projects / exim.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
TLS version reporting. fixes: #745
[exim.git] / src / src / tls-openssl.c
CommitLineData
36f12725 1/* $Cambridge: exim/src/src/tls-openssl.c,v 1.15 2009/10/14 13:52:48 nm4 Exp $ */
059ec3d9
PH		 2
3/*************************************************
4* Exim - an Internet mail transport agent *
5*************************************************/
6
184e8823 7/* Copyright (c) University of Cambridge 1995 - 2007 */
059ec3d9
PH		 8/* See the file NOTICE for conditions of use and distribution. */
9
10/* This module provides the TLS (aka SSL) support for Exim using the OpenSSL
11library. It is #included into the tls.c file when that library is used. The
12code herein is based on a patch that was originally contributed by Steve
13Haslam. It was adapted from stunnel, a GPL program by Michal Trojnara.
14
15No cryptographic code is included in Exim. All this module does is to call
16functions from the OpenSSL library. */
17
18
19/* Heading stuff */
20
21#include <openssl/lhash.h>
22#include <openssl/ssl.h>
23#include <openssl/err.h>
24#include <openssl/rand.h>
25
26/* Structure for collecting random data for seeding. */
27
28typedef struct randstuff {
29 time_t t;
30 pid_t p;
31} randstuff;
32
33/* Local static variables */
34
35static BOOL verify_callback_called = FALSE;
36static const uschar *sid_ctx = US"exim";
37
38static SSL_CTX *ctx = NULL;
39static SSL *ssl = NULL;
40
41static char ssl_errstring[256];
42
43static int ssl_session_timeout = 200;
44static BOOL verify_optional = FALSE;
45
46
47
48
49
50/*************************************************
51* Handle TLS error *
52*************************************************/
53
54/* Called from lots of places when errors occur before actually starting to do
55the TLS handshake, that is, while the session is still in clear. Always returns
56DEFER for a server and FAIL for a client so that most calls can use "return
57tls_error(...)" to do this processing and then give an appropriate return. A
58single function is used for both server and client, because it is called from
59some shared functions.
60
61Argument:
62 prefix text to include in the logged error
63 host NULL if setting up a server;
64 the connected host if setting up a client
7199e1ee 65 msg error message or NULL if we should ask OpenSSL
059ec3d9
PH		 66
67Returns: OK/DEFER/FAIL
68*/
69
70static int
7199e1ee 71tls_error(uschar *prefix, host_item *host, uschar *msg)
059ec3d9 72{
7199e1ee
TF		 73if (msg == NULL)
74 {
75 ERR_error_string(ERR_get_error(), ssl_errstring);
76 msg = ssl_errstring;
77 }
78
059ec3d9
PH		 79if (host == NULL)
80 {
7199e1ee
TF		 81 uschar *conn_info = smtp_get_connection_info();
82 if (strncmp(conn_info, "SMTP ", 5) == 0)
83 conn_info += 5;
84 log_write(0, LOG_MAIN, "TLS error on %s (%s): %s",
85 conn_info, prefix, msg);
059ec3d9
PH		 86 return DEFER;
87 }
88else
89 {
90 log_write(0, LOG_MAIN, "TLS error on connection to %s [%s] (%s): %s",
7199e1ee 91 host->name, host->address, prefix, msg);
059ec3d9
PH		 92 return FAIL;
93 }
94}
95
96
97
98/*************************************************
99* Callback to generate RSA key *
100*************************************************/
101
102/*
103Arguments:
104 s SSL connection
105 export not used
106 keylength keylength
107
108Returns: pointer to generated key
109*/
110
111static RSA *
112rsa_callback(SSL *s, int export, int keylength)
113{
114RSA *rsa_key;
115export = export; /* Shut picky compilers up */
116DEBUG(D_tls) debug_printf("Generating %d bit RSA key...\n", keylength);
117rsa_key = RSA_generate_key(keylength, RSA_F4, NULL, NULL);
118if (rsa_key == NULL)
119 {
120 ERR_error_string(ERR_get_error(), ssl_errstring);
121 log_write(0, LOG_MAIN|LOG_PANIC, "TLS error (RSA_generate_key): %s",
122 ssl_errstring);
123 return NULL;
124 }
125return rsa_key;
126}
127
128
129
130
131/*************************************************
132* Callback for verification *
133*************************************************/
134
135/* The SSL library does certificate verification if set up to do so. This
136callback has the current yes/no state is in "state". If verification succeeded,
137we set up the tls_peerdn string. If verification failed, what happens depends
138on whether the client is required to present a verifiable certificate or not.
