#if GNUTLS_VERSION_NUMBER >= 0x030109
# define SUPPORT_CORK
#endif
+#if GNUTLS_VERSION_NUMBER >= 0x03010a
+# define SUPPORT_GNUTLS_SESS_DESC
+#endif
+#if GNUTLS_VERSION_NUMBER >= 0x030500
+# define SUPPORT_GNUTLS_KEYLOG
+#endif
#if GNUTLS_VERSION_NUMBER >= 0x030506 && !defined(DISABLE_OCSP)
# define SUPPORT_SRV_OCSP_STACK
#endif
# include <gnutls/dane.h>
#endif
+#include "tls-cipher-stdname.c"
+
+
/* GnuTLS 2 vs 3
GnuTLS 3 only:
#define exim_gnutls_err_check(rc, Label) do { \
if ((rc) != GNUTLS_E_SUCCESS) \
- return tls_error((Label), gnutls_strerror(rc), host, errstr); \
+ return tls_error((Label), US gnutls_strerror(rc), host, errstr); \
} while (0)
#define expand_check_tlsvar(Varname, errstr) \
*/
static int
-tls_error(const uschar *prefix, const char *msg, const host_item *host,
+tls_error(const uschar *prefix, const uschar *msg, const host_item *host,
uschar ** errstr)
{
if (errstr)
- *errstr = string_sprintf("(%s)%s%s", prefix, msg ? ": " : "", msg ? msg : "");
+ *errstr = string_sprintf("(%s)%s%s", prefix, msg ? ": " : "", msg ? msg : US"");
return host ? FAIL : DEFER;
}
static void
record_io_error(exim_gnutls_state_st *state, int rc, uschar *when, uschar *text)
{
-const char * msg;
+const uschar * msg;
uschar * errstr;
if (rc == GNUTLS_E_FATAL_ALERT_RECEIVED)
- msg = CS string_sprintf("%s: %s", US gnutls_strerror(rc),
+ msg = string_sprintf("%s: %s", US gnutls_strerror(rc),
US gnutls_alert_get_name(gnutls_alert_get(state->session)));
else
- msg = gnutls_strerror(rc);
+ msg = US gnutls_strerror(rc);
(void) tls_error(when, msg, state->host, &errstr);
#ifdef HAVE_GNUTLS_SESSION_CHANNEL_BINDING
channel.data = NULL;
channel.size = 0;
-rc = gnutls_session_channel_binding(state->session, GNUTLS_CB_TLS_UNIQUE, &channel);
-if (rc) {
- DEBUG(D_tls) debug_printf("Channel binding error: %s\n", gnutls_strerror(rc));
-} else {
+if ((rc = gnutls_session_channel_binding(state->session, GNUTLS_CB_TLS_UNIQUE, &channel)))
+ { DEBUG(D_tls) debug_printf("Channel binding error: %s\n", gnutls_strerror(rc)); }
+else
+ {
old_pool = store_pool;
store_pool = POOL_PERM;
- tls_channelbinding_b64 = b64encode(channel.data, (int)channel.size);
+ tls_channelbinding_b64 = b64encode(CUS channel.data, (int)channel.size);
store_pool = old_pool;
DEBUG(D_tls) debug_printf("Have channel bindings cached for possible auth usage.\n");
-}
+ }
#endif
/* peercert is set in peer_status() */
else if (exp_tls_dhparam[0] != '/')
{
if (!(m.data = US std_dh_prime_named(exp_tls_dhparam)))
- return tls_error(US"No standard prime named", CS exp_tls_dhparam, NULL, errstr);
+ return tls_error(US"No standard prime named", exp_tls_dhparam, NULL, errstr);
m.size = Ustrlen(m.data);
}
else
{
saved_errno = errno;
(void)close(fd);
- return tls_error(US"TLS cache stat failed", strerror(saved_errno), NULL, errstr);
+ return tls_error(US"TLS cache stat failed", US strerror(saved_errno), NULL, errstr);
}
if (!S_ISREG(statbuf.st_mode))
{
saved_errno = errno;
(void)close(fd);
return tls_error(US"fdopen(TLS cache stat fd) failed",
- strerror(saved_errno), NULL, errstr);
+ US strerror(saved_errno), NULL, errstr);
}
m.size = statbuf.st_size;
if (!(m.data = malloc(m.size)))
{
fclose(fp);
- return tls_error(US"malloc failed", strerror(errno), NULL, errstr);
+ return tls_error(US"malloc failed", US strerror(errno), NULL, errstr);
}
if (!(sz = fread(m.data, m.size, 1, fp)))
{
saved_errno = errno;
fclose(fp);
free(m.data);
- return tls_error(US"fread failed", strerror(saved_errno), NULL, errstr);
+ return tls_error(US"fread failed", US strerror(saved_errno), NULL, errstr);
}
fclose(fp);
if ((PATH_MAX - Ustrlen(filename)) < 10)
return tls_error(US"Filename too long to generate replacement",
- CS filename, NULL, errstr);
+ filename, NULL, errstr);
- temp_fn = string_copy(US "%s.XXXXXXX");
+ temp_fn = string_copy(US"%s.XXXXXXX");
if ((fd = mkstemp(CS temp_fn)) < 0) /* modifies temp_fn */
- return tls_error(US"Unable to open temp file", strerror(errno), NULL, errstr);
+ return tls_error(US"Unable to open temp file", US strerror(errno), NULL, errstr);
(void)fchown(fd, exim_uid, exim_gid); /* Probably not necessary */
/* GnuTLS overshoots!
