X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fsrc%2Ftls-openssl.c;h=9816f734f3018a0bcf0638139c759a9dc144d7fa;hb=8f07c250406da2612e1546e153b4a61a51262692;hp=7f41c106eecef2e5ab49666017c0d650a5c63813;hpb=925ac8e4f1c5d365ddea2f7aee460cd0a3cd409d;p=exim.git diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 7f41c106e..9816f734f 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -29,7 +29,7 @@ functions from the OpenSSL library. */ # include #endif #ifdef EXPERIMENTAL_DANE -# include +# include "danessl.h" #endif @@ -69,6 +69,7 @@ functions from the OpenSSL library. */ #ifndef LIBRESSL_VERSION_NUMBER # if OPENSSL_VERSION_NUMBER >= 0x010100000L # define EXIM_HAVE_OPENSSL_CHECKHOST +# define EXIM_HAVE_OPENSSL_DH_BITS # endif # if OPENSSL_VERSION_NUMBER >= 0x010000000L \ && (OPENSSL_VERSION_NUMBER & 0x0000ff000L) >= 0x000002000L @@ -227,14 +228,13 @@ return host ? FAIL : DEFER; -#ifdef EXIM_HAVE_EPHEM_RSA_KEX /************************************************* * Callback to generate RSA key * *************************************************/ /* Arguments: - s SSL connection + s SSL connection (not used) export not used keylength keylength @@ -269,7 +269,6 @@ if (!(rsa_key = RSA_generate_key(keylength, RSA_F4, NULL, NULL))) } return rsa_key; } -#endif @@ -383,11 +382,13 @@ dn[sizeof(dn)-1] = '\0'; if (preverify_ok == 0) { - log_write(0, LOG_MAIN, "[%s] SSL verify error: depth=%d error=%s cert=%s", - tlsp == &tls_out ? deliver_host_address : sender_host_address, - depth, - X509_verify_cert_error_string(X509_STORE_CTX_get_error(x509ctx)), - dn); + uschar * extra = verify_mode ? string_sprintf(" (during %c-verify for [%s])", + *verify_mode, sender_host_address) + : US""; + log_write(0, LOG_MAIN, "[%s] SSL verify error%s: depth=%d error=%s cert=%s", + tlsp == &tls_out ? deliver_host_address : sender_host_address, + extra, depth, + X509_verify_cert_error_string(X509_STORE_CTX_get_error(x509ctx)), dn); *calledp = TRUE; if (!*optionalp) { @@ -448,7 +449,7 @@ else if (rc < 0) { log_write(0, LOG_MAIN, "[%s] SSL verify error: internal error", - deliver_host_address); + tlsp == &tls_out ? deliver_host_address : sender_host_address); name = NULL; } break; @@ -458,10 +459,14 @@ else if (!tls_is_name_for_cert(verify_cert_hostnames, cert)) #endif { + uschar * extra = verify_mode + ? string_sprintf(" (during %c-verify for [%s])", + *verify_mode, sender_host_address) + : US""; log_write(0, LOG_MAIN, - "[%s] SSL verify error: certificate name mismatch: " - "DN=\"%s\" H=\"%s\"", - deliver_host_address, dn, verify_cert_hostnames); + "[%s] SSL verify error%s: certificate name mismatch: DN=\"%s\" H=\"%s\"", + tlsp == &tls_out ? deliver_host_address : sender_host_address, + extra, dn, verify_cert_hostnames); *calledp = TRUE; if (!*optionalp) { @@ -595,6 +600,7 @@ BIO *bio; DH *dh; uschar *dhexpanded; const char *pem; +int dh_bitsize; if (!expand_check(dhparam, US"tls_dhparam", &dhexpanded, errstr)) return FALSE; @@ -635,21 +641,34 @@ if (!