1 | /***************************************************************************
|
---|
2 | * _ _ ____ _
|
---|
3 | * Project ___| | | | _ \| |
|
---|
4 | * / __| | | | |_) | |
|
---|
5 | * | (__| |_| | _ <| |___
|
---|
6 | * \___|\___/|_| \_\_____|
|
---|
7 | *
|
---|
8 | * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
|
---|
9 | *
|
---|
10 | * This software is licensed as described in the file COPYING, which
|
---|
11 | * you should have received as part of this distribution. The terms
|
---|
12 | * are also available at https://curl.haxx.se/docs/copyright.html.
|
---|
13 | *
|
---|
14 | * You may opt to use, copy, modify, merge, publish, distribute and/or sell
|
---|
15 | * copies of the Software, and permit persons to whom the Software is
|
---|
16 | * furnished to do so, under the terms of the COPYING file.
|
---|
17 | *
|
---|
18 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
|
---|
19 | * KIND, either express or implied.
|
---|
20 | *
|
---|
21 | ***************************************************************************/
|
---|
22 |
|
---|
23 | /*
|
---|
24 | * Source file for all NSS-specific code for the TLS/SSL layer. No code
|
---|
25 | * but vtls.c should ever call or use these functions.
|
---|
26 | */
|
---|
27 |
|
---|
28 | #include "curl_setup.h"
|
---|
29 |
|
---|
30 | #ifdef USE_NSS
|
---|
31 |
|
---|
32 | #include "urldata.h"
|
---|
33 | #include "sendf.h"
|
---|
34 | #include "formdata.h" /* for the boundary function */
|
---|
35 | #include "url.h" /* for the ssl config check function */
|
---|
36 | #include "connect.h"
|
---|
37 | #include "strcase.h"
|
---|
38 | #include "select.h"
|
---|
39 | #include "vtls.h"
|
---|
40 | #include "llist.h"
|
---|
41 | #include "curl_printf.h"
|
---|
42 | #include "nssg.h"
|
---|
43 | #include <nspr.h>
|
---|
44 | #include <nss.h>
|
---|
45 | #include <ssl.h>
|
---|
46 | #include <sslerr.h>
|
---|
47 | #include <secerr.h>
|
---|
48 | #include <secmod.h>
|
---|
49 | #include <sslproto.h>
|
---|
50 | #include <prtypes.h>
|
---|
51 | #include <pk11pub.h>
|
---|
52 | #include <prio.h>
|
---|
53 | #include <secitem.h>
|
---|
54 | #include <secport.h>
|
---|
55 | #include <certdb.h>
|
---|
56 | #include <base64.h>
|
---|
57 | #include <cert.h>
|
---|
58 | #include <prerror.h>
|
---|
59 | #include <keyhi.h> /* for SECKEY_DestroyPublicKey() */
|
---|
60 | #include <private/pprio.h> /* for PR_ImportTCPSocket */
|
---|
61 |
|
---|
62 | #define NSSVERNUM ((NSS_VMAJOR<<16)|(NSS_VMINOR<<8)|NSS_VPATCH)
|
---|
63 |
|
---|
64 | #if NSSVERNUM >= 0x030f00 /* 3.15.0 */
|
---|
65 | #include <ocsp.h>
|
---|
66 | #endif
|
---|
67 |
|
---|
68 | #include "strcase.h"
|
---|
69 | #include "warnless.h"
|
---|
70 | #include "x509asn1.h"
|
---|
71 |
|
---|
72 | /* The last #include files should be: */
|
---|
73 | #include "curl_memory.h"
|
---|
74 | #include "memdebug.h"
|
---|
75 |
|
---|
76 | #define SSL_DIR "/etc/pki/nssdb"
|
---|
77 |
|
---|
78 | /* enough to fit the string "PEM Token #[0|1]" */
|
---|
79 | #define SLOTSIZE 13
|
---|
80 |
|
---|
81 | struct ssl_backend_data {
|
---|
82 | PRFileDesc *handle;
|
---|
83 | char *client_nickname;
|
---|
84 | struct Curl_easy *data;
|
---|
85 | struct curl_llist obj_list;
|
---|
86 | PK11GenericObject *obj_clicert;
|
---|
87 | };
|
---|
88 |
|
---|
89 | #define BACKEND connssl->backend
|
---|
90 |
|
---|
91 | static PRLock *nss_initlock = NULL;
|
---|
92 | static PRLock *nss_crllock = NULL;
|
---|
93 | static PRLock *nss_findslot_lock = NULL;
|
---|
94 | static PRLock *nss_trustload_lock = NULL;
|
---|
95 | static struct curl_llist nss_crl_list;
|
---|
96 | static NSSInitContext *nss_context = NULL;
|
---|
97 | static volatile int initialized = 0;
|
---|
98 |
|
---|
99 | /* type used to wrap pointers as list nodes */
|
---|
100 | struct ptr_list_wrap {
|
---|
101 | void *ptr;
|
---|
102 | struct curl_llist_element node;
|
---|
103 | };
|
---|
104 |
|
---|
105 | typedef struct {
|
---|
106 | const char *name;
|
---|
107 | int num;
|
---|
108 | } cipher_s;
|
---|
109 |
|
---|
110 | #define PK11_SETATTRS(_attr, _idx, _type, _val, _len) do { \
|
---|
111 | CK_ATTRIBUTE *ptr = (_attr) + ((_idx)++); \
|
---|
112 | ptr->type = (_type); \
|
---|
113 | ptr->pValue = (_val); \
|
---|
114 | ptr->ulValueLen = (_len); \
|
---|
115 | } WHILE_FALSE
|
---|
116 |
|
---|
117 | #define CERT_NewTempCertificate __CERT_NewTempCertificate
|
---|
118 |
|
---|
119 | #define NUM_OF_CIPHERS sizeof(cipherlist)/sizeof(cipherlist[0])
|
---|
120 | static const cipher_s cipherlist[] = {
|
---|
121 | /* SSL2 cipher suites */
|
---|
122 | {"rc4", SSL_EN_RC4_128_WITH_MD5},
|
---|
123 | {"rc4-md5", SSL_EN_RC4_128_WITH_MD5},
|
---|
124 | {"rc4export", SSL_EN_RC4_128_EXPORT40_WITH_MD5},
|
---|
125 | {"rc2", SSL_EN_RC2_128_CBC_WITH_MD5},
|
---|
126 | {"rc2export", SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5},
|
---|
127 | {"des", SSL_EN_DES_64_CBC_WITH_MD5},
|
---|
128 | {"desede3", SSL_EN_DES_192_EDE3_CBC_WITH_MD5},
|
---|
129 | /* SSL3/TLS cipher suites */
|
---|
130 | {"rsa_rc4_128_md5", SSL_RSA_WITH_RC4_128_MD5},
|
---|
131 | {"rsa_rc4_128_sha", SSL_RSA_WITH_RC4_128_SHA},
|
---|
132 | {"rsa_3des_sha", SSL_RSA_WITH_3DES_EDE_CBC_SHA},
|
---|
133 | {"rsa_des_sha", SSL_RSA_WITH_DES_CBC_SHA},
|
---|
134 | {"rsa_rc4_40_md5", SSL_RSA_EXPORT_WITH_RC4_40_MD5},
|
---|
135 | {"rsa_rc2_40_md5", SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5},
|
---|
136 | {"rsa_null_md5", SSL_RSA_WITH_NULL_MD5},
|
---|
137 | {"rsa_null_sha", SSL_RSA_WITH_NULL_SHA},
|
---|
138 | {"fips_3des_sha", SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA},
|
---|
139 | {"fips_des_sha", SSL_RSA_FIPS_WITH_DES_CBC_SHA},
|
---|
140 | {"fortezza", SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA},
|
---|
141 | {"fortezza_rc4_128_sha", SSL_FORTEZZA_DMS_WITH_RC4_128_SHA},
|
---|
142 | {"fortezza_null", SSL_FORTEZZA_DMS_WITH_NULL_SHA},
|
---|
143 | /* TLS 1.0: Exportable 56-bit Cipher Suites. */
|
---|
144 | {"rsa_des_56_sha", TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA},
|
---|
145 | {"rsa_rc4_56_sha", TLS_RSA_EXPORT1024_WITH_RC4_56_SHA},
|
---|
146 | /* AES ciphers. */
|
---|
147 | {"dhe_dss_aes_128_cbc_sha", TLS_DHE_DSS_WITH_AES_128_CBC_SHA},
|
---|
148 | {"dhe_dss_aes_256_cbc_sha", TLS_DHE_DSS_WITH_AES_256_CBC_SHA},
|
---|
149 | {"dhe_rsa_aes_128_cbc_sha", TLS_DHE_RSA_WITH_AES_128_CBC_SHA},
|
---|
150 | {"dhe_rsa_aes_256_cbc_sha", TLS_DHE_RSA_WITH_AES_256_CBC_SHA},
|
---|
151 | {"rsa_aes_128_sha", TLS_RSA_WITH_AES_128_CBC_SHA},
|
---|
152 | {"rsa_aes_256_sha", TLS_RSA_WITH_AES_256_CBC_SHA},
|
---|
153 | /* ECC ciphers. */
|
---|
154 | {"ecdh_ecdsa_null_sha", TLS_ECDH_ECDSA_WITH_NULL_SHA},
|
---|
155 | {"ecdh_ecdsa_rc4_128_sha", TLS_ECDH_ECDSA_WITH_RC4_128_SHA},
|
---|
156 | {"ecdh_ecdsa_3des_sha", TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA},
|
---|
157 | {"ecdh_ecdsa_aes_128_sha", TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA},
|
---|
158 | {"ecdh_ecdsa_aes_256_sha", TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA},
|
---|
159 | {"ecdhe_ecdsa_null_sha", TLS_ECDHE_ECDSA_WITH_NULL_SHA},
|
---|
160 | {"ecdhe_ecdsa_rc4_128_sha", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA},
|
---|
161 | {"ecdhe_ecdsa_3des_sha", TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA},
|
---|
162 | {"ecdhe_ecdsa_aes_128_sha", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA},
|
---|
163 | {"ecdhe_ecdsa_aes_256_sha", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
|
---|
164 | {"ecdh_rsa_null_sha", TLS_ECDH_RSA_WITH_NULL_SHA},
|
---|
165 | {"ecdh_rsa_128_sha", TLS_ECDH_RSA_WITH_RC4_128_SHA},
|
---|
166 | {"ecdh_rsa_3des_sha", TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA},
|
---|
167 | {"ecdh_rsa_aes_128_sha", TLS_ECDH_RSA_WITH_AES_128_CBC_SHA},
|
---|
168 | {"ecdh_rsa_aes_256_sha", TLS_ECDH_RSA_WITH_AES_256_CBC_SHA},
|
---|
169 | {"ecdhe_rsa_null", TLS_ECDHE_RSA_WITH_NULL_SHA},
|
---|
170 | {"ecdhe_rsa_rc4_128_sha", TLS_ECDHE_RSA_WITH_RC4_128_SHA},
|
---|
171 | {"ecdhe_rsa_3des_sha", TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA},
|
---|
172 | {"ecdhe_rsa_aes_128_sha", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
|
---|
173 | {"ecdhe_rsa_aes_256_sha", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
|
---|
174 | {"ecdh_anon_null_sha", TLS_ECDH_anon_WITH_NULL_SHA},
|
---|
175 | {"ecdh_anon_rc4_128sha", TLS_ECDH_anon_WITH_RC4_128_SHA},
|
---|
176 | {"ecdh_anon_3des_sha", TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA},
|
---|
177 | {"ecdh_anon_aes_128_sha", TLS_ECDH_anon_WITH_AES_128_CBC_SHA},
|
---|
178 | {"ecdh_anon_aes_256_sha", TLS_ECDH_anon_WITH_AES_256_CBC_SHA},
|
---|
179 | #ifdef TLS_RSA_WITH_NULL_SHA256
|
---|
180 | /* new HMAC-SHA256 cipher suites specified in RFC */
|
---|
181 | {"rsa_null_sha_256", TLS_RSA_WITH_NULL_SHA256},
|
---|
182 | {"rsa_aes_128_cbc_sha_256", TLS_RSA_WITH_AES_128_CBC_SHA256},
|
---|
183 | {"rsa_aes_256_cbc_sha_256", TLS_RSA_WITH_AES_256_CBC_SHA256},
|
---|
184 | {"dhe_rsa_aes_128_cbc_sha_256", TLS_DHE_RSA_WITH_AES_128_CBC_SHA256},
|
---|
185 | {"dhe_rsa_aes_256_cbc_sha_256", TLS_DHE_RSA_WITH_AES_256_CBC_SHA256},
|
---|
186 | {"ecdhe_ecdsa_aes_128_cbc_sha_256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256},
|
---|
187 | {"ecdhe_rsa_aes_128_cbc_sha_256", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},
|
---|
188 | #endif
|
---|
189 | #ifdef TLS_RSA_WITH_AES_128_GCM_SHA256
|
---|
190 | /* AES GCM cipher suites in RFC 5288 and RFC 5289 */
|
---|
191 | {"rsa_aes_128_gcm_sha_256", TLS_RSA_WITH_AES_128_GCM_SHA256},
|
---|
192 | {"dhe_rsa_aes_128_gcm_sha_256", TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
|
---|
193 | {"dhe_dss_aes_128_gcm_sha_256", TLS_DHE_DSS_WITH_AES_128_GCM_SHA256},
|
---|
194 | {"ecdhe_ecdsa_aes_128_gcm_sha_256", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
|
---|
195 | {"ecdh_ecdsa_aes_128_gcm_sha_256", TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256},
|
---|
196 | {"ecdhe_rsa_aes_128_gcm_sha_256", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
|
---|
197 | {"ecdh_rsa_aes_128_gcm_sha_256", TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256},
|
---|
198 | #endif
|
---|
199 | #ifdef TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
---|
200 | /* cipher suites using SHA384 */
|
---|
201 | {"rsa_aes_256_gcm_sha_384", TLS_RSA_WITH_AES_256_GCM_SHA384},
|
---|
202 | {"dhe_rsa_aes_256_gcm_sha_384", TLS_DHE_RSA_WITH_AES_256_GCM_SHA384},
|
---|
203 | {"dhe_dss_aes_256_gcm_sha_384", TLS_DHE_DSS_WITH_AES_256_GCM_SHA384},
|
---|
204 | {"ecdhe_ecdsa_aes_256_sha_384", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384},
|
---|
205 | {"ecdhe_rsa_aes_256_sha_384", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384},
|
---|
206 | {"ecdhe_ecdsa_aes_256_gcm_sha_384", TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384},
|
---|
207 | {"ecdhe_rsa_aes_256_gcm_sha_384", TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384},
|
---|
208 | #endif
|
---|
209 | #ifdef TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
|
---|
210 | /* chacha20-poly1305 cipher suites */
|
---|
211 | {"ecdhe_rsa_chacha20_poly1305_sha_256",
|
---|
212 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
|
---|
213 | {"ecdhe_ecdsa_chacha20_poly1305_sha_256",
|
---|
214 | TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256},
|
---|
215 | {"dhe_rsa_chacha20_poly1305_sha_256",
|
---|
216 | TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
|
---|
217 | #endif
|
---|
218 | };
|
---|
219 |
|
---|
220 | static const char *pem_library = "libnsspem.so";
|
---|
221 | static SECMODModule *pem_module = NULL;
|
---|
222 |
|
---|
223 | static const char *trust_library = "libnssckbi.so";
|
---|
224 | static SECMODModule *trust_module = NULL;
|
---|
225 |
|
---|
226 | /* NSPR I/O layer we use to detect blocking direction during SSL handshake */
|
---|
227 | static PRDescIdentity nspr_io_identity = PR_INVALID_IO_LAYER;
|
---|
228 | static PRIOMethods nspr_io_methods;
|
---|
229 |
|
---|
230 | static const char *nss_error_to_name(PRErrorCode code)
|
---|
231 | {
|
---|
232 | const char *name = PR_ErrorToName(code);
|
---|
233 | if(name)
|
---|
234 | return name;
|
---|
235 |
|
---|
236 | return "unknown error";
|
---|
237 | }
|
---|
238 |
|
---|
239 | static void nss_print_error_message(struct Curl_easy *data, PRUint32 err)
|
---|
240 | {
|
---|
241 | failf(data, "%s", PR_ErrorToString(err, PR_LANGUAGE_I_DEFAULT));
|
---|
242 | }
|
---|
243 |
|
---|
244 | static SECStatus set_ciphers(struct Curl_easy *data, PRFileDesc * model,
|
---|
245 | char *cipher_list)
|
---|
246 | {
|
---|
247 | unsigned int i;
|
---|
248 | PRBool cipher_state[NUM_OF_CIPHERS];
|
---|
249 | PRBool found;
|
---|
250 | char *cipher;
|
---|
251 |
|
---|
252 | /* use accessors to avoid dynamic linking issues after an update of NSS */
|
---|
253 | const PRUint16 num_implemented_ciphers = SSL_GetNumImplementedCiphers();
|
---|
254 | const PRUint16 *implemented_ciphers = SSL_GetImplementedCiphers();
|
---|
255 | if(!implemented_ciphers)
|
---|
256 | return SECFailure;
|
---|
257 |
|
---|
258 | /* First disable all ciphers. This uses a different max value in case
|
---|
259 | * NSS adds more ciphers later we don't want them available by
|
---|
260 | * accident
|
---|
261 | */
|
---|
262 | for(i = 0; i < num_implemented_ciphers; i++) {
|
---|
263 | SSL_CipherPrefSet(model, implemented_ciphers[i], PR_FALSE);
|
---|
264 | }
|
---|
265 |
|
---|
266 | /* Set every entry in our list to false */
|
---|
267 | for(i = 0; i < NUM_OF_CIPHERS; i++) {
|
---|
268 | cipher_state[i] = PR_FALSE;
|
---|
269 | }
|
---|
270 |
|
---|
271 | cipher = cipher_list;
|
---|
272 |
|
---|
273 | while(cipher_list && (cipher_list[0])) {
|
---|
274 | while((*cipher) && (ISSPACE(*cipher)))
|
---|
275 | ++cipher;
|
---|
276 |
|
---|
277 | cipher_list = strchr(cipher, ',');
|
---|
278 | if(cipher_list) {
|
---|
279 | *cipher_list++ = '\0';
|
---|
280 | }
|
---|
281 |
|
---|
282 | found = PR_FALSE;
|
---|
283 |
|
---|
284 | for(i = 0; i<NUM_OF_CIPHERS; i++) {
|
---|
285 | if(strcasecompare(cipher, cipherlist[i].name)) {
|
---|
286 | cipher_state[i] = PR_TRUE;
|
---|
287 | found = PR_TRUE;
|
---|
288 | break;
|
---|
289 | }
|
---|
290 | }
|
---|
291 |
|
---|
292 | if(found == PR_FALSE) {
|
---|
293 | failf(data, "Unknown cipher in list: %s", cipher);
|
---|
294 | return SECFailure;
|
---|
295 | }
|
---|
296 |
|
---|
297 | if(cipher_list) {
|
---|
298 | cipher = cipher_list;
|
---|
299 | }
|
---|
300 | }
|
---|
301 |
|
---|
302 | /* Finally actually enable the selected ciphers */
|
---|
303 | for(i = 0; i<NUM_OF_CIPHERS; i++) {
|
---|
304 | if(!cipher_state[i])
|
---|
305 | continue;
|
---|
306 |
|
---|
307 | if(SSL_CipherPrefSet(model, cipherlist[i].num, PR_TRUE) != SECSuccess) {
|
---|
308 | failf(data, "cipher-suite not supported by NSS: %s", cipherlist[i].name);
|
---|
309 | return SECFailure;
|
---|
310 | }
|
---|
311 | }
|
---|
312 |
|
---|
313 | return SECSuccess;
|
---|
314 | }
|
---|
315 |
|
---|
316 | /*
|
---|
317 | * Return true if at least one cipher-suite is enabled. Used to determine
|
---|
318 | * if we need to call NSS_SetDomesticPolicy() to enable the default ciphers.
