luna - curl/lib/vtls/wolfssl.c

   1/***************************************************************************
   2 *                                  _   _ ____  _
   3 *  Project                     ___| | | |  _ \| |
   4 *                             / __| | | | |_) | |
   5 *                            | (__| |_| |  _ <| |___
   6 *                             \___|\___/|_| \_\_____|
   7 *
   8 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
   9 *
  10 * This software is licensed as described in the file COPYING, which
  11 * you should have received as part of this distribution. The terms
  12 * are also available at https://curl.se/docs/copyright.html.
  13 *
  14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15 * copies of the Software, and permit persons to whom the Software is
  16 * furnished to do so, under the terms of the COPYING file.
  17 *
  18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19 * KIND, either express or implied.
  20 *
  21 * SPDX-License-Identifier: curl
  22 *
  23 ***************************************************************************/
  24/*
  25 * Source file for all wolfSSL specific code for the TLS/SSL layer. No code
  26 * but vtls.c should ever call or use these functions.
  27 *
  28 */
  29#include "curl_setup.h"
  30
  31#ifdef USE_WOLFSSL
  32
  33#include <wolfssl/options.h>
  34#include <wolfssl/version.h>
  35
  36#if LIBWOLFSSL_VERSION_HEX < 0x05000000 /* wolfSSL 5.0.0 (2021-11-01) */
  37#error "wolfSSL version should be at least 5.0.0"
  38#endif
  39#if defined(OPENSSL_COEXIST) && LIBWOLFSSL_VERSION_HEX < 0x05007006
  40#error "wolfSSL 5.7.6 or newer is required to coexist with OpenSSL"
  41#endif
  42
  43/* To determine what functions are available we rely on one or both of:
  44   - the user's options.h generated by wolfSSL
  45   - the symbols detected by curl's configure
  46   Since they are markedly different from one another, and one or the other may
  47   not be available, we do some checking below to bring things in sync. */
  48
  49/* HAVE_ALPN is wolfSSL's build time symbol for enabling ALPN in options.h. */
  50#ifndef HAVE_ALPN
  51#ifdef HAVE_WOLFSSL_USEALPN
  52#define HAVE_ALPN
  53#endif
  54#endif
  55
  56#include "urldata.h"
  57#include "curl_trc.h"
  58#include "httpsrr.h"
  59#include "cf-dns.h"
  60#include "vtls/vtls.h"
  61#include "vtls/vtls_int.h"
  62#include "vtls/vtls_scache.h"
  63#include "vtls/keylog.h"
  64#include "connect.h" /* for the connect timeout */
  65#include "progress.h"
  66#include "curlx/strdup.h"
  67#include "curlx/strcopy.h"
  68#include "vtls/x509asn1.h"
  69#ifdef USE_ECH
  70#include "curlx/base64.h"
  71#endif
  72
  73#include <wolfssl/ssl.h>
  74#include <wolfssl/error-ssl.h>
  75
  76#include "vtls/wolfssl.h"
  77
  78/* KEEP_PEER_CERT is a product of the presence of build time symbol
  79   OPENSSL_EXTRA without NO_CERTS, depending on the version. KEEP_PEER_CERT is
  80   in wolfSSL's settings.h, and the latter two are build time symbols in
  81   options.h. */
  82#ifndef KEEP_PEER_CERT
  83#if defined(HAVE_WOLFSSL_GET_PEER_CERTIFICATE) || \
  84    (defined(OPENSSL_EXTRA) && !defined(NO_CERTS))
  85#define KEEP_PEER_CERT
  86#endif
  87#endif
  88
  89#ifdef HAVE_WOLFSSL_BIO_NEW
  90#define USE_BIO_CHAIN
  91#ifdef HAVE_WOLFSSL_BIO_SET_SHUTDOWN
  92#define USE_FULL_BIO
  93#else /* HAVE_WOLFSSL_BIO_SET_SHUTDOWN */
  94#undef USE_FULL_BIO
  95#endif
  96/* wolfSSL 5.7.4 and older do not have these symbols, but only the
  97 * OpenSSL ones. */
  98#ifndef WOLFSSL_BIO_CTRL_GET_CLOSE
  99#define WOLFSSL_BIO_CTRL_GET_CLOSE    BIO_CTRL_GET_CLOSE
 100#define WOLFSSL_BIO_CTRL_SET_CLOSE    BIO_CTRL_SET_CLOSE
 101#define WOLFSSL_BIO_CTRL_FLUSH        BIO_CTRL_FLUSH
 102#define WOLFSSL_BIO_CTRL_DUP          BIO_CTRL_DUP
 103#define wolfSSL_BIO_set_retry_write   BIO_set_retry_write
 104#define wolfSSL_BIO_set_retry_read    BIO_set_retry_read
 105#endif /* !WOLFSSL_BIO_CTRL_GET_CLOSE */
 106
 107#else /* HAVE_WOLFSSL_BIO_NEW */
 108#undef USE_BIO_CHAIN
 109#endif
 110
 111#ifdef OPENSSL_EXTRA
 112/*
 113 * Availability note:
 114 * The TLS 1.3 secret callback (wolfSSL_set_tls13_secret_cb) was added in
 115 * wolfSSL 4.4.0, but requires the -DHAVE_SECRET_CALLBACK build option. If that
 116 * option is not set, then TLS 1.3 is not logged.
 117 * For TLS 1.2 and before, we use wolfSSL_get_keys().
 118 * wolfSSL_get_client_random and wolfSSL_get_keys require OPENSSL_EXTRA
 119 * (--enable-opensslextra or --enable-all).
 120 */
 121#if defined(HAVE_SECRET_CALLBACK) && defined(WOLFSSL_TLS13)
 122static int wssl_tls13_secret_callback(SSL *ssl, int id,
 123                                      const unsigned char *secret,
 124                                      int secretSz, void *ctx)
 125{
 126  const char *label;
 127  unsigned char client_random[SSL3_RANDOM_SIZE];
 128  (void)ctx;
 129
 130  if(!ssl || !Curl_tls_keylog_enabled()) {
 131    return 0;
 132  }
 133
 134  switch(id) {
 135  case CLIENT_EARLY_TRAFFIC_SECRET:
 136    label = "CLIENT_EARLY_TRAFFIC_SECRET";
 137    break;
 138  case CLIENT_HANDSHAKE_TRAFFIC_SECRET:
 139    label = "CLIENT_HANDSHAKE_TRAFFIC_SECRET";
 140    break;
 141  case SERVER_HANDSHAKE_TRAFFIC_SECRET:
 142    label = "SERVER_HANDSHAKE_TRAFFIC_SECRET";
 143    break;
 144  case CLIENT_TRAFFIC_SECRET:
 145    label = "CLIENT_TRAFFIC_SECRET_0";
 146    break;
 147  case SERVER_TRAFFIC_SECRET:
 148    label = "SERVER_TRAFFIC_SECRET_0";
 149    break;
 150  case EARLY_EXPORTER_SECRET:
 151    label = "EARLY_EXPORTER_SECRET";
 152    break;
 153  case EXPORTER_SECRET:
 154    label = "EXPORTER_SECRET";
 155    break;
 156  default:
 157    return 0;
 158  }
 159
 160  if(wolfSSL_get_client_random(ssl, client_random, SSL3_RANDOM_SIZE) == 0) {
 161    /* Should never happen as wolfSSL_KeepArrays() was called before. */
 162    return 0;
 163  }
 164
 165  Curl_tls_keylog_write(label, client_random, secret, secretSz);
 166  return 0;
 167}
 168#endif /* HAVE_SECRET_CALLBACK && WOLFSSL_TLS13 */
 169
 170static void wssl_log_tls12_secret(WOLFSSL *ssl)
 171{
 172  unsigned char *ms, *sr, *cr;
 173  unsigned int msLen, srLen, crLen, i, x = 0;
 174
 175  /* wolfSSL_GetVersion is available since 3.13, we use it instead of
 176   * SSL_version since the latter relies on OPENSSL_ALL (--enable-opensslall or
 177   * --enable-all). Failing to perform this check could result in an unusable
 178   * key log line when TLS 1.3 is actually negotiated. */
 179  switch(wolfSSL_GetVersion(ssl)) {
 180  case WOLFSSL_SSLV3:
 181  case WOLFSSL_TLSV1:
 182  case WOLFSSL_TLSV1_1:
 183  case WOLFSSL_TLSV1_2:
 184    break;
 185  default:
 186    /* TLS 1.3 does not use this mechanism, the "master secret" returned below
 187     * is not directly usable. */
 188    return;
 189  }
 190
 191  if(wolfSSL_get_keys(ssl, &ms, &msLen, &sr, &srLen, &cr, &crLen) !=
 192     WOLFSSL_SUCCESS) {
 193    return;
 194  }
 195
 196  /* Check for a missing master secret and skip logging. That can happen if
 197   * curl rejects the server certificate and aborts the handshake.
