1 /*	$NetBSD: tls_proxy_server_scan.c,v 1.3 2022/10/08 16:12:50 christos Exp $	*/
2 
3 /*++
4 /* NAME
5 /*	tls_proxy_server_scan 3
6 /* SUMMARY
7 /*	read TLS_SERVER_XXX structures from stream
8 /* SYNOPSIS
9 /*	#include <tls_proxy.h>
10 /*
11 /*	int	tls_proxy_server_init_scan(scan_fn, stream, flags, ptr)
12 /*	ATTR_SCAN_COMMON_FN scan_fn;
13 /*	VSTREAM *stream;
14 /*	int     flags;
15 /*	void    *ptr;
16 /*
17 /*	tls_proxy_server_init_free(init_props)
18 /*	TLS_SERVER_INIT_PROPS *init_props;
19 /*
20 /*	int	tls_proxy_server_start_scan(scan_fn, stream, flags, ptr)
21 /*	ATTR_SCAN_COMMON_FN scan_fn;
22 /*	VSTREAM *stream;
23 /*	int     flags;
24 /*	void    *ptr;
25 /*
26 /*	void	tls_proxy_server_start_free(start_props)
27 /*	TLS_SERVER_START_PROPS *start_props;
28 /* DESCRIPTION
29 /*	tls_proxy_server_init_scan() reads a TLS_SERVER_INIT_PROPS
30 /*	structure from the named stream using the specified attribute
31 /*	scan routine. tls_proxy_server_init_scan() is meant to be passed
32 /*	as a call-back function to attr_scan(), as shown below.
33 /*
34 /*	tls_proxy_server_init_free() destroys a TLS_SERVER_INIT_PROPS
35 /*	structure that was created by tls_proxy_server_init_scan().
36 /*
37 /*	TLS_SERVER_INIT_PROPS *init_props = 0;
38 /*	...
39 /*	... RECV_ATTR_FUNC(tls_proxy_server_init_scan, (void *) &init_props)
40 /*	...
41 /*	if (init_props)
42 /*	    tls_proxy_client_init_free(init_props);
43 /*
44 /*	tls_proxy_server_start_scan() reads a TLS_SERVER_START_PROPS
45 /*	structure from the named stream using the specified attribute
46 /*	scan routine. tls_proxy_server_start_scan() is meant to be passed
47 /*	as a call-back function to attr_scan(), as shown below.
48 /*
49 /*	tls_proxy_server_start_free() destroys a TLS_SERVER_START_PROPS
50 /*	structure that was created by tls_proxy_server_start_scan().
51 /*
52 /*	TLS_SERVER_START_PROPS *start_props = 0;
53 /*	...
54 /*	... RECV_ATTR_FUNC(tls_proxy_server_start_scan, (void *) &start_props)
55 /*	...
56 /*	if (start_props)
57 /*	    tls_proxy_server_start_free(start_props);
58 /* DIAGNOSTICS
59 /*	Fatal: out of memory.
60 /* LICENSE
61 /* .ad
62 /* .fi
63 /*	The Secure Mailer license must be distributed with this software.
64 /* AUTHOR(S)
65 /*	Wietse Venema
66 /*	Google, Inc.
67 /*	111 8th Avenue
68 /*	New York, NY 10011, USA
69 /*--*/
70 
71 #ifdef USE_TLS
72 
73 /* System library. */
74 
75 #include <sys_defs.h>
76 
77 /* Utility library */
78 
79 #include <attr.h>
80 
81 /* TLS library. */
82 
83 #include <tls.h>
84 #include <tls_proxy.h>
85 
86 /* tls_proxy_server_init_scan - receive TLS_SERVER_INIT_PROPS from stream */
87 
tls_proxy_server_init_scan(ATTR_SCAN_COMMON_FN scan_fn,VSTREAM * fp,int flags,void * ptr)88 int     tls_proxy_server_init_scan(ATTR_SCAN_COMMON_FN scan_fn, VSTREAM *fp,
89 				           int flags, void *ptr)
90 {
91     TLS_SERVER_INIT_PROPS *props
92     = (TLS_SERVER_INIT_PROPS *) mymalloc(sizeof(*props));
93     int     ret;
94     VSTRING *log_param = vstring_alloc(25);
95     VSTRING *log_level = vstring_alloc(25);
96     VSTRING *cache_type = vstring_alloc(25);
97     VSTRING *chain_files = vstring_alloc(25);
98     VSTRING *cert_file = vstring_alloc(25);
99     VSTRING *key_file = vstring_alloc(25);
100     VSTRING *dcert_file = vstring_alloc(25);
101     VSTRING *dkey_file = vstring_alloc(25);
102     VSTRING *eccert_file = vstring_alloc(25);
103     VSTRING *eckey_file = vstring_alloc(25);
104     VSTRING *CAfile = vstring_alloc(25);
105     VSTRING *CApath = vstring_alloc(25);
106     VSTRING *protocols = vstring_alloc(25);
107     VSTRING *eecdh_grade = vstring_alloc(25);
108     VSTRING *dh1024_param_file = vstring_alloc(25);
109     VSTRING *dh512_param_file = vstring_alloc(25);
110     VSTRING *mdalg = vstring_alloc(25);
111 
112     /*
113      * Note: memset() is not a portable way to initialize non-integer types.
