xref: /dragonfly/crypto/libressl/tls/tls_util.c (revision 961e30ea7dc61d1112b778ea4981eac68129fb86)
1 /* $OpenBSD: tls_util.c,v 1.15 2021/08/16 13:54:38 tb Exp $ */
2 /*
3  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4  * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
5  * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
6  *
7  * Permission to use, copy, modify, and distribute this software for any
8  * purpose with or without fee is hereby granted, provided that the above
9  * copyright notice and this permission notice appear in all copies.
10  *
11  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18  */
19 
20 #include <sys/stat.h>
21 
22 #include <stdlib.h>
23 #include <unistd.h>
24 #include <fcntl.h>
25 
26 #include "tls.h"
27 #include "tls_internal.h"
28 
29 static void *
memdup(const void * in,size_t len)30 memdup(const void *in, size_t len)
31 {
32           void *out;
33 
34           if ((out = malloc(len)) == NULL)
35                     return NULL;
36           memcpy(out, in, len);
37           return out;
38 }
39 
40 int
tls_set_mem(char ** dest,size_t * destlen,const void * src,size_t srclen)41 tls_set_mem(char **dest, size_t *destlen, const void *src, size_t srclen)
42 {
43           free(*dest);
44           *dest = NULL;
45           *destlen = 0;
46           if (src != NULL) {
47                     if ((*dest = memdup(src, srclen)) == NULL)
48                               return -1;
49                     *destlen = srclen;
50           }
51           return 0;
52 }
53 
54 int
tls_set_string(const char ** dest,const char * src)55 tls_set_string(const char **dest, const char *src)
56 {
57           free((char *)*dest);
58           *dest = NULL;
59           if (src != NULL)
60                     if ((*dest = strdup(src)) == NULL)
61                               return -1;
62           return 0;
63 }
64 
65 /*
66  * Extract the host and port from a colon separated value. For a literal IPv6
67  * address the address must be contained with square braces. If a host and
68  * port are successfully extracted, the function will return 0 and the
69  * caller is responsible for freeing the host and port. If no port is found
70  * then the function will return 1, with both host and port being NULL.
71  * On memory allocation failure -1 will be returned.
72  */
73 int
tls_host_port(const char * hostport,char ** host,char ** port)74 tls_host_port(const char *hostport, char **host, char **port)
75 {
76           char *h, *p, *s;
77           int rv = 1;
78 
79           *host = NULL;
80           *port = NULL;
81 
82           if ((s = strdup(hostport)) == NULL)
83                     goto err;
84 
85           h = p = s;
86 
87           /* See if this is an IPv6 literal with square braces. */
88           if (p[0] == '[') {
89                     h++;
90                     if ((p = strchr(s, ']')) == NULL)
91                               goto done;
92                     *p++ = '\0';
93           }
94 
95           /* Find the port separator. */
96           if ((p = strchr(p, ':')) == NULL)
97                     goto done;
98 
99           /* If there is another separator then we have issues. */
100           if (strchr(p + 1, ':') != NULL)
101                     goto done;
102 
103           *p++ = '\0';
104 
105           if (asprintf(host, "%s", h) == -1) {
106                     *host = NULL;
107                     goto err;
108           }
109           if (asprintf(port, "%s", p) == -1) {
110                     *port = NULL;
111                     goto err;
112           }
113 
114           rv = 0;
115           goto done;
116 
117  err:
118           free(*host);
119           *host = NULL;
120           free(*port);
121           *port = NULL;
122           rv = -1;
123 
124  done:
125           free(s);
126 
127           return (rv);
128 }
129 
130 int
tls_password_cb(char * buf,int size,int rwflag,void * u)131 tls_password_cb(char *buf, int size, int rwflag, void *u)
132 {
133           size_t len;
134 
135           if (size < 0)
136                     return (0);
137 
138           if (u == NULL) {
139                     memset(buf, 0, size);
140                     return (0);
141           }
142 
143           if ((len = strlcpy(buf, u, size)) >= (size_t)size)
144                     return (0);
145 
146           return (len);
147 }
148 
149 uint8_t *
tls_load_file(const char * name,size_t * len,char * password)150 tls_load_file(const char *name, size_t *len, char *password)
151 {
152           FILE *fp;
153           EVP_PKEY *key = NULL;
154           BIO *bio = NULL;
155           char *data;
156           uint8_t *buf = NULL;
157           struct stat st;
158           size_t size = 0;
159           int fd = -1;
160           ssize_t n;
161 
162           *len = 0;
163 
164           if ((fd = open(name, O_RDONLY)) == -1)
165                     return (NULL);
166 
167           /* Just load the file into memory without decryption */
168           if (password == NULL) {
169                     if (fstat(fd, &st) != 0)
170                               goto err;
171                     if (st.st_size < 0)
172                               goto err;
173                     size = (size_t)st.st_size;
174                     if ((buf = malloc(size)) == NULL)
175                               goto err;
176                     n = read(fd, buf, size);
177                     if (n < 0 || (size_t)n != size)
178                               goto err;
179                     close(fd);
180                     goto done;
181           }
182 
183           /* Or read the (possibly) encrypted key from file */
184           if ((fp = fdopen(fd, "r")) == NULL)
185                     goto err;
186           fd = -1;
187 
188           key = PEM_read_PrivateKey(fp, NULL, tls_password_cb, password);
189           fclose(fp);
190           if (key == NULL)
191                     goto err;
192 
193           /* Write unencrypted key to memory buffer */
194           if ((bio = BIO_new(BIO_s_mem())) == NULL)
195                     goto err;
196           if (!PEM_write_bio_PrivateKey(bio, key, NULL, NULL, 0, NULL, NULL))
197                     goto err;
198           if ((size = BIO_get_mem_data(bio, &data)) <= 0)
199                     goto err;
200           if ((buf = malloc(size)) == NULL)
201                     goto err;
202           memcpy(buf, data, size);
203 
204           BIO_free_all(bio);
205           EVP_PKEY_free(key);
206 
207  done:
208           *len = size;
209           return (buf);
210 
211  err:
212           if (fd != -1)
213                     close(fd);
214           freezero(buf, size);
215           BIO_free_all(bio);
216           EVP_PKEY_free(key);
217 
218           return (NULL);
219 }
220 
221 void
tls_unload_file(uint8_t * buf,size_t len)222 tls_unload_file(uint8_t *buf, size_t len)
223 {
224           freezero(buf, len);
225 }
226