/* Set KDF parameters based on KDF NID */ static int ecdh_cms_set_kdf_param(EVP_PKEY_CTX *pctx, int eckdf_nid) { int kdf_nid, kdfmd_nid, cofactor; const EVP_MD *kdf_md; if (eckdf_nid == NID_undef) return 0; /* Lookup KDF type, cofactor mode and digest */ if (!OBJ_find_sigid_algs(eckdf_nid, &kdfmd_nid, &kdf_nid)) return 0; if (kdf_nid == NID_dh_std_kdf) cofactor = 0; else if (kdf_nid == NID_dh_cofactor_kdf) cofactor = 1; else return 0; if (EVP_PKEY_CTX_set_ecdh_cofactor_mode(pctx, cofactor) <= 0) return 0; if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_62) <= 0) return 0; kdf_md = EVP_get_digestbynid(kdfmd_nid); if (!kdf_md) return 0; if (EVP_PKEY_CTX_set_ecdh_kdf_md(pctx, kdf_md) <= 0) return 0; return 1; }
main() { int n1, n2, n3; int i, rv; #ifdef OBJ_XREF_TEST2 for (i = 0; i < sizeof(sigoid_srt) / sizeof(nid_triple); i++) { OBJ_add_sigid(sigoid_srt[i][0], sigoid_srt[i][1], sigoid_srt[i][2]); } #endif for (i = 0; i < sizeof(sigoid_srt) / sizeof(nid_triple); i++) { n1 = sigoid_srt[i][0]; rv = OBJ_find_sigid_algs(n1, &n2, &n3); TINYCLR_SSL_PRINTF("Forward: %d, %s %s %s\n", rv, OBJ_nid2ln(n1), OBJ_nid2ln(n2), OBJ_nid2ln(n3)); n1=0; rv = OBJ_find_sigid_by_algs(&n1, n2, n3); TINYCLR_SSL_PRINTF("Reverse: %d, %s %s %s\n", rv, OBJ_nid2ln(n1), OBJ_nid2ln(n2), OBJ_nid2ln(n3)); } }
int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig) { int sig_nid; if (BIO_puts(bp, " Signature Algorithm: ") <= 0) return 0; if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) return 0; sig_nid = OBJ_obj2nid(sigalg->algorithm); if (sig_nid != NID_undef) { int pkey_nid, dig_nid; const EVP_PKEY_ASN1_METHOD *ameth; if (OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid)) { ameth = EVP_PKEY_asn1_find(NULL, pkey_nid); if (ameth && ameth->sig_print) return ameth->sig_print(bp, sigalg, sig, 9, 0); } } if (sig) return X509_signature_dump(bp, sig, 9); else if (BIO_puts(bp, "\n") <= 0) return 0; return 1; }
char * be_tls_get_certificate_hash(Port *port, size_t *len) { #ifdef HAVE_X509_GET_SIGNATURE_NID X509 *server_cert; char *cert_hash; const EVP_MD *algo_type = NULL; unsigned char hash[EVP_MAX_MD_SIZE]; /* size for SHA-512 */ unsigned int hash_size; int algo_nid; *len = 0; server_cert = SSL_get_certificate(port->ssl); if (server_cert == NULL) return NULL; /* * Get the signature algorithm of the certificate to determine the hash * algorithm to use for the result. */ if (!OBJ_find_sigid_algs(X509_get_signature_nid(server_cert), &algo_nid, NULL)) elog(ERROR, "could not determine server certificate signature algorithm"); /* * The TLS server's certificate bytes need to be hashed with SHA-256 if * its signature algorithm is MD5 or SHA-1 as per RFC 5929 * (https://tools.ietf.org/html/rfc5929#section-4.1). If something else * is used, the same hash as the signature algorithm is used. */ switch (algo_nid) { case NID_md5: case NID_sha1: algo_type = EVP_sha256(); break; default: algo_type = EVP_get_digestbynid(algo_nid); if (algo_type == NULL) elog(ERROR, "could not find digest for NID %s", OBJ_nid2sn(algo_nid)); break; } /* generate and save the certificate hash */ if (!X509_digest(server_cert, algo_type, hash, &hash_size)) elog(ERROR, "could not generate server certificate hash"); cert_hash = palloc(hash_size); memcpy(cert_hash, hash, hash_size); *len = hash_size; return cert_hash; #else ereport(ERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("channel binding type \"tls-server-end-point\" is not supported by this build"))); return NULL; #endif }
