1 /*************************************************************************** 2 * _ _ ____ _ 3 * Project ___| | | | _ \| | 4 * / __| | | | |_) | | 5 * | (__| |_| | _ <| |___ 6 * \___|\___/|_| \_\_____| 7 * 8 * Copyright (C) 2012 - 2014, Nick Zitzmann, <nickzman (at) gmail.com>. 9 * Copyright (C) 2012 - 2015, Daniel Stenberg, <daniel (at) haxx.se>, et al. 10 * 11 * This software is licensed as described in the file COPYING, which 12 * you should have received as part of this distribution. The terms 13 * are also available at http://curl.haxx.se/docs/copyright.html. 14 * 15 * You may opt to use, copy, modify, merge, publish, distribute and/or sell 16 * copies of the Software, and permit persons to whom the Software is 17 * furnished to do so, under the terms of the COPYING file. 18 * 19 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 20 * KIND, either express or implied. 21 * 22 ***************************************************************************/ 23 24 /* 25 * Source file for all iOS and Mac OS X SecureTransport-specific code for the 26 * TLS/SSL layer. No code but vtls.c should ever call or use these functions. 27 */ 28 29 #include "curl_setup.h" 30 31 #include "urldata.h" /* for the SessionHandle definition */ 32 #include "curl_base64.h" 33 #include "strtok.h" 34 35 #ifdef USE_DARWINSSL 36 37 #ifdef HAVE_LIMITS_H 38 #include <limits.h> 39 #endif 40 41 #include <Security/Security.h> 42 #include <Security/SecureTransport.h> 43 #include <CoreFoundation/CoreFoundation.h> 44 #include <CommonCrypto/CommonDigest.h> 45 46 /* The Security framework has changed greatly between iOS and different OS X 47 versions, and we will try to support as many of them as we can (back to 48 Leopard and iOS 5) by using macros and weak-linking. 49 50 IMPORTANT: If TLS 1.1 and 1.2 support are important for you on OS X, then 51 you must build this project against the 10.8 SDK or later. */ 52 #if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)) 53 54 #if MAC_OS_X_VERSION_MAX_ALLOWED < 1050 55 #error "The darwinssl back-end requires Leopard or later." 56 #endif /* MAC_OS_X_VERSION_MAX_ALLOWED < 1050 */ 57 58 #define CURL_BUILD_IOS 0 59 #define CURL_BUILD_IOS_7 0 60 #define CURL_BUILD_MAC 1 61 /* This is the maximum API level we are allowed to use when building: */ 62 #define CURL_BUILD_MAC_10_5 MAC_OS_X_VERSION_MAX_ALLOWED >= 1050 63 #define CURL_BUILD_MAC_10_6 MAC_OS_X_VERSION_MAX_ALLOWED >= 1060 64 #define CURL_BUILD_MAC_10_7 MAC_OS_X_VERSION_MAX_ALLOWED >= 1070 65 #define CURL_BUILD_MAC_10_8 MAC_OS_X_VERSION_MAX_ALLOWED >= 1080 66 #define CURL_BUILD_MAC_10_9 MAC_OS_X_VERSION_MAX_ALLOWED >= 1090 67 /* These macros mean "the following code is present to allow runtime backward 68 compatibility with at least this cat or earlier": 69 (You set this at build-time by setting the MACOSX_DEPLOYMENT_TARGET 70 environmental variable.) */ 71 #define CURL_SUPPORT_MAC_10_5 MAC_OS_X_VERSION_MIN_REQUIRED <= 1050 72 #define CURL_SUPPORT_MAC_10_6 MAC_OS_X_VERSION_MIN_REQUIRED <= 1060 73 #define CURL_SUPPORT_MAC_10_7 MAC_OS_X_VERSION_MIN_REQUIRED <= 1070 74 #define CURL_SUPPORT_MAC_10_8 MAC_OS_X_VERSION_MIN_REQUIRED <= 1080 75 #define CURL_SUPPORT_MAC_10_9 MAC_OS_X_VERSION_MIN_REQUIRED <= 1090 76 77 #elif TARGET_OS_EMBEDDED || TARGET_OS_IPHONE 78 #define CURL_BUILD_IOS 1 79 #define CURL_BUILD_IOS_7 __IPHONE_OS_VERSION_MAX_ALLOWED >= 70000 80 #define CURL_BUILD_MAC 0 81 #define CURL_BUILD_MAC_10_5 0 82 #define CURL_BUILD_MAC_10_6 0 83 #define CURL_BUILD_MAC_10_7 0 84 #define CURL_BUILD_MAC_10_8 0 85 #define CURL_SUPPORT_MAC_10_5 0 86 #define CURL_SUPPORT_MAC_10_6 0 87 #define CURL_SUPPORT_MAC_10_7 0 88 #define CURL_SUPPORT_MAC_10_8 0 89 #define CURL_SUPPORT_MAC_10_9 0 90 91 #else 92 #error "The darwinssl back-end requires iOS or OS X." 93 #endif /* (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)) */ 94 95 #if CURL_BUILD_MAC 96 #include <sys/sysctl.h> 97 #endif /* CURL_BUILD_MAC */ 98 99 #include "urldata.h" 100 #include "sendf.h" 101 #include "inet_pton.h" 102 #include "connect.h" 103 #include "select.h" 104 #include "vtls.h" 105 #include "darwinssl.h" 106 #include "curl_printf.h" 107 108 #include "curl_memory.h" 109 /* The last #include file should be: */ 110 #include "memdebug.h" 111 112 /* From MacTypes.h (which we can't include because it isn't present in iOS: */ 113 #define ioErr -36 114 #define paramErr -50 115 116 /* The following two functions were ripped from Apple sample code, 117 * with some modifications: */ 118 static OSStatus SocketRead(SSLConnectionRef connection, 119 void *data, /* owned by 120 * caller, data 121 * RETURNED */ 122 size_t *dataLength) /* IN/OUT */ 123 { 124 size_t bytesToGo = *dataLength; 125 size_t initLen = bytesToGo; 126 UInt8 *currData = (UInt8 *)data; 127 /*int sock = *(int *)connection;*/ 128 struct ssl_connect_data *connssl = (struct ssl_connect_data *)connection; 129 int sock = connssl->ssl_sockfd; 130 OSStatus rtn = noErr; 131 size_t bytesRead; 132 ssize_t rrtn; 133 int theErr; 134 135 *dataLength = 0; 136 137 for(;;) { 138 bytesRead = 0; 139 rrtn = read(sock, currData, bytesToGo); 140 if(rrtn <= 0) { 141 /* this is guesswork... */ 142 theErr = errno; 143 if(rrtn == 0) { /* EOF = server hung up */ 144 /* the framework will turn this into errSSLClosedNoNotify */ 145 rtn = errSSLClosedGraceful; 146 } 147 else /* do the switch */ 148 switch(theErr) { 149 case ENOENT: 150 /* connection closed */ 151 rtn = errSSLClosedGraceful; 152 break; 153 case ECONNRESET: 154 rtn = errSSLClosedAbort; 155 break; 156 case EAGAIN: 157 rtn = errSSLWouldBlock; 158 connssl->ssl_direction = false; 159 break; 160 default: 161 rtn = ioErr; 162 break; 163 } 164 break; 165 } 166 else { 167 bytesRead = rrtn; 168 } 169 bytesToGo -= bytesRead; 170 currData += bytesRead; 171 172 if(bytesToGo == 0) { 173 /* filled buffer with incoming data, done */ 174 break; 175 } 176 } 177 *dataLength = initLen - bytesToGo; 178 179 return rtn; 180 } 181 182 static OSStatus SocketWrite(SSLConnectionRef connection, 183 const void *data, 184 size_t *dataLength) /* IN/OUT */ 185 { 186 size_t bytesSent = 0; 187 /*int sock = *(int *)connection;*/ 188 struct ssl_connect_data *connssl = (struct ssl_connect_data *)connection; 189 int sock = connssl->ssl_sockfd; 190 ssize_t length; 191 size_t dataLen = *dataLength; 192 const UInt8 *dataPtr = (UInt8 *)data; 193 OSStatus ortn; 194 int theErr; 195 196 *dataLength = 0; 197 198 do { 199 length = write(sock, 200 (char*)dataPtr + bytesSent, 201 dataLen - bytesSent); 202 } while((length > 0) && 203 ( (bytesSent += length) < dataLen) ); 204 205 if(length <= 0) { 206 theErr = errno; 207 if(theErr == EAGAIN) { 208 ortn = errSSLWouldBlock; 209 connssl->ssl_direction = true; 210 } 211 else { 212 ortn = ioErr; 213 } 214 } 215 else { 216 ortn = noErr; 217 } 218 *dataLength = bytesSent; 219 return ortn; 220 } 221 222 CF_INLINE const char *SSLCipherNameForNumber(SSLCipherSuite cipher) { 223 switch (cipher) { 224 /* SSL version 3.0 */ 225 case SSL_RSA_WITH_NULL_MD5: 226 return "SSL_RSA_WITH_NULL_MD5"; 227 break; 228 case SSL_RSA_WITH_NULL_SHA: 229 return "SSL_RSA_WITH_NULL_SHA"; 230 break; 231 case SSL_RSA_EXPORT_WITH_RC4_40_MD5: 232 return "SSL_RSA_EXPORT_WITH_RC4_40_MD5"; 233 break; 234 case SSL_RSA_WITH_RC4_128_MD5: 235 return "SSL_RSA_WITH_RC4_128_MD5"; 236 break; 237 case SSL_RSA_WITH_RC4_128_SHA: 238 return "SSL_RSA_WITH_RC4_128_SHA"; 239 break; 240 case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5: 241 return "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5"; 242 break; 243 case SSL_RSA_WITH_IDEA_CBC_SHA: 244 return "SSL_RSA_WITH_IDEA_CBC_SHA"; 245 break; 246 case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA: 247 return "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"; 248 break; 249 case SSL_RSA_WITH_DES_CBC_SHA: 250 return "SSL_RSA_WITH_DES_CBC_SHA"; 251 break; 252 case SSL_RSA_WITH_3DES_EDE_CBC_SHA: 253 return "SSL_RSA_WITH_3DES_EDE_CBC_SHA"; 254 break; 255 case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA: 256 return "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"; 257 break; 258 case SSL_DH_DSS_WITH_DES_CBC_SHA: 259 return "SSL_DH_DSS_WITH_DES_CBC_SHA"; 260 break; 261 case SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA: 262 return "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA"; 263 break; 264 case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA: 265 return "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"; 266 break; 267 case SSL_DH_RSA_WITH_DES_CBC_SHA: 268 return "SSL_DH_RSA_WITH_DES_CBC_SHA"; 269 break; 270 case SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA: 271 return "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA"; 272 break; 273 case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: 274 return "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"; 275 break; 276 case SSL_DHE_DSS_WITH_DES_CBC_SHA: 277 return "SSL_DHE_DSS_WITH_DES_CBC_SHA"; 278 break; 279 case SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA: 280 return "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"; 281 break; 282 case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: 283 return "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"; 284 break; 285 case SSL_DHE_RSA_WITH_DES_CBC_SHA: 286 return "SSL_DHE_RSA_WITH_DES_CBC_SHA"; 287 break; 288 case SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA: 289 return "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"; 290 break; 291 case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5: 292 return "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"; 293 break; 294 case SSL_DH_anon_WITH_RC4_128_MD5: 295 return "SSL_DH_anon_WITH_RC4_128_MD5"; 296 break; 297 case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA: 298 return "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"; 299 break; 300 case SSL_DH_anon_WITH_DES_CBC_SHA: 301 return "SSL_DH_anon_WITH_DES_CBC_SHA"; 302 break; 303 case SSL_DH_anon_WITH_3DES_EDE_CBC_SHA: 304 return "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"; 305 break; 306 case SSL_FORTEZZA_DMS_WITH_NULL_SHA: 307 return "SSL_FORTEZZA_DMS_WITH_NULL_SHA"; 308 break; 309 case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA: 310 return "SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA"; 311 break; 312 /* TLS 1.0 with AES (RFC 3268) 313 (Apparently these are used in SSLv3 implementations as well.) */ 314 case TLS_RSA_WITH_AES_128_CBC_SHA: 315 return "TLS_RSA_WITH_AES_128_CBC_SHA"; 316 break; 317 case TLS_DH_DSS_WITH_AES_128_CBC_SHA: 318 return "TLS_DH_DSS_WITH_AES_128_CBC_SHA"; 319 break; 320 case TLS_DH_RSA_WITH_AES_128_CBC_SHA: 321 return "TLS_DH_RSA_WITH_AES_128_CBC_SHA"; 322 break; 323 