1 /* tlsComm.c - primitive routines to aid TLS communication
2 within wmbiff, without rewriting each mailbox access
3 scheme. These functions hide whether the underlying
4 transport is encrypted.
6 Neil Spring (nspring@cs.washington.edu) */
8 /* TODO: handle "* BYE" internally? */
15 #include <sys/types.h>
22 #ifdef HAVE_GNUTLS_GNUTLS_H
24 #include <gnutls/gnutls.h>
25 #include <gnutls/x509.h>
34 #include "Client.h" /* debugging messages */
36 /* if non-null, set to a file for certificate verification */
37 extern const char *certificate_filename
;
38 /* if set, don't fail when dealing with a bad certificate.
39 (continue to whine, though, as bad certs should be fixed) */
40 extern int SkipCertificateCheck
;
41 /* gnutls: specify the priorities to use on the ciphers, key exchange methods,
42 macs and compression methods. */
43 extern const char *tls
;
45 /* WARNING: implcitly uses scs to gain access to the mailbox
46 that holds the per-mailbox debug flag. */
47 #define TDM(lvl, args...) DM(scs->pc, lvl, "comm: " args)
49 /* how long to wait for the server to do its thing
50 when we issue it a command (in seconds) */
51 #define EXPECT_TIMEOUT 40
53 /* this is the per-connection state that is maintained for
54 each connection; BIG variables are for ssl (null if not
57 struct connection_state
{
61 gnutls_session tls_state
;
62 gnutls_certificate_credentials xcred
;
64 /*@null@ */ void *tls_state
;
65 /*@null@ */ void *xcred
;
67 char unprocessed
[BUF_SIZE
];
68 Pop3 pc
; /* mailbox handle for debugging messages */
71 /* gotta do our own line buffering, sigh */
72 int getline_from_buffer(char *readbuffer
, char *linebuffer
,
74 void handle_gnutls_read_error(int readbytes
, struct connection_state
*scs
);
76 void tlscomm_close(struct connection_state
*scs
)
78 TDM(DEBUG_INFO
, "%s: closing.\n",
79 (scs
->name
!= NULL
) ? scs
->name
: "null");
81 /* not ok to call this more than once */
84 /* this next line seems capable of hanging... */
85 /* gnutls_bye(scs->tls_state, GNUTLS_SHUT_RDWR); */
86 /* so we'll try just _bye'ing the WR direction, which
87 should send the alert but not wait for a response. */
88 gnutls_bye(scs
->tls_state
, GNUTLS_SHUT_WR
);
89 gnutls_certificate_free_credentials(scs
->xcred
);
90 gnutls_deinit(scs
->tls_state
);
94 (void) close(scs
->sd
);
97 scs
->tls_state
= NULL
;
104 extern int x_socket(void);
105 extern void ProcessPendingEvents(void);
107 /* this avoids blocking without using non-blocking i/o */
108 static int wait_for_it(int sd
, int timeoutseconds
)
112 int ready_descriptors
;
115 struct timeval time_now
;
116 struct timeval time_out
;
118 gettimeofday(&time_now
, NULL
);
119 memcpy(&time_out
, &time_now
, sizeof(struct timeval
));
120 time_out
.tv_sec
+= timeoutseconds
;
123 maxfd
= max(sd
, xfd
);
127 ProcessPendingEvents();
129 gettimeofday(&time_now
, NULL
);
130 tv
.tv_sec
= max(time_out
.tv_sec
- time_now
.tv_sec
+ 1, (time_t) 0); /* sloppy, but bfd */
132 /* select will return if we have X stuff or we have comm stuff on sd */
134 FD_SET(sd
, &readfds
);
135 // FD_SET(xfd, &readfds);
136 ready_descriptors
= select(maxfd
+ 1, &readfds
, NULL
, NULL
, &tv
);
138 // "select %d/%d returned %d descriptor, %d\n",
139 // sd, timeoutseconds, ready_descriptors, FD_ISSET(sd, &readfds));
141 } while(tv
.tv_sec
> 0 && (!FD_ISSET(sd
, &readfds
) || (errno
== EINTR
&& ready_descriptors
== -1)));
144 FD_SET(sd
, &readfds
);
145 tv
.tv_sec
= 0; tv
.tv_usec
= 0;
146 ready_descriptors
= select(sd
+ 1, &readfds
, NULL
, NULL
, &tv
);
148 while (ready_descriptors
== -1 && errno
== EINTR
);
149 if (ready_descriptors
== 0) {
