1/*	$NetBSD: tls.h,v 1.5 2023/12/23 20:30:45 christos Exp $	*/
2
3#ifndef _TLS_H_INCLUDED_
4#define _TLS_H_INCLUDED_
5
6/*++
7/* NAME
8/*	tls 3h
9/* SUMMARY
10/*	libtls internal interfaces
11/* SYNOPSIS
12/*	#include <tls.h>
13/* DESCRIPTION
14/* .nf
15
16 /*
17  * Utility library.
18  */
19#include <name_code.h>
20#include <argv.h>
21
22 /*
23  * TLS enforcement levels. Non-sentinel values may also be used to indicate
24  * the actual security level of a session.
25  *
26  * XXX TLS_LEV_NOTFOUND no longer belongs in this list. The SMTP client will
27  * have to use something else to report that policy table lookup failed.
28  *
29  * The order of levels matters, but we hide most of the details in macros.
30  *
31  * "dane" vs. "fingerprint", both must lie between "encrypt" and "verify".
32  *
33  * - With "may" and higher, TLS is enabled.
34  *
35  * - With "encrypt" and higher, TLS encryption must be applied.
36  *
37  * - Strictly above "encrypt", the peer certificate must match.
38  *
39  * - At "dane" and higher, the peer certificate must also be trusted. With
40  * "dane" the trust may be self-asserted, so we only log trust verification
41  * errors when TA associations are involved.
42  */
43#define TLS_LEV_INVALID		-2	/* sentinel */
44#define TLS_LEV_NOTFOUND	-1	/* XXX not in policy table */
45#define TLS_LEV_NONE		0	/* plain-text only */
46#define TLS_LEV_MAY		1	/* wildcard */
47#define TLS_LEV_ENCRYPT		2	/* encrypted connection */
48#define TLS_LEV_FPRINT		3	/* "peer" CA-less verification */
49#define TLS_LEV_HALF_DANE	4	/* DANE TLSA MX host, insecure MX RR */
50#define TLS_LEV_DANE		5	/* Opportunistic TLSA policy */
51#define TLS_LEV_DANE_ONLY	6	/* Required TLSA policy */
52#define TLS_LEV_VERIFY		7	/* certificate verified */
53#define TLS_LEV_SECURE		8	/* "secure" verification */
54
55#define TLS_REQUIRED(l)		((l) > TLS_LEV_MAY)
56#define TLS_MUST_MATCH(l)	((l) > TLS_LEV_ENCRYPT)
57#define TLS_MUST_PKIX(l)	((l) >= TLS_LEV_VERIFY)
58#define TLS_OPPORTUNISTIC(l)	((l) == TLS_LEV_MAY || (l) == TLS_LEV_DANE)
59#define TLS_DANE_BASED(l)	\
60	((l) >= TLS_LEV_HALF_DANE && (l) <= TLS_LEV_DANE_ONLY)
61#define TLS_NEVER_SECURED(l)	((l) == TLS_LEV_HALF_DANE)
62
63extern int tls_level_lookup(const char *);
64extern const char *str_tls_level(int);
65
66#ifdef USE_TLS
67
68 /*
69  * OpenSSL library.
70  */
71#include <openssl/lhash.h>
72#include <openssl/bn.h>
73#include <openssl/err.h>
74#include <openssl/pem.h>
75#include <openssl/x509.h>
76#include <openssl/x509v3.h>
77#include <openssl/rand.h>
78#include <openssl/crypto.h>		/* Legacy SSLEAY_VERSION_NUMBER */
79#include <openssl/evp.h>		/* New OpenSSL 3.0 EVP_PKEY APIs */
80#include <openssl/opensslv.h>		/* OPENSSL_VERSION_NUMBER */
81#include <openssl/ssl.h>
82#include <openssl/conf.h>
83
84 /* Appease indent(1) */
85#define x509_stack_t STACK_OF(X509)
86#define general_name_stack_t STACK_OF(GENERAL_NAME)
87#define ssl_cipher_stack_t STACK_OF(SSL_CIPHER)
88#define ssl_comp_stack_t STACK_OF(SSL_COMP)
89
90/*-
91 * Official way to check minimum OpenSSL API version from 3.0 onward.
