/***************************************************************************

* _ _ ____ _

* Project ___| | | | _ \| |

* / __| | | | |_) | |

* | (__| |_| | _ <| |___

* \___|\___/|_| \_\_____|

*

* Copyright (C) Daniel Stenberg, <[email protected]>, et al.

*

* This software is licensed as described in the file COPYING, which

* you should have received as part of this distribution. The terms

* are also available at https://curl.se/docs/copyright.html.

*

* You may opt to use, copy, modify, merge, publish, distribute and/or sell

* copies of the Software, and permit persons to whom the Software is

* furnished to do so, under the terms of the COPYING file.

*

* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY

* KIND, either express or implied.

*

* SPDX-License-Identifier: curl

*

***************************************************************************/

/*

* Source file for all OpenSSL-specific code for the TLS/SSL layer. No code

* but vtls.c should ever call or use these functions.

*/

#include "curl_setup.h"

#if defined(USE_QUICHE) || defined(USE_OPENSSL)

#include <limits.h>

/* Wincrypt must be included before anything that could include OpenSSL. */

#if defined(USE_WIN32_CRYPTO)

#include <wincrypt.h>

/* Undefine wincrypt conflicting symbols for BoringSSL. */

#undef X509_NAME

#undef X509_EXTENSIONS

#undef PKCS7_ISSUER_AND_SERIAL

#undef PKCS7_SIGNER_INFO

#undef OCSP_REQUEST

#undef OCSP_RESPONSE

#endif

#include "urldata.h"

#include "sendf.h"

#include "formdata.h" /* for the boundary function */

#include "url.h" /* for the ssl config check function */

#include "inet_pton.h"

#include "openssl.h"

#include "connect.h"

#include "slist.h"

#include "select.h"

#include "vtls.h"

#include "vtls_int.h"

#include "vauth/vauth.h"

#include "keylog.h"

#include "strcase.h"

#include "hostcheck.h"

#include "multiif.h"

#include "strerror.h"

#include "curl_printf.h"

#include <openssl/ssl.h>

#include <openssl/rand.h>

#include <openssl/x509v3.h>

#ifndef OPENSSL_NO_DSA

#include <openssl/dsa.h>

#endif

#include <openssl/dh.h>

#include <openssl/err.h>

#include <openssl/md5.h>

#include <openssl/conf.h>

#include <openssl/bn.h>

#include <openssl/rsa.h>

#include <openssl/bio.h>

#include <openssl/buffer.h>

#include <openssl/pkcs12.h>

#include <openssl/tls1.h>

#include <openssl/evp.h>

#ifdef USE_ECH

# ifndef OPENSSL_IS_BORINGSSL

# include <openssl/ech.h>

# endif

# include "curl_base64.h"

# define ECH_ENABLED(__data__) \

(__data__->set.tls_ech && \

!(__data__->set.tls_ech & CURLECH_DISABLE)\

)

#endif /* USE_ECH */

#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_OCSP)

#include <openssl/ocsp.h>

#endif

#if (OPENSSL_VERSION_NUMBER >= 0x0090700fL) && /* 0.9.7 or later */ \

!defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_UI_CONSOLE)

#define USE_OPENSSL_ENGINE

#include <openssl/engine.h>

#endif

#include "warnless.h"

/* The last #include files should be: */

#include "curl_memory.h"

#include "memdebug.h"

#ifndef ARRAYSIZE

#define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0]))

#endif

/* Uncomment the ALLOW_RENEG line to a real #define if you want to allow TLS

renegotiations when built with BoringSSL. Renegotiating is non-compliant

with HTTP/2 and "an extremely dangerous protocol feature". Beware.

