1*fb52cf35Schristos /* $NetBSD: tls_proxy_server_scan.c,v 1.3 2022/10/08 16:12:50 christos Exp $ */
2e09e275dSchristos
3e09e275dSchristos /*++
4e09e275dSchristos /* NAME
5e09e275dSchristos /* tls_proxy_server_scan 3
6e09e275dSchristos /* SUMMARY
7e09e275dSchristos /* read TLS_SERVER_XXX structures from stream
8e09e275dSchristos /* SYNOPSIS
9e09e275dSchristos /* #include <tls_proxy.h>
10e09e275dSchristos /*
11e09e275dSchristos /* int tls_proxy_server_init_scan(scan_fn, stream, flags, ptr)
12*fb52cf35Schristos /* ATTR_SCAN_COMMON_FN scan_fn;
13e09e275dSchristos /* VSTREAM *stream;
14e09e275dSchristos /* int flags;
15e09e275dSchristos /* void *ptr;
16e09e275dSchristos /*
17e09e275dSchristos /* tls_proxy_server_init_free(init_props)
18e09e275dSchristos /* TLS_SERVER_INIT_PROPS *init_props;
19e09e275dSchristos /*
20e09e275dSchristos /* int tls_proxy_server_start_scan(scan_fn, stream, flags, ptr)
21*fb52cf35Schristos /* ATTR_SCAN_COMMON_FN scan_fn;
22e09e275dSchristos /* VSTREAM *stream;
23e09e275dSchristos /* int flags;
24e09e275dSchristos /* void *ptr;
25e09e275dSchristos /*
26e09e275dSchristos /* void tls_proxy_server_start_free(start_props)
27e09e275dSchristos /* TLS_SERVER_START_PROPS *start_props;
28e09e275dSchristos /* DESCRIPTION
29e09e275dSchristos /* tls_proxy_server_init_scan() reads a TLS_SERVER_INIT_PROPS
30e09e275dSchristos /* structure from the named stream using the specified attribute
31e09e275dSchristos /* scan routine. tls_proxy_server_init_scan() is meant to be passed
32e09e275dSchristos /* as a call-back function to attr_scan(), as shown below.
33e09e275dSchristos /*
34e09e275dSchristos /* tls_proxy_server_init_free() destroys a TLS_SERVER_INIT_PROPS
35e09e275dSchristos /* structure that was created by tls_proxy_server_init_scan().
36e09e275dSchristos /*
37e09e275dSchristos /* TLS_SERVER_INIT_PROPS *init_props = 0;
38e09e275dSchristos /* ...
39e09e275dSchristos /* ... RECV_ATTR_FUNC(tls_proxy_server_init_scan, (void *) &init_props)
40e09e275dSchristos /* ...
41e09e275dSchristos /* if (init_props)
42e09e275dSchristos /* tls_proxy_client_init_free(init_props);
43e09e275dSchristos /*
44e09e275dSchristos /* tls_proxy_server_start_scan() reads a TLS_SERVER_START_PROPS
45e09e275dSchristos /* structure from the named stream using the specified attribute
46e09e275dSchristos /* scan routine. tls_proxy_server_start_scan() is meant to be passed
47e09e275dSchristos /* as a call-back function to attr_scan(), as shown below.
48e09e275dSchristos /*
49e09e275dSchristos /* tls_proxy_server_start_free() destroys a TLS_SERVER_START_PROPS
50e09e275dSchristos /* structure that was created by tls_proxy_server_start_scan().
51e09e275dSchristos /*
52e09e275dSchristos /* TLS_SERVER_START_PROPS *start_props = 0;
53e09e275dSchristos /* ...
54e09e275dSchristos /* ... RECV_ATTR_FUNC(tls_proxy_server_start_scan, (void *) &start_props)
55e09e275dSchristos /* ...
56e09e275dSchristos /* if (start_props)
57e09e275dSchristos /* tls_proxy_server_start_free(start_props);
58e09e275dSchristos /* DIAGNOSTICS
59e09e275dSchristos /* Fatal: out of memory.
60e09e275dSchristos /* LICENSE
61e09e275dSchristos /* .ad
62e09e275dSchristos /* .fi
63e09e275dSchristos /* The Secure Mailer license must be distributed with this software.
64e09e275dSchristos /* AUTHOR(S)
65e09e275dSchristos /* Wietse Venema
66e09e275dSchristos /* Google, Inc.