139
140If verification is optional, we change the state to yes, but still log the
141verification error. For some reason (it really would help to have proper
142documentation of OpenSSL), this callback function then gets called again, this
143time with state = 1. In fact, that's useful, because we can set up the peerdn
144value, but we must take care not to set the private verified flag on the second
145time through.
146
147Note: this function is not called if the client fails to present a certificate
148when asked. We get here only if a certificate has been received. Handling of
149optional verification for this case is done when requesting SSL to verify, by
150setting SSL_VERIFY_FAIL_IF_NO_PEER_CERT in the non-optional case.
151
152Arguments:
153 state current yes/no state as 1/0
154 x509ctx certificate information.
155
156Returns: 1 if verified, 0 if not
157*/
158
159static int
160verify_callback(int state, X509_STORE_CTX *x509ctx)
161{
162static uschar txt[256];
163
164X509_NAME_oneline(X509_get_subject_name(x509ctx->current_cert),
165 CS txt, sizeof(txt));
166
167if (state == 0)
168 {
169 log_write(0, LOG_MAIN, "SSL verify error: depth=%d error=%s cert=%s",
170 x509ctx->error_depth,
171 X509_verify_cert_error_string(x509ctx->error),
172 txt);
173 tls_certificate_verified = FALSE;
174 verify_callback_called = TRUE;
175 if (!verify_optional) return 0; /* reject */
176 DEBUG(D_tls) debug_printf("SSL verify failure overridden (host in "
177 "tls_try_verify_hosts)\n");
178 return 1; /* accept */
179 }
180
181if (x509ctx->error_depth != 0)
182 {
183 DEBUG(D_tls) debug_printf("SSL verify ok: depth=%d cert=%s\n",
184 x509ctx->error_depth, txt);
185 }
186else
187 {
188 DEBUG(D_tls) debug_printf("SSL%s peer: %s\n",
189 verify_callback_called? "" : " authenticated", txt);
190 tls_peerdn = txt;
191 }
192
059ec3d9
PH		 193if (!verify_callback_called) tls_certificate_verified = TRUE;
194verify_callback_called = TRUE;
195
196return 1; /* accept */
197}
198
199
200
201/*************************************************
202* Information callback *
203*************************************************/
204
205/* The SSL library functions call this from time to time to indicate what they
206are doing. We copy the string to the debugging output when the level is high
207enough.
208
209Arguments:
210 s the SSL connection
211 where
212 ret
213
214Returns: nothing
215*/
216
217static void
218info_callback(SSL *s, int where, int ret)
219{
220where = where;
221ret = ret;
222DEBUG(D_tls) debug_printf("SSL info: %s\n", SSL_state_string_long(s));
223}
224
225
226
227/*************************************************
228* Initialize for DH *
229*************************************************/
230
231/* If dhparam is set, expand it, and load up the parameters for DH encryption.
232
233Arguments:
234 dhparam DH parameter file
7199e1ee 235 host connected host, if client; NULL if server
059ec3d9
PH		 236
237Returns: TRUE if OK (nothing to set up, or setup worked)
238*/
239
240static BOOL
7199e1ee 241init_dh(uschar *dhparam, host_item *host)
059ec3d9
PH		 242{
243BOOL yield = TRUE;
244BIO *bio;
245DH *dh;
246uschar *dhexpanded;
247
248if (!expand_check(dhparam, US"tls_dhparam", &dhexpanded))
249 return FALSE;
250
251if (dhexpanded == NULL) return TRUE;
252
253if ((bio = BIO_new_file(CS dhexpanded, "r")) == NULL)
254 {
7199e1ee
TF		 255 tls_error(string_sprintf("could not read dhparams file %s", dhexpanded),
256 host, strerror(errno));
059ec3d9
PH		 257 yield = FALSE;
258 }
259else
260 {
261 if ((dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL)) == NULL)
262 {
7199e1ee
TF		 263 tls_error(string_sprintf("could not read dhparams file %s", dhexpanded),
264 host, NULL);
059ec3d9
PH		 265 yield = FALSE;
266 }
267 else
268 {
269 SSL_CTX_set_tmp_dh(ctx, dh);
270 DEBUG(D_tls)
271 debug_printf("Diffie-Hellman initialized from %s with %d-bit key\n",
272 dhexpanded, 8*DH_size(dh));
273 DH_free(dh);
274 }
275 BIO_free(bio);
276 }
277
278return yield;
279}
280
281
282
283
284/*************************************************
285* Initialize for TLS *
286*************************************************/
287
288/* Called from both server and client code, to do preliminary initialization of
289the library.
