diff options
| author | jsing <> | 2022-02-01 17:13:10 +0000 |
|---|---|---|
| committer | jsing <> | 2022-02-01 17:13:10 +0000 |
| commit | 494d008fc41fd07dcc927e26c8c23d91c2f1564d (patch) | |
| tree | 094581913aa4d49534ea38296879b81b985d64b5 /src/lib/libtls/tls.h | |
| parent | a24e6b334919c85f647d6b7188f92923394678bb (diff) | |
| download | openbsd-494d008fc41fd07dcc927e26c8c23d91c2f1564d.tar.gz openbsd-494d008fc41fd07dcc927e26c8c23d91c2f1564d.tar.bz2 openbsd-494d008fc41fd07dcc927e26c8c23d91c2f1564d.zip | |
Revise signer callback interface.
The current design of tls_sign_cb provides a pointer to a buffer where the
signature needs to be copied, however it fails to provide a length which
could result in buffer overwrites. Furthermore, tls_signer_sign() is
designed such that it allocates and returns ownership to the caller.
Revise tls_sign_cb so that the called function is expected to allocate a
buffer, returning ownership of the buffer (along with its length) to the
caller of the callback. This makes it far easier (and safer) to implement
a tls_sign_cb callback, plus tls_signer_sign can be directly plugged in
(with an appropriate cast).
While here, rename and reorder some arguments - while we will normally
sign a digest, there is no requirement for this to be the case hence use
'input' and 'input_len'. Move padding (an input) before the outputs and
add some additional bounds/return value checks.
This is technically an API/ABI break that would need a libtls major bump,
however since nothing is using the signer interface (outside of regress),
we'll ride the original minor bump.
With input from tb@
ok inoguchi@ tb@
Diffstat (limited to 'src/lib/libtls/tls.h')
| -rw-r--r-- | src/lib/libtls/tls.h | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/src/lib/libtls/tls.h b/src/lib/libtls/tls.h index 22f04f4023..91166bf9a7 100644 --- a/src/lib/libtls/tls.h +++ b/src/lib/libtls/tls.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls.h,v 1.59 2022/01/25 21:51:24 eric Exp $ */ | 1 | /* $OpenBSD: tls.h,v 1.60 2022/02/01 17:13:10 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -79,9 +79,9 @@ typedef ssize_t (*tls_read_cb)(struct tls *_ctx, void *_buf, size_t _buflen, | |||
| 79 | void *_cb_arg); | 79 | void *_cb_arg); |
| 80 | typedef ssize_t (*tls_write_cb)(struct tls *_ctx, const void *_buf, | 80 | typedef ssize_t (*tls_write_cb)(struct tls *_ctx, const void *_buf, |
| 81 | size_t _buflen, void *_cb_arg); | 81 | size_t _buflen, void *_cb_arg); |
| 82 | typedef int (*tls_sign_cb)(void *_cb_arg, const char *_hash, | 82 | typedef int (*tls_sign_cb)(void *_cb_arg, const char *_pubkey_hash, |
| 83 | const uint8_t *_dgst, size_t _dgstlen, uint8_t *_psig, size_t *_psiglen, | 83 | const uint8_t *_input, size_t _input_len, int _padding_type, |
| 84 | int _padding); | 84 | uint8_t **_out_signature, size_t *_out_signature_len); |
| 85 | 85 | ||
| 86 | int tls_init(void); | 86 | int tls_init(void); |
| 87 | 87 | ||
| @@ -224,9 +224,9 @@ int tls_signer_add_keypair_file(struct tls_signer *_signer, | |||
| 224 | const char *_cert_file, const char *_key_file); | 224 | const char *_cert_file, const char *_key_file); |
| 225 | int tls_signer_add_keypair_mem(struct tls_signer *_signer, const uint8_t *_cert, | 225 | int tls_signer_add_keypair_mem(struct tls_signer *_signer, const uint8_t *_cert, |
| 226 | size_t _cert_len, const uint8_t *_key, size_t _key_len); | 226 | size_t _cert_len, const uint8_t *_key, size_t _key_len); |
| 227 | int tls_signer_sign(struct tls_signer *_signer, const char *_hash, | 227 | int tls_signer_sign(struct tls_signer *_signer, const char *_pubkey_hash, |
| 228 | const uint8_t *_dgst, size_t _dgstlen, uint8_t **_psig, size_t *_psiglen, | 228 | const uint8_t *_input, size_t _input_len, int _padding_type, |
| 229 | int _padding); | 229 | uint8_t **_out_signature, size_t *_out_signature_len); |
| 230 | 230 | ||
| 231 | #ifdef __cplusplus | 231 | #ifdef __cplusplus |
| 232 | } | 232 | } |