(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL))) return FALSE; } +/* note: our default limit of 2236 is not a multiple of 8; the limit comes from + * an NSS limit, and the GnuTLS APIs handle bit-sizes fine, so we went with + * 2236. But older OpenSSL can only report in bytes (octets), not bits. + * If someone wants to dance at the edge, then they can raise the limit or use + * current libraries. */ +#ifdef EXIM_HAVE_OPENSSL_DH_BITS +/* Added in commit 26c79d5641d; `git describe --contains` says OpenSSL_1_1_0-pre1~1022 + * This predates OpenSSL_1_1_0 (before a, b, ...) so is in all 1.1.0 */ +dh_bitsize = DH_bits(dh); +#else +dh_bitsize = 8 * DH_size(dh); +#endif + /* Even if it is larger, we silently return success rather than cause things * to fail out, so that a too-large DH will not knock out all TLS; it's a * debatable choice. */ -if ((8*DH_size(dh)) > tls_dh_max_bits) +if (dh_bitsize > tls_dh_max_bits) { DEBUG(D_tls) debug_printf("dhparams file %d bits, is > tls_dh_max_bits limit of %d\n", - 8*DH_size(dh), tls_dh_max_bits); + dh_bitsize, tls_dh_max_bits); } else { SSL_CTX_set_tmp_dh(sctx, dh); DEBUG(D_tls) debug_printf("Diffie-Hellman initialized from %s with %d-bit prime\n", - dhexpanded ? dhexpanded : US"default", 8*DH_size(dh)); + dhexpanded ? dhexpanded : US"default", dh_bitsize); } DH_free(dh); @@ -956,8 +975,7 @@ if (!(x509 = X509_new())) goto err; where = US"generating pkey"; - /* deprecated, use RSA_generate_key_ex() */ -if (!(rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL))) +if (!(rsa = rsa_callback(NULL, 0, 1024))) goto err; where = US"assigning pkey"; @@ -1003,6 +1021,30 @@ err: +static int +tls_add_certfile(SSL_CTX * sctx, tls_ext_ctx_cb * cbinfo, uschar * file, + uschar ** errstr) +{ +DEBUG(D_tls) debug_printf("tls_certificate file %s\n", file); +if (!SSL_CTX_use_certificate_chain_file(sctx, CS file)) + return tls_error(string_sprintf( + "SSL_CTX_use_certificate_chain_file file=%s", file), + cbinfo->host, NULL, errstr); +return 0; +} + +static int +tls_add_pkeyfile(SSL_CTX * sctx, tls_ext_ctx_cb * cbinfo, uschar * file, + uschar ** errstr) +{ +DEBUG(D_tls) debug_printf("tls_privatekey file %s\n", file); +if (!SSL_CTX_use_PrivateKey_file(sctx, CS file, SSL_FILETYPE_PEM)) + return tls_error(string_sprintf( + "SSL_CTX_use_PrivateKey_file file=%s", file), cbinfo->host, NULL, errstr); +return 0; +} + + /************************************************* * Expand key and cert file specs * *************************************************/ @@ -1027,7 +1069,7 @@ uschar *expanded; if (!cbinfo->certificate) { - if (cbinfo->host) /* client */ + if (!cbinfo->is_server) /* client */ return OK; /* server */ if (tls_install_selfsign(sctx, errstr) != OK) @@ -1035,6 +1077,8 @@ if (!cbinfo->certificate) } else { + int err; + if (Ustrstr(cbinfo->certificate, US"tls_sni") || Ustrstr(cbinfo->certificate, US"tls_in_sni") || Ustrstr(cbinfo->certificate, US"tls_out_sni") @@ -1044,14 +1088,20 @@ else if (!expand_check(cbinfo->certificate, US"tls_certificate", &expanded, errstr)) return DEFER; - if (expanded != NULL) - { - DEBUG(D_tls) debug_printf("tls_certificate file %s\n", expanded); - if (!SSL_CTX_use_certificate_chain_file(sctx, CS expanded)) - return tls_error(string_sprintf( - "SSL_CTX_use_certificate_chain_file file=%s", expanded), - cbinfo->host, NULL, errstr); - } + if (expanded) + if (cbinfo->is_server) + { + const uschar * file_list = expanded; + int sep = 0; + uschar * file; + + while (file = string_nextinlist(&file_list, &sep, NULL, 