Blame

Date:
Message:
sync libtls
Actions:
History | Blob | Raw File
  1 ebfc5784 2024-01-07 op /* $OpenBSD: tls_signer.c,v 1.9 2023/06/18 19:12:58 tb Exp $ */

  2 ebfc5784 2024-01-07 op /*

  3 ebfc5784 2024-01-07 op  * Copyright (c) 2021 Eric Faurot <eric@openbsd.org>

  4 ebfc5784 2024-01-07 op  *

  5 ebfc5784 2024-01-07 op  * Permission to use, copy, modify, and distribute this software for any

  6 ebfc5784 2024-01-07 op  * purpose with or without fee is hereby granted, provided that the above

  7 ebfc5784 2024-01-07 op  * copyright notice and this permission notice appear in all copies.

  8 ebfc5784 2024-01-07 op  *

  9 ebfc5784 2024-01-07 op  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

 10 ebfc5784 2024-01-07 op  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

 11 ebfc5784 2024-01-07 op  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

 12 ebfc5784 2024-01-07 op  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

 13 ebfc5784 2024-01-07 op  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

 14 ebfc5784 2024-01-07 op  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

 15 ebfc5784 2024-01-07 op  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

 16 ebfc5784 2024-01-07 op  */

 17 ebfc5784 2024-01-07 op 

 18 ebfc5784 2024-01-07 op #include "config.h"

 19 ebfc5784 2024-01-07 op 

 20 ebfc5784 2024-01-07 op #include <limits.h>

 21 ebfc5784 2024-01-07 op 

 22 ebfc5784 2024-01-07 op #include <openssl/ecdsa.h>

 23 ebfc5784 2024-01-07 op #include <openssl/err.h>

 24 ebfc5784 2024-01-07 op #include <openssl/rsa.h>

 25 ebfc5784 2024-01-07 op 

 26 ebfc5784 2024-01-07 op #include "tls.h"

 27 ebfc5784 2024-01-07 op #include "tls_internal.h"

 28 ebfc5784 2024-01-07 op 

 29 ebfc5784 2024-01-07 op struct tls_signer_key {

 30 ebfc5784 2024-01-07 op 	char *hash;

 31 ebfc5784 2024-01-07 op 	RSA *rsa;

 32 ebfc5784 2024-01-07 op 	EC_KEY *ecdsa;

 33 ebfc5784 2024-01-07 op 	struct tls_signer_key *next;

 34 ebfc5784 2024-01-07 op };

 35 ebfc5784 2024-01-07 op 

 36 ebfc5784 2024-01-07 op struct tls_signer {

 37 ebfc5784 2024-01-07 op 	struct tls_error error;

 38 ebfc5784 2024-01-07 op 	struct tls_signer_key *keys;

 39 ebfc5784 2024-01-07 op };

 40 ebfc5784 2024-01-07 op 

 41 ebfc5784 2024-01-07 op struct tls_signer *

 42 ebfc5784 2024-01-07 op tls_signer_new(void)

 43 ebfc5784 2024-01-07 op {

 44 ebfc5784 2024-01-07 op 	struct tls_signer *signer;

 45 ebfc5784 2024-01-07 op 

 46 ebfc5784 2024-01-07 op 	if ((signer = calloc(1, sizeof(*signer))) == NULL)

 47 ebfc5784 2024-01-07 op 		return (NULL);

 48 ebfc5784 2024-01-07 op 

 49 ebfc5784 2024-01-07 op 	return (signer);

 50 ebfc5784 2024-01-07 op }

 51 ebfc5784 2024-01-07 op 

 52 ebfc5784 2024-01-07 op void

 53 ebfc5784 2024-01-07 op tls_signer_free(struct tls_signer *signer)

 54 ebfc5784 2024-01-07 op {

 55 ebfc5784 2024-01-07 op 	struct tls_signer_key *skey;

 56 ebfc5784 2024-01-07 op 

 57 ebfc5784 2024-01-07 op 	if (signer == NULL)

 58 ebfc5784 2024-01-07 op 		return;

 59 ebfc5784 2024-01-07 op 

 60 ebfc5784 2024-01-07 op 	tls_error_clear(&signer->error);