exim_gnutls_err_check(rc, US"gnutls_dh_params_export_pkcs3(NULL) sizing");
m.size = sz;
if (!(m.data = malloc(m.size)))
- return tls_error(US"memory allocation failed", strerror(errno), NULL, errstr);
+ return tls_error(US"memory allocation failed", US strerror(errno), NULL, errstr);
/* this will return a size 1 less than the allocation size above */
rc = gnutls_dh_params_export_pkcs3(dh_server_params, GNUTLS_X509_FMT_PEM,
{
free(m.data);
return tls_error(US"TLS cache write D-H params failed",
- strerror(errno), NULL, errstr);
+ US strerror(errno), NULL, errstr);
}
free(m.data);
if ((sz = write_to_fd_buf(fd, US"\n", 1)) != 1)
return tls_error(US"TLS cache write D-H params final newline failed",
- strerror(errno), NULL, errstr);
+ US strerror(errno), NULL, errstr);
if ((rc = close(fd)))
- return tls_error(US"TLS cache write close() failed", strerror(errno), NULL, errstr);
+ return tls_error(US"TLS cache write close() failed", US strerror(errno), NULL, errstr);
if (Urename(temp_fn, filename) < 0)
return tls_error(string_sprintf("failed to rename \"%s\" as \"%s\"",
- temp_fn, filename), strerror(errno), NULL, errstr);
+ temp_fn, filename), US strerror(errno), NULL, errstr);
DEBUG(D_tls) debug_printf("wrote D-H parameters to file \"%s\"\n", filename);
}
where = US"generating pkey";
if ((rc = gnutls_x509_privkey_generate(pkey, GNUTLS_PK_RSA,
#ifdef SUPPORT_PARAM_TO_PK_BITS
- gnutls_sec_param_to_pk_bits(GNUTLS_PK_RSA, GNUTLS_SEC_PARAM_LOW),
+# ifndef GNUTLS_SEC_PARAM_MEDIUM
+# define GNUTLS_SEC_PARAM_MEDIUM GNUTLS_SEC_PARAM_HIGH
+# endif
+ gnutls_sec_param_to_pk_bits(GNUTLS_PK_RSA, GNUTLS_SEC_PARAM_MEDIUM),
#else
- 1024,
+ 2048,
#endif
0)))
goto err;
return rc;
err:
- rc = tls_error(where, gnutls_strerror(rc), NULL, errstr);
+ rc = tls_error(where, US gnutls_strerror(rc), NULL, errstr);
goto out;
}
if (rc < 0)
return tls_error(
string_sprintf("cert/key setup: cert=%s key=%s", certfile, keyfile),
- gnutls_strerror(rc), host, errstr);
+ US gnutls_strerror(rc), host, errstr);
return -rc;
}
DEBUG(D_tls)
{
gnutls_global_set_log_function(exim_gnutls_logger_cb);
- /* arbitrarily chosen level; bump upto 9 for more */
+ /* arbitrarily chosen level; bump up to 9 for more */
gnutls_global_set_log_level(EXIM_GNUTLS_LIBRARY_LOG_LEVEL);
}
#endif
* Extract peer information *
*************************************************/
+static const uschar *
+cipher_stdname_kcm(gnutls_kx_algorithm_t kx, gnutls_cipher_algorithm_t cipher,
+ gnutls_mac_algorithm_t mac)
+{
+uschar cs_id[2];
+gnutls_kx_algorithm_t kx_i;
+gnutls_cipher_algorithm_t cipher_i;
+gnutls_mac_algorithm_t mac_i;
+
+for (size_t i = 0;
+ gnutls_cipher_suite_info(i, cs_id, &kx_i, &cipher_i, &mac_i, NULL);
+ i++)
+ if (kx_i == kx && cipher_i == cipher && mac_i == mac)
+ return cipher_stdname(cs_id[0], cs_id[1]);
+return NULL;
+}
+
+
+
/* Called from both server and client code.
