Blame

Date:
Message:
add a privsep crypto engine Incorporate the OpenSMTPD' privsep crypto engine. The idea behind it is to never load the certificate' private keys in a networked process, instead they are loaded in a separate process (the `crypto' one) which signs payloads on the behalf of the server processes. This way, we greatly reduce the risk of leaking the certificate' private key should the server process be compromised. This currently compiles only on LibreSSL (portable fix is in the way).
Actions:
History | Blob | Raw File
 1 e29dbd72 2021-01-23 op /*

 2 1a49166d 2021-01-23 op  * Copyright (c) 2021 Omar Polo <op@omarpolo.com>

 3 e29dbd72 2021-01-23 op  *

 4 e29dbd72 2021-01-23 op  * Permission to use, copy, modify, and distribute this software for any

 5 e29dbd72 2021-01-23 op  * purpose with or without fee is hereby granted, provided that the above

 6 e29dbd72 2021-01-23 op  * copyright notice and this permission notice appear in all copies.

 7 e29dbd72 2021-01-23 op  *

 8 e29dbd72 2021-01-23 op  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

 9 e29dbd72 2021-01-23 op  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

10 e29dbd72 2021-01-23 op  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

11 e29dbd72 2021-01-23 op  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

12 e29dbd72 2021-01-23 op  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

13 e29dbd72 2021-01-23 op  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

14 e29dbd72 2021-01-23 op  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

15 e29dbd72 2021-01-23 op  */

16 e29dbd72 2021-01-23 op 

17 dafb57b8 2021-01-15 op #include "gmid.h"

18 eae52ad4 2023-06-06 op #include "log.h"

19 71b7eb2f 2021-01-17 op 

20 0b62f484 2023-05-08 op #if defined(__OpenBSD__)

21 71b7eb2f 2021-01-17 op 

22 71b7eb2f 2021-01-17 op #include <unistd.h>

23 71b7eb2f 2021-01-17 op 

24 dafb57b8 2021-01-15 op void

25 c26f2460 2023-06-08 op sandbox_main_process(void)

26 c26f2460 2023-06-08 op {

27 c26f2460 2023-06-08 op 	if (pledge("stdio rpath inet dns sendfd proc", NULL) == -1)

28 c26f2460 2023-06-08 op 		fatal("pledge");

29 c26f2460 2023-06-08 op }

30 c26f2460 2023-06-08 op 

31 c26f2460 2023-06-08 op void

32 1e0b9745 2023-05-08 op sandbox_server_process(void)

33 dafb57b8 2021-01-15 op {

34 b24c6fcc 2022-11-27 op 	if (pledge("stdio recvfd rpath unix inet dns", NULL) == -1)

35 8e56d6ad 2021-02-11 op 		fatal("pledge");

36 dafb57b8 2021-01-15 op }

37 dafb57b8 2021-01-15 op 

38 dafb57b8 2021-01-15 op void

39 86693a33 2023-06-11 op sandbox_crypto_process(void)

40 86693a33 2023-06-11 op {

41 86693a33 2023-06-11 op 	if (pledge("stdio recvfd", NULL) == -1)

42 86693a33 2023-06-11 op 		fatal("pledge");

43 86693a33 2023-06-11 op }

44 86693a33 2023-06-11 op 

45 86693a33 2023-06-11 op void

46 62e001b0 2021-03-20 op sandbox_logger_process(void)

47 62e001b0 2021-03-20 op {

48 e952c505 2021-06-15 op 	if (pledge("stdio recvfd", NULL) == -1)

49 2dd5994a 2023-06-06 op 		fatal("pledge");

50 62e001b0 2021-03-20 op }

51 62e001b0 2021-03-20 op 

52 62e001b0 2021-03-20 op #else

53 62e001b0 2021-03-20 op 

54 62e001b0 2021-03-20 op #warning "No sandbox method known for this OS"

55 62e001b0 2021-03-20 op 

56 62e001b0 2021-03-20 op void

57 fc440833 2023-06-08 op sandbox_main_process(void)

58 fc440833 2023-06-08 op {

59 fc440833 2023-06-08 op 	return;

60 fc440833 2023-06-08 op }

61 fc440833 2023-06-08 op 

62 fc440833 2023-06-08 op void

63 1e0b9745 2023-05-08 op sandbox_server_process(void)

64 62e001b0 2021-03-20 op {

65 62e001b0 2021-03-20 op 	return;

66 62e001b0 2021-03-20 op }

67 62e001b0 2021-03-20 op 

68 62e001b0 2021-03-20 op void

69 86693a33 2023-06-11 op sandbox_crypto_process(void)

70 86693a33 2023-06-11 op {

71 86693a33 2023-06-11 op 	return;

72 86693a33 2023-06-11 op }

73 86693a33 2023-06-11 op 

74 86693a33 2023-06-11 op void

75 62e001b0 2021-03-20 op sandbox_logger_process(void)

76 62e001b0 2021-03-20 op {

77 62e001b0 2021-03-20 op 	return;

78 62e001b0 2021-03-20 op }

79 62e001b0 2021-03-20 op 

80 dafb57b8 2021-01-15 op #endif