1 | /*************************************************************************** |
2 | * _ _ ____ _ |
3 | * Project ___| | | | _ \| | |
4 | * / __| | | | |_) | | |
5 | * | (__| |_| | _ <| |___ |
6 | * \___|\___/|_| \_\_____| |
7 | * |
8 | * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. |
9 | * |
10 | * This software is licensed as described in the file COPYING, which |
11 | * you should have received as part of this distribution. The terms |
12 | * are also available at https://curl.haxx.se/docs/copyright.html. |
13 | * |
14 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
15 | * copies of the Software, and permit persons to whom the Software is |
16 | * furnished to do so, under the terms of the COPYING file. |
17 | * |
18 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
19 | * KIND, either express or implied. |
20 | * |
21 | ***************************************************************************/ |
22 | |
23 | /* |
24 | * Source file for all GnuTLS-specific code for the TLS/SSL layer. No code |
25 | * but vtls.c should ever call or use these functions. |
26 | * |
27 | * Note: don't use the GnuTLS' *_t variable type names in this source code, |
28 | * since they were not present in 1.0.X. |
29 | */ |
30 | |
31 | #include "curl_setup.h" |
32 | |
33 | #ifdef USE_GNUTLS |
34 | |
35 | #include <gnutls/abstract.h> |
36 | #include <gnutls/gnutls.h> |
37 | #include <gnutls/x509.h> |
38 | |
39 | #ifdef USE_GNUTLS_NETTLE |
40 | #include <gnutls/crypto.h> |
41 | #include <nettle/md5.h> |
42 | #include <nettle/sha2.h> |
43 | #else |
44 | #include <gcrypt.h> |
45 | #endif |
46 | |
47 | #include "urldata.h" |
48 | #include "sendf.h" |
49 | #include "inet_pton.h" |
50 | #include "gtls.h" |
51 | #include "vtls.h" |
52 | #include "parsedate.h" |
53 | #include "connect.h" /* for the connect timeout */ |
54 | #include "select.h" |
55 | #include "strcase.h" |
56 | #include "warnless.h" |
57 | #include "x509asn1.h" |
58 | #include "multiif.h" |
59 | #include "curl_printf.h" |
60 | #include "curl_memory.h" |
61 | /* The last #include file should be: */ |
62 | #include "memdebug.h" |
63 | |
64 | /* Enable GnuTLS debugging by defining GTLSDEBUG */ |
65 | /*#define GTLSDEBUG */ |
66 | |
67 | #ifdef GTLSDEBUG |
68 | static void tls_log_func(int level, const char *str) |
69 | { |
70 | fprintf(stderr, "|<%d>| %s" , level, str); |
71 | } |
72 | #endif |
73 | static bool gtls_inited = FALSE; |
74 | |
75 | #if defined(GNUTLS_VERSION_NUMBER) |
76 | # if (GNUTLS_VERSION_NUMBER >= 0x020c00) |
77 | # undef gnutls_transport_set_lowat |
78 | # define gnutls_transport_set_lowat(A,B) Curl_nop_stmt |
79 | # define USE_GNUTLS_PRIORITY_SET_DIRECT 1 |
80 | # endif |
81 | # if (GNUTLS_VERSION_NUMBER >= 0x020c03) |
82 | # define GNUTLS_MAPS_WINSOCK_ERRORS 1 |
83 | # endif |
84 | |
85 | # if HAVE_GNUTLS_ALPN_SET_PROTOCOLS |
86 | # define HAS_ALPN |
87 | # endif |
88 | |
89 | # if HAVE_GNUTLS_OCSP_REQ_INIT |
90 | # define HAS_OCSP |
91 | # endif |
92 | |
93 | # if (GNUTLS_VERSION_NUMBER >= 0x030306) |
94 | # define HAS_CAPATH |
95 | # endif |
96 | #endif |
97 | |
98 | #if (GNUTLS_VERSION_NUMBER >= 0x030603) |
99 | #define HAS_TLS13 |
100 | #endif |
101 | |
102 | #ifdef HAS_OCSP |
103 | # include <gnutls/ocsp.h> |
104 | #endif |
105 | |
106 | struct ssl_backend_data { |
107 | gnutls_session_t session; |
108 | gnutls_certificate_credentials_t cred; |
109 | #ifdef USE_TLS_SRP |
110 | gnutls_srp_client_credentials_t srp_client_cred; |
111 | #endif |
112 | }; |
113 | |
114 | #define BACKEND connssl->backend |
115 | |
116 | /* |
117 | * Custom push and pull callback functions used by GNU TLS to read and write |
118 | * to the socket. These functions are simple wrappers to send() and recv() |
119 | * (although here using the sread/swrite macros as defined by |
120 | * curl_setup_once.h). |
121 | * We use custom functions rather than the GNU TLS defaults because it allows |
122 | * us to get specific about the fourth "flags" argument, and to use arbitrary |
123 | * private data with gnutls_transport_set_ptr if we wish. |
124 | * |
125 | * When these custom push and pull callbacks fail, GNU TLS checks its own |
126 | * session-specific error variable, and when not set also its own global |
127 | * errno variable, in order to take appropriate action. GNU TLS does not |
128 | * require that the transport is actually a socket. This implies that for |
129 | * Windows builds these callbacks should ideally set the session-specific |
130 | * error variable using function gnutls_transport_set_errno or as a last |
131 | * resort global errno variable using gnutls_transport_set_global_errno, |
132 | * with a transport agnostic error value. This implies that some winsock |
133 | * error translation must take place in these callbacks. |
134 | * |
135 | * Paragraph above applies to GNU TLS versions older than 2.12.3, since |
136 | * this version GNU TLS does its own internal winsock error translation |
137 | * using system_errno() function. |
138 | */ |
139 | |
140 | #if defined(USE_WINSOCK) && !defined(GNUTLS_MAPS_WINSOCK_ERRORS) |
141 | # define gtls_EINTR 4 |
142 | # define gtls_EIO 5 |
143 | # define gtls_EAGAIN 11 |
144 | static int gtls_mapped_sockerrno(void) |
145 | { |
146 | switch(SOCKERRNO) { |
147 | case WSAEWOULDBLOCK: |
148 | return gtls_EAGAIN; |
149 | case WSAEINTR: |
150 | return gtls_EINTR; |
151 | default: |
152 | break; |
153 | } |
154 | return gtls_EIO; |
155 | } |
156 | #endif |
157 | |
158 | static ssize_t Curl_gtls_push(void *s, const void *buf, size_t len) |
159 | { |
160 | curl_socket_t sock = *(curl_socket_t *)s; |
161 | ssize_t ret = swrite(sock, buf, len); |
162 | #if defined(USE_WINSOCK) && !defined(GNUTLS_MAPS_WINSOCK_ERRORS) |
163 | if(ret < 0) |
164 | gnutls_transport_set_global_errno(gtls_mapped_sockerrno()); |
165 | #endif |
166 | return ret; |
167 | } |
168 | |
169 | static ssize_t Curl_gtls_pull(void *s, void *buf, size_t len) |
170 | { |
171 | curl_socket_t sock = *(curl_socket_t *)s; |
172 | ssize_t ret = sread(sock, buf, len); |
173 | #if defined(USE_WINSOCK) && !defined(GNUTLS_MAPS_WINSOCK_ERRORS) |
174 | if(ret < 0) |
175 | gnutls_transport_set_global_errno(gtls_mapped_sockerrno()); |
176 | #endif |
177 | return ret; |
178 | } |
179 | |
180 | static ssize_t Curl_gtls_push_ssl(void *s, const void *buf, size_t len) |
181 | { |
182 | return gnutls_record_send((gnutls_session_t) s, buf, len); |
183 | } |
184 | |
185 | static ssize_t Curl_gtls_pull_ssl(void *s, void *buf, size_t len) |
186 | { |
187 | return gnutls_record_recv((gnutls_session_t) s, buf, len); |
188 | } |
189 | |
190 | /* Curl_gtls_init() |
191 | * |
192 | * Global GnuTLS init, called from Curl_ssl_init(). This calls functions that |
193 | * are not thread-safe and thus this function itself is not thread-safe and |
194 | * must only be called from within curl_global_init() to keep the thread |
195 | * situation under control! |
196 | */ |
197 | static int Curl_gtls_init(void) |
198 | { |
199 | int ret = 1; |
200 | if(!gtls_inited) { |
201 | ret = gnutls_global_init()?0:1; |
202 | #ifdef GTLSDEBUG |
203 | gnutls_global_set_log_function(tls_log_func); |
204 | gnutls_global_set_log_level(2); |
205 | #endif |
206 | gtls_inited = TRUE; |
207 | } |
208 | return ret; |
209 | } |
210 | |
211 | static void Curl_gtls_cleanup(void) |
212 | { |
213 | if(gtls_inited) { |
214 | gnutls_global_deinit(); |
215 | gtls_inited = FALSE; |
216 | } |
217 | } |
218 | |
219 | #ifndef CURL_DISABLE_VERBOSE_STRINGS |
220 | static void showtime(struct Curl_easy *data, |
221 | const char *text, |
222 | time_t stamp) |
223 | { |
224 | struct tm buffer; |
225 | const struct tm *tm = &buffer; |
226 | char str[96]; |
227 | CURLcode result = Curl_gmtime(stamp, &buffer); |
228 | if(result) |
229 | return; |
230 | |
231 | msnprintf(str, |
232 | sizeof(str), |
233 | "\t %s: %s, %02d %s %4d %02d:%02d:%02d GMT" , |
234 | text, |
235 | Curl_wkday[tm->tm_wday?tm->tm_wday-1:6], |
236 | tm->tm_mday, |
237 | Curl_month[tm->tm_mon], |
238 | tm->tm_year + 1900, |
239 | tm->tm_hour, |
240 | tm->tm_min, |
241 | tm->tm_sec); |
242 | infof(data, "%s\n" , str); |
243 | } |
244 | #endif |
245 | |
