ca.c revision 1.45
1/* $OpenBSD: ca.c,v 1.45 2023/06/18 19:08:52 op Exp $ */ 2 3/* 4 * Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org> 5 * Copyright (c) 2012 Gilles Chehade <gilles@poolp.org> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20#include <openssl/err.h> 21#include <openssl/pem.h> 22#include <openssl/engine.h> 23#include <pwd.h> 24#include <signal.h> 25#include <string.h> 26#include <unistd.h> 27 28#include "smtpd.h" 29#include "log.h" 30#include "ssl.h" 31 32static int rsae_send_imsg(int, const unsigned char *, unsigned char *, 33 RSA *, int, unsigned int); 34static int rsae_pub_enc(int, const unsigned char *, unsigned char *, 35 RSA *, int); 36static int rsae_pub_dec(int,const unsigned char *, unsigned char *, 37 RSA *, int); 38static int rsae_priv_enc(int, const unsigned char *, unsigned char *, 39 RSA *, int); 40static int rsae_priv_dec(int, const unsigned char *, unsigned char *, 41 RSA *, int); 42static int rsae_mod_exp(BIGNUM *, const BIGNUM *, RSA *, BN_CTX *); 43static int rsae_bn_mod_exp(BIGNUM *, const BIGNUM *, const BIGNUM *, 44 const BIGNUM *, BN_CTX *, BN_MONT_CTX *); 45static int rsae_init(RSA *); 46static int rsae_finish(RSA *); 47static int rsae_keygen(RSA *, int, BIGNUM *, BN_GENCB *); 48static int ecdsae_keygen(EC_KEY *); 49static int ecdsae_compute_key(void *, size_t, const EC_POINT *, EC_KEY *, 50 void *(*)(const void *, size_t, void *, size_t *)); 51static int ecdsae_sign(int, const unsigned char *, int, unsigned char *, 52 unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *); 53 54static ECDSA_SIG *ecdsae_do_sign(const unsigned char *, int, const BIGNUM *, 55 const BIGNUM *, EC_KEY *); 56static int ecdsae_sign_setup(EC_KEY *, BN_CTX *, BIGNUM **, BIGNUM **); 57static int ecdsae_verify(int, const unsigned char *, int, const unsigned char *, 58 int, EC_KEY *); 59static int ecdsae_do_verify(const unsigned char *, int, const ECDSA_SIG *, 60 EC_KEY *); 61 62 63static struct dict pkeys; 64static uint64_t reqid = 0; 65 66static void 67ca_shutdown(void) 68{ 69 log_debug("debug: ca agent exiting"); 70 _exit(0); 71} 72 73int 74ca(void) 75{ 76 struct passwd *pw; 77 78 purge_config(PURGE_LISTENERS|PURGE_TABLES|PURGE_RULES|PURGE_DISPATCHERS); 79 80 if ((pw = getpwnam(SMTPD_USER)) == NULL) 81 fatalx("unknown user " SMTPD_USER); 82 83 if (chroot(PATH_CHROOT) == -1) 84 fatal("ca: chroot"); 85 if (chdir("/") == -1) 86 fatal("ca: chdir(\"/\")"); 87 88 config_process(PROC_CA); 89 90 if (setgroups(1, &pw->pw_gid) || 91 setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || 92 setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) 93 fatal("ca: cannot drop privileges"); 94 95 imsg_callback = ca_imsg; 96 event_init(); 97 98 signal(SIGINT, SIG_IGN); 99 signal(SIGTERM, SIG_IGN); 100 signal(SIGPIPE, SIG_IGN); 101 signal(SIGHUP, SIG_IGN); 102 103 config_peer(PROC_CONTROL); 104 config_peer(PROC_PARENT); 105 config_peer(PROC_DISPATCHER); 106 107 /* Ignore them until we get our config */ 108 mproc_disable(p_dispatcher); 109 110 if (pledge("stdio", NULL) == -1) 111 fatal("pledge"); 112 113 event_dispatch(); 114 fatalx("exited event loop"); 115 116 return (0); 117} 118 119void 120ca_init(void) 121{ 122 BIO *in = NULL; 123 EVP_PKEY *pkey = NULL; 124 struct pki *pki; 125 const char *k; 126 void *iter_dict; 127 char *hash; 128 129 log_debug("debug: init private ssl-tree"); 130 