diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-08-13 17:44:54 +0200 |
|---|---|---|
| committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-08-21 09:04:13 +0200 |
| commit | 6d1f50b520ce0a2eaa624686a26ffd4a5af00d93 (patch) | |
| tree | d094306e91bd79803bb49a9323ec36bd122ecb4e /crypto/cmp | |
| parent | cac30a69bcadcfcf5beb034abf958bbcdb8b83cb (diff) | |
Use in CMP+CRMF libctx and propq param added to sign/verify/HMAC/decrypt
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
Diffstat (limited to 'crypto/cmp')
| -rw-r--r-- | crypto/cmp/cmp_client.c | 6 | ||||
| -rw-r--r-- | crypto/cmp/cmp_ctx.c | 32 | ||||
| -rw-r--r-- | crypto/cmp/cmp_err.c | 3 | ||||
| -rw-r--r-- | crypto/cmp/cmp_hdr.c | 3 | ||||
| -rw-r--r-- | crypto/cmp/cmp_local.h | 19 | ||||
| -rw-r--r-- | crypto/cmp/cmp_msg.c | 23 | ||||
| -rw-r--r-- | crypto/cmp/cmp_protect.c | 232 | ||||
| -rw-r--r-- | crypto/cmp/cmp_server.c | 2 | ||||
| -rw-r--r-- | crypto/cmp/cmp_util.c | 2 | ||||
| -rw-r--r-- | crypto/cmp/cmp_vfy.c | 89 |
10 files changed, 213 insertions, 198 deletions
diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c index 37473c7a6c..b7319372e6 100644 --- a/crypto/cmp/cmp_client.c +++ b/crypto/cmp/cmp_client.c @@ -425,10 +425,8 @@ static X509 *get1_cert_status(OSSL_CMP_CTX *ctx, int bodytype, goto err; case OSSL_CMP_PKISTATUS_grantedWithMods: ossl_cmp_warn(ctx, "received \"grantedWithMods\" for certificate"); - crt = ossl_cmp_certresponse_get1_certificate(privkey, crep); break; case OSSL_CMP_PKISTATUS_accepted: - crt = ossl_cmp_certresponse_get1_certificate(privkey, crep); break; /* get all information in case of a rejection before going to error */ case OSSL_CMP_PKISTATUS_rejection: @@ -438,19 +436,16 @@ static X509 *get1_cert_status(OSSL_CMP_CTX *ctx, int bodytype, case OSSL_CMP_PKISTATUS_revocationWarning: ossl_cmp_warn(ctx, "received \"revocationWarning\" - a revocation of the cert is imminent"); - crt = ossl_cmp_certresponse_get1_certificate(privkey, crep); break; case OSSL_CMP_PKISTATUS_revocationNotification: ossl_cmp_warn(ctx, "received \"revocationNotification\" - a revocation of the cert has occurred"); - crt = ossl_cmp_certresponse_get1_certificate(privkey, crep); break; case OSSL_CMP_PKISTATUS_keyUpdateWarning: if (bodytype != OSSL_CMP_PKIBODY_KUR) { CMPerr(0, CMP_R_ENCOUNTERED_KEYUPDATEWARNING); goto err; } - crt = ossl_cmp_certresponse_get1_certificate(privkey, crep); break; default: ossl_cmp_log1(ERROR, ctx, @@ -459,6 +454,7 @@ static X509 *get1_cert_status(OSSL_CMP_CTX *ctx, int bodytype, CMPerr(0, CMP_R_UNKNOWN_PKISTATUS); goto err; } + crt = ossl_cmp_certresponse_get1_cert(crep, ctx, privkey); if (crt == NULL) /* according to PKIStatus, we can expect a cert */ CMPerr(0, CMP_R_CERTIFICATE_NOT_FOUND); diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c index 0d15551e35..e731f15958 100644 --- a/crypto/cmp/cmp_ctx.c +++ b/crypto/cmp/cmp_ctx.c @@ -90,6 +90,20 @@ int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs) return 0; } +static int cmp_ctx_set_md(OSSL_CMP_CTX *ctx, EVP_MD **pmd, int nid) +{ + EVP_MD *md = EVP_MD_fetch(ctx->libctx, OBJ_nid2sn(nid), ctx->propq); + /* fetching in advance to be able to throw error early if unsupported */ + + if (md == NULL) { + CMPerr(0, CMP_R_UNSUPPORTED_ALGORITHM); + return 0; + } + EVP_MD_free(*pmd); + *pmd = md; + return 1; +} + /* * Allocates and initializes OSSL_CMP_CTX context structure with default values. * Returns new context on success, NULL on error @@ -116,11 +130,13 @@ OSSL_CMP_CTX *OSSL_CMP_CTX_new(OPENSSL_CTX *libctx, const char *propq) goto err; ctx->pbm_slen = 16; - ctx->pbm_owf = NID_sha256; + if (!cmp_ctx_set_md(ctx, &ctx->pbm_owf, NID_sha256)) + goto err; ctx->pbm_itercnt = 500; ctx->pbm_mac = NID_hmac_sha1; - ctx->digest = NID_sha256; + if (!cmp_ctx_set_md(ctx, &ctx->digest, NID_sha256)) + goto err; ctx->popoMethod = OSSL_CRMF_POPO_SIGNATURE; ctx->revocationReason = CRL_REASON_NONE; @@ -177,8 +193,10 @@ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx) if (ctx->secretValue != NULL) OPENSSL_cleanse(ctx->secretValue->data, ctx->secretValue->length); ASN1_OCTET_STRING_free(ctx->secretValue); + EVP_MD_free(ctx->pbm_owf); X509_NAME_free(ctx->recipient); + EVP_MD_free(ctx->digest); ASN1_OCTET_STRING_free(ctx->transactionID); ASN1_OCTET_STRING_free(ctx->senderNonce); ASN1_OCTET_STRING_free(ctx->recipNonce); @@ -977,10 +995,12 @@ int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val) ctx->popoMethod = val; break; case OSSL_CMP_OPT_DIGEST_ALGNID: - ctx->digest = val; + if (!cmp_ctx_set_md(ctx, &ctx->digest, val)) + return 0; break; case OSSL_CMP_OPT_OWF_ALGNID: - ctx->pbm_owf = val; + if (!cmp_ctx_set_md(ctx, &ctx->pbm_owf, val)) + return 0; break; case OSSL_CMP_OPT_MAC_ALGNID: ctx->pbm_mac = val; @@ -1044,9 +1064,9 @@ int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt) case OSSL_CMP_OPT_POPO_METHOD: return ctx->popoMethod; case OSSL_CMP_OPT_DIGEST_ALGNID: - return ctx->digest; + return EVP_MD_type(ctx->digest); case OSSL_CMP_OPT_OWF_ALGNID: - return ctx->pbm_owf; + return EVP_MD_type(ctx->pbm_owf); case OSSL_CMP_OPT_MAC_ALGNID: return ctx->pbm_mac; case OSSL_CMP_OPT_MSG_TIMEOUT: diff --git a/crypto/cmp/cmp_err.c b/crypto/cmp/cmp_err.c index 87d0f0f1b0..19d1556426 100644 --- a/crypto/cmp/cmp_err.c +++ b/crypto/cmp/cmp_err.c @@ -33,8 +33,6 @@ static const ERR_STRING_DATA CMP_str_reasons[] = { "cert and key do not match"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_CHECKAFTER_OUT_OF_RANGE), "checkafter out of range"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_CHECKING_PBM_NO_SECRET_AVAILABLE), - "checking pbm no secret available"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ENCOUNTERED_KEYUPDATEWARNING), "encountered keyupdatewarning"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ENCOUNTERED_WAITING), @@ -88,6 +86,7 @@ static const ERR_STRING_DATA CMP_str_reasons[] = { {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE), "missing key usage digitalsignature"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_P10CSR), "missing p10csr"}, + {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PBM_SECRET), "missing pbm secret"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PRIVATE_KEY), "missing private key"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PROTECTION), "missing protection"}, diff --git a/crypto/cmp/cmp_hdr.c b/crypto/cmp/cmp_hdr.c index e27a67262a..6bd1e581af 100644 --- a/crypto/cmp/cmp_hdr.c +++ b/crypto/cmp/cmp_hdr.c @@ -149,8 +149,7 @@ static int set_random(ASN1_OCTET_STRING **tgt, OSSL_CMP_CTX *ctx, size_t len) unsigned char *bytes = OPENSSL_malloc(len); int res = 0; - if (bytes == NULL - || RAND_bytes_ex(ctx->libctx, bytes, len) <= 0) + if (bytes == NULL || RAND_bytes_ex(ctx->libctx, bytes, len) <= 0) CMPerr(0, CMP_R_FAILURE_OBTAINING_RANDOM); else res = ossl_cmp_asn1_octet_string_set1_bytes(tgt, bytes, len); diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index 8d21fa0b82..41c10b22c1 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -76,13 +76,13 @@ struct ossl_cmp_ctx_st { ASN1_OCTET_STRING *secretValue; /* password/shared secret for MSG_MAC_ALG */ /* PBMParameters for MSG_MAC_ALG */ size_t pbm_slen; /* salt length, currently fixed to 16 */ - int pbm_owf; /* NID of one-way function (OWF), default: