diff options
Diffstat (limited to 'src/lib-ssl-iostream/iostream-openssl.c')
| -rw-r--r-- | src/lib-ssl-iostream/iostream-openssl.c | 946 |
1 files changed, 946 insertions, 0 deletions
diff --git a/src/lib-ssl-iostream/iostream-openssl.c b/src/lib-ssl-iostream/iostream-openssl.c new file mode 100644 index 0000000..6920c53 --- /dev/null +++ b/src/lib-ssl-iostream/iostream-openssl.c @@ -0,0 +1,946 @@ +/* Copyright (c) 2009-2018 Dovecot authors, see the included COPYING file */ + +#include "lib.h" +#include "istream-private.h" +#include "ostream-private.h" +#include "iostream-openssl.h" + +#include <openssl/rand.h> +#include <openssl/err.h> + +static void openssl_iostream_free(struct ssl_iostream *ssl_io); + +void openssl_iostream_set_error(struct ssl_iostream *ssl_io, const char *str) +{ + char *new_str; + + /* i_debug() may sometimes be overriden, making it write to this very + same SSL stream, in which case the provided str may be invalidated + before it is even used. Therefore, we duplicate it immediately. */ + new_str = i_strdup(str); + + if (ssl_io->verbose) { + /* This error should normally be logged by lib-ssl-iostream's + caller. But if verbose=TRUE, log it here as well to make + sure that the error is always logged. */ + i_debug("%sSSL error: %s", ssl_io->log_prefix, new_str); + } + i_free(ssl_io->last_error); + ssl_io->last_error = new_str; +} + +static void openssl_info_callback(const SSL *ssl, int where, int ret) +{ + struct ssl_iostream *ssl_io; + + ssl_io = SSL_get_ex_data(ssl, dovecot_ssl_extdata_index); + if ((where & SSL_CB_ALERT) != 0) { + switch (ret & 0xff) { + case SSL_AD_CLOSE_NOTIFY: + i_debug("%sSSL alert: %s", + ssl_io->log_prefix, + SSL_alert_desc_string_long(ret)); + break; + default: + i_debug("%sSSL alert: where=0x%x, ret=%d: %s %s", + ssl_io->log_prefix, where, ret, + SSL_alert_type_string_long(ret), + SSL_alert_desc_string_long(ret)); + break; + } + } else if (ret == 0) { + i_debug("%sSSL failed: where=0x%x: %s", + ssl_io->log_prefix, where, SSL_state_string_long(ssl)); + } else { + i_debug("%sSSL: where=0x%x, ret=%d: %s", + ssl_io->log_prefix, where, ret, + SSL_state_string_long(ssl)); + } +} + +static int +openssl_iostream_use_certificate(struct ssl_iostream *ssl_io, const char *cert, + const char **error_r) +{ + BIO *in; + X509 *x; + int ret = 0; + + in = BIO_new_mem_buf(t_strdup_noconst(cert), strlen(cert)); + if (in == NULL) { + *error_r = t_strdup_printf("BIO_new_mem_buf() failed: %s", + openssl_iostream_error()); + return -1; + } + + x = PEM_read_bio_X509(in, NULL, NULL, NULL); + if (x != NULL) { + ret = SSL_use_certificate(ssl_io->ssl, x); + if (ERR_peek_error() != 0) + ret = 0; + X509_free(x); + } + BIO_free(in); + + if (ret == 0) { + *error_r = t_strdup_printf("Can't load ssl_cert: %s", + openssl_iostream_use_certificate_error(cert, NULL)); + return -1; + } + return 0; +} + +static int +openssl_iostream_use_key(struct ssl_iostream *ssl_io, const char *set_name, + const struct ssl_iostream_cert *set, + const char **error_r) +{ + EVP_PKEY *pkey; + int ret = 0; + + if (openssl_iostream_load_key(set, set_name, &pkey, error_r) < 0) + return -1; + if (SSL_use_PrivateKey(ssl_io->ssl, pkey) != 1) { + *error_r = t_strdup_printf( + "Can't load SSL private key (%s setting): %s", + set_name, openssl_iostream_key_load_error()); + ret = -1; + } + EVP_PKEY_free(pkey); + return ret; +} + +static int +openssl_iostream_verify_client_cert(int