op public repos

Blame

Date:: Fri Jun 23 22:39:37 2023 UTC
Message:: macos' clang is retarded thinks rsa and ecdsa may be used un-initialized... if we enter the branch with fatalx(). sigh
Actions:: History | Blob | Raw File
  1 86693a33 2023-06-11 op /*
  2 86693a33 2023-06-11 op  * Copyright (c) 2023 Omar Polo <op@omarpolo.com>
  3 86693a33 2023-06-11 op  * Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org>
  4 86693a33 2023-06-11 op  * Copyright (c) 2012 Gilles Chehade <gilles@poolp.org>
  5 86693a33 2023-06-11 op  *
  6 86693a33 2023-06-11 op  * Permission to use, copy, modify, and distribute this software for any
  7 86693a33 2023-06-11 op  * purpose with or without fee is hereby granted, provided that the above
  8 86693a33 2023-06-11 op  * copyright notice and this permission notice appear in all copies.
  9 86693a33 2023-06-11 op  *
 10 86693a33 2023-06-11 op  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 11 86693a33 2023-06-11 op  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 12 86693a33 2023-06-11 op  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 13 86693a33 2023-06-11 op  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 14 86693a33 2023-06-11 op  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 15 86693a33 2023-06-11 op  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 16 86693a33 2023-06-11 op  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 17 86693a33 2023-06-11 op  */
 18 86693a33 2023-06-11 op 
 19 86693a33 2023-06-11 op #include "gmid.h"
 20 86693a33 2023-06-11 op 
 21 86693a33 2023-06-11 op #include <string.h>
 22 86693a33 2023-06-11 op 
 23 86693a33 2023-06-11 op #include <openssl/err.h>
 24 86693a33 2023-06-11 op #include <openssl/pem.h>
 25 86693a33 2023-06-11 op #include <openssl/engine.h>
 26 86693a33 2023-06-11 op 
 27 86693a33 2023-06-11 op #include "log.h"
 28 86693a33 2023-06-11 op #include "proc.h"
 29 86693a33 2023-06-11 op 
 30 86693a33 2023-06-11 op #ifndef nitems
 31 86693a33 2023-06-11 op #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0]))
 32 86693a33 2023-06-11 op #endif
 33 86693a33 2023-06-11 op 
 34 86693a33 2023-06-11 op static void crypto_init(struct privsep *, struct privsep_proc *, void *);
 35 86693a33 2023-06-11 op static int crypto_dispatch_parent(int, struct privsep_proc *, struct imsg *);
 36 86693a33 2023-06-11 op static int crypto_dispatch_server(int, struct privsep_proc *, struct imsg *);
 37 86693a33 2023-06-11 op 
 38 86693a33 2023-06-11 op static struct privsep_proc procs[] = {
 39 86693a33 2023-06-11 op 	{ "parent",	PROC_PARENT,	crypto_dispatch_parent },
 40 86693a33 2023-06-11 op 	{ "server",	PROC_SERVER,	crypto_dispatch_server },
 41 86693a33 2023-06-11 op };
 42 86693a33 2023-06-11 op 
 43 86693a33 2023-06-11 op struct imsg_crypto_req {
 44 86693a33 2023-06-11 op 	uint64_t	 id;
 45 86693a33 2023-06-11 op 	char		 hash[TLS_CERT_HASH_SIZE];
 46 86693a33 2023-06-11 op 	size_t		 flen;
 47 86693a33 2023-06-11 op 	size_t		 tlen;
 48 86693a33 2023-06-11 op 	int		 padding;
 49 86693a33 2023-06-11 op 	/* followed by flen bytes of `from'. */
 50 86693a33 2023-06-11 op };
 51 86693a33 2023-06-11 op 
 52 86693a33 2023-06-11 op struct imsg_crypto_res {
 53 86693a33 2023-06-11 op 	uint64_t	 id;
 54 86693a33 2023-06-11 op 	int		 ret;
 55 86693a33 2023-06-11 op 	size_t		 len;
 56 86693a33 2023-06-11 op 	/* followed by len bytes of reply */
 57 86693a33 2023-06-11 op };
 58 86693a33 2023-06-11 op 
 59 86693a33 2023-06-11 op static uint64_t		 reqid;
 60 86693a33 2023-06-11 op static struct conf	*conf;
 61 86693a33 2023-06-11 op 
 62 86693a33 2023-06-11 op void
 63 86693a33 2023-06-11 op crypto(struct privsep *ps, struct privsep_proc *p)
 64 86693a33 2023-06-11 op {
 65 86693a33 2023-06-11 op 	proc_run(ps, p, procs, nitems(procs), crypto_init, NULL);
 66 86693a33 2023-06-11 op }
 67 86693a33 2023-06-11 op 
 68 86693a33 2023-06-11 op static void
 69 86693a33 2023-06-11 op crypto_init(struct privsep *ps, struct privsep_proc *p, void *arg)
 70 86693a33 2023-06-11 op {
 71 86693a33 2023-06-11 op #if 0
 72 86693a33 2023-06-11 op 	static volatile int attached;
 73 86693a33 2023-06-11 op 	while (!attached) sleep(1);
 74 86693a33 2023-06-11 op #endif
 75 86693a33 2023-06-11 op 
 76 86693a33 2023-06-11 op 	conf = ps->ps_env;
 77 86693a33 2023-06-11 op 
 78 86693a33 2023-06-11 op 	sandbox_crypto_process();
 79 86693a33 2023-06-11 op }
 80 86693a33 2023-06-11 op 
 81 86693a33 2023-06-11 op static int
 82 86693a33 2023-06-11 op crypto_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg)
 83 86693a33 2023-06-11 op {
 84 86693a33 2023-06-11 op 	switch (imsg->hdr.type) {
 85 86693a33 2023-06-11 op 	case IMSG_RECONF_START:
 86 86693a33 2023-06-11 op 	case IMSG_RECONF_CERT:
 87 86693a33 2023-06-11 op 	case IMSG_RECONF_KEY:
 88 86693a33 2023-06-11 op 	case IMSG_RECONF_END:
 89 86693a33 2023-06-11 op 		if (config_recv(conf, imsg) == -1)
 90 86693a33 2023-06-11 op 			return -1;
 91 86693a33 2023-06-11 op 		break;
 92 86693a33 2023-06-11 op 	default:
 93 86693a33 2023-06-11 op 		return -1;
 94 86693a33 2023-06-11 op 	}
 95 86693a33 2023-06-11 op 
 96 86693a33 2023-06-11 op 	return 0;
