Fix CMP -days option range checking and test failing with enable-ubsan
[openssl.git] / crypto / crmf / crmf_lib.c
1 /*-
2  * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
3  * Copyright Nokia 2007-2018
4  * Copyright Siemens AG 2015-2019
5  *
6  * Licensed under the Apache License 2.0 (the "License").  You may not use
7  * this file except in compliance with the License.  You can obtain a copy
8  * in the file LICENSE in the source distribution or at
9  * https://www.openssl.org/source/license.html
10  *
11  * CRMF implementation by Martin Peylo, Miikka Viljanen, and David von Oheimb.
12  */
13
14 /*
15  * This file contains the functions that handle the individual items inside
16  * the CRMF structures
17  */
18
19 /*
20  * NAMING
21  *
22  * The 0 functions use the supplied structure pointer directly in the parent and
23  * it will be freed up when the parent is freed.
24  *
25  * The 1 functions use a copy of the supplied structure pointer (or in some
26  * cases increases its link count) in the parent and so both should be freed up.
27  */
28
29 #include <openssl/asn1t.h>
30
31 #include "crmf_local.h"
32 #include "internal/constant_time.h"
33
34 /* explicit #includes not strictly needed since implied by the above: */
35 #include <openssl/crmf.h>
36 #include <openssl/err.h>
37 #include <openssl/evp.h>
38
39 DEFINE_STACK_OF(X509_EXTENSION)
40 DEFINE_STACK_OF(OSSL_CRMF_MSG)
41
42 /*-
43  * atyp = Attribute Type
44  * valt = Value Type
45  * ctrlinf = "regCtrl" or "regInfo"
46  */
47 #define IMPLEMENT_CRMF_CTRL_FUNC(atyp, valt, ctrlinf)                     \
48 int OSSL_CRMF_MSG_set1_##ctrlinf##_##atyp(OSSL_CRMF_MSG *msg,             \
49                                           const valt *in)                 \
50 {                                                                         \
51     OSSL_CRMF_ATTRIBUTETYPEANDVALUE *atav = NULL;                         \
52                                                                           \
53     if (msg == NULL || in == NULL)                                       \
54         goto err;                                                         \
55     if ((atav = OSSL_CRMF_ATTRIBUTETYPEANDVALUE_new()) == NULL)           \
56         goto err;                                                         \
57     if ((atav->type = OBJ_nid2obj(NID_id_##ctrlinf##_##atyp)) == NULL)    \
58         goto err;                                                         \
59     if ((atav->value.atyp = valt##_dup(in)) == NULL)                      \
60         goto err;                                                         \
61     if (!OSSL_CRMF_MSG_push0_##ctrlinf(msg, atav))                        \
62         goto err;                                                         \
63     return 1;                                                             \
64  err:                                                                     \
65     OSSL_CRMF_ATTRIBUTETYPEANDVALUE_free(atav);                           \
66     return 0;                                                             \
67 }
68
69
70 /*-
71  * Pushes the given control attribute into the controls stack of a CertRequest
72  * (section 6)
73  * returns 1 on success, 0 on error
74  */
75 static int OSSL_CRMF_MSG_push0_regCtrl(OSSL_CRMF_MSG *crm,
76                                        OSSL_CRMF_ATTRIBUTETYPEANDVALUE *ctrl)
77 {
78     int new = 0;
79
80     if (crm == NULL || crm->certReq == NULL || ctrl == NULL) {
81         CRMFerr(CRMF_F_OSSL_CRMF_MSG_PUSH0_REGCTRL, CRMF_R_NULL_ARGUMENT);
82         return 0;
83     }
84
85     if (crm->certReq->controls == NULL) {
86         crm->certReq->controls = sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_new_null();
87         if (crm->certReq->controls == NULL)
