2 * gtlsconnection-openssl.c
4 * Copyright (C) 2015 NICE s.r.l.
6 * This file is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This file is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public License
17 * along with this program. If not, see <http://www.gnu.org/licenses/>.
19 * In addition, when the library is used with OpenSSL, a special
20 * exception applies. Refer to the LICENSE_EXCEPTION file for details.
22 * Authors: Ignacio Casal Quinteiro
30 #include "openssl-include.h"
32 #include "gtlsconnection-openssl.h"
33 #include "gtlsbackend-openssl.h"
34 #include "gtlscertificate-openssl.h"
35 #include "gtlsfiledatabase-openssl.h"
38 #include <glib/gi18n-lib.h>
40 typedef struct _GTlsConnectionOpensslPrivate
44 GTlsCertificate *peer_certificate_tmp;
45 GTlsCertificateFlags peer_certificate_errors_tmp;
47 gboolean shutting_down;
48 } GTlsConnectionOpensslPrivate;
50 static void g_tls_connection_openssl_initable_iface_init (GInitableIface *iface);
52 G_DEFINE_ABSTRACT_TYPE_WITH_CODE (GTlsConnectionOpenssl, g_tls_connection_openssl, G_TYPE_TLS_CONNECTION_BASE,
53 G_ADD_PRIVATE (GTlsConnectionOpenssl)
54 G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE,
55 g_tls_connection_openssl_initable_iface_init))
58 g_tls_connection_openssl_finalize (GObject *object)
60 GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (object);
61 GTlsConnectionOpensslPrivate *priv;
63 priv = g_tls_connection_openssl_get_instance_private (openssl);
65 g_clear_object (&priv->peer_certificate_tmp);
67 G_OBJECT_CLASS (g_tls_connection_openssl_parent_class)->finalize (object);
70 static GTlsConnectionBaseStatus
71 end_openssl_io (GTlsConnectionOpenssl *openssl,
72 GIOCondition direction,
76 ...) G_GNUC_PRINTF(5, 6);
78 static GTlsConnectionBaseStatus
79 end_openssl_io (GTlsConnectionOpenssl *openssl,
80 GIOCondition direction,
86 GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (openssl);
87 GTlsConnectionOpensslPrivate *priv;
88 int err_code, err, err_lib, reason;
89 GError *my_error = NULL;
90 GTlsConnectionBaseStatus status;
93 priv = g_tls_connection_openssl_get_instance_private (openssl);
95 ssl = g_tls_connection_openssl_get_ssl (openssl);
97 err_code = SSL_get_error (ssl, ret);
99 status = g_tls_connection_base_pop_io (tls, direction, ret > 0, &my_error);
101 /* NOTE: this is tricky! The tls bio will set to retry if the operation
102 * would block, and we would get an error code with WANT_READ or WANT_WRITE,
103 * though if in that case we try again we would end up in an infinite loop
104 * since we will not let the glib main loop to do its stuff and we would
105 * be getting a would block forever. Instead we need to also check the error
106 * we get from the socket operation to understand whether to try again. See
107 * that we propagate the WOULD_BLOCK error a bit more down.
