Source of tls.c - Zabbix

Raw file
Source viewDiff to previous
6.88 KB
 
/*
** Copyright (C) 2001-2025 Zabbix SIA
**
** This program is free software: you can redistribute it and/or modify it under the terms of
** the GNU Affero General Public License as published by the Free Software Foundation, version 3.
**
** This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
** without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
** See the GNU Affero General Public License for more details.
**
** You should have received a copy of the GNU Affero General Public License along with this program.
** If not, see <https://www.gnu.org/licenses/>.
**/
​
#include "zbxcomms.h"
​
#include "tls.h"
​
#include "zbxcrypto.h"
​
void    zbx_psk_warn_misconfig(const char *psk_identity)
{
    zabbix_log(LOG_LEVEL_WARNING, "same PSK identity \"%s\" but different PSK values used in proxy configuration"
            " file, for host or for autoregistration; autoregistration will not be allowed", psk_identity);
}
​
/******************************************************************************
 *                                                                            *
 * Purpose: Check PSK identity length. Exit if length exceeds the maximum.    *
 *                                                                            *
 ******************************************************************************/
void    zbx_check_psk_identity_len(size_t psk_identity_len)
{
    if (HOST_TLS_PSK_IDENTITY_LEN < psk_identity_len)
    {
        zabbix_log(LOG_LEVEL_CRIT, "PSK identity length " ZBX_FS_SIZE_T " exceeds the maximum length of %d"
                " bytes.", (zbx_fs_size_t)psk_identity_len, HOST_TLS_PSK_IDENTITY_LEN);
        zbx_tls_free();
        exit(EXIT_FAILURE);
    }
}
​
/******************************************************************************
 *                                                                            *
 * Purpose:                                                                   *
 *     read a pre-shared key from a file and convert it from                  *
 *     textual representation (ASCII hex digit string) to a binary            *
 *     representation (byte string)                                           *
 *                                                                            *
 * Comments:                                                                  *
 *     Maximum length of PSK hex-digit string is defined by HOST_TLS_PSK_LEN. *
 *     Currently it is 512 characters, which encodes a 2048-bit PSK and is    *
 *     supported by GnuTLS and OpenSSL libraries (compiled with default       *
 *     parameters). If the key is longer an error message                     *
 *     "ssl_set_psk(): SSL - Bad input parameters to function" will be logged *
 *     at runtime.                                                            *
 *                                                                            *
 ******************************************************************************/
void    zbx_read_psk_file(const char *file_name, char **psk, size_t *psk_len)
{
    FILE        *f;
    size_t      len;
    int     len_bin, ret = FAIL;