usr/src/cmd/sendmail/src/sfsasl.c

root/usr/src/cmd/sendmail/src/sfsasl.c
/*
 * Copyright (c) 1999-2006, 2008 Sendmail, Inc. and its suppliers.
 *      All rights reserved.
 *
 * By using this file, you agree to the terms and conditions set
 * forth in the LICENSE file which can be found at the top level of
 * the sendmail distribution.
 *
 */

#include <sm/gen.h>
SM_RCSID("@(#)$Id: sfsasl.c,v 8.118 2008/07/22 15:12:48 ca Exp $")
#include <stdlib.h>
#include <sendmail.h>
#include <sm/time.h>
#include <errno.h>

/* allow to disable error handling code just in case... */
#ifndef DEAL_WITH_ERROR_SSL
# define DEAL_WITH_ERROR_SSL    1
#endif /* ! DEAL_WITH_ERROR_SSL */

#if SASL
# include "sfsasl.h"

/* Structure used by the "sasl" file type */
struct sasl_obj
{
        SM_FILE_T *fp;
        sasl_conn_t *conn;
};

struct sasl_info
{
        SM_FILE_T *fp;
        sasl_conn_t *conn;
};

/*
**  SASL_GETINFO - returns requested information about a "sasl" file
**                descriptor.
**
**      Parameters:
**              fp -- the file descriptor
**              what -- the type of information requested
**              valp -- the thang to return the information in
**
**      Returns:
**              -1 for unknown requests
**              >=0 on success with valp filled in (if possible).
*/

static int sasl_getinfo __P((SM_FILE_T *, int, void *));

static int
sasl_getinfo(fp, what, valp)
        SM_FILE_T *fp;
        int what;
        void *valp;
{
        struct sasl_obj *so = (struct sasl_obj *) fp->f_cookie;

        switch (what)
        {
          case SM_IO_WHAT_FD:
                if (so->fp == NULL)
                        return -1;
                return so->fp->f_file; /* for stdio fileno() compatability */

          case SM_IO_IS_READABLE:
                if (so->fp == NULL)
                        return 0;

                /* get info from underlying file */
                return sm_io_getinfo(so->fp, what, valp);

          default:
                return -1;
        }
}

/*
**  SASL_OPEN -- creates the sasl specific information for opening a
**              file of the sasl type.
**
**      Parameters:
**              fp -- the file pointer associated with the new open
**              info -- contains the sasl connection information pointer and
**                      the original SM_FILE_T that holds the open
**              flags -- ignored
**              rpool -- ignored
**
**      Returns:
**              0 on success
*/

static int sasl_open __P((SM_FILE_T *, const void *, int, const void *));

/* ARGSUSED2 */
static int
sasl_open(fp, info, flags, rpool)
        SM_FILE_T *fp;
        const void *info;
        int flags;
        const void *rpool;
{
        struct sasl_obj *so;
        struct sasl_info *si = (struct sasl_info *) info;

        so = (struct sasl_obj *) sm_malloc(sizeof(struct sasl_obj));
        if (so == NULL)
        {
                errno = ENOMEM;
                return -1;
        }
        so->fp = si->fp;
        so->conn = si->conn;

        /*
        **  The underlying 'fp' is set to SM_IO_NOW so that the entire
        **  encoded string is written in one chunk. Otherwise there is
        **  the possibility that it may appear illegal, bogus or
        **  mangled to the other side of the connection.
        **  We will read or write through 'fp' since it is the opaque
        **  connection for the communications. We need to treat it this
        **  way in case the encoded string is to be sent down a TLS
        **  connection rather than, say, sm_io's stdio.
        */

        (void) sm_io_setvbuf(so->fp, SM_TIME_DEFAULT, NULL, SM_IO_NOW, 0);
        fp->f_cookie = so;
        return 0;
}

