1 files changed, 0 insertions, 471 deletions
diff --git a/src/lib/libtls/tls_signer.c b/src/lib/libtls/tls_signer.c
deleted file mode 100644
index 2573803ec1..0000000000
--- a/src/lib/libtls/tls_signer.c
+++ /dev/null
@@ -1,471 +0,0 @@
-/* $OpenBSD: tls_signer.c,v 1.13 2024/06/11 16:35:24 op Exp $ */
-/*
- * Copyright (c) 2021 Eric Faurot <eric@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-#include <limits.h>
-#include <pthread.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/bio.h>
-#include <openssl/ec.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/pem.h>
-#include <openssl/rsa.h>
-#include <openssl/x509.h>
-#include "tls.h"
-#include "tls_internal.h"
-struct tls_signer_key {
-        char *hash;
-        RSA *rsa;
-        EC_KEY *ecdsa;
-        struct tls_signer_key *next;
-};
-struct tls_signer {
-        struct tls_error error;
-        struct tls_signer_key *keys;
-};
-static pthread_mutex_t signer_method_lock = PTHREAD_MUTEX_INITIALIZER;
-struct tls_signer *
-tls_signer_new(void)
-{
-        struct tls_signer *signer;
-        if ((signer = calloc(1, sizeof(*signer))) == NULL)
-                return (NULL);
-        return (signer);
-}
-void
-tls_signer_free(struct tls_signer *signer)
-{
-        struct tls_signer_key *skey;
-        if (signer == NULL)
-                return;
-        tls_error_clear(&signer->error);
-        while (signer->keys) {
-                skey = signer->keys;
-                signer->keys = skey->next;
-                RSA_free(skey->rsa);
-                EC_KEY_free(skey->ecdsa);
-                free(skey->hash);
-                free(skey);
-        }
-        free(signer);
-}
-const char *
-tls_signer_error(struct tls_signer *signer)
-{
-        return (signer->error.msg);
-}
-int
-tls_signer_add_keypair_mem(struct tls_signer *signer, const uint8_t *cert,
-    size_t cert_len, const uint8_t *key, size_t key_len)
-{
-        struct tls_signer_key *skey = NULL;
-        char *errstr = "unknown";
-        int ssl_err;
-        EVP_PKEY *pkey = NULL;
-        X509 *x509 = NULL;
-        BIO *bio = NULL;
-        char *hash = NULL;
-        /* Compute certificate hash */
-        if ((bio = BIO_new_mem_buf(cert, cert_len)) == NULL) {
-                tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
-                    "failed to create certificate bio");
-                goto err;
-        }
-        if ((x509 = PEM_read_bio_X509(bio, NULL, tls_password_cb,
-            NULL)) == NULL) {
-                if ((ssl_err = ERR_peek_error()) != 0)
-                        errstr = ERR_error_string(ssl_err, NULL);
-                tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
-                    "failed to load certificate: %s", errstr);
-                goto err;
-        }
-        if (tls_cert_pubkey_hash(x509, &hash) == -1) {
-                tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
-                    "failed to get certificate hash");
-                goto err;
-        }
-        X509_free(x509);
-        x509 = NULL;
-        BIO_free(bio);
-        bio = NULL;
-        /* Read private key */
-        if ((bio = BIO_new_mem_buf(key, key_len)) == NULL) {
-                tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
-                    "failed to create key bio");
-                goto err;
-        }
-        if ((pkey = PEM_read_bio_PrivateKey(bio, NULL, tls_password_cb,
-            NULL)) == NULL) {
-                tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
-                    "failed to read private key");
-                goto err;
-        }
-        if ((skey = calloc(1, sizeof(*skey))) == NULL) {
-                tls_error_set(&signer->error, TLS_ERROR_OUT_OF_MEMORY,
-                    "out of memory");
-                goto err;
-        }
-        skey->hash = hash;
-        if ((skey->rsa = EVP_PKEY_get1_RSA(pkey)) == NULL &&
-            (skey->ecdsa = EVP_PKEY_get1_EC_KEY(pkey)) == NULL) {
-                tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