preverify_ok, X509_STORE_CTX *ctx) +{ + int ssl_extidx = SSL_get_ex_data_X509_STORE_CTX_idx(); + SSL *ssl; + struct ssl_iostream *ssl_io; + char certname[1024]; + X509_NAME *subject; + + ssl = X509_STORE_CTX_get_ex_data(ctx, ssl_extidx); + ssl_io = SSL_get_ex_data(ssl, dovecot_ssl_extdata_index); + ssl_io->cert_received = TRUE; + + subject = X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)); + if (subject == NULL || + X509_NAME_oneline(subject, certname, sizeof(certname)) == NULL) + certname[0] = '\0'; + else + certname[sizeof(certname)-1] = '\0'; /* just in case.. */ + if (preverify_ok == 0) { + openssl_iostream_set_error(ssl_io, t_strdup_printf( + "Received invalid SSL certificate: %s: %s (check %s)", + X509_verify_cert_error_string(X509_STORE_CTX_get_error(ctx)), certname, + ssl_io->ctx->client_ctx ? + "ssl_client_ca_* settings?" : + "ssl_ca setting?")); + if (ssl_io->verbose_invalid_cert) + i_info("%s", ssl_io->last_error); + } else if (ssl_io->verbose) { + i_info("Received valid SSL certificate: %s", certname); + } + if (preverify_ok == 0) { + ssl_io->cert_broken = TRUE; + if (!ssl_io->allow_invalid_cert) { + ssl_io->handshake_failed = TRUE; + return 0; + } + } + return 1; +} + +static int +openssl_iostream_set(struct ssl_iostream *ssl_io, + const struct ssl_iostream_settings *set, + const char **error_r) +{ + const struct ssl_iostream_settings *ctx_set = &ssl_io->ctx->set; + int verify_flags; + + if (set->verbose) + SSL_set_info_callback(ssl_io->ssl, openssl_info_callback); + + if (set->cipher_list != NULL && + strcmp(ctx_set->cipher_list, set->cipher_list) != 0) { + if (SSL_set_cipher_list(ssl_io->ssl, set->cipher_list) == 0) { + *error_r = t_strdup_printf( + "Can't set cipher list to '%s': %s", + set->cipher_list, openssl_iostream_error()); + return -1; + } + } +#ifdef HAVE_SSL_CTX_SET1_CURVES_LIST + if (set->curve_list != NULL && strlen(set->curve_list) > 0 && + (ctx_set->curve_list == NULL || strcmp(ctx_set->curve_list, set->curve_list) != 0)) { + if (SSL_set1_curves_list(ssl_io->ssl, set->curve_list) == 0) { + *error_r = t_strdup_printf( + "Failed to set curve list to '%s'", + set->curve_list); + return -1; + } + } +#endif +#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES + if (set->ciphersuites != NULL && + strcmp(ctx_set->ciphersuites, set->ciphersuites) != 0) { + if (SSL_set_ciphersuites(ssl_io->ssl, set->ciphersuites) == 0) { + *error_r = t_strdup_printf( + "Can't set ciphersuites to '%s': %s", + set->ciphersuites, openssl_iostream_error()); + return -1; + } + } +#endif + if (set->prefer_server_ciphers) + SSL_set_options(ssl_io->ssl, SSL_OP_CIPHER_SERVER_PREFERENCE); + if (set->min_protocol != NULL) { +#if defined(HAVE_SSL_CLEAR_OPTIONS) + SSL_clear_options(ssl_io->ssl, OPENSSL_ALL_PROTOCOL_OPTIONS); +#endif + long opts; + int min_protocol; + if (openssl_min_protocol_to_options(set->min_protocol, &opts, + &min_protocol) < 0) { + *error_r = t_strdup_printf( + "Unknown ssl_min_protocol setting '%s'", + set->min_protocol); + return -1; + } +#ifdef HAVE_SSL_CTX_SET_MIN_PROTO_VERSION + SSL_set_min_proto_version(ssl_io->ssl, min_protocol); +#else + SSL_set_options(ssl_io->ssl, opts); +#endif + } + + if (set->cert.cert != NULL && strcmp(ctx_set->cert.cert, set->cert.cert) != 0) { + if (openssl_iostream_use_certificate(ssl_io, set->cert.cert, error_r) < 0) + return -1; + } + if (set->cert.key != NULL && strcmp(ctx_set->cert.key, set->cert.key) != 