1 /***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.haxx.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 ***************************************************************************/
22
23 /*
24 * Source file for all CyaSSL-specific code for the TLS/SSL layer. No code
25 * but vtls.c should ever call or use these functions.
26 *
27 */
28
29 #include "curl_setup.h"
30
31 #ifdef USE_CYASSL
32
33 #define WOLFSSL_OPTIONS_IGNORE_SYS
34 /* CyaSSL's version.h, which should contain only the version, should come
35 before all other CyaSSL includes and be immediately followed by build config
36 aka options.h. https://curl.haxx.se/mail/lib-2015-04/0069.html */
37 #include <cyassl/version.h>
38 #if defined(HAVE_CYASSL_OPTIONS_H) && (LIBCYASSL_VERSION_HEX > 0x03004008)
39 #if defined(CYASSL_API) || defined(WOLFSSL_API)
40 /* Safety measure. If either is defined some API include was already included
41 and that's a problem since options.h hasn't been included yet. */
42 #error "CyaSSL API was included before the CyaSSL build options."
43 #endif
44 #include <cyassl/options.h>
45 #endif
46
47 #ifdef HAVE_LIMITS_H
48 #include <limits.h>
49 #endif
50
51 #include "urldata.h"
52 #include "sendf.h"
53 #include "inet_pton.h"
54 #include "vtls.h"
55 #include "parsedate.h"
56 #include "connect.h" /* for the connect timeout */
57 #include "select.h"
58 #include "strcase.h"
59 #include "x509asn1.h"
60 #include "curl_printf.h"
61
62 #include <cyassl/ssl.h>
63 #ifdef HAVE_CYASSL_ERROR_SSL_H
64 #include <cyassl/error-ssl.h>
65 #else
66 #include <cyassl/error.h>
67 #endif
68 #include <cyassl/ctaocrypt/random.h>
69 #include <cyassl/ctaocrypt/sha256.h>
70
71 #include "cyassl.h"
72
73 /* The last #include files should be: */
74 #include "curl_memory.h"
75 #include "memdebug.h"
76
77 #if LIBCYASSL_VERSION_HEX < 0x02007002 /* < 2.7.2 */
78 #define CYASSL_MAX_ERROR_SZ 80
79 #endif
80
81 /* To determine what functions are available we rely on one or both of:
82 - the user's options.h generated by CyaSSL/wolfSSL
83 - the symbols detected by curl's configure
84 Since they are markedly different from one another, and one or the other may
85 not be available, we do some checking below to bring things in sync. */
86
87 /* HAVE_ALPN is wolfSSL's build time symbol for enabling ALPN in options.h. */
88 #ifndef HAVE_ALPN
89 #ifdef HAVE_WOLFSSL_USEALPN
90 #define HAVE_ALPN
91 #endif
92 #endif
93
94 /* WOLFSSL_ALLOW_SSLV3 is wolfSSL's build time symbol for enabling SSLv3 in
95 options.h, but is only seen in >= 3.6.6 since that's when they started
96 disabling SSLv3 by default. */
97 #ifndef WOLFSSL_ALLOW_SSLV3
98 #if (LIBCYASSL_VERSION_HEX < 0x03006006) || \
99 defined(HAVE_WOLFSSLV3_CLIENT_METHOD)
100 #define WOLFSSL_ALLOW_SSLV3
101 #endif
102 #endif
103
104 /* HAVE_SUPPORTED_CURVES is wolfSSL's build time symbol for enabling the ECC
105 supported curve extension in options.h. Note ECC is enabled separately. */
106 #ifndef HAVE_SUPPORTED_CURVES
107 #if defined(HAVE_CYASSL_CTX_USESUPPORTEDCURVE) || \
108 defined(HAVE_WOLFSSL_CTX_USESUPPORTEDCURVE)
109 #define HAVE_SUPPORTED_CURVES
110 #endif
111 #endif
112
113 static Curl_recv cyassl_recv;
114 static Curl_send cyassl_send;
115
116
do_file_type(const char * type)117 static int do_file_type(const char *type)
118 {
119 if(!type || !type[0])
120 return SSL_FILETYPE_PEM;
121 if(strcasecompare(type, "PEM"))
122 return SSL_FILETYPE_PEM;
123 if(strcasecompare(type, "DER"))
124 return SSL_FILETYPE_ASN1;
125 return -1;
126 }
127
128 /*
129 * This function loads all the client/CA certificates and CRLs. Setup the TLS
130 * layer and do all necessary magic.
