← Back to branch summary

~ubuntu-branches/ubuntu/utopic/curl/utopic-proposed

« back to all changes in this revision

Viewing changes to lib/vtls/nss.c

  • Committer: Package Import Robot
  • Author(s): Michael Vogt
  • Date: 2014-04-30 13:34:14 UTC
  • mfrom: (76.1.1 utopic)
  • Revision ID: package-import@ubuntu.com-20140430133414-lal4vsnldlvsue7n
Tags: 7.36.0-2ubuntu1
* Merge from Debian unstable.  Remaining changes:
  - Drop dependencies not in main:
    + Build-Depends: Drop stunnel4 and libssh2-1-dev.
    + Drop libssh2-1-dev from binary package Depends.
  - Add new libcurl3-udeb package.
  - Add new curl-udeb package.

Show diffs side-by-side

added added

removed removed

Lines of Context:
lib/vtls/nss.c
5
5
 *                            | (__| |_| |  _ <| |___
6
6
 *                             \___|\___/|_| \_\_____|
7
7
 *
8
 
 * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 
8
 * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
9
9
 *
10
10
 * This software is licensed as described in the file COPYING, which
11
11
 * you should have received as part of this distribution. The terms
123
123
  {"rsa_des_56_sha",             TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA},
124
124
  {"rsa_rc4_56_sha",             TLS_RSA_EXPORT1024_WITH_RC4_56_SHA},
125
125
  /* AES ciphers. */
 
126
  {"dhe_dss_aes_128_cbc_sha",    TLS_DHE_DSS_WITH_AES_128_CBC_SHA},
 
127
  {"dhe_dss_aes_256_cbc_sha",    TLS_DHE_DSS_WITH_AES_256_CBC_SHA},
 
128
  {"dhe_rsa_aes_128_cbc_sha",    TLS_DHE_RSA_WITH_AES_128_CBC_SHA},
 
129
  {"dhe_rsa_aes_256_cbc_sha",    TLS_DHE_RSA_WITH_AES_256_CBC_SHA},
126
130
  {"rsa_aes_128_sha",            TLS_RSA_WITH_AES_128_CBC_SHA},
127
131
  {"rsa_aes_256_sha",            TLS_RSA_WITH_AES_256_CBC_SHA},
128
 
#ifdef NSS_ENABLE_ECC
129
132
  /* ECC ciphers. */
130
133
  {"ecdh_ecdsa_null_sha",        TLS_ECDH_ECDSA_WITH_NULL_SHA},
131
134
  {"ecdh_ecdsa_rc4_128_sha",     TLS_ECDH_ECDSA_WITH_RC4_128_SHA},
152
155
  {"ecdh_anon_3des_sha",         TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA},
153
156
  {"ecdh_anon_aes_128_sha",      TLS_ECDH_anon_WITH_AES_128_CBC_SHA},
154
157
  {"ecdh_anon_aes_256_sha",      TLS_ECDH_anon_WITH_AES_256_CBC_SHA},
155
 
#endif
156
 
};
157
 
 
158
 
/* following ciphers are new in NSS 3.4 and not enabled by default, therefore
159
 
   they are enabled explicitly */
160
 
static const int enable_ciphers_by_default[] = {
161
 
  TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
162
 
  TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
163
 
  TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
164
 
  TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
165
 
  TLS_RSA_WITH_AES_128_CBC_SHA,
166
 
  TLS_RSA_WITH_AES_256_CBC_SHA,
167
 
  SSL_NULL_WITH_NULL_NULL
 
158
#ifdef TLS_RSA_WITH_NULL_SHA256
 
159
  /* new HMAC-SHA256 cipher suites specified in RFC */
 
160
  {"rsa_null_sha_256",                TLS_RSA_WITH_NULL_SHA256},
 
161
  {"rsa_aes_128_cbc_sha_256",         TLS_RSA_WITH_AES_128_CBC_SHA256},
 
162
  {"rsa_aes_256_cbc_sha_256",         TLS_RSA_WITH_AES_256_CBC_SHA256},
 
163
  {"dhe_rsa_aes_128_cbc_sha_256",     TLS_DHE_RSA_WITH_AES_128_CBC_SHA256},
 
164
  {"dhe_rsa_aes_256_cbc_sha_256",     TLS_DHE_RSA_WITH_AES_256_CBC_SHA256},
 
165
  {"ecdhe_ecdsa_aes_128_cbc_sha_256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256},
 
166
  {"ecdhe_rsa_aes_128_cbc_sha_256",   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256},
 
167
#endif
 
168
#ifdef TLS_RSA_WITH_AES_128_GCM_SHA256
 
169
  /* AES GCM cipher suites in RFC 5288 and RFC 5289 */
 
170
  {"rsa_aes_128_gcm_sha_256",         TLS_RSA_WITH_AES_128_GCM_SHA256},
 
171
  {"dhe_rsa_aes_128_gcm_sha_256",     TLS_DHE_RSA_WITH_AES_128_GCM_SHA256},
 
172
  {"dhe_dss_aes_128_gcm_sha_256",     TLS_DHE_DSS_WITH_AES_128_GCM_SHA256},
 
173
  {"ecdhe_ecdsa_aes_128_gcm_sha_256", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
 