|
---|
319 | */
|
---|
320 | static bool any_cipher_enabled(void)
|
---|
321 | {
|
---|
322 | unsigned int i;
|
---|
323 |
|
---|
324 | for(i = 0; i<NUM_OF_CIPHERS; i++) {
|
---|
325 | PRInt32 policy = 0;
|
---|
326 | SSL_CipherPolicyGet(cipherlist[i].num, &policy);
|
---|
327 | if(policy)
|
---|
328 | return TRUE;
|
---|
329 | }
|
---|
330 |
|
---|
331 | return FALSE;
|
---|
332 | }
|
---|
333 |
|
---|
334 | /*
|
---|
335 | * Determine whether the nickname passed in is a filename that needs to
|
---|
336 | * be loaded as a PEM or a regular NSS nickname.
|
---|
337 | *
|
---|
338 | * returns 1 for a file
|
---|
339 | * returns 0 for not a file (NSS nickname)
|
---|
340 | */
|
---|
341 | static int is_file(const char *filename)
|
---|
342 | {
|
---|
343 | struct_stat st;
|
---|
344 |
|
---|
345 | if(filename == NULL)
|
---|
346 | return 0;
|
---|
347 |
|
---|
348 | if(stat(filename, &st) == 0)
|
---|
349 | if(S_ISREG(st.st_mode))
|
---|
350 | return 1;
|
---|
351 |
|
---|
352 | return 0;
|
---|
353 | }
|
---|
354 |
|
---|
355 | /* Check if the given string is filename or nickname of a certificate. If the
|
---|
356 | * given string is recognized as filename, return NULL. If the given string is
|
---|
357 | * recognized as nickname, return a duplicated string. The returned string
|
---|
358 | * should be later deallocated using free(). If the OOM failure occurs, we
|
---|
359 | * return NULL, too.
|
---|
360 | */
|
---|
361 | static char *dup_nickname(struct Curl_easy *data, const char *str)
|
---|
362 | {
|
---|
363 | const char *n;
|
---|
364 |
|
---|
365 | if(!is_file(str))
|
---|
366 | /* no such file exists, use the string as nickname */
|
---|
367 | return strdup(str);
|
---|
368 |
|
---|
369 | /* search the first slash; we require at least one slash in a file name */
|
---|
370 | n = strchr(str, '/');
|
---|
371 | if(!n) {
|
---|
372 | infof(data, "warning: certificate file name \"%s\" handled as nickname; "
|
---|
373 | "please use \"./%s\" to force file name\n", str, str);
|
---|
374 | return strdup(str);
|
---|
375 | }
|
---|
376 |
|
---|
377 | /* we'll use the PEM reader to read the certificate from file */
|
---|
378 | return NULL;
|
---|
379 | }
|
---|
380 |
|
---|
381 | /* Lock/unlock wrapper for PK11_FindSlotByName() to work around race condition
|
---|
382 | * in nssSlot_IsTokenPresent() causing spurious SEC_ERROR_NO_TOKEN. For more
|
---|
383 | * details, go to <https://bugzilla.mozilla.org/1297397>.
|
---|
384 | */
|
---|
385 | static PK11SlotInfo* nss_find_slot_by_name(const char *slot_name)
|
---|
386 | {
|
---|
387 | PK11SlotInfo *slot;
|
---|
388 | PR_Lock(nss_findslot_lock);
|
---|
389 | slot = PK11_FindSlotByName(slot_name);
|
---|
390 | PR_Unlock(nss_findslot_lock);
|
---|
391 | return slot;
|
---|
392 | }
|
---|
393 |
|
---|
394 | /* wrap 'ptr' as list node and tail-insert into 'list' */
|
---|
395 | static CURLcode insert_wrapped_ptr(struct curl_llist *list, void *ptr)
|
---|
396 | {
|
---|
397 | struct ptr_list_wrap *wrap = malloc(sizeof *wrap);
|
---|
398 | if(!wrap)
|
---|
399 | return CURLE_OUT_OF_MEMORY;
|
---|
400 |
|
---|
401 | wrap->ptr = ptr;
|
---|
402 | Curl_llist_insert_next(list, list->tail, wrap, &wrap->node);
|
---|
403 | return CURLE_OK;
|
---|
404 | }
|
---|
405 |
|
---|
406 | /* Call PK11_CreateGenericObject() with the given obj_class and filename. If
|
---|
407 | * the call succeeds, append the object handle to the list of objects so that
|
---|
408 | * the object can be destroyed in Curl_nss_close(). */
|
---|
409 | static CURLcode nss_create_object(struct ssl_connect_data *connssl,
|
---|
410 | CK_OBJECT_CLASS obj_class,
|
---|
411 | const char *filename, bool cacert)
|
---|
412 | {
|
---|
413 | PK11SlotInfo *slot;
|
---|
414 | PK11GenericObject *obj;
|
---|
415 | CK_BBOOL cktrue = CK_TRUE;
|
---|
416 | CK_BBOOL ckfalse = CK_FALSE;
|
---|
417 | CK_ATTRIBUTE attrs[/* max count of attributes */ 4];
|
---|
418 | int attr_cnt = 0;
|
---|
419 | CURLcode result = (cacert)
|
---|
420 | ? CURLE_SSL_CACERT_BADFILE
|
---|
421 | : CURLE_SSL_CERTPROBLEM;
|
---|
422 |
|
---|
423 | const int slot_id = (cacert) ? 0 : 1;
|
---|
424 | char *slot_name = aprintf("PEM Token #%d", slot_id);
|
---|
425 | if(!slot_name)
|
---|
426 | return CURLE_OUT_OF_MEMORY;
|
---|
427 |
|
---|
428 | slot = nss_find_slot_by_name(slot_name);
|
---|
429 | free(slot_name);
|
---|
430 | if(!slot)
|
---|
431 | return result;
|
---|
432 |
|
---|
433 | PK11_SETATTRS(attrs, attr_cnt, CKA_CLASS, &obj_class, sizeof(obj_class));
|
---|
434 | PK11_SETATTRS(attrs, attr_cnt, CKA_TOKEN, &cktrue, sizeof(CK_BBOOL));
|
---|
435 | PK11_SETATTRS(attrs, attr_cnt, CKA_LABEL, (unsigned char *)filename,
|
---|
436 | (CK_ULONG)strlen(filename) + 1);
|
---|
437 |
|
---|
438 | if(CKO_CERTIFICATE == obj_class) {
|
---|
439 | CK_BBOOL *pval = (cacert) ? (&cktrue) : (&ckfalse);
|
---|
440 | PK11_SETATTRS(attrs, attr_cnt, CKA_TRUST, pval, sizeof(*pval));
|
---|
441 | }
|
---|
442 |
|
---|
443 | obj = PK11_CreateGenericObject(slot, attrs, attr_cnt, PR_FALSE);
|
---|
444 | PK11_FreeSlot(slot);
|
---|
445 | if(!obj)
|
---|
446 | return result;
|
---|
447 |
|
---|
448 | if(insert_wrapped_ptr(&BACKEND->obj_list, obj) != CURLE_OK) {
|
---|
449 | PK11_DestroyGenericObject(obj);
|
---|
450 | return CURLE_OUT_OF_MEMORY;
|
---|
451 | }
|
---|
452 |
|
---|
453 | if(!cacert && CKO_CERTIFICATE == obj_class)
|
---|
454 | /* store reference to a client certificate */
|
---|
455 | BACKEND->obj_clicert = obj;
|
---|
456 |
|
---|
457 | return CURLE_OK;
|
---|
458 | }
|
---|
459 |
|
---|
460 | /* Destroy the NSS object whose handle is given by ptr. This function is
|
---|
461 | * a callback of Curl_llist_alloc() used by Curl_llist_destroy() to destroy
|
---|
462 | * NSS objects in Curl_nss_close() */
|
---|
463 | static void nss_destroy_object(void *user, void *ptr)
|
---|
464 | {
|
---|
465 | struct ptr_list_wrap *wrap = (struct ptr_list_wrap *) ptr;
|
---|
466 | PK11GenericObject *obj = (PK11GenericObject *) wrap->ptr;
|
---|
467 | (void) user;
|
---|
468 | PK11_DestroyGenericObject(obj);
|
---|
469 | free(wrap);
|
---|
470 | }
|
---|
471 |
|
---|
472 | /* same as nss_destroy_object() but for CRL items */
|
---|
473 | static void nss_destroy_crl_item(void *user, void *ptr)
|
---|
474 | {
|
---|
475 | struct ptr_list_wrap *wrap = (struct ptr_list_wrap *) ptr;
|
---|
476 | SECItem *crl_der = (SECItem *) wrap->ptr;
|
---|
477 | (void) user;
|
---|
478 | SECITEM_FreeItem(crl_der, PR_TRUE);
|
---|
479 | free(wrap);
|
---|
480 | }
|
---|
481 |
|
---|
482 | static CURLcode nss_load_cert(struct ssl_connect_data *ssl,
|
---|
483 | const char *filename, PRBool cacert)
|
---|
484 | {
|
---|
485 | CURLcode result = (cacert)
|
---|
486 | ? CURLE_SSL_CACERT_BADFILE
|
---|
487 | : CURLE_SSL_CERTPROBLEM;
|
---|
488 |
|
---|
489 | /* libnsspem.so leaks memory if the requested file does not exist. For more
|
---|
490 | * details, go to <https://bugzilla.redhat.com/734760>. */
|
---|
491 | if(is_file(filename))
|
---|
492 | result = nss_create_object(ssl, CKO_CERTIFICATE, filename, cacert);
|
---|
493 |
|
---|
494 | if(!result && !cacert) {
|
---|
495 | /* we have successfully loaded a client certificate */
|
---|
496 | CERTCertificate *cert;
|
---|
497 | char *nickname = NULL;
|
---|
498 | char *n = strrchr(filename, '/');
|
---|
499 | if(n)
|
---|
500 | n++;
|
---|
501 |
|
---|
502 | /* The following undocumented magic helps to avoid a SIGSEGV on call
|
---|
503 | * of PK11_ReadRawAttribute() from SelectClientCert() when using an
|
---|
504 | * immature version of libnsspem.so. For more details, go to
|
---|
505 | * <https://bugzilla.redhat.com/733685>. */
|
---|
506 | nickname = aprintf("PEM Token #1:%s", n);
|
---|
507 | if(nickname) {
|
---|
508 | cert = PK11_FindCertFromNickname(nickname, NULL);
|
---|
509 | if(cert)
|
---|
510 | CERT_DestroyCertificate(cert);
|
---|
511 |
|
---|
512 | free(nickname);
|
---|
513 | }
|
---|
514 | }
|
---|
515 |
|
---|
516 | return result;
|
---|
517 | }
|
---|
518 |
|
---|
519 | /* add given CRL to cache if it is not already there */
|
---|
520 | static CURLcode nss_cache_crl(SECItem *crl_der)
|
---|
521 | {
|
---|
522 | CERTCertDBHandle *db = CERT_GetDefaultCertDB();
|
---|
523 | CERTSignedCrl *crl = SEC_FindCrlByDERCert(db, crl_der, 0);
|
---|
524 | if(crl) {
|
---|
525 | /* CRL already cached */
|
---|
526 | SEC_DestroyCrl(crl);
|
---|
527 | SECITEM_FreeItem(crl_der, PR_TRUE);
|
---|
528 | return CURLE_OK;
|
---|
529 | }
|
---|
530 |
|
---|
531 | /* acquire lock before call of CERT_CacheCRL() and accessing nss_crl_list */
|
---|
532 | PR_Lock(nss_crllock);
|
---|
533 |
|
---|
534 | /* store the CRL item so that we can free it in Curl_nss_cleanup() */
|
---|
535 | if(insert_wrapped_ptr(&nss_crl_list, crl_der) != CURLE_OK) {
|
---|
536 | SECITEM_FreeItem(crl_der, PR_TRUE);
|
---|
537 | PR_Unlock(nss_crllock);
|
---|
538 | return CURLE_OUT_OF_MEMORY;
|
---|
539 | }
|
---|
540 |
|
---|
541 | if(SECSuccess != CERT_CacheCRL(db, crl_der)) {
|
---|
542 | /* unable to cache CRL */
|
---|
543 | PR_Unlock(nss_crllock);
|
---|
544 | return CURLE_SSL_CRL_BADFILE;
|
---|
545 | }
|
---|
546 |
|
---|
547 | /* we need to clear session cache, so that the CRL could take effect */
|
---|
548 | SSL_ClearSessionCache();
|
---|
549 | PR_Unlock(nss_crllock);
|
---|
550 | return CURLE_OK;
|
---|
551 | }
|
---|
552 |
|
---|
553 | static CURLcode nss_load_crl(const char *crlfilename)
|
---|
554 | {
|
---|
555 | PRFileDesc *infile;
|
---|
556 | PRFileInfo info;
|
---|
557 | SECItem filedata = { 0, NULL, 0 };
|
---|
558 | SECItem *crl_der = NULL;
|
---|
559 | char *body;
|
---|
560 |
|
---|
561 | infile = PR_Open(crlfilename, PR_RDONLY, 0);
|
---|
562 | if(!infile)
|
---|
563 | return CURLE_SSL_CRL_BADFILE;
|
---|
564 |
|
---|
565 | if(PR_SUCCESS != PR_GetOpenFileInfo(infile, &info))
|
---|
566 | goto fail;
|
---|
567 |
|
---|