109 if ((err_code == SSL_ERROR_WANT_READ ||
110 err_code == SSL_ERROR_WANT_WRITE) &&
111 status != G_TLS_CONNECTION_BASE_WOULD_BLOCK)
114 g_error_free (my_error);
115 return G_TLS_CONNECTION_BASE_TRY_AGAIN;
118 if (err_code == SSL_ERROR_ZERO_RETURN)
119 return G_TLS_CONNECTION_BASE_OK;
121 if (status == G_TLS_CONNECTION_BASE_OK ||
122 status == G_TLS_CONNECTION_BASE_WOULD_BLOCK ||
123 status == G_TLS_CONNECTION_BASE_TIMED_OUT)
126 g_propagate_error (error, my_error);
130 /* This case is documented that it may happen and that is perfectly fine */
131 if (err_code == SSL_ERROR_SYSCALL && priv->shutting_down && !my_error)
132 return G_TLS_CONNECTION_BASE_OK;
134 err = ERR_get_error ();
135 err_lib = ERR_GET_LIB (err);
136 reason = ERR_GET_REASON (err);
138 if (tls->handshaking && !tls->ever_handshaked)
140 if (reason == SSL_R_BAD_PACKET_LENGTH ||
141 reason == SSL_R_UNKNOWN_ALERT_TYPE ||
142 reason == SSL_R_DECRYPTION_FAILED ||
143 reason == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC ||
144 reason == SSL_R_BAD_PROTOCOL_VERSION_NUMBER ||
145 reason == SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE ||
146 reason == SSL_R_UNKNOWN_PROTOCOL)
148 g_clear_error (&my_error);
149 g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_NOT_TLS,
150 _("Peer failed to perform TLS handshake"));
151 return G_TLS_CONNECTION_BASE_ERROR;
155 #ifdef SSL_R_SHUTDOWN_WHILE_IN_INIT
156 /* XXX: this error happens on ubuntu when shutting down the connection, it
157 * seems to be a bug in a specific version of openssl, so let's handle it
160 if (reason == SSL_R_SHUTDOWN_WHILE_IN_INIT)
162 g_clear_error (&my_error);
163 return G_TLS_CONNECTION_BASE_OK;
167 if (reason == SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE
168 #ifdef SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED
169 || reason == SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED
173 g_clear_error (&my_error);
174 g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_CERTIFICATE_REQUIRED,
175 _("TLS connection peer did not send a certificate"));
179 if (err_lib == ERR_LIB_RSA && reason == RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY)
181 g_clear_error (&my_error);
182 g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
183 _("Digest too big for RSA key"));
184 return G_TLS_CONNECTION_BASE_ERROR;
187 if (my_error != NULL)
188 g_propagate_error (error, my_error);
190 /* FIXME: this is just for debug */
191 g_message ("end_openssl_io %s: %d, %d, %d", G_IS_TLS_CLIENT_CONNECTION (openssl) ? "client" : "server", err_code, err_lib, reason);
193 if (error && !*error)
197 va_start (ap, err_fmt);
198 *error = g_error_new_valist (G_TLS_ERROR, G_TLS_ERROR_MISC, err_fmt, ap);
202 return G_TLS_CONNECTION_BASE_ERROR;
205 #define BEGIN_OPENSSL_IO(openssl, direction, blocking, cancellable) \
206 g_tls_connection_base_push_io (G_TLS_CONNECTION_BASE (openssl), \
207 direction, blocking, cancellable); \
211 #define END_OPENSSL_IO(openssl, direction, ret, status, errmsg, err) \
212 ERR_error_string_n (SSL_get_error (ssl, ret), error_str, sizeof(error_str)); \
213 status = end_openssl_io (openssl, direction, ret, err, errmsg, error_str); \
214 } while (status == G_TLS_CONNECTION_BASE_TRY_AGAIN);
216 static GTlsConnectionBaseStatus
217 g_tls_connection_openssl_request_rehandshake (GTlsConnectionBase *tls,
218 GCancellable *cancellable,
221 GTlsConnectionOpenssl *openssl;
222 GTlsConnectionBaseStatus status;
226 /* On a client-side connection, SSL_renegotiate() itself will start
227 * a rehandshake, so we only need to do something special here for
228 * server-side connections.