#define ALLOW_RENEG 1

*/

#ifndef OPENSSL_VERSION_NUMBER

#error "OPENSSL_VERSION_NUMBER not defined"

#endif

#ifdef USE_OPENSSL_ENGINE

#include <openssl/ui.h>

#endif

#if OPENSSL_VERSION_NUMBER >= 0x00909500L

#define SSL_METHOD_QUAL const

#else

#define SSL_METHOD_QUAL

#endif

#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)

#define HAVE_ERR_REMOVE_THREAD_STATE 1

#endif

#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && /* OpenSSL 1.1.0 */ \

!(defined(LIBRESSL_VERSION_NUMBER) && \

LIBRESSL_VERSION_NUMBER < 0x20700000L)

#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER

#define HAVE_X509_GET0_EXTENSIONS 1 /* added in 1.1.0 -pre1 */

#define HAVE_OPAQUE_EVP_PKEY 1 /* since 1.1.0 -pre3 */

#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */

#define CONST_EXTS const

#define HAVE_ERR_REMOVE_THREAD_STATE_DEPRECATED 1

/* funny typecast define due to difference in API */

#ifdef LIBRESSL_VERSION_NUMBER

#define ARG2_X509_signature_print (X509_ALGOR *)

#else

#define ARG2_X509_signature_print

#endif

#else

/* For OpenSSL before 1.1.0 */

#define ASN1_STRING_get0_data(x) ASN1_STRING_data(x)

#define X509_get0_notBefore(x) X509_get_notBefore(x)

#define X509_get0_notAfter(x) X509_get_notAfter(x)

#define CONST_EXTS /* nope */

#ifndef LIBRESSL_VERSION_NUMBER

#define OpenSSL_version_num() SSLeay()

#endif

#endif

#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && /* 1.0.2 or later */ \

!(defined(LIBRESSL_VERSION_NUMBER) && \

LIBRESSL_VERSION_NUMBER < 0x20700000L)

#define HAVE_X509_GET0_SIGNATURE 1

#endif

#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) /* 1.0.2 or later */

#define HAVE_SSL_GET_SHUTDOWN 1

#endif

#if OPENSSL_VERSION_NUMBER >= 0x10002003L && \

OPENSSL_VERSION_NUMBER <= 0x10002FFFL && \

!defined(OPENSSL_NO_COMP)

#define HAVE_SSL_COMP_FREE_COMPRESSION_METHODS 1

#endif

#if (OPENSSL_VERSION_NUMBER < 0x0090808fL)

/* not present in older OpenSSL */

#define OPENSSL_load_builtin_modules(x)

#endif

#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)

#define HAVE_EVP_PKEY_GET_PARAMS 1

#endif

#ifdef HAVE_EVP_PKEY_GET_PARAMS

#include <openssl/core_names.h>

#define DECLARE_PKEY_PARAM_BIGNUM(name) BIGNUM *name = NULL

#define FREE_PKEY_PARAM_BIGNUM(name) BN_clear_free(name)

#else

#define DECLARE_PKEY_PARAM_BIGNUM(name) const BIGNUM *name

#define FREE_PKEY_PARAM_BIGNUM(name)

#endif

/*

* Whether SSL_CTX_set_keylog_callback is available.

* OpenSSL: supported since 1.1.1 https://github.com/openssl/openssl/pull/2287

* BoringSSL: supported since d28f59c27bac (committed 2015-11-19)

* LibreSSL: not supported. 3.5.0 has a stub function that does nothing.

*/

#if (OPENSSL_VERSION_NUMBER >= 0x10101000L && \

!defined(LIBRESSL_VERSION_NUMBER)) || \

defined(OPENSSL_IS_BORINGSSL)

#define HAVE_KEYLOG_CALLBACK

#endif

/* Whether SSL_CTX_set_ciphersuites is available.

* OpenSSL: supported since 1.1.1 (commit a53b5be6a05)

* BoringSSL: no

* LibreSSL: supported since 3.4.1 (released 2021-10-14)

*/

#if ((OPENSSL_VERSION_NUMBER >= 0x10101000L && \

!defined(LIBRESSL_VERSION_NUMBER)) || \

(defined(LIBRESSL_VERSION_NUMBER) && \

LIBRESSL_VERSION_NUMBER >= 0x3040100fL)) && \

!defined(OPENSSL_IS_BORINGSSL)

#define HAVE_SSL_CTX_SET_CIPHERSUITES

#if !defined(OPENSSL_IS_AWSLC)

#define HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH

#endif

#endif

/*

* Whether SSL_CTX_set1_curves_list is available.

