X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/b10c87b38c2345d15d30da5c18c823355ac506a9..be427508c032dc0d47036eb5fea0139e0c63e9e5:/src/src/tls-gnu.c diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index 32625d6d8..f64b0ae68 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -76,6 +76,9 @@ require current GnuTLS, then we'll drop support for the ancient libraries). #if GNUTLS_VERSION_NUMBER >= 0x030506 && !defined(DISABLE_OCSP) # define SUPPORT_SRV_OCSP_STACK #endif +#if GNUTLS_VERSION_NUMBER >= 0x030603 +# define SUPPORT_GNUTLS_EXT_RAW_PARSE +#endif #ifdef SUPPORT_DANE # if GNUTLS_VERSION_NUMBER >= 0x030000 @@ -89,6 +92,12 @@ require current GnuTLS, then we'll drop support for the ancient libraries). # endif #endif +#ifdef EXPERIMENTAL_TLS_RESUME +# if GNUTLS_VERSION_NUMBER < 0x030603 +# error GNUTLS version too early for session-resumption +# endif +#endif + #ifndef DISABLE_OCSP # include #endif @@ -209,7 +218,7 @@ don't want to repeat this. */ static gnutls_dh_params_t dh_server_params = NULL; -static int ssl_session_timeout = 3600; /* One hour */ +static int ssl_session_timeout = 7200; /* Two hours */ static const uschar * const exim_default_gnutls_priority = US"NORMAL"; @@ -219,6 +228,7 @@ static BOOL exim_gnutls_base_init_done = FALSE; #ifndef DISABLE_OCSP static BOOL gnutls_buggy_ocsp = FALSE; +static BOOL exim_testharness_disable_ocsp_validity_check = FALSE; #endif #ifdef EXPERIMENTAL_TLS_RESUME @@ -237,7 +247,7 @@ setuid binaries, making it useless - "GNUTLS_DEBUG_LEVEL". Allegedly the testscript line "GNUTLS_DEBUG_LEVEL=9 sudo exim ..." would work, but the env var must be added to /etc/sudoers too. */ #ifndef EXIM_GNUTLS_LIBRARY_LOG_LEVEL -# define EXIM_GNUTLS_LIBRARY_LOG_LEVEL 9 +# define EXIM_GNUTLS_LIBRARY_LOG_LEVEL -1 #endif #ifndef EXIM_CLIENT_DH_MIN_BITS @@ -281,11 +291,16 @@ static void exim_gnutls_logger_cb(int level, const char *message); static int exim_sni_handling_cb(gnutls_session_t session); -#ifndef DISABLE_OCSP +#if !defined(DISABLE_OCSP) static int server_ocsp_stapling_cb(gnutls_session_t session, void * ptr, gnutls_datum_t * ocsp_response); #endif +#ifdef EXPERIMENTAL_TLS_RESUME +static int +tls_server_ticket_cb(gnutls_session_t sess, u_int htype, unsigned when, + unsigned incoming, const gnutls_datum_t * msg); +#endif /* Daemon one-time initialisation */ @@ -642,7 +657,7 @@ if ((fd = Uopen(filename, O_RDONLY, 0)) >= 0) } m.size = statbuf.st_size; - if (!(m.data = malloc(m.size))) + if (!(m.data = store_malloc(m.size))) { fclose(fp); return tls_error_sys(US"malloc failed", errno, NULL, errstr); @@ -651,13 +666,13 @@ if ((fd = Uopen(filename, O_RDONLY, 0)) >= 0) { saved_errno = errno; fclose(fp); - free(m.data); + store_free(m.data); return tls_error_sys(US"fread failed", saved_errno, NULL, errstr); } fclose(fp); rc = gnutls_dh_params_import_pkcs3(dh_server_params, &m, GNUTLS_X509_FMT_PEM); - free(m.data); + store_free(m.data); if (rc) return tls_error_gnu(US"gnutls_dh_params_import_pkcs3", rc, host, errstr); DEBUG(D_tls) debug_printf("read D-H parameters from file \"%s\"\n", filename); @@ -730,25 +745,25 @@ if (rc < 0) return tls_error_gnu(US"gnutls_dh_params_export_pkcs3(NULL) sizing", rc, host, errstr); m.size = sz; - if (!