114      */
115     memset(props, 0, sizeof(*props));
116     ret = scan_fn(fp, flags | ATTR_FLAG_MORE,
117 		  RECV_ATTR_STR(TLS_ATTR_LOG_PARAM, log_param),
118 		  RECV_ATTR_STR(TLS_ATTR_LOG_LEVEL, log_level),
119 		  RECV_ATTR_INT(TLS_ATTR_VERIFYDEPTH, &props->verifydepth),
120 		  RECV_ATTR_STR(TLS_ATTR_CACHE_TYPE, cache_type),
121 		  RECV_ATTR_INT(TLS_ATTR_SET_SESSID, &props->set_sessid),
122 		  RECV_ATTR_STR(TLS_ATTR_CHAIN_FILES, chain_files),
123 		  RECV_ATTR_STR(TLS_ATTR_CERT_FILE, cert_file),
124 		  RECV_ATTR_STR(TLS_ATTR_KEY_FILE, key_file),
125 		  RECV_ATTR_STR(TLS_ATTR_DCERT_FILE, dcert_file),
126 		  RECV_ATTR_STR(TLS_ATTR_DKEY_FILE, dkey_file),
127 		  RECV_ATTR_STR(TLS_ATTR_ECCERT_FILE, eccert_file),
128 		  RECV_ATTR_STR(TLS_ATTR_ECKEY_FILE, eckey_file),
129 		  RECV_ATTR_STR(TLS_ATTR_CAFILE, CAfile),
130 		  RECV_ATTR_STR(TLS_ATTR_CAPATH, CApath),
131 		  RECV_ATTR_STR(TLS_ATTR_PROTOCOLS, protocols),
132 		  RECV_ATTR_STR(TLS_ATTR_EECDH_GRADE, eecdh_grade),
133 		  RECV_ATTR_STR(TLS_ATTR_DH1K_PARAM_FILE, dh1024_param_file),
134 		  RECV_ATTR_STR(TLS_ATTR_DH512_PARAM_FILE, dh512_param_file),
135 		  RECV_ATTR_INT(TLS_ATTR_ASK_CCERT, &props->ask_ccert),
136 		  RECV_ATTR_STR(TLS_ATTR_MDALG, mdalg),
137 		  ATTR_TYPE_END);
138     /* Always construct a well-formed structure. */
139     props->log_param = vstring_export(log_param);
140     props->log_level = vstring_export(log_level);
141     props->cache_type = vstring_export(cache_type);
142     props->chain_files = vstring_export(chain_files);
143     props->cert_file = vstring_export(cert_file);
144     props->key_file = vstring_export(key_file);
145     props->dcert_file = vstring_export(dcert_file);
146     props->dkey_file = vstring_export(dkey_file);
147     props->eccert_file = vstring_export(eccert_file);
148     props->eckey_file = vstring_export(eckey_file);
149     props->CAfile = vstring_export(CAfile);
150     props->CApath = vstring_export(CApath);
151     props->protocols = vstring_export(protocols);
152     props->eecdh_grade = vstring_export(eecdh_grade);
153     props->dh1024_param_file = vstring_export(dh1024_param_file);
154     props->dh512_param_file = vstring_export(dh512_param_file);
155     props->mdalg = vstring_export(mdalg);
156     ret = (ret == 20 ? 1 : -1);
157     if (ret != 1) {
158 	tls_proxy_server_init_free(props);
159 	props = 0;
160     }
161     *(TLS_SERVER_INIT_PROPS **) ptr = props;
162     return (ret);
163 }
164 
165 /* tls_proxy_server_init_free - destroy TLS_SERVER_INIT_PROPS structure */
166 
tls_proxy_server_init_free(TLS_SERVER_INIT_PROPS * props)167 void    tls_proxy_server_init_free(TLS_SERVER_INIT_PROPS *props)
168 {
169     myfree((void *) props->log_param);
170     myfree((void *) props->log_level);
171     myfree((void *) props->cache_type);
172     myfree((void *) props->chain_files);
173     myfree((void *) props->cert_file);
174     myfree((void *) props->key_file);
