X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fsrc%2Ftls-gnu.c;h=03e704e39e6fcf275ab68d07762004b04a3d961a;hb=86ede124f0ce622b4f73e05504abc11fece021e3;hp=f64b0ae68f53ddbf1d6e896425a78c17ad7c3b24;hpb=be427508c032dc0d47036eb5fea0139e0c63e9e5;p=exim.git diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index f64b0ae68..03e704e39 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -70,14 +70,23 @@ require current GnuTLS, then we'll drop support for the ancient libraries). #if GNUTLS_VERSION_NUMBER >= 0x03010a # define SUPPORT_GNUTLS_SESS_DESC #endif +#if GNUTLS_VERSION_NUMBER >= 0x030300 +# define GNUTLS_AUTO_GLOBAL_INIT +# define GNUTLS_AUTO_PKCS11_MANUAL +#endif #if GNUTLS_VERSION_NUMBER >= 0x030500 # define SUPPORT_GNUTLS_KEYLOG #endif #if GNUTLS_VERSION_NUMBER >= 0x030506 && !defined(DISABLE_OCSP) # define SUPPORT_SRV_OCSP_STACK #endif +#if GNUTLS_VERSION_NUMBER >= 0x030600 +# define GNUTLS_AUTO_DHPARAMS +#endif #if GNUTLS_VERSION_NUMBER >= 0x030603 +# define EXIM_HAVE_TLS1_3 # define SUPPORT_GNUTLS_EXT_RAW_PARSE +# define GNUTLS_OCSP_STATUS_REQUEST_GET2 #endif #ifdef SUPPORT_DANE @@ -115,6 +124,9 @@ options_tls(void) # ifdef EXPERIMENTAL_TLS_RESUME builtin_macro_create_var(US"_RESUME_DECODE", RESUME_DECODE_STRING ); # endif +# ifdef EXIM_HAVE_TLS1_3 +builtin_macro_create(US"_HAVE_TLS1_3"); +# endif } #else @@ -212,11 +224,13 @@ XXX But see gnutls_session_get_ptr() static exim_gnutls_state_st state_server; +#ifndef GNUTLS_AUTO_DHPARAMS /* dh_params are initialised once within the lifetime of a process using TLS; if we used TLS in a long-lived daemon, we'd have to reconsider this. But we don't want to repeat this. */ static gnutls_dh_params_t dh_server_params = NULL; +#endif static int ssl_session_timeout = 7200; /* Two hours */ @@ -291,11 +305,6 @@ static void exim_gnutls_logger_cb(int level, const char *message); static int exim_sni_handling_cb(gnutls_session_t session); -#if !defined(DISABLE_OCSP) -static int server_ocsp_stapling_cb(gnutls_session_t session, void * ptr, - gnutls_datum_t * ocsp_response); -#endif - #ifdef EXPERIMENTAL_TLS_RESUME static int tls_server_ticket_cb(gnutls_session_t sess, u_int htype, unsigned when, @@ -524,6 +533,7 @@ tlsp->sni = state->received_sni; +#ifndef GNUTLS_AUTO_DHPARAMS /************************************************* * Setup up DH parameters * *************************************************/ @@ -546,7 +556,7 @@ init_server_dh(uschar ** errstr) { int fd, rc; unsigned int dh_bits; -gnutls_datum_t m; +gnutls_datum_t m = {.data = NULL, .size = 0}; uschar filename_buf[PATH_MAX]; uschar *filename = NULL; size_t sz; @@ -559,9 +569,6 @@ DEBUG(D_tls) debug_printf("Initialising GnuTLS server params.\n"); if ((rc = gnutls_dh_params_init(&dh_server_params))) return tls_error_gnu(US"gnutls_dh_params_init", rc, host, errstr); -m.data = NULL; -m.size = 0; - if (!expand_check(tls_dhparam, US"tls_dhparam", &exp_tls_dhparam, errstr)) return DEFER; @@ -711,14 +718,12 @@ if (rc < 0) return tls_error_sys(US"Unable to open temp file", errno, NULL, errstr); (void)exim_chown(temp_fn, exim_uid, exim_gid); /* Probably not necessary */ - /* GnuTLS overshoots! - * If we ask for 2236, we might get 2237 or more. - * But there's no way to ask GnuTLS how many