dict_init(&pkeys); 131 iter_dict = NULL; 132 while (dict_iter(env->sc_pki_dict, &iter_dict, &k, (void **)&pki)) { 133 if (pki->pki_key == NULL) 134 continue; 135 136 in = BIO_new_mem_buf(pki->pki_key, pki->pki_key_len); 137 if (in == NULL) 138 fatalx("ca_init: key"); 139 pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL); 140 if (pkey == NULL) 141 fatalx("ca_init: PEM"); 142 BIO_free(in); 143 144 hash = ssl_pubkey_hash(pki->pki_cert, pki->pki_cert_len); 145 if (dict_check(&pkeys, hash)) 146 EVP_PKEY_free(pkey); 147 else 148 dict_xset(&pkeys, hash, pkey); 149 free(hash); 150 } 151} 152 153int 154ca_X509_verify(void *certificate, void *chain, const char *CAfile, 155 const char *CRLfile, const char **errstr) 156{ 157 X509_STORE *store = NULL; 158 X509_STORE_CTX *xsc = NULL; 159 int ret = 0; 160 long error = 0; 161 162 if ((store = X509_STORE_new()) == NULL) 163 goto end; 164 165 if (!X509_STORE_load_locations(store, CAfile, NULL)) { 166 log_warn("warn: unable to load CA file %s", CAfile); 167 goto end; 168 } 169 X509_STORE_set_default_paths(store); 170 171 if ((xsc = X509_STORE_CTX_new()) == NULL) 172 goto end; 173 174 if (X509_STORE_CTX_init(xsc, store, certificate, chain) != 1) 175 goto end; 176 177 ret = X509_verify_cert(xsc); 178 179end: 180 *errstr = NULL; 181 if (ret != 1) { 182 if (xsc) { 183 error = X509_STORE_CTX_get_error(xsc); 184 *errstr = X509_verify_cert_error_string(error); 185 } 186 else if (ERR_peek_last_error()) 187 *errstr = ERR_error_string(ERR_peek_last_error(), NULL); 188 } 189 190 X509_STORE_CTX_free(xsc); 191 X509_STORE_free(store); 192 193 return ret > 0 ? 1 : 0; 194} 195 196void 197ca_imsg(struct mproc *p, struct imsg *imsg) 198{ 199 EVP_PKEY *pkey; 200 RSA *rsa = NULL; 201 EC_KEY *ecdsa = NULL; 202 const void *from = NULL; 203 unsigned char *to = NULL; 204 struct msg m; 205 const char *hash; 206 size_t flen, tlen, padding; 207 int buf_len; 208 int ret = 0; 209 uint64_t id; 210 int v; 211 212 if (imsg == NULL) 213 ca_shutdown(); 214 215 switch (imsg->hdr.type) { 216 case IMSG_CONF_START: 217 return; 218 case IMSG_CONF_END: 219 ca_init(); 220 221 /* Start fulfilling requests */ 222 mproc_enable(p_dispatcher); 223 return; 224 225 case IMSG_CTL_VERBOSE: 226 m_msg(&m, imsg); 227 m_get_int(&m, &v); 228 m_end(&m); 229 log_trace_verbose(v); 230 return; 231 232 case IMSG_CTL_PROFILE: 233 m_msg(&m, imsg); 234 m_get_int(&m, &v); 235 m_end(&m); 236 profiling = v; 237 return; 238 239 case IMSG_CA_RSA_PRIVENC: 240 case IMSG_CA_RSA_PRIVDEC: 241 m_msg(&m, imsg); 242 m_get_id(&m, &id); 243 m_get_string(&m, &hash); 244 m_get_data(&m, &from, &flen); 245 m_get_size(&m, &tlen); 246 m_get_size(&m, &padding); 247 m_end(&m); 248 249 pkey = dict_get(&pkeys, hash); 250 if (pkey == NULL || (rsa = EVP_PKEY_get1_RSA(pkey)) == NULL) 251 fatalx("ca_imsg: invalid pkey hash"); 252 253 if ((to = calloc(1, tlen)) == NULL) 254 fatalx("ca_imsg: calloc"); 255 256 switch (imsg->hdr.type) { 257 case IMSG_CA_RSA_PRIVENC: 258 ret = RSA_private_encrypt(flen, from, to, rsa, 259 padding); 260 break; 261 case IMSG_CA_RSA_PRIVDEC: 262 ret = RSA_private_decrypt(flen, from, to, rsa, 263 padding); 264 break; 265 } 266 267 m_create(p, imsg->hdr.type, 0, 0, -1); 268 m_add_id(p, id); 269 m_add_int(p, ret); 270 if (ret > 0) 271 m_add_data(p, to, (size_t)ret); 272 m_close(p); 273 274 free(to); 275 RSA_free(rsa); 276 return; 277 278 case