246 | static gnutls_datum_t load_file(const char *file) |
247 | { |
248 | FILE *f; |
249 | gnutls_datum_t loaded_file = { NULL, 0 }; |
250 | long filelen; |
251 | void *ptr; |
252 | |
253 | f = fopen(file, "rb" ); |
254 | if(!f) |
255 | return loaded_file; |
256 | if(fseek(f, 0, SEEK_END) != 0 |
257 | || (filelen = ftell(f)) < 0 |
258 | || fseek(f, 0, SEEK_SET) != 0 |
259 | || !(ptr = malloc((size_t)filelen))) |
260 | goto out; |
261 | if(fread(ptr, 1, (size_t)filelen, f) < (size_t)filelen) { |
262 | free(ptr); |
263 | goto out; |
264 | } |
265 | |
266 | loaded_file.data = ptr; |
267 | loaded_file.size = (unsigned int)filelen; |
268 | out: |
269 | fclose(f); |
270 | return loaded_file; |
271 | } |
272 | |
273 | static void unload_file(gnutls_datum_t data) |
274 | { |
275 | free(data.data); |
276 | } |
277 | |
278 | |
279 | /* this function does a SSL/TLS (re-)handshake */ |
280 | static CURLcode handshake(struct connectdata *conn, |
281 | int sockindex, |
282 | bool duringconnect, |
283 | bool nonblocking) |
284 | { |
285 | struct Curl_easy *data = conn->data; |
286 | struct ssl_connect_data *connssl = &conn->ssl[sockindex]; |
287 | gnutls_session_t session = BACKEND->session; |
288 | curl_socket_t sockfd = conn->sock[sockindex]; |
289 | |
290 | for(;;) { |
291 | timediff_t timeout_ms; |
292 | int rc; |
293 | |
294 | /* check allowed time left */ |
295 | timeout_ms = Curl_timeleft(data, NULL, duringconnect); |
296 | |
297 | if(timeout_ms < 0) { |
298 | /* no need to continue if time already is up */ |
299 | failf(data, "SSL connection timeout" ); |
300 | return CURLE_OPERATION_TIMEDOUT; |
301 | } |
302 | |
303 | /* if ssl is expecting something, check if it's available. */ |
304 | if(connssl->connecting_state == ssl_connect_2_reading |
305 | || connssl->connecting_state == ssl_connect_2_writing) { |
306 | int what; |
307 | curl_socket_t writefd = ssl_connect_2_writing == |
308 | connssl->connecting_state?sockfd:CURL_SOCKET_BAD; |
309 | curl_socket_t readfd = ssl_connect_2_reading == |
310 | connssl->connecting_state?sockfd:CURL_SOCKET_BAD; |
311 | |
312 | what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd, |
313 | nonblocking?0: |
314 | timeout_ms?(time_t)timeout_ms:1000); |
315 | if(what < 0) { |
316 | /* fatal error */ |
317 | failf(data, "select/poll on SSL socket, errno: %d" , SOCKERRNO); |
318 | return CURLE_SSL_CONNECT_ERROR; |
319 | } |
320 | else if(0 == what) { |
321 | if(nonblocking) |
322 | return CURLE_OK; |
323 | else if(timeout_ms) { |
324 | /* timeout */ |
325 | failf(data, "SSL connection timeout at %ld" , (long)timeout_ms); |
326 | return CURLE_OPERATION_TIMEDOUT; |
327 | } |
328 | } |
329 | /* socket is readable or writable */ |
330 | } |
331 | |
332 | rc = gnutls_handshake(session); |
333 | |
334 | if((rc == GNUTLS_E_AGAIN) || (rc == GNUTLS_E_INTERRUPTED)) { |
335 | connssl->connecting_state = |
336 | gnutls_record_get_direction(session)? |
337 | ssl_connect_2_writing:ssl_connect_2_reading; |
338 | continue; |
339 | } |
340 | else if((rc < 0) && !gnutls_error_is_fatal(rc)) { |
341 | const char *strerr = NULL; |
342 | |
343 | if(rc == GNUTLS_E_WARNING_ALERT_RECEIVED) { |
344 | int alert = gnutls_alert_get(session); |
345 | strerr = gnutls_alert_get_name(alert); |
346 | } |
347 | |
348 | if(strerr == NULL) |
349 | strerr = gnutls_strerror(rc); |
350 | |
351 | infof(data, "gnutls_handshake() warning: %s\n" , strerr); |
352 | continue; |
353 | } |
354 | else if(rc < 0) { |
355 | const char *strerr = NULL; |
356 | |
357 | if(rc == GNUTLS_E_FATAL_ALERT_RECEIVED) { |
358 | int alert = gnutls_alert_get(session); |
359 | strerr = gnutls_alert_get_name(alert); |
360 | } |
361 | |
362 | if(strerr == NULL) |
363 | strerr = gnutls_strerror(rc); |
364 | |
365 | failf(data, "gnutls_handshake() failed: %s" , strerr); |
366 | return CURLE_SSL_CONNECT_ERROR; |
367 | } |
368 | |
369 | /* Reset our connect state machine */ |
370 | connssl->connecting_state = ssl_connect_1; |
371 | return CURLE_OK; |
372 | } |
373 | } |
374 | |
375 | static gnutls_x509_crt_fmt_t do_file_type(const char *type) |
376 | { |
377 | if(!type || !type[0]) |
378 | return GNUTLS_X509_FMT_PEM; |
379 | if(strcasecompare(type, "PEM" )) |
380 | return GNUTLS_X509_FMT_PEM; |
381 | if(strcasecompare(type, "DER" )) |
382 | return GNUTLS_X509_FMT_DER; |
383 | return -1; |
384 | } |
385 | |
386 | #ifndef USE_GNUTLS_PRIORITY_SET_DIRECT |
387 | static CURLcode |
388 | set_ssl_version_min_max(int *list, size_t list_size, struct connectdata *conn) |
389 | { |
390 | struct Curl_easy *data = conn->data; |
391 | long ssl_version = SSL_CONN_CONFIG(version); |
392 | long ssl_version_max = SSL_CONN_CONFIG(version_max); |
393 | long i = ssl_version; |
394 | long protocol_priority_idx = 0; |
395 | |
396 | switch(ssl_version_max) { |
397 | case CURL_SSLVERSION_MAX_NONE: |
398 | case CURL_SSLVERSION_MAX_DEFAULT: |
399 | #ifdef HAS_TLS13 |
400 | ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_3; |
401 | #endif |
402 | ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_2; |
403 | break; |
404 | } |
405 | |
406 | for(; i <= (ssl_version_max >> 16) && |
407 | protocol_priority_idx < list_size; ++i) { |
408 | switch(i) { |
409 | case CURL_SSLVERSION_TLSv1_0: |
410 | protocol_priority[protocol_priority_idx++] = GNUTLS_TLS1_0; |
411 | break; |
412 | case CURL_SSLVERSION_TLSv1_1: |
413 | protocol_priority[protocol_priority_idx++] = GNUTLS_TLS1_1; |
414 | break; |
415 | case CURL_SSLVERSION_TLSv1_2: |
416 | protocol_priority[protocol_priority_idx++] = GNUTLS_TLS1_2; |
417 | break; |
418 | case CURL_SSLVERSION_TLSv1_3: |
419 | #ifdef HAS_TLS13 |
420 | protocol_priority[protocol_priority_idx++] = GNUTLS_TLS1_3; |
421 | break; |
422 | #else |
423 | failf(data, "GnuTLS: TLS 1.3 is not yet supported" ); |
424 | return CURLE_SSL_CONNECT_ERROR; |
425 | #endif |
426 | } |
427 | } |
428 | return CURLE_OK; |
429 | } |
430 | #else |
431 | #define GNUTLS_CIPHERS "NORMAL:-ARCFOUR-128:-CTYPE-ALL:+CTYPE-X509" |
432 | /* If GnuTLS was compiled without support for SRP it will error out if SRP is |
433 | requested in the priority string, so treat it specially |
434 | */ |
435 | #define GNUTLS_SRP "+SRP" |
436 | |
437 | static CURLcode |
438 | set_ssl_version_min_max(const char **prioritylist, struct connectdata *conn) |
439 | { |
440 | struct Curl_easy *data = conn->data; |
441 | long ssl_version = SSL_CONN_CONFIG(version); |
442 | long ssl_version_max = SSL_CONN_CONFIG(version_max); |
443 | |
444 | if(ssl_version_max == CURL_SSLVERSION_MAX_NONE) { |
445 | ssl_version_max = CURL_SSLVERSION_MAX_DEFAULT; |
446 | } |
447 | switch(ssl_version | ssl_version_max) { |
448 | case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_0: |
449 | *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" |
450 | "+VERS-TLS1.0:" GNUTLS_SRP; |
451 | return CURLE_OK; |
452 | case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_1: |
453 | *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" |
454 | "+VERS-TLS1.0:+VERS-TLS1.1:" GNUTLS_SRP; |
455 | return CURLE_OK; |
456 | case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_2: |
457 | *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" |
458 | "+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2:" GNUTLS_SRP; |
459 | return CURLE_OK; |
460 | case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_TLSv1_1: |
461 | *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" |
462 | "+VERS-TLS1.1:" GNUTLS_SRP; |
463 | return CURLE_OK; |
464 | case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_TLSv1_2: |
465 | *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" |
466 | "+VERS-TLS1.1:+VERS-TLS1.2:" GNUTLS_SRP; |
467 | return CURLE_OK; |
468 | case CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_TLSv1_2: |
469 | *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" |
470 | "+VERS-TLS1.2:" GNUTLS_SRP; |
471 | return CURLE_OK; |
472 | case CURL_SSLVERSION_TLSv1_3 | CURL_SSLVERSION_MAX_TLSv1_3: |
473 | #ifdef HAS_TLS13 |
474 | *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" |
475 | "+VERS-TLS1.3:" GNUTLS_SRP; |
476 | return CURLE_OK; |
477 | #else |
478 | failf(data, "GnuTLS: TLS 1.3 is not yet supported" ); |
479 | return CURLE_SSL_CONNECT_ERROR; |