230 if (!G_IS_TLS_SERVER_CONNECTION (tls))
231 return G_TLS_CONNECTION_BASE_OK;
233 openssl = G_TLS_CONNECTION_OPENSSL (tls);
235 if (tls->rehandshake_mode == G_TLS_REHANDSHAKE_NEVER)
237 g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
238 _("Peer requested illegal TLS rehandshake"));
239 return G_TLS_CONNECTION_BASE_ERROR;
242 ssl = g_tls_connection_openssl_get_ssl (openssl);
244 BEGIN_OPENSSL_IO (openssl, G_IO_IN | G_IO_OUT, TRUE, cancellable);
245 ret = SSL_renegotiate (ssl);
246 END_OPENSSL_IO (openssl, G_IO_IN | G_IO_OUT, ret, status,
247 _("Error performing TLS handshake: %s"), error);
252 static GTlsCertificate *
253 get_peer_certificate (GTlsConnectionOpenssl *openssl)
256 STACK_OF (X509) *certs;
257 GTlsCertificateOpenssl *chain;
260 ssl = g_tls_connection_openssl_get_ssl (openssl);
262 peer = SSL_get_peer_certificate (ssl);
266 certs = SSL_get_peer_cert_chain (ssl);
273 chain = g_tls_certificate_openssl_build_chain (peer, certs);
278 return G_TLS_CERTIFICATE (chain);
281 static GTlsCertificateFlags
282 verify_ocsp_response (GTlsConnectionOpenssl *openssl,
283 GTlsDatabase *database,
284 GTlsCertificate *peer_certificate)
286 #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
287 !defined(OPENSSL_NO_OCSP)
289 OCSP_RESPONSE *resp = NULL;
291 unsigned char *p = NULL;
293 ssl = g_tls_connection_openssl_get_ssl (openssl);
294 len = SSL_get_tlsext_status_ocsp_resp (ssl, &p);
295 /* Soft fail in case of no response is the best we can do */
299 resp = d2i_OCSP_RESPONSE (NULL, (const unsigned char **) &p, len);
301 return G_TLS_CERTIFICATE_GENERIC_ERROR;
303 return g_tls_file_database_openssl_verify_ocsp_response (database,
311 static GTlsCertificateFlags
312 verify_peer_certificate (GTlsConnectionOpenssl *openssl,
313 GTlsCertificate *peer_certificate)
315 GTlsConnection *conn = G_TLS_CONNECTION (openssl);
316 GSocketConnectable *peer_identity;
317 GTlsDatabase *database;
318 GTlsCertificateFlags errors;
321 is_client = G_IS_TLS_CLIENT_CONNECTION (openssl);
323 peer_identity = g_tls_client_connection_get_server_identity (G_TLS_CLIENT_CONNECTION (openssl));
325 peer_identity = NULL;
329 database = g_tls_connection_get_database (conn);
330 if (database == NULL)
332 errors |= G_TLS_CERTIFICATE_UNKNOWN_CA;
333 errors |= g_tls_certificate_verify (peer_certificate, peer_identity, NULL);
337 GError *error = NULL;
339 errors |= g_tls_database_verify_chain (database, peer_certificate,
341 G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER :
342 G_TLS_DATABASE_PURPOSE_AUTHENTICATE_CLIENT,
344 g_tls_connection_get_interaction (conn),
345 G_TLS_DATABASE_VERIFY_NONE,
349 g_warning ("failure verifying certificate chain: %s",
351 g_assert (errors != 0);
352 g_clear_error (&error);
356 if (is_client && (errors == 0))
357 errors = verify_ocsp_response (openssl, database, peer_certificate);
362 static GTlsConnectionBaseStatus
363 g_tls_connection_openssl_handshake (GTlsConnectionBase *tls,
364 GCancellable *cancellable,
367 GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (tls);
368 GTlsConnectionOpensslPrivate *priv;
369 GTlsConnectionBaseStatus status;
373 priv = g_tls_connection_openssl_get_instance_private (openssl);
375 ssl = g_tls_connection_openssl_get_ssl (openssl);
377 BEGIN_OPENSSL_IO (openssl, G_IO_IN | G_IO_OUT, TRUE, cancellable);
378 ret = SSL_do_handshake (ssl);
379 END_OPENSSL_IO (openssl, G_IO_IN | G_IO_OUT, ret, status,
380 _("Error performing TLS handshake: %s"), error);
