2
0

bearssl.c 25 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877
  1. /***************************************************************************
  2. * _ _ ____ _
  3. * Project ___| | | | _ \| |
  4. * / __| | | | |_) | |
  5. * | (__| |_| | _ <| |___
  6. * \___|\___/|_| \_\_____|
  7. *
  8. * Copyright (C) 2019 - 2020, Michael Forney, <mforney@mforney.org>
  9. *
  10. * This software is licensed as described in the file COPYING, which
  11. * you should have received as part of this distribution. The terms
  12. * are also available at https://curl.se/docs/copyright.html.
  13. *
  14. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15. * copies of the Software, and permit persons to whom the Software is
  16. * furnished to do so, under the terms of the COPYING file.
  17. *
  18. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19. * KIND, either express or implied.
  20. *
  21. ***************************************************************************/
  22. #include "curl_setup.h"
  23. #ifdef USE_BEARSSL
  24. #include <bearssl.h>
  25. #include "bearssl.h"
  26. #include "urldata.h"
  27. #include "sendf.h"
  28. #include "inet_pton.h"
  29. #include "vtls.h"
  30. #include "connect.h"
  31. #include "select.h"
  32. #include "multiif.h"
  33. #include "curl_printf.h"
  34. #include "curl_memory.h"
  35. struct x509_context {
  36. const br_x509_class *vtable;
  37. br_x509_minimal_context minimal;
  38. bool verifyhost;
  39. bool verifypeer;
  40. };
  41. struct ssl_backend_data {
  42. br_ssl_client_context ctx;
  43. struct x509_context x509;
  44. unsigned char buf[BR_SSL_BUFSIZE_BIDI];
  45. br_x509_trust_anchor *anchors;
  46. size_t anchors_len;
  47. const char *protocols[2];
  48. /* SSL client context is active */
  49. bool active;
  50. /* size of pending write, yet to be flushed */
  51. size_t pending_write;
  52. };
  53. struct cafile_parser {
  54. CURLcode err;
  55. bool in_cert;
  56. br_x509_decoder_context xc;
  57. /* array of trust anchors loaded from CAfile */
  58. br_x509_trust_anchor *anchors;
  59. size_t anchors_len;
  60. /* buffer for DN data */
  61. unsigned char dn[1024];
  62. size_t dn_len;
  63. };
  64. static void append_dn(void *ctx, const void *buf, size_t len)
  65. {
  66. struct cafile_parser *ca = ctx;
  67. if(ca->err != CURLE_OK || !ca->in_cert)
  68. return;
  69. if(sizeof(ca->dn) - ca->dn_len < len) {
  70. ca->err = CURLE_FAILED_INIT;
  71. return;
  72. }
  73. memcpy(ca->dn + ca->dn_len, buf, len);
  74. ca->dn_len += len;
  75. }
  76. static void x509_push(void *ctx, const void *buf, size_t len)
  77. {
  78. struct cafile_parser *ca = ctx;
  79. if(ca->in_cert)
  80. br_x509_decoder_push(&ca->xc, buf, len);
  81. }
  82. static CURLcode load_cafile(const char *path, br_x509_trust_anchor **anchors,
  83. size_t *anchors_len)
  84. {
  85. struct cafile_parser ca;
  86. br_pem_decoder_context pc;
  87. br_x509_trust_anchor *ta;
  88. size_t ta_size;
  89. br_x509_trust_anchor *new_anchors;
  90. size_t new_anchors_len;
  91. br_x509_pkey *pkey;
  92. FILE *fp;
  93. unsigned char buf[BUFSIZ], *p;
  94. const char *name;
  95. size_t n, i, pushed;
  96. fp = fopen(path, "rb");
  97. if(!fp)
  98. return CURLE_SSL_CACERT_BADFILE;
  99. ca.err = CURLE_OK;
  100. ca.in_cert = FALSE;
  101. ca.anchors = NULL;
  102. ca.anchors_len = 0;
  103. br_pem_decoder_init(&pc);
  104. br_pem_decoder_setdest(&pc, x509_push, &ca);
  105. for(;;) {