92 * We simply define it false for all prior versions, where we typically also
93 * need the patch level to determine API compatibility.
94 */
95#ifndef OPENSSL_VERSION_PREREQ
96#define OPENSSL_VERSION_PREREQ(m,n) 0
97#endif
98
99#if (OPENSSL_VERSION_NUMBER < 0x1010100fUL)
100#error "OpenSSL releases prior to 1.1.1 are no longer supported"
101#endif
102
103 /*-
104  * Backwards compatibility with OpenSSL < 1.1.1a.
105  *
106  * In OpenSSL 1.1.1a the client-only interface SSL_get_server_tmp_key() was
107  * updated to work on both the client and the server, and was renamed to
108  * SSL_get_peer_tmp_key(), with the original name left behind as an alias.  We
109  * use the new name when available.
110  */
111#if OPENSSL_VERSION_NUMBER < 0x1010101fUL
112#undef SSL_get_signature_nid
113#define SSL_get_signature_nid(ssl, pnid) (NID_undef)
114#define tls_get_peer_dh_pubkey SSL_get_server_tmp_key
115#else
116#define tls_get_peer_dh_pubkey SSL_get_peer_tmp_key
117#endif
118
119#if OPENSSL_VERSION_PREREQ(3,0)
120#define TLS_PEEK_PEER_CERT(ssl) SSL_get0_peer_certificate(ssl)
121#define TLS_FREE_PEER_CERT(x)   ((void) 0)
122#define tls_set_bio_callback    BIO_set_callback_ex
123#else
124#define TLS_PEEK_PEER_CERT(ssl) SSL_get_peer_certificate(ssl)
125#define TLS_FREE_PEER_CERT(x)   X509_free(x)
126#define tls_set_bio_callback    BIO_set_callback
127#endif
128
129 /*
130  * Utility library.
131  */
132#include <vstream.h>
133#include <name_mask.h>
134#include <name_code.h>
135
136 /*
137  * TLS library.
138  */
139#include <dns.h>
140
141 /*
142  * TLS role, presently for logging.
143  */
144typedef enum {
145    TLS_ROLE_CLIENT, TLS_ROLE_SERVER,
146} TLS_ROLE;
147
148typedef enum {
149    TLS_USAGE_NEW, TLS_USAGE_USED,
150} TLS_USAGE;
151
152 /*
153  * Names of valid tlsmgr(8) session caches.
154  */
155#define TLS_MGR_SCACHE_SMTPD	"smtpd"
156#define TLS_MGR_SCACHE_SMTP	"smtp"
157#define TLS_MGR_SCACHE_LMTP	"lmtp"
158
159 /*
160  * RFC 6698, 7671, 7672 DANE
161  */
162#define TLS_DANE_TA	0		/* Match trust-anchor digests */
163#define TLS_DANE_EE	1		/* Match end-entity digests */
164
165#define TLS_DANE_CERT	0		/* Match the certificate digest */
166#define TLS_DANE_PKEY	1		/* Match the public key digest */
167
168#define TLS_DANE_FLAG_NORRS	(1<<0)	/* Nothing found in DNS */
169#define TLS_DANE_FLAG_EMPTY	(1<<1)	/* Nothing usable found in DNS */
170#define TLS_DANE_FLAG_ERROR	(1<<2)	/* TLSA record lookup error */
171
172#define tls_dane_unusable(dane)	((dane)->flags & TLS_DANE_FLAG_EMPTY)
173#define tls_dane_notfound(dane)	((dane)->flags & TLS_DANE_FLAG_NORRS)
174
175#define TLS_DANE_CACHE_TTL_MIN 1	/* A lot can happen in ~2 seconds */
176#define TLS_DANE_CACHE_TTL_MAX 100	/* Comparable to max_idle */
177
178 /*
179  * Certificate and public key digests (typically from TLSA RRs), grouped by
180  * algorithm.