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA: 324 return "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"; 325 break; 326 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: 327 return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"; 328 break; 329 case TLS_DH_anon_WITH_AES_128_CBC_SHA: 330 return "TLS_DH_anon_WITH_AES_128_CBC_SHA"; 331 break; 332 case TLS_RSA_WITH_AES_256_CBC_SHA: 333 return "TLS_RSA_WITH_AES_256_CBC_SHA"; 334 break; 335 case TLS_DH_DSS_WITH_AES_256_CBC_SHA: 336 return "TLS_DH_DSS_WITH_AES_256_CBC_SHA"; 337 break; 338 case TLS_DH_RSA_WITH_AES_256_CBC_SHA: 339 return "TLS_DH_RSA_WITH_AES_256_CBC_SHA"; 340 break; 341 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA: 342 return "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"; 343 break; 344 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: 345 return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"; 346 break; 347 case TLS_DH_anon_WITH_AES_256_CBC_SHA: 348 return "TLS_DH_anon_WITH_AES_256_CBC_SHA"; 349 break; 350 /* SSL version 2.0 */ 351 case SSL_RSA_WITH_RC2_CBC_MD5: 352 return "SSL_RSA_WITH_RC2_CBC_MD5"; 353 break; 354 case SSL_RSA_WITH_IDEA_CBC_MD5: 355 return "SSL_RSA_WITH_IDEA_CBC_MD5"; 356 break; 357 case SSL_RSA_WITH_DES_CBC_MD5: 358 return "SSL_RSA_WITH_DES_CBC_MD5"; 359 break; 360 case SSL_RSA_WITH_3DES_EDE_CBC_MD5: 361 return "SSL_RSA_WITH_3DES_EDE_CBC_MD5"; 362 break; 363 } 364 return "SSL_NULL_WITH_NULL_NULL"; 365 } 366 367 CF_INLINE const char *TLSCipherNameForNumber(SSLCipherSuite cipher) { 368 switch(cipher) { 369 /* TLS 1.0 with AES (RFC 3268) */ 370 case TLS_RSA_WITH_AES_128_CBC_SHA: 371 return "TLS_RSA_WITH_AES_128_CBC_SHA"; 372 break; 373 case TLS_DH_DSS_WITH_AES_128_CBC_SHA: 374 return "TLS_DH_DSS_WITH_AES_128_CBC_SHA"; 375 break; 376 case TLS_DH_RSA_WITH_AES_128_CBC_SHA: 377 return "TLS_DH_RSA_WITH_AES_128_CBC_SHA"; 378 break; 379 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA: 380 return "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"; 381 break; 382 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: 383 return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"; 384 break; 385 case TLS_DH_anon_WITH_AES_128_CBC_SHA: 386 return "TLS_DH_anon_WITH_AES_128_CBC_SHA"; 387 break; 388 case TLS_RSA_WITH_AES_256_CBC_SHA: 389 return "TLS_RSA_WITH_AES_256_CBC_SHA"; 390 break; 391 case TLS_DH_DSS_WITH_AES_256_CBC_SHA: 392 return "TLS_DH_DSS_WITH_AES_256_CBC_SHA"; 393 break; 394 case TLS_DH_RSA_WITH_AES_256_CBC_SHA: 395 return "TLS_DH_RSA_WITH_AES_256_CBC_SHA"; 396 break; 397 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA: 398 return "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"; 399 break; 400 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: 401 return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"; 402 break; 403 case TLS_DH_anon_WITH_AES_256_CBC_SHA: 404 return "TLS_DH_anon_WITH_AES_256_CBC_SHA"; 405 break; 406 #if CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS 407 /* TLS 1.0 with ECDSA (RFC 4492) */ 408 case TLS_ECDH_ECDSA_WITH_NULL_SHA: 409 return "TLS_ECDH_ECDSA_WITH_NULL_SHA"; 410 break; 411 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA: 412 return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"; 413 break; 414 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA: 415 return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"; 416 break; 417 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: 418 return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"; 419 break; 420 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: 421 return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"; 422 break; 423 case TLS_ECDHE_ECDSA_WITH_NULL_SHA: 424 return "TLS_ECDHE_ECDSA_WITH_NULL_SHA"; 425 break; 426 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: 427 return "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"; 428 break; 429 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: 430 return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"; 431 break; 432 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: 433 return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"; 434 break; 435 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: 436 return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"; 437 break; 438 case TLS_ECDH_RSA_WITH_NULL_SHA: 439 return "TLS_ECDH_RSA_WITH_NULL_SHA"; 440 break; 441 case TLS_ECDH_RSA_WITH_RC4_128_SHA: 442 return "TLS_ECDH_RSA_WITH_RC4_128_SHA"; 443 break; 444 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA: 445 return "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"; 446 break; 447 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: 448 return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"; 449 break; 450 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: 451 return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"; 452 break; 453 case TLS_ECDHE_RSA_WITH_NULL_SHA: 454 return "TLS_ECDHE_RSA_WITH_NULL_SHA"; 455 break; 456 case TLS_ECDHE_RSA_WITH_RC4_128_SHA: 457 return "TLS_ECDHE_RSA_WITH_RC4_128_SHA"; 458 break; 459 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: 460 return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"; 461 break; 462 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: 463 return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"; 464 break; 465 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: 466 return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"; 467 break; 468 case TLS_ECDH_anon_WITH_NULL_SHA: 469 return "TLS_ECDH_anon_WITH_NULL_SHA"; 470 break; 471 case TLS_ECDH_anon_WITH_RC4_128_SHA: 472 return "TLS_ECDH_anon_WITH_RC4_128_SHA"; 473 break; 474 case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA: 475 return "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"; 476 break; 477 case TLS_ECDH_anon_WITH_AES_128_CBC_SHA: 478 return "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"; 479 break; 480 case TLS_ECDH_anon_WITH_AES_256_CBC_SHA: 481 return "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"; 482 break; 483 #endif /* CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS */ 484 #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS 485 /* TLS 1.2 (RFC 5246) */ 486 case TLS_RSA_WITH_NULL_MD5: 487 return "TLS_RSA_WITH_NULL_MD5"; 488 break; 489 case TLS_RSA_WITH_NULL_SHA: 490 return "TLS_RSA_WITH_NULL_SHA"; 491 break; 492 case TLS_RSA_WITH_RC4_128_MD5: 493 return "TLS_RSA_WITH_RC4_128_MD5"; 494 break; 495 case TLS_RSA_WITH_RC4_128_SHA: 496 return "TLS_RSA_WITH_RC4_128_SHA"; 497 break; 498 case TLS_RSA_WITH_3DES_EDE_CBC_SHA: 499 return "TLS_RSA_WITH_3DES_EDE_CBC_SHA"; 500 break; 501 case TLS_RSA_WITH_NULL_SHA256: 502 return "TLS_RSA_WITH_NULL_SHA256"; 503 break; 504 case TLS_RSA_WITH_AES_128_CBC_SHA256: 505 return "TLS_RSA_WITH_AES_128_CBC_SHA256"; 506 break; 507 case TLS_RSA_WITH_AES_256_CBC_SHA256: 508 return "TLS_RSA_WITH_AES_256_CBC_SHA256"; 509 break; 510 case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA: 511 return "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"; 512 break; 513 case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA: 514 return "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"; 515 break; 516 case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA: 517 return "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"; 518 break; 519 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: 520 return "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"; 521 break; 522 case TLS_DH_DSS_WITH_AES_128_CBC_SHA256: 523 return "TLS_DH_DSS_WITH_AES_128_CBC_SHA256"; 524 break; 525 case TLS_DH_RSA_WITH_AES_128_CBC_SHA256: 526 return "TLS_DH_RSA_WITH_AES_128_CBC_SHA256"; 527 break; 528 case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: 529 return "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"; 530 break; 531 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: 532 return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"; 533 break; 534 case TLS_DH_DSS_WITH_AES_256_CBC_SHA256: 535 return "TLS_DH_DSS_WITH_AES_256_CBC_SHA256"; 536 break; 537 case TLS_DH_RSA_WITH_AES_256_CBC_SHA256: 538 return "TLS_DH_RSA_WITH_AES_256_CBC_SHA256"; 539 break; 540 case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: 541 return "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"; 542 break; 543 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: 544 return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"; 545 break; 546 case TLS_DH_anon_WITH_RC4_128_MD5: 547 return "TLS_DH_anon_WITH_RC4_128_MD5"; 548 break; 549 case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA: 550 return "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"; 551 break; 552 case TLS_DH_anon_WITH_AES_128_CBC_SHA256: 553 return "TLS_DH_anon_WITH_AES_128_CBC_SHA256"; 554 break; 555 case TLS_DH_anon_WITH_AES_256_CBC_SHA256: 556 return "TLS_DH_anon_WITH_AES_256_CBC_SHA256"; 557 break; 558 /* TLS 1.2 with AES GCM (RFC 5288) */ 559 case TLS_RSA_WITH_AES_128_GCM_SHA256: 560 return "TLS_RSA_WITH_AES_128_GCM_SHA256"; 561 break; 562 case TLS_RSA_WITH_AES_256_GCM_SHA384: 563 return "TLS_RSA_WITH_AES_256_GCM_SHA384"; 564 break; 565 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: 566 return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"; 567 break; 568 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: 569 return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"; 570 break; 571 case TLS_DH_RSA_WITH_AES_128_GCM_SHA256: 572 return "TLS_DH_RSA_WITH_AES_128_GCM_SHA256"; 573 break; 574 case TLS_DH_RSA_WITH_AES_256_GCM_SHA384: 575 return "TLS_DH_RSA_WITH_AES_256_GCM_SHA384"; 576 break; 577 case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: 578 return "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"; 579 break; 580 case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384: 581 return "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"; 582 break; 583 case TLS_DH_DSS_WITH_AES_128_GCM_SHA256: 584 return "TLS_DH_DSS_WITH_AES_128_GCM_SHA256"; 585 break; 586 case TLS_DH_DSS_WITH_AES_256_GCM_SHA384: 587 return "TLS_DH_DSS_WITH_AES_256_GCM_SHA384"; 588 break; 589 case TLS_DH_anon_WITH_AES_128_GCM_SHA256: 590 return "TLS_DH_anon_WITH_AES_128_GCM_SHA256"; 591 break; 592 case TLS_DH_anon_WITH_AES_256_GCM_SHA384: 593 return "TLS_DH_anon_WITH_AES_256_GCM_SHA384"; 594 break; 595 /* TLS 1.2 with elliptic curve ciphers (RFC 5289) */ 596 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: 597 return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"; 598 break; 599 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: 600 return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"; 