1 | /*************************************************************************** |
2 | * _ _ ____ _ |
3 | * Project ___| | | | _ \| | |
4 | * / __| | | | |_) | | |
5 | * | (__| |_| | _ <| |___ |
6 | * \___|\___/|_| \_\_____| |
7 | * |
8 | * Copyright (C) 2012 - 2016, Marc Hoersken, <info@marc-hoersken.de> |
9 | * Copyright (C) 2012, Mark Salisbury, <mark.salisbury@hp.com> |
10 | * Copyright (C) 2012 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. |
11 | * |
12 | * This software is licensed as described in the file COPYING, which |
13 | * you should have received as part of this distribution. The terms |
14 | * are also available at https://curl.haxx.se/docs/copyright.html. |
15 | * |
16 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
17 | * copies of the Software, and permit persons to whom the Software is |
18 | * furnished to do so, under the terms of the COPYING file. |
19 | * |
20 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
21 | * KIND, either express or implied. |
22 | * |
23 | ***************************************************************************/ |
24 | |
25 | /* |
26 | * Source file for all Schannel-specific code for the TLS/SSL layer. No code |
27 | * but vtls.c should ever call or use these functions. |
28 | */ |
29 | |
30 | /* |
31 | * Based upon the PolarSSL implementation in polarssl.c and polarssl.h: |
32 | * Copyright (C) 2010, 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com> |
33 | * |
34 | * Based upon the CyaSSL implementation in cyassl.c and cyassl.h: |
35 | * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al. |
36 | * |
37 | * Thanks for code and inspiration! |
38 | */ |
39 | |
40 | #include "curl_setup.h" |
41 | |
42 | #ifdef USE_SCHANNEL |
43 | |
44 | #define EXPOSE_SCHANNEL_INTERNAL_STRUCTS |
45 | |
46 | #ifndef USE_WINDOWS_SSPI |
47 | # error "Can't compile SCHANNEL support without SSPI." |
48 | #endif |
49 | |
50 | #include "schannel.h" |
51 | #include "vtls.h" |
52 | #include "sendf.h" |
53 | #include "connect.h" /* for the connect timeout */ |
54 | #include "strerror.h" |
55 | #include "select.h" /* for the socket readyness */ |
56 | #include "inet_pton.h" /* for IP addr SNI check */ |
57 | #include "curl_multibyte.h" |
58 | #include "warnless.h" |
59 | #include "x509asn1.h" |
60 | #include "curl_printf.h" |
61 | #include "multiif.h" |
62 | #include "system_win32.h" |
63 | |
64 | /* The last #include file should be: */ |
65 | #include "curl_memory.h" |
66 | #include "memdebug.h" |
67 | |
68 | /* ALPN requires version 8.1 of the Windows SDK, which was |
69 | shipped with Visual Studio 2013, aka _MSC_VER 1800: |
70 | |
71 | https://technet.microsoft.com/en-us/library/hh831771%28v=ws.11%29.aspx |
72 | */ |
73 | #if defined(_MSC_VER) && (_MSC_VER >= 1800) && !defined(_USING_V110_SDK71_) |
74 | # define HAS_ALPN 1 |
75 | #endif |
76 | |
77 | #ifndef UNISP_NAME_A |
78 | #define UNISP_NAME_A "Microsoft Unified Security Protocol Provider" |
79 | #endif |
80 | |
81 | #ifndef UNISP_NAME_W |
82 | #define UNISP_NAME_W L"Microsoft Unified Security Protocol Provider" |
83 | #endif |
84 | |
85 | #ifndef UNISP_NAME |
86 | #ifdef UNICODE |
87 | #define UNISP_NAME UNISP_NAME_W |
88 | #else |
89 | #define UNISP_NAME UNISP_NAME_A |
90 | #endif |
91 | #endif |
92 | |
93 | #if defined(CryptStringToBinary) && defined(CRYPT_STRING_HEX) |
94 | #define HAS_CLIENT_CERT_PATH |
95 | #endif |
96 | |
97 | #ifdef HAS_CLIENT_CERT_PATH |
98 | #ifdef UNICODE |
99 | #define CURL_CERT_STORE_PROV_SYSTEM CERT_STORE_PROV_SYSTEM_W |
100 | #else |
101 | #define CURL_CERT_STORE_PROV_SYSTEM CERT_STORE_PROV_SYSTEM_A |
102 | #endif |
103 | #endif |
104 | |
105 | #ifndef SP_PROT_SSL2_CLIENT |
106 | #define SP_PROT_SSL2_CLIENT 0x00000008 |
107 | #endif |
108 | |
109 | #ifndef SP_PROT_SSL3_CLIENT |
110 | #define SP_PROT_SSL3_CLIENT 0x00000008 |
111 | #endif |
112 | |
113 | #ifndef SP_PROT_TLS1_CLIENT |
114 | #define SP_PROT_TLS1_CLIENT 0x00000080 |
115 | #endif |
116 | |
117 | #ifndef SP_PROT_TLS1_0_CLIENT |
118 | #define SP_PROT_TLS1_0_CLIENT SP_PROT_TLS1_CLIENT |
119 | #endif |
120 | |
121 | #ifndef SP_PROT_TLS1_1_CLIENT |
122 | #define SP_PROT_TLS1_1_CLIENT 0x00000200 |
123 | #endif |
124 | |
125 | #ifndef SP_PROT_TLS1_2_CLIENT |
126 | #define SP_PROT_TLS1_2_CLIENT 0x00000800 |
127 | #endif |
128 | |
129 | #ifndef SECBUFFER_ALERT |
130 | #define SECBUFFER_ALERT 17 |
131 | #endif |
132 | |
133 | /* Both schannel buffer sizes must be > 0 */ |
134 | #define CURL_SCHANNEL_BUFFER_INIT_SIZE 4096 |
135 | #define CURL_SCHANNEL_BUFFER_FREE_SIZE 1024 |
136 | |
137 | #define CERT_THUMBPRINT_STR_LEN 40 |
138 | #define CERT_THUMBPRINT_DATA_LEN 20 |
139 | |
140 | /* Uncomment to force verbose output |
141 | * #define infof(x, y, ...) printf(y, __VA_ARGS__) |
142 | * #define failf(x, y, ...) printf(y, __VA_ARGS__) |
143 | */ |
144 | |
145 | #ifndef CALG_SHA_256 |
146 | # define CALG_SHA_256 0x0000800c |
147 | #endif |
148 | |
149 | #define BACKEND connssl->backend |
150 | |
151 | static Curl_recv schannel_recv; |
152 | static Curl_send schannel_send; |
153 | |
154 | static CURLcode pkp_pin_peer_pubkey(struct connectdata *conn, int sockindex, |
155 | const char *pinnedpubkey); |
156 | |
157 | static void InitSecBuffer(SecBuffer *buffer, unsigned long BufType, |
158 | void *BufDataPtr, unsigned long BufByteSize) |
159 | { |
160 | buffer->cbBuffer = BufByteSize; |
161 | buffer->BufferType = BufType; |
162 | buffer->pvBuffer = BufDataPtr; |
163 | } |
164 | |
165 | static void InitSecBufferDesc(SecBufferDesc *desc, SecBuffer *BufArr, |
166 | unsigned long NumArrElem) |
167 | { |
168 | desc->ulVersion = SECBUFFER_VERSION; |
169 | desc->pBuffers = BufArr; |
170 | desc->cBuffers = NumArrElem; |
171 | } |
172 | |
173 | static CURLcode |
174 | set_ssl_version_min_max(SCHANNEL_CRED *schannel_cred, struct connectdata *conn) |
175 | { |
176 | struct Curl_easy *data = conn->data; |
177 | long ssl_version = SSL_CONN_CONFIG(version); |
178 | long ssl_version_max = SSL_CONN_CONFIG(version_max); |
179 | long i = ssl_version; |
180 | |
181 | switch(ssl_version_max) { |
182 | case CURL_SSLVERSION_MAX_NONE: |
183 | case CURL_SSLVERSION_MAX_DEFAULT: |
184 | ssl_version_max = CURL_SSLVERSION_MAX_TLSv1_2; |
185 | break; |
186 | } |
187 | for(; i <= (ssl_version_max >> 16); ++i) { |
188 | switch(i) { |
189 | case CURL_SSLVERSION_TLSv1_0: |
190 | schannel_cred->grbitEnabledProtocols |= SP_PROT_TLS1_0_CLIENT; |
191 | break; |
192 | case CURL_SSLVERSION_TLSv1_1: |
193 | schannel_cred->grbitEnabledProtocols |= SP_PROT_TLS1_1_CLIENT; |
194 | break; |
195 | case CURL_SSLVERSION_TLSv1_2: |
196 | schannel_cred->grbitEnabledProtocols |= SP_PROT_TLS1_2_CLIENT; |
197 | break; |
198 | case CURL_SSLVERSION_TLSv1_3: |
199 | failf(data, "schannel: TLS 1.3 is not yet supported" ); |
200 | return CURLE_SSL_CONNECT_ERROR; |
201 | } |
202 | } |
203 | return CURLE_OK; |
204 | } |
205 | |
206 | /*longest is 26, buffer is slightly bigger*/ |
207 | #define LONGEST_ALG_ID 32 |
208 | #define CIPHEROPTION(X) \ |
209 | if(strcmp(#X, tmp) == 0) \ |
210 | return X |
211 | |
212 | static int |
213 | get_alg_id_by_name(char *name) |
214 | { |
215 | char tmp[LONGEST_ALG_ID] = { 0 }; |
216 | char *nameEnd = strchr(name, ':'); |
217 | size_t n = nameEnd ? min((size_t)(nameEnd - name), LONGEST_ALG_ID - 1) : \ |
218 | min(strlen(name), LONGEST_ALG_ID - 1); |
219 | strncpy(tmp, name, n); |
220 | tmp[n] = 0; |
221 | CIPHEROPTION(CALG_MD2); |
222 | CIPHEROPTION(CALG_MD4); |
223 | CIPHEROPTION(CALG_MD5); |
224 | CIPHEROPTION(CALG_SHA); |
225 | CIPHEROPTION(CALG_SHA1); |
226 | CIPHEROPTION(CALG_MAC); |
227 | CIPHEROPTION(CALG_RSA_SIGN); |
228 | CIPHEROPTION(CALG_DSS_SIGN); |
229 | /*ifdefs for the options that are defined conditionally in wincrypt.h*/ |
230 | #ifdef CALG_NO_SIGN |
231 | CIPHEROPTION(CALG_NO_SIGN); |
232 | #endif |
233 | CIPHEROPTION(CALG_RSA_KEYX); |
234 | CIPHEROPTION(CALG_DES); |
235 | #ifdef CALG_3DES_112 |
236 | CIPHEROPTION(CALG_3DES_112); |
237 | #endif |
238 | CIPHEROPTION(CALG_3DES); |
239 | CIPHEROPTION(CALG_DESX); |
240 | CIPHEROPTION(CALG_RC2); |
241 | CIPHEROPTION(CALG_RC4); |
242 | CIPHEROPTION(CALG_SEAL); |
243 | #ifdef CALG_DH_SF |
244 | CIPHEROPTION(CALG_DH_SF); |
245 | #endif |
246 | CIPHEROPTION(CALG_DH_EPHEM); |
247 | #ifdef CALG_AGREEDKEY_ANY |
248 | CIPHEROPTION(CALG_AGREEDKEY_ANY); |
249 | #endif |
250 | #ifdef CALG_HUGHES_MD5 |
251 | CIPHEROPTION(CALG_HUGHES_MD5); |
252 | #endif |
253 | CIPHEROPTION(CALG_SKIPJACK); |
254 | #ifdef CALG_TEK |
255 | CIPHEROPTION(CALG_TEK); |
256 | #endif |
257 | CIPHEROPTION(CALG_CYLINK_MEK); |
258 | CIPHEROPTION(CALG_SSL3_SHAMD5); |
259 | #ifdef CALG_SSL3_MASTER |
260 | CIPHEROPTION(CALG_SSL3_MASTER); |
261 | #endif |
262 | #ifdef CALG_SCHANNEL_MASTER_HASH |
263 | CIPHEROPTION(CALG_SCHANNEL_MASTER_HASH); |
264 | #endif |
265 | #ifdef CALG_SCHANNEL_MAC_KEY |
266 | CIPHEROPTION(CALG_SCHANNEL_MAC_KEY); |
267 | #endif |
268 | #ifdef CALG_SCHANNEL_ENC_KEY |
269 | CIPHEROPTION(CALG_SCHANNEL_ENC_KEY); |
270 | #endif |
271 | #ifdef CALG_PCT1_MASTER |
272 | CIPHEROPTION(CALG_PCT1_MASTER); |
273 | #endif |
274 | #ifdef CALG_SSL2_MASTER |
275 | CIPHEROPTION(CALG_SSL2_MASTER); |
276 | #endif |
277 | #ifdef CALG_TLS1_MASTER |
278 | CIPHEROPTION(CALG_TLS1_MASTER); |
279 | #endif |
280 | #ifdef CALG_RC5 |
281 | CIPHEROPTION(CALG_RC5); |
282 | #endif |
283 | #ifdef CALG_HMAC |
284 | CIPHEROPTION(CALG_HMAC); |
285 | #endif |
286 | #if !defined(__W32API_MAJOR_VERSION) || \ |
287 | !defined(__W32API_MINOR_VERSION) || \ |
288 | defined(__MINGW64_VERSION_MAJOR) || \ |
289 | (__W32API_MAJOR_VERSION > 5) || \ |
290 | ((__W32API_MAJOR_VERSION == 5) && (__W32API_MINOR_VERSION > 0)) |
291 | /* CALG_TLS1PRF has a syntax error in MinGW's w32api up to version 5.0, |
292 | see https://osdn.net/projects/mingw/ticket/38391 */ |
293 | CIPHEROPTION(CALG_TLS1PRF); |
294 | #endif |
295 | #ifdef CALG_HASH_REPLACE_OWF |
296 | CIPHEROPTION(CALG_HASH_REPLACE_OWF); |
297 | #endif |
298 | #ifdef CALG_AES_128 |
299 | CIPHEROPTION(CALG_AES_128); |
300 | #endif |
301 | #ifdef CALG_AES_192 |
302 | CIPHEROPTION(CALG_AES_192); |
303 | #endif |
304 | #ifdef CALG_AES_256 |
305 | CIPHEROPTION(CALG_AES_256); |
306 | #endif |
307 | #ifdef CALG_AES |
308 | CIPHEROPTION(CALG_AES); |
309 | #endif |
310 | #ifdef CALG_SHA_256 |
311 | CIPHEROPTION(CALG_SHA_256); |
312 | #endif |
313 | #ifdef CALG_SHA_384 |
314 | CIPHEROPTION(CALG_SHA_384); |
315 | #endif |
316 | #ifdef CALG_SHA_512 |
317 | CIPHEROPTION(CALG_SHA_512); |
318 | #endif |
319 | #ifdef CALG_ECDH |
320 | CIPHEROPTION(CALG_ECDH); |
321 | #endif |
322 | #ifdef CALG_ECMQV |
323 | CIPHEROPTION(CALG_ECMQV); |
324 | #endif |
325 | #ifdef CALG_ECDSA |
326 | CIPHEROPTION(CALG_ECDSA); |
327 | #endif |
328 | #ifdef CALG_ECDH_EPHEM |
