1N/A * Copyright (c) 2000-2006, 2008, 2009, 2011 Sendmail, Inc. and its suppliers. 1N/A * All rights reserved. 1N/A * By using this file, you agree to the terms and conditions set 1N/A * forth in the LICENSE file which can be found at the top level of 1N/A * the sendmail distribution. 1N/A#
endif /* ! HASURANDOMDEV */ 1N/A#
endif /* !TLS_NO_RSA */ 1N/A#
else /* !defined() || OPENSSL_VERSION_NUMBER < 0x00907000L */ 1N/A#
endif /* !defined() || OPENSSL_VERSION_NUMBER < 0x00907000L */ 1N/A#
endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */ 1N/A#
else /* !defined() || OPENSSL_VERSION_NUMBER < 0x00907000L */ 1N/A#
endif /* !defined() || OPENSSL_VERSION_NUMBER < 0x00907000L */ 1N/A 0xDA,
0x58,
0x3C,
0x16,
0xD9,
0x85,
0x22,
0x89,
0xD0,
0xE4,
0xAF,
0x75,
1N/A 0x6F,
0x4C,
0xCA,
0x92,
0xDD,
0x4B,
0xE5,
0x33,
0xB8,
0x04,
0xFB,
0x0F,
1N/A 0xED,
0x94,
0xEF,
0x9C,
0x8A,
0x44,
0x03,
0xED,
0x57,
0x46,
0x50,
0xD3,
1N/A 0x69,
0x99,
0xDB,
0x29,
0xD7,
0x76,
0x27,
0x6B,
0xA2,
0xD3,
0xD4,
0x12,
1N/A 0xE2,
0x18,
0xF4,
0xDD,
0x1E,
0x08,
0x4C,
0xF6,
0xD8,
0x00,
0x3E,
0x7C,
1N/A** TLS_RAND_INIT -- initialize STARTTLS random generator 1N/A** randfile -- name of file with random data 1N/A** initializes PRNG for tls library. 1N/A#
define RF_MISS 1 /* randfile == NULL || *randfile == '\0' */ 1N/A /* not required if /dev/urandom exists, OpenSSL does it internally */ 1N/A /* did we try this before? if yes: return old value */ 1N/A /* set default values */ 1N/A "STARTTLS: RAND_egd(%s) failed: random number generator not seeded",
1N/A "STARTTLS: can't fstat(%s)",
1N/A /* max. age of file: 10 minutes */ 1N/A "STARTTLS: RandFile %s too old: %s",
1N/A "STARTTLS: size(%s) < %d: %s",
1N/A "STARTTLS: RAND_load_file(%s) failed: random number generator not seeded",
1N/A /* add this even if fstat() failed */ 1N/A "STARTTLS: Warning: safeopen(%s) failed",
1N/A "STARTTLS: Error: no proper random file definition %s",
1N/A "STARTTLS: Error: missing random file definition");
1N/A /* assert((MIN_RAND_BYTES % sizeof(long)) == 0); */ 1N/A for (i = 0; i <=
sizeof(
buf) -
sizeof(
long); i +=
sizeof(
long))
1N/A "STARTTLS: Warning: random number generator not properly seeded");
1N/A#
else /* ! HASURANDOMDEV */ 1N/A#
endif /* ! HASURANDOMDEV */ 1N/A** INIT_TLS_LIBRARY -- Calls functions which setup TLS library for global use. 1N/A /* basic TLS initialization, ignore result for now */ 1N/A /* this is currently a macro for SSL_library_init */ 1N/A** TLS_SET_VERIFY -- request client certificate? 1N/A** ctx -- TLS context 1N/A** ssl -- TLS structure 1N/A** vrfy -- require certificate? 1N/A** Sets verification state for TLS 1N/A# if TLS_VRFY_PER_CTX 1N/A** This is per TLS context, not per TLS structure; 1N/A** the former is global, the latter per connection. 1N/A** It would be nice to do this per connection, but this 1N/A** doesn't work in the current TLS libraries :-( 1N/A# endif * TLS_VRFY_PER_CTX * 1N/A#
else /* !TLS_VRFY_PER_CTX */ 1N/A#
endif /* !TLS_VRFY_PER_CTX */ 1N/A** status in initialization 1N/A** these flags keep track of the status of the initialization 1N/A** i.e., whether a file exists (_EX) and whether it can be used (_OK) 1N/A** [due to permissions] 1N/A#
endif /* _FFR_TLS_1 */ 1N/A/* Type of variable */ 1N/A** TLS_OK_F -- can var be an absolute filename? 1N/A** fn -- what is the filename used for? 1N/A** type -- type of variable 1N/A /* must be absolute pathname */ 1N/A** TLS_SAFE_F -- is a file safe to use? 1N/A** sff -- flags for safefile() 1N/A** srv -- server side? 1N/A** TLS_OK_F -- macro to simplify calls to tls_ok_f 1N/A** fn -- what is the filename used for? 1N/A** req -- is the file required? 1N/A** st -- status bit to set if ok 1N/A** type -- type of variable 1N/A** uses r, ok; may change ok and status. 