1 | /*************************************************************************** |
2 | * _ _ ____ _ |
3 | * Project ___| | | | _ \| | |
4 | * / __| | | | |_) | | |
5 | * | (__| |_| | _ <| |___ |
6 | * \___|\___/|_| \_\_____| |
7 | * |
8 | * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. |
9 | * |
10 | * This software is licensed as described in the file COPYING, which |
11 | * you should have received as part of this distribution. The terms |
12 | * are also available at https://curl.haxx.se/docs/copyright.html. |
13 | * |
14 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
15 | * copies of the Software, and permit persons to whom the Software is |
16 | * furnished to do so, under the terms of the COPYING file. |
17 | * |
18 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
19 | * KIND, either express or implied. |
20 | * |
21 | ***************************************************************************/ |
22 | |
23 | /* |
24 | * Source file for all NSS-specific code for the TLS/SSL layer. No code |
25 | * but vtls.c should ever call or use these functions. |
26 | */ |
27 | |
28 | #include "curl_setup.h" |
29 | |
30 | #ifdef USE_NSS |
31 | |
32 | #include "urldata.h" |
33 | #include "sendf.h" |
34 | #include "formdata.h" /* for the boundary function */ |
35 | #include "url.h" /* for the ssl config check function */ |
36 | #include "connect.h" |
37 | #include "strcase.h" |
38 | #include "select.h" |
39 | #include "vtls.h" |
40 | #include "llist.h" |
41 | #include "multiif.h" |
42 | #include "curl_printf.h" |
43 | #include "nssg.h" |
44 | #include <nspr.h> |
45 | #include <nss.h> |
46 | #include <ssl.h> |
47 | #include <sslerr.h> |
48 | #include <secerr.h> |
49 | #include <secmod.h> |
50 | #include <sslproto.h> |
51 | #include <prtypes.h> |
52 | #include <pk11pub.h> |
53 | #include <prio.h> |
54 | #include <secitem.h> |
55 | #include <secport.h> |
56 | #include <certdb.h> |
57 | #include <base64.h> |
58 | #include <cert.h> |
59 | #include <prerror.h> |
60 | #include <keyhi.h> /* for SECKEY_DestroyPublicKey() */ |
61 | #include <private/pprio.h> /* for PR_ImportTCPSocket */ |
62 | |
63 | #define NSSVERNUM ((NSS_VMAJOR<<16)|(NSS_VMINOR<<8)|NSS_VPATCH) |
64 | |
65 | #if NSSVERNUM >= 0x030f00 /* 3.15.0 */ |
66 | #include <ocsp.h> |
67 | #endif |
68 | |
69 | #include "strcase.h" |
70 | #include "warnless.h" |
71 | #include "x509asn1.h" |
72 | |
73 | /* The last #include files should be: */ |
74 | #include "curl_memory.h" |
75 | #include "memdebug.h" |
76 | |
77 | #define SSL_DIR "/etc/pki/nssdb" |
78 | |
79 | /* enough to fit the string "PEM Token #[0|1]" */ |
80 | #define SLOTSIZE 13 |
81 | |
82 | struct ssl_backend_data { |
83 | PRFileDesc *handle; |
84 | char *client_nickname; |
85 | struct Curl_easy *data; |
86 | struct curl_llist obj_list; |
87 | PK11GenericObject *obj_clicert; |
88 | }; |
89 | |
90 | #define BACKEND connssl->backend |
91 | |
92 | static PRLock *nss_initlock = NULL; |
93 | static PRLock *nss_crllock = NULL; |
94 | static PRLock *nss_findslot_lock = NULL; |
95 | static PRLock *nss_trustload_lock = NULL; |
96 | static struct curl_llist nss_crl_list; |
97 | static NSSInitContext *nss_context = NULL; |
98 | static volatile int initialized = 0; |
99 | |
100 | /* type used to wrap pointers as list nodes */ |
101 | struct ptr_list_wrap { |
102 | void *ptr; |
103 | struct curl_llist_element node; |
104 | }; |
105 | |
106 | typedef struct { |
107 | const char *name; |
108 | int num; |
109 | } cipher_s; |
110 | |
111 | #define PK11_SETATTRS(_attr, _idx, _type, _val, _len) do { \ |
112 | CK_ATTRIBUTE *ptr = (_attr) + ((_idx)++); \ |
113 | ptr->type = (_type); \ |
114 | ptr->pValue = (_val); \ |
115 | ptr->ulValueLen = (_len); \ |
116 | } WHILE_FALSE |
117 | |
118 | #define CERT_NewTempCertificate __CERT_NewTempCertificate |
119 | |
120 | #define NUM_OF_CIPHERS sizeof(cipherlist)/sizeof(cipherlist[0]) |
121 | static const cipher_s cipherlist[] = { |
122 | /* SSL2 cipher suites */ |
123 | {"rc4" , SSL_EN_RC4_128_WITH_MD5}, |
124 | {"rc4-md5" , SSL_EN_RC4_128_WITH_MD5}, |
125 | {"rc4export" , SSL_EN_RC4_128_EXPORT40_WITH_MD5}, |
126 | {"rc2" , SSL_EN_RC2_128_CBC_WITH_MD5}, |
127 | {"rc2export" , SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5}, |
128 | {"des" , SSL_EN_DES_64_CBC_WITH_MD5}, |
129 | {"desede3" , SSL_EN_DES_192_EDE3_CBC_WITH_MD5}, |
130 | /* SSL3/TLS cipher suites */ |
131 | {"rsa_rc4_128_md5" , SSL_RSA_WITH_RC4_128_MD5}, |
132 | {"rsa_rc4_128_sha" , SSL_RSA_WITH_RC4_128_SHA}, |
133 | {"rsa_3des_sha" , SSL_RSA_WITH_3DES_EDE_CBC_SHA}, |
134 | {"rsa_des_sha" , SSL_RSA_WITH_DES_CBC_SHA}, |
135 | {"rsa_rc4_40_md5" , SSL_RSA_EXPORT_WITH_RC4_40_MD5}, |
136 | {"rsa_rc2_40_md5" , SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5}, |
137 | {"rsa_null_md5" , SSL_RSA_WITH_NULL_MD5}, |
138 | {"rsa_null_sha" , SSL_RSA_WITH_NULL_SHA}, |
139 | {"fips_3des_sha" , SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA}, |
140 | {"fips_des_sha" , SSL_RSA_FIPS_WITH_DES_CBC_SHA}, |
141 | {"fortezza" , SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA}, |
142 | {"fortezza_rc4_128_sha" , SSL_FORTEZZA_DMS_WITH_RC4_128_SHA}, |
143 | {"fortezza_null" , SSL_FORTEZZA_DMS_WITH_NULL_SHA}, |
144 | /* TLS 1.0: Exportable 56-bit Cipher Suites. */ |
145 | {"rsa_des_56_sha" , TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA}, |
146 | {"rsa_rc4_56_sha" , TLS_RSA_EXPORT1024_WITH_RC4_56_SHA}, |
147 | /* AES ciphers. */ |
148 | {"dhe_dss_aes_128_cbc_sha" , TLS_DHE_DSS_WITH_AES_128_CBC_SHA}, |
149 | {"dhe_dss_aes_256_cbc_sha" , TLS_DHE_DSS_WITH_AES_256_CBC_SHA}, |
150 | {"dhe_rsa_aes_128_cbc_sha" , TLS_DHE_RSA_WITH_AES_128_CBC_SHA}, |
151 | {"dhe_rsa_aes_256_cbc_sha" , TLS_DHE_RSA_WITH_AES_256_CBC_SHA}, |
152 | {"rsa_aes_128_sha" , TLS_RSA_WITH_AES_128_CBC_SHA}, |
153 | {"rsa_aes_256_sha" , TLS_RSA_WITH_AES_256_CBC_SHA}, |
154 | /* ECC ciphers. */ |
155 | {"ecdh_ecdsa_null_sha" , TLS_ECDH_ECDSA_WITH_NULL_SHA}, |
156 | {"ecdh_ecdsa_rc4_128_sha" , TLS_ECDH_ECDSA_WITH_RC4_128_SHA}, |
157 | {"ecdh_ecdsa_3des_sha" , TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA}, |
158 | {"ecdh_ecdsa_aes_128_sha" , TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA}, |
159 | {"ecdh_ecdsa_aes_256_sha" , TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA}, |
160 | {"ecdhe_ecdsa_null_sha" , TLS_ECDHE_ECDSA_WITH_NULL_SHA}, |
161 | {"ecdhe_ecdsa_rc4_128_sha" , TLS_ECDHE_ECDSA_WITH_RC4_128_SHA}, |
162 | {"ecdhe_ecdsa_3des_sha" , TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA}, |
163 | {"ecdhe_ecdsa_aes_128_sha" , TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA}, |
164 | {"ecdhe_ecdsa_aes_256_sha" , TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA}, |
165 | {"ecdh_rsa_null_sha" , TLS_ECDH_RSA_WITH_NULL_SHA}, |
166 | {"ecdh_rsa_128_sha" , TLS_ECDH_RSA_WITH_RC4_128_SHA}, |
167 | {"ecdh_rsa_3des_sha" , TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA}, |
168 | {"ecdh_rsa_aes_128_sha" , TLS_ECDH_RSA_WITH_AES_128_CBC_SHA}, |
169 | {"ecdh_rsa_aes_256_sha" , TLS_ECDH_RSA_WITH_AES_256_CBC_SHA}, |
170 | {"ecdhe_rsa_null" , TLS_ECDHE_RSA_WITH_NULL_SHA}, |
171 | {"ecdhe_rsa_rc4_128_sha" , TLS_ECDHE_RSA_WITH_RC4_128_SHA}, |
172 | {"ecdhe_rsa_3des_sha" , TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA}, |
173 | {"ecdhe_rsa_aes_128_sha" , TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA}, |
174 | {"ecdhe_rsa_aes_256_sha" , TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA}, |
175 | {"ecdh_anon_null_sha" , TLS_ECDH_anon_WITH_NULL_SHA}, |
176 | {"ecdh_anon_rc4_128sha" , TLS_ECDH_anon_WITH_RC4_128_SHA}, |
177 | {"ecdh_anon_3des_sha" , TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA}, |
178 | {"ecdh_anon_aes_128_sha" , TLS_ECDH_anon_WITH_AES_128_CBC_SHA}, |
179 | {"ecdh_anon_aes_256_sha" , TLS_ECDH_anon_WITH_AES_256_CBC_SHA}, |
180 | #ifdef TLS_RSA_WITH_NULL_SHA256 |
181 | /* new HMAC-SHA256 cipher suites specified in RFC */ |
182 | {"rsa_null_sha_256" , TLS_RSA_WITH_NULL_SHA256}, |
183 | {"rsa_aes_128_cbc_sha_256" , TLS_RSA_WITH_AES_128_CBC_SHA256}, |
184 | {"rsa_aes_256_cbc_sha_256" , TLS_RSA_WITH_AES_256_CBC_SHA256}, |
185 | {"dhe_rsa_aes_128_cbc_sha_256" , TLS_DHE_RSA_WITH_AES_128_CBC_SHA256}, |
186 | {"dhe_rsa_aes_256_cbc_sha_256" , TLS_DHE_RSA_WITH_AES_256_CBC_SHA256}, |
187 | {"ecdhe_ecdsa_aes_128_cbc_sha_256" , TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256}, |
188 | {"ecdhe_rsa_aes_128_cbc_sha_256" , TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256}, |
189 | #endif |
190 | #ifdef TLS_RSA_WITH_AES_128_GCM_SHA256 |
191 | /* AES GCM cipher suites in RFC 5288 and RFC 5289 */ |
192 | {"rsa_aes_128_gcm_sha_256" , TLS_RSA_WITH_AES_128_GCM_SHA256}, |
193 | {"dhe_rsa_aes_128_gcm_sha_256" , TLS_DHE_RSA_WITH_AES_128_GCM_SHA256}, |
194 | {"dhe_dss_aes_128_gcm_sha_256" , TLS_DHE_DSS_WITH_AES_128_GCM_SHA256}, |
195 | {"ecdhe_ecdsa_aes_128_gcm_sha_256" , TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, |
196 | {"ecdh_ecdsa_aes_128_gcm_sha_256" , TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256}, |
197 | {"ecdhe_rsa_aes_128_gcm_sha_256" , TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, |
198 | {"ecdh_rsa_aes_128_gcm_sha_256" , TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256}, |
199 | #endif |
200 | #ifdef TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
201 | /* cipher suites using SHA384 */ |
202 | {"rsa_aes_256_gcm_sha_384" , TLS_RSA_WITH_AES_256_GCM_SHA384}, |
203 | {"dhe_rsa_aes_256_gcm_sha_384" , TLS_DHE_RSA_WITH_AES_256_GCM_SHA384}, |
204 | {"dhe_dss_aes_256_gcm_sha_384" , TLS_DHE_DSS_WITH_AES_256_GCM_SHA384}, |
205 | {"ecdhe_ecdsa_aes_256_sha_384" , TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384}, |
206 | {"ecdhe_rsa_aes_256_sha_384" , TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384}, |
207 | {"ecdhe_ecdsa_aes_256_gcm_sha_384" , TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384}, |
208 | {"ecdhe_rsa_aes_256_gcm_sha_384" , TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384}, |
209 | #endif |
210 | #ifdef TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |
211 | /* chacha20-poly1305 cipher suites */ |
212 | {"ecdhe_rsa_chacha20_poly1305_sha_256" , |
213 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256}, |
214 | {"ecdhe_ecdsa_chacha20_poly1305_sha_256" , |
215 | TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256}, |
216 | {"dhe_rsa_chacha20_poly1305_sha_256" , |
217 | TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256}, |
218 | #endif |
219 | #ifdef TLS_AES_256_GCM_SHA384 |
220 | {"aes_128_gcm_sha_256" , TLS_AES_128_GCM_SHA256}, |
221 | {"aes_256_gcm_sha_384" , TLS_AES_256_GCM_SHA384}, |
222 | {"chacha20_poly1305_sha_256" , TLS_CHACHA20_POLY1305_SHA256}, |
223 | #endif |
224 | }; |
225 | |
226 | #if defined(WIN32) |
227 | static const char *pem_library = "nsspem.dll" ; |
