1: /***************************************************************************
2: * _ _ ____ _
3: * Project ___| | | | _ \| |
4: * / __| | | | |_) | |
5: * | (__| |_| | _ <| |___
6: * \___|\___/|_| \_\_____|
7: *
8: * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
9: *
10: * This software is licensed as described in the file COPYING, which
11: * you should have received as part of this distribution. The terms
12: * are also available at https://curl.haxx.se/docs/copyright.html.
13: *
14: * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15: * copies of the Software, and permit persons to whom the Software is
16: * furnished to do so, under the terms of the COPYING file.
17: *
18: * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19: * KIND, either express or implied.
20: *
21: ***************************************************************************/
22:
23: /*
24: * Source file for all GnuTLS-specific code for the TLS/SSL layer. No code
25: * but vtls.c should ever call or use these functions.
26: *
27: * Note: don't use the GnuTLS' *_t variable type names in this source code,
28: * since they were not present in 1.0.X.
29: */
30:
31: #include "curl_setup.h"
32:
33: #ifdef USE_GNUTLS
34:
35: #include <gnutls/abstract.h>
36: #include <gnutls/gnutls.h>
37: #include <gnutls/x509.h>
38:
39: #ifdef USE_GNUTLS_NETTLE
40: #include <gnutls/crypto.h>
41: #include <nettle/md5.h>
42: #include <nettle/sha2.h>
43: #else
44: #include <gcrypt.h>
45: #endif
46:
47: #include "urldata.h"
48: #include "sendf.h"
49: #include "inet_pton.h"
50: #include "gtls.h"
51: #include "vtls.h"
52: #include "parsedate.h"
53: #include "connect.h" /* for the connect timeout */
54: #include "select.h"
55: #include "strcase.h"
56: #include "warnless.h"
57: #include "x509asn1.h"
58: #include "multiif.h"
59: #include "curl_printf.h"
60: #include "curl_memory.h"
61: /* The last #include file should be: */
62: #include "memdebug.h"
63:
64: /* Enable GnuTLS debugging by defining GTLSDEBUG */
65: /*#define GTLSDEBUG */
66:
67: #ifdef GTLSDEBUG
68: static void tls_log_func(int level, const char *str)
69: {
70: fprintf(stderr, "|<%d>| %s", level, str);
71: }
72: #endif
73: static bool gtls_inited = FALSE;
74:
75: #if !defined(GNUTLS_VERSION_NUMBER) || (GNUTLS_VERSION_NUMBER < 0x03010a)
76: #error "too old GnuTLS version"
77: #endif
78:
79: # include <gnutls/ocsp.h>
80:
81: struct ssl_backend_data {
82: gnutls_session_t session;
83: gnutls_certificate_credentials_t cred;
84: #ifdef USE_TLS_SRP
85: gnutls_srp_client_credentials_t srp_client_cred;
86: #endif
87: };
88:
89: static ssize_t Curl_gtls_push(void *s, const void *buf, size_t len)
90: {
91: curl_socket_t sock = *(curl_socket_t *)s;
92: ssize_t ret = swrite(sock, buf, len);
93: return ret;
94: }
95:
96: static ssize_t Curl_gtls_pull(void *s, void *buf, size_t len)
97: {
98: curl_socket_t sock = *(curl_socket_t *)s;
99: ssize_t ret = sread(sock, buf, len);
100: return ret;
101: }
102:
103: static ssize_t Curl_gtls_push_ssl(void *s, const void *buf, size_t len)
104: {
105: return gnutls_record_send((gnutls_session_t) s, buf, len);
106: }
107:
108: static ssize_t Curl_gtls_pull_ssl(void *s, void *buf, size_t len)
109: {
110: return gnutls_record_recv((gnutls_session_t) s, buf, len);
111: }
112:
113: /* Curl_gtls_init()
114: *
115: * Global GnuTLS init, called from Curl_ssl_init(). This calls functions that
116: * are not thread-safe and thus this function itself is not thread-safe and
117: * must only be called from within curl_global_init() to keep the thread
118: * situation under control!
119: */
120: static int Curl_gtls_init(void)
121: {
122: int ret = 1;
123: if(!gtls_inited) {
124: ret = gnutls_global_init()?0:1;
125: #ifdef GTLSDEBUG
126: gnutls_global_set_log_function(tls_log_func);
127: gnutls_global_set_log_level(2);
128: #endif
129: gtls_inited = TRUE;
130: }
131: return ret;
132: }
133:
134: static void Curl_gtls_cleanup(void)
135: {
136: if(gtls_inited) {
137: gnutls_global_deinit();
138: gtls_inited = FALSE;
139: }
140: }
141:
142: #ifndef CURL_DISABLE_VERBOSE_STRINGS
143: static void showtime(struct Curl_easy *data,
144: const char *text,
145: time_t stamp)
146: {
147: struct tm buffer;
148: const struct tm *tm = &buffer;
149: char str[96];
150: CURLcode result = Curl_gmtime(stamp, &buffer);
151: if(result)
152: return;
153:
154: msnprintf(str,
155: sizeof(str),
156: "\t %s: %s, %02d %s %4d %02d:%02d:%02d GMT",
157: text,
158: Curl_wkday[tm->tm_wday?tm->tm_wday-1:6],
159: tm->tm_mday,
160: Curl_month[tm->tm_mon],
161: tm->tm_year + 1900,
162: tm->tm_hour,
163: tm->tm_min,
164: tm->tm_sec);
165: infof(data, "%s\n", str);
166: }
167: #endif
168:
169: static gnutls_datum_t load_file(const char *file)
170: {
171: FILE *f;
172: gnutls_datum_t loaded_file = { NULL, 0 };
173: long filelen;
174: void *ptr;
175:
176: f = fopen(file, "rb");
177: if(!f)
178: return loaded_file;
179: if(fseek(f, 0, SEEK_END) != 0
180: || (filelen = ftell(f)) < 0
181: || fseek(f, 0, SEEK_SET) != 0
182: || !(ptr = malloc((size_t)filelen)))
183: goto out;
184: if(fread(ptr, 1, (size_t)filelen, f) < (size_t)filelen) {
185: free(ptr);
186: goto out;
187: }
188:
189: loaded_file.data = ptr;
190: loaded_file.size = (unsigned int)filelen;
191: out:
192: fclose(f);
193: return loaded_file;
194: }
195:
196: static void unload_file(gnutls_datum_t data)
197: {
198: free(data.data);
199: }
200:
201:
202: /* this function does a SSL/TLS (re-)handshake */
203: static CURLcode handshake(struct connectdata *conn,
204: int sockindex,
205: bool duringconnect,
206: bool nonblocking)
207: {
208: struct Curl_easy *data = conn->data;
209: struct ssl_connect_data *connssl = &conn->ssl[sockindex];
210: struct ssl_backend_data *backend = connssl->backend;
211: gnutls_session_t session = backend->session;
212: curl_socket_t sockfd = conn->sock[sockindex];
213:
214: for(;;) {
215: timediff_t timeout_ms;
216: int rc;
217:
218: /* check allowed time left */
219: timeout_ms = Curl_timeleft(data, NULL, duringconnect);
220:
221: if(timeout_ms < 0) {
222: /* no need to continue if time already is up */
223: failf(data, "SSL connection timeout");
224: return CURLE_OPERATION_TIMEDOUT;
225: }
226:
227: /* if ssl is expecting something, check if it's available. */
228: if(connssl->connecting_state == ssl_connect_2_reading
229: || connssl->connecting_state == ssl_connect_2_writing) {
230: int what;
231: curl_socket_t writefd = ssl_connect_2_writing ==
232: connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
233: curl_socket_t readfd = ssl_connect_2_reading ==
234: connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
235:
236: what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd,
237: nonblocking?0:
238: timeout_ms?(time_t)timeout_ms:1000);
239: if(what < 0) {
240: /* fatal error */
241: failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
242: return CURLE_SSL_CONNECT_ERROR;
243: }
244: else if(0 == what) {
245: if(nonblocking)
246: return CURLE_OK;
247: else if(timeout_ms) {
248: /* timeout */
249: failf(data, "SSL connection timeout at %ld", (long)timeout_ms);
250: return CURLE_OPERATION_TIMEDOUT;
251: }
252: }
253: /* socket is readable or writable */
254: }
255:
256: rc = gnutls_handshake(session);
257:
258: if((rc == GNUTLS_E_AGAIN) || (rc == GNUTLS_E_INTERRUPTED)) {
259: connssl->connecting_state =
260: gnutls_record_get_direction(session)?
