bearssl.c 38 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212
  1. /***************************************************************************
  2. * _ _ ____ _
  3. * Project ___| | | | _ \| |
  4. * / __| | | | |_) | |
  5. * | (__| |_| | _ <| |___
  6. * \___|\___/|_| \_\_____|
  7. *
  8. * Copyright (C) 2019 - 2022, Michael Forney, <mforney@mforney.org>
  9. *
  10. * This software is licensed as described in the file COPYING, which
  11. * you should have received as part of this distribution. The terms
  12. * are also available at https://curl.se/docs/copyright.html.
  13. *
  14. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15. * copies of the Software, and permit persons to whom the Software is
  16. * furnished to do so, under the terms of the COPYING file.
  17. *
  18. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19. * KIND, either express or implied.
  20. *
  21. ***************************************************************************/
  22. #include "curl_setup.h"
  23. #ifdef USE_BEARSSL
  24. #include <bearssl.h>
  25. #include "bearssl.h"
  26. #include "urldata.h"
  27. #include "sendf.h"
  28. #include "inet_pton.h"
  29. #include "vtls.h"
  30. #include "connect.h"
  31. #include "select.h"
  32. #include "multiif.h"
  33. #include "curl_printf.h"
  34. #include "curl_memory.h"
  35. #include "strcase.h"
  36. struct x509_context {
  37. const br_x509_class *vtable;
  38. br_x509_minimal_context minimal;
  39. br_x509_decoder_context decoder;
  40. bool verifyhost;
  41. bool verifypeer;
  42. int cert_num;
  43. };
  44. struct ssl_backend_data {
  45. br_ssl_client_context ctx;
  46. struct x509_context x509;
  47. unsigned char buf[BR_SSL_BUFSIZE_BIDI];
  48. br_x509_trust_anchor *anchors;
  49. size_t anchors_len;
  50. const char *protocols[2];
  51. /* SSL client context is active */
  52. bool active;
  53. /* size of pending write, yet to be flushed */
  54. size_t pending_write;
  55. };
  56. struct cafile_parser {
  57. CURLcode err;
  58. bool in_cert;
  59. br_x509_decoder_context xc;
  60. /* array of trust anchors loaded from CAfile */
  61. br_x509_trust_anchor *anchors;
  62. size_t anchors_len;
  63. /* buffer for DN data */
  64. unsigned char dn[1024];
  65. size_t dn_len;
  66. };
  67. #define CAFILE_SOURCE_PATH 1
  68. #define CAFILE_SOURCE_BLOB 2
  69. struct cafile_source {
  70. const int type;
  71. const char * const data;
  72. const size_t len;
  73. };
  74. static void append_dn(void *ctx, const void *buf, size_t len)
  75. {
  76. struct cafile_parser *ca = ctx;
  77. if(ca->err != CURLE_OK || !ca->in_cert)
  78. return;
  79. if(sizeof(ca->dn) - ca->dn_len < len) {
  80. ca->err = CURLE_FAILED_INIT;
  81. return;
  82. }
  83. memcpy(ca->dn + ca->dn_len, buf, len);
  84. ca->dn_len += len;
  85. }
  86. static void x509_push(void *ctx, const void *buf, size_t len)
  87. {
  88. struct cafile_parser *ca = ctx;
  89. if(ca->in_cert)
  90. br_x509_decoder_push(&ca->xc, buf, len);
  91. }
  92. static CURLcode load_cafile(struct cafile_source *source,
  93. br_x509_trust_anchor **anchors,
  94. size_t *anchors_len)
  95. {
  96. struct cafile_parser ca;
  97. br_pem_decoder_context pc;
  98. br_x509_trust_anchor *ta;
  99. size_t ta_size;
  100. br_x509_trust_anchor *new_anchors;
  101. size_t new_anchors_len;
  102. br_x509_pkey *pkey;
  103. FILE *fp = 0;
  104. unsigned char buf[BUFSIZ];
  105. const unsigned char *p;
  106. const char *name;
  107. size_t n, i, pushed;
  108. DEBUGASSERT(source->type == CAFILE_SOURCE_PATH
  109. || source->type == CAFILE_SOURCE_BLOB);
  110. if(source->type == CAFILE_SOURCE_PATH) {
  111. fp = fopen(source->data, "rb");
  112. if(!fp)
  113. return CURLE_SSL_CACERT_BADFILE;
  114. }
  115. if(source->type == CAFILE_SOURCE_BLOB && source->len > (size_t)INT_MAX)
  116. return CURLE_SSL_CACERT_BADFILE;
  117. ca.err = CURLE_OK;
  118. ca.in_cert = FALSE;
  119. ca.anchors = NULL;
  120. ca.anchors_len = 0;
  121. br_pem_decoder_init(&pc);
  122. br_pem_decoder_setdest(&pc, x509_push, &ca);
  123. do {
  124. if(source->type == CAFILE_SOURCE_PATH) {
  125. n = fread(buf, 1, sizeof(buf), fp);
  126. if(n == 0)
  127. break;
  128. p = buf;
  129. }
  130. else if(source->type == CAFILE_SOURCE_BLOB) {
  131. n = source->len;
  132. p = (unsigned char *) source->data;
  133. }
  134. while(n) {
  135. pushed = br_pem_decoder_push(&pc, p, n);
  136. if(ca.err)
  137. goto fail;
  138. p += pushed;
  139. n -= pushed;
  140. switch(br_pem_decoder_event(&pc)) {
  141. case 0:
  142. break;
  143. case BR_PEM_BEGIN_OBJ:
  144. name = br_pem_decoder_name(&pc);
  145. if(strcmp(name, "CERTIFICATE") && strcmp(name, "X509 CERTIFICATE"))
  146. break;
  147. br_x509_decoder_init(&ca.xc, append_dn, &ca);
  148. ca.in_cert = TRUE;
  149. ca.dn_len = 0;
  150. break;
  151. case BR_PEM_END_OBJ:
  152. if(!ca.in_cert)
  153. break;
  154. ca.in_cert = FALSE;
  155. if(br_x509_decoder_last_error(&ca.xc)) {
  156. ca.err = CURLE_SSL_CACERT_BADFILE;
  157. goto fail;
  158. }
  159. /* add trust anchor */
  160. if(ca.anchors_len == SIZE_MAX / sizeof(ca.anchors[0])) {
  161. ca.err = CURLE_OUT_OF_MEMORY;
  162. goto fail;
  163. }
  164. new_anchors_len = ca.anchors_len + 1;
  165. new_anchors = realloc(ca.anchors,
  166. new_anchors_len * sizeof(ca.anchors[0]));
  167. if(!new_anchors) {
  168. ca.err = CURLE_OUT_OF_MEMORY;
  169. goto fail;
  170. }
  171. ca.anchors = new_anchors;
  172. ca.anchors_len = new_anchors_len;
  173. ta = &ca.anchors[ca.anchors_len - 1];
  174. ta->dn.data = NULL;
  175. ta->flags = 0;
  176. if(br_x509_decoder_isCA(&ca.xc))
  177. ta->flags |= BR_X509_TA_CA;
  178. pkey = br_x509_decoder_get_pkey(&ca.xc);
  179. if(!pkey) {
  180. ca.err = CURLE_SSL_CACERT_BADFILE;
  181. goto fail;
  182. }
  183. ta->pkey = *pkey;
  184. /* calculate space needed for trust anchor data */
  185. ta_size = ca.dn_len;
  186. switch(pkey->key_type) {
  187. case BR_KEYTYPE_RSA:
  188. ta_size += pkey->key.rsa.nlen + pkey->key.rsa.elen;
  189. break;
  190. case BR_KEYTYPE_EC:
  191. ta_size += pkey->key.ec.qlen;
  192. break;
  193. default:
  194. ca.err = CURLE_FAILED_INIT;
  195. goto fail;
  196. }
  197. /* fill in trust anchor DN and public key data */
  198. ta->dn.data = malloc(ta_size);
  199. if(!ta->dn.data) {
  200. ca.err = CURLE_OUT_OF_MEMORY;
  201. goto fail;
  202. }
  203. memcpy(ta->dn.data, ca.dn, ca.dn_len);
  204. ta->dn.len = ca.dn_len;
  205. switch(pkey->key_type) {
  206. case BR_KEYTYPE_RSA:
  207. ta->pkey.key.rsa.n = ta->dn.data + ta->dn.len;
  208. memcpy(ta->pkey.key.rsa.n, pkey->key.rsa.n, pkey->key.rsa.nlen);
  209. ta->pkey.key.rsa.e = ta->pkey.key.rsa.n + ta->pkey.key.rsa.nlen;
  210. memcpy(ta->pkey.key.rsa.e, pkey->key.rsa.e, pkey->key.rsa.elen);
  211. break;
  212. case BR_KEYTYPE_EC:
  213. ta->pkey.key.ec.q = ta->dn.data + ta->dn.len;
  214. memcpy(ta->pkey.key.ec.q, pkey->key.ec.q, pkey->key.ec.qlen);
  215. break;
  216. }
  217. break;
  218. default:
  219. ca.err = CURLE_SSL_CACERT_BADFILE;
  220. goto fail;
  221. }
  222. }
  223. } while(source->type != CAFILE_SOURCE_BLOB);
  224. if(fp && ferror(fp))
  225. ca.err = CURLE_READ_ERROR;
  226. else if(ca.in_cert)
  227. ca.err = CURLE_SSL_CACERT_BADFILE;
  228. fail:
  229. if(fp)
  230. fclose(fp);
  231. if(ca.err == CURLE_OK) {
  232. *anchors = ca.anchors;
  233. *anchors_len = ca.anchors_len;
  234. }
  235. else {
  236. for(i = 0; i < ca.anchors_len; ++i)
  237. free(ca.anchors[i].dn.data);
  238. free(ca.anchors);
  239. }
  240. return ca.err;
  241. }
  242. static void x509_start_chain(const br_x509_class **ctx,
  243. const char *server_name)
  244. {
  245. struct x509_context *x509 = (struct x509_context *)ctx;
  246. if(!x509->verifypeer) {
  247. x509->cert_num = 0;
  248. return;
  249. }
  250. if(!x509->verifyhost)
  251. server_name = NULL;
  252. x509->minimal.vtable->start_chain(&x509->minimal.vtable, server_name);
  253. }
  254. static void x509_start_cert(const br_x509_class **ctx, uint32_t length)
  255. {
  256. struct x509_context *x509 = (struct x509_context *)ctx;
  257. if(!x509->verifypeer) {
  258. /* Only decode the first cert in the chain to obtain the public key */
  259. if(x509->cert_num == 0)
  260. br_x509_decoder_init(&x509->decoder, NULL, NULL);
  261. return;
  262. }
  263. x509->minimal.vtable->start_cert(&x509->minimal.vtable, length);
  264. }
  265. static void x509_append(const br_x509_class **ctx, const unsigned char *buf,
  266. size_t len)
  267. {
  268. struct x509_context *x509 = (struct x509_context *)ctx;
  269. if(!x509->verifypeer) {
  270. if(x509->cert_num == 0)
  271. br_x509_decoder_push(&x509->decoder, buf, len);
  272. return;
  273. }
  274. x509->minimal.vtable->append(&x509->minimal.vtable, buf, len);
  275. }
  276. static void x509_end_cert(const br_x509_class **ctx)
  277. {
  278. struct x509_context *x509 = (struct x509_context *)ctx;
  279. if(!x509->verifypeer) {
  280. x509->cert_num++;
  281. return;
  282. }
  283. x509->minimal.vtable->end_cert(&x509->minimal.vtable);
  284. }
  285. static unsigned x509_end_chain(const br_x509_class **ctx)