-                    "unknown key type");
-                goto err;
-        }
-        skey->next = signer->keys;
-        signer->keys = skey;
-        EVP_PKEY_free(pkey);
-        BIO_free(bio);
-        return (0);
- err:
-        EVP_PKEY_free(pkey);
-        X509_free(x509);
-        BIO_free(bio);
-        free(hash);
-        free(skey);
-        return (-1);
-}
-int
-tls_signer_add_keypair_file(struct tls_signer *signer, const char *cert_file,
-    const char *key_file)
-{
-        char *cert = NULL, *key = NULL;
-        size_t cert_len, key_len;
-        int rv = -1;
-        if (tls_config_load_file(&signer->error, "certificate", cert_file,
-            &cert, &cert_len) == -1)
-                goto err;
-        if (tls_config_load_file(&signer->error, "key", key_file, &key,
-            &key_len) == -1)
-                goto err;
-        rv = tls_signer_add_keypair_mem(signer, cert, cert_len, key, key_len);
- err:
-        free(cert);
-        free(key);
-        return (rv);
-}
-static int
-tls_sign_rsa(struct tls_signer *signer, struct tls_signer_key *skey,
-    const uint8_t *input, size_t input_len, int padding_type,
-    uint8_t **out_signature, size_t *out_signature_len)
-{
-        int rsa_padding, rsa_size, signature_len;
-        char *signature = NULL;
-        *out_signature = NULL;
-        *out_signature_len = 0;
-        if (padding_type == TLS_PADDING_NONE) {
-                rsa_padding = RSA_NO_PADDING;
-        } else if (padding_type == TLS_PADDING_RSA_PKCS1) {
-                rsa_padding = RSA_PKCS1_PADDING;
-        } else {
-                tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
-                    "invalid RSA padding type (%d)", padding_type);
-                return (-1);
-        }
-        if (input_len > INT_MAX) {
-                tls_error_setx(&signer->error, TLS_ERROR_INVALID_ARGUMENT,
-                    "input too large");
-                return (-1);
-        }
-        if ((rsa_size = RSA_size(skey->rsa)) <= 0) {
-                tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
-                    "invalid RSA size: %d", rsa_size);
-                return (-1);
-        }
-        if ((signature = calloc(1, rsa_size)) == NULL) {
-                tls_error_set(&signer->error, TLS_ERROR_OUT_OF_MEMORY,
-                    "out of memory");
-                return (-1);
-        }
-        if ((signature_len = RSA_private_encrypt((int)input_len, input,
-            signature, skey->rsa, rsa_padding)) <= 0) {
-                /* XXX - include further details from libcrypto. */
-                tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
-                    "RSA signing failed");
-                free(signature);
-                return (-1);
-        }
-        *out_signature = signature;
-        *out_signature_len = (size_t)signature_len;
-        return (0);
-}
-static int
-tls_sign_ecdsa(struct tls_signer *signer, struct tls_signer_key *skey,
-    const uint8_t *input, size_t input_len, int padding_type,
-    uint8_t **out_signature, size_t *out_signature_len)
-{
-        unsigned char *signature;
-        int signature_len;
-        *out_signature = NULL;
-        *out_signature_len = 0;
-        if (padding_type != TLS_PADDING_NONE) {
-                tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
-                    "invalid ECDSA padding");
-                return (-1);
-        }
-        if (input_len > INT_MAX) {
-                tls_error_setx(&signer->error, TLS_ERROR_INVALID_ARGUMENT,
-                    "digest too large");
-                return (-1);
-        }
-        if ((signature_len = ECDSA_size(skey->ecdsa)) <= 0) {
-                tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
-                    "invalid ECDSA size: %d", signature_len);
-                return (-1);
-        }
-        if ((signature = calloc(1, signature_len)) == NULL) {
-                tls_error_set(&signer->error, TLS_ERROR_OUT_OF_MEMORY,
