xref: /freebsd/crypto/openssl/crypto/crmf/crmf_lib.c (revision b077aed33b7b6aefca7b17ddb250cf521f938613)
1 /*-
2  * Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved.
3  * Copyright Nokia 2007-2018
4  * Copyright Siemens AG 2015-2019
5  *
6  * Licensed under the Apache License 2.0 (the "License").  You may not use
7  * this file except in compliance with the License.  You can obtain a copy
8  * in the file LICENSE in the source distribution or at
9  * https://www.openssl.org/source/license.html
10  *
11  * CRMF implementation by Martin Peylo, Miikka Viljanen, and David von Oheimb.
12  */
13 
14 /*
15  * This file contains the functions that handle the individual items inside
16  * the CRMF structures
17  */
18 
19 /*
20  * NAMING
21  *
22  * The 0 functions use the supplied structure pointer directly in the parent and
23  * it will be freed up when the parent is freed.
24  *
25  * The 1 functions use a copy of the supplied structure pointer (or in some
26  * cases increases its link count) in the parent and so both should be freed up.
27  */
28 
29 #include <openssl/asn1t.h>
30 
31 #include "crmf_local.h"
32 #include "internal/constant_time.h"
33 #include "internal/sizes.h"
34 
35 /* explicit #includes not strictly needed since implied by the above: */
36 #include <openssl/crmf.h>
37 #include <openssl/err.h>
38 #include <openssl/evp.h>
39 
40 /*-
41  * atyp = Attribute Type
42  * valt = Value Type
43  * ctrlinf = "regCtrl" or "regInfo"
44  */
45 #define IMPLEMENT_CRMF_CTRL_FUNC(atyp, valt, ctrlinf)                        \
46 valt *OSSL_CRMF_MSG_get0_##ctrlinf##_##atyp(const OSSL_CRMF_MSG *msg)        \
47 {                                                                            \
48     int i;                                                                   \
49     STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) *controls;                     \
50     OSSL_CRMF_ATTRIBUTETYPEANDVALUE *atav = NULL;                            \
51                                                                              \
52     if (msg == NULL || msg->certReq == NULL)                                 \
53         return NULL;                                                         \
54     controls = msg->certReq->controls;                                       \
55     for (i = 0; i < sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_num(controls); i++) { \
56         atav = sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_value(controls, i);        \
57         if (OBJ_obj2nid(atav->type) == NID_id_##ctrlinf##_##atyp)            \
58             return atav->value.atyp;                                         \
59     }                                                                        \
60     return NULL;                                                             \
61 }                                                                            \
62  \
63 int OSSL_CRMF_MSG_set1_##ctrlinf##_##atyp(OSSL_CRMF_MSG *msg, const valt *in) \
64 {                                                                         \
65     OSSL_CRMF_ATTRIBUTETYPEANDVALUE *atav = NULL;                         \
66                                                                           \
67     if (msg == NULL || in == NULL)                                        \
68         goto err;                                                         \
69     if ((atav = OSSL_CRMF_ATTRIBUTETYPEANDVALUE_new()) == NULL)           \
70         goto err;                                                         \
71     if ((atav->type = OBJ_nid2obj(NID_id_##ctrlinf##_##atyp)) == NULL)    \
72         goto err;                                                         \
73     if ((atav->value.atyp = valt##_dup(in)) == NULL)                      \
74         goto err;                                                         \
75     if (!OSSL_CRMF_MSG_push0_##ctrlinf(msg, atav))                        \
76         goto err;                                                         \
77     return 1;                                                             \
78  err:                                                                     \
79     OSSL_CRMF_ATTRIBUTETYPEANDVALUE_free(atav);                           \
80     return 0;                                                             \
81 }
82 
83 
84 /*-
85  * Pushes the given control attribute into the controls stack of a CertRequest
86  * (section 6)
87  * returns 1 on success, 0 on error
88  */