261: ssl_connect_2_writing:ssl_connect_2_reading;
262: continue;
263: }
264: else if((rc < 0) && !gnutls_error_is_fatal(rc)) {
265: const char *strerr = NULL;
266:
267: if(rc == GNUTLS_E_WARNING_ALERT_RECEIVED) {
268: int alert = gnutls_alert_get(session);
269: strerr = gnutls_alert_get_name(alert);
270: }
271:
272: if(strerr == NULL)
273: strerr = gnutls_strerror(rc);
274:
275: infof(data, "gnutls_handshake() warning: %s\n", strerr);
276: continue;
277: }
278: else if(rc < 0) {
279: const char *strerr = NULL;
280:
281: if(rc == GNUTLS_E_FATAL_ALERT_RECEIVED) {
282: int alert = gnutls_alert_get(session);
283: strerr = gnutls_alert_get_name(alert);
284: }
285:
286: if(strerr == NULL)
287: strerr = gnutls_strerror(rc);
288:
289: failf(data, "gnutls_handshake() failed: %s", strerr);
290: return CURLE_SSL_CONNECT_ERROR;
291: }
292:
293: /* Reset our connect state machine */
294: connssl->connecting_state = ssl_connect_1;
295: return CURLE_OK;
296: }
297: }
298:
299: static gnutls_x509_crt_fmt_t do_file_type(const char *type)
300: {
301: if(!type || !type[0])
302: return GNUTLS_X509_FMT_PEM;
303: if(strcasecompare(type, "PEM"))
304: return GNUTLS_X509_FMT_PEM;
305: if(strcasecompare(type, "DER"))
306: return GNUTLS_X509_FMT_DER;
307: return -1;
308: }
309:
310: #define GNUTLS_CIPHERS "NORMAL:-ARCFOUR-128:-CTYPE-ALL:+CTYPE-X509"
311: /* If GnuTLS was compiled without support for SRP it will error out if SRP is
312: requested in the priority string, so treat it specially
313: */
314: #define GNUTLS_SRP "+SRP"
315:
316: static CURLcode
317: set_ssl_version_min_max(const char **prioritylist, struct connectdata *conn)
318: {
319: struct Curl_easy *data = conn->data;
320: long ssl_version = SSL_CONN_CONFIG(version);
321: long ssl_version_max = SSL_CONN_CONFIG(version_max);
322:
323: if(ssl_version_max == CURL_SSLVERSION_MAX_NONE) {
324: ssl_version_max = CURL_SSLVERSION_MAX_DEFAULT;
325: }
326: switch(ssl_version | ssl_version_max) {
327: case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_0:
328: *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
329: "+VERS-TLS1.0";
330: return CURLE_OK;
331: case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_1:
332: *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
333: "+VERS-TLS1.0:+VERS-TLS1.1";
334: return CURLE_OK;
335: case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_TLSv1_2:
336: *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
337: "+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2";
338: return CURLE_OK;
339: case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_TLSv1_1:
340: *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
341: "+VERS-TLS1.1";
342: return CURLE_OK;
343: case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_TLSv1_2:
344: *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
345: "+VERS-TLS1.1:+VERS-TLS1.2";
346: return CURLE_OK;
347: case CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_TLSv1_2:
348: *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
349: "+VERS-TLS1.2";
350: return CURLE_OK;
351: case CURL_SSLVERSION_TLSv1_3 | CURL_SSLVERSION_MAX_TLSv1_3:
352: *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
353: "+VERS-TLS1.3";
354: return CURLE_OK;
355: case CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_DEFAULT:
356: *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
357: "+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2"
358: ":+VERS-TLS1.3";
359: return CURLE_OK;
360: case CURL_SSLVERSION_TLSv1_1 | CURL_SSLVERSION_MAX_DEFAULT:
361: *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
362: "+VERS-TLS1.1:+VERS-TLS1.2"
363: ":+VERS-TLS1.3";
364: return CURLE_OK;
365: case CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_DEFAULT:
366: *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
367: "+VERS-TLS1.2"
368: ":+VERS-TLS1.3";
369: return CURLE_OK;
370: case CURL_SSLVERSION_TLSv1_3 | CURL_SSLVERSION_MAX_DEFAULT:
371: *prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0:-VERS-TLS-ALL:"
372: "+VERS-TLS1.2"
373: ":+VERS-TLS1.3";
374: return CURLE_OK;
375: }
376:
377: failf(data, "GnuTLS: cannot set ssl protocol");
378: return CURLE_SSL_CONNECT_ERROR;
379: }
380:
381: static CURLcode
382: gtls_connect_step1(struct connectdata *conn,
383: int sockindex)
384: {
385: struct Curl_easy *data = conn->data;
386: struct ssl_connect_data *connssl = &conn->ssl[sockindex];
387: struct ssl_backend_data *backend = connssl->backend;
388: unsigned int init_flags;
389: gnutls_session_t session;
390: int rc;
391: bool sni = TRUE; /* default is SNI enabled */
392: void *transport_ptr = NULL;
393: gnutls_push_func gnutls_transport_push = NULL;
394: gnutls_pull_func gnutls_transport_pull = NULL;
395: #ifdef ENABLE_IPV6
396: struct in6_addr addr;
397: #else
398: struct in_addr addr;
399: #endif
400: const char *prioritylist;
401: const char *err = NULL;
402: const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
403: conn->host.name;
404:
405: if(connssl->state == ssl_connection_complete)
406: /* to make us tolerant against being called more than once for the
407: same connection */
408: return CURLE_OK;
409:
410: if(!gtls_inited)
411: Curl_gtls_init();
412:
413: if(SSL_CONN_CONFIG(version) == CURL_SSLVERSION_SSLv2) {
414: failf(data, "GnuTLS does not support SSLv2");
415: return CURLE_SSL_CONNECT_ERROR;
416: }
417: else if(SSL_CONN_CONFIG(version) == CURL_SSLVERSION_SSLv3)
418: sni = FALSE; /* SSLv3 has no SNI */
419:
420: /* allocate a cred struct */
421: rc = gnutls_certificate_allocate_credentials(&backend->cred);
422: if(rc != GNUTLS_E_SUCCESS) {
423: failf(data, "gnutls_cert_all_cred() failed: %s", gnutls_strerror(rc));
424: return CURLE_SSL_CONNECT_ERROR;
425: }
426:
427: #ifdef USE_TLS_SRP
428: if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) {
429: infof(data, "Using TLS-SRP username: %s\n", SSL_SET_OPTION(username));
430:
431: rc = gnutls_srp_allocate_client_credentials(
432: &backend->srp_client_cred);
433: if(rc != GNUTLS_E_SUCCESS) {
434: failf(data, "gnutls_srp_allocate_client_cred() failed: %s",
435: gnutls_strerror(rc));
436: return CURLE_OUT_OF_MEMORY;
437: }
438:
439: rc = gnutls_srp_set_client_credentials(backend->srp_client_cred,
440: SSL_SET_OPTION(username),
441: SSL_SET_OPTION(password));
442: if(rc != GNUTLS_E_SUCCESS) {
443: failf(data, "gnutls_srp_set_client_cred() failed: %s",