131 */
132 static CURLcode
cyassl_connect_step1(struct connectdata * conn,int sockindex)133 cyassl_connect_step1(struct connectdata *conn,
134 int sockindex)
135 {
136 char error_buffer[CYASSL_MAX_ERROR_SZ];
137 char *ciphers;
138 struct Curl_easy *data = conn->data;
139 struct ssl_connect_data* conssl = &conn->ssl[sockindex];
140 SSL_METHOD* req_method = NULL;
141 curl_socket_t sockfd = conn->sock[sockindex];
142 #ifdef HAVE_SNI
143 bool sni = FALSE;
144 #define use_sni(x) sni = (x)
145 #else
146 #define use_sni(x) Curl_nop_stmt
147 #endif
148
149 if(conssl->state == ssl_connection_complete)
150 return CURLE_OK;
151
152 /* check to see if we've been told to use an explicit SSL/TLS version */
153 switch(SSL_CONN_CONFIG(version)) {
154 case CURL_SSLVERSION_DEFAULT:
155 case CURL_SSLVERSION_TLSv1:
156 #if LIBCYASSL_VERSION_HEX >= 0x03003000 /* >= 3.3.0 */
157 /* minimum protocol version is set later after the CTX object is created */
158 req_method = SSLv23_client_method();
159 #else
160 infof(data, "CyaSSL <3.3.0 cannot be configured to use TLS 1.0-1.2, "
161 "TLS 1.0 is used exclusively\n");
162 req_method = TLSv1_client_method();
163 #endif
164 use_sni(TRUE);
165 break;
166 case CURL_SSLVERSION_TLSv1_0:
167 req_method = TLSv1_client_method();
168 use_sni(TRUE);
169 break;
170 case CURL_SSLVERSION_TLSv1_1:
171 req_method = TLSv1_1_client_method();
172 use_sni(TRUE);
173 break;
174 case CURL_SSLVERSION_TLSv1_2:
175 req_method = TLSv1_2_client_method();
176 use_sni(TRUE);
177 break;
178 case CURL_SSLVERSION_TLSv1_3:
179 failf(data, "CyaSSL: TLS 1.3 is not yet supported");
180 return CURLE_SSL_CONNECT_ERROR;
181 case CURL_SSLVERSION_SSLv3:
182 #ifdef WOLFSSL_ALLOW_SSLV3
183 req_method = SSLv3_client_method();
184 use_sni(FALSE);
185 #else
186 failf(data, "CyaSSL does not support SSLv3");
187 return CURLE_NOT_BUILT_IN;
188 #endif
189 break;
190 case CURL_SSLVERSION_SSLv2:
191 failf(data, "CyaSSL does not support SSLv2");
192 return CURLE_SSL_CONNECT_ERROR;
193 default:
194 failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
195 return CURLE_SSL_CONNECT_ERROR;
196 }
197
198 if(!req_method) {
199 failf(data, "SSL: couldn't create a method!");
200 return CURLE_OUT_OF_MEMORY;
201 }
202
203 if(conssl->ctx)
204 SSL_CTX_free(conssl->ctx);
205 conssl->ctx = SSL_CTX_new(req_method);
206
207 if(!conssl->ctx) {
208 failf(data, "SSL: couldn't create a context!");
209 return CURLE_OUT_OF_MEMORY;
210 }
211
212 switch(SSL_CONN_CONFIG(version)) {
213 case CURL_SSLVERSION_DEFAULT:
214 case CURL_SSLVERSION_TLSv1:
215 #if LIBCYASSL_VERSION_HEX > 0x03004006 /* > 3.4.6 */
216 /* Versions 3.3.0 to 3.4.6 we know the minimum protocol version is whatever
217 minimum version of TLS was built in and at least TLS 1.0. For later library
218 versions that could change (eg TLS 1.0 built in but defaults to TLS 1.1) so
219 we have this short circuit evaluation to find the minimum supported TLS
220 version. We use wolfSSL_CTX_SetMinVersion and not CyaSSL_SetMinVersion
221 because only the former will work before the user's CTX callback is called.
