| /*************************************************************************** |
| * _ _ ____ _ |
| * Project ___| | | | _ \| | |
| * / __| | | | |_) | | |
| * | (__| |_| | _ <| |___ |
| * \___|\___/|_| \_\_____| |
| * |
| * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. |
| * |
| * This software is licensed as described in the file COPYING, which |
| * you should have received as part of this distribution. The terms |
| * are also available at https://curl.se/docs/copyright.html. |
| * |
| * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
| * copies of the Software, and permit persons to whom the Software is |
| * furnished to do so, under the terms of the COPYING file. |
| * |
| * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
| * KIND, either express or implied. |
| * |
| * SPDX-License-Identifier: curl |
| * |
| ***************************************************************************/ |
| |
| #include "curl_setup.h" |
| |
| #if defined(ENABLE_QUIC) && \ |
| (defined(USE_OPENSSL) || defined(USE_GNUTLS) || defined(USE_WOLFSSL)) |
| |
| #ifdef USE_OPENSSL |
| #include <openssl/err.h> |
| #include "vtls/openssl.h" |
| #elif defined(USE_GNUTLS) |
| #include <gnutls/abstract.h> |
| #include <gnutls/gnutls.h> |
| #include <gnutls/x509.h> |
| #include <gnutls/crypto.h> |
| #include <nettle/sha2.h> |
| #include "vtls/gtls.h" |
| #elif defined(USE_WOLFSSL) |
| #include <wolfssl/options.h> |
| #include <wolfssl/ssl.h> |
| #include <wolfssl/quic.h> |
| #include "vtls/wolfssl.h" |
| #endif |
| |
| #include "urldata.h" |
| #include "curl_trc.h" |
| #include "cfilters.h" |
| #include "multiif.h" |
| #include "vtls/keylog.h" |
| #include "vtls/vtls.h" |
| #include "vquic-tls.h" |
| |
| /* The last 3 #include files should be in this order */ |
| #include "curl_printf.h" |
| #include "curl_memory.h" |
| #include "memdebug.h" |
| |
| #ifndef ARRAYSIZE |
| #define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0])) |
| #endif |
| |
| #ifdef USE_OPENSSL |
| #define QUIC_CIPHERS \ |
| "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_" \ |
| "POLY1305_SHA256:TLS_AES_128_CCM_SHA256" |
| #define QUIC_GROUPS "P-256:X25519:P-384:P-521" |
| #elif defined(USE_GNUTLS) |
| #define QUIC_PRIORITY \ |
| "NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+AES-256-GCM:" \ |
| "+CHACHA20-POLY1305:+AES-128-CCM:-GROUP-ALL:+GROUP-SECP256R1:" \ |
| "+GROUP-X25519:+GROUP-SECP384R1:+GROUP-SECP521R1:" \ |
| "%DISABLE_TLS13_COMPAT_MODE" |
| #elif defined(USE_WOLFSSL) |
| #define QUIC_CIPHERS \ |
| "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_" \ |
| "POLY1305_SHA256:TLS_AES_128_CCM_SHA256" |
| #define QUIC_GROUPS "P-256:P-384:P-521" |
| #endif |
| |
| |
| #ifdef USE_OPENSSL |
| |
| static void keylog_callback(const SSL *ssl, const char *line) |
| { |
| (void)ssl; |
| Curl_tls_keylog_write_line(line); |
| } |
| |
| static CURLcode curl_ossl_init_ctx(struct quic_tls_ctx *ctx, |
| struct Curl_cfilter *cf, |
| struct Curl_easy *data, |