OSSL_CRMF_MSG_push0_regCtrl(OSSL_CRMF_MSG * crm,OSSL_CRMF_ATTRIBUTETYPEANDVALUE * ctrl)89 static int OSSL_CRMF_MSG_push0_regCtrl(OSSL_CRMF_MSG *crm,
90                                        OSSL_CRMF_ATTRIBUTETYPEANDVALUE *ctrl)
91 {
92     int new = 0;
93 
94     if (crm == NULL || crm->certReq == NULL || ctrl == NULL) {
95         ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
96         return 0;
97     }
98 
99     if (crm->certReq->controls == NULL) {
100         crm->certReq->controls = sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_new_null();
101         if (crm->certReq->controls == NULL)
102             goto err;
103         new = 1;
104     }
105     if (!sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_push(crm->certReq->controls, ctrl))
106         goto err;
107 
108     return 1;
109  err:
110     if (new != 0) {
111         sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_free(crm->certReq->controls);
112         crm->certReq->controls = NULL;
113     }
114     return 0;
115 }
116 
117 /* id-regCtrl-regToken Control (section 6.1) */
IMPLEMENT_CRMF_CTRL_FUNC(regToken,ASN1_STRING,regCtrl)118 IMPLEMENT_CRMF_CTRL_FUNC(regToken, ASN1_STRING, regCtrl)
119 
120 /* id-regCtrl-authenticator Control (section 6.2) */
121 #define ASN1_UTF8STRING_dup ASN1_STRING_dup
122 IMPLEMENT_CRMF_CTRL_FUNC(authenticator, ASN1_UTF8STRING, regCtrl)
123 
124 int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi,
125                                      int method, GENERAL_NAME *nm)
126 {
127     if (spi == NULL
128             || method < OSSL_CRMF_PUB_METHOD_DONTCARE
129             || method > OSSL_CRMF_PUB_METHOD_LDAP) {
130         ERR_raise(ERR_LIB_CRMF, ERR_R_PASSED_INVALID_ARGUMENT);
131         return 0;
132     }
133 
134     if (!ASN1_INTEGER_set(spi->pubMethod, method))
135         return 0;
136     GENERAL_NAME_free(spi->pubLocation);
137     spi->pubLocation = nm;
138     return 1;
139 }
140 
141 int
OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO * pi,OSSL_CRMF_SINGLEPUBINFO * spi)142 OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO *pi,
143                                                      OSSL_CRMF_SINGLEPUBINFO *spi)
144 {
145     if (pi == NULL || spi == NULL) {
146         ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
147         return 0;
148     }
149     if (pi->pubInfos == NULL)
150         pi->pubInfos = sk_OSSL_CRMF_SINGLEPUBINFO_new_null();
151     if (pi->pubInfos == NULL)
152         return 0;
153 
154     return sk_OSSL_CRMF_SINGLEPUBINFO_push(pi->pubInfos, spi);
155 }
156 
OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO * pi,int action)157 int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO *pi,
158                                                 int action)
159 {
160     if (pi == NULL
161             || action < OSSL_CRMF_PUB_ACTION_DONTPUBLISH
162             || action > OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH) {
163         ERR_raise(ERR_LIB_CRMF, ERR_R_PASSED_INVALID_ARGUMENT);
164         return 0;
165     }
166 
167     return ASN1_INTEGER_set(pi->action, action);
168 }
169 
170 /* id-regCtrl-pkiPublicationInfo Control (section 6.3) */
IMPLEMENT_CRMF_CTRL_FUNC(pkiPublicationInfo,OSSL_CRMF_PKIPUBLICATIONINFO,regCtrl)171 IMPLEMENT_CRMF_CTRL_FUNC(pkiPublicationInfo, OSSL_CRMF_PKIPUBLICATIONINFO,
172                          regCtrl)
173 
174 /* id-regCtrl-oldCertID Control (section 6.5) from the given */
175 IMPLEMENT_CRMF_CTRL_FUNC(oldCertID, OSSL_CRMF_CERTID, regCtrl)
176 
177 OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer,
178                                        const ASN1_INTEGER *serial)
179 {
180     OSSL_CRMF_CERTID *cid = NULL;
181 
182     if (issuer == NULL || serial == NULL) {
183         ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
184         return NULL;
185     }
186 
187     if ((cid = OSSL_CRMF_CERTID_new()) == NULL)
188         goto err;
189 
190     if (!X509_NAME_set(&cid->issuer->d.directoryName, issuer))
191         goto err;
192     cid->issuer->type = GEN_DIRNAME;
193 
194     ASN1_INTEGER_free(cid->serialNumber);
195     if ((cid->serialNumber = ASN1_INTEGER_dup(serial)) == NULL)
196         goto err;
197 
198     return cid;
199 
200  err:
201     OSSL_CRMF_CERTID_free(cid);
202     return NULL;
203 }
204 
205 /*
206  * id-regCtrl-protocolEncrKey Control (section 6.6)
207  */
IMPLEMENT_CRMF_CTRL_FUNC(protocolEncrKey,X509_PUBKEY,regCtrl)208 IMPLEMENT_CRMF_CTRL_FUNC(protocolEncrKey, X509_PUBKEY, regCtrl)
209 
210 /*-
211  * Pushes the attribute given in regInfo in to the CertReqMsg->regInfo stack.