222 */
223 if((wolfSSL_CTX_SetMinVersion(conssl->ctx, WOLFSSL_TLSV1) != 1) &&
224 (wolfSSL_CTX_SetMinVersion(conssl->ctx, WOLFSSL_TLSV1_1) != 1) &&
225 (wolfSSL_CTX_SetMinVersion(conssl->ctx, WOLFSSL_TLSV1_2) != 1)) {
226 failf(data, "SSL: couldn't set the minimum protocol version");
227 return CURLE_SSL_CONNECT_ERROR;
228 }
229 #endif
230 break;
231 }
232
233 ciphers = SSL_CONN_CONFIG(cipher_list);
234 if(ciphers) {
235 if(!SSL_CTX_set_cipher_list(conssl->ctx, ciphers)) {
236 failf(data, "failed setting cipher list: %s", ciphers);
237 return CURLE_SSL_CIPHER;
238 }
239 infof(data, "Cipher selection: %s\n", ciphers);
240 }
241
242 #ifndef NO_FILESYSTEM
243 /* load trusted cacert */
244 if(SSL_CONN_CONFIG(CAfile)) {
245 if(1 != SSL_CTX_load_verify_locations(conssl->ctx,
246 SSL_CONN_CONFIG(CAfile),
247 SSL_CONN_CONFIG(CApath))) {
248 if(SSL_CONN_CONFIG(verifypeer)) {
249 /* Fail if we insist on successfully verifying the server. */
250 failf(data, "error setting certificate verify locations:\n"
251 " CAfile: %s\n CApath: %s",
252 SSL_CONN_CONFIG(CAfile)?
253 SSL_CONN_CONFIG(CAfile): "none",
254 SSL_CONN_CONFIG(CApath)?
255 SSL_CONN_CONFIG(CApath) : "none");
256 return CURLE_SSL_CACERT_BADFILE;
257 }
258 else {
259 /* Just continue with a warning if no strict certificate
260 verification is required. */
261 infof(data, "error setting certificate verify locations,"
262 " continuing anyway:\n");
263 }
264 }
265 else {
266 /* Everything is fine. */
267 infof(data, "successfully set certificate verify locations:\n");
268 }
269 infof(data,
270 " CAfile: %s\n"
271 " CApath: %s\n",
272 SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile):
273 "none",
274 SSL_CONN_CONFIG(CApath) ? SSL_CONN_CONFIG(CApath):
275 "none");
276 }
277
278 /* Load the client certificate, and private key */
279 if(SSL_SET_OPTION(cert) && SSL_SET_OPTION(key)) {
280 int file_type = do_file_type(SSL_SET_OPTION(cert_type));
281
282 if(SSL_CTX_use_certificate_file(conssl->ctx, SSL_SET_OPTION(cert),
283 file_type) != 1) {
284 failf(data, "unable to use client certificate (no key or wrong pass"
285 " phrase?)");
286 return CURLE_SSL_CONNECT_ERROR;
287 }
288
289 file_type = do_file_type(SSL_SET_OPTION(key_type));
290 if(SSL_CTX_use_PrivateKey_file(conssl->ctx, SSL_SET_OPTION(key),
291 file_type) != 1) {
292 failf(data, "unable to set private key");
293 return CURLE_SSL_CONNECT_ERROR;
294 }
295 }
296 #endif /* !NO_FILESYSTEM */
297
298 /* SSL always tries to verify the peer, this only says whether it should
299 * fail to connect if the verification fails, or if it should continue
300 * anyway. In the latter case the result of the verification is checked with
301 * SSL_get_verify_result() below. */
302 SSL_CTX_set_verify(conssl->ctx,
303 SSL_CONN_CONFIG(verifypeer)?SSL_VERIFY_PEER:
304 SSL_VERIFY_NONE,
305 NULL);
306
307 #ifdef HAVE_SNI
308 if(sni) {
309 struct in_addr addr4;
310 #ifdef ENABLE_IPV6
311 struct in6_addr addr6;
312 #endif
313 const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
314 conn->host.name;
315 size_t hostname_len = strlen(hostname);
316 if((hostname_len < USHRT_MAX) &&
317 (0 == Curl_inet_pton(AF_INET, hostname, &addr4)) &&
318 #ifdef ENABLE_IPV6
319 (0 == Curl_inet_pton(AF_INET6, hostname, &addr6)) &&
320 #endif
321 (CyaSSL_CTX_UseSNI(conssl->ctx, CYASSL_SNI_HOST_NAME, hostname,
322 (unsigned short)hostname_len) != 1)) {
323 infof(data, "WARNING: failed to configure server name indication (SNI) "
324 "TLS extension\n");
325 }
326 }
327 #endif
328
329 #ifdef HAVE_SUPPORTED_CURVES
330 /* CyaSSL/wolfSSL does not send the supported ECC curves ext automatically:
331 https://github.com/wolfSSL/wolfssl/issues/366