601 break; 602 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256: 603 return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"; 604 break; 605 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384: 606 return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"; 607 break; 608 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: 609 return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"; 610 break; 611 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: 612 return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"; 613 break; 614 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256: 615 return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"; 616 break; 617 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384: 618 return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"; 619 break; 620 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: 621 return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"; 622 break; 623 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: 624 return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"; 625 break; 626 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256: 627 return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"; 628 break; 629 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384: 630 return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"; 631 break; 632 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: 633 return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"; 634 break; 635 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: 636 return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"; 637 break; 638 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256: 639 return "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"; 640 break; 641 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384: 642 return "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"; 643 break; 644 case TLS_EMPTY_RENEGOTIATION_INFO_SCSV: 645 return "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"; 646 break; 647 #else 648 case SSL_RSA_WITH_NULL_MD5: 649 return "TLS_RSA_WITH_NULL_MD5"; 650 break; 651 case SSL_RSA_WITH_NULL_SHA: 652 return "TLS_RSA_WITH_NULL_SHA"; 653 break; 654 case SSL_RSA_WITH_RC4_128_MD5: 655 return "TLS_RSA_WITH_RC4_128_MD5"; 656 break; 657 case SSL_RSA_WITH_RC4_128_SHA: 658 return "TLS_RSA_WITH_RC4_128_SHA"; 659 break; 660 case SSL_RSA_WITH_3DES_EDE_CBC_SHA: 661 return "TLS_RSA_WITH_3DES_EDE_CBC_SHA"; 662 break; 663 case SSL_DH_anon_WITH_RC4_128_MD5: 664 return "TLS_DH_anon_WITH_RC4_128_MD5"; 665 break; 666 case SSL_DH_anon_WITH_3DES_EDE_CBC_SHA: 667 return "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"; 668 break; 669 #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */ 670 #if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 671 /* TLS PSK (RFC 4279): */ 672 case TLS_PSK_WITH_RC4_128_SHA: 673 return "TLS_PSK_WITH_RC4_128_SHA"; 674 break; 675 case TLS_PSK_WITH_3DES_EDE_CBC_SHA: 676 return "TLS_PSK_WITH_3DES_EDE_CBC_SHA"; 677 break; 678 case TLS_PSK_WITH_AES_128_CBC_SHA: 679 return "TLS_PSK_WITH_AES_128_CBC_SHA"; 680 break; 681 case TLS_PSK_WITH_AES_256_CBC_SHA: 682 return "TLS_PSK_WITH_AES_256_CBC_SHA"; 683 break; 684 case TLS_DHE_PSK_WITH_RC4_128_SHA: 685 return "TLS_DHE_PSK_WITH_RC4_128_SHA"; 686 break; 687 case TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA: 688 return "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"; 689 break; 690 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA: 691 return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA"; 692 break; 693 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA: 694 return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA"; 695 break; 696 case TLS_RSA_PSK_WITH_RC4_128_SHA: 697 return "TLS_RSA_PSK_WITH_RC4_128_SHA"; 698 break; 699 case TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA: 700 return "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"; 701 break; 702 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA: 703 return "TLS_RSA_PSK_WITH_AES_128_CBC_SHA"; 704 break; 705 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA: 706 return "TLS_RSA_PSK_WITH_AES_256_CBC_SHA"; 707 break; 708 /* More TLS PSK (RFC 4785): */ 709 case TLS_PSK_WITH_NULL_SHA: 710 return "TLS_PSK_WITH_NULL_SHA"; 711 break; 712 case TLS_DHE_PSK_WITH_NULL_SHA: 713 return "TLS_DHE_PSK_WITH_NULL_SHA"; 714 break; 715 case TLS_RSA_PSK_WITH_NULL_SHA: 716 return "TLS_RSA_PSK_WITH_NULL_SHA"; 717 break; 718 /* Even more TLS PSK (RFC 5487): */ 719 case TLS_PSK_WITH_AES_128_GCM_SHA256: 720 return "TLS_PSK_WITH_AES_128_GCM_SHA256"; 721 break; 722 case TLS_PSK_WITH_AES_256_GCM_SHA384: 723 return "TLS_PSK_WITH_AES_256_GCM_SHA384"; 724 break; 725 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256: 726 return "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"; 727 break; 728 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384: 729 return "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"; 730 break; 731 case TLS_RSA_PSK_WITH_AES_128_GCM_SHA256: 732 return "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"; 733 break; 734 case TLS_RSA_PSK_WITH_AES_256_GCM_SHA384: 735 return "TLS_PSK_WITH_AES_256_GCM_SHA384"; 736 break; 737 case TLS_PSK_WITH_AES_128_CBC_SHA256: 738 return "TLS_PSK_WITH_AES_128_CBC_SHA256"; 739 break; 740 case TLS_PSK_WITH_AES_256_CBC_SHA384: 741 return "TLS_PSK_WITH_AES_256_CBC_SHA384"; 742 break; 743 case TLS_PSK_WITH_NULL_SHA256: 744 return "TLS_PSK_WITH_NULL_SHA256"; 745 break; 746 case TLS_PSK_WITH_NULL_SHA384: 747 return "TLS_PSK_WITH_NULL_SHA384"; 748 break; 749 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256: 750 return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"; 751 break; 752 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384: 753 return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"; 754 break; 755 case TLS_DHE_PSK_WITH_NULL_SHA256: 756 return "TLS_DHE_PSK_WITH_NULL_SHA256"; 757 break; 758 case TLS_DHE_PSK_WITH_NULL_SHA384: 759 return "TLS_RSA_PSK_WITH_NULL_SHA384"; 760 break; 761 case TLS_RSA_PSK_WITH_AES_128_CBC_SHA256: 762 return "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"; 763 break; 764 case TLS_RSA_PSK_WITH_AES_256_CBC_SHA384: 765 return "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"; 766 break; 767 case TLS_RSA_PSK_WITH_NULL_SHA256: 768 return "TLS_RSA_PSK_WITH_NULL_SHA256"; 769 break; 770 case TLS_RSA_PSK_WITH_NULL_SHA384: 771 return "TLS_RSA_PSK_WITH_NULL_SHA384"; 772 break; 773 #endif /* CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 */ 774 } 775 return "TLS_NULL_WITH_NULL_NULL"; 776 } 777 778 #if CURL_BUILD_MAC 779 CF_INLINE void GetDarwinVersionNumber(int *major, int *minor) 780 { 781 int mib[2]; 782 char *os_version; 783 size_t os_version_len; 784 char *os_version_major, *os_version_minor/*, *os_version_point*/; 785 char *tok_buf; 786 787 /* Get the Darwin kernel version from the kernel using sysctl(): */ 788 mib[0] = CTL_KERN; 789 mib[1] = KERN_OSRELEASE; 790 if(sysctl(mib, 2, NULL, &os_version_len, NULL, 0) == -1) 791 return; 792 os_version = malloc(os_version_len*sizeof(char)); 793 if(!os_version) 794 return; 795 if(sysctl(mib, 2, os_version, &os_version_len, NULL, 0) == -1) { 796 free(os_version); 797 return; 798 } 799 800 /* Parse the version: */ 801 os_version_major = strtok_r(os_version, ".", &tok_buf); 802 os_version_minor = strtok_r(NULL, ".", &tok_buf); 803 /*os_version_point = strtok_r(NULL, ".", &tok_buf);*/ 804 *major = atoi(os_version_major); 805 *minor = atoi(os_version_minor); 806 free(os_version); 807 } 808 #endif /* CURL_BUILD_MAC */ 809 810 /* Apple provides a myriad of ways of getting information about a certificate 811 into a string. Some aren't available under iOS or newer cats. So here's 812 a unified function for getting a string describing the certificate that 813 ought to work in all cats starting with Leopard. */ 814 CF_INLINE CFStringRef CopyCertSubject(SecCertificateRef cert) 815 { 816 CFStringRef server_cert_summary = CFSTR("(null)"); 817 818 #if CURL_BUILD_IOS 819 /* iOS: There's only one way to do this. */ 820 server_cert_summary = SecCertificateCopySubjectSummary(cert); 821 #else 822 #if CURL_BUILD_MAC_10_7 823 /* Lion & later: Get the long description if we can. */ 824 if(SecCertificateCopyLongDescription != NULL) 825 server_cert_summary = 826 SecCertificateCopyLongDescription(NULL, cert, NULL); 827 else 828 #endif /* CURL_BUILD_MAC_10_7 */ 829 #if CURL_BUILD_MAC_10_6 830 /* Snow Leopard: Get the certificate summary. */ 831 if(SecCertificateCopySubjectSummary != NULL) 832 server_cert_summary = SecCertificateCopySubjectSummary(cert); 833 else 834 #endif /* CURL_BUILD_MAC_10_6 */ 835 /* Leopard is as far back as we go... */ 836 (void)SecCertificateCopyCommonName(cert, &server_cert_summary); 837 #endif /* CURL_BUILD_IOS */ 838 return server_cert_summary; 839 } 840 841 #if CURL_SUPPORT_MAC_10_6 842 /* The SecKeychainSearch API was deprecated in Lion, and using it will raise 843 deprecation warnings, so let's not compile this unless it's necessary: */ 844 static OSStatus CopyIdentityWithLabelOldSchool(char *label, 845 SecIdentityRef *out_c_a_k) 846 { 847 OSStatus status = errSecItemNotFound; 848 SecKeychainAttributeList attr_list; 849 SecKeychainAttribute attr; 850 SecKeychainSearchRef search = NULL; 851 SecCertificateRef cert = NULL; 852 853 /* Set up the attribute list: */ 854 attr_list.count = 1L; 855 attr_list.attr = &attr; 856 857 /* Set up our lone search criterion: */ 858 attr.tag = kSecLabelItemAttr; 859 attr.data = label; 860 attr.length = (UInt32)strlen(label); 861 862 /* Start searching: */ 863 status = SecKeychainSearchCreateFromAttributes(NULL, 864 kSecCertificateItemClass, 865 &attr_list, 866 &search); 867 if(status == noErr) { 868 status = SecKeychainSearchCopyNext(search, 869 (SecKeychainItemRef *)&cert); 870 if(status == noErr && cert) { 871 /* If we found a certificate, does it have a private key? */ 872 status = SecIdentityCreateWithCertificate(NULL, cert, out_c_a_k); 873 CFRelease(cert); 874 } 875 } 876 877 if(search) 878 CFRelease(search); 879 return status; 880 } 881 #endif /* CURL_SUPPORT_MAC_10_6 */ 882 883 static OSStatus CopyIdentityWithLabel(char *label, 884 SecIdentityRef *out_cert_and_key) 885 { 886 OSStatus status = errSecItemNotFound; 887 888 #if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS 889 /* SecItemCopyMatching() was introduced in iOS and Snow Leopard. 