-                    "out of memory");
-                return (-1);
-        }
-        if (!ECDSA_sign(0, input, input_len, signature, &signature_len,
-            skey->ecdsa)) {
-                /* XXX - include further details from libcrypto. */
-                tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
-                    "ECDSA signing failed");
-                free(signature);
-                return (-1);
-        }
-        *out_signature = signature;
-        *out_signature_len = signature_len;
-        return (0);
-}
-int
-tls_signer_sign(struct tls_signer *signer, const char *pubkey_hash,
-    const uint8_t *input, size_t input_len, int padding_type,
-    uint8_t **out_signature, size_t *out_signature_len)
-{
-        struct tls_signer_key *skey;
-        *out_signature = NULL;
-        *out_signature_len = 0;
-        for (skey = signer->keys; skey; skey = skey->next)
-                if (!strcmp(pubkey_hash, skey->hash))
-                        break;
-        if (skey == NULL) {
-                tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN, "key not found");
-                return (-1);
-        }
-        if (skey->rsa != NULL)
-                return tls_sign_rsa(signer, skey, input, input_len,
-                    padding_type, out_signature, out_signature_len);
-        if (skey->ecdsa != NULL)
-                return tls_sign_ecdsa(signer, skey, input, input_len,
-                    padding_type, out_signature, out_signature_len);
-        tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN, "unknown key type");
-        return (-1);
-}
-static int
-tls_rsa_priv_enc(int from_len, const unsigned char *from, unsigned char *to,
-    RSA *rsa, int rsa_padding)
-{
-        struct tls_config *config;
-        uint8_t *signature = NULL;
-        size_t signature_len = 0;
-        const char *pubkey_hash;
-        int padding_type;
-        /*
-         * This function is called via RSA_private_encrypt() and has to conform
-         * to its calling convention/signature. The caller is required to
-         * provide a 'to' buffer of at least RSA_size() bytes.
-         */
-        pubkey_hash = RSA_get_ex_data(rsa, 0);
-        config = RSA_get_ex_data(rsa, 1);
-        if (pubkey_hash == NULL || config == NULL)
-                goto err;
-        if (rsa_padding == RSA_NO_PADDING) {
-                padding_type = TLS_PADDING_NONE;
-        } else if (rsa_padding == RSA_PKCS1_PADDING) {
-                padding_type = TLS_PADDING_RSA_PKCS1;
-        } else {
-                goto err;
-        }
-        if (from_len < 0)
-                goto err;
-        if (config->sign_cb(config->sign_cb_arg, pubkey_hash, from, from_len,
-            padding_type, &signature, &signature_len) == -1)
-                goto err;
-        if (signature_len > INT_MAX || (int)signature_len > RSA_size(rsa))
-                goto err;
-        memcpy(to, signature, signature_len);
-        free(signature);
-        return ((int)signature_len);
- err:
-        free(signature);
-        return (-1);
-}
-RSA_METHOD *
-tls_signer_rsa_method(void)
-{
-        static RSA_METHOD *rsa_method = NULL;
-        pthread_mutex_lock(&signer_method_lock);
-        if (rsa_method != NULL)
-                goto out;
-        rsa_method = RSA_meth_new("libtls RSA method", 0);
-        if (rsa_method == NULL)
-                goto out;
-        RSA_meth_set_priv_enc(rsa_method, tls_rsa_priv_enc);
- out:
-        pthread_mutex_unlock(&signer_method_lock);
-        return (rsa_method);
-}
-static ECDSA_SIG *
-tls_ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
-    const BIGNUM *rp, EC_KEY *eckey)
-{
-        struct tls_config *config;
-        ECDSA_SIG *ecdsa_sig = NULL;
-        uint8_t *signature = NULL;
-        size_t signature_len = 0;
-        const unsigned char *p;
-        const char *pubkey_hash;
-        /*
-         * This function is called via ECDSA_do_sign_ex() and has to conform
-         * to its calling convention/signature.
