c20a6da0f29c89e33f66fd3fe7615856e2596e46
[openssl.git] / crypto / crmf / crmf_lib.c
1 /*-
2  * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
3  * Copyright Nokia 2007-2018
4  * Copyright Siemens AG 2015-2019
5  *
6  * Licensed under the Apache License 2.0 (the "License").  You may not use
7  * this file except in compliance with the License.  You can obtain a copy
8  * in the file LICENSE in the source distribution or at
9  * https://www.openssl.org/source/license.html
10  *
11  * CRMF implementation by Martin Peylo, Miikka Viljanen, and David von Oheimb.
12  */
13
14 /*
15  * This file contains the functions that handle the individual items inside
16  * the CRMF structures
17  */
18
19 /*
20  * NAMING
21  *
22  * The 0 functions use the supplied structure pointer directly in the parent and
23  * it will be freed up when the parent is freed.
24  *
25  * The 1 functions use a copy of the supplied structure pointer (or in some
26  * cases increases its link count) in the parent and so both should be freed up.
27  */
28
29 #include <openssl/asn1t.h>
30
31 #include "crmf_local.h"
32 #include "internal/constant_time.h"
33
34 /* explicit #includes not strictly needed since implied by the above: */
35 #include <openssl/crmf.h>
36 #include <openssl/err.h>
37 #include <openssl/evp.h>
38
39 DEFINE_STACK_OF(X509_EXTENSION)
40 DEFINE_STACK_OF(OSSL_CRMF_MSG)
41
42 /*-
43  * atyp = Attribute Type
44  * valt = Value Type
45  * ctrlinf = "regCtrl" or "regInfo"
46  */
47 #define IMPLEMENT_CRMF_CTRL_FUNC(atyp, valt, ctrlinf)                     \
48 int OSSL_CRMF_MSG_set1_##ctrlinf##_##atyp(OSSL_CRMF_MSG *msg,             \
49                                           const valt *in)                 \
50 {                                                                         \
51     OSSL_CRMF_ATTRIBUTETYPEANDVALUE *atav = NULL;                         \
52                                                                           \
53     if (msg == NULL || in == NULL)                                       \
54         goto err;                                                         \
55     if ((atav = OSSL_CRMF_ATTRIBUTETYPEANDVALUE_new()) == NULL)           \
56         goto err;                                                         \
57     if ((atav->type = OBJ_nid2obj(NID_id_##ctrlinf##_##atyp)) == NULL)    \
58         goto err;                                                         \
59     if ((atav->value.atyp = valt##_dup(in)) == NULL)                      \
60         goto err;                                                         \
61     if (!OSSL_CRMF_MSG_push0_##ctrlinf(msg, atav))                        \
62         goto err;                                                         \
63     return 1;                                                             \
64  err:                                                                     \
65     OSSL_CRMF_ATTRIBUTETYPEANDVALUE_free(atav);                           \
66     return 0;                                                             \
67 }
68
69
70 /*-
71  * Pushes the given control attribute into the controls stack of a CertRequest
72  * (section 6)
73  * returns 1 on success, 0 on error
74  */
75 static int OSSL_CRMF_MSG_push0_regCtrl(OSSL_CRMF_MSG *crm,
76                                        OSSL_CRMF_ATTRIBUTETYPEANDVALUE *ctrl)
77 {
78     int new = 0;
79
80     if (crm == NULL || crm->certReq == NULL || ctrl == NULL) {
81         CRMFerr(CRMF_F_OSSL_CRMF_MSG_PUSH0_REGCTRL, CRMF_R_NULL_ARGUMENT);
82         return 0;
83     }
84
85     if (crm->certReq->controls == NULL) {
86         crm->certReq->controls = sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_new_null();
87         if (crm->certReq->controls == NULL)
