1 /* 2 * Copyright (c) 2000-2004 Sendmail, Inc. and its suppliers. 3 * All rights reserved. 4 * 5 * By using this file, you agree to the terms and conditions set 6 * forth in the LICENSE file which can be found at the top level of 7 * the sendmail distribution. 8 * 9 */ 10 11 #include <sendmail.h> 12 13 SM_RCSID("@(#)$Id: tls.c,v 8.95 2004/07/13 21:37:33 ca Exp $") 14 15 #if STARTTLS 16 # include <openssl/err.h> 17 # include <openssl/bio.h> 18 # include <openssl/pem.h> 19 # ifndef HASURANDOMDEV 20 # include <openssl/rand.h> 21 # endif /* ! HASURANDOMDEV */ 22 # if !TLS_NO_RSA 23 static RSA *rsa_tmp = NULL; /* temporary RSA key */ 24 static RSA *tmp_rsa_key __P((SSL *, int, int)); 25 # endif /* !TLS_NO_RSA */ 26 # if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x00907000L 27 static int tls_verify_cb __P((X509_STORE_CTX *)); 28 # else /* !defined() || OPENSSL_VERSION_NUMBER < 0x00907000L */ 29 static int tls_verify_cb __P((X509_STORE_CTX *, void *)); 30 # endif /* !defined() || OPENSSL_VERSION_NUMBER < 0x00907000L */ 31 32 # if OPENSSL_VERSION_NUMBER > 0x00907000L 33 static int x509_verify_cb __P((int, X509_STORE_CTX *)); 34 # endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */ 35 36 # if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x00907000L 37 # define CONST097 38 # else /* !defined() || OPENSSL_VERSION_NUMBER < 0x00907000L */ 39 # define CONST097 const 40 # endif /* !defined() || OPENSSL_VERSION_NUMBER < 0x00907000L */ 41 static void apps_ssl_info_cb __P((CONST097 SSL *, int , int)); 42 43 # if !NO_DH 44 static DH *get_dh512 __P((void)); 45 46 static unsigned char dh512_p[] = 47 { 48 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75, 49 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F, 50 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3, 51 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12, 52 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C, 53 0x47,0x74,0xE8,0x33 54 }; 55 static unsigned char dh512_g[] = 56 { 57 0x02 58 }; 59 60 static DH * 61 get_dh512() 62 { 63 DH *dh = NULL; 64 65 if ((dh = DH_new()) == NULL) 66 return NULL; 67 dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); 68 dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); 69 if ((dh->p == NULL) || (dh->g == NULL)) 70 return NULL; 71 return dh; 72 } 73 # endif /* !NO_DH */ 74 75 76 /* 77 ** TLS_RAND_INIT -- initialize STARTTLS random generator 78 ** 79 ** Parameters: 80 ** randfile -- name of file with random data 81 ** logl -- loglevel 82 ** 83 ** Returns: 84 ** success/failure 85 ** 86 ** Side Effects: 87 ** initializes PRNG for tls library. 88 */ 89 90 # define MIN_RAND_BYTES 128 /* 1024 bits */ 91 92 # define RF_OK 0 /* randfile OK */ 93 # define RF_MISS 1 /* randfile == NULL || *randfile == '\0' */ 94 # define RF_UNKNOWN 2 /* unknown prefix for randfile */ 95 96 # define RI_NONE 0 /* no init yet */ 97 # define RI_SUCCESS 1 /* init was successful */ 98 # define RI_FAIL 2 /* init failed */ 99 100 static bool tls_rand_init __P((char *, int)); 101 102 static bool 103 tls_rand_init(randfile, logl) 104 char *randfile; 105 int logl; 106 { 107 # ifndef HASURANDOMDEV 108 /* not required if /dev/urandom exists, OpenSSL does it internally */ 109 110 bool ok; 111 int randdef; 112 static int done = RI_NONE; 113 114 /* 115 ** initialize PRNG 116 */ 117 118 /* did we try this before? if yes: return old value */ 119 if (done != RI_NONE) 120 return done == RI_SUCCESS; 121 122 /* set default values */ 123 ok = false; 124 done = RI_FAIL; 125 randdef = (randfile == NULL || *randfile == '\0') ? RF_MISS : RF_OK; 126 # if EGD 127 if (randdef == RF_OK && sm_strncasecmp(randfile, "egd:", 4) == 0) 128 { 129 randfile += 4; 130 if (RAND_egd(randfile) < 0) 131 { 132 sm_syslog(LOG_WARNING, NOQID, 133 "STARTTLS: RAND_egd(%s) failed: random number generator not seeded", 134 randfile); 135 } 136 else 137 ok = true; 138 } 139 else 140 # endif /* EGD */ 141 if (randdef == RF_OK && sm_strncasecmp(randfile, "file:", 5) == 0) 142 { 143 int fd; 144 long sff; 145 struct stat st; 146 147 randfile += 5; 148 sff = SFF_SAFEDIRPATH | SFF_NOWLINK 149 | SFF_NOGWFILES | SFF_NOWWFILES 150 | SFF_NOGRFILES | SFF_NOWRFILES 151 | SFF_MUSTOWN | SFF_ROOTOK | SFF_OPENASROOT; 152 if (DontLockReadFiles) 153 sff |= SFF_NOLOCK; 154 if ((fd = safeopen(randfile, O_RDONLY, 0, sff)) >= 0) 155 { 156 if (fstat(fd, &st) < 0) 157 { 158 if (LogLevel > logl) 159 sm_syslog(LOG_ERR, NOQID, 160 "STARTTLS: can't fstat(%s)", 161 randfile); 162 } 163 else 164 { 165 bool use, problem; 166 167 use = true; 168 problem = false; 169 170 /* max. age of file: 10 minutes */ 171 if (st.st_mtime + 600 < curtime()) 172 { 173 use = bitnset(DBS_INSUFFICIENTENTROPY, 174 DontBlameSendmail); 175 problem = true; 176 if (LogLevel > logl) 177 sm_syslog(LOG_ERR, NOQID, 178 "STARTTLS: RandFile %s too old: %s", 179 randfile, 180 use ? "unsafe" : 181 "unusable"); 182 } 183 if (use && st.st_size < MIN_RAND_BYTES) 184 { 185 use = bitnset(DBS_INSUFFICIENTENTROPY, 186 DontBlameSendmail); 187 problem = true; 188 if (LogLevel > logl) 189 sm_syslog(LOG_ERR, NOQID, 190 "STARTTLS: size(%s) < %d: %s", 191 randfile, 192 MIN_RAND_BYTES, 193 use ? "unsafe" : 194 "unusable"); 195 } 196 if (use) 197 ok = RAND_load_file(randfile, -1) >= 198 MIN_RAND_BYTES; 199 if (use && !ok) 200 { 201 if (LogLevel > logl) 202 sm_syslog(LOG_WARNING, NOQID, 203 "STARTTLS: RAND_load_file(%s) failed: random number