2 * Copyright notice from original mutt:
3 * Copyright (C) 1999-2001 Tommi Komulainen <Tommi.Komulainen@iki.fi>
5 * This file is part of mutt-ng, see http://www.muttng.org/.
6 * It's licensed under the GNU General Public License,
7 * please see the file GPL in the top level source directory.
14 #include <openssl/ssl.h>
15 #include <openssl/x509.h>
16 #include <openssl/err.h>
17 #include <openssl/rand.h>
24 #include "mutt_socket.h"
25 #include "mutt_menu.h"
26 #include "mutt_curses.h"
29 #if OPENSSL_VERSION_NUMBER >= 0x00904000L
30 #define READ_X509_KEY(fp, key) PEM_read_X509(fp, key, NULL, NULL)
32 #define READ_X509_KEY(fp, key) PEM_read_X509(fp, key, NULL)
35 /* Just in case OpenSSL doesn't define DEVRANDOM */
37 #define DEVRANDOM "/dev/urandom"
40 /* This is ugly, but as RAND_status came in on OpenSSL version 0.9.5
41 * and the code has to support older versions too, this is seemed to
42 * be cleaner way compared to having even uglier #ifdefs all around.
44 #ifdef HAVE_RAND_STATUS
45 #define HAVE_ENTROPY() (RAND_status() == 1)
47 static int entropy_byte_count = 0;
49 /* OpenSSL fills the entropy pool from /dev/urandom if it exists */
50 #define HAVE_ENTROPY() (!access(DEVRANDOM, R_OK) || entropy_byte_count >= 16)
53 typedef struct _sslsockdata {
59 /* local prototypes */
61 static int add_entropy (const char *file);
62 static int ssl_socket_read (CONNECTION * conn, char *buf, size_t len);
63 static int ssl_socket_write (CONNECTION * conn, const char *buf, size_t len);
64 static int ssl_socket_open (CONNECTION * conn);
65 static int ssl_socket_close (CONNECTION * conn);
66 static int tls_close (CONNECTION * conn);
67 static int ssl_check_certificate (sslsockdata * data);
68 static void ssl_get_client_cert (sslsockdata * ssldata, CONNECTION * conn);
69 static int ssl_passwd_cb (char *buf, int size, int rwflag, void *userdata);
70 static int ssl_negotiate (sslsockdata *);
72 /* mutt_ssl_starttls: Negotiate TLS over an already opened connection.
73 * TODO: Merge this code better with ssl_socket_open. */
74 int mutt_ssl_starttls (CONNECTION * conn)
82 ssldata = (sslsockdata *) safe_calloc (1, sizeof (sslsockdata));
83 /* the ssl_use_xxx protocol options don't apply. We must use TLS in TLS. */
84 if (!(ssldata->ctx = SSL_CTX_new (TLSv1_client_method ()))) {
85 dprint (1, (debugfile, "mutt_ssl_starttls: Error allocating SSL_CTX\n"));
89 ssl_get_client_cert (ssldata, conn);
91 if (!(ssldata->ssl = SSL_new (ssldata->ctx))) {
92 dprint (1, (debugfile, "mutt_ssl_starttls: Error allocating SSL\n"));
96 if (SSL_set_fd (ssldata->ssl, conn->fd) != 1) {
97 dprint (1, (debugfile, "mutt_ssl_starttls: Error setting fd\n"));
101 if (ssl_negotiate (ssldata))
104 /* hmm. watch out if we're starting TLS over any method other than raw. */
105 conn->sockdata = ssldata;
106 conn->conn_read = ssl_socket_read;
107 conn->conn_write = ssl_socket_write;
108 conn->conn_close = tls_close;
110 conn->ssf = SSL_CIPHER_get_bits (SSL_get_current_cipher (ssldata->ssl),
116 FREE (&ssldata->ssl);
118 FREE (&ssldata->ctx);
126 * OpenSSL library needs to be fed with sufficient entropy. On systems
127 * with /dev/urandom, this is done transparently by the library itself,
128 * on other systems we need to fill the entropy pool ourselves.