329 | CIPHEROPTION(CALG_ECDH_EPHEM); |
330 | #endif |
331 | return 0; |
332 | } |
333 | |
334 | static CURLcode |
335 | set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers) |
336 | { |
337 | char *startCur = ciphers; |
338 | int algCount = 0; |
339 | static ALG_ID algIds[45]; /*There are 45 listed in the MS headers*/ |
340 | while(startCur && (0 != *startCur) && (algCount < 45)) { |
341 | long alg = strtol(startCur, 0, 0); |
342 | if(!alg) |
343 | alg = get_alg_id_by_name(startCur); |
344 | if(alg) |
345 | algIds[algCount++] = alg; |
346 | else |
347 | return CURLE_SSL_CIPHER; |
348 | startCur = strchr(startCur, ':'); |
349 | if(startCur) |
350 | startCur++; |
351 | } |
352 | schannel_cred->palgSupportedAlgs = algIds; |
353 | schannel_cred->cSupportedAlgs = algCount; |
354 | return CURLE_OK; |
355 | } |
356 | |
357 | #ifdef HAS_CLIENT_CERT_PATH |
358 | static CURLcode |
359 | get_cert_location(TCHAR *path, DWORD *store_name, TCHAR **store_path, |
360 | TCHAR **thumbprint) |
361 | { |
362 | TCHAR *sep; |
363 | TCHAR *store_path_start; |
364 | size_t store_name_len; |
365 | |
366 | sep = _tcschr(path, TEXT('\\')); |
367 | if(sep == NULL) |
368 | return CURLE_SSL_CERTPROBLEM; |
369 | |
370 | store_name_len = sep - path; |
371 | |
372 | if(_tcsnccmp(path, TEXT("CurrentUser" ), store_name_len) == 0) |
373 | *store_name = CERT_SYSTEM_STORE_CURRENT_USER; |
374 | else if(_tcsnccmp(path, TEXT("LocalMachine" ), store_name_len) == 0) |
375 | *store_name = CERT_SYSTEM_STORE_LOCAL_MACHINE; |
376 | else if(_tcsnccmp(path, TEXT("CurrentService" ), store_name_len) == 0) |
377 | *store_name = CERT_SYSTEM_STORE_CURRENT_SERVICE; |
378 | else if(_tcsnccmp(path, TEXT("Services" ), store_name_len) == 0) |
379 | *store_name = CERT_SYSTEM_STORE_SERVICES; |
380 | else if(_tcsnccmp(path, TEXT("Users" ), store_name_len) == 0) |
381 | *store_name = CERT_SYSTEM_STORE_USERS; |
382 | else if(_tcsnccmp(path, TEXT("CurrentUserGroupPolicy" ), |
383 | store_name_len) == 0) |
384 | *store_name = CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY; |
385 | else if(_tcsnccmp(path, TEXT("LocalMachineGroupPolicy" ), |
386 | store_name_len) == 0) |
387 | *store_name = CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY; |
388 | else if(_tcsnccmp(path, TEXT("LocalMachineEnterprise" ), |
389 | store_name_len) == 0) |
390 | *store_name = CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE; |
391 | else |
392 | return CURLE_SSL_CERTPROBLEM; |
393 | |
394 | store_path_start = sep + 1; |
395 | |
396 | sep = _tcschr(store_path_start, TEXT('\\')); |
397 | if(sep == NULL) |
398 | return CURLE_SSL_CERTPROBLEM; |
399 | |
400 | *sep = TEXT('\0'); |
401 | *store_path = _tcsdup(store_path_start); |
402 | *sep = TEXT('\\'); |
403 | if(*store_path == NULL) |
404 | return CURLE_OUT_OF_MEMORY; |
405 | |
406 | *thumbprint = sep + 1; |
407 | if(_tcslen(*thumbprint) != CERT_THUMBPRINT_STR_LEN) |
408 | return CURLE_SSL_CERTPROBLEM; |
409 | |
410 | return CURLE_OK; |
411 | } |
412 | #endif |
413 | |
414 | static CURLcode |
415 | schannel_connect_step1(struct connectdata *conn, int sockindex) |
416 | { |
417 | ssize_t written = -1; |
418 | struct Curl_easy *data = conn->data; |
419 | struct ssl_connect_data *connssl = &conn->ssl[sockindex]; |
420 | SecBuffer outbuf; |
421 | SecBufferDesc outbuf_desc; |
422 | SecBuffer inbuf; |
423 | SecBufferDesc inbuf_desc; |
424 | #ifdef HAS_ALPN |
425 | unsigned char alpn_buffer[128]; |
426 | #endif |
427 | SCHANNEL_CRED schannel_cred; |
428 | PCCERT_CONTEXT client_certs[1] = { NULL }; |
429 | SECURITY_STATUS sspi_status = SEC_E_OK; |
430 | struct curl_schannel_cred *old_cred = NULL; |
431 | struct in_addr addr; |
432 | #ifdef ENABLE_IPV6 |
433 | struct in6_addr addr6; |
434 | #endif |
435 | TCHAR *host_name; |
436 | CURLcode result; |
437 | char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name : |
438 | conn->host.name; |
439 | |
440 | DEBUGF(infof(data, |
441 | "schannel: SSL/TLS connection with %s port %hu (step 1/3)\n" , |
442 | hostname, conn->remote_port)); |
443 | |
444 | if(Curl_verify_windows_version(5, 1, PLATFORM_WINNT, |
445 | VERSION_LESS_THAN_EQUAL)) { |
446 | /* Schannel in Windows XP (OS version 5.1) uses legacy handshakes and |
447 | algorithms that may not be supported by all servers. */ |
448 | infof(data, "schannel: Windows version is old and may not be able to " |
449 | "connect to some servers due to lack of SNI, algorithms, etc.\n" ); |
450 | } |
451 | |
452 | #ifdef HAS_ALPN |
453 | /* ALPN is only supported on Windows 8.1 / Server 2012 R2 and above. |
454 | Also it doesn't seem to be supported for Wine, see curl bug #983. */ |
455 | BACKEND->use_alpn = conn->bits.tls_enable_alpn && |
456 | !GetProcAddress(GetModuleHandleA("ntdll" ), |
457 | "wine_get_version" ) && |
458 | Curl_verify_windows_version(6, 3, PLATFORM_WINNT, |
459 | VERSION_GREATER_THAN_EQUAL); |
460 | #else |
461 | BACKEND->use_alpn = false; |
462 | #endif |
463 | |
464 | #ifdef _WIN32_WCE |
465 | #ifdef HAS_MANUAL_VERIFY_API |
466 | /* certificate validation on CE doesn't seem to work right; we'll |
467 | * do it following a more manual process. */ |
468 | BACKEND->use_manual_cred_validation = true; |
469 | #else |
470 | #error "compiler too old to support requisite manual cert verify for Win CE" |
471 | #endif |
472 | #else |
473 | #ifdef HAS_MANUAL_VERIFY_API |
474 | if(SSL_CONN_CONFIG(CAfile)) { |
475 | if(Curl_verify_windows_version(6, 1, PLATFORM_WINNT, |
476 | VERSION_GREATER_THAN_EQUAL)) { |
477 | BACKEND->use_manual_cred_validation = true; |
478 | } |
479 | else { |
480 | failf(data, "schannel: this version of Windows is too old to support " |
481 | "certificate verification via CA bundle file." ); |
482 | return CURLE_SSL_CACERT_BADFILE; |
483 | } |
484 | } |
485 | else |
486 | BACKEND->use_manual_cred_validation = false; |
487 | #else |
488 | if(SSL_CONN_CONFIG(CAfile)) { |
489 | failf(data, "schannel: CA cert support not built in" ); |
490 | return CURLE_NOT_BUILT_IN; |
491 | } |
492 | #endif |
493 | #endif |
494 | |
495 | BACKEND->cred = NULL; |
496 | |
497 | /* check for an existing re-usable credential handle */ |
498 | if(SSL_SET_OPTION(primary.sessionid)) { |
499 | Curl_ssl_sessionid_lock(conn); |
500 | if(!Curl_ssl_getsessionid(conn, (void **)&old_cred, NULL, sockindex)) { |
501 | BACKEND->cred = old_cred; |
502 | DEBUGF(infof(data, "schannel: re-using existing credential handle\n" )); |
503 | |
504 | /* increment the reference counter of the credential/session handle */ |
505 | BACKEND->cred->refcount++; |
506 | DEBUGF(infof(data, |
507 | "schannel: incremented credential handle refcount = %d\n" , |
508 | BACKEND->cred->refcount)); |
509 | } |
510 | Curl_ssl_sessionid_unlock(conn); |
511 | } |
512 | |
513 | if(!BACKEND->cred) { |
514 | /* setup Schannel API options */ |
515 | memset(&schannel_cred, 0, sizeof(schannel_cred)); |
516 | schannel_cred.dwVersion = SCHANNEL_CRED_VERSION; |
517 | |
518 | if(conn->ssl_config.verifypeer) { |
519 | #ifdef HAS_MANUAL_VERIFY_API |
520 | if(BACKEND->use_manual_cred_validation) |
521 | schannel_cred.dwFlags = SCH_CRED_MANUAL_CRED_VALIDATION; |
522 | else |
523 | #endif |
524 | schannel_cred.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION; |
525 | |
526 | if(data->set.ssl.no_revoke) { |
527 | schannel_cred.dwFlags |= SCH_CRED_IGNORE_NO_REVOCATION_CHECK | |
528 | SCH_CRED_IGNORE_REVOCATION_OFFLINE; |
529 | |
530 | DEBUGF(infof(data, "schannel: disabled server certificate revocation " |
531 | "checks\n" )); |
532 | } |
533 | else { |
534 | schannel_cred.dwFlags |= SCH_CRED_REVOCATION_CHECK_CHAIN; |
535 | DEBUGF(infof(data, |
536 | "schannel: checking server certificate revocation\n" )); |
537 | } |
538 | } |
539 | else { |
540 | schannel_cred.dwFlags = SCH_CRED_MANUAL_CRED_VALIDATION | |
541 | SCH_CRED_IGNORE_NO_REVOCATION_CHECK | |
542 | SCH_CRED_IGNORE_REVOCATION_OFFLINE; |
543 | DEBUGF(infof(data, |
544 | "schannel: disabled server cert revocation checks\n" )); |
545 | } |
546 | |
547 | if(!conn->ssl_config.verifyhost) { |
548 | schannel_cred.dwFlags |= SCH_CRED_NO_SERVERNAME_CHECK; |
549 | DEBUGF(infof(data, "schannel: verifyhost setting prevents Schannel from " |
550 | "comparing the supplied target name with the subject " |
551 | "names in server certificates.\n" )); |
552 | } |
553 | |
554 | switch(conn->ssl_config.version) { |
555 | case CURL_SSLVERSION_DEFAULT: |
556 | case CURL_SSLVERSION_TLSv1: |
557 | case CURL_SSLVERSION_TLSv1_0: |
558 | case CURL_SSLVERSION_TLSv1_1: |
559 | case CURL_SSLVERSION_TLSv1_2: |
560 | case CURL_SSLVERSION_TLSv1_3: |
561 | { |
562 | result = set_ssl_version_min_max(&schannel_cred, conn); |
563 | if(result != CURLE_OK) |
564 | return result; |
565 | break; |
566 | } |
567 | case CURL_SSLVERSION_SSLv3: |
568 | schannel_cred.grbitEnabledProtocols = SP_PROT_SSL3_CLIENT; |
569 | break; |
570 | case CURL_SSLVERSION_SSLv2: |
571 | schannel_cred.grbitEnabledProtocols = SP_PROT_SSL2_CLIENT; |
572 | break; |
573 | default: |
574 | failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION" ); |
575 | return CURLE_SSL_CONNECT_ERROR; |
576 | } |
577 | |
578 | if(SSL_CONN_CONFIG(cipher_list)) { |
579 | result = set_ssl_ciphers(&schannel_cred, SSL_CONN_CONFIG(cipher_list)); |
580 | if(CURLE_OK != result) { |
581 | failf(data, "Unable to set ciphers to passed via SSL_CONN_CONFIG" ); |
582 | return result; |
583 | } |
584 | } |
585 | |
586 | |
587 | #ifdef HAS_CLIENT_CERT_PATH |
588 | /* client certificate */ |
589 | if(data->set.ssl.cert) { |
590 | DWORD cert_store_name; |
591 | TCHAR *cert_store_path; |
592 | TCHAR *cert_thumbprint_str; |
593 | CRYPT_HASH_BLOB cert_thumbprint; |
594 | BYTE cert_thumbprint_data[CERT_THUMBPRINT_DATA_LEN]; |
595 | HCERTSTORE cert_store; |
596 | |
597 | TCHAR *cert_path = Curl_convert_UTF8_to_tchar(data->set.ssl.cert); |
598 | if(!cert_path) |
599 | return CURLE_OUT_OF_MEMORY; |
600 | |
601 | result = get_cert_location(cert_path, &cert_store_name, |
602 | &cert_store_path, &cert_thumbprint_str); |
603 | if(result != CURLE_OK) { |
604 | failf(data, "schannel: Failed to get certificate location for %s" , |
605 | cert_path); |
606 | Curl_unicodefree(cert_path); |
607 | return result; |
608 | } |
609 | |
610 | cert_store = |
611 | CertOpenStore(CURL_CERT_STORE_PROV_SYSTEM, 0, |
612 | (HCRYPTPROV)NULL, |
613 | CERT_STORE_OPEN_EXISTING_FLAG | cert_store_name, |
614 | cert_store_path); |
615 | if(!cert_store) { |
616 | failf(data, "schannel: Failed to open cert store %x %s, " |
617 | "last error is %x" , |
618 | cert_store_name, cert_store_path, GetLastError()); |
619 | free(cert_store_path); |
620 | Curl_unicodefree(cert_path); |
621 | return CURLE_SSL_CERTPROBLEM; |
622 | } |
623 | free(cert_store_path); |
624 | |
625 | cert_thumbprint.pbData = cert_thumbprint_data; |