 61 ebfc5784 2024-01-07 op 

 62 ebfc5784 2024-01-07 op 	while (signer->keys) {

 63 ebfc5784 2024-01-07 op 		skey = signer->keys;

 64 ebfc5784 2024-01-07 op 		signer->keys = skey->next;

 65 ebfc5784 2024-01-07 op 		RSA_free(skey->rsa);

 66 ebfc5784 2024-01-07 op 		EC_KEY_free(skey->ecdsa);

 67 ebfc5784 2024-01-07 op 		free(skey->hash);

 68 ebfc5784 2024-01-07 op 		free(skey);

 69 ebfc5784 2024-01-07 op 	}

 70 ebfc5784 2024-01-07 op 

 71 ebfc5784 2024-01-07 op 	free(signer);

 72 ebfc5784 2024-01-07 op }

 73 ebfc5784 2024-01-07 op 

 74 ebfc5784 2024-01-07 op const char *

 75 ebfc5784 2024-01-07 op tls_signer_error(struct tls_signer *signer)

 76 ebfc5784 2024-01-07 op {

 77 ebfc5784 2024-01-07 op 	return (signer->error.msg);

 78 ebfc5784 2024-01-07 op }

 79 ebfc5784 2024-01-07 op 

 80 ebfc5784 2024-01-07 op int

 81 ebfc5784 2024-01-07 op tls_signer_add_keypair_mem(struct tls_signer *signer, const uint8_t *cert,

 82 ebfc5784 2024-01-07 op     size_t cert_len, const uint8_t *key, size_t key_len)

 83 ebfc5784 2024-01-07 op {

 84 ebfc5784 2024-01-07 op 	struct tls_signer_key *skey = NULL;

 85 ebfc5784 2024-01-07 op 	char *errstr = "unknown";

 86 ebfc5784 2024-01-07 op 	int ssl_err;

 87 ebfc5784 2024-01-07 op 	EVP_PKEY *pkey = NULL;

 88 ebfc5784 2024-01-07 op 	X509 *x509 = NULL;

 89 ebfc5784 2024-01-07 op 	BIO *bio = NULL;

 90 ebfc5784 2024-01-07 op 	char *hash = NULL;

 91 ebfc5784 2024-01-07 op 

 92 ebfc5784 2024-01-07 op 	/* Compute certificate hash */

 93 ebfc5784 2024-01-07 op 	if ((bio = BIO_new_mem_buf(cert, cert_len)) == NULL) {

 94 ebfc5784 2024-01-07 op 		tls_error_setx(&signer->error,

 95 ebfc5784 2024-01-07 op 		    "failed to create certificate bio");

 96 ebfc5784 2024-01-07 op 		goto err;

 97 ebfc5784 2024-01-07 op 	}

 98 ebfc5784 2024-01-07 op 	if ((x509 = PEM_read_bio_X509(bio, NULL, tls_password_cb,

 99 ebfc5784 2024-01-07 op 	    NULL)) == NULL) {

100 ebfc5784 2024-01-07 op 		if ((ssl_err = ERR_peek_error()) != 0)

101 ebfc5784 2024-01-07 op 			errstr = ERR_error_string(ssl_err, NULL);

102 ebfc5784 2024-01-07 op 		tls_error_setx(&signer->error, "failed to load certificate: %s",

103 ebfc5784 2024-01-07 op 		    errstr);

104 ebfc5784 2024-01-07 op 		goto err;

105 ebfc5784 2024-01-07 op 	}

106 ebfc5784 2024-01-07 op 	if (tls_cert_pubkey_hash(x509, &hash) == -1) {

107 ebfc5784 2024-01-07 op 		tls_error_setx(&signer->error,

108 ebfc5784 2024-01-07 op 		    "failed to get certificate hash");

109 ebfc5784 2024-01-07 op 		goto err;

110 ebfc5784 2024-01-07 op 	}

111 ebfc5784 2024-01-07 op 

112 ebfc5784 2024-01-07 op 	X509_free(x509);

113 ebfc5784 2024-01-07 op 	x509 = NULL;

