1 /*++
2 /* NAME
3 /* tls_proxy_server_scan 3
4 /* SUMMARY
5 /* read TLS_SERVER_XXX structures from stream
6 /* SYNOPSIS
7 /* #include <tls_proxy.h>
8 /*
9 /* int tls_proxy_server_init_scan(scan_fn, stream, flags, ptr)
10 /* ATTR_SCAN_COMMON_FN scan_fn;
11 /* VSTREAM *stream;
12 /* int flags;
13 /* void *ptr;
14 /*
15 /* tls_proxy_server_init_free(init_props)
16 /* TLS_SERVER_INIT_PROPS *init_props;
17 /*
18 /* int tls_proxy_server_start_scan(scan_fn, stream, flags, ptr)
19 /* ATTR_SCAN_COMMON_FN scan_fn;
20 /* VSTREAM *stream;
21 /* int flags;
22 /* void *ptr;
23 /*
24 /* void tls_proxy_server_start_free(start_props)
25 /* TLS_SERVER_START_PROPS *start_props;
26 /* DESCRIPTION
27 /* tls_proxy_server_init_scan() reads a TLS_SERVER_INIT_PROPS
28 /* structure from the named stream using the specified attribute
29 /* scan routine. tls_proxy_server_init_scan() is meant to be passed
30 /* as a call-back function to attr_scan(), as shown below.
31 /*
32 /* tls_proxy_server_init_free() destroys a TLS_SERVER_INIT_PROPS
33 /* structure that was created by tls_proxy_server_init_scan().
34 /*
35 /* TLS_SERVER_INIT_PROPS *init_props = 0;
36 /* ...
37 /* ... RECV_ATTR_FUNC(tls_proxy_server_init_scan, (void *) &init_props)
38 /* ...
39 /* if (init_props)
40 /* tls_proxy_client_init_free(init_props);
41 /*
42 /* tls_proxy_server_start_scan() reads a TLS_SERVER_START_PROPS
43 /* structure from the named stream using the specified attribute
44 /* scan routine. tls_proxy_server_start_scan() is meant to be passed
45 /* as a call-back function to attr_scan(), as shown below.
46 /*
47 /* tls_proxy_server_start_free() destroys a TLS_SERVER_START_PROPS
48 /* structure that was created by tls_proxy_server_start_scan().
49 /*
50 /* TLS_SERVER_START_PROPS *start_props = 0;
51 /* ...
52 /* ... RECV_ATTR_FUNC(tls_proxy_server_start_scan, (void *) &start_props)
53 /* ...
54 /* if (start_props)
55 /* tls_proxy_server_start_free(start_props);
56 /* DIAGNOSTICS
57 /* Fatal: out of memory.
58 /* LICENSE
59 /* .ad
60 /* .fi
61 /* The Secure Mailer license must be distributed with this software.
62 /* AUTHOR(S)
63 /* Wietse Venema
64 /* Google, Inc.
65 /* 111 8th Avenue
66 /* New York, NY 10011, USA
67 /*--*/
68
69 #ifdef USE_TLS
70
71 /* System library. */
72
73 #include <sys_defs.h>
74
75 /* Utility library */
76
77 #include <attr.h>
78
79 /* TLS library. */
80
81 #include <tls.h>
82 #include <tls_proxy.h>
83
84 /* tls_proxy_server_init_scan - receive TLS_SERVER_INIT_PROPS from stream */
85
tls_proxy_server_init_scan(ATTR_SCAN_COMMON_FN scan_fn,VSTREAM * fp,int flags,void * ptr)86 int tls_proxy_server_init_scan(ATTR_SCAN_COMMON_FN scan_fn, VSTREAM *fp,
87 int flags, void *ptr)
88 {
89 TLS_SERVER_INIT_PROPS *props
90 = (TLS_SERVER_INIT_PROPS *) mymalloc(sizeof(*props));
91 int ret;
92 VSTRING *log_param = vstring_alloc(25);
93 VSTRING *log_level = vstring_alloc(25);
94 VSTRING *cache_type = vstring_alloc(25);
95 VSTRING *chain_files = vstring_alloc(25);
96 VSTRING *cert_file = vstring_alloc(25);
97 VSTRING *key_file = vstring_alloc(25);
98 VSTRING *dcert_file = vstring_alloc(25);
99 VSTRING *dkey_file = vstring_alloc(25);
100 VSTRING *eccert_file = vstring_alloc(25);
101 VSTRING *eckey_file = vstring_alloc(25);
102 VSTRING *CAfile = vstring_alloc(25);
103 VSTRING *CApath = vstring_alloc(25);
104 VSTRING *protocols = vstring_alloc(25);
105 VSTRING *eecdh_grade = vstring_alloc(25);
106 VSTRING *dh1024_param_file = vstring_alloc(25);
107 VSTRING *dh512_param_file = vstring_alloc(25);
108 VSTRING *mdalg = vstring_alloc(25);
109
110 /*
111 * Note: memset() is not a portable way to initialize non-integer types.