290
291Arguments:
292 host connected host, if client; NULL if server
293 dhparam DH parameter file
294 certificate certificate file
295 privatekey private key
296 addr address if client; NULL if server (for some randomness)
297
298Returns: OK/DEFER/FAIL
299*/
300
301static int
c91535f3
PH		 302tls_init(host_item *host, uschar *dhparam, uschar *certificate,
303 uschar *privatekey, address_item *addr)
059ec3d9
PH		 304{
305SSL_load_error_strings(); /* basic set up */
306OpenSSL_add_ssl_algorithms();
307
308/* Create a context */
309
310ctx = SSL_CTX_new((host == NULL)?
311 SSLv23_server_method() : SSLv23_client_method());
312
7199e1ee 313if (ctx == NULL) return tls_error(US"SSL_CTX_new", host, NULL);
059ec3d9
PH		 314
315/* It turns out that we need to seed the random number generator this early in
316order to get the full complement of ciphers to work. It took me roughly a day
317of work to discover this by experiment.
318
319On systems that have /dev/urandom, SSL may automatically seed itself from
320there. Otherwise, we have to make something up as best we can. Double check
321afterwards. */
322
323if (!RAND_status())
324 {
325 randstuff r;
326 r.t = time(NULL);
327 r.p = getpid();
328
329 RAND_seed((uschar *)(&r), sizeof(r));
330 RAND_seed((uschar *)big_buffer, big_buffer_size);
331 if (addr != NULL) RAND_seed((uschar *)addr, sizeof(addr));
332
333 if (!RAND_status())
7199e1ee
TF		 334 return tls_error(US"RAND_status", host,
335 "unable to seed random number generator");
059ec3d9
PH		 336 }
337
338/* Set up the information callback, which outputs if debugging is at a suitable
339level. */
340
58c01c94 341SSL_CTX_set_info_callback(ctx, (void (*)())info_callback);
059ec3d9
PH		 342
343/* The following patch was supplied by Robert Roselius */
344
345#if OPENSSL_VERSION_NUMBER > 0x00906040L
346/* Enable client-bug workaround.
347 Versions of OpenSSL as of 0.9.6d include a "CBC countermeasure" feature,
348 which causes problems with some clients (such as the Certicom SSL Plus
349 library used by Eudora). This option, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS,
350 disables the coutermeasure allowing Eudora to connect.
351 Some poppers and MTAs use SSL_OP_ALL, which enables all such bug
352 workarounds. */
353/* XXX (Silently?) ignore failure here? XXX*/
354
355if (!(SSL_CTX_set_options(ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)))
7199e1ee 356 return tls_error(US"SSL_CTX_set_option", host, NULL);
059ec3d9
PH		 357#endif
358
359/* Initialize with DH parameters if supplied */
360
7199e1ee 361if (!init_dh(dhparam, host)) return DEFER;
059ec3d9
PH		 362
363/* Set up certificate and key */
364
365if (certificate != NULL)
366 {
367 uschar *expanded;
368 if (!expand_check(certificate, US"tls_certificate", &expanded))
369 return DEFER;
370
371 if (expanded != NULL)
372 {
373 DEBUG(D_tls) debug_printf("tls_certificate file %s\n", expanded);
374 if (!SSL_CTX_use_certificate_chain_file(ctx, CS expanded))
d6453af2 375 return tls_error(string_sprintf(
7199e1ee 376 "SSL_CTX_use_certificate_chain_file file=%s", expanded), host, NULL);
059ec3d9
PH		 377 }
378
379 if (privatekey != NULL &&
380 !expand_check(privatekey, US"tls_privatekey", &expanded))
381 return DEFER;
382
c91535f3
PH		 383 /* If expansion was forced to fail, key_expanded will be NULL. If the result
384 of the expansion is an empty string, ignore it also, and assume the private
385 key is in the same file as the certificate. */
386
387 if (expanded != NULL && *expanded != 0)
059ec3d9
PH		 388 {
389 DEBUG(D_tls) debug_printf("tls_privatekey file %s\n", expanded);
390 if (!SSL_CTX_use_PrivateKey_file(ctx, CS expanded, SSL_FILETYPE_PEM))
d6453af2 391 return tls_error(string_sprintf(
7199e1ee 392 "SSL_CTX_use_PrivateKey_file file=%s", expanded), host, NULL);
059ec3d9
PH		 393 }
394 }
395
396/* Set up the RSA callback */
397
398SSL_CTX_set_tmp_rsa_callback(ctx, rsa_callback);
399
400/* Finally, set the timeout, and we are done */
401
402SSL_CTX_set_timeout(ctx, ssl_session_timeout);
403DEBUG(D_tls) debug_printf("Initialized TLS\n");
404return OK;
405}
406
407
408
409
410/*************************************************
411* Get name of cipher in use *
412*************************************************/
413
414/* The answer is left in a static buffer, and tls_cipher is set to point
415to it.