181  */
182typedef struct TLS_TLSA {
183    uint8_t usage;			/* DANE certificate usage */
184    uint8_t selector;			/* DANE selector */
185    uint8_t mtype;			/* Algorithm for this digest list */
186    uint16_t length;			/* Length of associated data */
187    unsigned char *data;		/* Associated data */
188    struct TLS_TLSA *next;		/* Chain to next algorithm */
189} TLS_TLSA;
190
191typedef struct TLS_DANE {
192    TLS_TLSA *tlsa;			/* TLSA records */
193    char   *base_domain;		/* Base domain of TLSA RRset */
194    int     flags;			/* Lookup status */
195    time_t  expires;			/* Expiration time of this record */
196    int     refs;			/* Reference count */
197} TLS_DANE;
198
199 /*
200  * tls_dane.c
201  */
202extern int tls_dane_avail(void);
203extern void tls_dane_loglevel(const char *, const char *);
204extern void tls_dane_flush(void);
205extern TLS_DANE *tls_dane_alloc(void);
206extern void tls_tlsa_free(TLS_TLSA *);
207extern void tls_dane_free(TLS_DANE *);
208extern void tls_dane_add_fpt_digests(TLS_DANE *, const char *, const char *,
209				             int);
210extern TLS_DANE *tls_dane_resolve(unsigned, const char *, DNS_RR *, int);
211extern int tls_dane_load_trustfile(TLS_DANE *, const char *);
212
213 /*
214  * TLS session context, also used by the VSTREAM call-back routines for SMTP
215  * input/output, and by OpenSSL call-back routines for key verification.
216  *
217  * Only some members are (read-only) accessible by the public.
218  */
219#define CCERT_BUFSIZ	256
220
221typedef struct {
222    /* Public, read-only. */
223    char   *peer_CN;			/* Peer Common Name */
224    char   *issuer_CN;			/* Issuer Common Name */
225    char   *peer_sni;			/* SNI sent to or by the peer */
226    char   *peer_cert_fprint;		/* ASCII certificate fingerprint */
227    char   *peer_pkey_fprint;		/* ASCII public key fingerprint */
228    int     level;			/* Effective security level */
229    int     peer_status;		/* Certificate and match status */
230    const char *protocol;
231    const char *cipher_name;
232    int     cipher_usebits;
233    int     cipher_algbits;
234    const char *kex_name;		/* shared key-exchange algorithm */
235    const char *kex_curve;		/* shared key-exchange ECDHE curve */
236    int     kex_bits;			/* shared FFDHE key exchange bits */
237    const char *clnt_sig_name;		/* client's signature key algorithm */
238    const char *clnt_sig_curve;		/* client's ECDSA curve name */
239    int     clnt_sig_bits;		/* client's RSA signature key bits */
240    const char *clnt_sig_dgst;		/* client's signature digest */
241    const char *srvr_sig_name;		/* server's signature key algorithm */
242    const char *srvr_sig_curve;		/* server's ECDSA curve name */
243    int     srvr_sig_bits;		/* server's RSA signature key bits */
244    const char *srvr_sig_dgst;		/* server's signature digest */
245    /* Private. */
246    SSL    *con;
247    char   *cache_type;			/* tlsmgr(8) cache type if enabled */
248    int     ticketed;			/* Session ticket issued */
249    char   *serverid;			/* unique server identifier */
250    char   *namaddr;			/* nam[addr] for logging */
251    int     log_mask;			/* What to log */
252    int     session_reused;		/* this session was reused */
253    int     am_server;			/* Are we an SSL server or client? */
254    const char *mdalg;			/* default message digest algorithm */
255    /* Built-in vs external SSL_accept/read/write/shutdown support. */
256    VSTREAM *stream;			/* Blocking-mode SMTP session */
257    /* DANE TLSA trust input and verification state */
258    const TLS_DANE *dane;		/* DANE TLSA digests */
259    X509   *errorcert;			/* Error certificate closest to leaf */
260    int     errordepth;			/* Chain depth of error cert */
261    int     errorcode;			/* First error at error depth */
262    int     must_fail;			/* Failed to load trust settings */
263} TLS_SESS_STATE;
264
265 /*
266  * Peer status bits. TLS_CERT_FLAG_MATCHED implies TLS_CERT_FLAG_TRUSTED
267  * only in the case of a hostname match.