175     myfree((void *) props->dcert_file);
176     myfree((void *) props->dkey_file);
177     myfree((void *) props->eccert_file);
178     myfree((void *) props->eckey_file);
179     myfree((void *) props->CAfile);
180     myfree((void *) props->CApath);
181     myfree((void *) props->protocols);
182     myfree((void *) props->eecdh_grade);
183     myfree((void *) props->dh1024_param_file);
184     myfree((void *) props->dh512_param_file);
185     myfree((void *) props->mdalg);
186     myfree((void *) props);
187 }
188 
189 /* tls_proxy_server_start_scan - receive TLS_SERVER_START_PROPS from stream */
190 
tls_proxy_server_start_scan(ATTR_SCAN_COMMON_FN scan_fn,VSTREAM * fp,int flags,void * ptr)191 int     tls_proxy_server_start_scan(ATTR_SCAN_COMMON_FN scan_fn, VSTREAM *fp,
192 				            int flags, void *ptr)
193 {
194     TLS_SERVER_START_PROPS *props
195     = (TLS_SERVER_START_PROPS *) mymalloc(sizeof(*props));
196     int     ret;
197     VSTRING *serverid = vstring_alloc(25);
198     VSTRING *namaddr = vstring_alloc(25);
199     VSTRING *cipher_grade = vstring_alloc(25);
200     VSTRING *cipher_exclusions = vstring_alloc(25);
201     VSTRING *mdalg = vstring_alloc(25);
202 
203     /*
204      * Note: memset() is not a portable way to initialize non-integer types.
205      */
206     memset(props, 0, sizeof(*props));
207     props->ctx = 0;
208     props->stream = 0;
209     /* XXX Caller sets fd. */
210     ret = scan_fn(fp, flags | ATTR_FLAG_MORE,
211 		  RECV_ATTR_INT(TLS_ATTR_TIMEOUT, &props->timeout),
212 		  RECV_ATTR_INT(TLS_ATTR_REQUIRECERT, &props->requirecert),
213 		  RECV_ATTR_STR(TLS_ATTR_SERVERID, serverid),
214 		  RECV_ATTR_STR(TLS_ATTR_NAMADDR, namaddr),
215 		  RECV_ATTR_STR(TLS_ATTR_CIPHER_GRADE, cipher_grade),
216 		  RECV_ATTR_STR(TLS_ATTR_CIPHER_EXCLUSIONS,
217 				cipher_exclusions),
218 		  RECV_ATTR_STR(TLS_ATTR_MDALG, mdalg),
219 		  ATTR_TYPE_END);
220     props->serverid = vstring_export(serverid);
221     props->namaddr = vstring_export(namaddr);
222     props->cipher_grade = vstring_export(cipher_grade);
223     props->cipher_exclusions = vstring_export(cipher_exclusions);
224     props->mdalg = vstring_export(mdalg);
225     ret = (ret == 7 ? 1 : -1);
226     if (ret != 1) {
227 	tls_proxy_server_start_free(props);
228 	props = 0;
229     }
230     *(TLS_SERVER_START_PROPS **) ptr = props;
231     return (ret);
232 }
233 
234 /* tls_proxy_server_start_free - destroy TLS_SERVER_START_PROPS structure */
235 
tls_proxy_server_start_free(TLS_SERVER_START_PROPS * props)236 void    tls_proxy_server_start_free(TLS_SERVER_START_PROPS *props)
237 {
238     /* XXX Caller closes fd. */
239     myfree((void *) props->serverid);
240     myfree((void *) props->namaddr);
241     myfree((void *) props->cipher_grade);
242     myfree((void *) props->cipher_exclusions);
243     myfree((void *) props->mdalg);
244     myfree((void *) props);
245 }
246 
247 #endif
248