lib/libtls/tls_util.c

   1 /* $OpenBSD: tls_util.c,v 1.5 2016/11/04 15:59:16 jsing Exp $ */
   2 /*
   3  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
   4  * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
   5  *
   6  * Permission to use, copy, modify, and distribute this software for any
   7  * purpose with or without fee is hereby granted, provided that the above
   8  * copyright notice and this permission notice appear in all copies.
   9  *
  10  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  11  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  12  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  13  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  14  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  15  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  16  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  17  */
  18
  19 #include <sys/stat.h>
  20
  21 #include <stdlib.h>
  22 #include <unistd.h>
  23 #include <fcntl.h>
  24
  25 #include "tls.h"
  26 #include "tls_internal.h"
  27
  28 /*
  29  * Extract the host and port from a colon separated value. For a literal IPv6
  30  * address the address must be contained with square braces. If a host and
  31  * port are successfully extracted, the function will return 0 and the
  32  * caller is responsible for freeing the host and port. If no port is found
  33  * then the function will return 1, with both host and port being NULL.
  34  * On memory allocation failure -1 will be returned.
  35  */
  36 int
  37 tls_host_port(const char *hostport, char **host, char **port)
  38 {
  39         char *h, *p, *s;
  40         int rv = 1;
  41
  42         *host = NULL;
  43         *port = NULL;
  44
  45         if ((s = strdup(hostport)) == NULL)
  46                 goto fail;
  47
  48         h = p = s;
  49
  50         /* See if this is an IPv6 literal with square braces. */
  51         if (p[0] == '[') {
  52                 h++;
  53                 if ((p = strchr(s, ']')) == NULL)
  54                         goto done;
  55                 *p++ = '\0';
  56         }
  57
  58         /* Find the port seperator. */
  59         if ((p = strchr(p, ':')) == NULL)
  60                 goto done;
  61
  62         /* If there is another separator then we have issues. */
  63         if (strchr(p + 1, ':') != NULL)
  64                 goto done;
  65
  66         *p++ = '\0';
  67
  68         if (asprintf(host, "%s", h) == -1)
  69                 goto fail;
  70         if (asprintf(port, "%s", p) == -1)
  71                 goto fail;
  72
  73         rv = 0;
  74         goto done;
  75
  76  fail:
  77         free(*host);
  78         *host = NULL;
  79         free(*port);
  80         *port = NULL;
  81         rv = -1;
  82
  83  done:
  84         free(s);
  85
  86         return (rv);
  87 }
  88
  89 static int
  90 tls_password_cb(char *buf, int size, int rwflag, void *u)
  91 {
  92         size_t len;
  93
  94         if (size < 0)
  95                 return (0);
  96
  97         if (u == NULL) {
  98                 memset(buf, 0, size);
  99                 return (0);
 100         }
 101
 102         if ((len = strlcpy(buf, u, size)) >= (size_t)size)
 103                 return (0);
 104
 105         return (len);
 106 }
 107
 108 uint8_t *
 109 tls_load_file(const char *name, size_t *len, char *password)
 110 {
 111         FILE *fp;
 112         EVP_PKEY *key = NULL;
 113         BIO *bio = NULL;
 114         char *data;
 115         uint8_t *buf = NULL;
 116         struct stat st;
 117         size_t size;
 118         int fd = -1;
 119         ssize_t n;
 120
 121         *len = 0;
 122
 123         if ((fd = open(name, O_RDONLY)) == -1)
 124                 return (NULL);
 125
 126         /* Just load the file into memory without decryption */
 127         if (password == NULL) {
 128                 if (fstat(fd, &st) != 0)
 129                         goto fail;
 130                 if (st.st_size < 0)
 131                         goto fail;
 132                 size = (size_t)st.st_size;
 133                 if ((buf = malloc(size)) == NULL)
 134                         goto fail;
 135                 n = read(fd, buf, size);
 136                 if (n < 0 || (size_t)n != size)
 137                         goto fail;
 138                 close(fd);
 139                 goto done;
 140         }
 141
 142         /* Or read the (possibly) encrypted key from file */
 143         if ((fp = fdopen(fd, "r")) == NULL)
 144                 goto fail;
 145         fd = -1;
 146
 147         key = PEM_read_PrivateKey(fp, NULL, tls_password_cb, password);
 148         fclose(fp);
 149         if (key == NULL)
 150                 goto fail;
 151
 152         /* Write unencrypted key to memory buffer */
 153         if ((bio = BIO_new(BIO_s_mem())) == NULL)
 154                 goto fail;
 155         if (!PEM_write_bio_PrivateKey(bio, key, NULL, NULL, 0, NULL, NULL))
 156                 goto fail;
 157         if ((size = BIO_get_mem_data(bio, &data)) <= 0)
 158                 goto fail;
 159         if ((buf = calloc(1, size)) == NULL)
 160                 goto fail;
 161         memcpy(buf, data, size);
 162
 163         BIO_free_all(bio);
 164         EVP_PKEY_free(key);
 165
 166  done:
 167         *len = size;
 168         return (buf);
 169
 170  fail:
 171         free(buf);
 172         if (fd != -1)
 173                 close(fd);
 174         if (bio != NULL)
 175                 BIO_free_all(bio);
 176         if (key != NULL)
 177                 EVP_PKEY_free(key);
 178
 179         return (NULL);
 180 }