* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2016 */
+/* Copyright (c) University of Cambridge 1995 - 2017 */
/* See the file NOTICE for conditions of use and distribution. */
/* Portions Copyright (c) The OpenSSL Project 1999 */
# define EXIM_HAVE_ECDH
# endif
# if OPENSSL_VERSION_NUMBER >= 0x10002000L
-# if OPENSSL_VERSION_NUMBER < 0x10100000L
-# define EXIM_HAVE_OPENSSL_ECDH_AUTO
-# endif
# define EXIM_HAVE_OPENSSL_EC_NIST2NID
# endif
# endif
uschar *privatekey;
#ifndef DISABLE_OCSP
BOOL is_server;
+ STACK_OF(X509) *verify_stack; /* chain for verifying the proof */
union {
struct {
uschar *file;
} server;
struct {
X509_STORE *verify_store; /* non-null if status requested */
- STACK_OF(X509) *verify_stack;
BOOL verify_required;
} client;
} u_ocsp;
if (!X509_STORE_add_cert(client_static_cbinfo->u_ocsp.client.verify_store,
cert))
ERR_clear_error();
- sk_X509_push(client_static_cbinfo->u_ocsp.client.verify_stack, cert);
+ sk_X509_push(client_static_cbinfo->verify_stack, cert);
}
#endif
#ifndef DISABLE_EVENT
if (rc < 0)
{
log_write(0, LOG_MAIN, "[%s] SSL verify error: internal error",
- tlsp == &tls_out ? deliver_host_address : sender_host_address);
+ deliver_host_address);
name = NULL;
}
break;
#endif
{
log_write(0, LOG_MAIN,
- "[%s] SSL verify error: certificate name mismatch: \"%s\"",
- tlsp == &tls_out ? deliver_host_address : sender_host_address,
- dn);
+ "[%s] SSL verify error: certificate name mismatch: "
+ "DN=\"%s\" H=\"%s\"",
+ deliver_host_address, dn, verify_cert_hostnames);
*calledp = TRUE;
if (!*optionalp)
{
{
X509 * cert = X509_STORE_CTX_get_current_cert(x509ctx);
uschar dn[256];
-#ifndef DISABLE_EVENT
int depth = X509_STORE_CTX_get_error_depth(x509ctx);
+#ifndef DISABLE_EVENT
BOOL dummy_called, optional = FALSE;
#endif
if (!exp_curve || !*exp_curve)
return TRUE;
-# ifdef EXIM_HAVE_OPENSSL_ECDH_AUTO
-/* check if new enough library to support auto ECDH temp key parameter selection */
+/* "auto" needs to be handled carefully.
+ * OpenSSL < 1.0.2: we do not select anything, but fallback to prime256v1
+ * OpenSSL < 1.1.0: we have to call SSL_CTX_set_ecdh_auto
+ * (openssl/ssl.h defines SSL_CTRL_SET_ECDH_AUTO)
+ * OpenSSL >= 1.1.0: we do not set anything, the libray does autoselection
+ * https://github.com/openssl/openssl/commit/fe6ef2472db933f01b59cad82aa925736935984b
+ */
if (Ustrcmp(exp_curve, "auto") == 0)
{
+#if OPENSSL_VERSION_NUMBER < 0x10002000L
DEBUG(D_tls) debug_printf(
- "ECDH temp key parameter settings: OpenSSL 1.2+ autoselection\n");
+ "ECDH OpenSSL < 1.0.2: temp key parameter settings: overriding \"auto\" with \"prime256v1\"\n");
+ exp_curve = "prime256v1";
+#else
+# if defined SSL_CTRL_SET_ECDH_AUTO
+ DEBUG(D_tls) debug_printf(
+ "ECDH OpenSSL 1.0.2+ temp key parameter settings: autoselection\n");
SSL_CTX_set_ecdh_auto(sctx, 1);
return TRUE;
+# else
+ DEBUG(D_tls) debug_printf(
+ "ECDH OpenSSL 1.1.0+ temp key parameter settings: default selection\n");
+ return TRUE;
+# endif
+#endif
}
-# endif
DEBUG(D_tls) debug_printf("ECDH: curve '%s'\n", exp_curve);
if ( (nid = OBJ_sn2nid (CCS exp_curve)) == NID_undef
/*************************************************
* Load OCSP information into state *
*************************************************/
-
-static STACK_OF(X509) *
-cert_stack_from_store(X509_STORE * store)
-{
-STACK_OF(X509_OBJECT) * roots= store->objs;
-STACK_OF(X509) * sk = sk_X509_new_null();
-int i;
-
-for(i = sk_X509_OBJECT_num(roots) - 1; i >= 0; i--)
- {
- X509_OBJECT * tmp_obj= sk_X509_OBJECT_value(roots, i);
- if(tmp_obj->type == X509_LU_X509)
- {
- X509 * x = tmp_obj->data.x509;
- sk_X509_push(sk, x);
- }
- }
-return sk;
-}
-
-static void
-cert_stack_free(STACK_OF(X509) * sk)
-{
-while (sk_X509_num(sk) > 0) (void) sk_X509_pop(sk);
-sk_X509_free(sk);
-}
-
-
-
/* Called to load the server OCSP response from the given file into memory, once
caller has determined this is needed. Checks validity. Debugs a message
if invalid.
