1 /* $NetBSD: tls_stream.c,v 1.1.1.1 2009/06/23 10:08:57 tron Exp $ */ 2 3 /*++ 4 /* NAME 5 /* tls_stream 6 /* SUMMARY 7 /* VSTREAM over TLS 8 /* SYNOPSIS 9 /* #define TLS_INTERNAL 10 /* #include <tls.h> 11 /* 12 /* void tls_stream_start(stream, context) 13 /* VSTREAM *stream; 14 /* TLS_SESS_STATE *context; 15 /* 16 /* void tls_stream_stop(stream) 17 /* VSTREAM *stream; 18 /* DESCRIPTION 19 /* This module implements the VSTREAM over TLS support user interface. 20 /* The hard work is done elsewhere. 21 /* 22 /* tls_stream_start() enables TLS on the named stream. All read 23 /* and write operations are directed through the TLS library, 24 /* using the state information specified with the context argument. 25 /* 26 /* tls_stream_stop() replaces the VSTREAM read/write routines 27 /* by dummies that have no side effects, and deletes the 28 /* VSTREAM's reference to the TLS context. 29 /* SEE ALSO 30 /* dummy_read(3), placebo read routine 31 /* dummy_write(3), placebo write routine 32 /* LICENSE 33 /* .ad 34 /* .fi 35 /* This software is free. You can do with it whatever you want. 36 /* The original author kindly requests that you acknowledge 37 /* the use of his software. 38 /* AUTHOR(S) 39 /* Based on code that was originally written by: 40 /* Lutz Jaenicke 41 /* BTU Cottbus 42 /* Allgemeine Elektrotechnik 43 /* Universitaetsplatz 3-4 44 /* D-03044 Cottbus, Germany 45 /* 46 /* Updated by: 47 /* Wietse Venema 48 /* IBM T.J. Watson Research 49 /* P.O. Box 704 50 /* Yorktown Heights, NY 10598, USA 51 /*--*/ 52 53 /* System library. */ 54 55 #include <sys_defs.h> 56 57 #ifdef USE_TLS 58 59 /* Utility library. */ 60 61 #include <iostuff.h> 62 #include <vstream.h> 63 #include <msg.h> 64 65 /* TLS library. */ 66 67 #define TLS_INTERNAL 68 #include <tls.h> 69 70 /* tls_timed_read - read content from stream, then TLS decapsulate */ 71 72 static ssize_t tls_timed_read(int fd, void *buf, size_t len, int timeout, 73 void *context) 74 { 75 const char *myname = "tls_timed_read"; 76 ssize_t ret; 77 TLS_SESS_STATE *TLScontext; 78 79 TLScontext = (TLS_SESS_STATE *) context; 80 if (!TLScontext) 81 msg_panic("%s: no context", myname); 82 83 ret = tls_bio_read(fd, buf, len, timeout, TLScontext); 84 if (ret > 0 && TLScontext->log_level >= 4) 85 msg_info("Read %ld chars: %.*s", 86 (long) ret, (int) (ret > 40 ? 40 : ret), (char *) buf); 87 return (ret); 88 } 89 90 /* tls_timed_write - TLS encapsulate content, then write to stream */ 91 92 static ssize_t tls_timed_write(int fd, void *buf, size_t len, int timeout, 93 void *context) 94 { 95 const char *myname = "tls_timed_write"; 96 TLS_SESS_STATE *TLScontext; 97 98 TLScontext = (TLS_SESS_STATE *) context; 99 if (!TLScontext) 100 msg_panic("%s: no context", myname); 101 102 if (TLScontext->log_level >= 4) 103 msg_info("Write %ld chars: %.*s", 104 (long) len, (int) (len > 40 ? 40 : len), (char *) buf); 105 return (tls_bio_write(fd, buf, len, timeout, TLScontext)); 106 } 107 108 /* tls_stream_start - start VSTREAM over TLS */ 109 110 void tls_stream_start(VSTREAM *stream, TLS_SESS_STATE *context) 111 { 112 vstream_control(stream, 113 VSTREAM_CTL_READ_FN, tls_timed_read, 114 VSTREAM_CTL_WRITE_FN, tls_timed_write, 115 VSTREAM_CTL_CONTEXT, (void *) context, 116 VSTREAM_CTL_END); 117 } 118 119 /* tls_stream_stop - stop VSTREAM over TLS */ 120 121 void tls_stream_stop(VSTREAM *stream) 122 { 123 124 /* 125 * Prevent data leakage after TLS is turned off. The Postfix/TLS patch 126 * provided null function pointers; we use dummy routines that make less 127 * noise when used. 128 */ 129 vstream_control(stream, 130 VSTREAM_CTL_READ_FN, dummy_read, 131 VSTREAM_CTL_WRITE_FN, dummy_write, 132 VSTREAM_CTL_CONTEXT, (void *) 0, 133 VSTREAM_CTL_END); 134 } 135 136 #endif 137