228 | static const char *trust_library = "nssckbi.dll" ; |
229 | #elif defined(__APPLE__) |
230 | static const char *pem_library = "libnsspem.dylib" ; |
231 | static const char *trust_library = "libnssckbi.dylib" ; |
232 | #else |
233 | static const char *pem_library = "libnsspem.so" ; |
234 | static const char *trust_library = "libnssckbi.so" ; |
235 | #endif |
236 | |
237 | static SECMODModule *pem_module = NULL; |
238 | static SECMODModule *trust_module = NULL; |
239 | |
240 | /* NSPR I/O layer we use to detect blocking direction during SSL handshake */ |
241 | static PRDescIdentity nspr_io_identity = PR_INVALID_IO_LAYER; |
242 | static PRIOMethods nspr_io_methods; |
243 | |
244 | static const char *nss_error_to_name(PRErrorCode code) |
245 | { |
246 | const char *name = PR_ErrorToName(code); |
247 | if(name) |
248 | return name; |
249 | |
250 | return "unknown error" ; |
251 | } |
252 | |
253 | static void nss_print_error_message(struct Curl_easy *data, PRUint32 err) |
254 | { |
255 | failf(data, "%s" , PR_ErrorToString(err, PR_LANGUAGE_I_DEFAULT)); |
256 | } |
257 | |
258 | static char *nss_sslver_to_name(PRUint16 nssver) |
259 | { |
260 | switch(nssver) { |
261 | case SSL_LIBRARY_VERSION_2: |
262 | return strdup("SSLv2" ); |
263 | case SSL_LIBRARY_VERSION_3_0: |
264 | return strdup("SSLv3" ); |
265 | case SSL_LIBRARY_VERSION_TLS_1_0: |
266 | return strdup("TLSv1.0" ); |
267 | #ifdef SSL_LIBRARY_VERSION_TLS_1_1 |
268 | case SSL_LIBRARY_VERSION_TLS_1_1: |
269 | return strdup("TLSv1.1" ); |
270 | #endif |
271 | #ifdef SSL_LIBRARY_VERSION_TLS_1_2 |
272 | case SSL_LIBRARY_VERSION_TLS_1_2: |
273 | return strdup("TLSv1.2" ); |
274 | #endif |
275 | #ifdef SSL_LIBRARY_VERSION_TLS_1_3 |
276 | case SSL_LIBRARY_VERSION_TLS_1_3: |
277 | return strdup("TLSv1.3" ); |
278 | #endif |
279 | default: |
280 | return curl_maprintf("0x%04x" , nssver); |
281 | } |
282 | } |
283 | |
284 | static SECStatus set_ciphers(struct Curl_easy *data, PRFileDesc * model, |
285 | char *cipher_list) |
286 | { |
287 | unsigned int i; |
288 | PRBool cipher_state[NUM_OF_CIPHERS]; |
289 | PRBool found; |
290 | char *cipher; |
291 | |
292 | /* use accessors to avoid dynamic linking issues after an update of NSS */ |
293 | const PRUint16 num_implemented_ciphers = SSL_GetNumImplementedCiphers(); |
294 | const PRUint16 *implemented_ciphers = SSL_GetImplementedCiphers(); |
295 | if(!implemented_ciphers) |
296 | return SECFailure; |
297 | |
298 | /* First disable all ciphers. This uses a different max value in case |
299 | * NSS adds more ciphers later we don't want them available by |
300 | * accident |
301 | */ |
302 | for(i = 0; i < num_implemented_ciphers; i++) { |
303 | SSL_CipherPrefSet(model, implemented_ciphers[i], PR_FALSE); |
304 | } |
305 | |
306 | /* Set every entry in our list to false */ |
307 | for(i = 0; i < NUM_OF_CIPHERS; i++) { |
308 | cipher_state[i] = PR_FALSE; |
309 | } |
310 | |
311 | cipher = cipher_list; |
312 | |
313 | while(cipher_list && (cipher_list[0])) { |
314 | while((*cipher) && (ISSPACE(*cipher))) |
315 | ++cipher; |
316 | |
317 | cipher_list = strchr(cipher, ','); |
318 | if(cipher_list) { |
319 | *cipher_list++ = '\0'; |
320 | } |
321 | |
322 | found = PR_FALSE; |
323 | |
324 | for(i = 0; i<NUM_OF_CIPHERS; i++) { |
325 | if(strcasecompare(cipher, cipherlist[i].name)) { |
326 | cipher_state[i] = PR_TRUE; |
327 | found = PR_TRUE; |
328 | break; |
329 | } |
330 | } |
331 | |
332 | if(found == PR_FALSE) { |
333 | failf(data, "Unknown cipher in list: %s" , cipher); |
334 | return SECFailure; |
335 | } |
336 | |
337 | if(cipher_list) { |
338 | cipher = cipher_list; |
339 | } |
340 | } |
341 | |
342 | /* Finally actually enable the selected ciphers */ |
343 | for(i = 0; i<NUM_OF_CIPHERS; i++) { |
344 | if(!cipher_state[i]) |
345 | continue; |
346 | |
347 | if(SSL_CipherPrefSet(model, cipherlist[i].num, PR_TRUE) != SECSuccess) { |
348 | failf(data, "cipher-suite not supported by NSS: %s" , cipherlist[i].name); |
349 | return SECFailure; |
350 | } |
351 | } |
352 | |
353 | return SECSuccess; |
354 | } |
355 | |
356 | /* |
357 | * Return true if at least one cipher-suite is enabled. Used to determine |
358 | * if we need to call NSS_SetDomesticPolicy() to enable the default ciphers. |
359 | */ |
360 | static bool any_cipher_enabled(void) |
361 | { |
362 | unsigned int i; |
363 | |
364 | for(i = 0; i<NUM_OF_CIPHERS; i++) { |
365 | PRInt32 policy = 0; |
366 | SSL_CipherPolicyGet(cipherlist[i].num, &policy); |
367 | if(policy) |
368 | return TRUE; |
369 | } |
370 | |
371 | return FALSE; |
372 | } |
373 | |
374 | /* |
375 | * Determine whether the nickname passed in is a filename that needs to |
376 | * be loaded as a PEM or a regular NSS nickname. |
377 | * |
378 | * returns 1 for a file |
379 | * returns 0 for not a file (NSS nickname) |
380 | */ |
381 | static int is_file(const char *filename) |
382 | { |
383 | struct_stat st; |
384 | |
385 | if(filename == NULL) |
386 | return 0; |
387 | |
388 | if(stat(filename, &st) == 0) |
389 | if(S_ISREG(st.st_mode) || S_ISFIFO(st.st_mode) || S_ISCHR(st.st_mode)) |
390 | return 1; |
391 | |
392 | return 0; |
393 | } |
394 | |
395 | /* Check if the given string is filename or nickname of a certificate. If the |
396 | * given string is recognized as filename, return NULL. If the given string is |
397 | * recognized as nickname, return a duplicated string. The returned string |
398 | * should be later deallocated using free(). If the OOM failure occurs, we |
399 | * return NULL, too. |
400 | */ |
401 | static char *dup_nickname(struct Curl_easy *data, const char *str) |
402 | { |
403 | const char *n; |
404 | |
405 | if(!is_file(str)) |
406 | /* no such file exists, use the string as nickname */ |
407 | return strdup(str); |
408 | |
409 | /* search the first slash; we require at least one slash in a file name */ |
410 | n = strchr(str, '/'); |
411 | if(!n) { |
412 | infof(data, "warning: certificate file name \"%s\" handled as nickname; " |
413 | "please use \"./%s\" to force file name\n" , str, str); |
414 | return strdup(str); |
415 | } |
416 | |
417 | /* we'll use the PEM reader to read the certificate from file */ |
418 | return NULL; |
419 | } |
420 | |
421 | /* Lock/unlock wrapper for PK11_FindSlotByName() to work around race condition |
422 | * in nssSlot_IsTokenPresent() causing spurious SEC_ERROR_NO_TOKEN. For more |
423 | * details, go to <https://bugzilla.mozilla.org/1297397>. |
424 | */ |
425 | static PK11SlotInfo* nss_find_slot_by_name(const char *slot_name) |
426 | { |
427 | PK11SlotInfo *slot; |
428 | PR_Lock(nss_findslot_lock); |
429 | slot = PK11_FindSlotByName(slot_name); |
430 | PR_Unlock(nss_findslot_lock); |
431 | return slot; |
432 | } |
433 | |
434 | /* wrap 'ptr' as list node and tail-insert into 'list' */ |
435 | static CURLcode insert_wrapped_ptr(struct curl_llist *list, void *ptr) |
436 | { |
437 | struct ptr_list_wrap *wrap = malloc(sizeof(*wrap)); |
438 | if(!wrap) |
439 | return CURLE_OUT_OF_MEMORY; |
440 | |
441 | wrap->ptr = ptr; |
442 | Curl_llist_insert_next(list, list->tail, wrap, &wrap->node); |
443 | return CURLE_OK; |
444 | } |
445 | |
446 | /* Call PK11_CreateGenericObject() with the given obj_class and filename. If |
447 | * the call succeeds, append the object handle to the list of objects so that |
448 | * the object can be destroyed in Curl_nss_close(). */ |
449 | static CURLcode nss_create_object(struct ssl_connect_data *connssl, |
450 | CK_OBJECT_CLASS obj_class, |
451 | const char *filename, bool cacert) |
452 | { |
453 | PK11SlotInfo *slot; |
454 | PK11GenericObject *obj; |
455 | CK_BBOOL cktrue = CK_TRUE; |
456 | CK_BBOOL ckfalse = CK_FALSE; |
457 | CK_ATTRIBUTE attrs[/* max count of attributes */ 4]; |
458 | int attr_cnt = 0; |
459 | CURLcode result = (cacert) |
460 | ? CURLE_SSL_CACERT_BADFILE |
461 | : CURLE_SSL_CERTPROBLEM; |
462 | |
463 | const int slot_id = (cacert) ? 0 : 1; |
464 | char *slot_name = aprintf("PEM Token #%d" , slot_id); |
465 | if(!slot_name) |
466 | return CURLE_OUT_OF_MEMORY; |
467 | |
468 | slot = nss_find_slot_by_name(slot_name); |
469 | free(slot_name); |
470 | if(!slot) |
471 | return result; |
472 | |
473 | PK11_SETATTRS(attrs, attr_cnt, CKA_CLASS, &obj_class, sizeof(obj_class)); |
474 | PK11_SETATTRS(attrs, attr_cnt, CKA_TOKEN, &cktrue, sizeof(CK_BBOOL)); |
475 | PK11_SETATTRS(attrs, attr_cnt, CKA_LABEL, (unsigned char *)filename, |
476 | (CK_ULONG)strlen(filename) + 1); |
477 | |
478 | if(CKO_CERTIFICATE == obj_class) { |
479 | CK_BBOOL *pval = (cacert) ? (&cktrue) : (&ckfalse); |
480 | PK11_SETATTRS(attrs, attr_cnt, CKA_TRUST, pval, sizeof(*pval)); |
481 | } |
482 | |
483 | /* PK11_CreateManagedGenericObject() was introduced in NSS 3.34 because |
484 | * PK11_DestroyGenericObject() does not release resources allocated by |
485 | * PK11_CreateGenericObject() early enough. */ |
486 | obj = |
487 | #ifdef HAVE_PK11_CREATEMANAGEDGENERICOBJECT |
488 | PK11_CreateManagedGenericObject |
489 | #else |
490 | PK11_CreateGenericObject |
491 | #endif |
492 | (slot, attrs, attr_cnt, PR_FALSE); |
493 | |
494 | PK11_FreeSlot(slot); |
495 | if(!obj) |
496 | return result; |
497 | |
498 | if(insert_wrapped_ptr(&BACKEND->obj_list, obj) != CURLE_OK) { |
499 | PK11_DestroyGenericObject(obj); |
500 | return CURLE_OUT_OF_MEMORY; |
501 | } |
502 | |
503 | if(!cacert && CKO_CERTIFICATE == obj_class) |
504 | /* store reference to a client certificate */ |
505 | BACKEND->obj_clicert = obj; |
506 | |
507 | return CURLE_OK; |
508 | } |
509 | |
510 | /* Destroy the NSS object whose handle is given by ptr. This function is |
511 | * a callback of Curl_llist_alloc() used by Curl_llist_destroy() to destroy |
512 | * NSS objects in Curl_nss_close() */ |
513 | static void nss_destroy_object(void *user, void *ptr) |
514 | { |
515 | struct ptr_list_wrap *wrap = (struct ptr_list_wrap *) ptr; |
516 | PK11GenericObject *obj = (PK11GenericObject *) wrap->ptr; |
517 | (void) user; |
518 | PK11_DestroyGenericObject(obj); |
519 | free(wrap); |
520 | } |
521 | |
522 | /* same as nss_destroy_object() but for CRL items */ |
523 | static void nss_destroy_crl_item(void *user, void *ptr) |
524 | { |
525 | struct ptr_list_wrap *wrap = (struct ptr_list_wrap *) ptr; |
526 | SECItem *crl_der = (SECItem *) wrap->ptr; |
527 | (void) user; |
528 | SECITEM_FreeItem(crl_der, PR_TRUE); |
529 | free(wrap); |
530 | } |
531 | |
532 | static CURLcode nss_load_cert(struct ssl_connect_data *ssl, |
533 | const char *filename, PRBool cacert) |
534 | { |
535 | CURLcode result = (cacert) |
536 | ? CURLE_SSL_CACERT_BADFILE |
537 | : CURLE_SSL_CERTPROBLEM; |
538 | |
539 | /* libnsspem.so leaks memory if the requested file does not exist. For more |
540 | * details, go to <https://bugzilla.redhat.com/734760>. */ |
541 | if(is_file(filename)) |
542 | result = nss_create_object(ssl, CKO_CERTIFICATE, filename, cacert); |
543 | |
