bearssl.c 38 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214
  1. /***************************************************************************
  2. * _ _ ____ _
  3. * Project ___| | | | _ \| |
  4. * / __| | | | |_) | |
  5. * | (__| |_| | _ <| |___
  6. * \___|\___/|_| \_\_____|
  7. *
  8. * Copyright (C) 2019 - 2022, Michael Forney, <mforney@mforney.org>
  9. *
  10. * This software is licensed as described in the file COPYING, which
  11. * you should have received as part of this distribution. The terms
  12. * are also available at https://curl.se/docs/copyright.html.
  13. *
  14. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15. * copies of the Software, and permit persons to whom the Software is
  16. * furnished to do so, under the terms of the COPYING file.
  17. *
  18. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19. * KIND, either express or implied.
  20. *
  21. * SPDX-License-Identifier: curl
  22. *
  23. ***************************************************************************/
  24. #include "curl_setup.h"
  25. #ifdef USE_BEARSSL
  26. #include <bearssl.h>
  27. #include "bearssl.h"
  28. #include "urldata.h"
  29. #include "sendf.h"
  30. #include "inet_pton.h"
  31. #include "vtls.h"
  32. #include "connect.h"
  33. #include "select.h"
  34. #include "multiif.h"
  35. #include "curl_printf.h"
  36. #include "curl_memory.h"
  37. #include "strcase.h"
  38. struct x509_context {
  39. const br_x509_class *vtable;
  40. br_x509_minimal_context minimal;
  41. br_x509_decoder_context decoder;
  42. bool verifyhost;
  43. bool verifypeer;
  44. int cert_num;
  45. };
  46. struct ssl_backend_data {
  47. br_ssl_client_context ctx;
  48. struct x509_context x509;
  49. unsigned char buf[BR_SSL_BUFSIZE_BIDI];
  50. br_x509_trust_anchor *anchors;
  51. size_t anchors_len;
  52. const char *protocols[2];
  53. /* SSL client context is active */
  54. bool active;
  55. /* size of pending write, yet to be flushed */
  56. size_t pending_write;
  57. };
  58. struct cafile_parser {
  59. CURLcode err;
  60. bool in_cert;
  61. br_x509_decoder_context xc;
  62. /* array of trust anchors loaded from CAfile */
  63. br_x509_trust_anchor *anchors;
  64. size_t anchors_len;
  65. /* buffer for DN data */
  66. unsigned char dn[1024];
  67. size_t dn_len;
  68. };
  69. #define CAFILE_SOURCE_PATH 1
  70. #define CAFILE_SOURCE_BLOB 2
  71. struct cafile_source {
  72. int type;
  73. const char *data;
  74. size_t len;
  75. };
  76. static void append_dn(void *ctx, const void *buf, size_t len)
  77. {
  78. struct cafile_parser *ca = ctx;
  79. if(ca->err != CURLE_OK || !ca->in_cert)
  80. return;
  81. if(sizeof(ca->dn) - ca->dn_len < len) {
  82. ca->err = CURLE_FAILED_INIT;
  83. return;
  84. }
  85. memcpy(ca->dn + ca->dn_len, buf, len);
  86. ca->dn_len += len;
  87. }
  88. static void x509_push(void *ctx, const void *buf, size_t len)
  89. {
  90. struct cafile_parser *ca = ctx;
  91. if(ca->in_cert)
  92. br_x509_decoder_push(&ca->xc, buf, len);
  93. }
  94. static CURLcode load_cafile(struct cafile_source *source,
  95. br_x509_trust_anchor **anchors,
  96. size_t *anchors_len)
  97. {
  98. struct cafile_parser ca;
  99. br_pem_decoder_context pc;
  100. br_x509_trust_anchor *ta;
  101. size_t ta_size;
  102. br_x509_trust_anchor *new_anchors;
  103. size_t new_anchors_len;
  104. br_x509_pkey *pkey;
  105. FILE *fp = 0;
  106. unsigned char buf[BUFSIZ];
  107. const unsigned char *p;
  108. const char *name;
  109. size_t n, i, pushed;
  110. DEBUGASSERT(source->type == CAFILE_SOURCE_PATH
  111. || source->type == CAFILE_SOURCE_BLOB);
  112. if(source->type == CAFILE_SOURCE_PATH) {
  113. fp = fopen(source->data, "rb");
  114. if(!fp)
  115. return CURLE_SSL_CACERT_BADFILE;
  116. }
  117. if(source->type == CAFILE_SOURCE_BLOB && source->len > (size_t)INT_MAX)
  118. return CURLE_SSL_CACERT_BADFILE;
  119. ca.err = CURLE_OK;
  120. ca.in_cert = FALSE;
  121. ca.anchors = NULL;
  122. ca.anchors_len = 0;
  123. br_pem_decoder_init(&pc);
  124. br_pem_decoder_setdest(&pc, x509_push, &ca);
  125. do {
  126. if(source->type == CAFILE_SOURCE_PATH) {
  127. n = fread(buf, 1, sizeof(buf), fp);
  128. if(n == 0)
  129. break;
  130. p = buf;
  131. }
  132. else if(source->type == CAFILE_SOURCE_BLOB) {
  133. n = source->len;
  134. p = (unsigned char *) source->data;
  135. }
  136. while(n) {
  137. pushed = br_pem_decoder_push(&pc, p, n);
  138. if(ca.err)
  139. goto fail;
  140. p += pushed;
  141. n -= pushed;
  142. switch(br_pem_decoder_event(&pc)) {
  143. case 0:
  144. break;