generator not seeded", 204 randfile); 205 } 206 if (problem) 207 ok = false; 208 } 209 if (ok || bitnset(DBS_INSUFFICIENTENTROPY, 210 DontBlameSendmail)) 211 { 212 /* add this even if fstat() failed */ 213 RAND_seed((void *) &st, sizeof st); 214 } 215 (void) close(fd); 216 } 217 else 218 { 219 if (LogLevel > logl) 220 sm_syslog(LOG_WARNING, NOQID, 221 "STARTTLS: Warning: safeopen(%s) failed", 222 randfile); 223 } 224 } 225 else if (randdef == RF_OK) 226 { 227 if (LogLevel > logl) 228 sm_syslog(LOG_WARNING, NOQID, 229 "STARTTLS: Error: no proper random file definition %s", 230 randfile); 231 randdef = RF_UNKNOWN; 232 } 233 if (randdef == RF_MISS) 234 { 235 if (LogLevel > logl) 236 sm_syslog(LOG_WARNING, NOQID, 237 "STARTTLS: Error: missing random file definition"); 238 } 239 if (!ok && bitnset(DBS_INSUFFICIENTENTROPY, DontBlameSendmail)) 240 { 241 int i; 242 long r; 243 unsigned char buf[MIN_RAND_BYTES]; 244 245 /* assert((MIN_RAND_BYTES % sizeof(long)) == 0); */ 246 for (i = 0; i <= sizeof(buf) - sizeof(long); i += sizeof(long)) 247 { 248 r = get_random(); 249 (void) memcpy(buf + i, (void *) &r, sizeof(long)); 250 } 251 RAND_seed(buf, sizeof buf); 252 if (LogLevel > logl) 253 sm_syslog(LOG_WARNING, NOQID, 254 "STARTTLS: Warning: random number generator not properly seeded"); 255 ok = true; 256 } 257 done = ok ? RI_SUCCESS : RI_FAIL; 258 return ok; 259 # else /* ! HASURANDOMDEV */ 260 return true; 261 # endif /* ! HASURANDOMDEV */ 262 } 263 /* 264 ** INIT_TLS_LIBRARY -- Calls functions which setup TLS library for global use. 265 ** 266 ** Parameters: 267 ** none. 268 ** 269 ** Returns: 270 ** succeeded? 271 */ 272 273 bool 274 init_tls_library() 275 { 276 /* basic TLS initialization, ignore result for now */ 277 SSL_library_init(); 278 SSL_load_error_strings(); 279 # if 0 280 /* this is currently a macro for SSL_library_init */ 281 SSLeay_add_ssl_algorithms(); 282 # endif /* 0 */ 283 284 return tls_rand_init(RandFile, 7); 285 } 286 /* 287 ** TLS_SET_VERIFY -- request client certificate? 288 ** 289 ** Parameters: 290 ** ctx -- TLS context 291 ** ssl -- TLS structure 292 ** vrfy -- require certificate? 293 ** 294 ** Returns: 295 ** none. 296 ** 297 ** Side Effects: 298 ** Sets verification state for TLS 299 ** 300 # if TLS_VRFY_PER_CTX 301 ** Notice: 302 ** This is per TLS context, not per TLS structure; 303 ** the former is global, the latter per connection. 304 ** It would be nice to do this per connection, but this 305 ** doesn't work in the current TLS libraries :-( 306 # endif * TLS_VRFY_PER_CTX * 307 */ 308 309 void 310 tls_set_verify(ctx, ssl, vrfy) 311 SSL_CTX *ctx; 312 SSL *ssl; 313 bool vrfy; 314 { 315 # if !TLS_VRFY_PER_CTX 316 SSL_set_verify(ssl, vrfy ? SSL_VERIFY_PEER : SSL_VERIFY_NONE, NULL); 317 # else /* !TLS_VRFY_PER_CTX */ 318 SSL_CTX_set_verify(ctx, vrfy ? SSL_VERIFY_PEER : SSL_VERIFY_NONE, 319 NULL); 320 # endif /* !TLS_VRFY_PER_CTX */ 321 } 322 323 /* 324 ** status in initialization 325 ** these flags keep track of the status of the initialization 326 ** i.e., whether a file exists (_EX) and whether it can be used (_OK) 327 ** [due to permissions] 328 */ 329 330 # define TLS_S_NONE 0x00000000 /* none yet */ 331 # define TLS_S_CERT_EX 0x00000001 /* cert file exists */ 332 # define TLS_S_CERT_OK 0x00000002 /* cert file is ok */ 333 # define TLS_S_KEY_EX 0x00000004 /* key file exists */ 334 # define TLS_S_KEY_OK 0x00000008 /* key file is ok */ 335 # define TLS_S_CERTP_EX 0x00000010 /* CA cert path exists */ 336 # define TLS_S_CERTP_OK 0x00000020 /* CA cert path is ok */ 337 # define TLS_S_CERTF_EX 0x00000040 /* CA cert file exists */ 338 # define TLS_S_CERTF_OK 0x00000080 /* CA cert file is ok */ 339 # define TLS_S_CRLF_EX 0x00000100 /* CRL file exists */ 340 # define TLS_S_CRLF_OK 0x00000200 /* CRL file is ok */ 341 342 # if _FFR_TLS_1 343 # define TLS_S_CERT2_EX 0x00001000 /* 2nd cert file exists */ 344 # define TLS_S_CERT2_OK 0x00002000 /* 2nd cert file is ok */ 345 # define TLS_S_KEY2_EX 0x00004000 /* 2nd key file exists */ 346 # define TLS_S_KEY2_OK 0x00008000 /* 2nd key file is ok */ 347 # endif /* _FFR_TLS_1 */ 348 349 # define TLS_S_DH_OK 0x00200000 /* DH cert is ok */ 350 # define TLS_S_DHPAR_EX 0x00400000 /* DH param file exists */ 351 # define TLS_S_DHPAR_OK 0x00800000 /* DH param file is ok to use */ 352 353 /* Type of variable */ 354 # define TLS_T_OTHER 0 355 # define TLS_T_SRV 1 356 # define TLS_T_CLT 2 357 358 /* 359 ** TLS_OK_F -- can var be an absolute filename? 360 ** 361 ** Parameters: 362 ** var -- filename 363 ** fn -- what is the filename used for? 364 ** type -- type of variable 365 ** 366 ** Returns: 367 ** ok? 368 */ 369 370 static bool 371 tls_ok_f(var, fn, type) 372 char *var; 373 char *fn; 374 int type; 375 { 376 /* must be absolute pathname */ 377 if (var != NULL && *var == '/') 378 return true; 379 if (LogLevel > 12) 380 sm_syslog(LOG_WARNING, NOQID, "STARTTLS: %s%s missing", 381 type == TLS_T_SRV ? "Server" : 382 (type == TLS_T_CLT ? "Client" : ""), fn); 383 return false; 384 } 385 /* 386 ** TLS_SAFE_F -- is a file safe to use? 387 ** 388 ** Parameters: 389 ** var -- filename 390 ** sff -- flags for safefile() 391 ** srv -- server side? 392 ** 393 ** Returns: 394 ** ok? 395 */ 396 397 static bool 398 tls_safe_f(var, sff, srv) 399 char *var; 400 long sff; 401 bool srv; 402 { 403 int ret; 404 405 if ((ret = safefile(var, RunAsUid, RunAsGid, RunAsUserName, sff, 406 S_IRUSR, NULL)) == 0) 407 return true; 408 if (LogLevel > 7) 409 sm_syslog(LOG_WARNING, NOQID, "STARTTLS=%s: file %s unsafe: %s", 410 srv ? "server" : "client", var, sm_errstring(ret)); 411 return false; 412 } 413 414 /* 415 ** TLS_OK_F -- macro to simplify calls to tls_ok_f 416 ** 417 ** Parameters: 418 ** var -- filename 419 ** fn -- what is the filename used for? 420 ** req -- is the file required? 