544 | if(!result && !cacert) { |
545 | /* we have successfully loaded a client certificate */ |
546 | CERTCertificate *cert; |
547 | char *nickname = NULL; |
548 | char *n = strrchr(filename, '/'); |
549 | if(n) |
550 | n++; |
551 | |
552 | /* The following undocumented magic helps to avoid a SIGSEGV on call |
553 | * of PK11_ReadRawAttribute() from SelectClientCert() when using an |
554 | * immature version of libnsspem.so. For more details, go to |
555 | * <https://bugzilla.redhat.com/733685>. */ |
556 | nickname = aprintf("PEM Token #1:%s" , n); |
557 | if(nickname) { |
558 | cert = PK11_FindCertFromNickname(nickname, NULL); |
559 | if(cert) |
560 | CERT_DestroyCertificate(cert); |
561 | |
562 | free(nickname); |
563 | } |
564 | } |
565 | |
566 | return result; |
567 | } |
568 | |
569 | /* add given CRL to cache if it is not already there */ |
570 | static CURLcode nss_cache_crl(SECItem *crl_der) |
571 | { |
572 | CERTCertDBHandle *db = CERT_GetDefaultCertDB(); |
573 | CERTSignedCrl *crl = SEC_FindCrlByDERCert(db, crl_der, 0); |
574 | if(crl) { |
575 | /* CRL already cached */ |
576 | SEC_DestroyCrl(crl); |
577 | SECITEM_FreeItem(crl_der, PR_TRUE); |
578 | return CURLE_OK; |
579 | } |
580 | |
581 | /* acquire lock before call of CERT_CacheCRL() and accessing nss_crl_list */ |
582 | PR_Lock(nss_crllock); |
583 | |
584 | if(SECSuccess != CERT_CacheCRL(db, crl_der)) { |
585 | /* unable to cache CRL */ |
586 | SECITEM_FreeItem(crl_der, PR_TRUE); |
587 | PR_Unlock(nss_crllock); |
588 | return CURLE_SSL_CRL_BADFILE; |
589 | } |
590 | |
591 | /* store the CRL item so that we can free it in Curl_nss_cleanup() */ |
592 | if(insert_wrapped_ptr(&nss_crl_list, crl_der) != CURLE_OK) { |
593 | if(SECSuccess == CERT_UncacheCRL(db, crl_der)) |
594 | SECITEM_FreeItem(crl_der, PR_TRUE); |
595 | PR_Unlock(nss_crllock); |
596 | return CURLE_OUT_OF_MEMORY; |
597 | } |
598 | |
599 | /* we need to clear session cache, so that the CRL could take effect */ |
600 | SSL_ClearSessionCache(); |
601 | PR_Unlock(nss_crllock); |
602 | return CURLE_OK; |
603 | } |
604 | |
605 | static CURLcode nss_load_crl(const char *crlfilename) |
606 | { |
607 | PRFileDesc *infile; |
608 | PRFileInfo info; |
609 | SECItem filedata = { 0, NULL, 0 }; |
610 | SECItem *crl_der = NULL; |
611 | char *body; |
612 | |
613 | infile = PR_Open(crlfilename, PR_RDONLY, 0); |
614 | if(!infile) |
615 | return CURLE_SSL_CRL_BADFILE; |
616 | |
617 | if(PR_SUCCESS != PR_GetOpenFileInfo(infile, &info)) |
618 | goto fail; |
619 | |
620 | if(!SECITEM_AllocItem(NULL, &filedata, info.size + /* zero ended */ 1)) |
621 | goto fail; |
622 | |
623 | if(info.size != PR_Read(infile, filedata.data, info.size)) |
624 | goto fail; |
625 | |
626 | crl_der = SECITEM_AllocItem(NULL, NULL, 0U); |
627 | if(!crl_der) |
628 | goto fail; |
629 | |
630 | /* place a trailing zero right after the visible data */ |
631 | body = (char *)filedata.data; |
632 | body[--filedata.len] = '\0'; |
633 | |
634 | body = strstr(body, "-----BEGIN" ); |
635 | if(body) { |
636 | /* assume ASCII */ |
637 | char *trailer; |
638 | char *begin = PORT_Strchr(body, '\n'); |
639 | if(!begin) |
640 | begin = PORT_Strchr(body, '\r'); |
641 | if(!begin) |
642 | goto fail; |
643 | |
644 | trailer = strstr(++begin, "-----END" ); |
645 | if(!trailer) |
646 | goto fail; |
647 | |
648 | /* retrieve DER from ASCII */ |
649 | *trailer = '\0'; |
650 | if(ATOB_ConvertAsciiToItem(crl_der, begin)) |
651 | goto fail; |
652 | |
653 | SECITEM_FreeItem(&filedata, PR_FALSE); |
654 | } |
655 | else |
656 | /* assume DER */ |
657 | *crl_der = filedata; |
658 | |
659 | PR_Close(infile); |
660 | return nss_cache_crl(crl_der); |
661 | |
662 | fail: |
663 | PR_Close(infile); |
664 | SECITEM_FreeItem(crl_der, PR_TRUE); |
665 | SECITEM_FreeItem(&filedata, PR_FALSE); |
666 | return CURLE_SSL_CRL_BADFILE; |
667 | } |
668 | |
669 | static CURLcode nss_load_key(struct connectdata *conn, int sockindex, |
670 | char *key_file) |
671 | { |
672 | PK11SlotInfo *slot, *tmp; |
673 | SECStatus status; |
674 | CURLcode result; |
675 | struct ssl_connect_data *ssl = conn->ssl; |
676 | struct Curl_easy *data = conn->data; |
677 | |
678 | (void)sockindex; /* unused */ |
679 | |
680 | result = nss_create_object(ssl, CKO_PRIVATE_KEY, key_file, FALSE); |
681 | if(result) { |
682 | PR_SetError(SEC_ERROR_BAD_KEY, 0); |
683 | return result; |
684 | } |
685 | |
686 | slot = nss_find_slot_by_name("PEM Token #1" ); |
687 | if(!slot) |
688 | return CURLE_SSL_CERTPROBLEM; |
689 | |
690 | /* This will force the token to be seen as re-inserted */ |
691 | tmp = SECMOD_WaitForAnyTokenEvent(pem_module, 0, 0); |
692 | if(tmp) |
693 | PK11_FreeSlot(tmp); |
694 | if(!PK11_IsPresent(slot)) { |
695 | PK11_FreeSlot(slot); |
696 | return CURLE_SSL_CERTPROBLEM; |
697 | } |
698 | |
699 | status = PK11_Authenticate(slot, PR_TRUE, SSL_SET_OPTION(key_passwd)); |
700 | PK11_FreeSlot(slot); |
701 | |
702 | return (SECSuccess == status) ? CURLE_OK : CURLE_SSL_CERTPROBLEM; |
703 | } |
704 | |
705 | static int display_error(struct connectdata *conn, PRInt32 err, |
706 | const char *filename) |
707 | { |
708 | switch(err) { |
709 | case SEC_ERROR_BAD_PASSWORD: |
710 | failf(conn->data, "Unable to load client key: Incorrect password" ); |
711 | return 1; |
712 | case SEC_ERROR_UNKNOWN_CERT: |
713 | failf(conn->data, "Unable to load certificate %s" , filename); |
714 | return 1; |
715 | default: |
716 | break; |
717 | } |
718 | return 0; /* The caller will print a generic error */ |
719 | } |
720 | |
721 | static CURLcode cert_stuff(struct connectdata *conn, int sockindex, |
722 | char *cert_file, char *key_file) |
723 | { |
724 | struct Curl_easy *data = conn->data; |
725 | CURLcode result; |
726 | |
727 | if(cert_file) { |
728 | result = nss_load_cert(&conn->ssl[sockindex], cert_file, PR_FALSE); |
729 | if(result) { |
730 | const PRErrorCode err = PR_GetError(); |
731 | if(!display_error(conn, err, cert_file)) { |
732 | const char *err_name = nss_error_to_name(err); |
733 | failf(data, "unable to load client cert: %d (%s)" , err, err_name); |
734 | } |
735 | |
736 | return result; |
737 | } |
738 | } |
739 | |
740 | if(key_file || (is_file(cert_file))) { |
741 | if(key_file) |
742 | result = nss_load_key(conn, sockindex, key_file); |
743 | else |
744 | /* In case the cert file also has the key */ |
745 | result = nss_load_key(conn, sockindex, cert_file); |
746 | if(result) { |
747 | const PRErrorCode err = PR_GetError(); |
748 | if(!display_error(conn, err, key_file)) { |
749 | const char *err_name = nss_error_to_name(err); |
750 | failf(data, "unable to load client key: %d (%s)" , err, err_name); |
751 | } |
752 | |
753 | return result; |
754 | } |
755 | } |
756 | |
757 | return CURLE_OK; |
758 | } |
759 | |
760 | static char *nss_get_password(PK11SlotInfo *slot, PRBool retry, void *arg) |
761 | { |
762 | (void)slot; /* unused */ |
763 | |
764 | if(retry || NULL == arg) |
765 | return NULL; |
766 | else |
767 | return (char *)PORT_Strdup((char *)arg); |
768 | } |
769 | |
770 | /* bypass the default SSL_AuthCertificate() hook in case we do not want to |
771 | * verify peer */ |
772 | static SECStatus nss_auth_cert_hook(void *arg, PRFileDesc *fd, PRBool checksig, |
773 | PRBool isServer) |
774 | { |
775 | struct connectdata *conn = (struct connectdata *)arg; |
776 | |
777 | #ifdef SSL_ENABLE_OCSP_STAPLING |
778 | if(SSL_CONN_CONFIG(verifystatus)) { |
779 | SECStatus cacheResult; |
780 | |
781 | const SECItemArray *csa = SSL_PeerStapledOCSPResponses(fd); |
782 | if(!csa) { |
783 | failf(conn->data, "Invalid OCSP response" ); |
784 | return SECFailure; |
785 | } |
786 | |
787 | if(csa->len == 0) { |
788 | failf(conn->data, "No OCSP response received" ); |
789 | return SECFailure; |
790 | } |
791 | |
792 | cacheResult = CERT_CacheOCSPResponseFromSideChannel( |
793 | CERT_GetDefaultCertDB(), SSL_PeerCertificate(fd), |
794 | PR_Now(), &csa->items[0], arg |
795 | ); |
796 | |
797 | if(cacheResult != SECSuccess) { |
798 | failf(conn->data, "Invalid OCSP response" ); |
799 | return cacheResult; |
800 | } |
801 | } |
802 | #endif |
803 | |
804 | if(!SSL_CONN_CONFIG(verifypeer)) { |
805 | infof(conn->data, "skipping SSL peer certificate verification\n" ); |
806 | return SECSuccess; |
807 | } |
808 | |
809 | return SSL_AuthCertificate(CERT_GetDefaultCertDB(), fd, checksig, isServer); |
810 | } |
811 | |
812 | /** |
813 | * Inform the application that the handshake is complete. |
814 | */ |
815 | static void HandshakeCallback(PRFileDesc *sock, void *arg) |
816 | { |
817 | struct connectdata *conn = (struct connectdata*) arg; |
818 | unsigned int buflenmax = 50; |
819 | unsigned char buf[50]; |
820 | unsigned int buflen; |
821 | SSLNextProtoState state; |
822 | |
823 | if(!conn->bits.tls_enable_npn && !conn->bits.tls_enable_alpn) { |
824 | return; |
825 | } |
826 | |
827 | if(SSL_GetNextProto(sock, &state, buf, &buflen, buflenmax) == SECSuccess) { |
828 | |
829 | switch(state) { |
830 | #if NSSVERNUM >= 0x031a00 /* 3.26.0 */ |
831 | /* used by NSS internally to implement 0-RTT */ |
832 | case SSL_NEXT_PROTO_EARLY_VALUE: |
833 | /* fall through! */ |
834 | #endif |
835 | case SSL_NEXT_PROTO_NO_SUPPORT: |
836 | case SSL_NEXT_PROTO_NO_OVERLAP: |
837 | infof(conn->data, "ALPN/NPN, server did not agree to a protocol\n" ); |
838 | return; |
839 | #ifdef SSL_ENABLE_ALPN |
840 | case SSL_NEXT_PROTO_SELECTED: |
841 | infof(conn->data, "ALPN, server accepted to use %.*s\n" , buflen, buf); |
842 | break; |
843 | #endif |
844 | case SSL_NEXT_PROTO_NEGOTIATED: |
845 | infof(conn->data, "NPN, server accepted to use %.*s\n" , buflen, buf); |
846 | break; |
847 | } |
848 | |
849 | #ifdef USE_NGHTTP2 |
850 | if(buflen == NGHTTP2_PROTO_VERSION_ID_LEN && |
851 | !memcmp(NGHTTP2_PROTO_VERSION_ID, buf, NGHTTP2_PROTO_VERSION_ID_LEN)) { |
852 | conn->negnpn = CURL_HTTP_VERSION_2; |
853 | } |
854 | else |
855 | #endif |
856 | if(buflen == ALPN_HTTP_1_1_LENGTH && |
857 | !memcmp(ALPN_HTTP_1_1, buf, ALPN_HTTP_1_1_LENGTH)) { |
858 | conn->negnpn = CURL_HTTP_VERSION_1_1; |
859 | } |
860 | Curl_multiuse_state(conn, conn->negnpn == CURL_HTTP_VERSION_2 ? |
861 | BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE); |
862 | } |
863 | } |
864 | |
865 | #if NSSVERNUM >= 0x030f04 /* 3.15.4 */ |
866 | static SECStatus CanFalseStartCallback(PRFileDesc *sock, void *client_data, |
867 | PRBool *canFalseStart) |
868 | { |
869 | struct connectdata *conn = client_data; |
870 | struct Curl_easy *data = conn->data; |
871 | |
872 | SSLChannelInfo channelInfo; |
873 | SSLCipherSuiteInfo cipherInfo; |
874 | |
875 | SECStatus rv; |
876 | PRBool negotiatedExtension; |
877 | |
878 | *canFalseStart = PR_FALSE; |
879 | |
880 | if(SSL_GetChannelInfo(sock, &channelInfo, sizeof(channelInfo)) != SECSuccess) |
881 | return SECFailure; |
882 | |
883 | if(SSL_GetCipherSuiteInfo(channelInfo.cipherSuite, &cipherInfo, |