  145. case BR_PEM_BEGIN_OBJ:
  146. name = br_pem_decoder_name(&pc);
  147. if(strcmp(name, "CERTIFICATE") && strcmp(name, "X509 CERTIFICATE"))
  148. break;
  149. br_x509_decoder_init(&ca.xc, append_dn, &ca);
  150. ca.in_cert = TRUE;
  151. ca.dn_len = 0;
  152. break;
  153. case BR_PEM_END_OBJ:
  154. if(!ca.in_cert)
  155. break;
  156. ca.in_cert = FALSE;
  157. if(br_x509_decoder_last_error(&ca.xc)) {
  158. ca.err = CURLE_SSL_CACERT_BADFILE;
  159. goto fail;
  160. }
  161. /* add trust anchor */
  162. if(ca.anchors_len == SIZE_MAX / sizeof(ca.anchors[0])) {
  163. ca.err = CURLE_OUT_OF_MEMORY;
  164. goto fail;
  165. }
  166. new_anchors_len = ca.anchors_len + 1;
  167. new_anchors = realloc(ca.anchors,
  168. new_anchors_len * sizeof(ca.anchors[0]));
  169. if(!new_anchors) {
  170. ca.err = CURLE_OUT_OF_MEMORY;
  171. goto fail;
  172. }
  173. ca.anchors = new_anchors;
  174. ca.anchors_len = new_anchors_len;
  175. ta = &ca.anchors[ca.anchors_len - 1];
  176. ta->dn.data = NULL;
  177. ta->flags = 0;
  178. if(br_x509_decoder_isCA(&ca.xc))
  179. ta->flags |= BR_X509_TA_CA;
  180. pkey = br_x509_decoder_get_pkey(&ca.xc);
  181. if(!pkey) {
  182. ca.err = CURLE_SSL_CACERT_BADFILE;
  183. goto fail;
  184. }
  185. ta->pkey = *pkey;
  186. /* calculate space needed for trust anchor data */
  187. ta_size = ca.dn_len;
  188. switch(pkey->key_type) {
  189. case BR_KEYTYPE_RSA:
  190. ta_size += pkey->key.rsa.nlen + pkey->key.rsa.elen;
  191. break;
  192. case BR_KEYTYPE_EC:
  193. ta_size += pkey->key.ec.qlen;
  194. break;
  195. default:
  196. ca.err = CURLE_FAILED_INIT;
  197. goto fail;
  198. }
  199. /* fill in trust anchor DN and public key data */
  200. ta->dn.data = malloc(ta_size);
  201. if(!ta->dn.data) {
  202. ca.err = CURLE_OUT_OF_MEMORY;
  203. goto fail;
  204. }
  205. memcpy(ta->dn.data, ca.dn, ca.dn_len);
  206. ta->dn.len = ca.dn_len;
  207. switch(pkey->key_type) {
  208. case BR_KEYTYPE_RSA:
  209. ta->pkey.key.rsa.n = ta->dn.data + ta->dn.len;
  210. memcpy(ta->pkey.key.rsa.n, pkey->key.rsa.n, pkey->key.rsa.nlen);
  211. ta->pkey.key.rsa.e = ta->pkey.key.rsa.n + ta->pkey.key.rsa.nlen;
  212. memcpy(ta->pkey.key.rsa.e, pkey->key.rsa.e, pkey->key.rsa.elen);
  213. break;
  214. case BR_KEYTYPE_EC:
  215. ta->pkey.key.ec.q = ta->dn.data + ta->dn.len;
  216. memcpy(ta->pkey.key.ec.q, pkey->key.ec.q, pkey->key.ec.qlen);
  217. break;
  218. }
  219. break;
  220. default:
  221. ca.err = CURLE_SSL_CACERT_BADFILE;
  222. goto fail;
  223. }
  224. }
  225. } while(source->type != CAFILE_SOURCE_BLOB);
  226. if(fp && ferror(fp))
  227. ca.err = CURLE_READ_ERROR;
  228. else if(ca.in_cert)
  229. ca.err = CURLE_SSL_CACERT_BADFILE;
  230. fail:
  231. if(fp)
  232. fclose(fp);
  233. if(ca.err == CURLE_OK) {
  234. *anchors = ca.anchors;
  235. *anchors_len = ca.anchors_len;
  236. }
  237. else {
  238. for(i = 0; i < ca.anchors_len; ++i)
  239. free(ca.anchors[i].dn.data);
  240. free(ca.anchors);
  241. }
  242. return ca.err;
  243. }
  244. static void x509_start_chain(const br_x509_class **ctx,
  245. const char *server_name)
  246. {
  247. struct x509_context *x509 = (struct x509_context *)ctx;
  248. if(!x509->verifypeer) {
  249. x509->cert_num = 0;
  250. return;
  251. }
  252. if(!x509->verifyhost)
  253. server_name = NULL;
  254. x509->minimal.vtable->start_chain(&x509->minimal.vtable, server_name);
  255. }
  256. static void x509_start_cert(const br_x509_class **ctx, uint32_t length)
  257. {
  258. struct x509_context *x509 = (struct x509_context *)ctx;
  259. if(!x509->verifypeer) {
  260. /* Only decode the first cert in the chain to obtain the public key */
  261. if(x509->cert_num == 0)
  262. br_x509_decoder_init(&x509->decoder, NULL, NULL);
  263. return;
  264. }
  265. x509->minimal.vtable->start_cert(&x509->minimal.vtable, length);
  266. }
  267. static void x509_append(const br_x509_class **ctx, const unsigned char *buf,
  268. size_t len)
  269. {
  270. struct x509_context *x509 = (struct x509_context *)ctx;
  271. if(!x509->verifypeer) {
  272. if(x509->cert_num == 0)
  273. br_x509_decoder_push(&x509->decoder, buf, len);
  274. return;
  275. }
  276. x509->minimal.vtable->append(&x509->minimal.vtable, buf, len);
  277. }
  278. static void x509_end_cert(const br_x509_class **ctx)
  279. {
  280. struct x509_context *x509 = (struct x509_context *)ctx;
  281. if(!x509->verifypeer) {
  282. x509->cert_num++;
  283. return;
  284. }
  285. x509->minimal.vtable->end_cert(&x509->minimal.vtable);
  286. }
  287. static unsigned x509_end_chain(const br_x509_class **ctx)
  288. {