0)) + if ((err = tls_add_certfile(sctx, cbinfo, file, errstr))) + return err; + } + else /* would there ever be a need for multiple client certs? */ + if ((err = tls_add_certfile(sctx, cbinfo, expanded, errstr))) + return err; if (cbinfo->privatekey != NULL && !expand_check(cbinfo->privatekey, US"tls_privatekey", &expanded, errstr)) @@ -1062,12 +1112,19 @@ else key is in the same file as the certificate. */ if (expanded && *expanded) - { - DEBUG(D_tls) debug_printf("tls_privatekey file %s\n", expanded); - if (!SSL_CTX_use_PrivateKey_file(sctx, CS expanded, SSL_FILETYPE_PEM)) - return tls_error(string_sprintf( - "SSL_CTX_use_PrivateKey_file file=%s", expanded), cbinfo->host, NULL, errstr); - } + if (cbinfo->is_server) + { + const uschar * file_list = expanded; + int sep = 0; + uschar * file; + + while (file = string_nextinlist(&file_list, &sep, NULL, 0)) + if ((err = tls_add_pkeyfile(sctx, cbinfo, file, errstr))) + return err; + } + else /* would there ever be a need for multiple client certs? */ + if ((err = tls_add_pkeyfile(sctx, cbinfo, expanded, errstr))) + return err; } #ifndef DISABLE_OCSP @@ -1478,9 +1535,9 @@ if (!RAND_status()) gettimeofday(&r.tv, NULL); r.p = getpid(); - RAND_seed((uschar *)(&r), sizeof(r)); - RAND_seed((uschar *)big_buffer, big_buffer_size); - if (addr != NULL) RAND_seed((uschar *)addr, sizeof(addr)); + RAND_seed(US (&r), sizeof(r)); + RAND_seed(US big_buffer, big_buffer_size); + if (addr != NULL) RAND_seed(US addr, sizeof(addr)); if (!RAND_status()) return tls_error(US"RAND_status", host, @@ -2483,8 +2540,7 @@ if (n > 0) BOOL tls_could_read(void) { -/* XXX no actual inquiry into library; only our buffer */ -return ssl_xfer_buffer_lwm < ssl_xfer_buffer_hwm; +return ssl_xfer_buffer_lwm < ssl_xfer_buffer_hwm || SSL_pending(server_ssl) > 0; } @@ -2551,13 +2607,29 @@ Used by both server-side and client-side TLS. int tls_write(BOOL is_server, const uschar *buff, size_t len, BOOL more) { -int outbytes; -int error; -int left = len; +int outbytes, error, left; SSL *ssl = is_server ? server_ssl : client_ssl; +static gstring * corked = NULL; + +DEBUG(D_tls) debug_printf("%s(%p, %lu%s)\n", __FUNCTION__, + buff, (unsigned long)len, more ? ", more" : ""); + +/* Lacking a CORK or MSG_MORE facility (such as GnuTLS has) we copy data when +"more" is notified. This hack is only ok if small amounts are involved AND only +one stream does it, in one context (i.e. no store reset). Currently it is used +for the responses to the received SMTP MAIL , RCPT, DATA sequence, only. */ + +if (is_server && (more || corked)) + { + corked = string_catn(corked, buff, len); + if (more) + return len; + buff = CUS corked->s; + len = corked->ptr; + corked = NULL; + } -DEBUG(D_tls) debug_printf("%s(%p, %d)\n", __FUNCTION__, buff, left); -while (left > 0) +for (left = len; left > 0;) { DEBUG(D_tls) debug_printf("SSL_write(SSL, %p, %d)\n", buff, left); outbytes = SSL_write(ssl, CS buff, left); @@ -2782,7 +2854,7 @@ if (!RAND_status()) gettimeofday(&r.tv, NULL); r.p = getpid(); - RAND_seed((uschar *)(&r), sizeof(r)); + RAND_seed(US (&r), sizeof(r)); } /* We're after pseudo-random, not random; if we still don't have enough data in the internal PRNG then our options are limited. We could sleep and hope