]>
Commit | Line | Data |
---|---|---|
2039c421 | 1 | /* |
33388b44 | 2 | * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. |
d02b48c6 | 3 | * |
365a2d99 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
2039c421 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
d02b48c6 RE |
8 | */ |
9 | ||
10 | #include <stdio.h> | |
11 | #include <time.h> | |
b379fe6c | 12 | #include <sys/types.h> |
d02b48c6 | 13 | |
b39fc560 | 14 | #include "internal/cryptlib.h" |
17f389bb | 15 | |
ec577822 BM |
16 | #include <openssl/bn.h> |
17 | #include <openssl/x509.h> | |
18 | #include <openssl/objects.h> | |
19 | #include <openssl/buffer.h> | |
20 | #include <openssl/evp.h> | |
25f2138b DMSP |
21 | #include "crypto/asn1.h" |
22 | #include "crypto/evp.h" | |
d02b48c6 | 23 | |
12d99aac | 24 | #ifndef OPENSSL_NO_DEPRECATED_3_0 |
73e92de5 | 25 | |
8bb826ee | 26 | int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, |
0f113f3e MC |
27 | char *data, EVP_PKEY *pkey) |
28 | { | |
bfb0641f | 29 | EVP_MD_CTX *ctx = EVP_MD_CTX_new(); |
0f113f3e MC |
30 | const EVP_MD *type; |
31 | unsigned char *p, *buf_in = NULL; | |
32 | int ret = -1, i, inl; | |
33 | ||
6e59a892 RL |
34 | if (ctx == NULL) { |
35 | ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE); | |
36 | goto err; | |
37 | } | |
0f113f3e MC |
38 | i = OBJ_obj2nid(a->algorithm); |
39 | type = EVP_get_digestbyname(OBJ_nid2sn(i)); | |
40 | if (type == NULL) { | |
41 | ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); | |
42 | goto err; | |
43 | } | |
44 | ||
45 | if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) { | |
46 | ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); | |
47 | goto err; | |
48 | } | |
49 | ||
50 | inl = i2d(data, NULL); | |
da84249b F |
51 | if (inl <= 0) { |
52 | ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_INTERNAL_ERROR); | |
53 | goto err; | |
54 | } | |
0f113f3e MC |
55 | buf_in = OPENSSL_malloc((unsigned int)inl); |
56 | if (buf_in == NULL) { | |
57 | ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE); | |
58 | goto err; | |
59 | } | |
60 | p = buf_in; | |
61 | ||
62 | i2d(data, &p); | |
6e59a892 RL |
63 | ret = EVP_VerifyInit_ex(ctx, type, NULL) |
64 | && EVP_VerifyUpdate(ctx, (unsigned char *)buf_in, inl); | |
0f113f3e | 65 | |
4b45c6e5 | 66 | OPENSSL_clear_free(buf_in, (unsigned int)inl); |
0f113f3e MC |
67 | |
68 | if (!ret) { | |
69 | ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB); | |
70 | goto err; | |
71 | } | |
72 | ret = -1; | |
73 | ||
6e59a892 | 74 | if (EVP_VerifyFinal(ctx, (unsigned char *)signature->data, |
0f113f3e MC |
75 | (unsigned int)signature->length, pkey) <= 0) { |
76 | ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB); | |
77 | ret = 0; | |
78 | goto err; | |
79 | } | |
0f113f3e MC |
80 | ret = 1; |
81 | err: | |
bfb0641f | 82 | EVP_MD_CTX_free(ctx); |
26a7d938 | 83 | return ret; |
0f113f3e | 84 | } |
09ab755c | 85 | |
73e92de5 DSH |
86 | #endif |
87 | ||
31904ecd | 88 | int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, |
0f113f3e MC |
89 | ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) |
90 | { | |
bbaddbc0 RL |
91 | int rv = -1; |
92 | EVP_MD_CTX *ctx = EVP_MD_CTX_new(); | |
93 | EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL); | |
94 | ||
95 | if (ctx == NULL || pctx == NULL) { | |
96 | ASN1err(0, ERR_R_MALLOC_FAILURE); | |
97 | goto err; | |
98 | } | |
99 | ||
100 | EVP_MD_CTX_set_pkey_ctx(ctx, pctx); | |
101 | ||
102 | rv = ASN1_item_verify_ctx(it, a, signature, asn, ctx); | |
