ksslioctl.c revision c28749e97052f09388969427adf7df641cdcdc22
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2005 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* The kernel SSL module ioctls.
*/
#include <sys/sysmacros.h>
#include "ksslimpl.h"
#include "kssl.h"
#include "ksslproto.h"
int kssl_entry_tab_size;
static void
{
}
static void
{
int i;
}
}
/*
* Frees the space for the entry and the keys and certs
* it carries.
*/
void
{
int i;
if (kssl_entry->ke_no_freeall) {
return;
}
}
};
for (i = 0; i < kssl_entry->sid_cache_nentries; i++)
}
/*
* Returns the index of the entry in kssl_entry_tab[] that matches
* the address and port. Returns -1 if no match is found.
*/
static int
{
int i;
for (i = 0; i < kssl_entry_tab_size; i++) {
ep = kssl_entry_tab[i];
continue;
continue;
break;
}
if (i == kssl_entry_tab_size)
return (-1);
return (i);
}
static void
{
}
static int
{
int i, len;
char *begin = (char *)kssl_params;
int cert_buf_len;
/*
* Get the certs array. First the array of sizes, then the actual
* certs.
*/
if (ncert == 0) {
/* no certs in here! why did ya call? */
return (EINVAL);
}
return (EINVAL);
}
/* Trusting that the system call preserved the 4-byte aligment */
/* should this be an ASSERT()? */
return (EINVAL);
}
len = 0;
for (i = 0; i < ncert; i++) {
if (cert_sizes[i] < 1) {
return (EINVAL);
}
}
for (i = 0; i < ncert; i++) {
cert_to += 3;
return (EINVAL);
}
cert_from += cert_sizes[i];
cert_to += cert_sizes[i];
}
len += 4;
return (0);
}
static int
{
char *begin = (char *)kssl_params;
char *end_pos;
int i, j, rv;
char *mp_attrs;
char *attval;
switch (kssl_privkey->ck_format) {
case CRYPTO_KEY_ATTR_LIST:
break;
case CRYPTO_KEY_RAW:
case CRYPTO_KEY_REFERENCE:
default:
goto err1;
}
/* allocate the attributes */
sizeof (crypto_object_attribute_t);
goto err1;
}
goto err1;
}
/* Now the individual attributes */
for (i = 0; i < kssl_privkey->ck_count; i++) {
mp_attrs += sizeof (kssl_object_attribute_t);
goto err2;
}
goto err2;
}
}
*privkey = kssl_privkey;
return (0);
err2:
for (j = 0; j < i; j++) {
}
err1:
return (rv);
}
static kssl_entry_t *
{
int i;
uint16_t s;
if (kssl_params->kssl_session_cache_timeout == 0)
else
if (kssl_params->kssl_session_cache_size == 0)
else
for (i = 0; i < mech_count; i++) {
CRYPTO_MAX_MECH_NAME) == 0)
CRYPTO_MAX_MECH_NAME) == 0)
CRYPTO_MAX_MECH_NAME) == 0)
CRYPTO_MAX_MECH_NAME) == 0)
CRYPTO_MAX_MECH_NAME) == 0)
CRYPTO_MAX_MECH_NAME) == 0)
}
cnt = 0;
for (i = 0; i < CIPHER_SUITE_COUNT - 1; i++) {
switch (s = kssl_params->kssl_suites[i]) {
case SSL_RSA_WITH_RC4_128_MD5:
break;
case SSL_RSA_WITH_RC4_128_SHA:
break;
case SSL_RSA_WITH_DES_CBC_SHA:
break;
break;
case CIPHER_NOTSET:
default:
break;
}
}
}
/* Add the no encryption suite to the end */
for (i = 0; i < cnt; i++)
kssl_entry->kssl_saved_Suites[i] =
for (i = 0; i < kssl_entry->sid_cache_nentries; i++) {
}
return (kssl_entry);
}
int
{
return (rv);
}
return (rv);
}
/* Revisit here for IPv6 support */
/* Allocate the array first time here */
if (kssl_entry_tab == NULL) {
int tmp_size;
if (kssl_entry_tab != NULL) {
goto retry;
}
index = 0;
} else {
/* Check if a matching entry exists already */
if (index == -1) {
/* Check if an entry with the same proxy port exists */
return (EADDRINUSE);
}
/* No matching entry, find an empty spot */
for (i = 0; i < kssl_entry_tab_size; i++) {
if (kssl_entry_tab[i] == NULL)
break;
}
/* Table full. Gotta grow it */
if (i == kssl_entry_tab_size) {
sizeof (kssl_entry_t *);
if (kssl_entry_tab_size > old_size) {
goto retry;
}
}
index = i;
} else {
/*
* We do not want an entry with a specific address and
* an entry with IN_ADDR_ANY to coexist. We could
* replace the existing entry. But, most likely this
* is misconfiguration. Better bail out with an error.
*/
if ((laddr == INADDR_ANY &&
(laddr != INADDR_ANY &&
return (EEXIST);
}
/* Replace the existing entry */
}
}
return (0);
}
int
{
int index;
/* Revisit here for IPv6 support */
if (index == -1) {
return (ENOENT);
}
return (0);
}