/*
**  SASL_CLOSE -- close the sasl specific parts of the sasl file pointer
**
**      Parameters:
**              fp -- the file pointer to close
**
**      Returns:
**              0 on success
*/

static int sasl_close __P((SM_FILE_T *));

static int
sasl_close(fp)
        SM_FILE_T *fp;
{
        struct sasl_obj *so;

        so = (struct sasl_obj *) fp->f_cookie;
        if (so == NULL)
                return 0;
        if (so->fp != NULL)
        {
                sm_io_close(so->fp, SM_TIME_DEFAULT);
                so->fp = NULL;
        }
        sm_free(so);
        so = NULL;
        return 0;
}

/* how to deallocate a buffer allocated by SASL */
extern void     sm_sasl_free __P((void *));
#  define SASL_DEALLOC(b)       sm_sasl_free(b)

/*
**  SASL_READ -- read encrypted information and decrypt it for the caller
**
**      Parameters:
**              fp -- the file pointer
**              buf -- the location to place the decrypted information
**              size -- the number of bytes to read after decryption
**
**      Results:
**              -1 on error
**              otherwise the number of bytes read
*/

static ssize_t sasl_read __P((SM_FILE_T *, char *, size_t));

static ssize_t
sasl_read(fp, buf, size)
        SM_FILE_T *fp;
        char *buf;
        size_t size;
{
        int result;
        ssize_t len;
# if SASL >= 20000
        static const char *outbuf = NULL;
# else /* SASL >= 20000 */
        static char *outbuf = NULL;
# endif /* SASL >= 20000 */
        static unsigned int outlen = 0;
        static unsigned int offset = 0;
        struct sasl_obj *so = (struct sasl_obj *) fp->f_cookie;

        /*
        **  sasl_decode() may require more data than a single read() returns.
        **  Hence we have to put a loop around the decoding.
        **  This also requires that we may have to split up the returned
        **  data since it might be larger than the allowed size.
        **  Therefore we use a static pointer and return portions of it
        **  if necessary.
        **  XXX Note: This function is not thread-safe nor can it be used
        **  on more than one file. A correct implementation would store
        **  this data in fp->f_cookie.
        */

# if SASL >= 20000
        while (outlen == 0)
# else /* SASL >= 20000 */
        while (outbuf == NULL && outlen == 0)
# endif /* SASL >= 20000 */
        {
                len = sm_io_read(so->fp, SM_TIME_DEFAULT, buf, size);
                if (len <= 0)
                        return len;
                result = sasl_decode(so->conn, buf,
                                     (unsigned int) len, &outbuf, &outlen);
                if (result != SASL_OK)
                {
                        if (LogLevel > 7)
                                sm_syslog(LOG_WARNING, NOQID,
                                        "AUTH: sasl_decode error=%d", result);
                        outbuf = NULL;
                        offset = 0;
                        outlen = 0;
                        return -1;
                }
        }

        if (outbuf == NULL)
        {
                /* be paranoid: outbuf == NULL but outlen != 0 */
                syserr("@sasl_read failure: outbuf == NULL but outlen != 0");
                /* NOTREACHED */
        }
        if (outlen - offset > size)
        {
                /* return another part of the buffer */
                (void) memcpy(buf, outbuf + offset, size);
                offset += size;
                len = size;
        }
        else
        {
                /* return the rest of the buffer */
                len = outlen - offset;
                (void) memcpy(buf, outbuf + offset, (size_t) len);
# if SASL < 20000
                SASL_DEALLOC(outbuf);
# endif /* SASL < 20000 */
                outbuf = NULL;
                offset = 0;
                outlen = 0;
        }
        return len;
}

/*
**  SASL_WRITE -- write information out after encrypting it
**
**      Parameters:
**              fp -- the file pointer
**              buf -- holds the data to be encrypted and written
**              size -- the number of bytes to have encrypted and written
**
**      Returns:
**              -1 on error
**              otherwise number of bytes written
*/

static ssize_t sasl_write __P((SM_FILE_T *, const char *, size_t));

static ssize_t
sasl_write(fp, buf, size)
        SM_FILE_T *fp;
        const char *buf;
        size_t size;
{
        int result;
# if SASL >= 20000
        const char *outbuf;
# else /* SASL >= 20000 */
        char *outbuf;
# endif /* SASL >= 20000 */
        unsigned int outlen, *maxencode;
        size_t ret = 0, total = 0;
        struct sasl_obj *so = (struct sasl_obj *) fp->f_cookie;