151 "select timed out after %d seconds on socket: %d\n",
154 } else if (ready_descriptors
== -1) {
156 "select failed on socket %d: %s\n", sd
, strerror(errno
));
159 return (FD_ISSET(sd
, &readfds
));
162 /* exported for testing */
164 getline_from_buffer(char *readbuffer
, char *linebuffer
, int linebuflen
)
168 /* find end of line (stopping if linebuflen is too small. */
169 for (p
= readbuffer
, i
= 0;
170 *p
!= '\n' && *p
!= '\0' && i
< linebuflen
- 1; p
++, i
++);
172 /* gobble \n if it starts the line. */
174 /* grab the end of line too! and then advance past
179 /* TODO -- perhaps we should return no line at all
180 here, as it might be incomplete. don't want to
181 break anything though. */
182 DMA(DEBUG_INFO
, "expected line doesn't end on its own.\n");
186 /* copy a line into the linebuffer */
187 strncpy(linebuffer
, readbuffer
, (size_t) i
);
188 /* sigh, null terminate */
189 linebuffer
[i
] = '\0';
190 /* shift the rest over; this could be done
191 instead with strcpy... I think. */
200 /* return the length of the line */
202 if (i
< 0 || i
> linebuflen
) {
203 DM((Pop3
) NULL
, DEBUG_ERROR
, "bork bork bork!: %d %d\n", i
,
209 /* eat lines, until one starting with prefix is found;
210 this skips 'informational' IMAP responses */
211 /* the correct response to a return value of 0 is almost
212 certainly tlscomm_close(scs): don't _expect() anything
213 unless anything else would represent failure */
215 tlscomm_expect(struct connection_state
*scs
,
216 const char *prefix
, char *linebuf
, int buflen
)
218 int prefixlen
= (int) strlen(prefix
);
219 int buffered_bytes
= 0;
220 memset(linebuf
, 0, buflen
);
221 TDM(DEBUG_INFO
, "%s: expecting: %s\n", scs
->name
, prefix
);
222 /* if(scs->unprocessed[0]) {
223 TDM(DEBUG_INFO, "%s: buffered: %s\n", scs->name, scs->unprocessed);
225 while (scs
->unprocessed
[0] != '\0'
226 || wait_for_it(scs
->sd
, EXPECT_TIMEOUT
)) {
227 if (scs
->unprocessed
[buffered_bytes
] == '\0') {
230 if (scs
->tls_state
) {
231 /* BUF_SIZE - 1 leaves room for trailing \0 */
233 gnutls_read(scs
->tls_state
,
234 &scs
->unprocessed
[buffered_bytes
],
235 BUF_SIZE
- 1 - buffered_bytes
);
236 if (thisreadbytes
< 0) {
237 handle_gnutls_read_error(thisreadbytes
, scs
);
244 read(scs
->sd
, &scs
->unprocessed
[buffered_bytes
],
245 BUF_SIZE
- 1 - buffered_bytes
);
246 if (thisreadbytes
< 0) {
247 TDM(DEBUG_ERROR
, "%s: error reading: %s\n",
248 scs
->name
, strerror(errno
));
252 buffered_bytes
+= thisreadbytes
;
253 /* force null termination */
254 scs
->unprocessed
[buffered_bytes
] = '\0';
255 if (buffered_bytes
== 0) {
256 return 0; /* bummer */
259 buffered_bytes
= strlen(scs
->unprocessed
);
261 while (buffered_bytes
>= prefixlen
) {
264 getline_from_buffer(scs
->unprocessed
, linebuf
, buflen
);
265 if (linebytes
== 0) {
268 buffered_bytes
-= linebytes
;
269 if (strncmp(linebuf
, prefix
, prefixlen
) == 0) {
270 TDM(DEBUG_INFO
, "%s: got: %*s", scs
->name
,
272 return 1; /* got it! */
274 TDM(DEBUG_INFO
, "%s: dumped(%d/%d): %.*s", scs
->name
,
275 linebytes
, buffered_bytes
, linebytes
, linebuf
);
279 if (buffered_bytes
== -1) {
280 TDM(DEBUG_INFO
, "%s: timed out while expecting '%s'\n",
283 TDM(DEBUG_ERROR
, "%s: expecting: '%s', saw (%d): %s%s",
284 scs
->name
, prefix
, buffered_bytes
, linebuf
,
285 /* only print the newline if the linebuf lacks it */
286 (linebuf
[strlen(linebuf
) - 1] == '\n') ? "\n" : "");
288 return 0; /* wait_for_it failed */
291 int tlscomm_gets(char *buf
, int buflen
, struct connection_state
*scs
)
293 return (tlscomm_expect(scs
, "", buf
, buflen
));
296 void tlscomm_printf(struct connection_state
*scs
, const char *format
, ...)