568 | if(!SECITEM_AllocItem(NULL, &filedata, info.size + /* zero ended */ 1))
|
---|
569 | goto fail;
|
---|
570 |
|
---|
571 | if(info.size != PR_Read(infile, filedata.data, info.size))
|
---|
572 | goto fail;
|
---|
573 |
|
---|
574 | crl_der = SECITEM_AllocItem(NULL, NULL, 0U);
|
---|
575 | if(!crl_der)
|
---|
576 | goto fail;
|
---|
577 |
|
---|
578 | /* place a trailing zero right after the visible data */
|
---|
579 | body = (char *)filedata.data;
|
---|
580 | body[--filedata.len] = '\0';
|
---|
581 |
|
---|
582 | body = strstr(body, "-----BEGIN");
|
---|
583 | if(body) {
|
---|
584 | /* assume ASCII */
|
---|
585 | char *trailer;
|
---|
586 | char *begin = PORT_Strchr(body, '\n');
|
---|
587 | if(!begin)
|
---|
588 | begin = PORT_Strchr(body, '\r');
|
---|
589 | if(!begin)
|
---|
590 | goto fail;
|
---|
591 |
|
---|
592 | trailer = strstr(++begin, "-----END");
|
---|
593 | if(!trailer)
|
---|
594 | goto fail;
|
---|
595 |
|
---|
596 | /* retrieve DER from ASCII */
|
---|
597 | *trailer = '\0';
|
---|
598 | if(ATOB_ConvertAsciiToItem(crl_der, begin))
|
---|
599 | goto fail;
|
---|
600 |
|
---|
601 | SECITEM_FreeItem(&filedata, PR_FALSE);
|
---|
602 | }
|
---|
603 | else
|
---|
604 | /* assume DER */
|
---|
605 | *crl_der = filedata;
|
---|
606 |
|
---|
607 | PR_Close(infile);
|
---|
608 | return nss_cache_crl(crl_der);
|
---|
609 |
|
---|
610 | fail:
|
---|
611 | PR_Close(infile);
|
---|
612 | SECITEM_FreeItem(crl_der, PR_TRUE);
|
---|
613 | SECITEM_FreeItem(&filedata, PR_FALSE);
|
---|
614 | return CURLE_SSL_CRL_BADFILE;
|
---|
615 | }
|
---|
616 |
|
---|
617 | static CURLcode nss_load_key(struct connectdata *conn, int sockindex,
|
---|
618 | char *key_file)
|
---|
619 | {
|
---|
620 | PK11SlotInfo *slot, *tmp;
|
---|
621 | SECStatus status;
|
---|
622 | CURLcode result;
|
---|
623 | struct ssl_connect_data *ssl = conn->ssl;
|
---|
624 | struct Curl_easy *data = conn->data;
|
---|
625 |
|
---|
626 | (void)sockindex; /* unused */
|
---|
627 |
|
---|
628 | result = nss_create_object(ssl, CKO_PRIVATE_KEY, key_file, FALSE);
|
---|
629 | if(result) {
|
---|
630 | PR_SetError(SEC_ERROR_BAD_KEY, 0);
|
---|
631 | return result;
|
---|
632 | }
|
---|
633 |
|
---|
634 | slot = nss_find_slot_by_name("PEM Token #1");
|
---|
635 | if(!slot)
|
---|
636 | return CURLE_SSL_CERTPROBLEM;
|
---|
637 |
|
---|
638 | /* This will force the token to be seen as re-inserted */
|
---|
639 | tmp = SECMOD_WaitForAnyTokenEvent(pem_module, 0, 0);
|
---|
640 | if(tmp)
|
---|
641 | PK11_FreeSlot(tmp);
|
---|
642 | PK11_IsPresent(slot);
|
---|
643 |
|
---|
644 | status = PK11_Authenticate(slot, PR_TRUE, SSL_SET_OPTION(key_passwd));
|
---|
645 | PK11_FreeSlot(slot);
|
---|
646 |
|
---|
647 | return (SECSuccess == status) ? CURLE_OK : CURLE_SSL_CERTPROBLEM;
|
---|
648 | }
|
---|
649 |
|
---|
650 | static int display_error(struct connectdata *conn, PRInt32 err,
|
---|
651 | const char *filename)
|
---|
652 | {
|
---|
653 | switch(err) {
|
---|
654 | case SEC_ERROR_BAD_PASSWORD:
|
---|
655 | failf(conn->data, "Unable to load client key: Incorrect password");
|
---|
656 | return 1;
|
---|
657 | case SEC_ERROR_UNKNOWN_CERT:
|
---|
658 | failf(conn->data, "Unable to load certificate %s", filename);
|
---|
659 | return 1;
|
---|
660 | default:
|
---|
661 | break;
|
---|
662 | }
|
---|
663 | return 0; /* The caller will print a generic error */
|
---|
664 | }
|
---|
665 |
|
---|
666 | static CURLcode cert_stuff(struct connectdata *conn, int sockindex,
|
---|
667 | char *cert_file, char *key_file)
|
---|
668 | {
|
---|
669 | struct Curl_easy *data = conn->data;
|
---|
670 | CURLcode result;
|
---|
671 |
|
---|
672 | if(cert_file) {
|
---|
673 | result = nss_load_cert(&conn->ssl[sockindex], cert_file, PR_FALSE);
|
---|
674 | if(result) {
|
---|
675 | const PRErrorCode err = PR_GetError();
|
---|
676 | if(!display_error(conn, err, cert_file)) {
|
---|
677 | const char *err_name = nss_error_to_name(err);
|
---|
678 | failf(data, "unable to load client cert: %d (%s)", err, err_name);
|
---|
679 | }
|
---|
680 |
|
---|
681 | return result;
|
---|
682 | }
|
---|
683 | }
|
---|
684 |
|
---|
685 | if(key_file || (is_file(cert_file))) {
|
---|
686 | if(key_file)
|
---|
687 | result = nss_load_key(conn, sockindex, key_file);
|
---|
688 | else
|
---|
689 | /* In case the cert file also has the key */
|
---|
690 | result = nss_load_key(conn, sockindex, cert_file);
|
---|
691 | if(result) {
|
---|
692 | const PRErrorCode err = PR_GetError();
|
---|
693 | if(!display_error(conn, err, key_file)) {
|
---|
694 | const char *err_name = nss_error_to_name(err);
|
---|
695 | failf(data, "unable to load client key: %d (%s)", err, err_name);
|
---|
696 | }
|
---|
697 |
|
---|
698 | return result;
|
---|
699 | }
|
---|
700 | }
|
---|
701 |
|
---|
702 | return CURLE_OK;
|
---|
703 | }
|
---|
704 |
|
---|
705 | static char *nss_get_password(PK11SlotInfo *slot, PRBool retry, void *arg)
|
---|
706 | {
|
---|
707 | (void)slot; /* unused */
|
---|
708 |
|
---|
709 | if(retry || NULL == arg)
|
---|
710 | return NULL;
|
---|
711 | else
|
---|
712 | return (char *)PORT_Strdup((char *)arg);
|
---|
713 | }
|
---|
714 |
|
---|
715 | /* bypass the default SSL_AuthCertificate() hook in case we do not want to
|
---|
716 | * verify peer */
|
---|
717 | static SECStatus nss_auth_cert_hook(void *arg, PRFileDesc *fd, PRBool checksig,
|
---|
718 | PRBool isServer)
|
---|
719 | {
|
---|
720 | struct connectdata *conn = (struct connectdata *)arg;
|
---|
721 |
|
---|
722 | #ifdef SSL_ENABLE_OCSP_STAPLING
|
---|
723 | if(SSL_CONN_CONFIG(verifystatus)) {
|
---|
724 | SECStatus cacheResult;
|
---|
725 |
|
---|
726 | const SECItemArray *csa = SSL_PeerStapledOCSPResponses(fd);
|
---|
727 | if(!csa) {
|
---|
728 | failf(conn->data, "Invalid OCSP response");
|
---|
729 | return SECFailure;
|
---|
730 | }
|
---|
731 |
|
---|
732 | if(csa->len == 0) {
|
---|
733 | failf(conn->data, "No OCSP response received");
|
---|
734 | return SECFailure;
|
---|
735 | }
|
---|
736 |
|
---|
737 | cacheResult = CERT_CacheOCSPResponseFromSideChannel(
|
---|
738 | CERT_GetDefaultCertDB(), SSL_PeerCertificate(fd),
|
---|
739 | PR_Now(), &csa->items[0], arg
|
---|
740 | );
|
---|
741 |
|
---|
742 | if(cacheResult != SECSuccess) {
|
---|
743 | failf(conn->data, "Invalid OCSP response");
|
---|
744 | return cacheResult;
|
---|
745 | }
|
---|
746 | }
|
---|
747 | #endif
|
---|
748 |
|
---|
749 | if(!SSL_CONN_CONFIG(verifypeer)) {
|
---|
750 | infof(conn->data, "skipping SSL peer certificate verification\n");
|
---|
751 | return SECSuccess;
|
---|
752 | }
|
---|
753 |
|
---|
754 | return SSL_AuthCertificate(CERT_GetDefaultCertDB(), fd, checksig, isServer);
|
---|
755 | }
|
---|
756 |
|
---|
757 | /**
|
---|
758 | * Inform the application that the handshake is complete.
|
---|
759 | */
|
---|
760 | static void HandshakeCallback(PRFileDesc *sock, void *arg)
|
---|
761 | {
|
---|
762 | struct connectdata *conn = (struct connectdata*) arg;
|
---|
763 | unsigned int buflenmax = 50;
|
---|
764 | unsigned char buf[50];
|
---|
765 | unsigned int buflen;
|
---|
766 | SSLNextProtoState state;
|
---|
767 |
|
---|
768 | if(!conn->bits.tls_enable_npn && !conn->bits.tls_enable_alpn) {
|
---|
769 | return;
|
---|
770 | }
|
---|
771 |
|
---|
772 | if(SSL_GetNextProto(sock, &state, buf, &buflen, buflenmax) == SECSuccess) {
|
---|
773 |
|
---|
774 | switch(state) {
|
---|
775 | #if NSSVERNUM >= 0x031a00 /* 3.26.0 */
|
---|
776 | /* used by NSS internally to implement 0-RTT */
|
---|
777 | case SSL_NEXT_PROTO_EARLY_VALUE:
|
---|
778 | /* fall through! */
|
---|
779 | #endif
|
---|
780 | case SSL_NEXT_PROTO_NO_SUPPORT:
|
---|
781 | case SSL_NEXT_PROTO_NO_OVERLAP:
|
---|
782 | infof(conn->data, "ALPN/NPN, server did not agree to a protocol\n");
|
---|
783 | return;
|
---|
784 | #ifdef SSL_ENABLE_ALPN
|
---|
785 | case SSL_NEXT_PROTO_SELECTED:
|
---|
786 | infof(conn->data, "ALPN, server accepted to use %.*s\n", buflen, buf);
|
---|
787 | break;
|
---|
788 | #endif
|
---|
789 | case SSL_NEXT_PROTO_NEGOTIATED:
|
---|
790 | infof(conn->data, "NPN, server accepted to use %.*s\n", buflen, buf);
|
---|
791 | break;
|
---|
792 | }
|
---|
793 |
|
---|
794 | #ifdef USE_NGHTTP2
|
---|
795 | if(buflen == NGHTTP2_PROTO_VERSION_ID_LEN &&
|
---|
796 | !memcmp(NGHTTP2_PROTO_VERSION_ID, buf, NGHTTP2_PROTO_VERSION_ID_LEN)) {
|
---|
797 | conn->negnpn = CURL_HTTP_VERSION_2;
|
---|
798 | }
|
---|
799 | else
|
---|
800 | #endif
|
---|
801 | if(buflen == ALPN_HTTP_1_1_LENGTH &&
|
---|
802 | !memcmp(ALPN_HTTP_1_1, buf, ALPN_HTTP_1_1_LENGTH)) {
|
---|
803 | conn->negnpn = CURL_HTTP_VERSION_1_1;
|
---|
804 | }
|
---|
805 | }
|
---|
806 | }
|
---|
807 |
|
---|
808 | #if NSSVERNUM >= 0x030f04 /* 3.15.4 */
|
---|
809 | static SECStatus CanFalseStartCallback(PRFileDesc *sock, void *client_data,
|
---|
810 | PRBool *canFalseStart)
|
---|
811 | {
|
---|
812 | struct connectdata *conn = client_data;
|
---|
813 | struct Curl_easy *data = conn->data;
|
---|
814 |
|
---|
815 | SSLChannelInfo channelInfo;
|
---|
816 | SSLCipherSuiteInfo cipherInfo;
|
---|
817 |
|
---|
818 | SECStatus rv;
|
---|
819 | PRBool negotiatedExtension;
|
---|
820 |
|
---|
821 | *canFalseStart = PR_FALSE;
|
---|
822 |
|
---|
823 | if(SSL_GetChannelInfo(sock, &channelInfo, sizeof(channelInfo)) != SECSuccess)
|
---|
824 | return SECFailure;
|
---|
825 |
|
---|
826 | if(SSL_GetCipherSuiteInfo(channelInfo.cipherSuite, &cipherInfo,
|
---|
827 | sizeof(cipherInfo)) != SECSuccess)
|
---|
828 | return SECFailure;
|
---|
829 |
|
---|
830 | /* Prevent version downgrade attacks from TLS 1.2, and avoid False Start for
|
---|
831 | * TLS 1.3 and later. See https://bugzilla.mozilla.org/show_bug.cgi?id=861310
|
---|
832 | */
|
---|
833 | if(channelInfo.protocolVersion != SSL_LIBRARY_VERSION_TLS_1_2)
|
---|
834 | goto end;
|
---|
835 |
|
---|
836 | /* Only allow ECDHE key exchange algorithm.