384 priv->peer_certificate_tmp = get_peer_certificate (openssl);
385 if (priv->peer_certificate_tmp)
386 priv->peer_certificate_errors_tmp = verify_peer_certificate (openssl, priv->peer_certificate_tmp);
387 else if (G_IS_TLS_CLIENT_CONNECTION (openssl))
389 g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
390 _("Server did not return a valid TLS certificate"));
397 static GTlsConnectionBaseStatus
398 g_tls_connection_openssl_complete_handshake (GTlsConnectionBase *tls,
401 GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (tls);
402 GTlsConnectionOpensslPrivate *priv;
403 GTlsCertificate *peer_certificate;
404 GTlsCertificateFlags peer_certificate_errors = 0;
405 GTlsConnectionBaseStatus status = G_TLS_CONNECTION_BASE_OK;
407 priv = g_tls_connection_openssl_get_instance_private (openssl);
409 peer_certificate = priv->peer_certificate_tmp;
410 priv->peer_certificate_tmp = NULL;
411 peer_certificate_errors = priv->peer_certificate_errors_tmp;
412 priv->peer_certificate_errors_tmp = 0;
414 if (peer_certificate)
416 if (!g_tls_connection_base_accept_peer_certificate (tls, peer_certificate,
417 peer_certificate_errors))
419 g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
420 _("Unacceptable TLS certificate"));
421 status = G_TLS_CONNECTION_BASE_ERROR;
424 g_tls_connection_base_set_peer_certificate (G_TLS_CONNECTION_BASE (openssl),
426 peer_certificate_errors);
427 g_clear_object (&peer_certificate);
434 g_tls_connection_openssl_push_io (GTlsConnectionBase *tls,
435 GIOCondition direction,
437 GCancellable *cancellable)
439 GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (tls);
440 GTlsConnectionOpensslPrivate *priv;
442 priv = g_tls_connection_openssl_get_instance_private (openssl);
444 G_TLS_CONNECTION_BASE_CLASS (g_tls_connection_openssl_parent_class)->push_io (tls, direction,
445 blocking, cancellable);
447 if (direction & G_IO_IN)
449 g_tls_bio_set_read_cancellable (priv->bio, cancellable);
450 g_tls_bio_set_read_blocking (priv->bio, blocking);
451 g_clear_error (&tls->read_error);
452 g_tls_bio_set_read_error (priv->bio, &tls->read_error);
455 if (direction & G_IO_OUT)
457 g_tls_bio_set_write_cancellable (priv->bio, cancellable);
458 g_tls_bio_set_write_blocking (priv->bio, blocking);
459 g_clear_error (&tls->write_error);
460 g_tls_bio_set_write_error (priv->bio, &tls->write_error);
464 static GTlsConnectionBaseStatus
465 g_tls_connection_openssl_pop_io (GTlsConnectionBase *tls,
466 GIOCondition direction,
470 GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (tls);
471 GTlsConnectionOpensslPrivate *priv;
473 priv = g_tls_connection_openssl_get_instance_private (openssl);
475 if (direction & G_IO_IN)
476 g_tls_bio_set_read_cancellable (priv->bio, NULL);
478 if (direction & G_IO_OUT)
479 g_tls_bio_set_write_cancellable (priv->bio, NULL);
481 return G_TLS_CONNECTION_BASE_CLASS (g_tls_connection_openssl_parent_class)->pop_io (tls, direction,
485 static GTlsConnectionBaseStatus
486 g_tls_connection_openssl_read (GTlsConnectionBase *tls,
491 GCancellable *cancellable,
494 GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (tls);
495 GTlsConnectionBaseStatus status;
499 ssl = g_tls_connection_openssl_get_ssl (openssl);
501 BEGIN_OPENSSL_IO (openssl, G_IO_IN, blocking, cancellable);
502 ret = SSL_read (ssl, buffer, count);
503 END_OPENSSL_IO (openssl, G_IO_IN, ret, status,
504 _("Error reading data from TLS socket: %s"), error);
511 static GTlsConnectionBaseStatus
512 g_tls_connection_openssl_write (GTlsConnectionBase *tls,