 198   */
 199  for(i = 0; i < msLen; i++) {
 200    x |= ms[i];
 201  }
 202  if(x == 0) {
 203    return;
 204  }
 205
 206  Curl_tls_keylog_write("CLIENT_RANDOM", cr, ms, msLen);
 207}
 208#endif /* OPENSSL_EXTRA */
 209
 210static int wssl_do_file_type(const char *type)
 211{
 212  if(!type || !type[0])
 213    return WOLFSSL_FILETYPE_PEM;
 214  if(curl_strequal(type, "PEM"))
 215    return WOLFSSL_FILETYPE_PEM;
 216  if(curl_strequal(type, "DER"))
 217    return WOLFSSL_FILETYPE_ASN1;
 218  return -1;
 219}
 220
 221#ifdef WOLFSSL_HAVE_KYBER
 222struct group_name_map {
 223  const word16 group;
 224  const char   *name;
 225};
 226
 227static const struct group_name_map gnm[] = {
 228  { WOLFSSL_ML_KEM_512, "ML_KEM_512" },
 229  { WOLFSSL_ML_KEM_768, "ML_KEM_768" },
 230  { WOLFSSL_ML_KEM_1024, "ML_KEM_1024" },
 231  { WOLFSSL_SECP256R1MLKEM512, "SecP256r1MLKEM512" },
 232  { WOLFSSL_SECP384R1MLKEM768, "SecP384r1MLKEM768" },
 233  { WOLFSSL_SECP521R1MLKEM1024, "SecP521r1MLKEM1024" },
 234  { WOLFSSL_SECP256R1MLKEM768, "SecP256r1MLKEM768" },
 235  { WOLFSSL_SECP384R1MLKEM1024, "SecP384r1MLKEM1024" },
 236  { WOLFSSL_X25519MLKEM768, "X25519MLKEM768" },
 237  { 0, NULL }
 238};
 239#endif
 240
 241#ifdef USE_BIO_CHAIN
 242
 243static int wssl_bio_cf_create(WOLFSSL_BIO *bio)
 244{
 245#ifdef USE_FULL_BIO
 246  wolfSSL_BIO_set_shutdown(bio, 1);
 247#endif
 248  wolfSSL_BIO_set_data(bio, NULL);
 249  return 1;
 250}
 251
 252static int wssl_bio_cf_destroy(WOLFSSL_BIO *bio)
 253{
 254  if(!bio)
 255    return 0;
 256  return 1;
 257}
 258
 259static long wssl_bio_cf_ctrl(WOLFSSL_BIO *bio, int cmd, long num, void *ptr)
 260{
 261  struct Curl_cfilter *cf = wolfSSL_BIO_get_data(bio);
 262  long ret = 1;
 263
 264  (void)cf;
 265  (void)ptr;
 266  (void)num;
 267  switch(cmd) {
 268  case WOLFSSL_BIO_CTRL_GET_CLOSE:
 269#ifdef USE_FULL_BIO
 270    ret = (long)wolfSSL_BIO_get_shutdown(bio);
 271#else
 272    ret = 0;
 273#endif
 274    break;
 275  case WOLFSSL_BIO_CTRL_SET_CLOSE:
 276#ifdef USE_FULL_BIO
 277    wolfSSL_BIO_set_shutdown(bio, (int)num);
 278#endif
 279    break;
 280  case WOLFSSL_BIO_CTRL_FLUSH:
 281    /* we do no delayed writes, but if we ever would, this
 282     * needs to trigger it. */
 283    ret = 1;
 284    break;
 285  case WOLFSSL_BIO_CTRL_DUP:
 286    ret = 1;
 287    break;
 288#ifdef WOLFSSL_BIO_CTRL_EOF
 289  case WOLFSSL_BIO_CTRL_EOF: {
 290    /* EOF has been reached on input? */
 291    struct ssl_connect_data *connssl = cf->ctx;
 292    return connssl->peer_closed;
 293  }
 294#endif
 295  default:
 296    ret = 0;
 297    break;
 298  }
 299  return ret;
 300}
 301
 302static int wssl_bio_cf_out_write(WOLFSSL_BIO *bio, const char *buf, int blen)
 303{
 304  struct Curl_cfilter *cf = wolfSSL_BIO_get_data(bio);
 305  struct ssl_connect_data *connssl = cf->ctx;
 306  struct wssl_ctx *wssl = (struct wssl_ctx *)connssl->backend;
 307  struct Curl_easy *data = CF_DATA_CURRENT(cf);
 308  size_t nwritten, skiplen = 0;
 309  CURLcode result = CURLE_OK;
 310
 311  DEBUGASSERT(data);
 312  if(wssl->shutting_down && wssl->io_send_blocked_len &&
 313     (wssl->io_send_blocked_len < blen)) {
 314    /* bug in wolfSSL: <https://github.com/wolfSSL/wolfssl/issues/7784>
 315     * It adds the close notify message again every time we retry
 316     * sending during shutdown. */
 317    CURL_TRC_CF(data, cf, "bio_write, shutdown restrict send of %d"
 318                " to %d bytes", blen, wssl->io_send_blocked_len);
 319    skiplen = (ssize_t)(blen - wssl->io_send_blocked_len);
 320    blen = wssl->io_send_blocked_len;
 321  }
 322  result = Curl_conn_cf_send(cf->next, data,
 323                             (const uint8_t *)buf, blen, FALSE, &nwritten);
 324  wssl->io_result = result;
 325  CURL_TRC_CF(data, cf, "bio_write(len=%d) -> %d, %zu",
 326              blen, result, nwritten);
 327#ifdef USE_FULL_BIO
 328  wolfSSL_BIO_clear_retry_flags(bio);
 329#endif
 330  if(result == CURLE_AGAIN) {
 331    wolfSSL_BIO_set_retry_write(bio);
 332    if(wssl->shutting_down && !wssl->io_send_blocked_len)
 333      wssl->io_send_blocked_len = blen;
 334  }
 335  else if(!result && skiplen)
 336    nwritten += skiplen;
 337  return result ? -1 : (int)nwritten;
 338}
 339
 340static int wssl_bio_cf_in_read(WOLFSSL_BIO *bio, char *buf, int blen)
 341{
 342  struct Curl_cfilter *cf = wolfSSL_BIO_get_data(bio);
 343  struct ssl_connect_data *connssl = cf->ctx;
 344  struct wssl_ctx *wssl = (struct wssl_ctx *)connssl->backend;
 345  struct Curl_easy *data = CF_DATA_CURRENT(cf);
 346  size_t nread = 0;
 347  CURLcode result = CURLE_OK;
 348
 349  DEBUGASSERT(data);
 350  if(!data || (blen < 0)) {
 351    wssl->io_result = CURLE_FAILED_INIT;
 352    return -1;
 353  }
 354  if(!buf || !blen)
 355    return 0;
 356
 357  if((connssl->connecting_state == ssl_connect_2) &&
 358     !wssl->x509_store_setup) {
 359    /* During handshake, init the x509 store before receiving the
 360     * server response. This allows sending of ClientHello without delay. */
 361    result = Curl_wssl_setup_x509_store(cf, data, wssl);
 362    if(result) {
 363      CURL_TRC_CF(data, cf, "Curl_wssl_setup_x509_store() -> %d", result);
 364      wssl->io_result = result;
 365      return -1;
 366    }
 367  }
 368
 369  result = Curl_conn_cf_recv(cf->next, data, buf, blen, &nread);
 370  wssl->io_result = result;
 371  CURL_TRC_CF(data, cf, "bio_read(len=%d) -> %d, %zu", blen, result, nread);
 372#ifdef USE_FULL_BIO
 373  wolfSSL_BIO_clear_retry_flags(bio);
 374#endif
 375  if(result == CURLE_AGAIN)
 376    wolfSSL_BIO_set_retry_read(bio);
 377  else if(nread == 0)
 378    connssl->peer_closed = TRUE;
 379  return result ? -1 : (int)nread;
 380}
 381
 382static WOLFSSL_BIO_METHOD *wssl_bio_cf_method = NULL;
 383
 384static int wssl_bio_cf_init_methods(void)
 385{
 386  wssl_bio_cf_method = wolfSSL_BIO_meth_new(WOLFSSL_BIO_MEMORY,
 387                                            "wolfSSL CF BIO");
 388  if(!wssl_bio_cf_method)
 389    return FALSE; /* error */
 390  wolfSSL_BIO_meth_set_write(wssl_bio_cf_method, &wssl_bio_cf_out_write);
 391  wolfSSL_BIO_meth_set_read(wssl_bio_cf_method, &wssl_bio_cf_in_read);
 392  wolfSSL_BIO_meth_set_ctrl(wssl_bio_cf_method, &wssl_bio_cf_ctrl);
 393  wolfSSL_BIO_meth_set_create(wssl_bio_cf_method, &wssl_bio_cf_create);
 394  wolfSSL_BIO_meth_set_destroy(wssl_bio_cf_method, &wssl_bio_cf_destroy);
 395  return TRUE; /* fine */
 396}
 397
 398static void wssl_bio_cf_free_methods(void)
 399{
 400  wolfSSL_BIO_meth_free(wssl_bio_cf_method);
 401  wssl_bio_cf_method = NULL;
 402}
 403
 404#else /* USE_BIO_CHAIN */
 405
 406#define wssl_bio_cf_init_methods() TRUE
 407#define wssl_bio_cf_free_methods() Curl_nop_stmt
 408
 409#endif /* !USE_BIO_CHAIN */
 410
 411#ifdef HAVE_EX_DATA
 412CURLcode Curl_wssl_cache_session(struct Curl_cfilter *cf,
 413                                 struct Curl_easy *data,
 414                                 const char *ssl_peer_key,
 415                                 WOLFSSL_SESSION *session,
 416                                 int ietf_tls_id,
 417                                 const char *alpn,
 418                                 unsigned char *quic_tp,
 419                                 size_t quic_tp_len)
 420{
 421  CURLcode result = CURLE_OK;
 422  struct Curl_ssl_session *sc_session = NULL;
 423  unsigned char *sdata = NULL, *sdata_ptr, *qtp_clone = NULL;
 424  unsigned int sdata_len;
 425  unsigned int earlydata_max = 0;
 426
 427  if(!session)
 428    goto out;
 429
 430  sdata_len = wolfSSL_i2d_SSL_SESSION(session, NULL);
 431  if(sdata_len <= 0) {
 432    CURL_TRC_CF(data, cf, "fail to assess session length: %u", sdata_len);
 433    result = CURLE_FAILED_INIT;
 434    goto out;
 435  }
 436  sdata = sdata_ptr = curlx_calloc(1, sdata_len);
 437  if(!sdata) {
 438    failf(data, "unable to allocate session buffer of %u bytes", sdata_len);
 439    result = CURLE_OUT_OF_MEMORY;
 440    goto out;
 441  }
 442  /* wolfSSL right now does not change the last parameter here, but it
 443   * might one day decide to do so for OpenSSL compatibility. */
 444  sdata_len = wolfSSL_i2d_SSL_SESSION(session, &sdata_ptr);
 445  if(sdata_len <= 0) {
 446    CURL_TRC_CF(data, cf, "fail to serialize session: %u", sdata_len);
 447    result = CURLE_FAILED_INIT;
 448    goto out;
 449  }
 450  if(quic_tp && quic_tp_len) {
 451    qtp_clone = curlx_memdup0((const char *)quic_tp, quic_tp_len);
 452    if(!qtp_clone) {
 453      curlx_free(sdata);
 454      return CURLE_OUT_OF_MEMORY;
 455    }
 456  }
 457#ifdef WOLFSSL_EARLY_DATA
 458  earlydata_max = wolfSSL_SESSION_get_max_early_data(session);
 459#endif
 460
 461  result = Curl_ssl_session_create2(sdata, sdata_len,
 462                                    ietf_tls_id, alpn,
 463                                    (curl_off_t)time(NULL) +
 464                                    wolfSSL_SESSION_get_timeout(session),
 465                                    earlydata_max, qtp_clone, quic_tp_len,
 466                                    &sc_session);
 467  sdata = NULL;  /* took ownership of sdata */
 468  if(!result) {
 469    result = Curl_ssl_scache_put(cf, data, ssl_peer_key, sc_session);
 470    /* took ownership of `sc_session` */
 471  }
 472
 473out:
 474  curlx_free(sdata);
 475  return result;
 476}
 477
 478static int wssl_vtls_new_session_cb(WOLFSSL *ssl, WOLFSSL_SESSION *session)
 479{
 480  struct Curl_cfilter *cf;
 481
 482  cf = (struct Curl_cfilter *)wolfSSL_get_app_data(ssl);
 483  DEBUGASSERT(cf != NULL);
 484  if(cf && session) {
 485    struct ssl_connect_data *connssl = cf->ctx;
 486    struct Curl_easy *data = CF_DATA_CURRENT(cf);
 487    DEBUGASSERT(connssl);
 488    DEBUGASSERT(data);
 489    if(connssl && data) {
 490      (void)Curl_wssl_cache_session(cf, data, connssl->peer.scache_key,
 491                                    session, wolfSSL_version(ssl),
 492                                    connssl->negotiated.alpn, NULL, 0);
 493    }
 494  }
 495  return 0;
 496}
 497#endif
 498
 499static CURLcode wssl_on_session_reuse(struct Curl_cfilter *cf,
 500                                      struct Curl_easy *data,
 501                                      struct alpn_spec *alpns,
 502                                      struct Curl_ssl_session *scs,
 503                                      bool *do_early_data)
 504{
 505  struct ssl_connect_data *connssl = cf->ctx;
 506#ifdef WOLFSSL_EARLY_DATA
 507  struct wssl_ctx *wssl = (struct wssl_ctx *)connssl->backend;
 508
 509  connssl->earlydata_max = wolfSSL_SESSION_get_max_early_data(
 510    wolfSSL_get_session(wssl->ssl));
 511#else
 512  connssl->earlydata_max = 0;
 513#endif
 514
 515  /* Seems to be no wolfSSL way to signal no EarlyData in session */
 516  return Curl_on_session_reuse(cf, data, alpns, scs, do_early_data,
 517                               connssl->earlydata_max);
 518}
 519
 520static CURLcode
 521wssl_setup_session(struct Curl_cfilter *cf,
 522                   struct Curl_easy *data,
 523                   struct wssl_ctx *wss,
 524                   struct alpn_spec *alpns,
 525                   const char *ssl_peer_key,
 526                   Curl_wssl_init_session_reuse_cb *sess_reuse_cb)
 527{
 528  struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
 529  struct Curl_ssl_session *scs = NULL;
 530  CURLcode result;
 531
 532  result = Curl_ssl_scache_take(cf, data, ssl_peer_key, &scs);
 533  if(!result && scs && scs->sdata && scs->sdata_len &&
 534     (!scs->alpn || Curl_alpn_contains_proto(alpns, scs->alpn))) {
 535    WOLFSSL_SESSION *session;
 536    /* wolfSSL changes the passed pointer for whatever reasons, yikes */
 537    const unsigned char *sdata = scs->sdata;
 538    session = wolfSSL_d2i_SSL_SESSION(NULL, &sdata, (long)scs->sdata_len);
 539    if(session) {
 540      int ret = wolfSSL_set_session(wss->ssl, session);
 541      if(ret != WOLFSSL_SUCCESS) {
 542        Curl_ssl_session_destroy(scs);
 543        scs = NULL;
 544        infof(data, "cached session not accepted (%d), "
 545              "removing from cache", ret);
 546      }
 547      else {
 548        infof(data, "SSL reusing session with ALPN '%s'",
 549              scs->alpn ? scs->alpn : "-");
 550        if(ssl_config->earlydata &&
 551           !cf->conn->bits.connect_only &&
 552           !strcmp("TLSv1.3", wolfSSL_get_version(wss->ssl))) {
 553          bool do_early_data = FALSE;
 554          if(sess_reuse_cb) {
 555            result = sess_reuse_cb(cf, data, alpns, scs, &do_early_data);
 556            if(result) {
 557              wolfSSL_SESSION_free(session);
 558              goto out;
 559            }
 560          }
 561#ifdef WOLFSSL_EARLY_DATA
 562          if(do_early_data) {
 563            unsigned int edmax = (scs->earlydata_max < UINT_MAX) ?