(m.data = malloc(m.size))) + if (!(m.data = store_malloc(m.size))) return tls_error_sys(US"memory allocation failed", errno, NULL, errstr); /* this will return a size 1 less than the allocation size above */ if ((rc = gnutls_dh_params_export_pkcs3(dh_server_params, GNUTLS_X509_FMT_PEM, m.data, &sz))) { - free(m.data); + store_free(m.data); return tls_error_gnu(US"gnutls_dh_params_export_pkcs3() real", rc, host, errstr); } m.size = sz; /* shrink by 1, probably */ if ((sz = write_to_fd_buf(fd, m.data, (size_t) m.size)) != m.size) { - free(m.data); + store_free(m.data); return tls_error_sys(US"TLS cache write D-H params failed", errno, NULL, errstr); } - free(m.data); + store_free(m.data); if ((sz = write_to_fd_buf(fd, US"\n", 1)) != 1) return tls_error_sys(US"TLS cache write D-H params final newline failed", errno, NULL, errstr); @@ -862,6 +877,82 @@ return -rc; } +#ifdef SUPPORT_GNUTLS_EXT_RAW_PARSE +/* Make a note that we saw a status-request */ +static int +tls_server_clienthello_ext(void * ctx, unsigned tls_id, + const unsigned char *data, unsigned size) +{ +/* https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml */ +if (tls_id == 5) /* status_request */ + { + DEBUG(D_tls) debug_printf("Seen status_request extension\n"); + tls_in.ocsp = OCSP_NOT_RESP; + } +return 0; +} + +/* Callback for client-hello, on server, if we think we might serve stapled-OCSP */ +static int +tls_server_clienthello_cb(gnutls_session_t session, unsigned int htype, + unsigned when, unsigned int incoming, const gnutls_datum_t * msg) +{ +/* Call fn for each extension seen. 3.6.3 onwards */ +return gnutls_ext_raw_parse(NULL, tls_server_clienthello_ext, msg, + GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO); +} +#endif + +/* Callback for certificate-status, on server. We sent stapled OCSP. */ +static int +tls_server_certstatus_cb(gnutls_session_t session, unsigned int htype, + unsigned when, unsigned int incoming, const gnutls_datum_t * msg) +{ +DEBUG(D_tls) debug_printf("Sending certificate-status\n"); +#ifdef SUPPORT_SRV_OCSP_STACK +tls_in.ocsp = exim_testharness_disable_ocsp_validity_check + ? OCSP_VFY_NOT_TRIED : OCSP_VFIED; /* We know that GnuTLS verifies responses */ +#else +tls_in.ocsp = OCSP_VFY_NOT_TRIED; +#endif +return 0; +} + +/* Callback for handshake messages, on server */ +static int +tls_server_hook_cb(gnutls_session_t sess, u_int htype, unsigned when, + unsigned incoming, const gnutls_datum_t * msg) +{ +switch (htype) + { +#ifdef SUPPORT_GNUTLS_EXT_RAW_PARSE + case GNUTLS_HANDSHAKE_CLIENT_HELLO: + return tls_server_clienthello_cb(sess, htype, when, incoming, msg); +#endif + case GNUTLS_HANDSHAKE_CERTIFICATE_STATUS: + return tls_server_certstatus_cb(sess, htype, when, incoming, msg); +#ifdef EXPERIMENTAL_TLS_RESUME + case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: + return tls_server_ticket_cb(sess, htype, when, incoming, msg); +#endif + default: + return 0; + } +} + + +static void +tls_server_testharness_ocsp_fiddle(void) +{ +extern char ** environ; +if (environ) for (uschar ** p = USS environ; *p; p++) + if (Ustrncmp(*p, "EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK", 42) == 0) + { + DEBUG(D_tls) debug_printf("Permitting known