sectransp.c 126 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486248724882489249024912492249324942495249624972498249925002501250225032504250525062507250825092510251125122513251425152516251725182519252025212522252325242525252625272528252925302531253225332534253525362537253825392540254125422543254425452546254725482549255025512552255325542555255625572558255925602561256225632564256525662567256825692570257125722573257425752576257725782579258025812582258325842585258625872588258925902591259225932594259525962597259825992600260126022603260426052606260726082609261026112612261326142615261626172618261926202621262226232624262526262627262826292630263126322633263426352636263726382639264026412642264326442645264626472648264926502651265226532654265526562657265826592660266126622663266426652666266726682669267026712672267326742675267626772678267926802681268226832684268526862687268826892690269126922693269426952696269726982699270027012702270327042705270627072708270927102711271227132714271527162717271827192720272127222723272427252726272727282729273027312732273327342735273627372738273927402741274227432744274527462747274827492750275127522753275427552756275727582759276027612762276327642765276627672768276927702771277227732774277527762777277827792780278127822783278427852786278727882789279027912792279327942795279627972798279928002801280228032804280528062807280828092810281128122813281428152816281728182819282028212822282328242825282628272828282928302831283228332834283528362837283828392840284128422843284428452846284728482849285028512852285328542855285628572858285928602861286228632864286528662867286828692870287128722873287428752876287728782879288028812882288328842885288628872888288928902891289228932894289528962897289828992900290129022903290429052906290729082909291029112912291329142915291629172918291929202921292229232924292529262927292829292930293129322933293429352936293729382939294029412942294329442945294629472948294929502951295229532954295529562957295829592960296129622963296429652966296729682969297029712972297329742975297629772978297929802981298229832984298529862987298829892990299129922993299429952996299729982999300030013002300330043005300630073008300930103011301230133014301530163017301830193020302130223023302430253026302730283029303030313032303330343035303630373038303930403041304230433044304530463047304830493050305130523053305430553056305730583059306030613062306330643065306630673068306930703071307230733074307530763077307830793080308130823083308430853086308730883089309030913092309330943095309630973098309931003101310231033104310531063107310831093110311131123113311431153116311731183119312031213122312331243125312631273128312931303131313231333134313531363137313831393140314131423143314431453146314731483149315031513152315331543155315631573158315931603161316231633164316531663167316831693170317131723173317431753176317731783179318031813182318331843185318631873188318931903191319231933194319531963197319831993200320132023203320432053206320732083209321032113212321332143215321632173218321932203221322232233224322532263227322832293230323132323233323432353236323732383239324032413242324332443245324632473248324932503251325232533254325532563257325832593260326132623263326432653266326732683269327032713272327332743275327632773278327932803281328232833284328532863287328832893290329132923293329432953296329732983299330033013302330333043305330633073308330933103311331233133314331533163317331833193320332133223323332433253326332733283329333033313332333333343335333633373338333933403341334233433344334533463347334833493350335133523353335433553356335733583359336033613362336333643365336633673368336933703371337233733374337533763377337833793380338133823383338433853386338733883389339033913392339333943395339633973398339934003401340234033404340534063407340834093410341134123413341434153416341734183419342034213422342334243425342634273428342934303431343234333434343534363437343834393440344134423443344434453446344734483449345034513452345334543455345634573458345934603461346234633464346534663467346834693470347134723473347434753476347734783479348034813482348334843485348634873488348934903491349234933494349534963497349834993500350135023503350435053506350735083509351035113512351335143515351635173518351935203521352235233524352535263527352835293530353135323533353435353536353735383539
  1. /***************************************************************************
  2. * _ _ ____ _
  3. * Project ___| | | | _ \| |
  4. * / __| | | | |_) | |
  5. * | (__| |_| | _ <| |___
  6. * \___|\___/|_| \_\_____|
  7. *
  8. * Copyright (C) 2012 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
  9. * Copyright (C) 2012 - 2017, Nick Zitzmann, <nickzman@gmail.com>.
  10. *
  11. * This software is licensed as described in the file COPYING, which
  12. * you should have received as part of this distribution. The terms
  13. * are also available at https://curl.se/docs/copyright.html.
  14. *
  15. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  16. * copies of the Software, and permit persons to whom the Software is
  17. * furnished to do so, under the terms of the COPYING file.
  18. *
  19. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  20. * KIND, either express or implied.
  21. *
  22. ***************************************************************************/
  23. /*
  24. * Source file for all iOS and macOS SecureTransport-specific code for the
  25. * TLS/SSL layer. No code but vtls.c should ever call or use these functions.
  26. */
  27. #include "curl_setup.h"
  28. #include "urldata.h" /* for the Curl_easy definition */
  29. #include "curl_base64.h"
  30. #include "strtok.h"
  31. #include "multiif.h"
  32. #include "strcase.h"
  33. #include "x509asn1.h"
  34. #include "strerror.h"
  35. #ifdef USE_SECTRANSP
  36. #ifdef __clang__
  37. #pragma clang diagnostic push
  38. #pragma clang diagnostic ignored "-Wtautological-pointer-compare"
  39. #endif /* __clang__ */
  40. #include <limits.h>
  41. #include <Security/Security.h>
  42. /* For some reason, when building for iOS, the omnibus header above does
  43. * not include SecureTransport.h as of iOS SDK 5.1. */
  44. #include <Security/SecureTransport.h>
  45. #include <CoreFoundation/CoreFoundation.h>
  46. #include <CommonCrypto/CommonDigest.h>
  47. /* The Security framework has changed greatly between iOS and different macOS
  48. versions, and we will try to support as many of them as we can (back to
  49. Leopard and iOS 5) by using macros and weak-linking.
  50. In general, you want to build this using the most recent OS SDK, since some
  51. features require curl to be built against the latest SDK. TLS 1.1 and 1.2
  52. support, for instance, require the macOS 10.8 SDK or later. TLS 1.3
  53. requires the macOS 10.13 or iOS 11 SDK or later. */
  54. #if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE))
  55. #if MAC_OS_X_VERSION_MAX_ALLOWED < 1050
  56. #error "The Secure Transport back-end requires Leopard or later."
  57. #endif /* MAC_OS_X_VERSION_MAX_ALLOWED < 1050 */
  58. #define CURL_BUILD_IOS 0
  59. #define CURL_BUILD_IOS_7 0
  60. #define CURL_BUILD_IOS_9 0
  61. #define CURL_BUILD_IOS_11 0
  62. #define CURL_BUILD_IOS_13 0
  63. #define CURL_BUILD_MAC 1
  64. /* This is the maximum API level we are allowed to use when building: */
  65. #define CURL_BUILD_MAC_10_5 MAC_OS_X_VERSION_MAX_ALLOWED >= 1050
  66. #define CURL_BUILD_MAC_10_6 MAC_OS_X_VERSION_MAX_ALLOWED >= 1060
  67. #define CURL_BUILD_MAC_10_7 MAC_OS_X_VERSION_MAX_ALLOWED >= 1070
  68. #define CURL_BUILD_MAC_10_8 MAC_OS_X_VERSION_MAX_ALLOWED >= 1080
  69. #define CURL_BUILD_MAC_10_9 MAC_OS_X_VERSION_MAX_ALLOWED >= 1090
  70. #define CURL_BUILD_MAC_10_11 MAC_OS_X_VERSION_MAX_ALLOWED >= 101100
  71. #define CURL_BUILD_MAC_10_13 MAC_OS_X_VERSION_MAX_ALLOWED >= 101300
  72. #define CURL_BUILD_MAC_10_15 MAC_OS_X_VERSION_MAX_ALLOWED >= 101500
  73. /* These macros mean "the following code is present to allow runtime backward
  74. compatibility with at least this cat or earlier":
  75. (You set this at build-time using the compiler command line option
  76. "-mmacosx-version-min.") */
  77. #define CURL_SUPPORT_MAC_10_5 MAC_OS_X_VERSION_MIN_REQUIRED <= 1050
  78. #define CURL_SUPPORT_MAC_10_6 MAC_OS_X_VERSION_MIN_REQUIRED <= 1060
  79. #define CURL_SUPPORT_MAC_10_7 MAC_OS_X_VERSION_MIN_REQUIRED <= 1070
  80. #define CURL_SUPPORT_MAC_10_8 MAC_OS_X_VERSION_MIN_REQUIRED <= 1080
  81. #define CURL_SUPPORT_MAC_10_9 MAC_OS_X_VERSION_MIN_REQUIRED <= 1090
  82. #elif TARGET_OS_EMBEDDED || TARGET_OS_IPHONE
  83. #define CURL_BUILD_IOS 1
  84. #define CURL_BUILD_IOS_7 __IPHONE_OS_VERSION_MAX_ALLOWED >= 70000
  85. #define CURL_BUILD_IOS_9 __IPHONE_OS_VERSION_MAX_ALLOWED >= 90000
  86. #define CURL_BUILD_IOS_11 __IPHONE_OS_VERSION_MAX_ALLOWED >= 110000
  87. #define CURL_BUILD_IOS_13 __IPHONE_OS_VERSION_MAX_ALLOWED >= 130000
  88. #define CURL_BUILD_MAC 0
  89. #define CURL_BUILD_MAC_10_5 0
  90. #define CURL_BUILD_MAC_10_6 0
  91. #define CURL_BUILD_MAC_10_7 0
  92. #define CURL_BUILD_MAC_10_8 0
  93. #define CURL_BUILD_MAC_10_9 0
  94. #define CURL_BUILD_MAC_10_11 0
  95. #define CURL_BUILD_MAC_10_13 0
  96. #define CURL_BUILD_MAC_10_15 0
  97. #define CURL_SUPPORT_MAC_10_5 0
  98. #define CURL_SUPPORT_MAC_10_6 0
  99. #define CURL_SUPPORT_MAC_10_7 0
  100. #define CURL_SUPPORT_MAC_10_8 0
  101. #define CURL_SUPPORT_MAC_10_9 0
  102. #else
  103. #error "The Secure Transport back-end requires iOS or macOS."
  104. #endif /* (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)) */
  105. #if CURL_BUILD_MAC
  106. #include <sys/sysctl.h>
  107. #endif /* CURL_BUILD_MAC */
  108. #include "urldata.h"
  109. #include "sendf.h"
  110. #include "inet_pton.h"
  111. #include "connect.h"
  112. #include "select.h"
  113. #include "vtls.h"
  114. #include "sectransp.h"
  115. #include "curl_printf.h"
  116. #include "strdup.h"
  117. #include "curl_memory.h"
  118. /* The last #include file should be: */
  119. #include "memdebug.h"
  120. /* From MacTypes.h (which we can't include because it isn't present in iOS: */
  121. #define ioErr -36
  122. #define paramErr -50
  123. struct ssl_backend_data {
  124. SSLContextRef ssl_ctx;
  125. curl_socket_t ssl_sockfd;
  126. bool ssl_direction; /* true if writing, false if reading */
  127. size_t ssl_write_buffered_length;
  128. };
  129. struct st_cipher {
  130. const char *name; /* Cipher suite IANA name. It starts with "TLS_" prefix */
  131. const char *alias_name; /* Alias name is the same as OpenSSL cipher name */
  132. SSLCipherSuite num; /* Cipher suite code/number defined in IANA registry */
  133. bool weak; /* Flag to mark cipher as weak based on previous implementation
  134. of Secure Transport back-end by CURL */
  135. };
  136. /* Macro to initialize st_cipher data structure: stringify id to name, cipher
  137. number/id, 'weak' suite flag
  138. */
  139. #define CIPHER_DEF(num, alias, weak) \
  140. { #num, alias, num, weak }
  141. /*
  142. Macro to initialize st_cipher data structure with name, code (IANA cipher
  143. number/id value), and 'weak' suite flag. The first 28 cipher suite numbers
  144. have the same IANA code for both SSL and TLS standards: numbers 0x0000 to
  145. 0x001B. They have different names though. The first 4 letters of the cipher
  146. suite name are the protocol name: "SSL_" or "TLS_", rest of the IANA name is
  147. the same for both SSL and TLS cipher suite name.
  148. The second part of the problem is that macOS/iOS SDKs don't define all TLS
  149. codes but only 12 of them. The SDK defines all SSL codes though, i.e. SSL_NUM
  150. constant is always defined for those 28 ciphers while TLS_NUM is defined only
  151. for 12 of the first 28 ciphers. Those 12 TLS cipher codes match to
  152. corresponding SSL enum value and represent the same cipher suite. Therefore
  153. we'll use the SSL enum value for those cipher suites because it is defined
  154. for all 28 of them.
  155. We make internal data consistent and based on TLS names, i.e. all st_cipher
  156. item names start with the "TLS_" prefix.
  157. Summarizing all the above, those 28 first ciphers are presented in our table
  158. with both TLS and SSL names. Their cipher numbers are assigned based on the
  159. SDK enum value for the SSL cipher, which matches to IANA TLS number.
  160. */
  161. #define CIPHER_DEF_SSLTLS(num_wo_prefix, alias, weak) \
  162. { "TLS_" #num_wo_prefix, alias, SSL_##num_wo_prefix, weak }
  163. /*
  164. Cipher suites were marked as weak based on the following:
  165. RC4 encryption - rfc7465, the document contains a list of deprecated ciphers.
  166. Marked in the code below as weak.
  167. RC2 encryption - many mentions, was found vulnerable to a relatively easy
  168. attack https://link.springer.com/chapter/10.1007%2F3-540-69710-1_14
  169. Marked in the code below as weak.
  170. DES and IDEA encryption - rfc5469, has a list of deprecated ciphers.
  171. Marked in the code below as weak.
  172. Anonymous Diffie-Hellman authentication and anonymous elliptic curve
  173. Diffie-Hellman - vulnerable to a man-in-the-middle attack. Deprecated by
  174. RFC 4346 aka TLS 1.1 (section A.5, page 60)
  175. Null bulk encryption suites - not encrypted communication
  176. Export ciphers, i.e. ciphers with restrictions to be used outside the US for
  177. software exported to some countries, they were excluded from TLS 1.1
  178. version. More precisely, they were noted as ciphers which MUST NOT be
  179. negotiated in RFC 4346 aka TLS 1.1 (section A.5, pages 60 and 61).
  180. All of those filters were considered weak because they contain a weak
  181. algorithm like DES, RC2 or RC4, and already considered weak by other
  182. criteria.
  183. 3DES - NIST deprecated it and is going to retire it by 2023
  184. https://csrc.nist.gov/News/2017/Update-to-Current-Use-and-Deprecation-of-TDEA
  185. OpenSSL https://www.openssl.org/blog/blog/2016/08/24/sweet32/ also
  186. deprecated those ciphers. Some other libraries also consider it
  187. vulnerable or at least not strong enough.
  188. CBC ciphers are vulnerable with SSL3.0 and TLS1.0:
  189. https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance
  190. /118518-technote-esa-00.html
  191. We don't take care of this issue because it is resolved by later TLS
  192. versions and for us, it requires more complicated checks, we need to
  193. check a protocol version also. Vulnerability doesn't look very critical
  194. and we do not filter out those cipher suites.
  195. */
  196. #define CIPHER_WEAK_NOT_ENCRYPTED TRUE
  197. #define CIPHER_WEAK_RC_ENCRYPTION TRUE
  198. #define CIPHER_WEAK_DES_ENCRYPTION TRUE
  199. #define CIPHER_WEAK_IDEA_ENCRYPTION TRUE
  200. #define CIPHER_WEAK_ANON_AUTH TRUE
  201. #define CIPHER_WEAK_3DES_ENCRYPTION TRUE
  202. #define CIPHER_STRONG_ENOUGH FALSE
  203. /* Please do not change the order of the first ciphers available for SSL.
  204. Do not insert and do not delete any of them. Code below
  205. depends on their order and continuity.
  206. If you add a new cipher, please maintain order by number, i.e.
  207. insert in between existing items to appropriate place based on
  208. cipher suite IANA number
  209. */
  210. const static struct st_cipher ciphertable[] = {
  211. /* SSL version 3.0 and initial TLS 1.0 cipher suites.
