1 /* $NetBSD: tls_proxy_server_scan.c,v 1.3 2022/10/08 16:12:50 christos Exp $ */ 2 3 /*++ 4 /* NAME 5 /* tls_proxy_server_scan 3 6 /* SUMMARY 7 /* read TLS_SERVER_XXX structures from stream 8 /* SYNOPSIS 9 /* #include <tls_proxy.h> 10 /* 11 /* int tls_proxy_server_init_scan(scan_fn, stream, flags, ptr) 12 /* ATTR_SCAN_COMMON_FN scan_fn; 13 /* VSTREAM *stream; 14 /* int flags; 15 /* void *ptr; 16 /* 17 /* tls_proxy_server_init_free(init_props) 18 /* TLS_SERVER_INIT_PROPS *init_props; 19 /* 20 /* int tls_proxy_server_start_scan(scan_fn, stream, flags, ptr) 21 /* ATTR_SCAN_COMMON_FN scan_fn; 22 /* VSTREAM *stream; 23 /* int flags; 24 /* void *ptr; 25 /* 26 /* void tls_proxy_server_start_free(start_props) 27 /* TLS_SERVER_START_PROPS *start_props; 28 /* DESCRIPTION 29 /* tls_proxy_server_init_scan() reads a TLS_SERVER_INIT_PROPS 30 /* structure from the named stream using the specified attribute 31 /* scan routine. tls_proxy_server_init_scan() is meant to be passed 32 /* as a call-back function to attr_scan(), as shown below. 33 /* 34 /* tls_proxy_server_init_free() destroys a TLS_SERVER_INIT_PROPS 35 /* structure that was created by tls_proxy_server_init_scan(). 36 /* 37 /* TLS_SERVER_INIT_PROPS *init_props = 0; 38 /* ... 39 /* ... RECV_ATTR_FUNC(tls_proxy_server_init_scan, (void *) &init_props) 40 /* ... 41 /* if (init_props) 42 /* tls_proxy_client_init_free(init_props); 43 /* 44 /* tls_proxy_server_start_scan() reads a TLS_SERVER_START_PROPS 45 /* structure from the named stream using the specified attribute 46 /* scan routine. tls_proxy_server_start_scan() is meant to be passed 47 /* as a call-back function to attr_scan(), as shown below. 48 /* 49 /* tls_proxy_server_start_free() destroys a TLS_SERVER_START_PROPS 50 /* structure that was created by tls_proxy_server_start_scan(). 51 /* 52 /* TLS_SERVER_START_PROPS *start_props = 0; 53 /* ... 54 /* ... RECV_ATTR_FUNC(tls_proxy_server_start_scan, (void *) &start_props) 55 /* ... 56 /* if (start_props) 57 /* tls_proxy_server_start_free(start_props); 58 /* DIAGNOSTICS 59 /* Fatal: out of memory. 60 /* LICENSE 61 /* .ad 62 /* .fi 63 /* The Secure Mailer license must be distributed with this software. 64 /* AUTHOR(S) 65 /* Wietse Venema 66 /* Google, Inc. 67 /* 111 8th Avenue 68 /* New York, NY 10011, USA 69 /*--*/ 70 71 #ifdef USE_TLS 72 73 /* System library. */ 74 75 #include <sys_defs.h> 76 77 /* Utility library */ 78 79 #include <attr.h> 80 81 /* TLS library. */ 82 83 #include <tls.h> 84 #include <tls_proxy.h> 85 86 /* tls_proxy_server_init_scan - receive TLS_SERVER_INIT_PROPS from stream */ 87 88 int tls_proxy_server_init_scan(ATTR_SCAN_COMMON_FN scan_fn, VSTREAM *fp, 89 int flags, void *ptr) 90 { 91 TLS_SERVER_INIT_PROPS *props 92 = (TLS_SERVER_INIT_PROPS *) mymalloc(sizeof(*props)); 93 int ret; 94 VSTRING *log_param = vstring_alloc(25); 95 VSTRING *log_level = vstring_alloc(25); 96 VSTRING *cache_type = vstring_alloc(25); 97 VSTRING *chain_files = vstring_alloc(25); 