268  */
269#define TLS_CERT_FLAG_PRESENT		(1<<0)
270#define TLS_CERT_FLAG_ALTNAME		(1<<1)
271#define TLS_CERT_FLAG_TRUSTED		(1<<2)
272#define TLS_CERT_FLAG_MATCHED		(1<<3)
273#define TLS_CERT_FLAG_SECURED		(1<<4)
274
275#define TLS_CERT_IS_PRESENT(c) ((c) && ((c)->peer_status&TLS_CERT_FLAG_PRESENT))
276#define TLS_CERT_IS_ALTNAME(c) ((c) && ((c)->peer_status&TLS_CERT_FLAG_ALTNAME))
277#define TLS_CERT_IS_TRUSTED(c) ((c) && ((c)->peer_status&TLS_CERT_FLAG_TRUSTED))
278#define TLS_CERT_IS_MATCHED(c) ((c) && ((c)->peer_status&TLS_CERT_FLAG_MATCHED))
279#define TLS_CERT_IS_SECURED(c) ((c) && ((c)->peer_status&TLS_CERT_FLAG_SECURED))
280
281 /*
282  * Opaque client context handle.
283  */
284typedef struct TLS_APPL_STATE TLS_APPL_STATE;
285
286#ifdef TLS_INTERNAL
287
288 /*
289  * Log mask details are internal to the library.
290  */
291extern int tls_log_mask(const char *, const char *);
292
293 /*
294  * What to log.
295  */
296#define TLS_LOG_NONE			(1<<0)
297#define TLS_LOG_SUMMARY			(1<<1)
298#define TLS_LOG_UNTRUSTED		(1<<2)
299#define TLS_LOG_PEERCERT		(1<<3)
300#define TLS_LOG_CERTMATCH		(1<<4)
301#define TLS_LOG_VERBOSE			(1<<5)
302#define TLS_LOG_CACHE			(1<<6)
303#define TLS_LOG_DEBUG			(1<<7)
304#define TLS_LOG_TLSPKTS			(1<<8)
305#define TLS_LOG_ALLPKTS			(1<<9)
306#define TLS_LOG_DANE			(1<<10)
307
308 /*
309  * Client and Server application contexts
310  */
311struct TLS_APPL_STATE {
312    SSL_CTX *ssl_ctx;
313    SSL_CTX *sni_ctx;
314    int     log_mask;
315    char   *cache_type;
316};
317
318 /*
319  * tls_misc.c Application-context update and disposal.
320  */
321extern void tls_update_app_logmask(TLS_APPL_STATE *, int);
322extern void tls_free_app_context(TLS_APPL_STATE *);
323
324 /*
325  * tls_misc.c
326  */
327extern void tls_param_init(void);
328extern int tls_library_init(void);
329
330 /*
331  * Protocol selection.
332  */
333#define TLS_PROTOCOL_INVALID	(~0)	/* All protocol bits masked */
334
335#ifdef SSL_TXT_SSLV2
336#define TLS_PROTOCOL_SSLv2	(1<<0)	/* SSLv2 */
337#else
338#define SSL_TXT_SSLV2		"SSLv2"
339#define TLS_PROTOCOL_SSLv2	0	/* Unknown */
340#undef  SSL_OP_NO_SSLv2
341#define SSL_OP_NO_SSLv2		0L	/* Noop */
342#endif
343
344#ifdef SSL_TXT_SSLV3
345#define TLS_PROTOCOL_SSLv3	(1<<1)	/* SSLv3 */
346#else
347#define SSL_TXT_SSLV3		"SSLv3"
348#define TLS_PROTOCOL_SSLv3	0	/* Unknown */
349#undef  SSL_OP_NO_SSLv3
350#define SSL_OP_NO_SSLv3		0L	/* Noop */
351#endif
352
353#ifdef SSL_TXT_TLSV1
354#define TLS_PROTOCOL_TLSv1	(1<<2)	/* TLSv1 */
355#else
356#define SSL_TXT_TLSV1		"TLSv1"
357#define TLS_PROTOCOL_TLSv1	0	/* Unknown */
358#undef  SSL_OP_NO_TLSv1
359#define SSL_OP_NO_TLSv1		0L	/* Noop */
360#endif
361
362#ifdef SSL_TXT_TLSV1_1
363#define TLS_PROTOCOL_TLSv1_1	(1<<3)	/* TLSv1_1 */
364#else
365#define SSL_TXT_TLSV1_1		"TLSv1.1"
366#define TLS_PROTOCOL_TLSv1_1	0	/* Unknown */
367#undef  SSL_OP_NO_TLSv1_1
368#define SSL_OP_NO_TLSv1_1	0L	/* Noop */
369#endif
370
371#ifdef SSL_TXT_TLSV1_2
372#define TLS_PROTOCOL_TLSv1_2	(1<<4)	/* TLSv1_2 */
373#else
374#define SSL_TXT_TLSV1_2		"TLSv1.2"
375#define TLS_PROTOCOL_TLSv1_2	0	/* Unknown */
376#undef  SSL_OP_NO_TLSv1_2
377#define SSL_OP_NO_TLSv1_2	0L	/* Noop */
378#endif
379
380 /*
381  * OpenSSL 1.1.1 does not define a TXT macro for TLS 1.3, so we roll our
382  * own.