  106. n = fread(buf, 1, sizeof(buf), fp);
  107. if(n == 0)
  108. break;
  109. p = buf;
  110. while(n) {
  111. pushed = br_pem_decoder_push(&pc, p, n);
  112. if(ca.err)
  113. goto fail;
  114. p += pushed;
  115. n -= pushed;
  116. switch(br_pem_decoder_event(&pc)) {
  117. case 0:
  118. break;
  119. case BR_PEM_BEGIN_OBJ:
  120. name = br_pem_decoder_name(&pc);
  121. if(strcmp(name, "CERTIFICATE") && strcmp(name, "X509 CERTIFICATE"))
  122. break;
  123. br_x509_decoder_init(&ca.xc, append_dn, &ca);
  124. if(ca.anchors_len == SIZE_MAX / sizeof(ca.anchors[0])) {
  125. ca.err = CURLE_OUT_OF_MEMORY;
  126. goto fail;
  127. }
  128. new_anchors_len = ca.anchors_len + 1;
  129. new_anchors = realloc(ca.anchors,
  130. new_anchors_len * sizeof(ca.anchors[0]));
  131. if(!new_anchors) {
  132. ca.err = CURLE_OUT_OF_MEMORY;
  133. goto fail;
  134. }
  135. ca.anchors = new_anchors;
  136. ca.anchors_len = new_anchors_len;
  137. ca.in_cert = TRUE;
  138. ca.dn_len = 0;
  139. ta = &ca.anchors[ca.anchors_len - 1];
  140. ta->dn.data = NULL;
  141. break;
  142. case BR_PEM_END_OBJ:
  143. if(!ca.in_cert)
  144. break;
  145. ca.in_cert = FALSE;
  146. if(br_x509_decoder_last_error(&ca.xc)) {
  147. ca.err = CURLE_SSL_CACERT_BADFILE;
  148. goto fail;
  149. }
  150. ta->flags = 0;
  151. if(br_x509_decoder_isCA(&ca.xc))
  152. ta->flags |= BR_X509_TA_CA;
  153. pkey = br_x509_decoder_get_pkey(&ca.xc);
  154. if(!pkey) {
  155. ca.err = CURLE_SSL_CACERT_BADFILE;
  156. goto fail;
  157. }
  158. ta->pkey = *pkey;
  159. /* calculate space needed for trust anchor data */
  160. ta_size = ca.dn_len;
  161. switch(pkey->key_type) {
  162. case BR_KEYTYPE_RSA:
  163. ta_size += pkey->key.rsa.nlen + pkey->key.rsa.elen;
  164. break;
  165. case BR_KEYTYPE_EC:
  166. ta_size += pkey->key.ec.qlen;
  167. break;
  168. default:
  169. ca.err = CURLE_FAILED_INIT;
  170. goto fail;
  171. }
  172. /* fill in trust anchor DN and public key data */
  173. ta->dn.data = malloc(ta_size);
  174. if(!ta->dn.data) {
  175. ca.err = CURLE_OUT_OF_MEMORY;
  176. goto fail;
  177. }
  178. memcpy(ta->dn.data, ca.dn, ca.dn_len);
  179. ta->dn.len = ca.dn_len;
  180. switch(pkey->key_type) {
  181. case BR_KEYTYPE_RSA:
  182. ta->pkey.key.rsa.n = ta->dn.data + ta->dn.len;
  183. memcpy(ta->pkey.key.rsa.n, pkey->key.rsa.n, pkey->key.rsa.nlen);
  184. ta->pkey.key.rsa.e = ta->pkey.key.rsa.n + ta->pkey.key.rsa.nlen;
  185. memcpy(ta->pkey.key.rsa.e, pkey->key.rsa.e, pkey->key.rsa.elen);
  186. break;
  187. case BR_KEYTYPE_EC:
  188. ta->pkey.key.ec.q = ta->dn.data + ta->dn.len;
  189. memcpy(ta->pkey.key.ec.q, pkey->key.ec.q, pkey->key.ec.qlen);
  190. break;
  191. }
  192. break;
  193. default:
  194. ca.err = CURLE_SSL_CACERT_BADFILE;
  195. goto fail;
  196. }
  197. }
  198. }
  199. if(ferror(fp))
  200. ca.err = CURLE_READ_ERROR;
  201. fail:
  202. fclose(fp);
  203. if(ca.err == CURLE_OK) {
  204. *anchors = ca.anchors;
  205. *anchors_len = ca.anchors_len;
  206. }
  207. else {
  208. for(i = 0; i < ca.anchors_len; ++i)
  209. free(ca.anchors[i].dn.data);
  210. free(ca.anchors);
  211. }
  212. return ca.err;
  213. }
  214. static void x509_start_chain(const br_x509_class **ctx,
  215. const char *server_name)
  216. {
  217. struct x509_context *x509 = (struct x509_context *)ctx;
  218. if(!x509->verifyhost)
  219. server_name = NULL;
  220. x509->minimal.vtable->start_chain(&x509->minimal.vtable, server_name);
  221. }