0) { + if (openssl_iostream_use_key(ssl_io, "ssl_key", &set->cert, error_r) < 0) + return -1; + } + if (set->alt_cert.cert != NULL && strcmp(ctx_set->alt_cert.cert, set->alt_cert.cert) != 0) { + if (openssl_iostream_use_certificate(ssl_io, set->alt_cert.cert, error_r) < 0) + return -1; + } + if (set->alt_cert.key != NULL && strcmp(ctx_set->alt_cert.key, set->alt_cert.key) != 0) { + if (openssl_iostream_use_key(ssl_io, "ssl_alt_key", &set->alt_cert, error_r) < 0) + return -1; + } + if (set->verify_remote_cert) { + if (ssl_io->ctx->client_ctx) + verify_flags = SSL_VERIFY_NONE; + else + verify_flags = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; + SSL_set_verify(ssl_io->ssl, verify_flags, + openssl_iostream_verify_client_cert); + } + + if (set->cert_username_field != NULL) { + ssl_io->username_nid = OBJ_txt2nid(set->cert_username_field); + if (ssl_io->username_nid == NID_undef) { + *error_r = t_strdup_printf( + "Invalid cert_username_field: %s", + set->cert_username_field); + return -1; + } + } else { + ssl_io->username_nid = ssl_io->ctx->username_nid; + } + + ssl_io->verbose = set->verbose; + ssl_io->verbose_invalid_cert = set->verbose_invalid_cert || set->verbose; + ssl_io->allow_invalid_cert = set->allow_invalid_cert; + return 0; +} + +static int +openssl_iostream_create(struct ssl_iostream_context *ctx, const char *host, + const struct ssl_iostream_settings *set, + struct istream **input, struct ostream **output, + struct ssl_iostream **iostream_r, + const char **error_r) +{ + struct ssl_iostream *ssl_io; + SSL *ssl; + BIO *bio_int, *bio_ext; + + /* Don't allow an existing io_add_istream() to be use on the input. + It would seem to work, but it would also cause hangs. */ + i_assert(i_stream_get_root_io(*input)->real_stream->io == NULL); + + ssl = SSL_new(ctx->ssl_ctx); + if (ssl == NULL) { + *error_r = t_strdup_printf("SSL_new() failed: %s", + openssl_iostream_error()); + return -1; + } + + /* BIO pairs use default buffer sizes (17 kB in OpenSSL 0.9.8e). + Each of the BIOs have one "write buffer". BIO_write() copies data + to them, while BIO_read() reads from the other BIO's write buffer + into the given buffer. The bio_int is used by OpenSSL and bio_ext + is used by this library. */ + if (BIO_new_bio_pair(&bio_int, 0, &bio_ext, 0) != 1) { + *error_r = t_strdup_printf("BIO_new_bio_pair() failed: %s", + openssl_iostream_error()); + SSL_free(ssl); + return -1; + } + + ssl_io = i_new(struct ssl_iostream, 1); + ssl_io->refcount = 1; + ssl_io->ctx = ctx; + ssl_iostream_context_ref(ssl_io->ctx); + ssl_io->ssl = ssl; + ssl_io->bio_ext = bio_ext; + ssl_io->plain_input = *input; + ssl_io->plain_output = *output; + ssl_io->connected_host = i_strdup(host); + ssl_io->log_prefix = host == NULL ? i_strdup("") : + i_strdup_printf("%s: ", host); + /* bio_int will be freed by SSL_free() */ + SSL_set_bio(ssl_io->ssl, bio_int, bio_int); + SSL_set_ex_data(ssl_io->ssl, dovecot_ssl_extdata_index, ssl_io); +#ifdef HAVE_SSL_GET_SERVERNAME + SSL_set_tlsext_host_name(ssl_io->ssl, host); +#endif + + if (openssl_iostream_set(ssl_io, set, error_r) < 0) { + openssl_iostream_free(ssl_io); + return -1; + } + + o_stream_uncork(ssl_io->plain_output); + + *input = openssl_i_stream_create_ssl(ssl_io); + ssl_io->ssl_input = *input; + + *output = openssl_o_stream_create_ssl(ssl_io); + i_stream_set_name(*input, t_strconcat("SSL ", + i_stream_get_name(ssl_io->plain_input), NULL)); + o_stream_set_name(*output, t_strconcat("SSL ", + o_stream_get_name(ssl_io->plain_output), NULL)); + + if (ssl_io->plain_output->real_stream->error_handling_disabled) + o_stream_set_no_error_handling(*output, TRUE); + + ssl_io->ssl_output = *output; + *iostream_r = ssl_io; + return 0; +} + +static void openssl_iostream_free(struct ssl_iostream *ssl_io) +{ + ssl_iostream_context_unref(&ssl_io->ctx); + o_stream_unref(&ssl_io->plain_output); + i_stream_unref(&ssl_io->plain_input); + BIO_free(ssl_io->bio_ext); + SSL_free(ssl_io->ssl); + i_free(ssl_io->plain_stream_errstr); + i_free(ssl_io->last_error); + i_free(ssl_io->connected_host); + i_free(ssl_io->sni_host); + i_free(ssl_io->log_prefix); + i_free(ssl_io); +} + +static void openssl_iostream_unref(struct ssl_iostream *ssl_io) +{ + i_assert(ssl_io->refcount > 0); + if (--ssl_io->refcount > 0) + return; + + openssl_iostream_free(ssl_io); +} + +void openssl_iostream_shutdown(struct ssl_iostream *ssl_io) +{ + if (ssl_io->destroyed) + return; + + i_assert(ssl_io->ssl_input != NULL); + i_assert(ssl_io->ssl_output != NULL); + + ssl_io->destroyed = TRUE; + if (ssl_io->handshaked && SSL_shutdown(ssl_io->ssl) != 1) { + /* if bidirectional shutdown fails we need to clear + the error queue */ + openssl_iostream_clear_errors(); + } + if (ssl_io->handshaked) { + (void)openssl_iostream_bio_sync(ssl_io, + OPENSSL_IOSTREAM_SYNC_TYPE_WRITE); + } + (void)o_stream_flush(ssl_io->plain_output); + /* close the plain i/o streams, because their fd may be closed soon, + but we may still keep this ssl-iostream referenced until later. */ + i_stream_close(ssl_io->plain_input); + o_stream_close(ssl_io->plain_output); +} + +static void openssl_iostream_destroy(struct ssl_iostream *ssl_io) +{ + openssl_iostream_shutdown(ssl_io); + ssl_iostream_unref(&ssl_io); +} + +static int openssl_iostream_bio_output_real(struct ssl_iostream *ssl_io) +{ + size_t bytes, max_bytes = 0; + ssize_t sent; + unsigned char buffer[IO_BLOCK_SIZE]; + int result = 0; + int ret; + + o_stream_cork(ssl_io->plain_output); + while ((bytes = BIO_ctrl_pending(ssl_io->bio_ext)) > 0) { + /* bytes contains how many SSL encrypted bytes we should be + sending out */ + max_bytes = o_stream_get_buffer_avail_size(ssl_io->plain_output); + if (bytes > max_bytes) { + if (max_bytes == 0) { + /* wait until output buffer clears */ + break; + } + bytes = max_bytes; + } + if (bytes > sizeof(buffer)) + bytes = sizeof(buffer); + + /* BIO_read() is guaranteed to return all the bytes that + BIO_ctrl_pending() returned */ + ret = BIO_read(ssl_io->bio_ext, buffer, bytes); + i_assert(ret == (int)bytes); + + /* we limited number of read bytes to plain_output's + available size. this send() is guaranteed to either + fully succeed or completely fail due to some error. */ + sent = o_stream_send(ssl_io->plain_output, buffer, bytes); + if (sent < 0) { + o_stream_uncork(ssl_io->plain_output); + return -1; + } + i_assert(sent == (ssize_t)bytes); + result = 1; + } + + ret = o_stream_uncork_flush(ssl_io->plain_output); + if (ret < 0) + return -1; + if (ret == 0 || (bytes > 0 && max_bytes == 0)) + o_stream_set_flush_pending(ssl_io->plain_output, TRUE); + + return result; +} + +static int openssl_iostream_bio_output(struct ssl_iostream *ssl_io) +{ + int ret; + + ret = openssl_iostream_bio_output_real(ssl_io); + if (ret < 0) { + i_assert(ssl_io->plain_output->stream_errno != 