|
---|
837 | * See https://bugzilla.mozilla.org/show_bug.cgi?id=952863 */
|
---|
838 | if(cipherInfo.keaType != ssl_kea_ecdh)
|
---|
839 | goto end;
|
---|
840 |
|
---|
841 | /* Prevent downgrade attacks on the symmetric cipher. We do not allow CBC
|
---|
842 | * mode due to BEAST, POODLE, and other attacks on the MAC-then-Encrypt
|
---|
843 | * design. See https://bugzilla.mozilla.org/show_bug.cgi?id=1109766 */
|
---|
844 | if(cipherInfo.symCipher != ssl_calg_aes_gcm)
|
---|
845 | goto end;
|
---|
846 |
|
---|
847 | /* Enforce ALPN or NPN to do False Start, as an indicator of server
|
---|
848 | * compatibility. */
|
---|
849 | rv = SSL_HandshakeNegotiatedExtension(sock, ssl_app_layer_protocol_xtn,
|
---|
850 | &negotiatedExtension);
|
---|
851 | if(rv != SECSuccess || !negotiatedExtension) {
|
---|
852 | rv = SSL_HandshakeNegotiatedExtension(sock, ssl_next_proto_nego_xtn,
|
---|
853 | &negotiatedExtension);
|
---|
854 | }
|
---|
855 |
|
---|
856 | if(rv != SECSuccess || !negotiatedExtension)
|
---|
857 | goto end;
|
---|
858 |
|
---|
859 | *canFalseStart = PR_TRUE;
|
---|
860 |
|
---|
861 | infof(data, "Trying TLS False Start\n");
|
---|
862 |
|
---|
863 | end:
|
---|
864 | return SECSuccess;
|
---|
865 | }
|
---|
866 | #endif
|
---|
867 |
|
---|
868 | static void display_cert_info(struct Curl_easy *data,
|
---|
869 | CERTCertificate *cert)
|
---|
870 | {
|
---|
871 | char *subject, *issuer, *common_name;
|
---|
872 | PRExplodedTime printableTime;
|
---|
873 | char timeString[256];
|
---|
874 | PRTime notBefore, notAfter;
|
---|
875 |
|
---|
876 | subject = CERT_NameToAscii(&cert->subject);
|
---|
877 | issuer = CERT_NameToAscii(&cert->issuer);
|
---|
878 | common_name = CERT_GetCommonName(&cert->subject);
|
---|
879 | infof(data, "\tsubject: %s\n", subject);
|
---|
880 |
|
---|
881 | CERT_GetCertTimes(cert, ¬Before, ¬After);
|
---|
882 | PR_ExplodeTime(notBefore, PR_GMTParameters, &printableTime);
|
---|
883 | PR_FormatTime(timeString, 256, "%b %d %H:%M:%S %Y GMT", &printableTime);
|
---|
884 | infof(data, "\tstart date: %s\n", timeString);
|
---|
885 | PR_ExplodeTime(notAfter, PR_GMTParameters, &printableTime);
|
---|
886 | PR_FormatTime(timeString, 256, "%b %d %H:%M:%S %Y GMT", &printableTime);
|
---|
887 | infof(data, "\texpire date: %s\n", timeString);
|
---|
888 | infof(data, "\tcommon name: %s\n", common_name);
|
---|
889 | infof(data, "\tissuer: %s\n", issuer);
|
---|
890 |
|
---|
891 | PR_Free(subject);
|
---|
892 | PR_Free(issuer);
|
---|
893 | PR_Free(common_name);
|
---|
894 | }
|
---|
895 |
|
---|
896 | static CURLcode display_conn_info(struct connectdata *conn, PRFileDesc *sock)
|
---|
897 | {
|
---|
898 | CURLcode result = CURLE_OK;
|
---|
899 | SSLChannelInfo channel;
|
---|
900 | SSLCipherSuiteInfo suite;
|
---|
901 | CERTCertificate *cert;
|
---|
902 | CERTCertificate *cert2;
|
---|
903 | CERTCertificate *cert3;
|
---|
904 | PRTime now;
|
---|
905 | int i;
|
---|
906 |
|
---|
907 | if(SSL_GetChannelInfo(sock, &channel, sizeof channel) ==
|
---|
908 | SECSuccess && channel.length == sizeof channel &&
|
---|
909 | channel.cipherSuite) {
|
---|
910 | if(SSL_GetCipherSuiteInfo(channel.cipherSuite,
|
---|
911 | &suite, sizeof suite) == SECSuccess) {
|
---|
912 | infof(conn->data, "SSL connection using %s\n", suite.cipherSuiteName);
|
---|
913 | }
|
---|
914 | }
|
---|
915 |
|
---|
916 | cert = SSL_PeerCertificate(sock);
|
---|
917 | if(cert) {
|
---|
918 | infof(conn->data, "Server certificate:\n");
|
---|
919 |
|
---|
920 | if(!conn->data->set.ssl.certinfo) {
|
---|
921 | display_cert_info(conn->data, cert);
|
---|
922 | CERT_DestroyCertificate(cert);
|
---|
923 | }
|
---|
924 | else {
|
---|
925 | /* Count certificates in chain. */
|
---|
926 | now = PR_Now();
|
---|
927 | i = 1;
|
---|
928 | if(!cert->isRoot) {
|
---|
929 | cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA);
|
---|
930 | while(cert2) {
|
---|
931 | i++;
|
---|
932 | if(cert2->isRoot) {
|
---|
933 | CERT_DestroyCertificate(cert2);
|
---|
934 | break;
|
---|
935 | }
|
---|
936 | cert3 = CERT_FindCertIssuer(cert2, now, certUsageSSLCA);
|
---|
937 | CERT_DestroyCertificate(cert2);
|
---|
938 | cert2 = cert3;
|
---|
939 | }
|
---|
940 | }
|
---|
941 |
|
---|
942 | result = Curl_ssl_init_certinfo(conn->data, i);
|
---|
943 | if(!result) {
|
---|
944 | for(i = 0; cert; cert = cert2) {
|
---|
945 | result = Curl_extract_certinfo(conn, i++, (char *)cert->derCert.data,
|
---|
946 | (char *)cert->derCert.data +
|
---|
947 | cert->derCert.len);
|
---|
948 | if(result)
|
---|
949 | break;
|
---|
950 |
|
---|
951 | if(cert->isRoot) {
|
---|
952 | CERT_DestroyCertificate(cert);
|
---|
953 | break;
|
---|
954 | }
|
---|
955 |
|
---|
956 | cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA);
|
---|
957 | CERT_DestroyCertificate(cert);
|
---|
958 | }
|
---|
959 | }
|
---|
960 | }
|
---|
961 | }
|
---|
962 |
|
---|
963 | return result;
|
---|
964 | }
|
---|
965 |
|
---|
966 | static SECStatus BadCertHandler(void *arg, PRFileDesc *sock)
|
---|
967 | {
|
---|
968 | struct connectdata *conn = (struct connectdata *)arg;
|
---|
969 | struct Curl_easy *data = conn->data;
|
---|
970 | PRErrorCode err = PR_GetError();
|
---|
971 | CERTCertificate *cert;
|
---|
972 |
|
---|
973 | /* remember the cert verification result */
|
---|
974 | if(SSL_IS_PROXY())
|
---|
975 | data->set.proxy_ssl.certverifyresult = err;
|
---|
976 | else
|
---|
977 | data->set.ssl.certverifyresult = err;
|
---|
978 |
|
---|
979 | if(err == SSL_ERROR_BAD_CERT_DOMAIN && !SSL_CONN_CONFIG(verifyhost))
|
---|
980 | /* we are asked not to verify the host name */
|
---|
981 | return SECSuccess;
|
---|
982 |
|
---|
983 | /* print only info about the cert, the error is printed off the callback */
|
---|
984 | cert = SSL_PeerCertificate(sock);
|
---|
985 | if(cert) {
|
---|
986 | infof(data, "Server certificate:\n");
|
---|
987 | display_cert_info(data, cert);
|
---|
988 | CERT_DestroyCertificate(cert);
|
---|
989 | }
|
---|
990 |
|
---|
991 | return SECFailure;
|
---|
992 | }
|
---|
993 |
|
---|
994 | /**
|
---|
995 | *
|
---|
996 | * Check that the Peer certificate's issuer certificate matches the one found
|
---|
997 | * by issuer_nickname. This is not exactly the way OpenSSL and GNU TLS do the
|
---|
998 | * issuer check, so we provide comments that mimic the OpenSSL
|
---|
999 | * X509_check_issued function (in x509v3/v3_purp.c)
|
---|
1000 | */
|
---|
1001 | static SECStatus check_issuer_cert(PRFileDesc *sock,
|
---|
1002 | char *issuer_nickname)
|
---|
1003 | {
|
---|
1004 | CERTCertificate *cert, *cert_issuer, *issuer;
|
---|
1005 | SECStatus res = SECSuccess;
|
---|
1006 | void *proto_win = NULL;
|
---|
1007 |
|
---|
1008 | cert = SSL_PeerCertificate(sock);
|
---|
1009 | cert_issuer = CERT_FindCertIssuer(cert, PR_Now(), certUsageObjectSigner);
|
---|
1010 |
|
---|
1011 | proto_win = SSL_RevealPinArg(sock);
|
---|
1012 | issuer = PK11_FindCertFromNickname(issuer_nickname, proto_win);
|
---|
1013 |
|
---|
1014 | if((!cert_issuer) || (!issuer))
|
---|
1015 | res = SECFailure;
|
---|
1016 | else if(SECITEM_CompareItem(&cert_issuer->derCert,
|
---|
1017 | &issuer->derCert) != SECEqual)
|
---|
1018 | res = SECFailure;
|
---|
1019 |
|
---|
1020 | CERT_DestroyCertificate(cert);
|
---|
1021 | CERT_DestroyCertificate(issuer);
|
---|
1022 | CERT_DestroyCertificate(cert_issuer);
|
---|
1023 | return res;
|
---|
1024 | }
|
---|
1025 |
|
---|
1026 | static CURLcode cmp_peer_pubkey(struct ssl_connect_data *connssl,
|
---|
1027 | const char *pinnedpubkey)
|
---|
1028 | {
|
---|
1029 | CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
|
---|
1030 | struct Curl_easy *data = BACKEND->data;
|
---|
1031 | CERTCertificate *cert;
|
---|
1032 |
|
---|
1033 | if(!pinnedpubkey)
|
---|
1034 | /* no pinned public key specified */
|
---|
1035 | return CURLE_OK;
|
---|
1036 |
|
---|
1037 | /* get peer certificate */
|
---|
1038 | cert = SSL_PeerCertificate(BACKEND->handle);
|
---|
1039 | if(cert) {
|
---|
1040 | /* extract public key from peer certificate */
|
---|
1041 | SECKEYPublicKey *pubkey = CERT_ExtractPublicKey(cert);
|
---|
1042 | if(pubkey) {
|
---|
1043 | /* encode the public key as DER */
|
---|
1044 | SECItem *cert_der = PK11_DEREncodePublicKey(pubkey);
|
---|
1045 | if(cert_der) {
|
---|
1046 | /* compare the public key with the pinned public key */
|
---|
1047 | result = Curl_pin_peer_pubkey(data, pinnedpubkey, cert_der->data,
|
---|
1048 | cert_der->len);
|
---|
1049 | SECITEM_FreeItem(cert_der, PR_TRUE);
|
---|
1050 | }
|
---|
1051 | SECKEY_DestroyPublicKey(pubkey);
|
---|
1052 | }
|
---|
1053 | CERT_DestroyCertificate(cert);
|
---|
1054 | }
|
---|
1055 |
|
---|
1056 | /* report the resulting status */
|
---|
1057 | switch(result) {
|
---|
1058 | case CURLE_OK:
|
---|
1059 | infof(data, "pinned public key verified successfully!\n");
|
---|
1060 | break;
|
---|
1061 | case CURLE_SSL_PINNEDPUBKEYNOTMATCH:
|
---|
1062 | failf(data, "failed to verify pinned public key");
|
---|
1063 | break;
|
---|
1064 | default:
|
---|
1065 | /* OOM, etc. */
|
---|
1066 | break;
|
---|
1067 | }
|
---|
1068 |
|
---|
1069 | return result;
|
---|
1070 | }
|
---|
1071 |
|
---|
1072 | /**
|
---|
1073 | *
|
---|
1074 | * Callback to pick the SSL client certificate.
|
---|
1075 | */
|
---|
1076 | static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
|
---|
1077 | struct CERTDistNamesStr *caNames,
|
---|
1078 | struct CERTCertificateStr **pRetCert,
|
---|
1079 | struct SECKEYPrivateKeyStr **pRetKey)
|
---|
1080 | {
|
---|
1081 | struct ssl_connect_data *connssl = (struct ssl_connect_data *)arg;
|
---|
1082 | struct Curl_easy *data = BACKEND->data;
|
---|
1083 | const char *nickname = BACKEND->client_nickname;
|
---|
1084 | static const char pem_slotname[] = "PEM Token #1";
|
---|
1085 |
|
---|
1086 | if(BACKEND->obj_clicert) {
|
---|
1087 | /* use the cert/key provided by PEM reader */
|
---|
1088 | SECItem cert_der = { 0, NULL, 0 };
|
---|
1089 | void *proto_win = SSL_RevealPinArg(sock);
|
---|
1090 | struct CERTCertificateStr *cert;
|
---|
1091 | struct SECKEYPrivateKeyStr *key;
|
---|
1092 |
|
---|
1093 | PK11SlotInfo *slot = nss_find_slot_by_name(pem_slotname);
|
---|
1094 | if(NULL == slot) {
|
---|
1095 | failf(data, "NSS: PK11 slot not found: %s", pem_slotname);
|
---|
1096 | return SECFailure;
|
---|
1097 | }
|
---|
1098 |
|
---|
1099 | if(PK11_ReadRawAttribute(PK11_TypeGeneric, BACKEND->obj_clicert, CKA_VALUE,
|
---|
1100 | &cert_der) != SECSuccess) {
|
---|
1101 | failf(data, "NSS: CKA_VALUE not found in PK11 generic object");
|
---|
1102 | PK11_FreeSlot(slot);
|
---|
1103 | return SECFailure;
|
---|
1104 | }
|
---|
1105 |
|
---|
1106 | cert = PK11_FindCertFromDERCertItem(slot, &cert_der, proto_win);
|
---|
1107 | SECITEM_FreeItem(&cert_der, PR_FALSE);
|
---|
1108 | if(NULL == cert) {
|
---|
1109 | failf(data, "NSS: client certificate from file not found");
|
---|
1110 | PK11_FreeSlot(slot);
|
---|
1111 | return SECFailure;
|
---|
1112 | }
|
---|
1113 |
|
---|
1114 | key = PK11_FindPrivateKeyFromCert(slot, cert, NULL);
|
---|
1115 | PK11_FreeSlot(slot);
|
---|
1116 | if(NULL == key) {
|
---|
1117 | failf(data, "NSS: private key from file not found");
|
---|
1118 | CERT_DestroyCertificate(cert);
|
---|
1119 | return SECFailure;
|
---|
1120 | }
|
---|
1121 |
|
---|
1122 | infof(data, "NSS: client certificate from file\n");
|
---|
1123 | display_cert_info(data, cert);
|
---|
1124 |
|
---|
1125 | *pRetCert = cert;
|
---|
1126 | *pRetKey = key;
|
---|
1127 | return SECSuccess;
|
---|
1128 | }
|
---|
1129 |
|
---|
1130 | /* use the default NSS hook */
|
---|
1131 | if(SECSuccess != NSS_GetClientAuthData((void *)nickname, sock, caNames,
|
---|
1132 | pRetCert, pRetKey)
|
---|
1133 | || NULL == *pRetCert) {
|
---|
1134 |
|
---|
1135 | if(NULL == nickname)
|
---|
1136 | failf(data, "NSS: client certificate not found (nickname not "
|
---|
1137 | "specified)");
|
---|
1138 | else
|
---|
1139 | failf(data, "NSS: client certificate not found: %s", nickname);
|
---|
1140 |
|
---|
1141 | return SECFailure;
|
---|
1142 | }
|
---|
1143 |
|
---|
1144 | /* get certificate nickname if any */
|
---|
1145 | nickname = (*pRetCert)->nickname;
|
---|
1146 | if(NULL == nickname)
|
---|
1147 | nickname = "[unknown]";
|
---|
1148 |
|
---|
1149 | if(!strncmp(nickname, pem_slotname, sizeof(pem_slotname) - 1U)) {
|
---|
1150 | failf(data, "NSS: refusing previously loaded certificate from file: %s",
|
---|
1151 | nickname);
|
---|
1152 | return SECFailure;
|
---|
1153 | }
|
---|
1154 |
|
---|
1155 | if(NULL == *pRetKey) {
|
---|
1156 | failf(data, "NSS: private key not found for certificate: %s", nickname);
|
---|
1157 | return SECFailure;
|
---|
1158 | }
|
---|
1159 |