114 ebfc5784 2024-01-07 op 	BIO_free(bio);

115 ebfc5784 2024-01-07 op 	bio = NULL;

116 ebfc5784 2024-01-07 op 

117 ebfc5784 2024-01-07 op 	/* Read private key */

118 ebfc5784 2024-01-07 op 	if ((bio = BIO_new_mem_buf(key, key_len)) == NULL) {

119 ebfc5784 2024-01-07 op 		tls_error_setx(&signer->error, "failed to create key bio");

120 ebfc5784 2024-01-07 op 		goto err;

121 ebfc5784 2024-01-07 op 	}

122 ebfc5784 2024-01-07 op 	if ((pkey = PEM_read_bio_PrivateKey(bio, NULL, tls_password_cb,

123 ebfc5784 2024-01-07 op 	    NULL)) == NULL) {

124 ebfc5784 2024-01-07 op 		tls_error_setx(&signer->error, "failed to read private key");

125 ebfc5784 2024-01-07 op 		goto err;

126 ebfc5784 2024-01-07 op 	}

127 ebfc5784 2024-01-07 op 

128 ebfc5784 2024-01-07 op 	if ((skey = calloc(1, sizeof(*skey))) == NULL) {

129 ebfc5784 2024-01-07 op 		tls_error_set(&signer->error, "failed to create key entry");

130 ebfc5784 2024-01-07 op 		goto err;

131 ebfc5784 2024-01-07 op 	}

132 ebfc5784 2024-01-07 op 	skey->hash = hash;

133 ebfc5784 2024-01-07 op 	if ((skey->rsa = EVP_PKEY_get1_RSA(pkey)) == NULL &&

134 ebfc5784 2024-01-07 op 	    (skey->ecdsa = EVP_PKEY_get1_EC_KEY(pkey)) == NULL) {

135 ebfc5784 2024-01-07 op 		tls_error_setx(&signer->error, "unknown key type");

136 ebfc5784 2024-01-07 op 		goto err;

137 ebfc5784 2024-01-07 op 	}

138 ebfc5784 2024-01-07 op 

139 ebfc5784 2024-01-07 op 	skey->next = signer->keys;

140 ebfc5784 2024-01-07 op 	signer->keys = skey;

141 ebfc5784 2024-01-07 op 	EVP_PKEY_free(pkey);

142 ebfc5784 2024-01-07 op 	BIO_free(bio);

143 ebfc5784 2024-01-07 op 

144 ebfc5784 2024-01-07 op 	return (0);

145 ebfc5784 2024-01-07 op 

146 ebfc5784 2024-01-07 op  err:

147 ebfc5784 2024-01-07 op 	EVP_PKEY_free(pkey);

148 ebfc5784 2024-01-07 op 	X509_free(x509);

149 ebfc5784 2024-01-07 op 	BIO_free(bio);

150 ebfc5784 2024-01-07 op 	free(hash);

151 ebfc5784 2024-01-07 op 	free(skey);

152 ebfc5784 2024-01-07 op 

153 ebfc5784 2024-01-07 op 	return (-1);

154 ebfc5784 2024-01-07 op }

155 ebfc5784 2024-01-07 op 

156 ebfc5784 2024-01-07 op int

157 ebfc5784 2024-01-07 op tls_signer_add_keypair_file(struct tls_signer *signer, const char *cert_file,

158 ebfc5784 2024-01-07 op     const char *key_file)

159 ebfc5784 2024-01-07 op {

160 ebfc5784 2024-01-07 op 	char *cert = NULL, *key = NULL;

161 ebfc5784 2024-01-07 op 	size_t cert_len, key_len;

162 ebfc5784 2024-01-07 op 	int rv = -1;

163 ebfc5784 2024-01-07 op 

164 ebfc5784 2024-01-07 op 	if (tls_config_load_file(&signer->error, "certificate", cert_file,

165 ebfc5784 2024-01-07 op 	    &cert, &cert_len) == -1)

166 ebfc5784 2024-01-07 op 		goto err;

167 ebfc5784 2024-01-07 op 

168 ebfc5784 2024-01-07 op 	if (tls_config_load_file(&signer->error, "key", key_file, &key,