* OpenSSL: supported since 1.0.2, see

* https://docs.openssl.org/master/man3/SSL_CTX_set1_curves/

* BoringSSL: supported since 5fd1807d95f7 (committed 2016-09-30)

* LibreSSL: since 2.5.3 (April 12, 2017)

*/

#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) || \

defined(OPENSSL_IS_BORINGSSL)

#define HAVE_SSL_CTX_SET_EC_CURVES

#endif

#if defined(LIBRESSL_VERSION_NUMBER)

#define OSSL_PACKAGE "LibreSSL"

#elif defined(OPENSSL_IS_BORINGSSL)

#define OSSL_PACKAGE "BoringSSL"

#elif defined(OPENSSL_IS_AWSLC)

#define OSSL_PACKAGE "AWS-LC"

#else

# if defined(USE_NGTCP2) && defined(USE_NGHTTP3)

# define OSSL_PACKAGE "quictls"

# else

# define OSSL_PACKAGE "OpenSSL"

#endif

#endif

#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)

typedef size_t numcert_t;

#else

typedef int numcert_t;

#endif

#define ossl_valsize_t numcert_t

#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)

/* up2date versions of OpenSSL maintain reasonably secure defaults without

* breaking compatibility, so it is better not to override the defaults in curl

*/

#define DEFAULT_CIPHER_SELECTION NULL

#else

/* not the case with old versions of OpenSSL */

#define DEFAULT_CIPHER_SELECTION \

"ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH"

#endif

#ifdef HAVE_OPENSSL_SRP

/* the function exists */

#ifdef USE_TLS_SRP

/* the functionality is not disabled */

#define USE_OPENSSL_SRP

#endif

#endif

#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)

#define HAVE_RANDOM_INIT_BY_DEFAULT 1

#endif

#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \

!(defined(LIBRESSL_VERSION_NUMBER) && \

LIBRESSL_VERSION_NUMBER < 0x2070100fL) && \

!defined(OPENSSL_IS_BORINGSSL) && \

!defined(OPENSSL_IS_AWSLC)

#define HAVE_OPENSSL_VERSION

#endif

#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)

typedef uint32_t sslerr_t;

#else

typedef unsigned long sslerr_t;

#endif

/*

* Whether the OpenSSL version has the API needed to support sharing an

* X509_STORE between connections. The API is:

* * `X509_STORE_up_ref` -- Introduced: OpenSSL 1.1.0.

*/

#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) /* OpenSSL >= 1.1.0 */

#define HAVE_SSL_X509_STORE_SHARE

#endif

/* What API version do we use? */

#if defined(LIBRESSL_VERSION_NUMBER)

#define USE_PRE_1_1_API (LIBRESSL_VERSION_NUMBER < 0x2070000f)

#else /* !LIBRESSL_VERSION_NUMBER */

#define USE_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x10100000L)

#endif /* !LIBRESSL_VERSION_NUMBER */

static CURLcode ossl_certchain(struct Curl_easy *data, SSL *ssl);

static CURLcode push_certinfo(struct Curl_easy *data,

BIO *mem, const char *label, int num)

WARN_UNUSED_RESULT;

static CURLcode push_certinfo(struct Curl_easy *data,

BIO *mem, const char *label, int num)

{

char *ptr;

long len = BIO_get_mem_data(mem, &ptr);

CURLcode result = Curl_ssl_push_certinfo_len(data, num, label, ptr, len);

(void)BIO_reset(mem);

return result;

}

static CURLcode pubkey_show(struct Curl_easy *data,

const BIGNUM *bn)

{

char namebuf[32];

msnprintf(namebuf, sizeof(namebuf), "%s(%s)", type, name);

if(bn)

BN_print(mem, bn);

return push_certinfo(data, mem, namebuf, num);

}

#ifdef HAVE_OPAQUE_RSA_DSA_DH

#define print_pubkey_BN(_type, _name, _num) \

pubkey_show(data, mem, _num, #_type, #_name, _name)

#else

#define print_pubkey_BN(_type, _name, _num) \

do { \

if(_type->_name) { \

pubkey_show(data, mem, _num, #_type, #_name, _type->_name); \

} \

} while(0)

#endif

static int asn1_object_dump(ASN1_OBJECT *a, char *buf, size_t len)

{

int i, ilen;

ilen = (int)len;

if(ilen < 0)

return 1; /* buffer too big */

i = i2t_ASN1_OBJECT(buf, ilen, a);

if(i >= ilen)

return 1; /* buffer too small */

return 0;