517 GCancellable *cancellable,
520 GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (tls);
521 GTlsConnectionBaseStatus status;
525 ssl = g_tls_connection_openssl_get_ssl (openssl);
527 BEGIN_OPENSSL_IO (openssl, G_IO_OUT, blocking, cancellable);
528 ret = SSL_write (ssl, buffer, count);
529 END_OPENSSL_IO (openssl, G_IO_OUT, ret, status,
530 _("Error writing data to TLS socket: %s"), error);
537 static GTlsConnectionBaseStatus
538 g_tls_connection_openssl_close (GTlsConnectionBase *tls,
539 GCancellable *cancellable,
542 GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (tls);
543 GTlsConnectionOpensslPrivate *priv;
544 GTlsConnectionBaseStatus status;
548 ssl = g_tls_connection_openssl_get_ssl (openssl);
549 priv = g_tls_connection_openssl_get_instance_private (openssl);
551 priv->shutting_down = TRUE;
553 BEGIN_OPENSSL_IO (openssl, G_IO_IN | G_IO_OUT, TRUE, cancellable);
554 ret = SSL_shutdown (ssl);
555 END_OPENSSL_IO (openssl, G_IO_IN | G_IO_OUT, ret, status,
556 _("Error performing TLS close: %s"), error);
562 g_tls_connection_openssl_class_init (GTlsConnectionOpensslClass *klass)
564 GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
565 GTlsConnectionBaseClass *base_class = G_TLS_CONNECTION_BASE_CLASS (klass);
567 gobject_class->finalize = g_tls_connection_openssl_finalize;
569 base_class->request_rehandshake = g_tls_connection_openssl_request_rehandshake;
570 base_class->handshake = g_tls_connection_openssl_handshake;
571 base_class->complete_handshake = g_tls_connection_openssl_complete_handshake;
572 base_class->push_io = g_tls_connection_openssl_push_io;
573 base_class->pop_io = g_tls_connection_openssl_pop_io;
574 base_class->read_fn = g_tls_connection_openssl_read;
575 base_class->write_fn = g_tls_connection_openssl_write;
576 base_class->close_fn = g_tls_connection_openssl_close;
580 g_tls_connection_openssl_initable_init (GInitable *initable,
581 GCancellable *cancellable,
584 GTlsConnectionOpenssl *openssl = G_TLS_CONNECTION_OPENSSL (initable);
585 GTlsConnectionOpensslPrivate *priv;
586 GTlsConnectionBase *tls = G_TLS_CONNECTION_BASE (initable);
589 g_return_val_if_fail (tls->base_istream != NULL &&
590 tls->base_ostream != NULL, FALSE);
592 priv = g_tls_connection_openssl_get_instance_private (openssl);
594 ssl = g_tls_connection_openssl_get_ssl (openssl);
595 g_assert (ssl != NULL);
597 priv->bio = g_tls_bio_new (tls->base_io_stream);
599 SSL_set_bio (ssl, priv->bio, priv->bio);
605 g_tls_connection_openssl_initable_iface_init (GInitableIface *iface)
607 iface->init = g_tls_connection_openssl_initable_init;
611 g_tls_connection_openssl_init (GTlsConnectionOpenssl *openssl)
616 g_tls_connection_openssl_get_ssl (GTlsConnectionOpenssl *openssl)
618 g_return_val_if_fail (G_IS_TLS_CONNECTION_OPENSSL (openssl), NULL);
620 return G_TLS_CONNECTION_OPENSSL_GET_CLASS (openssl)->get_ssl (openssl);
624 g_tls_connection_openssl_request_certificate (GTlsConnectionOpenssl *openssl,
627 GTlsInteractionResult res = G_TLS_INTERACTION_UNHANDLED;
628 GTlsInteraction *interaction;
629 GTlsConnection *conn;
630 GTlsConnectionBase *tls;
632 g_return_val_if_fail (G_IS_TLS_CONNECTION_OPENSSL (openssl), FALSE);
634 conn = G_TLS_CONNECTION (openssl);
635 tls = G_TLS_CONNECTION_BASE (openssl);
637 interaction = g_tls_connection_get_interaction (conn);
641 res = g_tls_interaction_invoke_request_certificate (interaction, conn, 0,
642 tls->read_cancellable, error);
643 return res != G_TLS_INTERACTION_FAILED;