1 /***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 ***************************************************************************/
22
23 /*
24 * Source file for all NSS-specific code for the TLS/SSL layer. No code
25 * but vtls.c should ever call or use these functions.
26 */
27
28 #include "curl_setup.h"
29
30 #ifdef USE_NSS
31
32 #include "urldata.h"
33 #include "sendf.h"
34 #include "formdata.h" /* for the boundary function */
35 #include "url.h" /* for the ssl config check function */
36 #include "connect.h"
37 #include "strcase.h"
38 #include "select.h"
39 #include "vtls.h"
40 #include "llist.h"
41 #include "multiif.h"
42 #include "curl_printf.h"
43 #include "nssg.h"
44 #include <nspr.h>
45 #include <nss.h>
46 #include <ssl.h>
47 #include <sslerr.h>
48 #include <secerr.h>
49 #include <secmod.h>
50 #include <sslproto.h>
51 #include <prtypes.h>
52 #include <pk11pub.h>
53 #include <prio.h>
54 #include <secitem.h>
55 #include <secport.h>
56 #include <certdb.h>
57 #include <base64.h>
58 #include <cert.h>
59 #include <prerror.h>
60 #include <keyhi.h> /* for SECKEY_DestroyPublicKey() */
61 #include <private/pprio.h> /* for PR_ImportTCPSocket */
62
63 #define NSSVERNUM ((NSS_VMAJOR<<16)|(NSS_VMINOR<<8)|NSS_VPATCH)
64
65 #if NSSVERNUM >= 0x030f00 /* 3.15.0 */
66 #include <ocsp.h>
67 #endif
68
69 #include "strcase.h"
70 #include "warnless.h"
71 #include "x509asn1.h"
72
73 /* The last #include files should be: */
74 #include "curl_memory.h"
75 #include "memdebug.h"
76
77 #define SSL_DIR "/etc/pki/nssdb"
78
79 /* enough to fit the string "PEM Token #[0|1]" */
80 #define SLOTSIZE 13
81
82 struct ssl_backend_data {
83 PRFileDesc *handle;
84 char *client_nickname;
85 struct Curl_easy *data;
86 struct Curl_llist obj_list;
87 PK11GenericObject *obj_clicert;
88 };
89
90 static PRLock *nss_initlock = NULL;
91 static PRLock *nss_crllock = NULL;
92 static PRLock *nss_findslot_lock = NULL;
93 static PRLock *nss_trustload_lock = NULL;
94 static struct Curl_llist nss_crl_list;
95 static NSSInitContext *nss_context = NULL;
96 static volatile int initialized = 0;
97
98 /* type used to wrap pointers as list nodes */
99 struct ptr_list_wrap {
100 void *ptr;
101 struct Curl_llist_element node;
102 };
103
104 struct cipher_s {
105 const char *name;
106 int num;
107 };
108
109 #define PK11_SETATTRS(_attr, _idx, _type, _val, _len) do { \
110 CK_ATTRIBUTE *ptr = (_attr) + ((_idx)++); \
111 ptr->type = (_type); \
112 ptr->pValue = (_val); \
113 ptr->ulValueLen = (_len); \
114 } while(0)
115
116 #define CERT_NewTempCertificate __CERT_NewTempCertificate
117
118 #define NUM_OF_CIPHERS sizeof(cipherlist)/sizeof(cipherlist[0])
119 static const struct cipher_s cipherlist[] = {
120 /* SSL2 cipher suites */
121 {"rc4", SSL_EN_RC4_128_WITH_MD5},
122 {"rc4-md5", SSL_EN_RC4_128_WITH_MD5},
123 {"rc4export", SSL_EN_RC4_128_EXPORT40_WITH_MD5},
124 {"rc2", SSL_EN_RC2_128_CBC_WITH_MD5},
125 {"rc2export", SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5},
126 {"des", SSL_EN_DES_64_CBC_WITH_MD5},
127 {"desede3", SSL_EN_DES_192_EDE3_CBC_WITH_MD5},
128 /* SSL3/TLS cipher suites */
129 {"rsa_rc4_128_md5", SSL_RSA_WITH_RC4_128_MD5},
130 {"rsa_rc4_128_sha", SSL_RSA_WITH_RC4_128_SHA},
131 {"rsa_3des_sha", SSL_RSA_WITH_3DES_EDE_CBC_SHA},
132 {"rsa_des_sha", SSL_RSA_WITH_DES_CBC_SHA},
133 {"rsa_rc4_40_md5", SSL_RSA_EXPORT_WITH_RC4_40_MD5},
134 {"rsa_rc2_40_md5", SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5},
135 {"rsa_null_md5", SSL_RSA_WITH_NULL_MD5},
136 {"rsa_null_sha", SSL_RSA_WITH_NULL_SHA},
137 {"fips_3des_sha", SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA},
138 {"fips_des_sha", SSL_RSA_FIPS_WITH_DES_CBC_SHA},
139 {"fortezza", SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA},
140 {"fortezza_rc4_128_sha", SSL_FORTEZZA_DMS_WITH_RC4_128_SHA},
141 {"fortezza_null", SSL_FORTEZZA_DMS_WITH_NULL_SHA},
142 {"dhe_rsa_3des_sha", SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA},
143 {"dhe_dss_3des_sha", SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA},
144 {"dhe_rsa_des_sha", SSL_DHE_RSA_WITH_DES_CBC_SHA},
145 {"dhe_dss_des_sha", SSL_DHE_DSS_WITH_DES_CBC_SHA},
146 /* TLS 1.0: Exportable 56-bit Cipher Suites. */
147 {"rsa_des_56_sha", TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA},
148 {"rsa_rc4_56_sha", TLS_RSA_EXPORT1024_WITH_RC4_56_SHA},
149 /* Ephemeral DH with RC4 bulk encryption */
150 {"dhe_dss_rc4_128_sha", TLS_DHE_DSS_WITH_RC4_128_SHA},
151 /* AES ciphers. */
152 {"dhe_dss_aes_128_cbc_sha", TLS_DHE_DSS_WITH_AES_128_CBC_SHA},
153 {"dhe_dss_aes_256_cbc_sha", TLS_DHE_DSS_WITH_AES_256_CBC_SHA},
154 {"dhe_rsa_aes_128_cbc_sha", TLS_DHE_RSA_WITH_AES_128_CBC_SHA},
155 {"dhe_rsa_aes_256_cbc_sha", TLS_DHE_RSA_WITH_AES_256_CBC_SHA},
156 {"rsa_aes_128_sha", TLS_RSA_WITH_AES_128_CBC_SHA},
157 {"rsa_aes_256_sha", TLS_RSA_WITH_AES_256_CBC_SHA},
158 /* ECC ciphers. */
159 {"ecdh_ecdsa_null_sha", TLS_ECDH_ECDSA_WITH_NULL_SHA},
160 {"ecdh_ecdsa_rc4_128_sha", TLS_ECDH_ECDSA_WITH_RC4_128_SHA},
161 {"ecdh_ecdsa_3des_sha", TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA},
162 {"ecdh_ecdsa_aes_128_sha", TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA},
163 {"ecdh_ecdsa_aes_256_sha", TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA},
164 {"ecdhe_ecdsa_null_sha", TLS_ECDHE_ECDSA_WITH_NULL_SHA},
165 {"ecdhe_ecdsa_rc4_128_sha", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA},
166 {"ecdhe_ecdsa_3des_sha", TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA},
167 {"ecdhe_ecdsa_aes_128_sha", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA},
168 {"ecdhe_ecdsa_aes_256_sha", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA},
169 {"ecdh_rsa_null_sha", TLS_ECDH_RSA_WITH_NULL_SHA},
170 {"ecdh_rsa_128_sha", TLS_ECDH_RSA_WITH_RC4_128_SHA},
171 {"ecdh_rsa_3des_sha", TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA},
172 {"ecdh_rsa_aes_128_sha", TLS_ECDH_RSA_WITH_AES_128_CBC_SHA},
173 {"ecdh_rsa_aes_256_sha", TLS_ECDH_RSA_WITH_AES_256_CBC_SHA},
174 {"ecdhe_rsa_null", TLS_ECDHE_RSA_WITH_NULL_SHA},
175 {"ecdhe_rsa_rc4_128_sha", TLS_ECDHE_RSA_WITH_RC4_128_SHA},
176 {"ecdhe_rsa_3des_sha", TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA},
177 {"ecdhe_rsa_aes_128_sha", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
178 {"ecdhe_rsa_aes_256_sha", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA},
179 {"ecdh_anon_null_sha", TLS_ECDH_anon_WITH_NULL_SHA},
180 {"ecdh_anon_rc4_128sha", TLS_ECDH_anon_WITH_RC4_128_SHA},
181 {"ecdh_anon_3des_sha", TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA},
182 {"ecdh_anon_aes_128_sha", TLS_ECDH_anon_WITH_AES_128_CBC_SHA},
183 {"ecdh_anon_aes_256_sha", TLS_ECDH_anon_WITH_AES_256_CBC_SHA},
184 #ifdef TLS_RSA_WITH_NULL_SHA256
185 /* new HMAC-SHA256 cipher suites specified in RFC */
186 {"rsa_null_sha_256", TLS_RSA_WITH_NULL_SHA256},
187 {"rsa_aes_128_cbc_sha_256", TLS_RSA_WITH_AES_128_CBC_SHA256},
188 {"rsa_aes_256_cbc_sha_256", TLS_RSA_WITH_AES_256_CBC_SHA256},
189 {"dhe_rsa_aes_128_cbc_sha_256", TLS_DHE_RSA_WITH_AES_128_CBC_SHA256},
190 {"dhe_rsa_aes_256_cbc_sha_256", TLS_DHE_RSA_WITH_AES_256_CBC_SHA256},
191 {"ecdhe_ecdsa_aes_128_cbc_sha_256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256},
192 {"ecdhe_rsa_aes_128_cbc_sha_256", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},
193 #endif
194 #ifdef TLS_RSA_WITH_AES_128_GCM_SHA256
195 /* AES GCM cipher suites in RFC 5288 and RFC 5289 */
196 {"rsa_aes_128_gcm_sha_256", TLS_RSA_WITH_AES_128_GCM_SHA256},
197 {"dhe_rsa_aes_128_gcm_sha_256", TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
198 {"dhe_dss_aes_128_gcm_sha_256", TLS_DHE_DSS_WITH_AES_128_GCM_SHA256},
199 {"ecdhe_ecdsa_aes_128_gcm_sha_256", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
200 {"ecdh_ecdsa_aes_128_gcm_sha_256", TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256},
201 {"ecdhe_rsa_aes_128_gcm_sha_256", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
202 {"ecdh_rsa_aes_128_gcm_sha_256", TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256},
203 #endif
204 #ifdef TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
205 /* cipher suites using SHA384 */
206 {"rsa_aes_256_gcm_sha_384", TLS_RSA_WITH_AES_256_GCM_SHA384},
207 {"dhe_rsa_aes_256_gcm_sha_384", TLS_DHE_RSA_WITH_AES_256_GCM_SHA384},
208 {"dhe_dss_aes_256_gcm_sha_384", TLS_DHE_DSS_WITH_AES_256_GCM_SHA384},
209 {"ecdhe_ecdsa_aes_256_sha_384", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384},
210 {"ecdhe_rsa_aes_256_sha_384", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384},
211 {"ecdhe_ecdsa_aes_256_gcm_sha_384", TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384},
212 {"ecdhe_rsa_aes_256_gcm_sha_384", TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384},
213 #endif
214 #ifdef TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
215 /* chacha20-poly1305 cipher suites */
216 {"ecdhe_rsa_chacha20_poly1305_sha_256",
217 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
218 {"ecdhe_ecdsa_chacha20_poly1305_sha_256",
219 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256},
220 {"dhe_rsa_chacha20_poly1305_sha_256",
221 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256},
222 #endif
223 #ifdef TLS_AES_256_GCM_SHA384
224 {"aes_128_gcm_sha_256", TLS_AES_128_GCM_SHA256},
225 {"aes_256_gcm_sha_384", TLS_AES_256_GCM_SHA384},
226 {"chacha20_poly1305_sha_256", TLS_CHACHA20_POLY1305_SHA256},
227 #endif
228 #ifdef TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
229 /* AES CBC cipher suites in RFC 5246. Introduced in NSS release 3.20 */
230 {"dhe_dss_aes_128_sha_256", TLS_DHE_DSS_WITH_AES_128_CBC_SHA256},
231 {"dhe_dss_aes_256_sha_256", TLS_DHE_DSS_WITH_AES_256_CBC_SHA256},
232 #endif
233 #ifdef TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
234 /* Camellia cipher suites in RFC 4132/5932.