}

static CURLcode X509V3_ext(struct Curl_easy *data,

int certnum,

CONST_EXTS STACK_OF(X509_EXTENSION) *exts)

{

int i;

CURLcode result = CURLE_OK;

if((int)sk_X509_EXTENSION_num(exts) <= 0)

/* no extensions, bail out */

return result;

for(i = 0; i < (int)sk_X509_EXTENSION_num(exts); i ) {

ASN1_OBJECT *obj;

X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, (ossl_valsize_t)i);

BUF_MEM *biomem;

char namebuf[128];

BIO *bio_out = BIO_new(BIO_s_mem());

if(!bio_out)

return result;

obj = X509_EXTENSION_get_object(ext);

asn1_object_dump(obj, namebuf, sizeof(namebuf));

if(!X509V3_EXT_print(bio_out, ext, 0, 0))

ASN1_STRING_print(bio_out, (ASN1_STRING *)X509_EXTENSION_get_data(ext));

BIO_get_mem_ptr(bio_out, &biomem);

result = Curl_ssl_push_certinfo_len(data, certnum, namebuf, biomem->data,

biomem->length);

BIO_free(bio_out);

if(result)

break;

}

return result;

}

static CURLcode ossl_certchain(struct Curl_easy *data, SSL *ssl)

{

CURLcode result;

STACK_OF(X509) *sk;

int i;

numcert_t numcerts;

BIO *mem;

DEBUGASSERT(ssl);

sk = SSL_get_peer_cert_chain(ssl);

if(!sk) {

return CURLE_OUT_OF_MEMORY;

}

numcerts = sk_X509_num(sk);

result = Curl_ssl_init_certinfo(data, (int)numcerts);

if(result)

return result;

mem = BIO_new(BIO_s_mem());

if(!mem)

result = CURLE_OUT_OF_MEMORY;

for(i = 0; !result && (i < (int)numcerts); i ) {

ASN1_INTEGER *num;

X509 *x = sk_X509_value(sk, (ossl_valsize_t)i);

EVP_PKEY *pubkey = NULL;

int j;

const ASN1_BIT_STRING *psig = NULL;

X509_NAME_print_ex(mem, X509_get_subject_name(x), 0, XN_FLAG_ONELINE);

result = push_certinfo(data, mem, "Subject", i);

if(result)

break;

X509_NAME_print_ex(mem, X509_get_issuer_name(x), 0, XN_FLAG_ONELINE);

result = push_certinfo(data, mem, "Issuer", i);

if(result)

break;

BIO_printf(mem, "%lx", X509_get_version(x));

result = push_certinfo(data, mem, "Version", i);

if(result)

break;

num = X509_get_serialNumber(x);

if(num->type == V_ASN1_NEG_INTEGER)

BIO_puts(mem, "-");

for(j = 0; j < num->length; j )

BIO_printf(mem, "x", num->data[j]);

result = push_certinfo(data, mem, "Serial Number", i);

if(result)

break;

#if defined(HAVE_X509_GET0_SIGNATURE) && defined(HAVE_X509_GET0_EXTENSIONS)

{

const X509_ALGOR *sigalg = NULL;

X509_PUBKEY *xpubkey = NULL;

ASN1_OBJECT *pubkeyoid = NULL;

X509_get0_signature(&psig, &sigalg, x);

if(sigalg) {

const ASN1_OBJECT *sigalgoid = NULL;

X509_ALGOR_get0(&sigalgoid, NULL, NULL, sigalg);

i2a_ASN1_OBJECT(mem, sigalgoid);

result = push_certinfo(data, mem, "Signature Algorithm", i);

if(result)

break;

}

xpubkey = X509_get_X509_PUBKEY(x);

if(xpubkey) {

X509_PUBKEY_get0_param(&pubkeyoid, NULL, NULL, NULL, xpubkey);

if(pubkeyoid) {

i2a_ASN1_OBJECT(mem, pubkeyoid);

result = push_certinfo(data, mem, "Public Key Algorithm", i);

if(result)

break;

}

}

result = X509V3_ext(data, i, X509_get0_extensions(x));

if(result)

break;