88             goto err;
89         new = 1;
90     }
91     if (!sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_push(crm->certReq->controls, ctrl))
92         goto err;
93
94     return 1;
95  err:
96     if (new != 0) {
97         sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_free(crm->certReq->controls);
98         crm->certReq->controls = NULL;
99     }
100     return 0;
101 }
102
103 /* id-regCtrl-regToken Control (section 6.1) */
104 IMPLEMENT_CRMF_CTRL_FUNC(regToken, ASN1_STRING, regCtrl)
105
106 /* id-regCtrl-authenticator Control (section 6.2) */
107 #define ASN1_UTF8STRING_dup ASN1_STRING_dup
108 IMPLEMENT_CRMF_CTRL_FUNC(authenticator, ASN1_UTF8STRING, regCtrl)
109
110 int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi,
111                                      int method, GENERAL_NAME *nm)
112 {
113     if (spi == NULL
114             || method < OSSL_CRMF_PUB_METHOD_DONTCARE
115             || method > OSSL_CRMF_PUB_METHOD_LDAP) {
116         CRMFerr(CRMF_F_OSSL_CRMF_MSG_SET0_SINGLEPUBINFO,
117                 ERR_R_PASSED_INVALID_ARGUMENT);
118         return 0;
119     }
120
121     if (!ASN1_INTEGER_set(spi->pubMethod, method))
122         return 0;
123     GENERAL_NAME_free(spi->pubLocation);
124     spi->pubLocation = nm;
125     return 1;
126 }
127
128 int
129 OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO *pi,
130                                                      OSSL_CRMF_SINGLEPUBINFO *spi)
131 {
132     if (pi == NULL || spi == NULL) {
133         CRMFerr(CRMF_F_OSSL_CRMF_MSG_PKIPUBLICATIONINFO_PUSH0_SINGLEPUBINFO,
134                 CRMF_R_NULL_ARGUMENT);
135         return 0;
136     }
137     if (pi->pubInfos == NULL)
138         pi->pubInfos = sk_OSSL_CRMF_SINGLEPUBINFO_new_null();
139     if (pi->pubInfos == NULL)
140         return 0;
141
142     return sk_OSSL_CRMF_SINGLEPUBINFO_push(pi->pubInfos, spi);
143 }
144
145 int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO *pi,
146                                                 int action)
147 {
148     if (pi == NULL
149             || action < OSSL_CRMF_PUB_ACTION_DONTPUBLISH
150             || action > OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH) {
151         CRMFerr(CRMF_F_OSSL_CRMF_MSG_SET_PKIPUBLICATIONINFO_ACTION,
152                 ERR_R_PASSED_INVALID_ARGUMENT);
153         return 0;
154     }
155
156     return ASN1_INTEGER_set(pi->action, action);
157 }
158
159 /* id-regCtrl-pkiPublicationInfo Control (section 6.3) */
160 IMPLEMENT_CRMF_CTRL_FUNC(pkiPublicationInfo, OSSL_CRMF_PKIPUBLICATIONINFO,
161                          regCtrl)
162
163 /* id-regCtrl-oldCertID Control (section 6.5) from the given */
164 IMPLEMENT_CRMF_CTRL_FUNC(oldCertID, OSSL_CRMF_CERTID, regCtrl)
165
166 OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer,
167                                        const ASN1_INTEGER *serial)
168 {
169     OSSL_CRMF_CERTID *cid = NULL;
170
171     if (issuer == NULL || serial == NULL) {
172         CRMFerr(CRMF_F_OSSL_CRMF_CERTID_GEN, CRMF_R_NULL_ARGUMENT);
173         return NULL;
174     }
175
176     if ((cid = OSSL_CRMF_CERTID_new()) == NULL)
177         goto err;
178
179     if (!X509_NAME_set(&cid->issuer->d.directoryName, issuer))
180         goto err;
181     cid->issuer->type = GEN_DIRNAME;
182
183     ASN1_INTEGER_free(cid->serialNumber);
184     if ((cid->serialNumber = ASN1_INTEGER_dup(serial)) == NULL)
185         goto err;
186
187     return cid;
188
189  err:
190     OSSL_CRMF_CERTID_free(cid);
191     return NULL;
192 }
193
194 /*
195  * id-regCtrl-protocolEncrKey Control (section 6.6)
196  */
197 IMPLEMENT_CRMF_CTRL_FUNC(protocolEncrKey, X509_PUBKEY, regCtrl)
198
199 /*-
200  * Pushes the attribute given in regInfo in to the CertReqMsg->regInfo stack.