235 Introduced in NSS release 3.12 */
236 {"dhe_rsa_camellia_128_sha", TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA},
237 {"dhe_dss_camellia_128_sha", TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA},
238 {"dhe_rsa_camellia_256_sha", TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA},
239 {"dhe_dss_camellia_256_sha", TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA},
240 {"rsa_camellia_128_sha", TLS_RSA_WITH_CAMELLIA_128_CBC_SHA},
241 {"rsa_camellia_256_sha", TLS_RSA_WITH_CAMELLIA_256_CBC_SHA},
242 #endif
243 #ifdef TLS_RSA_WITH_SEED_CBC_SHA
244 /* SEED cipher suite in RFC 4162. Introduced in NSS release 3.12.3 */
245 {"rsa_seed_sha", TLS_RSA_WITH_SEED_CBC_SHA},
246 #endif
247 };
248
249 #if defined(WIN32)
250 static const char *pem_library = "nsspem.dll";
251 static const char *trust_library = "nssckbi.dll";
252 #elif defined(__APPLE__)
253 static const char *pem_library = "libnsspem.dylib";
254 static const char *trust_library = "libnssckbi.dylib";
255 #else
256 static const char *pem_library = "libnsspem.so";
257 static const char *trust_library = "libnssckbi.so";
258 #endif
259
260 static SECMODModule *pem_module = NULL;
261 static SECMODModule *trust_module = NULL;
262
263 /* NSPR I/O layer we use to detect blocking direction during SSL handshake */
264 static PRDescIdentity nspr_io_identity = PR_INVALID_IO_LAYER;
265 static PRIOMethods nspr_io_methods;
266
nss_error_to_name(PRErrorCode code)267 static const char *nss_error_to_name(PRErrorCode code)
268 {
269 const char *name = PR_ErrorToName(code);
270 if(name)
271 return name;
272
273 return "unknown error";
274 }
275
nss_print_error_message(struct Curl_easy * data,PRUint32 err)276 static void nss_print_error_message(struct Curl_easy *data, PRUint32 err)
277 {
278 failf(data, "%s", PR_ErrorToString(err, PR_LANGUAGE_I_DEFAULT));
279 }
280
nss_sslver_to_name(PRUint16 nssver)281 static char *nss_sslver_to_name(PRUint16 nssver)
282 {
283 switch(nssver) {
284 case SSL_LIBRARY_VERSION_2:
285 return strdup("SSLv2");
286 case SSL_LIBRARY_VERSION_3_0:
287 return strdup("SSLv3");
288 case SSL_LIBRARY_VERSION_TLS_1_0:
289 return strdup("TLSv1.0");
290 #ifdef SSL_LIBRARY_VERSION_TLS_1_1
291 case SSL_LIBRARY_VERSION_TLS_1_1:
292 return strdup("TLSv1.1");
293 #endif
294 #ifdef SSL_LIBRARY_VERSION_TLS_1_2
295 case SSL_LIBRARY_VERSION_TLS_1_2:
296 return strdup("TLSv1.2");
297 #endif
298 #ifdef SSL_LIBRARY_VERSION_TLS_1_3
299 case SSL_LIBRARY_VERSION_TLS_1_3:
300 return strdup("TLSv1.3");
301 #endif
302 default:
303 return curl_maprintf("0x%04x", nssver);
304 }
305 }
306
set_ciphers(struct Curl_easy * data,PRFileDesc * model,char * cipher_list)307 static SECStatus set_ciphers(struct Curl_easy *data, PRFileDesc * model,
308 char *cipher_list)
309 {
310 unsigned int i;
311 PRBool cipher_state[NUM_OF_CIPHERS];
312 PRBool found;
313 char *cipher;
314
315 /* use accessors to avoid dynamic linking issues after an update of NSS */
316 const PRUint16 num_implemented_ciphers = SSL_GetNumImplementedCiphers();
317 const PRUint16 *implemented_ciphers = SSL_GetImplementedCiphers();
318 if(!implemented_ciphers)
319 return SECFailure;
320
321 /* First disable all ciphers. This uses a different max value in case
322 * NSS adds more ciphers later we don't want them available by
323 * accident
324 */
325 for(i = 0; i < num_implemented_ciphers; i++) {
326 SSL_CipherPrefSet(model, implemented_ciphers[i], PR_FALSE);
327 }
328
329 /* Set every entry in our list to false */
330 for(i = 0; i < NUM_OF_CIPHERS; i++) {
331 cipher_state[i] = PR_FALSE;
332 }
333
334 cipher = cipher_list;
335
336 while(cipher_list && (cipher_list[0])) {
337 while((*cipher) && (ISSPACE(*cipher)))
338 ++cipher;
339
340 cipher_list = strpbrk(cipher, ":, ");
341 if(cipher_list) {
342 *cipher_list++ = '\0';
343 }
344
345 found = PR_FALSE;
346
347 for(i = 0; i<NUM_OF_CIPHERS; i++) {
348 if(strcasecompare(cipher, cipherlist[i].name)) {
349 cipher_state[i] = PR_TRUE;
350 found = PR_TRUE;
351 break;
352 }
353 }
354
355 if(found == PR_FALSE) {
356 failf(data, "Unknown cipher in list: %s", cipher);
357 return SECFailure;
358 }
359
360 if(cipher_list) {
361 cipher = cipher_list;
362 }
363 }
364
365 /* Finally actually enable the selected ciphers */
366 for(i = 0; i<NUM_OF_CIPHERS; i++) {
367 if(!cipher_state[i])
368 continue;
369
370 if(SSL_CipherPrefSet(model, cipherlist[i].num, PR_TRUE) != SECSuccess) {
371 failf(data, "cipher-suite not supported by NSS: %s", cipherlist[i].name);
372 return SECFailure;
373 }
374 }
375
376 return SECSuccess;
377 }
378
379 /*
380 * Return true if at least one cipher-suite is enabled. Used to determine
381 * if we need to call NSS_SetDomesticPolicy() to enable the default ciphers.
382 */
any_cipher_enabled(void)383 static bool any_cipher_enabled(void)
384 {
385 unsigned int i;
386
387 for(i = 0; i<NUM_OF_CIPHERS; i++) {
388 PRInt32 policy = 0;
389 SSL_CipherPolicyGet(cipherlist[i].num, &policy);
390 if(policy)
391 return TRUE;
392 }
393
394 return FALSE;
395 }
396
397 /*
398 * Determine whether the nickname passed in is a filename that needs to
399 * be loaded as a PEM or a regular NSS nickname.
400 *
401 * returns 1 for a file
402 * returns 0 for not a file (NSS nickname)
403 */
is_file(const char * filename)404 static int is_file(const char *filename)
405 {
406 struct_stat st;
407
408 if(!filename)
409 return 0;
410
411 if(stat(filename, &st) == 0)
412 if(S_ISREG(st.st_mode) || S_ISFIFO(st.st_mode) || S_ISCHR(st.st_mode))
413 return 1;
414
415 return 0;
416 }
417
418 /* Check if the given string is filename or nickname of a certificate. If the
419 * given string is recognized as filename, return NULL. If the given string is
420 * recognized as nickname, return a duplicated string. The returned string
421 * should be later deallocated using free(). If the OOM failure occurs, we
422 * return NULL, too.
423 */
dup_nickname(struct Curl_easy * data,const char * str)424 static char *dup_nickname(struct Curl_easy *data, const char *str)
425 {
426 const char *n;
427
428 if(!is_file(str))
429 /* no such file exists, use the string as nickname */
430 return strdup(str);
431
432 /* search the first slash; we require at least one slash in a file name */
433 n = strchr(str, '/');
434 if(!n) {
435 infof(data, "warning: certificate file name \"%s\" handled as nickname; "
436 "please use \"./%s\" to force file name", str, str);
437 return strdup(str);
438 }
439
440 /* we'll use the PEM reader to read the certificate from file */
441 return NULL;
442 }
443
444 /* Lock/unlock wrapper for PK11_FindSlotByName() to work around race condition
445 * in nssSlot_IsTokenPresent() causing spurious SEC_ERROR_NO_TOKEN. For more
446 * details, go to <https://bugzilla.mozilla.org/1297397>.
447 */
nss_find_slot_by_name(const char * slot_name)448 static PK11SlotInfo* nss_find_slot_by_name(const char *slot_name)
449 {
450 PK11SlotInfo *slot;
451 PR_Lock(nss_findslot_lock);
452 slot = PK11_FindSlotByName(slot_name);
453 PR_Unlock(nss_findslot_lock);
454 return slot;
455 }
456
457 /* wrap 'ptr' as list node and tail-insert into 'list' */
insert_wrapped_ptr(struct Curl_llist * list,void * ptr)458 static CURLcode insert_wrapped_ptr(struct Curl_llist *list, void *ptr)
459 {
460 struct ptr_list_wrap *wrap = malloc(sizeof(*wrap));
461 if(!wrap)
462 return CURLE_OUT_OF_MEMORY;
463
464 wrap->ptr = ptr;
465 Curl_llist_insert_next(list, list->tail, wrap, &wrap->node);
466 return CURLE_OK;
467 }
468
469 /* Call PK11_CreateGenericObject() with the given obj_class and filename. If
470 * the call succeeds, append the object handle to the list of objects so that
471 * the object can be destroyed in nss_close(). */
nss_create_object(struct ssl_connect_data * connssl,CK_OBJECT_CLASS obj_class,const char * filename,bool cacert)472 static CURLcode nss_create_object(struct ssl_connect_data *connssl,
473 CK_OBJECT_CLASS obj_class,
474 const char *filename, bool cacert)
475 {
476 PK11SlotInfo *slot;
477 PK11GenericObject *obj;
478 CK_BBOOL cktrue = CK_TRUE;
479 CK_BBOOL ckfalse = CK_FALSE;
480 CK_ATTRIBUTE attrs[/* max count of attributes */ 4];
481 int attr_cnt = 0;
482 CURLcode result = (cacert)
483 ? CURLE_SSL_CACERT_BADFILE
484 : CURLE_SSL_CERTPROBLEM;
485
486 const int slot_id = (cacert) ? 0 : 1;
487 char *slot_name = aprintf("PEM Token #%d", slot_id);
488 struct ssl_backend_data *backend = connssl->backend;
489 if(!slot_name)
490 return CURLE_OUT_OF_MEMORY;
491
492 slot = nss_find_slot_by_name(slot_name);
493 free(slot_name);
494 if(!slot)
495 return result;
496
497 PK11_SETATTRS(attrs, attr_cnt, CKA_CLASS, &obj_class, sizeof(obj_class));
498 PK11_SETATTRS(attrs, attr_cnt, CKA_TOKEN, &cktrue, sizeof(CK_BBOOL));
499 PK11_SETATTRS(attrs, attr_cnt, CKA_LABEL, (unsigned char *)filename,
500 (CK_ULONG)strlen(filename) + 1);
501
502 if(CKO_CERTIFICATE == obj_class) {
503 CK_BBOOL *pval = (cacert) ? (&cktrue) : (&ckfalse);
504 PK11_SETATTRS(attrs, attr_cnt, CKA_TRUST, pval, sizeof(*pval));
505 }
506
507 /* PK11_CreateManagedGenericObject() was introduced in NSS 3.34 because
508 * PK11_DestroyGenericObject() does not release resources allocated by
509 * PK11_CreateGenericObject() early enough. */
510 obj =
511 #ifdef HAVE_PK11_CREATEMANAGEDGENERICOBJECT
512 PK11_CreateManagedGenericObject
513 #else
514 PK11_CreateGenericObject
515 #endif
516 (slot, attrs, attr_cnt, PR_FALSE);
517
518 PK11_FreeSlot(slot);
519 if(!obj)
520 return result;
521
522 if(insert_wrapped_ptr(&backend->obj_list, obj) != CURLE_OK) {
523 PK11_DestroyGenericObject(obj);
524 return CURLE_OUT_OF_MEMORY;
525 }
526
527 if(!cacert && CKO_CERTIFICATE == obj_class)
528 /* store reference to a client certificate */
529 backend->obj_clicert = obj;
530
531 return CURLE_OK;
532 }
533
534 /* Destroy the NSS object whose handle is given by ptr. This function is
535 * a callback of Curl_llist_alloc() used by Curl_llist_destroy() to destroy
536 * NSS objects in nss_close() */
nss_destroy_object(void * user,void * ptr)537 static void nss_destroy_object(void *user, void *ptr)
538 {
539 struct ptr_list_wrap *wrap = (struct ptr_list_wrap *) ptr;
540 PK11GenericObject *obj = (PK11GenericObject *) wrap->ptr;
541 (void) user;
542 PK11_DestroyGenericObject(obj);
543 free(wrap);
544 }
545
546 /* same as nss_destroy_object() but for CRL items */
nss_destroy_crl_item(void * user,void * ptr)547 static void nss_destroy_crl_item(void *user, void *ptr)
548 {
549 struct ptr_list_wrap *wrap = (struct ptr_list_wrap *) ptr;
550 SECItem *crl_der = (SECItem *) wrap->ptr;
551 (void) user;
552 SECITEM_FreeItem(crl_der, PR_TRUE);
553 free(wrap);
554 }
555
nss_load_cert(struct ssl_connect_data * ssl,const char * filename,PRBool cacert)556 static CURLcode nss_load_cert(struct ssl_connect_data *ssl,
557 const char *filename, PRBool cacert)