169 ebfc5784 2024-01-07 op 	    &key_len) == -1)

170 ebfc5784 2024-01-07 op 		goto err;

171 ebfc5784 2024-01-07 op 

172 ebfc5784 2024-01-07 op 	rv = tls_signer_add_keypair_mem(signer, cert, cert_len, key, key_len);

173 ebfc5784 2024-01-07 op 

174 ebfc5784 2024-01-07 op  err:

175 ebfc5784 2024-01-07 op 	free(cert);

176 ebfc5784 2024-01-07 op 	free(key);

177 ebfc5784 2024-01-07 op 

178 ebfc5784 2024-01-07 op 	return (rv);

179 ebfc5784 2024-01-07 op }

180 ebfc5784 2024-01-07 op 

181 ebfc5784 2024-01-07 op static int

182 ebfc5784 2024-01-07 op tls_sign_rsa(struct tls_signer *signer, struct tls_signer_key *skey,

183 ebfc5784 2024-01-07 op     const uint8_t *input, size_t input_len, int padding_type,

184 ebfc5784 2024-01-07 op     uint8_t **out_signature, size_t *out_signature_len)

185 ebfc5784 2024-01-07 op {

186 ebfc5784 2024-01-07 op 	int rsa_padding, rsa_size, signature_len;

187 ebfc5784 2024-01-07 op 	char *signature = NULL;

188 ebfc5784 2024-01-07 op 

189 ebfc5784 2024-01-07 op 	*out_signature = NULL;

190 ebfc5784 2024-01-07 op 	*out_signature_len = 0;

191 ebfc5784 2024-01-07 op 

192 ebfc5784 2024-01-07 op 	if (padding_type == TLS_PADDING_NONE) {

193 ebfc5784 2024-01-07 op 		rsa_padding = RSA_NO_PADDING;

194 ebfc5784 2024-01-07 op 	} else if (padding_type == TLS_PADDING_RSA_PKCS1) {

195 ebfc5784 2024-01-07 op 		rsa_padding = RSA_PKCS1_PADDING;

196 ebfc5784 2024-01-07 op 	} else {

197 ebfc5784 2024-01-07 op 		tls_error_setx(&signer->error, "invalid RSA padding type (%d)",

198 ebfc5784 2024-01-07 op 		    padding_type);

199 ebfc5784 2024-01-07 op 		return (-1);

200 ebfc5784 2024-01-07 op 	}

201 ebfc5784 2024-01-07 op 

202 ebfc5784 2024-01-07 op 	if (input_len > INT_MAX) {

203 ebfc5784 2024-01-07 op 		tls_error_setx(&signer->error, "input too large");

204 ebfc5784 2024-01-07 op 		return (-1);

205 ebfc5784 2024-01-07 op 	}

206 ebfc5784 2024-01-07 op 	if ((rsa_size = RSA_size(skey->rsa)) <= 0) {

207 ebfc5784 2024-01-07 op 		tls_error_setx(&signer->error, "invalid RSA size: %d",

208 ebfc5784 2024-01-07 op 		    rsa_size);

209 ebfc5784 2024-01-07 op 		return (-1);

210 ebfc5784 2024-01-07 op 	}

211 ebfc5784 2024-01-07 op 	if ((signature = calloc(1, rsa_size)) == NULL) {

212 ebfc5784 2024-01-07 op 		tls_error_set(&signer->error, "RSA signature");

213 ebfc5784 2024-01-07 op 		return (-1);

214 ebfc5784 2024-01-07 op 	}

215 ebfc5784 2024-01-07 op 

216 ebfc5784 2024-01-07 op 	if ((signature_len = RSA_private_encrypt((int)input_len, input,

217 ebfc5784 2024-01-07 op 	    signature, skey->rsa, rsa_padding)) <= 0) {

218 ebfc5784 2024-01-07 op 		/* XXX - include further details from libcrypto. */

219 ebfc5784 2024-01-07 op 		tls_error_setx(&signer->error, "RSA signing failed");

220 ebfc5784 2024-01-07 op 		free(signature);