  286. {
  287. struct x509_context *x509 = (struct x509_context *)ctx;
  288. if(!x509->verifypeer) {
  289. return br_x509_decoder_last_error(&x509->decoder);
  290. }
  291. return x509->minimal.vtable->end_chain(&x509->minimal.vtable);
  292. }
  293. static const br_x509_pkey *x509_get_pkey(const br_x509_class *const *ctx,
  294. unsigned *usages)
  295. {
  296. struct x509_context *x509 = (struct x509_context *)ctx;
  297. if(!x509->verifypeer) {
  298. /* Nothing in the chain is verified, just return the public key of the
  299. first certificate and allow its usage for both TLS_RSA_* and
  300. TLS_ECDHE_* */
  301. if(usages)
  302. *usages = BR_KEYTYPE_KEYX | BR_KEYTYPE_SIGN;
  303. return br_x509_decoder_get_pkey(&x509->decoder);
  304. }
  305. return x509->minimal.vtable->get_pkey(&x509->minimal.vtable, usages);
  306. }
  307. static const br_x509_class x509_vtable = {
  308. sizeof(struct x509_context),
  309. x509_start_chain,
  310. x509_start_cert,
  311. x509_append,
  312. x509_end_cert,
  313. x509_end_chain,
  314. x509_get_pkey
  315. };
  316. struct st_cipher {
  317. const char *name; /* Cipher suite IANA name. It starts with "TLS_" prefix */
  318. const char *alias_name; /* Alias name is the same as OpenSSL cipher name */
  319. uint16_t num; /* BearSSL cipher suite */
  320. };
  321. /* Macro to initialize st_cipher data structure */
  322. #define CIPHER_DEF(num, alias) { #num, alias, BR_##num }
  323. static const struct st_cipher ciphertable[] = {
  324. /* RFC 2246 TLS 1.0 */
  325. CIPHER_DEF(TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* 0x000A */
  326. "DES-CBC3-SHA"),
  327. /* RFC 3268 TLS 1.0 AES */
  328. CIPHER_DEF(TLS_RSA_WITH_AES_128_CBC_SHA, /* 0x002F */
  329. "AES128-SHA"),
  330. CIPHER_DEF(TLS_RSA_WITH_AES_256_CBC_SHA, /* 0x0035 */
  331. "AES256-SHA"),
  332. /* RFC 5246 TLS 1.2 */
  333. CIPHER_DEF(TLS_RSA_WITH_AES_128_CBC_SHA256, /* 0x003C */
  334. "AES128-SHA256"),
  335. CIPHER_DEF(TLS_RSA_WITH_AES_256_CBC_SHA256, /* 0x003D */
  336. "AES256-SHA256"),
  337. /* RFC 5288 TLS 1.2 AES GCM */
  338. CIPHER_DEF(TLS_RSA_WITH_AES_128_GCM_SHA256, /* 0x009C */
  339. "AES128-GCM-SHA256"),
  340. CIPHER_DEF(TLS_RSA_WITH_AES_256_GCM_SHA384, /* 0x009D */
  341. "AES256-GCM-SHA384"),
  342. /* RFC 4492 TLS 1.0 ECC */
  343. CIPHER_DEF(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, /* 0xC003 */
  344. "ECDH-ECDSA-DES-CBC3-SHA"),
  345. CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, /* 0xC004 */
  346. "ECDH-ECDSA-AES128-SHA"),
  347. CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, /* 0xC005 */
  348. "ECDH-ECDSA-AES256-SHA"),
  349. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, /* 0xC008 */
  350. "ECDHE-ECDSA-DES-CBC3-SHA"),
  351. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, /* 0xC009 */
  352. "ECDHE-ECDSA-AES128-SHA"),
  353. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, /* 0xC00A */
  354. "ECDHE-ECDSA-AES256-SHA"),
  355. CIPHER_DEF(TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, /* 0xC00D */
  356. "ECDH-RSA-DES-CBC3-SHA"),
  357. CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, /* 0xC00E */
  358. "ECDH-RSA-AES128-SHA"),
  359. CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, /* 0xC00F */
  360. "ECDH-RSA-AES256-SHA"),
  361. CIPHER_DEF(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, /* 0xC012 */
  362. "ECDHE-RSA-DES-CBC3-SHA"),
  363. CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, /* 0xC013 */
  364. "ECDHE-RSA-AES128-SHA"),
  365. CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, /* 0xC014 */
  366. "ECDHE-RSA-AES256-SHA"),
  367. /* RFC 5289 TLS 1.2 ECC HMAC SHA256/384 */
  368. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, /* 0xC023 */
  369. "ECDHE-ECDSA-AES128-SHA256"),
  370. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, /* 0xC024 */
  371. "ECDHE-ECDSA-AES256-SHA384"),
  372. CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, /* 0xC025 */
  373. "ECDH-ECDSA-AES128-SHA256"),
  374. CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, /* 0xC026 */
  375. "ECDH-ECDSA-AES256-SHA384"),
  376. CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, /* 0xC027 */
  377. "ECDHE-RSA-AES128-SHA256"),
  378. CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, /* 0xC028 */
  379. "ECDHE-RSA-AES256-SHA384"),
  380. CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, /* 0xC029 */
  381. "ECDH-RSA-AES128-SHA256"),
  382. CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, /* 0xC02A */
  383. "ECDH-RSA-AES256-SHA384"),