88             goto err;
89         new = 1;
90     }
91     if (!sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_push(crm->certReq->controls, ctrl))
92         goto err;
93
94     return 1;
95  err:
96     if (new != 0) {
97         sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_free(crm->certReq->controls);
98         crm->certReq->controls = NULL;
99     }
100     return 0;
101 }
102
103 /* id-regCtrl-regToken Control (section 6.1) */
104 IMPLEMENT_CRMF_CTRL_FUNC(regToken, ASN1_STRING, regCtrl)
105
106 /* id-regCtrl-authenticator Control (section 6.2) */
107 #define ASN1_UTF8STRING_dup ASN1_STRING_dup
108 IMPLEMENT_CRMF_CTRL_FUNC(authenticator, ASN1_UTF8STRING, regCtrl)
109
110 int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi,
111                                      int method, GENERAL_NAME *nm)
112 {
113     if (spi == NULL
114             || method < OSSL_CRMF_PUB_METHOD_DONTCARE
115             || method > OSSL_CRMF_PUB_METHOD_LDAP) {
116         CRMFerr(CRMF_F_OSSL_CRMF_MSG_SET0_SINGLEPUBINFO,
117                 ERR_R_PASSED_INVALID_ARGUMENT);
118         return 0;
119     }
120
121     if (!ASN1_INTEGER_set(spi->pubMethod, method))
122         return 0;
123     GENERAL_NAME_free(spi->pubLocation);
124     spi->pubLocation = nm;
125     return 1;
126 }
127
128 int
129 OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO *pi,
130                                                      OSSL_CRMF_SINGLEPUBINFO *spi)
131 {
132     if (pi == NULL || spi == NULL) {
133         CRMFerr(CRMF_F_OSSL_CRMF_MSG_PKIPUBLICATIONINFO_PUSH0_SINGLEPUBINFO,
134                 CRMF_R_NULL_ARGUMENT);
135         return 0;
136     }
137     if (pi->pubInfos == NULL)
138         pi->pubInfos = sk_OSSL_CRMF_SINGLEPUBINFO_new_null();
139     if (pi->pubInfos == NULL)
140         return 0;
141
142     return sk_OSSL_CRMF_SINGLEPUBINFO_push(pi->pubInfos, spi);
143 }
144
145 int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO *pi,
146                                                 int action)
147 {
148     if (pi == NULL
149             || action < OSSL_CRMF_PUB_ACTION_DONTPUBLISH
150             || action > OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH) {
151         CRMFerr(CRMF_F_OSSL_CRMF_MSG_SET_PKIPUBLICATIONINFO_ACTION,
152                 ERR_R_PASSED_INVALID_ARGUMENT);
153         return 0;
154     }
155
156     return ASN1_INTEGER_set(pi->action, action);
157 }
158
159 /* id-regCtrl-pkiPublicationInfo Control (section 6.3) */
160 IMPLEMENT_CRMF_CTRL_FUNC(pkiPublicationInfo, OSSL_CRMF_PKIPUBLICATIONINFO,
161                          regCtrl)
162
163 /* id-regCtrl-oldCertID Control (section 6.5) from the given */
164 IMPLEMENT_CRMF_CTRL_FUNC(oldCertID, OSSL_CRMF_CERTID, regCtrl)
165
166 OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer,
167                                        const ASN1_INTEGER *serial)
168 {
169     OSSL_CRMF_CERTID *cid = NULL;
170
171     if (issuer == NULL || serial == NULL) {
172         CRMFerr(CRMF_F_OSSL_CRMF_CERTID_GEN, CRMF_R_NULL_ARGUMENT);
173         return NULL;
174     }
175
176     if ((cid = OSSL_CRMF_CERTID_new()) == NULL)
177         goto err;
178
179     if (!X509_NAME_set(&cid->issuer->d.directoryName, issuer))
180         goto err;
181     cid->issuer->type = GEN_DIRNAME;
182
183     ASN1_INTEGER_free(cid->serialNumber);
184     if ((cid->serialNumber = ASN1_INTEGER_dup(serial)) == NULL)
185         goto err;
186
187     return cid;
188
189  err:
190     OSSL_CRMF_CERTID_free(cid);
191     return NULL;
192 }
193
194 /*
195  * id-regCtrl-protocolEncrKey Control (section 6.6)
196  */
197 IMPLEMENT_CRMF_CTRL_FUNC(protocolEncrKey, X509_PUBKEY, regCtrl)
198
199 /*-
200  * Pushes the attribute given in regInfo in to the CertReqMsg->regInfo stack.