}

#else

{

/* before OpenSSL 1.0.2 */

X509_CINF *cinf = x->cert_info;

i2a_ASN1_OBJECT(mem, cinf->signature->algorithm);

result = push_certinfo(data, mem, "Signature Algorithm", i);

if(!result) {

i2a_ASN1_OBJECT(mem, cinf->key->algor->algorithm);

result = push_certinfo(data, mem, "Public Key Algorithm", i);

}

if(!result)

result = X509V3_ext(data, i, cinf->extensions);

if(result)

break;

psig = x->signature;

}

#endif

ASN1_TIME_print(mem, X509_get0_notBefore(x));

result = push_certinfo(data, mem, "Start date", i);

if(result)

break;

ASN1_TIME_print(mem, X509_get0_notAfter(x));

result = push_certinfo(data, mem, "Expire date", i);

if(result)

break;

pubkey = X509_get_pubkey(x);

if(!pubkey)

infof(data, " Unable to load public key");

else {

int pktype;

#ifdef HAVE_OPAQUE_EVP_PKEY

pktype = EVP_PKEY_id(pubkey);

#else

pktype = pubkey->type;

#endif

switch(pktype) {

case EVP_PKEY_RSA: {

#ifndef HAVE_EVP_PKEY_GET_PARAMS

RSA *rsa;

#ifdef HAVE_OPAQUE_EVP_PKEY

rsa = EVP_PKEY_get0_RSA(pubkey);

#else

rsa = pubkey->pkey.rsa;

#endif /* HAVE_OPAQUE_EVP_PKEY */

#endif /* !HAVE_EVP_PKEY_GET_PARAMS */

{

#ifdef HAVE_OPAQUE_RSA_DSA_DH

DECLARE_PKEY_PARAM_BIGNUM(n);

DECLARE_PKEY_PARAM_BIGNUM(e);

#ifdef HAVE_EVP_PKEY_GET_PARAMS

EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_RSA_N, &n);

EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_RSA_E, &e);

#else

RSA_get0_key(rsa, &n, &e, NULL);

#endif /* HAVE_EVP_PKEY_GET_PARAMS */

BIO_printf(mem, "%d", n ? BN_num_bits(n) : 0);

#else

BIO_printf(mem, "%d", rsa->n ? BN_num_bits(rsa->n) : 0);

#endif /* HAVE_OPAQUE_RSA_DSA_DH */

result = push_certinfo(data, mem, "RSA Public Key", i);

if(result)

break;

print_pubkey_BN(rsa, n, i);

print_pubkey_BN(rsa, e, i);

FREE_PKEY_PARAM_BIGNUM(n);

FREE_PKEY_PARAM_BIGNUM(e);

}

break;

}

case EVP_PKEY_DSA:

{

#ifndef OPENSSL_NO_DSA

#ifndef HAVE_EVP_PKEY_GET_PARAMS

DSA *dsa;

#ifdef HAVE_OPAQUE_EVP_PKEY

dsa = EVP_PKEY_get0_DSA(pubkey);

#else

dsa = pubkey->pkey.dsa;

#endif /* HAVE_OPAQUE_EVP_PKEY */

#endif /* !HAVE_EVP_PKEY_GET_PARAMS */

{

#ifdef HAVE_OPAQUE_RSA_DSA_DH

DECLARE_PKEY_PARAM_BIGNUM(p);

DECLARE_PKEY_PARAM_BIGNUM(q);

DECLARE_PKEY_PARAM_BIGNUM(g);

DECLARE_PKEY_PARAM_BIGNUM(pub_key);

#ifdef HAVE_EVP_PKEY_GET_PARAMS

EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_FFC_P, &p);

EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_FFC_Q, &q);

EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_FFC_G, &g);

EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_PUB_KEY, &pub_key);

#else

DSA_get0_pqg(dsa, &p, &q, &g);

DSA_get0_key(dsa, &pub_key, NULL);

#endif /* HAVE_EVP_PKEY_GET_PARAMS */

#endif /* HAVE_OPAQUE_RSA_DSA_DH */

print_pubkey_BN(dsa, p, i);

print_pubkey_BN(dsa, q, i);

print_pubkey_BN(dsa, g, i);

print_pubkey_BN(dsa, pub_key, i);

FREE_PKEY_PARAM_BIGNUM(p);

FREE_PKEY_PARAM_BIGNUM(q);

FREE_PKEY_PARAM_BIGNUM(g);