383  */
384#define TLS_PROTOCOL_TXT_TLSV1_3	"TLSv1.3"
385
386#if defined(TLS1_3_VERSION) && defined(SSL_OP_NO_TLSv1_3)
387#define TLS_PROTOCOL_TLSv1_3	(1<<5)	/* TLSv1_3 */
388#else
389#define TLS_PROTOCOL_TLSv1_3	0	/* Unknown */
390#undef  SSL_OP_NO_TLSv1_3
391#define SSL_OP_NO_TLSv1_3	0L	/* Noop */
392#endif
393
394/*
395 * Always used when defined, SMTP has no truncation attacks.
396 */
397#ifndef SSL_OP_IGNORE_UNEXPECTED_EOF
398#define SSL_OP_IGNORE_UNEXPECTED_EOF    0L
399#endif
400
401#define TLS_KNOWN_PROTOCOLS \
402	( TLS_PROTOCOL_SSLv2 | TLS_PROTOCOL_SSLv3 | TLS_PROTOCOL_TLSv1 \
403	   | TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3 )
404#define TLS_SSL_OP_PROTOMASK(m) \
405	    ((((m) & TLS_PROTOCOL_SSLv2) ? SSL_OP_NO_SSLv2 : 0L) \
406	     | (((m) & TLS_PROTOCOL_SSLv3) ? SSL_OP_NO_SSLv3 : 0L) \
407	     | (((m) & TLS_PROTOCOL_TLSv1) ? SSL_OP_NO_TLSv1 : 0L) \
408	     | (((m) & TLS_PROTOCOL_TLSv1_1) ? SSL_OP_NO_TLSv1_1 : 0L) \
409	     | (((m) & TLS_PROTOCOL_TLSv1_2) ? SSL_OP_NO_TLSv1_2 : 0L) \
410	     | (((m) & TLS_PROTOCOL_TLSv1_3) ? SSL_OP_NO_TLSv1_3 : 0L))
411
412/*
413 * SSL options that are managed via dedicated Postfix features, rather than
414 * just exposed via hex codes or named elements of tls_ssl_options.
415 */
416#define TLS_SSL_OP_MANAGED_BITS \
417	(SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_IGNORE_UNEXPECTED_EOF | \
418	 TLS_SSL_OP_PROTOMASK(~0))
419
420extern int tls_proto_mask_lims(const char *, int *, int *);
421
422 /*
423  * Cipher grade selection.
424  */
425#define TLS_CIPHER_NONE		0
426#define TLS_CIPHER_NULL		1
427#define TLS_CIPHER_EXPORT	2
428#define TLS_CIPHER_LOW		3
429#define TLS_CIPHER_MEDIUM	4
430#define TLS_CIPHER_HIGH		5
431
432extern const NAME_CODE tls_cipher_grade_table[];
433
434#define tls_cipher_grade(str) \
435    name_code(tls_cipher_grade_table, NAME_CODE_FLAG_NONE, (str))
436#define str_tls_cipher_grade(gr) \
437    str_name_code(tls_cipher_grade_table, (gr))
438
439 /*
440  * Cipher lists with exclusions.
441  */
442extern const char *tls_set_ciphers(TLS_SESS_STATE *, const char *,
443				           const char *);
444
445 /*
446  * Populate TLS context with TLS 1.3-related signature parameters.