201  * (section 7)
202  * returns 1 on success, 0 on error
203  */
204 static int OSSL_CRMF_MSG_push0_regInfo(OSSL_CRMF_MSG *crm,
205                                        OSSL_CRMF_ATTRIBUTETYPEANDVALUE *ri)
206 {
207     STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) *info = NULL;
208
209     if (crm == NULL || ri == NULL) {
210         CRMFerr(CRMF_F_OSSL_CRMF_MSG_PUSH0_REGINFO, CRMF_R_NULL_ARGUMENT);
211         return 0;
212     }
213
214     if (crm->regInfo == NULL)
215         crm->regInfo = info = sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_new_null();
216     if (crm->regInfo == NULL)
217         goto err;
218     if (!sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_push(crm->regInfo, ri))
219         goto err;
220     return 1;
221
222  err:
223     if (info != NULL)
224         crm->regInfo = NULL;
225     sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_free(info);
226     return 0;
227 }
228
229 /* id-regInfo-utf8Pairs to regInfo (section 7.1) */
230 IMPLEMENT_CRMF_CTRL_FUNC(utf8Pairs, ASN1_UTF8STRING, regInfo)
231
232 /* id-regInfo-certReq to regInfo (section 7.2) */
233 IMPLEMENT_CRMF_CTRL_FUNC(certReq, OSSL_CRMF_CERTREQUEST, regInfo)
234
235
236 /* retrieves the certificate template of crm */
237 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm)
238 {
239     if (crm == NULL || crm->certReq == NULL) {
240         CRMFerr(CRMF_F_OSSL_CRMF_MSG_GET0_TMPL, CRMF_R_NULL_ARGUMENT);
241         return NULL;
242     }
243     return crm->certReq->certTemplate;
244 }
245
246
247 int OSSL_CRMF_MSG_set_validity(OSSL_CRMF_MSG *crm, time_t from, time_t to)
248 {
249     OSSL_CRMF_OPTIONALVALIDITY *vld = NULL;
250     ASN1_TIME *from_asn = NULL;
251     ASN1_TIME *to_asn = NULL;
252     OSSL_CRMF_CERTTEMPLATE *tmpl = OSSL_CRMF_MSG_get0_tmpl(crm);
253
254     if (tmpl == NULL) { /* also crm == NULL implies this */
255         CRMFerr(CRMF_F_OSSL_CRMF_MSG_SET_VALIDITY, CRMF_R_NULL_ARGUMENT);
256         return 0;
257     }
258
259     if (from != 0 && ((from_asn = ASN1_TIME_set(NULL, from)) == NULL))
260         goto err;
261     if (to != 0 && ((to_asn = ASN1_TIME_set(NULL, to)) == NULL))
262         goto err;
263     if ((vld = OSSL_CRMF_OPTIONALVALIDITY_new()) == NULL)
264         goto err;
265
266     vld->notBefore = from_asn;
267     vld->notAfter = to_asn;
268
269     tmpl->validity = vld;
270
271     return 1;
272  err:
273     ASN1_TIME_free(from_asn);
274     ASN1_TIME_free(to_asn);
275     return 0;
276 }
277
278
279 int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid)
280 {
281     if (crm == NULL || crm->certReq == NULL || crm->certReq->certReqId == NULL) {
282         CRMFerr(CRMF_F_OSSL_CRMF_MSG_SET_CERTREQID, CRMF_R_NULL_ARGUMENT);
283         return 0;
284     }
285
286     return ASN1_INTEGER_set(crm->certReq->certReqId, rid);
287 }
288
289 /* get ASN.1 encoded integer, return -1 on error */
290 static int crmf_asn1_get_int(const ASN1_INTEGER *a)
291 {
292     int64_t res;
293
294     if (!ASN1_INTEGER_get_int64(&res, a)) {
295         CRMFerr(0, ASN1_R_INVALID_NUMBER);
296         return -1;
297     }
298     if (res < INT_MIN) {
299         CRMFerr(0, ASN1_R_TOO_SMALL);
300         return -1;
301     }
302     if (res > INT_MAX) {
303         CRMFerr(0, ASN1_R_TOO_LARGE);
304         return -1;
305     }
306     return (int)res;
307 }
308
309 int OSSL_CRMF_MSG_get_certReqId(const OSSL_CRMF_MSG *crm)
310 {
311     if (crm == NULL || /* not really needed: */ crm->certReq == NULL) {
312         CRMFerr(CRMF_F_OSSL_CRMF_MSG_GET_CERTREQID, CRMF_R_NULL_ARGUMENT);
313         return -1;
314     }
315     return crmf_asn1_get_int(crm->certReq->certReqId);
316 }
317
318
319 int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm,
320                                   X509_EXTENSIONS *exts)
321 {
322     OSSL_CRMF_CERTTEMPLATE *tmpl = OSSL_CRMF_MSG_get0_tmpl(crm);
323
324     if (tmpl == NULL) { /* also crm == NULL implies this */
325         CRMFerr(CRMF_F_OSSL_CRMF_MSG_SET0_EXTENSIONS, CRMF_R_NULL_ARGUMENT);
326         return 0;
327     }
328
329     if (sk_X509_EXTENSION_num(exts) == 0) {
330         sk_X509_EXTENSION_free(exts);
331         exts = NULL; /* do not include empty extensions list */