|
---|
1160 | infof(data, "NSS: using client certificate: %s\n", nickname);
|
---|
1161 | display_cert_info(data, *pRetCert);
|
---|
1162 | return SECSuccess;
|
---|
1163 | }
|
---|
1164 |
|
---|
1165 | /* update blocking direction in case of PR_WOULD_BLOCK_ERROR */
|
---|
1166 | static void nss_update_connecting_state(ssl_connect_state state, void *secret)
|
---|
1167 | {
|
---|
1168 | struct ssl_connect_data *connssl = (struct ssl_connect_data *)secret;
|
---|
1169 | if(PR_GetError() != PR_WOULD_BLOCK_ERROR)
|
---|
1170 | /* an unrelated error is passing by */
|
---|
1171 | return;
|
---|
1172 |
|
---|
1173 | switch(connssl->connecting_state) {
|
---|
1174 | case ssl_connect_2:
|
---|
1175 | case ssl_connect_2_reading:
|
---|
1176 | case ssl_connect_2_writing:
|
---|
1177 | break;
|
---|
1178 | default:
|
---|
1179 | /* we are not called from an SSL handshake */
|
---|
1180 | return;
|
---|
1181 | }
|
---|
1182 |
|
---|
1183 | /* update the state accordingly */
|
---|
1184 | connssl->connecting_state = state;
|
---|
1185 | }
|
---|
1186 |
|
---|
1187 | /* recv() wrapper we use to detect blocking direction during SSL handshake */
|
---|
1188 | static PRInt32 nspr_io_recv(PRFileDesc *fd, void *buf, PRInt32 amount,
|
---|
1189 | PRIntn flags, PRIntervalTime timeout)
|
---|
1190 | {
|
---|
1191 | const PRRecvFN recv_fn = fd->lower->methods->recv;
|
---|
1192 | const PRInt32 rv = recv_fn(fd->lower, buf, amount, flags, timeout);
|
---|
1193 | if(rv < 0)
|
---|
1194 | /* check for PR_WOULD_BLOCK_ERROR and update blocking direction */
|
---|
1195 | nss_update_connecting_state(ssl_connect_2_reading, fd->secret);
|
---|
1196 | return rv;
|
---|
1197 | }
|
---|
1198 |
|
---|
1199 | /* send() wrapper we use to detect blocking direction during SSL handshake */
|
---|
1200 | static PRInt32 nspr_io_send(PRFileDesc *fd, const void *buf, PRInt32 amount,
|
---|
1201 | PRIntn flags, PRIntervalTime timeout)
|
---|
1202 | {
|
---|
1203 | const PRSendFN send_fn = fd->lower->methods->send;
|
---|
1204 | const PRInt32 rv = send_fn(fd->lower, buf, amount, flags, timeout);
|
---|
1205 | if(rv < 0)
|
---|
1206 | /* check for PR_WOULD_BLOCK_ERROR and update blocking direction */
|
---|
1207 | nss_update_connecting_state(ssl_connect_2_writing, fd->secret);
|
---|
1208 | return rv;
|
---|
1209 | }
|
---|
1210 |
|
---|
1211 | /* close() wrapper to avoid assertion failure due to fd->secret != NULL */
|
---|
1212 | static PRStatus nspr_io_close(PRFileDesc *fd)
|
---|
1213 | {
|
---|
1214 | const PRCloseFN close_fn = PR_GetDefaultIOMethods()->close;
|
---|
1215 | fd->secret = NULL;
|
---|
1216 | return close_fn(fd);
|
---|
1217 | }
|
---|
1218 |
|
---|
1219 | /* load a PKCS #11 module */
|
---|
1220 | static CURLcode nss_load_module(SECMODModule **pmod, const char *library,
|
---|
1221 | const char *name)
|
---|
1222 | {
|
---|
1223 | char *config_string;
|
---|
1224 | SECMODModule *module = *pmod;
|
---|
1225 | if(module)
|
---|
1226 | /* already loaded */
|
---|
1227 | return CURLE_OK;
|
---|
1228 |
|
---|
1229 | config_string = aprintf("library=%s name=%s", library, name);
|
---|
1230 | if(!config_string)
|
---|
1231 | return CURLE_OUT_OF_MEMORY;
|
---|
1232 |
|
---|
1233 | module = SECMOD_LoadUserModule(config_string, NULL, PR_FALSE);
|
---|
1234 | free(config_string);
|
---|
1235 |
|
---|
1236 | if(module && module->loaded) {
|
---|
1237 | /* loaded successfully */
|
---|
1238 | *pmod = module;
|
---|
1239 | return CURLE_OK;
|
---|
1240 | }
|
---|
1241 |
|
---|
1242 | if(module)
|
---|
1243 | SECMOD_DestroyModule(module);
|
---|
1244 | return CURLE_FAILED_INIT;
|
---|
1245 | }
|
---|
1246 |
|
---|
1247 | /* unload a PKCS #11 module */
|
---|
1248 | static void nss_unload_module(SECMODModule **pmod)
|
---|
1249 | {
|
---|
1250 | SECMODModule *module = *pmod;
|
---|
1251 | if(!module)
|
---|
1252 | /* not loaded */
|
---|
1253 | return;
|
---|
1254 |
|
---|
1255 | if(SECMOD_UnloadUserModule(module) != SECSuccess)
|
---|
1256 | /* unload failed */
|
---|
1257 | return;
|
---|
1258 |
|
---|
1259 | SECMOD_DestroyModule(module);
|
---|
1260 | *pmod = NULL;
|
---|
1261 | }
|
---|
1262 |
|
---|
1263 | /* data might be NULL */
|
---|
1264 | static CURLcode nss_init_core(struct Curl_easy *data, const char *cert_dir)
|
---|
1265 | {
|
---|
1266 | NSSInitParameters initparams;
|
---|
1267 |
|
---|
1268 | if(nss_context != NULL)
|
---|
1269 | return CURLE_OK;
|
---|
1270 |
|
---|
1271 | memset((void *) &initparams, '\0', sizeof(initparams));
|
---|
1272 | initparams.length = sizeof(initparams);
|
---|
1273 |
|
---|
1274 | if(cert_dir) {
|
---|
1275 | char *certpath = aprintf("sql:%s", cert_dir);
|
---|
1276 | if(!certpath)
|
---|
1277 | return CURLE_OUT_OF_MEMORY;
|
---|
1278 |
|
---|
1279 | infof(data, "Initializing NSS with certpath: %s\n", certpath);
|
---|
1280 | nss_context = NSS_InitContext(certpath, "", "", "", &initparams,
|
---|
1281 | NSS_INIT_READONLY | NSS_INIT_PK11RELOAD);
|
---|
1282 | free(certpath);
|
---|
1283 |
|
---|
1284 | if(nss_context != NULL)
|
---|
1285 | return CURLE_OK;
|
---|
1286 |
|
---|
1287 | infof(data, "Unable to initialize NSS database\n");
|
---|
1288 | }
|
---|
1289 |
|
---|
1290 | infof(data, "Initializing NSS with certpath: none\n");
|
---|
1291 | nss_context = NSS_InitContext("", "", "", "", &initparams, NSS_INIT_READONLY
|
---|
1292 | | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB | NSS_INIT_FORCEOPEN
|
---|
1293 | | NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE | NSS_INIT_PK11RELOAD);
|
---|
1294 | if(nss_context != NULL)
|
---|
1295 | return CURLE_OK;
|
---|
1296 |
|
---|
1297 | infof(data, "Unable to initialize NSS\n");
|
---|
1298 | return CURLE_SSL_CACERT_BADFILE;
|
---|
1299 | }
|
---|
1300 |
|
---|
1301 | /* data might be NULL */
|
---|
1302 | static CURLcode nss_init(struct Curl_easy *data)
|
---|
1303 | {
|
---|
1304 | char *cert_dir;
|
---|
1305 | struct_stat st;
|
---|
1306 | CURLcode result;
|
---|
1307 |
|
---|
1308 | if(initialized)
|
---|
1309 | return CURLE_OK;
|
---|
1310 |
|
---|
1311 | /* list of all CRL items we need to destroy in Curl_nss_cleanup() */
|
---|
1312 | Curl_llist_init(&nss_crl_list, nss_destroy_crl_item);
|
---|
1313 |
|
---|
1314 | /* First we check if $SSL_DIR points to a valid dir */
|
---|
1315 | cert_dir = getenv("SSL_DIR");
|
---|
1316 | if(cert_dir) {
|
---|
1317 | if((stat(cert_dir, &st) != 0) ||
|
---|
1318 | (!S_ISDIR(st.st_mode))) {
|
---|
1319 | cert_dir = NULL;
|
---|
1320 | }
|
---|
1321 | }
|
---|
1322 |
|
---|
1323 | /* Now we check if the default location is a valid dir */
|
---|
1324 | if(!cert_dir) {
|
---|
1325 | if((stat(SSL_DIR, &st) == 0) &&
|
---|
1326 | (S_ISDIR(st.st_mode))) {
|
---|
1327 | cert_dir = (char *)SSL_DIR;
|
---|
1328 | }
|
---|
1329 | }
|
---|
1330 |
|
---|
1331 | if(nspr_io_identity == PR_INVALID_IO_LAYER) {
|
---|
1332 | /* allocate an identity for our own NSPR I/O layer */
|
---|
1333 | nspr_io_identity = PR_GetUniqueIdentity("libcurl");
|
---|
1334 | if(nspr_io_identity == PR_INVALID_IO_LAYER)
|
---|
1335 | return CURLE_OUT_OF_MEMORY;
|
---|
1336 |
|
---|
1337 | /* the default methods just call down to the lower I/O layer */
|
---|
1338 | memcpy(&nspr_io_methods, PR_GetDefaultIOMethods(), sizeof nspr_io_methods);
|
---|
1339 |
|
---|
1340 | /* override certain methods in the table by our wrappers */
|
---|
1341 | nspr_io_methods.recv = nspr_io_recv;
|
---|
1342 | nspr_io_methods.send = nspr_io_send;
|
---|
1343 | nspr_io_methods.close = nspr_io_close;
|
---|
1344 | }
|
---|
1345 |
|
---|
1346 | result = nss_init_core(data, cert_dir);
|
---|
1347 | if(result)
|
---|
1348 | return result;
|
---|
1349 |
|
---|
1350 | if(!any_cipher_enabled())
|
---|
1351 | NSS_SetDomesticPolicy();
|
---|
1352 |
|
---|
1353 | initialized = 1;
|
---|
1354 |
|
---|
1355 | return CURLE_OK;
|
---|
1356 | }
|
---|
1357 |
|
---|
1358 | /**
|
---|
1359 | * Global SSL init
|
---|
1360 | *
|
---|
1361 | * @retval 0 error initializing SSL
|
---|
1362 | * @retval 1 SSL initialized successfully
|
---|
1363 | */
|
---|
1364 | static int Curl_nss_init(void)
|
---|
1365 | {
|
---|
1366 | /* curl_global_init() is not thread-safe so this test is ok */
|
---|
1367 | if(nss_initlock == NULL) {
|
---|
1368 | PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 256);
|
---|
1369 | nss_initlock = PR_NewLock();
|
---|
1370 | nss_crllock = PR_NewLock();
|
---|
1371 | nss_findslot_lock = PR_NewLock();
|
---|
1372 | nss_trustload_lock = PR_NewLock();
|
---|
1373 | }
|
---|
1374 |
|
---|
1375 | /* We will actually initialize NSS later */
|
---|
1376 |
|
---|
1377 | return 1;
|
---|
1378 | }
|
---|
1379 |
|
---|
1380 | /* data might be NULL */
|
---|
1381 | CURLcode Curl_nss_force_init(struct Curl_easy *data)
|
---|
1382 | {
|
---|
1383 | CURLcode result;
|
---|
1384 | if(!nss_initlock) {
|
---|
1385 | if(data)
|
---|
1386 | failf(data, "unable to initialize NSS, curl_global_init() should have "
|
---|
1387 | "been called with CURL_GLOBAL_SSL or CURL_GLOBAL_ALL");
|
---|
1388 | return CURLE_FAILED_INIT;
|
---|
1389 | }
|
---|
1390 |
|
---|
1391 | PR_Lock(nss_initlock);
|
---|
1392 | result = nss_init(data);
|
---|
1393 | PR_Unlock(nss_initlock);
|
---|
1394 |
|
---|
1395 | return result;
|
---|
1396 | }
|
---|
1397 |
|
---|
1398 | /* Global cleanup */
|
---|
1399 | static void Curl_nss_cleanup(void)
|
---|
1400 | {
|
---|
1401 | /* This function isn't required to be threadsafe and this is only done
|
---|
1402 | * as a safety feature.
|
---|
1403 | */
|
---|
1404 | PR_Lock(nss_initlock);
|
---|
1405 | if(initialized) {
|
---|
1406 | /* Free references to client certificates held in the SSL session cache.
|
---|
1407 | * Omitting this hampers destruction of the security module owning
|
---|
1408 | * the certificates. */
|
---|
1409 | SSL_ClearSessionCache();
|
---|
1410 |
|
---|
1411 | nss_unload_module(&pem_module);
|
---|
1412 | nss_unload_module(&trust_module);
|
---|
1413 | NSS_ShutdownContext(nss_context);
|
---|
1414 | nss_context = NULL;
|
---|
1415 | }
|
---|
1416 |
|
---|
1417 | /* destroy all CRL items */
|
---|
1418 | Curl_llist_destroy(&nss_crl_list, NULL);
|
---|
1419 |
|
---|
1420 | PR_Unlock(nss_initlock);
|
---|
1421 |
|
---|
1422 | PR_DestroyLock(nss_initlock);
|
---|
1423 | PR_DestroyLock(nss_crllock);
|
---|
1424 | PR_DestroyLock(nss_findslot_lock);
|
---|
1425 | PR_DestroyLock(nss_trustload_lock);
|
---|
1426 | nss_initlock = NULL;
|
---|
1427 |
|
---|
1428 | initialized = 0;
|
---|
1429 | }
|
---|
1430 |
|
---|
1431 | /*
|
---|
1432 | * This function uses SSL_peek to determine connection status.
|
---|
1433 | *
|
---|
1434 | * Return codes:
|
---|
1435 | * 1 means the connection is still in place
|
---|
1436 | * 0 means the connection has been closed
|
---|
1437 | * -1 means the connection status is unknown
|
---|
1438 | */
|
---|
1439 | static int Curl_nss_check_cxn(struct connectdata *conn)
|
---|
1440 | {
|
---|
1441 | struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET];
|
---|
1442 | int rc;
|
---|
1443 | char buf;
|
---|
1444 |
|
---|
1445 | rc =
|
---|
1446 | PR_Recv(BACKEND->handle, (void *)&buf, 1, PR_MSG_PEEK,
|
---|
1447 | PR_SecondsToInterval(1));
|
---|
1448 | if(rc > 0)
|
---|
1449 | return 1; /* connection still in place */
|
---|
1450 |
|
---|
1451 | if(rc == 0)
|
---|
1452 | return 0; /* connection has been closed */
|
---|
1453 |
|
---|
1454 | return -1; /* connection status unknown */
|
---|
1455 | }
|
---|
1456 |
|
---|
1457 | static void nss_close(struct ssl_connect_data *connssl)
|
---|
1458 | {
|
---|
1459 | /* before the cleanup, check whether we are using a client certificate */
|
---|
1460 | const bool client_cert = (BACKEND->client_nickname != NULL)
|
---|
1461 | || (BACKEND->obj_clicert != NULL);
|
---|
1462 |
|
---|
1463 | free(BACKEND->client_nickname);
|
---|
1464 | BACKEND->client_nickname = NULL;
|
---|
1465 |
|
---|
1466 | /* destroy all NSS objects in order to avoid failure of NSS shutdown */
|
---|
1467 | Curl_llist_destroy(&BACKEND->obj_list, NULL);
|
---|
1468 | BACKEND->obj_clicert = NULL;
|
---|
1469 |
|
---|
1470 | if(BACKEND->handle) {
|
---|
1471 | if(client_cert)
|
---|
1472 | /* A server might require different authentication based on the
|
---|
1473 | * particular path being requested by the client. To support this
|
---|
1474 | * scenario, we must ensure that a connection will never reuse the
|
---|
1475 | * authentication data from a previous connection. */
|
---|
1476 | SSL_InvalidateSession(BACKEND->handle);
|
---|
1477 |
|
---|
1478 | PR_Close(BACKEND->handle);
|
---|
1479 | BACKEND->handle = NULL;
|
---|
1480 | }
|
---|
1481 | }
|
---|
1482 |
|
---|
1483 | /*
|
---|
1484 | * This function is called when an SSL connection is closed.
