OpenBSD CVS Repository (original) (raw)

CVS Repository/src/usr.sbin/smtpd/ ca.c

OpenBSD release(s):
1.49 (79 78 77), 1.47 (76 75 74), 1.42 (73 72 71), 1.40 (70), 1.38 (69), 1.36 (68 67 66), 1.29 (65 64), 1.28 (63), 1.27 (62), 1.26 (61), 1.22 (60), 1.21 (59), 1.14 (58 57), 1.10 (56), 1.3 (55), 1.1 (54 53),
Tags:
None

revision 1.49/(Download) -annotate -Thu, 21 Nov 2024 13:22:21 UTC by claudio
OpenBSD release(s): 79 78 77
Changes since 1.48: +3 -3(diff)

bgpd and smtpd include their own imsgbuf_read_nofd() implementation.

Adjust that one as well apart from that the conversion to the new imsgbuf_read read behaviour is trivial.

OK tb@

revision 1.48/(Download) -annotate -Thu, 21 Nov 2024 13:17:02 UTC by claudio
Changes since 1.47: +5 -5(diff)

Rename imsg_init, imsg_clear, imsg_read, imsg_write and imsg_flush to imsgbuf_init, imsgbuf_clear, imsgbuf_read, imsgbuf_write and imsgbuf_flush.

This separates the imsgbuf API from the per-imsg API.

OK tb@

revision 1.47/(Download) -annotate -Tue, 11 Jul 2023 16:40:22 UTC by op
OpenBSD release(s): 76 75 74
Changes since 1.46: +9 -62(diff)

drop engine support

diff originally by tb@, tweaked to apply after the useless logging methods removal.

ok tb

revision 1.46/(Download) -annotate -Tue, 11 Jul 2023 16:39:41 UTC by op
Changes since 1.45: +22 -183(diff)

remove the useless logging methods

Instead of wrapping all the methods of the RSA and ECDSA ENGINE, duplicate the default and override only the ones that are actually needed for the privsep crypto engine.

part of a larger diff that's ok tb@

revision 1.45/(Download) -annotate -Sun, 18 Jun 2023 19:08:52 UTC by op
Changes since 1.44: +1 -25(diff)

remove ca_verify_cb(). was initially used for debugging, then the logging went away but the no-op callback remained.

noticed by tb@

revision 1.44/(Download) -annotate -Sun, 18 Jun 2023 11:43:49 UTC by op
Changes since 1.43: +96 -50(diff)

smtpd: switch ECDSA_METHOD usage to EC_KEY_METHOD

smtpd and the bits it needs in libtls are the only consumer left of ECDSA_METHOD, which is long deprecated. This paves the way for the removal in libcrypto.

The diff is from gilles' work on OpenSMTPD-portable, with minor changes by me.

ok tb@, jsing@

revision 1.43/(Download) -annotate -Sun, 26 Mar 2023 18:11:48 UTC by tb
Changes since 1.42: +2 -1(diff)

Another missing #include <openssl/err.h>

revision 1.42/(Download) -annotate -Fri, 18 Feb 2022 16:57:36 UTC by millert
OpenBSD release(s): 73 72 71
Changes since 1.41: +576 -65(diff)

Revert changes to use the new libtls signer api There are bugs in the new libtls signer that can lead to a crash. OK tb@ jsing@

revision 1.41/(Download) -annotate -Sat, 12 Feb 2022 18:22:04 UTC by eric
Changes since 1.40: +66 -577(diff)

use new libtls signer api

ok tb@

revision 1.40/(Download) -annotate -Mon, 14 Jun 2021 17:58:15 UTC by eric
OpenBSD release(s): 70
Changes since 1.39: +3 -17(diff)

add required headers for smtpd.h and remove unnecessary ones in other files.

ok jung@

revision 1.39/(Download) -annotate -Wed, 26 May 2021 18:08:55 UTC by eric
Changes since 1.38: +3 -4(diff)

replaces calls to err(3)/errx(3) with fatal()/fatalx() from log.c for code that runs in the daemon.

ok florian@ millert@

revision 1.38/(Download) -annotate -Fri, 05 Mar 2021 12:37:32 UTC by eric
OpenBSD release(s): 69
Changes since 1.37: +33 -30(diff)

Start porting smtpd to libtls.