SHA256 */ + EVP_MD *pbm_owf; /* one-way function (OWF), default: SHA256 */ int pbm_itercnt; /* OWF iteration count, currently fixed to 500 */ int pbm_mac; /* NID of MAC algorithm, default: HMAC-SHA1 as per RFC 4210 */ /* CMP message header and extra certificates */ X509_NAME *recipient; /* to set in recipient in pkiheader */ - int digest; /* NID of digest used in MSG_SIG_ALG and POPO, default SHA256 */ + EVP_MD *digest; /* digest used in MSG_SIG_ALG and POPO, default SHA256 */ ASN1_OCTET_STRING *transactionID; /* the current transaction ID */ ASN1_OCTET_STRING *senderNonce; /* last nonce sent */ ASN1_OCTET_STRING *recipNonce; /* last nonce received */ @@ -894,14 +894,14 @@ ossl_cmp_pollrepcontent_get0_pollrep(const OSSL_CMP_POLLREPCONTENT *prc, OSSL_CMP_CERTRESPONSE * ossl_cmp_certrepmessage_get0_certresponse(const OSSL_CMP_CERTREPMESSAGE *crm, int rid); -X509 *ossl_cmp_certresponse_get1_certificate(EVP_PKEY *privkey, - const OSSL_CMP_CERTRESPONSE *crep); +X509 *ossl_cmp_certresponse_get1_cert(const OSSL_CMP_CERTRESPONSE *crep, + const OSSL_CMP_CTX *ctx, EVP_PKEY *pkey); +OSSL_CMP_MSG *ossl_cmp_msg_load(const char *file); /* from cmp_protect.c */ -ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_MSG *msg, - const ASN1_OCTET_STRING *secret, - EVP_PKEY *pkey); int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); +ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_CTX *ctx, + const OSSL_CMP_MSG *msg); int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); /* from cmp_vfy.c */ @@ -910,7 +910,10 @@ typedef int (*ossl_cmp_allow_unprotected_cb_t)(const OSSL_CMP_CTX *ctx, int invalid_protection, int arg); int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, ossl_cmp_allow_unprotected_cb_t cb, int cb_arg); -int ossl_cmp_verify_popo(const OSSL_CMP_MSG *msg, int accept_RAVerified); +int ossl_cmp_msg_check_received(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, + ossl_cmp_allow_unprotected_cb_t cb, int cb_arg); +int ossl_cmp_verify_popo(const OSSL_CMP_CTX *ctx, + const OSSL_CMP_MSG *msg, int accept_RAVerified); /* from cmp_client.c */ int ossl_cmp_exchange_certConf(OSSL_CMP_CTX *ctx, int fail_info, diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index 9e402c51a5..64e00fc884 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -355,8 +355,9 @@ OSSL_CMP_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int type, type == OSSL_CMP_PKIBODY_KUR, OSSL_CMP_CERTREQID); if (local_crm == NULL - || !OSSL_CRMF_MSG_create_popo(local_crm, privkey, ctx->digest, - ctx->popoMethod)) + || !OSSL_CRMF_MSG_create_popo(ctx->popoMethod, local_crm, + privkey, ctx->digest, + ctx->libctx, ctx->propq)) goto err; } else { if ((local_crm = OSSL_CRMF_MSG_dup(crm)) == NULL) @@ -957,19 +958,18 @@ ossl_cmp_certrepmessage_get0_certresponse(const OSSL_CMP_CERTREPMESSAGE *crm, return NULL; } -/* - * CMP_CERTRESPONSE_get1_certificate() attempts to retrieve the returned - * certificate from the given certResponse B<crep>. - * Uses the privkey in case of indirect POP from B<ctx>. +/*- + * Retrieve the newly enrolled certificate from the given certResponse crep. + * In case of indirect POPO uses the libctx and propq from ctx and private key. * Returns a pointer to a copy of the found certificate, or NULL if not found. */ -X509 *ossl_cmp_certresponse_get1_certificate(EVP_PKEY *privkey, - const OSSL_CMP_CERTRESPONSE *crep) +X509 *ossl_cmp_certresponse_get1_cert(const OSSL_CMP_CERTRESPONSE *crep, + const OSSL_CMP_CTX *ctx, EVP_PKEY *pkey) { OSSL_CMP_CERTORENCCERT *coec; X509 *crt = NULL; - if (!ossl_assert(crep != NULL)) + if (!ossl_assert(crep != NULL && ctx != NULL)) return NULL; if (crep->certifiedKeyPair @@ -980,13 +980,14 @@ X509 *ossl_cmp_certresponse_get1_certificate(EVP_PKEY *privkey, break; case OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT: /* cert encrypted for indirect PoP; RFC 4210, 5.2.8.2 */ - if (privkey == NULL) { + if (pkey == NULL) { CMPerr(0, CMP_R_MISSING_PRIVATE_KEY); return NULL; } crt = OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(coec->value.encryptedCert, - privkey); + ctx->libctx, ctx->propq, + pkey); break; default: CMPerr(0, CMP_R_UNKNOWN_CERT_TYPE); diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c index ccb4516cde..212ef92f50 100644 --- a/crypto/cmp/cmp_protect.c +++ b/crypto/cmp/cmp_protect.c @@ -21,67 +21,62 @@ DEFINE_STACK_OF(X509) /* - * This function is also used for verification from cmp_vfy. + * This function is also used by the internal verify_PBMAC() in cmp_vfy.c. * - * Calculate protection for given PKImessage utilizing the given credentials - * and the algorithm parameters set inside the message header's protectionAlg. + * Calculate protection for given PKImessage according to + * the algorithm and parameters in the message header's protectionAlg + * using the credentials, library context, and property criteria in the ctx. * - * secret or pkey must be set. Attempts doing PBMAC in case 'secret' is set - * and else signature if 'pkey' is set - but will only - * do the protection already marked in msg->header->protectionAlg. - * - * returns ptr to ASN1_BIT_STRING containing protection on success, else NULL + * returns ASN1_BIT_STRING representing the protection on success, else NULL */ -ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_MSG *msg, - const ASN1_OCTET_STRING *secret, - EVP_PKEY *pkey) +ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_CTX *ctx, + const OSSL_CMP_MSG *msg) { ASN1_BIT_STRING *prot = NULL; OSSL_CMP_PROTECTEDPART prot_part; const ASN1_OBJECT *algorOID = NULL; - int len; - size_t prot_part_der_len; - unsigned char *prot_part_der = NULL; - size_t sig_len; - unsigned char *protection = NULL; const void *ppval = NULL; int pptype = 0; - OSSL_CRMF_PBMPARAMETER *pbm = NULL; - ASN1_STRING *pbm_str = NULL; - const unsigned char *pbm_str_uc = NULL; - EVP_MD_CTX *evp_ctx = NULL; - int md_NID; - const EVP_MD *md = NULL; - if (!ossl_assert(msg != NULL)) + if (!ossl_assert(ctx != NULL && msg != NULL)) return NULL; /* construct data to be signed */ prot_part.header = msg->header; prot_part.body = msg->body; - len = i2d_OSSL_CMP_PROTECTEDPART(&prot_part, &prot_part_der); - if (len < 0 || prot_part_der == NULL) { - CMPerr(0, CMP_R_ERROR_CALCULATING_PROTECTION); - goto end; - } - prot_part_der_len = (size_t) len; - if (msg->header->protectionAlg == NULL) { CMPerr(0, CMP_R_UNKNOWN_ALGORITHM_ID); - goto end; + return NULL; } X509_ALGOR_get0(&algorOID, &pptype, &ppval, msg->header->protectionAlg); - if (secret != NULL) { + if (OBJ_obj2nid(algorOID) == NID_id_PasswordBasedMAC) { + int len; + size_t prot_part_der_len; + unsigned char *prot_part_der = NULL; + size_t sig_len; + unsigned char *protection = NULL; + OSSL_CRMF_PBMPARAMETER *pbm = NULL; + ASN1_STRING *pbm_str = NULL; + const unsigned char *pbm_str_uc = NULL; + + if (ctx->secretValue == NULL) { + CMPerr(0, CMP_R_MISSING_PBM_SECRET); + return NULL; + } if (ppval == NULL) { CMPerr(0, CMP_R_ERROR_CALCULATING_PROTECTION); - goto end; + return NULL; } - if (NID_id_PasswordBasedMAC != OBJ_obj2nid(algorOID)) { - CMPerr(0, CMP_R_WRONG_ALGORITHM_OID); + + len = i2d_OSSL_CMP_PROTECTEDPART(&prot_part, &prot_part_der); + if (len < 0 || prot_part_der == NULL) { + CMPerr(0, CMP_R_ERROR_CALCULATING_PROTECTION); goto end; } + prot_part_der_len = (size_t)len; + pbm_str = (ASN1_STRING *)ppval; pbm_str_uc = pbm_str->data; pbm = d2i_OSSL_CRMF_PBMPARAMETER(NULL, &pbm_str_uc, pbm_str->length); @@ -90,50 +85,49 @@ ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_MSG *msg, goto end; } - if (!OSSL_CRMF_pbm_new(pbm, prot_part_der, prot_part_der_len, - secret->data, secret->length, + if (!OSSL_CRMF_pbm_new(ctx->libctx, ctx->propq, + pbm, prot_part_der, prot_part_der_len, + ctx->secretValue->data, ctx->secretValue->length, &protection, &sig_len)) goto end; - } else if (pkey != NULL) { - /* TODO combine this with large parts of CRMF_poposigningkey_init() */ - /* EVP_DigestSignInit() checks that pkey type is correct for the alg */ - if (!OBJ_find_sigid_algs(OBJ_obj2nid(algorOID), &md_NID, NULL) - || (md = EVP_get_digestbynid(md_NID)) == NULL - || (evp_ctx = EVP_MD_CTX_new()) == NULL) { - CMPerr(0, CMP_R_UNKNOWN_ALGORITHM_ID); - goto end; - } - if (EVP_DigestSignInit(evp_ctx, NULL, md, NULL, pkey) <= 0 - || EVP_DigestSignUpdate(evp_ctx, prot_part_der, - prot_part_der_len) <= 0 - || EVP_DigestSignFinal(evp_ctx, NULL, &sig_len) <= 0 - || (protection = OPENSSL_malloc(sig_len)) == NULL - || EVP_DigestSignFinal(evp_ctx, protection, &sig_len) <= 0) { - CMPerr(0, CMP_R_ERROR_CALCULATING_PROTECTION); - goto end; + if ((prot = ASN1_BIT_STRING_new()) == NULL) + return NULL; + /* OpenSSL defaults all bit strings to be encoded as ASN.1 NamedBitList */ + prot->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); + prot->flags |= ASN1_STRING_FLAG_BITS_LEFT; + if (!ASN1_BIT_STRING_set(prot, protection, sig_len)) { + ASN1_BIT_STRING_free(prot); + prot = NULL; } + end: + OSSL_CRMF_PBMPARAMETER_free(pbm); + OPENSSL_free(protection); + OPENSSL_free(prot_part_der); + return prot; } else { - CMPerr(0, CMP_R_INVALID_ARGS); - goto end; - } + int md_nid; + const EVP_MD *md = NULL; - if ((prot = ASN1_BIT_STRING_new()) == NULL) - goto end; - /* OpenSSL defaults all bit strings to be encoded as ASN.1 NamedBitList */ - prot->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); - prot->flags |= ASN1_STRING_FLAG_BITS_LEFT; - if (!ASN1_BIT_STRING_set(prot, protection, sig_len)) { + if (ctx->pkey == NULL) { + CMPerr(0, CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION); + return NULL; + } + if (!OBJ_find_sigid_algs(OBJ_obj2nid(algorOID), &md_nid, NULL) + || (md = EVP_get_digestbynid(md_nid)) == NULL) { + CMPerr(0, CMP_R_UNKNOWN_ALGORITHM_ID); + return NULL; + } + + if ((prot = ASN1_BIT_STRING_new()) == NULL) + return NULL; + if (ASN1_item_sign_with_libctx(ASN1_ITEM_rptr(OSSL_CMP_PROTECTEDPART), + NULL, NULL, prot, &prot_part, NULL, + ctx->pkey, md, ctx->libctx, ctx->propq)) + return prot; ASN1_BIT_STRING_free(prot); - prot = NULL; + return NULL; } - - end: - OSSL_CRMF_PBMPARAMETER_free(pbm); - EVP_MD_CTX_free(evp_ctx); - OPENSSL_free(protection); - OPENSSL_free(prot_part_der); - return prot; } int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) @@ -182,24 +176,22 @@ int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) /* * Create an X509_ALGOR structure for PasswordBasedMAC protection based on * the pbm settings in the context - * returns pointer to X509_ALGOR on success, NULL on error */ -static X509_ALGOR *create_pbmac_algor(OSSL_CMP_CTX *ctx) +static int set_pbmac_algor(const OSSL_CMP_CTX *ctx, X509_ALGOR **alg) { - X509_ALGOR *alg = NULL; OSSL_CRMF_PBMPARAMETER *pbm = NULL; unsigned char *pbm_der = NULL; int pbm_der_len; ASN1_STRING *pbm_str = NULL; if (!ossl_assert(ctx != NULL)) - return NULL; + return 0; - alg = X509_ALGOR_new(); pbm = OSSL_CRMF_pbmp_new(ctx->libctx, ctx->pbm_slen, - ctx->pbm_owf, ctx->pbm_itercnt, ctx->pbm_mac); + EVP_MD_type(ctx->pbm_owf), ctx->pbm_itercnt, + ctx->pbm_mac); pbm_str = ASN1_STRING_new(); - if (alg == NULL || pbm == NULL || pbm_str == NULL) + if (pbm == NULL || pbm_str == NULL) goto err; if ((pbm_der_len = i2d_OSSL_CRMF_PBMPARAMETER(pbm, &pbm_der)) < 0) @@ -207,19 +199,49 @@ static X509_ALGOR *create_pbmac_algor(OSSL_CMP_CTX *ctx) if (!ASN1_STRING_set(pbm_str, pbm_der, pbm_der_len)) goto err; + if (*alg == NULL && (*alg = X509_ALGOR_new()) == NULL) + goto err; OPENSSL_free(pbm_der); - X509_ALGOR_set0(alg, OBJ_nid2obj(NID_id_PasswordBasedMAC), + X509_ALGOR_set0(*alg, OBJ_nid2obj(NID_id_PasswordBasedMAC), V_ASN1_SEQUENCE, pbm_str); OSSL_CRMF_PBMPARAMETER_free(pbm); - return alg; + return 1; err: ASN1_STRING_free(pbm_str); - X509_ALGOR_free(alg); OPENSSL_free(pbm_der); OSSL_CRMF_PBMPARAMETER_free(pbm); - return NULL; + return 0; +} + +static int set_sig_algor(const OSSL_CMP_CTX *ctx, X509_ALGOR **alg) +{ + int nid = 0; + ASN1_OBJECT *algo = NULL; + + if (!OBJ_find_sigid_by_algs(&nid, EVP_MD_type(ctx->digest), + EVP_PKEY_id(ctx->pkey))) { + CMPerr(0, CMP_R_UNSUPPORTED_KEY_TYPE); + return 0; + } + if ((algo = OBJ_nid2obj(nid)) == NULL) + return 0; + if (*alg == NULL && (*alg = X509_ALGOR_new()) == NULL) + return 0; + + if (X509_ALGOR_set0(*alg, algo, V_ASN1_UNDEF, NULL)) + return 1; + ASN1_OBJECT_free(algo); + return 0; +} + +static int set_senderKID(const OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg, + const ASN1_OCTET_STRING *id) +{ + if (id == NULL) + id = ctx->referenceValue; /* standard for PBM, fallback for sig-based */ + return id == NULL || ossl_cmp_hdr_set1_senderKID(msg->header, id); } int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) @@ -241,20 +263,18 @@ int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) /* use PasswordBasedMac according to 5.1.3.1 if secretValue is given */ if (ctx->secretValue != NULL) { - if ((msg->header->protectionAlg = create_pbmac_algor(ctx)) == NULL) + if (!set_pbmac_algor(ctx, &msg->header->protectionAlg)) goto err; - if (ctx->referenceValue != NULL - && !ossl_cmp_hdr_set1_senderKID(msg->header, - ctx->referenceValue)) + if (!set_senderKID(ctx, msg, NULL)) goto err; - } else if (ctx->cert != NULL && ctx->pkey != NULL) { + /* - * use MSG_SIG_ALG according to 5.1.3.3 if client Certificate and - * private key is given + * will add any additional certificates from ctx->extraCertsOut + * while not needed to validate the protection certificate, + * the option to do this might be handy for certain use cases */ - const ASN1_OCTET_STRING *subjKeyIDStr = NULL; - int algNID = 0; - ASN1_OBJECT *alg = NULL; + } else if (ctx->cert != NULL && ctx->pkey != NULL) { + /* use MSG_SIG_ALG according to 5.1.3.3 if client cert and key given */ /* make sure that key and certificate match */ if (!X509_check_private_key(ctx->cert, ctx->pkey)) { @@ -262,37 +282,21 @@ int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) goto err; } - if ((msg->header->protectionAlg = X509_ALGOR_new()) == NULL) - goto err; - if (!OBJ_find_sigid_by_algs(&algNID, ctx->digest, - EVP_PKEY_id(ctx->pkey))) { - CMPerr(0, CMP_R_UNSUPPORTED_KEY_TYPE); - goto err; - } - if ((alg = OBJ_nid2obj(algNID)) == NULL) + if (!set_sig_algor(ctx, &msg->header->protectionAlg)) goto err; - if (!X509_ALGOR_set0(msg->header->protectionAlg, alg, - V_ASN1_UNDEF, NULL)) { - ASN1_OBJECT_free(alg); + /* set senderKID to keyIdentifier of the cert according to 5.1.1 */ + if (!set_senderKID(ctx, msg, X509_get0_subject_key_id(ctx->cert))) goto err; - } /* - * set senderKID to keyIdentifier of the used certificate according - * to section 5.1.1 + * will add ctx->cert followed, if