2 * Copyright notice from original mutt:
3 * Copyright (C) 1999-2001 Tommi Komulainen <Tommi.Komulainen@iki.fi>
5 * This file is part of mutt-ng, see http://www.muttng.org/.
6 * It's licensed under the GNU General Public License,
7 * please see the file GPL in the top level source directory.
16 #include <openssl/ssl.h>
17 #include <openssl/x509.h>
18 #include <openssl/err.h>
19 #include <openssl/rand.h>
23 #include <lib-lib/mem.h>
24 #include <lib-lib/str.h>
25 #include <lib-lib/macros.h>
27 #include <lib-ui/curses.h>
28 #include <lib-ui/menu.h>
31 #include "mutt_socket.h"
35 #if OPENSSL_VERSION_NUMBER >= 0x00904000L
36 #define READ_X509_KEY(fp, key) PEM_read_X509(fp, key, NULL, NULL)
38 #define READ_X509_KEY(fp, key) PEM_read_X509(fp, key, NULL)
41 /* Just in case OpenSSL doesn't define DEVRANDOM */
43 #define DEVRANDOM "/dev/urandom"
46 /* This is ugly, but as RAND_status came in on OpenSSL version 0.9.5
47 * and the code has to support older versions too, this is seemed to
48 * be cleaner way compared to having even uglier #ifdefs all around.
50 #ifdef HAVE_RAND_STATUS
51 #define HAVE_ENTROPY() (RAND_status() == 1)
53 static int entropy_byte_count = 0;
55 /* OpenSSL fills the entropy pool from /dev/urandom if it exists */
56 #define HAVE_ENTROPY() (!access(DEVRANDOM, R_OK) || entropy_byte_count >= 16)
59 typedef struct _sslsockdata {
65 /* local prototypes */
66 static int ssl_init (void);
67 static int add_entropy (const char *file);
68 static int ssl_socket_read (CONNECTION * conn, char *buf, size_t len);
69 static int ssl_socket_write (CONNECTION * conn, const char *buf, size_t len);
70 static int ssl_socket_open (CONNECTION * conn);
71 static int ssl_socket_close (CONNECTION * conn);
72 static int tls_close (CONNECTION * conn);
73 static int ssl_check_certificate (sslsockdata * data);
74 static void ssl_get_client_cert (sslsockdata * ssldata, CONNECTION * conn);
75 static int ssl_passwd_cb (char *buf, int size, int rwflag, void *userdata);
76 static int ssl_negotiate (sslsockdata *);
78 /* mutt_ssl_starttls: Negotiate TLS over an already opened connection.
79 * TODO: Merge this code better with ssl_socket_open. */
80 int mutt_ssl_starttls (CONNECTION * conn)
88 ssldata = p_new(sslsockdata, 1);
89 /* the ssl_use_xxx protocol options don't apply. We must use TLS in TLS. */
90 if (!(ssldata->ctx = SSL_CTX_new (TLSv1_client_method ()))) {
94 ssl_get_client_cert (ssldata, conn);
96 if (!(ssldata->ssl = SSL_new (ssldata->ctx))) {
100 if (SSL_set_fd (ssldata->ssl, conn->fd) != 1) {
104 if (ssl_negotiate (ssldata))
107 /* hmm. watch out if we're starting TLS over any method other than raw. */
108 conn->sockdata = ssldata;
109 conn->conn_read = ssl_socket_read;
110 conn->conn_write = ssl_socket_write;
111 conn->conn_close = tls_close;
113 conn->ssf = SSL_CIPHER_get_bits (SSL_get_current_cipher (ssldata->ssl),
119 p_delete(&ssldata->ssl);
121 p_delete(&ssldata->ctx);
129 * OpenSSL library needs to be fed with sufficient entropy. On systems
130 * with /dev/urandom, this is done transparently by the library itself,
131 * on other systems we need to fill the entropy pool ourselves.