  212. Defined since SDK 10.2.8 */
  213. CIPHER_DEF_SSLTLS(NULL_WITH_NULL_NULL, /* 0x0000 */
  214. NULL,
  215. CIPHER_WEAK_NOT_ENCRYPTED),
  216. CIPHER_DEF_SSLTLS(RSA_WITH_NULL_MD5, /* 0x0001 */
  217. "NULL-MD5",
  218. CIPHER_WEAK_NOT_ENCRYPTED),
  219. CIPHER_DEF_SSLTLS(RSA_WITH_NULL_SHA, /* 0x0002 */
  220. "NULL-SHA",
  221. CIPHER_WEAK_NOT_ENCRYPTED),
  222. CIPHER_DEF_SSLTLS(RSA_EXPORT_WITH_RC4_40_MD5, /* 0x0003 */
  223. "EXP-RC4-MD5",
  224. CIPHER_WEAK_RC_ENCRYPTION),
  225. CIPHER_DEF_SSLTLS(RSA_WITH_RC4_128_MD5, /* 0x0004 */
  226. "RC4-MD5",
  227. CIPHER_WEAK_RC_ENCRYPTION),
  228. CIPHER_DEF_SSLTLS(RSA_WITH_RC4_128_SHA, /* 0x0005 */
  229. "RC4-SHA",
  230. CIPHER_WEAK_RC_ENCRYPTION),
  231. CIPHER_DEF_SSLTLS(RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* 0x0006 */
  232. "EXP-RC2-CBC-MD5",
  233. CIPHER_WEAK_RC_ENCRYPTION),
  234. CIPHER_DEF_SSLTLS(RSA_WITH_IDEA_CBC_SHA, /* 0x0007 */
  235. "IDEA-CBC-SHA",
  236. CIPHER_WEAK_IDEA_ENCRYPTION),
  237. CIPHER_DEF_SSLTLS(RSA_EXPORT_WITH_DES40_CBC_SHA, /* 0x0008 */
  238. "EXP-DES-CBC-SHA",
  239. CIPHER_WEAK_DES_ENCRYPTION),
  240. CIPHER_DEF_SSLTLS(RSA_WITH_DES_CBC_SHA, /* 0x0009 */
  241. "DES-CBC-SHA",
  242. CIPHER_WEAK_DES_ENCRYPTION),
  243. CIPHER_DEF_SSLTLS(RSA_WITH_3DES_EDE_CBC_SHA, /* 0x000A */
  244. "DES-CBC3-SHA",
  245. CIPHER_WEAK_3DES_ENCRYPTION),
  246. CIPHER_DEF_SSLTLS(DH_DSS_EXPORT_WITH_DES40_CBC_SHA, /* 0x000B */
  247. "EXP-DH-DSS-DES-CBC-SHA",
  248. CIPHER_WEAK_DES_ENCRYPTION),
  249. CIPHER_DEF_SSLTLS(DH_DSS_WITH_DES_CBC_SHA, /* 0x000C */
  250. "DH-DSS-DES-CBC-SHA",
  251. CIPHER_WEAK_DES_ENCRYPTION),
  252. CIPHER_DEF_SSLTLS(DH_DSS_WITH_3DES_EDE_CBC_SHA, /* 0x000D */
  253. "DH-DSS-DES-CBC3-SHA",
  254. CIPHER_WEAK_3DES_ENCRYPTION),
  255. CIPHER_DEF_SSLTLS(DH_RSA_EXPORT_WITH_DES40_CBC_SHA, /* 0x000E */
  256. "EXP-DH-RSA-DES-CBC-SHA",
  257. CIPHER_WEAK_DES_ENCRYPTION),
  258. CIPHER_DEF_SSLTLS(DH_RSA_WITH_DES_CBC_SHA, /* 0x000F */
  259. "DH-RSA-DES-CBC-SHA",
  260. CIPHER_WEAK_DES_ENCRYPTION),
  261. CIPHER_DEF_SSLTLS(DH_RSA_WITH_3DES_EDE_CBC_SHA, /* 0x0010 */
  262. "DH-RSA-DES-CBC3-SHA",
  263. CIPHER_WEAK_3DES_ENCRYPTION),
  264. CIPHER_DEF_SSLTLS(DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, /* 0x0011 */
  265. "EXP-EDH-DSS-DES-CBC-SHA",
  266. CIPHER_WEAK_DES_ENCRYPTION),
  267. CIPHER_DEF_SSLTLS(DHE_DSS_WITH_DES_CBC_SHA, /* 0x0012 */
  268. "EDH-DSS-CBC-SHA",
  269. CIPHER_WEAK_DES_ENCRYPTION),
  270. CIPHER_DEF_SSLTLS(DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* 0x0013 */
  271. "DHE-DSS-DES-CBC3-SHA",
  272. CIPHER_WEAK_3DES_ENCRYPTION),
  273. CIPHER_DEF_SSLTLS(DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, /* 0x0014 */
  274. "EXP-EDH-RSA-DES-CBC-SHA",
  275. CIPHER_WEAK_DES_ENCRYPTION),
  276. CIPHER_DEF_SSLTLS(DHE_RSA_WITH_DES_CBC_SHA, /* 0x0015 */
  277. "EDH-RSA-DES-CBC-SHA",
  278. CIPHER_WEAK_DES_ENCRYPTION),
  279. CIPHER_DEF_SSLTLS(DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* 0x0016 */
  280. "DHE-RSA-DES-CBC3-SHA",
  281. CIPHER_WEAK_3DES_ENCRYPTION),
  282. CIPHER_DEF_SSLTLS(DH_anon_EXPORT_WITH_RC4_40_MD5, /* 0x0017 */
  283. "EXP-ADH-RC4-MD5",
  284. CIPHER_WEAK_ANON_AUTH),
  285. CIPHER_DEF_SSLTLS(DH_anon_WITH_RC4_128_MD5, /* 0x0018 */
  286. "ADH-RC4-MD5",
  287. CIPHER_WEAK_ANON_AUTH),
  288. CIPHER_DEF_SSLTLS(DH_anon_EXPORT_WITH_DES40_CBC_SHA, /* 0x0019 */
  289. "EXP-ADH-DES-CBC-SHA",
  290. CIPHER_WEAK_ANON_AUTH),
  291. CIPHER_DEF_SSLTLS(DH_anon_WITH_DES_CBC_SHA, /* 0x001A */
  292. "ADH-DES-CBC-SHA",
  293. CIPHER_WEAK_ANON_AUTH),
  294. CIPHER_DEF_SSLTLS(DH_anon_WITH_3DES_EDE_CBC_SHA, /* 0x001B */
  295. "ADH-DES-CBC3-SHA",
  296. CIPHER_WEAK_3DES_ENCRYPTION),
  297. CIPHER_DEF(SSL_FORTEZZA_DMS_WITH_NULL_SHA, /* 0x001C */
  298. NULL,
  299. CIPHER_WEAK_NOT_ENCRYPTED),
  300. CIPHER_DEF(SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* 0x001D */
  301. NULL,
  302. CIPHER_STRONG_ENOUGH),
  303. #if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7
  304. /* RFC 4785 - Pre-Shared Key (PSK) Ciphersuites with NULL Encryption */
  305. CIPHER_DEF(TLS_PSK_WITH_NULL_SHA, /* 0x002C */
  306. "PSK-NULL-SHA",
  307. CIPHER_WEAK_NOT_ENCRYPTED),
  308. CIPHER_DEF(TLS_DHE_PSK_WITH_NULL_SHA, /* 0x002D */
  309. "DHE-PSK-NULL-SHA",
  310. CIPHER_WEAK_NOT_ENCRYPTED),
  311. CIPHER_DEF(TLS_RSA_PSK_WITH_NULL_SHA, /* 0x002E */
  312. "RSA-PSK-NULL-SHA",
  313. CIPHER_WEAK_NOT_ENCRYPTED),
  314. #endif /* CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 */
  315. /* TLS addenda using AES, per RFC 3268. Defined since SDK 10.4u */
  316. CIPHER_DEF(TLS_RSA_WITH_AES_128_CBC_SHA, /* 0x002F */
  317. "AES128-SHA",
  318. CIPHER_STRONG_ENOUGH),
  319. CIPHER_DEF(TLS_DH_DSS_WITH_AES_128_CBC_SHA, /* 0x0030 */
  320. "DH-DSS-AES128-SHA",
  321. CIPHER_STRONG_ENOUGH),
  322. CIPHER_DEF(TLS_DH_RSA_WITH_AES_128_CBC_SHA, /* 0x0031 */
  323. "DH-RSA-AES128-SHA",
  324. CIPHER_STRONG_ENOUGH),
  325. CIPHER_DEF(TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* 0x0032 */
  326. "DHE-DSS-AES128-SHA",
  327. CIPHER_STRONG_ENOUGH),
  328. CIPHER_DEF(TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* 0x0033 */
  329. "DHE-RSA-AES128-SHA",
  330. CIPHER_STRONG_ENOUGH),
  331. CIPHER_DEF(TLS_DH_anon_WITH_AES_128_CBC_SHA, /* 0x0034 */
  332. "ADH-AES128-SHA",
  333. CIPHER_WEAK_ANON_AUTH),
  334. CIPHER_DEF(TLS_RSA_WITH_AES_256_CBC_SHA, /* 0x0035 */
  335. "AES256-SHA",
  336. CIPHER_STRONG_ENOUGH),
  337. CIPHER_DEF(TLS_DH_DSS_WITH_AES_256_CBC_SHA, /* 0x0036 */
  338. "DH-DSS-AES256-SHA",
  339. CIPHER_STRONG_ENOUGH),
  340. CIPHER_DEF(TLS_DH_RSA_WITH_AES_256_CBC_SHA, /* 0x0037 */
  341. "DH-RSA-AES256-SHA",
  342. CIPHER_STRONG_ENOUGH),
  343. CIPHER_DEF(TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* 0x0038 */
  344. "DHE-DSS-AES256-SHA",
  345. CIPHER_STRONG_ENOUGH),
  346. CIPHER_DEF(TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* 0x0039 */
  347. "DHE-RSA-AES256-SHA",
  348. CIPHER_STRONG_ENOUGH),
  349. CIPHER_DEF(TLS_DH_anon_WITH_AES_256_CBC_SHA, /* 0x003A */
  350. "ADH-AES256-SHA",
  351. CIPHER_WEAK_ANON_AUTH),
  352. #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
  353. /* TLS 1.2 addenda, RFC 5246 */
  354. /* Server provided RSA certificate for key exchange. */
  355. CIPHER_DEF(TLS_RSA_WITH_NULL_SHA256, /* 0x003B */
  356. "NULL-SHA256",
  357. CIPHER_WEAK_NOT_ENCRYPTED),
  358. CIPHER_DEF(TLS_RSA_WITH_AES_128_CBC_SHA256, /* 0x003C */
  359. "AES128-SHA256",
  360. CIPHER_STRONG_ENOUGH),
  361. CIPHER_DEF(TLS_RSA_WITH_AES_256_CBC_SHA256, /* 0x003D */
  362. "AES256-SHA256",
  363. CIPHER_STRONG_ENOUGH),
  364. /* Server-authenticated (and optionally client-authenticated)
  365. Diffie-Hellman. */
  366. CIPHER_DEF(TLS_DH_DSS_WITH_AES_128_CBC_SHA256, /* 0x003E */
  367. "DH-DSS-AES128-SHA256",
  368. CIPHER_STRONG_ENOUGH),
  369. CIPHER_DEF(TLS_DH_RSA_WITH_AES_128_CBC_SHA256, /* 0x003F */
  370. "DH-RSA-AES128-SHA256",
  371. CIPHER_STRONG_ENOUGH),
  372. CIPHER_DEF(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, /* 0x0040 */
  373. "DHE-DSS-AES128-SHA256",
  374. CIPHER_STRONG_ENOUGH),
  375. /* TLS 1.2 addenda, RFC 5246 */
  376. CIPHER_DEF(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, /* 0x0067 */
  377. "DHE-RSA-AES128-SHA256",
  378. CIPHER_STRONG_ENOUGH),
  379. CIPHER_DEF(TLS_DH_DSS_WITH_AES_256_CBC_SHA256, /* 0x0068 */
  380. "DH-DSS-AES256-SHA256",
  381. CIPHER_STRONG_ENOUGH),
  382. CIPHER_DEF(TLS_DH_RSA_WITH_AES_256_CBC_SHA256, /* 0x0069 */
  383. "DH-RSA-AES256-SHA256",
  384. CIPHER_STRONG_ENOUGH),
  385. CIPHER_DEF(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, /* 0x006A */
  386. "DHE-DSS-AES256-SHA256",
  387. CIPHER_STRONG_ENOUGH),
  388. CIPHER_DEF(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, /* 0x006B */
  389. "DHE-RSA-AES256-SHA256",
  390. CIPHER_STRONG_ENOUGH),
  391. CIPHER_DEF(TLS_DH_anon_WITH_AES_128_CBC_SHA256, /* 0x006C */
  392. "ADH-AES128-SHA256",
  393. CIPHER_WEAK_ANON_AUTH),
  394. CIPHER_DEF(TLS_DH_anon_WITH_AES_256_CBC_SHA256, /* 0x006D */
  395. "ADH-AES256-SHA256",
  396. CIPHER_WEAK_ANON_AUTH),
  397. #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
  398. #if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7
  399. /* Addendum from RFC 4279, TLS PSK */
  400. CIPHER_DEF(TLS_PSK_WITH_RC4_128_SHA, /* 0x008A */
  401. "PSK-RC4-SHA",
  402. CIPHER_WEAK_RC_ENCRYPTION),
  403. CIPHER_DEF(TLS_PSK_WITH_3DES_EDE_CBC_SHA, /* 0x008B */
  404. "PSK-3DES-EDE-CBC-SHA",
  405. CIPHER_WEAK_3DES_ENCRYPTION),
  406. CIPHER_DEF(TLS_PSK_WITH_AES_128_CBC_SHA, /* 0x008C */
  407. "PSK-AES128-CBC-SHA",
  408. CIPHER_STRONG_ENOUGH),
  409. CIPHER_DEF(TLS_PSK_WITH_AES_256_CBC_SHA, /* 0x008D */
  410. "PSK-AES256-CBC-SHA",
  411. CIPHER_STRONG_ENOUGH),
  412. CIPHER_DEF(TLS_DHE_PSK_WITH_RC4_128_SHA, /* 0x008E */
  413. "DHE-PSK-RC4-SHA",
  414. CIPHER_WEAK_RC_ENCRYPTION),
  415. CIPHER_DEF(TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, /* 0x008F */
  416. "DHE-PSK-3DES-EDE-CBC-SHA",
  417. CIPHER_WEAK_3DES_ENCRYPTION),
  418. CIPHER_DEF(TLS_DHE_PSK_WITH_AES_128_CBC_SHA, /* 0x0090 */
  419. "DHE-PSK-AES128-CBC-SHA",
  420. CIPHER_STRONG_ENOUGH),
  421. CIPHER_DEF(TLS_DHE_PSK_WITH_AES_256_CBC_SHA, /* 0x0091 */
  422. "DHE-PSK-AES256-CBC-SHA",
  423. CIPHER_STRONG_ENOUGH),
  424. CIPHER_DEF(TLS_RSA_PSK_WITH_RC4_128_SHA, /* 0x0092 */
  425. "RSA-PSK-RC4-SHA",
  426. CIPHER_WEAK_RC_ENCRYPTION),
  427. CIPHER_DEF(TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, /* 0x0093 */
  428. "RSA-PSK-3DES-EDE-CBC-SHA",
  429. CIPHER_WEAK_3DES_ENCRYPTION),
  430. CIPHER_DEF(TLS_RSA_PSK_WITH_AES_128_CBC_SHA, /* 0x0094 */
  431. "RSA-PSK-AES128-CBC-SHA",
  432. CIPHER_STRONG_ENOUGH),
  433. CIPHER_DEF(TLS_RSA_PSK_WITH_AES_256_CBC_SHA, /* 0x0095 */
  434. "RSA-PSK-AES256-CBC-SHA",
  435. CIPHER_STRONG_ENOUGH),
  436. #endif /* CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 */
  437. #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
  438. /* Addenda from rfc 5288 AES Galois Counter Mode (GCM) Cipher Suites
  439. for TLS. */
  440. CIPHER_DEF(TLS_RSA_WITH_AES_128_GCM_SHA256, /* 0x009C */
  441. "AES128-GCM-SHA256",
  442. CIPHER_STRONG_ENOUGH),
  443. CIPHER_DEF(TLS_RSA_WITH_AES_256_GCM_SHA384, /* 0x009D */
  444. "AES256-GCM-SHA384",
  445. CIPHER_STRONG_ENOUGH),
  446. CIPHER_DEF(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, /* 0x009E */
  447. "DHE-RSA-AES128-GCM-SHA256",
  448. CIPHER_STRONG_ENOUGH),
  449. CIPHER_DEF(TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, /* 0x009F */
  450. "DHE-RSA-AES256-GCM-SHA384",
  451. CIPHER_STRONG_ENOUGH),
  452. CIPHER_DEF(TLS_DH_RSA_WITH_AES_128_GCM_SHA256, /* 0x00A0 */
  453. "DH-RSA-AES128-GCM-SHA256",
  454. CIPHER_STRONG_ENOUGH),
  455. CIPHER_DEF(TLS_DH_RSA_WITH_AES_256_GCM_SHA384, /* 0x00A1 */
  456. "DH-RSA-AES256-GCM-SHA384",
  457. CIPHER_STRONG_ENOUGH),
  458. CIPHER_DEF(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, /* 0x00A2 */
  459. "DHE-DSS-AES128-GCM-SHA256",
  460. CIPHER_STRONG_ENOUGH),
  461. CIPHER_DEF(TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, /* 0x00A3 */
  462. "DHE-DSS-AES256-GCM-SHA384",
  463. CIPHER_STRONG_ENOUGH),
  464. CIPHER_DEF(TLS_DH_DSS_WITH_AES_128_GCM_SHA256, /* 0x00A4 */
  465. "DH-DSS-AES128-GCM-SHA256",
  466. CIPHER_STRONG_ENOUGH),
  467. CIPHER_DEF(TLS_DH_DSS_WITH_AES_256_GCM_SHA384, /* 0x00A5 */
  468. "DH-DSS-AES256-GCM-SHA384",
  469. CIPHER_STRONG_ENOUGH),
  470. CIPHER_DEF(TLS_DH_anon_WITH_AES_128_GCM_SHA256, /* 0x00A6 */
  471. "ADH-AES128-GCM-SHA256",
  472. CIPHER_WEAK_ANON_AUTH),
  473. CIPHER_DEF(TLS_DH_anon_WITH_AES_256_GCM_SHA384, /* 0x00A7 */
  474. "ADH-AES256-GCM-SHA384",
  475. CIPHER_WEAK_ANON_AUTH),
  476. #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
  477. #if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7
  478. /* RFC 5487 - PSK with SHA-256/384 and AES GCM */
  479. CIPHER_DEF(TLS_PSK_WITH_AES_128_GCM_SHA256, /* 0x00A8 */
  480. "PSK-AES128-GCM-SHA256",
  481. CIPHER_STRONG_ENOUGH),
  482. CIPHER_DEF(TLS_PSK_WITH_AES_256_GCM_SHA384, /* 0x00A9 */
  483. "PSK-AES256-GCM-SHA384",
  484. CIPHER_STRONG_ENOUGH),
  485. CIPHER_DEF(TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, /* 0x00AA */
  486. "DHE-PSK-AES128-GCM-SHA256",
  487. CIPHER_STRONG_ENOUGH),
  488. CIPHER_DEF(TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, /* 0x00AB */
  489. "DHE-PSK-AES256-GCM-SHA384",
  490. CIPHER_STRONG_ENOUGH),
  491. CIPHER_DEF(TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, /* 0x00AC */
  492. "RSA-PSK-AES128-GCM-SHA256",
  493. CIPHER_STRONG_ENOUGH),
  494. CIPHER_DEF(TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, /* 0x00AD */
  495. "RSA-PSK-AES256-GCM-SHA384",
  496. CIPHER_STRONG_ENOUGH),
  497. CIPHER_DEF(TLS_PSK_WITH_AES_128_CBC_SHA256, /* 0x00AE */
  498. "PSK-AES128-CBC-SHA256",
  499. CIPHER_STRONG_ENOUGH),
  500. CIPHER_DEF(TLS_PSK_WITH_AES_256_CBC_SHA384, /* 0x00AF */
  501. "PSK-AES256-CBC-SHA384",
  502. CIPHER_STRONG_ENOUGH),
  503. CIPHER_DEF(TLS_PSK_WITH_NULL_SHA256, /* 0x00B0 */
  504. "PSK-NULL-SHA256",
  505. CIPHER_WEAK_NOT_ENCRYPTED),
  506. CIPHER_DEF(TLS_PSK_WITH_NULL_SHA384, /* 0x00B1 */
  507. "PSK-NULL-SHA384",
  508. CIPHER_WEAK_NOT_ENCRYPTED),
  509. CIPHER_DEF(TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, /* 0x00B2 */
  510. "DHE-PSK-AES128-CBC-SHA256",
  511. CIPHER_STRONG_ENOUGH),
  512. CIPHER_DEF(TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, /* 0x00B3 */
  513. "DHE-PSK-AES256-CBC-SHA384",
  514. CIPHER_STRONG_ENOUGH),
  515. CIPHER_DEF(TLS_DHE_PSK_WITH_NULL_SHA256, /* 0x00B4 */
  516. "DHE-PSK-NULL-SHA256",
  517. CIPHER_WEAK_NOT_ENCRYPTED),
  518. CIPHER_DEF(TLS_DHE_PSK_WITH_NULL_SHA384, /* 0x00B5 */
  519. "DHE-PSK-NULL-SHA384",
  520. CIPHER_WEAK_NOT_ENCRYPTED),
  521. CIPHER_DEF(TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, /* 0x00B6 */
  522. "RSA-PSK-AES128-CBC-SHA256",
  523. CIPHER_STRONG_ENOUGH),
  524. CIPHER_DEF(TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, /* 0x00B7 */
  525. "RSA-PSK-AES256-CBC-SHA384",
  526. CIPHER_STRONG_ENOUGH),
  527. CIPHER_DEF(TLS_RSA_PSK_WITH_NULL_SHA256, /* 0x00B8 */
  528. "RSA-PSK-NULL-SHA256",
  529. CIPHER_WEAK_NOT_ENCRYPTED),
  530. CIPHER_DEF(TLS_RSA_PSK_WITH_NULL_SHA384, /* 0x00B9 */
  531. "RSA-PSK-NULL-SHA384",
  532. CIPHER_WEAK_NOT_ENCRYPTED),
  533. #endif /* CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 */
  534. /* RFC 5746 - Secure Renegotiation. This is not a real suite,
  535. it is a response to initiate negotiation again */
  536. CIPHER_DEF(TLS_EMPTY_RENEGOTIATION_INFO_SCSV, /* 0x00FF */
  537. NULL,
  538. CIPHER_STRONG_ENOUGH),
  539. #if CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11
  540. /* TLS 1.3 standard cipher suites for ChaCha20+Poly1305.
  541. Note: TLS 1.3 ciphersuites do not specify the key exchange
  542. algorithm -- they only specify the symmetric ciphers.