416
417Argument: pointer to an SSL structure for the connection
418Returns: nothing
419*/
420
421static void
422construct_cipher_name(SSL *ssl)
423{
424static uschar cipherbuf[256];
425SSL_CIPHER *c;
426uschar *ver;
427int bits;
428
429switch (ssl->session->ssl_version)
430 {
431 case SSL2_VERSION:
432 ver = US"SSLv2";
433 break;
434
435 case SSL3_VERSION:
436 ver = US"SSLv3";
437 break;
438
439 case TLS1_VERSION:
440 ver = US"TLSv1";
441 break;
442
443 default:
444 ver = US"UNKNOWN";
445 }
446
447c = SSL_get_current_cipher(ssl);
448SSL_CIPHER_get_bits(c, &bits);
449
450string_format(cipherbuf, sizeof(cipherbuf), "%s:%s:%u", ver,
451 SSL_CIPHER_get_name(c), bits);
452tls_cipher = cipherbuf;
453
454DEBUG(D_tls) debug_printf("Cipher: %s\n", cipherbuf);
455}
456
457
458
459
460
461/*************************************************
462* Set up for verifying certificates *
463*************************************************/
464
465/* Called by both client and server startup
466
467Arguments:
468 certs certs file or NULL
469 crl CRL file or NULL
470 host NULL in a server; the remote host in a client
471 optional TRUE if called from a server for a host in tls_try_verify_hosts;
472 otherwise passed as FALSE
473
474Returns: OK/DEFER/FAIL
475*/
476
477static int
478setup_certs(uschar *certs, uschar *crl, host_item *host, BOOL optional)
479{
480uschar *expcerts, *expcrl;
481
482if (!expand_check(certs, US"tls_verify_certificates", &expcerts))
483 return DEFER;
484
485if (expcerts != NULL)
486 {
487 struct stat statbuf;
488 if (!SSL_CTX_set_default_verify_paths(ctx))
7199e1ee 489 return tls_error(US"SSL_CTX_set_default_verify_paths", host, NULL);
059ec3d9
PH		 490
491 if (Ustat(expcerts, &statbuf) < 0)
492 {
493 log_write(0, LOG_MAIN|LOG_PANIC,
494 "failed to stat %s for certificates", expcerts);
495 return DEFER;
496 }
497 else
498 {
499 uschar *file, *dir;
500 if ((statbuf.st_mode & S_IFMT) == S_IFDIR)
501 { file = NULL; dir = expcerts; }
502 else
503 { file = expcerts; dir = NULL; }
504
505 /* If a certificate file is empty, the next function fails with an
506 unhelpful error message. If we skip it, we get the correct behaviour (no
507 certificates are recognized, but the error message is still misleading (it
508 says no certificate was supplied.) But this is better. */
509
510 if ((file == NULL || statbuf.st_size > 0) &&
511 !SSL_CTX_load_verify_locations(ctx, CS file, CS dir))
7199e1ee 512 return tls_error(US"SSL_CTX_load_verify_locations", host, NULL);
059ec3d9
PH		 513
514 if (file != NULL)
515 {
516 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CS file));
517 }
518 }
519
520 /* Handle a certificate revocation list. */
521
522 #if OPENSSL_VERSION_NUMBER > 0x00907000L
523
8b417f2c
PH		 524 /* This bit of code is now the version supplied by Lars Mainka. (I have
525 * merely reformatted it into the Exim code style.)
526
527 * "From here I changed the code to add support for multiple crl's
528 * in pem format in one file or to support hashed directory entries in
529 * pem format instead of a file. This method now uses the library function
530 * X509_STORE_load_locations to add the CRL location to the SSL context.