FREE_PKEY_PARAM_BIGNUM(pub_key);

}

#endif /* !OPENSSL_NO_DSA */

break;

}

case EVP_PKEY_DH: {

#ifndef HAVE_EVP_PKEY_GET_PARAMS

DH *dh;

#ifdef HAVE_OPAQUE_EVP_PKEY

dh = EVP_PKEY_get0_DH(pubkey);

#else

dh = pubkey->pkey.dh;

#endif /* HAVE_OPAQUE_EVP_PKEY */

#endif /* !HAVE_EVP_PKEY_GET_PARAMS */

{

#ifdef HAVE_OPAQUE_RSA_DSA_DH

DECLARE_PKEY_PARAM_BIGNUM(p);

DECLARE_PKEY_PARAM_BIGNUM(q);

DECLARE_PKEY_PARAM_BIGNUM(g);

DECLARE_PKEY_PARAM_BIGNUM(pub_key);

#ifdef HAVE_EVP_PKEY_GET_PARAMS

EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_FFC_P, &p);

EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_FFC_Q, &q);

EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_FFC_G, &g);

EVP_PKEY_get_bn_param(pubkey, OSSL_PKEY_PARAM_PUB_KEY, &pub_key);

#else

DH_get0_pqg(dh, &p, &q, &g);

DH_get0_key(dh, &pub_key, NULL);

#endif /* HAVE_EVP_PKEY_GET_PARAMS */

print_pubkey_BN(dh, p, i);

print_pubkey_BN(dh, q, i);

print_pubkey_BN(dh, g, i);

#else

print_pubkey_BN(dh, p, i);

print_pubkey_BN(dh, g, i);

#endif /* HAVE_OPAQUE_RSA_DSA_DH */

print_pubkey_BN(dh, pub_key, i);

FREE_PKEY_PARAM_BIGNUM(p);

FREE_PKEY_PARAM_BIGNUM(q);

FREE_PKEY_PARAM_BIGNUM(g);

FREE_PKEY_PARAM_BIGNUM(pub_key);

}

break;

}

}

EVP_PKEY_free(pubkey);

}

if(!result && psig) {

for(j = 0; j < psig->length; j )

BIO_printf(mem, "x:", psig->data[j]);

result = push_certinfo(data, mem, "Signature", i);

}

if(!result) {

PEM_write_bio_X509(mem, x);

result = push_certinfo(data, mem, "Cert", i);

}

}

BIO_free(mem);

if(result)

/* cleanup all leftovers */

Curl_ssl_free_certinfo(data);

return result;

}

#endif /* quiche or OpenSSL */

#ifdef USE_OPENSSL

#if USE_PRE_1_1_API

#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL

#define BIO_set_init(x,v) ((x)->init=(v))

#define BIO_get_data(x) ((x)->ptr)

#define BIO_set_data(x,v) ((x)->ptr=(v))

#endif

#define BIO_get_shutdown(x) ((x)->shutdown)

#define BIO_set_shutdown(x,v) ((x)->shutdown=(v))

#endif /* USE_PRE_1_1_API */

static int ossl_bio_cf_create(BIO *bio)

{

BIO_set_shutdown(bio, 1);

BIO_set_init(bio, 1);

#if USE_PRE_1_1_API

bio->num = -1;

#endif

BIO_set_data(bio, NULL);

return 1;

}

static int ossl_bio_cf_destroy(BIO *bio)

{

if(!bio)

return 0;

return 1;

}

static long ossl_bio_cf_ctrl(BIO *bio, int cmd, long num, void *ptr)

{

struct Curl_cfilter *cf = BIO_get_data(bio);

long ret = 1;

(void)cf;

(void)ptr;

switch(cmd) {

case BIO_CTRL_GET_CLOSE:

ret = (long)BIO_get_shutdown(bio);

break;

case BIO_CTRL_SET_CLOSE:

BIO_set_shutdown(bio, (int)num);

break;

case BIO_CTRL_FLUSH:

/* we do no delayed writes, but if we ever would, this

* needs to trigger it. */

ret = 1;

break;

case BIO_CTRL_DUP:

ret = 1;

break;

#ifdef BIO_CTRL_EOF

case BIO_CTRL_EOF:

/* EOF has been reached on input? */

return (!cf->next || !cf->next->connected);

#endif

default:

ret = 0;

break;

}

return ret;

}

static int ossl_bio_cf_out_write(BIO *bio, const char *buf, int blen)

{

struct Curl_cfilter *cf = BIO_get_data(bio);

struct ssl_connect_data *connssl = cf->ctx;

struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend;

struct Curl_easy *data = CF_DATA_CURRENT(cf);

ssize_t nwritten;

CURLcode result = CURLE_SEND_ERROR;

DEBUGASSERT(data);

if(blen < 0)

return 0;

nwritten = Curl_conn_cf_send(cf->next, data, buf, (size_t)blen, FALSE,

&result);

CURL_TRC_CF(data, cf, "ossl_bio_cf_out_write(len=%d) -> %d, err=%d",

blen, (int)nwritten, result);

BIO_clear_retry_flags(bio);

octx->io_result = result;

if(nwritten < 0) {

if(CURLE_AGAIN == result)

BIO_set_retry_write(bio);

}

return (int)nwritten;

}

static int ossl_bio_cf_in_read(BIO *bio, char *buf, int blen)

{

struct Curl_cfilter *cf = BIO_get_data(bio);

struct ssl_connect_data *connssl = cf->ctx;

struct ossl_ctx *octx = (struct ossl_ctx *)connssl->backend;

struct Curl_easy *data = CF_DATA_CURRENT(cf);

ssize_t nread;

CURLcode result = CURLE_RECV_ERROR;

DEBUGASSERT(data);

/* OpenSSL catches this case, so should we. */

if(!buf)

return 0;

if(blen < 0)

return 0;

nread = Curl_conn_cf_recv(cf->next, data, buf, (size_t)blen, &result);

CURL_TRC_CF(data, cf, "ossl_bio_cf_in_read(len=%d) -> %d, err=%d",

blen, (int)nread, result);

BIO_clear_retry_flags(bio);

octx->io_result = result;

if(nread < 0) {

if(CURLE_AGAIN == result)

BIO_set_retry_read(bio);

}

else if(nread == 0) {

connssl->peer_closed = TRUE;

}

/* Before returning server replies to the SSL instance, we need

* to have setup the x509 store or verification will fail. */

if(!octx->x509_store_setup) {

result = Curl_ssl_setup_x509_store(cf, data, octx->ssl_ctx);

if(result) {

octx->io_result = result;

return -1;

}

octx->x509_store_setup = TRUE;

}

return (int)nread;

}

#if USE_PRE_1_1_API

static BIO_METHOD ossl_bio_cf_meth_1_0 = {

BIO_TYPE_MEM,

"OpenSSL CF BIO",

ossl_bio_cf_out_write,

ossl_bio_cf_in_read,

NULL, /* puts is never called */

NULL, /* gets is never called */

ossl_bio_cf_ctrl,

ossl_bio_cf_create,

ossl_bio_cf_destroy,

NULL

};

static BIO_METHOD *ossl_bio_cf_method_create(void)

{

return &ossl_bio_cf_meth_1_0;

}

#define ossl_bio_cf_method_free(m) Curl_nop_stmt

#else

static BIO_METHOD *ossl_bio_cf_method_create(void)

{

BIO_METHOD *m = BIO_meth_new(BIO_TYPE_MEM, "OpenSSL CF BIO");

if(m) {

BIO_meth_set_write(m, &ossl_bio_cf_out_write);

BIO_meth_set_read(m, &ossl_bio_cf_in_read);

BIO_meth_set_ctrl(m, &ossl_bio_cf_ctrl);

BIO_meth_set_create(m, &ossl_bio_cf_create);

BIO_meth_set_destroy(m, &ossl_bio_cf_destroy);

}

return m;

}

static void ossl_bio_cf_method_free(BIO_METHOD *m)

{

if(m)

BIO_meth_free(m);

}

#endif

/*

* Number of bytes to read from the random number seed file. This must be

* a finite value (because some entropy "files" like /dev/urandom have

* an infinite length), but must be large enough to provide enough

* entropy to properly seed OpenSSL's PRNG.