IMSG_CA_ECDSA_SIGN: 279 m_msg(&m, imsg); 280 m_get_id(&m, &id); 281 m_get_string(&m, &hash); 282 m_get_data(&m, &from, &flen); 283 m_end(&m); 284 285 pkey = dict_get(&pkeys, hash); 286 if (pkey == NULL || 287 (ecdsa = EVP_PKEY_get1_EC_KEY(pkey)) == NULL) 288 fatalx("ca_imsg: invalid pkey hash"); 289 290 buf_len = ECDSA_size(ecdsa); 291 if ((to = calloc(1, buf_len)) == NULL) 292 fatalx("ca_imsg: calloc"); 293 ret = ECDSA_sign(0, from, flen, to, &buf_len, ecdsa); 294 m_create(p, imsg->hdr.type, 0, 0, -1); 295 m_add_id(p, id); 296 m_add_int(p, ret); 297 if (ret > 0) 298 m_add_data(p, to, (size_t)buf_len); 299 m_close(p); 300 free(to); 301 EC_KEY_free(ecdsa); 302 return; 303 } 304 305 fatalx("ca_imsg: unexpected %s imsg", imsg_to_str(imsg->hdr.type)); 306} 307 308/* 309 * RSA privsep engine (called from unprivileged processes) 310 */ 311 312const RSA_METHOD *rsa_default = NULL; 313 314static RSA_METHOD *rsae_method = NULL; 315 316static int 317rsae_send_imsg(int flen, const unsigned char *from, unsigned char *to, 318 RSA *rsa, int padding, unsigned int cmd) 319{ 320 int ret = 0; 321 struct imsgbuf *ibuf; 322 struct imsg imsg; 323 int n, done = 0; 324 const void *toptr; 325 char *hash; 326 size_t tlen; 327 struct msg m; 328 uint64_t id; 329 330 if ((hash = RSA_get_ex_data(rsa, 0)) == NULL) 331 return (0); 332 333 /* 334 * Send a synchronous imsg because we cannot defer the RSA 335 * operation in OpenSSL's engine layer. 336 */ 337 m_create(p_ca, cmd, 0, 0, -1); 338 reqid++; 339 m_add_id(p_ca, reqid); 340 m_add_string(p_ca, hash); 341 m_add_data(p_ca, (const void *)from, (size_t)flen); 342 m_add_size(p_ca, (size_t)RSA_size(rsa)); 343 m_add_size(p_ca, (size_t)padding); 344 m_flush(p_ca); 345 346 ibuf = &p_ca->imsgbuf; 347 348 while (!done) { 349 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN) 350 fatalx("imsg_read"); 351 if (n == 0) 352 fatalx("pipe closed"); 353 354 while (!done) { 355 if ((n = imsg_get(ibuf, &imsg)) == -1) 356 fatalx("imsg_get error"); 357 if (n == 0) 358 break; 359 360 log_imsg(PROC_DISPATCHER, PROC_CA, &imsg); 361 362 switch (imsg.hdr.type) { 363 case IMSG_CA_RSA_PRIVENC: 364 case IMSG_CA_RSA_PRIVDEC: 365 break; 366 default: 367 /* Another imsg is queued up in the buffer */ 368 dispatcher_imsg(p_ca, &imsg); 369 imsg_free(&imsg); 370 continue; 371 } 372 373 m_msg(&m, &imsg); 374 m_get_id(&m, &id); 375 if (id != reqid) 376 fatalx("invalid response id"); 377 m_get_int(&m, &ret); 378 if (ret > 0) 379 m_get_data(&m, &toptr, &tlen); 380 m_end(&m); 381 382 if (ret > 0) 383 memcpy(to, toptr, tlen); 384 done = 1; 385 386 imsg_free(&imsg); 387 } 388 } 389 mproc_event_add(p_ca); 390 391 return (ret); 392} 393 394static int 395rsae_pub_enc(int flen,const unsigned char *from, unsigned char *to, RSA *rsa, 396 int padding) 397{ 398 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 399 return (RSA_meth_get_pub_enc(rsa_default)(flen, from, to, rsa, padding)); 400} 401 402static int 403rsae_pub_dec(int flen,const unsigned char *from, unsigned char *to, RSA *rsa, 404 int padding) 405{ 406 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 407 return (RSA_meth_get_pub_dec(rsa_default)(flen, from, to, rsa, padding)); 408} 409 410static int 411rsae_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, 412 int padding) 413{ 414 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 415 if (RSA_get_ex_data(rsa, 