332 The supported curves below are those also supported by OpenSSL 1.0.2 and
333 in the same order. */
334 CyaSSL_CTX_UseSupportedCurve(conssl->ctx, 0x17); /* secp256r1 */
335 CyaSSL_CTX_UseSupportedCurve(conssl->ctx, 0x19); /* secp521r1 */
336 CyaSSL_CTX_UseSupportedCurve(conssl->ctx, 0x18); /* secp384r1 */
337 #endif
338
339 /* give application a chance to interfere with SSL set up. */
340 if(data->set.ssl.fsslctx) {
341 CURLcode result = CURLE_OK;
342 result = (*data->set.ssl.fsslctx)(data, conssl->ctx,
343 data->set.ssl.fsslctxp);
344 if(result) {
345 failf(data, "error signaled by ssl ctx callback");
346 return result;
347 }
348 }
349 #ifdef NO_FILESYSTEM
350 else if(SSL_CONN_CONFIG(verifypeer)) {
351 failf(data, "SSL: Certificates couldn't be loaded because CyaSSL was built"
352 " with \"no filesystem\". Either disable peer verification"
353 " (insecure) or if you are building an application with libcurl you"
354 " can load certificates via CURLOPT_SSL_CTX_FUNCTION.");
355 return CURLE_SSL_CONNECT_ERROR;
356 }
357 #endif
358
359 /* Let's make an SSL structure */
360 if(conssl->handle)
361 SSL_free(conssl->handle);
362 conssl->handle = SSL_new(conssl->ctx);
363 if(!conssl->handle) {
364 failf(data, "SSL: couldn't create a context (handle)!");
365 return CURLE_OUT_OF_MEMORY;
366 }
367
368 #ifdef HAVE_ALPN
369 if(conn->bits.tls_enable_alpn) {
370 char protocols[128];
371 *protocols = '\0';
372
373 /* wolfSSL's ALPN protocol name list format is a comma separated string of
374 protocols in descending order of preference, eg: "h2,http/1.1" */
375
376 #ifdef USE_NGHTTP2
377 if(data->set.httpversion >= CURL_HTTP_VERSION_2) {
378 strcpy(protocols + strlen(protocols), NGHTTP2_PROTO_VERSION_ID ",");
379 infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
380 }
381 #endif
382
383 strcpy(protocols + strlen(protocols), ALPN_HTTP_1_1);
384 infof(data, "ALPN, offering %s\n", ALPN_HTTP_1_1);
385
386 if(wolfSSL_UseALPN(conssl->handle, protocols,
387 (unsigned)strlen(protocols),
388 WOLFSSL_ALPN_CONTINUE_ON_MISMATCH) != SSL_SUCCESS) {
389 failf(data, "SSL: failed setting ALPN protocols");
390 return CURLE_SSL_CONNECT_ERROR;
391 }
392 }
393 #endif /* HAVE_ALPN */
394
395 /* Check if there's a cached ID we can/should use here! */
396 if(data->set.general_ssl.sessionid) {
397 void *ssl_sessionid = NULL;
398
399 Curl_ssl_sessionid_lock(conn);
400 if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) {
401 /* we got a session id, use it! */
402 if(!SSL_set_session(conssl->handle, ssl_sessionid)) {
403 Curl_ssl_sessionid_unlock(conn);
404 failf(data, "SSL: SSL_set_session failed: %s",
405 ERR_error_string(SSL_get_error(conssl->handle, 0),
406 error_buffer));
407 return CURLE_SSL_CONNECT_ERROR;
408 }
409 /* Informational message */
410 infof(data, "SSL re-using session ID\n");
411 }
412 Curl_ssl_sessionid_unlock(conn);
413 }
414
415 /* pass the raw socket into the SSL layer */
416 if(!SSL_set_fd(conssl->handle, (int)sockfd)) {
417 failf(data, "SSL: SSL_set_fd failed");
418 return CURLE_SSL_CONNECT_ERROR;
419 }
420
421 conssl->connecting_state = ssl_connect_2;
422 return CURLE_OK;
423 }
424
425
426 static CURLcode
cyassl_connect_step2(struct connectdata * conn,int sockindex)427 cyassl_connect_step2(struct connectdata *conn,
428 int sockindex)
429 {
430 int ret = -1;
431 struct Curl_easy *data = conn->data;
432 struct ssl_connect_data* conssl = &conn->ssl[sockindex];
433 const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
434 conn->host.name;
435 const char * const dispname = SSL_IS_PROXY() ?
436 conn->http_proxy.host.dispname : conn->host.dispname;
437 const char * const pinnedpubkey = SSL_IS_PROXY() ?
