Implement X509_get_signature_info()

This is a slightly strange combination of OBJ_find_sigid_algs() and the security level API necessary because OBJ_find_sigid_algs() on its own isn't smart enough for the special needs of RSA-PSS and EdDSA. The API extracts the hash's NID and the pubkey's NID from the certificate's signatureAlgorithm and invokes special handlers for RSA-PSS and EdDSA for retrieving the corresponding information. This isn't entirely free for RSA-PSS, but for now we don't cache this information. The security bits calculation is a bit hand-wavy, but that's something that comes along with this sort of numerology. ok jsing
author: tb <> 2024-08-28 07:15:04 +0000
committer: tb <> 2024-08-28 07:15:04 +0000
commit: 075c048b99cefdce1245c13c4aa449b28ce8366c (patch)
tree: bb2a05a5261bd27ee87b1f4c8d85ebba6042d17d /src/lib/libcrypto/x509/x509_siginfo.c
parent: a03c40153c8f8e484e8b98ea5a52b87116f9bf5a (diff)
download: openbsd-075c048b99cefdce1245c13c4aa449b28ce8366c.tar.gz
openbsd-075c048b99cefdce1245c13c4aa449b28ce8366c.tar.bz2
openbsd-075c048b99cefdce1245c13c4aa449b28ce8366c.zip
1 files changed, 113 insertions, 0 deletions
diff --git a/src/lib/libcrypto/x509/x509_siginfo.c b/src/lib/libcrypto/x509/x509_siginfo.c
new file mode 100644
index 0000000000..9bbb133216
--- /dev/null
+++ b/src/lib/libcrypto/x509/x509_siginfo.c
@@ -0,0 +1,113 @@
+/*      $OpenBSD: x509_siginfo.c,v 1.1 2024/08/28 07:15:04 tb Exp $ */
+/*
+ * Copyright (c) 2024 Theo Buehler <tb@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include "evp_local.h"
+#include "x509_internal.h"
+static int
+x509_find_sigid_algs(const X509 *x509, int *out_md_nid, int *out_pkey_nid)
+{
+        const ASN1_OBJECT *aobj;
+        int nid;
+        *out_md_nid = NID_undef;
+        *out_pkey_nid = NID_undef;
+        X509_ALGOR_get0(&aobj, NULL, NULL, x509->sig_alg);
+        if ((nid = OBJ_obj2nid(aobj)) == NID_undef)
+                return 0;
+        return OBJ_find_sigid_algs(nid, out_md_nid, out_pkey_nid);
+}
+int
+X509_get_signature_info(X509 *x509, int *out_md_nid, int *out_pkey_nid,
+    int *out_security_bits, uint32_t *out_flags)
+{
+        const EVP_MD *md;
+        int md_nid = NID_undef, pkey_nid = NID_undef, security_bits = -1;
+        uint32_t flags = 0;
+        if (out_md_nid != NULL)
+                *out_md_nid = md_nid;
+        if (out_pkey_nid != NULL)
+                *out_pkey_nid = pkey_nid;
+        if (out_security_bits != NULL)
+                *out_security_bits = security_bits;
+        if (out_flags != NULL)
+                *out_flags = flags;
+        if (!x509v3_cache_extensions(x509))
+                goto err;
+        if (!x509_find_sigid_algs(x509, &md_nid, &pkey_nid))
+                goto err;
+        /*
+         * If md_nid == NID_undef, this means we need to consult the ameth.
+         * Handlers are available for EdDSA and RSA-PSS. No other signature
+         * algorithm with NID_undef should appear in a certificate.
+         */
+        if (md_nid == NID_undef) {
+                const EVP_PKEY_ASN1_METHOD *ameth;
+                if ((ameth = EVP_PKEY_asn1_find(NULL, pkey_nid)) == NULL ||
+                    ameth->signature_info == NULL)
+                        goto err;
+                if (!ameth->signature_info(x509->sig_alg, &md_nid, &pkey_nid,
+                    &security_bits, &flags))
+                        goto err;
+                goto done;
+        }
+        /* XXX - OpenSSL 3 special cases SHA-1 (63 bits) and MD5 (39 bits). */
+        if ((md = EVP_get_digestbynid(md_nid)) == NULL)
+                goto err;
+        /* Assume 4 bits of collision resistance per octet. */
+        if ((security_bits = EVP_MD_size(md)) <= 0)
+                goto err;
+        security_bits *= 4;
+        if (md_nid == NID_sha1 || md_nid == NID_sha256 ||
+            md_nid == NID_sha384 || md_nid == NID_sha512)
+                flags |= X509_SIG_INFO_TLS;
+        flags |= X509_SIG_INFO_VALID;
+ done:
+        if (out_md_nid != NULL)
+                *out_md_nid = md_nid;
+        if (out_pkey_nid != NULL)
+                *out_pkey_nid = pkey_nid;
+        if (out_security_bits != NULL)
+                *out_security_bits = security_bits;
+        if (out_flags != NULL)
+                *out_flags = flags;
+ err:
+        return (flags & X509_SIG_INFO_VALID) != 0;
+}
+LCRYPTO_ALIAS(X509_get_signature_info);
author	tb <>	2024-08-28 07:15:04 +0000
committer	tb <>	2024-08-28 07:15:04 +0000
commit	075c048b99cefdce1245c13c4aa449b28ce8366c (patch)
tree	bb2a05a5261bd27ee87b1f4c8d85ebba6042d17d /src/lib/libcrypto/x509/x509_siginfo.c
parent	a03c40153c8f8e484e8b98ea5a52b87116f9bf5a (diff)
download	openbsd-075c048b99cefdce1245c13c4aa449b28ce8366c.tar.gz openbsd-075c048b99cefdce1245c13c4aa449b28ce8366c.tar.bz2 openbsd-075c048b99cefdce1245c13c4aa449b28ce8366c.zip

diff --git a/src/lib/libcrypto/x509/x509_siginfo.c b/src/lib/libcrypto/x509/x509_siginfo.c new file mode 100644 index 0000000000..9bbb133216 --- /dev/null +++ b/src/lib/libcrypto/x509/x509_siginfo.c
@@ -0,0 +1,113 @@
	1	/* $OpenBSD: x509_siginfo.c,v 1.1 2024/08/28 07:15:04 tb Exp $ */
	2
	3	/*
	4	* Copyright (c) 2024 Theo Buehler <tb@openbsd.org>
	5	*
	6	* Permission to use, copy, modify, and distribute this software for any
	7	* purpose with or without fee is hereby granted, provided that the above
	8	* copyright notice and this permission notice appear in all copies.