        /*
        **  Fetch the maximum input buffer size for sasl_encode().
        **  This can be less than the size set in attemptauth()
        **  due to a negotiation with the other side, e.g.,
        **  Cyrus IMAP lmtp program sets maxbuf=4096,
        **  digestmd5 substracts 25 and hence we'll get 4071
        **  instead of 8192 (MAXOUTLEN).
        **  Hack (for now): simply reduce the size, callers are (must be)
        **  able to deal with that and invoke sasl_write() again with
        **  the rest of the data.
        **  Note: it would be better to store this value in the context
        **  after the negotiation.
        */

        result = sasl_getprop(so->conn, SASL_MAXOUTBUF,
                                (const void **) &maxencode);
        if (result == SASL_OK && size > *maxencode && *maxencode > 0)
                size = *maxencode;

        result = sasl_encode(so->conn, buf,
                             (unsigned int) size, &outbuf, &outlen);

        if (result != SASL_OK)
        {
                if (LogLevel > 7)
                        sm_syslog(LOG_WARNING, NOQID,
                                "AUTH: sasl_encode error=%d", result);
                return -1;
        }

        if (outbuf != NULL)
        {
                while (outlen > 0)
                {
                        errno = 0;
                        /* XXX result == 0? */
                        ret = sm_io_write(so->fp, SM_TIME_DEFAULT,
                                          &outbuf[total], outlen);
                        if (ret <= 0)
                                return ret;
                        outlen -= ret;
                        total += ret;
                }
# if SASL < 20000
                SASL_DEALLOC(outbuf);
# endif /* SASL < 20000 */
        }
        return size;
}

/*
**  SFDCSASL -- create sasl file type and open in and out file pointers
**             for sendmail to read from and write to.
**
**      Parameters:
**              fin -- the sm_io file encrypted data to be read from
**              fout -- the sm_io file encrypted data to be written to
**              conn -- the sasl connection pointer
**              tmo -- timeout
**
**      Returns:
**              -1 on error
**              0 on success
**
**      Side effects:
**              The arguments "fin" and "fout" are replaced with the new
**              SM_FILE_T pointers.
*/

int
sfdcsasl(fin, fout, conn, tmo)
        SM_FILE_T **fin;
        SM_FILE_T **fout;
        sasl_conn_t *conn;
        int tmo;
{
        SM_FILE_T *newin, *newout;
        SM_FILE_T  SM_IO_SET_TYPE(sasl_vector, "sasl", sasl_open, sasl_close,
                sasl_read, sasl_write, NULL, sasl_getinfo, NULL,
                SM_TIME_DEFAULT);
        struct sasl_info info;

        if (conn == NULL)
        {
                /* no need to do anything */
                return 0;
        }

        SM_IO_INIT_TYPE(sasl_vector, "sasl", sasl_open, sasl_close,
                sasl_read, sasl_write, NULL, sasl_getinfo, NULL,
                SM_TIME_DEFAULT);
        info.fp = *fin;
        info.conn = conn;
        newin = sm_io_open(&sasl_vector, SM_TIME_DEFAULT, &info,
                        SM_IO_RDONLY_B, NULL);

        if (newin == NULL)
                return -1;

        info.fp = *fout;
        info.conn = conn;
        newout = sm_io_open(&sasl_vector, SM_TIME_DEFAULT, &info,
                        SM_IO_WRONLY_B, NULL);

        if (newout == NULL)
        {
                (void) sm_io_close(newin, SM_TIME_DEFAULT);
                return -1;
        }
        sm_io_automode(newin, newout);

        sm_io_setinfo(*fin, SM_IO_WHAT_TIMEOUT, &tmo);
        sm_io_setinfo(*fout, SM_IO_WHAT_TIMEOUT, &tmo);

        *fin = newin;
        *fout = newout;
        return 0;
}
#endif /* SASL */

#if STARTTLS
# include "sfsasl.h"
#  include <openssl/err.h>

/* Structure used by the "tls" file type */
struct tls_obj
{
        SM_FILE_T *fp;
        SSL *con;
};

struct tls_info
{
        SM_FILE_T *fp;
        SSL *con;
};