  543. Cipher alias name matches to OpenSSL cipher name, and for
  544. TLS 1.3 ciphers */
  545. CIPHER_DEF(TLS_AES_128_GCM_SHA256, /* 0x1301 */
  546. NULL, /* The OpenSSL cipher name matches to the IANA name */
  547. CIPHER_STRONG_ENOUGH),
  548. CIPHER_DEF(TLS_AES_256_GCM_SHA384, /* 0x1302 */
  549. NULL, /* The OpenSSL cipher name matches to the IANA name */
  550. CIPHER_STRONG_ENOUGH),
  551. CIPHER_DEF(TLS_CHACHA20_POLY1305_SHA256, /* 0x1303 */
  552. NULL, /* The OpenSSL cipher name matches to the IANA name */
  553. CIPHER_STRONG_ENOUGH),
  554. CIPHER_DEF(TLS_AES_128_CCM_SHA256, /* 0x1304 */
  555. NULL, /* The OpenSSL cipher name matches to the IANA name */
  556. CIPHER_STRONG_ENOUGH),
  557. CIPHER_DEF(TLS_AES_128_CCM_8_SHA256, /* 0x1305 */
  558. NULL, /* The OpenSSL cipher name matches to the IANA name */
  559. CIPHER_STRONG_ENOUGH),
  560. #endif /* CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11 */
  561. #if CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS
  562. /* ECDSA addenda, RFC 4492 */
  563. CIPHER_DEF(TLS_ECDH_ECDSA_WITH_NULL_SHA, /* 0xC001 */
  564. "ECDH-ECDSA-NULL-SHA",
  565. CIPHER_WEAK_NOT_ENCRYPTED),
  566. CIPHER_DEF(TLS_ECDH_ECDSA_WITH_RC4_128_SHA, /* 0xC002 */
  567. "ECDH-ECDSA-RC4-SHA",
  568. CIPHER_WEAK_RC_ENCRYPTION),
  569. CIPHER_DEF(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, /* 0xC003 */
  570. "ECDH-ECDSA-DES-CBC3-SHA",
  571. CIPHER_WEAK_3DES_ENCRYPTION),
  572. CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, /* 0xC004 */
  573. "ECDH-ECDSA-AES128-SHA",
  574. CIPHER_STRONG_ENOUGH),
  575. CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, /* 0xC005 */
  576. "ECDH-ECDSA-AES256-SHA",
  577. CIPHER_STRONG_ENOUGH),
  578. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_NULL_SHA, /* 0xC006 */
  579. "ECDHE-ECDSA-NULL-SHA",
  580. CIPHER_WEAK_NOT_ENCRYPTED),
  581. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, /* 0xC007 */
  582. "ECDHE-ECDSA-RC4-SHA",
  583. CIPHER_WEAK_RC_ENCRYPTION),
  584. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, /* 0xC008 */
  585. "ECDHE-ECDSA-DES-CBC3-SHA",
  586. CIPHER_WEAK_3DES_ENCRYPTION),
  587. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, /* 0xC009 */
  588. "ECDHE-ECDSA-AES128-SHA",
  589. CIPHER_STRONG_ENOUGH),
  590. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, /* 0xC00A */
  591. "ECDHE-ECDSA-AES256-SHA",
  592. CIPHER_STRONG_ENOUGH),
  593. CIPHER_DEF(TLS_ECDH_RSA_WITH_NULL_SHA, /* 0xC00B */
  594. "ECDH-RSA-NULL-SHA",
  595. CIPHER_WEAK_NOT_ENCRYPTED),
  596. CIPHER_DEF(TLS_ECDH_RSA_WITH_RC4_128_SHA, /* 0xC00C */
  597. "ECDH-RSA-RC4-SHA",
  598. CIPHER_WEAK_RC_ENCRYPTION),
  599. CIPHER_DEF(TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, /* 0xC00D */
  600. "ECDH-RSA-DES-CBC3-SHA",
  601. CIPHER_WEAK_3DES_ENCRYPTION),
  602. CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, /* 0xC00E */
  603. "ECDH-RSA-AES128-SHA",
  604. CIPHER_STRONG_ENOUGH),
  605. CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, /* 0xC00F */
  606. "ECDH-RSA-AES256-SHA",
  607. CIPHER_STRONG_ENOUGH),
  608. CIPHER_DEF(TLS_ECDHE_RSA_WITH_NULL_SHA, /* 0xC010 */
  609. "ECDHE-RSA-NULL-SHA",
  610. CIPHER_WEAK_NOT_ENCRYPTED),
  611. CIPHER_DEF(TLS_ECDHE_RSA_WITH_RC4_128_SHA, /* 0xC011 */
  612. "ECDHE-RSA-RC4-SHA",
  613. CIPHER_WEAK_RC_ENCRYPTION),
  614. CIPHER_DEF(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, /* 0xC012 */
  615. "ECDHE-RSA-DES-CBC3-SHA",
  616. CIPHER_WEAK_3DES_ENCRYPTION),
  617. CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, /* 0xC013 */
  618. "ECDHE-RSA-AES128-SHA",
  619. CIPHER_STRONG_ENOUGH),
  620. CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, /* 0xC014 */
  621. "ECDHE-RSA-AES256-SHA",
  622. CIPHER_STRONG_ENOUGH),
  623. CIPHER_DEF(TLS_ECDH_anon_WITH_NULL_SHA, /* 0xC015 */
  624. "AECDH-NULL-SHA",
  625. CIPHER_WEAK_ANON_AUTH),
  626. CIPHER_DEF(TLS_ECDH_anon_WITH_RC4_128_SHA, /* 0xC016 */
  627. "AECDH-RC4-SHA",
  628. CIPHER_WEAK_ANON_AUTH),
  629. CIPHER_DEF(TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, /* 0xC017 */
  630. "AECDH-DES-CBC3-SHA",
  631. CIPHER_WEAK_3DES_ENCRYPTION),
  632. CIPHER_DEF(TLS_ECDH_anon_WITH_AES_128_CBC_SHA, /* 0xC018 */
  633. "AECDH-AES128-SHA",
  634. CIPHER_WEAK_ANON_AUTH),
  635. CIPHER_DEF(TLS_ECDH_anon_WITH_AES_256_CBC_SHA, /* 0xC019 */
  636. "AECDH-AES256-SHA",
  637. CIPHER_WEAK_ANON_AUTH),
  638. #endif /* CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS */
  639. #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
  640. /* Addenda from rfc 5289 Elliptic Curve Cipher Suites with
  641. HMAC SHA-256/384. */
  642. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, /* 0xC023 */
  643. "ECDHE-ECDSA-AES128-SHA256",
  644. CIPHER_STRONG_ENOUGH),
  645. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, /* 0xC024 */
  646. "ECDHE-ECDSA-AES256-SHA384",
  647. CIPHER_STRONG_ENOUGH),
  648. CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, /* 0xC025 */
  649. "ECDH-ECDSA-AES128-SHA256",
  650. CIPHER_STRONG_ENOUGH),
  651. CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, /* 0xC026 */
  652. "ECDH-ECDSA-AES256-SHA384",
  653. CIPHER_STRONG_ENOUGH),
  654. CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, /* 0xC027 */
  655. "ECDHE-RSA-AES128-SHA256",
  656. CIPHER_STRONG_ENOUGH),
  657. CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, /* 0xC028 */
  658. "ECDHE-RSA-AES256-SHA384",
  659. CIPHER_STRONG_ENOUGH),
  660. CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, /* 0xC029 */
  661. "ECDH-RSA-AES128-SHA256",
  662. CIPHER_STRONG_ENOUGH),
  663. CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, /* 0xC02A */
  664. "ECDH-RSA-AES256-SHA384",
  665. CIPHER_STRONG_ENOUGH),
  666. /* Addenda from rfc 5289 Elliptic Curve Cipher Suites with
  667. SHA-256/384 and AES Galois Counter Mode (GCM) */
  668. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, /* 0xC02B */
  669. "ECDHE-ECDSA-AES128-GCM-SHA256",
  670. CIPHER_STRONG_ENOUGH),
  671. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, /* 0xC02C */
  672. "ECDHE-ECDSA-AES256-GCM-SHA384",
  673. CIPHER_STRONG_ENOUGH),
  674. CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, /* 0xC02D */
  675. "ECDH-ECDSA-AES128-GCM-SHA256",
  676. CIPHER_STRONG_ENOUGH),
  677. CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, /* 0xC02E */
  678. "ECDH-ECDSA-AES256-GCM-SHA384",
  679. CIPHER_STRONG_ENOUGH),
  680. CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, /* 0xC02F */
  681. "ECDHE-RSA-AES128-GCM-SHA256",
  682. CIPHER_STRONG_ENOUGH),
  683. CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, /* 0xC030 */
  684. "ECDHE-RSA-AES256-GCM-SHA384",
  685. CIPHER_STRONG_ENOUGH),
  686. CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, /* 0xC031 */
  687. "ECDH-RSA-AES128-GCM-SHA256",
  688. CIPHER_STRONG_ENOUGH),
  689. CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, /* 0xC032 */
  690. "ECDH-RSA-AES256-GCM-SHA384",
  691. CIPHER_STRONG_ENOUGH),
  692. #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
  693. #if CURL_BUILD_MAC_10_15 || CURL_BUILD_IOS_13
  694. /* ECDHE_PSK Cipher Suites for Transport Layer Security (TLS), RFC 5489 */
  695. CIPHER_DEF(TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, /* 0xC035 */
  696. "ECDHE-PSK-AES128-CBC-SHA",
  697. CIPHER_STRONG_ENOUGH),
  698. CIPHER_DEF(TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, /* 0xC036 */
  699. "ECDHE-PSK-AES256-CBC-SHA",
  700. CIPHER_STRONG_ENOUGH),
  701. #endif /* CURL_BUILD_MAC_10_15 || CURL_BUILD_IOS_13 */
  702. #if CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11
  703. /* Addenda from rfc 7905 ChaCha20-Poly1305 Cipher Suites for
  704. Transport Layer Security (TLS). */
  705. CIPHER_DEF(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA8 */
  706. "ECDHE-RSA-CHACHA20-POLY1305",
  707. CIPHER_STRONG_ENOUGH),
  708. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA9 */
  709. "ECDHE-ECDSA-CHACHA20-POLY1305",
  710. CIPHER_STRONG_ENOUGH),
  711. #endif /* CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11 */
  712. #if CURL_BUILD_MAC_10_15 || CURL_BUILD_IOS_13
  713. /* ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS),
  714. RFC 7905 */
  715. CIPHER_DEF(TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCAB */
  716. "PSK-CHACHA20-POLY1305",
  717. CIPHER_STRONG_ENOUGH),
  718. #endif /* CURL_BUILD_MAC_10_15 || CURL_BUILD_IOS_13 */
  719. /* Tags for SSL 2 cipher kinds which are not specified for SSL 3.
  720. Defined since SDK 10.2.8 */
  721. CIPHER_DEF(SSL_RSA_WITH_RC2_CBC_MD5, /* 0xFF80 */
  722. NULL,
  723. CIPHER_WEAK_RC_ENCRYPTION),
  724. CIPHER_DEF(SSL_RSA_WITH_IDEA_CBC_MD5, /* 0xFF81 */
  725. NULL,
  726. CIPHER_WEAK_IDEA_ENCRYPTION),
  727. CIPHER_DEF(SSL_RSA_WITH_DES_CBC_MD5, /* 0xFF82 */
  728. NULL,
  729. CIPHER_WEAK_DES_ENCRYPTION),
  730. CIPHER_DEF(SSL_RSA_WITH_3DES_EDE_CBC_MD5, /* 0xFF83 */
  731. NULL,
  732. CIPHER_WEAK_3DES_ENCRYPTION),
  733. };
  734. #define NUM_OF_CIPHERS sizeof(ciphertable)/sizeof(ciphertable[0])
  735. /* pinned public key support tests */
  736. /* version 1 supports macOS 10.12+ and iOS 10+ */
  737. #if ((TARGET_OS_IPHONE && __IPHONE_OS_VERSION_MIN_REQUIRED >= 100000) || \
  738. (!TARGET_OS_IPHONE && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101200))
  739. #define SECTRANSP_PINNEDPUBKEY_V1 1
  740. #endif
  741. /* version 2 supports MacOSX 10.7+ */
  742. #if (!TARGET_OS_IPHONE && __MAC_OS_X_VERSION_MIN_REQUIRED >= 1070)
  743. #define SECTRANSP_PINNEDPUBKEY_V2 1
  744. #endif
  745. #if defined(SECTRANSP_PINNEDPUBKEY_V1) || defined(SECTRANSP_PINNEDPUBKEY_V2)
  746. /* this backend supports CURLOPT_PINNEDPUBLICKEY */
  747. #define SECTRANSP_PINNEDPUBKEY 1
  748. #endif /* SECTRANSP_PINNEDPUBKEY */
  749. #ifdef SECTRANSP_PINNEDPUBKEY
  750. /* both new and old APIs return rsa keys missing the spki header (not DER) */
  751. static const unsigned char rsa4096SpkiHeader[] = {
  752. 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d,
  753. 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
  754. 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
  755. 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00};
  756. static const unsigned char rsa2048SpkiHeader[] = {
  757. 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d,
  758. 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
  759. 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
  760. 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00};
  761. #ifdef SECTRANSP_PINNEDPUBKEY_V1
  762. /* the *new* version doesn't return DER encoded ecdsa certs like the old... */
  763. static const unsigned char ecDsaSecp256r1SpkiHeader[] = {
  764. 0x30, 0x59, 0x30, 0x13, 0x06, 0x07,
  765. 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
  766. 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48,
  767. 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
  768. 0x42, 0x00};
  769. static const unsigned char ecDsaSecp384r1SpkiHeader[] = {
  770. 0x30, 0x76, 0x30, 0x10, 0x06, 0x07,
  771. 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
  772. 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04,
  773. 0x00, 0x22, 0x03, 0x62, 0x00};
  774. #endif /* SECTRANSP_PINNEDPUBKEY_V1 */
  775. #endif /* SECTRANSP_PINNEDPUBKEY */
  776. /* The following two functions were ripped from Apple sample code,
  777. * with some modifications: */
  778. static OSStatus SocketRead(SSLConnectionRef connection,
  779. void *data, /* owned by
  780. * caller, data
  781. * RETURNED */
  782. size_t *dataLength) /* IN/OUT */
  783. {
  784. size_t bytesToGo = *dataLength;
  785. size_t initLen = bytesToGo;
  786. UInt8 *currData = (UInt8 *)data;
  787. /*int sock = *(int *)connection;*/
  788. struct ssl_connect_data *connssl = (struct ssl_connect_data *)connection;
  789. struct ssl_backend_data *backend = connssl->backend;
  790. int sock;
  791. OSStatus rtn = noErr;
  792. size_t bytesRead;
  793. ssize_t rrtn;
  794. int theErr;
  795. DEBUGASSERT(backend);
  796. sock = backend->ssl_sockfd;
  797. *dataLength = 0;
  798. for(;;) {
  799. bytesRead = 0;
  800. rrtn = read(sock, currData, bytesToGo);
  801. if(rrtn <= 0) {
  802. /* this is guesswork... */
  803. theErr = errno;
  804. if(rrtn == 0) { /* EOF = server hung up */
  805. /* the framework will turn this into errSSLClosedNoNotify */
  806. rtn = errSSLClosedGraceful;
  807. }
  808. else /* do the switch */
  809. switch(theErr) {
  810. case ENOENT:
  811. /* connection closed */
  812. rtn = errSSLClosedGraceful;
  813. break;
  814. case ECONNRESET:
  815. rtn = errSSLClosedAbort;
  816. break;
  817. case EAGAIN:
  818. rtn = errSSLWouldBlock;
  819. backend->ssl_direction = false;
  820. break;
  821. default:
  822. rtn = ioErr;
  823. break;
  824. }
  825. break;
  826. }
  827. else {
  828. bytesRead = rrtn;
  829. }
  830. bytesToGo -= bytesRead;
  831. currData += bytesRead;
  832. if(bytesToGo == 0) {
  833. /* filled buffer with incoming data, done */
  834. break;
  835. }
  836. }
  837. *dataLength = initLen - bytesToGo;
  838. return rtn;
  839. }
  840. static OSStatus SocketWrite(SSLConnectionRef connection,
  841. const void *data,
  842. size_t *dataLength) /* IN/OUT */
  843. {
  844. size_t bytesSent = 0;
  845. /*int sock = *(int *)connection;*/
  846. struct ssl_connect_data *connssl = (struct ssl_connect_data *)connection;
  847. struct ssl_backend_data *backend = connssl->backend;
  848. int sock;
  849. ssize_t length;
  850. size_t dataLen = *dataLength;
  851. const UInt8 *dataPtr = (UInt8 *)data;
  852. OSStatus ortn;
  853. int theErr;
  854. DEBUGASSERT(backend);
  855. sock = backend->ssl_sockfd;
  856. *dataLength = 0;
  857. do {
  858. length = write(sock,
  859. (char *)dataPtr + bytesSent,
  860. dataLen - bytesSent);
  861. } while((length > 0) &&
  862. ( (bytesSent += length) < dataLen) );
  863. if(length <= 0) {
  864. theErr = errno;
  865. if(theErr == EAGAIN) {
  866. ortn = errSSLWouldBlock;
  867. backend->ssl_direction = true;
  868. }
  869. else {
  870. ortn = ioErr;
  871. }
  872. }
  873. else {
  874. ortn = noErr;
  875. }
  876. *dataLength = bytesSent;
  877. return ortn;
  878. }
  879. #ifndef CURL_DISABLE_VERBOSE_STRINGS
  880. CF_INLINE const char *TLSCipherNameForNumber(SSLCipherSuite cipher)
  881. {
  882. /* The first ciphers in the ciphertable are continuous. Here we do small
  883. optimization and instead of loop directly get SSL name by cipher number.
  884. */
  885. if(cipher <= SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA) {
  886. return ciphertable[cipher].name;
  887. }
  888. /* Iterate through the rest of the ciphers */
  889. for(size_t i = SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA + 1;
  890. i < NUM_OF_CIPHERS;
  891. ++i) {
  892. if(ciphertable[i].num == cipher) {
  893. return ciphertable[i].name;
  894. }
  895. }
  896. return ciphertable[SSL_NULL_WITH_NULL_NULL].name;
  897. }
  898. #endif /* !CURL_DISABLE_VERBOSE_STRINGS */
  899. #if CURL_BUILD_MAC
  900. CF_INLINE void GetDarwinVersionNumber(int *major, int *minor)
  901. {
  902. int mib[2];
  903. char *os_version;
  904. size_t os_version_len;
  905. char *os_version_major, *os_version_minor;
  906. char *tok_buf;
  907. /* Get the Darwin kernel version from the kernel using sysctl(): */
  908. mib[0] = CTL_KERN;
  909. mib[1] = KERN_OSRELEASE;
  910. if(sysctl(mib, 2, NULL, &os_version_len, NULL, 0) == -1)
  911. return;
  912. os_version = malloc(os_version_len*sizeof(char));
  913. if(!os_version)
  914. return;
  915. if(sysctl(mib, 2, os_version, &os_version_len, NULL, 0) == -1) {
  916. free(os_version);
  917. return;
  918. }
  919. /* Parse the version: */
  920. os_version_major = strtok_r(os_version, ".", &tok_buf);
  921. os_version_minor = strtok_r(NULL, ".", &tok_buf);
  922. *major = atoi(os_version_major);
  923. *minor = atoi(os_version_minor);
  924. free(os_version);
  925. }
  926. #endif /* CURL_BUILD_MAC */
  927. /* Apple provides a myriad of ways of getting information about a certificate
  928. into a string. Some aren't available under iOS or newer cats. So here's
  929. a unified function for getting a string describing the certificate that
  930. ought to work in all cats starting with Leopard. */
  931. CF_INLINE CFStringRef getsubject(SecCertificateRef cert)
  932. {
  933. CFStringRef server_cert_summary = CFSTR("(null)");
  934. #if CURL_BUILD_IOS
  935. /* iOS: There's only one way to do this. */
  936. server_cert_summary = SecCertificateCopySubjectSummary(cert);
  937. #else
  938. #if CURL_BUILD_MAC_10_7
  939. /* Lion & later: Get the long description if we can. */
  940. if(SecCertificateCopyLongDescription)
  941. server_cert_summary =
  942. SecCertificateCopyLongDescription(NULL, cert, NULL);
  943. else
  944. #endif /* CURL_BUILD_MAC_10_7 */
  945. #if CURL_BUILD_MAC_10_6
  946. /* Snow Leopard: Get the certificate summary. */
  947. if(SecCertificateCopySubjectSummary)
  948. server_cert_summary = SecCertificateCopySubjectSummary(cert);
  949. else
  950. #endif /* CURL_BUILD_MAC_10_6 */
  951. /* Leopard is as far back as we go... */
  952. (void)SecCertificateCopyCommonName(cert, &server_cert_summary);
  953. #endif /* CURL_BUILD_IOS */
  954. return server_cert_summary;
  955. }
  956. static CURLcode CopyCertSubject(struct Curl_easy *data,
  957. SecCertificateRef cert, char **certp)
  958. {
  959. CFStringRef c = getsubject(cert);
  960. CURLcode result = CURLE_OK;
  961. const char *direct;
  962. char *cbuf = NULL;
  963. *certp = NULL;
  964. if(!c) {
  965. failf(data, "SSL: invalid CA certificate subject");
  966. return CURLE_PEER_FAILED_VERIFICATION;
  967. }
  968. /* If the subject is already available as UTF-8 encoded (ie 'direct') then
  969. use that, else convert it. */
  970. direct = CFStringGetCStringPtr(c, kCFStringEncodingUTF8);
  971. if(direct) {
  972. *certp = strdup(direct);
  973. if(!*certp) {
  974. failf(data, "SSL: out of memory");
  975. result = CURLE_OUT_OF_MEMORY;
  976. }
  977. }
  978. else {
  979. size_t cbuf_size = ((size_t)CFStringGetLength(c) * 4) + 1;
  980. cbuf = calloc(cbuf_size, 1);
  981. if(cbuf) {
  982. if(!CFStringGetCString(c, cbuf, cbuf_size,
  983. kCFStringEncodingUTF8)) {
  984. failf(data, "SSL: invalid CA certificate subject");
  985. result = CURLE_PEER_FAILED_VERIFICATION;
  986. }
  987. else
  988. /* pass back the buffer */
  989. *certp = cbuf;
  990. }
  991. else {
  992. failf(data, "SSL: couldn't allocate %zu bytes of memory", cbuf_size);
  993. result = CURLE_OUT_OF_MEMORY;
  994. }
  995. }
  996. if(result)
  997. free(cbuf);
  998. CFRelease(c);
  999. return result;
  1000. }
  1001. #if CURL_SUPPORT_MAC_10_6
  1002. /* The SecKeychainSearch API was deprecated in Lion, and using it will raise
  1003. deprecation warnings, so let's not compile this unless it's necessary: */
  1004. static OSStatus CopyIdentityWithLabelOldSchool(char *label,
  1005. SecIdentityRef *out_c_a_k)
  1006. {
  1007. OSStatus status = errSecItemNotFound;
  1008. SecKeychainAttributeList attr_list;
  1009. SecKeychainAttribute attr;
  1010. SecKeychainSearchRef search = NULL;
  1011. SecCertificateRef cert = NULL;
  1012. /* Set up the attribute list: */
  1013. attr_list.count = 1L;
  1014. attr_list.attr = &attr;
  1015. /* Set up our lone search criterion: */
  1016. attr.tag = kSecLabelItemAttr;
  1017. attr.data = label;
  1018. attr.length = (UInt32)strlen(label);
  1019. /* Start searching: */
  1020. status = SecKeychainSearchCreateFromAttributes(NULL,
  1021. kSecCertificateItemClass,
  1022. &attr_list,
  1023. &search);
  1024. if(status == noErr) {
  1025. status = SecKeychainSearchCopyNext(search,
  1026. (SecKeychainItemRef *)&cert);
  1027. if(status == noErr && cert) {
  1028. /* If we found a certificate, does it have a private key? */
  1029. status = SecIdentityCreateWithCertificate(NULL, cert, out_c_a_k);
  1030. CFRelease(cert);
  1031. }
  1032. }
  1033. if(search)
  1034. CFRelease(search);
  1035. return status;
  1036. }
  1037. #endif /* CURL_SUPPORT_MAC_10_6 */
  1038. static OSStatus CopyIdentityWithLabel(char *label,
  1039. SecIdentityRef *out_cert_and_key)
  1040. {
  1041. OSStatus status = errSecItemNotFound;
  1042. #if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS
  1043. CFArrayRef keys_list;
  1044. CFIndex keys_list_count;
  1045. CFIndex i;
  1046. CFStringRef common_name;
  1047. /* SecItemCopyMatching() was introduced in iOS and Snow Leopard.