884 | sizeof(cipherInfo)) != SECSuccess) |
885 | return SECFailure; |
886 | |
887 | /* Prevent version downgrade attacks from TLS 1.2, and avoid False Start for |
888 | * TLS 1.3 and later. See https://bugzilla.mozilla.org/show_bug.cgi?id=861310 |
889 | */ |
890 | if(channelInfo.protocolVersion != SSL_LIBRARY_VERSION_TLS_1_2) |
891 | goto end; |
892 | |
893 | /* Only allow ECDHE key exchange algorithm. |
894 | * See https://bugzilla.mozilla.org/show_bug.cgi?id=952863 */ |
895 | if(cipherInfo.keaType != ssl_kea_ecdh) |
896 | goto end; |
897 | |
898 | /* Prevent downgrade attacks on the symmetric cipher. We do not allow CBC |
899 | * mode due to BEAST, POODLE, and other attacks on the MAC-then-Encrypt |
900 | * design. See https://bugzilla.mozilla.org/show_bug.cgi?id=1109766 */ |
901 | if(cipherInfo.symCipher != ssl_calg_aes_gcm) |
902 | goto end; |
903 | |
904 | /* Enforce ALPN or NPN to do False Start, as an indicator of server |
905 | * compatibility. */ |
906 | rv = SSL_HandshakeNegotiatedExtension(sock, ssl_app_layer_protocol_xtn, |
907 | &negotiatedExtension); |
908 | if(rv != SECSuccess || !negotiatedExtension) { |
909 | rv = SSL_HandshakeNegotiatedExtension(sock, ssl_next_proto_nego_xtn, |
910 | &negotiatedExtension); |
911 | } |
912 | |
913 | if(rv != SECSuccess || !negotiatedExtension) |
914 | goto end; |
915 | |
916 | *canFalseStart = PR_TRUE; |
917 | |
918 | infof(data, "Trying TLS False Start\n" ); |
919 | |
920 | end: |
921 | return SECSuccess; |
922 | } |
923 | #endif |
924 | |
925 | static void display_cert_info(struct Curl_easy *data, |
926 | CERTCertificate *cert) |
927 | { |
928 | char *subject, *issuer, *common_name; |
929 | PRExplodedTime printableTime; |
930 | char timeString[256]; |
931 | PRTime notBefore, notAfter; |
932 | |
933 | subject = CERT_NameToAscii(&cert->subject); |
934 | issuer = CERT_NameToAscii(&cert->issuer); |
935 | common_name = CERT_GetCommonName(&cert->subject); |
936 | infof(data, "\tsubject: %s\n" , subject); |
937 | |
938 | CERT_GetCertTimes(cert, ¬Before, ¬After); |
939 | PR_ExplodeTime(notBefore, PR_GMTParameters, &printableTime); |
940 | PR_FormatTime(timeString, 256, "%b %d %H:%M:%S %Y GMT" , &printableTime); |
941 | infof(data, "\tstart date: %s\n" , timeString); |
942 | PR_ExplodeTime(notAfter, PR_GMTParameters, &printableTime); |
943 | PR_FormatTime(timeString, 256, "%b %d %H:%M:%S %Y GMT" , &printableTime); |
944 | infof(data, "\texpire date: %s\n" , timeString); |
945 | infof(data, "\tcommon name: %s\n" , common_name); |
946 | infof(data, "\tissuer: %s\n" , issuer); |
947 | |
948 | PR_Free(subject); |
949 | PR_Free(issuer); |
950 | PR_Free(common_name); |
951 | } |
952 | |
953 | static CURLcode display_conn_info(struct connectdata *conn, PRFileDesc *sock) |
954 | { |
955 | CURLcode result = CURLE_OK; |
956 | SSLChannelInfo channel; |
957 | SSLCipherSuiteInfo suite; |
958 | CERTCertificate *cert; |
959 | CERTCertificate *cert2; |
960 | CERTCertificate *cert3; |
961 | PRTime now; |
962 | int i; |
963 | |
964 | if(SSL_GetChannelInfo(sock, &channel, sizeof(channel)) == |
965 | SECSuccess && channel.length == sizeof(channel) && |
966 | channel.cipherSuite) { |
967 | if(SSL_GetCipherSuiteInfo(channel.cipherSuite, |
968 | &suite, sizeof(suite)) == SECSuccess) { |
969 | infof(conn->data, "SSL connection using %s\n" , suite.cipherSuiteName); |
970 | } |
971 | } |
972 | |
973 | cert = SSL_PeerCertificate(sock); |
974 | if(cert) { |
975 | infof(conn->data, "Server certificate:\n" ); |
976 | |
977 | if(!conn->data->set.ssl.certinfo) { |
978 | display_cert_info(conn->data, cert); |
979 | CERT_DestroyCertificate(cert); |
980 | } |
981 | else { |
982 | /* Count certificates in chain. */ |
983 | now = PR_Now(); |
984 | i = 1; |
985 | if(!cert->isRoot) { |
986 | cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA); |
987 | while(cert2) { |
988 | i++; |
989 | if(cert2->isRoot) { |
990 | CERT_DestroyCertificate(cert2); |
991 | break; |
992 | } |
993 | cert3 = CERT_FindCertIssuer(cert2, now, certUsageSSLCA); |
994 | CERT_DestroyCertificate(cert2); |
995 | cert2 = cert3; |
996 | } |
997 | } |
998 | |
999 | result = Curl_ssl_init_certinfo(conn->data, i); |
1000 | if(!result) { |
1001 | for(i = 0; cert; cert = cert2) { |
1002 | result = Curl_extract_certinfo(conn, i++, (char *)cert->derCert.data, |
1003 | (char *)cert->derCert.data + |
1004 | cert->derCert.len); |
1005 | if(result) |
1006 | break; |
1007 | |
1008 | if(cert->isRoot) { |
1009 | CERT_DestroyCertificate(cert); |
1010 | break; |
1011 | } |
1012 | |
1013 | cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA); |
1014 | CERT_DestroyCertificate(cert); |
1015 | } |
1016 | } |
1017 | } |
1018 | } |
1019 | |
1020 | return result; |
1021 | } |
1022 | |
1023 | static SECStatus BadCertHandler(void *arg, PRFileDesc *sock) |
1024 | { |
1025 | struct connectdata *conn = (struct connectdata *)arg; |
1026 | struct Curl_easy *data = conn->data; |
1027 | PRErrorCode err = PR_GetError(); |
1028 | CERTCertificate *cert; |
1029 | |
1030 | /* remember the cert verification result */ |
1031 | if(SSL_IS_PROXY()) |
1032 | data->set.proxy_ssl.certverifyresult = err; |
1033 | else |
1034 | data->set.ssl.certverifyresult = err; |
1035 | |
1036 | if(err == SSL_ERROR_BAD_CERT_DOMAIN && !SSL_CONN_CONFIG(verifyhost)) |
1037 | /* we are asked not to verify the host name */ |
1038 | return SECSuccess; |
1039 | |
1040 | /* print only info about the cert, the error is printed off the callback */ |
1041 | cert = SSL_PeerCertificate(sock); |
1042 | if(cert) { |
1043 | infof(data, "Server certificate:\n" ); |
1044 | display_cert_info(data, cert); |
1045 | CERT_DestroyCertificate(cert); |
1046 | } |
1047 | |
1048 | return SECFailure; |
1049 | } |
1050 | |
1051 | /** |
1052 | * |
1053 | * Check that the Peer certificate's issuer certificate matches the one found |
1054 | * by issuer_nickname. This is not exactly the way OpenSSL and GNU TLS do the |
1055 | * issuer check, so we provide comments that mimic the OpenSSL |
1056 | * X509_check_issued function (in x509v3/v3_purp.c) |
1057 | */ |
1058 | static SECStatus check_issuer_cert(PRFileDesc *sock, |
1059 | char *issuer_nickname) |
1060 | { |
1061 | CERTCertificate *cert, *cert_issuer, *issuer; |
1062 | SECStatus res = SECSuccess; |
1063 | void *proto_win = NULL; |
1064 | |
1065 | cert = SSL_PeerCertificate(sock); |
1066 | cert_issuer = CERT_FindCertIssuer(cert, PR_Now(), certUsageObjectSigner); |
1067 | |
1068 | proto_win = SSL_RevealPinArg(sock); |
1069 | issuer = PK11_FindCertFromNickname(issuer_nickname, proto_win); |
1070 | |
1071 | if((!cert_issuer) || (!issuer)) |
1072 | res = SECFailure; |
1073 | else if(SECITEM_CompareItem(&cert_issuer->derCert, |
1074 | &issuer->derCert) != SECEqual) |
1075 | res = SECFailure; |
1076 | |
1077 | CERT_DestroyCertificate(cert); |
1078 | CERT_DestroyCertificate(issuer); |
1079 | CERT_DestroyCertificate(cert_issuer); |
1080 | return res; |
1081 | } |
1082 | |
1083 | static CURLcode cmp_peer_pubkey(struct ssl_connect_data *connssl, |
1084 | const char *pinnedpubkey) |
1085 | { |
1086 | CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH; |
1087 | struct Curl_easy *data = BACKEND->data; |
1088 | CERTCertificate *cert; |
1089 | |
1090 | if(!pinnedpubkey) |
1091 | /* no pinned public key specified */ |
1092 | return CURLE_OK; |
1093 | |
1094 | /* get peer certificate */ |
1095 | cert = SSL_PeerCertificate(BACKEND->handle); |
1096 | if(cert) { |
1097 | /* extract public key from peer certificate */ |
1098 | SECKEYPublicKey *pubkey = CERT_ExtractPublicKey(cert); |
1099 | if(pubkey) { |
1100 | /* encode the public key as DER */ |
1101 | SECItem *cert_der = PK11_DEREncodePublicKey(pubkey); |
1102 | if(cert_der) { |
1103 | /* compare the public key with the pinned public key */ |
1104 | result = Curl_pin_peer_pubkey(data, pinnedpubkey, cert_der->data, |
1105 | cert_der->len); |
1106 | SECITEM_FreeItem(cert_der, PR_TRUE); |
1107 | } |
1108 | SECKEY_DestroyPublicKey(pubkey); |
1109 | } |
1110 | CERT_DestroyCertificate(cert); |
1111 | } |
1112 | |
1113 | /* report the resulting status */ |
1114 | switch(result) { |
1115 | case CURLE_OK: |
1116 | infof(data, "pinned public key verified successfully!\n" ); |
1117 | break; |
1118 | case CURLE_SSL_PINNEDPUBKEYNOTMATCH: |
1119 | failf(data, "failed to verify pinned public key" ); |
1120 | break; |
1121 | default: |
1122 | /* OOM, etc. */ |
1123 | break; |
1124 | } |
1125 | |
1126 | return result; |
1127 | } |
1128 | |
1129 | /** |
1130 | * |
1131 | * Callback to pick the SSL client certificate. |
1132 | */ |
1133 | static SECStatus SelectClientCert(void *arg, PRFileDesc *sock, |
1134 | struct CERTDistNamesStr *caNames, |
1135 | struct CERTCertificateStr **pRetCert, |
1136 | struct SECKEYPrivateKeyStr **pRetKey) |
1137 | { |
1138 | struct ssl_connect_data *connssl = (struct ssl_connect_data *)arg; |
1139 | struct Curl_easy *data = BACKEND->data; |
1140 | const char *nickname = BACKEND->client_nickname; |
1141 | static const char pem_slotname[] = "PEM Token #1" ; |
1142 | |
1143 | if(BACKEND->obj_clicert) { |
1144 | /* use the cert/key provided by PEM reader */ |
1145 | SECItem cert_der = { 0, NULL, 0 }; |
1146 | void *proto_win = SSL_RevealPinArg(sock); |
1147 | struct CERTCertificateStr *cert; |
1148 | struct SECKEYPrivateKeyStr *key; |
1149 | |
1150 | PK11SlotInfo *slot = nss_find_slot_by_name(pem_slotname); |
1151 | if(NULL == slot) { |
1152 | failf(data, "NSS: PK11 slot not found: %s" , pem_slotname); |
1153 | return SECFailure; |
1154 | } |
1155 | |
1156 | if(PK11_ReadRawAttribute(PK11_TypeGeneric, BACKEND->obj_clicert, CKA_VALUE, |
1157 | &cert_der) != SECSuccess) { |
1158 | failf(data, "NSS: CKA_VALUE not found in PK11 generic object" ); |
1159 | PK11_FreeSlot(slot); |
1160 | return SECFailure; |
1161 | } |
1162 | |
1163 | cert = PK11_FindCertFromDERCertItem(slot, &cert_der, proto_win); |
1164 | SECITEM_FreeItem(&cert_der, PR_FALSE); |
1165 | if(NULL == cert) { |
1166 | failf(data, "NSS: client certificate from file not found" ); |
1167 | PK11_FreeSlot(slot); |
1168 | return SECFailure; |
1169 | } |
1170 | |
1171 | key = PK11_FindPrivateKeyFromCert(slot, cert, NULL); |
1172 | PK11_FreeSlot(slot); |
1173 | if(NULL == key) { |
1174 | failf(data, "NSS: private key from file not found" ); |
1175 | CERT_DestroyCertificate(cert); |
1176 | return SECFailure; |
1177 | } |
1178 | |
1179 | infof(data, "NSS: client certificate from file\n" ); |
1180 | display_cert_info(data, cert); |
1181 | |
1182 | *pRetCert = cert; |
1183 | *pRetKey = key; |
1184 | return SECSuccess; |
1185 | } |
1186 | |
1187 | /* use the default NSS hook */ |
1188 | if(SECSuccess != NSS_GetClientAuthData((void *)nickname, sock, caNames, |
1189 | pRetCert, pRetKey) |
1190 | || NULL == *pRetCert) { |
1191 | |
1192 | if(NULL == nickname) |
1193 | failf(data, "NSS: client certificate not found (nickname not " |
