xref: /openbsd-src/lib/libtls/tls_util.c (revision ae3cb403620ab940fbaabb3055fac045a63d56b7) 
1 /* $OpenBSD: tls_util.c,v 1.9 2017/06/22 18:03:57 jsing Exp $ */
2 /*
3  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4  * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
5  *
6  * Permission to use, copy, modify, and distribute this software for any
7  * purpose with or without fee is hereby granted, provided that the above
8  * copyright notice and this permission notice appear in all copies.
9  *
10  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17  */
18 
19 #include <sys/stat.h>
20 
21 #include <stdlib.h>
22 #include <unistd.h>
23 #include <fcntl.h>
24 
25 #include "tls.h"
26 #include "tls_internal.h"
27 
28 /*
29  * Extract the host and port from a colon separated value. For a literal IPv6
30  * address the address must be contained with square braces. If a host and
31  * port are successfully extracted, the function will return 0 and the
32  * caller is responsible for freeing the host and port. If no port is found
33  * then the function will return 1, with both host and port being NULL.
34  * On memory allocation failure -1 will be returned.
35  */
36 int
37 tls_host_port(const char *hostport, char **host, char **port)
38 {
39 	char *h, *p, *s;
40 	int rv = 1;
41 
42 	*host = NULL;
43 	*port = NULL;
44 
45 	if ((s = strdup(hostport)) == NULL)
46 		goto fail;
47 
48 	h = p = s;
49 
50 	/* See if this is an IPv6 literal with square braces. */
51 	if (p[0] == '[') {
52 		h++;
53 		if ((p = strchr(s, ']')) == NULL)
54 			goto done;
55 		*p++ = '\0';
56 	}
57 
58 	/* Find the port seperator. */
59 	if ((p = strchr(p, ':')) == NULL)
60 		goto done;
61 
62 	/* If there is another separator then we have issues. */
63 	if (strchr(p + 1, ':') != NULL)
64 		goto done;
65 
66 	*p++ = '\0';
67 
68 	if (asprintf(host, "%s", h) == -1)
69 		goto fail;
70 	if (asprintf(port, "%s", p) == -1)
71 		goto fail;
72 
73 	rv = 0;
74 	goto done;
75 
76  fail:
77 	free(*host);
78 	*host = NULL;
79 	free(*port);
80 	*port = NULL;
81 	rv = -1;
82 
83  done:
84 	free(s);
85 
86 	return (rv);
87 }
88 
89 int
90 tls_password_cb(char *buf, int size, int rwflag, void *u)
91 {
92 	size_t len;
93 
94 	if (size < 0)
95 		return (0);
96 
97 	if (u == NULL) {
98 		memset(buf, 0, size);
99 		return (0);
100 	}
101 
102 	if ((len = strlcpy(buf, u, size)) >= (size_t)size)
103 		return (0);
104 
105 	return (len);
106 }
107 
108 uint8_t *
109 tls_load_file(const char *name, size_t *len, char *password)
110 {
111 	FILE *fp;
112 	EVP_PKEY *key = NULL;
113 	BIO *bio = NULL;
114 	char *data;
115 	uint8_t *buf = NULL;
116 	struct stat st;
117 	size_t size = 0;
118 	int fd = -1;
119 	ssize_t n;
120 
121 	*len = 0;
122 
123 	if ((fd = open(name, O_RDONLY)) == -1)
124 		return (NULL);
125 
126 	/* Just load the file into memory without decryption */
127 	if (password == NULL) {
128 		if (fstat(fd, &st) != 0)
129 			goto fail;
130 		if (st.st_size < 0)
131 			goto fail;
132 		size = (size_t)st.st_size;
133 		if ((buf = malloc(size)) == NULL)
134 			goto fail;
135 		n = read(fd, buf, size);
136 		if (n < 0 || (size_t)n != size)
137 			goto fail;
138 		close(fd);
139 		goto done;
140 	}
141 
142 	/* Or read the (possibly) encrypted key from file */
143 	if ((fp = fdopen(fd, "r")) == NULL)
144 		goto fail;
145 	fd = -1;
146 
147 	key = PEM_read_PrivateKey(fp, NULL, tls_password_cb, password);
148 	fclose(fp);
149 	if (key == NULL)
150 		goto fail;
151 
152 	/* Write unencrypted key to memory buffer */
153 	if ((bio = BIO_new(BIO_s_mem())) == NULL)
154 		goto fail;
155 	if (!PEM_write_bio_PrivateKey(bio, key, NULL, NULL, 0, NULL, NULL))
156 		goto fail;
157 	if ((size = BIO_get_mem_data(bio, &data)) <= 0)
158 		goto fail;
159 	if ((buf = malloc(size)) == NULL)
160 		goto fail;
161 	memcpy(buf, data, size);
162 
163 	BIO_free_all(bio);
164 	EVP_PKEY_free(key);
165 
166  done:
167 	*len = size;
168 	return (buf);
169 
170  fail:
171 	if (fd != -1)
172 		close(fd);
173 	freezero(buf, size);
174 	BIO_free_all(bio);
175 	EVP_PKEY_free(key);
176 
177 	return (NULL);
178 }
179 
180 void
181 tls_unload_file(uint8_t *buf, size_t len)
182 {
183 	freezero(buf, len);
184 }
185