Note that it changes the way SNI works: The certificate to use is now selected by looking at the names found in the certificates themselves, rather than the names of the pki entries in the configuration file. The set of certificates for a tls listener must be defined explicitly by using the pki listener option multiple times.

ok tb@

revision 1.37/(Download) -annotate -Thu, 31 Dec 2020 08:27:15 UTC by martijn
Changes since 1.36: +8 -8(diff)

Rename the pony process to dispatcher and klondike to crypto.

From gilles@ OK millert@ giovanni@

revision 1.36/(Download) -annotate -Sat, 21 Sep 2019 07:46:53 UTC by semarie
OpenBSD release(s): 68 67 66
Changes since 1.35: +4 -2(diff)

properly initialize errstr before going to fail label.

ok gilles@

revision 1.35/(Download) -annotate -Tue, 23 Jul 2019 08:05:44 UTC by gilles
Changes since 1.34: +4 -2(diff)

errstr may be uninitialized in error code path

revision 1.34/(Download) -annotate -Wed, 05 Jun 2019 16:24:54 UTC by gilles
Changes since 1.33: +32 -31(diff)

assume RSA_METHOD is opaque and only access members through setters/getters

revision 1.33/(Download) -annotate -Wed, 05 Jun 2019 06:40:13 UTC by gilles
Changes since 1.32: +243 -20(diff)

a long long time ago, in a galaxy quite close actually, reyk@ introduced an RSA privsep engine to isolate private keys in the ca process. ECDSA support in smtpd is become a frequent request so here's an ECDSA privsep engine and the code required for smtpd to load ECDSA certificates and use them.

revision 1.32/(Download) -annotate -Fri, 24 May 2019 15:34:05 UTC by gilles
Changes since 1.31: +6 -3(diff)

assume X509_STORE_CTX is opaque, don't access ->error but use the X509_STORE_CTX_get_error() function instead

revision 1.31/(Download) -annotate -Fri, 24 May 2019 14:40:33 UTC by gilles
Changes since 1.30: +22 -24(diff)

mechanical change to dynamically allocate rsae_method

revision 1.30/(Download) -annotate -Fri, 24 May 2019 12:51:15 UTC by gilles
Changes since 1.29: +1 -4(diff)

remove useless check, it's never been and will never be hit

revision 1.29/(Download) -annotate -Thu, 24 May 2018 11:38:24 UTC by gilles
OpenBSD release(s): 65 64
Changes since 1.28: +2 -2(diff)

switch smtpd to new grammar

ok eric@

revision 1.28/(Download) -annotate -Tue, 21 Nov 2017 12:20:34 UTC by eric
OpenBSD release(s): 63
Changes since 1.27: +58 -67(diff)

no need to check the sending process in imsg handlers when there is no ambiguity: just use a single switch.

ok gilles@ sunil@

revision 1.27/(Download) -annotate -Wed, 17 May 2017 14:00:06 UTC by deraadt
OpenBSD release(s): 62
Changes since 1.26: +4 -7(diff)

Introduce more use of freezero(). Also, remove ptr conditionals before many functions which are free(NULL)-compat ok gilles

revision 1.26/(Download) -annotate -Mon, 09 Jan 2017 09:53:23 UTC by reyk
OpenBSD release(s): 61
Changes since 1.25: +2 -2(diff)

smtpd joins the 7 other daemons that share the same log.c file.

The only major difference was the "log_trace" concept that is only used by smtpd - move it from log.c into util.c and make it a local concept. This also needed to rename the global "verbose" variable to "tracing" in a few places.