438 data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
439 data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
440
441 conn->recv[sockindex] = cyassl_recv;
442 conn->send[sockindex] = cyassl_send;
443
444 /* Enable RFC2818 checks */
445 if(SSL_CONN_CONFIG(verifyhost)) {
446 ret = CyaSSL_check_domain_name(conssl->handle, hostname);
447 if(ret == SSL_FAILURE)
448 return CURLE_OUT_OF_MEMORY;
449 }
450
451 ret = SSL_connect(conssl->handle);
452 if(ret != 1) {
453 char error_buffer[CYASSL_MAX_ERROR_SZ];
454 int detail = SSL_get_error(conssl->handle, ret);
455
456 if(SSL_ERROR_WANT_READ == detail) {
457 conssl->connecting_state = ssl_connect_2_reading;
458 return CURLE_OK;
459 }
460 else if(SSL_ERROR_WANT_WRITE == detail) {
461 conssl->connecting_state = ssl_connect_2_writing;
462 return CURLE_OK;
463 }
464 /* There is no easy way to override only the CN matching.
465 * This will enable the override of both mismatching SubjectAltNames
466 * as also mismatching CN fields */
467 else if(DOMAIN_NAME_MISMATCH == detail) {
468 #if 1
469 failf(data, "\tsubject alt name(s) or common name do not match \"%s\"\n",
470 dispname);
471 return CURLE_PEER_FAILED_VERIFICATION;
472 #else
473 /* When the CyaSSL_check_domain_name() is used and you desire to continue
474 * on a DOMAIN_NAME_MISMATCH, i.e. 'conn->ssl_config.verifyhost == 0',
475 * CyaSSL version 2.4.0 will fail with an INCOMPLETE_DATA error. The only
476 * way to do this is currently to switch the CyaSSL_check_domain_name()
477 * in and out based on the 'conn->ssl_config.verifyhost' value. */
478 if(SSL_CONN_CONFIG(verifyhost)) {
479 failf(data,
480 "\tsubject alt name(s) or common name do not match \"%s\"\n",
481 dispname);
482 return CURLE_PEER_FAILED_VERIFICATION;
483 }
484 else {
485 infof(data,
486 "\tsubject alt name(s) and/or common name do not match \"%s\"\n",
487 dispname);
488 return CURLE_OK;
489 }
490 #endif
491 }
492 #if LIBCYASSL_VERSION_HEX >= 0x02007000 /* 2.7.0 */
493 else if(ASN_NO_SIGNER_E == detail) {
494 if(SSL_CONN_CONFIG(verifypeer)) {
495 failf(data, "\tCA signer not available for verification\n");
496 return CURLE_SSL_CACERT_BADFILE;
497 }
498 else {
499 /* Just continue with a warning if no strict certificate
500 verification is required. */
501 infof(data, "CA signer not available for verification, "
502 "continuing anyway\n");
503 }
504 }
505 #endif
506 else {
507 failf(data, "SSL_connect failed with error %d: %s", detail,
508 ERR_error_string(detail, error_buffer));
509 return CURLE_SSL_CONNECT_ERROR;
510 }
511 }
512
513 if(pinnedpubkey) {
514 #ifdef KEEP_PEER_CERT
515 X509 *x509;
516 const char *x509_der;
517 int x509_der_len;
518 curl_X509certificate x509_parsed;
519 curl_asn1Element *pubkey;
520 CURLcode result;
521
522 x509 = SSL_get_peer_certificate(conssl->handle);
523 if(!x509) {
524 failf(data, "SSL: failed retrieving server certificate");
525 return CURLE_SSL_PINNEDPUBKEYNOTMATCH;
526 }
527
528 x509_der = (const char *)CyaSSL_X509_get_der(x509, &x509_der_len);
529 if(!x509_der) {
530 failf(data, "SSL: failed retrieving ASN.1 server certificate");
531 return CURLE_SSL_PINNEDPUBKEYNOTMATCH;
532 }
533
534 memset(&x509_parsed, 0, sizeof x509_parsed);
535 if(Curl_parseX509(&x509_parsed, x509_der, x509_der + x509_der_len))
536 return CURLE_SSL_PINNEDPUBKEYNOTMATCH;
537
538 pubkey = &x509_parsed.subjectPublicKeyInfo;
539 if(!pubkey->header || pubkey->end <= pubkey->header) {
540 failf(data, "SSL: failed retrieving public key from server certificate");
541 return CURLE_SSL_PINNEDPUBKEYNOTMATCH;
542 }
543
544 result = Curl_pin_peer_pubkey(data,
545 pinnedpubkey,
546 (const unsigned char *)pubkey->header,
547 (size_t)(pubkey->end - pubkey->header));
548 if(result) {
549 failf(data, "SSL: public key does not match pinned public key!");
550 return result;
551 }
552 #else
553 failf(data, "Library lacks pinning support built-in");