480 | #endif |
481 | case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_DEFAULT: |
482 | *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" |
483 | "+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2:" |
484 | #ifdef HAS_TLS13 |
485 | "+VERS-TLS1.3:" |
486 | #endif |
487 | GNUTLS_SRP; |
488 | return CURLE_OK; |
489 | case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_DEFAULT: |
490 | *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" |
491 | "+VERS-TLS1.1:+VERS-TLS1.2:" |
492 | #ifdef HAS_TLS13 |
493 | "+VERS-TLS1.3:" |
494 | #endif |
495 | GNUTLS_SRP; |
496 | return CURLE_OK; |
497 | case CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_DEFAULT: |
498 | *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" |
499 | "+VERS-TLS1.2:" |
500 | #ifdef HAS_TLS13 |
501 | "+VERS-TLS1.3:" |
502 | #endif |
503 | GNUTLS_SRP; |
504 | return CURLE_OK; |
505 | case CURL_SSLVERSION_TLSv1_3 | CURL_SSLVERSION_MAX_DEFAULT: |
506 | *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:" |
507 | "+VERS-TLS1.2:" |
508 | #ifdef HAS_TLS13 |
509 | "+VERS-TLS1.3:" |
510 | #endif |
511 | GNUTLS_SRP; |
512 | return CURLE_OK; |
513 | } |
514 | |
515 | failf(data, "GnuTLS: cannot set ssl protocol" ); |
516 | return CURLE_SSL_CONNECT_ERROR; |
517 | } |
518 | #endif |
519 | |
520 | static CURLcode |
521 | gtls_connect_step1(struct connectdata *conn, |
522 | int sockindex) |
523 | { |
524 | struct Curl_easy *data = conn->data; |
525 | struct ssl_connect_data *connssl = &conn->ssl[sockindex]; |
526 | unsigned int init_flags; |
527 | gnutls_session_t session; |
528 | int rc; |
529 | bool sni = TRUE; /* default is SNI enabled */ |
530 | void *transport_ptr = NULL; |
531 | gnutls_push_func gnutls_transport_push = NULL; |
532 | gnutls_pull_func gnutls_transport_pull = NULL; |
533 | #ifdef ENABLE_IPV6 |
534 | struct in6_addr addr; |
535 | #else |
536 | struct in_addr addr; |
537 | #endif |
538 | #ifndef USE_GNUTLS_PRIORITY_SET_DIRECT |
539 | static const int cipher_priority[] = { |
540 | /* These two ciphers were added to GnuTLS as late as ver. 3.0.1, |
541 | but this code path is only ever used for ver. < 2.12.0. |
542 | GNUTLS_CIPHER_AES_128_GCM, |
543 | GNUTLS_CIPHER_AES_256_GCM, |
544 | */ |
545 | GNUTLS_CIPHER_AES_128_CBC, |
546 | GNUTLS_CIPHER_AES_256_CBC, |
547 | GNUTLS_CIPHER_CAMELLIA_128_CBC, |
548 | GNUTLS_CIPHER_CAMELLIA_256_CBC, |
549 | GNUTLS_CIPHER_3DES_CBC, |
550 | }; |
551 | static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 }; |
552 | int protocol_priority[] = { 0, 0, 0, 0 }; |
553 | #else |
554 | const char *prioritylist; |
555 | const char *err = NULL; |
556 | #endif |
557 | |
558 | const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name : |
559 | conn->host.name; |
560 | |
561 | if(connssl->state == ssl_connection_complete) |
562 | /* to make us tolerant against being called more than once for the |
563 | same connection */ |
564 | return CURLE_OK; |
565 | |
566 | if(!gtls_inited) |
567 | Curl_gtls_init(); |
568 | |
569 | if(SSL_CONN_CONFIG(version) == CURL_SSLVERSION_SSLv2) { |
570 | failf(data, "GnuTLS does not support SSLv2" ); |
571 | return CURLE_SSL_CONNECT_ERROR; |
572 | } |
573 | else if(SSL_CONN_CONFIG(version) == CURL_SSLVERSION_SSLv3) |
574 | sni = FALSE; /* SSLv3 has no SNI */ |
575 | |
576 | /* allocate a cred struct */ |
577 | rc = gnutls_certificate_allocate_credentials(&BACKEND->cred); |
578 | if(rc != GNUTLS_E_SUCCESS) { |
579 | failf(data, "gnutls_cert_all_cred() failed: %s" , gnutls_strerror(rc)); |
580 | return CURLE_SSL_CONNECT_ERROR; |
581 | } |
582 | |
583 | #ifdef USE_TLS_SRP |
584 | if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) { |
585 | infof(data, "Using TLS-SRP username: %s\n" , SSL_SET_OPTION(username)); |
586 | |
587 | rc = gnutls_srp_allocate_client_credentials( |
588 | &BACKEND->srp_client_cred); |
589 | if(rc != GNUTLS_E_SUCCESS) { |
590 | failf(data, "gnutls_srp_allocate_client_cred() failed: %s" , |
591 | gnutls_strerror(rc)); |
592 | return CURLE_OUT_OF_MEMORY; |
593 | } |
594 | |
595 | rc = gnutls_srp_set_client_credentials(BACKEND->srp_client_cred, |
596 | SSL_SET_OPTION(username), |
597 | SSL_SET_OPTION(password)); |
598 | if(rc != GNUTLS_E_SUCCESS) { |
599 | failf(data, "gnutls_srp_set_client_cred() failed: %s" , |
600 | gnutls_strerror(rc)); |
601 | return CURLE_BAD_FUNCTION_ARGUMENT; |
602 | } |
603 | } |
604 | #endif |
605 | |
606 | if(SSL_CONN_CONFIG(CAfile)) { |
607 | /* set the trusted CA cert bundle file */ |
608 | gnutls_certificate_set_verify_flags(BACKEND->cred, |
609 | GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); |
610 | |
611 | rc = gnutls_certificate_set_x509_trust_file(BACKEND->cred, |
612 | SSL_CONN_CONFIG(CAfile), |
613 | GNUTLS_X509_FMT_PEM); |
614 | if(rc < 0) { |
615 | infof(data, "error reading ca cert file %s (%s)\n" , |
616 | SSL_CONN_CONFIG(CAfile), gnutls_strerror(rc)); |
617 | if(SSL_CONN_CONFIG(verifypeer)) |
618 | return CURLE_SSL_CACERT_BADFILE; |
619 | } |
620 | else |
621 | infof(data, "found %d certificates in %s\n" , rc, |
622 | SSL_CONN_CONFIG(CAfile)); |
623 | } |
624 | |
625 | #ifdef HAS_CAPATH |
626 | if(SSL_CONN_CONFIG(CApath)) { |
627 | /* set the trusted CA cert directory */ |
628 | rc = gnutls_certificate_set_x509_trust_dir(BACKEND->cred, |
629 | SSL_CONN_CONFIG(CApath), |
630 | GNUTLS_X509_FMT_PEM); |
631 | if(rc < 0) { |
632 | infof(data, "error reading ca cert file %s (%s)\n" , |
633 | SSL_CONN_CONFIG(CApath), gnutls_strerror(rc)); |
634 | if(SSL_CONN_CONFIG(verifypeer)) |
635 | return CURLE_SSL_CACERT_BADFILE; |
636 | } |
637 | else |
638 | infof(data, "found %d certificates in %s\n" , |
639 | rc, SSL_CONN_CONFIG(CApath)); |
640 | } |
641 | #endif |
642 | |
643 | #ifdef CURL_CA_FALLBACK |
644 | /* use system ca certificate store as fallback */ |
645 | if(SSL_CONN_CONFIG(verifypeer) && |
646 | !(SSL_CONN_CONFIG(CAfile) || SSL_CONN_CONFIG(CApath))) { |
647 | gnutls_certificate_set_x509_system_trust(BACKEND->cred); |
648 | } |
649 | #endif |
650 | |
651 | if(SSL_SET_OPTION(CRLfile)) { |
652 | /* set the CRL list file */ |
653 | rc = gnutls_certificate_set_x509_crl_file(BACKEND->cred, |
654 | SSL_SET_OPTION(CRLfile), |
655 | GNUTLS_X509_FMT_PEM); |
656 | if(rc < 0) { |
657 | failf(data, "error reading crl file %s (%s)" , |
658 | SSL_SET_OPTION(CRLfile), gnutls_strerror(rc)); |
659 | return CURLE_SSL_CRL_BADFILE; |
660 | } |
661 | else |
662 | infof(data, "found %d CRL in %s\n" , |
663 | rc, SSL_SET_OPTION(CRLfile)); |
664 | } |
665 | |
666 | /* Initialize TLS session as a client */ |
667 | init_flags = GNUTLS_CLIENT; |
668 | |
669 | #if defined(GNUTLS_NO_TICKETS) |
670 | /* Disable TLS session tickets */ |
671 | init_flags |= GNUTLS_NO_TICKETS; |
672 | #endif |
673 | |
674 | rc = gnutls_init(&BACKEND->session, init_flags); |
675 | if(rc != GNUTLS_E_SUCCESS) { |
676 | failf(data, "gnutls_init() failed: %d" , rc); |
677 | return CURLE_SSL_CONNECT_ERROR; |
678 | } |
679 | |
680 | /* convenient assign */ |
681 | session = BACKEND->session; |
682 | |
683 | if((0 == Curl_inet_pton(AF_INET, hostname, &addr)) && |
684 | #ifdef ENABLE_IPV6 |
685 | (0 == Curl_inet_pton(AF_INET6, hostname, &addr)) && |
686 | #endif |
687 | sni && |
688 | (gnutls_server_name_set(session, GNUTLS_NAME_DNS, hostname, |
689 | strlen(hostname)) < 0)) |
690 | infof(data, "WARNING: failed to configure server name indication (SNI) " |
691 | "TLS extension\n" ); |
692 | |
693 | /* Use default priorities */ |
694 | rc = gnutls_set_default_priority(session); |
695 | if(rc != GNUTLS_E_SUCCESS) |
696 | return CURLE_SSL_CONNECT_ERROR; |
697 | |
698 | #ifndef USE_GNUTLS_PRIORITY_SET_DIRECT |
699 | rc = gnutls_cipher_set_priority(session, cipher_priority); |
700 | if(rc != GNUTLS_E_SUCCESS) |
701 | return CURLE_SSL_CONNECT_ERROR; |
702 | |
703 | /* Sets the priority on the certificate types supported by gnutls. Priority |
704 | is higher for types specified before others. After specifying the types |
705 | you want, you must append a 0. */ |
706 | rc = gnutls_certificate_type_set_priority(session, cert_type_priority); |
707 | if(rc != GNUTLS_E_SUCCESS) |
708 | return CURLE_SSL_CONNECT_ERROR; |
709 | |
710 | if(SSL_CONN_CONFIG(cipher_list) != NULL) { |