558 {
559 CURLcode result = (cacert)
560 ? CURLE_SSL_CACERT_BADFILE
561 : CURLE_SSL_CERTPROBLEM;
562
563 /* libnsspem.so leaks memory if the requested file does not exist. For more
564 * details, go to <https://bugzilla.redhat.com/734760>. */
565 if(is_file(filename))
566 result = nss_create_object(ssl, CKO_CERTIFICATE, filename, cacert);
567
568 if(!result && !cacert) {
569 /* we have successfully loaded a client certificate */
570 char *nickname = NULL;
571 char *n = strrchr(filename, '/');
572 if(n)
573 n++;
574
575 /* The following undocumented magic helps to avoid a SIGSEGV on call
576 * of PK11_ReadRawAttribute() from SelectClientCert() when using an
577 * immature version of libnsspem.so. For more details, go to
578 * <https://bugzilla.redhat.com/733685>. */
579 nickname = aprintf("PEM Token #1:%s", n);
580 if(nickname) {
581 CERTCertificate *cert = PK11_FindCertFromNickname(nickname, NULL);
582 if(cert)
583 CERT_DestroyCertificate(cert);
584
585 free(nickname);
586 }
587 }
588
589 return result;
590 }
591
592 /* add given CRL to cache if it is not already there */
nss_cache_crl(SECItem * crl_der)593 static CURLcode nss_cache_crl(SECItem *crl_der)
594 {
595 CERTCertDBHandle *db = CERT_GetDefaultCertDB();
596 CERTSignedCrl *crl = SEC_FindCrlByDERCert(db, crl_der, 0);
597 if(crl) {
598 /* CRL already cached */
599 SEC_DestroyCrl(crl);
600 SECITEM_FreeItem(crl_der, PR_TRUE);
601 return CURLE_OK;
602 }
603
604 /* acquire lock before call of CERT_CacheCRL() and accessing nss_crl_list */
605 PR_Lock(nss_crllock);
606
607 if(SECSuccess != CERT_CacheCRL(db, crl_der)) {
608 /* unable to cache CRL */
609 SECITEM_FreeItem(crl_der, PR_TRUE);
610 PR_Unlock(nss_crllock);
611 return CURLE_SSL_CRL_BADFILE;
612 }
613
614 /* store the CRL item so that we can free it in nss_cleanup() */
615 if(insert_wrapped_ptr(&nss_crl_list, crl_der) != CURLE_OK) {
616 if(SECSuccess == CERT_UncacheCRL(db, crl_der))
617 SECITEM_FreeItem(crl_der, PR_TRUE);
618 PR_Unlock(nss_crllock);
619 return CURLE_OUT_OF_MEMORY;
620 }
621
622 /* we need to clear session cache, so that the CRL could take effect */
623 SSL_ClearSessionCache();
624 PR_Unlock(nss_crllock);
625 return CURLE_OK;
626 }
627
nss_load_crl(const char * crlfilename)628 static CURLcode nss_load_crl(const char *crlfilename)
629 {
630 PRFileDesc *infile;
631 PRFileInfo info;
632 SECItem filedata = { 0, NULL, 0 };
633 SECItem *crl_der = NULL;
634 char *body;
635
636 infile = PR_Open(crlfilename, PR_RDONLY, 0);
637 if(!infile)
638 return CURLE_SSL_CRL_BADFILE;
639
640 if(PR_SUCCESS != PR_GetOpenFileInfo(infile, &info))
641 goto fail;
642
643 if(!SECITEM_AllocItem(NULL, &filedata, info.size + /* zero ended */ 1))
644 goto fail;
645
646 if(info.size != PR_Read(infile, filedata.data, info.size))
647 goto fail;
648
649 crl_der = SECITEM_AllocItem(NULL, NULL, 0U);
650 if(!crl_der)
651 goto fail;
652
653 /* place a trailing zero right after the visible data */
654 body = (char *)filedata.data;
655 body[--filedata.len] = '\0';
656
657 body = strstr(body, "-----BEGIN");
658 if(body) {
659 /* assume ASCII */
660 char *trailer;
661 char *begin = PORT_Strchr(body, '\n');
662 if(!begin)
663 begin = PORT_Strchr(body, '\r');
664 if(!begin)
665 goto fail;
666
667 trailer = strstr(++begin, "-----END");
668 if(!trailer)
669 goto fail;
670
671 /* retrieve DER from ASCII */
672 *trailer = '\0';
673 if(ATOB_ConvertAsciiToItem(crl_der, begin))
674 goto fail;
675
676 SECITEM_FreeItem(&filedata, PR_FALSE);
677 }
678 else
679 /* assume DER */
680 *crl_der = filedata;
681
682 PR_Close(infile);
683 return nss_cache_crl(crl_der);
684
685 fail:
686 PR_Close(infile);
687 SECITEM_FreeItem(crl_der, PR_TRUE);
688 SECITEM_FreeItem(&filedata, PR_FALSE);
689 return CURLE_SSL_CRL_BADFILE;
690 }
691
nss_load_key(struct Curl_easy * data,struct connectdata * conn,int sockindex,char * key_file)692 static CURLcode nss_load_key(struct Curl_easy *data, struct connectdata *conn,
693 int sockindex, char *key_file)
694 {
695 PK11SlotInfo *slot, *tmp;
696 SECStatus status;
697 CURLcode result;
698 struct ssl_connect_data *ssl = conn->ssl;
699
700 (void)sockindex; /* unused */
701
702 result = nss_create_object(ssl, CKO_PRIVATE_KEY, key_file, FALSE);
703 if(result) {
704 PR_SetError(SEC_ERROR_BAD_KEY, 0);
705 return result;
706 }
707
708 slot = nss_find_slot_by_name("PEM Token #1");
709 if(!slot)
710 return CURLE_SSL_CERTPROBLEM;
711
712 /* This will force the token to be seen as re-inserted */
713 tmp = SECMOD_WaitForAnyTokenEvent(pem_module, 0, 0);
714 if(tmp)
715 PK11_FreeSlot(tmp);
716 if(!PK11_IsPresent(slot)) {
717 PK11_FreeSlot(slot);
718 return CURLE_SSL_CERTPROBLEM;
719 }
720
721 status = PK11_Authenticate(slot, PR_TRUE, SSL_SET_OPTION(key_passwd));
722 PK11_FreeSlot(slot);
723
724 return (SECSuccess == status) ? CURLE_OK : CURLE_SSL_CERTPROBLEM;
725 }
726
display_error(struct Curl_easy * data,PRInt32 err,const char * filename)727 static int display_error(struct Curl_easy *data, PRInt32 err,
728 const char *filename)
729 {
730 switch(err) {
731 case SEC_ERROR_BAD_PASSWORD:
732 failf(data, "Unable to load client key: Incorrect password");
733 return 1;
734 case SEC_ERROR_UNKNOWN_CERT:
735 failf(data, "Unable to load certificate %s", filename);
736 return 1;
737 default:
738 break;
739 }
740 return 0; /* The caller will print a generic error */
741 }
742
cert_stuff(struct Curl_easy * data,struct connectdata * conn,int sockindex,char * cert_file,char * key_file)743 static CURLcode cert_stuff(struct Curl_easy *data, struct connectdata *conn,
744 int sockindex, char *cert_file, char *key_file)
745 {
746 CURLcode result;
747
748 if(cert_file) {
749 result = nss_load_cert(&conn->ssl[sockindex], cert_file, PR_FALSE);
750 if(result) {
751 const PRErrorCode err = PR_GetError();
752 if(!display_error(data, err, cert_file)) {
753 const char *err_name = nss_error_to_name(err);
754 failf(data, "unable to load client cert: %d (%s)", err, err_name);
755 }
756
757 return result;
758 }
759 }
760
761 if(key_file || (is_file(cert_file))) {
762 if(key_file)
763 result = nss_load_key(data, conn, sockindex, key_file);
764 else
765 /* In case the cert file also has the key */
766 result = nss_load_key(data, conn, sockindex, cert_file);
767 if(result) {
768 const PRErrorCode err = PR_GetError();
769 if(!display_error(data, err, key_file)) {
770 const char *err_name = nss_error_to_name(err);
771 failf(data, "unable to load client key: %d (%s)", err, err_name);
772 }
773
774 return result;
775 }
776 }
777
778 return CURLE_OK;
779 }
780
nss_get_password(PK11SlotInfo * slot,PRBool retry,void * arg)781 static char *nss_get_password(PK11SlotInfo *slot, PRBool retry, void *arg)
782 {
783 (void)slot; /* unused */
784
785 if(retry || NULL == arg)
786 return NULL;
787 else
788 return (char *)PORT_Strdup((char *)arg);
789 }
790
791 /* bypass the default SSL_AuthCertificate() hook in case we do not want to
792 * verify peer */
nss_auth_cert_hook(void * arg,PRFileDesc * fd,PRBool checksig,PRBool isServer)793 static SECStatus nss_auth_cert_hook(void *arg, PRFileDesc *fd, PRBool checksig,
794 PRBool isServer)
795 {
796 struct Curl_easy *data = (struct Curl_easy *)arg;
797 struct connectdata *conn = data->conn;
798
799 #ifdef SSL_ENABLE_OCSP_STAPLING
800 if(SSL_CONN_CONFIG(verifystatus)) {
801 SECStatus cacheResult;
802
803 const SECItemArray *csa = SSL_PeerStapledOCSPResponses(fd);
804 if(!csa) {
805 failf(data, "Invalid OCSP response");
806 return SECFailure;
807 }
808
809 if(csa->len == 0) {
810 failf(data, "No OCSP response received");
811 return SECFailure;
812 }
813
814 cacheResult = CERT_CacheOCSPResponseFromSideChannel(
815 CERT_GetDefaultCertDB(), SSL_PeerCertificate(fd),
816 PR_Now(), &csa->items[0], arg
817 );
818
819 if(cacheResult != SECSuccess) {
820 failf(data, "Invalid OCSP response");
821 return cacheResult;
822 }
823 }
824 #endif
825
826 if(!SSL_CONN_CONFIG(verifypeer)) {
827 infof(data, "skipping SSL peer certificate verification");
828 return SECSuccess;
829 }
830
831 return SSL_AuthCertificate(CERT_GetDefaultCertDB(), fd, checksig, isServer);
832 }
833
834 /**
835 * Inform the application that the handshake is complete.
836 */
HandshakeCallback(PRFileDesc * sock,void * arg)837 static void HandshakeCallback(PRFileDesc *sock, void *arg)
838 {
839 struct Curl_easy *data = (struct Curl_easy *)arg;
840 struct connectdata *conn = data->conn;
841 unsigned int buflenmax = 50;
842 unsigned char buf[50];
843 unsigned int buflen;
844 SSLNextProtoState state;
845
846 if(!conn->bits.tls_enable_npn && !conn->bits.tls_enable_alpn) {
847 return;
848 }
849
850 if(SSL_GetNextProto(sock, &state, buf, &buflen, buflenmax) == SECSuccess) {
851
852 switch(state) {
853 #if NSSVERNUM >= 0x031a00 /* 3.26.0 */
854 /* used by NSS internally to implement 0-RTT */
855 case SSL_NEXT_PROTO_EARLY_VALUE:
856 /* fall through! */
857 #endif
858 case SSL_NEXT_PROTO_NO_SUPPORT:
859 case SSL_NEXT_PROTO_NO_OVERLAP:
860 infof(data, "ALPN/NPN, server did not agree to a protocol");
861 return;
862 #ifdef SSL_ENABLE_ALPN
863 case SSL_NEXT_PROTO_SELECTED:
864 infof(data, "ALPN, server accepted to use %.*s", buflen, buf);
865 break;
866 #endif
867 case SSL_NEXT_PROTO_NEGOTIATED:
868 infof(data, "NPN, server accepted to use %.*s", buflen, buf);
869 break;
870 }
871
872 #ifdef USE_NGHTTP2
873 if(buflen == ALPN_H2_LENGTH &&
874 !memcmp(ALPN_H2, buf, ALPN_H2_LENGTH)) {
875 conn->negnpn = CURL_HTTP_VERSION_2;
876 }
877 else
878 #endif
879 if(buflen == ALPN_HTTP_1_1_LENGTH &&
880 !memcmp(ALPN_HTTP_1_1, buf, ALPN_HTTP_1_1_LENGTH)) {
881 conn->negnpn = CURL_HTTP_VERSION_1_1;
882 }
883 Curl_multiuse_state(data, conn->negnpn == CURL_HTTP_VERSION_2 ?
884 BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
885 }
886 }
887
888 #if NSSVERNUM >= 0x030f04 /* 3.15.4 */
CanFalseStartCallback(PRFileDesc * sock,void * client_data,PRBool * canFalseStart)889 static SECStatus CanFalseStartCallback(PRFileDesc *sock, void *client_data,
890 PRBool *canFalseStart)
891 {
892 struct Curl_easy *data = (struct Curl_easy *)client_data;
893
894 SSLChannelInfo channelInfo;
895 SSLCipherSuiteInfo cipherInfo;
896
897 SECStatus rv;
898 PRBool negotiatedExtension;
899
900 *canFalseStart = PR_FALSE;
901
902 if(SSL_GetChannelInfo(sock, &channelInfo, sizeof(channelInfo)) != SECSuccess)
903 return SECFailure;
904
905 if(SSL_GetCipherSuiteInfo(channelInfo.cipherSuite, &cipherInfo,
906 sizeof(cipherInfo)) != SECSuccess)
907 return SECFailure;
908
909 /* Prevent version downgrade attacks from TLS 1.2, and avoid False Start for
910 * TLS 1.3 and later. See https://bugzilla.mozilla.org/show_bug.cgi?id=861310
911 */
912 if(channelInfo.protocolVersion != SSL_LIBRARY_VERSION_TLS_1_2)
913 goto end;
914
915 /* Only allow ECDHE key exchange algorithm.