626 | cert_thumbprint.cbData = CERT_THUMBPRINT_DATA_LEN; |
627 | |
628 | if(!CryptStringToBinary(cert_thumbprint_str, CERT_THUMBPRINT_STR_LEN, |
629 | CRYPT_STRING_HEX, |
630 | cert_thumbprint_data, &cert_thumbprint.cbData, |
631 | NULL, NULL)) { |
632 | Curl_unicodefree(cert_path); |
633 | return CURLE_SSL_CERTPROBLEM; |
634 | } |
635 | |
636 | client_certs[0] = CertFindCertificateInStore( |
637 | cert_store, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, |
638 | CERT_FIND_HASH, &cert_thumbprint, NULL); |
639 | |
640 | Curl_unicodefree(cert_path); |
641 | |
642 | if(client_certs[0]) { |
643 | schannel_cred.cCreds = 1; |
644 | schannel_cred.paCred = client_certs; |
645 | } |
646 | else { |
647 | /* CRYPT_E_NOT_FOUND / E_INVALIDARG */ |
648 | return CURLE_SSL_CERTPROBLEM; |
649 | } |
650 | |
651 | CertCloseStore(cert_store, 0); |
652 | } |
653 | #else |
654 | if(data->set.ssl.cert) { |
655 | failf(data, "schannel: client cert support not built in" ); |
656 | return CURLE_NOT_BUILT_IN; |
657 | } |
658 | #endif |
659 | |
660 | /* allocate memory for the re-usable credential handle */ |
661 | BACKEND->cred = (struct curl_schannel_cred *) |
662 | calloc(1, sizeof(struct curl_schannel_cred)); |
663 | if(!BACKEND->cred) { |
664 | failf(data, "schannel: unable to allocate memory" ); |
665 | |
666 | if(client_certs[0]) |
667 | CertFreeCertificateContext(client_certs[0]); |
668 | |
669 | return CURLE_OUT_OF_MEMORY; |
670 | } |
671 | BACKEND->cred->refcount = 1; |
672 | |
673 | /* https://msdn.microsoft.com/en-us/library/windows/desktop/aa374716.aspx |
674 | */ |
675 | sspi_status = |
676 | s_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR *)UNISP_NAME, |
677 | SECPKG_CRED_OUTBOUND, NULL, |
678 | &schannel_cred, NULL, NULL, |
679 | &BACKEND->cred->cred_handle, |
680 | &BACKEND->cred->time_stamp); |
681 | |
682 | if(client_certs[0]) |
683 | CertFreeCertificateContext(client_certs[0]); |
684 | |
685 | if(sspi_status != SEC_E_OK) { |
686 | char buffer[STRERROR_LEN]; |
687 | failf(data, "schannel: AcquireCredentialsHandle failed: %s" , |
688 | Curl_sspi_strerror(sspi_status, buffer, sizeof(buffer))); |
689 | Curl_safefree(BACKEND->cred); |
690 | switch(sspi_status) { |
691 | case SEC_E_INSUFFICIENT_MEMORY: |
692 | return CURLE_OUT_OF_MEMORY; |
693 | case SEC_E_NO_CREDENTIALS: |
694 | case SEC_E_SECPKG_NOT_FOUND: |
695 | case SEC_E_NOT_OWNER: |
696 | case SEC_E_UNKNOWN_CREDENTIALS: |
697 | case SEC_E_INTERNAL_ERROR: |
698 | default: |
699 | return CURLE_SSL_CONNECT_ERROR; |
700 | } |
701 | } |
702 | } |
703 | |
704 | /* Warn if SNI is disabled due to use of an IP address */ |
705 | if(Curl_inet_pton(AF_INET, hostname, &addr) |
706 | #ifdef ENABLE_IPV6 |
707 | || Curl_inet_pton(AF_INET6, hostname, &addr6) |
708 | #endif |
709 | ) { |
710 | infof(data, "schannel: using IP address, SNI is not supported by OS.\n" ); |
711 | } |
712 | |
713 | #ifdef HAS_ALPN |
714 | if(BACKEND->use_alpn) { |
715 | int cur = 0; |
716 | int list_start_index = 0; |
717 | unsigned int *extension_len = NULL; |
718 | unsigned short* list_len = NULL; |
719 | |
720 | /* The first four bytes will be an unsigned int indicating number |
721 | of bytes of data in the rest of the the buffer. */ |
722 | extension_len = (unsigned int *)(&alpn_buffer[cur]); |
723 | cur += sizeof(unsigned int); |
724 | |
725 | /* The next four bytes are an indicator that this buffer will contain |
726 | ALPN data, as opposed to NPN, for example. */ |
727 | *(unsigned int *)&alpn_buffer[cur] = |
728 | SecApplicationProtocolNegotiationExt_ALPN; |
729 | cur += sizeof(unsigned int); |
730 | |
731 | /* The next two bytes will be an unsigned short indicating the number |
732 | of bytes used to list the preferred protocols. */ |
733 | list_len = (unsigned short*)(&alpn_buffer[cur]); |
734 | cur += sizeof(unsigned short); |
735 | |
736 | list_start_index = cur; |
737 | |
738 | #ifdef USE_NGHTTP2 |
739 | if(data->set.httpversion >= CURL_HTTP_VERSION_2) { |
740 | memcpy(&alpn_buffer[cur], NGHTTP2_PROTO_ALPN, NGHTTP2_PROTO_ALPN_LEN); |
741 | cur += NGHTTP2_PROTO_ALPN_LEN; |
742 | infof(data, "schannel: ALPN, offering %s\n" , NGHTTP2_PROTO_VERSION_ID); |
743 | } |
744 | #endif |
745 | |
746 | alpn_buffer[cur++] = ALPN_HTTP_1_1_LENGTH; |
747 | memcpy(&alpn_buffer[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH); |
748 | cur += ALPN_HTTP_1_1_LENGTH; |
749 | infof(data, "schannel: ALPN, offering %s\n" , ALPN_HTTP_1_1); |
750 | |
751 | *list_len = curlx_uitous(cur - list_start_index); |
752 | *extension_len = *list_len + sizeof(unsigned int) + sizeof(unsigned short); |
753 | |
754 | InitSecBuffer(&inbuf, SECBUFFER_APPLICATION_PROTOCOLS, alpn_buffer, cur); |
755 | InitSecBufferDesc(&inbuf_desc, &inbuf, 1); |
756 | } |
757 | else { |
758 | InitSecBuffer(&inbuf, SECBUFFER_EMPTY, NULL, 0); |
759 | InitSecBufferDesc(&inbuf_desc, &inbuf, 1); |
760 | } |
761 | #else /* HAS_ALPN */ |
762 | InitSecBuffer(&inbuf, SECBUFFER_EMPTY, NULL, 0); |
763 | InitSecBufferDesc(&inbuf_desc, &inbuf, 1); |
764 | #endif |
765 | |
766 | /* setup output buffer */ |
767 | InitSecBuffer(&outbuf, SECBUFFER_EMPTY, NULL, 0); |
768 | InitSecBufferDesc(&outbuf_desc, &outbuf, 1); |
769 | |
770 | /* setup request flags */ |
771 | BACKEND->req_flags = ISC_REQ_SEQUENCE_DETECT | ISC_REQ_REPLAY_DETECT | |
772 | ISC_REQ_CONFIDENTIALITY | ISC_REQ_ALLOCATE_MEMORY | |
773 | ISC_REQ_STREAM; |
774 | |
775 | /* allocate memory for the security context handle */ |
776 | BACKEND->ctxt = (struct curl_schannel_ctxt *) |
777 | calloc(1, sizeof(struct curl_schannel_ctxt)); |
778 | if(!BACKEND->ctxt) { |
779 | failf(data, "schannel: unable to allocate memory" ); |
780 | return CURLE_OUT_OF_MEMORY; |
781 | } |
782 | |
783 | host_name = Curl_convert_UTF8_to_tchar(hostname); |
784 | if(!host_name) |
785 | return CURLE_OUT_OF_MEMORY; |
786 | |
787 | /* Schannel InitializeSecurityContext: |
788 | https://msdn.microsoft.com/en-us/library/windows/desktop/aa375924.aspx |
789 | |
790 | At the moment we don't pass inbuf unless we're using ALPN since we only |
791 | use it for that, and Wine (for which we currently disable ALPN) is giving |
792 | us problems with inbuf regardless. https://github.com/curl/curl/issues/983 |
793 | */ |
794 | sspi_status = s_pSecFn->InitializeSecurityContext( |
795 | &BACKEND->cred->cred_handle, NULL, host_name, BACKEND->req_flags, 0, 0, |
796 | (BACKEND->use_alpn ? &inbuf_desc : NULL), |
797 | 0, &BACKEND->ctxt->ctxt_handle, |
798 | &outbuf_desc, &BACKEND->ret_flags, &BACKEND->ctxt->time_stamp); |
799 | |
800 | Curl_unicodefree(host_name); |
801 | |
802 | if(sspi_status != SEC_I_CONTINUE_NEEDED) { |
803 | char buffer[STRERROR_LEN]; |
804 | Curl_safefree(BACKEND->ctxt); |
805 | switch(sspi_status) { |
806 | case SEC_E_INSUFFICIENT_MEMORY: |
807 | failf(data, "schannel: initial InitializeSecurityContext failed: %s" , |
808 | Curl_sspi_strerror(sspi_status, buffer, sizeof(buffer))); |
809 | return CURLE_OUT_OF_MEMORY; |
810 | case SEC_E_WRONG_PRINCIPAL: |
811 | failf(data, "schannel: SNI or certificate check failed: %s" , |
812 | Curl_sspi_strerror(sspi_status, buffer, sizeof(buffer))); |
813 | return CURLE_PEER_FAILED_VERIFICATION; |
814 | /* |
815 | case SEC_E_INVALID_HANDLE: |
816 | case SEC_E_INVALID_TOKEN: |
817 | case SEC_E_LOGON_DENIED: |
818 | case SEC_E_TARGET_UNKNOWN: |
819 | case SEC_E_NO_AUTHENTICATING_AUTHORITY: |
820 | case SEC_E_INTERNAL_ERROR: |
821 | case SEC_E_NO_CREDENTIALS: |
822 | case SEC_E_UNSUPPORTED_FUNCTION: |
823 | case SEC_E_APPLICATION_PROTOCOL_MISMATCH: |
824 | */ |
825 | default: |
826 | failf(data, "schannel: initial InitializeSecurityContext failed: %s" , |
827 | Curl_sspi_strerror(sspi_status, buffer, sizeof(buffer))); |
828 | return CURLE_SSL_CONNECT_ERROR; |
829 | } |
830 | } |
831 | |
832 | DEBUGF(infof(data, "schannel: sending initial handshake data: " |
833 | "sending %lu bytes...\n" , outbuf.cbBuffer)); |
834 | |
835 | /* send initial handshake data which is now stored in output buffer */ |
836 | result = Curl_write_plain(conn, conn->sock[sockindex], outbuf.pvBuffer, |
837 | outbuf.cbBuffer, &written); |
838 | s_pSecFn->FreeContextBuffer(outbuf.pvBuffer); |
839 | if((result != CURLE_OK) || (outbuf.cbBuffer != (size_t) written)) { |
840 | failf(data, "schannel: failed to send initial handshake data: " |
841 | "sent %zd of %lu bytes" , written, outbuf.cbBuffer); |
842 | return CURLE_SSL_CONNECT_ERROR; |
843 | } |
844 | |
845 | DEBUGF(infof(data, "schannel: sent initial handshake data: " |
846 | "sent %zd bytes\n" , written)); |
847 | |
848 | BACKEND->recv_unrecoverable_err = CURLE_OK; |
849 | BACKEND->recv_sspi_close_notify = false; |
850 | BACKEND->recv_connection_closed = false; |
851 | BACKEND->encdata_is_incomplete = false; |
852 | |
853 | /* continue to second handshake step */ |
854 | connssl->connecting_state = ssl_connect_2; |
855 | |
856 | return CURLE_OK; |
857 | } |
858 | |
859 | static CURLcode |
860 | schannel_connect_step2(struct connectdata *conn, int sockindex) |
861 | { |
862 | int i; |
863 | ssize_t nread = -1, written = -1; |
864 | struct Curl_easy *data = conn->data; |
865 | struct ssl_connect_data *connssl = &conn->ssl[sockindex]; |
866 | unsigned char *reallocated_buffer; |
867 | SecBuffer outbuf[3]; |
868 | SecBufferDesc outbuf_desc; |
869 | SecBuffer inbuf[2]; |
870 | SecBufferDesc inbuf_desc; |
871 | SECURITY_STATUS sspi_status = SEC_E_OK; |
872 | CURLcode result; |
873 | bool doread; |
874 | char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name : |
875 | conn->host.name; |
876 | const char *pubkey_ptr; |
877 | |
878 | doread = (connssl->connecting_state != ssl_connect_2_writing) ? TRUE : FALSE; |
879 | |
880 | DEBUGF(infof(data, |
881 | "schannel: SSL/TLS connection with %s port %hu (step 2/3)\n" , |
882 | hostname, conn->remote_port)); |
883 | |
884 | if(!BACKEND->cred || !BACKEND->ctxt) |
885 | return CURLE_SSL_CONNECT_ERROR; |
886 | |
887 | /* buffer to store previously received and decrypted data */ |
888 | if(BACKEND->decdata_buffer == NULL) { |
889 | BACKEND->decdata_offset = 0; |
890 | BACKEND->decdata_length = CURL_SCHANNEL_BUFFER_INIT_SIZE; |
891 | BACKEND->decdata_buffer = malloc(BACKEND->decdata_length); |
892 | if(BACKEND->decdata_buffer == NULL) { |
893 | failf(data, "schannel: unable to allocate memory" ); |
894 | return CURLE_OUT_OF_MEMORY; |
895 | } |
896 | } |
897 | |
898 | /* buffer to store previously received and encrypted data */ |
899 | if(BACKEND->encdata_buffer == NULL) { |
900 | BACKEND->encdata_is_incomplete = false; |
901 | BACKEND->encdata_offset = 0; |
902 | BACKEND->encdata_length = CURL_SCHANNEL_BUFFER_INIT_SIZE; |
903 | BACKEND->encdata_buffer = malloc(BACKEND->encdata_length); |
904 | if(BACKEND->encdata_buffer == NULL) { |