212  * (section 7)
213  * returns 1 on success, 0 on error
214  */
215 static int OSSL_CRMF_MSG_push0_regInfo(OSSL_CRMF_MSG *crm,
216                                        OSSL_CRMF_ATTRIBUTETYPEANDVALUE *ri)
217 {
218     STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) *info = NULL;
219 
220     if (crm == NULL || ri == NULL) {
221         ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
222         return 0;
223     }
224 
225     if (crm->regInfo == NULL)
226         crm->regInfo = info = sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_new_null();
227     if (crm->regInfo == NULL)
228         goto err;
229     if (!sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_push(crm->regInfo, ri))
230         goto err;
231     return 1;
232 
233  err:
234     if (info != NULL)
235         crm->regInfo = NULL;
236     sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_free(info);
237     return 0;
238 }
239 
240 /* id-regInfo-utf8Pairs to regInfo (section 7.1) */
IMPLEMENT_CRMF_CTRL_FUNC(utf8Pairs,ASN1_UTF8STRING,regInfo)241 IMPLEMENT_CRMF_CTRL_FUNC(utf8Pairs, ASN1_UTF8STRING, regInfo)
242 
243 /* id-regInfo-certReq to regInfo (section 7.2) */
244 IMPLEMENT_CRMF_CTRL_FUNC(certReq, OSSL_CRMF_CERTREQUEST, regInfo)
245 
246 
247 /* retrieves the certificate template of crm */
248 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm)
249 {
250     if (crm == NULL || crm->certReq == NULL) {
251         ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
252         return NULL;
253     }
254     return crm->certReq->certTemplate;
255 }
256 
257 
OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG * crm,ASN1_TIME * notBefore,ASN1_TIME * notAfter)258 int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG *crm,
259                                 ASN1_TIME *notBefore, ASN1_TIME *notAfter)
260 {
261     OSSL_CRMF_OPTIONALVALIDITY *vld;
262     OSSL_CRMF_CERTTEMPLATE *tmpl = OSSL_CRMF_MSG_get0_tmpl(crm);
263 
264     if (tmpl == NULL) { /* also crm == NULL implies this */
265         ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
266         return 0;
267     }
268 
269     if ((vld = OSSL_CRMF_OPTIONALVALIDITY_new()) == NULL)
270         return 0;
271     vld->notBefore = notBefore;
272     vld->notAfter = notAfter;
273     tmpl->validity = vld;
274     return 1;
275 }
276 
277 
OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG * crm,int rid)278 int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid)
279 {
280     if (crm == NULL || crm->certReq == NULL || crm->certReq->certReqId == NULL) {
281         ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
282         return 0;
283     }
284 
285     return ASN1_INTEGER_set(crm->certReq->certReqId, rid);
286 }
287 
288 /* get ASN.1 encoded integer, return -1 on error */
crmf_asn1_get_int(const ASN1_INTEGER * a)289 static int crmf_asn1_get_int(const ASN1_INTEGER *a)
290 {
291     int64_t res;
292 
293     if (!ASN1_INTEGER_get_int64(&res, a)) {
294         ERR_raise(ERR_LIB_CRMF, ASN1_R_INVALID_NUMBER);
295         return -1;
296     }
297     if (res < INT_MIN) {
298         ERR_raise(ERR_LIB_CRMF, ASN1_R_TOO_SMALL);
299         return -1;
300     }
301     if (res > INT_MAX) {
302         ERR_raise(ERR_LIB_CRMF, ASN1_R_TOO_LARGE);
303         return -1;
304     }
305     return (int)res;
306 }
307 
OSSL_CRMF_MSG_get_certReqId(const OSSL_CRMF_MSG * crm)308 int OSSL_CRMF_MSG_get_certReqId(const OSSL_CRMF_MSG *crm)
309 {
310     if (crm == NULL || /* not really needed: */ crm->certReq == NULL) {
311         ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