bad OCSP response\n"); + exim_testharness_disable_ocsp_validity_check = TRUE; + } +} + /************************************************* * Variables re-expanded post-SNI * *************************************************/ @@ -996,12 +1087,13 @@ if (state->exp_tls_certificate && *state->exp_tls_certificate) else { int gnutls_cert_index = -rc; - DEBUG(D_tls) debug_printf("TLS: cert/key %s registered\n", cfile); + DEBUG(D_tls) debug_printf("TLS: cert/key %d %s registered\n", gnutls_cert_index, cfile); /* Set the OCSP stapling server info */ #ifndef DISABLE_OCSP if (tls_ocsp_file) + { if (gnutls_buggy_ocsp) { DEBUG(D_tls) @@ -1009,37 +1101,53 @@ if (state->exp_tls_certificate && *state->exp_tls_certificate) } else if ((ofile = string_nextinlist(&olist, &osep, NULL, 0))) { - /* Use the full callback method for stapling just to get - observability. More efficient would be to read the file once only, - if it never changed (due to SNI). Would need restart on file update, - or watch datestamp. */ + DEBUG(D_tls) debug_printf("OCSP response file = %s\n", ofile); + +# ifdef SUPPORT_GNUTLS_EXT_RAW_PARSE + if (f.running_in_test_harness) tls_server_testharness_ocsp_fiddle(); -# ifdef SUPPORT_SRV_OCSP_STACK + if (!exim_testharness_disable_ocsp_validity_check) + { + if ((rc = gnutls_certificate_set_ocsp_status_request_file2( + state->x509_cred, CCS ofile, gnutls_cert_index, + GNUTLS_X509_FMT_DER)) < 0) + return tls_error_gnu( + US"gnutls_certificate_set_ocsp_status_request_file2", + rc, host, errstr); + + /* Arrange callbacks for OCSP request observability */ + + gnutls_handshake_set_hook_function(state->session, + GNUTLS_HANDSHAKE_ANY, GNUTLS_HOOK_POST, tls_server_hook_cb); + } + else +# elif defined(SUPPORT_SRV_OCSP_STACK) if ((rc = gnutls_certificate_set_ocsp_status_request_function2( - state->x509_cred, gnutls_cert_index, - server_ocsp_stapling_cb, ofile))) - return tls_error_gnu( + state->x509_cred, gnutls_cert_index, + server_ocsp_stapling_cb, ofile))) + return tls_error_gnu( US"gnutls_certificate_set_ocsp_status_request_function2", rc, host, errstr); -# else - if (cnt++ > 0) + else +# endif { - DEBUG(D_tls) - debug_printf("oops; multiple OCSP files not supported\n"); - break; + if (cnt++ > 0) + { + DEBUG(D_tls) + debug_printf("oops; multiple OCSP files not supported\n"); + break; + } + gnutls_certificate_set_ocsp_status_request_function( + state->x509_cred, server_ocsp_stapling_cb, ofile); } - gnutls_certificate_set_ocsp_status_request_function( - state->x509_cred, server_ocsp_stapling_cb, ofile); -# endif - - DEBUG(D_tls) debug_printf("OCSP response file = %s\n", ofile); } else DEBUG(D_tls) debug_printf("ran out of OCSP response files in list\n"); -#endif + } +#endif /* DISABLE_OCSP */ } } - else + else /* client */ { if (0 < (rc = tls_add_certfile(state, host, state->exp_tls_certificate, state->exp_tls_privatekey, errstr))) @@ -1137,6 +1245,14 @@ else #endif gnutls_certificate_set_x509_trust_file(state->x509_cred, CS state->exp_tls_verify_certificates, GNUTLS_X509_FMT_PEM); + +#ifdef SUPPORT_CA_DIR + /* Mimic the behaviour with OpenSSL of not advertising a usable-cert list + when using the directory-of-certs config model. */ + + if ((statbuf.st_mode & S_IFMT) == S_IFDIR) + gnutls_certificate_send_x509_rdn_sequence(state->session, 1); +#endif } if (cert_count < 0) @@ -1318,7 +1434,7 @@ if (host) several in parallel. */ int old_pool = store_pool; store_pool = POOL_PERM; - state = store_get(sizeof(exim_gnutls_state_st)); + state = store_get(sizeof(exim_gnutls_state_st), FALSE); store_pool = old_pool; memcpy(state, &exim_gnutls_state_init, sizeof(exim_gnutls_state_init)); @@ -1615,7 +1731,7 @@ if (rc != GNUTLS_E_SHORT_MEMORY_BUFFER) exim_gnutls_peer_err(US"getting size for cert DN failed"); return FAIL; /* should not happen */ } -dn_buf = store_get_perm(sz); +dn_buf = store_get_perm(sz, TRUE); /* tainted */ rc = gnutls_x509_crt_get_dn(crt, CS dn_buf, &sz); exim_gnutls_peer_err(US"failed to extract certificate DN [gnutls_x509_crt_get_dn(cert 0)]"); @@ -1695,8 +1811,8 @@ else for(nrec = 0; state->dane_data_len[nrec]; ) nrec++; nrec++; - dd = store_get(nrec * sizeof(uschar *)); - ddl = store_get(nrec * sizeof(int)); + dd = store_get(nrec * sizeof(uschar *), FALSE); + ddl = store_get(nrec * sizeof(int), FALSE); nrec--; if ((rc = dane_state_init(&s, 0))) @@ -1924,13 +2040,12 @@ uschar * dummy_errstr; rc = gnutls_server_name_get(session, sni_name, &data_len, &sni_type, 0); if (rc != GNUTLS_E_SUCCESS) { - DEBUG(D_tls) { + DEBUG(D_tls) if (rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) debug_printf("TLS: no SNI presented in handshake.\n"); else debug_printf("TLS failure: gnutls_server_name_get(): %s [%d]\n", gnutls_strerror(rc), rc); - } return 0; } @@ -1943,7 +2058,7 @@ if (sni_type != GNUTLS_NAME_DNS) /* We now have a UTF-8 string in sni_name */ old_pool = store_pool; store_pool = POOL_PERM; -state->received_sni = string_copyn(US sni_name, data_len); +state->received_sni = string_copy_taint(US sni_name, TRUE); store_pool = old_pool; /* We set this one now so that variable expansions below will work */ @@ -1970,7 +2085,7 @@ return 0; -#ifndef DISABLE_OCSP +#if !defined(DISABLE_OCSP) static int server_ocsp_stapling_cb(gnutls_session_t session, void * ptr, @@ -2120,7 +2235,7 @@ if (verify_check_host(&tls_resumption_hosts) == OK) /* Try to tell if we see a ticket request */ gnutls_handshake_set_hook_function(state->session, - GNUTLS_HANDSHAKE_NEW_SESSION_TICKET, GNUTLS_HOOK_POST, tls_server_ticket_cb); + GNUTLS_HANDSHAKE_ANY, GNUTLS_HOOK_POST, tls_server_hook_cb); } } @@ -2378,8 +2493,8 @@ for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr; rr = dns_next_rr(dnsa, &dnss, RESET_NEXT) ) if (rr->type == T_TLSA) i++; -dane_data = store_get(i * sizeof(uschar *)); -dane_data_len = store_get(i * sizeof(int)); +dane_data = store_get(i * sizeof(uschar *), FALSE); +dane_data_len = store_get(i * sizeof(int), FALSE); i = 0; for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr; @@ -2387,6 +2502,7 @@ for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr; ) if (rr->type == T_TLSA && rr->size > 3) { const uschar * p = rr->data; +/*XXX need somehow to mark rr and its data as tainted. Doues this mean copying it? */ uint8_t usage = p[0], sel = p[1], type = p[2]; DEBUG(D_tls) @@ -2451,7 +2567,9 @@ if (verify_check_given_host(CUSS &ob->tls_resumption_hosts, host) == OK) tlsp->resumption |= RESUME_CLIENT_REQUESTED; if ((dbm_file = dbfn_open(US"tls", O_RDONLY, &dbblock, FALSE, FALSE))) { - /* key for the db is the IP */ + /* Key for the db is the IP. We'd like to filter the retrieved session + for ticket advisory expiry, but 3.6.1 seems to give no access to that */ + if ((dt = dbfn_read_with_length(dbm_file, host->address, &len))) if (!