  222. static void x509_start_cert(const br_x509_class **ctx, uint32_t length)
  223. {
  224. struct x509_context *x509 = (struct x509_context *)ctx;
  225. x509->minimal.vtable->start_cert(&x509->minimal.vtable, length);
  226. }
  227. static void x509_append(const br_x509_class **ctx, const unsigned char *buf,
  228. size_t len)
  229. {
  230. struct x509_context *x509 = (struct x509_context *)ctx;
  231. x509->minimal.vtable->append(&x509->minimal.vtable, buf, len);
  232. }
  233. static void x509_end_cert(const br_x509_class **ctx)
  234. {
  235. struct x509_context *x509 = (struct x509_context *)ctx;
  236. x509->minimal.vtable->end_cert(&x509->minimal.vtable);
  237. }
  238. static unsigned x509_end_chain(const br_x509_class **ctx)
  239. {
  240. struct x509_context *x509 = (struct x509_context *)ctx;
  241. unsigned err;
  242. err = x509->minimal.vtable->end_chain(&x509->minimal.vtable);
  243. if(err && !x509->verifypeer) {
  244. /* ignore any X.509 errors */
  245. err = BR_ERR_OK;
  246. }
  247. return err;
  248. }
  249. static const br_x509_pkey *x509_get_pkey(const br_x509_class *const *ctx,
  250. unsigned *usages)
  251. {
  252. struct x509_context *x509 = (struct x509_context *)ctx;
  253. return x509->minimal.vtable->get_pkey(&x509->minimal.vtable, usages);
  254. }
  255. static const br_x509_class x509_vtable = {
  256. sizeof(struct x509_context),
  257. x509_start_chain,
  258. x509_start_cert,
  259. x509_append,
  260. x509_end_cert,
  261. x509_end_chain,
  262. x509_get_pkey
  263. };
  264. static CURLcode bearssl_connect_step1(struct connectdata *conn, int sockindex)
  265. {
  266. struct Curl_easy *data = conn->data;
  267. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  268. struct ssl_backend_data *backend = connssl->backend;
  269. const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile);
  270. #ifndef CURL_DISABLE_PROXY
  271. const char *hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
  272. conn->host.name;
  273. #else
  274. const char *hostname = conn->host.name;
  275. #endif
  276. const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
  277. const bool verifyhost = SSL_CONN_CONFIG(verifyhost);
  278. CURLcode ret;
  279. unsigned version_min, version_max;
  280. #ifdef ENABLE_IPV6
  281. struct in6_addr addr;
  282. #else
  283. struct in_addr addr;
  284. #endif
  285. switch(SSL_CONN_CONFIG(version)) {
  286. case CURL_SSLVERSION_SSLv2:
  287. failf(data, "BearSSL does not support SSLv2");
  288. return CURLE_SSL_CONNECT_ERROR;
  289. case CURL_SSLVERSION_SSLv3:
  290. failf(data, "BearSSL does not support SSLv3");
  291. return CURLE_SSL_CONNECT_ERROR;
  292. case CURL_SSLVERSION_TLSv1_0:
  293. version_min = BR_TLS10;
  294. version_max = BR_TLS10;
  295. break;
  296. case CURL_SSLVERSION_TLSv1_1:
  297. version_min = BR_TLS11;
  298. version_max = BR_TLS11;
  299. break;
  300. case CURL_SSLVERSION_TLSv1_2:
  301. version_min = BR_TLS12;
  302. version_max = BR_TLS12;
  303. break;
  304. case CURL_SSLVERSION_DEFAULT:
  305. case CURL_SSLVERSION_TLSv1:
  306. version_min = BR_TLS10;
  307. version_max = BR_TLS12;
  308. break;
  309. default:
  310. failf(data, "BearSSL: unknown CURLOPT_SSLVERSION");
  311. return CURLE_SSL_CONNECT_ERROR;
  312. }
  313. if(ssl_cafile) {
  314. ret = load_cafile(ssl_cafile, &backend->anchors, &backend->anchors_len);
  315. if(ret != CURLE_OK) {
  316. if(verifypeer) {
  317. failf(data, "error setting certificate verify locations."
