]>
Commit | Line | Data |
---|---|---|
2039c421 | 1 | /* |
33388b44 | 2 | * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. |
d02b48c6 | 3 | * |
365a2d99 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
2039c421 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
d02b48c6 RE |
8 | */ |
9 | ||
10 | #include <stdio.h> | |
11 | #include <time.h> | |
b379fe6c | 12 | #include <sys/types.h> |
d02b48c6 | 13 | |
b39fc560 | 14 | #include "internal/cryptlib.h" |
17f389bb | 15 | |
ec577822 BM |
16 | #include <openssl/bn.h> |
17 | #include <openssl/x509.h> | |
18 | #include <openssl/objects.h> | |
19 | #include <openssl/buffer.h> | |
20 | #include <openssl/evp.h> | |
25f2138b DMSP |
21 | #include "crypto/asn1.h" |
22 | #include "crypto/evp.h" | |
d02b48c6 | 23 | |
12d99aac | 24 | #ifndef OPENSSL_NO_DEPRECATED_3_0 |
73e92de5 | 25 | |
8bb826ee | 26 | int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, |
0f113f3e MC |
27 | char *data, EVP_PKEY *pkey) |
28 | { | |
bfb0641f | 29 | EVP_MD_CTX *ctx = EVP_MD_CTX_new(); |
0f113f3e MC |
30 | const EVP_MD *type; |
31 | unsigned char *p, *buf_in = NULL; | |
32 | int ret = -1, i, inl; | |
33 | ||
6e59a892 RL |
34 | if (ctx == NULL) { |
35 | ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE); | |
36 | goto err; | |
37 | } | |
0f113f3e MC |
38 | i = OBJ_obj2nid(a->algorithm); |
39 | type = EVP_get_digestbyname(OBJ_nid2sn(i)); | |
40 | if (type == NULL) { | |
41 | ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); | |
42 | goto err; | |
43 | } | |
44 | ||
45 | if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) { | |
46 | ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); | |
47 | goto err; | |
48 | } | |
49 | ||
50 | inl = i2d(data, NULL); | |
da84249b F |
51 | if (inl <= 0) { |
52 | ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_INTERNAL_ERROR); | |
53 | goto err; | |
54 | } | |
0f113f3e MC |
55 | buf_in = OPENSSL_malloc((unsigned int)inl); |
56 | if (buf_in == NULL) { | |
57 | ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE); | |
58 | goto err; | |
59 | } | |
60 | p = buf_in; | |
61 | ||
62 | i2d(data, &p); | |
6e59a892 RL |
63 | ret = EVP_VerifyInit_ex(ctx, type, NULL) |
64 | && EVP_VerifyUpdate(ctx, (unsigned char *)buf_in, inl); | |
0f113f3e | 65 | |
4b45c6e5 | 66 | OPENSSL_clear_free(buf_in, (unsigned int)inl); |
0f113f3e MC |
67 | |
68 | if (!ret) { | |
69 | ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB); | |
70 | goto err; | |
71 | } | |
72 | ret = -1; | |
73 | ||
6e59a892 | 74 | if (EVP_VerifyFinal(ctx, (unsigned char *)signature->data, |
0f113f3e MC |
75 | (unsigned int)signature->length, pkey) <= 0) { |
76 | ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB); | |
77 | ret = 0; | |
78 | goto err; | |
79 | } | |
0f113f3e MC |
80 | ret = 1; |
81 | err: | |
bfb0641f | 82 | EVP_MD_CTX_free(ctx); |
26a7d938 | 83 | return ret; |
0f113f3e | 84 | } |
09ab755c | 85 | |
73e92de5 DSH |
86 | #endif |
87 | ||
ded346fa DDO |
88 | int ASN1_item_verify(const ASN1_ITEM *it, const X509_ALGOR *alg, |
89 | const ASN1_BIT_STRING *signature, const void *data, | |
90 | EVP_PKEY *pkey) | |
0f113f3e | 91 | { |
d8652be0 | 92 | return ASN1_item_verify_ex(it, alg, signature, data, NULL, pkey, NULL, NULL); |
ded346fa DDO |
93 | } |
94 | ||
d8652be0 MC |
95 | int ASN1_item_verify_ex(const ASN1_ITEM *it, const X509_ALGOR *alg, |
96 | const ASN1_BIT_STRING *signature, const void *data, | |
97 | const ASN1_OCTET_STRING *id, EVP_PKEY *pkey, | |
b4250010 | 98 | OSSL_LIB_CTX *libctx, const char *propq) |
ded346fa DDO |
99 | { |
100 | EVP_MD_CTX *ctx; | |
bbaddbc0 | 101 | int rv = -1; |
bbaddbc0 | 102 | |