 564              (unsigned int)scs->earlydata_max : UINT_MAX;
 565            /* We only try the ALPN protocol the session used before,
 566             * otherwise we might send early data for the wrong protocol */
 567            Curl_alpn_restrict_to(alpns, scs->alpn);
 568            wolfSSL_set_max_early_data(wss->ssl, edmax);
 569          }
 570#else
 571          /* Should never enable when not supported */
 572          DEBUGASSERT(!do_early_data);
 573#endif
 574        }
 575      }
 576      wolfSSL_SESSION_free(session);
 577    }
 578    else {
 579      failf(data, "could not decode previous session");
 580    }
 581  }
 582out:
 583  Curl_ssl_scache_return(cf, data, ssl_peer_key, scs);
 584  return result;
 585}
 586
 587static CURLcode wssl_populate_x509_store(struct Curl_cfilter *cf,
 588                                         struct Curl_easy *data,
 589                                         WOLFSSL_X509_STORE *store,
 590                                         struct wssl_ctx *wssl)
 591{
 592  struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
 593  const struct curl_blob *ca_info_blob = conn_config->ca_info_blob;
 594  const char * const ssl_cafile =
 595    /* CURLOPT_CAINFO_BLOB overrides CURLOPT_CAINFO */
 596    (ca_info_blob ? NULL : conn_config->CAfile);
 597  const char * const ssl_capath = conn_config->CApath;
 598  struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
 599  bool imported_native_ca = FALSE;
 600  bool imported_ca_info_blob = FALSE;
 601
 602  /* We do not want to do this again, no matter the outcome */
 603  wssl->x509_store_setup = TRUE;
 604
 605#ifndef NO_FILESYSTEM
 606  /* load native CA certificates */
 607  if(ssl_config->native_ca_store) {
 608#ifdef WOLFSSL_SYS_CA_CERTS
 609    if(wolfSSL_CTX_load_system_CA_certs(wssl->ssl_ctx) != WOLFSSL_SUCCESS) {
 610      infof(data, "error importing native CA store, continuing anyway");
 611    }
 612    else {
 613      imported_native_ca = TRUE;
 614      infof(data, "successfully imported native CA store");
 615    }
 616#else
 617    infof(data, "ignoring native CA option because wolfSSL was built without "
 618                "native CA support");
 619#endif
 620  }
 621#endif /* !NO_FILESYSTEM */
 622
 623  /* load certificate blob */
 624  if(ca_info_blob) {
 625    if(wolfSSL_CTX_load_verify_buffer(wssl->ssl_ctx, ca_info_blob->data,
 626                                      (long)ca_info_blob->len,
 627                                      WOLFSSL_FILETYPE_PEM) !=
 628       WOLFSSL_SUCCESS) {
 629      failf(data, "error importing CA certificate blob");
 630      return CURLE_SSL_CACERT_BADFILE;
 631    }
 632    else {
 633      imported_ca_info_blob = TRUE;
 634      infof(data, "successfully imported CA certificate blob");
 635    }
 636  }
 637
 638#ifndef NO_FILESYSTEM
 639  /* load trusted cacert from file if not blob */
 640
 641  CURL_TRC_CF(data, cf, "wssl_populate_x509_store, path=%s, blob=%d",
 642              ssl_cafile ? ssl_cafile : "none", !!ca_info_blob);
 643  if(!store)
 644    return CURLE_OUT_OF_MEMORY;
 645
 646  if(ssl_cafile || ssl_capath) {
 647    int rc =
 648      wolfSSL_CTX_load_verify_locations_ex(wssl->ssl_ctx,
 649                                           ssl_cafile,
 650                                           ssl_capath,
 651                                           WOLFSSL_LOAD_FLAG_IGNORE_ERR);
 652    if(WOLFSSL_SUCCESS != rc) {
 653      if(conn_config->verifypeer &&
 654         !imported_native_ca && !imported_ca_info_blob) {
 655        /* Fail if we insist on successfully verifying the server. */
 656        failf(data, "error setting certificate verify locations:"
 657              " CAfile: %s CApath: %s",
 658              ssl_cafile ? ssl_cafile : "none",
 659              ssl_capath ? ssl_capath : "none");
 660        return CURLE_SSL_CACERT_BADFILE;
 661      }
 662      else {
 663        /* continue with a warning if no strict certificate
 664           verification is required. */
 665        infof(data, "error setting certificate verify locations,"
 666                    " continuing anyway:");
 667      }
 668    }
 669    else {
 670      /* Everything is fine. */
 671      infof(data, "successfully set certificate verify locations:");
 672    }
 673    infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none");
 674    infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none");
 675  }
 676#endif
 677  (void)store;
 678  return CURLE_OK;
 679}
 680
 681/* key to use at `multi->proto_hash` */
 682#define MPROTO_WSSL_X509_KEY   "tls:wssl:x509:share"
 683
 684struct wssl_x509_share {
 685  char *CAfile;              /* CAfile path used to generate X509 store */
 686  WOLFSSL_X509_STORE *store; /* cached X509 store or NULL if none */
 687  struct curltime time;      /* when the cached store was created */
 688};
 689
 690static void wssl_x509_share_free(void *key, size_t key_len, void *p)
 691{
 692  struct wssl_x509_share *share = p;
 693  DEBUGASSERT(key_len == (sizeof(MPROTO_WSSL_X509_KEY) - 1));
 694  DEBUGASSERT(!memcmp(MPROTO_WSSL_X509_KEY, key, key_len));
 695  (void)key;
 696  (void)key_len;
 697  if(share->store) {
 698    wolfSSL_X509_STORE_free(share->store);
 699  }
 700  curlx_free(share->CAfile);
 701  curlx_free(share);
 702}
 703
 704static bool wssl_cached_x509_store_expired(struct Curl_easy *data,
 705                                           const struct wssl_x509_share *mb)
 706{
 707  const struct ssl_general_config *cfg = &data->set.general_ssl;
 708  timediff_t elapsed_ms = curlx_ptimediff_ms(Curl_pgrs_now(data), &mb->time);
 709  timediff_t timeout_ms = cfg->ca_cache_timeout * (timediff_t)1000;
 710
 711  if(timeout_ms < 0)
 712    return FALSE;
 713
 714  return elapsed_ms >= timeout_ms;
 715}
 716
 717static bool wssl_cached_x509_store_different(struct Curl_cfilter *cf,
 718                                             const struct wssl_x509_share *mb)
 719{
 720  struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
 721  if(!mb->CAfile || !conn_config->CAfile)
 722    return mb->CAfile != conn_config->CAfile;
 723
 724  return strcmp(mb->CAfile, conn_config->CAfile);
 725}
 726
 727static WOLFSSL_X509_STORE *wssl_get_cached_x509_store(struct Curl_cfilter *cf,
 728                                                      struct Curl_easy *data)
 729{
 730  struct Curl_multi *multi = data->multi;
 731  struct wssl_x509_share *share;
 732  WOLFSSL_X509_STORE *store = NULL;
 733
 734  DEBUGASSERT(multi);
 735  share = multi ? Curl_hash_pick(&multi->proto_hash,
 736                                 CURL_UNCONST(MPROTO_WSSL_X509_KEY),
 737                                 sizeof(MPROTO_WSSL_X509_KEY) - 1) : NULL;
 738  if(share && share->store &&
 739     !wssl_cached_x509_store_expired(data, share) &&
 740     !wssl_cached_x509_store_different(cf, share)) {
 741    store = share->store;
 742  }
 743
 744  return store;
 745}
 746
 747static void wssl_set_cached_x509_store(struct Curl_cfilter *cf,
 748                                       struct Curl_easy *data,
 749                                       WOLFSSL_X509_STORE *store)
 750{
 751  struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
 752  struct Curl_multi *multi = data->multi;
 753  struct wssl_x509_share *share;
 754
 755  DEBUGASSERT(multi);
 756  if(!multi)
 757    return;
 758  share = Curl_hash_pick(&multi->proto_hash,
 759                         CURL_UNCONST(MPROTO_WSSL_X509_KEY),
 760                         sizeof(MPROTO_WSSL_X509_KEY) - 1);
 761
 762  if(!share) {
 763    share = curlx_calloc(1, sizeof(*share));
 764    if(!share)
 765      return;
 766    if(!Curl_hash_add2(&multi->proto_hash,
 767                       CURL_UNCONST(MPROTO_WSSL_X509_KEY),
 768                       sizeof(MPROTO_WSSL_X509_KEY) - 1,
 769                       share, wssl_x509_share_free)) {
 770      curlx_free(share);
 771      return;
 772    }
 773  }
 774
 775  if(wolfSSL_X509_STORE_up_ref(store)) {
 776    char *CAfile = NULL;
 777
 778    if(conn_config->CAfile) {
 779      CAfile = curlx_strdup(conn_config->CAfile);
 780      if(!CAfile) {
 781        wolfSSL_X509_STORE_free(store);
 782        return;
 783      }
 784    }
 785
 786    if(share->store) {
 787      wolfSSL_X509_STORE_free(share->store);
 788      curlx_free(share->CAfile);
 789    }
 790
 791    share->time = *Curl_pgrs_now(data);
 792    share->store = store;
 793    share->CAfile = CAfile;
 794  }
 795}
 796
 797CURLcode Curl_wssl_setup_x509_store(struct Curl_cfilter *cf,
 798                                    struct Curl_easy *data,
 799                                    struct wssl_ctx *wssl)
 800{
 801  struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
 802  struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
 803  CURLcode result = CURLE_OK;
 804  WOLFSSL_X509_STORE *cached_store;
 805  bool cache_criteria_met;
 806
 807  /* Consider the X509 store cacheable if it comes exclusively from a CAfile,
 808     or no source is provided and we are falling back to wolfSSL's built-in
 809     default. */
 810  cache_criteria_met = (data->set.general_ssl.ca_cache_timeout != 0) &&
 811    conn_config->verifypeer &&
 812    !conn_config->CApath &&
 813    !conn_config->ca_info_blob &&
 814    !ssl_config->primary.CRLfile &&
 815    !ssl_config->native_ca_store;
 816
 817  cached_store = cache_criteria_met ? wssl_get_cached_x509_store(cf, data)
 818                                    : NULL;
 819  if(cached_store &&
 820     wolfSSL_CTX_get_cert_store(wssl->ssl_ctx) == cached_store) {
 821    /* The cached store is already in use, do nothing. */
 822  }
 823  else if(cached_store && wolfSSL_X509_STORE_up_ref(cached_store)) {
 824    wolfSSL_CTX_set_cert_store(wssl->ssl_ctx, cached_store);
 825  }
 826  else if(cache_criteria_met) {
 827    /* wolfSSL's initial store in CTX is not shareable by default.
