1 /* tlsComm.c - primitive routines to aid TLS communication
2 within wmbiff, without rewriting each mailbox access
3 scheme. These functions hide whether the underlying
4 transport is encrypted.
6 Neil Spring (nspring@cs.washington.edu) */
8 /* TODO: handle "* BYE" internally? */
15 #include <sys/types.h>
22 #ifdef HAVE_GNUTLS_GNUTLS_H
24 #include <gnutls/gnutls.h>
25 #include <gnutls/x509.h>
34 #include "Client.h" /* debugging messages */
36 /* if non-null, set to a file for certificate verification */
37 extern const char *certificate_filename
;
38 /* if set, don't fail when dealing with a bad certificate.
39 (continue to whine, though, as bad certs should be fixed) */
40 extern int SkipCertificateCheck
;
41 /* gnutls: specify the priorities to use on the ciphers, key exchange methods,
42 macs and compression methods. */
43 extern const char *tls
;
45 /* WARNING: implcitly uses scs to gain access to the mailbox
46 that holds the per-mailbox debug flag. */
47 #define TDM(lvl, args...) DM(scs->pc, lvl, "comm: " args)
49 /* how long to wait for the server to do its thing
50 when we issue it a command (in seconds) */
51 #define EXPECT_TIMEOUT 40
53 /* this is the per-connection state that is maintained for
54 each connection; BIG variables are for ssl (null if not
57 struct connection_state
{
61 gnutls_session_t tls_state
;
62 gnutls_certificate_credentials_t xcred
;
64 /*@null@ */ void *tls_state
;
65 /*@null@ */ void *xcred
;
67 char unprocessed
[BUF_SIZE
];
68 Pop3 pc
; /* mailbox handle for debugging messages */
71 /* gotta do our own line buffering, sigh */
72 int getline_from_buffer(char *readbuffer
, char *linebuffer
,
74 void handle_gnutls_read_error(int readbytes
, struct connection_state
*scs
);
76 void tlscomm_close(struct connection_state
*scs
)
78 TDM(DEBUG_INFO
, "%s: closing.\n",
79 (scs
->name
!= NULL
) ? scs
->name
: "null");
81 /* not ok to call this more than once */
84 /* this next line seems capable of hanging... */
85 /* gnutls_bye(scs->tls_state, GNUTLS_SHUT_RDWR); */
86 /* so we'll try just _bye'ing the WR direction, which
87 should send the alert but not wait for a response. */
88 gnutls_bye(scs
->tls_state
, GNUTLS_SHUT_WR
);
89 gnutls_certificate_free_credentials(scs
->xcred
);
90 gnutls_deinit(scs
->tls_state
);
94 (void) close(scs
->sd
);
97 scs
->tls_state
= NULL
;
104 extern int x_socket(void);
105 extern void ProcessPendingEvents(void);
107 /* this avoids blocking without using non-blocking i/o */
108 static int wait_for_it(int sd
, int timeoutseconds
)
112 int ready_descriptors
;
115 struct timeval time_now
;
116 struct timeval time_out
;
118 gettimeofday(&time_now
, NULL
);
119 memcpy(&time_out
, &time_now
, sizeof(struct timeval
));
120 time_out
.tv_sec
+= timeoutseconds
;
123 maxfd
= max(sd
, xfd
);
127 ProcessPendingEvents();
129 gettimeofday(&time_now
, NULL
);
130 tv
.tv_sec
= max(time_out
.tv_sec
- time_now
.tv_sec
+ 1, (time_t) 0); /* sloppy, but bfd */
132 /* select will return if we have X stuff or we have comm stuff on sd */
134 FD_SET(sd
, &readfds
);
135 // FD_SET(xfd, &readfds);
136 ready_descriptors
= select(maxfd
+ 1, &readfds
, NULL
, NULL
, &tv
);
138 // "select %d/%d returned %d descriptor, %d\n",
139 // sd, timeoutseconds, ready_descriptors, FD_ISSET(sd, &readfds));
141 } while(tv
.tv_sec
> 0 && (!FD_ISSET(sd
, &readfds
) || (errno
== EINTR
&& ready_descriptors
== -1)));
144 FD_SET(sd
, &readfds
);
145 tv
.tv_sec
= 0; tv
.tv_usec
= 0;
146 ready_descriptors
= select(sd
+ 1, &readfds
, NULL
, NULL
, &tv
);
148 while (ready_descriptors
== -1 && errno
== EINTR
);
149 if (ready_descriptors
== 0) {
151 "select timed out after %d seconds on socket: %d\n",