905 | failf(data, "schannel: unable to allocate memory" ); |
906 | return CURLE_OUT_OF_MEMORY; |
907 | } |
908 | } |
909 | |
910 | /* if we need a bigger buffer to read a full message, increase buffer now */ |
911 | if(BACKEND->encdata_length - BACKEND->encdata_offset < |
912 | CURL_SCHANNEL_BUFFER_FREE_SIZE) { |
913 | /* increase internal encrypted data buffer */ |
914 | size_t reallocated_length = BACKEND->encdata_offset + |
915 | CURL_SCHANNEL_BUFFER_FREE_SIZE; |
916 | reallocated_buffer = realloc(BACKEND->encdata_buffer, |
917 | reallocated_length); |
918 | |
919 | if(reallocated_buffer == NULL) { |
920 | failf(data, "schannel: unable to re-allocate memory" ); |
921 | return CURLE_OUT_OF_MEMORY; |
922 | } |
923 | else { |
924 | BACKEND->encdata_buffer = reallocated_buffer; |
925 | BACKEND->encdata_length = reallocated_length; |
926 | } |
927 | } |
928 | |
929 | for(;;) { |
930 | TCHAR *host_name; |
931 | if(doread) { |
932 | /* read encrypted handshake data from socket */ |
933 | result = Curl_read_plain(conn->sock[sockindex], |
934 | (char *) (BACKEND->encdata_buffer + |
935 | BACKEND->encdata_offset), |
936 | BACKEND->encdata_length - |
937 | BACKEND->encdata_offset, |
938 | &nread); |
939 | if(result == CURLE_AGAIN) { |
940 | if(connssl->connecting_state != ssl_connect_2_writing) |
941 | connssl->connecting_state = ssl_connect_2_reading; |
942 | DEBUGF(infof(data, "schannel: failed to receive handshake, " |
943 | "need more data\n" )); |
944 | return CURLE_OK; |
945 | } |
946 | else if((result != CURLE_OK) || (nread == 0)) { |
947 | failf(data, "schannel: failed to receive handshake, " |
948 | "SSL/TLS connection failed" ); |
949 | return CURLE_SSL_CONNECT_ERROR; |
950 | } |
951 | |
952 | /* increase encrypted data buffer offset */ |
953 | BACKEND->encdata_offset += nread; |
954 | BACKEND->encdata_is_incomplete = false; |
955 | DEBUGF(infof(data, "schannel: encrypted data got %zd\n" , nread)); |
956 | } |
957 | |
958 | DEBUGF(infof(data, |
959 | "schannel: encrypted data buffer: offset %zu length %zu\n" , |
960 | BACKEND->encdata_offset, BACKEND->encdata_length)); |
961 | |
962 | /* setup input buffers */ |
963 | InitSecBuffer(&inbuf[0], SECBUFFER_TOKEN, malloc(BACKEND->encdata_offset), |
964 | curlx_uztoul(BACKEND->encdata_offset)); |
965 | InitSecBuffer(&inbuf[1], SECBUFFER_EMPTY, NULL, 0); |
966 | InitSecBufferDesc(&inbuf_desc, inbuf, 2); |
967 | |
968 | /* setup output buffers */ |
969 | InitSecBuffer(&outbuf[0], SECBUFFER_TOKEN, NULL, 0); |
970 | InitSecBuffer(&outbuf[1], SECBUFFER_ALERT, NULL, 0); |
971 | InitSecBuffer(&outbuf[2], SECBUFFER_EMPTY, NULL, 0); |
972 | InitSecBufferDesc(&outbuf_desc, outbuf, 3); |
973 | |
974 | if(inbuf[0].pvBuffer == NULL) { |
975 | failf(data, "schannel: unable to allocate memory" ); |
976 | return CURLE_OUT_OF_MEMORY; |
977 | } |
978 | |
979 | /* copy received handshake data into input buffer */ |
980 | memcpy(inbuf[0].pvBuffer, BACKEND->encdata_buffer, |
981 | BACKEND->encdata_offset); |
982 | |
983 | host_name = Curl_convert_UTF8_to_tchar(hostname); |
984 | if(!host_name) |
985 | return CURLE_OUT_OF_MEMORY; |
986 | |
987 | /* https://msdn.microsoft.com/en-us/library/windows/desktop/aa375924.aspx |
988 | */ |
989 | sspi_status = s_pSecFn->InitializeSecurityContext( |
990 | &BACKEND->cred->cred_handle, &BACKEND->ctxt->ctxt_handle, |
991 | host_name, BACKEND->req_flags, 0, 0, &inbuf_desc, 0, NULL, |
992 | &outbuf_desc, &BACKEND->ret_flags, &BACKEND->ctxt->time_stamp); |
993 | |
994 | Curl_unicodefree(host_name); |
995 | |
996 | /* free buffer for received handshake data */ |
997 | Curl_safefree(inbuf[0].pvBuffer); |
998 | |
999 | /* check if the handshake was incomplete */ |
1000 | if(sspi_status == SEC_E_INCOMPLETE_MESSAGE) { |
1001 | BACKEND->encdata_is_incomplete = true; |
1002 | connssl->connecting_state = ssl_connect_2_reading; |
1003 | DEBUGF(infof(data, |
1004 | "schannel: received incomplete message, need more data\n" )); |
1005 | return CURLE_OK; |
1006 | } |
1007 | |
1008 | /* If the server has requested a client certificate, attempt to continue |
1009 | the handshake without one. This will allow connections to servers which |
1010 | request a client certificate but do not require it. */ |
1011 | if(sspi_status == SEC_I_INCOMPLETE_CREDENTIALS && |
1012 | !(BACKEND->req_flags & ISC_REQ_USE_SUPPLIED_CREDS)) { |
1013 | BACKEND->req_flags |= ISC_REQ_USE_SUPPLIED_CREDS; |
1014 | connssl->connecting_state = ssl_connect_2_writing; |
1015 | DEBUGF(infof(data, |
1016 | "schannel: a client certificate has been requested\n" )); |
1017 | return CURLE_OK; |
1018 | } |
1019 | |
1020 | /* check if the handshake needs to be continued */ |
1021 | if(sspi_status == SEC_I_CONTINUE_NEEDED || sspi_status == SEC_E_OK) { |
1022 | for(i = 0; i < 3; i++) { |
1023 | /* search for handshake tokens that need to be send */ |
1024 | if(outbuf[i].BufferType == SECBUFFER_TOKEN && outbuf[i].cbBuffer > 0) { |
1025 | DEBUGF(infof(data, "schannel: sending next handshake data: " |
1026 | "sending %lu bytes...\n" , outbuf[i].cbBuffer)); |
1027 | |
1028 | /* send handshake token to server */ |
1029 | result = Curl_write_plain(conn, conn->sock[sockindex], |
1030 | outbuf[i].pvBuffer, outbuf[i].cbBuffer, |
1031 | &written); |
1032 | if((result != CURLE_OK) || |
1033 | (outbuf[i].cbBuffer != (size_t) written)) { |
1034 | failf(data, "schannel: failed to send next handshake data: " |
1035 | "sent %zd of %lu bytes" , written, outbuf[i].cbBuffer); |
1036 | return CURLE_SSL_CONNECT_ERROR; |
1037 | } |
1038 | } |
1039 | |
1040 | /* free obsolete buffer */ |
1041 | if(outbuf[i].pvBuffer != NULL) { |
1042 | s_pSecFn->FreeContextBuffer(outbuf[i].pvBuffer); |
1043 | } |
1044 | } |
1045 | } |
1046 | else { |
1047 | char buffer[STRERROR_LEN]; |
1048 | switch(sspi_status) { |
1049 | case SEC_E_INSUFFICIENT_MEMORY: |
1050 | failf(data, "schannel: next InitializeSecurityContext failed: %s" , |
1051 | Curl_sspi_strerror(sspi_status, buffer, sizeof(buffer))); |
1052 | return CURLE_OUT_OF_MEMORY; |
1053 | case SEC_E_WRONG_PRINCIPAL: |
1054 | failf(data, "schannel: SNI or certificate check failed: %s" , |
1055 | Curl_sspi_strerror(sspi_status, buffer, sizeof(buffer))); |
1056 | return CURLE_PEER_FAILED_VERIFICATION; |
1057 | /* |
1058 | case SEC_E_INVALID_HANDLE: |
1059 | case SEC_E_INVALID_TOKEN: |
1060 | case SEC_E_LOGON_DENIED: |
1061 | case SEC_E_TARGET_UNKNOWN: |
1062 | case SEC_E_NO_AUTHENTICATING_AUTHORITY: |
1063 | case SEC_E_INTERNAL_ERROR: |
1064 | case SEC_E_NO_CREDENTIALS: |
1065 | case SEC_E_UNSUPPORTED_FUNCTION: |
1066 | case SEC_E_APPLICATION_PROTOCOL_MISMATCH: |
1067 | */ |
1068 | default: |
1069 | failf(data, "schannel: next InitializeSecurityContext failed: %s" , |
1070 | Curl_sspi_strerror(sspi_status, buffer, sizeof(buffer))); |
1071 | return CURLE_SSL_CONNECT_ERROR; |
1072 | } |
1073 | } |
1074 | |
1075 | /* check if there was additional remaining encrypted data */ |
1076 | if(inbuf[1].BufferType == SECBUFFER_EXTRA && inbuf[1].cbBuffer > 0) { |
1077 | DEBUGF(infof(data, "schannel: encrypted data length: %lu\n" , |
1078 | inbuf[1].cbBuffer)); |
1079 | /* |
1080 | There are two cases where we could be getting extra data here: |
1081 | 1) If we're renegotiating a connection and the handshake is already |
1082 | complete (from the server perspective), it can encrypted app data |
1083 | (not handshake data) in an extra buffer at this point. |
1084 | 2) (sspi_status == SEC_I_CONTINUE_NEEDED) We are negotiating a |
1085 | connection and this extra data is part of the handshake. |
1086 | We should process the data immediately; waiting for the socket to |
1087 | be ready may fail since the server is done sending handshake data. |
1088 | */ |
1089 | /* check if the remaining data is less than the total amount |
1090 | and therefore begins after the already processed data */ |
1091 | if(BACKEND->encdata_offset > inbuf[1].cbBuffer) { |
1092 | memmove(BACKEND->encdata_buffer, |
1093 | (BACKEND->encdata_buffer + BACKEND->encdata_offset) - |
1094 | inbuf[1].cbBuffer, inbuf[1].cbBuffer); |
1095 | BACKEND->encdata_offset = inbuf[1].cbBuffer; |
1096 | if(sspi_status == SEC_I_CONTINUE_NEEDED) { |
1097 | doread = FALSE; |
1098 | continue; |
1099 | } |
1100 | } |
1101 | } |
1102 | else { |
1103 | BACKEND->encdata_offset = 0; |
1104 | } |
1105 | break; |
1106 | } |
1107 | |
1108 | /* check if the handshake needs to be continued */ |
1109 | if(sspi_status == SEC_I_CONTINUE_NEEDED) { |
1110 | connssl->connecting_state = ssl_connect_2_reading; |
1111 | return CURLE_OK; |
1112 | } |
1113 | |
1114 | /* check if the handshake is complete */ |
1115 | if(sspi_status == SEC_E_OK) { |
1116 | connssl->connecting_state = ssl_connect_3; |
1117 | DEBUGF(infof(data, "schannel: SSL/TLS handshake complete\n" )); |
1118 | } |
1119 | |
1120 | pubkey_ptr = SSL_IS_PROXY() ? |
1121 | data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] : |
1122 | data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG]; |
1123 | if(pubkey_ptr) { |
1124 | result = pkp_pin_peer_pubkey(conn, sockindex, pubkey_ptr); |
1125 | if(result) { |
1126 | failf(data, "SSL: public key does not match pinned public key!" ); |
1127 | return result; |
1128 | } |
1129 | } |
1130 | |
1131 | #ifdef HAS_MANUAL_VERIFY_API |
1132 | if(conn->ssl_config.verifypeer && BACKEND->use_manual_cred_validation) { |
1133 | return Curl_verify_certificate(conn, sockindex); |
1134 | } |
1135 | #endif |
1136 | |
1137 | return CURLE_OK; |
1138 | } |
1139 | |
1140 | static bool |
1141 | valid_cert_encoding(const CERT_CONTEXT *cert_context) |
1142 | { |
1143 | return (cert_context != NULL) && |
1144 | ((cert_context->dwCertEncodingType & X509_ASN_ENCODING) != 0) && |
1145 | (cert_context->pbCertEncoded != NULL) && |
1146 | (cert_context->cbCertEncoded > 0); |
1147 | } |
1148 | |
1149 | typedef bool(*Read_crt_func)(const CERT_CONTEXT *ccert_context, void *arg); |
1150 | |
1151 | static void |
1152 | traverse_cert_store(const CERT_CONTEXT *context, Read_crt_func func, |
1153 | void *arg) |
1154 | { |
1155 | const CERT_CONTEXT *current_context = NULL; |
1156 | bool should_continue = true; |
1157 | while(should_continue && |
1158 | (current_context = CertEnumCertificatesInStore( |
1159 | context->hCertStore, |
1160 | current_context)) != NULL) |
1161 | should_continue = func(current_context, arg); |
1162 | |
1163 | if(current_context) |
1164 | CertFreeCertificateContext(current_context); |
1165 | } |
1166 | |
1167 | static bool |
1168 | cert_counter_callback(const CERT_CONTEXT *ccert_context, void *certs_count) |
1169 | { |
1170 | if(valid_cert_encoding(ccert_context)) |
1171 | (*(int *)certs_count)++; |
1172 | return true; |
1173 | } |
1174 | |
1175 | struct Adder_args |
1176 | { |
1177 | struct connectdata *conn; |