916 * See https://bugzilla.mozilla.org/show_bug.cgi?id=952863 */
917 if(cipherInfo.keaType != ssl_kea_ecdh)
918 goto end;
919
920 /* Prevent downgrade attacks on the symmetric cipher. We do not allow CBC
921 * mode due to BEAST, POODLE, and other attacks on the MAC-then-Encrypt
922 * design. See https://bugzilla.mozilla.org/show_bug.cgi?id=1109766 */
923 if(cipherInfo.symCipher != ssl_calg_aes_gcm)
924 goto end;
925
926 /* Enforce ALPN or NPN to do False Start, as an indicator of server
927 * compatibility. */
928 rv = SSL_HandshakeNegotiatedExtension(sock, ssl_app_layer_protocol_xtn,
929 &negotiatedExtension);
930 if(rv != SECSuccess || !negotiatedExtension) {
931 rv = SSL_HandshakeNegotiatedExtension(sock, ssl_next_proto_nego_xtn,
932 &negotiatedExtension);
933 }
934
935 if(rv != SECSuccess || !negotiatedExtension)
936 goto end;
937
938 *canFalseStart = PR_TRUE;
939
940 infof(data, "Trying TLS False Start");
941
942 end:
943 return SECSuccess;
944 }
945 #endif
946
display_cert_info(struct Curl_easy * data,CERTCertificate * cert)947 static void display_cert_info(struct Curl_easy *data,
948 CERTCertificate *cert)
949 {
950 char *subject, *issuer, *common_name;
951 PRExplodedTime printableTime;
952 char timeString[256];
953 PRTime notBefore, notAfter;
954
955 subject = CERT_NameToAscii(&cert->subject);
956 issuer = CERT_NameToAscii(&cert->issuer);
957 common_name = CERT_GetCommonName(&cert->subject);
958 infof(data, "subject: %s\n", subject);
959
960 CERT_GetCertTimes(cert, ¬Before, ¬After);
961 PR_ExplodeTime(notBefore, PR_GMTParameters, &printableTime);
962 PR_FormatTime(timeString, 256, "%b %d %H:%M:%S %Y GMT", &printableTime);
963 infof(data, " start date: %s", timeString);
964 PR_ExplodeTime(notAfter, PR_GMTParameters, &printableTime);
965 PR_FormatTime(timeString, 256, "%b %d %H:%M:%S %Y GMT", &printableTime);
966 infof(data, " expire date: %s", timeString);
967 infof(data, " common name: %s", common_name);
968 infof(data, " issuer: %s", issuer);
969
970 PR_Free(subject);
971 PR_Free(issuer);
972 PR_Free(common_name);
973 }
974
display_conn_info(struct Curl_easy * data,PRFileDesc * sock)975 static CURLcode display_conn_info(struct Curl_easy *data, PRFileDesc *sock)
976 {
977 CURLcode result = CURLE_OK;
978 SSLChannelInfo channel;
979 SSLCipherSuiteInfo suite;
980 CERTCertificate *cert;
981 CERTCertificate *cert2;
982 CERTCertificate *cert3;
983 PRTime now;
984
985 if(SSL_GetChannelInfo(sock, &channel, sizeof(channel)) ==
986 SECSuccess && channel.length == sizeof(channel) &&
987 channel.cipherSuite) {
988 if(SSL_GetCipherSuiteInfo(channel.cipherSuite,
989 &suite, sizeof(suite)) == SECSuccess) {
990 infof(data, "SSL connection using %s", suite.cipherSuiteName);
991 }
992 }
993
994 cert = SSL_PeerCertificate(sock);
995 if(cert) {
996 infof(data, "Server certificate:");
997
998 if(!data->set.ssl.certinfo) {
999 display_cert_info(data, cert);
1000 CERT_DestroyCertificate(cert);
1001 }
1002 else {
1003 /* Count certificates in chain. */
1004 int i = 1;
1005 now = PR_Now();
1006 if(!cert->isRoot) {
1007 cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA);
1008 while(cert2) {
1009 i++;
1010 if(cert2->isRoot) {
1011 CERT_DestroyCertificate(cert2);
1012 break;
1013 }
1014 cert3 = CERT_FindCertIssuer(cert2, now, certUsageSSLCA);
1015 CERT_DestroyCertificate(cert2);
1016 cert2 = cert3;
1017 }
1018 }
1019
1020 result = Curl_ssl_init_certinfo(data, i);
1021 if(!result) {
1022 for(i = 0; cert; cert = cert2) {
1023 result = Curl_extract_certinfo(data, i++, (char *)cert->derCert.data,
1024 (char *)cert->derCert.data +
1025 cert->derCert.len);
1026 if(result)
1027 break;
1028
1029 if(cert->isRoot) {
1030 CERT_DestroyCertificate(cert);
1031 break;
1032 }
1033
1034 cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA);
1035 CERT_DestroyCertificate(cert);
1036 }
1037 }
1038 }
1039 }
1040
1041 return result;
1042 }
1043
BadCertHandler(void * arg,PRFileDesc * sock)1044 static SECStatus BadCertHandler(void *arg, PRFileDesc *sock)
1045 {
1046 struct Curl_easy *data = (struct Curl_easy *)arg;
1047 struct connectdata *conn = data->conn;
1048 PRErrorCode err = PR_GetError();
1049 CERTCertificate *cert;
1050
1051 /* remember the cert verification result */
1052 SSL_SET_OPTION_LVALUE(certverifyresult) = err;
1053
1054 if(err == SSL_ERROR_BAD_CERT_DOMAIN && !SSL_CONN_CONFIG(verifyhost))
1055 /* we are asked not to verify the host name */
1056 return SECSuccess;
1057
1058 /* print only info about the cert, the error is printed off the callback */
1059 cert = SSL_PeerCertificate(sock);
1060 if(cert) {
1061 infof(data, "Server certificate:");
1062 display_cert_info(data, cert);
1063 CERT_DestroyCertificate(cert);
1064 }
1065
1066 return SECFailure;
1067 }
1068
1069 /**
1070 *
1071 * Check that the Peer certificate's issuer certificate matches the one found
1072 * by issuer_nickname. This is not exactly the way OpenSSL and GNU TLS do the
1073 * issuer check, so we provide comments that mimic the OpenSSL
1074 * X509_check_issued function (in x509v3/v3_purp.c)
1075 */
check_issuer_cert(PRFileDesc * sock,char * issuer_nickname)1076 static SECStatus check_issuer_cert(PRFileDesc *sock,
1077 char *issuer_nickname)
1078 {
1079 CERTCertificate *cert, *cert_issuer, *issuer;
1080 SECStatus res = SECSuccess;
1081 void *proto_win = NULL;
1082
1083 cert = SSL_PeerCertificate(sock);
1084 cert_issuer = CERT_FindCertIssuer(cert, PR_Now(), certUsageObjectSigner);
1085
1086 proto_win = SSL_RevealPinArg(sock);
1087 issuer = PK11_FindCertFromNickname(issuer_nickname, proto_win);
1088
1089 if((!cert_issuer) || (!issuer))
1090 res = SECFailure;
1091 else if(SECITEM_CompareItem(&cert_issuer->derCert,
1092 &issuer->derCert) != SECEqual)
1093 res = SECFailure;
1094
1095 CERT_DestroyCertificate(cert);
1096 CERT_DestroyCertificate(issuer);
1097 CERT_DestroyCertificate(cert_issuer);
1098 return res;
1099 }
1100
cmp_peer_pubkey(struct ssl_connect_data * connssl,const char * pinnedpubkey)1101 static CURLcode cmp_peer_pubkey(struct ssl_connect_data *connssl,
1102 const char *pinnedpubkey)
1103 {
1104 CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
1105 struct ssl_backend_data *backend = connssl->backend;
1106 struct Curl_easy *data = backend->data;
1107 CERTCertificate *cert;
1108
1109 if(!pinnedpubkey)
1110 /* no pinned public key specified */
1111 return CURLE_OK;
1112
1113 /* get peer certificate */
1114 cert = SSL_PeerCertificate(backend->handle);
1115 if(cert) {
1116 /* extract public key from peer certificate */
1117 SECKEYPublicKey *pubkey = CERT_ExtractPublicKey(cert);
1118 if(pubkey) {
1119 /* encode the public key as DER */
1120 SECItem *cert_der = PK11_DEREncodePublicKey(pubkey);
1121 if(cert_der) {
1122 /* compare the public key with the pinned public key */
1123 result = Curl_pin_peer_pubkey(data, pinnedpubkey, cert_der->data,
1124 cert_der->len);
1125 SECITEM_FreeItem(cert_der, PR_TRUE);
1126 }
1127 SECKEY_DestroyPublicKey(pubkey);
1128 }
1129 CERT_DestroyCertificate(cert);
1130 }
1131
1132 /* report the resulting status */
1133 switch(result) {
1134 case CURLE_OK:
1135 infof(data, "pinned public key verified successfully!");
1136 break;
1137 case CURLE_SSL_PINNEDPUBKEYNOTMATCH:
1138 failf(data, "failed to verify pinned public key");
1139 break;
1140 default:
1141 /* OOM, etc. */
1142 break;
1143 }
1144
1145 return result;
1146 }
1147
1148 /**
1149 *
1150 * Callback to pick the SSL client certificate.