  384. /* RFC 5289 TLS 1.2 GCM */
  385. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, /* 0xC02B */
  386. "ECDHE-ECDSA-AES128-GCM-SHA256"),
  387. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, /* 0xC02C */
  388. "ECDHE-ECDSA-AES256-GCM-SHA384"),
  389. CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, /* 0xC02D */
  390. "ECDH-ECDSA-AES128-GCM-SHA256"),
  391. CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, /* 0xC02E */
  392. "ECDH-ECDSA-AES256-GCM-SHA384"),
  393. CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, /* 0xC02F */
  394. "ECDHE-RSA-AES128-GCM-SHA256"),
  395. CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, /* 0xC030 */
  396. "ECDHE-RSA-AES256-GCM-SHA384"),
  397. CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, /* 0xC031 */
  398. "ECDH-RSA-AES128-GCM-SHA256"),
  399. CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, /* 0xC032 */
  400. "ECDH-RSA-AES256-GCM-SHA384"),
  401. #ifdef BR_TLS_RSA_WITH_AES_128_CCM
  402. /* RFC 6655 TLS 1.2 CCM
  403. Supported since BearSSL 0.6 */
  404. CIPHER_DEF(TLS_RSA_WITH_AES_128_CCM, /* 0xC09C */
  405. "AES128-CCM"),
  406. CIPHER_DEF(TLS_RSA_WITH_AES_256_CCM, /* 0xC09D */
  407. "AES256-CCM"),
  408. CIPHER_DEF(TLS_RSA_WITH_AES_128_CCM_8, /* 0xC0A0 */
  409. "AES128-CCM8"),
  410. CIPHER_DEF(TLS_RSA_WITH_AES_256_CCM_8, /* 0xC0A1 */
  411. "AES256-CCM8"),
  412. /* RFC 7251 TLS 1.2 ECC CCM
  413. Supported since BearSSL 0.6 */
  414. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CCM, /* 0xC0AC */
  415. "ECDHE-ECDSA-AES128-CCM"),
  416. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CCM, /* 0xC0AD */
  417. "ECDHE-ECDSA-AES256-CCM"),
  418. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, /* 0xC0AE */
  419. "ECDHE-ECDSA-AES128-CCM8"),
  420. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, /* 0xC0AF */
  421. "ECDHE-ECDSA-AES256-CCM8"),
  422. #endif
  423. /* RFC 7905 TLS 1.2 ChaCha20-Poly1305
  424. Supported since BearSSL 0.2 */
  425. CIPHER_DEF(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA8 */
  426. "ECDHE-RSA-CHACHA20-POLY1305"),
  427. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA9 */
  428. "ECDHE-ECDSA-CHACHA20-POLY1305"),
  429. };
  430. #define NUM_OF_CIPHERS (sizeof(ciphertable) / sizeof(ciphertable[0]))
  431. #define CIPHER_NAME_BUF_LEN 64
  432. static bool is_separator(char c)
  433. {
  434. /* Return whether character is a cipher list separator. */
  435. switch(c) {
  436. case ' ':
  437. case '\t':
  438. case ':':
  439. case ',':
  440. case ';':
  441. return true;
  442. }
  443. return false;
  444. }
  445. static CURLcode bearssl_set_selected_ciphers(struct Curl_easy *data,
  446. br_ssl_engine_context *ssl_eng,
  447. const char *ciphers)
  448. {
  449. uint16_t selected_ciphers[NUM_OF_CIPHERS];
  450. size_t selected_count = 0;
  451. char cipher_name[CIPHER_NAME_BUF_LEN];
  452. const char *cipher_start = ciphers;
  453. const char *cipher_end;
  454. size_t i, j;
  455. if(!cipher_start)
  456. return CURLE_SSL_CIPHER;
  457. while(true) {
  458. /* Extract the next cipher name from the ciphers string */
  459. while(is_separator(*cipher_start))
  460. ++cipher_start;
  461. if(*cipher_start == '\0')
  462. break;
  463. cipher_end = cipher_start;
  464. while(*cipher_end != '\0' && !is_separator(*cipher_end))
  465. ++cipher_end;
  466. j = cipher_end - cipher_start < CIPHER_NAME_BUF_LEN - 1 ?
  467. cipher_end - cipher_start : CIPHER_NAME_BUF_LEN - 1;
  468. strncpy(cipher_name, cipher_start, j);
  469. cipher_name[j] = '\0';
  470. cipher_start = cipher_end;
  471. /* Lookup the cipher name in the table of available ciphers. If the cipher
  472. name starts with "TLS_" we do the lookup by IANA name. Otherwise, we try
  473. to match cipher name by an (OpenSSL) alias. */
  474. if(strncasecompare(cipher_name, "TLS_", 4)) {
  475. for(i = 0; i < NUM_OF_CIPHERS &&
  476. !strcasecompare(cipher_name, ciphertable[i].name); ++i);
  477. }
  478. else {
  479. for(i = 0; i < NUM_OF_CIPHERS &&
  480. !strcasecompare(cipher_name, ciphertable[i].alias_name); ++i);
  481. }
  482. if(i == NUM_OF_CIPHERS) {
  483. infof(data, "BearSSL: unknown cipher in list: %s", cipher_name);
  484. continue;
  485. }
  486. /* No duplicates allowed */
  487. for(j = 0; j < selected_count &&
  488. selected_ciphers[j] != ciphertable[i].num; j++);
  489. if(j < selected_count) {
  490. infof(data, "BearSSL: duplicate cipher in list: %s", cipher_name);
  491. continue;
  492. }
  493. DEBUGASSERT(selected_count < NUM_OF_CIPHERS);
  494. selected_ciphers[selected_count] = ciphertable[i].num;