531 * OpenSSL will then handle the verify against CA certs and CRLs by
532 * itself in the verify callback." */
533
059ec3d9
PH		 534 if (!expand_check(crl, US"tls_crl", &expcrl)) return DEFER;
535 if (expcrl != NULL && *expcrl != 0)
536 {
8b417f2c
PH		 537 struct stat statbufcrl;
538 if (Ustat(expcrl, &statbufcrl) < 0)
539 {
540 log_write(0, LOG_MAIN|LOG_PANIC,
541 "failed to stat %s for certificates revocation lists", expcrl);
542 return DEFER;
543 }
544 else
059ec3d9 545 {
8b417f2c
PH		 546 /* is it a file or directory? */
547 uschar *file, *dir;
548 X509_STORE *cvstore = SSL_CTX_get_cert_store(ctx);
549 if ((statbufcrl.st_mode & S_IFMT) == S_IFDIR)
059ec3d9 550 {
8b417f2c
PH		 551 file = NULL;
552 dir = expcrl;
553 DEBUG(D_tls) debug_printf("SSL CRL value is a directory %s\n", dir);
059ec3d9
PH		 554 }
555 else
556 {
8b417f2c
PH		 557 file = expcrl;
558 dir = NULL;
559 DEBUG(D_tls) debug_printf("SSL CRL value is a file %s\n", file);
059ec3d9 560 }
8b417f2c 561 if (X509_STORE_load_locations(cvstore, CS file, CS dir) == 0)
7199e1ee 562 return tls_error(US"X509_STORE_load_locations", host, NULL);
8b417f2c
PH		 563
564 /* setting the flags to check against the complete crl chain */
565
566 X509_STORE_set_flags(cvstore,
567 X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
059ec3d9 568 }
059ec3d9
PH		 569 }
570
571 #endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */
572
573 /* If verification is optional, don't fail if no certificate */
574
575 SSL_CTX_set_verify(ctx,
576 SSL_VERIFY_PEER | (optional? 0 : SSL_VERIFY_FAIL_IF_NO_PEER_CERT),
577 verify_callback);
578 }
579
580return OK;
581}
582
583
584
585/*************************************************
586* Start a TLS session in a server *
587*************************************************/
588
589/* This is called when Exim is running as a server, after having received
590the STARTTLS command. It must respond to that command, and then negotiate
591a TLS session.
592
593Arguments:
594 require_ciphers allowed ciphers
83da1223
PH		 595 ------------------------------------------------------
596 require_mac list of allowed MACs ) Not used
597 require_kx list of allowed key_exchange methods ) for
598 require_proto list of allowed protocols ) OpenSSL
599 ------------------------------------------------------
059ec3d9
PH		 600
601Returns: OK on success
602 DEFER for errors before the start of the negotiation
603 FAIL for errors during the negotation; the server can't
604 continue running.
605*/
606
607int
83da1223
PH		 608tls_server_start(uschar *require_ciphers, uschar *require_mac,
609 uschar *require_kx, uschar *require_proto)
059ec3d9
PH		 610{
611int rc;
612uschar *expciphers;
613
614/* Check for previous activation */
615
616if (tls_active >= 0)
617 {
7199e1ee 618 tls_error("STARTTLS received after TLS started", NULL, "");
059ec3d9
PH		 619 smtp_printf("554 Already in TLS\r\n");
620 return FAIL;
621 }
622
623/* Initialize the SSL library. If it fails, it will already have logged
624the error. */
625
626rc = tls_init(NULL, tls_dhparam, tls_certificate, tls_privatekey, NULL);
627if (rc != OK) return rc;
628
629if (!expand_check(require_ciphers, US"tls_require_ciphers", &expciphers))
630 return FAIL;
631
632/* In OpenSSL, cipher components are separated by hyphens. In GnuTLS, they
633are separated by underscores. So that I can use either form in my tests, and
634also for general convenience, we turn underscores into hyphens here. */
635
636if (expciphers != NULL)
637 {
638 uschar *s = expciphers;
639 while (*s != 0) { if (*s == '_') *s = '-'; s++; }
640 DEBUG(D_tls) debug_printf("required ciphers: %s\n", expciphers);
641 if (!SSL_CTX_set_cipher_list(ctx, CS expciphers))
7199e1ee 642 return tls_error(US"SSL_CTX_set_cipher_list", NULL, NULL);
059ec3d9
PH		 643 }
644
645/* If this is a host for which certificate verification is mandatory or