1151 */
SelectClientCert(void * arg,PRFileDesc * sock,struct CERTDistNamesStr * caNames,struct CERTCertificateStr ** pRetCert,struct SECKEYPrivateKeyStr ** pRetKey)1152 static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
1153 struct CERTDistNamesStr *caNames,
1154 struct CERTCertificateStr **pRetCert,
1155 struct SECKEYPrivateKeyStr **pRetKey)
1156 {
1157 struct ssl_connect_data *connssl = (struct ssl_connect_data *)arg;
1158 struct ssl_backend_data *backend = connssl->backend;
1159 struct Curl_easy *data = backend->data;
1160 const char *nickname = backend->client_nickname;
1161 static const char pem_slotname[] = "PEM Token #1";
1162
1163 if(backend->obj_clicert) {
1164 /* use the cert/key provided by PEM reader */
1165 SECItem cert_der = { 0, NULL, 0 };
1166 void *proto_win = SSL_RevealPinArg(sock);
1167 struct CERTCertificateStr *cert;
1168 struct SECKEYPrivateKeyStr *key;
1169
1170 PK11SlotInfo *slot = nss_find_slot_by_name(pem_slotname);
1171 if(NULL == slot) {
1172 failf(data, "NSS: PK11 slot not found: %s", pem_slotname);
1173 return SECFailure;
1174 }
1175
1176 if(PK11_ReadRawAttribute(PK11_TypeGeneric, backend->obj_clicert, CKA_VALUE,
1177 &cert_der) != SECSuccess) {
1178 failf(data, "NSS: CKA_VALUE not found in PK11 generic object");
1179 PK11_FreeSlot(slot);
1180 return SECFailure;
1181 }
1182
1183 cert = PK11_FindCertFromDERCertItem(slot, &cert_der, proto_win);
1184 SECITEM_FreeItem(&cert_der, PR_FALSE);
1185 if(NULL == cert) {
1186 failf(data, "NSS: client certificate from file not found");
1187 PK11_FreeSlot(slot);
1188 return SECFailure;
1189 }
1190
1191 key = PK11_FindPrivateKeyFromCert(slot, cert, NULL);
1192 PK11_FreeSlot(slot);
1193 if(NULL == key) {
1194 failf(data, "NSS: private key from file not found");
1195 CERT_DestroyCertificate(cert);
1196 return SECFailure;
1197 }
1198
1199 infof(data, "NSS: client certificate from file");
1200 display_cert_info(data, cert);
1201
1202 *pRetCert = cert;
1203 *pRetKey = key;
1204 return SECSuccess;
1205 }
1206
1207 /* use the default NSS hook */
1208 if(SECSuccess != NSS_GetClientAuthData((void *)nickname, sock, caNames,
1209 pRetCert, pRetKey)
1210 || NULL == *pRetCert) {
1211
1212 if(NULL == nickname)
1213 failf(data, "NSS: client certificate not found (nickname not "
1214 "specified)");
1215 else
1216 failf(data, "NSS: client certificate not found: %s", nickname);
1217
1218 return SECFailure;
1219 }
1220
1221 /* get certificate nickname if any */
1222 nickname = (*pRetCert)->nickname;
1223 if(NULL == nickname)
1224 nickname = "[unknown]";
1225
1226 if(!strncmp(nickname, pem_slotname, sizeof(pem_slotname) - 1U)) {
1227 failf(data, "NSS: refusing previously loaded certificate from file: %s",
1228 nickname);
1229 return SECFailure;
1230 }
1231
1232 if(NULL == *pRetKey) {
1233 failf(data, "NSS: private key not found for certificate: %s", nickname);
1234 return SECFailure;
1235 }
1236
1237 infof(data, "NSS: using client certificate: %s", nickname);
1238 display_cert_info(data, *pRetCert);
1239 return SECSuccess;
1240 }
1241
1242 /* update blocking direction in case of PR_WOULD_BLOCK_ERROR */
nss_update_connecting_state(ssl_connect_state state,void * secret)1243 static void nss_update_connecting_state(ssl_connect_state state, void *secret)
1244 {
1245 struct ssl_connect_data *connssl = (struct ssl_connect_data *)secret;
1246 if(PR_GetError() != PR_WOULD_BLOCK_ERROR)
1247 /* an unrelated error is passing by */
1248 return;
1249
1250 switch(connssl->connecting_state) {
1251 case ssl_connect_2:
1252 case ssl_connect_2_reading:
1253 case ssl_connect_2_writing:
1254 break;
1255 default:
1256 /* we are not called from an SSL handshake */
1257 return;
1258 }
1259
1260 /* update the state accordingly */
1261 connssl->connecting_state = state;
1262 }
1263
1264 /* recv() wrapper we use to detect blocking direction during SSL handshake */
nspr_io_recv(PRFileDesc * fd,void * buf,PRInt32 amount,PRIntn flags,PRIntervalTime timeout)1265 static PRInt32 nspr_io_recv(PRFileDesc *fd, void *buf, PRInt32 amount,
1266 PRIntn flags, PRIntervalTime timeout)
1267 {
1268 const PRRecvFN recv_fn = fd->lower->methods->recv;
1269 const PRInt32 rv = recv_fn(fd->lower, buf, amount, flags, timeout);
1270 if(rv < 0)
1271 /* check for PR_WOULD_BLOCK_ERROR and update blocking direction */
1272 nss_update_connecting_state(ssl_connect_2_reading, fd->secret);
1273 return rv;
1274 }
1275
1276 /* send() wrapper we use to detect blocking direction during SSL handshake */
nspr_io_send(PRFileDesc * fd,const void * buf,PRInt32 amount,PRIntn flags,PRIntervalTime timeout)1277 static PRInt32 nspr_io_send(PRFileDesc *fd, const void *buf, PRInt32 amount,
1278 PRIntn flags, PRIntervalTime timeout)
1279 {
1280 const PRSendFN send_fn = fd->lower->methods->send;
1281 const PRInt32 rv = send_fn(fd->lower, buf, amount, flags, timeout);
1282 if(rv < 0)
1283 /* check for PR_WOULD_BLOCK_ERROR and update blocking direction */
1284 nss_update_connecting_state(ssl_connect_2_writing, fd->secret);
1285 return rv;
1286 }
1287
1288 /* close() wrapper to avoid assertion failure due to fd->secret != NULL */
nspr_io_close(PRFileDesc * fd)1289 static PRStatus nspr_io_close(PRFileDesc *fd)
1290 {
1291 const PRCloseFN close_fn = PR_GetDefaultIOMethods()->close;
1292 fd->secret = NULL;
1293 return close_fn(fd);
1294 }
1295
1296 /* load a PKCS #11 module */
nss_load_module(SECMODModule ** pmod,const char * library,const char * name)1297 static CURLcode nss_load_module(SECMODModule **pmod, const char *library,
1298 const char *name)
1299 {
1300 char *config_string;
1301 SECMODModule *module = *pmod;
1302 if(module)
1303 /* already loaded */
1304 return CURLE_OK;
1305
1306 config_string = aprintf("library=%s name=%s", library, name);
1307 if(!config_string)
1308 return CURLE_OUT_OF_MEMORY;
1309
1310 module = SECMOD_LoadUserModule(config_string, NULL, PR_FALSE);
1311 free(config_string);
1312
1313 if(module && module->loaded) {
1314 /* loaded successfully */
1315 *pmod = module;
1316 return CURLE_OK;
1317 }
1318
1319 if(module)
1320 SECMOD_DestroyModule(module);
1321 return CURLE_FAILED_INIT;
1322 }
1323
1324 /* unload a PKCS #11 module */
nss_unload_module(SECMODModule ** pmod)1325 static void nss_unload_module(SECMODModule **pmod)
1326 {
1327 SECMODModule *module = *pmod;
1328 if(!module)
1329 /* not loaded */
1330 return;
1331
1332 if(SECMOD_UnloadUserModule(module) != SECSuccess)
1333 /* unload failed */
1334 return;
1335
1336 SECMOD_DestroyModule(module);
1337 *pmod = NULL;
1338 }
1339
1340 /* data might be NULL */
nss_init_core(struct Curl_easy * data,const char * cert_dir)1341 static CURLcode nss_init_core(struct Curl_easy *data, const char *cert_dir)
1342 {
1343 NSSInitParameters initparams;
1344 PRErrorCode err;
1345 const char *err_name;
1346
1347 if(nss_context != NULL)
1348 return CURLE_OK;
1349
1350 memset((void *) &initparams, '\0', sizeof(initparams));
1351 initparams.length = sizeof(initparams);
1352
1353 if(cert_dir) {
1354 char *certpath = aprintf("sql:%s", cert_dir);
1355 if(!certpath)
1356 return CURLE_OUT_OF_MEMORY;
1357
1358 infof(data, "Initializing NSS with certpath: %s", certpath);
1359 nss_context = NSS_InitContext(certpath, "", "", "", &initparams,
1360 NSS_INIT_READONLY | NSS_INIT_PK11RELOAD);
1361 free(certpath);
1362
1363 if(nss_context != NULL)
1364 return CURLE_OK;
1365
1366 err = PR_GetError();
1367 err_name = nss_error_to_name(err);
1368 infof(data, "Unable to initialize NSS database: %d (%s)", err, err_name);
1369 }
1370
1371 infof(data, "Initializing NSS with certpath: none");
1372 nss_context = NSS_InitContext("", "", "", "", &initparams, NSS_INIT_READONLY
1373 | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB | NSS_INIT_FORCEOPEN
1374 | NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE | NSS_INIT_PK11RELOAD);
1375 if(nss_context != NULL)
1376 return CURLE_OK;
1377
1378 err = PR_GetError();
1379 err_name = nss_error_to_name(err);
1380 failf(data, "Unable to initialize NSS: %d (%s)", err, err_name);
1381 return CURLE_SSL_CACERT_BADFILE;
1382 }
1383
1384 /* data might be NULL */
nss_setup(struct Curl_easy * data)1385 static CURLcode nss_setup(struct Curl_easy *data)
1386 {
1387 char *cert_dir;
1388 struct_stat st;
1389 CURLcode result;
1390
1391 if(initialized)
1392 return CURLE_OK;
1393
1394 /* list of all CRL items we need to destroy in nss_cleanup() */
1395 Curl_llist_init(&nss_crl_list, nss_destroy_crl_item);
1396
1397 /* First we check if $SSL_DIR points to a valid dir */
1398 cert_dir = getenv("SSL_DIR");
1399 if(cert_dir) {
1400 if((stat(cert_dir, &st) != 0) ||
1401 (!S_ISDIR(st.st_mode))) {
1402 cert_dir = NULL;
1403 }
1404 }
1405
1406 /* Now we check if the default location is a valid dir */
1407 if(!cert_dir) {
1408 if((stat(SSL_DIR, &st) == 0) &&
1409 (S_ISDIR(st.st_mode))) {
1410 cert_dir = (char *)SSL_DIR;
1411 }
1412 }
1413
1414 if(nspr_io_identity == PR_INVALID_IO_LAYER) {
1415 /* allocate an identity for our own NSPR I/O layer */
1416 nspr_io_identity = PR_GetUniqueIdentity("libcurl");
1417 if(nspr_io_identity == PR_INVALID_IO_LAYER)
1418 return CURLE_OUT_OF_MEMORY;
1419
1420 /* the default methods just call down to the lower I/O layer */
1421 memcpy(&nspr_io_methods, PR_GetDefaultIOMethods(),
1422 sizeof(nspr_io_methods));
1423
1424 /* override certain methods in the table by our wrappers */
1425 nspr_io_methods.recv = nspr_io_recv;
1426 nspr_io_methods.send = nspr_io_send;
1427 nspr_io_methods.close = nspr_io_close;
1428 }
1429
1430 result = nss_init_core(data, cert_dir);
1431 if(result)
1432 return result;
1433
1434 if(!any_cipher_enabled())
1435 NSS_SetDomesticPolicy();
1436
1437 initialized = 1;
1438
1439 return CURLE_OK;
1440 }
1441
1442 /**
1443 * Global SSL init
1444 *
1445 * @retval 0 error initializing SSL
1446 * @retval 1 SSL initialized successfully
1447 */
nss_init(void)1448 static int nss_init(void)
1449 {
1450 /* curl_global_init() is not thread-safe so this test is ok */
1451 if(!nss_initlock) {
1452 PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
1453 nss_initlock = PR_NewLock();
1454 nss_crllock = PR_NewLock();
1455 nss_findslot_lock = PR_NewLock();
1456 nss_trustload_lock = PR_NewLock();
1457 }
1458
1459 /* We will actually initialize NSS later */
1460
1461 return 1;
1462 }
1463
1464 /* data might be NULL */
Curl_nss_force_init(struct Curl_easy * data)1465 CURLcode Curl_nss_force_init(struct Curl_easy *data)
1466 {
1467 CURLcode result;
1468 if(!nss_initlock) {
1469 if(data)
1470 failf(data, "unable to initialize NSS, curl_global_init() should have "
1471 "been called with CURL_GLOBAL_SSL or CURL_GLOBAL_ALL");
1472 return CURLE_FAILED_INIT;
1473 }
1474
1475 PR_Lock(nss_initlock);
1476 result = nss_setup(data);
1477 PR_Unlock(nss_initlock);
1478
1479 return result;
1480 }
1481
1482 /* Global cleanup */
nss_cleanup(void)1483 static void nss_cleanup(void)
1484 {
1485 /* This function isn't required to be threadsafe and this is only done
1486 * as a safety feature.
1487 */
1488 PR_Lock(nss_initlock);
1489 if(initialized) {
1490 /* Free references to client certificates held in the SSL session cache.
1491 * Omitting this hampers destruction of the security module owning
1492 * the certificates. */
1493 SSL_ClearSessionCache();
1494
1495 nss_unload_module(&pem_module);
1496 nss_unload_module(&trust_module);
1497 NSS_ShutdownContext(nss_context);
1498 nss_context = NULL;
1499 }
1500
1501 /* destroy all CRL items */
1502 Curl_llist_destroy(&nss_crl_list, NULL);
1503
1504 PR_Unlock(nss_initlock);
1505
1506 PR_DestroyLock(nss_initlock);
1507 PR_DestroyLock(nss_crllock);
1508 PR_DestroyLock(nss_findslot_lock);
1509 PR_DestroyLock(nss_trustload_lock);
1510 nss_initlock = NULL;
1511
1512 initialized = 0;
1513 }
1514
1515 /*
1516 * This function uses SSL_peek to determine connection status.
1517 *
1518 * Return codes:
1519 * 1 means the connection is still in place
1520 * 0 means the connection has been closed
1521 * -1 means the connection status is unknown
1522 */
nss_check_cxn(struct connectdata * conn)1523 static int nss_check_cxn(struct connectdata *conn)
1524 {
1525 struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET];
1526 struct ssl_backend_data *backend = connssl->backend;
1527 int rc;
1528 char buf;
1529
1530 rc =
1531 PR_Recv(backend->handle, (void *)&buf, 1, PR_MSG_PEEK,
1532 PR_SecondsToInterval(1));
1533 if(rc > 0)
1534 return 1; /* connection still in place */
1535
1536 if(rc == 0)
1537 return 0; /* connection has been closed */
1538
1539 return -1; /* connection status unknown */
1540 }
1541
close_one(struct ssl_connect_data * connssl)1542 static void close_one(struct ssl_connect_data *connssl)
1543 {
1544 /* before the cleanup, check whether we are using a client certificate */
1545 struct ssl_backend_data *backend = connssl->backend;
1546 const bool client_cert = (backend->client_nickname != NULL)
1547 || (backend->obj_clicert != NULL);
1548
1549 if(backend->handle) {
1550 char buf[32];
1551 /* Maybe the server has already sent a close notify alert.