  289. struct x509_context *x509 = (struct x509_context *)ctx;
  290. if(!x509->verifypeer) {
  291. return br_x509_decoder_last_error(&x509->decoder);
  292. }
  293. return x509->minimal.vtable->end_chain(&x509->minimal.vtable);
  294. }
  295. static const br_x509_pkey *x509_get_pkey(const br_x509_class *const *ctx,
  296. unsigned *usages)
  297. {
  298. struct x509_context *x509 = (struct x509_context *)ctx;
  299. if(!x509->verifypeer) {
  300. /* Nothing in the chain is verified, just return the public key of the
  301. first certificate and allow its usage for both TLS_RSA_* and
  302. TLS_ECDHE_* */
  303. if(usages)
  304. *usages = BR_KEYTYPE_KEYX | BR_KEYTYPE_SIGN;
  305. return br_x509_decoder_get_pkey(&x509->decoder);
  306. }
  307. return x509->minimal.vtable->get_pkey(&x509->minimal.vtable, usages);
  308. }
  309. static const br_x509_class x509_vtable = {
  310. sizeof(struct x509_context),
  311. x509_start_chain,
  312. x509_start_cert,
  313. x509_append,
  314. x509_end_cert,
  315. x509_end_chain,
  316. x509_get_pkey
  317. };
  318. struct st_cipher {
  319. const char *name; /* Cipher suite IANA name. It starts with "TLS_" prefix */
  320. const char *alias_name; /* Alias name is the same as OpenSSL cipher name */
  321. uint16_t num; /* BearSSL cipher suite */
  322. };
  323. /* Macro to initialize st_cipher data structure */
  324. #define CIPHER_DEF(num, alias) { #num, alias, BR_##num }
  325. static const struct st_cipher ciphertable[] = {
  326. /* RFC 2246 TLS 1.0 */
  327. CIPHER_DEF(TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* 0x000A */
  328. "DES-CBC3-SHA"),
  329. /* RFC 3268 TLS 1.0 AES */
  330. CIPHER_DEF(TLS_RSA_WITH_AES_128_CBC_SHA, /* 0x002F */
  331. "AES128-SHA"),
  332. CIPHER_DEF(TLS_RSA_WITH_AES_256_CBC_SHA, /* 0x0035 */
  333. "AES256-SHA"),
  334. /* RFC 5246 TLS 1.2 */
  335. CIPHER_DEF(TLS_RSA_WITH_AES_128_CBC_SHA256, /* 0x003C */
  336. "AES128-SHA256"),
  337. CIPHER_DEF(TLS_RSA_WITH_AES_256_CBC_SHA256, /* 0x003D */
  338. "AES256-SHA256"),
  339. /* RFC 5288 TLS 1.2 AES GCM */
  340. CIPHER_DEF(TLS_RSA_WITH_AES_128_GCM_SHA256, /* 0x009C */
  341. "AES128-GCM-SHA256"),
  342. CIPHER_DEF(TLS_RSA_WITH_AES_256_GCM_SHA384, /* 0x009D */
  343. "AES256-GCM-SHA384"),
  344. /* RFC 4492 TLS 1.0 ECC */
  345. CIPHER_DEF(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, /* 0xC003 */
  346. "ECDH-ECDSA-DES-CBC3-SHA"),
  347. CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, /* 0xC004 */
  348. "ECDH-ECDSA-AES128-SHA"),
  349. CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, /* 0xC005 */
  350. "ECDH-ECDSA-AES256-SHA"),
  351. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, /* 0xC008 */
  352. "ECDHE-ECDSA-DES-CBC3-SHA"),
  353. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, /* 0xC009 */
  354. "ECDHE-ECDSA-AES128-SHA"),
  355. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, /* 0xC00A */
  356. "ECDHE-ECDSA-AES256-SHA"),
  357. CIPHER_DEF(TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, /* 0xC00D */
  358. "ECDH-RSA-DES-CBC3-SHA"),
  359. CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, /* 0xC00E */
  360. "ECDH-RSA-AES128-SHA"),
  361. CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, /* 0xC00F */
  362. "ECDH-RSA-AES256-SHA"),
  363. CIPHER_DEF(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, /* 0xC012 */
  364. "ECDHE-RSA-DES-CBC3-SHA"),
  365. CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, /* 0xC013 */
  366. "ECDHE-RSA-AES128-SHA"),
  367. CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, /* 0xC014 */
  368. "ECDHE-RSA-AES256-SHA"),
  369. /* RFC 5289 TLS 1.2 ECC HMAC SHA256/384 */
  370. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, /* 0xC023 */
  371. "ECDHE-ECDSA-AES128-SHA256"),
  372. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, /* 0xC024 */
  373. "ECDHE-ECDSA-AES256-SHA384"),
  374. CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, /* 0xC025 */
  375. "ECDH-ECDSA-AES128-SHA256"),
  376. CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, /* 0xC026 */
  377. "ECDH-ECDSA-AES256-SHA384"),
  378. CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, /* 0xC027 */
  379. "ECDHE-RSA-AES128-SHA256"),
  380. CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, /* 0xC028 */
  381. "ECDHE-RSA-AES256-SHA384"),
  382. CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, /* 0xC029 */
  383. "ECDH-RSA-AES128-SHA256"),
  384. CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, /* 0xC02A */
  385. "ECDH-RSA-AES256-SHA384"),
  386. /* RFC 5289 TLS 1.2 GCM */