  1048. kSecClassIdentity was introduced in Lion. If both exist, let's use them
  1049. to find the certificate. */
  1050. if(SecItemCopyMatching && kSecClassIdentity) {
  1051. CFTypeRef keys[5];
  1052. CFTypeRef values[5];
  1053. CFDictionaryRef query_dict;
  1054. CFStringRef label_cf = CFStringCreateWithCString(NULL, label,
  1055. kCFStringEncodingUTF8);
  1056. /* Set up our search criteria and expected results: */
  1057. values[0] = kSecClassIdentity; /* we want a certificate and a key */
  1058. keys[0] = kSecClass;
  1059. values[1] = kCFBooleanTrue; /* we want a reference */
  1060. keys[1] = kSecReturnRef;
  1061. values[2] = kSecMatchLimitAll; /* kSecMatchLimitOne would be better if the
  1062. * label matching below worked correctly */
  1063. keys[2] = kSecMatchLimit;
  1064. /* identity searches need a SecPolicyRef in order to work */
  1065. values[3] = SecPolicyCreateSSL(false, NULL);
  1066. keys[3] = kSecMatchPolicy;
  1067. /* match the name of the certificate (doesn't work in macOS 10.12.1) */
  1068. values[4] = label_cf;
  1069. keys[4] = kSecAttrLabel;
  1070. query_dict = CFDictionaryCreate(NULL, (const void **)keys,
  1071. (const void **)values, 5L,
  1072. &kCFCopyStringDictionaryKeyCallBacks,
  1073. &kCFTypeDictionaryValueCallBacks);
  1074. CFRelease(values[3]);
  1075. /* Do we have a match? */
  1076. status = SecItemCopyMatching(query_dict, (CFTypeRef *) &keys_list);
  1077. /* Because kSecAttrLabel matching doesn't work with kSecClassIdentity,
  1078. * we need to find the correct identity ourselves */
  1079. if(status == noErr) {
  1080. keys_list_count = CFArrayGetCount(keys_list);
  1081. *out_cert_and_key = NULL;
  1082. status = 1;
  1083. for(i = 0; i<keys_list_count; i++) {
  1084. OSStatus err = noErr;
  1085. SecCertificateRef cert = NULL;
  1086. SecIdentityRef identity =
  1087. (SecIdentityRef) CFArrayGetValueAtIndex(keys_list, i);
  1088. err = SecIdentityCopyCertificate(identity, &cert);
  1089. if(err == noErr) {
  1090. OSStatus copy_status = noErr;
  1091. #if CURL_BUILD_IOS
  1092. common_name = SecCertificateCopySubjectSummary(cert);
  1093. #elif CURL_BUILD_MAC_10_7
  1094. copy_status = SecCertificateCopyCommonName(cert, &common_name);
  1095. #endif
  1096. if(copy_status == noErr &&
  1097. CFStringCompare(common_name, label_cf, 0) == kCFCompareEqualTo) {
  1098. CFRelease(cert);
  1099. CFRelease(common_name);
  1100. CFRetain(identity);
  1101. *out_cert_and_key = identity;
  1102. status = noErr;
  1103. break;
  1104. }
  1105. CFRelease(common_name);
  1106. }
  1107. CFRelease(cert);
  1108. }
  1109. }
  1110. if(keys_list)
  1111. CFRelease(keys_list);
  1112. CFRelease(query_dict);
  1113. CFRelease(label_cf);
  1114. }
  1115. else {
  1116. #if CURL_SUPPORT_MAC_10_6
  1117. /* On Leopard and Snow Leopard, fall back to SecKeychainSearch. */
  1118. status = CopyIdentityWithLabelOldSchool(label, out_cert_and_key);
  1119. #endif /* CURL_SUPPORT_MAC_10_6 */
  1120. }
  1121. #elif CURL_SUPPORT_MAC_10_6
  1122. /* For developers building on older cats, we have no choice but to fall back
  1123. to SecKeychainSearch. */
  1124. status = CopyIdentityWithLabelOldSchool(label, out_cert_and_key);
  1125. #endif /* CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS */
  1126. return status;
  1127. }
  1128. static OSStatus CopyIdentityFromPKCS12File(const char *cPath,
  1129. const struct curl_blob *blob,
  1130. const char *cPassword,
  1131. SecIdentityRef *out_cert_and_key)
  1132. {
  1133. OSStatus status = errSecItemNotFound;
  1134. CFURLRef pkcs_url = NULL;
  1135. CFStringRef password = cPassword ? CFStringCreateWithCString(NULL,
  1136. cPassword, kCFStringEncodingUTF8) : NULL;
  1137. CFDataRef pkcs_data = NULL;
  1138. /* We can import P12 files on iOS or OS X 10.7 or later: */
  1139. /* These constants are documented as having first appeared in 10.6 but they
  1140. raise linker errors when used on that cat for some reason. */
  1141. #if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS
  1142. bool resource_imported;
  1143. if(blob) {
  1144. pkcs_data = CFDataCreate(kCFAllocatorDefault,
  1145. (const unsigned char *)blob->data, blob->len);
  1146. status = (pkcs_data != NULL) ? errSecSuccess : errSecAllocate;
  1147. resource_imported = (pkcs_data != NULL);
  1148. }
  1149. else {
  1150. pkcs_url =
  1151. CFURLCreateFromFileSystemRepresentation(NULL,
  1152. (const UInt8 *)cPath,
  1153. strlen(cPath), false);
  1154. resource_imported =
  1155. CFURLCreateDataAndPropertiesFromResource(NULL,
  1156. pkcs_url, &pkcs_data,
  1157. NULL, NULL, &status);
  1158. }
  1159. if(resource_imported) {
  1160. CFArrayRef items = NULL;
  1161. /* On iOS SecPKCS12Import will never add the client certificate to the
  1162. * Keychain.
  1163. *
  1164. * It gives us back a SecIdentityRef that we can use directly. */
  1165. #if CURL_BUILD_IOS
  1166. const void *cKeys[] = {kSecImportExportPassphrase};
  1167. const void *cValues[] = {password};
  1168. CFDictionaryRef options = CFDictionaryCreate(NULL, cKeys, cValues,
  1169. password ? 1L : 0L, NULL, NULL);
  1170. if(options) {
  1171. status = SecPKCS12Import(pkcs_data, options, &items);
  1172. CFRelease(options);
  1173. }
  1174. /* On macOS SecPKCS12Import will always add the client certificate to
  1175. * the Keychain.
  1176. *
  1177. * As this doesn't match iOS, and apps may not want to see their client
  1178. * certificate saved in the user's keychain, we use SecItemImport
  1179. * with a NULL keychain to avoid importing it.
  1180. *
  1181. * This returns a SecCertificateRef from which we can construct a
  1182. * SecIdentityRef.
  1183. */
  1184. #elif CURL_BUILD_MAC_10_7
  1185. SecItemImportExportKeyParameters keyParams;
  1186. SecExternalFormat inputFormat = kSecFormatPKCS12;
  1187. SecExternalItemType inputType = kSecItemTypeCertificate;
  1188. memset(&keyParams, 0x00, sizeof(keyParams));
  1189. keyParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION;
  1190. keyParams.passphrase = password;
  1191. status = SecItemImport(pkcs_data, NULL, &inputFormat, &inputType,
  1192. 0, &keyParams, NULL, &items);
  1193. #endif
  1194. /* Extract the SecIdentityRef */
  1195. if(status == errSecSuccess && items && CFArrayGetCount(items)) {
  1196. CFIndex i, count;
  1197. count = CFArrayGetCount(items);
  1198. for(i = 0; i < count; i++) {
  1199. CFTypeRef item = (CFTypeRef) CFArrayGetValueAtIndex(items, i);
  1200. CFTypeID itemID = CFGetTypeID(item);
  1201. if(itemID == CFDictionaryGetTypeID()) {
  1202. CFTypeRef identity = (CFTypeRef) CFDictionaryGetValue(
  1203. (CFDictionaryRef) item,
  1204. kSecImportItemIdentity);
  1205. CFRetain(identity);
  1206. *out_cert_and_key = (SecIdentityRef) identity;
  1207. break;
  1208. }
  1209. #if CURL_BUILD_MAC_10_7
  1210. else if(itemID == SecCertificateGetTypeID()) {
  1211. status = SecIdentityCreateWithCertificate(NULL,
  1212. (SecCertificateRef) item,
  1213. out_cert_and_key);
  1214. break;
  1215. }
  1216. #endif
  1217. }
  1218. }
  1219. if(items)
  1220. CFRelease(items);
  1221. CFRelease(pkcs_data);
  1222. }
  1223. #endif /* CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS */
  1224. if(password)
  1225. CFRelease(password);
  1226. if(pkcs_url)
  1227. CFRelease(pkcs_url);
  1228. return status;
  1229. }
  1230. /* This code was borrowed from nss.c, with some modifications:
  1231. * Determine whether the nickname passed in is a filename that needs to
  1232. * be loaded as a PEM or a regular NSS nickname.
  1233. *
  1234. * returns 1 for a file
  1235. * returns 0 for not a file
  1236. */
  1237. CF_INLINE bool is_file(const char *filename)
  1238. {
  1239. struct_stat st;
  1240. if(!filename)
  1241. return false;
  1242. if(stat(filename, &st) == 0)
  1243. return S_ISREG(st.st_mode);
  1244. return false;
  1245. }
  1246. #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
  1247. static CURLcode sectransp_version_from_curl(SSLProtocol *darwinver,
  1248. long ssl_version)
  1249. {
  1250. switch(ssl_version) {
  1251. case CURL_SSLVERSION_TLSv1_0:
  1252. *darwinver = kTLSProtocol1;
  1253. return CURLE_OK;
  1254. case CURL_SSLVERSION_TLSv1_1:
  1255. *darwinver = kTLSProtocol11;
  1256. return CURLE_OK;
  1257. case CURL_SSLVERSION_TLSv1_2:
  1258. *darwinver = kTLSProtocol12;
  1259. return CURLE_OK;
  1260. case CURL_SSLVERSION_TLSv1_3:
  1261. /* TLS 1.3 support first appeared in iOS 11 and macOS 10.13 */
  1262. #if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILABLE == 1
  1263. if(__builtin_available(macOS 10.13, iOS 11.0, *)) {
  1264. *darwinver = kTLSProtocol13;
  1265. return CURLE_OK;
  1266. }
  1267. #endif /* (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) &&
  1268. HAVE_BUILTIN_AVAILABLE == 1 */
  1269. break;
  1270. }
  1271. return CURLE_SSL_CONNECT_ERROR;
  1272. }
  1273. #endif
  1274. static CURLcode
  1275. set_ssl_version_min_max(struct Curl_easy *data, struct connectdata *conn,
  1276. int sockindex)
  1277. {
  1278. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  1279. struct ssl_backend_data *backend = connssl->backend;
  1280. long ssl_version = SSL_CONN_CONFIG(version);
  1281. long ssl_version_max = SSL_CONN_CONFIG(version_max);
  1282. long max_supported_version_by_os;
  1283. DEBUGASSERT(backend);
  1284. /* macOS 10.5-10.7 supported TLS 1.0 only.
  1285. macOS 10.8 and later, and iOS 5 and later, added TLS 1.1 and 1.2.
  1286. macOS 10.13 and later, and iOS 11 and later, added TLS 1.3. */
  1287. #if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILABLE == 1
  1288. if(__builtin_available(macOS 10.13, iOS 11.0, *)) {
  1289. max_supported_version_by_os = CURL_SSLVERSION_MAX_TLSv1_3;
  1290. }
  1291. else {
  1292. max_supported_version_by_os = CURL_SSLVERSION_MAX_TLSv1_2;
  1293. }
  1294. #else
  1295. max_supported_version_by_os = CURL_SSLVERSION_MAX_TLSv1_2;
  1296. #endif /* (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) &&
  1297. HAVE_BUILTIN_AVAILABLE == 1 */
  1298. switch(ssl_version) {
  1299. case CURL_SSLVERSION_DEFAULT:
  1300. case CURL_SSLVERSION_TLSv1:
  1301. ssl_version = CURL_SSLVERSION_TLSv1_0;
  1302. break;
  1303. }
  1304. switch(ssl_version_max) {
  1305. case CURL_SSLVERSION_MAX_NONE:
  1306. case CURL_SSLVERSION_MAX_DEFAULT:
  1307. ssl_version_max = max_supported_version_by_os;
  1308. break;
  1309. }
  1310. #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
  1311. if(SSLSetProtocolVersionMax) {
  1312. SSLProtocol darwin_ver_min = kTLSProtocol1;
  1313. SSLProtocol darwin_ver_max = kTLSProtocol1;
  1314. CURLcode result = sectransp_version_from_curl(&darwin_ver_min,
  1315. ssl_version);
  1316. if(result) {
  1317. failf(data, "unsupported min version passed via CURLOPT_SSLVERSION");
  1318. return result;
  1319. }
  1320. result = sectransp_version_from_curl(&darwin_ver_max,
  1321. ssl_version_max >> 16);
  1322. if(result) {
  1323. failf(data, "unsupported max version passed via CURLOPT_SSLVERSION");
  1324. return result;
  1325. }
  1326. (void)SSLSetProtocolVersionMin(backend->ssl_ctx, darwin_ver_min);
  1327. (void)SSLSetProtocolVersionMax(backend->ssl_ctx, darwin_ver_max);
  1328. return result;
  1329. }
  1330. else {
  1331. #if CURL_SUPPORT_MAC_10_8
  1332. long i = ssl_version;
  1333. (void)SSLSetProtocolVersionEnabled(backend->ssl_ctx,
  1334. kSSLProtocolAll,
  1335. false);
  1336. for(; i <= (ssl_version_max >> 16); i++) {
  1337. switch(i) {
  1338. case CURL_SSLVERSION_TLSv1_0:
  1339. (void)SSLSetProtocolVersionEnabled(backend->ssl_ctx,
  1340. kTLSProtocol1,
  1341. true);
  1342. break;
  1343. case CURL_SSLVERSION_TLSv1_1:
  1344. (void)SSLSetProtocolVersionEnabled(backend->ssl_ctx,
  1345. kTLSProtocol11,
  1346. true);
  1347. break;
  1348. case CURL_SSLVERSION_TLSv1_2:
  1349. (void)SSLSetProtocolVersionEnabled(backend->ssl_ctx,
  1350. kTLSProtocol12,
  1351. true);
  1352. break;
  1353. case CURL_SSLVERSION_TLSv1_3:
  1354. failf(data, "Your version of the OS does not support TLSv1.3");
  1355. return CURLE_SSL_CONNECT_ERROR;
  1356. }
  1357. }
  1358. return CURLE_OK;
  1359. #endif /* CURL_SUPPORT_MAC_10_8 */
  1360. }
  1361. #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
  1362. failf(data, "Secure Transport: cannot set SSL protocol");
  1363. return CURLE_SSL_CONNECT_ERROR;
  1364. }
  1365. static bool is_cipher_suite_strong(SSLCipherSuite suite_num)
  1366. {
  1367. for(size_t i = 0; i < NUM_OF_CIPHERS; ++i) {
  1368. if(ciphertable[i].num == suite_num) {
  1369. return !ciphertable[i].weak;
  1370. }
  1371. }
  1372. /* If the cipher is not in our list, assume it is a new one
  1373. and therefore strong. Previous implementation was the same,
  1374. if cipher suite is not in the list, it was considered strong enough */
  1375. return true;
  1376. }
  1377. static bool is_separator(char c)
  1378. {
  1379. /* Return whether character is a cipher list separator. */
  1380. switch(c) {
  1381. case ' ':
  1382. case '\t':
  1383. case ':':
  1384. case ',':
  1385. case ';':
  1386. return true;
  1387. }
  1388. return false;
  1389. }
  1390. static CURLcode sectransp_set_default_ciphers(struct Curl_easy *data,
  1391. SSLContextRef ssl_ctx)
  1392. {
  1393. size_t all_ciphers_count = 0UL, allowed_ciphers_count = 0UL, i;
  1394. SSLCipherSuite *all_ciphers = NULL, *allowed_ciphers = NULL;
  1395. OSStatus err = noErr;
  1396. #if CURL_BUILD_MAC
  1397. int darwinver_maj = 0, darwinver_min = 0;
  1398. GetDarwinVersionNumber(&darwinver_maj, &darwinver_min);
  1399. #endif /* CURL_BUILD_MAC */
  1400. /* Disable cipher suites that ST supports but are not safe. These ciphers
  1401. are unlikely to be used in any case since ST gives other ciphers a much
  1402. higher priority, but it's probably better that we not connect at all than
  1403. to give the user a false sense of security if the server only supports
  1404. insecure ciphers. (Note: We don't care about SSLv2-only ciphers.) */
  1405. err = SSLGetNumberSupportedCiphers(ssl_ctx, &all_ciphers_count);
  1406. if(err != noErr) {
  1407. failf(data, "SSL: SSLGetNumberSupportedCiphers() failed: OSStatus %d",
  1408. err);
  1409. return CURLE_SSL_CIPHER;
  1410. }
  1411. all_ciphers = malloc(all_ciphers_count*sizeof(SSLCipherSuite));
  1412. if(!all_ciphers) {
  1413. failf(data, "SSL: Failed to allocate memory for all ciphers");
  1414. return CURLE_OUT_OF_MEMORY;
  1415. }
  1416. allowed_ciphers = malloc(all_ciphers_count*sizeof(SSLCipherSuite));
  1417. if(!allowed_ciphers) {
  1418. Curl_safefree(all_ciphers);
  1419. failf(data, "SSL: Failed to allocate memory for allowed ciphers");
  1420. return CURLE_OUT_OF_MEMORY;
  1421. }
  1422. err = SSLGetSupportedCiphers(ssl_ctx, all_ciphers,
  1423. &all_ciphers_count);
  1424. if(err != noErr) {
  1425. Curl_safefree(all_ciphers);
  1426. Curl_safefree(allowed_ciphers);
  1427. return CURLE_SSL_CIPHER;
  1428. }
  1429. for(i = 0UL ; i < all_ciphers_count ; i++) {
  1430. #if CURL_BUILD_MAC
  1431. /* There's a known bug in early versions of Mountain Lion where ST's ECC
  1432. ciphers (cipher suite 0xC001 through 0xC032) simply do not work.