OCSP_BASICRESP * basic_response;
OCSP_SINGLERESP * single_response;
ASN1_GENERALIZEDTIME * rev, * thisupd, * nextupd;
-X509_STORE * store;
STACK_OF(X509) * sk;
unsigned long verify_flags;
int status, reason, i;
goto bad;
}
-store = SSL_CTX_get_cert_store(sctx);
-sk = cert_stack_from_store(store);
+sk = cbinfo->verify_stack;
verify_flags = OCSP_NOVERIFY; /* check sigs, but not purpose */
/* May need to expose ability to adjust those flags?
OCSP_NOSIGS OCSP_NOVERIFY OCSP_NOCHAIN OCSP_NOCHECKS OCSP_NOEXPLICIT
OCSP_TRUSTOTHER OCSP_NOINTERN */
-/* This does a full verify on the OCSP proof before we load it for serviing
+/* This does a full verify on the OCSP proof before we load it for serving
up; possibly overkill - just date-checks might be nice enough.
OCSP_basic_verify takes a "store" arg, but does not
when OCSP_NOVERIFY is set. The content from the wire
"basic_response" and a cert-stack "sk" are all that is used.
-Seperately we might try to replace using OCSP_basic_verify() - which seems to not
+We have a stack, loaded in setup_certs() if tls_verify_certificates
+was a file (not a directory, or "system"). It is unfortunate we
+cannot used the connection context store, as that would neatly
+handle the "system" case too, but there seems to be no library
+function for getting a stack from a store.
+[ In OpenSSL 1.1 - ? X509_STORE_CTX_get0_chain(ctx) ? ]
+We do not free the stack since it could be needed a second time for
+SNI handling.
+
+Separately we might try to replace using OCSP_basic_verify() - which seems to not
be a public interface into the OpenSSL library (there's no manual entry) -
But what with? We also use OCSP_basic_verify in the client stapling callback.
-And there we NEED it; we miust verify that status... unless the
+And there we NEED it; we must verify that status... unless the
library does it for us anyway? */
if ((i = OCSP_basic_verify(basic_response, sk, NULL, verify_flags)) < 0)
ERR_error_string(ERR_get_error(), ssl_errstring);
debug_printf("OCSP response verify failure: %s\n", US ssl_errstring);
}
- cert_stack_free(sk);
goto bad;
}
-cert_stack_free(sk);
/* Here's the simplifying assumption: there's only one response, for the
one certificate we use, and nothing for anything else in a chain. If this
if (!(rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL)))
goto err;
-where = US"assiging pkey";
+where = US"assigning pkey";
if (!EVP_PKEY_assign_RSA(pkey, rsa))
goto err;
DEBUG(D_tls) debug_printf(" - value unchanged, using existing values\n");
}
else
- {
ocsp_load_response(sctx, cbinfo, expanded);
- }
}
}
#endif
}
#endif
-rc = setup_certs(server_sni, tls_verify_certificates, tls_crl, NULL, FALSE, verify_callback_server);
-if (rc != OK) return SSL_TLSEXT_ERR_NOACK;
+if ((rc = setup_certs(server_sni, tls_verify_certificates, tls_crl, NULL, FALSE,
+ verify_callback_server)) != OK)
+ return SSL_TLSEXT_ERR_NOACK;
/* do this after setup_certs, because this can require the certs for verifying
OCSP information. */
/* Use the chain that verified the server cert to verify the stapled info */
/* DEBUG(D_tls) x509_store_dump_cert_s_names(cbinfo->u_ocsp.client.verify_store); */
- if ((i = OCSP_basic_verify(bs, cbinfo->u_ocsp.client.verify_stack,
+ if ((i = OCSP_basic_verify(bs, cbinfo->verify_stack,
cbinfo->u_ocsp.client.verify_store, 0)) <= 0)
{
tls_out.ocsp = OCSP_FAILED;
cbinfo->certificate = certificate;
cbinfo->privatekey = privatekey;
#ifndef DISABLE_OCSP
+cbinfo->verify_stack = NULL;
if ((cbinfo->is_server = host==NULL))
{
cbinfo->u_ocsp.server.file = ocsp_file;
cbinfo->u_ocsp.server.response = NULL;
}
else
- {
cbinfo->u_ocsp.client.verify_store = NULL;
- cbinfo->u_ocsp.client.verify_stack = NULL;
- }
#endif
cbinfo->dhparam = dhparam;
cbinfo->server_cipher_list = NULL;
if ((rc = tls_expand_session_files(*ctxp, cbinfo)) != OK)
return rc;
-/* If we need to handle SNI, do so */
+/* If we need to handle SNI or OCSP, do so */
+
#ifdef EXIM_HAVE_OPENSSL_TLSEXT
+# ifndef DISABLE_OCSP
+ if (!(cbinfo->verify_stack = sk_X509_new_null()))
+ {
+ DEBUG(D_tls) debug_printf("failed to create stack for stapling verify\n");
+ return FAIL;
+ }
+# endif
+
if (host == NULL) /* server */