130 * Even though only OpenSSL 0.9.5 and later will complain about the
131 * lack of entropy, we try to our best and fill the pool with older
132 * versions also. (That's the reason for the ugly #ifdefs and macros,
133 * otherwise I could have simply #ifdef'd the whole ssl_init funcion)
137 char path[_POSIX_PATH_MAX];
138 static unsigned char init_complete = 0;
143 if (!HAVE_ENTROPY ()) {
144 /* load entropy from files */
145 add_entropy (SslEntropyFile);
146 add_entropy (RAND_file_name (path, sizeof (path)));
148 /* load entropy from egd sockets */
150 add_entropy (getenv ("EGDSOCKET"));
151 snprintf (path, sizeof (path), "%s/.entropy", NONULL (Homedir));
153 add_entropy ("/tmp/entropy");
156 /* shuffle $RANDFILE (or ~/.rnd if unset) */
157 RAND_write_file (RAND_file_name (path, sizeof (path)));
159 if (!HAVE_ENTROPY ()) {
160 mutt_error (_("Failed to find enough entropy on your system"));
166 /* I don't think you can do this just before reading the error. The call
167 * itself might clobber the last SSL error. */
168 SSL_load_error_strings ();
174 static int add_entropy (const char *file)
182 if (stat (file, &st) == -1)
183 return errno == ENOENT ? 0 : -1;
185 mutt_message (_("Filling entropy pool: %s...\n"), file);
187 /* check that the file permissions are secure */
188 if (st.st_uid != getuid () ||
189 ((st.st_mode & (S_IWGRP | S_IRGRP)) != 0) ||
190 ((st.st_mode & (S_IWOTH | S_IROTH)) != 0)) {
191 mutt_error (_("%s has insecure permissions!"), file);
200 n = RAND_load_file (file, -1);
202 #ifndef HAVE_RAND_STATUS
204 entropy_byte_count += n;
209 static int ssl_socket_open_err (CONNECTION * conn)
211 mutt_error (_("SSL disabled due the lack of entropy"));
217 int ssl_socket_setup (CONNECTION * conn)
219 if (ssl_init () < 0) {
220 conn->conn_open = ssl_socket_open_err;
224 conn->conn_open = ssl_socket_open;
225 conn->conn_read = ssl_socket_read;
226 conn->conn_write = ssl_socket_write;
227 conn->conn_close = ssl_socket_close;
232 static int ssl_socket_read (CONNECTION * conn, char *buf, size_t len)
234 sslsockdata *data = conn->sockdata;
236 return SSL_read (data->ssl, buf, len);
239 static int ssl_socket_write (CONNECTION * conn, const char *buf, size_t len)
241 sslsockdata *data = conn->sockdata;
243 return SSL_write (data->ssl, buf, len);
246 static int ssl_socket_open (CONNECTION * conn)
251 if (raw_socket_open (conn) < 0)
254 data = (sslsockdata *) safe_calloc (1, sizeof (sslsockdata));
255 conn->sockdata = data;
257 data->ctx = SSL_CTX_new (SSLv23_client_method ());
259 /* disable SSL protocols as needed */
260 if (!option (OPTTLSV1)) {
261 SSL_CTX_set_options (data->ctx, SSL_OP_NO_TLSv1);
263 if (!option (OPTSSLV2)) {
264 SSL_CTX_set_options (data->ctx, SSL_OP_NO_SSLv2);
266 if (!option (OPTSSLV3)) {
267 SSL_CTX_set_options (data->ctx, SSL_OP_NO_SSLv3);
270 ssl_get_client_cert (data, conn);
272 data->ssl = SSL_new (data->ctx);
273 SSL_set_fd (data->ssl, conn->fd);
275 if (ssl_negotiate (data)) {
276 mutt_socket_close (conn);
280 conn->ssf = SSL_CIPHER_get_bits (SSL_get_current_cipher (data->ssl),
286 /* ssl_negotiate: After SSL state has been initialised, attempt to negotiate
287 * SSL over the wire, including certificate checks. */
288 static int ssl_negotiate (sslsockdata * ssldata)
293 #if OPENSSL_VERSION_NUMBER >= 0x00906000L
294 /* This only exists in 0.9.6 and above. Without it we may get interrupted
295 * reads or writes. Bummer. */
296 SSL_set_mode (ssldata->ssl, SSL_MODE_AUTO_RETRY);