| Curl_vquic_tls_ctx_setup *ctx_setup) |
| { |
| struct ssl_primary_config *conn_config; |
| CURLcode result = CURLE_FAILED_INIT; |
| |
| DEBUGASSERT(!ctx->ssl_ctx); |
| #ifdef USE_OPENSSL_QUIC |
| ctx->ssl_ctx = SSL_CTX_new(OSSL_QUIC_client_method()); |
| #else |
| ctx->ssl_ctx = SSL_CTX_new(TLS_method()); |
| #endif |
| if(!ctx->ssl_ctx) { |
| result = CURLE_OUT_OF_MEMORY; |
| goto out; |
| } |
| conn_config = Curl_ssl_cf_get_primary_config(cf); |
| if(!conn_config) { |
| result = CURLE_FAILED_INIT; |
| goto out; |
| } |
| |
| if(ctx_setup) { |
| result = ctx_setup(ctx, cf, data); |
| if(result) |
| goto out; |
| } |
| |
| SSL_CTX_set_default_verify_paths(ctx->ssl_ctx); |
| |
| { |
| const char *curves = conn_config->curves ? |
| conn_config->curves : QUIC_GROUPS; |
| if(!SSL_CTX_set1_curves_list(ctx->ssl_ctx, curves)) { |
| failf(data, "failed setting curves list for QUIC: '%s'", curves); |
| return CURLE_SSL_CIPHER; |
| } |
| } |
| |
| #ifndef OPENSSL_IS_BORINGSSL |
| { |
| const char *ciphers13 = conn_config->cipher_list13 ? |
| conn_config->cipher_list13 : QUIC_CIPHERS; |
| if(SSL_CTX_set_ciphersuites(ctx->ssl_ctx, ciphers13) != 1) { |
| failf(data, "failed setting QUIC cipher suite: %s", ciphers13); |
| return CURLE_SSL_CIPHER; |
| } |
| infof(data, "QUIC cipher selection: %s", ciphers13); |
| } |
| #endif |
| |
| /* Open the file if a TLS or QUIC backend has not done this before. */ |
| Curl_tls_keylog_open(); |
| if(Curl_tls_keylog_enabled()) { |
| SSL_CTX_set_keylog_callback(ctx->ssl_ctx, keylog_callback); |
| } |
| |
| /* OpenSSL always tries to verify the peer, this only says whether it should |
| * fail to connect if the verification fails, or if it should continue |
| * anyway. In the latter case the result of the verification is checked with |
| * SSL_get_verify_result() below. */ |
| SSL_CTX_set_verify(ctx->ssl_ctx, conn_config->verifypeer ? |
| SSL_VERIFY_PEER : SSL_VERIFY_NONE, NULL); |
| |
| /* give application a chance to interfere with SSL set up. */ |
| if(data->set.ssl.fsslctx) { |
| /* When a user callback is installed to modify the SSL_CTX, |
| * we need to do the full initialization before calling it. |
| * See: #11800 */ |
| if(!ctx->x509_store_setup) { |
| result = Curl_ssl_setup_x509_store(cf, data, ctx->ssl_ctx); |
| if(result) |
| goto out; |
| ctx->x509_store_setup = TRUE; |
| } |
| Curl_set_in_callback(data, true); |
| result = (*data->set.ssl.fsslctx)(data, ctx->ssl_ctx, |
| data->set.ssl.fsslctxp); |
| Curl_set_in_callback(data, false); |
| if(result) { |
| failf(data, "error signaled by ssl ctx callback"); |
| goto out; |
| } |
| } |
| result = CURLE_OK; |
| |
| out: |
| if(result && ctx->ssl_ctx) { |
| SSL_CTX_free(ctx->ssl_ctx); |
| ctx->ssl_ctx = NULL; |
| } |
| return result; |
| } |
| |
| static CURLcode curl_ossl_set_client_cert(struct quic_tls_ctx *ctx, |
| struct Curl_cfilter *cf, |
| struct Curl_easy *data) |
| { |
| SSL_CTX *ssl_ctx = ctx->ssl_ctx; |
| const struct ssl_config_data *ssl_config; |
| |
