X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/fc624b8cb4c3312d7450dfa86adfa3fe8dd9cbeb..0cc804c87799fb5902e66d5bd537a762f786dc2a:/src/src/tls-gnu.c

diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 3adadb80b..622782369 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -333,6 +333,9 @@ before, for now. */
 # endif /* AVOID_GNUTLS_PKCS11 */
 #endif
 
+#if GNUTLS_VERSION_NUMBER >= 0x030404
+# define HAVE_GNUTLS_PRF_RFC5705
+#endif
 
 
 
@@ -624,11 +627,6 @@ Argument:
 static void
 extract_exim_vars_from_tls_state(exim_gnutls_state_st * state)
 {
-#ifdef HAVE_GNUTLS_SESSION_CHANNEL_BINDING
-int old_pool;
-int rc;
-gnutls_datum_t channel;
-#endif
 tls_support * tlsp = state->tlsp;
 
 tlsp->active.sock = state->fd_out;
@@ -646,21 +644,40 @@ only available for use for authenticators while this TLS session is running. */
 
 tlsp->channelbinding = NULL;
 #ifdef HAVE_GNUTLS_SESSION_CHANNEL_BINDING
-channel.data = NULL;
-channel.size = 0;
-if ((rc = gnutls_session_channel_binding(state->session, GNUTLS_CB_TLS_UNIQUE, &channel)))
-  { DEBUG(D_tls) debug_printf("Channel binding error: %s\n", gnutls_strerror(rc)); }
-else
   {
-  /* Declare the taintedness of the binding info.  On server, untainted; on
-  client, tainted - being the Finish msg from the server. */
+  gnutls_datum_t channel = {.data = NULL, .size = 0};
+  uschar * buf;
+  int rc;
 
-  old_pool = store_pool;
-  store_pool = POOL_PERM;
-  tlsp->channelbinding = b64encode_taint(CUS channel.data, (int)channel.size,
-					  !!state->host);
-  store_pool = old_pool;
-  DEBUG(D_tls) debug_printf("Have channel bindings cached for possible auth usage\n");
+# ifdef HAVE_GNUTLS_PRF_RFC5705
+  /* Older libraries may not have GNUTLS_TLS1_3 defined! */
+  if (gnutls_protocol_get_version(state->session) > GNUTLS_TLS1_2)
+    {
+    buf = store_get(32, state->host ? GET_TAINTED : GET_UNTAINTED);
+    rc = gnutls_prf_rfc5705(state->session,
+				(size_t)24,  "EXPORTER-Channel-Binding", (size_t)0, "",
+				32, CS buf);
+    channel.data = buf;
+    channel.size = 32;
+    }
+  else
+# endif
+    rc = gnutls_session_channel_binding(state->session, GNUTLS_CB_TLS_UNIQUE, &channel);
+
+  if (rc)
+    { DEBUG(D_tls) debug_printf("extracting channel binding: %s\n", gnutls_strerror(rc)); }
+  else
+    {
+    int old_pool = store_pool;
+    /* Declare the taintedness of the binding info.  On server, untainted; on
+    client, tainted - being the Finish msg from the server. */
+
+    store_pool = POOL_PERM;
+    tlsp->channelbinding = b64encode_taint(CUS channel.data, (int)channel.size,
+					    state->host ? GET_TAINTED : GET_UNTAINTED);
+    store_pool = old_pool;
+    DEBUG(D_tls) debug_printf("Have channel bindings cached for possible auth usage\n");
+    }
   }
 #endif
 
@@ -2015,7 +2032,7 @@ if (host)
 
   int old_pool = store_pool;
   store_pool = POOL_PERM;
-  state = store_get(sizeof(exim_gnutls_state_st), FALSE);
+  state = store_get(sizeof(exim_gnutls_state_st), GET_UNTAINTED);
   store_pool = old_pool;
 
   memcpy(state, &exim_gnutls_state_init, sizeof(exim_gnutls_state_init));
@@ -2335,7 +2352,7 @@ if (rc != GNUTLS_E_SHORT_MEMORY_BUFFER)
   exim_gnutls_peer_err(US"getting size for cert DN failed");
   return FAIL; /* should not happen */
   }
-dn_buf = store_get_perm(sz, TRUE);	/* tainted */
+dn_buf = store_get_perm(sz, GET_TAINTED);
 rc = gnutls_x509_crt_get_dn(crt, CS dn_buf, &sz);
 exim_gnutls_peer_err(US"failed to extract certificate DN [gnutls_x509_crt_get_dn(cert 0)]");
 
@@ -2415,8 +2432,8 @@ else
       for (nrec = 0; state->dane_data_len[nrec]; ) nrec++;
       nrec++;
 