  495. ++selected_count;
  496. }
  497. if(selected_count == 0) {
  498. failf(data, "BearSSL: no supported cipher in list");
  499. return CURLE_SSL_CIPHER;
  500. }
  501. br_ssl_engine_set_suites(ssl_eng, selected_ciphers, selected_count);
  502. return CURLE_OK;
  503. }
  504. static CURLcode bearssl_connect_step1(struct Curl_easy *data,
  505. struct connectdata *conn, int sockindex)
  506. {
  507. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  508. struct ssl_backend_data *backend = connssl->backend;
  509. const struct curl_blob *ca_info_blob = SSL_CONN_CONFIG(ca_info_blob);
  510. const char * const ssl_cafile =
  511. /* CURLOPT_CAINFO_BLOB overrides CURLOPT_CAINFO */
  512. (ca_info_blob ? NULL : SSL_CONN_CONFIG(CAfile));
  513. const char *hostname = SSL_HOST_NAME();
  514. const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
  515. const bool verifyhost = SSL_CONN_CONFIG(verifyhost);
  516. CURLcode ret;
  517. unsigned version_min, version_max;
  518. #ifdef ENABLE_IPV6
  519. struct in6_addr addr;
  520. #else
  521. struct in_addr addr;
  522. #endif
  523. DEBUGASSERT(backend);
  524. switch(SSL_CONN_CONFIG(version)) {
  525. case CURL_SSLVERSION_SSLv2:
  526. failf(data, "BearSSL does not support SSLv2");
  527. return CURLE_SSL_CONNECT_ERROR;
  528. case CURL_SSLVERSION_SSLv3:
  529. failf(data, "BearSSL does not support SSLv3");
  530. return CURLE_SSL_CONNECT_ERROR;
  531. case CURL_SSLVERSION_TLSv1_0:
  532. version_min = BR_TLS10;
  533. version_max = BR_TLS10;
  534. break;
  535. case CURL_SSLVERSION_TLSv1_1:
  536. version_min = BR_TLS11;
  537. version_max = BR_TLS11;
  538. break;
  539. case CURL_SSLVERSION_TLSv1_2:
  540. version_min = BR_TLS12;
  541. version_max = BR_TLS12;
  542. break;
  543. case CURL_SSLVERSION_DEFAULT:
  544. case CURL_SSLVERSION_TLSv1:
  545. version_min = BR_TLS10;
  546. version_max = BR_TLS12;
  547. break;
  548. default:
  549. failf(data, "BearSSL: unknown CURLOPT_SSLVERSION");
  550. return CURLE_SSL_CONNECT_ERROR;
  551. }
  552. if(ca_info_blob) {
  553. struct cafile_source source = {
  554. CAFILE_SOURCE_BLOB,
  555. ca_info_blob->data,
  556. ca_info_blob->len,
  557. };
  558. ret = load_cafile(&source, &backend->anchors, &backend->anchors_len);
  559. if(ret != CURLE_OK) {
  560. if(verifypeer) {
  561. failf(data, "error importing CA certificate blob");
  562. return ret;
  563. }
  564. /* Only warn if no certificate verification is required. */
  565. infof(data, "error importing CA certificate blob, continuing anyway");
  566. }
  567. }
  568. if(ssl_cafile) {
  569. struct cafile_source source = {
  570. CAFILE_SOURCE_PATH,
  571. ssl_cafile,
  572. 0,
  573. };
  574. ret = load_cafile(&source, &backend->anchors, &backend->anchors_len);
  575. if(ret != CURLE_OK) {
  576. if(verifypeer) {
  577. failf(data, "error setting certificate verify locations."
  578. " CAfile: %s", ssl_cafile);
  579. return ret;
  580. }
  581. infof(data, "error setting certificate verify locations,"
  582. " continuing anyway:");
  583. }
  584. }
  585. /* initialize SSL context */
  586. br_ssl_client_init_full(&backend->ctx, &backend->x509.minimal,
  587. backend->anchors, backend->anchors_len);
  588. br_ssl_engine_set_versions(&backend->ctx.eng, version_min, version_max);
  589. br_ssl_engine_set_buffer(&backend->ctx.eng, backend->buf,
  590. sizeof(backend->buf), 1);
  591. if(SSL_CONN_CONFIG(cipher_list)) {
  592. /* Override the ciphers as specified. For the default cipher list see the
  593. BearSSL source code of br_ssl_client_init_full() */
  594. ret = bearssl_set_selected_ciphers(data, &backend->ctx.eng,
  595. SSL_CONN_CONFIG(cipher_list));
  596. if(ret)
  597. return ret;
  598. }
  599. /* initialize X.509 context */
  600. backend->x509.vtable = &x509_vtable;
  601. backend->x509.verifypeer = verifypeer;
  602. backend->x509.verifyhost = verifyhost;
  603. br_ssl_engine_set_x509(&backend->ctx.eng, &backend->x509.vtable);
  604. if(SSL_SET_OPTION(primary.sessionid)) {
  605. void *session;
  606. Curl_ssl_sessionid_lock(data);
  607. if(!Curl_ssl_getsessionid(data, conn, SSL_IS_PROXY() ? TRUE : FALSE,
  608. &session, NULL, sockindex)) {
  609. br_ssl_engine_set_session_parameters(&backend->ctx.eng, session);
  610. infof(data, "BearSSL: re-using session ID");
  611. }
  612. Curl_ssl_sessionid_unlock(data);
  613. }
  614. if(conn->bits.tls_enable_alpn) {
  615. int cur = 0;
  616. /* NOTE: when adding more protocols here, increase the size of the
  617. * protocols array in `struct ssl_backend_data`.