-         */
-        pubkey_hash = EC_KEY_get_ex_data(eckey, 0);
-        config = EC_KEY_get_ex_data(eckey, 1);
-        if (pubkey_hash == NULL || config == NULL)
-                goto err;
-        if (dgst_len < 0)
-                goto err;
-        if (config->sign_cb(config->sign_cb_arg, pubkey_hash, dgst, dgst_len,
-            TLS_PADDING_NONE, &signature, &signature_len) == -1)
-                goto err;
-        p = signature;
-        if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &p, signature_len)) == NULL)
-                goto err;
-        free(signature);
-        return (ecdsa_sig);
- err:
-        free(signature);
-        return (NULL);
-}
-EC_KEY_METHOD *
-tls_signer_ecdsa_method(void)
-{
-        static EC_KEY_METHOD *ecdsa_method = NULL;
-        const EC_KEY_METHOD *default_method;
-        int (*sign)(int type, const unsigned char *dgst, int dlen,
-            unsigned char *sig, unsigned int *siglen,
-            const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey);
-        int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
-            BIGNUM **kinvp, BIGNUM **rp);
-        pthread_mutex_lock(&signer_method_lock);
-        if (ecdsa_method != NULL)
-                goto out;
-        default_method = EC_KEY_get_default_method();
-        ecdsa_method = EC_KEY_METHOD_new(default_method);
-        if (ecdsa_method == NULL)
-                goto out;
-        EC_KEY_METHOD_get_sign(default_method, &sign, &sign_setup, NULL);
-        EC_KEY_METHOD_set_sign(ecdsa_method, sign, sign_setup,
-            tls_ecdsa_do_sign);
- out:
-        pthread_mutex_unlock(&signer_method_lock);
-        return (ecdsa_method);
-}

diff --git a/src/lib/libtls/tls_signer.c b/src/lib/libtls/tls_signer.c deleted file mode 100644 index 2573803ec1..0000000000 --- a/src/lib/libtls/tls_signer.c +++ /dev/null
@@ -1,471 +0,0 @@
1	/* $OpenBSD: tls_signer.c,v 1.13 2024/06/11 16:35:24 op Exp $ */
2	/*
3	* Copyright (c) 2021 Eric Faurot <eric@openbsd.org>
4	*
5	* Permission to use, copy, modify, and distribute this software for any
6	* purpose with or without fee is hereby granted, provided that the above
7	* copyright notice and this permission notice appear in all copies.
8	*
9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	*/
17
18	#include <limits.h>
19	#include <pthread.h>
20	#include <stdint.h>
21	#include <stdio.h>
22	#include <stdlib.h>
23	#include <string.h>
24
25	#include <openssl/bio.h>
26	#include <openssl/ec.h>
27	#include <openssl/err.h>
28	#include <openssl/evp.h>
29	#include <openssl/pem.h>
30	#include <openssl/rsa.h>
31	#include <openssl/x509.h>
32
33	#include "tls.h"
34	#include "tls_internal.h"
35
36	struct tls_signer_key {
37	char *hash;
38	RSA *rsa;
39	EC_KEY *ecdsa;
40	struct tls_signer_key *next;
41	};
42
43	struct tls_signer {
44	struct tls_error error;
45	struct tls_signer_key *keys;
46	};
47
48	static pthread_mutex_t signer_method_lock = PTHREAD_MUTEX_INITIALIZER;
49
50	struct tls_signer *
51	tls_signer_new(void)
52	{
53	struct tls_signer *signer;
54
55	if ((signer = calloc(1, sizeof(*signer))) == NULL)
56	return (NULL);
57
58	return (signer);
59	}
60
61	void
62	tls_signer_free(struct tls_signer *signer)
63	{
64	struct tls_signer_key *skey;
65
66	if (signer == NULL)
67	return;
68
69	tls_error_clear(&signer->error);
70
71	while (signer->keys) {
72	skey = signer->keys;
73	signer->keys = skey->next;
74	RSA_free(skey->rsa);
75	EC_KEY_free(skey->ecdsa);
76	free(skey->hash);
77	free(skey);
78	}
79
80	free(signer);
81	}
82
83	const char *