-      dd = store_get(nrec * sizeof(uschar *), FALSE);
-      ddl = store_get(nrec * sizeof(int), FALSE);
+      dd = store_get(nrec * sizeof(uschar *), GET_UNTAINTED);
+      ddl = store_get(nrec * sizeof(int), GET_UNTAINTED);
       nrec--;
 
       if ((rc = dane_state_init(&s, 0)))
@@ -2662,7 +2679,7 @@ if (sni_type != GNUTLS_NAME_DNS)
 /* We now have a UTF-8 string in sni_name */
 old_pool = store_pool;
 store_pool = POOL_PERM;
-state->received_sni = string_copy_taint(US sni_name, TRUE);
+state->received_sni = string_copy_taint(US sni_name, GET_TAINTED);
 store_pool = old_pool;
 
 /* We set this one now so that variable expansions below will work */
@@ -2873,7 +2890,7 @@ else
 
   while (string_nextinlist(&list, &sep, NULL, 0)) cnt++;
 
-  p = store_get(sizeof(gnutls_datum_t) * cnt, is_tainted(exp_alpn));
+  p = store_get(sizeof(gnutls_datum_t) * cnt, exp_alpn);
   list = exp_alpn;
   for (int i = 0; s = string_nextinlist(&list, &sep, NULL, 0); i++)
     { p[i].data = s; p[i].size = Ustrlen(s); }
@@ -3192,8 +3209,8 @@ for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
      rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)
     ) if (rr->type == T_TLSA) i++;
 
-dane_data = store_get(i * sizeof(uschar *), FALSE);
-dane_data_len = store_get(i * sizeof(int), FALSE);
+dane_data = store_get(i * sizeof(uschar *), GET_UNTAINTED);
+dane_data_len = store_get(i * sizeof(int), GET_UNTAINTED);
 
 i = 0;
 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
@@ -3306,7 +3323,7 @@ if (gnutls_session_get_flags(session) & GNUTLS_SFLAGS_SESSION_TICKET)
       {
       open_db dbblock, * dbm_file;
       int dlen = sizeof(dbdata_tls_session) + tkt.size;
-      dbdata_tls_session * dt = store_get(dlen, TRUE);
+      dbdata_tls_session * dt = store_get(dlen, GET_TAINTED);
 
       DEBUG(D_tls) debug_printf("session data size %u\n", (unsigned)tkt.size);
       memcpy(dt->session, tkt.data, tkt.size);
@@ -3727,17 +3744,21 @@ if (!tlsp || tlsp->active.sock < 0) return;  /* TLS was not active */
 if (do_shutdown)
   {
   DEBUG(D_tls) debug_printf("tls_close(): shutting down TLS%s\n",
-    do_shutdown > 1 ? " (with response-wait)" : "");
+    do_shutdown > TLS_SHUTDOWN_NOWAIT ? " (with response-wait)" : "");
 
   tls_write(ct_ctx, NULL, 0, FALSE);	/* flush write buffer */
 
 #ifdef EXIM_TCP_CORK
-  if (do_shutdown > 1)
+  if (do_shutdown == TLS_SHUTDOWN_WAIT)
     (void) setsockopt(tlsp->active.sock, IPPROTO_TCP, EXIM_TCP_CORK, US &off, sizeof(off));
 #endif
 
+  /* The library seems to have no way to only wait for a peer's
+  shutdown, so handle the same as TLS_SHUTDOWN_WAIT */
+
   ALARM(2);
-  gnutls_bye(state->session, do_shutdown > 1 ? GNUTLS_SHUT_RDWR : GNUTLS_SHUT_WR);
+  gnutls_bye(state->session,
+      do_shutdown > TLS_SHUTDOWN_NOWAIT ? GNUTLS_SHUT_RDWR : GNUTLS_SHUT_WR);
   ALARM_CLR(0);
   }
 
@@ -4234,17 +4255,18 @@ return NULL;
 
 /* See a description in tls-openssl.c for an explanation of why this exists.
 
-Arguments:   a FILE* to print the results to
-Returns:     nothing
+Arguments:   string to append to
+Returns:     string
 */
 
-void
-tls_version_report(FILE *f)
+gstring *
+tls_version_report(gstring * g)
 {
-fprintf(f, "Library version: GnuTLS: Compile: %s\n"
-           "                         Runtime: %s\n",
-           LIBGNUTLS_VERSION,
-           gnutls_check_version(NULL));
+return string_fmt_append(g,
+    "Library version: GnuTLS: Compile: %s\n"
+    "                         Runtime: %s\n",
+	     LIBGNUTLS_VERSION,
+	     gnutls_check_version(NULL));
 }
 
 #endif	/*!MACRO_PREDEF*/