bits there really are. - * We can ask how many bits were used in a TLS session, but that's it! - * The prime itself is hidden behind too much abstraction. - * So we ask for less, and proceed on a wing and a prayer. - * First attempt, subtracted 3 for 2233 and got 2240. - */ + /* GnuTLS overshoots! If we ask for 2236, we might get 2237 or more. But + there's no way to ask GnuTLS how many bits there really are. We can ask + how many bits were used in a TLS session, but that's it! The prime itself + is hidden behind too much abstraction. So we ask for less, and proceed on + a wing and a prayer. First attempt, subtracted 3 for 2233 and got 2240. */ + if (dh_bits >= EXIM_CLIENT_DH_MIN_BITS + 10) { dh_bits_gen = dh_bits - 10; @@ -781,6 +786,7 @@ if (rc < 0) DEBUG(D_tls) debug_printf("initialized server D-H parameters\n"); return OK; } +#endif @@ -877,6 +883,32 @@ return -rc; } +#if !defined(DISABLE_OCSP) && !defined(SUPPORT_GNUTLS_EXT_RAW_PARSE) +/* Load an OCSP proof from file for sending by the server. Called +on getting a status-request handshake message, for earlier versions +of GnuTLS. */ + +static int +server_ocsp_stapling_cb(gnutls_session_t session, void * ptr, + gnutls_datum_t * ocsp_response) +{ +int ret; +DEBUG(D_tls) debug_printf("OCSP stapling callback: %s\n", US ptr); + +if ((ret = gnutls_load_file(ptr, ocsp_response)) < 0) + { + DEBUG(D_tls) debug_printf("Failed to load ocsp stapling file %s\n", + CS ptr); + tls_in.ocsp = OCSP_NOT_RESP; + return GNUTLS_E_NO_CERTIFICATE_STATUS; + } + +tls_in.ocsp = OCSP_VFY_NOT_TRIED; +return 0; +} +#endif + + #ifdef SUPPORT_GNUTLS_EXT_RAW_PARSE /* Make a note that we saw a status-request */ static int @@ -886,7 +918,7 @@ tls_server_clienthello_ext(void * ctx, unsigned tls_id, /* https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml */ if (tls_id == 5) /* status_request */ { - DEBUG(D_tls) debug_printf("Seen status_request extension\n"); + DEBUG(D_tls) debug_printf("Seen status_request extension from client\n"); tls_in.ocsp = OCSP_NOT_RESP; } return 0; @@ -901,14 +933,51 @@ tls_server_clienthello_cb(gnutls_session_t session, unsigned int htype, return gnutls_ext_raw_parse(NULL, tls_server_clienthello_ext, msg, GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO); } + + +/* Make a note that we saw a status-response */ +static int +tls_server_servercerts_ext(void * ctx, unsigned tls_id, + const unsigned char *data, unsigned size) +{ +/* debug_printf("%s %u\n", __FUNCTION__, tls_id); */ +/* https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml */ +if (FALSE && tls_id == 5) /* status_request */ + { + DEBUG(D_tls) debug_printf("Seen status_request extension\n"); + tls_in.ocsp = exim_testharness_disable_ocsp_validity_check + ? OCSP_VFY_NOT_TRIED : OCSP_VFIED; /* We know that GnuTLS verifies responses */ + } +return 0; +} + +/* Callback for certificates packet, on server, if we think we might serve stapled-OCSP */ +static int +tls_server_servercerts_cb(gnutls_session_t session, unsigned int htype, + unsigned when, unsigned int incoming, const gnutls_datum_t * msg) +{ +/* Call fn for each extension seen. 3.6.3 onwards */ +#ifdef notdef +/*XXX crashes */ +return gnutls_ext_raw_parse(NULL, tls_server_servercerts_ext, msg, 0); +#endif +} #endif +/*XXX in tls1.3 the cert-status travel as an extension next to the cert, in the + "Handshake Protocol: Certificate" record. +So we need to spot the Certificate handshake message, parse it and spot any status_request extension(s) + +This is different to tls1.2 - where it is a separate record (wireshake term) / handshake message (gnutls term). +*/ + +#if defined(EXPERIMENTAL_TLS_RESUME) || defined(SUPPORT_GNUTLS_EXT_RAW_PARSE) /* Callback for certificate-status, on server. We sent stapled OCSP. */ static int tls_server_certstatus_cb(gnutls_session_t session, unsigned int htype, unsigned when, unsigned int incoming, const gnutls_datum_t * msg) { -DEBUG(D_tls) debug_printf("Sending certificate-status\n"); +DEBUG(D_tls) debug_printf("Sending certificate-status\n"); /*XXX we get this for tls1.2 but not for 1.3 */ #ifdef SUPPORT_SRV_OCSP_STACK tls_in.ocsp = exim_testharness_disable_ocsp_validity_check ? OCSP_VFY_NOT_TRIED : OCSP_VFIED; /* We know that GnuTLS verifies responses */ @@ -923,24 +992,29 @@ static int tls_server_hook_cb(gnutls_session_t sess, u_int htype, unsigned when, unsigned incoming, const gnutls_datum_t * msg) { +/* debug_printf("%s: htype %u\n", __FUNCTION__, htype); */ switch (htype) { -#ifdef SUPPORT_GNUTLS_EXT_RAW_PARSE +# ifdef SUPPORT_GNUTLS_EXT_RAW_PARSE case GNUTLS_HANDSHAKE_CLIENT_HELLO: return tls_server_clienthello_cb(sess, htype, when, incoming, msg); -#endif + case GNUTLS_HANDSHAKE_CERTIFICATE_PKT: + return tls_server_servercerts_cb(sess, htype, when, incoming, msg); +# endif case GNUTLS_HANDSHAKE_CERTIFICATE_STATUS: return tls_server_certstatus_cb(sess, htype, when, incoming, msg); -#ifdef EXPERIMENTAL_TLS_RESUME +# ifdef EXPERIMENTAL_TLS_RESUME case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: return tls_server_ticket_cb(sess, htype, when, incoming, msg); -#endif +# endif default: return 0; } } +#endif +#if !defined(DISABLE_OCSP) && defined(SUPPORT_GNUTLS_EXT_RAW_PARSE) static void tls_server_testharness_ocsp_fiddle(void) { @@ -952,6 +1026,7 @@ if (environ) for (uschar ** p = USS environ; *p; p++) exim_testharness_disable_ocsp_validity_check = TRUE; } } +#endif /************************************************* * Variables re-expanded post-SNI * @@ -1013,6 +1088,18 @@ if ((rc = gnutls_certificate_allocate_credentials(&state->x509_cred))) #ifdef SUPPORT_SRV_OCSP_STACK gnutls_certificate_set_flags(state->x509_cred, GNUTLS_CERTIFICATE_API_V2); + +# if !defined(DISABLE_OCSP) && defined(SUPPORT_GNUTLS_EXT_RAW_PARSE) +if (!host && tls_ocsp_file) + { + if (f.running_in_test_harness) + tls_server_testharness_ocsp_fiddle(); + + if (exim_testharness_disable_ocsp_validity_check) + gnutls_certificate_set_flags(state->x509_cred, + GNUTLS_CERTIFICATE_API_V2 | GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK); + } +# endif #endif /* remember: expand_check_tlsvar() is expand_check() but fiddling with @@ -1040,7 +1127,7 @@ if (state->tls_privatekey && !expand_check_tlsvar(tls_privatekey, errstr)) /* tls_privatekey is optional, defaulting to same file as certificate */ -if (state->tls_privatekey == NULL || *state->tls_privatekey == '\0') +if (!state->tls_privatekey || !