1194 | "specified)" ); |
1195 | else |
1196 | failf(data, "NSS: client certificate not found: %s" , nickname); |
1197 | |
1198 | return SECFailure; |
1199 | } |
1200 | |
1201 | /* get certificate nickname if any */ |
1202 | nickname = (*pRetCert)->nickname; |
1203 | if(NULL == nickname) |
1204 | nickname = "[unknown]" ; |
1205 | |
1206 | if(!strncmp(nickname, pem_slotname, sizeof(pem_slotname) - 1U)) { |
1207 | failf(data, "NSS: refusing previously loaded certificate from file: %s" , |
1208 | nickname); |
1209 | return SECFailure; |
1210 | } |
1211 | |
1212 | if(NULL == *pRetKey) { |
1213 | failf(data, "NSS: private key not found for certificate: %s" , nickname); |
1214 | return SECFailure; |
1215 | } |
1216 | |
1217 | infof(data, "NSS: using client certificate: %s\n" , nickname); |
1218 | display_cert_info(data, *pRetCert); |
1219 | return SECSuccess; |
1220 | } |
1221 | |
1222 | /* update blocking direction in case of PR_WOULD_BLOCK_ERROR */ |
1223 | static void nss_update_connecting_state(ssl_connect_state state, void *secret) |
1224 | { |
1225 | struct ssl_connect_data *connssl = (struct ssl_connect_data *)secret; |
1226 | if(PR_GetError() != PR_WOULD_BLOCK_ERROR) |
1227 | /* an unrelated error is passing by */ |
1228 | return; |
1229 | |
1230 | switch(connssl->connecting_state) { |
1231 | case ssl_connect_2: |
1232 | case ssl_connect_2_reading: |
1233 | case ssl_connect_2_writing: |
1234 | break; |
1235 | default: |
1236 | /* we are not called from an SSL handshake */ |
1237 | return; |
1238 | } |
1239 | |
1240 | /* update the state accordingly */ |
1241 | connssl->connecting_state = state; |
1242 | } |
1243 | |
1244 | /* recv() wrapper we use to detect blocking direction during SSL handshake */ |
1245 | static PRInt32 nspr_io_recv(PRFileDesc *fd, void *buf, PRInt32 amount, |
1246 | PRIntn flags, PRIntervalTime timeout) |
1247 | { |
1248 | const PRRecvFN recv_fn = fd->lower->methods->recv; |
1249 | const PRInt32 rv = recv_fn(fd->lower, buf, amount, flags, timeout); |
1250 | if(rv < 0) |
1251 | /* check for PR_WOULD_BLOCK_ERROR and update blocking direction */ |
1252 | nss_update_connecting_state(ssl_connect_2_reading, fd->secret); |
1253 | return rv; |
1254 | } |
1255 | |
1256 | /* send() wrapper we use to detect blocking direction during SSL handshake */ |
1257 | static PRInt32 nspr_io_send(PRFileDesc *fd, const void *buf, PRInt32 amount, |
1258 | PRIntn flags, PRIntervalTime timeout) |
1259 | { |
1260 | const PRSendFN send_fn = fd->lower->methods->send; |
1261 | const PRInt32 rv = send_fn(fd->lower, buf, amount, flags, timeout); |
1262 | if(rv < 0) |
1263 | /* check for PR_WOULD_BLOCK_ERROR and update blocking direction */ |
1264 | nss_update_connecting_state(ssl_connect_2_writing, fd->secret); |
1265 | return rv; |
1266 | } |
1267 | |
1268 | /* close() wrapper to avoid assertion failure due to fd->secret != NULL */ |
1269 | static PRStatus nspr_io_close(PRFileDesc *fd) |
1270 | { |
1271 | const PRCloseFN close_fn = PR_GetDefaultIOMethods()->close; |
1272 | fd->secret = NULL; |
1273 | return close_fn(fd); |
1274 | } |
1275 | |
1276 | /* load a PKCS #11 module */ |
1277 | static CURLcode nss_load_module(SECMODModule **pmod, const char *library, |
1278 | const char *name) |
1279 | { |
1280 | char *config_string; |
1281 | SECMODModule *module = *pmod; |
1282 | if(module) |
1283 | /* already loaded */ |
1284 | return CURLE_OK; |
1285 | |
1286 | config_string = aprintf("library=%s name=%s" , library, name); |
1287 | if(!config_string) |
1288 | return CURLE_OUT_OF_MEMORY; |
1289 | |
1290 | module = SECMOD_LoadUserModule(config_string, NULL, PR_FALSE); |
1291 | free(config_string); |
1292 | |
1293 | if(module && module->loaded) { |
1294 | /* loaded successfully */ |
1295 | *pmod = module; |
1296 | return CURLE_OK; |
1297 | } |
1298 | |
1299 | if(module) |
1300 | SECMOD_DestroyModule(module); |
1301 | return CURLE_FAILED_INIT; |
1302 | } |
1303 | |
1304 | /* unload a PKCS #11 module */ |
1305 | static void nss_unload_module(SECMODModule **pmod) |
1306 | { |
1307 | SECMODModule *module = *pmod; |
1308 | if(!module) |
1309 | /* not loaded */ |
1310 | return; |
1311 | |
1312 | if(SECMOD_UnloadUserModule(module) != SECSuccess) |
1313 | /* unload failed */ |
1314 | return; |
1315 | |
1316 | SECMOD_DestroyModule(module); |
1317 | *pmod = NULL; |
1318 | } |
1319 | |
1320 | /* data might be NULL */ |
1321 | static CURLcode nss_init_core(struct Curl_easy *data, const char *cert_dir) |
1322 | { |
1323 | NSSInitParameters initparams; |
1324 | PRErrorCode err; |
1325 | const char *err_name; |
1326 | |
1327 | if(nss_context != NULL) |
1328 | return CURLE_OK; |
1329 | |
1330 | memset((void *) &initparams, '\0', sizeof(initparams)); |
1331 | initparams.length = sizeof(initparams); |
1332 | |
1333 | if(cert_dir) { |
1334 | char *certpath = aprintf("sql:%s" , cert_dir); |
1335 | if(!certpath) |
1336 | return CURLE_OUT_OF_MEMORY; |
1337 | |
1338 | infof(data, "Initializing NSS with certpath: %s\n" , certpath); |
1339 | nss_context = NSS_InitContext(certpath, "" , "" , "" , &initparams, |
1340 | NSS_INIT_READONLY | NSS_INIT_PK11RELOAD); |
1341 | free(certpath); |
1342 | |
1343 | if(nss_context != NULL) |
1344 | return CURLE_OK; |
1345 | |
1346 | err = PR_GetError(); |
1347 | err_name = nss_error_to_name(err); |
1348 | infof(data, "Unable to initialize NSS database: %d (%s)\n" , err, err_name); |
1349 | } |
1350 | |
1351 | infof(data, "Initializing NSS with certpath: none\n" ); |
1352 | nss_context = NSS_InitContext("" , "" , "" , "" , &initparams, NSS_INIT_READONLY |
1353 | | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB | NSS_INIT_FORCEOPEN |
1354 | | NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE | NSS_INIT_PK11RELOAD); |
1355 | if(nss_context != NULL) |
1356 | return CURLE_OK; |
1357 | |
1358 | err = PR_GetError(); |
1359 | err_name = nss_error_to_name(err); |
1360 | failf(data, "Unable to initialize NSS: %d (%s)" , err, err_name); |
1361 | return CURLE_SSL_CACERT_BADFILE; |
1362 | } |
1363 | |
1364 | /* data might be NULL */ |
1365 | static CURLcode nss_init(struct Curl_easy *data) |
1366 | { |
1367 | char *cert_dir; |
1368 | struct_stat st; |
1369 | CURLcode result; |
1370 | |
1371 | if(initialized) |
1372 | return CURLE_OK; |
1373 | |
1374 | /* list of all CRL items we need to destroy in Curl_nss_cleanup() */ |
1375 | Curl_llist_init(&nss_crl_list, nss_destroy_crl_item); |
1376 | |
1377 | /* First we check if $SSL_DIR points to a valid dir */ |
1378 | cert_dir = getenv("SSL_DIR" ); |
1379 | if(cert_dir) { |
1380 | if((stat(cert_dir, &st) != 0) || |
1381 | (!S_ISDIR(st.st_mode))) { |
1382 | cert_dir = NULL; |
1383 | } |
1384 | } |
1385 | |
1386 | /* Now we check if the default location is a valid dir */ |
1387 | if(!cert_dir) { |
1388 | if((stat(SSL_DIR, &st) == 0) && |
1389 | (S_ISDIR(st.st_mode))) { |
1390 | cert_dir = (char *)SSL_DIR; |
1391 | } |
1392 | } |
1393 | |
1394 | if(nspr_io_identity == PR_INVALID_IO_LAYER) { |
1395 | /* allocate an identity for our own NSPR I/O layer */ |
1396 | nspr_io_identity = PR_GetUniqueIdentity("libcurl" ); |
1397 | if(nspr_io_identity == PR_INVALID_IO_LAYER) |
1398 | return CURLE_OUT_OF_MEMORY; |
1399 | |
1400 | /* the default methods just call down to the lower I/O layer */ |
1401 | memcpy(&nspr_io_methods, PR_GetDefaultIOMethods(), |
1402 | sizeof(nspr_io_methods)); |
1403 | |
1404 | /* override certain methods in the table by our wrappers */ |
1405 | nspr_io_methods.recv = nspr_io_recv; |
1406 | nspr_io_methods.send = nspr_io_send; |
1407 | nspr_io_methods.close = nspr_io_close; |
1408 | } |
1409 | |
1410 | result = nss_init_core(data, cert_dir); |
1411 | if(result) |
1412 | return result; |
1413 | |
1414 | if(!any_cipher_enabled()) |
1415 | NSS_SetDomesticPolicy(); |
1416 | |
1417 | initialized = 1; |
1418 | |
1419 | return CURLE_OK; |
1420 | } |
1421 | |
1422 | /** |
1423 | * Global SSL init |
1424 | * |
1425 | * @retval 0 error initializing SSL |
1426 | * @retval 1 SSL initialized successfully |
1427 | */ |
1428 | static int Curl_nss_init(void) |
1429 | { |
1430 | /* curl_global_init() is not thread-safe so this test is ok */ |
1431 | if(nss_initlock == NULL) { |
1432 | PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0); |
1433 | nss_initlock = PR_NewLock(); |
1434 | nss_crllock = PR_NewLock(); |
1435 | nss_findslot_lock = PR_NewLock(); |
1436 | nss_trustload_lock = PR_NewLock(); |
1437 | } |
1438 | |
1439 | /* We will actually initialize NSS later */ |
1440 | |
1441 | return 1; |
1442 | } |
1443 | |
1444 | /* data might be NULL */ |
1445 | CURLcode Curl_nss_force_init(struct Curl_easy *data) |
1446 | { |
1447 | CURLcode result; |
1448 | if(!nss_initlock) { |
1449 | if(data) |
1450 | failf(data, "unable to initialize NSS, curl_global_init() should have " |
1451 | "been called with CURL_GLOBAL_SSL or CURL_GLOBAL_ALL" ); |
1452 | return CURLE_FAILED_INIT; |
1453 | } |
1454 | |
1455 | PR_Lock(nss_initlock); |
1456 | result = nss_init(data); |
1457 | PR_Unlock(nss_initlock); |
1458 | |
1459 | return result; |
1460 | } |
1461 | |
1462 | /* Global cleanup */ |
1463 | static void Curl_nss_cleanup(void) |
1464 | { |
1465 | /* This function isn't required to be threadsafe and this is only done |
1466 | * as a safety feature. |
1467 | */ |
1468 | PR_Lock(nss_initlock); |
1469 | if(initialized) { |
1470 | /* Free references to client certificates held in the SSL session cache. |
1471 | * Omitting this hampers destruction of the security module owning |
1472 | * the certificates. */ |
1473 | SSL_ClearSessionCache(); |
1474 | |
1475 | nss_unload_module(&pem_module); |
1476 | nss_unload_module(&trust_module); |
1477 | NSS_ShutdownContext(nss_context); |
1478 | nss_context = NULL; |
1479 | } |
1480 | |
1481 | /* destroy all CRL items */ |
1482 | Curl_llist_destroy(&nss_crl_list, NULL); |
1483 | |
1484 | PR_Unlock(nss_initlock); |
1485 | |
1486 | PR_DestroyLock(nss_initlock); |
1487 | PR_DestroyLock(nss_crllock); |
1488 | PR_DestroyLock(nss_findslot_lock); |
1489 | PR_DestroyLock(nss_trustload_lock); |
1490 | nss_initlock = NULL; |
1491 | |
1492 | initialized = 0; |
1493 | } |
1494 | |
1495 | /* |
1496 | * This function uses SSL_peek to determine connection status. |
1497 | * |
1498 | * Return codes: |
1499 | * 1 means the connection is still in place |
1500 | * 0 means the connection has been closed |
1501 | * -1 means the connection status is unknown |
1502 | */ |
1503 | static int Curl_nss_check_cxn(struct connectdata *conn) |
1504 | { |
1505 | struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET]; |
1506 | int rc; |
1507 | char buf; |
1508 | |
1509 | rc = |
1510 | PR_Recv(BACKEND->handle, (void *)&buf, 1, PR_MSG_PEEK, |
1511 | PR_SecondsToInterval(1)); |
1512 | if(rc > 0) |
1513 | return 1; /* connection still in place */ |
1514 | |
1515 | if(rc == 0) |
1516 | return 0; /* connection has been closed */ |