  618. */
  619. #ifdef USE_HTTP2
  620. if(data->state.httpwant >= CURL_HTTP_VERSION_2
  621. #ifndef CURL_DISABLE_PROXY
  622. && (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)
  623. #endif
  624. ) {
  625. backend->protocols[cur++] = ALPN_H2;
  626. infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2);
  627. }
  628. #endif
  629. backend->protocols[cur++] = ALPN_HTTP_1_1;
  630. infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1);
  631. br_ssl_engine_set_protocol_names(&backend->ctx.eng,
  632. backend->protocols, cur);
  633. }
  634. if((1 == Curl_inet_pton(AF_INET, hostname, &addr))
  635. #ifdef ENABLE_IPV6
  636. || (1 == Curl_inet_pton(AF_INET6, hostname, &addr))
  637. #endif
  638. ) {
  639. if(verifyhost) {
  640. failf(data, "BearSSL: "
  641. "host verification of IP address is not supported");
  642. return CURLE_PEER_FAILED_VERIFICATION;
  643. }
  644. hostname = NULL;
  645. }
  646. else {
  647. char *snihost = Curl_ssl_snihost(data, hostname, NULL);
  648. if(!snihost) {
  649. failf(data, "Failed to set SNI");
  650. return CURLE_SSL_CONNECT_ERROR;
  651. }
  652. hostname = snihost;
  653. }
  654. /* give application a chance to interfere with SSL set up. */
  655. if(data->set.ssl.fsslctx) {
  656. Curl_set_in_callback(data, true);
  657. ret = (*data->set.ssl.fsslctx)(data, &backend->ctx,
  658. data->set.ssl.fsslctxp);
  659. Curl_set_in_callback(data, false);
  660. if(ret) {
  661. failf(data, "BearSSL: error signaled by ssl ctx callback");
  662. return ret;
  663. }
  664. }
  665. if(!br_ssl_client_reset(&backend->ctx, hostname, 1))
  666. return CURLE_FAILED_INIT;
  667. backend->active = TRUE;
  668. connssl->connecting_state = ssl_connect_2;
  669. return CURLE_OK;
  670. }
  671. static CURLcode bearssl_run_until(struct Curl_easy *data,
  672. struct connectdata *conn, int sockindex,
  673. unsigned target)
  674. {
  675. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  676. struct ssl_backend_data *backend = connssl->backend;
  677. curl_socket_t sockfd = conn->sock[sockindex];
  678. unsigned state;
  679. unsigned char *buf;
  680. size_t len;
  681. ssize_t ret;
  682. int err;
  683. DEBUGASSERT(backend);
  684. for(;;) {
  685. state = br_ssl_engine_current_state(&backend->ctx.eng);
  686. if(state & BR_SSL_CLOSED) {
  687. err = br_ssl_engine_last_error(&backend->ctx.eng);
  688. switch(err) {
  689. case BR_ERR_OK:
  690. /* TLS close notify */
  691. if(connssl->state != ssl_connection_complete) {
  692. failf(data, "SSL: connection closed during handshake");
  693. return CURLE_SSL_CONNECT_ERROR;
  694. }
  695. return CURLE_OK;
  696. case BR_ERR_X509_EXPIRED:
  697. failf(data, "SSL: X.509 verification: "
  698. "certificate is expired or not yet valid");
  699. return CURLE_PEER_FAILED_VERIFICATION;
  700. case BR_ERR_X509_BAD_SERVER_NAME:
  701. failf(data, "SSL: X.509 verification: "
  702. "expected server name was not found in the chain");
  703. return CURLE_PEER_FAILED_VERIFICATION;
  704. case BR_ERR_X509_NOT_TRUSTED:
  705. failf(data, "SSL: X.509 verification: "
  706. "chain could not be linked to a trust anchor");
  707. return CURLE_PEER_FAILED_VERIFICATION;
  708. }
  709. /* X.509 errors are documented to have the range 32..63 */
  710. if(err >= 32 && err < 64)
  711. return CURLE_PEER_FAILED_VERIFICATION;
  712. return CURLE_SSL_CONNECT_ERROR;
  713. }
  714. if(state & target)
  715. return CURLE_OK;
  716. if(state & BR_SSL_SENDREC) {
  717. buf = br_ssl_engine_sendrec_buf(&backend->ctx.eng, &len);
  718. ret = swrite(sockfd, buf, len);
  719. if(ret == -1) {
  720. if(SOCKERRNO == EAGAIN || SOCKERRNO == EWOULDBLOCK) {
  721. if(connssl->state != ssl_connection_complete)
  722. connssl->connecting_state = ssl_connect_2_writing;
  723. return CURLE_AGAIN;
  724. }
  725. return CURLE_WRITE_ERROR;
  726. }
  727. br_ssl_engine_sendrec_ack(&backend->ctx.eng, ret);
  728. }
  729. else if(state & BR_SSL_RECVREC) {
  730. buf = br_ssl_engine_recvrec_buf(&backend->ctx.eng, &len);
  731. ret = sread(sockfd, buf, len);
  732. if(ret == 0) {
  733. failf(data, "SSL: EOF without close notify");
  734. return CURLE_READ_ERROR;
  735. }
  736. if(ret == -1) {
  737. if(SOCKERRNO == EAGAIN || SOCKERRNO == EWOULDBLOCK) {
  738. if(connssl->state != ssl_connection_complete)
  739. connssl->connecting_state = ssl_connect_2_reading;
  740. return CURLE_AGAIN;
  741. }
  742. return CURLE_READ_ERROR;
  743. }
  744. br_ssl_engine_recvrec_ack(&backend->ctx.eng, ret);
  745. }
  746. }
  747. }
  748. static CURLcode bearssl_connect_step2(struct Curl_easy *data,
  749. struct connectdata *conn, int sockindex)
  750. {
  751. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  752. struct ssl_backend_data *backend = connssl->backend;
  753. CURLcode ret;
  754. DEBUGASSERT(backend);
  755. ret = bearssl_run_until(data, conn, sockindex,
  756. BR_SSL_SENDAPP | BR_SSL_RECVAPP);
  757. if(ret == CURLE_AGAIN)
  758. return CURLE_OK;
  759. if(ret == CURLE_OK) {
  760. if(br_ssl_engine_current_state(&backend->ctx.eng) == BR_SSL_CLOSED) {
  761. failf(data, "SSL: connection closed during handshake");
  762. return CURLE_SSL_CONNECT_ERROR;
  763. }
  764. connssl->connecting_state = ssl_connect_3;
  765. }
  766. return ret;
  767. }
  768. static CURLcode bearssl_connect_step3(struct Curl_easy *data,
  769. struct connectdata *conn, int sockindex)
  770. {
  771. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  772. struct ssl_backend_data *backend = connssl->backend;
  773. CURLcode ret;
  774. DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
  775. DEBUGASSERT(backend);
  776. if(conn->bits.tls_enable_alpn) {
  777. const char *protocol;
  778. protocol = br_ssl_engine_get_selected_protocol(&backend->ctx.eng);
  779. if(protocol) {
  780. infof(data, VTLS_INFOF_ALPN_ACCEPTED_1STR, protocol);
  781. #ifdef USE_HTTP2
  782. if(!strcmp(protocol, ALPN_H2))
  783. conn->negnpn = CURL_HTTP_VERSION_2;
  784. else
  785. #endif
  786. if(!strcmp(protocol, ALPN_HTTP_1_1))
  787. conn->negnpn = CURL_HTTP_VERSION_1_1;
  788. else
  789. infof(data, "ALPN, unrecognized protocol %s", protocol);
  790. Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ?