*state->tls_privatekey) { state->tls_privatekey = state->tls_certificate; state->exp_tls_privatekey = state->exp_tls_certificate; @@ -1071,8 +1158,11 @@ if (state->exp_tls_certificate && *state->exp_tls_certificate) const uschar * olist; int csep = 0, ksep = 0, osep = 0, cnt = 0; uschar * cfile, * kfile, * ofile; - #ifndef DISABLE_OCSP +# ifdef SUPPORT_GNUTLS_EXT_RAW_PARSE + gnutls_x509_crt_fmt_t ocsp_fmt = GNUTLS_X509_FMT_DER; +# endif + if (!expand_check(tls_ocsp_file, US"tls_ocsp_file", &ofile, errstr)) return DEFER; olist = ofile; @@ -1087,13 +1177,13 @@ if (state->exp_tls_certificate && *state->exp_tls_certificate) else { int gnutls_cert_index = -rc; - DEBUG(D_tls) debug_printf("TLS: cert/key %d %s registered\n", gnutls_cert_index, cfile); - - /* Set the OCSP stapling server info */ + DEBUG(D_tls) debug_printf("TLS: cert/key %d %s registered\n", + gnutls_cert_index, cfile); #ifndef DISABLE_OCSP if (tls_ocsp_file) { + /* Set the OCSP stapling server info */ if (gnutls_buggy_ocsp) { DEBUG(D_tls) @@ -1101,27 +1191,36 @@ if (state->exp_tls_certificate && *state->exp_tls_certificate) } else if ((ofile = string_nextinlist(&olist, &osep, NULL, 0))) { - DEBUG(D_tls) debug_printf("OCSP response file = %s\n", ofile); - + DEBUG(D_tls) debug_printf("OCSP response file %d = %s\n", + gnutls_cert_index, ofile); # ifdef SUPPORT_GNUTLS_EXT_RAW_PARSE - if (f.running_in_test_harness) tls_server_testharness_ocsp_fiddle(); - - if (!exim_testharness_disable_ocsp_validity_check) + if (Ustrncmp(ofile, US"PEM ", 4) == 0) { - if ((rc = gnutls_certificate_set_ocsp_status_request_file2( - state->x509_cred, CCS ofile, gnutls_cert_index, - GNUTLS_X509_FMT_DER)) < 0) - return tls_error_gnu( - US"gnutls_certificate_set_ocsp_status_request_file2", - rc, host, errstr); + ocsp_fmt = GNUTLS_X509_FMT_PEM; + ofile += 4; + } + else if (Ustrncmp(ofile, US"DER ", 4) == 0) + { + ocsp_fmt = GNUTLS_X509_FMT_DER; + ofile += 4; + } + + if ((rc = gnutls_certificate_set_ocsp_status_request_file2( + state->x509_cred, CCS ofile, gnutls_cert_index, + ocsp_fmt)) < 0) + return tls_error_gnu( + US"gnutls_certificate_set_ocsp_status_request_file2", + rc, host, errstr); + DEBUG(D_tls) + debug_printf(" %d response%s loaded\n", rc, rc>1 ? "s":""); - /* Arrange callbacks for OCSP request observability */ + /* Arrange callbacks for OCSP request observability */ - gnutls_handshake_set_hook_function(state->session, - GNUTLS_HANDSHAKE_ANY, GNUTLS_HOOK_POST, tls_server_hook_cb); - } - else -# elif defined(SUPPORT_SRV_OCSP_STACK) + gnutls_handshake_set_hook_function(state->session, + GNUTLS_HANDSHAKE_ANY, GNUTLS_HOOK_POST, tls_server_hook_cb); + +# else +# if defined(SUPPORT_SRV_OCSP_STACK) if ((rc = gnutls_certificate_set_ocsp_status_request_function2( state->x509_cred, gnutls_cert_index, server_ocsp_stapling_cb, ofile))) @@ -1129,7 +1228,7 @@ if (state->exp_tls_certificate && *state->exp_tls_certificate) US"gnutls_certificate_set_ocsp_status_request_function2", rc, host, errstr); else -# endif +# endif { if (cnt++ > 0) { @@ -1137,9 +1236,10 @@ if (state->exp_tls_certificate && *state->exp_tls_certificate) debug_printf("oops; multiple OCSP files not supported\n"); break; } - gnutls_certificate_set_ocsp_status_request_function( - state->x509_cred, server_ocsp_stapling_cb, ofile); + gnutls_certificate_set_ocsp_status_request_function( + state->x509_cred, server_ocsp_stapling_cb, ofile); } +# endif /* SUPPORT_GNUTLS_EXT_RAW_PARSE */ } else DEBUG(D_tls) debug_printf("ran out of OCSP response files in list\n"); @@ -1200,7 +1300,7 @@ else { if (Ustat(state->exp_tls_verify_certificates, &statbuf) < 0) { - log_write(0, LOG_MAIN|LOG_PANIC, "could not stat %s " + log_write(0, LOG_MAIN|LOG_PANIC, "could not stat '%s' " "(tls_verify_certificates): %s", state->exp_tls_verify_certificates, strerror(errno)); return DEFER; @@ -1301,6 +1401,7 @@ tls_set_remaining_x509(exim_gnutls_state_st *state, uschar ** errstr) int rc; const host_item *host = state->host; /* macro should be reconsidered? */ +#ifndef GNUTLS_AUTO_DHPARAMS /* Create D-H parameters, or read them from the cache file. This function does its own SMTP error messaging. This only happens for the server, TLS D-H ignores client-side params. */ @@ -1309,8 +1410,11 @@ if (!state->host) { if (!dh_server_params) if ((rc = init_server_dh(errstr)) != OK) return rc; + + /* Unnecessary & discouraged with 3.6.0 or later */ gnutls_certificate_set_dh_params(state->x509_cred, dh_server_params); } +#endif /* Link the credentials to the session. */ @@ -1397,7 +1501,7 @@ if (!exim_gnutls_base_init_done) { DEBUG(D_tls) debug_printf("GnuTLS global init required.\n"); -#ifdef HAVE_GNUTLS_PKCS11 +#if defined(HAVE_GNUTLS_PKCS11) && !defined(GNUTLS_AUTO_PKCS11_MANUAL) /* By default, gnutls_global_init will init PKCS11 support in auto mode, which loads modules from a config file, which sounds good and may be wanted by some sysadmin, but also means in common configurations that GNOME keyring @@ -1408,8 +1512,10 @@ if (!exim_gnutls_base_init_done) return tls_error_gnu(US"gnutls_pkcs11_init", rc, host, errstr); #endif +#ifndef GNUTLS_AUTO_GLOBAL_INIT if ((rc = gnutls_global_init())) return tls_error_gnu(US"gnutls_global_init", rc, host, errstr); +#endif #if EXIM_GNUTLS_LIBRARY_LOG_LEVEL >= 0 DEBUG(D_tls) @@ -2085,30 +2191,6 @@ return 0; -#if !defined(DISABLE_OCSP) - -static int -server_ocsp_stapling_cb(gnutls_session_t session, void * ptr, - gnutls_datum_t * ocsp_response) -{ -int ret; -DEBUG(D_tls) debug_printf("OCSP stapling callback: %s\n", US ptr); - -if ((ret = gnutls_load_file(ptr, ocsp_response)) < 0) - { - DEBUG(D_tls) debug_printf("Failed to load ocsp stapling file %s\n", - CS ptr); - tls_in.ocsp = OCSP_NOT_RESP; - return GNUTLS_E_NO_CERTIFICATE_STATUS; - } - -tls_in.ocsp = OCSP_VFY_NOT_TRIED; -return 0; -} - -#endif - - #ifndef DISABLE_EVENT /* We use this callback to get observability and detail-level control @@ -2176,16 +2258,17 @@ post_handshake_debug(exim_gnutls_state_st * state) #ifdef SUPPORT_GNUTLS_SESS_DESC debug_printf("%s\n", gnutls_session_get_desc(state->session)); #endif + #ifdef SUPPORT_GNUTLS_KEYLOG -# ifdef GNUTLS_TLS1_3 +# ifdef EXIM_HAVE_TLS1_3 if (gnutls_protocol_get_version(state->session) < GNUTLS_TLS1_3) -#else +# else if (TRUE) -#endif +# endif { gnutls_datum_t c, s; gstring * gc, * gs; - /* we only want the client random and the master secret */ + /* For TLS1.2 we only want the client random and the master secret */ gnutls_session_get_random(state->session, &c, &s); gnutls_session_get_master_secret(state->session, &s); gc = ddump(&c); @@ -2197,7 +2280,9 @@ else " set