1N/A** TLS_UNR -- macro to return whether a file should be unreadable 1N/A** bit -- flag to test 1N/A** TLS_SAFE_F -- macro to simplify calls to tls_safe_f 1N/A** sff -- flags for safefile() 1N/A** req -- is the file required? 1N/A** ex -- does the file exist? 1N/A** st -- status bit to set if ok 1N/A** srv -- server side? 1N/A** uses r, ok, ex; may change ok and status. 1N/A** INITTLS -- initialize TLS 1N/A** ctx -- pointer to context 1N/A** options -- options 1N/A** srv -- server side? 1N/A** certfile -- filename of certificate 1N/A** keyfile -- filename of private key 1N/A** cacertpath -- path to CAs 1N/A** cacertfile -- file with CA(s) 1N/A** dhparam -- parameters for DH 1N/A** The session_id_context identifies the service that created a session. 1N/A** This information is used to distinguish between multiple TLS-based 1N/A** servers running on the same server. We use the name of the mail system. 1N/A** Note: the session cache is not persistent. 1N/A/* 0.9.8a and b have a problem with SSL_OP_TLS_BLOCK_PADDING_BUG */ 1N/A#
endif /* _FFR_TLS_1 */ 1N/A#
endif /* SM_CONF_SHM */ 1N/A#
endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */ 1N/A /* already initialized? (we could re-init...) */ 1N/A ** look for a second filename: it must be separated by a ',' 1N/A ** no blanks allowed (they won't be skipped). 1N/A ** we change a global variable here! this change will be undone 1N/A ** before return from the function but only if it returns true. 1N/A ** this isn't a problem since in a failure case this function 1N/A ** won't be called again with the same (overwritten) values. 1N/A ** otherwise each return must be replaced with a goto endinittls. 1N/A#
endif /* _FFR_TLS_1 */ 1N/A#
endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */ 1N/A ** if the second file is specified it must exist 1N/A ** XXX: it is possible here to define only one of those files 1N/A#
endif /* _FFR_TLS_1 */ 1N/A ** valid values for dhparam are (only the first char is checked) 1N/A ** none no parameters: don't use DH 1N/A ** 512 generate 512 bit parameters (fixed) 1N/A ** 1024 generate 1024 bit parameters 1N/A ** default is: 1024 for server, 512 for client (OK? XXX) 1N/A else if (c !=
'n' && c !=
'N' && c !=
'/')
1N/A "STARTTLS=%s, error: illegal value '%s' for DHParam",
1N/A /* certfile etc. must be "safe". */ 1N/A#
endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */ 1N/A#
endif /* _FFR_TLS_1 */ 1N/A /* create a method and a new context */ 1N/A "STARTTLS=%s, error: SSL_CTX_new(SSLv23_%s_method()) failed",
1N/A /* get a pointer to the current certificate validation store */ 1N/A "STARTTLS=%s, error: PEM_read_bio_X509_CRL(%s)=failed",
1N/A /* avoid memory leaks */ 1N/A "STARTTLS=%s, error: BIO_new=failed",
who);
1N/A "STARTTLS=%s, error: X509_STORE_add_lookup(hash)=failed",
1N/A#
endif /* _FFR_CRLPATH */ 1N/A#
endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */ 1N/A /* turn off backward compatibility, required for no-rsa */ 1N/A#
endif /* TLS_NO_RSA */ 1N/A ** Create a temporary RSA key 1N/A ** XXX Maybe we shouldn't create this always (even though it 1N/A ** is only at startup). 1N/A ** It is a time-consuming operation and it is not always necessary. 1N/A ** maybe we should do it only on demand... 1N/A#
else /* SM_CONF_SHM */ 1N/A && 0
/* no shared memory: no need to generate key now */ 1N/A#
endif /* SM_CONF_SHM */ 1N/A "STARTTLS=%s, error: RSA_generate_key failed",
1N/A#
endif /* !TLS_NO_RSA */ 1N/A ** XXX change this for DSA-only version 1N/A "STARTTLS=%s, error: SSL_CTX_use_PrivateKey_file(%s) failed",
1N/A /* get the certificate file */ 1N/A "STARTTLS=%s, error: SSL_CTX_use_certificate_file(%s) failed",
1N/A /* check the private key */ 1N/A /* Private key does not match the certificate public key */ 1N/A "STARTTLS=%s, error: SSL_CTX_check_private_key failed(%s): %d",
1N/A /* XXX this code is pretty much duplicated from above! */ 1N/A /* load private key */ 1N/A "STARTTLS=%s, error: SSL_CTX_use_PrivateKey_file(%s) failed",