  387. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, /* 0xC02B */
  388. "ECDHE-ECDSA-AES128-GCM-SHA256"),
  389. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, /* 0xC02C */
  390. "ECDHE-ECDSA-AES256-GCM-SHA384"),
  391. CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, /* 0xC02D */
  392. "ECDH-ECDSA-AES128-GCM-SHA256"),
  393. CIPHER_DEF(TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, /* 0xC02E */
  394. "ECDH-ECDSA-AES256-GCM-SHA384"),
  395. CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, /* 0xC02F */
  396. "ECDHE-RSA-AES128-GCM-SHA256"),
  397. CIPHER_DEF(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, /* 0xC030 */
  398. "ECDHE-RSA-AES256-GCM-SHA384"),
  399. CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, /* 0xC031 */
  400. "ECDH-RSA-AES128-GCM-SHA256"),
  401. CIPHER_DEF(TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, /* 0xC032 */
  402. "ECDH-RSA-AES256-GCM-SHA384"),
  403. #ifdef BR_TLS_RSA_WITH_AES_128_CCM
  404. /* RFC 6655 TLS 1.2 CCM
  405. Supported since BearSSL 0.6 */
  406. CIPHER_DEF(TLS_RSA_WITH_AES_128_CCM, /* 0xC09C */
  407. "AES128-CCM"),
  408. CIPHER_DEF(TLS_RSA_WITH_AES_256_CCM, /* 0xC09D */
  409. "AES256-CCM"),
  410. CIPHER_DEF(TLS_RSA_WITH_AES_128_CCM_8, /* 0xC0A0 */
  411. "AES128-CCM8"),
  412. CIPHER_DEF(TLS_RSA_WITH_AES_256_CCM_8, /* 0xC0A1 */
  413. "AES256-CCM8"),
  414. /* RFC 7251 TLS 1.2 ECC CCM
  415. Supported since BearSSL 0.6 */
  416. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CCM, /* 0xC0AC */
  417. "ECDHE-ECDSA-AES128-CCM"),
  418. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CCM, /* 0xC0AD */
  419. "ECDHE-ECDSA-AES256-CCM"),
  420. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, /* 0xC0AE */
  421. "ECDHE-ECDSA-AES128-CCM8"),
  422. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, /* 0xC0AF */
  423. "ECDHE-ECDSA-AES256-CCM8"),
  424. #endif
  425. /* RFC 7905 TLS 1.2 ChaCha20-Poly1305
  426. Supported since BearSSL 0.2 */
  427. CIPHER_DEF(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA8 */
  428. "ECDHE-RSA-CHACHA20-POLY1305"),
  429. CIPHER_DEF(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA9 */
  430. "ECDHE-ECDSA-CHACHA20-POLY1305"),
  431. };
  432. #define NUM_OF_CIPHERS (sizeof(ciphertable) / sizeof(ciphertable[0]))
  433. #define CIPHER_NAME_BUF_LEN 64
  434. static bool is_separator(char c)
  435. {
  436. /* Return whether character is a cipher list separator. */
  437. switch(c) {
  438. case ' ':
  439. case '\t':
  440. case ':':
  441. case ',':
  442. case ';':
  443. return true;
  444. }
  445. return false;
  446. }
  447. static CURLcode bearssl_set_selected_ciphers(struct Curl_easy *data,
  448. br_ssl_engine_context *ssl_eng,
  449. const char *ciphers)
  450. {
  451. uint16_t selected_ciphers[NUM_OF_CIPHERS];
  452. size_t selected_count = 0;
  453. char cipher_name[CIPHER_NAME_BUF_LEN];
  454. const char *cipher_start = ciphers;
  455. const char *cipher_end;
  456. size_t i, j;
  457. if(!cipher_start)
  458. return CURLE_SSL_CIPHER;
  459. while(true) {
  460. /* Extract the next cipher name from the ciphers string */
  461. while(is_separator(*cipher_start))
  462. ++cipher_start;
  463. if(*cipher_start == '\0')
  464. break;
  465. cipher_end = cipher_start;
  466. while(*cipher_end != '\0' && !is_separator(*cipher_end))
  467. ++cipher_end;
  468. j = cipher_end - cipher_start < CIPHER_NAME_BUF_LEN - 1 ?
  469. cipher_end - cipher_start : CIPHER_NAME_BUF_LEN - 1;
  470. strncpy(cipher_name, cipher_start, j);
  471. cipher_name[j] = '\0';
  472. cipher_start = cipher_end;
  473. /* Lookup the cipher name in the table of available ciphers. If the cipher
  474. name starts with "TLS_" we do the lookup by IANA name. Otherwise, we try
  475. to match cipher name by an (OpenSSL) alias. */
  476. if(strncasecompare(cipher_name, "TLS_", 4)) {
  477. for(i = 0; i < NUM_OF_CIPHERS &&
  478. !strcasecompare(cipher_name, ciphertable[i].name); ++i);
  479. }
  480. else {
  481. for(i = 0; i < NUM_OF_CIPHERS &&
  482. !strcasecompare(cipher_name, ciphertable[i].alias_name); ++i);
  483. }
  484. if(i == NUM_OF_CIPHERS) {
  485. infof(data, "BearSSL: unknown cipher in list: %s", cipher_name);
  486. continue;
  487. }
  488. /* No duplicates allowed */
  489. for(j = 0; j < selected_count &&
  490. selected_ciphers[j] != ciphertable[i].num; j++);
  491. if(j < selected_count) {
  492. infof(data, "BearSSL: duplicate cipher in list: %s", cipher_name);
  493. continue;
  494. }
  495. DEBUGASSERT(selected_count < NUM_OF_CIPHERS);
  496. selected_ciphers[selected_count] = ciphertable[i].num;