84	tls_signer_error(struct tls_signer *signer)
85	{
86	return (signer->error.msg);
87	}
88
89	int
90	tls_signer_add_keypair_mem(struct tls_signer signer, const uint8_t cert,
91	size_t cert_len, const uint8_t *key, size_t key_len)
92	{
93	struct tls_signer_key *skey = NULL;
94	char *errstr = "unknown";
95	int ssl_err;
96	EVP_PKEY *pkey = NULL;
97	X509 *x509 = NULL;
98	BIO *bio = NULL;
99	char *hash = NULL;
100
101	/* Compute certificate hash */
102	if ((bio = BIO_new_mem_buf(cert, cert_len)) == NULL) {
103	tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
104	"failed to create certificate bio");
105	goto err;
106	}
107	if ((x509 = PEM_read_bio_X509(bio, NULL, tls_password_cb,
108	NULL)) == NULL) {
109	if ((ssl_err = ERR_peek_error()) != 0)
110	errstr = ERR_error_string(ssl_err, NULL);
111	tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
112	"failed to load certificate: %s", errstr);
113	goto err;
114	}
115	if (tls_cert_pubkey_hash(x509, &hash) == -1) {
116	tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
117	"failed to get certificate hash");
118	goto err;
119	}
120
121	X509_free(x509);
122	x509 = NULL;
123	BIO_free(bio);
124	bio = NULL;
125
126	/* Read private key */
127	if ((bio = BIO_new_mem_buf(key, key_len)) == NULL) {
128	tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
129	"failed to create key bio");
130	goto err;
131	}
132	if ((pkey = PEM_read_bio_PrivateKey(bio, NULL, tls_password_cb,
133	NULL)) == NULL) {
134	tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
135	"failed to read private key");
136	goto err;
137	}
138
139	if ((skey = calloc(1, sizeof(*skey))) == NULL) {
140	tls_error_set(&signer->error, TLS_ERROR_OUT_OF_MEMORY,
141	"out of memory");
142	goto err;
143	}
144	skey->hash = hash;
145	if ((skey->rsa = EVP_PKEY_get1_RSA(pkey)) == NULL &&
146	(skey->ecdsa = EVP_PKEY_get1_EC_KEY(pkey)) == NULL) {
147	tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
148	"unknown key type");
149	goto err;
150	}
151
152	skey->next = signer->keys;
153	signer->keys = skey;
154	EVP_PKEY_free(pkey);
155	BIO_free(bio);
156
157	return (0);
158
159	err:
160	EVP_PKEY_free(pkey);
161	X509_free(x509);
162	BIO_free(bio);
163	free(hash);
164	free(skey);
165
166	return (-1);
167	}
168
169	int
170	tls_signer_add_keypair_file(struct tls_signer signer, const char cert_file,
171	const char *key_file)
172	{
173	char cert = NULL, key = NULL;
174	size_t cert_len, key_len;
175	int rv = -1;
176
177	if (tls_config_load_file(&signer->error, "certificate", cert_file,
178	&cert, &cert_len) == -1)
179	goto err;
180
181	if (tls_config_load_file(&signer->error, "key", key_file, &key,
182	&key_len) == -1)
183	goto err;
184
185	rv = tls_signer_add_keypair_mem(signer, cert, cert_len, key, key_len);
186
187	err:
188	free(cert);
189	free(key);
190
191	return (rv);
192	}
193
194	static int
195	tls_sign_rsa(struct tls_signer signer, struct tls_signer_key skey,
196	const uint8_t *input, size_t input_len, int padding_type,
197	uint8_t *out_signature, size_t out_signature_len)
198	{
199	int rsa_padding, rsa_size, signature_len;
200	char *signature = NULL;
201
202	*out_signature = NULL;
203	*out_signature_len = 0;
204
205	if (padding_type == TLS_PADDING_NONE) {
206	rsa_padding = RSA_NO_PADDING;
207	} else if (padding_type == TLS_PADDING_RSA_PKCS1) {
208	rsa_padding = RSA_PKCS1_PADDING;
209	} else {
210	tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
211	"invalid RSA padding type (%d)", padding_type);
212	return (-1);
213	}
214
215	if (input_len > INT_MAX) {
216	tls_error_setx(&signer->error, TLS_ERROR_INVALID_ARGUMENT,