312         return -1;
313     }
314     return crmf_asn1_get_int(crm->certReq->certReqId);
315 }
316 
317 
OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG * crm,X509_EXTENSIONS * exts)318 int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm,
319                                   X509_EXTENSIONS *exts)
320 {
321     OSSL_CRMF_CERTTEMPLATE *tmpl = OSSL_CRMF_MSG_get0_tmpl(crm);
322 
323     if (tmpl == NULL) { /* also crm == NULL implies this */
324         ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
325         return 0;
326     }
327 
328     if (sk_X509_EXTENSION_num(exts) == 0) {
329         sk_X509_EXTENSION_free(exts);
330         exts = NULL; /* do not include empty extensions list */
331     }
332 
333     sk_X509_EXTENSION_pop_free(tmpl->extensions, X509_EXTENSION_free);
334     tmpl->extensions = exts;
335     return 1;
336 }
337 
338 
OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG * crm,X509_EXTENSION * ext)339 int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm,
340                                   X509_EXTENSION *ext)
341 {
342     int new = 0;
343     OSSL_CRMF_CERTTEMPLATE *tmpl = OSSL_CRMF_MSG_get0_tmpl(crm);
344 
345     if (tmpl == NULL || ext == NULL) { /* also crm == NULL implies this */
346         ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
347         return 0;
348     }
349 
350     if (tmpl->extensions == NULL) {
351         if ((tmpl->extensions = sk_X509_EXTENSION_new_null()) == NULL)
352             goto err;
353         new = 1;
354     }
355 
356     if (!sk_X509_EXTENSION_push(tmpl->extensions, ext))
357         goto err;
358     return 1;
359  err:
360     if (new != 0) {
361         sk_X509_EXTENSION_free(tmpl->extensions);
362         tmpl->extensions = NULL;
363     }
364     return 0;
365 }
366 
create_popo_signature(OSSL_CRMF_POPOSIGNINGKEY * ps,const OSSL_CRMF_CERTREQUEST * cr,EVP_PKEY * pkey,const EVP_MD * digest,OSSL_LIB_CTX * libctx,const char * propq)367 static int create_popo_signature(OSSL_CRMF_POPOSIGNINGKEY *ps,
368                                  const OSSL_CRMF_CERTREQUEST *cr,
369                                  EVP_PKEY *pkey, const EVP_MD *digest,
370                                  OSSL_LIB_CTX *libctx, const char *propq)
371 {
372     char name[80] = "";
373 
374     if (ps == NULL || cr == NULL || pkey == NULL) {
375         ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
376         return 0;
377     }
378     if (ps->poposkInput != NULL) {
379         /* We do not support cases 1+2 defined in RFC 4211, section 4.1 */
380         ERR_raise(ERR_LIB_CRMF, CRMF_R_POPOSKINPUT_NOT_SUPPORTED);
381         return 0;
382     }
383 
384     if (EVP_PKEY_get_default_digest_name(pkey, name, sizeof(name)) > 0
385             && strcmp(name, "UNDEF") == 0) /* at least for Ed25519, Ed448 */
386         digest = NULL;
387 
388     return ASN1_item_sign_ex(ASN1_ITEM_rptr(OSSL_CRMF_CERTREQUEST),
389                              ps->algorithmIdentifier, NULL, ps->signature, cr,
390                              NULL, pkey, digest, libctx, propq);
391 }
392 
393 
OSSL_CRMF_MSG_create_popo(int meth,OSSL_CRMF_MSG * crm,EVP_PKEY * pkey,const EVP_MD * digest,OSSL_LIB_CTX * libctx,const char * propq)394 int OSSL_CRMF_MSG_create_popo(int meth, OSSL_CRMF_MSG *crm,
395                               EVP_PKEY *pkey, const EVP_MD *digest,
396                               OSSL_LIB_CTX *libctx, const char *propq)
397 {
398     OSSL_CRMF_POPO *pp = NULL;
399     ASN1_INTEGER *tag = NULL;
400 
401     if (crm == NULL || (meth == OSSL_CRMF_POPO_SIGNATURE && pkey == NULL)) {
