Commit | Line | Data |
---|---|---|
059ec3d9 PH |
1 | /* $Cambridge: exim/src/src/tls.c,v 1.1 2004/10/07 10:39:01 ph10 Exp $ */ |
2 | ||
3 | /************************************************* | |
4 | * Exim - an Internet mail transport agent * | |
5 | *************************************************/ | |
6 | ||
7 | /* Copyright (c) University of Cambridge 1995 - 2004 */ | |
8 | /* See the file NOTICE for conditions of use and distribution. */ | |
9 | ||
10 | /* This module provides TLS (aka SSL) support for Exim. The code for OpenSSL is | |
11 | based on a patch that was originally contributed by Steve Haslam. It was | |
12 | adapted from stunnel, a GPL program by Michal Trojnara. The code for GNU TLS is | |
13 | based on a patch contributed by Nikos Mavroyanopoulos. Because these packages | |
14 | are so very different, the functions for each are kept in separate files. The | |
15 | relevant file is #included as required, after any any common functions. | |
16 | ||
17 | No cryptographic code is included in Exim. All this module does is to call | |
18 | functions from the OpenSSL or GNU TLS libraries. */ | |
19 | ||
20 | ||
21 | #include "exim.h" | |
22 | ||
23 | /* This module is compiled only when it is specifically requested in the | |
24 | build-time configuration. However, some compilers don't like compiling empty | |
25 | modules, so keep them happy with a dummy when skipping the rest. Make it | |
26 | reference itself to stop picky compilers complaining that it is unused, and put | |
27 | in a dummy argument to stop even pickier compilers complaining about infinite | |
28 | loops. */ | |
29 | ||
30 | #ifndef SUPPORT_TLS | |
31 | static void dummy(int x) { dummy(x-1); } | |
32 | #else | |
33 | ||
34 | /* Static variables that are used for buffering data by both sets of | |
35 | functions and the common functions below. */ | |
36 | ||
37 | ||
38 | static uschar *ssl_xfer_buffer = NULL; | |
39 | static int ssl_xfer_buffer_size = 4096; | |
40 | static int ssl_xfer_buffer_lwm = 0; | |
41 | static int ssl_xfer_buffer_hwm = 0; | |
42 | static int ssl_xfer_eof = 0; | |
43 | static int ssl_xfer_error = 0; | |
44 | ||
45 | ||
46 | ||
47 | /************************************************* | |
48 | * Expand string; give error on failure * | |
49 | *************************************************/ | |
50 | ||
51 | /* If expansion is forced to fail, set the result NULL and return TRUE. | |
52 | Other failures return FALSE. For a server, an SMTP response is given. | |
53 | ||
54 | Arguments: | |
55 | s the string to expand; if NULL just return TRUE | |
56 | name name of string being expanded (for error) | |
57 | result where to put the result | |
58 | ||
59 | Returns: TRUE if OK; result may still be NULL after forced failure | |
60 | */ | |
61 | ||
62 | static BOOL | |
63 | expand_check(uschar *s, uschar *name, uschar **result) | |
64 | { | |
65 | if (s == NULL) *result = NULL; else | |
66 | { | |
67 | *result = expand_string(s); | |
68 | if (*result == NULL && !expand_string_forcedfail) | |
69 | { | |
70 | log_write(0, LOG_MAIN|LOG_PANIC, "expansion of %s failed: %s", name, | |
71 | expand_string_message); | |
72 | return FALSE; | |
73 | } | |
74 | } | |
75 | return TRUE; | |
76 | } | |
77 | ||
78 | ||
79 | /************************************************* | |
80 | * Many functions are package-specific * | |
81 | *************************************************/ | |
82 | ||
83 | #ifdef USE_GNUTLS | |
84 | #include "tls-gnu.c" | |
85 | #else | |
86 | #include "tls-openssl.c" | |
87 | #endif | |
88 | ||
89 | ||
90 | ||
91 | /************************************************* | |
92 | * TLS version of ungetc * | |
93 | *************************************************/ | |
94 | ||
95 | /* Puts a character back in the input buffer. Only ever | |
96 | called once. | |
97 | ||
98 | Arguments: | |
99 | ch the character | |
100 | ||
101 | Returns: the character | |
102 | */ | |
103 | ||
104 | int | |
105 | tls_ungetc(int ch) | |
106 | { | |
107 | ssl_xfer_buffer[--ssl_xfer_buffer_lwm] = ch; | |
108 | return ch; | |
109 | } | |
110 | ||
111 | ||
112 | ||
113 | /************************************************* | |
114 | * TLS version of feof * | |
115 | *************************************************/ | |
116 | ||
117 | /* Tests for a previous EOF | |
118 | ||
119 | Arguments: none | |
120 | Returns: non-zero if the eof flag is set | |
121 | */ | |
122 | ||
123 | int | |
124 | tls_feof(void) | |
125 | { | |
126 | return ssl_xfer_eof; | |
127 | } | |
128 | ||
129 | ||
130 | ||
131 | /************************************************* | |
132 | * TLS version of ferror * | |
133 | *************************************************/ | |
134 | ||
135 | /* Tests for a previous read error, and returns with errno | |
136 | restored to what it was when the error was detected. | |
137 | ||
138 | >>>>> Hmm. Errno not handled yet. Where do we get it from? >>>>> | |
139 | ||
140 | Arguments: none | |
141 | Returns: non-zero if the error flag is set | |
142 | */ | |
143 | ||
144 | int | |
145 | tls_ferror(void) | |
146 | { | |
147 | return ssl_xfer_error; | |
148 | } | |
149 | ||
150 | #endif /* SUPPORT_TLS */ | |
151 | ||
152 | /* End of tls.c */ |