1N/A /* get the certificate file */ 1N/A "STARTTLS=%s, error: SSL_CTX_use_certificate_file(%s) failed",
1N/A /* also check the private key */ 1N/A /* Private key does not match the certificate public key */ 1N/A "STARTTLS=%s, error: SSL_CTX_check_private_key 2 failed: %d",
1N/A#
endif /* _FFR_TLS_1 */ 1N/A /* SSL_CTX_set_quiet_shutdown(*ctx, 1); violation of standard? */ 1N/A ** In OpenSSL 0.9.8[ab], enabling zlib compression breaks the 1N/A ** padding bug work-around, leading to false positives and 1N/A ** failed connections. We may not interoperate with systems 1N/A ** with the bug, but this is better than breaking on all 0.9.8[ab] 1N/A ** systems that have zlib support enabled. 1N/A ** Note: this checks the runtime version of the library, not 1N/A ** just the compile time version. 1N/A /* Diffie-Hellman initialization */ 1N/A "STARTTLS=%s, error: cannot read DH parameters(%s): %s",
1N/A "STARTTLS=%s, error: BIO_new_file(%s) failed",
1N/A /* this takes a while! (7-130s on a 450MHz AMD K6-2) */ 1N/A "STARTTLS=%s, error: cannot read or set DH parameters(%s): %s",
1N/A /* important to avoid small subgroup attacks */ 1N/A "STARTTLS=%s, Diffie-Hellman init, key=%d bit (%c)",
1N/A /* XXX do we need this cache here? */ 1N/A /* load certificate locations and default CA paths */ 1N/A#
endif /* !TLS_NO_RSA */ 1N/A ** We have to install our own verify callback: 1N/A ** SSL_VERIFY_PEER requests a client cert but even 1N/A ** though *FAIL_IF* isn't set, the connection 1N/A ** will be aborted if the client presents a cert 1N/A ** that is not "liked" (can't be verified?) by 1N/A ** the TLS library :-( 1N/A ** XXX currently we could call tls_set_verify() 1N/A ** but we hope that that function will later on 1N/A ** only set the mode per connection. 1N/A /* install verify callback */ 1N/A ** can't load CA data; do we care? 1N/A ** the data is necessary to authenticate the client, 1N/A ** which in turn would be necessary 1N/A ** if we want to allow relaying based on it. 1N/A "STARTTLS=%s, error: load verify locs %s, %s failed: %d",
1N/A /* XXX: make this dependent on an option? */ 1N/A /* install our own cipher list */ 1N/A "STARTTLS=%s, error: SSL_CTX_set_cipher_list(%s) failed, list ignored",
1N/A /* failure if setting to this list is required? */ 1N/A#
endif /* _FFR_TLS_1 */ 1N/A ** this label is required if we want to have a "clean" exit 1N/A ** see the comments above at the initialization of cf2 1N/A /* undo damage to global variables */ 1N/A#
endif /* _FFR_TLS_1 */ 1N/A** TLS_GET_INFO -- get information about TLS connection 1N/A** ssl -- TLS connection structure 1N/A** srv -- server or client 1N/A** host -- hostname of other side 1N/A** mac -- macro storage 1N/A** certreq -- did we ask for a cert? 1N/A** result of authentication. 1N/A** sets macros: {cipher}, {tls_version}, {verify}, 1N/A** {cipher_bits}, {alg_bits}, {cert}, {cert_subject}, 1N/A** {cert_issuer}, {cn_subject}, {cn_issuer} 1N/A /* cast is just workaround for compiler warning */ 1N/A "STARTTLS=%s, get_verify: %ld get_peer: 0x%lx",
1N/A "STARTTLS=%s, relay=%.100s, field=%s, status=failed to extract CN", \
1N/A "STARTTLS=%s, relay=%.100s, field=%s, status=CN too long", \
1N/A "STARTTLS=%s, relay=%.100s, field=%s, status=CN contains NUL", \
1N/A for (r = 0; r < (
int) n; r++)
1N/A /* do some logging */ 1N/A /* XXX: maybe cut off ident info? */ 1N/A "STARTTLS=%s, relay=%.100s, version=%.16s, verify=%.16s, cipher=%.64s, bits=%.6s/%.6s",
1N/A ** Maybe run xuntextify on the strings? 1N/A ** That is easier to read but makes it maybe a bit 1N/A ** more complicated to figure out the right values 1N/A ** for the access map... 1N/A "STARTTLS=%s, cert-subject=%.256s, cert-issuer=%.256s, verifymsg=%s",
1N/A** ENDTLS -- shutdown secure connection 1N/A** ssl -- SSL connection information. 1N/A** success? (EX_* code) 1N/A "STARTTLS=%s, SSL_shutdown failed: %d",