  497. ++selected_count;
  498. }
  499. if(selected_count == 0) {
  500. failf(data, "BearSSL: no supported cipher in list");
  501. return CURLE_SSL_CIPHER;
  502. }
  503. br_ssl_engine_set_suites(ssl_eng, selected_ciphers, selected_count);
  504. return CURLE_OK;
  505. }
  506. static CURLcode bearssl_connect_step1(struct Curl_easy *data,
  507. struct connectdata *conn, int sockindex)
  508. {
  509. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  510. struct ssl_backend_data *backend = connssl->backend;
  511. const struct curl_blob *ca_info_blob = SSL_CONN_CONFIG(ca_info_blob);
  512. const char * const ssl_cafile =
  513. /* CURLOPT_CAINFO_BLOB overrides CURLOPT_CAINFO */
  514. (ca_info_blob ? NULL : SSL_CONN_CONFIG(CAfile));
  515. const char *hostname = SSL_HOST_NAME();
  516. const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
  517. const bool verifyhost = SSL_CONN_CONFIG(verifyhost);
  518. CURLcode ret;
  519. unsigned version_min, version_max;
  520. #ifdef ENABLE_IPV6
  521. struct in6_addr addr;
  522. #else
  523. struct in_addr addr;
  524. #endif
  525. DEBUGASSERT(backend);
  526. switch(SSL_CONN_CONFIG(version)) {
  527. case CURL_SSLVERSION_SSLv2:
  528. failf(data, "BearSSL does not support SSLv2");
  529. return CURLE_SSL_CONNECT_ERROR;
  530. case CURL_SSLVERSION_SSLv3:
  531. failf(data, "BearSSL does not support SSLv3");
  532. return CURLE_SSL_CONNECT_ERROR;
  533. case CURL_SSLVERSION_TLSv1_0:
  534. version_min = BR_TLS10;
  535. version_max = BR_TLS10;
  536. break;
  537. case CURL_SSLVERSION_TLSv1_1:
  538. version_min = BR_TLS11;
  539. version_max = BR_TLS11;
  540. break;
  541. case CURL_SSLVERSION_TLSv1_2:
  542. version_min = BR_TLS12;
  543. version_max = BR_TLS12;
  544. break;
  545. case CURL_SSLVERSION_DEFAULT:
  546. case CURL_SSLVERSION_TLSv1:
  547. version_min = BR_TLS10;
  548. version_max = BR_TLS12;
  549. break;
  550. default:
  551. failf(data, "BearSSL: unknown CURLOPT_SSLVERSION");
  552. return CURLE_SSL_CONNECT_ERROR;
  553. }
  554. if(ca_info_blob) {
  555. struct cafile_source source;
  556. source.type = CAFILE_SOURCE_BLOB;
  557. source.data = ca_info_blob->data;
  558. source.len = ca_info_blob->len;
  559. ret = load_cafile(&source, &backend->anchors, &backend->anchors_len);
  560. if(ret != CURLE_OK) {
  561. if(verifypeer) {
  562. failf(data, "error importing CA certificate blob");
  563. return ret;
  564. }
  565. /* Only warn if no certificate verification is required. */
  566. infof(data, "error importing CA certificate blob, continuing anyway");
  567. }
  568. }
  569. if(ssl_cafile) {
  570. struct cafile_source source;
  571. source.type = CAFILE_SOURCE_PATH;
  572. source.data = ssl_cafile;
  573. source.len = 0;
  574. ret = load_cafile(&source, &backend->anchors, &backend->anchors_len);
  575. if(ret != CURLE_OK) {
  576. if(verifypeer) {
  577. failf(data, "error setting certificate verify locations."
  578. " CAfile: %s", ssl_cafile);
  579. return ret;
  580. }
  581. infof(data, "error setting certificate verify locations,"
  582. " continuing anyway:");
  583. }
  584. }
  585. /* initialize SSL context */
  586. br_ssl_client_init_full(&backend->ctx, &backend->x509.minimal,
  587. backend->anchors, backend->anchors_len);
  588. br_ssl_engine_set_versions(&backend->ctx.eng, version_min, version_max);
  589. br_ssl_engine_set_buffer(&backend->ctx.eng, backend->buf,
  590. sizeof(backend->buf), 1);
  591. if(SSL_CONN_CONFIG(cipher_list)) {
  592. /* Override the ciphers as specified. For the default cipher list see the
  593. BearSSL source code of br_ssl_client_init_full() */
  594. ret = bearssl_set_selected_ciphers(data, &backend->ctx.eng,
  595. SSL_CONN_CONFIG(cipher_list));
  596. if(ret)
  597. return ret;
  598. }
  599. /* initialize X.509 context */
  600. backend->x509.vtable = &x509_vtable;
  601. backend->x509.verifypeer = verifypeer;
  602. backend->x509.verifyhost = verifyhost;
  603. br_ssl_engine_set_x509(&backend->ctx.eng, &backend->x509.vtable);
  604. if(SSL_SET_OPTION(primary.sessionid)) {
  605. void *session;
  606. Curl_ssl_sessionid_lock(data);
  607. if(!Curl_ssl_getsessionid(data, conn, SSL_IS_PROXY() ? TRUE : FALSE,
  608. &session, NULL, sockindex)) {
  609. br_ssl_engine_set_session_parameters(&backend->ctx.eng, session);
  610. infof(data, "BearSSL: re-using session ID");
  611. }
  612. Curl_ssl_sessionid_unlock(data);
  613. }
  614. if(conn->bits.tls_enable_alpn) {
  615. int cur = 0;
  616. /* NOTE: when adding more protocols here, increase the size of the
  617. * protocols array in `struct ssl_backend_data`.