1517 | |
1518 | return -1; /* connection status unknown */ |
1519 | } |
1520 | |
1521 | static void nss_close(struct ssl_connect_data *connssl) |
1522 | { |
1523 | /* before the cleanup, check whether we are using a client certificate */ |
1524 | const bool client_cert = (BACKEND->client_nickname != NULL) |
1525 | || (BACKEND->obj_clicert != NULL); |
1526 | |
1527 | free(BACKEND->client_nickname); |
1528 | BACKEND->client_nickname = NULL; |
1529 | |
1530 | /* destroy all NSS objects in order to avoid failure of NSS shutdown */ |
1531 | Curl_llist_destroy(&BACKEND->obj_list, NULL); |
1532 | BACKEND->obj_clicert = NULL; |
1533 | |
1534 | if(BACKEND->handle) { |
1535 | if(client_cert) |
1536 | /* A server might require different authentication based on the |
1537 | * particular path being requested by the client. To support this |
1538 | * scenario, we must ensure that a connection will never reuse the |
1539 | * authentication data from a previous connection. */ |
1540 | SSL_InvalidateSession(BACKEND->handle); |
1541 | |
1542 | PR_Close(BACKEND->handle); |
1543 | BACKEND->handle = NULL; |
1544 | } |
1545 | } |
1546 | |
1547 | /* |
1548 | * This function is called when an SSL connection is closed. |
1549 | */ |
1550 | static void Curl_nss_close(struct connectdata *conn, int sockindex) |
1551 | { |
1552 | struct ssl_connect_data *connssl = &conn->ssl[sockindex]; |
1553 | struct ssl_connect_data *connssl_proxy = &conn->proxy_ssl[sockindex]; |
1554 | |
1555 | if(BACKEND->handle || connssl_proxy->backend->handle) { |
1556 | /* NSS closes the socket we previously handed to it, so we must mark it |
1557 | as closed to avoid double close */ |
1558 | fake_sclose(conn->sock[sockindex]); |
1559 | conn->sock[sockindex] = CURL_SOCKET_BAD; |
1560 | } |
1561 | |
1562 | if(BACKEND->handle) |
1563 | /* nss_close(connssl) will transitively close also |
1564 | connssl_proxy->backend->handle if both are used. Clear it to avoid |
1565 | a double close leading to crash. */ |
1566 | connssl_proxy->backend->handle = NULL; |
1567 | |
1568 | nss_close(connssl); |
1569 | nss_close(connssl_proxy); |
1570 | } |
1571 | |
1572 | /* return true if NSS can provide error code (and possibly msg) for the |
1573 | error */ |
1574 | static bool is_nss_error(CURLcode err) |
1575 | { |
1576 | switch(err) { |
1577 | case CURLE_PEER_FAILED_VERIFICATION: |
1578 | case CURLE_SSL_CERTPROBLEM: |
1579 | case CURLE_SSL_CONNECT_ERROR: |
1580 | case CURLE_SSL_ISSUER_ERROR: |
1581 | return true; |
1582 | |
1583 | default: |
1584 | return false; |
1585 | } |
1586 | } |
1587 | |
1588 | /* return true if the given error code is related to a client certificate */ |
1589 | static bool is_cc_error(PRInt32 err) |
1590 | { |
1591 | switch(err) { |
1592 | case SSL_ERROR_BAD_CERT_ALERT: |
1593 | case SSL_ERROR_EXPIRED_CERT_ALERT: |
1594 | case SSL_ERROR_REVOKED_CERT_ALERT: |
1595 | return true; |
1596 | |
1597 | default: |
1598 | return false; |
1599 | } |
1600 | } |
1601 | |
1602 | static Curl_recv nss_recv; |
1603 | static Curl_send nss_send; |
1604 | |
1605 | static CURLcode nss_load_ca_certificates(struct connectdata *conn, |
1606 | int sockindex) |
1607 | { |
1608 | struct Curl_easy *data = conn->data; |
1609 | const char *cafile = SSL_CONN_CONFIG(CAfile); |
1610 | const char *capath = SSL_CONN_CONFIG(CApath); |
1611 | bool use_trust_module; |
1612 | CURLcode result = CURLE_OK; |
1613 | |
1614 | /* treat empty string as unset */ |
1615 | if(cafile && !cafile[0]) |
1616 | cafile = NULL; |
1617 | if(capath && !capath[0]) |
1618 | capath = NULL; |
1619 | |
1620 | infof(data, " CAfile: %s\n CApath: %s\n" , |
1621 | cafile ? cafile : "none" , |
1622 | capath ? capath : "none" ); |
1623 | |
1624 | /* load libnssckbi.so if no other trust roots were specified */ |
1625 | use_trust_module = !cafile && !capath; |
1626 | |
1627 | PR_Lock(nss_trustload_lock); |
1628 | if(use_trust_module && !trust_module) { |
1629 | /* libnssckbi.so needed but not yet loaded --> load it! */ |
1630 | result = nss_load_module(&trust_module, trust_library, "trust" ); |
1631 | infof(data, "%s %s\n" , (result) ? "failed to load" : "loaded" , |
1632 | trust_library); |
1633 | if(result == CURLE_FAILED_INIT) |
1634 | /* If libnssckbi.so is not available (or fails to load), one can still |
1635 | use CA certificates stored in NSS database. Ignore the failure. */ |
1636 | result = CURLE_OK; |
1637 | } |
1638 | else if(!use_trust_module && trust_module) { |
1639 | /* libnssckbi.so not needed but already loaded --> unload it! */ |
1640 | infof(data, "unloading %s\n" , trust_library); |
1641 | nss_unload_module(&trust_module); |
1642 | } |
1643 | PR_Unlock(nss_trustload_lock); |
1644 | |
1645 | if(cafile) |
1646 | result = nss_load_cert(&conn->ssl[sockindex], cafile, PR_TRUE); |
1647 | |
1648 | if(result) |
1649 | return result; |
1650 | |
1651 | if(capath) { |
1652 | struct_stat st; |
1653 | if(stat(capath, &st) == -1) |
1654 | return CURLE_SSL_CACERT_BADFILE; |
1655 | |
1656 | if(S_ISDIR(st.st_mode)) { |
1657 | PRDirEntry *entry; |
1658 | PRDir *dir = PR_OpenDir(capath); |
1659 | if(!dir) |
1660 | return CURLE_SSL_CACERT_BADFILE; |
1661 | |
1662 | while((entry = PR_ReadDir(dir, PR_SKIP_BOTH | PR_SKIP_HIDDEN))) { |
1663 | char *fullpath = aprintf("%s/%s" , capath, entry->name); |
1664 | if(!fullpath) { |
1665 | PR_CloseDir(dir); |
1666 | return CURLE_OUT_OF_MEMORY; |
1667 | } |
1668 | |
1669 | if(CURLE_OK != nss_load_cert(&conn->ssl[sockindex], fullpath, PR_TRUE)) |
1670 | /* This is purposefully tolerant of errors so non-PEM files can |
1671 | * be in the same directory */ |
1672 | infof(data, "failed to load '%s' from CURLOPT_CAPATH\n" , fullpath); |
1673 | |
1674 | free(fullpath); |
1675 | } |
1676 | |
1677 | PR_CloseDir(dir); |
1678 | } |
1679 | else |
1680 | infof(data, "warning: CURLOPT_CAPATH not a directory (%s)\n" , capath); |
1681 | } |
1682 | |
1683 | return CURLE_OK; |
1684 | } |
1685 | |
1686 | static CURLcode nss_sslver_from_curl(PRUint16 *nssver, long version) |
1687 | { |
1688 | switch(version) { |
1689 | case CURL_SSLVERSION_SSLv2: |
1690 | *nssver = SSL_LIBRARY_VERSION_2; |
1691 | return CURLE_OK; |
1692 | |
1693 | case CURL_SSLVERSION_SSLv3: |
1694 | *nssver = SSL_LIBRARY_VERSION_3_0; |
1695 | return CURLE_OK; |
1696 | |
1697 | case CURL_SSLVERSION_TLSv1_0: |
1698 | *nssver = SSL_LIBRARY_VERSION_TLS_1_0; |
1699 | return CURLE_OK; |
1700 | |
1701 | case CURL_SSLVERSION_TLSv1_1: |
1702 | #ifdef SSL_LIBRARY_VERSION_TLS_1_1 |
1703 | *nssver = SSL_LIBRARY_VERSION_TLS_1_1; |
1704 | return CURLE_OK; |
1705 | #else |
1706 | return CURLE_SSL_CONNECT_ERROR; |
1707 | #endif |
1708 | |
1709 | case CURL_SSLVERSION_TLSv1_2: |
1710 | #ifdef SSL_LIBRARY_VERSION_TLS_1_2 |
1711 | *nssver = SSL_LIBRARY_VERSION_TLS_1_2; |
1712 | return CURLE_OK; |
1713 | #else |
1714 | return CURLE_SSL_CONNECT_ERROR; |
1715 | #endif |
1716 | |
1717 | case CURL_SSLVERSION_TLSv1_3: |
1718 | #ifdef SSL_LIBRARY_VERSION_TLS_1_3 |
1719 | *nssver = SSL_LIBRARY_VERSION_TLS_1_3; |
1720 | return CURLE_OK; |
1721 | #else |
1722 | return CURLE_SSL_CONNECT_ERROR; |
1723 | #endif |
1724 | |
1725 | default: |
1726 | return CURLE_SSL_CONNECT_ERROR; |
1727 | } |
1728 | } |
1729 | |
1730 | static CURLcode nss_init_sslver(SSLVersionRange *sslver, |
1731 | struct Curl_easy *data, |
1732 | struct connectdata *conn) |
1733 | { |
1734 | CURLcode result; |
1735 | const long min = SSL_CONN_CONFIG(version); |
1736 | const long max = SSL_CONN_CONFIG(version_max); |
1737 | SSLVersionRange vrange; |
1738 | |
1739 | switch(min) { |
1740 | case CURL_SSLVERSION_TLSv1: |
1741 | case CURL_SSLVERSION_DEFAULT: |
1742 | /* Bump our minimum TLS version if NSS has stricter requirements. */ |
1743 | if(SSL_VersionRangeGetDefault(ssl_variant_stream, &vrange) != SECSuccess) |
1744 | return CURLE_SSL_CONNECT_ERROR; |
1745 | if(sslver->min < vrange.min) |
1746 | sslver->min = vrange.min; |
1747 | break; |
1748 | default: |
1749 | result = nss_sslver_from_curl(&sslver->min, min); |
1750 | if(result) { |
1751 | failf(data, "unsupported min version passed via CURLOPT_SSLVERSION" ); |
1752 | return result; |
1753 | } |
1754 | } |
1755 | |
1756 | switch(max) { |
1757 | case CURL_SSLVERSION_MAX_NONE: |
1758 | case CURL_SSLVERSION_MAX_DEFAULT: |
1759 | break; |
1760 | default: |
1761 | result = nss_sslver_from_curl(&sslver->max, max >> 16); |
1762 | if(result) { |
1763 | failf(data, "unsupported max version passed via CURLOPT_SSLVERSION" ); |
1764 | return result; |
1765 | } |
1766 | } |
1767 | |
1768 | return CURLE_OK; |
1769 | } |
1770 | |
1771 | static CURLcode nss_fail_connect(struct ssl_connect_data *connssl, |
1772 | struct Curl_easy *data, |
1773 | CURLcode curlerr) |
1774 | { |
1775 | PRErrorCode err = 0; |
1776 | |
1777 | if(is_nss_error(curlerr)) { |
1778 | /* read NSPR error code */ |
1779 | err = PR_GetError(); |
1780 | if(is_cc_error(err)) |
1781 | curlerr = CURLE_SSL_CERTPROBLEM; |
1782 | |
1783 | /* print the error number and error string */ |
1784 | infof(data, "NSS error %d (%s)\n" , err, nss_error_to_name(err)); |
1785 | |
1786 | /* print a human-readable message describing the error if available */ |
1787 | nss_print_error_message(data, err); |
1788 | } |
1789 | |
1790 | /* cleanup on connection failure */ |
1791 | Curl_llist_destroy(&BACKEND->obj_list, NULL); |
1792 | |
1793 | return curlerr; |
1794 | } |
1795 | |
1796 | /* Switch the SSL socket into blocking or non-blocking mode. */ |
1797 | static CURLcode nss_set_blocking(struct ssl_connect_data *connssl, |
1798 | struct Curl_easy *data, |
1799 | bool blocking) |
1800 | { |
1801 | static PRSocketOptionData sock_opt; |
1802 | sock_opt.option = PR_SockOpt_Nonblocking; |
1803 | sock_opt.value.non_blocking = !blocking; |
1804 | |
1805 | if(PR_SetSocketOption(BACKEND->handle, &sock_opt) != PR_SUCCESS) |
1806 | return nss_fail_connect(connssl, data, CURLE_SSL_CONNECT_ERROR); |
1807 | |
1808 | return CURLE_OK; |
1809 | } |
1810 | |
1811 | static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex) |
1812 | { |
1813 | PRFileDesc *model = NULL; |
1814 | PRFileDesc *nspr_io = NULL; |
1815 | PRFileDesc *nspr_io_stub = NULL; |
1816 | PRBool ssl_no_cache; |
1817 | PRBool ssl_cbc_random_iv; |
1818 | struct Curl_easy *data = conn->data; |
1819 | curl_socket_t sockfd = conn->sock[sockindex]; |
1820 | struct ssl_connect_data *connssl = &conn->ssl[sockindex]; |
1821 | CURLcode result; |
1822 | bool second_layer = FALSE; |
1823 | SSLVersionRange sslver_supported; |
1824 | |
1825 | SSLVersionRange sslver = { |
1826 | SSL_LIBRARY_VERSION_TLS_1_0, /* min */ |
1827 | #ifdef SSL_LIBRARY_VERSION_TLS_1_3 |
1828 | SSL_LIBRARY_VERSION_TLS_1_3 /* max */ |
1829 | #elif defined SSL_LIBRARY_VERSION_TLS_1_2 |
1830 | SSL_LIBRARY_VERSION_TLS_1_2 |
1831 | #elif defined SSL_LIBRARY_VERSION_TLS_1_1 |
1832 | SSL_LIBRARY_VERSION_TLS_1_1 |
1833 | #else |