402         ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
403         return 0;
404     }
405 
406     if (meth == OSSL_CRMF_POPO_NONE)
407         goto end;
408     if ((pp = OSSL_CRMF_POPO_new()) == NULL)
409         goto err;
410     pp->type = meth;
411 
412     switch (meth) {
413     case OSSL_CRMF_POPO_RAVERIFIED:
414         if ((pp->value.raVerified = ASN1_NULL_new()) == NULL)
415             goto err;
416         break;
417 
418     case OSSL_CRMF_POPO_SIGNATURE:
419         {
420             OSSL_CRMF_POPOSIGNINGKEY *ps = OSSL_CRMF_POPOSIGNINGKEY_new();
421 
422             if (ps == NULL)
423                 goto err;
424             if (!create_popo_signature(ps, crm->certReq, pkey, digest,
425                                        libctx, propq)) {
426                 OSSL_CRMF_POPOSIGNINGKEY_free(ps);
427                 goto err;
428             }
429             pp->value.signature = ps;
430         }
431         break;
432 
433     case OSSL_CRMF_POPO_KEYENC:
434         if ((pp->value.keyEncipherment = OSSL_CRMF_POPOPRIVKEY_new()) == NULL)
435             goto err;
436         tag = ASN1_INTEGER_new();
437         pp->value.keyEncipherment->type =
438             OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE;
439         pp->value.keyEncipherment->value.subsequentMessage = tag;
440         if (tag == NULL
441                 || !ASN1_INTEGER_set(tag, OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT))
442             goto err;
443         break;
444 
445     default:
446         ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_METHOD_FOR_CREATING_POPO);
447         goto err;
448     }
449 
450  end:
451     OSSL_CRMF_POPO_free(crm->popo);
452     crm->popo = pp;
453 
454     return 1;
455  err:
456     OSSL_CRMF_POPO_free(pp);
457     return 0;
458 }
459 
460 /* verifies the Proof-of-Possession of the request with the given rid in reqs */
OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS * reqs,int rid,int acceptRAVerified,OSSL_LIB_CTX * libctx,const char * propq)461 int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
462                                int rid, int acceptRAVerified,
463                                OSSL_LIB_CTX *libctx, const char *propq)
464 {
465     OSSL_CRMF_MSG *req = NULL;
466     X509_PUBKEY *pubkey = NULL;
467     OSSL_CRMF_POPOSIGNINGKEY *sig = NULL;
468     const ASN1_ITEM *it;
469     void *asn;
470 
471     if (reqs == NULL || (req = sk_OSSL_CRMF_MSG_value(reqs, rid)) == NULL) {
472         ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
473         return 0;
474     }
475 
476     if (req->popo == NULL) {
477         ERR_raise(ERR_LIB_CRMF, CRMF_R_POPO_MISSING);
478         return 0;
479     }
480 
481     switch (req->popo->type) {
482     case OSSL_CRMF_POPO_RAVERIFIED:
483         if (!acceptRAVerified) {
484             ERR_raise(ERR_LIB_CRMF, CRMF_R_POPO_RAVERIFIED_NOT_ACCEPTED);
485             return 0;
486         }
487         break;
488     case OSSL_CRMF_POPO_SIGNATURE:
489         pubkey = req->certReq->certTemplate->publicKey;
490         if (pubkey == NULL) {
491             ERR_raise(ERR_LIB_CRMF, CRMF_R_POPO_MISSING_PUBLIC_KEY);
492             return 0;
493         }
494         sig = req->popo->value.signature;
495         if (sig->poposkInput != NULL) {
496             /*
497              * According to RFC 4211: publicKey contains a copy of
498              * the public key from the certificate template. This MUST be
499              * exactly the same value as contained in the certificate template.