  1433. Work around the problem here by disabling those ciphers if we are
  1434. running in an affected version of OS X. */
  1435. if(darwinver_maj == 12 && darwinver_min <= 3 &&
  1436. all_ciphers[i] >= 0xC001 && all_ciphers[i] <= 0xC032) {
  1437. continue;
  1438. }
  1439. #endif /* CURL_BUILD_MAC */
  1440. if(is_cipher_suite_strong(all_ciphers[i])) {
  1441. allowed_ciphers[allowed_ciphers_count++] = all_ciphers[i];
  1442. }
  1443. }
  1444. err = SSLSetEnabledCiphers(ssl_ctx, allowed_ciphers,
  1445. allowed_ciphers_count);
  1446. Curl_safefree(all_ciphers);
  1447. Curl_safefree(allowed_ciphers);
  1448. if(err != noErr) {
  1449. failf(data, "SSL: SSLSetEnabledCiphers() failed: OSStatus %d", err);
  1450. return CURLE_SSL_CIPHER;
  1451. }
  1452. return CURLE_OK;
  1453. }
  1454. static CURLcode sectransp_set_selected_ciphers(struct Curl_easy *data,
  1455. SSLContextRef ssl_ctx,
  1456. const char *ciphers)
  1457. {
  1458. size_t ciphers_count = 0;
  1459. const char *cipher_start = ciphers;
  1460. OSStatus err = noErr;
  1461. SSLCipherSuite selected_ciphers[NUM_OF_CIPHERS];
  1462. if(!ciphers)
  1463. return CURLE_OK;
  1464. while(is_separator(*ciphers)) /* Skip initial separators. */
  1465. ciphers++;
  1466. if(!*ciphers)
  1467. return CURLE_OK;
  1468. cipher_start = ciphers;
  1469. while(*cipher_start && ciphers_count < NUM_OF_CIPHERS) {
  1470. bool cipher_found = FALSE;
  1471. size_t cipher_len = 0;
  1472. const char *cipher_end = NULL;
  1473. bool tls_name = FALSE;
  1474. /* Skip separators */
  1475. while(is_separator(*cipher_start))
  1476. cipher_start++;
  1477. if(*cipher_start == '\0') {
  1478. break;
  1479. }
  1480. /* Find last position of a cipher in the ciphers string */
  1481. cipher_end = cipher_start;
  1482. while (*cipher_end != '\0' && !is_separator(*cipher_end)) {
  1483. ++cipher_end;
  1484. }
  1485. /* IANA cipher names start with the TLS_ or SSL_ prefix.
  1486. If the 4th symbol of the cipher is '_' we look for a cipher in the
  1487. table by its (TLS) name.
  1488. Otherwise, we try to match cipher by an alias. */
  1489. if(cipher_start[3] == '_') {
  1490. tls_name = TRUE;
  1491. }
  1492. /* Iterate through the cipher table and look for the cipher, starting
  1493. the cipher number 0x01 because the 0x00 is not the real cipher */
  1494. cipher_len = cipher_end - cipher_start;
  1495. for(size_t i = 1; i < NUM_OF_CIPHERS; ++i) {
  1496. const char *table_cipher_name = NULL;
  1497. if(tls_name) {
  1498. table_cipher_name = ciphertable[i].name;
  1499. }
  1500. else if(ciphertable[i].alias_name) {
  1501. table_cipher_name = ciphertable[i].alias_name;
  1502. }
  1503. else {
  1504. continue;
  1505. }
  1506. /* Compare a part of the string between separators with a cipher name
  1507. in the table and make sure we matched the whole cipher name */
  1508. if(strncmp(cipher_start, table_cipher_name, cipher_len) == 0
  1509. && table_cipher_name[cipher_len] == '\0') {
  1510. selected_ciphers[ciphers_count] = ciphertable[i].num;
  1511. ++ciphers_count;
  1512. cipher_found = TRUE;
  1513. break;
  1514. }
  1515. }
  1516. if(!cipher_found) {
  1517. /* It would be more human-readable if we print the wrong cipher name
  1518. but we don't want to allocate any additional memory and copy the name
  1519. into it, then add it into logs.
  1520. Also, we do not modify an original cipher list string. We just point
  1521. to positions where cipher starts and ends in the cipher list string.
  1522. The message is a bit cryptic and longer than necessary but can be
  1523. understood by humans. */
  1524. failf(data, "SSL: cipher string \"%s\" contains unsupported cipher name"
  1525. " starting position %d and ending position %d",
  1526. ciphers,
  1527. cipher_start - ciphers,
  1528. cipher_end - ciphers);
  1529. return CURLE_SSL_CIPHER;
  1530. }
  1531. if(*cipher_end) {
  1532. cipher_start = cipher_end + 1;
  1533. }
  1534. else {
  1535. break;
  1536. }
  1537. }
  1538. /* All cipher suites in the list are found. Report to logs as-is */
  1539. infof(data, "SSL: Setting cipher suites list \"%s\"", ciphers);
  1540. err = SSLSetEnabledCiphers(ssl_ctx, selected_ciphers, ciphers_count);
  1541. if(err != noErr) {
  1542. failf(data, "SSL: SSLSetEnabledCiphers() failed: OSStatus %d", err);
  1543. return CURLE_SSL_CIPHER;
  1544. }
  1545. return CURLE_OK;
  1546. }
  1547. static CURLcode sectransp_connect_step1(struct Curl_easy *data,
  1548. struct connectdata *conn,
  1549. int sockindex)
  1550. {
  1551. curl_socket_t sockfd = conn->sock[sockindex];
  1552. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  1553. struct ssl_backend_data *backend = connssl->backend;
  1554. const struct curl_blob *ssl_cablob = SSL_CONN_CONFIG(ca_info_blob);
  1555. const char * const ssl_cafile =
  1556. /* CURLOPT_CAINFO_BLOB overrides CURLOPT_CAINFO */
  1557. (ssl_cablob ? NULL : SSL_CONN_CONFIG(CAfile));
  1558. const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
  1559. char * const ssl_cert = SSL_SET_OPTION(primary.clientcert);
  1560. const struct curl_blob *ssl_cert_blob = SSL_SET_OPTION(primary.cert_blob);
  1561. bool isproxy = SSL_IS_PROXY();
  1562. const char * const hostname = SSL_HOST_NAME();
  1563. const long int port = SSL_HOST_PORT();
  1564. #ifdef ENABLE_IPV6
  1565. struct in6_addr addr;
  1566. #else
  1567. struct in_addr addr;
  1568. #endif /* ENABLE_IPV6 */
  1569. char *ciphers;
  1570. OSStatus err = noErr;
  1571. #if CURL_BUILD_MAC
  1572. int darwinver_maj = 0, darwinver_min = 0;
  1573. DEBUGASSERT(backend);
  1574. GetDarwinVersionNumber(&darwinver_maj, &darwinver_min);
  1575. #endif /* CURL_BUILD_MAC */
  1576. #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
  1577. if(SSLCreateContext) { /* use the newer API if available */
  1578. if(backend->ssl_ctx)
  1579. CFRelease(backend->ssl_ctx);
  1580. backend->ssl_ctx = SSLCreateContext(NULL, kSSLClientSide, kSSLStreamType);
  1581. if(!backend->ssl_ctx) {
  1582. failf(data, "SSL: couldn't create a context");
  1583. return CURLE_OUT_OF_MEMORY;
  1584. }
  1585. }
  1586. else {
  1587. /* The old ST API does not exist under iOS, so don't compile it: */
  1588. #if CURL_SUPPORT_MAC_10_8
  1589. if(backend->ssl_ctx)
  1590. (void)SSLDisposeContext(backend->ssl_ctx);
  1591. err = SSLNewContext(false, &(backend->ssl_ctx));
  1592. if(err != noErr) {
  1593. failf(data, "SSL: couldn't create a context: OSStatus %d", err);
  1594. return CURLE_OUT_OF_MEMORY;
  1595. }
  1596. #endif /* CURL_SUPPORT_MAC_10_8 */
  1597. }
  1598. #else
  1599. if(backend->ssl_ctx)
  1600. (void)SSLDisposeContext(backend->ssl_ctx);
  1601. err = SSLNewContext(false, &(backend->ssl_ctx));
  1602. if(err != noErr) {
  1603. failf(data, "SSL: couldn't create a context: OSStatus %d", err);
  1604. return CURLE_OUT_OF_MEMORY;
  1605. }
  1606. #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
  1607. backend->ssl_write_buffered_length = 0UL; /* reset buffered write length */
  1608. /* check to see if we've been told to use an explicit SSL/TLS version */
  1609. #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
  1610. if(SSLSetProtocolVersionMax) {
  1611. switch(conn->ssl_config.version) {
  1612. case CURL_SSLVERSION_TLSv1:
  1613. (void)SSLSetProtocolVersionMin(backend->ssl_ctx, kTLSProtocol1);
  1614. #if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILABLE == 1
  1615. if(__builtin_available(macOS 10.13, iOS 11.0, *)) {
  1616. (void)SSLSetProtocolVersionMax(backend->ssl_ctx, kTLSProtocol13);
  1617. }
  1618. else {
  1619. (void)SSLSetProtocolVersionMax(backend->ssl_ctx, kTLSProtocol12);
  1620. }
  1621. #else
  1622. (void)SSLSetProtocolVersionMax(backend->ssl_ctx, kTLSProtocol12);
  1623. #endif /* (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) &&
  1624. HAVE_BUILTIN_AVAILABLE == 1 */
  1625. break;
  1626. case CURL_SSLVERSION_DEFAULT:
  1627. case CURL_SSLVERSION_TLSv1_0:
  1628. case CURL_SSLVERSION_TLSv1_1:
  1629. case CURL_SSLVERSION_TLSv1_2:
  1630. case CURL_SSLVERSION_TLSv1_3:
  1631. {
  1632. CURLcode result = set_ssl_version_min_max(data, conn, sockindex);
  1633. if(result != CURLE_OK)
  1634. return result;
  1635. break;
  1636. }
  1637. case CURL_SSLVERSION_SSLv3:
  1638. case CURL_SSLVERSION_SSLv2:
  1639. failf(data, "SSL versions not supported");
  1640. return CURLE_NOT_BUILT_IN;
  1641. default:
  1642. failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
  1643. return CURLE_SSL_CONNECT_ERROR;
  1644. }
  1645. }
  1646. else {
  1647. #if CURL_SUPPORT_MAC_10_8
  1648. (void)SSLSetProtocolVersionEnabled(backend->ssl_ctx,
  1649. kSSLProtocolAll,
  1650. false);
  1651. switch(conn->ssl_config.version) {
  1652. case CURL_SSLVERSION_DEFAULT:
  1653. case CURL_SSLVERSION_TLSv1:
  1654. (void)SSLSetProtocolVersionEnabled(backend->ssl_ctx,
  1655. kTLSProtocol1,
  1656. true);
  1657. (void)SSLSetProtocolVersionEnabled(backend->ssl_ctx,
  1658. kTLSProtocol11,
  1659. true);
  1660. (void)SSLSetProtocolVersionEnabled(backend->ssl_ctx,
  1661. kTLSProtocol12,
  1662. true);
  1663. break;
  1664. case CURL_SSLVERSION_TLSv1_0:
  1665. case CURL_SSLVERSION_TLSv1_1:
  1666. case CURL_SSLVERSION_TLSv1_2:
  1667. case CURL_SSLVERSION_TLSv1_3:
  1668. {
  1669. CURLcode result = set_ssl_version_min_max(data, conn, sockindex);
  1670. if(result != CURLE_OK)
  1671. return result;
  1672. break;
  1673. }
  1674. case CURL_SSLVERSION_SSLv3:
  1675. case CURL_SSLVERSION_SSLv2:
  1676. failf(data, "SSL versions not supported");
  1677. return CURLE_NOT_BUILT_IN;
  1678. default:
  1679. failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
  1680. return CURLE_SSL_CONNECT_ERROR;
  1681. }
  1682. #endif /* CURL_SUPPORT_MAC_10_8 */
  1683. }
  1684. #else
  1685. if(conn->ssl_config.version_max != CURL_SSLVERSION_MAX_NONE) {
  1686. failf(data, "Your version of the OS does not support to set maximum"
  1687. " SSL/TLS version");
  1688. return CURLE_SSL_CONNECT_ERROR;
  1689. }
  1690. (void)SSLSetProtocolVersionEnabled(backend->ssl_ctx, kSSLProtocolAll, false);
  1691. switch(conn->ssl_config.version) {
  1692. case CURL_SSLVERSION_DEFAULT:
  1693. case CURL_SSLVERSION_TLSv1:
  1694. case CURL_SSLVERSION_TLSv1_0:
  1695. (void)SSLSetProtocolVersionEnabled(backend->ssl_ctx,
  1696. kTLSProtocol1,
  1697. true);
  1698. break;
  1699. case CURL_SSLVERSION_TLSv1_1:
  1700. failf(data, "Your version of the OS does not support TLSv1.1");
  1701. return CURLE_SSL_CONNECT_ERROR;
  1702. case CURL_SSLVERSION_TLSv1_2:
  1703. failf(data, "Your version of the OS does not support TLSv1.2");
  1704. return CURLE_SSL_CONNECT_ERROR;
  1705. case CURL_SSLVERSION_TLSv1_3:
  1706. failf(data, "Your version of the OS does not support TLSv1.3");
  1707. return CURLE_SSL_CONNECT_ERROR;
  1708. case CURL_SSLVERSION_SSLv2:
  1709. case CURL_SSLVERSION_SSLv3:
  1710. failf(data, "SSL versions not supported");
  1711. return CURLE_NOT_BUILT_IN;
  1712. default:
  1713. failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
  1714. return CURLE_SSL_CONNECT_ERROR;
  1715. }
  1716. #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
  1717. #if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILABLE == 1
  1718. if(conn->bits.tls_enable_alpn) {
  1719. if(__builtin_available(macOS 10.13.4, iOS 11, tvOS 11, *)) {
  1720. CFMutableArrayRef alpnArr = CFArrayCreateMutable(NULL, 0,
  1721. &kCFTypeArrayCallBacks);
  1722. #ifdef USE_HTTP2
  1723. if(data->state.httpwant >= CURL_HTTP_VERSION_2
  1724. #ifndef CURL_DISABLE_PROXY
  1725. && (!isproxy || !conn->bits.tunnel_proxy)
  1726. #endif
  1727. ) {
  1728. CFArrayAppendValue(alpnArr, CFSTR(ALPN_H2));
  1729. infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2);
  1730. }
  1731. #endif
  1732. CFArrayAppendValue(alpnArr, CFSTR(ALPN_HTTP_1_1));
  1733. infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1);
  1734. /* expects length prefixed preference ordered list of protocols in wire
  1735. * format
  1736. */
  1737. err = SSLSetALPNProtocols(backend->ssl_ctx, alpnArr);
  1738. if(err != noErr)
  1739. infof(data, "WARNING: failed to set ALPN protocols; OSStatus %d",
  1740. err);
  1741. CFRelease(alpnArr);
  1742. }
  1743. }
  1744. #endif
  1745. if(SSL_SET_OPTION(key)) {
  1746. infof(data, "WARNING: SSL: CURLOPT_SSLKEY is ignored by Secure "
  1747. "Transport. The private key must be in the Keychain.");
  1748. }
  1749. if(ssl_cert || ssl_cert_blob) {
  1750. bool is_cert_data = ssl_cert_blob != NULL;
  1751. bool is_cert_file = (!is_cert_data) && is_file(ssl_cert);
  1752. SecIdentityRef cert_and_key = NULL;
  1753. /* User wants to authenticate with a client cert. Look for it. Assume that
  1754. the user wants to use an identity loaded from the Keychain. If not, try
  1755. it as a file on disk */
  1756. if(!is_cert_data)
  1757. err = CopyIdentityWithLabel(ssl_cert, &cert_and_key);
  1758. else
  1759. err = !noErr;
  1760. if((err != noErr) && (is_cert_file || is_cert_data)) {
  1761. if(!SSL_SET_OPTION(cert_type))
  1762. infof(data, "SSL: Certificate type not set, assuming "
  1763. "PKCS#12 format.");
  1764. else if(!strcasecompare(SSL_SET_OPTION(cert_type), "P12")) {
  1765. failf(data, "SSL: The Security framework only supports "
  1766. "loading identities that are in PKCS#12 format.");
  1767. return CURLE_SSL_CERTPROBLEM;
  1768. }
  1769. err = CopyIdentityFromPKCS12File(ssl_cert, ssl_cert_blob,
  1770. SSL_SET_OPTION(key_passwd),
  1771. &cert_and_key);
  1772. }
  1773. if(err == noErr && cert_and_key) {
  1774. SecCertificateRef cert = NULL;
  1775. CFTypeRef certs_c[1];
  1776. CFArrayRef certs;
  1777. /* If we found one, print it out: */
  1778. err = SecIdentityCopyCertificate(cert_and_key, &cert);
  1779. if(err == noErr) {
  1780. char *certp;
  1781. CURLcode result = CopyCertSubject(data, cert, &certp);
  1782. if(!result) {
  1783. infof(data, "Client certificate: %s", certp);
  1784. free(certp);
  1785. }
  1786. CFRelease(cert);
  1787. if(result == CURLE_PEER_FAILED_VERIFICATION)
  1788. return CURLE_SSL_CERTPROBLEM;
  1789. if(result)
  1790. return result;
  1791. }
  1792. certs_c[0] = cert_and_key;
  1793. certs = CFArrayCreate(NULL, (const void **)certs_c, 1L,
  1794. &kCFTypeArrayCallBacks);
  1795. err = SSLSetCertificate(backend->ssl_ctx, certs);
  1796. if(certs)
  1797. CFRelease(certs);
  1798. if(err != noErr) {
  1799. failf(data, "SSL: SSLSetCertificate() failed: OSStatus %d", err);
  1800. return CURLE_SSL_CERTPROBLEM;
  1801. }
  1802. CFRelease(cert_and_key);
  1803. }
  1804. else {
  1805. const char *cert_showfilename_error =
  1806. is_cert_data ? "(memory blob)" : ssl_cert;
  1807. switch(err) {
  1808. case errSecAuthFailed: case -25264: /* errSecPkcs12VerifyFailure */
  1809. failf(data, "SSL: Incorrect password for the certificate \"%s\" "
  1810. "and its private key.", cert_showfilename_error);
  1811. break;
  1812. case -26275: /* errSecDecode */ case -25257: /* errSecUnknownFormat */
  1813. failf(data, "SSL: Couldn't make sense of the data in the "
  1814. "certificate \"%s\" and its private key.",
  1815. cert_showfilename_error);
  1816. break;
  1817. case -25260: /* errSecPassphraseRequired */
  1818. failf(data, "SSL The certificate \"%s\" requires a password.",
  1819. cert_showfilename_error);
  1820. break;
  1821. case errSecItemNotFound:
  1822. failf(data, "SSL: Can't find the certificate \"%s\" and its private "
  1823. "key in the Keychain.", cert_showfilename_error);
  1824. break;
  1825. default:
  1826. failf(data, "SSL: Can't load the certificate \"%s\" and its private "
  1827. "key: OSStatus %d", cert_showfilename_error, err);
  1828. break;
  1829. }
  1830. return CURLE_SSL_CERTPROBLEM;
  1831. }
  1832. }
  1833. /* SSL always tries to verify the peer, this only says whether it should
  1834. * fail to connect if the verification fails, or if it should continue
  1835. * anyway. In the latter case the result of the verification is checked with
  1836. * SSL_get_verify_result() below. */
  1837. #if CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS
  1838. /* Snow Leopard introduced the SSLSetSessionOption() function, but due to
  1839. a library bug with the way the kSSLSessionOptionBreakOnServerAuth flag
  1840. works, it doesn't work as expected under Snow Leopard, Lion or
  1841. Mountain Lion.
  1842. So we need to call SSLSetEnableCertVerify() on those older cats in order
  1843. to disable certificate validation if the user turned that off.