  318. " CAfile: %s", ssl_cafile);
  319. return ret;
  320. }
  321. infof(data, "error setting certificate verify locations,"
  322. " continuing anyway:\n");
  323. }
  324. }
  325. /* initialize SSL context */
  326. br_ssl_client_init_full(&backend->ctx, &backend->x509.minimal,
  327. backend->anchors, backend->anchors_len);
  328. br_ssl_engine_set_versions(&backend->ctx.eng, version_min, version_max);
  329. br_ssl_engine_set_buffer(&backend->ctx.eng, backend->buf,
  330. sizeof(backend->buf), 1);
  331. /* initialize X.509 context */
  332. backend->x509.vtable = &x509_vtable;
  333. backend->x509.verifypeer = verifypeer;
  334. backend->x509.verifyhost = verifyhost;
  335. br_ssl_engine_set_x509(&backend->ctx.eng, &backend->x509.vtable);
  336. if(SSL_SET_OPTION(primary.sessionid)) {
  337. void *session;
  338. Curl_ssl_sessionid_lock(conn);
  339. if(!Curl_ssl_getsessionid(conn, &session, NULL, sockindex)) {
  340. br_ssl_engine_set_session_parameters(&backend->ctx.eng, session);
  341. infof(data, "BearSSL: re-using session ID\n");
  342. }
  343. Curl_ssl_sessionid_unlock(conn);
  344. }
  345. if(conn->bits.tls_enable_alpn) {
  346. int cur = 0;
  347. /* NOTE: when adding more protocols here, increase the size of the
  348. * protocols array in `struct ssl_backend_data`.
  349. */
  350. #ifdef USE_NGHTTP2
  351. if(data->set.httpversion >= CURL_HTTP_VERSION_2
  352. #ifndef CURL_DISABLE_PROXY
  353. && (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)
  354. #endif
  355. ) {
  356. backend->protocols[cur++] = NGHTTP2_PROTO_VERSION_ID;
  357. infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
  358. }
  359. #endif
  360. backend->protocols[cur++] = ALPN_HTTP_1_1;
  361. infof(data, "ALPN, offering %s\n", ALPN_HTTP_1_1);
  362. br_ssl_engine_set_protocol_names(&backend->ctx.eng,
  363. backend->protocols, cur);
  364. }
  365. if((1 == Curl_inet_pton(AF_INET, hostname, &addr))
  366. #ifdef ENABLE_IPV6
  367. || (1 == Curl_inet_pton(AF_INET6, hostname, &addr))
  368. #endif
  369. ) {
  370. if(verifyhost) {
  371. failf(data, "BearSSL: "
  372. "host verification of IP address is not supported");
  373. return CURLE_PEER_FAILED_VERIFICATION;
  374. }
  375. hostname = NULL;
  376. }
  377. if(!br_ssl_client_reset(&backend->ctx, hostname, 0))
  378. return CURLE_FAILED_INIT;
  379. backend->active = TRUE;
  380. connssl->connecting_state = ssl_connect_2;
  381. return CURLE_OK;
  382. }
  383. static CURLcode bearssl_run_until(struct connectdata *conn, int sockindex,
  384. unsigned target)
  385. {
  386. struct Curl_easy *data = conn->data;
  387. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  388. struct ssl_backend_data *backend = connssl->backend;
  389. curl_socket_t sockfd = conn->sock[sockindex];
  390. unsigned state;
  391. unsigned char *buf;
  392. size_t len;
  393. ssize_t ret;
  394. int err;
  395. for(;;) {
  396. state = br_ssl_engine_current_state(&backend->ctx.eng);
  397. if(state & BR_SSL_CLOSED) {
  398. err = br_ssl_engine_last_error(&backend->ctx.eng);
  399. switch(err) {
  400. case BR_ERR_OK:
  401. /* TLS close notify */
  402. if(connssl->state != ssl_connection_complete) {
  403. failf(data, "SSL: connection closed during handshake");
  404. return CURLE_SSL_CONNECT_ERROR;
  405. }
  406. return CURLE_OK;
  407. case BR_ERR_X509_EXPIRED:
  408. failf(data, "SSL: X.509 verification: "