711 | failf(data, "can't pass a custom cipher list to older GnuTLS" |
712 | " versions" ); |
713 | return CURLE_SSL_CONNECT_ERROR; |
714 | } |
715 | |
716 | switch(SSL_CONN_CONFIG(version)) { |
717 | case CURL_SSLVERSION_SSLv3: |
718 | protocol_priority[0] = GNUTLS_SSL3; |
719 | break; |
720 | case CURL_SSLVERSION_DEFAULT: |
721 | case CURL_SSLVERSION_TLSv1: |
722 | protocol_priority[0] = GNUTLS_TLS1_0; |
723 | protocol_priority[1] = GNUTLS_TLS1_1; |
724 | protocol_priority[2] = GNUTLS_TLS1_2; |
725 | #ifdef HAS_TLS13 |
726 | protocol_priority[3] = GNUTLS_TLS1_3; |
727 | #endif |
728 | break; |
729 | case CURL_SSLVERSION_TLSv1_0: |
730 | case CURL_SSLVERSION_TLSv1_1: |
731 | case CURL_SSLVERSION_TLSv1_2: |
732 | case CURL_SSLVERSION_TLSv1_3: |
733 | { |
734 | CURLcode result = set_ssl_version_min_max(protocol_priority, |
735 | sizeof(protocol_priority)/sizeof(protocol_priority[0]), conn); |
736 | if(result != CURLE_OK) |
737 | return result; |
738 | break; |
739 | } |
740 | case CURL_SSLVERSION_SSLv2: |
741 | failf(data, "GnuTLS does not support SSLv2" ); |
742 | return CURLE_SSL_CONNECT_ERROR; |
743 | default: |
744 | failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION" ); |
745 | return CURLE_SSL_CONNECT_ERROR; |
746 | } |
747 | rc = gnutls_protocol_set_priority(session, protocol_priority); |
748 | if(rc != GNUTLS_E_SUCCESS) { |
749 | failf(data, "Did you pass a valid GnuTLS cipher list?" ); |
750 | return CURLE_SSL_CONNECT_ERROR; |
751 | } |
752 | |
753 | #else |
754 | /* Ensure +SRP comes at the *end* of all relevant strings so that it can be |
755 | * removed if a run-time error indicates that SRP is not supported by this |
756 | * GnuTLS version */ |
757 | switch(SSL_CONN_CONFIG(version)) { |
758 | case CURL_SSLVERSION_SSLv3: |
759 | prioritylist = GNUTLS_CIPHERS ":-VERS-TLS-ALL:+VERS-SSL3.0" ; |
760 | break; |
761 | case CURL_SSLVERSION_DEFAULT: |
762 | case CURL_SSLVERSION_TLSv1: |
763 | prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:" |
764 | #ifdef HAS_TLS13 |
765 | "+VERS-TLS1.3:" |
766 | #endif |
767 | GNUTLS_SRP; |
768 | break; |
769 | case CURL_SSLVERSION_TLSv1_0: |
770 | case CURL_SSLVERSION_TLSv1_1: |
771 | case CURL_SSLVERSION_TLSv1_2: |
772 | case CURL_SSLVERSION_TLSv1_3: |
773 | { |
774 | CURLcode result = set_ssl_version_min_max(&prioritylist, conn); |
775 | if(result != CURLE_OK) |
776 | return result; |
777 | break; |
778 | } |
779 | case CURL_SSLVERSION_SSLv2: |
780 | failf(data, "GnuTLS does not support SSLv2" ); |
781 | return CURLE_SSL_CONNECT_ERROR; |
782 | default: |
783 | failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION" ); |
784 | return CURLE_SSL_CONNECT_ERROR; |
785 | } |
786 | rc = gnutls_priority_set_direct(session, prioritylist, &err); |
787 | if((rc == GNUTLS_E_INVALID_REQUEST) && err) { |
788 | if(!strcmp(err, GNUTLS_SRP)) { |
789 | /* This GnuTLS was probably compiled without support for SRP. |
790 | * Note that fact and try again without it. */ |
791 | int validprioritylen = curlx_uztosi(err - prioritylist); |
792 | char *prioritycopy = strdup(prioritylist); |
793 | if(!prioritycopy) |
794 | return CURLE_OUT_OF_MEMORY; |
795 | |
796 | infof(data, "This GnuTLS does not support SRP\n" ); |
797 | if(validprioritylen) |
798 | /* Remove the :+SRP */ |
799 | prioritycopy[validprioritylen - 1] = 0; |
800 | rc = gnutls_priority_set_direct(session, prioritycopy, &err); |
801 | free(prioritycopy); |
802 | } |
803 | } |
804 | if(rc != GNUTLS_E_SUCCESS) { |
805 | failf(data, "Error %d setting GnuTLS cipher list starting with %s" , |
806 | rc, err); |
807 | return CURLE_SSL_CONNECT_ERROR; |
808 | } |
809 | #endif |
810 | |
811 | #ifdef HAS_ALPN |
812 | if(conn->bits.tls_enable_alpn) { |
813 | int cur = 0; |
814 | gnutls_datum_t protocols[2]; |
815 | |
816 | #ifdef USE_NGHTTP2 |
817 | if(data->set.httpversion >= CURL_HTTP_VERSION_2 && |
818 | (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) { |
819 | protocols[cur].data = (unsigned char *)NGHTTP2_PROTO_VERSION_ID; |
820 | protocols[cur].size = NGHTTP2_PROTO_VERSION_ID_LEN; |
821 | cur++; |
822 | infof(data, "ALPN, offering %s\n" , NGHTTP2_PROTO_VERSION_ID); |
823 | } |
824 | #endif |
825 | |
826 | protocols[cur].data = (unsigned char *)ALPN_HTTP_1_1; |
827 | protocols[cur].size = ALPN_HTTP_1_1_LENGTH; |
828 | cur++; |
829 | infof(data, "ALPN, offering %s\n" , ALPN_HTTP_1_1); |
830 | |
831 | gnutls_alpn_set_protocols(session, protocols, cur, 0); |
832 | } |
833 | #endif |
834 | |
835 | if(SSL_SET_OPTION(cert)) { |
836 | if(SSL_SET_OPTION(key_passwd)) { |
837 | #if HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 |
838 | const unsigned int supported_key_encryption_algorithms = |
839 | GNUTLS_PKCS_USE_PKCS12_3DES | GNUTLS_PKCS_USE_PKCS12_ARCFOUR | |
840 | GNUTLS_PKCS_USE_PKCS12_RC2_40 | GNUTLS_PKCS_USE_PBES2_3DES | |
841 | GNUTLS_PKCS_USE_PBES2_AES_128 | GNUTLS_PKCS_USE_PBES2_AES_192 | |
842 | GNUTLS_PKCS_USE_PBES2_AES_256; |
843 | rc = gnutls_certificate_set_x509_key_file2( |
844 | BACKEND->cred, |
845 | SSL_SET_OPTION(cert), |
846 | SSL_SET_OPTION(key) ? |
847 | SSL_SET_OPTION(key) : SSL_SET_OPTION(cert), |
848 | do_file_type(SSL_SET_OPTION(cert_type)), |
849 | SSL_SET_OPTION(key_passwd), |
850 | supported_key_encryption_algorithms); |
851 | if(rc != GNUTLS_E_SUCCESS) { |
852 | failf(data, |
853 | "error reading X.509 potentially-encrypted key file: %s" , |
854 | gnutls_strerror(rc)); |
855 | return CURLE_SSL_CONNECT_ERROR; |
856 | } |
857 | #else |
858 | failf(data, "gnutls lacks support for encrypted key files" ); |
859 | return CURLE_SSL_CONNECT_ERROR; |
860 | #endif |
861 | } |
862 | else { |
863 | if(gnutls_certificate_set_x509_key_file( |
864 | BACKEND->cred, |
865 | SSL_SET_OPTION(cert), |
866 | SSL_SET_OPTION(key) ? |
867 | SSL_SET_OPTION(key) : SSL_SET_OPTION(cert), |
868 | do_file_type(SSL_SET_OPTION(cert_type)) ) != |
869 | GNUTLS_E_SUCCESS) { |
870 | failf(data, "error reading X.509 key or certificate file" ); |
871 | return CURLE_SSL_CONNECT_ERROR; |
872 | } |
873 | } |
874 | } |
875 | |
876 | #ifdef USE_TLS_SRP |
877 | /* put the credentials to the current session */ |
878 | if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) { |
879 | rc = gnutls_credentials_set(session, GNUTLS_CRD_SRP, |
880 | BACKEND->srp_client_cred); |
881 | if(rc != GNUTLS_E_SUCCESS) { |
882 | failf(data, "gnutls_credentials_set() failed: %s" , gnutls_strerror(rc)); |
883 | return CURLE_SSL_CONNECT_ERROR; |
884 | } |
885 | } |
886 | else |
887 | #endif |
888 | { |
889 | rc = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, |
890 | BACKEND->cred); |
891 | if(rc != GNUTLS_E_SUCCESS) { |
892 | failf(data, "gnutls_credentials_set() failed: %s" , gnutls_strerror(rc)); |
893 | return CURLE_SSL_CONNECT_ERROR; |
894 | } |
895 | } |
896 | |
897 | if(conn->proxy_ssl[sockindex].use) { |
898 | transport_ptr = conn->proxy_ssl[sockindex].backend->session; |
899 | gnutls_transport_push = Curl_gtls_push_ssl; |
900 | gnutls_transport_pull = Curl_gtls_pull_ssl; |
901 | } |
902 | else { |
903 | /* file descriptor for the socket */ |
904 | transport_ptr = &conn->sock[sockindex]; |
905 | gnutls_transport_push = Curl_gtls_push; |
906 | gnutls_transport_pull = Curl_gtls_pull; |
907 | } |
908 | |
909 | /* set the connection handle */ |
910 | gnutls_transport_set_ptr(session, transport_ptr); |
911 | |
912 | /* register callback functions to send and receive data. */ |
913 | gnutls_transport_set_push_function(session, gnutls_transport_push); |
914 | gnutls_transport_set_pull_function(session, gnutls_transport_pull); |
915 | |
916 | /* lowat must be set to zero when using custom push and pull functions. */ |
917 | gnutls_transport_set_lowat(session, 0); |
918 | |
919 | #ifdef HAS_OCSP |
920 | if(SSL_CONN_CONFIG(verifystatus)) { |
921 | rc = gnutls_ocsp_status_request_enable_client(session, NULL, 0, NULL); |
922 | if(rc != GNUTLS_E_SUCCESS) { |
923 | failf(data, "gnutls_ocsp_status_request_enable_client() failed: %d" , rc); |
924 | return CURLE_SSL_CONNECT_ERROR; |
925 | } |
926 | } |
927 | #endif |
928 | |
929 | /* This might be a reconnect, so we check for a session ID in the cache |
930 | to speed up things */ |