447  */
448extern void tls_get_signature_params(TLS_SESS_STATE *);
449
450#endif					/* TLS_INTERNAL */
451
452 /*
453  * tls_client.c
454  */
455typedef struct {
456    const char *log_param;
457    const char *log_level;
458    int     verifydepth;
459    const char *cache_type;
460    const char *chain_files;
461    const char *cert_file;
462    const char *key_file;
463    const char *dcert_file;
464    const char *dkey_file;
465    const char *eccert_file;
466    const char *eckey_file;
467    const char *CAfile;
468    const char *CApath;
469    const char *mdalg;			/* default message digest algorithm */
470} TLS_CLIENT_INIT_PROPS;
471
472typedef struct {
473    TLS_APPL_STATE *ctx;
474    VSTREAM *stream;
475    int     fd;				/* Event-driven file descriptor */
476    int     timeout;
477    int     tls_level;			/* Security level */
478    const char *nexthop;		/* destination domain */
479    const char *host;			/* MX hostname */
480    const char *namaddr;		/* nam[addr] for logging */
481    const char *sni;			/* optional SNI name when not DANE */
482    const char *serverid;		/* Session cache key */
483    const char *helo;			/* Server name from EHLO response */
484    const char *protocols;		/* Enabled protocols */
485    const char *cipher_grade;		/* Minimum cipher grade */
486    const char *cipher_exclusions;	/* Ciphers to exclude */
487    const ARGV *matchargv;		/* Cert match patterns */
488    const char *mdalg;			/* default message digest algorithm */
489    const TLS_DANE *dane;		/* DANE TLSA verification */
490} TLS_CLIENT_START_PROPS;
491
492extern TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_PROPS *);
493extern TLS_SESS_STATE *tls_client_start(const TLS_CLIENT_START_PROPS *);
494extern TLS_SESS_STATE *tls_client_post_connect(TLS_SESS_STATE *,
495				            const TLS_CLIENT_START_PROPS *);
496
497#define tls_client_stop(ctx, stream, timeout, failure, TLScontext) \
498	tls_session_stop(ctx, (stream), (timeout), (failure), (TLScontext))
499
500#define TLS_CLIENT_INIT_ARGS(props, a1, a2, a3, a4, a5, a6, a7, a8, a9, \
501    a10, a11, a12, a13, a14) \
502    (((props)->a1), ((props)->a2), ((props)->a3), \
503    ((props)->a4), ((props)->a5), ((props)->a6), ((props)->a7), \
504    ((props)->a8), ((props)->a9), ((props)->a10), ((props)->a11), \
505    ((props)->a12), ((props)->a13), ((props)->a14), (props))
506
507#define TLS_CLIENT_INIT(props, a1, a2, a3, a4, a5, a6, a7, a8, a9, \
508    a10, a11, a12, a13, a14) \
509    tls_client_init(TLS_CLIENT_INIT_ARGS(props, a1, a2, a3, a4, a5, \
510    a6, a7, a8, a9, a10, a11, a12, a13, a14))
511
512#define TLS_CLIENT_START(props, a1, a2, a3, a4, a5, a6, a7, a8, a9, \
513    a10, a11, a12, a13, a14, a15, a16, a17) \
514    tls_client_start((((props)->a1), ((props)->a2), ((props)->a3), \
515    ((props)->a4), ((props)->a5), ((props)->a6), ((props)->a7), \
516    ((props)->a8), ((props)->a9), ((props)->a10), ((props)->a11), \
517    ((props)->a12), ((props)->a13), ((props)->a14), ((props)->a15), \
518    ((props)->a16), ((props)->a17), (props)))
519
520 /*
521  * tls_server.c
522  */
523typedef struct {
524    const char *log_param;
525    const char *log_level;
526    int     verifydepth;
527    const char *cache_type;
528    int     set_sessid;
529    const char *chain_files;