  409. "certificate is expired or not yet valid");
  410. return CURLE_PEER_FAILED_VERIFICATION;
  411. case BR_ERR_X509_BAD_SERVER_NAME:
  412. failf(data, "SSL: X.509 verification: "
  413. "expected server name was not found in the chain");
  414. return CURLE_PEER_FAILED_VERIFICATION;
  415. case BR_ERR_X509_NOT_TRUSTED:
  416. failf(data, "SSL: X.509 verification: "
  417. "chain could not be linked to a trust anchor");
  418. return CURLE_PEER_FAILED_VERIFICATION;
  419. }
  420. /* X.509 errors are documented to have the range 32..63 */
  421. if(err >= 32 && err < 64)
  422. return CURLE_PEER_FAILED_VERIFICATION;
  423. return CURLE_SSL_CONNECT_ERROR;
  424. }
  425. if(state & target)
  426. return CURLE_OK;
  427. if(state & BR_SSL_SENDREC) {
  428. buf = br_ssl_engine_sendrec_buf(&backend->ctx.eng, &len);
  429. ret = swrite(sockfd, buf, len);
  430. if(ret == -1) {
  431. if(SOCKERRNO == EAGAIN || SOCKERRNO == EWOULDBLOCK) {
  432. if(connssl->state != ssl_connection_complete)
  433. connssl->connecting_state = ssl_connect_2_writing;
  434. return CURLE_AGAIN;
  435. }
  436. return CURLE_WRITE_ERROR;
  437. }
  438. br_ssl_engine_sendrec_ack(&backend->ctx.eng, ret);
  439. }
  440. else if(state & BR_SSL_RECVREC) {
  441. buf = br_ssl_engine_recvrec_buf(&backend->ctx.eng, &len);
  442. ret = sread(sockfd, buf, len);
  443. if(ret == 0) {
  444. failf(data, "SSL: EOF without close notify");
  445. return CURLE_READ_ERROR;
  446. }
  447. if(ret == -1) {
  448. if(SOCKERRNO == EAGAIN || SOCKERRNO == EWOULDBLOCK) {
  449. if(connssl->state != ssl_connection_complete)
  450. connssl->connecting_state = ssl_connect_2_reading;
  451. return CURLE_AGAIN;
  452. }
  453. return CURLE_READ_ERROR;
  454. }
  455. br_ssl_engine_recvrec_ack(&backend->ctx.eng, ret);
  456. }
  457. }
  458. }
  459. static CURLcode bearssl_connect_step2(struct connectdata *conn, int sockindex)
  460. {
  461. struct Curl_easy *data = conn->data;
  462. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  463. struct ssl_backend_data *backend = connssl->backend;
  464. CURLcode ret;
  465. ret = bearssl_run_until(conn, sockindex, BR_SSL_SENDAPP | BR_SSL_RECVAPP);
  466. if(ret == CURLE_AGAIN)
  467. return CURLE_OK;
  468. if(ret == CURLE_OK) {
  469. if(br_ssl_engine_current_state(&backend->ctx.eng) == BR_SSL_CLOSED) {
  470. failf(data, "SSL: connection closed during handshake");
  471. return CURLE_SSL_CONNECT_ERROR;
  472. }
  473. connssl->connecting_state = ssl_connect_3;
  474. }
  475. return ret;
  476. }
  477. static CURLcode bearssl_connect_step3(struct connectdata *conn, int sockindex)
  478. {
  479. struct Curl_easy *data = conn->data;
  480. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  481. struct ssl_backend_data *backend = connssl->backend;
  482. CURLcode ret;
  483. DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
  484. if(conn->bits.tls_enable_alpn) {
  485. const char *protocol;
  486. protocol = br_ssl_engine_get_selected_protocol(&backend->ctx.eng);
  487. if(protocol) {
  488. infof(data, "ALPN, server accepted to use %s\n", protocol);
  489. #ifdef USE_NGHTTP2
  490. if(!strcmp(protocol, NGHTTP2_PROTO_VERSION_ID))
  491. conn->negnpn = CURL_HTTP_VERSION_2;
  492. else
  493. #endif
  494. if(!strcmp(protocol, ALPN_HTTP_1_1))
  495. conn->negnpn = CURL_HTTP_VERSION_1_1;
  496. else
  497. infof(data, "ALPN, unrecognized protocol %s\n", protocol);