98 VSTRING *cert_file = vstring_alloc(25); 99 VSTRING *key_file = vstring_alloc(25); 100 VSTRING *dcert_file = vstring_alloc(25); 101 VSTRING *dkey_file = vstring_alloc(25); 102 VSTRING *eccert_file = vstring_alloc(25); 103 VSTRING *eckey_file = vstring_alloc(25); 104 VSTRING *CAfile = vstring_alloc(25); 105 VSTRING *CApath = vstring_alloc(25); 106 VSTRING *protocols = vstring_alloc(25); 107 VSTRING *eecdh_grade = vstring_alloc(25); 108 VSTRING *dh1024_param_file = vstring_alloc(25); 109 VSTRING *dh512_param_file = vstring_alloc(25); 110 VSTRING *mdalg = vstring_alloc(25); 111 112 /* 113 * Note: memset() is not a portable way to initialize non-integer types. 114 */ 115 memset(props, 0, sizeof(*props)); 116 ret = scan_fn(fp, flags | ATTR_FLAG_MORE, 117 RECV_ATTR_STR(TLS_ATTR_LOG_PARAM, log_param), 118 RECV_ATTR_STR(TLS_ATTR_LOG_LEVEL, log_level), 119 RECV_ATTR_INT(TLS_ATTR_VERIFYDEPTH, &props->verifydepth), 120 RECV_ATTR_STR(TLS_ATTR_CACHE_TYPE, cache_type), 121 RECV_ATTR_INT(TLS_ATTR_SET_SESSID, &props->set_sessid), 122 RECV_ATTR_STR(TLS_ATTR_CHAIN_FILES, chain_files), 123 RECV_ATTR_STR(TLS_ATTR_CERT_FILE, cert_file), 124 RECV_ATTR_STR(TLS_ATTR_KEY_FILE, key_file), 125 RECV_ATTR_STR(TLS_ATTR_DCERT_FILE, dcert_file), 126 RECV_ATTR_STR(TLS_ATTR_DKEY_FILE, dkey_file), 127 RECV_ATTR_STR(TLS_ATTR_ECCERT_FILE, eccert_file), 128 RECV_ATTR_STR(TLS_ATTR_ECKEY_FILE, eckey_file), 129 RECV_ATTR_STR(TLS_ATTR_CAFILE, CAfile), 130 RECV_ATTR_STR(TLS_ATTR_CAPATH, CApath), 131 RECV_ATTR_STR(TLS_ATTR_PROTOCOLS, protocols), 132 RECV_ATTR_STR(TLS_ATTR_EECDH_GRADE, eecdh_grade), 133 RECV_ATTR_STR(TLS_ATTR_DH1K_PARAM_FILE, dh1024_param_file), 134 RECV_ATTR_STR(TLS_ATTR_DH512_PARAM_FILE, dh512_param_file), 135 RECV_ATTR_INT(TLS_ATTR_ASK_CCERT, &props->ask_ccert), 136 RECV_ATTR_STR(TLS_ATTR_MDALG, mdalg), 137 ATTR_TYPE_END); 138 /* Always construct a well-formed structure. */ 139 props->log_param = vstring_export(log_param); 140 props->log_level = vstring_export(log_level); 141 props->cache_type = vstring_export(cache_type); 142 props->chain_files = vstring_export(chain_files); 143 props->cert_file = vstring_export(cert_file); 144 props->key_file = vstring_export(key_file); 145 props->dcert_file = vstring_export(dcert_file); 146 props->dkey_file = vstring_export(dkey_file); 147 props->eccert_file = vstring_export(eccert_file); 148 props->eckey_file = vstring_export(eckey_file); 149 props->CAfile = vstring_export(CAfile); 150 props->CApath = vstring_export(CApath); 151 props->protocols = vstring_export(protocols); 152 props->eecdh_grade = vstring_export(eecdh_grade); 153 props->dh1024_param_file = vstring_export(dh1024_param_file); 154 props->dh512_param_file = vstring_export(dh512_param_file); 155 props->mdalg = vstring_export(mdalg); 156 ret = (ret == 20 ? 