133 * Even though only OpenSSL 0.9.5 and later will complain about the
134 * lack of entropy, we try to our best and fill the pool with older
135 * versions also. (That's the reason for the ugly #ifdefs and macros,
136 * otherwise I could have simply #ifdef'd the whole ssl_init funcion)
138 static int ssl_init (void)
140 char path[_POSIX_PATH_MAX];
141 static unsigned char init_complete = 0;
146 if (!HAVE_ENTROPY ()) {
147 /* load entropy from files */
148 add_entropy (SslEntropyFile);
149 add_entropy (RAND_file_name (path, sizeof (path)));
151 /* load entropy from egd sockets */
153 add_entropy (getenv ("EGDSOCKET"));
154 snprintf (path, sizeof (path), "%s/.entropy", NONULL (Homedir));
156 add_entropy ("/tmp/entropy");
159 /* shuffle $RANDFILE (or ~/.rnd if unset) */
160 RAND_write_file (RAND_file_name (path, sizeof (path)));
162 if (!HAVE_ENTROPY ()) {
163 mutt_error (_("Failed to find enough entropy on your system"));
169 /* I don't think you can do this just before reading the error. The call
170 * itself might clobber the last SSL error. */
171 SSL_load_error_strings ();
177 static int add_entropy (const char *file)
185 if (stat (file, &st) == -1)
186 return errno == ENOENT ? 0 : -1;
188 mutt_message (_("Filling entropy pool: %s...\n"), file);
190 /* check that the file permissions are secure */
191 if (st.st_uid != getuid () ||
192 ((st.st_mode & (S_IWGRP | S_IRGRP)) != 0) ||
193 ((st.st_mode & (S_IWOTH | S_IROTH)) != 0)) {
194 mutt_error (_("%s has insecure permissions!"), file);
203 n = RAND_load_file (file, -1);
205 #ifndef HAVE_RAND_STATUS
207 entropy_byte_count += n;
212 static int ssl_socket_open_err (CONNECTION * conn)
214 mutt_error (_("SSL disabled due the lack of entropy"));
220 int mutt_ssl_socket_setup (CONNECTION * conn)
222 if (ssl_init () < 0) {
223 conn->conn_open = ssl_socket_open_err;
227 conn->conn_open = ssl_socket_open;
228 conn->conn_read = ssl_socket_read;
229 conn->conn_write = ssl_socket_write;
230 conn->conn_close = ssl_socket_close;
235 static int ssl_socket_read (CONNECTION * conn, char *buf, size_t len)
237 sslsockdata *data = conn->sockdata;
239 return SSL_read (data->ssl, buf, len);
242 static int ssl_socket_write (CONNECTION * conn, const char *buf, size_t len)
244 sslsockdata *data = conn->sockdata;
246 return SSL_write (data->ssl, buf, len);
249 static int ssl_socket_open (CONNECTION * conn)
254 if (raw_socket_open (conn) < 0)
257 data = p_new(sslsockdata, 1);
258 conn->sockdata = data;
260 data->ctx = SSL_CTX_new (SSLv23_client_method ());
262 /* disable SSL protocols as needed */
263 if (!option (OPTTLSV1)) {
264 SSL_CTX_set_options (data->ctx, SSL_OP_NO_TLSv1);
266 if (!option (OPTSSLV2)) {
267 SSL_CTX_set_options (data->ctx, SSL_OP_NO_SSLv2);
269 if (!option (OPTSSLV3)) {
270 SSL_CTX_set_options (data->ctx, SSL_OP_NO_SSLv3);
273 ssl_get_client_cert (data, conn);
275 data->ssl = SSL_new (data->ctx);
276 SSL_set_fd (data->ssl, conn->fd);
278 if (ssl_negotiate (data)) {
279 mutt_socket_close (conn);
283 conn->ssf = SSL_CIPHER_get_bits (SSL_get_current_cipher (data->ssl),
289 /* ssl_negotiate: After SSL state has been initialised, attempt to negotiate
290 * SSL over the wire, including certificate checks. */
291 static int ssl_negotiate (sslsockdata * ssldata)
296 #if OPENSSL_VERSION_NUMBER >= 0x00906000L
297 /* This only exists in 0.9.6 and above. Without it we may get interrupted
298 * reads or writes. Bummer. */
299 SSL_set_mode (ssldata->ssl, SSL_MODE_AUTO_RETRY);
302 if ((err = SSL_connect (ssldata->ssl)) != 1) {
303 switch (SSL_get_error (ssldata->ssl, err)) {
304 case SSL_ERROR_SYSCALL:
305 errmsg = _("I/O error");
308 errmsg = ERR_error_string (ERR_get_error (), NULL);
311 errmsg = _("unknown error");
314 mutt_error (_("SSL failed: %s"), errmsg);
320 ssldata->cert = SSL_get_peer_certificate (ssldata->ssl);
321 if (!ssldata->cert) {
322 mutt_error (_("Unable to get certificate from peer"));
327 if (!ssl_check_certificate (ssldata))
330 mutt_message (_("SSL connection using %s (%s)"),
331 SSL_get_cipher_version (ssldata->ssl),
332 SSL_get_cipher_name (ssldata->ssl));
338 static int ssl_socket_close (CONNECTION * conn)
340 sslsockdata *data = conn->sockdata;
343 SSL_shutdown (data->ssl);
345 X509_free (data->cert);
347 SSL_free (data->ssl);
348 SSL_CTX_free (data->ctx);
349 p_delete(&conn->sockdata);
352 return raw_socket_close (conn);
355 static int compare_certificates (X509 *cert, X509 *peercert,
356 unsigned char *peermd,
357 unsigned int peermdlen) {
358 unsigned char md[EVP_MAX_MD_SIZE];
361 /* Avoid CPU-intensive digest calculation if the certificates are
362 * not even remotely equal.