Only this is allowed to set state->peerdn and state->have_set_peerdn
and we use that to detect double-calls.
static int
peer_status(exim_gnutls_state_st *state, uschar ** errstr)
{
-uschar cipherbuf[256];
const gnutls_datum_t *cert_list;
int old_pool, rc;
unsigned int cert_list_size = 0;
gnutls_mac_algorithm_t mac;
gnutls_certificate_type_t ct;
gnutls_x509_crt_t crt;
-uschar *p, *dn_buf;
+uschar *dn_buf;
size_t sz;
if (state->have_set_peerdn)
mac = gnutls_mac_get(state->session);
kx = gnutls_kx_get(state->session);
-string_format(cipherbuf, sizeof(cipherbuf),
- "%s:%s:%d",
- gnutls_protocol_get_name(protocol),
- gnutls_cipher_suite_get_name(kx, cipher, mac),
- (int) gnutls_cipher_get_key_size(cipher) * 8);
-
-/* I don't see a way that spaces could occur, in the current GnuTLS
-code base, but it was a concern in the old code and perhaps older GnuTLS
-releases did return "TLS 1.0"; play it safe, just in case. */
-for (p = cipherbuf; *p != '\0'; ++p)
- if (isspace(*p))
- *p = '-';
old_pool = store_pool;
-store_pool = POOL_PERM;
-state->ciphersuite = string_copy(cipherbuf);
+ {
+ store_pool = POOL_PERM;
+ state->ciphersuite = string_sprintf("%s:%s:%d",
+ gnutls_protocol_get_name(protocol),
+ gnutls_cipher_suite_get_name(kx, cipher, mac),
+ (int) gnutls_cipher_get_key_size(cipher) * 8);
+
+ /* I don't see a way that spaces could occur, in the current GnuTLS
+ code base, but it was a concern in the old code and perhaps older GnuTLS
+ releases did return "TLS 1.0"; play it safe, just in case. */
+
+ for (uschar * p = state->ciphersuite; *p; p++) if (isspace(*p)) *p = '-';
+ state->tlsp->cipher = state->ciphersuite;
+
+ state->tlsp->cipher_stdname = cipher_stdname_kcm(kx, cipher, mac);
+ }
store_pool = old_pool;
-state->tlsp->cipher = state->ciphersuite;
/* tls_peerdn */
cert_list = gnutls_certificate_get_peers(state->session, &cert_list_size);
-if (cert_list == NULL || cert_list_size == 0)
+if (!cert_list || cert_list_size == 0)
{
DEBUG(D_tls) debug_printf("TLS: no certificate from peer (%p & %d)\n",
cert_list, cert_list_size);
if (state->verify_requirement >= VERIFY_REQUIRED)
return tls_error(US"certificate verification failed",
- "no certificate received from peer", state->host, errstr);
+ US"no certificate received from peer", state->host, errstr);
return OK;
}
ct = gnutls_certificate_type_get(state->session);
if (ct != GNUTLS_CRT_X509)
{
- const char *ctn = gnutls_certificate_type_get_name(ct);
+ const uschar *ctn = US gnutls_certificate_type_get_name(ct);
DEBUG(D_tls)
debug_printf("TLS: peer cert not X.509 but instead \"%s\"\n", ctn);
if (state->verify_requirement >= VERIFY_REQUIRED)
DEBUG(D_tls) debug_printf("TLS: peer cert problem: %s: %s\n", \
(Label), gnutls_strerror(rc)); \
if (state->verify_requirement >= VERIFY_REQUIRED) \
- return tls_error((Label), gnutls_strerror(rc), state->host, errstr); \
+ return tls_error((Label), US gnutls_strerror(rc), state->host, errstr); \
return OK; \
} \
} while (0)
#endif
+static gstring *
+ddump(gnutls_datum_t * d)
+{
+gstring * g = string_get((d->size+1) * 2);
+uschar * s = d->data;
+for (unsigned i = d->size; i > 0; i--, s++)
+ {
+ g = string_catn(g, US "0123456789abcdef" + (*s >> 4), 1);
+ g = string_catn(g, US "0123456789abcdef" + (*s & 0xf), 1);
+ }
+return g;
+}