  618. */
  619. #ifdef USE_HTTP2
  620. if(data->state.httpwant >= CURL_HTTP_VERSION_2
  621. #ifndef CURL_DISABLE_PROXY
  622. && (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)
  623. #endif
  624. ) {
  625. backend->protocols[cur++] = ALPN_H2;
  626. infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_H2);
  627. }
  628. #endif
  629. backend->protocols[cur++] = ALPN_HTTP_1_1;
  630. infof(data, VTLS_INFOF_ALPN_OFFER_1STR, ALPN_HTTP_1_1);
  631. br_ssl_engine_set_protocol_names(&backend->ctx.eng,
  632. backend->protocols, cur);
  633. }
  634. if((1 == Curl_inet_pton(AF_INET, hostname, &addr))
  635. #ifdef ENABLE_IPV6
  636. || (1 == Curl_inet_pton(AF_INET6, hostname, &addr))
  637. #endif
  638. ) {
  639. if(verifyhost) {
  640. failf(data, "BearSSL: "
  641. "host verification of IP address is not supported");
  642. return CURLE_PEER_FAILED_VERIFICATION;
  643. }
  644. hostname = NULL;
  645. }
  646. else {
  647. char *snihost = Curl_ssl_snihost(data, hostname, NULL);
  648. if(!snihost) {
  649. failf(data, "Failed to set SNI");
  650. return CURLE_SSL_CONNECT_ERROR;
  651. }
  652. hostname = snihost;
  653. }
  654. /* give application a chance to interfere with SSL set up. */
  655. if(data->set.ssl.fsslctx) {
  656. Curl_set_in_callback(data, true);
  657. ret = (*data->set.ssl.fsslctx)(data, &backend->ctx,
  658. data->set.ssl.fsslctxp);
  659. Curl_set_in_callback(data, false);
  660. if(ret) {
  661. failf(data, "BearSSL: error signaled by ssl ctx callback");
  662. return ret;
  663. }
  664. }
  665. if(!br_ssl_client_reset(&backend->ctx, hostname, 1))
  666. return CURLE_FAILED_INIT;
  667. backend->active = TRUE;
  668. connssl->connecting_state = ssl_connect_2;
  669. return CURLE_OK;
  670. }
  671. static CURLcode bearssl_run_until(struct Curl_easy *data,
  672. struct connectdata *conn, int sockindex,
  673. unsigned target)
  674. {
  675. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  676. struct ssl_backend_data *backend = connssl->backend;
  677. curl_socket_t sockfd = conn->sock[sockindex];
  678. unsigned state;
  679. unsigned char *buf;
  680. size_t len;
  681. ssize_t ret;
  682. int err;
  683. DEBUGASSERT(backend);
  684. for(;;) {
  685. state = br_ssl_engine_current_state(&backend->ctx.eng);
  686. if(state & BR_SSL_CLOSED) {
  687. err = br_ssl_engine_last_error(&backend->ctx.eng);
  688. switch(err) {
  689. case BR_ERR_OK:
  690. /* TLS close notify */
  691. if(connssl->state != ssl_connection_complete) {
  692. failf(data, "SSL: connection closed during handshake");
  693. return CURLE_SSL_CONNECT_ERROR;
  694. }
  695. return CURLE_OK;
  696. case BR_ERR_X509_EXPIRED:
  697. failf(data, "SSL: X.509 verification: "
  698. "certificate is expired or not yet valid");
  699. return CURLE_PEER_FAILED_VERIFICATION;
  700. case BR_ERR_X509_BAD_SERVER_NAME:
  701. failf(data, "SSL: X.509 verification: "
  702. "expected server name was not found in the chain");
  703. return CURLE_PEER_FAILED_VERIFICATION;
  704. case BR_ERR_X509_NOT_TRUSTED:
  705. failf(data, "SSL: X.509 verification: "
  706. "chain could not be linked to a trust anchor");
  707. return CURLE_PEER_FAILED_VERIFICATION;
  708. }
  709. /* X.509 errors are documented to have the range 32..63 */
  710. if(err >= 32 && err < 64)
  711. return CURLE_PEER_FAILED_VERIFICATION;
  712. return CURLE_SSL_CONNECT_ERROR;
  713. }
  714. if(state & target)
  715. return CURLE_OK;
  716. if(state & BR_SSL_SENDREC) {
  717. buf = br_ssl_engine_sendrec_buf(&backend->ctx.eng, &len);
  718. ret = swrite(sockfd, buf, len);
  719. if(ret == -1) {
  720. if(SOCKERRNO == EAGAIN || SOCKERRNO == EWOULDBLOCK) {
  721. if(connssl->state != ssl_connection_complete)
  722. connssl->connecting_state = ssl_connect_2_writing;
  723. return CURLE_AGAIN;
  724. }
  725. return CURLE_WRITE_ERROR;
  726. }
  727. br_ssl_engine_sendrec_ack(&backend->ctx.eng, ret);
  728. }
  729. else if(state & BR_SSL_RECVREC) {
  730. buf = br_ssl_engine_recvrec_buf(&backend->ctx.eng, &len);
  731. ret = sread(sockfd, buf, len);
  732. if(ret == 0) {
  733. failf(data, "SSL: EOF without close notify");
  734. return CURLE_READ_ERROR;
  735. }
  736. if(ret == -1) {
  737. if(SOCKERRNO == EAGAIN || SOCKERRNO == EWOULDBLOCK) {
  738. if(connssl->state != ssl_connection_complete)
  739. connssl->connecting_state = ssl_connect_2_reading;
  740. return CURLE_AGAIN;
  741. }
  742. return CURLE_READ_ERROR;
  743. }
  744. br_ssl_engine_recvrec_ack(&backend->ctx.eng, ret);
  745. }
  746. }
  747. }
  748. static CURLcode bearssl_connect_step2(struct Curl_easy *data,
  749. struct connectdata *conn, int sockindex)
  750. {
  751. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  752. struct ssl_backend_data *backend = connssl->backend;
  753. CURLcode ret;
  754. DEBUGASSERT(backend);
  755. ret = bearssl_run_until(data, conn, sockindex,
  756. BR_SSL_SENDAPP | BR_SSL_RECVAPP);
  757. if(ret == CURLE_AGAIN)
  758. return CURLE_OK;
  759. if(ret == CURLE_OK) {
  760. if(br_ssl_engine_current_state(&backend->ctx.eng) == BR_SSL_CLOSED) {
  761. failf(data, "SSL: connection closed during handshake");
  762. return CURLE_SSL_CONNECT_ERROR;
  763. }
  764. connssl->connecting_state = ssl_connect_3;
  765. }
  766. return ret;
  767. }
  768. static CURLcode bearssl_connect_step3(struct Curl_easy *data,
  769. struct connectdata *conn, int sockindex)
  770. {
  771. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  772. struct ssl_backend_data *backend = connssl->backend;
  773. CURLcode ret;
  774. DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);
  775. DEBUGASSERT(backend);
  776. if(conn->bits.tls_enable_alpn) {
  777. const char *protocol;
  778. protocol = br_ssl_engine_get_selected_protocol(&backend->ctx.eng);
  779. if(protocol) {
  780. infof(data, VTLS_INFOF_ALPN_ACCEPTED_1STR, protocol);
  781. #ifdef USE_HTTP2
  782. if(!strcmp(protocol, ALPN_H2))
  783. conn->alpn = CURL_HTTP_VERSION_2;
  784. else
  785. #endif
  786. if(!strcmp(protocol, ALPN_HTTP_1_1))
  787. conn->alpn = CURL_HTTP_VERSION_1_1;
  788. else
  789. infof(data, "ALPN, unrecognized protocol %s", protocol);