 97 86693a33 2023-06-11 op }
 98 86693a33 2023-06-11 op 
 99 86693a33 2023-06-11 op static EVP_PKEY *
100 86693a33 2023-06-11 op get_pkey(const char *hash)
101 86693a33 2023-06-11 op {
102 86693a33 2023-06-11 op 	struct pki *pki;
103 86693a33 2023-06-11 op 
104 86693a33 2023-06-11 op 	TAILQ_FOREACH(pki, &conf->pkis, pkis) {
105 86693a33 2023-06-11 op 		if (!strcmp(pki->hash, hash))
106 86693a33 2023-06-11 op 			return pki->pkey;
107 86693a33 2023-06-11 op 	}
108 86693a33 2023-06-11 op 
109 86693a33 2023-06-11 op 	return NULL;
110 86693a33 2023-06-11 op }
111 86693a33 2023-06-11 op 
112 86693a33 2023-06-11 op static int
113 86693a33 2023-06-11 op crypto_dispatch_server(int fd, struct privsep_proc *p, struct imsg *imsg)
114 86693a33 2023-06-11 op {
115 86693a33 2023-06-11 op 	struct privsep		*ps = p->p_ps;
116 51340784 2023-06-23 op 	RSA			*rsa = NULL;
117 51340784 2023-06-23 op 	EC_KEY			*ecdsa = NULL;
118 86693a33 2023-06-11 op 	EVP_PKEY		*pkey;
119 86693a33 2023-06-11 op 	struct imsg_crypto_req	 req;
120 86693a33 2023-06-11 op 	struct imsg_crypto_res	 res;
121 86693a33 2023-06-11 op 	struct iovec		 iov[2];
122 86693a33 2023-06-11 op 	const void		*from;
123 10cc8193 2023-06-13 op 	unsigned char		*data, *to;
124 86693a33 2023-06-11 op 	size_t			 datalen;
125 b8d68fc8 2023-06-11 op 	int			 n, ret;
126 b8d68fc8 2023-06-11 op 	unsigned int		 len;
127 86693a33 2023-06-11 op 
128 10cc8193 2023-06-13 op 	data = imsg->data;
129 86693a33 2023-06-11 op 	datalen = IMSG_DATA_SIZE(imsg);
130 86693a33 2023-06-11 op 
131 86693a33 2023-06-11 op 	switch (imsg->hdr.type) {
132 86693a33 2023-06-11 op 	case IMSG_CRYPTO_RSA_PRIVENC:
133 86693a33 2023-06-11 op 	case IMSG_CRYPTO_RSA_PRIVDEC:
134 86693a33 2023-06-11 op 		if (datalen < sizeof(req))
135 86693a33 2023-06-11 op 			fatalx("size mismatch for imsg %d", imsg->hdr.type);
136 10cc8193 2023-06-13 op 		memcpy(&req, data, sizeof(req));
137 86693a33 2023-06-11 op 		if (datalen != sizeof(req) + req.flen)
138 86693a33 2023-06-11 op 			fatalx("size mismatch for imsg %d", imsg->hdr.type);
139 10cc8193 2023-06-13 op 		from = data + sizeof(req);
140 86693a33 2023-06-11 op 
141 86693a33 2023-06-11 op 		if ((pkey = get_pkey(req.hash)) == NULL ||
142 86693a33 2023-06-11 op 		    (rsa = EVP_PKEY_get1_RSA(pkey)) == NULL)
143 86693a33 2023-06-11 op 			fatalx("invalid pkey hash");
144 86693a33 2023-06-11 op 
145 86693a33 2023-06-11 op 		if ((to = calloc(1, req.tlen)) == NULL)
146 86693a33 2023-06-11 op 			fatal("calloc");
147 86693a33 2023-06-11 op 
148 b90faa16 2023-06-13 op 		if (imsg->hdr.type == IMSG_CRYPTO_RSA_PRIVENC)
149 86693a33 2023-06-11 op 			ret = RSA_private_encrypt(req.flen, from,
150 86693a33 2023-06-11 op 			    to, rsa, req.padding);
151 b90faa16 2023-06-13 op 		else
152 86693a33 2023-06-11 op 			ret = RSA_private_decrypt(req.flen, from,
153 86693a33 2023-06-11 op 			    to, rsa, req.padding);
154 86693a33 2023-06-11 op 
155 86693a33 2023-06-11 op 		memset(&res, 0, sizeof(res));
156 86693a33 2023-06-11 op 		res.id = req.id;
157 86693a33 2023-06-11 op 		res.ret = ret;
158 86693a33 2023-06-11 op 
159 86693a33 2023-06-11 op 		memset(&iov, 0, sizeof(iov));
160 86693a33 2023-06-11 op 		n = 0;
161 86693a33 2023-06-11 op 		iov[n].iov_base = &res;
162 86693a33 2023-06-11 op 		iov[n].iov_len = sizeof(res);
163 86693a33 2023-06-11 op 		n++;
164 86693a33 2023-06-11 op 
165 86693a33 2023-06-11 op 		if (ret > 0) {
166 86693a33 2023-06-11 op 			res.len = ret;
167 86693a33 2023-06-11 op 			iov[n].iov_base = to;
168 86693a33 2023-06-11 op 			iov[n].iov_len = ret;
169 86693a33 2023-06-11 op 			n++;
170 86693a33 2023-06-11 op 		}
171 86693a33 2023-06-11 op 
172 86693a33 2023-06-11 op 		log_debug("replying to server #%d", imsg->hdr.pid);
173 86693a33 2023-06-11 op 		if (proc_composev_imsg(ps, PROC_SERVER, imsg->hdr.pid - 1,
174 86693a33 2023-06-11 op 		    imsg->hdr.type, 0, -1, iov, n) == -1)
175 86693a33 2023-06-11 op 			fatal("proc_composev_imsg");
176 86693a33 2023-06-11 op 
177 86693a33 2023-06-11 op 		if (proc_flush_imsg(ps, PROC_SERVER, imsg->hdr.pid - 1) == -1)
178 86693a33 2023-06-11 op 			fatal("proc_flush_imsg");
179 86693a33 2023-06-11 op 
180 86693a33 2023-06-11 op 		free(to);
181 86693a33 2023-06-11 op 		RSA_free(rsa);
182 86693a33 2023-06-11 op 		break;
183 86693a33 2023-06-11 op 
184 86693a33 2023-06-11 op 	case IMSG_CRYPTO_ECDSA_SIGN:
185 86693a33 2023-06-11 op 		if (datalen < sizeof(req))
186 86693a33 2023-06-11 op 			fatalx("size mismatch for imsg %d", imsg->hdr.type);
187 10cc8193 2023-06-13 op 		memcpy(&req, data, sizeof(req));
188 86693a33 2023-06-11 op 		if (datalen != sizeof(req) + req.flen)
189 86693a33 2023-06-11 op 			fatalx("size mismatch for imsg %d", imsg->hdr.type);
190 10cc8193 2023-06-13 op 		from = data + sizeof(req);
191 86693a33 2023-06-11 op 
192 86693a33 2023-06-11 op 		if ((pkey = get_pkey(req.hash)) == NULL ||
193 86693a33 2023-06-11 op 		    (ecdsa = EVP_PKEY_get1_EC_KEY(pkey)) == NULL)
194 86693a33 2023-06-11 op 			fatalx("invalid pkey hash");
195 86693a33 2023-06-11 op 
196 86693a33 2023-06-11 op 		len = ECDSA_size(ecdsa);
197 86693a33 2023-06-11 op 		if ((to = calloc(1, len)) == NULL)