890 kSecClassIdentity was introduced in Lion. If both exist, let's use them 891 to find the certificate. */ 892 if(SecItemCopyMatching != NULL && kSecClassIdentity != NULL) { 893 CFTypeRef keys[4]; 894 CFTypeRef values[4]; 895 CFDictionaryRef query_dict; 896 CFStringRef label_cf = CFStringCreateWithCString(NULL, label, 897 kCFStringEncodingUTF8); 898 899 /* Set up our search criteria and expected results: */ 900 values[0] = kSecClassIdentity; /* we want a certificate and a key */ 901 keys[0] = kSecClass; 902 values[1] = kCFBooleanTrue; /* we want a reference */ 903 keys[1] = kSecReturnRef; 904 values[2] = kSecMatchLimitOne; /* one is enough, thanks */ 905 keys[2] = kSecMatchLimit; 906 /* identity searches need a SecPolicyRef in order to work */ 907 values[3] = SecPolicyCreateSSL(false, label_cf); 908 keys[3] = kSecMatchPolicy; 909 query_dict = CFDictionaryCreate(NULL, (const void **)keys, 910 (const void **)values, 4L, 911 &kCFCopyStringDictionaryKeyCallBacks, 912 &kCFTypeDictionaryValueCallBacks); 913 CFRelease(values[3]); 914 CFRelease(label_cf); 915 916 /* Do we have a match? */ 917 status = SecItemCopyMatching(query_dict, (CFTypeRef *)out_cert_and_key); 918 CFRelease(query_dict); 919 } 920 else { 921 #if CURL_SUPPORT_MAC_10_6 922 /* On Leopard and Snow Leopard, fall back to SecKeychainSearch. */ 923 status = CopyIdentityWithLabelOldSchool(label, out_cert_and_key); 924 #endif /* CURL_SUPPORT_MAC_10_7 */ 925 } 926 #elif CURL_SUPPORT_MAC_10_6 927 /* For developers building on older cats, we have no choice but to fall back 928 to SecKeychainSearch. */ 929 status = CopyIdentityWithLabelOldSchool(label, out_cert_and_key); 930 #endif /* CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS */ 931 return status; 932 } 933 934 static OSStatus CopyIdentityFromPKCS12File(const char *cPath, 935 const char *cPassword, 936 SecIdentityRef *out_cert_and_key) 937 { 938 OSStatus status = errSecItemNotFound; 939 CFURLRef pkcs_url = CFURLCreateFromFileSystemRepresentation(NULL, 940 (const UInt8 *)cPath, strlen(cPath), false); 941 CFStringRef password = cPassword ? CFStringCreateWithCString(NULL, 942 cPassword, kCFStringEncodingUTF8) : NULL; 943 CFDataRef pkcs_data = NULL; 944 945 /* We can import P12 files on iOS or OS X 10.7 or later: */ 946 /* These constants are documented as having first appeared in 10.6 but they 947 raise linker errors when used on that cat for some reason. */ 948 #if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS 949 if(CFURLCreateDataAndPropertiesFromResource(NULL, pkcs_url, &pkcs_data, 950 NULL, NULL, &status)) { 951 const void *cKeys[] = {kSecImportExportPassphrase}; 952 const void *cValues[] = {password}; 953 CFDictionaryRef options = CFDictionaryCreate(NULL, cKeys, cValues, 954 password ? 1L : 0L, NULL, NULL); 955 CFArrayRef items = NULL; 956 957 /* Here we go: */ 958 status = SecPKCS12Import(pkcs_data, options, &items); 959 if(status == noErr && items && CFArrayGetCount(items)) { 960 CFDictionaryRef identity_and_trust = CFArrayGetValueAtIndex(items, 0L); 961 const void *temp_identity = CFDictionaryGetValue(identity_and_trust, 962 kSecImportItemIdentity); 963 964 /* Retain the identity; we don't care about any other data... */ 965 CFRetain(temp_identity); 966 *out_cert_and_key = (SecIdentityRef)temp_identity; 967 } 968 969 if(items) 970 CFRelease(items); 971 CFRelease(options); 972 CFRelease(pkcs_data); 973 } 974 #endif /* CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS */ 975 if(password) 976 CFRelease(password); 977 CFRelease(pkcs_url); 978 return status; 979 } 980 981 /* This code was borrowed from nss.c, with some modifications: 982 * Determine whether the nickname passed in is a filename that needs to 983 * be loaded as a PEM or a regular NSS nickname. 984 * 985 * returns 1 for a file 986 * returns 0 for not a file 987 */ 988 CF_INLINE bool is_file(const char *filename) 989 { 990 struct_stat st; 991 992 if(filename == NULL) 993 return false; 994 995 if(stat(filename, &st) == 0) 996 return S_ISREG(st.st_mode); 997 return false; 998 } 999 1000 static CURLcode darwinssl_connect_step1(struct connectdata *conn, 1001 int sockindex) 1002 { 1003 struct SessionHandle *data = conn->data; 1004 curl_socket_t sockfd = conn->sock[sockindex]; 1005 struct ssl_connect_data *connssl = &conn->ssl[sockindex]; 1006 #ifdef ENABLE_IPV6 1007 struct in6_addr addr; 1008 #else 1009 struct in_addr addr; 1010 #endif /* ENABLE_IPV6 */ 1011 size_t all_ciphers_count = 0UL, allowed_ciphers_count = 0UL, i; 1012 SSLCipherSuite *all_ciphers = NULL, *allowed_ciphers = NULL; 1013 char *ssl_sessionid; 1014 size_t ssl_sessionid_len; 1015 OSStatus err = noErr; 1016 #if CURL_BUILD_MAC 1017 int darwinver_maj = 0, darwinver_min = 0; 1018 1019 GetDarwinVersionNumber(&darwinver_maj, &darwinver_min); 1020 #endif /* CURL_BUILD_MAC */ 1021 1022 #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS 1023 if(SSLCreateContext != NULL) { /* use the newer API if avaialble */ 1024 if(connssl->ssl_ctx) 1025 CFRelease(connssl->ssl_ctx); 1026 connssl->ssl_ctx = SSLCreateContext(NULL, kSSLClientSide, kSSLStreamType); 1027 if(!connssl->ssl_ctx) { 1028 failf(data, "SSL: couldn't create a context!"); 1029 return CURLE_OUT_OF_MEMORY; 1030 } 1031 } 1032 else { 1033 /* The old ST API does not exist under iOS, so don't compile it: */ 1034 #if CURL_SUPPORT_MAC_10_8 1035 if(connssl->ssl_ctx) 1036 (void)SSLDisposeContext(connssl->ssl_ctx); 1037 err = SSLNewContext(false, &(connssl->ssl_ctx)); 1038 if(err != noErr) { 1039 failf(data, "SSL: couldn't create a context: OSStatus %d", err); 1040 return CURLE_OUT_OF_MEMORY; 1041 } 1042 #endif /* CURL_SUPPORT_MAC_10_8 */ 1043 } 1044 #else 1045 if(connssl->ssl_ctx) 1046 (void)SSLDisposeContext(connssl->ssl_ctx); 1047 err = SSLNewContext(false, &(connssl->ssl_ctx)); 1048 if(err != noErr) { 1049 failf(data, "SSL: couldn't create a context: OSStatus %d", err); 1050 return CURLE_OUT_OF_MEMORY; 1051 } 1052 #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */ 1053 connssl->ssl_write_buffered_length = 0UL; /* reset buffered write length */ 1054 1055 /* check to see if we've been told to use an explicit SSL/TLS version */ 1056 #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS 1057 if(SSLSetProtocolVersionMax != NULL) { 1058 switch(data->set.ssl.version) { 1059 default: 1060 case CURL_SSLVERSION_DEFAULT: 1061 case CURL_SSLVERSION_TLSv1: 1062 (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kTLSProtocol1); 1063 (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol12); 1064 break; 1065 case CURL_SSLVERSION_TLSv1_0: 1066 (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kTLSProtocol1); 1067 (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol1); 1068 break; 1069 case CURL_SSLVERSION_TLSv1_1: 1070 (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kTLSProtocol11); 1071 (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol11); 1072 break; 1073 case CURL_SSLVERSION_TLSv1_2: 1074 (void)SSLSetProtocolVersionMin(connssl->ssl_ctx, kTLSProtocol12); 1075 (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kTLSProtocol12); 1076 break; 1077 case CURL_SSLVERSION_SSLv3: 1078 err = SSLSetProtocolVersionMin(connssl->ssl_ctx, kSSLProtocol3); 1079 if(err != noErr) { 1080 failf(data, "Your version of the OS does not support SSLv3"); 1081 return CURLE_SSL_CONNECT_ERROR; 1082 } 1083 (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kSSLProtocol3); 1084 break; 1085 case CURL_SSLVERSION_SSLv2: 1086 err = SSLSetProtocolVersionMin(connssl->ssl_ctx, kSSLProtocol2); 1087 if(err != noErr) { 1088 failf(data, "Your version of the OS does not support SSLv2"); 1089 return CURLE_SSL_CONNECT_ERROR; 1090 } 1091 (void)SSLSetProtocolVersionMax(connssl->ssl_ctx, kSSLProtocol2); 1092 } 1093 } 1094 else { 1095 #if CURL_SUPPORT_MAC_10_8 1096 (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, 1097 kSSLProtocolAll, 1098 false); 1099 switch (data->set.ssl.version) { 1100 default: 1101 case CURL_SSLVERSION_DEFAULT: 1102 case CURL_SSLVERSION_TLSv1: 1103 (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, 1104 kTLSProtocol1, 1105 true); 1106 (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, 1107 kTLSProtocol11, 1108 true); 1109 (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, 1110 kTLSProtocol12, 1111 true); 1112 break; 1113 case CURL_SSLVERSION_TLSv1_0: 1114 (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, 1115 kTLSProtocol1, 1116 true); 1117 break; 1118 case CURL_SSLVERSION_TLSv1_1: 1119 (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, 1120 kTLSProtocol11, 1121 true); 1122 break; 1123 case CURL_SSLVERSION_TLSv1_2: 1124 (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, 1125 kTLSProtocol12, 1126 true); 1127 break; 1128 case CURL_SSLVERSION_SSLv3: 1129 err = SSLSetProtocolVersionEnabled(connssl->ssl_ctx, 1130 kSSLProtocol3, 1131 true); 1132 if(err != noErr) { 1133 failf(data, "Your version of the OS does not support SSLv3"); 1134 return CURLE_SSL_CONNECT_ERROR; 1135 } 1136 break; 1137 case CURL_SSLVERSION_SSLv2: 1138 err = SSLSetProtocolVersionEnabled(connssl->ssl_ctx, 1139 kSSLProtocol2, 1140 true); 1141 if(err != noErr) { 1142 failf(data, "Your version of the OS does not support SSLv2"); 1143 return CURLE_SSL_CONNECT_ERROR; 1144 } 1145 break; 1146 } 1147 #endif /* CURL_SUPPORT_MAC_10_8 */ 1148 } 1149 #else 1150 (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, kSSLProtocolAll, false); 1151 switch(data->set.ssl.version) { 1152 default: 1153 case CURL_SSLVERSION_DEFAULT: 1154 case CURL_SSLVERSION_TLSv1: 1155 case CURL_SSLVERSION_TLSv1_0: 1156 (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, 1157 kTLSProtocol1, 1158 true); 1159 break; 1160 case CURL_SSLVERSION_TLSv1_1: 1161 failf(data, "Your version of the OS does not support TLSv1.1"); 1162 return CURLE_SSL_CONNECT_ERROR; 1163 case CURL_SSLVERSION_TLSv1_2: 1164 failf(data, "Your version of the OS does not support TLSv1.2"); 1165 return CURLE_SSL_CONNECT_ERROR; 1166 case CURL_SSLVERSION_SSLv2: 1167 err = SSLSetProtocolVersionEnabled(connssl->ssl_ctx, 1168 kSSLProtocol2, 1169 true); 1170 if(err != noErr) { 1171 failf(data, "Your version of the OS does not support SSLv2"); 1172 return CURLE_SSL_CONNECT_ERROR; 1173 } 1174 break; 1175 case CURL_SSLVERSION_SSLv3: 1176 err = SSLSetProtocolVersionEnabled(connssl->ssl_ctx, 1177 kSSLProtocol3, 1178 true); 1179 if(err != noErr) { 1180 failf(data, "Your version of the OS does not support SSLv3"); 1181 return CURLE_SSL_CONNECT_ERROR; 1182 } 1183 break; 1184 } 1185 #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */ 1186 1187 if(data->set.str[STRING_KEY]) { 1188 infof(data, "WARNING: SSL: CURLOPT_SSLKEY is ignored by Secure " 1189 "Transport. The private key must be in the Keychain.