1834 | SSL_LIBRARY_VERSION_TLS_1_0 |
1835 | #endif |
1836 | }; |
1837 | |
1838 | BACKEND->data = data; |
1839 | |
1840 | /* list of all NSS objects we need to destroy in Curl_nss_close() */ |
1841 | Curl_llist_init(&BACKEND->obj_list, nss_destroy_object); |
1842 | |
1843 | PR_Lock(nss_initlock); |
1844 | result = nss_init(conn->data); |
1845 | if(result) { |
1846 | PR_Unlock(nss_initlock); |
1847 | goto error; |
1848 | } |
1849 | |
1850 | PK11_SetPasswordFunc(nss_get_password); |
1851 | |
1852 | result = nss_load_module(&pem_module, pem_library, "PEM" ); |
1853 | PR_Unlock(nss_initlock); |
1854 | if(result == CURLE_FAILED_INIT) |
1855 | infof(data, "WARNING: failed to load NSS PEM library %s. Using " |
1856 | "OpenSSL PEM certificates will not work.\n" , pem_library); |
1857 | else if(result) |
1858 | goto error; |
1859 | |
1860 | result = CURLE_SSL_CONNECT_ERROR; |
1861 | |
1862 | model = PR_NewTCPSocket(); |
1863 | if(!model) |
1864 | goto error; |
1865 | model = SSL_ImportFD(NULL, model); |
1866 | |
1867 | if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess) |
1868 | goto error; |
1869 | if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_SERVER, PR_FALSE) != SECSuccess) |
1870 | goto error; |
1871 | if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE) != SECSuccess) |
1872 | goto error; |
1873 | |
1874 | /* do not use SSL cache if disabled or we are not going to verify peer */ |
1875 | ssl_no_cache = (SSL_SET_OPTION(primary.sessionid) |
1876 | && SSL_CONN_CONFIG(verifypeer)) ? PR_FALSE : PR_TRUE; |
1877 | if(SSL_OptionSet(model, SSL_NO_CACHE, ssl_no_cache) != SECSuccess) |
1878 | goto error; |
1879 | |
1880 | /* enable/disable the requested SSL version(s) */ |
1881 | if(nss_init_sslver(&sslver, data, conn) != CURLE_OK) |
1882 | goto error; |
1883 | if(SSL_VersionRangeGetSupported(ssl_variant_stream, |
1884 | &sslver_supported) != SECSuccess) |
1885 | goto error; |
1886 | if(sslver_supported.max < sslver.max && sslver_supported.max >= sslver.min) { |
1887 | char *sslver_req_str, *sslver_supp_str; |
1888 | sslver_req_str = nss_sslver_to_name(sslver.max); |
1889 | sslver_supp_str = nss_sslver_to_name(sslver_supported.max); |
1890 | if(sslver_req_str && sslver_supp_str) |
1891 | infof(data, "Falling back from %s to max supported SSL version (%s)\n" , |
1892 | sslver_req_str, sslver_supp_str); |
1893 | free(sslver_req_str); |
1894 | free(sslver_supp_str); |
1895 | sslver.max = sslver_supported.max; |
1896 | } |
1897 | if(SSL_VersionRangeSet(model, &sslver) != SECSuccess) |
1898 | goto error; |
1899 | |
1900 | ssl_cbc_random_iv = !SSL_SET_OPTION(enable_beast); |
1901 | #ifdef SSL_CBC_RANDOM_IV |
1902 | /* unless the user explicitly asks to allow the protocol vulnerability, we |
1903 | use the work-around */ |
1904 | if(SSL_OptionSet(model, SSL_CBC_RANDOM_IV, ssl_cbc_random_iv) != SECSuccess) |
1905 | infof(data, "warning: failed to set SSL_CBC_RANDOM_IV = %d\n" , |
1906 | ssl_cbc_random_iv); |
1907 | #else |
1908 | if(ssl_cbc_random_iv) |
1909 | infof(data, "warning: support for SSL_CBC_RANDOM_IV not compiled in\n" ); |
1910 | #endif |
1911 | |
1912 | if(SSL_CONN_CONFIG(cipher_list)) { |
1913 | if(set_ciphers(data, model, SSL_CONN_CONFIG(cipher_list)) != SECSuccess) { |
1914 | result = CURLE_SSL_CIPHER; |
1915 | goto error; |
1916 | } |
1917 | } |
1918 | |
1919 | if(!SSL_CONN_CONFIG(verifypeer) && SSL_CONN_CONFIG(verifyhost)) |
1920 | infof(data, "warning: ignoring value of ssl.verifyhost\n" ); |
1921 | |
1922 | /* bypass the default SSL_AuthCertificate() hook in case we do not want to |
1923 | * verify peer */ |
1924 | if(SSL_AuthCertificateHook(model, nss_auth_cert_hook, conn) != SECSuccess) |
1925 | goto error; |
1926 | |
1927 | /* not checked yet */ |
1928 | if(SSL_IS_PROXY()) |
1929 | data->set.proxy_ssl.certverifyresult = 0; |
1930 | else |
1931 | data->set.ssl.certverifyresult = 0; |
1932 | |
1933 | if(SSL_BadCertHook(model, BadCertHandler, conn) != SECSuccess) |
1934 | goto error; |
1935 | |
1936 | if(SSL_HandshakeCallback(model, HandshakeCallback, conn) != SECSuccess) |
1937 | goto error; |
1938 | |
1939 | { |
1940 | const CURLcode rv = nss_load_ca_certificates(conn, sockindex); |
1941 | if((rv == CURLE_SSL_CACERT_BADFILE) && !SSL_CONN_CONFIG(verifypeer)) |
1942 | /* not a fatal error because we are not going to verify the peer */ |
1943 | infof(data, "warning: CA certificates failed to load\n" ); |
1944 | else if(rv) { |
1945 | result = rv; |
1946 | goto error; |
1947 | } |
1948 | } |
1949 | |
1950 | if(SSL_SET_OPTION(CRLfile)) { |
1951 | const CURLcode rv = nss_load_crl(SSL_SET_OPTION(CRLfile)); |
1952 | if(rv) { |
1953 | result = rv; |
1954 | goto error; |
1955 | } |
1956 | infof(data, " CRLfile: %s\n" , SSL_SET_OPTION(CRLfile)); |
1957 | } |
1958 | |
1959 | if(SSL_SET_OPTION(cert)) { |
1960 | char *nickname = dup_nickname(data, SSL_SET_OPTION(cert)); |
1961 | if(nickname) { |
1962 | /* we are not going to use libnsspem.so to read the client cert */ |
1963 | BACKEND->obj_clicert = NULL; |
1964 | } |
1965 | else { |
1966 | CURLcode rv = cert_stuff(conn, sockindex, SSL_SET_OPTION(cert), |
1967 | SSL_SET_OPTION(key)); |
1968 | if(rv) { |
1969 | /* failf() is already done in cert_stuff() */ |
1970 | result = rv; |
1971 | goto error; |
1972 | } |
1973 | } |
1974 | |
1975 | /* store the nickname for SelectClientCert() called during handshake */ |
1976 | BACKEND->client_nickname = nickname; |
1977 | } |
1978 | else |
1979 | BACKEND->client_nickname = NULL; |
1980 | |
1981 | if(SSL_GetClientAuthDataHook(model, SelectClientCert, |
1982 | (void *)connssl) != SECSuccess) { |
1983 | result = CURLE_SSL_CERTPROBLEM; |
1984 | goto error; |
1985 | } |
1986 | |
1987 | if(conn->proxy_ssl[sockindex].use) { |
1988 | DEBUGASSERT(ssl_connection_complete == conn->proxy_ssl[sockindex].state); |
1989 | DEBUGASSERT(conn->proxy_ssl[sockindex].backend->handle != NULL); |
1990 | nspr_io = conn->proxy_ssl[sockindex].backend->handle; |
1991 | second_layer = TRUE; |
1992 | } |
1993 | else { |
1994 | /* wrap OS file descriptor by NSPR's file descriptor abstraction */ |
1995 | nspr_io = PR_ImportTCPSocket(sockfd); |
1996 | if(!nspr_io) |
1997 | goto error; |
1998 | } |
1999 | |
2000 | /* create our own NSPR I/O layer */ |
2001 | nspr_io_stub = PR_CreateIOLayerStub(nspr_io_identity, &nspr_io_methods); |
2002 | if(!nspr_io_stub) { |
2003 | if(!second_layer) |
2004 | PR_Close(nspr_io); |
2005 | goto error; |
2006 | } |
2007 | |
2008 | /* make the per-connection data accessible from NSPR I/O callbacks */ |
2009 | nspr_io_stub->secret = (void *)connssl; |
2010 | |
2011 | /* push our new layer to the NSPR I/O stack */ |
2012 | if(PR_PushIOLayer(nspr_io, PR_TOP_IO_LAYER, nspr_io_stub) != PR_SUCCESS) { |
2013 | if(!second_layer) |
2014 | PR_Close(nspr_io); |
2015 | PR_Close(nspr_io_stub); |
2016 | goto error; |
2017 | } |
2018 | |
2019 | /* import our model socket onto the current I/O stack */ |
2020 | BACKEND->handle = SSL_ImportFD(model, nspr_io); |
2021 | if(!BACKEND->handle) { |
2022 | if(!second_layer) |
2023 | PR_Close(nspr_io); |
2024 | goto error; |
2025 | } |
2026 | |
2027 | PR_Close(model); /* We don't need this any more */ |
2028 | model = NULL; |
2029 | |
2030 | /* This is the password associated with the cert that we're using */ |
2031 | if(SSL_SET_OPTION(key_passwd)) { |
2032 | SSL_SetPKCS11PinArg(BACKEND->handle, SSL_SET_OPTION(key_passwd)); |
2033 | } |
2034 | |
2035 | #ifdef SSL_ENABLE_OCSP_STAPLING |
2036 | if(SSL_CONN_CONFIG(verifystatus)) { |
2037 | if(SSL_OptionSet(BACKEND->handle, SSL_ENABLE_OCSP_STAPLING, PR_TRUE) |
2038 | != SECSuccess) |
2039 | goto error; |
2040 | } |
2041 | #endif |
2042 | |
2043 | #ifdef SSL_ENABLE_NPN |
2044 | if(SSL_OptionSet(BACKEND->handle, SSL_ENABLE_NPN, conn->bits.tls_enable_npn |
2045 | ? PR_TRUE : PR_FALSE) != SECSuccess) |
2046 | goto error; |
2047 | #endif |
2048 | |
2049 | #ifdef SSL_ENABLE_ALPN |
2050 | if(SSL_OptionSet(BACKEND->handle, SSL_ENABLE_ALPN, conn->bits.tls_enable_alpn |
2051 | ? PR_TRUE : PR_FALSE) != SECSuccess) |
2052 | goto error; |
2053 | #endif |
2054 | |
2055 | #if NSSVERNUM >= 0x030f04 /* 3.15.4 */ |
2056 | if(data->set.ssl.falsestart) { |
2057 | if(SSL_OptionSet(BACKEND->handle, SSL_ENABLE_FALSE_START, PR_TRUE) |
2058 | != SECSuccess) |
2059 | goto error; |
2060 | |
2061 | if(SSL_SetCanFalseStartCallback(BACKEND->handle, CanFalseStartCallback, |
2062 | conn) != SECSuccess) |
2063 | goto error; |
2064 | } |
2065 | #endif |
2066 | |
2067 | #if defined(SSL_ENABLE_NPN) || defined(SSL_ENABLE_ALPN) |
2068 | if(conn->bits.tls_enable_npn || conn->bits.tls_enable_alpn) { |
2069 | int cur = 0; |
2070 | unsigned char protocols[128]; |
2071 | |
2072 | #ifdef USE_NGHTTP2 |
2073 | if(data->set.httpversion >= CURL_HTTP_VERSION_2 && |
2074 | (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) { |
2075 | protocols[cur++] = NGHTTP2_PROTO_VERSION_ID_LEN; |
2076 | memcpy(&protocols[cur], NGHTTP2_PROTO_VERSION_ID, |
2077 | NGHTTP2_PROTO_VERSION_ID_LEN); |
2078 | cur += NGHTTP2_PROTO_VERSION_ID_LEN; |
2079 | } |
2080 | #endif |
2081 | protocols[cur++] = ALPN_HTTP_1_1_LENGTH; |
2082 | memcpy(&protocols[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH); |
2083 | cur += ALPN_HTTP_1_1_LENGTH; |
2084 | |
2085 | if(SSL_SetNextProtoNego(BACKEND->handle, protocols, cur) != SECSuccess) |
2086 | goto error; |
2087 | } |
2088 | #endif |
2089 | |
2090 | |
2091 | /* Force handshake on next I/O */ |
2092 | if(SSL_ResetHandshake(BACKEND->handle, /* asServer */ PR_FALSE) |
2093 | != SECSuccess) |
2094 | goto error; |
2095 | |
2096 | /* propagate hostname to the TLS layer */ |
2097 | if(SSL_SetURL(BACKEND->handle, SSL_IS_PROXY() ? conn->http_proxy.host.name : |
2098 | conn->host.name) != SECSuccess) |
2099 | goto error; |
2100 | |
2101 | /* prevent NSS from re-using the session for a different hostname */ |
2102 | if(SSL_SetSockPeerID(BACKEND->handle, SSL_IS_PROXY() ? |
2103 | conn->http_proxy.host.name : conn->host.name) |
2104 | != SECSuccess) |
2105 | goto error; |
2106 | |
2107 | return CURLE_OK; |
2108 | |
2109 | error: |
2110 | if(model) |
2111 | PR_Close(model); |
2112 | |
2113 | return nss_fail_connect(connssl, data, result); |
2114 | } |
2115 | |
2116 | static CURLcode nss_do_connect(struct connectdata *conn, int sockindex) |
2117 | { |
2118 | struct ssl_connect_data *connssl = &conn->ssl[sockindex]; |
2119 | struct Curl_easy *data = conn->data; |
2120 | CURLcode result = CURLE_SSL_CONNECT_ERROR; |
2121 | PRUint32 timeout; |
2122 | long * const certverifyresult = SSL_IS_PROXY() ? |
2123 | &data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult; |
2124 | const char * const pinnedpubkey = SSL_IS_PROXY() ? |
2125 | data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] : |
2126 | data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG]; |
2127 | |
2128 | |
2129 | /* check timeout situation */ |
