 void Curl_cyassl_session_free(void *ptr)
731 {
732   (void)ptr;
733   /* CyaSSL reuses sessions on own, no free */
734 }
735 
736 
Curl_cyassl_version(char * buffer,size_t size)737 size_t Curl_cyassl_version(char *buffer, size_t size)
738 {
739 #ifdef WOLFSSL_VERSION
740   return snprintf(buffer, size, "wolfSSL/%s", WOLFSSL_VERSION);
741 #elif defined(CYASSL_VERSION)
742   return snprintf(buffer, size, "CyaSSL/%s", CYASSL_VERSION);
743 #else
744   return snprintf(buffer, size, "CyaSSL/%s", "<1.8.8");
745 #endif
746 }
747 
748 
Curl_cyassl_init(void)749 int Curl_cyassl_init(void)
750 {
751   return (CyaSSL_Init() == SSL_SUCCESS);
752 }
753 
754 
Curl_cyassl_data_pending(const struct connectdata * conn,int connindex)755 bool Curl_cyassl_data_pending(const struct connectdata* conn, int connindex)
756 {
757   if(conn->ssl[connindex].handle)   /* SSL is in use */
758     return (0 != SSL_pending(conn->ssl[connindex].handle)) ? TRUE : FALSE;
759   else
760     return FALSE;
761 }
762 
763 
764 /*
765  * This function is called to shut down the SSL layer but keep the
766  * socket open (CCC - Clear Command Channel)
767  */
Curl_cyassl_shutdown(struct connectdata * conn,int sockindex)768 int Curl_cyassl_shutdown(struct connectdata *conn, int sockindex)
769 {
770   int retval = 0;
771   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
772 
773   if(connssl->handle) {
774     SSL_free(connssl->handle);
775     connssl->handle = NULL;
776   }
777   return retval;
778 }
779 
780 
781 static CURLcode
cyassl_connect_common(struct connectdata * conn,int sockindex,bool nonblocking,bool * done)782 cyassl_connect_common(struct connectdata *conn,
783                       int sockindex,
784                       bool nonblocking,
785                       bool *done)
786 {
787   CURLcode result;
788   struct Curl_easy *data = conn->data;
789   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
790   curl_socket_t sockfd = conn->sock[sockindex];
791   time_t timeout_ms;
792   int what;
793 
794   /* check if the connection has already been established */
795   if(ssl_connection_complete == connssl->state) {
796     *done = TRUE;
797     return CURLE_OK;
798   }
799 
800   if(ssl_connect_1==connssl->connecting_state) {
801     /* Find out how much more time we're allowed */
802     timeout_ms = Curl_timeleft(data, NULL, TRUE);
803 
804     if(timeout_ms < 0) {
805       /* no need to continue if time already is up */
806       failf(data, "SSL connection timeout");
807       return CURLE_OPERATION_TIMEDOUT;
808     }
809 
810     result = cyassl_connect_step1(conn, sockindex);
811     if(result)
812       return result;
813   }
814 
815   while(ssl_connect_2 == connssl->connecting_state ||
816         ssl_connect_2_reading == connssl->connecting_state ||
817         ssl_connect_2_writing == connssl->connecting_state) {
818 
819     /* check allowed time left */
820     timeout_ms = Curl_timeleft(data, NULL, TRUE);
821 
822     if(timeout_ms < 0) {
823       /* no need to continue if time already is up */
824       failf(data, "SSL connection timeout");
825       return CURLE_OPERATION_TIMEDOUT;
826     }
827 
828     /* if ssl is expecting something, check if it's available. */
829     if(connssl->connecting_state == ssl_connect_2_reading
830        || connssl->connecting_state == ssl_connect_2_writing) {
831 
832       curl_socket_t writefd = ssl_connect_2_writing==
833         connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
834       curl_socket_t readfd = ssl_connect_2_reading==
835         connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
836 
837       what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd,
838                                nonblocking?0:timeout_ms);
839       if(what < 0) {
840         /* fatal error */
841         failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
842         return CURLE_SSL_CONNECT_ERROR;
843       }
844       else if(0 == what) {
845         if(nonblocking) {
846           *done = FALSE;
847           return CURLE_OK;
848         }
849         else {
850           /* timeout */
851           failf(data, "SSL connection timeout");
852           return CURLE_OPERATION_TIMEDOUT;
853         }
854       }
855       /* socket is readable or writable */
856     }
857 
858     /* Run transaction, and return to the caller if it failed or if
859      * this connection is part of a multi handle and this loop would
860      * execute again. This permits the owner of a multi handle to
861      * abort a connection attempt before step2 has completed while
862      * ensuring that a client using select() or epoll() will always
863      * have a valid fdset to wait on.