1178 | CURLcode result; |
1179 | int idx; |
1180 | int certs_count; |
1181 | }; |
1182 | |
1183 | static bool |
1184 | add_cert_to_certinfo(const CERT_CONTEXT *ccert_context, void *raw_arg) |
1185 | { |
1186 | struct Adder_args *args = (struct Adder_args*)raw_arg; |
1187 | args->result = CURLE_OK; |
1188 | if(valid_cert_encoding(ccert_context)) { |
1189 | const char *beg = (const char *) ccert_context->pbCertEncoded; |
1190 | const char *end = beg + ccert_context->cbCertEncoded; |
1191 | int insert_index = (args->certs_count - 1) - args->idx; |
1192 | args->result = Curl_extract_certinfo(args->conn, insert_index, beg, end); |
1193 | args->idx++; |
1194 | } |
1195 | return args->result == CURLE_OK; |
1196 | } |
1197 | |
1198 | static CURLcode |
1199 | schannel_connect_step3(struct connectdata *conn, int sockindex) |
1200 | { |
1201 | CURLcode result = CURLE_OK; |
1202 | struct Curl_easy *data = conn->data; |
1203 | struct ssl_connect_data *connssl = &conn->ssl[sockindex]; |
1204 | SECURITY_STATUS sspi_status = SEC_E_OK; |
1205 | CERT_CONTEXT *ccert_context = NULL; |
1206 | #ifdef DEBUGBUILD |
1207 | const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name : |
1208 | conn->host.name; |
1209 | #endif |
1210 | #ifdef HAS_ALPN |
1211 | SecPkgContext_ApplicationProtocol alpn_result; |
1212 | #endif |
1213 | |
1214 | DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); |
1215 | |
1216 | DEBUGF(infof(data, |
1217 | "schannel: SSL/TLS connection with %s port %hu (step 3/3)\n" , |
1218 | hostname, conn->remote_port)); |
1219 | |
1220 | if(!BACKEND->cred) |
1221 | return CURLE_SSL_CONNECT_ERROR; |
1222 | |
1223 | /* check if the required context attributes are met */ |
1224 | if(BACKEND->ret_flags != BACKEND->req_flags) { |
1225 | if(!(BACKEND->ret_flags & ISC_RET_SEQUENCE_DETECT)) |
1226 | failf(data, "schannel: failed to setup sequence detection" ); |
1227 | if(!(BACKEND->ret_flags & ISC_RET_REPLAY_DETECT)) |
1228 | failf(data, "schannel: failed to setup replay detection" ); |
1229 | if(!(BACKEND->ret_flags & ISC_RET_CONFIDENTIALITY)) |
1230 | failf(data, "schannel: failed to setup confidentiality" ); |
1231 | if(!(BACKEND->ret_flags & ISC_RET_ALLOCATED_MEMORY)) |
1232 | failf(data, "schannel: failed to setup memory allocation" ); |
1233 | if(!(BACKEND->ret_flags & ISC_RET_STREAM)) |
1234 | failf(data, "schannel: failed to setup stream orientation" ); |
1235 | return CURLE_SSL_CONNECT_ERROR; |
1236 | } |
1237 | |
1238 | #ifdef HAS_ALPN |
1239 | if(BACKEND->use_alpn) { |
1240 | sspi_status = s_pSecFn->QueryContextAttributes(&BACKEND->ctxt->ctxt_handle, |
1241 | SECPKG_ATTR_APPLICATION_PROTOCOL, &alpn_result); |
1242 | |
1243 | if(sspi_status != SEC_E_OK) { |
1244 | failf(data, "schannel: failed to retrieve ALPN result" ); |
1245 | return CURLE_SSL_CONNECT_ERROR; |
1246 | } |
1247 | |
1248 | if(alpn_result.ProtoNegoStatus == |
1249 | SecApplicationProtocolNegotiationStatus_Success) { |
1250 | |
1251 | infof(data, "schannel: ALPN, server accepted to use %.*s\n" , |
1252 | alpn_result.ProtocolIdSize, alpn_result.ProtocolId); |
1253 | |
1254 | #ifdef USE_NGHTTP2 |
1255 | if(alpn_result.ProtocolIdSize == NGHTTP2_PROTO_VERSION_ID_LEN && |
1256 | !memcmp(NGHTTP2_PROTO_VERSION_ID, alpn_result.ProtocolId, |
1257 | NGHTTP2_PROTO_VERSION_ID_LEN)) { |
1258 | conn->negnpn = CURL_HTTP_VERSION_2; |
1259 | } |
1260 | else |
1261 | #endif |
1262 | if(alpn_result.ProtocolIdSize == ALPN_HTTP_1_1_LENGTH && |
1263 | !memcmp(ALPN_HTTP_1_1, alpn_result.ProtocolId, |
1264 | ALPN_HTTP_1_1_LENGTH)) { |
1265 | conn->negnpn = CURL_HTTP_VERSION_1_1; |
1266 | } |
1267 | } |
1268 | else |
1269 | infof(data, "ALPN, server did not agree to a protocol\n" ); |
1270 | Curl_multiuse_state(conn, conn->negnpn == CURL_HTTP_VERSION_2 ? |
1271 | BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE); |
1272 | } |
1273 | #endif |
1274 | |
1275 | /* save the current session data for possible re-use */ |
1276 | if(SSL_SET_OPTION(primary.sessionid)) { |
1277 | bool incache; |
1278 | struct curl_schannel_cred *old_cred = NULL; |
1279 | |
1280 | Curl_ssl_sessionid_lock(conn); |
1281 | incache = !(Curl_ssl_getsessionid(conn, (void **)&old_cred, NULL, |
1282 | sockindex)); |
1283 | if(incache) { |
1284 | if(old_cred != BACKEND->cred) { |
1285 | DEBUGF(infof(data, |
1286 | "schannel: old credential handle is stale, removing\n" )); |
1287 | /* we're not taking old_cred ownership here, no refcount++ is needed */ |
1288 | Curl_ssl_delsessionid(conn, (void *)old_cred); |
1289 | incache = FALSE; |
1290 | } |
1291 | } |
1292 | if(!incache) { |
1293 | result = Curl_ssl_addsessionid(conn, (void *)BACKEND->cred, |
1294 | sizeof(struct curl_schannel_cred), |
1295 | sockindex); |
1296 | if(result) { |
1297 | Curl_ssl_sessionid_unlock(conn); |
1298 | failf(data, "schannel: failed to store credential handle" ); |
1299 | return result; |
1300 | } |
1301 | else { |
1302 | /* this cred session is now also referenced by sessionid cache */ |
1303 | BACKEND->cred->refcount++; |
1304 | DEBUGF(infof(data, |
1305 | "schannel: stored credential handle in session cache\n" )); |
1306 | } |
1307 | } |
1308 | Curl_ssl_sessionid_unlock(conn); |
1309 | } |
1310 | |
1311 | if(data->set.ssl.certinfo) { |
1312 | int certs_count = 0; |
1313 | sspi_status = s_pSecFn->QueryContextAttributes(&BACKEND->ctxt->ctxt_handle, |
1314 | SECPKG_ATTR_REMOTE_CERT_CONTEXT, &ccert_context); |
1315 | |
1316 | if((sspi_status != SEC_E_OK) || (ccert_context == NULL)) { |
1317 | failf(data, "schannel: failed to retrieve remote cert context" ); |
1318 | return CURLE_PEER_FAILED_VERIFICATION; |
1319 | } |
1320 | |
1321 | traverse_cert_store(ccert_context, cert_counter_callback, &certs_count); |
1322 | |
1323 | result = Curl_ssl_init_certinfo(data, certs_count); |
1324 | if(!result) { |
1325 | struct Adder_args args; |
1326 | args.conn = conn; |
1327 | args.idx = 0; |
1328 | args.certs_count = certs_count; |
1329 | traverse_cert_store(ccert_context, add_cert_to_certinfo, &args); |
1330 | result = args.result; |
1331 | } |
1332 | CertFreeCertificateContext(ccert_context); |
1333 | if(result) |
1334 | return result; |
1335 | } |
1336 | |
1337 | connssl->connecting_state = ssl_connect_done; |
1338 | |
1339 | return CURLE_OK; |
1340 | } |
1341 | |
1342 | static CURLcode |
1343 | schannel_connect_common(struct connectdata *conn, int sockindex, |
1344 | bool nonblocking, bool *done) |
1345 | { |
1346 | CURLcode result; |
1347 | struct Curl_easy *data = conn->data; |
1348 | struct ssl_connect_data *connssl = &conn->ssl[sockindex]; |
1349 | curl_socket_t sockfd = conn->sock[sockindex]; |
1350 | timediff_t timeout_ms; |
1351 | int what; |
1352 | |
1353 | /* check if the connection has already been established */ |
1354 | if(ssl_connection_complete == connssl->state) { |
1355 | *done = TRUE; |
1356 | return CURLE_OK; |
1357 | } |
1358 | |
1359 | if(ssl_connect_1 == connssl->connecting_state) { |
1360 | /* check out how much more time we're allowed */ |
1361 | timeout_ms = Curl_timeleft(data, NULL, TRUE); |
1362 | |
1363 | if(timeout_ms < 0) { |
1364 | /* no need to continue if time already is up */ |
1365 | failf(data, "SSL/TLS connection timeout" ); |
1366 | return CURLE_OPERATION_TIMEDOUT; |
1367 | } |
1368 | |
1369 | result = schannel_connect_step1(conn, sockindex); |
1370 | if(result) |
1371 | return result; |
1372 | } |
1373 | |
1374 | while(ssl_connect_2 == connssl->connecting_state || |
1375 | ssl_connect_2_reading == connssl->connecting_state || |
1376 | ssl_connect_2_writing == connssl->connecting_state) { |
1377 | |
1378 | /* check out how much more time we're allowed */ |
1379 | timeout_ms = Curl_timeleft(data, NULL, TRUE); |
1380 | |
1381 | if(timeout_ms < 0) { |
1382 | /* no need to continue if time already is up */ |
1383 | failf(data, "SSL/TLS connection timeout" ); |
1384 | return CURLE_OPERATION_TIMEDOUT; |
1385 | } |
1386 | |
1387 | /* if ssl is expecting something, check if it's available. */ |
1388 | if(connssl->connecting_state == ssl_connect_2_reading |
1389 | || connssl->connecting_state == ssl_connect_2_writing) { |
1390 | |
1391 | curl_socket_t writefd = ssl_connect_2_writing == |
1392 | connssl->connecting_state ? sockfd : CURL_SOCKET_BAD; |
1393 | curl_socket_t readfd = ssl_connect_2_reading == |
1394 | connssl->connecting_state ? sockfd : CURL_SOCKET_BAD; |
1395 | |
1396 | what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd, |
1397 | nonblocking ? 0 : (time_t)timeout_ms); |
1398 | if(what < 0) { |
1399 | /* fatal error */ |
1400 | failf(data, "select/poll on SSL/TLS socket, errno: %d" , SOCKERRNO); |
1401 | return CURLE_SSL_CONNECT_ERROR; |
1402 | } |
1403 | else if(0 == what) { |
1404 | if(nonblocking) { |
1405 | *done = FALSE; |
1406 | return CURLE_OK; |
1407 | } |
1408 | else { |
1409 | /* timeout */ |
1410 | failf(data, "SSL/TLS connection timeout" ); |
1411 | return CURLE_OPERATION_TIMEDOUT; |
1412 | } |
1413 | } |
1414 | /* socket is readable or writable */ |
1415 | } |
1416 | |
1417 | /* Run transaction, and return to the caller if it failed or if |
1418 | * this connection is part of a multi handle and this loop would |
1419 | * execute again. This permits the owner of a multi handle to |
1420 | * abort a connection attempt before step2 has completed while |
1421 | * ensuring that a client using select() or epoll() will always |
1422 | * have a valid fdset to wait on. |
1423 | */ |
1424 | result = schannel_connect_step2(conn, sockindex); |
1425 | if(result || (nonblocking && |
1426 | (ssl_connect_2 == connssl->connecting_state || |
1427 | ssl_connect_2_reading == connssl->connecting_state || |
1428 | ssl_connect_2_writing == connssl->connecting_state))) |
1429 | return result; |
1430 | |
1431 | } /* repeat step2 until all transactions are done. */ |
1432 | |
1433 | if(ssl_connect_3 == connssl->connecting_state) { |
1434 | result = schannel_connect_step3(conn, sockindex); |
1435 | if(result) |
1436 | return result; |
1437 | } |
1438 | |
1439 | if(ssl_connect_done == connssl->connecting_state) { |
1440 | connssl->state = ssl_connection_complete; |
1441 | conn->recv[sockindex] = schannel_recv; |
1442 | conn->send[sockindex] = schannel_send; |
1443 | |
1444 | #ifdef SECPKG_ATTR_ENDPOINT_BINDINGS |
1445 | /* When SSPI is used in combination with Schannel |
1446 | * we need the Schannel context to create the Schannel |
1447 | * binding to pass the IIS extended protection checks. |
1448 | * Available on Windows 7 or later. |
1449 | */ |
1450 | conn->sslContext = &BACKEND->ctxt->ctxt_handle; |
1451 | #endif |
1452 | |
1453 | *done = TRUE; |
1454 | } |
1455 | else |
1456 | *done = FALSE; |
1457 | |
1458 | /* reset our connection state machine */ |
1459 | connssl->connecting_state = ssl_connect_1; |
1460 | |
1461 | return CURLE_OK; |