/* ------------------------------------------------------------------------ */
/* Exported functions */
/* Check for previous activation */
if (tls_in.active.sock >= 0)
{
- tls_error(US"STARTTLS received after TLS started", "", NULL, errstr);
+ tls_error(US"STARTTLS received after TLS started", US "", NULL, errstr);
smtp_printf("554 Already in TLS\r\n", FALSE);
return FAIL;
}
if (sigalrm_seen)
{
- tls_error(US"gnutls_handshake", "timed out", NULL, errstr);
+ tls_error(US"gnutls_handshake", US"timed out", NULL, errstr);
gnutls_db_remove_session(state->session);
}
else
{
- tls_error(US"gnutls_handshake", gnutls_strerror(rc), NULL, errstr);
+ tls_error(US"gnutls_handshake", US gnutls_strerror(rc), NULL, errstr);
(void) gnutls_alert_send_appropriate(state->session, rc);
gnutls_deinit(state->session);
gnutls_certificate_free_credentials(state->x509_cred);
millisleep(500);
shutdown(state->fd_out, SHUT_WR);
- for (rc = 1024; fgetc(smtp_in) != EOF && rc > 0; ) rc--; /* drain skt */
+ for (int i = 1024; fgetc(smtp_in) != EOF && i > 0; ) i--; /* drain skt */
(void)fclose(smtp_out);
(void)fclose(smtp_in);
smtp_out = smtp_in = NULL;
return FAIL;
}
-DEBUG(D_tls) debug_printf("gnutls_handshake was successful\n");
+DEBUG(D_tls)
+ {
+ debug_printf("gnutls_handshake was successful\n");
+#ifdef SUPPORT_GNUTLS_SESS_DESC
+ debug_printf("%s\n", gnutls_session_get_desc(state->session));
+#endif
+#ifdef SUPPORT_GNUTLS_KEYLOG
+ {
+ gnutls_datum_t c, s;
+ gstring * gc, * gs;
+ gnutls_session_get_random(state->session, &c, &s);
+ gnutls_session_get_master_secret(state->session, &s);
+ gc = ddump(&c);
+ gs = ddump(&s);
+ debug_printf("CLIENT_RANDOM %.*s %.*s\n", (int)gc->ptr, gc->s, (int)gs->ptr, gs->s);
+ }
+#endif
+ }
/* Verify after the fact */
static BOOL
dane_tlsa_load(exim_gnutls_state_st * state, dns_answer * dnsa)
{
-dns_record * rr;
dns_scan dnss;
int i;
const char ** dane_data;
int * dane_data_len;
-for (rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS), i = 1;
- rr;
+i = 1;
+for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)
) if (rr->type == T_TLSA) i++;
dane_data = store_get(i * sizeof(uschar *));
dane_data_len = store_get(i * sizeof(int));
-for (rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS), i = 0;
- rr;
+i = 0;
+for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)
) if (rr->type == T_TLSA && rr->size > 3)
{
}
tls_out.tlsa_usage |= 1<<usage;
- dane_data[i] = p;
+ dane_data[i] = CS p;
dane_data_len[i++] = rr->size;
}
if ((rc = gnutls_ocsp_status_request_enable_client(state->session,
NULL, 0, NULL)) != OK)
{
- tls_error(US"cert-status-req", gnutls_strerror(rc), state->host, errstr);
+ tls_error(US"cert-status-req", US gnutls_strerror(rc), state->host, errstr);
return NULL;
}
tlsp->ocsp = OCSP_NOT_RESP;
if (sigalrm_seen)
{
gnutls_alert_send(state->session, GNUTLS_AL_FATAL, GNUTLS_A_USER_CANCELED);
- tls_error(US"gnutls_handshake", "timed out", state->host, errstr);
+ tls_error(US"gnutls_handshake", US"timed out", state->host, errstr);
}
else
- tls_error(US"gnutls_handshake", gnutls_strerror(rc), state->host, errstr);
+ tls_error(US"gnutls_handshake", US gnutls_strerror(rc), state->host, errstr);
return NULL;
}
-DEBUG(D_tls) debug_printf("gnutls_handshake was successful\n");
+DEBUG(D_tls)
+ {
+ debug_printf("gnutls_handshake was successful\n");