154 } else if (ready_descriptors
== -1) {
156 "select failed on socket %d: %s\n", sd
, strerror(errno
));
159 return (FD_ISSET(sd
, &readfds
));
162 /* exported for testing */
164 getline_from_buffer(char *readbuffer
, char *linebuffer
, int linebuflen
)
168 /* find end of line (stopping if linebuflen is too small. */
169 for (p
= readbuffer
, i
= 0;
170 *p
!= '\n' && *p
!= '\0' && i
< linebuflen
- 1; p
++, i
++);
172 /* gobble \n if it starts the line. */
174 /* grab the end of line too! and then advance past
179 /* TODO -- perhaps we should return no line at all
180 here, as it might be incomplete. don't want to
181 break anything though. */
182 DMA(DEBUG_INFO
, "expected line doesn't end on its own.\n");
186 /* copy a line into the linebuffer */
187 strncpy(linebuffer
, readbuffer
, (size_t) i
);
188 /* sigh, null terminate */
189 linebuffer
[i
] = '\0';
190 /* shift the rest over; this could be done
191 instead with strcpy... I think. */
200 /* return the length of the line */
202 if (i
< 0 || i
> linebuflen
) {
203 DM((Pop3
) NULL
, DEBUG_ERROR
, "bork bork bork!: %d %d\n", i
,
209 /* eat lines, until one starting with prefix is found;
210 this skips 'informational' IMAP responses */
211 /* the correct response to a return value of 0 is almost
212 certainly tlscomm_close(scs): don't _expect() anything
213 unless anything else would represent failure */
215 tlscomm_expect(struct connection_state
*scs
,
216 const char *prefix
, char *linebuf
, int buflen
)
218 int prefixlen
= (int) strlen(prefix
);
219 int buffered_bytes
= 0;
220 memset(linebuf
, 0, buflen
);
221 TDM(DEBUG_INFO
, "%s: expecting: %s\n", scs
->name
, prefix
);
222 /* if(scs->unprocessed[0]) {
223 TDM(DEBUG_INFO, "%s: buffered: %s\n", scs->name, scs->unprocessed);
225 while (scs
->unprocessed
[0] != '\0'
226 || wait_for_it(scs
->sd
, EXPECT_TIMEOUT
)) {
227 if (scs
->unprocessed
[buffered_bytes
] == '\0') {
230 if (scs
->tls_state
) {
231 /* BUF_SIZE - 1 leaves room for trailing \0 */
234 gnutls_read(scs
->tls_state
,
235 &scs
->unprocessed
[buffered_bytes
],
236 BUF_SIZE
- 1 - buffered_bytes
);
237 } while (thisreadbytes
== GNUTLS_E_AGAIN
);
238 if (thisreadbytes
< 0) {
239 handle_gnutls_read_error(thisreadbytes
, scs
);
247 read(scs
->sd
, &scs
->unprocessed
[buffered_bytes
],
248 BUF_SIZE
- 1 - buffered_bytes
);
249 } while (thisreadbytes
== EAGAIN
);
250 if (thisreadbytes
< 0) {
251 TDM(DEBUG_ERROR
, "%s: error reading: %s\n",
252 scs
->name
, strerror(errno
));
256 buffered_bytes
+= thisreadbytes
;
257 /* force null termination */
258 scs
->unprocessed
[buffered_bytes
] = '\0';
259 if (buffered_bytes
== 0) {
260 return 0; /* bummer */
263 buffered_bytes
= strlen(scs
->unprocessed
);
265 while (buffered_bytes
>= prefixlen
) {
268 getline_from_buffer(scs
->unprocessed
, linebuf
, buflen
);
269 if (linebytes
== 0) {
272 buffered_bytes
-= linebytes
;
273 if (strncmp(linebuf
, prefix
, prefixlen
) == 0) {
274 TDM(DEBUG_INFO
, "%s: got: %*s", scs
->name
,
276 return 1; /* got it! */
278 TDM(DEBUG_INFO
, "%s: dumped(%d/%d): %.*s", scs
->name
,
279 linebytes
, buffered_bytes
, linebytes
, linebuf
);
283 if (buffered_bytes
== -1) {
284 TDM(DEBUG_INFO
, "%s: timed out while expecting '%s'\n",
287 TDM(DEBUG_ERROR
, "%s: expecting: '%s', saw (%d): %s%s",
288 scs
->name
, prefix
, buffered_bytes
, linebuf
,
289 /* only print the newline if the linebuf lacks it */
290 (linebuf
[strlen(linebuf
) - 1] == '\n') ? "\n" : "");
292 return 0; /* wait_for_it failed */
295 int tlscomm_gets(char *buf
, int buflen
, struct connection_state
*scs
)
297 return (tlscomm_expect(scs
, "", buf
, buflen
));
300 void tlscomm_printf(struct connection_state
*scs
, const char *format
, ...)