221 ebfc5784 2024-01-07 op 		return (-1);

222 ebfc5784 2024-01-07 op 	}

223 ebfc5784 2024-01-07 op 

224 ebfc5784 2024-01-07 op 	*out_signature = signature;

225 ebfc5784 2024-01-07 op 	*out_signature_len = (size_t)signature_len;

226 ebfc5784 2024-01-07 op 

227 ebfc5784 2024-01-07 op 	return (0);

228 ebfc5784 2024-01-07 op }

229 ebfc5784 2024-01-07 op 

230 ebfc5784 2024-01-07 op static int

231 ebfc5784 2024-01-07 op tls_sign_ecdsa(struct tls_signer *signer, struct tls_signer_key *skey,

232 ebfc5784 2024-01-07 op     const uint8_t *input, size_t input_len, int padding_type,

233 ebfc5784 2024-01-07 op     uint8_t **out_signature, size_t *out_signature_len)

234 ebfc5784 2024-01-07 op {

235 ebfc5784 2024-01-07 op 	unsigned char *signature;

236 ebfc5784 2024-01-07 op 	int signature_len;

237 ebfc5784 2024-01-07 op 

238 ebfc5784 2024-01-07 op 	*out_signature = NULL;

239 ebfc5784 2024-01-07 op 	*out_signature_len = 0;

240 ebfc5784 2024-01-07 op 

241 ebfc5784 2024-01-07 op 	if (padding_type != TLS_PADDING_NONE) {

242 ebfc5784 2024-01-07 op 		tls_error_setx(&signer->error, "invalid ECDSA padding");

243 ebfc5784 2024-01-07 op 		return (-1);

244 ebfc5784 2024-01-07 op 	}

245 ebfc5784 2024-01-07 op 

246 ebfc5784 2024-01-07 op 	if (input_len > INT_MAX) {

247 ebfc5784 2024-01-07 op 		tls_error_setx(&signer->error, "digest too large");

248 ebfc5784 2024-01-07 op 		return (-1);

249 ebfc5784 2024-01-07 op 	}

250 ebfc5784 2024-01-07 op 	if ((signature_len = ECDSA_size(skey->ecdsa)) <= 0) {

251 ebfc5784 2024-01-07 op 		tls_error_setx(&signer->error, "invalid ECDSA size: %d",

252 ebfc5784 2024-01-07 op 		    signature_len);

253 ebfc5784 2024-01-07 op 		return (-1);

254 ebfc5784 2024-01-07 op 	}

255 ebfc5784 2024-01-07 op 	if ((signature = calloc(1, signature_len)) == NULL) {

256 ebfc5784 2024-01-07 op 		tls_error_set(&signer->error, "ECDSA signature");

257 ebfc5784 2024-01-07 op 		return (-1);

258 ebfc5784 2024-01-07 op 	}

259 ebfc5784 2024-01-07 op 

260 ebfc5784 2024-01-07 op 	if (!ECDSA_sign(0, input, input_len, signature, &signature_len,

261 ebfc5784 2024-01-07 op 	    skey->ecdsa)) {

262 ebfc5784 2024-01-07 op 		/* XXX - include further details from libcrypto. */

263 ebfc5784 2024-01-07 op 		tls_error_setx(&signer->error, "ECDSA signing failed");

264 ebfc5784 2024-01-07 op 		free(signature);

265 ebfc5784 2024-01-07 op 		return (-1);

266 ebfc5784 2024-01-07 op 	}

267 ebfc5784 2024-01-07 op 

268 ebfc5784 2024-01-07 op 	*out_signature = signature;

269 ebfc5784 2024-01-07 op 	*out_signature_len = signature_len;

270 ebfc5784 2024-01-07 op 

271 ebfc5784 2024-01-07 op 	return (0);

272 ebfc5784 2024-01-07 op }

273 ebfc5784 2024-01-07 op 

274 ebfc5784 2024-01-07 op int

275 ebfc5784 2024-01-07 op tls_signer_sign(struct tls_signer *signer, const char *pubkey_hash,

276 ebfc5784 2024-01-07 op     const uint8_t *input, size_t input_len, int padding_type,