(rc = gnutls_session_set_data(session, CUS dt->session, (size_t)len - sizeof(dbdata_tls_session)))) @@ -2489,7 +2607,7 @@ if (gnutls_session_get_flags(session) & GNUTLS_SFLAGS_SESSION_TICKET) { open_db dbblock, * dbm_file; int dlen = sizeof(dbdata_tls_session) + tkt.size; - dbdata_tls_session * dt = store_get(dlen); + dbdata_tls_session * dt = store_get(dlen, TRUE); DEBUG(D_tls) debug_printf("session data size %u\n", (unsigned)tkt.size); memcpy(dt->session, tkt.data, tkt.size); @@ -2749,7 +2867,7 @@ if (!verify_certificate(state, errstr)) } #ifndef DISABLE_OCSP -if (require_ocsp) +if (request_ocsp) { DEBUG(D_tls) { @@ -2773,10 +2891,14 @@ if (require_ocsp) { tlsp->ocsp = OCSP_FAILED; tls_error(US"certificate status check failed", NULL, state->host, errstr); - return FALSE; + if (require_ocsp) + return FALSE; + } + else + { + DEBUG(D_tls) debug_printf("Passed OCSP checking\n"); + tlsp->ocsp = OCSP_VFIED; } - DEBUG(D_tls) debug_printf("Passed OCSP checking\n"); - tlsp->ocsp = OCSP_VFIED; } #endif @@ -2815,8 +2937,9 @@ void tls_close(void * ct_ctx, int shutdown) { exim_gnutls_state_st * state = ct_ctx ? ct_ctx : &state_server; +tls_support * tlsp = state->tlsp; -if (!state->tlsp || state->tlsp->active.sock < 0) return; /* TLS was not active */ +if (!tlsp || tlsp->active.sock < 0) return; /* TLS was not active */ if (shutdown) { @@ -2828,12 +2951,26 @@ if (shutdown) ALARM_CLR(0); } +if (!ct_ctx) /* server */ + { + receive_getc = smtp_getc; + receive_getbuf = smtp_getbuf; + receive_get_cache = smtp_get_cache; + receive_ungetc = smtp_ungetc; + receive_feof = smtp_feof; + receive_ferror = smtp_ferror; + receive_smtp_buffered = smtp_buffered; + } + gnutls_deinit(state->session); gnutls_certificate_free_credentials(state->x509_cred); +tlsp->active.sock = -1; +tlsp->active.tls_ctx = NULL; +/* Leave bits, peercert, cipher, peerdn, certificate_verified set, for logging */ +tls_channelbinding_b64 = NULL; + -state->tlsp->active.sock = -1; -state->tlsp->active.tls_ctx = NULL; if (state->xfer_buffer) store_free(state->xfer_buffer); memcpy(state, &exim_gnutls_state_init, sizeof(exim_gnutls_state_init)); } @@ -2883,28 +3020,7 @@ if (sigalrm_seen) else if (inbytes == 0) { DEBUG(D_tls) debug_printf("Got TLS_EOF\n"); - - receive_getc = smtp_getc; - receive_getbuf = smtp_getbuf; - receive_get_cache = smtp_get_cache; - receive_ungetc = smtp_ungetc; - receive_feof = smtp_feof; - receive_ferror = smtp_ferror; - receive_smtp_buffered = smtp_buffered; - - gnutls_deinit(state->session); - gnutls_certificate_free_credentials(state->x509_cred); - - state->session = NULL; - state->tlsp->active.sock = -1; - state->tlsp->active.tls_ctx = NULL; - state->tlsp->bits = 0; - state->tlsp->certificate_verified = FALSE; - tls_channelbinding_b64 = NULL; - state->tlsp->cipher = NULL; - state->tlsp->peercert = NULL; - state->tlsp->peerdn = NULL; - + tls_close(NULL, TLS_NO_SHUTDOWN); return FALSE; }