444: gnutls_strerror(rc));
445: return CURLE_BAD_FUNCTION_ARGUMENT;
446: }
447: }
448: #endif
449:
450: if(SSL_CONN_CONFIG(CAfile)) {
451: /* set the trusted CA cert bundle file */
452: gnutls_certificate_set_verify_flags(backend->cred,
453: GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
454:
455: rc = gnutls_certificate_set_x509_trust_file(backend->cred,
456: SSL_CONN_CONFIG(CAfile),
457: GNUTLS_X509_FMT_PEM);
458: if(rc < 0) {
459: infof(data, "error reading ca cert file %s (%s)\n",
460: SSL_CONN_CONFIG(CAfile), gnutls_strerror(rc));
461: if(SSL_CONN_CONFIG(verifypeer))
462: return CURLE_SSL_CACERT_BADFILE;
463: }
464: else
465: infof(data, "found %d certificates in %s\n", rc,
466: SSL_CONN_CONFIG(CAfile));
467: }
468:
469: if(SSL_CONN_CONFIG(CApath)) {
470: /* set the trusted CA cert directory */
471: rc = gnutls_certificate_set_x509_trust_dir(backend->cred,
472: SSL_CONN_CONFIG(CApath),
473: GNUTLS_X509_FMT_PEM);
474: if(rc < 0) {
475: infof(data, "error reading ca cert file %s (%s)\n",
476: SSL_CONN_CONFIG(CApath), gnutls_strerror(rc));
477: if(SSL_CONN_CONFIG(verifypeer))
478: return CURLE_SSL_CACERT_BADFILE;
479: }
480: else
481: infof(data, "found %d certificates in %s\n",
482: rc, SSL_CONN_CONFIG(CApath));
483: }
484:
485: #ifdef CURL_CA_FALLBACK
486: /* use system ca certificate store as fallback */
487: if(SSL_CONN_CONFIG(verifypeer) &&
488: !(SSL_CONN_CONFIG(CAfile) || SSL_CONN_CONFIG(CApath))) {
489: gnutls_certificate_set_x509_system_trust(backend->cred);
490: }
491: #endif
492:
493: if(SSL_SET_OPTION(CRLfile)) {
494: /* set the CRL list file */
495: rc = gnutls_certificate_set_x509_crl_file(backend->cred,
496: SSL_SET_OPTION(CRLfile),
497: GNUTLS_X509_FMT_PEM);
498: if(rc < 0) {
499: failf(data, "error reading crl file %s (%s)",
500: SSL_SET_OPTION(CRLfile), gnutls_strerror(rc));
501: return CURLE_SSL_CRL_BADFILE;
502: }
503: else
504: infof(data, "found %d CRL in %s\n",
505: rc, SSL_SET_OPTION(CRLfile));
506: }
507:
508: /* Initialize TLS session as a client */
509: init_flags = GNUTLS_CLIENT;
510:
511: #if defined(GNUTLS_FORCE_CLIENT_CERT)
512: init_flags |= GNUTLS_FORCE_CLIENT_CERT;
513: #endif
514:
515: #if defined(GNUTLS_NO_TICKETS)
516: /* Disable TLS session tickets */
517: init_flags |= GNUTLS_NO_TICKETS;
518: #endif
519:
520: rc = gnutls_init(&backend->session, init_flags);
521: if(rc != GNUTLS_E_SUCCESS) {
522: failf(data, "gnutls_init() failed: %d", rc);
523: return CURLE_SSL_CONNECT_ERROR;
524: }
525:
526: /* convenient assign */
527: session = backend->session;
528:
529: if((0 == Curl_inet_pton(AF_INET, hostname, &addr)) &&
530: #ifdef ENABLE_IPV6
531: (0 == Curl_inet_pton(AF_INET6, hostname, &addr)) &&
532: #endif
533: sni &&
534: (gnutls_server_name_set(session, GNUTLS_NAME_DNS, hostname,
535: strlen(hostname)) < 0))
536: infof(data, "WARNING: failed to configure server name indication (SNI) "
537: "TLS extension\n");
538:
539: /* Use default priorities */
540: rc = gnutls_set_default_priority(session);
541: if(rc != GNUTLS_E_SUCCESS)
542: return CURLE_SSL_CONNECT_ERROR;
543:
544: /* Ensure +SRP comes at the *end* of all relevant strings so that it can be
545: * removed if a run-time error indicates that SRP is not supported by this
546: * GnuTLS version */
547: switch(SSL_CONN_CONFIG(version)) {
548: case CURL_SSLVERSION_SSLv3:
549: prioritylist = GNUTLS_CIPHERS ":-VERS-TLS-ALL:+VERS-SSL3.0";
550: break;
551: case CURL_SSLVERSION_DEFAULT:
552: case CURL_SSLVERSION_TLSv1:
553: prioritylist = GNUTLS_CIPHERS ":-VERS-SSL3.0"
554: #ifdef HAS_TLS13
555: ":+VERS-TLS1.3"
556: #endif
557: ;
558: break;
559: case CURL_SSLVERSION_TLSv1_0:
560: case CURL_SSLVERSION_TLSv1_1:
561: case CURL_SSLVERSION_TLSv1_2:
562: case CURL_SSLVERSION_TLSv1_3:
563: {
564: CURLcode result = set_ssl_version_min_max(&prioritylist, conn);
565: if(result != CURLE_OK)
566: return result;
567: break;
568: }
569: case CURL_SSLVERSION_SSLv2:
570: failf(data, "GnuTLS does not support SSLv2");
571: return CURLE_SSL_CONNECT_ERROR;
572: default:
573: failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION");
574: return CURLE_SSL_CONNECT_ERROR;
575: }
576:
577: #ifdef USE_TLS_SRP
578: /* Only add SRP to the cipher list if SRP is requested. Otherwise
579: * GnuTLS will disable TLS 1.3 support. */
580: if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) {
581: size_t len = strlen(prioritylist);
582:
583: char *prioritysrp = malloc(len + sizeof(GNUTLS_SRP) + 1);
584: if(!prioritysrp)
585: return CURLE_OUT_OF_MEMORY;
586: strcpy(prioritysrp, prioritylist);
587: strcpy(prioritysrp + len, ":" GNUTLS_SRP);
588:
589: rc = gnutls_priority_set_direct(session, prioritysrp, &err);
590: free(prioritysrp);
591:
592: if((rc == GNUTLS_E_INVALID_REQUEST) && err) {
593: infof(data, "This GnuTLS does not support SRP\n");
594: }
595: }
596: else {
597: #endif
598: rc = gnutls_priority_set_direct(session, prioritylist, &err);
599: #ifdef USE_TLS_SRP
600: }
601: #endif
602:
603: if(rc != GNUTLS_E_SUCCESS) {
604: failf(data, "Error %d setting GnuTLS cipher list starting with %s",
605: rc, err);
606: return CURLE_SSL_CONNECT_ERROR;
607: }
608:
609: if(conn->bits.tls_enable_alpn) {
610: int cur = 0;
611: gnutls_datum_t protocols[2];
612:
613: #ifdef USE_NGHTTP2
614: if(data->set.httpversion >= CURL_HTTP_VERSION_2 &&
615: (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) {
616: protocols[cur].data = (unsigned char *)NGHTTP2_PROTO_VERSION_ID;
617: protocols[cur].size = NGHTTP2_PROTO_VERSION_ID_LEN;
618: cur++;
619: infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID);
620: }
621: #endif
622:
623: protocols[cur].data = (unsigned char *)ALPN_HTTP_1_1;
624: protocols[cur].size = ALPN_HTTP_1_1_LENGTH;
625: cur++;
626: infof(data, "ALPN, offering %s\n", ALPN_HTTP_1_1);
627:
628: gnutls_alpn_set_protocols(session, protocols, cur, 0);
629: }
630:
631: if(SSL_SET_OPTION(cert)) {
632: if(SSL_SET_OPTION(key_passwd)) {
633: const unsigned int supported_key_encryption_algorithms =
634: GNUTLS_PKCS_USE_PKCS12_3DES | GNUTLS_PKCS_USE_PKCS12_ARCFOUR |
635: GNUTLS_PKCS_USE_PKCS12_RC2_40 | GNUTLS_PKCS_USE_PBES2_3DES |
636: GNUTLS_PKCS_USE_PBES2_AES_128 | GNUTLS_PKCS_USE_PBES2_AES_192 |
637: GNUTLS_PKCS_USE_PBES2_AES_256;
638: rc = gnutls_certificate_set_x509_key_file2(
639: backend->cred,
640: SSL_SET_OPTION(cert),
641: SSL_SET_OPTION(key) ?