277 ebfc5784 2024-01-07 op     uint8_t **out_signature, size_t *out_signature_len)

278 ebfc5784 2024-01-07 op {

279 ebfc5784 2024-01-07 op 	struct tls_signer_key *skey;

280 ebfc5784 2024-01-07 op 

281 ebfc5784 2024-01-07 op 	*out_signature = NULL;

282 ebfc5784 2024-01-07 op 	*out_signature_len = 0;

283 ebfc5784 2024-01-07 op 

284 ebfc5784 2024-01-07 op 	for (skey = signer->keys; skey; skey = skey->next)

285 ebfc5784 2024-01-07 op 		if (!strcmp(pubkey_hash, skey->hash))

286 ebfc5784 2024-01-07 op 			break;

287 ebfc5784 2024-01-07 op 

288 ebfc5784 2024-01-07 op 	if (skey == NULL) {

289 ebfc5784 2024-01-07 op 		tls_error_setx(&signer->error, "key not found");

290 ebfc5784 2024-01-07 op 		return (-1);

291 ebfc5784 2024-01-07 op 	}

292 ebfc5784 2024-01-07 op 

293 ebfc5784 2024-01-07 op 	if (skey->rsa != NULL)

294 ebfc5784 2024-01-07 op 		return tls_sign_rsa(signer, skey, input, input_len,

295 ebfc5784 2024-01-07 op 		    padding_type, out_signature, out_signature_len);

296 ebfc5784 2024-01-07 op 

297 ebfc5784 2024-01-07 op 	if (skey->ecdsa != NULL)

298 ebfc5784 2024-01-07 op 		return tls_sign_ecdsa(signer, skey, input, input_len,

299 ebfc5784 2024-01-07 op 		    padding_type, out_signature, out_signature_len);

300 ebfc5784 2024-01-07 op 

301 ebfc5784 2024-01-07 op 	tls_error_setx(&signer->error, "unknown key type");

302 ebfc5784 2024-01-07 op 

303 ebfc5784 2024-01-07 op 	return (-1);

304 ebfc5784 2024-01-07 op }

305 ebfc5784 2024-01-07 op 

306 ebfc5784 2024-01-07 op static int

307 ebfc5784 2024-01-07 op tls_rsa_priv_enc(int from_len, const unsigned char *from, unsigned char *to,

308 ebfc5784 2024-01-07 op     RSA *rsa, int rsa_padding)

309 ebfc5784 2024-01-07 op {

310 ebfc5784 2024-01-07 op 	struct tls_config *config;

311 ebfc5784 2024-01-07 op 	uint8_t *signature = NULL;

312 ebfc5784 2024-01-07 op 	size_t signature_len = 0;

313 ebfc5784 2024-01-07 op 	const char *pubkey_hash;

314 ebfc5784 2024-01-07 op 	int padding_type;

315 ebfc5784 2024-01-07 op 

316 ebfc5784 2024-01-07 op 	/*

317 ebfc5784 2024-01-07 op 	 * This function is called via RSA_private_encrypt() and has to conform

318 ebfc5784 2024-01-07 op 	 * to its calling convention/signature. The caller is required to

319 ebfc5784 2024-01-07 op 	 * provide a 'to' buffer of at least RSA_size() bytes.

320 ebfc5784 2024-01-07 op 	 */

321 ebfc5784 2024-01-07 op 

322 ebfc5784 2024-01-07 op 	pubkey_hash = RSA_get_ex_data(rsa, 0);

323 ebfc5784 2024-01-07 op 	config = RSA_get_ex_data(rsa, 1);

324 ebfc5784 2024-01-07 op 

325 ebfc5784 2024-01-07 op 	if (pubkey_hash == NULL || config == NULL)

326 ebfc5784 2024-01-07 op 		goto err;

327 ebfc5784 2024-01-07 op 

328 ebfc5784 2024-01-07 op 	if (rsa_padding == RSA_NO_PADDING) {

329 ebfc5784 2024-01-07 op 		padding_type = TLS_PADDING_NONE;