possible, by its chain built + * from ctx->untrusted_certs, and then ctx->extraCertsOut */ - subjKeyIDStr = X509_get0_subject_key_id(ctx->cert); - if (subjKeyIDStr == NULL) - subjKeyIDStr = ctx->referenceValue; /* fallback */ - if (subjKeyIDStr != NULL - && !ossl_cmp_hdr_set1_senderKID(msg->header, subjKeyIDStr)) - goto err; } else { CMPerr(0, CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION); goto err; } - if ((msg->protection = - ossl_cmp_calc_protection(msg, ctx->secretValue, ctx->pkey)) == NULL) + if ((msg->protection = ossl_cmp_calc_protection(ctx, msg)) == NULL) goto err; /* diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c index eb98b50383..2ba6cb7984 100644 --- a/crypto/cmp/cmp_server.c +++ b/crypto/cmp/cmp_server.c @@ -206,7 +206,7 @@ static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx, certReqId = OSSL_CRMF_MSG_get_certReqId(crm); } - if (!ossl_cmp_verify_popo(req, srv_ctx->acceptRAVerified)) { + if (!ossl_cmp_verify_popo(srv_ctx->ctx, req, srv_ctx->acceptRAVerified)) { /* Proof of possession could not be verified */ si = OSSL_CMP_STATUSINFO_new(OSSL_CMP_PKISTATUS_rejection, 1 << OSSL_CMP_PKIFAILUREINFO_badPOP, diff --git a/crypto/cmp/cmp_util.c b/crypto/cmp/cmp_util.c index 318314771e..c4797f1691 100644 --- a/crypto/cmp/cmp_util.c +++ b/crypto/cmp/cmp_util.c @@ -207,7 +207,7 @@ int ossl_cmp_X509_STORE_add1_certs(X509_STORE *store, STACK_OF(X509) *certs, /*- * Builds up the chain of intermediate CA certificates - * starting from of the given certificate <cert> as high up as possible using + * starting from the given certificate <cert> as high up as possible using * the given list of candidate certificates, similarly to ssl_add_cert_chain(). * * Intended use of this function is to find all the certificates above the trust diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c index d4cececd61..b50a3fe83a 100644 --- a/crypto/cmp/cmp_vfy.c +++ b/crypto/cmp/cmp_vfy.c @@ -28,14 +28,8 @@ DEFINE_STACK_OF(X509) static int verify_signature(const OSSL_CMP_CTX *cmp_ctx, const OSSL_CMP_MSG *msg, X509 *cert) { - EVP_MD_CTX *ctx = NULL; OSSL_CMP_PROTECTEDPART prot_part; - int digest_nid, pk_nid; - const EVP_MD *digest = NULL; EVP_PKEY *pubkey = NULL; - int len; - size_t prot_part_der_len = 0; - unsigned char *prot_part_der = NULL; BIO *bio = BIO_new(BIO_s_mem()); /* may be NULL */ int res = 0; @@ -55,35 +49,13 @@ static int verify_signature(const OSSL_CMP_CTX *cmp_ctx, goto sig_err; } - /* create the DER representation of protected part */ prot_part.header = msg->header; prot_part.body = msg->body; - len = i2d_OSSL_CMP_PROTECTEDPART(&prot_part, &prot_part_der); - if (len < 0 || prot_part_der == NULL) - goto end; - prot_part_der_len = (size_t) len; - - /* verify signature of protected part */ - if (!OBJ_find_sigid_algs(ossl_cmp_hdr_get_protection_nid(msg->header), - &digest_nid, &pk_nid) - || digest_nid == NID_undef || pk_nid == NID_undef - || (digest = EVP_get_digestbynid(digest_nid)) == NULL) { - CMPerr(0, CMP_R_ALGORITHM_NOT_SUPPORTED); - goto sig_err; - } - - /* check msg->header->protectionAlg is consistent with public key type */ - if (EVP_PKEY_type(pk_nid) != EVP_PKEY_base_id(pubkey)) { - CMPerr(0, CMP_R_WRONG_ALGORITHM_OID); - goto sig_err; - } - if ((ctx = EVP_MD_CTX_new()) == NULL) - goto end; - if (EVP_DigestVerifyInit(ctx, NULL, digest, NULL, pubkey) - && EVP_DigestVerify(ctx, msg->protection->data, - msg->protection->length, - prot_part_der, prot_part_der_len) == 1) { + if (ASN1_item_verify_with_libctx(ASN1_ITEM_rptr(OSSL_CMP_PROTECTEDPART), + msg->header->protectionAlg, + msg->protection, &prot_part, NULL, pubkey, + cmp_ctx->libctx, cmp_ctx->propq) > 