201  * (section 7)
202  * returns 1 on success, 0 on error
203  */
204 static int OSSL_CRMF_MSG_push0_regInfo(OSSL_CRMF_MSG *crm,
205                                        OSSL_CRMF_ATTRIBUTETYPEANDVALUE *ri)
206 {
207     STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) *info = NULL;
208
209     if (crm == NULL || ri == NULL) {
210         CRMFerr(CRMF_F_OSSL_CRMF_MSG_PUSH0_REGINFO, CRMF_R_NULL_ARGUMENT);
211         return 0;
212     }
213
214     if (crm->regInfo == NULL)
215         crm->regInfo = info = sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_new_null();
216     if (crm->regInfo == NULL)
217         goto err;
218     if (!sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_push(crm->regInfo, ri))
219         goto err;
220     return 1;
221
222  err:
223     if (info != NULL)
224         crm->regInfo = NULL;
225     sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_free(info);
226     return 0;
227 }
228
229 /* id-regInfo-utf8Pairs to regInfo (section 7.1) */
230 IMPLEMENT_CRMF_CTRL_FUNC(utf8Pairs, ASN1_UTF8STRING, regInfo)
231
232 /* id-regInfo-certReq to regInfo (section 7.2) */
233 IMPLEMENT_CRMF_CTRL_FUNC(certReq, OSSL_CRMF_CERTREQUEST, regInfo)
234
235
236 /* retrieves the certificate template of crm */
237 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm)
238 {
239     if (crm == NULL || crm->certReq == NULL) {
240         CRMFerr(CRMF_F_OSSL_CRMF_MSG_GET0_TMPL, CRMF_R_NULL_ARGUMENT);
241         return NULL;
242     }
243     return crm->certReq->certTemplate;
244 }
245
246
247 int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG *crm,
248                                 ASN1_TIME *notBefore, ASN1_TIME *notAfter)
249 {
250     OSSL_CRMF_OPTIONALVALIDITY *vld;
251     OSSL_CRMF_CERTTEMPLATE *tmpl = OSSL_CRMF_MSG_get0_tmpl(crm);
252
253     if (tmpl == NULL) { /* also crm == NULL implies this */
254         CRMFerr(CRMF_F_OSSL_CRMF_MSG_SET0_VALIDITY, CRMF_R_NULL_ARGUMENT);
255         return 0;
256     }
257
258     if ((vld = OSSL_CRMF_OPTIONALVALIDITY_new()) == NULL)
259         return 0;
260     vld->notBefore = notBefore;
261     vld->notAfter = notAfter;
262     tmpl->validity = vld;
263     return 1;
264 }
265
266
267 int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid)
268 {
269     if (crm == NULL || crm->certReq == NULL || crm->certReq->certReqId == NULL) {
270         CRMFerr(CRMF_F_OSSL_CRMF_MSG_SET_CERTREQID, CRMF_R_NULL_ARGUMENT);
271         return 0;
272     }
273
274     return ASN1_INTEGER_set(crm->certReq->certReqId, rid);
275 }
276
277 /* get ASN.1 encoded integer, return -1 on error */
278 static int crmf_asn1_get_int(const ASN1_INTEGER *a)
279 {
280     int64_t res;
281
282     if (!ASN1_INTEGER_get_int64(&res, a)) {
283         CRMFerr(0, ASN1_R_INVALID_NUMBER);
284         return -1;
285     }
286     if (res < INT_MIN) {
287         CRMFerr(0, ASN1_R_TOO_SMALL);
288         return -1;
289     }
290     if (res > INT_MAX) {
291         CRMFerr(0, ASN1_R_TOO_LARGE);
292         return -1;
293     }
294     return (int)res;
295 }
296
297 int OSSL_CRMF_MSG_get_certReqId(const OSSL_CRMF_MSG *crm)
298 {
299     if (crm == NULL || /* not really needed: */ crm->certReq == NULL) {
300         CRMFerr(CRMF_F_OSSL_CRMF_MSG_GET_CERTREQID, CRMF_R_NULL_ARGUMENT);
301         return -1;
302     }
303     return crmf_asn1_get_int(crm->certReq->certReqId);
304 }
305
306
307 int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm,
308                                   X509_EXTENSIONS *exts)
309 {
310     OSSL_CRMF_CERTTEMPLATE *tmpl = OSSL_CRMF_MSG_get0_tmpl(crm);
311
312     if (tmpl == NULL) { /* also crm == NULL implies this */
313         CRMFerr(CRMF_F_OSSL_CRMF_MSG_SET0_EXTENSIONS, CRMF_R_NULL_ARGUMENT);
314         return 0;
315     }
316
317     if (sk_X509_EXTENSION_num(exts) == 0) {
318         sk_X509_EXTENSION_free(exts);
319         exts = NULL; /* do not include empty extensions list */
320     }
321
322     sk_X509_EXTENSION_pop_free(tmpl->extensions, X509_EXTENSION_free);
323     tmpl->extensions = exts;
324     return 1;
325 }
326
327