198 86693a33 2023-06-11 op 			fatal("calloc");
199 86693a33 2023-06-11 op 		ret = ECDSA_sign(0, from, req.flen, to, &len, ecdsa);
200 86693a33 2023-06-11 op 
201 86693a33 2023-06-11 op 		memset(&res, 0, sizeof(res));
202 86693a33 2023-06-11 op 		res.id = req.id;
203 86693a33 2023-06-11 op 		res.ret = ret;
204 86693a33 2023-06-11 op 
205 86693a33 2023-06-11 op 		memset(&iov, 0, sizeof(iov));
206 86693a33 2023-06-11 op 		n = 0;
207 86693a33 2023-06-11 op 		iov[0].iov_base = &res;
208 86693a33 2023-06-11 op 		iov[1].iov_len = sizeof(res);
209 86693a33 2023-06-11 op 		n++;
210 86693a33 2023-06-11 op 
211 86693a33 2023-06-11 op 		if (ret > 0) {
212 86693a33 2023-06-11 op 			res.len = len;
213 86693a33 2023-06-11 op 			iov[n].iov_base = to;
214 86693a33 2023-06-11 op 			iov[n].iov_len = len;
215 86693a33 2023-06-11 op 			n++;
216 86693a33 2023-06-11 op 		}
217 86693a33 2023-06-11 op 
218 86693a33 2023-06-11 op 		log_debug("replying to server #%d", imsg->hdr.pid);
219 86693a33 2023-06-11 op 		if (proc_composev_imsg(ps, PROC_SERVER, imsg->hdr.pid - 1,
220 86693a33 2023-06-11 op 		    imsg->hdr.type, 0, -1, iov, n) == -1)
221 86693a33 2023-06-11 op 			fatal("proc_composev_imsg");
222 86693a33 2023-06-11 op 
223 86693a33 2023-06-11 op 		if (proc_flush_imsg(ps, PROC_SERVER, imsg->hdr.pid - 1) == -1)
224 86693a33 2023-06-11 op 			fatal("proc_flush_imsg");
225 86693a33 2023-06-11 op 
226 86693a33 2023-06-11 op 		free(to);
227 86693a33 2023-06-11 op 		EC_KEY_free(ecdsa);
228 86693a33 2023-06-11 op 		break;
229 86693a33 2023-06-11 op 
230 86693a33 2023-06-11 op 	default:
231 86693a33 2023-06-11 op 		return -1;
232 86693a33 2023-06-11 op 	}
233 86693a33 2023-06-11 op 
234 86693a33 2023-06-11 op 	return 0;
235 86693a33 2023-06-11 op }
236 86693a33 2023-06-11 op 
237 86693a33 2023-06-11 op 
238 86693a33 2023-06-11 op /*
239 86693a33 2023-06-11 op  * RSA privsep engine (called from unprivileged processes)
240 86693a33 2023-06-11 op  */
241 86693a33 2023-06-11 op 
242 86693a33 2023-06-11 op static const RSA_METHOD	*rsa_default;
243 86693a33 2023-06-11 op static RSA_METHOD	*rsae_method;
244 86693a33 2023-06-11 op 
245 86693a33 2023-06-11 op static int
246 86693a33 2023-06-11 op rsae_send_imsg(int flen, const unsigned char *from, unsigned char *to,
247 86693a33 2023-06-11 op     RSA *rsa, int padding, unsigned int cmd)
248 86693a33 2023-06-11 op {
249 86693a33 2023-06-11 op 	struct imsg_crypto_req	 req;
250 86693a33 2023-06-11 op 	struct iovec		 iov[2];
251 86693a33 2023-06-11 op 	struct imsg_crypto_res	 res;
252 86693a33 2023-06-11 op 	struct imsgev		*iev;
253 86693a33 2023-06-11 op 	struct privsep_proc	*p;
254 86693a33 2023-06-11 op 	struct privsep		*ps = conf->ps;
255 86693a33 2023-06-11 op 	struct imsgbuf		*ibuf;
256 86693a33 2023-06-11 op 	struct imsg		 imsg;
257 86693a33 2023-06-11 op 	int			 ret = 0;
258 86693a33 2023-06-11 op 	int			 n, done = 0;
259 86693a33 2023-06-11 op 	const void		*toptr;
260 86693a33 2023-06-11 op 	char			*hash;
261 10cc8193 2023-06-13 op 	unsigned char		*data;
262 86693a33 2023-06-11 op 	size_t			 datalen;
263 86693a33 2023-06-11 op 
264 86693a33 2023-06-11 op 	if ((hash = RSA_get_ex_data(rsa, 0)) == NULL)
265 86693a33 2023-06-11 op 		return (0);
266 86693a33 2023-06-11 op 
267 86693a33 2023-06-11 op 	/*
268 86693a33 2023-06-11 op 	 * Send a synchronous imsg because we cannot defer the RSA
269 86693a33 2023-06-11 op 	 * operation in OpenSSL's engine layer.
270 86693a33 2023-06-11 op 	 */
271 86693a33 2023-06-11 op 	memset(&req, 0, sizeof(req));
272 86693a33 2023-06-11 op 	req.id = ++reqid;
273 86693a33 2023-06-11 op 	if (strlcpy(req.hash, hash, sizeof(req.hash)) >= sizeof(req.hash))
274 86693a33 2023-06-11 op 		fatalx("%s: hash too long (%zu)", __func__, strlen(hash));
275 86693a33 2023-06-11 op 	req.flen = flen;
276 86693a33 2023-06-11 op 	req.tlen = RSA_size(rsa);
277 86693a33 2023-06-11 op 	req.padding = padding;
278 86693a33 2023-06-11 op 
279 86693a33 2023-06-11 op 	memset(&iov, 0, sizeof(iov));
280 86693a33 2023-06-11 op 	iov[0].iov_base = &req;
281 86693a33 2023-06-11 op 	iov[0].iov_len = sizeof(req);
282 86693a33 2023-06-11 op 	iov[1].iov_base = (void *)from;
283 86693a33 2023-06-11 op 	iov[1].iov_len = flen;
284 86693a33 2023-06-11 op 
285 86693a33 2023-06-11 op 	if (proc_composev(ps, PROC_CRYPTO, cmd, iov, 2) == -1)
286 86693a33 2023-06-11 op 		fatal("proc_composev");
287 86693a33 2023-06-11 op 
288 86693a33 2023-06-11 op 	if (proc_flush_imsg(ps, PROC_CRYPTO, -1) == -1)
289 86693a33 2023-06-11 op 		fatal("proc_flush_imsg");
290 86693a33 2023-06-11 op 
291 86693a33 2023-06-11 op 	iev = ps->ps_ievs[PROC_CRYPTO];
292 86693a33 2023-06-11 op 	p = iev->proc;
293 86693a33 2023-06-11 op 	ibuf = &iev->ibuf;
294 86693a33 2023-06-11 op 
295 86693a33 2023-06-11 op 	while (!done) {
296 86693a33 2023-06-11 op 		if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
297 86693a33 2023-06-11 op 			fatalx("imsg_read");
298 86693a33 2023-06-11 op 		if (n == 0)
299 86693a33 2023-06-11 op 			fatalx("pipe closed");
300 86693a33 2023-06-11 op 
301 86693a33 2023-06-11 op 		while (!done) {
302 86693a33 2023-06-11 op 			if ((n = imsg_get(ibuf, &imsg)) == -1)
