1 /* $OpenBSD: ca.c,v 1.38 2021/03/05 12:37:32 eric Exp $ */ 2 3 /* 4 * Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org> 5 * Copyright (c) 2012 Gilles Chehade <gilles@poolp.org> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/types.h> 21 #include <sys/queue.h> 22 #include <sys/socket.h> 23 #include <sys/tree.h> 24 25 #include <err.h> 26 #include <imsg.h> 27 #include <limits.h> 28 #include <pwd.h> 29 #include <signal.h> 30 #include <stdlib.h> 31 #include <string.h> 32 #include <unistd.h> 33 34 #include <openssl/ssl.h> 35 #include <openssl/pem.h> 36 #include <openssl/evp.h> 37 #include <openssl/ecdsa.h> 38 #include <openssl/rsa.h> 39 #include <openssl/engine.h> 40 #include <openssl/err.h> 41 42 #include "smtpd.h" 43 #include "log.h" 44 #include "ssl.h" 45 46 static int ca_verify_cb(int, X509_STORE_CTX *); 47 48 static int rsae_send_imsg(int, const unsigned char *, unsigned char *, 49 RSA *, int, unsigned int); 50 static int rsae_pub_enc(int, const unsigned char *, unsigned char *, 51 RSA *, int); 52 static int rsae_pub_dec(int,const unsigned char *, unsigned char *, 53 RSA *, int); 54 static int rsae_priv_enc(int, const unsigned char *, unsigned char *, 55 RSA *, int); 56 static int rsae_priv_dec(int, const unsigned char *, unsigned char *, 57 RSA *, int); 58 static int rsae_mod_exp(BIGNUM *, const BIGNUM *, RSA *, BN_CTX *); 59 static int rsae_bn_mod_exp(BIGNUM *, const BIGNUM *, const BIGNUM *, 60 const BIGNUM *, BN_CTX *, BN_MONT_CTX *); 61 static int rsae_init(RSA *); 62 static int rsae_finish(RSA *); 63 static int rsae_keygen(RSA *, int, BIGNUM *, BN_GENCB *); 64 65 static ECDSA_SIG *ecdsae_do_sign(const unsigned char *, int, const BIGNUM *, 66 const BIGNUM *, EC_KEY *); 67 static int ecdsae_sign_setup(EC_KEY *, BN_CTX *, BIGNUM **, BIGNUM **); 68 static int ecdsae_do_verify(const unsigned char *, int, const ECDSA_SIG *, 69 EC_KEY *); 70 71 72 static struct dict pkeys; 73 static uint64_t reqid = 0; 74 75 static void 76 ca_shutdown(void) 77 { 78 log_debug("debug: ca agent exiting"); 79 _exit(0); 80 } 81 82 int 83 ca(void) 84 { 85 struct passwd *pw; 86 87 purge_config(PURGE_LISTENERS|PURGE_TABLES|PURGE_RULES|PURGE_DISPATCHERS); 88 89 if ((pw = getpwnam(SMTPD_USER)) == NULL) 90 fatalx("unknown user " SMTPD_USER); 91 92 if (chroot(PATH_CHROOT) == -1) 93 fatal("ca: chroot"); 94 if (chdir("/") == -1) 95 fatal("ca: chdir(\"/\")"); 96 97 config_process(PROC_CA); 98 99 if (setgroups(1, &pw->pw_gid) || 100 setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || 101 setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) 102 fatal("ca: cannot drop privileges"); 103 104 imsg_callback = ca_imsg; 105 event_init(); 106 107 signal(SIGINT, SIG_IGN); 108 signal(SIGTERM, SIG_IGN); 109 signal(SIGPIPE, SIG_IGN); 110 signal(SIGHUP, SIG_IGN); 111 112 config_peer(PROC_CONTROL); 113 config_peer(PROC_PARENT); 114 config_peer(PROC_DISPATCHER); 115 116 /* Ignore them until we get our config */ 117 mproc_disable(p_dispatcher); 118 119 if (pledge("stdio", NULL) == -1) 120 err(1, "pledge"); 121 122 event_dispatch(); 123 fatalx("exited event loop"); 124 125 return (0); 126 } 127 128 void 129 ca_init(void) 130 { 131 BIO *in = NULL; 132 EVP_PKEY *pkey = NULL; 133 struct pki *pki; 134 const char *k; 135 void *iter_dict; 136 char *hash; 137 138 log_debug("debug: init private ssl-tree"); 139 dict_init(&pkeys); 140 iter_dict = NULL; 141 while (dict_iter(env->sc_pki_dict, &iter_dict, &k, (void **)&pki)) { 142 if (pki->pki_key == NULL) 143 continue; 144 145 in = BIO_new_mem_buf(pki->pki_key, pki->pki_key_len); 146 if (in == NULL) 147 fatalx("ca_init: key"); 148 pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL); 149 if (pkey == NULL) 150 fatalx("ca_init: PEM"); 151 BIO_free(in); 152 153 hash = ssl_pubkey_hash(pki->pki_cert, pki->pki_cert_len); 154 if (dict_check(&pkeys, hash)) 155 EVP_PKEY_free(pkey); 156 else 157 dict_xset(&pkeys, hash, pkey); 158 free(hash); 159 } 160 } 161 162 static int 163 ca_verify_cb(int ok, X509_STORE_CTX *ctx) 164 { 165 switch (X509_STORE_CTX_get_error(ctx)) { 166 case X509_V_OK: 167 break; 168 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 169 break; 170 case X509_V_ERR_CERT_NOT_YET_VALID: 171 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: 172 break; 173 case X509_V_ERR_CERT_HAS_EXPIRED: 174 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: 175 break; 176 case X509_V_ERR_NO_EXPLICIT_POLICY: 177 break; 178 } 179 return ok; 180 } 181 182 int 183 ca_X509_verify(void *certificate, void *chain, const char *CAfile, 184 const char *CRLfile, const char **errstr) 185 { 186 X509_STORE *store = NULL; 187 X509_STORE_CTX *xsc = NULL; 188 int ret = 0; 189 long error = 0; 190 191 if ((store = X509_STORE_new()) == NULL) 192 goto end; 193 194 if (!X509_STORE_load_locations(store, CAfile, NULL)) { 195 log_warn("warn: unable to load CA file %s", CAfile); 196 goto end; 197 } 198 X509_STORE_set_default_paths(store); 199 200 if ((xsc = X509_STORE_CTX_new()) == NULL) 201 goto end; 202 203 if (X509_STORE_CTX_init(xsc, store, certificate, chain) != 1) 204 goto end; 205 206 X509_STORE_CTX_set_verify_cb(xsc, ca_verify_cb); 207 208 ret = X509_verify_cert(xsc); 209 210 end: 211 *errstr = NULL; 212 if (ret != 1) { 213 if (xsc) { 214 error = X509_STORE_CTX_get_error(xsc); 215 *errstr = X509_verify_cert_error_string(error); 216 } 217 else if (ERR_peek_last_error()) 218 *errstr = ERR_error_string(ERR_peek_last_error(), NULL); 219 } 220 221 X509_STORE_CTX_free(xsc); 222 X509_STORE_free(store); 223 224 return ret > 0 ? 1 : 0; 225 } 226 227 void 228 ca_imsg(struct mproc *p, struct imsg *imsg) 229 { 230 EVP_PKEY *pkey; 231 RSA *rsa = NULL; 232 EC_KEY *ecdsa = NULL; 233 const void *from = NULL; 234 unsigned char *to = NULL; 235 struct msg m; 236 const char *hash; 237 size_t flen, tlen, padding; 238 int buf_len; 239 int ret = 0; 240 uint64_t id; 241 int v; 242 243 if (imsg == NULL) 244 ca_shutdown(); 245 246 switch (imsg->hdr.type) { 247 case IMSG_CONF_START: 248 return; 249 case IMSG_CONF_END: 250 ca_init(); 251 252 /* Start fulfilling requests */ 253 mproc_enable(p_dispatcher); 254 return; 255 256 case IMSG_CTL_VERBOSE: 257 m_msg(&m, imsg); 258 m_get_int(&m, &v); 259 m_end(&m); 260 log_trace_verbose(v); 261 return; 262 263 case IMSG_CTL_PROFILE: 264 m_msg(&m, imsg); 265 m_get_int(&m, &v); 266 m_end(&m); 267 profiling = v; 268 return; 269 270 case IMSG_CA_RSA_PRIVENC: 271 case