1 : -1); 157 if (ret != 1) { 158 tls_proxy_server_init_free(props); 159 props = 0; 160 } 161 *(TLS_SERVER_INIT_PROPS **) ptr = props; 162 return (ret); 163 } 164 165 /* tls_proxy_server_init_free - destroy TLS_SERVER_INIT_PROPS structure */ 166 167 void tls_proxy_server_init_free(TLS_SERVER_INIT_PROPS *props) 168 { 169 myfree((void *) props->log_param); 170 myfree((void *) props->log_level); 171 myfree((void *) props->cache_type); 172 myfree((void *) props->chain_files); 173 myfree((void *) props->cert_file); 174 myfree((void *) props->key_file); 175 myfree((void *) props->dcert_file); 176 myfree((void *) props->dkey_file); 177 myfree((void *) props->eccert_file); 178 myfree((void *) props->eckey_file); 179 myfree((void *) props->CAfile); 180 myfree((void *) props->CApath); 181 myfree((void *) props->protocols); 182 myfree((void *) props->eecdh_grade); 183 myfree((void *) props->dh1024_param_file); 184 myfree((void *) props->dh512_param_file); 185 myfree((void *) props->mdalg); 186 myfree((void *) props); 187 } 188 189 /* tls_proxy_server_start_scan - receive TLS_SERVER_START_PROPS from stream */ 190 191 int tls_proxy_server_start_scan(ATTR_SCAN_COMMON_FN scan_fn, VSTREAM *fp, 192 int flags, void *ptr) 193 { 194 TLS_SERVER_START_PROPS *props 195 = (TLS_SERVER_START_PROPS *) mymalloc(sizeof(*props)); 196 int ret; 197 VSTRING *serverid = vstring_alloc(25); 198 VSTRING *namaddr = vstring_alloc(25); 199 VSTRING *cipher_grade = vstring_alloc(25); 200 VSTRING *cipher_exclusions = vstring_alloc(25); 201 VSTRING *mdalg = vstring_alloc(25); 202 203 /* 204 * Note: memset() is not a portable way to initialize non-integer types. 205 */ 206 memset(props, 0, sizeof(*props)); 207 props->ctx = 0; 208 props->stream = 0; 209 /* XXX Caller sets fd. */ 210 ret = scan_fn(fp, flags | ATTR_FLAG_MORE, 211 RECV_ATTR_INT(TLS_ATTR_TIMEOUT, &props->timeout), 212 RECV_ATTR_INT(TLS_ATTR_REQUIRECERT, &props->requirecert), 213 RECV_ATTR_STR(TLS_ATTR_SERVERID, serverid), 214 RECV_ATTR_STR(TLS_ATTR_NAMADDR, namaddr), 215 RECV_ATTR_STR(TLS_ATTR_CIPHER_GRADE, cipher_grade), 216 RECV_ATTR_STR(TLS_ATTR_CIPHER_EXCLUSIONS, 217 cipher_exclusions), 218 RECV_ATTR_STR(TLS_ATTR_MDALG, mdalg), 219 ATTR_TYPE_END); 220 props->serverid = vstring_export(serverid); 221 props->namaddr = vstring_export(namaddr); 222 props->cipher_grade = vstring_export(cipher_grade); 223 props->cipher_exclusions = vstring_export(cipher_exclusions); 224 props->mdalg = vstring_export(mdalg); 225 ret = (ret == 7 ? 1 : -1); 226 if (ret != 1) { 227 tls_proxy_server_start_free(props); 228 props = 0; 229 } 230 *(TLS_SERVER_START_PROPS **) ptr = props; 231 return (ret); 232 } 233 234 /* tls_proxy_server_start_free - destroy TLS_SERVER_START_PROPS structure */ 235 236 void tls_proxy_server_start_free(TLS_SERVER_START_PROPS *props) 237 { 238 /* XXX Caller closes fd. */ 239 myfree((void *) props->serverid); 240 myfree((void *) props->namaddr); 241 myfree((void *) props->cipher_grade); 242 myfree((void *) props->cipher_exclusions); 243 myfree((void *) props->mdalg); 244 myfree((void *) props); 245 } 246 247 #endif 248
Indexes created Sun Jun 21 00:25:28 UTC 2026