303 86693a33 2023-06-11 op 				fatalx("imsg_get error");
304 86693a33 2023-06-11 op 			if (n == 0)
305 86693a33 2023-06-11 op 				break;
306 86693a33 2023-06-11 op 
307 86693a33 2023-06-11 op #if DEBUG > 1
308 86693a33 2023-06-11 op 			log_debug(
309 86693a33 2023-06-11 op 			    "%s: %s %d got imsg %d peerid %d from %s %d",
310 86693a33 2023-06-11 op 			    __func__, title, 1, imsg.hdr.type,
311 86693a33 2023-06-11 op 			    imsg.hdr.peerid, "crypto", imsg.hdr.pid);
312 86693a33 2023-06-11 op #endif
313 86693a33 2023-06-11 op 
314 86693a33 2023-06-11 op 			if ((p->p_cb)(ibuf->fd, p, &imsg) == 0) {
315 86693a33 2023-06-11 op 				/* Message was handled by the callback */
316 86693a33 2023-06-11 op 				imsg_free(&imsg);
317 86693a33 2023-06-11 op 				continue;
318 86693a33 2023-06-11 op 			}
319 86693a33 2023-06-11 op 
320 86693a33 2023-06-11 op 			switch (imsg.hdr.type) {
321 86693a33 2023-06-11 op 			case IMSG_CRYPTO_RSA_PRIVENC:
322 86693a33 2023-06-11 op 			case IMSG_CRYPTO_RSA_PRIVDEC:
323 86693a33 2023-06-11 op 				break;
324 86693a33 2023-06-11 op 			default:
325 86693a33 2023-06-11 op 				fatalx("%s: %s %d got invalid imsg %d"
326 86693a33 2023-06-11 op 				    " peerid %d from %s %d",
327 86693a33 2023-06-11 op 				    __func__, "server", ps->ps_instance + 1,
328 86693a33 2023-06-11 op 				    imsg.hdr.type, imsg.hdr.peerid,
329 86693a33 2023-06-11 op 				    "crypto", imsg.hdr.pid);
330 86693a33 2023-06-11 op 			}
331 86693a33 2023-06-11 op 
332 10cc8193 2023-06-13 op 			data = imsg.data;
333 86693a33 2023-06-11 op 			datalen = IMSG_DATA_SIZE(&imsg);
334 86693a33 2023-06-11 op 			if (datalen < sizeof(res))
335 86693a33 2023-06-11 op 				fatalx("size mismatch for imsg %d",
336 86693a33 2023-06-11 op 				    imsg.hdr.type);
337 10cc8193 2023-06-13 op 			memcpy(&res, data, sizeof(res));
338 86693a33 2023-06-11 op 			if (datalen != sizeof(res) + res.ret)
339 86693a33 2023-06-11 op 				fatalx("size mismatch for imsg %d",
340 86693a33 2023-06-11 op 				    imsg.hdr.type);
341 86693a33 2023-06-11 op 			ret = res.ret;
342 10cc8193 2023-06-13 op 			toptr = data + sizeof(res);
343 86693a33 2023-06-11 op 
344 86693a33 2023-06-11 op 			if (res.id != reqid)
345 d1739e3f 2023-06-11 op 				fatalx("invalid id; got %llu, want %llu",
346 d1739e3f 2023-06-11 op 				    (unsigned long long)res.id,
347 d1739e3f 2023-06-11 op 				    (unsigned long long)reqid);
348 86693a33 2023-06-11 op 			if (res.ret > 0)
349 86693a33 2023-06-11 op 				memcpy(to, toptr, res.len);
350 86693a33 2023-06-11 op 
351 86693a33 2023-06-11 op 			done = 1;
352 86693a33 2023-06-11 op 
353 86693a33 2023-06-11 op 			imsg_free(&imsg);
354 86693a33 2023-06-11 op 		}
355 86693a33 2023-06-11 op 	}
356 86693a33 2023-06-11 op 	imsg_event_add(iev);
357 86693a33 2023-06-11 op 
358 86693a33 2023-06-11 op 	return (ret);
359 86693a33 2023-06-11 op }
360 86693a33 2023-06-11 op 
361 86693a33 2023-06-11 op static int
362 86693a33 2023-06-11 op rsae_pub_enc(int flen,const unsigned char *from, unsigned char *to, RSA *rsa,
363 86693a33 2023-06-11 op     int padding)
364 86693a33 2023-06-11 op {
365 86693a33 2023-06-11 op 	log_debug("debug: %s", __func__);
366 86693a33 2023-06-11 op 	return (RSA_meth_get_pub_enc(rsa_default)(flen, from, to, rsa, padding));
367 86693a33 2023-06-11 op }
368 86693a33 2023-06-11 op 
369 86693a33 2023-06-11 op static int
370 86693a33 2023-06-11 op rsae_pub_dec(int flen,const unsigned char *from, unsigned char *to, RSA *rsa,
371 86693a33 2023-06-11 op     int padding)
372 86693a33 2023-06-11 op {
373 86693a33 2023-06-11 op 	log_debug("debug: %s", __func__);
374 86693a33 2023-06-11 op 	return (RSA_meth_get_pub_dec(rsa_default)(flen, from, to, rsa, padding));
375 86693a33 2023-06-11 op }
376 86693a33 2023-06-11 op 
377 86693a33 2023-06-11 op static int
378 86693a33 2023-06-11 op rsae_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,
379 86693a33 2023-06-11 op     int padding)
380 86693a33 2023-06-11 op {
381 86693a33 2023-06-11 op 	log_debug("debug: %s", __func__);
382 86693a33 2023-06-11 op 	if (RSA_get_ex_data(rsa, 0) != NULL)
383 86693a33 2023-06-11 op 		return (rsae_send_imsg(flen, from, to, rsa, padding,
384 86693a33 2023-06-11 op 		    IMSG_CRYPTO_RSA_PRIVENC));
385 86693a33 2023-06-11 op 	return (RSA_meth_get_priv_enc(rsa_default)(flen, from, to, rsa, padding));
386 86693a33 2023-06-11 op }
387 86693a33 2023-06-11 op 
388 86693a33 2023-06-11 op static int
389 86693a33 2023-06-11 op rsae_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,
390 86693a33 2023-06-11 op     int padding)
391 86693a33 2023-06-11 op {
392 86693a33 2023-06-11 op 	log_debug("debug: %s", __func__);
393 86693a33 2023-06-11 op 	if (RSA_get_ex_data(rsa, 0) != NULL)
394 86693a33 2023-06-11 op 		return (rsae_send_imsg(flen, from, to, rsa, padding,
395 86693a33 2023-06-11 op 		    IMSG_CRYPTO_RSA_PRIVDEC));
396 86693a33 2023-06-11 op 
397 86693a33 2023-06-11 op 	return (RSA_meth_get_priv_dec(rsa_default)(flen, from, to, rsa, padding));
398 86693a33 2023-06-11 op }
399 86693a33 2023-06-11 op 
400 86693a33 2023-06-11 op static int
401 86693a33 2023-06-11 op rsae_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