/*
**  TLS_GETINFO - returns requested information about a "tls" file
**               descriptor.
**
**      Parameters:
**              fp -- the file descriptor
**              what -- the type of information requested
**              valp -- the thang to return the information in (unused)
**
**      Returns:
**              -1 for unknown requests
**              >=0 on success with valp filled in (if possible).
*/

static int tls_getinfo __P((SM_FILE_T *, int, void *));

/* ARGSUSED2 */
static int
tls_getinfo(fp, what, valp)
        SM_FILE_T *fp;
        int what;
        void *valp;
{
        struct tls_obj *so = (struct tls_obj *) fp->f_cookie;

        switch (what)
        {
          case SM_IO_WHAT_FD:
                if (so->fp == NULL)
                        return -1;
                return so->fp->f_file; /* for stdio fileno() compatability */

          case SM_IO_IS_READABLE:
                return SSL_pending(so->con) > 0;

          default:
                return -1;
        }
}

/*
**  TLS_OPEN -- creates the tls specific information for opening a
**             file of the tls type.
**
**      Parameters:
**              fp -- the file pointer associated with the new open
**              info -- the sm_io file pointer holding the open and the
**                      TLS encryption connection to be read from or written to
**              flags -- ignored
**              rpool -- ignored
**
**      Returns:
**              0 on success
*/

static int tls_open __P((SM_FILE_T *, const void *, int, const void *));

/* ARGSUSED2 */
static int
tls_open(fp, info, flags, rpool)
        SM_FILE_T *fp;
        const void *info;
        int flags;
        const void *rpool;
{
        struct tls_obj *so;
        struct tls_info *ti = (struct tls_info *) info;

        so = (struct tls_obj *) sm_malloc(sizeof(struct tls_obj));
        if (so == NULL)
        {
                errno = ENOMEM;
                return -1;
        }
        so->fp = ti->fp;
        so->con = ti->con;

        /*
        **  We try to get the "raw" file descriptor that TLS uses to
        **  do the actual read/write with. This is to allow us control
        **  over the file descriptor being a blocking or non-blocking type.
        **  Under the covers TLS handles the change and this allows us
        **  to do timeouts with sm_io.
        */

        fp->f_file = sm_io_getinfo(so->fp, SM_IO_WHAT_FD, NULL);
        (void) sm_io_setvbuf(so->fp, SM_TIME_DEFAULT, NULL, SM_IO_NOW, 0);
        fp->f_cookie = so;
        return 0;
}

/*
**  TLS_CLOSE -- close the tls specific parts of the tls file pointer
**
**      Parameters:
**              fp -- the file pointer to close
**
**      Returns:
**              0 on success
*/

static int tls_close __P((SM_FILE_T *));

static int
tls_close(fp)
        SM_FILE_T *fp;
{
        struct tls_obj *so;

        so = (struct tls_obj *) fp->f_cookie;
        if (so == NULL)
                return 0;
        if (so->fp != NULL)
        {
                sm_io_close(so->fp, SM_TIME_DEFAULT);
                so->fp = NULL;
        }
        sm_free(so);
        so = NULL;
        return 0;
}

/* maximum number of retries for TLS related I/O due to handshakes */
# define MAX_TLS_IOS    4

/*
**  TLS_RETRY -- check whether a failed SSL operation can be retried
**
**      Parameters:
**              ssl -- TLS structure
**              rfd -- read fd
**              wfd -- write fd
**              tlsstart -- start time of TLS operation
**              timeout -- timeout for TLS operation
**              err -- SSL error
**              where -- description of operation
**
**      Results:
**              >0 on success
**              0 on timeout
**              <0 on error
*/

int
tls_retry(ssl, rfd, wfd, tlsstart, timeout, err, where)
        SSL *ssl;
        int rfd;
        int wfd;
        time_t tlsstart;
        int timeout;
        int err;
        const char *where;
{
        int ret;
        time_t left;
        time_t now = curtime();
        struct timeval tv;

        ret = -1;