\n"); 1190 } 1191 1192 if(data->set.str[STRING_CERT]) { 1193 SecIdentityRef cert_and_key = NULL; 1194 bool is_cert_file = is_file(data->set.str[STRING_CERT]); 1195 1196 /* User wants to authenticate with a client cert. Look for it: 1197 If we detect that this is a file on disk, then let's load it. 1198 Otherwise, assume that the user wants to use an identity loaded 1199 from the Keychain. */ 1200 if(is_cert_file) { 1201 if(!data->set.str[STRING_CERT_TYPE]) 1202 infof(data, "WARNING: SSL: Certificate type not set, assuming " 1203 "PKCS#12 format.\n"); 1204 else if(strncmp(data->set.str[STRING_CERT_TYPE], "P12", 1205 strlen(data->set.str[STRING_CERT_TYPE])) != 0) 1206 infof(data, "WARNING: SSL: The Security framework only supports " 1207 "loading identities that are in PKCS#12 format.\n"); 1208 1209 err = CopyIdentityFromPKCS12File(data->set.str[STRING_CERT], 1210 data->set.str[STRING_KEY_PASSWD], &cert_and_key); 1211 } 1212 else 1213 err = CopyIdentityWithLabel(data->set.str[STRING_CERT], &cert_and_key); 1214 1215 if(err == noErr) { 1216 SecCertificateRef cert = NULL; 1217 CFTypeRef certs_c[1]; 1218 CFArrayRef certs; 1219 1220 /* If we found one, print it out: */ 1221 err = SecIdentityCopyCertificate(cert_and_key, &cert); 1222 if(err == noErr) { 1223 CFStringRef cert_summary = CopyCertSubject(cert); 1224 char cert_summary_c[128]; 1225 1226 if(cert_summary) { 1227 memset(cert_summary_c, 0, 128); 1228 if(CFStringGetCString(cert_summary, 1229 cert_summary_c, 1230 128, 1231 kCFStringEncodingUTF8)) { 1232 infof(data, "Client certificate: %s\n", cert_summary_c); 1233 } 1234 CFRelease(cert_summary); 1235 CFRelease(cert); 1236 } 1237 } 1238 certs_c[0] = cert_and_key; 1239 certs = CFArrayCreate(NULL, (const void **)certs_c, 1L, 1240 &kCFTypeArrayCallBacks); 1241 err = SSLSetCertificate(connssl->ssl_ctx, certs); 1242 if(certs) 1243 CFRelease(certs); 1244 if(err != noErr) { 1245 failf(data, "SSL: SSLSetCertificate() failed: OSStatus %d", err); 1246 return CURLE_SSL_CERTPROBLEM; 1247 } 1248 CFRelease(cert_and_key); 1249 } 1250 else { 1251 switch(err) { 1252 case errSecAuthFailed: case -25264: /* errSecPkcs12VerifyFailure */ 1253 failf(data, "SSL: Incorrect password for the certificate \"%s\" " 1254 "and its private key.", data->set.str[STRING_CERT]); 1255 break; 1256 case -26275: /* errSecDecode */ case -25257: /* errSecUnknownFormat */ 1257 failf(data, "SSL: Couldn't make sense of the data in the " 1258 "certificate \"%s\" and its private key.", 1259 data->set.str[STRING_CERT]); 1260 break; 1261 case -25260: /* errSecPassphraseRequired */ 1262 failf(data, "SSL The certificate \"%s\" requires a password.", 1263 data->set.str[STRING_CERT]); 1264 break; 1265 case errSecItemNotFound: 1266 failf(data, "SSL: Can't find the certificate \"%s\" and its private " 1267 "key in the Keychain.", data->set.str[STRING_CERT]); 1268 break; 1269 default: 1270 failf(data, "SSL: Can't load the certificate \"%s\" and its private " 1271 "key: OSStatus %d", data->set.str[STRING_CERT], err); 1272 break; 1273 } 1274 return CURLE_SSL_CERTPROBLEM; 1275 } 1276 } 1277 1278 /* SSL always tries to verify the peer, this only says whether it should 1279 * fail to connect if the verification fails, or if it should continue 1280 * anyway. In the latter case the result of the verification is checked with 1281 * SSL_get_verify_result() below. */ 1282 #if CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS 1283 /* Snow Leopard introduced the SSLSetSessionOption() function, but due to 1284 a library bug with the way the kSSLSessionOptionBreakOnServerAuth flag 1285 works, it doesn't work as expected under Snow Leopard or Lion. 1286 So we need to call SSLSetEnableCertVerify() on those older cats in order 1287 to disable certificate validation if the user turned that off. 1288 (SecureTransport will always validate the certificate chain by 1289 default.) */ 1290 /* (Note: Darwin 12.x.x is Mountain Lion.) */ 1291 #if CURL_BUILD_MAC 1292 if(SSLSetSessionOption != NULL && darwinver_maj >= 12) { 1293 #else 1294 if(SSLSetSessionOption != NULL) { 1295 #endif /* CURL_BUILD_MAC */ 1296 bool break_on_auth = !data->set.ssl.verifypeer || 1297 data->set.str[STRING_SSL_CAFILE]; 1298 err = SSLSetSessionOption(connssl->ssl_ctx, 1299 kSSLSessionOptionBreakOnServerAuth, 1300 break_on_auth); 1301 if(err != noErr) { 1302 failf(data, "SSL: SSLSetSessionOption() failed: OSStatus %d", err); 1303 return CURLE_SSL_CONNECT_ERROR; 1304 } 1305 } 1306 else { 1307 #if CURL_SUPPORT_MAC_10_8 1308 err = SSLSetEnableCertVerify(connssl->ssl_ctx, 1309 data->set.ssl.verifypeer?true:false); 1310 if(err != noErr) { 1311 failf(data, "SSL: SSLSetEnableCertVerify() failed: OSStatus %d", err); 1312 return CURLE_SSL_CONNECT_ERROR; 1313 } 1314 #endif /* CURL_SUPPORT_MAC_10_8 */ 1315 } 1316 #else 1317 err = SSLSetEnableCertVerify(connssl->ssl_ctx, 1318 data->set.ssl.verifypeer?true:false); 1319 if(err != noErr) { 1320 failf(data, "SSL: SSLSetEnableCertVerify() failed: OSStatus %d", err); 1321 return CURLE_SSL_CONNECT_ERROR; 1322 } 1323 #endif /* CURL_BUILD_MAC_10_6 || CURL_BUILD_IOS */ 1324 1325 if(data->set.str[STRING_SSL_CAFILE]) { 1326 bool is_cert_file = is_file(data->set.str[STRING_SSL_CAFILE]); 1327 1328 if(!is_cert_file) { 1329 failf(data, "SSL: can't load CA certificate file %s", 1330 data->set.str[STRING_SSL_CAFILE]); 1331 return CURLE_SSL_CACERT_BADFILE; 1332 } 1333 if(!data->set.ssl.verifypeer) { 1334 failf(data, "SSL: CA certificate set, but certificate verification " 1335 "is disabled"); 1336 return CURLE_SSL_CONNECT_ERROR; 1337 } 1338 } 1339 1340 /* Configure hostname check. SNI is used if available. 1341 * Both hostname check and SNI require SSLSetPeerDomainName(). 1342 * Also: the verifyhost setting influences SNI usage */ 1343 if(data->set.ssl.verifyhost) { 1344 err = SSLSetPeerDomainName(connssl->ssl_ctx, conn->host.name, 1345 strlen(conn->host.name)); 1346 1347 if(err != noErr) { 1348 infof(data, "WARNING: SSL: SSLSetPeerDomainName() failed: OSStatus %d\n", 1349 err); 1350 } 1351 1352 if((Curl_inet_pton(AF_INET, conn->host.name, &addr)) 1353 #ifdef ENABLE_IPV6 1354 || (Curl_inet_pton(AF_INET6, conn->host.name, &addr)) 1355 #endif 1356 ) { 1357 infof(data, "WARNING: using IP address, SNI is being disabled by " 1358 "the OS.\n"); 1359 } 1360 } 1361 1362 /* Disable cipher suites that ST supports but are not safe. These ciphers 1363 are unlikely to be used in any case since ST gives other ciphers a much 1364 higher priority, but it's probably better that we not connect at all than 1365 to give the user a false sense of security if the server only supports 1366 insecure ciphers. (Note: We don't care about SSLv2-only ciphers.) */ 1367 (void)SSLGetNumberSupportedCiphers(connssl->ssl_ctx, &all_ciphers_count); 1368 all_ciphers = malloc(all_ciphers_count*sizeof(SSLCipherSuite)); 1369 allowed_ciphers = malloc(all_ciphers_count*sizeof(SSLCipherSuite)); 1370 if(all_ciphers && allowed_ciphers && 1371 SSLGetSupportedCiphers(connssl->ssl_ctx, all_ciphers, 1372 &all_ciphers_count) == noErr) { 1373 for(i = 0UL ; i < all_ciphers_count ; i++) { 1374 #if CURL_BUILD_MAC 1375 /* There's a known bug in early versions of Mountain Lion where ST's ECC 1376 ciphers (cipher suite 0xC001 through 0xC032) simply do not work. 1377 Work around the problem here by disabling those ciphers if we are 1378 running in an affected version of OS X. */ 1379 if(darwinver_maj == 12 && darwinver_min <= 3 && 1380 all_ciphers[i] >= 0xC001 && all_ciphers[i] <= 0xC032) { 1381 continue; 1382 } 1383 #endif /* CURL_BUILD_MAC */ 1384 switch(all_ciphers[i]) { 1385 /* Disable NULL ciphersuites: */ 1386 case SSL_NULL_WITH_NULL_NULL: 1387 case SSL_RSA_WITH_NULL_MD5: 1388 case SSL_RSA_WITH_NULL_SHA: 1389 case 0x003B: /* TLS_RSA_WITH_NULL_SHA256 */ 1390 case SSL_FORTEZZA_DMS_WITH_NULL_SHA: 1391 case 0xC001: /* TLS_ECDH_ECDSA_WITH_NULL_SHA */ 1392 case 0xC006: /* TLS_ECDHE_ECDSA_WITH_NULL_SHA */ 1393 case 0xC00B: /* TLS_ECDH_RSA_WITH_NULL_SHA */ 1394 case 0xC010: /* TLS_ECDHE_RSA_WITH_NULL_SHA */ 1395 case 0x002C: /* TLS_PSK_WITH_NULL_SHA */ 1396 case 0x002D: /* TLS_DHE_PSK_WITH_NULL_SHA */ 1397 case 0x002E: /* TLS_RSA_PSK_WITH_NULL_SHA */ 1398 case 0x00B0: /* TLS_PSK_WITH_NULL_SHA256 */ 1399 case 0x00B1: /* TLS_PSK_WITH_NULL_SHA384 */ 1400 case 0x00B4: /* TLS_DHE_PSK_WITH_NULL_SHA256 */ 1401 case 0x00B5: /* TLS_DHE_PSK_WITH_NULL_SHA384 */ 1402 case 0x00B8: /* TLS_RSA_PSK_WITH_NULL_SHA256 */ 1403 case 0x00B9: /* TLS_RSA_PSK_WITH_NULL_SHA384 */ 1404 /* Disable anonymous ciphersuites: */ 1405 case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5: 1406 case SSL_DH_anon_WITH_RC4_128_MD5: 1407 case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA: 1408 case SSL_DH_anon_WITH_DES_CBC_SHA: 1409 case SSL_DH_anon_WITH_3DES_EDE_CBC_SHA: 1410 case TLS_DH_anon_WITH_AES_128_CBC_SHA: 1411 case TLS_DH_anon_WITH_AES_256_CBC_SHA: 1412 case 0xC015: /* TLS_ECDH_anon_WITH_NULL_SHA */ 1413 case 0xC016: /* TLS_ECDH_anon_WITH_RC4_128_SHA */ 1414 case 0xC017: /* TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA */ 1415 case 0xC018: /* TLS_ECDH_anon_WITH_AES_128_CBC_SHA */ 1416 case 0xC019: /* TLS_ECDH_anon_WITH_AES_256_CBC_SHA */ 1417 case 0x006C: /* TLS_DH_anon_WITH_AES_128_CBC_SHA256 */ 1418 case 0x006D: /* TLS_DH_anon_WITH_AES_256_CBC_SHA256 */ 1419 case 0x00A6: /* TLS_DH_anon_WITH_AES_128_GCM_SHA256 */ 1420 case 0x00A7: /* TLS_DH_anon_WITH_AES_256_GCM_SHA384 */ 1421 /* Disable weak key ciphersuites: */ 1422 case SSL_RSA_EXPORT_WITH_RC4_40_MD5: 1423 case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5: 1424 case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA: 1425 case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA: 1426 case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA: 1427 case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: 1428 case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: 1429 case SSL_RSA_WITH_DES_CBC_SHA: 1430 case SSL_DH_DSS_WITH_DES_CBC_SHA: 1431 case SSL_DH_RSA_WITH_DES_CBC_SHA: 1432 case SSL_DHE_DSS_WITH_DES_CBC_SHA: 1433 case SSL_DHE_RSA_WITH_DES_CBC_SHA: 1434 /* Disable IDEA: */ 1435 case SSL_RSA_WITH_IDEA_CBC_SHA: 1436 case SSL_RSA_WITH_IDEA_CBC_MD5: 1437 break; 1438 default: /* enable everything else */ 1439 allowed_ciphers[allowed_ciphers_count++] = all_ciphers[i]; 1440 break; 1441 } 1442 } 1443 err = SSLSetEnabledCiphers(connssl->ssl_ctx, allowed_ciphers, 1444 allowed_ciphers_count); 1445 if(err != noErr) { 1446 failf(data, "SSL: SSLSetEnabledCiphers() failed: OSStatus %d", err); 1447 return CURLE_SSL_CONNECT_ERROR; 1448 } 1449 } 1450 else { 1451 Curl_safefree(all_ciphers); 1452 Curl_safefree(allowed_ciphers); 1453 failf(data, "SSL: Failed to allocate memory for allowed ciphers"); 1454 return CURLE_OUT_OF_MEMORY; 1455 } 1456 Curl_safefree(all_ciphers); 1457 Curl_safefree(allowed_ciphers); 1458 1459 #if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 1460 /* We