add a privsep crypto engine

Incorporate the OpenSMTPD' privsep crypto engine. The idea behind it is to never load the certificate' private keys in a networked process, instead they are loaded in a separate process (the `crypto' one) which signs payloads on the behalf of the server processes. This way, we greatly reduce the risk of leaking the certificate' private key should the server process be compromised. This currently compiles only on LibreSSL (portable fix is in the way).
author: Omar Polo <op@omarpolo.com> 2023-06-11 11:03:59 +0000
committer: Omar Polo <op@omarpolo.com> 2023-06-11 11:03:59 +0000
commit: 86693a33abd5e8c31530adb3045c9f4664d4d6c9 (patch)
tree: 3ef25d39266c92a62ece902799cc23b76812e0d0 /sandbox.c
parent: f81a97b3569478a36e5cbe95229efd1b831b7a7b (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/sandbox.c b/sandbox.c
index 6d68b0f..c189446 100644
--- a/sandbox.c
+++ b/sandbox.c
@@ -36,6 +36,13 @@ sandbox_server_process(void)
 }
 
 void
+sandbox_crypto_process(void)
+{
+	if (pledge("stdio recvfd", NULL) == -1)
+		fatal("pledge");
+}
+
+void
 sandbox_logger_process(void)
 {
 	if (pledge("stdio recvfd", NULL) == -1)
@@ -59,6 +66,12 @@ sandbox_server_process(void)
 }
 
 void
+sandbox_crypto_process(void)
+{
+	return;
+}
+
+void
 sandbox_logger_process(void)
 {
 	return;
author	Omar Polo <op@omarpolo.com>	2023-06-11 11:03:59 +0000
committer	Omar Polo <op@omarpolo.com>	2023-06-11 11:03:59 +0000
commit	86693a33abd5e8c31530adb3045c9f4664d4d6c9 (patch)
tree	3ef25d39266c92a62ece902799cc23b76812e0d0 /sandbox.c
parent	f81a97b3569478a36e5cbe95229efd1b831b7a7b (diff)