1462 | } |
1463 | |
1464 | static ssize_t |
1465 | schannel_send(struct connectdata *conn, int sockindex, |
1466 | const void *buf, size_t len, CURLcode *err) |
1467 | { |
1468 | ssize_t written = -1; |
1469 | size_t data_len = 0; |
1470 | unsigned char *data = NULL; |
1471 | struct ssl_connect_data *connssl = &conn->ssl[sockindex]; |
1472 | SecBuffer outbuf[4]; |
1473 | SecBufferDesc outbuf_desc; |
1474 | SECURITY_STATUS sspi_status = SEC_E_OK; |
1475 | CURLcode result; |
1476 | |
1477 | /* check if the maximum stream sizes were queried */ |
1478 | if(BACKEND->stream_sizes.cbMaximumMessage == 0) { |
1479 | sspi_status = s_pSecFn->QueryContextAttributes( |
1480 | &BACKEND->ctxt->ctxt_handle, |
1481 | SECPKG_ATTR_STREAM_SIZES, |
1482 | &BACKEND->stream_sizes); |
1483 | if(sspi_status != SEC_E_OK) { |
1484 | *err = CURLE_SEND_ERROR; |
1485 | return -1; |
1486 | } |
1487 | } |
1488 | |
1489 | /* check if the buffer is longer than the maximum message length */ |
1490 | if(len > BACKEND->stream_sizes.cbMaximumMessage) { |
1491 | len = BACKEND->stream_sizes.cbMaximumMessage; |
1492 | } |
1493 | |
1494 | /* calculate the complete message length and allocate a buffer for it */ |
1495 | data_len = BACKEND->stream_sizes.cbHeader + len + |
1496 | BACKEND->stream_sizes.cbTrailer; |
1497 | data = (unsigned char *) malloc(data_len); |
1498 | if(data == NULL) { |
1499 | *err = CURLE_OUT_OF_MEMORY; |
1500 | return -1; |
1501 | } |
1502 | |
1503 | /* setup output buffers (header, data, trailer, empty) */ |
1504 | InitSecBuffer(&outbuf[0], SECBUFFER_STREAM_HEADER, |
1505 | data, BACKEND->stream_sizes.cbHeader); |
1506 | InitSecBuffer(&outbuf[1], SECBUFFER_DATA, |
1507 | data + BACKEND->stream_sizes.cbHeader, curlx_uztoul(len)); |
1508 | InitSecBuffer(&outbuf[2], SECBUFFER_STREAM_TRAILER, |
1509 | data + BACKEND->stream_sizes.cbHeader + len, |
1510 | BACKEND->stream_sizes.cbTrailer); |
1511 | InitSecBuffer(&outbuf[3], SECBUFFER_EMPTY, NULL, 0); |
1512 | InitSecBufferDesc(&outbuf_desc, outbuf, 4); |
1513 | |
1514 | /* copy data into output buffer */ |
1515 | memcpy(outbuf[1].pvBuffer, buf, len); |
1516 | |
1517 | /* https://msdn.microsoft.com/en-us/library/windows/desktop/aa375390.aspx */ |
1518 | sspi_status = s_pSecFn->EncryptMessage(&BACKEND->ctxt->ctxt_handle, 0, |
1519 | &outbuf_desc, 0); |
1520 | |
1521 | /* check if the message was encrypted */ |
1522 | if(sspi_status == SEC_E_OK) { |
1523 | written = 0; |
1524 | |
1525 | /* send the encrypted message including header, data and trailer */ |
1526 | len = outbuf[0].cbBuffer + outbuf[1].cbBuffer + outbuf[2].cbBuffer; |
1527 | |
1528 | /* |
1529 | It's important to send the full message which includes the header, |
1530 | encrypted payload, and trailer. Until the client receives all the |
1531 | data a coherent message has not been delivered and the client |
1532 | can't read any of it. |
1533 | |
1534 | If we wanted to buffer the unwritten encrypted bytes, we would |
1535 | tell the client that all data it has requested to be sent has been |
1536 | sent. The unwritten encrypted bytes would be the first bytes to |
1537 | send on the next invocation. |
1538 | Here's the catch with this - if we tell the client that all the |
1539 | bytes have been sent, will the client call this method again to |
1540 | send the buffered data? Looking at who calls this function, it |
1541 | seems the answer is NO. |
1542 | */ |
1543 | |
1544 | /* send entire message or fail */ |
1545 | while(len > (size_t)written) { |
1546 | ssize_t this_write; |
1547 | timediff_t timeleft; |
1548 | int what; |
1549 | |
1550 | this_write = 0; |
1551 | |
1552 | timeleft = Curl_timeleft(conn->data, NULL, FALSE); |
1553 | if(timeleft < 0) { |
1554 | /* we already got the timeout */ |
1555 | failf(conn->data, "schannel: timed out sending data " |
1556 | "(bytes sent: %zd)" , written); |
1557 | *err = CURLE_OPERATION_TIMEDOUT; |
1558 | written = -1; |
1559 | break; |
1560 | } |
1561 | |
1562 | what = SOCKET_WRITABLE(conn->sock[sockindex], timeleft); |
1563 | if(what < 0) { |
1564 | /* fatal error */ |
1565 | failf(conn->data, "select/poll on SSL socket, errno: %d" , SOCKERRNO); |
1566 | *err = CURLE_SEND_ERROR; |
1567 | written = -1; |
1568 | break; |
1569 | } |
1570 | else if(0 == what) { |
1571 | failf(conn->data, "schannel: timed out sending data " |
1572 | "(bytes sent: %zd)" , written); |
1573 | *err = CURLE_OPERATION_TIMEDOUT; |
1574 | written = -1; |
1575 | break; |
1576 | } |
1577 | /* socket is writable */ |
1578 | |
1579 | result = Curl_write_plain(conn, conn->sock[sockindex], data + written, |
1580 | len - written, &this_write); |
1581 | if(result == CURLE_AGAIN) |
1582 | continue; |
1583 | else if(result != CURLE_OK) { |
1584 | *err = result; |
1585 | written = -1; |
1586 | break; |
1587 | } |
1588 | |
1589 | written += this_write; |
1590 | } |
1591 | } |
1592 | else if(sspi_status == SEC_E_INSUFFICIENT_MEMORY) { |
1593 | *err = CURLE_OUT_OF_MEMORY; |
1594 | } |
1595 | else{ |
1596 | *err = CURLE_SEND_ERROR; |
1597 | } |
1598 | |
1599 | Curl_safefree(data); |
1600 | |
1601 | if(len == (size_t)written) |
1602 | /* Encrypted message including header, data and trailer entirely sent. |
1603 | The return value is the number of unencrypted bytes that were sent. */ |
1604 | written = outbuf[1].cbBuffer; |
1605 | |
1606 | return written; |
1607 | } |
1608 | |
1609 | static ssize_t |
1610 | schannel_recv(struct connectdata *conn, int sockindex, |
1611 | char *buf, size_t len, CURLcode *err) |
1612 | { |
1613 | size_t size = 0; |
1614 | ssize_t nread = -1; |
1615 | struct Curl_easy *data = conn->data; |
1616 | struct ssl_connect_data *connssl = &conn->ssl[sockindex]; |
1617 | unsigned char *reallocated_buffer; |
1618 | size_t reallocated_length; |
1619 | bool done = FALSE; |
1620 | SecBuffer inbuf[4]; |
1621 | SecBufferDesc inbuf_desc; |
1622 | SECURITY_STATUS sspi_status = SEC_E_OK; |
1623 | /* we want the length of the encrypted buffer to be at least large enough |
1624 | that it can hold all the bytes requested and some TLS record overhead. */ |
1625 | size_t min_encdata_length = len + CURL_SCHANNEL_BUFFER_FREE_SIZE; |
1626 | |
1627 | /**************************************************************************** |
1628 | * Don't return or set BACKEND->recv_unrecoverable_err unless in the cleanup. |
1629 | * The pattern for return error is set *err, optional infof, goto cleanup. |
1630 | * |
1631 | * Our priority is to always return as much decrypted data to the caller as |
1632 | * possible, even if an error occurs. The state of the decrypted buffer must |
1633 | * always be valid. Transfer of decrypted data to the caller's buffer is |
1634 | * handled in the cleanup. |
1635 | */ |
1636 | |
1637 | DEBUGF(infof(data, "schannel: client wants to read %zu bytes\n" , len)); |
1638 | *err = CURLE_OK; |
1639 | |
1640 | if(len && len <= BACKEND->decdata_offset) { |
1641 | infof(data, "schannel: enough decrypted data is already available\n" ); |
1642 | goto cleanup; |
1643 | } |
1644 | else if(BACKEND->recv_unrecoverable_err) { |
1645 | *err = BACKEND->recv_unrecoverable_err; |
1646 | infof(data, "schannel: an unrecoverable error occurred in a prior call\n" ); |
1647 | goto cleanup; |
1648 | } |
1649 | else if(BACKEND->recv_sspi_close_notify) { |
1650 | /* once a server has indicated shutdown there is no more encrypted data */ |
1651 | infof(data, "schannel: server indicated shutdown in a prior call\n" ); |
1652 | goto cleanup; |
1653 | } |
1654 | else if(!len) { |
1655 | /* It's debatable what to return when !len. Regardless we can't return |
1656 | immediately because there may be data to decrypt (in the case we want to |
1657 | decrypt all encrypted cached data) so handle !len later in cleanup. |
1658 | */ |
1659 | ; /* do nothing */ |
1660 | } |
1661 | else if(!BACKEND->recv_connection_closed) { |
1662 | /* increase enc buffer in order to fit the requested amount of data */ |
1663 | size = BACKEND->encdata_length - BACKEND->encdata_offset; |
1664 | if(size < CURL_SCHANNEL_BUFFER_FREE_SIZE || |
1665 | BACKEND->encdata_length < min_encdata_length) { |
1666 | reallocated_length = BACKEND->encdata_offset + |
1667 | CURL_SCHANNEL_BUFFER_FREE_SIZE; |
1668 | if(reallocated_length < min_encdata_length) { |
1669 | reallocated_length = min_encdata_length; |
1670 | } |
1671 | reallocated_buffer = realloc(BACKEND->encdata_buffer, |
1672 | reallocated_length); |
1673 | if(reallocated_buffer == NULL) { |
1674 | *err = CURLE_OUT_OF_MEMORY; |
1675 | failf(data, "schannel: unable to re-allocate memory" ); |
1676 | goto cleanup; |
1677 | } |
1678 | |
1679 | BACKEND->encdata_buffer = reallocated_buffer; |
1680 | BACKEND->encdata_length = reallocated_length; |
1681 | size = BACKEND->encdata_length - BACKEND->encdata_offset; |
1682 | DEBUGF(infof(data, "schannel: encdata_buffer resized %zu\n" , |
1683 | BACKEND->encdata_length)); |
1684 | } |
1685 | |
1686 | DEBUGF(infof(data, |
1687 | "schannel: encrypted data buffer: offset %zu length %zu\n" , |
1688 | BACKEND->encdata_offset, BACKEND->encdata_length)); |
1689 | |
1690 | /* read encrypted data from socket */ |
1691 | *err = Curl_read_plain(conn->sock[sockindex], |
1692 | (char *)(BACKEND->encdata_buffer + |
1693 | BACKEND->encdata_offset), |
1694 | size, &nread); |
1695 | if(*err) { |
1696 | nread = -1; |
1697 | if(*err == CURLE_AGAIN) |
1698 | DEBUGF(infof(data, |
1699 | "schannel: Curl_read_plain returned CURLE_AGAIN\n" )); |
1700 | else if(*err == CURLE_RECV_ERROR) |
1701 | infof(data, "schannel: Curl_read_plain returned CURLE_RECV_ERROR\n" ); |
1702 | else |
1703 | infof(data, "schannel: Curl_read_plain returned error %d\n" , *err); |
1704 | } |
1705 | else if(nread == 0) { |
1706 | BACKEND->recv_connection_closed = true; |
1707 | DEBUGF(infof(data, "schannel: server closed the connection\n" )); |
1708 | } |
1709 | else if(nread > 0) { |
1710 | BACKEND->encdata_offset += (size_t)nread; |
1711 | BACKEND->encdata_is_incomplete = false; |
1712 | DEBUGF(infof(data, "schannel: encrypted data got %zd\n" , nread)); |
1713 | } |
1714 | } |
1715 | |
1716 | DEBUGF(infof(data, |
1717 | "schannel: encrypted data buffer: offset %zu length %zu\n" , |
1718 | BACKEND->encdata_offset, BACKEND->encdata_length)); |
1719 | |
1720 | /* decrypt loop */ |
1721 | while(BACKEND->encdata_offset > 0 && sspi_status == SEC_E_OK && |
1722 | (!len || BACKEND->decdata_offset < len || |
1723 | BACKEND->recv_connection_closed)) { |
1724 | /* prepare data buffer for DecryptMessage call */ |
1725 | InitSecBuffer(&inbuf[0], SECBUFFER_DATA, BACKEND->encdata_buffer, |
1726 | curlx_uztoul(BACKEND->encdata_offset)); |
1727 | |
1728 | /* we need 3 more empty input buffers for possible output */ |
1729 | InitSecBuffer(&inbuf[1], SECBUFFER_EMPTY, NULL, 0); |