402 86693a33 2023-06-11 op {
403 86693a33 2023-06-11 op 	log_debug("debug: %s", __func__);
404 86693a33 2023-06-11 op 	return (RSA_meth_get_mod_exp(rsa_default)(r0, I, rsa, ctx));
405 86693a33 2023-06-11 op }
406 86693a33 2023-06-11 op 
407 86693a33 2023-06-11 op static int
408 86693a33 2023-06-11 op rsae_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
409 86693a33 2023-06-11 op     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
410 86693a33 2023-06-11 op {
411 86693a33 2023-06-11 op 	log_debug("debug: %s", __func__);
412 86693a33 2023-06-11 op 	return (RSA_meth_get_bn_mod_exp(rsa_default)(r, a, p, m, ctx, m_ctx));
413 86693a33 2023-06-11 op }
414 86693a33 2023-06-11 op 
415 86693a33 2023-06-11 op static int
416 86693a33 2023-06-11 op rsae_init(RSA *rsa)
417 86693a33 2023-06-11 op {
418 86693a33 2023-06-11 op 	log_debug("debug: %s", __func__);
419 86693a33 2023-06-11 op 	if (RSA_meth_get_init(rsa_default) == NULL)
420 86693a33 2023-06-11 op 		return (1);
421 86693a33 2023-06-11 op 	return (RSA_meth_get_init(rsa_default)(rsa));
422 86693a33 2023-06-11 op }
423 86693a33 2023-06-11 op 
424 86693a33 2023-06-11 op static int
425 86693a33 2023-06-11 op rsae_finish(RSA *rsa)
426 86693a33 2023-06-11 op {
427 86693a33 2023-06-11 op 	log_debug("debug: %s", __func__);
428 86693a33 2023-06-11 op 	if (RSA_meth_get_finish(rsa_default) == NULL)
429 86693a33 2023-06-11 op 		return (1);
430 86693a33 2023-06-11 op 	return (RSA_meth_get_finish(rsa_default)(rsa));
431 86693a33 2023-06-11 op }
432 86693a33 2023-06-11 op 
433 86693a33 2023-06-11 op static int
434 86693a33 2023-06-11 op rsae_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
435 86693a33 2023-06-11 op {
436 86693a33 2023-06-11 op 	log_debug("debug: %s", __func__);
437 86693a33 2023-06-11 op 	return (RSA_meth_get_keygen(rsa_default)(rsa, bits, e, cb));
438 86693a33 2023-06-11 op }
439 86693a33 2023-06-11 op 
440 86693a33 2023-06-11 op 
441 86693a33 2023-06-11 op /*
442 86693a33 2023-06-11 op  * ECDSA privsep engine (called from unprivileged processes)
443 86693a33 2023-06-11 op  */
444 86693a33 2023-06-11 op 
445 86693a33 2023-06-11 op static const EC_KEY_METHOD	*ecdsa_default;
446 86693a33 2023-06-11 op static EC_KEY_METHOD		*ecdsae_method;
447 86693a33 2023-06-11 op 
448 86693a33 2023-06-11 op static ECDSA_SIG *
449 86693a33 2023-06-11 op ecdsae_send_enc_imsg(const unsigned char *dgst, int dgst_len,
450 86693a33 2023-06-11 op     const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey)
451 86693a33 2023-06-11 op {
452 86693a33 2023-06-11 op 	ECDSA_SIG		*sig = NULL;
453 86693a33 2023-06-11 op 	struct imsg_crypto_req	 req;
454 86693a33 2023-06-11 op 	struct iovec		 iov[2];
455 86693a33 2023-06-11 op 	struct imsg_crypto_res	 res;
456 86693a33 2023-06-11 op 	struct imsgev		*iev;
457 86693a33 2023-06-11 op 	struct privsep_proc	*p;
458 86693a33 2023-06-11 op 	struct privsep		*ps = conf->ps;
459 86693a33 2023-06-11 op 	struct imsgbuf		*ibuf;
460 86693a33 2023-06-11 op 	struct imsg		 imsg;
461 86693a33 2023-06-11 op 	int			 n, done = 0;
462 86693a33 2023-06-11 op 	const void		*toptr;
463 86693a33 2023-06-11 op 	char			*hash;
464 10cc8193 2023-06-13 op 	unsigned char		*data;
465 86693a33 2023-06-11 op 	size_t			 datalen;
466 86693a33 2023-06-11 op 
467 86693a33 2023-06-11 op 	if ((hash = EC_KEY_get_ex_data(eckey, 0)) == NULL)
468 86693a33 2023-06-11 op 		return (0);
469 86693a33 2023-06-11 op 
470 86693a33 2023-06-11 op 	/*
471 86693a33 2023-06-11 op 	 * Send a synchronous imsg because we cannot defer the RSA
472 86693a33 2023-06-11 op 	 * operation in OpenSSL's engine layer.
473 86693a33 2023-06-11 op 	 */
474 86693a33 2023-06-11 op 	memset(&req, 0, sizeof(req));
475 86693a33 2023-06-11 op 	req.id = reqid++;
476 86693a33 2023-06-11 op 	if (strlcpy(req.hash, hash, sizeof(req.hash)) >= sizeof(req.hash))
477 86693a33 2023-06-11 op 		fatalx("%s: hash too long (%zu)", __func__, strlen(hash));
478 86693a33 2023-06-11 op 	req.flen = dgst_len;
479 86693a33 2023-06-11 op 
480 86693a33 2023-06-11 op 	memset(&iov, 0, sizeof(iov));
481 86693a33 2023-06-11 op 	iov[0].iov_base = &req;
482 86693a33 2023-06-11 op 	iov[0].iov_len = sizeof(req);
483 86693a33 2023-06-11 op 	iov[1].iov_base = (void *)dgst;
484 86693a33 2023-06-11 op 	iov[1].iov_len = dgst_len;
485 86693a33 2023-06-11 op 
486 86693a33 2023-06-11 op 	if (proc_composev(ps, PROC_CRYPTO, IMSG_CRYPTO_ECDSA_SIGN, iov, 2) == -1)
487 86693a33 2023-06-11 op 		fatal("proc_composev");
488 86693a33 2023-06-11 op 
489 86693a33 2023-06-11 op 	if (proc_flush_imsg(ps, PROC_CRYPTO, -1) == -1)
490 86693a33 2023-06-11 op 		fatal("proc_flush_imsg");
491 86693a33 2023-06-11 op 
492 86693a33 2023-06-11 op 	iev = ps->ps_ievs[PROC_CRYPTO];
493 86693a33 2023-06-11 op 	p = iev->proc;
494 86693a33 2023-06-11 op 	ibuf = &iev->ibuf;
495 86693a33 2023-06-11 op 
496 86693a33 2023-06-11 op 	while (!done) {
497 86693a33 2023-06-11 op 		if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
498 86693a33 2023-06-11 op 			fatalx("imsg_read");
499 86693a33 2023-06-11 op 		if (n == 0)
500 86693a33 2023-06-11 op 			fatalx("pipe closed");
501 86693a33 2023-06-11 op 