554 return CURLE_NOT_BUILT_IN;
555 #endif
556 }
557
558 #ifdef HAVE_ALPN
559 if(conn->bits.tls_enable_alpn) {
560 int rc;
561 char *protocol = NULL;
562 unsigned short protocol_len = 0;
563
564 rc = wolfSSL_ALPN_GetProtocol(conssl->handle, &protocol, &protocol_len);
565
566 if(rc == SSL_SUCCESS) {
567 infof(data, "ALPN, server accepted to use %.*s\n", protocol_len,
568 protocol);
569
570 if(protocol_len == ALPN_HTTP_1_1_LENGTH &&
571 !memcmp(protocol, ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH))
572 conn->negnpn = CURL_HTTP_VERSION_1_1;
573 #ifdef USE_NGHTTP2
574 else if(data->set.httpversion >= CURL_HTTP_VERSION_2 &&
575 protocol_len == NGHTTP2_PROTO_VERSION_ID_LEN &&
576 !memcmp(protocol, NGHTTP2_PROTO_VERSION_ID,
577 NGHTTP2_PROTO_VERSION_ID_LEN))
578 conn->negnpn = CURL_HTTP_VERSION_2;
579 #endif
580 else
581 infof(data, "ALPN, unrecognized protocol %.*s\n", protocol_len,
582 protocol);
583 }
584 else if(rc == SSL_ALPN_NOT_FOUND)
585 infof(data, "ALPN, server did not agree to a protocol\n");
586 else {
587 failf(data, "ALPN, failure getting protocol, error %d", rc);
588 return CURLE_SSL_CONNECT_ERROR;
589 }
590 }
591 #endif /* HAVE_ALPN */
592
593 conssl->connecting_state = ssl_connect_3;
594 #if (LIBCYASSL_VERSION_HEX >= 0x03009010)
595 infof(data, "SSL connection using %s / %s\n",
596 wolfSSL_get_version(conssl->handle),
597 wolfSSL_get_cipher_name(conssl->handle));
598 #else
599 infof(data, "SSL connected\n");
600 #endif
601
602 return CURLE_OK;
603 }
604
605
606 static CURLcode
cyassl_connect_step3(struct connectdata * conn,int sockindex)607 cyassl_connect_step3(struct connectdata *conn,
608 int sockindex)
609 {
610 CURLcode result = CURLE_OK;
611 struct Curl_easy *data = conn->data;
612 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
613
614 DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
615
616 if(data->set.general_ssl.sessionid) {
617 bool incache;
618 SSL_SESSION *our_ssl_sessionid;
619 void *old_ssl_sessionid = NULL;
620
621 our_ssl_sessionid = SSL_get_session(connssl->handle);
622
623 Curl_ssl_sessionid_lock(conn);
624 incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL,
625 sockindex));
626 if(incache) {
627 if(old_ssl_sessionid != our_ssl_sessionid) {
628 infof(data, "old SSL session ID is stale, removing\n");
629 Curl_ssl_delsessionid(conn, old_ssl_sessionid);
630 incache = FALSE;
631 }
632 }
633
634 if(!incache) {
635 result = Curl_ssl_addsessionid(conn, our_ssl_sessionid,
636 0 /* unknown size */, sockindex);
637 if(result) {
638 Curl_ssl_sessionid_unlock(conn);
639 failf(data, "failed to store ssl session");
640 return result;
641 }
642 }
643 Curl_ssl_sessionid_unlock(conn);
644 }
645
646 connssl->connecting_state = ssl_connect_done;
647
648 return result;
649 }
650
651
cyassl_send(struct connectdata * conn,int sockindex,const void * mem,size_t len,CURLcode * curlcode)652 static ssize_t cyassl_send(struct connectdata *conn,
653 int sockindex,
654 const void *mem,
655 size_t len,
656 CURLcode *curlcode)
657 {
658 char error_buffer[CYASSL_MAX_ERROR_SZ];
659 int memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len;
660 int rc = SSL_write(conn->ssl[sockindex].handle, mem, memlen);
661
662 if(rc < 0) {
663 int err = SSL_get_error(conn->ssl[sockindex].handle, rc);
664
665 switch(err) {
666 case SSL_ERROR_WANT_READ:
667 case SSL_ERROR_WANT_WRITE:
668 /* there's data pending, re-invoke SSL_write() */
669 *curlcode = CURLE_AGAIN;
670 return -1;
671 default:
672 failf(conn->data, "SSL write: %s, errno %d",
673 ERR_error_string(err, error_buffer),
674 SOCKERRNO);
675 *curlcode = CURLE_SEND_ERROR;
676 return -1;
677 }
678 }
679 return rc;
680 }
681
Curl_cyassl_close(struct connectdata * conn,int sockindex)682 void Curl_cyassl_close(struct connectdata *conn, int sockindex)
683 {
684 struct ssl_connect_data *conssl = &conn->ssl[sockindex];
685
686 if(conssl->handle) {