        /*
        **  For SSL_ERROR_WANT_{READ,WRITE}:
        **  There is not a complete SSL record available yet
        **  or there is only a partial SSL record removed from
        **  the network (socket) buffer into the SSL buffer.
        **  The SSL_connect will only succeed when a full
        **  SSL record is available (assuming a "real" error
        **  doesn't happen). To handle when a "real" error
        **  does happen the select is set for exceptions too.
        **  The connection may be re-negotiated during this time
        **  so both read and write "want errors" need to be handled.
        **  A select() exception loops back so that a proper SSL
        **  error message can be gotten.
        */

        left = timeout - (now - tlsstart);
        if (left <= 0)
                return 0;       /* timeout */
        tv.tv_sec = left;
        tv.tv_usec = 0;

        if (LogLevel > 14)
        {
                sm_syslog(LOG_INFO, NOQID,
                          "STARTTLS=%s, info: fds=%d/%d, err=%d",
                          where, rfd, wfd, err);
        }

        if (FD_SETSIZE > 0 &&
            ((err == SSL_ERROR_WANT_READ && rfd >= FD_SETSIZE) ||
             (err == SSL_ERROR_WANT_WRITE && wfd >= FD_SETSIZE)))
        {
                if (LogLevel > 5)
                {
                        sm_syslog(LOG_ERR, NOQID,
                                  "STARTTLS=%s, error: fd %d/%d too large",
                                  where, rfd, wfd);
                if (LogLevel > 8)
                        tlslogerr(where);
                }
                errno = EINVAL;
        }
        else if (err == SSL_ERROR_WANT_READ)
        {
                fd_set ssl_maskr, ssl_maskx;

                FD_ZERO(&ssl_maskr);
                FD_SET(rfd, &ssl_maskr);
                FD_ZERO(&ssl_maskx);
                FD_SET(rfd, &ssl_maskx);
                do
                {
                        ret = select(rfd + 1, &ssl_maskr, NULL, &ssl_maskx,
                                        &tv);
                } while (ret < 0 && errno == EINTR);
                if (ret < 0 && errno > 0)
                        ret = -errno;
        }
        else if (err == SSL_ERROR_WANT_WRITE)
        {
                fd_set ssl_maskw, ssl_maskx;

                FD_ZERO(&ssl_maskw);
                FD_SET(wfd, &ssl_maskw);
                FD_ZERO(&ssl_maskx);
                FD_SET(rfd, &ssl_maskx);
                do
                {
                        ret = select(wfd + 1, NULL, &ssl_maskw, &ssl_maskx,
                                        &tv);
                } while (ret < 0 && errno == EINTR);
                if (ret < 0 && errno > 0)
                        ret = -errno;
        }
        return ret;
}

/* errno to force refill() etc to stop (see IS_IO_ERROR()) */
#ifdef ETIMEDOUT
# define SM_ERR_TIMEOUT ETIMEDOUT
#else /* ETIMEDOUT */
# define SM_ERR_TIMEOUT EIO
#endif /* ETIMEDOUT */

/*
**  SET_TLS_RD_TMO -- read secured information for the caller
**
**      Parameters:
**              rd_tmo -- read timeout
**
**      Results:
**              none
**      This is a hack: there is no way to pass it in
*/

static int tls_rd_tmo = -1;

void
set_tls_rd_tmo(rd_tmo)
        int rd_tmo;
{
        tls_rd_tmo = rd_tmo;
}

/*
**  TLS_READ -- read secured information for the caller
**
**      Parameters:
**              fp -- the file pointer
**              buf -- the location to place the data
**              size -- the number of bytes to read from connection
**
**      Results:
**              -1 on error
**              otherwise the number of bytes read
*/

static ssize_t tls_read __P((SM_FILE_T *, char *, size_t));

static ssize_t
tls_read(fp, buf, size)
        SM_FILE_T *fp;
        char *buf;
        size_t size;
{
        int r, rfd, wfd, try, ssl_err;
        struct tls_obj *so = (struct tls_obj *) fp->f_cookie;
        time_t tlsstart;
        char *err;