301 ssize_t unused
__attribute__((unused
));
304 DMA(DEBUG_ERROR
, "null connection to tlscomm_printf\n");
307 va_start(args
, format
);
308 bytes
= vsnprintf(buf
, 1024, format
, args
);
313 if (scs
->tls_state
) {
314 int written
= gnutls_write(scs
->tls_state
, buf
, bytes
);
315 if (written
< bytes
) {
317 "Error %s prevented writing: %*s\n",
318 gnutls_strerror(written
), bytes
, buf
);
324 unused
= write(scs
->sd
, buf
, bytes
);
327 ("warning: tlscomm_printf called with an invalid socket descriptor\n");
330 TDM(DEBUG_INFO
, "wrote %*s", bytes
, buf
);
333 /* most of this file only makes sense if using TLS. */
335 #include "gnutls-common.h"
338 bad_certificate(const struct connection_state
*scs
, const char *msg
)
340 TDM(DEBUG_ERROR
, "%s", msg
);
341 if (!SkipCertificateCheck
) {
342 TDM(DEBUG_ERROR
, "to ignore this error, run wmbiff "
343 "with the -skip-certificate-check option\n");
349 warn_certificate(const struct connection_state
*scs
, const char *msg
)
351 if (!SkipCertificateCheck
) {
352 TDM(DEBUG_ERROR
, "%s", msg
);
353 TDM(DEBUG_ERROR
, "to ignore this warning, run wmbiff "
354 "with the -skip-certificate-check option\n");
358 /* a start of a hack at verifying certificates. does not
359 provide any security at all. I'm waiting for either
360 gnutls to make this as easy as it should be, or someone
361 to port Andrew McDonald's gnutls-for-mutt patch.
364 #define CERT_SEP "-----BEGIN"
366 /* this bit is based on read_ca_file() in gnutls */
367 static int tls_compare_certificates(const gnutls_datum
* peercert
)
373 gnutls_datum b64_data
;
374 unsigned char *b64_data_data
;
375 struct stat filestat
;
377 if (stat(certificate_filename
, &filestat
) == -1)
380 b64_data
.size
= filestat
.st_size
+ 1;
381 b64_data_data
= (unsigned char *) malloc(b64_data
.size
);
382 b64_data_data
[b64_data
.size
- 1] = '\0';
383 b64_data
.data
= b64_data_data
;
385 fd1
= fopen(certificate_filename
, "r");
390 b64_data
.size
= fread(b64_data
.data
, 1, b64_data
.size
, fd1
);
394 ret
= gnutls_pem_base64_decode_alloc(NULL
, &b64_data
, &cert
);
400 ptr
= (unsigned char *) strstr((char *) b64_data
.data
, CERT_SEP
) + 1;
401 ptr
= (unsigned char *) strstr((char *) ptr
, CERT_SEP
);
403 b64_data
.size
= b64_data
.size
- (ptr
- b64_data
.data
);
406 if (cert
.size
== peercert
->size
) {
407 if (memcmp(cert
.data
, peercert
->data
, cert
.size
) == 0) {
409 gnutls_free(cert
.data
);
415 gnutls_free(cert
.data
);
416 } while (ptr
!= NULL
);
425 tls_check_certificate(struct connection_state
*scs
,
426 const char *remote_hostname
)
429 unsigned int certstat
;
430 const gnutls_datum
*cert_list
;
431 unsigned int cert_list_size
= 0;
432 gnutls_x509_crt cert
;
434 if (gnutls_auth_get_type(scs
->tls_state
) != GNUTLS_CRD_CERTIFICATE
) {
435 bad_certificate(scs
, "Unable to get certificate from peer.\n");
436 return; /* bad_cert will exit if -skip-certificate-check was not given */
438 ret
= gnutls_certificate_verify_peers2(scs
->tls_state
, &certstat
);
443 snprintf(errbuf
, 1024, "could not verify certificate: %s (%d).\n",
444 gnutls_strerror(ret
), ret
);
445 bad_certificate(scs
, (ret
== GNUTLS_E_NO_CERTIFICATE_FOUND
?