112 */
113 memset(props, 0, sizeof(*props));
114 ret = scan_fn(fp, flags | ATTR_FLAG_MORE,
115 RECV_ATTR_STR(TLS_ATTR_LOG_PARAM, log_param),
116 RECV_ATTR_STR(TLS_ATTR_LOG_LEVEL, log_level),
117 RECV_ATTR_INT(TLS_ATTR_VERIFYDEPTH, &props->verifydepth),
118 RECV_ATTR_STR(TLS_ATTR_CACHE_TYPE, cache_type),
119 RECV_ATTR_INT(TLS_ATTR_SET_SESSID, &props->set_sessid),
120 RECV_ATTR_STR(TLS_ATTR_CHAIN_FILES, chain_files),
121 RECV_ATTR_STR(TLS_ATTR_CERT_FILE, cert_file),
122 RECV_ATTR_STR(TLS_ATTR_KEY_FILE, key_file),
123 RECV_ATTR_STR(TLS_ATTR_DCERT_FILE, dcert_file),
124 RECV_ATTR_STR(TLS_ATTR_DKEY_FILE, dkey_file),
125 RECV_ATTR_STR(TLS_ATTR_ECCERT_FILE, eccert_file),
126 RECV_ATTR_STR(TLS_ATTR_ECKEY_FILE, eckey_file),
127 RECV_ATTR_STR(TLS_ATTR_CAFILE, CAfile),
128 RECV_ATTR_STR(TLS_ATTR_CAPATH, CApath),
129 RECV_ATTR_STR(TLS_ATTR_PROTOCOLS, protocols),
130 RECV_ATTR_STR(TLS_ATTR_EECDH_GRADE, eecdh_grade),
131 RECV_ATTR_STR(TLS_ATTR_DH1K_PARAM_FILE, dh1024_param_file),
132 RECV_ATTR_STR(TLS_ATTR_DH512_PARAM_FILE, dh512_param_file),
133 RECV_ATTR_INT(TLS_ATTR_ASK_CCERT, &props->ask_ccert),
134 RECV_ATTR_STR(TLS_ATTR_MDALG, mdalg),
135 ATTR_TYPE_END);
136 /* Always construct a well-formed structure. */
137 props->log_param = vstring_export(log_param);
138 props->log_level = vstring_export(log_level);
139 props->cache_type = vstring_export(cache_type);
140 props->chain_files = vstring_export(chain_files);
141 props->cert_file = vstring_export(cert_file);
142 props->key_file = vstring_export(key_file);
143 props->dcert_file = vstring_export(dcert_file);
144 props->dkey_file = vstring_export(dkey_file);
145 props->eccert_file = vstring_export(eccert_file);
146 props->eckey_file = vstring_export(eckey_file);
147 props->CAfile = vstring_export(CAfile);
148 props->CApath = vstring_export(CApath);
149 props->protocols = vstring_export(protocols);
150 props->eecdh_grade = vstring_export(eecdh_grade);
151 props->dh1024_param_file = vstring_export(dh1024_param_file);
152 props->dh512_param_file = vstring_export(dh512_param_file);
153 props->mdalg = vstring_export(mdalg);
154 ret = (ret == 20 ? 1 : -1);
155 if (ret != 1) {
156 tls_proxy_server_init_free(props);
157 props = 0;
158 }
159 *(TLS_SERVER_INIT_PROPS **) ptr = props;
160 return (ret);
161 }
162
163 /* tls_proxy_server_init_free - destroy TLS_SERVER_INIT_PROPS structure */
164
tls_proxy_server_init_free(TLS_SERVER_INIT_PROPS * props)165 void tls_proxy_server_init_free(TLS_SERVER_INIT_PROPS *props)
166 {
167 myfree((void *) props->log_param);
168 myfree((void *) props->log_level);
169 myfree((void *) props->cache_type);
170 myfree((void *) props->chain_files);
171 myfree((void *) props->cert_file);
172 myfree((void *) props->key_file);