646optional, set up appropriately. */
647
648tls_certificate_verified = FALSE;
649verify_callback_called = FALSE;
650
651if (verify_check_host(&tls_verify_hosts) == OK)
652 {
653 rc = setup_certs(tls_verify_certificates, tls_crl, NULL, FALSE);
654 if (rc != OK) return rc;
655 verify_optional = FALSE;
656 }
657else if (verify_check_host(&tls_try_verify_hosts) == OK)
658 {
659 rc = setup_certs(tls_verify_certificates, tls_crl, NULL, TRUE);
660 if (rc != OK) return rc;
661 verify_optional = TRUE;
662 }
663
664/* Prepare for new connection */
665
7199e1ee 666if ((ssl = SSL_new(ctx)) == NULL) return tls_error(US"SSL_new", NULL, NULL);
059ec3d9
PH		 667SSL_clear(ssl);
668
669/* Set context and tell client to go ahead, except in the case of TLS startup
670on connection, where outputting anything now upsets the clients and tends to
671make them disconnect. We need to have an explicit fflush() here, to force out
672the response. Other smtp_printf() calls do not need it, because in non-TLS
673mode, the fflush() happens when smtp_getc() is called. */
674
675SSL_set_session_id_context(ssl, sid_ctx, Ustrlen(sid_ctx));
676if (!tls_on_connect)
677 {
678 smtp_printf("220 TLS go ahead\r\n");
679 fflush(smtp_out);
680 }
681
682/* Now negotiate the TLS session. We put our own timer on it, since it seems
683that the OpenSSL library doesn't. */
684
56f5d9bd
PH		 685SSL_set_wfd(ssl, fileno(smtp_out));
686SSL_set_rfd(ssl, fileno(smtp_in));
059ec3d9
PH		 687SSL_set_accept_state(ssl);
688
689DEBUG(D_tls) debug_printf("Calling SSL_accept\n");
690
691sigalrm_seen = FALSE;
692if (smtp_receive_timeout > 0) alarm(smtp_receive_timeout);
693rc = SSL_accept(ssl);
694alarm(0);
695
696if (rc <= 0)
697 {
7199e1ee 698 tls_error(US"SSL_accept", NULL, sigalrm_seen ? US"timed out" : NULL);
059ec3d9
PH		 699 return FAIL;
700 }
701
702DEBUG(D_tls) debug_printf("SSL_accept was successful\n");
703
704/* TLS has been set up. Adjust the input functions to read via TLS,
705and initialize things. */
706
707construct_cipher_name(ssl);
708
709DEBUG(D_tls)
710 {
711 uschar buf[2048];
712 if (SSL_get_shared_ciphers(ssl, CS buf, sizeof(buf)) != NULL)
713 debug_printf("Shared ciphers: %s\n", buf);
714 }
715
716
717ssl_xfer_buffer = store_malloc(ssl_xfer_buffer_size);
718ssl_xfer_buffer_lwm = ssl_xfer_buffer_hwm = 0;
719ssl_xfer_eof = ssl_xfer_error = 0;
720
721receive_getc = tls_getc;
722receive_ungetc = tls_ungetc;
723receive_feof = tls_feof;
724receive_ferror = tls_ferror;
58eb016e 725receive_smtp_buffered = tls_smtp_buffered;
059ec3d9
PH		 726
727tls_active = fileno(smtp_out);
728return OK;
729}
730
731
732
733
734
735/*************************************************
736* Start a TLS session in a client *
737*************************************************/
738
739/* Called from the smtp transport after STARTTLS has been accepted.
740
741Argument:
742 fd the fd of the connection
743 host connected host (for messages)
83da1223 744 addr the first address
059ec3d9
PH		 745 dhparam DH parameter file
746 certificate certificate file
747 privatekey private key file
748 verify_certs file for certificate verify
749 crl file containing CRL
750 require_ciphers list of allowed ciphers
83da1223
PH		 751 ------------------------------------------------------
752 require_mac list of allowed MACs ) Not used
753 require_kx list of allowed key_exchange methods ) for
754 require_proto list of allowed protocols ) OpenSSL
755 ------------------------------------------------------
756 timeout startup timeout
059ec3d9
PH		 757
758Returns: OK on success
759 FAIL otherwise - note that tls_error() will not give DEFER
760 because this is not a server
761*/
762
763int
764tls_client_start(int fd, host_item *host, address_item *addr, uschar *dhparam,
765 uschar *certificate, uschar *privatekey, uschar *verify_certs, uschar *crl,
83da1223
PH		 766 uschar *require_ciphers, uschar *require_mac, uschar *require_kx,