421 ** st -- status bit to set if ok 422 ** type -- type of variable 423 ** 424 ** Side Effects: 425 ** uses r, ok; may change ok and status. 426 ** 427 */ 428 429 # define TLS_OK_F(var, fn, req, st, type) if (ok) \ 430 { \ 431 r = tls_ok_f(var, fn, type); \ 432 if (r) \ 433 status |= st; \ 434 else if (req) \ 435 ok = false; \ 436 } 437 438 /* 439 ** TLS_UNR -- macro to return whether a file should be unreadable 440 ** 441 ** Parameters: 442 ** bit -- flag to test 443 ** req -- flags 444 ** 445 ** Returns: 446 ** 0/SFF_NORFILES 447 */ 448 # define TLS_UNR(bit, req) (bitset(bit, req) ? SFF_NORFILES : 0) 449 # define TLS_OUNR(bit, req) (bitset(bit, req) ? SFF_NOWRFILES : 0) 450 # define TLS_KEYSFF(req) \ 451 (bitnset(DBS_GROUPREADABLEKEYFILE, DontBlameSendmail) ? \ 452 TLS_OUNR(TLS_I_KEY_OUNR, req) : \ 453 TLS_UNR(TLS_I_KEY_UNR, req)) 454 455 /* 456 ** TLS_SAFE_F -- macro to simplify calls to tls_safe_f 457 ** 458 ** Parameters: 459 ** var -- filename 460 ** sff -- flags for safefile() 461 ** req -- is the file required? 462 ** ex -- does the file exist? 463 ** st -- status bit to set if ok 464 ** srv -- server side? 465 ** 466 ** Side Effects: 467 ** uses r, ok, ex; may change ok and status. 468 ** 469 */ 470 471 # define TLS_SAFE_F(var, sff, req, ex, st, srv) if (ex && ok) \ 472 { \ 473 r = tls_safe_f(var, sff, srv); \ 474 if (r) \ 475 status |= st; \ 476 else if (req) \ 477 ok = false; \ 478 } 479 480 /* 481 ** INITTLS -- initialize TLS 482 ** 483 ** Parameters: 484 ** ctx -- pointer to context 485 ** req -- requirements for initialization (see sendmail.h) 486 ** srv -- server side? 487 ** certfile -- filename of certificate 488 ** keyfile -- filename of private key 489 ** cacertpath -- path to CAs 490 ** cacertfile -- file with CA(s) 491 ** dhparam -- parameters for DH 492 ** 493 ** Returns: 494 ** succeeded? 495 */ 496 497 bool 498 inittls(ctx, req, srv, certfile, keyfile, cacertpath, cacertfile, dhparam) 499 SSL_CTX **ctx; 500 unsigned long req; 501 bool srv; 502 char *certfile, *keyfile, *cacertpath, *cacertfile, *dhparam; 503 { 504 # if !NO_DH 505 static DH *dh = NULL; 506 # endif /* !NO_DH */ 507 int r; 508 bool ok; 509 long sff, status; 510 char *who; 511 # if _FFR_TLS_1 512 char *cf2, *kf2; 513 # endif /* _FFR_TLS_1 */ 514 # if SM_CONF_SHM 515 extern int ShmId; 516 # endif /* SM_CONF_SHM */ 517 # if OPENSSL_VERSION_NUMBER > 0x00907000L 518 BIO *crl_file; 519 X509_CRL *crl; 520 X509_STORE *store; 521 # endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */ 522 523 status = TLS_S_NONE; 524 who = srv ? "server" : "client"; 525 if (ctx == NULL) 526 syserr("STARTTLS=%s, inittls: ctx == NULL", who); 527 528 /* already initialized? (we could re-init...) */ 529 if (*ctx != NULL) 530 return true; 531 ok = true; 532 533 # if _FFR_TLS_1 534 /* 535 ** look for a second filename: it must be separated by a ',' 536 ** no blanks allowed (they won't be skipped). 537 ** we change a global variable here! this change will be undone 538 ** before return from the function but only if it returns true. 539 ** this isn't a problem since in a failure case this function 540 ** won't be called again with the same (overwritten) values. 541 ** otherwise each return must be replaced with a goto endinittls. 542 */ 543 544 cf2 = NULL; 545 kf2 = NULL; 546 if (certfile != NULL && (cf2 = strchr(certfile, ',')) != NULL) 547 { 548 *cf2++ = '\0'; 549 if (keyfile != NULL && (kf2 = strchr(keyfile, ',')) != NULL) 550 *kf2++ = '\0'; 551 } 552 # endif /* _FFR_TLS_1 */ 553 554 /* 555 ** Check whether files/paths are defined 556 */ 557 558 TLS_OK_F(certfile, "CertFile", bitset(TLS_I_CERT_EX, req), 559 TLS_S_CERT_EX, srv ? TLS_T_SRV : TLS_T_CLT); 560 TLS_OK_F(keyfile, "KeyFile", bitset(TLS_I_KEY_EX, req), 561 TLS_S_KEY_EX, srv ? TLS_T_SRV : TLS_T_CLT); 562 TLS_OK_F(cacertpath, "CACertPath", bitset(TLS_I_CERTP_EX, req), 563 TLS_S_CERTP_EX, TLS_T_OTHER); 564 TLS_OK_F(cacertfile, "CACertFile", bitset(TLS_I_CERTF_EX, req), 565 TLS_S_CERTF_EX, TLS_T_OTHER); 566 567 # if OPENSSL_VERSION_NUMBER > 0x00907000L 568 TLS_OK_F(CRLFile, "CRLFile", bitset(TLS_I_CRLF_EX, req), 569 TLS_S_CRLF_EX, TLS_T_OTHER); 570 # endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */ 571 572 # if _FFR_TLS_1 573 /* 574 ** if the second file is specified it must exist 575 ** XXX: it is possible here to define only one of those files 576 */ 577 578 if (cf2 != NULL) 579 { 580 TLS_OK_F(cf2, "CertFile", bitset(TLS_I_CERT_EX, req), 581 TLS_S_CERT2_EX, srv ? TLS_T_SRV : TLS_T_CLT); 582 } 583 if (kf2 != NULL) 584 { 585 TLS_OK_F(kf2, "KeyFile", bitset(TLS_I_KEY_EX, req), 586 TLS_S_KEY2_EX, srv ? TLS_T_SRV : TLS_T_CLT); 587 } 588 # endif /* _FFR_TLS_1 */ 589 590 /* 591 ** valid values for dhparam are (only the first char is checked) 592 ** none no parameters: don't use DH 593 ** 512 generate 512 bit parameters (fixed) 594 ** 1024 generate 1024 bit parameters 595 ** /file/name read parameters from /file/name 596 ** default is: 1024 for server, 512 for client (OK? XXX) 597 */ 598 599 