217	"input too large");
218	return (-1);
219	}
220	if ((rsa_size = RSA_size(skey->rsa)) <= 0) {
221	tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
222	"invalid RSA size: %d", rsa_size);
223	return (-1);
224	}
225	if ((signature = calloc(1, rsa_size)) == NULL) {
226	tls_error_set(&signer->error, TLS_ERROR_OUT_OF_MEMORY,
227	"out of memory");
228	return (-1);
229	}
230
231	if ((signature_len = RSA_private_encrypt((int)input_len, input,
232	signature, skey->rsa, rsa_padding)) <= 0) {
233	/* XXX - include further details from libcrypto. */
234	tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
235	"RSA signing failed");
236	free(signature);
237	return (-1);
238	}
239
240	*out_signature = signature;
241	*out_signature_len = (size_t)signature_len;
242
243	return (0);
244	}
245
246	static int
247	tls_sign_ecdsa(struct tls_signer signer, struct tls_signer_key skey,
248	const uint8_t *input, size_t input_len, int padding_type,
249	uint8_t *out_signature, size_t out_signature_len)
250	{
251	unsigned char *signature;
252	int signature_len;
253
254	*out_signature = NULL;
255	*out_signature_len = 0;
256
257	if (padding_type != TLS_PADDING_NONE) {
258	tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
259	"invalid ECDSA padding");
260	return (-1);
261	}
262
263	if (input_len > INT_MAX) {
264	tls_error_setx(&signer->error, TLS_ERROR_INVALID_ARGUMENT,
265	"digest too large");
266	return (-1);
267	}
268	if ((signature_len = ECDSA_size(skey->ecdsa)) <= 0) {
269	tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
270	"invalid ECDSA size: %d", signature_len);
271	return (-1);
272	}
273	if ((signature = calloc(1, signature_len)) == NULL) {
274	tls_error_set(&signer->error, TLS_ERROR_OUT_OF_MEMORY,
275	"out of memory");
276	return (-1);
277	}
278
279	if (!ECDSA_sign(0, input, input_len, signature, &signature_len,
280	skey->ecdsa)) {
281	/* XXX - include further details from libcrypto. */
282	tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN,
283	"ECDSA signing failed");
284	free(signature);
285	return (-1);
286	}
287
288	*out_signature = signature;
289	*out_signature_len = signature_len;
290
291	return (0);
292	}
293
294	int
295	tls_signer_sign(struct tls_signer signer, const char pubkey_hash,
296	const uint8_t *input, size_t input_len, int padding_type,
297	uint8_t *out_signature, size_t out_signature_len)
298	{
299	struct tls_signer_key *skey;
300
301	*out_signature = NULL;
302	*out_signature_len = 0;
303
304	for (skey = signer->keys; skey; skey = skey->next)
305	if (!strcmp(pubkey_hash, skey->hash))
306	break;
307
308	if (skey == NULL) {
309	tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN, "key not found");
310	return (-1);
311	}
312
313	if (skey->rsa != NULL)
314	return tls_sign_rsa(signer, skey, input, input_len,
315	padding_type, out_signature, out_signature_len);
316
317	if (skey->ecdsa != NULL)
318	return tls_sign_ecdsa(signer, skey, input, input_len,
319	padding_type, out_signature, out_signature_len);
320
321	tls_error_setx(&signer->error, TLS_ERROR_UNKNOWN, "unknown key type");
322
323	return (-1);
324	}
325
326	static int
327	tls_rsa_priv_enc(int from_len, const unsigned char from, unsigned char to,
328	RSA *rsa, int rsa_padding)
329	{
330	struct tls_config *config;
331	uint8_t *signature = NULL;
332	size_t signature_len = 0;
333	const char *pubkey_hash;
334	int padding_type;
335
336	/*
337	* This function is called via RSA_private_encrypt() and has to conform
338	* to its calling convention/signature. The caller is required to
339	* provide a 'to' buffer of at least RSA_size() bytes.