767 uschar *require_proto, int timeout)
059ec3d9
PH		 768{
769static uschar txt[256];
770uschar *expciphers;
771X509* server_cert;
772int rc;
773
774rc = tls_init(host, dhparam, certificate, privatekey, addr);
775if (rc != OK) return rc;
776
777tls_certificate_verified = FALSE;
778verify_callback_called = FALSE;
779
780if (!expand_check(require_ciphers, US"tls_require_ciphers", &expciphers))
781 return FAIL;
782
783/* In OpenSSL, cipher components are separated by hyphens. In GnuTLS, they
784are separated by underscores. So that I can use either form in my tests, and
785also for general convenience, we turn underscores into hyphens here. */
786
787if (expciphers != NULL)
788 {
789 uschar *s = expciphers;
790 while (*s != 0) { if (*s == '_') *s = '-'; s++; }
791 DEBUG(D_tls) debug_printf("required ciphers: %s\n", expciphers);
792 if (!SSL_CTX_set_cipher_list(ctx, CS expciphers))
7199e1ee 793 return tls_error(US"SSL_CTX_set_cipher_list", host, NULL);
059ec3d9
PH		 794 }
795
796rc = setup_certs(verify_certs, crl, host, FALSE);
797if (rc != OK) return rc;
798
7199e1ee 799if ((ssl = SSL_new(ctx)) == NULL) return tls_error(US"SSL_new", host, NULL);
059ec3d9
PH		 800SSL_set_session_id_context(ssl, sid_ctx, Ustrlen(sid_ctx));
801SSL_set_fd(ssl, fd);
802SSL_set_connect_state(ssl);
803
804/* There doesn't seem to be a built-in timeout on connection. */
805
806DEBUG(D_tls) debug_printf("Calling SSL_connect\n");
807sigalrm_seen = FALSE;
808alarm(timeout);
809rc = SSL_connect(ssl);
810alarm(0);
811
812if (rc <= 0)
7199e1ee 813 return tls_error(US"SSL_connect", host, sigalrm_seen ? US"timed out" : NULL);
059ec3d9
PH		 814
815DEBUG(D_tls) debug_printf("SSL_connect succeeded\n");
816
817server_cert = SSL_get_peer_certificate (ssl);
818tls_peerdn = US X509_NAME_oneline(X509_get_subject_name(server_cert),
819 CS txt, sizeof(txt));
820tls_peerdn = txt;
821
822construct_cipher_name(ssl); /* Sets tls_cipher */
823
824tls_active = fd;
825return OK;
826}
827
828
829
830
831
832/*************************************************
833* TLS version of getc *
834*************************************************/
835
836/* This gets the next byte from the TLS input buffer. If the buffer is empty,
837it refills the buffer via the SSL reading function.
838
839Arguments: none
840Returns: the next character or EOF
841*/
842
843int
844tls_getc(void)
845{
846if (ssl_xfer_buffer_lwm >= ssl_xfer_buffer_hwm)
847 {
848 int error;
849 int inbytes;
850
851 DEBUG(D_tls) debug_printf("Calling SSL_read(%lx, %lx, %u)\n", (long)ssl,
852 (long)ssl_xfer_buffer, ssl_xfer_buffer_size);
853
854 if (smtp_receive_timeout > 0) alarm(smtp_receive_timeout);
855 inbytes = SSL_read(ssl, CS ssl_xfer_buffer, ssl_xfer_buffer_size);
856 error = SSL_get_error(ssl, inbytes);
857 alarm(0);
858
859 /* SSL_ERROR_ZERO_RETURN appears to mean that the SSL session has been
860 closed down, not that the socket itself has been closed down. Revert to
861 non-SSL handling. */
862
863 if (error == SSL_ERROR_ZERO_RETURN)
864 {
865 DEBUG(D_tls) debug_printf("Got SSL_ERROR_ZERO_RETURN\n");
866
867 receive_getc = smtp_getc;
868 receive_ungetc = smtp_ungetc;
869 receive_feof = smtp_feof;
870 receive_ferror = smtp_ferror;
58eb016e 871 receive_smtp_buffered = smtp_buffered;
059ec3d9
PH		 872
873 SSL_free(ssl);
874 ssl = NULL;
875 tls_active = -1;
876 tls_cipher = NULL;
877 tls_peerdn = NULL;
878
879 return smtp_getc();
880 }
881
882 /* Handle genuine errors */
883
884 else if (error != SSL_ERROR_NONE)
885 {
886 DEBUG(D_tls) debug_printf("Got SSL error %d\n", error);
887 ssl_xfer_error = 1;
888 return EOF;
889 }
80a47a2c
TK		 890#ifndef DISABLE_DKIM
891 dkim_exim_verify_feed(ssl_xfer_buffer, inbytes);
892#endif
059ec3d9
PH		 893 ssl_xfer_buffer_hwm = inbytes;
894 ssl_xfer_buffer_lwm = 0;
895 }
896
897/* Something in the buffer; return next uschar */
898
899return ssl_xfer_buffer[ssl_xfer_buffer_lwm++];