|
---|
1485 | */
|
---|
1486 | static void Curl_nss_close(struct connectdata *conn, int sockindex)
|
---|
1487 | {
|
---|
1488 | struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
---|
1489 | struct ssl_connect_data *connssl_proxy = &conn->proxy_ssl[sockindex];
|
---|
1490 |
|
---|
1491 | if(BACKEND->handle || connssl_proxy->backend->handle) {
|
---|
1492 | /* NSS closes the socket we previously handed to it, so we must mark it
|
---|
1493 | as closed to avoid double close */
|
---|
1494 | fake_sclose(conn->sock[sockindex]);
|
---|
1495 | conn->sock[sockindex] = CURL_SOCKET_BAD;
|
---|
1496 | }
|
---|
1497 |
|
---|
1498 | if(BACKEND->handle)
|
---|
1499 | /* nss_close(connssl) will transitively close also
|
---|
1500 | connssl_proxy->backend->handle if both are used. Clear it to avoid
|
---|
1501 | a double close leading to crash. */
|
---|
1502 | connssl_proxy->backend->handle = NULL;
|
---|
1503 |
|
---|
1504 | nss_close(connssl);
|
---|
1505 | nss_close(connssl_proxy);
|
---|
1506 | }
|
---|
1507 |
|
---|
1508 | /* return true if NSS can provide error code (and possibly msg) for the
|
---|
1509 | error */
|
---|
1510 | static bool is_nss_error(CURLcode err)
|
---|
1511 | {
|
---|
1512 | switch(err) {
|
---|
1513 | case CURLE_PEER_FAILED_VERIFICATION:
|
---|
1514 | case CURLE_SSL_CACERT:
|
---|
1515 | case CURLE_SSL_CERTPROBLEM:
|
---|
1516 | case CURLE_SSL_CONNECT_ERROR:
|
---|
1517 | case CURLE_SSL_ISSUER_ERROR:
|
---|
1518 | return true;
|
---|
1519 |
|
---|
1520 | default:
|
---|
1521 | return false;
|
---|
1522 | }
|
---|
1523 | }
|
---|
1524 |
|
---|
1525 | /* return true if the given error code is related to a client certificate */
|
---|
1526 | static bool is_cc_error(PRInt32 err)
|
---|
1527 | {
|
---|
1528 | switch(err) {
|
---|
1529 | case SSL_ERROR_BAD_CERT_ALERT:
|
---|
1530 | case SSL_ERROR_EXPIRED_CERT_ALERT:
|
---|
1531 | case SSL_ERROR_REVOKED_CERT_ALERT:
|
---|
1532 | return true;
|
---|
1533 |
|
---|
1534 | default:
|
---|
1535 | return false;
|
---|
1536 | }
|
---|
1537 | }
|
---|
1538 |
|
---|
1539 | static Curl_recv nss_recv;
|
---|
1540 | static Curl_send nss_send;
|
---|
1541 |
|
---|
1542 | static CURLcode nss_load_ca_certificates(struct connectdata *conn,
|
---|
1543 | int sockindex)
|
---|
1544 | {
|
---|
1545 | struct Curl_easy *data = conn->data;
|
---|
1546 | const char *cafile = SSL_CONN_CONFIG(CAfile);
|
---|
1547 | const char *capath = SSL_CONN_CONFIG(CApath);
|
---|
1548 | bool use_trust_module;
|
---|
1549 | CURLcode result = CURLE_OK;
|
---|
1550 |
|
---|
1551 | /* treat empty string as unset */
|
---|
1552 | if(cafile && !cafile[0])
|
---|
1553 | cafile = NULL;
|
---|
1554 | if(capath && !capath[0])
|
---|
1555 | capath = NULL;
|
---|
1556 |
|
---|
1557 | infof(data, " CAfile: %s\n CApath: %s\n",
|
---|
1558 | cafile ? cafile : "none",
|
---|
1559 | capath ? capath : "none");
|
---|
1560 |
|
---|
1561 | /* load libnssckbi.so if no other trust roots were specified */
|
---|
1562 | use_trust_module = !cafile && !capath;
|
---|
1563 |
|
---|
1564 | PR_Lock(nss_trustload_lock);
|
---|
1565 | if(use_trust_module && !trust_module) {
|
---|
1566 | /* libnssckbi.so needed but not yet loaded --> load it! */
|
---|
1567 | result = nss_load_module(&trust_module, trust_library, "trust");
|
---|
1568 | infof(data, "%s %s\n", (result) ? "failed to load" : "loaded",
|
---|
1569 | trust_library);
|
---|
1570 | if(result == CURLE_FAILED_INIT)
|
---|
1571 | /* make the error non-fatal if we are not going to verify peer */
|
---|
1572 | result = CURLE_SSL_CACERT_BADFILE;
|
---|
1573 | }
|
---|
1574 | else if(!use_trust_module && trust_module) {
|
---|
1575 | /* libnssckbi.so not needed but already loaded --> unload it! */
|
---|
1576 | infof(data, "unloading %s\n", trust_library);
|
---|
1577 | nss_unload_module(&trust_module);
|
---|
1578 | }
|
---|
1579 | PR_Unlock(nss_trustload_lock);
|
---|
1580 |
|
---|
1581 | if(cafile)
|
---|
1582 | result = nss_load_cert(&conn->ssl[sockindex], cafile, PR_TRUE);
|
---|
1583 |
|
---|
1584 | if(result)
|
---|
1585 | return result;
|
---|
1586 |
|
---|
1587 | if(capath) {
|
---|
1588 | struct_stat st;
|
---|
1589 | if(stat(capath, &st) == -1)
|
---|
1590 | return CURLE_SSL_CACERT_BADFILE;
|
---|
1591 |
|
---|
1592 | if(S_ISDIR(st.st_mode)) {
|
---|
1593 | PRDirEntry *entry;
|
---|
1594 | PRDir *dir = PR_OpenDir(capath);
|
---|
1595 | if(!dir)
|
---|
1596 | return CURLE_SSL_CACERT_BADFILE;
|
---|
1597 |
|
---|
1598 | while((entry = PR_ReadDir(dir, PR_SKIP_BOTH | PR_SKIP_HIDDEN))) {
|
---|
1599 | char *fullpath = aprintf("%s/%s", capath, entry->name);
|
---|
1600 | if(!fullpath) {
|
---|
1601 | PR_CloseDir(dir);
|
---|
1602 | return CURLE_OUT_OF_MEMORY;
|
---|
1603 | }
|
---|
1604 |
|
---|
1605 | if(CURLE_OK != nss_load_cert(&conn->ssl[sockindex], fullpath, PR_TRUE))
|
---|
1606 | /* This is purposefully tolerant of errors so non-PEM files can
|
---|
1607 | * be in the same directory */
|
---|
1608 | infof(data, "failed to load '%s' from CURLOPT_CAPATH\n", fullpath);
|
---|
1609 |
|
---|
1610 | free(fullpath);
|
---|
1611 | }
|
---|
1612 |
|
---|
1613 | PR_CloseDir(dir);
|
---|
1614 | }
|
---|
1615 | else
|
---|
1616 | infof(data, "warning: CURLOPT_CAPATH not a directory (%s)\n", capath);
|
---|
1617 | }
|
---|
1618 |
|
---|
1619 | return CURLE_OK;
|
---|
1620 | }
|
---|
1621 |
|
---|
1622 | static CURLcode nss_sslver_from_curl(PRUint16 *nssver, long version)
|
---|
1623 | {
|
---|
1624 | switch(version) {
|
---|
1625 | case CURL_SSLVERSION_TLSv1:
|
---|
1626 | /* TODO: set sslver->max to SSL_LIBRARY_VERSION_TLS_1_3 once stable */
|
---|
1627 | #ifdef SSL_LIBRARY_VERSION_TLS_1_2
|
---|
1628 | *nssver = SSL_LIBRARY_VERSION_TLS_1_2;
|
---|
1629 | #elif defined SSL_LIBRARY_VERSION_TLS_1_1
|
---|
1630 | *nssver = SSL_LIBRARY_VERSION_TLS_1_1;
|
---|
1631 | #else
|
---|
1632 | *nssver = SSL_LIBRARY_VERSION_TLS_1_0;
|
---|
1633 | #endif
|
---|
1634 | return CURLE_OK;
|
---|
1635 |
|
---|
1636 | case CURL_SSLVERSION_SSLv2:
|
---|
1637 | *nssver = SSL_LIBRARY_VERSION_2;
|
---|
1638 | return CURLE_OK;
|
---|
1639 |
|
---|
1640 | case CURL_SSLVERSION_SSLv3:
|
---|
1641 | *nssver = SSL_LIBRARY_VERSION_3_0;
|
---|
1642 | return CURLE_OK;
|
---|
1643 |
|
---|
1644 | case CURL_SSLVERSION_TLSv1_0:
|
---|
1645 | *nssver = SSL_LIBRARY_VERSION_TLS_1_0;
|
---|
1646 | return CURLE_OK;
|
---|
1647 |
|
---|
1648 | case CURL_SSLVERSION_TLSv1_1:
|
---|
1649 | #ifdef SSL_LIBRARY_VERSION_TLS_1_1
|
---|
1650 | *nssver = SSL_LIBRARY_VERSION_TLS_1_1;
|
---|
1651 | return CURLE_OK;
|
---|
1652 | #else
|
---|
1653 | return CURLE_SSL_CONNECT_ERROR;
|
---|
1654 | #endif
|
---|
1655 |
|
---|
1656 | case CURL_SSLVERSION_TLSv1_2:
|
---|
1657 | #ifdef SSL_LIBRARY_VERSION_TLS_1_2
|
---|
1658 | *nssver = SSL_LIBRARY_VERSION_TLS_1_2;
|
---|
1659 | return CURLE_OK;
|
---|
1660 | #else
|
---|
1661 | return CURLE_SSL_CONNECT_ERROR;
|
---|
1662 | #endif
|
---|
1663 |
|
---|
1664 | case CURL_SSLVERSION_TLSv1_3:
|
---|
1665 | #ifdef SSL_LIBRARY_VERSION_TLS_1_3
|
---|
1666 | *nssver = SSL_LIBRARY_VERSION_TLS_1_3;
|
---|
1667 | return CURLE_OK;
|
---|
1668 | #else
|
---|
1669 | return CURLE_SSL_CONNECT_ERROR;
|
---|
1670 | #endif
|
---|
1671 |
|
---|
1672 | default:
|
---|
1673 | return CURLE_SSL_CONNECT_ERROR;
|
---|
1674 | }
|
---|
1675 | }
|
---|
1676 |
|
---|
1677 | static CURLcode nss_init_sslver(SSLVersionRange *sslver,
|
---|
1678 | struct Curl_easy *data,
|
---|
1679 | struct connectdata *conn)
|
---|
1680 | {
|
---|
1681 | CURLcode result;
|
---|
1682 | const long min = SSL_CONN_CONFIG(version);
|
---|
1683 | const long max = SSL_CONN_CONFIG(version_max);
|
---|
1684 |
|
---|
1685 | /* map CURL_SSLVERSION_DEFAULT to NSS default */
|
---|
1686 | if(min == CURL_SSLVERSION_DEFAULT || max == CURL_SSLVERSION_MAX_DEFAULT) {
|
---|
1687 | /* map CURL_SSLVERSION_DEFAULT to NSS default */
|
---|
1688 | if(SSL_VersionRangeGetDefault(ssl_variant_stream, sslver) != SECSuccess)
|
---|
1689 | return CURLE_SSL_CONNECT_ERROR;
|
---|
1690 | /* ... but make sure we use at least TLSv1.0 according to libcurl API */
|
---|
1691 | if(sslver->min < SSL_LIBRARY_VERSION_TLS_1_0)
|
---|
1692 | sslver->min = SSL_LIBRARY_VERSION_TLS_1_0;
|
---|
1693 | }
|
---|
1694 |
|
---|
1695 | switch(min) {
|
---|
1696 | case CURL_SSLVERSION_DEFAULT:
|
---|
1697 | break;
|
---|
1698 | case CURL_SSLVERSION_TLSv1:
|
---|
1699 | sslver->min = SSL_LIBRARY_VERSION_TLS_1_0;
|
---|
1700 | break;
|
---|
1701 | default:
|
---|
1702 | result = nss_sslver_from_curl(&sslver->min, min);
|
---|
1703 | if(result) {
|
---|
1704 | failf(data, "unsupported min version passed via CURLOPT_SSLVERSION");
|
---|
1705 | return result;
|
---|
1706 | }
|
---|
1707 | if(max == CURL_SSLVERSION_MAX_NONE)
|
---|
1708 | sslver->max = sslver->min;
|
---|
1709 | }
|
---|
1710 |
|
---|
1711 | switch(max) {
|
---|
1712 | case CURL_SSLVERSION_MAX_NONE:
|
---|
1713 | case CURL_SSLVERSION_MAX_DEFAULT:
|
---|
1714 | break;
|
---|
1715 | default:
|
---|
1716 | result = nss_sslver_from_curl(&sslver->max, max >> 16);
|
---|
1717 | if(result) {
|
---|
1718 | failf(data, "unsupported max version passed via CURLOPT_SSLVERSION");
|
---|
1719 | return result;
|
---|
1720 | }
|
---|
1721 | }
|
---|
1722 |
|
---|
1723 | return CURLE_OK;
|
---|
1724 | }
|
---|
1725 |
|
---|
1726 | static CURLcode nss_fail_connect(struct ssl_connect_data *connssl,
|
---|
1727 | struct Curl_easy *data,
|
---|
1728 | CURLcode curlerr)
|
---|
1729 | {
|
---|
1730 | PRErrorCode err = 0;
|
---|
1731 |
|
---|
1732 | if(is_nss_error(curlerr)) {
|
---|
1733 | /* read NSPR error code */
|
---|
1734 | err = PR_GetError();
|
---|
1735 | if(is_cc_error(err))
|
---|
1736 | curlerr = CURLE_SSL_CERTPROBLEM;
|
---|
1737 |
|
---|
1738 | /* print the error number and error string */
|
---|
1739 | infof(data, "NSS error %d (%s)\n", err, nss_error_to_name(err));
|
---|
1740 |
|
---|
1741 | /* print a human-readable message describing the error if available */
|
---|
1742 | nss_print_error_message(data, err);
|
---|
1743 | }
|
---|
1744 |
|
---|
1745 | /* cleanup on connection failure */
|
---|
1746 | Curl_llist_destroy(&BACKEND->obj_list, NULL);
|
---|
1747 |
|
---|
1748 | return curlerr;
|
---|
1749 | }
|
---|
1750 |
|
---|
1751 | /* Switch the SSL socket into blocking or non-blocking mode. */
|
---|
1752 | static CURLcode nss_set_blocking(struct ssl_connect_data *connssl,
|
---|
1753 | struct Curl_easy *data,
|
---|
1754 | bool blocking)
|
---|
1755 | {
|
---|
1756 | static PRSocketOptionData sock_opt;
|
---|
1757 | sock_opt.option = PR_SockOpt_Nonblocking;
|
---|
1758 | sock_opt.value.non_blocking = !blocking;
|
---|
1759 |
|
---|
1760 | if(PR_SetSocketOption(BACKEND->handle, &sock_opt) != PR_SUCCESS)
|
---|
1761 | return nss_fail_connect(connssl, data, CURLE_SSL_CONNECT_ERROR);
|
---|
1762 |
|
---|
1763 | return CURLE_OK;
|
---|
1764 | }
|
---|
1765 |
|
---|
1766 | static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
|
---|
1767 | {
|
---|
1768 | PRFileDesc *model = NULL;
|
---|
1769 | PRFileDesc *nspr_io = NULL;
|
---|
1770 | PRFileDesc *nspr_io_stub = NULL;
|
---|
1771 | PRBool ssl_no_cache;
|
---|
1772 | PRBool ssl_cbc_random_iv;
|
---|
1773 | struct Curl_easy *data = conn->data;
|
---|
1774 | curl_socket_t sockfd = conn->sock[sockindex];
|
---|
1775 | struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
---|
1776 | CURLcode result;
|
---|
1777 | bool second_layer = FALSE;
|
---|
1778 |
|
---|
1779 | SSLVersionRange sslver = {
|
---|