67e09e275dSchristos /* 111 8th Avenue
68e09e275dSchristos /* New York, NY 10011, USA
69e09e275dSchristos /*--*/
70e09e275dSchristos
71e09e275dSchristos #ifdef USE_TLS
72e09e275dSchristos
73e09e275dSchristos /* System library. */
74e09e275dSchristos
75e09e275dSchristos #include <sys_defs.h>
76e09e275dSchristos
77e09e275dSchristos /* Utility library */
78e09e275dSchristos
79e09e275dSchristos #include <attr.h>
80e09e275dSchristos
81e09e275dSchristos /* TLS library. */
82e09e275dSchristos
83e09e275dSchristos #include <tls.h>
84e09e275dSchristos #include <tls_proxy.h>
85e09e275dSchristos
86e09e275dSchristos /* tls_proxy_server_init_scan - receive TLS_SERVER_INIT_PROPS from stream */
87e09e275dSchristos
tls_proxy_server_init_scan(ATTR_SCAN_COMMON_FN scan_fn,VSTREAM * fp,int flags,void * ptr)88*fb52cf35Schristos int tls_proxy_server_init_scan(ATTR_SCAN_COMMON_FN scan_fn, VSTREAM *fp,
89e09e275dSchristos int flags, void *ptr)
90e09e275dSchristos {
91e09e275dSchristos TLS_SERVER_INIT_PROPS *props
92e09e275dSchristos = (TLS_SERVER_INIT_PROPS *) mymalloc(sizeof(*props));
93e09e275dSchristos int ret;
94e09e275dSchristos VSTRING *log_param = vstring_alloc(25);
95e09e275dSchristos VSTRING *log_level = vstring_alloc(25);
96e09e275dSchristos VSTRING *cache_type = vstring_alloc(25);
97e09e275dSchristos VSTRING *chain_files = vstring_alloc(25);
98e09e275dSchristos VSTRING *cert_file = vstring_alloc(25);
99e09e275dSchristos VSTRING *key_file = vstring_alloc(25);
100e09e275dSchristos VSTRING *dcert_file = vstring_alloc(25);
101e09e275dSchristos VSTRING *dkey_file = vstring_alloc(25);
102e09e275dSchristos VSTRING *eccert_file = vstring_alloc(25);
103e09e275dSchristos VSTRING *eckey_file = vstring_alloc(25);
104e09e275dSchristos VSTRING *CAfile = vstring_alloc(25);
105e09e275dSchristos VSTRING *CApath = vstring_alloc(25);
106e09e275dSchristos VSTRING *protocols = vstring_alloc(25);
107e09e275dSchristos VSTRING *eecdh_grade = vstring_alloc(25);
108e09e275dSchristos VSTRING *dh1024_param_file = vstring_alloc(25);
109e09e275dSchristos VSTRING *dh512_param_file = vstring_alloc(25);
110e09e275dSchristos VSTRING *mdalg = vstring_alloc(25);
111e09e275dSchristos
112e09e275dSchristos /*
113e09e275dSchristos * Note: memset() is not a portable way to initialize non-integer types.
114e09e275dSchristos */
115e09e275dSchristos memset(props, 0, sizeof(*props));
116e09e275dSchristos ret = scan_fn(fp, flags | ATTR_FLAG_MORE,
117e09e275dSchristos RECV_ATTR_STR(TLS_ATTR_LOG_PARAM, log_param),
118e09e275dSchristos RECV_ATTR_STR(TLS_ATTR_LOG_LEVEL, log_level),
119e09e275dSchristos RECV_ATTR_INT(TLS_ATTR_VERIFYDEPTH, &props->verifydepth),
120e09e275dSchristos RECV_ATTR_STR(TLS_ATTR_CACHE_TYPE, cache_type),
121e09e275dSchristos RECV_ATTR_INT(TLS_ATTR_SET_SESSID, &props->set_sessid),
122e09e275dSchristos RECV_ATTR_STR(TLS_ATTR_CHAIN_FILES, chain_files),
123e09e275dSchristos RECV_ATTR_STR(TLS_ATTR_CERT_FILE, cert_file),
124e09e275dSchristos RECV_ATTR_STR(TLS_ATTR_KEY_FILE, key_file),
125e09e275dSchristos RECV_ATTR_STR(TLS_ATTR_DCERT_FILE, dcert_file),
126e09e275dSchristos RECV_ATTR_STR(TLS_ATTR_DKEY_FILE, dkey_file),
127e09e275dSchristos RECV_ATTR_STR(TLS_ATTR_ECCERT_FILE, eccert_file),
128e09e275dSchristos RECV_ATTR_STR(TLS_ATTR_ECKEY_FILE, eckey_file),
129e09e275dSchristos RECV_ATTR_STR(TLS_ATTR_CAFILE, CAfile),