2130 | const timediff_t time_left = Curl_timeleft(data, NULL, TRUE); |
2131 | if(time_left < 0) { |
2132 | failf(data, "timed out before SSL handshake" ); |
2133 | result = CURLE_OPERATION_TIMEDOUT; |
2134 | goto error; |
2135 | } |
2136 | |
2137 | /* Force the handshake now */ |
2138 | timeout = PR_MillisecondsToInterval((PRUint32) time_left); |
2139 | if(SSL_ForceHandshakeWithTimeout(BACKEND->handle, timeout) != SECSuccess) { |
2140 | if(PR_GetError() == PR_WOULD_BLOCK_ERROR) |
2141 | /* blocking direction is updated by nss_update_connecting_state() */ |
2142 | return CURLE_AGAIN; |
2143 | else if(*certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN) |
2144 | result = CURLE_PEER_FAILED_VERIFICATION; |
2145 | else if(*certverifyresult != 0) |
2146 | result = CURLE_PEER_FAILED_VERIFICATION; |
2147 | goto error; |
2148 | } |
2149 | |
2150 | result = display_conn_info(conn, BACKEND->handle); |
2151 | if(result) |
2152 | goto error; |
2153 | |
2154 | if(SSL_SET_OPTION(issuercert)) { |
2155 | SECStatus ret = SECFailure; |
2156 | char *nickname = dup_nickname(data, SSL_SET_OPTION(issuercert)); |
2157 | if(nickname) { |
2158 | /* we support only nicknames in case of issuercert for now */ |
2159 | ret = check_issuer_cert(BACKEND->handle, nickname); |
2160 | free(nickname); |
2161 | } |
2162 | |
2163 | if(SECFailure == ret) { |
2164 | infof(data, "SSL certificate issuer check failed\n" ); |
2165 | result = CURLE_SSL_ISSUER_ERROR; |
2166 | goto error; |
2167 | } |
2168 | else { |
2169 | infof(data, "SSL certificate issuer check ok\n" ); |
2170 | } |
2171 | } |
2172 | |
2173 | result = cmp_peer_pubkey(connssl, pinnedpubkey); |
2174 | if(result) |
2175 | /* status already printed */ |
2176 | goto error; |
2177 | |
2178 | return CURLE_OK; |
2179 | |
2180 | error: |
2181 | return nss_fail_connect(connssl, data, result); |
2182 | } |
2183 | |
2184 | static CURLcode nss_connect_common(struct connectdata *conn, int sockindex, |
2185 | bool *done) |
2186 | { |
2187 | struct ssl_connect_data *connssl = &conn->ssl[sockindex]; |
2188 | struct Curl_easy *data = conn->data; |
2189 | const bool blocking = (done == NULL); |
2190 | CURLcode result; |
2191 | |
2192 | if(connssl->state == ssl_connection_complete) { |
2193 | if(!blocking) |
2194 | *done = TRUE; |
2195 | return CURLE_OK; |
2196 | } |
2197 | |
2198 | if(connssl->connecting_state == ssl_connect_1) { |
2199 | result = nss_setup_connect(conn, sockindex); |
2200 | if(result) |
2201 | /* we do not expect CURLE_AGAIN from nss_setup_connect() */ |
2202 | return result; |
2203 | |
2204 | connssl->connecting_state = ssl_connect_2; |
2205 | } |
2206 | |
2207 | /* enable/disable blocking mode before handshake */ |
2208 | result = nss_set_blocking(connssl, data, blocking); |
2209 | if(result) |
2210 | return result; |
2211 | |
2212 | result = nss_do_connect(conn, sockindex); |
2213 | switch(result) { |
2214 | case CURLE_OK: |
2215 | break; |
2216 | case CURLE_AGAIN: |
2217 | if(!blocking) |
2218 | /* CURLE_AGAIN in non-blocking mode is not an error */ |
2219 | return CURLE_OK; |
2220 | /* FALLTHROUGH */ |
2221 | default: |
2222 | return result; |
2223 | } |
2224 | |
2225 | if(blocking) { |
2226 | /* in blocking mode, set NSS non-blocking mode _after_ SSL handshake */ |
2227 | result = nss_set_blocking(connssl, data, /* blocking */ FALSE); |
2228 | if(result) |
2229 | return result; |
2230 | } |
2231 | else |
2232 | /* signal completed SSL handshake */ |
2233 | *done = TRUE; |
2234 | |
2235 | connssl->state = ssl_connection_complete; |
2236 | conn->recv[sockindex] = nss_recv; |
2237 | conn->send[sockindex] = nss_send; |
2238 | |
2239 | /* ssl_connect_done is never used outside, go back to the initial state */ |
2240 | connssl->connecting_state = ssl_connect_1; |
2241 | |
2242 | return CURLE_OK; |
2243 | } |
2244 | |
2245 | static CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) |
2246 | { |
2247 | return nss_connect_common(conn, sockindex, /* blocking */ NULL); |
2248 | } |
2249 | |
2250 | static CURLcode Curl_nss_connect_nonblocking(struct connectdata *conn, |
2251 | int sockindex, bool *done) |
2252 | { |
2253 | return nss_connect_common(conn, sockindex, done); |
2254 | } |
2255 | |
2256 | static ssize_t nss_send(struct connectdata *conn, /* connection data */ |
2257 | int sockindex, /* socketindex */ |
2258 | const void *mem, /* send this data */ |
2259 | size_t len, /* amount to write */ |
2260 | CURLcode *curlcode) |
2261 | { |
2262 | struct ssl_connect_data *connssl = &conn->ssl[sockindex]; |
2263 | ssize_t rc; |
2264 | |
2265 | /* The SelectClientCert() hook uses this for infof() and failf() but the |
2266 | handle stored in nss_setup_connect() could have already been freed. */ |
2267 | BACKEND->data = conn->data; |
2268 | |
2269 | rc = PR_Send(BACKEND->handle, mem, (int)len, 0, PR_INTERVAL_NO_WAIT); |
2270 | if(rc < 0) { |
2271 | PRInt32 err = PR_GetError(); |
2272 | if(err == PR_WOULD_BLOCK_ERROR) |
2273 | *curlcode = CURLE_AGAIN; |
2274 | else { |
2275 | /* print the error number and error string */ |
2276 | const char *err_name = nss_error_to_name(err); |
2277 | infof(conn->data, "SSL write: error %d (%s)\n" , err, err_name); |
2278 | |
2279 | /* print a human-readable message describing the error if available */ |
2280 | nss_print_error_message(conn->data, err); |
2281 | |
2282 | *curlcode = (is_cc_error(err)) |
2283 | ? CURLE_SSL_CERTPROBLEM |
2284 | : CURLE_SEND_ERROR; |
2285 | } |
2286 | |
2287 | return -1; |
2288 | } |
2289 | |
2290 | return rc; /* number of bytes */ |
2291 | } |
2292 | |
2293 | static ssize_t nss_recv(struct connectdata *conn, /* connection data */ |
2294 | int sockindex, /* socketindex */ |
2295 | char *buf, /* store read data here */ |
2296 | size_t buffersize, /* max amount to read */ |
2297 | CURLcode *curlcode) |
2298 | { |
2299 | struct ssl_connect_data *connssl = &conn->ssl[sockindex]; |
2300 | ssize_t nread; |
2301 | |
2302 | /* The SelectClientCert() hook uses this for infof() and failf() but the |
2303 | handle stored in nss_setup_connect() could have already been freed. */ |
2304 | BACKEND->data = conn->data; |
2305 | |
2306 | nread = PR_Recv(BACKEND->handle, buf, (int)buffersize, 0, |
2307 | PR_INTERVAL_NO_WAIT); |
2308 | if(nread < 0) { |
2309 | /* failed SSL read */ |
2310 | PRInt32 err = PR_GetError(); |
2311 | |
2312 | if(err == PR_WOULD_BLOCK_ERROR) |
2313 | *curlcode = CURLE_AGAIN; |
2314 | else { |
2315 | /* print the error number and error string */ |
2316 | const char *err_name = nss_error_to_name(err); |
2317 | infof(conn->data, "SSL read: errno %d (%s)\n" , err, err_name); |
2318 | |
2319 | /* print a human-readable message describing the error if available */ |
2320 | nss_print_error_message(conn->data, err); |
2321 | |
2322 | *curlcode = (is_cc_error(err)) |
2323 | ? CURLE_SSL_CERTPROBLEM |
2324 | : CURLE_RECV_ERROR; |
2325 | } |
2326 | |
2327 | return -1; |
2328 | } |
2329 | |
2330 | return nread; |
2331 | } |
2332 | |
2333 | static size_t Curl_nss_version(char *buffer, size_t size) |
2334 | { |
2335 | return msnprintf(buffer, size, "NSS/%s" , NSS_VERSION); |
2336 | } |
2337 | |
2338 | /* data might be NULL */ |
2339 | static int Curl_nss_seed(struct Curl_easy *data) |
2340 | { |
2341 | /* make sure that NSS is initialized */ |
2342 | return !!Curl_nss_force_init(data); |
2343 | } |
2344 | |
2345 | /* data might be NULL */ |
2346 | static CURLcode Curl_nss_random(struct Curl_easy *data, |
2347 | unsigned char *entropy, |
2348 | size_t length) |
2349 | { |
2350 | Curl_nss_seed(data); /* Initiate the seed if not already done */ |
2351 | |
2352 | if(SECSuccess != PK11_GenerateRandom(entropy, curlx_uztosi(length))) |
2353 | /* signal a failure */ |
2354 | return CURLE_FAILED_INIT; |
2355 | |
2356 | return CURLE_OK; |
2357 | } |
2358 | |
2359 | static CURLcode Curl_nss_md5sum(unsigned char *tmp, /* input */ |
2360 | size_t tmplen, |
2361 | unsigned char *md5sum, /* output */ |
2362 | size_t md5len) |
2363 | { |
2364 | PK11Context *MD5pw = PK11_CreateDigestContext(SEC_OID_MD5); |
2365 | unsigned int MD5out; |
2366 | |
2367 | PK11_DigestOp(MD5pw, tmp, curlx_uztoui(tmplen)); |
2368 | PK11_DigestFinal(MD5pw, md5sum, &MD5out, curlx_uztoui(md5len)); |
2369 | PK11_DestroyContext(MD5pw, PR_TRUE); |
2370 | |
2371 | return CURLE_OK; |
2372 | } |
2373 | |
2374 | static CURLcode Curl_nss_sha256sum(const unsigned char *tmp, /* input */ |
2375 | size_t tmplen, |
2376 | unsigned char *sha256sum, /* output */ |
2377 | size_t sha256len) |
2378 | { |
2379 | PK11Context *SHA256pw = PK11_CreateDigestContext(SEC_OID_SHA256); |
2380 | unsigned int SHA256out; |
2381 | |
2382 | PK11_DigestOp(SHA256pw, tmp, curlx_uztoui(tmplen)); |
2383 | PK11_DigestFinal(SHA256pw, sha256sum, &SHA256out, curlx_uztoui(sha256len)); |
2384 | PK11_DestroyContext(SHA256pw, PR_TRUE); |
2385 | |
2386 | return CURLE_OK; |
2387 | } |
2388 | |
2389 | static bool Curl_nss_cert_status_request(void) |
2390 | { |
2391 | #ifdef SSL_ENABLE_OCSP_STAPLING |
2392 | return TRUE; |
2393 | #else |
2394 | return FALSE; |
2395 | #endif |
2396 | } |
2397 | |
2398 | static bool Curl_nss_false_start(void) |
2399 | { |
2400 | #if NSSVERNUM >= 0x030f04 /* 3.15.4 */ |
2401 | return TRUE; |
2402 | #else |
2403 | return FALSE; |
2404 | #endif |
2405 | } |
2406 | |
2407 | static void *Curl_nss_get_internals(struct ssl_connect_data *connssl, |
2408 | CURLINFO info UNUSED_PARAM) |
2409 | { |
2410 | (void)info; |
2411 | return BACKEND->handle; |
2412 | } |
2413 | |
2414 | const struct Curl_ssl Curl_ssl_nss = { |
2415 | { CURLSSLBACKEND_NSS, "nss" }, /* info */ |
2416 | |
2417 | SSLSUPP_CA_PATH | |
2418 | SSLSUPP_CERTINFO | |
2419 | SSLSUPP_PINNEDPUBKEY | |
2420 | SSLSUPP_HTTPS_PROXY, |
2421 | |
2422 | sizeof(struct ssl_backend_data), |
2423 | |
2424 | Curl_nss_init, /* init */ |
2425 | Curl_nss_cleanup, /* cleanup */ |
2426 | Curl_nss_version, /* version */ |
2427 | Curl_nss_check_cxn, /* check_cxn */ |
2428 | /* NSS has no shutdown function provided and thus always fail */ |
2429 | Curl_none_shutdown, /* shutdown */ |
2430 | Curl_none_data_pending, /* data_pending */ |
2431 | Curl_nss_random, /* random */ |
2432 | Curl_nss_cert_status_request, /* cert_status_request */ |
2433 | Curl_nss_connect, /* connect */ |
2434 | Curl_nss_connect_nonblocking, /* connect_nonblocking */ |
2435 | Curl_nss_get_internals, /* get_internals */ |
2436 | Curl_nss_close, /* close_one */ |
2437 | Curl_none_close_all, /* close_all */ |
2438 | /* NSS has its own session ID cache */ |
2439 | Curl_none_session_free, /* session_free */ |
2440 | Curl_none_set_engine, /* set_engine */ |
2441 | Curl_none_set_engine_default, /* set_engine_default */ |
2442 | Curl_none_engines_list, /* engines_list */ |
2443 | Curl_nss_false_start, /* false_start */ |
2444 | Curl_nss_md5sum, /* md5sum */ |
2445 | Curl_nss_sha256sum /* sha256sum */ |
2446 | }; |
2447 | |
2448 | #endif /* USE_NSS */ |
2449 | |