364 if (X509_subject_name_cmp (cert, peercert) != 0 ||
365 X509_issuer_name_cmp (cert, peercert) != 0)
368 if (!X509_digest (cert, EVP_sha1(), md, &mdlen) || peermdlen != mdlen)
371 if (memcmp(peermd, md, mdlen) != 0)
377 static int check_certificate_cache (X509 *peercert) {
378 unsigned char peermd[EVP_MAX_MD_SIZE];
379 unsigned int peermdlen;
381 string_list_t *scert;
383 if (!X509_digest (peercert, EVP_sha1(), peermd, &peermdlen))
386 for (scert = SslSessionCerts; scert; scert = scert->next) {
387 cert = *(X509**)scert->data;
388 if (!compare_certificates (cert, peercert, peermd, peermdlen)) {
395 static int tls_close (CONNECTION * conn)
399 rc = ssl_socket_close (conn);
400 conn->conn_read = raw_socket_read;
401 conn->conn_write = raw_socket_write;
402 conn->conn_close = raw_socket_close;
407 static char *x509_get_part (char *line, const char *ndx)
409 static char ret[SHORT_STRING];
412 m_strcpy(ret, sizeof(ret), _("Unknown"));
414 c = strstr (line, ndx);
417 c2 = strchr (c, '/');
420 m_strcpy(ret, sizeof(ret), c);
428 static void x509_fingerprint (char *s, int l, X509 * cert)
430 unsigned char md[EVP_MAX_MD_SIZE];
434 if (!X509_digest (cert, EVP_md5 (), md, &n)) {
435 m_strcpy(s, l, _("[unable to calculate]"));
438 for (j = 0; j < (int) n; j++) {
441 snprintf(ch, 8, "%02X%s", md[j], (j % 2 ? " " : ""));
447 static char *asn1time_to_string (ASN1_UTCTIME * tm)
452 m_strcpy(buf, sizeof(buf), _("[invalid date]"));
454 bio = BIO_new (BIO_s_mem ());
456 if (ASN1_TIME_print (bio, tm))
457 (void) BIO_read (bio, buf, sizeof (buf));
464 static int check_certificate_by_signer (X509 * peercert)
470 ctx = X509_STORE_new ();
474 if (option (OPTSSLSYSTEMCERTS)) {
475 if (X509_STORE_set_default_paths (ctx))
479 if (X509_STORE_load_locations (ctx, SslCertFile, NULL))
484 X509_STORE_free (ctx);
488 X509_STORE_CTX_init (&xsc, ctx, peercert, NULL);
490 pass = (X509_verify_cert (&xsc) > 0);
491 X509_STORE_CTX_cleanup (&xsc);
492 X509_STORE_free (ctx);
497 static int check_certificate_by_digest (X509 * peercert)
499 unsigned char peermd[EVP_MAX_MD_SIZE];
500 unsigned int peermdlen;
505 /* expiration check */
506 if (X509_cmp_current_time (X509_get_notBefore (peercert)) >= 0) {
507 mutt_error (_("Server certificate is not yet valid"));
511 if (X509_cmp_current_time (X509_get_notAfter (peercert)) <= 0) {
512 mutt_error (_("Server certificate has expired"));
517 if ((fp = fopen (SslCertFile, "rt")) == NULL)
520 if (!X509_digest (peercert, EVP_sha1 (), peermd, &peermdlen)) {
525 while ((cert = READ_X509_KEY (fp, &cert)) != NULL) {
526 pass = compare_certificates (cert, peercert, peermd, peermdlen) ? 0 : 1;
536 static int ssl_check_certificate (sslsockdata * data)
538 char *part[] = { "/CN=", "/Email=", "/O=", "/OU=", "/L=", "/ST=", "/C=" };
539 char helpstr[SHORT_STRING];
540 char buf[SHORT_STRING];
544 char *name = NULL, *c;
546 /* check session cache first */
547 if (check_certificate_cache (data->cert)) {
551 if (check_certificate_by_signer (data->cert)) {
555 /* automatic check from user's database */
556 if (SslCertFile && check_certificate_by_digest (data->cert)) {