130e09e275dSchristos RECV_ATTR_STR(TLS_ATTR_CAPATH, CApath),
131e09e275dSchristos RECV_ATTR_STR(TLS_ATTR_PROTOCOLS, protocols),
132e09e275dSchristos RECV_ATTR_STR(TLS_ATTR_EECDH_GRADE, eecdh_grade),
133e09e275dSchristos RECV_ATTR_STR(TLS_ATTR_DH1K_PARAM_FILE, dh1024_param_file),
134e09e275dSchristos RECV_ATTR_STR(TLS_ATTR_DH512_PARAM_FILE, dh512_param_file),
135e09e275dSchristos RECV_ATTR_INT(TLS_ATTR_ASK_CCERT, &props->ask_ccert),
136e09e275dSchristos RECV_ATTR_STR(TLS_ATTR_MDALG, mdalg),
137e09e275dSchristos ATTR_TYPE_END);
138e09e275dSchristos /* Always construct a well-formed structure. */
139e09e275dSchristos props->log_param = vstring_export(log_param);
140e09e275dSchristos props->log_level = vstring_export(log_level);
141e09e275dSchristos props->cache_type = vstring_export(cache_type);
142e09e275dSchristos props->chain_files = vstring_export(chain_files);
143e09e275dSchristos props->cert_file = vstring_export(cert_file);
144e09e275dSchristos props->key_file = vstring_export(key_file);
145e09e275dSchristos props->dcert_file = vstring_export(dcert_file);
146e09e275dSchristos props->dkey_file = vstring_export(dkey_file);
147e09e275dSchristos props->eccert_file = vstring_export(eccert_file);
148e09e275dSchristos props->eckey_file = vstring_export(eckey_file);
149e09e275dSchristos props->CAfile = vstring_export(CAfile);
150e09e275dSchristos props->CApath = vstring_export(CApath);
151e09e275dSchristos props->protocols = vstring_export(protocols);
152e09e275dSchristos props->eecdh_grade = vstring_export(eecdh_grade);
153e09e275dSchristos props->dh1024_param_file = vstring_export(dh1024_param_file);
154e09e275dSchristos props->dh512_param_file = vstring_export(dh512_param_file);
155e09e275dSchristos props->mdalg = vstring_export(mdalg);
156e09e275dSchristos ret = (ret == 20 ? 1 : -1);
157e09e275dSchristos if (ret != 1) {
158e09e275dSchristos tls_proxy_server_init_free(props);
159e09e275dSchristos props = 0;
160e09e275dSchristos }
161e09e275dSchristos *(TLS_SERVER_INIT_PROPS **) ptr = props;
162e09e275dSchristos return (ret);
163e09e275dSchristos }
164e09e275dSchristos
165e09e275dSchristos /* tls_proxy_server_init_free - destroy TLS_SERVER_INIT_PROPS structure */
166e09e275dSchristos
tls_proxy_server_init_free(TLS_SERVER_INIT_PROPS * props)167e09e275dSchristos void tls_proxy_server_init_free(TLS_SERVER_INIT_PROPS *props)
168e09e275dSchristos {
169e09e275dSchristos myfree((void *) props->log_param);
170e09e275dSchristos myfree((void *) props->log_level);
171e09e275dSchristos myfree((void *) props->cache_type);
172e09e275dSchristos myfree((void *) props->chain_files);
173e09e275dSchristos myfree((void *) props->cert_file);
174e09e275dSchristos myfree((void *) props->key_file);
175e09e275dSchristos myfree((void *) props->dcert_file);
176e09e275dSchristos myfree((void *) props->dkey_file);
177e09e275dSchristos myfree((void *) props->eccert_file);
178e09e275dSchristos myfree((void *) props->eckey_file);
179e09e275dSchristos myfree((void *) props->CAfile);
180e09e275dSchristos myfree((void *) props->CApath);
181e09e275dSchristos myfree((void *) props->protocols);
182e09e275dSchristos myfree((void *) props->eecdh_grade);
183e09e275dSchristos myfree((void *) props->dh1024_param_file);
184e09e275dSchristos myfree((void *) props->dh512_param_file);
185e09e275dSchristos myfree((void *) props->mdalg);