173 myfree((void *) props->dcert_file);
174 myfree((void *) props->dkey_file);
175 myfree((void *) props->eccert_file);
176 myfree((void *) props->eckey_file);
177 myfree((void *) props->CAfile);
178 myfree((void *) props->CApath);
179 myfree((void *) props->protocols);
180 myfree((void *) props->eecdh_grade);
181 myfree((void *) props->dh1024_param_file);
182 myfree((void *) props->dh512_param_file);
183 myfree((void *) props->mdalg);
184 myfree((void *) props);
185 }
186
187 /* tls_proxy_server_start_scan - receive TLS_SERVER_START_PROPS from stream */
188
tls_proxy_server_start_scan(ATTR_SCAN_COMMON_FN scan_fn,VSTREAM * fp,int flags,void * ptr)189 int tls_proxy_server_start_scan(ATTR_SCAN_COMMON_FN scan_fn, VSTREAM *fp,
190 int flags, void *ptr)
191 {
192 TLS_SERVER_START_PROPS *props
193 = (TLS_SERVER_START_PROPS *) mymalloc(sizeof(*props));
194 int ret;
195 VSTRING *serverid = vstring_alloc(25);
196 VSTRING *namaddr = vstring_alloc(25);
197 VSTRING *cipher_grade = vstring_alloc(25);
198 VSTRING *cipher_exclusions = vstring_alloc(25);
199 VSTRING *mdalg = vstring_alloc(25);
200
201 /*
202 * Note: memset() is not a portable way to initialize non-integer types.
203 */
204 memset(props, 0, sizeof(*props));
205 props->ctx = 0;
206 props->stream = 0;
207 /* XXX Caller sets fd. */
208 ret = scan_fn(fp, flags | ATTR_FLAG_MORE,
209 RECV_ATTR_INT(TLS_ATTR_TIMEOUT, &props->timeout),
210 RECV_ATTR_INT(TLS_ATTR_REQUIRECERT, &props->requirecert),
211 RECV_ATTR_STR(TLS_ATTR_SERVERID, serverid),
212 RECV_ATTR_STR(TLS_ATTR_NAMADDR, namaddr),
213 RECV_ATTR_STR(TLS_ATTR_CIPHER_GRADE, cipher_grade),
214 RECV_ATTR_STR(TLS_ATTR_CIPHER_EXCLUSIONS,
215 cipher_exclusions),
216 RECV_ATTR_STR(TLS_ATTR_MDALG, mdalg),
217 ATTR_TYPE_END);
218 props->serverid = vstring_export(serverid);
219 props->namaddr = vstring_export(namaddr);
220 props->cipher_grade = vstring_export(cipher_grade);
221 props->cipher_exclusions = vstring_export(cipher_exclusions);
222 props->mdalg = vstring_export(mdalg);
223 ret = (ret == 7 ? 1 : -1);
224 if (ret != 1) {
225 tls_proxy_server_start_free(props);
226 props = 0;
227 }
228 *(TLS_SERVER_START_PROPS **) ptr = props;
229 return (ret);
230 }
231
232 /* tls_proxy_server_start_free - destroy TLS_SERVER_START_PROPS structure */
233
tls_proxy_server_start_free(TLS_SERVER_START_PROPS * props)234 void tls_proxy_server_start_free(TLS_SERVER_START_PROPS *props)
235 {
236 /* XXX Caller closes fd. */
237 myfree((void *) props->serverid);
238 myfree((void *) props->namaddr);
239 myfree((void *) props->cipher_grade);
240 myfree((void *) props->cipher_exclusions);
241 myfree((void *) props->mdalg);
242 myfree((void *) props);
243 }
244
245 #endif
246