  498. Curl_multiuse_state(conn, conn->negnpn == CURL_HTTP_VERSION_2 ?
  499. BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
  500. }
  501. else
  502. infof(data, "ALPN, server did not agree to a protocol\n");
  503. }
  504. if(SSL_SET_OPTION(primary.sessionid)) {
  505. bool incache;
  506. void *oldsession;
  507. br_ssl_session_parameters *session;
  508. session = malloc(sizeof(*session));
  509. if(!session)
  510. return CURLE_OUT_OF_MEMORY;
  511. br_ssl_engine_get_session_parameters(&backend->ctx.eng, session);
  512. Curl_ssl_sessionid_lock(conn);
  513. incache = !(Curl_ssl_getsessionid(conn, &oldsession, NULL, sockindex));
  514. if(incache)
  515. Curl_ssl_delsessionid(conn, oldsession);
  516. ret = Curl_ssl_addsessionid(conn, session, 0, sockindex);
  517. Curl_ssl_sessionid_unlock(conn);
  518. if(ret) {
  519. free(session);
  520. return CURLE_OUT_OF_MEMORY;
  521. }
  522. }
  523. connssl->connecting_state = ssl_connect_done;
  524. return CURLE_OK;
  525. }
  526. static ssize_t bearssl_send(struct connectdata *conn, int sockindex,
  527. const void *buf, size_t len, CURLcode *err)
  528. {
  529. struct Curl_easy *data = conn->data;
  530. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  531. struct ssl_backend_data *backend = connssl->backend;
  532. unsigned char *app;
  533. size_t applen;
  534. for(;;) {
  535. *err = bearssl_run_until(conn, sockindex, BR_SSL_SENDAPP);
  536. if (*err != CURLE_OK)
  537. return -1;
  538. app = br_ssl_engine_sendapp_buf(&backend->ctx.eng, &applen);
  539. if(!app) {
  540. failf(data, "SSL: connection closed during write");
  541. *err = CURLE_SEND_ERROR;
  542. return -1;
  543. }
  544. if(backend->pending_write) {
  545. applen = backend->pending_write;
  546. backend->pending_write = 0;
  547. return applen;
  548. }
  549. if(applen > len)
  550. applen = len;
  551. memcpy(app, buf, applen);
  552. br_ssl_engine_sendapp_ack(&backend->ctx.eng, applen);
  553. br_ssl_engine_flush(&backend->ctx.eng, 0);
  554. backend->pending_write = applen;
  555. }
  556. }
  557. static ssize_t bearssl_recv(struct connectdata *conn, int sockindex,
  558. char *buf, size_t len, CURLcode *err)
  559. {
  560. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  561. struct ssl_backend_data *backend = connssl->backend;
  562. unsigned char *app;
  563. size_t applen;
  564. *err = bearssl_run_until(conn, sockindex, BR_SSL_RECVAPP);
  565. if(*err != CURLE_OK)
  566. return -1;
  567. app = br_ssl_engine_recvapp_buf(&backend->ctx.eng, &applen);
  568. if(!app)
  569. return 0;
  570. if(applen > len)
  571. applen = len;
  572. memcpy(buf, app, applen);
  573. br_ssl_engine_recvapp_ack(&backend->ctx.eng, applen);
  574. return applen;
  575. }
  576. static CURLcode bearssl_connect_common(struct connectdata *conn,
  577. int sockindex,
  578. bool nonblocking,
  579. bool *done)
  580. {
  581. CURLcode ret;
  582. struct Curl_easy *data = conn->data;
  583. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  584. curl_socket_t sockfd = conn->sock[sockindex];
  585. timediff_t timeout_ms;
  586. int what;
  587. /* check if the connection has already been established */
  588. if(ssl_connection_complete == connssl->state) {
  589. *done = TRUE;
  590. return CURLE_OK;
  591. }