want to enable 1/n-1 when using a CBC cipher unless the user 1461 specifically doesn't want us doing that: */ 1462 if(SSLSetSessionOption != NULL) { 1463 SSLSetSessionOption(connssl->ssl_ctx, kSSLSessionOptionSendOneByteRecord, 1464 !data->set.ssl_enable_beast); 1465 SSLSetSessionOption(connssl->ssl_ctx, kSSLSessionOptionFalseStart, 1466 data->set.ssl.falsestart); /* false start support */ 1467 } 1468 #endif /* CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 */ 1469 1470 /* Check if there's a cached ID we can/should use here! */ 1471 if(!Curl_ssl_getsessionid(conn, (void **)&ssl_sessionid, 1472 &ssl_sessionid_len)) { 1473 /* we got a session id, use it! */ 1474 err = SSLSetPeerID(connssl->ssl_ctx, ssl_sessionid, ssl_sessionid_len); 1475 if(err != noErr) { 1476 failf(data, "SSL: SSLSetPeerID() failed: OSStatus %d", err); 1477 return CURLE_SSL_CONNECT_ERROR; 1478 } 1479 /* Informational message */ 1480 infof(data, "SSL re-using session ID\n"); 1481 } 1482 /* If there isn't one, then let's make one up! This has to be done prior 1483 to starting the handshake. */ 1484 else { 1485 CURLcode result; 1486 ssl_sessionid = 1487 aprintf("%s:%d:%d:%s:%hu", data->set.str[STRING_SSL_CAFILE], 1488 data->set.ssl.verifypeer, data->set.ssl.verifyhost, 1489 conn->host.name, conn->remote_port); 1490 ssl_sessionid_len = strlen(ssl_sessionid); 1491 1492 err = SSLSetPeerID(connssl->ssl_ctx, ssl_sessionid, ssl_sessionid_len); 1493 if(err != noErr) { 1494 failf(data, "SSL: SSLSetPeerID() failed: OSStatus %d", err); 1495 return CURLE_SSL_CONNECT_ERROR; 1496 } 1497 1498 result = Curl_ssl_addsessionid(conn, ssl_sessionid, ssl_sessionid_len); 1499 if(result) { 1500 failf(data, "failed to store ssl session"); 1501 return result; 1502 } 1503 } 1504 1505 err = SSLSetIOFuncs(connssl->ssl_ctx, SocketRead, SocketWrite); 1506 if(err != noErr) { 1507 failf(data, "SSL: SSLSetIOFuncs() failed: OSStatus %d", err); 1508 return CURLE_SSL_CONNECT_ERROR; 1509 } 1510 1511 /* pass the raw socket into the SSL layers */ 1512 /* We need to store the FD in a constant memory address, because 1513 * SSLSetConnection() will not copy that address. I've found that 1514 * conn->sock[sockindex] may change on its own. */ 1515 connssl->ssl_sockfd = sockfd; 1516 err = SSLSetConnection(connssl->ssl_ctx, connssl); 1517 if(err != noErr) { 1518 failf(data, "SSL: SSLSetConnection() failed: %d", err); 1519 return CURLE_SSL_CONNECT_ERROR; 1520 } 1521 1522 connssl->connecting_state = ssl_connect_2; 1523 return CURLE_OK; 1524 } 1525 1526 static long pem_to_der(const char *in, unsigned char **out, size_t *outlen) 1527 { 1528 char *sep_start, *sep_end, *cert_start, *cert_end; 1529 size_t i, j, err; 1530 size_t len; 1531 unsigned char *b64; 1532 1533 /* Jump through the separators at the beginning of the certificate. */ 1534 sep_start = strstr(in, "-----"); 1535 if(sep_start == NULL) 1536 return 0; 1537 cert_start = strstr(sep_start + 1, "-----"); 1538 if(cert_start == NULL) 1539 return -1; 1540 1541 cert_start += 5; 1542 1543 /* Find separator after the end of the certificate. */ 1544 cert_end = strstr(cert_start, "-----"); 1545 if(cert_end == NULL) 1546 return -1; 1547 1548 sep_end = strstr(cert_end + 1, "-----"); 1549 if(sep_end == NULL) 1550 return -1; 1551 sep_end += 5; 1552 1553 len = cert_end - cert_start; 1554 b64 = malloc(len + 1); 1555 if(!b64) 1556 return -1; 1557 1558 /* Create base64 string without linefeeds. */ 1559 for(i = 0, j = 0; i < len; i++) { 1560 if(cert_start[i] != '\r' && cert_start[i] != '\n') 1561 b64[j++] = cert_start[i]; 1562 } 1563 b64[j] = '\0'; 1564 1565 err = Curl_base64_decode((const char *)b64, out, outlen); 1566 free(b64); 1567 if(err) { 1568 free(*out); 1569 return -1; 1570 } 1571 1572 return sep_end - in; 1573 } 1574 1575 static int read_cert(const char *file, unsigned char **out, size_t *outlen) 1576 { 1577 int fd; 1578 ssize_t n, len = 0, cap = 512; 1579 unsigned char buf[cap], *data; 1580 1581 fd = open(file, 0); 1582 if(fd < 0) 1583 return -1; 1584 1585 data = malloc(cap); 1586 if(!data) { 1587 close(fd); 1588 return -1; 1589 } 1590 1591 for(;;) { 1592 n = read(fd, buf, sizeof(buf)); 1593 if(n < 0) { 1594 close(fd); 1595 free(data); 1596 return -1; 1597 } 1598 else if(n == 0) { 1599 close(fd); 1600 break; 1601 } 1602 1603 if(len + n >= cap) { 1604 cap *= 2; 1605 data = realloc(data, cap); 1606 if(!data) { 1607 close(fd); 1608 return -1; 1609 } 1610 } 1611 1612 memcpy(data + len, buf, n); 1613 len += n; 1614 } 1615 data[len] = '\0'; 1616 1617 *out = data; 1618 *outlen = len; 1619 1620 return 0; 1621 } 1622 1623 static int sslerr_to_curlerr(struct SessionHandle *data, int err) 1624 { 1625 switch(err) { 1626 case errSSLXCertChainInvalid: 1627 failf(data, "SSL certificate problem: Invalid certificate chain"); 1628 return CURLE_SSL_CACERT; 1629 case errSSLUnknownRootCert: 1630 failf(data, "SSL certificate problem: Untrusted root certificate"); 1631 return CURLE_SSL_CACERT; 1632 case errSSLNoRootCert: 1633 failf(data, "SSL certificate problem: No root certificate"); 1634 return CURLE_SSL_CACERT; 1635 case errSSLCertExpired: 1636 failf(data, "SSL certificate problem: Certificate chain had an " 1637 "expired certificate"); 1638 return CURLE_SSL_CACERT; 1639 case errSSLBadCert: 1640 failf(data, "SSL certificate problem: Couldn't understand the server " 1641 "certificate format"); 1642 return CURLE_SSL_CONNECT_ERROR; 1643 case errSSLHostNameMismatch: 1644 failf(data, "SSL certificate peer hostname mismatch"); 1645 return CURLE_PEER_FAILED_VERIFICATION; 1646 default: 1647 failf(data, "SSL unexpected certificate error %d", err); 1648 return CURLE_SSL_CACERT; 1649 } 1650 } 1651 1652 static int append_cert_to_array(struct SessionHandle *data, 1653 unsigned char *buf, size_t buflen, 1654 CFMutableArrayRef array) 1655 { 1656 CFDataRef certdata = CFDataCreate(kCFAllocatorDefault, buf, buflen); 1657 if(!certdata) { 1658 failf(data, "SSL: failed to allocate array for CA certificate"); 1659 return CURLE_OUT_OF_MEMORY; 1660 } 1661 1662 SecCertificateRef cacert = 1663 SecCertificateCreateWithData(kCFAllocatorDefault, certdata); 1664 CFRelease(certdata); 1665 if(!cacert) { 1666 failf(data, "SSL: failed to create SecCertificate from CA certificate"); 1667 return CURLE_SSL_CACERT; 1668 } 1669 1670 /* Check if cacert is valid. */ 1671 CFStringRef subject = CopyCertSubject(cacert); 1672 if(subject) { 1673 char subject_cbuf[128]; 1674 memset(subject_cbuf, 0, 128); 1675 if(!CFStringGetCString(subject, 1676 subject_cbuf, 1677 128, 1678 kCFStringEncodingUTF8)) { 1679 CFRelease(cacert); 1680 failf(data, "SSL: invalid CA certificate subject"); 1681 return CURLE_SSL_CACERT; 1682 } 1683 CFRelease(subject); 1684 } 1685 else { 1686 CFRelease(cacert); 1687 failf(data, "SSL: invalid CA certificate"); 1688 return CURLE_SSL_CACERT; 1689 } 1690 1691 CFArrayAppendValue(array, cacert); 1692 CFRelease(cacert); 1693 1694 return CURLE_OK; 1695 } 1696 1697 static int verify_cert(const char *cafile, struct SessionHandle *data, 1698 SSLContextRef ctx) 1699 { 1700 int n = 0, rc; 1701 long res; 1702 unsigned char *certbuf, *der; 1703 size_t buflen, derlen, offset = 0; 1704 1705 if(read_cert(cafile, &certbuf, &buflen) < 0) { 1706 failf(data, "SSL: failed to read or invalid CA certificate"); 1707 return CURLE_SSL_CACERT; 1708 } 1709 1710 /* 1711 * Certbuf now contains the contents of the certificate file, which can be 1712 * - a single DER certificate, 1713 * - a single PEM certificate or 1714 * - a bunch of PEM certificates (certificate bundle). 1715 * 1716 * Go through certbuf, and convert any PEM certificate in it into DER 1717 * format. 1718 */ 1719 CFMutableArrayRef array = CFArrayCreateMutable(kCFAllocatorDefault, 0, 1720 &kCFTypeArrayCallBacks); 1721 if(array == NULL) { 1722 free(certbuf); 1723 failf(data, "SSL: out of memory creating CA certificate array"); 1724 return CURLE_OUT_OF_MEMORY; 1725 } 1726 1727 while(offset < buflen) { 1728 n++; 1729 1730 /* 1731 * Check if the certificate is in PEM format, and convert it to DER. If 1732 * this fails, we assume the certificate is in DER format. 1733 */ 1734 res = pem_to_der((const char *)certbuf + offset, &der, &derlen); 1735 if(res < 0) { 1736 free(certbuf); 1737 CFRelease(array); 1738 failf(data, "SSL: invalid CA certificate #%d (offset %d) in bundle", 1739 n, offset); 1740 return CURLE_SSL_CACERT; 1741 } 1742 offset += res; 1743 1744 if(res == 0 && offset == 0) { 1745 /* This is not a PEM file, probably a certificate in DER format. */ 1746 rc = append_cert_to_array(data, certbuf, buflen, array); 1747 free(certbuf); 1748 if(rc != CURLE_OK) { 1749 CFRelease(array); 1750 return rc; 1751 } 1752 break; 1753 } 1754 else if(res == 0) { 1755 /* No more certificates in the bundle. */ 1756 free(certbuf); 1757 break; 1758 } 1759 1760 rc = append_cert_to_array(data, der, derlen, array); 1761 free(der); 1762 if(rc != CURLE_OK) { 1763 free(certbuf); 1764 CFRelease(array); 1765 return rc; 1766 } 1767 } 1768 1769 SecTrustRef trust; 1770 OSStatus ret = SSLCopyPeerTrust(ctx, &trust); 1771 if(trust == NULL) { 1772 failf(data, "SSL: error getting certificate chain"); 1773 CFRelease(array); 1774 return CURLE_OUT_OF_MEMORY; 1775 } 1776 else if(ret != noErr) { 1777 CFRelease(array); 1778 return sslerr_to_curlerr(data, ret); 1779 } 1780 1781 ret = SecTrustSetAnchorCertificates(trust, array); 1782 if(ret != noErr) { 1783 CFRelease(trust); 1784 return sslerr_to_curlerr(data, ret); 1785 } 1786 ret = SecTrustSetAnchorCertificatesOnly(trust, true); 1787 if(ret != noErr) { 1788 CFRelease(trust); 1789 return sslerr_to_curlerr(data, ret); 1790 } 1791 1792 SecTrustResultType trust_eval = 0; 1793 ret = SecTrustEvaluate(trust, &trust_eval); 1794 CFRelease(array); 1795 CFRelease(trust); 1796 if(ret != noErr) { 1797 return sslerr_to_curlerr(data, ret); 1798 } 1799 1800 switch (trust_eval) { 1801 case kSecTrustResultUnspecified: 1802 case kSecTrustResultProceed: 1803 return CURLE_OK; 1804 1805 case kSecTrustResultRecoverableTrustFailure: 1806 case kSecTrustResultDeny: 1807 default: 1808 failf(data, "SSL: certificate verification failed (result: %d)", 1809 trust_eval); 1810 return CURLE_PEER_FAILED_VERIFICATION; 1811 } 1812 } 1813 1814 static CURLcode 1815 darwinssl_connect_step2(struct connectdata *conn, int sockindex) 1816 { 1817 struct SessionHandle *data = conn->data; 1818 struct ssl_connect_data *connssl = &conn->ssl[sockindex]; 1819 OSStatus err; 1820 SSLCipherSuite cipher; 1821 SSLProtocol protocol = 0; 1822 1823 DEBUGASSERT(ssl_connect_2 == connssl->connecting_state 1824 || ssl_connect_2_reading == connssl->connecting_state 1825 || ssl_connect_2_writing == connssl->connecting_state); 1826 1827 /* Here goes nothing: */ 1828 err = SSLHandshake(connssl->ssl_ctx); 1829 1830 if(err != noErr) { 1831 switch (err) { 1832 case errSSLWouldBlock: /* they're not done with us yet */ 1833 connssl->connecting_state = connssl->ssl_direction ? 