1552 Read it to avoid an RST on the TCP connection. */
1553 (void)PR_Recv(backend->handle, buf, (int)sizeof(buf), 0,
1554 PR_INTERVAL_NO_WAIT);
1555 }
1556
1557 free(backend->client_nickname);
1558 backend->client_nickname = NULL;
1559
1560 /* destroy all NSS objects in order to avoid failure of NSS shutdown */
1561 Curl_llist_destroy(&backend->obj_list, NULL);
1562 backend->obj_clicert = NULL;
1563
1564 if(backend->handle) {
1565 if(client_cert)
1566 /* A server might require different authentication based on the
1567 * particular path being requested by the client. To support this
1568 * scenario, we must ensure that a connection will never reuse the
1569 * authentication data from a previous connection. */
1570 SSL_InvalidateSession(backend->handle);
1571
1572 PR_Close(backend->handle);
1573 backend->handle = NULL;
1574 }
1575 }
1576
1577 /*
1578 * This function is called when an SSL connection is closed.
1579 */
nss_close(struct Curl_easy * data,struct connectdata * conn,int sockindex)1580 static void nss_close(struct Curl_easy *data, struct connectdata *conn,
1581 int sockindex)
1582 {
1583 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
1584 #ifndef CURL_DISABLE_PROXY
1585 struct ssl_connect_data *connssl_proxy = &conn->proxy_ssl[sockindex];
1586 #endif
1587 struct ssl_backend_data *backend = connssl->backend;
1588
1589 (void)data;
1590 if(backend->handle
1591 #ifndef CURL_DISABLE_PROXY
1592 || connssl_proxy->backend->handle
1593 #endif
1594 ) {
1595 /* NSS closes the socket we previously handed to it, so we must mark it
1596 as closed to avoid double close */
1597 fake_sclose(conn->sock[sockindex]);
1598 conn->sock[sockindex] = CURL_SOCKET_BAD;
1599 }
1600
1601 #ifndef CURL_DISABLE_PROXY
1602 if(backend->handle)
1603 /* nss_close(connssl) will transitively close also
1604 connssl_proxy->backend->handle if both are used. Clear it to avoid
1605 a double close leading to crash. */
1606 connssl_proxy->backend->handle = NULL;
1607
1608 close_one(connssl_proxy);
1609 #endif
1610 close_one(connssl);
1611 }
1612
1613 /* return true if NSS can provide error code (and possibly msg) for the
1614 error */
is_nss_error(CURLcode err)1615 static bool is_nss_error(CURLcode err)
1616 {
1617 switch(err) {
1618 case CURLE_PEER_FAILED_VERIFICATION:
1619 case CURLE_SSL_CERTPROBLEM:
1620 case CURLE_SSL_CONNECT_ERROR:
1621 case CURLE_SSL_ISSUER_ERROR:
1622 return true;
1623
1624 default:
1625 return false;
1626 }
1627 }
1628
1629 /* return true if the given error code is related to a client certificate */
is_cc_error(PRInt32 err)1630 static bool is_cc_error(PRInt32 err)
1631 {
1632 switch(err) {
1633 case SSL_ERROR_BAD_CERT_ALERT:
1634 case SSL_ERROR_EXPIRED_CERT_ALERT:
1635 case SSL_ERROR_REVOKED_CERT_ALERT:
1636 return true;
1637
1638 default:
1639 return false;
1640 }
1641 }
1642
1643 static Curl_recv nss_recv;
1644 static Curl_send nss_send;
1645
nss_load_ca_certificates(struct Curl_easy * data,struct connectdata * conn,int sockindex)1646 static CURLcode nss_load_ca_certificates(struct Curl_easy *data,
1647 struct connectdata *conn,
1648 int sockindex)
1649 {
1650 const char *cafile = SSL_CONN_CONFIG(CAfile);
1651 const char *capath = SSL_CONN_CONFIG(CApath);
1652 bool use_trust_module;
1653 CURLcode result = CURLE_OK;
1654
1655 /* treat empty string as unset */
1656 if(cafile && !cafile[0])
1657 cafile = NULL;
1658 if(capath && !capath[0])
1659 capath = NULL;
1660
1661 infof(data, " CAfile: %s", cafile ? cafile : "none");
1662 infof(data, " CApath: %s", capath ? capath : "none");
1663
1664 /* load libnssckbi.so if no other trust roots were specified */
1665 use_trust_module = !cafile && !capath;
1666
1667 PR_Lock(nss_trustload_lock);
1668 if(use_trust_module && !trust_module) {
1669 /* libnssckbi.so needed but not yet loaded --> load it! */
1670 result = nss_load_module(&trust_module, trust_library, "trust");
1671 infof(data, "%s %s", (result) ? "failed to load" : "loaded",
1672 trust_library);
1673 if(result == CURLE_FAILED_INIT)
1674 /* If libnssckbi.so is not available (or fails to load), one can still
1675 use CA certificates stored in NSS database. Ignore the failure. */
1676 result = CURLE_OK;
1677 }
1678 else if(!use_trust_module && trust_module) {
1679 /* libnssckbi.so not needed but already loaded --> unload it! */
1680 infof(data, "unloading %s", trust_library);
1681 nss_unload_module(&trust_module);
1682 }
1683 PR_Unlock(nss_trustload_lock);
1684
1685 if(cafile)
1686 result = nss_load_cert(&conn->ssl[sockindex], cafile, PR_TRUE);
1687
1688 if(result)
1689 return result;
1690
1691 if(capath) {
1692 struct_stat st;
1693 if(stat(capath, &st) == -1)
1694 return CURLE_SSL_CACERT_BADFILE;
1695
1696 if(S_ISDIR(st.st_mode)) {
1697 PRDirEntry *entry;
1698 PRDir *dir = PR_OpenDir(capath);
1699 if(!dir)
1700 return CURLE_SSL_CACERT_BADFILE;
1701
1702 while((entry =
1703 PR_ReadDir(dir, (PRDirFlags)(PR_SKIP_BOTH | PR_SKIP_HIDDEN)))) {
1704 char *fullpath = aprintf("%s/%s", capath, entry->name);
1705 if(!fullpath) {
1706 PR_CloseDir(dir);
1707 return CURLE_OUT_OF_MEMORY;
1708 }
1709
1710 if(CURLE_OK != nss_load_cert(&conn->ssl[sockindex], fullpath, PR_TRUE))
1711 /* This is purposefully tolerant of errors so non-PEM files can
1712 * be in the same directory */
1713 infof(data, "failed to load '%s' from CURLOPT_CAPATH", fullpath);
1714
1715 free(fullpath);
1716 }
1717
1718 PR_CloseDir(dir);
1719 }
1720 else
1721 infof(data, "warning: CURLOPT_CAPATH not a directory (%s)", capath);
1722 }
1723
1724 return CURLE_OK;
1725 }
1726
nss_sslver_from_curl(PRUint16 * nssver,long version)1727 static CURLcode nss_sslver_from_curl(PRUint16 *nssver, long version)
1728 {
1729 switch(version) {
1730 case CURL_SSLVERSION_SSLv2:
1731 *nssver = SSL_LIBRARY_VERSION_2;
1732 return CURLE_OK;
1733
1734 case CURL_SSLVERSION_SSLv3:
1735 return CURLE_NOT_BUILT_IN;
1736
1737 case CURL_SSLVERSION_TLSv1_0:
1738 *nssver = SSL_LIBRARY_VERSION_TLS_1_0;
1739 return CURLE_OK;
1740
1741 case CURL_SSLVERSION_TLSv1_1:
1742 #ifdef SSL_LIBRARY_VERSION_TLS_1_1
1743 *nssver = SSL_LIBRARY_VERSION_TLS_1_1;
1744 return CURLE_OK;
1745 #else
1746 return CURLE_SSL_CONNECT_ERROR;
1747 #endif
1748
1749 case CURL_SSLVERSION_TLSv1_2:
1750 #ifdef SSL_LIBRARY_VERSION_TLS_1_2
1751 *nssver = SSL_LIBRARY_VERSION_TLS_1_2;
1752 return CURLE_OK;
1753 #else
1754 return CURLE_SSL_CONNECT_ERROR;
1755 #endif
1756
1757 case CURL_SSLVERSION_TLSv1_3:
1758 #ifdef SSL_LIBRARY_VERSION_TLS_1_3
1759 *nssver = SSL_LIBRARY_VERSION_TLS_1_3;
1760 return CURLE_OK;
1761 #else
1762 return CURLE_SSL_CONNECT_ERROR;
1763 #endif
1764
1765 default:
1766 return CURLE_SSL_CONNECT_ERROR;
1767 }
1768 }
1769
nss_init_sslver(SSLVersionRange * sslver,struct Curl_easy * data,struct connectdata * conn)1770 static CURLcode nss_init_sslver(SSLVersionRange *sslver,
1771 struct Curl_easy *data,
1772 struct connectdata *conn)
1773 {
1774 CURLcode result;
1775 const long min = SSL_CONN_CONFIG(version);
1776 const long max = SSL_CONN_CONFIG(version_max);
1777 SSLVersionRange vrange;
1778
1779 switch(min) {
1780 case CURL_SSLVERSION_TLSv1:
1781 case CURL_SSLVERSION_DEFAULT:
1782 /* Bump our minimum TLS version if NSS has stricter requirements. */
1783 if(SSL_VersionRangeGetDefault(ssl_variant_stream, &vrange) != SECSuccess)
1784 return CURLE_SSL_CONNECT_ERROR;
1785 if(sslver->min < vrange.min)
1786 sslver->min = vrange.min;
1787 break;
1788 default:
1789 result = nss_sslver_from_curl(&sslver->min, min);
1790 if(result) {
1791 failf(data, "unsupported min version passed via CURLOPT_SSLVERSION");
1792 return result;
1793 }
1794 }
1795
1796 switch(max) {
1797 case CURL_SSLVERSION_MAX_NONE:
1798 case CURL_SSLVERSION_MAX_DEFAULT:
1799 break;
1800 default:
1801 result = nss_sslver_from_curl(&sslver->max, max >> 16);
1802 if(result) {
1803 failf(data, "unsupported max version passed via CURLOPT_SSLVERSION");
1804 return result;
1805 }
1806 }
1807
1808 return CURLE_OK;
1809 }
1810
nss_fail_connect(struct ssl_connect_data * connssl,struct Curl_easy * data,CURLcode curlerr)1811 static CURLcode nss_fail_connect(struct ssl_connect_data *connssl,
1812 struct Curl_easy *data,
1813 CURLcode curlerr)
1814 {
1815 struct ssl_backend_data *backend = connssl->backend;
1816
1817 if(is_nss_error(curlerr)) {
1818 /* read NSPR error code */
1819 PRErrorCode err = PR_GetError();
1820 if(is_cc_error(err))
1821 curlerr = CURLE_SSL_CERTPROBLEM;
1822
1823 /* print the error number and error string */
1824 infof(data, "NSS error %d (%s)", err, nss_error_to_name(err));
1825
1826 /* print a human-readable message describing the error if available */
1827 nss_print_error_message(data, err);
1828 }
1829
1830 /* cleanup on connection failure */
1831 Curl_llist_destroy(&backend->obj_list, NULL);
1832
1833 return curlerr;
1834 }
1835
1836 /* Switch the SSL socket into blocking or non-blocking mode. */
nss_set_blocking(struct ssl_connect_data * connssl,struct Curl_easy * data,bool blocking)1837 static CURLcode nss_set_blocking(struct ssl_connect_data *connssl,
1838 struct Curl_easy *data,
1839 bool blocking)
1840 {
1841 PRSocketOptionData sock_opt;
1842 struct ssl_backend_data *backend = connssl->backend;
1843 sock_opt.option = PR_SockOpt_Nonblocking;
1844 sock_opt.value.non_blocking = !blocking;
1845
1846 if(PR_SetSocketOption(backend->handle, &sock_opt) != PR_SUCCESS)
1847 return nss_fail_connect(connssl, data, CURLE_SSL_CONNECT_ERROR);
1848
1849 return CURLE_OK;
1850 }
1851
nss_setup_connect(struct Curl_easy * data,struct connectdata * conn,int sockindex)1852 static CURLcode nss_setup_connect(struct Curl_easy *data,
1853 struct connectdata *conn, int sockindex)
1854 {
1855 PRFileDesc *model = NULL;
1856 PRFileDesc *nspr_io = NULL;
1857 PRFileDesc *nspr_io_stub = NULL;
1858 PRBool ssl_no_cache;
1859 PRBool ssl_cbc_random_iv;
1860 curl_socket_t sockfd = conn->sock[sockindex];
1861 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
1862 struct ssl_backend_data *backend = connssl->backend;
1863 CURLcode result;
1864 bool second_layer = FALSE;
1865 SSLVersionRange sslver_supported;