environment variable SSLKEYLOGFILE to a filename writable by uid exim\n" " add SSLKEYLOGFILE to keep_environment in the exim config\n" " run exim as root\n" - " if using sudo, add SSLKEYLOGFILE to env_keep in /etc/sudoers\n"); + " if using sudo, add SSLKEYLOGFILE to env_keep in /etc/sudoers\n" + " (works for TLS1.2 also, and saves cut-paste into file)" + " Trying to use add_environment for this will not work\n"); #endif } @@ -2874,16 +2959,26 @@ if (request_ocsp) gnutls_datum_t stapling; gnutls_ocsp_resp_t resp; gnutls_datum_t printed; - if ( (rc= gnutls_ocsp_status_request_get(state->session, &stapling)) == 0 - && (rc= gnutls_ocsp_resp_init(&resp)) == 0 - && (rc= gnutls_ocsp_resp_import(resp, &stapling)) == 0 - && (rc= gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_FULL, &printed)) == 0 - ) - { - debug_printf("%.4096s", printed.data); - gnutls_free(printed.data); - } - else + unsigned idx = 0; + + for (; +# ifdef GNUTLS_OCSP_STATUS_REQUEST_GET2 + (rc = gnutls_ocsp_status_request_get2(state->session, idx, &stapling)) == 0; +#else + (rc = gnutls_ocsp_status_request_get(state->session, &stapling)) == 0; +#endif + idx++) + if ( (rc= gnutls_ocsp_resp_init(&resp)) == 0 + && (rc= gnutls_ocsp_resp_import(resp, &stapling)) == 0 + && (rc= gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_COMPACT, &printed)) == 0 + ) + { + debug_printf("%.4096s", printed.data); + gnutls_free(printed.data); + } + else + (void) tls_error_gnu(US"ocsp decode", rc, state->host, errstr); + if (idx == 0 && rc) (void) tls_error_gnu(US"ocsp decode", rc, state->host, errstr); } @@ -3329,24 +3424,33 @@ gnutls_priority_t priority_cache; const char *errpos; uschar * dummy_errstr; -#define validate_check_rc(Label) do { \ +#ifdef GNUTLS_AUTO_GLOBAL_INIT +# define validate_check_rc(Label) do { \ + if (rc != GNUTLS_E_SUCCESS) { if (exim_gnutls_base_init_done) \ + return string_sprintf("%s failed: %s", (Label), gnutls_strerror(rc)); } } while (0) +# define return_deinit(Label) do { return (Label); } while (0) +#else +# define validate_check_rc(Label) do { \ if (rc != GNUTLS_E_SUCCESS) { if (exim_gnutls_base_init_done) gnutls_global_deinit(); \ - return string_sprintf("%s failed: %s", (Label), gnutls_strerror(rc)); } } while (0) -#define return_deinit(Label) do { gnutls_global_deinit(); return (Label); } while (0) + return string_sprintf("%s failed: %s", (Label), gnutls_strerror(rc)); } } while (0) +# define return_deinit(Label) do { gnutls_global_deinit(); return (Label); } while (0) +#endif if (exim_gnutls_base_init_done) log_write(0, LOG_MAIN|LOG_PANIC, "already initialised GnuTLS, Exim developer bug"); -#ifdef HAVE_GNUTLS_PKCS11 +#if defined(HAVE_GNUTLS_PKCS11) && !defined(GNUTLS_AUTO_PKCS11_MANUAL) if (!gnutls_allow_auto_pkcs11) { rc = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); validate_check_rc(US"gnutls_pkcs11_init"); } #endif +#ifndef GNUTLS_AUTO_GLOBAL_INIT rc = gnutls_global_init(); validate_check_rc(US"gnutls_global_init()"); +#endif exim_gnutls_base_init_done = TRUE; if (!(tls_require_ciphers && *tls_require_ciphers)) @@ -3369,7 +3473,9 @@ validate_check_rc(string_sprintf( #undef return_deinit #undef validate_check_rc +#ifndef GNUTLS_AUTO_GLOBAL_INIT gnutls_global_deinit(); +#endif return NULL; }