*/

#define RAND_LOAD_LENGTH 1024

#ifdef HAVE_KEYLOG_CALLBACK

static void ossl_keylog_callback(const SSL *ssl, const char *line)

{

(void)ssl;

Curl_tls_keylog_write_line(line);

}

#else

/*

* ossl_log_tls12_secret is called by libcurl to make the CLIENT_RANDOMs if the

* OpenSSL being used does not have native support for doing that.

*/

static void

ossl_log_tls12_secret(const SSL *ssl, bool *keylog_done)

{

const SSL_SESSION *session = SSL_get_session(ssl);

unsigned char client_random[SSL3_RANDOM_SIZE];

unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];

int master_key_length = 0;

if(!session || *keylog_done)

return;

#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \

!(defined(LIBRESSL_VERSION_NUMBER) && \

LIBRESSL_VERSION_NUMBER < 0x20700000L)

/* ssl->s3 is not checked in OpenSSL 1.1.0-pre6, but let's assume that

* we have a valid SSL context if we have a non-NULL session. */

SSL_get_client_random(ssl, client_random, SSL3_RANDOM_SIZE);

master_key_length = (int)

SSL_SESSION_get_master_key(session, master_key, SSL_MAX_MASTER_KEY_LENGTH);

#else

if(ssl->s3 && session->master_key_length > 0) {

master_key_length = session->master_key_length;

memcpy(master_key, session->master_key, session->master_key_length);

memcpy(client_random, ssl->s3->client_random, SSL3_RANDOM_SIZE);

}

#endif

/* The handshake has not progressed sufficiently yet, or this is a TLS 1.3

* session (when curl was built with older OpenSSL headers and running with

* newer OpenSSL runtime libraries). */

if(master_key_length <= 0)

return;

*keylog_done = TRUE;

Curl_tls_keylog_write("CLIENT_RANDOM", client_random,

master_key, master_key_length);

}

#endif /* !HAVE_KEYLOG_CALLBACK */

static const char *SSL_ERROR_to_str(int err)

{

switch(err) {

case SSL_ERROR_NONE:

return "SSL_ERROR_NONE";

case SSL_ERROR_SSL:

return "SSL_ERROR_SSL";

case SSL_ERROR_WANT_READ:

return "SSL_ERROR_WANT_READ";

case SSL_ERROR_WANT_WRITE:

return "SSL_ERROR_WANT_WRITE";

case SSL_ERROR_WANT_X509_LOOKUP:

return "SSL_ERROR_WANT_X509_LOOKUP";

case SSL_ERROR_SYSCALL:

return "SSL_ERROR_SYSCALL";

case SSL_ERROR_ZERO_RETURN:

return "SSL_ERROR_ZERO_RETURN";

case SSL_ERROR_WANT_CONNECT:

return "SSL_ERROR_WANT_CONNECT";

case SSL_ERROR_WANT_ACCEPT:

return "SSL_ERROR_WANT_ACCEPT";

#if defined(SSL_ERROR_WANT_ASYNC)

case SSL_ERROR_WANT_ASYNC:

return "SSL_ERROR_WANT_ASYNC";

#endif

#if defined(SSL_ERROR_WANT_ASYNC_JOB)

case SSL_ERROR_WANT_ASYNC_JOB:

return "SSL_ERROR_WANT_ASYNC_JOB";

#endif

#if defined(SSL_ERROR_WANT_EARLY)

case SSL_ERROR_WANT_EARLY:

return "SSL_ERROR_WANT_EARLY";

#endif

default:

return "SSL_ERROR unknown";

}

}

static size_t ossl_version(char *buffer, size_t size);

/* Return error string for last OpenSSL error

*/

static char *ossl_strerror(unsigned long error, char *buf, size_t size)

{

size_t len;

DEBUGASSERT(size);

*buf = '\0';

len = ossl_version(buf, size);

DEBUGASSERT(len < (size - 2));

if(len < (size - 2)) {

buf = len;

size -= (len 2);

*buf = ':';

*buf = ' ';

*buf = '\0';

}

#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)

ERR_error_string_n((uint32_t)error, buf, size);

#else

ERR_error_string_n(error, buf, size);

#endif

if(!*buf) {

const char *msg = error ? "Unknown error" : "No error";

if(strlen(msg) < size)

strcpy(buf, msg);

}

return buf;

}

static int passwd_callback(char *buf, int num, int encrypting,

void *global_passwd)

{