OK krw@ gilles@ eric@

revision 1.25/(Download) -annotate -Thu, 08 Sep 2016 12:06:43 UTC by eric
Changes since 1.24: +7 -21(diff)

Streamline the daemon shutdown sequence.

Only the parent process handles SIGTERM and SIGINT. Upon receiving one of those, it closes all imsg sockets and waitpid() for the children. It fatal()s if one of the sockets is closed unexpectedly. Other processes exit() "normally" when one of the imsg sockets is closed.

ok gilles@ sunil@

revision 1.24/(Download) -annotate -Sun, 04 Sep 2016 16:10:31 UTC by eric
Changes since 1.23: +3 -4(diff)

The smtpd processes are not expected to ever leave their event loop. So stop pretending that the *_shutdown() functions could ever be called in this context, and just fatal() if event_dispatch() returns.

ok gilles@ sunil@ giovanni@

revision 1.23/(Download) -annotate -Thu, 01 Sep 2016 10:54:25 UTC by eric
Changes since 1.22: +1 -2(diff)

remove noop function

ok sunil@

revision 1.22/(Download) -annotate -Sat, 28 May 2016 21:21:20 UTC by eric
OpenBSD release(s): 60
Changes since 1.21: +2 -13(diff)

Implement the fork+exec pattern in smtpd.

The parent process forks child processes and re-exec each of them with an additional "-x " argument. During the early setup phase, the parent process sends ipc socket pairs to interconnect the child processes as needed, and it passes the queue encryption key to the queue if necessary. When this is done, all processes have their environment set as in the fork-only case, and they can start doing their work as before.

ok gilles@ jung@

revision 1.21/(Download) -annotate -Tue, 02 Feb 2016 21🔞04 UTC by gilles
OpenBSD release(s): 59
Changes since 1.20: +3 -25(diff)

in RSA privsep engine, do not provide methods for rsa_sign / rsa_verify, they are unused in OpenSMTPD and lead to crashes in -portable when we're linked to OpenSSL starting with 1.0.2f

ok reyk@

revision 1.20/(Download) -annotate -Mon, 28 Dec 2015 22:08:30 UTC by jung
Changes since 1.19: +2 -2(diff)

remove spaces after '!'

no binary change

ok millert

revision 1.19/(Download) -annotate -Sat, 05 Dec 2015 13:14:21 UTC by claudio
Changes since 1.18: +2 -2(diff)

EAGAIN handling for imsg_read. OK henning@ benno@

revision 1.18/(Download) -annotate -Thu, 05 Nov 2015 12:35:58 UTC by jung
Changes since 1.17: +30 -22(diff)

replace u_char and u_int* with standard stdint.h types to ease portable version also remove trailing whitespaces while here

no binary change

ok sunil millert gilles

revision 1.17/(Download) -annotate -Sat, 17 Oct 2015 13:06:03 UTC by gilles
Changes since 1.16: +6 -7(diff)

KNF

revision 1.16/(Download) -annotate -Wed, 14 Oct 2015 21:05:31 UTC by gilles
Changes since 1.15: +1 -5(diff)

remove a handful of log_warn that we should handle at a different place to make them really useful

revision 1.15/(Download) -annotate -Tue, 13 Oct 2015 08:07:35 UTC by gilles
Changes since 1.14: +4 -1(diff)

pledge("stdio") the RSA-privsep process

revision 1.14/(Download) -annotate -Tue, 20 Jan 2015 17:37:54 UTC by deraadt
OpenBSD release(s): 58 57
Changes since 1.13: +3 -1(diff)

use <limits.h> comprehensively. For now try to push <> includes to each .c file, and out of the .h files. To avoid overinclude. ok gilles, in principle. If this has been done right, -portable should become easier to maintain.

revision 1.13/(Download) -annotate -Fri, 16 Jan 2015 06:40:20 UTC by deraadt
Changes since 1.12: +2 -1(diff)

Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)

revision 1.12/(Download) -annotate -Wed, 24 Dec 2014 08:43:58 UTC by eric
Changes since 1.11: +2 -1(diff)

missing include

revision 1.11/(Download) -annotate -Thu, 02 Oct 2014 19:14:56 UTC by gilles
Changes since 1.10: +1 -3(diff)

no need to set the same field NULL twice ;-)

ok reyk@

revision 1.10/(Download) -annotate -Thu, 10 Jul 2014 20:16:48 UTC by jsg
OpenBSD release(s): 56
Changes since 1.9: +2 -1(diff)

add additional includes required to build with -DOPENSSL_NO_DEPRECATED ok eric@ gilles@

revision 1.9/(Download) -annotate -Thu, 10 Jul 2014 15:54:55 UTC by eric
Changes since 1.8: +6 -0(diff)

make the control process broadcast verbose/profile admin requests directly, rather than going through the parent process. simplify code in the meantime.

revision 1.8/(Download) -annotate -Tue, 08 Jul 2014 11:03:51 UTC by eric
Changes since 1.7: +3 -4(diff)

fatalx(errorstr) -> fatalx("%s", errorstr) add missing include and remove redundant debug trace while here.

revision 1.7/(Download) -annotate -Sun, 04 May 2014 16:38:19 UTC by reyk
Changes since 1.6: +38 -11(diff)

Create a new default RSA engine instead of patching the existing one if none is available. Fixes SSL/TLS and a possible fatalx() on machines without a default RSA engine.

Thanks to Bjorn Ketelaars for reporting and testing.

ok gilles@ (for the relayd part)

revision 1.6/(Download) -annotate -Thu, 01 May 2014 15:50:20 UTC by reyk
Changes since 1.5: +165 -45(diff)

Move RSA keys from "lka" to a new dedicated "ca" process because lka is handling some async requests and shouldn't be busy with sync RSA.

ok gilles@

revision 1.5/(Download) -annotate -Wed, 30 Apr 2014 08:23:42 UTC by reyk
Changes since 1.4: +25 -3(diff)

The RSA engine (used by pony) has to wait for a response from the privileged process (lka) and receive the imsgs in a while loop synchronously. But the lka also sends other imsgs (DNS etc.) that can still be queued up in the buffer when waiting for the RSA response. This only happens under load with many concurrent connections. For now, we just call the pony imsg handler for non-RSA imsgs that are already in the buffer.

ok gilles@ eric@ blambert@

revision 1.4/(Download) -annotate -Tue, 29 Apr 2014 19:13:13 UTC by reyk
Changes since 1.3: +326 -7(diff)

Implement RSA privilege separation for OpenSMTPD, based on my previous implementation for relayd(8). The smtpd(8) pony processes (mta client, smtp server) don't keep the private keys in memory but send their private key operations as imsgs to the "lookup"/mta process. It's worth mentioning that this prevents acidental private key leakage as it could have been caused by "Heartbleed".

ok gilles@

revision 1.3/(Download) -annotate -Thu, 21 Nov 2013 08:36:51 UTC by eric
OpenBSD release(s): 55
Changes since 1.2: +4 -1(diff)

fail if lka can't load cert file

revision 1.2/(Download) -annotate -Mon, 28 Oct 2013 17:02:08 UTC by eric
Changes since 1.1: +28 -0(diff)

Report the ssl certificate verification status in the mail header. Log ssl certificate validation errors. Fix several ssl-related leaks.

revision 1.1/(Download) -annotate -Sat, 26 Jan 2013 09:37:23 UTC by gilles
OpenBSD release(s): 54 53

Sync with our smtpd repo:

FLUSH YOUR QUEUE. FLUSH YOUR QUEUE. FLUSH YOUR QUEUE. FLUSH YOUR QUEUE.

smtpd.conf(5) simplified, it will require adaptations

ok eric@