  1844. (SecureTransport will always validate the certificate chain by
  1845. default.)
  1846. Note:
  1847. Darwin 11.x.x is Lion (10.7)
  1848. Darwin 12.x.x is Mountain Lion (10.8)
  1849. Darwin 13.x.x is Mavericks (10.9)
  1850. Darwin 14.x.x is Yosemite (10.10)
  1851. Darwin 15.x.x is El Capitan (10.11)
  1852. */
  1853. #if CURL_BUILD_MAC
  1854. if(SSLSetSessionOption && darwinver_maj >= 13) {
  1855. #else
  1856. if(SSLSetSessionOption) {
  1857. #endif /* CURL_BUILD_MAC */
  1858. bool break_on_auth = !conn->ssl_config.verifypeer ||
  1859. ssl_cafile || ssl_cablob;
  1860. err = SSLSetSessionOption(backend->ssl_ctx,
  1861. kSSLSessionOptionBreakOnServerAuth,
  1862. break_on_auth);
  1863. if(err != noErr) {
  1864. failf(data, "SSL: SSLSetSessionOption() failed: OSStatus %d", err);
  1865. return CURLE_SSL_CONNECT_ERROR;
  1866. }
  1867. }
  1868. else {
  1869. #if CURL_SUPPORT_MAC_10_8
  1870. err = SSLSetEnableCertVerify(backend->ssl_ctx,
  1871. conn->ssl_config.verifypeer?true:false);
  1872. if(err != noErr) {
  1873. failf(data, "SSL: SSLSetEnableCertVerify() failed: OSStatus %d", err);
  1874. return CURLE_SSL_CONNECT_ERROR;
  1875. }
  1876. #endif /* CURL_SUPPORT_MAC_10_8 */
  1877. }
  1878. #else
  1879. err = SSLSetEnableCertVerify(backend->ssl_ctx,
  1880. conn->ssl_config.verifypeer?true:false);
  1881. if(err != noErr) {
  1882. failf(data, "SSL: SSLSetEnableCertVerify() failed: OSStatus %d", err);
  1883. return CURLE_SSL_CONNECT_ERROR;
  1884. }
  1885. #endif /* CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS */
  1886. if((ssl_cafile || ssl_cablob) && verifypeer) {
  1887. bool is_cert_data = ssl_cablob != NULL;
  1888. bool is_cert_file = (!is_cert_data) && is_file(ssl_cafile);
  1889. if(!(is_cert_file || is_cert_data)) {
  1890. failf(data, "SSL: can't load CA certificate file %s",
  1891. ssl_cafile ? ssl_cafile : "(blob memory)");
  1892. return CURLE_SSL_CACERT_BADFILE;
  1893. }
  1894. }
  1895. /* Configure hostname check. SNI is used if available.
  1896. * Both hostname check and SNI require SSLSetPeerDomainName().
  1897. * Also: the verifyhost setting influences SNI usage */
  1898. if(conn->ssl_config.verifyhost) {
  1899. size_t snilen;
  1900. char *snihost = Curl_ssl_snihost(data, hostname, &snilen);
  1901. if(!snihost) {
  1902. failf(data, "Failed to set SNI");
  1903. return CURLE_SSL_CONNECT_ERROR;
  1904. }
  1905. err = SSLSetPeerDomainName(backend->ssl_ctx, snihost, snilen);
  1906. if(err != noErr) {
  1907. infof(data, "WARNING: SSL: SSLSetPeerDomainName() failed: OSStatus %d",
  1908. err);
  1909. }
  1910. if((Curl_inet_pton(AF_INET, hostname, &addr))
  1911. #ifdef ENABLE_IPV6
  1912. || (Curl_inet_pton(AF_INET6, hostname, &addr))
  1913. #endif
  1914. ) {
  1915. infof(data, "WARNING: using IP address, SNI is being disabled by "
  1916. "the OS.");
  1917. }
  1918. }
  1919. else {
  1920. infof(data, "WARNING: disabling hostname validation also disables SNI.");
  1921. }
  1922. ciphers = SSL_CONN_CONFIG(cipher_list);
  1923. if(ciphers) {
  1924. err = sectransp_set_selected_ciphers(data, backend->ssl_ctx, ciphers);
  1925. }
  1926. else {
  1927. err = sectransp_set_default_ciphers(data, backend->ssl_ctx);
  1928. }
  1929. if(err != noErr) {
  1930. failf(data, "SSL: Unable to set ciphers for SSL/TLS handshake. "
  1931. "Error code: %d", err);
  1932. return CURLE_SSL_CIPHER;
  1933. }
  1934. #if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7
  1935. /* We want to enable 1/n-1 when using a CBC cipher unless the user
  1936. specifically doesn't want us doing that: */
  1937. if(SSLSetSessionOption) {
  1938. SSLSetSessionOption(backend->ssl_ctx, kSSLSessionOptionSendOneByteRecord,
  1939. !SSL_SET_OPTION(enable_beast));
  1940. SSLSetSessionOption(backend->ssl_ctx, kSSLSessionOptionFalseStart,
  1941. data->set.ssl.falsestart); /* false start support */
  1942. }
  1943. #endif /* CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 */
  1944. /* Check if there's a cached ID we can/should use here! */
  1945. if(SSL_SET_OPTION(primary.sessionid)) {
  1946. char *ssl_sessionid;
  1947. size_t ssl_sessionid_len;
  1948. Curl_ssl_sessionid_lock(data);
  1949. if(!Curl_ssl_getsessionid(data, conn, isproxy, (void **)&ssl_sessionid,
  1950. &ssl_sessionid_len, sockindex)) {
  1951. /* we got a session id, use it! */
  1952. err = SSLSetPeerID(backend->ssl_ctx, ssl_sessionid, ssl_sessionid_len);
  1953. Curl_ssl_sessionid_unlock(data);
  1954. if(err != noErr) {
  1955. failf(data, "SSL: SSLSetPeerID() failed: OSStatus %d", err);
  1956. return CURLE_SSL_CONNECT_ERROR;
  1957. }
  1958. /* Informational message */
  1959. infof(data, "SSL re-using session ID");
  1960. }
  1961. /* If there isn't one, then let's make one up! This has to be done prior
  1962. to starting the handshake. */
  1963. else {
  1964. CURLcode result;
  1965. ssl_sessionid =
  1966. aprintf("%s:%d:%d:%s:%ld",
  1967. ssl_cafile ? ssl_cafile : "(blob memory)",
  1968. verifypeer, SSL_CONN_CONFIG(verifyhost), hostname, port);
  1969. ssl_sessionid_len = strlen(ssl_sessionid);
  1970. err = SSLSetPeerID(backend->ssl_ctx, ssl_sessionid, ssl_sessionid_len);
  1971. if(err != noErr) {
  1972. Curl_ssl_sessionid_unlock(data);
  1973. failf(data, "SSL: SSLSetPeerID() failed: OSStatus %d", err);
  1974. return CURLE_SSL_CONNECT_ERROR;
  1975. }
  1976. result = Curl_ssl_addsessionid(data, conn, isproxy, ssl_sessionid,
  1977. ssl_sessionid_len, sockindex, NULL);
  1978. Curl_ssl_sessionid_unlock(data);
  1979. if(result) {
  1980. failf(data, "failed to store ssl session");
  1981. return result;
  1982. }
  1983. }
  1984. }
  1985. err = SSLSetIOFuncs(backend->ssl_ctx, SocketRead, SocketWrite);
  1986. if(err != noErr) {
  1987. failf(data, "SSL: SSLSetIOFuncs() failed: OSStatus %d", err);
  1988. return CURLE_SSL_CONNECT_ERROR;
  1989. }
  1990. /* pass the raw socket into the SSL layers */
  1991. /* We need to store the FD in a constant memory address, because
  1992. * SSLSetConnection() will not copy that address. I've found that
  1993. * conn->sock[sockindex] may change on its own. */
  1994. backend->ssl_sockfd = sockfd;
  1995. err = SSLSetConnection(backend->ssl_ctx, connssl);
  1996. if(err != noErr) {
  1997. failf(data, "SSL: SSLSetConnection() failed: %d", err);
  1998. return CURLE_SSL_CONNECT_ERROR;
  1999. }
  2000. connssl->connecting_state = ssl_connect_2;
  2001. return CURLE_OK;
  2002. }
  2003. static long pem_to_der(const char *in, unsigned char **out, size_t *outlen)
  2004. {
  2005. char *sep_start, *sep_end, *cert_start, *cert_end;
  2006. size_t i, j, err;
  2007. size_t len;
  2008. unsigned char *b64;
  2009. /* Jump through the separators at the beginning of the certificate. */
  2010. sep_start = strstr(in, "-----");
  2011. if(!sep_start)
  2012. return 0;
  2013. cert_start = strstr(sep_start + 1, "-----");
  2014. if(!cert_start)
  2015. return -1;
  2016. cert_start += 5;
  2017. /* Find separator after the end of the certificate. */
  2018. cert_end = strstr(cert_start, "-----");
  2019. if(!cert_end)
  2020. return -1;
  2021. sep_end = strstr(cert_end + 1, "-----");
  2022. if(!sep_end)
  2023. return -1;
  2024. sep_end += 5;
  2025. len = cert_end - cert_start;
  2026. b64 = malloc(len + 1);
  2027. if(!b64)
  2028. return -1;
  2029. /* Create base64 string without linefeeds. */
  2030. for(i = 0, j = 0; i < len; i++) {
  2031. if(cert_start[i] != '\r' && cert_start[i] != '\n')
  2032. b64[j++] = cert_start[i];
  2033. }
  2034. b64[j] = '\0';
  2035. err = Curl_base64_decode((const char *)b64, out, outlen);
  2036. free(b64);
  2037. if(err) {
  2038. free(*out);
  2039. return -1;
  2040. }
  2041. return sep_end - in;
  2042. }
  2043. static int read_cert(const char *file, unsigned char **out, size_t *outlen)
  2044. {
  2045. int fd;
  2046. ssize_t n, len = 0, cap = 512;
  2047. unsigned char buf[512], *data;
  2048. fd = open(file, 0);
  2049. if(fd < 0)
  2050. return -1;
  2051. data = malloc(cap);
  2052. if(!data) {
  2053. close(fd);
  2054. return -1;
  2055. }
  2056. for(;;) {
  2057. n = read(fd, buf, sizeof(buf));
  2058. if(n < 0) {
  2059. close(fd);
  2060. free(data);
  2061. return -1;
  2062. }
  2063. else if(n == 0) {
  2064. close(fd);
  2065. break;
  2066. }
  2067. if(len + n >= cap) {
  2068. cap *= 2;
  2069. data = Curl_saferealloc(data, cap);
  2070. if(!data) {
  2071. close(fd);
  2072. return -1;
  2073. }
  2074. }
  2075. memcpy(data + len, buf, n);
  2076. len += n;
  2077. }
  2078. data[len] = '\0';
  2079. *out = data;
  2080. *outlen = len;
  2081. return 0;
  2082. }
  2083. static int append_cert_to_array(struct Curl_easy *data,
  2084. const unsigned char *buf, size_t buflen,
  2085. CFMutableArrayRef array)
  2086. {
  2087. CFDataRef certdata = CFDataCreate(kCFAllocatorDefault, buf, buflen);
  2088. char *certp;
  2089. CURLcode result;
  2090. if(!certdata) {
  2091. failf(data, "SSL: failed to allocate array for CA certificate");
  2092. return CURLE_OUT_OF_MEMORY;
  2093. }
  2094. SecCertificateRef cacert =
  2095. SecCertificateCreateWithData(kCFAllocatorDefault, certdata);
  2096. CFRelease(certdata);
  2097. if(!cacert) {
  2098. failf(data, "SSL: failed to create SecCertificate from CA certificate");
  2099. return CURLE_SSL_CACERT_BADFILE;
  2100. }
  2101. /* Check if cacert is valid. */
  2102. result = CopyCertSubject(data, cacert, &certp);
  2103. switch(result) {
  2104. case CURLE_OK:
  2105. break;
  2106. case CURLE_PEER_FAILED_VERIFICATION:
  2107. return CURLE_SSL_CACERT_BADFILE;
  2108. case CURLE_OUT_OF_MEMORY:
  2109. default:
  2110. return result;
  2111. }
  2112. free(certp);
  2113. CFArrayAppendValue(array, cacert);
  2114. CFRelease(cacert);
  2115. return CURLE_OK;
  2116. }
  2117. static CURLcode verify_cert_buf(struct Curl_easy *data,
  2118. const unsigned char *certbuf, size_t buflen,
  2119. SSLContextRef ctx)
  2120. {
  2121. int n = 0, rc;
  2122. long res;
  2123. unsigned char *der;
  2124. size_t derlen, offset = 0;
  2125. /*
  2126. * Certbuf now contains the contents of the certificate file, which can be
  2127. * - a single DER certificate,
  2128. * - a single PEM certificate or
  2129. * - a bunch of PEM certificates (certificate bundle).
  2130. *
  2131. * Go through certbuf, and convert any PEM certificate in it into DER
  2132. * format.
  2133. */
  2134. CFMutableArrayRef array = CFArrayCreateMutable(kCFAllocatorDefault, 0,
  2135. &kCFTypeArrayCallBacks);
  2136. if(!array) {
  2137. failf(data, "SSL: out of memory creating CA certificate array");
  2138. return CURLE_OUT_OF_MEMORY;
  2139. }
  2140. while(offset < buflen) {
  2141. n++;
  2142. /*
  2143. * Check if the certificate is in PEM format, and convert it to DER. If
  2144. * this fails, we assume the certificate is in DER format.
  2145. */
  2146. res = pem_to_der((const char *)certbuf + offset, &der, &derlen);
  2147. if(res < 0) {
  2148. CFRelease(array);
  2149. failf(data, "SSL: invalid CA certificate #%d (offset %zu) in bundle",
  2150. n, offset);
  2151. return CURLE_SSL_CACERT_BADFILE;
  2152. }
  2153. offset += res;
  2154. if(res == 0 && offset == 0) {
  2155. /* This is not a PEM file, probably a certificate in DER format. */
  2156. rc = append_cert_to_array(data, certbuf, buflen, array);
  2157. if(rc != CURLE_OK) {
  2158. CFRelease(array);
  2159. return rc;
  2160. }
  2161. break;
  2162. }
  2163. else if(res == 0) {
  2164. /* No more certificates in the bundle. */
  2165. break;
  2166. }
  2167. rc = append_cert_to_array(data, der, derlen, array);
  2168. free(der);
  2169. if(rc != CURLE_OK) {
  2170. CFRelease(array);
  2171. return rc;
  2172. }
  2173. }
  2174. SecTrustRef trust;
  2175. OSStatus ret = SSLCopyPeerTrust(ctx, &trust);
  2176. if(!trust) {
  2177. failf(data, "SSL: error getting certificate chain");
  2178. CFRelease(array);
  2179. return CURLE_PEER_FAILED_VERIFICATION;
  2180. }
  2181. else if(ret != noErr) {
  2182. CFRelease(array);
  2183. failf(data, "SSLCopyPeerTrust() returned error %d", ret);
  2184. return CURLE_PEER_FAILED_VERIFICATION;
  2185. }
  2186. ret = SecTrustSetAnchorCertificates(trust, array);
  2187. if(ret != noErr) {
  2188. CFRelease(array);
  2189. CFRelease(trust);
  2190. failf(data, "SecTrustSetAnchorCertificates() returned error %d", ret);
  2191. return CURLE_PEER_FAILED_VERIFICATION;
  2192. }
  2193. ret = SecTrustSetAnchorCertificatesOnly(trust, true);
  2194. if(ret != noErr) {
  2195. CFRelease(array);
  2196. CFRelease(trust);
  2197. failf(data, "SecTrustSetAnchorCertificatesOnly() returned error %d", ret);
  2198. return CURLE_PEER_FAILED_VERIFICATION;
  2199. }
  2200. SecTrustResultType trust_eval = 0;
  2201. ret = SecTrustEvaluate(trust, &trust_eval);
  2202. CFRelease(array);
  2203. CFRelease(trust);
  2204. if(ret != noErr) {
  2205. failf(data, "SecTrustEvaluate() returned error %d", ret);
  2206. return CURLE_PEER_FAILED_VERIFICATION;
  2207. }
  2208. switch(trust_eval) {
  2209. case kSecTrustResultUnspecified:
  2210. case kSecTrustResultProceed:
  2211. return CURLE_OK;
  2212. case kSecTrustResultRecoverableTrustFailure:
  2213. case kSecTrustResultDeny:
  2214. default:
  2215. failf(data, "SSL: certificate verification failed (result: %d)",
  2216. trust_eval);
  2217. return CURLE_PEER_FAILED_VERIFICATION;
  2218. }
  2219. }
  2220. static CURLcode verify_cert(struct Curl_easy *data, const char *cafile,
  2221. const struct curl_blob *ca_info_blob,
  2222. SSLContextRef ctx)
  2223. {
  2224. int result;
  2225. unsigned char *certbuf;
  2226. size_t buflen;
  2227. if(ca_info_blob) {
  2228. certbuf = (unsigned char *)malloc(ca_info_blob->len + 1);
  2229. if(!certbuf) {
  2230. return CURLE_OUT_OF_MEMORY;
  2231. }
  2232. buflen = ca_info_blob->len;
  2233. memcpy(certbuf, ca_info_blob->data, ca_info_blob->len);
  2234. certbuf[ca_info_blob->len]='\0';
  2235. }
  2236. else if(cafile) {
  2237. if(read_cert(cafile, &certbuf, &buflen) < 0) {
  2238. failf(data, "SSL: failed to read or invalid CA certificate");
  2239. return CURLE_SSL_CACERT_BADFILE;
  2240. }
  2241. }
  2242. else
  2243. return CURLE_SSL_CACERT_BADFILE;
  2244. result = verify_cert_buf(data, certbuf, buflen, ctx);
  2245. free(certbuf);
  2246. return result;
  2247. }
  2248. #ifdef SECTRANSP_PINNEDPUBKEY
  2249. static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,
  2250. SSLContextRef ctx,
  2251. const char *pinnedpubkey)
  2252. { /* Scratch */
  2253. size_t pubkeylen, realpubkeylen, spkiHeaderLength = 24;
  2254. unsigned char *pubkey = NULL, *realpubkey = NULL;
  2255. const unsigned char *spkiHeader = NULL;
  2256. CFDataRef publicKeyBits = NULL;
  2257. /* Result is returned to caller */
  2258. CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
  2259. /* if a path wasn't specified, don't pin */
  2260. if(!pinnedpubkey)
  2261. return CURLE_OK;
  2262. if(!ctx)
  2263. return result;
  2264. do {
  2265. SecTrustRef trust;
  2266. OSStatus ret = SSLCopyPeerTrust(ctx, &trust);
  2267. if(ret != noErr || !trust)
  2268. break;
  2269. SecKeyRef keyRef = SecTrustCopyPublicKey(trust);
  2270. CFRelease(trust);
  2271. if(!keyRef)
  2272. break;
  2273. #ifdef SECTRANSP_PINNEDPUBKEY_V1
  2274. publicKeyBits = SecKeyCopyExternalRepresentation(keyRef, NULL);
  2275. CFRelease(keyRef);
  2276. if(!publicKeyBits)
  2277. break;
  2278. #elif SECTRANSP_PINNEDPUBKEY_V2
  2279. OSStatus success = SecItemExport(keyRef, kSecFormatOpenSSL, 0, NULL,
  2280. &publicKeyBits);
  2281. CFRelease(keyRef);
  2282. if(success != errSecSuccess || !publicKeyBits)
  2283. break;
  2284. #endif /* SECTRANSP_PINNEDPUBKEY_V2 */
  2285. pubkeylen = CFDataGetLength(publicKeyBits);
  2286. pubkey = (unsigned char *)CFDataGetBytePtr(publicKeyBits);
  2287. switch(pubkeylen) {
  2288. case 526:
  2289. /* 4096 bit RSA pubkeylen == 526 */
  2290. spkiHeader = rsa4096SpkiHeader;
  2291. break;
  2292. case 270:
  2293. /* 2048 bit RSA pubkeylen == 270 */
  2294. spkiHeader = rsa2048SpkiHeader;
  2295. break;
  2296. #ifdef SECTRANSP_PINNEDPUBKEY_V1
  2297. case 65:
  2298. /* ecDSA secp256r1 pubkeylen == 65 */
  2299. spkiHeader = ecDsaSecp256r1SpkiHeader;
  2300. spkiHeaderLength = 26;
  2301. break;
  2302. case 97:
  2303. /* ecDSA secp384r1 pubkeylen == 97 */
  2304. spkiHeader = ecDsaSecp384r1SpkiHeader;
  2305. spkiHeaderLength = 23;
  2306. break;
  2307. default:
  2308. infof(data, "SSL: unhandled public key length: %d", pubkeylen);
  2309. #elif SECTRANSP_PINNEDPUBKEY_V2
  2310. default:
  2311. /* ecDSA secp256r1 pubkeylen == 91 header already included?