1834 ssl_connect_2_writing : ssl_connect_2_reading; 1835 return CURLE_OK; 1836 1837 /* The below is errSSLServerAuthCompleted; it's not defined in 1838 Leopard's headers */ 1839 case -9841: 1840 if(data->set.str[STRING_SSL_CAFILE]) { 1841 int res = verify_cert(data->set.str[STRING_SSL_CAFILE], data, 1842 connssl->ssl_ctx); 1843 if(res != CURLE_OK) 1844 return res; 1845 } 1846 /* the documentation says we need to call SSLHandshake() again */ 1847 return darwinssl_connect_step2(conn, sockindex); 1848 1849 /* These are all certificate problems with the server: */ 1850 case errSSLXCertChainInvalid: 1851 failf(data, "SSL certificate problem: Invalid certificate chain"); 1852 return CURLE_SSL_CACERT; 1853 case errSSLUnknownRootCert: 1854 failf(data, "SSL certificate problem: Untrusted root certificate"); 1855 return CURLE_SSL_CACERT; 1856 case errSSLNoRootCert: 1857 failf(data, "SSL certificate problem: No root certificate"); 1858 return CURLE_SSL_CACERT; 1859 case errSSLCertExpired: 1860 failf(data, "SSL certificate problem: Certificate chain had an " 1861 "expired certificate"); 1862 return CURLE_SSL_CACERT; 1863 case errSSLBadCert: 1864 failf(data, "SSL certificate problem: Couldn't understand the server " 1865 "certificate format"); 1866 return CURLE_SSL_CONNECT_ERROR; 1867 1868 /* These are all certificate problems with the client: */ 1869 case errSecAuthFailed: 1870 failf(data, "SSL authentication failed"); 1871 return CURLE_SSL_CONNECT_ERROR; 1872 case errSSLPeerHandshakeFail: 1873 failf(data, "SSL peer handshake failed, the server most likely " 1874 "requires a client certificate to connect"); 1875 return CURLE_SSL_CONNECT_ERROR; 1876 case errSSLPeerUnknownCA: 1877 failf(data, "SSL server rejected the client certificate due to " 1878 "the certificate being signed by an unknown certificate " 1879 "authority"); 1880 return CURLE_SSL_CONNECT_ERROR; 1881 1882 /* This error is raised if the server's cert didn't match the server's 1883 host name: */ 1884 case errSSLHostNameMismatch: 1885 failf(data, "SSL certificate peer verification failed, the " 1886 "certificate did not match \"%s\"\n", conn->host.dispname); 1887 return CURLE_PEER_FAILED_VERIFICATION; 1888 1889 /* Generic handshake errors: */ 1890 case errSSLConnectionRefused: 1891 failf(data, "Server dropped the connection during the SSL handshake"); 1892 return CURLE_SSL_CONNECT_ERROR; 1893 case errSSLClosedAbort: 1894 failf(data, "Server aborted the SSL handshake"); 1895 return CURLE_SSL_CONNECT_ERROR; 1896 case errSSLNegotiation: 1897 failf(data, "Could not negotiate an SSL cipher suite with the server"); 1898 return CURLE_SSL_CONNECT_ERROR; 1899 /* Sometimes paramErr happens with buggy ciphers: */ 1900 case paramErr: case errSSLInternal: 1901 failf(data, "Internal SSL engine error encountered during the " 1902 "SSL handshake"); 1903 return CURLE_SSL_CONNECT_ERROR; 1904 case errSSLFatalAlert: 1905 failf(data, "Fatal SSL engine error encountered during the SSL " 1906 "handshake"); 1907 return CURLE_SSL_CONNECT_ERROR; 1908 default: 1909 failf(data, "Unknown SSL protocol error in connection to %s:%d", 1910 conn->host.name, err); 1911 return CURLE_SSL_CONNECT_ERROR; 1912 } 1913 } 1914 else { 1915 /* we have been connected fine, we're not waiting for anything else. */ 1916 connssl->connecting_state = ssl_connect_3; 1917 1918 /* Informational message */ 1919 (void)SSLGetNegotiatedCipher(connssl->ssl_ctx, &cipher); 1920 (void)SSLGetNegotiatedProtocolVersion(connssl->ssl_ctx, &protocol); 1921 switch (protocol) { 1922 case kSSLProtocol2: 1923 infof(data, "SSL 2.0 connection using %s\n", 1924 SSLCipherNameForNumber(cipher)); 1925 break; 1926 case kSSLProtocol3: 1927 infof(data, "SSL 3.0 connection using %s\n", 1928 SSLCipherNameForNumber(cipher)); 1929 break; 1930 case kTLSProtocol1: 1931 infof(data, "TLS 1.0 connection using %s\n", 1932 TLSCipherNameForNumber(cipher)); 1933 break; 1934 #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS 1935 case kTLSProtocol11: 1936 infof(data, "TLS 1.1 connection using %s\n", 1937 TLSCipherNameForNumber(cipher)); 1938 break; 1939 case kTLSProtocol12: 1940 infof(data, "TLS 1.2 connection using %s\n", 1941 TLSCipherNameForNumber(cipher)); 1942 break; 1943 #endif 1944 default: 1945 infof(data, "Unknown protocol connection\n"); 1946 break; 1947 } 1948 1949 return CURLE_OK; 1950 } 1951 } 1952 1953 static CURLcode 1954 darwinssl_connect_step3(struct connectdata *conn, 1955 int sockindex) 1956 { 1957 struct SessionHandle *data = conn->data; 1958 struct ssl_connect_data *connssl = &conn->ssl[sockindex]; 1959 CFStringRef server_cert_summary; 1960 char server_cert_summary_c[128]; 1961 CFArrayRef server_certs = NULL; 1962 SecCertificateRef server_cert; 1963 OSStatus err; 1964 CFIndex i, count; 1965 SecTrustRef trust = NULL; 1966 1967 /* There is no step 3! 1968 * Well, okay, if verbose mode is on, let's print the details of the 1969 * server certificates. */ 1970 #if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS 1971 #if CURL_BUILD_IOS 1972 #pragma unused(server_certs) 1973 err = SSLCopyPeerTrust(connssl->ssl_ctx, &trust); 1974 /* For some reason, SSLCopyPeerTrust() can return noErr and yet return 1975 a null trust, so be on guard for that: */ 1976 if(err == noErr && trust) { 1977 count = SecTrustGetCertificateCount(trust); 1978 for(i = 0L ; i < count ; i++) { 1979 server_cert = SecTrustGetCertificateAtIndex(trust, i); 1980 server_cert_summary = CopyCertSubject(server_cert); 1981 memset(server_cert_summary_c, 0, 128); 1982 if(CFStringGetCString(server_cert_summary, 1983 server_cert_summary_c, 1984 128, 1985 kCFStringEncodingUTF8)) { 1986 infof(data, "Server certificate: %s\n", server_cert_summary_c); 1987 } 1988 CFRelease(server_cert_summary); 1989 } 1990 CFRelease(trust); 1991 } 1992 #else 1993 /* SSLCopyPeerCertificates() is deprecated as of Mountain Lion. 1994 The function SecTrustGetCertificateAtIndex() is officially present 1995 in Lion, but it is unfortunately also present in Snow Leopard as 1996 private API and doesn't work as expected. So we have to look for 1997 a different symbol to make sure this code is only executed under 1998 Lion or later. */ 1999 if(SecTrustEvaluateAsync != NULL) { 2000 #pragma unused(server_certs) 2001 err = SSLCopyPeerTrust(connssl->ssl_ctx, &trust); 2002 /* For some reason, SSLCopyPeerTrust() can return noErr and yet return 2003 a null trust, so be on guard for that: */ 2004 if(err == noErr && trust) { 2005 count = SecTrustGetCertificateCount(trust); 2006 for(i = 0L ; i < count ; i++) { 2007 server_cert = SecTrustGetCertificateAtIndex(trust, i); 2008 server_cert_summary = CopyCertSubject(server_cert); 2009 memset(server_cert_summary_c, 0, 128); 2010 if(CFStringGetCString(server_cert_summary, 2011 server_cert_summary_c, 2012 128, 2013 kCFStringEncodingUTF8)) { 2014 infof(data, "Server certificate: %s\n", server_cert_summary_c); 2015 } 2016 CFRelease(server_cert_summary); 2017 } 2018 CFRelease(trust); 2019 } 2020 } 2021 else { 2022 #if CURL_SUPPORT_MAC_10_8 2023 err = SSLCopyPeerCertificates(connssl->ssl_ctx, &server_certs); 2024 /* Just in case SSLCopyPeerCertificates() returns null too... */ 2025 if(err == noErr && server_certs) { 2026 count = CFArrayGetCount(server_certs); 2027 for(i = 0L ; i < count ; i++) { 2028 server_cert = (SecCertificateRef)CFArrayGetValueAtIndex(server_certs, 2029 i); 2030 2031 server_cert_summary = CopyCertSubject(server_cert); 2032 memset(server_cert_summary_c, 0, 128); 2033 if(CFStringGetCString(server_cert_summary, 2034 server_cert_summary_c, 2035 128, 2036 kCFStringEncodingUTF8)) { 2037 infof(data, "Server certificate: %s\n", server_cert_summary_c); 2038 } 2039 CFRelease(server_cert_summary); 2040 } 2041 CFRelease(server_certs); 2042 } 2043 #endif /* CURL_SUPPORT_MAC_10_8 */ 2044 } 2045 #endif /* CURL_BUILD_IOS */ 2046 #else 2047 #pragma unused(trust) 2048 err = SSLCopyPeerCertificates(connssl->ssl_ctx, &server_certs); 2049 if(err == noErr) { 2050 count = CFArrayGetCount(server_certs); 2051 for(i = 0L ; i < count ; i++) { 2052 server_cert = (SecCertificateRef)CFArrayGetValueAtIndex(server_certs, i); 2053 server_cert_summary = CopyCertSubject(server_cert); 2054 memset(server_cert_summary_c, 0, 128); 2055 if(CFStringGetCString(server_cert_summary, 2056 server_cert_summary_c, 2057 128, 2058 kCFStringEncodingUTF8)) { 2059 infof(data, "Server certificate: %s\n", server_cert_summary_c); 2060 } 2061 CFRelease(server_cert_summary); 2062 } 2063 CFRelease(server_certs); 2064 } 2065 #endif /* CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS */ 2066 2067 connssl->connecting_state = ssl_connect_done; 2068 return CURLE_OK; 2069 } 2070 2071 static Curl_recv darwinssl_recv; 2072 static Curl_send darwinssl_send; 2073 2074 static CURLcode 2075 darwinssl_connect_common(struct connectdata *conn, 2076 int sockindex, 2077 bool nonblocking, 2078 bool *done) 2079 { 2080 CURLcode result; 2081 struct SessionHandle *data = conn->data; 2082 struct ssl_connect_data *connssl = &conn->ssl[sockindex]; 2083 curl_socket_t sockfd = conn->sock[sockindex]; 2084 long timeout_ms; 2085 int what; 2086 2087 /* check if the connection has already been established */ 2088 if(ssl_connection_complete == connssl->state) { 2089 *done = TRUE; 2090 return CURLE_OK; 2091 } 2092 2093 if(ssl_connect_1==connssl->connecting_state) { 2094 /* Find out how much more time we're allowed */ 2095 timeout_ms = Curl_timeleft(data, NULL, TRUE); 2096 2097 if(timeout_ms < 0) { 2098 /* no need to continue if time already is up */ 2099 failf(data, "SSL connection timeout"); 2100 return CURLE_OPERATION_TIMEDOUT; 2101 } 2102 2103 result = darwinssl_connect_step1(conn, sockindex); 2104 if(result) 2105 return result; 2106 } 2107 2108 while(ssl_connect_2 == connssl->connecting_state || 2109 ssl_connect_2_reading == connssl->connecting_state || 2110 ssl_connect_2_writing == connssl->connecting_state) { 2111 2112 /* check allowed time left */ 2113 timeout_ms = Curl_timeleft(data, NULL, TRUE); 2114 2115 if(timeout_ms < 0) { 2116 /* no need to continue if time already is up */ 2117 failf(data, "SSL connection timeout"); 2118 return CURLE_OPERATION_TIMEDOUT; 2119 } 2120 2121 /* if ssl is expecting something, check if it's available. */ 2122 if(connssl->connecting_state == ssl_connect_2_reading || 2123 connssl->connecting_state == ssl_connect_2_writing) { 2124 2125 curl_socket_t writefd = ssl_connect_2_writing == 2126 connssl->connecting_state?sockfd:CURL_SOCKET_BAD; 2127 curl_socket_t readfd = ssl_connect_2_reading == 2128 