864      */
865     result = cyassl_connect_step2(conn, sockindex);
866     if(result || (nonblocking &&
867                   (ssl_connect_2 == connssl->connecting_state ||
868                    ssl_connect_2_reading == connssl->connecting_state ||
869                    ssl_connect_2_writing == connssl->connecting_state)))
870       return result;
871   } /* repeat step2 until all transactions are done. */
872 
873   if(ssl_connect_3 == connssl->connecting_state) {
874     result = cyassl_connect_step3(conn, sockindex);
875     if(result)
876       return result;
877   }
878 
879   if(ssl_connect_done == connssl->connecting_state) {
880     connssl->state = ssl_connection_complete;
881     conn->recv[sockindex] = cyassl_recv;
882     conn->send[sockindex] = cyassl_send;
883     *done = TRUE;
884   }
885   else
886     *done = FALSE;
887 
888   /* Reset our connect state machine */
889   connssl->connecting_state = ssl_connect_1;
890 
891   return CURLE_OK;
892 }
893 
894 
895 CURLcode
Curl_cyassl_connect_nonblocking(struct connectdata * conn,int sockindex,bool * done)896 Curl_cyassl_connect_nonblocking(struct connectdata *conn,
897                                 int sockindex,
898                                 bool *done)
899 {
900   return cyassl_connect_common(conn, sockindex, TRUE, done);
901 }
902 
903 
904 CURLcode
Curl_cyassl_connect(struct connectdata * conn,int sockindex)905 Curl_cyassl_connect(struct connectdata *conn,
906                     int sockindex)
907 {
908   CURLcode result;
909   bool done = FALSE;
910 
911   result = cyassl_connect_common(conn, sockindex, FALSE, &done);
912   if(result)
913     return result;
914 
915   DEBUGASSERT(done);
916 
917   return CURLE_OK;
918 }
919 
Curl_cyassl_random(struct Curl_easy * data,unsigned char * entropy,size_t length)920 CURLcode Curl_cyassl_random(struct Curl_easy *data,
921                             unsigned char *entropy,
922                             size_t length)
923 {
924   RNG rng;
925   (void)data;
926   if(InitRng(&rng))
927     return CURLE_FAILED_INIT;
928   if(length > UINT_MAX)
929     return CURLE_FAILED_INIT;
930   if(RNG_GenerateBlock(&rng, entropy, (unsigned)length))
931     return CURLE_FAILED_INIT;
932   return CURLE_OK;
933 }
934 
Curl_cyassl_sha256sum(const unsigned char * tmp,size_t tmplen,unsigned char * sha256sum,size_t unused)935 void Curl_cyassl_sha256sum(const unsigned char *tmp, /* input */
936                       size_t tmplen,
937                       unsigned char *sha256sum /* output */,
938                       size_t unused)
939 {
940   Sha256 SHA256pw;
941   (void)unused;
942   InitSha256(&SHA256pw);
943   Sha256Update(&SHA256pw, tmp, (word32)tmplen);
944   Sha256Final(&SHA256pw, sha256sum);
945 }
946 
947 #endif
948