IMSG_CA_RSA_PRIVDEC: 272 m_msg(&m, imsg); 273 m_get_id(&m, &id); 274 m_get_string(&m, &hash); 275 m_get_data(&m, &from, &flen); 276 m_get_size(&m, &tlen); 277 m_get_size(&m, &padding); 278 m_end(&m); 279 280 pkey = dict_get(&pkeys, hash); 281 if (pkey == NULL || (rsa = EVP_PKEY_get1_RSA(pkey)) == NULL) 282 fatalx("ca_imsg: invalid pkey hash"); 283 284 if ((to = calloc(1, tlen)) == NULL) 285 fatalx("ca_imsg: calloc"); 286 287 switch (imsg->hdr.type) { 288 case IMSG_CA_RSA_PRIVENC: 289 ret = RSA_private_encrypt(flen, from, to, rsa, 290 padding); 291 break; 292 case IMSG_CA_RSA_PRIVDEC: 293 ret = RSA_private_decrypt(flen, from, to, rsa, 294 padding); 295 break; 296 } 297 298 m_create(p, imsg->hdr.type, 0, 0, -1); 299 m_add_id(p, id); 300 m_add_int(p, ret); 301 if (ret > 0) 302 m_add_data(p, to, (size_t)ret); 303 m_close(p); 304 305 free(to); 306 RSA_free(rsa); 307 return; 308 309 case IMSG_CA_ECDSA_SIGN: 310 m_msg(&m, imsg); 311 m_get_id(&m, &id); 312 m_get_string(&m, &hash); 313 m_get_data(&m, &from, &flen); 314 m_end(&m); 315 316 pkey = dict_get(&pkeys, hash); 317 if (pkey == NULL || 318 (ecdsa = EVP_PKEY_get1_EC_KEY(pkey)) == NULL) 319 fatalx("ca_imsg: invalid pkey hash"); 320 321 buf_len = ECDSA_size(ecdsa); 322 if ((to = calloc(1, buf_len)) == NULL) 323 fatalx("ca_imsg: calloc"); 324 ret = ECDSA_sign(0, from, flen, to, &buf_len, ecdsa); 325 m_create(p, imsg->hdr.type, 0, 0, -1); 326 m_add_id(p, id); 327 m_add_int(p, ret); 328 if (ret > 0) 329 m_add_data(p, to, (size_t)buf_len); 330 m_close(p); 331 free(to); 332 EC_KEY_free(ecdsa); 333 return; 334 } 335 336 errx(1, "ca_imsg: unexpected %s imsg", imsg_to_str(imsg->hdr.type)); 337 } 338 339 /* 340 * RSA privsep engine (called from unprivileged processes) 341 */ 342 343 const RSA_METHOD *rsa_default = NULL; 344 345 static RSA_METHOD *rsae_method = NULL; 346 347 static int 348 rsae_send_imsg(int flen, const unsigned char *from, unsigned char *to, 349 RSA *rsa, int padding, unsigned int cmd) 350 { 351 int ret = 0; 352 struct imsgbuf *ibuf; 353 struct imsg imsg; 354 int n, done = 0; 355 const void *toptr; 356 char *hash; 357 size_t tlen; 358 struct msg m; 359 uint64_t id; 360 361 if ((hash = RSA_get_ex_data(rsa, 0)) == NULL) 362 return (0); 363 364 /* 365 * Send a synchronous imsg because we cannot defer the RSA 366 * operation in OpenSSL's engine layer. 367 */ 368 m_create(p_ca, cmd, 0, 0, -1); 369 reqid++; 370 m_add_id(p_ca, reqid); 371 m_add_string(p_ca, hash); 372 m_add_data(p_ca, (const void *)from, (size_t)flen); 373 m_add_size(p_ca, (size_t)RSA_size(rsa)); 374 m_add_size(p_ca, (size_t)padding); 375 m_flush(p_ca); 376 377 ibuf = &p_ca->imsgbuf; 378 379 while (!done) { 380 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN) 381 fatalx("imsg_read"); 382 if (n == 0) 383 fatalx("pipe closed"); 384 385 while (!done) { 386 if ((n = imsg_get(ibuf, &imsg)) == -1) 387 fatalx("imsg_get error"); 388 if (n == 0) 389 break; 390 391 log_imsg(PROC_DISPATCHER, PROC_CA, &imsg); 392 393 switch (imsg.hdr.type) { 394 case IMSG_CA_RSA_PRIVENC: 395 case IMSG_CA_RSA_PRIVDEC: 396 break; 397 default: 398 /* Another imsg is queued up in the buffer */ 399 dispatcher_imsg(p_ca, &imsg); 400 imsg_free(&imsg); 401 