642: SSL_SET_OPTION(key) : SSL_SET_OPTION(cert),
643: do_file_type(SSL_SET_OPTION(cert_type)),
644: SSL_SET_OPTION(key_passwd),
645: supported_key_encryption_algorithms);
646: if(rc != GNUTLS_E_SUCCESS) {
647: failf(data,
648: "error reading X.509 potentially-encrypted key file: %s",
649: gnutls_strerror(rc));
650: return CURLE_SSL_CONNECT_ERROR;
651: }
652: }
653: else {
654: if(gnutls_certificate_set_x509_key_file(
655: backend->cred,
656: SSL_SET_OPTION(cert),
657: SSL_SET_OPTION(key) ?
658: SSL_SET_OPTION(key) : SSL_SET_OPTION(cert),
659: do_file_type(SSL_SET_OPTION(cert_type)) ) !=
660: GNUTLS_E_SUCCESS) {
661: failf(data, "error reading X.509 key or certificate file");
662: return CURLE_SSL_CONNECT_ERROR;
663: }
664: }
665: }
666:
667: #ifdef USE_TLS_SRP
668: /* put the credentials to the current session */
669: if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP) {
670: rc = gnutls_credentials_set(session, GNUTLS_CRD_SRP,
671: backend->srp_client_cred);
672: if(rc != GNUTLS_E_SUCCESS) {
673: failf(data, "gnutls_credentials_set() failed: %s", gnutls_strerror(rc));
674: return CURLE_SSL_CONNECT_ERROR;
675: }
676: }
677: else
678: #endif
679: {
680: rc = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
681: backend->cred);
682: if(rc != GNUTLS_E_SUCCESS) {
683: failf(data, "gnutls_credentials_set() failed: %s", gnutls_strerror(rc));
684: return CURLE_SSL_CONNECT_ERROR;
685: }
686: }
687:
688: if(conn->proxy_ssl[sockindex].use) {
689: transport_ptr = conn->proxy_ssl[sockindex].backend->session;
690: gnutls_transport_push = Curl_gtls_push_ssl;
691: gnutls_transport_pull = Curl_gtls_pull_ssl;
692: }
693: else {
694: /* file descriptor for the socket */
695: transport_ptr = &conn->sock[sockindex];
696: gnutls_transport_push = Curl_gtls_push;
697: gnutls_transport_pull = Curl_gtls_pull;
698: }
699:
700: /* set the connection handle */
701: gnutls_transport_set_ptr(session, transport_ptr);
702:
703: /* register callback functions to send and receive data. */
704: gnutls_transport_set_push_function(session, gnutls_transport_push);
705: gnutls_transport_set_pull_function(session, gnutls_transport_pull);
706:
707: if(SSL_CONN_CONFIG(verifystatus)) {
708: rc = gnutls_ocsp_status_request_enable_client(session, NULL, 0, NULL);
709: if(rc != GNUTLS_E_SUCCESS) {
710: failf(data, "gnutls_ocsp_status_request_enable_client() failed: %d", rc);
711: return CURLE_SSL_CONNECT_ERROR;
712: }
713: }
714:
715: /* This might be a reconnect, so we check for a session ID in the cache
716: to speed up things */
717: if(SSL_SET_OPTION(primary.sessionid)) {
718: void *ssl_sessionid;
719: size_t ssl_idsize;
720:
721: Curl_ssl_sessionid_lock(conn);
722: if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, &ssl_idsize, sockindex)) {
723: /* we got a session id, use it! */
724: gnutls_session_set_data(session, ssl_sessionid, ssl_idsize);
725:
726: /* Informational message */
727: infof(data, "SSL re-using session ID\n");
728: }
729: Curl_ssl_sessionid_unlock(conn);
730: }
731:
732: return CURLE_OK;
733: }
734:
735: static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,
736: gnutls_x509_crt_t cert,
737: const char *pinnedpubkey)
738: {
739: /* Scratch */
740: size_t len1 = 0, len2 = 0;
741: unsigned char *buff1 = NULL;
742:
743: gnutls_pubkey_t key = NULL;
744:
745: /* Result is returned to caller */
746: CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
747:
748: /* if a path wasn't specified, don't pin */
749: if(NULL == pinnedpubkey)
750: return CURLE_OK;
751:
752: if(NULL == cert)
753: return result;
754:
755: do {
756: int ret;
757:
758: /* Begin Gyrations to get the public key */
759: gnutls_pubkey_init(&key);
760:
761: ret = gnutls_pubkey_import_x509(key, cert, 0);
762: if(ret < 0)
763: break; /* failed */
764:
765: ret = gnutls_pubkey_export(key, GNUTLS_X509_FMT_DER, NULL, &len1);
766: if(ret != GNUTLS_E_SHORT_MEMORY_BUFFER || len1 == 0)
767: break; /* failed */
768:
769: buff1 = malloc(len1);
770: if(NULL == buff1)
771: break; /* failed */
772:
773: len2 = len1;
774:
775: ret = gnutls_pubkey_export(key, GNUTLS_X509_FMT_DER, buff1, &len2);
776: if(ret < 0 || len1 != len2)
777: break; /* failed */
778:
779: /* End Gyrations */
780:
781: /* The one good exit point */
782: result = Curl_pin_peer_pubkey(data, pinnedpubkey, buff1, len1);
783: } while(0);
784:
785: if(NULL != key)
786: gnutls_pubkey_deinit(key);
787:
788: Curl_safefree(buff1);
789:
790: return result;
791: }
792:
793: static Curl_recv gtls_recv;
794: static Curl_send gtls_send;
795:
796: static CURLcode
797: gtls_connect_step3(struct connectdata *conn,
798: int sockindex)
799: {
800: unsigned int cert_list_size;
801: const gnutls_datum_t *chainp;
802: unsigned int verify_status = 0;
803: gnutls_x509_crt_t x509_cert, x509_issuer;
804: gnutls_datum_t issuerp;
805: gnutls_datum_t certfields;
806: char certname[65] = ""; /* limited to 64 chars by ASN.1 */
807: size_t size;
808: time_t certclock;
809: const char *ptr;
810: struct Curl_easy *data = conn->data;
811: struct ssl_connect_data *connssl = &conn->ssl[sockindex];
812: struct ssl_backend_data *backend = connssl->backend;
813: gnutls_session_t session = backend->session;
814: int rc;
815: gnutls_datum_t proto;
816: CURLcode result = CURLE_OK;
817: #ifndef CURL_DISABLE_VERBOSE_STRINGS
818: unsigned int algo;
819: unsigned int bits;
820: gnutls_protocol_t version = gnutls_protocol_get_version(session);
821: #endif
822: const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
823: conn->host.name;
824:
825: /* the name of the cipher suite used, e.g. ECDHE_RSA_AES_256_GCM_SHA384. */
826: ptr = gnutls_cipher_suite_get_name(gnutls_kx_get(session),
827: gnutls_cipher_get(session),
828: gnutls_mac_get(session));
829:
830: infof(data, "SSL connection using %s / %s\n",
831: gnutls_protocol_get_name(version), ptr);
832:
833: /* This function will return the peer's raw certificate (chain) as sent by
834: the peer. These certificates are in raw format (DER encoded for
835: X.509). In case of a X.509 then a certificate list may be present. The
836: first certificate in the list is the peer's certificate, following the
837: issuer's certificate, then the issuer's issuer etc. */
838:
839: chainp = gnutls_certificate_get_peers(session, &cert_list_size);
840: if(!chainp) {
841: if(SSL_CONN_CONFIG(verifypeer) ||
842: SSL_CONN_CONFIG(verifyhost) ||
843: SSL_SET_OPTION(issuercert)) {
844: #ifdef USE_TLS_SRP
845: if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP
846: && SSL_SET_OPTION(username) != NULL
847: && !SSL_CONN_CONFIG(verifypeer)
848: && gnutls_cipher_get(session)) {
849: /* no peer cert, but auth is ok if we have SRP user and cipher and no
850: peer verify */
851: }
852: else {
853: #endif
854: failf(data, "failed to get server cert");
855: return CURLE_PEER_FAILED_VERIFICATION;
856: #ifdef USE_TLS_SRP
857: }
858: #endif
859: }
860: infof(data, "\t common name: WARNING couldn't obtain\n");
861: }
862:
863: if(data->set.ssl.certinfo && chainp) {
864: unsigned int i;
865:
866: result = Curl_ssl_init_certinfo(data, cert_list_size);
867: if(result)
868: return result;
869:
870: for(i = 0; i < cert_list_size; i++) {
871: const char *beg = (const char *) chainp[i].data;
872: const char *end = beg + chainp[i].size;
873:
874: result = Curl_extract_certinfo(conn, i, beg, end);