1866
1867 SSLVersionRange sslver = {
1868 SSL_LIBRARY_VERSION_TLS_1_0, /* min */
1869 #ifdef SSL_LIBRARY_VERSION_TLS_1_3
1870 SSL_LIBRARY_VERSION_TLS_1_3 /* max */
1871 #elif defined SSL_LIBRARY_VERSION_TLS_1_2
1872 SSL_LIBRARY_VERSION_TLS_1_2
1873 #elif defined SSL_LIBRARY_VERSION_TLS_1_1
1874 SSL_LIBRARY_VERSION_TLS_1_1
1875 #else
1876 SSL_LIBRARY_VERSION_TLS_1_0
1877 #endif
1878 };
1879
1880 backend->data = data;
1881
1882 /* list of all NSS objects we need to destroy in nss_do_close() */
1883 Curl_llist_init(&backend->obj_list, nss_destroy_object);
1884
1885 PR_Lock(nss_initlock);
1886 result = nss_setup(data);
1887 if(result) {
1888 PR_Unlock(nss_initlock);
1889 goto error;
1890 }
1891
1892 PK11_SetPasswordFunc(nss_get_password);
1893
1894 result = nss_load_module(&pem_module, pem_library, "PEM");
1895 PR_Unlock(nss_initlock);
1896 if(result == CURLE_FAILED_INIT)
1897 infof(data, "WARNING: failed to load NSS PEM library %s. Using "
1898 "OpenSSL PEM certificates will not work.", pem_library);
1899 else if(result)
1900 goto error;
1901
1902 result = CURLE_SSL_CONNECT_ERROR;
1903
1904 model = PR_NewTCPSocket();
1905 if(!model)
1906 goto error;
1907 model = SSL_ImportFD(NULL, model);
1908
1909 if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess)
1910 goto error;
1911 if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_SERVER, PR_FALSE) != SECSuccess)
1912 goto error;
1913 if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE) != SECSuccess)
1914 goto error;
1915
1916 /* do not use SSL cache if disabled or we are not going to verify peer */
1917 ssl_no_cache = (SSL_SET_OPTION(primary.sessionid)
1918 && SSL_CONN_CONFIG(verifypeer)) ? PR_FALSE : PR_TRUE;
1919 if(SSL_OptionSet(model, SSL_NO_CACHE, ssl_no_cache) != SECSuccess)
1920 goto error;
1921
1922 /* enable/disable the requested SSL version(s) */
1923 if(nss_init_sslver(&sslver, data, conn) != CURLE_OK)
1924 goto error;
1925 if(SSL_VersionRangeGetSupported(ssl_variant_stream,
1926 &sslver_supported) != SECSuccess)
1927 goto error;
1928 if(sslver_supported.max < sslver.max && sslver_supported.max >= sslver.min) {
1929 char *sslver_req_str, *sslver_supp_str;
1930 sslver_req_str = nss_sslver_to_name(sslver.max);
1931 sslver_supp_str = nss_sslver_to_name(sslver_supported.max);
1932 if(sslver_req_str && sslver_supp_str)
1933 infof(data, "Falling back from %s to max supported SSL version (%s)",
1934 sslver_req_str, sslver_supp_str);
1935 free(sslver_req_str);
1936 free(sslver_supp_str);
1937 sslver.max = sslver_supported.max;
1938 }
1939 if(SSL_VersionRangeSet(model, &sslver) != SECSuccess)
1940 goto error;
1941
1942 ssl_cbc_random_iv = !SSL_SET_OPTION(enable_beast);
1943 #ifdef SSL_CBC_RANDOM_IV
1944 /* unless the user explicitly asks to allow the protocol vulnerability, we
1945 use the work-around */
1946 if(SSL_OptionSet(model, SSL_CBC_RANDOM_IV, ssl_cbc_random_iv) != SECSuccess)
1947 infof(data, "warning: failed to set SSL_CBC_RANDOM_IV = %d",
1948 ssl_cbc_random_iv);
1949 #else
1950 if(ssl_cbc_random_iv)
1951 infof(data, "warning: support for SSL_CBC_RANDOM_IV not compiled in");
1952 #endif
1953
1954 if(SSL_CONN_CONFIG(cipher_list)) {
1955 if(set_ciphers(data, model, SSL_CONN_CONFIG(cipher_list)) != SECSuccess) {
1956 result = CURLE_SSL_CIPHER;
1957 goto error;
1958 }
1959 }
1960
1961 if(!SSL_CONN_CONFIG(verifypeer) && SSL_CONN_CONFIG(verifyhost))
1962 infof(data, "warning: ignoring value of ssl.verifyhost");
1963
1964 /* bypass the default SSL_AuthCertificate() hook in case we do not want to
1965 * verify peer */
1966 if(SSL_AuthCertificateHook(model, nss_auth_cert_hook, data) != SECSuccess)
1967 goto error;
1968
1969 /* not checked yet */
1970 SSL_SET_OPTION_LVALUE(certverifyresult) = 0;
1971
1972 if(SSL_BadCertHook(model, BadCertHandler, data) != SECSuccess)
1973 goto error;
1974
1975 if(SSL_HandshakeCallback(model, HandshakeCallback, data) != SECSuccess)
1976 goto error;
1977
1978 {
1979 const CURLcode rv = nss_load_ca_certificates(data, conn, sockindex);
1980 if((rv == CURLE_SSL_CACERT_BADFILE) && !SSL_CONN_CONFIG(verifypeer))
1981 /* not a fatal error because we are not going to verify the peer */
1982 infof(data, "warning: CA certificates failed to load");
1983 else if(rv) {
1984 result = rv;
1985 goto error;
1986 }
1987 }
1988
1989 if(SSL_SET_OPTION(CRLfile)) {
1990 const CURLcode rv = nss_load_crl(SSL_SET_OPTION(CRLfile));
1991 if(rv) {
1992 result = rv;
1993 goto error;
1994 }
1995 infof(data, " CRLfile: %s", SSL_SET_OPTION(CRLfile));
1996 }
1997
1998 if(SSL_SET_OPTION(primary.clientcert)) {
1999 char *nickname = dup_nickname(data, SSL_SET_OPTION(primary.clientcert));
2000 if(nickname) {
2001 /* we are not going to use libnsspem.so to read the client cert */
2002 backend->obj_clicert = NULL;
2003 }
2004 else {
2005 CURLcode rv = cert_stuff(data, conn, sockindex,
2006 SSL_SET_OPTION(primary.clientcert),
2007 SSL_SET_OPTION(key));
2008 if(rv) {
2009 /* failf() is already done in cert_stuff() */
2010 result = rv;
2011 goto error;
2012 }
2013 }
2014
2015 /* store the nickname for SelectClientCert() called during handshake */
2016 backend->client_nickname = nickname;
2017 }
2018 else
2019 backend->client_nickname = NULL;
2020
2021 if(SSL_GetClientAuthDataHook(model, SelectClientCert,
2022 (void *)connssl) != SECSuccess) {
2023 result = CURLE_SSL_CERTPROBLEM;
2024 goto error;
2025 }
2026
2027 #ifndef CURL_DISABLE_PROXY
2028 if(conn->proxy_ssl[sockindex].use) {
2029 DEBUGASSERT(ssl_connection_complete == conn->proxy_ssl[sockindex].state);
2030 DEBUGASSERT(conn->proxy_ssl[sockindex].backend->handle != NULL);
2031 nspr_io = conn->proxy_ssl[sockindex].backend->handle;
2032 second_layer = TRUE;
2033 }
2034 #endif
2035 else {
2036 /* wrap OS file descriptor by NSPR's file descriptor abstraction */
2037 nspr_io = PR_ImportTCPSocket(sockfd);
2038 if(!nspr_io)
2039 goto error;
2040 }
2041
2042 /* create our own NSPR I/O layer */
2043 nspr_io_stub = PR_CreateIOLayerStub(nspr_io_identity, &nspr_io_methods);
2044 if(!nspr_io_stub) {
2045 if(!second_layer)
2046 PR_Close(nspr_io);
2047 goto error;
2048 }
2049
2050 /* make the per-connection data accessible from NSPR I/O callbacks */
2051 nspr_io_stub->secret = (void *)connssl;
2052
2053 /* push our new layer to the NSPR I/O stack */
2054 if(PR_PushIOLayer(nspr_io, PR_TOP_IO_LAYER, nspr_io_stub) != PR_SUCCESS) {
2055 if(!second_layer)
2056 PR_Close(nspr_io);
2057 PR_Close(nspr_io_stub);
2058 goto error;
2059 }
2060
2061 /* import our model socket onto the current I/O stack */
2062 backend->handle = SSL_ImportFD(model, nspr_io);
2063 if(!backend->handle) {
2064 if(!second_layer)
2065 PR_Close(nspr_io);
2066 goto error;
2067 }
2068
2069 PR_Close(model); /* We don't need this any more */
2070 model = NULL;
2071
2072 /* This is the password associated with the cert that we're using */
2073 if(SSL_SET_OPTION(key_passwd)) {
2074 SSL_SetPKCS11PinArg(backend->handle, SSL_SET_OPTION(key_passwd));
2075 }
2076
2077 #ifdef SSL_ENABLE_OCSP_STAPLING
2078 if(SSL_CONN_CONFIG(verifystatus)) {
2079 if(SSL_OptionSet(backend->handle, SSL_ENABLE_OCSP_STAPLING, PR_TRUE)
2080 != SECSuccess)
2081 goto error;
2082 }
2083 #endif
2084
2085 #ifdef SSL_ENABLE_NPN
2086 if(SSL_OptionSet(backend->handle, SSL_ENABLE_NPN, conn->bits.tls_enable_npn
2087 ? PR_TRUE : PR_FALSE) != SECSuccess)
2088 goto error;
2089 #endif
2090
2091 #ifdef SSL_ENABLE_ALPN
2092 if(SSL_OptionSet(backend->handle, SSL_ENABLE_ALPN, conn->bits.tls_enable_alpn
2093 ? PR_TRUE : PR_FALSE) != SECSuccess)
2094 goto error;
2095 #endif
2096
2097 #if NSSVERNUM >= 0x030f04 /* 3.15.4 */
2098 if(data->set.ssl.falsestart) {
2099 if(SSL_OptionSet(backend->handle, SSL_ENABLE_FALSE_START, PR_TRUE)
2100 != SECSuccess)
2101 goto error;
2102
2103 if(SSL_SetCanFalseStartCallback(backend->handle, CanFalseStartCallback,
2104 data) != SECSuccess)
2105 goto error;
2106 }
2107 #endif
2108
2109 #if defined(SSL_ENABLE_NPN) || defined(SSL_ENABLE_ALPN)
2110 if(conn->bits.tls_enable_npn || conn->bits.tls_enable_alpn) {
2111 int cur = 0;
2112 unsigned char protocols[128];
2113
2114 #ifdef USE_HTTP2
2115 if(data->state.httpwant >= CURL_HTTP_VERSION_2
2116 #ifndef CURL_DISABLE_PROXY
2117 && (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)
2118 #endif
2119 ) {
2120 protocols[cur++] = ALPN_H2_LENGTH;
2121 memcpy(&protocols[cur], ALPN_H2, ALPN_H2_LENGTH);
2122 cur += ALPN_H2_LENGTH;
2123 }
2124 #endif
2125 protocols[cur++] = ALPN_HTTP_1_1_LENGTH;
2126 memcpy(&protocols[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH);
2127 cur += ALPN_HTTP_1_1_LENGTH;
2128
2129 if(SSL_SetNextProtoNego(backend->handle, protocols, cur) != SECSuccess)
2130 goto error;
2131 }
2132 #endif
2133
2134
2135 /* Force handshake on next I/O */
2136 if(SSL_ResetHandshake(backend->handle, /* asServer */ PR_FALSE)
2137 != SECSuccess)
2138 goto error;
2139
2140 /* propagate hostname to the TLS layer */
2141 if(SSL_SetURL(backend->handle, SSL_HOST_NAME()) != SECSuccess)
2142 goto error;
2143
2144 /* prevent NSS from re-using the session for a different hostname */
2145 if(SSL_SetSockPeerID(backend->handle, SSL_HOST_NAME()) != SECSuccess)
2146 goto error;
2147
2148 return CURLE_OK;
2149
2150 error:
2151 if(model)
2152 PR_Close(model);
2153
2154 return nss_fail_connect(connssl, data, result);
2155 }
2156
nss_do_connect(struct Curl_easy * data,struct connectdata * conn,int sockindex)2157 static CURLcode nss_do_connect(struct Curl_easy *data,
2158 struct connectdata *conn, int sockindex)
2159 {
2160 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2161 struct ssl_backend_data *backend = connssl->backend;
2162 CURLcode result = CURLE_SSL_CONNECT_ERROR;
2163 PRUint32 timeout;
2164
2165 /* check timeout situation */
2166 const timediff_t time_left = Curl_timeleft(data, NULL, TRUE);
2167 if(time_left < 0) {
2168 failf(data, "timed out before SSL handshake");
2169 result = CURLE_OPERATION_TIMEDOUT;
2170 goto error;
2171 }
2172
2173 /* Force the handshake now */
2174 timeout = PR_MillisecondsToInterval((PRUint32) time_left);