530    const char *cert_file;
531    const char *key_file;
532    const char *dcert_file;
533    const char *dkey_file;
534    const char *eccert_file;
535    const char *eckey_file;
536    const char *CAfile;
537    const char *CApath;
538    const char *protocols;
539    const char *eecdh_grade;
540    const char *dh1024_param_file;
541    const char *dh512_param_file;
542    int     ask_ccert;
543    const char *mdalg;			/* default message digest algorithm */
544} TLS_SERVER_INIT_PROPS;
545
546typedef struct {
547    TLS_APPL_STATE *ctx;		/* TLS application context */
548    VSTREAM *stream;			/* Client stream */
549    int     fd;				/* Event-driven file descriptor */
550    int     timeout;			/* TLS handshake timeout */
551    int     requirecert;		/* Insist on client cert? */
552    const char *serverid;		/* Server instance (salt cache key) */
553    const char *namaddr;		/* Client nam[addr] for logging */
554    const char *cipher_grade;
555    const char *cipher_exclusions;
556    const char *mdalg;			/* default message digest algorithm */
557} TLS_SERVER_START_PROPS;
558
559extern TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *);
560extern TLS_SESS_STATE *tls_server_start(const TLS_SERVER_START_PROPS *props);
561extern TLS_SESS_STATE *tls_server_post_accept(TLS_SESS_STATE *);
562
563#define tls_server_stop(ctx, stream, timeout, failure, TLScontext) \
564	tls_session_stop(ctx, (stream), (timeout), (failure), (TLScontext))
565
566#define TLS_SERVER_INIT(props, a1, a2, a3, a4, a5, a6, a7, a8, a9, \
567    a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20) \
568    tls_server_init((((props)->a1), ((props)->a2), ((props)->a3), \
569    ((props)->a4), ((props)->a5), ((props)->a6), ((props)->a7), \
570    ((props)->a8), ((props)->a9), ((props)->a10), ((props)->a11), \
571    ((props)->a12), ((props)->a13), ((props)->a14), ((props)->a15), \
572    ((props)->a16), ((props)->a17), ((props)->a18), ((props)->a19), \
573    ((props)->a20), (props)))
574
575#define TLS_SERVER_START(props, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10) \
576    tls_server_start((((props)->a1), ((props)->a2), ((props)->a3), \
577    ((props)->a4), ((props)->a5), ((props)->a6), ((props)->a7), \
578    ((props)->a8), ((props)->a9), ((props)->a10), (props)))
579
580 /*
581  * tls_session.c
582  */
583extern void tls_session_stop(TLS_APPL_STATE *, VSTREAM *, int, int, TLS_SESS_STATE *);
584
585 /*
586  * tls_misc.c
587  */
588extern const char *tls_compile_version(void);
589extern const char *tls_run_version(void);
590extern const char **tls_pkey_algorithms(void);
591extern void tls_log_summary(TLS_ROLE, TLS_USAGE, TLS_SESS_STATE *);
592extern void tls_pre_jail_init(TLS_ROLE);
593
594#ifdef TLS_INTERNAL
595
596#include <vstring.h>
597
598extern VSTRING *tls_session_passivate(SSL_SESSION *);
599extern SSL_SESSION *tls_session_activate(const char *, int);
600
601 /*
602  * tls_stream.c.
603  */
604extern void tls_stream_start(VSTREAM *, TLS_SESS_STATE *);
605extern void tls_stream_stop(VSTREAM *);
606
607 /*
608  * tls_bio_ops.c: a generic multi-personality driver that retries SSL
609  * operations until they are satisfied or until a hard error happens.
610  * Because of its ugly multi-personality user interface we invoke it via
611  * not-so-ugly single-personality wrappers.