931 | if(SSL_SET_OPTION(primary.sessionid)) { |
932 | void *ssl_sessionid; |
933 | size_t ssl_idsize; |
934 | |
935 | Curl_ssl_sessionid_lock(conn); |
936 | if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, &ssl_idsize, sockindex)) { |
937 | /* we got a session id, use it! */ |
938 | gnutls_session_set_data(session, ssl_sessionid, ssl_idsize); |
939 | |
940 | /* Informational message */ |
941 | infof(data, "SSL re-using session ID\n" ); |
942 | } |
943 | Curl_ssl_sessionid_unlock(conn); |
944 | } |
945 | |
946 | return CURLE_OK; |
947 | } |
948 | |
949 | static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, |
950 | gnutls_x509_crt_t cert, |
951 | const char *pinnedpubkey) |
952 | { |
953 | /* Scratch */ |
954 | size_t len1 = 0, len2 = 0; |
955 | unsigned char *buff1 = NULL; |
956 | |
957 | gnutls_pubkey_t key = NULL; |
958 | |
959 | /* Result is returned to caller */ |
960 | CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH; |
961 | |
962 | /* if a path wasn't specified, don't pin */ |
963 | if(NULL == pinnedpubkey) |
964 | return CURLE_OK; |
965 | |
966 | if(NULL == cert) |
967 | return result; |
968 | |
969 | do { |
970 | int ret; |
971 | |
972 | /* Begin Gyrations to get the public key */ |
973 | gnutls_pubkey_init(&key); |
974 | |
975 | ret = gnutls_pubkey_import_x509(key, cert, 0); |
976 | if(ret < 0) |
977 | break; /* failed */ |
978 | |
979 | ret = gnutls_pubkey_export(key, GNUTLS_X509_FMT_DER, NULL, &len1); |
980 | if(ret != GNUTLS_E_SHORT_MEMORY_BUFFER || len1 == 0) |
981 | break; /* failed */ |
982 | |
983 | buff1 = malloc(len1); |
984 | if(NULL == buff1) |
985 | break; /* failed */ |
986 | |
987 | len2 = len1; |
988 | |
989 | ret = gnutls_pubkey_export(key, GNUTLS_X509_FMT_DER, buff1, &len2); |
990 | if(ret < 0 || len1 != len2) |
991 | break; /* failed */ |
992 | |
993 | /* End Gyrations */ |
994 | |
995 | /* The one good exit point */ |
996 | result = Curl_pin_peer_pubkey(data, pinnedpubkey, buff1, len1); |
997 | } while(0); |
998 | |
999 | if(NULL != key) |
1000 | gnutls_pubkey_deinit(key); |
1001 | |
1002 | Curl_safefree(buff1); |
1003 | |
1004 | return result; |
1005 | } |
1006 | |
1007 | static Curl_recv gtls_recv; |
1008 | static Curl_send gtls_send; |
1009 | |
1010 | static CURLcode |
1011 | gtls_connect_step3(struct connectdata *conn, |
1012 | int sockindex) |
1013 | { |
1014 | unsigned int cert_list_size; |
1015 | const gnutls_datum_t *chainp; |
1016 | unsigned int verify_status = 0; |
1017 | gnutls_x509_crt_t x509_cert, x509_issuer; |
1018 | gnutls_datum_t issuerp; |
1019 | char certbuf[256] = "" ; /* big enough? */ |
1020 | size_t size; |
1021 | time_t certclock; |
1022 | const char *ptr; |
1023 | struct Curl_easy *data = conn->data; |
1024 | struct ssl_connect_data *connssl = &conn->ssl[sockindex]; |
1025 | gnutls_session_t session = BACKEND->session; |
1026 | int rc; |
1027 | #ifdef HAS_ALPN |
1028 | gnutls_datum_t proto; |
1029 | #endif |
1030 | CURLcode result = CURLE_OK; |
1031 | #ifndef CURL_DISABLE_VERBOSE_STRINGS |
1032 | unsigned int algo; |
1033 | unsigned int bits; |
1034 | gnutls_protocol_t version = gnutls_protocol_get_version(session); |
1035 | #endif |
1036 | const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name : |
1037 | conn->host.name; |
1038 | |
1039 | /* the name of the cipher suite used, e.g. ECDHE_RSA_AES_256_GCM_SHA384. */ |
1040 | ptr = gnutls_cipher_suite_get_name(gnutls_kx_get(session), |
1041 | gnutls_cipher_get(session), |
1042 | gnutls_mac_get(session)); |
1043 | |
1044 | infof(data, "SSL connection using %s / %s\n" , |
1045 | gnutls_protocol_get_name(version), ptr); |
1046 | |
1047 | /* This function will return the peer's raw certificate (chain) as sent by |
1048 | the peer. These certificates are in raw format (DER encoded for |
1049 | X.509). In case of a X.509 then a certificate list may be present. The |
1050 | first certificate in the list is the peer's certificate, following the |
1051 | issuer's certificate, then the issuer's issuer etc. */ |
1052 | |
1053 | chainp = gnutls_certificate_get_peers(session, &cert_list_size); |
1054 | if(!chainp) { |
1055 | if(SSL_CONN_CONFIG(verifypeer) || |
1056 | SSL_CONN_CONFIG(verifyhost) || |
1057 | SSL_SET_OPTION(issuercert)) { |
1058 | #ifdef USE_TLS_SRP |
1059 | if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP |
1060 | && SSL_SET_OPTION(username) != NULL |
1061 | && !SSL_CONN_CONFIG(verifypeer) |
1062 | && gnutls_cipher_get(session)) { |
1063 | /* no peer cert, but auth is ok if we have SRP user and cipher and no |
1064 | peer verify */ |
1065 | } |
1066 | else { |
1067 | #endif |
1068 | failf(data, "failed to get server cert" ); |
1069 | return CURLE_PEER_FAILED_VERIFICATION; |
1070 | #ifdef USE_TLS_SRP |
1071 | } |
1072 | #endif |
1073 | } |
1074 | infof(data, "\t common name: WARNING couldn't obtain\n" ); |
1075 | } |
1076 | |
1077 | if(data->set.ssl.certinfo && chainp) { |
1078 | unsigned int i; |
1079 | |
1080 | result = Curl_ssl_init_certinfo(data, cert_list_size); |
1081 | if(result) |
1082 | return result; |
1083 | |
1084 | for(i = 0; i < cert_list_size; i++) { |
1085 | const char *beg = (const char *) chainp[i].data; |
1086 | const char *end = beg + chainp[i].size; |
1087 | |
1088 | result = Curl_extract_certinfo(conn, i, beg, end); |
1089 | if(result) |
1090 | return result; |
1091 | } |
1092 | } |
1093 | |
1094 | if(SSL_CONN_CONFIG(verifypeer)) { |
1095 | /* This function will try to verify the peer's certificate and return its |
1096 | status (trusted, invalid etc.). The value of status should be one or |
1097 | more of the gnutls_certificate_status_t enumerated elements bitwise |
1098 | or'd. To avoid denial of service attacks some default upper limits |
1099 | regarding the certificate key size and chain size are set. To override |
1100 | them use gnutls_certificate_set_verify_limits(). */ |
1101 | |
1102 | rc = gnutls_certificate_verify_peers2(session, &verify_status); |
1103 | if(rc < 0) { |
1104 | failf(data, "server cert verify failed: %d" , rc); |
1105 | return CURLE_SSL_CONNECT_ERROR; |
1106 | } |
1107 | |
1108 | /* verify_status is a bitmask of gnutls_certificate_status bits */ |
1109 | if(verify_status & GNUTLS_CERT_INVALID) { |
1110 | if(SSL_CONN_CONFIG(verifypeer)) { |
1111 | failf(data, "server certificate verification failed. CAfile: %s " |
1112 | "CRLfile: %s" , SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile): |
1113 | "none" , |
1114 | SSL_SET_OPTION(CRLfile)?SSL_SET_OPTION(CRLfile):"none" ); |
1115 | return CURLE_PEER_FAILED_VERIFICATION; |
1116 | } |
1117 | else |
1118 | infof(data, "\t server certificate verification FAILED\n" ); |
1119 | } |
1120 | else |
1121 | infof(data, "\t server certificate verification OK\n" ); |
1122 | } |
1123 | else |
1124 | infof(data, "\t server certificate verification SKIPPED\n" ); |
1125 | |
1126 | #ifdef HAS_OCSP |
1127 | if(SSL_CONN_CONFIG(verifystatus)) { |
1128 | if(gnutls_ocsp_status_request_is_checked(session, 0) == 0) { |
1129 | gnutls_datum_t status_request; |
1130 | gnutls_ocsp_resp_t ocsp_resp; |
1131 | |
1132 | gnutls_ocsp_cert_status_t status; |
1133 | gnutls_x509_crl_reason_t reason; |
1134 | |
1135 | rc = gnutls_ocsp_status_request_get(session, &status_request); |
1136 | |
1137 | infof(data, "\t server certificate status verification FAILED\n" ); |
1138 | |
1139 | if(rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { |
1140 | failf(data, "No OCSP response received" ); |
1141 | return CURLE_SSL_INVALIDCERTSTATUS; |
1142 | } |
1143 | |
1144 | if(rc < 0) { |
1145 | failf(data, "Invalid OCSP response received" ); |
1146 | return CURLE_SSL_INVALIDCERTSTATUS; |
1147 | } |
1148 | |
1149 | gnutls_ocsp_resp_init(&ocsp_resp); |
1150 | |
1151 | rc = gnutls_ocsp_resp_import(ocsp_resp, &status_request); |
1152 | if(rc < 0) { |
1153 | failf(data, "Invalid OCSP response received" ); |
1154 | return CURLE_SSL_INVALIDCERTSTATUS; |
1155 | } |
1156 | |
1157 | (void)gnutls_ocsp_resp_get_single(ocsp_resp, 0, NULL, NULL, NULL, NULL, |
1158 | &status, NULL, NULL, NULL, &reason); |
1159 | |
1160 | switch(status) { |
1161 | case GNUTLS_OCSP_CERT_GOOD: |
1162 | break; |
1163 | |
1164 | case GNUTLS_OCSP_CERT_REVOKED: { |
1165 | const char *crl_reason; |