332     }
333
334     sk_X509_EXTENSION_pop_free(tmpl->extensions, X509_EXTENSION_free);
335     tmpl->extensions = exts;
336     return 1;
337 }
338
339
340 int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm,
341                                   X509_EXTENSION *ext)
342 {
343     int new = 0;
344     OSSL_CRMF_CERTTEMPLATE *tmpl = OSSL_CRMF_MSG_get0_tmpl(crm);
345
346     if (tmpl == NULL || ext == NULL) { /* also crm == NULL implies this */
347         CRMFerr(CRMF_F_OSSL_CRMF_MSG_PUSH0_EXTENSION, CRMF_R_NULL_ARGUMENT);
348         return 0;
349     }
350
351     if (tmpl->extensions == NULL) {
352         if ((tmpl->extensions = sk_X509_EXTENSION_new_null()) == NULL)
353             goto err;
354         new = 1;
355     }
356
357     if (!sk_X509_EXTENSION_push(tmpl->extensions, ext))
358         goto err;
359     return 1;
360  err:
361     if (new != 0) {
362         sk_X509_EXTENSION_free(tmpl->extensions);
363         tmpl->extensions = NULL;
364     }
365     return 0;
366 }
367
368 /* TODO: support cases 1+2 (besides case 3) defined in RFC 4211, section 4.1. */
369 static int CRMF_poposigningkey_init(OSSL_CRMF_POPOSIGNINGKEY *ps,
370                                     OSSL_CRMF_CERTREQUEST *cr,
371                                     EVP_PKEY *pkey, int dgst)
372 {
373     int ret = 0;
374     EVP_MD *fetched_md = NULL;
375     const EVP_MD *md = EVP_get_digestbynid(dgst);
376
377     if (ps == NULL || cr == NULL || pkey == NULL) {
378         CRMFerr(CRMF_F_CRMF_POPOSIGNINGKEY_INIT, CRMF_R_NULL_ARGUMENT);
379         return 0;
380     }
381
382     /* If we didn't find legacy MD, we try an implicit fetch */
383     if (md == NULL)
384         md = fetched_md = EVP_MD_fetch(NULL, OBJ_nid2sn(dgst), NULL);
385
386     if (md == NULL) {
387         CRMFerr(CRMF_F_CRMF_POPOSIGNINGKEY_INIT,
388                 CRMF_R_UNSUPPORTED_ALG_FOR_POPSIGNINGKEY);
389         return 0;
390     }
391
392     ret = ASN1_item_sign(ASN1_ITEM_rptr(OSSL_CRMF_CERTREQUEST),
393                          ps->algorithmIdentifier, NULL, ps->signature,
394                          cr, pkey, md);
395
396     EVP_MD_free(fetched_md);
397     return ret;
398 }
399
400
401 int OSSL_CRMF_MSG_create_popo(OSSL_CRMF_MSG *crm, EVP_PKEY *pkey,
402                               int dgst, int ppmtd)
403 {
404     OSSL_CRMF_POPO *pp = NULL;
405     ASN1_INTEGER *tag = NULL;
406
407     if (crm == NULL || (ppmtd == OSSL_CRMF_POPO_SIGNATURE && pkey == NULL)) {
408         CRMFerr(CRMF_F_OSSL_CRMF_MSG_CREATE_POPO, CRMF_R_NULL_ARGUMENT);
409         return 0;
410     }
411
412     if (ppmtd == OSSL_CRMF_POPO_NONE)
413         goto end;
414     if ((pp = OSSL_CRMF_POPO_new()) == NULL)
415         goto err;
416     pp->type = ppmtd;
417
418     switch (ppmtd) {
419     case OSSL_CRMF_POPO_RAVERIFIED:
420         if ((pp->value.raVerified = ASN1_NULL_new()) == NULL)
421             goto err;
422         break;
423
424     case OSSL_CRMF_POPO_SIGNATURE:
425         {
426             OSSL_CRMF_POPOSIGNINGKEY *ps = OSSL_CRMF_POPOSIGNINGKEY_new();
427             if (ps == NULL
428                     || !CRMF_poposigningkey_init(ps, crm->certReq, pkey, dgst)) {
429                 OSSL_CRMF_POPOSIGNINGKEY_free(ps);
430                 goto err;
431             }
432             pp->value.signature = ps;
433         }
434         break;
435
436     case OSSL_CRMF_POPO_KEYENC:
437         if ((pp->value.keyEncipherment = OSSL_CRMF_POPOPRIVKEY_new()) == NULL)
438             goto err;
439         tag = ASN1_INTEGER_new();
440         pp->value.keyEncipherment->type =
441             OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE;
442         pp->value.keyEncipherment->value.subsequentMessage = tag;
443         if (tag == NULL
444                 || !ASN1_INTEGER_set(tag, OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT))
445             goto err;
446         break;
447
448     default:
449         CRMFerr(CRMF_F_OSSL_CRMF_MSG_CREATE_POPO,
450                 CRMF_R_UNSUPPORTED_METHOD_FOR_CREATING_POPO);
451         goto err;
452     }
453
454  end:
455     OSSL_CRMF_POPO_free(crm->popo);
456     crm->popo = pp;
457
458     return 1;