612  */
613extern int tls_bio(int, int, TLS_SESS_STATE *,
614		           int (*) (SSL *),	/* handshake */
615		           int (*) (SSL *, void *, int),	/* read */
616		           int (*) (SSL *, const void *, int),	/* write */
617		           void *, int);
618
619#define tls_bio_connect(fd, timeout, context) \
620        tls_bio((fd), (timeout), (context), SSL_connect, \
621		NULL, NULL, NULL, 0)
622#define tls_bio_accept(fd, timeout, context) \
623        tls_bio((fd), (timeout), (context), SSL_accept, \
624		NULL, NULL, NULL, 0)
625#define tls_bio_shutdown(fd, timeout, context) \
626	tls_bio((fd), (timeout), (context), SSL_shutdown, \
627		NULL, NULL, NULL, 0)
628#define tls_bio_read(fd, buf, len, timeout, context) \
629	tls_bio((fd), (timeout), (context), NULL, \
630		SSL_read, NULL, (buf), (len))
631#define tls_bio_write(fd, buf, len, timeout, context) \
632	tls_bio((fd), (timeout), (context), NULL, \
633		NULL, SSL_write, (buf), (len))
634
635 /*
636  * tls_dh.c
637  */
638extern void tls_set_dh_from_file(const char *);
639extern void tls_tmp_dh(SSL_CTX *, int);
640extern void tls_auto_groups(SSL_CTX *, const char *, const char *);
641
642 /*
643  * tls_verify.c
644  */
645extern char *tls_peer_CN(X509 *, const TLS_SESS_STATE *);
646extern char *tls_issuer_CN(X509 *, const TLS_SESS_STATE *);
647extern int tls_verify_certificate_callback(int, X509_STORE_CTX *);
648extern void tls_log_verify_error(TLS_SESS_STATE *);
649
650 /*
651  * tls_dane.c
652  */
653extern void tls_dane_log(TLS_SESS_STATE *);
654extern void tls_dane_digest_init(SSL_CTX *, const EVP_MD *);
655extern int tls_dane_enable(TLS_SESS_STATE *);
656extern TLS_TLSA *tlsa_prepend(TLS_TLSA *, uint8_t, uint8_t, uint8_t,
657			              const unsigned char *, uint16_t);
658
659 /*
660  * tls_fprint.c
661  */
662extern const EVP_MD *tls_digest_byname(const char *, EVP_MD_CTX **);
663extern char *tls_digest_encode(const unsigned char *, int);
664extern char *tls_cert_fprint(X509 *, const char *);
665extern char *tls_pkey_fprint(X509 *, const char *);
666extern char *tls_serverid_digest(TLS_SESS_STATE *,
667		              const TLS_CLIENT_START_PROPS *, const char *);
668
669 /*
670  * tls_certkey.c
671  */
672extern int tls_set_ca_certificate_info(SSL_CTX *, const char *, const char *);
673extern int tls_load_pem_chain(SSL *, const char *, const char *);
674extern int tls_set_my_certificate_key_info(SSL_CTX *, /* All */ const char *,
675				       /* RSA */ const char *, const char *,
676				       /* DSA */ const char *, const char *,
677				    /* ECDSA */ const char *, const char *);
678
679 /*
680  * tls_misc.c
681  */
682extern int TLScontext_index;
683
684extern TLS_APPL_STATE *tls_alloc_app_context(SSL_CTX *, SSL_CTX *, int);
685extern TLS_SESS_STATE *tls_alloc_sess_context(int, const char *);
686extern void tls_free_context(TLS_SESS_STATE *);
687extern void tls_check_version(void);
688extern long tls_bug_bits(void);
689extern void tls_print_errors(void);
690extern void tls_info_callback(const SSL *, int, int);
691
692#if OPENSSL_VERSION_PREREQ(3,0)
693extern long tls_bio_dump_cb(BIO *, int, const char *, size_t, int, long,
694			            int, size_t *);
695
696#else
697extern long tls_bio_dump_cb(BIO *, int, const char *, int, long, long);
698
699#endif
700extern const EVP_MD *tls_validate_digest(const char *);
701
702 /*
703  * tls_seed.c
704  */
705extern void tls_int_seed(void);
706extern int tls_ext_seed(int);
707
708#endif					/* TLS_INTERNAL */
709
710/* LICENSE
711/* .ad
712/* .fi
713/*	The Secure Mailer license must be distributed with this software.
714/* AUTHOR(S)
715/*	Wietse Venema
716/*	IBM T.J. Watson Research
717/*	P.O. Box 704
718/*	Yorktown Heights, NY 10598, USA
719/*
720/*	Wietse Venema
721/*	Google, Inc.
722/*	111 8th Avenue
723/*	New York, NY 10011, USA
724/*
725/*	Victor Duchovni
726/*	Morgan Stanley
727/*--*/
728
729#endif					/* USE_TLS */
730#endif					/* _TLS_H_INCLUDED_ */
731