static int rsa_cms_verify(CMS_SignerInfo *si) { int nid, nid2; X509_ALGOR *alg; EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si); CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg); nid = OBJ_obj2nid(alg->algorithm); if (nid == NID_rsaEncryption) return 1; if (nid == NID_rsassaPss) return rsa_pss_to_ctx(NULL, pkctx, alg, NULL); /* Workaround for some implementation that use a signature OID */ if (OBJ_find_sigid_algs(nid, NULL, &nid2)) { if (nid2 == NID_rsaEncryption) return 1; } return 0; }
int x509_digest_verify_init(EVP_MD_CTX *ctx, X509_ALGOR *sigalg, EVP_PKEY *pkey) { /* Convert the signature OID into digest and public key OIDs. */ int sigalg_nid = OBJ_obj2nid(sigalg->algorithm); int digest_nid, pkey_nid; if (!OBJ_find_sigid_algs(sigalg_nid, &digest_nid, &pkey_nid)) { OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); return 0; } /* Check the public key OID matches the public key type. */ if (pkey_nid != EVP_PKEY_id(pkey)) { OPENSSL_PUT_ERROR(ASN1, ASN1_R_WRONG_PUBLIC_KEY_TYPE); return 0; } /* NID_undef signals that there are custom parameters to set. */ if (digest_nid == NID_undef) { if (sigalg_nid == NID_rsassaPss) { return x509_rsa_pss_to_ctx(ctx, sigalg, pkey); } if (sigalg_nid == NID_ED25519) { if (sigalg->parameter != NULL) { OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PARAMETER); return 0; } return EVP_DigestVerifyInit(ctx, NULL, NULL, NULL, pkey); } OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); return 0; } /* Otherwise, initialize with the digest from the OID. */ const EVP_MD *digest = EVP_get_digestbynid(digest_nid); if (digest == NULL) { OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); return 0; } return EVP_DigestVerifyInit(ctx, NULL, digest, NULL, pkey); }
static void x509_sig_info_init(X509_SIG_INFO *siginf, const X509_ALGOR *alg, const ASN1_STRING *sig) { int pknid, mdnid; const EVP_MD *md; siginf->mdnid = NID_undef; siginf->pknid = NID_undef; siginf->secbits = -1; siginf->flags = 0; if (!OBJ_find_sigid_algs(OBJ_obj2nid(alg->algorithm), &mdnid, &pknid) || pknid == NID_undef) return; siginf->pknid = pknid; if (mdnid == NID_undef) { /* If we have one, use a custom handler for this algorithm */ const EVP_PKEY_ASN1_METHOD *ameth = EVP_PKEY_asn1_find(NULL, pknid); if (ameth == NULL || ameth->siginf_set == NULL || ameth->siginf_set(siginf, alg, sig) == 0) return; siginf->flags |= X509_SIG_INFO_VALID; return; } siginf->flags |= X509_SIG_INFO_VALID; siginf->mdnid = mdnid; md = EVP_get_digestbynid(mdnid); if (md == NULL) return; /* Security bits: half number of bits in digest */ siginf->secbits = EVP_MD_size(md) * 4; switch (mdnid) { case NID_sha1: case NID_sha256: case NID_sha384: case NID_sha512: siginf->flags |= X509_SIG_INFO_TLS; } }
static int rsa_cms_verify(CMS_SignerInfo *si) { int nid, nid2; X509_ALGOR *alg; EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si); CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg); nid = OBJ_obj2nid(alg->algorithm); if (nid == EVP_PKEY_RSA_PSS) return rsa_pss_to_ctx(NULL, pkctx, alg, NULL); /* Only PSS allowed for PSS keys */ if (pkey_ctx_is_pss(pkctx)) { RSAerr(RSA_F_RSA_CMS_VERIFY, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); return 0; } if (nid == NID_rsaEncryption) return 1; /* Workaround for some implementation that use a signature OID */ if (OBJ_find_sigid_algs(nid, NULL, &nid2)) { if (nid2 == NID_rsaEncryption) return 1; } return 0; }