 828     * Make a new one, suitable for adding to the cache. See #14278 */
 829    WOLFSSL_X509_STORE *store = wolfSSL_X509_STORE_new();
 830    if(!store) {
 831      failf(data, "SSL: could not create a X509 store");
 832      return CURLE_OUT_OF_MEMORY;
 833    }
 834    wolfSSL_CTX_set_cert_store(wssl->ssl_ctx, store);
 835
 836    result = wssl_populate_x509_store(cf, data, store, wssl);
 837    if(!result) {
 838      wssl_set_cached_x509_store(cf, data, store);
 839    }
 840  }
 841  else {
 842    /* We never share the CTX's store, use it. */
 843    WOLFSSL_X509_STORE *store = wolfSSL_CTX_get_cert_store(wssl->ssl_ctx);
 844    result = wssl_populate_x509_store(cf, data, store, wssl);
 845  }
 846
 847  return result;
 848}
 849
 850#ifdef WOLFSSL_TLS13
 851static CURLcode wssl_add_default_ciphers(bool tls13, struct dynbuf *buf)
 852{
 853  int i;
 854  char *str;
 855
 856  for(i = 0; (str = wolfSSL_get_cipher_list(i)) != NULL; i++) {
 857    size_t n;
 858    if((strncmp(str, "TLS13", 5) == 0) != tls13)
 859      continue;
 860
 861    /* if there already is data in the string, add colon separator */
 862    if(curlx_dyn_len(buf)) {
 863      CURLcode result = curlx_dyn_addn(buf, ":", 1);
 864      if(result)
 865        return result;
 866    }
 867
 868    n = strlen(str);
 869    if(curlx_dyn_addn(buf, str, n))
 870      return CURLE_OUT_OF_MEMORY;
 871  }
 872
 873  return CURLE_OK;
 874}
 875#endif
 876
 877#ifndef OPENSSL_EXTRA
 878static int wssl_legacy_CTX_set_min_proto_version(WOLFSSL_CTX *ctx, int version)
 879{
 880  int res;
 881  switch(version) {
 882  default:
 883  case TLS1_VERSION:
 884    res = wolfSSL_CTX_SetMinVersion(ctx, WOLFSSL_TLSV1);
 885    if(res == WOLFSSL_SUCCESS)
 886      return res;
 887    FALLTHROUGH();
 888  case TLS1_1_VERSION:
 889    res = wolfSSL_CTX_SetMinVersion(ctx, WOLFSSL_TLSV1_1);
 890    if(res == WOLFSSL_SUCCESS)
 891      return res;
 892    FALLTHROUGH();
 893  case TLS1_2_VERSION:
 894    res = wolfSSL_CTX_SetMinVersion(ctx, WOLFSSL_TLSV1_2);
 895#ifdef WOLFSSL_TLS13
 896    if(res == WOLFSSL_SUCCESS)
 897      return res;
 898    FALLTHROUGH();
 899  case TLS1_3_VERSION:
 900    res = wolfSSL_CTX_SetMinVersion(ctx, WOLFSSL_TLSV1_3);
 901#endif
 902  }
 903  return res;
 904}
 905
 906static int wssl_legacy_CTX_set_max_proto_version(WOLFSSL_CTX *ctx, int version)
 907{
 908  (void)ctx, (void)version;
 909  return WOLFSSL_NOT_IMPLEMENTED;
 910}
 911#define wolfSSL_CTX_set_min_proto_version wssl_legacy_CTX_set_min_proto_version
 912#define wolfSSL_CTX_set_max_proto_version wssl_legacy_CTX_set_max_proto_version
 913#endif /* OPENSSL_EXTRA */
 914
 915static CURLcode wssl_client_cert(struct Curl_easy *data,
 916                                 struct ssl_config_data *ssl_config,
 917                                 struct wssl_ctx *wctx)
 918{
 919  /* Load the client certificate, and private key */
 920#ifndef NO_FILESYSTEM
 921  if(ssl_config->primary.cert_blob || ssl_config->primary.clientcert) {
 922    const char *cert_file = ssl_config->primary.clientcert;
 923    const char *key_file = ssl_config->key;
 924    const struct curl_blob *cert_blob = ssl_config->primary.cert_blob;
 925    const struct curl_blob *key_blob = ssl_config->key_blob;
 926    int file_type = wssl_do_file_type(ssl_config->cert_type);
 927    int rc;
 928
 929    switch(file_type) {
 930    case WOLFSSL_FILETYPE_PEM:
 931      rc = cert_blob ?
 932        wolfSSL_CTX_use_certificate_chain_buffer(wctx->ssl_ctx,
 933                                                 cert_blob->data,
 934                                                 (long)cert_blob->len) :
 935        wolfSSL_CTX_use_certificate_chain_file(wctx->ssl_ctx, cert_file);
 936      break;
 937    case WOLFSSL_FILETYPE_ASN1:
 938      rc = cert_blob ?
 939        wolfSSL_CTX_use_certificate_buffer(wctx->ssl_ctx, cert_blob->data,
 940                                           (long)cert_blob->len, file_type) :
 941        wolfSSL_CTX_use_certificate_file(wctx->ssl_ctx, cert_file, file_type);
 942      break;
 943    default:
 944      failf(data, "unknown cert type");
 945      return CURLE_BAD_FUNCTION_ARGUMENT;
 946    }
 947    if(rc != 1) {
 948      failf(data, "unable to use client certificate");
 949      return CURLE_SSL_CONNECT_ERROR;
 950    }
 951
 952    if(!key_blob && !key_file) {
 953      key_blob = cert_blob;
 954      key_file = cert_file;
 955    }
 956    else
 957      file_type = wssl_do_file_type(ssl_config->key_type);
 958
 959    rc = key_blob ?
 960      wolfSSL_CTX_use_PrivateKey_buffer(wctx->ssl_ctx, key_blob->data,
 961                                        (long)key_blob->len, file_type) :
 962      wolfSSL_CTX_use_PrivateKey_file(wctx->ssl_ctx, key_file, file_type);
 963    if(rc != 1) {
 964      failf(data, "unable to set private key");
 965      return CURLE_SSL_CONNECT_ERROR;
 966    }
 967  }
 968#else /* NO_FILESYSTEM */
 969  if(ssl_config->primary.cert_blob) {
 970    const struct curl_blob *cert_blob = ssl_config->primary.cert_blob;
 971    const struct curl_blob *key_blob = ssl_config->key_blob;
 972    int file_type = wssl_do_file_type(ssl_config->cert_type);
 973    int rc;
 974
 975    switch(file_type) {
 976    case WOLFSSL_FILETYPE_PEM:
 977      rc = wolfSSL_CTX_use_certificate_chain_buffer(wctx->ssl_ctx,
 978                                                    cert_blob->data,
 979                                                    (long)cert_blob->len);
 980      break;
 981    case WOLFSSL_FILETYPE_ASN1:
 982      rc = wolfSSL_CTX_use_certificate_buffer(wctx->ssl_ctx, cert_blob->data,
 983                                              (long)cert_blob->len, file_type);
 984      break;
 985    default:
 986      failf(data, "unknown cert type");
 987      return CURLE_BAD_FUNCTION_ARGUMENT;
 988    }
 989    if(rc != 1) {
 990      failf(data, "unable to use client certificate");
 991      return CURLE_SSL_CONNECT_ERROR;
 992    }
 993
 994    if(!key_blob)
 995      key_blob = cert_blob;
 996    else
 997      file_type = wssl_do_file_type(ssl_config->key_type);
 998
 999    if(wolfSSL_CTX_use_PrivateKey_buffer(wctx->ssl_ctx, key_blob->data,
1000                                         (long)key_blob->len,
1001                                         file_type) != 1) {
1002      failf(data, "unable to set private key");
1003      return CURLE_SSL_CONNECT_ERROR;
1004    }
1005  }
1006#endif /* !NO_FILESYSTEM */
1007  return CURLE_OK;
1008}
1009
1010static CURLcode ssl_version(struct Curl_easy *data,
1011                            struct ssl_primary_config *conn_config,
1012                            struct wssl_ctx *wctx,
1013                            int *min_version, int *max_version)
1014{
1015  int res;
1016  *min_version = *max_version = 0;
1017  DEBUGASSERT(conn_config->version != CURL_SSLVERSION_DEFAULT);
1018
1019  switch(conn_config->version) {
1020  case CURL_SSLVERSION_TLSv1:
1021  case CURL_SSLVERSION_TLSv1_0:
1022    *min_version = TLS1_VERSION;
1023    break;
1024  case CURL_SSLVERSION_TLSv1_1:
1025    *min_version = TLS1_1_VERSION;
1026    break;
1027  case CURL_SSLVERSION_TLSv1_2:
1028    *min_version = TLS1_2_VERSION;
1029    break;
1030#ifdef WOLFSSL_TLS13
1031  case CURL_SSLVERSION_TLSv1_3:
1032    *min_version = TLS1_3_VERSION;
1033    break;
1034#endif
1035  default:
1036    failf(data, "wolfSSL: unsupported minimum TLS version value");
1037    return CURLE_SSL_CONNECT_ERROR;
1038  }
1039
1040  switch(conn_config->version_max) {
1041#ifdef WOLFSSL_TLS13
1042  case CURL_SSLVERSION_MAX_TLSv1_3:
1043    *max_version = TLS1_3_VERSION;
1044    break;
1045#endif
1046  case CURL_SSLVERSION_MAX_TLSv1_2:
1047    *max_version = TLS1_2_VERSION;
1048    break;
1049  case CURL_SSLVERSION_MAX_TLSv1_1:
1050    *max_version = TLS1_1_VERSION;
1051    break;
1052  case CURL_SSLVERSION_MAX_TLSv1_0:
1053    *max_version = TLS1_VERSION;
1054    break;
1055  case CURL_SSLVERSION_MAX_DEFAULT:
1056  case CURL_SSLVERSION_MAX_NONE:
1057    break;
1058  default:
1059    failf(data, "wolfSSL: unsupported maximum TLS version value");
1060    return CURLE_SSL_CONNECT_ERROR;
1061  }
1062
1063  res = wolfSSL_CTX_set_min_proto_version(wctx->ssl_ctx, *min_version);
1064  if(res != WOLFSSL_SUCCESS) {
1065    failf(data, "wolfSSL: failed set the minimum TLS version");
1066    return CURLE_SSL_CONNECT_ERROR;
1067  }
1068
1069  if(*max_version) {
1070    res = wolfSSL_CTX_set_max_proto_version(wctx->ssl_ctx, *max_version);
1071    if(res != WOLFSSL_SUCCESS) {
1072      failf(data, "wolfSSL: failed set the maximum TLS version");
1073      return CURLE_SSL_CONNECT_ERROR;
1074    }
1075  }
1076  return CURLE_OK;
1077}
1078
1079#define QUIC_GROUPS "P-256:P-384:P-521"
1080#ifdef WOLFSSL_TLS13
1081#define MAX_CIPHER_LEN 4096
1082#endif
1083
1084static CURLcode wssl_init_ciphers(struct Curl_easy *data,
1085                                  struct wssl_ctx *wctx,
1086                                  struct ssl_primary_config *conn_config,
1087                                  int tls_min, int tls_max)
1088{
1089#ifndef WOLFSSL_TLS13
1090  const char *ciphers = conn_config->cipher_list;
1091  (void)tls_min;
1092  (void)tls_max;
1093  if(ciphers) {
1094    if(!SSL_CTX_set_cipher_list(wctx->ssl_ctx, ciphers)) {
1095      failf(data, "failed setting cipher list: %s", ciphers);
1096      return CURLE_SSL_CIPHER;
1097    }
1098    infof(data, "Cipher selection: %s", ciphers);
1099  }
1100  return CURLE_OK;
1101#else
1102  CURLcode result = CURLE_OK;
1103  if(conn_config->cipher_list || conn_config->cipher_list13) {
1104    const char *ciphers12 = conn_config->cipher_list;
1105    const char *ciphers13 = conn_config->cipher_list13;
1106    struct dynbuf c;
1107    curlx_dyn_init(&c, MAX_CIPHER_LEN);
1108
1109    if(!tls_max || (tls_max >= TLS1_3_VERSION)) {
1110      if(ciphers13)
1111        result = curlx_dyn_add(&c, ciphers13);
1112      else
1113        result = wssl_add_default_ciphers(TRUE, &c);
1114    }
1115
1116    if(!result && (tls_min < TLS1_3_VERSION)) {
1117      if(ciphers12) {
1118        if(curlx_dyn_len(&c))
1119          result = curlx_dyn_addn(&c, ":", 1);
1120        if(!result)
1121          result = curlx_dyn_add(&c, ciphers12);
1122      }
1123      else
1124        result = wssl_add_default_ciphers(FALSE, &c);
1125    }
1126    if(!result) {
1127      if(!wolfSSL_CTX_set_cipher_list(wctx->ssl_ctx, curlx_dyn_ptr(&c))) {
1128        failf(data, "failed setting cipher list: %s", curlx_dyn_ptr(&c));
1129        result = CURLE_SSL_CIPHER;
1130      }
1131      else
1132        infof(data, "Cipher selection: %s", curlx_dyn_ptr(&c));
1133    }
1134    curlx_dyn_free(&c);
1135  }
1136  return result;
1137#endif
1138}
1139
1140static CURLcode wssl_init_curves(struct Curl_easy *data,
1141                                 struct wssl_ctx *wctx,
1142                                 struct ssl_primary_config *conn_config,
1143                                 unsigned char transport
1144#ifdef WOLFSSL_HAVE_KYBER
1145                                 , word16 *out_pqkem
1146#endif
1147                                 )
1148{
1149  char *curves = conn_config->curves;
1150  if(!curves && (transport == TRNSPRT_QUIC))
1151    curves = (char *)CURL_UNCONST(QUIC_GROUPS);
1152
1153  if(curves) {
1154#ifdef WOLFSSL_HAVE_KYBER
1155    size_t idx;
1156    for(idx = 0; gnm[idx].name != NULL; idx++) {
1157      if(!strncmp(curves, gnm[idx].name, strlen(gnm[idx].name))) {
1158        *out_pqkem = gnm[idx].group;
1159        break;