0); + i_free(ssl_io->plain_stream_errstr); + ssl_io->plain_stream_errstr = + i_strdup(o_stream_get_error(ssl_io->plain_output)); + ssl_io->plain_stream_errno = + ssl_io->plain_output->stream_errno; + ssl_io->closed = TRUE; + } + return ret; +} + +static ssize_t +openssl_iostream_read_more(struct ssl_iostream *ssl_io, + enum openssl_iostream_sync_type type, size_t wanted, + const unsigned char **data_r, size_t *size_r) +{ + *data_r = i_stream_get_data(ssl_io->plain_input, size_r); + if (*size_r > 0) + return 0; + + if (type == OPENSSL_IOSTREAM_SYNC_TYPE_CONTINUE_READ) { + /* only the first i_stream_read() call attempts to read more + input. the following reads will just process the buffered + data. */ + return 0; + } + + if (i_stream_read_limited(ssl_io->plain_input, data_r, size_r, + wanted) < 0) + return -1; + return 0; +} + +static int +openssl_iostream_bio_input(struct ssl_iostream *ssl_io, + enum openssl_iostream_sync_type type) +{ + const unsigned char *data; + size_t bytes, size; + int ret; + bool bytes_read = FALSE; + + while ((bytes = BIO_ctrl_get_write_guarantee(ssl_io->bio_ext)) > 0) { + /* bytes contains how many bytes we can write to bio_ext */ + ret = openssl_iostream_read_more(ssl_io, type, bytes, + &data, &size); + if (ret == -1 && size == 0 && !bytes_read) { + if (ssl_io->plain_input->stream_errno != 0) { + i_free(ssl_io->plain_stream_errstr); + ssl_io->plain_stream_errstr = + i_strdup(i_stream_get_error(ssl_io->plain_input)); + ssl_io->plain_stream_errno = + ssl_io->plain_input->stream_errno; + } + ssl_io->closed = TRUE; + return -1; + } + if (size == 0) { + /* wait for more input */ + break; + } + if (size > bytes) + size = bytes; + + ret = BIO_write(ssl_io->bio_ext, data, size); + i_assert(ret == (ssize_t)size); + + i_stream_skip(ssl_io->plain_input, size); + bytes_read = TRUE; + } + if (bytes == 0 && !bytes_read && ssl_io->want_read) { + /* shouldn't happen */ + i_error("SSL BIO buffer size too small"); + i_free(ssl_io->plain_stream_errstr); + ssl_io->plain_stream_errstr = + i_strdup("SSL BIO buffer size too small"); + ssl_io->plain_stream_errno = EINVAL; + ssl_io->closed = TRUE; + return -1; + } + if (bytes_read) { + if (ssl_io->ostream_flush_waiting_input) { + ssl_io->ostream_flush_waiting_input = FALSE; + o_stream_set_flush_pending(ssl_io->plain_output, TRUE); + } + } + if (bytes_read || i_stream_get_data_size(ssl_io->plain_input) > 0) { + if (i_stream_get_data_size(ssl_io->plain_input) > 0 || + (type != OPENSSL_IOSTREAM_SYNC_TYPE_FIRST_READ && + type != OPENSSL_IOSTREAM_SYNC_TYPE_CONTINUE_READ)) + i_stream_set_input_pending(ssl_io->ssl_input, TRUE); + ssl_io->want_read = FALSE; + } + return (bytes_read ? 1 : 0); +} + +int openssl_iostream_bio_sync(struct ssl_iostream *ssl_io, + enum openssl_iostream_sync_type type) +{ + int ret; + + i_assert(type != OPENSSL_IOSTREAM_SYNC_TYPE_NONE); + + ret = openssl_iostream_bio_output(ssl_io); + if (ret >= 0 && openssl_iostream_bio_input(ssl_io, type) > 0) + ret = 1; + return ret; +} + +static void openssl_iostream_closed(struct ssl_iostream *ssl_io) +{ + if (ssl_io->plain_stream_errno != 0) { + i_assert(ssl_io->plain_stream_errstr != NULL); + openssl_iostream_set_error(ssl_io, ssl_io->plain_stream_errstr); + errno = ssl_io->plain_stream_errno; + } else { + openssl_iostream_set_error(ssl_io, "Connection closed"); + errno = EPIPE; + } +} + +int openssl_iostream_handle_error(struct ssl_iostream *ssl_io, int