186e09e275dSchristos myfree((void *) props);
187e09e275dSchristos }
188e09e275dSchristos
189e09e275dSchristos /* tls_proxy_server_start_scan - receive TLS_SERVER_START_PROPS from stream */
190e09e275dSchristos
tls_proxy_server_start_scan(ATTR_SCAN_COMMON_FN scan_fn,VSTREAM * fp,int flags,void * ptr)191*fb52cf35Schristos int tls_proxy_server_start_scan(ATTR_SCAN_COMMON_FN scan_fn, VSTREAM *fp,
192e09e275dSchristos int flags, void *ptr)
193e09e275dSchristos {
194e09e275dSchristos TLS_SERVER_START_PROPS *props
195e09e275dSchristos = (TLS_SERVER_START_PROPS *) mymalloc(sizeof(*props));
196e09e275dSchristos int ret;
197e09e275dSchristos VSTRING *serverid = vstring_alloc(25);
198e09e275dSchristos VSTRING *namaddr = vstring_alloc(25);
199e09e275dSchristos VSTRING *cipher_grade = vstring_alloc(25);
200e09e275dSchristos VSTRING *cipher_exclusions = vstring_alloc(25);
201e09e275dSchristos VSTRING *mdalg = vstring_alloc(25);
202e09e275dSchristos
203e09e275dSchristos /*
204e09e275dSchristos * Note: memset() is not a portable way to initialize non-integer types.
205e09e275dSchristos */
206e09e275dSchristos memset(props, 0, sizeof(*props));
207e09e275dSchristos props->ctx = 0;
208e09e275dSchristos props->stream = 0;
209e09e275dSchristos /* XXX Caller sets fd. */
210e09e275dSchristos ret = scan_fn(fp, flags | ATTR_FLAG_MORE,
211e09e275dSchristos RECV_ATTR_INT(TLS_ATTR_TIMEOUT, &props->timeout),
212e09e275dSchristos RECV_ATTR_INT(TLS_ATTR_REQUIRECERT, &props->requirecert),
213e09e275dSchristos RECV_ATTR_STR(TLS_ATTR_SERVERID, serverid),
214e09e275dSchristos RECV_ATTR_STR(TLS_ATTR_NAMADDR, namaddr),
215e09e275dSchristos RECV_ATTR_STR(TLS_ATTR_CIPHER_GRADE, cipher_grade),
216e09e275dSchristos RECV_ATTR_STR(TLS_ATTR_CIPHER_EXCLUSIONS,
217e09e275dSchristos cipher_exclusions),
218e09e275dSchristos RECV_ATTR_STR(TLS_ATTR_MDALG, mdalg),
219e09e275dSchristos ATTR_TYPE_END);
220e09e275dSchristos props->serverid = vstring_export(serverid);
221e09e275dSchristos props->namaddr = vstring_export(namaddr);
222e09e275dSchristos props->cipher_grade = vstring_export(cipher_grade);
223e09e275dSchristos props->cipher_exclusions = vstring_export(cipher_exclusions);
224e09e275dSchristos props->mdalg = vstring_export(mdalg);
225e09e275dSchristos ret = (ret == 7 ? 1 : -1);
226e09e275dSchristos if (ret != 1) {
227e09e275dSchristos tls_proxy_server_start_free(props);
228e09e275dSchristos props = 0;
229e09e275dSchristos }
230e09e275dSchristos *(TLS_SERVER_START_PROPS **) ptr = props;
231e09e275dSchristos return (ret);
232e09e275dSchristos }
233e09e275dSchristos
234e09e275dSchristos /* tls_proxy_server_start_free - destroy TLS_SERVER_START_PROPS structure */
235e09e275dSchristos
tls_proxy_server_start_free(TLS_SERVER_START_PROPS * props)236e09e275dSchristos void tls_proxy_server_start_free(TLS_SERVER_START_PROPS *props)
237e09e275dSchristos {
238e09e275dSchristos /* XXX Caller closes fd. */
239e09e275dSchristos myfree((void *) props->serverid);
240e09e275dSchristos myfree((void *) props->namaddr);
241e09e275dSchristos myfree((void *) props->cipher_grade);
242e09e275dSchristos myfree((void *) props->cipher_exclusions);
243e09e275dSchristos myfree((void *) props->mdalg);
244e09e275dSchristos myfree((void *) props);
245e09e275dSchristos }
246e09e275dSchristos
247e09e275dSchristos #endif
248