int X509_certificate_type(X509 *x, EVP_PKEY *pkey) { EVP_PKEY *pk; int ret = 0, i; if (x == NULL) return (0); if (pkey == NULL) pk = X509_get_pubkey(x); else pk = pkey; if (pk == NULL) return (0); switch (pk->type) { case EVP_PKEY_RSA: ret = EVP_PK_RSA|EVP_PKT_SIGN; /* if (!sign only extension) */ ret |= EVP_PKT_ENC; break; case EVP_PKEY_DSA: ret = EVP_PK_DSA|EVP_PKT_SIGN; break; case EVP_PKEY_EC: ret = EVP_PK_EC|EVP_PKT_SIGN|EVP_PKT_EXCH; break; case EVP_PKEY_DH: ret = EVP_PK_DH|EVP_PKT_EXCH; break; case NID_id_GostR3410_94: case NID_id_GostR3410_2001: ret = EVP_PKT_EXCH|EVP_PKT_SIGN; break; default: break; } i = OBJ_obj2nid(x->sig_alg->algorithm); if (i && OBJ_find_sigid_algs(i, NULL, &i)) { switch (i) { case NID_rsaEncryption: case NID_rsa: ret |= EVP_PKS_RSA; break; case NID_dsa: case NID_dsa_2: ret |= EVP_PKS_DSA; break; case NID_X9_62_id_ecPublicKey: ret |= EVP_PKS_EC; break; default: break; } } if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look for, not bytes */ ret |= EVP_PKT_EXP; if (pkey == NULL) EVP_PKEY_free(pk); return (ret); }
int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) { EVP_MD_CTX ctx; unsigned char *buf_in=NULL; int ret= -1,inl; int mdnid, pknid; if (!pkey) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER); return -1; } EVP_MD_CTX_init(&ctx); /* Convert signature OID into digest and public key OIDs */ if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); goto err; } if (mdnid == NID_undef) { if (!pkey->ameth || !pkey->ameth->item_verify) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); goto err; } ret = pkey->ameth->item_verify(&ctx, it, asn, a, signature, pkey); /* Return value of 2 means carry on, anything else means we * exit straight away: either a fatal error of the underlying * verification routine handles all verification. */ if (ret != 2) goto err; ret = -1; } else { const EVP_MD *type; type=EVP_get_digestbynid(mdnid); if (type == NULL) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); goto err; } /* Check public key OID matches public key type */ if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_WRONG_PUBLIC_KEY_TYPE); goto err; } if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); ret=0; goto err; } } inl = ASN1_item_i2d(asn, &buf_in, it); if (buf_in == NULL) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_MALLOC_FAILURE); goto err; } if (!EVP_DigestVerifyUpdate(&ctx,buf_in,inl)) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); ret=0; goto err; } OPENSSL_cleanse(buf_in,(unsigned int)inl); OPENSSL_free(buf_in); if (EVP_DigestVerifyFinal(&ctx,signature->data, (size_t)signature->length) <= 0) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); ret=0; goto err; } /* we don't need to zero the 'ctx' because we just checked * public information */ /* memset(&ctx,0,sizeof(ctx)); */ ret=1; err: EVP_MD_CTX_cleanup(&ctx); return(ret); }
int X509_certificate_type(const X509 *x, const EVP_PKEY *pkey) { const EVP_PKEY *pk; int ret = 0, i; if (x == NULL) return 0; if (pkey == NULL) pk = X509_get0_pubkey(x); else pk = pkey; if (pk == NULL) return 0; switch (EVP_PKEY_id(pk)) { case EVP_PKEY_RSA: ret = EVP_PK_RSA | EVP_PKT_SIGN; /* if (!sign only extension) */ ret |= EVP_PKT_ENC; break; case EVP_PKEY_DSA: ret = EVP_PK_DSA | EVP_PKT_SIGN; break; case EVP_PKEY_EC: ret = EVP_PK_EC | EVP_PKT_SIGN | EVP_PKT_EXCH; break; case EVP_PKEY_ED25519: ret = EVP_PKT_SIGN; break; case EVP_PKEY_DH: ret = EVP_PK_DH | EVP_PKT_EXCH; break; case NID_id_GostR3410_2001: case NID_id_GostR3410_2012_256: case NID_id_GostR3410_2012_512: ret = EVP_PKT_EXCH | EVP_PKT_SIGN; break; default: break; } i = X509_get_signature_nid(x); if (i && OBJ_find_sigid_algs(i, NULL, &i)) { switch (i) { case NID_rsaEncryption: case NID_rsa: ret |= EVP_PKS_RSA; break; case NID_dsa: case NID_dsa_2: ret |= EVP_PKS_DSA; break; case NID_X9_62_id_ecPublicKey: ret |= EVP_PKS_EC; break; default: break; } } return ret; }