if (bitset(TLS_I_TRY_DH, req)) 600 { 601 if (dhparam != NULL) 602 { 603 char c = *dhparam; 604 605 if (c == '1') 606 req |= TLS_I_DH1024; 607 else if (c == '5') 608 req |= TLS_I_DH512; 609 else if (c != 'n' && c != 'N' && c != '/') 610 { 611 if (LogLevel > 12) 612 sm_syslog(LOG_WARNING, NOQID, 613 "STARTTLS=%s, error: illegal value '%s' for DHParam", 614 who, dhparam); 615 dhparam = NULL; 616 } 617 } 618 if (dhparam == NULL) 619 dhparam = srv ? "1" : "5"; 620 else if (*dhparam == '/') 621 { 622 TLS_OK_F(dhparam, "DHParameters", 623 bitset(TLS_I_DHPAR_EX, req), 624 TLS_S_DHPAR_EX, TLS_T_OTHER); 625 } 626 } 627 if (!ok) 628 return ok; 629 630 /* certfile etc. must be "safe". */ 631 sff = SFF_REGONLY | SFF_SAFEDIRPATH | SFF_NOWLINK 632 | SFF_NOGWFILES | SFF_NOWWFILES 633 | SFF_MUSTOWN | SFF_ROOTOK | SFF_OPENASROOT; 634 if (DontLockReadFiles) 635 sff |= SFF_NOLOCK; 636 637 TLS_SAFE_F(certfile, sff | TLS_UNR(TLS_I_CERT_UNR, req), 638 bitset(TLS_I_CERT_EX, req), 639 bitset(TLS_S_CERT_EX, status), TLS_S_CERT_OK, srv); 640 TLS_SAFE_F(keyfile, sff | TLS_KEYSFF(req), 641 bitset(TLS_I_KEY_EX, req), 642 bitset(TLS_S_KEY_EX, status), TLS_S_KEY_OK, srv); 643 TLS_SAFE_F(cacertfile, sff | TLS_UNR(TLS_I_CERTF_UNR, req), 644 bitset(TLS_I_CERTF_EX, req), 645 bitset(TLS_S_CERTF_EX, status), TLS_S_CERTF_OK, srv); 646 TLS_SAFE_F(dhparam, sff | TLS_UNR(TLS_I_DHPAR_UNR, req), 647 bitset(TLS_I_DHPAR_EX, req), 648 bitset(TLS_S_DHPAR_EX, status), TLS_S_DHPAR_OK, srv); 649 # if OPENSSL_VERSION_NUMBER > 0x00907000L 650 TLS_SAFE_F(CRLFile, sff | TLS_UNR(TLS_I_CRLF_UNR, req), 651 bitset(TLS_I_CRLF_EX, req), 652 bitset(TLS_S_CRLF_EX, status), TLS_S_CRLF_OK, srv); 653 # endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */ 654 if (!ok) 655 return ok; 656 # if _FFR_TLS_1 657 if (cf2 != NULL) 658 { 659 TLS_SAFE_F(cf2, sff | TLS_UNR(TLS_I_CERT_UNR, req), 660 bitset(TLS_I_CERT_EX, req), 661 bitset(TLS_S_CERT2_EX, status), TLS_S_CERT2_OK, srv); 662 } 663 if (kf2 != NULL) 664 { 665 TLS_SAFE_F(kf2, sff | TLS_KEYSFF(req), 666 bitset(TLS_I_KEY_EX, req), 667 bitset(TLS_S_KEY2_EX, status), TLS_S_KEY2_OK, srv); 668 } 669 # endif /* _FFR_TLS_1 */ 670 671 /* create a method and a new context */ 672 if ((*ctx = SSL_CTX_new(srv ? SSLv23_server_method() : 673 SSLv23_client_method())) == NULL) 674 { 675 if (LogLevel > 7) 676 sm_syslog(LOG_WARNING, NOQID, 677 "STARTTLS=%s, error: SSL_CTX_new(SSLv23_%s_method()) failed", 678 who, who); 679 if (LogLevel > 9) 680 tlslogerr(who); 681 return false; 682 } 683 684 # if OPENSSL_VERSION_NUMBER > 0x00907000L 685 if (CRLFile != NULL) 686 { 687 /* get a pointer to the current certificate validation store */ 688 store = SSL_CTX_get_cert_store(*ctx); /* does not fail */ 689 crl_file = BIO_new(BIO_s_file_internal()); 690 if (crl_file != NULL) 691 { 692 if (BIO_read_filename(crl_file, CRLFile) >= 0) 693 { 694 crl = PEM_read_bio_X509_CRL(crl_file, NULL, 695 NULL, NULL); 696 BIO_free(crl_file); 697 X509_STORE_add_crl(store, crl); 698 X509_CRL_free(crl); 699 X509_STORE_set_flags(store, 700 X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL); 701 X509_STORE_set_verify_cb_func(store, 702 x509_verify_cb); 703 } 704 else 705 { 706 if (LogLevel > 9) 707 { 708 sm_syslog(LOG_WARNING, NOQID, 709 "STARTTLS=%s, error: PEM_read_bio_X509_CRL(%s)=failed", 710 who, CRLFile); 711 } 712 713 /* avoid memory leaks */ 714 BIO_free(crl_file); 715 return false; 716 } 717 718 } 719 else if (LogLevel > 9) 720 sm_syslog(LOG_WARNING, NOQID, 721 "STARTTLS=%s, error: BIO_new=failed", who); 722 } 723 # if _FFR_CRLPATH 724 if (CRLPath != NULL) 725 { 726 X509_LOOKUP *lookup; 727 728 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); 729 if (lookup == NULL) 730 { 731 if (LogLevel > 9) 732 { 733 sm_syslog(LOG_WARNING, NOQID, 734 "STARTTLS=%s, error: X509_STORE_add_lookup(hash)=failed", 735 who, CRLFile); 736 } 737 return false; 738 } 739 X509_LOOKUP_add_dir(lookup, CRLPath, X509_FILETYPE_PEM); 740 X509_STORE_set_flags(store, 741 X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL); 742 } 743 # endif /* _FFR_CRLPATH */ 744 # endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */ 745 746 # if TLS_NO_RSA 747 /* turn off backward compatibility, required for no-rsa */ 748 SSL_CTX_set_options(*ctx, SSL_OP_NO_SSLv2); 749 # endif /* TLS_NO_RSA */ 750 751 752 # if !TLS_NO_RSA 753 /* 754 ** Create a temporary RSA key 755 ** XXX Maybe we shouldn't create this always (even though it 756 ** is only at startup). 757 ** It is a time-consuming operation and it is not always necessary. 758 ** maybe we should do it only on demand... 759 */ 760 761 if (bitset(TLS_I_RSA_TMP, req) 762 # if SM_CONF_SHM 763 && ShmId != SM_SHM_NO_ID && 764 (rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, 765 NULL)) == NULL 766 # else /* SM_CONF_SHM */ 767 && 0 /* no shared memory: no need to generate key now */ 768 # endif /* SM_CONF_SHM */ 769 ) 770 { 771 if (LogLevel > 7) 772 { 773 sm_syslog(LOG_WARNING, NOQID, 774 "STARTTLS=%s, error: RSA_generate_key failed", 775 who); 776 if (LogLevel > 9) 777 tlslogerr(who); 778 } 779 return false; 780 } 781 # endif /* !TLS_NO_RSA */ 782 783 /* 784 ** load private key 785 ** XXX change this for DSA-only version 786 */ 787 788 if (bitset(TLS_S_KEY_OK, status) && 789 SSL_CTX_use_PrivateKey_file(*ctx, keyfile, 790 SSL_FILETYPE_PEM) <= 0) 791 { 792 if (LogLevel > 7) 793 { 794 sm_syslog(LOG_WARNING, NOQID, 795 "STARTTLS=%s, error: SSL_CTX_use_PrivateKey_file(%s) failed", 796 who, keyfile); 797 if (LogLevel > 9) 798 tlslogerr(who); 799 } 800 if (bitset(TLS_I_USE_KEY, req)) 801 return false; 802 } 803 804 /* get the certificate file */ 805 if (bitset(TLS_S_CERT_OK, status) && 806 SSL_CTX_use_certificate_file(*ctx, certfile, 807 SSL_FILETYPE_PEM) <= 0) 808 { 809 if (LogLevel > 7) 810 { 811 sm_syslog(LOG_WARNING, NOQID, 812 "STARTTLS=%s, error: SSL_CTX_use_certificate_file(%s) failed", 813 who, certfile); 814 if (LogLevel > 9) 815 tlslogerr(who); 816 } 817 if (bitset(TLS_I_USE_CERT, req)) 818 return false; 819 } 820 821 /* check the private key */ 822 if (bitset(TLS_S_KEY_OK, status) && 823 (r = SSL_CTX_check_private_key(*ctx)) <= 0) 824 { 825 /* Private key does not match the certificate public key */ 826 if (LogLevel > 5) 827 { 828 sm_syslog(LOG_WARNING, NOQID, 829 "STARTTLS=%s, error: SSL_CTX_check_private_key failed(%s): %d", 830 who, keyfile, r); 831 if (LogLevel > 9) 832 tlslogerr(who); 833 } 834 if (bitset(TLS_I_USE_KEY, req)) 835 return false; 836 } 837 838 # if _FFR_TLS_1 839 /* XXX this code is pretty much duplicated from above! */ 840 841 /* load private key */ 842 if (bitset(TLS_S_KEY2_OK, status) && 843 SSL_CTX_use_PrivateKey_file(*ctx, kf2, SSL_FILETYPE_PEM) <= 0) 844 { 845 if (LogLevel > 7) 846 { 847 sm_syslog(LOG_WARNING, NOQID, 848 "STARTTLS=%s, error: SSL_CTX_use_PrivateKey_file(%s) failed", 849 who, kf2); 850 if (LogLevel > 9) 851 tlslogerr(who); 852 } 853 } 854 855 /* get the certificate file */ 856 if (bitset(TLS_S_CERT2_OK, status) && 857 SSL_CTX_use_certificate_file(*ctx, cf2, SSL_FILETYPE_PEM) <= 0) 858 { 859 if (LogLevel > 7) 860 { 861 sm_syslog(LOG_WARNING, NOQID, 862 "STARTTLS=%s, error: SSL_CTX_use_certificate_file(%s) failed", 863 who, cf2); 864 if (LogLevel > 9) 865 tlslogerr(who); 866 } 867 } 868 869 /* also check the private key */ 870 if (bitset(TLS_S_KEY2_OK, status) && 871 (r = SSL_CTX_check_private_key(*ctx)) <= 0) 872 { 873 /* Private key does not match the certificate public key */ 874 if (LogLevel > 5) 875 { 876 sm_syslog(LOG_WARNING, NOQID, 877 "STARTTLS=%s, error: SSL_CTX_check_private_key 2 failed: %d", 878 who, r); 879 if (LogLevel > 9) 880 tlslogerr(who); 881 } 882 } 883 # endif /* _FFR_TLS_1 */ 884 885 /* SSL_CTX_set_quiet_shutdown(*ctx, 1); violation of standard? */ 886 SSL_CTX_set_options(*ctx, SSL_OP_ALL); /* XXX bug compatibility? */ 887 888 # if !NO_DH 889 /* Diffie-Hellman initialization */ 890 if (bitset(TLS_I_TRY_DH, req)) 891 { 892 if (bitset(TLS_S_DHPAR_OK, status)) 893 { 894 BIO *bio; 895 896 if ((bio = BIO_new_file(dhparam, "r")) != NULL) 897 { 898 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); 899 BIO_free(bio); 900 if (dh == NULL && LogLevel > 7) 901 { 902 unsigned long err; 903 904 err = ERR_get_error(); 905 sm_syslog(LOG_WARNING, NOQID, 906 "STARTTLS=%s, error: cannot read DH parameters(%s): %s", 907 who, dhparam, 908 ERR_error_string(err, NULL)); 909 if (LogLevel > 9) 910 tlslogerr(who); 911 } 912 } 913 else 914 { 915 if (LogLevel > 5) 916 { 917 sm_syslog(LOG_WARNING, NOQID, 918 "STARTTLS=%s, error: BIO_new_file(%s) failed", 919 who, dhparam); 920 if (LogLevel > 9) 921 tlslogerr(who); 922 } 923 } 924 } 925 if (dh == NULL && bitset(TLS_I_DH1024, req)) 926 { 927 DSA *dsa; 928 929 /* this takes a while! (7-130s on a 450MHz AMD K6-2) */ 930 dsa = DSA_generate_parameters(1024, NULL, 0, NULL, 931 NULL, 0, NULL); 932 dh = DSA_dup_DH(dsa); 933 DSA_free(dsa); 934 } 935 else 936 if (dh == NULL && bitset(TLS_I_DH512, req)) 937 dh = get_dh512(); 938 939 if (dh == NULL) 940 { 941 if (LogLevel > 9) 942 { 943 unsigned long err; 944 945 err = ERR_get_error(); 946 sm_syslog(LOG_WARNING, NOQID, 947 "STARTTLS=%s, error: cannot read or set DH parameters(%s): %s", 948 who, dhparam, 949 ERR_error_string(err, NULL)); 950 } 951 if (bitset(TLS_I_REQ_DH, req)) 952 return false; 953 } 954 else 955 { 956 SSL_CTX_set_tmp_dh(*ctx, dh); 957 958 /* important to avoid small subgroup attacks */ 959 SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_DH_USE); 960 if (LogLevel > 13) 961 sm_syslog(LOG_INFO, NOQID, 962 "STARTTLS=%s, Diffie-Hellman init, key=%d bit (%c)", 963 who, 8 * DH_size(dh), *dhparam); 964 DH_free(dh); 965 } 966 } 967 # endif /* !NO_DH */ 968 969 970 /* XXX do we need this cache here? */ 971 if (bitset(TLS_I_CACHE, req)) 972 SSL_CTX_sess_set_cache_size(*ctx, 128); 973 /* timeout? SSL_CTX_set_timeout(*ctx, TimeOut...); */ 974 975 /* load certificate locations and default CA paths */ 976 if (bitset(TLS_S_CERTP_EX, status) && bitset(TLS_S_CERTF_EX, status)) 977 { 978 if ((r = SSL_CTX_load_verify_locations(*ctx, cacertfile, 979 cacertpath)) == 1) 980 { 981 # if !TLS_NO_RSA 982 if (bitset(TLS_I_RSA_TMP, req)) 983 SSL_CTX_set_tmp_rsa_callback(*ctx, tmp_rsa_key); 984 # endif /* !TLS_NO_RSA */ 985 986 /* 987 ** We have to install our own verify callback: 988 ** SSL_VERIFY_PEER requests a client cert but even 989 ** though *FAIL_IF* isn't set, the connection 990 ** will be aborted if the client presents a cert 991 ** that is not "liked" (can't be verified?) by 992 ** the TLS library :-( 993 */ 994 995 /* 996 ** XXX currently we could call tls_set_verify() 997 ** but we hope that that function will later on 998 ** only set the mode per connection. 