  2312. * ecDSA secp384r1 header already included too
  2313. * we assume rest of algorithms do same, so do nothing
  2314. */
  2315. result = Curl_pin_peer_pubkey(data, pinnedpubkey, pubkey,
  2316. pubkeylen);
  2317. #endif /* SECTRANSP_PINNEDPUBKEY_V2 */
  2318. continue; /* break from loop */
  2319. }
  2320. realpubkeylen = pubkeylen + spkiHeaderLength;
  2321. realpubkey = malloc(realpubkeylen);
  2322. if(!realpubkey)
  2323. break;
  2324. memcpy(realpubkey, spkiHeader, spkiHeaderLength);
  2325. memcpy(realpubkey + spkiHeaderLength, pubkey, pubkeylen);
  2326. result = Curl_pin_peer_pubkey(data, pinnedpubkey, realpubkey,
  2327. realpubkeylen);
  2328. } while(0);
  2329. Curl_safefree(realpubkey);
  2330. if(publicKeyBits)
  2331. CFRelease(publicKeyBits);
  2332. return result;
  2333. }
  2334. #endif /* SECTRANSP_PINNEDPUBKEY */
  2335. static CURLcode
  2336. sectransp_connect_step2(struct Curl_easy *data, struct connectdata *conn,
  2337. int sockindex)
  2338. {
  2339. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  2340. struct ssl_backend_data *backend = connssl->backend;
  2341. OSStatus err;
  2342. SSLCipherSuite cipher;
  2343. SSLProtocol protocol = 0;
  2344. const char * const hostname = SSL_HOST_NAME();
  2345. DEBUGASSERT(ssl_connect_2 == connssl->connecting_state
  2346. || ssl_connect_2_reading == connssl->connecting_state
  2347. || ssl_connect_2_writing == connssl->connecting_state);
  2348. DEBUGASSERT(backend);
  2349. /* Here goes nothing: */
  2350. err = SSLHandshake(backend->ssl_ctx);
  2351. if(err != noErr) {
  2352. switch(err) {
  2353. case errSSLWouldBlock: /* they're not done with us yet */
  2354. connssl->connecting_state = backend->ssl_direction ?
  2355. ssl_connect_2_writing : ssl_connect_2_reading;
  2356. return CURLE_OK;
  2357. /* The below is errSSLServerAuthCompleted; it's not defined in
  2358. Leopard's headers */
  2359. case -9841:
  2360. if((SSL_CONN_CONFIG(CAfile) || SSL_CONN_CONFIG(ca_info_blob)) &&
  2361. SSL_CONN_CONFIG(verifypeer)) {
  2362. CURLcode result = verify_cert(data, SSL_CONN_CONFIG(CAfile),
  2363. SSL_CONN_CONFIG(ca_info_blob),
  2364. backend->ssl_ctx);
  2365. if(result)
  2366. return result;
  2367. }
  2368. /* the documentation says we need to call SSLHandshake() again */
  2369. return sectransp_connect_step2(data, conn, sockindex);
  2370. /* Problem with encrypt / decrypt */
  2371. case errSSLPeerDecodeError:
  2372. failf(data, "Decode failed");
  2373. break;
  2374. case errSSLDecryptionFail:
  2375. case errSSLPeerDecryptionFail:
  2376. failf(data, "Decryption failed");
  2377. break;
  2378. case errSSLPeerDecryptError:
  2379. failf(data, "A decryption error occurred");
  2380. break;
  2381. case errSSLBadCipherSuite:
  2382. failf(data, "A bad SSL cipher suite was encountered");
  2383. break;
  2384. case errSSLCrypto:
  2385. failf(data, "An underlying cryptographic error was encountered");
  2386. break;
  2387. #if CURL_BUILD_MAC_10_11 || CURL_BUILD_IOS_9
  2388. case errSSLWeakPeerEphemeralDHKey:
  2389. failf(data, "Indicates a weak ephemeral Diffie-Hellman key");
  2390. break;
  2391. #endif
  2392. /* Problem with the message record validation */
  2393. case errSSLBadRecordMac:
  2394. case errSSLPeerBadRecordMac:
  2395. failf(data, "A record with a bad message authentication code (MAC) "
  2396. "was encountered");
  2397. break;
  2398. case errSSLRecordOverflow:
  2399. case errSSLPeerRecordOverflow:
  2400. failf(data, "A record overflow occurred");
  2401. break;
  2402. /* Problem with zlib decompression */
  2403. case errSSLPeerDecompressFail:
  2404. failf(data, "Decompression failed");
  2405. break;
  2406. /* Problem with access */
  2407. case errSSLPeerAccessDenied:
  2408. failf(data, "Access was denied");
  2409. break;
  2410. case errSSLPeerInsufficientSecurity:
  2411. failf(data, "There is insufficient security for this operation");
  2412. break;
  2413. /* These are all certificate problems with the server: */
  2414. case errSSLXCertChainInvalid:
  2415. failf(data, "SSL certificate problem: Invalid certificate chain");
  2416. return CURLE_PEER_FAILED_VERIFICATION;
  2417. case errSSLUnknownRootCert:
  2418. failf(data, "SSL certificate problem: Untrusted root certificate");
  2419. return CURLE_PEER_FAILED_VERIFICATION;
  2420. case errSSLNoRootCert:
  2421. failf(data, "SSL certificate problem: No root certificate");
  2422. return CURLE_PEER_FAILED_VERIFICATION;
  2423. case errSSLCertNotYetValid:
  2424. failf(data, "SSL certificate problem: The certificate chain had a "
  2425. "certificate that is not yet valid");
  2426. return CURLE_PEER_FAILED_VERIFICATION;
  2427. case errSSLCertExpired:
  2428. case errSSLPeerCertExpired:
  2429. failf(data, "SSL certificate problem: Certificate chain had an "
  2430. "expired certificate");
  2431. return CURLE_PEER_FAILED_VERIFICATION;
  2432. case errSSLBadCert:
  2433. case errSSLPeerBadCert:
  2434. failf(data, "SSL certificate problem: Couldn't understand the server "
  2435. "certificate format");
  2436. return CURLE_PEER_FAILED_VERIFICATION;
  2437. case errSSLPeerUnsupportedCert:
  2438. failf(data, "SSL certificate problem: An unsupported certificate "
  2439. "format was encountered");
  2440. return CURLE_PEER_FAILED_VERIFICATION;
  2441. case errSSLPeerCertRevoked:
  2442. failf(data, "SSL certificate problem: The certificate was revoked");
  2443. return CURLE_PEER_FAILED_VERIFICATION;
  2444. case errSSLPeerCertUnknown:
  2445. failf(data, "SSL certificate problem: The certificate is unknown");
  2446. return CURLE_PEER_FAILED_VERIFICATION;
  2447. /* These are all certificate problems with the client: */
  2448. case errSecAuthFailed:
  2449. failf(data, "SSL authentication failed");
  2450. break;
  2451. case errSSLPeerHandshakeFail:
  2452. failf(data, "SSL peer handshake failed, the server most likely "
  2453. "requires a client certificate to connect");
  2454. break;
  2455. case errSSLPeerUnknownCA:
  2456. failf(data, "SSL server rejected the client certificate due to "
  2457. "the certificate being signed by an unknown certificate "
  2458. "authority");
  2459. break;
  2460. /* This error is raised if the server's cert didn't match the server's
  2461. host name: */
  2462. case errSSLHostNameMismatch:
  2463. failf(data, "SSL certificate peer verification failed, the "
  2464. "certificate did not match \"%s\"\n", conn->host.dispname);
  2465. return CURLE_PEER_FAILED_VERIFICATION;
  2466. /* Problem with SSL / TLS negotiation */
  2467. case errSSLNegotiation:
  2468. failf(data, "Could not negotiate an SSL cipher suite with the server");
  2469. break;
  2470. case errSSLBadConfiguration:
  2471. failf(data, "A configuration error occurred");
  2472. break;
  2473. case errSSLProtocol:
  2474. failf(data, "SSL protocol error");
  2475. break;
  2476. case errSSLPeerProtocolVersion:
  2477. failf(data, "A bad protocol version was encountered");
  2478. break;
  2479. case errSSLPeerNoRenegotiation:
  2480. failf(data, "No renegotiation is allowed");
  2481. break;
  2482. /* Generic handshake errors: */
  2483. case errSSLConnectionRefused:
  2484. failf(data, "Server dropped the connection during the SSL handshake");
  2485. break;
  2486. case errSSLClosedAbort:
  2487. failf(data, "Server aborted the SSL handshake");
  2488. break;
  2489. case errSSLClosedGraceful:
  2490. failf(data, "The connection closed gracefully");
  2491. break;
  2492. case errSSLClosedNoNotify:
  2493. failf(data, "The server closed the session with no notification");
  2494. break;
  2495. /* Sometimes paramErr happens with buggy ciphers: */
  2496. case paramErr:
  2497. case errSSLInternal:
  2498. case errSSLPeerInternalError:
  2499. failf(data, "Internal SSL engine error encountered during the "
  2500. "SSL handshake");
  2501. break;
  2502. case errSSLFatalAlert:
  2503. failf(data, "Fatal SSL engine error encountered during the SSL "
  2504. "handshake");
  2505. break;
  2506. /* Unclassified error */
  2507. case errSSLBufferOverflow:
  2508. failf(data, "An insufficient buffer was provided");
  2509. break;
  2510. case errSSLIllegalParam:
  2511. failf(data, "An illegal parameter was encountered");
  2512. break;
  2513. case errSSLModuleAttach:
  2514. failf(data, "Module attach failure");
  2515. break;
  2516. case errSSLSessionNotFound:
  2517. failf(data, "An attempt to restore an unknown session failed");
  2518. break;
  2519. case errSSLPeerExportRestriction:
  2520. failf(data, "An export restriction occurred");
  2521. break;
  2522. case errSSLPeerUserCancelled:
  2523. failf(data, "The user canceled the operation");
  2524. break;
  2525. case errSSLPeerUnexpectedMsg:
  2526. failf(data, "Peer rejected unexpected message");
  2527. break;
  2528. #if CURL_BUILD_MAC_10_11 || CURL_BUILD_IOS_9
  2529. /* Treaing non-fatal error as fatal like before */
  2530. case errSSLClientHelloReceived:
  2531. failf(data, "A non-fatal result for providing a server name "
  2532. "indication");
  2533. break;
  2534. #endif
  2535. /* Error codes defined in the enum but should never be returned.
  2536. We list them here just in case. */
  2537. #if CURL_BUILD_MAC_10_6
  2538. /* Only returned when kSSLSessionOptionBreakOnCertRequested is set */
  2539. case errSSLClientCertRequested:
  2540. failf(data, "Server requested a client certificate during the "
  2541. "handshake");
  2542. return CURLE_SSL_CLIENTCERT;
  2543. #endif
  2544. #if CURL_BUILD_MAC_10_9
  2545. /* Alias for errSSLLast, end of error range */
  2546. case errSSLUnexpectedRecord:
  2547. failf(data, "Unexpected (skipped) record in DTLS");
  2548. break;
  2549. #endif
  2550. default:
  2551. /* May also return codes listed in Security Framework Result Codes */
  2552. failf(data, "Unknown SSL protocol error in connection to %s:%d",
  2553. hostname, err);
  2554. break;
  2555. }
  2556. return CURLE_SSL_CONNECT_ERROR;
  2557. }
  2558. else {
  2559. /* we have been connected fine, we're not waiting for anything else. */
  2560. connssl->connecting_state = ssl_connect_3;
  2561. #ifdef SECTRANSP_PINNEDPUBKEY
  2562. if(data->set.str[STRING_SSL_PINNEDPUBLICKEY]) {
  2563. CURLcode result =
  2564. pkp_pin_peer_pubkey(data, backend->ssl_ctx,
  2565. data->set.str[STRING_SSL_PINNEDPUBLICKEY]);
  2566. if(result) {
  2567. failf(data, "SSL: public key does not match pinned public key");
  2568. return result;
  2569. }
  2570. }
  2571. #endif /* SECTRANSP_PINNEDPUBKEY */
  2572. /* Informational message */
  2573. (void)SSLGetNegotiatedCipher(backend->ssl_ctx, &cipher);
  2574. (void)SSLGetNegotiatedProtocolVersion(backend->ssl_ctx, &protocol);
  2575. switch(protocol) {
  2576. case kSSLProtocol2:
  2577. infof(data, "SSL 2.0 connection using %s",
  2578. TLSCipherNameForNumber(cipher));
  2579. break;
  2580. case kSSLProtocol3:
  2581. infof(data, "SSL 3.0 connection using %s",
  2582. TLSCipherNameForNumber(cipher));
  2583. break;
  2584. case kTLSProtocol1:
  2585. infof(data, "TLS 1.0 connection using %s",
  2586. TLSCipherNameForNumber(cipher));
  2587. break;
  2588. #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
  2589. case kTLSProtocol11:
  2590. infof(data, "TLS 1.1 connection using %s",
  2591. TLSCipherNameForNumber(cipher));
  2592. break;
  2593. case kTLSProtocol12:
  2594. infof(data, "TLS 1.2 connection using %s",
  2595. TLSCipherNameForNumber(cipher));
  2596. break;
  2597. #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
  2598. #if CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11
  2599. case kTLSProtocol13:
  2600. infof(data, "TLS 1.3 connection using %s",
  2601. TLSCipherNameForNumber(cipher));
  2602. break;
  2603. #endif /* CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11 */
  2604. default:
  2605. infof(data, "Unknown protocol connection");
  2606. break;
  2607. }
  2608. #if(CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILABLE == 1
  2609. if(conn->bits.tls_enable_alpn) {
  2610. if(__builtin_available(macOS 10.13.4, iOS 11, tvOS 11, *)) {
  2611. CFArrayRef alpnArr = NULL;
  2612. CFStringRef chosenProtocol = NULL;
  2613. err = SSLCopyALPNProtocols(backend->ssl_ctx, &alpnArr);
  2614. if(err == noErr && alpnArr && CFArrayGetCount(alpnArr) >= 1)
  2615. chosenProtocol = CFArrayGetValueAtIndex(alpnArr, 0);
  2616. #ifdef USE_HTTP2
  2617. if(chosenProtocol &&
  2618. !CFStringCompare(chosenProtocol, CFSTR(ALPN_H2), 0)) {
  2619. conn->negnpn = CURL_HTTP_VERSION_2;
  2620. }
  2621. else
  2622. #endif
  2623. if(chosenProtocol &&
  2624. !CFStringCompare(chosenProtocol, CFSTR(ALPN_HTTP_1_1), 0)) {
  2625. conn->negnpn = CURL_HTTP_VERSION_1_1;
  2626. }
  2627. else
  2628. infof(data, VTLS_INFOF_NO_ALPN);
  2629. Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ?
  2630. BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
  2631. /* chosenProtocol is a reference to the string within alpnArr
  2632. and doesn't need to be freed separately */
  2633. if(alpnArr)
  2634. CFRelease(alpnArr);
  2635. }
  2636. }
  2637. #endif
  2638. return CURLE_OK;
  2639. }
  2640. }
  2641. static CURLcode
  2642. add_cert_to_certinfo(struct Curl_easy *data,
  2643. SecCertificateRef server_cert,
  2644. int idx)
  2645. {
  2646. CURLcode result = CURLE_OK;
  2647. const char *beg;
  2648. const char *end;
  2649. CFDataRef cert_data = SecCertificateCopyData(server_cert);
  2650. if(!cert_data)
  2651. return CURLE_PEER_FAILED_VERIFICATION;
  2652. beg = (const char *)CFDataGetBytePtr(cert_data);
  2653. end = beg + CFDataGetLength(cert_data);
  2654. result = Curl_extract_certinfo(data, idx, beg, end);
  2655. CFRelease(cert_data);
  2656. return result;
  2657. }
  2658. static CURLcode
  2659. collect_server_cert_single(struct Curl_easy *data,
  2660. SecCertificateRef server_cert,
  2661. CFIndex idx)
  2662. {
  2663. CURLcode result = CURLE_OK;
  2664. #ifndef CURL_DISABLE_VERBOSE_STRINGS
  2665. if(data->set.verbose) {
  2666. char *certp;
  2667. result = CopyCertSubject(data, server_cert, &certp);
  2668. if(!result) {
  2669. infof(data, "Server certificate: %s", certp);
  2670. free(certp);
  2671. }
  2672. }
  2673. #endif
  2674. if(data->set.ssl.certinfo)
  2675. result = add_cert_to_certinfo(data, server_cert, (int)idx);
  2676. return result;
  2677. }
  2678. /* This should be called during step3 of the connection at the earliest */
  2679. static CURLcode
  2680. collect_server_cert(struct Curl_easy *data,
  2681. struct connectdata *conn,
  2682. int sockindex)
  2683. {
  2684. #ifndef CURL_DISABLE_VERBOSE_STRINGS
  2685. const bool show_verbose_server_cert = data->set.verbose;
  2686. #else
  2687. const bool show_verbose_server_cert = false;
  2688. #endif
  2689. CURLcode result = data->set.ssl.certinfo ?
  2690. CURLE_PEER_FAILED_VERIFICATION : CURLE_OK;
  2691. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  2692. struct ssl_backend_data *backend = connssl->backend;
  2693. CFArrayRef server_certs = NULL;
  2694. SecCertificateRef server_cert;
  2695. OSStatus err;
  2696. CFIndex i, count;
  2697. SecTrustRef trust = NULL;
  2698. DEBUGASSERT(backend);
  2699. if(!show_verbose_server_cert && !data->set.ssl.certinfo)
  2700. return CURLE_OK;
  2701. if(!backend->ssl_ctx)
  2702. return result;
  2703. #if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS
  2704. #if CURL_BUILD_IOS
  2705. #pragma unused(server_certs)
  2706. err = SSLCopyPeerTrust(backend->ssl_ctx, &trust);
  2707. /* For some reason, SSLCopyPeerTrust() can return noErr and yet return
  2708. a null trust, so be on guard for that: */
  2709. if(err == noErr && trust) {
  2710. count = SecTrustGetCertificateCount(trust);
  2711. if(data->set.ssl.certinfo)
  2712. result = Curl_ssl_init_certinfo(data, (int)count);
  2713. for(i = 0L ; !result && (i < count) ; i++) {
  2714. server_cert = SecTrustGetCertificateAtIndex(trust, i);
  2715. result = collect_server_cert_single(data, server_cert, i);
  2716. }
  2717. CFRelease(trust);
  2718. }
  2719. #else
  2720. /* SSLCopyPeerCertificates() is deprecated as of Mountain Lion.