+#ifdef SUPPORT_GNUTLS_SESS_DESC
+ debug_printf("%s\n", gnutls_session_get_desc(state->session));
+#endif
+#ifdef SUPPORT_GNUTLS_KEYLOG
+ {
+ gnutls_datum_t c, s;
+ gstring * gc, * gs;
+ gnutls_session_get_random(state->session, &c, &s);
+ gnutls_session_get_master_secret(state->session, &s);
+ gc = ddump(&c);
+ gs = ddump(&s);
+ debug_printf("CLIENT_RANDOM %.*s %.*s\n", (int)gc->ptr, gc->s, (int)gs->ptr, gs->s);
+ }
+#endif
+ }
/* Verify late */
gnutls_free(printed.data);
}
else
- (void) tls_error(US"ocsp decode", gnutls_strerror(rc), state->host, errstr);
+ (void) tls_error(US"ocsp decode", US gnutls_strerror(rc), state->host, errstr);
}
if (gnutls_ocsp_status_request_is_checked(state->session, 0) == 0)
sigalrm_seen = FALSE;
if (smtp_receive_timeout > 0) ALARM(smtp_receive_timeout);
-inbytes = gnutls_record_recv(state->session, state->xfer_buffer,
- MIN(ssl_xfer_buffer_size, lim));
+
+do
+ inbytes = gnutls_record_recv(state->session, state->xfer_buffer,
+ MIN(ssl_xfer_buffer_size, lim));
+while (inbytes == GNUTLS_E_AGAIN);
+
if (smtp_receive_timeout > 0) ALARM_CLR(0);
if (had_command_timeout) /* set by signal handler */
else if (inbytes < 0)
{
-debug_printf("%s: err from gnutls_record_recv(\n", __FUNCTION__);
+ DEBUG(D_tls) debug_printf("%s: err from gnutls_record_recv(\n", __FUNCTION__);
record_io_error(state, (int) inbytes, US"recv", NULL);
state->xfer_error = TRUE;
return FALSE;
This feeds DKIM and should be used for all message-body reads.
-Arguments: lim Maximum amount to read/bufffer
+Arguments: lim Maximum amount to read/buffer
Returns: the next character or EOF
*/
debug_printf("Calling gnutls_record_recv(%p, %p, " SIZE_T_FMT ")\n",
state->session, buff, len);
-inbytes = gnutls_record_recv(state->session, buff, len);
+do
+ inbytes = gnutls_record_recv(state->session, buff, len);
+while (inbytes == GNUTLS_E_AGAIN);
+
if (inbytes > 0) return inbytes;
if (inbytes == 0)
{
DEBUG(D_tls) debug_printf("Got TLS_EOF\n");
}
else
-{
-debug_printf("%s: err from gnutls_record_recv(\n", __FUNCTION__);
-record_io_error(state, (int)inbytes, US"recv", NULL);
-}
+ {
+ DEBUG(D_tls) debug_printf("%s: err from gnutls_record_recv(\n", __FUNCTION__);
+ record_io_error(state, (int)inbytes, US"recv", NULL);
+ }
return -1;
}
{
DEBUG(D_tls) debug_printf("gnutls_record_send(SSL, %p, " SIZE_T_FMT ")\n",
buff, left);
- outbytes = gnutls_record_send(state->session, buff, left);
+
+ do
+ outbytes = gnutls_record_send(state->session, buff, left);
+ while (outbytes == GNUTLS_E_AGAIN);
DEBUG(D_tls) debug_printf("outbytes=" SSIZE_T_FMT "\n", outbytes);
if (outbytes < 0)
{
unsigned int r;
int i, needed_len;
-uschar *p;
uschar smallbuf[sizeof(r)];
if (max <= 1)
needed_len = sizeof(r);
/* Don't take 8 times more entropy than needed if int is 8 octets and we were
- * asked for a number less than 10. */
+asked for a number less than 10. */
+
for (r = max, i = 0; r; ++i)
r >>= 1;
i = (i + 7) / 8;
return vaguely_random_number_fallback(max);
}
r = 0;
-for (p = smallbuf; needed_len; --needed_len, ++p)
- {
- r *= 256;
- r += *p;
- }
+for (uschar * p = smallbuf; needed_len; --needed_len, ++p)
+ r = r * 256 + *p;
/* We don't particularly care about weighted results; if someone wants
* smooth distribution and cares enough then they should submit a patch then. */
projects / exim.git / blobdiff