560 /* interactive check from user */
561 menu = mutt_new_menu ();
563 menu->dialog = p_new(char *, menu->max);
564 for (i = 0; i < menu->max; i++)
565 menu->dialog[i] = p_new(char, SHORT_STRING);
568 m_strcpy(menu->dialog[row], SHORT_STRING,
569 _("This certificate belongs to:"));
571 name = X509_NAME_oneline (X509_get_subject_name (data->cert),
573 for (i = 0; i < 5; i++) {
574 c = x509_get_part (name, part[i]);
575 snprintf (menu->dialog[row++], SHORT_STRING, " %s", c);
579 m_strcpy(menu->dialog[row], SHORT_STRING,
580 _("This certificate was issued by:"));
582 name = X509_NAME_oneline (X509_get_issuer_name (data->cert),
584 for (i = 0; i < 5; i++) {
585 c = x509_get_part (name, part[i]);
586 snprintf (menu->dialog[row++], SHORT_STRING, " %s", c);
590 snprintf (menu->dialog[row++], SHORT_STRING, "%s",
591 _("This certificate is valid"));
592 snprintf (menu->dialog[row++], SHORT_STRING, _(" from %s"),
593 asn1time_to_string (X509_get_notBefore (data->cert)));
594 snprintf (menu->dialog[row++], SHORT_STRING, _(" to %s"),
595 asn1time_to_string (X509_get_notAfter (data->cert)));
599 x509_fingerprint (buf, sizeof (buf), data->cert);
600 snprintf (menu->dialog[row++], SHORT_STRING, _("Fingerprint: %s"), buf);
602 menu->title = _("SSL Certificate check");
604 if (SslCertFile && X509_cmp_current_time (X509_get_notAfter (data->cert)) >= 0
605 && X509_cmp_current_time (X509_get_notBefore (data->cert)) < 0) {
606 menu->prompt = _("(r)eject, accept (o)nce, (a)ccept always");
607 menu->keys = _("roa");
610 menu->prompt = _("(r)eject, accept (o)nce");
611 menu->keys = _("ro");
615 mutt_make_help (buf, sizeof (buf), _("Exit "), MENU_GENERIC, OP_EXIT);
616 m_strcat(helpstr, sizeof(helpstr), buf);
617 mutt_make_help (buf, sizeof (buf), _("Help"), MENU_GENERIC, OP_HELP);
618 m_strcat(helpstr, sizeof(helpstr), buf);
619 menu->help = helpstr;
622 set_option (OPTUNBUFFEREDINPUT);
624 switch (mutt_menuLoop (menu)) {
626 case OP_MAX + 1: /* reject */
630 case OP_MAX + 3: /* accept always */
632 if ((fp = fopen (SslCertFile, "a"))) {
633 if (PEM_write_X509 (fp, data->cert))
638 mutt_error (_("Warning: Couldn't save certificate"));
642 mutt_message (_("Certificate saved"));
646 case OP_MAX + 2: /* accept once */
648 /* keep a handle on accepted certificates in case we want to
649 * open up another connection to the same server in this session */
650 SslSessionCerts = mutt_add_list_n (SslSessionCerts, &data->cert,
655 unset_option (OPTUNBUFFEREDINPUT);
656 mutt_menuDestroy (&menu);
660 static void ssl_get_client_cert (sslsockdata * ssldata, CONNECTION * conn)
663 SSL_CTX_set_default_passwd_cb_userdata (ssldata->ctx, &conn->account);
664 SSL_CTX_set_default_passwd_cb (ssldata->ctx, ssl_passwd_cb);
665 SSL_CTX_use_certificate_file (ssldata->ctx, SslClientCert,
667 SSL_CTX_use_PrivateKey_file (ssldata->ctx, SslClientCert,
672 static int ssl_passwd_cb (char *buf, int size, int rwflag, void *userdata)
674 ACCOUNT *account = (ACCOUNT *) userdata;
676 if (mutt_account_getuser (account))
679 if (mutt_account_getpass (account))
682 return snprintf (buf, size, "%s", account->pass);