1160      }
1161    }
1162
1163    if(*out_pqkem == 0)
1164#endif
1165    {
1166      if(!wolfSSL_CTX_set1_curves_list(wctx->ssl_ctx, curves)) {
1167        failf(data, "failed setting curves list: '%s'", curves);
1168        return CURLE_SSL_CIPHER;
1169      }
1170    }
1171  }
1172  return CURLE_OK;
1173}
1174
1175static CURLcode wssl_init_ssl_handle(struct wssl_ctx *wctx,
1176                                     struct Curl_cfilter *cf,
1177                                     struct Curl_easy *data,
1178                                     struct ssl_peer *peer,
1179                                     struct alpn_spec *alpns,
1180                                     void *ssl_user_data,
1181                                     unsigned char transport,
1182#ifdef WOLFSSL_HAVE_KYBER
1183                                     word16 pqkem,
1184#endif
1185                                     Curl_wssl_init_session_reuse_cb
1186                                       *sess_reuse_cb)
1187{
1188  /* Let's make an SSL structure */
1189  wctx->ssl = wolfSSL_new(wctx->ssl_ctx);
1190  if(!wctx->ssl) {
1191    failf(data, "SSL: could not create a handle");
1192    return CURLE_OUT_OF_MEMORY;
1193  }
1194
1195#ifdef HAVE_EX_DATA
1196  wolfSSL_set_app_data(wctx->ssl, ssl_user_data);
1197#else
1198  (void)ssl_user_data;
1199#endif
1200#ifdef WOLFSSL_QUIC
1201  if(transport == TRNSPRT_QUIC)
1202    wolfSSL_set_quic_use_legacy_codepoint(wctx->ssl, 0);
1203#else
1204  (void)transport;
1205#endif
1206
1207#ifdef WOLFSSL_HAVE_KYBER
1208  if(pqkem) {
1209    if(wolfSSL_UseKeyShare(wctx->ssl, pqkem) !=
1210       WOLFSSL_SUCCESS) {
1211      failf(data, "unable to use PQ KEM");
1212    }
1213  }
1214#endif
1215
1216  /* Check if there is a cached ID we can/should use here! */
1217  if(Curl_ssl_scache_use(cf, data)) {
1218    /* Set session from cache if there is one */
1219    (void)wssl_setup_session(cf, data, wctx, alpns, peer->scache_key,
1220                             sess_reuse_cb);
1221  }
1222
1223#ifdef HAVE_ALPN
1224  if(alpns->count) {
1225    struct alpn_proto_buf proto;
1226    memset(&proto, 0, sizeof(proto));
1227    Curl_alpn_to_proto_str(&proto, alpns);
1228
1229    if(wolfSSL_UseALPN(wctx->ssl, (char *)proto.data,
1230                       (unsigned int)proto.len,
1231                       WOLFSSL_ALPN_CONTINUE_ON_MISMATCH)
1232       != WOLFSSL_SUCCESS) {
1233      failf(data, "SSL: failed setting ALPN protocols");
1234      return CURLE_SSL_CONNECT_ERROR;
1235    }
1236    CURL_TRC_CF(data, cf, "set ALPN: %s", proto.data);
1237  }
1238#endif /* HAVE_ALPN */
1239
1240#ifdef OPENSSL_EXTRA
1241  if(Curl_tls_keylog_enabled()) {
1242    /* Ensure the Client Random is preserved. */
1243    wolfSSL_KeepArrays(wctx->ssl);
1244#if defined(HAVE_SECRET_CALLBACK) && defined(WOLFSSL_TLS13)
1245    wolfSSL_set_tls13_secret_cb(wctx->ssl, wssl_tls13_secret_callback, NULL);
1246#endif
1247  }
1248#endif /* OPENSSL_EXTRA */
1249
1250#ifdef HAVE_SECURE_RENEGOTIATION
1251  if(wolfSSL_UseSecureRenegotiation(wctx->ssl) != SSL_SUCCESS) {
1252    failf(data, "SSL: failed setting secure renegotiation");
1253    return CURLE_SSL_CONNECT_ERROR;
1254  }
1255#endif /* HAVE_SECURE_RENEGOTIATION */
1256
1257  return CURLE_OK;
1258}
1259
1260#ifdef HAVE_WOLFSSL_CTX_GENERATEECHCONFIG
1261static CURLcode wssl_init_ech(struct wssl_ctx *wctx,
1262                              struct Curl_cfilter *cf,
1263                              struct Curl_easy *data)
1264{
1265  int trying_ech_now = 0;
1266
1267  if(data->set.str[STRING_ECH_PUBLIC]) {
1268    infof(data, "ECH: outername not (yet) supported"
1269          " with wolfSSL");
1270    return CURLE_SSL_CONNECT_ERROR;
1271  }
1272  if(data->set.tls_ech == CURLECH_GREASE) {
1273    infof(data, "ECH: GREASE is done by default by"
1274          " wolfSSL: no need to ask");
1275  }
1276  if(data->set.tls_ech && data->set.str[STRING_ECH_CONFIG]) {
1277    char *b64val = data->set.str[STRING_ECH_CONFIG];
1278    word32 b64len = 0;
1279
1280    b64len = (word32)strlen(b64val);
1281    if(b64len && wolfSSL_SetEchConfigsBase64(wctx->ssl, b64val,
1282                                             b64len) != WOLFSSL_SUCCESS) {
1283      if(data->set.tls_ech == CURLECH_HARD)
1284        return CURLE_SSL_CONNECT_ERROR;
1285    }
1286    else {
1287      trying_ech_now = 1;
1288      infof(data, "ECH: ECHConfig from command line");
1289    }
1290  }
1291  else {
1292    const struct Curl_https_rrinfo *rinfo =
1293      Curl_conn_dns_get_https(data, cf->sockindex);
1294
1295    if(rinfo && rinfo->echconfiglist) {
1296      const unsigned char *ecl = rinfo->echconfiglist;
1297      size_t elen = rinfo->echconfiglist_len;
1298
1299      infof(data, "ECH: ECHConfig from HTTPS RR");
1300      if(wolfSSL_SetEchConfigs(wctx->ssl, ecl, (word32)elen) !=
1301         WOLFSSL_SUCCESS) {
1302        infof(data, "ECH: wolfSSL_SetEchConfigs failed");
1303        if(data->set.tls_ech == CURLECH_HARD) {
1304          return CURLE_SSL_CONNECT_ERROR;
1305        }
1306      }
1307      else {
1308        trying_ech_now = 1;
1309        infof(data, "ECH: imported ECHConfigList of length %zu", elen);
1310      }
1311    }
1312    else {
1313      infof(data, "ECH: requested but no ECHConfig available");
1314      if(data->set.tls_ech == CURLECH_HARD) {
1315        return CURLE_SSL_CONNECT_ERROR;
1316      }
1317    }
1318  }
1319
1320  if(trying_ech_now &&
1321     wolfSSL_set_min_proto_version(wctx->ssl, TLS1_3_VERSION) != 1) {
1322    infof(data, "ECH: cannot force TLSv1.3 [ERROR]");
1323    return CURLE_SSL_CONNECT_ERROR;
1324  }
1325  return CURLE_OK;
1326}
1327#endif /* HAVE_WOLFSSL_CTX_GENERATEECHCONFIG */
1328
1329CURLcode Curl_wssl_ctx_init(struct wssl_ctx *wctx,
1330                            struct Curl_cfilter *cf,
1331                            struct Curl_easy *data,
1332                            struct ssl_peer *peer,
1333                            const struct alpn_spec *alpns_requested,
1334                            Curl_wssl_ctx_setup_cb *cb_setup,
1335                            void *cb_user_data,
1336                            void *ssl_user_data,
1337                            Curl_wssl_init_session_reuse_cb *sess_reuse_cb)
1338{
1339  struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
1340  struct ssl_primary_config *conn_config;
1341  WOLFSSL_METHOD *req_method = NULL;
1342  struct alpn_spec alpns;
1343#ifdef WOLFSSL_HAVE_KYBER
1344  word16 pqkem = 0;
1345#endif
1346  CURLcode result = CURLE_FAILED_INIT;
1347  unsigned char transport;
1348  int tls_min, tls_max;
1349
1350  DEBUGASSERT(!wctx->ssl_ctx);
1351  DEBUGASSERT(!wctx->ssl);
1352  conn_config = Curl_ssl_cf_get_primary_config(cf);
1353  if(!conn_config) {
1354    result = CURLE_FAILED_INIT;
1355    goto out;
1356  }
1357  Curl_alpn_copy(&alpns, alpns_requested);
1358  DEBUGASSERT(cf->next);
1359  transport = Curl_conn_cf_get_transport(cf->next, data);
1360
1361  req_method = wolfTLS_client_method();
1362  if(!req_method) {
1363    failf(data, "wolfSSL: could not create a client method");
1364    result = CURLE_OUT_OF_MEMORY;
1365    goto out;
1366  }
1367
1368  if(wctx->ssl_ctx)
1369    wolfSSL_CTX_free(wctx->ssl_ctx);
1370
1371  wctx->ssl_ctx = wolfSSL_CTX_new(req_method);
1372  if(!wctx->ssl_ctx) {
1373    failf(data, "wolfSSL: could not create a context");
1374    result = CURLE_OUT_OF_MEMORY;
1375    goto out;
1376  }
1377
1378  result = ssl_version(data, conn_config, wctx, &tls_min, &tls_max);
1379  if(result)
1380    goto out;
1381
1382  result = wssl_init_ciphers(data, wctx, conn_config, tls_min, tls_max);
1383  if(result)
1384    goto out;
1385
1386  result = wssl_init_curves(data, wctx, conn_config, transport
1387#ifdef WOLFSSL_HAVE_KYBER
1388                            , &pqkem
1389#endif
1390    );
1391  if(result)
1392    goto out;
1393
1394  result = wssl_client_cert(data, ssl_config, wctx);
1395  if(result)
1396    goto out;
1397
1398  /* SSL always tries to verify the peer, this only says whether it should
1399   * fail to connect if the verification fails, or if it should continue
1400   * anyway. In the latter case the result of the verification is checked with
1401   * SSL_get_verify_result() below. */
1402  wolfSSL_CTX_set_verify(wctx->ssl_ctx, conn_config->verifypeer ?
1403                         WOLFSSL_VERIFY_PEER : WOLFSSL_VERIFY_NONE, NULL);
1404
1405#ifdef HAVE_SNI
1406  if(peer->sni) {
1407    size_t sni_len = strlen(peer->sni);
1408    if((sni_len < USHRT_MAX)) {
1409      if(wolfSSL_CTX_UseSNI(wctx->ssl_ctx, WOLFSSL_SNI_HOST_NAME,
1410                            peer->sni, (unsigned short)sni_len) != 1) {
1411        failf(data, "Failed to set SNI");
1412        result = CURLE_SSL_CONNECT_ERROR;
1413        goto out;
1414      }
1415      CURL_TRC_CF(data, cf, "set SNI '%s'", peer->sni);
1416    }
1417  }
1418#endif
1419
1420#ifdef HAVE_EX_DATA
1421  if(Curl_ssl_scache_use(cf, data) && (transport != TRNSPRT_QUIC)) {
1422    /* Register to get notified when a new session is received */
1423    wolfSSL_CTX_sess_set_new_cb(wctx->ssl_ctx, wssl_vtls_new_session_cb);
1424  }
1425#endif
1426
1427  if(cb_setup) {
1428    result = cb_setup(cf, data, cb_user_data);
1429    if(result)
1430      goto out;
1431  }
1432
1433  /* give application a chance to interfere with SSL set up. */
1434  if(data->set.ssl.fsslctx) {
1435    if(!wctx->x509_store_setup) {
1436      result = Curl_wssl_setup_x509_store(cf, data, wctx);
1437      if(result)
1438        goto out;
1439    }
1440    result = (*data->set.ssl.fsslctx)(data, wctx->ssl_ctx,
1441                                      data->set.ssl.fsslctxp);
1442    if(result) {
1443      failf(data, "error signaled by ssl ctx callback");
1444      goto out;
1445    }
1446  }
1447#ifdef NO_FILESYSTEM
1448  else if(conn_config->verifypeer) {
1449    failf(data, "SSL: Certificates cannot be loaded because wolfSSL was built"
1450          " with no file system. Either disable peer verification"
1451          " (insecure) or if you are building an application with libcurl you"
1452          " can load certificates via CURLOPT_SSL_CTX_FUNCTION.");
1453    result = CURLE_SSL_CONNECT_ERROR;
1454    goto out;
1455  }
1456#endif
1457
1458  result = wssl_init_ssl_handle(wctx, cf, data, peer, &alpns, ssl_user_data,
1459                                transport,
1460#ifdef WOLFSSL_HAVE_KYBER
1461                                pqkem,
1462#endif
1463                                sess_reuse_cb);
1464  if(result)
1465    goto out;
1466
1467#ifdef HAVE_WOLFSSL_CTX_GENERATEECHCONFIG
1468  if(CURLECH_ENABLED(data)) {
1469    result = wssl_init_ech(wctx, cf, data);
1470    if(result)
1471      goto out;
1472  }
1473#endif /* HAVE_WOLFSSL_CTX_GENERATEECHCONFIG */
1474
1475  result = CURLE_OK;
1476
1477out:
1478  if(result && wctx->ssl) {
1479    wolfSSL_free(wctx->ssl);
1480    wctx->ssl = NULL;
1481  }
1482  if(result && wctx->ssl_ctx) {
1483    wolfSSL_CTX_free(wctx->ssl_ctx);
1484    wctx->ssl_ctx = NULL;
1485  }
1486  return result;
1487}
1488
1489bool Curl_wssl_need_httpsrr(struct Curl_easy *data)
1490{
1491#ifdef HAVE_WOLFSSL_CTX_GENERATEECHCONFIG
1492  if(!CURLECH_ENABLED(data))
1493    return FALSE;
1494  if((data->set.tls_ech == CURLECH_GREASE) ||
1495     data->set.str[STRING_ECH_CONFIG])
1496    return FALSE;
1497  return TRUE;
1498#else
1499  (void)data;
1500  return FALSE;
1501#endif
1502}
1503
1504/*
1505 * This function loads all the client/CA certificates and CRLs. Setup the TLS
1506 * layer and do all necessary magic.