174
  {"ecdh_ecdsa_aes_128_gcm_sha_256",  TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256},
 
175
  {"ecdhe_rsa_aes_128_gcm_sha_256",   TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
 
176
  {"ecdh_rsa_aes_128_gcm_sha_256",    TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256},
 
177
#endif
168
178
};
169
179
 
170
180
static const char* pem_library = "libnsspem.so";
191
201
  PRBool cipher_state[NUM_OF_CIPHERS];
192
202
  PRBool found;
193
203
  char *cipher;
194
 
  SECStatus rv;
195
204
 
196
205
  /* First disable all ciphers. This uses a different max value in case
197
206
   * NSS adds more ciphers later we don't want them available by
198
207
   * accident
199
208
   */
200
209
  for(i=0; i<SSL_NumImplementedCiphers; i++) {
201
 
    SSL_CipherPrefSet(model, SSL_ImplementedCiphers[i], SSL_NOT_ALLOWED);
 
210
    SSL_CipherPrefSet(model, SSL_ImplementedCiphers[i], PR_FALSE);
202
211
  }
203
212
 
204
213
  /* Set every entry in our list to false */
238
247
 
239
248
  /* Finally actually enable the selected ciphers */
240
249
  for(i=0; i<NUM_OF_CIPHERS; i++) {
241
 
    rv = SSL_CipherPrefSet(model, cipherlist[i].num, cipher_state[i]);
242
 
    if(rv != SECSuccess) {
 
250
    if(!cipher_state[i])
 
251
      continue;
 
252
 
 
253
    if(SSL_CipherPrefSet(model, cipherlist[i].num, PR_TRUE) != SECSuccess) {
243
254
      failf(data, "cipher-suite not supported by NSS: %s", cipherlist[i].name);
244
255
      return SECFailure;
245
256
    }
615
626
 */
616
627
static void HandshakeCallback(PRFileDesc *sock, void *arg)
617
628
{
 
629
#ifdef USE_NGHTTP2
 
630
  struct connectdata *conn = (struct connectdata*) arg;
 
631
  unsigned int buflenmax = 50;
 
632
  unsigned char buf[50];
 
633
  unsigned int buflen;
 
634
  SSLNextProtoState state;
 
635
 
 
636
  if(!conn->data->set.ssl_enable_npn && !conn->data->set.ssl_enable_alpn) {
 
637
    return;
 
638
  }
 
639
 
 
640
  if(SSL_GetNextProto(sock, &state, buf, &buflen, buflenmax) == SECSuccess) {
 
641
 
 
642
    switch(state) {
 
643
      case SSL_NEXT_PROTO_NO_SUPPORT:
 
644
      case SSL_NEXT_PROTO_NO_OVERLAP:
 
645
        infof(conn->data, "TLS, neither ALPN nor NPN succeeded\n");
 
646
        return;
 
647
#ifdef SSL_ENABLE_ALPN
 
648
      case SSL_NEXT_PROTO_SELECTED:
 
649
        infof(conn->data, "ALPN, server accepted to use %.*s\n", buflen, buf);
 
650
        break;
 
651
#endif
 
652
      case SSL_NEXT_PROTO_NEGOTIATED:
 
653
        infof(conn->data, "NPN, server accepted to use %.*s\n", buflen, buf);
 
654
        break;
 
655
    }
 
656
 
 
657
    if(buflen == NGHTTP2_PROTO_VERSION_ID_LEN &&
 
658
       memcmp(NGHTTP2_PROTO_VERSION_ID, buf, NGHTTP2_PROTO_VERSION_ID_LEN)
 
659
       == 0) {
 
660
      conn->negnpn = NPN_HTTP2_DRAFT09;
 
661
    }
 
662
    else if(buflen == ALPN_HTTP_1_1_LENGTH && memcmp(ALPN_HTTP_1_1, buf,
 
663
                                                     ALPN_HTTP_1_1_LENGTH)) {
 
664
      conn->negnpn = NPN_HTTP1_1;
 
665
    }
 
666
  }
 
667
#else
618
668
  (void)sock;
619
669
  (void)arg;
 
670
#endif
620
671
}
621
672
 
622
673
static void display_cert_info(struct SessionHandle *data,
1194
1245
    if(data->state.ssl_connect_retry) {
1195
1246
      infof(data, "TLS disabled due to previous handshake failure\n");
1196
1247
      sslver->max = SSL_LIBRARY_VERSION_3_0;
 
1248
      return CURLE_OK;
1197
1249
    }
1198
 
    return CURLE_OK;
 
1250
  /* intentional fall-through to default to highest TLS version if possible */
1199
1251
 