| ssl_config = Curl_ssl_cf_get_config(cf, data); |
| DEBUGASSERT(ssl_config); |
| |
| if(ssl_config->primary.clientcert || |
| ssl_config->primary.cert_blob || |
| ssl_config->cert_type) { |
| return Curl_ossl_set_client_cert( |
| data, ssl_ctx, ssl_config->primary.clientcert, |
| ssl_config->primary.cert_blob, ssl_config->cert_type, |
| ssl_config->key, ssl_config->key_blob, |
| ssl_config->key_type, ssl_config->key_passwd); |
| } |
| |
| return CURLE_OK; |
| } |
| |
| /** SSL callbacks ***/ |
| |
| static CURLcode curl_ossl_init_ssl(struct quic_tls_ctx *ctx, |
| struct Curl_easy *data, |
| struct ssl_peer *peer, |
| const char *alpn, size_t alpn_len, |
| void *user_data) |
| { |
| DEBUGASSERT(!ctx->ssl); |
| ctx->ssl = SSL_new(ctx->ssl_ctx); |
| |
| SSL_set_app_data(ctx->ssl, user_data); |
| SSL_set_connect_state(ctx->ssl); |
| #ifndef USE_OPENSSL_QUIC |
| SSL_set_quic_use_legacy_codepoint(ctx->ssl, 0); |
| #endif |
| |
| if(alpn) |
| SSL_set_alpn_protos(ctx->ssl, (const uint8_t *)alpn, (int)alpn_len); |
| |
| if(peer->sni) { |
| if(!SSL_set_tlsext_host_name(ctx->ssl, peer->sni)) { |
| failf(data, "Failed set SNI"); |
| SSL_free(ctx->ssl); |
| ctx->ssl = NULL; |
| return CURLE_QUIC_CONNECT_ERROR; |
| } |
| } |
| return CURLE_OK; |
| } |
| |
| #elif defined(USE_GNUTLS) |
| static int keylog_callback(gnutls_session_t session, const char *label, |
| const gnutls_datum_t *secret) |
| { |
| gnutls_datum_t crandom; |
| gnutls_datum_t srandom; |
| |
| gnutls_session_get_random(session, &crandom, &srandom); |
| if(crandom.size != 32) { |
| return -1; |
| } |
| |
| Curl_tls_keylog_write(label, crandom.data, secret->data, secret->size); |
| return 0; |
| } |
| |
| static CURLcode curl_gtls_init_ctx(struct quic_tls_ctx *ctx, |
| struct Curl_cfilter *cf, |
| struct Curl_easy *data, |
| struct ssl_peer *peer, |
| const char *alpn, size_t alpn_len, |
| Curl_vquic_tls_ctx_setup *ctx_setup, |
| void *user_data) |
| { |
| struct ssl_primary_config *conn_config; |
| CURLcode result; |
| gnutls_datum_t alpns[5]; |
| /* this will need some attention when HTTPS proxy over QUIC get fixed */ |
| long * const pverifyresult = &data->set.ssl.certverifyresult; |
| int rc; |
| |
| conn_config = Curl_ssl_cf_get_primary_config(cf); |
| if(!conn_config) |
| return CURLE_FAILED_INIT; |
| |
| DEBUGASSERT(ctx->gtls == NULL); |
| ctx->gtls = calloc(1, sizeof(*(ctx->gtls))); |
| if(!ctx->gtls) |
| return CURLE_OUT_OF_MEMORY; |
| |
| result = gtls_client_init(data, conn_config, &data->set.ssl, |
| peer, ctx->gtls, pverifyresult); |
| if(result) |
| return result; |
| |
| gnutls_session_set_ptr(ctx->gtls->session, user_data); |
| |
| if(ctx_setup) { |
| result = ctx_setup(ctx, cf, data); |
| if(result) |
| return result; |
| } |
| |
| rc = gnutls_priority_set_direct(ctx->gtls->session, QUIC_PRIORITY, NULL); |
| if(rc < 0) { |
| CURL_TRC_CF(data, cf, "gnutls_priority_set_direct failed: %s\n", |
| gnutls_strerror(rc)); |
| return CURLE_QUIC_CONNECT_ERROR; |
| } |
| |