900}
901
902
903
904/*************************************************
905* Read bytes from TLS channel *
906*************************************************/
907
908/*
909Arguments:
910 buff buffer of data
911 len size of buffer
912
913Returns: the number of bytes read
914 -1 after a failed read
915*/
916
917int
918tls_read(uschar *buff, size_t len)
919{
920int inbytes;
921int error;
922
923DEBUG(D_tls) debug_printf("Calling SSL_read(%lx, %lx, %u)\n", (long)ssl,
924 (long)buff, (unsigned int)len);
925
926inbytes = SSL_read(ssl, CS buff, len);
927error = SSL_get_error(ssl, inbytes);
928
929if (error == SSL_ERROR_ZERO_RETURN)
930 {
931 DEBUG(D_tls) debug_printf("Got SSL_ERROR_ZERO_RETURN\n");
932 return -1;
933 }
934else if (error != SSL_ERROR_NONE)
935 {
936 return -1;
937 }
938
939return inbytes;
940}
941
942
943
944
945
946/*************************************************
947* Write bytes down TLS channel *
948*************************************************/
949
950/*
951Arguments:
952 buff buffer of data
953 len number of bytes
954
955Returns: the number of bytes after a successful write,
956 -1 after a failed write
957*/
958
959int
960tls_write(const uschar *buff, size_t len)
961{
962int outbytes;
963int error;
964int left = len;
965
966DEBUG(D_tls) debug_printf("tls_do_write(%lx, %d)\n", (long)buff, left);
967while (left > 0)
968 {
969 DEBUG(D_tls) debug_printf("SSL_write(SSL, %lx, %d)\n", (long)buff, left);
970 outbytes = SSL_write(ssl, CS buff, left);
971 error = SSL_get_error(ssl, outbytes);
972 DEBUG(D_tls) debug_printf("outbytes=%d error=%d\n", outbytes, error);
973 switch (error)
974 {
975 case SSL_ERROR_SSL:
976 ERR_error_string(ERR_get_error(), ssl_errstring);
977 log_write(0, LOG_MAIN, "TLS error (SSL_write): %s", ssl_errstring);
978 return -1;
979
980 case SSL_ERROR_NONE:
981 left -= outbytes;
982 buff += outbytes;
983 break;
984
985 case SSL_ERROR_ZERO_RETURN:
986 log_write(0, LOG_MAIN, "SSL channel closed on write");
987 return -1;
988
989 default:
990 log_write(0, LOG_MAIN, "SSL_write error %d", error);
991 return -1;
992 }
993 }
994return len;
995}
996
997
998
999/*************************************************
1000* Close down a TLS session *
1001*************************************************/
1002
1003/* This is also called from within a delivery subprocess forked from the
1004daemon, to shut down the TLS library, without actually doing a shutdown (which
1005would tamper with the SSL session in the parent process).
1006
1007Arguments: TRUE if SSL_shutdown is to be called
1008Returns: nothing
1009*/
1010
1011void
1012tls_close(BOOL shutdown)
1013{
1014if (tls_active < 0) return; /* TLS was not active */
1015
1016if (shutdown)
1017 {
1018 DEBUG(D_tls) debug_printf("tls_close(): shutting down SSL\n");
1019 SSL_shutdown(ssl);
1020 }
1021
1022SSL_free(ssl);
1023ssl = NULL;
1024
1025tls_active = -1;
1026}
1027
36f12725
NM		 1028
1029
1030
1031/*************************************************
1032* Report the library versions. *
1033*************************************************/
1034
1035/* There have historically been some issues with binary compatibility in
1036OpenSSL libraries; if Exim (like many other applications) is built against
1037one version of OpenSSL but the run-time linker picks up another version,
1038it can result in serious failures, including crashing with a SIGSEGV. So
1039report the version found by the compiler and the run-time version.
1040
1041Arguments: a FILE* to print the results to
1042Returns: nothing
1043*/
1044
1045void
1046tls_version_report(FILE *f)
1047{
1048fprintf(f, "OpenSSL compile-time version: %s\n", OPENSSL_VERSION_TEXT);
1049fprintf(f, "OpenSSL runtime version: %s\n", SSLeay_version(SSLEAY_VERSION));
1050}
1051
059ec3d9 1052/* End of tls-openssl.c */
Unnamed repository; edit this file 'description' to name the repository.