999 */ 1000 SSL_CTX_set_verify(*ctx, 1001 bitset(TLS_I_NO_VRFY, req) ? SSL_VERIFY_NONE 1002 : SSL_VERIFY_PEER, 1003 NULL); 1004 1005 /* install verify callback */ 1006 SSL_CTX_set_cert_verify_callback(*ctx, tls_verify_cb, 1007 NULL); 1008 SSL_CTX_set_client_CA_list(*ctx, 1009 SSL_load_client_CA_file(cacertfile)); 1010 } 1011 else 1012 { 1013 /* 1014 ** can't load CA data; do we care? 1015 ** the data is necessary to authenticate the client, 1016 ** which in turn would be necessary 1017 ** if we want to allow relaying based on it. 1018 */ 1019 if (LogLevel > 5) 1020 { 1021 sm_syslog(LOG_WARNING, NOQID, 1022 "STARTTLS=%s, error: load verify locs %s, %s failed: %d", 1023 who, cacertpath, cacertfile, r); 1024 if (LogLevel > 9) 1025 tlslogerr(who); 1026 } 1027 if (bitset(TLS_I_VRFY_LOC, req)) 1028 return false; 1029 } 1030 } 1031 1032 /* XXX: make this dependent on an option? */ 1033 if (tTd(96, 9)) 1034 SSL_CTX_set_info_callback(*ctx, apps_ssl_info_cb); 1035 1036 # if _FFR_TLS_1 1037 /* install our own cipher list */ 1038 if (CipherList != NULL && *CipherList != '\0') 1039 { 1040 if (SSL_CTX_set_cipher_list(*ctx, CipherList) <= 0) 1041 { 1042 if (LogLevel > 7) 1043 { 1044 sm_syslog(LOG_WARNING, NOQID, 1045 "STARTTLS=%s, error: SSL_CTX_set_cipher_list(%s) failed, list ignored", 1046 who, CipherList); 1047 1048 if (LogLevel > 9) 1049 tlslogerr(who); 1050 } 1051 /* failure if setting to this list is required? */ 1052 } 1053 } 1054 # endif /* _FFR_TLS_1 */ 1055 if (LogLevel > 12) 1056 sm_syslog(LOG_INFO, NOQID, "STARTTLS=%s, init=%d", who, ok); 1057 1058 # if _FFR_TLS_1 1059 # if 0 1060 /* 1061 ** this label is required if we want to have a "clean" exit 1062 ** see the comments above at the initialization of cf2 1063 */ 1064 1065 endinittls: 1066 # endif /* 0 */ 1067 1068 /* undo damage to global variables */ 1069 if (cf2 != NULL) 1070 *--cf2 = ','; 1071 if (kf2 != NULL) 1072 *--kf2 = ','; 1073 # endif /* _FFR_TLS_1 */ 1074 1075 return ok; 1076 } 1077 /* 1078 ** TLS_GET_INFO -- get information about TLS connection 1079 ** 1080 ** Parameters: 1081 ** ssl -- TLS connection structure 1082 ** srv -- server or client 1083 ** host -- hostname of other side 1084 ** mac -- macro storage 1085 ** certreq -- did we ask for a cert? 1086 ** 1087 ** Returns: 1088 ** result of authentication. 1089 ** 1090 ** Side Effects: 1091 ** sets macros: {cipher}, {tls_version}, {verify}, 1092 ** {cipher_bits}, {alg_bits}, {cert}, {cert_subject}, 1093 ** {cert_issuer}, {cn_subject}, {cn_issuer} 1094 */ 1095 1096 int 1097 tls_get_info(ssl, srv, host, mac, certreq) 1098 SSL *ssl; 1099 bool srv; 1100 char *host; 1101 MACROS_T *mac; 1102 bool certreq; 1103 { 1104 SSL_CIPHER *c; 1105 int b, r; 1106 long verifyok; 1107 char *s, *who; 1108 char bitstr[16]; 1109 X509 *cert; 1110 1111 c = SSL_get_current_cipher(ssl); 1112 1113 /* cast is just workaround for compiler warning */ 1114 macdefine(mac, A_TEMP, macid("{cipher}"), 1115 (char *) SSL_CIPHER_get_name(c)); 1116 b = SSL_CIPHER_get_bits(c, &r); 1117 (void) sm_snprintf(bitstr, sizeof bitstr, "%d", b); 1118 macdefine(mac, A_TEMP, macid("{cipher_bits}"), bitstr); 1119 (void) sm_snprintf(bitstr, sizeof bitstr, "%d", r); 1120 macdefine(mac, A_TEMP, macid("{alg_bits}"), bitstr); 1121 s = SSL_CIPHER_get_version(c); 1122 if (s == NULL) 1123 s = "UNKNOWN"; 1124 macdefine(mac, A_TEMP, macid("{tls_version}"), s); 1125 1126 who = srv ? "server" : "client"; 1127 cert = SSL_get_peer_certificate(ssl); 1128 verifyok = SSL_get_verify_result(ssl); 1129 if (LogLevel > 14) 1130 sm_syslog(LOG_INFO, NOQID, 1131 "STARTTLS=%s, get_verify: %ld get_peer: 0x%lx", 1132 who, verifyok, (unsigned long) cert); 1133 if (cert != NULL) 1134 { 1135 unsigned int n; 1136 unsigned char md[EVP_MAX_MD_SIZE]; 1137 char buf[MAXNAME]; 1138 1139 X509_NAME_oneline(X509_get_subject_name(cert), 1140 buf, sizeof buf); 1141 macdefine(mac, A_TEMP, macid("{cert_subject}"), 1142 xtextify(buf, "<>\")")); 1143 X509_NAME_oneline(X509_get_issuer_name(cert), 1144 buf, sizeof buf); 1145 macdefine(mac, A_TEMP, macid("{cert_issuer}"), 1146 xtextify(buf, "<>\")")); 1147 X509_NAME_get_text_by_NID(X509_get_subject_name(cert), 1148 NID_commonName, buf, sizeof buf); 1149 macdefine(mac, A_TEMP, macid("{cn_subject}"), 1150 xtextify(buf, "<>\")")); 1151 X509_NAME_get_text_by_NID(X509_get_issuer_name(cert), 1152 NID_commonName, buf, sizeof buf); 1153 macdefine(mac, A_TEMP, macid("{cn_issuer}"), 1154 xtextify(buf, "<>\")")); 1155 if (X509_digest(cert, EVP_md5(), md, &n)) 1156 { 1157 char md5h[EVP_MAX_MD_SIZE * 3]; 1158 static const char hexcodes[] = "0123456789ABCDEF"; 1159 1160 SM_ASSERT((n * 3) + 2 < sizeof(md5h)); 1161 for (r = 0; r < (int) n; r++) 1162 { 1163 md5h[r * 3] = hexcodes[(md[r] & 0xf0) >> 4]; 1164 md5h[(r * 3) + 1] = hexcodes[(md[r] & 0x0f)]; 1165 md5h[(r * 3) + 2] = ':'; 1166 } 1167 md5h[(n * 3) - 1] = '\0'; 1168 macdefine(mac, A_TEMP, macid("{cert_md5}"), md5h); 1169 } 1170 else 1171 macdefine(mac, A_TEMP, macid("{cert_md5}"), ""); 1172 } 1173 else 1174 { 1175 macdefine(mac, A_PERM, macid("{cert_subject}"), ""); 1176 macdefine(mac, A_PERM, macid("{cert_issuer}"), ""); 1177 macdefine(mac, A_PERM, macid("{cn_subject}"), ""); 1178 macdefine(mac, A_PERM, macid("{cn_issuer}"), ""); 1179 macdefine(mac, A_TEMP, macid("{cert_md5}"), ""); 1180 } 1181 switch (verifyok) 1182 { 1183 case X509_V_OK: 1184 if (cert != NULL) 1185 { 1186 s = "OK"; 1187 r = TLS_AUTH_OK; 1188 } 1189 else 1190 { 1191 s = certreq ? "NO" : "NOT", 1192 r = TLS_AUTH_NO; 1193 } 1194 break; 1195 default: 1196 s = "FAIL"; 1197 r = TLS_AUTH_FAIL; 1198 