328 int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm,
329                                   X509_EXTENSION *ext)
330 {
331     int new = 0;
332     OSSL_CRMF_CERTTEMPLATE *tmpl = OSSL_CRMF_MSG_get0_tmpl(crm);
333
334     if (tmpl == NULL || ext == NULL) { /* also crm == NULL implies this */
335         CRMFerr(CRMF_F_OSSL_CRMF_MSG_PUSH0_EXTENSION, CRMF_R_NULL_ARGUMENT);
336         return 0;
337     }
338
339     if (tmpl->extensions == NULL) {
340         if ((tmpl->extensions = sk_X509_EXTENSION_new_null()) == NULL)
341             goto err;
342         new = 1;
343     }
344
345     if (!sk_X509_EXTENSION_push(tmpl->extensions, ext))
346         goto err;
347     return 1;
348  err:
349     if (new != 0) {
350         sk_X509_EXTENSION_free(tmpl->extensions);
351         tmpl->extensions = NULL;
352     }
353     return 0;
354 }
355
356 /* TODO: support cases 1+2 (besides case 3) defined in RFC 4211, section 4.1. */
357 static int CRMF_poposigningkey_init(OSSL_CRMF_POPOSIGNINGKEY *ps,
358                                     OSSL_CRMF_CERTREQUEST *cr,
359                                     EVP_PKEY *pkey, int dgst)
360 {
361     int ret = 0;
362     EVP_MD *fetched_md = NULL;
363     const EVP_MD *md = EVP_get_digestbynid(dgst);
364
365     if (ps == NULL || cr == NULL || pkey == NULL) {
366         CRMFerr(CRMF_F_CRMF_POPOSIGNINGKEY_INIT, CRMF_R_NULL_ARGUMENT);
367         return 0;
368     }
369
370     /* If we didn't find legacy MD, we try an implicit fetch */
371     if (md == NULL)
372         md = fetched_md = EVP_MD_fetch(NULL, OBJ_nid2sn(dgst), NULL);
373
374     if (md == NULL) {
375         CRMFerr(CRMF_F_CRMF_POPOSIGNINGKEY_INIT,
376                 CRMF_R_UNSUPPORTED_ALG_FOR_POPSIGNINGKEY);
377         return 0;
378     }
379
380     ret = ASN1_item_sign(ASN1_ITEM_rptr(OSSL_CRMF_CERTREQUEST),
381                          ps->algorithmIdentifier, NULL, ps->signature,
382                          cr, pkey, md);
383
384     EVP_MD_free(fetched_md);
385     return ret;
386 }
387
388
389 int OSSL_CRMF_MSG_create_popo(OSSL_CRMF_MSG *crm, EVP_PKEY *pkey,
390                               int dgst, int ppmtd)
391 {
392     OSSL_CRMF_POPO *pp = NULL;
393     ASN1_INTEGER *tag = NULL;
394
395     if (crm == NULL || (ppmtd == OSSL_CRMF_POPO_SIGNATURE && pkey == NULL)) {
396         CRMFerr(CRMF_F_OSSL_CRMF_MSG_CREATE_POPO, CRMF_R_NULL_ARGUMENT);
397         return 0;
398     }
399
400     if (ppmtd == OSSL_CRMF_POPO_NONE)
401         goto end;
402     if ((pp = OSSL_CRMF_POPO_new()) == NULL)
403         goto err;
404     pp->type = ppmtd;
405
406     switch (ppmtd) {
407     case OSSL_CRMF_POPO_RAVERIFIED:
408         if ((pp->value.raVerified = ASN1_NULL_new()) == NULL)
409             goto err;
410         break;
411
412     case OSSL_CRMF_POPO_SIGNATURE:
413         {
414             OSSL_CRMF_POPOSIGNINGKEY *ps = OSSL_CRMF_POPOSIGNINGKEY_new();
415             if (ps == NULL
416                     || !CRMF_poposigningkey_init(ps, crm->certReq, pkey, dgst)) {
417                 OSSL_CRMF_POPOSIGNINGKEY_free(ps);
418                 goto err;
419             }
420             pp->value.signature = ps;
421         }
422         break;
423
424     case OSSL_CRMF_POPO_KEYENC:
425         if ((pp->value.keyEncipherment = OSSL_CRMF_POPOPRIVKEY_new()) == NULL)
426             goto err;
427         tag = ASN1_INTEGER_new();
428         pp->value.keyEncipherment->type =
429             OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE;
430         pp->value.keyEncipherment->value.subsequentMessage = tag;
431         if (tag == NULL
432                 || !ASN1_INTEGER_set(tag, OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT))
433             goto err;
434         break;
435
436     default:
437         CRMFerr(CRMF_F_OSSL_CRMF_MSG_CREATE_POPO,
438                 CRMF_R_UNSUPPORTED_METHOD_FOR_CREATING_POPO);
439         goto err;
440     }
441
442  end:
443     OSSL_CRMF_POPO_free(crm->popo);
444     crm->popo = pp;
445
446     return 1;
447  err:
448     OSSL_CRMF_POPO_free(pp);
449     return 0;
450 }
451