502 86693a33 2023-06-11 op 		while (!done) {
503 86693a33 2023-06-11 op 			if ((n = imsg_get(ibuf, &imsg)) == -1)
504 86693a33 2023-06-11 op 				fatalx("imsg_get error");
505 86693a33 2023-06-11 op 			if (n == 0)
506 86693a33 2023-06-11 op 				break;
507 86693a33 2023-06-11 op 
508 86693a33 2023-06-11 op #if DEBUG > 1
509 86693a33 2023-06-11 op 			log_debug(
510 86693a33 2023-06-11 op 			    "%s: %s %d got imsg %d peerid %d from %s %d",
511 86693a33 2023-06-11 op 			    __func__, title, 1, imsg.hdr.type,
512 86693a33 2023-06-11 op 			    imsg.hdr.peerid, "crypto", imsg.hdr.pid);
513 86693a33 2023-06-11 op #endif
514 86693a33 2023-06-11 op 
515 86693a33 2023-06-11 op 			if (crypto_dispatch_server(ibuf->fd, p, &imsg) == 0) {
516 86693a33 2023-06-11 op 				/* Message was handled by the callback */
517 86693a33 2023-06-11 op 				imsg_free(&imsg);
518 86693a33 2023-06-11 op 				continue;
519 86693a33 2023-06-11 op 			}
520 86693a33 2023-06-11 op 
521 86693a33 2023-06-11 op 			if (imsg.hdr.type != IMSG_CRYPTO_ECDSA_SIGN)
522 86693a33 2023-06-11 op 				fatalx("%s: %s %d got invalid imsg %d"
523 86693a33 2023-06-11 op 				    " peerid %d from %s %d",
524 86693a33 2023-06-11 op 				    __func__, "server", ps->ps_instance + 1,
525 86693a33 2023-06-11 op 				    imsg.hdr.type, imsg.hdr.peerid,
526 86693a33 2023-06-11 op 				    "crypto", imsg.hdr.pid);
527 86693a33 2023-06-11 op 
528 10cc8193 2023-06-13 op 			data = imsg.data;
529 86693a33 2023-06-11 op 			datalen = IMSG_DATA_SIZE(&imsg);
530 86693a33 2023-06-11 op 			if (datalen < sizeof(res))
531 86693a33 2023-06-11 op 				fatalx("size mismatch for imsg %d",
532 86693a33 2023-06-11 op 				    imsg.hdr.type);
533 10cc8193 2023-06-13 op 			memcpy(&res, data, sizeof(res));
534 86693a33 2023-06-11 op 			if (datalen != sizeof(res) + res.ret)
535 86693a33 2023-06-11 op 				fatalx("size mismatch for imsg %d",
536 86693a33 2023-06-11 op 				    imsg.hdr.type);
537 10cc8193 2023-06-13 op 			toptr = data + sizeof(res);
538 86693a33 2023-06-11 op 
539 86693a33 2023-06-11 op 			if (res.id != reqid)
540 86693a33 2023-06-11 op 				fatalx("invalid response id");
541 86693a33 2023-06-11 op 			if (res.ret > 0) {
542 86693a33 2023-06-11 op 				d2i_ECDSA_SIG(&sig,
543 86693a33 2023-06-11 op 				    (const unsigned char **)&toptr, res.len);
544 86693a33 2023-06-11 op 			}
545 86693a33 2023-06-11 op 
546 86693a33 2023-06-11 op 			done = 1;
547 86693a33 2023-06-11 op 
548 86693a33 2023-06-11 op 			imsg_free(&imsg);
549 86693a33 2023-06-11 op 		}
550 86693a33 2023-06-11 op 	}
551 86693a33 2023-06-11 op 	imsg_event_add(iev);
552 86693a33 2023-06-11 op 
553 86693a33 2023-06-11 op 	return (sig);
554 86693a33 2023-06-11 op }
555 86693a33 2023-06-11 op 
556 86693a33 2023-06-11 op static int
557 86693a33 2023-06-11 op ecdsae_keygen(EC_KEY *eckey)
558 86693a33 2023-06-11 op {
559 86693a33 2023-06-11 op 	int (*keygen)(EC_KEY *);
560 86693a33 2023-06-11 op 
561 86693a33 2023-06-11 op 	log_debug("debug: %s", __func__);
562 86693a33 2023-06-11 op 	EC_KEY_METHOD_get_keygen(ecdsa_default, &keygen);
563 86693a33 2023-06-11 op 	return (keygen(eckey));
564 86693a33 2023-06-11 op }
565 86693a33 2023-06-11 op 
566 ec96a0ad 2023-06-11 op #if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <= 0x3080100fL
567 86693a33 2023-06-11 op static int
568 86693a33 2023-06-11 op ecdsae_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
569 86693a33 2023-06-11 op     EC_KEY *ecdh, void *(*kdf)(const void *, size_t, void *, size_t *))
570 86693a33 2023-06-11 op {
571 86693a33 2023-06-11 op 	int (*ckey)(void *, size_t, const EC_POINT *, EC_KEY *,
572 86693a33 2023-06-11 op 	    void *(*)(const void *, size_t, void *, size_t *));
573 86693a33 2023-06-11 op 
574 86693a33 2023-06-11 op 	log_debug("debug: %s", __func__);
575 86693a33 2023-06-11 op 	EC_KEY_METHOD_get_compute_key(ecdsa_default, &ckey);
576 86693a33 2023-06-11 op 	return (ckey(out, outlen, pub_key, ecdh, kdf));
577 ec96a0ad 2023-06-11 op }
578 ec96a0ad 2023-06-11 op #else
579 ec96a0ad 2023-06-11 op static int
580 ec96a0ad 2023-06-11 op ecdsae_compute_key(unsigned char **psec, size_t *pseclen,
581 ec96a0ad 2023-06-11 op     const EC_POINT *pub_key, const EC_KEY *ecdh)
582 ec96a0ad 2023-06-11 op {
583 ec96a0ad 2023-06-11 op 	int (*ckey)(unsigned char **, size_t *, const EC_POINT *,
584 ec96a0ad 2023-06-11 op 	    const EC_KEY *);
585 ec96a0ad 2023-06-11 op 
586 ec96a0ad 2023-06-11 op 	log_debug("debug: %s", __func__);
587 ec96a0ad 2023-06-11 op 	EC_KEY_METHOD_get_compute_key(ecdsa_default, &ckey);
588 ec96a0ad 2023-06-11 op 	return (ckey(psec, pseclen, pub_key, ecdh));
589 86693a33 2023-06-11 op }
590 ec96a0ad 2023-06-11 op #endif
591 86693a33 2023-06-11 op 
592 86693a33 2023-06-11 op static int
593 86693a33 2023-06-11 op ecdsae_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
594 86693a33 2023-06-11 op     unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey)
595 86693a33 2023-06-11 op {
596 86693a33 2023-06-11 op 	int (*sign)(int, const unsigned char *, int, unsigned char *,
597 86693a33 2023-06-11 op 	    unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *);
598 86693a33 2023-06-11 op 