1507 */
1508static CURLcode wssl_connect_step1(struct Curl_cfilter *cf,
1509                                   struct Curl_easy *data)
1510{
1511  struct ssl_connect_data *connssl = cf->ctx;
1512  struct wssl_ctx *wssl = (struct wssl_ctx *)connssl->backend;
1513  struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
1514  CURLcode result;
1515
1516  DEBUGASSERT(wssl);
1517
1518  if(connssl->state == ssl_connection_complete)
1519    return CURLE_OK;
1520
1521  result = Curl_wssl_ctx_init(wssl, cf, data, &connssl->peer, connssl->alpn,
1522                              NULL, NULL, cf, wssl_on_session_reuse);
1523  if(result)
1524    return result;
1525
1526#ifdef HAVE_ALPN
1527  if(connssl->alpn && (connssl->state != ssl_connection_deferred)) {
1528    struct alpn_proto_buf proto;
1529    memset(&proto, 0, sizeof(proto));
1530    Curl_alpn_to_proto_str(&proto, connssl->alpn);
1531    infof(data, VTLS_INFOF_ALPN_OFFER_1STR, proto.data);
1532  }
1533#endif
1534
1535  /* Enable RFC2818 checks on domain names. This cannot check
1536   * IP addresses which we need to do extra after the handshake. */
1537  if(conn_config->verifyhost && connssl->peer.sni) {
1538    if(wolfSSL_check_domain_name(wssl->ssl, connssl->peer.sni) !=
1539       WOLFSSL_SUCCESS) {
1540      return CURLE_SSL_CONNECT_ERROR;
1541    }
1542  }
1543
1544#ifdef USE_BIO_CHAIN
1545  {
1546    WOLFSSL_BIO *bio;
1547
1548    if(!wssl_bio_cf_method)
1549      return CURLE_FAILED_INIT;
1550    bio = wolfSSL_BIO_new(wssl_bio_cf_method);
1551    if(!bio)
1552      return CURLE_OUT_OF_MEMORY;
1553
1554    wolfSSL_BIO_set_data(bio, cf);
1555    wolfSSL_set_bio(wssl->ssl, bio, bio);
1556  }
1557#else /* !USE_BIO_CHAIN */
1558  curl_socket_t sockfd = Curl_conn_cf_get_socket(cf, data);
1559  if(sockfd > INT_MAX) {
1560    failf(data, "SSL: socket value too large");
1561    return CURLE_SSL_CONNECT_ERROR;
1562  }
1563  /* pass the raw socket into the SSL layer */
1564  if(!wolfSSL_set_fd(wssl->ssl, (int)sockfd)) {
1565    failf(data, "SSL: wolfSSL_set_fd failed");
1566    return CURLE_SSL_CONNECT_ERROR;
1567  }
1568#endif /* USE_BIO_CHAIN */
1569
1570  return CURLE_OK;
1571}
1572
1573static char *wssl_strerror(unsigned long error, char *buf, unsigned long size)
1574{
1575  DEBUGASSERT(size > 40);
1576  *buf = '\0';
1577
1578  wolfSSL_ERR_error_string_n(error, buf, size);
1579
1580  if(!*buf) {
1581    const char *msg = error ? "Unknown error" : "No error";
1582    curlx_strcopy(buf, size, msg, strlen(msg));
1583  }
1584
1585  return buf;
1586}
1587
1588CURLcode Curl_wssl_verify_pinned(struct Curl_cfilter *cf,
1589                                 struct Curl_easy *data,
1590                                 struct wssl_ctx *wssl)
1591{
1592  WOLFSSL_X509 *x509 = NULL;
1593  CURLcode result = CURLE_OK;
1594#ifndef CURL_DISABLE_PROXY
1595  const char * const pinnedpubkey = Curl_ssl_cf_is_proxy(cf) ?
1596    data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
1597    data->set.str[STRING_SSL_PINNEDPUBLICKEY];
1598#else
1599  const char * const pinnedpubkey = data->set.str[STRING_SSL_PINNEDPUBLICKEY];
1600  (void)cf;
1601#endif
1602
1603  if(pinnedpubkey) {
1604#ifdef KEEP_PEER_CERT
1605    const char *x509_der;
1606    int x509_der_len;
1607    struct Curl_X509certificate x509_parsed;
1608    struct Curl_asn1Element *pubkey;
1609
1610    result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
1611
1612    x509 = wolfSSL_get_peer_certificate(wssl->ssl);
1613    if(!x509) {
1614      failf(data, "SSL: failed retrieving server certificate");
1615      goto end;
1616    }
1617
1618    x509_der = (const char *)wolfSSL_X509_get_der(x509, &x509_der_len);
1619    if(!x509_der) {
1620      failf(data, "SSL: failed retrieving ASN.1 server certificate");
1621      goto end;
1622    }
1623
1624    memset(&x509_parsed, 0, sizeof(x509_parsed));
1625    if(Curl_parseX509(&x509_parsed, x509_der, x509_der + x509_der_len))
1626      goto end;
1627
1628    pubkey = &x509_parsed.subjectPublicKeyInfo;
1629    if(!pubkey->header || pubkey->end <= pubkey->header) {
1630      failf(data, "SSL: failed retrieving public key from server certificate");
1631      goto end;
1632    }
1633
1634    result = Curl_pin_peer_pubkey(data, pinnedpubkey,
1635                                  (const unsigned char *)pubkey->header,
1636                                  (size_t)(pubkey->end - pubkey->header));
1637    if(result)
1638      failf(data, "SSL: public key does not match pinned public key");
1639#else
1640    failf(data, "Library lacks pinning support built-in");
1641    return CURLE_NOT_BUILT_IN;
1642#endif
1643  }
1644end:
1645  wolfSSL_FreeX509(x509);
1646  return result;
1647}
1648
1649#ifdef WOLFSSL_EARLY_DATA
1650static CURLcode wssl_send_earlydata(struct Curl_cfilter *cf,
1651                                    struct Curl_easy *data)
1652{
1653  struct ssl_connect_data *connssl = cf->ctx;
1654  struct wssl_ctx *wssl = (struct wssl_ctx *)connssl->backend;
1655  const unsigned char *buf;
1656  size_t blen;
1657
1658  DEBUGASSERT(connssl->earlydata_state == ssl_earlydata_sending);
1659  wssl->io_result = CURLE_OK;
1660  while(Curl_bufq_peek(&connssl->earlydata, &buf, &blen)) {
1661    int nwritten = 0, rc;
1662
1663    wolfSSL_ERR_clear_error();
1664    rc = wolfSSL_write_early_data(wssl->ssl, buf, (int)blen, &nwritten);
1665    CURL_TRC_CF(data, cf, "wolfSSL_write_early_data(len=%zu) -> %d, %d",
1666                blen, rc, nwritten);
1667    if(rc < 0) {
1668      int err = wolfSSL_get_error(wssl->ssl, rc);
1669      char error_buffer[256];
1670      switch(err) {
1671      case WOLFSSL_ERROR_NONE: /* did not get anything */
1672      case WOLFSSL_ERROR_WANT_READ:
1673      case WOLFSSL_ERROR_WANT_WRITE:
1674        return CURLE_AGAIN;
1675      }
1676      CURL_TRC_CF(data, cf, "SSL send early data, error: '%s'(%d)",
1677                  wssl_strerror((unsigned long)err, error_buffer,
1678                                sizeof(error_buffer)), err);
1679      return CURLE_SEND_ERROR;
1680    }
1681
1682    Curl_bufq_skip(&connssl->earlydata, (size_t)nwritten);
1683  }
1684  /* sent everything there was */
1685  connssl->earlydata_state = ssl_earlydata_sent;
1686  if(!Curl_ssl_cf_is_proxy(cf))
1687    Curl_pgrsEarlyData(data, (curl_off_t)connssl->earlydata_skip);
1688  infof(data, "SSL sending %zu bytes of early data", connssl->earlydata_skip);
1689  return CURLE_OK;
1690}
1691#endif /* WOLFSSL_EARLY_DATA */
1692
1693static CURLcode wssl_handshake(struct Curl_cfilter *cf, struct Curl_easy *data)
1694{
1695  struct ssl_connect_data *connssl = cf->ctx;
1696  struct wssl_ctx *wssl = (struct wssl_ctx *)connssl->backend;
1697  struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
1698  int ret = -1, detail;
1699  CURLcode result;
1700
1701  DEBUGASSERT(wssl);
1702  connssl->io_need = CURL_SSL_IO_NEED_NONE;
1703
1704#ifdef WOLFSSL_EARLY_DATA
1705  if(connssl->earlydata_state == ssl_earlydata_sending) {
1706    result = wssl_send_earlydata(cf, data);
1707    if(result)
1708      return result;
1709  }
1710  DEBUGASSERT((connssl->earlydata_state == ssl_earlydata_none) ||
1711              (connssl->earlydata_state == ssl_earlydata_sent));
1712#else
1713  DEBUGASSERT(connssl->earlydata_state == ssl_earlydata_none);
1714#endif /* WOLFSSL_EARLY_DATA */
1715
1716  wolfSSL_ERR_clear_error();
1717  ret = wolfSSL_connect(wssl->ssl);
1718
1719  if(!wssl->x509_store_setup) {
1720    /* After having send off the ClientHello, we prepare the x509
1721     * store to verify the coming certificate from the server */
1722    result = Curl_wssl_setup_x509_store(cf, data, wssl);
1723    if(result) {
1724      CURL_TRC_CF(data, cf, "Curl_wssl_setup_x509_store() -> %d", result);
1725      return result;
1726    }
1727  }
1728
1729#ifdef OPENSSL_EXTRA
1730  if(Curl_tls_keylog_enabled()) {
1731    /* If key logging is enabled, wait for the handshake to complete and then
1732     * proceed with logging secrets (for TLS 1.2 or older).
1733     *
1734     * During the handshake (ret==-1), wolfSSL_want_read() is true as it waits
1735     * for the server response. At that point the master secret is not yet
1736     * available, so we must not try to read it.
1737     * To log the secret on completion with a handshake failure, detect
1738     * completion via the observation that there is nothing to read or write.
1739     * Note that OpenSSL SSL_want_read() is always true here. If wolfSSL ever
1740     * changes, the worst case is that no key is logged on error.
1741     */
1742    if(ret == WOLFSSL_SUCCESS ||
1743       (!wolfSSL_want_read(wssl->ssl) &&
1744        !wolfSSL_want_write(wssl->ssl))) {
1745      wssl_log_tls12_secret(wssl->ssl);
1746      /* Client Random and master secrets are no longer needed, erase these.