1200
1252
  case CURL_SSLVERSION_TLSv1:
1201
1253
    sslver->min = SSL_LIBRARY_VERSION_TLS_1_0;
1254
1306
  curl_socket_t sockfd = conn->sock[sockindex];
1255
1307
  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
1256
1308
  CURLcode curlerr;
1257
 
  const int *cipher_to_enable;
1258
1309
  PRSocketOptionData sock_opt;
1259
1310
  long time_left;
1260
1311
  PRUint32 timeout;
1264
1315
    SSL_LIBRARY_VERSION_TLS_1_0   /* max */
1265
1316
  };
1266
1317
 
 
1318
#ifdef USE_NGHTTP2
 
1319
#if defined(SSL_ENABLE_NPN) || defined(SSL_ENABLE_ALPN)
 
1320
  unsigned int alpn_protos_len = NGHTTP2_PROTO_VERSION_ID_LEN +
 
1321
      ALPN_HTTP_1_1_LENGTH + 2;
 
1322
  unsigned char alpn_protos[NGHTTP2_PROTO_VERSION_ID_LEN + ALPN_HTTP_1_1_LENGTH
 
1323
      + 2];
 
1324
  int cur = 0;
 
1325
#endif
 
1326
#endif
 
1327
 
 
1328
 
1267
1329
  if(connssl->state == ssl_connection_complete)
1268
1330
    return CURLE_OK;
1269
1331
 
1345
1407
  /* reset the flag to avoid an infinite loop */
1346
1408
  data->state.ssl_connect_retry = FALSE;
1347
1409
 
1348
 
  /* enable all ciphers from enable_ciphers_by_default */
1349
 
  cipher_to_enable = enable_ciphers_by_default;
1350
 
  while(SSL_NULL_WITH_NULL_NULL != *cipher_to_enable) {
1351
 
    if(SSL_CipherPrefSet(model, *cipher_to_enable, PR_TRUE) != SECSuccess) {
1352
 
      curlerr = CURLE_SSL_CIPHER;
1353
 
      goto error;
1354
 
    }
1355
 
    cipher_to_enable++;
1356
 
  }
1357
 
 
1358
1410
  if(data->set.ssl.cipher_list) {
1359
1411
    if(set_ciphers(data, model, data->set.ssl.cipher_list) != SECSuccess) {
1360
1412
      curlerr = CURLE_SSL_CIPHER;
1374
1426
  if(SSL_BadCertHook(model, BadCertHandler, conn) != SECSuccess)
1375
1427
    goto error;
1376
1428
 
1377
 
  if(SSL_HandshakeCallback(model, HandshakeCallback, NULL) != SECSuccess)
 
1429
  if(SSL_HandshakeCallback(model, HandshakeCallback, conn) != SECSuccess)
1378
1430
    goto error;
1379
1431
 
1380
1432
  if(data->set.ssl.verifypeer) {
1437
1489
    SSL_SetPKCS11PinArg(connssl->handle, data->set.str[STRING_KEY_PASSWD]);
1438
1490
  }
1439
1491
 
 
1492
#ifdef USE_NGHTTP2
 
1493
  if(data->set.httpversion == CURL_HTTP_VERSION_2_0) {
 
1494
#ifdef SSL_ENABLE_NPN
 
1495
    if(data->set.ssl_enable_npn) {
 
1496
      if(SSL_OptionSet(connssl->handle, SSL_ENABLE_NPN, PR_TRUE) != SECSuccess)
 
1497
        goto error;
 
1498
    }
 
1499
#endif
 
1500
 
 
1501
#ifdef SSL_ENABLE_ALPN
 
1502
    if(data->set.ssl_enable_alpn) {
 
1503
      if(SSL_OptionSet(connssl->handle, SSL_ENABLE_ALPN, PR_TRUE)
 
1504
          != SECSuccess)
 
1505
        goto error;
 
1506
    }
 
1507
#endif
 
1508
 
 
1509
#if defined(SSL_ENABLE_NPN) || defined(SSL_ENABLE_ALPN)
 
1510
    if(data->set.ssl_enable_npn || data->set.ssl_enable_alpn) {
 
1511
      alpn_protos[cur] = NGHTTP2_PROTO_VERSION_ID_LEN;
 
1512
      cur++;
 
1513
      memcpy(&alpn_protos[cur], NGHTTP2_PROTO_VERSION_ID,
 
1514
          NGHTTP2_PROTO_VERSION_ID_LEN);
 
1515
      cur += NGHTTP2_PROTO_VERSION_ID_LEN;
 
1516
      alpn_protos[cur] = ALPN_HTTP_1_1_LENGTH;
 
1517
      cur++;
 
1518
      memcpy(&alpn_protos[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH);
 
1519
 
 
1520
      if(SSL_SetNextProtoNego(connssl->handle, alpn_protos, alpn_protos_len)
 
1521
          != SECSuccess)
 
1522
        goto error;
 
1523
    }
 
1524
    else {
 
1525
      infof(data, "SSL, can't negotiate HTTP/2.0 with neither NPN nor ALPN\n");
 
1526
    }
 
1527
#endif
 
1528
  }
 
1529
#endif
 
1530
 
 
1531
 
1440
1532
  /* Force handshake on next I/O */
1441
1533
  SSL_ResetHandshake(connssl->handle, /* asServer */ PR_FALSE);
1442
1534