452 /* verifies the Proof-of-Possession of the request with the given rid in reqs */
453 int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
454                                int rid, int acceptRAVerified)
455 {
456     OSSL_CRMF_MSG *req = NULL;
457     X509_PUBKEY *pubkey = NULL;
458     OSSL_CRMF_POPOSIGNINGKEY *sig = NULL;
459
460     if (reqs == NULL || (req = sk_OSSL_CRMF_MSG_value(reqs, rid)) == NULL) {
461         CRMFerr(CRMF_F_OSSL_CRMF_MSGS_VERIFY_POPO, CRMF_R_NULL_ARGUMENT);
462         return 0;
463     }
464
465     if (req->popo == NULL) {
466         CRMFerr(0, CRMF_R_POPO_MISSING);
467         return 0;
468     }
469
470     switch (req->popo->type) {
471     case OSSL_CRMF_POPO_RAVERIFIED:
472         if (!acceptRAVerified) {
473             CRMFerr(0, CRMF_R_POPO_RAVERIFIED_NOT_ACCEPTED);
474             return 0;
475         }
476         break;
477     case OSSL_CRMF_POPO_SIGNATURE:
478         pubkey = req->certReq->certTemplate->publicKey;
479         if (pubkey == NULL) {
480             CRMFerr(0, CRMF_R_POPO_MISSING_PUBLIC_KEY);
481             return 0;
482         }
483         sig = req->popo->value.signature;
484         if (sig->poposkInput != NULL) {
485             /*
486              * According to RFC 4211: publicKey contains a copy of
487              * the public key from the certificate template. This MUST be
488              * exactly the same value as contained in the certificate template.
489              */
490             if (sig->poposkInput->publicKey == NULL) {
491                 CRMFerr(0, CRMF_R_POPO_MISSING_PUBLIC_KEY);
492                 return 0;
493             }
494             if (X509_PUBKEY_eq(pubkey, sig->poposkInput->publicKey) != 1) {
495                 CRMFerr(0, CRMF_R_POPO_INCONSISTENT_PUBLIC_KEY);
496                 return 0;
497             }
498             /*
499              * TODO check the contents of the authInfo sub-field,
500              * see RFC 4211 https://tools.ietf.org/html/rfc4211#section-4.1
501              */
502             if (ASN1_item_verify(ASN1_ITEM_rptr(OSSL_CRMF_POPOSIGNINGKEYINPUT),
503                                  sig->algorithmIdentifier, sig->signature,
504                                  sig->poposkInput,
505                                  X509_PUBKEY_get0(pubkey)) < 1)
506                 return 0;
507         } else {
508             if (req->certReq->certTemplate->subject == NULL) {
509                 CRMFerr(0, CRMF_R_POPO_MISSING_SUBJECT);
510                 return 0;
511             }
512             if (ASN1_item_verify(ASN1_ITEM_rptr(OSSL_CRMF_CERTREQUEST),
513                                  sig->algorithmIdentifier, sig->signature,
514                                  req->certReq, X509_PUBKEY_get0(pubkey)) < 1)
515                 return 0;
516         }
517         break;
518     case OSSL_CRMF_POPO_KEYENC:
519         /*
520          * TODO: when OSSL_CMP_certrep_new() supports encrypted certs,
521          * return 1 if the type of req->popo->value.keyEncipherment
522          * is OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE and
523          * its value.subsequentMessage == OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT
524          */
525     case OSSL_CRMF_POPO_KEYAGREE:
526     default:
527         CRMFerr(CRMF_F_OSSL_CRMF_MSGS_VERIFY_POPO,
528                 CRMF_R_UNSUPPORTED_POPO_METHOD);
529         return 0;
530     }
531     return 1;
532 }
533
534 /* retrieves the serialNumber of the given cert template or NULL on error */
535 ASN1_INTEGER
536 *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl)
537 {
538     return tmpl != NULL ? tmpl->serialNumber : NULL;
539 }
540
541 /* retrieves the issuer name of the given cert template or NULL on error */
542 const X509_NAME
543     *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl)
544 {
545     return tmpl != NULL ? tmpl->issuer : NULL;
546 }
547
548 /* retrieves the issuer name of the given CertId or NULL on error */
549 const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid)
550 {
551     return cid != NULL && cid->issuer->type == GEN_DIRNAME ?
