1 /* $OpenBSD: tls_util.c,v 1.16 2023/05/14 07:26:25 op Exp $ */
2 /*
3  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4  * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
5  * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
6  *
7  * Permission to use, copy, modify, and distribute this software for any
8  * purpose with or without fee is hereby granted, provided that the above
9  * copyright notice and this permission notice appear in all copies.
10  *
11  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18  */
19 
20 #include "config.h"
21 
22 #include <sys/stat.h>
23 
24 #include <stdlib.h>
25 #include <string.h>
26 #include <unistd.h>
27 #include <fcntl.h>
28 
29 #include "tls.h"
30 #include "tls_internal.h"
31 
32 static void *
33 memdup(const void *in, size_t len)
34 {
35 	void *out;
36 
37 	if ((out = malloc(len)) == NULL)
38 		return NULL;
39 	memcpy(out, in, len);
40 	return out;
41 }
42 
43 int
44 tls_set_mem(char **dest, size_t *destlen, const void *src, size_t srclen)
45 {
46 	free(*dest);
47 	*dest = NULL;
48 	*destlen = 0;
49 	if (src != NULL) {
50 		if ((*dest = memdup(src, srclen)) == NULL)
51 			return -1;
52 		*destlen = srclen;
53 	}
54 	return 0;
55 }
56 
57 int
58 tls_set_string(const char **dest, const char *src)
59 {
60 	free((char *)*dest);
61 	*dest = NULL;
62 	if (src != NULL)
63 		if ((*dest = strdup(src)) == NULL)
64 			return -1;
65 	return 0;
66 }
67 
68 /*
69  * Extract the host and port from a colon separated value. For a literal IPv6
70  * address the address must be contained with square braces. If a host and
71  * port are successfully extracted, the function will return 0 and the
72  * caller is responsible for freeing the host and port. If no port is found
73  * then the function will return 1, with both host and port being NULL.
74  * On memory allocation failure -1 will be returned.
75  */
76 int
77 tls_host_port(const char *hostport, char **host, char **port)
78 {
79 	char *h, *p, *s;
80 	int rv = 1;
81 
82 	*host = NULL;
83 	*port = NULL;
84 
85 	if ((s = strdup(hostport)) == NULL)
86 		goto err;
87 
88 	h = p = s;
89 
90 	/* See if this is an IPv6 literal with square braces. */
91 	if (p[0] == '[') {
92 		h++;
93 		if ((p = strchr(s, ']')) == NULL)
94 			goto done;
95 		*p++ = '\0';
96 	}
97 
98 	/* Find the port separator. */
99 	if ((p = strchr(p, ':')) == NULL)
100 		goto done;
101 
102 	/* If there is another separator then we have issues. */
103 	if (strchr(p + 1, ':') != NULL)
104 		goto done;
105 
106 	*p++ = '\0';
107 
108 	if (asprintf(host, "%s", h) == -1) {
109 		*host = NULL;
110 		goto err;
111 	}
112 	if (asprintf(port, "%s", p) == -1) {
113 		*port = NULL;
114 		goto err;
115 	}
116 
117 	rv = 0;
118 	goto done;
119 
120  err:
121 	free(*host);
122 	*host = NULL;
123 	free(*port);
124 	*port = NULL;
125 	rv = -1;
126 
127  done:
128 	free(s);
129 
130 	return (rv);
131 }
132 
133 int
134 tls_password_cb(char *buf, int size, int rwflag, void *u)
135 {
136 	size_t len;
137 
138 	if (size < 0)
139 		return (0);
140 
141 	if (u == NULL) {
142 		memset(buf, 0, size);
143 		return (0);
144 	}
145 
146 	if ((len = strlcpy(buf, u, size)) >= (size_t)size)
147 		return (0);
148 
149 	return (len);
150 }
151 
152 uint8_t *
153 tls_load_file(const char *name, size_t *len, char *password)
154 {
155 	FILE *fp;
156 	EVP_PKEY *key = NULL;
157 	BIO *bio = NULL;
158 	char *data;
159 	uint8_t *buf = NULL;
160 	struct stat st;
161 	size_t size = 0;
162 	int fd = -1;
163 	ssize_t n;
164 
165 	*len = 0;
166 
167 	if ((fd = open(name, O_RDONLY)) == -1)
168 		return (NULL);
169 
170 	/* Just load the file into memory without decryption */
171 	if (password == NULL) {
172 		if (fstat(fd, &st) != 0)
173 			goto err;
174 		if (st.st_size < 0)
175 			goto err;
176 		size = (size_t)st.st_size;
177 		if ((buf = malloc(size)) == NULL)
178 			goto err;
179 		n = read(fd, buf, size);
180 		if (n < 0 || (size_t)n != size)
181 			goto err;
182 		close(fd);
183 		goto done;
184 	}
185 
186 	/* Or read the (possibly) encrypted key from file */
187 	if ((fp = fdopen(fd, "r")) == NULL)
188 		goto err;
189 	fd = -1;
190 
191 	key = PEM_read_PrivateKey(fp, NULL, tls_password_cb, password);
192 	fclose(fp);
193 	if (key == NULL)
194 		goto err;
195 
196 	/* Write unencrypted key to memory buffer */
197 	if ((bio = BIO_new(BIO_s_mem())) == NULL)
198 		goto err;
199 	if (!PEM_write_bio_PrivateKey(bio, key, NULL, NULL, 0, NULL, NULL))
200 		goto err;
201 	if ((size = BIO_get_mem_data(bio, &data)) <= 0)
202 		goto err;
203 	if ((buf = malloc(size)) == NULL)
204 		goto err;
205 	memcpy(buf, data, size);
206 
207 	BIO_free_all(bio);
208 	EVP_PKEY_free(key);
209 
210  done:
211 	*len = size;
212 	return (buf);
213 
214  err:
215 	if (fd != -1)
216 		close(fd);
217 	freezero(buf, size);
218 	BIO_free_all(bio);
219 	EVP_PKEY_free(key);
220 
221 	return (NULL);
222 }
223 
224 void
225 tls_unload_file(uint8_t *buf, size_t len)
226 {
227 	freezero(buf, len);
228 }