connssl->connecting_state?sockfd:CURL_SOCKET_BAD; 2129 2130 what = Curl_socket_ready(readfd, writefd, nonblocking?0:timeout_ms); 2131 if(what < 0) { 2132 /* fatal error */ 2133 failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO); 2134 return CURLE_SSL_CONNECT_ERROR; 2135 } 2136 else if(0 == what) { 2137 if(nonblocking) { 2138 *done = FALSE; 2139 return CURLE_OK; 2140 } 2141 else { 2142 /* timeout */ 2143 failf(data, "SSL connection timeout"); 2144 return CURLE_OPERATION_TIMEDOUT; 2145 } 2146 } 2147 /* socket is readable or writable */ 2148 } 2149 2150 /* Run transaction, and return to the caller if it failed or if this 2151 * connection is done nonblocking and this loop would execute again. This 2152 * permits the owner of a multi handle to abort a connection attempt 2153 * before step2 has completed while ensuring that a client using select() 2154 * or epoll() will always have a valid fdset to wait on. 2155 */ 2156 result = darwinssl_connect_step2(conn, sockindex); 2157 if(result || (nonblocking && 2158 (ssl_connect_2 == connssl->connecting_state || 2159 ssl_connect_2_reading == connssl->connecting_state || 2160 ssl_connect_2_writing == connssl->connecting_state))) 2161 return result; 2162 2163 } /* repeat step2 until all transactions are done. */ 2164 2165 2166 if(ssl_connect_3 == connssl->connecting_state) { 2167 result = darwinssl_connect_step3(conn, sockindex); 2168 if(result) 2169 return result; 2170 } 2171 2172 if(ssl_connect_done == connssl->connecting_state) { 2173 connssl->state = ssl_connection_complete; 2174 conn->recv[sockindex] = darwinssl_recv; 2175 conn->send[sockindex] = darwinssl_send; 2176 *done = TRUE; 2177 } 2178 else 2179 *done = FALSE; 2180 2181 /* Reset our connect state machine */ 2182 connssl->connecting_state = ssl_connect_1; 2183 2184 return CURLE_OK; 2185 } 2186 2187 CURLcode 2188 Curl_darwinssl_connect_nonblocking(struct connectdata *conn, 2189 int sockindex, 2190 bool *done) 2191 { 2192 return darwinssl_connect_common(conn, sockindex, TRUE, done); 2193 } 2194 2195 CURLcode 2196 Curl_darwinssl_connect(struct connectdata *conn, 2197 int sockindex) 2198 { 2199 CURLcode result; 2200 bool done = FALSE; 2201 2202 result = darwinssl_connect_common(conn, sockindex, FALSE, &done); 2203 2204 if(result) 2205 return result; 2206 2207 DEBUGASSERT(done); 2208 2209 return CURLE_OK; 2210 } 2211 2212 void Curl_darwinssl_close(struct connectdata *conn, int sockindex) 2213 { 2214 struct ssl_connect_data *connssl = &conn->ssl[sockindex]; 2215 2216 if(connssl->ssl_ctx) { 2217 (void)SSLClose(connssl->ssl_ctx); 2218 #if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS 2219 if(SSLCreateContext != NULL) 2220 CFRelease(connssl->ssl_ctx); 2221 #if CURL_SUPPORT_MAC_10_8 2222 else 2223 (void)SSLDisposeContext(connssl->ssl_ctx); 2224 #endif /* CURL_SUPPORT_MAC_10_8 */ 2225 #else 2226 (void)SSLDisposeContext(connssl->ssl_ctx); 2227 #endif /* CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS */ 2228 connssl->ssl_ctx = NULL; 2229 } 2230 connssl->ssl_sockfd = 0; 2231 } 2232 2233 int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex) 2234 { 2235 struct ssl_connect_data *connssl = &conn->ssl[sockindex]; 2236 struct SessionHandle *data = conn->data; 2237 ssize_t nread; 2238 int what; 2239 int rc; 2240 char buf[120]; 2241 2242 if(!connssl->ssl_ctx) 2243 return 0; 2244 2245 if(data->set.ftp_ccc != CURLFTPSSL_CCC_ACTIVE) 2246 return 0; 2247 2248 Curl_darwinssl_close(conn, sockindex); 2249 2250 rc = 0; 2251 2252 what = Curl_socket_ready(conn->sock[sockindex], 2253 CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT); 2254 2255 for(;;) { 2256 if(what < 0) { 2257 /* anything that gets here is fatally bad */ 2258 failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO); 2259 rc = -1; 2260 break; 2261 } 2262 2263 if(!what) { /* timeout */ 2264 failf(data, "SSL shutdown timeout"); 2265 break; 2266 } 2267 2268 /* Something to read, let's do it and hope that it is the close 2269 notify alert from the server. No way to SSL_Read now, so use read(). */ 2270 2271 nread = read(conn->sock[sockindex], buf, sizeof(buf)); 2272 2273 if(nread < 0) { 2274 failf(data, "read: %s", strerror(errno)); 2275 rc = -1; 2276 } 2277 2278 if(nread <= 0) 2279 break; 2280 2281 what = Curl_socket_ready(conn->sock[sockindex], CURL_SOCKET_BAD, 0); 2282 } 2283 2284 return rc; 2285 } 2286 2287 void Curl_darwinssl_session_free(void *ptr) 2288 { 2289 /* ST, as of iOS 5 and Mountain Lion, has no public method of deleting a 2290 cached session ID inside the Security framework. There is a private 2291 function that does this, but I don't want to have to explain to you why I 2292 got your application rejected from the App Store due to the use of a 2293 private API, so the best we can do is free up our own char array that we 2294 created way back in darwinssl_connect_step1... */ 2295 Curl_safefree(ptr); 2296 } 2297 2298 size_t Curl_darwinssl_version(char *buffer, size_t size) 2299 { 2300 return snprintf(buffer, size, "SecureTransport"); 2301 } 2302 2303 /* 2304 * This function uses SSLGetSessionState to determine connection status. 2305 * 2306 * Return codes: 2307 * 1 means the connection is still in place 2308 * 0 means the connection has been closed 2309 * -1 means the connection status is unknown 2310 */ 2311 int Curl_darwinssl_check_cxn(struct connectdata *conn) 2312 { 2313 struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET]; 2314 OSStatus err; 2315 SSLSessionState state; 2316 2317 if(connssl->ssl_ctx) { 2318 err = SSLGetSessionState(connssl->ssl_ctx, &state); 2319 if(err == noErr) 2320 return state == kSSLConnected || state == kSSLHandshake; 2321 return -1; 2322 } 2323 return 0; 2324 } 2325 2326 bool Curl_darwinssl_data_pending(const struct connectdata *conn, 2327 int connindex) 2328 { 2329 const struct ssl_connect_data *connssl = &conn->ssl[connindex]; 2330 OSStatus err; 2331 size_t buffer; 2332 2333 if(connssl->ssl_ctx) { /* SSL is in use */ 2334 err = SSLGetBufferedReadSize(connssl->ssl_ctx, &buffer); 2335 if(err == noErr) 2336 return buffer > 0UL; 2337 return false; 2338 } 2339 else 2340 return false; 2341 } 2342 2343 int Curl_darwinssl_random(unsigned char *entropy, 2344 size_t length) 2345 { 2346 /* arc4random_buf() isn't available on cats older than Lion, so let's 2347 do this manually for the benefit of the older cats. */ 2348 size_t i; 2349 u_int32_t random_number = 0; 2350 2351 for(i = 0 ; i < length ; i++) { 2352 if(i % sizeof(u_int32_t) == 0) 2353 random_number = arc4random(); 2354 entropy[i] = random_number & 0xFF; 2355 random_number >>= 8; 2356 } 2357 i = random_number = 0; 2358 return 0; 2359 } 2360 2361 void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */ 2362 size_t tmplen, 2363 unsigned char *md5sum, /* output */ 2364 size_t md5len) 2365 { 2366 (void)md5len; 2367 (void)CC_MD5(tmp, (CC_LONG)tmplen, md5sum); 2368 } 2369 2370 bool Curl_darwinssl_false_start(void) { 2371 #if CURL_BUILD_MAC_10_9 || CURL_BUILD_IOS_7 2372 if(SSLSetSessionOption != NULL) 2373 return TRUE; 2374 #endif 2375 return FALSE; 2376 } 2377 2378 static ssize_t darwinssl_send(struct connectdata *conn, 2379 int sockindex, 2380 const void *mem, 2381 size_t len, 2382 CURLcode *curlcode) 2383 { 2384 /*struct SessionHandle *data = conn->data;*/ 2385 struct ssl_connect_data *connssl = &conn->ssl[sockindex]; 2386 size_t processed = 0UL; 2387 OSStatus err; 2388 2389 /* The SSLWrite() function works a little differently than expected. The 2390 fourth argument (processed) is currently documented in Apple's 2391 documentation as: "On return, the length, in bytes, of the data actually 2392 written." 2393 2394 Now, one could interpret that as "written to the socket," but actually, 2395 it returns the amount of data that was written to a buffer internal to 2396 the SSLContextRef instead. So it's possible for SSLWrite() to return 2397 errSSLWouldBlock and a number of bytes "written" because those bytes were 2398 encrypted and written to a buffer, not to the socket. 2399 2400 So if this happens, then we need to keep calling SSLWrite() over and 2401 over again with no new data until it quits returning errSSLWouldBlock. */ 2402 2403 /* Do we have buffered data to write from the last time we were called? */ 2404 if(connssl->ssl_write_buffered_length) { 2405 /* Write the buffered data: */ 2406 err = SSLWrite(connssl->ssl_ctx, NULL, 0UL, &processed); 2407 switch (err) { 2408 case noErr: 2409 /* processed is always going to be 0 because we didn't write to 2410 the buffer, so return how much was written to the socket */ 2411 processed = connssl->ssl_write_buffered_length; 2412 connssl->ssl_write_buffered_length = 0UL; 2413 break; 2414 case errSSLWouldBlock: /* argh, try again */ 2415 *curlcode = CURLE_AGAIN; 2416 return -1L; 2417 default: 2418 failf(conn->data, "SSLWrite() returned error %d", err); 2419 *curlcode = CURLE_SEND_ERROR; 2420 return -1L; 2421 } 2422 } 2423 else { 2424 /* We've got new data to write: */ 2425 err = SSLWrite(connssl->ssl_ctx, mem, len, &processed); 2426 if(err != noErr) { 2427 switch (err) { 2428 case errSSLWouldBlock: 2429 /* Data was buffered but not sent, we have to tell the caller 2430 to try sending again, and remember how much was buffered */ 2431 connssl->ssl_write_buffered_length = len; 2432 *curlcode = CURLE_AGAIN; 2433 return -1L; 2434 default: 2435 failf(conn->data, "SSLWrite() returned error %d", err); 2436 *curlcode = CURLE_SEND_ERROR; 2437 return -1L; 2438 } 2439 } 2440 } 2441 return (ssize_t)processed; 2442 } 2443 2444 static ssize_t darwinssl_recv(struct connectdata *conn, 2445 int num, 2446 char *buf, 2447 size_t buffersize, 2448 CURLcode *curlcode) 2449 { 2450 /*struct SessionHandle *data = conn->data;*/ 2451 struct ssl_connect_data *connssl = &conn->ssl[num]; 2452 size_t processed = 0UL; 2453 OSStatus err = SSLRead(connssl->ssl_ctx, buf, buffersize, &processed); 2454 2455 if(err != noErr) { 2456 switch (err) { 2457 case errSSLWouldBlock: /* return how much we read (if anything) */ 2458 if(processed) 2459 return (ssize_t)processed; 2460 *curlcode = CURLE_AGAIN; 2461 return -1L; 2462 break; 2463 2464 /* errSSLClosedGraceful - server gracefully shut down the SSL session 2465 errSSLClosedNoNotify - server hung up on us instead of sending a 2466 closure alert notice, read() is returning 0 2467 Either way, inform the caller that the server disconnected. */ 2468 case errSSLClosedGraceful: 2469 case errSSLClosedNoNotify: 2470 *curlcode = CURLE_OK; 2471 return -1L; 2472 break; 2473 2474 default: 2475 failf(conn->data, "SSLRead() return error %d", err); 2476 *curlcode = CURLE_RECV_ERROR; 2477 return -1L; 2478 break; 2479 } 2480 } 2481 return (ssize_t)processed; 2482 } 2483 2484 #endif /* USE_DARWINSSL */ 2485