875: if(result)
876: return result;
877: }
878: }
879:
880: if(SSL_CONN_CONFIG(verifypeer)) {
881: /* This function will try to verify the peer's certificate and return its
882: status (trusted, invalid etc.). The value of status should be one or
883: more of the gnutls_certificate_status_t enumerated elements bitwise
884: or'd. To avoid denial of service attacks some default upper limits
885: regarding the certificate key size and chain size are set. To override
886: them use gnutls_certificate_set_verify_limits(). */
887:
888: rc = gnutls_certificate_verify_peers2(session, &verify_status);
889: if(rc < 0) {
890: failf(data, "server cert verify failed: %d", rc);
891: return CURLE_SSL_CONNECT_ERROR;
892: }
893:
894: /* verify_status is a bitmask of gnutls_certificate_status bits */
895: if(verify_status & GNUTLS_CERT_INVALID) {
896: if(SSL_CONN_CONFIG(verifypeer)) {
897: failf(data, "server certificate verification failed. CAfile: %s "
898: "CRLfile: %s", SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile):
899: "none",
900: SSL_SET_OPTION(CRLfile)?SSL_SET_OPTION(CRLfile):"none");
901: return CURLE_PEER_FAILED_VERIFICATION;
902: }
903: else
904: infof(data, "\t server certificate verification FAILED\n");
905: }
906: else
907: infof(data, "\t server certificate verification OK\n");
908: }
909: else
910: infof(data, "\t server certificate verification SKIPPED\n");
911:
912: if(SSL_CONN_CONFIG(verifystatus)) {
913: if(gnutls_ocsp_status_request_is_checked(session, 0) == 0) {
914: gnutls_datum_t status_request;
915: gnutls_ocsp_resp_t ocsp_resp;
916:
917: gnutls_ocsp_cert_status_t status;
918: gnutls_x509_crl_reason_t reason;
919:
920: rc = gnutls_ocsp_status_request_get(session, &status_request);
921:
922: infof(data, "\t server certificate status verification FAILED\n");
923:
924: if(rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
925: failf(data, "No OCSP response received");
926: return CURLE_SSL_INVALIDCERTSTATUS;
927: }
928:
929: if(rc < 0) {
930: failf(data, "Invalid OCSP response received");
931: return CURLE_SSL_INVALIDCERTSTATUS;
932: }
933:
934: gnutls_ocsp_resp_init(&ocsp_resp);
935:
936: rc = gnutls_ocsp_resp_import(ocsp_resp, &status_request);
937: if(rc < 0) {
938: failf(data, "Invalid OCSP response received");
939: return CURLE_SSL_INVALIDCERTSTATUS;
940: }
941:
942: (void)gnutls_ocsp_resp_get_single(ocsp_resp, 0, NULL, NULL, NULL, NULL,
943: &status, NULL, NULL, NULL, &reason);
944:
945: switch(status) {
946: case GNUTLS_OCSP_CERT_GOOD:
947: break;
948:
949: case GNUTLS_OCSP_CERT_REVOKED: {
950: const char *crl_reason;
951:
952: switch(reason) {
953: default:
954: case GNUTLS_X509_CRLREASON_UNSPECIFIED:
955: crl_reason = "unspecified reason";
956: break;
957:
958: case GNUTLS_X509_CRLREASON_KEYCOMPROMISE:
959: crl_reason = "private key compromised";
960: break;
961:
962: case GNUTLS_X509_CRLREASON_CACOMPROMISE:
963: crl_reason = "CA compromised";
964: break;
965:
966: case GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED:
967: crl_reason = "affiliation has changed";
968: break;
969:
970: case GNUTLS_X509_CRLREASON_SUPERSEDED:
971: crl_reason = "certificate superseded";
972: break;
973:
974: case GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION:
975: crl_reason = "operation has ceased";
976: break;
977:
978: case GNUTLS_X509_CRLREASON_CERTIFICATEHOLD:
979: crl_reason = "certificate is on hold";
980: break;
981:
982: case GNUTLS_X509_CRLREASON_REMOVEFROMCRL:
983: crl_reason = "will be removed from delta CRL";
984: break;
985:
986: case GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN:
987: crl_reason = "privilege withdrawn";
988: break;
989:
990: case GNUTLS_X509_CRLREASON_AACOMPROMISE:
991: crl_reason = "AA compromised";
992: break;
993: }
994:
995: failf(data, "Server certificate was revoked: %s", crl_reason);
996: break;
997: }
998:
999: default:
1000: case GNUTLS_OCSP_CERT_UNKNOWN:
1001: failf(data, "Server certificate status is unknown");
1002: break;
1003: }
1004:
1005: gnutls_ocsp_resp_deinit(ocsp_resp);
1006:
1007: return CURLE_SSL_INVALIDCERTSTATUS;
1008: }
1009: else
1010: infof(data, "\t server certificate status verification OK\n");
1011: }
1012: else
1013: infof(data, "\t server certificate status verification SKIPPED\n");
1014:
1015: /* initialize an X.509 certificate structure. */
1016: gnutls_x509_crt_init(&x509_cert);
1017:
1018: if(chainp)
1019: /* convert the given DER or PEM encoded Certificate to the native
1020: gnutls_x509_crt_t format */
1021: gnutls_x509_crt_import(x509_cert, chainp, GNUTLS_X509_FMT_DER);
1022:
1023: if(SSL_SET_OPTION(issuercert)) {
1024: gnutls_x509_crt_init(&x509_issuer);
1025: issuerp = load_file(SSL_SET_OPTION(issuercert));
1026: gnutls_x509_crt_import(x509_issuer, &issuerp, GNUTLS_X509_FMT_PEM);
1027: rc = gnutls_x509_crt_check_issuer(x509_cert, x509_issuer);
1028: gnutls_x509_crt_deinit(x509_issuer);
1029: unload_file(issuerp);
1030: if(rc <= 0) {
1031: failf(data, "server certificate issuer check failed (IssuerCert: %s)",
1032: SSL_SET_OPTION(issuercert)?SSL_SET_OPTION(issuercert):"none");
1033: gnutls_x509_crt_deinit(x509_cert);
1034: return CURLE_SSL_ISSUER_ERROR;
1035: }
1036: infof(data, "\t server certificate issuer check OK (Issuer Cert: %s)\n",
1037: SSL_SET_OPTION(issuercert)?SSL_SET_OPTION(issuercert):"none");
1038: }
1039:
1040: size = sizeof(certname);
1041: rc = gnutls_x509_crt_get_dn_by_oid(x509_cert, GNUTLS_OID_X520_COMMON_NAME,
1042: 0, /* the first and only one */
1043: FALSE,
1044: certname,
1045: &size);
1046: if(rc) {
1047: infof(data, "error fetching CN from cert:%s\n",
1048: gnutls_strerror(rc));
1049: }
1050:
1051: /* This function will check if the given certificate's subject matches the
1052: given hostname. This is a basic implementation of the matching described
1053: in RFC2818 (HTTPS), which takes into account wildcards, and the subject
1054: alternative name PKIX extension. Returns non zero on success, and zero on
1055: failure. */
1056: rc = gnutls_x509_crt_check_hostname(x509_cert, hostname);
1057: #if GNUTLS_VERSION_NUMBER < 0x030306
1058: /* Before 3.3.6, gnutls_x509_crt_check_hostname() didn't check IP
1059: addresses. */
1060: if(!rc) {
1061: #ifdef ENABLE_IPV6
1062: #define use_addr in6_addr
1063: #else
1064: #define use_addr in_addr
1065: #endif
1066: unsigned char addrbuf[sizeof(struct use_addr)];
1067: size_t addrlen = 0;
1068:
1069: if(Curl_inet_pton(AF_INET, hostname, addrbuf) > 0)
1070: addrlen = 4;
1071: #ifdef ENABLE_IPV6
1072: else if(Curl_inet_pton(AF_INET6, hostname, addrbuf) > 0)
1073: addrlen = 16;
1074: #endif
1075:
1076: if(addrlen) {
1077: unsigned char certaddr[sizeof(struct use_addr)];
1078: int i;
1079:
1080: for(i = 0; ; i++) {
1081: size_t certaddrlen = sizeof(certaddr);
1082: int ret = gnutls_x509_crt_get_subject_alt_name(x509_cert, i, certaddr,
1083: &certaddrlen, NULL);
1084: /* If this happens, it wasn't an IP address. */
1085: if(ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
1086: continue;
1087: if(ret < 0)
1088: break;
1089: if(ret != GNUTLS_SAN_IPADDRESS)
1090: continue;
1091: if(certaddrlen == addrlen && !memcmp(addrbuf, certaddr, addrlen)) {
1092: rc = 1;
1093: break;
1094: }
1095: }
1096: }
1097: }
1098: #endif
1099: if(!rc) {
1100: const char * const dispname = SSL_IS_PROXY() ?