	9	*
	10	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	11	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	12	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	13	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	14	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	15	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	16	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	17	*/
	18
	19	#include <openssl/evp.h>
	20	#include <openssl/objects.h>
	21	#include <openssl/x509.h>
	22
	23	#include "evp_local.h"
	24
	25	#include "x509_internal.h"
	26
	27	static int
	28	x509_find_sigid_algs(const X509 x509, int out_md_nid, int *out_pkey_nid)
	29	{
	30	const ASN1_OBJECT *aobj;
	31	int nid;
	32
	33	*out_md_nid = NID_undef;
	34	*out_pkey_nid = NID_undef;
	35
	36	X509_ALGOR_get0(&aobj, NULL, NULL, x509->sig_alg);
	37	if ((nid = OBJ_obj2nid(aobj)) == NID_undef)
	38	return 0;
	39
	40	return OBJ_find_sigid_algs(nid, out_md_nid, out_pkey_nid);
	41	}
	42
	43	int
	44	X509_get_signature_info(X509 x509, int out_md_nid, int *out_pkey_nid,
	45	int out_security_bits, uint32_t out_flags)
	46	{
	47	const EVP_MD *md;
	48	int md_nid = NID_undef, pkey_nid = NID_undef, security_bits = -1;
	49	uint32_t flags = 0;
	50
	51	if (out_md_nid != NULL)
	52	*out_md_nid = md_nid;
	53	if (out_pkey_nid != NULL)
	54	*out_pkey_nid = pkey_nid;
	55	if (out_security_bits != NULL)
	56	*out_security_bits = security_bits;
	57	if (out_flags != NULL)
	58	*out_flags = flags;
	59
	60	if (!x509v3_cache_extensions(x509))
	61	goto err;
	62
	63	if (!x509_find_sigid_algs(x509, &md_nid, &pkey_nid))
	64	goto err;
	65
	66	/*
	67	* If md_nid == NID_undef, this means we need to consult the ameth.
	68	* Handlers are available for EdDSA and RSA-PSS. No other signature
	69	* algorithm with NID_undef should appear in a certificate.
	70	*/
	71	if (md_nid == NID_undef) {
	72	const EVP_PKEY_ASN1_METHOD *ameth;
	73
	74	if ((ameth = EVP_PKEY_asn1_find(NULL, pkey_nid)) == NULL \|\|
	75	ameth->signature_info == NULL)
	76	goto err;
	77
	78	if (!ameth->signature_info(x509->sig_alg, &md_nid, &pkey_nid,
	79	&security_bits, &flags))
	80	goto err;
	81
	82	goto done;
	83	}
	84
	85	/* XXX - OpenSSL 3 special cases SHA-1 (63 bits) and MD5 (39 bits). */
	86	if ((md = EVP_get_digestbynid(md_nid)) == NULL)
	87	goto err;
	88
	89	/* Assume 4 bits of collision resistance per octet. */
	90	if ((security_bits = EVP_MD_size(md)) <= 0)
	91	goto err;
	92	security_bits *= 4;
	93
	94	if (md_nid == NID_sha1 \|\| md_nid == NID_sha256 \|\|
	95	md_nid == NID_sha384 \|\| md_nid == NID_sha512)
	96	flags \|= X509_SIG_INFO_TLS;
	97
	98	flags \|= X509_SIG_INFO_VALID;
	99
	100	done:
	101	if (out_md_nid != NULL)
	102	*out_md_nid = md_nid;
	103	if (out_pkey_nid != NULL)
	104	*out_pkey_nid = pkey_nid;
	105	if (out_security_bits != NULL)
	106	*out_security_bits = security_bits;
	107	if (out_flags != NULL)
	108	*out_flags = flags;
	109
	110	err:
	111	return (flags & X509_SIG_INFO_VALID) != 0;
	112	}
	113	LCRYPTO_ALIAS(X509_get_signature_info);