459  err:
460     OSSL_CRMF_POPO_free(pp);
461     return 0;
462 }
463
464 /* verifies the Proof-of-Possession of the request with the given rid in reqs */
465 int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
466                                int rid, int acceptRAVerified)
467 {
468     OSSL_CRMF_MSG *req = NULL;
469     X509_PUBKEY *pubkey = NULL;
470     OSSL_CRMF_POPOSIGNINGKEY *sig = NULL;
471
472     if (reqs == NULL || (req = sk_OSSL_CRMF_MSG_value(reqs, rid)) == NULL) {
473         CRMFerr(CRMF_F_OSSL_CRMF_MSGS_VERIFY_POPO, CRMF_R_NULL_ARGUMENT);
474         return 0;
475     }
476
477     if (req->popo == NULL) {
478         CRMFerr(0, CRMF_R_POPO_MISSING);
479         return 0;
480     }
481
482     switch (req->popo->type) {
483     case OSSL_CRMF_POPO_RAVERIFIED:
484         if (!acceptRAVerified) {
485             CRMFerr(0, CRMF_R_POPO_RAVERIFIED_NOT_ACCEPTED);
486             return 0;
487         }
488         break;
489     case OSSL_CRMF_POPO_SIGNATURE:
490         pubkey = req->certReq->certTemplate->publicKey;
491         if (pubkey == NULL) {
492             CRMFerr(0, CRMF_R_POPO_MISSING_PUBLIC_KEY);
493             return 0;
494         }
495         sig = req->popo->value.signature;
496         if (sig->poposkInput != NULL) {
497             /*
498              * According to RFC 4211: publicKey contains a copy of
499              * the public key from the certificate template. This MUST be
500              * exactly the same value as contained in the certificate template.
501              */
502             if (sig->poposkInput->publicKey == NULL) {
503                 CRMFerr(0, CRMF_R_POPO_MISSING_PUBLIC_KEY);
504                 return 0;
505             }
506             if (X509_PUBKEY_eq(pubkey, sig->poposkInput->publicKey) != 1) {
507                 CRMFerr(0, CRMF_R_POPO_INCONSISTENT_PUBLIC_KEY);
508                 return 0;
509             }
510             /*
511              * TODO check the contents of the authInfo sub-field,
512              * see RFC 4211 https://tools.ietf.org/html/rfc4211#section-4.1
513              */
514             if (ASN1_item_verify(ASN1_ITEM_rptr(OSSL_CRMF_POPOSIGNINGKEYINPUT),
515                                  sig->algorithmIdentifier, sig->signature,
516                                  sig->poposkInput,
517                                  X509_PUBKEY_get0(pubkey)) < 1)
518                 return 0;
519         } else {
520             if (req->certReq->certTemplate->subject == NULL) {
521                 CRMFerr(0, CRMF_R_POPO_MISSING_SUBJECT);
522                 return 0;
523             }
524             if (ASN1_item_verify(ASN1_ITEM_rptr(OSSL_CRMF_CERTREQUEST),
525                                  sig->algorithmIdentifier, sig->signature,
526                                  req->certReq, X509_PUBKEY_get0(pubkey)) < 1)
527                 return 0;
528         }
529         break;
530     case OSSL_CRMF_POPO_KEYENC:
531         /*
532          * TODO: when OSSL_CMP_certrep_new() supports encrypted certs,
533          * return 1 if the type of req->popo->value.keyEncipherment
534          * is OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE and
535          * its value.subsequentMessage == OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT
536          */
537     case OSSL_CRMF_POPO_KEYAGREE:
538     default:
539         CRMFerr(CRMF_F_OSSL_CRMF_MSGS_VERIFY_POPO,
540                 CRMF_R_UNSUPPORTED_POPO_METHOD);
541         return 0;
542     }
543     return 1;
544 }
545
546 /* retrieves the serialNumber of the given cert template or NULL on error */
547 ASN1_INTEGER
548 *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl)
549 {
550     return tmpl != NULL ? tmpl->serialNumber : NULL;
551 }
552
553 /* retrieves the issuer name of the given cert template or NULL on error */
554 const X509_NAME
555     *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl)
556 {
557     return tmpl != NULL ? tmpl->issuer : NULL;
558 }
559
560 /* retrieves the issuer name of the given CertId or NULL on error */
561 const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid)
562 {
563     return cid != NULL && cid->issuer->type == GEN_DIRNAME ?
