X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;ds=sidebyside;f=src%2Fsrc%2Ftls-gnu.c;h=b5bf17be666baa1696a8e915225afee032e44cd6;hb=f9ba5e2255cf18092750fffacb6a9603571a2be5;hp=8c8a00f72c01c5500b57ce295ef98512fe6d2acb;hpb=28646fa9c74b94722eadd7bc2d9c285245aded80;p=user%2Fhenk%2Fcode%2Fexim.git

diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 8c8a00f72..b5bf17be6 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -2,7 +2,7 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge 1995 - 2017 */
+/* Copyright (c) University of Cambridge 1995 - 2018 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 /* Copyright (c) Phil Pennock 2012 */
@@ -68,6 +68,11 @@ require current GnuTLS, then we'll drop support for the ancient libraries).
 #endif
 #if GNUTLS_VERSION_NUMBER >= 0x030000 && defined(EXPERIMENTAL_DANE)
 # define SUPPORT_DANE
+# define DANESSL_USAGE_DANE_TA 2
+# define DANESSL_USAGE_DANE_EE 3
+#endif
+#if GNUTLS_VERSION_NUMBER < 0x999999 && defined(EXPERIMENTAL_DANE)
+# define GNUTLS_BROKEN_DANE_VALIDATION
 #endif
 
 #ifndef DISABLE_OCSP
@@ -1600,24 +1605,91 @@ else
 
     dane_state_t s;
     dane_query_t r;
-    const gnutls_datum_t * certlist;
     uint lsize;
+    const gnutls_datum_t * certlist =
+      gnutls_certificate_get_peers(state->session, &lsize);
+    int usage = tls_out.tlsa_usage;
+
+# ifdef GNUTLS_BROKEN_DANE_VALIDATION
+    /* Split the TLSA records into two sets, TA and EE selectors.  Run the
+    dane-verification separately so that we know which selector verified;
+    then we know whether to do CA-chain-verification and name-verification
+    (needed for TA but not EE). */
+
+    if (usage == ((1<<DANESSL_USAGE_DANE_TA) | (1<<DANESSL_USAGE_DANE_EE)))
+    {						/* a mixed-usage bundle */
+      int i, j, nrec;
+      const char ** dd;
+      int * ddl;
+
+      for(nrec = 0; state->dane_data_len[nrec]; ) nrec++;
+      nrec++;
+
+      dd = store_get(nrec * sizeof(uschar *));
+      ddl = store_get(nrec * sizeof(int));
+      nrec--;
+
+      if ((rc = dane_state_init(&s, 0)))
+	goto tlsa_prob;
+
+      for (usage = DANESSL_USAGE_DANE_EE;
+	   usage >= DANESSL_USAGE_DANE_TA; usage--)
+	{				/* take records with this usage */
+	for (j = i = 0; i < nrec; i++)
+	  if (state->dane_data[i][0] == usage)
+	    {
+	    dd[j] = state->dane_data[i];
+	    ddl[j++] = state->dane_data_len[i];
+	    }
+	if (j)
+	  {
+	  dd[j] = NULL;
+	  ddl[j] = 0;
+
+	  if ((rc = dane_raw_tlsa(s, &r, (char * const *)dd, ddl, 1, 0)))
+	    goto tlsa_prob;
+
+	  if ((rc = dane_verify_crt_raw(s, certlist, lsize,
+			    gnutls_certificate_type_get(state->session),
+			    r, 0,
+			    usage == DANESSL_USAGE_DANE_EE
+			    ? DANE_VFLAG_ONLY_CHECK_EE_USAGE : 0,
+			    &verify)))
+	    {
+	    DEBUG(D_tls)
+	      debug_printf("TLSA record problem: %s\n", dane_strerror(rc));
+	    }
+	  else if (verify == 0)	/* verification passed */
+	    {
+	    usage = 1 << usage;
+	    break;
+	    }
+	  }
+	}
 
-    certlist = gnutls_certificate_get_peers(state->session, &lsize);
-
-    if (  (rc = dane_state_init(&s, 0))
-       || (rc = dane_raw_tlsa(s, &r, state->dane_data, state->dane_data_len,
-			      1, 0))
-       || (rc = dane_verify_crt_raw(s, certlist, lsize,
-			      gnutls_certificate_type_get(state->session),
-			      r, 0, 0, &verify))
-       )
-
+	if (rc) goto tlsa_prob;
+      }
+    else
+# endif
       {
-      *errstr = string_sprintf("TLSA record problem: %s", dane_strerror(rc));
-      goto badcert;
+      if (  (rc = dane_state_init(&s, 0))
+	 || (rc = dane_raw_tlsa(s, &r, state->dane_data, state->dane_data_len,
+			1, 0))
+	 || (rc = dane_verify_crt_raw(s, certlist, lsize,
+			gnutls_certificate_type_get(state->session),
+			r, 0, 
+# ifdef GNUTLS_BROKEN_DANE_VALIDATION
+			usage == (1 << DANESSL_USAGE_DANE_EE)
+			? DANE_VFLAG_ONLY_CHECK_EE_USAGE : 0,
+# else
+			0,
+# endif
+			&verify))
+	 )
+	goto tlsa_prob;
       }
-    if (verify != 0)
+
+    if (verify != 0)		/* verification failed */
       {
       gnutls_datum_t str;
       (void) dane_verification_status_print(verify, &str, 0);
@@ -1626,11 +1698,12 @@ else
       }
     state->peer_dane_verified = TRUE;
 