1101: conn->http_proxy.host.dispname : conn->host.dispname;
1102:
1103: if(SSL_CONN_CONFIG(verifyhost)) {
1104: failf(data, "SSL: certificate subject name (%s) does not match "
1105: "target host name '%s'", certname, dispname);
1106: gnutls_x509_crt_deinit(x509_cert);
1107: return CURLE_PEER_FAILED_VERIFICATION;
1108: }
1109: else
1110: infof(data, "\t common name: %s (does not match '%s')\n",
1111: certname, dispname);
1112: }
1113: else
1114: infof(data, "\t common name: %s (matched)\n", certname);
1115:
1116: /* Check for time-based validity */
1117: certclock = gnutls_x509_crt_get_expiration_time(x509_cert);
1118:
1119: if(certclock == (time_t)-1) {
1120: if(SSL_CONN_CONFIG(verifypeer)) {
1121: failf(data, "server cert expiration date verify failed");
1122: gnutls_x509_crt_deinit(x509_cert);
1123: return CURLE_SSL_CONNECT_ERROR;
1124: }
1125: else
1126: infof(data, "\t server certificate expiration date verify FAILED\n");
1127: }
1128: else {
1129: if(certclock < time(NULL)) {
1130: if(SSL_CONN_CONFIG(verifypeer)) {
1131: failf(data, "server certificate expiration date has passed.");
1132: gnutls_x509_crt_deinit(x509_cert);
1133: return CURLE_PEER_FAILED_VERIFICATION;
1134: }
1135: else
1136: infof(data, "\t server certificate expiration date FAILED\n");
1137: }
1138: else
1139: infof(data, "\t server certificate expiration date OK\n");
1140: }
1141:
1142: certclock = gnutls_x509_crt_get_activation_time(x509_cert);
1143:
1144: if(certclock == (time_t)-1) {
1145: if(SSL_CONN_CONFIG(verifypeer)) {
1146: failf(data, "server cert activation date verify failed");
1147: gnutls_x509_crt_deinit(x509_cert);
1148: return CURLE_SSL_CONNECT_ERROR;
1149: }
1150: else
1151: infof(data, "\t server certificate activation date verify FAILED\n");
1152: }
1153: else {
1154: if(certclock > time(NULL)) {
1155: if(SSL_CONN_CONFIG(verifypeer)) {
1156: failf(data, "server certificate not activated yet.");
1157: gnutls_x509_crt_deinit(x509_cert);
1158: return CURLE_PEER_FAILED_VERIFICATION;
1159: }
1160: else
1161: infof(data, "\t server certificate activation date FAILED\n");
1162: }
1163: else
1164: infof(data, "\t server certificate activation date OK\n");
1165: }
1166:
1167: ptr = SSL_IS_PROXY() ? data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
1168: data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
1169: if(ptr) {
1170: result = pkp_pin_peer_pubkey(data, x509_cert, ptr);
1171: if(result != CURLE_OK) {
1172: failf(data, "SSL: public key does not match pinned public key!");
1173: gnutls_x509_crt_deinit(x509_cert);
1174: return result;
1175: }
1176: }
1177:
1178: /* Show:
1179:
1180: - subject
1181: - start date
1182: - expire date
1183: - common name
1184: - issuer
1185:
1186: */
1187:
1188: #ifndef CURL_DISABLE_VERBOSE_STRINGS
1189: /* public key algorithm's parameters */
1190: algo = gnutls_x509_crt_get_pk_algorithm(x509_cert, &bits);
1191: infof(data, "\t certificate public key: %s\n",
1192: gnutls_pk_algorithm_get_name(algo));
1193:
1194: /* version of the X.509 certificate. */
1195: infof(data, "\t certificate version: #%d\n",
1196: gnutls_x509_crt_get_version(x509_cert));
1197:
1198:
1199: rc = gnutls_x509_crt_get_dn2(x509_cert, &certfields);
1200: if(rc != 0)
1201: return CURLE_OUT_OF_MEMORY;
1202: infof(data, "\t subject: %s\n", certfields.data);
1203:
1204: certclock = gnutls_x509_crt_get_activation_time(x509_cert);
1205: showtime(data, "start date", certclock);
1206:
1207: certclock = gnutls_x509_crt_get_expiration_time(x509_cert);
1208: showtime(data, "expire date", certclock);
1209:
1210: rc = gnutls_x509_crt_get_issuer_dn2(x509_cert, &certfields);
1211: if(rc != 0)
1212: return CURLE_OUT_OF_MEMORY;
1213: infof(data, "\t issuer: %s\n", certfields.data);
1214: #endif
1215:
1216: gnutls_x509_crt_deinit(x509_cert);
1217:
1218: if(conn->bits.tls_enable_alpn) {
1219: rc = gnutls_alpn_get_selected_protocol(session, &proto);
1220: if(rc == 0) {
1221: infof(data, "ALPN, server accepted to use %.*s\n", proto.size,
1222: proto.data);
1223:
1224: #ifdef USE_NGHTTP2
1225: if(proto.size == NGHTTP2_PROTO_VERSION_ID_LEN &&
1226: !memcmp(NGHTTP2_PROTO_VERSION_ID, proto.data,
1227: NGHTTP2_PROTO_VERSION_ID_LEN)) {
1228: conn->negnpn = CURL_HTTP_VERSION_2;
1229: }
1230: else
1231: #endif
1232: if(proto.size == ALPN_HTTP_1_1_LENGTH &&
1233: !memcmp(ALPN_HTTP_1_1, proto.data, ALPN_HTTP_1_1_LENGTH)) {
1234: conn->negnpn = CURL_HTTP_VERSION_1_1;
1235: }
1236: }
1237: else
1238: infof(data, "ALPN, server did not agree to a protocol\n");
1239:
1240: Curl_multiuse_state(conn, conn->negnpn == CURL_HTTP_VERSION_2 ?