687 (void)SSL_shutdown(conssl->handle);
688 SSL_free(conssl->handle);
689 conssl->handle = NULL;
690 }
691 if(conssl->ctx) {
692 SSL_CTX_free(conssl->ctx);
693 conssl->ctx = NULL;
694 }
695 }
696
cyassl_recv(struct connectdata * conn,int num,char * buf,size_t buffersize,CURLcode * curlcode)697 static ssize_t cyassl_recv(struct connectdata *conn,
698 int num,
699 char *buf,
700 size_t buffersize,
701 CURLcode *curlcode)
702 {
703 char error_buffer[CYASSL_MAX_ERROR_SZ];
704 int buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize;
705 int nread = SSL_read(conn->ssl[num].handle, buf, buffsize);
706
707 if(nread < 0) {
708 int err = SSL_get_error(conn->ssl[num].handle, nread);
709
710 switch(err) {
711 case SSL_ERROR_ZERO_RETURN: /* no more data */
712 break;
713 case SSL_ERROR_WANT_READ:
714 case SSL_ERROR_WANT_WRITE:
715 /* there's data pending, re-invoke SSL_read() */
716 *curlcode = CURLE_AGAIN;
717 return -1;
718 default:
719 failf(conn->data, "SSL read: %s, errno %d",
720 ERR_error_string(err, error_buffer),
721 SOCKERRNO);
722 *curlcode = CURLE_RECV_ERROR;
723 return -1;
724 }
725 }
726 return nread;
727 }
728
729
Curl_cyassl_session_free(void * ptr)730 void Curl_cyassl_session_free(void *ptr)
731 {
732 (void)ptr;
733 /* CyaSSL reuses sessions on own, no free */
734 }
735
736
Curl_cyassl_version(char * buffer,size_t size)737 size_t Curl_cyassl_version(char *buffer, size_t size)
738 {
739 #ifdef WOLFSSL_VERSION
740 return snprintf(buffer, size, "wolfSSL/%s", WOLFSSL_VERSION);
741 #elif defined(CYASSL_VERSION)
742 return snprintf(buffer, size, "CyaSSL/%s", CYASSL_VERSION);
743 #else
744 return snprintf(buffer, size, "CyaSSL/%s", "<1.8.8");
745 #endif
746 }
747
748
Curl_cyassl_init(void)749 int Curl_cyassl_init(void)
750 {
751 return (CyaSSL_Init() == SSL_SUCCESS);
752 }
753
754
Curl_cyassl_data_pending(const struct connectdata * conn,int connindex)755 bool Curl_cyassl_data_pending(const struct connectdata* conn, int connindex)
756 {
757 if(conn->ssl[connindex].handle) /* SSL is in use */
758 return (0 != SSL_pending(conn->ssl[connindex].handle)) ? TRUE : FALSE;
759 else
760 return FALSE;
761 }
762
763
764 /*
765 * This function is called to shut down the SSL layer but keep the
766 * socket open (CCC - Clear Command Channel)
767 */
Curl_cyassl_shutdown(struct connectdata * conn,int sockindex)768 int Curl_cyassl_shutdown(struct connectdata *conn, int sockindex)
769 {
770 int retval = 0;
771 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
772
773 if(connssl->handle) {
774 SSL_free(connssl->handle);
775 connssl->handle = NULL;
776 }
777 return retval;
778 }
779
780
781 static CURLcode
cyassl_connect_common(struct connectdata * conn,int sockindex,bool nonblocking,bool * done)782 cyassl_connect_common(struct connectdata *conn,
783 int sockindex,
784 bool nonblocking,
785 bool *done)
786 {
787 CURLcode result;
788 struct Curl_easy *data = conn->data;
789 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
790 curl_socket_t sockfd = conn->sock[sockindex];
791 time_t timeout_ms;
792 int what;
793
794 /* check if the connection has already been established */
795 if(ssl_connection_complete == connssl->state) {
796 *done = TRUE;
797 return CURLE_OK;
798 }
799
800 if(ssl_connect_1==connssl->connecting_state) {
801 /* Find out how much more time we're allowed */
802 timeout_ms = Curl_timeleft(data, NULL, TRUE);
803
804 if(timeout_ms < 0) {
805 /* no need to continue if time already is up */
806 failf(data, "SSL connection timeout");
807 return CURLE_OPERATION_TIMEDOUT;
808 }
809
810 result = cyassl_connect_step1(conn, sockindex);
811 if(result)
812 return result;
813 }
814
815 while(ssl_connect_2 == connssl->connecting_state ||
816 ssl_connect_2_reading == connssl->connecting_state ||
817 ssl_connect_2_writing == connssl->connecting_state) {
818
819 /* check allowed time left */