1747       * Ignored while the handshake is still in progress. */
1748      wolfSSL_FreeArrays(wssl->ssl);
1749    }
1750  }
1751#endif /* OPENSSL_EXTRA */
1752
1753  detail = wolfSSL_get_error(wssl->ssl, ret);
1754  CURL_TRC_CF(data, cf, "wolfSSL_connect() -> %d, detail=%d", ret, detail);
1755
1756  /* On a successful handshake with an IP address, do an extra check
1757   * on the peer certificate */
1758  if(ret == WOLFSSL_SUCCESS &&
1759     conn_config->verifyhost &&
1760     !connssl->peer.sni) {
1761    /* we have an IP address as hostname. */
1762    WOLFSSL_X509 *cert = wolfSSL_get_peer_certificate(wssl->ssl);
1763    if(!cert) {
1764      failf(data, "unable to get peer certificate");
1765      return CURLE_PEER_FAILED_VERIFICATION;
1766    }
1767    ret = wolfSSL_X509_check_ip_asc(cert, connssl->peer.dest->hostname, 0);
1768    CURL_TRC_CF(data, cf, "check peer certificate for IP match on %s -> %d",
1769                connssl->peer.dest->hostname, ret);
1770    if(ret != WOLFSSL_SUCCESS)
1771      detail = DOMAIN_NAME_MISMATCH;
1772    wolfSSL_X509_free(cert);
1773  }
1774
1775  if(ret == WOLFSSL_SUCCESS) {
1776    return CURLE_OK;
1777  }
1778  else {
1779    if(WOLFSSL_ERROR_WANT_READ == detail) {
1780      connssl->io_need = CURL_SSL_IO_NEED_RECV;
1781      return CURLE_AGAIN;
1782    }
1783    else if(WOLFSSL_ERROR_WANT_WRITE == detail) {
1784      connssl->io_need = CURL_SSL_IO_NEED_SEND;
1785      return CURLE_AGAIN;
1786    }
1787    else if(DOMAIN_NAME_MISMATCH == detail) {
1788      /* There is no easy way to override only the CN matching.
1789       * This enables the override of both mismatching SubjectAltNames
1790       * as also mismatching CN fields */
1791      failf(data, " subject alt name(s) or common name do not match \"%s\"",
1792            connssl->peer.dest->hostname);
1793      return CURLE_PEER_FAILED_VERIFICATION;
1794    }
1795    else if(ASN_NO_SIGNER_E == detail) {
1796      if(conn_config->verifypeer) {
1797        failf(data, " CA signer not available for verification");
1798        return CURLE_SSL_CACERT_BADFILE;
1799      }
1800      /* Continue with a warning if no strict certificate
1801         verification is required. */
1802      infof(data, "CA signer not available for verification, "
1803                  "continuing anyway");
1804      return CURLE_OK;
1805    }
1806    else if(ASN_AFTER_DATE_E == detail) {
1807      failf(data, "server verification failed: certificate has expired.");
1808      return CURLE_PEER_FAILED_VERIFICATION;
1809    }
1810    else if(ASN_BEFORE_DATE_E == detail) {
1811      failf(data, "server verification failed: certificate not valid yet.");
1812      return CURLE_PEER_FAILED_VERIFICATION;
1813    }
1814    else if(wssl->io_result) {
1815      switch(wssl->io_result) {
1816      case CURLE_SEND_ERROR:
1817      case CURLE_RECV_ERROR:
1818        return CURLE_SSL_CONNECT_ERROR;
1819      default:
1820        return wssl->io_result;
1821      }
1822    }
1823#ifdef HAVE_WOLFSSL_CTX_GENERATEECHCONFIG
1824    else if(detail == -1) {
1825      /* try access a retry_config ECHConfigList for tracing */
1826      byte echConfigs[1000];
1827      word32 echConfigsLen = 1000;
1828      int rv = 0;
1829
1830      /* this currently does not produce the retry_configs */
1831      rv = wolfSSL_GetEchConfigs(wssl->ssl, echConfigs, &echConfigsLen);
1832      if(rv != WOLFSSL_SUCCESS) {
1833        infof(data, "Failed to get ECHConfigs");
1834      }
1835      else {
1836        char *b64str = NULL;
1837        size_t blen = 0;
1838
1839        result = curlx_base64_encode(echConfigs, echConfigsLen,
1840                                     &b64str, &blen);
1841        if(!result && b64str)
1842          infof(data, "ECH: (not yet) retry_configs %s", b64str);
1843        curlx_free(b64str);
1844      }
1845      return CURLE_SSL_CONNECT_ERROR;
1846    }
1847#endif
1848    else {
1849      char error_buffer[256];
1850      failf(data, "SSL_connect failed with error %d: %s", detail,
1851            wssl_strerror((unsigned long)detail, error_buffer,
1852                          sizeof(error_buffer)));
1853      return CURLE_SSL_CONNECT_ERROR;
1854    }
1855  }
1856}
1857
1858static CURLcode wssl_send(struct Curl_cfilter *cf,
1859                          struct Curl_easy *data,
1860                          const void *buf, size_t blen,
1861                          size_t *pnwritten)
1862{
1863  struct ssl_connect_data *connssl = cf->ctx;
1864  struct wssl_ctx *wssl = (struct wssl_ctx *)connssl->backend;
1865  CURLcode result = CURLE_OK;
1866  int nwritten;
1867
1868  DEBUGASSERT(wssl);
1869  *pnwritten = 0;
1870  wolfSSL_ERR_clear_error();
1871
1872  if(blen) {
1873    int memlen = (blen > (size_t)INT_MAX) ? INT_MAX : (int)blen;
1874
1875    nwritten = wolfSSL_write(wssl->ssl, buf, memlen);
1876
1877    if(nwritten > 0)
1878      *pnwritten += (size_t)nwritten;
1879    else {
1880      int err = wolfSSL_get_error(wssl->ssl, nwritten);
1881
1882      switch(err) {
1883      case WOLFSSL_ERROR_WANT_READ:
1884      case WOLFSSL_ERROR_WANT_WRITE:
1885        /* there is data pending, re-invoke wolfSSL_write() */
1886        if(*pnwritten) {
1887          result = CURLE_OK;
1888          goto out;
1889        }
1890        result = CURLE_AGAIN;
1891        goto out;
1892
1893      default:
1894        if(wssl->io_result == CURLE_AGAIN) {
1895          if(*pnwritten) {
1896            result = CURLE_OK;
1897            goto out;
1898          }
1899          result = CURLE_AGAIN;
1900          goto out;
1901        }
1902        {
1903          char error_buffer[256];
1904          failf(data, "SSL write: %s, errno %d",
1905                wssl_strerror((unsigned long)err, error_buffer,
1906                              sizeof(error_buffer)),
1907                SOCKERRNO);
1908        }
1909        result = CURLE_SEND_ERROR;
1910        goto out;
1911      }
1912    }
1913  }
1914
1915out:
1916  CURL_TRC_CF(data, cf, "wssl_send(len=%zu) -> %d, %zu",
1917              blen, result, *pnwritten);
1918  return result;
1919}
1920
1921static CURLcode wssl_shutdown(struct Curl_cfilter *cf,
1922                              struct Curl_easy *data,
1923                              bool send_shutdown, bool *done)
1924{
1925  struct ssl_connect_data *connssl = cf->ctx;
1926  struct wssl_ctx *wctx = (struct wssl_ctx *)connssl->backend;
1927  CURLcode result = CURLE_OK;
1928  char buf[1024];
1929  int nread = -1, err;
1930  size_t i;
1931  VERBOSE(char error_buffer[256]);
1932
1933  DEBUGASSERT(wctx);
1934  if(!wctx->ssl || cf->shutdown) {
1935    *done = TRUE;
1936    goto out;
1937  }
1938
1939  wctx->shutting_down = TRUE;
1940  connssl->io_need = CURL_SSL_IO_NEED_NONE;
1941  *done = FALSE;
1942  if(!(wolfSSL_get_shutdown(wctx->ssl) & WOLFSSL_SENT_SHUTDOWN)) {
1943    /* We have not started the shutdown from our side yet. Check
1944     * if the server already sent us one. */
1945    wolfSSL_ERR_clear_error();
1946    nread = wolfSSL_read(wctx->ssl, buf, (int)sizeof(buf));
1947    err = wolfSSL_get_error(wctx->ssl, nread);
1948    CURL_TRC_CF(data, cf, "wolfSSL_read, nread=%d, err=%d", nread, err);
1949    if(!nread && err == WOLFSSL_ERROR_ZERO_RETURN) {
1950      bool input_pending;
1951      /* Yes, it did. */
1952      if(!send_shutdown) {
1953        CURL_TRC_CF(data, cf, "SSL shutdown received, not sending");
1954        *done = TRUE;
1955        goto out;
1956      }
1957      else if(!cf->next->cft->is_alive(cf->next, data, &input_pending)) {
1958        /* Server closed the connection after its closy notify. It
1959         * seems not interested to see our close notify, so do not
1960         * send it. We are done. */
1961        CURL_TRC_CF(data, cf, "peer closed connection");
1962        connssl->peer_closed = TRUE;
1963        *done = TRUE;
1964        goto out;
1965      }
1966    }
1967  }
1968
1969  /* wolfSSL should now have started the shutdown from our side. Since it
1970   * was not complete, we are lacking the close notify from the server. */
1971  if(send_shutdown) {
1972    wolfSSL_ERR_clear_error();
1973    nread = wolfSSL_shutdown(wctx->ssl);
1974    if(nread == 1) {
1975      CURL_TRC_CF(data, cf, "SSL shutdown finished");
1976      *done = TRUE;
1977      goto out;
1978    }
1979    if(WOLFSSL_ERROR_WANT_WRITE == wolfSSL_get_error(wctx->ssl, nread)) {
1980      CURL_TRC_CF(data, cf, "SSL shutdown still wants to send");
1981      connssl->io_need = CURL_SSL_IO_NEED_SEND;
1982      goto out;
1983    }
1984    /* Having sent the close notify, we use wolfSSL_read() to get the
1985     * missing close notify from the server. */
1986  }
1987
1988  for(i = 0; i < 10; ++i) {
1989    wolfSSL_ERR_clear_error();
1990    nread = wolfSSL_read(wctx->ssl, buf, (int)sizeof(buf));
1991    if(nread <= 0)
1992      break;
1993  }
1994  err = wolfSSL_get_error(wctx->ssl, nread);
1995  switch(err) {
1996  case WOLFSSL_ERROR_ZERO_RETURN: /* no more data */
1997    CURL_TRC_CF(data, cf, "SSL shutdown received");
1998    *done = TRUE;
1999    break;
2000  case WOLFSSL_ERROR_NONE: /* did not get anything */
2001  case WOLFSSL_ERROR_WANT_READ:
2002    /* wolfSSL has send its notify and now wants to read the reply
2003     * from the server. We are not really interested in that. */
2004    CURL_TRC_CF(data, cf, "SSL shutdown sent, want receive");
2005    connssl->io_need = CURL_SSL_IO_NEED_RECV;
2006    break;
2007  case WOLFSSL_ERROR_WANT_WRITE:
2008    CURL_TRC_CF(data, cf, "SSL shutdown send blocked");
2009    connssl->io_need = CURL_SSL_IO_NEED_SEND;
2010    break;
2011  default:
2012    CURL_TRC_CF(data, cf, "SSL shutdown, error: '%s'(%d)",
2013                wssl_strerror((unsigned long)err, error_buffer,
2014                              sizeof(error_buffer)),
2015                err);
2016    result = CURLE_RECV_ERROR;
2017    break;
2018  }
2019
2020out:
2021  cf->shutdown = (result || *done);
2022  return result;
2023}
2024
2025static void wssl_close(struct Curl_cfilter *cf, struct Curl_easy *data)
2026{
2027  struct ssl_connect_data *connssl = cf->ctx;
2028  struct wssl_ctx *wssl = (struct wssl_ctx *)connssl->backend;
2029
2030  (void)data;
2031
2032  DEBUGASSERT(wssl);
2033
2034  if(wssl->ssl) {
2035    wolfSSL_free(wssl->ssl);
2036    wssl->ssl = NULL;
2037  }
2038  if(wssl->ssl_ctx) {
2039    wolfSSL_CTX_free(wssl->ssl_ctx);
2040    wssl->ssl_ctx = NULL;
2041  }
2042}
2043
2044static CURLcode wssl_recv(struct Curl_cfilter *cf,