564         cid->issuer->d.directoryName : NULL;
565 }
566
567 /* retrieves the serialNumber of the given CertId or NULL on error */
568 ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid)
569 {
570     return cid != NULL ? cid->serialNumber : NULL;
571 }
572
573 /*-
574  * fill in certificate template.
575  * Any value argument that is NULL will leave the respective field unchanged.
576  */
577 int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl,
578                                 EVP_PKEY *pubkey,
579                                 const X509_NAME *subject,
580                                 const X509_NAME *issuer,
581                                 const ASN1_INTEGER *serial)
582 {
583     if (tmpl == NULL) {
584         CRMFerr(CRMF_F_OSSL_CRMF_CERTTEMPLATE_FILL, CRMF_R_NULL_ARGUMENT);
585         return 0;
586     }
587     if (subject != NULL && !X509_NAME_set((X509_NAME **)&tmpl->subject, subject))
588         return 0;
589     if (issuer != NULL && !X509_NAME_set((X509_NAME **)&tmpl->issuer, issuer))
590         return 0;
591     if (serial != NULL) {
592         ASN1_INTEGER_free(tmpl->serialNumber);
593         if ((tmpl->serialNumber = ASN1_INTEGER_dup(serial)) == NULL)
594             return 0;
595     }
596     if (pubkey != NULL && !X509_PUBKEY_set(&tmpl->publicKey, pubkey))
597         return 0;
598     return 1;
599 }
600
601
602 /*-
603  * Decrypts the certificate in the given encryptedValue using private key pkey.
604  * This is needed for the indirect PoP method as in RFC 4210 section 5.2.8.2.
605  *
606  * returns a pointer to the decrypted certificate
607  * returns NULL on error or if no certificate available
608  */
609 X509 *OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(const OSSL_CRMF_ENCRYPTEDVALUE *ecert,
610                                             EVP_PKEY *pkey)
611 {
612     X509 *cert = NULL; /* decrypted certificate */
613     EVP_CIPHER_CTX *evp_ctx = NULL; /* context for symmetric encryption */
614     unsigned char *ek = NULL; /* decrypted symmetric encryption key */
615     size_t eksize = 0; /* size of decrypted symmetric encryption key */
616     const EVP_CIPHER *cipher = NULL; /* used cipher */
617     int cikeysize = 0; /* key size from cipher */
618     unsigned char *iv = NULL; /* initial vector for symmetric encryption */
619     unsigned char *outbuf = NULL; /* decryption output buffer */
620     const unsigned char *p = NULL; /* needed for decoding ASN1 */
621     int symmAlg = 0; /* NIDs for symmetric algorithm */
622     int n, outlen = 0;
623     EVP_PKEY_CTX *pkctx = NULL; /* private key context */
624
625     if (ecert == NULL || ecert->symmAlg == NULL || ecert->encSymmKey == NULL
626             || ecert->encValue == NULL || pkey == NULL) {
627         CRMFerr(CRMF_F_OSSL_CRMF_ENCRYPTEDVALUE_GET1_ENCCERT,
628                 CRMF_R_NULL_ARGUMENT);
629         return NULL;
630     }
631     if ((symmAlg = OBJ_obj2nid(ecert->symmAlg->algorithm)) == 0) {
632         CRMFerr(CRMF_F_OSSL_CRMF_ENCRYPTEDVALUE_GET1_ENCCERT,
633                 CRMF_R_UNSUPPORTED_CIPHER);
634         return NULL;
635     }
636     /* select symmetric cipher based on algorithm given in message */
637     if ((cipher = EVP_get_cipherbynid(symmAlg)) == NULL) {