500              */
501             if (sig->poposkInput->publicKey == NULL) {
502                 ERR_raise(ERR_LIB_CRMF, CRMF_R_POPO_MISSING_PUBLIC_KEY);
503                 return 0;
504             }
505             if (X509_PUBKEY_eq(pubkey, sig->poposkInput->publicKey) != 1) {
506                 ERR_raise(ERR_LIB_CRMF, CRMF_R_POPO_INCONSISTENT_PUBLIC_KEY);
507                 return 0;
508             }
509             it = ASN1_ITEM_rptr(OSSL_CRMF_POPOSIGNINGKEYINPUT);
510             asn = sig->poposkInput;
511         } else {
512             if (req->certReq->certTemplate->subject == NULL) {
513                 ERR_raise(ERR_LIB_CRMF, CRMF_R_POPO_MISSING_SUBJECT);
514                 return 0;
515             }
516             it = ASN1_ITEM_rptr(OSSL_CRMF_CERTREQUEST);
517             asn = req->certReq;
518         }
519         if (ASN1_item_verify_ex(it, sig->algorithmIdentifier, sig->signature,
520                                 asn, NULL, X509_PUBKEY_get0(pubkey), libctx,
521                                 propq) < 1)
522             return 0;
523         break;
524     case OSSL_CRMF_POPO_KEYENC:
525     case OSSL_CRMF_POPO_KEYAGREE:
526     default:
527         ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_POPO_METHOD);
528         return 0;
529     }
530     return 1;
531 }
532 
533 /* retrieves the serialNumber of the given cert template or NULL on error */
534 const ASN1_INTEGER
OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE * tmpl)535 *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl)
536 {
537     return tmpl != NULL ? tmpl->serialNumber : NULL;
538 }
539 
540 const X509_NAME
OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE * tmpl)541     *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl)
542 {
543     return tmpl != NULL ? tmpl->subject : NULL;
544 }
545 
546 /* retrieves the issuer name of the given cert template or NULL on error */
547 const X509_NAME
OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE * tmpl)548     *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl)
549 {
550     return tmpl != NULL ? tmpl->issuer : NULL;
551 }
552 
553 X509_EXTENSIONS
OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE * tmpl)554     *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl)
555 {
556     return tmpl != NULL ? tmpl->extensions : NULL;
557 }
558 
559 /* retrieves the issuer name of the given CertId or NULL on error */
OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID * cid)560 const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid)
561 {
562     return cid != NULL && cid->issuer->type == GEN_DIRNAME ?
563         cid->issuer->d.directoryName : NULL;
564 }
565 
566 /* retrieves the serialNumber of the given CertId or NULL on error */
OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID * cid)567 const ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid)
568 {
569     return cid != NULL ? cid->serialNumber : NULL;
570 }
571 
572 /*-
573  * fill in certificate template.
574  * Any value argument that is NULL will leave the respective field unchanged.
575  */
OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE * tmpl,EVP_PKEY * pubkey,const X509_NAME * subject,const X509_NAME * issuer,const ASN1_INTEGER * serial)576 int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl,
577                                 EVP_PKEY *pubkey,
578                                 const X509_NAME *subject,
579                                 const X509_NAME *issuer,
580                                 const ASN1_INTEGER *serial)
581 {
582     if (tmpl == NULL) {
583         ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
584         return 0;
585     }
586     if (subject != NULL && !X509_NAME_set((X509_NAME **)&tmpl->subject, subject))
587         return 0;
588     if (issuer != NULL && !X509_NAME_set((X509_NAME **)&tmpl->issuer, issuer))
589         return 0;
590     if (serial != NULL) {
591         ASN1_INTEGER_free(tmpl->serialNumber);
592         if ((tmpl->serialNumber = ASN1_INTEGER_dup(serial)) == NULL)
593             return 0;
594     }
595     if (pubkey != NULL && !X509_PUBKEY_set(&tmpl->publicKey, pubkey))
596         return 0;
597     return 1;
598 }
599 
600 
601 /*-
602  * Decrypts the certificate in the given encryptedValue using private key pkey.
603  * This is needed for the indirect PoP method as in RFC 4210 section 5.2.8.2.