        try = 99;
        err = NULL;
        tlsstart = curtime();

  retry:
        r = SSL_read(so->con, (char *) buf, size);

        if (r > 0)
                return r;

        err = NULL;
        switch (ssl_err = SSL_get_error(so->con, r))
        {
          case SSL_ERROR_NONE:
          case SSL_ERROR_ZERO_RETURN:
                break;
          case SSL_ERROR_WANT_WRITE:
                err = "read W BLOCK";
                /* FALLTHROUGH */
          case SSL_ERROR_WANT_READ:
                if (err == NULL)
                        err = "read R BLOCK";
                rfd = SSL_get_rfd(so->con);
                wfd = SSL_get_wfd(so->con);
                try = tls_retry(so->con, rfd, wfd, tlsstart,
                                (tls_rd_tmo < 0) ? TimeOuts.to_datablock
                                                 : tls_rd_tmo,
                                ssl_err, "read");
                if (try > 0)
                        goto retry;
                errno = SM_ERR_TIMEOUT;
                break;

          case SSL_ERROR_WANT_X509_LOOKUP:
                err = "write X BLOCK";
                break;
          case SSL_ERROR_SYSCALL:
                if (r == 0 && errno == 0) /* out of protocol EOF found */
                        break;
                err = "syscall error";
/*
                get_last_socket_error());
*/
                break;
          case SSL_ERROR_SSL:
#if DEAL_WITH_ERROR_SSL
                if (r == 0 && errno == 0) /* out of protocol EOF found */
                        break;
#endif /* DEAL_WITH_ERROR_SSL */
                err = "generic SSL error";
                if (LogLevel > 9)
                        tlslogerr("read");

#if DEAL_WITH_ERROR_SSL
                /* avoid repeated calls? */
                if (r == 0)
                        r = -1;
#endif /* DEAL_WITH_ERROR_SSL */
                break;
        }
        if (err != NULL)
        {
                int save_errno;

                save_errno = (errno == 0) ? EIO : errno;
                if (try == 0 && save_errno == SM_ERR_TIMEOUT)
                {
                        if (LogLevel > 7)
                                sm_syslog(LOG_WARNING, NOQID,
                                          "STARTTLS: read error=timeout");
                }
                else if (LogLevel > 8)
                        sm_syslog(LOG_WARNING, NOQID,
                                  "STARTTLS: read error=%s (%d), errno=%d, get_error=%s, retry=%d, ssl_err=%d",
                                  err, r, errno,
                                  ERR_error_string(ERR_get_error(), NULL), try,
                                  ssl_err);
                else if (LogLevel > 7)
                        sm_syslog(LOG_WARNING, NOQID,
                                  "STARTTLS: read error=%s (%d), retry=%d, ssl_err=%d",
                                  err, r, errno, try, ssl_err);
                errno = save_errno;
        }
        return r;
}

/*
**  TLS_WRITE -- write information out through secure connection
**
**      Parameters:
**              fp -- the file pointer
**              buf -- holds the data to be securely written
**              size -- the number of bytes to write
**
**      Returns:
**              -1 on error
**              otherwise number of bytes written
*/

static ssize_t tls_write __P((SM_FILE_T *, const char *, size_t));

static ssize_t
tls_write(fp, buf, size)
        SM_FILE_T *fp;
        const char *buf;
        size_t size;
{
        int r, rfd, wfd, try, ssl_err;
        struct tls_obj *so = (struct tls_obj *) fp->f_cookie;
        time_t tlsstart;
        char *err;

        try = 99;
        err = NULL;
        tlsstart = curtime();

  retry:
        r = SSL_write(so->con, (char *) buf, size);