820 timeout_ms = Curl_timeleft(data, NULL, TRUE);
821
822 if(timeout_ms < 0) {
823 /* no need to continue if time already is up */
824 failf(data, "SSL connection timeout");
825 return CURLE_OPERATION_TIMEDOUT;
826 }
827
828 /* if ssl is expecting something, check if it's available. */
829 if(connssl->connecting_state == ssl_connect_2_reading
830 || connssl->connecting_state == ssl_connect_2_writing) {
831
832 curl_socket_t writefd = ssl_connect_2_writing==
833 connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
834 curl_socket_t readfd = ssl_connect_2_reading==
835 connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
836
837 what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd,
838 nonblocking?0:timeout_ms);
839 if(what < 0) {
840 /* fatal error */
841 failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
842 return CURLE_SSL_CONNECT_ERROR;
843 }
844 else if(0 == what) {
845 if(nonblocking) {
846 *done = FALSE;
847 return CURLE_OK;
848 }
849 else {
850 /* timeout */
851 failf(data, "SSL connection timeout");
852 return CURLE_OPERATION_TIMEDOUT;
853 }
854 }
855 /* socket is readable or writable */
856 }
857
858 /* Run transaction, and return to the caller if it failed or if
859 * this connection is part of a multi handle and this loop would
860 * execute again. This permits the owner of a multi handle to
861 * abort a connection attempt before step2 has completed while
862 * ensuring that a client using select() or epoll() will always
863 * have a valid fdset to wait on.
864 */
865 result = cyassl_connect_step2(conn, sockindex);
866 if(result || (nonblocking &&
867 (ssl_connect_2 == connssl->connecting_state ||
868 ssl_connect_2_reading == connssl->connecting_state ||
869 ssl_connect_2_writing == connssl->connecting_state)))
870 return result;
871 } /* repeat step2 until all transactions are done. */
872
873 if(ssl_connect_3 == connssl->connecting_state) {
874 result = cyassl_connect_step3(conn, sockindex);
875 if(result)
876 return result;
877 }
878
879 if(ssl_connect_done == connssl->connecting_state) {
880 connssl->state = ssl_connection_complete;
881 conn->recv[sockindex] = cyassl_recv;
882 conn->send[sockindex] = cyassl_send;
883 *done = TRUE;
884 }
885 else
886 *done = FALSE;
887
888 /* Reset our connect state machine */
889 connssl->connecting_state = ssl_connect_1;
890
891 return CURLE_OK;
892 }
893
894
895 CURLcode
Curl_cyassl_connect_nonblocking(struct connectdata * conn,int sockindex,bool * done)896 Curl_cyassl_connect_nonblocking(struct connectdata *conn,
897 int sockindex,
898 bool *done)
899 {
900 return cyassl_connect_common(conn, sockindex, TRUE, done);
901 }
902
903
904 CURLcode
Curl_cyassl_connect(struct connectdata * conn,int sockindex)905 Curl_cyassl_connect(struct connectdata *conn,
906 int sockindex)
907 {
908 CURLcode result;
909 bool done = FALSE;
910
911 result = cyassl_connect_common(conn, sockindex, FALSE, &done);
912 if(result)
913 return result;
914
915 DEBUGASSERT(done);
916
917 return CURLE_OK;
918 }
919
Curl_cyassl_random(struct Curl_easy * data,unsigned char * entropy,size_t length)920 CURLcode Curl_cyassl_random(struct Curl_easy *data,
921 unsigned char *entropy,
922 size_t length)
923 {
924 RNG rng;
925 (void)data;
926 if(InitRng(&rng))
927 return CURLE_FAILED_INIT;
928 if(length > UINT_MAX)
929 return CURLE_FAILED_INIT;
930 if(RNG_GenerateBlock(&rng, entropy, (unsigned)length))
931 return CURLE_FAILED_INIT;
932 return CURLE_OK;
933 }
934
Curl_cyassl_sha256sum(const unsigned char * tmp,size_t tmplen,unsigned char * sha256sum,size_t unused)935 void Curl_cyassl_sha256sum(const unsigned char *tmp, /* input */
936 size_t tmplen,
937 unsigned char *sha256sum /* output */,
938 size_t unused)
939 {
940 Sha256 SHA256pw;
941 (void)unused;
942 InitSha256(&SHA256pw);
943 Sha256Update(&SHA256pw, tmp, (word32)tmplen);
944 Sha256Final(&SHA256pw, sha256sum);
945 }
946
947 #endif
948