1241: BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
1242: }
1243:
1244: conn->ssl[sockindex].state = ssl_connection_complete;
1245: conn->recv[sockindex] = gtls_recv;
1246: conn->send[sockindex] = gtls_send;
1247:
1248: if(SSL_SET_OPTION(primary.sessionid)) {
1249: /* we always unconditionally get the session id here, as even if we
1250: already got it from the cache and asked to use it in the connection, it
1251: might've been rejected and then a new one is in use now and we need to
1252: detect that. */
1253: void *connect_sessionid;
1254: size_t connect_idsize = 0;
1255:
1256: /* get the session ID data size */
1257: gnutls_session_get_data(session, NULL, &connect_idsize);
1258: connect_sessionid = malloc(connect_idsize); /* get a buffer for it */
1259:
1260: if(connect_sessionid) {
1261: bool incache;
1262: void *ssl_sessionid;
1263:
1264: /* extract session ID to the allocated buffer */
1265: gnutls_session_get_data(session, connect_sessionid, &connect_idsize);
1266:
1267: Curl_ssl_sessionid_lock(conn);
1268: incache = !(Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL,
1269: sockindex));
1270: if(incache) {
1271: /* there was one before in the cache, so instead of risking that the
1272: previous one was rejected, we just kill that and store the new */
1273: Curl_ssl_delsessionid(conn, ssl_sessionid);
1274: }
1275:
1276: /* store this session id */
1277: result = Curl_ssl_addsessionid(conn, connect_sessionid, connect_idsize,
1278: sockindex);
1279: Curl_ssl_sessionid_unlock(conn);
1280: if(result) {
1281: free(connect_sessionid);
1282: result = CURLE_OUT_OF_MEMORY;
1283: }
1284: }
1285: else
1286: result = CURLE_OUT_OF_MEMORY;
1287: }
1288:
1289: return result;
1290: }
1291:
1292:
1293: /*
1294: * This function is called after the TCP connect has completed. Setup the TLS
1295: * layer and do all necessary magic.
1296: */
1297: /* We use connssl->connecting_state to keep track of the connection status;
1298: there are three states: 'ssl_connect_1' (not started yet or complete),
1299: 'ssl_connect_2_reading' (waiting for data from server), and
1300: 'ssl_connect_2_writing' (waiting to be able to write).
1301: */
1302: static CURLcode
1303: gtls_connect_common(struct connectdata *conn,
1304: int sockindex,
1305: bool nonblocking,
1306: bool *done)
1307: {
1308: int rc;
1309: struct ssl_connect_data *connssl = &conn->ssl[sockindex];
1310:
1311: /* Initiate the connection, if not already done */
1312: if(ssl_connect_1 == connssl->connecting_state) {
1313: rc = gtls_connect_step1(conn, sockindex);
1314: if(rc)
1315: return rc;
1316: }
1317:
1318: rc = handshake(conn, sockindex, TRUE, nonblocking);
1319: if(rc)
1320: /* handshake() sets its own error message with failf() */
1321: return rc;
1322:
1323: /* Finish connecting once the handshake is done */
1324: if(ssl_connect_1 == connssl->connecting_state) {
1325: rc = gtls_connect_step3(conn, sockindex);
1326: if(rc)
1327: return rc;
1328: }
1329:
1330: *done = ssl_connect_1 == connssl->connecting_state;
1331:
1332: return CURLE_OK;
1333: }
1334:
1335: static CURLcode Curl_gtls_connect_nonblocking(struct connectdata *conn,
1336: int sockindex, bool *done)
1337: {
1338: return gtls_connect_common(conn, sockindex, TRUE, done);
1339: }
1340:
1341: static CURLcode Curl_gtls_connect(struct connectdata *conn, int sockindex)
1342: {
1343: CURLcode result;
1344: bool done = FALSE;
1345:
1346: result = gtls_connect_common(conn, sockindex, FALSE, &done);
1347: if(result)
1348: return result;
1349:
1350: DEBUGASSERT(done);
1351:
1352: return CURLE_OK;
1353: }
1354:
1355: static bool Curl_gtls_data_pending(const struct connectdata *conn,
1356: int connindex)
1357: {
1358: const struct ssl_connect_data *connssl = &conn->ssl[connindex];
1359: bool res = FALSE;
1360: struct ssl_backend_data *backend = connssl->backend;
1361: if(backend->session &&
1362: 0 != gnutls_record_check_pending(backend->session))
1363: res = TRUE;
1364:
1365: connssl = &conn->proxy_ssl[connindex];
1366: if(backend->session &&
1367: 0 != gnutls_record_check_pending(backend->session))
1368: res = TRUE;
1369:
1370: return res;
1371: }
1372:
1373: static ssize_t gtls_send(struct connectdata *conn,
1374: int sockindex,
1375: const void *mem,
1376: size_t len,
1377: CURLcode *curlcode)
1378: {
1379: struct ssl_connect_data *connssl = &conn->ssl[sockindex];
1380: struct ssl_backend_data *backend = connssl->backend;
1381: ssize_t rc = gnutls_record_send(backend->session, mem, len);
1382:
1383: if(rc < 0) {
1384: *curlcode = (rc == GNUTLS_E_AGAIN)
1385: ? CURLE_AGAIN
1386: : CURLE_SEND_ERROR;
1387:
1388: rc = -1;
1389: }
1390:
1391: return rc;
1392: }
1393:
1394: static void close_one(struct ssl_connect_data *connssl)
1395: {
1396: struct ssl_backend_data *backend = connssl->backend;
1397: if(backend->session) {
1398: gnutls_bye(backend->session, GNUTLS_SHUT_WR);
1399: gnutls_deinit(backend->session);
1400: backend->session = NULL;
1401: }
1402: if(backend->cred) {
1403: gnutls_certificate_free_credentials(backend->cred);
1404: backend->cred = NULL;
1405: }
1406: #ifdef USE_TLS_SRP
1407: if(backend->srp_client_cred) {
1408: gnutls_srp_free_client_credentials(backend->srp_client_cred);
1409: backend->srp_client_cred = NULL;
1410: }
1411: #endif
1412: }
1413:
1414: static void Curl_gtls_close(struct connectdata *conn, int sockindex)
1415: {
1416: close_one(&conn->ssl[sockindex]);
1417: close_one(&conn->proxy_ssl[sockindex]);
1418: }
1419:
1420: /*
1421: * This function is called to shut down the SSL layer but keep the
1422: * socket open (CCC - Clear Command Channel)
1423: */
1424: static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex)
1425: {
1426: struct ssl_connect_data *connssl = &conn->ssl[sockindex];
1427: struct ssl_backend_data *backend = connssl->backend;
1428: int retval = 0;
1429: struct Curl_easy *data = conn->data;
1430:
1431: #ifndef CURL_DISABLE_FTP
1432: /* This has only been tested on the proftpd server, and the mod_tls code
1433: sends a close notify alert without waiting for a close notify alert in
1434: response. Thus we wait for a close notify alert from the server, but
1435: we do not send one. Let's hope other servers do the same... */
1436:
1437: if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE)
1438: gnutls_bye(backend->session, GNUTLS_SHUT_WR);
1439: #endif
1440:
1441: if(backend->session) {
1442: ssize_t result;
1443: bool done = FALSE;
1444: char buf[120];
1445:
1446: while(!done) {
1447: int what = SOCKET_READABLE(conn->sock[sockindex],
1448: SSL_SHUTDOWN_TIMEOUT);
1449: if(what > 0) {
1450: /* Something to read, let's do it and hope that it is the close
1451: notify alert from the server */
1452: result = gnutls_record_recv(backend->session,