299 if ((err = SSL_connect (ssldata->ssl)) != 1) {
300 switch (SSL_get_error (ssldata->ssl, err)) {
301 case SSL_ERROR_SYSCALL:
302 errmsg = _("I/O error");
305 errmsg = ERR_error_string (ERR_get_error (), NULL);
308 errmsg = _("unknown error");
311 mutt_error (_("SSL failed: %s"), errmsg);
317 ssldata->cert = SSL_get_peer_certificate (ssldata->ssl);
318 if (!ssldata->cert) {
319 mutt_error (_("Unable to get certificate from peer"));
324 if (!ssl_check_certificate (ssldata))
327 mutt_message (_("SSL connection using %s (%s)"),
328 SSL_get_cipher_version (ssldata->ssl),
329 SSL_get_cipher_name (ssldata->ssl));
335 static int ssl_socket_close (CONNECTION * conn)
337 sslsockdata *data = conn->sockdata;
340 SSL_shutdown (data->ssl);
342 X509_free (data->cert);
343 SSL_free (data->ssl);
344 SSL_CTX_free (data->ctx);
345 FREE (&conn->sockdata);
348 return raw_socket_close (conn);
351 static int tls_close (CONNECTION * conn)
355 rc = ssl_socket_close (conn);
356 conn->conn_read = raw_socket_read;
357 conn->conn_write = raw_socket_write;
358 conn->conn_close = raw_socket_close;
363 static char *x509_get_part (char *line, const char *ndx)
365 static char ret[SHORT_STRING];
368 strfcpy (ret, _("Unknown"), sizeof (ret));
370 c = strstr (line, ndx);
373 c2 = strchr (c, '/');
376 strfcpy (ret, c, sizeof (ret));
384 static void x509_fingerprint (char *s, int l, X509 * cert)
386 unsigned char md[EVP_MAX_MD_SIZE];
390 if (!X509_digest (cert, EVP_md5 (), md, &n)) {
391 snprintf (s, l, "%s", _("[unable to calculate]"));
394 for (j = 0; j < (int) n; j++) {
397 snprintf (ch, 8, "%02X%s", md[j], (j % 2 ? " " : ""));
398 safe_strcat (s, l, ch);
403 static char *asn1time_to_string (ASN1_UTCTIME * tm)
408 strfcpy (buf, _("[invalid date]"), sizeof (buf));
410 bio = BIO_new (BIO_s_mem ());
412 if (ASN1_TIME_print (bio, tm))
413 (void) BIO_read (bio, buf, sizeof (buf));
420 static int check_certificate_by_signer (X509 * peercert)
426 ctx = X509_STORE_new ();
430 if (option (OPTSSLSYSTEMCERTS)) {
431 if (X509_STORE_set_default_paths (ctx))
434 dprint (2, (debugfile, "X509_STORE_set_default_paths failed\n"));
437 if (X509_STORE_load_locations (ctx, SslCertFile, NULL))
440 dprint (2, (debugfile, "X509_STORE_load_locations_failed\n"));
444 X509_STORE_free (ctx);
448 X509_STORE_CTX_init (&xsc, ctx, peercert, NULL);
450 pass = (X509_verify_cert (&xsc) > 0);
453 char buf[SHORT_STRING];
456 err = X509_STORE_CTX_get_error (&xsc);
457 snprintf (buf, sizeof (buf), "%s (%d)",
458 X509_verify_cert_error_string (err), err);
459 dprint (2, (debugfile, "X509_verify_cert: %s\n", buf));
462 X509_STORE_CTX_cleanup (&xsc);
463 X509_STORE_free (ctx);
468 static int check_certificate_by_digest (X509 * peercert)
470 unsigned char peermd[EVP_MAX_MD_SIZE];
471 unsigned int peermdlen;
476 /* expiration check */
477 if (X509_cmp_current_time (X509_get_notBefore (peercert)) >= 0) {
478 dprint (2, (debugfile, "Server certificate is not yet valid\n"));
479 mutt_error (_("Server certificate is not yet valid"));
483 if (X509_cmp_current_time (X509_get_notAfter (peercert)) <= 0) {
484 dprint (2, (debugfile, "Server certificate has expired"));
485 mutt_error (_("Server certificate has expired"));
490 if ((fp = fopen (SslCertFile, "rt")) == NULL)
493 if (!X509_digest (peercert, EVP_sha1 (), peermd, &peermdlen)) {
498 while ((cert = READ_X509_KEY (fp, &cert)) != NULL) {
499 unsigned char md[EVP_MAX_MD_SIZE];
502 /* Avoid CPU-intensive digest calculation if the certificates are
503 * not even remotely equal.