continue; 402 } 403 404 m_msg(&m, &imsg); 405 m_get_id(&m, &id); 406 if (id != reqid) 407 fatalx("invalid response id"); 408 m_get_int(&m, &ret); 409 if (ret > 0) 410 m_get_data(&m, &toptr, &tlen); 411 m_end(&m); 412 413 if (ret > 0) 414 memcpy(to, toptr, tlen); 415 done = 1; 416 417 imsg_free(&imsg); 418 } 419 } 420 mproc_event_add(p_ca); 421 422 return (ret); 423 } 424 425 static int 426 rsae_pub_enc(int flen,const unsigned char *from, unsigned char *to, RSA *rsa, 427 int padding) 428 { 429 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 430 return (RSA_meth_get_pub_enc(rsa_default)(flen, from, to, rsa, padding)); 431 } 432 433 static int 434 rsae_pub_dec(int flen,const unsigned char *from, unsigned char *to, RSA *rsa, 435 int padding) 436 { 437 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 438 return (RSA_meth_get_pub_dec(rsa_default)(flen, from, to, rsa, padding)); 439 } 440 441 static int 442 rsae_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, 443 int padding) 444 { 445 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 446 if (RSA_get_ex_data(rsa, 0) != NULL) 447 return (rsae_send_imsg(flen, from, to, rsa, padding, 448 IMSG_CA_RSA_PRIVENC)); 449 return (RSA_meth_get_priv_enc(rsa_default)(flen, from, to, rsa, padding)); 450 } 451 452 static int 453 rsae_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, 454 int padding) 455 { 456 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 457 if (RSA_get_ex_data(rsa, 0) != NULL) 458 return (rsae_send_imsg(flen, from, to, rsa, padding, 459 IMSG_CA_RSA_PRIVDEC)); 460 461 return (RSA_meth_get_priv_dec(rsa_default)(flen, from, to, rsa, padding)); 462 } 463 464 static int 465 rsae_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) 466 { 467 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 468 return (RSA_meth_get_mod_exp(rsa_default)(r0, I, rsa, ctx)); 469 } 470 471 static int 472 rsae_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 473 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) 474 { 475 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 476 return (RSA_meth_get_bn_mod_exp(rsa_default)(r, a, p, m, ctx, m_ctx)); 477 } 478 479 static int 480 rsae_init(RSA *rsa) 481 { 482 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 483 if (RSA_meth_get_init(rsa_default) == NULL) 484 return (1); 485 return (RSA_meth_get_init(rsa_default)(rsa)); 486 } 487 488 static int 489 rsae_finish(RSA *rsa) 490 { 491 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 492 if (RSA_meth_get_finish(rsa_default) == NULL) 493 return (1); 494 return (RSA_meth_get_finish(rsa_default)(rsa)); 495 } 496 497 static int 498 rsae_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) 499 { 500 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 501 return (RSA_meth_get_keygen(rsa_default)(rsa, bits, e, cb)); 502 } 503 504 505 /* 506 * ECDSA privsep engine (called from unprivileged processes) 507 */ 508 509 const ECDSA_METHOD *ecdsa_default = NULL; 510 511 static ECDSA_METHOD *ecdsae_method = NULL; 512 513 ECDSA_METHOD * 514 ECDSA_METHOD_new_temporary(const char *name, int); 515 516 ECDSA_METHOD * 517 ECDSA_METHOD_new_temporary(const char *name, int flags) 518 { 519 ECDSA_METHOD *ecdsa; 520 521 if ((ecdsa = calloc(1, sizeof (*ecdsa))) == NULL) 522 return NULL; 523 524 if ((ecdsa->name = strdup(name)) == NULL) { 525 free(ecdsa); 526 return NULL; 527 } 528 529 ecdsa->flags = flags; 530 return ecdsa; 531 } 532 533 static ECDSA_SIG * 534 ecdsae_send_enc_imsg(const unsigned char *dgst, int dgst_len, 535 const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey) 536 { 537 int ret = 0; 538 struct imsgbuf *ibuf; 539 struct imsg imsg; 540 int n, done = 0; 541 const void *toptr; 542 char *hash; 543 size_t tlen; 544 struct msg m; 545 uint64_t id; 546 ECDSA_SIG *sig = NULL; 547 548 if ((hash = ECDSA_get_ex_data(eckey, 0)) == NULL) 549 return (0); 550 551 /* 552 * Send a synchronous imsg because we cannot defer the ECDSA 553 * operation in OpenSSL's engine layer. 554 */ 555 m_create(p_ca, IMSG_CA_ECDSA_SIGN, 0, 0, -1); 556 reqid++; 557 m_add_id(p_ca, reqid); 558 m_add_string(p_ca, hash); 559 m_add_data(p_ca, (const void *)dgst, (size_t)dgst_len); 560 m_flush(p_ca); 561 562 ibuf = &p_ca->imsgbuf; 563 564 while (!done) { 565 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN) 566 fatalx("imsg_read"); 567 if (n == 0) 568 fatalx("pipe closed"); 569 while (!done) { 570 if ((n = imsg_get(ibuf, &imsg)) == -1) 571 fatalx("imsg_get error"); 572 if (n == 0) 573 break; 574 575 log_imsg(PROC_DISPATCHER, PROC_CA, &imsg); 576 577 switch (imsg.hdr.type) { 578 case IMSG_CA_ECDSA_SIGN: 579 break; 580 default: 581 /* Another imsg is queued up in the buffer */ 582 dispatcher_imsg(p_ca, &imsg); 583 imsg_free(&imsg); 584 continue; 585 } 586 587 m_msg(&m, &imsg); 588 m_get_id(&m, &id); 589 if (id != reqid) 590 fatalx("invalid response id"); 591 m_get_int(&m, &ret); 592 if (ret > 0) 593 m_get_data(&m, &toptr, &tlen); 594 m_end(&m); 595 done = 1; 596 597 if (ret > 0) 598 d2i_ECDSA_SIG(&sig, (const unsigned char **)&toptr, tlen); 599 imsg_free(&imsg); 600 } 601 } 602 mproc_event_add(p_ca); 603 604 return (sig); 605 } 606 607 ECDSA_SIG * 608 ecdsae_do_sign(const unsigned char *dgst, int dgst_len, 609 const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey) 610 { 611 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 612 if (ECDSA_get_ex_data(eckey, 0) != NULL) 613 return (ecdsae_send_enc_imsg(dgst, dgst_len, inv, rp, eckey)); 614 return (ecdsa_default->ecdsa_do_sign(dgst, dgst_len, inv, rp, eckey)); 615 } 616 617 int 618 ecdsae_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, 619 BIGNUM **r) 620 { 621 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 622 return (ecdsa_default->ecdsa_sign_setup(eckey, ctx, kinv, r)); 623 } 624 625 int 626 ecdsae_do_verify(const unsigned char *dgst, int dgst_len, 627 const ECDSA_SIG *sig, EC_KEY *eckey) 628 { 629 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 630 return (ecdsa_default->ecdsa_do_verify(dgst, dgst_len, sig, eckey)); 631 } 632 633 634 static void 635 rsa_engine_init(void) 636 { 637 ENGINE *e; 638 const char *errstr, *name; 639 640 if ((rsae_method = RSA_meth_new("RSA privsep engine", 0)) == NULL) { 641 errstr = "RSA_meth_new"; 642 goto fail; 643 } 644 645 RSA_meth_set_pub_enc(rsae_method, rsae_pub_enc); 646 RSA_meth_set_pub_dec(rsae_method, rsae_pub_dec); 647 