1 /* 2 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <stdio.h> 11 #include <time.h> 12 #include <sys/types.h> 13 14 #include "internal/cryptlib.h" 15 16 #include <openssl/bn.h> 17 #include <openssl/evp.h> 18 #include <openssl/x509.h> 19 #include <openssl/objects.h> 20 #include <openssl/buffer.h> 21 #include <openssl/core_names.h> 22 #include "crypto/asn1.h" 23 #include "crypto/evp.h" 24 25 #ifndef OPENSSL_NO_DEPRECATED_3_0 26 27 int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, 28 ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, 29 const EVP_MD *type) 30 { 31 EVP_MD_CTX *ctx = EVP_MD_CTX_new(); 32 unsigned char *p, *buf_in = NULL, *buf_out = NULL; 33 int i, inl = 0, outl = 0; 34 size_t inll = 0, outll = 0; 35 X509_ALGOR *a; 36 37 if (ctx == NULL) { 38 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); 39 goto err; 40 } 41 for (i = 0; i < 2; i++) { 42 if (i == 0) 43 a = algor1; 44 else 45 a = algor2; 46 if (a == NULL) 47 continue; 48 if (type->pkey_type == NID_dsaWithSHA1) { 49 /* 50 * special case: RFC 2459 tells us to omit 'parameters' with 51 * id-dsa-with-sha1 52 */ 53 ASN1_TYPE_free(a->parameter); 54 a->parameter = NULL; 55 } else if ((a->parameter == NULL) || 56 (a->parameter->type != V_ASN1_NULL)) { 57 ASN1_TYPE_free(a->parameter); 58 if ((a->parameter = ASN1_TYPE_new()) == NULL) 59 goto err; 60 a->parameter->type = V_ASN1_NULL; 61 } 62 ASN1_OBJECT_free(a->algorithm); 63 a->algorithm = OBJ_nid2obj(type->pkey_type); 64 if (a->algorithm == NULL) { 65 ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_OBJECT_TYPE); 66 goto err; 67 } 68 if (a->algorithm->length == 0) { 69 ERR_raise(ERR_LIB_ASN1, 70 ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); 71 goto err; 72 } 73 } 74 inl = i2d(data, NULL); 75 if (inl <= 0) { 76 ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR); 77 goto err; 78 } 79 inll = (size_t)inl; 80 buf_in = OPENSSL_malloc(inll); 81 outll = outl = EVP_PKEY_get_size(pkey); 82 buf_out = OPENSSL_malloc(outll); 83 if (buf_in == NULL || buf_out == NULL) { 84 outl = 0; 85 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); 86 goto err; 87 } 88 p = buf_in; 89 90 i2d(data, &p); 91 if (!EVP_SignInit_ex(ctx, type, NULL) 92 || !EVP_SignUpdate(ctx, (unsigned char *)buf_in, inl) 93 || !EVP_SignFinal(ctx, (unsigned char *)buf_out, 94 (unsigned int *)&outl, pkey)) { 95 outl = 0; 96 ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); 97 goto err; 98 } 99 OPENSSL_free(signature->data); 100 signature->data = buf_out; 101 buf_out = NULL; 102 signature->length = outl; 103 /* 104 * In the interests of compatibility, I'll make sure that the bit string 105 * has a 'not-used bits' value of 0 106 */ 107 signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); 108 signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; 109 err: 110 EVP_MD_CTX_free(ctx); 111 OPENSSL_clear_free((char *)buf_in, inll); 112 OPENSSL_clear_free((char *)buf_out, outll); 113 return outl; 114 } 115 116 #endif 117 118 int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, 119 ASN1_BIT_STRING *signature, const void *data, 120 EVP_PKEY *pkey, const EVP_MD *md) 121 { 122 return ASN1_item_sign_ex(it, algor1, algor2, signature, data, NULL, pkey, 123 md, NULL, NULL); 124 } 125 126 int ASN1_item_sign_ex(const ASN1_ITEM *it, X509_ALGOR *algor1, 127 X509_ALGOR *algor2, ASN1_BIT_STRING *signature, 128 const void *data, const ASN1_OCTET_STRING *id, 129 EVP_PKEY *pkey, const EVP_MD *md, OSSL_LIB_CTX *libctx, 130 const char *propq) 131 { 132 int rv = 0; 133 EVP_MD_CTX *ctx = evp_md_ctx_new_ex(pkey, id, libctx, propq); 134 135 if (ctx == NULL) { 136 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); 137 return 0; 138 } 139 /* We can use the non _ex variant here since the pkey is already setup */ 140 if (!EVP_DigestSignInit(ctx, NULL, md, NULL, pkey)) 141 goto err; 142 143 rv = ASN1_item_sign_ctx(it, algor1, algor2, signature, data, ctx); 144 145 err: 146 EVP_PKEY_CTX_free(EVP_MD_CTX_get_pkey_ctx(ctx)); 147 EVP_MD_CTX_free(ctx); 148 return rv; 149 } 150 151 int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, 152 