599 86693a33 2023-06-11 op 	log_debug("debug: %s", __func__);
600 86693a33 2023-06-11 op 	EC_KEY_METHOD_get_sign(ecdsa_default, &sign, NULL, NULL);
601 86693a33 2023-06-11 op 	return (sign(type, dgst, dlen, sig, siglen, kinv, r, eckey));
602 86693a33 2023-06-11 op }
603 86693a33 2023-06-11 op 
604 86693a33 2023-06-11 op static ECDSA_SIG *
605 86693a33 2023-06-11 op ecdsae_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
606 86693a33 2023-06-11 op     const BIGNUM *rp, EC_KEY *eckey)
607 86693a33 2023-06-11 op {
608 86693a33 2023-06-11 op 	ECDSA_SIG *(*psign_sig)(const unsigned char *, int, const BIGNUM *,
609 86693a33 2023-06-11 op 	    const BIGNUM *, EC_KEY *);
610 86693a33 2023-06-11 op 
611 86693a33 2023-06-11 op 	log_debug("debug: %s", __func__);
612 86693a33 2023-06-11 op 	if (EC_KEY_get_ex_data(eckey, 0) != NULL)
613 86693a33 2023-06-11 op 		return (ecdsae_send_enc_imsg(dgst, dgst_len, inv, rp, eckey));
614 86693a33 2023-06-11 op 	EC_KEY_METHOD_get_sign(ecdsa_default, NULL, NULL, &psign_sig);
615 86693a33 2023-06-11 op 	return (psign_sig(dgst, dgst_len, inv, rp, eckey));
616 86693a33 2023-06-11 op }
617 86693a33 2023-06-11 op 
618 86693a33 2023-06-11 op static int
619 86693a33 2023-06-11 op ecdsae_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **r)
620 86693a33 2023-06-11 op {
621 86693a33 2023-06-11 op 	int (*psign_setup)(EC_KEY *, BN_CTX *, BIGNUM **, BIGNUM **);
622 86693a33 2023-06-11 op 
623 86693a33 2023-06-11 op 	log_debug("debug: %s", __func__);
624 86693a33 2023-06-11 op 	EC_KEY_METHOD_get_sign(ecdsa_default, NULL, &psign_setup, NULL);
625 86693a33 2023-06-11 op 	return (psign_setup(eckey, ctx, kinv, r));
626 86693a33 2023-06-11 op }
627 86693a33 2023-06-11 op 
628 86693a33 2023-06-11 op static int
629 86693a33 2023-06-11 op ecdsae_verify(int type, const unsigned char *dgst, int dgst_len,
630 86693a33 2023-06-11 op     const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
631 86693a33 2023-06-11 op {
632 86693a33 2023-06-11 op 	int (*verify)(int, const unsigned char *, int, const unsigned char *,
633 86693a33 2023-06-11 op 	    int, EC_KEY *);
634 86693a33 2023-06-11 op 
635 86693a33 2023-06-11 op 	log_debug("debug: %s", __func__);
636 86693a33 2023-06-11 op 	EC_KEY_METHOD_get_verify(ecdsa_default, &verify, NULL);
637 86693a33 2023-06-11 op 	return (verify(type, dgst, dgst_len, sigbuf, sig_len, eckey));
638 86693a33 2023-06-11 op }
639 86693a33 2023-06-11 op 
640 86693a33 2023-06-11 op static int
641 86693a33 2023-06-11 op ecdsae_do_verify(const unsigned char *dgst, int dgst_len,
642 86693a33 2023-06-11 op     const ECDSA_SIG *sig, EC_KEY *eckey)
643 86693a33 2023-06-11 op {
644 86693a33 2023-06-11 op 	int (*pverify_sig)(const unsigned char *, int, const ECDSA_SIG *,
645 86693a33 2023-06-11 op 	    EC_KEY *);
646 86693a33 2023-06-11 op 
647 86693a33 2023-06-11 op 	log_debug("debug: %s", __func__);
648 86693a33 2023-06-11 op 	EC_KEY_METHOD_get_verify(ecdsa_default, NULL, &pverify_sig);
649 86693a33 2023-06-11 op 	return (pverify_sig(dgst, dgst_len, sig, eckey));
650 86693a33 2023-06-11 op }
651 86693a33 2023-06-11 op 
652 86693a33 2023-06-11 op 
653 86693a33 2023-06-11 op /*
654 86693a33 2023-06-11 op  * Initialize the two engines.
655 86693a33 2023-06-11 op  */
656 86693a33 2023-06-11 op 
657 86693a33 2023-06-11 op static void
658 86693a33 2023-06-11 op rsa_engine_init(void)
659 86693a33 2023-06-11 op {
660 86693a33 2023-06-11 op 	ENGINE		*e;
661 86693a33 2023-06-11 op 	const char	*errstr, *name;
662 86693a33 2023-06-11 op 
663 86693a33 2023-06-11 op 	if ((rsae_method = RSA_meth_new("RSA privsep engine", 0)) == NULL) {
664 86693a33 2023-06-11 op 		errstr = "RSA_meth_new";
665 86693a33 2023-06-11 op 		goto fail;
666 86693a33 2023-06-11 op 	}
667 86693a33 2023-06-11 op 
668 86693a33 2023-06-11 op 	RSA_meth_set_pub_enc(rsae_method, rsae_pub_enc);
669 86693a33 2023-06-11 op 	RSA_meth_set_pub_dec(rsae_method, rsae_pub_dec);
670 86693a33 2023-06-11 op 	RSA_meth_set_priv_enc(rsae_method, rsae_priv_enc);
671 86693a33 2023-06-11 op 	RSA_meth_set_priv_dec(rsae_method, rsae_priv_dec);
672 86693a33 2023-06-11 op 	RSA_meth_set_mod_exp(rsae_method, rsae_mod_exp);
673 86693a33 2023-06-11 op 	RSA_meth_set_bn_mod_exp(rsae_method, rsae_bn_mod_exp);
674 86693a33 2023-06-11 op 	RSA_meth_set_init(rsae_method, rsae_init);
675 86693a33 2023-06-11 op 	RSA_meth_set_finish(rsae_method, rsae_finish);
676 86693a33 2023-06-11 op 	RSA_meth_set_keygen(rsae_method, rsae_keygen);
677 86693a33 2023-06-11 op 
678 86693a33 2023-06-11 op 	if ((e = ENGINE_get_default_RSA()) == NULL) {
679 86693a33 2023-06-11 op 		if ((e = ENGINE_new()) == NULL) {
680 86693a33 2023-06-11 op 			errstr = "ENGINE_new";
681 86693a33 2023-06-11 op 			goto fail;
682 86693a33 2023-06-11 op 		}
683 86693a33 2023-06-11 op 		if (!ENGINE_set_name(e, RSA_meth_get0_name(rsae_method))) {
684 86693a33 2023-06-11 op 			errstr = "ENGINE_set_name";
685 86693a33 2023-06-11 op 			goto fail;
686 86693a33 2023-06-11 op 		}
687 86693a33 2023-06-11 op 		if ((rsa_default = RSA_get_default_method()) == NULL) {
688 86693a33 2023-06-11 op 			errstr = "RSA_get_default_method";
689 86693a33 2023-06-11 op 			goto fail;