| /* Open the file if a TLS or QUIC backend has not done this before. */ |
| Curl_tls_keylog_open(); |
| if(Curl_tls_keylog_enabled()) { |
| gnutls_session_set_keylog_function(ctx->gtls->session, keylog_callback); |
| } |
| |
| /* convert the ALPN string from our arguments to a list of strings |
| * that gnutls wants and will convert internally back to this very |
| * string for sending to the server. nice. */ |
| if(alpn) { |
| size_t i, alen = alpn_len; |
| unsigned char *s = (unsigned char *)alpn; |
| unsigned char slen; |
| for(i = 0; (i < ARRAYSIZE(alpns)) && alen; ++i) { |
| slen = s[0]; |
| if(slen >= alen) |
| return CURLE_FAILED_INIT; |
| alpns[i].data = s + 1; |
| alpns[i].size = slen; |
| s += slen + 1; |
| alen -= (size_t)slen + 1; |
| } |
| if(alen) /* not all alpn chars used, wrong format or too many */ |
| return CURLE_FAILED_INIT; |
| if(i) { |
| gnutls_alpn_set_protocols(ctx->gtls->session, |
| alpns, (unsigned int)i, |
| GNUTLS_ALPN_MANDATORY); |
| } |
| } |
| |
| return CURLE_OK; |
| } |
| #elif defined(USE_WOLFSSL) |
| |
| #if defined(HAVE_SECRET_CALLBACK) |
| static void keylog_callback(const WOLFSSL *ssl, const char *line) |
| { |
| (void)ssl; |
| Curl_tls_keylog_write_line(line); |
| } |
| #endif |
| |
| static CURLcode curl_wssl_init_ctx(struct quic_tls_ctx *ctx, |
| struct Curl_cfilter *cf, |
| struct Curl_easy *data, |
| Curl_vquic_tls_ctx_setup *ctx_setup) |
| { |
| struct ssl_primary_config *conn_config; |
| CURLcode result = CURLE_FAILED_INIT; |
| |
| conn_config = Curl_ssl_cf_get_primary_config(cf); |
| if(!conn_config) { |
| result = CURLE_FAILED_INIT; |
| goto out; |
| } |
| |
| ctx->ssl_ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); |
| if(!ctx->ssl_ctx) { |
| result = CURLE_OUT_OF_MEMORY; |
| goto out; |
| } |
| |
| if(ctx_setup) { |
| result = ctx_setup(ctx, cf, data); |
| if(result) |
| goto out; |
| } |
| |
| wolfSSL_CTX_set_default_verify_paths(ctx->ssl_ctx); |
| |
| if(wolfSSL_CTX_set_cipher_list(ctx->ssl_ctx, conn_config->cipher_list13 ? |
| conn_config->cipher_list13 : |
| QUIC_CIPHERS) != 1) { |
| char error_buffer[256]; |
| ERR_error_string_n(ERR_get_error(), error_buffer, sizeof(error_buffer)); |
| failf(data, "wolfSSL failed to set ciphers: %s", error_buffer); |
| result = CURLE_BAD_FUNCTION_ARGUMENT; |
| goto out; |
| } |
| |
| if(wolfSSL_CTX_set1_groups_list(ctx->ssl_ctx, conn_config->curves ? |
| conn_config->curves : |
| (char *)QUIC_GROUPS) != 1) { |
| failf(data, "wolfSSL failed to set curves"); |
| result = CURLE_BAD_FUNCTION_ARGUMENT; |
| goto out; |
| } |
| |
| /* Open the file if a TLS or QUIC backend has not done this before. */ |
| Curl_tls_keylog_open(); |
| if(Curl_tls_keylog_enabled()) { |
| #if defined(HAVE_SECRET_CALLBACK) |
| wolfSSL_CTX_set_keylog_callback(ctx->ssl_ctx, keylog_callback); |
| #else |
| failf(data, "wolfSSL was built without keylog callback"); |
| result = CURLE_NOT_BUILT_IN; |
| goto out; |
| #endif |
| } |
| |
| if(conn_config->verifypeer) { |
| const char * const ssl_cafile = conn_config->CAfile; |