RSA_meth_set_priv_enc(rsae_method, rsae_priv_enc); 648 RSA_meth_set_priv_dec(rsae_method, rsae_priv_dec); 649 RSA_meth_set_mod_exp(rsae_method, rsae_mod_exp); 650 RSA_meth_set_bn_mod_exp(rsae_method, rsae_bn_mod_exp); 651 RSA_meth_set_init(rsae_method, rsae_init); 652 RSA_meth_set_finish(rsae_method, rsae_finish); 653 RSA_meth_set_keygen(rsae_method, rsae_keygen); 654 655 if ((e = ENGINE_get_default_RSA()) == NULL) { 656 if ((e = ENGINE_new()) == NULL) { 657 errstr = "ENGINE_new"; 658 goto fail; 659 } 660 if (!ENGINE_set_name(e, RSA_meth_get0_name(rsae_method))) { 661 errstr = "ENGINE_set_name"; 662 goto fail; 663 } 664 if ((rsa_default = RSA_get_default_method()) == NULL) { 665 errstr = "RSA_get_default_method"; 666 goto fail; 667 } 668 } else if ((rsa_default = ENGINE_get_RSA(e)) == NULL) { 669 errstr = "ENGINE_get_RSA"; 670 goto fail; 671 } 672 673 if ((name = ENGINE_get_name(e)) == NULL) 674 name = "unknown RSA engine"; 675 676 log_debug("debug: %s: using %s", __func__, name); 677 678 if (RSA_meth_get_mod_exp(rsa_default) == NULL) 679 RSA_meth_set_mod_exp(rsae_method, NULL); 680 if (RSA_meth_get_bn_mod_exp(rsa_default) == NULL) 681 RSA_meth_set_bn_mod_exp(rsae_method, NULL); 682 if (RSA_meth_get_keygen(rsa_default) == NULL) 683 RSA_meth_set_keygen(rsae_method, NULL); 684 RSA_meth_set_flags(rsae_method, 685 RSA_meth_get_flags(rsa_default) | RSA_METHOD_FLAG_NO_CHECK); 686 RSA_meth_set0_app_data(rsae_method, 687 RSA_meth_get0_app_data(rsa_default)); 688 689 if (!ENGINE_set_RSA(e, rsae_method)) { 690 errstr = "ENGINE_set_RSA"; 691 goto fail; 692 } 693 if (!ENGINE_set_default_RSA(e)) { 694 errstr = "ENGINE_set_default_RSA"; 695 goto fail; 696 } 697 698 return; 699 700 fail: 701 ssl_error(errstr); 702 fatalx("%s", errstr); 703 } 704 705 static void 706 ecdsa_engine_init(void) 707 { 708 ENGINE *e; 709 const char *errstr, *name; 710 711 if ((ecdsae_method = ECDSA_METHOD_new_temporary("ECDSA privsep engine", 0)) == NULL) { 712 errstr = "ECDSA_METHOD_new_temporary"; 713 goto fail; 714 } 715 716 ecdsae_method->ecdsa_do_sign = ecdsae_do_sign; 717 ecdsae_method->ecdsa_sign_setup = ecdsae_sign_setup; 718 ecdsae_method->ecdsa_do_verify = ecdsae_do_verify; 719 720 if ((e = ENGINE_get_default_ECDSA()) == NULL) { 721 if ((e = ENGINE_new()) == NULL) { 722 errstr = "ENGINE_new"; 723 goto fail; 724 } 725 if (!ENGINE_set_name(e, ecdsae_method->name)) { 726 errstr = "ENGINE_set_name"; 727 goto fail; 728 } 729 if ((ecdsa_default = ECDSA_get_default_method()) == NULL) { 730 errstr = "ECDSA_get_default_method"; 731 goto fail; 732 } 733 } else if ((ecdsa_default = ENGINE_get_ECDSA(e)) == NULL) { 734 errstr = "ENGINE_get_ECDSA"; 735 goto fail; 736 } 737 738 if ((name = ENGINE_get_name(e)) == NULL) 739 name = "unknown ECDSA engine"; 740 741 log_debug("debug: %s: using %s", __func__, name); 742 743 if (!ENGINE_set_ECDSA(e, ecdsae_method)) { 744 errstr = "ENGINE_set_ECDSA"; 745 goto fail; 746 } 747 if (!ENGINE_set_default_ECDSA(e)) { 748 errstr = "ENGINE_set_default_ECDSA"; 749 goto fail; 750 } 751 752 return; 753 754 fail: 755 ssl_error(errstr); 756 fatalx("%s", errstr); 757 } 758 759 void 760 ca_engine_init(void) 761 { 762 rsa_engine_init(); 763 ecdsa_engine_init(); 764 } 765