690 86693a33 2023-06-11 op 		}
691 86693a33 2023-06-11 op 	} else if ((rsa_default = ENGINE_get_RSA(e)) == NULL) {
692 86693a33 2023-06-11 op 		errstr = "ENGINE_get_RSA";
693 86693a33 2023-06-11 op 		goto fail;
694 86693a33 2023-06-11 op 	}
695 86693a33 2023-06-11 op 
696 86693a33 2023-06-11 op 	if ((name = ENGINE_get_name(e)) == NULL)
697 86693a33 2023-06-11 op 		name = "unknown RSA engine";
698 86693a33 2023-06-11 op 
699 86693a33 2023-06-11 op 	log_debug("debug: %s: using %s", __func__, name);
700 86693a33 2023-06-11 op 
701 86693a33 2023-06-11 op 	if (RSA_meth_get_mod_exp(rsa_default) == NULL)
702 86693a33 2023-06-11 op 		RSA_meth_set_mod_exp(rsae_method, NULL);
703 86693a33 2023-06-11 op 	if (RSA_meth_get_bn_mod_exp(rsa_default) == NULL)
704 86693a33 2023-06-11 op 		RSA_meth_set_bn_mod_exp(rsae_method, NULL);
705 86693a33 2023-06-11 op 	if (RSA_meth_get_keygen(rsa_default) == NULL)
706 86693a33 2023-06-11 op 		RSA_meth_set_keygen(rsae_method, NULL);
707 86693a33 2023-06-11 op 	RSA_meth_set_flags(rsae_method,
708 86693a33 2023-06-11 op 		RSA_meth_get_flags(rsa_default) | RSA_METHOD_FLAG_NO_CHECK);
709 86693a33 2023-06-11 op 	RSA_meth_set0_app_data(rsae_method,
710 86693a33 2023-06-11 op 		RSA_meth_get0_app_data(rsa_default));
711 86693a33 2023-06-11 op 
712 86693a33 2023-06-11 op 	if (!ENGINE_set_RSA(e, rsae_method)) {
713 86693a33 2023-06-11 op 		errstr = "ENGINE_set_RSA";
714 86693a33 2023-06-11 op 		goto fail;
715 86693a33 2023-06-11 op 	}
716 86693a33 2023-06-11 op 	if (!ENGINE_set_default_RSA(e)) {
717 86693a33 2023-06-11 op 		errstr = "ENGINE_set_default_RSA";
718 86693a33 2023-06-11 op 		goto fail;
719 86693a33 2023-06-11 op 	}
720 86693a33 2023-06-11 op 
721 86693a33 2023-06-11 op 	return;
722 86693a33 2023-06-11 op 
723 86693a33 2023-06-11 op  fail:
724 86693a33 2023-06-11 op 	ssl_error(errstr);
725 86693a33 2023-06-11 op 	fatalx("%s", errstr);
726 86693a33 2023-06-11 op }
727 86693a33 2023-06-11 op 
728 86693a33 2023-06-11 op static void
729 86693a33 2023-06-11 op ecdsa_engine_init(void)
730 86693a33 2023-06-11 op {
731 86693a33 2023-06-11 op 	ENGINE		*e;
732 86693a33 2023-06-11 op 	const char	*errstr, *name;
733 86693a33 2023-06-11 op 
734 86693a33 2023-06-11 op 	if ((ecdsae_method = EC_KEY_METHOD_new(NULL)) == NULL) {
735 86693a33 2023-06-11 op 		errstr = "EC_KEY_METHOD_new";
736 86693a33 2023-06-11 op 		goto fail;
737 86693a33 2023-06-11 op 	}
738 86693a33 2023-06-11 op 
739 86693a33 2023-06-11 op 	EC_KEY_METHOD_set_keygen(ecdsae_method, ecdsae_keygen);
740 86693a33 2023-06-11 op 	EC_KEY_METHOD_set_compute_key(ecdsae_method, ecdsae_compute_key);
741 86693a33 2023-06-11 op 	EC_KEY_METHOD_set_sign(ecdsae_method, ecdsae_sign, ecdsae_sign_setup,
742 86693a33 2023-06-11 op 	    ecdsae_do_sign);
743 86693a33 2023-06-11 op 	EC_KEY_METHOD_set_verify(ecdsae_method, ecdsae_verify,
744 86693a33 2023-06-11 op 	    ecdsae_do_verify);
745 86693a33 2023-06-11 op 
746 86693a33 2023-06-11 op 	if ((e = ENGINE_get_default_EC()) == NULL) {
747 86693a33 2023-06-11 op 		if ((e = ENGINE_new()) == NULL) {
748 86693a33 2023-06-11 op 			errstr = "ENGINE_new";
749 86693a33 2023-06-11 op 			goto fail;
750 86693a33 2023-06-11 op 		}
751 86693a33 2023-06-11 op 		if (!ENGINE_set_name(e, "ECDSA privsep engine")) {
752 86693a33 2023-06-11 op 			errstr = "ENGINE_set_name";
753 86693a33 2023-06-11 op 			goto fail;
754 86693a33 2023-06-11 op 		}
755 86693a33 2023-06-11 op 		if ((ecdsa_default = EC_KEY_get_default_method()) == NULL) {
756 86693a33 2023-06-11 op 			errstr = "EC_KEY_get_default_method";
757 86693a33 2023-06-11 op 			goto fail;
758 86693a33 2023-06-11 op 		}
759 86693a33 2023-06-11 op 	} else if ((ecdsa_default = ENGINE_get_EC(e)) == NULL) {
760 86693a33 2023-06-11 op 		errstr = "ENGINE_get_EC";
761 86693a33 2023-06-11 op 		goto fail;
762 86693a33 2023-06-11 op 	}
763 86693a33 2023-06-11 op 
764 86693a33 2023-06-11 op 	if ((name = ENGINE_get_name(e)) == NULL)
765 86693a33 2023-06-11 op 		name = "unknown ECDSA engine";
766 86693a33 2023-06-11 op 
767 86693a33 2023-06-11 op 	log_debug("debug: %s: using %s", __func__, name);
768 86693a33 2023-06-11 op 
769 86693a33 2023-06-11 op 	if (!ENGINE_set_EC(e, ecdsae_method)) {
770 86693a33 2023-06-11 op 		errstr = "ENGINE_set_EC";
771 86693a33 2023-06-11 op 		goto fail;
772 86693a33 2023-06-11 op 	}
773 86693a33 2023-06-11 op 	if (!ENGINE_set_default_EC(e)) {
774 86693a33 2023-06-11 op 		errstr = "ENGINE_set_default_EC";
775 86693a33 2023-06-11 op 		goto fail;
776 86693a33 2023-06-11 op 	}
777 86693a33 2023-06-11 op 
778 86693a33 2023-06-11 op 	return;
779 86693a33 2023-06-11 op 
780 86693a33 2023-06-11 op  fail:
781 86693a33 2023-06-11 op 	ssl_error(errstr);
782 86693a33 2023-06-11 op 	fatalx("%s", errstr);
783 86693a33 2023-06-11 op }
784 86693a33 2023-06-11 op 
785 86693a33 2023-06-11 op void
786 86693a33 2023-06-11 op crypto_engine_init(struct conf *c)
787 86693a33 2023-06-11 op {
788 86693a33 2023-06-11 op 	conf = c;
789 86693a33 2023-06-11 op 
790 86693a33 2023-06-11 op 	rsa_engine_init();
791 86693a33 2023-06-11 op 	ecdsa_engine_init();
792 86693a33 2023-06-11 op }
793 86693a33 2023-06-11 op