0) != NULL) 416 return (rsae_send_imsg(flen, from, to, rsa, padding, 417 IMSG_CA_RSA_PRIVENC)); 418 return (RSA_meth_get_priv_enc(rsa_default)(flen, from, to, rsa, padding)); 419} 420 421static int 422rsae_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, 423 int padding) 424{ 425 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 426 if (RSA_get_ex_data(rsa, 0) != NULL) 427 return (rsae_send_imsg(flen, from, to, rsa, padding, 428 IMSG_CA_RSA_PRIVDEC)); 429 430 return (RSA_meth_get_priv_dec(rsa_default)(flen, from, to, rsa, padding)); 431} 432 433static int 434rsae_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) 435{ 436 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 437 return (RSA_meth_get_mod_exp(rsa_default)(r0, I, rsa, ctx)); 438} 439 440static int 441rsae_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 442 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) 443{ 444 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 445 return (RSA_meth_get_bn_mod_exp(rsa_default)(r, a, p, m, ctx, m_ctx)); 446} 447 448static int 449rsae_init(RSA *rsa) 450{ 451 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 452 if (RSA_meth_get_init(rsa_default) == NULL) 453 return (1); 454 return (RSA_meth_get_init(rsa_default)(rsa)); 455} 456 457static int 458rsae_finish(RSA *rsa) 459{ 460 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 461 if (RSA_meth_get_finish(rsa_default) == NULL) 462 return (1); 463 return (RSA_meth_get_finish(rsa_default)(rsa)); 464} 465 466static int 467rsae_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) 468{ 469 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 470 return (RSA_meth_get_keygen(rsa_default)(rsa, bits, e, cb)); 471} 472 473 474/* 475 * ECDSA privsep engine (called from unprivileged processes) 476 */ 477 478const EC_KEY_METHOD *ecdsa_default = NULL; 479 480static EC_KEY_METHOD *ecdsae_method = NULL; 481 482static ECDSA_SIG * 483ecdsae_send_enc_imsg(const unsigned char *dgst, int dgst_len, 484 const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey) 485{ 486 int ret = 0; 487 struct imsgbuf *ibuf; 488 struct imsg imsg; 489 int n, done = 0; 490 const void *toptr; 491 char *hash; 492 size_t tlen; 493 struct msg m; 494 uint64_t id; 495 ECDSA_SIG *sig = NULL; 496 497 if ((hash = EC_KEY_get_ex_data(eckey, 0)) == NULL) 498 return (0); 499 500 /* 501 * Send a synchronous imsg because we cannot defer the ECDSA 502 * operation in OpenSSL's engine layer. 503 */ 504 m_create(p_ca, IMSG_CA_ECDSA_SIGN, 0, 0, -1); 505 reqid++; 506 m_add_id(p_ca, reqid); 507 m_add_string(p_ca, hash); 508 m_add_data(p_ca, (const void *)dgst, (size_t)dgst_len); 509 m_flush(p_ca); 510 511 ibuf = &p_ca->imsgbuf; 512 513 while (!done) { 514 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN) 515 fatalx("imsg_read"); 516 if (n == 0) 517 fatalx("pipe closed"); 518 while (!done) { 519 if ((n = imsg_get(ibuf, &imsg)) == -1) 520 fatalx("imsg_get error"); 521 if (n == 0) 522 break; 523 524 log_imsg(PROC_DISPATCHER, PROC_CA, &imsg); 525 526 switch (imsg.hdr.type) { 527 case IMSG_CA_ECDSA_SIGN: 528 break; 529 default: 530 /* Another imsg is queued up in the buffer */ 531 dispatcher_imsg(p_ca, &imsg); 532 imsg_free(&imsg); 533 continue; 534 } 535 536 m_msg(&m, &imsg); 537 m_get_id(&m, &id); 538 if (id != reqid) 539 fatalx("invalid response id"); 540 m_get_int(&m, &ret); 541 if (ret > 