X509_ALGOR *algor2, ASN1_BIT_STRING *signature, 153 const void *data, EVP_MD_CTX *ctx) 154 { 155 const EVP_MD *md; 156 EVP_PKEY *pkey; 157 unsigned char *buf_in = NULL, *buf_out = NULL; 158 size_t inl = 0, outl = 0, outll = 0; 159 int signid, paramtype, buf_len = 0; 160 int rv, pkey_id; 161 162 md = EVP_MD_CTX_get0_md(ctx); 163 pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_get_pkey_ctx(ctx)); 164 165 if (pkey == NULL) { 166 ERR_raise(ERR_LIB_ASN1, ASN1_R_CONTEXT_NOT_INITIALISED); 167 goto err; 168 } 169 170 if (pkey->ameth == NULL) { 171 EVP_PKEY_CTX *pctx = EVP_MD_CTX_get_pkey_ctx(ctx); 172 OSSL_PARAM params[2]; 173 unsigned char aid[128]; 174 size_t aid_len = 0; 175 176 if (pctx == NULL 177 || !EVP_PKEY_CTX_IS_SIGNATURE_OP(pctx)) { 178 ERR_raise(ERR_LIB_ASN1, ASN1_R_CONTEXT_NOT_INITIALISED); 179 goto err; 180 } 181 182 params[0] = 183 OSSL_PARAM_construct_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, 184 aid, sizeof(aid)); 185 params[1] = OSSL_PARAM_construct_end(); 186 187 if (EVP_PKEY_CTX_get_params(pctx, params) <= 0) 188 goto err; 189 190 if ((aid_len = params[0].return_size) == 0) { 191 ERR_raise(ERR_LIB_ASN1, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); 192 goto err; 193 } 194 195 if (algor1 != NULL) { 196 const unsigned char *pp = aid; 197 198 if (d2i_X509_ALGOR(&algor1, &pp, aid_len) == NULL) { 199 ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR); 200 goto err; 201 } 202 } 203 204 if (algor2 != NULL) { 205 const unsigned char *pp = aid; 206 207 if (d2i_X509_ALGOR(&algor2, &pp, aid_len) == NULL) { 208 ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR); 209 goto err; 210 } 211 } 212 213 rv = 3; 214 } else if (pkey->ameth->item_sign) { 215 rv = pkey->ameth->item_sign(ctx, it, data, algor1, algor2, signature); 216 if (rv == 1) 217 outl = signature->length; 218 /*- 219 * Return value meanings: 220 * <=0: error. 221 * 1: method does everything. 222 * 2: carry on as normal. 223 * 3: ASN1 method sets algorithm identifiers: just sign. 224 */ 225 if (rv <= 0) 226 ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); 227 if (rv <= 1) 228 goto err; 229 } else { 230 rv = 2; 231 } 232 233 if (rv == 2) { 234 if (md == NULL) { 235 ERR_raise(ERR_LIB_ASN1, ASN1_R_CONTEXT_NOT_INITIALISED); 236 goto err; 237 } 238 239 pkey_id = 240 #ifndef OPENSSL_NO_SM2 241 EVP_PKEY_get_id(pkey) == NID_sm2 ? NID_sm2 : 242 #endif 243 pkey->ameth->pkey_id; 244 245 if (!OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(md), pkey_id)) { 246 ERR_raise(ERR_LIB_ASN1, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); 247 goto err; 248 } 249 250 if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) 251 paramtype = V_ASN1_NULL; 252 else 253 paramtype = V_ASN1_UNDEF; 254 255 if (algor1) 256 X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL); 257 if (algor2) 258 X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL); 259 260 } 261 262 buf_len = ASN1_item_i2d(data, &buf_in, it); 263 if (buf_len <= 0) { 264 outl = 0; 265 ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR); 266 goto err; 267 } 268 inl = buf_len; 269 if (!EVP_DigestSign(ctx, NULL, &outll, buf_in, inl)) { 270 outl = 0; 271 ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); 272 goto err; 273 } 274 outl = outll; 275 buf_out = OPENSSL_malloc(outll); 276 if (buf_in == NULL || buf_out == NULL) { 277 outl = 0; 278 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); 279 goto err; 280 } 281 282 if (!EVP_DigestSign(ctx, buf_out, &outl, buf_in, inl)) { 283 outl = 0; 284 ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); 285 goto err; 286 } 287 OPENSSL_free(signature->data); 288 signature->data = buf_out; 289 buf_out = NULL; 290 signature->length = outl; 291 /* 292 * In the interests of compatibility, I'll make sure that the bit string 293 * has a 'not-used bits' value of 0 294 */ 295 signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); 296 signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; 297 err: 298 OPENSSL_clear_free((char *)buf_in, inl); 299 OPENSSL_clear_free((char *)buf_out, outll); 300 return outl; 301 } 302