1166 | |
1167 | switch(reason) { |
1168 | default: |
1169 | case GNUTLS_X509_CRLREASON_UNSPECIFIED: |
1170 | crl_reason = "unspecified reason" ; |
1171 | break; |
1172 | |
1173 | case GNUTLS_X509_CRLREASON_KEYCOMPROMISE: |
1174 | crl_reason = "private key compromised" ; |
1175 | break; |
1176 | |
1177 | case GNUTLS_X509_CRLREASON_CACOMPROMISE: |
1178 | crl_reason = "CA compromised" ; |
1179 | break; |
1180 | |
1181 | case GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED: |
1182 | crl_reason = "affiliation has changed" ; |
1183 | break; |
1184 | |
1185 | case GNUTLS_X509_CRLREASON_SUPERSEDED: |
1186 | crl_reason = "certificate superseded" ; |
1187 | break; |
1188 | |
1189 | case GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION: |
1190 | crl_reason = "operation has ceased" ; |
1191 | break; |
1192 | |
1193 | case GNUTLS_X509_CRLREASON_CERTIFICATEHOLD: |
1194 | crl_reason = "certificate is on hold" ; |
1195 | break; |
1196 | |
1197 | case GNUTLS_X509_CRLREASON_REMOVEFROMCRL: |
1198 | crl_reason = "will be removed from delta CRL" ; |
1199 | break; |
1200 | |
1201 | case GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN: |
1202 | crl_reason = "privilege withdrawn" ; |
1203 | break; |
1204 | |
1205 | case GNUTLS_X509_CRLREASON_AACOMPROMISE: |
1206 | crl_reason = "AA compromised" ; |
1207 | break; |
1208 | } |
1209 | |
1210 | failf(data, "Server certificate was revoked: %s" , crl_reason); |
1211 | break; |
1212 | } |
1213 | |
1214 | default: |
1215 | case GNUTLS_OCSP_CERT_UNKNOWN: |
1216 | failf(data, "Server certificate status is unknown" ); |
1217 | break; |
1218 | } |
1219 | |
1220 | gnutls_ocsp_resp_deinit(ocsp_resp); |
1221 | |
1222 | return CURLE_SSL_INVALIDCERTSTATUS; |
1223 | } |
1224 | else |
1225 | infof(data, "\t server certificate status verification OK\n" ); |
1226 | } |
1227 | else |
1228 | infof(data, "\t server certificate status verification SKIPPED\n" ); |
1229 | #endif |
1230 | |
1231 | /* initialize an X.509 certificate structure. */ |
1232 | gnutls_x509_crt_init(&x509_cert); |
1233 | |
1234 | if(chainp) |
1235 | /* convert the given DER or PEM encoded Certificate to the native |
1236 | gnutls_x509_crt_t format */ |
1237 | gnutls_x509_crt_import(x509_cert, chainp, GNUTLS_X509_FMT_DER); |
1238 | |
1239 | if(SSL_SET_OPTION(issuercert)) { |
1240 | gnutls_x509_crt_init(&x509_issuer); |
1241 | issuerp = load_file(SSL_SET_OPTION(issuercert)); |
1242 | gnutls_x509_crt_import(x509_issuer, &issuerp, GNUTLS_X509_FMT_PEM); |
1243 | rc = gnutls_x509_crt_check_issuer(x509_cert, x509_issuer); |
1244 | gnutls_x509_crt_deinit(x509_issuer); |
1245 | unload_file(issuerp); |
1246 | if(rc <= 0) { |
1247 | failf(data, "server certificate issuer check failed (IssuerCert: %s)" , |
1248 | SSL_SET_OPTION(issuercert)?SSL_SET_OPTION(issuercert):"none" ); |
1249 | gnutls_x509_crt_deinit(x509_cert); |
1250 | return CURLE_SSL_ISSUER_ERROR; |
1251 | } |
1252 | infof(data, "\t server certificate issuer check OK (Issuer Cert: %s)\n" , |
1253 | SSL_SET_OPTION(issuercert)?SSL_SET_OPTION(issuercert):"none" ); |
1254 | } |
1255 | |
1256 | size = sizeof(certbuf); |
1257 | rc = gnutls_x509_crt_get_dn_by_oid(x509_cert, GNUTLS_OID_X520_COMMON_NAME, |
1258 | 0, /* the first and only one */ |
1259 | FALSE, |
1260 | certbuf, |
1261 | &size); |
1262 | if(rc) { |
1263 | infof(data, "error fetching CN from cert:%s\n" , |
1264 | gnutls_strerror(rc)); |
1265 | } |
1266 | |
1267 | /* This function will check if the given certificate's subject matches the |
1268 | given hostname. This is a basic implementation of the matching described |
1269 | in RFC2818 (HTTPS), which takes into account wildcards, and the subject |
1270 | alternative name PKIX extension. Returns non zero on success, and zero on |
1271 | failure. */ |
1272 | rc = gnutls_x509_crt_check_hostname(x509_cert, hostname); |
1273 | #if GNUTLS_VERSION_NUMBER < 0x030306 |
1274 | /* Before 3.3.6, gnutls_x509_crt_check_hostname() didn't check IP |
1275 | addresses. */ |
1276 | if(!rc) { |
1277 | #ifdef ENABLE_IPV6 |
1278 | #define use_addr in6_addr |
1279 | #else |
1280 | #define use_addr in_addr |
1281 | #endif |
1282 | unsigned char addrbuf[sizeof(struct use_addr)]; |
1283 | size_t addrlen = 0; |
1284 | |
1285 | if(Curl_inet_pton(AF_INET, hostname, addrbuf) > 0) |
1286 | addrlen = 4; |
1287 | #ifdef ENABLE_IPV6 |
1288 | else if(Curl_inet_pton(AF_INET6, hostname, addrbuf) > 0) |
1289 | addrlen = 16; |
1290 | #endif |
1291 | |
1292 | if(addrlen) { |
1293 | unsigned char certaddr[sizeof(struct use_addr)]; |
1294 | int i; |
1295 | |
1296 | for(i = 0; ; i++) { |
1297 | size_t certaddrlen = sizeof(certaddr); |
1298 | int ret = gnutls_x509_crt_get_subject_alt_name(x509_cert, i, certaddr, |
1299 | &certaddrlen, NULL); |
1300 | /* If this happens, it wasn't an IP address. */ |
1301 | if(ret == GNUTLS_E_SHORT_MEMORY_BUFFER) |
1302 | continue; |
1303 | if(ret < 0) |
1304 | break; |
1305 | if(ret != GNUTLS_SAN_IPADDRESS) |
1306 | continue; |
1307 | if(certaddrlen == addrlen && !memcmp(addrbuf, certaddr, addrlen)) { |
1308 | rc = 1; |
1309 | break; |
1310 | } |
1311 | } |
1312 | } |
1313 | } |
1314 | #endif |
1315 | if(!rc) { |
1316 | const char * const dispname = SSL_IS_PROXY() ? |
1317 | conn->http_proxy.host.dispname : conn->host.dispname; |
1318 | |
1319 | if(SSL_CONN_CONFIG(verifyhost)) { |
1320 | failf(data, "SSL: certificate subject name (%s) does not match " |
1321 | "target host name '%s'" , certbuf, dispname); |
1322 | gnutls_x509_crt_deinit(x509_cert); |
1323 | return CURLE_PEER_FAILED_VERIFICATION; |
1324 | } |
1325 | else |
1326 | infof(data, "\t common name: %s (does not match '%s')\n" , |
1327 | certbuf, dispname); |
1328 | } |
1329 | else |
1330 | infof(data, "\t common name: %s (matched)\n" , certbuf); |
1331 | |
1332 | /* Check for time-based validity */ |
1333 | certclock = gnutls_x509_crt_get_expiration_time(x509_cert); |
1334 | |
1335 | if(certclock == (time_t)-1) { |
1336 | if(SSL_CONN_CONFIG(verifypeer)) { |
1337 | failf(data, "server cert expiration date verify failed" ); |
1338 | gnutls_x509_crt_deinit(x509_cert); |
1339 | return CURLE_SSL_CONNECT_ERROR; |
1340 | } |
1341 | else |
1342 | infof(data, "\t server certificate expiration date verify FAILED\n" ); |
1343 | } |
1344 | else { |
1345 | if(certclock < time(NULL)) { |
1346 | if(SSL_CONN_CONFIG(verifypeer)) { |
1347 | failf(data, "server certificate expiration date has passed." ); |
1348 | gnutls_x509_crt_deinit(x509_cert); |
1349 | return CURLE_PEER_FAILED_VERIFICATION; |
1350 | } |
1351 | else |
1352 | infof(data, "\t server certificate expiration date FAILED\n" ); |
1353 | } |
1354 | else |
1355 | infof(data, "\t server certificate expiration date OK\n" ); |
1356 | } |
1357 | |
1358 | certclock = gnutls_x509_crt_get_activation_time(x509_cert); |
1359 | |
1360 | if(certclock == (time_t)-1) { |
1361 | if(SSL_CONN_CONFIG(verifypeer)) { |
1362 | failf(data, "server cert activation date verify failed" ); |
1363 | gnutls_x509_crt_deinit(x509_cert); |
1364 | return CURLE_SSL_CONNECT_ERROR; |
1365 | } |
1366 | else |
1367 | infof(data, "\t server certificate activation date verify FAILED\n" ); |
1368 | } |
1369 | else { |
1370 | if(certclock > time(NULL)) { |
1371 | if(SSL_CONN_CONFIG(verifypeer)) { |
1372 | failf(data, "server certificate not activated yet." ); |
1373 | gnutls_x509_crt_deinit(x509_cert); |
1374 | return CURLE_PEER_FAILED_VERIFICATION; |
1375 | } |
1376 | else |
1377 | infof(data, "\t server certificate activation date FAILED\n" ); |
1378 | } |
1379 | else |
1380 | infof(data, "\t server certificate activation date OK\n" ); |
1381 | } |
1382 | |
1383 | ptr = SSL_IS_PROXY() ? data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] : |
1384 | data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG]; |
1385 | if(ptr) { |
1386 | result = pkp_pin_peer_pubkey(data, x509_cert, ptr); |
1387 | if(result != CURLE_OK) { |
1388 | failf(data, "SSL: public key does not match pinned public key!" ); |
1389 | gnutls_x509_crt_deinit(x509_cert); |
1390 | return result; |
1391 | } |
1392 | } |
1393 | |
1394 | /* Show: |
1395 | |
1396 | - subject |
1397 | - start date |
1398 | - expire date |
1399 | - common name |