0) { res = 1; goto end; } @@ -96,8 +68,6 @@ static int verify_signature(const OSSL_CMP_CTX *cmp_ctx, res = 0; end: - EVP_MD_CTX_free(ctx); - OPENSSL_free(prot_part_der); EVP_PKEY_free(pubkey); BIO_free(bio); @@ -105,14 +75,13 @@ static int verify_signature(const OSSL_CMP_CTX *cmp_ctx, } /* Verify a message protected with PBMAC */ -static int verify_PBMAC(const OSSL_CMP_MSG *msg, - const ASN1_OCTET_STRING *secret) +static int verify_PBMAC(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) { ASN1_BIT_STRING *protection = NULL; int valid = 0; /* generate expected protection for the message */ - if ((protection = ossl_cmp_calc_protection(msg, secret, NULL)) == NULL) + if ((protection = ossl_cmp_calc_protection(ctx, msg)) == NULL) return 0; /* failed to generate protection string! */ valid = msg->protection != NULL && msg->protection->length >= 0 @@ -355,11 +324,11 @@ static int check_cert_path_3gpp(const OSSL_CMP_CTX *ctx, * verify that the newly enrolled certificate (which assumed rid == * OSSL_CMP_CERTREQID) can also be validated with the same trusted store */ - EVP_PKEY *privkey = OSSL_CMP_CTX_get0_newPkey(ctx, 1); + EVP_PKEY *pkey = OSSL_CMP_CTX_get0_newPkey(ctx, 1); OSSL_CMP_CERTRESPONSE *crep = ossl_cmp_certrepmessage_get0_certresponse(msg->body->value.ip, OSSL_CMP_CERTREQID); - X509 *newcrt = ossl_cmp_certresponse_get1_certificate(privkey, crep); + X509 *newcrt = ossl_cmp_certresponse_get1_cert(crep, ctx, pkey); /* * maybe better use get_cert_status() from cmp_client.c, which catches * errors @@ -598,13 +567,34 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) switch (ossl_cmp_hdr_get_protection_nid(msg->header)) { /* 5.1.3.1. Shared Secret Information */ case NID_id_PasswordBasedMAC: - if (ctx->secretValue == 0) { - CMPerr(0, CMP_R_CHECKING_PBM_NO_SECRET_AVAILABLE); - break; - } - - if (verify_PBMAC(msg, ctx->secretValue)) + if (verify_PBMAC(ctx, msg)) { + /* + * RFC 4210, 5.3.2: 'Note that if the PKI Message Protection is + * "shared secret information", then any certificate transported in + * the caPubs field may be directly trusted as a root CA + * certificate by the initiator.' + */ + switch (ossl_cmp_msg_get_bodytype(msg)) { + case -1: + return 0; + case OSSL_CMP_PKIBODY_IP: + case OSSL_CMP_PKIBODY_CP: + case OSSL_CMP_PKIBODY_KUP: + case OSSL_CMP_PKIBODY_CCP: + if (ctx->trusted != NULL) { + STACK_OF(X509) *certs = msg->body->value.ip->caPubs; + /* value.ip is same for cp, kup, and ccp */ + + if (!ossl_cmp_X509_STORE_add1_certs(ctx->trusted, certs, 0)) + /* adds both self-issued and not self-issued certs */ + return 0; + } + break; + default: + break; + } return 1; + } break; /* @@ -811,7 +801,8 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, return 1; } -int ossl_cmp_verify_popo(const OSSL_CMP_MSG *msg, int accept_RAVerified) +int ossl_cmp_verify_popo(const OSSL_CMP_CTX *ctx, + const OSSL_CMP_MSG *msg, int acceptRAVerified) { if (!ossl_assert(msg != NULL && msg->body != NULL)) return 0; @@ -820,7 +811,8 @@ int ossl_cmp_verify_popo(const OSSL_CMP_MSG *msg, int accept_RAVerified) { X509_REQ *req = msg->body->value.p10cr; - if (X509_REQ_verify(req, X509_REQ_get0_pubkey(req)) <= 0) { + if (X509_REQ_verify_with_libctx(req, X509_REQ_get0_pubkey(req), + ctx->libctx, ctx->propq) <= 0) { #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION CMPerr(0, CMP_R_REQUEST_NOT_ACCEPTED); return 0; @@ -832,7 +824,8 @@ int ossl_cmp_verify_popo(const OSSL_CMP_MSG *msg, int accept_RAVerified) case OSSL_CMP_PKIBODY_CR: case OSSL_CMP_PKIBODY_KUR: if (!OSSL_CRMF_MSGS_verify_popo(msg->body->value.ir, OSSL_CMP_CERTREQID, - accept_RAVerified)) { + acceptRAVerified, |