xref: /openbsd/lib/libtls/tls_util.c (revision 73471bf0) 
1 /* $OpenBSD: tls_util.c,v 1.15 2021/08/16 13:54:38 tb Exp $ */
2 /*
3  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4  * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
5  * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
6  *
7  * Permission to use, copy, modify, and distribute this software for any
8  * purpose with or without fee is hereby granted, provided that the above
9  * copyright notice and this permission notice appear in all copies.
10  *
11  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18  */
19 
20 #include <sys/stat.h>
21 
22 #include <stdlib.h>
23 #include <unistd.h>
24 #include <fcntl.h>
25 
26 #include "tls.h"
27 #include "tls_internal.h"
28 
29 static void *
30 memdup(const void *in, size_t len)
31 {
32 	void *out;
33 
34 	if ((out = malloc(len)) == NULL)
35 		return NULL;
36 	memcpy(out, in, len);
37 	return out;
38 }
39 
40 int
41 tls_set_mem(char **dest, size_t *destlen, const void *src, size_t srclen)
42 {
43 	free(*dest);
44 	*dest = NULL;
45 	*destlen = 0;
46 	if (src != NULL) {
47 		if ((*dest = memdup(src, srclen)) == NULL)
48 			return -1;
49 		*destlen = srclen;
50 	}
51 	return 0;
52 }
53 
54 int
55 tls_set_string(const char **dest, const char *src)
56 {
57 	free((char *)*dest);
58 	*dest = NULL;
59 	if (src != NULL)
60 		if ((*dest = strdup(src)) == NULL)
61 			return -1;
62 	return 0;
63 }
64 
65 /*
66  * Extract the host and port from a colon separated value. For a literal IPv6
67  * address the address must be contained with square braces. If a host and
68  * port are successfully extracted, the function will return 0 and the
69  * caller is responsible for freeing the host and port. If no port is found
70  * then the function will return 1, with both host and port being NULL.
71  * On memory allocation failure -1 will be returned.
72  */
73 int
74 tls_host_port(const char *hostport, char **host, char **port)
75 {
76 	char *h, *p, *s;
77 	int rv = 1;
78 
79 	*host = NULL;
80 	*port = NULL;
81 
82 	if ((s = strdup(hostport)) == NULL)
83 		goto err;
84 
85 	h = p = s;
86 
87 	/* See if this is an IPv6 literal with square braces. */
88 	if (p[0] == '[') {
89 		h++;
90 		if ((p = strchr(s, ']')) == NULL)
91 			goto done;
92 		*p++ = '\0';
93 	}
94 
95 	/* Find the port separator. */
96 	if ((p = strchr(p, ':')) == NULL)
97 		goto done;
98 
99 	/* If there is another separator then we have issues. */
100 	if (strchr(p + 1, ':') != NULL)
101 		goto done;
102 
103 	*p++ = '\0';
104 
105 	if (asprintf(host, "%s", h) == -1) {
106 		*host = NULL;
107 		goto err;
108 	}
109 	if (asprintf(port, "%s", p) == -1) {
110 		*port = NULL;
111 		goto err;
112 	}
113 
114 	rv = 0;
115 	goto done;
116 
117  err:
118 	free(*host);
119 	*host = NULL;
120 	free(*port);
121 	*port = NULL;
122 	rv = -1;
123 
124  done:
125 	free(s);
126 
127 	return (rv);
128 }
129 
130 int
131 tls_password_cb(char *buf, int size, int rwflag, void *u)
132 {
133 	size_t len;
134 
135 	if (size < 0)
136 		return (0);
137 
138 	if (u == NULL) {
139 		memset(buf, 0, size);
140 		return (0);
141 	}
142 
143 	if ((len = strlcpy(buf, u, size)) >= (size_t)size)
144 		return (0);
145 
146 	return (len);
147 }
148 
149 uint8_t *
150 tls_load_file(const char *name, size_t *len, char *password)
151 {
152 	FILE *fp;
153 	EVP_PKEY *key = NULL;
154 	BIO *bio = NULL;
155 	char *data;
156 	uint8_t *buf = NULL;
157 	struct stat st;
158 	size_t size = 0;
159 	int fd = -1;
160 	ssize_t n;
161 
162 	*len = 0;
163 
164 	if ((fd = open(name, O_RDONLY)) == -1)
165 		return (NULL);
166 
167 	/* Just load the file into memory without decryption */
168 	if (password == NULL) {
169 		if (fstat(fd, &st) != 0)
170 			goto err;
171 		if (st.st_size < 0)
172 			goto err;
173 		size = (size_t)st.st_size;
174 		if ((buf = malloc(size)) == NULL)
175 			goto err;
176 		n = read(fd, buf, size);
177 		if (n < 0 || (size_t)n != size)
178 			goto err;
179 		close(fd);
180 		goto done;
181 	}
182 
183 	/* Or read the (possibly) encrypted key from file */
184 	if ((fp = fdopen(fd, "r")) == NULL)
185 		goto err;
186 	fd = -1;
187 
188 	key = PEM_read_PrivateKey(fp, NULL, tls_password_cb, password);
189 	fclose(fp);
190 	if (key == NULL)
191 		goto err;
192 
193 	/* Write unencrypted key to memory buffer */
194 	if ((bio = BIO_new(BIO_s_mem())) == NULL)
195 		goto err;
196 	if (!PEM_write_bio_PrivateKey(bio, key, NULL, NULL, 0, NULL, NULL))
197 		goto err;
198 	if ((size = BIO_get_mem_data(bio, &data)) <= 0)
199 		goto err;
200 	if ((buf = malloc(size)) == NULL)
201 		goto err;
202 	memcpy(buf, data, size);
203 
204 	BIO_free_all(bio);
205 	EVP_PKEY_free(key);
206 
207  done:
208 	*len = size;
209 	return (buf);
210 
211  err:
212 	if (fd != -1)
213 		close(fd);
214 	freezero(buf, size);
215 	BIO_free_all(bio);
216 	EVP_PKEY_free(key);
217 
218 	return (NULL);
219 }
220 
221 void
222 tls_unload_file(uint8_t *buf, size_t len)
223 {
224 	freezero(buf, len);
225 }
226