1400 | - issuer |
1401 | |
1402 | */ |
1403 | |
1404 | #ifndef CURL_DISABLE_VERBOSE_STRINGS |
1405 | /* public key algorithm's parameters */ |
1406 | algo = gnutls_x509_crt_get_pk_algorithm(x509_cert, &bits); |
1407 | infof(data, "\t certificate public key: %s\n" , |
1408 | gnutls_pk_algorithm_get_name(algo)); |
1409 | |
1410 | /* version of the X.509 certificate. */ |
1411 | infof(data, "\t certificate version: #%d\n" , |
1412 | gnutls_x509_crt_get_version(x509_cert)); |
1413 | |
1414 | |
1415 | size = sizeof(certbuf); |
1416 | gnutls_x509_crt_get_dn(x509_cert, certbuf, &size); |
1417 | infof(data, "\t subject: %s\n" , certbuf); |
1418 | |
1419 | certclock = gnutls_x509_crt_get_activation_time(x509_cert); |
1420 | showtime(data, "start date" , certclock); |
1421 | |
1422 | certclock = gnutls_x509_crt_get_expiration_time(x509_cert); |
1423 | showtime(data, "expire date" , certclock); |
1424 | |
1425 | size = sizeof(certbuf); |
1426 | gnutls_x509_crt_get_issuer_dn(x509_cert, certbuf, &size); |
1427 | infof(data, "\t issuer: %s\n" , certbuf); |
1428 | #endif |
1429 | |
1430 | gnutls_x509_crt_deinit(x509_cert); |
1431 | |
1432 | #ifdef HAS_ALPN |
1433 | if(conn->bits.tls_enable_alpn) { |
1434 | rc = gnutls_alpn_get_selected_protocol(session, &proto); |
1435 | if(rc == 0) { |
1436 | infof(data, "ALPN, server accepted to use %.*s\n" , proto.size, |
1437 | proto.data); |
1438 | |
1439 | #ifdef USE_NGHTTP2 |
1440 | if(proto.size == NGHTTP2_PROTO_VERSION_ID_LEN && |
1441 | !memcmp(NGHTTP2_PROTO_VERSION_ID, proto.data, |
1442 | NGHTTP2_PROTO_VERSION_ID_LEN)) { |
1443 | conn->negnpn = CURL_HTTP_VERSION_2; |
1444 | } |
1445 | else |
1446 | #endif |
1447 | if(proto.size == ALPN_HTTP_1_1_LENGTH && |
1448 | !memcmp(ALPN_HTTP_1_1, proto.data, ALPN_HTTP_1_1_LENGTH)) { |
1449 | conn->negnpn = CURL_HTTP_VERSION_1_1; |
1450 | } |
1451 | } |
1452 | else |
1453 | infof(data, "ALPN, server did not agree to a protocol\n" ); |
1454 | |
1455 | Curl_multiuse_state(conn, conn->negnpn == CURL_HTTP_VERSION_2 ? |
1456 | BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE); |
1457 | } |
1458 | #endif |
1459 | |
1460 | conn->ssl[sockindex].state = ssl_connection_complete; |
1461 | conn->recv[sockindex] = gtls_recv; |
1462 | conn->send[sockindex] = gtls_send; |
1463 | |
1464 | if(SSL_SET_OPTION(primary.sessionid)) { |
1465 | /* we always unconditionally get the session id here, as even if we |
1466 | already got it from the cache and asked to use it in the connection, it |
1467 | might've been rejected and then a new one is in use now and we need to |
1468 | detect that. */ |
1469 | void *connect_sessionid; |
1470 | size_t connect_idsize = 0; |
1471 | |
1472 | /* get the session ID data size */ |
1473 | gnutls_session_get_data(session, NULL, &connect_idsize); |
1474 | connect_sessionid = malloc(connect_idsize); /* get a buffer for it */ |
1475 | |
1476 | if(connect_sessionid) { |
1477 | bool incache; |
1478 | void *ssl_sessionid; |
1479 | |
1480 | /* extract session ID to the allocated buffer */ |
1481 | gnutls_session_get_data(session, connect_sessionid, &connect_idsize); |
1482 | |
1483 | Curl_ssl_sessionid_lock(conn); |
1484 | incache = !(Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, |
1485 | sockindex)); |
1486 | if(incache) { |
1487 | /* there was one before in the cache, so instead of risking that the |
1488 | previous one was rejected, we just kill that and store the new */ |
1489 | Curl_ssl_delsessionid(conn, ssl_sessionid); |
1490 | } |
1491 | |
1492 | /* store this session id */ |
1493 | result = Curl_ssl_addsessionid(conn, connect_sessionid, connect_idsize, |
1494 | sockindex); |
1495 | Curl_ssl_sessionid_unlock(conn); |
1496 | if(result) { |
1497 | free(connect_sessionid); |
1498 | result = CURLE_OUT_OF_MEMORY; |
1499 | } |
1500 | } |
1501 | else |
1502 | result = CURLE_OUT_OF_MEMORY; |
1503 | } |
1504 | |
1505 | return result; |
1506 | } |
1507 | |
1508 | |
1509 | /* |
1510 | * This function is called after the TCP connect has completed. Setup the TLS |
1511 | * layer and do all necessary magic. |
1512 | */ |
1513 | /* We use connssl->connecting_state to keep track of the connection status; |
1514 | there are three states: 'ssl_connect_1' (not started yet or complete), |
1515 | 'ssl_connect_2_reading' (waiting for data from server), and |
1516 | 'ssl_connect_2_writing' (waiting to be able to write). |
1517 | */ |
1518 | static CURLcode |
1519 | gtls_connect_common(struct connectdata *conn, |
1520 | int sockindex, |
1521 | bool nonblocking, |
1522 | bool *done) |
1523 | { |
1524 | int rc; |
1525 | struct ssl_connect_data *connssl = &conn->ssl[sockindex]; |
1526 | |
1527 | /* Initiate the connection, if not already done */ |
1528 | if(ssl_connect_1 == connssl->connecting_state) { |
1529 | rc = gtls_connect_step1(conn, sockindex); |
1530 | if(rc) |
1531 | return rc; |
1532 | } |
1533 | |
1534 | rc = handshake(conn, sockindex, TRUE, nonblocking); |
1535 | if(rc) |
1536 | /* handshake() sets its own error message with failf() */ |
1537 | return rc; |
1538 | |
1539 | /* Finish connecting once the handshake is done */ |
1540 | if(ssl_connect_1 == connssl->connecting_state) { |
1541 | rc = gtls_connect_step3(conn, sockindex); |
1542 | if(rc) |
1543 | return rc; |
1544 | } |
1545 | |
1546 | *done = ssl_connect_1 == connssl->connecting_state; |
1547 | |
1548 | return CURLE_OK; |
1549 | } |
1550 | |
1551 | static CURLcode Curl_gtls_connect_nonblocking(struct connectdata *conn, |
1552 | int sockindex, bool *done) |
1553 | { |
1554 | return gtls_connect_common(conn, sockindex, TRUE, done); |
1555 | } |
1556 | |
1557 | static CURLcode Curl_gtls_connect(struct connectdata *conn, int sockindex) |
1558 | { |
1559 | CURLcode result; |
1560 | bool done = FALSE; |
1561 | |
1562 | result = gtls_connect_common(conn, sockindex, FALSE, &done); |
1563 | if(result) |
1564 | return result; |
1565 | |
1566 | DEBUGASSERT(done); |
1567 | |
1568 | return CURLE_OK; |
1569 | } |
1570 | |
1571 | static bool Curl_gtls_data_pending(const struct connectdata *conn, |
1572 | int connindex) |
1573 | { |
1574 | const struct ssl_connect_data *connssl = &conn->ssl[connindex]; |
1575 | bool res = FALSE; |
1576 | if(BACKEND->session && |
1577 | 0 != gnutls_record_check_pending(BACKEND->session)) |
1578 | res = TRUE; |
1579 | |
1580 | connssl = &conn->proxy_ssl[connindex]; |
1581 | if(BACKEND->session && |
1582 | 0 != gnutls_record_check_pending(BACKEND->session)) |
1583 | res = TRUE; |
1584 | |
1585 | return res; |
1586 | } |
1587 | |
1588 | static ssize_t gtls_send(struct connectdata *conn, |
1589 | int sockindex, |
1590 | const void *mem, |
1591 | size_t len, |
1592 | CURLcode *curlcode) |
1593 | { |
1594 | struct ssl_connect_data *connssl = &conn->ssl[sockindex]; |
1595 | ssize_t rc = gnutls_record_send(BACKEND->session, mem, len); |
1596 | |
1597 | if(rc < 0) { |
1598 | *curlcode = (rc == GNUTLS_E_AGAIN) |
1599 | ? CURLE_AGAIN |
1600 | : CURLE_SEND_ERROR; |
1601 | |
1602 | rc = -1; |
1603 | } |
1604 | |
1605 | return rc; |
1606 | } |
1607 | |
1608 | static void close_one(struct ssl_connect_data *connssl) |
1609 | { |
1610 | if(BACKEND->session) { |
1611 | gnutls_bye(BACKEND->session, GNUTLS_SHUT_WR); |
1612 | gnutls_deinit(BACKEND->session); |
1613 | BACKEND->session = NULL; |
1614 | } |
1615 | if(BACKEND->cred) { |
1616 | gnutls_certificate_free_credentials(BACKEND->cred); |
1617 | BACKEND->cred = NULL; |
1618 | } |
1619 | #ifdef USE_TLS_SRP |
1620 | if(BACKEND->srp_client_cred) { |
1621 | gnutls_srp_free_client_credentials(BACKEND->srp_client_cred); |
1622 | BACKEND->srp_client_cred = NULL; |
1623 | } |
1624 | #endif |
1625 | } |
1626 | |
1627 | static void Curl_gtls_close(struct connectdata *conn, int sockindex) |
1628 | { |
1629 | close_one(&conn->ssl[sockindex]); |
1630 | close_one(&conn->proxy_ssl[sockindex]); |
1631 | } |
1632 | |
1633 | /* |
1634 | * This function is called to shut down the SSL layer but keep the |
1635 | * socket open (CCC - Clear Command Channel) |
1636 | */ |
1637 | static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex) |
1638 | { |
1639 | struct ssl_connect_data *connssl = &conn->ssl[sockindex]; |
1640 | int retval = 0; |