305 ssize_t unused
__attribute__((unused
));
308 DMA(DEBUG_ERROR
, "null connection to tlscomm_printf\n");
311 va_start(args
, format
);
312 bytes
= vsnprintf(buf
, 1024, format
, args
);
317 if (scs
->tls_state
) {
318 int written
= gnutls_write(scs
->tls_state
, buf
, bytes
);
319 if (written
< bytes
) {
321 "Error %s prevented writing: %*s\n",
322 gnutls_strerror(written
), bytes
, buf
);
328 unused
= write(scs
->sd
, buf
, bytes
);
331 ("warning: tlscomm_printf called with an invalid socket descriptor\n");
334 TDM(DEBUG_INFO
, "wrote %*s", bytes
, buf
);
337 /* most of this file only makes sense if using TLS. */
339 #include "gnutls-common.h"
342 bad_certificate(const struct connection_state
*scs
, const char *msg
)
344 TDM(DEBUG_ERROR
, "%s", msg
);
345 if (!SkipCertificateCheck
) {
346 TDM(DEBUG_ERROR
, "to ignore this error, run wmbiff "
347 "with the -skip-certificate-check option\n");
353 warn_certificate(const struct connection_state
*scs
, const char *msg
)
355 if (!SkipCertificateCheck
) {
356 TDM(DEBUG_ERROR
, "%s", msg
);
357 TDM(DEBUG_ERROR
, "to ignore this warning, run wmbiff "
358 "with the -skip-certificate-check option\n");
362 /* a start of a hack at verifying certificates. does not
363 provide any security at all. I'm waiting for either
364 gnutls to make this as easy as it should be, or someone
365 to port Andrew McDonald's gnutls-for-mutt patch.
368 #define CERT_SEP "-----BEGIN"
370 /* this bit is based on read_ca_file() in gnutls */
371 static int tls_compare_certificates(const gnutls_datum_t
* peercert
)
377 gnutls_datum_t b64_data
;
378 unsigned char *b64_data_data
;
379 struct stat filestat
;
381 if (stat(certificate_filename
, &filestat
) == -1)
384 b64_data
.size
= filestat
.st_size
+ 1;
385 b64_data_data
= (unsigned char *) malloc(b64_data
.size
);
386 b64_data_data
[b64_data
.size
- 1] = '\0';
387 b64_data
.data
= b64_data_data
;
389 fd1
= fopen(certificate_filename
, "r");
394 b64_data
.size
= fread(b64_data
.data
, 1, b64_data
.size
, fd1
);
398 ret
= gnutls_pem_base64_decode_alloc(NULL
, &b64_data
, &cert
);
404 ptr
= (unsigned char *) strstr((char *) b64_data
.data
, CERT_SEP
) + 1;
405 ptr
= (unsigned char *) strstr((char *) ptr
, CERT_SEP
);
407 b64_data
.size
= b64_data
.size
- (ptr
- b64_data
.data
);
410 if (cert
.size
== peercert
->size
) {
411 if (memcmp(cert
.data
, peercert
->data
, cert
.size
) == 0) {
413 gnutls_free(cert
.data
);
419 gnutls_free(cert
.data
);
420 } while (ptr
!= NULL
);
429 tls_check_certificate(struct connection_state
*scs
,
430 const char *remote_hostname
)
433 unsigned int certstat
;
434 const gnutls_datum_t
*cert_list
;
435 unsigned int cert_list_size
= 0;
436 gnutls_x509_crt_t cert
;
438 if (gnutls_auth_get_type(scs
->tls_state
) != GNUTLS_CRD_CERTIFICATE
) {
439 bad_certificate(scs
, "Unable to get certificate from peer.\n");
440 return; /* bad_cert will exit if -skip-certificate-check was not given */
442 ret
= gnutls_certificate_verify_peers2(scs
->tls_state
, &certstat
);
447 snprintf(errbuf
, 1024, "could not verify certificate: %s (%d).\n",
448 gnutls_strerror(ret
), ret
);
449 bad_certificate(scs
, (ret
== GNUTLS_E_NO_CERTIFICATE_FOUND
?