330 ebfc5784 2024-01-07 op 	} else if (rsa_padding == RSA_PKCS1_PADDING) {

331 ebfc5784 2024-01-07 op 		padding_type = TLS_PADDING_RSA_PKCS1;

332 ebfc5784 2024-01-07 op 	} else {

333 ebfc5784 2024-01-07 op 		goto err;

334 ebfc5784 2024-01-07 op 	}

335 ebfc5784 2024-01-07 op 

336 ebfc5784 2024-01-07 op 	if (from_len < 0)

337 ebfc5784 2024-01-07 op 		goto err;

338 ebfc5784 2024-01-07 op 

339 ebfc5784 2024-01-07 op 	if (config->sign_cb(config->sign_cb_arg, pubkey_hash, from, from_len,

340 ebfc5784 2024-01-07 op 	    padding_type, &signature, &signature_len) == -1)

341 ebfc5784 2024-01-07 op 		goto err;

342 ebfc5784 2024-01-07 op 

343 ebfc5784 2024-01-07 op 	if (signature_len > INT_MAX || (int)signature_len > RSA_size(rsa))

344 ebfc5784 2024-01-07 op 		goto err;

345 ebfc5784 2024-01-07 op 

346 ebfc5784 2024-01-07 op 	memcpy(to, signature, signature_len);

347 ebfc5784 2024-01-07 op 	free(signature);

348 ebfc5784 2024-01-07 op 

349 ebfc5784 2024-01-07 op 	return ((int)signature_len);

350 ebfc5784 2024-01-07 op 

351 ebfc5784 2024-01-07 op  err:

352 ebfc5784 2024-01-07 op 	free(signature);

353 ebfc5784 2024-01-07 op 

354 ebfc5784 2024-01-07 op 	return (-1);

355 ebfc5784 2024-01-07 op }

356 ebfc5784 2024-01-07 op 

357 ebfc5784 2024-01-07 op RSA_METHOD *

358 ebfc5784 2024-01-07 op tls_signer_rsa_method(void)

359 ebfc5784 2024-01-07 op {

360 ebfc5784 2024-01-07 op 	static RSA_METHOD *rsa_method = NULL;

361 ebfc5784 2024-01-07 op 

362 ebfc5784 2024-01-07 op 	if (rsa_method != NULL)

363 ebfc5784 2024-01-07 op 		goto out;

364 ebfc5784 2024-01-07 op 

365 ebfc5784 2024-01-07 op 	rsa_method = RSA_meth_new("libtls RSA method", 0);

366 ebfc5784 2024-01-07 op 	if (rsa_method == NULL)

367 ebfc5784 2024-01-07 op 		goto out;

368 ebfc5784 2024-01-07 op 

369 ebfc5784 2024-01-07 op 	RSA_meth_set_priv_enc(rsa_method, tls_rsa_priv_enc);

370 ebfc5784 2024-01-07 op 

371 ebfc5784 2024-01-07 op  out:

372 ebfc5784 2024-01-07 op 	return (rsa_method);

373 ebfc5784 2024-01-07 op }

374 ebfc5784 2024-01-07 op 

375 ebfc5784 2024-01-07 op static ECDSA_SIG *

376 ebfc5784 2024-01-07 op tls_ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,

377 ebfc5784 2024-01-07 op     const BIGNUM *rp, EC_KEY *eckey)

378 ebfc5784 2024-01-07 op {

379 ebfc5784 2024-01-07 op 	struct tls_config *config;

380 ebfc5784 2024-01-07 op 	ECDSA_SIG *ecdsa_sig = NULL;

381 ebfc5784 2024-01-07 op 	uint8_t *signature = NULL;

382 ebfc5784 2024-01-07 op 	size_t signature_len = 0;

383 ebfc5784 2024-01-07 op 	const unsigned char *p;

384 ebfc5784 2024-01-07 op 	const char *pubkey_hash;

385 ebfc5784 2024-01-07 op 

386 ebfc5784 2024-01-07 op 	/*

387 ebfc5784 2024-01-07 op 	 * This function is called via ECDSA_do_sign_ex() and has to conform

388 ebfc5784 2024-01-07 op 	 * to its calling convention/signature.