int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) { EVP_MD_CTX ctx; const EVP_MD *type = NULL; unsigned char *buf_in=NULL; int ret= -1,inl; int mdnid, pknid; if (!pkey) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER); return -1; } if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); return -1; } EVP_MD_CTX_init(&ctx); /* Convert signature OID into digest and public key OIDs */ if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); goto err; } type=EVP_get_digestbynid(mdnid); if (type == NULL) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); goto err; } /* Check public key OID matches public key type */ if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_WRONG_PUBLIC_KEY_TYPE); goto err; } if (!EVP_VerifyInit_ex(&ctx,type, NULL)) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); ret=0; goto err; } inl = ASN1_item_i2d(asn, &buf_in, it); if (buf_in == NULL) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_MALLOC_FAILURE); goto err; } EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); OPENSSL_cleanse(buf_in,(unsigned int)inl); OPENSSL_free(buf_in); if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, (unsigned int)signature->length,pkey) <= 0) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); ret=0; goto err; } /* we don't need to zero the 'ctx' because we just checked * public information */ /* memset(&ctx,0,sizeof(ctx)); */ ret=1; err: EVP_MD_CTX_cleanup(&ctx); return(ret); }
int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) { EVP_MD_CTX *ctx = NULL; unsigned char *buf_in = NULL; int ret = -1, inl = 0; int mdnid, pknid; if (!pkey) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER); return -1; } if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); return -1; } ctx = EVP_MD_CTX_new(); if (ctx == NULL) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE); goto err; } /* Convert signature OID into digest and public key OIDs */ if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); goto err; } if (mdnid == NID_undef) { if (!pkey->ameth || !pkey->ameth->item_verify) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); goto err; } ret = pkey->ameth->item_verify(ctx, it, asn, a, signature, pkey); /* * Return value of 2 means carry on, anything else means we exit * straight away: either a fatal error of the underlying verification * routine handles all verification. */ if (ret != 2) goto err; ret = -1; } else { const EVP_MD *type; type = EVP_get_digestbynid(mdnid); if (type == NULL) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); goto err; } /* Check public key OID matches public key type */ if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_WRONG_PUBLIC_KEY_TYPE); goto err; } if (!EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey)) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); ret = 0; goto err; } } inl = ASN1_item_i2d(asn, &buf_in, it); if (buf_in == NULL) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE); goto err; } ret = EVP_DigestVerify(ctx, signature->data, (size_t)signature->length, buf_in, inl); if (ret <= 0) { ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); goto err; } ret = 1; err: OPENSSL_clear_free(buf_in, (unsigned int)inl); EVP_MD_CTX_free(ctx); return ret; }