604  *
605  * returns a pointer to the decrypted certificate
606  * returns NULL on error or if no certificate available
607  */
608 X509
OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(const OSSL_CRMF_ENCRYPTEDVALUE * ecert,OSSL_LIB_CTX * libctx,const char * propq,EVP_PKEY * pkey)609 *OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(const OSSL_CRMF_ENCRYPTEDVALUE *ecert,
610                                        OSSL_LIB_CTX *libctx, const char *propq,
611                                        EVP_PKEY *pkey)
612 {
613     X509 *cert = NULL; /* decrypted certificate */
614     EVP_CIPHER_CTX *evp_ctx = NULL; /* context for symmetric encryption */
615     unsigned char *ek = NULL; /* decrypted symmetric encryption key */
616     size_t eksize = 0; /* size of decrypted symmetric encryption key */
617     EVP_CIPHER *cipher = NULL; /* used cipher */
618     int cikeysize = 0; /* key size from cipher */
619     unsigned char *iv = NULL; /* initial vector for symmetric encryption */
620     unsigned char *outbuf = NULL; /* decryption output buffer */
621     const unsigned char *p = NULL; /* needed for decoding ASN1 */
622     int n, outlen = 0;
623     EVP_PKEY_CTX *pkctx = NULL; /* private key context */
624     char name[OSSL_MAX_NAME_SIZE];
625 
626     if (ecert == NULL || ecert->symmAlg == NULL || ecert->encSymmKey == NULL
627             || ecert->encValue == NULL || pkey == NULL) {
628         ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
629         return NULL;
630     }
631 
632     /* select symmetric cipher based on algorithm given in message */
633     OBJ_obj2txt(name, sizeof(name), ecert->symmAlg->algorithm, 0);
634 
635     (void)ERR_set_mark();
636     cipher = EVP_CIPHER_fetch(NULL, name, NULL);
637 
638     if (cipher == NULL)
639         cipher = (EVP_CIPHER *)EVP_get_cipherbyname(name);
640 
641     if (cipher == NULL) {
642         (void)ERR_clear_last_mark();
643         ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_CIPHER);
644         goto end;
645     }
646     (void)ERR_pop_to_mark();
647 
648     cikeysize = EVP_CIPHER_get_key_length(cipher);
649     /* first the symmetric key needs to be decrypted */
650     pkctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq);
651     if (pkctx != NULL && EVP_PKEY_decrypt_init(pkctx) > 0) {
652         ASN1_BIT_STRING *encKey = ecert->encSymmKey;
653         size_t failure;
654         int retval;
655 
656         if (EVP_PKEY_decrypt(pkctx, NULL, &eksize,
657                              encKey->data, encKey->length) <= 0
658                 || (ek = OPENSSL_malloc(eksize)) == NULL)
659             goto end;
660         retval = EVP_PKEY_decrypt(pkctx, ek, &eksize,
661                                   encKey->data, encKey->length);
662         ERR_clear_error(); /* error state may have sensitive information */
663         failure = ~constant_time_is_zero_s(constant_time_msb(retval)
664                                            | constant_time_is_zero(retval));
665         failure |= ~constant_time_eq_s(eksize, (size_t)cikeysize);
666         if (failure) {
667             ERR_raise(ERR_LIB_CRMF, CRMF_R_ERROR_DECRYPTING_SYMMETRIC_KEY);
668             goto end;
669         }
670     } else {
671         goto end;
672     }
673     if ((iv = OPENSSL_malloc(EVP_CIPHER_get_iv_length(cipher))) == NULL)
674         goto end;
675     if (ASN1_TYPE_get_octetstring(ecert->symmAlg->parameter, iv,
676                                   EVP_CIPHER_get_iv_length(cipher))
677         != EVP_CIPHER_get_iv_length(cipher)) {
678         ERR_raise(ERR_LIB_CRMF, CRMF_R_MALFORMED_IV);
679         goto end;
680     }
681 
682     /*
683      * d2i_X509 changes the given pointer, so use p for decoding the message and
684      * keep the original pointer in outbuf so the memory can be freed later
685      */
686     if ((p = outbuf = OPENSSL_malloc(ecert->encValue->length +
687                                      EVP_CIPHER_get_block_size(cipher))) == NULL
688             || (evp_ctx = EVP_CIPHER_CTX_new()) == NULL)
689         goto end;
690     EVP_CIPHER_CTX_set_padding(evp_ctx, 0);
691 
692     if (!EVP_DecryptInit(evp_ctx, cipher, ek, iv)
693             || !EVP_DecryptUpdate(evp_ctx, outbuf, &outlen,
694                                   ecert->encValue->data,
695                                   ecert->encValue->length)
696             || !EVP_DecryptFinal(evp_ctx, outbuf + outlen, &n)) {
697         ERR_raise(ERR_LIB_CRMF, CRMF_R_ERROR_DECRYPTING_CERTIFICATE);
698         goto end;
699     }
700     outlen += n;
701 
702     /* convert decrypted certificate from DER to internal ASN.1 structure */
703     if ((cert = X509_new_ex(libctx, propq)) == NULL)
704         goto end;
705     if (d2i_X509(&cert, &p, outlen) == NULL)
706         ERR_raise(ERR_LIB_CRMF, CRMF_R_ERROR_DECODING_CERTIFICATE);
707  end:
708     EVP_PKEY_CTX_free(pkctx);
709     OPENSSL_free(outbuf);
710     EVP_CIPHER_CTX_free(evp_ctx);
711     EVP_CIPHER_free(cipher);
712     OPENSSL_clear_free(ek, eksize);
713     OPENSSL_free(iv);
714     return cert;
715 }
716