2175 if(SSL_ForceHandshakeWithTimeout(backend->handle, timeout) != SECSuccess) {
2176 if(PR_GetError() == PR_WOULD_BLOCK_ERROR)
2177 /* blocking direction is updated by nss_update_connecting_state() */
2178 return CURLE_AGAIN;
2179 else if(SSL_SET_OPTION(certverifyresult) == SSL_ERROR_BAD_CERT_DOMAIN)
2180 result = CURLE_PEER_FAILED_VERIFICATION;
2181 else if(SSL_SET_OPTION(certverifyresult) != 0)
2182 result = CURLE_PEER_FAILED_VERIFICATION;
2183 goto error;
2184 }
2185
2186 result = display_conn_info(data, backend->handle);
2187 if(result)
2188 goto error;
2189
2190 if(SSL_CONN_CONFIG(issuercert)) {
2191 SECStatus ret = SECFailure;
2192 char *nickname = dup_nickname(data, SSL_CONN_CONFIG(issuercert));
2193 if(nickname) {
2194 /* we support only nicknames in case of issuercert for now */
2195 ret = check_issuer_cert(backend->handle, nickname);
2196 free(nickname);
2197 }
2198
2199 if(SECFailure == ret) {
2200 infof(data, "SSL certificate issuer check failed");
2201 result = CURLE_SSL_ISSUER_ERROR;
2202 goto error;
2203 }
2204 else {
2205 infof(data, "SSL certificate issuer check ok");
2206 }
2207 }
2208
2209 result = cmp_peer_pubkey(connssl, SSL_PINNED_PUB_KEY());
2210 if(result)
2211 /* status already printed */
2212 goto error;
2213
2214 return CURLE_OK;
2215
2216 error:
2217 return nss_fail_connect(connssl, data, result);
2218 }
2219
nss_connect_common(struct Curl_easy * data,struct connectdata * conn,int sockindex,bool * done)2220 static CURLcode nss_connect_common(struct Curl_easy *data,
2221 struct connectdata *conn, int sockindex,
2222 bool *done)
2223 {
2224 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2225 const bool blocking = (done == NULL);
2226 CURLcode result;
2227
2228 if(connssl->state == ssl_connection_complete) {
2229 if(!blocking)
2230 *done = TRUE;
2231 return CURLE_OK;
2232 }
2233
2234 if(connssl->connecting_state == ssl_connect_1) {
2235 result = nss_setup_connect(data, conn, sockindex);
2236 if(result)
2237 /* we do not expect CURLE_AGAIN from nss_setup_connect() */
2238 return result;
2239
2240 connssl->connecting_state = ssl_connect_2;
2241 }
2242
2243 /* enable/disable blocking mode before handshake */
2244 result = nss_set_blocking(connssl, data, blocking);
2245 if(result)
2246 return result;
2247
2248 result = nss_do_connect(data, conn, sockindex);
2249 switch(result) {
2250 case CURLE_OK:
2251 break;
2252 case CURLE_AGAIN:
2253 if(!blocking)
2254 /* CURLE_AGAIN in non-blocking mode is not an error */
2255 return CURLE_OK;
2256 /* FALLTHROUGH */
2257 default:
2258 return result;
2259 }
2260
2261 if(blocking) {
2262 /* in blocking mode, set NSS non-blocking mode _after_ SSL handshake */
2263 result = nss_set_blocking(connssl, data, /* blocking */ FALSE);
2264 if(result)
2265 return result;
2266 }
2267 else
2268 /* signal completed SSL handshake */
2269 *done = TRUE;
2270
2271 connssl->state = ssl_connection_complete;
2272 conn->recv[sockindex] = nss_recv;
2273 conn->send[sockindex] = nss_send;
2274
2275 /* ssl_connect_done is never used outside, go back to the initial state */
2276 connssl->connecting_state = ssl_connect_1;
2277
2278 return CURLE_OK;
2279 }
2280
nss_connect(struct Curl_easy * data,struct connectdata * conn,int sockindex)2281 static CURLcode nss_connect(struct Curl_easy *data, struct connectdata *conn,
2282 int sockindex)
2283 {
2284 return nss_connect_common(data, conn, sockindex, /* blocking */ NULL);
2285 }
2286
nss_connect_nonblocking(struct Curl_easy * data,struct connectdata * conn,int sockindex,bool * done)2287 static CURLcode nss_connect_nonblocking(struct Curl_easy *data,
2288 struct connectdata *conn,
2289 int sockindex, bool *done)
2290 {
2291 return nss_connect_common(data, conn, sockindex, done);
2292 }
2293
nss_send(struct Curl_easy * data,int sockindex,const void * mem,size_t len,CURLcode * curlcode)2294 static ssize_t nss_send(struct Curl_easy *data, /* transfer */
2295 int sockindex, /* socketindex */
2296 const void *mem, /* send this data */
2297 size_t len, /* amount to write */
2298 CURLcode *curlcode)
2299 {
2300 struct connectdata *conn = data->conn;
2301 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2302 struct ssl_backend_data *backend = connssl->backend;
2303 ssize_t rc;
2304
2305 /* The SelectClientCert() hook uses this for infof() and failf() but the
2306 handle stored in nss_setup_connect() could have already been freed. */
2307 backend->data = data;
2308
2309 rc = PR_Send(backend->handle, mem, (int)len, 0, PR_INTERVAL_NO_WAIT);
2310 if(rc < 0) {
2311 PRInt32 err = PR_GetError();
2312 if(err == PR_WOULD_BLOCK_ERROR)
2313 *curlcode = CURLE_AGAIN;
2314 else {
2315 /* print the error number and error string */
2316 const char *err_name = nss_error_to_name(err);
2317 infof(data, "SSL write: error %d (%s)", err, err_name);
2318
2319 /* print a human-readable message describing the error if available */
2320 nss_print_error_message(data, err);
2321
2322 *curlcode = (is_cc_error(err))
2323 ? CURLE_SSL_CERTPROBLEM
2324 : CURLE_SEND_ERROR;
2325 }
2326
2327 return -1;
2328 }
2329
2330 return rc; /* number of bytes */
2331 }
2332
nss_recv(struct Curl_easy * data,int sockindex,char * buf,size_t buffersize,CURLcode * curlcode)2333 static ssize_t nss_recv(struct Curl_easy *data, /* transfer */
2334 int sockindex, /* socketindex */
2335 char *buf, /* store read data here */
2336 size_t buffersize, /* max amount to read */
2337 CURLcode *curlcode)
2338 {
2339 struct connectdata *conn = data->conn;
2340 struct ssl_connect_data *connssl = &conn->ssl[sockindex];
2341 struct ssl_backend_data *backend = connssl->backend;
2342 ssize_t nread;
2343
2344 /* The SelectClientCert() hook uses this for infof() and failf() but the
2345 handle stored in nss_setup_connect() could have already been freed. */
2346 backend->data = data;
2347
2348 nread = PR_Recv(backend->handle, buf, (int)buffersize, 0,
2349 PR_INTERVAL_NO_WAIT);
2350 if(nread < 0) {
2351 /* failed SSL read */
2352 PRInt32 err = PR_GetError();
2353
2354 if(err == PR_WOULD_BLOCK_ERROR)
2355 *curlcode = CURLE_AGAIN;
2356 else {
2357 /* print the error number and error string */
2358 const char *err_name = nss_error_to_name(err);
2359 infof(data, "SSL read: errno %d (%s)", err, err_name);
2360
2361 /* print a human-readable message describing the error if available */
2362 nss_print_error_message(data, err);
2363
2364 *curlcode = (is_cc_error(err))
2365 ? CURLE_SSL_CERTPROBLEM
2366 : CURLE_RECV_ERROR;
2367 }
2368
2369 return -1;
2370 }
2371
2372 return nread;
2373 }
2374
nss_version(char * buffer,size_t size)2375 static size_t nss_version(char *buffer, size_t size)
2376 {
2377 return msnprintf(buffer, size, "NSS/%s", NSS_GetVersion());
2378 }
2379
2380 /* data might be NULL */
Curl_nss_seed(struct Curl_easy * data)2381 static int Curl_nss_seed(struct Curl_easy *data)
2382 {
2383 /* make sure that NSS is initialized */
2384 return !!Curl_nss_force_init(data);
2385 }
2386
2387 /* data might be NULL */
nss_random(struct Curl_easy * data,unsigned char * entropy,size_t length)2388 static CURLcode nss_random(struct Curl_easy *data,
2389 unsigned char *entropy,
2390 size_t length)
2391 {
2392 Curl_nss_seed(data); /* Initiate the seed if not already done */
2393
2394 if(SECSuccess != PK11_GenerateRandom(entropy, curlx_uztosi(length)))
2395 /* signal a failure */
2396 return CURLE_FAILED_INIT;
2397
2398 return CURLE_OK;
2399 }
2400
nss_sha256sum(const unsigned char * tmp,size_t tmplen,unsigned char * sha256sum,size_t sha256len)2401 static CURLcode nss_sha256sum(const unsigned char *tmp, /* input */
2402 size_t tmplen,
2403 unsigned char *sha256sum, /* output */
2404 size_t sha256len)
2405 {
2406 PK11Context *SHA256pw = PK11_CreateDigestContext(SEC_OID_SHA256);
2407 unsigned int SHA256out;
2408
2409 if(!SHA256pw)
2410 return CURLE_NOT_BUILT_IN;
2411
2412 PK11_DigestOp(SHA256pw, tmp, curlx_uztoui(tmplen));
2413 PK11_DigestFinal(SHA256pw, sha256sum, &SHA256out, curlx_uztoui(sha256len));
2414 PK11_DestroyContext(SHA256pw, PR_TRUE);
2415
2416 return CURLE_OK;
2417 }
2418
nss_cert_status_request(void)2419 static bool nss_cert_status_request(void)
2420 {
2421 #ifdef SSL_ENABLE_OCSP_STAPLING
2422 return TRUE;
2423 #else
2424 return FALSE;
2425 #endif
2426 }
2427
nss_false_start(void)2428 static bool nss_false_start(void)
2429 {
2430 #if NSSVERNUM >= 0x030f04 /* 3.15.4 */
2431 return TRUE;
2432 #else
2433 return FALSE;
2434 #endif
2435 }
2436
nss_get_internals(struct ssl_connect_data * connssl,CURLINFO info UNUSED_PARAM)2437 static void *nss_get_internals(struct ssl_connect_data *connssl,
2438 CURLINFO info UNUSED_PARAM)
2439 {
2440 struct ssl_backend_data *backend = connssl->backend;
2441 (void)info;
2442 return backend->handle;
2443 }
2444
2445 const struct Curl_ssl Curl_ssl_nss = {
2446 { CURLSSLBACKEND_NSS, "nss" }, /* info */
2447
2448 SSLSUPP_CA_PATH |
2449 SSLSUPP_CERTINFO |
2450 SSLSUPP_PINNEDPUBKEY |
2451 SSLSUPP_HTTPS_PROXY,
2452
2453 sizeof(struct ssl_backend_data),
2454
2455 nss_init, /* init */
2456 nss_cleanup, /* cleanup */
2457 nss_version, /* version */
2458 nss_check_cxn, /* check_cxn */
2459 /* NSS has no shutdown function provided and thus always fail */
2460 Curl_none_shutdown, /* shutdown */
2461 Curl_none_data_pending, /* data_pending */
2462 nss_random, /* random */
2463 nss_cert_status_request, /* cert_status_request */
2464 nss_connect, /* connect */
2465 nss_connect_nonblocking, /* connect_nonblocking */
2466 Curl_ssl_getsock, /* getsock */
2467 nss_get_internals, /* get_internals */
2468 nss_close, /* close_one */
2469 Curl_none_close_all, /* close_all */
2470 /* NSS has its own session ID cache */
2471 Curl_none_session_free, /* session_free */
2472 Curl_none_set_engine, /* set_engine */
2473 Curl_none_set_engine_default, /* set_engine_default */
2474 Curl_none_engines_list, /* engines_list */
2475 nss_false_start, /* false_start */
2476 nss_sha256sum, /* sha256sum */
2477 NULL, /* associate_connection */
2478 NULL /* disassociate_connection */
2479 };
2480
2481 #endif /* USE_NSS */
2482