  791. BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
  792. }
  793. else
  794. infof(data, VTLS_INFOF_NO_ALPN);
  795. }
  796. if(SSL_SET_OPTION(primary.sessionid)) {
  797. bool incache;
  798. bool added = FALSE;
  799. void *oldsession;
  800. br_ssl_session_parameters *session;
  801. session = malloc(sizeof(*session));
  802. if(!session)
  803. return CURLE_OUT_OF_MEMORY;
  804. br_ssl_engine_get_session_parameters(&backend->ctx.eng, session);
  805. Curl_ssl_sessionid_lock(data);
  806. incache = !(Curl_ssl_getsessionid(data, conn,
  807. SSL_IS_PROXY() ? TRUE : FALSE,
  808. &oldsession, NULL, sockindex));
  809. if(incache)
  810. Curl_ssl_delsessionid(data, oldsession);
  811. ret = Curl_ssl_addsessionid(data, conn,
  812. SSL_IS_PROXY() ? TRUE : FALSE,
  813. session, 0, sockindex, &added);
  814. Curl_ssl_sessionid_unlock(data);
  815. if(!added)
  816. free(session);
  817. if(ret) {
  818. return CURLE_OUT_OF_MEMORY;
  819. }
  820. }
  821. connssl->connecting_state = ssl_connect_done;
  822. return CURLE_OK;
  823. }
  824. static ssize_t bearssl_send(struct Curl_easy *data, int sockindex,
  825. const void *buf, size_t len, CURLcode *err)
  826. {
  827. struct connectdata *conn = data->conn;
  828. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  829. struct ssl_backend_data *backend = connssl->backend;
  830. unsigned char *app;
  831. size_t applen;
  832. DEBUGASSERT(backend);
  833. for(;;) {
  834. *err = bearssl_run_until(data, conn, sockindex, BR_SSL_SENDAPP);
  835. if (*err != CURLE_OK)
  836. return -1;
  837. app = br_ssl_engine_sendapp_buf(&backend->ctx.eng, &applen);
  838. if(!app) {
  839. failf(data, "SSL: connection closed during write");
  840. *err = CURLE_SEND_ERROR;
  841. return -1;
  842. }
  843. if(backend->pending_write) {
  844. applen = backend->pending_write;
  845. backend->pending_write = 0;
  846. return applen;
  847. }
  848. if(applen > len)
  849. applen = len;
  850. memcpy(app, buf, applen);
  851. br_ssl_engine_sendapp_ack(&backend->ctx.eng, applen);
  852. br_ssl_engine_flush(&backend->ctx.eng, 0);
  853. backend->pending_write = applen;
  854. }
  855. }
  856. static ssize_t bearssl_recv(struct Curl_easy *data, int sockindex,
  857. char *buf, size_t len, CURLcode *err)
  858. {
  859. struct connectdata *conn = data->conn;
  860. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  861. struct ssl_backend_data *backend = connssl->backend;
  862. unsigned char *app;
  863. size_t applen;
  864. DEBUGASSERT(backend);
  865. *err = bearssl_run_until(data, conn, sockindex, BR_SSL_RECVAPP);
  866. if(*err != CURLE_OK)
  867. return -1;
  868. app = br_ssl_engine_recvapp_buf(&backend->ctx.eng, &applen);
  869. if(!app)
  870. return 0;
  871. if(applen > len)
  872. applen = len;
  873. memcpy(buf, app, applen);
  874. br_ssl_engine_recvapp_ack(&backend->ctx.eng, applen);
  875. return applen;
  876. }
  877. static CURLcode bearssl_connect_common(struct Curl_easy *data,
  878. struct connectdata *conn,
  879. int sockindex,
  880. bool nonblocking,
  881. bool *done)
  882. {
  883. CURLcode ret;
  884. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  885. curl_socket_t sockfd = conn->sock[sockindex];
  886. timediff_t timeout_ms;
  887. int what;
  888. /* check if the connection has already been established */
  889. if(ssl_connection_complete == connssl->state) {
  890. *done = TRUE;
  891. return CURLE_OK;
  892. }
  893. if(ssl_connect_1 == connssl->connecting_state) {
  894. ret = bearssl_connect_step1(data, conn, sockindex);
  895. if(ret)
  896. return ret;
  897. }
  898. while(ssl_connect_2 == connssl->connecting_state ||
  899. ssl_connect_2_reading == connssl->connecting_state ||
  900. ssl_connect_2_writing == connssl->connecting_state) {
  901. /* check allowed time left */
  902. timeout_ms = Curl_timeleft(data, NULL, TRUE);
  903. if(timeout_ms < 0) {
  904. /* no need to continue if time already is up */
  905. failf(data, "SSL connection timeout");
  906. return CURLE_OPERATION_TIMEDOUT;
  907. }
  908. /* if ssl is expecting something, check if it's available. */
  909. if(ssl_connect_2_reading == connssl->connecting_state ||
  910. ssl_connect_2_writing == connssl->connecting_state) {
  911. curl_socket_t writefd = ssl_connect_2_writing ==
  912. connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
  913. curl_socket_t readfd = ssl_connect_2_reading ==
  914. connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
  915. what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd,
  916. nonblocking?0:timeout_ms);
  917. if(what < 0) {
  918. /* fatal error */
  919. failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
  920. return CURLE_SSL_CONNECT_ERROR;
  921. }
  922. else if(0 == what) {
  923. if(nonblocking) {
  924. *done = FALSE;
  925. return CURLE_OK;
  926. }
  927. else {
  928. /* timeout */
  929. failf(data, "SSL connection timeout");
  930. return CURLE_OPERATION_TIMEDOUT;
  931. }
  932. }
  933. /* socket is readable or writable */
  934. }
  935. /* Run transaction, and return to the caller if it failed or if this
  936. * connection is done nonblocking and this loop would execute again. This
  937. * permits the owner of a multi handle to abort a connection attempt
  938. * before step2 has completed while ensuring that a client using select()
  939. * or epoll() will always have a valid fdset to wait on.