1730 | InitSecBuffer(&inbuf[2], SECBUFFER_EMPTY, NULL, 0); |
1731 | InitSecBuffer(&inbuf[3], SECBUFFER_EMPTY, NULL, 0); |
1732 | InitSecBufferDesc(&inbuf_desc, inbuf, 4); |
1733 | |
1734 | /* https://msdn.microsoft.com/en-us/library/windows/desktop/aa375348.aspx |
1735 | */ |
1736 | sspi_status = s_pSecFn->DecryptMessage(&BACKEND->ctxt->ctxt_handle, |
1737 | &inbuf_desc, 0, NULL); |
1738 | |
1739 | /* check if everything went fine (server may want to renegotiate |
1740 | or shutdown the connection context) */ |
1741 | if(sspi_status == SEC_E_OK || sspi_status == SEC_I_RENEGOTIATE || |
1742 | sspi_status == SEC_I_CONTEXT_EXPIRED) { |
1743 | /* check for successfully decrypted data, even before actual |
1744 | renegotiation or shutdown of the connection context */ |
1745 | if(inbuf[1].BufferType == SECBUFFER_DATA) { |
1746 | DEBUGF(infof(data, "schannel: decrypted data length: %lu\n" , |
1747 | inbuf[1].cbBuffer)); |
1748 | |
1749 | /* increase buffer in order to fit the received amount of data */ |
1750 | size = inbuf[1].cbBuffer > CURL_SCHANNEL_BUFFER_FREE_SIZE ? |
1751 | inbuf[1].cbBuffer : CURL_SCHANNEL_BUFFER_FREE_SIZE; |
1752 | if(BACKEND->decdata_length - BACKEND->decdata_offset < size || |
1753 | BACKEND->decdata_length < len) { |
1754 | /* increase internal decrypted data buffer */ |
1755 | reallocated_length = BACKEND->decdata_offset + size; |
1756 | /* make sure that the requested amount of data fits */ |
1757 | if(reallocated_length < len) { |
1758 | reallocated_length = len; |
1759 | } |
1760 | reallocated_buffer = realloc(BACKEND->decdata_buffer, |
1761 | reallocated_length); |
1762 | if(reallocated_buffer == NULL) { |
1763 | *err = CURLE_OUT_OF_MEMORY; |
1764 | failf(data, "schannel: unable to re-allocate memory" ); |
1765 | goto cleanup; |
1766 | } |
1767 | BACKEND->decdata_buffer = reallocated_buffer; |
1768 | BACKEND->decdata_length = reallocated_length; |
1769 | } |
1770 | |
1771 | /* copy decrypted data to internal buffer */ |
1772 | size = inbuf[1].cbBuffer; |
1773 | if(size) { |
1774 | memcpy(BACKEND->decdata_buffer + BACKEND->decdata_offset, |
1775 | inbuf[1].pvBuffer, size); |
1776 | BACKEND->decdata_offset += size; |
1777 | } |
1778 | |
1779 | DEBUGF(infof(data, "schannel: decrypted data added: %zu\n" , size)); |
1780 | DEBUGF(infof(data, |
1781 | "schannel: decrypted cached: offset %zu length %zu\n" , |
1782 | BACKEND->decdata_offset, BACKEND->decdata_length)); |
1783 | } |
1784 | |
1785 | /* check for remaining encrypted data */ |
1786 | if(inbuf[3].BufferType == SECBUFFER_EXTRA && inbuf[3].cbBuffer > 0) { |
1787 | DEBUGF(infof(data, "schannel: encrypted data length: %lu\n" , |
1788 | inbuf[3].cbBuffer)); |
1789 | |
1790 | /* check if the remaining data is less than the total amount |
1791 | * and therefore begins after the already processed data |
1792 | */ |
1793 | if(BACKEND->encdata_offset > inbuf[3].cbBuffer) { |
1794 | /* move remaining encrypted data forward to the beginning of |
1795 | buffer */ |
1796 | memmove(BACKEND->encdata_buffer, |
1797 | (BACKEND->encdata_buffer + BACKEND->encdata_offset) - |
1798 | inbuf[3].cbBuffer, inbuf[3].cbBuffer); |
1799 | BACKEND->encdata_offset = inbuf[3].cbBuffer; |
1800 | } |
1801 | |
1802 | DEBUGF(infof(data, |
1803 | "schannel: encrypted cached: offset %zu length %zu\n" , |
1804 | BACKEND->encdata_offset, BACKEND->encdata_length)); |
1805 | } |
1806 | else { |
1807 | /* reset encrypted buffer offset, because there is no data remaining */ |
1808 | BACKEND->encdata_offset = 0; |
1809 | } |
1810 | |
1811 | /* check if server wants to renegotiate the connection context */ |
1812 | if(sspi_status == SEC_I_RENEGOTIATE) { |
1813 | infof(data, "schannel: remote party requests renegotiation\n" ); |
1814 | if(*err && *err != CURLE_AGAIN) { |
1815 | infof(data, "schannel: can't renogotiate, an error is pending\n" ); |
1816 | goto cleanup; |
1817 | } |
1818 | if(BACKEND->encdata_offset) { |
1819 | *err = CURLE_RECV_ERROR; |
1820 | infof(data, "schannel: can't renogotiate, " |
1821 | "encrypted data available\n" ); |
1822 | goto cleanup; |
1823 | } |
1824 | /* begin renegotiation */ |
1825 | infof(data, "schannel: renegotiating SSL/TLS connection\n" ); |
1826 | connssl->state = ssl_connection_negotiating; |
1827 | connssl->connecting_state = ssl_connect_2_writing; |
1828 | *err = schannel_connect_common(conn, sockindex, FALSE, &done); |
1829 | if(*err) { |
1830 | infof(data, "schannel: renegotiation failed\n" ); |
1831 | goto cleanup; |
1832 | } |
1833 | /* now retry receiving data */ |
1834 | sspi_status = SEC_E_OK; |
1835 | infof(data, "schannel: SSL/TLS connection renegotiated\n" ); |
1836 | continue; |
1837 | } |
1838 | /* check if the server closed the connection */ |
1839 | else if(sspi_status == SEC_I_CONTEXT_EXPIRED) { |
1840 | /* In Windows 2000 SEC_I_CONTEXT_EXPIRED (close_notify) is not |
1841 | returned so we have to work around that in cleanup. */ |
1842 | BACKEND->recv_sspi_close_notify = true; |
1843 | if(!BACKEND->recv_connection_closed) { |
1844 | BACKEND->recv_connection_closed = true; |
1845 | infof(data, "schannel: server closed the connection\n" ); |
1846 | } |
1847 | goto cleanup; |
1848 | } |
1849 | } |
1850 | else if(sspi_status == SEC_E_INCOMPLETE_MESSAGE) { |
1851 | BACKEND->encdata_is_incomplete = true; |
1852 | if(!*err) |
1853 | *err = CURLE_AGAIN; |
1854 | infof(data, "schannel: failed to decrypt data, need more data\n" ); |
1855 | goto cleanup; |
1856 | } |
1857 | else { |
1858 | char buffer[STRERROR_LEN]; |
1859 | *err = CURLE_RECV_ERROR; |
1860 | infof(data, "schannel: failed to read data from server: %s\n" , |
1861 | Curl_sspi_strerror(sspi_status, buffer, sizeof(buffer))); |
1862 | goto cleanup; |
1863 | } |
1864 | } |
1865 | |
1866 | DEBUGF(infof(data, |
1867 | "schannel: encrypted data buffer: offset %zu length %zu\n" , |
1868 | BACKEND->encdata_offset, BACKEND->encdata_length)); |
1869 | |
1870 | DEBUGF(infof(data, |
1871 | "schannel: decrypted data buffer: offset %zu length %zu\n" , |
1872 | BACKEND->decdata_offset, BACKEND->decdata_length)); |
1873 | |
1874 | cleanup: |
1875 | /* Warning- there is no guarantee the encdata state is valid at this point */ |
1876 | DEBUGF(infof(data, "schannel: schannel_recv cleanup\n" )); |
1877 | |
1878 | /* Error if the connection has closed without a close_notify. |
1879 | Behavior here is a matter of debate. We don't want to be vulnerable to a |
1880 | truncation attack however there's some browser precedent for ignoring the |
1881 | close_notify for compatibility reasons. |
1882 | Additionally, Windows 2000 (v5.0) is a special case since it seems it doesn't |
1883 | return close_notify. In that case if the connection was closed we assume it |
1884 | was graceful (close_notify) since there doesn't seem to be a way to tell. |
1885 | */ |
1886 | if(len && !BACKEND->decdata_offset && BACKEND->recv_connection_closed && |
1887 | !BACKEND->recv_sspi_close_notify) { |
1888 | bool isWin2k = Curl_verify_windows_version(5, 0, PLATFORM_WINNT, |
1889 | VERSION_EQUAL); |
1890 | |
1891 | if(isWin2k && sspi_status == SEC_E_OK) |
1892 | BACKEND->recv_sspi_close_notify = true; |
1893 | else { |
1894 | *err = CURLE_RECV_ERROR; |
1895 | infof(data, "schannel: server closed abruptly (missing close_notify)\n" ); |
1896 | } |
1897 | } |
1898 | |
1899 | /* Any error other than CURLE_AGAIN is an unrecoverable error. */ |
1900 | if(*err && *err != CURLE_AGAIN) |
1901 | BACKEND->recv_unrecoverable_err = *err; |
1902 | |
1903 | size = len < BACKEND->decdata_offset ? len : BACKEND->decdata_offset; |
1904 | if(size) { |
1905 | memcpy(buf, BACKEND->decdata_buffer, size); |
1906 | memmove(BACKEND->decdata_buffer, BACKEND->decdata_buffer + size, |
1907 | BACKEND->decdata_offset - size); |
1908 | BACKEND->decdata_offset -= size; |
1909 | DEBUGF(infof(data, "schannel: decrypted data returned %zu\n" , size)); |
1910 | DEBUGF(infof(data, |
1911 | "schannel: decrypted data buffer: offset %zu length %zu\n" , |
1912 | BACKEND->decdata_offset, BACKEND->decdata_length)); |
1913 | *err = CURLE_OK; |
1914 | return (ssize_t)size; |
1915 | } |
1916 | |
1917 | if(!*err && !BACKEND->recv_connection_closed) |
1918 | *err = CURLE_AGAIN; |
1919 | |
1920 | /* It's debatable what to return when !len. We could return whatever error we |
1921 | got from decryption but instead we override here so the return is consistent. |
1922 | */ |
1923 | if(!len) |
1924 | *err = CURLE_OK; |
1925 | |
1926 | return *err ? -1 : 0; |
1927 | } |
1928 | |
1929 | static CURLcode Curl_schannel_connect_nonblocking(struct connectdata *conn, |
1930 | int sockindex, bool *done) |
1931 | { |
1932 | return schannel_connect_common(conn, sockindex, TRUE, done); |
1933 | } |
1934 | |
1935 | static CURLcode Curl_schannel_connect(struct connectdata *conn, int sockindex) |
1936 | { |
1937 | CURLcode result; |
1938 | bool done = FALSE; |
1939 | |
1940 | result = schannel_connect_common(conn, sockindex, FALSE, &done); |
1941 | if(result) |
1942 | return result; |
1943 | |
1944 | DEBUGASSERT(done); |
1945 | |
1946 | return CURLE_OK; |
1947 | } |
1948 | |
1949 | static bool Curl_schannel_data_pending(const struct connectdata *conn, |
1950 | int sockindex) |
1951 | { |
1952 | const struct ssl_connect_data *connssl = &conn->ssl[sockindex]; |
1953 | |
1954 | if(connssl->use) /* SSL/TLS is in use */ |
1955 | return (BACKEND->decdata_offset > 0 || |
1956 | (BACKEND->encdata_offset > 0 && !BACKEND->encdata_is_incomplete)); |
1957 | else |
1958 | return FALSE; |
1959 | } |
1960 | |
1961 | static void Curl_schannel_close(struct connectdata *conn, int sockindex) |
1962 | { |
1963 | if(conn->ssl[sockindex].use) |
1964 | /* if the SSL/TLS channel hasn't been shut down yet, do that now. */ |
1965 | Curl_ssl_shutdown(conn, sockindex); |
1966 | } |
1967 | |
1968 | static void Curl_schannel_session_free(void *ptr) |
1969 | { |
1970 | /* this is expected to be called under sessionid lock */ |
1971 | struct curl_schannel_cred *cred = ptr; |
1972 | |
1973 | cred->refcount--; |
1974 | if(cred->refcount == 0) { |
1975 | s_pSecFn->FreeCredentialsHandle(&cred->cred_handle); |
1976 | Curl_safefree(cred); |
1977 | } |
1978 | } |
1979 | |
1980 | static int Curl_schannel_shutdown(struct connectdata *conn, int sockindex) |
1981 | { |
1982 | /* See https://msdn.microsoft.com/en-us/library/windows/desktop/aa380138.aspx |
1983 | * Shutting Down an Schannel Connection |
1984 | */ |
1985 | struct Curl_easy *data = conn->data; |
1986 | struct ssl_connect_data *connssl = &conn->ssl[sockindex]; |
1987 | char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name : |
1988 | conn->host.name; |
1989 | |
1990 | DEBUGASSERT(data); |
1991 | |
1992 | infof(data, "schannel: shutting down SSL/TLS connection with %s port %hu\n" , |