break; 1199 } 1200 macdefine(mac, A_PERM, macid("{verify}"), s); 1201 if (cert != NULL) 1202 X509_free(cert); 1203 1204 /* do some logging */ 1205 if (LogLevel > 8) 1206 { 1207 char *vers, *s1, *s2, *cbits, *algbits; 1208 1209 vers = macget(mac, macid("{tls_version}")); 1210 cbits = macget(mac, macid("{cipher_bits}")); 1211 algbits = macget(mac, macid("{alg_bits}")); 1212 s1 = macget(mac, macid("{verify}")); 1213 s2 = macget(mac, macid("{cipher}")); 1214 1215 /* XXX: maybe cut off ident info? */ 1216 sm_syslog(LOG_INFO, NOQID, 1217 "STARTTLS=%s, relay=%.100s, version=%.16s, verify=%.16s, cipher=%.64s, bits=%.6s/%.6s", 1218 who, 1219 host == NULL ? "local" : host, 1220 vers, s1, s2, /* sm_snprintf() can deal with NULL */ 1221 algbits == NULL ? "0" : algbits, 1222 cbits == NULL ? "0" : cbits); 1223 if (LogLevel > 11) 1224 { 1225 /* 1226 ** Maybe run xuntextify on the strings? 1227 ** That is easier to read but makes it maybe a bit 1228 ** more complicated to figure out the right values 1229 ** for the access map... 1230 */ 1231 1232 s1 = macget(mac, macid("{cert_subject}")); 1233 s2 = macget(mac, macid("{cert_issuer}")); 1234 sm_syslog(LOG_INFO, NOQID, 1235 "STARTTLS=%s, cert-subject=%.256s, cert-issuer=%.256s, verifymsg=%s", 1236 who, s1, s2, 1237 X509_verify_cert_error_string(verifyok)); 1238 } 1239 } 1240 return r; 1241 } 1242 /* 1243 ** ENDTLS -- shutdown secure connection 1244 ** 1245 ** Parameters: 1246 ** ssl -- SSL connection information. 1247 ** side -- server/client (for logging). 1248 ** 1249 ** Returns: 1250 ** success? (EX_* code) 1251 */ 1252 1253 int 1254 endtls(ssl, side) 1255 SSL *ssl; 1256 char *side; 1257 { 1258 int ret = EX_OK; 1259 1260 if (ssl != NULL) 1261 { 1262 int r; 1263 1264 if ((r = SSL_shutdown(ssl)) < 0) 1265 { 1266 if (LogLevel > 11) 1267 { 1268 sm_syslog(LOG_WARNING, NOQID, 1269 "STARTTLS=%s, SSL_shutdown failed: %d", 1270 side, r); 1271 tlslogerr(side); 1272 } 1273 ret = EX_SOFTWARE; 1274 } 1275 # if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER > 0x0090602fL 1276 1277 /* 1278 ** Bug in OpenSSL (at least up to 0.9.6b): 1279 ** From: Lutz.Jaenicke@aet.TU-Cottbus.DE 1280 ** Message-ID: <20010723152244.A13122@serv01.aet.tu-cottbus.de> 1281 ** To: openssl-users@openssl.org 1282 ** Subject: Re: SSL_shutdown() woes (fwd) 1283 ** 1284 ** The side sending the shutdown alert first will 1285 ** not care about the answer of the peer but will 1286 ** immediately return with a return value of "0" 1287 ** (ssl/s3_lib.c:ssl3_shutdown()). SSL_get_error will evaluate 1288 ** the value of "0" and as the shutdown alert of the peer was 1289 ** not received (actually, the program did not even wait for 1290 ** the answer), an SSL_ERROR_SYSCALL is flagged, because this 1291 ** is the default rule in case everything else does not apply. 1292 ** 1293 ** For your server the problem is different, because it 1294 ** receives the shutdown first (setting SSL_RECEIVED_SHUTDOWN), 1295 ** then sends its response (SSL_SENT_SHUTDOWN), so for the 1296 ** server the shutdown was successfull. 1297 ** 1298 ** As is by know, you would have to call SSL_shutdown() once 1299 ** and ignore an SSL_ERROR_SYSCALL returned. Then call 1300 ** SSL_shutdown() again to actually get the server's response. 1301 ** 1302 ** In the last discussion, Bodo Moeller concluded that a 1303 ** rewrite of the shutdown code would be necessary, but 1304 ** probably with another API, as the change would not be 1305 ** compatible to the way it is now. Things do not become 1306 ** easier as other programs do not follow the shutdown 1307 ** guidelines anyway, so that a lot error conditions and 1308 ** compitibility issues would have to be caught. 1309 ** 1310 ** For now the recommondation is to ignore the error message. 1311 */ 1312 1313 else if (r == 0) 1314 { 1315 if (LogLevel > 15) 1316 { 1317 sm_syslog(LOG_WARNING, NOQID, 1318 "STARTTLS=%s, SSL_shutdown not done", 1319 side); 1320 tlslogerr(side); 1321 } 1322 ret = EX_SOFTWARE; 1323 } 1324 # endif /* !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER > 0x0090602fL */ 1325 SSL_free(ssl); 1326 ssl = NULL; 1327 } 1328 return ret; 1329 } 1330 1331 # if !TLS_NO_RSA 1332 /* 1333 ** TMP_RSA_KEY -- return temporary RSA key 1334 ** 1335 ** Parameters: 1336 ** s -- TLS connection structure 1337 ** export -- 1338 ** keylength -- 1339 ** 1340 ** Returns: 1341 ** temporary RSA key. 1342 */ 1343 1344 # ifndef MAX_RSA_TMP_CNT 1345 # define MAX_RSA_TMP_CNT 1000 /* XXX better value? */ 1346 # endif /* ! MAX_RSA_TMP_CNT */ 1347 1348 /* ARGUSED0 */ 1349 static RSA * 1350 tmp_rsa_key(s, export, keylength) 1351 SSL *s; 1352 int export; 1353 int keylength; 1354 { 1355 # if SM_CONF_SHM 1356 extern int ShmId; 1357 extern int *PRSATmpCnt; 1358 1359 if (ShmId != SM_SHM_NO_ID && rsa_tmp != NULL && 1360 ++(*PRSATmpCnt) < MAX_RSA_TMP_CNT) 1361 return rsa_tmp; 1362 # endif /* SM_CONF_SHM */ 1363 1364 if (rsa_tmp != NULL) 1365 RSA_free(rsa_tmp); 1366 rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, NULL); 1367 if (rsa_tmp == NULL) 1368 { 1369 if (LogLevel > 0) 1370 sm_syslog(LOG_ERR, NOQID, 1371 "STARTTLS=server, tmp_rsa_key: RSA_generate_key failed!"); 1372 } 1373 else 1374 { 1375 # if SM_CONF_SHM 1376 # if 0 1377 /* 1378 ** XXX we can't (yet) share the new key... 1379 ** The RSA structure contains pointers hence it can't be 1380 ** easily kept in shared memory. It must be transformed 1381 ** into a continous memory region first, then stored, 1382 ** and later read out again (each time re-transformed). 