0) 542 m_get_data(&m, &toptr, &tlen); 543 m_end(&m); 544 done = 1; 545 546 if (ret > 0) 547 d2i_ECDSA_SIG(&sig, (const unsigned char **)&toptr, tlen); 548 imsg_free(&imsg); 549 } 550 } 551 mproc_event_add(p_ca); 552 553 return (sig); 554} 555 556static int 557ecdsae_keygen(EC_KEY *eckey) 558{ 559 int (*keygen)(EC_KEY *); 560 561 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 562 EC_KEY_METHOD_get_keygen(ecdsa_default, &keygen); 563 return (keygen(eckey)); 564} 565 566static int 567ecdsae_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, 568 EC_KEY *ecdh, void *(*kdf)(const void *, size_t, void *, size_t *)) 569{ 570 int (*ckey)(void *, size_t, const EC_POINT *, EC_KEY *, 571 void *(*)(const void *, size_t, void *, size_t *)); 572 573 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 574 EC_KEY_METHOD_get_compute_key(ecdsa_default, &ckey); 575 return (ckey(out, outlen, pub_key, ecdh, kdf)); 576} 577 578static int 579ecdsae_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, 580 unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey) 581{ 582 int (*sign)(int, const unsigned char *, int, unsigned char *, 583 unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *); 584 585 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 586 EC_KEY_METHOD_get_sign(ecdsa_default, &sign, NULL, NULL); 587 return (sign(type, dgst, dlen, sig, siglen, kinv, r, eckey)); 588} 589 590static ECDSA_SIG * 591ecdsae_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, 592 const BIGNUM *rp, EC_KEY *eckey) 593{ 594 ECDSA_SIG *(*psign_sig)(const unsigned char *, int, const BIGNUM *, 595 const BIGNUM *, EC_KEY *); 596 597 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 598 if (EC_KEY_get_ex_data(eckey, 0) != NULL) 599 return (ecdsae_send_enc_imsg(dgst, dgst_len, inv, rp, eckey)); 600 EC_KEY_METHOD_get_sign(ecdsa_default, NULL, NULL, &psign_sig); 601 return (psign_sig(dgst, dgst_len, inv, rp, eckey)); 602} 603 604static int 605ecdsae_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **r) 606{ 607 int (*psign_setup)(EC_KEY *, BN_CTX *, BIGNUM **, BIGNUM **); 608 609 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 610 EC_KEY_METHOD_get_sign(ecdsa_default, NULL, &psign_setup, NULL); 611 return (psign_setup(eckey, ctx, kinv, r)); 612} 613 614static int 615ecdsae_verify(int type, const unsigned char *dgst, int dgst_len, 616 const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) 617{ 618 int (*verify)(int, const unsigned char *, int, const unsigned char *, 619 int, EC_KEY *); 620 621 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 622 EC_KEY_METHOD_get_verify(ecdsa_default, &verify, NULL); 623 return (verify(type, dgst, dgst_len, sigbuf, sig_len, eckey)); 624} 625 626static int 627ecdsae_do_verify(const unsigned char *dgst, int dgst_len, 628 const ECDSA_SIG *sig, EC_KEY *eckey) 629{ 630 int (*pverify_sig)(const unsigned char *, int, const ECDSA_SIG *, 631 EC_KEY *); 632 633 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 634 EC_KEY_METHOD_get_verify(ecdsa_default, NULL, &pverify_sig); 635 return (pverify_sig(dgst, dgst_len, sig, eckey)); 636} 637 638 639static void 640rsa_engine_init(void) 641{ 642 ENGINE *e; 643 const char *errstr, *name; 644 645 if ((rsae_method = RSA_meth_new("RSA privsep engine", 0)) == NULL) { 646 errstr = "RSA_meth_new"; 647 goto fail; 648 } 649 650 