  940. */
  941. ret = bearssl_connect_step2(data, conn, sockindex);
  942. if(ret || (nonblocking &&
  943. (ssl_connect_2 == connssl->connecting_state ||
  944. ssl_connect_2_reading == connssl->connecting_state ||
  945. ssl_connect_2_writing == connssl->connecting_state)))
  946. return ret;
  947. }
  948. if(ssl_connect_3 == connssl->connecting_state) {
  949. ret = bearssl_connect_step3(data, conn, sockindex);
  950. if(ret)
  951. return ret;
  952. }
  953. if(ssl_connect_done == connssl->connecting_state) {
  954. connssl->state = ssl_connection_complete;
  955. conn->recv[sockindex] = bearssl_recv;
  956. conn->send[sockindex] = bearssl_send;
  957. *done = TRUE;
  958. }
  959. else
  960. *done = FALSE;
  961. /* Reset our connect state machine */
  962. connssl->connecting_state = ssl_connect_1;
  963. return CURLE_OK;
  964. }
  965. static size_t bearssl_version(char *buffer, size_t size)
  966. {
  967. return msnprintf(buffer, size, "BearSSL");
  968. }
  969. static bool bearssl_data_pending(const struct connectdata *conn,
  970. int connindex)
  971. {
  972. const struct ssl_connect_data *connssl = &conn->ssl[connindex];
  973. struct ssl_backend_data *backend = connssl->backend;
  974. DEBUGASSERT(backend);
  975. return br_ssl_engine_current_state(&backend->ctx.eng) & BR_SSL_RECVAPP;
  976. }
  977. static CURLcode bearssl_random(struct Curl_easy *data UNUSED_PARAM,
  978. unsigned char *entropy, size_t length)
  979. {
  980. static br_hmac_drbg_context ctx;
  981. static bool seeded = FALSE;
  982. if(!seeded) {
  983. br_prng_seeder seeder;
  984. br_hmac_drbg_init(&ctx, &br_sha256_vtable, NULL, 0);
  985. seeder = br_prng_seeder_system(NULL);
  986. if(!seeder || !seeder(&ctx.vtable))
  987. return CURLE_FAILED_INIT;
  988. seeded = TRUE;
  989. }
  990. br_hmac_drbg_generate(&ctx, entropy, length);
  991. return CURLE_OK;
  992. }
  993. static CURLcode bearssl_connect(struct Curl_easy *data,
  994. struct connectdata *conn, int sockindex)
  995. {
  996. CURLcode ret;
  997. bool done = FALSE;
  998. ret = bearssl_connect_common(data, conn, sockindex, FALSE, &done);
  999. if(ret)
  1000. return ret;
  1001. DEBUGASSERT(done);
  1002. return CURLE_OK;
  1003. }
  1004. static CURLcode bearssl_connect_nonblocking(struct Curl_easy *data,
  1005. struct connectdata *conn,
  1006. int sockindex, bool *done)
  1007. {
  1008. return bearssl_connect_common(data, conn, sockindex, TRUE, done);
  1009. }
  1010. static void *bearssl_get_internals(struct ssl_connect_data *connssl,
  1011. CURLINFO info UNUSED_PARAM)
  1012. {
  1013. struct ssl_backend_data *backend = connssl->backend;
  1014. DEBUGASSERT(backend);
  1015. return &backend->ctx;
  1016. }
  1017. static void bearssl_close(struct Curl_easy *data,
  1018. struct connectdata *conn, int sockindex)
  1019. {
  1020. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  1021. struct ssl_backend_data *backend = connssl->backend;
  1022. size_t i;
  1023. DEBUGASSERT(backend);
  1024. if(backend->active) {
  1025. br_ssl_engine_close(&backend->ctx.eng);
  1026. (void)bearssl_run_until(data, conn, sockindex, BR_SSL_CLOSED);
  1027. }
  1028. for(i = 0; i < backend->anchors_len; ++i)
  1029. free(backend->anchors[i].dn.data);
  1030. free(backend->anchors);
  1031. }
  1032. static void bearssl_session_free(void *ptr)
  1033. {
  1034. free(ptr);
  1035. }
  1036. static CURLcode bearssl_sha256sum(const unsigned char *input,
  1037. size_t inputlen,
  1038. unsigned char *sha256sum,
  1039. size_t sha256len UNUSED_PARAM)
  1040. {
  1041. br_sha256_context ctx;
  1042. br_sha256_init(&ctx);
  1043. br_sha256_update(&ctx, input, inputlen);
  1044. br_sha256_out(&ctx, sha256sum);
  1045. return CURLE_OK;
  1046. }
  1047. const struct Curl_ssl Curl_ssl_bearssl = {
  1048. { CURLSSLBACKEND_BEARSSL, "bearssl" }, /* info */
  1049. SSLSUPP_CAINFO_BLOB | SSLSUPP_SSL_CTX,
  1050. sizeof(struct ssl_backend_data),
  1051. Curl_none_init, /* init */
  1052. Curl_none_cleanup, /* cleanup */
  1053. bearssl_version, /* version */
  1054. Curl_none_check_cxn, /* check_cxn */
  1055. Curl_none_shutdown, /* shutdown */
  1056. bearssl_data_pending, /* data_pending */
  1057. bearssl_random, /* random */
  1058. Curl_none_cert_status_request, /* cert_status_request */
  1059. bearssl_connect, /* connect */
  1060. bearssl_connect_nonblocking, /* connect_nonblocking */
  1061. Curl_ssl_getsock, /* getsock */
  1062. bearssl_get_internals, /* get_internals */
  1063. bearssl_close, /* close_one */
  1064. Curl_none_close_all, /* close_all */
  1065. bearssl_session_free, /* session_free */
  1066. Curl_none_set_engine, /* set_engine */
  1067. Curl_none_set_engine_default, /* set_engine_default */
  1068. Curl_none_engines_list, /* engines_list */
  1069. Curl_none_false_start, /* false_start */
  1070. bearssl_sha256sum, /* sha256sum */
  1071. NULL, /* associate_connection */
  1072. NULL /* disassociate_connection */
  1073. };
  1074. #endif /* USE_BEARSSL */