  592. if(ssl_connect_1 == connssl->connecting_state) {
  593. ret = bearssl_connect_step1(conn, sockindex);
  594. if(ret)
  595. return ret;
  596. }
  597. while(ssl_connect_2 == connssl->connecting_state ||
  598. ssl_connect_2_reading == connssl->connecting_state ||
  599. ssl_connect_2_writing == connssl->connecting_state) {
  600. /* check allowed time left */
  601. timeout_ms = Curl_timeleft(data, NULL, TRUE);
  602. if(timeout_ms < 0) {
  603. /* no need to continue if time already is up */
  604. failf(data, "SSL connection timeout");
  605. return CURLE_OPERATION_TIMEDOUT;
  606. }
  607. /* if ssl is expecting something, check if it's available. */
  608. if(ssl_connect_2_reading == connssl->connecting_state ||
  609. ssl_connect_2_writing == connssl->connecting_state) {
  610. curl_socket_t writefd = ssl_connect_2_writing ==
  611. connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
  612. curl_socket_t readfd = ssl_connect_2_reading ==
  613. connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
  614. what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd,
  615. nonblocking?0:timeout_ms);
  616. if(what < 0) {
  617. /* fatal error */
  618. failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
  619. return CURLE_SSL_CONNECT_ERROR;
  620. }
  621. else if(0 == what) {
  622. if(nonblocking) {
  623. *done = FALSE;
  624. return CURLE_OK;
  625. }
  626. else {
  627. /* timeout */
  628. failf(data, "SSL connection timeout");
  629. return CURLE_OPERATION_TIMEDOUT;
  630. }
  631. }
  632. /* socket is readable or writable */
  633. }
  634. /* Run transaction, and return to the caller if it failed or if this
  635. * connection is done nonblocking and this loop would execute again. This
  636. * permits the owner of a multi handle to abort a connection attempt
  637. * before step2 has completed while ensuring that a client using select()
  638. * or epoll() will always have a valid fdset to wait on.
  639. */
  640. ret = bearssl_connect_step2(conn, sockindex);
  641. if(ret || (nonblocking &&
  642. (ssl_connect_2 == connssl->connecting_state ||
  643. ssl_connect_2_reading == connssl->connecting_state ||
  644. ssl_connect_2_writing == connssl->connecting_state)))
  645. return ret;
  646. }
  647. if(ssl_connect_3 == connssl->connecting_state) {
  648. ret = bearssl_connect_step3(conn, sockindex);
  649. if(ret)
  650. return ret;
  651. }
  652. if(ssl_connect_done == connssl->connecting_state) {
  653. connssl->state = ssl_connection_complete;
  654. conn->recv[sockindex] = bearssl_recv;
  655. conn->send[sockindex] = bearssl_send;
  656. *done = TRUE;
  657. }
  658. else
  659. *done = FALSE;
  660. /* Reset our connect state machine */
  661. connssl->connecting_state = ssl_connect_1;
  662. return CURLE_OK;
  663. }
  664. static size_t Curl_bearssl_version(char *buffer, size_t size)
  665. {
  666. return msnprintf(buffer, size, "BearSSL");
  667. }
  668. static bool Curl_bearssl_data_pending(const struct connectdata *conn,
  669. int connindex)
  670. {
  671. const struct ssl_connect_data *connssl = &conn->ssl[connindex];
  672. struct ssl_backend_data *backend = connssl->backend;
  673. return br_ssl_engine_current_state(&backend->ctx.eng) & BR_SSL_RECVAPP;
  674. }
  675. static CURLcode Curl_bearssl_random(struct Curl_easy *data UNUSED_PARAM,