1993 | hostname, conn->remote_port); |
1994 | |
1995 | if(BACKEND->cred && BACKEND->ctxt) { |
1996 | SecBufferDesc BuffDesc; |
1997 | SecBuffer Buffer; |
1998 | SECURITY_STATUS sspi_status; |
1999 | SecBuffer outbuf; |
2000 | SecBufferDesc outbuf_desc; |
2001 | CURLcode result; |
2002 | TCHAR *host_name; |
2003 | DWORD dwshut = SCHANNEL_SHUTDOWN; |
2004 | |
2005 | InitSecBuffer(&Buffer, SECBUFFER_TOKEN, &dwshut, sizeof(dwshut)); |
2006 | InitSecBufferDesc(&BuffDesc, &Buffer, 1); |
2007 | |
2008 | sspi_status = s_pSecFn->ApplyControlToken(&BACKEND->ctxt->ctxt_handle, |
2009 | &BuffDesc); |
2010 | |
2011 | if(sspi_status != SEC_E_OK) { |
2012 | char buffer[STRERROR_LEN]; |
2013 | failf(data, "schannel: ApplyControlToken failure: %s" , |
2014 | Curl_sspi_strerror(sspi_status, buffer, sizeof(buffer))); |
2015 | } |
2016 | |
2017 | host_name = Curl_convert_UTF8_to_tchar(hostname); |
2018 | if(!host_name) |
2019 | return CURLE_OUT_OF_MEMORY; |
2020 | |
2021 | /* setup output buffer */ |
2022 | InitSecBuffer(&outbuf, SECBUFFER_EMPTY, NULL, 0); |
2023 | InitSecBufferDesc(&outbuf_desc, &outbuf, 1); |
2024 | |
2025 | sspi_status = s_pSecFn->InitializeSecurityContext( |
2026 | &BACKEND->cred->cred_handle, |
2027 | &BACKEND->ctxt->ctxt_handle, |
2028 | host_name, |
2029 | BACKEND->req_flags, |
2030 | 0, |
2031 | 0, |
2032 | NULL, |
2033 | 0, |
2034 | &BACKEND->ctxt->ctxt_handle, |
2035 | &outbuf_desc, |
2036 | &BACKEND->ret_flags, |
2037 | &BACKEND->ctxt->time_stamp); |
2038 | |
2039 | Curl_unicodefree(host_name); |
2040 | |
2041 | if((sspi_status == SEC_E_OK) || (sspi_status == SEC_I_CONTEXT_EXPIRED)) { |
2042 | /* send close message which is in output buffer */ |
2043 | ssize_t written; |
2044 | result = Curl_write_plain(conn, conn->sock[sockindex], outbuf.pvBuffer, |
2045 | outbuf.cbBuffer, &written); |
2046 | |
2047 | s_pSecFn->FreeContextBuffer(outbuf.pvBuffer); |
2048 | if((result != CURLE_OK) || (outbuf.cbBuffer != (size_t) written)) { |
2049 | infof(data, "schannel: failed to send close msg: %s" |
2050 | " (bytes written: %zd)\n" , curl_easy_strerror(result), written); |
2051 | } |
2052 | } |
2053 | } |
2054 | |
2055 | /* free SSPI Schannel API security context handle */ |
2056 | if(BACKEND->ctxt) { |
2057 | DEBUGF(infof(data, "schannel: clear security context handle\n" )); |
2058 | s_pSecFn->DeleteSecurityContext(&BACKEND->ctxt->ctxt_handle); |
2059 | Curl_safefree(BACKEND->ctxt); |
2060 | } |
2061 | |
2062 | /* free SSPI Schannel API credential handle */ |
2063 | if(BACKEND->cred) { |
2064 | /* |
2065 | * When this function is called from Curl_schannel_close() the connection |
2066 | * might not have an associated transfer so the check for conn->data is |
2067 | * necessary. |
2068 | */ |
2069 | Curl_ssl_sessionid_lock(conn); |
2070 | Curl_schannel_session_free(BACKEND->cred); |
2071 | Curl_ssl_sessionid_unlock(conn); |
2072 | BACKEND->cred = NULL; |
2073 | } |
2074 | |
2075 | /* free internal buffer for received encrypted data */ |
2076 | if(BACKEND->encdata_buffer != NULL) { |
2077 | Curl_safefree(BACKEND->encdata_buffer); |
2078 | BACKEND->encdata_length = 0; |
2079 | BACKEND->encdata_offset = 0; |
2080 | BACKEND->encdata_is_incomplete = false; |
2081 | } |
2082 | |
2083 | /* free internal buffer for received decrypted data */ |
2084 | if(BACKEND->decdata_buffer != NULL) { |
2085 | Curl_safefree(BACKEND->decdata_buffer); |
2086 | BACKEND->decdata_length = 0; |
2087 | BACKEND->decdata_offset = 0; |
2088 | } |
2089 | |
2090 | return CURLE_OK; |
2091 | } |
2092 | |
2093 | static int Curl_schannel_init(void) |
2094 | { |
2095 | return (Curl_sspi_global_init() == CURLE_OK ? 1 : 0); |
2096 | } |
2097 | |
2098 | static void Curl_schannel_cleanup(void) |
2099 | { |
2100 | Curl_sspi_global_cleanup(); |
2101 | } |
2102 | |
2103 | static size_t Curl_schannel_version(char *buffer, size_t size) |
2104 | { |
2105 | size = msnprintf(buffer, size, "Schannel" ); |
2106 | |
2107 | return size; |
2108 | } |
2109 | |
2110 | static CURLcode Curl_schannel_random(struct Curl_easy *data UNUSED_PARAM, |
2111 | unsigned char *entropy, size_t length) |
2112 | { |
2113 | HCRYPTPROV hCryptProv = 0; |
2114 | |
2115 | (void)data; |
2116 | |
2117 | if(!CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, |
2118 | CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) |
2119 | return CURLE_FAILED_INIT; |
2120 | |
2121 | if(!CryptGenRandom(hCryptProv, (DWORD)length, entropy)) { |
2122 | CryptReleaseContext(hCryptProv, 0UL); |
2123 | return CURLE_FAILED_INIT; |
2124 | } |
2125 | |
2126 | CryptReleaseContext(hCryptProv, 0UL); |
2127 | return CURLE_OK; |
2128 | } |
2129 | |
2130 | static CURLcode pkp_pin_peer_pubkey(struct connectdata *conn, int sockindex, |
2131 | const char *pinnedpubkey) |
2132 | { |
2133 | struct Curl_easy *data = conn->data; |
2134 | struct ssl_connect_data *connssl = &conn->ssl[sockindex]; |
2135 | CERT_CONTEXT *pCertContextServer = NULL; |
2136 | |
2137 | /* Result is returned to caller */ |
2138 | CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH; |
2139 | |
2140 | /* if a path wasn't specified, don't pin */ |
2141 | if(!pinnedpubkey) |
2142 | return CURLE_OK; |
2143 | |
2144 | do { |
2145 | SECURITY_STATUS sspi_status; |
2146 | const char *x509_der; |
2147 | DWORD x509_der_len; |
2148 | curl_X509certificate x509_parsed; |
2149 | curl_asn1Element *pubkey; |
2150 | |
2151 | sspi_status = |
2152 | s_pSecFn->QueryContextAttributes(&BACKEND->ctxt->ctxt_handle, |
2153 | SECPKG_ATTR_REMOTE_CERT_CONTEXT, |
2154 | &pCertContextServer); |
2155 | |
2156 | if((sspi_status != SEC_E_OK) || (pCertContextServer == NULL)) { |
2157 | char buffer[STRERROR_LEN]; |
2158 | failf(data, "schannel: Failed to read remote certificate context: %s" , |
2159 | Curl_sspi_strerror(sspi_status, buffer, sizeof(buffer))); |
2160 | break; /* failed */ |
2161 | } |
2162 | |
2163 | |
2164 | if(!(((pCertContextServer->dwCertEncodingType & X509_ASN_ENCODING) != 0) && |
2165 | (pCertContextServer->cbCertEncoded > 0))) |
2166 | break; |
2167 | |
2168 | x509_der = (const char *)pCertContextServer->pbCertEncoded; |
2169 | x509_der_len = pCertContextServer->cbCertEncoded; |
2170 | memset(&x509_parsed, 0, sizeof(x509_parsed)); |
2171 | if(Curl_parseX509(&x509_parsed, x509_der, x509_der + x509_der_len)) |
2172 | break; |
2173 | |
2174 | pubkey = &x509_parsed.subjectPublicKeyInfo; |
2175 | if(!pubkey->header || pubkey->end <= pubkey->header) { |
2176 | failf(data, "SSL: failed retrieving public key from server certificate" ); |
2177 | break; |
2178 | } |
2179 | |
2180 | result = Curl_pin_peer_pubkey(data, |
2181 | pinnedpubkey, |
2182 | (const unsigned char *)pubkey->header, |
2183 | (size_t)(pubkey->end - pubkey->header)); |
2184 | if(result) { |
2185 | failf(data, "SSL: public key does not match pinned public key!" ); |
2186 | } |
2187 | } while(0); |
2188 | |
2189 | if(pCertContextServer) |
2190 | CertFreeCertificateContext(pCertContextServer); |
2191 | |
2192 | return result; |
2193 | } |
2194 | |
2195 | static void Curl_schannel_checksum(const unsigned char *input, |
2196 | size_t inputlen, |
2197 | unsigned char *checksum, |
2198 | size_t checksumlen, |
2199 | DWORD provType, |
2200 | const unsigned int algId) |
2201 | { |
2202 | HCRYPTPROV hProv = 0; |
2203 | HCRYPTHASH hHash = 0; |
2204 | DWORD cbHashSize = 0; |
2205 | DWORD dwHashSizeLen = (DWORD)sizeof(cbHashSize); |
2206 | DWORD dwChecksumLen = (DWORD)checksumlen; |
2207 | |
2208 | /* since this can fail in multiple ways, zero memory first so we never |
2209 | * return old data |
2210 | */ |
2211 | memset(checksum, 0, checksumlen); |
2212 | |
2213 | if(!CryptAcquireContext(&hProv, NULL, NULL, provType, |
2214 | CRYPT_VERIFYCONTEXT)) |
2215 | return; /* failed */ |
2216 | |
2217 | do { |
2218 | if(!CryptCreateHash(hProv, algId, 0, 0, &hHash)) |
2219 | break; /* failed */ |
2220 | |
2221 | /* workaround for original MinGW, should be (const BYTE*) */ |
2222 | if(!CryptHashData(hHash, (BYTE*)input, (DWORD)inputlen, 0)) |
2223 | break; /* failed */ |
2224 | |
2225 | /* get hash size */ |
2226 | if(!CryptGetHashParam(hHash, HP_HASHSIZE, (BYTE *)&cbHashSize, |
2227 | &dwHashSizeLen, 0)) |
2228 | break; /* failed */ |
2229 | |
2230 | /* check hash size */ |
2231 | if(checksumlen < cbHashSize) |
2232 | break; /* failed */ |
2233 | |
2234 | if(CryptGetHashParam(hHash, HP_HASHVAL, checksum, &dwChecksumLen, 0)) |
2235 | break; /* failed */ |
2236 | } while(0); |
2237 | |
2238 | if(hHash) |
2239 | CryptDestroyHash(hHash); |
2240 | |
2241 | if(hProv) |
2242 | CryptReleaseContext(hProv, 0); |
2243 | } |
2244 | |
2245 | static CURLcode Curl_schannel_md5sum(unsigned char *input, |
2246 | size_t inputlen, |
2247 | unsigned char *md5sum, |
2248 | size_t md5len) |
2249 | { |
2250 | Curl_schannel_checksum(input, inputlen, md5sum, md5len, |
2251 | PROV_RSA_FULL, CALG_MD5); |
2252 | return CURLE_OK; |
2253 | } |
2254 | |
2255 | static CURLcode Curl_schannel_sha256sum(const unsigned char *input, |
2256 | size_t inputlen, |
2257 | unsigned char *sha256sum, |
2258 | size_t sha256len) |
2259 | { |
2260 | Curl_schannel_checksum(input, inputlen, sha256sum, sha256len, |
2261 | PROV_RSA_AES, CALG_SHA_256); |
2262 | return CURLE_OK; |
2263 | } |
2264 | |
2265 | static void *Curl_schannel_get_internals(struct ssl_connect_data *connssl, |
2266 | CURLINFO info UNUSED_PARAM) |
2267 | { |
2268 | (void)info; |
2269 | return &BACKEND->ctxt->ctxt_handle; |
2270 | } |
2271 | |
2272 | const struct Curl_ssl Curl_ssl_schannel = { |
2273 | { CURLSSLBACKEND_SCHANNEL, "schannel" }, /* info */ |
2274 | |
2275 | SSLSUPP_CERTINFO | |
2276 | SSLSUPP_PINNEDPUBKEY, |
2277 | |
2278 | sizeof(struct ssl_backend_data), |
2279 | |
2280 | Curl_schannel_init, /* init */ |
2281 | Curl_schannel_cleanup, /* cleanup */ |
2282 | Curl_schannel_version, /* version */ |
2283 | Curl_none_check_cxn, /* check_cxn */ |
2284 | Curl_schannel_shutdown, /* shutdown */ |
2285 | Curl_schannel_data_pending, /* data_pending */ |
2286 | Curl_schannel_random, /* random */ |
2287 | Curl_none_cert_status_request, /* cert_status_request */ |
2288 | Curl_schannel_connect, /* connect */ |
2289 | Curl_schannel_connect_nonblocking, /* connect_nonblocking */ |
2290 | Curl_schannel_get_internals, /* get_internals */ |
2291 | Curl_schannel_close, /* close_one */ |
2292 | Curl_none_close_all, /* close_all */ |
2293 | Curl_schannel_session_free, /* session_free */ |
2294 | Curl_none_set_engine, /* set_engine */ |
2295 | Curl_none_set_engine_default, /* set_engine_default */ |
2296 | Curl_none_engines_list, /* engines_list */ |
2297 | Curl_none_false_start, /* false_start */ |
2298 | Curl_schannel_md5sum, /* md5sum */ |
2299 | Curl_schannel_sha256sum /* sha256sum */ |
2300 | }; |
2301 | |
2302 | #endif /* USE_SCHANNEL */ |
2303 | |