552         cid->issuer->d.directoryName : NULL;
553 }
554
555 /* retrieves the serialNumber of the given CertId or NULL on error */
556 ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid)
557 {
558     return cid != NULL ? cid->serialNumber : NULL;
559 }
560
561 /*-
562  * fill in certificate template.
563  * Any value argument that is NULL will leave the respective field unchanged.
564  */
565 int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl,
566                                 EVP_PKEY *pubkey,
567                                 const X509_NAME *subject,
568                                 const X509_NAME *issuer,
569                                 const ASN1_INTEGER *serial)
570 {
571     if (tmpl == NULL) {
572         CRMFerr(CRMF_F_OSSL_CRMF_CERTTEMPLATE_FILL, CRMF_R_NULL_ARGUMENT);
573         return 0;
574     }
575     if (subject != NULL && !X509_NAME_set((X509_NAME **)&tmpl->subject, subject))
576         return 0;
577     if (issuer != NULL && !X509_NAME_set((X509_NAME **)&tmpl->issuer, issuer))
578         return 0;
579     if (serial != NULL) {
580         ASN1_INTEGER_free(tmpl->serialNumber);
581         if ((tmpl->serialNumber = ASN1_INTEGER_dup(serial)) == NULL)
582             return 0;
583     }
584     if (pubkey != NULL && !X509_PUBKEY_set(&tmpl->publicKey, pubkey))
585         return 0;
586     return 1;
587 }
588
589
590 /*-
591  * Decrypts the certificate in the given encryptedValue using private key pkey.
592  * This is needed for the indirect PoP method as in RFC 4210 section 5.2.8.2.
593  *
594  * returns a pointer to the decrypted certificate
595  * returns NULL on error or if no certificate available
596  */
597 X509 *OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(const OSSL_CRMF_ENCRYPTEDVALUE *ecert,
598                                             EVP_PKEY *pkey)
599 {
600     X509 *cert = NULL; /* decrypted certificate */
601     EVP_CIPHER_CTX *evp_ctx = NULL; /* context for symmetric encryption */
602     unsigned char *ek = NULL; /* decrypted symmetric encryption key */
603     size_t eksize = 0; /* size of decrypted symmetric encryption key */
604     const EVP_CIPHER *cipher = NULL; /* used cipher */
605     int cikeysize = 0; /* key size from cipher */
606     unsigned char *iv = NULL; /* initial vector for symmetric encryption */
607     unsigned char *outbuf = NULL; /* decryption output buffer */
608     const unsigned char *p = NULL; /* needed for decoding ASN1 */
609     int symmAlg = 0; /* NIDs for symmetric algorithm */
610     int n, outlen = 0;
611     EVP_PKEY_CTX *pkctx = NULL; /* private key context */
612
613     if (ecert == NULL || ecert->symmAlg == NULL || ecert->encSymmKey == NULL
614             || ecert->encValue == NULL || pkey == NULL) {
615         CRMFerr(CRMF_F_OSSL_CRMF_ENCRYPTEDVALUE_GET1_ENCCERT,
616                 CRMF_R_NULL_ARGUMENT);
617         return NULL;
618     }
619     if ((symmAlg = OBJ_obj2nid(ecert->symmAlg->algorithm)) == 0) {
620         CRMFerr(CRMF_F_OSSL_CRMF_ENCRYPTEDVALUE_GET1_ENCCERT,
621                 CRMF_R_UNSUPPORTED_CIPHER);
622         return NULL;
623     }
624     /* select symmetric cipher based on algorithm given in message */
625     if ((cipher = EVP_get_cipherbynid(symmAlg)) == NULL) {