-    /* If there were only EE-mode TLSA records present, no checks on cert anchor
-    valididation or cert names are required.  For a TA record only, or a mixed
-    set, do them (we cannot tell if an EE record worked). */
+# ifdef GNUTLS_BROKEN_DANE_VALIDATION
+    /* If a TA-mode TLSA record was used for verification we must additionally
+    verify the CA chain and the cert name.  For EE-mode, skip it. */
 
-    if (!(tls_out.tlsa_usage & (1 << 2)))
+    if (usage & (1 << DANESSL_USAGE_DANE_EE))
+# endif
       {
       state->peer_cert_verified = TRUE;
       goto goodcert;
@@ -1688,6 +1761,11 @@ goodcert:
   state->tlsp->peerdn = state->peerdn;
   return TRUE;
 
+#ifdef SUPPORT_DANE
+tlsa_prob:
+  *errstr = string_sprintf("TLSA record problem: %s", dane_strerror(rc));
+#endif
+
 badcert:
   gnutls_alert_send(state->session, GNUTLS_AL_FATAL, GNUTLS_A_BAD_CERTIFICATE);
   return FALSE;
@@ -2084,7 +2162,7 @@ use in DANE verification.
 We point at the dnsa data not copy it, so it must remain valid until
 after verification is done.*/
 
-static void
+static BOOL
 dane_tlsa_load(exim_gnutls_state_st * state, dns_answer * dnsa)
 {
 dns_record * rr;
@@ -2107,17 +2185,39 @@ for (rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS), i = 0;
     ) if (rr->type == T_TLSA)
   {
   const uschar * p = rr->data;
-  uint8_t usage = *p;
+  uint8_t usage = p[0], sel = p[1], type = p[2];
+
+  DEBUG(D_tls)
+    debug_printf("TLSA: %d %d %d size %d\n", usage, sel, type, rr->size);
+
+  if (  (usage != DANESSL_USAGE_DANE_TA && usage != DANESSL_USAGE_DANE_EE)
+     || (sel != 0 && sel != 1)
+     )
+    continue;
+  switch(type)
+    {
+    case 0:	/* Full: cannot check at present */
+		break;
+    case 1:	if (rr->size != 3 + 256/8) continue;	/* sha2-256 */
+		break;
+    case 2:	if (rr->size != 3 + 512/8) continue;	/* sha2-512 */
+		break;
+    default:	continue;
+    }
 
   tls_out.tlsa_usage |= 1<<usage;
   dane_data[i] = p;
   dane_data_len[i++] = rr->size;
   }
+
+if (!i) return FALSE;
+
 dane_data[i] = NULL;
 dane_data_len[i] = 0;
 
 state->dane_data = (char * const *)dane_data;
 state->dane_data_len = dane_data_len;
+return TRUE;
 }
 #endif
 
@@ -2194,13 +2294,12 @@ set but both tls_verify_hosts and tls_try_verify_hosts are unset. Check only
 the specified host patterns if one of them is defined */
 
 #ifdef SUPPORT_DANE
-if (tlsa_dnsa)
+if (tlsa_dnsa && dane_tlsa_load(state, tlsa_dnsa))
   {
   DEBUG(D_tls)
     debug_printf("TLS: server certificate DANE required.\n");
   state->verify_requirement = VERIFY_DANE;
   gnutls_certificate_server_set_request(state->session, GNUTLS_CERT_REQUIRE);
-  dane_tlsa_load(state, tlsa_dnsa);
   }
 else
 #endif
@@ -2265,10 +2364,8 @@ DEBUG(D_tls) debug_printf("about to gnutls_handshake\n");
 sigalrm_seen = FALSE;
 alarm(ob->command_timeout);
 do
-  {
   rc = gnutls_handshake(state->session);
-  } while ((rc == GNUTLS_E_AGAIN) ||
-      (rc == GNUTLS_E_INTERRUPTED && !sigalrm_seen));
+while (rc == GNUTLS_E_AGAIN || rc == GNUTLS_E_INTERRUPTED && !sigalrm_seen);
 alarm(0);
 
 if (rc != GNUTLS_E_SUCCESS)
@@ -2384,6 +2481,7 @@ ssize_t inbytes;
 DEBUG(D_tls) debug_printf("Calling gnutls_record_recv(%p, %p, %u)\n",
   state->session, state->xfer_buffer, ssl_xfer_buffer_size);
 
+sigalrm_seen = FALSE;
 if (smtp_receive_timeout > 0) alarm(smtp_receive_timeout);
 inbytes = gnutls_record_recv(state->session, state->xfer_buffer,
   MIN(ssl_xfer_buffer_size, lim));