static int
rsae_send_imsg(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding, unsigned int cmd)
{
int ret = 0;
struct imsgbuf *ibuf;
struct imsg imsg;
int n, done = 0;
const void *toptr;
char *pkiname;
size_t tlen;
struct msg m;
uint64_t id;
if ((pkiname = RSA_get_ex_data(rsa, 0)) == NULL)
return (0);
/*
* Send a synchronous imsg because we cannot defer the RSA
* operation in OpenSSL's engine layer.
*/
m_create(p_ca, cmd, 0, 0, -1);
rsae_reqid++;
m_add_id(p_ca, rsae_reqid);
m_add_string(p_ca, pkiname);
m_add_data(p_ca, (const void *)from, (size_t)flen);
m_add_size(p_ca, (size_t)RSA_size(rsa));
m_add_size(p_ca, (size_t)padding);
m_flush(p_ca);
ibuf = &p_ca->imsgbuf;
while (!done) {
if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
fatalx("imsg_read");
if (n == 0)
fatalx("pipe closed");
while (!done) {
if ((n = imsg_get(ibuf, &imsg)) == -1)
fatalx("imsg_get error");
if (n == 0)
break;
log_imsg(PROC_PONY, PROC_CA, &imsg);
switch (imsg.hdr.type) {
case IMSG_CA_PRIVENC:
case IMSG_CA_PRIVDEC:
break;
default:
/* Another imsg is queued up in the buffer */
pony_imsg(p_ca, &imsg);
imsg_free(&imsg);
continue;
}
m_msg(&m, &imsg);
m_get_id(&m, &id);
if (id != rsae_reqid)
fatalx("invalid response id");
m_get_int(&m, &ret);
if (ret > 0)
m_get_data(&m, &toptr, &tlen);
m_end(&m);
if (ret > 0)
memcpy(to, toptr, tlen);
done = 1;
imsg_free(&imsg);
}
}
mproc_event_add(p_ca);
return (ret);
}
static void
control_imsg(struct mproc *p, struct imsg *imsg)
{
struct ctl_conn *c;
struct stat_value val;
struct msg m;
const char *key;
const void *data;
size_t sz;
if (p->proc == PROC_PONY) {
switch (imsg->hdr.type) {
case IMSG_CTL_SMTP_SESSION:
c = tree_get(&ctl_conns, imsg->hdr.peerid);
if (c == NULL)
return;
m_compose(&c->mproc, IMSG_CTL_OK, 0, 0, imsg->fd,
NULL, 0);
return;
}
}
if (p->proc == PROC_SCHEDULER) {
switch (imsg->hdr.type) {
case IMSG_CTL_OK:
case IMSG_CTL_FAIL:
case IMSG_CTL_LIST_MESSAGES:
c = tree_get(&ctl_conns, imsg->hdr.peerid);
if (c == NULL)
return;
imsg->hdr.peerid = 0;
m_forward(&c->mproc, imsg);
return;
}
}
if (p->proc == PROC_QUEUE) {
switch (imsg->hdr.type) {
case IMSG_CTL_LIST_ENVELOPES:
case IMSG_CTL_DISCOVER_EVPID:
case IMSG_CTL_DISCOVER_MSGID:
case IMSG_CTL_UNCORRUPT_MSGID:
c = tree_get(&ctl_conns, imsg->hdr.peerid);
if (c == NULL)
return;
m_forward(&c->mproc, imsg);
return;
}
}
if (p->proc == PROC_PONY) {
switch (imsg->hdr.type) {
case IMSG_CTL_OK:
case IMSG_CTL_FAIL:
case IMSG_CTL_MTA_SHOW_HOSTS:
case IMSG_CTL_MTA_SHOW_RELAYS:
case IMSG_CTL_MTA_SHOW_ROUTES:
case IMSG_CTL_MTA_SHOW_HOSTSTATS:
case IMSG_CTL_MTA_SHOW_BLOCK:
c = tree_get(&ctl_conns, imsg->hdr.peerid);
if (c == NULL)
return;
imsg->hdr.peerid = 0;
m_forward(&c->mproc, imsg);
return;
}
}
switch (imsg->hdr.type) {
case IMSG_STAT_INCREMENT:
m_msg(&m, imsg);
m_get_string(&m, &key);
m_get_data(&m, &data, &sz);
m_end(&m);
memmove(&val, data, sz);
if (stat_backend)
stat_backend->increment(key, val.u.counter);
control_digest_update(key, val.u.counter, 1);
return;
case IMSG_STAT_DECREMENT:
m_msg(&m, imsg);
m_get_string(&m, &key);
m_get_data(&m, &data, &sz);
m_end(&m);
memmove(&val, data, sz);
if (stat_backend)
stat_backend->decrement(key, val.u.counter);
control_digest_update(key, val.u.counter, 0);
return;
case IMSG_STAT_SET:
m_msg(&m, imsg);
m_get_string(&m, &key);
m_get_data(&m, &data, &sz);
m_end(&m);
memmove(&val, data, sz);
if (stat_backend)
stat_backend->set(key, &val);
return;
}
errx(1, "control_imsg: unexpected %s imsg",
imsg_to_str(imsg->hdr.type));
}
void
ca_imsg(struct mproc *p, struct imsg *imsg)
{
RSA *rsa;
const void *from = NULL;
unsigned char *to = NULL;
struct msg m;
const char *pkiname;
size_t flen, tlen, padding;
struct pki *pki;
int ret = 0;
uint64_t id;
int v;
if (p->proc == PROC_PARENT) {
switch (imsg->hdr.type) {
case IMSG_CONF_START:
return;
case IMSG_CONF_END:
ca_init();
/* Start fulfilling requests */
mproc_enable(p_pony);
return;
}
}
if (p->proc == PROC_CONTROL) {
switch (imsg->hdr.type) {
case IMSG_CTL_VERBOSE:
m_msg(&m, imsg);
m_get_int(&m, &v);
m_end(&m);
log_verbose(v);
return;
case IMSG_CTL_PROFILE:
m_msg(&m, imsg);
m_get_int(&m, &v);
m_end(&m);
profiling = v;
return;
}
}
if (p->proc == PROC_PONY) {
switch (imsg->hdr.type) {
case IMSG_CA_PRIVENC:
case IMSG_CA_PRIVDEC:
m_msg(&m, imsg);
m_get_id(&m, &id);
m_get_string(&m, &pkiname);
m_get_data(&m, &from, &flen);
m_get_size(&m, &tlen);
m_get_size(&m, &padding);
m_end(&m);
pki = dict_get(env->sc_pki_dict, pkiname);
if (pki == NULL || pki->pki_pkey == NULL ||
(rsa = EVP_PKEY_get1_RSA(pki->pki_pkey)) == NULL)
fatalx("ca_imsg: invalid pki");
if ((to = calloc(1, tlen)) == NULL)
fatalx("ca_imsg: calloc");
switch (imsg->hdr.type) {
case IMSG_CA_PRIVENC:
ret = RSA_private_encrypt(flen, from, to, rsa,
padding);
break;
case IMSG_CA_PRIVDEC:
ret = RSA_private_decrypt(flen, from, to, rsa,
padding);
break;
}
m_create(p, imsg->hdr.type, 0, 0, -1);
m_add_id(p, id);
m_add_int(p, ret);
if (ret > 0)
m_add_data(p, to, (size_t)ret);
m_close(p);
free(to);
RSA_free(rsa);
return;
}
}
errx(1, "ca_imsg: unexpected %s imsg", imsg_to_str(imsg->hdr.type));
}