340	*/
341
342	pubkey_hash = RSA_get_ex_data(rsa, 0);
343	config = RSA_get_ex_data(rsa, 1);
344
345	if (pubkey_hash == NULL \|\| config == NULL)
346	goto err;
347
348	if (rsa_padding == RSA_NO_PADDING) {
349	padding_type = TLS_PADDING_NONE;
350	} else if (rsa_padding == RSA_PKCS1_PADDING) {
351	padding_type = TLS_PADDING_RSA_PKCS1;
352	} else {
353	goto err;
354	}
355
356	if (from_len < 0)
357	goto err;
358
359	if (config->sign_cb(config->sign_cb_arg, pubkey_hash, from, from_len,
360	padding_type, &signature, &signature_len) == -1)
361	goto err;
362
363	if (signature_len > INT_MAX \|\| (int)signature_len > RSA_size(rsa))
364	goto err;
365
366	memcpy(to, signature, signature_len);
367	free(signature);
368
369	return ((int)signature_len);
370
371	err:
372	free(signature);
373
374	return (-1);
375	}
376
377	RSA_METHOD *
378	tls_signer_rsa_method(void)
379	{
380	static RSA_METHOD *rsa_method = NULL;
381
382	pthread_mutex_lock(&signer_method_lock);
383
384	if (rsa_method != NULL)
385	goto out;
386
387	rsa_method = RSA_meth_new("libtls RSA method", 0);
388	if (rsa_method == NULL)
389	goto out;
390
391	RSA_meth_set_priv_enc(rsa_method, tls_rsa_priv_enc);
392
393	out:
394	pthread_mutex_unlock(&signer_method_lock);
395
396	return (rsa_method);
397	}
398
399	static ECDSA_SIG *
400	tls_ecdsa_do_sign(const unsigned char dgst, int dgst_len, const BIGNUM inv,
401	const BIGNUM rp, EC_KEY eckey)
402	{
403	struct tls_config *config;
404	ECDSA_SIG *ecdsa_sig = NULL;
405	uint8_t *signature = NULL;
406	size_t signature_len = 0;
407	const unsigned char *p;
408	const char *pubkey_hash;
409
410	/*
411	* This function is called via ECDSA_do_sign_ex() and has to conform
412	* to its calling convention/signature.
413	*/
414
415	pubkey_hash = EC_KEY_get_ex_data(eckey, 0);
416	config = EC_KEY_get_ex_data(eckey, 1);
417
418	if (pubkey_hash == NULL \|\| config == NULL)
419	goto err;
420
421	if (dgst_len < 0)
422	goto err;
423
424	if (config->sign_cb(config->sign_cb_arg, pubkey_hash, dgst, dgst_len,
425	TLS_PADDING_NONE, &signature, &signature_len) == -1)
426	goto err;
427
428	p = signature;
429	if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &p, signature_len)) == NULL)
430	goto err;
431
432	free(signature);
433
434	return (ecdsa_sig);
435
436	err:
437	free(signature);
438
439	return (NULL);
440	}
441
442	EC_KEY_METHOD *
443	tls_signer_ecdsa_method(void)
444	{
445	static EC_KEY_METHOD *ecdsa_method = NULL;
446	const EC_KEY_METHOD *default_method;
447	int (sign)(int type, const unsigned char dgst, int dlen,
448	unsigned char sig, unsigned int siglen,
449	const BIGNUM kinv, const BIGNUM r, EC_KEY *eckey);
450	int (sign_setup)(EC_KEY eckey, BN_CTX *ctx_in,
451	BIGNUM kinvp, BIGNUM rp);
452
453	pthread_mutex_lock(&signer_method_lock);
454
455	if (ecdsa_method != NULL)
456	goto out;
457
458	default_method = EC_KEY_get_default_method();
459	ecdsa_method = EC_KEY_METHOD_new(default_method);
460	if (ecdsa_method == NULL)
461	goto out;
462
463	EC_KEY_METHOD_get_sign(default_method, &sign, &sign_setup, NULL);
464	EC_KEY_METHOD_set_sign(ecdsa_method, sign, sign_setup,
465	tls_ecdsa_do_sign);
466
467	out:
468	pthread_mutex_unlock(&signer_method_lock);
469
470	return (ecdsa_method);
471	}