  676. unsigned char *entropy, size_t length)
  677. {
  678. static br_hmac_drbg_context ctx;
  679. static bool seeded = FALSE;
  680. if(!seeded) {
  681. br_prng_seeder seeder;
  682. br_hmac_drbg_init(&ctx, &br_sha256_vtable, NULL, 0);
  683. seeder = br_prng_seeder_system(NULL);
  684. if(!seeder || !seeder(&ctx.vtable))
  685. return CURLE_FAILED_INIT;
  686. seeded = TRUE;
  687. }
  688. br_hmac_drbg_generate(&ctx, entropy, length);
  689. return CURLE_OK;
  690. }
  691. static CURLcode Curl_bearssl_connect(struct connectdata *conn, int sockindex)
  692. {
  693. CURLcode ret;
  694. bool done = FALSE;
  695. ret = bearssl_connect_common(conn, sockindex, FALSE, &done);
  696. if(ret)
  697. return ret;
  698. DEBUGASSERT(done);
  699. return CURLE_OK;
  700. }
  701. static CURLcode Curl_bearssl_connect_nonblocking(struct connectdata *conn,
  702. int sockindex, bool *done)
  703. {
  704. return bearssl_connect_common(conn, sockindex, TRUE, done);
  705. }
  706. static void *Curl_bearssl_get_internals(struct ssl_connect_data *connssl,
  707. CURLINFO info UNUSED_PARAM)
  708. {
  709. struct ssl_backend_data *backend = connssl->backend;
  710. return &backend->ctx;
  711. }
  712. static void Curl_bearssl_close(struct connectdata *conn, int sockindex)
  713. {
  714. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  715. struct ssl_backend_data *backend = connssl->backend;
  716. size_t i;
  717. if(backend->active) {
  718. br_ssl_engine_close(&backend->ctx.eng);
  719. (void)bearssl_run_until(conn, sockindex, BR_SSL_CLOSED);
  720. }
  721. for(i = 0; i < backend->anchors_len; ++i)
  722. free(backend->anchors[i].dn.data);
  723. free(backend->anchors);
  724. }
  725. static void Curl_bearssl_session_free(void *ptr)
  726. {
  727. free(ptr);
  728. }
  729. static CURLcode Curl_bearssl_md5sum(unsigned char *input,
  730. size_t inputlen,
  731. unsigned char *md5sum,
  732. size_t md5len UNUSED_PARAM)
  733. {
  734. br_md5_context ctx;
  735. br_md5_init(&ctx);
  736. br_md5_update(&ctx, input, inputlen);
  737. br_md5_out(&ctx, md5sum);
  738. return CURLE_OK;
  739. }
  740. static CURLcode Curl_bearssl_sha256sum(const unsigned char *input,
  741. size_t inputlen,
  742. unsigned char *sha256sum,
  743. size_t sha256len UNUSED_PARAM)
  744. {
  745. br_sha256_context ctx;
  746. br_sha256_init(&ctx);
  747. br_sha256_update(&ctx, input, inputlen);
  748. br_sha256_out(&ctx, sha256sum);
  749. return CURLE_OK;
  750. }
  751. const struct Curl_ssl Curl_ssl_bearssl = {
  752. { CURLSSLBACKEND_BEARSSL, "bearssl" },
  753. 0,
  754. sizeof(struct ssl_backend_data),
  755. Curl_none_init,
  756. Curl_none_cleanup,
  757. Curl_bearssl_version,
  758. Curl_none_check_cxn,
  759. Curl_none_shutdown,
  760. Curl_bearssl_data_pending,
  761. Curl_bearssl_random,
  762. Curl_none_cert_status_request,
  763. Curl_bearssl_connect,
  764. Curl_bearssl_connect_nonblocking,
  765. Curl_bearssl_get_internals,
  766. Curl_bearssl_close,
  767. Curl_none_close_all,
  768. Curl_bearssl_session_free,
  769. Curl_none_set_engine,
  770. Curl_none_set_engine_default,
  771. Curl_none_engines_list,
  772. Curl_none_false_start,
  773. Curl_bearssl_md5sum,
  774. Curl_bearssl_sha256sum
  775. };
  776. #endif /* USE_BEARSSL */