| const char * const ssl_capath = conn_config->CApath; |
| |
| wolfSSL_CTX_set_verify(ctx->ssl_ctx, SSL_VERIFY_PEER, NULL); |
| if(ssl_cafile || ssl_capath) { |
| /* tell wolfSSL where to find CA certificates that are used to verify |
| the server's certificate. */ |
| int rc = |
| wolfSSL_CTX_load_verify_locations_ex(ctx->ssl_ctx, ssl_cafile, |
| ssl_capath, |
| WOLFSSL_LOAD_FLAG_IGNORE_ERR); |
| if(SSL_SUCCESS != rc) { |
| /* Fail if we insist on successfully verifying the server. */ |
| failf(data, "error setting certificate verify locations:" |
| " CAfile: %s CApath: %s", |
| ssl_cafile ? ssl_cafile : "none", |
| ssl_capath ? ssl_capath : "none"); |
| result = CURLE_SSL_CACERT_BADFILE; |
| goto out; |
| } |
| infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none"); |
| infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none"); |
| } |
| #ifdef CURL_CA_FALLBACK |
| else { |
| /* verifying the peer without any CA certificates won't work so |
| use wolfssl's built-in default as fallback */ |
| wolfSSL_CTX_set_default_verify_paths(ctx->ssl_ctx); |
| } |
| #endif |
| } |
| else { |
| wolfSSL_CTX_set_verify(ctx->ssl_ctx, SSL_VERIFY_NONE, NULL); |
| } |
| |
| /* give application a chance to interfere with SSL set up. */ |
| if(data->set.ssl.fsslctx) { |
| Curl_set_in_callback(data, true); |
| result = (*data->set.ssl.fsslctx)(data, ctx->ssl_ctx, |
| data->set.ssl.fsslctxp); |
| Curl_set_in_callback(data, false); |
| if(result) { |
| failf(data, "error signaled by ssl ctx callback"); |
| goto out; |
| } |
| } |
| result = CURLE_OK; |
| |
| out: |
| if(result && ctx->ssl_ctx) { |
| SSL_CTX_free(ctx->ssl_ctx); |
| ctx->ssl_ctx = NULL; |
| } |
| return result; |
| } |
| |
| /** SSL callbacks ***/ |
| |
| static CURLcode curl_wssl_init_ssl(struct quic_tls_ctx *ctx, |
| struct Curl_easy *data, |
| struct ssl_peer *peer, |
| const char *alpn, size_t alpn_len, |
| void *user_data) |
| { |
| (void)data; |
| DEBUGASSERT(!ctx->ssl); |
| DEBUGASSERT(ctx->ssl_ctx); |
| ctx->ssl = wolfSSL_new(ctx->ssl_ctx); |
| |
| wolfSSL_set_app_data(ctx->ssl, user_data); |
| wolfSSL_set_connect_state(ctx->ssl); |
| wolfSSL_set_quic_use_legacy_codepoint(ctx->ssl, 0); |
| |
| if(alpn) |
| wolfSSL_set_alpn_protos(ctx->ssl, (const unsigned char *)alpn, |
| (int)alpn_len); |
| |
| if(peer->sni) { |
| wolfSSL_UseSNI(ctx->ssl, WOLFSSL_SNI_HOST_NAME, |
| peer->sni, (unsigned short)strlen(peer->sni)); |
| } |
| |
| return CURLE_OK; |
| } |
| #endif /* defined(USE_WOLFSSL) */ |
| |
| CURLcode Curl_vquic_tls_init(struct quic_tls_ctx *ctx, |
| struct Curl_cfilter *cf, |
| struct Curl_easy *data, |
| struct ssl_peer *peer, |
| const char *alpn, size_t alpn_len, |
| Curl_vquic_tls_ctx_setup *ctx_setup, |
| void *user_data) |
| { |
| CURLcode result; |
| |
| #ifdef USE_OPENSSL |
| result = curl_ossl_init_ctx(ctx, cf, data, ctx_setup); |
| if(result) |
| return result; |
| |
| result = curl_ossl_set_client_cert(ctx, cf, data); |
| if(result) |
| return result; |
| |