1780 | SSL_LIBRARY_VERSION_TLS_1_0, /* min */
|
---|
1781 | SSL_LIBRARY_VERSION_TLS_1_0 /* max */
|
---|
1782 | };
|
---|
1783 |
|
---|
1784 | BACKEND->data = data;
|
---|
1785 |
|
---|
1786 | /* list of all NSS objects we need to destroy in Curl_nss_close() */
|
---|
1787 | Curl_llist_init(&BACKEND->obj_list, nss_destroy_object);
|
---|
1788 |
|
---|
1789 | /* FIXME. NSS doesn't support multiple databases open at the same time. */
|
---|
1790 | PR_Lock(nss_initlock);
|
---|
1791 | result = nss_init(conn->data);
|
---|
1792 | if(result) {
|
---|
1793 | PR_Unlock(nss_initlock);
|
---|
1794 | goto error;
|
---|
1795 | }
|
---|
1796 |
|
---|
1797 | PK11_SetPasswordFunc(nss_get_password);
|
---|
1798 |
|
---|
1799 | result = nss_load_module(&pem_module, pem_library, "PEM");
|
---|
1800 | PR_Unlock(nss_initlock);
|
---|
1801 | if(result == CURLE_FAILED_INIT)
|
---|
1802 | infof(data, "WARNING: failed to load NSS PEM library %s. Using "
|
---|
1803 | "OpenSSL PEM certificates will not work.\n", pem_library);
|
---|
1804 | else if(result)
|
---|
1805 | goto error;
|
---|
1806 |
|
---|
1807 | result = CURLE_SSL_CONNECT_ERROR;
|
---|
1808 |
|
---|
1809 | model = PR_NewTCPSocket();
|
---|
1810 | if(!model)
|
---|
1811 | goto error;
|
---|
1812 | model = SSL_ImportFD(NULL, model);
|
---|
1813 |
|
---|
1814 | if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess)
|
---|
1815 | goto error;
|
---|
1816 | if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_SERVER, PR_FALSE) != SECSuccess)
|
---|
1817 | goto error;
|
---|
1818 | if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE) != SECSuccess)
|
---|
1819 | goto error;
|
---|
1820 |
|
---|
1821 | /* do not use SSL cache if disabled or we are not going to verify peer */
|
---|
1822 | ssl_no_cache = (SSL_SET_OPTION(primary.sessionid)
|
---|
1823 | && SSL_CONN_CONFIG(verifypeer)) ? PR_FALSE : PR_TRUE;
|
---|
1824 | if(SSL_OptionSet(model, SSL_NO_CACHE, ssl_no_cache) != SECSuccess)
|
---|
1825 | goto error;
|
---|
1826 |
|
---|
1827 | /* enable/disable the requested SSL version(s) */
|
---|
1828 | if(nss_init_sslver(&sslver, data, conn) != CURLE_OK)
|
---|
1829 | goto error;
|
---|
1830 | if(SSL_VersionRangeSet(model, &sslver) != SECSuccess)
|
---|
1831 | goto error;
|
---|
1832 |
|
---|
1833 | ssl_cbc_random_iv = !SSL_SET_OPTION(enable_beast);
|
---|
1834 | #ifdef SSL_CBC_RANDOM_IV
|
---|
1835 | /* unless the user explicitly asks to allow the protocol vulnerability, we
|
---|
1836 | use the work-around */
|
---|
1837 | if(SSL_OptionSet(model, SSL_CBC_RANDOM_IV, ssl_cbc_random_iv) != SECSuccess)
|
---|
1838 | infof(data, "warning: failed to set SSL_CBC_RANDOM_IV = %d\n",
|
---|
1839 | ssl_cbc_random_iv);
|
---|
1840 | #else
|
---|
1841 | if(ssl_cbc_random_iv)
|
---|
1842 | infof(data, "warning: support for SSL_CBC_RANDOM_IV not compiled in\n");
|
---|
1843 | #endif
|
---|
1844 |
|
---|
1845 | if(SSL_CONN_CONFIG(cipher_list)) {
|
---|
1846 | if(set_ciphers(data, model, SSL_CONN_CONFIG(cipher_list)) != SECSuccess) {
|
---|
1847 | result = CURLE_SSL_CIPHER;
|
---|
1848 | goto error;
|
---|
1849 | }
|
---|
1850 | }
|
---|
1851 |
|
---|
1852 | if(!SSL_CONN_CONFIG(verifypeer) && SSL_CONN_CONFIG(verifyhost))
|
---|
1853 | infof(data, "warning: ignoring value of ssl.verifyhost\n");
|
---|
1854 |
|
---|
1855 | /* bypass the default SSL_AuthCertificate() hook in case we do not want to
|
---|
1856 | * verify peer */
|
---|
1857 | if(SSL_AuthCertificateHook(model, nss_auth_cert_hook, conn) != SECSuccess)
|
---|
1858 | goto error;
|
---|
1859 |
|
---|
1860 | /* not checked yet */
|
---|
1861 | if(SSL_IS_PROXY())
|
---|
1862 | data->set.proxy_ssl.certverifyresult = 0;
|
---|
1863 | else
|
---|
1864 | data->set.ssl.certverifyresult = 0;
|
---|
1865 |
|
---|
1866 | if(SSL_BadCertHook(model, BadCertHandler, conn) != SECSuccess)
|
---|
1867 | goto error;
|
---|
1868 |
|
---|
1869 | if(SSL_HandshakeCallback(model, HandshakeCallback, conn) != SECSuccess)
|
---|
1870 | goto error;
|
---|
1871 |
|
---|
1872 | {
|
---|
1873 | const CURLcode rv = nss_load_ca_certificates(conn, sockindex);
|
---|
1874 | if((rv == CURLE_SSL_CACERT_BADFILE) && !SSL_CONN_CONFIG(verifypeer))
|
---|
1875 | /* not a fatal error because we are not going to verify the peer */
|
---|
1876 | infof(data, "warning: CA certificates failed to load\n");
|
---|
1877 | else if(rv) {
|
---|
1878 | result = rv;
|
---|
1879 | goto error;
|
---|
1880 | }
|
---|
1881 | }
|
---|
1882 |
|
---|
1883 | if(SSL_SET_OPTION(CRLfile)) {
|
---|
1884 | const CURLcode rv = nss_load_crl(SSL_SET_OPTION(CRLfile));
|
---|
1885 | if(rv) {
|
---|
1886 | result = rv;
|
---|
1887 | goto error;
|
---|
1888 | }
|
---|
1889 | infof(data, " CRLfile: %s\n", SSL_SET_OPTION(CRLfile));
|
---|
1890 | }
|
---|
1891 |
|
---|
1892 | if(SSL_SET_OPTION(cert)) {
|
---|
1893 | char *nickname = dup_nickname(data, SSL_SET_OPTION(cert));
|
---|
1894 | if(nickname) {
|
---|
1895 | /* we are not going to use libnsspem.so to read the client cert */
|
---|
1896 | BACKEND->obj_clicert = NULL;
|
---|
1897 | }
|
---|
1898 | else {
|
---|
1899 | CURLcode rv = cert_stuff(conn, sockindex, SSL_SET_OPTION(cert),
|
---|
1900 | SSL_SET_OPTION(key));
|
---|
1901 | if(rv) {
|
---|
1902 | /* failf() is already done in cert_stuff() */
|
---|
1903 | result = rv;
|
---|
1904 | goto error;
|
---|
1905 | }
|
---|
1906 | }
|
---|
1907 |
|
---|
1908 | /* store the nickname for SelectClientCert() called during handshake */
|
---|
1909 | BACKEND->client_nickname = nickname;
|
---|
1910 | }
|
---|
1911 | else
|
---|
1912 | BACKEND->client_nickname = NULL;
|
---|
1913 |
|
---|
1914 | if(SSL_GetClientAuthDataHook(model, SelectClientCert,
|
---|
1915 | (void *)connssl) != SECSuccess) {
|
---|
1916 | result = CURLE_SSL_CERTPROBLEM;
|
---|
1917 | goto error;
|
---|
1918 | }
|
---|
1919 |
|
---|
1920 | if(conn->proxy_ssl[sockindex].use) {
|
---|
1921 | DEBUGASSERT(ssl_connection_complete == conn->proxy_ssl[sockindex].state);
|
---|
1922 | DEBUGASSERT(conn->proxy_ssl[sockindex].backend->handle != NULL);
|
---|
1923 | nspr_io = conn->proxy_ssl[sockindex].backend->handle;
|
---|
1924 | second_layer = TRUE;
|
---|
1925 | }
|
---|
1926 | else {
|
---|
1927 | /* wrap OS file descriptor by NSPR's file descriptor abstraction */
|
---|
1928 | nspr_io = PR_ImportTCPSocket(sockfd);
|
---|
1929 | if(!nspr_io)
|
---|
1930 | goto error;
|
---|
1931 | }
|
---|
1932 |
|
---|
1933 | /* create our own NSPR I/O layer */
|
---|
1934 | nspr_io_stub = PR_CreateIOLayerStub(nspr_io_identity, &nspr_io_methods);
|
---|
1935 | if(!nspr_io_stub) {
|
---|
1936 | if(!second_layer)
|
---|
1937 | PR_Close(nspr_io);
|
---|
1938 | goto error;
|
---|
1939 | }
|
---|
1940 |
|
---|
1941 | /* make the per-connection data accessible from NSPR I/O callbacks */
|
---|
1942 | nspr_io_stub->secret = (void *)connssl;
|
---|
1943 |
|
---|
1944 | /* push our new layer to the NSPR I/O stack */
|
---|
1945 | if(PR_PushIOLayer(nspr_io, PR_TOP_IO_LAYER, nspr_io_stub) != PR_SUCCESS) {
|
---|
1946 | if(!second_layer)
|
---|
1947 | PR_Close(nspr_io);
|
---|
1948 | PR_Close(nspr_io_stub);
|
---|
1949 | goto error;
|
---|
1950 | }
|
---|
1951 |
|
---|
1952 | /* import our model socket onto the current I/O stack */
|
---|
1953 | BACKEND->handle = SSL_ImportFD(model, nspr_io);
|
---|
1954 | if(!BACKEND->handle) {
|
---|
1955 | if(!second_layer)
|
---|
1956 | PR_Close(nspr_io);
|
---|
1957 | goto error;
|
---|
1958 | }
|
---|
1959 |
|
---|
1960 | PR_Close(model); /* We don't need this any more */
|
---|
1961 | model = NULL;
|
---|
1962 |
|
---|
1963 | /* This is the password associated with the cert that we're using */
|
---|
1964 | if(SSL_SET_OPTION(key_passwd)) {
|
---|
1965 | SSL_SetPKCS11PinArg(BACKEND->handle, SSL_SET_OPTION(key_passwd));
|
---|
1966 | }
|
---|
1967 |
|
---|
1968 | #ifdef SSL_ENABLE_OCSP_STAPLING
|
---|
1969 | if(SSL_CONN_CONFIG(verifystatus)) {
|
---|
1970 | if(SSL_OptionSet(BACKEND->handle, SSL_ENABLE_OCSP_STAPLING, PR_TRUE)
|
---|
1971 | != SECSuccess)
|
---|
1972 | goto error;
|
---|
1973 | }
|
---|
1974 | #endif
|
---|
1975 |
|
---|
1976 | #ifdef SSL_ENABLE_NPN
|
---|
1977 | if(SSL_OptionSet(BACKEND->handle, SSL_ENABLE_NPN, conn->bits.tls_enable_npn
|
---|
1978 | ? PR_TRUE : PR_FALSE) != SECSuccess)
|
---|
1979 | goto error;
|
---|
1980 | #endif
|
---|
1981 |
|
---|
1982 | #ifdef SSL_ENABLE_ALPN
|
---|
1983 | if(SSL_OptionSet(BACKEND->handle, SSL_ENABLE_ALPN, conn->bits.tls_enable_alpn
|
---|
1984 | ? PR_TRUE : PR_FALSE) != SECSuccess)
|
---|
1985 | goto error;
|
---|
1986 | #endif
|
---|
1987 |
|
---|
1988 | #if NSSVERNUM >= 0x030f04 /* 3.15.4 */
|
---|
1989 | if(data->set.ssl.falsestart) {
|
---|
1990 | if(SSL_OptionSet(BACKEND->handle, SSL_ENABLE_FALSE_START, PR_TRUE)
|
---|
1991 | != SECSuccess)
|
---|
1992 | goto error;
|
---|
1993 |
|
---|
1994 | if(SSL_SetCanFalseStartCallback(BACKEND->handle, CanFalseStartCallback,
|
---|
1995 | conn) != SECSuccess)
|
---|
1996 | goto error;
|
---|
1997 | }
|
---|
1998 | #endif
|
---|
1999 |
|
---|
2000 | #if defined(SSL_ENABLE_NPN) || defined(SSL_ENABLE_ALPN)
|
---|
2001 | if(conn->bits.tls_enable_npn || conn->bits.tls_enable_alpn) {
|
---|
2002 | int cur = 0;
|
---|
2003 | unsigned char protocols[128];
|
---|
2004 |
|
---|
2005 | #ifdef USE_NGHTTP2
|
---|
2006 | if(data->set.httpversion >= CURL_HTTP_VERSION_2 &&
|
---|
2007 | (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) {
|
---|
2008 | protocols[cur++] = NGHTTP2_PROTO_VERSION_ID_LEN;
|
---|
2009 | memcpy(&protocols[cur], NGHTTP2_PROTO_VERSION_ID,
|
---|
2010 | NGHTTP2_PROTO_VERSION_ID_LEN);
|
---|
2011 | cur += NGHTTP2_PROTO_VERSION_ID_LEN;
|
---|
2012 | }
|
---|
2013 | #endif
|
---|
2014 | protocols[cur++] = ALPN_HTTP_1_1_LENGTH;
|
---|
2015 | memcpy(&protocols[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH);
|
---|
2016 | cur += ALPN_HTTP_1_1_LENGTH;
|
---|
2017 |
|
---|
2018 | if(SSL_SetNextProtoNego(BACKEND->handle, protocols, cur) != SECSuccess)
|
---|
2019 | goto error;
|
---|
2020 | }
|
---|
2021 | #endif
|
---|
2022 |
|
---|
2023 |
|
---|
2024 | /* Force handshake on next I/O */
|
---|
2025 | if(SSL_ResetHandshake(BACKEND->handle, /* asServer */ PR_FALSE)
|
---|
2026 | != SECSuccess)
|
---|
2027 | goto error;
|
---|
2028 |
|
---|
2029 | /* propagate hostname to the TLS layer */
|
---|
2030 | if(SSL_SetURL(BACKEND->handle, SSL_IS_PROXY() ? conn->http_proxy.host.name :
|
---|
2031 | conn->host.name) != SECSuccess)
|
---|
2032 | goto error;
|
---|
2033 |
|
---|
2034 | /* prevent NSS from re-using the session for a different hostname */
|
---|
2035 | if(SSL_SetSockPeerID(BACKEND->handle, SSL_IS_PROXY() ?
|
---|
2036 | conn->http_proxy.host.name : conn->host.name)
|
---|
2037 | != SECSuccess)
|
---|
2038 | goto error;
|
---|
2039 |
|
---|
2040 | return CURLE_OK;
|
---|
2041 |
|
---|
2042 | error:
|
---|
2043 | if(model)
|
---|
2044 | PR_Close(model);
|
---|
2045 |
|
---|
2046 | return nss_fail_connect(connssl, data, result);
|
---|
2047 | }
|
---|
2048 |
|
---|
2049 | static CURLcode nss_do_connect(struct connectdata *conn, int sockindex)
|
---|
2050 | {
|
---|
2051 | struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
---|
2052 | struct Curl_easy *data = conn->data;
|
---|
2053 | CURLcode result = CURLE_SSL_CONNECT_ERROR;
|
---|
2054 | PRUint32 timeout;
|
---|
2055 | long * const certverifyresult = SSL_IS_PROXY() ?
|
---|
2056 | &data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult;
|
---|
2057 | const char * const pinnedpubkey = SSL_IS_PROXY() ?