638         CRMFerr(CRMF_F_OSSL_CRMF_ENCRYPTEDVALUE_GET1_ENCCERT,
639                 CRMF_R_UNSUPPORTED_CIPHER);
640         goto end;
641     }
642     cikeysize = EVP_CIPHER_key_length(cipher);
643     /* first the symmetric key needs to be decrypted */
644     pkctx = EVP_PKEY_CTX_new(pkey, NULL);
645     if (pkctx != NULL && EVP_PKEY_decrypt_init(pkctx)) {
646         ASN1_BIT_STRING *encKey = ecert->encSymmKey;
647         size_t failure;
648         int retval;
649
650         if (EVP_PKEY_decrypt(pkctx, NULL, &eksize,
651                              encKey->data, encKey->length) <= 0
652                 || (ek = OPENSSL_malloc(eksize)) == NULL)
653             goto end;
654         retval = EVP_PKEY_decrypt(pkctx, ek, &eksize,
655                                   encKey->data, encKey->length);
656         ERR_clear_error(); /* error state may have sensitive information */
657         failure = ~constant_time_is_zero_s(constant_time_msb(retval)
658                                            | constant_time_is_zero(retval));
659         failure |= ~constant_time_eq_s(eksize, (size_t)cikeysize);
660         if (failure) {
661             CRMFerr(CRMF_F_OSSL_CRMF_ENCRYPTEDVALUE_GET1_ENCCERT,
662                     CRMF_R_ERROR_DECRYPTING_SYMMETRIC_KEY);
663             goto end;
664         }
665     } else {
666         goto end;
667     }
668     if ((iv = OPENSSL_malloc(EVP_CIPHER_iv_length(cipher))) == NULL)
669         goto end;
670     if (ASN1_TYPE_get_octetstring(ecert->symmAlg->parameter, iv,
671                                   EVP_CIPHER_iv_length(cipher))
672         != EVP_CIPHER_iv_length(cipher)) {
673         CRMFerr(CRMF_F_OSSL_CRMF_ENCRYPTEDVALUE_GET1_ENCCERT,
674                 CRMF_R_MALFORMED_IV);
675         goto end;
676     }
677
678     /*
679      * d2i_X509 changes the given pointer, so use p for decoding the message and
680      * keep the original pointer in outbuf so the memory can be freed later
681      */
682     if ((p = outbuf = OPENSSL_malloc(ecert->encValue->length +
683                                      EVP_CIPHER_block_size(cipher))) == NULL
684             || (evp_ctx = EVP_CIPHER_CTX_new()) == NULL)
685         goto end;
686     EVP_CIPHER_CTX_set_padding(evp_ctx, 0);
687
688     if (!EVP_DecryptInit(evp_ctx, cipher, ek, iv)
689             || !EVP_DecryptUpdate(evp_ctx, outbuf, &outlen,
690                                   ecert->encValue->data,
691                                   ecert->encValue->length)
692             || !EVP_DecryptFinal(evp_ctx, outbuf + outlen, &n)) {
693         CRMFerr(CRMF_F_OSSL_CRMF_ENCRYPTEDVALUE_GET1_ENCCERT,
694                 CRMF_R_ERROR_DECRYPTING_CERTIFICATE);
695         goto end;
696     }
697     outlen += n;
698
699     /* convert decrypted certificate from DER to internal ASN.1 structure */
700     if ((cert = d2i_X509(NULL, &p, outlen)) == NULL) {
701         CRMFerr(CRMF_F_OSSL_CRMF_ENCRYPTEDVALUE_GET1_ENCCERT,
702                 CRMF_R_ERROR_DECODING_CERTIFICATE);
703     }
704  end:
705     EVP_PKEY_CTX_free(pkctx);
706     OPENSSL_free(outbuf);
707     EVP_CIPHER_CTX_free(evp_ctx);
708     OPENSSL_clear_free(ek, eksize);
709     OPENSSL_free(iv);
710     return cert;
711 }