RSA_meth_set_pub_enc(rsae_method, rsae_pub_enc); 651 RSA_meth_set_pub_dec(rsae_method, rsae_pub_dec); 652 RSA_meth_set_priv_enc(rsae_method, rsae_priv_enc); 653 RSA_meth_set_priv_dec(rsae_method, rsae_priv_dec); 654 RSA_meth_set_mod_exp(rsae_method, rsae_mod_exp); 655 RSA_meth_set_bn_mod_exp(rsae_method, rsae_bn_mod_exp); 656 RSA_meth_set_init(rsae_method, rsae_init); 657 RSA_meth_set_finish(rsae_method, rsae_finish); 658 RSA_meth_set_keygen(rsae_method, rsae_keygen); 659 660 if ((e = ENGINE_get_default_RSA()) == NULL) { 661 if ((e = ENGINE_new()) == NULL) { 662 errstr = "ENGINE_new"; 663 goto fail; 664 } 665 if (!ENGINE_set_name(e, RSA_meth_get0_name(rsae_method))) { 666 errstr = "ENGINE_set_name"; 667 goto fail; 668 } 669 if ((rsa_default = RSA_get_default_method()) == NULL) { 670 errstr = "RSA_get_default_method"; 671 goto fail; 672 } 673 } else if ((rsa_default = ENGINE_get_RSA(e)) == NULL) { 674 errstr = "ENGINE_get_RSA"; 675 goto fail; 676 } 677 678 if ((name = ENGINE_get_name(e)) == NULL) 679 name = "unknown RSA engine"; 680 681 log_debug("debug: %s: using %s", __func__, name); 682 683 if (RSA_meth_get_mod_exp(rsa_default) == NULL) 684 RSA_meth_set_mod_exp(rsae_method, NULL); 685 if (RSA_meth_get_bn_mod_exp(rsa_default) == NULL) 686 RSA_meth_set_bn_mod_exp(rsae_method, NULL); 687 if (RSA_meth_get_keygen(rsa_default) == NULL) 688 RSA_meth_set_keygen(rsae_method, NULL); 689 RSA_meth_set_flags(rsae_method, 690 RSA_meth_get_flags(rsa_default) | RSA_METHOD_FLAG_NO_CHECK); 691 RSA_meth_set0_app_data(rsae_method, 692 RSA_meth_get0_app_data(rsa_default)); 693 694 if (!ENGINE_set_RSA(e, rsae_method)) { 695 errstr = "ENGINE_set_RSA"; 696 goto fail; 697 } 698 if (!ENGINE_set_default_RSA(e)) { 699 errstr = "ENGINE_set_default_RSA"; 700 goto fail; 701 } 702 703 return; 704 705 fail: 706 ssl_error(errstr); 707 fatalx("%s", errstr); 708} 709 710static void 711ecdsa_engine_init(void) 712{ 713 ENGINE *e; 714 const char *errstr, *name; 715 716 if ((ecdsae_method = EC_KEY_METHOD_new(NULL)) == NULL) { 717 errstr = "EC_KEY_METHOD_new"; 718 goto fail; 719 } 720 721 EC_KEY_METHOD_set_keygen(ecdsae_method, ecdsae_keygen); 722 EC_KEY_METHOD_set_compute_key(ecdsae_method, ecdsae_compute_key); 723 EC_KEY_METHOD_set_sign(ecdsae_method, ecdsae_sign, ecdsae_sign_setup, 724 ecdsae_do_sign); 725 EC_KEY_METHOD_set_verify(ecdsae_method, ecdsae_verify, 726 ecdsae_do_verify); 727 728 if ((e = ENGINE_get_default_EC()) == NULL) { 729 if ((e = ENGINE_new()) == NULL) { 730 errstr = "ENGINE_new"; 731 goto fail; 732 } 733 if (!ENGINE_set_name(e, "ECDSA privsep engine")) { 734 errstr = "ENGINE_set_name"; 735 goto fail; 736 } 737 if ((ecdsa_default = EC_KEY_get_default_method()) == NULL) { 738 errstr = "EC_KEY_get_default_method"; 739 goto fail; 740 } 741 } else if ((ecdsa_default = ENGINE_get_EC(e)) == NULL) { 742 errstr = "ENGINE_get_EC"; 743 goto fail; 744 } 745 746 if ((name = ENGINE_get_name(e)) == NULL) 747 name = "unknown ECDSA engine"; 748 749 log_debug("debug: %s: using %s", __func__, name); 750 751 if (!ENGINE_set_EC(e, ecdsae_method)) { 752 errstr = "ENGINE_set_EC"; 753 goto fail; 754 } 755 if (!ENGINE_set_default_EC(e)) { 756 errstr = "ENGINE_set_default_EC"; 757 goto fail; 758 } 759 760 return; 761 762 fail: 763 ssl_error(errstr); 764 fatalx("%s", errstr); 765} 766 767void 768ca_engine_init(void) 769{ 770 rsa_engine_init(); 771 ecdsa_engine_init(); 772} 773