|
---|
2058 | data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
|
---|
2059 | data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
|
---|
2060 |
|
---|
2061 |
|
---|
2062 | /* check timeout situation */
|
---|
2063 | const time_t time_left = Curl_timeleft(data, NULL, TRUE);
|
---|
2064 | if(time_left < 0) {
|
---|
2065 | failf(data, "timed out before SSL handshake");
|
---|
2066 | result = CURLE_OPERATION_TIMEDOUT;
|
---|
2067 | goto error;
|
---|
2068 | }
|
---|
2069 |
|
---|
2070 | /* Force the handshake now */
|
---|
2071 | timeout = PR_MillisecondsToInterval((PRUint32) time_left);
|
---|
2072 | if(SSL_ForceHandshakeWithTimeout(BACKEND->handle, timeout) != SECSuccess) {
|
---|
2073 | if(PR_GetError() == PR_WOULD_BLOCK_ERROR)
|
---|
2074 | /* blocking direction is updated by nss_update_connecting_state() */
|
---|
2075 | return CURLE_AGAIN;
|
---|
2076 | else if(*certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN)
|
---|
2077 | result = CURLE_PEER_FAILED_VERIFICATION;
|
---|
2078 | else if(*certverifyresult != 0)
|
---|
2079 | result = CURLE_SSL_CACERT;
|
---|
2080 | goto error;
|
---|
2081 | }
|
---|
2082 |
|
---|
2083 | result = display_conn_info(conn, BACKEND->handle);
|
---|
2084 | if(result)
|
---|
2085 | goto error;
|
---|
2086 |
|
---|
2087 | if(SSL_SET_OPTION(issuercert)) {
|
---|
2088 | SECStatus ret = SECFailure;
|
---|
2089 | char *nickname = dup_nickname(data, SSL_SET_OPTION(issuercert));
|
---|
2090 | if(nickname) {
|
---|
2091 | /* we support only nicknames in case of issuercert for now */
|
---|
2092 | ret = check_issuer_cert(BACKEND->handle, nickname);
|
---|
2093 | free(nickname);
|
---|
2094 | }
|
---|
2095 |
|
---|
2096 | if(SECFailure == ret) {
|
---|
2097 | infof(data, "SSL certificate issuer check failed\n");
|
---|
2098 | result = CURLE_SSL_ISSUER_ERROR;
|
---|
2099 | goto error;
|
---|
2100 | }
|
---|
2101 | else {
|
---|
2102 | infof(data, "SSL certificate issuer check ok\n");
|
---|
2103 | }
|
---|
2104 | }
|
---|
2105 |
|
---|
2106 | result = cmp_peer_pubkey(connssl, pinnedpubkey);
|
---|
2107 | if(result)
|
---|
2108 | /* status already printed */
|
---|
2109 | goto error;
|
---|
2110 |
|
---|
2111 | return CURLE_OK;
|
---|
2112 |
|
---|
2113 | error:
|
---|
2114 | return nss_fail_connect(connssl, data, result);
|
---|
2115 | }
|
---|
2116 |
|
---|
2117 | static CURLcode nss_connect_common(struct connectdata *conn, int sockindex,
|
---|
2118 | bool *done)
|
---|
2119 | {
|
---|
2120 | struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
---|
2121 | struct Curl_easy *data = conn->data;
|
---|
2122 | const bool blocking = (done == NULL);
|
---|
2123 | CURLcode result;
|
---|
2124 |
|
---|
2125 | if(connssl->state == ssl_connection_complete) {
|
---|
2126 | if(!blocking)
|
---|
2127 | *done = TRUE;
|
---|
2128 | return CURLE_OK;
|
---|
2129 | }
|
---|
2130 |
|
---|
2131 | if(connssl->connecting_state == ssl_connect_1) {
|
---|
2132 | result = nss_setup_connect(conn, sockindex);
|
---|
2133 | if(result)
|
---|
2134 | /* we do not expect CURLE_AGAIN from nss_setup_connect() */
|
---|
2135 | return result;
|
---|
2136 |
|
---|
2137 | connssl->connecting_state = ssl_connect_2;
|
---|
2138 | }
|
---|
2139 |
|
---|
2140 | /* enable/disable blocking mode before handshake */
|
---|
2141 | result = nss_set_blocking(connssl, data, blocking);
|
---|
2142 | if(result)
|
---|
2143 | return result;
|
---|
2144 |
|
---|
2145 | result = nss_do_connect(conn, sockindex);
|
---|
2146 | switch(result) {
|
---|
2147 | case CURLE_OK:
|
---|
2148 | break;
|
---|
2149 | case CURLE_AGAIN:
|
---|
2150 | if(!blocking)
|
---|
2151 | /* CURLE_AGAIN in non-blocking mode is not an error */
|
---|
2152 | return CURLE_OK;
|
---|
2153 | /* fall through */
|
---|
2154 | default:
|
---|
2155 | return result;
|
---|
2156 | }
|
---|
2157 |
|
---|
2158 | if(blocking) {
|
---|
2159 | /* in blocking mode, set NSS non-blocking mode _after_ SSL handshake */
|
---|
2160 | result = nss_set_blocking(connssl, data, /* blocking */ FALSE);
|
---|
2161 | if(result)
|
---|
2162 | return result;
|
---|
2163 | }
|
---|
2164 | else
|
---|
2165 | /* signal completed SSL handshake */
|
---|
2166 | *done = TRUE;
|
---|
2167 |
|
---|
2168 | connssl->state = ssl_connection_complete;
|
---|
2169 | conn->recv[sockindex] = nss_recv;
|
---|
2170 | conn->send[sockindex] = nss_send;
|
---|
2171 |
|
---|
2172 | /* ssl_connect_done is never used outside, go back to the initial state */
|
---|
2173 | connssl->connecting_state = ssl_connect_1;
|
---|
2174 |
|
---|
2175 | return CURLE_OK;
|
---|
2176 | }
|
---|
2177 |
|
---|
2178 | static CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
|
---|
2179 | {
|
---|
2180 | return nss_connect_common(conn, sockindex, /* blocking */ NULL);
|
---|
2181 | }
|
---|
2182 |
|
---|
2183 | static CURLcode Curl_nss_connect_nonblocking(struct connectdata *conn,
|
---|
2184 | int sockindex, bool *done)
|
---|
2185 | {
|
---|
2186 | return nss_connect_common(conn, sockindex, done);
|
---|
2187 | }
|
---|
2188 |
|
---|
2189 | static ssize_t nss_send(struct connectdata *conn, /* connection data */
|
---|
2190 | int sockindex, /* socketindex */
|
---|
2191 | const void *mem, /* send this data */
|
---|
2192 | size_t len, /* amount to write */
|
---|
2193 | CURLcode *curlcode)
|
---|
2194 | {
|
---|
2195 | struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
---|
2196 | ssize_t rc;
|
---|
2197 |
|
---|
2198 | /* The SelectClientCert() hook uses this for infof() and failf() but the
|
---|
2199 | handle stored in nss_setup_connect() could have already been freed. */
|
---|
2200 | BACKEND->data = conn->data;
|
---|
2201 |
|
---|
2202 | rc = PR_Send(BACKEND->handle, mem, (int)len, 0, PR_INTERVAL_NO_WAIT);
|
---|
2203 | if(rc < 0) {
|
---|
2204 | PRInt32 err = PR_GetError();
|
---|
2205 | if(err == PR_WOULD_BLOCK_ERROR)
|
---|
2206 | *curlcode = CURLE_AGAIN;
|
---|
2207 | else {
|
---|
2208 | /* print the error number and error string */
|
---|
2209 | const char *err_name = nss_error_to_name(err);
|
---|
2210 | infof(conn->data, "SSL write: error %d (%s)\n", err, err_name);
|
---|
2211 |
|
---|
2212 | /* print a human-readable message describing the error if available */
|
---|
2213 | nss_print_error_message(conn->data, err);
|
---|
2214 |
|
---|
2215 | *curlcode = (is_cc_error(err))
|
---|
2216 | ? CURLE_SSL_CERTPROBLEM
|
---|
2217 | : CURLE_SEND_ERROR;
|
---|
2218 | }
|
---|
2219 |
|
---|
2220 | return -1;
|
---|
2221 | }
|
---|
2222 |
|
---|
2223 | return rc; /* number of bytes */
|
---|
2224 | }
|
---|
2225 |
|
---|
2226 | static ssize_t nss_recv(struct connectdata *conn, /* connection data */
|
---|
2227 | int sockindex, /* socketindex */
|
---|
2228 | char *buf, /* store read data here */
|
---|
2229 | size_t buffersize, /* max amount to read */
|
---|
2230 | CURLcode *curlcode)
|
---|
2231 | {
|
---|
2232 | struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
---|
2233 | ssize_t nread;
|
---|
2234 |
|
---|
2235 | /* The SelectClientCert() hook uses this for infof() and failf() but the
|
---|
2236 | handle stored in nss_setup_connect() could have already been freed. */
|
---|
2237 | BACKEND->data = conn->data;
|
---|
2238 |
|
---|
2239 | nread = PR_Recv(BACKEND->handle, buf, (int)buffersize, 0,
|
---|
2240 | PR_INTERVAL_NO_WAIT);
|
---|
2241 | if(nread < 0) {
|
---|
2242 | /* failed SSL read */
|
---|
2243 | PRInt32 err = PR_GetError();
|
---|
2244 |
|
---|
2245 | if(err == PR_WOULD_BLOCK_ERROR)
|
---|
2246 | *curlcode = CURLE_AGAIN;
|
---|
2247 | else {
|
---|
2248 | /* print the error number and error string */
|
---|
2249 | const char *err_name = nss_error_to_name(err);
|
---|
2250 | infof(conn->data, "SSL read: errno %d (%s)\n", err, err_name);
|
---|
2251 |
|
---|
2252 | /* print a human-readable message describing the error if available */
|
---|
2253 | nss_print_error_message(conn->data, err);
|
---|
2254 |
|
---|
2255 | *curlcode = (is_cc_error(err))
|
---|
2256 | ? CURLE_SSL_CERTPROBLEM
|
---|
2257 | : CURLE_RECV_ERROR;
|
---|
2258 | }
|
---|
2259 |
|
---|
2260 | return -1;
|
---|
2261 | }
|
---|
2262 |
|
---|
2263 | return nread;
|
---|
2264 | }
|
---|
2265 |
|
---|
2266 | static size_t Curl_nss_version(char *buffer, size_t size)
|
---|
2267 | {
|
---|
2268 | return snprintf(buffer, size, "NSS/%s", NSS_VERSION);
|
---|
2269 | }
|
---|
2270 |
|
---|
2271 | /* data might be NULL */
|
---|
2272 | static int Curl_nss_seed(struct Curl_easy *data)
|
---|
2273 | {
|
---|
2274 | /* make sure that NSS is initialized */
|
---|
2275 | return !!Curl_nss_force_init(data);
|
---|
2276 | }
|
---|
2277 |
|
---|
2278 | /* data might be NULL */
|
---|
2279 | static CURLcode Curl_nss_random(struct Curl_easy *data,
|
---|
2280 | unsigned char *entropy,
|
---|
2281 | size_t length)
|
---|
2282 | {
|
---|
2283 | Curl_nss_seed(data); /* Initiate the seed if not already done */
|
---|
2284 |
|
---|
2285 | if(SECSuccess != PK11_GenerateRandom(entropy, curlx_uztosi(length)))
|
---|
2286 | /* signal a failure */
|
---|
2287 | return CURLE_FAILED_INIT;
|
---|
2288 |
|
---|
2289 | return CURLE_OK;
|
---|
2290 | }
|
---|
2291 |
|
---|
2292 | static CURLcode Curl_nss_md5sum(unsigned char *tmp, /* input */
|
---|
2293 | size_t tmplen,
|
---|
2294 | unsigned char *md5sum, /* output */
|
---|
2295 | size_t md5len)
|
---|
2296 | {
|
---|
2297 | PK11Context *MD5pw = PK11_CreateDigestContext(SEC_OID_MD5);
|
---|
2298 | unsigned int MD5out;
|
---|
2299 |
|
---|
2300 | PK11_DigestOp(MD5pw, tmp, curlx_uztoui(tmplen));
|
---|
2301 | PK11_DigestFinal(MD5pw, md5sum, &MD5out, curlx_uztoui(md5len));
|
---|
2302 | PK11_DestroyContext(MD5pw, PR_TRUE);
|
---|
2303 |
|
---|
2304 | return CURLE_OK;
|
---|
2305 | }
|
---|
2306 |
|
---|
2307 | static void Curl_nss_sha256sum(const unsigned char *tmp, /* input */
|
---|
2308 | size_t tmplen,
|
---|
2309 | unsigned char *sha256sum, /* output */
|
---|
2310 | size_t sha256len)
|
---|
2311 | {
|
---|
2312 | PK11Context *SHA256pw = PK11_CreateDigestContext(SEC_OID_SHA256);
|
---|
2313 | unsigned int SHA256out;
|
---|
2314 |
|
---|
2315 | PK11_DigestOp(SHA256pw, tmp, curlx_uztoui(tmplen));
|
---|
2316 | PK11_DigestFinal(SHA256pw, sha256sum, &SHA256out, curlx_uztoui(sha256len));
|
---|
2317 | PK11_DestroyContext(SHA256pw, PR_TRUE);
|
---|
2318 | }
|
---|
2319 |
|
---|
2320 | static bool Curl_nss_cert_status_request(void)
|
---|
2321 | {
|
---|
2322 | #ifdef SSL_ENABLE_OCSP_STAPLING
|
---|
2323 | return TRUE;
|
---|
2324 | #else
|
---|
2325 | return FALSE;
|
---|
2326 | #endif
|
---|
2327 | }
|
---|
2328 |
|
---|
2329 | static bool Curl_nss_false_start(void)
|
---|
2330 | {
|
---|
2331 | #if NSSVERNUM >= 0x030f04 /* 3.15.4 */
|
---|
2332 | return TRUE;
|
---|
2333 | #else
|
---|
2334 | return FALSE;
|
---|
2335 | #endif
|
---|
2336 | }
|
---|
2337 |
|
---|
2338 | static void *Curl_nss_get_internals(struct ssl_connect_data *connssl,
|
---|
2339 | CURLINFO info UNUSED_PARAM)
|
---|
2340 | {
|
---|
2341 | (void)info;
|
---|
2342 | return BACKEND->handle;
|
---|
2343 | }
|
---|
2344 |
|
---|
2345 | const struct Curl_ssl Curl_ssl_nss = {
|
---|
2346 | { CURLSSLBACKEND_NSS, "nss" }, /* info */
|
---|
2347 |
|
---|
2348 | 1, /* have_ca_path */
|
---|
2349 | 1, /* have_certinfo */
|
---|
2350 | 1, /* have_pinnedpubkey */
|
---|
2351 | 0, /* have_ssl_ctx */
|
---|
2352 | 1, /* support_https_proxy */
|
---|
2353 |
|
---|
2354 | sizeof(struct ssl_backend_data),
|
---|
2355 |
|
---|
2356 | Curl_nss_init, /* init */
|
---|
2357 | Curl_nss_cleanup, /* cleanup */
|
---|
2358 | Curl_nss_version, /* version */
|
---|
2359 | Curl_nss_check_cxn, /* check_cxn */
|
---|
2360 | /* NSS has no shutdown function provided and thus always fail */
|
---|
2361 | Curl_none_shutdown, /* shutdown */
|
---|
2362 | Curl_none_data_pending, /* data_pending */
|
---|
2363 | Curl_nss_random, /* random */
|
---|
2364 | Curl_nss_cert_status_request, /* cert_status_request */
|
---|
2365 | Curl_nss_connect, /* connect */
|
---|
2366 | Curl_nss_connect_nonblocking, /* connect_nonblocking */
|
---|
2367 | Curl_nss_get_internals, /* get_internals */
|
---|
2368 | Curl_nss_close, /* close_one */
|
---|
2369 | Curl_none_close_all, /* close_all */
|
---|
2370 | /* NSS has its own session ID cache */
|
---|
2371 | Curl_none_session_free, /* session_free */
|
---|
2372 | Curl_none_set_engine, /* set_engine */
|
---|
2373 | Curl_none_set_engine_default, /* set_engine_default */
|
---|
2374 | Curl_none_engines_list, /* engines_list */
|
---|
2375 | Curl_nss_false_start, /* false_start */
|
---|
2376 | Curl_nss_md5sum, /* md5sum */
|
---|
2377 | Curl_nss_sha256sum /* sha256sum */
|
---|
2378 | };
|
---|
2379 |
|
---|
2380 | #endif /* USE_NSS */
|
---|