  790. Curl_multiuse_state(data, conn->alpn == CURL_HTTP_VERSION_2 ?
  791. BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
  792. }
  793. else
  794. infof(data, VTLS_INFOF_NO_ALPN);
  795. }
  796. if(SSL_SET_OPTION(primary.sessionid)) {
  797. bool incache;
  798. bool added = FALSE;
  799. void *oldsession;
  800. br_ssl_session_parameters *session;
  801. session = malloc(sizeof(*session));
  802. if(!session)
  803. return CURLE_OUT_OF_MEMORY;
  804. br_ssl_engine_get_session_parameters(&backend->ctx.eng, session);
  805. Curl_ssl_sessionid_lock(data);
  806. incache = !(Curl_ssl_getsessionid(data, conn,
  807. SSL_IS_PROXY() ? TRUE : FALSE,
  808. &oldsession, NULL, sockindex));
  809. if(incache)
  810. Curl_ssl_delsessionid(data, oldsession);
  811. ret = Curl_ssl_addsessionid(data, conn,
  812. SSL_IS_PROXY() ? TRUE : FALSE,
  813. session, 0, sockindex, &added);
  814. Curl_ssl_sessionid_unlock(data);
  815. if(!added)
  816. free(session);
  817. if(ret) {
  818. return CURLE_OUT_OF_MEMORY;
  819. }
  820. }
  821. connssl->connecting_state = ssl_connect_done;
  822. return CURLE_OK;
  823. }
  824. static ssize_t bearssl_send(struct Curl_easy *data, int sockindex,
  825. const void *buf, size_t len, CURLcode *err)
  826. {
  827. struct connectdata *conn = data->conn;
  828. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  829. struct ssl_backend_data *backend = connssl->backend;
  830. unsigned char *app;
  831. size_t applen;
  832. DEBUGASSERT(backend);
  833. for(;;) {
  834. *err = bearssl_run_until(data, conn, sockindex, BR_SSL_SENDAPP);
  835. if (*err != CURLE_OK)
  836. return -1;
  837. app = br_ssl_engine_sendapp_buf(&backend->ctx.eng, &applen);
  838. if(!app) {
  839. failf(data, "SSL: connection closed during write");
  840. *err = CURLE_SEND_ERROR;
  841. return -1;
  842. }
  843. if(backend->pending_write) {
  844. applen = backend->pending_write;
  845. backend->pending_write = 0;
  846. return applen;
  847. }
  848. if(applen > len)
  849. applen = len;
  850. memcpy(app, buf, applen);
  851. br_ssl_engine_sendapp_ack(&backend->ctx.eng, applen);
  852. br_ssl_engine_flush(&backend->ctx.eng, 0);
  853. backend->pending_write = applen;
  854. }
  855. }
  856. static ssize_t bearssl_recv(struct Curl_easy *data, int sockindex,
  857. char *buf, size_t len, CURLcode *err)
  858. {
  859. struct connectdata *conn = data->conn;
  860. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  861. struct ssl_backend_data *backend = connssl->backend;
  862. unsigned char *app;
  863. size_t applen;
  864. DEBUGASSERT(backend);
  865. *err = bearssl_run_until(data, conn, sockindex, BR_SSL_RECVAPP);
  866. if(*err != CURLE_OK)
  867. return -1;
  868. app = br_ssl_engine_recvapp_buf(&backend->ctx.eng, &applen);
  869. if(!app)
  870. return 0;
  871. if(applen > len)
  872. applen = len;
  873. memcpy(buf, app, applen);
  874. br_ssl_engine_recvapp_ack(&backend->ctx.eng, applen);
  875. return applen;
  876. }
  877. static CURLcode bearssl_connect_common(struct Curl_easy *data,
  878. struct connectdata *conn,
  879. int sockindex,
  880. bool nonblocking,
  881. bool *done)
  882. {
  883. CURLcode ret;
  884. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  885. curl_socket_t sockfd = conn->sock[sockindex];
  886. timediff_t timeout_ms;
  887. int what;
  888. /* check if the connection has already been established */
  889. if(ssl_connection_complete == connssl->state) {
  890. *done = TRUE;
  891. return CURLE_OK;
  892. }
  893. if(ssl_connect_1 == connssl->connecting_state) {
  894. ret = bearssl_connect_step1(data, conn, sockindex);
  895. if(ret)
  896. return ret;
  897. }
  898. while(ssl_connect_2 == connssl->connecting_state ||
  899. ssl_connect_2_reading == connssl->connecting_state ||
  900. ssl_connect_2_writing == connssl->connecting_state) {
  901. /* check allowed time left */
  902. timeout_ms = Curl_timeleft(data, NULL, TRUE);
  903. if(timeout_ms < 0) {
  904. /* no need to continue if time already is up */
  905. failf(data, "SSL connection timeout");
  906. return CURLE_OPERATION_TIMEDOUT;
  907. }
  908. /* if ssl is expecting something, check if it's available. */
  909. if(ssl_connect_2_reading == connssl->connecting_state ||
  910. ssl_connect_2_writing == connssl->connecting_state) {
  911. curl_socket_t writefd = ssl_connect_2_writing ==
  912. connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
  913. curl_socket_t readfd = ssl_connect_2_reading ==
  914. connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
  915. what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd,
  916. nonblocking?0:timeout_ms);
  917. if(what < 0) {
  918. /* fatal error */
  919. failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
  920. return CURLE_SSL_CONNECT_ERROR;
  921. }
  922. else if(0 == what) {
  923. if(nonblocking) {
  924. *done = FALSE;
  925. return CURLE_OK;
  926. }
  927. else {
  928. /* timeout */
  929. failf(data, "SSL connection timeout");
  930. return CURLE_OPERATION_TIMEDOUT;
  931. }
  932. }
  933. /* socket is readable or writable */
  934. }
  935. /* Run transaction, and return to the caller if it failed or if this
  936. * connection is done nonblocking and this loop would execute again. This
  937. * permits the owner of a multi handle to abort a connection attempt
  938. * before step2 has completed while ensuring that a client using select()
  939. * or epoll() will always have a valid fdset to wait on.