505 if (X509_subject_name_cmp (cert, peercert) != 0 ||
506 X509_issuer_name_cmp (cert, peercert) != 0)
509 if (!X509_digest (cert, EVP_sha1 (), md, &mdlen) || peermdlen != mdlen)
512 if (memcmp (peermd, md, mdlen) != 0)
524 static int ssl_check_certificate (sslsockdata * data)
526 char *part[] = { "/CN=", "/Email=", "/O=", "/OU=", "/L=", "/ST=", "/C=" };
527 char helpstr[SHORT_STRING];
528 char buf[SHORT_STRING];
532 char *name = NULL, *c;
534 if (check_certificate_by_signer (data->cert)) {
535 dprint (1, (debugfile, "ssl_check_certificate: signer check passed\n"));
539 /* automatic check from user's database */
540 if (SslCertFile && check_certificate_by_digest (data->cert)) {
541 dprint (1, (debugfile, "ssl_check_certificate: digest check passed\n"));
545 /* interactive check from user */
546 menu = mutt_new_menu ();
548 menu->dialog = (char **) safe_calloc (1, menu->max * sizeof (char *));
549 for (i = 0; i < menu->max; i++)
550 menu->dialog[i] = (char *) safe_calloc (1, SHORT_STRING * sizeof (char));
553 strfcpy (menu->dialog[row], _("This certificate belongs to:"),
556 name = X509_NAME_oneline (X509_get_subject_name (data->cert),
558 for (i = 0; i < 5; i++) {
559 c = x509_get_part (name, part[i]);
560 snprintf (menu->dialog[row++], SHORT_STRING, " %s", c);
564 strfcpy (menu->dialog[row], _("This certificate was issued by:"),
567 name = X509_NAME_oneline (X509_get_issuer_name (data->cert),
569 for (i = 0; i < 5; i++) {
570 c = x509_get_part (name, part[i]);
571 snprintf (menu->dialog[row++], SHORT_STRING, " %s", c);
575 snprintf (menu->dialog[row++], SHORT_STRING, "%s",
576 _("This certificate is valid"));
577 snprintf (menu->dialog[row++], SHORT_STRING, _(" from %s"),
578 asn1time_to_string (X509_get_notBefore (data->cert)));
579 snprintf (menu->dialog[row++], SHORT_STRING, _(" to %s"),
580 asn1time_to_string (X509_get_notAfter (data->cert)));
584 x509_fingerprint (buf, sizeof (buf), data->cert);
585 snprintf (menu->dialog[row++], SHORT_STRING, _("Fingerprint: %s"), buf);
587 menu->title = _("SSL Certificate check");
589 menu->prompt = _("(r)eject, accept (o)nce, (a)ccept always");
590 menu->keys = _("roa");
593 menu->prompt = _("(r)eject, accept (o)nce");
594 menu->keys = _("ro");
598 mutt_make_help (buf, sizeof (buf), _("Exit "), MENU_GENERIC, OP_EXIT);
599 safe_strcat (helpstr, sizeof (helpstr), buf);
600 mutt_make_help (buf, sizeof (buf), _("Help"), MENU_GENERIC, OP_HELP);
601 safe_strcat (helpstr, sizeof (helpstr), buf);
602 menu->help = helpstr;
605 set_option (OPTUNBUFFEREDINPUT);
607 switch (mutt_menuLoop (menu)) {
609 case OP_MAX + 1: /* reject */
613 case OP_MAX + 3: /* accept always */
615 if ((fp = fopen (SslCertFile, "a"))) {
616 if (PEM_write_X509 (fp, data->cert))
621 mutt_error (_("Warning: Couldn't save certificate"));
625 mutt_message (_("Certificate saved"));
629 case OP_MAX + 2: /* accept once */
634 unset_option (OPTUNBUFFEREDINPUT);
635 mutt_menuDestroy (&menu);
639 static void ssl_get_client_cert (sslsockdata * ssldata, CONNECTION * conn)
642 dprint (2, (debugfile, "Using client certificate %s\n", SslClientCert));
643 SSL_CTX_set_default_passwd_cb_userdata (ssldata->ctx, &conn->account);
644 SSL_CTX_set_default_passwd_cb (ssldata->ctx, ssl_passwd_cb);
645 SSL_CTX_use_certificate_file (ssldata->ctx, SslClientCert,
647 SSL_CTX_use_PrivateKey_file (ssldata->ctx, SslClientCert,
652 static int ssl_passwd_cb (char *buf, int size, int rwflag, void *userdata)
654 ACCOUNT *account = (ACCOUNT *) userdata;
656 if (mutt_account_getuser (account))
659 dprint (2, (debugfile, "ssl_passwd_cb: getting password for %s@%s:%u\n",
660 account->user, account->host, account->port));
662 if (mutt_account_getpass (account))
665 return snprintf (buf, size, "%s", account->pass);