1N/A ** Bug in OpenSSL (at least up to 0.9.6b): 1N/A ** From: Lutz.Jaenicke@aet.TU-Cottbus.DE 1N/A ** Message-ID: <20010723152244.A13122@serv01.aet.tu-cottbus.de> 1N/A ** To: openssl-users@openssl.org 1N/A ** Subject: Re: SSL_shutdown() woes (fwd) 1N/A ** The side sending the shutdown alert first will 1N/A ** not care about the answer of the peer but will 1N/A ** immediately return with a return value of "0" 1N/A ** the value of "0" and as the shutdown alert of the peer was 1N/A ** not received (actually, the program did not even wait for 1N/A ** the answer), an SSL_ERROR_SYSCALL is flagged, because this 1N/A ** is the default rule in case everything else does not apply. 1N/A ** For your server the problem is different, because it 1N/A ** receives the shutdown first (setting SSL_RECEIVED_SHUTDOWN), 1N/A ** then sends its response (SSL_SENT_SHUTDOWN), so for the 1N/A ** server the shutdown was successfull. 1N/A ** As is by know, you would have to call SSL_shutdown() once 1N/A ** and ignore an SSL_ERROR_SYSCALL returned. Then call 1N/A ** SSL_shutdown() again to actually get the server's response. 1N/A ** In the last discussion, Bodo Moeller concluded that a 1N/A ** rewrite of the shutdown code would be necessary, but 1N/A ** probably with another API, as the change would not be 1N/A ** compatible to the way it is now. Things do not become 1N/A ** easier as other programs do not follow the shutdown 1N/A ** guidelines anyway, so that a lot error conditions and 1N/A ** compitibility issues would have to be caught. 1N/A ** For now the recommondation is to ignore the error message. 1N/A "STARTTLS=%s, SSL_shutdown not done",
1N/A#
endif /* !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER > 0x0090602fL */ 1N/A** TMP_RSA_KEY -- return temporary RSA key 1N/A** s -- TLS connection structure 1N/A** temporary RSA key. 1N/A#
endif /* ! MAX_RSA_TMP_CNT */ 1N/A#
endif /* SM_CONF_SHM */ 1N/A "STARTTLS=server, tmp_rsa_key: RSA_generate_key failed!");
1N/A ** XXX we can't (yet) share the new key... 1N/A ** The RSA structure contains pointers hence it can't be 1N/A ** easily kept in shared memory. It must be transformed 1N/A ** into a continous memory region first, then stored, 1N/A ** and later read out again (each time re-transformed). 1N/A#
endif /* SM_CONF_SHM */ 1N/A "STARTTLS=server, tmp_rsa_key: new temp RSA key");
1N/A#
endif /* !TLS_NO_RSA */ 1N/A** APPS_SSL_INFO_CB -- info callback for TLS connections 1N/A** s -- TLS connection structure 1N/A** where -- state in handshake 1N/A** ret -- return code of last operation 1N/A "STARTTLS: info_callback where=0x%x, ret=%d",
1N/A "STARTTLS: SSL3 alert %s:%s:%s",
1N/A "STARTTLS: %s:failed in %s",
1N/A "STARTTLS: %s:error in %s",
1N/A** TLS_VERIFY_LOG -- log verify error for TLS certificates 1N/A** ctx -- x509 context 1N/A /* internal error */ 1N/A "STARTTLS: internal error: tls_verify_cb: ssl == NULL");
1N/A "STARTTLS: %s cert verify: depth=%d %s, state=%d, reason=%s",
1N/A** TLS_VERIFY_CB -- verify callback for TLS certificates 1N/A** ctx -- x509 context 1N/A** accept connection? 1N/A** currently: always yes. 1N/A#
else /* !defined() || OPENSSL_VERSION_NUMBER < 0x00907000L */ 1N/A#
endif /* !defined() || OPENSSL_VERSION_NUMBER < 0x00907000L */ 1N/A ** man SSL_CTX_set_cert_verify_callback(): 1N/A ** callback should return 1 to indicate verification success 1N/A ** and 0 to indicate verification failure. 1N/A** TLSLOGERR -- log the errors from the TLS error stack 1N/A#
define CP (
const char **)
1N/A "STARTTLS=%s: %lu:%s:%s:%d:%s",
who,
es,
1N/A** X509_VERIFY_CB -- verify callback 1N/A** ctx -- x509 context 1N/A** accept connection? 1N/A** currently: always yes. 1N/A return 1;
/* override it */ 1N/A#
endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */ 1N/A#
endif /* STARTTLS */