| return curl_ossl_init_ssl(ctx, data, peer, alpn, alpn_len, user_data); |
| #elif defined(USE_GNUTLS) |
| (void)result; |
| return curl_gtls_init_ctx(ctx, cf, data, peer, alpn, alpn_len, |
| ctx_setup, user_data); |
| #elif defined(USE_WOLFSSL) |
| result = curl_wssl_init_ctx(ctx, cf, data, ctx_setup); |
| if(result) |
| return result; |
| |
| return curl_wssl_init_ssl(ctx, data, peer, alpn, alpn_len, user_data); |
| #else |
| #error "no TLS lib in used, should not happen" |
| return CURLE_FAILED_INIT; |
| #endif |
| } |
| |
| void Curl_vquic_tls_cleanup(struct quic_tls_ctx *ctx) |
| { |
| #ifdef USE_OPENSSL |
| if(ctx->ssl) |
| SSL_free(ctx->ssl); |
| if(ctx->ssl_ctx) |
| SSL_CTX_free(ctx->ssl_ctx); |
| #elif defined(USE_GNUTLS) |
| if(ctx->gtls) { |
| if(ctx->gtls->cred) |
| gnutls_certificate_free_credentials(ctx->gtls->cred); |
| if(ctx->gtls->session) |
| gnutls_deinit(ctx->gtls->session); |
| free(ctx->gtls); |
| } |
| #elif defined(USE_WOLFSSL) |
| if(ctx->ssl) |
| wolfSSL_free(ctx->ssl); |
| if(ctx->ssl_ctx) |
| wolfSSL_CTX_free(ctx->ssl_ctx); |
| #endif |
| memset(ctx, 0, sizeof(*ctx)); |
| } |
| |
| CURLcode Curl_vquic_tls_before_recv(struct quic_tls_ctx *ctx, |
| struct Curl_cfilter *cf, |
| struct Curl_easy *data) |
| { |
| #ifdef USE_OPENSSL |
| if(!ctx->x509_store_setup) { |
| CURLcode result = Curl_ssl_setup_x509_store(cf, data, ctx->ssl_ctx); |
| if(result) |
| return result; |
| ctx->x509_store_setup = TRUE; |
| } |
| #else |
| (void)ctx; (void)cf; (void)data; |
| #endif |
| return CURLE_OK; |
| } |
| |
| CURLcode Curl_vquic_tls_verify_peer(struct quic_tls_ctx *ctx, |
| struct Curl_cfilter *cf, |
| struct Curl_easy *data, |
| struct ssl_peer *peer) |
| { |
| struct ssl_primary_config *conn_config; |
| CURLcode result = CURLE_OK; |
| |
| conn_config = Curl_ssl_cf_get_primary_config(cf); |
| if(!conn_config) |
| return CURLE_FAILED_INIT; |
| |
| if(conn_config->verifyhost) { |
| #ifdef USE_OPENSSL |
| X509 *server_cert; |
| server_cert = SSL_get1_peer_certificate(ctx->ssl); |
| if(!server_cert) { |
| return CURLE_PEER_FAILED_VERIFICATION; |
| } |
| result = Curl_ossl_verifyhost(data, cf->conn, peer, server_cert); |
| X509_free(server_cert); |
| if(result) |
| return result; |
| #elif defined(USE_GNUTLS) |
| result = Curl_gtls_verifyserver(data, ctx->gtls->session, |
| conn_config, &data->set.ssl, peer, |
| data->set.str[STRING_SSL_PINNEDPUBLICKEY]); |
| if(result) |
| return result; |
| #elif defined(USE_WOLFSSL) |
| if(!peer->sni || |
| wolfSSL_check_domain_name(ctx->ssl, peer->sni) == SSL_FAILURE) |
| return CURLE_PEER_FAILED_VERIFICATION; |
| #endif |
| infof(data, "Verified certificate just fine"); |
| } |
| else |
| infof(data, "Skipped certificate verification"); |
| #ifdef USE_OPENSSL |
| if(data->set.ssl.certinfo) |
| /* asked to gather certificate info */ |
| (void)Curl_ossl_certchain(data, ctx->ssl); |
| #endif |
| return result; |
| } |
| |
| |
| #endif /* !ENABLE_QUIC && (USE_OPENSSL || USE_GNUTLS || USE_WOLFSSL) */ |