626         CRMFerr(CRMF_F_OSSL_CRMF_ENCRYPTEDVALUE_GET1_ENCCERT,
627                 CRMF_R_UNSUPPORTED_CIPHER);
628         goto end;
629     }
630     cikeysize = EVP_CIPHER_key_length(cipher);
631     /* first the symmetric key needs to be decrypted */
632     pkctx = EVP_PKEY_CTX_new(pkey, NULL);
633     if (pkctx != NULL && EVP_PKEY_decrypt_init(pkctx)) {
634         ASN1_BIT_STRING *encKey = ecert->encSymmKey;
635         size_t failure;
636         int retval;
637
638         if (EVP_PKEY_decrypt(pkctx, NULL, &eksize,
639                              encKey->data, encKey->length) <= 0
640                 || (ek = OPENSSL_malloc(eksize)) == NULL)
641             goto end;
642         retval = EVP_PKEY_decrypt(pkctx, ek, &eksize,
643                                   encKey->data, encKey->length);
644         ERR_clear_error(); /* error state may have sensitive information */
645         failure = ~constant_time_is_zero_s(constant_time_msb(retval)
646                                            | constant_time_is_zero(retval));
647         failure |= ~constant_time_eq_s(eksize, (size_t)cikeysize);
648         if (failure) {
649             CRMFerr(CRMF_F_OSSL_CRMF_ENCRYPTEDVALUE_GET1_ENCCERT,
650                     CRMF_R_ERROR_DECRYPTING_SYMMETRIC_KEY);
651             goto end;
652         }
653     } else {
654         goto end;
655     }
656     if ((iv = OPENSSL_malloc(EVP_CIPHER_iv_length(cipher))) == NULL)
657         goto end;
658     if (ASN1_TYPE_get_octetstring(ecert->symmAlg->parameter, iv,
659                                   EVP_CIPHER_iv_length(cipher))
660         != EVP_CIPHER_iv_length(cipher)) {
661         CRMFerr(CRMF_F_OSSL_CRMF_ENCRYPTEDVALUE_GET1_ENCCERT,
662                 CRMF_R_MALFORMED_IV);
663         goto end;
664     }
665
666     /*
667      * d2i_X509 changes the given pointer, so use p for decoding the message and
668      * keep the original pointer in outbuf so the memory can be freed later
669      */
670     if ((p = outbuf = OPENSSL_malloc(ecert->encValue->length +
671                                      EVP_CIPHER_block_size(cipher))) == NULL
672             || (evp_ctx = EVP_CIPHER_CTX_new()) == NULL)
673         goto end;
674     EVP_CIPHER_CTX_set_padding(evp_ctx, 0);
675
676     if (!EVP_DecryptInit(evp_ctx, cipher, ek, iv)
677             || !EVP_DecryptUpdate(evp_ctx, outbuf, &outlen,
678                                   ecert->encValue->data,
679                                   ecert->encValue->length)
680             || !EVP_DecryptFinal(evp_ctx, outbuf + outlen, &n)) {
681         CRMFerr(CRMF_F_OSSL_CRMF_ENCRYPTEDVALUE_GET1_ENCCERT,
682                 CRMF_R_ERROR_DECRYPTING_CERTIFICATE);
683         goto end;
684     }
685     outlen += n;
686
687     /* convert decrypted certificate from DER to internal ASN.1 structure */
688     if ((cert = d2i_X509(NULL, &p, outlen)) == NULL) {
689         CRMFerr(CRMF_F_OSSL_CRMF_ENCRYPTEDVALUE_GET1_ENCCERT,
690                 CRMF_R_ERROR_DECODING_CERTIFICATE);
691     }
692  end:
693     EVP_PKEY_CTX_free(pkctx);
694     OPENSSL_free(outbuf);
695     EVP_CIPHER_CTX_free(evp_ctx);
696     OPENSSL_clear_free(ek, eksize);
697     OPENSSL_free(iv);
698     return cert;
699 }