subject:"Re\: Remove ENGINE use from relayd"

Re: Remove ENGINE use from relayd

2023-07-13 Thread Florian Obser

I for one welcome our new relayd maintainer!

Re: Remove ENGINE use from relayd

2023-07-13 Thread Omar Polo

On 2023/07/13 05:44:03 +0200, Theo Buehler  wrote:
> This is analogous to the change that op committed to smtpd a few days
> ago. Instead of using ENGINE to make RSA use privsep via imsg, create
> an RSA method that has custom priv_enc/priv_dec methods, replace the
> default RSA method. Ditch numerous wrappers that extract the default
> methods on the fly only to add a log call.
> 
> This removes a lot of boilerplate and shows more clearly where the
> actual magic happens. Regress exercises this code and passes.

nice to see all that redundant code go; ok op

Re: Remove ENGINE use from relayd

2023-07-13 Thread Tobias Heider

On Thu, Jul 13, 2023 at 05:44:03AM +0200, Theo Buehler wrote:
> This is analogous to the change that op committed to smtpd a few days
> ago. Instead of using ENGINE to make RSA use privsep via imsg, create
> an RSA method that has custom priv_enc/priv_dec methods, replace the
> default RSA method. Ditch numerous wrappers that extract the default
> methods on the fly only to add a log call.
> 
> This removes a lot of boilerplate and shows more clearly where the
> actual magic happens. Regress exercises this code and passes.

Nice, that is a lot of boilerplate. ok tobhe@

> 
> Index: ca.c
> ===
> RCS file: /cvs/src/usr.sbin/relayd/ca.c,v
> retrieving revision 1.42
> diff -u -p -r1.42 ca.c
> --- ca.c  11 Jun 2023 10:30:26 -  1.42
> +++ ca.c  11 Jul 2023 18:21:47 -
> @@ -41,20 +41,8 @@ voidca_launch(void);
>  int   ca_dispatch_parent(int, struct privsep_proc *, struct imsg *);
>  int   ca_dispatch_relay(int, struct privsep_proc *, struct imsg *);
>  
> -int   rsae_pub_enc(int, const u_char *, u_char *, RSA *, int);
> -int   rsae_pub_dec(int,const u_char *, u_char *, RSA *, int);
>  int   rsae_priv_enc(int, const u_char *, u_char *, RSA *, int);
>  int   rsae_priv_dec(int, const u_char *, u_char *, RSA *, int);
> -int   rsae_mod_exp(BIGNUM *, const BIGNUM *, RSA *, BN_CTX *);
> -int   rsae_bn_mod_exp(BIGNUM *, const BIGNUM *, const BIGNUM *,
> - const BIGNUM *, BN_CTX *, BN_MONT_CTX *);
> -int   rsae_init(RSA *);
> -int   rsae_finish(RSA *);
> -int   rsae_sign(int, const u_char *, u_int, u_char *, u_int *,
> - const RSA *);
> -int   rsae_verify(int dtype, const u_char *m, u_int, const u_char *,
> - u_int, const RSA *);
> -int   rsae_keygen(RSA *, int, BIGNUM *, BN_GENCB *);
>  
>  static struct relayd *env = NULL;
>  
> @@ -301,7 +289,7 @@ ca_dispatch_relay(int fd, struct privsep
>   * RSA privsep engine (called from unprivileged processes)
>   */
>  
> -const RSA_METHOD *rsa_default = NULL;
> +static const RSA_METHOD *rsa_default;
>  static RSA_METHOD *rsae_method;
>  
>  static int
> @@ -417,20 +405,6 @@ rsae_send_imsg(int flen, const u_char *f
>  }
>  
>  int
> -rsae_pub_enc(int flen,const u_char *from, u_char *to, RSA *rsa,int padding)
> -{
> - DPRINTF("%s:%d", __func__, __LINE__);
> - return RSA_meth_get_pub_enc(rsa_default)(flen, from, to, rsa, padding);
> -}
> -
> -int
> -rsae_pub_dec(int flen,const u_char *from, u_char *to, RSA *rsa,int padding)
> -{
> - DPRINTF("%s:%d", __func__, __LINE__);
> - return RSA_meth_get_pub_dec(rsa_default)(flen, from, to, rsa, padding);
> -}
> -
> -int
>  rsae_priv_enc(int flen, const u_char *from, u_char *to, RSA *rsa, int 
> padding)
>  {
>   DPRINTF("%s:%d", __func__, __LINE__);
> @@ -444,69 +418,10 @@ rsae_priv_dec(int flen, const u_char *fr
>   return rsae_send_imsg(flen, from, to, rsa, padding, IMSG_CA_PRIVDEC);
>  }
>  
> -int
> -rsae_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
> -{
> - DPRINTF("%s:%d", __func__, __LINE__);
> - return RSA_meth_get_mod_exp(rsa_default)(r0, I, rsa, ctx);
> -}
> -
> -int
> -rsae_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
> -const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
> -{
> - DPRINTF("%s:%d", __func__, __LINE__);
> - return RSA_meth_get_bn_mod_exp(rsa_default)(r, a, p, m, ctx, m_ctx);
> -}
> -
> -int
> -rsae_init(RSA *rsa)
> -{
> - DPRINTF("%s:%d", __func__, __LINE__);
> - if (RSA_meth_get_init(rsa_default) == NULL)
> - return 1;
> - return RSA_meth_get_init(rsa_default)(rsa);
> -}
> -
> -int
> -rsae_finish(RSA *rsa)
> -{
> - DPRINTF("%s:%d", __func__, __LINE__);
> - if (RSA_meth_get_finish(rsa_default) == NULL)
> - return 1;
> - return RSA_meth_get_finish(rsa_default)(rsa);
> -}
> -
> -int
> -rsae_sign(int type, const u_char *m, u_int m_length, u_char *sigret,
> -u_int *siglen, const RSA *rsa)
> -{
> - DPRINTF("%s:%d", __func__, __LINE__);
> - return RSA_meth_get_sign(rsa_default)(type, m, m_length,
> - sigret, siglen, rsa);
> -}
> -
> -int
> -rsae_verify(int dtype, const u_char *m, u_int m_length, const u_char *sigbuf,
> -u_int siglen, const RSA *rsa)
> -{
> - DPRINTF("%s:%d", __func__, __LINE__);
> - return RSA_meth_get_verify(rsa_default)(dtype, m, m_length,
> - sigbuf, siglen, rsa);
> -}
> -
> -int
> -rsae_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
> -{
> - DPRINTF("%s:%d", __func__, __LINE__);
> - return RSA_meth_get_keygen(rsa_default)(rsa, bits, e, cb);
> -}
> -
>  void
>  ca_engine_init(struct relayd *x_env)
>  {
> - ENGINE  *e = NULL;
> - const char  *errstr, *name;
> + const char  *errstr;
>  
>   if (env == NULL)
>   env = x_env;
> @@ -514,68 +429,25 @@ ca_engine_init(struct relayd *x_env)
>   if (rsa_default != NULL)
>   return;
>  
> - if ((rsae_method =

Re: Remove ENGINE use from relayd

Re: Remove ENGINE use from relayd

Re: Remove ENGINE use from relayd

3 matches

Site Navigation

Mail list logo

Footer information