103 | ||
104 | err: | |
105 | EVP_PKEY_CTX_free(pctx); | |
106 | EVP_MD_CTX_free(ctx); | |
107 | return rv; | |
108 | } | |
109 | ||
110 | int ASN1_item_verify_ctx(const ASN1_ITEM *it, X509_ALGOR *a, | |
111 | ASN1_BIT_STRING *signature, void *asn, | |
112 | EVP_MD_CTX *ctx) | |
113 | { | |
114 | EVP_PKEY *pkey; | |
0f113f3e | 115 | unsigned char *buf_in = NULL; |
75394189 | 116 | int ret = -1, inl = 0; |
0f113f3e | 117 | int mdnid, pknid; |
da84249b | 118 | size_t inll = 0; |
0f113f3e | 119 | |
bbaddbc0 RL |
120 | pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)); |
121 | ||
8267becb | 122 | if (pkey == NULL) { |
bbaddbc0 | 123 | ASN1err(0, ERR_R_PASSED_NULL_PARAMETER); |
0f113f3e MC |
124 | return -1; |
125 | } | |
126 | ||
127 | if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) { | |
bbaddbc0 | 128 | ASN1err(0, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); |
0f113f3e MC |
129 | return -1; |
130 | } | |
131 | ||
0f113f3e MC |
132 | /* Convert signature OID into digest and public key OIDs */ |
133 | if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) { | |
bbaddbc0 | 134 | ASN1err(0, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); |
0f113f3e MC |
135 | goto err; |
136 | } | |
bbaddbc0 | 137 | |
0f113f3e | 138 | if (mdnid == NID_undef) { |
12a765a5 | 139 | if (pkey->ameth == NULL || pkey->ameth->item_verify == NULL) { |
bbaddbc0 | 140 | ASN1err(0, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); |
0f113f3e MC |
141 | goto err; |
142 | } | |
6e59a892 | 143 | ret = pkey->ameth->item_verify(ctx, it, asn, a, signature, pkey); |
0f113f3e | 144 | /* |
bbaddbc0 RL |
145 | * Return values meaning: |
146 | * <=0: error. | |
147 | * 1: method does everything. | |
148 | * 2: carry on as normal, method has called EVP_DigestVerifyInit() | |
0f113f3e | 149 | */ |
bbaddbc0 RL |
150 | if (ret <= 0) |
151 | ASN1err(0, ERR_R_EVP_LIB); | |
152 | if (ret <= 1) | |
0f113f3e | 153 | goto err; |
0f113f3e | 154 | } else { |
da84249b F |
155 | const EVP_MD *type = EVP_get_digestbynid(mdnid); |
156 | ||
0f113f3e | 157 | if (type == NULL) { |
bbaddbc0 | 158 | ASN1err(0, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); |
0f113f3e MC |
159 | goto err; |
160 | } | |
161 | ||
162 | /* Check public key OID matches public key type */ | |
163 | if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) { | |
bbaddbc0 | 164 | ASN1err(0, ASN1_R_WRONG_PUBLIC_KEY_TYPE); |
0f113f3e MC |
165 | goto err; |
166 | } | |
167 | ||
6e59a892 | 168 | if (!EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey)) { |
bbaddbc0 | 169 | ASN1err(0, ERR_R_EVP_LIB); |
0f113f3e MC |
170 | ret = 0; |
171 | goto err; | |
172 | } | |
0f113f3e MC |
173 | } |
174 | ||
175 | inl = ASN1_item_i2d(asn, &buf_in, it); | |
da84249b | 176 | if (inl <= 0) { |
bbaddbc0 | 177 | ASN1err(0, ERR_R_INTERNAL_ERROR); |
da84249b F |
178 | goto err; |
179 | } | |
0f113f3e | 180 | if (buf_in == NULL) { |
bbaddbc0 | 181 | ASN1err(0, ERR_R_MALLOC_FAILURE); |
0f113f3e MC |
182 | goto err; |
183 | } | |
da84249b | 184 | inll = inl; |
0f113f3e | 185 | |
75394189 DSH |
186 | ret = EVP_DigestVerify(ctx, signature->data, (size_t)signature->length, |
187 | buf_in, inl); | |
188 | if (ret <= 0) { | |
bbaddbc0 | 189 | ASN1err(0, ERR_R_EVP_LIB); |
0f113f3e MC |
190 | goto err; |
191 | } | |
0f113f3e MC |
192 | ret = 1; |
193 | err: | |
da84249b | 194 | OPENSSL_clear_free(buf_in, inll); |
75394189 | 195 | return ret; |
0f113f3e | 196 | } |