450 "server presented no certificate.\n" :
453 #ifdef GNUTLS_CERT_CORRUPTED
454 } else if (certstat
& GNUTLS_CERT_CORRUPTED
) {
455 bad_certificate(scs
, "server's certificate is corrupt.\n");
457 } else if (certstat
& GNUTLS_CERT_REVOKED
) {
458 bad_certificate(scs
, "server's certificate has been revoked.\n");
459 } else if (certstat
& GNUTLS_CERT_EXPIRED
) {
460 bad_certificate(scs
, "server's certificate is expired.\n");
461 } else if (certstat
& GNUTLS_CERT_INSECURE_ALGORITHM
) {
462 warn_certificate(scs
, "server's certificate use an insecure algorithm.\n");
463 } else if (certstat
& GNUTLS_CERT_INVALID
) {
464 if (gnutls_certificate_type_get(scs
->tls_state
) == GNUTLS_CRT_X509
) {
465 /* bad_certificate(scs, "server's certificate is not trusted.\n"
466 "there may be a problem with the certificate stored in your certfile\n"); */
469 "server's certificate is invalid or not X.509.\n"
470 "there may be a problem with the certificate stored in your certfile\n");
472 #if defined(GNUTLS_CERT_SIGNER_NOT_FOUND)
473 } else if (certstat
& GNUTLS_CERT_SIGNER_NOT_FOUND
) {
474 TDM(DEBUG_INFO
, "server's certificate is not signed.\n");
476 "to verify that a certificate is trusted, use the certfile option.\n");
479 #if defined(GNUTLS_CERT_NOT_TRUSTED)
480 } else if (certstat
& GNUTLS_CERT_NOT_TRUSTED
) {
481 TDM(DEBUG_INFO
, "server's certificate is not trusted.\n");
483 "to verify that a certificate is trusted, use the certfile option.\n");
487 if (gnutls_x509_crt_init(&cert
) < 0) {
489 "Unable to initialize certificate data structure");
493 /* not checking for not-yet-valid certs... this would make sense
494 if we weren't just comparing to stored ones */
496 gnutls_certificate_get_peers(scs
->tls_state
, &cert_list_size
);
498 if (gnutls_x509_crt_import(cert
, &cert_list
[0], GNUTLS_X509_FMT_DER
) <
500 bad_certificate(scs
, "Error processing certificate data");
503 if (gnutls_x509_crt_get_expiration_time(cert
) < time(NULL
)) {
504 bad_certificate(scs
, "server's certificate has expired.\n");
505 } else if (gnutls_x509_crt_get_activation_time(cert
)
507 bad_certificate(scs
, "server's certificate is not yet valid.\n");
509 TDM(DEBUG_INFO
, "certificate passed time check.\n");
512 if (gnutls_x509_crt_check_hostname(cert
, remote_hostname
) == 0) {
513 char certificate_hostname
[256];
515 gnutls_x509_crt_get_dn(cert
, certificate_hostname
, &buflen
);
516 /* gnutls_x509_extract_certificate_dn(&cert_list[0], &dn); */
518 "server's certificate (%s) does not match its hostname (%s).\n",
519 certificate_hostname
, remote_hostname
);
521 "server's certificate does not match its hostname.\n");
523 if ((scs
->pc
)->debug
>= DEBUG_INFO
) {
524 char certificate_hostname
[256];
526 gnutls_x509_crt_get_dn(cert
, certificate_hostname
, &buflen
);
527 /* gnutls_x509_extract_certificate_dn(&cert_list[0], &dn); */
529 "server's certificate (%s) matched its hostname (%s).\n",
530 certificate_hostname
, remote_hostname
);
534 if (certificate_filename
!= NULL
&&
535 tls_compare_certificates(&cert_list
[0]) == 0) {
537 "server's certificate was not found in the certificate file.\n");
540 gnutls_x509_crt_deinit(cert
);
542 TDM(DEBUG_INFO
, "certificate check ok.\n");
546 struct connection_state
*initialize_gnutls(intptr_t sd
, char *name
, Pop3 pc
,
547 const char *remote_hostname
)
549 static int gnutls_initialized
;
551 struct connection_state
*scs
= malloc(sizeof(struct connection_state
));
552 memset(scs
, 0, sizeof(struct connection_state
)); /* clears the unprocessed buffer */
558 if (gnutls_initialized
== 0) {