2045                          struct Curl_easy *data,
2046                          char *buf, size_t blen,
2047                          size_t *pnread)
2048{
2049  struct ssl_connect_data *connssl = cf->ctx;
2050  struct wssl_ctx *wssl = (struct wssl_ctx *)connssl->backend;
2051  int buffsize = (blen > (size_t)INT_MAX) ? INT_MAX : (int)blen;
2052  int nread;
2053
2054  DEBUGASSERT(wssl);
2055
2056  *pnread = 0;
2057  wolfSSL_ERR_clear_error();
2058
2059  nread = wolfSSL_read(wssl->ssl, buf, buffsize);
2060
2061  if(nread > 0)
2062    *pnread = (size_t)nread;
2063  else {
2064    int err = wolfSSL_get_error(wssl->ssl, nread);
2065
2066    switch(err) {
2067    case WOLFSSL_ERROR_ZERO_RETURN: /* no more data */
2068      CURL_TRC_CF(data, cf, "wssl_recv(len=%zu) -> CLOSED", blen);
2069      return CURLE_OK;
2070    case WOLFSSL_ERROR_NONE:
2071    case WOLFSSL_ERROR_WANT_READ:
2072    case WOLFSSL_ERROR_WANT_WRITE:
2073      if(!wssl->io_result && !connssl->peer_closed) {
2074        /* there is data pending, re-invoke wolfSSL_read() */
2075        CURL_TRC_CF(data, cf, "wssl_recv(len=%zu) -> AGAIN", blen);
2076        return CURLE_AGAIN;
2077      }
2078      /* fall through to default error handling below */
2079      FALLTHROUGH();
2080    default:
2081      if(wssl->io_result == CURLE_AGAIN) {
2082        CURL_TRC_CF(data, cf, "wssl_recv(len=%zu) -> AGAIN", blen);
2083        return CURLE_AGAIN;
2084      }
2085      else if(!wssl->io_result && connssl->peer_closed) {
2086        CURL_TRC_CF(data, cf, "wssl_recv(len=%zu) -> CLOSED", blen);
2087        failf(data, "Connection closed abruptly");
2088      }
2089      else {
2090        char error_buffer[256];
2091        failf(data, "SSL read: %s, errno %d",
2092              wssl_strerror((unsigned long)err, error_buffer,
2093                            sizeof(error_buffer)),
2094              SOCKERRNO);
2095      }
2096      return CURLE_RECV_ERROR;
2097    }
2098  }
2099
2100  CURL_TRC_CF(data, cf, "wssl_recv(len=%zu) -> 0, %zu", blen, *pnread);
2101  return CURLE_OK;
2102}
2103
2104size_t Curl_wssl_version(char *buffer, size_t size)
2105{
2106  return curl_msnprintf(buffer, size, "wolfSSL/%s", wolfSSL_lib_version());
2107}
2108
2109static int wssl_init(void)
2110{
2111  int ret;
2112
2113#ifdef OPENSSL_EXTRA
2114  Curl_tls_keylog_open();
2115#endif
2116  ret = (wolfSSL_Init() == WOLFSSL_SUCCESS);
2117  if(ret)
2118    ret = wssl_bio_cf_init_methods();
2119  return ret;
2120}
2121
2122static void wssl_cleanup(void)
2123{
2124  wssl_bio_cf_free_methods();
2125  wolfSSL_Cleanup();
2126#ifdef OPENSSL_EXTRA
2127  Curl_tls_keylog_close();
2128#endif
2129}
2130
2131static bool wssl_data_pending(struct Curl_cfilter *cf,
2132                              const struct Curl_easy *data)
2133{
2134  struct ssl_connect_data *ctx = cf->ctx;
2135  struct wssl_ctx *wssl;
2136
2137  (void)data;
2138  DEBUGASSERT(ctx && ctx->backend);
2139
2140  wssl = (struct wssl_ctx *)ctx->backend;
2141  if(wssl->ssl)   /* wolfSSL is in use */
2142    return wolfSSL_pending(wssl->ssl);
2143  else
2144    return FALSE;
2145}
2146
2147void Curl_wssl_report_handshake(struct Curl_easy *data, struct wssl_ctx *wssl)
2148{
2149  (void)wssl;
2150  infof(data, "SSL connection using %s / %s",
2151        wolfSSL_get_version(wssl->ssl),
2152        wolfSSL_get_cipher_name(wssl->ssl));
2153}
2154
2155static CURLcode wssl_connect(struct Curl_cfilter *cf,
2156                             struct Curl_easy *data,
2157                             bool *done)
2158{
2159  struct ssl_connect_data *connssl = cf->ctx;
2160  struct wssl_ctx *wssl = (struct wssl_ctx *)connssl->backend;
2161  CURLcode result = CURLE_OK;
2162
2163  /* check if the connection has already been established */
2164  if(ssl_connection_complete == connssl->state) {
2165    *done = TRUE;
2166    return CURLE_OK;
2167  }
2168
2169  *done = FALSE;
2170  connssl->io_need = CURL_SSL_IO_NEED_NONE;
2171
2172  if(ssl_connect_1 == connssl->connecting_state) {
2173#ifdef HAVE_WOLFSSL_CTX_GENERATEECHCONFIG
2174    /* if we do ECH and need the HTTPS-RR information for it,
2175     * we delay the connect until it arrives or DNS resolve fails. */
2176    if(Curl_wssl_need_httpsrr(data) &&
2177       !Curl_conn_dns_resolved_https(data, cf->sockindex)) {
2178      CURL_TRC_CF(data, cf, "need HTTPS-RR for ECH, delaying connect");
2179      return CURLE_OK;
2180    }
2181#endif /* HAVE_WOLFSSL_CTX_GENERATEECHCONFIG */
2182    result = wssl_connect_step1(cf, data);
2183    if(result)
2184      return result;
2185    connssl->connecting_state = ssl_connect_2;
2186  }
2187
2188  if(ssl_connect_2 == connssl->connecting_state) {
2189    if(connssl->earlydata_state == ssl_earlydata_await) {
2190      /* We defer the handshake until request data arrives. */
2191      DEBUGASSERT(connssl->state == ssl_connection_deferred);
2192      goto out;
2193    }
2194    result = wssl_handshake(cf, data);
2195    if(result == CURLE_AGAIN)
2196      goto out;
2197    wssl->hs_result = result;
2198    connssl->connecting_state = ssl_connect_3;
2199  }
2200
2201  if(ssl_connect_3 == connssl->connecting_state) {
2202    /* Once the handshake has errored, it stays in that state and
2203     * errors again on every call. */
2204    if(wssl->hs_result) {
2205      result = wssl->hs_result;
2206      goto out;
2207    }
2208    result = Curl_wssl_verify_pinned(cf, data, wssl);
2209    if(result) {
2210      wssl->hs_result = result;
2211      goto out;
2212    }
2213    /* handhshake was done without errors */
2214#ifdef HAVE_ALPN
2215    if(connssl->alpn) {
2216      int rc;
2217      char *protocol = NULL;
2218      unsigned short protocol_len = 0;
2219
2220      rc = wolfSSL_ALPN_GetProtocol(wssl->ssl, &protocol, &protocol_len);
2221
2222      if(rc == WOLFSSL_SUCCESS) {
2223        Curl_alpn_set_negotiated(cf, data, connssl,
2224                                 (const unsigned char *)protocol,
2225                                 protocol_len);
2226      }
2227      else if(rc == WOLFSSL_ALPN_NOT_FOUND)
2228        Curl_alpn_set_negotiated(cf, data, connssl, NULL, 0);
2229      else {
2230        failf(data, "ALPN, failure getting protocol, error %d", rc);
2231        wssl->hs_result = result = CURLE_SSL_CONNECT_ERROR;
2232        goto out;
2233      }
2234    }
2235#endif /* HAVE_ALPN */
2236
2237    connssl->connecting_state = ssl_connect_done;
2238    connssl->state = ssl_connection_complete;
2239    Curl_wssl_report_handshake(data, wssl);
2240
2241#ifdef WOLFSSL_EARLY_DATA
2242    if(connssl->earlydata_state > ssl_earlydata_none) {
2243      /* We should be in this state by now */
2244      DEBUGASSERT(connssl->earlydata_state == ssl_earlydata_sent);
2245      connssl->earlydata_state =
2246        (wolfSSL_get_early_data_status(wssl->ssl) ==
2247         WOLFSSL_EARLY_DATA_REJECTED) ?
2248         ssl_earlydata_rejected : ssl_earlydata_accepted;
2249    }
2250#endif /* WOLFSSL_EARLY_DATA */
2251  }
2252
2253  if((connssl->connecting_state == ssl_connect_done) ||
2254     (connssl->state == ssl_connection_deferred)) {
2255    *done = TRUE;
2256  }
2257
2258out:
2259  if(result) {
2260    *done = FALSE;
2261    if(result == CURLE_AGAIN)
2262      return CURLE_OK;
2263  }
2264  else if((connssl->connecting_state == ssl_connect_done) ||
2265          (connssl->state == ssl_connection_deferred)) {
2266    *done = TRUE;
2267  }
2268  return result;
2269}
2270
2271static CURLcode wssl_random(struct Curl_easy *data,
2272                            unsigned char *entropy, size_t length)
2273{
2274  WC_RNG rng;
2275  (void)data;
2276  if(wc_InitRng(&rng))
2277    return CURLE_FAILED_INIT;
2278  if(length > UINT_MAX)
2279    return CURLE_FAILED_INIT;
2280  if(wc_RNG_GenerateBlock(&rng, entropy, (unsigned)length))
2281    return CURLE_FAILED_INIT;
2282  if(wc_FreeRng(&rng))
2283    return CURLE_FAILED_INIT;
2284  return CURLE_OK;
2285}
2286
2287static CURLcode wssl_sha256sum(const unsigned char *tmp, /* input */
2288                               size_t tmplen,
2289                               unsigned char *sha256sum /* output */,
2290                               size_t unused)
2291{
2292  wc_Sha256 SHA256pw;
2293  (void)unused;
2294  if(wc_InitSha256(&SHA256pw))
2295    return CURLE_FAILED_INIT;
2296  wc_Sha256Update(&SHA256pw, tmp, (word32)tmplen);
2297  wc_Sha256Final(&SHA256pw, sha256sum);
2298  return CURLE_OK;
2299}
2300
2301static void *wssl_get_internals(struct ssl_connect_data *connssl,
2302                                CURLINFO info)
2303{
2304  struct wssl_ctx *wssl = (struct wssl_ctx *)connssl->backend;
2305  DEBUGASSERT(wssl);
2306  return info == CURLINFO_TLS_SESSION ?
2307    (void *)wssl->ssl_ctx : (void *)wssl->ssl;
2308}
2309
2310const struct Curl_ssl Curl_ssl_wolfssl = {
2311  { CURLSSLBACKEND_WOLFSSL, "wolfssl" }, /* info */
2312
2313#ifdef KEEP_PEER_CERT
2314  SSLSUPP_PINNEDPUBKEY |
2315#endif
2316#ifdef USE_BIO_CHAIN
2317  SSLSUPP_HTTPS_PROXY |
2318#endif
2319  SSLSUPP_CA_PATH |
2320  SSLSUPP_CAINFO_BLOB |
2321#ifdef HAVE_WOLFSSL_CTX_GENERATEECHCONFIG
2322  SSLSUPP_ECH |
2323#endif
2324  SSLSUPP_SSL_CTX |
2325#ifdef WOLFSSL_TLS13
2326  SSLSUPP_TLS13_CIPHERSUITES |
2327#endif
2328  SSLSUPP_CA_CACHE |
2329  SSLSUPP_CIPHER_LIST |
2330  SSLSUPP_SSL_EC_CURVES,
2331
2332  sizeof(struct wssl_ctx),
2333
2334  wssl_init,                       /* init */
2335  wssl_cleanup,                    /* cleanup */
2336  Curl_wssl_version,               /* version */
2337  wssl_shutdown,                   /* shutdown */
2338  wssl_data_pending,               /* data_pending */
2339  wssl_random,                     /* random */
2340  NULL,                            /* cert_status_request */
2341  wssl_connect,                    /* connect */
2342  Curl_ssl_adjust_pollset,         /* adjust_pollset */
2343  wssl_get_internals,              /* get_internals */
2344  wssl_close,                      /* close_one */
2345  NULL,                            /* close_all */
2346  NULL,                            /* set_engine */
2347  NULL,                            /* set_engine_default */
2348  NULL,                            /* engines_list */
2349  wssl_sha256sum,                  /* sha256sum */
2350  wssl_recv,                       /* recv decrypted data */
2351  wssl_send,                       /* send data to encrypt */
2352  NULL,                            /* get_channel_binding */
2353};
2354
2355#endif