446 "server presented no certificate.\n" :
449 #ifdef GNUTLS_CERT_CORRUPTED
450 } else if (certstat
& GNUTLS_CERT_CORRUPTED
) {
451 bad_certificate(scs
, "server's certificate is corrupt.\n");
453 } else if (certstat
& GNUTLS_CERT_REVOKED
) {
454 bad_certificate(scs
, "server's certificate has been revoked.\n");
455 } else if (certstat
& GNUTLS_CERT_EXPIRED
) {
456 bad_certificate(scs
, "server's certificate is expired.\n");
457 } else if (certstat
& GNUTLS_CERT_INSECURE_ALGORITHM
) {
458 warn_certificate(scs
, "server's certificate use an insecure algorithm.\n");
459 } else if (certstat
& GNUTLS_CERT_INVALID
) {
460 if (gnutls_certificate_type_get(scs
->tls_state
) == GNUTLS_CRT_X509
) {
461 /* bad_certificate(scs, "server's certificate is not trusted.\n"
462 "there may be a problem with the certificate stored in your certfile\n"); */
465 "server's certificate is invalid or not X.509.\n"
466 "there may be a problem with the certificate stored in your certfile\n");
468 #if defined(GNUTLS_CERT_SIGNER_NOT_FOUND)
469 } else if (certstat
& GNUTLS_CERT_SIGNER_NOT_FOUND
) {
470 TDM(DEBUG_INFO
, "server's certificate is not signed.\n");
472 "to verify that a certificate is trusted, use the certfile option.\n");
475 #if defined(GNUTLS_CERT_NOT_TRUSTED)
476 } else if (certstat
& GNUTLS_CERT_NOT_TRUSTED
) {
477 TDM(DEBUG_INFO
, "server's certificate is not trusted.\n");
479 "to verify that a certificate is trusted, use the certfile option.\n");
483 if (gnutls_x509_crt_init(&cert
) < 0) {
485 "Unable to initialize certificate data structure");
489 /* not checking for not-yet-valid certs... this would make sense
490 if we weren't just comparing to stored ones */
492 gnutls_certificate_get_peers(scs
->tls_state
, &cert_list_size
);
494 if (gnutls_x509_crt_import(cert
, &cert_list
[0], GNUTLS_X509_FMT_DER
) <
496 bad_certificate(scs
, "Error processing certificate data");
499 if (gnutls_x509_crt_get_expiration_time(cert
) < time(NULL
)) {
500 bad_certificate(scs
, "server's certificate has expired.\n");
501 } else if (gnutls_x509_crt_get_activation_time(cert
)
503 bad_certificate(scs
, "server's certificate is not yet valid.\n");
505 TDM(DEBUG_INFO
, "certificate passed time check.\n");
508 if (gnutls_x509_crt_check_hostname(cert
, remote_hostname
) == 0) {
509 char certificate_hostname
[256];
511 gnutls_x509_crt_get_dn(cert
, certificate_hostname
, &buflen
);
512 /* gnutls_x509_extract_certificate_dn(&cert_list[0], &dn); */
514 "server's certificate (%s) does not match its hostname (%s).\n",
515 certificate_hostname
, remote_hostname
);
517 "server's certificate does not match its hostname.\n");
519 if ((scs
->pc
)->debug
>= DEBUG_INFO
) {
520 char certificate_hostname
[256];
522 gnutls_x509_crt_get_dn(cert
, certificate_hostname
, &buflen
);
523 /* gnutls_x509_extract_certificate_dn(&cert_list[0], &dn); */
525 "server's certificate (%s) matched its hostname (%s).\n",
526 certificate_hostname
, remote_hostname
);
530 if (certificate_filename
!= NULL
&&
531 tls_compare_certificates(&cert_list
[0]) == 0) {
533 "server's certificate was not found in the certificate file.\n");
536 gnutls_x509_crt_deinit(cert
);
538 TDM(DEBUG_INFO
, "certificate check ok.\n");
542 struct connection_state
*initialize_gnutls(int sd
, char *name
, Pop3 pc
,
543 const char *remote_hostname
)
545 static int gnutls_initialized
;
547 struct connection_state
*scs
= malloc(sizeof(struct connection_state
));
548 memset(scs
, 0, sizeof(struct connection_state
)); /* clears the unprocessed buffer */
554 if (gnutls_initialized
== 0) {