{
# ifndef DISABLE_OCSP
DEBUG(D_tls) debug_printf("failed to create store for stapling verify\n");
return FAIL;
}
- if (!(cbinfo->u_ocsp.client.verify_stack = sk_X509_new_null()))
- {
- DEBUG(D_tls) debug_printf("failed to create stack for stapling verify\n");
- return FAIL;
- }
SSL_CTX_set_tlsext_status_cb(*ctxp, tls_client_stapling_cb);
SSL_CTX_set_tlsext_status_arg(*ctxp, cbinfo);
}
* Set up for verifying certificates *
*************************************************/
+/* Load certs from file, return TRUE on success */
+
+static BOOL
+chain_from_pem_file(const uschar * file, STACK_OF(X509) * verify_stack)
+{
+BIO * bp;
+X509 * x;
+
+if (!(bp = BIO_new_file(CS file, "r"))) return FALSE;
+while ((x = PEM_read_bio_X509(bp, NULL, 0, NULL)))
+ sk_X509_push(verify_stack, x);
+BIO_free(bp);
+return TRUE;
+}
+
+
+
/* Called by both client and server startup
Arguments:
if ((statbuf.st_mode & S_IFMT) == S_IFDIR)
{ file = NULL; dir = expcerts; }
else
- { file = expcerts; dir = NULL; }
+ {
+ file = expcerts; dir = NULL;
+#ifndef DISABLE_OCSP
+ /* In the server if we will be offering an OCSP proof, load chain from
+ file for verifying the OCSP proof at load time. */
+
+ if ( !host
+ && statbuf.st_size > 0
+ && server_static_cbinfo->u_ocsp.server.file
+ && !chain_from_pem_file(file, server_static_cbinfo->verify_stack)
+ )
+ {
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "failed to load cert hain from %s", file);
+ return DEFER;
+ }
+#endif
+ }
/* If a certificate file is empty, the next function fails with an
unhelpful error message. If we skip it, we get the correct behaviour (no
certificates are recognized, but the error message is still misleading (it
- says no certificate was supplied.) But this is better. */
+ says no certificate was supplied). But this is better. */
if ( (!file || statbuf.st_size > 0)
&& !SSL_CTX_load_verify_locations(sctx, CS file, CS dir))
variant.
If a list isn't loaded into the server, but
some verify locations are set, the server end appears to make
- a wildcard reqest for client certs.
+ a wildcard request for client certs.
Meanwhile, the client library as default behaviour *ignores* the list
we send over the wire - see man SSL_CTX_set_client_cert_cb.
Because of this, and that the dir variant is likely only used for
Returns: OK on success
DEFER for errors before the start of the negotiation
- FAIL for errors during the negotation; the server can't
+ FAIL for errors during the negotiation; the server can't
continue running.
*/
tests, and also for general convenience, we turn underscores into hyphens here.
*/
-if (expciphers != NULL)
+if (expciphers)
{
- uschar *s = expciphers;
+ uschar * s = expciphers;
while (*s != 0) { if (*s == '_') *s = '-'; s++; }
DEBUG(D_tls) debug_printf("required ciphers: %s\n", expciphers);
if (!SSL_CTX_set_cipher_list(server_ctx, CS expciphers))
/* Prepare for new connection */
-if ((server_ssl = SSL_new(server_ctx)) == NULL) return tls_error(US"SSL_new", NULL, NULL);
+if (!(server_ssl = SSL_new(server_ctx))) return tls_error(US"SSL_new", NULL, NULL);
/* Warning: we used to SSL_clear(ssl) here, it was removed.
*
rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)
) if (rr->type == T_TLSA)
{
- uschar * p = rr->data;
+ const uschar * p = rr->data;
uint8_t usage, selector, mtype;
const char * mdname;
/* This gets the next byte from the TLS input buffer. If the buffer is empty,
it refills the buffer via the SSL reading function.
-Arguments: none
+Arguments: lim Maximum amount to read/buffer
Returns: the next character or EOF
Only used by the server-side TLS.
*/
int
-tls_getc(void)
+tls_getc(unsigned lim)
{
if (ssl_xfer_buffer_lwm >= ssl_xfer_buffer_hwm)
{
ssl_xfer_buffer, ssl_xfer_buffer_size);
if (smtp_receive_timeout > 0) alarm(smtp_receive_timeout);
- inbytes = SSL_read(server_ssl, CS ssl_xfer_buffer, ssl_xfer_buffer_size);
+ inbytes = SSL_read(server_ssl, CS ssl_xfer_buffer,
+ MIN(ssl_xfer_buffer_size, lim));
error = SSL_get_error(server_ssl, inbytes);
alarm(0);
tls_in.peerdn = NULL;
tls_in.sni = NULL;
- return smtp_getc();
+ return smtp_getc(lim);
}
/* Handle genuine errors */
git://git.exim.org / exim.git / blobdiff