  940. */
  941. ret = bearssl_connect_step2(data, conn, sockindex);
  942. if(ret || (nonblocking &&
  943. (ssl_connect_2 == connssl->connecting_state ||
  944. ssl_connect_2_reading == connssl->connecting_state ||
  945. ssl_connect_2_writing == connssl->connecting_state)))
  946. return ret;
  947. }
  948. if(ssl_connect_3 == connssl->connecting_state) {
  949. ret = bearssl_connect_step3(data, conn, sockindex);
  950. if(ret)
  951. return ret;
  952. }
  953. if(ssl_connect_done == connssl->connecting_state) {
  954. connssl->state = ssl_connection_complete;
  955. conn->recv[sockindex] = bearssl_recv;
  956. conn->send[sockindex] = bearssl_send;
  957. *done = TRUE;
  958. }
  959. else
  960. *done = FALSE;
  961. /* Reset our connect state machine */
  962. connssl->connecting_state = ssl_connect_1;
  963. return CURLE_OK;
  964. }
  965. static size_t bearssl_version(char *buffer, size_t size)
  966. {
  967. return msnprintf(buffer, size, "BearSSL");
  968. }
  969. static bool bearssl_data_pending(const struct connectdata *conn,
  970. int connindex)
  971. {
  972. const struct ssl_connect_data *connssl = &conn->ssl[connindex];
  973. struct ssl_backend_data *backend = connssl->backend;
  974. DEBUGASSERT(backend);
  975. return br_ssl_engine_current_state(&backend->ctx.eng) & BR_SSL_RECVAPP;
  976. }
  977. static CURLcode bearssl_random(struct Curl_easy *data UNUSED_PARAM,
  978. unsigned char *entropy, size_t length)
  979. {
  980. static br_hmac_drbg_context ctx;
  981. static bool seeded = FALSE;
  982. if(!seeded) {
  983. br_prng_seeder seeder;
  984. br_hmac_drbg_init(&ctx, &br_sha256_vtable, NULL, 0);
  985. seeder = br_prng_seeder_system(NULL);
  986. if(!seeder || !seeder(&ctx.vtable))
  987. return CURLE_FAILED_INIT;
  988. seeded = TRUE;
  989. }
  990. br_hmac_drbg_generate(&ctx, entropy, length);
  991. return CURLE_OK;
  992. }
  993. static CURLcode bearssl_connect(struct Curl_easy *data,
  994. struct connectdata *conn, int sockindex)
  995. {
  996. CURLcode ret;
  997. bool done = FALSE;
  998. ret = bearssl_connect_common(data, conn, sockindex, FALSE, &done);
  999. if(ret)
  1000. return ret;
  1001. DEBUGASSERT(done);
  1002. return CURLE_OK;
  1003. }
  1004. static CURLcode bearssl_connect_nonblocking(struct Curl_easy *data,
  1005. struct connectdata *conn,
  1006. int sockindex, bool *done)
  1007. {
  1008. return bearssl_connect_common(data, conn, sockindex, TRUE, done);
  1009. }
  1010. static void *bearssl_get_internals(struct ssl_connect_data *connssl,
  1011. CURLINFO info UNUSED_PARAM)
  1012. {
  1013. struct ssl_backend_data *backend = connssl->backend;
  1014. DEBUGASSERT(backend);
  1015. return &backend->ctx;
  1016. }
  1017. static void bearssl_close(struct Curl_easy *data,
  1018. struct connectdata *conn, int sockindex)
  1019. {
  1020. struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  1021. struct ssl_backend_data *backend = connssl->backend;
  1022. size_t i;
  1023. DEBUGASSERT(backend);
  1024. if(backend->active) {
  1025. br_ssl_engine_close(&backend->ctx.eng);
  1026. (void)bearssl_run_until(data, conn, sockindex, BR_SSL_CLOSED);
  1027. }
  1028. for(i = 0; i < backend->anchors_len; ++i)
  1029. free(backend->anchors[i].dn.data);
  1030. free(backend->anchors);
  1031. }
  1032. static void bearssl_session_free(void *ptr)
  1033. {
  1034. free(ptr);
  1035. }
  1036. static CURLcode bearssl_sha256sum(const unsigned char *input,
  1037. size_t inputlen,
  1038. unsigned char *sha256sum,
  1039. size_t sha256len UNUSED_PARAM)
  1040. {
  1041. br_sha256_context ctx;
  1042. br_sha256_init(&ctx);
  1043. br_sha256_update(&ctx, input, inputlen);
  1044. br_sha256_out(&ctx, sha256sum);
  1045. return CURLE_OK;
  1046. }
  1047. const struct Curl_ssl Curl_ssl_bearssl = {
  1048. { CURLSSLBACKEND_BEARSSL, "bearssl" }, /* info */
  1049. SSLSUPP_CAINFO_BLOB | SSLSUPP_SSL_CTX,
  1050. sizeof(struct ssl_backend_data),
  1051. Curl_none_init, /* init */
  1052. Curl_none_cleanup, /* cleanup */
  1053. bearssl_version, /* version */
  1054. Curl_none_check_cxn, /* check_cxn */
  1055. Curl_none_shutdown, /* shutdown */
  1056. bearssl_data_pending, /* data_pending */
  1057. bearssl_random, /* random */
  1058. Curl_none_cert_status_request, /* cert_status_request */
  1059. bearssl_connect, /* connect */
  1060. bearssl_connect_nonblocking, /* connect_nonblocking */
  1061. Curl_ssl_getsock, /* getsock */
  1062. bearssl_get_internals, /* get_internals */
  1063. bearssl_close, /* close_one */
  1064. Curl_none_close_all, /* close_all */
  1065. bearssl_session_free, /* session_free */
  1066. Curl_none_set_engine, /* set_engine */
  1067. Curl_none_set_engine_default, /* set_engine_default */
  1068. Curl_none_engines_list, /* engines_list */
  1069. Curl_none_false_start, /* false_start */
  1070. bearssl_sha256sum, /* sha256sum */
  1071. NULL, /* associate_connection */
  1072. NULL /* disassociate_connection */
  1073. };
  1074. #endif /* USE_BEARSSL */