d8652be0 | 103 | if ((ctx = evp_md_ctx_new_ex(pkey, id, libctx, propq)) != NULL) { |
ded346fa DDO |
104 | rv = ASN1_item_verify_ctx(it, alg, signature, data, ctx); |
105 | EVP_PKEY_CTX_free(EVP_MD_CTX_pkey_ctx(ctx)); | |
106 | EVP_MD_CTX_free(ctx); | |
bbaddbc0 | 107 | } |
bbaddbc0 RL |
108 | return rv; |
109 | } | |
110 | ||
ded346fa DDO |
111 | int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg, |
112 | const ASN1_BIT_STRING *signature, const void *data, | |
bbaddbc0 RL |
113 | EVP_MD_CTX *ctx) |
114 | { | |
115 | EVP_PKEY *pkey; | |
0f113f3e | 116 | unsigned char *buf_in = NULL; |
75394189 | 117 | int ret = -1, inl = 0; |
0f113f3e | 118 | int mdnid, pknid; |
da84249b | 119 | size_t inll = 0; |
0f113f3e | 120 | |
bbaddbc0 RL |
121 | pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)); |
122 | ||
8267becb | 123 | if (pkey == NULL) { |
bbaddbc0 | 124 | ASN1err(0, ERR_R_PASSED_NULL_PARAMETER); |
0f113f3e MC |
125 | return -1; |
126 | } | |
127 | ||
128 | if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) { | |
bbaddbc0 | 129 | ASN1err(0, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); |
0f113f3e MC |
130 | return -1; |
131 | } | |
132 | ||
0f113f3e | 133 | /* Convert signature OID into digest and public key OIDs */ |
ded346fa | 134 | if (!OBJ_find_sigid_algs(OBJ_obj2nid(alg->algorithm), &mdnid, &pknid)) { |
bbaddbc0 | 135 | ASN1err(0, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); |
0f113f3e MC |
136 | goto err; |
137 | } | |
bbaddbc0 | 138 | |
0f113f3e | 139 | if (mdnid == NID_undef) { |
12a765a5 | 140 | if (pkey->ameth == NULL || pkey->ameth->item_verify == NULL) { |
bbaddbc0 | 141 | ASN1err(0, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); |
0f113f3e MC |
142 | goto err; |
143 | } | |
ded346fa | 144 | ret = pkey->ameth->item_verify(ctx, it, data, alg, signature, pkey); |
0f113f3e | 145 | /* |
bbaddbc0 RL |
146 | * Return values meaning: |
147 | * <=0: error. | |
148 | * 1: method does everything. | |
149 | * 2: carry on as normal, method has called EVP_DigestVerifyInit() | |
0f113f3e | 150 | */ |
bbaddbc0 RL |
151 | if (ret <= 0) |
152 | ASN1err(0, ERR_R_EVP_LIB); | |
153 | if (ret <= 1) | |
0f113f3e | 154 | goto err; |
0f113f3e | 155 | } else { |
da84249b F |
156 | const EVP_MD *type = EVP_get_digestbynid(mdnid); |
157 | ||
0f113f3e | 158 | if (type == NULL) { |
bbaddbc0 | 159 | ASN1err(0, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); |
0f113f3e MC |
160 | goto err; |
161 | } | |
162 | ||
163 | /* Check public key OID matches public key type */ | |
d55d0935 | 164 | if (!EVP_PKEY_is_a(pkey, OBJ_nid2sn(pknid))) { |
bbaddbc0 | 165 | ASN1err(0, ASN1_R_WRONG_PUBLIC_KEY_TYPE); |
0f113f3e MC |
166 | goto err; |
167 | } | |
168 | ||
6e59a892 | 169 | if (!EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey)) { |
bbaddbc0 | 170 | ASN1err(0, ERR_R_EVP_LIB); |
0f113f3e MC |
171 | ret = 0; |
172 | goto err; | |
173 | } | |
0f113f3e MC |
174 | } |
175 | ||
ded346fa | 176 | inl = ASN1_item_i2d(data, &buf_in, it); |
da84249b | 177 | if (inl <= 0) { |
bbaddbc0 | 178 | ASN1err(0, ERR_R_INTERNAL_ERROR); |
da84249b F |
179 | goto err; |
180 | } | |
0f113f3e | 181 | if (buf_in == NULL) { |
bbaddbc0 | 182 | ASN1err(0, ERR_R_MALLOC_FAILURE); |
0f113f3e MC |
183 | goto err; |
184 | } | |
da84249b | 185 | inll = inl; |
0f113f3e | 186 | |
75394189 DSH |
187 | ret = EVP_DigestVerify(ctx, signature->data, (size_t)signature->length, |
188 | buf_in, inl); | |
189 | if (ret <= 0) { | |
bbaddbc0 | 190 | ASN1err(0, ERR_R_EVP_LIB); |
0f113f3e MC |
191 | goto err; |
192 | } | |
0f113f3e MC |
193 | ret = 1; |
194 | err: | |
da84249b | 195 | OPENSSL_clear_free(buf_in, inll); |
75394189 | 196 | return ret; |
0f113f3e | 197 | } |