1641 | struct Curl_easy *data = conn->data; |
1642 | |
1643 | #ifndef CURL_DISABLE_FTP |
1644 | /* This has only been tested on the proftpd server, and the mod_tls code |
1645 | sends a close notify alert without waiting for a close notify alert in |
1646 | response. Thus we wait for a close notify alert from the server, but |
1647 | we do not send one. Let's hope other servers do the same... */ |
1648 | |
1649 | if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE) |
1650 | gnutls_bye(BACKEND->session, GNUTLS_SHUT_WR); |
1651 | #endif |
1652 | |
1653 | if(BACKEND->session) { |
1654 | ssize_t result; |
1655 | bool done = FALSE; |
1656 | char buf[120]; |
1657 | |
1658 | while(!done) { |
1659 | int what = SOCKET_READABLE(conn->sock[sockindex], |
1660 | SSL_SHUTDOWN_TIMEOUT); |
1661 | if(what > 0) { |
1662 | /* Something to read, let's do it and hope that it is the close |
1663 | notify alert from the server */ |
1664 | result = gnutls_record_recv(BACKEND->session, |
1665 | buf, sizeof(buf)); |
1666 | switch(result) { |
1667 | case 0: |
1668 | /* This is the expected response. There was no data but only |
1669 | the close notify alert */ |
1670 | done = TRUE; |
1671 | break; |
1672 | case GNUTLS_E_AGAIN: |
1673 | case GNUTLS_E_INTERRUPTED: |
1674 | infof(data, "GNUTLS_E_AGAIN || GNUTLS_E_INTERRUPTED\n" ); |
1675 | break; |
1676 | default: |
1677 | retval = -1; |
1678 | done = TRUE; |
1679 | break; |
1680 | } |
1681 | } |
1682 | else if(0 == what) { |
1683 | /* timeout */ |
1684 | failf(data, "SSL shutdown timeout" ); |
1685 | done = TRUE; |
1686 | } |
1687 | else { |
1688 | /* anything that gets here is fatally bad */ |
1689 | failf(data, "select/poll on SSL socket, errno: %d" , SOCKERRNO); |
1690 | retval = -1; |
1691 | done = TRUE; |
1692 | } |
1693 | } |
1694 | gnutls_deinit(BACKEND->session); |
1695 | } |
1696 | gnutls_certificate_free_credentials(BACKEND->cred); |
1697 | |
1698 | #ifdef USE_TLS_SRP |
1699 | if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP |
1700 | && SSL_SET_OPTION(username) != NULL) |
1701 | gnutls_srp_free_client_credentials(BACKEND->srp_client_cred); |
1702 | #endif |
1703 | |
1704 | BACKEND->cred = NULL; |
1705 | BACKEND->session = NULL; |
1706 | |
1707 | return retval; |
1708 | } |
1709 | |
1710 | static ssize_t gtls_recv(struct connectdata *conn, /* connection data */ |
1711 | int num, /* socketindex */ |
1712 | char *buf, /* store read data here */ |
1713 | size_t buffersize, /* max amount to read */ |
1714 | CURLcode *curlcode) |
1715 | { |
1716 | struct ssl_connect_data *connssl = &conn->ssl[num]; |
1717 | ssize_t ret; |
1718 | |
1719 | ret = gnutls_record_recv(BACKEND->session, buf, buffersize); |
1720 | if((ret == GNUTLS_E_AGAIN) || (ret == GNUTLS_E_INTERRUPTED)) { |
1721 | *curlcode = CURLE_AGAIN; |
1722 | return -1; |
1723 | } |
1724 | |
1725 | if(ret == GNUTLS_E_REHANDSHAKE) { |
1726 | /* BLOCKING call, this is bad but a work-around for now. Fixing this "the |
1727 | proper way" takes a whole lot of work. */ |
1728 | CURLcode result = handshake(conn, num, FALSE, FALSE); |
1729 | if(result) |
1730 | /* handshake() writes error message on its own */ |
1731 | *curlcode = result; |
1732 | else |
1733 | *curlcode = CURLE_AGAIN; /* then return as if this was a wouldblock */ |
1734 | return -1; |
1735 | } |
1736 | |
1737 | if(ret < 0) { |
1738 | failf(conn->data, "GnuTLS recv error (%d): %s" , |
1739 | |
1740 | (int)ret, gnutls_strerror((int)ret)); |
1741 | *curlcode = CURLE_RECV_ERROR; |
1742 | return -1; |
1743 | } |
1744 | |
1745 | return ret; |
1746 | } |
1747 | |
1748 | static void Curl_gtls_session_free(void *ptr) |
1749 | { |
1750 | free(ptr); |
1751 | } |
1752 | |
1753 | static size_t Curl_gtls_version(char *buffer, size_t size) |
1754 | { |
1755 | return msnprintf(buffer, size, "GnuTLS/%s" , gnutls_check_version(NULL)); |
1756 | } |
1757 | |
1758 | #ifndef USE_GNUTLS_NETTLE |
1759 | static int Curl_gtls_seed(struct Curl_easy *data) |
1760 | { |
1761 | /* we have the "SSL is seeded" boolean static to prevent multiple |
1762 | time-consuming seedings in vain */ |
1763 | static bool ssl_seeded = FALSE; |
1764 | |
1765 | /* Quickly add a bit of entropy */ |
1766 | gcry_fast_random_poll(); |
1767 | |
1768 | if(!ssl_seeded || data->set.str[STRING_SSL_RANDOM_FILE] || |
1769 | data->set.str[STRING_SSL_EGDSOCKET]) { |
1770 | ssl_seeded = TRUE; |
1771 | } |
1772 | return 0; |
1773 | } |
1774 | #endif |
1775 | |
1776 | /* data might be NULL! */ |
1777 | static CURLcode Curl_gtls_random(struct Curl_easy *data, |
1778 | unsigned char *entropy, size_t length) |
1779 | { |
1780 | #if defined(USE_GNUTLS_NETTLE) |
1781 | int rc; |
1782 | (void)data; |
1783 | rc = gnutls_rnd(GNUTLS_RND_RANDOM, entropy, length); |
1784 | return rc?CURLE_FAILED_INIT:CURLE_OK; |
1785 | #elif defined(USE_GNUTLS) |
1786 | if(data) |
1787 | Curl_gtls_seed(data); /* Initiate the seed if not already done */ |
1788 | gcry_randomize(entropy, length, GCRY_STRONG_RANDOM); |
1789 | #endif |
1790 | return CURLE_OK; |
1791 | } |
1792 | |
1793 | static CURLcode Curl_gtls_md5sum(unsigned char *tmp, /* input */ |
1794 | size_t tmplen, |
1795 | unsigned char *md5sum, /* output */ |
1796 | size_t md5len) |
1797 | { |
1798 | #if defined(USE_GNUTLS_NETTLE) |
1799 | struct md5_ctx MD5pw; |
1800 | md5_init(&MD5pw); |
1801 | md5_update(&MD5pw, (unsigned int)tmplen, tmp); |
1802 | md5_digest(&MD5pw, (unsigned int)md5len, md5sum); |
1803 | #elif defined(USE_GNUTLS) |
1804 | gcry_md_hd_t MD5pw; |
1805 | gcry_md_open(&MD5pw, GCRY_MD_MD5, 0); |
1806 | gcry_md_write(MD5pw, tmp, tmplen); |
1807 | memcpy(md5sum, gcry_md_read(MD5pw, 0), md5len); |
1808 | gcry_md_close(MD5pw); |
1809 | #endif |
1810 | return CURLE_OK; |
1811 | } |
1812 | |
1813 | static CURLcode Curl_gtls_sha256sum(const unsigned char *tmp, /* input */ |
1814 | size_t tmplen, |
1815 | unsigned char *sha256sum, /* output */ |
1816 | size_t sha256len) |
1817 | { |
1818 | #if defined(USE_GNUTLS_NETTLE) |
1819 | struct sha256_ctx SHA256pw; |
1820 | sha256_init(&SHA256pw); |
1821 | sha256_update(&SHA256pw, (unsigned int)tmplen, tmp); |
1822 | sha256_digest(&SHA256pw, (unsigned int)sha256len, sha256sum); |
1823 | #elif defined(USE_GNUTLS) |
1824 | gcry_md_hd_t SHA256pw; |
1825 | gcry_md_open(&SHA256pw, GCRY_MD_SHA256, 0); |
1826 | gcry_md_write(SHA256pw, tmp, tmplen); |
1827 | memcpy(sha256sum, gcry_md_read(SHA256pw, 0), sha256len); |
1828 | gcry_md_close(SHA256pw); |
1829 | #endif |
1830 | return CURLE_OK; |
1831 | } |
1832 | |
1833 | static bool Curl_gtls_cert_status_request(void) |
1834 | { |
1835 | #ifdef HAS_OCSP |
1836 | return TRUE; |
1837 | #else |
1838 | return FALSE; |
1839 | #endif |
1840 | } |
1841 | |
1842 | static void *Curl_gtls_get_internals(struct ssl_connect_data *connssl, |
1843 | CURLINFO info UNUSED_PARAM) |
1844 | { |
1845 | (void)info; |
1846 | return BACKEND->session; |
1847 | } |
1848 | |
1849 | const struct Curl_ssl Curl_ssl_gnutls = { |
1850 | { CURLSSLBACKEND_GNUTLS, "gnutls" }, /* info */ |
1851 | |
1852 | SSLSUPP_CA_PATH | |
1853 | SSLSUPP_CERTINFO | |
1854 | SSLSUPP_PINNEDPUBKEY | |
1855 | SSLSUPP_HTTPS_PROXY, |
1856 | |
1857 | sizeof(struct ssl_backend_data), |
1858 | |
1859 | Curl_gtls_init, /* init */ |
1860 | Curl_gtls_cleanup, /* cleanup */ |
1861 | Curl_gtls_version, /* version */ |
1862 | Curl_none_check_cxn, /* check_cxn */ |
1863 | Curl_gtls_shutdown, /* shutdown */ |
1864 | Curl_gtls_data_pending, /* data_pending */ |
1865 | Curl_gtls_random, /* random */ |
1866 | Curl_gtls_cert_status_request, /* cert_status_request */ |
1867 | Curl_gtls_connect, /* connect */ |
1868 | Curl_gtls_connect_nonblocking, /* connect_nonblocking */ |
1869 | Curl_gtls_get_internals, /* get_internals */ |
1870 | Curl_gtls_close, /* close_one */ |
1871 | Curl_none_close_all, /* close_all */ |
1872 | Curl_gtls_session_free, /* session_free */ |
1873 | Curl_none_set_engine, /* set_engine */ |
1874 | Curl_none_set_engine_default, /* set_engine_default */ |
1875 | Curl_none_engines_list, /* engines_list */ |
1876 | Curl_none_false_start, /* false_start */ |
1877 | Curl_gtls_md5sum, /* md5sum */ |
1878 | Curl_gtls_sha256sum /* sha256sum */ |
1879 | }; |
1880 | |
1881 | #endif /* USE_GNUTLS */ |
1882 | |