559 assert(gnutls_global_init() == 0);
560 gnutls_initialized
= 1;
563 assert(gnutls_init(&scs
->tls_state
, GNUTLS_CLIENT
) == 0);
566 if (GNUTLS_E_SUCCESS
!= gnutls_priority_set_direct(scs
->tls_state
, tls
, &err_pos
)) {
568 "Unable to set the priorities to use on the ciphers, "
569 "key exchange methods, macs and/or compression methods.\n"
570 "See 'tls' parameter in config file: '%s'.\n",
575 /* no client private key */
576 if (gnutls_certificate_allocate_credentials(&scs
->xcred
) < 0) {
577 DMA(DEBUG_ERROR
, "gnutls memory error\n");
581 /* certfile seems to work. */
582 if (certificate_filename
!= NULL
) {
583 if (!exists(certificate_filename
)) {
585 "Certificate file (certfile=) %s not found.\n",
586 certificate_filename
);
589 zok
= gnutls_certificate_set_x509_trust_file(scs
->xcred
,
591 certificate_filename
,
592 GNUTLS_X509_FMT_PEM
);
595 "GNUTLS did not like your certificate file %s (%d).\n",
596 certificate_filename
, zok
);
602 gnutls_cred_set(scs
->tls_state
, GNUTLS_CRD_CERTIFICATE
,
604 gnutls_transport_set_ptr(scs
->tls_state
,
605 (gnutls_transport_ptr_t
) sd
);
607 zok
= gnutls_handshake(scs
->tls_state
);
609 while (zok
== GNUTLS_E_INTERRUPTED
|| zok
== GNUTLS_E_AGAIN
);
611 tls_check_certificate(scs
, remote_hostname
);
615 TDM(DEBUG_ERROR
, "%s: Handshake failed\n", name
);
616 TDM(DEBUG_ERROR
, "%s: This may be a problem in gnutls, "
617 "which is under development\n", name
);
619 "%s: This copy of wmbiff was compiled with \n"
620 " gnutls version %s.\n", name
, LIBGNUTLS_VERSION
);
622 if (scs
->pc
->u
.pop_imap
.serverPort
!= 143 /* starttls */ ) {
624 "%s: Please run 'gnutls-cli-debug -p %d %s' to test ssl directly.\n"
625 " That tool provides a lower-level test of gnutls with your server.\n",
626 name
, scs
->pc
->u
.pop_imap
.serverPort
, remote_hostname
);
628 gnutls_deinit(scs
->tls_state
);
632 TDM(DEBUG_INFO
, "%s: Handshake was completed\n", name
);
633 if (scs
->pc
->debug
>= DEBUG_INFO
)
634 print_info(scs
->tls_state
, remote_hostname
);
641 /* moved down here, to keep from interrupting the flow with
642 verbose error crap */
643 void handle_gnutls_read_error(int readbytes
, struct connection_state
*scs
)
645 if (gnutls_error_is_fatal(readbytes
) == 1) {
647 "%s: Received corrupted data(%d) - server has terminated the connection abnormally\n",
648 scs
->name
, readbytes
);
650 if (readbytes
== GNUTLS_E_WARNING_ALERT_RECEIVED
651 || readbytes
== GNUTLS_E_FATAL_ALERT_RECEIVED
)
652 TDM(DEBUG_ERROR
, "* Received alert [%d]\n",
653 gnutls_alert_get(scs
->tls_state
));
654 if (readbytes
== GNUTLS_E_REHANDSHAKE
)
655 TDM(DEBUG_ERROR
, "* Received HelloRequest message\n");
658 "%s: gnutls error reading: %s\n",
659 scs
->name
, gnutls_strerror(readbytes
));
663 /* declare stubs when tls isn't compiled in */
664 struct connection_state
*initialize_gnutls(UNUSED(intptr_t sd
),
671 "FATAL: tried to initialize ssl when ssl wasn't compiled in.\n");
677 struct connection_state
*initialize_unencrypted(int sd
,
678 /*@only@ */ char *name
,
681 struct connection_state
*ret
= malloc(sizeof(struct connection_state
));
684 memset(ret
, 0, sizeof(struct connection_state
)); /* clears the unprocessed buffer */
687 ret
->tls_state
= NULL
;
693 /* bad seed connections that can't be setup */
695 struct connection_state
*initialize_blacklist( /*@only@ */ char *name
)
697 struct connection_state
*ret
= malloc(sizeof(struct connection_state
));
701 ret
->tls_state
= NULL
;
708 int tlscomm_is_blacklisted(const struct connection_state
*scs
)
710 return (scs
!= NULL
&& scs
->sd
== -1);