389 ebfc5784 2024-01-07 op 	 */

390 ebfc5784 2024-01-07 op 

391 ebfc5784 2024-01-07 op 	pubkey_hash = EC_KEY_get_ex_data(eckey, 0);

392 ebfc5784 2024-01-07 op 	config = EC_KEY_get_ex_data(eckey, 1);

393 ebfc5784 2024-01-07 op 

394 ebfc5784 2024-01-07 op 	if (pubkey_hash == NULL || config == NULL)

395 ebfc5784 2024-01-07 op 		goto err;

396 ebfc5784 2024-01-07 op 

397 ebfc5784 2024-01-07 op 	if (dgst_len < 0)

398 ebfc5784 2024-01-07 op 		goto err;

399 ebfc5784 2024-01-07 op 

400 ebfc5784 2024-01-07 op 	if (config->sign_cb(config->sign_cb_arg, pubkey_hash, dgst, dgst_len,

401 ebfc5784 2024-01-07 op 	    TLS_PADDING_NONE, &signature, &signature_len) == -1)

402 ebfc5784 2024-01-07 op 		goto err;

403 ebfc5784 2024-01-07 op 

404 ebfc5784 2024-01-07 op 	p = signature;

405 ebfc5784 2024-01-07 op 	if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &p, signature_len)) == NULL)

406 ebfc5784 2024-01-07 op 		goto err;

407 ebfc5784 2024-01-07 op 

408 ebfc5784 2024-01-07 op 	free(signature);

409 ebfc5784 2024-01-07 op 

410 ebfc5784 2024-01-07 op 	return (ecdsa_sig);

411 ebfc5784 2024-01-07 op 

412 ebfc5784 2024-01-07 op  err:

413 ebfc5784 2024-01-07 op 	free(signature);

414 ebfc5784 2024-01-07 op 

415 ebfc5784 2024-01-07 op 	return (NULL);

416 ebfc5784 2024-01-07 op }

417 ebfc5784 2024-01-07 op 

418 ebfc5784 2024-01-07 op EC_KEY_METHOD *

419 ebfc5784 2024-01-07 op tls_signer_ecdsa_method(void)

420 ebfc5784 2024-01-07 op {

421 ebfc5784 2024-01-07 op 	static EC_KEY_METHOD *ecdsa_method = NULL;

422 ebfc5784 2024-01-07 op 	const EC_KEY_METHOD *default_method;

423 ebfc5784 2024-01-07 op 	int (*sign)(int type, const unsigned char *dgst, int dlen,

424 ebfc5784 2024-01-07 op 	    unsigned char *sig, unsigned int *siglen,

425 ebfc5784 2024-01-07 op 	    const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey);

426 ebfc5784 2024-01-07 op 	int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,

427 ebfc5784 2024-01-07 op 	    BIGNUM **kinvp, BIGNUM **rp);

428 ebfc5784 2024-01-07 op 

429 ebfc5784 2024-01-07 op 	if (ecdsa_method != NULL)

430 ebfc5784 2024-01-07 op 		goto out;

431 ebfc5784 2024-01-07 op 

432 ebfc5784 2024-01-07 op 	default_method = EC_KEY_get_default_method();

433 ebfc5784 2024-01-07 op 	ecdsa_method = EC_KEY_METHOD_new(default_method);

434 ebfc5784 2024-01-07 op 	if (ecdsa_method == NULL)

435 ebfc5784 2024-01-07 op 		goto out;

436 ebfc5784 2024-01-07 op 

437 ebfc5784 2024-01-07 op 	EC_KEY_METHOD_get_sign(default_method, &sign, &sign_setup, NULL);

438 ebfc5784 2024-01-07 op 	EC_KEY_METHOD_set_sign(ecdsa_method, sign, sign_setup,

439 ebfc5784 2024-01-07 op 	    tls_ecdsa_do_sign);

440 ebfc5784 2024-01-07 op 

441 ebfc5784 2024-01-07 op  out:

442 ebfc5784 2024-01-07 op 	return (ecdsa_method);

443 ebfc5784 2024-01-07 op }