ret, + enum openssl_iostream_sync_type type, + const char *func_name) +{ + const char *errstr = NULL; + int err; + + err = SSL_get_error(ssl_io->ssl, ret); + switch (err) { + case SSL_ERROR_WANT_WRITE: + if (type != OPENSSL_IOSTREAM_SYNC_TYPE_NONE && + openssl_iostream_bio_sync(ssl_io, type) == 0) { + if (type != OPENSSL_IOSTREAM_SYNC_TYPE_WRITE) + i_panic("SSL ostream buffer size not unlimited"); + return 0; + } + if (ssl_io->closed) { + openssl_iostream_closed(ssl_io); + return -1; + } + if (type == OPENSSL_IOSTREAM_SYNC_TYPE_NONE) + return 0; + return 1; + case SSL_ERROR_WANT_READ: + ssl_io->want_read = TRUE; + if (type != OPENSSL_IOSTREAM_SYNC_TYPE_NONE) + (void)openssl_iostream_bio_sync(ssl_io, type); + if (ssl_io->closed) { + openssl_iostream_closed(ssl_io); + return -1; + } + if (type == OPENSSL_IOSTREAM_SYNC_TYPE_NONE) + return 0; + return ssl_io->want_read ? 0 : 1; + case SSL_ERROR_SYSCALL: + /* eat up the error queue */ + if (ERR_peek_error() != 0) { + errstr = openssl_iostream_error(); + errno = EINVAL; + } else if (ret == 0) { + /* EOF. */ + errno = EPIPE; + errstr = "Disconnected"; + break; + } else if (errno != 0) { + errstr = strerror(errno); + } else { + /* Seen this at least with v1.1.0l SSL_accept() */ + errstr = "OpenSSL BUG: errno=0"; + errno = EINVAL; + } + errstr = t_strdup_printf("%s syscall failed: %s", + func_name, errstr); + break; + case SSL_ERROR_ZERO_RETURN: + /* clean connection closing */ + errno = EPIPE; + if (ssl_io->handshaked) + i_free_and_null(ssl_io->last_error); + else if (ssl_io->last_error == NULL) { + errstr = "SSL connection closed during handshake"; + break; + } + return -1; + case SSL_ERROR_SSL: + errstr = t_strdup_printf("%s failed: %s", + func_name, openssl_iostream_error()); + errno = EINVAL; + break; + default: + errstr = t_strdup_printf("%s failed: unknown failure %d (%s)", + func_name, err, + openssl_iostream_error()); + errno = EINVAL; + break; + } + + openssl_iostream_set_error(ssl_io, errstr); + return -1; +} + +static bool +openssl_iostream_cert_match_name(struct ssl_iostream *ssl_io, + const char *verify_name, const char **reason_r) +{ + if (!ssl_iostream_has_valid_client_cert(ssl_io)) { + *reason_r = "Invalid certificate"; + return FALSE; + } + + return openssl_cert_match_name(ssl_io->ssl, verify_name, reason_r); +} + +static int openssl_iostream_handshake(struct ssl_iostream *ssl_io) +{ + const char *reason, *error = NULL; + int ret; + + i_assert(!ssl_io->handshaked); + + /* we are being destroyed, so do not do any more handshaking */ + if (ssl_io->destroyed) + return 0; + + if (ssl_io->ctx->client_ctx) { + while ((ret = SSL_connect(ssl_io->ssl)) <= 0) { + ret = openssl_iostream_handle_error(ssl_io, ret, + OPENSSL_IOSTREAM_SYNC_TYPE_HANDSHAKE, "SSL_connect()"); + if (ret <= 0) + return ret; + } + } else { + while ((ret = SSL_accept(ssl_io->ssl)) <= 0) { + ret = openssl_iostream_handle_error(ssl_io, ret, + OPENSSL_IOSTREAM_SYNC_TYPE_HANDSHAKE, "SSL_accept()"); + if (ret <= 0) + return ret; + } + } + /* handshake finished */ + (void)openssl_iostream_bio_sync(ssl_io, OPENSSL_IOSTREAM_SYNC_TYPE_HANDSHAKE); + + if (ssl_io->handshake_callback != NULL) { + if (ssl_io->handshake_callback(&error, ssl_io->handshake_context) < 0) { + i_assert(error != NULL); + openssl_iostream_set_error(ssl_io, error); + ssl_io->handshake_failed = TRUE; + } + } else if (ssl_io->connected_host != NULL && !ssl_io->handshake_failed && + !ssl_io->allow_invalid_cert) { + if (ssl_iostream_check_cert_validity(ssl_io, ssl_io->connected_host, &reason) < 0) { + openssl_iostream_set_error(ssl_io, reason); + ssl_io->handshake_failed = TRUE; + } + } + if (ssl_io->handshake_failed) { + i_stream_close(ssl_io->plain_input); + o_stream_close(ssl_io->plain_output); + errno = EINVAL; + return -1; + } + i_free_and_null(ssl_io->last_error); + ssl_io->handshaked = TRUE; + + if (ssl_io->ssl_output != NULL) + (void)o_stream_flush(ssl_io->ssl_output); + return 1; +} + +static void +openssl_iostream_set_handshake_callback(struct ssl_iostream *ssl_io, + ssl_iostream_handshake_callback_t *callback, + void *context) +{ + ssl_io->handshake_callback = callback; + ssl_io->handshake_context = context; +} + +static void +openssl_iostream_set_sni_callback(struct ssl_iostream *ssl_io, + ssl_iostream_sni_callback_t *callback, + void *context) +{ + ssl_io->sni_callback = callback; + ssl_io->sni_context = context; +} + +static void +openssl_iostream_change_context(struct ssl_iostream *ssl_io, + struct ssl_iostream_context *ctx) +{ + if (ctx != ssl_io->ctx) { + SSL_set_SSL_CTX(ssl_io->ssl, ctx->ssl_ctx); + ssl_iostream_context_ref(ctx); + ssl_iostream_context_unref(&ssl_io->ctx); + ssl_io->ctx = ctx; + } +} + +static void openssl_iostream_set_log_prefix(struct ssl_iostream *ssl_io, + const char *prefix) +{ + i_free(ssl_io->log_prefix); + ssl_io->log_prefix = i_strdup(prefix); +} + +static bool openssl_iostream_is_handshaked(const struct ssl_iostream *ssl_io) +{ + return ssl_io->handshaked; +} + +static bool +openssl_iostream_has_handshake_failed(const struct ssl_iostream *ssl_io) +{ + return ssl_io->handshake_failed; +} + +static bool +openssl_iostream_has_valid_client_cert(const struct ssl_iostream *ssl_io) +{ + return ssl_io->cert_received && !ssl_io->cert_broken; +} + +static bool +openssl_iostream_has_broken_client_cert(struct ssl_iostream *ssl_io) +{ + return ssl_io->cert_received && ssl_io->cert_broken; +} + +static const char * +openssl_iostream_get_peer_name(struct ssl_iostream *ssl_io) +{ + X509 *x509; + char *name; + int len; + + if (!ssl_iostream_has_valid_client_cert(ssl_io)) + return NULL; + + x509 = SSL_get_peer_certificate(ssl_io->ssl); + i_assert(x509 != NULL); + + len = X509_NAME_get_text_by_NID(X509_get_subject_name(x509), + ssl_io->username_nid, NULL, 0); + if (len < 0) + name = ""; + else { + name = t_malloc0(len + 1); + if (X509_NAME_get_text_by_NID(X509_get_subject_name(x509), + ssl_io->username_nid, + name, len + 1) < 0) + name = ""; + else if (strlen(name) != (size_t)len) { + /* NUL characters in name. Someone's trying to fake + being another user? Don't allow it. */ + name = ""; + } + } + X509_free(x509); + + return *name == '\0' ? NULL : name; +} + +static const char *openssl_iostream_get_server_name(struct ssl_iostream *ssl_io) +{ + return ssl_io->sni_host; +} + +static const char * +openssl_iostream_get_compression(struct ssl_iostream *ssl_io) +{ +#if defined(HAVE_SSL_COMPRESSION) && !defined(OPENSSL_NO_COMP) + const COMP_METHOD *comp; + + comp = SSL_get_current_compression(ssl_io->ssl); + return comp == NULL ? NULL : SSL_COMP_get_name(comp); +#else + return NULL; +#endif +} + +static const char * +openssl_iostream_get_security_string(struct ssl_iostream *ssl_io) +{ + const SSL_CIPHER *cipher; +#if defined(HAVE_SSL_COMPRESSION) && !defined(OPENSSL_NO_COMP) + const COMP_METHOD *comp; +#endif + const char *comp_str; + int bits, alg_bits; + + if (!ssl_io->handshaked) + return ""; + + cipher = SSL_get_current_cipher(ssl_io->ssl); + bits = SSL_CIPHER_get_bits(cipher, &alg_bits); +#if defined(HAVE_SSL_COMPRESSION) && !defined(OPENSSL_NO_COMP) + comp = SSL_get_current_compression(ssl_io->ssl); + comp_str = comp == NULL ? "" : + t_strconcat(" ", SSL_COMP_get_name(comp), NULL); +#else + comp_str = ""; +#endif + return t_strdup_printf("%s with cipher %s (%d/%d bits)%s", + SSL_get_version(ssl_io->ssl), + SSL_CIPHER_get_name(cipher), + bits, alg_bits, comp_str); +} + +static const char * +openssl_iostream_get_last_error(struct ssl_iostream *ssl_io) +{ + return ssl_io->last_error; +} + +static const char * +openssl_iostream_get_cipher(struct ssl_iostream *ssl_io, unsigned int *bits_r) +{ + if (!ssl_io->handshaked) + return NULL; + + const SSL_CIPHER *cipher = SSL_get_current_cipher(ssl_io->ssl); + *bits_r = SSL_CIPHER_get_bits(cipher, NULL); + return SSL_CIPHER_get_name(cipher); +} + +static const char * +openssl_iostream_get_pfs(struct ssl_iostream *ssl_io) +{ + if (!ssl_io->handshaked) + return NULL; + + const SSL_CIPHER *cipher = SSL_get_current_cipher(ssl_io->ssl); +#if defined(HAVE_SSL_CIPHER_get_kx_nid) + int nid = SSL_CIPHER_get_kx_nid(cipher); + return OBJ_nid2sn(nid); +#else + char buf[128]; + const char *desc, *ptr; + if ((desc = SSL_CIPHER_description(cipher, buf, sizeof(buf)))==NULL || + (ptr = strstr(desc, "Kx=")) == NULL) + return ""; + return t_strcut(ptr+3, ' '); +#endif +} + +static const char * +openssl_iostream_get_protocol_name(struct ssl_iostream *ssl_io) +{ + if (!ssl_io->handshaked) + return NULL; + return SSL_get_version(ssl_io->ssl); +} + + +static const struct iostream_ssl_vfuncs ssl_vfuncs = { + .global_init = openssl_iostream_global_init, + .context_init_client = openssl_iostream_context_init_client, + .context_init_server = openssl_iostream_context_init_server, + .context_ref = openssl_iostream_context_ref, + .context_unref = openssl_iostream_context_unref, + + .create = openssl_iostream_create, + .unref = openssl_iostream_unref, + .destroy = openssl_iostream_destroy, + + .handshake = openssl_iostream_handshake, + .set_handshake_callback = openssl_iostream_set_handshake_callback, + .set_sni_callback = openssl_iostream_set_sni_callback, + .change_context = openssl_iostream_change_context, + + .set_log_prefix = openssl_iostream_set_log_prefix, + .is_handshaked = openssl_iostream_is_handshaked, + .has_handshake_failed = openssl_iostream_has_handshake_failed, + .has_valid_client_cert = openssl_iostream_has_valid_client_cert, + .has_broken_client_cert = openssl_iostream_has_broken_client_cert, + .cert_match_name = openssl_iostream_cert_match_name, + .get_peer_name = openssl_iostream_get_peer_name, + .get_server_name = openssl_iostream_get_server_name, + .get_compression = openssl_iostream_get_compression, + .get_security_string = openssl_iostream_get_security_string, + .get_last_error = openssl_iostream_get_last_error, + .get_cipher = openssl_iostream_get_cipher, + .get_pfs = openssl_iostream_get_pfs, + .get_protocol_name = openssl_iostream_get_protocol_name, +}; + +void ssl_iostream_openssl_init(void) +{ + unsigned char buf; + if (RAND_bytes(&buf, 1) < 1) + i_fatal("OpenSSL RNG failed to initialize"); + iostream_ssl_module_init(&ssl_vfuncs); +} + +void ssl_iostream_openssl_deinit(void) +{ + openssl_iostream_global_deinit(); +} |