  2721. The function SecTrustGetCertificateAtIndex() is officially present
  2722. in Lion, but it is unfortunately also present in Snow Leopard as
  2723. private API and doesn't work as expected. So we have to look for
  2724. a different symbol to make sure this code is only executed under
  2725. Lion or later. */
  2726. if(SecTrustEvaluateAsync) {
  2727. #pragma unused(server_certs)
  2728. err = SSLCopyPeerTrust(backend->ssl_ctx, &trust);
  2729. /* For some reason, SSLCopyPeerTrust() can return noErr and yet return
  2730. a null trust, so be on guard for that: */
  2731. if(err == noErr && trust) {
  2732. count = SecTrustGetCertificateCount(trust);
  2733. if(data->set.ssl.certinfo)
  2734. result = Curl_ssl_init_certinfo(data, (int)count);
  2735. for(i = 0L ; !result && (i < count) ; i++) {
  2736. server_cert = SecTrustGetCertificateAtIndex(trust, i);
  2737. result = collect_server_cert_single(data, server_cert, i);
  2738. }
  2739. CFRelease(trust);
  2740. }
  2741. }
  2742. else {
  2743. #if CURL_SUPPORT_MAC_10_8
  2744. err = SSLCopyPeerCertificates(backend->ssl_ctx, &server_certs);
  2745. /* Just in case SSLCopyPeerCertificates() returns null too... */
  2746. if(err == noErr && server_certs) {
  2747. count = CFArrayGetCount(server_certs);
  2748. if(data->set.ssl.certinfo)
  2749. result = Curl_ssl_init_certinfo(data, (int)count);
  2750. for(i = 0L ; !result && (i < count) ; i++) {
  2751. server_cert = (SecCertificateRef)CFArrayGetValueAtIndex(server_certs,
  2752. i);
  2753. result = collect_server_cert_single(data, server_cert, i);
  2754. }
  2755. CFRelease(server_certs);
  2756. }
  2757. #endif /* CURL_SUPPORT_MAC_10_8 */
  2758. }
  2759. #endif /* CURL_BUILD_IOS */
  2760. #else
  2761. #pragma unused(trust)
  2762. err = SSLCopyPeerCertificates(backend->ssl_ctx, &server_certs);
  2763. if(err == noErr) {
  2764. count = CFArrayGetCount(server_certs);
  2765. if(data->set.ssl.certinfo)
  2766. result = Curl_ssl_init_certinfo(data, (int)count);
  2767. for(i = 0L ; !result && (i < count) ; i++) {
  2768. server_cert = (SecCertificateRef)CFArrayGetValueAtIndex(server_certs, i);
  2769. result = collect_server_cert_single(data, server_cert, i);
  2770. }
  2771. CFRelease(server_certs);
  2772. }
  2773. #endif /* CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS */
  2774. return result;
  2775. }
  2776. static CURLcode
  2777. sectransp_connect_step3(struct Curl_easy *data, struct connectdata *conn,
  2778. int sockindex)
  2779. {
  2780. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  2781. /* There is no step 3!
  2782. * Well, okay, let's collect server certificates, and if verbose mode is on,
  2783. * let's print the details of the server certificates. */
  2784. const CURLcode result = collect_server_cert(data, conn, sockindex);
  2785. if(result)
  2786. return result;
  2787. connssl->connecting_state = ssl_connect_done;
  2788. return CURLE_OK;
  2789. }
  2790. static Curl_recv sectransp_recv;
  2791. static Curl_send sectransp_send;
  2792. static CURLcode
  2793. sectransp_connect_common(struct Curl_easy *data,
  2794. struct connectdata *conn,
  2795. int sockindex,
  2796. bool nonblocking,
  2797. bool *done)
  2798. {
  2799. CURLcode result;
  2800. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  2801. curl_socket_t sockfd = conn->sock[sockindex];
  2802. int what;
  2803. /* check if the connection has already been established */
  2804. if(ssl_connection_complete == connssl->state) {
  2805. *done = TRUE;
  2806. return CURLE_OK;
  2807. }
  2808. if(ssl_connect_1 == connssl->connecting_state) {
  2809. /* Find out how much more time we're allowed */
  2810. const timediff_t timeout_ms = Curl_timeleft(data, NULL, TRUE);
  2811. if(timeout_ms < 0) {
  2812. /* no need to continue if time already is up */
  2813. failf(data, "SSL connection timeout");
  2814. return CURLE_OPERATION_TIMEDOUT;
  2815. }
  2816. result = sectransp_connect_step1(data, conn, sockindex);
  2817. if(result)
  2818. return result;
  2819. }
  2820. while(ssl_connect_2 == connssl->connecting_state ||
  2821. ssl_connect_2_reading == connssl->connecting_state ||
  2822. ssl_connect_2_writing == connssl->connecting_state) {
  2823. /* check allowed time left */
  2824. const timediff_t timeout_ms = Curl_timeleft(data, NULL, TRUE);
  2825. if(timeout_ms < 0) {
  2826. /* no need to continue if time already is up */
  2827. failf(data, "SSL connection timeout");
  2828. return CURLE_OPERATION_TIMEDOUT;
  2829. }
  2830. /* if ssl is expecting something, check if it's available. */
  2831. if(connssl->connecting_state == ssl_connect_2_reading ||
  2832. connssl->connecting_state == ssl_connect_2_writing) {
  2833. curl_socket_t writefd = ssl_connect_2_writing ==
  2834. connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
  2835. curl_socket_t readfd = ssl_connect_2_reading ==
  2836. connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
  2837. what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd,
  2838. nonblocking ? 0 : timeout_ms);
  2839. if(what < 0) {
  2840. /* fatal error */
  2841. failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
  2842. return CURLE_SSL_CONNECT_ERROR;
  2843. }
  2844. else if(0 == what) {
  2845. if(nonblocking) {
  2846. *done = FALSE;
  2847. return CURLE_OK;
  2848. }
  2849. else {
  2850. /* timeout */
  2851. failf(data, "SSL connection timeout");
  2852. return CURLE_OPERATION_TIMEDOUT;
  2853. }
  2854. }
  2855. /* socket is readable or writable */
  2856. }
  2857. /* Run transaction, and return to the caller if it failed or if this
  2858. * connection is done nonblocking and this loop would execute again. This
  2859. * permits the owner of a multi handle to abort a connection attempt
  2860. * before step2 has completed while ensuring that a client using select()
  2861. * or epoll() will always have a valid fdset to wait on.
  2862. */
  2863. result = sectransp_connect_step2(data, conn, sockindex);
  2864. if(result || (nonblocking &&
  2865. (ssl_connect_2 == connssl->connecting_state ||
  2866. ssl_connect_2_reading == connssl->connecting_state ||
  2867. ssl_connect_2_writing == connssl->connecting_state)))
  2868. return result;
  2869. } /* repeat step2 until all transactions are done. */
  2870. if(ssl_connect_3 == connssl->connecting_state) {
  2871. result = sectransp_connect_step3(data, conn, sockindex);
  2872. if(result)
  2873. return result;
  2874. }
  2875. if(ssl_connect_done == connssl->connecting_state) {
  2876. connssl->state = ssl_connection_complete;
  2877. conn->recv[sockindex] = sectransp_recv;
  2878. conn->send[sockindex] = sectransp_send;
  2879. *done = TRUE;
  2880. }
  2881. else
  2882. *done = FALSE;
  2883. /* Reset our connect state machine */
  2884. connssl->connecting_state = ssl_connect_1;
  2885. return CURLE_OK;
  2886. }
  2887. static CURLcode sectransp_connect_nonblocking(struct Curl_easy *data,
  2888. struct connectdata *conn,
  2889. int sockindex, bool *done)
  2890. {
  2891. return sectransp_connect_common(data, conn, sockindex, TRUE, done);
  2892. }
  2893. static CURLcode sectransp_connect(struct Curl_easy *data,
  2894. struct connectdata *conn, int sockindex)
  2895. {
  2896. CURLcode result;
  2897. bool done = FALSE;
  2898. result = sectransp_connect_common(data, conn, sockindex, FALSE, &done);
  2899. if(result)
  2900. return result;
  2901. DEBUGASSERT(done);
  2902. return CURLE_OK;
  2903. }
  2904. static void sectransp_close(struct Curl_easy *data, struct connectdata *conn,
  2905. int sockindex)
  2906. {
  2907. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  2908. struct ssl_backend_data *backend = connssl->backend;
  2909. (void) data;
  2910. DEBUGASSERT(backend);
  2911. if(backend->ssl_ctx) {
  2912. (void)SSLClose(backend->ssl_ctx);
  2913. #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
  2914. if(SSLCreateContext)
  2915. CFRelease(backend->ssl_ctx);
  2916. #if CURL_SUPPORT_MAC_10_8
  2917. else
  2918. (void)SSLDisposeContext(backend->ssl_ctx);
  2919. #endif /* CURL_SUPPORT_MAC_10_8 */
  2920. #else
  2921. (void)SSLDisposeContext(backend->ssl_ctx);
  2922. #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */
  2923. backend->ssl_ctx = NULL;
  2924. }
  2925. backend->ssl_sockfd = 0;
  2926. }
  2927. static int sectransp_shutdown(struct Curl_easy *data,
  2928. struct connectdata *conn, int sockindex)
  2929. {
  2930. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  2931. struct ssl_backend_data *backend = connssl->backend;
  2932. ssize_t nread;
  2933. int what;
  2934. int rc;
  2935. char buf[120];
  2936. int loop = 10; /* avoid getting stuck */
  2937. DEBUGASSERT(backend);
  2938. if(!backend->ssl_ctx)
  2939. return 0;
  2940. #ifndef CURL_DISABLE_FTP
  2941. if(data->set.ftp_ccc != CURLFTPSSL_CCC_ACTIVE)
  2942. return 0;
  2943. #endif
  2944. sectransp_close(data, conn, sockindex);
  2945. rc = 0;
  2946. what = SOCKET_READABLE(conn->sock[sockindex], SSL_SHUTDOWN_TIMEOUT);
  2947. while(loop--) {
  2948. if(what < 0) {
  2949. /* anything that gets here is fatally bad */
  2950. failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
  2951. rc = -1;
  2952. break;
  2953. }
  2954. if(!what) { /* timeout */
  2955. failf(data, "SSL shutdown timeout");
  2956. break;
  2957. }
  2958. /* Something to read, let's do it and hope that it is the close
  2959. notify alert from the server. No way to SSL_Read now, so use read(). */
  2960. nread = read(conn->sock[sockindex], buf, sizeof(buf));
  2961. if(nread < 0) {
  2962. char buffer[STRERROR_LEN];
  2963. failf(data, "read: %s",
  2964. Curl_strerror(errno, buffer, sizeof(buffer)));
  2965. rc = -1;
  2966. }
  2967. if(nread <= 0)
  2968. break;
  2969. what = SOCKET_READABLE(conn->sock[sockindex], 0);
  2970. }
  2971. return rc;
  2972. }
  2973. static void sectransp_session_free(void *ptr)
  2974. {
  2975. /* ST, as of iOS 5 and Mountain Lion, has no public method of deleting a
  2976. cached session ID inside the Security framework. There is a private
  2977. function that does this, but I don't want to have to explain to you why I
  2978. got your application rejected from the App Store due to the use of a
  2979. private API, so the best we can do is free up our own char array that we
  2980. created way back in sectransp_connect_step1... */
  2981. Curl_safefree(ptr);
  2982. }
  2983. static size_t sectransp_version(char *buffer, size_t size)
  2984. {
  2985. return msnprintf(buffer, size, "SecureTransport");
  2986. }
  2987. /*
  2988. * This function uses SSLGetSessionState to determine connection status.
  2989. *
  2990. * Return codes:
  2991. * 1 means the connection is still in place
  2992. * 0 means the connection has been closed
  2993. * -1 means the connection status is unknown
  2994. */
  2995. static int sectransp_check_cxn(struct connectdata *conn)
  2996. {
  2997. struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET];
  2998. struct ssl_backend_data *backend = connssl->backend;
  2999. OSStatus err;
  3000. SSLSessionState state;
  3001. DEBUGASSERT(backend);
  3002. if(backend->ssl_ctx) {
  3003. err = SSLGetSessionState(backend->ssl_ctx, &state);
  3004. if(err == noErr)
  3005. return state == kSSLConnected || state == kSSLHandshake;
  3006. return -1;
  3007. }
  3008. return 0;
  3009. }
  3010. static bool sectransp_data_pending(const struct connectdata *conn,
  3011. int connindex)
  3012. {
  3013. const struct ssl_connect_data *connssl = &conn->ssl[connindex];
  3014. struct ssl_backend_data *backend = connssl->backend;
  3015. OSStatus err;
  3016. size_t buffer;
  3017. DEBUGASSERT(backend);
  3018. if(backend->ssl_ctx) { /* SSL is in use */
  3019. err = SSLGetBufferedReadSize(backend->ssl_ctx, &buffer);
  3020. if(err == noErr)
  3021. return buffer > 0UL;
  3022. return false;
  3023. }
  3024. else
  3025. return false;
  3026. }
  3027. static CURLcode sectransp_random(struct Curl_easy *data UNUSED_PARAM,
  3028. unsigned char *entropy, size_t length)
  3029. {
  3030. /* arc4random_buf() isn't available on cats older than Lion, so let's
  3031. do this manually for the benefit of the older cats. */
  3032. size_t i;
  3033. u_int32_t random_number = 0;
  3034. (void)data;
  3035. for(i = 0 ; i < length ; i++) {
  3036. if(i % sizeof(u_int32_t) == 0)
  3037. random_number = arc4random();
  3038. entropy[i] = random_number & 0xFF;
  3039. random_number >>= 8;
  3040. }
  3041. i = random_number = 0;
  3042. return CURLE_OK;
  3043. }
  3044. static CURLcode sectransp_sha256sum(const unsigned char *tmp, /* input */
  3045. size_t tmplen,
  3046. unsigned char *sha256sum, /* output */
  3047. size_t sha256len)
  3048. {
  3049. assert(sha256len >= CURL_SHA256_DIGEST_LENGTH);
  3050. (void)CC_SHA256(tmp, (CC_LONG)tmplen, sha256sum);
  3051. return CURLE_OK;
  3052. }
  3053. static bool sectransp_false_start(void)
  3054. {
  3055. #if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7
  3056. if(SSLSetSessionOption)
  3057. return TRUE;
  3058. #endif
  3059. return FALSE;
  3060. }
  3061. static ssize_t sectransp_send(struct Curl_easy *data,
  3062. int sockindex,
  3063. const void *mem,
  3064. size_t len,
  3065. CURLcode *curlcode)
  3066. {
  3067. struct connectdata *conn = data->conn;
  3068. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  3069. struct ssl_backend_data *backend = connssl->backend;
  3070. size_t processed = 0UL;
  3071. OSStatus err;
  3072. DEBUGASSERT(backend);
  3073. /* The SSLWrite() function works a little differently than expected. The
  3074. fourth argument (processed) is currently documented in Apple's
  3075. documentation as: "On return, the length, in bytes, of the data actually
  3076. written."
  3077. Now, one could interpret that as "written to the socket," but actually,
  3078. it returns the amount of data that was written to a buffer internal to
  3079. the SSLContextRef instead. So it's possible for SSLWrite() to return
  3080. errSSLWouldBlock and a number of bytes "written" because those bytes were
  3081. encrypted and written to a buffer, not to the socket.
  3082. So if this happens, then we need to keep calling SSLWrite() over and
  3083. over again with no new data until it quits returning errSSLWouldBlock. */
  3084. /* Do we have buffered data to write from the last time we were called? */
  3085. if(backend->ssl_write_buffered_length) {
  3086. /* Write the buffered data: */
  3087. err = SSLWrite(backend->ssl_ctx, NULL, 0UL, &processed);
  3088. switch(err) {
  3089. case noErr:
  3090. /* processed is always going to be 0 because we didn't write to
  3091. the buffer, so return how much was written to the socket */
  3092. processed = backend->ssl_write_buffered_length;
  3093. backend->ssl_write_buffered_length = 0UL;
  3094. break;
  3095. case errSSLWouldBlock: /* argh, try again */
  3096. *curlcode = CURLE_AGAIN;
  3097. return -1L;
  3098. default:
  3099. failf(data, "SSLWrite() returned error %d", err);
  3100. *curlcode = CURLE_SEND_ERROR;
  3101. return -1L;
  3102. }
  3103. }
  3104. else {
  3105. /* We've got new data to write: */
  3106. err = SSLWrite(backend->ssl_ctx, mem, len, &processed);
  3107. if(err != noErr) {
  3108. switch(err) {
  3109. case errSSLWouldBlock:
  3110. /* Data was buffered but not sent, we have to tell the caller
  3111. to try sending again, and remember how much was buffered */
  3112. backend->ssl_write_buffered_length = len;
  3113. *curlcode = CURLE_AGAIN;
  3114. return -1L;
  3115. default:
  3116. failf(data, "SSLWrite() returned error %d", err);
  3117. *curlcode = CURLE_SEND_ERROR;
  3118. return -1L;
  3119. }
  3120. }
  3121. }
  3122. return (ssize_t)processed;
  3123. }
  3124. static ssize_t sectransp_recv(struct Curl_easy *data,
  3125. int num,
  3126. char *buf,
  3127. size_t buffersize,
  3128. CURLcode *curlcode)
  3129. {
  3130. struct connectdata *conn = data->conn;
  3131. struct ssl_connect_data *connssl = &conn->ssl[num];
  3132. struct ssl_backend_data *backend = connssl->backend;
  3133. size_t processed = 0UL;
  3134. OSStatus err;
  3135. DEBUGASSERT(backend);
  3136. again:
  3137. err = SSLRead(backend->ssl_ctx, buf, buffersize, &processed);
  3138. if(err != noErr) {
  3139. switch(err) {
  3140. case errSSLWouldBlock: /* return how much we read (if anything) */
  3141. if(processed)
  3142. return (ssize_t)processed;
  3143. *curlcode = CURLE_AGAIN;
  3144. return -1L;
  3145. break;
  3146. /* errSSLClosedGraceful - server gracefully shut down the SSL session
  3147. errSSLClosedNoNotify - server hung up on us instead of sending a
  3148. closure alert notice, read() is returning 0
  3149. Either way, inform the caller that the server disconnected. */
  3150. case errSSLClosedGraceful:
  3151. case errSSLClosedNoNotify:
  3152. *curlcode = CURLE_OK;
  3153. return -1L;
  3154. break;
  3155. /* The below is errSSLPeerAuthCompleted; it's not defined in
  3156. Leopard's headers */
  3157. case -9841:
  3158. if((SSL_CONN_CONFIG(CAfile) || SSL_CONN_CONFIG(ca_info_blob)) &&
  3159. SSL_CONN_CONFIG(verifypeer)) {
  3160. CURLcode result = verify_cert(data, SSL_CONN_CONFIG(CAfile),
  3161. SSL_CONN_CONFIG(ca_info_blob),
  3162. backend->ssl_ctx);
  3163. if(result)
  3164. return result;
  3165. }
  3166. goto again;
  3167. default:
  3168. failf(data, "SSLRead() return error %d", err);
  3169. *curlcode = CURLE_RECV_ERROR;
  3170. return -1L;
  3171. break;
  3172. }
  3173. }
  3174. return (ssize_t)processed;
  3175. }
  3176. static void *sectransp_get_internals(struct ssl_connect_data *connssl,
  3177. CURLINFO info UNUSED_PARAM)
  3178. {
  3179. struct ssl_backend_data *backend = connssl->backend;
  3180. (void)info;
  3181. DEBUGASSERT(backend);
  3182. return backend->ssl_ctx;
  3183. }
  3184. const struct Curl_ssl Curl_ssl_sectransp = {
  3185. { CURLSSLBACKEND_SECURETRANSPORT, "secure-transport" }, /* info */
  3186. SSLSUPP_CAINFO_BLOB |
  3187. SSLSUPP_CERTINFO |
  3188. #ifdef SECTRANSP_PINNEDPUBKEY
  3189. SSLSUPP_PINNEDPUBKEY,
  3190. #else
  3191. 0,
  3192. #endif /* SECTRANSP_PINNEDPUBKEY */
  3193. sizeof(struct ssl_backend_data),
  3194. Curl_none_init, /* init */
  3195. Curl_none_cleanup, /* cleanup */
  3196. sectransp_version, /* version */
  3197. sectransp_check_cxn, /* check_cxn */
  3198. sectransp_shutdown, /* shutdown */
  3199. sectransp_data_pending, /* data_pending */
  3200. sectransp_random, /* random */
  3201. Curl_none_cert_status_request, /* cert_status_request */
  3202. sectransp_connect, /* connect */
  3203. sectransp_connect_nonblocking, /* connect_nonblocking */
  3204. Curl_ssl_getsock, /* getsock */
  3205. sectransp_get_internals, /* get_internals */
  3206. sectransp_close, /* close_one */
  3207. Curl_none_close_all, /* close_all */
  3208. sectransp_session_free, /* session_free */
  3209. Curl_none_set_engine, /* set_engine */
  3210. Curl_none_set_engine_default, /* set_engine_default */
  3211. Curl_none_engines_list, /* engines_list */
  3212. sectransp_false_start, /* false_start */
  3213. sectransp_sha256sum, /* sha256sum */
  3214. NULL, /* associate_connection */
  3215. NULL /* disassociate_connection */
  3216. };
  3217. #ifdef __clang__
  3218. #pragma clang diagnostic pop
  3219. #endif
  3220. #endif /* USE_SECTRANSP */