1453: buf, sizeof(buf));
1454: switch(result) {
1455: case 0:
1456: /* This is the expected response. There was no data but only
1457: the close notify alert */
1458: done = TRUE;
1459: break;
1460: case GNUTLS_E_AGAIN:
1461: case GNUTLS_E_INTERRUPTED:
1462: infof(data, "GNUTLS_E_AGAIN || GNUTLS_E_INTERRUPTED\n");
1463: break;
1464: default:
1465: retval = -1;
1466: done = TRUE;
1467: break;
1468: }
1469: }
1470: else if(0 == what) {
1471: /* timeout */
1472: failf(data, "SSL shutdown timeout");
1473: done = TRUE;
1474: }
1475: else {
1476: /* anything that gets here is fatally bad */
1477: failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
1478: retval = -1;
1479: done = TRUE;
1480: }
1481: }
1482: gnutls_deinit(backend->session);
1483: }
1484: gnutls_certificate_free_credentials(backend->cred);
1485:
1486: #ifdef USE_TLS_SRP
1487: if(SSL_SET_OPTION(authtype) == CURL_TLSAUTH_SRP
1488: && SSL_SET_OPTION(username) != NULL)
1489: gnutls_srp_free_client_credentials(backend->srp_client_cred);
1490: #endif
1491:
1492: backend->cred = NULL;
1493: backend->session = NULL;
1494:
1495: return retval;
1496: }
1497:
1498: static ssize_t gtls_recv(struct connectdata *conn, /* connection data */
1499: int num, /* socketindex */
1500: char *buf, /* store read data here */
1501: size_t buffersize, /* max amount to read */
1502: CURLcode *curlcode)
1503: {
1504: struct ssl_connect_data *connssl = &conn->ssl[num];
1505: struct ssl_backend_data *backend = connssl->backend;
1506: ssize_t ret;
1507:
1508: ret = gnutls_record_recv(backend->session, buf, buffersize);
1509: if((ret == GNUTLS_E_AGAIN) || (ret == GNUTLS_E_INTERRUPTED)) {
1510: *curlcode = CURLE_AGAIN;
1511: return -1;
1512: }
1513:
1514: if(ret == GNUTLS_E_REHANDSHAKE) {
1515: /* BLOCKING call, this is bad but a work-around for now. Fixing this "the
1516: proper way" takes a whole lot of work. */
1517: CURLcode result = handshake(conn, num, FALSE, FALSE);
1518: if(result)
1519: /* handshake() writes error message on its own */
1520: *curlcode = result;
1521: else
1522: *curlcode = CURLE_AGAIN; /* then return as if this was a wouldblock */
1523: return -1;
1524: }
1525:
1526: if(ret < 0) {
1527: failf(conn->data, "GnuTLS recv error (%d): %s",
1528:
1529: (int)ret, gnutls_strerror((int)ret));
1530: *curlcode = CURLE_RECV_ERROR;
1531: return -1;
1532: }
1533:
1534: return ret;
1535: }
1536:
1537: static void Curl_gtls_session_free(void *ptr)
1538: {
1539: free(ptr);
1540: }
1541:
1542: static size_t Curl_gtls_version(char *buffer, size_t size)
1543: {
1544: return msnprintf(buffer, size, "GnuTLS/%s", gnutls_check_version(NULL));
1545: }
1546:
1547: #ifndef USE_GNUTLS_NETTLE
1548: static int Curl_gtls_seed(struct Curl_easy *data)
1549: {
1550: /* we have the "SSL is seeded" boolean static to prevent multiple
1551: time-consuming seedings in vain */
1552: static bool ssl_seeded = FALSE;
1553:
1554: /* Quickly add a bit of entropy */
1555: gcry_fast_random_poll();
1556:
1557: if(!ssl_seeded || data->set.str[STRING_SSL_RANDOM_FILE] ||
1558: data->set.str[STRING_SSL_EGDSOCKET]) {
1559: ssl_seeded = TRUE;
1560: }
1561: return 0;
1562: }
1563: #endif
1564:
1565: /* data might be NULL! */
1566: static CURLcode Curl_gtls_random(struct Curl_easy *data,
1567: unsigned char *entropy, size_t length)
1568: {
1569: #if defined(USE_GNUTLS_NETTLE)
1570: int rc;
1571: (void)data;
1572: rc = gnutls_rnd(GNUTLS_RND_RANDOM, entropy, length);
1573: return rc?CURLE_FAILED_INIT:CURLE_OK;
1574: #elif defined(USE_GNUTLS)
1575: if(data)
1576: Curl_gtls_seed(data); /* Initiate the seed if not already done */
1577: gcry_randomize(entropy, length, GCRY_STRONG_RANDOM);
1578: #endif
1579: return CURLE_OK;
1580: }
1581:
1582: static CURLcode Curl_gtls_md5sum(unsigned char *tmp, /* input */
1583: size_t tmplen,
1584: unsigned char *md5sum, /* output */
1585: size_t md5len)
1586: {
1587: #if defined(USE_GNUTLS_NETTLE)
1588: struct md5_ctx MD5pw;
1589: md5_init(&MD5pw);
1590: md5_update(&MD5pw, (unsigned int)tmplen, tmp);
1591: md5_digest(&MD5pw, (unsigned int)md5len, md5sum);
1592: #elif defined(USE_GNUTLS)
1593: gcry_md_hd_t MD5pw;
1594: gcry_md_open(&MD5pw, GCRY_MD_MD5, 0);
1595: gcry_md_write(MD5pw, tmp, tmplen);
1596: memcpy(md5sum, gcry_md_read(MD5pw, 0), md5len);
1597: gcry_md_close(MD5pw);
1598: #endif
1599: return CURLE_OK;
1600: }
1601:
1602: static CURLcode Curl_gtls_sha256sum(const unsigned char *tmp, /* input */
1603: size_t tmplen,
1604: unsigned char *sha256sum, /* output */
1605: size_t sha256len)
1606: {
1607: #if defined(USE_GNUTLS_NETTLE)
1608: struct sha256_ctx SHA256pw;
1609: sha256_init(&SHA256pw);
1610: sha256_update(&SHA256pw, (unsigned int)tmplen, tmp);
1611: sha256_digest(&SHA256pw, (unsigned int)sha256len, sha256sum);
1612: #elif defined(USE_GNUTLS)
1613: gcry_md_hd_t SHA256pw;
1614: gcry_md_open(&SHA256pw, GCRY_MD_SHA256, 0);
1615: gcry_md_write(SHA256pw, tmp, tmplen);
1616: memcpy(sha256sum, gcry_md_read(SHA256pw, 0), sha256len);
1617: gcry_md_close(SHA256pw);
1618: #endif
1619: return CURLE_OK;
1620: }
1621:
1622: static bool Curl_gtls_cert_status_request(void)
1623: {
1624: return TRUE;
1625: }
1626:
1627: static void *Curl_gtls_get_internals(struct ssl_connect_data *connssl,
1628: CURLINFO info UNUSED_PARAM)
1629: {
1630: struct ssl_backend_data *backend = connssl->backend;
1631: (void)info;
1632: return backend->session;
1633: }
1634:
1635: const struct Curl_ssl Curl_ssl_gnutls = {
1636: { CURLSSLBACKEND_GNUTLS, "gnutls" }, /* info */
1637:
1638: SSLSUPP_CA_PATH |
1639: SSLSUPP_CERTINFO |
1640: SSLSUPP_PINNEDPUBKEY |
1641: SSLSUPP_HTTPS_PROXY,
1642:
1643: sizeof(struct ssl_backend_data),
1644:
1645: Curl_gtls_init, /* init */
1646: Curl_gtls_cleanup, /* cleanup */
1647: Curl_gtls_version, /* version */
1648: Curl_none_check_cxn, /* check_cxn */
1649: Curl_gtls_shutdown, /* shutdown */
1650: Curl_gtls_data_pending, /* data_pending */
1651: Curl_gtls_random, /* random */
1652: Curl_gtls_cert_status_request, /* cert_status_request */
1653: Curl_gtls_connect, /* connect */
1654: Curl_gtls_connect_nonblocking, /* connect_nonblocking */
1655: Curl_gtls_get_internals, /* get_internals */
1656: Curl_gtls_close, /* close_one */
1657: Curl_none_close_all, /* close_all */
1658: Curl_gtls_session_free, /* session_free */
1659: Curl_none_set_engine, /* set_engine */
1660: Curl_none_set_engine_default, /* set_engine_default */
1661: Curl_none_engines_list, /* engines_list */
1662: Curl_none_false_start, /* false_start */
1663: Curl_gtls_md5sum, /* md5sum */
1664: Curl_gtls_sha256sum /* sha256sum */
1665: };
1666:
1667: #endif /* USE_GNUTLS */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to gtls.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / curl / lib / vtls