555 assert(gnutls_global_init() == 0);
556 gnutls_initialized
= 1;
559 assert(gnutls_init(&scs
->tls_state
, GNUTLS_CLIENT
) == 0);
562 if (GNUTLS_E_SUCCESS
!= gnutls_priority_set_direct(scs
->tls_state
, tls
, &err_pos
)) {
564 "Unable to set the priorities to use on the ciphers, "
565 "key exchange methods, macs and/or compression methods.\n"
566 "See 'tls' parameter in config file: '%s'.\n",
571 /* no client private key */
572 if (gnutls_certificate_allocate_credentials(&scs
->xcred
) < 0) {
573 DMA(DEBUG_ERROR
, "gnutls memory error\n");
577 /* certfile seems to work. */
578 if (certificate_filename
!= NULL
) {
579 if (!exists(certificate_filename
)) {
581 "Certificate file (certfile=) %s not found.\n",
582 certificate_filename
);
585 zok
= gnutls_certificate_set_x509_trust_file(scs
->xcred
,
587 certificate_filename
,
588 GNUTLS_X509_FMT_PEM
);
591 "GNUTLS did not like your certificate file %s (%d).\n",
592 certificate_filename
, zok
);
598 gnutls_cred_set(scs
->tls_state
, GNUTLS_CRD_CERTIFICATE
,
600 gnutls_transport_set_ptr(scs
->tls_state
,
601 (gnutls_transport_ptr
) sd
);
603 zok
= gnutls_handshake(scs
->tls_state
);
605 while (zok
== GNUTLS_E_INTERRUPTED
|| zok
== GNUTLS_E_AGAIN
);
607 tls_check_certificate(scs
, remote_hostname
);
611 TDM(DEBUG_ERROR
, "%s: Handshake failed\n", name
);
612 TDM(DEBUG_ERROR
, "%s: This may be a problem in gnutls, "
613 "which is under development\n", name
);
615 "%s: This copy of wmbiff was compiled with \n"
616 " gnutls version %s.\n", name
, LIBGNUTLS_VERSION
);
618 if (scs
->pc
->u
.pop_imap
.serverPort
!= 143 /* starttls */ ) {
620 "%s: Please run 'gnutls-cli-debug -p %d %s' to test ssl directly.\n"
621 " That tool provides a lower-level test of gnutls with your server.\n",
622 name
, scs
->pc
->u
.pop_imap
.serverPort
, remote_hostname
);
624 gnutls_deinit(scs
->tls_state
);
628 TDM(DEBUG_INFO
, "%s: Handshake was completed\n", name
);
629 if (scs
->pc
->debug
>= DEBUG_INFO
)
630 print_info(scs
->tls_state
, remote_hostname
);
637 /* moved down here, to keep from interrupting the flow with
638 verbose error crap */
639 void handle_gnutls_read_error(int readbytes
, struct connection_state
*scs
)
641 if (gnutls_error_is_fatal(readbytes
) == 1) {
643 "%s: Received corrupted data(%d) - server has terminated the connection abnormally\n",
644 scs
->name
, readbytes
);
646 if (readbytes
== GNUTLS_E_WARNING_ALERT_RECEIVED
647 || readbytes
== GNUTLS_E_FATAL_ALERT_RECEIVED
)
648 TDM(DEBUG_ERROR
, "* Received alert [%d]\n",
649 gnutls_alert_get(scs
->tls_state
));
650 if (readbytes
== GNUTLS_E_REHANDSHAKE
)
651 TDM(DEBUG_ERROR
, "* Received HelloRequest message\n");
654 "%s: gnutls error reading: %s\n",
655 scs
->name
, gnutls_strerror(readbytes
));
659 /* declare stubs when tls isn't compiled in */
660 struct connection_state
*initialize_gnutls(UNUSED(int sd
),
667 "FATAL: tried to initialize ssl when ssl wasn't compiled in.\n");
673 struct connection_state
*initialize_unencrypted(int sd
,
674 /*@only@ */ char *name
,
677 struct connection_state
*ret
= malloc(sizeof(struct connection_state
));
680 memset(ret
, 0, sizeof(struct connection_state
)); /* clears the unprocessed buffer */
683 ret
->tls_state
= NULL
;
689 /* bad seed connections that can't be setup */
691 struct connection_state
*initialize_blacklist( /*@only@ */ char *name
)
693 struct connection_state
*ret
= malloc(sizeof(struct connection_state
));
697 ret
->tls_state
= NULL
;
704 int tlscomm_is_blacklisted(const struct connection_state
*scs
)
706 return (scs
!= NULL
&& scs
->sd
== -1);