        if (r > 0)
                return r;
        err = NULL;
        switch (ssl_err = SSL_get_error(so->con, r))
        {
          case SSL_ERROR_NONE:
          case SSL_ERROR_ZERO_RETURN:
                break;
          case SSL_ERROR_WANT_WRITE:
                err = "read W BLOCK";
                /* FALLTHROUGH */
          case SSL_ERROR_WANT_READ:
                if (err == NULL)
                        err = "read R BLOCK";
                rfd = SSL_get_rfd(so->con);
                wfd = SSL_get_wfd(so->con);
                try = tls_retry(so->con, rfd, wfd, tlsstart,
                                DATA_PROGRESS_TIMEOUT, ssl_err, "write");
                if (try > 0)
                        goto retry;
                errno = SM_ERR_TIMEOUT;
                break;
          case SSL_ERROR_WANT_X509_LOOKUP:
                err = "write X BLOCK";
                break;
          case SSL_ERROR_SYSCALL:
                if (r == 0 && errno == 0) /* out of protocol EOF found */
                        break;
                err = "syscall error";
/*
                get_last_socket_error());
*/
                break;
          case SSL_ERROR_SSL:
                err = "generic SSL error";
/*
                ERR_GET_REASON(ERR_peek_error()));
*/
                if (LogLevel > 9)
                        tlslogerr("write");

#if DEAL_WITH_ERROR_SSL
                /* avoid repeated calls? */
                if (r == 0)
                        r = -1;
#endif /* DEAL_WITH_ERROR_SSL */
                break;
        }
        if (err != NULL)
        {
                int save_errno;

                save_errno = (errno == 0) ? EIO : errno;
                if (try == 0 && save_errno == SM_ERR_TIMEOUT)
                {
                        if (LogLevel > 7)
                                sm_syslog(LOG_WARNING, NOQID,
                                          "STARTTLS: write error=timeout");
                }
                else if (LogLevel > 8)
                        sm_syslog(LOG_WARNING, NOQID,
                                  "STARTTLS: write error=%s (%d), errno=%d, get_error=%s, retry=%d, ssl_err=%d",
                                  err, r, errno,
                                  ERR_error_string(ERR_get_error(), NULL), try,
                                  ssl_err);
                else if (LogLevel > 7)
                        sm_syslog(LOG_WARNING, NOQID,
                                  "STARTTLS: write error=%s (%d), errno=%d, retry=%d, ssl_err=%d",
                                  err, r, errno, try, ssl_err);
                errno = save_errno;
        }
        return r;
}

/*
**  SFDCTLS -- create tls file type and open in and out file pointers
**            for sendmail to read from and write to.
**
**      Parameters:
**              fin -- data input source being replaced
**              fout -- data output source being replaced
**              con -- the tls connection pointer
**
**      Returns:
**              -1 on error
**              0 on success
**
**      Side effects:
**              The arguments "fin" and "fout" are replaced with the new
**              SM_FILE_T pointers.
**              The original "fin" and "fout" are preserved in the tls file
**              type but are not actually used because of the design of TLS.
*/

int
sfdctls(fin, fout, con)
        SM_FILE_T **fin;
        SM_FILE_T **fout;
        SSL *con;
{
        SM_FILE_T *tlsin, *tlsout;
        SM_FILE_T SM_IO_SET_TYPE(tls_vector, "tls", tls_open, tls_close,
                tls_read, tls_write, NULL, tls_getinfo, NULL,
                SM_TIME_FOREVER);
        struct tls_info info;

        SM_ASSERT(con != NULL);

        SM_IO_INIT_TYPE(tls_vector, "tls", tls_open, tls_close,
                tls_read, tls_write, NULL, tls_getinfo, NULL,
                SM_TIME_FOREVER);
        info.fp = *fin;
        info.con = con;
        tlsin = sm_io_open(&tls_vector, SM_TIME_DEFAULT, &info, SM_IO_RDONLY_B,
                           NULL);
        if (tlsin == NULL)
                return -1;

        info.fp = *fout;
        tlsout = sm_io_open(&tls_vector, SM_TIME_DEFAULT, &info, SM_IO_WRONLY_B,
                            NULL);
        if (tlsout == NULL)
        {
                (void) sm_io_close(tlsin, SM_TIME_DEFAULT);
                return -1;
        }
        sm_io_automode(tlsin, tlsout);

        *fin = tlsin;
        *fout = tlsout;
        return 0;
}
#endif /* STARTTLS */
Illumos