1383 */ 1384 1385 if (ShmId != SM_SHM_NO_ID) 1386 *PRSATmpCnt = 0; 1387 # endif /* 0 */ 1388 # endif /* SM_CONF_SHM */ 1389 if (LogLevel > 9) 1390 sm_syslog(LOG_ERR, NOQID, 1391 "STARTTLS=server, tmp_rsa_key: new temp RSA key"); 1392 } 1393 return rsa_tmp; 1394 } 1395 # endif /* !TLS_NO_RSA */ 1396 /* 1397 ** APPS_SSL_INFO_CB -- info callback for TLS connections 1398 ** 1399 ** Parameters: 1400 ** s -- TLS connection structure 1401 ** where -- state in handshake 1402 ** ret -- return code of last operation 1403 ** 1404 ** Returns: 1405 ** none. 1406 */ 1407 1408 static void 1409 apps_ssl_info_cb(s, where, ret) 1410 CONST097 SSL *s; 1411 int where; 1412 int ret; 1413 { 1414 int w; 1415 char *str; 1416 BIO *bio_err = NULL; 1417 1418 if (LogLevel > 14) 1419 sm_syslog(LOG_INFO, NOQID, 1420 "STARTTLS: info_callback where=0x%x, ret=%d", 1421 where, ret); 1422 1423 w = where & ~SSL_ST_MASK; 1424 if (bio_err == NULL) 1425 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); 1426 1427 if (bitset(SSL_ST_CONNECT, w)) 1428 str = "SSL_connect"; 1429 else if (bitset(SSL_ST_ACCEPT, w)) 1430 str = "SSL_accept"; 1431 else 1432 str = "undefined"; 1433 1434 if (bitset(SSL_CB_LOOP, where)) 1435 { 1436 if (LogLevel > 12) 1437 sm_syslog(LOG_NOTICE, NOQID, 1438 "STARTTLS: %s:%s", 1439 str, SSL_state_string_long(s)); 1440 } 1441 else if (bitset(SSL_CB_ALERT, where)) 1442 { 1443 str = bitset(SSL_CB_READ, where) ? "read" : "write"; 1444 if (LogLevel > 12) 1445 sm_syslog(LOG_NOTICE, NOQID, 1446 "STARTTLS: SSL3 alert %s:%s:%s", 1447 str, SSL_alert_type_string_long(ret), 1448 SSL_alert_desc_string_long(ret)); 1449 } 1450 else if (bitset(SSL_CB_EXIT, where)) 1451 { 1452 if (ret == 0) 1453 { 1454 if (LogLevel > 7) 1455 sm_syslog(LOG_WARNING, NOQID, 1456 "STARTTLS: %s:failed in %s", 1457 str, SSL_state_string_long(s)); 1458 } 1459 else if (ret < 0) 1460 { 1461 if (LogLevel > 7) 1462 sm_syslog(LOG_WARNING, NOQID, 1463 "STARTTLS: %s:error in %s", 1464 str, SSL_state_string_long(s)); 1465 } 1466 } 1467 } 1468 /* 1469 ** TLS_VERIFY_LOG -- log verify error for TLS certificates 1470 ** 1471 ** Parameters: 1472 ** ok -- verify ok? 1473 ** ctx -- x509 context 1474 ** 1475 ** Returns: 1476 ** 0 -- fatal error 1477 ** 1 -- ok 1478 */ 1479 1480 static int 1481 tls_verify_log(ok, ctx, name) 1482 int ok; 1483 X509_STORE_CTX *ctx; 1484 char *name; 1485 { 1486 SSL *ssl; 1487 X509 *cert; 1488 int reason, depth; 1489 char buf[512]; 1490 1491 cert = X509_STORE_CTX_get_current_cert(ctx); 1492 reason = X509_STORE_CTX_get_error(ctx); 1493 depth = X509_STORE_CTX_get_error_depth(ctx); 1494 ssl = (SSL *) X509_STORE_CTX_get_ex_data(ctx, 1495 SSL_get_ex_data_X509_STORE_CTX_idx()); 1496 1497 if (ssl == NULL) 1498 { 1499 /* internal error */ 1500 sm_syslog(LOG_ERR, NOQID, 1501 "STARTTLS: internal error: tls_verify_cb: ssl == NULL"); 1502 return 0; 1503 } 1504 1505 X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof buf); 1506 sm_syslog(LOG_INFO, NOQID, 1507 "STARTTLS: %s cert verify: depth=%d %s, state=%d, reason=%s", 1508 name, depth, buf, ok, X509_verify_cert_error_string(reason)); 1509 return 1; 1510 } 1511 1512 /* 1513 ** TLS_VERIFY_CB -- verify callback for TLS certificates 1514 ** 1515 ** Parameters: 1516 ** ctx -- x509 context 1517 ** 1518 ** Returns: 1519 ** accept connection? 1520 ** currently: always yes. 1521 */ 1522 1523 static int 1524 # if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x00907000L 1525 tls_verify_cb(ctx) 1526 X509_STORE_CTX *ctx; 1527 # else /* !defined() || OPENSSL_VERSION_NUMBER < 0x00907000L */ 1528 tls_verify_cb(ctx, unused) 1529 X509_STORE_CTX *ctx; 1530 void *unused; 1531 # endif /* !defined() || OPENSSL_VERSION_NUMBER < 0x00907000L */ 1532 { 1533 int ok; 1534 1535 ok = X509_verify_cert(ctx); 1536 if (ok == 0) 1537 { 1538 if (LogLevel > 13) 1539 return tls_verify_log(ok, ctx, "TLS"); 1540 return 1; /* override it */ 1541 } 1542 return ok; 1543 } 1544 /* 1545 ** TLSLOGERR -- log the errors from the TLS error stack 1546 ** 1547 ** Parameters: 1548 ** who -- server/client (for logging). 1549 ** 1550 ** Returns: 1551 ** none. 1552 */ 1553 1554 void 1555 tlslogerr(who) 1556 char *who; 1557 { 1558 unsigned long l; 1559 int line, flags; 1560 unsigned long es; 1561 char *file, *data; 1562 char buf[256]; 1563 # define CP (const char **) 1564 1565 es = CRYPTO_thread_id(); 1566 while ((l = ERR_get_error_line_data(CP &file, &line, CP &data, &flags)) 1567 != 0) 1568 { 1569 sm_syslog(LOG_WARNING, NOQID, 1570 "STARTTLS=%s: %lu:%s:%s:%d:%s", who, es, 1571 ERR_error_string(l, buf), 1572 file, line, 1573 bitset(ERR_TXT_STRING, flags) ? data : ""); 1574 } 1575 } 1576 1577 # if OPENSSL_VERSION_NUMBER > 0x00907000L 1578 /* 1579 ** X509_VERIFY_CB -- verify callback 1580 ** 1581 ** Parameters: 1582 ** ctx -- x509 context 1583 ** 1584 ** Returns: 1585 ** accept connection? 1586 ** currently: always yes. 1587 */ 1588 1589 static int 1590 x509_verify_cb(ok, ctx) 1591 int ok; 1592 X509_STORE_CTX *ctx; 1593 { 1594 if (ok == 0) 1595 { 1596 if (LogLevel > 13) 1597 tls_verify_log(ok, ctx, "x509"); 1598 if (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL) 1599 { 1600 ctx->error = 0; 1601 return 1; /* override it */ 1602 } 1603 } 1604 return ok; 1605 } 1606 # endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */ 1607 #endif /* STARTTLS */ 1608